aboutsummaryrefslogtreecommitdiff
path: root/security/tomoyo/common.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r--security/tomoyo/common.h64
1 files changed, 21 insertions, 43 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 12b0c5c46c8..1277724edae 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -50,8 +50,7 @@ enum tomoyo_policy_id {
TOMOYO_ID_GROUP,
TOMOYO_ID_PATH_GROUP,
TOMOYO_ID_NUMBER_GROUP,
- TOMOYO_ID_DOMAIN_INITIALIZER,
- TOMOYO_ID_DOMAIN_KEEPER,
+ TOMOYO_ID_TRANSITION_CONTROL,
TOMOYO_ID_AGGREGATOR,
TOMOYO_ID_GLOBALLY_READABLE,
TOMOYO_ID_PATTERN,
@@ -97,6 +96,15 @@ enum tomoyo_group_id {
#define TOMOYO_VALUE_TYPE_OCTAL 2
#define TOMOYO_VALUE_TYPE_HEXADECIMAL 3
+enum tomoyo_transition_type {
+ /* Do not change this order, */
+ TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE,
+ TOMOYO_TRANSITION_CONTROL_INITIALIZE,
+ TOMOYO_TRANSITION_CONTROL_NO_KEEP,
+ TOMOYO_TRANSITION_CONTROL_KEEP,
+ TOMOYO_MAX_TRANSITION_TYPE
+};
+
/* Index numbers for Access Controls. */
enum tomoyo_acl_entry_type_index {
TOMOYO_TYPE_PATH_ACL,
@@ -619,50 +627,26 @@ struct tomoyo_no_rewrite_entry {
};
/*
- * tomoyo_domain_initializer_entry is a structure which is used for holding
- * "initialize_domain" and "no_initialize_domain" entries.
+ * tomoyo_transition_control is a structure which is used for holding
+ * "initialize_domain"/"no_initialize_domain"/"keep_domain"/"no_keep_domain"
+ * entries.
* It has following fields.
*
* (1) "head" is "struct tomoyo_acl_head".
- * (2) "is_not" is a bool which is true if "no_initialize_domain", false
- * otherwise.
- * (3) "is_last_name" is a bool which is true if "domainname" is "the last
- * component of a domainname", false otherwise.
- * (4) "domainname" which is "a domainname" or "the last component of a
- * domainname". This field is NULL if "from" clause is not specified.
- * (5) "program" which is a program's pathname.
- */
-struct tomoyo_domain_initializer_entry {
- struct tomoyo_acl_head head;
- bool is_not; /* True if this entry is "no_initialize_domain". */
- /* True if the domainname is tomoyo_get_last_name(). */
- bool is_last_name;
- const struct tomoyo_path_info *domainname; /* This may be NULL */
- const struct tomoyo_path_info *program;
-};
-
-/*
- * tomoyo_domain_keeper_entry is a structure which is used for holding
- * "keep_domain" and "no_keep_domain" entries.
- * It has following fields.
- *
- * (1) "head" is "struct tomoyo_acl_head".
- * (2) "is_not" is a bool which is true if "no_initialize_domain", false
- * otherwise.
+ * (2) "type" is type of this entry.
* (3) "is_last_name" is a bool which is true if "domainname" is "the last
* component of a domainname", false otherwise.
* (4) "domainname" which is "a domainname" or "the last component of a
* domainname".
* (5) "program" which is a program's pathname.
- * This field is NULL if "from" clause is not specified.
*/
-struct tomoyo_domain_keeper_entry {
+struct tomoyo_transition_control {
struct tomoyo_acl_head head;
- bool is_not; /* True if this entry is "no_keep_domain". */
+ u8 type; /* One of values in "enum tomoyo_transition_type". */
/* True if the domainname is tomoyo_get_last_name(). */
bool is_last_name;
- const struct tomoyo_path_info *domainname;
- const struct tomoyo_path_info *program; /* This may be NULL */
+ const struct tomoyo_path_info *domainname; /* Maybe NULL */
+ const struct tomoyo_path_info *program; /* Maybe NULL */
};
/*
@@ -793,15 +777,8 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
unsigned long flags, void *data_page);
/* Create "aggregator" entry in exception policy. */
int tomoyo_write_aggregator_policy(char *data, const bool is_delete);
-/*
- * Create "initialize_domain" and "no_initialize_domain" entry
- * in exception policy.
- */
-int tomoyo_write_domain_initializer_policy(char *data, const bool is_not,
- const bool is_delete);
-/* Create "keep_domain" and "no_keep_domain" entry in exception policy. */
-int tomoyo_write_domain_keeper_policy(char *data, const bool is_not,
- const bool is_delete);
+int tomoyo_write_transition_control(char *data, const bool is_delete,
+ const u8 type);
/*
* Create "allow_read/write", "allow_execute", "allow_read", "allow_write",
* "allow_create", "allow_unlink", "allow_mkdir", "allow_rmdir",
@@ -922,6 +899,7 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
void tomoyo_check_acl(struct tomoyo_request_info *r,
bool (*check_entry) (const struct tomoyo_request_info *,
const struct tomoyo_acl_info *));
+const char *tomoyo_last_word(const char *name);
/********** External variable definitions. **********/