Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 35652fe1858e664707cfa32e80547b210cc41f78 / . / security / tomoyo / common.c
blob: ddfb9cccf468aee271c4a84757c5f475a8c47524 [file] [log] [blame]
Kentaro Takeda95908372009-02-05 17:18:13 +0900[diff] [blame]1/*
2 * security/tomoyo/common.c
3 *
4 * Common functions for TOMOYO.
5 *
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
7 *
Tetsuo Handa39826a12009-04-08 22:31:28 +0900[diff] [blame]8 * Version: 2.2.0 2009/04/01
Kentaro Takeda95908372009-02-05 17:18:13 +0900[diff] [blame]9 *
10 */
11
12#include <linux/uaccess.h>
13#include <linux/security.h>
14#include <linux/hardirq.h>
15#include "realpath.h"
16#include "common.h"
17#include "tomoyo.h"
18
19/* Has loading policy done? */
20bool tomoyo_policy_loaded;
21
22/* String table for functionality that takes 4 modes. */
23static const char *tomoyo_mode_4[4] = {
24 "disabled", "learning", "permissive", "enforcing"
25};
26/* String table for functionality that takes 2 modes. */
27static const char *tomoyo_mode_2[4] = {
28 "disabled", "enabled", "enabled", "enabled"
29};
30
31/* Table for profile. */
32static struct {
33 const char *keyword;
34 unsigned int current_value;
35 const unsigned int max_value;
36} tomoyo_control_array[TOMOYO_MAX_CONTROL_INDEX] = {
37 [TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 },
38 [TOMOYO_MAX_ACCEPT_ENTRY] = { "MAX_ACCEPT_ENTRY", 2048, INT_MAX },
39 [TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 },
40};
41
42/* Profile table. Memory is allocated as needed. */
43static struct tomoyo_profile {
44 unsigned int value[TOMOYO_MAX_CONTROL_INDEX];
45 const struct tomoyo_path_info *comment;
46} *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES];
47
48/* Permit policy management by non-root user? */
49static bool tomoyo_manage_by_non_root;
50
51/* Utility functions. */
52
53/* Open operation for /sys/kernel/security/tomoyo/ interface. */
54static int tomoyo_open_control(const u8 type, struct file *file);
55/* Close /sys/kernel/security/tomoyo/ interface. */
56static int tomoyo_close_control(struct file *file);
57/* Read operation for /sys/kernel/security/tomoyo/ interface. */
58static int tomoyo_read_control(struct file *file, char __user *buffer,
59 const int buffer_len);
60/* Write operation for /sys/kernel/security/tomoyo/ interface. */
61static int tomoyo_write_control(struct file *file, const char __user *buffer,
62 const int buffer_len);
63
64/**
65 * tomoyo_is_byte_range - Check whether the string isa \ooo style octal value.
66 *
67 * @str: Pointer to the string.
68 *
69 * Returns true if @str is a \ooo style octal value, false otherwise.
70 *
71 * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF.
72 * This function verifies that \ooo is in valid range.
73 */
74static inline bool tomoyo_is_byte_range(const char *str)
75{
76 return *str >= '0' && *str++ <= '3' &&
77 *str >= '0' && *str++ <= '7' &&
78 *str >= '0' && *str <= '7';
79}
80
81/**
82 * tomoyo_is_alphabet_char - Check whether the character is an alphabet.
83 *
84 * @c: The character to check.
85 *
86 * Returns true if @c is an alphabet character, false otherwise.
87 */
88static inline bool tomoyo_is_alphabet_char(const char c)
89{
90 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z');
91}
92
93/**
94 * tomoyo_make_byte - Make byte value from three octal characters.
95 *
96 * @c1: The first character.
97 * @c2: The second character.
98 * @c3: The third character.
99 *
100 * Returns byte value.
101 */
102static inline u8 tomoyo_make_byte(const u8 c1, const u8 c2, const u8 c3)
103{
104 return ((c1 - '0') << 6) + ((c2 - '0') << 3) + (c3 - '0');
105}
106
107/**
108 * tomoyo_str_starts - Check whether the given string starts with the given keyword.
109 *
110 * @src: Pointer to pointer to the string.
111 * @find: Pointer to the keyword.
112 *
113 * Returns true if @src starts with @find, false otherwise.
114 *
115 * The @src is updated to point the first character after the @find
116 * if @src starts with @find.
117 */
118static bool tomoyo_str_starts(char **src, const char *find)
119{
120 const int len = strlen(find);
121 char *tmp = *src;
122
123 if (strncmp(tmp, find, len))
124 return false;
125 tmp += len;
126 *src = tmp;
127 return true;
128}
129
130/**
131 * tomoyo_normalize_line - Format string.
132 *
133 * @buffer: The line to normalize.
134 *
135 * Leading and trailing whitespaces are removed.
136 * Multiple whitespaces are packed into single space.
137 *
138 * Returns nothing.
139 */
140static void tomoyo_normalize_line(unsigned char *buffer)
141{
142 unsigned char *sp = buffer;
143 unsigned char *dp = buffer;
144 bool first = true;
145
146 while (tomoyo_is_invalid(*sp))
147 sp++;
148 while (*sp) {
149 if (!first)
150 *dp++ = ' ';
151 first = false;
152 while (tomoyo_is_valid(*sp))
153 *dp++ = *sp++;
154 while (tomoyo_is_invalid(*sp))
155 sp++;
156 }
157 *dp = '\0';
158}
159
160/**
161 * tomoyo_is_correct_path - Validate a pathname.
162 * @filename: The pathname to check.
163 * @start_type: Should the pathname start with '/'?
164 * 1 = must / -1 = must not / 0 = don't care
165 * @pattern_type: Can the pathname contain a wildcard?
166 * 1 = must / -1 = must not / 0 = don't care
167 * @end_type: Should the pathname end with '/'?
168 * 1 = must / -1 = must not / 0 = don't care
169 * @function: The name of function calling me.
170 *
171 * Check whether the given filename follows the naming rules.
172 * Returns true if @filename follows the naming rules, false otherwise.
173 */
174bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
175 const s8 pattern_type, const s8 end_type,
176 const char *function)
177{
178 bool contains_pattern = false;
179 unsigned char c;
180 unsigned char d;
181 unsigned char e;
182 const char *original_filename = filename;
183
184 if (!filename)
185 goto out;
186 c = *filename;
187 if (start_type == 1) { /* Must start with '/' */
188 if (c != '/')
189 goto out;
190 } else if (start_type == -1) { /* Must not start with '/' */
191 if (c == '/')
192 goto out;
193 }
194 if (c)
195 c = *(filename + strlen(filename) - 1);
196 if (end_type == 1) { /* Must end with '/' */
197 if (c != '/')
198 goto out;
199 } else if (end_type == -1) { /* Must not end with '/' */
200 if (c == '/')
201 goto out;
202 }
203 while ((c = *filename++) != '\0') {
204 if (c == '\\') {
205 switch ((c = *filename++)) {
206 case '\\': /* "\\" */
207 continue;
208 case '$': /* "\$" */
209 case '+': /* "\+" */
210 case '?': /* "\?" */
211 case '*': /* "\*" */
212 case '@': /* "\@" */
213 case 'x': /* "\x" */
214 case 'X': /* "\X" */
215 case 'a': /* "\a" */
216 case 'A': /* "\A" */
217 case '-': /* "\-" */
218 if (pattern_type == -1)
219 break; /* Must not contain pattern */
220 contains_pattern = true;
221 continue;
222 case '0': /* "\ooo" */
223 case '1':
224 case '2':
225 case '3':
226 d = *filename++;
227 if (d < '0' || d > '7')
228 break;
229 e = *filename++;
230 if (e < '0' || e > '7')
231 break;
232 c = tomoyo_make_byte(c, d, e);
233 if (tomoyo_is_invalid(c))
234 continue; /* pattern is not \000 */
235 }
236 goto out;
237 } else if (tomoyo_is_invalid(c)) {
238 goto out;
239 }
240 }
241 if (pattern_type == 1) { /* Must contain pattern */
242 if (!contains_pattern)
243 goto out;
244 }
245 return true;
246 out:
247 printk(KERN_DEBUG "%s: Invalid pathname '%s'\n", function,
248 original_filename);
249 return false;
250}
251
252/**
253 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules.
254 * @domainname: The domainname to check.
255 * @function: The name of function calling me.
256 *
257 * Returns true if @domainname follows the naming rules, false otherwise.
