aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-06-17 03:53:24 -0400
committerJames Morris <jmorris@namei.org>2010-08-02 01:34:40 -0400
commita230f9e7121cbcbfe23bd5a630abf6b53cece555 (patch)
treea81820f41d57ffd8704aaef4331f696030d7ba77 /security
parenta98aa4debe2728abb3353e35fc5d110dcc0d7f0d (diff)
TOMOYO: Use array of "struct list_head".
Assign list id and make the lists as array of "struct list_head". Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/tomoyo/common.c42
-rw-r--r--security/tomoyo/common.h38
-rw-r--r--security/tomoyo/domain.c219
-rw-r--r--security/tomoyo/file.c114
-rw-r--r--security/tomoyo/gc.c41
-rw-r--r--security/tomoyo/memory.c4
-rw-r--r--security/tomoyo/number_group.c12
-rw-r--r--security/tomoyo/path_group.c11
8 files changed, 98 insertions, 383 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 9eeb19ec6af4..cb1aaf148ad4 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -434,38 +434,6 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
434 head->read_eof = true; 434 head->read_eof = true;
435} 435}
436 436
437/*
438 * tomoyo_policy_manager_list is used for holding list of domainnames or
439 * programs which are permitted to modify configuration via
440 * /sys/kernel/security/tomoyo/ interface.
441 *
442 * An entry is added by
443 *
444 * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \
445 * /sys/kernel/security/tomoyo/manager
446 * (if you want to specify by a domainname)
447 *
448 * or
449 *
450 * # echo '/usr/sbin/tomoyo-editpolicy' > /sys/kernel/security/tomoyo/manager
451 * (if you want to specify by a program's location)
452 *
453 * and is deleted by
454 *
455 * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \
456 * /sys/kernel/security/tomoyo/manager
457 *
458 * or
459 *
460 * # echo 'delete /usr/sbin/tomoyo-editpolicy' > \
461 * /sys/kernel/security/tomoyo/manager
462 *
463 * and all entries are retrieved by
464 *
465 * # cat /sys/kernel/security/tomoyo/manager
466 */
467LIST_HEAD(tomoyo_policy_manager_list);
468
469static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a, 437static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a,
470 const struct tomoyo_acl_head *b) 438 const struct tomoyo_acl_head *b)
471{ 439{
@@ -503,7 +471,7 @@ static int tomoyo_update_manager_entry(const char *manager,
503 if (!e.manager) 471 if (!e.manager)
504 return -ENOMEM; 472 return -ENOMEM;
505 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 473 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
506 &tomoyo_policy_manager_list, 474 &tomoyo_policy_list[TOMOYO_ID_MANAGER],
507 tomoyo_same_manager_entry); 475 tomoyo_same_manager_entry);
508 tomoyo_put_name(e.manager); 476 tomoyo_put_name(e.manager);
509 return error; 477 return error;
@@ -545,7 +513,7 @@ static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
545 if (head->read_eof) 513 if (head->read_eof)
546 return; 514 return;
547 list_for_each_cookie(pos, head->read_var2, 515 list_for_each_cookie(pos, head->read_var2,
548 &tomoyo_policy_manager_list) { 516 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
549 struct tomoyo_policy_manager_entry *ptr; 517 struct tomoyo_policy_manager_entry *ptr;
550 ptr = list_entry(pos, struct tomoyo_policy_manager_entry, 518 ptr = list_entry(pos, struct tomoyo_policy_manager_entry,
551 head.list); 519 head.list);
@@ -578,7 +546,8 @@ static bool tomoyo_policy_manager(void)
578 return true; 546 return true;
579 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 547 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
580 return false; 548 return false;
581 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) { 549 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
550 head.list) {
582 if (!ptr->head.is_deleted && ptr->is_domain 551 if (!ptr->head.is_deleted && ptr->is_domain
583 && !tomoyo_pathcmp(domainname, ptr->manager)) { 552 && !tomoyo_pathcmp(domainname, ptr->manager)) {
584 found = true; 553 found = true;
@@ -590,7 +559,8 @@ static bool tomoyo_policy_manager(void)
590 exe = tomoyo_get_exe(); 559 exe = tomoyo_get_exe();
591 if (!exe) 560 if (!exe)
592 return false; 561 return false;
593 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) { 562 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
563 head.list) {
594 if (!ptr->head.is_deleted && !ptr->is_domain 564 if (!ptr->head.is_deleted && !ptr->is_domain
595 && !strcmp(exe, ptr->manager->name)) { 565 && !strcmp(exe, ptr->manager->name)) {
596 found = true; 566 found = true;
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 9f289e412a63..451dc3c1036a 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -46,6 +46,30 @@ enum tomoyo_mode_index {
46 TOMOYO_CONFIG_USE_DEFAULT = 255 46 TOMOYO_CONFIG_USE_DEFAULT = 255
47}; 47};
48 48
49enum tomoyo_policy_id {
50 TOMOYO_ID_GROUP,
51 TOMOYO_ID_PATH_GROUP,
52 TOMOYO_ID_NUMBER_GROUP,
53 TOMOYO_ID_DOMAIN_INITIALIZER,
54 TOMOYO_ID_DOMAIN_KEEPER,
55 TOMOYO_ID_AGGREGATOR,
56 TOMOYO_ID_ALIAS,
57 TOMOYO_ID_GLOBALLY_READABLE,
58 TOMOYO_ID_PATTERN,
59 TOMOYO_ID_NO_REWRITE,
60 TOMOYO_ID_MANAGER,
61 TOMOYO_ID_NAME,
62 TOMOYO_ID_ACL,
63 TOMOYO_ID_DOMAIN,
64 TOMOYO_MAX_POLICY
65};
66
67enum tomoyo_group_id {
68 TOMOYO_PATH_GROUP,
69 TOMOYO_NUMBER_GROUP,
70 TOMOYO_MAX_GROUP
71};
72
49/* Keywords for ACLs. */ 73/* Keywords for ACLs. */
50#define TOMOYO_KEYWORD_AGGREGATOR "aggregator " 74#define TOMOYO_KEYWORD_AGGREGATOR "aggregator "
51#define TOMOYO_KEYWORD_ALIAS "alias " 75#define TOMOYO_KEYWORD_ALIAS "alias "
@@ -570,7 +594,7 @@ struct tomoyo_globally_readable_file_entry {
570 594
571/* 595/*
572 * tomoyo_pattern_entry is a structure which is used for holding 596 * tomoyo_pattern_entry is a structure which is used for holding
573 * "tomoyo_pattern_list" entries. 597 * "file_pattern" entries.
