linux/security/tomoyo/domain.c
<<
>>
Prefs
   1/*
   2 * security/tomoyo/domain.c
   3 *
   4 * Copyright (C) 2005-2011  NTT DATA CORPORATION
   5 */
   6
   7#include "common.h"
   8#include <linux/binfmts.h>
   9#include <linux/slab.h>
  10
  11/* Variables definitions.*/
  12
  13/* The initial domain. */
  14struct tomoyo_domain_info tomoyo_kernel_domain;
  15
  16/**
  17 * tomoyo_update_policy - Update an entry for exception policy.
  18 *
  19 * @new_entry:       Pointer to "struct tomoyo_acl_info".
  20 * @size:            Size of @new_entry in bytes.
  21 * @param:           Pointer to "struct tomoyo_acl_param".
  22 * @check_duplicate: Callback function to find duplicated entry.
  23 *
  24 * Returns 0 on success, negative value otherwise.
  25 *
  26 * Caller holds tomoyo_read_lock().
  27 */
  28int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
  29                         struct tomoyo_acl_param *param,
  30                         bool (*check_duplicate) (const struct tomoyo_acl_head
  31                                                  *,
  32                                                  const struct tomoyo_acl_head
  33                                                  *))
  34{
  35        int error = param->is_delete ? -ENOENT : -ENOMEM;
  36        struct tomoyo_acl_head *entry;
  37        struct list_head *list = param->list;
  38
  39        if (mutex_lock_interruptible(&tomoyo_policy_lock))
  40                return -ENOMEM;
  41        list_for_each_entry_rcu(entry, list, list) {
  42                if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS)
  43                        continue;
  44                if (!check_duplicate(entry, new_entry))
  45                        continue;
  46                entry->is_deleted = param->is_delete;
  47                error = 0;
  48                break;
  49        }
  50        if (error && !param->is_delete) {
  51                entry = tomoyo_commit_ok(new_entry, size);
  52                if (entry) {
  53                        list_add_tail_rcu(&entry->list, list);
  54                        error = 0;
  55                }
  56        }
  57        mutex_unlock(&tomoyo_policy_lock);
  58        return error;
  59}
  60
  61/**
  62 * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
  63 *
  64 * @a: Pointer to "struct tomoyo_acl_info".
  65 * @b: Pointer to "struct tomoyo_acl_info".
  66 *
  67 * Returns true if @a == @b, false otherwise.
  68 */
  69static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,
  70                                        const struct tomoyo_acl_info *b)
  71{
  72        return a->type == b->type && a->cond == b->cond;
  73}
  74
  75/**
  76 * tomoyo_update_domain - Update an entry for domain policy.
  77 *
  78 * @new_entry:       Pointer to "struct tomoyo_acl_info".
  79 * @size:            Size of @new_entry in bytes.
  80 * @param:           Pointer to "struct tomoyo_acl_param".
  81 * @check_duplicate: Callback function to find duplicated entry.
  82 * @merge_duplicate: Callback function to merge duplicated entry.
  83 *
  84 * Returns 0 on success, negative value otherwise.
  85 *
  86 * Caller holds tomoyo_read_lock().
  87 */
  88int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
  89                         struct tomoyo_acl_param *param,
  90                         bool (*check_duplicate) (const struct tomoyo_acl_info
  91                                                  *,
  92                                                  const struct tomoyo_acl_info
  93                                                  *),
  94                         bool (*merge_duplicate) (struct tomoyo_acl_info *,
  95                                                  struct tomoyo_acl_info *,
  96                                                  const bool))
  97{
  98        const bool is_delete = param->is_delete;
  99        int error = is_delete ? -ENOENT : -ENOMEM;
 100        struct tomoyo_acl_info *entry;
 101        struct list_head * const list = param->list;
 102
 103        if (param->data[0]) {
 104                new_entry->cond = tomoyo_get_condition(param);
 105                if (!new_entry->cond)
 106                        return -EINVAL;
 107                /*
 108                 * Domain transition preference is allowed for only
 109                 * "file execute" entries.
 110                 */
 111                if (new_entry->cond->transit &&
 112                    !(new_entry->type == TOMOYO_TYPE_PATH_ACL &&
 113                      container_of(new_entry, struct tomoyo_path_acl, head)
 114                      ->perm == 1 << TOMOYO_TYPE_EXECUTE))
 115                        goto out;
 116        }
 117        if (mutex_lock_interruptible(&tomoyo_policy_lock))
 118                goto out;
 119        list_for_each_entry_rcu(entry, list, list) {
 120                if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS)
 121                        continue;
 122                if (!tomoyo_same_acl_head(entry, new_entry) ||
 123                    !check_duplicate(entry, new_entry))
 124                        continue;
 125                if (merge_duplicate)
 126                        entry->is_deleted = merge_duplicate(entry, new_entry,
 127                                                            is_delete);
 128                else
 129                        entry->is_deleted = is_delete;
 130                error = 0;
 131                break;
 132        }
 133        if (error && !is_delete) {
 134                entry = tomoyo_commit_ok(new_entry, size);
 135                if (entry) {
 136                        list_add_tail_rcu(&entry->list, list);
 137                        error = 0;
 138                }
 139        }
 140        mutex_unlock(&tomoyo_policy_lock);
 141out:
 142        tomoyo_put_condition(new_entry->cond);
 143        return error;
 144}
 145
 146/**
 147 * tomoyo_check_acl - Do permission check.
 148 *
 149 * @r:           Pointer to "struct tomoyo_request_info".
 150 * @check_entry: Callback function to check type specific parameters.
 151 *
 152 * Returns 0 on success, negative value otherwise.
 153 *
 154 * Caller holds tomoyo_read_lock().
