TOMOYO: Use common code for policy reading.

[~andy/linux] / security / tomoyo / memory.c

diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c
index 4809febc1acbce5e7e41741bb4a262cd651d272d..95a77599ff98300f0371dc3a821026cd80b338da 100644 (file)
--- a/security/tomoyo/memory.c
+++ b/security/tomoyo/memory.c
@@ -89,6 +89,50 @@ void tomoyo_memory_free(void *ptr)
        kfree(ptr);
 }
 
+/**
+ * tomoyo_get_group - Allocate memory for "struct tomoyo_path_group"/"struct tomoyo_number_group".
+ *
+ * @group_name: The name of address group.
+ * @idx:        Index number.
+ *
+ * Returns pointer to "struct tomoyo_group" on success, NULL otherwise.
+ */
+struct tomoyo_group *tomoyo_get_group(const char *group_name, const u8 idx)
+{
+       struct tomoyo_group e = { };
+       struct tomoyo_group *group = NULL;
+       bool found = false;
+       if (!tomoyo_correct_word(group_name) || idx >= TOMOYO_MAX_GROUP)
+               return NULL;
+       e.group_name = tomoyo_get_name(group_name);
+       if (!e.group_name)
+               return NULL;
+       if (mutex_lock_interruptible(&tomoyo_policy_lock))
+               goto out;
+       list_for_each_entry(group, &tomoyo_group_list[idx], list) {
+               if (e.group_name != group->group_name)
+                       continue;
+               atomic_inc(&group->users);
+               found = true;
+               break;
+       }
+       if (!found) {
+               struct tomoyo_group *entry = tomoyo_commit_ok(&e, sizeof(e));
+               if (entry) {
+                       INIT_LIST_HEAD(&entry->member_list);
+                       atomic_set(&entry->users, 1);
+                       list_add_tail_rcu(&entry->list,
+                                         &tomoyo_group_list[idx]);
+                       group = entry;
+                       found = true;
+               }
+       }
+       mutex_unlock(&tomoyo_policy_lock);
+ out:
+       tomoyo_put_name(e.group_name);
+       return found ? group : NULL;
+}
+
 /*
  * tomoyo_name_list is used for holding string data used by TOMOYO.
  * Since same string data is likely used for multiple times (e.g.
@@ -153,6 +197,10 @@ void __init tomoyo_mm_init(void)
 {
        int idx;
 
+       for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++)
+               INIT_LIST_HEAD(&tomoyo_policy_list[idx]);
+       for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++)
+               INIT_LIST_HEAD(&tomoyo_group_list[idx]);
        for (idx = 0; idx < TOMOYO_MAX_HASH; idx++)
                INIT_LIST_HEAD(&tomoyo_name_list[idx]);
        INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list);
@@ -163,10 +211,10 @@ void __init tomoyo_mm_init(void)
                panic("Can't register tomoyo_kernel_domain");
        {
                /* Load built-in policy. */
-               tomoyo_write_domain_initializer_policy("/sbin/hotplug",
-                                                      false, false);
-               tomoyo_write_domain_initializer_policy("/sbin/modprobe",
-                                                      false, false);
+               tomoyo_write_transition_control("/sbin/hotplug", false,
+                                       TOMOYO_TRANSITION_CONTROL_INITIALIZE);
+               tomoyo_write_transition_control("/sbin/modprobe", false,
+                                       TOMOYO_TRANSITION_CONTROL_INITIALIZE);
        }
        tomoyo_read_unlock(idx);
 }
@@ -184,7 +232,7 @@ unsigned int tomoyo_quota_for_query;
  *
  * Returns memory usage.
  */
-int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head)
+void tomoyo_read_memory_counter(struct tomoyo_io_buffer *head)
 {
        if (!head->read_eof) {
                const unsigned int policy
@@ -212,7 +260,6 @@ int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head)
                tomoyo_io_printf(head, "Total:        %10u\n", policy + query);
                head->read_eof = true;
        }
-       return 0;
 }
 
 /**