258 */
259bool tomoyo_is_correct_domain(const unsigned char *domainname,
260 const char *function)
261{
262 unsigned char c;
263 unsigned char d;
264 unsigned char e;
265 const char *org_domainname = domainname;
266
267 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME,
268 TOMOYO_ROOT_NAME_LEN))
269 goto out;
270 domainname += TOMOYO_ROOT_NAME_LEN;
271 if (!*domainname)
272 return true;
273 do {
274 if (*domainname++ != ' ')
275 goto out;
276 if (*domainname++ != '/')
277 goto out;
278 while ((c = *domainname) != '\0' && c != ' ') {
279 domainname++;
280 if (c == '\\') {
281 c = *domainname++;
282 switch ((c)) {
283 case '\\': /* "\\" */
284 continue;
285 case '0': /* "\ooo" */
286 case '1':
287 case '2':
288 case '3':
289 d = *domainname++;
290 if (d < '0' || d > '7')
291 break;
292 e = *domainname++;
293 if (e < '0' || e > '7')
294 break;
295 c = tomoyo_make_byte(c, d, e);
296 if (tomoyo_is_invalid(c))
297 /* pattern is not \000 */
298 continue;
299 }
300 goto out;
301 } else if (tomoyo_is_invalid(c)) {
302 goto out;
303 }
304 }
305 } while (*domainname);
306 return true;
307 out:
308 printk(KERN_DEBUG "%s: Invalid domainname '%s'\n", function,
309 org_domainname);
310 return false;
311}
312
313/**
314 * tomoyo_is_domain_def - Check whether the given token can be a domainname.
315 *
316 * @buffer: The token to check.
317 *
318 * Returns true if @buffer possibly be a domainname, false otherwise.
319 */
320bool tomoyo_is_domain_def(const unsigned char *buffer)
321{
322 return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN);
323}
324
325/**
326 * tomoyo_find_domain - Find a domain by the given name.
327 *
328 * @domainname: The domainname to find.
329 *
330 * Caller must call down_read(&tomoyo_domain_list_lock); or
331 * down_write(&tomoyo_domain_list_lock); .
332 *
333 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise.
334 */
335struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname)
336{
337 struct tomoyo_domain_info *domain;
338 struct tomoyo_path_info name;
339
340 name.name = domainname;
341 tomoyo_fill_path_info(&name);
342 list_for_each_entry(domain, &tomoyo_domain_list, list) {
343 if (!domain->is_deleted &&
344 !tomoyo_pathcmp(&name, domain->domainname))
345 return domain;
346 }
347 return NULL;
348}
349
350/**
351 * tomoyo_path_depth - Evaluate the number of '/' in a string.
352 *
353 * @pathname: The string to evaluate.
354 *
355 * Returns path depth of the string.
356 *
357 * I score 2 for each of the '/' in the @pathname
358 * and score 1 if the @pathname ends with '/'.
359 */
360static int tomoyo_path_depth(const char *pathname)
361{
362 int i = 0;
363
364 if (pathname) {
365 const char *ep = pathname + strlen(pathname);
366 if (pathname < ep--) {
367 if (*ep != '/')
368 i++;
369 while (pathname <= ep)
370 if (*ep-- == '/')
371 i += 2;
372 }
373 }
374 return i;
375}
376
377/**
378 * tomoyo_const_part_length - Evaluate the initial length without a pattern in a token.
379 *
380 * @filename: The string to evaluate.
381 *
382 * Returns the initial length without a pattern in @filename.
383 */
384static int tomoyo_const_part_length(const char *filename)
385{
386 char c;
387 int len = 0;
388
389 if (!filename)
390 return 0;
391 while ((c = *filename++) != '\0') {
392 if (c != '\\') {
393 len++;
394 continue;
395 }
396 c = *filename++;
397 switch (c) {
398 case '\\': /* "\\" */
399 len += 2;
400 continue;
401 case '0': /* "\ooo" */
402 case '1':
403 case '2':
404 case '3':
405 c = *filename++;
406 if (c < '0' || c > '7')
407 break;
408 c = *filename++;
409 if (c < '0' || c > '7')
410 break;
411 len += 4;
412 continue;
413 }
414 break;
415 }
416 return len;
417}
418
419/**
420 * tomoyo_fill_path_info - Fill in "struct tomoyo_path_info" members.
421 *
422 * @ptr: Pointer to "struct tomoyo_path_info" to fill in.
423 *
424 * The caller sets "struct tomoyo_path_info"->name.
425 */
426void tomoyo_fill_path_info(struct tomoyo_path_info *ptr)
427{
428 const char *name = ptr->name;
429 const int len = strlen(name);
430
431 ptr->total_len = len;
432 ptr->const_len = tomoyo_const_part_length(name);
433 ptr->is_dir = len && (name[len - 1] == '/');
434 ptr->is_patterned = (ptr->const_len < len);
435 ptr->hash = full_name_hash(name, len);
436 ptr->depth = tomoyo_path_depth(name);
437}
438
439/**
440 * tomoyo_file_matches_to_pattern2 - Pattern matching without '/' character
441 * and "\-" pattern.
442 *
443 * @filename: The start of string to check.
444 * @filename_end: The end of string to check.
445 * @pattern: The start of pattern to compare.
446 * @pattern_end: The end of pattern to compare.
447 *
448 * Returns true if @filename matches @pattern, false otherwise.
449 */
450static bool tomoyo_file_matches_to_pattern2(const char *filename,
451 const char *filename_end,
452 const char *pattern,
453 const char *pattern_end)
454{
455 while (filename < filename_end && pattern < pattern_end) {
456 char c;
457 if (*pattern != '\\') {
458 if (*filename++ != *pattern++)
459 return false;
460 continue;
461 }
462 c = *filename;
463 pattern++;
464 switch (*pattern) {
465 int i;
466 int j;
467 case '?':
468 if (c == '/') {
469 return false;
470 } else if (c == '\\') {
471 if (filename[1] == '\\')
472 filename++;
473 else if (tomoyo_is_byte_range(filename + 1))
474 filename += 3;
475 else
476 return false;
477 }
478 break;
479 case '\\':
480 if (c != '\\')
481 return false;
482 if (*++filename != '\\')
483 return false;
484 break;
485 case '+':
486 if (!isdigit(c))
487 return false;
488 break;
489 case 'x':
490 if (!isxdigit(c))
491 return false;
492 break;
493 case 'a':
494 if (!tomoyo_is_alphabet_char(c))
495 return false;
496 break;
497 case '0':
498 case '1':
499 case '2':
500 case '3':
501 if (c == '\\' && tomoyo_is_byte_range(filename + 1)
502 && strncmp(filename + 1, pattern, 3) == 0) {
503 filename += 3;
504 pattern += 2;
505 break;
506 }
507 return false; /* Not matched. */
508 case '*':
509 case '@':
510 for (i = 0; i <= filename_end - filename; i++) {
511 if (tomoyo_file_matches_to_pattern2(
512 filename + i, filename_end,
513 pattern + 1, pattern_end))
514 return true;
515 c = filename[i];
516 if (c == '.' && *pattern == '@')
517 break;
518 if (c != '\\')
519 continue;
520 if (filename[i + 1] == '\\')
521 i++;
522 else if (tomoyo_is_byte_range(filename + i + 1))
523 i += 3;
524 else
525 break; /* Bad pattern. */
526 }
527 return false; /* Not matched. */
528 default:
529 j = 0;
530 c = *pattern;
531 if (c == '$') {
532 while (isdigit(filename[j]))
533 j++;
534 } else if (c == 'X') {
535 while (isxdigit(filename[j]))
536 j++;
537 } else if (c == 'A') {
538 while (tomoyo_is_alphabet_char(filename[j]))
539 j++;
540 }
541 for (i = 1; i <= j; i++) {
542 if (tomoyo_file_matches_to_pattern2(
543 filename + i, filename_end,
544 pattern + 1, pattern_end))
545 return true;
546 }
547 return false; /* Not matched or bad pattern. */
548 }
549 filename++;
550 pattern++;
551 }
552 while (*pattern == '\\' &&
553 (*(pattern + 1) == '*' || *(pattern + 1) == '@'))
554 pattern += 2;
555 return filename == filename_end && pattern == pattern_end;
556}
557
558/**
559 * tomoyo_file_matches_to_pattern - Pattern matching without without '/' character.
560 *
561 * @filename: The start of string to check.
562 * @filename_end: The end of string to check.
563 * @pattern: The start of pattern to compare.
564 * @pattern_end: The end of pattern to compare.
565 *
566 * Returns true if @filename matches @pattern, false otherwise.
567 */
568static bool tomoyo_file_matches_to_pattern(const char *filename,
569 const char *filename_end,
570 const char *pattern,
571 const char *pattern_end)
572{
573 const char *pattern_start = pattern;
574 bool first = true;
575 bool result;
576
577 while (pattern < pattern_end - 1) {
578 /* Split at "\-" pattern. */
579 if (*pattern++ != '\\' || *pattern++ != '-')
580 continue;
581 result = tomoyo_file_matches_to_pattern2(filename,
582 filename_end,
583 pattern_start,
584 pattern - 2);
585 if (first)
586 result = !result;
587 if (result)
588 return false;
589 first = false;
590 pattern_start = pattern;
591 }
592 result = tomoyo_file_matches_to_pattern2(filename, filename_end,
593 pattern_start, pattern_end);
594 return first ? result : !result;
595}
596
597/**
598 * tomoyo_path_matches_pattern - Check whether the given filename matches the given pattern.
599 * @filename: The filename to check.
600 * @pattern: The pattern to compare.
601 *
602 * Returns true if matches, false otherwise.
603 *
604 * The following patterns are available.
605 * \\ \ itself.
606 * \ooo Octal representation of a byte.
607 * \* More than or equals to 0 character other than '/'.
608 * \@ More than or equals to 0 character other than '/' or '.'.
