aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/tomoyo/common.c75
-rw-r--r--security/tomoyo/common.h16
2 files changed, 34 insertions, 57 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 6568ef18112b..2a5330ec06c9 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -507,16 +507,14 @@ static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
507 */ 507 */
508static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) 508static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
509{ 509{
510 struct list_head *pos;
511 bool done = true; 510 bool done = true;
512 511
513 if (head->read_eof) 512 if (head->read_eof)
514 return; 513 return;
515 list_for_each_cookie(pos, head->read_var2, 514 list_for_each_cookie(head->read_var2,
516 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { 515 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
517 struct tomoyo_policy_manager_entry *ptr; 516 struct tomoyo_policy_manager_entry *ptr =
518 ptr = list_entry(pos, struct tomoyo_policy_manager_entry, 517 list_entry(head->read_var2, typeof(*ptr), head.list);
519 head.list);
520 if (ptr->head.is_deleted) 518 if (ptr->head.is_deleted)
521 continue; 519 continue;
522 done = tomoyo_io_printf(head, "%s\n", ptr->manager->name); 520 done = tomoyo_io_printf(head, "%s\n", ptr->manager->name);
@@ -590,8 +588,7 @@ static bool tomoyo_policy_manager(void)
590 * 588 *
591 * Caller holds tomoyo_read_lock(). 589 * Caller holds tomoyo_read_lock().
592 */ 590 */
593static bool tomoyo_select_one(struct tomoyo_io_buffer *head, 591static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data)
594 const char *data)
595{ 592{
596 unsigned int pid; 593 unsigned int pid;
597 struct tomoyo_domain_info *domain = NULL; 594 struct tomoyo_domain_info *domain = NULL;
@@ -623,20 +620,12 @@ static bool tomoyo_select_one(struct tomoyo_io_buffer *head,
623 tomoyo_io_printf(head, "# select %s\n", data); 620 tomoyo_io_printf(head, "# select %s\n", data);
624 head->read_single_domain = true; 621 head->read_single_domain = true;
625 head->read_eof = !domain; 622 head->read_eof = !domain;
626 if (domain) { 623 head->read_var1 = &domain->list;
627 struct tomoyo_domain_info *d; 624 head->read_var2 = NULL;
628 head->read_var1 = NULL; 625 head->read_bit = 0;
629 list_for_each_entry_rcu(d, &tomoyo_domain_list, list) { 626 head->read_step = 0;
630 if (d == domain) 627 if (domain && domain->is_deleted)
631 break; 628 tomoyo_io_printf(head, "# This is a deleted domain.\n");
632 head->read_var1 = &d->list;
633 }
634 head->read_var2 = NULL;
635 head->read_bit = 0;
636 head->read_step = 0;
637 if (domain->is_deleted)
638 tomoyo_io_printf(head, "# This is a deleted domain.\n");
639 }
640 return true; 629 return true;
641} 630}
642 631
@@ -972,20 +961,18 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
972 */ 961 */
973static void tomoyo_read_domain_policy(struct tomoyo_io_buffer *head) 962static void tomoyo_read_domain_policy(struct tomoyo_io_buffer *head)
974{ 963{
975 struct list_head *dpos;
976 struct list_head *apos;
977 bool done = true; 964 bool done = true;
978 965
979 if (head->read_eof) 966 if (head->read_eof)
980 return; 967 return;
981 if (head->read_step == 0) 968 if (head->read_step == 0)
982 head->read_step = 1; 969 head->read_step = 1;
983 list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) { 970 list_for_each_cookie(head->read_var1, &tomoyo_domain_list) {
984 struct tomoyo_domain_info *domain; 971 struct tomoyo_domain_info *domain =
972 list_entry(head->read_var1, typeof(*domain), list);
985 const char *quota_exceeded = ""; 973 const char *quota_exceeded = "";
986 const char *transition_failed = ""; 974 const char *transition_failed = "";
987 const char *ignore_global_allow_read = ""; 975 const char *ignore_global_allow_read = "";
988 domain = list_entry(dpos, struct tomoyo_domain_info, list);
989 if (head->read_step != 1) 976 if (head->read_step != 1)
990 goto acl_loop; 977 goto acl_loop;
991 if (domain->is_deleted && !head->read_single_domain) 978 if (domain->is_deleted && !head->read_single_domain)
@@ -1011,17 +998,17 @@ acl_loop:
1011 if (head->read_step == 3) 998 if (head->read_step == 3)
1012 goto tail_mark; 999 goto tail_mark;
1013 /* Print ACL entries in the domain. */ 1000 /* Print ACL entries in the domain. */
1014 list_for_each_cookie(apos, head->read_var2, 1001 list_for_each_cookie(head->read_var2,
1015 &domain->acl_info_list) { 1002 &domain->acl_info_list) {
1016 struct tomoyo_acl_info *ptr 1003 struct tomoyo_acl_info *ptr =
1017 = list_entry(apos, struct tomoyo_acl_info, 1004 list_entry(head->read_var2, typeof(*ptr), list);
1018 list);
1019 done = tomoyo_print_entry(head, ptr); 1005 done = tomoyo_print_entry(head, ptr);
1020 if (!done) 1006 if (!done)
1021 break; 1007 break;
1022 } 1008 }
1023 if (!done) 1009 if (!done)
1024 break; 1010 break;
1011 head->read_var2 = NULL;
1025 head->read_step = 3; 1012 head->read_step = 3;
1026tail_mark: 1013tail_mark:
1027 done = tomoyo_io_printf(head, "\n"); 1014 done = tomoyo_io_printf(head, "\n");
