common.c revision 0849e3ba53c3ef603dffa9758a73e07ed186a937
1/* 2 * security/tomoyo/common.c 3 * 4 * Common functions for TOMOYO. 5 * 6 * Copyright (C) 2005-2010 NTT DATA CORPORATION 7 */ 8 9#include <linux/uaccess.h> 10#include <linux/slab.h> 11#include <linux/security.h> 12#include "common.h" 13 14static struct tomoyo_profile tomoyo_default_profile = { 15 .learning = &tomoyo_default_profile.preference, 16 .permissive = &tomoyo_default_profile.preference, 17 .enforcing = &tomoyo_default_profile.preference, 18 .preference.enforcing_verbose = true, 19 .preference.learning_max_entry = 2048, 20 .preference.learning_verbose = false, 21 .preference.permissive_verbose = true 22}; 23 24/* Profile version. Currently only 20090903 is defined. */ 25static unsigned int tomoyo_profile_version; 26 27/* Profile table. Memory is allocated as needed. */ 28static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES]; 29 30/* String table for functionality that takes 4 modes. */ 31static const char *tomoyo_mode[4] = { 32 "disabled", "learning", "permissive", "enforcing" 33}; 34 35/* String table for /sys/kernel/security/tomoyo/profile */ 36static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX 37 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = { 38 [TOMOYO_MAC_FILE_EXECUTE] = "file::execute", 39 [TOMOYO_MAC_FILE_OPEN] = "file::open", 40 [TOMOYO_MAC_FILE_CREATE] = "file::create", 41 [TOMOYO_MAC_FILE_UNLINK] = "file::unlink", 42 [TOMOYO_MAC_FILE_MKDIR] = "file::mkdir", 43 [TOMOYO_MAC_FILE_RMDIR] = "file::rmdir", 44 [TOMOYO_MAC_FILE_MKFIFO] = "file::mkfifo", 45 [TOMOYO_MAC_FILE_MKSOCK] = "file::mksock", 46 [TOMOYO_MAC_FILE_TRUNCATE] = "file::truncate", 47 [TOMOYO_MAC_FILE_SYMLINK] = "file::symlink", 48 [TOMOYO_MAC_FILE_REWRITE] = "file::rewrite", 49 [TOMOYO_MAC_FILE_MKBLOCK] = "file::mkblock", 50 [TOMOYO_MAC_FILE_MKCHAR] = "file::mkchar", 51 [TOMOYO_MAC_FILE_LINK] = "file::link", 52 [TOMOYO_MAC_FILE_RENAME] = "file::rename", 53 [TOMOYO_MAC_FILE_CHMOD] = "file::chmod", 54 [TOMOYO_MAC_FILE_CHOWN] = "file::chown", 55 [TOMOYO_MAC_FILE_CHGRP] = "file::chgrp", 56 [TOMOYO_MAC_FILE_IOCTL] = "file::ioctl", 57 [TOMOYO_MAC_FILE_CHROOT] = "file::chroot", 58 [TOMOYO_MAC_FILE_MOUNT] = "file::mount", 59 [TOMOYO_MAC_FILE_UMOUNT] = "file::umount", 60 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root", 61 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file", 62}; 63 64/* Permit policy management by non-root user? */ 65static bool tomoyo_manage_by_non_root; 66 67/* Utility functions. */ 68 69/** 70 * tomoyo_yesno - Return "yes" or "no". 71 * 72 * @value: Bool value. 73 */ 74static const char *tomoyo_yesno(const unsigned int value) 75{ 76 return value ? "yes" : "no"; 77} 78 79static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...) 80{ 81 va_list args; 82 const int pos = strlen(buffer); 83 va_start(args, fmt); 84 vsnprintf(buffer + pos, len - pos - 1, fmt, args); 85 va_end(args); 86} 87 88/** 89 * tomoyo_flush - Flush queued string to userspace's buffer. 90 * 91 * @head: Pointer to "struct tomoyo_io_buffer". 92 * 93 * Returns true if all data was flushed, false otherwise. 94 */ 95static bool tomoyo_flush(struct tomoyo_io_buffer *head) 96{ 97 while (head->r.w_pos) { 98 const char *w = head->r.w[0]; 99 int len = strlen(w); 100 if (len) { 101 if (len > head->read_user_buf_avail) 102 len = head->read_user_buf_avail; 103 if (!len) 104 return false; 105 if (copy_to_user(head->read_user_buf, w, len)) 106 return false; 107 head->read_user_buf_avail -= len; 108 head->read_user_buf += len; 109 w += len; 110 } 111 if (*w) { 112 head->r.w[0] = w; 113 return false; 114 } 115 /* Add '\0' for query. */ 116 if (head->poll) { 117 if (!head->read_user_buf_avail || 118 copy_to_user(head->read_user_buf, "", 1)) 119 return false; 120 head->read_user_buf_avail--; 121 head->read_user_buf++; 122 } 123 head->r.w_pos--; 124 for (len = 0; len < head->r.w_pos; len++) 125 head->r.w[len] = head->r.w[len + 1]; 126 } 127 head->r.avail = 0; 128 return true; 129} 130 131/** 132 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure. 133 * 134 * @head: Pointer to "struct tomoyo_io_buffer". 135 * @string: String to print. 136 * 137 * Note that @string has to be kept valid until @head is kfree()d. 138 * This means that char[] allocated on stack memory cannot be passed to 139 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory. 140 */ 141static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string) 142{ 143 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) { 144 head->r.w[head->r.w_pos++] = string; 145 tomoyo_flush(head); 146 } else 147 WARN_ON(1); 148} 149 150/** 151 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure. 152 * 153 * @head: Pointer to "struct tomoyo_io_buffer". 154 * @fmt: The printf()'s format string, followed by parameters. 155 */ 156void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 157{ 158 va_list args; 159 int len; 160 int pos = head->r.avail; 161 int size = head->readbuf_size - pos; 162 if (size <= 0) 163 return; 164 va_start(args, fmt); 165 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1; 166 va_end(args); 167 if (pos + len >= head->readbuf_size) { 168 WARN_ON(1); 169 return; 170 } 171 head->r.avail += len; 172 tomoyo_set_string(head, head->read_buf + pos); 173} 174 175static void tomoyo_set_space(struct tomoyo_io_buffer *head) 176{ 177 tomoyo_set_string(head, " "); 178} 179 180static bool tomoyo_set_lf(struct tomoyo_io_buffer *head) 181{ 182 tomoyo_set_string(head, "\n"); 183 return !head->r.w_pos; 184} 185 186/** 187 * tomoyo_print_name_union - Print a tomoyo_name_union. 188 * 189 * @head: Pointer to "struct tomoyo_io_buffer". 190 * @ptr: Pointer to "struct tomoyo_name_union". 191 */ 192static void tomoyo_print_name_union(struct tomoyo_io_buffer *head, 193 const struct tomoyo_name_union *ptr) 194{ 195 tomoyo_set_space(head); 196 if (ptr->is_group) { 197 tomoyo_set_string(head, "@"); 198 tomoyo_set_string(head, ptr->group->group_name->name); 199 } else { 200 tomoyo_set_string(head, ptr->filename->name); 201 } 202} 203 204/** 205 * tomoyo_print_number_union - Print a tomoyo_number_union. 206 * 207 * @head: Pointer to "struct tomoyo_io_buffer". 208 * @ptr: Pointer to "struct tomoyo_number_union". 209 */ 210static void tomoyo_print_number_union(struct tomoyo_io_buffer *head, 211 const struct tomoyo_number_union *ptr) 212{ 213 tomoyo_set_space(head); 214 if (ptr->is_group) { 215 tomoyo_set_string(head, "@"); 216 tomoyo_set_string(head, ptr->group->group_name->name); 217 } else { 218 int i; 219 unsigned long min = ptr->values[0]; 220 const unsigned long max = ptr->values[1]; 221 u8 min_type = ptr->min_type; 222 const u8 max_type = ptr->max_type; 223 char buffer[128]; 224 buffer[0] = '\0'; 225 for (i = 0; i < 2; i++) { 226 switch (min_type) { 227 case TOMOYO_VALUE_TYPE_HEXADECIMAL: 228 tomoyo_addprintf(buffer, sizeof(buffer), 229 "0x%lX", min); 230 break; 231 case TOMOYO_VALUE_TYPE_OCTAL: 232 tomoyo_addprintf(buffer, sizeof(buffer), 233 "0%lo", min); 234 break; 235 default: 236 tomoyo_addprintf(buffer, sizeof(buffer), 237 "%lu", min); 238 break; 239 } 240 if (min == max && min_type == max_type) 241 break; 242 tomoyo_addprintf(buffer, sizeof(buffer), "-"); 243 min_type = max_type; 244 min = max; 245 } 246 tomoyo_io_printf(head, "%s", buffer); 247 } 248} 249 250/** 251 * tomoyo_assign_profile - Create a new profile. 252 * 253 * @profile: Profile number to create. 254 * 255 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. 