609 * \? 1 byte character other than '/'.
610 * \$ More than or equals to 1 decimal digit.
611 * \+ 1 decimal digit.
612 * \X More than or equals to 1 hexadecimal digit.
613 * \x 1 hexadecimal digit.
614 * \A More than or equals to 1 alphabet character.
615 * \a 1 alphabet character.
616 * \- Subtraction operator.
617 */
618bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
619 const struct tomoyo_path_info *pattern)
620{
621 /*
622 if (!filename || !pattern)
623 return false;
624 */
625 const char *f = filename->name;
626 const char *p = pattern->name;
627 const int len = pattern->const_len;
628
629 /* If @pattern doesn't contain pattern, I can use strcmp(). */
630 if (!pattern->is_patterned)
631 return !tomoyo_pathcmp(filename, pattern);
632 /* Dont compare if the number of '/' differs. */
633 if (filename->depth != pattern->depth)
634 return false;
635 /* Compare the initial length without patterns. */
636 if (strncmp(f, p, len))
637 return false;
638 f += len;
639 p += len;
640 /* Main loop. Compare each directory component. */
641 while (*f && *p) {
642 const char *f_delimiter = strchr(f, '/');
643 const char *p_delimiter = strchr(p, '/');
644 if (!f_delimiter)
645 f_delimiter = f + strlen(f);
646 if (!p_delimiter)
647 p_delimiter = p + strlen(p);
648 if (!tomoyo_file_matches_to_pattern(f, f_delimiter,
649 p, p_delimiter))
650 return false;
651 f = f_delimiter;
652 if (*f)
653 f++;
654 p = p_delimiter;
655 if (*p)
656 p++;
657 }
658 /* Ignore trailing "\*" and "\@" in @pattern. */
659 while (*p == '\\' &&
660 (*(p + 1) == '*' || *(p + 1) == '@'))
661 p += 2;
662 return !*f && !*p;
663}
664
665/**
666 * tomoyo_io_printf - Transactional printf() to "struct tomoyo_io_buffer" structure.
667 *
668 * @head: Pointer to "struct tomoyo_io_buffer".
669 * @fmt: The printf()'s format string, followed by parameters.
670 *
671 * Returns true if output was written, false otherwise.
672 *
673 * The snprintf() will truncate, but tomoyo_io_printf() won't.
674 */
675bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
676{
677 va_list args;
678 int len;
679 int pos = head->read_avail;
680 int size = head->readbuf_size - pos;
681
682 if (size <= 0)
683 return false;
684 va_start(args, fmt);
685 len = vsnprintf(head->read_buf + pos, size, fmt, args);
686 va_end(args);
687 if (pos + len >= head->readbuf_size)
688 return false;
689 head->read_avail += len;
690 return true;
691}
692
693/**
694 * tomoyo_get_exe - Get tomoyo_realpath() of current process.
695 *
696 * Returns the tomoyo_realpath() of current process on success, NULL otherwise.
697 *
698 * This function uses tomoyo_alloc(), so the caller must call tomoyo_free()
699 * if this function didn't return NULL.
700 */
701static const char *tomoyo_get_exe(void)
702{
703 struct mm_struct *mm = current->mm;
704 struct vm_area_struct *vma;
705 const char *cp = NULL;
706
707 if (!mm)
708 return NULL;
709 down_read(&mm->mmap_sem);
710 for (vma = mm->mmap; vma; vma = vma->vm_next) {
711 if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {
712 cp = tomoyo_realpath_from_path(&vma->vm_file->f_path);
713 break;
714 }
715 }
716 up_read(&mm->mmap_sem);
717 return cp;
718}
719
720/**
721 * tomoyo_get_msg - Get warning message.
722 *
723 * @is_enforce: Is it enforcing mode?
724 *
725 * Returns "ERROR" or "WARNING".
726 */
727const char *tomoyo_get_msg(const bool is_enforce)
728{
729 if (is_enforce)
730 return "ERROR";
731 else
732 return "WARNING";
733}
734
735/**
736 * tomoyo_check_flags - Check mode for specified functionality.
737 *
738 * @domain: Pointer to "struct tomoyo_domain_info".
739 * @index: The functionality to check mode.
740 *
741 * TOMOYO checks only process context.
742 * This code disables TOMOYO's enforcement in case the function is called from
743 * interrupt context.
744 */
745unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
746 const u8 index)
747{
748 const u8 profile = domain->profile;
749
750 if (WARN_ON(in_interrupt()))
751 return 0;
752 return tomoyo_policy_loaded && index < TOMOYO_MAX_CONTROL_INDEX
753#if TOMOYO_MAX_PROFILES != 256
754 && profile < TOMOYO_MAX_PROFILES
755#endif
756 && tomoyo_profile_ptr[profile] ?
757 tomoyo_profile_ptr[profile]->value[index] : 0;
758}
759
760/**
761 * tomoyo_verbose_mode - Check whether TOMOYO is verbose mode.
762 *
763 * @domain: Pointer to "struct tomoyo_domain_info".
764 *
765 * Returns true if domain policy violation warning should be printed to
766 * console.
767 */
768bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain)
769{
770 return tomoyo_check_flags(domain, TOMOYO_VERBOSE) != 0;
771}
772
773/**
774 * tomoyo_domain_quota_is_ok - Check for domain's quota.
775 *
776 * @domain: Pointer to "struct tomoyo_domain_info".
777 *
778 * Returns true if the domain is not exceeded quota, false otherwise.
779 */
780bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
781{
782 unsigned int count = 0;
783 struct tomoyo_acl_info *ptr;
784
785 if (!domain)
786 return true;
787 down_read(&tomoyo_domain_acl_info_list_lock);
788 list_for_each_entry(ptr, &domain->acl_info_list, list) {
789 if (ptr->type & TOMOYO_ACL_DELETED)
790 continue;
791 switch (tomoyo_acl_type2(ptr)) {
792 struct tomoyo_single_path_acl_record *acl1;
793 struct tomoyo_double_path_acl_record *acl2;
794 u16 perm;
795 case TOMOYO_TYPE_SINGLE_PATH_ACL:
796 acl1 = container_of(ptr,
797 struct tomoyo_single_path_acl_record,
798 head);
799 perm = acl1->perm;
800 if (perm & (1 << TOMOYO_TYPE_EXECUTE_ACL))
801 count++;
802 if (perm &
803 ((1 << TOMOYO_TYPE_READ_ACL) |
804 (1 << TOMOYO_TYPE_WRITE_ACL)))
805 count++;
806 if (perm & (1 << TOMOYO_TYPE_CREATE_ACL))
807 count++;
808 if (perm & (1 << TOMOYO_TYPE_UNLINK_ACL))
809 count++;
810 if (perm & (1 << TOMOYO_TYPE_MKDIR_ACL))
811 count++;
812 if (perm & (1 << TOMOYO_TYPE_RMDIR_ACL))
813 count++;
814 if (perm & (1 << TOMOYO_TYPE_MKFIFO_ACL))
815 count++;
816 if (perm & (1 << TOMOYO_TYPE_MKSOCK_ACL))
817 count++;
818 if (perm & (1 << TOMOYO_TYPE_MKBLOCK_ACL))
819 count++;
820 if (perm & (1 << TOMOYO_TYPE_MKCHAR_ACL))
821 count++;
822 if (perm & (1 << TOMOYO_TYPE_TRUNCATE_ACL))
823 count++;
824 if (perm & (1 << TOMOYO_TYPE_SYMLINK_ACL))
825 count++;
826 if (perm & (1 << TOMOYO_TYPE_REWRITE_ACL))
827 count++;
828 break;
829 case TOMOYO_TYPE_DOUBLE_PATH_ACL:
830 acl2 = container_of(ptr,
831 struct tomoyo_double_path_acl_record,
832 head);
833 perm = acl2->perm;
834 if (perm & (1 << TOMOYO_TYPE_LINK_ACL))
835 count++;
836 if (perm & (1 << TOMOYO_TYPE_RENAME_ACL))
837 count++;
838 break;
839 }
840 }
841 up_read(&tomoyo_domain_acl_info_list_lock);
842 if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY))
843 return true;
844 if (!domain->quota_warned) {
845 domain->quota_warned = true;
846 printk(KERN_WARNING "TOMOYO-WARNING: "
847 "Domain '%s' has so many ACLs to hold. "
848 "Stopped learning mode.\n", domain->domainname->name);
849 }
850 return false;
851}
852
853/**
854 * tomoyo_find_or_assign_new_profile - Create a new profile.
855 *
856 * @profile: Profile number to create.
857 *
858 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
859 */
860static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
861 int profile)
862{
863 static DEFINE_MUTEX(lock);
864 struct tomoyo_profile *ptr = NULL;
865 int i;
866
867 if (profile >= TOMOYO_MAX_PROFILES)
868 return NULL;
869 /***** EXCLUSIVE SECTION START *****/
870 mutex_lock(&lock);
871 ptr = tomoyo_profile_ptr[profile];
872 if (ptr)
873 goto ok;
874 ptr = tomoyo_alloc_element(sizeof(*ptr));
875 if (!ptr)
876 goto ok;
877 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++)
878 ptr->value[i] = tomoyo_control_array[i].current_value;
879 mb(); /* Avoid out-of-order execution. */
880 tomoyo_profile_ptr[profile] = ptr;
881 ok:
882 mutex_unlock(&lock);
883 /***** EXCLUSIVE SECTION END *****/
884 return ptr;
885}
886
887/**
888 * tomoyo_write_profile - Write to profile table.
889 *
890 * @head: Pointer to "struct tomoyo_io_buffer".
891 *
892 * Returns 0 on success, negative value otherwise.
893 */
894static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
895{
896 char *data = head->write_buf;
897 unsigned int i;
898 unsigned int value;
899 char *cp;
900 struct tomoyo_profile *profile;
901 unsigned long num;
902
903 cp = strchr(data, '-');
904 if (cp)
905 *cp = '\0';
906 if (strict_strtoul(data, 10, &num))
907 return -EINVAL;
908 if (cp)
909 data = cp + 1;
910 profile = tomoyo_find_or_assign_new_profile(num);
911 if (!profile)
912 return -EINVAL;
913 cp = strchr(data, '=');
914 if (!cp)
915 return -EINVAL;
916 *cp = '\0';
917 if (!strcmp(data, "COMMENT")) {
918 profile->comment = tomoyo_save_name(cp + 1);
919 return 0;
920 }
921 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) {
922 if (strcmp(data, tomoyo_control_array[i].keyword))
923 continue;
924 if (sscanf(cp + 1, "%u", &value) != 1) {
925 int j;
926 const char **modes;
927 switch (i) {
928 case TOMOYO_VERBOSE:
929 modes = tomoyo_mode_2;
930 break;
931 default:
932 modes = tomoyo_mode_4;
933 break;
934 }
935 for (j = 0; j < 4; j++) {
936 if (strcmp(cp + 1, modes[j]))
937 continue;
938 value = j;
939 break;
940 }
941 if (j == 4)
942 return -EINVAL;
943 } else if (value > tomoyo_control_array[i].max_value) {
944 value = tomoyo_control_array[i].max_value;
945 }
946 profile->value[i] = value;
947 return 0;
948 }
949 return -EINVAL;
950}
951
952/**
953 * tomoyo_read_profile - Read from profile table.
954 *
955 * @head: Pointer to "struct tomoyo_io_buffer".
956 *
957 * Returns 0.
958 */
959static int tomoyo_read_profile(struct tomoyo_io_buffer *head)
960{
961 static const int total = TOMOYO_MAX_CONTROL_INDEX + 1;
962 int step;
963
964 if (head->read_eof)
965 return 0;
966 for (step = head->read_step; step < TOMOYO_MAX_PROFILES * total;
967 step++) {
968 const u8 index = step / total;
969 u8 type = step % total;
970 const struct tomoyo_profile *profile
971 = tomoyo_profile_ptr[index];
972 head->read_step = step;
973 if (!profile)
974 continue;
975 if (!type) { /* Print profile' comment tag. */
976 if (!tomoyo_io_printf(head, "%u-COMMENT=%s\n",
977 index, profile->comment ?
978 profile->comment->name : ""))
979 break;
980 continue;
981 }
982 type--;
983 if (type < TOMOYO_MAX_CONTROL_INDEX) {
984 const unsigned int value = profile->value[type];
985 const char **modes = NULL;
986 const char *keyword
987 = tomoyo_control_array[type].keyword;
988 switch (tomoyo_control_array[type].max_value) {
989 case 3:
990 modes = tomoyo_mode_4;
991 break;
992 case 1:
993 modes = tomoyo_mode_2;
994 break;
995 }
996 if (modes) {
997 if (!tomoyo_io_printf(head, "%u-%s=%s\n", index,
998 keyword, modes[value]))
999 break;
1000 } else {
1001 if (!tomoyo_io_printf(head, "%u-%s=%u\n", index,
1002 keyword, value))
1003 break;
1004 }
1005 }
1006 }
1007 if (step == TOMOYO_MAX_PROFILES * total)
1008 head->read_eof = true;
1009 return 0;
1010}
1011
1012/* Structure for policy manager. */
1013struct tomoyo_policy_manager_entry {
1014 struct list_head list;
1015 /* A path to program or a domainname. */
1016 const struct tomoyo_path_info *manager;
1017 bool is_domain; /* True if manager is a domainname. */
1018 bool is_deleted; /* True if this entry is deleted. */
1019};
1020
1021/* The list for "struct tomoyo_policy_manager_entry". */
1022static LIST_HEAD(tomoyo_policy_manager_list);
1023static DECLARE_RWSEM(tomoyo_policy_manager_list_lock);
1024
1025/**
1026 * tomoyo_update_manager_entry - Add a manager entry.
1027 *
1028 * @manager: The path to manager or the domainnamme.
1029 * @is_delete: True if it is a delete request.
1030 *
1031 * Returns 0 on success, negative value otherwise.
1032 */
1033static int tomoyo_update_manager_entry(const char *manager,
1034 const bool is_delete)
1035{
1036 struct tomoyo_policy_manager_entry *new_entry;
1037 struct tomoyo_policy_manager_entry *ptr;
1038 const struct tomoyo_path_info *saved_manager;
1039 int error = -ENOMEM;
1040 bool is_domain = false;
1041
1042 if (tomoyo_is_domain_def(manager)) {
1043 if (!tomoyo_is_correct_domain(manager, __func__))
1044 return -EINVAL;
1045 is_domain = true;
1046 } else {
1047 if (!tomoyo_is_correct_path(manager, 1, -1, -1, __func__))
1048 return -EINVAL;
1049 }
1050 saved_manager = tomoyo_save_name(manager);
1051 if (!saved_manager)
1052 return -ENOMEM;
1053 /***** EXCLUSIVE SECTION START *****/
1054 down_write(&tomoyo_policy_manager_list_lock);
1055 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
1056 if (ptr->manager != saved_manager)
1057 continue;
1058 ptr->is_deleted = is_delete;
1059 error = 0;
1060 goto out;
1061 }
1062 if (is_delete) {
1063 error = -ENOENT;
1064 goto out;
1065 }
1066 new_entry = tomoyo_alloc_element(sizeof(*new_entry));
1067 if (!new_entry)
1068 goto out;
1069 new_entry->manager = saved_manager;
1070 new_entry->is_domain = is_domain;
1071 list_add_tail(&new_entry->list, &tomoyo_policy_manager_list);
1072 error = 0;
1073 out:
1074 up_write(&tomoyo_policy_manager_list_lock);
1075 /***** EXCLUSIVE SECTION END *****/
1076 return error;
1077}
1078
1079/**
1080 * tomoyo_write_manager_policy - Write manager policy.
1081 *
1082 * @head: Pointer to "struct tomoyo_io_buffer".
1083 *
1084 * Returns 0 on success, negative value otherwise.
1085 */
1086static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
1087{
1088 char *data = head->write_buf;
1089 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1090
1091 if (!strcmp(data, "manage_by_non_root")) {
1092 tomoyo_manage_by_non_root = !is_delete;
1093 return 0;
1094 }
1095 return tomoyo_update_manager_entry(data, is_delete);
1096}
1097
1098/**
1099 * tomoyo_read_manager_policy - Read manager policy.
1100 *
1101 * @head: Pointer to "struct tomoyo_io_buffer".
1102 *
1103 * Returns 0.
1104 */
1105static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
1106{
1107 struct list_head *pos;
1108 bool done = true;
1109
1110 if (head->read_eof)
1111 return 0;
1112 down_read(&tomoyo_policy_manager_list_lock);
1113 list_for_each_cookie(pos, head->read_var2,
1114 &tomoyo_policy_manager_list) {
1115 struct tomoyo_policy_manager_entry *ptr;
1116 ptr = list_entry(pos, struct tomoyo_policy_manager_entry,
1117 list);
1118 if (ptr->is_deleted)
1119 continue;
1120 if (!tomoyo_io_printf(head, "%s\n", ptr->manager->name)) {
1121 done = false;
1122 break;
1123 }
1124 }
1125 up_read(&tomoyo_policy_manager_list_lock);
1126 head->read_eof = done;
1127 return 0;
1128}
1129
1130/**
1131 * tomoyo_is_policy_manager - Check whether the current process is a policy manager.
1132 *
1133 * Returns true if the current process is permitted to modify policy
1134 * via /sys/kernel/security/tomoyo/ interface.
1135 */
1136static bool tomoyo_is_policy_manager(void)
1137{
1138 struct tomoyo_policy_manager_entry *ptr;
1139 const char *exe;
1140 const struct task_struct *task = current;
1141 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
1142 bool found = false;
1143
1144 if (!tomoyo_policy_loaded)
1145 return true;
1146 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
1147 return false;
1148 down_read(&tomoyo_policy_manager_list_lock);
1149 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
1150 if (!ptr->is_deleted && ptr->is_domain
1151 && !tomoyo_pathcmp(domainname, ptr->manager)) {
1152 found = true;
1153 break;
1154 }
1155 }
1156 up_read(&tomoyo_policy_manager_list_lock);
1157 if (found)
1158 return true;
1159 exe = tomoyo_get_exe();
1160 if (!exe)
1161 return false;
1162 down_read(&tomoyo_policy_manager_list_lock);
1163 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
1164 if (!ptr->is_deleted && !ptr->is_domain
1165 && !strcmp(exe, ptr->manager->name)) {
1166 found = true;
1167 break;
1168 }
1169 }
1170 up_read(&tomoyo_policy_manager_list_lock);
1171 if (!found) { /* Reduce error messages. */
1172 static pid_t last_pid;
1173 const pid_t pid = current->pid;
1174 if (last_pid != pid) {
1175 printk(KERN_WARNING "%s ( %s ) is not permitted to "
1176 "update policies.\n", domainname->name, exe);
1177 last_pid = pid;
1178 }
1179 }
1180 tomoyo_free(exe);
1181 return found;
1182}
1183
1184/**
1185 * tomoyo_is_select_one - Parse select command.