@@ -1085,14 +1072,13 @@ static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1085 */ 1072 */
1086static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head) 1073static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1087{ 1074{
1088 struct list_head *pos;
1089 bool done = true; 1075 bool done = true;
1090 1076
1091 if (head->read_eof) 1077 if (head->read_eof)
1092 return; 1078 return;
1093 list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) { 1079 list_for_each_cookie(head->read_var1, &tomoyo_domain_list) {
1094 struct tomoyo_domain_info *domain; 1080 struct tomoyo_domain_info *domain =
1095 domain = list_entry(pos, struct tomoyo_domain_info, list); 1081 list_entry(head->read_var1, typeof(*domain), list);
1096 if (domain->is_deleted) 1082 if (domain->is_deleted)
1097 continue; 1083 continue;
1098 done = tomoyo_io_printf(head, "%u %s\n", domain->profile, 1084 done = tomoyo_io_printf(head, "%u %s\n", domain->profile,
@@ -1245,19 +1231,16 @@ static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1245 */ 1231 */
1246static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) 1232static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1247{ 1233{
1248 struct list_head *gpos;
1249 struct list_head *mpos;
1250 const char *w[3] = { "", "", "" }; 1234 const char *w[3] = { "", "", "" };
1251 w[0] = tomoyo_group_name[idx]; 1235 w[0] = tomoyo_group_name[idx];
1252 list_for_each_cookie(gpos, head->read_var1, &tomoyo_group_list[idx]) { 1236 list_for_each_cookie(head->read_var1, &tomoyo_group_list[idx]) {
1253 struct tomoyo_group *group = 1237 struct tomoyo_group *group =
1254 list_entry(gpos, struct tomoyo_group, list); 1238 list_entry(head->read_var1, typeof(*group), list);
1255 w[1] = group->group_name->name; 1239 w[1] = group->group_name->name;
1256 list_for_each_cookie(mpos, head->read_var2, 1240 list_for_each_cookie(head->read_var2, &group->member_list) {
1257 &group->member_list) {
1258 char buffer[128]; 1241 char buffer[128];
1259 struct tomoyo_acl_head *ptr = 1242 struct tomoyo_acl_head *ptr =
1260 list_entry(mpos, struct tomoyo_acl_head, list); 1243 list_entry(head->read_var2, typeof(*ptr), list);
1261 if (ptr->is_deleted) 1244 if (ptr->is_deleted)
1262 continue; 1245 continue;
1263 if (idx == TOMOYO_PATH_GROUP) { 1246 if (idx == TOMOYO_PATH_GROUP) {
@@ -1276,7 +1259,9 @@ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1276 w[2])) 1259 w[2]))
1277 return false; 1260 return false;
1278 } 1261 }
1262 head->read_var2 = NULL;
1279 } 1263 }
1264 head->read_var1 = NULL;
1280 return true; 1265 return true;
1281} 1266}
1282 1267
@@ -1292,11 +1277,10 @@ static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1292 */ 1277 */
1293static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) 1278static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1294{ 1279{
1295 struct list_head *pos; 1280 list_for_each_cookie(head->read_var2, &tomoyo_policy_list[idx]) {
1296 list_for_each_cookie(pos, head->read_var2, &tomoyo_policy_list[idx]) {
1297 const char *w[4] = { "", "", "", "" }; 1281 const char *w[4] = { "", "", "", "" };
1298 struct tomoyo_acl_head *acl = container_of(pos, typeof(*acl), 1282 struct tomoyo_acl_head *acl =
1299 list); 1283 container_of(head->read_var2, typeof(*acl), list);
1300 if (acl->is_deleted) 1284 if (acl->is_deleted)
1301 continue; 1285 continue;
1302 switch (idx) { 1286 switch (idx) {
@@ -1354,6 +1338,7 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1354 w[3])) 1338 w[3]))
1355 return false; 1339 return false;
1356 } 1340 }
1341 head->read_var2 = NULL;
1357 return true; 1342 return true;
1358} 1343}
1359 1344
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 1277724edae4..cdc9ef56fd86 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -1023,19 +1023,11 @@ static inline bool tomoyo_same_number_union
1023/** 1023/**
1024 * list_for_each_cookie - iterate over a list with cookie. 1024 * list_for_each_cookie - iterate over a list with cookie.
1025 * @pos: the &struct list_head to use as a loop cursor. 1025 * @pos: the &struct list_head to use as a loop cursor.
1026 * @cookie: the &struct list_head to use as a cookie.
1027 * @head: the head for your list. 1026 * @head: the head for your list.
1028 *
1029 * Same with list_for_each_rcu() except that this primitive uses @cookie
1030 * so that we can continue iteration.
1031 * @cookie must be NULL when iteration starts, and @cookie will become
1032 * NULL when iteration finishes.
1033 */ 1027 */
1034#define list_for_each_cookie(pos, cookie, head) \ 1028#define list_for_each_cookie(pos, head) \
1035 for (({ if (!cookie) \ 1029 if (!pos) \
1036 cookie = head; }), \ 1030 pos = srcu_dereference((head)->next, &tomoyo_ss); \
1037 pos = rcu_dereference((cookie)->next); \ 1031 for ( ; pos != (head); pos = srcu_dereference(pos->next, &tomoyo_ss))
1038 prefetch(pos->next), pos != (head) || ((cookie) = NULL); \
1039 (cookie) = pos, pos = rcu_dereference(pos->next))
1040 1032
1041#endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ 1033#endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */