4 * Implementation of the Domain-Based Mandatory Access Control.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
11 #include <linux/kthread.h>
12 #include <linux/slab.h>
16 TOMOYO_ID_PATH_GROUP_MEMBER,
17 TOMOYO_ID_NUMBER_GROUP,
18 TOMOYO_ID_NUMBER_GROUP_MEMBER,
19 TOMOYO_ID_DOMAIN_INITIALIZER,
20 TOMOYO_ID_DOMAIN_KEEPER,
22 TOMOYO_ID_GLOBALLY_READABLE,
31 struct tomoyo_gc_entry {
32 struct list_head list;
36 static LIST_HEAD(tomoyo_gc_queue);
37 static DEFINE_MUTEX(tomoyo_gc_mutex);
39 /* Caller holds tomoyo_policy_lock mutex. */
40 static bool tomoyo_add_to_gc(const int type, void *element)
42 struct tomoyo_gc_entry *entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
46 entry->element = element;
47 list_add(&entry->list, &tomoyo_gc_queue);
51 static void tomoyo_del_allow_read
52 (struct tomoyo_globally_readable_file_entry *ptr)
54 tomoyo_put_name(ptr->filename);
57 static void tomoyo_del_file_pattern(struct tomoyo_pattern_entry *ptr)
59 tomoyo_put_name(ptr->pattern);
62 static void tomoyo_del_no_rewrite(struct tomoyo_no_rewrite_entry *ptr)
64 tomoyo_put_name(ptr->pattern);
67 static void tomoyo_del_domain_initializer
68 (struct tomoyo_domain_initializer_entry *ptr)
70 tomoyo_put_name(ptr->domainname);
71 tomoyo_put_name(ptr->program);
74 static void tomoyo_del_domain_keeper(struct tomoyo_domain_keeper_entry *ptr)
76 tomoyo_put_name(ptr->domainname);
77 tomoyo_put_name(ptr->program);
80 static void tomoyo_del_alias(struct tomoyo_alias_entry *ptr)
82 tomoyo_put_name(ptr->original_name);
83 tomoyo_put_name(ptr->aliased_name);
86 static void tomoyo_del_manager(struct tomoyo_policy_manager_entry *ptr)
88 tomoyo_put_name(ptr->manager);
91 static void tomoyo_del_acl(struct tomoyo_acl_info *acl)
94 case TOMOYO_TYPE_PATH_ACL:
96 struct tomoyo_path_acl *entry
97 = container_of(acl, typeof(*entry), head);
98 tomoyo_put_name_union(&entry->name);
101 case TOMOYO_TYPE_PATH2_ACL:
103 struct tomoyo_path2_acl *entry
104 = container_of(acl, typeof(*entry), head);
105 tomoyo_put_name_union(&entry->name1);
106 tomoyo_put_name_union(&entry->name2);
110 printk(KERN_WARNING "Unknown type\n");
115 static bool tomoyo_del_domain(struct tomoyo_domain_info *domain)
117 struct tomoyo_acl_info *acl;
118 struct tomoyo_acl_info *tmp;
120 * Since we don't protect whole execve() operation using SRCU,
121 * we need to recheck domain->users at this point.
123 * (1) Reader starts SRCU section upon execve().
124 * (2) Reader traverses tomoyo_domain_list and finds this domain.
125 * (3) Writer marks this domain as deleted.
126 * (4) Garbage collector removes this domain from tomoyo_domain_list
127 * because this domain is marked as deleted and used by nobody.
128 * (5) Reader saves reference to this domain into
129 * "struct linux_binprm"->cred->security .
130 * (6) Reader finishes SRCU section, although execve() operation has
132 * (7) Garbage collector waits for SRCU synchronization.
133 * (8) Garbage collector kfree() this domain because this domain is
135 * (9) Reader finishes execve() operation and restores this domain from
136 * "struct linux_binprm"->cred->security.
138 * By updating domain->users at (5), we can solve this race problem
139 * by rechecking domain->users at (8).
