search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6
[nv-tegra-linux-2.6.git] / security / tomoyo / common.c
blobef89947a774bbf419aadc0ba6b942985b75b5b50
1 /*
2 * security/tomoyo/common.c
3 *
4 * Common functions for TOMOYO.
5 *
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
7 *
8 * Version: 2.2.0 2009/04/01
9 *
10 */
11
12 #include <linux/uaccess.h>
13 #include <linux/security.h>
14 #include <linux/hardirq.h>
15 #include "common.h"
16
17 /* Lock for protecting policy. */
18 DEFINE_MUTEX(tomoyo_policy_lock);
19
20 /* Has loading policy done? */
21 bool tomoyo_policy_loaded;
22
23 /* String table for functionality that takes 4 modes. */
24 static const char *tomoyo_mode_4[4] = {
25 "disabled", "learning", "permissive", "enforcing"
26 };
27 /* String table for functionality that takes 2 modes. */
28 static const char *tomoyo_mode_2[4] = {
29 "disabled", "enabled", "enabled", "enabled"
30 };
31
32 /*
33 * tomoyo_control_array is a static data which contains
34 *
35 * (1) functionality name used by /sys/kernel/security/tomoyo/profile .
36 * (2) initial values for "struct tomoyo_profile".
37 * (3) max values for "struct tomoyo_profile".
38 */
39 static struct {
40 const char *keyword;
41 unsigned int current_value;
42 const unsigned int max_value;
43 } tomoyo_control_array[TOMOYO_MAX_CONTROL_INDEX] = {
44 [TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 },
45 [TOMOYO_MAX_ACCEPT_ENTRY] = { "MAX_ACCEPT_ENTRY", 2048, INT_MAX },
46 [TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 },
47 };
48
49 /*
50 * tomoyo_profile is a structure which is used for holding the mode of access
51 * controls. TOMOYO has 4 modes: disabled, learning, permissive, enforcing.
52 * An administrator can define up to 256 profiles.
53 * The ->profile of "struct tomoyo_domain_info" is used for remembering
54 * the profile's number (0 - 255) assigned to that domain.
55 */
56 static struct tomoyo_profile {
57 unsigned int value[TOMOYO_MAX_CONTROL_INDEX];
58 const struct tomoyo_path_info *comment;
59 } *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES];
60
61 /* Permit policy management by non-root user? */
62 static bool tomoyo_manage_by_non_root;
63
64 /* Utility functions. */
65
66 /* Open operation for /sys/kernel/security/tomoyo/ interface. */
67 static int tomoyo_open_control(const u8 type, struct file *file);
68 /* Close /sys/kernel/security/tomoyo/ interface. */
69 static int tomoyo_close_control(struct file *file);
70 /* Read operation for /sys/kernel/security/tomoyo/ interface. */
71 static int tomoyo_read_control(struct file *file, char __user *buffer,
72 const int buffer_len);
73 /* Write operation for /sys/kernel/security/tomoyo/ interface. */
74 static int tomoyo_write_control(struct file *file, const char __user *buffer,
75 const int buffer_len);
76
77 /**
78 * tomoyo_is_byte_range - Check whether the string isa \ooo style octal value.
79 *
80 * @str: Pointer to the string.
81 *
82 * Returns true if @str is a \ooo style octal value, false otherwise.
83 *
84 * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF.
85 * This function verifies that \ooo is in valid range.
86 */
87 static inline bool tomoyo_is_byte_range(const char *str)
88 {
89 return *str >= '0' && *str++ <= '3' &&
90 *str >= '0' && *str++ <= '7' &&
91 *str >= '0' && *str <= '7';
92 }
93
94 /**
95 * tomoyo_is_alphabet_char - Check whether the character is an alphabet.
96 *
97 * @c: The character to check.
98 *
99 * Returns true if @c is an alphabet character, false otherwise.
100 */
101 static inline bool tomoyo_is_alphabet_char(const char c)
102 {
103 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z');
104 }
105
106 /**
107 * tomoyo_make_byte - Make byte value from three octal characters.
108 *
109 * @c1: The first character.
110 * @c2: The second character.
111 * @c3: The third character.
112 *
113 * Returns byte value.
114 */
115 static inline u8 tomoyo_make_byte(const u8 c1, const u8 c2, const u8 c3)
116 {
117 return ((c1 - '0') << 6) + ((c2 - '0') << 3) + (c3 - '0');
118 }
119
120 /**
121 * tomoyo_str_starts - Check whether the given string starts with the given keyword.
122 *
123 * @src: Pointer to pointer to the string.
124 * @find: Pointer to the keyword.
125 *
126 * Returns true if @src starts with @find, false otherwise.
127 *
128 * The @src is updated to point the first character after the @find
129 * if @src starts with @find.
130 */
131 static bool tomoyo_str_starts(char **src, const char *find)
132 {
133 const int len = strlen(find);
134 char *tmp = *src;
135
136 if (strncmp(tmp, find, len))
137 return false;
138 tmp += len;
139 *src = tmp;
140 return true;
141 }
142
143 /**
144 * tomoyo_normalize_line - Format string.
145 *
146 * @buffer: The line to normalize.
147 *
148 * Leading and trailing whitespaces are removed.
149 * Multiple whitespaces are packed into single space.
150 *
151 * Returns nothing.
152 */
153 static void tomoyo_normalize_line(unsigned char *buffer)
154 {
155 unsigned char *sp = buffer;
156 unsigned char *dp = buffer;
157 bool first = true;
158
159 while (tomoyo_is_invalid(*sp))
160 sp++;
161 while (*sp) {
162 if (!first)
163 *dp++ = ' ';
164 first = false;
165 while (tomoyo_is_valid(*sp))
166 *dp++ = *sp++;
167 while (tomoyo_is_invalid(*sp))
168 sp++;
169 }
170 *dp = '\0';
171 }
172
173 /**
174 * tomoyo_is_correct_path - Validate a pathname.
175 * @filename: The pathname to check.
176 * @start_type: Should the pathname start with '/'?
177 * 1 = must / -1 = must not / 0 = don't care
178 * @pattern_type: Can the pathname contain a wildcard?
179 * 1 = must / -1 = must not / 0 = don't care
180 * @end_type: Should the pathname end with '/'?
181 * 1 = must / -1 = must not / 0 = don't care
182 *
183 * Check whether the given filename follows the naming rules.
184 * Returns true if @filename follows the naming rules, false otherwise.
185 */
186 bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
187 const s8 pattern_type, const s8 end_type)
188 {
189 const char *const start = filename;
190 bool in_repetition = false;
191 bool contains_pattern = false;
192 unsigned char c;
193 unsigned char d;
194 unsigned char e;
195
196 if (!filename)
197 goto out;
198 c = *filename;
199 if (start_type == 1) { /* Must start with '/' */
200 if (c != '/')
201 goto out;
202 } else if (start_type == -1) { /* Must not start with '/' */
203 if (c == '/')
204 goto out;
205 }
206 if (c)
207 c = *(filename + strlen(filename) - 1);
208 if (end_type == 1) { /* Must end with '/' */
209 if (c != '/')
210 goto out;
211 } else if (end_type == -1) { /* Must not end with '/' */
212 if (c == '/')
213 goto out;
214 }
215 while (1) {
216 c = *filename++;
217 if (!c)
218 break;
219 if (c == '\\') {
220 c = *filename++;
221 switch (c) {
222 case '\\': /* "\\" */
223 continue;
224 case '$': /* "\$" */
225 case '+': /* "\+" */
226 case '?': /* "\?" */
227 case '*': /* "\*" */
228 case '@': /* "\@" */
229 case 'x': /* "\x" */
230 case 'X': /* "\X" */
231 case 'a': /* "\a" */
232 case 'A': /* "\A" */
233 case '-': /* "\-" */
234 if (pattern_type == -1)
235 break; /* Must not contain pattern */
236 contains_pattern = true;
237 continue;
238 case '{': /* "/\{" */
239 if (filename - 3 < start ||
240 *(filename - 3) != '/')
241 break;
242 if (pattern_type == -1)
243 break; /* Must not contain pattern */
244 contains_pattern = true;
245 in_repetition = true;
246 continue;
247 case '}': /* "\}/" */
248 if (*filename != '/')
249 break;
250 if (!in_repetition)
251 break;
252 in_repetition = false;
253 continue;
254 case '0': /* "\ooo" */
255 case '1':
256 case '2':
257 case '3':
258 d = *filename++;
259 if (d < '0' || d > '7')
260 break;
261 e = *filename++;
262 if (e < '0' || e > '7')
263 break;
264 c = tomoyo_make_byte(c, d, e);
265 if (tomoyo_is_invalid(c))
266 continue; /* pattern is not \000 */
267 }
268 goto out;
269 } else if (in_repetition && c == '/') {
270 goto out;
271 } else if (tomoyo_is_invalid(c)) {
272 goto out;
273 }
274 }
275 if (pattern_type == 1) { /* Must contain pattern */
276 if (!contains_pattern)
277 goto out;
278 }
279 if (in_repetition)
280 goto out;
281 return true;
282 out:
283 return false;
284 }
285
286 /**
287 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules.
