common.c revision 75093152a97ee0ec281895b4f6229ff3c481fd64
1/* 2 * security/tomoyo/common.c 3 * 4 * Common functions for TOMOYO. 5 * 6 * Copyright (C) 2005-2010 NTT DATA CORPORATION 7 */ 8 9#include <linux/uaccess.h> 10#include <linux/slab.h> 11#include <linux/security.h> 12#include "common.h" 13 14static struct tomoyo_profile tomoyo_default_profile = { 15 .learning = &tomoyo_default_profile.preference, 16 .permissive = &tomoyo_default_profile.preference, 17 .enforcing = &tomoyo_default_profile.preference, 18 .preference.enforcing_verbose = true, 19 .preference.learning_max_entry = 2048, 20 .preference.learning_verbose = false, 21 .preference.permissive_verbose = true 22}; 23 24/* Profile version. Currently only 20090903 is defined. */ 25static unsigned int tomoyo_profile_version; 26 27/* Profile table. Memory is allocated as needed. */ 28static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES]; 29 30/* String table for functionality that takes 4 modes. */ 31static const char *tomoyo_mode_4[4] = { 32 "disabled", "learning", "permissive", "enforcing" 33}; 34 35/* String table for /sys/kernel/security/tomoyo/profile */ 36static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX 37 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = { 38 [TOMOYO_MAC_FILE_EXECUTE] = "file::execute", 39 [TOMOYO_MAC_FILE_OPEN] = "file::open", 40 [TOMOYO_MAC_FILE_CREATE] = "file::create", 41 [TOMOYO_MAC_FILE_UNLINK] = "file::unlink", 42 [TOMOYO_MAC_FILE_MKDIR] = "file::mkdir", 43 [TOMOYO_MAC_FILE_RMDIR] = "file::rmdir", 44 [TOMOYO_MAC_FILE_MKFIFO] = "file::mkfifo", 45 [TOMOYO_MAC_FILE_MKSOCK] = "file::mksock", 46 [TOMOYO_MAC_FILE_TRUNCATE] = "file::truncate", 47 [TOMOYO_MAC_FILE_SYMLINK] = "file::symlink", 48 [TOMOYO_MAC_FILE_REWRITE] = "file::rewrite", 49 [TOMOYO_MAC_FILE_MKBLOCK] = "file::mkblock", 50 [TOMOYO_MAC_FILE_MKCHAR] = "file::mkchar", 51 [TOMOYO_MAC_FILE_LINK] = "file::link", 52 [TOMOYO_MAC_FILE_RENAME] = "file::rename", 53 [TOMOYO_MAC_FILE_CHMOD] = "file::chmod", 54 [TOMOYO_MAC_FILE_CHOWN] = "file::chown", 55 [TOMOYO_MAC_FILE_CHGRP] = "file::chgrp", 56 [TOMOYO_MAC_FILE_IOCTL] = "file::ioctl", 57 [TOMOYO_MAC_FILE_CHROOT] = "file::chroot", 58 [TOMOYO_MAC_FILE_MOUNT] = "file::mount", 59 [TOMOYO_MAC_FILE_UMOUNT] = "file::umount", 60 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root", 61 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file", 62}; 63 64/* Permit policy management by non-root user? */ 65static bool tomoyo_manage_by_non_root; 66 67/* Utility functions. */ 68 69/** 70 * tomoyo_yesno - Return "yes" or "no". 71 * 72 * @value: Bool value. 73 */ 74static const char *tomoyo_yesno(const unsigned int value) 75{ 76 return value ? "yes" : "no"; 77} 78 79/** 80 * tomoyo_print_name_union - Print a tomoyo_name_union. 81 * 82 * @head: Pointer to "struct tomoyo_io_buffer". 83 * @ptr: Pointer to "struct tomoyo_name_union". 84 * 85 * Returns true on success, false otherwise. 86 */ 87static bool tomoyo_print_name_union(struct tomoyo_io_buffer *head, 88 const struct tomoyo_name_union *ptr) 89{ 90 int pos = head->read_avail; 91 if (pos && head->read_buf[pos - 1] == ' ') 92 head->read_avail--; 93 if (ptr->is_group) 94 return tomoyo_io_printf(head, " @%s", 95 ptr->group->group_name->name); 96 return tomoyo_io_printf(head, " %s", ptr->filename->name); 97} 98 99/** 100 * tomoyo_print_number_union - Print a tomoyo_number_union. 