141 if (atomic_read(&domain->users))
143 list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) {
145 tomoyo_memory_free(acl);
147 tomoyo_put_name(domain->domainname);
152 static void tomoyo_del_name(const struct tomoyo_name_entry *ptr)
156 static void tomoyo_del_path_group_member(struct tomoyo_path_group_member
159 tomoyo_put_name(member->member_name);
162 static void tomoyo_del_path_group(struct tomoyo_path_group *group)
164 tomoyo_put_name(group->group_name);
167 static void tomoyo_del_number_group_member(struct tomoyo_number_group_member
172 static void tomoyo_del_number_group(struct tomoyo_number_group *group)
174 tomoyo_put_name(group->group_name);
177 static void tomoyo_collect_entry(void)
179 if (mutex_lock_interruptible(&tomoyo_policy_lock))
182 struct tomoyo_globally_readable_file_entry *ptr;
183 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list,
185 if (!ptr->is_deleted)
187 if (tomoyo_add_to_gc(TOMOYO_ID_GLOBALLY_READABLE, ptr))
188 list_del_rcu(&ptr->list);
194 struct tomoyo_pattern_entry *ptr;
195 list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
196 if (!ptr->is_deleted)
198 if (tomoyo_add_to_gc(TOMOYO_ID_PATTERN, ptr))
199 list_del_rcu(&ptr->list);
205 struct tomoyo_no_rewrite_entry *ptr;
206 list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
207 if (!ptr->is_deleted)
209 if (tomoyo_add_to_gc(TOMOYO_ID_NO_REWRITE, ptr))
210 list_del_rcu(&ptr->list);
216 struct tomoyo_domain_initializer_entry *ptr;
217 list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list,
219 if (!ptr->is_deleted)
221 if (tomoyo_add_to_gc(TOMOYO_ID_DOMAIN_INITIALIZER, ptr))
222 list_del_rcu(&ptr->list);
228 struct tomoyo_domain_keeper_entry *ptr;
229 list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) {
230 if (!ptr->is_deleted)
232 if (tomoyo_add_to_gc(TOMOYO_ID_DOMAIN_KEEPER, ptr))
233 list_del_rcu(&ptr->list);
239 struct tomoyo_alias_entry *ptr;
240 list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
241 if (!ptr->is_deleted)
243 if (tomoyo_add_to_gc(TOMOYO_ID_ALIAS, ptr))
244 list_del_rcu(&ptr->list);
250 struct tomoyo_policy_manager_entry *ptr;
251 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list,
253 if (!ptr->is_deleted)
255 if (tomoyo_add_to_gc(TOMOYO_ID_MANAGER, ptr))
256 list_del_rcu(&ptr->list);
262 struct tomoyo_domain_info *domain;
263 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
264 struct tomoyo_acl_info *acl;
265 list_for_each_entry_rcu(acl, &domain->acl_info_list,
268 case TOMOYO_TYPE_PATH_ACL:
269 if (container_of(acl,
270 struct tomoyo_path_acl,
273 struct tomoyo_path_acl,
277 case TOMOYO_TYPE_PATH2_ACL:
278 if (container_of(acl,
279 struct tomoyo_path2_acl,
286 if (tomoyo_add_to_gc(TOMOYO_ID_ACL, acl))
287 list_del_rcu(&acl->list);
291 if (!domain->is_deleted || atomic_read(&domain->users))
294 * Nobody is referring this domain. But somebody may
295 * refer this domain after successful execve().
296 * We recheck domain->users after SRCU synchronization.
