aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/common.c49
-rw-r--r--security/tomoyo/domain.c48
-rw-r--r--security/tomoyo/file.c35
-rw-r--r--security/tomoyo/realpath.c4
-rw-r--r--security/tomoyo/tomoyo.h13
5 files changed, 45 insertions, 104 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index ddfb9cccf468..6d2561276a7b 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -866,7 +866,6 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
866 866
867 if (profile >= TOMOYO_MAX_PROFILES) 867 if (profile >= TOMOYO_MAX_PROFILES)
868 return NULL; 868 return NULL;
869 /***** EXCLUSIVE SECTION START *****/
870 mutex_lock(&lock); 869 mutex_lock(&lock);
871 ptr = tomoyo_profile_ptr[profile]; 870 ptr = tomoyo_profile_ptr[profile];
872 if (ptr) 871 if (ptr)
@@ -880,7 +879,6 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
880 tomoyo_profile_ptr[profile] = ptr; 879 tomoyo_profile_ptr[profile] = ptr;
881 ok: 880 ok:
882 mutex_unlock(&lock); 881 mutex_unlock(&lock);
883 /***** EXCLUSIVE SECTION END *****/
884 return ptr; 882 return ptr;
885} 883}
886 884
@@ -1050,7 +1048,6 @@ static int tomoyo_update_manager_entry(const char *manager,
1050 saved_manager = tomoyo_save_name(manager); 1048 saved_manager = tomoyo_save_name(manager);
1051 if (!saved_manager) 1049 if (!saved_manager)
1052 return -ENOMEM; 1050 return -ENOMEM;
1053 /***** EXCLUSIVE SECTION START *****/
1054 down_write(&tomoyo_policy_manager_list_lock); 1051 down_write(&tomoyo_policy_manager_list_lock);
1055 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) { 1052 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
1056 if (ptr->manager != saved_manager) 1053 if (ptr->manager != saved_manager)
@@ -1072,7 +1069,6 @@ static int tomoyo_update_manager_entry(const char *manager,
1072 error = 0; 1069 error = 0;
1073 out: 1070 out:
1074 up_write(&tomoyo_policy_manager_list_lock); 1071 up_write(&tomoyo_policy_manager_list_lock);
1075 /***** EXCLUSIVE SECTION END *****/
1076 return error; 1072 return error;
1077} 1073}
1078 1074
@@ -1117,10 +1113,9 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
1117 list); 1113 list);
1118 if (ptr->is_deleted) 1114 if (ptr->is_deleted)
1119 continue; 1115 continue;
1120 if (!tomoyo_io_printf(head, "%s\n", ptr->manager->name)) { 1116 done = tomoyo_io_printf(head, "%s\n", ptr->manager->name);
1121 done = false; 1117 if (!done)
1122 break; 1118 break;
1123 }
1124 } 1119 }
1125 up_read(&tomoyo_policy_manager_list_lock); 1120 up_read(&tomoyo_policy_manager_list_lock);
1126 head->read_eof = done; 1121 head->read_eof = done;
@@ -1197,13 +1192,11 @@ static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
1197 1192
1198 if (sscanf(data, "pid=%u", &pid) == 1) { 1193 if (sscanf(data, "pid=%u", &pid) == 1) {
1199 struct task_struct *p; 1194 struct task_struct *p;
1200 /***** CRITICAL SECTION START *****/
1201 read_lock(&tasklist_lock); 1195 read_lock(&tasklist_lock);
1202 p = find_task_by_vpid(pid); 1196 p = find_task_by_vpid(pid);
1203 if (p) 1197 if (p)
1204 domain = tomoyo_real_domain(p); 1198 domain = tomoyo_real_domain(p);
1205 read_unlock(&tasklist_lock); 1199 read_unlock(&tasklist_lock);
1206 /***** CRITICAL SECTION END *****/
1207 } else if (!strncmp(data, "domain=", 7)) { 1200 } else if (!strncmp(data, "domain=", 7)) {
