common.c revision 0df7e8b8f1c25c10820bdc679555f2fbfb897ca0
1/* 2 * security/tomoyo/common.c 3 * 4 * Common functions for TOMOYO. 5 * 6 * Copyright (C) 2005-2010 NTT DATA CORPORATION 7 */ 8 9#include <linux/uaccess.h> 10#include <linux/slab.h> 11#include <linux/security.h> 12#include "common.h" 13 14static struct tomoyo_profile tomoyo_default_profile = { 15 .learning = &tomoyo_default_profile.preference, 16 .permissive = &tomoyo_default_profile.preference, 17 .enforcing = &tomoyo_default_profile.preference, 18 .preference.enforcing_verbose = true, 19 .preference.learning_max_entry = 2048, 20 .preference.learning_verbose = false, 21 .preference.permissive_verbose = true 22}; 23 24/* Profile version. Currently only 20090903 is defined. */ 25static unsigned int tomoyo_profile_version; 26 27/* Profile table. Memory is allocated as needed. */ 28static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES]; 29 30/* String table for functionality that takes 4 modes. */ 31static const char *tomoyo_mode[4] = { 32 "disabled", "learning", "permissive", "enforcing" 33}; 34 35/* String table for /sys/kernel/security/tomoyo/profile */ 36static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX 37 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = { 38 [TOMOYO_MAC_FILE_EXECUTE] = "file::execute", 39 [TOMOYO_MAC_FILE_OPEN] = "file::open", 40 [TOMOYO_MAC_FILE_CREATE] = "file::create", 41 [TOMOYO_MAC_FILE_UNLINK] = "file::unlink", 42 [TOMOYO_MAC_FILE_GETATTR] = "file::getattr", 43 [TOMOYO_MAC_FILE_MKDIR] = "file::mkdir", 44 [TOMOYO_MAC_FILE_RMDIR] = "file::rmdir", 45 [TOMOYO_MAC_FILE_MKFIFO] = "file::mkfifo", 46 [TOMOYO_MAC_FILE_MKSOCK] = "file::mksock", 47 [TOMOYO_MAC_FILE_TRUNCATE] = "file::truncate", 48 [TOMOYO_MAC_FILE_SYMLINK] = "file::symlink", 49 [TOMOYO_MAC_FILE_MKBLOCK] = "file::mkblock", 50 [TOMOYO_MAC_FILE_MKCHAR] = "file::mkchar", 51 [TOMOYO_MAC_FILE_LINK] = "file::link", 52 [TOMOYO_MAC_FILE_RENAME] = "file::rename", 53 [TOMOYO_MAC_FILE_CHMOD] = "file::chmod", 54 [TOMOYO_MAC_FILE_CHOWN] = "file::chown", 55 [TOMOYO_MAC_FILE_CHGRP] = "file::chgrp", 56 [TOMOYO_MAC_FILE_IOCTL] = "file::ioctl", 57 [TOMOYO_MAC_FILE_CHROOT] = "file::chroot", 58 [TOMOYO_MAC_FILE_MOUNT] = "file::mount", 59 [TOMOYO_MAC_FILE_UMOUNT] = "file::umount", 60 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root", 61 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file", 62}; 63 64/* Permit policy management by non-root user? */ 65static bool tomoyo_manage_by_non_root; 66 67/* Utility functions. */ 68 69/** 70 * tomoyo_yesno - Return "yes" or "no". 71 * 72 * @value: Bool value. 73 */ 74static const char *tomoyo_yesno(const unsigned int value) 75{ 76 return value ? "yes" : "no"; 77} 78 79static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...) 80{ 81 va_list args; 82 const int pos = strlen(buffer); 83 va_start(args, fmt); 84 vsnprintf(buffer + pos, len - pos - 1, fmt, args); 85 va_end(args); 86} 87 88/** 89 * tomoyo_flush - Flush queued string to userspace's buffer. 90 * 91 * @head: Pointer to "struct tomoyo_io_buffer". 92 * 93 * Returns true if all data was flushed, false otherwise. 94 */ 95static bool tomoyo_flush(struct tomoyo_io_buffer *head) 96{ 97 while (head->r.w_pos) { 98 const char *w = head->r.w[0]; 99 int len = strlen(w); 100 if (len) { 101 if (len > head->read_user_buf_avail) 102 len = head->read_user_buf_avail; 103 if (!len) 104 return false; 105 if (copy_to_user(head->read_user_buf, w, len)) 106 return false; 107 head->read_user_buf_avail -= len; 108 head->read_user_buf += len; 109 w += len; 110 } 111 head->r.w[0] = w; 112 if (*w) 113 return false; 114 /* Add '\0' for query. */ 115 if (head->poll) { 116 if (!head->read_user_buf_avail || 117 copy_to_user(head->read_user_buf, "", 1)) 118 return false; 119 head->read_user_buf_avail--; 120 head->read_user_buf++; 121 } 122 head->r.w_pos--; 123 for (len = 0; len < head->r.w_pos; len++) 124 head->r.w[len] = head->r.w[len + 1]; 125 } 126 head->r.avail = 0; 127 return true; 128} 129 130/** 131 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure. 132 * 133 * @head: Pointer to "struct tomoyo_io_buffer". 134 * @string: String to print. 135 * 136 * Note that @string has to be kept valid until @head is kfree()d. 137 * This means that char[] allocated on stack memory cannot be passed to 138 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory. 139 */ 140static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string) 141{ 142 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) { 143 head->r.w[head->r.w_pos++] = string; 144 tomoyo_flush(head); 145 } else 146 WARN_ON(1); 147} 148 149/** 150 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure. 151 * 152 * @head: Pointer to "struct tomoyo_io_buffer". 153 * @fmt: The printf()'s format string, followed by parameters. 154 */ 155void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 156{ 157 va_list args; 158 int len; 159 int pos = head->r.avail; 160 int size = head->readbuf_size - pos; 161 if (size <= 0) 162 return; 163 va_start(args, fmt); 164 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1; 165 va_end(args); 166 if (pos + len >= head->readbuf_size) { 167 WARN_ON(1); 168 return; 169 } 170 head->r.avail += len; 171 tomoyo_set_string(head, head->read_buf + pos); 172} 173 174static void tomoyo_set_space(struct tomoyo_io_buffer *head) 175{ 176 tomoyo_set_string(head, " "); 177} 178 179static bool tomoyo_set_lf(struct tomoyo_io_buffer *head) 180{ 181 tomoyo_set_string(head, "\n"); 182 return !head->r.w_pos; 183} 184 185/** 186 * tomoyo_print_name_union - Print a tomoyo_name_union. 187 * 188 * @head: Pointer to "struct tomoyo_io_buffer". 189 * @ptr: Pointer to "struct tomoyo_name_union". 190 */ 191static void tomoyo_print_name_union(struct tomoyo_io_buffer *head, 192 const struct tomoyo_name_union *ptr) 193{ 194 tomoyo_set_space(head); 195 if (ptr->group) { 196 tomoyo_set_string(head, "@"); 197 tomoyo_set_string(head, ptr->group->group_name->name); 198 } else { 199 tomoyo_set_string(head, ptr->filename->name); 200 } 201} 202 203/** 204 * tomoyo_print_number_union - Print a tomoyo_number_union. 205 * 206 * @head: Pointer to "struct tomoyo_io_buffer". 207 * @ptr: Pointer to "struct tomoyo_number_union". 208 */ 209static void tomoyo_print_number_union(struct tomoyo_io_buffer *head, 210 const struct tomoyo_number_union *ptr) 211{ 212 tomoyo_set_space(head); 213 if (ptr->group) { 214 tomoyo_set_string(head, "@"); 215 tomoyo_set_string(head, ptr->group->group_name->name); 216 } else { 217 int i; 218 unsigned long min = ptr->values[0]; 219 const unsigned long max = ptr->values[1]; 220 u8 min_type = ptr->value_type[0]; 221 const u8 max_type = ptr->value_type[1]; 222 char buffer[128]; 223 buffer[0] = '\0'; 224 for (i = 0; i < 2; i++) { 225 switch (min_type) { 226 case TOMOYO_VALUE_TYPE_HEXADECIMAL: 227 tomoyo_addprintf(buffer, sizeof(buffer), 228 "0x%lX", min); 229 break; 230 case TOMOYO_VALUE_TYPE_OCTAL: 231 tomoyo_addprintf(buffer, sizeof(buffer), 232 "0%lo", min); 233 break; 234 default: 235 tomoyo_addprintf(buffer, sizeof(buffer), 236 "%lu", min); 237 break; 238 } 239 if (min == max && min_type == max_type) 240 break; 241 tomoyo_addprintf(buffer, sizeof(buffer), "-"); 242 min_type = max_type; 243 min = max; 244 } 245 tomoyo_io_printf(head, "%s", buffer); 246 } 247} 248 249/** 250 * tomoyo_assign_profile - Create a new profile. 