2
* security/tomoyo/group.c
4
* Copyright (C) 2005-2010 NTT DATA CORPORATION
7
#include <linux/slab.h>
10
static bool tomoyo_same_path_group(const struct tomoyo_acl_head *a,
11
const struct tomoyo_acl_head *b)
13
return container_of(a, struct tomoyo_path_group, head)->member_name ==
14
container_of(b, struct tomoyo_path_group, head)->member_name;
17
static bool tomoyo_same_number_group(const struct tomoyo_acl_head *a,
18
const struct tomoyo_acl_head *b)
20
return !memcmp(&container_of(a, struct tomoyo_number_group, head)
22
&container_of(b, struct tomoyo_number_group, head)
24
sizeof(container_of(a, struct tomoyo_number_group, head)
29
* tomoyo_write_group - Write "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
31
* @data: String to parse.
32
* @is_delete: True if it is a delete request.
33
* @type: Type of this group.
35
* Returns 0 on success, negative value otherwise.
37
int tomoyo_write_group(char *data, const bool is_delete, const u8 type)
39
struct tomoyo_group *group;
40
struct list_head *member;
43
if (!tomoyo_tokenize(data, w, sizeof(w)) || !w[1][0])
45
group = tomoyo_get_group(w[0], type);
48
member = &group->member_list;
49
if (type == TOMOYO_PATH_GROUP) {
50
struct tomoyo_path_group e = { };
51
e.member_name = tomoyo_get_name(w[1]);
56
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
57
member, tomoyo_same_path_group);
58
tomoyo_put_name(e.member_name);
59
} else if (type == TOMOYO_NUMBER_GROUP) {
60
struct tomoyo_number_group e = { };
62
|| !tomoyo_parse_number_union(w[1], &e.number)
63
|| e.number.values[0] > e.number.values[1])
65
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
66
member, tomoyo_same_number_group);
68
* tomoyo_put_number_union() is not needed because
73
tomoyo_put_group(group);
78
* tomoyo_path_matches_group - Check whether the given pathname matches members of the given pathname group.
80
* @pathname: The name of pathname.
81
* @group: Pointer to "struct tomoyo_path_group".
83
* Returns matched member's pathname if @pathname matches pathnames in @group,
86
* Caller holds tomoyo_read_lock().
88
const struct tomoyo_path_info *
89
tomoyo_path_matches_group(const struct tomoyo_path_info *pathname,
90
const struct tomoyo_group *group)
92
struct tomoyo_path_group *member;
93
list_for_each_entry_rcu(member, &group->member_list, head.list) {
94
if (member->head.is_deleted)
96
if (!tomoyo_path_matches_pattern(pathname, member->member_name))
98
return member->member_name;
104
* tomoyo_number_matches_group - Check whether the given number matches members of the given number group.
108
* @group: Pointer to "struct tomoyo_number_group".
110
* Returns true if @min and @max partially overlaps @group, false otherwise.
112
* Caller holds tomoyo_read_lock().
114
bool tomoyo_number_matches_group(const unsigned long min,
115
const unsigned long max,
116
const struct tomoyo_group *group)
118
struct tomoyo_number_group *member;
119
bool matched = false;
120
list_for_each_entry_rcu(member, &group->member_list, head.list) {
121
if (member->head.is_deleted)
123
if (min > member->number.values[1] ||
124
max < member->number.values[0])