aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/common.c8
-rw-r--r--security/tomoyo/domain.c14
-rw-r--r--security/tomoyo/file.c10
-rw-r--r--security/tomoyo/realpath.c4
4 files changed, 0 insertions, 36 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index ddfb9cccf468..a42fe02c6144 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -866,7 +866,6 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
866 866
867 if (profile >= TOMOYO_MAX_PROFILES) 867 if (profile >= TOMOYO_MAX_PROFILES)
868 return NULL; 868 return NULL;
869 /***** EXCLUSIVE SECTION START *****/
870 mutex_lock(&lock); 869 mutex_lock(&lock);
871 ptr = tomoyo_profile_ptr[profile]; 870 ptr = tomoyo_profile_ptr[profile];
872 if (ptr) 871 if (ptr)
@@ -880,7 +879,6 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
880 tomoyo_profile_ptr[profile] = ptr; 879 tomoyo_profile_ptr[profile] = ptr;
881 ok: 880 ok:
882 mutex_unlock(&lock); 881 mutex_unlock(&lock);
883 /***** EXCLUSIVE SECTION END *****/
884 return ptr; 882 return ptr;
885} 883}
886 884
@@ -1050,7 +1048,6 @@ static int tomoyo_update_manager_entry(const char *manager,
1050 saved_manager = tomoyo_save_name(manager); 1048 saved_manager = tomoyo_save_name(manager);
1051 if (!saved_manager) 1049 if (!saved_manager)
1052 return -ENOMEM; 1050 return -ENOMEM;
1053 /***** EXCLUSIVE SECTION START *****/
1054 down_write(&tomoyo_policy_manager_list_lock); 1051 down_write(&tomoyo_policy_manager_list_lock);
1055 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) { 1052 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
1056 if (ptr->manager != saved_manager) 1053 if (ptr->manager != saved_manager)
@@ -1072,7 +1069,6 @@ static int tomoyo_update_manager_entry(const char *manager,
1072 error = 0; 1069 error = 0;
1073 out: 1070 out:
1074 up_write(&tomoyo_policy_manager_list_lock); 1071 up_write(&tomoyo_policy_manager_list_lock);
1075 /***** EXCLUSIVE SECTION END *****/
1076 return error; 1072 return error;
1077} 1073}
1078 1074
@@ -1197,13 +1193,11 @@ static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
1197 1193
1198 if (sscanf(data, "pid=%u", &pid) == 1) { 1194 if (sscanf(data, "pid=%u", &pid) == 1) {
1199 struct task_struct *p; 1195 struct task_struct *p;
1200 /***** CRITICAL SECTION START *****/
1201 read_lock(&tasklist_lock); 1196 read_lock(&tasklist_lock);
1202 p = find_task_by_vpid(pid); 1197 p = find_task_by_vpid(pid);
1203 if (p) 1198 if (p)
1204 domain = tomoyo_real_domain(p); 1199 domain = tomoyo_real_domain(p);
1205 read_unlock(&tasklist_lock); 1200 read_unlock(&tasklist_lock);
1206 /***** CRITICAL SECTION END *****/
1207 } else if (!strncmp(data, "domain=", 7)) { 1201 } else if (!strncmp(data, "domain=", 7)) {
1208 if (tomoyo_is_domain_def(data + 7)) { 1202 if (tomoyo_is_domain_def(data + 7)) {
1209 down_read(&tomoyo_domain_list_lock); 1203 down_read(&tomoyo_domain_list_lock);
@@ -1594,13 +1588,11 @@ static int tomoyo_read_pid(struct tomoyo_io_buffer *head)
1594 const int pid = head->read_step; 1588 const int pid = head->read_step;
1595 struct task_struct *p; 1589 struct task_struct *p;
1596 struct tomoyo_domain_info *domain = NULL; 1590 struct tomoyo_domain_info *domain = NULL;
1597 /***** CRITICAL SECTION START *****/
1598 read_lock(&tasklist_lock); 1591 read_lock(&tasklist_lock);
1599 p = find_task_by_vpid(pid); 1592 p = find_task_by_vpid(pid);
1600 if (p) 1593 if (p)
1601 domain = tomoyo_real_domain(p); 1594 domain = tomoyo_real_domain(p);
1602 read_unlock(&tasklist_lock); 1595 read_unlock(&tasklist_lock);
1603 /***** CRITICAL SECTION END *****/
1604 if (domain) 1596 if (domain)
1605 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile, 1597 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile,
1606 domain->domainname->name); 1598 domain->domainname->name);
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index ee43631f049b..aa119ca5a782 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -67,14 +67,12 @@ void tomoyo_set_domain_flag(struct tomoyo_domain_info *domain,
67{ 67{