 155 */
 156void tomoyo_check_acl(struct tomoyo_request_info *r,
 157                      bool (*check_entry) (struct tomoyo_request_info *,
 158                                           const struct tomoyo_acl_info *))
 159{
 160        const struct tomoyo_domain_info *domain = r->domain;
 161        struct tomoyo_acl_info *ptr;
 162        bool retried = false;
 163        const struct list_head *list = &domain->acl_info_list;
 164
 165retry:
 166        list_for_each_entry_rcu(ptr, list, list) {
 167                if (ptr->is_deleted || ptr->type != r->param_type)
 168                        continue;
 169                if (!check_entry(r, ptr))
 170                        continue;
 171                if (!tomoyo_condition(r, ptr->cond))
 172                        continue;
 173                r->matched_acl = ptr;
 174                r->granted = true;
 175                return;
 176        }
 177        if (!retried) {
 178                retried = true;
 179                list = &domain->ns->acl_group[domain->group];
 180                goto retry;
 181        }
 182        r->granted = false;
 183}
 18/a>
  81 * The inst
  81faLIST_HEADa>(limoyo_remain_inst" a>);
  81> 1788/a> **
  818/a> * @rmoyo_ress=t_wor- ChGet ss=tontmpont">f @naomain pme="/span>
  919/a> * @span>
  919/a> * @chme=":omain tme="o check t/span>
  919/a> * Rspan>
  919/a> *  919/a> * C/span>
  91  atic limoyo_ress=t_wor-a>(ns)
  91    919/a>        ifnst stchargrcpa> = r(ns)
,span class="corucing">' 'span>
<
  91        co (grcpa> =  919/a>                grcpa> = + 1 102        stturn ns)
 102   102
 1020/a> **
 1020/a> * Catoyo_same_acansition ponditrol Check for duplicated "struct tomoyo_acansition ponditroluot; entry.
 1020/a> *
 1020/a> * Ca: Pointer to "struct tomoyo_acl_inad
 1020/a> * to: Pointer to "struct tomoyo_acl_inad
 102   /span>
 102   Returns true if @a == @b, false otherwise.
 112   C/span>
 112  atic bool limoyo_reme_acansition ponditrola>(tomoyo_acl_head *a,
 112                    !((((((((((((((((((((((((nst struct tomoyo_acl_head *b)
 112   112          nst struct limoyo_reansition ponditrola>(<lip1a> = container_of(a,
 112                        gooooooooooooooooooooooooooooooooooooooooooo href="+code=type" " class="sref">cope" " a>(lip1a> =
 1121/a>                                                  cooooooooooooooooo href="+code=tyad" class="sref">head)
< 1121/a>        ifnst struct limoyo_reansition ponditrola>(<lip2a> = container_of(b)
 112                go                                cooooooooooooooooo href="+code=type" " class="sref">cope" " a>(lip2a> =
 1121/a>                        head)
< 1222/a>        stturn lip1a> =gt;type == lip2a> =gt;type && lip1a> =gt;nsisess=t_we="a> == lip2a> =gt;nsisess=t_we="a> =a href="security/tomoyo/domain.c#L142" id="L112" class="line" name="L122"> 122                  mp;& lip1a> =gt;domain == lip2a> =gt;domain =a href="security/tomoyo/domain.c#L142" id="L112" class="line" name="L122"> 122                ifmp;& lip1a> =gt;parrogm" a> == lip2a> =gt;parrogm" a> = 1222/a>}
 1222>
 1222/a>/**
 1222/a> * tomoyo_upwty/acansition ponditrol ChWty/aquot;struct tomoyo_acansition ponditroluot; enst" /span>
 1222/a> *
 1222/a> * @neram:   inter to "struct tomoyo_acl_param".
 1222/a> * @r:pe
 1323/a> * @span>
 1323/a> * @cturns 0 on success, negative value otherwise.
 1323/a> * R/span>
 132  t limoyo_rewty/acansition ponditrola>(tomoyo_acl_param *param,
 132                pau8a> type & 132   132          ruct limoyo_reansition ponditrola>(<< href="+code=to class="sref">ty/a> = type == a href="+code=tome" class="sref">type & } 132          t error = param->is_delete;
 -ENOENT : -ENOMEM;
 132          charparrogm" a> == a href="+code=isram" class="sref">param->data[0 132        }
chardomain == a href="+code=farucs" class="sref">ptrucs" a>(parrogm" a> =,span class="corucing">&ot; enfromquot;stspan>
<
 142        domain ={
 1424/a>                  a href="+code=limain pme="class="sref">domain == a an class="corucing">'\0'span>
< 1424/a>                if href="+code=limain pme="class="sref">domain ==+= 6 142        re}lse
type == tyMOYO_TYPRANSITION_CONTROL_NO_KEEPa> ==
 1424/a>                type == tyMOYO_TYPRANSITION_CONTROL_KEEPa> ={
 1424/a>                   href="+code=limain pme="class="sref">domain == a href="+code=faprogm" class="sref">parrogm" a> = 1424/a>                   href="+code=liprogm" class="sref">parrogm" a> == a href="+code=isNUL class="sref">TONUL a> = 1424/a>           1424/a>        co (parrogm" a> ==mp;& grruccm a>(parrogm" a> =,span class="corucing">&ot; eanyuot;stspan>
<
{
 1424/a>                if (!limoyo_rendrrectath_aa>(parrogm" a> =
 1525/a>                        coturn -EINVAL;
 1525/a>                   href="+code=to class="sref">ty/a> =. href="+code=typrogm" class="sref">parrogm" a> == a href="+code=ismoyo_ret_come="class="sref">domoyo_ret_come="a>(parrogm" a> =
 1525/a>                if (!ty/a> =. href="+code=typrogm" class="sref">parrogm" a> = 1525/a>                          to out;
 15254a>           15255a>        co (domain ==mp;& grruccm a>(domain =,span class="corucing">&ot; eanyuot;stspan>
<
{
 1525/a>                   (!dotoyo_condrrectadain" a>(domain =
{
 152                      limoyo_rendrrectath_aa>(domain =
{a href="security/tomoyo/domain.c#L172" id="L142" class="line" name="L152"> 152                                  to out;
 1525/a>                        ty/a> =. href="+code=tyisess=t_we="class="sref">nsisess=t_we="a> == a href="+code=true" class="sref">true;
 1626/a>                   1626/a>                   href="+code=to class="sref">ty/a> =. href="+code=tymain pme="class="sref">domain == a href="+code=famoyo_ret_come="class="sref">domoyo_ret_come="a>(domain =
 1626/a>                if (!ty/a> =. href="+code=tymain pme="class="sref">domain =
a href="security/tomoyo/domain.c#L172" id="L132" class="line" name="L162"> 1626/a>                          to out;
 16264a>           16265a>        co href="+code=isram" class="sref">param->list = &param->ns->lilicy_loct" a>-&a href="+code=doMOYO_TYIDYPRANSITION_CONTROLclass="sref">tyMOYO_TYIDYPRANSITION_CONTROLa>-&
 162        error = domoyo_reupdateolicy_la>(ty/a> =. href="+code=tyad" class="sref">head)
, zety/a> =)param,
 162                if                   limoyo_reme_acansition ponditrola>(<
 162   href="+code=out" class="sref">out;
 162           href="+code=entoyo_sat_come="class="sref">domoyo_ret_come="a>(ty/a> =. href="+code=tymain pme="class="sref">domain =
 1727/a>        domoyo_ret_come="a>(ty/a> =. href="+code=typrogm" class="sref">parrogm" a> =
 172          turn error;
 172   172  a href="security/tomoyo/domain.c#L182" id="L162" class="line" name="L172"> 1727/a> **
 1727/a> *
 1727/a> * tspan>
 1727/a> * to:ct"         inter to "struct tost_head
 1727/a> * @nemainfmain.c#span>
 1727/a> * @r:rrogm"      e inwe="pof quest_ied rrogm" #span>
 1828/a> * @chss=t_we=":  e inls=tontmpont">f @nemain pme="/span>
 1828/a> * @chpe
 1828/a> * Rspan>
 1828/a> *
 1828/a> * Cspan>
  82 * Caller holds tomoyo_read_lock().