1186 *
1187 * @head: Pointer to "struct tomoyo_io_buffer".
1188 * @data: String to parse.
1189 *
1190 * Returns true on success, false otherwise.
1191 */
1192static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
1193 const char *data)
1194{
1195 unsigned int pid;
1196 struct tomoyo_domain_info *domain = NULL;
1197
1198 if (sscanf(data, "pid=%u", &pid) == 1) {
1199 struct task_struct *p;
1200 /***** CRITICAL SECTION START *****/
1201 read_lock(&tasklist_lock);
1202 p = find_task_by_vpid(pid);
1203 if (p)
1204 domain = tomoyo_real_domain(p);
1205 read_unlock(&tasklist_lock);
1206 /***** CRITICAL SECTION END *****/
1207 } else if (!strncmp(data, "domain=", 7)) {
1208 if (tomoyo_is_domain_def(data + 7)) {
1209 down_read(&tomoyo_domain_list_lock);
1210 domain = tomoyo_find_domain(data + 7);
1211 up_read(&tomoyo_domain_list_lock);
1212 }
1213 } else
1214 return false;
1215 head->write_var1 = domain;
1216 /* Accessing read_buf is safe because head->io_sem is held. */
1217 if (!head->read_buf)
1218 return true; /* Do nothing if open(O_WRONLY). */
1219 head->read_avail = 0;
1220 tomoyo_io_printf(head, "# select %s\n", data);
1221 head->read_single_domain = true;
1222 head->read_eof = !domain;
1223 if (domain) {
1224 struct tomoyo_domain_info *d;
1225 head->read_var1 = NULL;
1226 down_read(&tomoyo_domain_list_lock);
1227 list_for_each_entry(d, &tomoyo_domain_list, list) {
1228 if (d == domain)
1229 break;
1230 head->read_var1 = &d->list;
1231 }
1232 up_read(&tomoyo_domain_list_lock);
1233 head->read_var2 = NULL;
1234 head->read_bit = 0;
1235 head->read_step = 0;
1236 if (domain->is_deleted)
1237 tomoyo_io_printf(head, "# This is a deleted domain.\n");
1238 }
1239 return true;
1240}
1241
1242/**
1243 * tomoyo_write_domain_policy - Write domain policy.
1244 *
1245 * @head: Pointer to "struct tomoyo_io_buffer".
1246 *
1247 * Returns 0 on success, negative value otherwise.
1248 */
1249static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
1250{
1251 char *data = head->write_buf;
1252 struct tomoyo_domain_info *domain = head->write_var1;
1253 bool is_delete = false;
1254 bool is_select = false;
Kentaro Takeda95908372009-02-05 17:18:13 +0900[diff] [blame]1255 unsigned int profile;
1256
1257 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
1258 is_delete = true;
1259 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
1260 is_select = true;
Kentaro Takeda95908372009-02-05 17:18:13 +0900[diff] [blame]1261 if (is_select && tomoyo_is_select_one(head, data))
1262 return 0;
1263 /* Don't allow updating policies by non manager programs. */
1264 if (!tomoyo_is_policy_manager())
1265 return -EPERM;
1266 if (tomoyo_is_domain_def(data)) {
1267 domain = NULL;
1268 if (is_delete)
1269 tomoyo_delete_domain(data);
1270 else if (is_select) {
1271 down_read(&tomoyo_domain_list_lock);
1272 domain = tomoyo_find_domain(data);
1273 up_read(&tomoyo_domain_list_lock);
Tetsuo Handaa0558fc2009-04-06 20:49:14 +0900[diff] [blame]1274 } else
Kentaro Takeda95908372009-02-05 17:18:13 +0900[diff] [blame]1275 domain = tomoyo_find_or_assign_new_domain(data, 0);
1276 head->write_var1 = domain;
1277 return 0;
1278 }
1279 if (!domain)
1280 return -EINVAL;
1281
1282 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1
1283 && profile < TOMOYO_MAX_PROFILES) {
1284 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)
1285 domain->profile = (u8) profile;
1286 return 0;
1287 }
1288 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
1289 tomoyo_set_domain_flag(domain, is_delete,
1290 TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ);
1291 return 0;
1292 }
1293 return tomoyo_write_file_policy(data, domain, is_delete);
1294}
1295
1296/**
1297 * tomoyo_print_single_path_acl - Print a single path ACL entry.
1298 *
1299 * @head: Pointer to "struct tomoyo_io_buffer".
1300 * @ptr: Pointer to "struct tomoyo_single_path_acl_record".
1301 *
1302 * Returns true on success, false otherwise.
1303 */
1304static bool tomoyo_print_single_path_acl(struct tomoyo_io_buffer *head,
1305 struct tomoyo_single_path_acl_record *
1306 ptr)
1307{
1308 int pos;
1309 u8 bit;
1310 const char *atmark = "";
1311 const char *filename;
1312 const u16 perm = ptr->perm;
1313
1314 filename = ptr->filename->name;
1315 for (bit = head->read_bit; bit < TOMOYO_MAX_SINGLE_PATH_OPERATION;
1316 bit++) {
1317 const char *msg;
1318 if (!(perm & (1 << bit)))
1319 continue;
1320 /* Print "read/write" instead of "read" and "write". */
1321 if ((bit == TOMOYO_TYPE_READ_ACL ||
1322 bit == TOMOYO_TYPE_WRITE_ACL)
1323 && (perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL)))
1324 continue;
1325 msg = tomoyo_sp2keyword(bit);
1326 pos = head->read_avail;
1327 if (!tomoyo_io_printf(head, "allow_%s %s%s\n", msg,
1328 atmark, filename))
1329 goto out;
1330 }
1331 head->read_bit = 0;
1332 return true;
1333 out:
1334 head->read_bit = bit;
1335 head->read_avail = pos;
1336 return false;
1337}
1338
1339/**
1340 * tomoyo_print_double_path_acl - Print a double path ACL entry.
1341 *
1342 * @head: Pointer to "struct tomoyo_io_buffer".
1343 * @ptr: Pointer to "struct tomoyo_double_path_acl_record".
1344 *
1345 * Returns true on success, false otherwise.
1346 */
1347static bool tomoyo_print_double_path_acl(struct tomoyo_io_buffer *head,
1348 struct tomoyo_double_path_acl_record *
1349 ptr)
1350{
1351 int pos;
1352 const char *atmark1 = "";
1353 const char *atmark2 = "";
1354 const char *filename1;
1355 const char *filename2;
1356 const u8 perm = ptr->perm;
1357 u8 bit;
1358
1359 filename1 = ptr->filename1->name;
1360 filename2 = ptr->filename2->name;
1361 for (bit = head->read_bit; bit < TOMOYO_MAX_DOUBLE_PATH_OPERATION;
1362 bit++) {
1363 const char *msg;
1364 if (!(perm & (1 << bit)))
1365 continue;
1366 msg = tomoyo_dp2keyword(bit);
1367 pos = head->read_avail;
1368 if (!tomoyo_io_printf(head, "allow_%s %s%s %s%s\n", msg,
1369 atmark1, filename1, atmark2, filename2))
1370 goto out;
1371 }
1372 head->read_bit = 0;
1373 return true;
1374 out:
1375 head->read_bit = bit;
1376 head->read_avail = pos;
1377 return false;
1378}
1379
1380/**
1381 * tomoyo_print_entry - Print an ACL entry.
1382 *
1383 * @head: Pointer to "struct tomoyo_io_buffer".
1384 * @ptr: Pointer to an ACL entry.
1385 *
1386 * Returns true on success, false otherwise.
1387 */
1388static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
1389 struct tomoyo_acl_info *ptr)
1390{
1391 const u8 acl_type = tomoyo_acl_type2(ptr);
1392
1393 if (acl_type & TOMOYO_ACL_DELETED)
1394 return true;
1395 if (acl_type == TOMOYO_TYPE_SINGLE_PATH_ACL) {
1396 struct tomoyo_single_path_acl_record *acl
1397 = container_of(ptr,
1398 struct tomoyo_single_path_acl_record,
1399 head);
1400 return tomoyo_print_single_path_acl(head, acl);
1401 }
1402 if (acl_type == TOMOYO_TYPE_DOUBLE_PATH_ACL) {
1403 struct tomoyo_double_path_acl_record *acl
1404 = container_of(ptr,
1405 struct tomoyo_double_path_acl_record,
1406 head);
1407 return tomoyo_print_double_path_acl(head, acl);
1408 }
1409 BUG(); /* This must not happen. */
1410 return false;
1411}
1412
1413/**
1414 * tomoyo_read_domain_policy - Read domain policy.
