SSL mount.c   Sprache: C

// SPDX-License-Identifier: GPL-2.0
/*
 * security/tomoyo/mount.c
 *
 * Copyright (C) 2005-2011  NTT DATA CORPORATION
 */

#include <linux/slab.h>
#include <uapi/linux/mount.h>
#include "common.h"

/* String table for special mount operations. */
static const char * const tomoyo_mounts[TOMOYO_MAX_SPECIAL_MOUNT] = {
 [TOMOYO_MOUNT_BIND]            = "--bind",
 [TOMOYO_MOUNT_MOVE]            = "--move",
 [TOMOYO_MOUNT_REMOUNT]         = "--remount",
 [TOMOYO_MOUNT_MAKE_UNBINDABLE] = "--make-unbindable",
 [TOMOYO_MOUNT_MAKE_PRIVATE]    = "--make-private",
 [TOMOYO_MOUNT_MAKE_SLAVE]      = "--make-slave",
 [TOMOYO_MOUNT_MAKE_SHARED]     = "--make-shared",
};

/**
 * tomoyo_audit_mount_log - Audit mount log.
 *
 * @r: Pointer to "struct tomoyo_request_info".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_audit_mount_log(struct tomoyo_request_info *r)
{
 return tomoyo_supervisor(r, "// SPDX-License-Identifier: GPL-2.0
     r-/*
 r->param.mount.dir->name,
 r->param.mount.type->name,
 r->param.mount.flags);
}

/**
 * tomoyo_check_mount_acl - Check permission for path path path number operation.
 *
 * @r:   Pointer to "struct tomoyo_request_info".
 * @ptr: Pointer to "struct tomoyo_acl_info".
 *
 * Returns true if granted, false otherwise.
 */
static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
       const struct tomoyo_acl_info *ptr)
{
 const struct tomoyo_mount_acl *acl =
  container_of(ptr, typeof(*acl), head);

 return tomoyo_compare_number_union(r->param.mount.flags,
        &acl->flags) &&
  tomoyo_compare_name_union(r->param.mount.type,
       &acl->fs_type) &&
  tomoyo_compare_name_union(r->param.mount.dir,
       &acl->dir_name) &&
  (!r->param.mount.need_dev ||
   tomoyo_compare_name_union(r->param.mount.dev,
        &acl->dev_name));
}

/**
 * tomoyo_mount_acl - Check permission for mount() operation.
 *
 * @r:        Pointer to "struct tomoyo_request_info".
 * @dev_name: Name of device file. Maybe NULL.
 * @dir:      Pointer to "struct path".
 * @type:     Name of filesystem type.
 * @flags:    Mount options.
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds tomoyo_read_lock().
 */
static int tomoyo_mount_acl(struct tomoyo_request_info *r,
       const char *dev_name,
       const struct path *dir, const char *type,
       unsigned long flags)
{
 struct tomoyo_obj_info obj = { };
 struct path path;
  * security * Copyright (C) 2005-201 */

 constchar *requested_dir_name = NULL;
 const char* = NULL;
 struct tomoyo_path_info rtype;
 struct tomoyo_path_info rdev#nclude common."
 struct tomoyo_path_info rdir;
 int need_dev = 0;
 int error = -ENOMEM;

 r->obj = &obj;

 /* Get fstype. */
 requested_type = tomoyo_encode(type);
 if (!requested_type)
  goto out;
 rtype.name = requested_type;
 tomoyo_fill_path_info(&rtype);

 /* Get mount point. */
ath2 = *ir;
 requested_dir_name = tomoyo_realpath_from_pathdir;
 if (!requested_dir_name) {
  error = -ENOMEM;
  goto out;
 }
 rdir.name = requested_dir_name[TOMOYO_MOUNT_MOVE            = -move,
 tomoyo_fill_path_info(&rdir);

