diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-06-17 03:53:24 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-08-02 01:34:40 -0400 |
commit | a230f9e7121cbcbfe23bd5a630abf6b53cece555 (patch) | |
tree | a81820f41d57ffd8704aaef4331f696030d7ba77 | |
parent | a98aa4debe2728abb3353e35fc5d110dcc0d7f0d (diff) |
TOMOYO: Use array of "struct list_head".
Assign list id and make the lists as array of "struct list_head".
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/tomoyo/common.c | 42 | ||||
-rw-r--r-- | security/tomoyo/common.h | 38 | ||||
-rw-r--r-- | security/tomoyo/domain.c | 219 | ||||
-rw-r--r-- | security/tomoyo/file.c | 114 | ||||
-rw-r--r-- | security/tomoyo/gc.c | 41 | ||||
-rw-r--r-- | security/tomoyo/memory.c | 4 | ||||
-rw-r--r-- | security/tomoyo/number_group.c | 12 | ||||
-rw-r--r-- | security/tomoyo/path_group.c | 11 |
8 files changed, 98 insertions, 383 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 9eeb19ec6af4..cb1aaf148ad4 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
@@ -434,38 +434,6 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head) | |||
434 | head->read_eof = true; | 434 | head->read_eof = true; |
435 | } | 435 | } |
436 | 436 | ||
437 | /* | ||
438 | * tomoyo_policy_manager_list is used for holding list of domainnames or | ||
439 | * programs which are permitted to modify configuration via | ||
440 | * /sys/kernel/security/tomoyo/ interface. | ||
441 | * | ||
442 | * An entry is added by | ||
443 | * | ||
444 | * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \ | ||
445 | * /sys/kernel/security/tomoyo/manager | ||
446 | * (if you want to specify by a domainname) | ||
447 | * | ||
448 | * or | ||
449 | * | ||
450 | * # echo '/usr/sbin/tomoyo-editpolicy' > /sys/kernel/security/tomoyo/manager | ||
451 | * (if you want to specify by a program's location) | ||
452 | * | ||
453 | * and is deleted by | ||
454 | * | ||
455 | * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \ | ||
456 | * /sys/kernel/security/tomoyo/manager | ||
457 | * | ||
458 | * or | ||
459 | * | ||
460 | * # echo 'delete /usr/sbin/tomoyo-editpolicy' > \ | ||
461 | * /sys/kernel/security/tomoyo/manager | ||
462 | * | ||
463 | * and all entries are retrieved by | ||
464 | * | ||
465 | * # cat /sys/kernel/security/tomoyo/manager | ||
466 | */ | ||
467 | LIST_HEAD(tomoyo_policy_manager_list); | ||
468 | |||
469 | static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a, | 437 | static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a, |
470 | const struct tomoyo_acl_head *b) | 438 | const struct tomoyo_acl_head *b) |
471 | { | 439 | { |
@@ -503,7 +471,7 @@ static int tomoyo_update_manager_entry(const char *manager, | |||
503 | if (!e.manager) | 471 | if (!e.manager) |
504 | return -ENOMEM; | 472 | return -ENOMEM; |
505 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 473 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
506 | &tomoyo_policy_manager_list, | 474 | &tomoyo_policy_list[TOMOYO_ID_MANAGER], |
507 | tomoyo_same_manager_entry); | 475 | tomoyo_same_manager_entry); |
508 | tomoyo_put_name(e.manager); | 476 | tomoyo_put_name(e.manager); |
509 | return error; | 477 | return error; |
@@ -545,7 +513,7 @@ static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) | |||
545 | if (head->read_eof) | 513 | if (head->read_eof) |
546 | return; | 514 | return; |
547 | list_for_each_cookie(pos, head->read_var2, | 515 | list_for_each_cookie(pos, head->read_var2, |
548 | &tomoyo_policy_manager_list) { | 516 | &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { |
549 | struct tomoyo_policy_manager_entry *ptr; | 517 | struct tomoyo_policy_manager_entry *ptr; |
550 | ptr = list_entry(pos, struct tomoyo_policy_manager_entry, | 518 | ptr = list_entry(pos, struct tomoyo_policy_manager_entry, |
551 | head.list); | 519 | head.list); |
@@ -578,7 +546,8 @@ static bool tomoyo_policy_manager(void) | |||
578 | return true; | 546 | return true; |
579 | if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) | 547 | if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) |
580 | return false; | 548 | return false; |
581 | list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) { | 549 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], |
550 | head.list) { | ||
582 | if (!ptr->head.is_deleted && ptr->is_domain | 551 | if (!ptr->head.is_deleted && ptr->is_domain |
583 | && !tomoyo_pathcmp(domainname, ptr->manager)) { | 552 | && !tomoyo_pathcmp(domainname, ptr->manager)) { |
584 | found = true; | 553 | found = true; |
@@ -590,7 +559,8 @@ static bool tomoyo_policy_manager(void) | |||
590 | exe = tomoyo_get_exe(); | 559 | exe = tomoyo_get_exe(); |
591 | if (!exe) | 560 | if (!exe) |
592 | return false; | 561 | return false; |
593 | list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) { | 562 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], |
563 | head.list) { | ||
594 | if (!ptr->head.is_deleted && !ptr->is_domain | 564 | if (!ptr->head.is_deleted && !ptr->is_domain |
595 | && !strcmp(exe, ptr->manager->name)) { | 565 | && !strcmp(exe, ptr->manager->name)) { |
596 | found = true; | 566 | found = true; |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 9f289e412a63..451dc3c1036a 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -46,6 +46,30 @@ enum tomoyo_mode_index { | |||
46 | TOMOYO_CONFIG_USE_DEFAULT = 255 | 46 | TOMOYO_CONFIG_USE_DEFAULT = 255 |
47 | }; | 47 | }; |
48 | 48 | ||
49 | enum tomoyo_policy_id { | ||
50 | TOMOYO_ID_GROUP, | ||
51 | TOMOYO_ID_PATH_GROUP, | ||
52 | TOMOYO_ID_NUMBER_GROUP, | ||
53 | TOMOYO_ID_DOMAIN_INITIALIZER, | ||
54 | TOMOYO_ID_DOMAIN_KEEPER, | ||
55 | TOMOYO_ID_AGGREGATOR, | ||
56 | TOMOYO_ID_ALIAS, | ||
57 | TOMOYO_ID_GLOBALLY_READABLE, | ||
58 | TOMOYO_ID_PATTERN, | ||
59 | TOMOYO_ID_NO_REWRITE, | ||
60 | TOMOYO_ID_MANAGER, | ||
61 | TOMOYO_ID_NAME, | ||
62 | TOMOYO_ID_ACL, | ||
63 | TOMOYO_ID_DOMAIN, | ||
64 | TOMOYO_MAX_POLICY | ||
65 | }; | ||
66 | |||
67 | enum tomoyo_group_id { | ||
68 | TOMOYO_PATH_GROUP, | ||
69 | TOMOYO_NUMBER_GROUP, | ||
70 | TOMOYO_MAX_GROUP | ||
