TOMOYO: Use callback for updating entries.
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tue, 15 Jun 2010 00:23:26 +0000 (09:23 +0900)
committerJames Morris <jmorris@namei.org>
Mon, 2 Aug 2010 05:34:29 +0000 (15:34 +1000)
Use common code for elements using "struct list_head" + "bool" structure.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
security/tomoyo/common.c
security/tomoyo/common.h
security/tomoyo/domain.c
security/tomoyo/file.c
security/tomoyo/number_group.c
security/tomoyo/path_group.c

index 7bfad45fcd6183388c0715af81dc76143c1d1f29..4ee47af0917dfad692a349187f5d3c49b2717ab4 100644 (file)
@@ -469,6 +469,15 @@ static int tomoyo_read_profile(struct tomoyo_io_buffer *head)
  */
 LIST_HEAD(tomoyo_policy_manager_list);
 
+static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a,
+                                     const struct tomoyo_acl_head *b)
+{
+       return container_of(a, struct tomoyo_policy_manager_entry, head)
+               ->manager ==
+               container_of(b, struct tomoyo_policy_manager_entry, head)
+               ->manager;
+}
+
 /**
  * tomoyo_update_manager_entry - Add a manager entry.
  *
@@ -482,9 +491,8 @@ LIST_HEAD(tomoyo_policy_manager_list);
 static int tomoyo_update_manager_entry(const char *manager,
                                       const bool is_delete)
 {
-       struct tomoyo_policy_manager_entry *ptr;
        struct tomoyo_policy_manager_entry e = { };
-       int error = is_delete ? -ENOENT : -ENOMEM;
+       int error;
 
        if (tomoyo_is_domain_def(manager)) {
                if (!tomoyo_is_correct_domain(manager))
@@ -497,26 +505,9 @@ static int tomoyo_update_manager_entry(const char *manager,
        e.manager = tomoyo_get_name(manager);
        if (!e.manager)
                return -ENOMEM;
-       if (mutex_lock_interruptible(&tomoyo_policy_lock))
-               goto out;
-       list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) {
-               if (ptr->manager != e.manager)
-                       continue;
-               ptr->head.is_deleted = is_delete;
-               error = 0;
-               break;
-       }
-       if (!is_delete && error) {
-               struct tomoyo_policy_manager_entry *entry =
-                       tomoyo_commit_ok(&e, sizeof(e));
-               if (entry) {
-                       list_add_tail_rcu(&entry->head.list,
-                                         &tomoyo_policy_manager_list);
-                       error = 0;
-               }
-       }
-       mutex_unlock(&tomoyo_policy_lock);
- out:
+       error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                    &tomoyo_policy_manager_list,
+                                    tomoyo_same_manager_entry);
        tomoyo_put_name(e.manager);
        return error;
 }
index 0ab6e86f90aa0fbce703d9d629470193c87675ca..c8ab7553c48c048eda9c4c0c525c5c1edddd4d2d 100644 (file)
@@ -913,6 +913,12 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
                         bool (*merge_duplicate) (struct tomoyo_acl_info *,
                                                  struct tomoyo_acl_info *,
                                                  const bool));
+int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
+                        bool is_delete, struct list_head *list,
+                        bool (*check_duplicate) (const struct tomoyo_acl_head
+                                                 *,
+                                                 const struct tomoyo_acl_head
+                                                 *));
 
 /********** External variable definitions. **********/
 
@@ -1042,39 +1048,6 @@ static inline bool tomoyo_is_same_number_union
                p1->max_type == p2->max_type && p1->is_group == p2->is_group;
 }
 
