4 * Implementation of the Domain-Based Mandatory Access Control.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
11 #include <linux/kthread.h>
12 #include <linux/slab.h>
15 struct list_head list;
17 struct list_head *element;
19 static LIST_HEAD(tomoyo_gc_queue);
20 static DEFINE_MUTEX(tomoyo_gc_mutex);
22 /* Caller holds tomoyo_policy_lock mutex. */
23 static bool tomoyo_add_to_gc(const int type, struct list_head *element)
25 struct tomoyo_gc *entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
29 entry->element = element;
30 list_add(&entry->list, &tomoyo_gc_queue);
31 list_del_rcu(element);
35 static void tomoyo_del_transition_control(struct list_head *element)
37 struct tomoyo_transition_control *ptr =
38 container_of(element, typeof(*ptr), head.list);
39 tomoyo_put_name(ptr->domainname);
40 tomoyo_put_name(ptr->program);
43 static void tomoyo_del_aggregator(struct list_head *element)
45 struct tomoyo_aggregator *ptr =
46 container_of(element, typeof(*ptr), head.list);
47 tomoyo_put_name(ptr->original_name);
48 tomoyo_put_name(ptr->aggregated_name);
51 static void tomoyo_del_manager(struct list_head *element)
53 struct tomoyo_manager *ptr =
54 container_of(element, typeof(*ptr), head.list);
55 tomoyo_put_name(ptr->manager);
58 static void tomoyo_del_acl(struct list_head *element)
60 struct tomoyo_acl_info *acl =
61 container_of(element, typeof(*acl), list);
63 case TOMOYO_TYPE_PATH_ACL:
65 struct tomoyo_path_acl *entry
66 = container_of(acl, typeof(*entry), head);
67 tomoyo_put_name_union(&entry->name);
70 case TOMOYO_TYPE_PATH2_ACL:
72 struct tomoyo_path2_acl *entry
73 = container_of(acl, typeof(*entry), head);
74 tomoyo_put_name_union(&entry->name1);
75 tomoyo_put_name_union(&entry->name2);
78 case TOMOYO_TYPE_PATH_NUMBER_ACL:
80 struct tomoyo_path_number_acl *entry
81 = container_of(acl, typeof(*entry), head);
82 tomoyo_put_name_union(&entry->name);
83 tomoyo_put_number_union(&entry->number);
86 case TOMOYO_TYPE_MKDEV_ACL:
88 struct tomoyo_mkdev_acl *entry
89 = container_of(acl, typeof(*entry), head);
90 tomoyo_put_name_union(&entry->name);
91 tomoyo_put_number_union(&entry->mode);
92 tomoyo_put_number_union(&entry->major);
93 tomoyo_put_number_union(&entry->minor);
96 case TOMOYO_TYPE_MOUNT_ACL:
98 struct tomoyo_mount_acl *entry
99 = container_of(acl, typeof(*entry), head);
100 tomoyo_put_name_union(&entry->dev_name);
101 tomoyo_put_name_union(&entry->dir_name);
102 tomoyo_put_name_union(&entry->fs_type);
103 tomoyo_put_number_union(&entry->flags);
109 static bool tomoyo_del_domain(struct list_head *element)
111 struct tomoyo_domain_info *domain =
112 container_of(element, typeof(*domain), list);
113 struct tomoyo_acl_info *acl;
114 struct tomoyo_acl_info *tmp;
116 * Since we don't protect whole execve() operation using SRCU,
117 * we need to recheck domain->users at this point.
119 * (1) Reader starts SRCU section upon execve().
120 * (2) Reader traverses tomoyo_domain_list and finds this domain.
121 * (3) Writer marks this domain as deleted.
122 * (4) Garbage collector removes this domain from tomoyo_domain_list
123 * because this domain is marked as deleted and used by nobody.
124 * (5) Reader saves reference to this domain into
125 * "struct linux_binprm"->cred->security .
126 * (6) Reader finishes SRCU section, although execve() operation has
128 * (7) Garbage collector waits for SRCU synchronization.
129 * (8) Garbage collector kfree() this domain because this domain is
131 * (9) Reader finishes execve() operation and restores this domain from
132 * "struct linux_binprm"->cred->security.
134 * By updating domain->users at (5), we can solve this race problem
135 * by rechecking domain->users at (8).