574 * It has following fields. 598 * It has following fields.
575 * 599 *
576 * (1) "head" is "struct tomoyo_acl_head". 600 * (1) "head" is "struct tomoyo_acl_head".
@@ -950,16 +974,8 @@ extern struct srcu_struct tomoyo_ss;
950/* The list for "struct tomoyo_domain_info". */ 974/* The list for "struct tomoyo_domain_info". */
951extern struct list_head tomoyo_domain_list; 975extern struct list_head tomoyo_domain_list;
952 976
953extern struct list_head tomoyo_path_group_list; 977extern struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
954extern struct list_head tomoyo_number_group_list; 978extern struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
955extern struct list_head tomoyo_domain_initializer_list;
956extern struct list_head tomoyo_domain_keeper_list;
957extern struct list_head tomoyo_aggregator_list;
958extern struct list_head tomoyo_alias_list;
959extern struct list_head tomoyo_globally_readable_list;
960extern struct list_head tomoyo_pattern_list;
961extern struct list_head tomoyo_no_rewrite_list;
962extern struct list_head tomoyo_policy_manager_list;
963extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; 979extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
964 980
965/* Lock for protecting policy. */ 981/* Lock for protecting policy. */
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 1a122974240f..3575b0e7c7fd 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -127,46 +127,12 @@ void tomoyo_check_acl(struct tomoyo_request_info *r,
127 r->granted = false; 127 r->granted = false;
128} 128}
129 129
130/* 130/* The list for "struct tomoyo_domain_info". */
131 * tomoyo_domain_list is used for holding list of domains.
132 * The ->acl_info_list of "struct tomoyo_domain_info" is used for holding
133 * permissions (e.g. "allow_read /lib/libc-2.5.so") given to each domain.
134 *
135 * An entry is added by
136 *
137 * # ( echo "<kernel>"; echo "allow_execute /sbin/init" ) > \
138 * /sys/kernel/security/tomoyo/domain_policy
139 *
140 * and is deleted by
141 *
142 * # ( echo "<kernel>"; echo "delete allow_execute /sbin/init" ) > \
143 * /sys/kernel/security/tomoyo/domain_policy
144 *
145 * and all entries are retrieved by
146 *
147 * # cat /sys/kernel/security/tomoyo/domain_policy
148 *
149 * A domain is added by
150 *
151 * # echo "<kernel>" > /sys/kernel/security/tomoyo/domain_policy
152 *
153 * and is deleted by
154 *
155 * # echo "delete <kernel>" > /sys/kernel/security/tomoyo/domain_policy
156 *
157 * and all domains are retrieved by
158 *
159 * # grep '^<kernel>' /sys/kernel/security/tomoyo/domain_policy
160 *
161 * Normally, a domainname is monotonically getting longer because a domainname
162 * which the process will belong to if an execve() operation succeeds is
163 * defined as a concatenation of "current domainname" + "pathname passed to
164 * execve()".
165 * See tomoyo_domain_initializer_list and tomoyo_domain_keeper_list for
166 * exceptions.
167 */
168LIST_HEAD(tomoyo_domain_list); 131LIST_HEAD(tomoyo_domain_list);
169 132
133struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
134struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
135
170/** 136/**
171 * tomoyo_get_last_name - Get last component of a domainname. 137 * tomoyo_get_last_name - Get last component of a domainname.
172 * 138 *
@@ -184,44 +150,6 @@ const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain)
184 return cp0; 150 return cp0;
185} 151}
186 152
187/*
188 * tomoyo_domain_initializer_list is used for holding list of programs which
189 * triggers reinitialization of domainname. Normally, a domainname is
190 * monotonically getting longer. But sometimes, we restart daemon programs.
191 * It would be convenient for us that "a daemon started upon system boot" and
192 * "the daemon restarted from console" belong to the same domain. Thus, TOMOYO
193 * provides a way to shorten domainnames.
194 *
195 * An entry is added by
196 *
197 * # echo 'initialize_domain /usr/sbin/httpd' > \
198 * /sys/kernel/security/tomoyo/exception_policy
199 *
200 * and is deleted by
201 *
202 * # echo 'delete initialize_domain /usr/sbin/httpd' > \
203 * /sys/kernel/security/tomoyo/exception_policy
204 *
205 * and all entries are retrieved by
206 *
207 * # grep ^initialize_domain /sys/kernel/security/tomoyo/exception_policy
208 *
209 * In the example above, /usr/sbin/httpd will belong to
210 * "<kernel> /usr/sbin/httpd" domain.
211 *
212 * You may specify a domainname using "from" keyword.
213 * "initialize_domain /usr/sbin/httpd from <kernel> /etc/rc.d/init.d/httpd"
214 * will cause "/usr/sbin/httpd" executed from "<kernel> /etc/rc.d/init.d/httpd"
215 * domain to belong to "<kernel> /usr/sbin/httpd" domain.
216 *
217 * You may add "no_" prefix to "initialize_domain".
218 * "initialize_domain /usr/sbin/httpd" and
219 * "no_initialize_domain /usr/sbin/httpd from <kernel> /etc/rc.d/init.d/httpd"
220 * will cause "/usr/sbin/httpd" to belong to "<kernel> /usr/sbin/httpd" domain
221 * unless executed from "<kernel> /etc/rc.d/init.d/httpd" domain.
