---

yaml --- r: 264552 b: refs/heads/master c: b780498 h: refs/heads/master v: v3
git-mirror · Sep 21, 2011 · 400cedc · 400cedc
1 parent bc719f8
commit 400cedc
Show file tree

Hide file tree

Showing 11 changed files with 365 additions and 227 deletions.
diff --git a/[refs] b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: a427fd14d3edf6396c4b9638dbc8e2972afaa05b
+refs/heads/master: b78049831ffed65f0b4e61f69df14f3ab17922cb
diff --git a/trunk/include/linux/kernel.h b/trunk/include/linux/kernel.h
@@ -382,7 +382,7 @@ static inline char *pack_hex_byte(char *buf, u8 byte)
 }
 
 extern int hex_to_bin(char ch);
-extern void hex2bin(u8 *dst, const char *src, size_t count);
+extern int __must_check hex2bin(u8 *dst, const char *src, size_t count);
 
 /*
  * General tracing related utility functions - trace_printk(),

diff --git a/trunk/lib/hexdump.c b/trunk/lib/hexdump.c
@@ -38,14 +38,21 @@ EXPORT_SYMBOL(hex_to_bin);
  * @dst: binary result
  * @src: ascii hexadecimal string
  * @count: result length
+ *
+ * Return 0 on success, -1 in case of bad input.
  */
-void hex2bin(u8 *dst, const char *src, size_t count)
+int hex2bin(u8 *dst, const char *src, size_t count)
 {
 	while (count--) {
-		*dst = hex_to_bin(*src++) << 4;
-		*dst += hex_to_bin(*src++);
-		dst++;
+		int hi = hex_to_bin(*src++);
+		int lo = hex_to_bin(*src++);
+
+		if ((hi < 0) || (lo < 0))
+			return -1;
+
+		*dst++ = (hi << 4) | lo;
 	}
+	return 0;
 }
 EXPORT_SYMBOL(hex2bin);
 

diff --git a/trunk/security/tomoyo/common.c b/trunk/security/tomoyo/common.c
@@ -262,17 +262,13 @@ static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string)
 		WARN_ON(1);
 }
 
-static void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt,
-			     ...) __printf(2, 3);
-
 /**
  * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure.
  *
  * @head: Pointer to "struct tomoyo_io_buffer".
  * @fmt:  The printf()'s format string, followed by parameters.
  */
-static void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt,
-			     ...)
+void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
 {
 	va_list args;
 	size_t len;

diff --git a/trunk/security/tomoyo/common.h b/trunk/security/tomoyo/common.h
@@ -52,9 +52,6 @@
 
 #define TOMOYO_EXEC_TMPSIZE     4096
 
-/* Garbage collector is trying to kfree() this element. */
-#define TOMOYO_GC_IN_PROGRESS -1
-
 /* Profile number is an integer between 0 and 255. */
 #define TOMOYO_MAX_PROFILES 256
 
@@ -401,7 +398,7 @@ enum tomoyo_pref_index {
 /* Common header for holding ACL entries. */
 struct tomoyo_acl_head {
 	struct list_head list;
-	s8 is_deleted; /* true or false or TOMOYO_GC_IN_PROGRESS */
+	bool is_deleted;
 } __packed;
 
 /* Common header for shared entries. */
@@ -668,7 +665,7 @@ struct tomoyo_condition {
 struct tomoyo_acl_info {
 	struct list_head list;
 	struct tomoyo_condition *cond; /* Maybe NULL. */
-	s8 is_deleted; /* true or false or TOMOYO_GC_IN_PROGRESS */
+	bool is_deleted;
 	u8 type; /* One of values in "enum tomoyo_acl_entry_type_index". */
 } __packed;
 
@@ -981,6 +978,8 @@ int tomoyo_path_number_perm(const u8 operation, struct path *path,
 			    unsigned long number);
 int tomoyo_path_perm(const u8 operation, struct path *path,
 		     const char *target);
+int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
+			   const struct tomoyo_path_info *filename);
 int tomoyo_poll_control(struct file *file, poll_table *wait);
 int tomoyo_poll_log(struct file *file, poll_table *wait);
 int tomoyo_socket_bind_permission(struct socket *sock, struct sockaddr *addr,
@@ -1042,7 +1041,10 @@ void tomoyo_del_condition(struct list_head *element);
 void tomoyo_fill_path_info(struct tomoyo_path_info *ptr);
 void tomoyo_get_attributes(struct tomoyo_obj_info *obj);
 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns);
+void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
+	 __printf(2, 3);
 void tomoyo_load_policy(const char *filename);
+void tomoyo_memory_free(void *ptr);
 void tomoyo_normalize_line(unsigned char *buffer);
 void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register);
 void tomoyo_print_ip(char *buf, const unsigned int size,

diff --git a/trunk/security/tomoyo/condition.c b/trunk/security/tomoyo/condition.c
@@ -400,9 +400,8 @@ static struct tomoyo_condition *tomoyo_commit_condition
 		found = true;
 		goto out;
 	}
-	list_for_each_entry(ptr, &tomoyo_condition_list, head.list) {
-		if (!tomoyo_same_condition(ptr, entry) ||
-		    atomic_read(&ptr->head.users) == TOMOYO_GC_IN_PROGRESS)
+	list_for_each_entry_rcu(ptr, &tomoyo_condition_list, head.list) {
+		if (!tomoyo_same_condition(ptr, entry))
 			continue;
 		/* Same entry found. Share this entry. */
 		atomic_inc(&ptr->head.users);
@@ -412,7 +411,8 @@ static struct tomoyo_condition *tomoyo_commit_condition
 	if (!found) {
 		if (tomoyo_memory_ok(entry)) {
 			atomic_set(&entry->head.users, 1);
-			list_add(&entry->head.list, &tomoyo_condition_list);
+			list_add_rcu(&entry->head.list,
+				     &tomoyo_condition_list);
 		} else {
 			found = true;
 			ptr = NULL;

diff --git a/trunk/security/tomoyo/domain.c b/trunk/security/tomoyo/domain.c
@@ -39,8 +39,6 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
 	if (mutex_lock_interruptible(&tomoyo_policy_lock))
 		return -ENOMEM;
 	list_for_each_entry_rcu(entry, list, list) {
-		if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS)
-			continue;
 		if (!check_duplicate(entry, new_entry))
 			continue;
 		entry->is_deleted = param->is_delete;
@@ -117,8 +115,6 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
 	if (mutex_lock_interruptible(&tomoyo_policy_lock))
 		goto out;
 	list_for_each_entry_rcu(entry, list, list) {
-		if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS)
-			continue;
 		if (!tomoyo_same_acl_head(entry, new_entry) ||
 		    !check_duplicate(entry, new_entry))
 			continue;
@@ -571,7 +567,6 @@ struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
 			tomoyo_write_log(&r, "use_profile %u\n",
 					 entry->profile);
 			tomoyo_write_log(&r, "use_group %u\n", entry->group);
-			tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
 		}
 	}
 	return entry;

diff --git a/trunk/security/tomoyo/file.c b/trunk/security/tomoyo/file.c
@@ -555,8 +555,8 @@ static int tomoyo_update_path2_acl(const u8 perm,
  *
  * Caller holds tomoyo_read_lock().
  */
-static int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
-				  const struct tomoyo_path_info *filename)
+int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
+			   const struct tomoyo_path_info *filename)
 {
 	int error;