-static inline bool tomoyo_is_same_domain_initializer_entry
-(const struct tomoyo_domain_initializer_entry *p1,
- const struct tomoyo_domain_initializer_entry *p2)
-{
-       return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name
-               && p1->domainname == p2->domainname
-               && p1->program == p2->program;
-}
-
-static inline bool tomoyo_is_same_domain_keeper_entry
-(const struct tomoyo_domain_keeper_entry *p1,
- const struct tomoyo_domain_keeper_entry *p2)
-{
-       return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name
-               && p1->domainname == p2->domainname
-               && p1->program == p2->program;
-}
-
-static inline bool tomoyo_is_same_aggregator_entry
-(const struct tomoyo_aggregator_entry *p1,
- const struct tomoyo_aggregator_entry *p2)
-{
-       return p1->original_name == p2->original_name &&
-               p1->aggregated_name == p2->aggregated_name;
-}
-
-static inline bool tomoyo_is_same_alias_entry
-(const struct tomoyo_alias_entry *p1, const struct tomoyo_alias_entry *p2)
-{
-       return p1->original_name == p2->original_name &&
-               p1->aliased_name == p2->aliased_name;
-}
-
 /**
  * list_for_each_cookie - iterate over a list with cookie.
  * @pos:        the &struct list_head to use as a loop cursor.
index 60297da6adcf78d08e632a82dc270c258c2c22f1..fe621af46c2e46b2d6054a2f159a2f8f51bcc327 100644 (file)
 /* The initial domain. */
 struct tomoyo_domain_info tomoyo_kernel_domain;
 
+/**
+ * tomoyo_update_policy - Update an entry for exception policy.
+ *
+ * @new_entry:       Pointer to "struct tomoyo_acl_info".
+ * @size:            Size of @new_entry in bytes.
+ * @is_delete:       True if it is a delete request.
+ * @list:            Pointer to "struct list_head".
+ * @check_duplicate: Callback function to find duplicated entry.
+ *
+ * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
+ */
+int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
+                        bool is_delete, struct list_head *list,
+                        bool (*check_duplicate) (const struct tomoyo_acl_head
+                                                 *,
+                                                 const struct tomoyo_acl_head
+                                                 *))
+{
+       int error = is_delete ? -ENOENT : -ENOMEM;
+       struct tomoyo_acl_head *entry;
+
+       if (mutex_lock_interruptible(&tomoyo_policy_lock))
+               return -ENOMEM;
+       list_for_each_entry_rcu(entry, list, list) {
+               if (!check_duplicate(entry, new_entry))
+                       continue;
+               entry->is_deleted = is_delete;
+               error = 0;
+               break;
+       }
+       if (error && !is_delete) {
+               entry = tomoyo_commit_ok(new_entry, size);
+               if (entry) {
+                       list_add_tail_rcu(&entry->list, list);
+                       error = 0;
+               }
+       }
+       mutex_unlock(&tomoyo_policy_lock);
+       return error;
+}
+
 /**
  * tomoyo_update_domain - Update an entry for domain policy.
  *
@@ -161,6 +204,20 @@ const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain)
  */
 LIST_HEAD(tomoyo_domain_initializer_list);
 
+static bool tomoyo_same_domain_initializer_entry(const struct tomoyo_acl_head *
+                                                a,
+                                                const struct tomoyo_acl_head *
+                                                b)
+{
+       const struct tomoyo_domain_initializer_entry *p1 =
+               container_of(a, typeof(*p1), head);
+       const struct tomoyo_domain_initializer_entry *p2 =
+               container_of(b, typeof(*p2), head);
+       return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name
+               && p1->domainname == p2->domainname
+               && p1->program == p2->program;
+}
+
 /**
  * tomoyo_update_domain_initializer_entry - Update "struct tomoyo_domain_initializer_entry" list.
  *
@@ -178,7 +235,6 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
                                                  const bool is_not,
                                                  const bool is_delete)
 {
-       struct tomoyo_domain_initializer_entry *ptr;
        struct tomoyo_domain_initializer_entry e = { .is_not = is_not };
        int error = is_delete ? -ENOENT : -ENOMEM;
 
@@ -197,26 +253,9 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
        e.program = tomoyo_get_name(program);
        if (!e.program)
                goto out;
-       if (mutex_lock_interruptible(&tomoyo_policy_lock))
-               goto out;
-       list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list,
-                               head.list) {
-               if (!tomoyo_is_same_domain_initializer_entry(ptr, &e))
-                       continue;
-               ptr->head.is_deleted = is_delete;
-               error = 0;
-               break;
-       }
-       if (!is_delete && error) {
-               struct tomoyo_domain_initializer_entry *entry =
-                       tomoyo_commit_ok(&e, sizeof(e));
-               if (entry) {
-                       list_add_tail_rcu(&entry->head.list,
-                                         &tomoyo_domain_initializer_list);
-                       error = 0;
-               }
-       }
-       mutex_unlock(&tomoyo_policy_lock);
+       error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                    &tomoyo_domain_initializer_list,
+                                    tomoyo_same_domain_initializer_entry);
  out:
        tomoyo_put_name(e.domainname);
        tomoyo_put_name(e.program);
@@ -373,6 +412,18 @@ static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info *
  */
 LIST_HEAD(tomoyo_domain_keeper_list);
 