251 * 252 * @profile: Profile number to create. 253 * 254 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. 255 */ 256static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) 257{ 258 struct tomoyo_profile *ptr; 259 struct tomoyo_profile *entry; 260 if (profile >= TOMOYO_MAX_PROFILES) 261 return NULL; 262 ptr = tomoyo_profile_ptr[profile]; 263 if (ptr) 264 return ptr; 265 entry = kzalloc(sizeof(*entry), GFP_NOFS); 266 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 267 goto out; 268 ptr = tomoyo_profile_ptr[profile]; 269 if (!ptr && tomoyo_memory_ok(entry)) { 270 ptr = entry; 271 ptr->learning = &tomoyo_default_profile.preference; 272 ptr->permissive = &tomoyo_default_profile.preference; 273 ptr->enforcing = &tomoyo_default_profile.preference; 274 ptr->default_config = TOMOYO_CONFIG_DISABLED; 275 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT, 276 sizeof(ptr->config)); 277 mb(); /* Avoid out-of-order execution. */ 278 tomoyo_profile_ptr[profile] = ptr; 279 entry = NULL; 280 } 281 mutex_unlock(&tomoyo_policy_lock); 282 out: 283 kfree(entry); 284 return ptr; 285} 286 287/** 288 * tomoyo_profile - Find a profile. 289 * 290 * @profile: Profile number to find. 291 * 292 * Returns pointer to "struct tomoyo_profile". 293 */ 294struct tomoyo_profile *tomoyo_profile(const u8 profile) 295{ 296 struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile]; 297 if (!tomoyo_policy_loaded) 298 return &tomoyo_default_profile; 299 BUG_ON(!ptr); 300 return ptr; 301} 302 303static s8 tomoyo_find_yesno(const char *string, const char *find) 304{ 305 const char *cp = strstr(string, find); 306 if (cp) { 307 cp += strlen(find); 308 if (!strncmp(cp, "=yes", 4)) 309 return 1; 310 else if (!strncmp(cp, "=no", 3)) 311 return 0; 312 } 313 return -1; 314} 315 316static void tomoyo_set_bool(bool *b, const char *string, const char *find) 317{ 318 switch (tomoyo_find_yesno(string, find)) { 319 case 1: 320 *b = true; 321 break; 322 case 0: 323 *b = false; 324 break; 325 } 326} 327 328static void tomoyo_set_uint(unsigned int *i, const char *string, 329 const char *find) 330{ 331 const char *cp = strstr(string, find); 332 if (cp) 333 sscanf(cp + strlen(find), "=%u", i); 334} 335 336static void tomoyo_set_pref(const char *name, const char *value, 337 const bool use_default, 338 struct tomoyo_profile *profile) 339{ 340 struct tomoyo_preference **pref; 341 bool *verbose; 342 if (!strcmp(name, "enforcing")) { 343 if (use_default) { 344 pref = &profile->enforcing; 345 goto set_default; 346 } 347 profile->enforcing = &profile->preference; 348 verbose = &profile->preference.enforcing_verbose; 349 goto set_verbose; 350 } 351 if (!strcmp(name, "permissive")) { 352 if (use_default) { 353 pref = &profile->permissive; 354 goto set_default; 355 } 356 profile->permissive = &profile->preference; 357 verbose = &profile->preference.permissive_verbose; 358 goto set_verbose; 359 } 360 if (!strcmp(name, "learning")) { 361 if (use_default) { 362 pref = &profile->learning; 363 goto set_default; 364 } 365 profile->learning = &profile->preference; 366 tomoyo_set_uint(&profile->preference.learning_max_entry, value, 367 "max_entry"); 368 verbose = &profile->preference.learning_verbose; 369 goto set_verbose; 370 } 371 return; 372 set_default: 373 *pref = &tomoyo_default_profile.preference; 374 return; 375 set_verbose: 376 tomoyo_set_bool(verbose, value, "verbose"); 377} 378 379static int tomoyo_set_mode(char *name, const char *value, 380 const bool use_default, 381 struct tomoyo_profile *profile) 382{ 383 u8 i; 384 u8 config; 385 if (!strcmp(name, "CONFIG")) { 386 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX; 387 config = profile->default_config; 388 } else if (tomoyo_str_starts(&name, "CONFIG::")) { 389 config = 0; 390 for (i = 0; i < TOMOYO_MAX_MAC_INDEX 391 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) { 392 if (strcmp(name, tomoyo_mac_keywords[i])) 393 continue; 394 config = profile->config[i]; 395 break; 396 } 397 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 398 return -EINVAL; 399 } else { 400 return -EINVAL; 401 } 402 if (use_default) { 403 config = TOMOYO_CONFIG_USE_DEFAULT; 404 } else { 405 u8 mode; 406 for (mode = 0; mode < 4; mode++) 407 if (strstr(value, tomoyo_mode[mode])) 408 /* 409 * Update lower 3 bits in order to distinguish 410 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'. 411 */ 412 config = (config & ~7) | mode; 413 } 414 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 415 profile->config[i] = config; 416 else if (config != TOMOYO_CONFIG_USE_DEFAULT) 417 profile->default_config = config; 418 return 0; 419} 420 421/** 422 * tomoyo_write_profile - Write profile table. 423 * 424 * @head: Pointer to "struct tomoyo_io_buffer". 425 * 426 * Returns 0 on success, negative value otherwise. 427 */ 428static int tomoyo_write_profile(struct tomoyo_io_buffer *head) 429{ 430 char *data = head->write_buf; 431 unsigned int i; 432 bool use_default = false; 433 char *cp; 434 struct tomoyo_profile *profile; 435 if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1) 436 return 0; 437 i = simple_strtoul(data, &cp, 10); 438 if (data == cp) { 439 profile = &tomoyo_default_profile; 440 } else { 441 if (*cp != '-') 442 return -EINVAL; 443 data = cp + 1; 444 profile = tomoyo_assign_profile(i); 445 if (!profile) 446 return -EINVAL; 447 } 448 cp = strchr(data, '='); 449 if (!cp) 450 return -EINVAL; 451 *cp++ = '\0'; 452 if (profile != &tomoyo_default_profile) 453 use_default = strstr(cp, "use_default") != NULL; 454 if (tomoyo_str_starts(&data, "PREFERENCE::")) { 455 tomoyo_set_pref(data, cp, use_default, profile); 456 return 0; 457 } 458 if (profile == &tomoyo_default_profile) 459 return -EINVAL; 460 if (!strcmp(data, "COMMENT")) { 461 static DEFINE_SPINLOCK(lock); 462 const struct tomoyo_path_info *new_comment 463 = tomoyo_get_name(cp); 464 const struct tomoyo_path_info *old_comment; 465 if (!new_comment) 466 return -ENOMEM; 467 spin_lock(&lock); 468 old_comment = profile->comment; 469 profile->comment = new_comment; 470 spin_unlock(&lock); 471 tomoyo_put_name(old_comment); 472 return 0; 473 } 474 return tomoyo_set_mode(data, cp, use_default, profile); 475} 476 477static void tomoyo_print_preference(struct tomoyo_io_buffer *head, 478 const int idx) 479{ 480 struct tomoyo_preference *pref = &tomoyo_default_profile.preference; 481 const struct tomoyo_profile *profile = idx >= 0 ? 482 tomoyo_profile_ptr[idx] : NULL; 483 char buffer[16] = ""; 484 if (profile) { 485 buffer[sizeof(buffer) - 1] = '\0'; 486 snprintf(buffer, sizeof(buffer) - 1, "%u-", idx); 487 } 488 if (profile) { 489 pref = profile->learning; 490 if (pref == &tomoyo_default_profile.preference) 491 goto skip1; 492 } 493 tomoyo_io_printf(head, "%sPREFERENCE::%s={ " 494 "verbose=%s max_entry=%u }\n", 495 buffer, "learning", 496 tomoyo_yesno(pref->learning_verbose), 497 pref->learning_max_entry); 498 skip1: 499 if (profile) { 500 pref = profile->permissive; 501 if (pref == &tomoyo_default_profile.preference) 502 goto skip2; 503 } 504 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n", 505 buffer, "permissive", 506 tomoyo_yesno(pref->permissive_verbose)); 507 skip2: 508 if (profile) { 509 pref = profile->enforcing; 510 if (pref == &tomoyo_default_profile.preference) 511 return; 512 } 513 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n", 514 buffer, "enforcing", 515 tomoyo_yesno(pref->enforcing_verbose)); 516} 517 518static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config) 519{ 520 tomoyo_io_printf(head, "={ mode=%s }\n", tomoyo_mode[config & 3]); 521} 522 523/** 524 * tomoyo_read_profile - Read profile table. 