101 * 102 * @head: Pointer to "struct tomoyo_io_buffer". 103 * @ptr: Pointer to "struct tomoyo_number_union". 104 * 105 * Returns true on success, false otherwise. 106 */ 107bool tomoyo_print_number_union(struct tomoyo_io_buffer *head, 108 const struct tomoyo_number_union *ptr) 109{ 110 unsigned long min; 111 unsigned long max; 112 u8 min_type; 113 u8 max_type; 114 if (!tomoyo_io_printf(head, " ")) 115 return false; 116 if (ptr->is_group) 117 return tomoyo_io_printf(head, "@%s", 118 ptr->group->group_name->name); 119 min_type = ptr->min_type; 120 max_type = ptr->max_type; 121 min = ptr->values[0]; 122 max = ptr->values[1]; 123 switch (min_type) { 124 case TOMOYO_VALUE_TYPE_HEXADECIMAL: 125 if (!tomoyo_io_printf(head, "0x%lX", min)) 126 return false; 127 break; 128 case TOMOYO_VALUE_TYPE_OCTAL: 129 if (!tomoyo_io_printf(head, "0%lo", min)) 130 return false; 131 break; 132 default: 133 if (!tomoyo_io_printf(head, "%lu", min)) 134 return false; 135 break; 136 } 137 if (min == max && min_type == max_type) 138 return true; 139 switch (max_type) { 140 case TOMOYO_VALUE_TYPE_HEXADECIMAL: 141 return tomoyo_io_printf(head, "-0x%lX", max); 142 case TOMOYO_VALUE_TYPE_OCTAL: 143 return tomoyo_io_printf(head, "-0%lo", max); 144 default: 145 return tomoyo_io_printf(head, "-%lu", max); 146 } 147} 148 149/** 150 * tomoyo_io_printf - Transactional printf() to "struct tomoyo_io_buffer" structure. 151 * 152 * @head: Pointer to "struct tomoyo_io_buffer". 153 * @fmt: The printf()'s format string, followed by parameters. 154 * 155 * Returns true if output was written, false otherwise. 156 * 157 * The snprintf() will truncate, but tomoyo_io_printf() won't. 158 */ 159bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 160{ 161 va_list args; 162 int len; 163 int pos = head->read_avail; 164 int size = head->readbuf_size - pos; 165 166 if (size <= 0) 167 return false; 168 va_start(args, fmt); 169 len = vsnprintf(head->read_buf + pos, size, fmt, args); 170 va_end(args); 171 if (pos + len >= head->readbuf_size) 172 return false; 173 head->read_avail += len; 174 return true; 175} 176 177/** 178 * tomoyo_find_or_assign_new_profile - Create a new profile. 179 * 180 * @profile: Profile number to create. 181 * 182 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. 183 */ 184static struct tomoyo_profile *tomoyo_find_or_assign_new_profile 185(const unsigned int profile) 186{ 187 struct tomoyo_profile *ptr; 188 struct tomoyo_profile *entry; 189 if (profile >= TOMOYO_MAX_PROFILES) 190 return NULL; 191 ptr = tomoyo_profile_ptr[profile]; 192 if (ptr) 193 return ptr; 194 entry = kzalloc(sizeof(*entry), GFP_NOFS); 195 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 196 goto out; 197 ptr = tomoyo_profile_ptr[profile]; 198 if (!ptr && tomoyo_memory_ok(entry)) { 199 ptr = entry; 200 ptr->learning = &tomoyo_default_profile.preference; 201 ptr->permissive = &tomoyo_default_profile.preference; 202 ptr->enforcing = &tomoyo_default_profile.preference; 203 ptr->default_config = TOMOYO_CONFIG_DISABLED; 204 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT, 205 sizeof(ptr->config)); 206 mb(); /* Avoid out-of-order execution. */ 207 tomoyo_profile_ptr[profile] = ptr; 208 entry = NULL; 209 } 210 mutex_unlock(&tomoyo_policy_lock); 211 out: 212 kfree(entry); 213 return ptr; 214} 215 216/** 217 * tomoyo_profile - Find a profile. 