diff options
Diffstat (limited to 'security/tomoyo/common.h')
-rw-r--r-- | security/tomoyo/common.h | 47 |
1 files changed, 31 insertions, 16 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 92169d29b2db..610a6a056828 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -108,7 +108,7 @@ struct tomoyo_path_info_with_data { * (b) type & 0x80 : whether the entry is marked as "deleted". * * Packing "struct tomoyo_acl_info" allows - * "struct tomoyo_single_path_acl_record" to embed "u16" and + * "struct tomoyo_single_path_acl_record" to embed "u8" + "u16" and * "struct tomoyo_double_path_acl_record" to embed "u8" * without enlarging their structure size. */ @@ -184,10 +184,13 @@ struct tomoyo_domain_info { * Directives held by this structure are "allow_read/write", "allow_execute", * "allow_read", "allow_write", "allow_create", "allow_unlink", "allow_mkdir", * "allow_rmdir", "allow_mkfifo", "allow_mksock", "allow_mkblock", - * "allow_mkchar", "allow_truncate", "allow_symlink" and "allow_rewrite". + * "allow_mkchar", "allow_truncate", "allow_symlink", "allow_rewrite", + * "allow_chmod", "allow_chown", "allow_chgrp", "allow_chroot", "allow_mount" + * and "allow_unmount". */ struct tomoyo_single_path_acl_record { struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_SINGLE_PATH_ACL */ + u8 perm_high; u16 perm; /* Pointer to single pathname. */ const struct tomoyo_path_info *filename; @@ -195,7 +198,7 @@ struct tomoyo_single_path_acl_record { /* * tomoyo_double_path_acl_record is a structure which is used for holding an - * entry with two pathnames operation (i.e. link() and rename()). + * entry with two pathnames operation (i.e. link(), rename() and pivot_root()). * It has following fields. * * (1) "head" which is a "struct tomoyo_acl_info". @@ -203,7 +206,8 @@ struct tomoyo_single_path_acl_record { * (3) "filename1" is the source/old pathname. * (4) "filename2" is the destination/new pathname. * - * Directives held by this structure are "allow_rename" and "allow_link". + * Directives held by this structure are "allow_rename", "allow_link" and + * "allow_pivot_root". */ struct tomoyo_double_path_acl_record { struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_DOUBLE_PATH_ACL */ @@ -265,6 +269,8 @@ struct tomoyo_io_buffer { int (*write) (struct tomoyo_io_buffer *); /* Exclusive lock for this structure. */ struct mutex io_sem; + /* Index returned by tomoyo_read_lock(). */ + int reader_idx; /* The position currently reading from. */ struct list_head *read_var1; /* Extra variables for reading. */ @@ -370,8 +376,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * /* Check mode for specified functionality. */ unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, const u8 index); -/* Allocate memory for structures. */ -void *tomoyo_alloc_acl_element(const u8 acl_type); /* Fill in "struct tomoyo_path_info" members. */ void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); /* Run policy loader when /sbin/init starts. */ @@ -425,10 +429,9 @@ static inline bool tomoyo_is_invalid(const unsigned char c) /* The list for "struct tomoyo_domain_info". */ extern struct list_head tomoyo_domain_list; -extern struct rw_semaphore tomoyo_domain_list_lock; -/* Lock for domain->acl_info_list. */ -extern struct rw_semaphore tomoyo_domain_acl_info_list_lock; +/* Lock for protecting policy. */ +extern struct mutex tomoyo_policy_lock; /* Has /sbin/init started? */ extern bool tomoyo_policy_loaded; @@ -442,16 +445,28 @@ extern struct tomoyo_domain_info tomoyo_kernel_domain; * @cookie: the &struct list_head to use as a cookie. * @head: the head for your list. * - * Same with list_for_each() except that this primitive uses @cookie + * Same with list_for_each_rcu() except that this primitive uses @cookie * so that we can continue iteration. * @cookie must be NULL when iteration starts, and @cookie will become * NULL when iteration finishes. */ -#define list_for_each_cookie(pos, cookie, head) \ - for (({ if (!cookie) \ - cookie = head; }), \ - pos = (cookie)->next; \ - prefetch(pos->next), pos != (head) || ((cookie) = NULL); \ - (cookie) = pos, pos = pos->next) +#define list_for_each_cookie(pos, cookie, head) \ + for (({ if (!cookie) \ + cookie = head; }), \ + pos = rcu_dereference((cookie)->next); \ + prefetch(pos->next), pos != (head) || ((cookie) = NULL); \ + (cookie) = pos, pos = rcu_dereference(pos->next)) + +extern struct srcu_struct tomoyo_ss; + +static inline int tomoyo_read_lock(void) +{ + return srcu_read_lock(&tomoyo_ss); +} + +static inline void tomoyo_read_unlock(int idx) +{ + srcu_read_unlock(&tomoyo_ss, idx); +} #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ |