From 937bf6133b21b16965f75223085f4314ae32b8eb Mon Sep 17 00:00:00 2001
From: Tetsuo Handa
Date: Wed, 2 Dec 2009 21:09:48 +0900
Subject: TOMOYO: Add rest of file operation restrictions.

LSM hooks for chmod()/chown()/chroot() are now ready.
This patch utilizes these hooks.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/tomoyo/common.c | 61 ++++++++++++++----------------------------------
 1 file changed, 18 insertions(+), 43 deletions(-)

(limited to 'security/tomoyo/common.c')

diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index e0d0354008b7..6c6061682438 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -842,52 +842,27 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
 		if (ptr->type & TOMOYO_ACL_DELETED)
 			continue;
 		switch (tomoyo_acl_type2(ptr)) {
-			struct tomoyo_single_path_acl_record *acl1;
-			struct tomoyo_double_path_acl_record *acl2;
-			u16 perm;
+			struct tomoyo_single_path_acl_record *acl;
+			u32 perm;
+			u8 i;
 		case TOMOYO_TYPE_SINGLE_PATH_ACL:
-			acl1 = container_of(ptr,
-				    struct tomoyo_single_path_acl_record,
-					    head);
-			perm = acl1->perm;
-			if (perm & (1 << TOMOYO_TYPE_EXECUTE_ACL))
-				count++;
-			if (perm &
-			    ((1 << TOMOYO_TYPE_READ_ACL) |
-			     (1 << TOMOYO_TYPE_WRITE_ACL)))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_CREATE_ACL))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_UNLINK_ACL))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_MKDIR_ACL))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_RMDIR_ACL))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_MKFIFO_ACL))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_MKSOCK_ACL))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_MKBLOCK_ACL))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_MKCHAR_ACL))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_TRUNCATE_ACL))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_SYMLINK_ACL))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_REWRITE_ACL))
-				count++;
+			acl = container_of(ptr,
+					   struct tomoyo_single_path_acl_record,
+					   head);
+			perm = acl->perm | (((u32) acl->perm_high) << 16);
+			for (i = 0; i < TOMOYO_MAX_SINGLE_PATH_OPERATION; i++)
+				if (perm & (1 << i))
+					count++;
+			if (perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL))
+				count -= 2;
 			break;
 		case TOMOYO_TYPE_DOUBLE_PATH_ACL:
-			acl2 = container_of(ptr,
+			perm = container_of(ptr,
 				    struct tomoyo_double_path_acl_record,
-					    head);
-			perm = acl2->perm;
-			if (perm & (1 << TOMOYO_TYPE_LINK_ACL))
-				count++;
-			if (perm & (1 << TOMOYO_TYPE_RENAME_ACL))
-				count++;
+					    head)->perm;
+			for (i = 0; i < TOMOYO_MAX_DOUBLE_PATH_OPERATION; i++)
+				if (perm & (1 << i))
+					count++;
 			break;
 		}
 	}
@@ -1426,7 +1401,7 @@ static bool tomoyo_print_single_path_acl(struct tomoyo_io_buffer *head,
 	u8 bit;
 	const char *atmark = "";
 	const char *filename;
-	const u16 perm = ptr->perm;
+	const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16);
 
 	filename = ptr->filename->name;
 	for (bit = head->read_bit; bit < TOMOYO_MAX_SINGLE_PATH_OPERATION;
-- 
cgit v1.2.3-55-g7522