From 32997144fd9925fc4d506a16990a0c405f766526 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Sun, 26 Jun 2011 23:19:28 +0900 Subject: TOMOYO: Add ACL group support. ACL group allows administrator to globally grant not only "file read" permission but also other permissions. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris --- security/tomoyo/gc.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'security/tomoyo/gc.c') diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index de14030823c..412ee8309c2 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -265,10 +265,17 @@ static bool tomoyo_collect_member(const enum tomoyo_policy_id id, return true; } -static bool tomoyo_collect_acl(struct tomoyo_domain_info *domain) +/** + * tomoyo_collect_acl - Delete elements in "struct tomoyo_domain_info". + * + * @list: Pointer to "struct list_head". + * + * Returns true if some elements are deleted, false otherwise. + */ +static bool tomoyo_collect_acl(struct list_head *list) { struct tomoyo_acl_info *acl; - list_for_each_entry(acl, &domain->acl_info_list, list) { + list_for_each_entry(acl, list, list) { if (!acl->is_deleted) continue; if (!tomoyo_add_to_gc(TOMOYO_ID_ACL, &acl->list)) @@ -291,10 +298,13 @@ static void tomoyo_collect_entry(void) if (!tomoyo_collect_member(i, &tomoyo_policy_list[i])) goto unlock; } + for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) + if (!tomoyo_collect_acl(&tomoyo_acl_group[i])) + goto unlock; { struct tomoyo_domain_info *domain; list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { - if (!tomoyo_collect_acl(domain)) + if (!tomoyo_collect_acl(&domain->acl_info_list)) goto unlock; if (!domain->is_deleted || atomic_read(&domain->users)) continue; -- cgit v1.2.3-18-g5258