218 * 219 * @profile: Profile number to find. 220 * 221 * Returns pointer to "struct tomoyo_profile". 222 */ 223struct tomoyo_profile *tomoyo_profile(const u8 profile) 224{ 225 struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile]; 226 if (!tomoyo_policy_loaded) 227 return &tomoyo_default_profile; 228 BUG_ON(!ptr); 229 return ptr; 230} 231 232/** 233 * tomoyo_write_profile - Write profile table. 234 * 235 * @head: Pointer to "struct tomoyo_io_buffer". 236 * 237 * Returns 0 on success, negative value otherwise. 238 */ 239static int tomoyo_write_profile(struct tomoyo_io_buffer *head) 240{ 241 char *data = head->write_buf; 242 unsigned int i; 243 int value; 244 int mode; 245 u8 config; 246 bool use_default = false; 247 char *cp; 248 struct tomoyo_profile *profile; 249 if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1) 250 return 0; 251 i = simple_strtoul(data, &cp, 10); 252 if (data == cp) { 253 profile = &tomoyo_default_profile; 254 } else { 255 if (*cp != '-') 256 return -EINVAL; 257 data = cp + 1; 258 profile = tomoyo_find_or_assign_new_profile(i); 259 if (!profile) 260 return -EINVAL; 261 } 262 cp = strchr(data, '='); 263 if (!cp) 264 return -EINVAL; 265 *cp++ = '\0'; 266 if (profile != &tomoyo_default_profile) 267 use_default = strstr(cp, "use_default") != NULL; 268 if (strstr(cp, "verbose=yes")) 269 value = 1; 270 else if (strstr(cp, "verbose=no")) 271 value = 0; 272 else 273 value = -1; 274 if (!strcmp(data, "PREFERENCE::enforcing")) { 275 if (use_default) { 276 profile->enforcing = &tomoyo_default_profile.preference; 277 return 0; 278 } 279 profile->enforcing = &profile->preference; 280 if (value >= 0) 281 profile->preference.enforcing_verbose = value; 282 return 0; 283 } 284 if (!strcmp(data, "PREFERENCE::permissive")) { 285 if (use_default) { 286 profile->permissive = &tomoyo_default_profile.preference; 287 return 0; 288 } 289 profile->permissive = &profile->preference; 290 if (value >= 0) 291 profile->preference.permissive_verbose = value; 292 return 0; 293 } 294 if (!strcmp(data, "PREFERENCE::learning")) { 295 char *cp2; 296 if (use_default) { 297 profile->learning = &tomoyo_default_profile.preference; 298 return 0; 299 } 300 profile->learning = &profile->preference; 301 if (value >= 0) 302 profile->preference.learning_verbose = value; 303 cp2 = strstr(cp, "max_entry="); 304 if (cp2) 305 sscanf(cp2 + 10, "%u", 306 &profile->preference.learning_max_entry); 307 return 0; 308 } 309 if (profile == &tomoyo_default_profile) 310 return -EINVAL; 311 if (!strcmp(data, "COMMENT")) { 312 const struct tomoyo_path_info *old_comment = profile->comment; 313 profile->comment = tomoyo_get_name(cp); 314 tomoyo_put_name(old_comment); 315 return 0; 316 } 317 if (!strcmp(data, "CONFIG")) { 318 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX; 319 config = profile->default_config; 320 } else if (tomoyo_str_starts(&data, "CONFIG::")) { 321 config = 0; 322 for (i = 0; i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) { 323 if (strcmp(data, tomoyo_mac_keywords[i])) 324 continue; 325 config = profile->config[i]; 326 break; 327 } 328 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 329 return -EINVAL; 330 } else { 331 return -EINVAL; 332 } 333 if (use_default) { 334 config = TOMOYO_CONFIG_USE_DEFAULT; 335 } else { 336 for (mode = 3; mode >= 0; mode--) 337 if (strstr(cp, tomoyo_mode_4[mode])) 338 /* 339 * Update lower 3 bits in order to distinguish 340 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'. 