256 */ 257static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) 258{ 259 struct tomoyo_profile *ptr; 260 struct tomoyo_profile *entry; 261 if (profile >= TOMOYO_MAX_PROFILES) 262 return NULL; 263 ptr = tomoyo_profile_ptr[profile]; 264 if (ptr) 265 return ptr; 266 entry = kzalloc(sizeof(*entry), GFP_NOFS); 267 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 268 goto out; 269 ptr = tomoyo_profile_ptr[profile]; 270 if (!ptr && tomoyo_memory_ok(entry)) { 271 ptr = entry; 272 ptr->learning = &tomoyo_default_profile.preference; 273 ptr->permissive = &tomoyo_default_profile.preference; 274 ptr->enforcing = &tomoyo_default_profile.preference; 275 ptr->default_config = TOMOYO_CONFIG_DISABLED; 276 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT, 277 sizeof(ptr->config)); 278 mb(); /* Avoid out-of-order execution. */ 279 tomoyo_profile_ptr[profile] = ptr; 280 entry = NULL; 281 } 282 mutex_unlock(&tomoyo_policy_lock); 283 out: 284 kfree(entry); 285 return ptr; 286} 287 288/** 289 * tomoyo_profile - Find a profile. 290 * 291 * @profile: Profile number to find. 292 * 293 * Returns pointer to "struct tomoyo_profile". 294 */ 295struct tomoyo_profile *tomoyo_profile(const u8 profile) 296{ 297 struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile]; 298 if (!tomoyo_policy_loaded) 299 return &tomoyo_default_profile; 300 BUG_ON(!ptr); 301 return ptr; 302} 303 304static s8 tomoyo_find_yesno(const char *string, const char *find) 305{ 306 const char *cp = strstr(string, find); 307 if (cp) { 308 cp += strlen(find); 309 if (!strncmp(cp, "=yes", 4)) 310 return 1; 311 else if (!strncmp(cp, "=no", 3)) 312 return 0; 313 } 314 return -1; 315} 316 317static void tomoyo_set_bool(bool *b, const char *string, const char *find) 318{ 319 switch (tomoyo_find_yesno(string, find)) { 320 case 1: 321 *b = true; 322 break; 323 case 0: 324 *b = false; 325 break; 326 } 327} 328 329static void tomoyo_set_uint(unsigned int *i, const char *string, 330 const char *find) 331{ 332 const char *cp = strstr(string, find); 333 if (cp) 334 sscanf(cp + strlen(find), "=%u", i); 335} 336 337static void tomoyo_set_pref(const char *name, const char *value, 338 const bool use_default, 339 struct tomoyo_profile *profile) 340{ 341 struct tomoyo_preference **pref; 342 bool *verbose; 343 if (!strcmp(name, "enforcing")) { 344 if (use_default) { 345 pref = &profile->enforcing; 346 goto set_default; 347 } 348 profile->enforcing = &profile->preference; 349 verbose = &profile->preference.enforcing_verbose; 350 goto set_verbose; 351 } 352 if (!strcmp(name, "permissive")) { 353 if (use_default) { 354 pref = &profile->permissive; 355 goto set_default; 356 } 357 profile->permissive = &profile->preference; 358 verbose = &profile->preference.permissive_verbose; 359 goto set_verbose; 360 } 361 if (!strcmp(name, "learning")) { 362 if (use_default) { 363 pref = &profile->learning; 364 goto set_default; 365 } 366 profile->learning = &profile->preference; 367 tomoyo_set_uint(&profile->preference.learning_max_entry, value, 368 "max_entry"); 369 verbose = &profile->preference.learning_verbose; 370 goto set_verbose; 371 } 372 return; 373 set_default: 374 *pref = &tomoyo_default_profile.preference; 375 return; 376 set_verbose: 377 tomoyo_set_bool(verbose, value, "verbose"); 378} 379 380static int tomoyo_set_mode(char *name, const char *value, 381 const bool use_default, 382 struct tomoyo_profile *profile) 383{ 384 u8 i; 385 u8 config; 386 if (!strcmp(name, "CONFIG")) { 387 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX; 388 config = profile->default_config; 389 } else if (tomoyo_str_starts(&name, "CONFIG::")) { 390 config = 0; 391 for (i = 0; i < TOMOYO_MAX_MAC_INDEX 392 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) { 393 if (strcmp(name, tomoyo_mac_keywords[i])) 394 continue; 395 config = profile->config[i]; 396 break; 397 } 398 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 399 return -EINVAL; 400 } else { 401 return -EINVAL; 402 } 403 if (use_default) { 404 config = TOMOYO_CONFIG_USE_DEFAULT; 405 } else { 406 u8 mode; 407 for (mode = 0; mode < 4; mode++) 408 if (strstr(value, tomoyo_mode[mode])) 409 /* 410 * Update lower 3 bits in order to distinguish 411 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'. 412 */ 413 config = (config & ~7) | mode; 414 } 415 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 416 profile->config[i] = config; 417 else if (config != TOMOYO_CONFIG_USE_DEFAULT) 418 profile->default_config = config; 419 return 0; 420} 421 422/** 423 * tomoyo_write_profile - Write profile table. 424 * 425 * @head: Pointer to "struct tomoyo_io_buffer". 426 * 427 * Returns 0 on success, negative value otherwise. 428 */ 429static int tomoyo_write_profile(struct tomoyo_io_buffer *head) 430{ 431 char *data = head->write_buf; 432 unsigned int i; 433 bool use_default = false; 434 char *cp; 435 struct tomoyo_profile *profile; 436 if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1) 437 return 0; 438 i = simple_strtoul(data, &cp, 10); 439 if (data == cp) { 440 profile = &tomoyo_default_profile; 441 } else { 442 if (*cp != '-') 443 return -EINVAL; 444 data = cp + 1; 445 profile = tomoyo_assign_profile(i); 446 if (!profile) 447 return -EINVAL; 448 } 449 cp = strchr(data, '='); 450 if (!cp) 451 return -EINVAL; 452 *cp++ = '\0'; 453 if (profile != &tomoyo_default_profile) 454 use_default = strstr(cp, "use_default") != NULL; 455 if (tomoyo_str_starts(&data, "PREFERENCE::")) { 456 tomoyo_set_pref(data, cp, use_default, profile); 457 return 0; 458 } 459 if (profile == &tomoyo_default_profile) 460 return -EINVAL; 461 if (!strcmp(data, "COMMENT")) { 462 const struct tomoyo_path_info *old_comment = profile->comment; 463 profile->comment = tomoyo_get_name(cp); 464 tomoyo_put_name(old_comment); 465 return 0; 466 } 467 return tomoyo_set_mode(data, cp, use_default, profile); 468} 469 470static void tomoyo_print_preference(struct tomoyo_io_buffer *head, 471 const int idx) 472{ 473 struct tomoyo_preference *pref = &tomoyo_default_profile.preference; 474 const struct tomoyo_profile *profile = idx >= 0 ? 475 tomoyo_profile_ptr[idx] : NULL; 476 char buffer[16] = ""; 477 if (profile) { 478 buffer[sizeof(buffer) - 1] = '\0'; 479 snprintf(buffer, sizeof(buffer) - 1, "%u-", idx); 480 } 481 if (profile) { 482 pref = profile->learning; 483 if (pref == &tomoyo_default_profile.preference) 484 goto skip1; 485 } 486 tomoyo_io_printf(head, "%sPREFERENCE::%s={ " 487 "verbose=%s max_entry=%u }\n", 488 buffer, "learning", 489 tomoyo_yesno(pref->learning_verbose), 490 pref->learning_max_entry); 491 skip1: 492 if (profile) { 493 pref = profile->permissive; 494 if (pref == &tomoyo_default_profile.preference) 495 goto skip2; 496 } 497 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n", 498 buffer, "permissive", 499 tomoyo_yesno(pref->permissive_verbose)); 500 skip2: 501 if (profile) { 502 pref = profile->enforcing; 503 if (pref == &tomoyo_default_profile.preference) 504 return; 505 } 506 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n", 507 buffer, "enforcing", 508 tomoyo_yesno(pref->enforcing_verbose)); 509} 510 511static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config) 512{ 513 tomoyo_io_printf(head, "={ mode=%s }\n", tomoyo_mode[config & 3]); 514} 515 516/** 517 * tomoyo_read_profile - Read profile table. 518 * 519 * @head: Pointer to "struct tomoyo_io_buffer". 