aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/tomoyo/mount.c124
1 files changed, 33 insertions, 91 deletions
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 54015b9..7872226 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(const struct tomoyo_request_info *r,
}
/**
- * tomoyo_mount_acl2 - Check permission for mount() operation.
+ * tomoyo_mount_acl - Check permission for mount() operation.
*
* @r: Pointer to "struct tomoyo_request_info".
* @dev_name: Name of device file.
@@ -85,8 +85,8 @@ static bool tomoyo_check_mount_acl(const struct tomoyo_request_info *r,
*
* Caller holds tomoyo_read_lock().
*/
-static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name,
- struct path *dir, char *type, unsigned long flags)
+static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
+ struct path *dir, char *type, unsigned long flags)
{
struct path path;
struct file_system_type *fstype = NULL;
@@ -179,94 +179,6 @@ static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name,
}
/**
- * tomoyo_mount_acl - Check permission for mount() operation.
- *
- * @r: Pointer to "struct tomoyo_request_info".
- * @dev_name: Name of device file.
- * @dir: Pointer to "struct path".
- * @type: Name of filesystem type.
- * @flags: Mount options.
- *
- * Returns 0 on success, negative value otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
- struct path *dir, char *type, unsigned long flags)
-{
- int error;
- error = -EPERM;
- if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
- flags &= ~MS_MGC_MSK;
- switch (flags & (MS_REMOUNT | MS_MOVE | MS_BIND)) {
- case MS_REMOUNT:
- case MS_MOVE:
- case MS_BIND:
- case 0:
- break;
- default:
- printk(KERN_WARNING "ERROR: "
- "%s%s%sare given for single mount operation.\n",
- flags & MS_REMOUNT ? "'remount' " : "",
- flags & MS_MOVE ? "'move' " : "",
- flags & MS_BIND ? "'bind' " : "");
- return -EINVAL;
- }
- switch (flags & (MS_UNBINDABLE | MS_PRIVATE | MS_SLAVE | MS_SHARED)) {
- case MS_UNBINDABLE:
- case MS_PRIVATE:
- case MS_SLAVE:
- case MS_SHARED:
- case 0:
- break;
- default:
- printk(KERN_WARNING "ERROR: "
- "%s%s%s%sare given for single mount operation.\n",
- flags & MS_UNBINDABLE ? "'unbindable' " : "",
- flags & MS_PRIVATE ? "'private' " : "",
- flags & MS_SLAVE ? "'slave' " : "",
- flags & MS_SHARED ? "'shared' " : "");
- return -EINVAL;
- }
- if (flags & MS_REMOUNT)
- error = tomoyo_mount_acl(r, dev_name, dir,
- TOMOYO_MOUNT_REMOUNT_KEYWORD,
- flags & ~MS_REMOUNT);
- else if (flags & MS_MOVE)
- error = tomoyo_mount_acl(r, dev_name, dir,
- TOMOYO_MOUNT_MOVE_KEYWORD,
- flags & ~MS_MOVE);
- else if (flags & MS_BIND)
- error = tomoyo_mount_acl(r, dev_name, dir,
- TOMOYO_MOUNT_BIND_KEYWORD,
- flags & ~MS_BIND);
- else if (flags & MS_UNBINDABLE)
- error = tomoyo_mount_acl(r, dev_name, dir,
- TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD,
- flags & ~MS_UNBINDABLE);
- else if (flags & MS_PRIVATE)
- error = tomoyo_mount_acl(r, dev_name, dir,
- TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD,
- flags & ~MS_PRIVATE);
- else if (flags & MS_SLAVE)
- error = tomoyo_mount_acl(r, dev_name, dir,
- TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD,
- flags & ~MS_SLAVE);
- else if (flags & MS_SHARED)
- error = tomoyo_mount_acl(r, dev_name, dir,
- TOMOYO_MOUNT_MAKE_SHARED_KEYWORD,
- flags & ~MS_SHARED);
- else
- do {
- error = tomoyo_mount_acl2(r, dev_name, dir, type,
- flags);
- } while (error == TOMOYO_RETRY_REQUEST);
- if (r->mode != TOMOYO_CONFIG_ENFORCING)
- error = 0;
- return error;
-}
-
-/**
* tomoyo_mount_permission - Check permission for mount() operation.
*
* @dev_name: Name of device file.
@@ -287,6 +199,36 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
if (tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_MOUNT)
== TOMOYO_CONFIG_DISABLED)
return 0;
+ if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
+ flags &= ~MS_MGC_MSK;
+ if (flags & MS_REMOUNT) {
+ type = TOMOYO_MOUNT_REMOUNT_KEYWORD;
+ flags &= ~MS_REMOUNT;
+ }
+ if (flags & MS_MOVE) {
+ type = TOMOYO_MOUNT_MOVE_KEYWORD;
+ flags &= ~MS_MOVE;
+ }
+ if (flags & MS_BIND) {
+ type = TOMOYO_MOUNT_BIND_KEYWORD;
+ flags &= ~MS_BIND;
+ }
+ if (flags & MS_UNBINDABLE) {
+ type = TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD;
+ flags &= ~MS_UNBINDABLE;
+ }
+ if (flags & MS_PRIVATE) {
+ type = TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD;
+ flags &= ~MS_PRIVATE;
+ }
+ if (flags & MS_SLAVE) {
+ type = TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD;
+ flags &= ~MS_SLAVE;
+ }
+ if (flags & MS_SHARED) {
+ type = TOMOYO_MOUNT_MAKE_SHARED_KEYWORD;
+ flags &= ~MS_SHARED;
+ }
if (!type)
type = "<NULL>";
idx = tomoyo_read_lock();