common.c revision 1f067a682a9bd252107ac6f6946b7332fde42344
1/* 2 * security/tomoyo/common.c 3 * 4 * Copyright (C) 2005-2011 NTT DATA CORPORATION 5 */ 6 7#include <linux/uaccess.h> 8#include <linux/slab.h> 9#include <linux/security.h> 10#include "common.h" 11 12/* String table for operation mode. */ 13const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = { 14 [TOMOYO_CONFIG_DISABLED] = "disabled", 15 [TOMOYO_CONFIG_LEARNING] = "learning", 16 [TOMOYO_CONFIG_PERMISSIVE] = "permissive", 17 [TOMOYO_CONFIG_ENFORCING] = "enforcing" 18}; 19 20/* String table for /sys/kernel/security/tomoyo/profile */ 21const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX 22 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = { 23 /* CONFIG::file group */ 24 [TOMOYO_MAC_FILE_EXECUTE] = "execute", 25 [TOMOYO_MAC_FILE_OPEN] = "open", 26 [TOMOYO_MAC_FILE_CREATE] = "create", 27 [TOMOYO_MAC_FILE_UNLINK] = "unlink", 28 [TOMOYO_MAC_FILE_GETATTR] = "getattr", 29 [TOMOYO_MAC_FILE_MKDIR] = "mkdir", 30 [TOMOYO_MAC_FILE_RMDIR] = "rmdir", 31 [TOMOYO_MAC_FILE_MKFIFO] = "mkfifo", 32 [TOMOYO_MAC_FILE_MKSOCK] = "mksock", 33 [TOMOYO_MAC_FILE_TRUNCATE] = "truncate", 34 [TOMOYO_MAC_FILE_SYMLINK] = "symlink", 35 [TOMOYO_MAC_FILE_MKBLOCK] = "mkblock", 36 [TOMOYO_MAC_FILE_MKCHAR] = "mkchar", 37 [TOMOYO_MAC_FILE_LINK] = "link", 38 [TOMOYO_MAC_FILE_RENAME] = "rename", 39 [TOMOYO_MAC_FILE_CHMOD] = "chmod", 40 [TOMOYO_MAC_FILE_CHOWN] = "chown", 41 [TOMOYO_MAC_FILE_CHGRP] = "chgrp", 42 [TOMOYO_MAC_FILE_IOCTL] = "ioctl", 43 [TOMOYO_MAC_FILE_CHROOT] = "chroot", 44 [TOMOYO_MAC_FILE_MOUNT] = "mount", 45 [TOMOYO_MAC_FILE_UMOUNT] = "unmount", 46 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "pivot_root", 47 /* CONFIG::network group */ 48 [TOMOYO_MAC_NETWORK_INET_STREAM_BIND] = "inet_stream_bind", 49 [TOMOYO_MAC_NETWORK_INET_STREAM_LISTEN] = "inet_stream_listen", 50 [TOMOYO_MAC_NETWORK_INET_STREAM_CONNECT] = "inet_stream_connect", 51 [TOMOYO_MAC_NETWORK_INET_DGRAM_BIND] = "inet_dgram_bind", 52 [TOMOYO_MAC_NETWORK_INET_DGRAM_SEND] = "inet_dgram_send", 53 [TOMOYO_MAC_NETWORK_INET_RAW_BIND] = "inet_raw_bind", 54 [TOMOYO_MAC_NETWORK_INET_RAW_SEND] = "inet_raw_send", 55 [TOMOYO_MAC_NETWORK_UNIX_STREAM_BIND] = "unix_stream_bind", 56 [TOMOYO_MAC_NETWORK_UNIX_STREAM_LISTEN] = "unix_stream_listen", 57 [TOMOYO_MAC_NETWORK_UNIX_STREAM_CONNECT] = "unix_stream_connect", 58 [TOMOYO_MAC_NETWORK_UNIX_DGRAM_BIND] = "unix_dgram_bind", 59 [TOMOYO_MAC_NETWORK_UNIX_DGRAM_SEND] = "unix_dgram_send", 60 [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_BIND] = "unix_seqpacket_bind", 61 [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_LISTEN] = "unix_seqpacket_listen", 62 [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] = "unix_seqpacket_connect", 63 /* CONFIG::misc group */ 64 [TOMOYO_MAC_ENVIRON] = "env", 65 /* CONFIG group */ 66 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file", 67 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_NETWORK] = "network", 68 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_MISC] = "misc", 69}; 70 71/* String table for conditions. */ 72const char * const tomoyo_condition_keyword[TOMOYO_MAX_CONDITION_KEYWORD] = { 73 [TOMOYO_TASK_UID] = "task.uid", 74 [TOMOYO_TASK_EUID] = "task.euid", 75 [TOMOYO_TASK_SUID] = "task.suid", 76 [TOMOYO_TASK_FSUID] = "task.fsuid", 77 [TOMOYO_TASK_GID] = "task.gid", 78 [TOMOYO_TASK_EGID] = "task.egid", 79 [TOMOYO_TASK_SGID] = "task.sgid", 80 [TOMOYO_TASK_FSGID] = "task.fsgid", 81 [TOMOYO_TASK_PID] = "task.pid", 82 [TOMOYO_TASK_PPID] = "task.ppid", 83 [TOMOYO_EXEC_ARGC] = "exec.argc", 84 [TOMOYO_EXEC_ENVC] = "exec.envc", 85 [TOMOYO_TYPE_IS_SOCKET] = "socket", 86 [TOMOYO_TYPE_IS_SYMLINK] = "symlink", 87 [TOMOYO_TYPE_IS_FILE] = "file", 88 [TOMOYO_TYPE_IS_BLOCK_DEV] = "block", 89 [TOMOYO_TYPE_IS_DIRECTORY] = "directory", 90 [TOMOYO_TYPE_IS_CHAR_DEV] = "char", 91 [TOMOYO_TYPE_IS_FIFO] = "fifo", 92 [TOMOYO_MODE_SETUID] = "setuid", 93 [TOMOYO_MODE_SETGID] = "setgid", 94 [TOMOYO_MODE_STICKY] = "sticky", 95 [TOMOYO_MODE_OWNER_READ] = "owner_read", 96 [TOMOYO_MODE_OWNER_WRITE] = "owner_write", 97 [TOMOYO_MODE_OWNER_EXECUTE] = "owner_execute", 98 [TOMOYO_MODE_GROUP_READ] = "group_read", 99 [TOMOYO_MODE_GROUP_WRITE] = "group_write", 100 [TOMOYO_MODE_GROUP_EXECUTE] = "group_execute", 101 [TOMOYO_MODE_OTHERS_READ] = "others_read", 102 [TOMOYO_MODE_OTHERS_WRITE] = "others_write", 103 [TOMOYO_MODE_OTHERS_EXECUTE] = "others_execute", 104 [TOMOYO_EXEC_REALPATH] = "exec.realpath", 105 [TOMOYO_SYMLINK_TARGET] = "symlink.target", 106 [TOMOYO_PATH1_UID] = "path1.uid", 107 [TOMOYO_PATH1_GID] = "path1.gid", 108 [TOMOYO_PATH1_INO] = "path1.ino", 109 [TOMOYO_PATH1_MAJOR] = "path1.major", 110 [TOMOYO_PATH1_MINOR] = "path1.minor", 111 [TOMOYO_PATH1_PERM] = "path1.perm", 112 [TOMOYO_PATH1_TYPE] = "path1.type", 113 [TOMOYO_PATH1_DEV_MAJOR] = "path1.dev_major", 114 [TOMOYO_PATH1_DEV_MINOR] = "path1.dev_minor", 115 [TOMOYO_PATH2_UID] = "path2.uid", 116 [TOMOYO_PATH2_GID] = "path2.gid", 117 [TOMOYO_PATH2_INO] = "path2.ino", 118 [TOMOYO_PATH2_MAJOR] = "path2.major", 119 [TOMOYO_PATH2_MINOR] = "path2.minor", 120 [TOMOYO_PATH2_PERM] = "path2.perm", 121 [TOMOYO_PATH2_TYPE] = "path2.type", 122 [TOMOYO_PATH2_DEV_MAJOR] = "path2.dev_major", 123 [TOMOYO_PATH2_DEV_MINOR] = "path2.dev_minor", 124 [TOMOYO_PATH1_PARENT_UID] = "path1.parent.uid", 125 [TOMOYO_PATH1_PARENT_GID] = "path1.parent.gid", 126 [TOMOYO_PATH1_PARENT_INO] = "path1.parent.ino", 127 [TOMOYO_PATH1_PARENT_PERM] = "path1.parent.perm", 128 [TOMOYO_PATH2_PARENT_UID] = "path2.parent.uid", 129 [TOMOYO_PATH2_PARENT_GID] = "path2.parent.gid", 130 [TOMOYO_PATH2_PARENT_INO] = "path2.parent.ino", 131 [TOMOYO_PATH2_PARENT_PERM] = "path2.parent.perm", 132}; 133 134/* String table for PREFERENCE keyword. */ 135static const char * const tomoyo_pref_keywords[TOMOYO_MAX_PREF] = { 136 [TOMOYO_PREF_MAX_AUDIT_LOG] = "max_audit_log", 137 [TOMOYO_PREF_MAX_LEARNING_ENTRY] = "max_learning_entry", 138}; 139 140/* String table for path operation. */ 141const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = { 142 [TOMOYO_TYPE_EXECUTE] = "execute", 143 [TOMOYO_TYPE_READ] = "read", 144 [TOMOYO_TYPE_WRITE] = "write", 145 [TOMOYO_TYPE_APPEND] = "append", 146 [TOMOYO_TYPE_UNLINK] = "unlink", 147 [TOMOYO_TYPE_GETATTR] = "getattr", 148 [TOMOYO_TYPE_RMDIR] = "rmdir", 149 [TOMOYO_TYPE_TRUNCATE] = "truncate", 150 [TOMOYO_TYPE_SYMLINK] = "symlink", 151 [TOMOYO_TYPE_CHROOT] = "chroot", 152 [TOMOYO_TYPE_UMOUNT] = "unmount", 153}; 154 155/* String table for socket's operation. */ 156const char * const tomoyo_socket_keyword[TOMOYO_MAX_NETWORK_OPERATION] = { 157 [TOMOYO_NETWORK_BIND] = "bind", 158 [TOMOYO_NETWORK_LISTEN] = "listen", 159 [TOMOYO_NETWORK_CONNECT] = "connect", 160 [TOMOYO_NETWORK_SEND] = "send", 161}; 162 163/* String table for categories. */ 164static const char * const tomoyo_category_keywords 165[TOMOYO_MAX_MAC_CATEGORY_INDEX] = { 166 [TOMOYO_MAC_CATEGORY_FILE] = "file", 167 [TOMOYO_MAC_CATEGORY_NETWORK] = "network", 168 [TOMOYO_MAC_CATEGORY_MISC] = "misc", 169}; 170 171/* Permit policy management by non-root user? */ 172static bool tomoyo_manage_by_non_root; 173 174/* Utility functions. */ 175 176/** 177 * tomoyo_yesno - Return "yes" or "no". 178 * 179 * @value: Bool value. 180 */ 181const char *tomoyo_yesno(const unsigned int value) 182{ 183 return value ? "yes" : "no"; 184} 185 186/** 187 * tomoyo_addprintf - strncat()-like-snprintf(). 188 * 189 * @buffer: Buffer to write to. Must be '\0'-terminated. 190 * @len: Size of @buffer. 191 * @fmt: The printf()'s format string, followed by parameters. 192 * 193 * Returns nothing. 194 */ 195static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...) 196{ 197 va_list args; 198 const int pos = strlen(buffer); 199 va_start(args, fmt); 200 vsnprintf(buffer + pos, len - pos - 1, fmt, args); 201 va_end(args); 202} 203 204/** 205 * tomoyo_flush - Flush queued string to userspace's buffer. 206 * 207 * @head: Pointer to "struct tomoyo_io_buffer". 208 * 209 * Returns true if all data was flushed, false otherwise. 210 */ 211static bool tomoyo_flush(struct tomoyo_io_buffer *head) 212{ 213 while (head->r.w_pos) { 214 const char *w = head->r.w[0]; 215 size_t len = strlen(w); 216 if (len) { 217 if (len > head->read_user_buf_avail) 218 len = head->read_user_buf_avail; 219 if (!len) 220 return false; 221 if (copy_to_user(head->read_user_buf, w, len)) 222 return false; 223 head->read_user_buf_avail -= len; 224 head->read_user_buf += len; 225 w += len; 226 } 227 head->r.w[0] = w; 228 if (*w) 229 return false; 230 /* Add '\0' for audit logs and query. */ 231 if (head->poll) { 232 if (!head->read_user_buf_avail || 233 copy_to_user(head->read_user_buf, "", 1)) 234 return false; 235 head->read_user_buf_avail--; 236 head->read_user_buf++; 237 } 238 head->r.w_pos--; 239 for (len = 0; len < head->r.w_pos; len++) 240 head->r.w[len] = head->r.w[len + 1]; 241 } 242 head->r.avail = 0; 243 return true; 244} 245 246/** 247 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure. 248 * 249 * @head: Pointer to "struct tomoyo_io_buffer". 250 * @string: String to print. 251 * 252 * Note that @string has to be kept valid until @head is kfree()d. 253 * This means that char[] allocated on stack memory cannot be passed to 254 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory. 255 */ 256static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string) 257{ 258 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) { 259 head->r.w[head->r.w_pos++] = string; 260 tomoyo_flush(head); 261 } else 262 WARN_ON(1); 263} 264 265/** 266 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure. 267 * 268 * @head: Pointer to "struct tomoyo_io_buffer". 269 * @fmt: The printf()'s format string, followed by parameters. 270 */ 271void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 272{ 273 va_list args; 274 size_t len; 275 size_t pos = head->r.avail; 276 int size = head->readbuf_size - pos; 277 if (size <= 0) 278 return; 279 va_start(args, fmt); 280 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1; 281 va_end(args); 282 if (pos + len >= head->readbuf_size) { 283 WARN_ON(1); 284 return; 285 } 286 head->r.avail += len; 287 tomoyo_set_string(head, head->read_buf + pos); 288} 289 290/** 291 * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure. 292 * 293 * @head: Pointer to "struct tomoyo_io_buffer". 