TOMOYO: Use array of "struct list_head".

Assign list id and make the lists as array of "struct list_head".

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Tetsuo Handa 2010-06-17 16:53:24 +09:00 committed by James Morris
parent a98aa4debe
commit a230f9e712
8 changed files with 98 additions and 383 deletions

View file

@ -434,38 +434,6 @@ static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
head->read_eof = true; head->read_eof = true;
} }
/*
* tomoyo_policy_manager_list is used for holding list of domainnames or
* programs which are permitted to modify configuration via
* /sys/kernel/security/tomoyo/ interface.
*
* An entry is added by
*
* # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \
* /sys/kernel/security/tomoyo/manager
* (if you want to specify by a domainname)
*
* or
*
* # echo '/usr/sbin/tomoyo-editpolicy' > /sys/kernel/security/tomoyo/manager
* (if you want to specify by a program's location)
*
* and is deleted by
*
* # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \
* /sys/kernel/security/tomoyo/manager
*
* or
*
* # echo 'delete /usr/sbin/tomoyo-editpolicy' > \
* /sys/kernel/security/tomoyo/manager
*
* and all entries are retrieved by
*
* # cat /sys/kernel/security/tomoyo/manager
*/
LIST_HEAD(tomoyo_policy_manager_list);
static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a, static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b) const struct tomoyo_acl_head *b)
{ {
@ -503,7 +471,7 @@ static int tomoyo_update_manager_entry(const char *manager,
if (!e.manager) if (!e.manager)
return -ENOMEM; return -ENOMEM;
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
&tomoyo_policy_manager_list, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
tomoyo_same_manager_entry); tomoyo_same_manager_entry);
tomoyo_put_name(e.manager); tomoyo_put_name(e.manager);
return error; return error;
@ -545,7 +513,7 @@ static void tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
if (head->read_eof) if (head->read_eof)
return; return;
list_for_each_cookie(pos, head->read_var2, list_for_each_cookie(pos, head->read_var2,
&tomoyo_policy_manager_list) { &tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
struct tomoyo_policy_manager_entry *ptr; struct tomoyo_policy_manager_entry *ptr;
ptr = list_entry(pos, struct tomoyo_policy_manager_entry, ptr = list_entry(pos, struct tomoyo_policy_manager_entry,
head.list); head.list);
@ -578,7 +546,8 @@ static bool tomoyo_policy_manager(void)
return true; return true;
if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
return false; return false;
list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) { list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
head.list) {
if (!ptr->head.is_deleted && ptr->is_domain if (!ptr->head.is_deleted && ptr->is_domain
&& !tomoyo_pathcmp(domainname, ptr->manager)) { && !tomoyo_pathcmp(domainname, ptr->manager)) {
found = true; found = true;
@ -590,7 +559,8 @@ static bool tomoyo_policy_manager(void)
exe = tomoyo_get_exe(); exe = tomoyo_get_exe();
if (!exe) if (!exe)
return false; return false;
list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) { list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
head.list) {
if (!ptr->head.is_deleted && !ptr->is_domain if (!ptr->head.is_deleted && !ptr->is_domain
&& !strcmp(exe, ptr->manager->name)) { && !strcmp(exe, ptr->manager->name)) {
found = true; found = true;

View file

@ -46,6 +46,30 @@ enum tomoyo_mode_index {
TOMOYO_CONFIG_USE_DEFAULT = 255 TOMOYO_CONFIG_USE_DEFAULT = 255
}; };
enum tomoyo_policy_id {
TOMOYO_ID_GROUP,
TOMOYO_ID_PATH_GROUP,
TOMOYO_ID_NUMBER_GROUP,
TOMOYO_ID_DOMAIN_INITIALIZER,
TOMOYO_ID_DOMAIN_KEEPER,
TOMOYO_ID_AGGREGATOR,
TOMOYO_ID_ALIAS,
TOMOYO_ID_GLOBALLY_READABLE,
TOMOYO_ID_PATTERN,
TOMOYO_ID_NO_REWRITE,
TOMOYO_ID_MANAGER,
TOMOYO_ID_NAME,
TOMOYO_ID_ACL,
TOMOYO_ID_DOMAIN,
TOMOYO_MAX_POLICY
};
enum tomoyo_group_id {
TOMOYO_PATH_GROUP,
TOMOYO_NUMBER_GROUP,
TOMOYO_MAX_GROUP
};
/* Keywords for ACLs. */ /* Keywords for ACLs. */
#define TOMOYO_KEYWORD_AGGREGATOR "aggregator " #define TOMOYO_KEYWORD_AGGREGATOR "aggregator "
#define TOMOYO_KEYWORD_ALIAS "alias " #define TOMOYO_KEYWORD_ALIAS "alias "
@ -570,7 +594,7 @@ struct tomoyo_globally_readable_file_entry {
/* /*
* tomoyo_pattern_entry is a structure which is used for holding * tomoyo_pattern_entry is a structure which is used for holding
* "tomoyo_pattern_list" entries. * "file_pattern" entries.
* It has following fields. * It has following fields.
* *
* (1) "head" is "struct tomoyo_acl_head". * (1) "head" is "struct tomoyo_acl_head".
@ -950,16 +974,8 @@ extern struct srcu_struct tomoyo_ss;
/* The list for "struct tomoyo_domain_info". */ /* The list for "struct tomoyo_domain_info". */
extern struct list_head tomoyo_domain_list; extern struct list_head tomoyo_domain_list;
extern struct list_head tomoyo_path_group_list; extern struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
extern struct list_head tomoyo_number_group_list; extern struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
extern struct list_head tomoyo_domain_initializer_list;
extern struct list_head tomoyo_domain_keeper_list;
extern struct list_head tomoyo_aggregator_list;
extern struct list_head tomoyo_alias_list;
extern struct list_head tomoyo_globally_readable_list;
extern struct list_head tomoyo_pattern_list;
extern struct list_head tomoyo_no_rewrite_list;
extern struct list_head tomoyo_policy_manager_list;
extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
/* Lock for protecting policy. */ /* Lock for protecting policy. */