525 * 526 * @head: Pointer to "struct tomoyo_io_buffer". 527 */ 528static void tomoyo_read_profile(struct tomoyo_io_buffer *head) 529{ 530 u8 index; 531 const struct tomoyo_profile *profile; 532 next: 533 index = head->r.index; 534 profile = tomoyo_profile_ptr[index]; 535 switch (head->r.step) { 536 case 0: 537 tomoyo_io_printf(head, "PROFILE_VERSION=%s\n", "20090903"); 538 tomoyo_print_preference(head, -1); 539 head->r.step++; 540 break; 541 case 1: 542 for ( ; head->r.index < TOMOYO_MAX_PROFILES; 543 head->r.index++) 544 if (tomoyo_profile_ptr[head->r.index]) 545 break; 546 if (head->r.index == TOMOYO_MAX_PROFILES) 547 return; 548 head->r.step++; 549 break; 550 case 2: 551 { 552 const struct tomoyo_path_info *comment = 553 profile->comment; 554 tomoyo_io_printf(head, "%u-COMMENT=", index); 555 tomoyo_set_string(head, comment ? comment->name : ""); 556 tomoyo_set_lf(head); 557 head->r.step++; 558 } 559 break; 560 case 3: 561 { 562 tomoyo_io_printf(head, "%u-%s", index, "CONFIG"); 563 tomoyo_print_config(head, profile->default_config); 564 head->r.bit = 0; 565 head->r.step++; 566 } 567 break; 568 case 4: 569 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX 570 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) { 571 const u8 i = head->r.bit; 572 const u8 config = profile->config[i]; 573 if (config == TOMOYO_CONFIG_USE_DEFAULT) 574 continue; 575 tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::", 576 tomoyo_mac_keywords[i]); 577 tomoyo_print_config(head, config); 578 head->r.bit++; 579 break; 580 } 581 if (head->r.bit == TOMOYO_MAX_MAC_INDEX 582 + TOMOYO_MAX_MAC_CATEGORY_INDEX) { 583 tomoyo_print_preference(head, index); 584 head->r.index++; 585 head->r.step = 1; 586 } 587 break; 588 } 589 if (tomoyo_flush(head)) 590 goto next; 591} 592 593static bool tomoyo_same_manager(const struct tomoyo_acl_head *a, 594 const struct tomoyo_acl_head *b) 595{ 596 return container_of(a, struct tomoyo_manager, head)->manager == 597 container_of(b, struct tomoyo_manager, head)->manager; 598} 599 600/** 601 * tomoyo_update_manager_entry - Add a manager entry. 602 * 603 * @manager: The path to manager or the domainnamme. 604 * @is_delete: True if it is a delete request. 605 * 606 * Returns 0 on success, negative value otherwise. 607 * 608 * Caller holds tomoyo_read_lock(). 609 */ 610static int tomoyo_update_manager_entry(const char *manager, 611 const bool is_delete) 612{ 613 struct tomoyo_manager e = { }; 614 int error; 615 616 if (tomoyo_domain_def(manager)) { 617 if (!tomoyo_correct_domain(manager)) 618 return -EINVAL; 619 e.is_domain = true; 620 } else { 621 if (!tomoyo_correct_path(manager)) 622 return -EINVAL; 623 } 624 e.manager = tomoyo_get_name(manager); 625 if (!e.manager) 626 return -ENOMEM; 627 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 628 &tomoyo_policy_list[TOMOYO_ID_MANAGER], 629 tomoyo_same_manager); 630 tomoyo_put_name(e.manager); 631 return error; 632} 633 634/** 635 * tomoyo_write_manager - Write manager policy. 636 * 637 * @head: Pointer to "struct tomoyo_io_buffer". 638 * 639 * Returns 0 on success, negative value otherwise. 640 * 641 * Caller holds tomoyo_read_lock(). 642 */ 643static int tomoyo_write_manager(struct tomoyo_io_buffer *head) 644{ 645 char *data = head->write_buf; 646 bool is_delete = tomoyo_str_starts(&data, "delete "); 647 648 if (!strcmp(data, "manage_by_non_root")) { 649 tomoyo_manage_by_non_root = !is_delete; 650 return 0; 651 } 652 return tomoyo_update_manager_entry(data, is_delete); 653} 654 655/** 656 * tomoyo_read_manager - Read manager policy. 657 * 658 * @head: Pointer to "struct tomoyo_io_buffer". 659 * 660 * Caller holds tomoyo_read_lock(). 661 */ 662static void tomoyo_read_manager(struct tomoyo_io_buffer *head) 663{ 664 if (head->r.eof) 665 return; 666 list_for_each_cookie(head->r.acl, 667 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { 668 struct tomoyo_manager *ptr = 669 list_entry(head->r.acl, typeof(*ptr), head.list); 670 if (ptr->head.is_deleted) 671 continue; 672 if (!tomoyo_flush(head)) 673 return; 674 tomoyo_set_string(head, ptr->manager->name); 675 tomoyo_set_lf(head); 676 } 677 head->r.eof = true; 678} 679 680/** 681 * tomoyo_manager - Check whether the current process is a policy manager. 682 * 683 * Returns true if the current process is permitted to modify policy 684 * via /sys/kernel/security/tomoyo/ interface. 685 * 686 * Caller holds tomoyo_read_lock(). 687 */ 688static bool tomoyo_manager(void) 689{ 690 struct tomoyo_manager *ptr; 691 const char *exe; 692 const struct task_struct *task = current; 693 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 694 bool found = false; 695 696 if (!tomoyo_policy_loaded) 697 return true; 698 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 699 return false; 700 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], 701 head.list) { 702 if (!ptr->head.is_deleted && ptr->is_domain 703 && !tomoyo_pathcmp(domainname, ptr->manager)) { 704 found = true; 705 break; 706 } 707 } 708 if (found) 709 return true; 710 exe = tomoyo_get_exe(); 711 if (!exe) 712 return false; 713 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], 714 head.list) { 715 if (!ptr->head.is_deleted && !ptr->is_domain 716 && !strcmp(exe, ptr->manager->name)) { 717 found = true; 718 break; 719 } 720 } 721 if (!found) { /* Reduce error messages. */ 722 static pid_t last_pid; 723 const pid_t pid = current->pid; 724 if (last_pid != pid) { 725 printk(KERN_WARNING "%s ( %s ) is not permitted to " 726 "update policies.\n", domainname->name, exe); 727 last_pid = pid; 728 } 729 } 730 kfree(exe); 731 return found; 732} 733 734/** 735 * tomoyo_select_one - Parse select command. 736 * 737 * @head: Pointer to "struct tomoyo_io_buffer". 738 * @data: String to parse. 739 * 740 * Returns true on success, false otherwise. 741 * 742 * Caller holds tomoyo_read_lock(). 743 */ 744static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data) 745{ 746 unsigned int pid; 747 struct tomoyo_domain_info *domain = NULL; 748 bool global_pid = false; 749 750 if (!strcmp(data, "allow_execute")) { 751 head->r.print_execute_only = true; 752 return true; 753 } 754 if (sscanf(data, "pid=%u", &pid) == 1 || 755 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { 756 struct task_struct *p; 757 rcu_read_lock(); 758 read_lock(&tasklist_lock); 759 if (global_pid) 760 p = find_task_by_pid_ns(pid, &init_pid_ns); 761 else 762 p = find_task_by_vpid(pid); 763 if (p) 764 domain = tomoyo_real_domain(p); 765 read_unlock(&tasklist_lock); 766 rcu_read_unlock(); 767 } else if (!strncmp(data, "domain=", 7)) { 768 if (tomoyo_domain_def(data + 7)) 769 domain = tomoyo_find_domain(data + 7); 770 } else 771 return false; 772 head->w.domain = domain; 773 /* Accessing read_buf is safe because head->io_sem is held. */ 774 if (!head->read_buf) 775 return true; /* Do nothing if open(O_WRONLY). */ 776 memset(&head->r, 0, sizeof(head->r)); 777 head->r.print_this_domain_only = true; 778 if (domain) 779 head->r.domain = &domain->list; 780 else 781 head->r.eof = 1; 782 tomoyo_io_printf(head, "# select %s\n", data); 783 if (domain && domain->is_deleted) 784 tomoyo_io_printf(head, "# This is a deleted domain.