linux/security/tomoyo/group.c
<<
e="v /spa14. /form4. a e="v href="../linux+v3.7.5/security/tomoyo/group.c">e="v img src="../.static/gfx/right.png" alt=">>">e= /spa14.e= spa1 class="lxr_search">e="ve="v input type="hidden" name="navtarget" .12le="">e="v input type="text" name="search" id="search">e="v butt v3type="submit">Searche="v Prefs. /a>e= /spa14."v /div4."v form acv3.1="ajax+*" method="post" onsubmit="return false;">e= input type="hidden" name="ajax_lookup" id="ajax_lookup" .12le="">e"v /form4.e"v div class="headingbott m">. div id="file_contents"4
	 	1 /a> spa1 class="comment">/* /spa14.	 	2 /a> spa1 class="comment"> * security/tomoyo/group.c /spa14.	 	3 /a> spa1 class="comment"> * /spa14.	 	4 /a> spa1 class="comment"> * Copyright (C) 2005-2011  NTT DATA CORPORATION /spa14.	 	5 /a> spa1 class="comment"> */ /spa14.	 	6 /a>e	 	7 /a>#include <linux/slab.h /a>>e	 	8 /a>#include "common.h /a>"e	 	9 /a>e	    spa1 class="comment">/** /spa14.	 11 /a> spa1 class="comment"> * tomoyo_same_path_group - Check for duplicated "struct tomoyo_path_group" entry. /spa14.	 12 /a> spa1 class="comment"> * /spa14.	 13 /a> spa1 class="comment"> * @a: Pointer to "struct tomoyo_acl_head". /spa14.	 14 /a> spa1 class="comment"> * @b: Pointer to "struct tomoyo_acl_head". /spa14.	 15 /a> spa1 class="comment"> * /spa14.	 16 /a> spa1 class="comment"> * Returns true if @a == @b, false otherwise. /spa14.	 17 /a> spa1 class="comment"> */ /spa14.	 18 /a>static	 a href="+code=bool" class="sref">bool /a>	 a href="+code=tomoyo_same_path_group" class="sref">tomoyo_same_path_group /a>(const struct  a href="+code=tomoyo_acl_head" class="sref">tomoyo_acl_head /a>	* a href="+code=a" class="sref">a /a>,.	 19 /a>                                   const struct  a href="+code=tomoyo_acl_head" class="sref">tomoyo_acl_head /a>	* a href="+code=b" class="sref">b /a>).	 2 {.	 21 /a>        return  a href="+code=container_of" class="sref">container_of /a>( a href="+code=a" class="sref">a /a>, struct  a href="+code=tomoyo_path_group" class="sref">tomoyo_path_group /a>,  a href="+code=head" class="sref">head /a>)-> a href="+code=member_name" class="sref">member_name /a> ==.	 22 /a>                 a href="+code=container_of" class="sref">container_of /a>( a href="+code=b" class="sref">b /a>, struct  a href="+code=tomoyo_path_group" class="sref">tomoyo_path_group /a>,  a href="+code=head" class="sref">head /a>)-> a href="+code=member_name" class="sref">member_name /a>;e	 23 /a>}e	 24 /a>e	 25 /a> spa1 class="comment">/** /spa14.	 26 /a> spa1 class="comment"> * tomoyo_same_number_group - Check for duplicated "struct tomoyo_number_group" entry. /spa14.	 27 /a> spa1 class="comment"> * /spa14.	 28 /a> spa1 class="comment"> * @a: Pointer to "struct tomoyo_acl_head". /spa14.	 29 /a> spa1 class="comment"> * @b: Pointer to "struct tomoyo_acl_head". /spa14.	 3  spa1 class="comment"> * /spa14.	 31 /a> spa1 class="comment"> * Returns true if @a == @b, false otherwise. /spa14.	 32 /a> spa1 class="comment"> */ /spa14.	 33 /a>static	 a href="+code=bool" class="sref">bool /a>	 a href="+code=tomoyo_same_number_group" class="sref">tomoyo_same_number_group /a>(const struct  a href="+code=tomoyo_acl_head" class="sref">tomoyo_acl_head /a>	* a href="+code=a" class="sref">a /a>,.	 34 /a>                                     const struct  a href="+code=tomoyo_acl_head" class="sref">tomoyo_acl_head /a>	* a href="+code=b" class="sref">b /a>).	 35{.	 36 /a>        return ! a href="+code=memcmp" class="sref">memcmp /a>(& a href="+code=container_of" class="sref">container_of /a>( a href="+code=a" class="sref">a /a>, struct  a href="+code=tomoyo_number_group" class="sref">tomoyo_number_group /a>,  a href="+code=head" class="sref">head /a>).	 