222 */
223LIST_HEAD(tomoyo_domain_initializer_list);
224
225static bool tomoyo_same_domain_initializer_entry(const struct tomoyo_acl_head * 153static bool tomoyo_same_domain_initializer_entry(const struct tomoyo_acl_head *
226 a, 154 a,
227 const struct tomoyo_acl_head * 155 const struct tomoyo_acl_head *
@@ -272,7 +200,8 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
272 if (!e.program) 200 if (!e.program)
273 goto out; 201 goto out;
274 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 202 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
275 &tomoyo_domain_initializer_list, 203 &tomoyo_policy_list
204 [TOMOYO_ID_DOMAIN_INITIALIZER],
276 tomoyo_same_domain_initializer_entry); 205 tomoyo_same_domain_initializer_entry);
277 out: 206 out:
278 tomoyo_put_name(e.domainname); 207 tomoyo_put_name(e.domainname);
@@ -294,8 +223,8 @@ bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head)
294 struct list_head *pos; 223 struct list_head *pos;
295 bool done = true; 224 bool done = true;
296 225
297 list_for_each_cookie(pos, head->read_var2, 226 list_for_each_cookie(pos, head->read_var2, &tomoyo_policy_list
298 &tomoyo_domain_initializer_list) { 227 [TOMOYO_ID_DOMAIN_INITIALIZER]) {
299 const char *no; 228 const char *no;
300 const char *from = ""; 229 const char *from = "";
301 const char *domain = ""; 230 const char *domain = "";
@@ -366,8 +295,8 @@ static bool tomoyo_domain_initializer(const struct tomoyo_path_info *
366 struct tomoyo_domain_initializer_entry *ptr; 295 struct tomoyo_domain_initializer_entry *ptr;
367 bool flag = false; 296 bool flag = false;
368 297
369 list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, 298 list_for_each_entry_rcu(ptr, &tomoyo_policy_list
370 head.list) { 299 [TOMOYO_ID_DOMAIN_INITIALIZER], head.list) {
371 if (ptr->head.is_deleted) 300 if (ptr->head.is_deleted)
372 continue; 301 continue;
373 if (ptr->domainname) { 302 if (ptr->domainname) {
@@ -390,46 +319,6 @@ static bool tomoyo_domain_initializer(const struct tomoyo_path_info *
390 return flag; 319 return flag;
391} 320}
392 321
393/*
394 * tomoyo_domain_keeper_list is used for holding list of domainnames which
395 * suppresses domain transition. Normally, a domainname is monotonically
396 * getting longer. But sometimes, we want to suppress domain transition.
397 * It would be convenient for us that programs executed from a login session
398 * belong to the same domain. Thus, TOMOYO provides a way to suppress domain
399 * transition.
400 *
401 * An entry is added by
402 *
403 * # echo 'keep_domain <kernel> /usr/sbin/sshd /bin/bash' > \
404 * /sys/kernel/security/tomoyo/exception_policy
405 *
406 * and is deleted by
407 *
408 * # echo 'delete keep_domain <kernel> /usr/sbin/sshd /bin/bash' > \
409 * /sys/kernel/security/tomoyo/exception_policy
410 *
411 * and all entries are retrieved by
412 *
413 * # grep ^keep_domain /sys/kernel/security/tomoyo/exception_policy
414 *
415 * In the example above, any process which belongs to
416 * "<kernel> /usr/sbin/sshd /bin/bash" domain will remain in that domain,
417 * unless explicitly specified by "initialize_domain" or "no_keep_domain".
418 *
419 * You may specify a program using "from" keyword.
420 * "keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash"
421 * will cause "/bin/pwd" executed from "<kernel> /usr/sbin/sshd /bin/bash"
422 * domain to remain in "<kernel> /usr/sbin/sshd /bin/bash" domain.
423 *
424 * You may add "no_" prefix to "keep_domain".
425 * "keep_domain <kernel> /usr/sbin/sshd /bin/bash" and
426 * "no_keep_domain /usr/bin/passwd from <kernel> /usr/sbin/sshd /bin/bash" will
427 * cause "/usr/bin/passwd" to belong to
428 * "<kernel> /usr/sbin/sshd /bin/bash /usr/bin/passwd" domain, unless
429 * explicitly specified by "initialize_domain".
430 */
431LIST_HEAD(tomoyo_domain_keeper_list);
432
433static bool tomoyo_same_domain_keeper_entry(const struct tomoyo_acl_head *a, 322static bool tomoyo_same_domain_keeper_entry(const struct tomoyo_acl_head *a,
434 const struct tomoyo_acl_head *b) 323 const struct tomoyo_acl_head *b)
435{ 324{
@@ -478,7 +367,8 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
478 if (!e.domainname) 367 if (!e.domainname)
479 goto out; 368 goto out;
480 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 369 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
481 &tomoyo_domain_keeper_list, 370 &tomoyo_policy_list
371 [TOMOYO_ID_DOMAIN_KEEPER],
482 tomoyo_same_domain_keeper_entry); 372 tomoyo_same_domain_keeper_entry);
483 out: 373 out:
484 tomoyo_put_name(e.domainname); 374 tomoyo_put_name(e.domainname);
@@ -523,7 +413,7 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
523 bool done = true; 413 bool done = true;
524 414
525 list_for_each_cookie(pos, head->read_var2, 415 list_for_each_cookie(pos, head->read_var2,
526 &tomoyo_domain_keeper_list) { 416 &tomoyo_policy_list[TOMOYO_ID_DOMAIN_KEEPER]) {
527 struct tomoyo_domain_keeper_entry *ptr; 417 struct tomoyo_domain_keeper_entry *ptr;
528 const char *no; 418 const char *no;
529 const char *from = ""; 419 const char *from = "";
@@ -567,7 +457,9 @@ static bool tomoyo_domain_keeper(const struct tomoyo_path_info *domainname,
567 struct tomoyo_domain_keeper_entry *ptr; 457 struct tomoyo_domain_keeper_entry *ptr;
568 bool flag = false; 458 bool flag = false;
569 459
570 list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, head.list) { 460 list_for_each_entry_rcu(ptr,
461 &tomoyo_policy_list[TOMOYO_ID_DOMAIN_KEEPER],
462 head.list) {
571 if (ptr->head.is_deleted) 463 if (ptr->head.is_deleted)
572 continue; 464 continue;
573 if (!ptr->is_last_name) { 465 if (!ptr->is_last_name) {
@@ -588,35 +480,6 @@ static bool tomoyo_domain_keeper(const struct tomoyo_path_info *domainname,
588 return flag; 480 return flag;
589} 481}
590 482
591/*
592 * tomoyo_aggregator_list is used for holding list of rewrite table for
593 * execve() request. Some programs provides similar functionality. This keyword
594 * allows users to aggregate such programs.