288 * @domainname: The domainname to check.
289 *
290 * Returns true if @domainname follows the naming rules, false otherwise.
291 */
292 bool tomoyo_is_correct_domain(const unsigned char *domainname)
293 {
294 unsigned char c;
295 unsigned char d;
296 unsigned char e;
297
298 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME,
299 TOMOYO_ROOT_NAME_LEN))
300 goto out;
301 domainname += TOMOYO_ROOT_NAME_LEN;
302 if (!*domainname)
303 return true;
304 do {
305 if (*domainname++ != ' ')
306 goto out;
307 if (*domainname++ != '/')
308 goto out;
309 while ((c = *domainname) != '\0' && c != ' ') {
310 domainname++;
311 if (c == '\\') {
312 c = *domainname++;
313 switch ((c)) {
314 case '\\': /* "\\" */
315 continue;
316 case '0': /* "\ooo" */
317 case '1':
318 case '2':
319 case '3':
320 d = *domainname++;
321 if (d < '0' || d > '7')
322 break;
323 e = *domainname++;
324 if (e < '0' || e > '7')
325 break;
326 c = tomoyo_make_byte(c, d, e);
327 if (tomoyo_is_invalid(c))
328 /* pattern is not \000 */
329 continue;
330 }
331 goto out;
332 } else if (tomoyo_is_invalid(c)) {
333 goto out;
334 }
335 }
336 } while (*domainname);
337 return true;
338 out:
339 return false;
340 }
341
342 /**
343 * tomoyo_is_domain_def - Check whether the given token can be a domainname.
344 *
345 * @buffer: The token to check.
346 *
347 * Returns true if @buffer possibly be a domainname, false otherwise.
348 */
349 bool tomoyo_is_domain_def(const unsigned char *buffer)
350 {
351 return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN);
352 }
353
354 /**
355 * tomoyo_find_domain - Find a domain by the given name.
356 *
357 * @domainname: The domainname to find.
358 *
359 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise.
360 *
361 * Caller holds tomoyo_read_lock().
362 */
363 struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname)
364 {
365 struct tomoyo_domain_info *domain;
366 struct tomoyo_path_info name;
367
368 name.name = domainname;
369 tomoyo_fill_path_info(&name);
370 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
371 if (!domain->is_deleted &&
372 !tomoyo_pathcmp(&name, domain->domainname))
373 return domain;
374 }
375 return NULL;
376 }
377
378 /**
379 * tomoyo_const_part_length - Evaluate the initial length without a pattern in a token.
380 *
381 * @filename: The string to evaluate.
382 *
383 * Returns the initial length without a pattern in @filename.
384 */
385 static int tomoyo_const_part_length(const char *filename)
386 {
387 char c;
388 int len = 0;
389
390 if (!filename)
391 return 0;
392 while ((c = *filename++) != '\0') {
393 if (c != '\\') {
394 len++;
395 continue;
396 }
397 c = *filename++;
398 switch (c) {
399 case '\\': /* "\\" */
400 len += 2;
401 continue;
402 case '0': /* "\ooo" */
403 case '1':
404 case '2':
405 case '3':
406 c = *filename++;
407 if (c < '0' || c > '7')
408 break;
409 c = *filename++;
410 if (c < '0' || c > '7')
411 break;
412 len += 4;
413 continue;
414 }
415 break;
416 }
417 return len;
418 }
419
420 /**
421 * tomoyo_fill_path_info - Fill in "struct tomoyo_path_info" members.
422 *
423 * @ptr: Pointer to "struct tomoyo_path_info" to fill in.
424 *
425 * The caller sets "struct tomoyo_path_info"->name.
426 */
427 void tomoyo_fill_path_info(struct tomoyo_path_info *ptr)
428 {
429 const char *name = ptr->name;
430 const int len = strlen(name);
431
432 ptr->const_len = tomoyo_const_part_length(name);
433 ptr->is_dir = len && (name[len - 1] == '/');
434 ptr->is_patterned = (ptr->const_len < len);
435 ptr->hash = full_name_hash(name, len);
436 }
437
438 /**
439 * tomoyo_file_matches_pattern2 - Pattern matching without '/' character
440 * and "\-" pattern.
441 *
442 * @filename: The start of string to check.
443 * @filename_end: The end of string to check.
444 * @pattern: The start of pattern to compare.
445 * @pattern_end: The end of pattern to compare.
446 *
447 * Returns true if @filename matches @pattern, false otherwise.
448 */
449 static bool tomoyo_file_matches_pattern2(const char *filename,
450 const char *filename_end,
451 const char *pattern,
452 const char *pattern_end)
453 {
454 while (filename < filename_end && pattern < pattern_end) {
455 char c;
456 if (*pattern != '\\') {
457 if (*filename++ != *pattern++)
458 return false;
459 continue;
460 }
461 c = *filename;
462 pattern++;
463 switch (*pattern) {
464 int i;
465 int j;
466 case '?':
467 if (c == '/') {
468 return false;
469 } else if (c == '\\') {
470 if (filename[1] == '\\')
471 filename++;
472 else if (tomoyo_is_byte_range(filename + 1))
473 filename += 3;
474 else
475 return false;
476 }
477 break;
478 case '\\':
479 if (c != '\\')
480 return false;
481 if (*++filename != '\\')
482 return false;
483 break;
484 case '+':
485 if (!isdigit(c))
486 return false;
487 break;
488 case 'x':
489 if (!isxdigit(c))
490 return false;
491 break;
492 case 'a':
493 if (!tomoyo_is_alphabet_char(c))
494 return false;
495 break;
496 case '0':
497 case '1':
498 case '2':
499 case '3':
500 if (c == '\\' && tomoyo_is_byte_range(filename + 1)
501 && strncmp(filename + 1, pattern, 3) == 0) {
502 filename += 3;
503 pattern += 2;
504 break;
505 }
506 return false; /* Not matched. */
507 case '*':
508 case '@':
509 for (i = 0; i <= filename_end - filename; i++) {
510 if (tomoyo_file_matches_pattern2(
511 filename + i, filename_end,
512 pattern + 1, pattern_end))
513 return true;
514 c = filename[i];
515 if (c == '.' && *pattern == '@')
516 break;
517 if (c != '\\')
518 continue;
519 if (filename[i + 1] == '\\')
520 i++;
521 else if (tomoyo_is_byte_range(filename + i + 1))
522 i += 3;
523 else
524 break; /* Bad pattern. */
525 }
526 return false; /* Not matched. */
527 default:
528 j = 0;
529 c = *pattern;
530 if (c == '$') {
531 while (isdigit(filename[j]))
532 j++;
533 } else if (c == 'X') {
534 while (isxdigit(filename[j]))
535 j++;
536 } else if (c == 'A') {
537 while (tomoyo_is_alphabet_char(filename[j]))
538 j++;
539 }
540 for (i = 1; i <= j; i++) {
541 if (tomoyo_file_matches_pattern2(
542 filename + i, filename_end,
543 pattern + 1, pattern_end))
544 return true;
545 }
546 return false; /* Not matched or bad pattern. */
547 }
548 filename++;
549 pattern++;
550 }
551 while (*pattern == '\\' &&
552 (*(pattern + 1) == '*' || *(pattern + 1) == '@'))
553 pattern += 2;
554 return filename == filename_end && pattern == pattern_end;
555 }
556
557 /**
558 * tomoyo_file_matches_pattern - Pattern matching without without '/' character.
559 *
560 * @filename: The start of string to check.
561 * @filename_end: The end of string to check.
562 * @pattern: The start of pattern to compare.
563 * @pattern_end: The end of pattern to compare.
564 *
565 * Returns true if @filename matches @pattern, false otherwise.
566 */
567 static bool tomoyo_file_matches_pattern(const char *filename,
568 const char *filename_end,
569 const char *pattern,
570 const char *pattern_end)
571 {
572 const char *pattern_start = pattern;
573 bool first = true;
574 bool result;
575
576 while (pattern < pattern_end - 1) {
577 /* Split at "\-" pattern. */
578 if (*pattern++ != '\\' || *pattern++ != '-')
579 continue;
580 result = tomoyo_file_matches_pattern2(filename,
581 filename_end,
582 pattern_start,
583 pattern - 2);
584 if (first)
585 result = !result;
586 if (result)
587 return false;
588 first = false;
589 pattern_start = pattern;
590 }
591 result = tomoyo_file_matches_pattern2(filename, filename_end,
592 pattern_start, pattern_end);
593 return first ? result : !result;
594 }
595
596 /**
597 * tomoyo_path_matches_pattern2 - Do pathname pattern matching.
598 *
599 * @f: The start of string to check.
600 * @p: The start of pattern to compare.
601 *
602 * Returns true if @f matches @p, false otherwise.
