projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
TOMOYO: Merge path_group and number_group.
[deliverable/linux.git] / security / tomoyo / gc.c
1 /*
2 * security/tomoyo/gc.c
3 *
4 * Implementation of the Domain-Based Mandatory Access Control.
5 *
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
7 *
8 */
9
10 #include "common.h"
11 #include <linux/kthread.h>
12 #include <linux/slab.h>
13
14 struct tomoyo_gc_entry {
15 struct list_head list;
16 int type;
17 struct list_head *element;
18 };
19 static LIST_HEAD(tomoyo_gc_queue);
20 static DEFINE_MUTEX(tomoyo_gc_mutex);
21
22 /* Caller holds tomoyo_policy_lock mutex. */
23 static bool tomoyo_add_to_gc(const int type, struct list_head *element)
24 {
25 struct tomoyo_gc_entry *entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
26 if (!entry)
27 return false;
28 entry->type = type;
29 entry->element = element;
30 list_add(&entry->list, &tomoyo_gc_queue);
31 list_del_rcu(element);
32 return true;
33 }
34
35 static void tomoyo_del_allow_read(struct list_head *element)
36 {
37 struct tomoyo_globally_readable_file_entry *ptr =
38 container_of(element, typeof(*ptr), head.list);
39 tomoyo_put_name(ptr->filename);
40 }
41
42 static void tomoyo_del_file_pattern(struct list_head *element)
43 {
44 struct tomoyo_pattern_entry *ptr =
45 container_of(element, typeof(*ptr), head.list);
46 tomoyo_put_name(ptr->pattern);
47 }
48
49 static void tomoyo_del_no_rewrite(struct list_head *element)
50 {
51 struct tomoyo_no_rewrite_entry *ptr =
52 container_of(element, typeof(*ptr), head.list);
53 tomoyo_put_name(ptr->pattern);
54 }
55
56 static void tomoyo_del_domain_initializer(struct list_head *element)
57 {
58 struct tomoyo_domain_initializer_entry *ptr =
59 container_of(element, typeof(*ptr), head.list);
60 tomoyo_put_name(ptr->domainname);
61 tomoyo_put_name(ptr->program);
62 }
63
64 static void tomoyo_del_domain_keeper(struct list_head *element)
65 {
66 struct tomoyo_domain_keeper_entry *ptr =
67 container_of(element, typeof(*ptr), head.list);
68 tomoyo_put_name(ptr->domainname);
69 tomoyo_put_name(ptr->program);
70 }
71
72 static void tomoyo_del_aggregator(struct list_head *element)
73 {
74 struct tomoyo_aggregator_entry *ptr =
75 container_of(element, typeof(*ptr), head.list);
76 tomoyo_put_name(ptr->original_name);
77 tomoyo_put_name(ptr->aggregated_name);
78 }
79
80 static void tomoyo_del_alias(struct list_head *element)
81 {
82 struct tomoyo_alias_entry *ptr =
83 container_of(element, typeof(*ptr), head.list);
84 tomoyo_put_name(ptr->original_name);
85 tomoyo_put_name(ptr->aliased_name);
86 }
87
88 static void tomoyo_del_manager(struct list_head *element)
89 {
90 struct tomoyo_policy_manager_entry *ptr =
91 container_of(element, typeof(*ptr), head.list);
92 tomoyo_put_name(ptr->manager);
93 }
94
95 static void tomoyo_del_acl(struct list_head *element)
96 {
97 struct tomoyo_acl_info *acl =
98 container_of(element, typeof(*acl), list);
99 switch (acl->type) {
100 case TOMOYO_TYPE_PATH_ACL:
101 {
102 struct tomoyo_path_acl *entry
103 = container_of(acl, typeof(*entry), head);
104 tomoyo_put_name_union(&entry->name);
105 }
106 break;
107 case TOMOYO_TYPE_PATH2_ACL:
108 {
109 struct tomoyo_path2_acl *entry
110 = container_of(acl, typeof(*entry), head);
111 tomoyo_put_name_union(&entry->name1);
112 tomoyo_put_name_union(&entry->name2);
113 }
114 break;
115 case TOMOYO_TYPE_PATH_NUMBER_ACL:
116 {
117 struct tomoyo_path_number_acl *entry
118 = container_of(acl, typeof(*entry), head);
119 tomoyo_put_name_union(&entry->name);
120 tomoyo_put_number_union(&entry->number);
121 }
122 break;
123 case TOMOYO_TYPE_MKDEV_ACL:
124 {
125 struct tomoyo_mkdev_acl *entry
126 = container_of(acl, typeof(*entry), head);
127 tomoyo_put_name_union(&entry->name);
128 tomoyo_put_number_union(&entry->mode);
129 tomoyo_put_number_union(&entry->major);
130 tomoyo_put_number_union(&entry->minor);
131 }
132 break;
133 case TOMOYO_TYPE_MOUNT_ACL:
134 {
135 struct tomoyo_mount_acl *entry
136 = container_of(acl, typeof(*entry), head);
137 tomoyo_put_name_union(&entry->dev_name);
138 tomoyo_put_name_union(&entry->dir_name);
139 tomoyo_put_name_union(&entry->fs_type);
140 tomoyo_put_number_union(&entry->flags);
141 }
142 break;
143 }
144 }
145
146 static bool tomoyo_del_domain(struct list_head *element)
147 {
148 struct tomoyo_domain_info *domain =
149 container_of(element, typeof(*domain), list);
150 struct tomoyo_acl_info *acl;
151 struct tomoyo_acl_info *tmp;
152 /*
153 * Since we don't protect whole execve() operation using SRCU,
154 * we need to recheck domain->users at this point.
