common.c revision 68eda8f59081c74a51d037cc29893bd7c9b3c2d8
1/* 2 * security/tomoyo/common.c 3 * 4 * Common functions for TOMOYO. 5 * 6 * Copyright (C) 2005-2010 NTT DATA CORPORATION 7 */ 8 9#include <linux/uaccess.h> 10#include <linux/slab.h> 11#include <linux/security.h> 12#include "common.h" 13 14static struct tomoyo_profile tomoyo_default_profile = { 15 .learning = &tomoyo_default_profile.preference, 16 .permissive = &tomoyo_default_profile.preference, 17 .enforcing = &tomoyo_default_profile.preference, 18 .preference.enforcing_verbose = true, 19 .preference.learning_max_entry = 2048, 20 .preference.learning_verbose = false, 21 .preference.permissive_verbose = true 22}; 23 24/* Profile version. Currently only 20090903 is defined. */ 25static unsigned int tomoyo_profile_version; 26 27/* Profile table. Memory is allocated as needed. */ 28static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES]; 29 30/* String table for functionality that takes 4 modes. */ 31static const char *tomoyo_mode[4] = { 32 "disabled", "learning", "permissive", "enforcing" 33}; 34 35/* String table for /sys/kernel/security/tomoyo/profile */ 36static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX 37 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = { 38 [TOMOYO_MAC_FILE_EXECUTE] = "file::execute", 39 [TOMOYO_MAC_FILE_OPEN] = "file::open", 40 [TOMOYO_MAC_FILE_CREATE] = "file::create", 41 [TOMOYO_MAC_FILE_UNLINK] = "file::unlink", 42 [TOMOYO_MAC_FILE_MKDIR] = "file::mkdir", 43 [TOMOYO_MAC_FILE_RMDIR] = "file::rmdir", 44 [TOMOYO_MAC_FILE_MKFIFO] = "file::mkfifo", 45 [TOMOYO_MAC_FILE_MKSOCK] = "file::mksock", 46 [TOMOYO_MAC_FILE_TRUNCATE] = "file::truncate", 47 [TOMOYO_MAC_FILE_SYMLINK] = "file::symlink", 48 [TOMOYO_MAC_FILE_REWRITE] = "file::rewrite", 49 [TOMOYO_MAC_FILE_MKBLOCK] = "file::mkblock", 50 [TOMOYO_MAC_FILE_MKCHAR] = "file::mkchar", 51 [TOMOYO_MAC_FILE_LINK] = "file::link", 52 [TOMOYO_MAC_FILE_RENAME] = "file::rename", 53 [TOMOYO_MAC_FILE_CHMOD] = "file::chmod", 54 [TOMOYO_MAC_FILE_CHOWN] = "file::chown", 55 [TOMOYO_MAC_FILE_CHGRP] = "file::chgrp", 56 [TOMOYO_MAC_FILE_IOCTL] = "file::ioctl", 57 [TOMOYO_MAC_FILE_CHROOT] = "file::chroot", 58 [TOMOYO_MAC_FILE_MOUNT] = "file::mount", 59 [TOMOYO_MAC_FILE_UMOUNT] = "file::umount", 60 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root", 61 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file", 62}; 63 64/* Permit policy management by non-root user? */ 65static bool tomoyo_manage_by_non_root; 66 67/* Utility functions. */ 68 69/** 70 * tomoyo_yesno - Return "yes" or "no". 71 * 72 * @value: Bool value. 73 */ 74static const char *tomoyo_yesno(const unsigned int value) 75{ 76 return value ? "yes" : "no"; 77} 78 79static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...) 80{ 81 va_list args; 82 const int pos = strlen(buffer); 83 va_start(args, fmt); 84 vsnprintf(buffer + pos, len - pos - 1, fmt, args); 85 va_end(args); 86} 87 88/** 89 * tomoyo_flush - Flush queued string to userspace's buffer. 90 * 91 * @head: Pointer to "struct tomoyo_io_buffer". 92 * 93 * Returns true if all data was flushed, false otherwise. 94 */ 95static bool tomoyo_flush(struct tomoyo_io_buffer *head) 96{ 97 while (head->r.w_pos) { 98 const char *w = head->r.w[0]; 99 int len = strlen(w); 100 if (len) { 101 if (len > head->read_user_buf_avail) 102 len = head->read_user_buf_avail; 103 if (!len) 104 return false; 105 if (copy_to_user(head->read_user_buf, w, len)) 106 return false; 107 head->read_user_buf_avail -= len; 108 head->read_user_buf += len; 109 w += len; 110 } 111 if (*w) { 112 head->r.w[0] = w; 113 return false; 114 } 115 /* Add '\0' for query. */ 116 if (head->poll) { 117 if (!head->read_user_buf_avail || 118 copy_to_user(head->read_user_buf, "", 1)) 119 return false; 120 head->read_user_buf_avail--; 121 head->read_user_buf++; 122 } 123 head->r.w_pos--; 124 for (len = 0; len < head->r.w_pos; len++) 125 head->r.w[len] = head->r.w[len + 1]; 126 } 127 head->r.avail = 0; 128 return true; 129} 130 131/** 132 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure. 133 * 134 * @head: Pointer to "struct tomoyo_io_buffer". 135 * @string: String to print. 136 * 137 * Note that @string has to be kept valid until @head is kfree()d. 138 * This means that char[] allocated on stack memory cannot be passed to 139 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory. 140 */ 141static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string) 142{ 143 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) { 144 head->r.w[head->r.w_pos++] = string; 145 tomoyo_flush(head); 146 } else 147 WARN_ON(1); 148} 149 150/** 151 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure. 152 * 153 * @head: Pointer to "struct tomoyo_io_buffer". 154 * @fmt: The printf()'s format string, followed by parameters. 155 */ 156void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 157{ 158 va_list args; 159 int len; 160 int pos = head->r.avail; 161 int size = head->readbuf_size - pos; 162 if (size <= 0) 163 return; 164 va_start(args, fmt); 165 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1; 166 va_end(args); 167 if (pos + len >= head->readbuf_size) { 168 WARN_ON(1); 169 return; 170 } 171 head->r.avail += len; 172 tomoyo_set_string(head, head->read_buf + pos); 173} 174 175static void tomoyo_set_space(struct tomoyo_io_buffer *head) 176{ 177 tomoyo_set_string(head, " "); 178} 179 180static bool tomoyo_set_lf(struct tomoyo_io_buffer *head) 181{ 182 tomoyo_set_string(head, "\n"); 183 return !head->r.w_pos; 184} 185 186/** 187 * tomoyo_print_name_union - Print a tomoyo_name_union. 188 * 189 * @head: Pointer to "struct tomoyo_io_buffer". 190 * @ptr: Pointer to "struct tomoyo_name_union". 191 */ 192static void tomoyo_print_name_union(struct tomoyo_io_buffer *head, 193 const struct tomoyo_name_union *ptr) 194{ 195 tomoyo_set_space(head); 196 if (ptr->is_group) { 197 tomoyo_set_string(head, "@"); 198 tomoyo_set_string(head, ptr->group->group_name->name); 199 } else { 200 tomoyo_set_string(head, ptr->filename->name); 201 } 202} 203 204/** 205 * tomoyo_print_number_union - Print a tomoyo_number_union. 206 * 207 * @head: Pointer to "struct tomoyo_io_buffer". 208 * @ptr: Pointer to "struct tomoyo_number_union". 209 */ 210static void tomoyo_print_number_union(struct tomoyo_io_buffer *head, 211 const struct tomoyo_number_union *ptr) 212{ 213 tomoyo_set_space(head); 214 if (ptr->is_group) { 215 tomoyo_set_string(head, "@"); 216 tomoyo_set_string(head, ptr->group->group_name->name); 217 } else { 218 int i; 219 unsigned long min = ptr->values[0]; 220 const unsigned long max = ptr->values[1]; 221 u8 min_type = ptr->min_type; 222 const u8 max_type = ptr->max_type; 223 char buffer[128]; 224 buffer[0] = '\0'; 225 for (i = 0; i < 2; i++) { 226 switch (min_type) { 227 case TOMOYO_VALUE_TYPE_HEXADECIMAL: 228 tomoyo_addprintf(buffer, sizeof(buffer), 229 "0x%lX", min); 230 break; 231 case TOMOYO_VALUE_TYPE_OCTAL: 232 tomoyo_addprintf(buffer, sizeof(buffer), 233 "0%lo", min); 234 break; 235 default: 236 tomoyo_addprintf(buffer, sizeof(buffer), 237 "%lu", min); 238 break; 239 } 240 if (min == max && min_type == max_type) 241 break; 242 tomoyo_addprintf(buffer, sizeof(buffer), "-"); 243 min_type = max_type; 244 min = max; 245 } 246 tomoyo_io_printf(head, "%s", buffer); 247 } 248} 249 250/** 251 * tomoyo_assign_profile - Create a new profile. 252 * 253 * @profile: Profile number to create. 254 * 255 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. 