diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-06-15 09:23:26 +0900 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-08-02 15:34:29 +1000 |
commit | 36f5e1ffbf2bb951105ae4e261bcc1de3eaf510c (patch) | |
tree | 80e01278296477b4d30288081267d35ff771d720 /security | |
parent | 82e0f001a4c1112dcff9cafa9812a33889ad9b8a (diff) | |
download | lwn-36f5e1ffbf2bb951105ae4e261bcc1de3eaf510c.tar.gz lwn-36f5e1ffbf2bb951105ae4e261bcc1de3eaf510c.zip |
TOMOYO: Use callback for updating entries.
Use common code for elements using "struct list_head" + "bool" structure.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/tomoyo/common.c | 35 | ||||
-rw-r--r-- | security/tomoyo/common.h | 39 | ||||
-rw-r--r-- | security/tomoyo/domain.c | 184 | ||||
-rw-r--r-- | security/tomoyo/file.c | 107 | ||||
-rw-r--r-- | security/tomoyo/number_group.c | 45 | ||||
-rw-r--r-- | security/tomoyo/path_group.c | 32 |
6 files changed, 190 insertions, 252 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 7bfad45fcd61..4ee47af0917d 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -469,6 +469,15 @@ static int tomoyo_read_profile(struct tomoyo_io_buffer *head) */ LIST_HEAD(tomoyo_policy_manager_list); +static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a, + const struct tomoyo_acl_head *b) +{ + return container_of(a, struct tomoyo_policy_manager_entry, head) + ->manager == + container_of(b, struct tomoyo_policy_manager_entry, head) + ->manager; +} + /** * tomoyo_update_manager_entry - Add a manager entry. * @@ -482,9 +491,8 @@ LIST_HEAD(tomoyo_policy_manager_list); static int tomoyo_update_manager_entry(const char *manager, const bool is_delete) { - struct tomoyo_policy_manager_entry *ptr; struct tomoyo_policy_manager_entry e = { }; - int error = is_delete ? -ENOENT : -ENOMEM; + int error; if (tomoyo_is_domain_def(manager)) { if (!tomoyo_is_correct_domain(manager)) @@ -497,26 +505,9 @@ static int tomoyo_update_manager_entry(const char *manager, e.manager = tomoyo_get_name(manager); if (!e.manager) return -ENOMEM; - if (mutex_lock_interruptible(&tomoyo_policy_lock)) - goto out; - list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) { - if (ptr->manager != e.manager) - continue; - ptr->head.is_deleted = is_delete; - error = 0; - break; - } - if (!is_delete && error) { - struct tomoyo_policy_manager_entry *entry = - tomoyo_commit_ok(&e, sizeof(e)); - if (entry) { - list_add_tail_rcu(&entry->head.list, - &tomoyo_policy_manager_list); - error = 0; - } - } - mutex_unlock(&tomoyo_policy_lock); - out: + error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, + &tomoyo_policy_manager_list, + tomoyo_same_manager_entry); tomoyo_put_name(e.manager); return error; } diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 0ab6e86f90aa..c8ab7553c48c 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -913,6 +913,12 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, bool (*merge_duplicate) (struct tomoyo_acl_info *, struct tomoyo_acl_info *, const bool)); +int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, + bool is_delete, struct list_head *list, + bool (*check_duplicate) (const struct tomoyo_acl_head + *, + const struct tomoyo_acl_head + *)); /********** External variable definitions. **********/ @@ -1042,39 +1048,6 @@ static inline bool tomoyo_is_same_number_union p1->max_type == p2->max_type && p1->is_group == p2->is_group; } -static inline bool tomoyo_is_same_domain_initializer_entry -(const struct tomoyo_domain_initializer_entry *p1, - const struct tomoyo_domain_initializer_entry *p2) -{ - return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name - && p1->domainname == p2->domainname - && p1->program == p2->program; -} - -static inline bool tomoyo_is_same_domain_keeper_entry -(const struct tomoyo_domain_keeper_entry *p1, - const struct tomoyo_domain_keeper_entry *p2) -{ - return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name - && p1->domainname == p2->domainname - && p1->program == p2->program; -} - -static inline bool tomoyo_is_same_aggregator_entry -(const struct tomoyo_aggregator_entry *p1, - const struct tomoyo_aggregator_entry *p2) -{ - return p1->original_name == p2->original_name && - p1->aggregated_name == p2->aggregated_name; -} - -static inline bool tomoyo_is_same_alias_entry -(const struct tomoyo_alias_entry *p1, const struct tomoyo_alias_entry *p2) -{ - return p1->original_name == p2->original_name && - p1->aliased_name == p2->aliased_name; -} - /** * list_for_each_cookie - iterate over a list with cookie. * @pos: the &struct list_head to use as a loop cursor. diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 60297da6adcf..fe621af46c2e 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -16,6 +16,49 @@ struct tomoyo_domain_info tomoyo_kernel_domain; /** + * tomoyo_update_policy - Update an entry for exception policy. + * + * @new_entry: Pointer to "struct tomoyo_acl_info". + * @size: Size of @new_entry in bytes. + * @is_delete: True if it is a delete request. + * @list: Pointer to "struct list_head". + * @check_duplicate: Callback function to find duplicated entry. + * + * Returns 0 on success, negative value otherwise. + * + * Caller holds tomoyo_read_lock(). + */ +int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, + bool is_delete, struct list_head *list, + bool (*check_duplicate) (const struct tomoyo_acl_head + *, + const struct tomoyo_acl_head + *)) +{ + int error = is_delete ? -ENOENT : -ENOMEM; + struct tomoyo_acl_head *entry; + + if (mutex_lock_interruptible(&tomoyo_policy_lock)) + return -ENOMEM; + list_for_each_entry_rcu(entry, list, list) { + if (!check_duplicate(entry, new_entry)) + continue; + entry->is_deleted = is_delete; + error = 0; + break; + } + if (error && !is_delete) { + entry = tomoyo_commit_ok(new_entry, size); + if (entry) { + list_add_tail_rcu(&entry->list, list); + error = 0; + } + } + mutex_unlock(&tomoyo_policy_lock); + return error; +} + +/** * tomoyo_update_domain - Update an entry for domain policy. * * @new_entry: Pointer to "struct tomoyo_acl_info". @@ -161,6 +204,20 @@ const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain) */ LIST_HEAD(tomoyo_domain_initializer_list); +static bool tomoyo_same_domain_initializer_entry(const struct tomoyo_acl_head * + a, + const struct tomoyo_acl_head * + b) +{ + const struct tomoyo_domain_initializer_entry *p1 = + container_of(a, typeof(*p1), head); + const struct tomoyo_domain_initializer_entry *p2 = + container_of(b, typeof(*p2), head); + return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name + && p1->domainname == p2->domainname + && p1->program == p2->program; +} + /** * tomoyo_update_domain_initializer_entry - Update "struct tomoyo_domain_initializer_entry" list. * @@ -178,7 +235,6 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, const bool is_not, const bool is_delete) { - struct tomoyo_domain_initializer_entry *ptr; struct tomoyo_domain_initializer_entry e = { .is_not = is_not }; int error = is_delete ? -ENOENT : -ENOMEM; @@ -197,26 +253,9 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, e.program = tomoyo_get_name(program); if (!e.program) goto out; - if (mutex_lock_interruptible(&tomoyo_policy_lock)) - goto out; - list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, - head.list) { - if (!tomoyo_is_same_domain_initializer_entry(ptr, &e)) - continue; - ptr->head.is_deleted = is_delete; - error = 0; - break; - } - if (!is_delete && error) { - struct tomoyo_domain_initializer_entry *entry = - tomoyo_commit_ok(&e, sizeof(e)); - if (entry) { - list_add_tail_rcu(&entry->head.list, - &tomoyo_domain_initializer_list); - error = 0; - } - } - mutex_unlock(&tomoyo_policy_lock); + error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, + &tomoyo_domain_initializer_list, + tomoyo_same_domain_initializer_entry); out: tomoyo_put_name(e.domainname); tomoyo_put_name(e.program); @@ -373,6 +412,18 @@ static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info * */ LIST_HEAD(tomoyo_domain_keeper_list); +static bool tomoyo_same_domain_keeper_entry(const struct tomoyo_acl_head *a, + const struct tomoyo_acl_head *b) +{ + const struct tomoyo_domain_keeper_entry *p1 = + container_of(a, typeof(*p1), head); + const struct tomoyo_domain_keeper_entry *p2 = + container_of(b, typeof(*p2), head); + return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name + && p1->domainname == p2->domainname + && p1->program == p2->program; +} + /** * tomoyo_update_domain_keeper_entry - Update "struct tomoyo_domain_keeper_entry" list. * @@ -390,7 +441,6 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, const bool is_not, const bool is_delete) { - struct tomoyo_domain_keeper_entry *ptr; struct tomoyo_domain_keeper_entry e = { .is_not = is_not }; int error = is_delete ? -ENOENT : -ENOMEM; @@ -409,25 +459,9 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, e.domainname = tomoyo_get_name(domainname); if (!e.domainname) goto out; - if (mutex_lock_interruptible(&tomoyo_policy_lock)) - goto out; - list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, head.list) { - if (!tomoyo_is_same_domain_keeper_entry(ptr, &e)) - continue; - ptr->head.is_deleted = is_delete; - error = 0; - break; - } - if (!is_delete && error) { - struct tomoyo_domain_keeper_entry *entry = - tomoyo_commit_ok(&e, sizeof(e)); - if (entry) { - list_add_tail_rcu(&entry->head.list, - &tomoyo_domain_keeper_list); - error = 0; - } - } - mutex_unlock(&tomoyo_policy_lock); + error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, + &tomoyo_domain_keeper_list, + tomoyo_same_domain_keeper_entry); out: tomoyo_put_name(e.domainname); tomoyo_put_name(e.program); @@ -565,6 +599,17 @@ static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname, */ LIST_HEAD(tomoyo_aggregator_list); +static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a, + const struct tomoyo_acl_head *b) +{ + const struct tomoyo_aggregator_entry *p1 = container_of(a, typeof(*p1), + head); + const struct tomoyo_aggregator_entry *p2 = container_of(b, typeof(*p2), + head); + return p1->original_name == p2->original_name && + p1->aggregated_name == p2->aggregated_name; +} + /** * tomoyo_update_aggregator_entry - Update "struct tomoyo_aggregator_entry" list. * @@ -580,7 +625,6 @@ static int tomoyo_update_aggregator_entry(const char *original_name, const char *aggregated_name, const bool is_delete) { - struct tomoyo_aggregator_entry *ptr; struct tomoyo_aggregator_entry e = { }; int error = is_delete ? -ENOENT : -ENOMEM; @@ -592,25 +636,9 @@ static int tomoyo_update_aggregator_entry(const char *original_name, if (!e.original_name || !e.aggregated_name || e.aggregated_name->is_patterned) /* No patterns allowed. */ goto out; - if (mutex_lock_interruptible(&tomoyo_policy_lock)) - goto out; - list_for_each_entry_rcu(ptr, &tomoyo_aggregator_list, head.list) { - if (!tomoyo_is_same_aggregator_entry(ptr, &e)) - continue; - ptr->head.is_deleted = is_delete; - error = 0; - break; - } - if (!is_delete && error) { - struct tomoyo_aggregator_entry *entry = - tomoyo_commit_ok(&e, sizeof(e)); - if (entry) { - list_add_tail_rcu(&entry->head.list, - &tomoyo_aggregator_list); - error = 0; - } - } - mutex_unlock(&tomoyo_policy_lock); + error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, + &tomoyo_aggregator_list, + tomoyo_same_aggregator_entry); out: tomoyo_put_name(e.original_name); tomoyo_put_name(e.aggregated_name); @@ -699,6 +727,17 @@ int tomoyo_write_aggregator_policy(char *data, const bool is_delete) */ LIST_HEAD(tomoyo_alias_list); +static bool tomoyo_same_alias_entry(const struct tomoyo_acl_head *a, + const struct tomoyo_acl_head *b) +{ + const struct tomoyo_alias_entry *p1 = container_of(a, typeof(*p1), + head); + const struct tomoyo_alias_entry *p2 = container_of(b, typeof(*p2), + head); + return p1->original_name == p2->original_name && + p1->aliased_name == p2->aliased_name; +} + /** * tomoyo_update_alias_entry - Update "struct tomoyo_alias_entry" list. * @@ -714,7 +753,6 @@ static int tomoyo_update_alias_entry(const char *original_name, const char *aliased_name, const bool is_delete) { - struct tomoyo_alias_entry *ptr; struct tomoyo_alias_entry e = { }; int error = is_delete ? -ENOENT : -ENOMEM; @@ -726,25 +764,9 @@ static int tomoyo_update_alias_entry(const char *original_name, if (!e.original_name || !e.aliased_name || e.original_name->is_patterned || e.aliased_name->is_patterned) goto out; /* No patterns allowed. */ - if (mutex_lock_interruptible(&tomoyo_policy_lock)) - goto out; - list_for_each_entry_rcu(ptr, &tomoyo_alias_list, head.list) { - if (!tomoyo_is_same_alias_entry(ptr, &e)) - continue; - ptr->head.is_deleted = is_delete; - error = 0; - break; - } - if (!is_delete && error) { - struct tomoyo_alias_entry *entry = - tomoyo_commit_ok(&e, sizeof(e)); - if (entry) { - list_add_tail_rcu(&entry->head.list, - &tomoyo_alias_list); - error = 0; - } - } - mutex_unlock(&tomoyo_policy_lock); + error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, + &tomoyo_alias_list, + tomoyo_same_alias_entry); out: tomoyo_put_name(e.original_name); tomoyo_put_name(e.aliased_name); diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 09436d11f298..8015719926d5 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -253,6 +253,15 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename, */ LIST_HEAD(tomoyo_globally_readable_list); +static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a, + const struct tomoyo_acl_head *b) +{ + return container_of(a, struct tomoyo_globally_readable_file_entry, + head)->filename == + container_of(b, struct tomoyo_globally_readable_file_entry, + head)->filename; +} + /** * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list. * @@ -266,36 +275,17 @@ LIST_HEAD(tomoyo_globally_readable_list); static int tomoyo_update_globally_readable_entry(const char *filename, const bool is_delete) { - struct tomoyo_globally_readable_file_entry *ptr; struct tomoyo_globally_readable_file_entry e = { }; - int error = is_delete ? -ENOENT : -ENOMEM; + int error; if (!tomoyo_is_correct_word(filename)) return -EINVAL; e.filename = tomoyo_get_name(filename); if (!e.filename) return -ENOMEM; - if (mutex_lock_interruptible(&tomoyo_policy_lock)) - goto out; - list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, - head.list) { - if (ptr->filename != e.filename) - continue; - ptr->head.is_deleted = is_delete; - error = 0; - break; - } - if (!is_delete && error) { - struct tomoyo_globally_readable_file_entry *entry = - tomoyo_commit_ok(&e, sizeof(e)); - if (entry) { - list_add_tail_rcu(&entry->head.list, - &tomoyo_globally_readable_list); - error = 0; - } - } - mutex_unlock(&tomoyo_policy_lock); - out: + error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, + &tomoyo_globally_readable_list, + tomoyo_same_globally_readable); tomoyo_put_name(e.filename); return error; } @@ -402,6 +392,13 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head) */ LIST_HEAD(tomoyo_pattern_list); +static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, + const struct tomoyo_acl_head *b) +{ + return container_of(a, struct tomoyo_pattern_entry, head)->pattern == + container_of(b, struct tomoyo_pattern_entry, head)->pattern; +} + /** * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list. * @@ -415,35 +412,17 @@ LIST_HEAD(tomoyo_pattern_list); static int tomoyo_update_file_pattern_entry(const char *pattern, const bool is_delete) { - struct tomoyo_pattern_entry *ptr; struct tomoyo_pattern_entry e = { }; - int error = is_delete ? -ENOENT : -ENOMEM; + int error; if (!tomoyo_is_correct_word(pattern)) return -EINVAL; e.pattern = tomoyo_get_name(pattern); if (!e.pattern) - return error; - if (mutex_lock_interruptible(&tomoyo_policy_lock)) - goto out; - list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, head.list) { - if (e.pattern != ptr->pattern) - continue; - ptr->head.is_deleted = is_delete; - error = 0; - break; - } - if (!is_delete && error) { - struct tomoyo_pattern_entry *entry = - tomoyo_commit_ok(&e, sizeof(e)); - if (entry) { - list_add_tail_rcu(&entry->head.list, - &tomoyo_pattern_list); - error = 0; - } - } - mutex_unlock(&tomoyo_policy_lock); - out: + return -ENOMEM; + error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, + &tomoyo_pattern_list, + tomoyo_same_pattern); tomoyo_put_name(e.pattern); return error; } @@ -553,6 +532,14 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head) */ LIST_HEAD(tomoyo_no_rewrite_list); +static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, + const struct tomoyo_acl_head *b) +{ + return container_of(a, struct tomoyo_no_rewrite_entry, head)->pattern + == container_of(b, struct tomoyo_no_rewrite_entry, head) + ->pattern; +} + /** * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list. * @@ -566,35 +553,17 @@ LIST_HEAD(tomoyo_no_rewrite_list); static int tomoyo_update_no_rewrite_entry(const char *pattern, const bool is_delete) { - struct tomoyo_no_rewrite_entry *ptr; struct tomoyo_no_rewrite_entry e = { }; - int error = is_delete ? -ENOENT : -ENOMEM; + int error; if (!tomoyo_is_correct_word(pattern)) return -EINVAL; e.pattern = tomoyo_get_name(pattern); if (!e.pattern) - return error; - if (mutex_lock_interruptible(&tomoyo_policy_lock)) - goto out; - list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, head.list) { - if (ptr->pattern != e.pattern) - continue; - ptr->head.is_deleted = is_delete; - error = 0; - break; - } - if (!is_delete && error) { - struct