\n"); 785 return true; 786} 787 788/** 789 * tomoyo_delete_domain - Delete a domain. 790 * 791 * @domainname: The name of domain. 792 * 793 * Returns 0. 794 * 795 * Caller holds tomoyo_read_lock(). 796 */ 797static int tomoyo_delete_domain(char *domainname) 798{ 799 struct tomoyo_domain_info *domain; 800 struct tomoyo_path_info name; 801 802 name.name = domainname; 803 tomoyo_fill_path_info(&name); 804 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 805 return 0; 806 /* Is there an active domain? */ 807 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 808 /* Never delete tomoyo_kernel_domain */ 809 if (domain == &tomoyo_kernel_domain) 810 continue; 811 if (domain->is_deleted || 812 tomoyo_pathcmp(domain->domainname, &name)) 813 continue; 814 domain->is_deleted = true; 815 break; 816 } 817 mutex_unlock(&tomoyo_policy_lock); 818 return 0; 819} 820 821/** 822 * tomoyo_write_domain2 - Write domain policy. 823 * 824 * @head: Pointer to "struct tomoyo_io_buffer". 825 * 826 * Returns 0 on success, negative value otherwise. 827 * 828 * Caller holds tomoyo_read_lock(). 829 */ 830static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain, 831 const bool is_delete) 832{ 833 if (tomoyo_str_starts(&data, "allow_mount ")) 834 return tomoyo_write_mount(data, domain, is_delete); 835 return tomoyo_write_file(data, domain, is_delete); 836} 837 838/** 839 * tomoyo_write_domain - Write domain policy. 840 * 841 * @head: Pointer to "struct tomoyo_io_buffer". 842 * 843 * Returns 0 on success, negative value otherwise. 844 * 845 * Caller holds tomoyo_read_lock(). 846 */ 847static int tomoyo_write_domain(struct tomoyo_io_buffer *head) 848{ 849 char *data = head->write_buf; 850 struct tomoyo_domain_info *domain = head->w.domain; 851 bool is_delete = false; 852 bool is_select = false; 853 unsigned int profile; 854 855 if (tomoyo_str_starts(&data, "delete ")) 856 is_delete = true; 857 else if (tomoyo_str_starts(&data, "select ")) 858 is_select = true; 859 if (is_select && tomoyo_select_one(head, data)) 860 return 0; 861 /* Don't allow updating policies by non manager programs. */ 862 if (!tomoyo_manager()) 863 return -EPERM; 864 if (tomoyo_domain_def(data)) { 865 domain = NULL; 866 if (is_delete) 867 tomoyo_delete_domain(data); 868 else if (is_select) 869 domain = tomoyo_find_domain(data); 870 else 871 domain = tomoyo_assign_domain(data, 0); 872 head->w.domain = domain; 873 return 0; 874 } 875 if (!domain) 876 return -EINVAL; 877 878 if (sscanf(data, "use_profile %u", &profile) == 1 879 && profile < TOMOYO_MAX_PROFILES) { 880 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) 881 domain->profile = (u8) profile; 882 return 0; 883 } 884 if (!strcmp(data, "quota_exceeded")) { 885 domain->quota_warned = !is_delete; 886 return 0; 887 } 888 if (!strcmp(data, "transition_failed")) { 889 domain->transition_failed = !is_delete; 890 return 0; 891 } 892 return tomoyo_write_domain2(data, domain, is_delete); 893} 894 895/** 896 * tomoyo_fns - Find next set bit. 897 * 898 * @perm: 8 bits value. 899 * @bit: First bit to find. 900 * 901 * Returns next on-bit on success, 8 otherwise. 902 */ 903static u8 tomoyo_fns(const u8 perm, u8 bit) 904{ 905 for ( ; bit < 8; bit++) 906 if (perm & (1 << bit)) 907 break; 908 return bit; 909} 910 911/** 912 * tomoyo_print_entry - Print an ACL entry. 913 * 914 * @head: Pointer to "struct tomoyo_io_buffer". 915 * @acl: Pointer to an ACL entry. 916 * 917 * Returns true on success, false otherwise. 918 */ 919static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, 920 struct tomoyo_acl_info *acl) 921{ 922 const u8 acl_type = acl->type; 923 u8 bit; 924 925 if (acl->is_deleted) 926 return true; 927 next: 928 bit = head->r.bit; 929 if (!tomoyo_flush(head)) 930 return false; 931 else if (acl_type == TOMOYO_TYPE_PATH_ACL) { 932 struct tomoyo_path_acl *ptr = 933 container_of(acl, typeof(*ptr), head); 934 const u16 perm = ptr->perm; 935 for ( ; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { 936 if (!(perm & (1 << bit))) 937 continue; 938 if (head->r.print_execute_only && 939 bit != TOMOYO_TYPE_EXECUTE) 940 continue; 941 break; 942 } 943 if (bit >= TOMOYO_MAX_PATH_OPERATION) 944 goto done; 945 tomoyo_io_printf(head, "allow_%s", tomoyo_path_keyword[bit]); 946 tomoyo_print_name_union(head, &ptr->name); 947 } else if (head->r.print_execute_only) { 948 return true; 949 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { 950 struct tomoyo_path2_acl *ptr = 951 container_of(acl, typeof(*ptr), head); 952 bit = tomoyo_fns(ptr->perm, bit); 953 if (bit >= TOMOYO_MAX_PATH2_OPERATION) 954 goto done; 955 tomoyo_io_printf(head, "allow_%s", tomoyo_path2_keyword[bit]); 956 tomoyo_print_name_union(head, &ptr->name1); 957 tomoyo_print_name_union(head, &ptr->name2); 958 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) { 959 struct tomoyo_path_number_acl *ptr = 960 container_of(acl, typeof(*ptr), head); 961 bit = tomoyo_fns(ptr->perm, bit); 962 if (bit >= TOMOYO_MAX_PATH_NUMBER_OPERATION) 963 goto done; 964 tomoyo_io_printf(head, "allow_%s", 965 tomoyo_path_number_keyword[bit]); 966 tomoyo_print_name_union(head, &ptr->name); 967 tomoyo_print_number_union(head, &ptr->number); 968 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) { 969 struct tomoyo_mkdev_acl *ptr = 970 container_of(acl, typeof(*ptr), head); 971 bit = tomoyo_fns(ptr->perm, bit); 972 if (bit >= TOMOYO_MAX_MKDEV_OPERATION) 973 goto done; 974 tomoyo_io_printf(head, "allow_%s", tomoyo_mkdev_keyword[bit]); 975 tomoyo_print_name_union(head, &ptr->name); 976 tomoyo_print_number_union(head, &ptr->mode); 977 tomoyo_print_number_union(head, &ptr->major); 978 tomoyo_print_number_union(head, &ptr->minor); 979 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) { 980 struct tomoyo_mount_acl *ptr = 981 container_of(acl, typeof(*ptr), head); 982 tomoyo_io_printf(head, "allow_mount"); 983 tomoyo_print_name_union(head, &ptr->dev_name); 984 tomoyo_print_name_union(head, &ptr->dir_name); 985 tomoyo_print_name_union(head, &ptr->fs_type); 986 tomoyo_print_number_union(head, &ptr->flags); 987 } 988 head->r.bit = bit + 1; 989 tomoyo_io_printf(head, "\n"); 990 if (acl_type != TOMOYO_TYPE_MOUNT_ACL) 991 goto next; 992 done: 993 head->r.bit = 0; 994 return true; 995} 996 997/** 998 * tomoyo_read_domain2 - Read domain policy. 999 * 1000 * @head: Pointer to "struct tomoyo_io_buffer". 1001 * @domain: Pointer to "struct tomoyo_domain_info". 1002 * 1003 * Caller holds tomoyo_read_lock(). 1004 * 1005 * Returns true on success, false otherwise. 1006 */ 1007static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head, 1008 struct tomoyo_domain_info *domain) 1009{ 1010 list_for_each_cookie(head->r.acl, &domain->acl_info_list) { 1011 struct tomoyo_acl_info *ptr = 1012 list_entry(head->r.acl, typeof(*ptr), list); 1013 if (!tomoyo_print_entry(head, ptr)) 1014 return false; 1015 } 1016 head->r.acl = NULL; 1017 return true; 1018} 1019 1020/** 1021 * tomoyo_read_domain - Read domain policy. 1022 * 1023 * @head: Pointer to "struct tomoyo_io_buffer". 1024 * 1025 * Caller holds tomoyo_read_lock(). 