View file

@ -127,46 +127,12 @@ void tomoyo_check_acl(struct tomoyo_request_info *r,
r->granted = false; r->granted = false;
} }
/* /* The list for "struct tomoyo_domain_info". */
* tomoyo_domain_list is used for holding list of domains.
* The ->acl_info_list of "struct tomoyo_domain_info" is used for holding
* permissions (e.g. "allow_read /lib/libc-2.5.so") given to each domain.
*
* An entry is added by
*
* # ( echo "<kernel>"; echo "allow_execute /sbin/init" ) > \
* /sys/kernel/security/tomoyo/domain_policy
*
* and is deleted by
*
* # ( echo "<kernel>"; echo "delete allow_execute /sbin/init" ) > \
* /sys/kernel/security/tomoyo/domain_policy
*
* and all entries are retrieved by
*
* # cat /sys/kernel/security/tomoyo/domain_policy
*
* A domain is added by
*
* # echo "<kernel>" > /sys/kernel/security/tomoyo/domain_policy
*
* and is deleted by
*
* # echo "delete <kernel>" > /sys/kernel/security/tomoyo/domain_policy
*
* and all domains are retrieved by
*
* # grep '^<kernel>' /sys/kernel/security/tomoyo/domain_policy
*
* Normally, a domainname is monotonically getting longer because a domainname
* which the process will belong to if an execve() operation succeeds is
* defined as a concatenation of "current domainname" + "pathname passed to
* execve()".
* See tomoyo_domain_initializer_list and tomoyo_domain_keeper_list for
* exceptions.
*/
LIST_HEAD(tomoyo_domain_list); LIST_HEAD(tomoyo_domain_list);
struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
/** /**
* tomoyo_get_last_name - Get last component of a domainname. * tomoyo_get_last_name - Get last component of a domainname.
* *
@ -184,44 +150,6 @@ const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain)
return cp0; return cp0;
} }
/*
* tomoyo_domain_initializer_list is used for holding list of programs which
* triggers reinitialization of domainname. Normally, a domainname is
* monotonically getting longer. But sometimes, we restart daemon programs.
* It would be convenient for us that "a daemon started upon system boot" and
* "the daemon restarted from console" belong to the same domain. Thus, TOMOYO
* provides a way to shorten domainnames.
*
* An entry is added by
*
* # echo 'initialize_domain /usr/sbin/httpd' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and is deleted by
*
* # echo 'delete initialize_domain /usr/sbin/httpd' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and all entries are retrieved by
*
* # grep ^initialize_domain /sys/kernel/security/tomoyo/exception_policy
*
* In the example above, /usr/sbin/httpd will belong to
* "<kernel> /usr/sbin/httpd" domain.
*
* You may specify a domainname using "from" keyword.
* "initialize_domain /usr/sbin/httpd from <kernel> /etc/rc.d/init.d/httpd"
* will cause "/usr/sbin/httpd" executed from "<kernel> /etc/rc.d/init.d/httpd"
* domain to belong to "<kernel> /usr/sbin/httpd" domain.
*
* You may add "no_" prefix to "initialize_domain".
* "initialize_domain /usr/sbin/httpd" and
* "no_initialize_domain /usr/sbin/httpd from <kernel> /etc/rc.d/init.d/httpd"
* will cause "/usr/sbin/httpd" to belong to "<kernel> /usr/sbin/httpd" domain
* unless executed from "<kernel> /etc/rc.d/init.d/httpd" domain.
*/
LIST_HEAD(tomoyo_domain_initializer_list);
static bool tomoyo_same_domain_initializer_entry(const struct tomoyo_acl_head * static bool tomoyo_same_domain_initializer_entry(const struct tomoyo_acl_head *
a, a,
const struct tomoyo_acl_head * const struct tomoyo_acl_head *
@ -272,7 +200,8 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
if (!e.program) if (!e.program)
goto out; goto out;
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
&tomoyo_domain_initializer_list, &tomoyo_policy_list
[TOMOYO_ID_DOMAIN_INITIALIZER],
tomoyo_same_domain_initializer_entry); tomoyo_same_domain_initializer_entry);
out: out:
tomoyo_put_name(e.domainname); tomoyo_put_name(e.domainname);
@ -294,8 +223,8 @@ bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head)
struct list_head *pos; struct list_head *pos;
bool done = true; bool done = true;
list_for_each_cookie(pos, head->read_var2, list_for_each_cookie(pos, head->read_var2, &tomoyo_policy_list
&tomoyo_domain_initializer_list) { [TOMOYO_ID_DOMAIN_INITIALIZER]) {
const char *no; const char *no;
const char *from = ""; const char *from = "";
const char *domain = ""; const char *domain = "";
@ -366,8 +295,8 @@ static bool tomoyo_domain_initializer(const struct tomoyo_path_info *
struct tomoyo_domain_initializer_entry *ptr; struct tomoyo_domain_initializer_entry *ptr;
bool flag = false; bool flag = false;
list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list_for_each_entry_rcu(ptr, &tomoyo_policy_list
head.list) { [TOMOYO_ID_DOMAIN_INITIALIZER], head.list) {
if (ptr->head.is_deleted) if (ptr->head.is_deleted)
continue; continue;
if (ptr->domainname) { if (ptr->domainname) {
@ -390,46 +319,6 @@ static bool tomoyo_domain_initializer(const struct tomoyo_path_info *
return flag; return flag;
} }
/*
* tomoyo_domain_keeper_list is used for holding list of domainnames which
* suppresses domain transition. Normally, a domainname is monotonically
* getting longer. But sometimes, we want to suppress domain transition.
* It would be convenient for us that programs executed from a login session
* belong to the same domain. Thus, TOMOYO provides a way to suppress domain
* transition.
*
* An entry is added by
*
* # echo 'keep_domain <kernel> /usr/sbin/sshd /bin/bash' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and is deleted by
*
* # echo 'delete keep_domain <kernel> /usr/sbin/sshd /bin/bash' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and all entries are retrieved by
*
* # grep ^keep_domain /sys/kernel/security/tomoyo/exception_policy
*
* In the example above, any process which belongs to
* "<kernel> /usr/sbin/sshd /bin/bash" domain will remain in that domain,
* unless explicitly specified by "initialize_domain" or "no_keep_domain".
*
* You may specify a program using "from" keyword.
* "keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash"
* will cause "/bin/pwd" executed from "<kernel> /usr/sbin/sshd /bin/bash"
* domain to remain in "<kernel> /usr/sbin/sshd /bin/bash" domain.
*
* You may add "no_" prefix to "keep_domain".
* "keep_domain <kernel> /usr/sbin/sshd /bin/bash" and
* "no_keep_domain /usr/bin/passwd from <kernel> /usr/sbin/sshd /bin/bash" will
* cause "/usr/bin/passwd" to belong to
* "<kernel> /usr/sbin/sshd /bin/bash /usr/bin/passwd" domain, unless
* explicitly specified by "initialize_domain".
*/
LIST_HEAD(tomoyo_domain_keeper_list);
static bool tomoyo_same_domain_keeper_entry(const struct tomoyo_acl_head *a, static bool tomoyo_same_domain_keeper_entry(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b) const struct tomoyo_acl_head *b)
{ {
@ -478,7 +367,8 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
if (!e.domainname) if (!e.domainname)
goto out; goto out;
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
&tomoyo_domain_keeper_list, &tomoyo_policy_list
[TOMOYO_ID_DOMAIN_KEEPER],
tomoyo_same_domain_keeper_entry); tomoyo_same_domain_keeper_entry);
out: out:
tomoyo_put_name(e.domainname); tomoyo_put_name(e.domainname);
@ -523,7 +413,7 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
bool done = true; bool done = true;
list_for_each_cookie(pos, head->read_var2, list_for_each_cookie(pos, head->read_var2,
&tomoyo_domain_keeper_list) { &tomoyo_policy_list[TOMOYO_ID_DOMAIN_KEEPER]) {
struct tomoyo_domain_keeper_entry *ptr; struct tomoyo_domain_keeper_entry *ptr;
const char *no; const char *no;
const char *from = ""; const char *from = "";
@ -567,7 +457,9 @@ static bool tomoyo_domain_keeper(const struct tomoyo_path_info *domainname,
struct tomoyo_domain_keeper_entry *ptr; struct tomoyo_domain_keeper_entry *ptr;
bool flag = false; bool flag = false;
list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, head.list) { list_for_each_entry_rcu(ptr,
&tomoyo_policy_list[TOMOYO_ID_DOMAIN_KEEPER],
head.list) {
if (ptr->head.is_deleted) if (ptr->head.is_deleted)
continue; continue;
if (!ptr->is_last_name) { if (!ptr->is_last_name) {
@ -588,35 +480,6 @@ static bool tomoyo_domain_keeper(const struct tomoyo_path_info *domainname,
return flag; return flag;
} }
/*
* tomoyo_aggregator_list is used for holding list of rewrite table for
* execve() request. Some programs provides similar functionality. This keyword
* allows users to aggregate such programs.
*
* Entries are added by
*
* # echo 'aggregator /usr/bin/vi /./editor' > \
* /sys/kernel/security/tomoyo/exception_policy
* # echo 'aggregator /usr/bin/emacs /./editor' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and are deleted by
*
* # echo 'delete aggregator /usr/bin/vi /./editor' > \
* /sys/kernel/security/tomoyo/exception_policy
* # echo 'delete aggregator /usr/bin/emacs /./editor' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and all entries are retrieved by
*
* # grep ^aggregator /sys/kernel/security/tomoyo/exception_policy
*
* In the example above, if /usr/bin/vi or /usr/bin/emacs are executed,
* permission is checked for /./editor and domainname which the current process
* will belong to after execve() succeeds is calculated using /./editor .
*/
LIST_HEAD(tomoyo_aggregator_list);
static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a, static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b) const struct tomoyo_acl_head *b)
{ {
@ -655,7 +518,7 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
e.aggregated_name->is_patterned) /* No patterns allowed. */ e.aggregated_name->is_patterned) /* No patterns allowed. */
goto out; goto out;