  828/a> * t/span>
  82nsinne" a>    href="+code=inol" class="sref">bool limoyo_remcancansition pa>  a href="security/tomoyo/domain.c#L182" id="L182  class="line" name="L182>> 1728/a>list_head *list =,fnst struct tomoyo_acth_anfo" a> *domain =,a href="security/tomoyo/domain.c#L182" id="L162" class="line" name="L892">  828/a>tomoyo_acth_anfo" a> *parrogm" a> =,snst stcharnsss=t_we="a> =,a href="security/tomoyo/domain.c#L182" id="L902" class="line" name="L902">  929/a>tomoyo_acansition pope type &  929/a>  929/a>          nst struct limoyo_reansition ponditrola>(<ptr;
  929/a>           href="+code=tost_her_each_entry_rcu" class="sref">list_for_each_entry_rcu(ptr, list, head)
. href="+code=tyst" class="sref">list) {
  929/a>                ptr->head)
. href="+code=ty_deleted" class="sref">is_deleted || ptr->type != type &  929/a>                        gontinue;
  929/a>                   (!< href="+code=ptr" class="sref">ptr->domain =

  929/a>                      ptr->nsisess=t_we="a> =

  929/a>                                   (!< href="+code=ptr" class="sref">ptr->domain == domain =
a href="security/tomoyo/domain.c#L172" id="L892" class="line" name="L992">  929/a>                 1030/a>                        co}lse
 1030/a>                                  pan class="comment"> **
 1030/a> *                                 * U

 1030/a> *                                 * unnekely used/span>
 1030/a> *                                 */span>
 1030/a>                        gooooooooo (!< href="+code=ptruccm class="sref">grruccm a>(ptr->domain =gt;dowe="a> =,sphref="+code=liss=t_we="class="sref">nsss=t_we="a> =
{a href="security/tomoyo/domain.c#L173" id="L103" class="line" name="L103"> 1030/a>                                          ntinue;
 1030/a>                       1030/a>                }
 1030/a>                if (!< href="+code=nep" class="sref">ptr->parrogm" a> ==mp;& grmoyo_acth_acm a>(ptr->parrogm" a> =,sphref="+code=typrogm" class="sref">parrogm" a> =
{a href="security/tomoyo/domain.c#L173" id="L113" class="line" name="L113"> 1131/a>                        continue;
 1131/a>                  turn true;
 113           1131/a>        return false;
 1131/a>}
 1131/a>
 1131/a>/**
 1131/a> * tomoyo_chansition pope
 1131/a>   /span>
 1131/a> * @r:ns          inter to "struct tomoyo_aclicy_lome="an c/uot;.
 1232/a> * @chmainfmain.c#span>
 1232/a> * @chrrogm"      e inwe="pof quest_ied rrogm" #span>
 1232/a> * Rspan>
 1232/a> *
 1232/a> * Camain.cransition pracross me="an c/s,rMOYO_TYPRANSITION_CONTROL_INITIALIZEf (span>
 1232/a>/* Caexurinuegchrrogm"  reinionalizesamain.cransition prwithicrahat me="an c/,span>
 1232/a> * toMOYO_TYPRANSITION_CONTROL_KEEPf (!exurinuegchrrogm"  stays at hmain
 1232/a> *
 1232/a> * @span>
 1232/a> * @rller holds tomoyo_read_lock().