603 */
604 static bool tomoyo_path_matches_pattern2(const char *f, const char *p)
605 {
606 const char *f_delimiter;
607 const char *p_delimiter;
608
609 while (*f && *p) {
610 f_delimiter = strchr(f, '/');
611 if (!f_delimiter)
612 f_delimiter = f + strlen(f);
613 p_delimiter = strchr(p, '/');
614 if (!p_delimiter)
615 p_delimiter = p + strlen(p);
616 if (*p == '\\' && *(p + 1) == '{')
617 goto recursive;
618 if (!tomoyo_file_matches_pattern(f, f_delimiter, p,
619 p_delimiter))
620 return false;
621 f = f_delimiter;
622 if (*f)
623 f++;
624 p = p_delimiter;
625 if (*p)
626 p++;
627 }
628 /* Ignore trailing "\*" and "\@" in @pattern. */
629 while (*p == '\\' &&
630 (*(p + 1) == '*' || *(p + 1) == '@'))
631 p += 2;
632 return !*f && !*p;
633 recursive:
634 /*
635 * The "\{" pattern is permitted only after '/' character.
636 * This guarantees that below "*(p - 1)" is safe.
637 * Also, the "\}" pattern is permitted only before '/' character
638 * so that "\{" + "\}" pair will not break the "\-" operator.
639 */
640 if (*(p - 1) != '/' || p_delimiter <= p + 3 || *p_delimiter != '/' ||
641 *(p_delimiter - 1) != '}' || *(p_delimiter - 2) != '\\')
642 return false; /* Bad pattern. */
643 do {
644 /* Compare current component with pattern. */
645 if (!tomoyo_file_matches_pattern(f, f_delimiter, p + 2,
646 p_delimiter - 2))
647 break;
648 /* Proceed to next component. */
649 f = f_delimiter;
650 if (!*f)
651 break;
652 f++;
653 /* Continue comparison. */
654 if (tomoyo_path_matches_pattern2(f, p_delimiter + 1))
655 return true;
656 f_delimiter = strchr(f, '/');
657 } while (f_delimiter);
658 return false; /* Not matched. */
659 }
660
661 /**
662 * tomoyo_path_matches_pattern - Check whether the given filename matches the given pattern.
663 *
664 * @filename: The filename to check.
665 * @pattern: The pattern to compare.
666 *
667 * Returns true if matches, false otherwise.
668 *
669 * The following patterns are available.
670 * \\ \ itself.
671 * \ooo Octal representation of a byte.
672 * \* Zero or more repetitions of characters other than '/'.
673 * \@ Zero or more repetitions of characters other than '/' or '.'.
674 * \? 1 byte character other than '/'.
675 * \$ One or more repetitions of decimal digits.
676 * \+ 1 decimal digit.
677 * \X One or more repetitions of hexadecimal digits.
678 * \x 1 hexadecimal digit.
679 * \A One or more repetitions of alphabet characters.
680 * \a 1 alphabet character.
681 *
682 * \- Subtraction operator.
683 *
684 * /\{dir\}/ '/' + 'One or more repetitions of dir/' (e.g. /dir/ /dir/dir/
685 * /dir/dir/dir/ ).
686 */
687 bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
688 const struct tomoyo_path_info *pattern)
689 {
690 const char *f = filename->name;
691 const char *p = pattern->name;
692 const int len = pattern->const_len;
693
694 /* If @pattern doesn't contain pattern, I can use strcmp(). */
695 if (!pattern->is_patterned)
696 return !tomoyo_pathcmp(filename, pattern);
697 /* Don't compare directory and non-directory. */
698 if (filename->is_dir != pattern->is_dir)
699 return false;
700 /* Compare the initial length without patterns. */
701 if (strncmp(f, p, len))
702 return false;
703 f += len;
704 p += len;
705 return tomoyo_path_matches_pattern2(f, p);
706 }
707
708 /**
709 * tomoyo_io_printf - Transactional printf() to "struct tomoyo_io_buffer" structure.
710 *
711 * @head: Pointer to "struct tomoyo_io_buffer".
712 * @fmt: The printf()'s format string, followed by parameters.
713 *
714 * Returns true if output was written, false otherwise.
715 *
716 * The snprintf() will truncate, but tomoyo_io_printf() won't.
717 */
718 bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
719 {
720 va_list args;
721 int len;
722 int pos = head->read_avail;
723 int size = head->readbuf_size - pos;
724
725 if (size <= 0)
726 return false;
727 va_start(args, fmt);
728 len = vsnprintf(head->read_buf + pos, size, fmt, args);
729 va_end(args);
730 if (pos + len >= head->readbuf_size)
731 return false;
732 head->read_avail += len;
733 return true;
734 }
735
736 /**
737 * tomoyo_get_exe - Get tomoyo_realpath() of current process.
738 *
739 * Returns the tomoyo_realpath() of current process on success, NULL otherwise.
740 *
741 * This function uses kzalloc(), so the caller must call kfree()
742 * if this function didn't return NULL.
743 */
744 static const char *tomoyo_get_exe(void)
745 {
746 struct mm_struct *mm = current->mm;
747 struct vm_area_struct *vma;
748 const char *cp = NULL;
749
750 if (!mm)
751 return NULL;
752 down_read(&mm->mmap_sem);
753 for (vma = mm->mmap; vma; vma = vma->vm_next) {
754 if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {
755 cp = tomoyo_realpath_from_path(&vma->vm_file->f_path);
756 break;
757 }
758 }
759 up_read(&mm->mmap_sem);
760 return cp;
761 }
762
763 /**
764 * tomoyo_get_msg - Get warning message.
765 *
766 * @is_enforce: Is it enforcing mode?
767 *
768 * Returns "ERROR" or "WARNING".
769 */
770 const char *tomoyo_get_msg(const bool is_enforce)
771 {
772 if (is_enforce)
773 return "ERROR";
774 else
775 return "WARNING";
776 }
777
778 /**
779 * tomoyo_check_flags - Check mode for specified functionality.
780 *
781 * @domain: Pointer to "struct tomoyo_domain_info".
782 * @index: The functionality to check mode.
783 *
784 * TOMOYO checks only process context.
785 * This code disables TOMOYO's enforcement in case the function is called from
786 * interrupt context.
787 */
788 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
789 const u8 index)
790 {
791 const u8 profile = domain->profile;
792
793 if (WARN_ON(in_interrupt()))
794 return 0;
795 return tomoyo_policy_loaded && index < TOMOYO_MAX_CONTROL_INDEX
796 #if TOMOYO_MAX_PROFILES != 256
797 && profile < TOMOYO_MAX_PROFILES
798 #endif
799 && tomoyo_profile_ptr[profile] ?
800 tomoyo_profile_ptr[profile]->value[index] : 0;
801 }
802
803 /**
804 * tomoyo_verbose_mode - Check whether TOMOYO is verbose mode.
805 *
806 * @domain: Pointer to "struct tomoyo_domain_info".
807 *
808 * Returns true if domain policy violation warning should be printed to
809 * console.
810 */
811 bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain)
812 {
813 return tomoyo_check_flags(domain, TOMOYO_VERBOSE) != 0;
814 }
815
816 /**
817 * tomoyo_domain_quota_is_ok - Check for domain's quota.
818 *
819 * @domain: Pointer to "struct tomoyo_domain_info".
820 *
821 * Returns true if the domain is not exceeded quota, false otherwise.
822 *
823 * Caller holds tomoyo_read_lock().
824 */
825 bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
826 {
827 unsigned int count = 0;
828 struct tomoyo_acl_info *ptr;
829
830 if (!domain)
831 return true;
832 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
833 switch (ptr->type) {
834 struct tomoyo_path_acl *acl;
835 u32 perm;
836 u8 i;
837 case TOMOYO_TYPE_PATH_ACL:
838 acl = container_of(ptr, struct tomoyo_path_acl, head);
839 perm = acl->perm | (((u32) acl->perm_high) << 16);
840 for (i = 0; i < TOMOYO_MAX_PATH_OPERATION; i++)
841 if (perm & (1 << i))
842 count++;
843 if (perm & (1 << TOMOYO_TYPE_READ_WRITE))
844 count -= 2;
845 break;
846 case TOMOYO_TYPE_PATH2_ACL:
847 perm = container_of(ptr, struct tomoyo_path2_acl, head)
848 ->perm;
849 for (i = 0; i < TOMOYO_MAX_PATH2_OPERATION; i++)
850 if (perm & (1 << i))
851 count++;
852 break;
853 }
854 }
855 if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY))
856 return true;
857 if (!domain->quota_warned) {
858 domain->quota_warned = true;
859 printk(KERN_WARNING "TOMOYO-WARNING: "
860 "Domain '%s' has so many ACLs to hold. "
861 "Stopped learning mode.\n", domain->domainname->name);
862 }
863 return false;
864 }
865
866 /**
867 * tomoyo_find_or_assign_new_profile - Create a new profile.
868 *
869 * @profile: Profile number to create.
