TOMOYO: Simplify policy reader.
[linux-3.10.git] / security / tomoyo / domain.c
index 093a756..34bb641 100644 (file)
@@ -5,7 +5,7 @@
  *
  * Copyright (C) 2005-2009  NTT DATA CORPORATION
  *
- * Version: 2.2.0-pre   2009/02/01
+ * Version: 2.2.0   2009/04/01
  *
  */
 
@@ -67,14 +67,12 @@ void tomoyo_set_domain_flag(struct tomoyo_domain_info *domain,
 {
        /* We need to serialize because this is bitfield operation. */
        static DEFINE_SPINLOCK(lock);
-       /***** CRITICAL SECTION START *****/
        spin_lock(&lock);
        if (!is_delete)
                domain->flags |= flags;
        else
                domain->flags &= ~flags;
        spin_unlock(&lock);
-       /***** CRITICAL SECTION END *****/
 }
 
 /**
@@ -135,7 +133,6 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
        saved_program = tomoyo_save_name(program);
        if (!saved_program)
                return -ENOMEM;
-       /***** EXCLUSIVE SECTION START *****/
        down_write(&tomoyo_domain_initializer_list_lock);
        list_for_each_entry(ptr, &tomoyo_domain_initializer_list, list) {
                if (ptr->is_not != is_not ||
@@ -161,7 +158,6 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
        error = 0;
  out:
        up_write(&tomoyo_domain_initializer_list_lock);
-       /***** EXCLUSIVE SECTION END *****/
        return error;
 }
 
@@ -193,13 +189,12 @@ bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head)
                        from = " from ";
                        domain = ptr->domainname->name;
                }
-               if (!tomoyo_io_printf(head,
-                                     "%s" TOMOYO_KEYWORD_INITIALIZE_DOMAIN
-                                     "%s%s%s\n", no, ptr->program->name, from,
-                                     domain)) {
-                       done = false;
+               done = tomoyo_io_printf(head,
+                                       "%s" TOMOYO_KEYWORD_INITIALIZE_DOMAIN
+                                       "%s%s%s\n", no, ptr->program->name,
+                                       from, domain);
+               if (!done)
                        break;
-               }
        }
        up_read(&tomoyo_domain_initializer_list_lock);
        return done;
@@ -296,7 +291,6 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
        struct tomoyo_domain_keeper_entry *ptr;
        const struct tomoyo_path_info *saved_domainname;
        const struct tomoyo_path_info *saved_program = NULL;
-       static DEFINE_MUTEX(lock);
        int error = -ENOMEM;
        bool is_last_name = false;
 
@@ -315,7 +309,6 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
        saved_domainname = tomoyo_save_name(domainname);
        if (!saved_domainname)
                return -ENOMEM;
-       /***** EXCLUSIVE SECTION START *****/
        down_write(&tomoyo_domain_keeper_list_lock);
        list_for_each_entry(ptr, &tomoyo_domain_keeper_list, list) {
                if (ptr->is_not != is_not ||
@@ -341,7 +334,6 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
        error = 0;
  out:
        up_write(&tomoyo_domain_keeper_list_lock);
-       /***** EXCLUSIVE SECTION END *****/
        return error;
 }
 
@@ -394,13 +386,12 @@ bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
                        from = " from ";
                        program = ptr->program->name;
                }
-               if (!tomoyo_io_printf(head,
-                                     "%s" TOMOYO_KEYWORD_KEEP_DOMAIN
-                                     "%s%s%s\n", no, program, from,
-                                     ptr->domainname->name)) {
-                       done = false;
+               done = tomoyo_io_printf(head,
+                                       "%s" TOMOYO_KEYWORD_KEEP_DOMAIN
+                                       "%s%s%s\n", no, program, from,
+                                       ptr->domainname->name);
+               if (!done)
                        break;
-               }
        }
        up_read(&tomoyo_domain_keeper_list_lock);
        return done;
@@ -476,7 +467,6 @@ static int tomoyo_update_alias_entry(const char *original_name,
        saved_aliased_name = tomoyo_save_name(aliased_name);
        if (!saved_original_name || !saved_aliased_name)
                return -ENOMEM;
-       /***** EXCLUSIVE SECTION START *****/
        down_write(&tomoyo_alias_list_lock);
        list_for_each_entry(ptr, &tomoyo_alias_list, list) {
                if (ptr->original_name != saved_original_name ||
@@ -499,7 +489,6 @@ static int tomoyo_update_alias_entry(const char *original_name,
        error = 0;
  out:
        up_write(&tomoyo_alias_list_lock);
-       /***** EXCLUSIVE SECTION END *****/
        return error;
 }
 
@@ -522,12 +511,11 @@ bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head)
                ptr = list_entry(pos, struct tomoyo_alias_entry, list);
                if (ptr->is_deleted)
                        continue;
-               if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_ALIAS "%s %s\n",
-                                     ptr->original_name->name,
-                                     ptr->aliased_name->name)) {
-                       done = false;
+               done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALIAS "%s %s\n",
+                                       ptr->original_name->name,
+                                       ptr->aliased_name->name);
+               if (!done)
                        break;
-               }
        }
        up_read(&tomoyo_alias_list_lock);
        return done;
@@ -551,9 +539,7 @@ int tomoyo_write_alias_policy(char *data, const bool is_delete)
        return tomoyo_update_alias_entry(data, cp, is_delete);
 }
 
