aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2009-12-07 19:34:43 -0500
committerJames Morris <jmorris@namei.org>2009-12-14 23:46:31 -0500
commitfdb8ebb729bbb640e64028a4f579a02ebc405727 (patch)
tree9dfca7422cb858cd05208734affab31d980030fe /security
parent86fc80f16e8a2449d5827bf1a9838b7fd9f70097 (diff)
TOMOYO: Use RCU primitives for list operation
Replace list operation with RCU primitives and replace down_read()/up_read() with srcu_read_lock()/srcu_read_unlock(). Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/tomoyo/common.c90
-rw-r--r--security/tomoyo/common.h28
-rw-r--r--security/tomoyo/domain.c63
-rw-r--r--security/tomoyo/file.c110
-rw-r--r--security/tomoyo/realpath.c8
-rw-r--r--security/tomoyo/tomoyo.c20
6 files changed, 207 insertions, 112 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 6c6061682438..f01b9364db2d 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -365,10 +365,9 @@ bool tomoyo_is_domain_def(const unsigned char *buffer)
365 * 365 *
366 * @domainname: The domainname to find. 366 * @domainname: The domainname to find.
367 * 367 *
368 * Caller must call down_read(&tomoyo_domain_list_lock); or
369 * down_write(&tomoyo_domain_list_lock); .
370 *
371 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise. 368 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise.
369 *
370 * Caller holds tomoyo_read_lock().
372 */ 371 */
373struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname) 372struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname)
374{ 373{
@@ -377,7 +376,7 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname)
377 376
378 name.name = domainname; 377 name.name = domainname;
379 tomoyo_fill_path_info(&name); 378 tomoyo_fill_path_info(&name);
380 list_for_each_entry(domain, &tomoyo_domain_list, list) { 379 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
381 if (!domain->is_deleted && 380 if (!domain->is_deleted &&
382 !tomoyo_pathcmp(&name, domain->domainname)) 381 !tomoyo_pathcmp(&name, domain->domainname))
383 return domain; 382 return domain;
@@ -829,6 +828,8 @@ bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain)
829 * @domain: Pointer to "struct tomoyo_domain_info". 828 * @domain: Pointer to "struct tomoyo_domain_info".
830 * 829 *
831 * Returns true if the domain is not exceeded quota, false otherwise. 830 * Returns true if the domain is not exceeded quota, false otherwise.
831 *
832 * Caller holds tomoyo_read_lock().
832 */ 833 */
833bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain) 834bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
834{ 835{
@@ -837,8 +838,7 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
837 838
838 if (!domain) 839 if (!domain)
839 return true; 840 return true;
840 down_read(&tomoyo_domain_acl_info_list_lock); 841 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
841 list_for_each_entry(ptr, &domain->acl_info_list, list) {
842 if (ptr->type & TOMOYO_ACL_DELETED) 842 if (ptr->type & TOMOYO_ACL_DELETED)
843 continue; 843 continue;
844 switch (tomoyo_acl_type2(ptr)) { 844 switch (tomoyo_acl_type2(ptr)) {
@@ -866,7 +866,6 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
866 break; 866 break;
867 } 867 }
868 } 868 }
869 up_read(&tomoyo_domain_acl_info_list_lock);
870 if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY)) 869 if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY))
871 return true; 870 return true;
872 if (!domain->quota_warned) { 871 if (!domain->quota_warned) {
@@ -1096,6 +1095,8 @@ static DECLARE_RWSEM(tomoyo_policy_manager_list_lock);
1096 * @is_delete: True if it is a delete request. 1095 * @is_delete: True if it is a delete request.
1097 * 1096 *
1098 * Returns 0 on success, negative value otherwise. 1097 * Returns 0 on success, negative value otherwise.
1098 *
1099 * Caller holds tomoyo_read_lock().
1099 */ 1100 */
1100static int tomoyo_update_manager_entry(const char *manager, 1101static int tomoyo_update_manager_entry(const char *manager,
1101 const bool is_delete) 1102 const bool is_delete)
@@ -1118,7 +1119,7 @@ static int tomoyo_update_manager_entry(const char *manager,
1118 if (!saved_manager) 1119 if (!saved_manager)
1119 return -ENOMEM; 1120 return -ENOMEM;
1120 down_write(&tomoyo_policy_manager_list_lock); 1121 down_write(&tomoyo_policy_manager_list_lock);
1121 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) { 1122 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
1122 if (ptr->manager != saved_manager) 1123 if (ptr->manager != saved_manager)
1123 continue; 1124 continue;
1124 ptr->is_deleted = is_delete; 1125 ptr->is_deleted = is_delete;
@@ -1134,7 +1135,7 @@ static int tomoyo_update_manager_entry(const char *manager,
1134 goto out; 1135 goto out;
1135 new_entry->manager = saved_manager; 1136 new_entry->manager = saved_manager;
1136 new_entry->is_domain = is_domain; 1137 new_entry->is_domain = is_domain;
1137 list_add_tail(&new_entry->list, &tomoyo_policy_manager_list); 1138 list_add_tail_rcu(&new_entry->list, &tomoyo_policy_manager_list);
1138 error = 0; 1139 error = 0;
1139 out: 1140 out:
1140 up_write(&tomoyo_policy_manager_list_lock); 1141 up_write(&tomoyo_policy_manager_list_lock);
@@ -1147,6 +1148,8 @@ static int tomoyo_update_manager_entry(const char *manager,
1147 * @head: Pointer to "struct tomoyo_io_buffer". 1148 * @head: Pointer to "struct tomoyo_io_buffer".
1148 * 1149 *
1149 * Returns 0 on success, negative value otherwise. 1150 * Returns 0 on success, negative value otherwise.
1151 *
1152 * Caller holds tomoyo_read_lock().
1150 */ 1153 */
1151static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) 1154static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
1152{ 1155{
@@ -1166,6 +1169,8 @@ static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
1166 * @head: Pointer to "struct tomoyo_io_buffer". 1169 * @head: Pointer to "struct tomoyo_io_buffer".
1167 * 1170 *
1168 * Returns 0. 1171 * Returns 0.
1172 *
1173 * Caller holds tomoyo_read_lock().
1169 */ 1174 */
1170static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) 1175static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
1171{ 1176{
@@ -1174,7 +1179,6 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
1174 1179
1175 if (head->read_eof) 1180 if (head->read_eof)
1176 return 0; 1181 return 0;
1177 down_read(&tomoyo_policy_manager_list_lock);
1178 list_for_each_cookie(pos, head->read_var2, 1182 list_for_each_cookie(pos, head->read_var2,
1179 &tomoyo_policy_manager_list) { 1183 &tomoyo_policy_manager_list) {
1180 struct tomoyo_policy_manager_entry *ptr; 1184 struct tomoyo_policy_manager_entry *ptr;
@@ -1186,7 +1190,6 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
1186 if (!done) 1190 if (!done)
1187 break; 1191 break;
1188 } 1192 }
1189 up_read(&tomoyo_policy_manager_list_lock);
1190 head->read_eof = done; 1193 head->read_eof = done;
1191 return 0; 1194 return 0;
1192} 1195}
@@ -1196,6 +1199,8 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
1196 * 1199 *
1197 * Returns true if the current process is permitted to modify policy 1200 * Returns true if the current process is permitted to modify policy
1198 * via /sys/kernel/security/tomoyo/ interface. 1201 * via /sys/kernel/security/tomoyo/ interface.
1202 *
1203 * Caller holds tomoyo_read_lock().
1199 */ 1204 */
1200static bool tomoyo_is_policy_manager(void) 1205static bool tomoyo_is_policy_manager(void)
1201{ 1206{
@@ -1209,29 +1214,25 @@ static bool tomoyo_is_policy_manager(void)
1209 return true; 1214 return true;
1210 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 1215 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
1211 return false; 1216 return false;
1212 down_read(&tomoyo_policy_manager_list_lock); 1217 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
1213 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
1214 if (!ptr->is_deleted && ptr->is_domain 1218 if (!ptr->is_deleted && ptr->is_domain
1215 && !tomoyo_pathcmp(domainname, ptr->manager)) { 1219 && !tomoyo_pathcmp(domainname, ptr->manager)) {
1216 found = true; 1220 found = true;
1217 break; 1221 break;
1218 } 1222 }
1219 } 1223 }
1220 up_read(&tomoyo_policy_manager_list_lock);
1221 if (found) 1224 if (found)
1222 return true; 1225 return true;
1223 exe = tomoyo_get_exe(); 1226 exe = tomoyo_get_exe();
1224 if (!exe) 1227 if (!exe)
1225 return false; 1228 return false;
1226 down_read(&tomoyo_policy_manager_list_lock); 1229 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
1227 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
1228 if (!ptr->is_deleted && !ptr->i