37 /a>                       -> a href="+code=number" class="sref">number /a>,.	 38 /a>                       & a href="+code=container_of" class="sref">container_of /a>( a href="+code=b" class="sref">b /a>, struct  a href="+code=tomoyo_number_group" class="sref">tomoyo_number_group /a>,  a href="+code=head" class="sref">head /a>).	 39 /a>                       -> a href="+code=number" class="sref">number /a>,.	 40 /a>                       sizeof( a href="+code=container_of" class="sref">container_of /a>( a href="+code=a" class="sref">a /a>, struct  a href="+code=tomoyo_number_group" class="sref">tomoyo_number_group /a>,  a href="+code=head" class="sref">head /a>).	 41 /a>                              -> a href="+code=number" class="sref">number /a>));e	 42 /a>}e	 43 /a>e	 44 /a> spa1 class="comment">/** /spa14.	 45 /a> spa1 class="comment"> * tomoyo_same_address_group - Check for duplicated "struct tomoyo_address_group" entry. /spa14.	 46 /a> spa1 class="comment"> * /spa14.	 47 /a> spa1 class="comment"> * @a: Pointer to "struct tomoyo_acl_head". /spa14.	 48 /a> spa1 class="comment"> * @b: Pointer to "struct tomoyo_acl_head". /spa14.	 49 /a> spa1 class="comment"> * /spa14.	 5  spa1 class="comment"> * Returns true if @a == @b, false otherwise. /spa14.	 51 /a> spa1 class="comment"> */ /spa14.	 52 /a>static	 a href="+code=bool" class="sref">bool /a>	 a href="+code=tomoyo_same_address_group" class="sref">tomoyo_same_address_group /a>(const struct  a href="+code=tomoyo_acl_head" class="sref">tomoyo_acl_head /a>	* a href="+code=a" class="sref">a /a>,.	 53 /a>                                      const struct  a href="+code=tomoyo_acl_head" class="sref">tomoyo_acl_head /a>	* a href="+code=b" class="sref">b /a>).	 54{.	 55 /a>        const struct  a href="+code=tomoyo_address_group" class="sref">tomoyo_address_group /a>	* a href="+code=p1" class="sref">p1 /a> =  a href="+code=container_of" class="sref">container_of /a>( a href="+code=a" class="sref">a /a>,  a href="+code=typeof" class="sref">typeof /a>(* a href="+code=p1" class="sref">p1 /a>),.	 56 /a>                                                              a href="+code=head" class="sref">head /a>);e	 57 /a>        const struct  a href="+code=tomoyo_address_group" class="sref">tomoyo_address_group /a>	* a href="+code=p2" class="sref">p2 /a> =  a href="+code=container_of" class="sref">container_of /a>( a href="+code=b" class="sref">b /a>,  a href="+code=typeof" class="sref">typeof /a>(* a href="+code=p2" class="sref">p2 /a>),.	 58 /a>                                                              a href="+code=head" class="sref">head /a>);e	 59 /a>e	 60 /a>        return  a href="+code=tomoyo_same_ipaddr_union" class="sref">tomoyo_same_ipaddr_union /a>(& a href="+code=p1" class="sref">p1 /a>-> a href="+code=address" class="sref">address /a>, & a href="+code=p2" class="sref">p2 /a>-> a href="+code=address" class="sref">address /a>);e	 61 /a>}e	 62 /a>e	 63 /a> spa1 class="comment">/** /spa14.	 64 /a> spa1 class="comment"> * tomoyo_write_group - Write "struct tomoyo_path_group"/"struct tomoyo_number_group"/"struct tomoyo_address_group" list. /spa14.	 65 /a> spa1 class="comment"> * /spa14.	 66 /a> spa1 class="comment"> * @param: Pointer to "struct tomoyo_acl_param". /spa14.	 67 /a> spa1 class="comment"> * @type:  Type of this group. /spa14.	 68 /a> spa1 class="comment"> * /spa14.	 69 /a> spa1 class="comment"> * Returns 0 on success, negative .12le otherwise. /spa14.	 7  spa1 class="comment"> */ /spa14.	 