294 * 295 * Returns nothing. 296 */ 297static void tomoyo_set_space(struct tomoyo_io_buffer *head) 298{ 299 tomoyo_set_string(head, " "); 300} 301 302/** 303 * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure. 304 * 305 * @head: Pointer to "struct tomoyo_io_buffer". 306 * 307 * Returns nothing. 308 */ 309static bool tomoyo_set_lf(struct tomoyo_io_buffer *head) 310{ 311 tomoyo_set_string(head, "\n"); 312 return !head->r.w_pos; 313} 314 315/** 316 * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure. 317 * 318 * @head: Pointer to "struct tomoyo_io_buffer". 319 * 320 * Returns nothing. 321 */ 322static void tomoyo_set_slash(struct tomoyo_io_buffer *head) 323{ 324 tomoyo_set_string(head, "/"); 325} 326 327/* List of namespaces. */ 328LIST_HEAD(tomoyo_namespace_list); 329/* True if namespace other than tomoyo_kernel_namespace is defined. */ 330static bool tomoyo_namespace_enabled; 331 332/** 333 * tomoyo_init_policy_namespace - Initialize namespace. 334 * 335 * @ns: Pointer to "struct tomoyo_policy_namespace". 336 * 337 * Returns nothing. 338 */ 339void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) 340{ 341 unsigned int idx; 342 for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++) 343 INIT_LIST_HEAD(&ns->acl_group[idx]); 344 for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) 345 INIT_LIST_HEAD(&ns->group_list[idx]); 346 for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) 347 INIT_LIST_HEAD(&ns->policy_list[idx]); 348 ns->profile_version = 20100903; 349 tomoyo_namespace_enabled = !list_empty(&tomoyo_namespace_list); 350 list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list); 351} 352 353/** 354 * tomoyo_print_namespace - Print namespace header. 355 * 356 * @head: Pointer to "struct tomoyo_io_buffer". 357 * 358 * Returns nothing. 359 */ 360static void tomoyo_print_namespace(struct tomoyo_io_buffer *head) 361{ 362 if (!tomoyo_namespace_enabled) 363 return; 364 tomoyo_set_string(head, 365 container_of(head->r.ns, 366 struct tomoyo_policy_namespace, 367 namespace_list)->name); 368 tomoyo_set_space(head); 369} 370 371/** 372 * tomoyo_print_name_union - Print a tomoyo_name_union. 373 * 374 * @head: Pointer to "struct tomoyo_io_buffer". 375 * @ptr: Pointer to "struct tomoyo_name_union". 376 */ 377static void tomoyo_print_name_union(struct tomoyo_io_buffer *head, 378 const struct tomoyo_name_union *ptr) 379{ 380 tomoyo_set_space(head); 381 if (ptr->group) { 382 tomoyo_set_string(head, "@"); 383 tomoyo_set_string(head, ptr->group->group_name->name); 384 } else { 385 tomoyo_set_string(head, ptr->filename->name); 386 } 387} 388 389/** 390 * tomoyo_print_name_union_quoted - Print a tomoyo_name_union with a quote. 391 * 392 * @head: Pointer to "struct tomoyo_io_buffer". 393 * @ptr: Pointer to "struct tomoyo_name_union". 394 * 395 * Returns nothing. 396 */ 397static void tomoyo_print_name_union_quoted(struct tomoyo_io_buffer *head, 398 const struct tomoyo_name_union *ptr) 399{ 400 if (ptr->group) { 401 tomoyo_set_string(head, "@"); 402 tomoyo_set_string(head, ptr->group->group_name->name); 403 } else { 404 tomoyo_set_string(head, "\""); 405 tomoyo_set_string(head, ptr->filename->name); 406 tomoyo_set_string(head, "\""); 407 } 408} 409 410/** 411 * tomoyo_print_number_union_nospace - Print a tomoyo_number_union without a space. 412 * 413 * @head: Pointer to "struct tomoyo_io_buffer". 414 * @ptr: Pointer to "struct tomoyo_number_union". 415 * 416 * Returns nothing. 417 */ 418static void tomoyo_print_number_union_nospace 419(struct tomoyo_io_buffer *head, const struct tomoyo_number_union *ptr) 420{ 421 if (ptr->group) { 422 tomoyo_set_string(head, "@"); 423 tomoyo_set_string(head, ptr->group->group_name->name); 424 } else { 425 int i; 426 unsigned long min = ptr->values[0]; 427 const unsigned long max = ptr->values[1]; 428 u8 min_type = ptr->value_type[0]; 429 const u8 max_type = ptr->value_type[1]; 430 char buffer[128]; 431 buffer[0] = '\0'; 432 for (i = 0; i < 2; i++) { 433 switch (min_type) { 434 case TOMOYO_VALUE_TYPE_HEXADECIMAL: 435 tomoyo_addprintf(buffer, sizeof(buffer), 436 "0x%lX", min); 437 break; 438 case TOMOYO_VALUE_TYPE_OCTAL: 439 tomoyo_addprintf(buffer, sizeof(buffer), 440 "0%lo", min); 441 break; 442 default: 443 tomoyo_addprintf(buffer, sizeof(buffer), "%lu", 444 min); 445 break; 446 } 447 if (min == max && min_type == max_type) 448 break; 449 tomoyo_addprintf(buffer, sizeof(buffer), "-"); 450 min_type = max_type; 451 min = max; 452 } 453 tomoyo_io_printf(head, "%s", buffer); 454 } 455} 456 457/** 458 * tomoyo_print_number_union - Print a tomoyo_number_union. 459 * 460 * @head: Pointer to "struct tomoyo_io_buffer". 461 * @ptr: Pointer to "struct tomoyo_number_union". 462 * 463 * Returns nothing. 464 */ 465static void tomoyo_print_number_union(struct tomoyo_io_buffer *head, 466 const struct tomoyo_number_union *ptr) 467{ 468 tomoyo_set_space(head); 469 tomoyo_print_number_union_nospace(head, ptr); 470} 471 472/** 473 * tomoyo_assign_profile - Create a new profile. 474 * 475 * @ns: Pointer to "struct tomoyo_policy_namespace". 476 * @profile: Profile number to create. 477 * 478 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. 479 */ 480static struct tomoyo_profile *tomoyo_assign_profile 481(struct tomoyo_policy_namespace *ns, const unsigned int profile) 482{ 483 struct tomoyo_profile *ptr; 484 struct tomoyo_profile *entry; 485 if (profile >= TOMOYO_MAX_PROFILES) 486 return NULL; 487 ptr = ns->profile_ptr[profile]; 488 if (ptr) 489 return ptr; 490 entry = kzalloc(sizeof(*entry), GFP_NOFS); 491 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 492 goto out; 493 ptr = ns->profile_ptr[profile]; 494 if (!ptr && tomoyo_memory_ok(entry)) { 495 ptr = entry; 496 ptr->default_config = TOMOYO_CONFIG_DISABLED | 497 TOMOYO_CONFIG_WANT_GRANT_LOG | 498 TOMOYO_CONFIG_WANT_REJECT_LOG; 499 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT, 500 sizeof(ptr->config)); 501 ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] = 1024; 502 ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 2048; 503 mb(); /* Avoid out-of-order execution. */ 504 ns->profile_ptr[profile] = ptr; 505 entry = NULL; 506 } 507 mutex_unlock(&tomoyo_policy_lock); 508 out: 509 kfree(entry); 510 return ptr; 511} 512 513/** 514 * tomoyo_profile - Find a profile. 515 * 516 * @ns: Pointer to "struct tomoyo_policy_namespace". 517 * @profile: Profile number to find. 518 * 519 * Returns pointer to "struct tomoyo_profile". 520 */ 521struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, 522 const u8 profile) 523{ 524 static struct tomoyo_profile tomoyo_null_profile; 525 struct tomoyo_profile *ptr = ns->profile_ptr[profile]; 526 if (!ptr) 527 ptr = &tomoyo_null_profile; 528 return ptr; 529} 530 531/** 532 * tomoyo_find_yesno - Find values for specified keyword. 533 * 534 * @string: String to check. 535 * @find: Name of keyword. 536 * 537 * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise. 538 */ 539static s8 tomoyo_find_yesno(const char *string, const char *find) 540{ 541 const char *cp = strstr(string, find); 542 if (cp) { 543 cp += strlen(find); 544 if (!strncmp(cp, "=yes", 4)) 545 return 1; 546 else if (!strncmp(cp, "=no", 3)) 547 return 0; 548 } 549 return -1; 550} 551 552/** 553 * tomoyo_set_uint - Set value for specified preference. 554 * 555 * @i: Pointer to "unsigned int". 556 * @string: String to check. 557 * @find: Name of keyword. 558 * 559 * Returns nothing. 560 */ 561static void tomoyo_set_uint(unsigned int *i, const char *string, 562 const char *find) 563{ 564 const char *cp = strstr(string, find); 565 if (cp) 566 sscanf(cp + strlen(find), "=%u", i); 567} 568 569/** 570 * tomoyo_set_mode - Set mode for specified profile. 571 * 572 * @name: Name of functionality. 573 * @value: Mode for @name. 574 * @profile: Pointer to "struct tomoyo_profile". 575 * 576 * Returns 0 on success, negative value otherwise. 577 */ 578static int tomoyo_set_mode(char *name, const char *value, 579 struct tomoyo_profile *profile) 580{ 581 u8 i; 582 u8 config; 583 if (!strcmp(name, "CONFIG")) { 584 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX; 585 config = profile->default_config; 586 } else if (tomoyo_str_starts(&name, "CONFIG::")) { 587 config = 0; 588 for (i = 0; i < TOMOYO_MAX_MAC_INDEX 589 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) { 590 int len = 0; 591 if (i < TOMOYO_MAX_MAC_INDEX) { 592 const u8 c = tomoyo_index2category[i]; 593 const char *category = 594 tomoyo_category_keywords[c]; 595 len = strlen(category); 596 if (strncmp(name, category, len) || 597 name[len++] != ':' || name[len++] != ':') 598 continue; 599 } 600 if (strcmp(name + len, tomoyo_mac_keywords[i])) 601 continue; 602 config = profile->config[i]; 603 break; 604 } 605 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 606 return -EINVAL; 607 } else { 608 return -EINVAL; 609 } 610 if (strstr(value, "use_default")) { 611 config = TOMOYO_CONFIG_USE_DEFAULT; 612 } else { 613 u8 mode; 614 for (mode = 0; mode < 4; mode++) 615 if (strstr(value, tomoyo_mode[mode])) 616 /* 617 * Update lower 3 bits in order to distinguish 618 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'. 619 */ 620 config = (config & ~7) | mode; 621 if (config != TOMOYO_CONFIG_USE_DEFAULT) { 622 switch (tomoyo_find_yesno(value, "grant_log")) { 623 case 1: 624 config |= TOMOYO_CONFIG_WANT_GRANT_LOG; 625 break; 626 case 0: 627 config &= ~TOMOYO_CONFIG_WANT_GRANT_LOG; 628 break; 629 } 630 switch (tomoyo_find_yesno(value, "reject_log")) { 631 case 1: 632 config |= TOMOYO_CONFIG_WANT_REJECT_LOG; 633 break; 634 case 0: 635 config &= ~TOMOYO_CONFIG_WANT_REJECT_LOG; 636 break; 637 } 638 } 639 } 640 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 641 profile->config[i] = config; 642 else if (config != TOMOYO_CONFIG_USE_DEFAULT) 643 profile->default_config = config; 644 return 0; 645} 646 647/** 648 * tomoyo_write_profile - Write profile table. 649 * 650 * @head: Pointer to "struct tomoyo_io_buffer". 651 * 652 * Returns 0 on success, negative value otherwise. 