1026 */ 1027static void tomoyo_read_domain(struct tomoyo_io_buffer *head) 1028{ 1029 if (head->r.eof) 1030 return; 1031 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { 1032 struct tomoyo_domain_info *domain = 1033 list_entry(head->r.domain, typeof(*domain), list); 1034 switch (head->r.step) { 1035 case 0: 1036 if (domain->is_deleted && 1037 !head->r.print_this_domain_only) 1038 continue; 1039 /* Print domainname and flags. */ 1040 tomoyo_set_string(head, domain->domainname->name); 1041 tomoyo_set_lf(head); 1042 tomoyo_io_printf(head, "use_profile %u\n", 1043 domain->profile); 1044 if (domain->quota_warned) 1045 tomoyo_set_string(head, "quota_exceeded\n"); 1046 if (domain->transition_failed) 1047 tomoyo_set_string(head, "transition_failed\n"); 1048 head->r.step++; 1049 tomoyo_set_lf(head); 1050 /* fall through */ 1051 case 1: 1052 if (!tomoyo_read_domain2(head, domain)) 1053 return; 1054 head->r.step++; 1055 if (!tomoyo_set_lf(head)) 1056 return; 1057 /* fall through */ 1058 case 2: 1059 head->r.step = 0; 1060 if (head->r.print_this_domain_only) 1061 goto done; 1062 } 1063 } 1064 done: 1065 head->r.eof = true; 1066} 1067 1068/** 1069 * tomoyo_write_domain_profile - Assign profile for specified domain. 1070 * 1071 * @head: Pointer to "struct tomoyo_io_buffer". 1072 * 1073 * Returns 0 on success, -EINVAL otherwise. 1074 * 1075 * This is equivalent to doing 1076 * 1077 * ( echo "select " $domainname; echo "use_profile " $profile ) | 1078 * /usr/sbin/tomoyo-loadpolicy -d 1079 * 1080 * Caller holds tomoyo_read_lock(). 1081 */ 1082static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) 1083{ 1084 char *data = head->write_buf; 1085 char *cp = strchr(data, ' '); 1086 struct tomoyo_domain_info *domain; 1087 unsigned long profile; 1088 1089 if (!cp) 1090 return -EINVAL; 1091 *cp = '\0'; 1092 domain = tomoyo_find_domain(cp + 1); 1093 if (strict_strtoul(data, 10, &profile)) 1094 return -EINVAL; 1095 if (domain && profile < TOMOYO_MAX_PROFILES 1096 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)) 1097 domain->profile = (u8) profile; 1098 return 0; 1099} 1100 1101/** 1102 * tomoyo_read_domain_profile - Read only domainname and profile. 1103 * 1104 * @head: Pointer to "struct tomoyo_io_buffer". 1105 * 1106 * Returns list of profile number and domainname pairs. 1107 * 1108 * This is equivalent to doing 1109 * 1110 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy | 1111 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" ) 1112 * domainname = $0; } else if ( $1 == "use_profile" ) { 1113 * print $2 " " domainname; domainname = ""; } } ; ' 1114 * 1115 * Caller holds tomoyo_read_lock(). 1116 */ 1117static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head) 1118{ 1119 if (head->r.eof) 1120 return; 1121 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { 1122 struct tomoyo_domain_info *domain = 1123 list_entry(head->r.domain, typeof(*domain), list); 1124 if (domain->is_deleted) 1125 continue; 1126 if (!tomoyo_flush(head)) 1127 return; 1128 tomoyo_io_printf(head, "%u ", domain->profile); 1129 tomoyo_set_string(head, domain->domainname->name); 1130 tomoyo_set_lf(head); 1131 } 1132 head->r.eof = true; 1133} 1134 1135/** 1136 * tomoyo_write_pid: Specify PID to obtain domainname. 1137 * 1138 * @head: Pointer to "struct tomoyo_io_buffer". 1139 * 1140 * Returns 0. 1141 */ 1142static int tomoyo_write_pid(struct tomoyo_io_buffer *head) 1143{ 1144 head->r.eof = false; 1145 return 0; 1146} 1147 1148/** 1149 * tomoyo_read_pid - Get domainname of the specified PID. 1150 * 1151 * @head: Pointer to "struct tomoyo_io_buffer". 1152 * 1153 * Returns the domainname which the specified PID is in on success, 1154 * empty string otherwise. 1155 * The PID is specified by tomoyo_write_pid() so that the user can obtain 1156 * using read()/write() interface rather than sysctl() interface. 1157 */ 1158static void tomoyo_read_pid(struct tomoyo_io_buffer *head) 1159{ 1160 char *buf = head->write_buf; 1161 bool global_pid = false; 1162 unsigned int pid; 1163 struct task_struct *p; 1164 struct tomoyo_domain_info *domain = NULL; 1165 1166 /* Accessing write_buf is safe because head->io_sem is held. */ 1167 if (!buf) { 1168 head->r.eof = true; 1169 return; /* Do nothing if open(O_RDONLY). */ 1170 } 1171 if (head->r.w_pos || head->r.eof) 1172 return; 1173 head->r.eof = true; 1174 if (tomoyo_str_starts(&buf, "global-pid ")) 1175 global_pid = true; 1176 pid = (unsigned int) simple_strtoul(buf, NULL, 10); 1177 rcu_read_lock(); 1178 read_lock(&tasklist_lock); 1179 if (global_pid) 1180 p = find_task_by_pid_ns(pid, &init_pid_ns); 1181 else 1182 p = find_task_by_vpid(pid); 1183 if (p) 1184 domain = tomoyo_real_domain(p); 1185 read_unlock(&tasklist_lock); 1186 rcu_read_unlock(); 1187 if (!domain) 1188 return; 1189 tomoyo_io_printf(head, "%u %u ", pid, domain->profile); 1190 tomoyo_set_string(head, domain->domainname->name); 1191} 1192 1193static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { 1194 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain", 1195 [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain", 1196 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain", 1197 [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain", 1198}; 1199 1200static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { 1201 [TOMOYO_PATH_GROUP] = "path_group ", 1202 [TOMOYO_NUMBER_GROUP] = "number_group ", 1203}; 1204 1205/** 1206 * tomoyo_write_exception - Write exception policy. 1207 * 1208 * @head: Pointer to "struct tomoyo_io_buffer". 1209 * 1210 * Returns 0 on success, negative value otherwise. 1211 * 1212 * Caller holds tomoyo_read_lock(). 1213 */ 1214static int tomoyo_write_exception(struct tomoyo_io_buffer *head) 1215{ 1216 char *data = head->write_buf; 1217 bool is_delete = tomoyo_str_starts(&data, "delete "); 1218 u8 i; 1219 static const struct { 1220 const char *keyword; 1221 int (*write) (char *, const bool); 1222 } tomoyo_callback[1] = { 1223 { "aggregator ", tomoyo_write_aggregator }, 1224 }; 1225 1226 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) 1227 if (tomoyo_str_starts(&data, tomoyo_transition_type[i])) 1228 return tomoyo_write_transition_control(data, is_delete, 1229 i); 1230 for (i = 0; i < 1; i++) 1231 if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword)) 1232 return tomoyo_callback[i].write(data, is_delete); 1233 for (i = 0; i < TOMOYO_MAX_GROUP; i++) 1234 if (tomoyo_str_starts(&data, tomoyo_group_name[i])) 1235 return tomoyo_write_group(data, is_delete, i); 1236 return -EINVAL; 1237} 1238 1239/** 1240 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list. 1241 * 1242 * @head: Pointer to "struct tomoyo_io_buffer". 1243 * @idx: Index number. 1244 * 1245 * Returns true on success, false otherwise. 1246 * 1247 * Caller holds tomoyo_read_lock(). 1248 */ 1249static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) 1250{ 1251 list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) { 1252 struct tomoyo_group *group = 1253 list_entry(head->r.group, typeof(*group), head.list); 1254 list_for_each_cookie(head->r.acl, &group->member_list) { 1255 struct tomoyo_acl_head *ptr = 1256 list_entry(head->r.acl, typeof(*ptr), list); 1257 if (ptr->is_deleted) 1258 continue; 1259 if (!tomoyo_flush(head)) 1260 return false; 1261 tomoyo_set_string(head, tomoyo_group_name[idx]); 1262 tomoyo_set_string(head, group->group_name->name); 1263 if (idx == TOMOYO_PATH_GROUP) { 1264 tomoyo_set_space(head); 1265 tomoyo_set_string(head, container_of 1266 (ptr, struct tomoyo_path_group, 1267 head)->member_name->name); 1268 } else if (idx == TOMOYO_NUMBER_GROUP) { 1269 tomoyo_print_number_union(head, &container_of 1270 (ptr, 1271 struct tomoyo_number_group, 1272 head)->number); 1273 } 1274 tomoyo_set_lf(head); 1275 } 1276 head->r.acl = NULL; 1277 } 1278 head->r.group = NULL; 1279 return true; 1280} 1281 1282/** 1283 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list. 1284 * 1285 * @head: Pointer to "struct tomoyo_io_buffer". 