xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TOMOYO: Add mount restriction.

Browse Source 
mount(2) has three string and one numeric parameters.
Split mount restriction code from security/tomoyo/file.c .

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Tetsuo Handa
2010-05-17 10:10:31 +09:00
committed by James Morris
parent a1f9bb6a37
commit 2106ccd972
7 changed files with 469 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
security/tomoyo/file.c
View File

@@ -24,7 +24,6 @@ static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
[TOMOYO_TYPE_SYMLINK] = "symlink",
[TOMOYO_TYPE_REWRITE] = "rewrite",
[TOMOYO_TYPE_CHROOT] = "chroot",
[TOMOYO_TYPE_MOUNT] = "mount",
[TOMOYO_TYPE_UMOUNT] = "unmount",
};
@@ -108,8 +107,8 @@ bool tomoyo_compare_number_union(const unsigned long value,
*
* Returns mode.
*/
static int tomoyo_init_request_info(struct tomoyo_request_info *r,
struct tomoyo_domain_info *domain)
int tomoyo_init_request_info(struct tomoyo_request_info *r,
struct tomoyo_domain_info *domain)
{
memset(r, 0, sizeof(*r));
if (!domain)
@@ -487,7 +486,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
*
* Caller holds tomoyo_read_lock().
*/
static const struct tomoyo_path_info *
const struct tomoyo_path_info *
tomoyo_get_file_pattern(const struct tomoyo_path_info *filename)
{
struct tomoyo_pattern_entry *ptr;
@@ -1418,7 +1417,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
}
/**
* tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "rewrite", "chroot", "mount" and "unmount".
* tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "rewrite", "chroot" and "unmount".
*
* @operation: Type of operation.
* @path: Pointer to "struct path".