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
&tomoyo_aggregator_list, &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR],
tomoyo_same_aggregator_entry); tomoyo_same_aggregator_entry);
out: out:
tomoyo_put_name(e.original_name); tomoyo_put_name(e.original_name);
@ -677,7 +540,8 @@ bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head)
struct list_head *pos; struct list_head *pos;
bool done = true; bool done = true;
list_for_each_cookie(pos, head->read_var2, &tomoyo_aggregator_list) { list_for_each_cookie(pos, head->read_var2,
&tomoyo_policy_list[TOMOYO_ID_AGGREGATOR]) {
struct tomoyo_aggregator_entry *ptr; struct tomoyo_aggregator_entry *ptr;
ptr = list_entry(pos, struct tomoyo_aggregator_entry, ptr = list_entry(pos, struct tomoyo_aggregator_entry,
@ -713,38 +577,6 @@ int tomoyo_write_aggregator_policy(char *data, const bool is_delete)
return tomoyo_update_aggregator_entry(data, cp, is_delete); return tomoyo_update_aggregator_entry(data, cp, is_delete);
} }
/*
* tomoyo_alias_list is used for holding list of symlink's pathnames which are
* allowed to be passed to an execve() request. Normally, the domainname which
* the current process will belong to after execve() succeeds is calculated
* using dereferenced pathnames. But some programs behave differently depending
* on the name passed to argv[0]. For busybox, calculating domainname using
* dereferenced pathnames will cause all programs in the busybox to belong to
* the same domain. Thus, TOMOYO provides a way to allow use of symlink's
* pathname for checking execve()'s permission and calculating domainname which
* the current process will belong to after execve() succeeds.
*
* An entry is added by
*
* # echo 'alias /bin/busybox /bin/cat' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and is deleted by
*
* # echo 'delete alias /bin/busybox /bin/cat' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and all entries are retrieved by
*
* # grep ^alias /sys/kernel/security/tomoyo/exception_policy
*
* In the example above, if /bin/cat is a symlink to /bin/busybox and execution
* of /bin/cat is requested, permission is checked for /bin/cat rather than
* /bin/busybox and domainname which the current process will belong to after
* execve() succeeds is calculated using /bin/cat rather than /bin/busybox .
*/
LIST_HEAD(tomoyo_alias_list);
static bool tomoyo_same_alias_entry(const struct tomoyo_acl_head *a, static bool tomoyo_same_alias_entry(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b) const struct tomoyo_acl_head *b)
{ {
@ -783,7 +615,7 @@ static int tomoyo_update_alias_entry(const char *original_name,
e.original_name->is_patterned || e.aliased_name->is_patterned) e.original_name->is_patterned || e.aliased_name->is_patterned)
goto out; /* No patterns allowed. */ goto out; /* No patterns allowed. */
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
&tomoyo_alias_list, &tomoyo_policy_list[TOMOYO_ID_ALIAS],
tomoyo_same_alias_entry); tomoyo_same_alias_entry);
out: out:
tomoyo_put_name(e.original_name); tomoyo_put_name(e.original_name);
@ -805,7 +637,8 @@ bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head)
struct list_head *pos; struct list_head *pos;
bool done = true; bool done = true;
list_for_each_cookie(pos, head->read_var2, &tomoyo_alias_list) { list_for_each_cookie(pos, head->read_var2,
&tomoyo_policy_list[TOMOYO_ID_ALIAS]) {
struct tomoyo_alias_entry *ptr; struct tomoyo_alias_entry *ptr;
ptr = list_entry(pos, struct tomoyo_alias_entry, head.list); ptr = list_entry(pos, struct tomoyo_alias_entry, head.list);
@ -946,7 +779,9 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
if (tomoyo_pathcmp(&rn, &sn)) { if (tomoyo_pathcmp(&rn, &sn)) {
struct tomoyo_alias_entry *ptr; struct tomoyo_alias_entry *ptr;
/* Is this program allowed to be called via symbolic links? */ /* Is this program allowed to be called via symbolic links? */
list_for_each_entry_rcu(ptr, &tomoyo_alias_list, head.list) { list_for_each_entry_rcu(ptr,
&tomoyo_policy_list[TOMOYO_ID_ALIAS],
head.list) {
if (ptr->head.is_deleted || if (ptr->head.is_deleted ||
tomoyo_pathcmp(&rn, ptr->original_name) || tomoyo_pathcmp(&rn, ptr->original_name) ||
tomoyo_pathcmp(&sn, ptr->aliased_name)) tomoyo_pathcmp(&sn, ptr->aliased_name))
@ -962,8 +797,8 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
/* Check 'aggregator' directive. */ /* Check 'aggregator' directive. */
{ {
struct tomoyo_aggregator_entry *ptr; struct tomoyo_aggregator_entry *ptr;
list_for_each_entry_rcu(ptr, &tomoyo_aggregator_list, list_for_each_entry_rcu(ptr, &tomoyo_policy_list
head.list) { [TOMOYO_ID_AGGREGATOR], head.list) {
if (ptr->head.is_deleted || if (ptr->head.is_deleted ||
!tomoyo_path_matches_pattern(&rn, !tomoyo_path_matches_pattern(&rn,
ptr->original_name)) ptr->original_name))