870 *
871 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
872 */
873 static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
874 int profile)
875 {
876 static DEFINE_MUTEX(lock);
877 struct tomoyo_profile *ptr = NULL;
878 int i;
879
880 if (profile >= TOMOYO_MAX_PROFILES)
881 return NULL;
882 mutex_lock(&lock);
883 ptr = tomoyo_profile_ptr[profile];
884 if (ptr)
885 goto ok;
886 ptr = kmalloc(sizeof(*ptr), GFP_KERNEL);
887 if (!tomoyo_memory_ok(ptr)) {
888 kfree(ptr);
889 ptr = NULL;
890 goto ok;
891 }
892 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++)
893 ptr->value[i] = tomoyo_control_array[i].current_value;
894 mb(); /* Avoid out-of-order execution. */
895 tomoyo_profile_ptr[profile] = ptr;
896 ok:
897 mutex_unlock(&lock);
898 return ptr;
899 }
900
901 /**
902 * tomoyo_write_profile - Write to profile table.
903 *
904 * @head: Pointer to "struct tomoyo_io_buffer".
905 *
906 * Returns 0 on success, negative value otherwise.
907 */
908 static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
909 {
910 char *data = head->write_buf;
911 unsigned int i;
912 unsigned int value;
913 char *cp;
914 struct tomoyo_profile *profile;
915 unsigned long num;
916
917 cp = strchr(data, '-');
918 if (cp)
919 *cp = '\0';
920 if (strict_strtoul(data, 10, &num))
921 return -EINVAL;
922 if (cp)
923 data = cp + 1;
924 profile = tomoyo_find_or_assign_new_profile(num);
925 if (!profile)
926 return -EINVAL;
927 cp = strchr(data, '=');
928 if (!cp)
929 return -EINVAL;
930 *cp = '\0';
931 if (!strcmp(data, "COMMENT")) {
932 const struct tomoyo_path_info *old_comment = profile->comment;
933 profile->comment = tomoyo_get_name(cp + 1);
934 tomoyo_put_name(old_comment);
935 return 0;
936 }
937 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) {
938 if (strcmp(data, tomoyo_control_array[i].keyword))
939 continue;
940 if (sscanf(cp + 1, "%u", &value) != 1) {
941 int j;
942 const char **modes;
943 switch (i) {
944 case TOMOYO_VERBOSE:
945 modes = tomoyo_mode_2;
946 break;
947 default:
948 modes = tomoyo_mode_4;
949 break;
950 }
951 for (j = 0; j < 4; j++) {
952 if (strcmp(cp + 1, modes[j]))
953 continue;
954 value = j;
955 break;
956 }
957 if (j == 4)
958 return -EINVAL;
959 } else if (value > tomoyo_control_array[i].max_value) {
960 value = tomoyo_control_array[i].max_value;
961 }
962 profile->value[i] = value;
963 return 0;
964 }
965 return -EINVAL;
966 }
967
968 /**
969 * tomoyo_read_profile - Read from profile table.
970 *
971 * @head: Pointer to "struct tomoyo_io_buffer".
972 *
973 * Returns 0.
974 */
975 static int tomoyo_read_profile(struct tomoyo_io_buffer *head)
976 {
977 static const int total = TOMOYO_MAX_CONTROL_INDEX + 1;
978 int step;
979
980 if (head->read_eof)
981 return 0;
982 for (step = head->read_step; step < TOMOYO_MAX_PROFILES * total;
983 step++) {
984 const u8 index = step / total;
985 u8 type = step % total;
986 const struct tomoyo_profile *profile
987 = tomoyo_profile_ptr[index];
988 head->read_step = step;
989 if (!profile)
990 continue;
991 if (!type) { /* Print profile' comment tag. */
992 if (!tomoyo_io_printf(head, "%u-COMMENT=%s\n",
993 index, profile->comment ?
994 profile->comment->name : ""))
995 break;
996 continue;
997 }
998 type--;
999 if (type < TOMOYO_MAX_CONTROL_INDEX) {
1000 const unsigned int value = profile->value[type];
1001 const char **modes = NULL;
1002 const char *keyword
1003 = tomoyo_control_array[type].keyword;
1004 switch (tomoyo_control_array[type].max_value) {
1005 case 3:
1006 modes = tomoyo_mode_4;
1007 break;
1008 case 1:
1009 modes = tomoyo_mode_2;
1010 break;
1011 }
1012 if (modes) {
1013 if (!tomoyo_io_printf(head, "%u-%s=%s\n", index,
1014 keyword, modes[value]))
1015 break;
1016 } else {
1017 if (!tomoyo_io_printf(head, "%u-%s=%u\n", index,
1018 keyword, value))
1019 break;
1020 }
1021 }
1022 }
1023 if (step == TOMOYO_MAX_PROFILES * total)
1024 head->read_eof = true;
1025 return 0;
1026 }
1027
1028 /*
1029 * tomoyo_policy_manager_list is used for holding list of domainnames or
1030 * programs which are permitted to modify configuration via
1031 * /sys/kernel/security/tomoyo/ interface.
1032 *
1033 * An entry is added by
1034 *
1035 * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \
1036 * /sys/kernel/security/tomoyo/manager
1037 * (if you want to specify by a domainname)
1038 *
1039 * or
1040 *
1041 * # echo '/usr/lib/ccs/editpolicy' > /sys/kernel/security/tomoyo/manager
1042 * (if you want to specify by a program's location)
1043 *
1044 * and is deleted by
1045 *
1046 * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \
1047 * /sys/kernel/security/tomoyo/manager
1048 *
1049 * or
1050 *
1051 * # echo 'delete /usr/lib/ccs/editpolicy' > \
1052 * /sys/kernel/security/tomoyo/manager
1053 *
1054 * and all entries are retrieved by
1055 *
1056 * # cat /sys/kernel/security/tomoyo/manager
1057 */
1058 LIST_HEAD(tomoyo_policy_manager_list);
1059
1060 /**
1061 * tomoyo_update_manager_entry - Add a manager entry.
1062 *
1063 * @manager: The path to manager or the domainnamme.
1064 * @is_delete: True if it is a delete request.
1065 *
1066 * Returns 0 on success, negative value otherwise.
1067 *
1068 * Caller holds tomoyo_read_lock().
1069 */
1070 static int tomoyo_update_manager_entry(const char *manager,
1071 const bool is_delete)
1072 {
1073 struct tomoyo_policy_manager_entry *entry = NULL;
1074 struct tomoyo_policy_manager_entry *ptr;
1075 const struct tomoyo_path_info *saved_manager;
1076 int error = is_delete ? -ENOENT : -ENOMEM;
1077 bool is_domain = false;
1078
1079 if (tomoyo_is_domain_def(manager)) {
1080 if (!tomoyo_is_correct_domain(manager))
1081 return -EINVAL;
1082 is_domain = true;
1083 } else {
1084 if (!tomoyo_is_correct_path(manager, 1, -1, -1))
1085 return -EINVAL;
1086 }
1087 saved_manager = tomoyo_get_name(manager);
1088 if (!saved_manager)
1089 return -ENOMEM;
1090 if (!is_delete)
1091 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
1092 mutex_lock(&tomoyo_policy_lock);
1093 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
1094 if (ptr->manager != saved_manager)
1095 continue;
1096 ptr->is_deleted = is_delete;
1097 error = 0;
1098 break;
1099 }
1100 if (!is_delete && error && tomoyo_memory_ok(entry)) {
1101 entry->manager = saved_manager;
1102 saved_manager = NULL;
1103 entry->is_domain = is_domain;
1104 list_add_tail_rcu(&entry->list, &tomoyo_policy_manager_list);
1105 entry = NULL;
1106 error = 0;
1107 }
1108 mutex_unlock(&tomoyo_policy_lock);
1109 tomoyo_put_name(saved_manager);
1110 kfree(entry);
1111 return error;
1112 }
1113
1114 /**
1115 * tomoyo_write_manager_policy - Write manager policy.
1116 *
1117 * @head: Pointer to "struct tomoyo_io_buffer".
1118 *
1119 * Returns 0 on success, negative value otherwise.
1120 *
1121 * Caller holds tomoyo_read_lock().
1122 */
1123 static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
1124 {
1125 char *data = head->write_buf;
1126 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1127
1128 if (!strcmp(data, "manage_by_non_root")) {
1129 tomoyo_manage_by_non_root = !is_delete;
1130 return 0;
1131 }
1132 return tomoyo_update_manager_entry(data, is_delete);
1133 }
1134
1135 /**
1136 * tomoyo_read_manager_policy - Read manager policy.
1137 *
1138 * @head: Pointer to "struct tomoyo_io_buffer".
1139 *
1140 * Returns 0.
1141 *
1142 * Caller holds tomoyo_read_lock().