tomoyo_no_rewrite_entry *entry = - tomoyo_commit_ok(&e, sizeof(e)); - if (entry) { - list_add_tail_rcu(&entry->head.list, - &tomoyo_no_rewrite_list); - error = 0; - } - } - mutex_unlock(&tomoyo_policy_lock); - out: + return -ENOMEM; + error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, + &tomoyo_no_rewrite_list, + tomoyo_same_no_rewrite); tomoyo_put_name(e.pattern); return error; } diff --git a/security/tomoyo/number_group.c b/security/tomoyo/number_group.c index afc5b6972129..7266a7462c45 100644 --- a/security/tomoyo/number_group.c +++ b/security/tomoyo/number_group.c @@ -56,6 +56,18 @@ struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name) return !error ? group : NULL; } +static bool tomoyo_same_number_group(const struct tomoyo_acl_head *a, + const struct tomoyo_acl_head *b) +{ + return !memcmp(&container_of(a, struct tomoyo_number_group_member, + head)->number, + &container_of(b, struct tomoyo_number_group_member, + head)->number, + sizeof(container_of(a, + struct tomoyo_number_group_member, + head)->number)); +} + /** * tomoyo_write_number_group_policy - Write "struct tomoyo_number_group" list. * @@ -68,40 +80,19 @@ int tomoyo_write_number_group_policy(char *data, const bool is_delete) { struct tomoyo_number_group *group; struct tomoyo_number_group_member e = { }; - struct tomoyo_number_group_member *member; - int error = is_delete ? -ENOENT : -ENOMEM; + int error; char *w[2]; if (!tomoyo_tokenize(data, w, sizeof(w))) return -EINVAL; - if (!tomoyo_parse_number_union(w[1], &e.number)) - return -EINVAL; - if (e.number.is_group || e.number.values[0] > e.number.values[1]) { - tomoyo_put_number_union(&e.number); + if (w[1][0] == '@' || !tomoyo_parse_number_union(w[1], &e.number) || + e.number.values[0] > e.number.values[1]) return -EINVAL; - } group = tomoyo_get_number_group(w[0]); if (!group) return -ENOMEM; - if (mutex_lock_interruptible(&tomoyo_policy_lock)) - goto out; - list_for_each_entry_rcu(member, &group->member_list, head.list) { - if (memcmp(&member->number, &e.number, sizeof(e.number))) - continue; - member->head.is_deleted = is_delete; - error = 0; - break; - } - if (!is_delete && error) { - struct tomoyo_number_group_member *entry = - tomoyo_commit_ok(&e, sizeof(e)); - if (entry) { - list_add_tail_rcu(&entry->head.list, - &group->member_list); - error = 0; - } - } - mutex_unlock(&tomoyo_policy_lock); - out: + error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, + &group->member_list, + tomoyo_same_number_group); tomoyo_put_number_group(group); return error; } diff --git a/security/tomoyo/path_group.c b/security/tomoyo/path_group.c index 7838f7681297..5b71d8868453 100644 --- a/security/tomoyo/path_group.c +++ b/security/tomoyo/path_group.c @@ -54,6 +54,15 @@ struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name) return !error ? group : NULL; } +static bool tomoyo_same_path_group(const struct tomoyo_acl_head *a, + const struct tomoyo_acl_head *b) +{ + return container_of(a, struct tomoyo_path_group_member, head) + ->member_name == + container_of(b, struct tomoyo_path_group_member, head) + ->member_name; +} + /** * tomoyo_write_path_group_policy - Write "struct tomoyo_path_group" list. * @@ -65,7 +74,6 @@ struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name) int tomoyo_write_path_group_policy(char *data, const bool is_delete) { struct tomoyo_path_group *group; - struct tomoyo_path_group_member *member; struct tomoyo_path_group_member e = { }; int error = is_delete ? -ENOENT : -ENOMEM; char *w[2]; @@ -77,25 +85,9 @@ int tomoyo_write_path_group_policy(char *data, const bool is_delete) e.member_name = tomoyo_get_name(w[1]); if (!e.member_name) goto out; - if (mutex_lock_interruptible(&tomoyo_policy_lock)) - goto out; - list_for_each_entry_rcu(member, &group->member_list, head.list) { - if (member->member_name != e.member_name) - continue; - member->head.is_deleted = is_delete; - error = 0; - break; - } - if (!is_delete && error) { - struct tomoyo_path_group_member *entry = - tomoyo_commit_ok(&e, sizeof(e)); - if (entry) { - list_add_tail_rcu(&entry->head.list, - &group->member_list); - error = 0; - } - } - mutex_unlock(&tomoyo_policy_lock); + error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, + &group->member_list, + tomoyo_same_path_group); out: tomoyo_put_name(e.member_name); tomoyo_put_path_group(group); |