1
2
3
4
5
6
7
8
9#ifndef _SECURITY_TOMOYO_COMMON_H
10#define _SECURITY_TOMOYO_COMMON_H
11
12#include <linux/ctype.h>
13#include <linux/string.h>
14#include <linux/mm.h>
15#include <linux/file.h>
16#include <linux/kmod.h>
17#include <linux/fs.h>
18#include <linux/sched.h>
19#include <linux/namei.h>
20#include <linux/mount.h>
21#include <linux/list.h>
22#include <linux/cred.h>
23#include <linux/poll.h>
24struct linux_binprm;
25
26
27
28
29
30
31
32
33#define TOMOYO_HASH_BITS 8
34#define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS)
35
36#define TOMOYO_EXEC_TMPSIZE 4096
37
38
39#define TOMOYO_MAX_PROFILES 256
40
41enum tomoyo_mode_index {
42 TOMOYO_CONFIG_DISABLED,
43 TOMOYO_CONFIG_LEARNING,
44 TOMOYO_CONFIG_PERMISSIVE,
45 TOMOYO_CONFIG_ENFORCING,
46 TOMOYO_CONFIG_USE_DEFAULT = 255
47};
48
49enum tomoyo_policy_id {
50 TOMOYO_ID_GROUP,
51 TOMOYO_ID_PATH_GROUP,
52 TOMOYO_ID_NUMBER_GROUP,
53 TOMOYO_ID_TRANSITION_CONTROL,
54 TOMOYO_ID_AGGREGATOR,
55 TOMOYO_ID_GLOBALLY_READABLE,
56 TOMOYO_ID_PATTERN,
57 TOMOYO_ID_NO_REWRITE,
58 TOMOYO_ID_MANAGER,
59 TOMOYO_ID_NAME,
60 TOMOYO_ID_ACL,
61 TOMOYO_ID_DOMAIN,
62 TOMOYO_MAX_POLICY
63};
64
65enum tomoyo_group_id {
66 TOMOYO_PATH_GROUP,
67 TOMOYO_NUMBER_GROUP,
68 TOMOYO_MAX_GROUP
69};
70
71
72#define TOMOYO_KEYWORD_AGGREGATOR "aggregator "
73#define TOMOYO_KEYWORD_ALLOW_MOUNT "allow_mount "
74#define TOMOYO_KEYWORD_ALLOW_READ "allow_read "
75#define TOMOYO_KEYWORD_DELETE "delete "
76#define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite "
77#define TOMOYO_KEYWORD_FILE_PATTERN "file_pattern "
78#define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain "
79#define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain "
80#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain "
81#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain "
82#define TOMOYO_KEYWORD_PATH_GROUP "path_group "
83#define TOMOYO_KEYWORD_NUMBER_GROUP "number_group "
84#define TOMOYO_KEYWORD_SELECT "select "
85#define TOMOYO_KEYWORD_USE_PROFILE "use_profile "
86#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read"
87#define TOMOYO_KEYWORD_QUOTA_EXCEEDED "quota_exceeded"
88#define TOMOYO_KEYWORD_TRANSITION_FAILED "transition_failed"
89
90#define TOMOYO_ROOT_NAME "<kernel>"
91#define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1)
92
93
94#define TOMOYO_VALUE_TYPE_INVALID 0
95#define TOMOYO_VALUE_TYPE_DECIMAL 1
96#define TOMOYO_VALUE_TYPE_OCTAL 2
97#define TOMOYO_VALUE_TYPE_HEXADECIMAL 3
98
99enum tomoyo_transition_type {
100
101 TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE,
102 TOMOYO_TRANSITION_CONTROL_INITIALIZE,
103 TOMOYO_TRANSITION_CONTROL_NO_KEEP,
104 TOMOYO_TRANSITION_CONTROL_KEEP,
105 TOMOYO_MAX_TRANSITION_TYPE
106};
107
108
109enum tomoyo_acl_entry_type_index {
110 TOMOYO_TYPE_PATH_ACL,
111 TOMOYO_TYPE_PATH2_ACL,
112 TOMOYO_TYPE_PATH_NUMBER_ACL,
113 TOMOYO_TYPE_MKDEV_ACL,