1208 if (tomoyo_is_domain_def(data + 7)) { 1201 if (tomoyo_is_domain_def(data + 7)) {
1209 down_read(&tomoyo_domain_list_lock); 1202 down_read(&tomoyo_domain_list_lock);
@@ -1447,15 +1440,14 @@ static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head)
1447 TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ) 1440 TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ)
1448 ignore_global_allow_read 1441 ignore_global_allow_read
1449 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n"; 1442 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n";
1450 if (!tomoyo_io_printf(head, 1443 done = tomoyo_io_printf(head, "%s\n" TOMOYO_KEYWORD_USE_PROFILE
1451 "%s\n" TOMOYO_KEYWORD_USE_PROFILE "%u\n" 1444 "%u\n%s%s%s\n",
1452 "%s%s%s\n", domain->domainname->name, 1445 domain->domainname->name,
1453 domain->profile, quota_exceeded, 1446 domain->profile, quota_exceeded,
1454 transition_failed, 1447 transition_failed,
1455 ignore_global_allow_read)) { 1448 ignore_global_allow_read);
1456 done = false; 1449 if (!done)
1457 break; 1450 break;
1458 }
1459 head->read_step = 2; 1451 head->read_step = 2;
1460acl_loop: 1452acl_loop:
1461 if (head->read_step == 3) 1453 if (head->read_step == 3)
@@ -1463,24 +1455,22 @@ acl_loop:
1463 /* Print ACL entries in the domain. */ 1455 /* Print ACL entries in the domain. */
1464 down_read(&tomoyo_domain_acl_info_list_lock); 1456 down_read(&tomoyo_domain_acl_info_list_lock);
1465 list_for_each_cookie(apos, head->read_var2, 1457 list_for_each_cookie(apos, head->read_var2,
1466 &domain->acl_info_list) { 1458 &domain->acl_info_list) {
1467 struct tomoyo_acl_info *ptr 1459 struct tomoyo_acl_info *ptr
1468 = list_entry(apos, struct tomoyo_acl_info, 1460 = list_entry(apos, struct tomoyo_acl_info,
1469 list); 1461 list);
1470 if (!tomoyo_print_entry(head, ptr)) { 1462 done = tomoyo_print_entry(head, ptr);
1471 done = false; 1463 if (!done)
1472 break; 1464 break;
1473 }
1474 } 1465 }
1475 up_read(&tomoyo_domain_acl_info_list_lock); 1466 up_read(&tomoyo_domain_acl_info_list_lock);
1476 if (!done) 1467 if (!done)
1477 break; 1468 break;
1478 head->read_step = 3; 1469 head->read_step = 3;
1479tail_mark: 1470tail_mark:
1480 if (!tomoyo_io_printf(head, "\n")) { 1471 done = tomoyo_io_printf(head, "\n");
1481 done = false; 1472 if (!done)
1482 break; 1473 break;
1483 }
1484 head->read_step = 1; 1474 head->read_step = 1;
1485 if (head->read_single_domain) 1475 if (head->read_single_domain)
1486 break; 1476 break;
@@ -1550,11 +1540,10 @@ static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1550 domain = list_entry(pos, struct tomoyo_domain_info, list); 1540 domain = list_entry(pos, struct tomoyo_domain_info, list);
1551 if (domain->is_deleted) 1541 if (domain->is_deleted)
1552 continue; 1542 continue;
1553 if (!tomoyo_io_printf(head, "%u %s\n", domain->profile, 1543 done = tomoyo_io_printf(head, "%u %s\n", domain->profile,
1554 domain->domainname->name)) { 1544 domain->domainname->name);
1555 done = false; 1545 if (!done)
1556 break; 1546 break;
1557 }
1558 } 1547 }
1559 up_read(&tomoyo_domain_list_lock); 1548 up_read(&tomoyo_domain_list_lock);
1560 head->read_eof = done; 1549 head->read_eof = done;
@@ -1594,13 +1583,11 @@ static int tomoyo_read_pid(struct tomoyo_io_buffer *head)
1594 const int pid = head->read_step; 1583 const int pid = head->read_step;