653 */ 654static int tomoyo_write_profile(struct tomoyo_io_buffer *head) 655{ 656 char *data = head->write_buf; 657 unsigned int i; 658 char *cp; 659 struct tomoyo_profile *profile; 660 if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version) 661 == 1) 662 return 0; 663 i = simple_strtoul(data, &cp, 10); 664 if (*cp != '-') 665 return -EINVAL; 666 data = cp + 1; 667 profile = tomoyo_assign_profile(head->w.ns, i); 668 if (!profile) 669 return -EINVAL; 670 cp = strchr(data, '='); 671 if (!cp) 672 return -EINVAL; 673 *cp++ = '\0'; 674 if (!strcmp(data, "COMMENT")) { 675 static DEFINE_SPINLOCK(lock); 676 const struct tomoyo_path_info *new_comment 677 = tomoyo_get_name(cp); 678 const struct tomoyo_path_info *old_comment; 679 if (!new_comment) 680 return -ENOMEM; 681 spin_lock(&lock); 682 old_comment = profile->comment; 683 profile->comment = new_comment; 684 spin_unlock(&lock); 685 tomoyo_put_name(old_comment); 686 return 0; 687 } 688 if (!strcmp(data, "PREFERENCE")) { 689 for (i = 0; i < TOMOYO_MAX_PREF; i++) 690 tomoyo_set_uint(&profile->pref[i], cp, 691 tomoyo_pref_keywords[i]); 692 return 0; 693 } 694 return tomoyo_set_mode(data, cp, profile); 695} 696 697/** 698 * tomoyo_print_config - Print mode for specified functionality. 699 * 700 * @head: Pointer to "struct tomoyo_io_buffer". 701 * @config: Mode for that functionality. 702 * 703 * Returns nothing. 704 * 705 * Caller prints functionality's name. 706 */ 707static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config) 708{ 709 tomoyo_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n", 710 tomoyo_mode[config & 3], 711 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_GRANT_LOG), 712 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_REJECT_LOG)); 713} 714 715/** 716 * tomoyo_read_profile - Read profile table. 717 * 718 * @head: Pointer to "struct tomoyo_io_buffer". 719 * 720 * Returns nothing. 721 */ 722static void tomoyo_read_profile(struct tomoyo_io_buffer *head) 723{ 724 u8 index; 725 struct tomoyo_policy_namespace *ns = 726 container_of(head->r.ns, typeof(*ns), namespace_list); 727 const struct tomoyo_profile *profile; 728 if (head->r.eof) 729 return; 730 next: 731 index = head->r.index; 732 profile = ns->profile_ptr[index]; 733 switch (head->r.step) { 734 case 0: 735 tomoyo_print_namespace(head); 736 tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", 737 ns->profile_version); 738 head->r.step++; 739 break; 740 case 1: 741 for ( ; head->r.index < TOMOYO_MAX_PROFILES; 742 head->r.index++) 743 if (ns->profile_ptr[head->r.index]) 744 break; 745 if (head->r.index == TOMOYO_MAX_PROFILES) 746 return; 747 head->r.step++; 748 break; 749 case 2: 750 { 751 u8 i; 752 const struct tomoyo_path_info *comment = 753 profile->comment; 754 tomoyo_print_namespace(head); 755 tomoyo_io_printf(head, "%u-COMMENT=", index); 756 tomoyo_set_string(head, comment ? comment->name : ""); 757 tomoyo_set_lf(head); 758 tomoyo_io_printf(head, "%u-PREFERENCE={ ", index); 759 for (i = 0; i < TOMOYO_MAX_PREF; i++) 760 tomoyo_io_printf(head, "%s=%u ", 761 tomoyo_pref_keywords[i], 762 profile->pref[i]); 763 tomoyo_set_string(head, "}\n"); 764 head->r.step++; 765 } 766 break; 767 case 3: 768 { 769 tomoyo_print_namespace(head); 770 tomoyo_io_printf(head, "%u-%s", index, "CONFIG"); 771 tomoyo_print_config(head, profile->default_config); 772 head->r.bit = 0; 773 head->r.step++; 774 } 775 break; 776 case 4: 777 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX 778 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) { 779 const u8 i = head->r.bit; 780 const u8 config = profile->config[i]; 781 if (config == TOMOYO_CONFIG_USE_DEFAULT) 782 continue; 783 tomoyo_print_namespace(head); 784 if (i < TOMOYO_MAX_MAC_INDEX) 785 tomoyo_io_printf(head, "%u-CONFIG::%s::%s", 786 index, 787 tomoyo_category_keywords 788 [tomoyo_index2category[i]], 789 tomoyo_mac_keywords[i]); 790 else 791 tomoyo_io_printf(head, "%u-CONFIG::%s", index, 792 tomoyo_mac_keywords[i]); 793 tomoyo_print_config(head, config); 794 head->r.bit++; 795 break; 796 } 797 if (head->r.bit == TOMOYO_MAX_MAC_INDEX 798 + TOMOYO_MAX_MAC_CATEGORY_INDEX) { 799 head->r.index++; 800 head->r.step = 1; 801 } 802 break; 803 } 804 if (tomoyo_flush(head)) 805 goto next; 806} 807 808/** 809 * tomoyo_same_manager - Check for duplicated "struct tomoyo_manager" entry. 810 * 811 * @a: Pointer to "struct tomoyo_acl_head". 812 * @b: Pointer to "struct tomoyo_acl_head". 813 * 814 * Returns true if @a == @b, false otherwise. 815 */ 816static bool tomoyo_same_manager(const struct tomoyo_acl_head *a, 817 const struct tomoyo_acl_head *b) 818{ 819 return container_of(a, struct tomoyo_manager, head)->manager == 820 container_of(b, struct tomoyo_manager, head)->manager; 821} 822 823/** 824 * tomoyo_update_manager_entry - Add a manager entry. 825 * 826 * @manager: The path to manager or the domainnamme. 827 * @is_delete: True if it is a delete request. 828 * 829 * Returns 0 on success, negative value otherwise. 830 * 831 * Caller holds tomoyo_read_lock(). 832 */ 833static int tomoyo_update_manager_entry(const char *manager, 834 const bool is_delete) 835{ 836 struct tomoyo_manager e = { }; 837 struct tomoyo_acl_param param = { 838 /* .ns = &tomoyo_kernel_namespace, */ 839 .is_delete = is_delete, 840 .list = &tomoyo_kernel_namespace. 841 policy_list[TOMOYO_ID_MANAGER], 842 }; 843 int error = is_delete ? -ENOENT : -ENOMEM; 844 if (tomoyo_domain_def(manager)) { 845 if (!tomoyo_correct_domain(manager)) 846 return -EINVAL; 847 e.is_domain = true; 848 } else { 849 if (!tomoyo_correct_path(manager)) 850 return -EINVAL; 851 } 852 e.manager = tomoyo_get_name(manager); 853 if (e.manager) { 854 error = tomoyo_update_policy(&e.head, sizeof(e), ¶m, 855 tomoyo_same_manager); 856 tomoyo_put_name(e.manager); 857 } 858 return error; 859} 860 861/** 862 * tomoyo_write_manager - Write manager policy. 863 * 864 * @head: Pointer to "struct tomoyo_io_buffer". 865 * 866 * Returns 0 on success, negative value otherwise. 867 * 868 * Caller holds tomoyo_read_lock(). 869 */ 870static int tomoyo_write_manager(struct tomoyo_io_buffer *head) 871{ 872 char *data = head->write_buf; 873 874 if (!strcmp(data, "manage_by_non_root")) { 875 tomoyo_manage_by_non_root = !head->w.is_delete; 876 return 0; 877 } 878 return tomoyo_update_manager_entry(data, head->w.is_delete); 879} 880 881/** 882 * tomoyo_read_manager - Read manager policy. 883 * 884 * @head: Pointer to "struct tomoyo_io_buffer". 885 * 886 * Caller holds tomoyo_read_lock(). 887 */ 888static void tomoyo_read_manager(struct tomoyo_io_buffer *head) 889{ 890 if (head->r.eof) 891 return; 892 list_for_each_cookie(head->r.acl, &tomoyo_kernel_namespace. 893 policy_list[TOMOYO_ID_MANAGER]) { 894 struct tomoyo_manager *ptr = 895 list_entry(head->r.acl, typeof(*ptr), head.list); 896 if (ptr->head.is_deleted) 897 continue; 898 if (!tomoyo_flush(head)) 899 return; 900 tomoyo_set_string(head, ptr->manager->name); 901 tomoyo_set_lf(head); 902 } 903 head->r.eof = true; 904} 905 906/** 907 * tomoyo_manager - Check whether the current process is a policy manager. 908 * 909 * Returns true if the current process is permitted to modify policy 910 * via /sys/kernel/security/tomoyo/ interface. 911 * 912 * Caller holds tomoyo_read_lock(). 913 */ 914static bool tomoyo_manager(void) 915{ 916 struct tomoyo_manager *ptr; 917 const char *exe; 918 const struct task_struct *task = current; 919 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 920 bool found = false; 921 922 if (!tomoyo_policy_loaded) 923 return true; 924 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 925 return false; 926 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. 927 policy_list[TOMOYO_ID_MANAGER], head.list) { 928 if (!ptr->head.is_deleted && ptr->is_domain 929 && !tomoyo_pathcmp(domainname, ptr->manager)) { 930 found = true; 931 break; 932 } 933 } 934 if (found) 935 return true; 936 exe = tomoyo_get_exe(); 937 if (!exe) 938 return false; 939 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. 940 policy_list[TOMOYO_ID_MANAGER], head.list) { 941 if (!ptr->head.is_deleted && !ptr->is_domain 942 && !strcmp(exe, ptr->manager->name)) { 943 found = true; 944 break; 945 } 946 } 947 if (!found) { /* Reduce error messages. */ 948 static pid_t last_pid; 949 const pid_t pid = current->pid; 950 if (last_pid != pid) { 951 printk(KERN_WARNING "%s ( %s ) is not permitted to " 952 "update policies.\n", domainname->name, exe); 953 last_pid = pid; 954 } 955 } 956 kfree(exe); 957 return found; 958} 959 960/** 961 * tomoyo_select_domain - Parse select command. 962 * 963 * @head: Pointer to "struct tomoyo_io_buffer". 964 * @data: String to parse. 965 * 966 * Returns true on success, false otherwise. 967 * 968 * Caller holds tomoyo_read_lock(). 969 */ 970static bool tomoyo_select_domain(struct tomoyo_io_buffer *head, 971 const char *data) 972{ 973 unsigned int pid; 974 struct tomoyo_domain_info *domain = NULL; 975 bool global_pid = false; 976 if (strncmp(data, "select ", 7)) 977 return false; 978 data += 7; 979 if (sscanf(data, "pid=%u", &pid) == 1 || 980 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { 981 struct task_struct *p; 982 rcu_read_lock(); 983 read_lock(&tasklist_lock); 984 if (global_pid) 985 p = find_task_by_pid_ns(pid, &init_pid_ns); 986 else 987 p = find_task_by_vpid(pid); 988 if (p) 989 domain = tomoyo_real_domain(p); 990 read_unlock(&tasklist_lock); 991 rcu_read_unlock(); 992 } else if (!strncmp(data, "domain=", 7)) { 993 if (tomoyo_domain_def(data + 7)) 994 domain = tomoyo_find_domain(data + 7); 995 } else 996 return false; 997 head->w.domain = domain; 998 /* Accessing read_buf is safe because head->io_sem is held. */ 999 if (!head->read_buf) 1000 return true; /* Do nothing if open(O_WRONLY). */ 1001 memset(&head->r, 0, sizeof(head->r)); 1002 head->r.print_this_domain_only = true; 1003 if (domain) 1004 head->r.domain = &domain->list; 1005 else 1006 head->r.eof = 1; 1007 tomoyo_io_printf(head, "# select %s\n", data); 1008 if (domain && domain->is_deleted) 1009 tomoyo_io_printf(head, "# This is a deleted domain.\n"); 1010 return true; 1011} 1012 1013/** 1014 * tomoyo_delete_domain - Delete a domain. 1015 * 1016 * @domainname: The name of domain. 1017 * 1018 * Returns 0. 1019 * 1020 * Caller holds tomoyo_read_lock(). 