256 */ 257static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile) 258{ 259 struct tomoyo_profile *ptr; 260 struct tomoyo_profile *entry; 261 if (profile >= TOMOYO_MAX_PROFILES) 262 return NULL; 263 ptr = tomoyo_profile_ptr[profile]; 264 if (ptr) 265 return ptr; 266 entry = kzalloc(sizeof(*entry), GFP_NOFS); 267 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 268 goto out; 269 ptr = tomoyo_profile_ptr[profile]; 270 if (!ptr && tomoyo_memory_ok(entry)) { 271 ptr = entry; 272 ptr->learning = &tomoyo_default_profile.preference; 273 ptr->permissive = &tomoyo_default_profile.preference; 274 ptr->enforcing = &tomoyo_default_profile.preference; 275 ptr->default_config = TOMOYO_CONFIG_DISABLED; 276 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT, 277 sizeof(ptr->config)); 278 mb(); /* Avoid out-of-order execution. */ 279 tomoyo_profile_ptr[profile] = ptr; 280 entry = NULL; 281 } 282 mutex_unlock(&tomoyo_policy_lock); 283 out: 284 kfree(entry); 285 return ptr; 286} 287 288/** 289 * tomoyo_profile - Find a profile. 290 * 291 * @profile: Profile number to find. 292 * 293 * Returns pointer to "struct tomoyo_profile". 294 */ 295struct tomoyo_profile *tomoyo_profile(const u8 profile) 296{ 297 struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile]; 298 if (!tomoyo_policy_loaded) 299 return &tomoyo_default_profile; 300 BUG_ON(!ptr); 301 return ptr; 302} 303 304static s8 tomoyo_find_yesno(const char *string, const char *find) 305{ 306 const char *cp = strstr(string, find); 307 if (cp) { 308 cp += strlen(find); 309 if (!strncmp(cp, "=yes", 4)) 310 return 1; 311 else if (!strncmp(cp, "=no", 3)) 312 return 0; 313 } 314 return -1; 315} 316 317static void tomoyo_set_bool(bool *b, const char *string, const char *find) 318{ 319 switch (tomoyo_find_yesno(string, find)) { 320 case 1: 321 *b = true; 322 break; 323 case 0: 324 *b = false; 325 break; 326 } 327} 328 329static void tomoyo_set_uint(unsigned int *i, const char *string, 330 const char *find) 331{ 332 const char *cp = strstr(string, find); 333 if (cp) 334 sscanf(cp + strlen(find), "=%u", i); 335} 336 337static void tomoyo_set_pref(const char *name, const char *value, 338 const bool use_default, 339 struct tomoyo_profile *profile) 340{ 341 struct tomoyo_preference **pref; 342 bool *verbose; 343 if (!strcmp(name, "enforcing")) { 344 if (use_default) { 345 pref = &profile->enforcing; 346 goto set_default; 347 } 348 profile->enforcing = &profile->preference; 349 verbose = &profile->preference.enforcing_verbose; 350 goto set_verbose; 351 } 352 if (!strcmp(name, "permissive")) { 353 if (use_default) { 354 pref = &profile->permissive; 355 goto set_default; 356 } 357 profile->permissive = &profile->preference; 358 verbose = &profile->preference.permissive_verbose; 359 goto set_verbose; 360 } 361 if (!strcmp(name, "learning")) { 362 if (use_default) { 363 pref = &profile->learning; 364 goto set_default; 365 } 366 profile->learning = &profile->preference; 367 tomoyo_set_uint(&profile->preference.learning_max_entry, value, 368 "max_entry"); 369 verbose = &profile->preference.learning_verbose; 370 goto set_verbose; 371 } 372 return; 373 set_default: 374 *pref = &tomoyo_default_profile.preference; 375 return; 376 set_verbose: 377 tomoyo_set_bool(verbose, value, "verbose"); 378} 379 380static int tomoyo_set_mode(char *name, const char *value, 381 const bool use_default, 382 struct tomoyo_profile *profile) 383{ 384 u8 i; 385 u8 config; 386 if (!strcmp(name, "CONFIG")) { 387 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX; 388 config = profile->default_config; 389 } else if (tomoyo_str_starts(&name, "CONFIG::")) { 390 config = 0; 391 for (i = 0; i < TOMOYO_MAX_MAC_INDEX 392 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) { 393 if (strcmp(name, tomoyo_mac_keywords[i])) 394 continue; 395 config = profile->config[i]; 396 break; 397 } 398 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 399 return -EINVAL; 400 } else { 401 return -EINVAL; 402 } 403 if (use_default) { 404 config = TOMOYO_CONFIG_USE_DEFAULT; 405 } else { 406 u8 mode; 407 for (mode = 0; mode < 4; mode++) 408 if (strstr(value, tomoyo_mode[mode])) 409 /* 410 * Update lower 3 bits in order to distinguish 411 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'. 412 */ 413 config = (config & ~7) | mode; 414 } 415 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 416 profile->config[i] = config; 417 else if (config != TOMOYO_CONFIG_USE_DEFAULT) 418 profile->default_config = config; 419 return 0; 420} 421 422/** 423 * tomoyo_write_profile - Write profile table. 424 * 425 * @head: Pointer to "struct tomoyo_io_buffer". 426 * 427 * Returns 0 on success, negative value otherwise. 428 */ 429static int tomoyo_write_profile(struct tomoyo_io_buffer *head) 430{ 431 char *data = head->write_buf; 432 unsigned int i; 433 bool use_default = false; 434 char *cp; 435 struct tomoyo_profile *profile; 436 if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1) 437 return 0; 438 i = simple_strtoul(data, &cp, 10); 439 if (data == cp) { 440 profile = &tomoyo_default_profile; 441 } else { 442 if (*cp != '-') 443 return -EINVAL; 444 data = cp + 1; 445 profile = tomoyo_assign_profile(i); 446 if (!profile) 447 return -EINVAL; 448 } 449 cp = strchr(data, '='); 450 if (!cp) 451 return -EINVAL; 452 *cp++ = '\0'; 453 if (profile != &tomoyo_default_profile) 454 use_default = strstr(cp, "use_default") != NULL; 455 if (tomoyo_str_starts(&data, "PREFERENCE::")) { 456 tomoyo_set_pref(data, cp, use_default, profile); 457 return 0; 458 } 459 if (profile == &tomoyo_default_profile) 460 return -EINVAL; 461 if (!strcmp(data, "COMMENT")) { 462 const struct tomoyo_path_info *old_comment = profile->comment; 463 profile->comment = tomoyo_get_name(cp); 464 tomoyo_put_name(old_comment); 465 return 0; 466 } 467 return tomoyo_set_mode(data, cp, use_default, profile); 468} 469 470static void tomoyo_print_preference(struct tomoyo_io_buffer *head, 471 const int idx) 472{ 473 struct tomoyo_preference *pref = &tomoyo_default_profile.preference; 474 const struct tomoyo_profile *profile = idx >= 0 ? 475 tomoyo_profile_ptr[idx] : NULL; 476 char buffer[16] = ""; 477 if (profile) { 478 buffer[sizeof(buffer) - 1] = '\0'; 479 snprintf(buffer, sizeof(buffer) - 1, "%u-", idx); 480 } 481 if (profile) { 482 pref = profile->learning; 483 if (pref == &tomoyo_default_profile.preference) 484 goto skip1; 485 } 486 tomoyo_io_printf(head, "%sPREFERENCE::%s={ " 487 "verbose=%s max_entry=%u }\n", 488 buffer, "learning", 489 tomoyo_yesno(pref->learning_verbose), 490 pref->learning_max_entry); 491 skip1: 492 if (profile) { 493 pref = profile->permissive; 494 if (pref == &tomoyo_default_profile.preference) 495 goto skip2; 496 } 497 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n", 498 buffer, "permissive", 499 tomoyo_yesno(pref->permissive_verbose)); 500 skip2: 501 if (profile) { 502 pref = profile->enforcing; 503 if (pref == &tomoyo_default_profile.preference) 504 return; 505 } 506 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n", 507 buffer, "enforcing", 508 tomoyo_yesno(pref->enforcing_verbose)); 509} 510 511static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config) 512{ 513 tomoyo_io_printf(head, "={ mode=%s }\n", tomoyo_mode[config & 3]); 514} 515 516/** 517 * tomoyo_read_profile - Read profile table. 518 * 519 * @head: Pointer to "struct tomoyo_io_buffer". 