1595 struct task_struct *p; 1584 struct task_struct *p;
1596 struct tomoyo_domain_info *domain = NULL; 1585 struct tomoyo_domain_info *domain = NULL;
1597 /***** CRITICAL SECTION START *****/
1598 read_lock(&tasklist_lock); 1586 read_lock(&tasklist_lock);
1599 p = find_task_by_vpid(pid); 1587 p = find_task_by_vpid(pid);
1600 if (p) 1588 if (p)
1601 domain = tomoyo_real_domain(p); 1589 domain = tomoyo_real_domain(p);
1602 read_unlock(&tasklist_lock); 1590 read_unlock(&tasklist_lock);
1603 /***** CRITICAL SECTION END *****/
1604 if (domain) 1591 if (domain)
1605 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile, 1592 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile,
1606 domain->domainname->name); 1593 domain->domainname->name);
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 2d6748741a26..eb75401fd6b0 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -67,14 +67,12 @@ void tomoyo_set_domain_flag(struct tomoyo_domain_info *domain,
67{ 67{
68 /* We need to serialize because this is bitfield operation. */ 68 /* We need to serialize because this is bitfield operation. */
69 static DEFINE_SPINLOCK(lock); 69 static DEFINE_SPINLOCK(lock);
70 /***** CRITICAL SECTION START *****/
71 spin_lock(&lock); 70 spin_lock(&lock);
72 if (!is_delete) 71 if (!is_delete)
73 domain->flags |= flags; 72 domain->flags |= flags;
74 else 73 else
75 domain->flags &= ~flags; 74 domain->flags &= ~flags;
76 spin_unlock(&lock); 75 spin_unlock(&lock);
77 /***** CRITICAL SECTION END *****/
78} 76}
79 77
80/** 78/**
@@ -135,7 +133,6 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
135 saved_program = tomoyo_save_name(program); 133 saved_program = tomoyo_save_name(program);
136 if (!saved_program) 134 if (!saved_program)
137 return -ENOMEM; 135 return -ENOMEM;
138 /***** EXCLUSIVE SECTION START *****/
139 down_write(&tomoyo_domain_initializer_list_lock); 136 down_write(&tomoyo_domain_initializer_list_lock);
140 list_for_each_entry(ptr, &tomoyo_domain_initializer_list, list) { 137 list_for_each_entry(ptr, &tomoyo_domain_initializer_list, list) {
141 if (ptr->is_not != is_not || 138 if (ptr->is_not != is_not ||
@@ -161,7 +158,6 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
161 error = 0; 158 error = 0;
162 out: 159 out:
163 up_write(&tomoyo_domain_initializer_list_lock); 160 up_write(&tomoyo_domain_initializer_list_lock);
164 /***** EXCLUSIVE SECTION END *****/
165 return error; 161 return error;
166} 162}
167 163
@@ -193,13 +189,12 @@ bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head)
193 from = " from "; 189 from = " from ";
194 domain = ptr->domainname->name; 190 domain = ptr->domainname->name;
195 } 191 }
196 if (!tomoyo_io_printf(head, 192 done = tomoyo_io_printf(head,
197 "%s" TOMOYO_KEYWORD_INITIALIZE_DOMAIN 193 "%s" TOMOYO_KEYWORD_INITIALIZE_DOMAIN
198 "%s%s%s\n", no, ptr->program->name, from, 194 "%s%s%s\n", no, ptr->program->name,
199 domain)) { 195 from, domain);
200 done = false; 196 if (!done)
201 break; 197 break;
202 }
203 } 198 }
204 up_read(&tomoyo_domain_initializer_list_lock); 199 up_read(&tomoyo_domain_initializer_list_lock);
205 return done; 200 return done;
@@ -296,7 +291,6 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
296 struct tomoyo_domain_keeper_entry *ptr; 291 struct tomoyo_domain_keeper_entry *ptr;