1021 */ 1022static int tomoyo_delete_domain(char *domainname) 1023{ 1024 struct tomoyo_domain_info *domain; 1025 struct tomoyo_path_info name; 1026 1027 name.name = domainname; 1028 tomoyo_fill_path_info(&name); 1029 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 1030 return 0; 1031 /* Is there an active domain? */ 1032 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1033 /* Never delete tomoyo_kernel_domain */ 1034 if (domain == &tomoyo_kernel_domain) 1035 continue; 1036 if (domain->is_deleted || 1037 tomoyo_pathcmp(domain->domainname, &name)) 1038 continue; 1039 domain->is_deleted = true; 1040 break; 1041 } 1042 mutex_unlock(&tomoyo_policy_lock); 1043 return 0; 1044} 1045 1046/** 1047 * tomoyo_write_domain2 - Write domain policy. 1048 * 1049 * @ns: Pointer to "struct tomoyo_policy_namespace". 1050 * @list: Pointer to "struct list_head". 1051 * @data: Policy to be interpreted. 1052 * @is_delete: True if it is a delete request. 1053 * 1054 * Returns 0 on success, negative value otherwise. 1055 * 1056 * Caller holds tomoyo_read_lock(). 1057 */ 1058static int tomoyo_write_domain2(struct tomoyo_policy_namespace *ns, 1059 struct list_head *list, char *data, 1060 const bool is_delete) 1061{ 1062 struct tomoyo_acl_param param = { 1063 .ns = ns, 1064 .list = list, 1065 .data = data, 1066 .is_delete = is_delete, 1067 }; 1068 static const struct { 1069 const char *keyword; 1070 int (*write) (struct tomoyo_acl_param *); 1071 } tomoyo_callback[4] = { 1072 { "file ", tomoyo_write_file }, 1073 { "network inet ", tomoyo_write_inet_network }, 1074 { "network unix ", tomoyo_write_unix_network }, 1075 { "misc ", tomoyo_write_misc }, 1076 }; 1077 u8 i; 1078 1079 for (i = 0; i < ARRAY_SIZE(tomoyo_callback); i++) { 1080 if (!tomoyo_str_starts(¶m.data, 1081 tomoyo_callback[i].keyword)) 1082 continue; 1083 return tomoyo_callback[i].write(¶m); 1084 } 1085 return -EINVAL; 1086} 1087 1088/* String table for domain flags. */ 1089const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS] = { 1090 [TOMOYO_DIF_QUOTA_WARNED] = "quota_exceeded\n", 1091 [TOMOYO_DIF_TRANSITION_FAILED] = "transition_failed\n", 1092}; 1093 1094/** 1095 * tomoyo_write_domain - Write domain policy. 1096 * 1097 * @head: Pointer to "struct tomoyo_io_buffer". 1098 * 1099 * Returns 0 on success, negative value otherwise. 1100 * 1101 * Caller holds tomoyo_read_lock(). 1102 */ 1103static int tomoyo_write_domain(struct tomoyo_io_buffer *head) 1104{ 1105 char *data = head->write_buf; 1106 struct tomoyo_policy_namespace *ns; 1107 struct tomoyo_domain_info *domain = head->w.domain; 1108 const bool is_delete = head->w.is_delete; 1109 bool is_select = !is_delete && tomoyo_str_starts(&data, "select "); 1110 unsigned int profile; 1111 if (*data == '<') { 1112 domain = NULL; 1113 if (is_delete) 1114 tomoyo_delete_domain(data); 1115 else if (is_select) 1116 domain = tomoyo_find_domain(data); 1117 else 1118 domain = tomoyo_assign_domain(data, false); 1119 head->w.domain = domain; 1120 return 0; 1121 } 1122 if (!domain) 1123 return -EINVAL; 1124 ns = domain->ns; 1125 if (sscanf(data, "use_profile %u", &profile) == 1 1126 && profile < TOMOYO_MAX_PROFILES) { 1127 if (!tomoyo_policy_loaded || ns->profile_ptr[profile]) 1128 domain->profile = (u8) profile; 1129 return 0; 1130 } 1131 if (sscanf(data, "use_group %u\n", &profile) == 1 1132 && profile < TOMOYO_MAX_ACL_GROUPS) { 1133 if (!is_delete) 1134 domain->group = (u8) profile; 1135 return 0; 1136 } 1137 for (profile = 0; profile < TOMOYO_MAX_DOMAIN_INFO_FLAGS; profile++) { 1138 const char *cp = tomoyo_dif[profile]; 1139 if (strncmp(data, cp, strlen(cp) - 1)) 1140 continue; 1141 domain->flags[profile] = !is_delete; 1142 return 0; 1143 } 1144 return tomoyo_write_domain2(ns, &domain->acl_info_list, data, 1145 is_delete); 1146} 1147 1148/** 1149 * tomoyo_print_condition - Print condition part. 1150 * 1151 * @head: Pointer to "struct tomoyo_io_buffer". 1152 * @cond: Pointer to "struct tomoyo_condition". 1153 * 1154 * Returns true on success, false otherwise. 1155 */ 1156static bool tomoyo_print_condition(struct tomoyo_io_buffer *head, 1157 const struct tomoyo_condition *cond) 1158{ 1159 switch (head->r.cond_step) { 1160 case 0: 1161 head->r.cond_index = 0; 1162 head->r.cond_step++; 1163 /* fall through */ 1164 case 1: 1165 { 1166 const u16 condc = cond->condc; 1167 const struct tomoyo_condition_element *condp = 1168 (typeof(condp)) (cond + 1); 1169 const struct tomoyo_number_union *numbers_p = 1170 (typeof(numbers_p)) (condp + condc); 1171 const struct tomoyo_name_union *names_p = 1172 (typeof(names_p)) 1173 (numbers_p + cond->numbers_count); 1174 const struct tomoyo_argv *argv = 1175 (typeof(argv)) (names_p + cond->names_count); 1176 const struct tomoyo_envp *envp = 1177 (typeof(envp)) (argv + cond->argc); 1178 u16 skip; 1179 for (skip = 0; skip < head->r.cond_index; skip++) { 1180 const u8 left = condp->left; 1181 const u8 right = condp->right; 1182 condp++; 1183 switch (left) { 1184 case TOMOYO_ARGV_ENTRY: 1185 argv++; 1186 continue; 1187 case TOMOYO_ENVP_ENTRY: 1188 envp++; 1189 continue; 1190 case TOMOYO_NUMBER_UNION: 1191 numbers_p++; 1192 break; 1193 } 1194 switch (right) { 1195 case TOMOYO_NAME_UNION: 1196 names_p++; 1197 break; 1198 case TOMOYO_NUMBER_UNION: 1199 numbers_p++; 1200 break; 1201 } 1202 } 1203 while (head->r.cond_index < condc) { 1204 const u8 match = condp->equals; 1205 const u8 left = condp->left; 1206 const u8 right = condp->right; 1207 if (!tomoyo_flush(head)) 1208 return false; 1209 condp++; 1210 head->r.cond_index++; 1211 tomoyo_set_space(head); 1212 switch (left) { 1213 case TOMOYO_ARGV_ENTRY: 1214 tomoyo_io_printf(head, 1215 "exec.argv[%lu]%s=\"", 1216 argv->index, argv-> 1217 is_not ? "!" : ""); 1218 tomoyo_set_string(head, 1219 argv->value->name); 1220 tomoyo_set_string(head, "\""); 1221 argv++; 1222 continue; 1223 case TOMOYO_ENVP_ENTRY: 1224 tomoyo_set_string(head, 1225 "exec.envp[\""); 1226 tomoyo_set_string(head, 1227 envp->name->name); 1228 tomoyo_io_printf(head, "\"]%s=", envp-> 1229 is_not ? "!" : ""); 1230 if (envp->value) { 1231 tomoyo_set_string(head, "\""); 1232 tomoyo_set_string(head, envp-> 1233 value->name); 1234 tomoyo_set_string(head, "\""); 1235 } else { 1236 tomoyo_set_string(head, 1237 "NULL"); 1238 } 1239 envp++; 1240 continue; 1241 case TOMOYO_NUMBER_UNION: 1242 tomoyo_print_number_union_nospace 1243 (head, numbers_p++); 1244 break; 1245 default: 1246 tomoyo_set_string(head, 1247 tomoyo_condition_keyword[left]); 1248 break; 1249 } 1250 tomoyo_set_string(head, match ? "=" : "!="); 1251 switch (right) { 1252 case TOMOYO_NAME_UNION: 1253 tomoyo_print_name_union_quoted 1254 (head, names_p++); 1255 break; 1256 case TOMOYO_NUMBER_UNION: 1257 tomoyo_print_number_union_nospace 1258 (head, numbers_p++); 1259 break; 1260 default: 1261 tomoyo_set_string(head, 1262 tomoyo_condition_keyword[right]); 1263 break; 1264 } 1265 } 1266 } 1267 head->r.cond_step++; 1268 /* fall through */ 1269 case 2: 1270 if (!tomoyo_flush(head)) 1271 break; 1272 head->r.cond_step++; 1273 /* fall through */ 1274 case 3: 1275 if (cond->grant_log != TOMOYO_GRANTLOG_AUTO) 1276 tomoyo_io_printf(head, " grant_log=%s", 1277 tomoyo_yesno(cond->grant_log == 1278 TOMOYO_GRANTLOG_YES)); 1279 tomoyo_set_lf(head); 1280 return true; 1281 } 1282 return false; 1283} 1284 1285/** 1286 * tomoyo_set_group - Print "acl_group " header keyword and category name. 1287 * 1288 * @head: Pointer to "struct tomoyo_io_buffer". 1289 * @category: Category name. 1290 * 1291 * Returns nothing. 1292 */ 1293static void tomoyo_set_group(struct tomoyo_io_buffer *head, 1294 const char *category) 1295{ 1296 if (head->type == TOMOYO_EXCEPTIONPOLICY) { 1297 tomoyo_print_namespace(head); 1298 tomoyo_io_printf(head, "acl_group %u ", 1299 head->r.acl_group_index); 1300 } 1301 tomoyo_set_string(head, category); 1302} 1303 1304/** 1305 * tomoyo_print_entry - Print an ACL entry. 1306 * 1307 * @head: Pointer to "struct tomoyo_io_buffer". 1308 * @acl: Pointer to an ACL entry. 1309 * 1310 * Returns true on success, false otherwise. 1311 */ 1312static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, 1313 struct tomoyo_acl_info *acl) 1314{ 1315 const u8 acl_type = acl->type; 1316 bool first = true; 1317 u8 bit; 1318 1319 if (head->r.print_cond_part) 1320 goto print_cond_part; 1321 if (acl->is_deleted) 1322 return true; 1323 if (!tomoyo_flush(head)) 1324 return false; 1325 else if (acl_type == TOMOYO_TYPE_PATH_ACL) { 1326 struct tomoyo_path_acl *ptr = 1327 container_of(acl, typeof(*ptr), head); 1328 const u16 perm = ptr->perm; 1329 for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { 1330 if (!(perm & (1 << bit))) 1331 continue; 1332 if (head->r.print_transition_related_only && 1333 bit != TOMOYO_TYPE_EXECUTE) 1334 continue; 1335 if (first) { 1336 tomoyo_set_group(head, "file "); 1337 first = false; 1338 } else { 1339 tomoyo_set_slash(head); 1340 } 1341 tomoyo_set_string(head, tomoyo_path_keyword[bit]); 1342 } 1343 if (first) 1344 return true; 1345 tomoyo_print_name_union(head, &ptr->name); 1346 } else if (head->r.print_transition_related_only) { 1347 return true; 1348 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { 1349 struct tomoyo_path2_acl *ptr = 1350 container_of(acl, typeof(*ptr), head); 1351 const u8 perm = ptr->perm; 1352 for (bit = 0; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) { 1353 if (!(perm & (1 << bit))) 1354 continue; 1355 if (first) { 1356 tomoyo_set_group(head, "file "); 1357 first = false; 1358 } else { 1359 tomoyo_set_slash(head); 1360 } 1361 tomoyo_set_string(head, tomoyo_mac_keywords 1362 [tomoyo_pp2mac[bit]]); 1363 } 1364 if (first) 1365 return true; 1366 tomoyo_print_name_union(head, &ptr->name1); 1367 tomoyo_print_name_union(head, &ptr->name2); 1368 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) { 1369 struct tomoyo_path_number_acl *ptr = 1370 container_of(acl, typeof(*ptr), head); 1371 const u8 perm = ptr->perm; 1372 for (bit = 0; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; bit++) { 1373 if (!