595 *
596 * Entries are added by
597 *
598 * # echo 'aggregator /usr/bin/vi /./editor' > \
599 * /sys/kernel/security/tomoyo/exception_policy
600 * # echo 'aggregator /usr/bin/emacs /./editor' > \
601 * /sys/kernel/security/tomoyo/exception_policy
602 *
603 * and are deleted by
604 *
605 * # echo 'delete aggregator /usr/bin/vi /./editor' > \
606 * /sys/kernel/security/tomoyo/exception_policy
607 * # echo 'delete aggregator /usr/bin/emacs /./editor' > \
608 * /sys/kernel/security/tomoyo/exception_policy
609 *
610 * and all entries are retrieved by
611 *
612 * # grep ^aggregator /sys/kernel/security/tomoyo/exception_policy
613 *
614 * In the example above, if /usr/bin/vi or /usr/bin/emacs are executed,
615 * permission is checked for /./editor and domainname which the current process
616 * will belong to after execve() succeeds is calculated using /./editor .
617 */
618LIST_HEAD(tomoyo_aggregator_list);
619
620static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a, 483static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a,
621 const struct tomoyo_acl_head *b) 484 const struct tomoyo_acl_head *b)
622{ 485{
@@ -655,7 +518,7 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
655 e.aggregated_name->is_patterned) /* No patterns allowed. */ 518 e.aggregated_name->is_patterned) /* No patterns allowed. */
656 goto out; 519 goto out;
657 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 520 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
658 &tomoyo_aggregator_list, 521 &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR],
659 tomoyo_same_aggregator_entry); 522 tomoyo_same_aggregator_entry);
660 out: 523 out:
661 tomoyo_put_name(e.original_name); 524 tomoyo_put_name(e.original_name);
@@ -677,7 +540,8 @@ bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head)
677 struct list_head *pos; 540 struct list_head *pos;
678 bool done = true; 541 bool done = true;
679 542
680 list_for_each_cookie(pos, head->read_var2, &tomoyo_aggregator_list) { 543 list_for_each_cookie(pos, head->read_var2,
544 &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR]) {
681 struct tomoyo_aggregator_entry *ptr; 545 struct tomoyo_aggregator_entry *ptr;
682 546
683 ptr = list_entry(pos, struct tomoyo_aggregator_entry, 547 ptr = list_entry(pos, struct tomoyo_aggregator_entry,
@@ -713,38 +577,6 @@ int tomoyo_write_aggregator_policy(char *data, const bool is_delete)
713 return tomoyo_update_aggregator_entry(data, cp, is_delete); 577 return tomoyo_update_aggregator_entry(data, cp, is_delete);
714} 578}
715 579
716/*
717 * tomoyo_alias_list is used for holding list of symlink's pathnames which are
718 * allowed to be passed to an execve() request. Normally, the domainname which
719 * the current process will belong to after execve() succeeds is calculated
720 * using dereferenced pathnames. But some programs behave differently depending
721 * on the name passed to argv[0]. For busybox, calculating domainname using
722 * dereferenced pathnames will cause all programs in the busybox to belong to
723 * the same domain. Thus, TOMOYO provides a way to allow use of symlink's
724 * pathname for checking execve()'s permission and calculating domainname which
725 * the current process will belong to after execve() succeeds.
726 *
727 * An entry is added by
728 *
729 * # echo 'alias /bin/busybox /bin/cat' > \
730 * /sys/kernel/security/tomoyo/exception_policy
731 *
732 * and is deleted by
733 *
734 * # echo 'delete alias /bin/busybox /bin/cat' > \
735 * /sys/kernel/security/tomoyo/exception_policy
736 *
737 * and all entries are retrieved by
738 *
739 * # grep ^alias /sys/kernel/security/tomoyo/exception_policy
740 *
741 * In the example above, if /bin/cat is a symlink to /bin/busybox and execution
742 * of /bin/cat is requested, permission is checked for /bin/cat rather than
743 * /bin/busybox and domainname which the current process will belong to after
744 * execve() succeeds is calculated using /bin/cat rather than /bin/busybox .