520 */ 521static void tomoyo_read_profile(struct tomoyo_io_buffer *head) 522{ 523 u8 index; 524 const struct tomoyo_profile *profile; 525 next: 526 index = head->r.index; 527 profile = tomoyo_profile_ptr[index]; 528 switch (head->r.step) { 529 case 0: 530 tomoyo_io_printf(head, "PROFILE_VERSION=%s\n", "20090903"); 531 tomoyo_print_preference(head, -1); 532 head->r.step++; 533 break; 534 case 1: 535 for ( ; head->r.index < TOMOYO_MAX_PROFILES; 536 head->r.index++) 537 if (tomoyo_profile_ptr[head->r.index]) 538 break; 539 if (head->r.index == TOMOYO_MAX_PROFILES) 540 return; 541 head->r.step++; 542 break; 543 case 2: 544 { 545 const struct tomoyo_path_info *comment = 546 profile->comment; 547 tomoyo_io_printf(head, "%u-COMMENT=", index); 548 tomoyo_set_string(head, comment ? comment->name : ""); 549 tomoyo_set_lf(head); 550 head->r.step++; 551 } 552 break; 553 case 3: 554 { 555 tomoyo_io_printf(head, "%u-%s", index, "CONFIG"); 556 tomoyo_print_config(head, profile->default_config); 557 head->r.bit = 0; 558 head->r.step++; 559 } 560 break; 561 case 4: 562 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX 563 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) { 564 const u8 i = head->r.bit; 565 const u8 config = profile->config[i]; 566 if (config == TOMOYO_CONFIG_USE_DEFAULT) 567 continue; 568 tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::", 569 tomoyo_mac_keywords[i]); 570 tomoyo_print_config(head, config); 571 head->r.bit++; 572 break; 573 } 574 if (head->r.bit == TOMOYO_MAX_MAC_INDEX 575 + TOMOYO_MAX_MAC_CATEGORY_INDEX) { 576 tomoyo_print_preference(head, index); 577 head->r.index++; 578 head->r.step = 1; 579 } 580 break; 581 } 582 if (tomoyo_flush(head)) 583 goto next; 584} 585 586static bool tomoyo_same_manager(const struct tomoyo_acl_head *a, 587 const struct tomoyo_acl_head *b) 588{ 589 return container_of(a, struct tomoyo_manager, head)->manager == 590 container_of(b, struct tomoyo_manager, head)->manager; 591} 592 593/** 594 * tomoyo_update_manager_entry - Add a manager entry. 595 * 596 * @manager: The path to manager or the domainnamme. 597 * @is_delete: True if it is a delete request. 598 * 599 * Returns 0 on success, negative value otherwise. 600 * 601 * Caller holds tomoyo_read_lock(). 602 */ 603static int tomoyo_update_manager_entry(const char *manager, 604 const bool is_delete) 605{ 606 struct tomoyo_manager e = { }; 607 int error; 608 609 if (tomoyo_domain_def(manager)) { 610 if (!tomoyo_correct_domain(manager)) 611 return -EINVAL; 612 e.is_domain = true; 613 } else { 614 if (!tomoyo_correct_path(manager)) 615 return -EINVAL; 616 } 617 e.manager = tomoyo_get_name(manager); 618 if (!e.manager) 619 return -ENOMEM; 620 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 621 &tomoyo_policy_list[TOMOYO_ID_MANAGER], 622 tomoyo_same_manager); 623 tomoyo_put_name(e.manager); 624 return error; 625} 626 627/** 628 * tomoyo_write_manager - Write manager policy. 629 * 630 * @head: Pointer to "struct tomoyo_io_buffer". 631 * 632 * Returns 0 on success, negative value otherwise. 633 * 634 * Caller holds tomoyo_read_lock(). 635 */ 636static int tomoyo_write_manager(struct tomoyo_io_buffer *head) 637{ 638 char *data = head->write_buf; 639 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 640 641 if (!strcmp(data, "manage_by_non_root")) { 642 tomoyo_manage_by_non_root = !is_delete; 643 return 0; 644 } 645 return tomoyo_update_manager_entry(data, is_delete); 646} 647 648/** 649 * tomoyo_read_manager - Read manager policy. 650 * 651 * @head: Pointer to "struct tomoyo_io_buffer". 652 * 653 * Caller holds tomoyo_read_lock(). 654 */ 655static void tomoyo_read_manager(struct tomoyo_io_buffer *head) 656{ 657 if (head->r.eof) 658 return; 659 list_for_each_cookie(head->r.acl, 660 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) { 661 struct tomoyo_manager *ptr = 662 list_entry(head->r.acl, typeof(*ptr), head.list); 663 if (ptr->head.is_deleted) 664 continue; 665 if (!tomoyo_flush(head)) 666 return; 667 tomoyo_set_string(head, ptr->manager->name); 668 tomoyo_set_lf(head); 669 } 670 head->r.eof = true; 671} 672 673/** 674 * tomoyo_manager - Check whether the current process is a policy manager. 675 * 676 * Returns true if the current process is permitted to modify policy 677 * via /sys/kernel/security/tomoyo/ interface. 678 * 679 * Caller holds tomoyo_read_lock(). 680 */ 681static bool tomoyo_manager(void) 682{ 683 struct tomoyo_manager *ptr; 684 const char *exe; 685 const struct task_struct *task = current; 686 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 687 bool found = false; 688 689 if (!tomoyo_policy_loaded) 690 return true; 691 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 692 return false; 693 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], 694 head.list) { 695 if (!ptr->head.is_deleted && ptr->is_domain 696 && !tomoyo_pathcmp(domainname, ptr->manager)) { 697 found = true; 698 break; 699 } 700 } 701 if (found) 702 return true; 703 exe = tomoyo_get_exe(); 704 if (!exe) 705 return false; 706 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER], 707 head.list) { 708 if (!ptr->head.is_deleted && !ptr->is_domain 709 && !strcmp(exe, ptr->manager->name)) { 710 found = true; 711 break; 712 } 713 } 714 if (!found) { /* Reduce error messages. */ 715 static pid_t last_pid; 716 const pid_t pid = current->pid; 717 if (last_pid != pid) { 718 printk(KERN_WARNING "%s ( %s ) is not permitted to " 719 "update policies.\n", domainname->name, exe); 720 last_pid = pid; 721 } 722 } 723 kfree(exe); 724 return found; 725} 726 727/** 728 * tomoyo_select_one - Parse select command. 729 * 730 * @head: Pointer to "struct tomoyo_io_buffer". 731 * @data: String to parse. 732 * 733 * Returns true on success, false otherwise. 734 * 735 * Caller holds tomoyo_read_lock(). 736 */ 737static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data) 738{ 739 unsigned int pid; 740 struct tomoyo_domain_info *domain = NULL; 741 bool global_pid = false; 742 743 if (!strcmp(data, "allow_execute")) { 744 head->r.print_execute_only = true; 745 return true; 746 } 747 if (sscanf(data, "pid=%u", &pid) == 1 || 748 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { 749 struct task_struct *p; 750 rcu_read_lock(); 751 read_lock(&tasklist_lock); 752 if (global_pid) 753 p = find_task_by_pid_ns(pid, &init_pid_ns); 754 else 755 p = find_task_by_vpid(pid); 756 if (p) 757 domain = tomoyo_real_domain(p); 758 read_unlock(&tasklist_lock); 759 rcu_read_unlock(); 760 } else if (!strncmp(data, "domain=", 7)) { 761 if (tomoyo_domain_def(data + 7)) 762 domain = tomoyo_find_domain(data + 7); 763 } else 764 return false; 765 head->write_var1 = domain; 766 /* Accessing read_buf is safe because head->io_sem is held. */ 767 if (!head->read_buf) 768 return true; /* Do nothing if open(O_WRONLY). */ 769 memset(&head->r, 0, sizeof(head->r)); 770 head->r.print_this_domain_only = true; 771 if (domain) 772 head->r.domain = &domain->list; 773 else 774 head->r.eof = 1; 775 tomoyo_io_printf(head, "# select %s\n", data); 776 if (domain && domain->is_deleted) 777 tomoyo_io_printf(head, "# This is a deleted domain.\n"); 778 return true; 779} 780 781/** 782 * tomoyo_delete_domain - Delete a domain. 783 * 784 * @domainname: The name of domain. 785 * 786 * Returns 0. 787 * 788 * Caller holds tomoyo_read_lock(). 789 */ 790static int tomoyo_delete_domain(char *domainname) 791{ 792 struct tomoyo_domain_info *domain; 793 struct tomoyo_path_info name; 794 795 name.name = domainname; 796 tomoyo_fill_path_info(&name); 797 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 798 return 0; 799 /* Is there an active domain? */ 800 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 801 /* Never delete tomoyo_kernel_domain */ 802 if (domain == &tomoyo_kernel_domain) 803 continue; 804 if (domain->is_deleted || 805 tomoyo_pathcmp(domain->domainname, &name)) 806 continue; 807 domain->is_deleted = true; 808 break; 809 } 810 mutex_unlock(&tomoyo_policy_lock); 811 return 0; 812} 813 814/** 815 * tomoyo_write_domain2 - Write domain policy. 