1415 *
1416 * @head: Pointer to "struct tomoyo_io_buffer".
1417 *
1418 * Returns 0.
1419 */
1420static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head)
1421{
1422 struct list_head *dpos;
1423 struct list_head *apos;
1424 bool done = true;
1425
1426 if (head->read_eof)
1427 return 0;
1428 if (head->read_step == 0)
1429 head->read_step = 1;
1430 down_read(&tomoyo_domain_list_lock);
1431 list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) {
1432 struct tomoyo_domain_info *domain;
1433 const char *quota_exceeded = "";
1434 const char *transition_failed = "";
1435 const char *ignore_global_allow_read = "";
1436 domain = list_entry(dpos, struct tomoyo_domain_info, list);
1437 if (head->read_step != 1)
1438 goto acl_loop;
1439 if (domain->is_deleted && !head->read_single_domain)
1440 continue;
1441 /* Print domainname and flags. */
1442 if (domain->quota_warned)
1443 quota_exceeded = "quota_exceeded\n";
1444 if (domain->flags & TOMOYO_DOMAIN_FLAGS_TRANSITION_FAILED)
1445 transition_failed = "transition_failed\n";
1446 if (domain->flags &
1447 TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ)
1448 ignore_global_allow_read
1449 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n";
1450 if (!tomoyo_io_printf(head,
1451 "%s\n" TOMOYO_KEYWORD_USE_PROFILE "%u\n"
1452 "%s%s%s\n", domain->domainname->name,
1453 domain->profile, quota_exceeded,
1454 transition_failed,
1455 ignore_global_allow_read)) {
1456 done = false;
1457 break;
1458 }
1459 head->read_step = 2;
1460acl_loop:
1461 if (head->read_step == 3)
1462 goto tail_mark;
1463 /* Print ACL entries in the domain. */
1464 down_read(&tomoyo_domain_acl_info_list_lock);
1465 list_for_each_cookie(apos, head->read_var2,
1466 &domain->acl_info_list) {
1467 struct tomoyo_acl_info *ptr
1468 = list_entry(apos, struct tomoyo_acl_info,
1469 list);
1470 if (!tomoyo_print_entry(head, ptr)) {
1471 done = false;
1472 break;
1473 }
1474 }
1475 up_read(&tomoyo_domain_acl_info_list_lock);
1476 if (!done)
1477 break;
1478 head->read_step = 3;
1479tail_mark:
1480 if (!tomoyo_io_printf(head, "\n")) {
1481 done = false;
1482 break;
1483 }
1484 head->read_step = 1;
1485 if (head->read_single_domain)
1486 break;
1487 }
1488 up_read(&tomoyo_domain_list_lock);
1489 head->read_eof = done;
1490 return 0;
1491}
1492
1493/**
1494 * tomoyo_write_domain_profile - Assign profile for specified domain.
1495 *
1496 * @head: Pointer to "struct tomoyo_io_buffer".
1497 *
1498 * Returns 0 on success, -EINVAL otherwise.
1499 *
1500 * This is equivalent to doing
1501 *
1502 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1503 * /usr/lib/ccs/loadpolicy -d
1504 */
1505static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1506{
1507 char *data = head->write_buf;
1508 char *cp = strchr(data, ' ');
1509 struct tomoyo_domain_info *domain;
1510 unsigned long profile;
1511
1512 if (!cp)
1513 return -EINVAL;
1514 *cp = '\0';
1515 down_read(&tomoyo_domain_list_lock);
1516 domain = tomoyo_find_domain(cp + 1);
1517 up_read(&tomoyo_domain_list_lock);
1518 if (strict_strtoul(data, 10, &profile))
1519 return -EINVAL;
1520 if (domain && profile < TOMOYO_MAX_PROFILES
1521 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded))
1522 domain->profile = (u8) profile;
1523 return 0;
1524}
1525
1526/**
1527 * tomoyo_read_domain_profile - Read only domainname and profile.
1528 *
1529 * @head: Pointer to "struct tomoyo_io_buffer".
1530 *
1531 * Returns list of profile number and domainname pairs.
1532 *
1533 * This is equivalent to doing
1534 *
1535 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1536 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1537 * domainname = $0; } else if ( $1 == "use_profile" ) {
1538 * print $2 " " domainname; domainname = ""; } } ; '
1539 */
1540static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1541{
1542 struct list_head *pos;
1543 bool done = true;
1544
1545 if (head->read_eof)
1546 return 0;
1547 down_read(&tomoyo_domain_list_lock);
1548 list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) {
1549 struct tomoyo_domain_info *domain;
1550 domain = list_entry(pos, struct tomoyo_domain_info, list);
1551 if (domain->is_deleted)
1552 continue;
1553 if (!tomoyo_io_printf(head, "%u %s\n", domain->profile,
1554 domain->domainname->name)) {
1555 done = false;
1556 break;
1557 }
1558 }
1559 up_read(&tomoyo_domain_list_lock);
1560 head->read_eof = done;
1561 return 0;
1562}
1563
1564/**
1565 * tomoyo_write_pid: Specify PID to obtain domainname.
1566 *
1567 * @head: Pointer to "struct tomoyo_io_buffer".
1568 *
1569 * Returns 0.
1570 */
1571static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1572{
1573 unsigned long pid;
1574 /* No error check. */
1575 strict_strtoul(head->write_buf, 10, &pid);
1576 head->read_step = (int) pid;
1577 head->read_eof = false;
1578 return 0;
1579}
1580
1581/**
1582 * tomoyo_read_pid - Get domainname of the specified PID.
1583 *
1584 * @head: Pointer to "struct tomoyo_io_buffer".
1585 *
1586 * Returns the domainname which the specified PID is in on success,
1587 * empty string otherwise.
1588 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1589 * using read()/write() interface rather than sysctl() interface.
1590 */
1591static int tomoyo_read_pid(struct tomoyo_io_buffer *head)
1592{
1593 if (head->read_avail == 0 && !head->read_eof) {
1594 const int pid = head->read_step;
1595 struct task_struct *p;
1596 struct tomoyo_domain_info *domain = NULL;
1597 /***** CRITICAL SECTION START *****/
1598 read_lock(&tasklist_lock);
1599 p = find_task_by_vpid(pid);
1600 if (p)
1601 domain = tomoyo_real_domain(p);
1602 read_unlock(&tasklist_lock);
1603 /***** CRITICAL SECTION END *****/
1604 if (domain)
1605 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile,
1606 domain->domainname->name);
1607 head->read_eof = true;
1608 }
1609 return 0;
1610}
1611
1612/**
1613 * tomoyo_write_exception_policy - Write exception policy.
1614 *
1615 * @head: Pointer to "struct tomoyo_io_buffer".
1616 *
1617 * Returns 0 on success, negative value otherwise.
1618 */
1619static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
1620{
1621 char *data = head->write_buf;
1622 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1623
1624 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_KEEP_DOMAIN))
1625 return tomoyo_write_domain_keeper_policy(data, false,
1626 is_delete);
1627 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_KEEP_DOMAIN))
1628 return tomoyo_write_domain_keeper_policy(data, true, is_delete);
1629 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_INITIALIZE_DOMAIN))
1630 return tomoyo_write_domain_initializer_policy(data, false,
1631 is_delete);
1632 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN))
1633 return tomoyo_write_domain_initializer_policy(data, true,
1634 is_delete);
1635 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS))
1636 return tomoyo_write_alias_policy(data, is_delete);
1637 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ))
1638 return tomoyo_write_globally_readable_policy(data, is_delete);
1639 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN))
1640 return tomoyo_write_pattern_policy(data, is_delete);
1641 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE))
1642 return tomoyo_write_no_rewrite_policy(data, is_delete);
1643 return -EINVAL;
1644}
1645
1646/**
1647 * tomoyo_read_exception_policy - Read exception policy.
1648 *
1649 * @head: Pointer to "struct tomoyo_io_buffer".
1650 *
1651 * Returns 0 on success, -EINVAL otherwise.
1652 */
1653static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head)
1654{
1655 if (!head->read_eof) {
1656 switch (head->read_step) {
1657 case 0:
1658 head->read_var2 = NULL;
1659 head->read_step = 1;
1660 case 1:
1661 if (!tomoyo_read_domain_keeper_policy(head))
1662 break;
1663 head->read_var2 = NULL;
1664 head->read_step = 2;
1665 case 2:
1666 if (!tomoyo_read_globally_readable_policy(head))
1667 break;
1668 head->read_var2 = NULL;
1669 head->read_step = 3;
1670 case 3:
1671 head->read_var2 = NULL;
1672 head->read_step = 4;
1673 case 4:
1674 if (!tomoyo_read_domain_initializer_policy(head))
1675 break;
1676 head->read_var2 = NULL;
1677 head->read_step = 5;
1678 case 5:
1679 if (!tomoyo_read_alias_policy(head))
1680 break;
1681 head->read_var2 = NULL;
1682 head->read_step = 6;
1683 case 6:
1684 head->read_var2 = NULL;
1685 head->read_step = 7;
1686 case 7:
1687 if (!tomoyo_read_file_pattern(head))
1688 break;
1689 head->read_var2 = NULL;
1690 head->read_step = 8;
1691 case 8:
1692 if (!tomoyo_read_no_rewrite_policy(head))
1693 break;
1694 head->read_var2 = NULL;
1695 head->read_step = 9;
1696 case 9:
1697 head->read_eof = true;
1698 break;
1699 default:
1700 return -EINVAL;
1701 }
1702 }
1703 return 0;
1704}
1705
1706/* path to policy loader */
1707static const char *tomoyo_loader = "/sbin/tomoyo-init";
1708
1709/**
1710 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
1711 *
1712 * Returns true if /sbin/tomoyo-init exists, false otherwise.