71 | }; | ||
72 | |||
49 | /* Keywords for ACLs. */ | 73 | /* Keywords for ACLs. */ |
50 | #define TOMOYO_KEYWORD_AGGREGATOR "aggregator " | 74 | #define TOMOYO_KEYWORD_AGGREGATOR "aggregator " |
51 | #define TOMOYO_KEYWORD_ALIAS "alias " | 75 | #define TOMOYO_KEYWORD_ALIAS "alias " |
@@ -570,7 +594,7 @@ struct tomoyo_globally_readable_file_entry { | |||
570 | 594 | ||
571 | /* | 595 | /* |
572 | * tomoyo_pattern_entry is a structure which is used for holding | 596 | * tomoyo_pattern_entry is a structure which is used for holding |
573 | * "tomoyo_pattern_list" entries. | 597 | * "file_pattern" entries. |
574 | * It has following fields. | 598 | * It has following fields. |
575 | * | 599 | * |
576 | * (1) "head" is "struct tomoyo_acl_head". | 600 | * (1) "head" is "struct tomoyo_acl_head". |
@@ -950,16 +974,8 @@ extern struct srcu_struct tomoyo_ss; | |||
950 | /* The list for "struct tomoyo_domain_info". */ | 974 | /* The list for "struct tomoyo_domain_info". */ |
951 | extern struct list_head tomoyo_domain_list; | 975 | extern struct list_head tomoyo_domain_list; |
952 | 976 | ||
953 | extern struct list_head tomoyo_path_group_list; | 977 | extern struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; |
954 | extern struct list_head tomoyo_number_group_list; | 978 | extern struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; |
955 | extern struct list_head tomoyo_domain_initializer_list; | ||
956 | extern struct list_head tomoyo_domain_keeper_list; | ||
957 | extern struct list_head tomoyo_aggregator_list; | ||
958 | extern struct list_head tomoyo_alias_list; | ||
959 | extern struct list_head tomoyo_globally_readable_list; | ||
960 | extern struct list_head tomoyo_pattern_list; | ||
961 | extern struct list_head tomoyo_no_rewrite_list; | ||
962 | extern struct list_head tomoyo_policy_manager_list; | ||
963 | extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; | 979 | extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; |
964 | 980 | ||
965 | /* Lock for protecting policy. */ | 981 | /* Lock for protecting policy. */ |
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 1a122974240f..3575b0e7c7fd 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c | |||
@@ -127,46 +127,12 @@ void tomoyo_check_acl(struct tomoyo_request_info *r, | |||
127 | r->granted = false; | 127 | r->granted = false; |
128 | } | 128 | } |
129 | 129 | ||
130 | /* | 130 | /* The list for "struct tomoyo_domain_info". */ |
131 | * tomoyo_domain_list is used for holding list of domains. | ||
132 | * The ->acl_info_list of "struct tomoyo_domain_info" is used for holding | ||
133 | * permissions (e.g. "allow_read /lib/libc-2.5.so") given to each domain. | ||
134 | * | ||
135 | * An entry is added by | ||
136 | * | ||
137 | * # ( echo "<kernel>"; echo "allow_execute /sbin/init" ) > \ | ||
138 | * /sys/kernel/security/tomoyo/domain_policy | ||
139 | * | ||
140 | * and is deleted by | ||
141 | * | ||
142 | * # ( echo "<kernel>"; echo "delete allow_execute /sbin/init" ) > \ | ||
143 | * /sys/kernel/security/tomoyo/domain_policy | ||
144 | * | ||
145 | * and all entries are retrieved by | ||
146 | * | ||
147 | * # cat /sys/kernel/security/tomoyo/domain_policy | ||
148 | * | ||
149 | * A domain is added by | ||
150 | * | ||
151 | * # echo "<kernel>" > /sys/kernel/security/tomoyo/domain_policy | ||
152 | * | ||
153 | * and is deleted by | ||
154 | * | ||
155 | * # echo "delete <kernel>" > /sys/kernel/security/tomoyo/domain_policy | ||
156 | * | ||
157 | * and all domains are retrieved by | ||
158 | * | ||
159 | * # grep '^<kernel>' /sys/kernel/security/tomoyo/domain_policy | ||
160 | * | ||
161 | * Normally, a domainname is monotonically getting longer because a domainname | ||
162 | * which the process will belong to if an execve() operation succeeds is | ||
163 | * defined as a concatenation of "current domainname" + "pathname passed to | ||
164 | * execve()". | ||
165 | * See tomoyo_domain_initializer_list and tomoyo_domain_keeper_list for | ||
166 | * exceptions. | ||
167 | */ | ||
168 | LIST_HEAD(tomoyo_domain_list); | 131 | LIST_HEAD(tomoyo_domain_list); |
169 | 132 | ||
133 | struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; | ||
134 | struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; | ||
135 | |||
170 | /** | 136 | /** |
171 | * tomoyo_get_last_name - Get last component of a domainname. | 137 | * tomoyo_get_last_name - Get last component of a domainname. |
172 | * | 138 | * |
@@ -184,44 +150,6 @@ const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain) | |||
184 | return cp0; | 150 | return cp0; |
185 | } | 151 | } |
186 | 152 | ||
187 | /* | ||
188 | * tomoyo_domain_initializer_list is used for holding list of programs which | ||
189 | * triggers reinitialization of domainname. Normally, a domainname is | ||
190 | * monotonically getting longer. But sometimes, we restart daemon programs. | ||
191 | * It would be convenient for us that "a daemon started upon system boot" and | ||
192 | * "the daemon restarted from console" belong to the same domain. Thus, TOMOYO | ||
193 | * provides a way to shorten domainnames. | ||
194 | * | ||
195 | * An entry is added by | ||
196 | * | ||
197 | * # echo 'initialize_domain /usr/sbin/httpd' > \ | ||
198 | * /sys/kernel/security/tomoyo/exception_policy | ||
199 | * | ||
200 | * and is deleted by | ||
201 | * | ||
202 | * # echo 'delete initialize_domain /usr/sbin/httpd' > \ | ||
203 | * /sys/kernel/security/tomoyo/exception_policy | ||
204 | * | ||
205 | * and all entries are retrieved by | ||
206 | * | ||
207 | * # grep ^initialize_domain /sys/kernel/security/tomoyo/exception_policy | ||
208 | * | ||
209 | * In the example above, /usr/sbin/httpd will belong to | ||
210 | * "<kernel> /usr/sbin/httpd" domain. | ||
211 | * | ||
212 | * You may specify a domainname using "from" keyword. | ||
213 | * "initialize_domain /usr/sbin/httpd from <kernel> /etc/rc.d/init.d/httpd" | ||
214 | * will cause "/usr/sbin/httpd" executed from "<kernel> /etc/rc.d/init.d/httpd" | ||
215 | * domain to belong to "<kernel> /usr/sbin/httpd" domain. | ||
216 | * | ||
217 | * You may add "no_" prefix to "initialize_domain". | ||
218 | * "initialize_domain /usr/sbin/httpd" and | ||
219 | * "no_initialize_domain /usr/sbin/httpd from <kernel> /etc/rc.d/init.d/httpd" | ||
220 | * will cause "/usr/sbin/httpd" to belong to "<kernel> /usr/sbin/httpd" domain | ||
221 | * unless executed from "<kernel> /etc/rc.d/init.d/httpd" domain. | ||
222 | */ | ||
223 | LIST_HEAD(tomoyo_domain_initializer_list); | ||
224 | |||
225 | static bool tomoyo_same_domain_initializer_entry(const struct tomoyo_acl_head * | 153 | static bool tomoyo_same_domain_initializer_entry(const struct tomoyo_acl_head * |
226 | a, | 154 | a, |
227 | const struct tomoyo_acl_head * | 155 | const struct tomoyo_acl_head * |
@@ -272,7 +200,8 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, | |||
272 | if (!e.program) | 200 | if (!e.program) |
273 | goto out; | 201 | goto out; |
274 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 202 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
275 | &tomoyo_domain_initializer_list, | 203 | &tomoyo_policy_list |
204 | [TOMOYO_ID_DOMAIN_INITIALIZER], | ||
276 | tomoyo_same_domain_initializer_entry); | 205 | tomoyo_same_domain_initializer_entry); |
277 | out: | 206 | out: |
278 | tomoyo_put_name(e.domainname); | 207 | tomoyo_put_name(e.domainname); |
@@ -294,8 +223,8 @@ bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head) | |||
294 | struct list_head *pos; | 223 | struct list_head *pos; |
295 | bool done = true; | 224 | bool done = true; |
296 | 225 | ||
297 | list_for_each_cookie(pos, head->read_var2, | 226 | list_for_each_cookie(pos, head->read_var2, &tomoyo_policy_list |
298 | &tomoyo_domain_initializer_list) { | 227 | [TOMOYO_ID_DOMAIN_INITIALIZER]) { |
299 | const char *no; | 228 | const char *no; |
300 | const char *from = ""; | 229 | const char *from = ""; |
301 | const char *domain = ""; | 230 | const char *domain = ""; |
@@ -366,8 +295,8 @@ static bool tomoyo_domain_initializer(const struct tomoyo_path_info * | |||
366 | struct tomoyo_domain_initializer_entry *ptr; | 295 | struct tomoyo_domain_initializer_entry *ptr; |
367 | bool flag = false; | 296 | bool flag = false; |
368 | 297 | ||
369 | list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, | 298 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list |
370 | head.list) { | 299 | [TOMOYO_ID_DOMAIN_INITIALIZER], head.list) { |
371 | if (ptr->head.is_deleted) | 300 | if (ptr->head.is_deleted) |
372 | continue; | 301 | continue; |
373 | if (ptr->domainname) { | 302 | if (ptr->domainname) { |
@@ -390,46 +319,6 @@ static bool tomoyo_domain_initializer(const struct tomoyo_path_info * | |||
390 | return flag; | 319 | return flag; |
391 | } | 320 | } |
392 | 321 | ||
393 | /* | ||
394 | * tomoyo_domain_keeper_list is used for holding list of domainnames which | ||
395 | * suppresses domain transition. Normally, a domainname is monotonically | ||
396 | * getting longer. But sometimes, we want to suppress domain transition. | ||
397 | * It would be convenient for us that programs executed from a login session | ||
398 | * belong to the same domain. Thus, TOMOYO provides a way to suppress domain | ||
399 | * transition. | ||
400 | * | ||
401 | * An entry is added by | ||
402 | * | ||
403 | * # echo 'keep_domain <kernel> /usr/sbin/sshd /bin/bash' > \ | ||
404 | * /sys/kernel/security/tomoyo/exception_policy | ||
405 | * | ||
406 | * and is deleted by | ||
407 | * | ||
408 | * # echo 'delete keep_domain <kernel> /usr/sbin/sshd /bin/bash' > \ | ||
409 | * /sys/kernel/security/tomoyo/exception_policy | ||
410 | * | ||
411 | * and all entries are retrieved by | ||
412 | * | ||
413 | * # grep ^keep_domain /sys/kernel/security/tomoyo/exception_policy | ||
414 | * | ||
415 | * In the example above, any process which belongs to | ||
416 | * "<kernel> /usr/sbin/sshd /bin/bash" domain will remain in that domain, | ||
417 | * unless explicitly specified by "initialize_domain" or "no_keep_domain". | ||
418 | * | ||
419 | * You may specify a program using "from" keyword. | ||
420 | * "keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash" | ||
421 | * will cause "/bin/pwd" executed from "<kernel> /usr/sbin/sshd /bin/bash" | ||
422 | * domain to remain in "<kernel> /usr/sbin/sshd /bin/bash" domain. | ||
423 | * | ||
424 | * You may add "no_" prefix to "keep_domain". | ||
425 | * "keep_domain <kernel> /usr/sbin/sshd /bin/bash" and | ||
426 | * "no_keep_domain /usr/bin/passwd from <kernel> /usr/sbin/sshd /bin/bash" will | ||
427 | * cause "/usr/bin/passwd" to belong to | ||
428 | * "<kernel> /usr/sbin/sshd /bin/bash /usr/bin/passwd" domain, unless | ||
429 | * explicitly specified by "initialize_domain". | ||
430 | */ | ||
431 | LIST_HEAD(tomoyo_domain_keeper_list); | ||
432 | |||
433 | static bool tomoyo_same_domain_keeper_entry(const struct tomoyo_acl_head *a, | 322 | static bool tomoyo_same_domain_keeper_entry(const struct tomoyo_acl_head *a, |
434 | const struct tomoyo_acl_head *b) | 323 | const struct tomoyo_acl_head *b) |
435 | { | 324 | { |
@@ -478,7 +367,8 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, | |||
478 | if (!e.domainname) | 367 | if (!e.domainname) |
479 | goto out; | 368 | goto out; |
480 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 369 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
481 | &tomoyo_domain_keeper_list, | 370 | &tomoyo_policy_list |
371 | [TOMOYO_ID_DOMAIN_KEEPER], | ||
482 | tomoyo_same_domain_keeper_entry); | 372 | tomoyo_same_domain_keeper_entry); |
483 | out: | 373 | out: |
484 | tomoyo_put_name(e.domainname); | 374 | tomoyo_put_name(e.domainname); |
@@ -523,7 +413,7 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head) | |||
523 | bool done = true; | 413 | bool done = true; |
524 | 414 | ||
525 | list_for_each_cookie(pos, head->read_var2, | 415 | list_for_each_cookie(pos, head->read_var2, |
526 | &tomoyo_domain_keeper_list) { | 416 | &tomoyo_policy_list[TOMOYO_ID_DOMAIN_KEEPER]) { |
527 | struct tomoyo_domain_keeper_entry *ptr; | 417 | struct tomoyo_domain_keeper_entry *ptr; |