297 const struct tomoyo_path_info *saved_domainname; 292 const struct tomoyo_path_info *saved_domainname;
298 const struct tomoyo_path_info *saved_program = NULL; 293 const struct tomoyo_path_info *saved_program = NULL;
299 static DEFINE_MUTEX(lock);
300 int error = -ENOMEM; 294 int error = -ENOMEM;
301 bool is_last_name = false; 295 bool is_last_name = false;
302 296
@@ -315,7 +309,6 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
315 saved_domainname = tomoyo_save_name(domainname); 309 saved_domainname = tomoyo_save_name(domainname);
316 if (!saved_domainname) 310 if (!saved_domainname)
317 return -ENOMEM; 311 return -ENOMEM;
318 /***** EXCLUSIVE SECTION START *****/
319 down_write(&tomoyo_domain_keeper_list_lock); 312 down_write(&tomoyo_domain_keeper_list_lock);
320 list_for_each_entry(ptr, &tomoyo_domain_keeper_list, list) { 313 list_for_each_entry(ptr, &tomoyo_domain_keeper_list, list) {
321 if (ptr->is_not != is_not || 314 if (ptr->is_not != is_not ||
@@ -341,7 +334,6 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
341 error = 0; 334 error = 0;
342 out: 335 out:
343 up_write(&tomoyo_domain_keeper_list_lock); 336 up_write(&tomoyo_domain_keeper_list_lock);
344 /***** EXCLUSIVE SECTION END *****/
345 return error; 337 return error;
346} 338}
347 339
@@ -394,13 +386,12 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
394 from = " from "; 386 from = " from ";
395 program = ptr->program->name; 387 program = ptr->program->name;
396 } 388 }
397 if (!tomoyo_io_printf(head, 389 done = tomoyo_io_printf(head,
398 "%s" TOMOYO_KEYWORD_KEEP_DOMAIN 390 "%s" TOMOYO_KEYWORD_KEEP_DOMAIN
399 "%s%s%s\n", no, program, from, 391 "%s%s%s\n", no, program, from,
400 ptr->domainname->name)) { 392 ptr->domainname->name);
401 done = false; 393 if (!done)
402 break; 394 break;
403 }
404 } 395 }
405 up_read(&tomoyo_domain_keeper_list_lock); 396 up_read(&tomoyo_domain_keeper_list_lock);
406 return done; 397 return done;
@@ -476,7 +467,6 @@ static int tomoyo_update_alias_entry(const char *original_name,
476 saved_aliased_name = tomoyo_save_name(aliased_name); 467 saved_aliased_name = tomoyo_save_name(aliased_name);
477 if (!saved_original_name || !saved_aliased_name) 468 if (!saved_original_name || !saved_aliased_name)
478 return -ENOMEM; 469 return -ENOMEM;
479 /***** EXCLUSIVE SECTION START *****/
480 down_write(&tomoyo_alias_list_lock); 470 down_write(&tomoyo_alias_list_lock);
481 list_for_each_entry(ptr, &tomoyo_alias_list, list) { 471 list_for_each_entry(ptr, &tomoyo_alias_list, list) {
482 if (ptr->original_name != saved_original_name || 472 if (ptr->original_name != saved_original_name ||
@@ -499,7 +489,6 @@ static int tomoyo_update_alias_entry(const char *original_name,
499 error = 0; 489 error = 0;
500 out: 490 out:
501 up_write(&tomoyo_alias_list_lock); 491 up_write(&tomoyo_alias_list_lock);
502 /***** EXCLUSIVE SECTION END *****/
503 return error; 492 return error;
504} 493}
505 494
@@ -522,12 +511,11 @@ bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head)
522 ptr = list_entry(pos, struct tomoyo_alias_entry, list); 511 ptr = list_entry(pos, struct tomoyo_alias_entry, list);
523 if (ptr->is_deleted) 512 if (ptr->is_deleted)
524 continue; 513 continue;
525 if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_ALIAS "%s %s\n", 514 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALIAS "%s %s\n",