71 /a>int  a href="+code=tomoyo_write_group" class="sref">tomoyo_write_group /a>(struct  a href="+code=tomoyo_acl_param" class="sref">tomoyo_acl_param /a>	* a href="+code=param" class="sref">param /a>, const  a href="+code=u8" class="sref">u8 /a>	 a href="+code=type" class="sref">type /a>).	 72{.	 73 /a>        struct  a href="+code=tomoyo_group" class="sref">tomoyo_group /a>	* a href="+code=group" class="sref">group /a>	=  a href="+code=tomoyo_get_group" class="sref">tomoyo_get_group /a>( a href="+code=param" class="sref">param /a>,  a href="+code=type" class="sref">type /a>);e	 74 /a>        int  a href="+code=error" class="sref">error /a>	= - a href="+code=EINVAL" class="sref">EINVAL /a>;e	 75 /a>        if (! a href="+code=group" class="sref">group /a>).	 76 /a>                return - a href="+code=ENOMEM" class="sref">ENOMEM /a>;e	 77 /a>         a href="+code=param" class="sref">param /a>-> a href="+code=list" class="sref">list /a>	= & a href="+code=group" class="sref">group /a>-> a href="+code=member_list" class="sref">member_list /a>;e	 78 /a>        if ( a href="+code=type" class="sref">type /a> ==  a href="+code=TOMOYO_PATH_GROUP" class="sref">TOMOYO_PATH_GROUP /a>) {.	 79 /a>                struct  a href="+code=tomoyo_path_group" class="sref">tomoyo_path_group /a>  a href="+code=e" class="sref">e /a>	= { };e	 80 /a>                 a href="+code=e" class="sref">e /a>. a href="+code=member_name" class="sref">member_name /a> =  a href="+code=tomoyo_get_name" class="sref">tomoyo_get_name /a>( a href="+code=tomoyo_read_token" class="sref">tomoyo_read_token /a>( a href="+code=param" class="sref">param /a>));e	 81 /a>                if (! a href="+code=e" class="sref">e /a>. a href="+code=member_name" class="sref">member_name /a>) {.	 82 /a>                         a href="+code=error" class="sref">error /a>	= - a href="+code=ENOMEM" class="sref">ENOMEM /a>;e	 83 /a>                        goto  a href="+code=out" class="sref">out /a>;e	 84 /a>                }e	 85 /a>                 a href="+code=error" class="sref">error /a>	=  a href="+code=tomoyo_update_policy" class="sref">tomoyo_update_policy /a>(& a href="+code=e" class="sref">e /a>. a href="+code=head" class="sref">head /a>, sizeof( a href="+code=e" class="sref">e /a>),  a href="+code=param" class="sref">param /a>,e	 86 /a>                                           a href="+code=tomoyo_same_path_group" class="sref">tomoyo_same_path_group /a>);e	 87 /a>                 a href="+code=tomoyo_put_name" class="sref">tomoyo_put_name /a>( a href="+code=e" class="sref">e /a>. a href="+code=member_name" class="sref">member_name /a>);e	 88 /a>        } else if ( a href="+code=type" class="sref">type /a> ==  a href="+code=TOMOYO_NUMBER_GROUP" class="sref">TOMOYO_NUMBER_GROUP /a>) {.	 89 /a>                struct  a href="+code=tomoyo_number_group" class="sref">tomoyo_number_group /a>  a href="+code=e" class="sref">e /a>	= { };e	 90 /a>                if ( a href="+code=param" class="sref">param /a>-> a href="+code=data" class="sref">data /a>[0] ==  spa1 class="string">'@' /spa14 ||e	 91 /a>                    ! a href="+code=tomoyo_parse_number_union" class="sref">tomoyo_parse_number_union /a>( a href="+code=param" class="sref">param /a>, & a href="+code=e" class="sref">e /a>. a href="+code=number" class="sref">number /a>))e	 92 /a>                        goto  a href="+code=out" class="sref">out /a>;e	 93 /a>                 a href="+code=error" class="sref">error /a>	=  a href="+code=tomoyo_update_policy" class="sref">tomoyo_update_policy /a>(& a href="+code=e" class="sref">e /a>. a href="+code=head" class="sref">head /a>, sizeof( a href="+code=e" class="sref">e /a>),  a href="+code=param" class="sref">param /a>,e	 94 /a>                                           a href="+code=tomoyo_same_number_group" class="sref">tomoyo_same_number_group /a>);e	 95 /a>                 spa1 class="comment">/* /spa14.	 