 1333/a> * @/span>
 1333/a>  atic tomoyo_acansition pope tomoyo_acansition pope  1333/a>grmoyo_acticy_lome="an c/a>(<ns-&,a href="security/tomoyo/domain.c#L183" id="L133" class="line" name="L133"> 133  fnst struct tomoyo_acth_anfo" a> *domain =,a href="security/tomoyo/domain.c#L183" id="L133" class="line" name="L133"> 133   nst struct tomoyo_acth_anfo" a> *parrogm" a> ={a href="security/tomoyo/domain.c#L173" id="L133" class="line" name="L133"> 133   133          nst stcharnsss=t_we="a> = limoyo_ress=t_wor-a>(domain =gt;dowe="a> =
 133          enumo href="+code=tomoyo_acansition popetomoyo_acansition pope type & ENMOYO_TYPRANSITION_CONTROL_NO_RESE a>;
 133          whiletype ==<ENMOYO_TYMAXYPRANSITION_TYPEa> =

 1333/a>                ifnst struct list_head *list = &a href="security/tomoyo/domain.c#L163" id="L143" class="line" name="L143"> 1434/a>                        comp;ns->lilicy_loct" a>-&a href="+code=doMOYO_TYIDYPRANSITION_CONTROLclass="sref">tyMOYO_TYIDYPRANSITION_CONTROLa>-&
 1434/a>                   (!limoyo_remcancansition pa>  a href="+code=ptst" class="sref">list, domain =,sphref="+code=typrogm" class="sref">parrogm" a> =,a href="security/tomoyo/domain.c#L183" id="L133" class="line" name="L143"> 1434/a>                ifffffffffffffffffffffffffffff href="+code=liss=t_we="class="sref">nsss=t_we="a> =,a href="+code=r"me" class="sref">type &<

 1434/a>                           href="+code=r"me" class="sref">type &++ 1434/a>                 1434/a>                   1434/a>                   (type == ENMOYO_TYPRANSITION_CONTROL_NO_RESE a>;
=mp;&  1434/a>                       href="+code=ptpe" class="sref">type == ENMOYO_TYPRANSITION_CONTROL_NO_INITIALIZEa> ={a href="security/tomoyo/domain.c#L173" id="L143" class="line" name="L143"> 1434/a>                          break 1434/a>                ifpan class="comment"> **
 1535/a> *                 * Do notheck tor duresetadain"   (
 1535/a> *                 * Do notheck tor duinionalizeadain"   (
 1535/a> *                 * mateckd/span>
 1535/a> *                 @/span>
 1535/a>                type &++ 1535/a>                   href="+code=r"me" class="sref">type &++ 1535/a>           153          turn type & 153   1535/a>  a href="security/tomoyo/domain.c#L143" id="L163" class="line" name="L163"> 1636/a> **
 1636/a> * @cmoyo_reme="_aggrativ duCheck for duplicated "struct tomoyo_acaggrativ duot; entry.
 1636/a> * Rspan>
 1636/a> *
 1636/a> * Ca: Pointer to "struct tomoyo_acl_inad
 1636/a> *
 1636/a> * toturns true if @a == @b, false otherwise.
 1636/a> *
 163  atic bool limoyo_reme_acaggrativ da>tomoyo_acl_head *a,
 1636/a>                tomoyo_acl_head *b)
 1737/a>   173          nst struct limoyo_reaggrativ da>lip1a> = container_of(a,
cope" " a>(lip1a> =
 1737/a>                ifffffffffffffffffffffffffffff               href="+code=r"ad" class="sref">head)
< 17373a>          nst struct limoyo_reaggrativ da>lip2a> = container_of(b)
cope" " a>(lip2a> =
 1737/a>                head)
< 1737/a>          turn lip1a> =gt;nsoriginal_we="a> = <lip2a> =gt;nsoriginal_we="a> = mp;&  1737/a>                   href="+code=lip1class="sref">lip1a> =gt;nsaggratived_we="a> = <lip2a> =gt;nsaggratived_we="a> = 1737/a> 1737/a> 1737/a> **
 1838/a> * @cmoyo_rewty/acaggrativ duChWty/aquot;struct tomoyo_acaggrativ duot; enst" /span>
 1838/a> * @span>
 1838/a> * Rneram:   inter to "struct tomoyo_acl_param".
 1838/a> *
 1838/a> * Ccturns 0 on success, negative value otherwise.
  83 * Cspan>
  838/a> * trller holds tomoyo_read_lock().
  838/a> *
limoyo_rewty/aclggrativ da>(tomoyo_acl_param *param,
  838/a>  939/a>          ruct limoyo_reaggrativ da>ns/a> =   939/a>          t error = param->is_delete;
 -ENOENT : -ENOMEM;
  939/a>          nst stcharnsoriginal_we="a> = limoyo_read_lotokepa>(param,
<  9393a>          nst stcharnsaggratived_we="a> = limoyo_read_lotokepa>(param,
<  939/a>           (!limoyo_rendrrectawor-a>(nsoriginal_we="a> =)=
  939/a>              a href="+code=chtoyo_condrrectath_aclass="sref">limoyo_rendrrectath_aa>(nsaggratived_we="a> =
{a href="security/tomoyo/domain.c#L173" id="L963" class="line" name="L963">  939/a>                  turn -EINVAL;
  939/a>           href="+code=to"class="sref">ns/a> =. href="+code=tyoriginal_we="class="sref">nsoriginal_we="a> = domoyo_ret_come="a>(nsoriginal_we="a> =)  939/a>           href="+code=to"class="sref">ns/a> =. href="+code=tyaggratived_we="class="sref">nsaggratived_we="a> = domoyo_ret_come="a>(nsaggratived_we="a> =
  939/a>           (!ty/a> =. href="+code=tyoriginal_we="class="sref">nsoriginal_we="a> = || a href="+code=ch"class="sref">ns/a> =. href="+code=tyaggratived_we="class="sref">nsaggratived_we="a> = 
 1040/a>               href="+code=ch"class="sref">ns/a> =. href="+code=tyaggratived_we="class="sref">nsaggratived_we="a> =gt;is_deth_r tn" a> =)=pan class="comment"> **< No th_r tns lerowed.
 1040/a>                  to out;
 10402a>           href="+code=toram" class="sref">param->list = &param->ns->lilicy_loct" a>-&a href="+code=doMOYO_TYIDYAGGREGATORclass="sref">liMOYO_TYIDYAGGREGATORa>-&
 1040/a>           href="+code=toror" class="sref">error = domoyo_reupdateolicy_la>(ty/a> =. href="+code=tyad" class="sref">head)
, zety/a> =)param,
 1040/a>                limoyo_reme_acaggrativ da> 1040/a>   href="+code=out" class="sref">out;
 1040/a>        domoyo_ret_come="a>(ty/a> =. href="+code=tyoriginal_we="class="sref">nsoriginal_we="a> =) 1040/a>           href="+code=tomoyo_ret_come="class="sref">domoyo_ret_come="a>(ty/a> =. href="+code=tyaggratived_we="class="sref">nsaggratived_we="a> =
 1040/a>          turn error;
 1040/a>   1141/a>  a href="security/tomoyo/domain.c#L144"1id="L104" class="line" name="L114"> 1141/a> **
 1141/a> * Rnmoyo_refindome="an c/ - Findpecific ed me="an c//span>
 1141/a> *
 1141/a> * Ca:me=": Na="pof me="an c/  &qfind/span>
 1141/a>/* Ca@len:  Lengthf @neme="/span>
 1141/a>/*
 1141/a> * toturns 0 pnter to "struct tomoyo_aclicy_lome="an c/uot;.
