函数源码

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source File:security\tomoyo\domain.c Create Date:2022-07-27 21:08:41
首页 Copyright©Brick

150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
/**
 * tomoyo_check_acl - Do permission check.
 *
 * @r:           Pointer to "struct tomoyo_request_info".
 * @check_entry: Callback function to check type specific parameters.
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds tomoyo_read_lock().
 */
void tomoyo_check_acl(struct tomoyo_request_info *r,
              bool (*check_entry)(struct tomoyo_request_info *,
                      const struct tomoyo_acl_info *))
{
    const struct tomoyo_domain_info *domain = r->domain;
    struct tomoyo_acl_info *ptr;
    const struct list_head *list = &domain->acl_info_list;
    u16 i = 0;
 
retry:
    list_for_each_entry_rcu(ptr, list, list,
                srcu_read_lock_held(&tomoyo_ss)) {
        if (ptr->is_deleted || ptr->type != r->param_type)
            continue;
        if (!check_entry(r, ptr))
            continue;
        if (!tomoyo_condition(r, ptr->cond))
            continue;
        r->matched_acl = ptr;
        r->granted = true;
        return;
    }
    for (; i < TOMOYO_MAX_ACL_GROUPS; i++) {
        if (!test_bit(i, domain->group))
            continue;
        list = &domain->ns->acl_group[i++];
        goto retry;
    }
    r->granted = false;
}