View file

@ -265,33 +265,6 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r)
tomoyo_file_pattern(filename), buffer); tomoyo_file_pattern(filename), buffer);
} }
/*
* tomoyo_globally_readable_list is used for holding list of pathnames which
* are by default allowed to be open()ed for reading by any process.
*
* An entry is added by
*
* # echo 'allow_read /lib/libc-2.5.so' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and is deleted by
*
* # echo 'delete allow_read /lib/libc-2.5.so' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and all entries are retrieved by
*
* # grep ^allow_read /sys/kernel/security/tomoyo/exception_policy
*
* In the example above, any process is allowed to
* open("/lib/libc-2.5.so", O_RDONLY).
* One exception is, if the domain which current process belongs to is marked
* as "ignore_global_allow_read", current process can't do so unless explicitly
* given "allow_read /lib/libc-2.5.so" to the domain which current process
* belongs to.
*/
LIST_HEAD(tomoyo_globally_readable_list);
static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a, static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b) const struct tomoyo_acl_head *b)
{ {
@ -323,7 +296,8 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
if (!e.filename) if (!e.filename)
return -ENOMEM; return -ENOMEM;
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
&tomoyo_globally_readable_list, &tomoyo_policy_list
[TOMOYO_ID_GLOBALLY_READABLE],
tomoyo_same_globally_readable); tomoyo_same_globally_readable);
tomoyo_put_name(e.filename); tomoyo_put_name(e.filename);
return error; return error;
@ -344,8 +318,8 @@ static bool tomoyo_globally_readable_file(const struct tomoyo_path_info *
struct tomoyo_globally_readable_file_entry *ptr; struct tomoyo_globally_readable_file_entry *ptr;
bool found = false; bool found = false;
list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list_for_each_entry_rcu(ptr, &tomoyo_policy_list
head.list) { [TOMOYO_ID_GLOBALLY_READABLE], head.list) {
if (!ptr->head.is_deleted && if (!ptr->head.is_deleted &&
tomoyo_path_matches_pattern(filename, ptr->filename)) { tomoyo_path_matches_pattern(filename, ptr->filename)) {
found = true; found = true;
@ -385,7 +359,7 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
bool done = true; bool done = true;
list_for_each_cookie(pos, head->read_var2, list_for_each_cookie(pos, head->read_var2,
&tomoyo_globally_readable_list) { &tomoyo_policy_list[TOMOYO_ID_GLOBALLY_READABLE]) {
struct tomoyo_globally_readable_file_entry *ptr; struct tomoyo_globally_readable_file_entry *ptr;
ptr = list_entry(pos, ptr = list_entry(pos,
struct tomoyo_globally_readable_file_entry, struct tomoyo_globally_readable_file_entry,
@ -400,37 +374,6 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
return done; return done;
} }
/* tomoyo_pattern_list is used for holding list of pathnames which are used for
* converting pathnames to pathname patterns during learning mode.
*
* An entry is added by
*
* # echo 'file_pattern /proc/\$/mounts' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and is deleted by
*
* # echo 'delete file_pattern /proc/\$/mounts' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and all entries are retrieved by
*
* # grep ^file_pattern /sys/kernel/security/tomoyo/exception_policy
*
* In the example above, if a process which belongs to a domain which is in
* learning mode requested open("/proc/1/mounts", O_RDONLY),
* "allow_read /proc/\$/mounts" is automatically added to the domain which that
* process belongs to.
*
* It is not a desirable behavior that we have to use /proc/\$/ instead of
* /proc/self/ when current process needs to access only current process's
* information. As of now, LSM version of TOMOYO is using __d_path() for
* calculating pathname. Non LSM version of TOMOYO is using its own function
* which pretends as if /proc/self/ is not a symlink; so that we can forbid
* current process from accessing other process's information.
*/
LIST_HEAD(tomoyo_pattern_list);
static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a, static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b) const struct tomoyo_acl_head *b)
{ {
@ -460,7 +403,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
if (!e.pattern) if (!e.pattern)