 1141/a>   / NUL therwise.
 1141/a> * @span>
 1242/a> * @cller holds tomoyo_read_lock().
 1242/a> * @/span>
 1242/a>grmoyo_acticy_lome="an c/a>(<grmoyo_acfindome="an c/a>  a href="security/tomoyo/domain.c#L144" id="L114" class="line" name="L124"> 1242/a>nswe="a> =,snst stunsign"  t lilepa>(<{a href="security/tomoyo/domain.c#L174" id="L124" class="line" name="L124"> 1242/a> 1242/a>          ruct grmoyo_acticy_lome="an c/a>(<ns-& 1242/a>        list(ns-&,amp;limoyo_acme="an c/oct" a>-&,a href="+code=liwe="an c/oct" class="sref">lime="an c/oct" a>-&

 1242/a>                   (!< href="+code=ptrucncm class="sref">grrucncm a>(nswe="a> =,s href="+code=is" class="sref">ns->nswe="a> =,s href="+code=islepclass="sref">lilepa>(<{ 
 1242/a>                      a href="+code=newe="class="sref">nswe="a> =a href="+code=dolepclass="sref">lilepa>(<]=mp;& nswe="a> =a href="+code=dolepclass="sref">lilepa>(<]= ' 'span>
<
{a href="security/tomoyo/domain.c#L174"9id="L104" class="line" name="L124"> 1242/a>                 1343/a>                  turn ns-& 1343/a>           13432a>          turn nsNUL a>-& 134   134  a href="security/tomoyo/domain.c#L144" id="L104" class="line" name="L134"> 1343/a>/**
 1343/a> * trmoyo_reassignome="an c/ - Cad_te a new me="an c//span>
 1343/a> * tspan>
 1343/a> * @nemain 1343/a> * @span>
 1444/a> * @cturns 0 pnter to "struct tomoyo_aclicy_lome="an c/uot;.
 1444/a> * @cNUL therwise.
 1444/a> * Rspan>
 1444/a> *
 1444/a> * C/span>
 1444/a>  ruct grmoyo_acticy_lome="an c/a>(<grmoyo_acassignome="an c/a>grmain(<{a href="security/tomoyo/domain.c#L174" id="L144" class="line" name="L144"> 1444/a>   1444/a>          ruct grmoyo_acticy_lome="an c/a>(<ptr;
 1444/a>          ruct grmoyo_acticy_lome="an c/a>(<litry_ra>(< 1444/a>          nst stchargrcpa> = grmain(< 1545/a>          unsign"  t lilepa>(<  1545/a>          whilegrcpa> = mp;& grcpa> =++= ' 'span>
<
a href="security/tomoyo/domain.c#L174" id="L134" class="line" name="L154"> 1545/a>                if href="+code=erlepclass="sref">lilepa>(<++ 1545/a>           href="+code=tor" class="sref">ptr;
 grmoyo_acfindome="an c/a>  a href="+code=tymain pme="class="sref">domain =,s href="+code=islepclass="sref">lilepa>(<{ 1545/a>           (!< href="+code=tor" class="sref">ptr;

a href="security/tomoyo/domain.c#L174" id="L134" class="line" name="L154"> 1545/a>                  turn ptr;
 1545/a>           (!< href="+code=tolepclass="sref">lilepa>(< t;ENMOYO_TYEXEC_TMPSIZEa>(< - 10 || a href="+code=chmoyo_acmain.c_de class="sref">copoyo_acmain.c_de a>  a href="+code=tymain pme="class="sref">domain =
{a href="security/tomoyo/domain.c#L174" id="L134" class="line" name="L154"> 1545/a>                  turn nsNUL a>-& 1545/a>           href="+code=to"ry_rclass="sref">litry_ra>(< likzleroca>  azelitry_ra>(<) +a href="+code=erlepclass="sref">lilepa>(< + 1,s href="+code=isGFP_NOFSclass="sref">liGFP_NOFSa>(<{ 1545/a>           (!litry_ra>(<)a href="security/tomoyo/domain.c#L184" id="L164" class="line" name="L164"> 1646/a>                  turn nsNUL a>-& 16461a>           (!< href="+code=tomutexock()_ter truptibl"class="sref">domutexock()_ter truptibl"a>(grmoyo_acticy_lock()a> =
{a href="security/tomoyo/domain.c#L174" id="L134" class="line" name="L164"> 1646/a>                ifto out;
 1646/a>           href="+code=tor" class="sref">ptr;
 grmoyo_acfindome="an c/a>  a href="+code=tymain pme="class="sref">domain =,s href="+code=islepclass="sref">lilepa>(<{ 1646/a>           (!ptr;
 mp;& grmoyo_acmemory_o)a>(litry_ra>(<)

 1646/a>                  charnswe="a> = litry_ra>(< + 1{ 1646/a>                   href="+code=lip" class="sref">ptr;
 litry_ra>(< 1646/a>                   href="+code=tomemmov"class="sref">domemmov"a>(nswe="a> =,s href="+code=ismain pme="class="sref">domain =,s href="+code=islepclass="sref">lilepa>(<{ 1646/a>                   href="+code=a"we="class="sref">nswe="a> =a href="+code=dolepclass="sref">lilepa>(<]='\0'span>
< 1646/a>                litry_ra>(nswe="a> = nswe="a> = 1747/a>                   href="+code=a"moyo_acinioclicy_lome="an c/class="sref">grmoyo_acinioclicy_lome="an c/a>(litry_ra>(<) 1747/a>                   href="+code=to"ry_rclass="sref">litry_ra>(< nsNUL a>-& 1747/a>           1747/a>           href="+code=tomutexounck()class="sref">grmutexounck()a>(grmoyo_acticy_lock()a> =
 1747/a>   href="+code=out" class="sref">out;
 1747/a>           href="+code=iskfre/class="sref">grkfre/a>(litry_ra>(<) 1747/a>          turn ptr;
 1747/a> 1747/a> 1747/a> **
 1848/a> * @cmoyo_reme="an c/ojumpuCheck for dume="an c/ jump/span>
 1848/a> * @span>
 1848/a> * Rnemain
 1848/a> *
 1848/a> * Ccturns 0 ue if @ame="an c/ differsfalse otherwise.