745 */
746LIST_HEAD(tomoyo_alias_list);
747
748static bool tomoyo_same_alias_entry(const struct tomoyo_acl_head *a, 580static bool tomoyo_same_alias_entry(const struct tomoyo_acl_head *a,
749 const struct tomoyo_acl_head *b) 581 const struct tomoyo_acl_head *b)
750{ 582{
@@ -783,7 +615,7 @@ static int tomoyo_update_alias_entry(const char *original_name,
783 e.original_name->is_patterned || e.aliased_name->is_patterned) 615 e.original_name->is_patterned || e.aliased_name->is_patterned)
784 goto out; /* No patterns allowed. */ 616 goto out; /* No patterns allowed. */
785 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 617 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
786 &tomoyo_alias_list, 618 &tomoyo_policy_list[TOMOYO_ID_ALIAS],
787 tomoyo_same_alias_entry); 619 tomoyo_same_alias_entry);
788 out: 620 out:
789 tomoyo_put_name(e.original_name); 621 tomoyo_put_name(e.original_name);
@@ -805,7 +637,8 @@ bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head)
805 struct list_head *pos; 637 struct list_head *pos;
806 bool done = true; 638 bool done = true;
807 639
808 list_for_each_cookie(pos, head->read_var2, &tomoyo_alias_list) { 640 list_for_each_cookie(pos, head->read_var2,
641 &tomoyo_policy_list[TOMOYO_ID_ALIAS]) {
809 struct tomoyo_alias_entry *ptr; 642 struct tomoyo_alias_entry *ptr;
810 643
811 ptr = list_entry(pos, struct tomoyo_alias_entry, head.list); 644 ptr = list_entry(pos, struct tomoyo_alias_entry, head.list);
@@ -946,7 +779,9 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
946 if (tomoyo_pathcmp(&rn, &sn)) { 779 if (tomoyo_pathcmp(&rn, &sn)) {
947 struct tomoyo_alias_entry *ptr; 780 struct tomoyo_alias_entry *ptr;
948 /* Is this program allowed to be called via symbolic links? */ 781 /* Is this program allowed to be called via symbolic links? */
949 list_for_each_entry_rcu(ptr, &tomoyo_alias_list, head.list) { 782 list_for_each_entry_rcu(ptr,
783 &tomoyo_policy_list[TOMOYO_ID_ALIAS],
784 head.list) {
950 if (ptr->head.is_deleted || 785 if (ptr->head.is_deleted ||
951 tomoyo_pathcmp(&rn, ptr->original_name) || 786 tomoyo_pathcmp(&rn, ptr->original_name) ||
952 tomoyo_pathcmp(&sn, ptr->aliased_name)) 787 tomoyo_pathcmp(&sn, ptr->aliased_name))
@@ -962,8 +797,8 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
962 /* Check 'aggregator' directive. */ 797 /* Check 'aggregator' directive. */
963 { 798 {
964 struct tomoyo_aggregator_entry *ptr; 799 struct tomoyo_aggregator_entry *ptr;
965 list_for_each_entry_rcu(ptr, &tomoyo_aggregator_list, 800 list_for_each_entry_rcu(ptr, &tomoyo_policy_list
966 head.list) { 801 [TOMOYO_ID_AGGREGATOR], head.list) {
967 if (ptr->head.is_deleted || 802 if (ptr->head.is_deleted ||
968 !tomoyo_path_matches_pattern(&rn, 803 !tomoyo_path_matches_pattern(&rn,
969 ptr->original_name)) 804 ptr->original_name))
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 6c2ba69fc89e..df3b203d7d4f 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -265,33 +265,6 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r)
265 tomoyo_file_pattern(filename), buffer); 265 tomoyo_file_pattern(filename), buffer);
266} 266}
267 267
268/*
269 * tomoyo_globally_readable_list is used for holding list of pathnames which
270 * are by default allowed to be open()ed for reading by any process.
271 *
272 * An entry is added by
273 *
274 * # echo 'allow_read /lib/libc-2.5.so' > \
275 * /sys/kernel/security/tomoyo/exception_policy
276 *
277 * and is deleted by
278 *
279 * # echo 'delete allow_read /lib/libc-2.5.so' > \
280 * /sys/kernel/security/tomoyo/exception_policy
281 *
282 * and all entries are retrieved by
283 *
284 * # grep ^allow_read /sys/kernel/security/tomoyo/exception_policy
285 *
286 * In the example above, any process is allowed to
287 * open("/lib/libc-2.5.so", O_RDONLY).
288 * One exception is, if the domain which current process belongs to is marked
289 * as "ignore_global_allow_read", current process can't do so unless explicitly
290 * given "allow_read /lib/libc-2.5.so" to the domain which current process
291 * belongs to.
292 */
293LIST_HEAD(tomoyo_globally_readable_list);
294
295static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a, 268static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a,
296 const struct tomoyo_acl_head *b) 269 const struct tomoyo_acl_head *b)
297{ 270{
@@ -323,7 +296,8 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
323 if (!e.filename) 296 if (!e.filename)
324 return -ENOMEM; 297 return -ENOMEM;
325 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 298 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
326 &tomoyo_globally_readable_list, 299 &tomoyo_policy_list
300 [TOMOYO_ID_GLOBALLY_READABLE],
327 tomoyo_same_globally_readable); 301 tomoyo_same_globally_readable);
328 tomoyo_put_name(e.filename); 302 tomoyo_put_name(e.filename);
329 return error; 303 return error;
@@ -344,8 +318,8 @@ static bool tomoyo_globally_readable_file(const struct tomoyo_path_info *
344 struct tomoyo_globally_readable_file_entry *ptr; 318 struct tomoyo_globally_readable_file_entry *ptr;
345 bool found = false; 319 bool found = false;
346 320
347 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, 321 list_for_each_entry_rcu(ptr, &tomoyo_policy_list
348 head.list) { 322 [TOMOYO_ID_GLOBALLY_READABLE], head.list) {
349 if (!ptr->head.is_deleted && 323 if (!ptr->head.is_deleted &&
350 tomoyo_path_matches_pattern(filename, ptr->filename)) { 324 tomoyo_path_matches_pattern(filename, ptr->filename)) {
351 found = true; 325 found = true;
@@ -385,7 +359,7 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
385 bool done = true; 359 bool done = true;
386 360
387 list_for_each_cookie(pos, head->read_var2, 361 list_for_each_cookie(pos, head->read_var2,
388 &tomoyo_globally_readable_list) { 362 &tomoyo_policy_list[TOMOYO_ID_GLOBALLY_READABLE]) {
389 struct tomoyo_globally_readable_file_entry *ptr; 363 struct tomoyo_globally_readable_file_entry *ptr;
390 ptr = list_entry(pos, 364 ptr = list_entry(pos,
391 struct tomoyo_globally_readable_file_entry, 365 struct tomoyo_globally_readable_file_entry,
@@ -400,37 +374,6 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
400 return done; 374 return done;
401} 375}
402 376
403/* tomoyo_pattern_list is used for holding list of pathnames which are used for
404 * converting pathnames to pathname patterns during learning mode.