114 TOMOYO_TYPE_MOUNT_ACL,
115};
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130enum tomoyo_path_acl_index {
131 TOMOYO_TYPE_READ_WRITE,
132 TOMOYO_TYPE_EXECUTE,
133 TOMOYO_TYPE_READ,
134 TOMOYO_TYPE_WRITE,
135 TOMOYO_TYPE_UNLINK,
136 TOMOYO_TYPE_RMDIR,
137 TOMOYO_TYPE_TRUNCATE,
138 TOMOYO_TYPE_SYMLINK,
139 TOMOYO_TYPE_REWRITE,
140 TOMOYO_TYPE_CHROOT,
141 TOMOYO_TYPE_UMOUNT,
142 TOMOYO_MAX_PATH_OPERATION
143};
144
145#define TOMOYO_RW_MASK ((1 << TOMOYO_TYPE_READ) | (1 << TOMOYO_TYPE_WRITE))
146
147enum tomoyo_mkdev_acl_index {
148 TOMOYO_TYPE_MKBLOCK,
149 TOMOYO_TYPE_MKCHAR,
150 TOMOYO_MAX_MKDEV_OPERATION
151};
152
153enum tomoyo_path2_acl_index {
154 TOMOYO_TYPE_LINK,
155 TOMOYO_TYPE_RENAME,
156 TOMOYO_TYPE_PIVOT_ROOT,
157 TOMOYO_MAX_PATH2_OPERATION
158};
159
160enum tomoyo_path_number_acl_index {
161 TOMOYO_TYPE_CREATE,
162 TOMOYO_TYPE_MKDIR,
163 TOMOYO_TYPE_MKFIFO,
164 TOMOYO_TYPE_MKSOCK,
165 TOMOYO_TYPE_IOCTL,
166 TOMOYO_TYPE_CHMOD,
167 TOMOYO_TYPE_CHOWN,
168 TOMOYO_TYPE_CHGRP,
169 TOMOYO_MAX_PATH_NUMBER_OPERATION
170};
171
172enum tomoyo_securityfs_interface_index {
173 TOMOYO_DOMAINPOLICY,
174 TOMOYO_EXCEPTIONPOLICY,
175 TOMOYO_DOMAIN_STATUS,
176 TOMOYO_PROCESS_STATUS,
177 TOMOYO_MEMINFO,
178 TOMOYO_SELFDOMAIN,
179 TOMOYO_VERSION,
180 TOMOYO_PROFILE,
181 TOMOYO_QUERY,
182 TOMOYO_MANAGER
183};
184
185enum tomoyo_mac_index {
186 TOMOYO_MAC_FILE_EXECUTE,
187 TOMOYO_MAC_FILE_OPEN,
188 TOMOYO_MAC_FILE_CREATE,
189 TOMOYO_MAC_FILE_UNLINK,
190 TOMOYO_MAC_FILE_MKDIR,
191 TOMOYO_MAC_FILE_RMDIR,
192 TOMOYO_MAC_FILE_MKFIFO,
193 TOMOYO_MAC_FILE_MKSOCK,
194 TOMOYO_MAC_FILE_TRUNCATE,
195 TOMOYO_MAC_FILE_SYMLINK,
196 TOMOYO_MAC_FILE_REWRITE,
197 TOMOYO_MAC_FILE_MKBLOCK,
198 TOMOYO_MAC_FILE_MKCHAR,
199 TOMOYO_MAC_FILE_LINK,
200 TOMOYO_MAC_FILE_RENAME,
201 TOMOYO_MAC_FILE_CHMOD,
202 TOMOYO_MAC_FILE_CHOWN,
203 TOMOYO_MAC_FILE_CHGRP,
204 TOMOYO_MAC_FILE_IOCTL,
205 TOMOYO_MAC_FILE_CHROOT,
206 TOMOYO_MAC_FILE_MOUNT,
207 TOMOYO_MAC_FILE_UMOUNT,
208 TOMOYO_MAC_FILE_PIVOT_ROOT,
209 TOMOYO_MAX_MAC_INDEX
210};
211
212enum tomoyo_mac_category_index {
213 TOMOYO_MAC_CATEGORY_FILE,
214 TOMOYO_MAX_MAC_CATEGORY_INDEX
215};
216
217#define TOMOYO_RETRY_REQUEST 1
218
219
220
221
222
223
224
225
226
227
228
229
230struct tomoyo_acl_head {
231 struct list_head list;
232 bool is_deleted;
233} __packed;
234
235
236
237
238
239
240
241
242
243struct tomoyo_request_info {
244 struct tomoyo_domain_info *domain;
245
246 union {
247 struct {
248 const struct tomoyo_path_info *filename;
249
250 const struct tomoyo_path_info *matched_path;
251 u8 operation;
252 } path;
253 struct {
254 const struct tomoyo_path_info *filename1;
255 const struct tomoyo_path_info *filename2;
256 u8 operation;
257 } path2;
258 struct {
259 const struct tomoyo_path_info *filename;
260 unsigned int mode;
261 unsigned int major;
262 unsigned int minor;
263 u8 operation;
264 } mkdev;
265 struct {