(perm & (1 << bit))) 1374 continue; 1375 if (first) { 1376 tomoyo_set_group(head, "file "); 1377 first = false; 1378 } else { 1379 tomoyo_set_slash(head); 1380 } 1381 tomoyo_set_string(head, tomoyo_mac_keywords 1382 [tomoyo_pn2mac[bit]]); 1383 } 1384 if (first) 1385 return true; 1386 tomoyo_print_name_union(head, &ptr->name); 1387 tomoyo_print_number_union(head, &ptr->number); 1388 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) { 1389 struct tomoyo_mkdev_acl *ptr = 1390 container_of(acl, typeof(*ptr), head); 1391 const u8 perm = ptr->perm; 1392 for (bit = 0; bit < TOMOYO_MAX_MKDEV_OPERATION; bit++) { 1393 if (!(perm & (1 << bit))) 1394 continue; 1395 if (first) { 1396 tomoyo_set_group(head, "file "); 1397 first = false; 1398 } else { 1399 tomoyo_set_slash(head); 1400 } 1401 tomoyo_set_string(head, tomoyo_mac_keywords 1402 [tomoyo_pnnn2mac[bit]]); 1403 } 1404 if (first) 1405 return true; 1406 tomoyo_print_name_union(head, &ptr->name); 1407 tomoyo_print_number_union(head, &ptr->mode); 1408 tomoyo_print_number_union(head, &ptr->major); 1409 tomoyo_print_number_union(head, &ptr->minor); 1410 } else if (acl_type == TOMOYO_TYPE_INET_ACL) { 1411 struct tomoyo_inet_acl *ptr = 1412 container_of(acl, typeof(*ptr), head); 1413 const u8 perm = ptr->perm; 1414 1415 for (bit = 0; bit < TOMOYO_MAX_NETWORK_OPERATION; bit++) { 1416 if (!(perm & (1 << bit))) 1417 continue; 1418 if (first) { 1419 tomoyo_set_group(head, "network inet "); 1420 tomoyo_set_string(head, tomoyo_proto_keyword 1421 [ptr->protocol]); 1422 tomoyo_set_space(head); 1423 first = false; 1424 } else { 1425 tomoyo_set_slash(head); 1426 } 1427 tomoyo_set_string(head, tomoyo_socket_keyword[bit]); 1428 } 1429 if (first) 1430 return true; 1431 tomoyo_set_space(head); 1432 if (ptr->address.group) { 1433 tomoyo_set_string(head, "@"); 1434 tomoyo_set_string(head, ptr->address.group->group_name 1435 ->name); 1436 } else { 1437 char buf[128]; 1438 tomoyo_print_ip(buf, sizeof(buf), &ptr->address); 1439 tomoyo_io_printf(head, "%s", buf); 1440 } 1441 tomoyo_print_number_union(head, &ptr->port); 1442 } else if (acl_type == TOMOYO_TYPE_UNIX_ACL) { 1443 struct tomoyo_unix_acl *ptr = 1444 container_of(acl, typeof(*ptr), head); 1445 const u8 perm = ptr->perm; 1446 1447 for (bit = 0; bit < TOMOYO_MAX_NETWORK_OPERATION; bit++) { 1448 if (!(perm & (1 << bit))) 1449 continue; 1450 if (first) { 1451 tomoyo_set_group(head, "network unix "); 1452 tomoyo_set_string(head, tomoyo_proto_keyword 1453 [ptr->protocol]); 1454 tomoyo_set_space(head); 1455 first = false; 1456 } else { 1457 tomoyo_set_slash(head); 1458 } 1459 tomoyo_set_string(head, tomoyo_socket_keyword[bit]); 1460 } 1461 if (first) 1462 return true; 1463 tomoyo_print_name_union(head, &ptr->name); 1464 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) { 1465 struct tomoyo_mount_acl *ptr = 1466 container_of(acl, typeof(*ptr), head); 1467 tomoyo_set_group(head, "file mount"); 1468 tomoyo_print_name_union(head, &ptr->dev_name); 1469 tomoyo_print_name_union(head, &ptr->dir_name); 1470 tomoyo_print_name_union(head, &ptr->fs_type); 1471 tomoyo_print_number_union(head, &ptr->flags); 1472 } else if (acl_type == TOMOYO_TYPE_ENV_ACL) { 1473 struct tomoyo_env_acl *ptr = 1474 container_of(acl, typeof(*ptr), head); 1475 1476 tomoyo_set_group(head, "misc env "); 1477 tomoyo_set_string(head, ptr->env->name); 1478 } 1479 if (acl->cond) { 1480 head->r.print_cond_part = true; 1481 head->r.cond_step = 0; 1482 if (!tomoyo_flush(head)) 1483 return false; 1484print_cond_part: 1485 if (!tomoyo_print_condition(head, acl->cond)) 1486 return false; 1487 head->r.print_cond_part = false; 1488 } else { 1489 tomoyo_set_lf(head); 1490 } 1491 return true; 1492} 1493 1494/** 1495 * tomoyo_read_domain2 - Read domain policy. 1496 * 1497 * @head: Pointer to "struct tomoyo_io_buffer". 1498 * @list: Pointer to "struct list_head". 1499 * 1500 * Caller holds tomoyo_read_lock(). 1501 * 1502 * Returns true on success, false otherwise. 1503 */ 1504static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head, 1505 struct list_head *list) 1506{ 1507 list_for_each_cookie(head->r.acl, list) { 1508 struct tomoyo_acl_info *ptr = 1509 list_entry(head->r.acl, typeof(*ptr), list); 1510 if (!tomoyo_print_entry(head, ptr)) 1511 return false; 1512 } 1513 head->r.acl = NULL; 1514 return true; 1515} 1516 1517/** 1518 * tomoyo_read_domain - Read domain policy. 1519 * 1520 * @head: Pointer to "struct tomoyo_io_buffer". 1521 * 1522 * Caller holds tomoyo_read_lock(). 1523 */ 1524static void tomoyo_read_domain(struct tomoyo_io_buffer *head) 1525{ 1526 if (head->r.eof) 1527 return; 1528 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { 1529 struct tomoyo_domain_info *domain = 1530 list_entry(head->r.domain, typeof(*domain), list); 1531 switch (head->r.step) { 1532 u8 i; 1533 case 0: 1534 if (domain->is_deleted && 1535 !head->r.print_this_domain_only) 1536 continue; 1537 /* Print domainname and flags. */ 1538 tomoyo_set_string(head, domain->domainname->name); 1539 tomoyo_set_lf(head); 1540 tomoyo_io_printf(head, "use_profile %u\n", 1541 domain->profile); 1542 tomoyo_io_printf(head, "use_group %u\n", 1543 domain->group); 1544 for (i = 0; i < TOMOYO_MAX_DOMAIN_INFO_FLAGS; i++) 1545 if (domain->flags[i]) 1546 tomoyo_set_string(head, tomoyo_dif[i]); 1547 head->r.step++; 1548 tomoyo_set_lf(head); 1549 /* fall through */ 1550 case 1: 1551 if (!tomoyo_read_domain2(head, &domain->acl_info_list)) 1552 return; 1553 head->r.step++; 1554 if (!tomoyo_set_lf(head)) 1555 return; 1556 /* fall through */ 1557 case 2: 1558 head->r.step = 0; 1559 if (head->r.print_this_domain_only) 1560 goto done; 1561 } 1562 } 1563 done: 1564 head->r.eof = true; 1565} 1566 1567/** 1568 * tomoyo_write_pid: Specify PID to obtain domainname. 1569 * 1570 * @head: Pointer to "struct tomoyo_io_buffer". 1571 * 1572 * Returns 0. 1573 */ 1574static int tomoyo_write_pid(struct tomoyo_io_buffer *head) 1575{ 1576 head->r.eof = false; 1577 return 0; 1578} 1579 1580/** 1581 * tomoyo_read_pid - Get domainname of the specified PID. 1582 * 1583 * @head: Pointer to "struct tomoyo_io_buffer". 1584 * 1585 * Returns the domainname which the specified PID is in on success, 1586 * empty string otherwise. 1587 * The PID is specified by tomoyo_write_pid() so that the user can obtain 1588 * using read()/write() interface rather than sysctl() interface. 1589 */ 1590static void tomoyo_read_pid(struct tomoyo_io_buffer *head) 1591{ 1592 char *buf = head->write_buf; 1593 bool global_pid = false; 1594 unsigned int pid; 1595 struct task_struct *p; 1596 struct tomoyo_domain_info *domain = NULL; 1597 1598 /* Accessing write_buf is safe because head->io_sem is held. */ 1599 if (!buf) { 1600 head->r.eof = true; 1601 return; /* Do nothing if open(O_RDONLY). */ 1602 } 1603 if (head->r.w_pos || head->r.eof) 1604 return; 1605 head->r.eof = true; 1606 if (tomoyo_str_starts(&buf, "global-pid ")) 1607 global_pid = true; 1608 pid = (unsigned int) simple_strtoul(buf, NULL, 10); 1609 rcu_read_lock(); 1610 read_lock(&tasklist_lock); 1611 if (global_pid) 1612 p = find_task_by_pid_ns(pid, &init_pid_ns); 1613 else 1614 p = find_task_by_vpid(pid); 1615 if (p) 1616 domain = tomoyo_real_domain(p); 1617 read_unlock(&tasklist_lock); 1618 rcu_read_unlock(); 1619 if (!domain) 1620 return; 1621 tomoyo_io_printf(head, "%u %u ", pid, domain->profile); 1622 tomoyo_set_string(head, domain->domainname->name); 1623} 1624 1625/* String table for domain transition control keywords. */ 1626static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { 1627 [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ", 1628 [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ", 1629 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ", 1630 [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ", 1631 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain ", 1632 [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ", 1633}; 1634 1635/* String table for grouping keywords. */ 1636static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { 1637 [TOMOYO_PATH_GROUP] = "path_group ", 1638 [TOMOYO_NUMBER_GROUP] = "number_group ", 1639 [TOMOYO_ADDRESS_GROUP] = "address_group ", 1640}; 1641 1642/** 1643 * tomoyo_write_exception - Write exception policy. 1644 * 1645 * @head: Pointer to "struct tomoyo_io_buffer". 1646 * 1647 * Returns 0 on success, negative value otherwise. 1648 * 1649 * Caller holds tomoyo_read_lock(). 1650 */ 1651static int tomoyo_write_exception(struct tomoyo_io_buffer *head) 1652{ 1653 const bool is_delete = head->w.is_delete; 1654 struct tomoyo_acl_param param = { 1655 .ns = head->w.ns, 1656 .is_delete = is_delete, 1657 .data = head->write_buf, 1658 }; 1659 u8 i; 1660 if (tomoyo_str_starts(¶m.data, "aggregator ")) 1661 return tomoyo_write_aggregator(¶m); 1662 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) 1663 if (tomoyo_str_starts(¶m.data, tomoyo_transition_type[i])) 1664 return tomoyo_write_transition_control(¶m, i); 1665 for (i = 0; i < TOMOYO_MAX_GROUP; i++) 1666 if (tomoyo_str_starts(¶m.data, tomoyo_group_name[i])) 1667 return tomoyo_write_group(¶m, i); 1668 if (tomoyo_str_starts(¶m.data, "acl_group ")) { 1669 unsigned int group; 1670 char *data; 1671 group = simple_strtoul(param.data, &data, 10); 1672 if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ') 1673 return tomoyo_write_domain2 1674 (head->w.ns, &head->w.ns->acl_group[group], 1675 data, is_delete); 1676 } 1677 return -EINVAL; 1678} 1679 1680/** 1681 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group"/"struct tomoyo_address_group" list. 1682 * 1683 * @head: Pointer to "struct tomoyo_io_buffer". 1684 * @idx: Index number. 1685 * 1686 * Returns true on success, false otherwise. 1687 * 1688 * Caller holds tomoyo_read_lock(). 