528 | const char *no; | 418 | const char *no; |
529 | const char *from = ""; | 419 | const char *from = ""; |
@@ -567,7 +457,9 @@ static bool tomoyo_domain_keeper(const struct tomoyo_path_info *domainname, | |||
567 | struct tomoyo_domain_keeper_entry *ptr; | 457 | struct tomoyo_domain_keeper_entry *ptr; |
568 | bool flag = false; | 458 | bool flag = false; |
569 | 459 | ||
570 | list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, head.list) { | 460 | list_for_each_entry_rcu(ptr, |
461 | &tomoyo_policy_list[TOMOYO_ID_DOMAIN_KEEPER], | ||
462 | head.list) { | ||
571 | if (ptr->head.is_deleted) | 463 | if (ptr->head.is_deleted) |
572 | continue; | 464 | continue; |
573 | if (!ptr->is_last_name) { | 465 | if (!ptr->is_last_name) { |
@@ -588,35 +480,6 @@ static bool tomoyo_domain_keeper(const struct tomoyo_path_info *domainname, | |||
588 | return flag; | 480 | return flag; |
589 | } | 481 | } |
590 | 482 | ||
591 | /* | ||
592 | * tomoyo_aggregator_list is used for holding list of rewrite table for | ||
593 | * execve() request. Some programs provides similar functionality. This keyword | ||
594 | * allows users to aggregate such programs. | ||
595 | * | ||
596 | * Entries are added by | ||
597 | * | ||
598 | * # echo 'aggregator /usr/bin/vi /./editor' > \ | ||
599 | * /sys/kernel/security/tomoyo/exception_policy | ||
600 | * # echo 'aggregator /usr/bin/emacs /./editor' > \ | ||
601 | * /sys/kernel/security/tomoyo/exception_policy | ||
602 | * | ||
603 | * and are deleted by | ||
604 | * | ||
605 | * # echo 'delete aggregator /usr/bin/vi /./editor' > \ | ||
606 | * /sys/kernel/security/tomoyo/exception_policy | ||
607 | * # echo 'delete aggregator /usr/bin/emacs /./editor' > \ | ||
608 | * /sys/kernel/security/tomoyo/exception_policy | ||
609 | * | ||
610 | * and all entries are retrieved by | ||
611 | * | ||
612 | * # grep ^aggregator /sys/kernel/security/tomoyo/exception_policy | ||
613 | * | ||
614 | * In the example above, if /usr/bin/vi or /usr/bin/emacs are executed, | ||
615 | * permission is checked for /./editor and domainname which the current process | ||
616 | * will belong to after execve() succeeds is calculated using /./editor . | ||
617 | */ | ||
618 | LIST_HEAD(tomoyo_aggregator_list); | ||
619 | |||
620 | static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a, | 483 | static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a, |
621 | const struct tomoyo_acl_head *b) | 484 | const struct tomoyo_acl_head *b) |
622 | { | 485 | { |
@@ -655,7 +518,7 @@ static int tomoyo_update_aggregator_entry(const char *original_name, | |||
655 | e.aggregated_name->is_patterned) /* No patterns allowed. */ | 518 | e.aggregated_name->is_patterned) /* No patterns allowed. */ |
656 | goto out; | 519 | goto out; |
657 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 520 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
658 | &tomoyo_aggregator_list, | 521 | &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR], |
659 | tomoyo_same_aggregator_entry); | 522 | tomoyo_same_aggregator_entry); |
660 | out: | 523 | out: |
661 | tomoyo_put_name(e.original_name); | 524 | tomoyo_put_name(e.original_name); |
@@ -677,7 +540,8 @@ bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head) | |||
677 | struct list_head *pos; | 540 | struct list_head *pos; |
678 | bool done = true; | 541 | bool done = true; |
679 | 542 | ||
680 | list_for_each_cookie(pos, head->read_var2, &tomoyo_aggregator_list) { | 543 | list_for_each_cookie(pos, head->read_var2, |
544 | &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR]) { | ||
681 | struct tomoyo_aggregator_entry *ptr; | 545 | struct tomoyo_aggregator_entry *ptr; |
682 | 546 | ||
683 | ptr = list_entry(pos, struct tomoyo_aggregator_entry, | 547 | ptr = list_entry(pos, struct tomoyo_aggregator_entry, |
@@ -713,38 +577,6 @@ int tomoyo_write_aggregator_policy(char *data, const bool is_delete) | |||
713 | return tomoyo_update_aggregator_entry(data, cp, is_delete); | 577 | return tomoyo_update_aggregator_entry(data, cp, is_delete); |
714 | } | 578 | } |
715 | 579 | ||
716 | /* | ||
717 | * tomoyo_alias_list is used for holding list of symlink's pathnames which are | ||
718 | * allowed to be passed to an execve() request. Normally, the domainname which | ||
719 | * the current process will belong to after execve() succeeds is calculated | ||
720 | * using dereferenced pathnames. But some programs behave differently depending | ||
721 | * on the name passed to argv[0]. For busybox, calculating domainname using | ||
722 | * dereferenced pathnames will cause all programs in the busybox to belong to | ||
723 | * the same domain. Thus, TOMOYO provides a way to allow use of symlink's | ||
724 | * pathname for checking execve()'s permission and calculating domainname which | ||
725 | * the current process will belong to after execve() succeeds. | ||
726 | * | ||
727 | * An entry is added by | ||
728 | * | ||
729 | * # echo 'alias /bin/busybox /bin/cat' > \ | ||
730 | * /sys/kernel/security/tomoyo/exception_policy | ||
731 | * | ||
732 | * and is deleted by | ||
733 | * | ||
734 | * # echo 'delete alias /bin/busybox /bin/cat' > \ | ||
735 | * /sys/kernel/security/tomoyo/exception_policy | ||
736 | * | ||
737 | * and all entries are retrieved by | ||
738 | * | ||
739 | * # grep ^alias /sys/kernel/security/tomoyo/exception_policy | ||
740 | * | ||
741 | * In the example above, if /bin/cat is a symlink to /bin/busybox and execution | ||
742 | * of /bin/cat is requested, permission is checked for /bin/cat rather than | ||
743 | * /bin/busybox and domainname which the current process will belong to after | ||
744 | * execve() succeeds is calculated using /bin/cat rather than /bin/busybox . | ||
745 | */ | ||
746 | LIST_HEAD(tomoyo_alias_list); | ||
747 | |||
748 | static bool tomoyo_same_alias_entry(const struct tomoyo_acl_head *a, | 580 | static bool tomoyo_same_alias_entry(const struct tomoyo_acl_head *a, |
749 | const struct tomoyo_acl_head *b) | 581 | const struct tomoyo_acl_head *b) |
750 | { | 582 | { |