68 /* We need to serialize because this is bitfield operation. */ 68 /* We need to serialize because this is bitfield operation. */
69 static DEFINE_SPINLOCK(lock); 69 static DEFINE_SPINLOCK(lock);
70 /***** CRITICAL SECTION START *****/
71 spin_lock(&lock); 70 spin_lock(&lock);
72 if (!is_delete) 71 if (!is_delete)
73 domain->flags |= flags; 72 domain->flags |= flags;
74 else 73 else
75 domain->flags &= ~flags; 74 domain->flags &= ~flags;
76 spin_unlock(&lock); 75 spin_unlock(&lock);
77 /***** CRITICAL SECTION END *****/
78} 76}
79 77
80/** 78/**
@@ -135,7 +133,6 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
135 saved_program = tomoyo_save_name(program); 133 saved_program = tomoyo_save_name(program);
136 if (!saved_program) 134 if (!saved_program)
137 return -ENOMEM; 135 return -ENOMEM;
138 /***** EXCLUSIVE SECTION START *****/
139 down_write(&tomoyo_domain_initializer_list_lock); 136 down_write(&tomoyo_domain_initializer_list_lock);
140 list_for_each_entry(ptr, &tomoyo_domain_initializer_list, list) { 137 list_for_each_entry(ptr, &tomoyo_domain_initializer_list, list) {
141 if (ptr->is_not != is_not || 138 if (ptr->is_not != is_not ||
@@ -161,7 +158,6 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
161 error = 0; 158 error = 0;
162 out: 159 out:
163 up_write(&tomoyo_domain_initializer_list_lock); 160 up_write(&tomoyo_domain_initializer_list_lock);
164 /***** EXCLUSIVE SECTION END *****/
165 return error; 161 return error;
166} 162}
167 163
@@ -314,7 +310,6 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
314 saved_domainname = tomoyo_save_name(domainname); 310 saved_domainname = tomoyo_save_name(domainname);
315 if (!saved_domainname) 311 if (!saved_domainname)
316 return -ENOMEM; 312 return -ENOMEM;
317 /***** EXCLUSIVE SECTION START *****/
318 down_write(&tomoyo_domain_keeper_list_lock); 313 down_write(&tomoyo_domain_keeper_list_lock);
319 list_for_each_entry(ptr, &tomoyo_domain_keeper_list, list) { 314 list_for_each_entry(ptr, &tomoyo_domain_keeper_list, list) {
320 if (ptr->is_not != is_not || 315 if (ptr->is_not != is_not ||
@@ -340,7 +335,6 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
340 error = 0; 335 error = 0;
341 out: 336 out:
342 up_write(&tomoyo_domain_keeper_list_lock); 337 up_write(&tomoyo_domain_keeper_list_lock);
343 /***** EXCLUSIVE SECTION END *****/
344 return error; 338 return error;
345} 339}
346 340
@@ -475,7 +469,6 @@ static int tomoyo_update_alias_entry(const char *original_name,
475 saved_aliased_name = tomoyo_save_name(aliased_name); 469 saved_aliased_name = tomoyo_save_name(aliased_name);
476 if (!saved_original_name || !saved_aliased_name) 470 if (!saved_original_name || !saved_aliased_name)
477 return -ENOMEM; 471 return -ENOMEM;
478 /***** EXCLUSIVE SECTION START *****/
479 down_write(&tomoyo_alias_list_lock); 472 down_write(&tomoyo_alias_list_lock);
480 list_for_each_entry(ptr, &tomoyo_alias_list, list) { 473 list_for_each_entry(ptr, &tomoyo_alias_list, list) {
481 if (ptr->original_name != saved_original_name || 474 if (ptr->original_name != saved_original_name ||
@@ -498,7 +491,6 @@ static int tomoyo_update_alias_entry(const char *original_name,
498 error = 0; 491 error = 0;
499 out: 492 out:
500 up_write(&tomoyo_alias_list_lock); 493 up_write(&tomoyo_alias_list_lock);
501 /***** EXCLUSIVE SECTION END *****/
502 return error; 494 return error;
503} 495}
504 496
@@ -566,7 +558,6 @@ int tomoyo_delete_domain(char *domainname)
566 558
567 name.name = domainname; 559 name.name = domainname;
568 tomoyo_fill_path_info(&name); 560 tomoyo_fill_path_info(&name);
569 /***** EXCLUSIVE SECTION START *****/
570 down_write(&tomoyo_domain_list_lock); 561 down_write(&tomoyo_domain_list_lock);
571 /* Is there an active domain? */ 562 /* Is there an active domain? */
572 list_for_each_entry(domain, &tomoyo_domain_list, list) { 563 list_for_each_entry(domain, &tomoyo_domain_list, list) {
@@ -580,7 +571,6 @@ int tomoyo_delete_domain(char *domainname)
580 break; 571 break;
581 } 572 }