1689 */ 1690static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) 1691{ 1692 struct tomoyo_policy_namespace *ns = 1693 container_of(head->r.ns, typeof(*ns), namespace_list); 1694 struct list_head *list = &ns->group_list[idx]; 1695 list_for_each_cookie(head->r.group, list) { 1696 struct tomoyo_group *group = 1697 list_entry(head->r.group, typeof(*group), head.list); 1698 list_for_each_cookie(head->r.acl, &group->member_list) { 1699 struct tomoyo_acl_head *ptr = 1700 list_entry(head->r.acl, typeof(*ptr), list); 1701 if (ptr->is_deleted) 1702 continue; 1703 if (!tomoyo_flush(head)) 1704 return false; 1705 tomoyo_print_namespace(head); 1706 tomoyo_set_string(head, tomoyo_group_name[idx]); 1707 tomoyo_set_string(head, group->group_name->name); 1708 if (idx == TOMOYO_PATH_GROUP) { 1709 tomoyo_set_space(head); 1710 tomoyo_set_string(head, container_of 1711 (ptr, struct tomoyo_path_group, 1712 head)->member_name->name); 1713 } else if (idx == TOMOYO_NUMBER_GROUP) { 1714 tomoyo_print_number_union(head, &container_of 1715 (ptr, 1716 struct tomoyo_number_group, 1717 head)->number); 1718 } else if (idx == TOMOYO_ADDRESS_GROUP) { 1719 char buffer[128]; 1720 1721 struct tomoyo_address_group *member = 1722 container_of(ptr, typeof(*member), 1723 head); 1724 tomoyo_print_ip(buffer, sizeof(buffer), 1725 &member->address); 1726 tomoyo_io_printf(head, " %s", buffer); 1727 } 1728 tomoyo_set_lf(head); 1729 } 1730 head->r.acl = NULL; 1731 } 1732 head->r.group = NULL; 1733 return true; 1734} 1735 1736/** 1737 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list. 1738 * 1739 * @head: Pointer to "struct tomoyo_io_buffer". 1740 * @idx: Index number. 1741 * 1742 * Returns true on success, false otherwise. 1743 * 1744 * Caller holds tomoyo_read_lock(). 1745 */ 1746static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) 1747{ 1748 struct tomoyo_policy_namespace *ns = 1749 container_of(head->r.ns, typeof(*ns), namespace_list); 1750 struct list_head *list = &ns->policy_list[idx]; 1751 list_for_each_cookie(head->r.acl, list) { 1752 struct tomoyo_acl_head *acl = 1753 container_of(head->r.acl, typeof(*acl), list); 1754 if (acl->is_deleted) 1755 continue; 1756 if (!tomoyo_flush(head)) 1757 return false; 1758 switch (idx) { 1759 case TOMOYO_ID_TRANSITION_CONTROL: 1760 { 1761 struct tomoyo_transition_control *ptr = 1762 container_of(acl, typeof(*ptr), head); 1763 tomoyo_print_namespace(head); 1764 tomoyo_set_string(head, tomoyo_transition_type 1765 [ptr->type]); 1766 tomoyo_set_string(head, ptr->program ? 1767 ptr->program->name : "any"); 1768 tomoyo_set_string(head, " from "); 1769 tomoyo_set_string(head, ptr->domainname ? 1770 ptr->domainname->name : 1771 "any"); 1772 } 1773 break; 1774 case TOMOYO_ID_AGGREGATOR: 1775 { 1776 struct tomoyo_aggregator *ptr = 1777 container_of(acl, typeof(*ptr), head); 1778 tomoyo_print_namespace(head); 1779 tomoyo_set_string(head, "aggregator "); 1780 tomoyo_set_string(head, 1781 ptr->original_name->name); 1782 tomoyo_set_space(head); 1783 tomoyo_set_string(head, 1784 ptr->aggregated_name->name); 1785 } 1786 break; 1787 default: 1788 continue; 1789 } 1790 tomoyo_set_lf(head); 1791 } 1792 head->r.acl = NULL; 1793 return true; 1794} 1795 1796/** 1797 * tomoyo_read_exception - Read exception policy. 1798 * 1799 * @head: Pointer to "struct tomoyo_io_buffer". 1800 * 1801 * Caller holds tomoyo_read_lock(). 1802 */ 1803static void tomoyo_read_exception(struct tomoyo_io_buffer *head) 1804{ 1805 struct tomoyo_policy_namespace *ns = 1806 container_of(head->r.ns, typeof(*ns), namespace_list); 1807 if (head->r.eof) 1808 return; 1809 while (head->r.step < TOMOYO_MAX_POLICY && 1810 tomoyo_read_policy(head, head->r.step)) 1811 head->r.step++; 1812 if (head->r.step < TOMOYO_MAX_POLICY) 1813 return; 1814 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP && 1815 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY)) 1816 head->r.step++; 1817 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP) 1818 return; 1819 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP 1820 + TOMOYO_MAX_ACL_GROUPS) { 1821 head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY 1822 - TOMOYO_MAX_GROUP; 1823 if (!tomoyo_read_domain2(head, &ns->acl_group 1824 [head->r.acl_group_index])) 1825 return; 1826 head->r.step++; 1827 } 1828 head->r.eof = true; 1829} 1830 1831/* Wait queue for kernel -> userspace notification. */ 1832static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait); 1833/* Wait queue for userspace -> kernel notification. */ 1834static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait); 1835 1836/* Structure for query. */ 1837struct tomoyo_query { 1838 struct list_head list; 1839 char *query; 1840 size_t query_len; 1841 unsigned int serial; 1842 u8 timer; 1843 u8 answer; 1844 u8 retry; 1845}; 1846 1847/* The list for "struct tomoyo_query". */ 1848static LIST_HEAD(tomoyo_query_list); 1849 1850/* Lock for manipulating tomoyo_query_list. */ 1851static DEFINE_SPINLOCK(tomoyo_query_list_lock); 1852 1853/* 1854 * Number of "struct file" referring /sys/kernel/security/tomoyo/query 1855 * interface. 1856 */ 1857static atomic_t tomoyo_query_observers = ATOMIC_INIT(0); 1858 1859/** 1860 * tomoyo_truncate - Truncate a line. 1861 * 1862 * @str: String to truncate. 1863 * 1864 * Returns length of truncated @str. 1865 */ 1866static int tomoyo_truncate(char *str) 1867{ 1868 char *start = str; 1869 while (*(unsigned char *) str > (unsigned char) ' ') 1870 str++; 1871 *str = '\0'; 1872 return strlen(start) + 1; 1873} 1874 1875/** 1876 * tomoyo_add_entry - Add an ACL to current thread's domain. Used by learning mode. 1877 * 1878 * @domain: Pointer to "struct tomoyo_domain_info". 1879 * @header: Lines containing ACL. 1880 * 1881 * Returns nothing. 1882 */ 1883static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header) 1884{ 1885 char *buffer; 1886 char *realpath = NULL; 1887 char *argv0 = NULL; 1888 char *symlink = NULL; 1889 char *cp = strchr(header, '\n'); 1890 int len; 1891 if (!cp) 1892 return; 1893 cp = strchr(cp + 1, '\n'); 1894 if (!cp) 1895 return; 1896 *cp++ = '\0'; 1897 len = strlen(cp) + 1; 1898 /* strstr() will return NULL if ordering is wrong. */ 1899 if (*cp == 'f') { 1900 argv0 = strstr(header, " argv[]={ \""); 1901 if (argv0) { 1902 argv0 += 10; 1903 len += tomoyo_truncate(argv0) + 14; 1904 } 1905 realpath = strstr(header, " exec={ realpath=\""); 1906 if (realpath) { 1907 realpath += 8; 1908 len += tomoyo_truncate(realpath) + 6; 1909 } 1910 symlink = strstr(header, " symlink.target=\""); 1911 if (symlink) 1912 len += tomoyo_truncate(symlink + 1) + 1; 1913 } 1914 buffer = kmalloc(len, GFP_NOFS); 1915 if (!buffer) 1916 return; 1917 snprintf(buffer, len - 1, "%s", cp); 1918 if (realpath) 1919 tomoyo_addprintf(buffer, len, " exec.%s", realpath); 1920 if (argv0) 1921 tomoyo_addprintf(buffer, len, " exec.argv[0]=%s", argv0); 1922 if (symlink) 1923 tomoyo_addprintf(buffer, len, "%s", symlink); 1924 tomoyo_normalize_line(buffer); 1925 if (!tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer, 1926 false)) 1927 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES); 1928 kfree(buffer); 1929} 1930 1931/** 1932 * tomoyo_supervisor - Ask for the supervisor's decision. 1933 * 1934 * @r: Pointer to "struct tomoyo_request_info". 1935 * @fmt: The printf()'s format string, followed by parameters. 1936 * 1937 * Returns 0 if the supervisor decided to permit the access request which 1938 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the 1939 * supervisor decided to retry the access request which violated the policy in 1940 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise. 1941 */ 1942int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) 1943{ 1944 va_list args; 1945 int error; 1946 int len; 1947 static unsigned int tomoyo_serial; 1948 struct tomoyo_query entry = { }; 1949 bool quota_exceeded = false; 1950 va_start(args, fmt); 1951 len = vsnprintf((char *) &len, 1, fmt, args) + 1; 1952 va_end(args); 1953 /* Write /sys/kernel/security/tomoyo/audit. */ 1954 va_start(args, fmt); 1955 tomoyo_write_log2(r, len, fmt, args); 1956 va_end(args); 1957 /* Nothing more to do if granted. */ 1958 if (r->granted) 1959 return 0; 1960 if (r->mode) 1961 tomoyo_update_stat(r->mode); 1962 switch (r->mode) { 1963 case TOMOYO_CONFIG_ENFORCING: 1964 error = -EPERM; 1965 if (atomic_read(&tomoyo_query_observers)) 1966 break; 1967 goto out; 1968 case TOMOYO_CONFIG_LEARNING: 1969 error = 0; 1970 /* Check max_learning_entry parameter. */ 1971 if (tomoyo_domain_quota_is_ok(r)) 1972 break; 1973 /* fall through */ 1974 default: 1975 return 0; 1976 } 1977 /* Get message. */ 1978 va_start(args, fmt); 1979 entry.query = tomoyo_init_log(r, len, fmt, args); 1980 va_end(args); 1981 if (!entry.query) 1982 goto out; 1983 entry.query_len = strlen(entry.query) + 1; 1984 if (!error) { 1985 tomoyo_add_entry(r->domain, entry.query); 1986 goto out; 1987 } 1988 len = tomoyo_round2(entry.query_len); 1989 spin_lock(&tomoyo_query_list_lock); 1990 if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] && 1991 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len 1992 >= tomoyo_memory_quota[TOMOYO_MEMORY_QUERY]) { 1993 quota_exceeded = true; 1994 } else { 1995 entry.serial = tomoyo_serial++; 1996 entry.retry = r->retry; 1997 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] += len; 1998 list_add_tail(&entry.list, &tomoyo_query_list); 1999 } 2000 spin_unlock(&tomoyo_query_list_lock); 2001 if (quota_exceeded) 2002 goto out; 2003 /* Give 10 seconds for supervisor's opinion. */ 2004 while (entry.timer < 10) { 2005 wake_up_all(&tomoyo_query_wait); 2006 if (wait_event_interruptible_timeout 2007 (tomoyo_answer_wait, entry.answer || 2008 !atomic_read(&tomoyo_query_observers), HZ)) 2009 break; 2010 else 2011 entry.timer++; 2012 } 2013 spin_lock(&tomoyo_query_list_lock); 2014 list_del(&entry.list); 2015 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] -= len; 2016 spin_unlock(&tomoyo_query_list_lock); 2017 switch (entry.answer) { 2018 case 3: /* Asked to retry by administrator. */ 2019 error = TOMOYO_RETRY_REQUEST; 2020 r->retry++; 2021 break; 2022 case 1: 2023 /* Granted by administrator. */ 2024 error = 0; 2025 break; 2026 default: 2027 /* Timed out or rejected by administrator. */ 2028 break; 2029 } 2030out: 2031 kfree(entry.query); 2032 return error; 2033} 2034 2035/** 2036 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query. 2037 * 2038 * @file: Pointer to "struct file". 2039 * @wait: Pointer to "poll_table". 