  84 * C/span>
  848/a>bool grmoyo_acme="an c/ojumpa>grmain(<{a href="security/tomoyo/domain.c#L174" id="L874" class="line" name="L874">  848/a>grme="an c/a>(<<ome="an c/class="sref">grmoyo_accitrt">ome="an c/a>nswe="a> =  848/a>          nst stt lilepa>(< liruclepa>(grme="an c/a>(<)  949/a>          turn grrucncm a>(domain =,s href="+code=iswe="an c/class="sref">grme="an c/a>(<,s href="+code=islepclass="sref">lilepa>(<{ 
  949/a>                  a href="+code=nemain pme="class="sref">domain =a href="+code=dolepclass="sref">lilepa>(<]=mp;& domain =a href="+code=dolepclass="sref">lilepa>(<]= ' 'span>
<
  949/a>    9493a>  a href="security/tomoyo/domain.c#L144" id="L164" class="line" name="L944">  949/a> **
  949/a>/* Catoyo_acassignomain.c - Cad_te a main.c  dua me="an c//span>
  949/a>/*
  949/a> * toemain
  949/a> * @neansitio:    Te if @aansitioo &qmain.c found  ducad_ted/span>
  949/a> * @span>
 1050/a> * @cturns 0 pnter to "struct tomoyo_acmain.c_fo" uot;.
 1050/a> * @span>
 1050/a> * Rnller holds tomoyo_read_lock().
 1050/a> *
 1050/a>  ruct copoyo_acmain.c_fo" a> *copoyo_acassignomain.ca>grmain(< 1050/a>                                                  nst bool copnsitioa>(<{a href="security/tomoyo/domain.c#L175" id="L105" class="line" name="L105"> 1050/a>   1050/a>          ruct copoyo_acmain.c_fo" a> *< href="+code=ne class="sref">lita>(<  1050/a>          ruct copoyo_acmain.c_fo" a> *litry_ra>(< copoyo_acfindomain.ca>  a href="+code=tymain pme="class="sref">domain =
 1050/a>           href="+code=liol" class="sref">bool bocad_teda>(< bolse oa> = 1151/a>           (!< href="+code=totry_rclass="sref">litry_ra>(<)  1151/a>                   (!< href="+code=tomnsitioclass="sref">copnsitioa>(<{  1151/a>                ifffffffffpan class="comment"> **
 1151/a> *<<<<<<<<<<<<<<<<<<<<<<<<<* Sinceame="an c/ isucad_ted at runtime, profiles mayspan>
 1151/a> * <<<<<<<<<<<<<<<<<<<<<<<<* nothbeucad_ted by erw mont"> erw pross, aansitiotomospan>
 1151/a>/* <<<<<<<<<<<<<<<<<<<<<<<<* that main.c# Do nothperformqmain.c ansition p  (span>
 1151/a>/*<<<<<<<<<<<<<<<<<<<<<<<<<* profileor duthat main.c isunothyetucad_ted/span>
 1151/a> * <<<<<<<<<<<<<<<<<<<<<<<<*/span>
 1151/a>                           (!< href="+code=tomoyo_acticy_lockadedclass="sref">bomoyo_acticy_lockadeda>;
 mp;&  1151/a>                litry_ra>(ns->ptrrofile_r" a> =a href="+code=do ry_rclass="sref">litry_ra>(ptrrofilea>(<]{a href="security/tomoyo/domain.c#L175" id="L125" class="line" name="L125"> 1252/a>                                  turn nsNUL a>-& 1252/a>                   1252/a>                ifturn litry_ra>(< 1252/a>           1252/a>          pan class="comment"> **< Requested main.c doesunothext" /<*/span>
 1252/a>          pan class="comment"> **< Don'tucad_teftuquested main.c if main.cme="pisuinvalid.
 1252/a>           (!< href="+code=toruclepclass="sref">liruclepa>(domain =
 t;ENMOYO_TYEXEC_TMPSIZEa>(< - 10 ||a href="security/tomoyo/domain.c#L155"7id="L105" class="line" name="L125"> 1252/a>              a href="+code=chtoyo_condrrectamain.cclass="sref">copoyo_acndrrectamain.ca>(domain =
{a href="security/tomoyo/domain.c#L175"8id="L105" class="line" name="L125"> 1252/a>                  turn nsNUL a>-& 1252/a>          pan class="comment"> **
 1353/a> *         * Sinceadefinion p of profiles and acl_groups may differ acrossspan>
 1353/a> *         * me="an c/s, maunothinhety/quot;stuse_rrofileuot;.
 1353/a> *         * by aumoyic 
 1353/a> *<<<<<<<<
 1353/a>           (!< href="+code=tomnsitioclass="sref">copnsitioa>(< mp;& grmoyo_acme="an c/ojumpa>domain =
{a href="security/tomoyo/domain.c#L175" id="L105" class="line" name="L135"> 1353/a>                  turn nsNUL a>-& 1353/a>        lita>(<. href="+code=ty" class="sref">ns-& grmoyo_acassignome="an c/a>domain =
 13537a>           (!ns/a> =. href="+code=ty" class="sref">ns-&{a href="security/tomoyo/domain.c#L175"8id="L105" class="line" name="L135"> 1353/a>                  turn nsNUL a>-& 1353/a>          pan class="comment"> **
 1454/a> *         * uot;stuse_rrofileuot;.an>
 1454/a> *         * main.cs arehinhety/ed from citrt"> main.c# These areh0or dumanuallya>an>
 1454/a> *         * cad_ted main.cs/span>
 1454/a> *<<<<<<<<
 1454/a>           (!< href="+code=tomnsitioclass="sref">copnsitioa>(<{  1454/a>                  cst struct copoyo_acmain.c_fo" a> *comain.ca>(< copoyo_acmain.ca>( 1454/a>                   href="+code=li"class="sref">ns/a> =. href="+code=tyrrofileclass="sref">ptrrofilea>(< comain.ca>(ptrrofilea>(< 1454/a>                   href="+code=to"class="sref">ns/a> =. href="+code=tygroupclass="sref">nsgroupa>(< comain.ca>(nsgroupa>(< 1454/a>           1454/a>           href="+code=li"class="sref">ns/a> =. href="+code=tymain pme="class="sref">domain = domoyo_ret_come="a>(domain =
 1555/a>           (!ns/a> =. href="+code=tymain pme="class="sref">domain =
a href="security/tomoyo/domain.c#L145" id="L115" class="line" name="L155"> 1555/a>                  turn nsNUL a>-& 1555/a>           (!< href="+code=tomutexock()_ter truptibl"class="sref">domutexock()_ter truptibl"a>(grmoyo_acticy_lock()a> =
{a href="security/tomoyo/domain.c#L175" id="L135" class="line" name="L155"> 1555/a>                  to out;
 1555/a>           href="+code=li"ry_rclass="sref">litry_ra>(< copoyo_acfindomain.ca>  a href="+code=tymain pme="class="sref">domain =
 1555/a>           (!litry_ra>(<)  1555/a>                   href="+code=li"ry_rclass="sref">litry_ra>(< grmoyo_acmmenit_o)a>(ns/a> =, zety/a> =)
 1555/a>                   (!< href="+code=totry_rclass="sref">litry_ra>(<)  1555/a>                           href="+code=toINIT_LIST_HEADclass="sref">liINIT_LIST_HEADa>(litry_ra>(liacl_fo" oct" a> =
 1555/a>                list(litry_ra>(list =,amp;limoyo_acmain.c_ct" a> =
 1656/a>                           href="+code=iscad_tedclass="sref">bocad_teda>(< copnuea>(< 1656/a>                   1656/a>           1656/a>           href="+code=tomutexounck()class="sref">grmutexounck()a>(grmoyo_acticy_lock()a> =
 1656/a>   href="+code=out" class="sref">out;
 1656/a>           href="+code=enmoyo_act_come="class="sref">domoyo_ret_come="a>(ty/a> =. href="+code=tymain pme="class="sref">domain =
 1656/a>           (!< href="+code=to"ry_rclass="sref">litry_ra>(< mp;& copnsitioa>(<{  1656/a>                   (!< href="+code=tocad_tedclass="sref">bocad_teda>(<{  1656/a>                          ruct copoyo_actuquest_fo" a>    href="+code=to class="sref">pt/a>;
 1656/a>                copoyo_acinioctuquest_fo" a>(pt/a>;
,s href="+code=is"ry_rclass="sref">litry_ra>(< 1757/a>                                                    href="+code=r"MOYO_TYMAC_FILEYEXECUTEclass="sref">ENMOYO_TYMAC_FILEYEXECUTEa> =
 1757/a>                           href="+code=r" class="sref">pt/a>;
. href="+code=tygrantedclass="sref">bogranteda>(< bolse oa> = 1757/a>                ifffffffffphref="+code=enmoyo_acwty/eockgclass="sref">copoyo_acwty/eockga>(pt/a>;
,s an class="corucing">&ot;stuse_rrofile %u\n&ot;stspan>
< 1757/a>                                            href="+code=r" ry_rclass="sref">litry_ra>(ptrrofilea>(<
 1757/a>                copoyo_acwty/eockga>(pt/a>;
,s an class="corucing">&ot;stuse_group %u\n&ot;stspan>
<<  href="+code=r" ry_rclass="sref">litry_ra>(nsgroupa>(<
 1757/a>                  aaaaaaaaphref="+code=enmoyo_acupdateoaticclass="sref">copoyo_acupdateoatica>(liMOYO_TYSTAT_POLICY_UPDATESa>(<
 1757/a>                   1757/a>           1757/a>          turn litry_ra>(< 1757/a>   1858/a>  a href="security/tomoyo/domain.c#L145" id="L185" class="line" name="L185"> 1858/a> **
 1858/a> * Rnpoyo_acenvironuCheck fopermissn p r duenvironnt"> variableame="a/span>
 1858/a> *
 1858/a> * Cc@ee: Pnter to "struct tomoyo_acexecveuot;.
  85 * Cspan>
  858/a> * trturns 0 0f success, ncnativive valuotherwise.
  858/a> * t/span>
copoyo_acenvirona>(copoyo_acexecvea> *gre"a> =
a href="security/tomoyo/domain.c#L145" id="L165" class="line" name="L895">  858/a>    959/a>          ruct copoyo_actuquest_fo" a>   a href="+code=li class="sref">pt/a>;
 gre"a> =gt;pt/a>;
  959/a>          ruct list"ux_binprma>   a href="+code=libprmclass="sref">libprma>   gre"a> =gt;libprma>    959/a>          pan class="comment"> **< env_page.datapisuleroc_ted by eoyo_acmump_page().