1143 */
1144 static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
1145 {
1146 struct list_head *pos;
1147 bool done = true;
1148
1149 if (head->read_eof)
1150 return 0;
1151 list_for_each_cookie(pos, head->read_var2,
1152 &tomoyo_policy_manager_list) {
1153 struct tomoyo_policy_manager_entry *ptr;
1154 ptr = list_entry(pos, struct tomoyo_policy_manager_entry,
1155 list);
1156 if (ptr->is_deleted)
1157 continue;
1158 done = tomoyo_io_printf(head, "%s\n", ptr->manager->name);
1159 if (!done)
1160 break;
1161 }
1162 head->read_eof = done;
1163 return 0;
1164 }
1165
1166 /**
1167 * tomoyo_is_policy_manager - Check whether the current process is a policy manager.
1168 *
1169 * Returns true if the current process is permitted to modify policy
1170 * via /sys/kernel/security/tomoyo/ interface.
1171 *
1172 * Caller holds tomoyo_read_lock().
1173 */
1174 static bool tomoyo_is_policy_manager(void)
1175 {
1176 struct tomoyo_policy_manager_entry *ptr;
1177 const char *exe;
1178 const struct task_struct *task = current;
1179 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
1180 bool found = false;
1181
1182 if (!tomoyo_policy_loaded)
1183 return true;
1184 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
1185 return false;
1186 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
1187 if (!ptr->is_deleted && ptr->is_domain
1188 && !tomoyo_pathcmp(domainname, ptr->manager)) {
1189 found = true;
1190 break;
1191 }
1192 }
1193 if (found)
1194 return true;
1195 exe = tomoyo_get_exe();
1196 if (!exe)
1197 return false;
1198 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
1199 if (!ptr->is_deleted && !ptr->is_domain
1200 && !strcmp(exe, ptr->manager->name)) {
1201 found = true;
1202 break;
1203 }
1204 }
1205 if (!found) { /* Reduce error messages. */
1206 static pid_t last_pid;
1207 const pid_t pid = current->pid;
1208 if (last_pid != pid) {
1209 printk(KERN_WARNING "%s ( %s ) is not permitted to "
1210 "update policies.\n", domainname->name, exe);
1211 last_pid = pid;
1212 }
1213 }
1214 kfree(exe);
1215 return found;
1216 }
1217
1218 /**
1219 * tomoyo_is_select_one - Parse select command.
1220 *
1221 * @head: Pointer to "struct tomoyo_io_buffer".
1222 * @data: String to parse.
1223 *
1224 * Returns true on success, false otherwise.
1225 *
1226 * Caller holds tomoyo_read_lock().
1227 */
1228 static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
1229 const char *data)
1230 {
1231 unsigned int pid;
1232 struct tomoyo_domain_info *domain = NULL;
1233
1234 if (sscanf(data, "pid=%u", &pid) == 1) {
1235 struct task_struct *p;
1236 rcu_read_lock();
1237 read_lock(&tasklist_lock);
1238 p = find_task_by_vpid(pid);
1239 if (p)
1240 domain = tomoyo_real_domain(p);
1241 read_unlock(&tasklist_lock);
1242 rcu_read_unlock();
1243 } else if (!strncmp(data, "domain=", 7)) {
1244 if (tomoyo_is_domain_def(data + 7))
1245 domain = tomoyo_find_domain(data + 7);
1246 } else
1247 return false;
1248 head->write_var1 = domain;
1249 /* Accessing read_buf is safe because head->io_sem is held. */
1250 if (!head->read_buf)
1251 return true; /* Do nothing if open(O_WRONLY). */
1252 head->read_avail = 0;
1253 tomoyo_io_printf(head, "# select %s\n", data);
1254 head->read_single_domain = true;
1255 head->read_eof = !domain;
1256 if (domain) {
1257 struct tomoyo_domain_info *d;
1258 head->read_var1 = NULL;
1259 list_for_each_entry_rcu(d, &tomoyo_domain_list, list) {
1260 if (d == domain)
1261 break;
1262 head->read_var1 = &d->list;
1263 }
1264 head->read_var2 = NULL;
1265 head->read_bit = 0;
1266 head->read_step = 0;
1267 if (domain->is_deleted)
1268 tomoyo_io_printf(head, "# This is a deleted domain.\n");
1269 }
1270 return true;
1271 }
1272
1273 /**
1274 * tomoyo_delete_domain - Delete a domain.
1275 *
1276 * @domainname: The name of domain.
1277 *
1278 * Returns 0.
1279 *
1280 * Caller holds tomoyo_read_lock().
1281 */
1282 static int tomoyo_delete_domain(char *domainname)
1283 {
1284 struct tomoyo_domain_info *domain;
1285 struct tomoyo_path_info name;
1286
1287 name.name = domainname;
1288 tomoyo_fill_path_info(&name);
1289 mutex_lock(&tomoyo_policy_lock);
1290 /* Is there an active domain? */
1291 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
1292 /* Never delete tomoyo_kernel_domain */
1293 if (domain == &tomoyo_kernel_domain)
1294 continue;
1295 if (domain->is_deleted ||
1296 tomoyo_pathcmp(domain->domainname, &name))
1297 continue;
1298 domain->is_deleted = true;
1299 break;
1300 }
1301 mutex_unlock(&tomoyo_policy_lock);
1302 return 0;
1303 }
1304
1305 /**
1306 * tomoyo_write_domain_policy - Write domain policy.
1307 *
1308 * @head: Pointer to "struct tomoyo_io_buffer".
1309 *
1310 * Returns 0 on success, negative value otherwise.
1311 *
1312 * Caller holds tomoyo_read_lock().
1313 */
1314 static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
1315 {
1316 char *data = head->write_buf;
1317 struct tomoyo_domain_info *domain = head->write_var1;
1318 bool is_delete = false;
1319 bool is_select = false;
1320 unsigned int profile;
1321
1322 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
1323 is_delete = true;
1324 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
1325 is_select = true;
1326 if (is_select && tomoyo_is_select_one(head, data))
1327 return 0;
1328 /* Don't allow updating policies by non manager programs. */
1329 if (!tomoyo_is_policy_manager())
1330 return -EPERM;
1331 if (tomoyo_is_domain_def(data)) {
1332 domain = NULL;
1333 if (is_delete)
1334 tomoyo_delete_domain(data);
1335 else if (is_select)
1336 domain = tomoyo_find_domain(data);
1337 else
1338 domain = tomoyo_find_or_assign_new_domain(data, 0);
1339 head->write_var1 = domain;
1340 return 0;
1341 }
1342 if (!domain)
1343 return -EINVAL;
1344
1345 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1
1346 && profile < TOMOYO_MAX_PROFILES) {
1347 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)
1348 domain->profile = (u8) profile;
1349 return 0;
1350 }
1351 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
1352 domain->ignore_global_allow_read = !is_delete;
1353 return 0;
1354 }
1355 return tomoyo_write_file_policy(data, domain, is_delete);
1356 }
1357
1358 /**
1359 * tomoyo_print_path_acl - Print a single path ACL entry.
1360 *
1361 * @head: Pointer to "struct tomoyo_io_buffer".
1362 * @ptr: Pointer to "struct tomoyo_path_acl".
1363 *
1364 * Returns true on success, false otherwise.
1365 */
1366 static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head,
1367 struct tomoyo_path_acl *ptr)
1368 {
1369 int pos;
1370 u8 bit;
1371 const char *atmark = "";
1372 const char *filename;
1373 const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16);
1374
1375 filename = ptr->filename->name;
1376 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
1377 const char *msg;
1378 if (!(perm & (1 << bit)))
1379 continue;
1380 /* Print "read/write" instead of "read" and "write". */
1381 if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE)
1382 && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
1383 continue;
1384 msg = tomoyo_path2keyword(bit);
1385 pos = head->read_avail;
1386 if (!tomoyo_io_printf(head, "allow_%s %s%s\n", msg,
1387 atmark, filename))
1388 goto out;
1389 }
1390 head->read_bit = 0;
1391 return true;
1392 out:
1393 head->read_bit = bit;
1394 head->read_avail = pos;
1395 return false;
1396 }
1397
1398 /**
1399 * tomoyo_print_path2_acl - Print a double path ACL entry.
1400 *
1401 * @head: Pointer to "struct tomoyo_io_buffer".
1402 * @ptr: Pointer to "struct tomoyo_path2_acl".
1403 *
1404 * Returns true on success, false otherwise.
1405 */
1406 static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer *head,
1407 struct tomoyo_path2_acl *ptr)
1408 {
1409 int pos;
1410 const char *atmark1 = "";
1411 const char *atmark2 = "";
1412 const char *filename1;
1413 const char *filename2;
1414 const u8 perm = ptr->perm;
1415 u8 bit;
1416
1417 filename1 = ptr->filename1->name;
1418 filename2 = ptr->filename2->name;
1419 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) {
1420 const char *msg;
1421 if (!(perm & (1 << bit)))
1422 continue;
1423 msg = tomoyo_path22keyword(bit);
1424 pos = head->read_avail;
1425 if (!tomoyo_io_printf(head, "allow_%s %s%s %s%s\n", msg,
1426 atmark1, filename1, atmark2, filename2))
1427 goto out;
1428 }
1429 head->read_bit = 0;
1430 return true;
1431 out:
1432 head->read_bit = bit;
1433 head->read_avail = pos;
1434 return false;
1435 }
1436
1437 /**
1438 * tomoyo_print_entry - Print an ACL entry.