341 */ 342 config = (config & ~7) | mode; 343 } 344 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 345 profile->config[i] = config; 346 else if (config != TOMOYO_CONFIG_USE_DEFAULT) 347 profile->default_config = config; 348 return 0; 349} 350 351/** 352 * tomoyo_read_profile - Read profile table. 353 * 354 * @head: Pointer to "struct tomoyo_io_buffer". 355 * 356 * Returns 0. 357 */ 358static int tomoyo_read_profile(struct tomoyo_io_buffer *head) 359{ 360 int index; 361 if (head->read_eof) 362 return 0; 363 if (head->read_bit) 364 goto body; 365 tomoyo_io_printf(head, "PROFILE_VERSION=%s\n", "20090903"); 366 tomoyo_io_printf(head, "PREFERENCE::learning={ verbose=%s " 367 "max_entry=%u }\n", 368 tomoyo_yesno(tomoyo_default_profile.preference. 369 learning_verbose), 370 tomoyo_default_profile.preference.learning_max_entry); 371 tomoyo_io_printf(head, "PREFERENCE::permissive={ verbose=%s }\n", 372 tomoyo_yesno(tomoyo_default_profile.preference. 373 permissive_verbose)); 374 tomoyo_io_printf(head, "PREFERENCE::enforcing={ verbose=%s }\n", 375 tomoyo_yesno(tomoyo_default_profile.preference. 376 enforcing_verbose)); 377 head->read_bit = 1; 378 body: 379 for (index = head->read_step; index < TOMOYO_MAX_PROFILES; index++) { 380 bool done; 381 u8 config; 382 int i; 383 int pos; 384 const struct tomoyo_profile *profile 385 = tomoyo_profile_ptr[index]; 386 const struct tomoyo_path_info *comment; 387 head->read_step = index; 388 if (!profile) 389 continue; 390 pos = head->read_avail; 391 comment = profile->comment; 392 done = tomoyo_io_printf(head, "%u-COMMENT=%s\n", index, 393 comment ? comment->name : ""); 394 if (!done) 395 goto out; 396 config = profile->default_config; 397 if (!tomoyo_io_printf(head, "%u-CONFIG={ mode=%s }\n", index, 398 tomoyo_mode_4[config & 3])) 399 goto out; 400 for (i = 0; i < TOMOYO_MAX_MAC_INDEX + 401 TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) { 402 config = profile->config[i]; 403 if (config == TOMOYO_CONFIG_USE_DEFAULT) 404 continue; 405 if (!tomoyo_io_printf(head, 406 "%u-CONFIG::%s={ mode=%s }\n", 407 index, tomoyo_mac_keywords[i], 408 tomoyo_mode_4[config & 3])) 409 goto out; 410 } 411 if (profile->learning != &tomoyo_default_profile.preference && 412 !tomoyo_io_printf(head, "%u-PREFERENCE::learning={ " 413 "verbose=%s max_entry=%u }\n", index, 414 tomoyo_yesno(profile->preference. 415 learning_verbose), 416 profile->preference.learning_max_entry)) 417 goto out; 418 if (profile->permissive != &tomoyo_default_profile.preference 419 && !tomoyo_io_printf(head, "%u-PREFERENCE::permissive={ " 420 "verbose=%s }\n", index, 421 tomoyo_yesno(profile->preference. 422 permissive_verbose))) 423 goto out; 424 if (profile->enforcing != &tomoyo_default_profile.preference && 425 !tomoyo_io_printf(head, "%u-PREFERENCE::enforcing={ " 426 "verbose=%s }\n", index, 427 tomoyo_yesno(profile->preference. 428 enforcing_verbose))) 429 goto out; 430 continue; 431 out: 432 head->read_avail = pos; 433 break; 434 } 435 if (index == TOMOYO_MAX_PROFILES) 436 head->read_eof = true; 437 return 0; 438} 439 440/* 441 * tomoyo_policy_manager_list is used for holding list of domainnames or 442 * programs which are permitted to modify configuration via 443 * /sys/kernel/security/tomoyo/ interface. 