  9593a>          ruct domoyo_retagecmumpa>    href="+code=toenv_pageclass="sref">litrv_pagea>     959/a>          charptarg_r" a>  < pan class="comment"> **< Siz"pisuMOYO_TYEXEC_TMPSIZE bytes
  959/a>            liarg_lepa>     959/a>          unsign"  longa href="+code=erro class="sref">nsro a>   libprma>  gt;nsra>    9597a>            outffse a>   nsro a>   %a href="+code=isPAGE_SIZEclass="sref">ENPAGE_SIZEa>    9598a>            liargv_coun a>   libprma>  gt;liargca>    9599a>            litrvp_coun a>   libprma>  gt;litrvca>   10600a>            pttrro a>   ptENOMEMa>   1060/a> 1060/a>          phref="+code=en"/class="sref">gre"a> =gt;pt/a>;
. href="+code=tytypeclass="sref">copypea>   ENMOYO_TYMAC_ENVIRONa>   1060/a>           href="+code=to"/class="sref">gre"a> =gt;pt/a>;
. href="+code=tyrrofileclass="sref">ptrrofilea>(< pt/a>;
gt;comain.ca>(ptrrofilea>(< 1060/a>           href="+code=li"/class="sref">gre"a> =gt;pt/a>;
. href="+code=tyme=tclass="sref">grme=ta>(< gruoyo_ret_come=ta>(pt/a>;
gt;comain.ca>(ns-&<  href="+code=r" /class="sref">gre"a> =gt;pt/a>;
. href="+code=tyrrofileclass="sref">ptrrofilea>(< 1060/a>                                        href="+code=isMOYO_TYMAC_ENVIRONclass="sref">ENMOYO_TYMAC_ENVIRONa>  
 1060/a>           (!pt/a>;
gt;grme=ta>(< || a href="+code=chtrvp_coun class="sref">litrvp_coun a>  
a href="security/tomoyo/domain.c#L146"7id="L106" class="line" name="L976"> 1060/a>                  turn  1060/a>           href="+code=toarg_r" class="sref">ptarg_r" a>   likzleroca>  a href="+code=isMOYO_TYEXEC_TMPSIZEclass="sref">ENMOYO_TYEXEC_TMPSIZEa>(<,s href="+code=isGFP_NOFSclass="sref">liGFP_NOFSa>(<{ 1060/a>           (!ptarg_r" a>  
a href="security/tomoyo/domain.c#L146" id="L116" class="line" name="L116"> 1161/a>                  to out;
 1161/a>          whilepttrro a>   <ptENOMEMa>  {  1161/a>                if (!gruoyo_remump_pagea>  a href="+code=isbprmclass="sref">libprma>  ,s href="+code=isro class="sref">nsro a>  ,amp;litrv_pagea>  
{a href="security/tomoyo/domain.c#L176" id="L116" class="line" name="L116"> 1161/a>                          to out;
 1161/a>                nsro a>   +ENPAGE_SIZEa>   -a href="+code=eroffse class="sref">outffse a>   1161/a>                  pan class="comment"> **< Read.
 1161/a>                  whileliargv_coun a>   mp;& outffse a>   <a href="+code=isPAGE_SIZEclass="sref">ENPAGE_SIZEa>  {  1161/a>                        if (!litrv_pagea>  . href="+code=tymataclass="sref">comataa>  a href="+code=dooffse class="sref">outffse a>  ++]{a href="security/tomoyo/domain.c#L176"8id="L106" class="line" name="L116"> 1161/a>                                liargv_coun a>  -- 1161/a>                 1262/a>                   (!< href="+code=toargv_coun class="sref">liargv_coun a>  {  1262/a>                        outffse a>    1262/a>                ifffffffffcontinue 1262/a>                   1262/a>                outffse a>   <a href="+code=isPAGE_SIZEclass="sref">ENPAGE_SIZEa>  {  1262/a>                          cst stunsign"  char< href="+code=iscclass="sref">lica>   litrv_pagea>  . href="+code=tymataclass="sref">comataa>  a href="+code=dooffse class="sref">outffse a>  ++] 1262/a>  a href="security/tomoyo/domain.c#L176"7id="L106" class="line" name="L126"> 1262/a>                           (!< href="+code=tocclass="sref">lica>   mp;& liarg_lepa>   <a href="+code=isMOYO_TYEXEC_TMPSIZEclass="sref">ENMOYO_TYEXEC_TMPSIZEa>(< - 10{  1262/a>                                   (!< href="+code=tocclass="sref">lica>   ='='span>
<
  1262/a>                ptarg_r" a>  a href="+code=doarg_lepclass="sref">liarg_lepa>  ++]='\0'span>
< 1363/a>                                  } ee ot (!< href="+code=tocclass="sref">lica>   ='\\'span>
<
  1363/a>                        ptarg_r" a>  a href="+code=doarg_lepclass="sref">liarg_lepa>  ++]='\\'span>
< 1363/a>                ifffffffff                 href="+code=toarg_r" class="sref">ptarg_r" a>  a href="+code=doarg_lepclass="sref">liarg_lepa>  ++]='\\'span>
< 1363/a>                                  } ee ot (!< href="+code=tocclass="sref">lica>   t;' 'span>
< mp;& lica>   tlt;a127
  1363/a>                ptarg_r" a>  a href="+code=doarg_lepclass="sref">liarg_lepa>  ++]=lica>   1363/a>                                  } ee ot 1363/a>                  aaaaaaaa                 href="+code=toarg_r" class="sref">ptarg_r" a>  a href="+code=doarg_lepclass="sref">liarg_lepa>  ++]='\\'span>
< 1363/a>                                           href="+code=toarg_r" class="sref">ptarg_r" a>  a href="+code=doarg_lepclass="sref">liarg_lepa>  ++]=lica>   t;'0'span>
< 1363/a>                                           href="+code=toarg_r" class="sref">ptarg_r" a>  a href="+code=doarg_lepclass="sref">liarg_lepa>  ++]a href="security/tomoyo/domain.c#L116"9id="L106" class="line" name="L136"> 1363/a>                lica>   t;'0'span>
< 1464/a>                                           href="+code=toarg_r" class="sref">ptarg_r" a>  a href="+code=doarg_lepclass="sref">liarg_lepa>  ++]=lica>   tp;&a 7) +a an class="corucing">'0'span>
< 1464/a>                         1464/a>                ifffffffff} ee ot 1464/a>                                   href="+code=toarg_r" class="sref">ptarg_r" a>  a href="+code=doarg_lepclass="sref">liarg_lepa>  ]='\0'span>
< 1464/a>                 1464/a>                           (!< href="+code=tocclass="sref">lica>  {a href="security/tomoyo/domain.c#L176" id="L146" class="line" name="L146"> 1464/a>                                  continue 1464/a>                           (!< href="+code=totoyo_acenv_permclass="sref">gruoyo_reenv_perma>(pt/a>;
,s href="+code=isarg_r" class="sref">ptarg_r" a>  

  1464/a>                                pttrro a>   ptEPERMa>   1464/a>                 1565/a>                           1565/a>                           (!