return -ENOMEM; return -ENOMEM;
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
&tomoyo_pattern_list, &tomoyo_policy_list[TOMOYO_ID_PATTERN],
tomoyo_same_pattern); tomoyo_same_pattern);
tomoyo_put_name(e.pattern); tomoyo_put_name(e.pattern);
return error; return error;
@ -480,7 +423,8 @@ const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename)
struct tomoyo_pattern_entry *ptr; struct tomoyo_pattern_entry *ptr;
const struct tomoyo_path_info *pattern = NULL; const struct tomoyo_path_info *pattern = NULL;
list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, head.list) { list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_PATTERN],
head.list) {
if (ptr->head.is_deleted) if (ptr->head.is_deleted)
continue; continue;
if (!tomoyo_path_matches_pattern(filename, ptr->pattern)) if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
@ -527,7 +471,8 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
struct list_head *pos; struct list_head *pos;
bool done = true; bool done = true;
list_for_each_cookie(pos, head->read_var2, &tomoyo_pattern_list) { list_for_each_cookie(pos, head->read_var2,
&tomoyo_policy_list[TOMOYO_ID_PATTERN]) {
struct tomoyo_pattern_entry *ptr; struct tomoyo_pattern_entry *ptr;
ptr = list_entry(pos, struct tomoyo_pattern_entry, head.list); ptr = list_entry(pos, struct tomoyo_pattern_entry, head.list);
if (ptr->head.is_deleted) if (ptr->head.is_deleted)
@ -540,37 +485,6 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
return done; return done;
} }
/*
* tomoyo_no_rewrite_list is used for holding list of pathnames which are by
* default forbidden to modify already written content of a file.
*
* An entry is added by
*
* # echo 'deny_rewrite /var/log/messages' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and is deleted by
*
* # echo 'delete deny_rewrite /var/log/messages' > \
* /sys/kernel/security/tomoyo/exception_policy
*
* and all entries are retrieved by
*
* # grep ^deny_rewrite /sys/kernel/security/tomoyo/exception_policy
*
* In the example above, if a process requested to rewrite /var/log/messages ,
* the process can't rewrite unless the domain which that process belongs to
* has "allow_rewrite /var/log/messages" entry.
*
* It is not a desirable behavior that we have to add "\040(deleted)" suffix
* when we want to allow rewriting already unlink()ed file. As of now,
* LSM version of TOMOYO is using __d_path() for calculating pathname.
* Non LSM version of TOMOYO is using its own function which doesn't append
* " (deleted)" suffix if the file is already unlink()ed; so that we don't
* need to worry whether the file is already unlink()ed or not.
*/
LIST_HEAD(tomoyo_no_rewrite_list);
static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a, static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b) const struct tomoyo_acl_head *b)
{ {
@ -601,7 +515,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
if (!e.pattern) if (!e.pattern)
return -ENOMEM; return -ENOMEM;
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
&tomoyo_no_rewrite_list, &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE],
tomoyo_same_no_rewrite); tomoyo_same_no_rewrite);
tomoyo_put_name(e.pattern); tomoyo_put_name(e.pattern);
return error; return error;
@ -622,7 +536,8 @@ static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename)
struct tomoyo_no_rewrite_entry *ptr; struct tomoyo_no_rewrite_entry *ptr;
bool found = false; bool found = false;
list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, head.list) { list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE],
head.list) {
if (ptr->head.is_deleted) if (ptr->head.is_deleted)
continue; continue;
if (!tomoyo_path_matches_pattern(filename, ptr->pattern)) if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
@ -662,7 +577,8 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
struct list_head *pos; struct list_head *pos;
bool done = true; bool done = true;
list_for_each_cookie(pos, head->read_var2, &tomoyo_no_rewrite_list) { list_for_each_cookie(pos, head->read_var2,
&tomoyo_policy_list[TOMOYO_ID_NO_REWRITE]) {
struct tomoyo_no_rewrite_entry *ptr; struct tomoyo_no_rewrite_entry *ptr;
ptr = list_entry(pos, struct tomoyo_no_rewrite_entry, ptr = list_entry(pos, struct tomoyo_no_rewrite_entry,
head.list); head.list);

