From 059d84dbb3897d4ee494a9c842c5dda54316cb47 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Sat, 10 Sep 2011 15:23:54 +0900
Subject: TOMOYO: Add socket operation restriction support.

This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX
socket's bind()/listen()/connect()/send() operations.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/tomoyo/gc.c | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

(limited to 'security/tomoyo/gc.c')

diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index 818b07998111..7747ceb9a221 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -16,6 +16,7 @@ static DEFINE_SPINLOCK(tomoyo_io_buffer_list_lock);
 /* Size of an element. */
 static const u8 tomoyo_element_size[TOMOYO_MAX_POLICY] = {
 	[TOMOYO_ID_GROUP] = sizeof(struct tomoyo_group),
+	[TOMOYO_ID_ADDRESS_GROUP] = sizeof(struct tomoyo_address_group),
 	[TOMOYO_ID_PATH_GROUP] = sizeof(struct tomoyo_path_group),
 	[TOMOYO_ID_NUMBER_GROUP] = sizeof(struct tomoyo_number_group),
 	[TOMOYO_ID_AGGREGATOR] = sizeof(struct tomoyo_aggregator),
@@ -36,6 +37,8 @@ static const u8 tomoyo_acl_size[] = {
 	[TOMOYO_TYPE_PATH_NUMBER_ACL] = sizeof(struct tomoyo_path_number_acl),
 	[TOMOYO_TYPE_MKDEV_ACL] = sizeof(struct tomoyo_mkdev_acl),
 	[TOMOYO_TYPE_MOUNT_ACL] = sizeof(struct tomoyo_mount_acl),
+	[TOMOYO_TYPE_INET_ACL] = sizeof(struct tomoyo_inet_acl),
+	[TOMOYO_TYPE_UNIX_ACL] = sizeof(struct tomoyo_unix_acl),
 	[TOMOYO_TYPE_ENV_ACL] = sizeof(struct tomoyo_env_acl),
 };
 
@@ -302,6 +305,23 @@ static void tomoyo_del_acl(struct list_head *element)
 			tomoyo_put_name(entry->env);
 		}
 		break;
+	case TOMOYO_TYPE_INET_ACL:
+		{
+			struct tomoyo_inet_acl *entry =
+				container_of(acl, typeof(*entry), head);
+
+			tomoyo_put_group(entry->address.group);
+			tomoyo_put_number_union(&entry->port);
+		}
+		break;
+	case TOMOYO_TYPE_UNIX_ACL:
+		{
+			struct tomoyo_unix_acl *entry =
+				container_of(acl, typeof(*entry), head);
+
+			tomoyo_put_name_union(&entry->name);
+		}
+		break;
 	}
 }
 
@@ -430,6 +450,18 @@ static void tomoyo_del_group(struct list_head *element)
 	tomoyo_put_name(group->group_name);
 }
 
+/**
+ * tomoyo_del_address_group - Delete members in "struct tomoyo_address_group".
+ *
+ * @element: Pointer to "struct list_head".
+ *
+ * Returns nothing.
+ */
+static inline void tomoyo_del_address_group(struct list_head *element)
+{
+	/* Nothing to do. */
+}
+
 /**
  * tomoyo_del_number_group - Delete members in "struct tomoyo_number_group".
  *
@@ -527,9 +559,12 @@ static void tomoyo_collect_entry(void)
 			case 0:
 				id = TOMOYO_ID_PATH_GROUP;
 				break;
-			default:
+			case 1:
 				id = TOMOYO_ID_NUMBER_GROUP;
 				break;
+			default:
+				id = TOMOYO_ID_ADDRESS_GROUP;
+				break;
 			}
 			list_for_each_entry(group, list, head.list) {
 				if (!tomoyo_collect_member
@@ -634,6 +669,9 @@ static bool tomoyo_kfree_entry(void)
 		case TOMOYO_ID_PATH_GROUP:
 			tomoyo_del_path_group(element);
 			break;
+		case TOMOYO_ID_ADDRESS_GROUP:
+			tomoyo_del_address_group(element);
+			break;
 		case TOMOYO_ID_GROUP:
 			tomoyo_del_group(element);
 			break;
-- 
cgit v1.2.3-59-g8ed1b