+static bool tomoyo_same_domain_keeper_entry(const struct tomoyo_acl_head *a,
+                                           const struct tomoyo_acl_head *b)
+{
+       const struct tomoyo_domain_keeper_entry *p1 =
+               container_of(a, typeof(*p1), head);
+       const struct tomoyo_domain_keeper_entry *p2 =
+               container_of(b, typeof(*p2), head);
+       return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name
+               && p1->domainname == p2->domainname
+               && p1->program == p2->program;
+}
+
 /**
  * tomoyo_update_domain_keeper_entry - Update "struct tomoyo_domain_keeper_entry" list.
  *
@@ -390,7 +441,6 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
                                             const bool is_not,
                                             const bool is_delete)
 {
-       struct tomoyo_domain_keeper_entry *ptr;
        struct tomoyo_domain_keeper_entry e = { .is_not = is_not };
        int error = is_delete ? -ENOENT : -ENOMEM;
 
@@ -409,25 +459,9 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
        e.domainname = tomoyo_get_name(domainname);
        if (!e.domainname)
                goto out;
-       if (mutex_lock_interruptible(&tomoyo_policy_lock))
-               goto out;
-       list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, head.list) {
-               if (!tomoyo_is_same_domain_keeper_entry(ptr, &e))
-                       continue;
-               ptr->head.is_deleted = is_delete;
-               error = 0;
-               break;
-       }
-       if (!is_delete && error) {
-               struct tomoyo_domain_keeper_entry *entry =
-                       tomoyo_commit_ok(&e, sizeof(e));
-               if (entry) {
-                       list_add_tail_rcu(&entry->head.list,
-                                         &tomoyo_domain_keeper_list);
-                       error = 0;
-               }
-       }
-       mutex_unlock(&tomoyo_policy_lock);
+       error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                    &tomoyo_domain_keeper_list,
+                                    tomoyo_same_domain_keeper_entry);
  out:
        tomoyo_put_name(e.domainname);
        tomoyo_put_name(e.program);
@@ -565,6 +599,17 @@ static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname,
  */
 LIST_HEAD(tomoyo_aggregator_list);
 
+static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a,
+                                        const struct tomoyo_acl_head *b)
+{
+       const struct tomoyo_aggregator_entry *p1 = container_of(a, typeof(*p1),
+                                                               head);
+       const struct tomoyo_aggregator_entry *p2 = container_of(b, typeof(*p2),
+                                                               head);
+       return p1->original_name == p2->original_name &&
+               p1->aggregated_name == p2->aggregated_name;
+}
+
 /**
  * tomoyo_update_aggregator_entry - Update "struct tomoyo_aggregator_entry" list.
  *
@@ -580,7 +625,6 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
                                          const char *aggregated_name,
                                          const bool is_delete)
 {
-       struct tomoyo_aggregator_entry *ptr;
        struct tomoyo_aggregator_entry e = { };
        int error = is_delete ? -ENOENT : -ENOMEM;
 
@@ -592,25 +636,9 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
        if (!e.original_name || !e.aggregated_name ||
            e.aggregated_name->is_patterned) /* No patterns allowed. */
                goto out;
-       if (mutex_lock_interruptible(&tomoyo_policy_lock))
-               goto out;
-       list_for_each_entry_rcu(ptr, &tomoyo_aggregator_list, head.list) {
-               if (!tomoyo_is_same_aggregator_entry(ptr, &e))
-                       continue;
-               ptr->head.is_deleted = is_delete;
-               error = 0;
-               break;
-       }
-       if (!is_delete && error) {
-               struct tomoyo_aggregator_entry *entry =
-                       tomoyo_commit_ok(&e, sizeof(e));
-               if (entry) {
-                       list_add_tail_rcu(&entry->head.list,
-                                         &tomoyo_aggregator_list);
-                       error = 0;
-               }
-       }
-       mutex_unlock(&tomoyo_policy_lock);
+       error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                    &tomoyo_aggregator_list,
+                                    tomoyo_same_aggregator_entry);
  out:
        tomoyo_put_name(e.original_name);
        tomoyo_put_name(e.aggregated_name);
@@ -699,6 +727,17 @@ int tomoyo_write_aggregator_policy(char *data, const bool is_delete)
  */
 LIST_HEAD(tomoyo_alias_list);
 