View file

@ -11,24 +11,6 @@
#include <linux/kthread.h> #include <linux/kthread.h>
#include <linux/slab.h> #include <linux/slab.h>
enum tomoyo_policy_id {
TOMOYO_ID_GROUP,
TOMOYO_ID_PATH_GROUP,
TOMOYO_ID_NUMBER_GROUP,
TOMOYO_ID_DOMAIN_INITIALIZER,
TOMOYO_ID_DOMAIN_KEEPER,
TOMOYO_ID_AGGREGATOR,
TOMOYO_ID_ALIAS,
TOMOYO_ID_GLOBALLY_READABLE,
TOMOYO_ID_PATTERN,
TOMOYO_ID_NO_REWRITE,
TOMOYO_ID_MANAGER,
TOMOYO_ID_NAME,
TOMOYO_ID_ACL,
TOMOYO_ID_DOMAIN,
TOMOYO_MAX_POLICY
};
struct tomoyo_gc_entry { struct tomoyo_gc_entry {
struct list_head list; struct list_head list;
int type; int type;
@ -226,17 +208,6 @@ static void tomoyo_del_number_group(struct list_head *element)
container_of(element, typeof(*member), head.list); container_of(element, typeof(*member), head.list);
} }
static struct list_head *tomoyo_policy_list[TOMOYO_MAX_POLICY] = {
[TOMOYO_ID_GLOBALLY_READABLE] = &tomoyo_globally_readable_list,
[TOMOYO_ID_PATTERN] = &tomoyo_pattern_list,
[TOMOYO_ID_NO_REWRITE] = &tomoyo_no_rewrite_list,
[TOMOYO_ID_DOMAIN_INITIALIZER] = &tomoyo_domain_initializer_list,
[TOMOYO_ID_DOMAIN_KEEPER] = &tomoyo_domain_keeper_list,
[TOMOYO_ID_AGGREGATOR] = &tomoyo_aggregator_list,
[TOMOYO_ID_ALIAS] = &tomoyo_alias_list,
[TOMOYO_ID_MANAGER] = &tomoyo_policy_manager_list,
};
static bool tomoyo_collect_member(struct list_head *member_list, int id) static bool tomoyo_collect_member(struct list_head *member_list, int id)
{ {
struct tomoyo_acl_head *member; struct tomoyo_acl_head *member;
@ -267,9 +238,8 @@ static void tomoyo_collect_entry(void)
if (mutex_lock_interruptible(&tomoyo_policy_lock)) if (mutex_lock_interruptible(&tomoyo_policy_lock))
return; return;
for (i = 0; i < TOMOYO_MAX_POLICY; i++) { for (i = 0; i < TOMOYO_MAX_POLICY; i++) {
if (tomoyo_policy_list[i]) if (!tomoyo_collect_member(&tomoyo_policy_list[i], i))
if (!tomoyo_collect_member(tomoyo_policy_list[i], i)) goto unlock;
goto unlock;
} }
{ {
struct tomoyo_domain_info *domain; struct tomoyo_domain_info *domain;
@ -298,7 +268,9 @@ static void tomoyo_collect_entry(void)
} }
{ {
struct tomoyo_group *group; struct tomoyo_group *group;
list_for_each_entry_rcu(group, &tomoyo_path_group_list, list) { list_for_each_entry_rcu(group,
&tomoyo_group_list[TOMOYO_PATH_GROUP],
list) {
tomoyo_collect_member(&group->member_list, tomoyo_collect_member(&group->member_list,
TOMOYO_ID_PATH_GROUP); TOMOYO_ID_PATH_GROUP);
if (!list_empty(&group->member_list) || if (!list_empty(&group->member_list) ||
@ -311,7 +283,8 @@ static void tomoyo_collect_entry(void)
} }
{ {
struct tomoyo_group *group; struct tomoyo_group *group;
list_for_each_entry_rcu(group, &tomoyo_number_group_list, list_for_each_entry_rcu(group,
&tomoyo_group_list[TOMOYO_NUMBER_GROUP],
list) { list) {
tomoyo_collect_member(&group->member_list, tomoyo_collect_member(&group->member_list,
TOMOYO_ID_NUMBER_GROUP); TOMOYO_ID_NUMBER_GROUP);

View file

@ -153,6 +153,10 @@ void __init tomoyo_mm_init(void)
{ {
int idx; int idx;
for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++)
INIT_LIST_HEAD(&tomoyo_policy_list[idx]);
for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++)
INIT_LIST_HEAD(&tomoyo_group_list[idx]);
for (idx = 0; idx < TOMOYO_MAX_HASH; idx++) for (idx = 0; idx < TOMOYO_MAX_HASH; idx++)
INIT_LIST_HEAD(&tomoyo_name_list[idx]); INIT_LIST_HEAD(&tomoyo_name_list[idx]);
INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list); INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list);