1286 * @idx: Index number. 1287 * 1288 * Returns true on success, false otherwise. 1289 * 1290 * Caller holds tomoyo_read_lock(). 1291 */ 1292static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) 1293{ 1294 list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) { 1295 struct tomoyo_acl_head *acl = 1296 container_of(head->r.acl, typeof(*acl), list); 1297 if (acl->is_deleted) 1298 continue; 1299 if (!tomoyo_flush(head)) 1300 return false; 1301 switch (idx) { 1302 case TOMOYO_ID_TRANSITION_CONTROL: 1303 { 1304 struct tomoyo_transition_control *ptr = 1305 container_of(acl, typeof(*ptr), head); 1306 tomoyo_set_string(head, 1307 tomoyo_transition_type 1308 [ptr->type]); 1309 if (ptr->program) 1310 tomoyo_set_string(head, 1311 ptr->program->name); 1312 if (ptr->program && ptr->domainname) 1313 tomoyo_set_string(head, " from "); 1314 if (ptr->domainname) 1315 tomoyo_set_string(head, 1316 ptr->domainname-> 1317 name); 1318 } 1319 break; 1320 case TOMOYO_ID_AGGREGATOR: 1321 { 1322 struct tomoyo_aggregator *ptr = 1323 container_of(acl, typeof(*ptr), head); 1324 tomoyo_set_string(head, "aggregator "); 1325 tomoyo_set_string(head, 1326 ptr->original_name->name); 1327 tomoyo_set_space(head); 1328 tomoyo_set_string(head, 1329 ptr->aggregated_name->name); 1330 } 1331 break; 1332 default: 1333 continue; 1334 } 1335 tomoyo_set_lf(head); 1336 } 1337 head->r.acl = NULL; 1338 return true; 1339} 1340 1341/** 1342 * tomoyo_read_exception - Read exception policy. 1343 * 1344 * @head: Pointer to "struct tomoyo_io_buffer". 1345 * 1346 * Caller holds tomoyo_read_lock(). 1347 */ 1348static void tomoyo_read_exception(struct tomoyo_io_buffer *head) 1349{ 1350 if (head->r.eof) 1351 return; 1352 while (head->r.step < TOMOYO_MAX_POLICY && 1353 tomoyo_read_policy(head, head->r.step)) 1354 head->r.step++; 1355 if (head->r.step < TOMOYO_MAX_POLICY) 1356 return; 1357 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP && 1358 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY)) 1359 head->r.step++; 1360 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP) 1361 return; 1362 head->r.eof = true; 1363} 1364 1365/** 1366 * tomoyo_print_header - Get header line of audit log. 1367 * 1368 * @r: Pointer to "struct tomoyo_request_info". 1369 * 1370 * Returns string representation. 1371 * 1372 * This function uses kmalloc(), so caller must kfree() if this function 1373 * didn't return NULL. 1374 */ 1375static char *tomoyo_print_header(struct tomoyo_request_info *r) 1376{ 1377 struct timeval tv; 1378 const pid_t gpid = task_pid_nr(current); 1379 static const int tomoyo_buffer_len = 4096; 1380 char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS); 1381 pid_t ppid; 1382 if (!buffer) 1383 return NULL; 1384 do_gettimeofday(&tv); 1385 rcu_read_lock(); 1386 ppid = task_tgid_vnr(current->real_parent); 1387 rcu_read_unlock(); 1388 snprintf(buffer, tomoyo_buffer_len - 1, 1389 "#timestamp=%lu profile=%u mode=%s (global-pid=%u)" 1390 " task={ pid=%u ppid=%u uid=%u gid=%u euid=%u" 1391 " egid=%u suid=%u sgid=%u fsuid=%u fsgid=%u }", 1392 tv.tv_sec, r->profile, tomoyo_mode[r->mode], gpid, 1393 task_tgid_vnr(current), ppid, 1394 current_uid(), current_gid(), current_euid(), 1395 current_egid(), current_suid(), current_sgid(), 1396 current_fsuid(), current_fsgid()); 1397 return buffer; 1398} 1399 1400/** 1401 * tomoyo_init_audit_log - Allocate buffer for audit logs. 1402 * 1403 * @len: Required size. 1404 * @r: Pointer to "struct tomoyo_request_info". 1405 * 1406 * Returns pointer to allocated memory. 1407 * 1408 * The @len is updated to add the header lines' size on success. 1409 * 1410 * This function uses kzalloc(), so caller must kfree() if this function 1411 * didn't return NULL. 1412 */ 1413static char *tomoyo_init_audit_log(int *len, struct tomoyo_request_info *r) 1414{ 1415 char *buf = NULL; 1416 const char *header; 1417 const char *domainname; 1418 if (!r->domain) 1419 r->domain = tomoyo_domain(); 1420 domainname = r->domain->domainname->name; 1421 header = tomoyo_print_header(r); 1422 if (!header) 1423 return NULL; 1424 *len += strlen(domainname) + strlen(header) + 10; 1425 buf = kzalloc(*len, GFP_NOFS); 1426 if (buf) 1427 snprintf(buf, (*len) - 1, "%s\n%s\n", header, domainname); 1428 kfree(header); 1429 return buf; 1430} 1431 1432/* Wait queue for tomoyo_query_list. */ 1433static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait); 1434 1435/* Lock for manipulating tomoyo_query_list. */ 1436static DEFINE_SPINLOCK(tomoyo_query_list_lock); 1437 1438/* Structure for query. */ 1439struct tomoyo_query { 1440 struct list_head list; 1441 char *query; 1442 int query_len; 1443 unsigned int serial; 1444 int timer; 1445 int answer; 1446}; 1447 1448/* The list for "struct tomoyo_query". */ 1449static LIST_HEAD(tomoyo_query_list); 1450 1451/* 1452 * Number of "struct file" referring /sys/kernel/security/tomoyo/query 1453 * interface. 1454 */ 1455static atomic_t tomoyo_query_observers = ATOMIC_INIT(0); 1456 1457/** 1458 * tomoyo_supervisor - Ask for the supervisor's decision. 1459 * 1460 * @r: Pointer to "struct tomoyo_request_info". 1461 * @fmt: The printf()'s format string, followed by parameters. 1462 * 1463 * Returns 0 if the supervisor decided to permit the access request which 1464 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the 1465 * supervisor decided to retry the access request which violated the policy in 1466 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise. 1467 */ 1468int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) 1469{ 1470 va_list args; 1471 int error = -EPERM; 1472 int pos; 1473 int len; 1474 static unsigned int tomoyo_serial; 1475 struct tomoyo_query *entry = NULL; 1476 bool quota_exceeded = false; 1477 char *header; 1478 switch (r->mode) { 1479 char *buffer; 1480 case TOMOYO_CONFIG_LEARNING: 1481 if (!tomoyo_domain_quota_is_ok(r)) 1482 return 0; 1483 va_start(args, fmt); 1484 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4; 1485 va_end(args); 1486 buffer = kmalloc(len, GFP_NOFS); 1487 if (!buffer) 1488 return 0; 1489 va_start(args, fmt); 1490 vsnprintf(buffer, len - 1, fmt, args); 1491 va_end(args); 1492 tomoyo_normalize_line(buffer); 1493 tomoyo_write_domain2(buffer, r->domain, false); 1494 kfree(buffer); 1495 /* fall through */ 1496 case TOMOYO_CONFIG_PERMISSIVE: 1497 return 0; 1498 } 1499 if (!r->domain) 1500 r->domain = tomoyo_domain(); 1501 if (!atomic_read(&tomoyo_query_observers)) 1502 return -EPERM; 1503 va_start(args, fmt); 1504 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32; 1505 va_end(args); 1506 header = tomoyo_init_audit_log(&len, r); 1507 if (!header) 1508 goto out; 1509 entry = kzalloc(sizeof(*entry), GFP_NOFS); 1510 if (!entry) 1511 goto out; 1512 entry->query = kzalloc(len, GFP_NOFS); 1513 if (!entry->query) 1514 goto out; 1515 len = ksize(entry->query); 1516 spin_lock(&tomoyo_query_list_lock); 