summaryrefslogtreecommitdiff
path: root/security/tomoyo/securityfs_if.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/securityfs_if.c')
-rw-r--r--security/tomoyo/securityfs_if.c61
1 files changed, 30 insertions, 31 deletions
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index 179a955b319d..33933645f5b9 100644
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0
/*
* security/tomoyo/securityfs_if.c
*
@@ -20,6 +21,7 @@ static bool tomoyo_check_task_acl(struct tomoyo_request_info *r,
{
const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl),
head);
+
return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname);
}
@@ -41,20 +43,18 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
{
char *data;
int error;
+
if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10)
return -ENOMEM;
- data = kzalloc(count + 1, GFP_NOFS);
- if (!data)
- return -ENOMEM;
- if (copy_from_user(data, buf, count)) {
- error = -EFAULT;
- goto out;
- }
+ data = memdup_user_nul(buf, count);
+ if (IS_ERR(data))
+ return PTR_ERR(data);
tomoyo_normalize_line(data);
if (tomoyo_correct_domain(data)) {
const int idx = tomoyo_read_lock();
struct tomoyo_path_info name;
struct tomoyo_request_info r;
+
name.name = data;
tomoyo_fill_path_info(&name);
/* Check "task manual_domain_transition" permission. */
@@ -70,24 +70,19 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
if (!new_domain) {
error = -ENOENT;
} else {
- struct cred *cred = prepare_creds();
- if (!cred) {
- error = -ENOMEM;
- } else {
- struct tomoyo_domain_info *old_domain =
- cred->security;
- cred->security = new_domain;
- atomic_inc(&new_domain->users);
- atomic_dec(&old_domain->users);
- commit_creds(cred);
- error = 0;
- }
+ struct tomoyo_task *s = tomoyo_task(current);
+ struct tomoyo_domain_info *old_domain =
+ s->domain_info;
+
+ s->domain_info = new_domain;
+ atomic_inc(&new_domain->users);
+ atomic_dec(&old_domain->users);
+ error = 0;
}
}
tomoyo_read_unlock(idx);
} else
error = -EINVAL;
-out:
kfree(data);
return error ? error : count;
}
@@ -108,6 +103,7 @@ static ssize_t tomoyo_read_self(struct file *file, char __user *buf,
const char *domain = tomoyo_domain()->domainname->name;
loff_t len = strlen(domain);
loff_t pos = *ppos;
+
if (pos >= len || !count)
return 0;
len -= pos;
@@ -135,14 +131,15 @@ static const struct file_operations tomoyo_self_operations = {
*/
static int tomoyo_open(struct inode *inode, struct file *file)
{
- const int key = ((u8 *) file_inode(file)->i_private)
- - ((u8 *) NULL);
+ const u8 key = (uintptr_t) file_inode(file)->i_private;
+
return tomoyo_open_control(key, file);
}
/**
* tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
*
+ * @inode: Pointer to "struct inode".
* @file: Pointer to "struct file".
*
*/
@@ -158,10 +155,10 @@ static int tomoyo_release(struct inode *inode, struct file *file)
* @file: Pointer to "struct file".
* @wait: Pointer to "poll_table". Maybe NULL.
*
- * Returns POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM if ready to read/write,
- * POLLOUT | POLLWRNORM otherwise.
+ * Returns EPOLLIN | EPOLLRDNORM | EPOLLOUT | EPOLLWRNORM if ready to read/write,
+ * EPOLLOUT | EPOLLWRNORM otherwise.
*/
-static unsigned int tomoyo_poll(struct file *file, poll_table *wait)
+static __poll_t tomoyo_poll(struct file *file, poll_table *wait)
{
return tomoyo_poll_control(file, wait);
}
@@ -227,21 +224,25 @@ static const struct file_operations tomoyo_operations = {
static void __init tomoyo_create_entry(const char *name, const umode_t mode,
struct dentry *parent, const u8 key)
{
- securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
+ securityfs_create_file(name, mode, parent, (void *) (uintptr_t) key,
&tomoyo_operations);
}
/**
- * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
+ * tomoyo_interface_init - Initialize /sys/kernel/security/tomoyo/ interface.
*
* Returns 0.
*/
-static int __init tomoyo_initerface_init(void)
+int __init tomoyo_interface_init(void)
{
+ struct tomoyo_domain_info *domain;
struct dentry *tomoyo_dir;
+ if (!tomoyo_enabled)
+ return 0;
+ domain = tomoyo_domain();
/* Don't create securityfs entries unless registered. */
- if (current_cred()->security != &tomoyo_kernel_domain)
+ if (domain != &tomoyo_kernel_domain)
return 0;
tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
@@ -268,5 +269,3 @@ static int __init tomoyo_initerface_init(void)
tomoyo_load_builtin_policy();
return 0;
}
-
-fs_initcall(tomoyo_initerface_init);
generated by cgit (git 2.34.1) at 2025-12-25 05:44:21 +0000