520 */ 521static void tomoyo_read_profile(struct tomoyo_io_buffer *head) 522{ 523 u8 index; 524 const struct tomoyo_profile *profile; 525 next: 526 index = head->r.index; 527 profile = tomoyo_profile_ptr[index]; 528 switch (head->r.step) { 529 case 0: 530 tomoyo_io_printf(head, "PROFILE_VERSION=%s\n", "20090903"); 531 tomoyo_print_preference(head, -1); 532 head->r.step++; 533 break; 534 case 1: 535 for ( ; head->r.index < TOMOYO_MAX_PROFILES; 536 head->r.index++) 537 if (tomoyo_profile_ptr[head->r.index]) 538 break; 539 if (head->r.index == TOMOYO_MAX_PROFILES) 540 return; 541 head->r.step++; 542 break; 543 case 2: 544 { 545 const struct tomoyo_path_info *comment = 546 profile->comment; 547 tomoyo_io_printf(head, "%u-COMMENT=", index); 548 tomoyo_set_string(head, comment ? comment->name : ""); 549 tomoyo_set_lf(head); 550 head->r.step++; 551 } 552 break; 553 case 3: 554 { 555 tomoyo_io_printf(head, "%u-%s", index, "CONFIG"); 556 tomoyo_print_config(head, profile->default_config); 557 head->r.bit = 0; 558 head->r.step++; 559 } 560 break; 561 case 4: 562 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX 563 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) { 564 const u8 i = head->r.bit; 565 const u8 config = profile->config[i]; 566 if (config == TOMOYO_CONFIG_USE_DEFAULT) 567 continue; 568 tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::", 569 tomoyo_mac_keywords[i]); 570 tomoyo_print_config(head, config); 571 head->r.bit++; 572 break; 573 } 574 if (head->r.bit == TOMOYO_MAX_MAC_INDEX 575 + TOMOYO_MAX_MAC_CATEGORY_INDEX) { 576 tomoyo_print_preference(head, index); 577 head->r.index++; 578 head->r.step = 1; 579 } 580 break; 581 } 582 if (tomoyo_flush(head)) 583 goto next; 584} 585 586static bool tomoyo_same_manager(const struct tomoyo_acl_head *a, 587 const struct tomoyo_acl_head *b) 588{ 589 return container_of(a, struct tomoyo_manager, head)->manager == 590 container_of(b, struct tomoyo_manager, head)->manager; 591} 592 593/** 594 * tomoyo_update_manager_entry - Add a manager entry. 595 * 596 * @manager: The path to manager or the domainnamme. 597 * @is_delete: True if it is a delete request. 598 * 599 * Returns 0 on success, negative value otherwise. 600 * 601 * Caller holds tomoyo_read_lock(). 602 */ 603static int tomoyo_update_manager_entry(const char *manager, 604 const bool is_delete) 605{ 606 struct tomoyo_manager e = { }; 607 int error; 608 609 if (tomoyo_domain_def(manager)) { 610 if (!tomoyo_correct_domain(manager)) 611 return -EINVAL; 612 e.is_domain = true; 613 } else { 614 if (!tomoyo_correct_path(manager)) 615 return -EINVAL; 616 } 617 e.manager = tomoyo_get_name(manager); 618 if (!e.manager) 619 return -ENOMEM; 620 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 621 &tomoyo_policy_list[TOMOYO_ID_MANAGER], 622 tomoyo_same_manager); 623 tomoyo_put_name(e.manager); 624 return error; 625} 626 627/** 628 * tomoyo_write_manager - Write manager policy. 629 * 630 * @head: Pointer to "struct tomoyo_io_buffer". 631 * 632 * Returns 0 on success, negative value otherwise. 633 * 634 * Caller holds tomoyo_read_lock(). 635 */ 636static int tomoyo_write_manager(struct tomoyo_io_buffer *head) 637{ 638 char *data = head->write_buf; 639 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 640 641 if (!strcmp(data, "manage_by_non_root")) { 642 tomoyo_manage_by_non_root = !is_delete; 643 return 0; 644 } 645 return tomoyo_update_manager_entry(data, is_delete); 646} 647 648/** 649 * tomoyo_read_manager - Read manager policy. 650 * 651 * @head: Pointer to "struct tomoyo_io_buffer". 652 * 653 * Caller holds tomoyo_read_lock(). 654 */ 655static void tomoyo_read_manager(struct tomoyo_io_buffer *head) 656{ 657 if (head->r.eof) 658 return; 659 list_for_each_cookie(head->r.acl, 660 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { 661 struct tomoyo_manager *ptr = 662 list_entry(head->r.acl, typeof(*ptr), head.list); 663 if (ptr->head.is_deleted) 664 continue; 665 if (!tomoyo_flush(head)) 666 return; 667 tomoyo_set_string(head, ptr->manager->name); 668 tomoyo_set_lf(head); 669 } 670 head->r.eof = true; 671} 672 673/** 674 * tomoyo_manager - Check whether the current process is a policy manager. 675 * 676 * Returns true if the current process is permitted to modify policy 677 * via /sys/kernel/security/tomoyo/ interface. 678 * 679 * Caller holds tomoyo_read_lock(). 680 */ 681static bool tomoyo_manager(void) 682{ 683 struct tomoyo_manager *ptr; 684 const char *exe; 685 const struct task_struct *task = current; 686 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 687 bool found = false; 688 689 if (!tomoyo_policy_loaded) 690 return true; 691 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 692 return false; 693 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], 694 head.list) { 695 if (!ptr->head.is_deleted && ptr->is_domain 696 && !tomoyo_pathcmp(domainname, ptr->manager)) { 697 found = true; 698 break; 699 } 700 } 701 if (found) 702 return true; 703 exe = tomoyo_get_exe(); 704 if (!exe) 705 return false; 706 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], 707 head.list) { 708 if (!ptr->head.is_deleted && !ptr->is_domain 709 && !strcmp(exe, ptr->manager->name)) { 710 found = true; 711 break; 712 } 713 } 714 if (!found) { /* Reduce error messages. */ 715 static pid_t last_pid; 716 const pid_t pid = current->pid; 717 if (last_pid != pid) { 718 printk(KERN_WARNING "%s ( %s ) is not permitted to " 719 "update policies.\n", domainname->name, exe); 720 last_pid = pid; 721 } 722 } 723 kfree(exe); 724 return found; 725} 726 727/** 728 * tomoyo_select_one - Parse select command. 729 * 730 * @head: Pointer to "struct tomoyo_io_buffer". 731 * @data: String to parse. 732 * 733 * Returns true on success, false otherwise. 734 * 735 * Caller holds tomoyo_read_lock(). 736 */ 737static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data) 738{ 739 unsigned int pid; 740 struct tomoyo_domain_info *domain = NULL; 741 bool global_pid = false; 742 743 if (!strcmp(data, "allow_execute")) { 744 head->r.print_execute_only = true; 745 return true; 746 } 747 if (sscanf(data, "pid=%u", &pid) == 1 || 748 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { 749 struct task_struct *p; 750 rcu_read_lock(); 751 read_lock(&tasklist_lock); 752 if (global_pid) 753 p = find_task_by_pid_ns(pid, &init_pid_ns); 754 else 755 p = find_task_by_vpid(pid); 756 if (p) 757 domain = tomoyo_real_domain(p); 758 read_unlock(&tasklist_lock); 759 rcu_read_unlock(); 760 } else if (!strncmp(data, "domain=", 7)) { 761 if (tomoyo_domain_def(data + 7)) 762 domain = tomoyo_find_domain(data + 7); 763 } else 764 return false; 765 head->write_var1 = domain; 766 /* Accessing read_buf is safe because head->io_sem is held. */ 767 if (!head->read_buf) 768 return true; /* Do nothing if open(O_WRONLY). */ 769 memset(&head->r, 0, sizeof(head->r)); 770 head->r.print_this_domain_only = true; 771 head->r.eof = !domain; 772 head->r.domain = &domain->list; 773 tomoyo_io_printf(head, "# select %s\n", data); 774 if (domain && domain->is_deleted) 775 tomoyo_io_printf(head, "# This is a deleted domain.\n"); 776 return true; 777} 778 779/** 780 * tomoyo_delete_domain - Delete a domain. 781 * 782 * @domainname: The name of domain. 783 * 784 * Returns 0. 785 * 786 * Caller holds tomoyo_read_lock(). 787 */ 788static int tomoyo_delete_domain(char *domainname) 789{ 790 struct tomoyo_domain_info *domain; 791 struct tomoyo_path_info name; 792 793 name.name = domainname; 794 tomoyo_fill_path_info(&name); 795 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 796 return 0; 797 /* Is there an active domain? */ 798 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 799 /* Never delete tomoyo_kernel_domain */ 800 if (domain == &tomoyo_kernel_domain) 801 continue; 802 if (domain->is_deleted || 803 tomoyo_pathcmp(domain->domainname, &name)) 804 continue; 805 domain->is_deleted = true; 806 break; 807 } 808 mutex_unlock(&tomoyo_policy_lock); 809 return 0; 810} 811 812/** 813 * tomoyo_write_domain2 - Write domain policy. 