On 21/06/2022 10:22, Konstantin Meskhidze wrote:
Adds a new object union to support a socket port
rule type. Refactors landlock_insert_rule() and
landlock_find_rule() to support coming network
modifications. Now adding or searching a rule
in a ruleset depends on a rule_type argument
provided in refactored functions mentioned above.
Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
---
Changes since v5:
* Formats code with clang-format-14.
Changes since v4:
* Refactors insert_rule() and create_rule() functions by deleting
rule_type from their arguments list, it helps to reduce useless code.
Changes since v3:
* Splits commit.
* Refactors landlock_insert_rule and landlock_find_rule functions.
* Rename new_ruleset->root_inode.
---
security/landlock/fs.c | 7 ++-
security/landlock/ruleset.c | 105 ++++++++++++++++++++++++++----------
security/landlock/ruleset.h | 27 +++++-----
3 files changed, 96 insertions(+), 43 deletions(-)
[...]
diff --git a/security/landlock/ruleset.h b/security/landlock/ruleset.h
index bd7ab39859bf..a22d132c32a7 100644
--- a/security/landlock/ruleset.h
+++ b/security/landlock/ruleset.h
@@ -53,15 +53,17 @@ struct landlock_rule {
*/
struct rb_node node;
/**
- * @object: Pointer to identify a kernel object (e.g. an inode). This
- * is used as a key for this ruleset element. This pointer is set once
- * and never modified. It always points to an allocated object because
- * each rule increments the refcount of its object.
- */
- struct landlock_object *object;
- /**
- * @num_layers: Number of entries in @layers.
+ * @object: A union to identify either a kernel object (e.g. an inode) or
+ * a raw data value (e.g. a network socket port). This is used as a key
+ * for this ruleset element. This pointer/@object.ptr/ is set once and
+ * never modified. It always points to an allocated object because each
+ * rule increments the refcount of its object (for inodes).;
Extra ";"