405 *
406 * An entry is added by
407 *
408 * # echo 'file_pattern /proc/\$/mounts' > \
409 * /sys/kernel/security/tomoyo/exception_policy
410 *
411 * and is deleted by
412 *
413 * # echo 'delete file_pattern /proc/\$/mounts' > \
414 * /sys/kernel/security/tomoyo/exception_policy
415 *
416 * and all entries are retrieved by
417 *
418 * # grep ^file_pattern /sys/kernel/security/tomoyo/exception_policy
419 *
420 * In the example above, if a process which belongs to a domain which is in
421 * learning mode requested open("/proc/1/mounts", O_RDONLY),
422 * "allow_read /proc/\$/mounts" is automatically added to the domain which that
423 * process belongs to.
424 *
425 * It is not a desirable behavior that we have to use /proc/\$/ instead of
426 * /proc/self/ when current process needs to access only current process's
427 * information. As of now, LSM version of TOMOYO is using __d_path() for
428 * calculating pathname. Non LSM version of TOMOYO is using its own function
429 * which pretends as if /proc/self/ is not a symlink; so that we can forbid
430 * current process from accessing other process's information.
431 */
432LIST_HEAD(tomoyo_pattern_list);
433
434static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, 377static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a,
435 const struct tomoyo_acl_head *b) 378 const struct tomoyo_acl_head *b)
436{ 379{
@@ -460,7 +403,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
460 if (!e.pattern) 403 if (!e.pattern)
461 return -ENOMEM; 404 return -ENOMEM;
462 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 405 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
463 &tomoyo_pattern_list, 406 &tomoyo_policy_list[TOMOYO_ID_PATTERN],
464 tomoyo_same_pattern); 407 tomoyo_same_pattern);
465 tomoyo_put_name(e.pattern); 408 tomoyo_put_name(e.pattern);
466 return error; 409 return error;
@@ -480,7 +423,8 @@ const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename)
480 struct tomoyo_pattern_entry *ptr; 423 struct tomoyo_pattern_entry *ptr;
481 const struct tomoyo_path_info *pattern = NULL; 424 const struct tomoyo_path_info *pattern = NULL;
482 425
483 list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, head.list) { 426 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_PATTERN],
427 head.list) {
484 if (ptr->head.is_deleted) 428 if (ptr->head.is_deleted)
485 continue; 429 continue;
486 if (!tomoyo_path_matches_pattern(filename, ptr->pattern)) 430 if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
@@ -527,7 +471,8 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
527 struct list_head *pos; 471 struct list_head *pos;
528 bool done = true; 472 bool done = true;
529 473
530 list_for_each_cookie(pos, head->read_var2, &tomoyo_pattern_list) { 474 list_for_each_cookie(pos, head->read_var2,
475 &tomoyo_policy_list[TOMOYO_ID_PATTERN]) {
531 struct tomoyo_pattern_entry *ptr; 476 struct tomoyo_pattern_entry *ptr;
532 ptr = list_entry(pos, struct tomoyo_pattern_entry, head.list); 477 ptr = list_entry(pos, struct tomoyo_pattern_entry, head.list);
533 if (ptr->head.is_deleted) 478 if (ptr->head.is_deleted)
@@ -540,37 +485,6 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
540 return done; 485 return done;
541} 486}
542 487
543/*
544 * tomoyo_no_rewrite_list is used for holding list of pathnames which are by
545 * default forbidden to modify already written content of a file.
546 *
547 * An entry is added by
548 *
549 * # echo 'deny_rewrite /var/log/messages' > \
550 * /sys/kernel/security/tomoyo/exception_policy
551 *
552 * and is deleted by
553 *
554 * # echo 'delete deny_rewrite /var/log/messages' > \
555 * /sys/kernel/security/tomoyo/exception_policy
556 *
557 * and all entries are retrieved by
558 *
559 * # grep ^deny_rewrite /sys/kernel/security/tomoyo/exception_policy
560 *
561 * In the example above, if a process requested to rewrite /var/log/messages ,
562 * the process can't rewrite unless the domain which that process belongs to
563 * has "allow_rewrite /var/log/messages" entry.
564 *
565 * It is not a desirable behavior that we have to add "\040(deleted)" suffix
566 * when we want to allow rewriting already unlink()ed file. As of now,
567 * LSM version of TOMOYO is using __d_path() for calculating pathname.
568 * Non LSM version of TOMOYO is using its own function which doesn't append
569 * " (deleted)" suffix if the file is already unlink()ed; so that we don't
570 * need to worry whether the file is already unlink()ed or not.
