TOMOYO: Add pathname aggregation support.
This patch allows users to aggregate programs which provide similar
functionality (e.g. /usr/bin/vi and /usr/bin/emacs ).
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index be2d3b9..8a31f0c 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -18,6 +18,7 @@
TOMOYO_ID_NUMBER_GROUP_MEMBER,
TOMOYO_ID_DOMAIN_INITIALIZER,
TOMOYO_ID_DOMAIN_KEEPER,
+ TOMOYO_ID_AGGREGATOR,
TOMOYO_ID_ALIAS,
TOMOYO_ID_GLOBALLY_READABLE,
TOMOYO_ID_PATTERN,
@@ -77,6 +78,12 @@
tomoyo_put_name(ptr->program);
}
+static void tomoyo_del_aggregator(struct tomoyo_aggregator_entry *ptr)
+{
+ tomoyo_put_name(ptr->original_name);
+ tomoyo_put_name(ptr->aggregated_name);
+}
+
static void tomoyo_del_alias(struct tomoyo_alias_entry *ptr)
{
tomoyo_put_name(ptr->original_name);
@@ -264,6 +271,17 @@
}
}
{
+ struct tomoyo_aggregator_entry *ptr;
+ list_for_each_entry_rcu(ptr, &tomoyo_aggregator_list, list) {
+ if (!ptr->is_deleted)
+ continue;
+ if (tomoyo_add_to_gc(TOMOYO_ID_AGGREGATOR, ptr))
+ list_del_rcu(&ptr->list);
+ else
+ break;
+ }
+ }
+ {
struct tomoyo_alias_entry *ptr;
list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
if (!ptr->is_deleted)
@@ -417,6 +435,9 @@
case TOMOYO_ID_DOMAIN_KEEPER:
tomoyo_del_domain_keeper(p->element);
break;
+ case TOMOYO_ID_AGGREGATOR:
+ tomoyo_del_aggregator(p->element);
+ break;
case TOMOYO_ID_ALIAS:
tomoyo_del_alias(p->element);
break;