4 * Implementation of the Domain-Based Mandatory Access Control.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
11 #include <linux/kthread.h>
12 #include <linux/slab.h>
16 TOMOYO_ID_PATH_GROUP_MEMBER,
17 TOMOYO_ID_NUMBER_GROUP,
18 TOMOYO_ID_NUMBER_GROUP_MEMBER,
19 TOMOYO_ID_DOMAIN_INITIALIZER,
20 TOMOYO_ID_DOMAIN_KEEPER,
22 TOMOYO_ID_GLOBALLY_READABLE,
31 struct tomoyo_gc_entry {
32 struct list_head list;
36 static LIST_HEAD(tomoyo_gc_queue);
37 static DEFINE_MUTEX(tomoyo_gc_mutex);
39 /* Caller holds tomoyo_policy_lock mutex. */
40 static bool tomoyo_add_to_gc(const int type, void *element)
42 struct tomoyo_gc_entry *entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
46 entry->element = element;
47 list_add(&entry->list, &tomoyo_gc_queue);
51 static void tomoyo_del_allow_read
52 (struct tomoyo_globally_readable_file_entry *ptr)
54 tomoyo_put_name(ptr->filename);
57 static void tomoyo_del_file_pattern(struct tomoyo_pattern_entry *ptr)
59 tomoyo_put_name(ptr->pattern);
62 static void tomoyo_del_no_rewrite(struct tomoyo_no_rewrite_entry *ptr)
64 tomoyo_put_name(ptr->pattern);
67 static void tomoyo_del_domain_initializer
68 (struct tomoyo_domain_initializer_entry *ptr)
70 tomoyo_put_name(ptr->domainname);
71 tomoyo_put_name(ptr->program);
74 static void tomoyo_del_domain_keeper(struct tomoyo_domain_keeper_entry *ptr)
76 tomoyo_put_name(ptr->domainname);
77 tomoyo_put_name(ptr->program);
80 static void tomoyo_del_alias(struct tomoyo_alias_entry *ptr)
82 tomoyo_put_name(ptr->original_name);
83 tomoyo_put_name(ptr->aliased_name);
86 static void tomoyo_del_manager(struct tomoyo_policy_manager_entry *ptr)
88 tomoyo_put_name(ptr->manager);
91 static void tomoyo_del_acl(struct tomoyo_acl_info *acl)
94 case TOMOYO_TYPE_PATH_ACL:
96 struct tomoyo_path_acl *entry
97 = container_of(acl, typeof(*entry), head);
98 tomoyo_put_name_union(&entry->name);
101 case TOMOYO_TYPE_PATH2_ACL:
103 struct tomoyo_path2_acl *entry
104 = container_of(acl, typeof(*entry), head);
105 tomoyo_put_name_union(&entry->name1);
106 tomoyo_put_name_union(&entry->name2);
109 case TOMOYO_TYPE_PATH_NUMBER_ACL:
111 struct tomoyo_path_number_acl *entry
112 = container_of(acl, typeof(*entry), head);
113 tomoyo_put_name_union(&entry->name);
114 tomoyo_put_number_union(&entry->number);
117 case TOMOYO_TYPE_PATH_NUMBER3_ACL:
119 struct tomoyo_path_number3_acl *entry
120 = container_of(acl, typeof(*entry), head);
121 tomoyo_put_name_union(&entry->name);
122 tomoyo_put_number_union(&entry->mode);
123 tomoyo_put_number_union(&entry->major);
124 tomoyo_put_number_union(&entry->minor);
128 printk(KERN_WARNING "Unknown type\n");
133 static bool tomoyo_del_domain(struct tomoyo_domain_info *domain)
135 struct tomoyo_acl_info *acl;
136 struct tomoyo_acl_info *tmp;
138 * Since we don't protect whole execve() operation using SRCU,
139 * we need to recheck domain->users at this point.
141 * (1) Reader starts SRCU section upon execve().
142 * (2) Reader traverses tomoyo_domain_list and finds this domain.
143 * (3) Writer marks this domain as deleted.
144 * (4) Garbage collector removes this domain from tomoyo_domain_list
145 * because this domain is marked as deleted and used by nobody.
146 * (5) Reader saves reference to this domain into
147 * "struct linux_binprm"->cred->security .