266 const struct tomoyo_path_info *filename;
267 unsigned long number;
268 u8 operation;
269 } path_number;
270 struct {
271 const struct tomoyo_path_info *type;
272 const struct tomoyo_path_info *dir;
273 const struct tomoyo_path_info *dev;
274 unsigned long flags;
275 int need_dev;
276 } mount;
277 } param;
278 u8 param_type;
279 bool granted;
280 u8 retry;
281 u8 profile;
282 u8 mode;
283 u8 type;
284};
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306struct tomoyo_path_info {
307 const char *name;
308 u32 hash;
309 u16 const_len;
310 bool is_dir;
311 bool is_patterned;
312};
313
314
315
316
317
318struct tomoyo_name {
319 struct list_head list;
320 atomic_t users;
321 struct tomoyo_path_info entry;
322};
323
324struct tomoyo_name_union {
325 const struct tomoyo_path_info *filename;
326 struct tomoyo_group *group;
327 u8 is_group;
328};
329
330struct tomoyo_number_union {
331 unsigned long values[2];
332 struct tomoyo_group *group;
333 u8 min_type;
334 u8 max_type;
335 u8 is_group;
336};
337
338
339struct tomoyo_group {
340 struct list_head list;
341 const struct tomoyo_path_info *group_name;
342 struct list_head member_list;
343 atomic_t users;
344};
345
346
347struct tomoyo_path_group {
348 struct tomoyo_acl_head head;
349 const struct tomoyo_path_info *member_name;
350};
351
352
353struct tomoyo_number_group {
354 struct tomoyo_acl_head head;
355 struct tomoyo_number_union number;
356};
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372struct tomoyo_acl_info {
373 struct list_head list;
374 bool is_deleted;
375 u8 type;
376} __packed;
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410struct tomoyo_domain_info {
411 struct list_head list;
412 struct list_head acl_info_list;
413
414 const struct tomoyo_path_info *domainname;
415 u8 profile;
416 bool is_deleted;
417 bool quota_warned;
418 bool ignore_global_allow_read;
419 bool transition_failed;
420 atomic_t users;
421};
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437struct tomoyo_path_acl {
438 struct tomoyo_acl_info head;
439 u16 perm;
440 struct tomoyo_name_union name;
441};
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458struct tomoyo_path_number_acl {
459 struct tomoyo_acl_info head;
460 u8 perm;
461 struct tomoyo_name_union name;
462 struct tomoyo_number_union number;
463};
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479struct tomoyo_mkdev_acl {
480 struct tomoyo_acl_info head;
481 u8 perm;
482 struct tomoyo_name_union name;
483 struct tomoyo_number_union mode;
484 struct tomoyo_number_union major;
485 struct tomoyo_number_union minor;
486};
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501struct tomoyo_path2_acl {
502 struct tomoyo_acl_info head;
503 u8 perm;
504 struct tomoyo_name_union name1;
505 struct tomoyo_name_union name2;
506};
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521struct tomoyo_mount_acl {
522 struct tomoyo_acl_info head;
523 struct tomoyo_name_union dev_name;
524 struct tomoyo_name_union dir_name;
525 struct tomoyo_name_union fs_type;
526 struct tomoyo_number_union flags;
527};
528
529#define TOMOYO_MAX_IO_READ_QUEUE 32
530
531
532
533
534
535struct tomoyo_io_buffer {
536 void (*read) (struct tomoyo_io_buffer *);
537 int (*write) (struct tomoyo_io_buffer *);
538 int (*poll) (struct file *file, poll_table *wait);
539
540 struct mutex io_sem;
541
542 int reader_idx;
543 char __user *read_user_buf;
544 int read_user_buf_avail;
545 struct {
546 struct list_head *domain;
547 struct list_head *group;
548 struct list_head *acl;
549 int avail;
550 int step;
551 int query_index;
552 u16 index;
553 u8 bit;
554 u8 w_pos;
555 bool eof;
556 bool print_this_domain_only;
557 bool print_execute_only;
558 const char *w[TOMOYO_MAX_IO_READ_QUEUE];
559 } r;
560
561 struct tomoyo_domain_info *write_var1;
562
563 char *read_buf;
564
565 int readbuf_size;
566
567 char *write_buf;
568
569 int write_avail;
570
571 int writebuf_size;
572
573 u8 type;
574};
575
576
577
578
579
580
581
582
583
584struct tomoyo_readable_file {
585 struct tomoyo_acl_head head;
586 const struct tomoyo_path_info *filename;
587};
588
589
590
591
592
593
594
595
596
597
598struct tomoyo_no_pattern {
599 struct tomoyo_acl_head head;
600 const struct tomoyo_path_info *pattern;
601};
602
603
604
605
606
607
608
609
610
611
612struct tomoyo_no_rewrite {
613 struct tomoyo_acl_head head;
614 const struct tomoyo_path_info *pattern;
615};
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631struct tomoyo_transition_control {
632 struct tomoyo_acl_head head;
633 u8 type;
634
635 bool is_last_name;
636 const struct tomoyo_path_info *domainname;
637 const struct tomoyo_path_info *program;
638};
639
640
641
642
643
644
645
646
647
648
649struct tomoyo_aggregator {
650 struct tomoyo_acl_head head;
651 const struct tomoyo_path_info *original_name;
652 const struct tomoyo_path_info *aggregated_name;
653};
654
655
656
657
658
659
660
661
662
663
664
665
666struct tomoyo_manager {
667 struct tomoyo_acl_head head;
668 bool is_domain;
669
670 const struct tomoyo_path_info *manager;
671};
672
673struct tomoyo_preference {
674 unsigned int learning_max_entry;
675 bool enforcing_verbose;
676 bool learning_verbose;
677 bool permissive_verbose;
678};
679
680struct tomoyo_profile {
681 const struct tomoyo_path_info *comment;
682 struct tomoyo_preference *learning;
683 struct tomoyo_preference *permissive;
684 struct tomoyo_preference *enforcing;
685 struct tomoyo_preference preference;
686 u8 default_config;
687 u8 config[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX];
688};
689
690
691
692
693bool tomoyo_str_starts(char **src, const char *find);
694
695const char *tomoyo_get_exe(void);
696
697void tomoyo_normalize_line(unsigned char *buffer);
698
699void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...)
700 __attribute__ ((format(printf, 2, 3)));
701
702void tomoyo_check_profile(void);
703
704int tomoyo_open_control(const u8 type, struct file *file);
705
706int tomoyo_close_control(struct file *file);
707
708int tomoyo_poll_control(struct file *file, poll_table *wait);
709
710int tomoyo_read_control(struct file *file, char __user *buffer,
711 const int buffer_len);
712
713int tomoyo_write_control(struct file *file, const char __user *buffer,
714 const int buffer_len);
715
716bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
717
718void tomoyo_warn_oom(const char *function);
719
720const struct tomoyo_path_info *
721tomoyo_compare_name_union(const struct tomoyo_path_info *name,
722 const struct tomoyo_name_union *ptr);
723
724bool tomoyo_compare_number_union(const unsigned long value,
725 const struct tomoyo_number_union *ptr);
726int tomoyo_get_mode(const u8 profile, const u8 index);
727void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
728 __attribute__ ((format(printf, 2, 3)));
729
730bool tomoyo_correct_domain(const unsigned char *domainname);
731
732bool tomoyo_correct_path(const char *filename);
733bool tomoyo_correct_word(const char *string);
734
735bool tomoyo_domain_def(const unsigned char *buffer);
736bool tomoyo_parse_name_union(const char *filename,
737 struct tomoyo_name_union *ptr);
738
739const struct tomoyo_path_info *
740tomoyo_path_matches_group(const struct tomoyo_path_info *pathname,
741 const struct tomoyo_group *group);
742
743bool tomoyo_number_matches_group(const unsigned long min,
744 const unsigned long max,
745 const struct tomoyo_group *group);
746
747bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
748 const struct tomoyo_path_info *pattern);
749
750bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num);
751
752bool tomoyo_tokenize(char *buffer, char *w[], size_t size);
753
754bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain);
755
756int tomoyo_init_request_info(struct tomoyo_request_info *r,
757 struct tomoyo_domain_info *domain,
758 const u8 index);
759
760int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
761 unsigned long flags, void *data_page);
762
763int tomoyo_write_aggregator(char *data, const bool is_delete);
764int tomoyo_write_transition_control(char *data, const bool is_delete,
765 const u8 type);
766
767
768
769
770
771
772
773int tomoyo_write_file(char *data, struct tomoyo_domain_info *domain,
774 const bool is_delete);
775
776int tomoyo_write_globally_readable(char *data, const bool is_delete);
777
778int tomoyo_write_mount(char *data, struct tomoyo_domain_info *domain,
779 const bool is_delete);
780
781int tomoyo_write_no_rewrite(char *data, const bool is_delete);
782
783int tomoyo_write_pattern(char *data, const bool is_delete);
784
785int tomoyo_write_group(char *data, const bool is_delete, const u8 type);
786int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
787 __attribute__ ((format(printf, 2, 3)));
788
789struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
790
791struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
792 const u8 profile);
793struct tomoyo_profile *tomoyo_profile(const u8 profile);
794
795
796
797struct tomoyo_group *tomoyo_get_group(const char *group_name, const u8 type);
798
799
800unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
801 const u8 index);
802
803void tomoyo_fill_path_info(struct tomoyo_path_info *ptr);
804
805void tomoyo_load_policy(const char *filename);
806
807void tomoyo_put_number_union(struct tomoyo_number_union *ptr);
808
809
810char *tomoyo_encode(const char *str);
811
812
813
814
815
816char *tomoyo_realpath_nofollow(const char *pathname);
817
818
819
820
821char *tomoyo_realpath_from_path(struct path *path);
822
823const char *tomoyo_pattern(const struct tomoyo_path_info *filename);
824
825
826bool tomoyo_memory_ok(void *ptr);
827void *tomoyo_commit_ok(void *data, const unsigned int size);
828
829
830
831
832
833const struct tomoyo_path_info *tomoyo_get_name(const char *name);
834
835
836void tomoyo_read_memory_counter(struct tomoyo_io_buffer *head);
837
838
839int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head);
840
841
842void __init tomoyo_mm_init(void);
843int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
844 const struct tomoyo_path_info *filename);
845int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
846 struct path *path, const int flag);
847int tomoyo_path_number_perm(const u8 operation, struct path *path,
