Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 847b173e authored by Tetsuo Handa's avatar Tetsuo Handa Committed by James Morris
Browse files

TOMOYO: Add garbage collector. 



This patch adds garbage collector support to TOMOYO.
Elements are protected by "struct srcu_struct tomoyo_ss".

Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent ec8e6a4e

security/tomoyo/Makefile

+1 −1
Original line number Diff line number Diff line 
obj-y = common.o realpath.o tomoyo.o domain.o file.o
 
obj-y = common.o realpath.o tomoyo.o domain.o file.o gc.o

security/tomoyo/common.c

+4 −1
Original line number Diff line number Diff line
@@ -1067,7 +1067,7 @@ static int tomoyo_read_profile(struct tomoyo_io_buffer *head) 
 *

 * # cat /sys/kernel/security/tomoyo/manager

 */

static LIST_HEAD(tomoyo_policy_manager_list);

LIST_HEAD(tomoyo_policy_manager_list);



/**

 * tomoyo_update_manager_entry - Add a manager entry.
@@ -2109,6 +2109,7 @@ static int tomoyo_write_control(struct file *file, const char __user *buffer, 
static int tomoyo_close_control(struct file *file)

{

	struct tomoyo_io_buffer *head = file->private_data;

	const bool is_write = !!head->write_buf;



	tomoyo_read_unlock(head->reader_idx);

	/* Release memory used for policy I/O. */
@@ -2119,6 +2120,8 @@ static int tomoyo_close_control(struct file *file) 
	kfree(head);

	head = NULL;

	file->private_data = NULL;

	if (is_write)

		tomoyo_run_gc();

	return 0;

}

security/tomoyo/common.h

+15 −0
Original line number Diff line number Diff line
@@ -638,6 +638,11 @@ int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, 
				    struct file *filp);

int tomoyo_find_next_domain(struct linux_binprm *bprm);



/* Run garbage collector. */

void tomoyo_run_gc(void);



void tomoyo_memory_free(void *ptr);



/********** External variable definitions. **********/



/* Lock for GC. */
@@ -646,6 +651,16 @@ extern struct srcu_struct tomoyo_ss; 
/* The list for "struct tomoyo_domain_info". */

extern struct list_head tomoyo_domain_list;



extern struct list_head tomoyo_domain_initializer_list;

extern struct list_head tomoyo_domain_keeper_list;

extern struct list_head tomoyo_alias_list;

extern struct list_head tomoyo_globally_readable_list;

extern struct list_head tomoyo_pattern_list;

extern struct list_head tomoyo_no_rewrite_list;

extern struct list_head tomoyo_policy_manager_list;

extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];

extern struct mutex tomoyo_name_list_lock;



/* Lock for protecting policy. */

extern struct mutex tomoyo_policy_lock;

security/tomoyo/domain.c

+3 −3
Original line number Diff line number Diff line
@@ -110,7 +110,7 @@ const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain) 
 * will cause "/usr/sbin/httpd" to belong to "<kernel> /usr/sbin/httpd" domain

 * unless executed from "<kernel> /etc/rc.d/init.d/httpd" domain.

 */

static LIST_HEAD(tomoyo_domain_initializer_list);

LIST_HEAD(tomoyo_domain_initializer_list);



/**

 * tomoyo_update_domain_initializer_entry - Update "struct tomoyo_domain_initializer_entry" list.
@@ -330,7 +330,7 @@ static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info * 
 * "<kernel> /usr/sbin/sshd /bin/bash /usr/bin/passwd" domain, unless

 * explicitly specified by "initialize_domain".

 */

static LIST_HEAD(tomoyo_domain_keeper_list);

LIST_HEAD(tomoyo_domain_keeper_list);



/**

 * tomoyo_update_domain_keeper_entry - Update "struct tomoyo_domain_keeper_entry" list.
@@ -533,7 +533,7 @@ static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname, 
 * /bin/busybox and domainname which the current process will belong to after

 * execve() succeeds is calculated using /bin/cat rather than /bin/busybox .

 */

static LIST_HEAD(tomoyo_alias_list);

LIST_HEAD(tomoyo_alias_list);



/**

 * tomoyo_update_alias_entry - Update "struct tomoyo_alias_entry" list.

security/tomoyo/file.c

+3 −3
Original line number Diff line number Diff line
@@ -148,7 +148,7 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename, 
 * given "allow_read /lib/libc-2.5.so" to the domain which current process

 * belongs to.

 */

static LIST_HEAD(tomoyo_globally_readable_list);

LIST_HEAD(tomoyo_globally_readable_list);



/**

 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
@@ -295,7 +295,7 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head) 
 * which pretends as if /proc/self/ is not a symlink; so that we can forbid

 * current process from accessing other process's information.

 */

static LIST_HEAD(tomoyo_pattern_list);

LIST_HEAD(tomoyo_pattern_list);



/**

 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
@@ -448,7 +448,7 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head) 
 * " (deleted)" suffix if the file is already unlink()ed; so that we don't

 * need to worry whether the file is already unlink()ed or not.

 */

static LIST_HEAD(tomoyo_no_rewrite_list);

LIST_HEAD(tomoyo_no_rewrite_list);



/**

 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.