aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/common.c12
-rw-r--r--security/tomoyo/common.h5
-rw-r--r--security/tomoyo/domain.c20
-rw-r--r--security/tomoyo/file.c26
4 files changed, 27 insertions, 36 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index f01b9364db2d..642e0e565dfc 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -16,6 +16,9 @@
16#include "common.h" 16#include "common.h"
17#include "tomoyo.h" 17#include "tomoyo.h"
18 18
19/* Lock for protecting policy. */
20DEFINE_MUTEX(tomoyo_policy_lock);
21
19/* Has loading policy done? */ 22/* Has loading policy done? */
20bool tomoyo_policy_loaded; 23bool tomoyo_policy_loaded;
21 24
@@ -1086,7 +1089,6 @@ struct tomoyo_policy_manager_entry {
1086 * # cat /sys/kernel/security/tomoyo/manager 1089 * # cat /sys/kernel/security/tomoyo/manager
1087 */ 1090 */
1088static LIST_HEAD(tomoyo_policy_manager_list); 1091static LIST_HEAD(tomoyo_policy_manager_list);
1089static DECLARE_RWSEM(tomoyo_policy_manager_list_lock);
1090 1092
1091/** 1093/**
1092 * tomoyo_update_manager_entry - Add a manager entry. 1094 * tomoyo_update_manager_entry - Add a manager entry.
@@ -1118,7 +1120,7 @@ static int tomoyo_update_manager_entry(const char *manager,
1118 saved_manager = tomoyo_save_name(manager); 1120 saved_manager = tomoyo_save_name(manager);
1119 if (!saved_manager) 1121 if (!saved_manager)
1120 return -ENOMEM; 1122 return -ENOMEM;
1121 down_write(&tomoyo_policy_manager_list_lock); 1123 mutex_lock(&tomoyo_policy_lock);
1122 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { 1124 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
1123 if (ptr->manager != saved_manager) 1125 if (ptr->manager != saved_manager)
1124 continue; 1126 continue;
@@ -1138,7 +1140,7 @@ static int tomoyo_update_manager_entry(const char *manager,
1138 list_add_tail_rcu(&new_entry->list, &tomoyo_policy_manager_list); 1140 list_add_tail_rcu(&new_entry->list, &tomoyo_policy_manager_list);
1139 error = 0; 1141 error = 0;
1140 out: 1142 out:
1141 up_write(&tomoyo_policy_manager_list_lock); 1143 mutex_unlock(&tomoyo_policy_lock);
1142 return error; 1144 return error;
1143} 1145}
1144 1146
@@ -1315,7 +1317,7 @@ static int tomoyo_delete_domain(char *domainname)
1315 1317
1316 name.name = domainname; 1318 name.name = domainname;
1317 tomoyo_fill_path_info(&name); 1319 tomoyo_fill_path_info(&name);
1318 down_write(&tomoyo_domain_list_lock); 1320 mutex_lock(&tomoyo_policy_lock);
1319 /* Is there an active domain? */ 1321 /* Is there an active domain? */
1320 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1322 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
1321 /* Never delete tomoyo_kernel_domain */ 1323 /* Never delete tomoyo_kernel_domain */
@@ -1327,7 +1329,7 @@ static int tomoyo_delete_domain(char *domainname)
1327 domain->is_deleted = true; 1329 domain->is_deleted = true;
1328 break; 1330 break;
1329 } 1331 }
1330 up_write(&tomoyo_domain_list_lock); 1332 mutex_unlock(&tomoyo_policy_lock);
1331 return 0; 1333 return 0;
1332} 1334}
1333 1335
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index c6f13925472a..874abf8df43e 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -431,10 +431,9 @@ static inline bool tomoyo_is_invalid(const unsigned char c)
431 431
432/* The list for "struct tomoyo_domain_info". */ 432/* The list for "struct tomoyo_domain_info". */
433extern struct list_head tomoyo_domain_list; 433extern struct list_head tomoyo_domain_list;
434extern struct rw_semaphore tomoyo_domain_list_lock;
435 434
436/* Lock for domain->acl_info_list. */ 435/* Lock for protecting policy. */
437extern struct rw_semaphore tomoyo_domain_acl_info_list_lock; 436extern struct mutex tomoyo_policy_lock;
438 437
439/* Has /sbin/init started? */ 438/* Has /sbin/init started? */
440extern bool tomoyo_policy_loaded; 439extern bool tomoyo_policy_loaded;
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 2fd190168b7e..7d0b0bc48201 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -58,7 +58,6 @@ struct tomoyo_domain_info tomoyo_kernel_domain;
58 * exceptions. 58 * exceptions.
59 */ 59 */
60LIST_HEAD(tomoyo_domain_list); 60LIST_HEAD(tomoyo_domain_list);
61DECLARE_RWSEM(tomoyo_domain_list_lock);
62 61
63/* 62/*
64 * tomoyo_domain_initializer_entry is a structure which is used for holding 63 * tomoyo_domain_initializer_entry is a structure which is used for holding
@@ -206,7 +205,6 @@ const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain)
206 * unless executed from "<kernel> /etc/rc.d/init.d/httpd" domain. 205 * unless executed from "<kernel> /etc/rc.d/init.d/httpd" domain.
207 */ 206 */
208static LIST_HEAD(tomoyo_domain_initializer_list); 207static LIST_HEAD(tomoyo_domain_initializer_list);
209static DECLARE_RWSEM(tomoyo_domain_initializer_list_lock);
210 208
211/** 209/**
212 * tomoyo_update_domain_initializer_entry - Update "struct tomoyo_domain_initializer_entry" list. 210 * tomoyo_update_domain_initializer_entry - Update "struct tomoyo_domain_initializer_entry" list.
@@ -247,7 +245,7 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
247 saved_program = tomoyo_save_name(program); 245 saved_program = tomoyo_save_name(program);
248 if (!saved_program) 246 if (!saved_program)
249 return -ENOMEM; 247 return -ENOMEM;
250 down_write(&tomoyo_domain_initializer_list_lock); 248 mutex_lock(&tomoyo_policy_lock);
251 list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) { 249 list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) {
252 if (ptr->is_not != is_not || 250 if (ptr->is_not != is_not ||
253 ptr->domainname != saved_domainname || 251 ptr->domainname != saved_domainname ||
@@ -271,7 +269,7 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
271 list_add_tail_rcu(&new_entry->list, &tomoyo_domain_initializer_list); 269 list_add_tail_rcu(&new_entry->list, &tomoyo_domain_initializer_list);
272 error = 0; 270 error = 0;
273 out: 271 out:
274 up_write(&tomoyo_domain_initializer_list_lock); 272 mutex_unlock(&tomoyo_policy_lock);
275 return error; 273 return error;
276} 274}
277 275
@@ -423,7 +421,6 @@ static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info *
423 * explicitly specified by "initialize_domain". 421 * explicitly specified by "initialize_domain".
424 */ 422 */
425static LIST_HEAD(tomoyo_domain_keeper_list); 423static LIST_HEAD(tomoyo_domain_keeper_list);
426static DECLARE_RWSEM(tomoyo_domain_keeper_list_lock);
427 424
428/** 425/**
429 * tomoyo_update_domain_keeper_entry - Update "struct tomoyo_domain_keeper_entry" list. 426 * tomoyo_update_domain_keeper_entry - Update "struct tomoyo_domain_keeper_entry" list.
@@ -464,7 +461,7 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
464 saved_domainname = tomoyo_save_name(domainname); 461 saved_domainname = tomoyo_save_name(domainname);
465 if (!saved_domainname) 462 if (!saved_domainname)
466 return -ENOMEM; 463 return -ENOMEM;
467 down_write(&tomoyo_domain_keeper_list_lock); 464 mutex_lock(&tomoyo_policy_lock);
468 list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) { 465 list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) {
469 if (ptr->is_not != is_not || 466 if (ptr->is_not != is_not ||
470 ptr->domainname != saved_domainname || 467 ptr->domainname != saved_domainname ||
@@ -488,7 +485,7 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
488 list_add_tail_rcu(&new_entry->list, &tomoyo_domain_keeper_list); 485 list_add_tail_rcu(&new_entry->list, &tomoyo_domain_keeper_list);
489 error = 0; 486 error = 0;
490 out: 487 out:
491 up_write(&tomoyo_domain_keeper_list_lock); 488 mutex_unlock(&tomoyo_policy_lock);
492 return error; 489 return error;
493} 490}
494 491
@@ -624,7 +621,6 @@ static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname,
624 * execve() succeeds is calculated using /bin/cat rather than /bin/busybox . 621 * execve() succeeds is calculated using /bin/cat rather than /bin/busybox .
625 */ 622 */
626static LIST_HEAD(tomoyo_alias_list); 623static LIST_HEAD(tomoyo_alias_list);
627static DECLARE_RWSEM(tomoyo_alias_list_lock);
628 624
629/** 625/**
630 * tomoyo_update_alias_entry - Update "struct tomoyo_alias_entry" list. 626 * tomoyo_update_alias_entry - Update "struct tomoyo_alias_entry" list.