@@ -783,7 +615,7 @@ static int tomoyo_update_alias_entry(const char *original_name, | |||
783 | e.original_name->is_patterned || e.aliased_name->is_patterned) | 615 | e.original_name->is_patterned || e.aliased_name->is_patterned) |
784 | goto out; /* No patterns allowed. */ | 616 | goto out; /* No patterns allowed. */ |
785 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 617 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
786 | &tomoyo_alias_list, | 618 | &tomoyo_policy_list[TOMOYO_ID_ALIAS], |
787 | tomoyo_same_alias_entry); | 619 | tomoyo_same_alias_entry); |
788 | out: | 620 | out: |
789 | tomoyo_put_name(e.original_name); | 621 | tomoyo_put_name(e.original_name); |
@@ -805,7 +637,8 @@ bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head) | |||
805 | struct list_head *pos; | 637 | struct list_head *pos; |
806 | bool done = true; | 638 | bool done = true; |
807 | 639 | ||
808 | list_for_each_cookie(pos, head->read_var2, &tomoyo_alias_list) { | 640 | list_for_each_cookie(pos, head->read_var2, |
641 | &tomoyo_policy_list[TOMOYO_ID_ALIAS]) { | ||
809 | struct tomoyo_alias_entry *ptr; | 642 | struct tomoyo_alias_entry *ptr; |
810 | 643 | ||
811 | ptr = list_entry(pos, struct tomoyo_alias_entry, head.list); | 644 | ptr = list_entry(pos, struct tomoyo_alias_entry, head.list); |
@@ -946,7 +779,9 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) | |||
946 | if (tomoyo_pathcmp(&rn, &sn)) { | 779 | if (tomoyo_pathcmp(&rn, &sn)) { |
947 | struct tomoyo_alias_entry *ptr; | 780 | struct tomoyo_alias_entry *ptr; |
948 | /* Is this program allowed to be called via symbolic links? */ | 781 | /* Is this program allowed to be called via symbolic links? */ |
949 | list_for_each_entry_rcu(ptr, &tomoyo_alias_list, head.list) { | 782 | list_for_each_entry_rcu(ptr, |
783 | &tomoyo_policy_list[TOMOYO_ID_ALIAS], | ||
784 | head.list) { | ||
950 | if (ptr->head.is_deleted || | 785 | if (ptr->head.is_deleted || |
951 | tomoyo_pathcmp(&rn, ptr->original_name) || | 786 | tomoyo_pathcmp(&rn, ptr->original_name) || |
952 | tomoyo_pathcmp(&sn, ptr->aliased_name)) | 787 | tomoyo_pathcmp(&sn, ptr->aliased_name)) |
@@ -962,8 +797,8 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) | |||
962 | /* Check 'aggregator' directive. */ | 797 | /* Check 'aggregator' directive. */ |
963 | { | 798 | { |
964 | struct tomoyo_aggregator_entry *ptr; | 799 | struct tomoyo_aggregator_entry *ptr; |
965 | list_for_each_entry_rcu(ptr, &tomoyo_aggregator_list, | 800 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list |
966 | head.list) { | 801 | [TOMOYO_ID_AGGREGATOR], head.list) { |
967 | if (ptr->head.is_deleted || | 802 | if (ptr->head.is_deleted || |
968 | !tomoyo_path_matches_pattern(&rn, | 803 | !tomoyo_path_matches_pattern(&rn, |
969 | ptr->original_name)) | 804 | ptr->original_name)) |
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 6c2ba69fc89e..df3b203d7d4f 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
@@ -265,33 +265,6 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r) | |||
265 | tomoyo_file_pattern(filename), buffer); | 265 | tomoyo_file_pattern(filename), buffer); |
266 | } | 266 | } |
267 | 267 | ||
268 | /* | ||
269 | * tomoyo_globally_readable_list is used for holding list of pathnames which | ||
270 | * are by default allowed to be open()ed for reading by any process. | ||
271 | * | ||
272 | * An entry is added by | ||
273 | * | ||
274 | * # echo 'allow_read /lib/libc-2.5.so' > \ | ||
275 | * /sys/kernel/security/tomoyo/exception_policy | ||
276 | * | ||
277 | * and is deleted by | ||
278 | * | ||
279 | * # echo 'delete allow_read /lib/libc-2.5.so' > \ | ||
280 | * /sys/kernel/security/tomoyo/exception_policy | ||
281 | * | ||
282 | * and all entries are retrieved by | ||
283 | * | ||
284 | * # grep ^allow_read /sys/kernel/security/tomoyo/exception_policy | ||
285 | * | ||
286 | * In the example above, any process is allowed to | ||
287 | * open("/lib/libc-2.5.so", O_RDONLY). | ||
288 | * One exception is, if the domain which current process belongs to is marked | ||
289 | * as "ignore_global_allow_read", current process can't do so unless explicitly | ||
290 | * given "allow_read /lib/libc-2.5.so" to the domain which current process | ||
291 | * belongs to. | ||
292 | */ | ||
293 | LIST_HEAD(tomoyo_globally_readable_list); | ||
294 | |||
295 | static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a, | 268 | static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a, |
296 | const struct tomoyo_acl_head *b) | 269 | const struct tomoyo_acl_head *b) |
297 | { | 270 | { |
@@ -323,7 +296,8 @@ static int tomoyo_update_globally_readable_entry(const char *filename, | |||
323 | if (!e.filename) | 296 | if (!e.filename) |
324 | return -ENOMEM; | 297 | return -ENOMEM; |
325 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 298 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
326 | &tomoyo_globally_readable_list, | 299 | &tomoyo_policy_list |
300 | [TOMOYO_ID_GLOBALLY_READABLE], | ||
327 | tomoyo_same_globally_readable); | 301 | tomoyo_same_globally_readable); |
328 | tomoyo_put_name(e.filename); | 302 | tomoyo_put_name(e.filename); |
329 | return error; | 303 | return error; |
@@ -344,8 +318,8 @@ static bool tomoyo_globally_readable_file(const struct tomoyo_path_info * | |||
344 | struct tomoyo_globally_readable_file_entry *ptr; | 318 | struct tomoyo_globally_readable_file_entry *ptr; |
345 | bool found = false; | 319 | bool found = false; |
346 | 320 | ||
347 | list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, | 321 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list |
348 | head.list) { | 322 | [TOMOYO_ID_GLOBALLY_READABLE], head.list) { |
349 | if (!ptr->head.is_deleted && | 323 | if (!ptr->head.is_deleted && |
350 | tomoyo_path_matches_pattern(filename, ptr->filename)) { | 324 | tomoyo_path_matches_pattern(filename, ptr->filename)) { |
351 | found = true; | 325 | found = true; |
@@ -385,7 +359,7 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head) | |||
385 | bool done = true; | 359 | bool done = true; |
386 | 360 | ||