148 * (6) Reader finishes SRCU section, although execve() operation has
150 * (7) Garbage collector waits for SRCU synchronization.
151 * (8) Garbage collector kfree() this domain because this domain is
153 * (9) Reader finishes execve() operation and restores this domain from
154 * "struct linux_binprm"->cred->security.
156 * By updating domain->users at (5), we can solve this race problem
157 * by rechecking domain->users at (8).
159 if (atomic_read(&domain->users))
161 list_for_each_entry_safe(acl, tmp, &domain->acl_info_list, list) {
163 tomoyo_memory_free(acl);
165 tomoyo_put_name(domain->domainname);
170 static void tomoyo_del_name(const struct tomoyo_name_entry *ptr)
174 static void tomoyo_del_path_group_member(struct tomoyo_path_group_member
177 tomoyo_put_name(member->member_name);
180 static void tomoyo_del_path_group(struct tomoyo_path_group *group)
182 tomoyo_put_name(group->group_name);
185 static void tomoyo_del_number_group_member(struct tomoyo_number_group_member
190 static void tomoyo_del_number_group(struct tomoyo_number_group *group)
192 tomoyo_put_name(group->group_name);
195 static void tomoyo_collect_entry(void)
197 if (mutex_lock_interruptible(&tomoyo_policy_lock))
200 struct tomoyo_globally_readable_file_entry *ptr;
201 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list,
203 if (!ptr->is_deleted)
205 if (tomoyo_add_to_gc(TOMOYO_ID_GLOBALLY_READABLE, ptr))
206 list_del_rcu(&ptr->list);
212 struct tomoyo_pattern_entry *ptr;
213 list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
214 if (!ptr->is_deleted)
216 if (tomoyo_add_to_gc(TOMOYO_ID_PATTERN, ptr))
217 list_del_rcu(&ptr->list);
223 struct tomoyo_no_rewrite_entry *ptr;
224 list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
225 if (!ptr->is_deleted)
227 if (tomoyo_add_to_gc(TOMOYO_ID_NO_REWRITE, ptr))
228 list_del_rcu(&ptr->list);
234 struct tomoyo_domain_initializer_entry *ptr;
235 list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list,
237 if (!ptr->is_deleted)
239 if (tomoyo_add_to_gc(TOMOYO_ID_DOMAIN_INITIALIZER, ptr))
240 list_del_rcu(&ptr->list);
246 struct tomoyo_domain_keeper_entry *ptr;
247 list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) {
248 if (!ptr->is_deleted)
250 if (tomoyo_add_to_gc(TOMOYO_ID_DOMAIN_KEEPER, ptr))
251 list_del_rcu(&ptr->list);
257 struct tomoyo_alias_entry *ptr;
258 list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
259 if (!ptr->is_deleted)
261 if (tomoyo_add_to_gc(TOMOYO_ID_ALIAS, ptr))
262 list_del_rcu(&ptr->list);
268 struct tomoyo_policy_manager_entry *ptr;
269 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list,
271 if (!ptr->is_deleted)
273 if (tomoyo_add_to_gc(TOMOYO_ID_MANAGER, ptr))
274 list_del_rcu(&ptr->list);
280 struct tomoyo_domain_info *domain;
281 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
282 struct tomoyo_acl_info *acl;
283 list_for_each_entry_rcu(acl, &domain->acl_info_list,
286 case TOMOYO_TYPE_PATH_ACL:
287 if (container_of(acl,
288 struct tomoyo_path_acl,
292 case TOMOYO_TYPE_PATH2_ACL:
293 if (container_of(acl,
294 struct tomoyo_path2_acl,
298 case TOMOYO_TYPE_PATH_NUMBER_ACL:
299 if (container_of(acl,
300 struct tomoyo_path_number_acl,
304 case TOMOYO_TYPE_PATH_NUMBER3_ACL:
305 if (container_of(acl,
306 struct tomoyo_path_number3_acl,
313 if (tomoyo_add_to_gc(TOMOYO_ID_ACL, acl))
314 list_del_rcu(&acl->list);
318 if (!domain->is_deleted || atomic_read(&domain->users))
321 * Nobody is referring this domain. But somebody may
322 * refer this domain after successful execve().
323 * We recheck domain->users after SRCU synchronization.
