diff options
Diffstat (limited to 'security/tomoyo')
-rw-r--r-- | security/tomoyo/common.c | 12 | ||||
-rw-r--r-- | security/tomoyo/common.h | 5 | ||||
-rw-r--r-- | security/tomoyo/domain.c | 20 | ||||
-rw-r--r-- | security/tomoyo/file.c | 26 |
4 files changed, 27 insertions, 36 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index f01b936..642e0e5 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -16,6 +16,9 @@ #include "common.h" #include "tomoyo.h" +/* Lock for protecting policy. */ +DEFINE_MUTEX(tomoyo_policy_lock); + /* Has loading policy done? */ bool tomoyo_policy_loaded; @@ -1086,7 +1089,6 @@ struct tomoyo_policy_manager_entry { * # cat /sys/kernel/security/tomoyo/manager */ static LIST_HEAD(tomoyo_policy_manager_list); -static DECLARE_RWSEM(tomoyo_policy_manager_list_lock); /** * tomoyo_update_manager_entry - Add a manager entry. @@ -1118,7 +1120,7 @@ static int tomoyo_update_manager_entry(const char *manager, saved_manager = tomoyo_save_name(manager); if (!saved_manager) return -ENOMEM; - down_write(&tomoyo_policy_manager_list_lock); + mutex_lock(&tomoyo_policy_lock); list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { if (ptr->manager != saved_manager) continue; @@ -1138,7 +1140,7 @@ static int tomoyo_update_manager_entry(const char *manager, list_add_tail_rcu(&new_entry->list, &tomoyo_policy_manager_list); error = 0; out: - up_write(&tomoyo_policy_manager_list_lock); + mutex_unlock(&tomoyo_policy_lock); return error; } @@ -1315,7 +1317,7 @@ static int tomoyo_delete_domain(char *domainname) name.name = domainname; tomoyo_fill_path_info(&name); - down_write(&tomoyo_domain_list_lock); + mutex_lock(&tomoyo_policy_lock); /* Is there an active domain? */ list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { /* Never delete tomoyo_kernel_domain */ @@ -1327,7 +1329,7 @@ static int tomoyo_delete_domain(char *domainname) domain->is_deleted = true; break; } - up_write(&tomoyo_domain_list_lock); + mutex_unlock(&tomoyo_policy_lock); return 0; } diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index c6f1392..874abf8 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -431,10 +431,9 @@ static inline bool tomoyo_is_invalid(const unsigned char c) /* The list for "struct tomoyo_domain_info". */ extern struct list_head tomoyo_domain_list; -extern struct rw_semaphore tomoyo_domain_list_lock; -/* Lock for domain->acl_info_list. */ -extern struct rw_semaphore tomoyo_domain_acl_info_list_lock; +/* Lock for protecting policy. */ +extern struct mutex tomoyo_policy_lock; /* Has /sbin/init started? */ extern bool tomoyo_policy_loaded; diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 2fd1901..7d0b0bc 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -58,7 +58,6 @@ struct tomoyo_domain_info tomoyo_kernel_domain; * exceptions. */ LIST_HEAD(tomoyo_domain_list); -DECLARE_RWSEM(tomoyo_domain_list_lock); /* * tomoyo_domain_initializer_entry is a structure which is used for holding @@ -206,7 +205,6 @@ const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain) * unless executed from "<kernel> /etc/rc.d/init.d/httpd" domain. */ static LIST_HEAD(tomoyo_domain_initializer_list); -static DECLARE_RWSEM(tomoyo_domain_initializer_list_lock); /** * tomoyo_update_domain_initializer_entry - Update "struct tomoyo_domain_initializer_entry" list. @@ -247,7 +245,7 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, saved_program = tomoyo_save_name(program); if (!saved_program) return -ENOMEM; - down_write(&tomoyo_domain_initializer_list_lock); + mutex_lock(&tomoyo_policy_lock); list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) { if (ptr->is_not != is_not || ptr->domainname != saved_domainname || @@ -271,7 +269,7 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, list_add_tail_rcu(&new_entry->list, &tomoyo_domain_initializer_list); error = 0; out: - up_write(&tomoyo_domain_initializer_list_lock); + mutex_unlock(&tomoyo_policy_lock); return error; } @@ -423,7 +421,6 @@ static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info * * explicitly specified by "initialize_domain". */ static LIST_HEAD(tomoyo_domain_keeper_list); -static DECLARE_RWSEM(tomoyo_domain_keeper_list_lock); /** * tomoyo_update_domain_keeper_entry - Update "struct tomoyo_domain_keeper_entry" list. @@ -464,7 +461,7 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, saved_domainname = tomoyo_save_name(domainname); if (!saved_domainname) return -ENOMEM; - down_write(&tomoyo_domain_keeper_list_lock); + mutex_lock(&tomoyo_policy_lock); list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) { if (ptr->is_not != is_not || ptr->domainname != saved_domainname || @@ -488,7 +485,7 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, list_add_tail_rcu(&new_entry->list, &tomoyo_domain_keeper_list); error = 0; out: - up_write(&tomoyo_domain_keeper_list_lock); + mutex_unlock(&tomoyo_policy_lock); return error; } @@ -624,7 +621,6 @@ static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname, * execve() succeeds is calculated using /bin/cat rather than /bin/busybox . */ static LIST_HEAD(tomoyo_alias_list); -static DECLARE_RWSEM(tomoyo_alias_list_lock); /** * tomoyo_update_alias_entry - Update "struct tomoyo_alias_entry" list. @@ -654,7 +650,7 @@ static int tomoyo_update_alias_entry(const char *original_name, saved_aliased_name = tomoyo_save_name(aliased_name); if (!saved_original_name || !saved_aliased_name) return -ENOMEM; - down_write(&tomoyo_alias_list_lock); + mutex_lock(&tomoyo_policy_lock); list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) { if (ptr->original_name != saved_original_name || ptr->aliased_name != saved_aliased_name) @@ -675,7 +671,7 @@ static int tomoyo_update_alias_entry(const char *original_name, list_add_tail_rcu(&new_entry->list, &tomoyo_alias_list); error = 0; out: - up_write(&tomoyo_alias_list_lock); + mutex_unlock(&tomoyo_policy_lock); return error; } @@ -745,7 +741,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * struct tomoyo_domain_info *domain = NULL; const struct tomoyo_path_info *saved_domainname; - down_write(&tomoyo_domain_list_lock); + mutex_lock(&tomoyo_policy_lock); domain = tomoyo_find_domain(domainname); if (domain) goto out; @@ -792,7 +788,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * list_add_tail_rcu(&domain->list, &tomoyo_domain_list); } out: - up_write(&tomoyo_domain_list_lock); + mutex_unlock(&tomoyo_policy_lock); return domain; } diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 3c47286..5d1689d 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -167,9 +167,6 @@ static struct tomoyo_path_info *tomoyo_get_path(struct path *path) return NULL; } -/* Lock for domain->acl_info_list. */ -DECLARE_RWSEM(tomoyo_domain_acl_info_list_lock); - static int tomoyo_update_double_path_acl(const u8 type, const char *filename1, const char *filename2, struct tomoyo_domain_info * @@ -204,7 +201,6 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename, * belongs to. */ static LIST_HEAD(tomoyo_globally_readable_list); -static DECLARE_RWSEM(tomoyo_globally_readable_list_lock); /** * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list. @@ -229,7 +225,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename, saved_filename = tomoyo_save_name(filename); if (!saved_filename) return -ENOMEM; - down_write(&tomoyo_globally_readable_list_lock); + mutex_lock(&tomoyo_policy_lock); list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) { if (ptr->filename != saved_filename) continue; @@ -248,7 +244,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename, list_add_tail_rcu(&new_entry->list, &tomoyo_globally_readable_list); error = 0; out: - up_write(&tomoyo_globally_readable_list_lock); + mutex_unlock(&tomoyo_policy_lock); return error; } @@ -352,7 +348,6 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head) * current process from accessing other process's information. */ static LIST_HEAD(tomoyo_pattern_list); -static DECLARE_RWSEM(tomoyo_pattern_list_lock); /** * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list. @@ -377,7 +372,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern, saved_pattern = tomoyo_save_name(pattern); if (!saved_pattern) return -ENOMEM; - down_write(&tomoyo_pattern_list_lock); + mutex_lock(&tomoyo_policy_lock); list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) { if (saved_pattern != ptr->pattern) continue; @@ -396,7 +391,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern, list_add_tail_rcu(&new_entry->list, &tomoyo_pattern_list); error = 0; out: - up_write(&tomoyo_pattern_list_lock); + mutex_unlock(&tomoyo_policy_lock); return error; } @@ -505,7 +500,6 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head) * need to worry whether the file is already unlink()ed or not. */ static LIST_HEAD(tomoyo_no_rewrite_list); -static DECLARE_RWSEM(tomoyo_no_rewrite_list_lock); /** * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list. @@ -529,7 +523,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern, saved_pattern = tomoyo_save_name(pattern); if (!saved_pattern) return -ENOMEM; - down_write(&tomoyo_no_rewrite_list_lock); + mutex_lock(&tomoyo_policy_lock); list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) { if (ptr->pattern != saved_pattern) continue; @@ -548,7 +542,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern, list_add_tail_rcu(&new_entry->list, &tomoyo_no_rewrite_list); error = 0; out: - up_write(&tomoyo_no_rewrite_list_lock); + mutex_unlock(&tomoyo_policy_lock); return error; } @@ -881,7 +875,7 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename, saved_filename = tomoyo_save_name(filename); if (!saved_filename) return -ENOMEM; - down_write(&tomoyo_domain_acl_info_list_lock); + mutex_lock(&tomoyo_policy_lock); if (is_delete) goto delete; list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { @@ -943,7 +937,7 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename, break; } out: - up_write(&tomoyo_domain_acl_info_list_lock); + mutex_unlock(&tomoyo_policy_lock); return error; } @@ -981,7 +975,7 @@ static int tomoyo_update_double_path_acl(const u8 type, const char *filename1, saved_filename2 = tomoyo_save_name(filename2); if (!saved_filename1 || !saved_filename2) return -ENOMEM; - down_write(&tomoyo_domain_acl_info_list_lock); + mutex_lock(&tomoyo_policy_lock); if (is_delete) goto delete; list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { @@ -1027,7 +1021,7 @@ static int tomoyo_update_double_path_acl(const u8 type, const char *filename1, break; } out: - up_write(&tomoyo_domain_acl_info_list_lock); + mutex_unlock(&tomoyo_policy_lock); return error; } |