2040 * 2041 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise. 2042 * 2043 * Waits for access requests which violated policy in enforcing mode. 2044 */ 2045static int tomoyo_poll_query(struct file *file, poll_table *wait) 2046{ 2047 struct list_head *tmp; 2048 bool found = false; 2049 u8 i; 2050 for (i = 0; i < 2; i++) { 2051 spin_lock(&tomoyo_query_list_lock); 2052 list_for_each(tmp, &tomoyo_query_list) { 2053 struct tomoyo_query *ptr = 2054 list_entry(tmp, typeof(*ptr), list); 2055 if (ptr->answer) 2056 continue; 2057 found = true; 2058 break; 2059 } 2060 spin_unlock(&tomoyo_query_list_lock); 2061 if (found) 2062 return POLLIN | POLLRDNORM; 2063 if (i) 2064 break; 2065 poll_wait(file, &tomoyo_query_wait, wait); 2066 } 2067 return 0; 2068} 2069 2070/** 2071 * tomoyo_read_query - Read access requests which violated policy in enforcing mode. 2072 * 2073 * @head: Pointer to "struct tomoyo_io_buffer". 2074 */ 2075static void tomoyo_read_query(struct tomoyo_io_buffer *head) 2076{ 2077 struct list_head *tmp; 2078 unsigned int pos = 0; 2079 size_t len = 0; 2080 char *buf; 2081 if (head->r.w_pos) 2082 return; 2083 if (head->read_buf) { 2084 kfree(head->read_buf); 2085 head->read_buf = NULL; 2086 } 2087 spin_lock(&tomoyo_query_list_lock); 2088 list_for_each(tmp, &tomoyo_query_list) { 2089 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2090 if (ptr->answer) 2091 continue; 2092 if (pos++ != head->r.query_index) 2093 continue; 2094 len = ptr->query_len; 2095 break; 2096 } 2097 spin_unlock(&tomoyo_query_list_lock); 2098 if (!len) { 2099 head->r.query_index = 0; 2100 return; 2101 } 2102 buf = kzalloc(len + 32, GFP_NOFS); 2103 if (!buf) 2104 return; 2105 pos = 0; 2106 spin_lock(&tomoyo_query_list_lock); 2107 list_for_each(tmp, &tomoyo_query_list) { 2108 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2109 if (ptr->answer) 2110 continue; 2111 if (pos++ != head->r.query_index) 2112 continue; 2113 /* 2114 * Some query can be skipped because tomoyo_query_list 2115 * can change, but I don't care. 2116 */ 2117 if (len == ptr->query_len) 2118 snprintf(buf, len + 31, "Q%u-%hu\n%s", ptr->serial, 2119 ptr->retry, ptr->query); 2120 break; 2121 } 2122 spin_unlock(&tomoyo_query_list_lock); 2123 if (buf[0]) { 2124 head->read_buf = buf; 2125 head->r.w[head->r.w_pos++] = buf; 2126 head->r.query_index++; 2127 } else { 2128 kfree(buf); 2129 } 2130} 2131 2132/** 2133 * tomoyo_write_answer - Write the supervisor's decision. 2134 * 2135 * @head: Pointer to "struct tomoyo_io_buffer". 2136 * 2137 * Returns 0 on success, -EINVAL otherwise. 2138 */ 2139static int tomoyo_write_answer(struct tomoyo_io_buffer *head) 2140{ 2141 char *data = head->write_buf; 2142 struct list_head *tmp; 2143 unsigned int serial; 2144 unsigned int answer; 2145 spin_lock(&tomoyo_query_list_lock); 2146 list_for_each(tmp, &tomoyo_query_list) { 2147 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2148 ptr->timer = 0; 2149 } 2150 spin_unlock(&tomoyo_query_list_lock); 2151 if (sscanf(data, "A%u=%u", &serial, &answer) != 2) 2152 return -EINVAL; 2153 spin_lock(&tomoyo_query_list_lock); 2154 list_for_each(tmp, &tomoyo_query_list) { 2155 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2156 if (ptr->serial != serial) 2157 continue; 2158 if (!ptr->answer) 2159 ptr->answer = answer; 2160 break; 2161 } 2162 spin_unlock(&tomoyo_query_list_lock); 2163 return 0; 2164} 2165 2166/** 2167 * tomoyo_read_version: Get version. 2168 * 2169 * @head: Pointer to "struct tomoyo_io_buffer". 2170 * 2171 * Returns version information. 2172 */ 2173static void tomoyo_read_version(struct tomoyo_io_buffer *head) 2174{ 2175 if (!head->r.eof) { 2176 tomoyo_io_printf(head, "2.4.0"); 2177 head->r.eof = true; 2178 } 2179} 2180 2181/** 2182 * tomoyo_read_self_domain - Get the current process's domainname. 2183 * 2184 * @head: Pointer to "struct tomoyo_io_buffer". 2185 * 2186 * Returns the current process's domainname. 2187 */ 2188static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head) 2189{ 2190 if (!head->r.eof) { 2191 /* 2192 * tomoyo_domain()->domainname != NULL 2193 * because every process belongs to a domain and 2194 * the domain's name cannot be NULL. 2195 */ 2196 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name); 2197 head->r.eof = true; 2198 } 2199} 2200 2201/* String table for /sys/kernel/security/tomoyo/stat interface. */ 2202static const char * const tomoyo_policy_headers[TOMOYO_MAX_POLICY_STAT] = { 2203 [TOMOYO_STAT_POLICY_UPDATES] = "update:", 2204 [TOMOYO_STAT_POLICY_LEARNING] = "violation in learning mode:", 2205 [TOMOYO_STAT_POLICY_PERMISSIVE] = "violation in permissive mode:", 2206 [TOMOYO_STAT_POLICY_ENFORCING] = "violation in enforcing mode:", 2207}; 2208 2209/* String table for /sys/kernel/security/tomoyo/stat interface. */ 2210static const char * const tomoyo_memory_headers[TOMOYO_MAX_MEMORY_STAT] = { 2211 [TOMOYO_MEMORY_POLICY] = "policy:", 2212 [TOMOYO_MEMORY_AUDIT] = "audit log:", 2213 [TOMOYO_MEMORY_QUERY] = "query message:", 2214}; 2215 2216/* Timestamp counter for last updated. */ 2217static unsigned int tomoyo_stat_updated[TOMOYO_MAX_POLICY_STAT]; 2218/* Counter for number of updates. */ 2219static unsigned int tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT]; 2220 2221/** 2222 * tomoyo_update_stat - Update statistic counters. 2223 * 2224 * @index: Index for policy type. 2225 * 2226 * Returns nothing. 2227 */ 2228void tomoyo_update_stat(const u8 index) 2229{ 2230 struct timeval tv; 2231 do_gettimeofday(&tv); 2232 /* 2233 * I don't use atomic operations because race condition is not fatal. 2234 */ 2235 tomoyo_stat_updated[index]++; 2236 tomoyo_stat_modified[index] = tv.tv_sec; 2237} 2238 2239/** 2240 * tomoyo_read_stat - Read statistic data. 2241 * 2242 * @head: Pointer to "struct tomoyo_io_buffer". 2243 * 2244 * Returns nothing. 2245 */ 2246static void tomoyo_read_stat(struct tomoyo_io_buffer *head) 2247{ 2248 u8 i; 2249 unsigned int total = 0; 2250 if (head->r.eof) 2251 return; 2252 for (i = 0; i < TOMOYO_MAX_POLICY_STAT; i++) { 2253 tomoyo_io_printf(head, "Policy %-30s %10u", 2254 tomoyo_policy_headers[i], 2255 tomoyo_stat_updated[i]); 2256 if (tomoyo_stat_modified[i]) { 2257 struct tomoyo_time stamp; 2258 tomoyo_convert_time(tomoyo_stat_modified[i], &stamp); 2259 tomoyo_io_printf(head, " (Last: %04u/%02u/%02u " 2260 "%02u:%02u:%02u)", 2261 stamp.year, stamp.month, stamp.day, 2262 stamp.hour, stamp.min, stamp.sec); 2263 } 2264 tomoyo_set_lf(head); 2265 } 2266 for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) { 2267 unsigned int used = tomoyo_memory_used[i]; 2268 total += used; 2269 tomoyo_io_printf(head, "Memory used by %-22s %10u", 2270 tomoyo_memory_headers[i], used); 2271 used = tomoyo_memory_quota[i]; 2272 if (used) 2273 tomoyo_io_printf(head, " (Quota: %10u)", used); 2274 tomoyo_set_lf(head); 2275 } 2276 tomoyo_io_printf(head, "Total memory used: %10u\n", 2277 total); 2278 head->r.eof = true; 2279} 2280 2281/** 2282 * tomoyo_write_stat - Set memory quota. 2283 * 2284 * @head: Pointer to "struct tomoyo_io_buffer". 2285 * 2286 * Returns 0. 2287 */ 2288static int tomoyo_write_stat(struct tomoyo_io_buffer *head) 2289{ 2290 char *data = head->write_buf; 2291 u8 i; 2292 if (tomoyo_str_starts(&data, "Memory used by ")) 2293 for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) 2294 if (tomoyo_str_starts(&data, tomoyo_memory_headers[i])) 2295 sscanf(data, "%u", &tomoyo_memory_quota[i]); 2296 return 0; 2297} 2298 2299/** 2300 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface. 2301 * 2302 * @type: Type of interface. 2303 * @file: Pointer to "struct file". 2304 * 2305 * Returns 0 on success, negative value otherwise. 2306 */ 2307int tomoyo_open_control(const u8 type, struct file *file) 2308{ 2309 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS); 2310 2311 if (!head) 2312 return -ENOMEM; 2313 mutex_init(&head->io_sem); 2314 head->type = type; 2315 switch (type) { 2316 case TOMOYO_DOMAINPOLICY: 2317 /* /sys/kernel/security/tomoyo/domain_policy */ 2318 head->write = tomoyo_write_domain; 2319 head->read = tomoyo_read_domain; 2320 break; 2321 case TOMOYO_EXCEPTIONPOLICY: 2322 /* /sys/kernel/security/tomoyo/exception_policy */ 2323 head->write = tomoyo_write_exception; 2324 head->read = tomoyo_read_exception; 2325 break; 2326 case TOMOYO_AUDIT: 2327 /* /sys/kernel/security/tomoyo/audit */ 2328 head->poll = tomoyo_poll_log; 2329 head->read = tomoyo_read_log; 2330 break; 2331 case TOMOYO_SELFDOMAIN: 2332 /* /sys/kernel/security/tomoyo/self_domain */ 2333 head->read = tomoyo_read_self_domain; 2334 break; 2335 case TOMOYO_PROCESS_STATUS: 2336 /* /sys/kernel/security/tomoyo/.process_status */ 2337 head->write = tomoyo_write_pid; 2338 head->read = tomoyo_read_pid; 2339 break; 2340 case TOMOYO_VERSION: 2341 /* /sys/kernel/security/tomoyo/version */ 2342 head->read = tomoyo_read_version; 2343 head->readbuf_size = 128; 2344 break; 2345 case TOMOYO_STAT: 2346 /* /sys/kernel/security/tomoyo/stat */ 2347 head->write = tomoyo_write_stat; 2348 head->read = tomoyo_read_stat; 2349 head->readbuf_size = 1024; 2350 break; 2351 case TOMOYO_PROFILE: 2352 /* /sys/kernel/security/tomoyo/profile */ 2353 head->write = tomoyo_write_profile; 2354 head->read = tomoyo_read_profile; 2355 break; 2356 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */ 2357 head->poll = tomoyo_poll_query; 2358 head->write = tomoyo_write_answer; 2359 head->read = tomoyo_read_query; 2360 break; 2361 case TOMOYO_MANAGER: 2362 /* /sys/kernel/security/tomoyo/manager */ 2363 head->write = tomoyo_write_manager; 2364 head->read = tomoyo_read_manager; 2365 break; 2366 } 2367 if (!(file->f_mode & FMODE_READ)) { 2368 /* 2369 * No need to allocate read_buf since it is not opened 2370 * for reading. 2371 */ 2372 head->read = NULL; 2373 head->poll = NULL; 2374 } else if (!head->poll) { 2375 /* Don't allocate read_buf for poll() access. */ 2376 if (!head->readbuf_size) 2377 head->readbuf_size = 4096 * 2; 2378 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS); 2379 if (!head->read_buf) { 2380 kfree(head); 2381 return -ENOMEM; 2382 } 2383 } 2384 if (!(file->f_mode & FMODE_WRITE)) { 2385 /* 2386 * No need to allocate write_buf since it is not opened 2387 * for writing. 2388 */ 2389 head->write = NULL; 2390 } else if (head->write) { 2391 head->writebuf_size = 4096 * 2; 2392 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS); 2393 if (!head->write_buf) { 2394 kfree(head->read_buf); 2395 kfree(head); 2396 return -ENOMEM; 2397 } 2398 } 2399 /* 2400 * If the file is /sys/kernel/security/tomoyo/query , increment the 2401 * observer counter. 2402 * The obserber counter is used by tomoyo_supervisor() to see if 2403 * there is some process monitoring /sys/kernel/security/tomoyo/query. 