582 up_write(&tomoyo_domain_list_lock); 573 up_write(&tomoyo_domain_list_lock);
583 /***** EXCLUSIVE SECTION END *****/
584 return 0; 574 return 0;
585} 575}
586 576
@@ -599,7 +589,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
599 struct tomoyo_domain_info *domain = NULL; 589 struct tomoyo_domain_info *domain = NULL;
600 const struct tomoyo_path_info *saved_domainname; 590 const struct tomoyo_path_info *saved_domainname;
601 591
602 /***** EXCLUSIVE SECTION START *****/
603 down_write(&tomoyo_domain_list_lock); 592 down_write(&tomoyo_domain_list_lock);
604 domain = tomoyo_find_domain(domainname); 593 domain = tomoyo_find_domain(domainname);
605 if (domain) 594 if (domain)
@@ -618,7 +607,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
618 domain->domainname != saved_domainname) 607 domain->domainname != saved_domainname)
619 continue; 608 continue;
620 flag = false; 609 flag = false;
621 /***** CRITICAL SECTION START *****/
622 read_lock(&tasklist_lock); 610 read_lock(&tasklist_lock);
623 for_each_process(p) { 611 for_each_process(p) {
624 if (tomoyo_real_domain(p) != domain) 612 if (tomoyo_real_domain(p) != domain)
@@ -627,7 +615,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
627 break; 615 break;
628 } 616 }
629 read_unlock(&tasklist_lock); 617 read_unlock(&tasklist_lock);
630 /***** CRITICAL SECTION END *****/
631 if (flag) 618 if (flag)
632 continue; 619 continue;
633 list_for_each_entry(ptr, &domain->acl_info_list, list) { 620 list_for_each_entry(ptr, &domain->acl_info_list, list) {
@@ -650,7 +637,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
650 } 637 }
651 out: 638 out:
652 up_write(&tomoyo_domain_list_lock); 639 up_write(&tomoyo_domain_list_lock);
653 /***** EXCLUSIVE SECTION END *****/
654 return domain; 640 return domain;
655} 641}
656 642
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 2316da8ec5bc..adf786d7421d 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -166,7 +166,6 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
166 saved_filename = tomoyo_save_name(filename); 166 saved_filename = tomoyo_save_name(filename);
167 if (!saved_filename) 167 if (!saved_filename)
168 return -ENOMEM; 168 return -ENOMEM;
169 /***** EXCLUSIVE SECTION START *****/
170 down_write(&tomoyo_globally_readable_list_lock); 169 down_write(&tomoyo_globally_readable_list_lock);
171 list_for_each_entry(ptr, &tomoyo_globally_readable_list, list) { 170 list_for_each_entry(ptr, &tomoyo_globally_readable_list, list) {
172 if (ptr->filename != saved_filename) 171 if (ptr->filename != saved_filename)
@@ -187,7 +186,6 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
187 error = 0; 186 error = 0;
188 out: 187 out:
189 up_write(&tomoyo_globally_readable_list_lock); 188 up_write(&tomoyo_globally_readable_list_lock);
190 /***** EXCLUSIVE SECTION END *****/
191 return error; 189 return error;
192} 190}
193 191
@@ -284,7 +282,6 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
284 saved_pattern = tomoyo_save_name(pattern); 282 saved_pattern = tomoyo_save_name(pattern);
285 if (!saved_pattern) 283 if (!saved_pattern)
286 return -ENOMEM; 284 return -ENOMEM;
287 /***** EXCLUSIVE SECTION START *****/
288 down_write(&tomoyo_pattern_list_lock); 285 down_write(&tomoyo_pattern_list_lock);
289 list_for_each_entry(ptr, &tomoyo_pattern_list, list) { 286 list_for_each_entry(ptr, &tomoyo_pattern_list, list) {
290 if (saved_pattern != ptr->pattern) 287 if (saved_pattern != ptr->pattern)
@@ -305,7 +302,6 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
305 error = 0; 302 error = 0;
306 out: 303 out:
307 up_write(&tomoyo_pattern_list_lock); 304 up_write(&tomoyo_pattern_list_lock);
308 /***** EXCLUSIVE SECTION END *****/
309 return error; 305 return error;
310} 306}
311 307
@@ -407,7 +403,6 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
407 saved_pattern = tomoyo_save_name(pattern); 403 saved_pattern = tomoyo_save_name(pattern);
408 if (!saved_pattern) 404 if (!saved_pattern)
409 return -ENOMEM; 405 return -ENOMEM;
410 /***** EXCLUSIVE SECTION START *****/