96 /a> spa1 class="comment">                 * tomoyo_put_number_union() is not needed because /spa14.	 97 /a> spa1 class="comment">                 * param->data[0] != '@'. /spa14.	 98 /a> spa1 class="comment">                 */ /spa14.	 99 /a>        } else {.	100 /a>                struct  a href="+code=tomoyo_address_group" class="sref">tomoyo_address_group /a>	 a href="+code=e" class="sref">e /a>	= { };e	101 /a>e	102 /a>                if ( a href="+code=param" class="sref">param /a>-> a href="+code=data" class="sref">data /a>[0] ==  spa1 class="string">'@' /spa14 ||e	103 /a>                    ! a href="+code=tomoyo_parse_ipaddr_union" class="sref">tomoyo_parse_ipaddr_union /a>( a href="+code=param" class="sref">param /a>, & a href="+code=e" class="sref">e /a>. a href="+code=address" class="sref">address /a>))e	104 /a>                        goto  a href="+code=out" class="sref">out /a>;e	105 /a>                 a href="+code=error" class="sref">error /a>	=  a href="+code=tomoyo_update_policy" class="sref">tomoyo_update_policy /a>(& a href="+code=e" class="sref">e /a>. a href="+code=head" class="sref">head /a>, sizeof( a href="+code=e" class="sref">e /a>),  a href="+code=param" class="sref">param /a>,e	106 /a>                                              a href="+code=tomoyo_same_address_group" class="sref">tomoyo_same_address_group /a>);e	107 /a>        }e	108 /a> a href="+code=out" class="sref">out /a>:e	109 /a>         a href="+code=tomoyo_put_group" class="sref">tomoyo_put_group /a>( a href="+code=group" class="sref">group /a>);e	110 /a>        return  a href="+code=error" class="sref">error /a>;e	111 /a>}e	112 /a>e	113 /a> spa1 class="comment">/** /spa14.	114 /a> spa1 class="comment"> * tomoyo_path_matches_group - Check whether the given pathname matches members of the given pathname group. /spa14.	115 /a> spa1 class="comment"> * /spa14.	116 /a> spa1 class="comment"> * @pathname: The name of pathname. /spa14.	117 /a> spa1 class="comment"> * @group:    Pointer to "struct tomoyo_path_group". /spa14.	118 /a> spa1 class="comment"> * /spa14.	119 /a> spa1 class="comment"> * Returns matched member's pathname if @pathname matches pathnames in @group, /spa14.	12  spa1 class="comment"> * NULL otherwise. /spa14.	121 /a> spa1 class="comment"> * /spa14.	122 /a> spa1 class="comment"> * Caller holds tomoyo_read_lock(). /spa14.	123 /a> spa1 class="comment"> */ /spa14.	124 /a>const struct  a href="+code=tomoyo_path_info" class="sref">tomoyo_path_info /a>	*.	125 /a> a href="+code=tomoyo_path_matches_group" class="sref">tomoyo_path_matches_group /a>(const struct  a href="+code=tomoyo_path_info" class="sref">tomoyo_path_info /a>	* a href="+code=pathname" class="sref">pathname /a>,e	126 /a>                          const struct  a href="+code=tomoyo_group" class="sref">tomoyo_group /a>	* a href="+code=group" class="sref">group /a>)e	127 /a>{.	128 /a>        struct  a href="+code=tomoyo_path_group" class="sref">tomoyo_path_group /a> * a href="+code=member" class="sref">member /a>;e	129 /a>         a href="+code=list_for_each_entry_rcu" class="sref">list_for_each_entry_rcu /a>( a href="+code=member" class="sref">member /a>, & a href="+code=group" class="sref">group /a>-> a href="+code=member_list" class="sref">member_list /a>,  a href="+code=head" class="sref">head /a>. a href="+code=list" class="sref">list /a>) {.	