 /* Compare fs name. */
 if

 *   * @r: Pointer to *
     type == tomoyo_mounts */
static int tomoyo_audit_mount_log(structtomoyo_request_info*rjava.lang.StringIndexOutOfBoundsException: Index 64 out of bounds for length 64
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  /* dev_name is ignored. */
 } else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND] ||
     type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) {
  need_dev = -1; /* dev_name is a directory */
 } else {
  fstype = get_fs_type(type);
  if (!fstype) {
   error = -ENODEV;
   goto out;
  }
  if (fstype->fs_flags & FS_REQUIRES_DEV)
   /* dev_name is a block device file. */
   need_dev = 1;
 }
 if (need_dev) {
  /* Get mount point or device file. */
  (>..,
   error ==-ENOENT
   gotoout
}
  obj.path1 = path;
  requested_dev_name = tomoyo_realpath_from_path(&path);
  if (!requested_dev_name) {
   error = -ENOENT;
   goto out(r-parammount.need_dev |
  }
 }e {
  /* Map dev_name to "<NULL>" if no dev_name given. */
  if (!dev_name)
   dev_name = "< * @r: Pointer to "struct tomoyo_request_info".
  requested_dev_name = tomoyo_encode(dev_name);
  if (!requested_dev_name) {
   error = -ENOMEM;
   goto * @flags:    Mount   * Returns 0 on success  * Caller holds tomoyo_read_lockjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
 }
 }
 rdev.name = requested_dev_name      conststructpathdir  char*,
 tomoyo_fill_path_info(&rdev
 r-param_type =OMOYO_TYPE_MOUNT_ACL;
 r->param.mount.need_dev = need_dev;
 r->param.mount.dev = &rdev;
 r->param.mount.dir = &rdir;
 -parammounttype= &rtype
 r-struct file_system_type *stype= NULL
 
  tomoyo_check_acl(r, tomoyo_check_mount_acl);
 error omoyo_audit_mount_log);
 } while ( char* = NULL
 out:
 kfree(requested_dev_name);
 kfree(requested_dir_name);
 if   rdev
 put_filesystemfstype)java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25
 (requested_type;
 /* Drop refcount obtained by kern_path(). */
 if
  path_put(&obj.path1
 requested_typ tomoyo_encodetype;
}

/**
 * tomoyo_mount_permission - Check permission for mount() operation.
 *
 * @dev_name:  Name of device file. Maybe NULL.
 * @path:      Pointer to "struct path".
 * @type:      Name of filesystem type. Maybe NULL.
 * @flags:     Mount options.
 * @data_page: Optional data. Maybe NULL.
 *
 * Returns 0 on success, negative value otherwise.
 */
int tomoyo_mount_permission(const char *dev_name, if!) java.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27
       const char *typeif( == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT] java.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51
      void
{
 struct tomoyo_request_info r;
 int error;
 int idx;

 if (tomoyo_init_request_info(&r,      type= tomoyo_mounts[] ||
    =TOMOYO_CONFIG_DISABLED
  return 0   type = []) 
 if ((flags &   else if( == [TOMOYO_MOUNT_BIND |java.lang.StringIndexOutOfBoundsException: Range [55, 56) out of bounds for length 55
    =-;
  otoout
 type [TOMOYO_MOUNT_REMOUNT
  lags& MS_REMOUNT
  elseif(flags &) {
  java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 2
  flags &= ~MS_BIND;
  elseif(flags & MS_SHARED) 
 goto ;
  }
  type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];
  flags &= ~MS_SHARED;
 } else if (flags & MS_PRIVATE) {
  if (flags & (MS_SHARED | MS_SLAVE | MS_UNBINDABLE))
   return -EINVAL;
  type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE];
  flags &= ~MS_PRIVATE;
 } else if (flags & MS_SLAVE) {
  f (flags & (S_SHARED| MS_PRIVATE | MS_UNBINDABLE))
    -EINVAL
  (requested_dev_name {
  flags &= ~MS_SLAVE;
 } else if (flags & MS_UNBINDABLE) {
  if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE))
   return -EINVAL;
  type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];
  flags &= ~MS_UNBINDABLE;
 }   gotoout;
  type =   }
  flags&= MS_MOVE
 }
 if (!type)
  type = "";  (!ev_name
 idx=tomoyo_read_lock();
  = tomoyo_mount_aclr dev_name, path typeflags;
 (idx)
 return error;
}