+static bool tomoyo_same_alias_entry(const struct tomoyo_acl_head *a,
+                                   const struct tomoyo_acl_head *b)
+{
+       const struct tomoyo_alias_entry *p1 = container_of(a, typeof(*p1),
+                                                          head);
+       const struct tomoyo_alias_entry *p2 = container_of(b, typeof(*p2),
+                                                          head);
+       return p1->original_name == p2->original_name &&
+               p1->aliased_name == p2->aliased_name;
+}
+
 /**
  * tomoyo_update_alias_entry - Update "struct tomoyo_alias_entry" list.
  *
@@ -714,7 +753,6 @@ static int tomoyo_update_alias_entry(const char *original_name,
                                     const char *aliased_name,
                                     const bool is_delete)
 {
-       struct tomoyo_alias_entry *ptr;
        struct tomoyo_alias_entry e = { };
        int error = is_delete ? -ENOENT : -ENOMEM;
 
@@ -726,25 +764,9 @@ static int tomoyo_update_alias_entry(const char *original_name,
        if (!e.original_name || !e.aliased_name ||
            e.original_name->is_patterned || e.aliased_name->is_patterned)
                goto out; /* No patterns allowed. */
-       if (mutex_lock_interruptible(&tomoyo_policy_lock))
-               goto out;
-       list_for_each_entry_rcu(ptr, &tomoyo_alias_list, head.list) {
-               if (!tomoyo_is_same_alias_entry(ptr, &e))
-                       continue;
-               ptr->head.is_deleted = is_delete;
-               error = 0;
-               break;
-       }
-       if (!is_delete && error) {
-               struct tomoyo_alias_entry *entry =
-                       tomoyo_commit_ok(&e, sizeof(e));
-               if (entry) {
-                       list_add_tail_rcu(&entry->head.list,
-                                         &tomoyo_alias_list);
-                       error = 0;
-               }
-       }
-       mutex_unlock(&tomoyo_policy_lock);
+       error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                    &tomoyo_alias_list,
+                                    tomoyo_same_alias_entry);
  out:
        tomoyo_put_name(e.original_name);
        tomoyo_put_name(e.aliased_name);
index 09436d11f298ff7d770110cfcf22429ea20d359a..8015719926d5e48cd3ed5a15fd362a29a4c22f5d 100644 (file)
@@ -253,6 +253,15 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename,
  */
 LIST_HEAD(tomoyo_globally_readable_list);
 
+static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a,
+                                         const struct tomoyo_acl_head *b)
+{
+       return container_of(a, struct tomoyo_globally_readable_file_entry,
+                           head)->filename ==
+               container_of(b, struct tomoyo_globally_readable_file_entry,
+                            head)->filename;
+}
+
 /**
  * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
  *
@@ -266,36 +275,17 @@ LIST_HEAD(tomoyo_globally_readable_list);
 static int tomoyo_update_globally_readable_entry(const char *filename,
                                                 const bool is_delete)
 {
-       struct tomoyo_globally_readable_file_entry *ptr;
        struct tomoyo_globally_readable_file_entry e = { };
-       int error = is_delete ? -ENOENT : -ENOMEM;
+       int error;
 
        if (!tomoyo_is_correct_word(filename))
                return -EINVAL;
        e.filename = tomoyo_get_name(filename);
        if (!e.filename)
                return -ENOMEM;
-       if (mutex_lock_interruptible(&tomoyo_policy_lock))
-               goto out;
-       list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list,
-                               head.list) {
-               if (ptr->filename != e.filename)
-                       continue;
-               ptr->head.is_deleted = is_delete;
-               error = 0;
-               break;
-       }
-       if (!is_delete && error) {
-               struct tomoyo_globally_readable_file_entry *entry =
-                       tomoyo_commit_ok(&e, sizeof(e));
-               if (entry) {
-                       list_add_tail_rcu(&entry->head.list,
-                                         &tomoyo_globally_readable_list);
-                       error = 0;
-               }
-       }
-       mutex_unlock(&tomoyo_policy_lock);
- out:
+       error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                    &tomoyo_globally_readable_list,
+                                    tomoyo_same_globally_readable);
        tomoyo_put_name(e.filename);
        return error;
 }
@@ -402,6 +392,13 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
  */
 LIST_HEAD(tomoyo_pattern_list);
 
