TOMOYO: Add pathname grouping support.

This patch adds pathname grouping support, which is useful for grouping pathnames that cannot be represented using /\{dir\}/ pattern. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2010-05-10 04:30:26 -0400
committer: James Morris <jmorris@namei.org> 2010-05-16 19:25:57 -0400
commit: 7762fbfffdbce8191f5236d5053b290035d3d749 (patch)
tree: 08b6de0c09c5571d3bdb61c429e1ec68e748f796 /security/tomoyo/gc.c
parent: ba0c1709f4946a5ca1a678f4318ed72c0d409b3c (diff)
1 files changed, 45 insertions, 3 deletions
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index 245bf422e3a5..b9cc71b04314 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -12,6 +12,8 @@
 #include <linux/slab.h>
 enum tomoyo_gc_id {
+        TOMOYO_ID_PATH_GROUP,
+        TOMOYO_ID_PATH_GROUP_MEMBER,
        TOMOYO_ID_DOMAIN_INITIALIZER,
        TOMOYO_ID_DOMAIN_KEEPER,
        TOMOYO_ID_ALIAS,
@@ -91,15 +93,15 @@ static void tomoyo_del_acl(struct tomoyo_acl_info *acl)
                {
                        struct tomoyo_path_acl *entry
                                = container_of(acl, typeof(*entry), head);
-                        tomoyo_put_name(entry->filename);
+                        tomoyo_put_name_union(&entry->name);
                }
                break;
        case TOMOYO_TYPE_PATH2_ACL:
                {
                        struct tomoyo_path2_acl *entry
                                = container_of(acl, typeof(*entry), head);
-                        tomoyo_put_name(entry->filename1);
+                        tomoyo_put_name_union(&entry->name1);
-                        tomoyo_put_name(entry->filename2);
+                        tomoyo_put_name_union(&entry->name2);
                }
                break;
        default:
@@ -149,6 +151,17 @@ static void tomoyo_del_name(const struct tomoyo_name_entry *ptr)
 {
 }
+static void tomoyo_del_path_group_member(struct tomoyo_path_group_member
+                                         *member)
+{
+        tomoyo_put_name(member->member_name);
+}
+static void tomoyo_del_path_group(struct tomoyo_path_group *group)
+{
+        tomoyo_put_name(group->group_name);
+}
 static void tomoyo_collect_entry(void)
 {
        if (mutex_lock_interruptible(&tomoyo_policy_lock))
@@ -293,6 +306,29 @@ static void tomoyo_collect_entry(void)
                        }
                }
        }
+        {
+                struct tomoyo_path_group *group;
+                list_for_each_entry_rcu(group, &tomoyo_path_group_list, list) {
+                        struct tomoyo_path_group_member *member;
+                        list_for_each_entry_rcu(member, &group->member_list,
+                                                list) {
+                                if (!member->is_deleted)
+                                        continue;
+                                if (tomoyo_add_to_gc(TOMOYO_ID_PATH_GROUP_MEMBER,
+                                                     member))
+                                        list_del_rcu(&member->list);
+                                else
+                                        break;
+                        }
+                        if (!list_empty(&group->member_list) ||
+                            atomic_read(&group->users))
+                                continue;
+                        if (tomoyo_add_to_gc(TOMOYO_ID_PATH_GROUP, group))
+                                list_del_rcu(&group->list);
+                        else
+                                break;
+                }
+        }
        mutex_unlock(&tomoyo_policy_lock);
 }
@@ -334,6 +370,12 @@ static void tomoyo_kfree_entry(void)
                        if (!tomoyo_del_domain(p->element))
                                continue;
                        break;
+                case TOMOYO_ID_PATH_GROUP_MEMBER:
+                        tomoyo_del_path_group_member(p->element);