571 */
572LIST_HEAD(tomoyo_no_rewrite_list);
573
574static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, 488static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a,
575 const struct tomoyo_acl_head *b) 489 const struct tomoyo_acl_head *b)
576{ 490{
@@ -601,7 +515,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
601 if (!e.pattern) 515 if (!e.pattern)
602 return -ENOMEM; 516 return -ENOMEM;
603 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 517 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
604 &tomoyo_no_rewrite_list, 518 &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE],
605 tomoyo_same_no_rewrite); 519 tomoyo_same_no_rewrite);
606 tomoyo_put_name(e.pattern); 520 tomoyo_put_name(e.pattern);
607 return error; 521 return error;
@@ -622,7 +536,8 @@ static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename)
622 struct tomoyo_no_rewrite_entry *ptr; 536 struct tomoyo_no_rewrite_entry *ptr;
623 bool found = false; 537 bool found = false;
624 538
625 list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, head.list) { 539 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE],
540 head.list) {
626 if (ptr->head.is_deleted) 541 if (ptr->head.is_deleted)
627 continue; 542 continue;
628 if (!tomoyo_path_matches_pattern(filename, ptr->pattern)) 543 if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
@@ -662,7 +577,8 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
662 struct list_head *pos; 577 struct list_head *pos;
663 bool done = true; 578 bool done = true;
664 579
665 list_for_each_cookie(pos, head->read_var2, &tomoyo_no_rewrite_list) { 580 list_for_each_cookie(pos, head->read_var2,
581 &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE]) {
666 struct tomoyo_no_rewrite_entry *ptr; 582 struct tomoyo_no_rewrite_entry *ptr;
667 ptr = list_entry(pos, struct tomoyo_no_rewrite_entry, 583 ptr = list_entry(pos, struct tomoyo_no_rewrite_entry,
668 head.list); 584 head.list);
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index 446d59f8ae25..414e18bd93c7 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -11,24 +11,6 @@
11#include <linux/kthread.h> 11#include <linux/kthread.h>
12#include <linux/slab.h> 12#include <linux/slab.h>
13 13
14enum tomoyo_policy_id {
15 TOMOYO_ID_GROUP,
16 TOMOYO_ID_PATH_GROUP,
17 TOMOYO_ID_NUMBER_GROUP,
18 TOMOYO_ID_DOMAIN_INITIALIZER,
19 TOMOYO_ID_DOMAIN_KEEPER,
20 TOMOYO_ID_AGGREGATOR,
21 TOMOYO_ID_ALIAS,
22 TOMOYO_ID_GLOBALLY_READABLE,
23 TOMOYO_ID_PATTERN,
24 TOMOYO_ID_NO_REWRITE,
25 TOMOYO_ID_MANAGER,
26 TOMOYO_ID_NAME,
27 TOMOYO_ID_ACL,
28 TOMOYO_ID_DOMAIN,
29 TOMOYO_MAX_POLICY
30};
31
32struct tomoyo_gc_entry { 14struct tomoyo_gc_entry {
33 struct list_head list; 15 struct list_head list;
34 int type; 16 int type;
@@ -226,17 +208,6 @@ static void tomoyo_del_number_group(struct list_head *element)
226 container_of(element, typeof(*member), head.list); 208 container_of(element, typeof(*member), head.list);
227} 209}
228 210
229static struct list_head *tomoyo_policy_list[TOMOYO_MAX_POLICY] = {
230 [TOMOYO_ID_GLOBALLY_READABLE] = &tomoyo_globally_readable_list,
231 [TOMOYO_ID_PATTERN] = &tomoyo_pattern_list,
232 [TOMOYO_ID_NO_REWRITE] = &tomoyo_no_rewrite_list,
233 [TOMOYO_ID_DOMAIN_INITIALIZER] = &tomoyo_domain_initializer_list,
234 [TOMOYO_ID_DOMAIN_KEEPER] = &tomoyo_domain_keeper_list,
235 [TOMOYO_ID_AGGREGATOR] = &tomoyo_aggregator_list,
236 [TOMOYO_ID_ALIAS] = &tomoyo_alias_list,
237 [TOMOYO_ID_MANAGER] = &tomoyo_policy_manager_list,
238};
239
240static bool tomoyo_collect_member(struct list_head *member_list, int id) 211static bool tomoyo_collect_member(struct list_head *member_list, int id)
241{ 212{
242 struct tomoyo_acl_head *member; 213 struct tomoyo_acl_head *member;
@@ -267,9 +238,8 @@ static void tomoyo_collect_entry(void)
267 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 238 if (mutex_lock_interruptible(&tomoyo_policy_lock))
268 return; 239 return;
269 for (i = 0; i < TOMOYO_MAX_POLICY; i++) { 240 for (i = 0; i < TOMOYO_MAX_POLICY; i++) {
270 if (tomoyo_policy_list[i]) 241 if (!tomoyo_collect_member(&tomoyo_policy_list[i], i))
271 if (!tomoyo_collect_member(tomoyo_policy_list[i], i)) 242 goto unlock;
272 goto unlock;
273 } 243 }
274 { 244 {
275 struct tomoyo_domain_info *domain; 245 struct tomoyo_domain_info *domain;
@@ -298,7 +268,9 @@ static void tomoyo_collect_entry(void)
298 } 268 }
299 { 269 {
300 struct tomoyo_group *group; 270 struct tomoyo_group *group;
301 list_for_each_entry_rcu(group, &tomoyo_path_group_list, list) { 271 list_for_each_entry_rcu(group,
272 &tomoyo_group_list[TOMOYO_PATH_GROUP],
273 list) {
302 tomoyo_collect_member(&group->member_list, 274 tomoyo_collect_member(&group->member_list,
303 TOMOYO_ID_PATH_GROUP); 275 TOMOYO_ID_PATH_GROUP);
304 if (!list_empty(&group->member_list) || 276 if (!list_empty(&group->member_list) ||
@@ -311,7 +283,8 @@ static void tomoyo_collect_entry(void)
311 } 283 }
312 { 284 {
313 struct tomoyo_group *group; 285 struct tomoyo_group *group;
314 list_for_each_entry_rcu(group, &tomoyo_number_group_list, 286 list_for_each_entry_rcu(group,
287 &tomoyo_group_list[TOMOYO_NUMBER_GROUP],
315 list) { 288 list) {
316 tomoyo_collect_member(&group->member_list, 289 tomoyo_collect_member(&group->member_list,
317 TOMOYO_ID_NUMBER_GROUP); 290 TOMOYO_ID_NUMBER_GROUP);
diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c
index 8de5333109aa..249835abdf4e 100644
--- a/security/tomoyo/memory.c
+++ b/security/tomoyo/memory.c
@@ -153,6 +153,10 @@ void __init tomoyo_mm_init(void)
153{ 153{
154 int idx; 154 int idx;
155 155
156 for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++)
157 INIT_LIST_HEAD(&tomoyo_policy_list[idx]);
158 for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++)
159 INIT_LIST_HEAD(&tomoyo_group_list[idx]);
156 for (idx = 0; idx < TOMOYO_MAX_HASH; idx++) 160 for (idx = 0; idx < TOMOYO_MAX_HASH; idx++)
157 INIT_LIST_HEAD(&tomoyo_name_list[idx]); 161 INIT_LIST_HEAD(&tomoyo_name_list[idx]);
158 INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list); 162 INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list);
diff --git a/security/tomoyo/number_group.c b/security/tomoyo/number_group.c
index eca20d6f4e8b..99694153b947 100644
--- a/security/tomoyo/number_group.c
+++ b/security/tomoyo/number_group.c
@@ -7,9 +7,6 @@
7#include <linux/slab.h> 7#include <linux/slab.h>
8#include "common.h" 8#include "common.h"
9 9
10/* The list for "struct tomoyo_number_group". */
11LIST_HEAD(tomoyo_number_group_list);
12
13/** 10/**
14 * tomoyo_get_group - Allocate memory for "struct tomoyo_number_group". 11 * tomoyo_get_group - Allocate memory for "struct tomoyo_number_group".