1517 if (tomoyo_quota_for_query && tomoyo_query_memory_size + len + 1518 sizeof(*entry) >= tomoyo_quota_for_query) { 1519 quota_exceeded = true; 1520 } else { 1521 tomoyo_query_memory_size += len + sizeof(*entry); 1522 entry->serial = tomoyo_serial++; 1523 } 1524 spin_unlock(&tomoyo_query_list_lock); 1525 if (quota_exceeded) 1526 goto out; 1527 pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s", 1528 entry->serial, r->retry, header); 1529 kfree(header); 1530 header = NULL; 1531 va_start(args, fmt); 1532 vsnprintf(entry->query + pos, len - 1 - pos, fmt, args); 1533 entry->query_len = strlen(entry->query) + 1; 1534 va_end(args); 1535 spin_lock(&tomoyo_query_list_lock); 1536 list_add_tail(&entry->list, &tomoyo_query_list); 1537 spin_unlock(&tomoyo_query_list_lock); 1538 /* Give 10 seconds for supervisor's opinion. */ 1539 for (entry->timer = 0; 1540 atomic_read(&tomoyo_query_observers) && entry->timer < 100; 1541 entry->timer++) { 1542 wake_up(&tomoyo_query_wait); 1543 set_current_state(TASK_INTERRUPTIBLE); 1544 schedule_timeout(HZ / 10); 1545 if (entry->answer) 1546 break; 1547 } 1548 spin_lock(&tomoyo_query_list_lock); 1549 list_del(&entry->list); 1550 tomoyo_query_memory_size -= len + sizeof(*entry); 1551 spin_unlock(&tomoyo_query_list_lock); 1552 switch (entry->answer) { 1553 case 3: /* Asked to retry by administrator. */ 1554 error = TOMOYO_RETRY_REQUEST; 1555 r->retry++; 1556 break; 1557 case 1: 1558 /* Granted by administrator. */ 1559 error = 0; 1560 break; 1561 case 0: 1562 /* Timed out. */ 1563 break; 1564 default: 1565 /* Rejected by administrator. */ 1566 break; 1567 } 1568 out: 1569 if (entry) 1570 kfree(entry->query); 1571 kfree(entry); 1572 kfree(header); 1573 return error; 1574} 1575 1576/** 1577 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query. 1578 * 1579 * @file: Pointer to "struct file". 1580 * @wait: Pointer to "poll_table". 1581 * 1582 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise. 1583 * 1584 * Waits for access requests which violated policy in enforcing mode. 1585 */ 1586static int tomoyo_poll_query(struct file *file, poll_table *wait) 1587{ 1588 struct list_head *tmp; 1589 bool found = false; 1590 u8 i; 1591 for (i = 0; i < 2; i++) { 1592 spin_lock(&tomoyo_query_list_lock); 1593 list_for_each(tmp, &tomoyo_query_list) { 1594 struct tomoyo_query *ptr = 1595 list_entry(tmp, typeof(*ptr), list); 1596 if (ptr->answer) 1597 continue; 1598 found = true; 1599 break; 1600 } 1601 spin_unlock(&tomoyo_query_list_lock); 1602 if (found) 1603 return POLLIN | POLLRDNORM; 1604 if (i) 1605 break; 1606 poll_wait(file, &tomoyo_query_wait, wait); 1607 } 1608 return 0; 1609} 1610 1611/** 1612 * tomoyo_read_query - Read access requests which violated policy in enforcing mode. 1613 * 1614 * @head: Pointer to "struct tomoyo_io_buffer". 1615 */ 1616static void tomoyo_read_query(struct tomoyo_io_buffer *head) 1617{ 1618 struct list_head *tmp; 1619 int pos = 0; 1620 int len = 0; 1621 char *buf; 1622 if (head->r.w_pos) 1623 return; 1624 if (head->read_buf) { 1625 kfree(head->read_buf); 1626 head->read_buf = NULL; 1627 } 1628 spin_lock(&tomoyo_query_list_lock); 1629 list_for_each(tmp, &tomoyo_query_list) { 1630 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1631 if (ptr->answer) 1632 continue; 1633 if (pos++ != head->r.query_index) 1634 continue; 1635 len = ptr->query_len; 1636 break; 1637 } 1638 spin_unlock(&tomoyo_query_list_lock); 1639 if (!len) { 1640 head->r.query_index = 0; 1641 return; 1642 } 1643 buf = kzalloc(len, GFP_NOFS); 1644 if (!buf) 1645 return; 1646 pos = 0; 1647 spin_lock(&tomoyo_query_list_lock); 1648 list_for_each(tmp, &tomoyo_query_list) { 1649 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1650 if (ptr->answer) 1651 continue; 1652 if (pos++ != head->r.query_index) 1653 continue; 1654 /* 1655 * Some query can be skipped because tomoyo_query_list 1656 * can change, but I don't care. 1657 */ 1658 if (len == ptr->query_len) 1659 memmove(buf, ptr->query, len); 1660 break; 1661 } 1662 spin_unlock(&tomoyo_query_list_lock); 1663 if (buf[0]) { 1664 head->read_buf = buf; 1665 head->r.w[head->r.w_pos++] = buf; 1666 head->r.query_index++; 1667 } else { 1668 kfree(buf); 1669 } 1670} 1671 1672/** 1673 * tomoyo_write_answer - Write the supervisor's decision. 1674 * 1675 * @head: Pointer to "struct tomoyo_io_buffer". 1676 * 1677 * Returns 0 on success, -EINVAL otherwise. 1678 */ 1679static int tomoyo_write_answer(struct tomoyo_io_buffer *head) 1680{ 1681 char *data = head->write_buf; 1682 struct list_head *tmp; 1683 unsigned int serial; 1684 unsigned int answer; 1685 spin_lock(&tomoyo_query_list_lock); 1686 list_for_each(tmp, &tomoyo_query_list) { 1687 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1688 ptr->timer = 0; 1689 } 1690 spin_unlock(&tomoyo_query_list_lock); 1691 if (sscanf(data, "A%u=%u", &serial, &answer) != 2) 1692 return -EINVAL; 1693 spin_lock(&tomoyo_query_list_lock); 1694 list_for_each(tmp, &tomoyo_query_list) { 1695 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1696 if (ptr->serial != serial) 1697 continue; 1698 if (!ptr->answer) 1699 ptr->answer = answer; 1700 break; 1701 } 1702 spin_unlock(&tomoyo_query_list_lock); 1703 return 0; 1704} 1705 1706/** 1707 * tomoyo_read_version: Get version. 1708 * 1709 * @head: Pointer to "struct tomoyo_io_buffer". 1710 * 1711 * Returns version information. 1712 */ 1713static void tomoyo_read_version(struct tomoyo_io_buffer *head) 1714{ 1715 if (!head->r.eof) { 1716 tomoyo_io_printf(head, "2.3.0"); 1717 head->r.eof = true; 1718 } 1719} 1720 1721/** 1722 * tomoyo_read_self_domain - Get the current process's domainname. 1723 * 1724 * @head: Pointer to "struct tomoyo_io_buffer". 1725 * 1726 * Returns the current process's domainname. 1727 */ 1728static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head) 1729{ 1730 if (!head->r.eof) { 1731 /* 1732 * tomoyo_domain()->domainname != NULL 1733 * because every process belongs to a domain and 1734 * the domain's name cannot be NULL. 1735 */ 1736 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name); 1737 head->r.eof = true; 1738 } 1739} 1740 1741/** 1742 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface. 1743 * 1744 * @type: Type of interface. 1745 * @file: Pointer to "struct file". 1746 * 1747 * Associates policy handler and returns 0 on success, -ENOMEM otherwise. 1748 * 1749 * Caller acquires tomoyo_read_lock(). 