1713 */
1714static bool tomoyo_policy_loader_exists(void)
1715{
1716 /*
1717 * Don't activate MAC if the policy loader doesn't exist.
1718 * If the initrd includes /sbin/init but real-root-dev has not
1719 * mounted on / yet, activating MAC will block the system since
1720 * policies are not loaded yet.
1721 * Thus, let do_execve() call this function everytime.
1722 */
Al Viroe24977d2009-04-02 21:17:03 -0400[diff] [blame]1723 struct path path;
Kentaro Takeda95908372009-02-05 17:18:13 +0900[diff] [blame]1724
Al Viroe24977d2009-04-02 21:17:03 -0400[diff] [blame]1725 if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
Kentaro Takeda95908372009-02-05 17:18:13 +0900[diff] [blame]1726 printk(KERN_INFO "Not activating Mandatory Access Control now "
1727 "since %s doesn't exist.\n", tomoyo_loader);
1728 return false;
1729 }
Al Viroe24977d2009-04-02 21:17:03 -0400[diff] [blame]1730 path_put(&path);
Kentaro Takeda95908372009-02-05 17:18:13 +0900[diff] [blame]1731 return true;
1732}
1733
1734/**
1735 * tomoyo_load_policy - Run external policy loader to load policy.
1736 *
1737 * @filename: The program about to start.
1738 *
1739 * This function checks whether @filename is /sbin/init , and if so
1740 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
1741 * and then continues invocation of /sbin/init.
1742 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
1743 * writes to /sys/kernel/security/tomoyo/ interfaces.
1744 *
1745 * Returns nothing.
1746 */
1747void tomoyo_load_policy(const char *filename)
1748{
1749 char *argv[2];
1750 char *envp[3];
1751
1752 if (tomoyo_policy_loaded)
1753 return;
1754 /*
1755 * Check filename is /sbin/init or /sbin/tomoyo-start.
1756 * /sbin/tomoyo-start is a dummy filename in case where /sbin/init can't
1757 * be passed.
1758 * You can create /sbin/tomoyo-start by
1759 * "ln -s /bin/true /sbin/tomoyo-start".
1760 */
1761 if (strcmp(filename, "/sbin/init") &&
1762 strcmp(filename, "/sbin/tomoyo-start"))
1763 return;
1764 if (!tomoyo_policy_loader_exists())
1765 return;
1766
1767 printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
1768 tomoyo_loader);
1769 argv[0] = (char *) tomoyo_loader;
1770 argv[1] = NULL;
1771 envp[0] = "HOME=/";
1772 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
1773 envp[2] = NULL;
1774 call_usermodehelper(argv[0], argv, envp, 1);
1775
Tetsuo Handa39826a12009-04-08 22:31:28 +0900[diff] [blame]1776 printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n");
Kentaro Takeda95908372009-02-05 17:18:13 +0900[diff] [blame]1777 printk(KERN_INFO "Mandatory Access Control activated.\n");
1778 tomoyo_policy_loaded = true;
1779 { /* Check all profiles currently assigned to domains are defined. */
1780 struct tomoyo_domain_info *domain;
1781 down_read(&tomoyo_domain_list_lock);
1782 list_for_each_entry(domain, &tomoyo_domain_list, list) {
1783 const u8 profile = domain->profile;
1784 if (tomoyo_profile_ptr[profile])
1785 continue;
1786 panic("Profile %u (used by '%s') not defined.\n",
1787 profile, domain->domainname->name);
1788 }
1789 up_read(&tomoyo_domain_list_lock);
1790 }
1791}
1792
1793/**
1794 * tomoyo_read_version: Get version.
1795 *
1796 * @head: Pointer to "struct tomoyo_io_buffer".
1797 *
1798 * Returns version information.
1799 */
1800static int tomoyo_read_version(struct tomoyo_io_buffer *head)
1801{
1802 if (!head->read_eof) {
Tetsuo Handa39826a12009-04-08 22:31:28 +0900[diff] [blame]1803 tomoyo_io_printf(head, "2.2.0");
Kentaro Takeda95908372009-02-05 17:18:13 +0900[diff] [blame]1804 head->read_eof = true;
1805 }
1806 return 0;
1807}
1808
1809/**
1810 * tomoyo_read_self_domain - Get the current process's domainname.
1811 *
1812 * @head: Pointer to "struct tomoyo_io_buffer".
1813 *
1814 * Returns the current process's domainname.
1815 */
1816static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1817{
1818 if (!head->read_eof) {
1819 /*
1820 * tomoyo_domain()->domainname != NULL
1821 * because every process belongs to a domain and
1822 * the domain's name cannot be NULL.
1823 */
1824 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1825 head->read_eof = true;
1826 }
1827 return 0;
1828}
1829
1830/**
1831 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1832 *
1833 * @type: Type of interface.
1834 * @file: Pointer to "struct file".
1835 *
1836 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
1837 */
1838static int tomoyo_open_control(const u8 type, struct file *file)
1839{
1840 struct tomoyo_io_buffer *head = tomoyo_alloc(sizeof(*head));
1841
1842 if (!head)
1843 return -ENOMEM;
1844 mutex_init(&head->io_sem);
1845 switch (type) {
1846 case TOMOYO_DOMAINPOLICY:
1847 /* /sys/kernel/security/tomoyo/domain_policy */
1848 head->write = tomoyo_write_domain_policy;
1849 head->read = tomoyo_read_domain_policy;
1850 break;
1851 case TOMOYO_EXCEPTIONPOLICY:
1852 /* /sys/kernel/security/tomoyo/exception_policy */
1853 head->write = tomoyo_write_exception_policy;
1854 head->read = tomoyo_read_exception_policy;
1855 break;
1856 case TOMOYO_SELFDOMAIN:
1857 /* /sys/kernel/security/tomoyo/self_domain */
1858 head->read = tomoyo_read_self_domain;
1859 break;
1860 case TOMOYO_DOMAIN_STATUS:
1861 /* /sys/kernel/security/tomoyo/.domain_status */
1862 head->write = tomoyo_write_domain_profile;
1863 head->read = tomoyo_read_domain_profile;
1864 break;
1865 case TOMOYO_PROCESS_STATUS:
1866 /* /sys/kernel/security/tomoyo/.process_status */
1867 head->write = tomoyo_write_pid;
1868 head->read = tomoyo_read_pid;
1869 break;
1870 case TOMOYO_VERSION:
1871 /* /sys/kernel/security/tomoyo/version */
1872 head->read = tomoyo_read_version;
1873 head->readbuf_size = 128;
1874 break;
1875 case TOMOYO_MEMINFO:
1876 /* /sys/kernel/security/tomoyo/meminfo */
1877 head->write = tomoyo_write_memory_quota;
1878 head->read = tomoyo_read_memory_counter;
1879 head->readbuf_size = 512;
1880 break;
1881 case TOMOYO_PROFILE:
1882 /* /sys/kernel/security/tomoyo/profile */
1883 head->write = tomoyo_write_profile;
1884 head->read = tomoyo_read_profile;
1885 break;
1886 case TOMOYO_MANAGER:
1887 /* /sys/kernel/security/tomoyo/manager */
1888 head->write = tomoyo_write_manager_policy;
1889 head->read = tomoyo_read_manager_policy;
1890 break;
1891 }
1892 if (!(file->f_mode & FMODE_READ)) {
1893 /*
1894 * No need to allocate read_buf since it is not opened
1895 * for reading.
1896 */
1897 head->read = NULL;
1898 } else {
1899 if (!head->readbuf_size)
1900 head->readbuf_size = 4096 * 2;
1901 head->read_buf = tomoyo_alloc(head->readbuf_size);
1902 if (!head->read_buf) {
1903 tomoyo_free(head);
1904 return -ENOMEM;
1905 }
1906 }
1907 if (!(file->f_mode & FMODE_WRITE)) {
1908 /*
1909 * No need to allocate write_buf since it is not opened
1910 * for writing.
1911 */
1912 head->write = NULL;
1913 } else if (head->write) {
1914 head->writebuf_size = 4096 * 2;
1915 head->write_buf = tomoyo_alloc(head->writebuf_size);
1916 if (!head->write_buf) {
1917 tomoyo_free(head->read_buf);
1918 tomoyo_free(head);
1919 return -ENOMEM;
1920 }
1921 }
1922 file->private_data = head;
1923 /*
1924 * Call the handler now if the file is
1925 * /sys/kernel/security/tomoyo/self_domain
1926 * so that the user can use
1927 * cat < /sys/kernel/security/tomoyo/self_domain"
1928 * to know the current process's domainname.