848 unsigned long number);
849int tomoyo_mkdev_perm(const u8 operation, struct path *path,
850 const unsigned int mode, unsigned int dev);
851int tomoyo_path_perm(const u8 operation, struct path *path);
852int tomoyo_path2_perm(const u8 operation, struct path *path1,
853 struct path *path2);
854int tomoyo_find_next_domain(struct linux_binprm *bprm);
855
856void tomoyo_print_ulong(char *buffer, const int buffer_len,
857 const unsigned long value, const u8 type);
858
859
860void tomoyo_put_name_union(struct tomoyo_name_union *ptr);
861
862
863void tomoyo_run_gc(void);
864
865void tomoyo_memory_free(void *ptr);
866
867int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
868 bool is_delete, struct tomoyo_domain_info *domain,
869 bool (*check_duplicate) (const struct tomoyo_acl_info
870 *,
871 const struct tomoyo_acl_info
872 *),
873 bool (*merge_duplicate) (struct tomoyo_acl_info *,
874 struct tomoyo_acl_info *,
875 const bool));
876int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
877 bool is_delete, struct list_head *list,
878 bool (*check_duplicate) (const struct tomoyo_acl_head
879 *,
880 const struct tomoyo_acl_head
881 *));
882void tomoyo_check_acl(struct tomoyo_request_info *r,
883 bool (*check_entry) (struct tomoyo_request_info *,
884 const struct tomoyo_acl_info *));
885
886
887
888
889extern struct srcu_struct tomoyo_ss;
890
891
892extern struct list_head tomoyo_domain_list;
893
894extern struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
895extern struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
896extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
897
898
899extern struct mutex tomoyo_policy_lock;
900
901
902extern bool tomoyo_policy_loaded;
903
904
905extern struct tomoyo_domain_info tomoyo_kernel_domain;
906
907extern const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION];
908extern const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION];
909extern const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION];
910extern const char *tomoyo_path_number_keyword[TOMOYO_MAX_PATH_NUMBER_OPERATION];
911
912extern unsigned int tomoyo_quota_for_query;
913extern unsigned int tomoyo_query_memory_size;
914
915
916
917static inline int tomoyo_read_lock(void)
918{
919 return srcu_read_lock(&tomoyo_ss);
920}
921
922static inline void tomoyo_read_unlock(int idx)
923{
924 srcu_read_unlock(&tomoyo_ss, idx);
925}
926
927
928static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a,
929 const struct tomoyo_path_info *b)
930{
931 return a->hash != b->hash || strcmp(a->name, b->name);
932}
933
934
935
936
937
938
939
940
941static inline bool tomoyo_valid(const unsigned char c)
942{
943 return c > ' ' && c < 127;
944}
945
946
947
948
949
950
951
952
953static inline bool tomoyo_invalid(const unsigned char c)
954{
955 return c && (c <= ' ' || c >= 127);
956}
957
958static inline void tomoyo_put_name(const struct tomoyo_path_info *name)
959{
960 if (name) {
961 struct tomoyo_name *ptr =
962 container_of(name, typeof(*ptr), entry);
963 atomic_dec(&ptr->users);
964 }
965}
966
967static inline void tomoyo_put_group(struct tomoyo_group *group)
968{
969 if (group)
970 atomic_dec(&group->users);
971}
972
973static inline struct tomoyo_domain_info *tomoyo_domain(void)
974{
975 return current_cred()->security;
976}
977
978static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
979 *task)
980{
981 return task_cred_xxx(task, security);
982}
983
984static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *p1,
985 const struct tomoyo_acl_info *p2)
986{
987 return p1->type == p2->type;
988}
989
990static inline bool tomoyo_same_name_union
991(const struct tomoyo_name_union *p1, const struct tomoyo_name_union *p2)
992{
993 return p1->filename == p2->filename && p1->group == p2->group &&
994 p1->is_group == p2->is_group;
995}
996
997static inline bool tomoyo_same_number_union
998(const struct tomoyo_number_union *p1, const struct tomoyo_number_union *p2)
999{
1000 return p1->values[0] == p2->values[0] && p1->values[1] == p2->values[1]
1001 && p1->group == p2->group && p1->min_type == p2->min_type &&
1002 p1->max_type == p2->max_type && p1->is_group == p2->is_group;
1003}
1004
1005
1006
1007
1008
1009
1010#define list_for_each_cookie(pos, head) \
1011 if (!pos) \
1012 pos = srcu_dereference((head)->next, &tomoyo_ss); \
1013 for ( ; pos != (head); pos = srcu_dereference(pos->next, &tomoyo_ss))
1014
1015#endif
1016