+static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a,
+                               const struct tomoyo_acl_head *b)
+{
+       return container_of(a, struct tomoyo_pattern_entry, head)->pattern ==
+               container_of(b, struct tomoyo_pattern_entry, head)->pattern;
+}
+
 /**
  * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
  *
@@ -415,35 +412,17 @@ LIST_HEAD(tomoyo_pattern_list);
 static int tomoyo_update_file_pattern_entry(const char *pattern,
                                            const bool is_delete)
 {
-       struct tomoyo_pattern_entry *ptr;
        struct tomoyo_pattern_entry e = { };
-       int error = is_delete ? -ENOENT : -ENOMEM;
+       int error;
 
        if (!tomoyo_is_correct_word(pattern))
                return -EINVAL;
        e.pattern = tomoyo_get_name(pattern);
        if (!e.pattern)
-               return error;
-       if (mutex_lock_interruptible(&tomoyo_policy_lock))
-               goto out;
-       list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, head.list) {
-               if (e.pattern != ptr->pattern)
-                       continue;
-               ptr->head.is_deleted = is_delete;
-               error = 0;
-               break;
-       }
-       if (!is_delete && error) {
-               struct tomoyo_pattern_entry *entry =
-                       tomoyo_commit_ok(&e, sizeof(e));
-               if (entry) {
-                       list_add_tail_rcu(&entry->head.list,
-                                         &tomoyo_pattern_list);
-                       error = 0;
-               }
-       }
-       mutex_unlock(&tomoyo_policy_lock);
- out:
+               return -ENOMEM;
+       error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                    &tomoyo_pattern_list,
+                                    tomoyo_same_pattern);
        tomoyo_put_name(e.pattern);
        return error;
 }
@@ -553,6 +532,14 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
  */
 LIST_HEAD(tomoyo_no_rewrite_list);
 
+static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a,
+                                  const struct tomoyo_acl_head *b)
+{
+       return container_of(a, struct tomoyo_no_rewrite_entry, head)->pattern
+               == container_of(b, struct tomoyo_no_rewrite_entry, head)
+               ->pattern;
+}
+
 /**
  * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.
  *
@@ -566,35 +553,17 @@ LIST_HEAD(tomoyo_no_rewrite_list);
 static int tomoyo_update_no_rewrite_entry(const char *pattern,
                                          const bool is_delete)
 {
-       struct tomoyo_no_rewrite_entry *ptr;
        struct tomoyo_no_rewrite_entry e = { };
-       int error = is_delete ? -ENOENT : -ENOMEM;
+       int error;
 
        if (!tomoyo_is_correct_word(pattern))
                return -EINVAL;
        e.pattern = tomoyo_get_name(pattern);
        if (!e.pattern)
-               return error;
-       if (mutex_lock_interruptible(&tomoyo_policy_lock))
-               goto out;
-       list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, head.list) {
-               if (ptr->pattern != e.pattern)
-                       continue;
-               ptr->head.is_deleted = is_delete;
-               error = 0;
-               break;
-       }
-       if (!is_delete && error) {
-               struct tomoyo_no_rewrite_entry *entry =
-                       tomoyo_commit_ok(&e, sizeof(e));
-               if (entry) {
-                       list_add_tail_rcu(&entry->head.list,
-                                         &tomoyo_no_rewrite_list);
-                       error = 0;
-               }
-       }
-       mutex_unlock(&tomoyo_policy_lock);
- out:
+               return -ENOMEM;
+       error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                    &tomoyo_no_rewrite_list,
+                                    tomoyo_same_no_rewrite);
        tomoyo_put_name(e.pattern);
        return error;
 }
index afc5b6972129eb6b8babcb289d68e74723617b68..7266a7462c4578ac914913a215a4ef74ea68055b 100644 (file)
@@ -56,6 +56,18 @@ struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name)
        return !error ? group : NULL;
 }
 