View file

@ -7,9 +7,6 @@
#include <linux/slab.h> #include <linux/slab.h>
#include "common.h" #include "common.h"
/* The list for "struct tomoyo_number_group". */
LIST_HEAD(tomoyo_number_group_list);
/** /**
* tomoyo_get_group - Allocate memory for "struct tomoyo_number_group". * tomoyo_get_group - Allocate memory for "struct tomoyo_number_group".
* *
@ -32,7 +29,8 @@ struct tomoyo_group *tomoyo_get_number_group(const char *group_name)
entry = kzalloc(sizeof(*entry), GFP_NOFS); entry = kzalloc(sizeof(*entry), GFP_NOFS);
if (mutex_lock_interruptible(&tomoyo_policy_lock)) if (mutex_lock_interruptible(&tomoyo_policy_lock))
goto out; goto out;
list_for_each_entry_rcu(group, &tomoyo_number_group_list, list) { list_for_each_entry_rcu(group, &tomoyo_group_list[TOMOYO_NUMBER_GROUP],
list) {
if (saved_group_name != group->group_name) if (saved_group_name != group->group_name)
continue; continue;
atomic_inc(&group->users); atomic_inc(&group->users);
@ -44,7 +42,8 @@ struct tomoyo_group *tomoyo_get_number_group(const char *group_name)
entry->group_name = saved_group_name; entry->group_name = saved_group_name;
saved_group_name = NULL; saved_group_name = NULL;
atomic_set(&entry->users, 1); atomic_set(&entry->users, 1);
list_add_tail_rcu(&entry->list, &tomoyo_number_group_list); list_add_tail_rcu(&entry->list,
&tomoyo_group_list[TOMOYO_NUMBER_GROUP]);
group = entry; group = entry;
entry = NULL; entry = NULL;
error = 0; error = 0;
@ -110,7 +109,8 @@ bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head)
{ {
struct list_head *gpos; struct list_head *gpos;
struct list_head *mpos; struct list_head *mpos;
list_for_each_cookie(gpos, head->read_var1, &tomoyo_number_group_list) { list_for_each_cookie(gpos, head->read_var1,
&tomoyo_group_list[TOMOYO_NUMBER_GROUP]) {
struct tomoyo_group *group; struct tomoyo_group *group;
const char *name; const char *name;
group = list_entry(gpos, struct tomoyo_group, list); group = list_entry(gpos, struct tomoyo_group, list);

View file

@ -6,8 +6,6 @@
#include <linux/slab.h> #include <linux/slab.h>
#include "common.h" #include "common.h"
/* The list for "struct tomoyo_path_group". */
LIST_HEAD(tomoyo_path_group_list);
/** /**
* tomoyo_get_group - Allocate memory for "struct tomoyo_path_group". * tomoyo_get_group - Allocate memory for "struct tomoyo_path_group".
@ -30,7 +28,8 @@ struct tomoyo_group *tomoyo_get_path_group(const char *group_name)
entry = kzalloc(sizeof(*entry), GFP_NOFS); entry = kzalloc(sizeof(*entry), GFP_NOFS);
if (mutex_lock_interruptible(&tomoyo_policy_lock)) if (mutex_lock_interruptible(&tomoyo_policy_lock))
goto out; goto out;
list_for_each_entry_rcu(group, &tomoyo_path_group_list, list) { list_for_each_entry_rcu(group, &tomoyo_group_list[TOMOYO_PATH_GROUP],
list) {
if (saved_group_name != group->group_name) if (saved_group_name != group->group_name)
continue; continue;
atomic_inc(&group->users); atomic_inc(&group->users);
@ -42,7 +41,8 @@ struct tomoyo_group *tomoyo_get_path_group(const char *group_name)
entry->group_name = saved_group_name; entry->group_name = saved_group_name;
saved_group_name = NULL; saved_group_name = NULL;
atomic_set(&entry->users, 1); atomic_set(&entry->users, 1);
list_add_tail_rcu(&entry->list, &tomoyo_path_group_list); list_add_tail_rcu(&entry->list,
&tomoyo_group_list[TOMOYO_PATH_GROUP]);
group = entry; group = entry;
entry = NULL; entry = NULL;
error = 0; error = 0;
@ -107,7 +107,8 @@ bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head)
{ {
struct list_head *gpos; struct list_head *gpos;
struct list_head *mpos; struct list_head *mpos;
list_for_each_cookie(gpos, head->read_var1, &tomoyo_path_group_list) { list_for_each_cookie(gpos, head->read_var1,
&tomoyo_group_list[TOMOYO_PATH_GROUP]) {
struct tomoyo_group *group; struct tomoyo_group *group;
group = list_entry(gpos, struct tomoyo_group, list); group = list_entry(gpos, struct tomoyo_group, list);
list_for_each_cookie(mpos, head->read_var2, list_for_each_cookie(mpos, head->read_var2,