814 * 815 * @head: Pointer to "struct tomoyo_io_buffer". 816 * 817 * Returns 0 on success, negative value otherwise. 818 * 819 * Caller holds tomoyo_read_lock(). 820 */ 821static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain, 822 const bool is_delete) 823{ 824 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT)) 825 return tomoyo_write_mount(data, domain, is_delete); 826 return tomoyo_write_file(data, domain, is_delete); 827} 828 829/** 830 * tomoyo_write_domain - Write domain policy. 831 * 832 * @head: Pointer to "struct tomoyo_io_buffer". 833 * 834 * Returns 0 on success, negative value otherwise. 835 * 836 * Caller holds tomoyo_read_lock(). 837 */ 838static int tomoyo_write_domain(struct tomoyo_io_buffer *head) 839{ 840 char *data = head->write_buf; 841 struct tomoyo_domain_info *domain = head->write_var1; 842 bool is_delete = false; 843 bool is_select = false; 844 unsigned int profile; 845 846 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE)) 847 is_delete = true; 848 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT)) 849 is_select = true; 850 if (is_select && tomoyo_select_one(head, data)) 851 return 0; 852 /* Don't allow updating policies by non manager programs. */ 853 if (!tomoyo_manager()) 854 return -EPERM; 855 if (tomoyo_domain_def(data)) { 856 domain = NULL; 857 if (is_delete) 858 tomoyo_delete_domain(data); 859 else if (is_select) 860 domain = tomoyo_find_domain(data); 861 else 862 domain = tomoyo_assign_domain(data, 0); 863 head->write_var1 = domain; 864 return 0; 865 } 866 if (!domain) 867 return -EINVAL; 868 869 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1 870 && profile < TOMOYO_MAX_PROFILES) { 871 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) 872 domain->profile = (u8) profile; 873 return 0; 874 } 875 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) { 876 domain->ignore_global_allow_read = !is_delete; 877 return 0; 878 } 879 if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) { 880 domain->quota_warned = !is_delete; 881 return 0; 882 } 883 if (!strcmp(data, TOMOYO_KEYWORD_TRANSITION_FAILED)) { 884 domain->transition_failed = !is_delete; 885 return 0; 886 } 887 return tomoyo_write_domain2(data, domain, is_delete); 888} 889 890/** 891 * tomoyo_fns - Find next set bit. 892 * 893 * @perm: 8 bits value. 894 * @bit: First bit to find. 895 * 896 * Returns next on-bit on success, 8 otherwise. 897 */ 898static u8 tomoyo_fns(const u8 perm, u8 bit) 899{ 900 for ( ; bit < 8; bit++) 901 if (perm & (1 << bit)) 902 break; 903 return bit; 904} 905 906/** 907 * tomoyo_print_entry - Print an ACL entry. 908 * 909 * @head: Pointer to "struct tomoyo_io_buffer". 910 * @acl: Pointer to an ACL entry. 911 * 912 * Returns true on success, false otherwise. 913 */ 914static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, 915 struct tomoyo_acl_info *acl) 916{ 917 const u8 acl_type = acl->type; 918 u8 bit; 919 920 if (acl->is_deleted) 921 return true; 922 next: 923 bit = head->r.bit; 924 if (!tomoyo_flush(head)) 925 return false; 926 else if (acl_type == TOMOYO_TYPE_PATH_ACL) { 927 struct tomoyo_path_acl *ptr = 928 container_of(acl, typeof(*ptr), head); 929 const u16 perm = ptr->perm; 930 for ( ; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { 931 if (!(perm & (1 << bit))) 932 continue; 933 if (head->r.print_execute_only && 934 bit != TOMOYO_TYPE_EXECUTE) 935 continue; 936 /* Print "read/write" instead of "read" and "write". */ 937 if ((bit == TOMOYO_TYPE_READ || 938 bit == TOMOYO_TYPE_WRITE) 939 && (perm & (1 << TOMOYO_TYPE_READ_WRITE))) 940 continue; 941 break; 942 } 943 if (bit >= TOMOYO_MAX_PATH_OPERATION) 944 goto done; 945 tomoyo_io_printf(head, "allow_%s", tomoyo_path_keyword[bit]); 946 tomoyo_print_name_union(head, &ptr->name); 947 } else if (head->r.print_execute_only) { 948 return true; 949 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { 950 struct tomoyo_path2_acl *ptr = 951 container_of(acl, typeof(*ptr), head); 952 bit = tomoyo_fns(ptr->perm, bit); 953 if (bit >= TOMOYO_MAX_PATH2_OPERATION) 954 goto done; 955 tomoyo_io_printf(head, "allow_%s", tomoyo_path2_keyword[bit]); 956 tomoyo_print_name_union(head, &ptr->name1); 957 tomoyo_print_name_union(head, &ptr->name2); 958 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) { 959 struct tomoyo_path_number_acl *ptr = 960 container_of(acl, typeof(*ptr), head); 961 bit = tomoyo_fns(ptr->perm, bit); 962 if (bit >= TOMOYO_MAX_PATH_NUMBER_OPERATION) 963 goto done; 964 tomoyo_io_printf(head, "allow_%s", 965 tomoyo_path_number_keyword[bit]); 966 tomoyo_print_name_union(head, &ptr->name); 967 tomoyo_print_number_union(head, &ptr->number); 968 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) { 969 struct tomoyo_mkdev_acl *ptr = 970 container_of(acl, typeof(*ptr), head); 971 bit = tomoyo_fns(ptr->perm, bit); 972 if (bit >= TOMOYO_MAX_MKDEV_OPERATION) 973 goto done; 974 tomoyo_io_printf(head, "allow_%s", tomoyo_mkdev_keyword[bit]); 975 tomoyo_print_name_union(head, &ptr->name); 976 tomoyo_print_number_union(head, &ptr->mode); 977 tomoyo_print_number_union(head, &ptr->major); 978 tomoyo_print_number_union(head, &ptr->minor); 979 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) { 980 struct tomoyo_mount_acl *ptr = 981 container_of(acl, typeof(*ptr), head); 982 tomoyo_io_printf(head, "allow_mount"); 983 tomoyo_print_name_union(head, &ptr->dev_name); 984 tomoyo_print_name_union(head, &ptr->dir_name); 985 tomoyo_print_name_union(head, &ptr->fs_type); 986 tomoyo_print_number_union(head, &ptr->flags); 987 } 988 head->r.bit = bit + 1; 989 tomoyo_io_printf(head, "\n"); 990 if (acl_type != TOMOYO_TYPE_MOUNT_ACL) 991 goto next; 992 done: 993 head->r.bit = 0; 994 return true; 995} 996 997/** 998 * tomoyo_read_domain2 - Read domain policy. 999 * 1000 * @head: Pointer to "struct tomoyo_io_buffer". 1001 * @domain: Pointer to "struct tomoyo_domain_info". 1002 * 1003 * Caller holds tomoyo_read_lock(). 1004 * 1005 * Returns true on success, false otherwise. 1006 */ 1007static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head, 1008 struct tomoyo_domain_info *domain) 1009{ 1010 list_for_each_cookie(head->r.acl, &domain->acl_info_list) { 1011 struct tomoyo_acl_info *ptr = 1012 list_entry(head->r.acl, typeof(*ptr), list); 1013 if (!tomoyo_print_entry(head, ptr)) 1014 return false; 1015 } 1016 head->r.acl = NULL; 1017 return true; 1018} 1019 1020/** 1021 * tomoyo_read_domain - Read domain policy. 1022 * 1023 * @head: Pointer to "struct tomoyo_io_buffer". 1024 * 1025 * Caller holds tomoyo_read_lock(). 1026 */ 1027static void tomoyo_read_domain(struct tomoyo_io_buffer *head) 1028{ 1029 if (head->r.eof) 1030 return; 1031 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { 1032 struct tomoyo_domain_info *domain = 1033 list_entry(head->r.domain, typeof(*domain), list); 1034 switch (head->r.step) { 1035 case 0: 1036 if (domain->is_deleted && 1037 !head->r.print_this_domain_only) 1038 continue; 1039 /* Print domainname and flags. */ 1040 tomoyo_set_string(head, domain->domainname->name); 1041 tomoyo_set_lf(head); 1042 tomoyo_io_printf(head, 1043 TOMOYO_KEYWORD_USE_PROFILE "%u\n", 1044 domain->profile); 1045 if (domain->quota_warned) 1046 tomoyo_set_string(head, "quota_exceeded\n"); 1047 if (domain->transition_failed) 1048 tomoyo_set_string(head, "transition_failed\n"); 1049 if (domain->ignore_global_allow_read) 1050 tomoyo_set_string(head, 1051 TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ 1052 "\n"); 1053 head->r.step++; 1054 tomoyo_set_lf(head); 1055 /* fall through */ 1056 case 1: 1057 if (!tomoyo_read_domain2(head, domain)) 1058 return; 1059 head->r.step++; 1060 if (!tomoyo_set_lf(head)) 1061 return; 1062 /* fall through */ 1063 case 2: 1064 head->r.step = 0; 1065 if (head->r.print_this_domain_only) 1066 goto done; 1067 } 1068 } 1069 done: 1070 head->r.eof = true; 1071} 1072 1073/** 1074 * tomoyo_write_domain_profile - Assign profile for specified domain. 