816 * 817 * @head: Pointer to "struct tomoyo_io_buffer". 818 * 819 * Returns 0 on success, negative value otherwise. 820 * 821 * Caller holds tomoyo_read_lock(). 822 */ 823static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain, 824 const bool is_delete) 825{ 826 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT)) 827 return tomoyo_write_mount(data, domain, is_delete); 828 return tomoyo_write_file(data, domain, is_delete); 829} 830 831/** 832 * tomoyo_write_domain - Write domain policy. 833 * 834 * @head: Pointer to "struct tomoyo_io_buffer". 835 * 836 * Returns 0 on success, negative value otherwise. 837 * 838 * Caller holds tomoyo_read_lock(). 839 */ 840static int tomoyo_write_domain(struct tomoyo_io_buffer *head) 841{ 842 char *data = head->write_buf; 843 struct tomoyo_domain_info *domain = head->write_var1; 844 bool is_delete = false; 845 bool is_select = false; 846 unsigned int profile; 847 848 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE)) 849 is_delete = true; 850 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT)) 851 is_select = true; 852 if (is_select && tomoyo_select_one(head, data)) 853 return 0; 854 /* Don't allow updating policies by non manager programs. */ 855 if (!tomoyo_manager()) 856 return -EPERM; 857 if (tomoyo_domain_def(data)) { 858 domain = NULL; 859 if (is_delete) 860 tomoyo_delete_domain(data); 861 else if (is_select) 862 domain = tomoyo_find_domain(data); 863 else 864 domain = tomoyo_assign_domain(data, 0); 865 head->write_var1 = domain; 866 return 0; 867 } 868 if (!domain) 869 return -EINVAL; 870 871 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1 872 && profile < TOMOYO_MAX_PROFILES) { 873 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) 874 domain->profile = (u8) profile; 875 return 0; 876 } 877 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) { 878 domain->ignore_global_allow_read = !is_delete; 879 return 0; 880 } 881 if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) { 882 domain->quota_warned = !is_delete; 883 return 0; 884 } 885 if (!strcmp(data, TOMOYO_KEYWORD_TRANSITION_FAILED)) { 886 domain->transition_failed = !is_delete; 887 return 0; 888 } 889 return tomoyo_write_domain2(data, domain, is_delete); 890} 891 892/** 893 * tomoyo_fns - Find next set bit. 894 * 895 * @perm: 8 bits value. 896 * @bit: First bit to find. 897 * 898 * Returns next on-bit on success, 8 otherwise. 899 */ 900static u8 tomoyo_fns(const u8 perm, u8 bit) 901{ 902 for ( ; bit < 8; bit++) 903 if (perm & (1 << bit)) 904 break; 905 return bit; 906} 907 908/** 909 * tomoyo_print_entry - Print an ACL entry. 910 * 911 * @head: Pointer to "struct tomoyo_io_buffer". 912 * @acl: Pointer to an ACL entry. 913 * 914 * Returns true on success, false otherwise. 915 */ 916static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, 917 struct tomoyo_acl_info *acl) 918{ 919 const u8 acl_type = acl->type; 920 u8 bit; 921 922 if (acl->is_deleted) 923 return true; 924 next: 925 bit = head->r.bit; 926 if (!tomoyo_flush(head)) 927 return false; 928 else if (acl_type == TOMOYO_TYPE_PATH_ACL) { 929 struct tomoyo_path_acl *ptr = 930 container_of(acl, typeof(*ptr), head); 931 const u16 perm = ptr->perm; 932 for ( ; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { 933 if (!(perm & (1 << bit))) 934 continue; 935 if (head->r.print_execute_only && 936 bit != TOMOYO_TYPE_EXECUTE) 937 continue; 938 /* Print "read/write" instead of "read" and "write". */ 939 if ((bit == TOMOYO_TYPE_READ || 940 bit == TOMOYO_TYPE_WRITE) 941 && (perm & (1 << TOMOYO_TYPE_READ_WRITE))) 942 continue; 943 break; 944 } 945 if (bit >= TOMOYO_MAX_PATH_OPERATION) 946 goto done; 947 tomoyo_io_printf(head, "allow_%s", tomoyo_path_keyword[bit]); 948 tomoyo_print_name_union(head, &ptr->name); 949 } else if (head->r.print_execute_only) { 950 return true; 951 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { 952 struct tomoyo_path2_acl *ptr = 953 container_of(acl, typeof(*ptr), head); 954 bit = tomoyo_fns(ptr->perm, bit); 955 if (bit >= TOMOYO_MAX_PATH2_OPERATION) 956 goto done; 957 tomoyo_io_printf(head, "allow_%s", tomoyo_path2_keyword[bit]); 958 tomoyo_print_name_union(head, &ptr->name1); 959 tomoyo_print_name_union(head, &ptr->name2); 960 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) { 961 struct tomoyo_path_number_acl *ptr = 962 container_of(acl, typeof(*ptr), head); 963 bit = tomoyo_fns(ptr->perm, bit); 964 if (bit >= TOMOYO_MAX_PATH_NUMBER_OPERATION) 965 goto done; 966 tomoyo_io_printf(head, "allow_%s", 967 tomoyo_path_number_keyword[bit]); 968 tomoyo_print_name_union(head, &ptr->name); 969 tomoyo_print_number_union(head, &ptr->number); 970 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) { 971 struct tomoyo_mkdev_acl *ptr = 972 container_of(acl, typeof(*ptr), head); 973 bit = tomoyo_fns(ptr->perm, bit); 974 if (bit >= TOMOYO_MAX_MKDEV_OPERATION) 975 goto done; 976 tomoyo_io_printf(head, "allow_%s", tomoyo_mkdev_keyword[bit]); 977 tomoyo_print_name_union(head, &ptr->name); 978 tomoyo_print_number_union(head, &ptr->mode); 979 tomoyo_print_number_union(head, &ptr->major); 980 tomoyo_print_number_union(head, &ptr->minor); 981 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) { 982 struct tomoyo_mount_acl *ptr = 983 container_of(acl, typeof(*ptr), head); 984 tomoyo_io_printf(head, "allow_mount"); 985 tomoyo_print_name_union(head, &ptr->dev_name); 986 tomoyo_print_name_union(head, &ptr->dir_name); 987 tomoyo_print_name_union(head, &ptr->fs_type); 988 tomoyo_print_number_union(head, &ptr->flags); 989 } 990 head->r.bit = bit + 1; 991 tomoyo_io_printf(head, "\n"); 992 if (acl_type != TOMOYO_TYPE_MOUNT_ACL) 993 goto next; 994 done: 995 head->r.bit = 0; 996 return true; 997} 998 999/** 1000 * tomoyo_read_domain2 - Read domain policy. 1001 * 1002 * @head: Pointer to "struct tomoyo_io_buffer". 1003 * @domain: Pointer to "struct tomoyo_domain_info". 1004 * 1005 * Caller holds tomoyo_read_lock(). 1006 * 1007 * Returns true on success, false otherwise. 1008 */ 1009static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head, 1010 struct tomoyo_domain_info *domain) 1011{ 1012 list_for_each_cookie(head->r.acl, &domain->acl_info_list) { 1013 struct tomoyo_acl_info *ptr = 1014 list_entry(head->r.acl, typeof(*ptr), list); 1015 if (!tomoyo_print_entry(head, ptr)) 1016 return false; 1017 } 1018 head->r.acl = NULL; 1019 return true; 1020} 1021 1022/** 1023 * tomoyo_read_domain - Read domain policy. 1024 * 1025 * @head: Pointer to "struct tomoyo_io_buffer". 1026 * 1027 * Caller holds tomoyo_read_lock(). 1028 */ 1029static void tomoyo_read_domain(struct tomoyo_io_buffer *head) 1030{ 1031 if (head->r.eof) 1032 return; 1033 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { 1034 struct tomoyo_domain_info *domain = 1035 list_entry(head->r.domain, typeof(*domain), list); 1036 switch (head->r.step) { 1037 case 0: 1038 if (domain->is_deleted && 1039 !head->r.print_this_domain_only) 1040 continue; 1041 /* Print domainname and flags. */ 1042 tomoyo_set_string(head, domain->domainname->name); 1043 tomoyo_set_lf(head); 1044 tomoyo_io_printf(head, 1045 TOMOYO_KEYWORD_USE_PROFILE "%u\n", 1046 domain->profile); 1047 if (domain->quota_warned) 1048 tomoyo_set_string(head, "quota_exceeded\n"); 1049 if (domain->transition_failed) 1050 tomoyo_set_string(head, "transition_failed\n"); 1051 if (domain->ignore_global_allow_read) 1052 tomoyo_set_string(head, 1053 TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ 1054 "\n"); 1055 head->r.step++; 1056 tomoyo_set_lf(head); 1057 /* fall through */ 1058 case 1: 1059 if (!tomoyo_read_domain2(head, domain)) 1060 return; 1061 head->r.step++; 1062 if (!tomoyo_set_lf(head)) 1063 return; 1064 /* fall through */ 1065 case 2: 1066 head->r.step = 0; 1067 if (head->r.print_this_domain_only) 1068 goto done; 1069 } 1070 } 1071 done: 1072 head->r.eof = true; 1073} 1074 1075/** 1076 * tomoyo_write_domain_profile - Assign profile for specified domain. 1077 * 1078 * @head: Pointer to "struct tomoyo_io_buffer". 1079 * 1080 * Returns 0 on success, -EINVAL otherwise. 1081 * 1082 * This is equivalent to doing 1083 * 1084 * ( echo "select " $domainname; echo "use_profile " $profile ) | 1085 * /usr/sbin/tomoyo-loadpolicy -d 1086 * 1087 * Caller holds tomoyo_read_lock(). 1088 */ 1089static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) 1090{ 1091 char *data = head->write_buf; 1092 char *cp = strchr(data, ' '); 1093 struct tomoyo_domain_info *domain; 1094 unsigned long profile; 1095 1096 if (!cp) 1097 return -EINVAL; 1098 *cp = '\0'; 1099 domain = tomoyo_find_domain(cp + 1); 1100 if (strict_strtoul(data, 10, &profile)) 1101 return -EINVAL; 1102 if (domain && profile < TOMOYO_MAX_PROFILES 1103 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)) 1104 domain->profile = (u8) profile; 1105 return 0; 1106} 1107 1108/** 1109 * tomoyo_read_domain_profile - Read only domainname and profile. 1110 * 1111 * @head: Pointer to "struct tomoyo_io_buffer". 1112 * 1113 * Returns list of profile number and domainname pairs. 1114 * 1115 * This is equivalent to doing 1116 * 1117 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy | 1118 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" ) 1119 * domainname = $0; } else if ( $1 == "use_profile" ) { 1120 * print $2 " " domainname; domainname = ""; } } ; ' 1121 * 1122 * Caller holds tomoyo_read_lock(). 1123 */ 1124static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head) 1125{ 1126 if (head->r.eof) 1127 return; 1128 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { 1129 struct tomoyo_domain_info *domain = 1130 list_entry(head->r.domain, typeof(*domain), list); 1131 if (domain->is_deleted) 1132 continue; 1133 if (!tomoyo_flush(head)) 1134 return; 1135 tomoyo_io_printf(head, "%u ", domain->profile); 1136 tomoyo_set_string(head, domain->domainname->name); 1137 tomoyo_set_lf(head); 1138 } 1139 head->r.eof = true; 1140} 1141 1142/** 1143 * tomoyo_write_pid: Specify PID to obtain domainname. 1144 * 1145 * @head: Pointer to "struct tomoyo_io_buffer". 1146 * 1147 * Returns 0. 1148 */ 1149static int tomoyo_write_pid(struct tomoyo_io_buffer *head) 1150{ 1151 head->r.eof = false; 1152 return 0; 1153} 1154 1155/** 1156 * tomoyo_read_pid - Get domainname of the specified PID. 1157 * 1158 * @head: Pointer to "struct tomoyo_io_buffer". 1159 * 1160 * Returns the domainname which the specified PID is in on success, 1161 * empty string otherwise. 1162 * The PID is specified by tomoyo_write_pid() so that the user can obtain 1163 * using read()/write() interface rather than sysctl() interface. 1164 */ 1165static void tomoyo_read_pid(struct tomoyo_io_buffer *head) 1166{ 1167 char *buf = head->write_buf; 1168 bool global_pid = false; 1169 unsigned int pid; 1170 struct task_struct *p; 1171 struct tomoyo_domain_info *domain = NULL; 1172 1173 /* Accessing write_buf is safe because head->io_sem is held. */ 1174 if (!buf) { 1175 head->r.eof = true; 1176 return; /* Do nothing if open(O_RDONLY). */ 1177 } 1178 if (head->r.w_pos || head->r.eof) 1179 return; 1180 head->r.eof = true; 1181 if (tomoyo_str_starts(&buf, "global-pid ")) 1182 global_pid = true; 1183 pid = (unsigned int) simple_strtoul(buf, NULL, 10); 1184 rcu_read_lock(); 1185 read_lock(&tasklist_lock); 1186 if (global_pid) 1187 p = find_task_by_pid_ns(pid, &init_pid_ns); 1188 else 1189 p = find_task_by_vpid(pid); 1190 if (p) 1191 domain = tomoyo_real_domain(p); 1192 read_unlock(&tasklist_lock); 1193 rcu_read_unlock(); 1194 if (!domain) 1195 return; 1196 tomoyo_io_printf(head, "%u %u ", pid, domain->profile); 1197 tomoyo_set_string(head, domain->domainname->name); 1198} 1199 1200static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { 1201 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] 1202 = TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN, 1203 [TOMOYO_TRANSITION_CONTROL_INITIALIZE] 1204 = TOMOYO_KEYWORD_INITIALIZE_DOMAIN, 1205 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = TOMOYO_KEYWORD_NO_KEEP_DOMAIN, 1206 [TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN 1207}; 1208 1209static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { 1210 [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP, 1211 [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP 1212}; 1213 1214/** 1215 * tomoyo_write_exception - Write exception policy. 1216 * 1217 * @head: Pointer to "struct tomoyo_io_buffer". 1218 * 1219 * Returns 0 on success, negative value otherwise. 1220 * 1221 * Caller holds tomoyo_read_lock(). 1222 */ 1223static int tomoyo_write_exception(struct tomoyo_io_buffer *head) 1224{ 1225 char *data = head->write_buf; 1226 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1227 u8 i; 1228 static const struct { 1229 const char *keyword; 1230 int (*write) (char *, const bool); 1231 } tomoyo_callback[4] = { 1232 { TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator }, 1233 { TOMOYO_KEYWORD_FILE_PATTERN, tomoyo_write_pattern }, 1234 { TOMOYO_KEYWORD_DENY_REWRITE, tomoyo_write_no_rewrite }, 1235 { TOMOYO_KEYWORD_ALLOW_READ, tomoyo_write_globally_readable }, 1236 }; 1237 1238 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) 1239 if (tomoyo_str_starts(&data, tomoyo_transition_type[i])) 1240 return tomoyo_write_transition_control(data, is_delete, 1241 i); 1242 for (i = 0; i < 4; i++) 1243 if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword)) 1244 return tomoyo_callback[i].write(data, is_delete); 1245 for (i = 0; i < TOMOYO_MAX_GROUP; i++) 1246 if (tomoyo_str_starts(&data, tomoyo_group_name[i])) 1247 return tomoyo_write_group(data, is_delete, i); 1248 return -EINVAL; 1249} 1250 1251/** 1252 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list. 1253 * 1254 * @head: Pointer to "struct tomoyo_io_buffer". 1255 * @idx: Index number. 1256 * 1257 * Returns true on success, false otherwise. 1258 * 1259 * Caller holds tomoyo_read_lock(). 1260 */ 1261static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) 1262{ 1263 list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) { 1264 struct tomoyo_group *group = 1265 list_entry(head->r.group, typeof(*group), list); 1266 list_for_each_cookie(head->r.acl, &group->member_list) { 1267 struct tomoyo_acl_head *ptr = 1268 list_entry(head->r.acl, typeof(*ptr), list); 1269 if (ptr->is_deleted) 1270 continue; 1271 if (!tomoyo_flush(head)) 1272 return false; 1273 tomoyo_set_string(head, tomoyo_group_name[idx]); 1274 tomoyo_set_string(head, group->group_name->name); 1275 if (idx == TOMOYO_PATH_GROUP) { 1276 tomoyo_set_space(head); 1277 tomoyo_set_string(head, container_of 1278 (ptr, struct tomoyo_path_group, 1279 head)->member_name->name); 1280 } else if (idx == TOMOYO_NUMBER_GROUP) { 1281 tomoyo_print_number_union(head, &container_of 1282 (ptr, 1283 struct tomoyo_number_group, 1284 head)->number); 1285 } 1286 tomoyo_set_lf(head); 1287 } 1288 head->r.acl = NULL; 1289 } 1290 head->r.group = NULL; 1291 return true; 1292} 1293 1294/** 1295 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list. 1296 * 1297 * @head: Pointer to "struct tomoyo_io_buffer". 