137 if (atomic_read(&domain->users))
139 list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) {
140 tomoyo_del_acl(&acl->list);
141 tomoyo_memory_free(acl);
143 tomoyo_put_name(domain->domainname);
148 static void tomoyo_del_name(struct list_head *element)
150 const struct tomoyo_name *ptr =
151 container_of(element, typeof(*ptr), list);
154 static void tomoyo_del_path_group(struct list_head *element)
156 struct tomoyo_path_group *member =
157 container_of(element, typeof(*member), head.list);
158 tomoyo_put_name(member->member_name);
161 static void tomoyo_del_group(struct list_head *element)
163 struct tomoyo_group *group =
164 container_of(element, typeof(*group), list);
165 tomoyo_put_name(group->group_name);
168 static void tomoyo_del_number_group(struct list_head *element)
170 struct tomoyo_number_group *member =
171 container_of(element, typeof(*member), head.list);
174 static bool tomoyo_collect_member(struct list_head *member_list, int id)
176 struct tomoyo_acl_head *member;
177 list_for_each_entry(member, member_list, list) {
178 if (!member->is_deleted)
180 if (!tomoyo_add_to_gc(id, &member->list))
186 static bool tomoyo_collect_acl(struct tomoyo_domain_info *domain)
188 struct tomoyo_acl_info *acl;
189 list_for_each_entry(acl, &domain->acl_info_list, list) {
190 if (!acl->is_deleted)
192 if (!tomoyo_add_to_gc(TOMOYO_ID_ACL, &acl->list))
198 static void tomoyo_collect_entry(void)
201 if (mutex_lock_interruptible(&tomoyo_policy_lock))
203 for (i = 0; i < TOMOYO_MAX_POLICY; i++) {
204 if (!tomoyo_collect_member(&tomoyo_policy_list[i], i))
208 struct tomoyo_domain_info *domain;
209 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
210 if (!tomoyo_collect_acl(domain))
212 if (!domain->is_deleted || atomic_read(&domain->users))
215 * Nobody is referring this domain. But somebody may
216 * refer this domain after successful execve().
217 * We recheck domain->users after SRCU synchronization.
219 if (!tomoyo_add_to_gc(TOMOYO_ID_DOMAIN, &domain->list))
223 for (i = 0; i < TOMOYO_MAX_HASH; i++) {
224 struct tomoyo_name *ptr;
225 list_for_each_entry_rcu(ptr, &tomoyo_name_list[i], list) {
226 if (atomic_read(&ptr->users))
228 if (!tomoyo_add_to_gc(TOMOYO_ID_NAME, &ptr->list))
232 for (i = 0; i < TOMOYO_MAX_GROUP; i++) {
233 struct list_head *list = &tomoyo_group_list[i];
235 struct tomoyo_group *group;
238 id = TOMOYO_ID_PATH_GROUP;
241 id = TOMOYO_ID_NUMBER_GROUP;
244 list_for_each_entry(group, list, list) {
245 if (!tomoyo_collect_member(&group->member_list, id))
247 if (!list_empty(&group->member_list) ||
248 atomic_read(&group->users))
250 if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, &group->list))
255 mutex_unlock(&tomoyo_policy_lock);
258 static void tomoyo_kfree_entry(void)
261 struct tomoyo_gc *tmp;
263 list_for_each_entry_safe(p, tmp, &tomoyo_gc_queue, list) {
264 struct list_head *element = p->element;
266 case TOMOYO_ID_TRANSITION_CONTROL:
267 tomoyo_del_transition_control(element);
269 case TOMOYO_ID_AGGREGATOR:
270 tomoyo_del_aggregator(element);
272 case TOMOYO_ID_MANAGER:
273 tomoyo_del_manager(element);
276 tomoyo_del_name(element);
279 tomoyo_del_acl(element);
281 case TOMOYO_ID_DOMAIN:
282 if (!tomoyo_del_domain(element))
285 case TOMOYO_ID_PATH_GROUP:
286 tomoyo_del_path_group(element);
288 case TOMOYO_ID_GROUP:
289 tomoyo_del_group(element);
291 case TOMOYO_ID_NUMBER_GROUP:
292 tomoyo_del_number_group(element);
295 tomoyo_memory_free(element);
301 static int tomoyo_gc_thread(void *unused)
303 daemonize("GC for TOMOYO");
304 if (mutex_trylock(&tomoyo_gc_mutex)) {
306 for (i = 0; i < 10; i++) {
307 tomoyo_collect_entry();
308 if (list_empty(&tomoyo_gc_queue))
310 synchronize_srcu(&tomoyo_ss);
311 tomoyo_kfree_entry();
313 mutex_unlock(&tomoyo_gc_mutex);
318 void tomoyo_run_gc(void)
320 struct task_struct *task = kthread_create(tomoyo_gc_thread, NULL,
323 wake_up_process(task);
projects / platform / adaptation / renesas_rcar / renesas_kernel.git / blob