1075 * 1076 * @head: Pointer to "struct tomoyo_io_buffer". 1077 * 1078 * Returns 0 on success, -EINVAL otherwise. 1079 * 1080 * This is equivalent to doing 1081 * 1082 * ( echo "select " $domainname; echo "use_profile " $profile ) | 1083 * /usr/sbin/tomoyo-loadpolicy -d 1084 * 1085 * Caller holds tomoyo_read_lock(). 1086 */ 1087static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) 1088{ 1089 char *data = head->write_buf; 1090 char *cp = strchr(data, ' '); 1091 struct tomoyo_domain_info *domain; 1092 unsigned long profile; 1093 1094 if (!cp) 1095 return -EINVAL; 1096 *cp = '\0'; 1097 domain = tomoyo_find_domain(cp + 1); 1098 if (strict_strtoul(data, 10, &profile)) 1099 return -EINVAL; 1100 if (domain && profile < TOMOYO_MAX_PROFILES 1101 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)) 1102 domain->profile = (u8) profile; 1103 return 0; 1104} 1105 1106/** 1107 * tomoyo_read_domain_profile - Read only domainname and profile. 1108 * 1109 * @head: Pointer to "struct tomoyo_io_buffer". 1110 * 1111 * Returns list of profile number and domainname pairs. 1112 * 1113 * This is equivalent to doing 1114 * 1115 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy | 1116 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" ) 1117 * domainname = $0; } else if ( $1 == "use_profile" ) { 1118 * print $2 " " domainname; domainname = ""; } } ; ' 1119 * 1120 * Caller holds tomoyo_read_lock(). 1121 */ 1122static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head) 1123{ 1124 if (head->r.eof) 1125 return; 1126 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { 1127 struct tomoyo_domain_info *domain = 1128 list_entry(head->r.domain, typeof(*domain), list); 1129 if (domain->is_deleted) 1130 continue; 1131 if (!tomoyo_flush(head)) 1132 return; 1133 tomoyo_io_printf(head, "%u ", domain->profile); 1134 tomoyo_set_string(head, domain->domainname->name); 1135 tomoyo_set_lf(head); 1136 } 1137 head->r.eof = true; 1138} 1139 1140/** 1141 * tomoyo_write_pid: Specify PID to obtain domainname. 1142 * 1143 * @head: Pointer to "struct tomoyo_io_buffer". 1144 * 1145 * Returns 0. 1146 */ 1147static int tomoyo_write_pid(struct tomoyo_io_buffer *head) 1148{ 1149 head->r.eof = false; 1150 return 0; 1151} 1152 1153/** 1154 * tomoyo_read_pid - Get domainname of the specified PID. 1155 * 1156 * @head: Pointer to "struct tomoyo_io_buffer". 1157 * 1158 * Returns the domainname which the specified PID is in on success, 1159 * empty string otherwise. 1160 * The PID is specified by tomoyo_write_pid() so that the user can obtain 1161 * using read()/write() interface rather than sysctl() interface. 1162 */ 1163static void tomoyo_read_pid(struct tomoyo_io_buffer *head) 1164{ 1165 char *buf = head->write_buf; 1166 bool global_pid = false; 1167 unsigned int pid; 1168 struct task_struct *p; 1169 struct tomoyo_domain_info *domain = NULL; 1170 1171 /* Accessing write_buf is safe because head->io_sem is held. */ 1172 if (!buf) { 1173 head->r.eof = true; 1174 return; /* Do nothing if open(O_RDONLY). */ 1175 } 1176 if (head->r.w_pos || head->r.eof) 1177 return; 1178 head->r.eof = true; 1179 if (tomoyo_str_starts(&buf, "global-pid ")) 1180 global_pid = true; 1181 pid = (unsigned int) simple_strtoul(buf, NULL, 10); 1182 rcu_read_lock(); 1183 read_lock(&tasklist_lock); 1184 if (global_pid) 1185 p = find_task_by_pid_ns(pid, &init_pid_ns); 1186 else 1187 p = find_task_by_vpid(pid); 1188 if (p) 1189 domain = tomoyo_real_domain(p); 1190 read_unlock(&tasklist_lock); 1191 rcu_read_unlock(); 1192 if (!domain) 1193 return; 1194 tomoyo_io_printf(head, "%u %u ", pid, domain->profile); 1195 tomoyo_set_string(head, domain->domainname->name); 1196} 1197 1198static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { 1199 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] 1200 = TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN, 1201 [TOMOYO_TRANSITION_CONTROL_INITIALIZE] 1202 = TOMOYO_KEYWORD_INITIALIZE_DOMAIN, 1203 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = TOMOYO_KEYWORD_NO_KEEP_DOMAIN, 1204 [TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN 1205}; 1206 1207static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { 1208 [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP, 1209 [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP 1210}; 1211 1212/** 1213 * tomoyo_write_exception - Write exception policy. 1214 * 1215 * @head: Pointer to "struct tomoyo_io_buffer". 1216 * 1217 * Returns 0 on success, negative value otherwise. 1218 * 1219 * Caller holds tomoyo_read_lock(). 1220 */ 1221static int tomoyo_write_exception(struct tomoyo_io_buffer *head) 1222{ 1223 char *data = head->write_buf; 1224 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1225 u8 i; 1226 static const struct { 1227 const char *keyword; 1228 int (*write) (char *, const bool); 1229 } tomoyo_callback[4] = { 1230 { TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator }, 1231 { TOMOYO_KEYWORD_FILE_PATTERN, tomoyo_write_pattern }, 1232 { TOMOYO_KEYWORD_DENY_REWRITE, tomoyo_write_no_rewrite }, 1233 { TOMOYO_KEYWORD_ALLOW_READ, tomoyo_write_globally_readable }, 1234 }; 1235 1236 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) 1237 if (tomoyo_str_starts(&data, tomoyo_transition_type[i])) 1238 return tomoyo_write_transition_control(data, is_delete, 1239 i); 1240 for (i = 0; i < 4; i++) 1241 if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword)) 1242 return tomoyo_callback[i].write(data, is_delete); 1243 for (i = 0; i < TOMOYO_MAX_GROUP; i++) 1244 if (tomoyo_str_starts(&data, tomoyo_group_name[i])) 1245 return tomoyo_write_group(data, is_delete, i); 1246 return -EINVAL; 1247} 1248 1249/** 1250 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list. 1251 * 1252 * @head: Pointer to "struct tomoyo_io_buffer". 1253 * @idx: Index number. 1254 * 1255 * Returns true on success, false otherwise. 1256 * 1257 * Caller holds tomoyo_read_lock(). 1258 */ 1259static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) 1260{ 1261 list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) { 1262 struct tomoyo_group *group = 1263 list_entry(head->r.group, typeof(*group), list); 1264 list_for_each_cookie(head->r.acl, &group->member_list) { 1265 struct tomoyo_acl_head *ptr = 1266 list_entry(head->r.acl, typeof(*ptr), list); 1267 if (ptr->is_deleted) 1268 continue; 1269 if (!tomoyo_flush(head)) 1270 return false; 1271 tomoyo_set_string(head, tomoyo_group_name[idx]); 1272 tomoyo_set_string(head, group->group_name->name); 1273 if (idx == TOMOYO_PATH_GROUP) { 1274 tomoyo_set_space(head); 1275 tomoyo_set_string(head, container_of 1276 (ptr, struct tomoyo_path_group, 1277 head)->member_name->name); 1278 } else if (idx == TOMOYO_NUMBER_GROUP) { 1279 tomoyo_print_number_union(head, &container_of 1280 (ptr, 1281 struct tomoyo_number_group, 1282 head)->number); 1283 } 1284 tomoyo_set_lf(head); 1285 } 1286 head->r.acl = NULL; 1287 } 1288 head->r.group = NULL; 1289 return true; 1290} 1291 1292/** 1293 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list. 1294 * 1295 * @head: Pointer to "struct tomoyo_io_buffer". 