TOMOYO: Use array of "struct list_head".

Assign list id and make the lists as array of "struct list_head". Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
git-mirror · Aug 2, 2010 · a230f9e · a230f9e
1 parent a98aa4d
commit a230f9e
Show file tree

Hide file tree

Showing 8 changed files with 98 additions and 383 deletions.
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
@@ -434,38 +434,6 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
 		head->read_eof = true;
 }
 
-/*
- * tomoyo_policy_manager_list is used for holding list of domainnames or
- * programs which are permitted to modify configuration via
- * /sys/kernel/security/tomoyo/ interface.
- *
- * An entry is added by
- *
- * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \
- *                                        /sys/kernel/security/tomoyo/manager
- *  (if you want to specify by a domainname)
- *
- *  or
- *
- * # echo '/usr/sbin/tomoyo-editpolicy' > /sys/kernel/security/tomoyo/manager
- *  (if you want to specify by a program's location)
- *
- * and is deleted by
- *
- * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \
- *                                        /sys/kernel/security/tomoyo/manager
- *
- *  or
- *
- * # echo 'delete /usr/sbin/tomoyo-editpolicy' > \
- *                                        /sys/kernel/security/tomoyo/manager
- *
- * and all entries are retrieved by
- *
- * # cat /sys/kernel/security/tomoyo/manager
- */
-LIST_HEAD(tomoyo_policy_manager_list);
-
 static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a,
 				      const struct tomoyo_acl_head *b)
 {
@@ -503,7 +471,7 @@ static int tomoyo_update_manager_entry(const char *manager,
 	if (!e.manager)
 		return -ENOMEM;
 	error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
-				     &tomoyo_policy_manager_list,
+				     &tomoyo_policy_list[TOMOYO_ID_MANAGER],
 				     tomoyo_same_manager_entry);
 	tomoyo_put_name(e.manager);
 	return error;
@@ -545,7 +513,7 @@ static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
 	if (head->read_eof)
 		return;
 	list_for_each_cookie(pos, head->read_var2,
-			     &tomoyo_policy_manager_list) {
+			     &tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
 		struct tomoyo_policy_manager_entry *ptr;
 		ptr = list_entry(pos, struct tomoyo_policy_manager_entry,
 				 head.list);
@@ -578,7 +546,8 @@ static bool tomoyo_policy_manager(void)
 		return true;
 	if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
 		return false;
-	list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) {
+	list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
+				head.list) {
 		if (!ptr->head.is_deleted && ptr->is_domain
 		    && !tomoyo_pathcmp(domainname, ptr->manager)) {
 			found = true;
@@ -590,7 +559,8 @@ static bool tomoyo_policy_manager(void)
 	exe = tomoyo_get_exe();
 	if (!exe)
 		return false;
-	list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) {
+	list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
+				head.list) {
 		if (!ptr->head.is_deleted && !ptr->is_domain
 		    && !strcmp(exe, ptr->manager->name)) {
 			found = true;

diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
@@ -46,6 +46,30 @@ enum tomoyo_mode_index {
 	TOMOYO_CONFIG_USE_DEFAULT = 255
 };
 
+enum tomoyo_policy_id {
+	TOMOYO_ID_GROUP,
+	TOMOYO_ID_PATH_GROUP,
+	TOMOYO_ID_NUMBER_GROUP,
+	TOMOYO_ID_DOMAIN_INITIALIZER,
+	TOMOYO_ID_DOMAIN_KEEPER,
+	TOMOYO_ID_AGGREGATOR,
+	TOMOYO_ID_ALIAS,
+	TOMOYO_ID_GLOBALLY_READABLE,
+	TOMOYO_ID_PATTERN,
+	TOMOYO_ID_NO_REWRITE,
+	TOMOYO_ID_MANAGER,
+	TOMOYO_ID_NAME,
+	TOMOYO_ID_ACL,
+	TOMOYO_ID_DOMAIN,
+	TOMOYO_MAX_POLICY
+};
+
+enum tomoyo_group_id {
+	TOMOYO_PATH_GROUP,
+	TOMOYO_NUMBER_GROUP,
+	TOMOYO_MAX_GROUP
+};
+
 /* Keywords for ACLs. */
 #define TOMOYO_KEYWORD_AGGREGATOR                "aggregator "
 #define TOMOYO_KEYWORD_ALIAS                     "alias "
@@ -570,7 +594,7 @@ struct tomoyo_globally_readable_file_entry {
 
 /*
  * tomoyo_pattern_entry is a structure which is used for holding
- * "tomoyo_pattern_list" entries.
+ * "file_pattern" entries.
  * It has following fields.
  *
  *  (1) "head" is "struct tomoyo_acl_head".
@@ -950,16 +974,8 @@ extern struct srcu_struct tomoyo_ss;
 /* The list for "struct tomoyo_domain_info". */
 extern struct list_head tomoyo_domain_list;
 
-extern struct list_head tomoyo_path_group_list;
-extern struct list_head tomoyo_number_group_list;
-extern struct list_head tomoyo_domain_initializer_list;
-extern struct list_head tomoyo_domain_keeper_list;
-extern struct list_head tomoyo_aggregator_list;
-extern struct list_head tomoyo_alias_list;
-extern struct list_head tomoyo_globally_readable_list;
-extern struct list_head tomoyo_pattern_list;
-extern struct list_head tomoyo_no_rewrite_list;
-extern struct list_head tomoyo_policy_manager_list;
+extern struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
+extern struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
 extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
 
 /* Lock for protecting policy. */