TOMOYO: Use callback for permission check.

[sfrench/cifs-2.6.git] / security / tomoyo / domain.c

diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index fe621af46c2e46b2d6054a2f159a2f8f51bcc327..13f4f39baf8f14b25be1c62d9a1697aedb3e82ec 100644 (file)
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -109,6 +109,24 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
        return error;
 }
 
+void tomoyo_check_acl(struct tomoyo_request_info *r,
+                     bool (*check_entry) (const struct tomoyo_request_info *,
+                                          const struct tomoyo_acl_info *))
+{
+       const struct tomoyo_domain_info *domain = r->domain;
+       struct tomoyo_acl_info *ptr;
+
+       list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
+               if (ptr->is_deleted || ptr->type != r->param_type)
+                       continue;
+               if (check_entry(r, ptr)) {
+                       r->granted = true;
+                       return;
+               }
+       }
+       r->granted = false;
+}
+
 /*
  * tomoyo_domain_list is used for holding list of domains.
  * The ->acl_info_list of "struct tomoyo_domain_info" is used for holding
@@ -960,7 +978,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
        }
 
        /* Check execute permission. */
-       retval = tomoyo_check_exec_perm(&r, &rn);
+       retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn);
        if (retval == TOMOYO_RETRY_REQUEST)
                goto retry;
        if (retval < 0)