1439 *
1440 * @head: Pointer to "struct tomoyo_io_buffer".
1441 * @ptr: Pointer to an ACL entry.
1442 *
1443 * Returns true on success, false otherwise.
1444 */
1445 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
1446 struct tomoyo_acl_info *ptr)
1447 {
1448 const u8 acl_type = ptr->type;
1449
1450 if (acl_type == TOMOYO_TYPE_PATH_ACL) {
1451 struct tomoyo_path_acl *acl
1452 = container_of(ptr, struct tomoyo_path_acl, head);
1453 return tomoyo_print_path_acl(head, acl);
1454 }
1455 if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
1456 struct tomoyo_path2_acl *acl
1457 = container_of(ptr, struct tomoyo_path2_acl, head);
1458 return tomoyo_print_path2_acl(head, acl);
1459 }
1460 BUG(); /* This must not happen. */
1461 return false;
1462 }
1463
1464 /**
1465 * tomoyo_read_domain_policy - Read domain policy.
1466 *
1467 * @head: Pointer to "struct tomoyo_io_buffer".
1468 *
1469 * Returns 0.
1470 *
1471 * Caller holds tomoyo_read_lock().
1472 */
1473 static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head)
1474 {
1475 struct list_head *dpos;
1476 struct list_head *apos;
1477 bool done = true;
1478
1479 if (head->read_eof)
1480 return 0;
1481 if (head->read_step == 0)
1482 head->read_step = 1;
1483 list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) {
1484 struct tomoyo_domain_info *domain;
1485 const char *quota_exceeded = "";
1486 const char *transition_failed = "";
1487 const char *ignore_global_allow_read = "";
1488 domain = list_entry(dpos, struct tomoyo_domain_info, list);
1489 if (head->read_step != 1)
1490 goto acl_loop;
1491 if (domain->is_deleted && !head->read_single_domain)
1492 continue;
1493 /* Print domainname and flags. */
1494 if (domain->quota_warned)
1495 quota_exceeded = "quota_exceeded\n";
1496 if (domain->transition_failed)
1497 transition_failed = "transition_failed\n";
1498 if (domain->ignore_global_allow_read)
1499 ignore_global_allow_read
1500 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n";
1501 done = tomoyo_io_printf(head, "%s\n" TOMOYO_KEYWORD_USE_PROFILE
1502 "%u\n%s%s%s\n",
1503 domain->domainname->name,
1504 domain->profile, quota_exceeded,
1505 transition_failed,
1506 ignore_global_allow_read);
1507 if (!done)
1508 break;
1509 head->read_step = 2;
1510 acl_loop:
1511 if (head->read_step == 3)
1512 goto tail_mark;
1513 /* Print ACL entries in the domain. */
1514 list_for_each_cookie(apos, head->read_var2,
1515 &domain->acl_info_list) {
1516 struct tomoyo_acl_info *ptr
1517 = list_entry(apos, struct tomoyo_acl_info,
1518 list);
1519 done = tomoyo_print_entry(head, ptr);
1520 if (!done)
1521 break;
1522 }
1523 if (!done)
1524 break;
1525 head->read_step = 3;
1526 tail_mark:
1527 done = tomoyo_io_printf(head, "\n");
1528 if (!done)
1529 break;
1530 head->read_step = 1;
1531 if (head->read_single_domain)
1532 break;
1533 }
1534 head->read_eof = done;
1535 return 0;
1536 }
1537
1538 /**
1539 * tomoyo_write_domain_profile - Assign profile for specified domain.
1540 *
1541 * @head: Pointer to "struct tomoyo_io_buffer".
1542 *
1543 * Returns 0 on success, -EINVAL otherwise.
1544 *
1545 * This is equivalent to doing
1546 *
1547 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1548 * /usr/lib/ccs/loadpolicy -d
1549 *
1550 * Caller holds tomoyo_read_lock().
1551 */
1552 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1553 {
1554 char *data = head->write_buf;
1555 char *cp = strchr(data, ' ');
1556 struct tomoyo_domain_info *domain;
1557 unsigned long profile;
1558
1559 if (!cp)
1560 return -EINVAL;
1561 *cp = '\0';
1562 domain = tomoyo_find_domain(cp + 1);
1563 if (strict_strtoul(data, 10, &profile))
1564 return -EINVAL;
1565 if (domain && profile < TOMOYO_MAX_PROFILES
1566 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded))
1567 domain->profile = (u8) profile;
1568 return 0;
1569 }
1570
1571 /**
1572 * tomoyo_read_domain_profile - Read only domainname and profile.
1573 *
1574 * @head: Pointer to "struct tomoyo_io_buffer".
1575 *
1576 * Returns list of profile number and domainname pairs.
1577 *
1578 * This is equivalent to doing
1579 *
1580 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1581 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1582 * domainname = $0; } else if ( $1 == "use_profile" ) {
1583 * print $2 " " domainname; domainname = ""; } } ; '
1584 *
1585 * Caller holds tomoyo_read_lock().
1586 */
1587 static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1588 {
1589 struct list_head *pos;
1590 bool done = true;
1591
1592 if (head->read_eof)
1593 return 0;
1594 list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) {
1595 struct tomoyo_domain_info *domain;
1596 domain = list_entry(pos, struct tomoyo_domain_info, list);
1597 if (domain->is_deleted)
1598 continue;
1599 done = tomoyo_io_printf(head, "%u %s\n", domain->profile,
1600 domain->domainname->name);
1601 if (!done)
1602 break;
1603 }
1604 head->read_eof = done;
1605 return 0;
1606 }
1607
1608 /**
1609 * tomoyo_write_pid: Specify PID to obtain domainname.
1610 *
1611 * @head: Pointer to "struct tomoyo_io_buffer".
1612 *
1613 * Returns 0.
1614 */
1615 static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1616 {
1617 unsigned long pid;
1618 /* No error check. */
1619 strict_strtoul(head->write_buf, 10, &pid);
1620 head->read_step = (int) pid;
1621 head->read_eof = false;
1622 return 0;
1623 }
1624
1625 /**
1626 * tomoyo_read_pid - Get domainname of the specified PID.
1627 *
1628 * @head: Pointer to "struct tomoyo_io_buffer".
1629 *
1630 * Returns the domainname which the specified PID is in on success,
1631 * empty string otherwise.
1632 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1633 * using read()/write() interface rather than sysctl() interface.
1634 */
1635 static int tomoyo_read_pid(struct tomoyo_io_buffer *head)
1636 {
1637 if (head->read_avail == 0 && !head->read_eof) {
1638 const int pid = head->read_step;
1639 struct task_struct *p;
1640 struct tomoyo_domain_info *domain = NULL;
1641 rcu_read_lock();
1642 read_lock(&tasklist_lock);
1643 p = find_task_by_vpid(pid);
1644 if (p)
1645 domain = tomoyo_real_domain(p);
1646 read_unlock(&tasklist_lock);
1647 rcu_read_unlock();
1648 if (domain)
1649 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile,
1650 domain->domainname->name);
1651 head->read_eof = true;
1652 }
1653 return 0;
1654 }
1655
1656 /**
1657 * tomoyo_write_exception_policy - Write exception policy.
1658 *
1659 * @head: Pointer to "struct tomoyo_io_buffer".
1660 *
1661 * Returns 0 on success, negative value otherwise.
1662 *
1663 * Caller holds tomoyo_read_lock().
1664 */
1665 static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
1666 {
1667 char *data = head->write_buf;
1668 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1669
1670 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_KEEP_DOMAIN))
1671 return tomoyo_write_domain_keeper_policy(data, false,
1672 is_delete);
1673 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_KEEP_DOMAIN))
1674 return tomoyo_write_domain_keeper_policy(data, true, is_delete);
1675 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_INITIALIZE_DOMAIN))
1676 return tomoyo_write_domain_initializer_policy(data, false,
1677 is_delete);
1678 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN))
1679 return tomoyo_write_domain_initializer_policy(data, true,
1680 is_delete);
1681 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS))
1682 return tomoyo_write_alias_policy(data, is_delete);
1683 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ))
1684 return tomoyo_write_globally_readable_policy(data, is_delete);
1685 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN))
1686 return tomoyo_write_pattern_policy(data, is_delete);
1687 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE))
1688 return tomoyo_write_no_rewrite_policy(data, is_delete);
1689 return -EINVAL;
1690 }
1691
1692 /**
1693 * tomoyo_read_exception_policy - Read exception policy.
1694 *
1695 * @head: Pointer to "struct tomoyo_io_buffer".
1696 *
1697 * Returns 0 on success, -EINVAL otherwise.
1698 *
1699 * Caller holds tomoyo_read_lock().