1929 */
1930 if (type == TOMOYO_SELFDOMAIN)
1931 tomoyo_read_control(file, NULL, 0);
1932 return 0;
1933}
1934
1935/**
1936 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
1937 *
1938 * @file: Pointer to "struct file".
1939 * @buffer: Poiner to buffer to write to.
1940 * @buffer_len: Size of @buffer.
1941 *
1942 * Returns bytes read on success, negative value otherwise.
1943 */
1944static int tomoyo_read_control(struct file *file, char __user *buffer,
1945 const int buffer_len)
1946{
1947 int len = 0;
1948 struct tomoyo_io_buffer *head = file->private_data;
1949 char *cp;
1950
1951 if (!head->read)
1952 return -ENOSYS;
1953 if (mutex_lock_interruptible(&head->io_sem))
1954 return -EINTR;
1955 /* Call the policy handler. */
1956 len = head->read(head);
1957 if (len < 0)
1958 goto out;
1959 /* Write to buffer. */
1960 len = head->read_avail;
1961 if (len > buffer_len)
1962 len = buffer_len;
1963 if (!len)
1964 goto out;
1965 /* head->read_buf changes by some functions. */
1966 cp = head->read_buf;
1967 if (copy_to_user(buffer, cp, len)) {
1968 len = -EFAULT;
1969 goto out;
1970 }
1971 head->read_avail -= len;
1972 memmove(cp, cp + len, head->read_avail);
1973 out:
1974 mutex_unlock(&head->io_sem);
1975 return len;
1976}
1977
1978/**
1979 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
1980 *
1981 * @file: Pointer to "struct file".
1982 * @buffer: Pointer to buffer to read from.
1983 * @buffer_len: Size of @buffer.
1984 *
1985 * Returns @buffer_len on success, negative value otherwise.
1986 */
1987static int tomoyo_write_control(struct file *file, const char __user *buffer,
1988 const int buffer_len)
1989{
1990 struct tomoyo_io_buffer *head = file->private_data;
1991 int error = buffer_len;
1992 int avail_len = buffer_len;
1993 char *cp0 = head->write_buf;
1994
1995 if (!head->write)
1996 return -ENOSYS;
1997 if (!access_ok(VERIFY_READ, buffer, buffer_len))
1998 return -EFAULT;
1999 /* Don't allow updating policies by non manager programs. */
2000 if (head->write != tomoyo_write_pid &&
2001 head->write != tomoyo_write_domain_policy &&
2002 !tomoyo_is_policy_manager())
2003 return -EPERM;
2004 if (mutex_lock_interruptible(&head->io_sem))
2005 return -EINTR;
2006 /* Read a line and dispatch it to the policy handler. */
2007 while (avail_len > 0) {
2008 char c;
2009 if (head->write_avail >= head->writebuf_size - 1) {
2010 error = -ENOMEM;
2011 break;
2012 } else if (get_user(c, buffer)) {
2013 error = -EFAULT;
2014 break;
2015 }
2016 buffer++;
2017 avail_len--;
2018 cp0[head->write_avail++] = c;
2019 if (c != '\n')
2020 continue;
2021 cp0[head->write_avail - 1] = '\0';
2022 head->write_avail = 0;
2023 tomoyo_normalize_line(cp0);
2024 head->write(head);
2025 }
2026 mutex_unlock(&head->io_sem);
2027 return error;
2028}
2029
2030/**
2031 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
2032 *
2033 * @file: Pointer to "struct file".
2034 *
2035 * Releases memory and returns 0.
2036 */
2037static int tomoyo_close_control(struct file *file)
2038{
2039 struct tomoyo_io_buffer *head = file->private_data;
2040
2041 /* Release memory used for policy I/O. */
2042 tomoyo_free(head->read_buf);
2043 head->read_buf = NULL;
2044 tomoyo_free(head->write_buf);
2045 head->write_buf = NULL;
2046 tomoyo_free(head);
2047 head = NULL;
2048 file->private_data = NULL;
2049 return 0;
2050}
2051
2052/**
2053 * tomoyo_alloc_acl_element - Allocate permanent memory for ACL entry.
2054 *
2055 * @acl_type: Type of ACL entry.
2056 *
2057 * Returns pointer to the ACL entry on success, NULL otherwise.
2058 */
2059void *tomoyo_alloc_acl_element(const u8 acl_type)
2060{
2061 int len;
2062 struct tomoyo_acl_info *ptr;
2063
2064 switch (acl_type) {
2065 case TOMOYO_TYPE_SINGLE_PATH_ACL:
2066 len = sizeof(struct tomoyo_single_path_acl_record);
2067 break;
2068 case TOMOYO_TYPE_DOUBLE_PATH_ACL:
2069 len = sizeof(struct tomoyo_double_path_acl_record);
2070 break;
2071 default:
2072 return NULL;
2073 }
2074 ptr = tomoyo_alloc_element(len);
2075 if (!ptr)
2076 return NULL;
2077 ptr->type = acl_type;
2078 return ptr;
2079}
2080
2081/**
2082 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
2083 *
2084 * @inode: Pointer to "struct inode".
2085 * @file: Pointer to "struct file".
2086 *
2087 * Returns 0 on success, negative value otherwise.
2088 */
2089static int tomoyo_open(struct inode *inode, struct file *file)
2090{
2091 const int key = ((u8 *) file->f_path.dentry->d_inode->i_private)
2092 - ((u8 *) NULL);
2093 return tomoyo_open_control(key, file);
2094}
2095
2096/**
2097 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
2098 *
2099 * @inode: Pointer to "struct inode".
2100 * @file: Pointer to "struct file".
2101 *
2102 * Returns 0 on success, negative value otherwise.
2103 */
2104static int tomoyo_release(struct inode *inode, struct file *file)
2105{
2106 return tomoyo_close_control(file);
2107}
2108
2109/**
2110 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
2111 *
2112 * @file: Pointer to "struct file".
2113 * @buf: Pointer to buffer.
2114 * @count: Size of @buf.
2115 * @ppos: Unused.
2116 *
2117 * Returns bytes read on success, negative value otherwise.
2118 */
2119static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
2120 loff_t *ppos)
2121{
2122 return tomoyo_read_control(file, buf, count);
2123}
2124
2125/**
2126 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
2127 *
2128 * @file: Pointer to "struct file".
2129 * @buf: Pointer to buffer.
2130 * @count: Size of @buf.
2131 * @ppos: Unused.
2132 *
2133 * Returns @count on success, negative value otherwise.
2134 */
2135static ssize_t tomoyo_write(struct file *file, const char __user *buf,
2136 size_t count, loff_t *ppos)
2137{
2138 return tomoyo_write_control(file, buf, count);
2139}
2140
2141/* Operations for /sys/kernel/security/tomoyo/ interface. */
2142static const struct file_operations tomoyo_operations = {
2143 .open = tomoyo_open,
2144 .release = tomoyo_release,
2145 .read = tomoyo_read,
2146 .write = tomoyo_write,
2147};
2148
2149/**
2150 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
2151 *
2152 * @name: The name of the interface file.
2153 * @mode: The permission of the interface file.
2154 * @parent: The parent directory.
2155 * @key: Type of interface.
2156 *
2157 * Returns nothing.
2158 */
2159static void __init tomoyo_create_entry(const char *name, const mode_t mode,
2160 struct dentry *parent, const u8 key)
2161{
2162 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
2163 &tomoyo_operations);
2164}
2165
2166/**
2167 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
2168 *
2169 * Returns 0.
2170 */
2171static int __init tomoyo_initerface_init(void)
2172{
2173 struct dentry *tomoyo_dir;
2174
Tetsuo Handae5a3b952009-02-14 11:46:56 +0900[diff] [blame]2175 /* Don't create securityfs entries unless registered. */
2176 if (current_cred()->security != &tomoyo_kernel_domain)
2177 return 0;
2178
Kentaro Takeda95908372009-02-05 17:18:13 +0900[diff] [blame]2179 tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
2180 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
2181 TOMOYO_DOMAINPOLICY);
2182 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
2183 TOMOYO_EXCEPTIONPOLICY);
2184 tomoyo_create_entry("self_domain", 0400, tomoyo_dir,
2185 TOMOYO_SELFDOMAIN);
2186 tomoyo_create_entry(".domain_status", 0600, tomoyo_dir,
2187 TOMOYO_DOMAIN_STATUS);
2188 tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
2189 TOMOYO_PROCESS_STATUS);
2190 tomoyo_create_entry("meminfo", 0600, tomoyo_dir,
2191 TOMOYO_MEMINFO);
2192 tomoyo_create_entry("profile", 0600, tomoyo_dir,
2193 TOMOYO_PROFILE);
2194 tomoyo_create_entry("manager", 0600, tomoyo_dir,
2195 TOMOYO_MANAGER);
2196 tomoyo_create_entry("version", 0400, tomoyo_dir,
2197 TOMOYO_VERSION);
2198 return 0;
2199}
2200
2201fs_initcall(tomoyo_initerface_init);