387 | list_for_each_cookie(pos, head->read_var2, | 361 | list_for_each_cookie(pos, head->read_var2, |
388 | &tomoyo_globally_readable_list) { | 362 | &tomoyo_policy_list[TOMOYO_ID_GLOBALLY_READABLE]) { |
389 | struct tomoyo_globally_readable_file_entry *ptr; | 363 | struct tomoyo_globally_readable_file_entry *ptr; |
390 | ptr = list_entry(pos, | 364 | ptr = list_entry(pos, |
391 | struct tomoyo_globally_readable_file_entry, | 365 | struct tomoyo_globally_readable_file_entry, |
@@ -400,37 +374,6 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head) | |||
400 | return done; | 374 | return done; |
401 | } | 375 | } |
402 | 376 | ||
403 | /* tomoyo_pattern_list is used for holding list of pathnames which are used for | ||
404 | * converting pathnames to pathname patterns during learning mode. | ||
405 | * | ||
406 | * An entry is added by | ||
407 | * | ||
408 | * # echo 'file_pattern /proc/\$/mounts' > \ | ||
409 | * /sys/kernel/security/tomoyo/exception_policy | ||
410 | * | ||
411 | * and is deleted by | ||
412 | * | ||
413 | * # echo 'delete file_pattern /proc/\$/mounts' > \ | ||
414 | * /sys/kernel/security/tomoyo/exception_policy | ||
415 | * | ||
416 | * and all entries are retrieved by | ||
417 | * | ||
418 | * # grep ^file_pattern /sys/kernel/security/tomoyo/exception_policy | ||
419 | * | ||
420 | * In the example above, if a process which belongs to a domain which is in | ||
421 | * learning mode requested open("/proc/1/mounts", O_RDONLY), | ||
422 | * "allow_read /proc/\$/mounts" is automatically added to the domain which that | ||
423 | * process belongs to. | ||
424 | * | ||
425 | * It is not a desirable behavior that we have to use /proc/\$/ instead of | ||
426 | * /proc/self/ when current process needs to access only current process's | ||
427 | * information. As of now, LSM version of TOMOYO is using __d_path() for | ||
428 | * calculating pathname. Non LSM version of TOMOYO is using its own function | ||
429 | * which pretends as if /proc/self/ is not a symlink; so that we can forbid | ||
430 | * current process from accessing other process's information. | ||
431 | */ | ||
432 | LIST_HEAD(tomoyo_pattern_list); | ||
433 | |||
434 | static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, | 377 | static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, |
435 | const struct tomoyo_acl_head *b) | 378 | const struct tomoyo_acl_head *b) |
436 | { | 379 | { |
@@ -460,7 +403,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern, | |||
460 | if (!e.pattern) | 403 | if (!e.pattern) |
461 | return -ENOMEM; | 404 | return -ENOMEM; |
462 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 405 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
463 | &tomoyo_pattern_list, | 406 | &tomoyo_policy_list[TOMOYO_ID_PATTERN], |
464 | tomoyo_same_pattern); | 407 | tomoyo_same_pattern); |
465 | tomoyo_put_name(e.pattern); | 408 | tomoyo_put_name(e.pattern); |
466 | return error; | 409 | return error; |
@@ -480,7 +423,8 @@ const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename) | |||
480 | struct tomoyo_pattern_entry *ptr; | 423 | struct tomoyo_pattern_entry *ptr; |
481 | const struct tomoyo_path_info *pattern = NULL; | 424 | const struct tomoyo_path_info *pattern = NULL; |
482 | 425 | ||
483 | list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, head.list) { | 426 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_PATTERN], |
427 | head.list) { | ||
484 | if (ptr->head.is_deleted) | 428 | if (ptr->head.is_deleted) |
485 | continue; | 429 | continue; |
486 | if (!tomoyo_path_matches_pattern(filename, ptr->pattern)) | 430 | if (!tomoyo_path_matches_pattern(filename, ptr->pattern)) |
@@ -527,7 +471,8 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head) | |||
527 | struct list_head *pos; | 471 | struct list_head *pos; |
528 | bool done = true; | 472 | bool done = true; |
529 | 473 | ||
530 | list_for_each_cookie(pos, head->read_var2, &tomoyo_pattern_list) { | 474 | list_for_each_cookie(pos, head->read_var2, |
475 | &tomoyo_policy_list[TOMOYO_ID_PATTERN]) { | ||
531 | struct tomoyo_pattern_entry *ptr; | 476 | struct tomoyo_pattern_entry *ptr; |
532 | ptr = list_entry(pos, struct tomoyo_pattern_entry, head.list); | 477 | ptr = list_entry(pos, struct tomoyo_pattern_entry, head.list); |
533 | if (ptr->head.is_deleted) | 478 | if (ptr->head.is_deleted) |
@@ -540,37 +485,6 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head) | |||
540 | return done; | 485 | return done; |
541 | } | 486 | } |
542 | 487 | ||
543 | /* | ||
544 | * tomoyo_no_rewrite_list is used for holding list of pathnames which are by | ||
545 | * default forbidden to modify already written content of a file. | ||
546 | * | ||
547 | * An entry is added by | ||
548 | * | ||
549 | * # echo 'deny_rewrite /var/log/messages' > \ | ||
550 | * /sys/kernel/security/tomoyo/exception_policy | ||
551 | * | ||
552 | * and is deleted by | ||
553 | * | ||
554 | * # echo 'delete deny_rewrite /var/log/messages' > \ | ||
555 | * /sys/kernel/security/tomoyo/exception_policy | ||
556 | * | ||
557 | * and all entries are retrieved by | ||
558 | * | ||
559 | * # grep ^deny_rewrite /sys/kernel/security/tomoyo/exception_policy | ||
560 | * | ||
561 | * In the example above, if a process requested to rewrite /var/log/messages , | ||
562 | * the process can't rewrite unless the domain which that process belongs to | ||
563 | * has "allow_rewrite /var/log/messages" entry. | ||
564 | * | ||
565 | * It is not a desirable behavior that we have to add "\040(deleted)" suffix | ||
566 | * when we want to allow rewriting already unlink()ed file. As of now, | ||
567 | * LSM version of TOMOYO is using __d_path() for calculating pathname. | ||
568 | * Non LSM version of TOMOYO is using its own function which doesn't append | ||
569 | * " (deleted)" suffix if the file is already unlink()ed; so that we don't | ||
570 | * need to worry whether the file is already unlink()ed or not. | ||
571 | */ | ||
572 | LIST_HEAD(tomoyo_no_rewrite_list); | ||
573 | |||