1700 */
1701 static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head)
1702 {
1703 if (!head->read_eof) {
1704 switch (head->read_step) {
1705 case 0:
1706 head->read_var2 = NULL;
1707 head->read_step = 1;
1708 case 1:
1709 if (!tomoyo_read_domain_keeper_policy(head))
1710 break;
1711 head->read_var2 = NULL;
1712 head->read_step = 2;
1713 case 2:
1714 if (!tomoyo_read_globally_readable_policy(head))
1715 break;
1716 head->read_var2 = NULL;
1717 head->read_step = 3;
1718 case 3:
1719 head->read_var2 = NULL;
1720 head->read_step = 4;
1721 case 4:
1722 if (!tomoyo_read_domain_initializer_policy(head))
1723 break;
1724 head->read_var2 = NULL;
1725 head->read_step = 5;
1726 case 5:
1727 if (!tomoyo_read_alias_policy(head))
1728 break;
1729 head->read_var2 = NULL;
1730 head->read_step = 6;
1731 case 6:
1732 head->read_var2 = NULL;
1733 head->read_step = 7;
1734 case 7:
1735 if (!tomoyo_read_file_pattern(head))
1736 break;
1737 head->read_var2 = NULL;
1738 head->read_step = 8;
1739 case 8:
1740 if (!tomoyo_read_no_rewrite_policy(head))
1741 break;
1742 head->read_var2 = NULL;
1743 head->read_step = 9;
1744 case 9:
1745 head->read_eof = true;
1746 break;
1747 default:
1748 return -EINVAL;
1749 }
1750 }
1751 return 0;
1752 }
1753
1754 /* path to policy loader */
1755 static const char *tomoyo_loader = "/sbin/tomoyo-init";
1756
1757 /**
1758 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
1759 *
1760 * Returns true if /sbin/tomoyo-init exists, false otherwise.
1761 */
1762 static bool tomoyo_policy_loader_exists(void)
1763 {
1764 /*
1765 * Don't activate MAC if the policy loader doesn't exist.
1766 * If the initrd includes /sbin/init but real-root-dev has not
1767 * mounted on / yet, activating MAC will block the system since
1768 * policies are not loaded yet.
1769 * Thus, let do_execve() call this function everytime.
1770 */
1771 struct path path;
1772
1773 if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
1774 printk(KERN_INFO "Not activating Mandatory Access Control now "
1775 "since %s doesn't exist.\n", tomoyo_loader);
1776 return false;
1777 }
1778 path_put(&path);
1779 return true;
1780 }
1781
1782 /**
1783 * tomoyo_load_policy - Run external policy loader to load policy.
1784 *
1785 * @filename: The program about to start.
1786 *
1787 * This function checks whether @filename is /sbin/init , and if so
1788 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
1789 * and then continues invocation of /sbin/init.
1790 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
1791 * writes to /sys/kernel/security/tomoyo/ interfaces.
1792 *
1793 * Returns nothing.
1794 */
1795 void tomoyo_load_policy(const char *filename)
1796 {
1797 char *argv[2];
1798 char *envp[3];
1799
1800 if (tomoyo_policy_loaded)
1801 return;
1802 /*
1803 * Check filename is /sbin/init or /sbin/tomoyo-start.
1804 * /sbin/tomoyo-start is a dummy filename in case where /sbin/init can't
1805 * be passed.
1806 * You can create /sbin/tomoyo-start by
1807 * "ln -s /bin/true /sbin/tomoyo-start".
1808 */
1809 if (strcmp(filename, "/sbin/init") &&
1810 strcmp(filename, "/sbin/tomoyo-start"))
1811 return;
1812 if (!tomoyo_policy_loader_exists())
1813 return;
1814
1815 printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
1816 tomoyo_loader);
1817 argv[0] = (char *) tomoyo_loader;
1818 argv[1] = NULL;
1819 envp[0] = "HOME=/";
1820 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
1821 envp[2] = NULL;
1822 call_usermodehelper(argv[0], argv, envp, 1);
1823
1824 printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n");
1825 printk(KERN_INFO "Mandatory Access Control activated.\n");
1826 tomoyo_policy_loaded = true;
1827 { /* Check all profiles currently assigned to domains are defined. */
1828 struct tomoyo_domain_info *domain;
1829 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
1830 const u8 profile = domain->profile;
1831 if (tomoyo_profile_ptr[profile])
1832 continue;
1833 panic("Profile %u (used by '%s') not defined.\n",
1834 profile, domain->domainname->name);
1835 }
1836 }
1837 }
1838
1839 /**
1840 * tomoyo_read_version: Get version.
1841 *
1842 * @head: Pointer to "struct tomoyo_io_buffer".
1843 *
1844 * Returns version information.
1845 */
1846 static int tomoyo_read_version(struct tomoyo_io_buffer *head)
1847 {
1848 if (!head->read_eof) {
1849 tomoyo_io_printf(head, "2.2.0");
1850 head->read_eof = true;
1851 }
1852 return 0;
1853 }
1854
1855 /**
1856 * tomoyo_read_self_domain - Get the current process's domainname.
1857 *
1858 * @head: Pointer to "struct tomoyo_io_buffer".
1859 *
1860 * Returns the current process's domainname.
1861 */
1862 static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1863 {
1864 if (!head->read_eof) {
1865 /*
1866 * tomoyo_domain()->domainname != NULL
1867 * because every process belongs to a domain and
1868 * the domain's name cannot be NULL.
1869 */
1870 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1871 head->read_eof = true;
1872 }
1873 return 0;
1874 }
1875
1876 /**
1877 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1878 *
1879 * @type: Type of interface.
1880 * @file: Pointer to "struct file".
1881 *
1882 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
1883 *
1884 * Caller acquires tomoyo_read_lock().
1885 */
1886 static int tomoyo_open_control(const u8 type, struct file *file)
1887 {
1888 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_KERNEL);
1889
1890 if (!head)
1891 return -ENOMEM;
1892 mutex_init(&head->io_sem);
1893 switch (type) {
1894 case TOMOYO_DOMAINPOLICY:
1895 /* /sys/kernel/security/tomoyo/domain_policy */
1896 head->write = tomoyo_write_domain_policy;
1897 head->read = tomoyo_read_domain_policy;
1898 break;
1899 case TOMOYO_EXCEPTIONPOLICY:
1900 /* /sys/kernel/security/tomoyo/exception_policy */
1901 head->write = tomoyo_write_exception_policy;
1902 head->read = tomoyo_read_exception_policy;
1903 break;
1904 case TOMOYO_SELFDOMAIN:
1905 /* /sys/kernel/security/tomoyo/self_domain */
1906 head->read = tomoyo_read_self_domain;
1907 break;
1908 case TOMOYO_DOMAIN_STATUS:
1909 /* /sys/kernel/security/tomoyo/.domain_status */
1910 head->write = tomoyo_write_domain_profile;
1911 head->read = tomoyo_read_domain_profile;
1912 break;
1913 case TOMOYO_PROCESS_STATUS:
1914 /* /sys/kernel/security/tomoyo/.process_status */
1915 head->write = tomoyo_write_pid;
1916 head->read = tomoyo_read_pid;
1917 break;
1918 case TOMOYO_VERSION:
1919 /* /sys/kernel/security/tomoyo/version */
1920 head->read = tomoyo_read_version;
1921 head->readbuf_size = 128;
1922 break;
1923 case TOMOYO_MEMINFO:
1924 /* /sys/kernel/security/tomoyo/meminfo */
1925 head->write = tomoyo_write_memory_quota;
1926 head->read = tomoyo_read_memory_counter;
1927 head->readbuf_size = 512;
1928 break;
1929 case TOMOYO_PROFILE:
1930 /* /sys/kernel/security/tomoyo/profile */
1931 head->write = tomoyo_write_profile;
1932 head->read = tomoyo_read_profile;
1933 break;
1934 case TOMOYO_MANAGER:
1935 /* /sys/kernel/security/tomoyo/manager */
1936 head->write = tomoyo_write_manager_policy;
1937 head->read = tomoyo_read_manager_policy;
1938 break;
1939 }
1940 if (!(file->f_mode & FMODE_READ)) {
1941 /*
1942 * No need to allocate read_buf since it is not opened
1943 * for reading.
1944 */
1945 head->read = NULL;
1946 } else {
1947 if (!head->readbuf_size)
1948 head->readbuf_size = 4096 * 2;
1949 head->read_buf = kzalloc(head->readbuf_size, GFP_KERNEL);
1950 if (!head->read_buf) {
1951 kfree(head);
1952 return -ENOMEM;
1953 }
1954 }
1955 if (!(file->f_mode & FMODE_WRITE)) {
1956 /*
1957 * No need to allocate write_buf since it is not opened
1958 * for writing.