@@ -654,7 +650,7 @@ static int tomoyo_update_alias_entry(const char *original_name,
654 saved_aliased_name = tomoyo_save_name(aliased_name); 650 saved_aliased_name = tomoyo_save_name(aliased_name);
655 if (!saved_original_name || !saved_aliased_name) 651 if (!saved_original_name || !saved_aliased_name)
656 return -ENOMEM; 652 return -ENOMEM;
657 down_write(&tomoyo_alias_list_lock); 653 mutex_lock(&tomoyo_policy_lock);
658 list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) { 654 list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
659 if (ptr->original_name != saved_original_name || 655 if (ptr->original_name != saved_original_name ||
660 ptr->aliased_name != saved_aliased_name) 656 ptr->aliased_name != saved_aliased_name)
@@ -675,7 +671,7 @@ static int tomoyo_update_alias_entry(const char *original_name,
675 list_add_tail_rcu(&new_entry->list, &tomoyo_alias_list); 671 list_add_tail_rcu(&new_entry->list, &tomoyo_alias_list);
676 error = 0; 672 error = 0;
677 out: 673 out:
678 up_write(&tomoyo_alias_list_lock); 674 mutex_unlock(&tomoyo_policy_lock);
679 return error; 675 return error;
680} 676}
681 677
@@ -745,7 +741,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
745 struct tomoyo_domain_info *domain = NULL; 741 struct tomoyo_domain_info *domain = NULL;
746 const struct tomoyo_path_info *saved_domainname; 742 const struct tomoyo_path_info *saved_domainname;
747 743
748 down_write(&tomoyo_domain_list_lock); 744 mutex_lock(&tomoyo_policy_lock);
749 domain = tomoyo_find_domain(domainname); 745 domain = tomoyo_find_domain(domainname);
750 if (domain) 746 if (domain)
751 goto out; 747 goto out;
@@ -792,7 +788,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
792 list_add_tail_rcu(&domain->list, &tomoyo_domain_list); 788 list_add_tail_rcu(&domain->list, &tomoyo_domain_list);
793 } 789 }
794 out: 790 out:
795 up_write(&tomoyo_domain_list_lock); 791 mutex_unlock(&tomoyo_policy_lock);
796 return domain; 792 return domain;
797} 793}
798 794
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 3c472867634f..5d1689d6e16c 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -167,9 +167,6 @@ static struct tomoyo_path_info *tomoyo_get_path(struct path *path)
167 return NULL; 167 return NULL;
168} 168}
169 169
170/* Lock for domain->acl_info_list. */
171DECLARE_RWSEM(tomoyo_domain_acl_info_list_lock);
172
173static int tomoyo_update_double_path_acl(const u8 type, const char *filename1, 170static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
174 const char *filename2, 171 const char *filename2,
175 struct tomoyo_domain_info * 172 struct tomoyo_domain_info *
@@ -204,7 +201,6 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
204 * belongs to. 201 * belongs to.
205 */ 202 */
206static LIST_HEAD(tomoyo_globally_readable_list); 203static LIST_HEAD(tomoyo_globally_readable_list);
207static DECLARE_RWSEM(tomoyo_globally_readable_list_lock);
208 204
209/** 205/**
210 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list. 206 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
@@ -229,7 +225,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
229 saved_filename = tomoyo_save_name(filename); 225 saved_filename = tomoyo_save_name(filename);
230 if (!saved_filename) 226 if (!saved_filename)
231 return -ENOMEM; 227 return -ENOMEM;
232 down_write(&tomoyo_globally_readable_list_lock); 228 mutex_lock(&tomoyo_policy_lock);
233 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) { 229 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) {
234 if (ptr->filename != saved_filename) 230 if (ptr->filename != saved_filename)
235 continue; 231 continue;
@@ -248,7 +244,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
248 list_add_tail_rcu(&new_entry->list, &tomoyo_globally_readable_list); 244 list_add_tail_rcu(&new_entry->list, &tomoyo_globally_readable_list);
249 error = 0; 245 error = 0;
250 out: 246 out:
251 up_write(&tomoyo_globally_readable_list_lock); 247 mutex_unlock(&tomoyo_policy_lock);
252 return error; 248 return error;
253} 249}
254 250
@@ -352,7 +348,6 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
352 * current process from accessing other process's information. 348 * current process from accessing other process's information.
353 */ 349 */
354static LIST_HEAD(tomoyo_pattern_list); 350static LIST_HEAD(tomoyo_pattern_list);
355static DECLARE_RWSEM(tomoyo_pattern_list_lock);
356 351
357/** 352/**
358 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list. 353 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
@@ -377,7 +372,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
377 saved_pattern = tomoyo_save_name(pattern); 372 saved_pattern = tomoyo_save_name(pattern);
378 if (!saved_pattern) 373 if (!saved_pattern)
379 return -ENOMEM; 374 return -ENOMEM;
380 down_write(&tomoyo_pattern_list_lock); 375 mutex_lock(&tomoyo_policy_lock);
381 list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) { 376 list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
382 if (saved_pattern != ptr->pattern) 377 if (saved_pattern != ptr->pattern)
383 continue; 378 continue;
@@ -396,7 +391,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
396 list_add_tail_rcu(&new_entry->list, &tomoyo_pattern_list); 391 list_add_tail_rcu(&new_entry->list, &tomoyo_pattern_list);
397 error = 0; 392 error = 0;
398 out: 393 out:
399 up_write(&tomoyo_pattern_list_lock); 394 mutex_unlock(&tomoyo_policy_lock);
400 return error; 395 return error;
401} 396}
402 397
@@ -505,7 +500,6 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
505 * need to worry whether the file is already unlink()ed or not. 500 * need to worry whether the file is already unlink()ed or not.
506 */ 501 */
507static LIST_HEAD(tomoyo_no_rewrite_list); 502static LIST_HEAD(tomoyo_no_rewrite_list);
508static DECLARE_RWSEM(tomoyo_no_rewrite_list_lock);
509 503
510/** 504/**
511 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list. 505 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.
@@ -529,7 +523,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
529 saved_pattern = tomoyo_save_name(pattern); 523 saved_pattern = tomoyo_save_name(pattern);
530 if (!saved_pattern) 524 if (!saved_pattern)
531 return -ENOMEM; 525 return -ENOMEM;
532 down_write(&tomoyo_no_rewrite_list_lock); 526 mutex_lock(&tomoyo_policy_lock);
533 list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) { 527 list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
534 if (ptr->pattern != saved_pattern) 528 if (ptr->pattern != saved_pattern)
535 continue; 529 continue;
@@ -548,7 +542,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
548 list_add_tail_rcu(&new_entry->list, &tomoyo_no_rewrite_list); 542 list_add_tail_rcu(&new_entry->list, &tomoyo_no_rewrite_list);
549 error = 0; 543 error = 0;
550 out: 544 out:
551 up_write(&tomoyo_no_rewrite_list_lock); 545 mutex_unlock(&tomoyo_policy_lock);
552 return error; 546 return error;
553} 547}
554 548
@@ -881,7 +875,7 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
881 saved_filename = tomoyo_save_name(filename); 875 saved_filename = tomoyo_save_name(filename);
882 if (!saved_filename) 876 if (!saved_filename)
883 return -ENOMEM; 877 return -ENOMEM;
884 down_write(&tomoyo_domain_acl_info_list_lock); 878 mutex_lock(&tomoyo_policy_lock);
885 if (is_delete) 879 if (is_delete)
886 goto delete; 880 goto delete;
887 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { 881 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
@@ -943,7 +937,7 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
943 break; 937 break;
944 } 938 }
945 out: 939 out:
946 up_write(&tomoyo_domain_acl_info_list_lock); 940 mutex_unlock(&tomoyo_policy_lock);
947 return error; 941 return error;
948} 942}
949 943
@@ -981,7 +975,7 @@ static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
981 saved_filename2 = tomoyo_save_name(filename2); 975 saved_filename2 = tomoyo_save_name(filename2);
982 if (!saved_filename1 || !saved_filename2) 976 if (!saved_filename1 || !saved_filename2)
983 return -ENOMEM; 977 return -ENOMEM;
984 down_write(&tomoyo_domain_acl_info_list_lock); 978 mutex_lock(&tomoyo_policy_lock);
985 if (is_delete) 979 if (is_delete)
986 goto delete; 980 goto delete;
987 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { 981 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
@@ -1027,7 +1021,7 @@ static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
1027 break; 1021 break;
1028 } 1022 }
1029 out: 1023 out:
1030 up_write(&tomoyo_domain_acl_info_list_lock); 1024 mutex_unlock(&tomoyo_policy_lock);
1031 return error; 1025 return error;
1032} 1026}
1033 1027