1298 * @idx: Index number. 1299 * 1300 * Returns true on success, false otherwise. 1301 * 1302 * Caller holds tomoyo_read_lock(). 1303 */ 1304static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) 1305{ 1306 list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) { 1307 struct tomoyo_acl_head *acl = 1308 container_of(head->r.acl, typeof(*acl), list); 1309 if (acl->is_deleted) 1310 continue; 1311 if (!tomoyo_flush(head)) 1312 return false; 1313 switch (idx) { 1314 case TOMOYO_ID_TRANSITION_CONTROL: 1315 { 1316 struct tomoyo_transition_control *ptr = 1317 container_of(acl, typeof(*ptr), head); 1318 tomoyo_set_string(head, 1319 tomoyo_transition_type 1320 [ptr->type]); 1321 if (ptr->program) 1322 tomoyo_set_string(head, 1323 ptr->program->name); 1324 if (ptr->program && ptr->domainname) 1325 tomoyo_set_string(head, " from "); 1326 if (ptr->domainname) 1327 tomoyo_set_string(head, 1328 ptr->domainname-> 1329 name); 1330 } 1331 break; 1332 case TOMOYO_ID_GLOBALLY_READABLE: 1333 { 1334 struct tomoyo_readable_file *ptr = 1335 container_of(acl, typeof(*ptr), head); 1336 tomoyo_set_string(head, 1337 TOMOYO_KEYWORD_ALLOW_READ); 1338 tomoyo_set_string(head, ptr->filename->name); 1339 } 1340 break; 1341 case TOMOYO_ID_AGGREGATOR: 1342 { 1343 struct tomoyo_aggregator *ptr = 1344 container_of(acl, typeof(*ptr), head); 1345 tomoyo_set_string(head, 1346 TOMOYO_KEYWORD_AGGREGATOR); 1347 tomoyo_set_string(head, 1348 ptr->original_name->name); 1349 tomoyo_set_space(head); 1350 tomoyo_set_string(head, 1351 ptr->aggregated_name->name); 1352 } 1353 break; 1354 case TOMOYO_ID_PATTERN: 1355 { 1356 struct tomoyo_no_pattern *ptr = 1357 container_of(acl, typeof(*ptr), head); 1358 tomoyo_set_string(head, 1359 TOMOYO_KEYWORD_FILE_PATTERN); 1360 tomoyo_set_string(head, ptr->pattern->name); 1361 } 1362 break; 1363 case TOMOYO_ID_NO_REWRITE: 1364 { 1365 struct tomoyo_no_rewrite *ptr = 1366 container_of(acl, typeof(*ptr), head); 1367 tomoyo_set_string(head, 1368 TOMOYO_KEYWORD_DENY_REWRITE); 1369 tomoyo_set_string(head, ptr->pattern->name); 1370 } 1371 break; 1372 default: 1373 continue; 1374 } 1375 tomoyo_set_lf(head); 1376 } 1377 head->r.acl = NULL; 1378 return true; 1379} 1380 1381/** 1382 * tomoyo_read_exception - Read exception policy. 1383 * 1384 * @head: Pointer to "struct tomoyo_io_buffer". 1385 * 1386 * Caller holds tomoyo_read_lock(). 1387 */ 1388static void tomoyo_read_exception(struct tomoyo_io_buffer *head) 1389{ 1390 if (head->r.eof) 1391 return; 1392 while (head->r.step < TOMOYO_MAX_POLICY && 1393 tomoyo_read_policy(head, head->r.step)) 1394 head->r.step++; 1395 if (head->r.step < TOMOYO_MAX_POLICY) 1396 return; 1397 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP && 1398 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY)) 1399 head->r.step++; 1400 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP) 1401 return; 1402 head->r.eof = true; 1403} 1404 1405/** 1406 * tomoyo_print_header - Get header line of audit log. 1407 * 1408 * @r: Pointer to "struct tomoyo_request_info". 1409 * 1410 * Returns string representation. 1411 * 1412 * This function uses kmalloc(), so caller must kfree() if this function 1413 * didn't return NULL. 1414 */ 1415static char *tomoyo_print_header(struct tomoyo_request_info *r) 1416{ 1417 struct timeval tv; 1418 const pid_t gpid = task_pid_nr(current); 1419 static const int tomoyo_buffer_len = 4096; 1420 char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS); 1421 pid_t ppid; 1422 if (!buffer) 1423 return NULL; 1424 do_gettimeofday(&tv); 1425 rcu_read_lock(); 1426 ppid = task_tgid_vnr(current->real_parent); 1427 rcu_read_unlock(); 1428 snprintf(buffer, tomoyo_buffer_len - 1, 1429 "#timestamp=%lu profile=%u mode=%s (global-pid=%u)" 1430 " task={ pid=%u ppid=%u uid=%u gid=%u euid=%u" 1431 " egid=%u suid=%u sgid=%u fsuid=%u fsgid=%u }", 1432 tv.tv_sec, r->profile, tomoyo_mode[r->mode], gpid, 1433 task_tgid_vnr(current), ppid, 1434 current_uid(), current_gid(), current_euid(), 1435 current_egid(), current_suid(), current_sgid(), 1436 current_fsuid(), current_fsgid()); 1437 return buffer; 1438} 1439 1440/** 1441 * tomoyo_init_audit_log - Allocate buffer for audit logs. 1442 * 1443 * @len: Required size. 1444 * @r: Pointer to "struct tomoyo_request_info". 1445 * 1446 * Returns pointer to allocated memory. 1447 * 1448 * The @len is updated to add the header lines' size on success. 1449 * 1450 * This function uses kzalloc(), so caller must kfree() if this function 1451 * didn't return NULL. 1452 */ 1453static char *tomoyo_init_audit_log(int *len, struct tomoyo_request_info *r) 1454{ 1455 char *buf = NULL; 1456 const char *header; 1457 const char *domainname; 1458 if (!r->domain) 1459 r->domain = tomoyo_domain(); 1460 domainname = r->domain->domainname->name; 1461 header = tomoyo_print_header(r); 1462 if (!header) 1463 return NULL; 1464 *len += strlen(domainname) + strlen(header) + 10; 1465 buf = kzalloc(*len, GFP_NOFS); 1466 if (buf) 1467 snprintf(buf, (*len) - 1, "%s\n%s\n", header, domainname); 1468 kfree(header); 1469 return buf; 1470} 1471 1472/* Wait queue for tomoyo_query_list. */ 1473static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait); 1474 1475/* Lock for manipulating tomoyo_query_list. */ 1476static DEFINE_SPINLOCK(tomoyo_query_list_lock); 1477 1478/* Structure for query. */ 1479struct tomoyo_query { 1480 struct list_head list; 1481 char *query; 1482 int query_len; 1483 unsigned int serial; 1484 int timer; 1485 int answer; 1486}; 1487 1488/* The list for "struct tomoyo_query". */ 1489static LIST_HEAD(tomoyo_query_list); 1490 1491/* 1492 * Number of "struct file" referring /sys/kernel/security/tomoyo/query 1493 * interface. 1494 */ 1495static atomic_t tomoyo_query_observers = ATOMIC_INIT(0); 1496 1497/** 1498 * tomoyo_supervisor - Ask for the supervisor's decision. 1499 * 1500 * @r: Pointer to "struct tomoyo_request_info". 1501 * @fmt: The printf()'s format string, followed by parameters. 1502 * 1503 * Returns 0 if the supervisor decided to permit the access request which 1504 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the 1505 * supervisor decided to retry the access request which violated the policy in 1506 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise. 1507 */ 1508int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) 1509{ 1510 va_list args; 1511 int error = -EPERM; 1512 int pos; 1513 int len; 1514 static unsigned int tomoyo_serial; 1515 struct tomoyo_query *entry = NULL; 1516 bool quota_exceeded = false; 1517 char *header; 1518 switch (r->mode) { 1519 char *buffer; 1520 case TOMOYO_CONFIG_LEARNING: 1521 if (!tomoyo_domain_quota_is_ok(r)) 1522 return 0; 1523 va_start(args, fmt); 1524 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4; 1525 va_end(args); 1526 buffer = kmalloc(len, GFP_NOFS); 1527 if (!buffer) 1528 return 0; 1529 va_start(args, fmt); 1530 vsnprintf(buffer, len - 1, fmt, args); 1531 va_end(args); 1532 tomoyo_normalize_line(buffer); 1533 tomoyo_write_domain2(buffer, r->domain, false); 1534 kfree(buffer); 1535 /* fall through */ 1536 case TOMOYO_CONFIG_PERMISSIVE: 1537 return 0; 1538 } 1539 if (!r->domain) 1540 r->domain = tomoyo_domain(); 1541 if (!atomic_read(&tomoyo_query_observers)) 1542 return -EPERM; 1543 va_start(args, fmt); 1544 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32; 1545 va_end(args); 