155 *
156 * (1) Reader starts SRCU section upon execve().
157 * (2) Reader traverses tomoyo_domain_list and finds this domain.
158 * (3) Writer marks this domain as deleted.
159 * (4) Garbage collector removes this domain from tomoyo_domain_list
160 * because this domain is marked as deleted and used by nobody.
161 * (5) Reader saves reference to this domain into
162 * "struct linux_binprm"->cred->security .
163 * (6) Reader finishes SRCU section, although execve() operation has
164 * not finished yet.
165 * (7) Garbage collector waits for SRCU synchronization.
166 * (8) Garbage collector kfree() this domain because this domain is
167 * used by nobody.
168 * (9) Reader finishes execve() operation and restores this domain from
169 * "struct linux_binprm"->cred->security.
170 *
171 * By updating domain->users at (5), we can solve this race problem
172 * by rechecking domain->users at (8).
173 */
174 if (atomic_read(&domain->users))
175 return false;
176 list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) {
177 tomoyo_del_acl(&acl->list);
178 tomoyo_memory_free(acl);
179 }
180 tomoyo_put_name(domain->domainname);
181 return true;
182 }
183
184
185 static void tomoyo_del_name(struct list_head *element)
186 {
187 const struct tomoyo_name_entry *ptr =
188 container_of(element, typeof(*ptr), list);
189 }
190
191 static void tomoyo_del_path_group(struct list_head *element)
192 {
193 struct tomoyo_path_group *member =
194 container_of(element, typeof(*member), head.list);
195 tomoyo_put_name(member->member_name);
196 }
197
198 static void tomoyo_del_group(struct list_head *element)
199 {
200 struct tomoyo_group *group =
201 container_of(element, typeof(*group), list);
202 tomoyo_put_name(group->group_name);
203 }
204
205 static void tomoyo_del_number_group(struct list_head *element)
206 {
207 struct tomoyo_number_group *member =
208 container_of(element, typeof(*member), head.list);
209 }
210
211 static bool tomoyo_collect_member(struct list_head *member_list, int id)
212 {
213 struct tomoyo_acl_head *member;
214 list_for_each_entry(member, member_list, list) {
215 if (!member->is_deleted)
216 continue;
217 if (!tomoyo_add_to_gc(id, &member->list))
218 return false;
219 }
220 return true;
221 }
222
223 static bool tomoyo_collect_acl(struct tomoyo_domain_info *domain)
224 {
225 struct tomoyo_acl_info *acl;
226 list_for_each_entry(acl, &domain->acl_info_list, list) {
227 if (!acl->is_deleted)
228 continue;
229 if (!tomoyo_add_to_gc(TOMOYO_ID_ACL, &acl->list))
230 return false;
231 }
232 return true;
233 }
234
235 static void tomoyo_collect_entry(void)
236 {
237 int i;
238 if (mutex_lock_interruptible(&tomoyo_policy_lock))
239 return;
240 for (i = 0; i < TOMOYO_MAX_POLICY; i++) {
241 if (!tomoyo_collect_member(&tomoyo_policy_list[i], i))
242 goto unlock;
243 }
244 {
245 struct tomoyo_domain_info *domain;
246 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
247 if (!tomoyo_collect_acl(domain))
248 goto unlock;
249 if (!domain->is_deleted || atomic_read(&domain->users))
250 continue;
251 /*
252 * Nobody is referring this domain. But somebody may
253 * refer this domain after successful execve().