1296 * @idx: Index number. 1297 * 1298 * Returns true on success, false otherwise. 1299 * 1300 * Caller holds tomoyo_read_lock(). 1301 */ 1302static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) 1303{ 1304 list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) { 1305 struct tomoyo_acl_head *acl = 1306 container_of(head->r.acl, typeof(*acl), list); 1307 if (acl->is_deleted) 1308 continue; 1309 if (!tomoyo_flush(head)) 1310 return false; 1311 switch (idx) { 1312 case TOMOYO_ID_TRANSITION_CONTROL: 1313 { 1314 struct tomoyo_transition_control *ptr = 1315 container_of(acl, typeof(*ptr), head); 1316 tomoyo_set_string(head, 1317 tomoyo_transition_type 1318 [ptr->type]); 1319 if (ptr->program) 1320 tomoyo_set_string(head, 1321 ptr->program->name); 1322 if (ptr->program && ptr->domainname) 1323 tomoyo_set_string(head, " from "); 1324 if (ptr->domainname) 1325 tomoyo_set_string(head, 1326 ptr->domainname-> 1327 name); 1328 } 1329 break; 1330 case TOMOYO_ID_GLOBALLY_READABLE: 1331 { 1332 struct tomoyo_readable_file *ptr = 1333 container_of(acl, typeof(*ptr), head); 1334 tomoyo_set_string(head, 1335 TOMOYO_KEYWORD_ALLOW_READ); 1336 tomoyo_set_string(head, ptr->filename->name); 1337 } 1338 break; 1339 case TOMOYO_ID_AGGREGATOR: 1340 { 1341 struct tomoyo_aggregator *ptr = 1342 container_of(acl, typeof(*ptr), head); 1343 tomoyo_set_string(head, 1344 TOMOYO_KEYWORD_AGGREGATOR); 1345 tomoyo_set_string(head, 1346 ptr->original_name->name); 1347 tomoyo_set_space(head); 1348 tomoyo_set_string(head, 1349 ptr->aggregated_name->name); 1350 } 1351 break; 1352 case TOMOYO_ID_PATTERN: 1353 { 1354 struct tomoyo_no_pattern *ptr = 1355 container_of(acl, typeof(*ptr), head); 1356 tomoyo_set_string(head, 1357 TOMOYO_KEYWORD_FILE_PATTERN); 1358 tomoyo_set_string(head, ptr->pattern->name); 1359 } 1360 break; 1361 case TOMOYO_ID_NO_REWRITE: 1362 { 1363 struct tomoyo_no_rewrite *ptr = 1364 container_of(acl, typeof(*ptr), head); 1365 tomoyo_set_string(head, 1366 TOMOYO_KEYWORD_DENY_REWRITE); 1367 tomoyo_set_string(head, ptr->pattern->name); 1368 } 1369 break; 1370 default: 1371 continue; 1372 } 1373 tomoyo_set_lf(head); 1374 } 1375 head->r.acl = NULL; 1376 return true; 1377} 1378 1379/** 1380 * tomoyo_read_exception - Read exception policy. 1381 * 1382 * @head: Pointer to "struct tomoyo_io_buffer". 1383 * 1384 * Caller holds tomoyo_read_lock(). 1385 */ 1386static void tomoyo_read_exception(struct tomoyo_io_buffer *head) 1387{ 1388 if (head->r.eof) 1389 return; 1390 while (head->r.step < TOMOYO_MAX_POLICY && 1391 tomoyo_read_policy(head, head->r.step)) 1392 head->r.step++; 1393 if (head->r.step < TOMOYO_MAX_POLICY) 1394 return; 1395 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP && 1396 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY)) 1397 head->r.step++; 1398 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP) 1399 return; 1400 head->r.eof = true; 1401} 1402 1403/** 1404 * tomoyo_print_header - Get header line of audit log. 1405 * 1406 * @r: Pointer to "struct tomoyo_request_info". 1407 * 1408 * Returns string representation. 1409 * 1410 * This function uses kmalloc(), so caller must kfree() if this function 1411 * didn't return NULL. 1412 */ 1413static char *tomoyo_print_header(struct tomoyo_request_info *r) 1414{ 1415 struct timeval tv; 1416 const pid_t gpid = task_pid_nr(current); 1417 static const int tomoyo_buffer_len = 4096; 1418 char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS); 1419 if (!buffer) 1420 return NULL; 1421 do_gettimeofday(&tv); 1422 snprintf(buffer, tomoyo_buffer_len - 1, 1423 "#timestamp=%lu profile=%u mode=%s (global-pid=%u)" 1424 " task={ pid=%u ppid=%u uid=%u gid=%u euid=%u" 1425 " egid=%u suid=%u sgid=%u fsuid=%u fsgid=%u }", 1426 tv.tv_sec, r->profile, tomoyo_mode[r->mode], gpid, 1427 (pid_t) sys_getpid(), (pid_t) sys_getppid(), 1428 current_uid(), current_gid(), current_euid(), 1429 current_egid(), current_suid(), current_sgid(), 1430 current_fsuid(), current_fsgid()); 1431 return buffer; 1432} 1433 1434/** 1435 * tomoyo_init_audit_log - Allocate buffer for audit logs. 1436 * 1437 * @len: Required size. 1438 * @r: Pointer to "struct tomoyo_request_info". 1439 * 1440 * Returns pointer to allocated memory. 1441 * 1442 * The @len is updated to add the header lines' size on success. 1443 * 1444 * This function uses kzalloc(), so caller must kfree() if this function 1445 * didn't return NULL. 1446 */ 1447static char *tomoyo_init_audit_log(int *len, struct tomoyo_request_info *r) 1448{ 1449 char *buf = NULL; 1450 const char *header; 1451 const char *domainname; 1452 if (!r->domain) 1453 r->domain = tomoyo_domain(); 1454 domainname = r->domain->domainname->name; 1455 header = tomoyo_print_header(r); 1456 if (!header) 1457 return NULL; 1458 *len += strlen(domainname) + strlen(header) + 10; 1459 buf = kzalloc(*len, GFP_NOFS); 1460 if (buf) 1461 snprintf(buf, (*len) - 1, "%s\n%s\n", header, domainname); 1462 kfree(header); 1463 return buf; 1464} 1465 1466/* Wait queue for tomoyo_query_list. */ 1467static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait); 1468 1469/* Lock for manipulating tomoyo_query_list. */ 1470static DEFINE_SPINLOCK(tomoyo_query_list_lock); 1471 1472/* Structure for query. */ 1473struct tomoyo_query { 1474 struct list_head list; 1475 char *query; 1476 int query_len; 1477 unsigned int serial; 1478 int timer; 1479 int answer; 1480}; 1481 1482/* The list for "struct tomoyo_query". */ 1483static LIST_HEAD(tomoyo_query_list); 1484 1485/* 1486 * Number of "struct file" referring /sys/kernel/security/tomoyo/query 1487 * interface. 1488 */ 1489static atomic_t tomoyo_query_observers = ATOMIC_INIT(0); 1490 1491/** 1492 * tomoyo_supervisor - Ask for the supervisor's decision. 1493 * 1494 * @r: Pointer to "struct tomoyo_request_info". 1495 * @fmt: The printf()'s format string, followed by parameters. 1496 * 1497 * Returns 0 if the supervisor decided to permit the access request which 1498 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the 1499 * supervisor decided to retry the access request which violated the policy in 1500 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise. 1501 */ 1502int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) 1503{ 1504 va_list args; 1505 int error = -EPERM; 1506 int pos; 1507 int len; 1508 static unsigned int tomoyo_serial; 1509 struct tomoyo_query *entry = NULL; 1510 bool quota_exceeded = false; 1511 char *header; 1512 switch (r->mode) { 1513 char *buffer; 1514 case TOMOYO_CONFIG_LEARNING: 1515 if (!tomoyo_domain_quota_is_ok(r)) 1516 return 0; 1517 va_start(args, fmt); 1518 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4; 1519 va_end(args); 1520 buffer = kmalloc(len, GFP_NOFS); 1521 if (!buffer) 1522 return 0; 1523 va_start(args, fmt); 1524 vsnprintf(buffer, len - 1, fmt, args); 1525 va_end(args); 1526 tomoyo_normalize_line(buffer); 1527 tomoyo_write_domain2(buffer, r->domain, false); 1528 kfree(buffer); 1529 /* fall through */ 1530 case TOMOYO_CONFIG_PERMISSIVE: 1531 return 0; 1532 } 1533 if (!r->domain) 1534 r->domain = tomoyo_domain(); 1535 if (!atomic_read(&tomoyo_query_observers)) 1536 return -EPERM; 1537 va_start(args, fmt); 1538 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32; 1539 va_end(args); 1540 header = tomoyo_init_audit_log(&len, r); 1541 if (!header) 1542 goto out; 1543 entry = kzalloc(sizeof(*entry), GFP_NOFS); 1544 if (!entry) 1545 goto out; 1546 entry->query = kzalloc(len, GFP_NOFS); 1547 if (!entry->query) 1548 goto out; 1549 len = ksize(entry->query); 1550 spin_lock(&tomoyo_query_list_lock); 1551 if (tomoyo_quota_for_query && tomoyo_query_memory_size + len + 1552 sizeof(*entry) >= tomoyo_quota_for_query) { 1553 quota_exceeded = true; 1554 } else { 1555 tomoyo_query_memory_size += len + sizeof(*entry); 1556 entry->serial = tomoyo_serial++; 1557 } 1558 spin_unlock(&tomoyo_query_list_lock); 1559 if (quota_exceeded) 1560 goto out; 1561 pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s", 1562 entry->serial, r->retry, header); 1563 kfree(header); 1564 header = NULL; 1565 va_start(args, fmt); 1566 vsnprintf(entry->query + pos, len - 1 - pos, fmt, args); 1567 entry->query_len = strlen(entry->query) + 1; 1568 va_end(args); 1569 spin_lock(&tomoyo_query_list_lock); 1570 list_add_tail(&entry->list, &tomoyo_query_list); 1571 spin_unlock(&tomoyo_query_list_lock); 1572 /* Give 10 seconds for supervisor's opinion. */ 1573 for (entry->timer = 0; 1574 atomic_read(&tomoyo_query_observers) && entry->timer < 100; 1575 entry->timer++) { 1576 wake_up(&tomoyo_query_wait); 1577 set_current_state(TASK_INTERRUPTIBLE); 1578 schedule_timeout(HZ / 10); 1579 if (entry->answer) 1580 break; 1581 } 1582 spin_lock(&tomoyo_query_list_lock); 1583 list_del(&entry->list); 1584 tomoyo_query_memory_size -= len + sizeof(*entry); 1585 spin_unlock(&tomoyo_query_list_lock); 1586 switch (entry->answer) { 1587 case 3: /* Asked to retry by administrator. */ 1588 error = TOMOYO_RETRY_REQUEST; 1589 r->retry++; 1590 break; 1591 case 1: 1592 /* Granted by administrator. */ 1593 error = 0; 1594 break; 1595 case 0: 1596 /* Timed out. */ 1597 break; 1598 default: 1599 /* Rejected by administrator. */ 1600 break; 1601 } 1602 out: 1603 if (entry) 1604 kfree(entry->query); 1605 kfree(entry); 1606 kfree(header); 1607 return error; 1608} 1609 1610/** 1611 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query. 1612 * 1613 * @file: Pointer to "struct file". 1614 * @wait: Pointer to "poll_table". 1615 * 1616 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise. 1617 * 1618 * Waits for access requests which violated policy in enforcing mode. 1619 */ 1620static int tomoyo_poll_query(struct file *file, poll_table *wait) 1621{ 1622 struct list_head *tmp; 1623 bool found = false; 1624 u8 i; 1625 for (i = 0; i < 2; i++) { 1626 spin_lock(&tomoyo_query_list_lock); 1627 list_for_each(tmp, &tomoyo_query_list) { 1628 struct tomoyo_query *ptr = 1629 list_entry(tmp, typeof(*ptr), list); 1630 if (ptr->answer) 1631 continue; 1632 found = true; 1633 break; 1634 } 1635 spin_unlock(&tomoyo_query_list_lock); 1636 if (found) 1637 return POLLIN | POLLRDNORM; 1638 if (i) 1639 break; 1640 poll_wait(file, &tomoyo_query_wait, wait); 1641 } 1642 return 0; 1643} 1644 1645/** 1646 * tomoyo_read_query - Read access requests which violated policy in enforcing mode. 1647 * 1648 * @head: Pointer to "struct tomoyo_io_buffer". 1649 */ 1650static void tomoyo_read_query(struct tomoyo_io_buffer *head) 1651{ 1652 struct list_head *tmp; 1653 int pos = 0; 1654 int len = 0; 1655 char *buf; 1656 if (head->r.w_pos) 1657 return; 1658 if (head->read_buf) { 1659 kfree(head->read_buf); 1660 head->read_buf = NULL; 1661 } 1662 spin_lock(&tomoyo_query_list_lock); 1663 list_for_each(tmp, &tomoyo_query_list) { 1664 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1665 if (ptr->answer) 1666 continue; 1667 if (pos++ != head->r.query_index) 1668 continue; 1669 len = ptr->query_len; 1670 break; 1671 } 1672 spin_unlock(&tomoyo_query_list_lock); 1673 if (!len) { 1674 head->r.query_index = 0; 1675 return; 1676 } 1677 buf = kzalloc(len, GFP_NOFS); 1678 if (!buf) 1679 return; 1680 pos = 0; 1681 spin_lock(&tomoyo_query_list_lock); 1682 list_for_each(tmp, &tomoyo_query_list) { 1683 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1684 if (ptr->answer) 1685 continue; 1686 if (pos++ != head->r.query_index) 1687 continue; 1688 /* 1689 * Some query can be skipped because tomoyo_query_list 1690 * can change, but I don't care. 1691 */ 1692 if (len == ptr->query_len) 1693 memmove(buf, ptr->query, len); 1694 break; 1695 } 1696 spin_unlock(&tomoyo_query_list_lock); 1697 if (buf[0]) { 1698 head->read_buf = buf; 1699 head->r.w[head->r.w_pos++] = buf; 1700 head->r.query_index++; 1701 } else { 1702 kfree(buf); 1703 } 1704} 1705 1706/** 1707 * tomoyo_write_answer - Write the supervisor's decision. 1708 * 1709 * @head: Pointer to "struct tomoyo_io_buffer". 1710 * 1711 * Returns 0 on success, -EINVAL otherwise. 1712 */ 1713static int tomoyo_write_answer(struct tomoyo_io_buffer *head) 1714{ 1715 char *data = head->write_buf; 1716 struct list_head *tmp; 1717 unsigned int serial; 1718 unsigned int answer; 1719 spin_lock(&tomoyo_query_list_lock); 1720 list_for_each(tmp, &tomoyo_query_list) { 1721 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1722 ptr->timer = 0; 1723 } 1724 spin_unlock(&tomoyo_query_list_lock); 1725 if (sscanf(data, "A%u=%u", &serial, &answer) != 2) 1726 return -EINVAL; 1727 spin_lock(&tomoyo_query_list_lock); 1728 list_for_each(tmp, &tomoyo_query_list) { 1729 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1730 if (ptr->serial != serial) 1731 continue; 1732 if (!ptr->answer) 1733 ptr->answer = answer; 1734 break; 1735 } 1736 spin_unlock(&tomoyo_query_list_lock); 1737 return 0; 1738} 1739 1740/** 1741 * tomoyo_read_version: Get version. 1742 * 1743 * @head: Pointer to "struct tomoyo_io_buffer". 1744 * 1745 * Returns version information. 1746 */ 1747static void tomoyo_read_version(struct tomoyo_io_buffer *head) 1748{ 1749 if (!head->r.eof) { 1750 tomoyo_io_printf(head, "2.3.0-pre"); 1751 head->r.eof = true; 1752 } 1753} 1754 1755/** 1756 * tomoyo_read_self_domain - Get the current process's domainname. 1757 * 1758 * @head: Pointer to "struct tomoyo_io_buffer". 1759 * 1760 * Returns the current process's domainname. 1761 */ 1762static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head) 1763{ 1764 if (!head->r.eof) { 1765 /* 1766 * tomoyo_domain()->domainname != NULL 1767 * because every process belongs to a domain and 1768 * the domain's name cannot be NULL. 1769 */ 1770 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name); 1771 head->r.eof = true; 1772 } 1773} 1774 1775/** 1776 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface. 1777 * 1778 * @type: Type of interface. 1779 * @file: Pointer to "struct file". 1780 * 1781 * Associates policy handler and returns 0 on success, -ENOMEM otherwise. 1782 * 1783 * Caller acquires tomoyo_read_lock(). 