15 * 12 *
@@ -32,7 +29,8 @@ struct tomoyo_group *tomoyo_get_number_group(const char *group_name)
32 entry = kzalloc(sizeof(*entry), GFP_NOFS); 29 entry = kzalloc(sizeof(*entry), GFP_NOFS);
33 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 30 if (mutex_lock_interruptible(&tomoyo_policy_lock))
34 goto out; 31 goto out;
35 list_for_each_entry_rcu(group, &tomoyo_number_group_list, list) { 32 list_for_each_entry_rcu(group, &tomoyo_group_list[TOMOYO_NUMBER_GROUP],
33 list) {
36 if (saved_group_name != group->group_name) 34 if (saved_group_name != group->group_name)
37 continue; 35 continue;
38 atomic_inc(&group->users); 36 atomic_inc(&group->users);
@@ -44,7 +42,8 @@ struct tomoyo_group *tomoyo_get_number_group(const char *group_name)
44 entry->group_name = saved_group_name; 42 entry->group_name = saved_group_name;
45 saved_group_name = NULL; 43 saved_group_name = NULL;
46 atomic_set(&entry->users, 1); 44 atomic_set(&entry->users, 1);
47 list_add_tail_rcu(&entry->list, &tomoyo_number_group_list); 45 list_add_tail_rcu(&entry->list,
46 &tomoyo_group_list[TOMOYO_NUMBER_GROUP]);
48 group = entry; 47 group = entry;
49 entry = NULL; 48 entry = NULL;
50 error = 0; 49 error = 0;
@@ -110,7 +109,8 @@ bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head)
110{ 109{
111 struct list_head *gpos; 110 struct list_head *gpos;
112 struct list_head *mpos; 111 struct list_head *mpos;
113 list_for_each_cookie(gpos, head->read_var1, &tomoyo_number_group_list) { 112 list_for_each_cookie(gpos, head->read_var1,
113 &tomoyo_group_list[TOMOYO_NUMBER_GROUP]) {
114 struct tomoyo_group *group; 114 struct tomoyo_group *group;
115 const char *name; 115 const char *name;
116 group = list_entry(gpos, struct tomoyo_group, list); 116 group = list_entry(gpos, struct tomoyo_group, list);
diff --git a/security/tomoyo/path_group.c b/security/tomoyo/path_group.c
index bce2524402fa..44e8a5b1ca67 100644
--- a/security/tomoyo/path_group.c
+++ b/security/tomoyo/path_group.c
@@ -6,8 +6,6 @@
6 6
7#include <linux/slab.h> 7#include <linux/slab.h>
8#include "common.h" 8#include "common.h"
9/* The list for "struct tomoyo_path_group". */
10LIST_HEAD(tomoyo_path_group_list);
11 9
12/** 10/**
13 * tomoyo_get_group - Allocate memory for "struct tomoyo_path_group". 11 * tomoyo_get_group - Allocate memory for "struct tomoyo_path_group".
@@ -30,7 +28,8 @@ struct tomoyo_group *tomoyo_get_path_group(const char *group_name)
30 entry = kzalloc(sizeof(*entry), GFP_NOFS); 28 entry = kzalloc(sizeof(*entry), GFP_NOFS);
31 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 29 if (mutex_lock_interruptible(&tomoyo_policy_lock))
32 goto out; 30 goto out;
33 list_for_each_entry_rcu(group, &tomoyo_path_group_list, list) { 31 list_for_each_entry_rcu(group, &tomoyo_group_list[TOMOYO_PATH_GROUP],
32 list) {
34 if (saved_group_name != group->group_name) 33 if (saved_group_name != group->group_name)
35 continue; 34 continue;
36 atomic_inc(&group->users); 35 atomic_inc(&group->users);
@@ -42,7 +41,8 @@ struct tomoyo_group *tomoyo_get_path_group(const char *group_name)
42 entry->group_name = saved_group_name; 41 entry->group_name = saved_group_name;
43 saved_group_name = NULL; 42 saved_group_name = NULL;
44 atomic_set(&entry->users, 1); 43 atomic_set(&entry->users, 1);
45 list_add_tail_rcu(&entry->list, &tomoyo_path_group_list); 44 list_add_tail_rcu(&entry->list,
45 &tomoyo_group_list[TOMOYO_PATH_GROUP]);
46 group = entry; 46 group = entry;
47 entry = NULL; 47 entry = NULL;
48 error = 0; 48 error = 0;
@@ -107,7 +107,8 @@ bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head)
107{ 107{
108 struct list_head *gpos; 108 struct list_head *gpos;
109 struct list_head *mpos; 109 struct list_head *mpos;
110 list_for_each_cookie(gpos, head->read_var1, &tomoyo_path_group_list) { 110 list_for_each_cookie(gpos, head->read_var1,
111 &tomoyo_group_list[TOMOYO_PATH_GROUP]) {
111 struct tomoyo_group *group; 112 struct tomoyo_group *group;
112 group = list_entry(gpos, struct tomoyo_group, list); 113 group = list_entry(gpos, struct tomoyo_group, list);
113 list_for_each_cookie(mpos, head->read_var2, 114 list_for_each_cookie(mpos, head->read_var2,