526 ptr->original_name->name, 515 ptr->original_name->name,
527 ptr->aliased_name->name)) { 516 ptr->aliased_name->name);
528 done = false; 517 if (!done)
529 break; 518 break;
530 }
531 } 519 }
532 up_read(&tomoyo_alias_list_lock); 520 up_read(&tomoyo_alias_list_lock);
533 return done; 521 return done;
@@ -567,7 +555,6 @@ int tomoyo_delete_domain(char *domainname)
567 555
568 name.name = domainname; 556 name.name = domainname;
569 tomoyo_fill_path_info(&name); 557 tomoyo_fill_path_info(&name);
570 /***** EXCLUSIVE SECTION START *****/
571 down_write(&tomoyo_domain_list_lock); 558 down_write(&tomoyo_domain_list_lock);
572 /* Is there an active domain? */ 559 /* Is there an active domain? */
573 list_for_each_entry(domain, &tomoyo_domain_list, list) { 560 list_for_each_entry(domain, &tomoyo_domain_list, list) {
@@ -581,7 +568,6 @@ int tomoyo_delete_domain(char *domainname)
581 break; 568 break;
582 } 569 }
583 up_write(&tomoyo_domain_list_lock); 570 up_write(&tomoyo_domain_list_lock);
584 /***** EXCLUSIVE SECTION END *****/
585 return 0; 571 return 0;
586} 572}
587 573
@@ -600,7 +586,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
600 struct tomoyo_domain_info *domain = NULL; 586 struct tomoyo_domain_info *domain = NULL;
601 const struct tomoyo_path_info *saved_domainname; 587 const struct tomoyo_path_info *saved_domainname;
602 588
603 /***** EXCLUSIVE SECTION START *****/
604 down_write(&tomoyo_domain_list_lock); 589 down_write(&tomoyo_domain_list_lock);
605 domain = tomoyo_find_domain(domainname); 590 domain = tomoyo_find_domain(domainname);
606 if (domain) 591 if (domain)
@@ -619,7 +604,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
619 domain->domainname != saved_domainname) 604 domain->domainname != saved_domainname)
620 continue; 605 continue;
621 flag = false; 606 flag = false;
622 /***** CRITICAL SECTION START *****/
623 read_lock(&tasklist_lock); 607 read_lock(&tasklist_lock);
624 for_each_process(p) { 608 for_each_process(p) {
625 if (tomoyo_real_domain(p) != domain) 609 if (tomoyo_real_domain(p) != domain)
@@ -628,7 +612,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
628 break; 612 break;
629 } 613 }
630 read_unlock(&tasklist_lock); 614 read_unlock(&tasklist_lock);
631 /***** CRITICAL SECTION END *****/
632 if (flag) 615 if (flag)
633 continue; 616 continue;
634 list_for_each_entry(ptr, &domain->acl_info_list, list) { 617 list_for_each_entry(ptr, &domain->acl_info_list, list) {
@@ -651,7 +634,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
651 } 634 }
652 out: 635 out:
653 up_write(&tomoyo_domain_list_lock); 636 up_write(&tomoyo_domain_list_lock);
654 /***** EXCLUSIVE SECTION END *****/
655 return domain; 637 return domain;
656} 638}
657 639
@@ -739,7 +721,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm,
739 } 721 }
740 722
741 /* Check execute permission. */ 723 /* Check execute permission. */
742 retval = tomoyo_check_exec_perm(old_domain, &r, tmp); 724 retval = tomoyo_check_exec_perm(old_domain, &r);
743 if (retval < 0) 725 if (retval < 0)
744 goto out; 726 goto out;
745 727
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 2316da8ec5bc..ab0cd3538510 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -166,7 +166,6 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