1546 header = tomoyo_init_audit_log(&len, r); 1547 if (!header) 1548 goto out; 1549 entry = kzalloc(sizeof(*entry), GFP_NOFS); 1550 if (!entry) 1551 goto out; 1552 entry->query = kzalloc(len, GFP_NOFS); 1553 if (!entry->query) 1554 goto out; 1555 len = ksize(entry->query); 1556 spin_lock(&tomoyo_query_list_lock); 1557 if (tomoyo_quota_for_query && tomoyo_query_memory_size + len + 1558 sizeof(*entry) >= tomoyo_quota_for_query) { 1559 quota_exceeded = true; 1560 } else { 1561 tomoyo_query_memory_size += len + sizeof(*entry); 1562 entry->serial = tomoyo_serial++; 1563 } 1564 spin_unlock(&tomoyo_query_list_lock); 1565 if (quota_exceeded) 1566 goto out; 1567 pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s", 1568 entry->serial, r->retry, header); 1569 kfree(header); 1570 header = NULL; 1571 va_start(args, fmt); 1572 vsnprintf(entry->query + pos, len - 1 - pos, fmt, args); 1573 entry->query_len = strlen(entry->query) + 1; 1574 va_end(args); 1575 spin_lock(&tomoyo_query_list_lock); 1576 list_add_tail(&entry->list, &tomoyo_query_list); 1577 spin_unlock(&tomoyo_query_list_lock); 1578 /* Give 10 seconds for supervisor's opinion. */ 1579 for (entry->timer = 0; 1580 atomic_read(&tomoyo_query_observers) && entry->timer < 100; 1581 entry->timer++) { 1582 wake_up(&tomoyo_query_wait); 1583 set_current_state(TASK_INTERRUPTIBLE); 1584 schedule_timeout(HZ / 10); 1585 if (entry->answer) 1586 break; 1587 } 1588 spin_lock(&tomoyo_query_list_lock); 1589 list_del(&entry->list); 1590 tomoyo_query_memory_size -= len + sizeof(*entry); 1591 spin_unlock(&tomoyo_query_list_lock); 1592 switch (entry->answer) { 1593 case 3: /* Asked to retry by administrator. */ 1594 error = TOMOYO_RETRY_REQUEST; 1595 r->retry++; 1596 break; 1597 case 1: 1598 /* Granted by administrator. */ 1599 error = 0; 1600 break; 1601 case 0: 1602 /* Timed out. */ 1603 break; 1604 default: 1605 /* Rejected by administrator. */ 1606 break; 1607 } 1608 out: 1609 if (entry) 1610 kfree(entry->query); 1611 kfree(entry); 1612 kfree(header); 1613 return error; 1614} 1615 1616/** 1617 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query. 1618 * 1619 * @file: Pointer to "struct file". 1620 * @wait: Pointer to "poll_table". 1621 * 1622 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise. 1623 * 1624 * Waits for access requests which violated policy in enforcing mode. 1625 */ 1626static int tomoyo_poll_query(struct file *file, poll_table *wait) 1627{ 1628 struct list_head *tmp; 1629 bool found = false; 1630 u8 i; 1631 for (i = 0; i < 2; i++) { 1632 spin_lock(&tomoyo_query_list_lock); 1633 list_for_each(tmp, &tomoyo_query_list) { 1634 struct tomoyo_query *ptr = 1635 list_entry(tmp, typeof(*ptr), list); 1636 if (ptr->answer) 1637 continue; 1638 found = true; 1639 break; 1640 } 1641 spin_unlock(&tomoyo_query_list_lock); 1642 if (found) 1643 return POLLIN | POLLRDNORM; 1644 if (i) 1645 break; 1646 poll_wait(file, &tomoyo_query_wait, wait); 1647 } 1648 return 0; 1649} 1650 1651/** 1652 * tomoyo_read_query - Read access requests which violated policy in enforcing mode. 1653 * 1654 * @head: Pointer to "struct tomoyo_io_buffer". 1655 */ 1656static void tomoyo_read_query(struct tomoyo_io_buffer *head) 1657{ 1658 struct list_head *tmp; 1659 int pos = 0; 1660 int len = 0; 1661 char *buf; 1662 if (head->r.w_pos) 1663 return; 1664 if (head->read_buf) { 1665 kfree(head->read_buf); 1666 head->read_buf = NULL; 1667 } 1668 spin_lock(&tomoyo_query_list_lock); 1669 list_for_each(tmp, &tomoyo_query_list) { 1670 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1671 if (ptr->answer) 1672 continue; 1673 if (pos++ != head->r.query_index) 1674 continue; 1675 len = ptr->query_len; 1676 break; 1677 } 1678 spin_unlock(&tomoyo_query_list_lock); 1679 if (!len) { 1680 head->r.query_index = 0; 1681 return; 1682 } 1683 buf = kzalloc(len, GFP_NOFS); 1684 if (!buf) 1685 return; 1686 pos = 0; 1687 spin_lock(&tomoyo_query_list_lock); 1688 list_for_each(tmp, &tomoyo_query_list) { 1689 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1690 if (ptr->answer) 1691 continue; 1692 if (pos++ != head->r.query_index) 1693 continue; 1694 /* 1695 * Some query can be skipped because tomoyo_query_list 1696 * can change, but I don't care. 1697 */ 1698 if (len == ptr->query_len) 1699 memmove(buf, ptr->query, len); 1700 break; 1701 } 1702 spin_unlock(&tomoyo_query_list_lock); 1703 if (buf[0]) { 1704 head->read_buf = buf; 1705 head->r.w[head->r.w_pos++] = buf; 1706 head->r.query_index++; 1707 } else { 1708 kfree(buf); 1709 } 1710} 1711 1712/** 1713 * tomoyo_write_answer - Write the supervisor's decision. 1714 * 1715 * @head: Pointer to "struct tomoyo_io_buffer". 1716 * 1717 * Returns 0 on success, -EINVAL otherwise. 1718 */ 1719static int tomoyo_write_answer(struct tomoyo_io_buffer *head) 1720{ 1721 char *data = head->write_buf; 1722 struct list_head *tmp; 1723 unsigned int serial; 1724 unsigned int answer; 1725 spin_lock(&tomoyo_query_list_lock); 1726 list_for_each(tmp, &tomoyo_query_list) { 1727 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1728 ptr->timer = 0; 1729 } 1730 spin_unlock(&tomoyo_query_list_lock); 1731 if (sscanf(data, "A%u=%u", &serial, &answer) != 2) 1732 return -EINVAL; 1733 spin_lock(&tomoyo_query_list_lock); 1734 list_for_each(tmp, &tomoyo_query_list) { 1735 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1736 if (ptr->serial != serial) 1737 continue; 1738 if (!ptr->answer) 1739 ptr->answer = answer; 1740 break; 1741 } 1742 spin_unlock(&tomoyo_query_list_lock); 1743 return 0; 1744} 1745 1746/** 1747 * tomoyo_read_version: Get version. 1748 * 1749 * @head: Pointer to "struct tomoyo_io_buffer". 1750 * 1751 * Returns version information. 1752 */ 1753static void tomoyo_read_version(struct tomoyo_io_buffer *head) 1754{ 1755 if (!head->r.eof) { 1756 tomoyo_io_printf(head, "2.3.0"); 1757 head->r.eof = true; 1758 } 1759} 1760 1761/** 1762 * tomoyo_read_self_domain - Get the current process's domainname. 1763 * 1764 * @head: Pointer to "struct tomoyo_io_buffer". 1765 * 1766 * Returns the current process's domainname. 1767 */ 1768static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head) 1769{ 1770 if (!head->r.eof) { 1771 /* 1772 * tomoyo_domain()->domainname != NULL 1773 * because every process belongs to a domain and 1774 * the domain's name cannot be NULL. 1775 */ 1776 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name); 1777 head->r.eof = true; 1778 } 1779} 1780 1781/** 1782 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface. 1783 * 1784 * @type: Type of interface. 1785 * @file: Pointer to "struct file". 1786 * 1787 * Associates policy handler and returns 0 on success, -ENOMEM otherwise. 1788 * 1789 * Caller acquires tomoyo_read_lock(). 