130 /a>                if ( a href="+code=member" class="sref">member /a>-> a href="+code=head" class="sref">head /a>. a href="+code=is_deleted" class="sref">is_deleted /a>)e	131 /a>                        continue;e	132 /a>                if (! a href="+code=tomoyo_path_matches_pattern" class="sref">tomoyo_path_matches_pattern /a>( a href="+code=pathname" class="sref">pathname /a>,  a href="+code=member" class="sref">member /a>-> a href="+code=member_name" class="sref">member_name /a>))e	133 /a>                        continue;e	134 /a>                return  a href="+code=member" class="sref">member /a>-> a href="+code=member_name" class="sref">member_name /a>;e	135 /a>        }e	136 /a>        return  a href="+code=NULL" class="sref">NULL /a>;e	137 /a>}e	138 /a>e	139 /a> spa1 class="comment">/** /spa14.	14  spa1 class="comment"> * tomoyo_number_matches_group - Check whether the given number matches members of the given number group. /spa14.	141 /a> spa1 class="comment"> * /spa14.	142 /a> spa1 class="comment"> * @min:   Min number. /spa14.	143 /a> spa1 class="comment"> * @max:   Max number. /spa14.	144 /a> spa1 class="comment"> * @group: Pointer to "struct tomoyo_number_group". /spa14.	145 /a> spa1 class="comment"> * /spa14.	146 /a> spa1 class="comment"> * Returns true if @min and @max partially overlaps @group, false otherwise. /spa14.	147 /a> spa1 class="comment"> * /spa14.	148 /a> spa1 class="comment"> * Caller holds tomoyo_read_lock(). /spa14.	149 /a> spa1 class="comment"> */ /spa14.	15  a href="+code=bool" class="sref">bool /a>	 a href="+code=tomoyo_number_matches_group" class="sref">tomoyo_number_matches_group /a>(const unsigned long  a href="+code=min" class="sref">min /a>,e	151 /a>                                 const unsigned long  a href="+code=max" class="sref">max /a>,e	152 /a>                                 const struct  a href="+code=tomoyo_group" class="sref">tomoyo_group /a>	* a href="+code=group" class="sref">group /a>)e	153 /a>{.	154 /a>        struct  a href="+code=tomoyo_number_group" class="sref">tomoyo_number_group /a> * a href="+code=member" class="sref">member /a>;e	155 /a>         a href="+code=bool" class="sref">bool /a>	 a href="+code=matched" class="sref">matched /a>	=  a href="+code=false" class="sref">false /a>;e	156 /a>         a href="+code=list_for_each_entry_rcu" class="sref">list_for_each_entry_rcu /a>( a href="+code=member" class="sref">member /a>, & a href="+code=group" class="sref">group /a>-> a href="+code=member_list" class="sref">member_list /a>,  a href="+code=head" class="sref">head /a>. a href="+code=list" class="sref">list /a>) {.	157 /a>                if ( a href="+code=member" class="sref">member /a>-> a href="+code=head" class="sref">head /a>. a href="+code=is_deleted" class="sref">is_deleted /a>)e	158 /a>                        continue;e	159 /a>                if ( a href="+code=min" class="sref">min /a> >  a href="+code=member" class="sref">member /a>-> a href="+code=number" class="sref">number /a>. a href="+code=.12les" class="sref">.12les /a>[1] ||e	160 /a>                     a href="+code=max" class="sref">max /a> <  a href="+code=member" class="sref">member /a>-> a href="+code=number" class="sref">number /a>. a href="+code=.12les" class="sref">.12les /a>[0])e	161 /a>                        continue;e	162 /a>                 a href="+code=matched" class="sref">matched /a>	=  a href="+code=true" class="sref">true /a>;e	163 /a>                break;e	164 /a>        }e	165 /a>        return  a href="+code=matched" class="sref">matched /a>;e	166 /a>}e	167 /a>e	168 /a> spa1 class="comment">/** /spa14.	