166 saved_filename = tomoyo_save_name(filename); 166 saved_filename = tomoyo_save_name(filename);
167 if (!saved_filename) 167 if (!saved_filename)
168 return -ENOMEM; 168 return -ENOMEM;
169 /***** EXCLUSIVE SECTION START *****/
170 down_write(&tomoyo_globally_readable_list_lock); 169 down_write(&tomoyo_globally_readable_list_lock);
171 list_for_each_entry(ptr, &tomoyo_globally_readable_list, list) { 170 list_for_each_entry(ptr, &tomoyo_globally_readable_list, list) {
172 if (ptr->filename != saved_filename) 171 if (ptr->filename != saved_filename)
@@ -187,7 +186,6 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
187 error = 0; 186 error = 0;
188 out: 187 out:
189 up_write(&tomoyo_globally_readable_list_lock); 188 up_write(&tomoyo_globally_readable_list_lock);
190 /***** EXCLUSIVE SECTION END *****/
191 return error; 189 return error;
192} 190}
193 191
@@ -249,11 +247,10 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
249 list); 247 list);
250 if (ptr->is_deleted) 248 if (ptr->is_deleted)
251 continue; 249 continue;
252 if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_ALLOW_READ "%s\n", 250 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALLOW_READ "%s\n",
253 ptr->filename->name)) { 251 ptr->filename->name);
254 done = false; 252 if (!done)
255 break; 253 break;
256 }
257 } 254 }
258 up_read(&tomoyo_globally_readable_list_lock); 255 up_read(&tomoyo_globally_readable_list_lock);
259 return done; 256 return done;
@@ -284,7 +281,6 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
284 saved_pattern = tomoyo_save_name(pattern); 281 saved_pattern = tomoyo_save_name(pattern);
285 if (!saved_pattern) 282 if (!saved_pattern)
286 return -ENOMEM; 283 return -ENOMEM;
287 /***** EXCLUSIVE SECTION START *****/
288 down_write(&tomoyo_pattern_list_lock); 284 down_write(&tomoyo_pattern_list_lock);
289 list_for_each_entry(ptr, &tomoyo_pattern_list, list) { 285 list_for_each_entry(ptr, &tomoyo_pattern_list, list) {
290 if (saved_pattern != ptr->pattern) 286 if (saved_pattern != ptr->pattern)
@@ -305,7 +301,6 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
305 error = 0; 301 error = 0;
306 out: 302 out:
307 up_write(&tomoyo_pattern_list_lock); 303 up_write(&tomoyo_pattern_list_lock);
308 /***** EXCLUSIVE SECTION END *****/
309 return error; 304 return error;
310} 305}
311 306
@@ -373,11 +368,10 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
373 ptr = list_entry(pos, struct tomoyo_pattern_entry, list); 368 ptr = list_entry(pos, struct tomoyo_pattern_entry, list);
374 if (ptr->is_deleted) 369 if (ptr->is_deleted)
375 continue; 370 continue;
376 if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_FILE_PATTERN "%s\n", 371 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_FILE_PATTERN
377 ptr->pattern->name)) { 372 "%s\n", ptr->pattern->name);
378 done = false; 373 if (!done)
379 break; 374 break;
380 }
381 } 375 }
382 up_read(&tomoyo_pattern_list_lock); 376 up_read(&tomoyo_pattern_list_lock);
383 return done; 377 return done;
@@ -407,7 +401,6 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
407 saved_pattern = tomoyo_save_name(pattern); 401 saved_pattern = tomoyo_save_name(pattern);
408 if (!saved_pattern) 402 if (!saved_pattern)
409 return -ENOMEM; 403 return -ENOMEM;
410 /***** EXCLUSIVE SECTION START *****/