1959 */
1960 head->write = NULL;
1961 } else if (head->write) {
1962 head->writebuf_size = 4096 * 2;
1963 head->write_buf = kzalloc(head->writebuf_size, GFP_KERNEL);
1964 if (!head->write_buf) {
1965 kfree(head->read_buf);
1966 kfree(head);
1967 return -ENOMEM;
1968 }
1969 }
1970 head->reader_idx = tomoyo_read_lock();
1971 file->private_data = head;
1972 /*
1973 * Call the handler now if the file is
1974 * /sys/kernel/security/tomoyo/self_domain
1975 * so that the user can use
1976 * cat < /sys/kernel/security/tomoyo/self_domain"
1977 * to know the current process's domainname.
1978 */
1979 if (type == TOMOYO_SELFDOMAIN)
1980 tomoyo_read_control(file, NULL, 0);
1981 return 0;
1982 }
1983
1984 /**
1985 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
1986 *
1987 * @file: Pointer to "struct file".
1988 * @buffer: Poiner to buffer to write to.
1989 * @buffer_len: Size of @buffer.
1990 *
1991 * Returns bytes read on success, negative value otherwise.
1992 *
1993 * Caller holds tomoyo_read_lock().
1994 */
1995 static int tomoyo_read_control(struct file *file, char __user *buffer,
1996 const int buffer_len)
1997 {
1998 int len = 0;
1999 struct tomoyo_io_buffer *head = file->private_data;
2000 char *cp;
2001
2002 if (!head->read)
2003 return -ENOSYS;
2004 if (mutex_lock_interruptible(&head->io_sem))
2005 return -EINTR;
2006 /* Call the policy handler. */
2007 len = head->read(head);
2008 if (len < 0)
2009 goto out;
2010 /* Write to buffer. */
2011 len = head->read_avail;
2012 if (len > buffer_len)
2013 len = buffer_len;
2014 if (!len)
2015 goto out;
2016 /* head->read_buf changes by some functions. */
2017 cp = head->read_buf;
2018 if (copy_to_user(buffer, cp, len)) {
2019 len = -EFAULT;
2020 goto out;
2021 }
2022 head->read_avail -= len;
2023 memmove(cp, cp + len, head->read_avail);
2024 out:
2025 mutex_unlock(&head->io_sem);
2026 return len;
2027 }
2028
2029 /**
2030 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
2031 *
2032 * @file: Pointer to "struct file".
2033 * @buffer: Pointer to buffer to read from.
2034 * @buffer_len: Size of @buffer.
2035 *
2036 * Returns @buffer_len on success, negative value otherwise.
2037 *
2038 * Caller holds tomoyo_read_lock().
2039 */
2040 static int tomoyo_write_control(struct file *file, const char __user *buffer,
2041 const int buffer_len)
2042 {
2043 struct tomoyo_io_buffer *head = file->private_data;
2044 int error = buffer_len;
2045 int avail_len = buffer_len;
2046 char *cp0 = head->write_buf;
2047
2048 if (!head->write)
2049 return -ENOSYS;
2050 if (!access_ok(VERIFY_READ, buffer, buffer_len))
2051 return -EFAULT;
2052 /* Don't allow updating policies by non manager programs. */
2053 if (head->write != tomoyo_write_pid &&
2054 head->write != tomoyo_write_domain_policy &&
2055 !tomoyo_is_policy_manager())
2056 return -EPERM;
2057 if (mutex_lock_interruptible(&head->io_sem))
2058 return -EINTR;
2059 /* Read a line and dispatch it to the policy handler. */
2060 while (avail_len > 0) {
2061 char c;
2062 if (head->write_avail >= head->writebuf_size - 1) {
2063 error = -ENOMEM;
2064 break;
2065 } else if (get_user(c, buffer)) {
2066 error = -EFAULT;
2067 break;
2068 }
2069 buffer++;
2070 avail_len--;
2071 cp0[head->write_avail++] = c;
2072 if (c != '\n')
2073 continue;
2074 cp0[head->write_avail - 1] = '\0';
2075 head->write_avail = 0;
2076 tomoyo_normalize_line(cp0);
2077 head->write(head);
2078 }
2079 mutex_unlock(&head->io_sem);
2080 return error;
2081 }
2082
2083 /**
2084 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
2085 *
2086 * @file: Pointer to "struct file".
2087 *
2088 * Releases memory and returns 0.
2089 *
2090 * Caller looses tomoyo_read_lock().
2091 */
2092 static int tomoyo_close_control(struct file *file)
2093 {
2094 struct tomoyo_io_buffer *head = file->private_data;
2095 const bool is_write = !!head->write_buf;
2096
2097 tomoyo_read_unlock(head->reader_idx);
2098 /* Release memory used for policy I/O. */
2099 kfree(head->read_buf);
2100 head->read_buf = NULL;
2101 kfree(head->write_buf);
2102 head->write_buf = NULL;
2103 kfree(head);
2104 head = NULL;
2105 file->private_data = NULL;
2106 if (is_write)
2107 tomoyo_run_gc();
2108 return 0;
2109 }
2110
2111 /**
2112 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
2113 *
2114 * @inode: Pointer to "struct inode".
2115 * @file: Pointer to "struct file".
2116 *
2117 * Returns 0 on success, negative value otherwise.
2118 */
2119 static int tomoyo_open(struct inode *inode, struct file *file)
2120 {
2121 const int key = ((u8 *) file->f_path.dentry->d_inode->i_private)
2122 - ((u8 *) NULL);
2123 return tomoyo_open_control(key, file);
2124 }
2125
2126 /**
2127 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
2128 *
2129 * @inode: Pointer to "struct inode".
2130 * @file: Pointer to "struct file".
2131 *
2132 * Returns 0 on success, negative value otherwise.
2133 */
2134 static int tomoyo_release(struct inode *inode, struct file *file)
2135 {
2136 return tomoyo_close_control(file);
2137 }
2138
2139 /**
2140 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
2141 *
2142 * @file: Pointer to "struct file".
2143 * @buf: Pointer to buffer.
2144 * @count: Size of @buf.
2145 * @ppos: Unused.
2146 *
2147 * Returns bytes read on success, negative value otherwise.
2148 */
2149 static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
2150 loff_t *ppos)
2151 {
2152 return tomoyo_read_control(file, buf, count);
2153 }
2154
2155 /**
2156 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
2157 *
2158 * @file: Pointer to "struct file".
2159 * @buf: Pointer to buffer.
2160 * @count: Size of @buf.
2161 * @ppos: Unused.
2162 *
2163 * Returns @count on success, negative value otherwise.
2164 */
2165 static ssize_t tomoyo_write(struct file *file, const char __user *buf,
2166 size_t count, loff_t *ppos)
2167 {
2168 return tomoyo_write_control(file, buf, count);
2169 }
2170
2171 /*
2172 * tomoyo_operations is a "struct file_operations" which is used for handling
2173 * /sys/kernel/security/tomoyo/ interface.
2174 *
2175 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
2176 * See tomoyo_io_buffer for internals.
2177 */
2178 static const struct file_operations tomoyo_operations = {
2179 .open = tomoyo_open,
2180 .release = tomoyo_release,
2181 .read = tomoyo_read,
2182 .write = tomoyo_write,
2183 };
2184
2185 /**
2186 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
2187 *
2188 * @name: The name of the interface file.
2189 * @mode: The permission of the interface file.
2190 * @parent: The parent directory.
2191 * @key: Type of interface.
2192 *
2193 * Returns nothing.
2194 */
2195 static void __init tomoyo_create_entry(const char *name, const mode_t mode,
2196 struct dentry *parent, const u8 key)
2197 {
2198 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
2199 &tomoyo_operations);
2200 }
2201
2202 /**
2203 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
2204 *
2205 * Returns 0.
2206 */
2207 static int __init tomoyo_initerface_init(void)
2208 {
2209 struct dentry *tomoyo_dir;
2210
2211 /* Don't create securityfs entries unless registered. */
2212 if (current_cred()->security != &tomoyo_kernel_domain)
2213 return 0;
2214
2215 tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
2216 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
2217 TOMOYO_DOMAINPOLICY);
2218 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
2219 TOMOYO_EXCEPTIONPOLICY);
2220 tomoyo_create_entry("self_domain", 0400, tomoyo_dir,
2221 TOMOYO_SELFDOMAIN);
2222 tomoyo_create_entry(".domain_status", 0600, tomoyo_dir,
2223 TOMOYO_DOMAIN_STATUS);
2224 tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
2225 TOMOYO_PROCESS_STATUS);
2226 tomoyo_create_entry("meminfo", 0600, tomoyo_dir,
2227 TOMOYO_MEMINFO);
2228 tomoyo_create_entry("profile", 0600, tomoyo_dir,
2229 TOMOYO_PROFILE);
2230 tomoyo_create_entry("manager", 0600, tomoyo_dir,
2231 TOMOYO_MANAGER);
2232 tomoyo_create_entry("version", 0400, tomoyo_dir,
2233 TOMOYO_VERSION);
2234 return 0;
2235 }
2236
2237 fs_initcall(tomoyo_initerface_init);
Mirror of NV Tegra kernel