411 down_write(&tomoyo_no_rewrite_list_lock); 406 down_write(&tomoyo_no_rewrite_list_lock);
412 list_for_each_entry(ptr, &tomoyo_no_rewrite_list, list) { 407 list_for_each_entry(ptr, &tomoyo_no_rewrite_list, list) {
413 if (ptr->pattern != saved_pattern) 408 if (ptr->pattern != saved_pattern)
@@ -428,7 +423,6 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
428 error = 0; 423 error = 0;
429 out: 424 out:
430 up_write(&tomoyo_no_rewrite_list_lock); 425 up_write(&tomoyo_no_rewrite_list_lock);
431 /***** EXCLUSIVE SECTION END *****/
432 return error; 426 return error;
433} 427}
434 428
@@ -745,7 +739,6 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
745 saved_filename = tomoyo_save_name(filename); 739 saved_filename = tomoyo_save_name(filename);
746 if (!saved_filename) 740 if (!saved_filename)
747 return -ENOMEM; 741 return -ENOMEM;
748 /***** EXCLUSIVE SECTION START *****/
749 down_write(&tomoyo_domain_acl_info_list_lock); 742 down_write(&tomoyo_domain_acl_info_list_lock);
750 if (is_delete) 743 if (is_delete)
751 goto delete; 744 goto delete;
@@ -800,7 +793,6 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
800 } 793 }
801 out: 794 out:
802 up_write(&tomoyo_domain_acl_info_list_lock); 795 up_write(&tomoyo_domain_acl_info_list_lock);
803 /***** EXCLUSIVE SECTION END *****/
804 return error; 796 return error;
805} 797}
806 798
@@ -836,7 +828,6 @@ static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
836 saved_filename2 = tomoyo_save_name(filename2); 828 saved_filename2 = tomoyo_save_name(filename2);
837 if (!saved_filename1 || !saved_filename2) 829 if (!saved_filename1 || !saved_filename2)
838 return -ENOMEM; 830 return -ENOMEM;
839 /***** EXCLUSIVE SECTION START *****/
840 down_write(&tomoyo_domain_acl_info_list_lock); 831 down_write(&tomoyo_domain_acl_info_list_lock);
841 if (is_delete) 832 if (is_delete)
842 goto delete; 833 goto delete;
@@ -884,7 +875,6 @@ static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
884 } 875 }
885 out: 876 out:
886 up_write(&tomoyo_domain_acl_info_list_lock); 877 up_write(&tomoyo_domain_acl_info_list_lock);
887 /***** EXCLUSIVE SECTION END *****/
888 return error; 878 return error;
889} 879}
890 880
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 40927a84cb6e..3948f6b56ae2 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -220,7 +220,6 @@ void *tomoyo_alloc_element(const unsigned int size)
220 = roundup(size, max(sizeof(void *), sizeof(long))); 220 = roundup(size, max(sizeof(void *), sizeof(long)));
221 if (word_aligned_size > PATH_MAX) 221 if (word_aligned_size > PATH_MAX)
222 return NULL; 222 return NULL;
223 /***** EXCLUSIVE SECTION START *****/
224 mutex_lock(&lock); 223 mutex_lock(&lock);
225 if (buf_used_len + word_aligned_size > PATH_MAX) { 224 if (buf_used_len + word_aligned_size > PATH_MAX) {
226 if (!tomoyo_quota_for_elements || 225 if (!tomoyo_quota_for_elements ||
@@ -251,7 +250,6 @@ void *tomoyo_alloc_element(const unsigned int size)
251 } 250 }
252 } 251 }
253 mutex_unlock(&lock); 252 mutex_unlock(&lock);
254 /***** EXCLUSIVE SECTION END *****/
255 return ptr; 253 return ptr;
256} 254}
257 255
@@ -318,7 +316,6 @@ const struct tomoyo_path_info *tomoyo_save_name(const char *name)
318 return NULL; 316 return NULL;
319 } 317 }
320 hash = full_name_hash((const unsigned char *) name, len - 1); 318 hash = full_name_hash((const unsigned char *) name, len - 1);
321 /***** EXCLUSIVE SECTION START *****/
322 mutex_lock(&lock); 319 mutex_lock(&lock);
323 list_for_each_entry(ptr, &tomoyo_name_list[hash % TOMOYO_MAX_HASH], 320 list_for_each_entry(ptr, &tomoyo_name_list[hash % TOMOYO_MAX_HASH],
324 list) { 321 list) {
@@ -366,7 +363,6 @@ const struct tomoyo_path_info *tomoyo_save_name(const char *name)
366 } 363 }
367 out: 364 out:
368 mutex_unlock(&lock); 365 mutex_unlock(&lock);
369 /***** EXCLUSIVE SECTION END *****/
370 return ptr ? &ptr->entry : NULL; 366 return ptr ? &ptr->entry : NULL;
371} 367}
372 368
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-10 09:39:54 -0500