574 | static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, | 488 | static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, |
575 | const struct tomoyo_acl_head *b) | 489 | const struct tomoyo_acl_head *b) |
576 | { | 490 | { |
@@ -601,7 +515,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern, | |||
601 | if (!e.pattern) | 515 | if (!e.pattern) |
602 | return -ENOMEM; | 516 | return -ENOMEM; |
603 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, | 517 | error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, |
604 | &tomoyo_no_rewrite_list, | 518 | &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE], |
605 | tomoyo_same_no_rewrite); | 519 | tomoyo_same_no_rewrite); |
606 | tomoyo_put_name(e.pattern); | 520 | tomoyo_put_name(e.pattern); |
607 | return error; | 521 | return error; |
@@ -622,7 +536,8 @@ static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename) | |||
622 | struct tomoyo_no_rewrite_entry *ptr; | 536 | struct tomoyo_no_rewrite_entry *ptr; |
623 | bool found = false; | 537 | bool found = false; |
624 | 538 | ||
625 | list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, head.list) { | 539 | list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE], |
540 | head.list) { | ||
626 | if (ptr->head.is_deleted) | 541 | if (ptr->head.is_deleted) |
627 | continue; | 542 | continue; |
628 | if (!tomoyo_path_matches_pattern(filename, ptr->pattern)) | 543 | if (!tomoyo_path_matches_pattern(filename, ptr->pattern)) |
@@ -662,7 +577,8 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head) | |||
662 | struct list_head *pos; | 577 | struct list_head *pos; |
663 | bool done = true; | 578 | bool done = true; |
664 | 579 | ||
665 | list_for_each_cookie(pos, head->read_var2, &tomoyo_no_rewrite_list) { | 580 | list_for_each_cookie(pos, head->read_var2, |
581 | &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE]) { | ||
666 | struct tomoyo_no_rewrite_entry *ptr; | 582 | struct tomoyo_no_rewrite_entry *ptr; |
667 | ptr = list_entry(pos, struct tomoyo_no_rewrite_entry, | 583 | ptr = list_entry(pos, struct tomoyo_no_rewrite_entry, |
668 | head.list); | 584 | head.list); |
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index 446d59f8ae25..414e18bd93c7 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c | |||
@@ -11,24 +11,6 @@ | |||
11 | #include <linux/kthread.h> | 11 | #include <linux/kthread.h> |
12 | #include <linux/slab.h> | 12 | #include <linux/slab.h> |
13 | 13 | ||
14 | enum tomoyo_policy_id { | ||
15 | TOMOYO_ID_GROUP, | ||
16 | TOMOYO_ID_PATH_GROUP, | ||
17 | TOMOYO_ID_NUMBER_GROUP, | ||
18 | TOMOYO_ID_DOMAIN_INITIALIZER, | ||
19 | TOMOYO_ID_DOMAIN_KEEPER, | ||
20 | TOMOYO_ID_AGGREGATOR, | ||
21 | TOMOYO_ID_ALIAS, | ||
22 | TOMOYO_ID_GLOBALLY_READABLE, | ||
23 | TOMOYO_ID_PATTERN, | ||
24 | TOMOYO_ID_NO_REWRITE, | ||
25 | TOMOYO_ID_MANAGER, | ||
26 | TOMOYO_ID_NAME, | ||
27 | TOMOYO_ID_ACL, | ||
28 | TOMOYO_ID_DOMAIN, | ||
29 | TOMOYO_MAX_POLICY | ||
30 | }; | ||
31 | |||
32 | struct tomoyo_gc_entry { | 14 | struct tomoyo_gc_entry { |
33 | struct list_head list; | 15 | struct list_head list; |
34 | int type; | 16 | int type; |
@@ -226,17 +208,6 @@ static void tomoyo_del_number_group(struct list_head *element) | |||
226 | container_of(element, typeof(*member), head.list); | 208 | container_of(element, typeof(*member), head.list); |
227 | } | 209 | } |
228 | 210 | ||
229 | static struct list_head *tomoyo_policy_list[TOMOYO_MAX_POLICY] = { | ||
230 | [TOMOYO_ID_GLOBALLY_READABLE] = &tomoyo_globally_readable_list, | ||
231 | [TOMOYO_ID_PATTERN] = &tomoyo_pattern_list, | ||
232 | [TOMOYO_ID_NO_REWRITE] = &tomoyo_no_rewrite_list, | ||
233 | [TOMOYO_ID_DOMAIN_INITIALIZER] = &tomoyo_domain_initializer_list, | ||
234 | [TOMOYO_ID_DOMAIN_KEEPER] = &tomoyo_domain_keeper_list, | ||
235 | [TOMOYO_ID_AGGREGATOR] = &tomoyo_aggregator_list, | ||
236 | [TOMOYO_ID_ALIAS] = &tomoyo_alias_list, | ||
237 | [TOMOYO_ID_MANAGER] = &tomoyo_policy_manager_list, | ||
238 | }; | ||
239 | |||
240 | static bool tomoyo_collect_member(struct list_head *member_list, int id) | 211 | static bool tomoyo_collect_member(struct list_head *member_list, int id) |
241 | { | 212 | { |
242 | struct tomoyo_acl_head *member; | 213 | struct tomoyo_acl_head *member; |
@@ -267,9 +238,8 @@ static void tomoyo_collect_entry(void) | |||
267 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) | 238 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
268 | return; | 239 | return; |
269 | for (i = 0; i < TOMOYO_MAX_POLICY; i++) { | 240 | for (i = 0; i < TOMOYO_MAX_POLICY; i++) { |
270 | if (tomoyo_policy_list[i]) | 241 | if (!tomoyo_collect_member(&tomoyo_policy_list[i], i)) |
271 | if (!tomoyo_collect_member(tomoyo_policy_list[i], i)) | 242 | goto unlock; |
272 | goto unlock; | ||
273 | } | 243 | } |
274 | { | 244 | { |
275 | struct tomoyo_domain_info *domain; | 245 | struct tomoyo_domain_info *domain; |
@@ -298,7 +268,9 @@ static void tomoyo_collect_entry(void) | |||
298 | } | 268 | } |
299 | { | 269 | { |
300 | struct tomoyo_group *group; | 270 | struct tomoyo_group *group; |
301 | list_for_each_entry_rcu(group, &tomoyo_path_group_list, list) { | 271 | list_for_each_entry_rcu(group, |
272 | &tomoyo_group_list[TOMOYO_PATH_GROUP], | ||
273 | list) { | ||
302 | tomoyo_collect_member(&group->member_list, | 274 | tomoyo_collect_member(&group->member_list, |
303 | TOMOYO_ID_PATH_GROUP); | 275 | TOMOYO_ID_PATH_GROUP); |
304 | if (!list_empty(&group->member_list) || | 276 | if (!list_empty(&group->member_list) || |
@@ -311,7 +283,8 @@ static void tomoyo_collect_entry(void) | |||
311 | } | 283 | } |
312 | { | 284 | { |
313 | struct tomoyo_group *group; | 285 | struct tomoyo_group *group; |
314 | list_for_each_entry_rcu(group, &tomoyo_number_group_list, | 286 | list_for_each_entry_rcu(group, |
287 | &tomoyo_group_list[TOMOYO_NUMBER_GROUP], | ||
315 | list) { | 288 | list) { |
316 | tomoyo_collect_member(&group->member_list, | 289 | tomoyo_collect_member(&group->member_list, |
317 | TOMOYO_ID_NUMBER_GROUP); | 290 | TOMOYO_ID_NUMBER_GROUP); |
diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c index 8de5333109aa..249835abdf4e 100644 --- a/security/tomoyo/memory.c +++ b/security/tomoyo/memory.c | |||
@@ -153,6 +153,10 @@ void __init tomoyo_mm_init(void) | |||
153 | { | 153 | { |
154 | int idx; | 154 | int idx; |
155 | 155 | ||
156 | for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) | ||
157 | INIT_LIST_HEAD(&tomoyo_policy_list[idx]); | ||
158 | for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) | ||
159 | INIT_LIST_HEAD(&tomoyo_group_list[idx]); | ||
156 | for (idx = 0; idx < TOMOYO_MAX_HASH; idx++) | 160 | for (idx = 0; idx < TOMOYO_MAX_HASH; idx++) |
157 | INIT_LIST_HEAD(&tomoyo_name_list[idx]); | 161 | INIT_LIST_HEAD(&tomoyo_name_list[idx]); |
158 | INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list); | 162 | INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list); |
diff --git a/security/tomoyo/number_group.c b/security/tomoyo/number_group.c index eca20d6f4e8b..99694153b947 100644 --- a/security/tomoyo/number_group.c +++ b/security/tomoyo/number_group.c | |||
@@ -7,9 +7,6 @@ | |||
7 | #include <linux/slab.h> | 7 | #include <linux/slab.h> |
8 | #include "common.h" | 8 | #include "common.h" |
9 | 9 | ||
10 | /* The list for "struct tomoyo_number_group". */ | ||
11 | LIST_HEAD(tomoyo_number_group_list); | ||
12 | |||
13 | /** | 10 | /** |
14 | * tomoyo_get_group - Allocate memory for "struct tomoyo_number_group". | 11 | * tomoyo_get_group - Allocate memory for "struct tomoyo_number_group". |
15 | * | 12 | * |
@@ -32,7 +29,8 @@ struct tomoyo_group *tomoyo_get_number_group(const char *group_name) | |||
32 | entry = kzalloc(sizeof(*entry), GFP_NOFS); | 29 | entry = kzalloc(sizeof(*entry), GFP_NOFS); |
33 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) | 30 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
34 | goto out; | 31 | goto out; |
35 | list_for_each_entry_rcu(group, &tomoyo_number_group_list, list) { | 32 | list_for_each_entry_rcu(group, &tomoyo_group_list[TOMOYO_NUMBER_GROUP], |
33 | list) { | ||
36 | if (saved_group_name != group->group_name) | 34 | if (saved_group_name != group->group_name) |
37 | continue; | 35 | continue; |
38 | atomic_inc(&group->users); | 36 | atomic_inc(&group->users); |
@@ -44,7 +42,8 @@ struct tomoyo_group *tomoyo_get_number_group(const char *group_name) | |||
44 | entry->group_name = saved_group_name; | 42 | entry->group_name = saved_group_name; |
45 | saved_group_name = NULL; | 43 | saved_group_name = NULL; |
46 | atomic_set(&entry->users, 1); | 44 | atomic_set(&entry->users, 1); |
47 | list_add_tail_rcu(&entry->list, &tomoyo_number_group_list); | 45 | list_add_tail_rcu(&entry->list, |
46 | &tomoyo_group_list[TOMOYO_NUMBER_GROUP]); | ||
48 | group = entry; | 47 | group = entry; |
49 | entry = NULL; | 48 | entry = NULL; |
50 | error = 0; | 49 | error = 0; |
@@ -110,7 +109,8 @@ bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head) | |||
110 | { | 109 | { |
111 | struct list_head *gpos; | 110 | struct list_head *gpos; |
112 | struct list_head *mpos; | 111 | struct list_head *mpos; |
113 | list_for_each_cookie(gpos, head->read_var1, &tomoyo_number_group_list) { | 112 | list_for_each_cookie(gpos, head->read_var1, |
113 | &tomoyo_group_list[TOMOYO_NUMBER_GROUP]) { | ||
114 | struct tomoyo_group *group; | 114 | struct tomoyo_group *group; |
115 | const char *name; | 115 | const char *name; |
116 | group = list_entry(gpos, struct tomoyo_group, list); | 116 | group = list_entry(gpos, struct tomoyo_group, list); |
diff --git a/security/tomoyo/path_group.c b/security/tomoyo/path_group.c index bce2524402fa..44e8a5b1ca67 100644 --- a/security/tomoyo/path_group.c +++ b/security/tomoyo/path_group.c | |||
@@ -6,8 +6,6 @@ | |||
6 | 6 | ||
7 | #include <linux/slab.h> | 7 | #include <linux/slab.h> |
8 | #include "common.h" | 8 | #include "common.h" |
9 | /* The list for "struct tomoyo_path_group". */ | ||
10 | LIST_HEAD(tomoyo_path_group_list); | ||
11 | 9 | ||
12 | /** | 10 | /** |
13 | * tomoyo_get_group - Allocate memory for "struct tomoyo_path_group". | 11 | * tomoyo_get_group - Allocate memory for "struct tomoyo_path_group". |
@@ -30,7 +28,8 @@ struct tomoyo_group *tomoyo_get_path_group(const char *group_name) | |||
30 | entry = kzalloc(sizeof(*entry), GFP_NOFS); | 28 | entry = kzalloc(sizeof(*entry), GFP_NOFS); |
31 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) | 29 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
32 | goto out; | 30 | goto out; |
33 | list_for_each_entry_rcu(group, &tomoyo_path_group_list, list) { | 31 | list_for_each_entry_rcu(group, &tomoyo_group_list[TOMOYO_PATH_GROUP], |
32 | list) { | ||
34 | if (saved_group_name != group->group_name) | 33 | if (saved_group_name != group->group_name) |
35 | continue; | 34 | continue; |
36 | atomic_inc(&group->users); | 35 | atomic_inc(&group->users); |
@@ -42,7 +41,8 @@ struct tomoyo_group *tomoyo_get_path_group(const char *group_name) | |||
42 | entry->group_name = saved_group_name; | 41 | entry->group_name = saved_group_name; |
43 | saved_group_name = NULL; | 42 | saved_group_name = NULL; |
44 | atomic_set(&entry->users, 1); | 43 | atomic_set(&entry->users, 1); |
45 | list_add_tail_rcu(&entry->list, &tomoyo_path_group_list); | 44 | list_add_tail_rcu(&entry->list, |
45 | &tomoyo_group_list[TOMOYO_PATH_GROUP]); | ||
46 | group = entry; | 46 | group = entry; |
47 | entry = NULL; | 47 | entry = NULL; |
48 | error = 0; | 48 | error = 0; |
@@ -107,7 +107,8 @@ bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head) | |||
107 | { | 107 | { |
108 | struct list_head *gpos; | 108 | struct list_head *gpos; |
109 | struct list_head *mpos; | 109 | struct list_head *mpos; |
110 | list_for_each_cookie(gpos, head->read_var1, &tomoyo_path_group_list) { | 110 | list_for_each_cookie(gpos, head->read_var1, |
111 | &tomoyo_group_list[TOMOYO_PATH_GROUP]) { | ||
111 | struct tomoyo_group *group; | 112 | struct tomoyo_group *group; |
112 | group = list_entry(gpos, struct tomoyo_group, list); | 113 | group = list_entry(gpos, struct tomoyo_group, list); |
113 | list_for_each_cookie(mpos, head->read_var2, | 114 | list_for_each_cookie(mpos, head->read_var2, |