169 /a> spa1 class="comment"> * tomoyo_address_matches_group - Check whether the given address matches members of the given address group. /spa14.	17  spa1 class="comment"> * /spa14.	171 /a> spa1 class="comment"> * @is_ipv6: True if @address is a1 IPv6 address. /spa14.	172 /a> spa1 class="comment"> * @address: A1 IPv4 or IPv6 address. /spa14.	173 /a> spa1 class="comment"> * @group:   Pointer to "struct tomoyo_address_group". /spa14.	174 /a> spa1 class="comment"> * /spa14.	175 /a> spa1 class="comment"> * Returns true if @address matches addresses in @group group, false otherwise. /spa14.	176 /a> spa1 class="comment"> * /spa14.	177 /a> spa1 class="comment"> * Caller holds tomoyo_read_lock(). /spa14.	178 /a> spa1 class="comment"> */ /spa14.	179 /a> a href="+code=bool" class="sref">bool /a>	 a href="+code=tomoyo_address_matches_group" class="sref">tomoyo_address_matches_group /a>(const  a href="+code=bool" class="sref">bool /a>	 a href="+code=is_ipv6" class="sref">is_ipv6 /a>, const  a href="+code=__be32" class="sref">__be32 /a> * a href="+code=address" class="sref">address /a>,.	180 /a>                                  const struct  a href="+code=tomoyo_group" class="sref">tomoyo_group /a>	* a href="+code=group" class="sref">group /a>)e	181 /a>{.	182 /a>        struct  a href="+code=tomoyo_address_group" class="sref">tomoyo_address_group /a>	* a href="+code=member" class="sref">member /a>;e	183 /a>         a href="+code=bool" class="sref">bool /a>	 a href="+code=matched" class="sref">matched /a>	=  a href="+code=false" class="sref">false /a>;e	184 /a>        const  a href="+code=u8" class="sref">u8 /a>	 a href="+code=size" class="sref">size /a>	=  a href="+code=is_ipv6" class="sref">is_ipv6 /a> ?	16 : 4;e	185 /a>e	186 /a>         a href="+code=list_for_each_entry_rcu" class="sref">list_for_each_entry_rcu /a>( a href="+code=member" class="sref">member /a>, & a href="+code=group" class="sref">group /a>-> a href="+code=member_list" class="sref">member_list /a>,  a href="+code=head" class="sref">head /a>. a href="+code=list" class="sref">list /a>) {.	187 /a>                if ( a href="+code=member" class="sref">member /a>-> a href="+code=head" class="sref">head /a>. a href="+code=is_deleted" class="sref">is_deleted /a>)e	188 /a>                        continue;e	189 /a>                if ( a href="+code=member" class="sref">member /a>-> a href="+code=address" class="sref">address /a>. a href="+code=is_ipv6" class="sref">is_ipv6 /a> !=  a href="+code=is_ipv6" class="sref">is_ipv6 /a>)e	190 /a>                        continue;e	191 /a>                if ( a href="+code=memcmp" class="sref">memcmp /a>(& a href="+code=member" class="sref">member /a>-> a href="+code=address" class="sref">address /a>. a href="+code=ip" class="sref">ip /a>[0],  a href="+code=address" class="sref">address /a>,  a href="+code=size" class="sref">size /a>) > 0 ||e	192 /a>                     a href="+code=memcmp" class="sref">memcmp /a>( a href="+code=address" class="sref">address /a>, & a href="+code=member" class="sref">member /a>-> a href="+code=address" class="sref">address /a>. a href="+code=ip" class="sref">ip /a>[1],  a href="+code=size" class="sref">size /a>) > 0)e	193 /a>                        continue;e	194 /a>                 a href="+code=matched" class="sref">matched /a>	=  a href="+code=true" class="sref">true /a>;e	195 /a>                break;e	196 /a>        }e	197 /a>        return  a href="+code=matched" class="sref">matched /a>;e	198 /a>}e	199 /a>
lxr.linux.no kindly hosted by Redpill Linpro AS /a>, provider of Linux consulting and operations services since 1995.