411 down_write(&tomoyo_no_rewrite_list_lock); 404 down_write(&tomoyo_no_rewrite_list_lock);
412 list_for_each_entry(ptr, &tomoyo_no_rewrite_list, list) { 405 list_for_each_entry(ptr, &tomoyo_no_rewrite_list, list) {
413 if (ptr->pattern != saved_pattern) 406 if (ptr->pattern != saved_pattern)
@@ -428,7 +421,6 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
428 error = 0; 421 error = 0;
429 out: 422 out:
430 up_write(&tomoyo_no_rewrite_list_lock); 423 up_write(&tomoyo_no_rewrite_list_lock);
431 /***** EXCLUSIVE SECTION END *****/
432 return error; 424 return error;
433} 425}
434 426
@@ -489,11 +481,10 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
489 ptr = list_entry(pos, struct tomoyo_no_rewrite_entry, list); 481 ptr = list_entry(pos, struct tomoyo_no_rewrite_entry, list);
490 if (ptr->is_deleted) 482 if (ptr->is_deleted)
491 continue; 483 continue;
492 if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_DENY_REWRITE "%s\n", 484 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_DENY_REWRITE
493 ptr->pattern->name)) { 485 "%s\n", ptr->pattern->name);
494 done = false; 486 if (!done)
495 break; 487 break;
496 }
497 } 488 }
498 up_read(&tomoyo_no_rewrite_list_lock); 489 up_read(&tomoyo_no_rewrite_list_lock);
499 return done; 490 return done;
@@ -745,7 +736,6 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
745 saved_filename = tomoyo_save_name(filename); 736 saved_filename = tomoyo_save_name(filename);
746 if (!saved_filename) 737 if (!saved_filename)
747 return -ENOMEM; 738 return -ENOMEM;
748 /***** EXCLUSIVE SECTION START *****/
749 down_write(&tomoyo_domain_acl_info_list_lock); 739 down_write(&tomoyo_domain_acl_info_list_lock);
750 if (is_delete) 740 if (is_delete)
751 goto delete; 741 goto delete;
@@ -800,7 +790,6 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
800 } 790 }
801 out: 791 out:
802 up_write(&tomoyo_domain_acl_info_list_lock); 792 up_write(&tomoyo_domain_acl_info_list_lock);
803 /***** EXCLUSIVE SECTION END *****/
804 return error; 793 return error;
805} 794}
806 795
@@ -836,7 +825,6 @@ static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
836 saved_filename2 = tomoyo_save_name(filename2); 825 saved_filename2 = tomoyo_save_name(filename2);
837 if (!saved_filename1 || !saved_filename2) 826 if (!saved_filename1 || !saved_filename2)
838 return -ENOMEM; 827 return -ENOMEM;
839 /***** EXCLUSIVE SECTION START *****/
840 down_write(&tomoyo_domain_acl_info_list_lock); 828 down_write(&tomoyo_domain_acl_info_list_lock);
841 if (is_delete) 829 if (is_delete)
842 goto delete; 830 goto delete;
@@ -884,7 +872,6 @@ static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
884 } 872 }
885 out: 873 out:
886 up_write(&tomoyo_domain_acl_info_list_lock); 874 up_write(&tomoyo_domain_acl_info_list_lock);
887 /***** EXCLUSIVE SECTION END *****/
888 return error; 875 return error;
889} 876}
890 877
@@ -1025,13 +1012,11 @@ int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
1025 * 1012 *
1026 * @domain: Pointer to "struct tomoyo_domain_info". 1013 * @domain: Pointer to "struct tomoyo_domain_info".
1027 * @filename: Check permission for "execute". 1014 * @filename: Check permission for "execute".
1028 * @tmp: Buffer for temporary use.
1029 * 1015 *
1030 * Returns 0 on success, negativevalue otherwise. 1016 * Returns 0 on success, negativevalue otherwise.