298 if (tomoyo_add_to_gc(TOMOYO_ID_DOMAIN, domain))
299 list_del_rcu(&domain->list);
306 for (i = 0; i < TOMOYO_MAX_HASH; i++) {
307 struct tomoyo_name_entry *ptr;
308 list_for_each_entry_rcu(ptr, &tomoyo_name_list[i],
310 if (atomic_read(&ptr->users))
312 if (tomoyo_add_to_gc(TOMOYO_ID_NAME, ptr))
313 list_del_rcu(&ptr->list);
322 struct tomoyo_path_group *group;
323 list_for_each_entry_rcu(group, &tomoyo_path_group_list, list) {
324 struct tomoyo_path_group_member *member;
325 list_for_each_entry_rcu(member, &group->member_list,
327 if (!member->is_deleted)
329 if (tomoyo_add_to_gc(TOMOYO_ID_PATH_GROUP_MEMBER,
331 list_del_rcu(&member->list);
335 if (!list_empty(&group->member_list) ||
336 atomic_read(&group->users))
338 if (tomoyo_add_to_gc(TOMOYO_ID_PATH_GROUP, group))
339 list_del_rcu(&group->list);
345 struct tomoyo_number_group *group;
346 list_for_each_entry_rcu(group, &tomoyo_number_group_list, list) {
347 struct tomoyo_number_group_member *member;
348 list_for_each_entry_rcu(member, &group->member_list,
350 if (!member->is_deleted)
352 if (tomoyo_add_to_gc(TOMOYO_ID_NUMBER_GROUP_MEMBER,
354 list_del_rcu(&member->list);
358 if (!list_empty(&group->member_list) ||
359 atomic_read(&group->users))
361 if (tomoyo_add_to_gc(TOMOYO_ID_NUMBER_GROUP, group))
362 list_del_rcu(&group->list);
367 mutex_unlock(&tomoyo_policy_lock);
370 static void tomoyo_kfree_entry(void)
372 struct tomoyo_gc_entry *p;
373 struct tomoyo_gc_entry *tmp;
375 list_for_each_entry_safe(p, tmp, &tomoyo_gc_queue, list) {
377 case TOMOYO_ID_DOMAIN_INITIALIZER:
378 tomoyo_del_domain_initializer(p->element);
380 case TOMOYO_ID_DOMAIN_KEEPER:
381 tomoyo_del_domain_keeper(p->element);
383 case TOMOYO_ID_ALIAS:
384 tomoyo_del_alias(p->element);
386 case TOMOYO_ID_GLOBALLY_READABLE:
387 tomoyo_del_allow_read(p->element);
389 case TOMOYO_ID_PATTERN:
390 tomoyo_del_file_pattern(p->element);
392 case TOMOYO_ID_NO_REWRITE:
393 tomoyo_del_no_rewrite(p->element);
395 case TOMOYO_ID_MANAGER:
396 tomoyo_del_manager(p->element);
399 tomoyo_del_name(p->element);
402 tomoyo_del_acl(p->element);
404 case TOMOYO_ID_DOMAIN:
405 if (!tomoyo_del_domain(p->element))
408 case TOMOYO_ID_PATH_GROUP_MEMBER:
409 tomoyo_del_path_group_member(p->element);
411 case TOMOYO_ID_PATH_GROUP:
412 tomoyo_del_path_group(p->element);
414 case TOMOYO_ID_NUMBER_GROUP_MEMBER:
415 tomoyo_del_number_group_member(p->element);
417 case TOMOYO_ID_NUMBER_GROUP:
418 tomoyo_del_number_group(p->element);
421 printk(KERN_WARNING "Unknown type\n");
424 tomoyo_memory_free(p->element);
430 static int tomoyo_gc_thread(void *unused)
432 daemonize("GC for TOMOYO");
433 if (mutex_trylock(&tomoyo_gc_mutex)) {
435 for (i = 0; i < 10; i++) {
436 tomoyo_collect_entry();
437 if (list_empty(&tomoyo_gc_queue))
439 synchronize_srcu(&tomoyo_ss);
440 tomoyo_kfree_entry();
442 mutex_unlock(&tomoyo_gc_mutex);
447 void tomoyo_run_gc(void)
449 struct task_struct *task = kthread_create(tomoyo_gc_thread, NULL,
452 wake_up_process(task);