325 if (tomoyo_add_to_gc(TOMOYO_ID_DOMAIN, domain))
326 list_del_rcu(&domain->list);
333 for (i = 0; i < TOMOYO_MAX_HASH; i++) {
334 struct tomoyo_name_entry *ptr;
335 list_for_each_entry_rcu(ptr, &tomoyo_name_list[i],
337 if (atomic_read(&ptr->users))
339 if (tomoyo_add_to_gc(TOMOYO_ID_NAME, ptr))
340 list_del_rcu(&ptr->list);
349 struct tomoyo_path_group *group;
350 list_for_each_entry_rcu(group, &tomoyo_path_group_list, list) {
351 struct tomoyo_path_group_member *member;
352 list_for_each_entry_rcu(member, &group->member_list,
354 if (!member->is_deleted)
356 if (tomoyo_add_to_gc(TOMOYO_ID_PATH_GROUP_MEMBER,
358 list_del_rcu(&member->list);
362 if (!list_empty(&group->member_list) ||
363 atomic_read(&group->users))
365 if (tomoyo_add_to_gc(TOMOYO_ID_PATH_GROUP, group))
366 list_del_rcu(&group->list);
372 struct tomoyo_number_group *group;
373 list_for_each_entry_rcu(group, &tomoyo_number_group_list, list) {
374 struct tomoyo_number_group_member *member;
375 list_for_each_entry_rcu(member, &group->member_list,
377 if (!member->is_deleted)
379 if (tomoyo_add_to_gc(TOMOYO_ID_NUMBER_GROUP_MEMBER,
381 list_del_rcu(&member->list);
385 if (!list_empty(&group->member_list) ||
386 atomic_read(&group->users))
388 if (tomoyo_add_to_gc(TOMOYO_ID_NUMBER_GROUP, group))
389 list_del_rcu(&group->list);
394 mutex_unlock(&tomoyo_policy_lock);
397 static void tomoyo_kfree_entry(void)
399 struct tomoyo_gc_entry *p;
400 struct tomoyo_gc_entry *tmp;
402 list_for_each_entry_safe(p, tmp, &tomoyo_gc_queue, list) {
404 case TOMOYO_ID_DOMAIN_INITIALIZER:
405 tomoyo_del_domain_initializer(p->element);
407 case TOMOYO_ID_DOMAIN_KEEPER:
408 tomoyo_del_domain_keeper(p->element);
410 case TOMOYO_ID_ALIAS:
411 tomoyo_del_alias(p->element);
413 case TOMOYO_ID_GLOBALLY_READABLE:
414 tomoyo_del_allow_read(p->element);
416 case TOMOYO_ID_PATTERN:
417 tomoyo_del_file_pattern(p->element);
419 case TOMOYO_ID_NO_REWRITE:
420 tomoyo_del_no_rewrite(p->element);
422 case TOMOYO_ID_MANAGER:
423 tomoyo_del_manager(p->element);
426 tomoyo_del_name(p->element);
429 tomoyo_del_acl(p->element);
431 case TOMOYO_ID_DOMAIN:
432 if (!tomoyo_del_domain(p->element))
435 case TOMOYO_ID_PATH_GROUP_MEMBER:
436 tomoyo_del_path_group_member(p->element);
438 case TOMOYO_ID_PATH_GROUP:
439 tomoyo_del_path_group(p->element);
441 case TOMOYO_ID_NUMBER_GROUP_MEMBER:
442 tomoyo_del_number_group_member(p->element);
444 case TOMOYO_ID_NUMBER_GROUP:
445 tomoyo_del_number_group(p->element);
448 printk(KERN_WARNING "Unknown type\n");
451 tomoyo_memory_free(p->element);
457 static int tomoyo_gc_thread(void *unused)
459 daemonize("GC for TOMOYO");
460 if (mutex_trylock(&tomoyo_gc_mutex)) {
462 for (i = 0; i < 10; i++) {
463 tomoyo_collect_entry();
464 if (list_empty(&tomoyo_gc_queue))
466 synchronize_srcu(&tomoyo_ss);
467 tomoyo_kfree_entry();
469 mutex_unlock(&tomoyo_gc_mutex);
474 void tomoyo_run_gc(void)
476 struct task_struct *task = kthread_create(tomoyo_gc_thread, NULL,
479 wake_up_process(task);