aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/domain.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/domain.c')
-rw-r--r--security/tomoyo/domain.c58
1 files changed, 19 insertions, 39 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 7d0b0bc48201..a55a1cced58e 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -245,6 +245,7 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
245 saved_program = tomoyo_save_name(program); 245 saved_program = tomoyo_save_name(program);
246 if (!saved_program) 246 if (!saved_program)
247 return -ENOMEM; 247 return -ENOMEM;
248 new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
248 mutex_lock(&tomoyo_policy_lock); 249 mutex_lock(&tomoyo_policy_lock);
249 list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) { 250 list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) {
250 if (ptr->is_not != is_not || 251 if (ptr->is_not != is_not ||
@@ -259,17 +260,18 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
259 error = -ENOENT; 260 error = -ENOENT;
260 goto out; 261 goto out;
261 } 262 }
262 new_entry = tomoyo_alloc_element(sizeof(*new_entry)); 263 if (!tomoyo_memory_ok(new_entry))
263 if (!new_entry)
264 goto out; 264 goto out;
265 new_entry->domainname = saved_domainname; 265 new_entry->domainname = saved_domainname;
266 new_entry->program = saved_program; 266 new_entry->program = saved_program;
267 new_entry->is_not = is_not; 267 new_entry->is_not = is_not;
268 new_entry->is_last_name = is_last_name; 268 new_entry->is_last_name = is_last_name;
269 list_add_tail_rcu(&new_entry->list, &tomoyo_domain_initializer_list); 269 list_add_tail_rcu(&new_entry->list, &tomoyo_domain_initializer_list);
270 new_entry = NULL;
270 error = 0; 271 error = 0;
271 out: 272 out:
272 mutex_unlock(&tomoyo_policy_lock); 273 mutex_unlock(&tomoyo_policy_lock);
274 kfree(new_entry);
273 return error; 275 return error;
274} 276}
275 277
@@ -461,6 +463,7 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
461 saved_domainname = tomoyo_save_name(domainname); 463 saved_domainname = tomoyo_save_name(domainname);
462 if (!saved_domainname) 464 if (!saved_domainname)
463 return -ENOMEM; 465 return -ENOMEM;
466 new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
464 mutex_lock(&tomoyo_policy_lock); 467 mutex_lock(&tomoyo_policy_lock);
465 list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) { 468 list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) {
466 if (ptr->is_not != is_not || 469 if (ptr->is_not != is_not ||
@@ -475,17 +478,18 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
475 error = -ENOENT; 478 error = -ENOENT;
476 goto out; 479 goto out;
477 } 480 }
478 new_entry = tomoyo_alloc_element(sizeof(*new_entry)); 481 if (!tomoyo_memory_ok(new_entry))
479 if (!new_entry)
480 goto out; 482 goto out;
481 new_entry->domainname = saved_domainname; 483 new_entry->domainname = saved_domainname;
482 new_entry->program = saved_program; 484 new_entry->program = saved_program;
483 new_entry->is_not = is_not; 485 new_entry->is_not = is_not;
484 new_entry->is_last_name = is_last_name; 486 new_entry->is_last_name = is_last_name;
485 list_add_tail_rcu(&new_entry->list, &tomoyo_domain_keeper_list); 487 list_add_tail_rcu(&new_entry->list, &tomoyo_domain_keeper_list);
488 new_entry = NULL;
486 error = 0; 489 error = 0;
487 out: 490 out:
488 mutex_unlock(&tomoyo_policy_lock); 491 mutex_unlock(&tomoyo_policy_lock);
492 kfree(new_entry);
489 return error; 493 return error;
490} 494}
491 495
@@ -650,6 +654,7 @@ static int tomoyo_update_alias_entry(const char *original_name,
650 saved_aliased_name = tomoyo_save_name(aliased_name); 654 saved_aliased_name = tomoyo_save_name(aliased_name);