1031 */ 1017 */
1032int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, 1018int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
1033 const struct tomoyo_path_info *filename, 1019 const struct tomoyo_path_info *filename)
1034 struct tomoyo_page_buffer *tmp)
1035{ 1020{
1036 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE); 1021 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1037 1022
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 40927a84cb6e..3948f6b56ae2 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -220,7 +220,6 @@ void *tomoyo_alloc_element(const unsigned int size)
220 = roundup(size, max(sizeof(void *), sizeof(long))); 220 = roundup(size, max(sizeof(void *), sizeof(long)));
221 if (word_aligned_size > PATH_MAX) 221 if (word_aligned_size > PATH_MAX)
222 return NULL; 222 return NULL;
223 /***** EXCLUSIVE SECTION START *****/
224 mutex_lock(&lock); 223 mutex_lock(&lock);
225 if (buf_used_len + word_aligned_size > PATH_MAX) { 224 if (buf_used_len + word_aligned_size > PATH_MAX) {
226 if (!tomoyo_quota_for_elements || 225 if (!tomoyo_quota_for_elements ||
@@ -251,7 +250,6 @@ void *tomoyo_alloc_element(const unsigned int size)
251 } 250 }
252 } 251 }
253 mutex_unlock(&lock); 252 mutex_unlock(&lock);
254 /***** EXCLUSIVE SECTION END *****/
255 return ptr; 253 return ptr;
256} 254}
257 255
@@ -318,7 +316,6 @@ const struct tomoyo_path_info *tomoyo_save_name(const char *name)
318 return NULL; 316 return NULL;
319 } 317 }
320 hash = full_name_hash((const unsigned char *) name, len - 1); 318 hash = full_name_hash((const unsigned char *) name, len - 1);
321 /***** EXCLUSIVE SECTION START *****/
322 mutex_lock(&lock); 319 mutex_lock(&lock);
323 list_for_each_entry(ptr, &tomoyo_name_list[hash % TOMOYO_MAX_HASH], 320 list_for_each_entry(ptr, &tomoyo_name_list[hash % TOMOYO_MAX_HASH],
324 list) { 321 list) {
@@ -366,7 +363,6 @@ const struct tomoyo_path_info *tomoyo_save_name(const char *name)
366 } 363 }
367 out: 364 out:
368 mutex_unlock(&lock); 365 mutex_unlock(&lock);
369 /***** EXCLUSIVE SECTION END *****/
370 return ptr ? &ptr->entry : NULL; 366 return ptr ? &ptr->entry : NULL;
371} 367}
372 368
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h
index 41c6ebafb9c5..0fd588a629cf 100644
--- a/security/tomoyo/tomoyo.h
+++ b/security/tomoyo/tomoyo.h
@@ -17,13 +17,11 @@ struct path;
17struct inode; 17struct inode;
18struct linux_binprm; 18struct linux_binprm;
19struct pt_regs; 19struct pt_regs;
20struct tomoyo_page_buffer;
21 20
22int tomoyo_check_file_perm(struct tomoyo_domain_info *domain, 21int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
23 const char *filename, const u8 perm); 22 const char *filename, const u8 perm);
24int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, 23int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
25 const struct tomoyo_path_info *filename, 24 const struct tomoyo_path_info *filename);
26 struct tomoyo_page_buffer *buf);
27int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, 25int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
28 struct path *path, const int flag); 26 struct path *path, const int flag);
29int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, 27int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
@@ -90,17 +88,10 @@ static inline struct tomoyo_domain_info *tomoyo_domain(void)
90 return current_cred()->security; 88 return current_cred()->security;
91} 89}
92 90
93/* Caller holds tasklist_lock spinlock. */
94static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct 91static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
95 *task) 92 *task)
96{ 93{
97 /***** CRITICAL SECTION START *****/ 94 return task_cred_xxx(task, security);
98 const struct cred *cred = get_task_cred(task);
99 struct tomoyo_domain_info *domain = cred->security;
100
101 put_cred(cred);
102 return domain;
103 /***** CRITICAL SECTION END *****/
104} 95}
105 96
106#endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */ 97#endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-09 05:54:18 -0500