1790 */ 1791int tomoyo_open_control(const u8 type, struct file *file) 1792{ 1793 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS); 1794 1795 if (!head) 1796 return -ENOMEM; 1797 mutex_init(&head->io_sem); 1798 head->type = type; 1799 switch (type) { 1800 case TOMOYO_DOMAINPOLICY: 1801 /* /sys/kernel/security/tomoyo/domain_policy */ 1802 head->write = tomoyo_write_domain; 1803 head->read = tomoyo_read_domain; 1804 break; 1805 case TOMOYO_EXCEPTIONPOLICY: 1806 /* /sys/kernel/security/tomoyo/exception_policy */ 1807 head->write = tomoyo_write_exception; 1808 head->read = tomoyo_read_exception; 1809 break; 1810 case TOMOYO_SELFDOMAIN: 1811 /* /sys/kernel/security/tomoyo/self_domain */ 1812 head->read = tomoyo_read_self_domain; 1813 break; 1814 case TOMOYO_DOMAIN_STATUS: 1815 /* /sys/kernel/security/tomoyo/.domain_status */ 1816 head->write = tomoyo_write_domain_profile; 1817 head->read = tomoyo_read_domain_profile; 1818 break; 1819 case TOMOYO_PROCESS_STATUS: 1820 /* /sys/kernel/security/tomoyo/.process_status */ 1821 head->write = tomoyo_write_pid; 1822 head->read = tomoyo_read_pid; 1823 break; 1824 case TOMOYO_VERSION: 1825 /* /sys/kernel/security/tomoyo/version */ 1826 head->read = tomoyo_read_version; 1827 head->readbuf_size = 128; 1828 break; 1829 case TOMOYO_MEMINFO: 1830 /* /sys/kernel/security/tomoyo/meminfo */ 1831 head->write = tomoyo_write_memory_quota; 1832 head->read = tomoyo_read_memory_counter; 1833 head->readbuf_size = 512; 1834 break; 1835 case TOMOYO_PROFILE: 1836 /* /sys/kernel/security/tomoyo/profile */ 1837 head->write = tomoyo_write_profile; 1838 head->read = tomoyo_read_profile; 1839 break; 1840 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */ 1841 head->poll = tomoyo_poll_query; 1842 head->write = tomoyo_write_answer; 1843 head->read = tomoyo_read_query; 1844 break; 1845 case TOMOYO_MANAGER: 1846 /* /sys/kernel/security/tomoyo/manager */ 1847 head->write = tomoyo_write_manager; 1848 head->read = tomoyo_read_manager; 1849 break; 1850 } 1851 if (!(file->f_mode & FMODE_READ)) { 1852 /* 1853 * No need to allocate read_buf since it is not opened 1854 * for reading. 1855 */ 1856 head->read = NULL; 1857 head->poll = NULL; 1858 } else if (!head->poll) { 1859 /* Don't allocate read_buf for poll() access. */ 1860 if (!head->readbuf_size) 1861 head->readbuf_size = 4096 * 2; 1862 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS); 1863 if (!head->read_buf) { 1864 kfree(head); 1865 return -ENOMEM; 1866 } 1867 } 1868 if (!(file->f_mode & FMODE_WRITE)) { 1869 /* 1870 * No need to allocate write_buf since it is not opened 1871 * for writing. 1872 */ 1873 head->write = NULL; 1874 } else if (head->write) { 1875 head->writebuf_size = 4096 * 2; 1876 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS); 1877 if (!head->write_buf) { 1878 kfree(head->read_buf); 1879 kfree(head); 1880 return -ENOMEM; 1881 } 1882 } 1883 if (type != TOMOYO_QUERY) 1884 head->reader_idx = tomoyo_read_lock(); 1885 file->private_data = head; 1886 /* 1887 * Call the handler now if the file is 1888 * /sys/kernel/security/tomoyo/self_domain 1889 * so that the user can use 1890 * cat < /sys/kernel/security/tomoyo/self_domain" 1891 * to know the current process's domainname. 1892 */ 1893 if (type == TOMOYO_SELFDOMAIN) 1894 tomoyo_read_control(file, NULL, 0); 1895 /* 1896 * If the file is /sys/kernel/security/tomoyo/query , increment the 1897 * observer counter. 1898 * The obserber counter is used by tomoyo_supervisor() to see if 1899 * there is some process monitoring /sys/kernel/security/tomoyo/query. 1900 */ 1901 else if (type == TOMOYO_QUERY) 1902 atomic_inc(&tomoyo_query_observers); 1903 return 0; 1904} 1905 1906/** 1907 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface. 1908 * 1909 * @file: Pointer to "struct file". 1910 * @wait: Pointer to "poll_table". 1911 * 1912 * Waits for read readiness. 1913 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd . 1914 */ 1915int tomoyo_poll_control(struct file *file, poll_table *wait) 1916{ 1917 struct tomoyo_io_buffer *head = file->private_data; 1918 if (!head->poll) 1919 return -ENOSYS; 1920 return head->poll(file, wait); 1921} 1922 1923/** 1924 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 1925 * 1926 * @file: Pointer to "struct file". 1927 * @buffer: Poiner to buffer to write to. 1928 * @buffer_len: Size of @buffer. 1929 * 1930 * Returns bytes read on success, negative value otherwise. 1931 * 1932 * Caller holds tomoyo_read_lock(). 1933 */ 1934int tomoyo_read_control(struct file *file, char __user *buffer, 1935 const int buffer_len) 1936{ 1937 int len; 1938 struct tomoyo_io_buffer *head = file->private_data; 1939 1940 if (!head->read) 1941 return -ENOSYS; 1942 if (mutex_lock_interruptible(&head->io_sem)) 1943 return -EINTR; 1944 head->read_user_buf = buffer; 1945 head->read_user_buf_avail = buffer_len; 1946 if (tomoyo_flush(head)) 1947 /* Call the policy handler. */ 1948 head->read(head); 1949 tomoyo_flush(head); 1950 len = head->read_user_buf - buffer; 1951 mutex_unlock(&head->io_sem); 1952 return len; 1953} 1954 1955/** 1956 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. 1957 * 1958 * @file: Pointer to "struct file". 1959 * @buffer: Pointer to buffer to read from. 1960 * @buffer_len: Size of @buffer. 1961 * 1962 * Returns @buffer_len on success, negative value otherwise. 1963 * 1964 * Caller holds tomoyo_read_lock(). 1965 */ 1966int tomoyo_write_control(struct file *file, const char __user *buffer, 1967 const int buffer_len) 1968{ 1969 struct tomoyo_io_buffer *head = file->private_data; 1970 int error = buffer_len; 1971 int avail_len = buffer_len; 1972 char *cp0 = head->write_buf; 1973 1974 if (!head->write) 1975 return -ENOSYS; 1976 if (!access_ok(VERIFY_READ, buffer, buffer_len)) 1977 return -EFAULT; 1978 /* Don't allow updating policies by non manager programs. */ 1979 if (head->write != tomoyo_write_pid && 1980 head->write != tomoyo_write_domain && !tomoyo_manager()) 1981 return -EPERM; 1982 if (mutex_lock_interruptible(&head->io_sem)) 1983 return -EINTR; 1984 /* Read a line and dispatch it to the policy handler. */ 1985 while (avail_len > 0) { 1986 char c; 1987 if (head->write_avail >= head->writebuf_size - 1) { 1988 error = -ENOMEM; 1989 break; 1990 } else if (get_user(c, buffer)) { 1991 error = -EFAULT; 1992 break; 1993 } 1994 buffer++; 1995 avail_len--; 1996 cp0[head->write_avail++] = c; 1997 if (c != '\n') 1998 continue; 1999 cp0[head->write_avail - 1] = '\0'; 2000 head->write_avail = 0; 2001 tomoyo_normalize_line(cp0); 2002 head->write(head); 2003 } 2004 mutex_unlock(&head->io_sem); 2005 return error; 2006} 2007 2008/** 2009 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface. 2010 * 2011 * @file: Pointer to "struct file". 2012 * 2013 * Releases memory and returns 0. 2014 * 2015 * Caller looses tomoyo_read_lock(). 2016 */ 2017int tomoyo_close_control(struct file *file) 2018{ 2019 struct tomoyo_io_buffer *head = file->private_data; 2020 const bool is_write = !!head->write_buf; 2021 2022 /* 2023 * If the file is /sys/kernel/security/tomoyo/query , decrement the 2024 * observer counter. 2025 */ 2026 if (head->type == TOMOYO_QUERY) 2027 atomic_dec(&tomoyo_query_observers); 2028 else 2029 tomoyo_read_unlock(head->reader_idx); 2030 /* Release memory used for policy I/O. */ 2031 kfree(head->read_buf); 2032 head->read_buf = NULL; 2033 kfree(head->write_buf); 2034 head->write_buf = NULL; 2035 kfree(head); 2036 head = NULL; 2037 file->private_data = NULL; 2038 if (is_write) 2039 tomoyo_run_gc(); 2040 return 0; 2041} 2042 2043/** 2044 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined. 2045 */ 2046void tomoyo_check_profile(void) 2047{ 2048 struct tomoyo_domain_info *domain; 2049 const int idx = tomoyo_read_lock(); 2050 tomoyo_policy_loaded = true; 2051 /* Check all profiles currently assigned to domains are defined. */ 2052 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 2053 const u8 profile = domain->profile; 2054 if (tomoyo_profile_ptr[profile]) 2055 continue; 2056 panic("Profile %u (used by '%s') not defined.\n", 2057 profile, domain->domainname->name); 2058 } 2059 tomoyo_read_unlock(idx); 2060 if (tomoyo_profile_version != 20090903) 2061 panic("Profile version %u is not supported.\n", 2062 tomoyo_profile_version); 2063 printk(KERN_INFO "TOMOYO: 2.3.0\n"); 2064 printk(KERN_INFO "Mandatory Access Control activated.\n"); 2065} 2066