254 * We recheck domain->users after SRCU synchronization.
255 */
256 if (!tomoyo_add_to_gc(TOMOYO_ID_DOMAIN, &domain->list))
257 goto unlock;
258 }
259 }
260 for (i = 0; i < TOMOYO_MAX_HASH; i++) {
261 struct tomoyo_name_entry *ptr;
262 list_for_each_entry_rcu(ptr, &tomoyo_name_list[i], list) {
263 if (atomic_read(&ptr->users))
264 continue;
265 if (!tomoyo_add_to_gc(TOMOYO_ID_NAME, &ptr->list))
266 goto unlock;
267 }
268 }
269 for (i = 0; i < TOMOYO_MAX_GROUP; i++) {
270 struct list_head *list = &tomoyo_group_list[i];
271 int id;
272 struct tomoyo_group *group;
273 switch (i) {
274 case 0:
275 id = TOMOYO_ID_PATH_GROUP;
276 break;
277 default:
278 id = TOMOYO_ID_NUMBER_GROUP;
279 break;
280 }
281 list_for_each_entry(group, list, list) {
282 if (!tomoyo_collect_member(&group->member_list, id))
283 goto unlock;
284 if (!list_empty(&group->member_list) ||
285 atomic_read(&group->users))
286 continue;
287 if (!tomoyo_add_to_gc(TOMOYO_ID_GROUP, &group->list))
288 goto unlock;
289 }
290 }
291 unlock:
292 mutex_unlock(&tomoyo_policy_lock);
293 }
294
295 static void tomoyo_kfree_entry(void)
296 {
297 struct tomoyo_gc_entry *p;
298 struct tomoyo_gc_entry *tmp;
299
300 list_for_each_entry_safe(p, tmp, &tomoyo_gc_queue, list) {
301 struct list_head *element = p->element;
302 switch (p->type) {
303 case TOMOYO_ID_DOMAIN_INITIALIZER:
304 tomoyo_del_domain_initializer(element);
305 break;
306 case TOMOYO_ID_DOMAIN_KEEPER:
307 tomoyo_del_domain_keeper(element);
308 break;
309 case TOMOYO_ID_AGGREGATOR:
310 tomoyo_del_aggregator(element);
311 break;
312 case TOMOYO_ID_ALIAS:
313 tomoyo_del_alias(element);
314 break;
315 case TOMOYO_ID_GLOBALLY_READABLE:
316 tomoyo_del_allow_read(element);
317 break;
318 case TOMOYO_ID_PATTERN:
319 tomoyo_del_file_pattern(element);
320 break;
321 case TOMOYO_ID_NO_REWRITE:
322 tomoyo_del_no_rewrite(element);
323 break;
324 case TOMOYO_ID_MANAGER:
325 tomoyo_del_manager(element);
326 break;
327 case TOMOYO_ID_NAME:
328 tomoyo_del_name(element);
329 break;
330 case TOMOYO_ID_ACL:
331 tomoyo_del_acl(element);
332 break;
333 case TOMOYO_ID_DOMAIN:
334 if (!tomoyo_del_domain(element))
335 continue;
336 break;
337 case TOMOYO_ID_PATH_GROUP:
338 tomoyo_del_path_group(element);
339 break;
340 case TOMOYO_ID_GROUP:
341 tomoyo_del_group(element);
342 break;
343 case TOMOYO_ID_NUMBER_GROUP:
344 tomoyo_del_number_group(element);
345 break;
346 }
347 tomoyo_memory_free(element);
348 list_del(&p->list);
349 kfree(p);
350 }
351 }
352
353 static int tomoyo_gc_thread(void *unused)
354 {
355 daemonize("GC for TOMOYO");
356 if (mutex_trylock(&tomoyo_gc_mutex)) {
357 int i;
358 for (i = 0; i < 10; i++) {
359 tomoyo_collect_entry();
360 if (list_empty(&tomoyo_gc_queue))
361 break;
362 synchronize_srcu(&tomoyo_ss);
363 tomoyo_kfree_entry();
364 }
365 mutex_unlock(&tomoyo_gc_mutex);
366 }
367 do_exit(0);
368 }
369
370 void tomoyo_run_gc(void)
371 {
372 struct task_struct *task = kthread_create(tomoyo_gc_thread, NULL,
373 "GC for TOMOYO");
374 if (!IS_ERR(task))
375 wake_up_process(task);
376 }
Linux kernel - Deliverables
This page took 0.048762 seconds and 5 git commands to generate.