651 if (!saved_original_name || !saved_aliased_name) 655 if (!saved_original_name || !saved_aliased_name)
652 return -ENOMEM; 656 return -ENOMEM;
657 new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
653 mutex_lock(&tomoyo_policy_lock); 658 mutex_lock(&tomoyo_policy_lock);
654 list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) { 659 list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
655 if (ptr->original_name != saved_original_name || 660 if (ptr->original_name != saved_original_name ||
@@ -663,15 +668,16 @@ static int tomoyo_update_alias_entry(const char *original_name,
663 error = -ENOENT; 668 error = -ENOENT;
664 goto out; 669 goto out;
665 } 670 }
666 new_entry = tomoyo_alloc_element(sizeof(*new_entry)); 671 if (!tomoyo_memory_ok(new_entry))
667 if (!new_entry)
668 goto out; 672 goto out;
669 new_entry->original_name = saved_original_name; 673 new_entry->original_name = saved_original_name;
670 new_entry->aliased_name = saved_aliased_name; 674 new_entry->aliased_name = saved_aliased_name;
671 list_add_tail_rcu(&new_entry->list, &tomoyo_alias_list); 675 list_add_tail_rcu(&new_entry->list, &tomoyo_alias_list);
676 new_entry = NULL;
672 error = 0; 677 error = 0;
673 out: 678 out:
674 mutex_unlock(&tomoyo_policy_lock); 679 mutex_unlock(&tomoyo_policy_lock);
680 kfree(new_entry);
675 return error; 681 return error;
676} 682}
677 683
@@ -738,7 +744,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
738 domainname, 744 domainname,
739 const u8 profile) 745 const u8 profile)
740{ 746{
741 struct tomoyo_domain_info *domain = NULL; 747 struct tomoyo_domain_info *domain;
742 const struct tomoyo_path_info *saved_domainname; 748 const struct tomoyo_path_info *saved_domainname;
743 749
744 mutex_lock(&tomoyo_policy_lock); 750 mutex_lock(&tomoyo_policy_lock);
@@ -750,43 +756,17 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
750 saved_domainname = tomoyo_save_name(domainname); 756 saved_domainname = tomoyo_save_name(domainname);
751 if (!saved_domainname) 757 if (!saved_domainname)
752 goto out; 758 goto out;
753 /* Can I reuse memory of deleted domain? */ 759 domain = kmalloc(sizeof(*domain), GFP_KERNEL);
754 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 760 if (tomoyo_memory_ok(domain)) {
755 struct task_struct *p;
756 struct tomoyo_acl_info *ptr;
757 bool flag;
758 if (!domain->is_deleted ||
759 domain->domainname != saved_domainname)
760 continue;
761 flag = false;
762 read_lock(&tasklist_lock);
763 for_each_process(p) {
764 if (tomoyo_real_domain(p) != domain)
765 continue;
766 flag = true;
767 break;
768 }
769 read_unlock(&tasklist_lock);
770 if (flag)
771 continue;
772 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
773 ptr->type |= TOMOYO_ACL_DELETED;
774 }
775 tomoyo_set_domain_flag(domain, true, domain->flags);
776 domain->profile = profile;
777 domain->quota_warned = false;
778 mb(); /* Avoid out-of-order execution. */
779 domain->is_deleted = false;
780 goto out;
781 }
782 /* No memory reusable. Create using new memory. */
783 domain = tomoyo_alloc_element(sizeof(*domain));
784 if (domain) {
785 INIT_LIST_HEAD(&domain->acl_info_list); 761 INIT_LIST_HEAD(&domain->acl_info_list);
786 domain->domainname = saved_domainname; 762 domain->domainname = saved_domainname;
787 domain->profile = profile; 763 domain->profile = profile;
788 list_add_tail_rcu(&domain->list, &tomoyo_domain_list); 764 list_add_tail_rcu(&domain->list, &tomoyo_domain_list);
765 } else {
766 kfree(domain);
767 domain = NULL;
789 } 768 }
769
790 out: 770 out:
791 mutex_unlock(&tomoyo_policy_lock); 771 mutex_unlock(&tomoyo_policy_lock);
792 return domain; 772 return domain;
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-09 20:25:12 -0400