-/* Domain create/delete/undelete handler. */
-
-/* #define TOMOYO_DEBUG_DOMAIN_UNDELETE */
+/* Domain create/delete handler. */
 
 /**
  * tomoyo_delete_domain - Delete a domain.
@@ -569,103 +555,23 @@ int tomoyo_delete_domain(char *domainname)
 
        name.name = domainname;
        tomoyo_fill_path_info(&name);
-       /***** EXCLUSIVE SECTION START *****/
        down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-       printk(KERN_DEBUG "tomoyo_delete_domain %s\n", domainname);
-       list_for_each_entry(domain, &tomoyo_domain_list, list) {
-               if (tomoyo_pathcmp(domain->domainname, &name))
-                       continue;
-               printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-       }
-#endif
        /* Is there an active domain? */
        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-               struct tomoyo_domain_info *domain2;
                /* Never delete tomoyo_kernel_domain */
                if (domain == &tomoyo_kernel_domain)
                        continue;
                if (domain->is_deleted ||
                    tomoyo_pathcmp(domain->domainname, &name))
                        continue;
-               /* Mark already deleted domains as non undeletable. */
-               list_for_each_entry(domain2, &tomoyo_domain_list, list) {
-                       if (!domain2->is_deleted ||
-                           tomoyo_pathcmp(domain2->domainname, &name))
-                               continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                       if (domain2->is_deleted != 255)
-                               printk(KERN_DEBUG
-                                      "Marked %p as non undeletable\n",
-                                      domain2);
-#endif
-                       domain2->is_deleted = 255;
-               }
-               /* Delete and mark active domain as undeletable. */
-               domain->is_deleted = 1;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-               printk(KERN_DEBUG "Marked %p as undeletable\n", domain);
-#endif
+               domain->is_deleted = true;
                break;
        }
        up_write(&tomoyo_domain_list_lock);
-       /***** EXCLUSIVE SECTION END *****/
        return 0;
 }
 
 /**
- * tomoyo_undelete_domain - Undelete a domain.
- *
- * @domainname: The name of domain.
- *
- * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
- */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname)
-{
-       struct tomoyo_domain_info *domain;
-       struct tomoyo_domain_info *candidate_domain = NULL;
-       struct tomoyo_path_info name;
-
-       name.name = domainname;
-       tomoyo_fill_path_info(&name);
-       /***** EXCLUSIVE SECTION START *****/
-       down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-       printk(KERN_DEBUG "tomoyo_undelete_domain %s\n", domainname);
-       list_for_each_entry(domain, &tomoyo_domain_list, list) {
-               if (tomoyo_pathcmp(domain->domainname, &name))
-                       continue;
-               printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-       }
-#endif
-       list_for_each_entry(domain, &tomoyo_domain_list, list) {
-               if (tomoyo_pathcmp(&name, domain->domainname))
-                       continue;
-               if (!domain->is_deleted) {
-                       /* This domain is active. I can't undelete. */
-                       candidate_domain = NULL;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                       printk(KERN_DEBUG "%p is active. I can't undelete.\n",
-                              domain);
-#endif
-                       break;
-               }
-               /* Is this domain undeletable? */
-               if (domain->is_deleted == 1)
-                       candidate_domain = domain;
-       }
-       if (candidate_domain) {
-               candidate_domain->is_deleted = 0;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-               printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain);
-#endif
-       }
-       up_write(&tomoyo_domain_list_lock);
-       /***** EXCLUSIVE SECTION END *****/
-       return candidate_domain;
-}
-
-/**
  * tomoyo_find_or_assign_new_domain - Create a domain.
  *
  * @domainname: The name of domain.
@@ -680,7 +586,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
        struct tomoyo_domain_info *domain = NULL;
        const struct tomoyo_path_info *saved_domainname;
 
-       /***** EXCLUSIVE SECTION START *****/
        down_write(&tomoyo_domain_list_lock);
        domain = tomoyo_find_domain(domainname);
        if (domain)
@@ -699,7 +604,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                    domain->domainname != saved_domainname)
                        continue;
                flag = false;
-               /***** CRITICAL SECTION START *****/
                read_lock(&tasklist_lock);
                for_each_process(p) {
                        if (tomoyo_real_domain(p) != domain)
@@ -708,13 +612,8 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                        break;
                }
                read_unlock(&tasklist_lock);
-               /***** CRITICAL SECTION END *****/
                if (flag)
                        continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-               printk(KERN_DEBUG "Reusing %p %s\n", domain,
-                      domain->domainname->name);
-#endif
                list_for_each_entry(ptr, &domain->acl_info_list, list) {
                        ptr->type |= TOMOYO_ACL_DELETED;
                }
@@ -722,7 +621,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                domain->profile = profile;
                domain->quota_warned = false;
                mb(); /* Avoid out-of-order execution. */
-               domain->is_deleted = 0;
+               domain->is_deleted = false;
                goto out;
        }
        /* No memory reusable. Create using new memory. */
@@ -735,7 +634,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
        }
  out:
        up_write(&tomoyo_domain_list_lock);
-       /***** EXCLUSIVE SECTION END *****/
        return domain;
 }