diff options
Diffstat (limited to 'security/tomoyo/domain.c')
| -rw-r--r-- | security/tomoyo/domain.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index acb8c397d5cf..a1723bbcde0e 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c | |||
| @@ -153,8 +153,9 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, | |||
| 153 | if (!saved_program) | 153 | if (!saved_program) |
| 154 | goto out; | 154 | goto out; |
| 155 | if (!is_delete) | 155 | if (!is_delete) |
| 156 | entry = kmalloc(sizeof(*entry), GFP_KERNEL); | 156 | entry = kmalloc(sizeof(*entry), GFP_NOFS); |
| 157 | mutex_lock(&tomoyo_policy_lock); | 157 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
| 158 | goto out; | ||
| 158 | list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) { | 159 | list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) { |
| 159 | if (ptr->is_not != is_not || | 160 | if (ptr->is_not != is_not || |
| 160 | ptr->domainname != saved_domainname || | 161 | ptr->domainname != saved_domainname || |
| @@ -373,8 +374,9 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, | |||
| 373 | if (!saved_domainname) | 374 | if (!saved_domainname) |
| 374 | goto out; | 375 | goto out; |
| 375 | if (!is_delete) | 376 | if (!is_delete) |
| 376 | entry = kmalloc(sizeof(*entry), GFP_KERNEL); | 377 | entry = kmalloc(sizeof(*entry), GFP_NOFS); |
| 377 | mutex_lock(&tomoyo_policy_lock); | 378 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
| 379 | goto out; | ||
| 378 | list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) { | 380 | list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) { |
| 379 | if (ptr->is_not != is_not || | 381 | if (ptr->is_not != is_not || |
| 380 | ptr->domainname != saved_domainname || | 382 | ptr->domainname != saved_domainname || |
| @@ -565,8 +567,9 @@ static int tomoyo_update_alias_entry(const char *original_name, | |||
| 565 | if (!saved_original_name || !saved_aliased_name) | 567 | if (!saved_original_name || !saved_aliased_name) |
| 566 | goto out; | 568 | goto out; |
| 567 | if (!is_delete) | 569 | if (!is_delete) |
| 568 | entry = kmalloc(sizeof(*entry), GFP_KERNEL); | 570 | entry = kmalloc(sizeof(*entry), GFP_NOFS); |
| 569 | mutex_lock(&tomoyo_policy_lock); | 571 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
| 572 | goto out; | ||
| 570 | list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) { | 573 | list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) { |
| 571 | if (ptr->original_name != saved_original_name || | 574 | if (ptr->original_name != saved_original_name || |
| 572 | ptr->aliased_name != saved_aliased_name) | 575 | ptr->aliased_name != saved_aliased_name) |
| @@ -656,7 +659,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * | |||
| 656 | const u8 profile) | 659 | const u8 profile) |
| 657 | { | 660 | { |
| 658 | struct tomoyo_domain_info *entry; | 661 | struct tomoyo_domain_info *entry; |
| 659 | struct tomoyo_domain_info *domain; | 662 | struct tomoyo_domain_info *domain = NULL; |
| 660 | const struct tomoyo_path_info *saved_domainname; | 663 | const struct tomoyo_path_info *saved_domainname; |
| 661 | bool found = false; | 664 | bool found = false; |
| 662 | 665 | ||
| @@ -665,8 +668,9 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * | |||
| 665 | saved_domainname = tomoyo_get_name(domainname); | 668 | saved_domainname = tomoyo_get_name(domainname); |
| 666 | if (!saved_domainname) | 669 | if (!saved_domainname) |
| 667 | return NULL; | 670 | return NULL; |
| 668 | entry = kzalloc(sizeof(*entry), GFP_KERNEL); | 671 | entry = kzalloc(sizeof(*entry), GFP_NOFS); |
| 669 | mutex_lock(&tomoyo_policy_lock); | 672 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
| 673 | goto out; | ||
| 670 | list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { | 674 | list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { |
| 671 | if (domain->is_deleted || | 675 | if (domain->is_deleted || |
| 672 | tomoyo_pathcmp(saved_domainname, domain->domainname)) | 676 | tomoyo_pathcmp(saved_domainname, domain->domainname)) |
| @@ -685,6 +689,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * | |||
| 685 | found = true; | 689 | found = true; |
| 686 | } | 690 | } |
| 687 | mutex_unlock(&tomoyo_policy_lock); | 691 | mutex_unlock(&tomoyo_policy_lock); |
| 692 | out: | ||
| 688 | tomoyo_put_name(saved_domainname); | 693 | tomoyo_put_name(saved_domainname); |
| 689 | kfree(entry); | 694 | kfree(entry); |
| 690 | return found ? domain : NULL; | 695 | return found ? domain : NULL; |
| @@ -705,7 +710,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) | |||
| 705 | * This function assumes that the size of buffer returned by | 710 | * This function assumes that the size of buffer returned by |
| 706 | * tomoyo_realpath() = TOMOYO_MAX_PATHNAME_LEN. | 711 | * tomoyo_realpath() = TOMOYO_MAX_PATHNAME_LEN. |
| 707 | */ | 712 | */ |
| 708 | struct tomoyo_page_buffer *tmp = kzalloc(sizeof(*tmp), GFP_KERNEL); | 713 | struct tomoyo_page_buffer *tmp = kzalloc(sizeof(*tmp), GFP_NOFS); |
| 709 | struct tomoyo_domain_info *old_domain = tomoyo_domain(); | 714 | struct tomoyo_domain_info *old_domain = tomoyo_domain(); |
| 710 | struct tomoyo_domain_info *domain = NULL; | 715 | struct tomoyo_domain_info *domain = NULL; |
| 711 | const char *old_domain_name = old_domain->domainname->name; | 716 | const char *old_domain_name = old_domain->domainname->name; |