1784 */ 1785int tomoyo_open_control(const u8 type, struct file *file) 1786{ 1787 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS); 1788 1789 if (!head) 1790 return -ENOMEM; 1791 mutex_init(&head->io_sem); 1792 head->type = type; 1793 switch (type) { 1794 case TOMOYO_DOMAINPOLICY: 1795 /* /sys/kernel/security/tomoyo/domain_policy */ 1796 head->write = tomoyo_write_domain; 1797 head->read = tomoyo_read_domain; 1798 break; 1799 case TOMOYO_EXCEPTIONPOLICY: 1800 /* /sys/kernel/security/tomoyo/exception_policy */ 1801 head->write = tomoyo_write_exception; 1802 head->read = tomoyo_read_exception; 1803 break; 1804 case TOMOYO_SELFDOMAIN: 1805 /* /sys/kernel/security/tomoyo/self_domain */ 1806 head->read = tomoyo_read_self_domain; 1807 break; 1808 case TOMOYO_DOMAIN_STATUS: 1809 /* /sys/kernel/security/tomoyo/.domain_status */ 1810 head->write = tomoyo_write_domain_profile; 1811 head->read = tomoyo_read_domain_profile; 1812 break; 1813 case TOMOYO_PROCESS_STATUS: 1814 /* /sys/kernel/security/tomoyo/.process_status */ 1815 head->write = tomoyo_write_pid; 1816 head->read = tomoyo_read_pid; 1817 break; 1818 case TOMOYO_VERSION: 1819 /* /sys/kernel/security/tomoyo/version */ 1820 head->read = tomoyo_read_version; 1821 head->readbuf_size = 128; 1822 break; 1823 case TOMOYO_MEMINFO: 1824 /* /sys/kernel/security/tomoyo/meminfo */ 1825 head->write = tomoyo_write_memory_quota; 1826 head->read = tomoyo_read_memory_counter; 1827 head->readbuf_size = 512; 1828 break; 1829 case TOMOYO_PROFILE: 1830 /* /sys/kernel/security/tomoyo/profile */ 1831 head->write = tomoyo_write_profile; 1832 head->read = tomoyo_read_profile; 1833 break; 1834 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */ 1835 head->poll = tomoyo_poll_query; 1836 head->write = tomoyo_write_answer; 1837 head->read = tomoyo_read_query; 1838 break; 1839 case TOMOYO_MANAGER: 1840 /* /sys/kernel/security/tomoyo/manager */ 1841 head->write = tomoyo_write_manager; 1842 head->read = tomoyo_read_manager; 1843 break; 1844 } 1845 if (!(file->f_mode & FMODE_READ)) { 1846 /* 1847 * No need to allocate read_buf since it is not opened 1848 * for reading. 1849 */ 1850 head->read = NULL; 1851 head->poll = NULL; 1852 } else if (!head->poll) { 1853 /* Don't allocate read_buf for poll() access. */ 1854 if (!head->readbuf_size) 1855 head->readbuf_size = 4096 * 2; 1856 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS); 1857 if (!head->read_buf) { 1858 kfree(head); 1859 return -ENOMEM; 1860 } 1861 } 1862 if (!(file->f_mode & FMODE_WRITE)) { 1863 /* 1864 * No need to allocate write_buf since it is not opened 1865 * for writing. 1866 */ 1867 head->write = NULL; 1868 } else if (head->write) { 1869 head->writebuf_size = 4096 * 2; 1870 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS); 1871 if (!head->write_buf) { 1872 kfree(head->read_buf); 1873 kfree(head); 1874 return -ENOMEM; 1875 } 1876 } 1877 if (type != TOMOYO_QUERY) 1878 head->reader_idx = tomoyo_read_lock(); 1879 file->private_data = head; 1880 /* 1881 * Call the handler now if the file is 1882 * /sys/kernel/security/tomoyo/self_domain 1883 * so that the user can use 1884 * cat < /sys/kernel/security/tomoyo/self_domain" 1885 * to know the current process's domainname. 1886 */ 1887 if (type == TOMOYO_SELFDOMAIN) 1888 tomoyo_read_control(file, NULL, 0); 1889 /* 1890 * If the file is /sys/kernel/security/tomoyo/query , increment the 1891 * observer counter. 1892 * The obserber counter is used by tomoyo_supervisor() to see if 1893 * there is some process monitoring /sys/kernel/security/tomoyo/query. 1894 */ 1895 else if (type == TOMOYO_QUERY) 1896 atomic_inc(&tomoyo_query_observers); 1897 return 0; 1898} 1899 1900/** 1901 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface. 1902 * 1903 * @file: Pointer to "struct file". 1904 * @wait: Pointer to "poll_table". 1905 * 1906 * Waits for read readiness. 1907 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd . 1908 */ 1909int tomoyo_poll_control(struct file *file, poll_table *wait) 1910{ 1911 struct tomoyo_io_buffer *head = file->private_data; 1912 if (!head->poll) 1913 return -ENOSYS; 1914 return head->poll(file, wait); 1915} 1916 1917/** 1918 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 1919 * 1920 * @file: Pointer to "struct file". 1921 * @buffer: Poiner to buffer to write to. 1922 * @buffer_len: Size of @buffer. 1923 * 1924 * Returns bytes read on success, negative value otherwise. 1925 * 1926 * Caller holds tomoyo_read_lock(). 1927 */ 1928int tomoyo_read_control(struct file *file, char __user *buffer, 1929 const int buffer_len) 1930{ 1931 int len; 1932 struct tomoyo_io_buffer *head = file->private_data; 1933 1934 if (!head->read) 1935 return -ENOSYS; 1936 if (mutex_lock_interruptible(&head->io_sem)) 1937 return -EINTR; 1938 head->read_user_buf = buffer; 1939 head->read_user_buf_avail = buffer_len; 1940 if (tomoyo_flush(head)) 1941 /* Call the policy handler. */ 1942 head->read(head); 1943 tomoyo_flush(head); 1944 len = head->read_user_buf - buffer; 1945 mutex_unlock(&head->io_sem); 1946 return len; 1947} 1948 1949/** 1950 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. 1951 * 1952 * @file: Pointer to "struct file". 1953 * @buffer: Pointer to buffer to read from. 1954 * @buffer_len: Size of @buffer. 1955 * 1956 * Returns @buffer_len on success, negative value otherwise. 1957 * 1958 * Caller holds tomoyo_read_lock(). 1959 */ 1960int tomoyo_write_control(struct file *file, const char __user *buffer, 1961 const int buffer_len) 1962{ 1963 struct tomoyo_io_buffer *head = file->private_data; 1964 int error = buffer_len; 1965 int avail_len = buffer_len; 1966 char *cp0 = head->write_buf; 1967 1968 if (!head->write) 1969 return -ENOSYS; 1970 if (!access_ok(VERIFY_READ, buffer, buffer_len)) 1971 return -EFAULT; 1972 /* Don't allow updating policies by non manager programs. */ 1973 if (head->write != tomoyo_write_pid && 1974 head->write != tomoyo_write_domain && !tomoyo_manager()) 1975 return -EPERM; 1976 if (mutex_lock_interruptible(&head->io_sem)) 1977 return -EINTR; 1978 /* Read a line and dispatch it to the policy handler. */ 1979 while (avail_len > 0) { 1980 char c; 1981 if (head->write_avail >= head->writebuf_size - 1) { 1982 error = -ENOMEM; 1983 break; 1984 } else if (get_user(c, buffer)) { 1985 error = -EFAULT; 1986 break; 1987 } 1988 buffer++; 1989 avail_len--; 1990 cp0[head->write_avail++] = c; 1991 if (c != '\n') 1992 continue; 1993 cp0[head->write_avail - 1] = '\0'; 1994 head->write_avail = 0; 1995 tomoyo_normalize_line(cp0); 1996 head->write(head); 1997 } 1998 mutex_unlock(&head->io_sem); 1999 return error; 2000} 2001 2002/** 2003 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface. 2004 * 2005 * @file: Pointer to "struct file". 2006 * 2007 * Releases memory and returns 0. 2008 * 2009 * Caller looses tomoyo_read_lock(). 2010 */ 2011int tomoyo_close_control(struct file *file) 2012{ 2013 struct tomoyo_io_buffer *head = file->private_data; 2014 const bool is_write = !!head->write_buf; 2015 2016 /* 2017 * If the file is /sys/kernel/security/tomoyo/query , decrement the 2018 * observer counter. 2019 */ 2020 if (head->type == TOMOYO_QUERY) 2021 atomic_dec(&tomoyo_query_observers); 2022 else 2023 tomoyo_read_unlock(head->reader_idx); 2024 /* Release memory used for policy I/O. */ 2025 kfree(head->read_buf); 2026 head->read_buf = NULL; 2027 kfree(head->write_buf); 2028 head->write_buf = NULL; 2029 kfree(head); 2030 head = NULL; 2031 file->private_data = NULL; 2032 if (is_write) 2033 tomoyo_run_gc(); 2034 return 0; 2035} 2036 2037/** 2038 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined. 2039 */ 2040void tomoyo_check_profile(void) 2041{ 2042 struct tomoyo_domain_info *domain; 2043 const int idx = tomoyo_read_lock(); 2044 tomoyo_policy_loaded = true; 2045 /* Check all profiles currently assigned to domains are defined. */ 2046 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 2047 const u8 profile = domain->profile; 2048 if (tomoyo_profile_ptr[profile]) 2049 continue; 2050 panic("Profile %u (used by '%s') not defined.\n", 2051 profile, domain->domainname->name); 2052 } 2053 tomoyo_read_unlock(idx); 2054 if (tomoyo_profile_version != 20090903) 2055 panic("Profile version %u is not supported.\n", 2056 tomoyo_profile_version); 2057 printk(KERN_INFO "TOMOYO: 2.3.0-pre 2010/06/03\n"); 2058 printk(KERN_INFO "Mandatory Access Control activated.\n"); 2059} 2060