+static bool tomoyo_same_number_group(const struct tomoyo_acl_head *a,
+                                    const struct tomoyo_acl_head *b)
+{
+       return !memcmp(&container_of(a, struct tomoyo_number_group_member,
+                                    head)->number,
+                      &container_of(b, struct tomoyo_number_group_member,
+                                    head)->number,
+                      sizeof(container_of(a,
+                                          struct tomoyo_number_group_member,
+                                          head)->number));
+}
+
 /**
  * tomoyo_write_number_group_policy - Write "struct tomoyo_number_group" list.
  *
@@ -68,40 +80,19 @@ int tomoyo_write_number_group_policy(char *data, const bool is_delete)
 {
        struct tomoyo_number_group *group;
        struct tomoyo_number_group_member e = { };
-       struct tomoyo_number_group_member *member;
-       int error = is_delete ? -ENOENT : -ENOMEM;
+       int error;
        char *w[2];
        if (!tomoyo_tokenize(data, w, sizeof(w)))
                return -EINVAL;
-       if (!tomoyo_parse_number_union(w[1], &e.number))
-               return -EINVAL;
-       if (e.number.is_group || e.number.values[0] > e.number.values[1]) {
-               tomoyo_put_number_union(&e.number);
+       if (w[1][0] == '@' || !tomoyo_parse_number_union(w[1], &e.number) ||
+           e.number.values[0] > e.number.values[1])
                return -EINVAL;
-       }
        group = tomoyo_get_number_group(w[0]);
        if (!group)
                return -ENOMEM;
-       if (mutex_lock_interruptible(&tomoyo_policy_lock))
-               goto out;
-       list_for_each_entry_rcu(member, &group->member_list, head.list) {
-               if (memcmp(&member->number, &e.number, sizeof(e.number)))
-                       continue;
-               member->head.is_deleted = is_delete;
-               error = 0;
-               break;
-       }
-       if (!is_delete && error) {
-               struct tomoyo_number_group_member *entry =
-                       tomoyo_commit_ok(&e, sizeof(e));
-               if (entry) {
-                       list_add_tail_rcu(&entry->head.list,
-                                         &group->member_list);
-                       error = 0;
-               }
-       }
-       mutex_unlock(&tomoyo_policy_lock);
- out:
+       error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                    &group->member_list,
+                                    tomoyo_same_number_group);
        tomoyo_put_number_group(group);
        return error;
 }
index 7838f7681297406731926dbf54a9e12c187cc0d2..5b71d8868453593880b7ef93ea424ab2b11e0a17 100644 (file)
@@ -54,6 +54,15 @@ struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name)
        return !error ? group : NULL;
 }
 
+static bool tomoyo_same_path_group(const struct tomoyo_acl_head *a,
+                                  const struct tomoyo_acl_head *b)
+{
+       return container_of(a, struct tomoyo_path_group_member, head)
+               ->member_name ==
+               container_of(b, struct tomoyo_path_group_member, head)
+               ->member_name;
+}
+
 /**
  * tomoyo_write_path_group_policy - Write "struct tomoyo_path_group" list.
  *
@@ -65,7 +74,6 @@ struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name)
 int tomoyo_write_path_group_policy(char *data, const bool is_delete)
 {
        struct tomoyo_path_group *group;
-       struct tomoyo_path_group_member *member;
        struct tomoyo_path_group_member e = { };
        int error = is_delete ? -ENOENT : -ENOMEM;
        char *w[2];
@@ -77,25 +85,9 @@ int tomoyo_write_path_group_policy(char *data, const bool is_delete)
        e.member_name = tomoyo_get_name(w[1]);
        if (!e.member_name)
                goto out;
-       if (mutex_lock_interruptible(&tomoyo_policy_lock))
-               goto out;
-       list_for_each_entry_rcu(member, &group->member_list, head.list) {
-               if (member->member_name != e.member_name)
-                       continue;
-               member->head.is_deleted = is_delete;
-               error = 0;
-               break;
-       }
-       if (!is_delete && error) {
-               struct tomoyo_path_group_member *entry =
-                       tomoyo_commit_ok(&e, sizeof(e));
-               if (entry) {
-                       list_add_tail_rcu(&entry->head.list,
-                                         &group->member_list);
-                       error = 0;
-               }
-       }
-       mutex_unlock(&tomoyo_policy_lock);
+       error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
+                                    &group->member_list,
+                                    tomoyo_same_path_group);
  out:
        tomoyo_put_name(e.member_name);
        tomoyo_put_path_group(group);