1750 */ 1751int tomoyo_open_control(const u8 type, struct file *file) 1752{ 1753 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS); 1754 1755 if (!head) 1756 return -ENOMEM; 1757 mutex_init(&head->io_sem); 1758 head->type = type; 1759 switch (type) { 1760 case TOMOYO_DOMAINPOLICY: 1761 /* /sys/kernel/security/tomoyo/domain_policy */ 1762 head->write = tomoyo_write_domain; 1763 head->read = tomoyo_read_domain; 1764 break; 1765 case TOMOYO_EXCEPTIONPOLICY: 1766 /* /sys/kernel/security/tomoyo/exception_policy */ 1767 head->write = tomoyo_write_exception; 1768 head->read = tomoyo_read_exception; 1769 break; 1770 case TOMOYO_SELFDOMAIN: 1771 /* /sys/kernel/security/tomoyo/self_domain */ 1772 head->read = tomoyo_read_self_domain; 1773 break; 1774 case TOMOYO_DOMAIN_STATUS: 1775 /* /sys/kernel/security/tomoyo/.domain_status */ 1776 head->write = tomoyo_write_domain_profile; 1777 head->read = tomoyo_read_domain_profile; 1778 break; 1779 case TOMOYO_PROCESS_STATUS: 1780 /* /sys/kernel/security/tomoyo/.process_status */ 1781 head->write = tomoyo_write_pid; 1782 head->read = tomoyo_read_pid; 1783 break; 1784 case TOMOYO_VERSION: 1785 /* /sys/kernel/security/tomoyo/version */ 1786 head->read = tomoyo_read_version; 1787 head->readbuf_size = 128; 1788 break; 1789 case TOMOYO_MEMINFO: 1790 /* /sys/kernel/security/tomoyo/meminfo */ 1791 head->write = tomoyo_write_memory_quota; 1792 head->read = tomoyo_read_memory_counter; 1793 head->readbuf_size = 512; 1794 break; 1795 case TOMOYO_PROFILE: 1796 /* /sys/kernel/security/tomoyo/profile */ 1797 head->write = tomoyo_write_profile; 1798 head->read = tomoyo_read_profile; 1799 break; 1800 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */ 1801 head->poll = tomoyo_poll_query; 1802 head->write = tomoyo_write_answer; 1803 head->read = tomoyo_read_query; 1804 break; 1805 case TOMOYO_MANAGER: 1806 /* /sys/kernel/security/tomoyo/manager */ 1807 head->write = tomoyo_write_manager; 1808 head->read = tomoyo_read_manager; 1809 break; 1810 } 1811 if (!(file->f_mode & FMODE_READ)) { 1812 /* 1813 * No need to allocate read_buf since it is not opened 1814 * for reading. 1815 */ 1816 head->read = NULL; 1817 head->poll = NULL; 1818 } else if (!head->poll) { 1819 /* Don't allocate read_buf for poll() access. */ 1820 if (!head->readbuf_size) 1821 head->readbuf_size = 4096 * 2; 1822 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS); 1823 if (!head->read_buf) { 1824 kfree(head); 1825 return -ENOMEM; 1826 } 1827 } 1828 if (!(file->f_mode & FMODE_WRITE)) { 1829 /* 1830 * No need to allocate write_buf since it is not opened 1831 * for writing. 1832 */ 1833 head->write = NULL; 1834 } else if (head->write) { 1835 head->writebuf_size = 4096 * 2; 1836 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS); 1837 if (!head->write_buf) { 1838 kfree(head->read_buf); 1839 kfree(head); 1840 return -ENOMEM; 1841 } 1842 } 1843 if (type != TOMOYO_QUERY) 1844 head->reader_idx = tomoyo_read_lock(); 1845 file->private_data = head; 1846 /* 1847 * If the file is /sys/kernel/security/tomoyo/query , increment the 1848 * observer counter. 1849 * The obserber counter is used by tomoyo_supervisor() to see if 1850 * there is some process monitoring /sys/kernel/security/tomoyo/query. 1851 */ 1852 if (type == TOMOYO_QUERY) 1853 atomic_inc(&tomoyo_query_observers); 1854 return 0; 1855} 1856 1857/** 1858 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface. 1859 * 1860 * @file: Pointer to "struct file". 1861 * @wait: Pointer to "poll_table". 1862 * 1863 * Waits for read readiness. 1864 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd . 1865 */ 1866int tomoyo_poll_control(struct file *file, poll_table *wait) 1867{ 1868 struct tomoyo_io_buffer *head = file->private_data; 1869 if (!head->poll) 1870 return -ENOSYS; 1871 return head->poll(file, wait); 1872} 1873 1874/** 1875 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 1876 * 1877 * @head: Pointer to "struct tomoyo_io_buffer". 1878 * @buffer: Poiner to buffer to write to. 1879 * @buffer_len: Size of @buffer. 1880 * 1881 * Returns bytes read on success, negative value otherwise. 1882 * 1883 * Caller holds tomoyo_read_lock(). 1884 */ 1885int tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, 1886 const int buffer_len) 1887{ 1888 int len; 1889 1890 if (!head->read) 1891 return -ENOSYS; 1892 if (mutex_lock_interruptible(&head->io_sem)) 1893 return -EINTR; 1894 head->read_user_buf = buffer; 1895 head->read_user_buf_avail = buffer_len; 1896 if (tomoyo_flush(head)) 1897 /* Call the policy handler. */ 1898 head->read(head); 1899 tomoyo_flush(head); 1900 len = head->read_user_buf - buffer; 1901 mutex_unlock(&head->io_sem); 1902 return len; 1903} 1904 1905/** 1906 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. 1907 * 1908 * @head: Pointer to "struct tomoyo_io_buffer". 1909 * @buffer: Pointer to buffer to read from. 1910 * @buffer_len: Size of @buffer. 1911 * 1912 * Returns @buffer_len on success, negative value otherwise. 1913 * 1914 * Caller holds tomoyo_read_lock(). 1915 */ 1916int tomoyo_write_control(struct tomoyo_io_buffer *head, 1917 const char __user *buffer, const int buffer_len) 1918{ 1919 int error = buffer_len; 1920 int avail_len = buffer_len; 1921 char *cp0 = head->write_buf; 1922 1923 if (!head->write) 1924 return -ENOSYS; 1925 if (!access_ok(VERIFY_READ, buffer, buffer_len)) 1926 return -EFAULT; 1927 /* Don't allow updating policies by non manager programs. */ 1928 if (head->write != tomoyo_write_pid && 1929 head->write != tomoyo_write_domain && !tomoyo_manager()) 1930 return -EPERM; 1931 if (mutex_lock_interruptible(&head->io_sem)) 1932 return -EINTR; 1933 /* Read a line and dispatch it to the policy handler. */ 1934 while (avail_len > 0) { 1935 char c; 1936 if (head->w.avail >= head->writebuf_size - 1) { 1937 error = -ENOMEM; 1938 break; 1939 } else if (get_user(c, buffer)) { 1940 error = -EFAULT; 1941 break; 1942 } 1943 buffer++; 1944 avail_len--; 1945 cp0[head->w.avail++] = c; 1946 if (c != '\n') 1947 continue; 1948 cp0[head->w.avail - 1] = '\0'; 1949 head->w.avail = 0; 1950 tomoyo_normalize_line(cp0); 1951 head->write(head); 1952 } 1953 mutex_unlock(&head->io_sem); 1954 return error; 1955} 1956 1957/** 1958 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface. 1959 * 1960 * @head: Pointer to "struct tomoyo_io_buffer". 1961 * 1962 * Releases memory and returns 0. 1963 * 1964 * Caller looses tomoyo_read_lock(). 1965 */ 1966int tomoyo_close_control(struct tomoyo_io_buffer *head) 1967{ 1968 const bool is_write = !!head->write_buf; 1969 1970 /* 1971 * If the file is /sys/kernel/security/tomoyo/query , decrement the 1972 * observer counter. 1973 */ 1974 if (head->type == TOMOYO_QUERY) 1975 atomic_dec(&tomoyo_query_observers); 1976 else 1977 tomoyo_read_unlock(head->reader_idx); 1978 /* Release memory used for policy I/O. */ 1979 kfree(head->read_buf); 1980 head->read_buf = NULL; 1981 kfree(head->write_buf); 1982 head->write_buf = NULL; 1983 kfree(head); 1984 if (is_write) 1985 tomoyo_run_gc(); 1986 return 0; 1987} 1988 1989/** 1990 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined. 1991 */ 1992void tomoyo_check_profile(void) 1993{ 1994 struct tomoyo_domain_info *domain; 1995 const int idx = tomoyo_read_lock(); 1996 tomoyo_policy_loaded = true; 1997 /* Check all profiles currently assigned to domains are defined. */ 1998 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1999 const u8 profile = domain->profile; 2000 if (tomoyo_profile_ptr[profile]) 2001 continue; 2002 printk(KERN_ERR "You need to define profile %u before using it.\n", 2003 profile); 2004 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ " 2005 "for more information.\n"); 2006 panic("Profile %u (used by '%s') not defined.\n", 2007 profile, domain->domainname->name); 2008 } 2009 tomoyo_read_unlock(idx); 2010 if (tomoyo_profile_version != 20090903) { 2011 printk(KERN_ERR "You need to install userland programs for " 2012 "TOMOYO 2.3 and initialize policy configuration.\n"); 2013 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ " 2014 "for more information.\n"); 2015 panic("Profile version %u is not supported.\n", 2016 tomoyo_profile_version); 2017 } 2018 printk(KERN_INFO "TOMOYO: 2.3.0\n"); 2019 printk(KERN_INFO "Mandatory Access Control activated.\n"); 2020} 2021