2404 */ 2405 if (type == TOMOYO_QUERY) 2406 atomic_inc(&tomoyo_query_observers); 2407 file->private_data = head; 2408 tomoyo_notify_gc(head, true); 2409 return 0; 2410} 2411 2412/** 2413 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface. 2414 * 2415 * @file: Pointer to "struct file". 2416 * @wait: Pointer to "poll_table". 2417 * 2418 * Waits for read readiness. 2419 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd and 2420 * /sys/kernel/security/tomoyo/audit is handled by /usr/sbin/tomoyo-auditd. 2421 */ 2422int tomoyo_poll_control(struct file *file, poll_table *wait) 2423{ 2424 struct tomoyo_io_buffer *head = file->private_data; 2425 if (!head->poll) 2426 return -ENOSYS; 2427 return head->poll(file, wait); 2428} 2429 2430/** 2431 * tomoyo_set_namespace_cursor - Set namespace to read. 2432 * 2433 * @head: Pointer to "struct tomoyo_io_buffer". 2434 * 2435 * Returns nothing. 2436 */ 2437static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer *head) 2438{ 2439 struct list_head *ns; 2440 if (head->type != TOMOYO_EXCEPTIONPOLICY && 2441 head->type != TOMOYO_PROFILE) 2442 return; 2443 /* 2444 * If this is the first read, or reading previous namespace finished 2445 * and has more namespaces to read, update the namespace cursor. 2446 */ 2447 ns = head->r.ns; 2448 if (!ns || (head->r.eof && ns->next != &tomoyo_namespace_list)) { 2449 /* Clearing is OK because tomoyo_flush() returned true. */ 2450 memset(&head->r, 0, sizeof(head->r)); 2451 head->r.ns = ns ? ns->next : tomoyo_namespace_list.next; 2452 } 2453} 2454 2455/** 2456 * tomoyo_has_more_namespace - Check for unread namespaces. 2457 * 2458 * @head: Pointer to "struct tomoyo_io_buffer". 2459 * 2460 * Returns true if we have more entries to print, false otherwise. 2461 */ 2462static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head) 2463{ 2464 return (head->type == TOMOYO_EXCEPTIONPOLICY || 2465 head->type == TOMOYO_PROFILE) && head->r.eof && 2466 head->r.ns->next != &tomoyo_namespace_list; 2467} 2468 2469/** 2470 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 2471 * 2472 * @head: Pointer to "struct tomoyo_io_buffer". 2473 * @buffer: Poiner to buffer to write to. 2474 * @buffer_len: Size of @buffer. 2475 * 2476 * Returns bytes read on success, negative value otherwise. 2477 */ 2478ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, 2479 const int buffer_len) 2480{ 2481 int len; 2482 int idx; 2483 2484 if (!head->read) 2485 return -ENOSYS; 2486 if (mutex_lock_interruptible(&head->io_sem)) 2487 return -EINTR; 2488 head->read_user_buf = buffer; 2489 head->read_user_buf_avail = buffer_len; 2490 idx = tomoyo_read_lock(); 2491 if (tomoyo_flush(head)) 2492 /* Call the policy handler. */ 2493 do { 2494 tomoyo_set_namespace_cursor(head); 2495 head->read(head); 2496 } while (tomoyo_flush(head) && 2497 tomoyo_has_more_namespace(head)); 2498 tomoyo_read_unlock(idx); 2499 len = head->read_user_buf - buffer; 2500 mutex_unlock(&head->io_sem); 2501 return len; 2502} 2503 2504/** 2505 * tomoyo_parse_policy - Parse a policy line. 2506 * 2507 * @head: Poiter to "struct tomoyo_io_buffer". 2508 * @line: Line to parse. 2509 * 2510 * Returns 0 on success, negative value otherwise. 2511 * 2512 * Caller holds tomoyo_read_lock(). 2513 */ 2514static int tomoyo_parse_policy(struct tomoyo_io_buffer *head, char *line) 2515{ 2516 /* Delete request? */ 2517 head->w.is_delete = !strncmp(line, "delete ", 7); 2518 if (head->w.is_delete) 2519 memmove(line, line + 7, strlen(line + 7) + 1); 2520 /* Selecting namespace to update. */ 2521 if (head->type == TOMOYO_EXCEPTIONPOLICY || 2522 head->type == TOMOYO_PROFILE) { 2523 if (*line == '<') { 2524 char *cp = strchr(line, ' '); 2525 if (cp) { 2526 *cp++ = '\0'; 2527 head->w.ns = tomoyo_assign_namespace(line); 2528 memmove(line, cp, strlen(cp) + 1); 2529 } else 2530 head->w.ns = NULL; 2531 } else 2532 head->w.ns = &tomoyo_kernel_namespace; 2533 /* Don't allow updating if namespace is invalid. */ 2534 if (!head->w.ns) 2535 return -ENOENT; 2536 } 2537 /* Do the update. */ 2538 return head->write(head); 2539} 2540 2541/** 2542 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. 2543 * 2544 * @head: Pointer to "struct tomoyo_io_buffer". 2545 * @buffer: Pointer to buffer to read from. 2546 * @buffer_len: Size of @buffer. 2547 * 2548 * Returns @buffer_len on success, negative value otherwise. 2549 */ 2550ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, 2551 const char __user *buffer, const int buffer_len) 2552{ 2553 int error = buffer_len; 2554 size_t avail_len = buffer_len; 2555 char *cp0 = head->write_buf; 2556 int idx; 2557 if (!head->write) 2558 return -ENOSYS; 2559 if (!access_ok(VERIFY_READ, buffer, buffer_len)) 2560 return -EFAULT; 2561 if (mutex_lock_interruptible(&head->io_sem)) 2562 return -EINTR; 2563 idx = tomoyo_read_lock(); 2564 /* Read a line and dispatch it to the policy handler. */ 2565 while (avail_len > 0) { 2566 char c; 2567 if (head->w.avail >= head->writebuf_size - 1) { 2568 const int len = head->writebuf_size * 2; 2569 char *cp = kzalloc(len, GFP_NOFS); 2570 if (!cp) { 2571 error = -ENOMEM; 2572 break; 2573 } 2574 memmove(cp, cp0, head->w.avail); 2575 kfree(cp0); 2576 head->write_buf = cp; 2577 cp0 = cp; 2578 head->writebuf_size = len; 2579 } 2580 if (get_user(c, buffer)) { 2581 error = -EFAULT; 2582 break; 2583 } 2584 buffer++; 2585 avail_len--; 2586 cp0[head->w.avail++] = c; 2587 if (c != '\n') 2588 continue; 2589 cp0[head->w.avail - 1] = '\0'; 2590 head->w.avail = 0; 2591 tomoyo_normalize_line(cp0); 2592 if (!strcmp(cp0, "reset")) { 2593 head->w.ns = &tomoyo_kernel_namespace; 2594 head->w.domain = NULL; 2595 memset(&head->r, 0, sizeof(head->r)); 2596 continue; 2597 } 2598 /* Don't allow updating policies by non manager programs. */ 2599 switch (head->type) { 2600 case TOMOYO_PROCESS_STATUS: 2601 /* This does not write anything. */ 2602 break; 2603 case TOMOYO_DOMAINPOLICY: 2604 if (tomoyo_select_domain(head, cp0)) 2605 continue; 2606 /* fall through */ 2607 case TOMOYO_EXCEPTIONPOLICY: 2608 if (!strcmp(cp0, "select transition_only")) { 2609 head->r.print_transition_related_only = true; 2610 continue; 2611 } 2612 /* fall through */ 2613 default: 2614 if (!tomoyo_manager()) { 2615 error = -EPERM; 2616 goto out; 2617 } 2618 } 2619 switch (tomoyo_parse_policy(head, cp0)) { 2620 case -EPERM: 2621 error = -EPERM; 2622 goto out; 2623 case 0: 2624 switch (head->type) { 2625 case TOMOYO_DOMAINPOLICY: 2626 case TOMOYO_EXCEPTIONPOLICY: 2627 case TOMOYO_STAT: 2628 case TOMOYO_PROFILE: 2629 case TOMOYO_MANAGER: 2630 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES); 2631 break; 2632 default: 2633 break; 2634 } 2635 break; 2636 } 2637 } 2638out: 2639 tomoyo_read_unlock(idx); 2640 mutex_unlock(&head->io_sem); 2641 return error; 2642} 2643 2644/** 2645 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface. 2646 * 2647 * @head: Pointer to "struct tomoyo_io_buffer". 2648 * 2649 * Returns 0. 2650 */ 2651int tomoyo_close_control(struct tomoyo_io_buffer *head) 2652{ 2653 /* 2654 * If the file is /sys/kernel/security/tomoyo/query , decrement the 2655 * observer counter. 2656 */ 2657 if (head->type == TOMOYO_QUERY && 2658 atomic_dec_and_test(&tomoyo_query_observers)) 2659 wake_up_all(&tomoyo_answer_wait); 2660 tomoyo_notify_gc(head, false); 2661 return 0; 2662} 2663 2664/** 2665 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined. 2666 */ 2667void tomoyo_check_profile(void) 2668{ 2669 struct tomoyo_domain_info *domain; 2670 const int idx = tomoyo_read_lock(); 2671 tomoyo_policy_loaded = true; 2672 printk(KERN_INFO "TOMOYO: 2.4.0\n"); 2673 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 2674 const u8 profile = domain->profile; 2675 const struct tomoyo_policy_namespace *ns = domain->ns; 2676 if (ns->profile_version != 20100903) 2677 printk(KERN_ERR 2678 "Profile version %u is not supported.\n", 2679 ns->profile_version); 2680 else if (!ns->profile_ptr[profile]) 2681 printk(KERN_ERR 2682 "Profile %u (used by '%s') is not defined.\n", 2683 profile, domain->domainname->name); 2684 else 2685 continue; 2686 printk(KERN_ERR 2687 "Userland tools for TOMOYO 2.4 must be installed and " 2688 "policy must be initialized.\n"); 2689 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.4/ " 2690 "for more information.\n"); 2691 panic("STOP!"); 2692 } 2693 tomoyo_read_unlock(idx); 2694 printk(KERN_INFO "Mandatory Access Control activated.\n"); 2695} 2696 2697/** 2698 * tomoyo_load_builtin_policy - Load built-in policy. 2699 * 2700 * Returns nothing. 2701 */ 2702void __init tomoyo_load_builtin_policy(void) 2703{ 2704 /* 2705 * This include file is manually created and contains built-in policy 2706 * named "tomoyo_builtin_profile", "tomoyo_builtin_exception_policy", 2707 * "tomoyo_builtin_domain_policy", "tomoyo_builtin_manager", 2708 * "tomoyo_builtin_stat" in the form of "static char [] __initdata". 2709 */ 2710#include "builtin-policy.h" 2711 u8 i; 2712 const int idx = tomoyo_read_lock(); 2713 for (i = 0; i < 5; i++) { 2714 struct tomoyo_io_buffer head = { }; 2715 char *start = ""; 2716 switch (i) { 2717 case 0: 2718 start = tomoyo_builtin_profile; 2719 head.type = TOMOYO_PROFILE; 2720 head.write = tomoyo_write_profile; 2721 break; 2722 case 1: 2723 start = tomoyo_builtin_exception_policy; 2724 head.type = TOMOYO_EXCEPTIONPOLICY; 2725 head.write = tomoyo_write_exception; 2726 break; 2727 case 2: 2728 start = tomoyo_builtin_domain_policy; 2729 head.type = TOMOYO_DOMAINPOLICY; 2730 head.write = tomoyo_write_domain; 2731 break; 2732 case 3: 2733 start = tomoyo_builtin_manager; 2734 head.type = TOMOYO_MANAGER; 2735 head.write = tomoyo_write_manager; 2736 break; 2737 case 4: 2738 start = tomoyo_builtin_stat; 2739 head.type = TOMOYO_STAT; 2740 head.write = tomoyo_write_stat; 2741 break; 2742 } 2743 while (1) { 2744 char *end = strchr(start, '\n'); 2745 if (!end) 2746 break; 2747 *end = '\0'; 2748 tomoyo_normalize_line(start); 2749 head.write_buf = start; 2750 tomoyo_parse_policy(&head, start); 2751 start = end + 1; 2752 } 2753 } 2754 tomoyo_read_unlock(idx); 2755#ifdef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 2756 tomoyo_check_profile(); 2757#endif 2758} 2759