+                        break;
+                case TOMOYO_ID_PATH_GROUP:
+                        tomoyo_del_path_group(p->element);
+                        break;
                default:
                        printk(KERN_WARNING "Unknown type\n");
                        break;
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2010-05-10 04:30:26 -0400
committer	James Morris <jmorris@namei.org>	2010-05-16 19:25:57 -0400
commit	7762fbfffdbce8191f5236d5053b290035d3d749 (patch)
tree	08b6de0c09c5571d3bdb61c429e1ec68e748f796 /security/tomoyo/gc.c
parent	ba0c1709f4946a5ca1a678f4318ed72c0d409b3c (diff)

diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index 245bf422e3a5..b9cc71b04314 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c
@@ -12,6 +12,8 @@
12	#include <linux/slab.h>	12	#include <linux/slab.h>
13		13
14	enum tomoyo_gc_id {	14	enum tomoyo_gc_id {
		15	TOMOYO_ID_PATH_GROUP,
		16	TOMOYO_ID_PATH_GROUP_MEMBER,
15	TOMOYO_ID_DOMAIN_INITIALIZER,	17	TOMOYO_ID_DOMAIN_INITIALIZER,
16	TOMOYO_ID_DOMAIN_KEEPER,	18	TOMOYO_ID_DOMAIN_KEEPER,
17	TOMOYO_ID_ALIAS,	19	TOMOYO_ID_ALIAS,
@@ -91,15 +93,15 @@ static void tomoyo_del_acl(struct tomoyo_acl_info *acl)
91	{	93	{
92	struct tomoyo_path_acl *entry	94	struct tomoyo_path_acl *entry
93	= container_of(acl, typeof(*entry), head);	95	= container_of(acl, typeof(*entry), head);
94	tomoyo_put_name(entry->filename);	96	tomoyo_put_name_union(&entry->name);
95	}	97	}
96	break;	98	break;
97	case TOMOYO_TYPE_PATH2_ACL:	99	case TOMOYO_TYPE_PATH2_ACL:
98	{	100	{
99	struct tomoyo_path2_acl *entry	101	struct tomoyo_path2_acl *entry
100	= container_of(acl, typeof(*entry), head);	102	= container_of(acl, typeof(*entry), head);
101	tomoyo_put_name(entry->filename1);	103	tomoyo_put_name_union(&entry->name1);
102	tomoyo_put_name(entry->filename2);	104	tomoyo_put_name_union(&entry->name2);
103	}	105	}
104	break;	106	break;
105	default:	107	default:
@@ -149,6 +151,17 @@ static void tomoyo_del_name(const struct tomoyo_name_entry *ptr)
149	{	151	{
150	}	152	}
151		153
		154	static void tomoyo_del_path_group_member(struct tomoyo_path_group_member
		155	*member)
		156	{
		157	tomoyo_put_name(member->member_name);
		158	}
		159
		160	static void tomoyo_del_path_group(struct tomoyo_path_group *group)
		161	{
		162	tomoyo_put_name(group->group_name);
		163	}
		164
152	static void tomoyo_collect_entry(void)	165	static void tomoyo_collect_entry(void)
153	{	166	{
154	if (mutex_lock_interruptible(&tomoyo_policy_lock))	167	if (mutex_lock_interruptible(&tomoyo_policy_lock))
@@ -293,6 +306,29 @@ static void tomoyo_collect_entry(void)
293	}	306	}
294	}	307	}
295	}	308	}
		309	{
		310	struct tomoyo_path_group *group;
		311	list_for_each_entry_rcu(group, &tomoyo_path_group_list, list) {
		312	struct tomoyo_path_group_member *member;
		313	list_for_each_entry_rcu(member, &group->member_list,
		314	list) {
		315	if (!member->is_deleted)
		316	continue;
		317	if (tomoyo_add_to_gc(TOMOYO_ID_PATH_GROUP_MEMBER,
		318	member))
		319	list_del_rcu(&member->list);
		320	else
		321	break;
		322	}
		323	if (!list_empty(&group->member_list) \|\|
		324	atomic_read(&group->users))
		325	continue;
		326	if (tomoyo_add_to_gc(TOMOYO_ID_PATH_GROUP, group))
		327	list_del_rcu(&group->list);
		328	else
		329	break;
		330	}
		331	}
296	mutex_unlock(&tomoyo_policy_lock);	332	mutex_unlock(&tomoyo_policy_lock);
297	}	333	}
298		334
@@ -334,6 +370,12 @@ static void tomoyo_kfree_entry(void)
334	if (!tomoyo_del_domain(p->element))	370	if (!tomoyo_del_domain(p->element))
335	continue;	371	continue;
336	break;	372	break;
		373	case TOMOYO_ID_PATH_GROUP_MEMBER:
		374	tomoyo_del_path_group_member(p->element);
		375	break;
		376	case TOMOYO_ID_PATH_GROUP:
		377	tomoyo_del_path_group(p->element);
		378	break;
337	default:	379	default:
338	printk(KERN_WARNING "Unknown type\n");	380	printk(KERN_WARNING "Unknown type\n");
339	break;	381	break;