444 * 445 * An entry is added by 446 * 447 * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \ 448 * /sys/kernel/security/tomoyo/manager 449 * (if you want to specify by a domainname) 450 * 451 * or 452 * 453 * # echo '/usr/sbin/tomoyo-editpolicy' > /sys/kernel/security/tomoyo/manager 454 * (if you want to specify by a program's location) 455 * 456 * and is deleted by 457 * 458 * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \ 459 * /sys/kernel/security/tomoyo/manager 460 * 461 * or 462 * 463 * # echo 'delete /usr/sbin/tomoyo-editpolicy' > \ 464 * /sys/kernel/security/tomoyo/manager 465 * 466 * and all entries are retrieved by 467 * 468 * # cat /sys/kernel/security/tomoyo/manager 469 */ 470LIST_HEAD(tomoyo_policy_manager_list); 471 472static bool tomoyo_same_manager_entry(const struct tomoyo_acl_head *a, 473 const struct tomoyo_acl_head *b) 474{ 475 return container_of(a, struct tomoyo_policy_manager_entry, head) 476 ->manager == 477 container_of(b, struct tomoyo_policy_manager_entry, head) 478 ->manager; 479} 480 481/** 482 * tomoyo_update_manager_entry - Add a manager entry. 483 * 484 * @manager: The path to manager or the domainnamme. 485 * @is_delete: True if it is a delete request. 486 * 487 * Returns 0 on success, negative value otherwise. 488 * 489 * Caller holds tomoyo_read_lock(). 490 */ 491static int tomoyo_update_manager_entry(const char *manager, 492 const bool is_delete) 493{ 494 struct tomoyo_policy_manager_entry e = { }; 495 int error; 496 497 if (tomoyo_domain_def(manager)) { 498 if (!tomoyo_correct_domain(manager)) 499 return -EINVAL; 500 e.is_domain = true; 501 } else { 502 if (!tomoyo_correct_path(manager)) 503 return -EINVAL; 504 } 505 e.manager = tomoyo_get_name(manager); 506 if (!e.manager) 507 return -ENOMEM; 508 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, 509 &tomoyo_policy_manager_list, 510 tomoyo_same_manager_entry); 511 tomoyo_put_name(e.manager); 512 return error; 513} 514 515/** 516 * tomoyo_write_manager_policy - Write manager policy. 517 * 518 * @head: Pointer to "struct tomoyo_io_buffer". 519 * 520 * Returns 0 on success, negative value otherwise. 521 * 522 * Caller holds tomoyo_read_lock(). 523 */ 524static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) 525{ 526 char *data = head->write_buf; 527 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 528 529 if (!strcmp(data, "manage_by_non_root")) { 530 tomoyo_manage_by_non_root = !is_delete; 531 return 0; 532 } 533 return tomoyo_update_manager_entry(data, is_delete); 534} 535 536/** 537 * tomoyo_read_manager_policy - Read manager policy. 538 * 539 * @head: Pointer to "struct tomoyo_io_buffer". 540 * 541 * Returns 0. 542 * 543 * Caller holds tomoyo_read_lock(). 544 */ 545static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) 546{ 547 struct list_head *pos; 548 bool done = true; 549 550 if (head->read_eof) 551 return 0; 552 list_for_each_cookie(pos, head->read_var2, 553 &tomoyo_policy_manager_list) { 554 struct tomoyo_policy_manager_entry *ptr; 555 ptr = list_entry(pos, struct tomoyo_policy_manager_entry, 556 head.list); 557 if (ptr->head.is_deleted) 558 continue; 559 done = tomoyo_io_printf(head, "%s\n", ptr->manager->name); 560 if (!done) 561 break; 562 } 563 head->read_eof = done; 564 return 0; 565} 566 567/** 568 * tomoyo_policy_manager - Check whether the current process is a policy manager. 569 * 570 * Returns true if the current process is permitted to modify policy 571 * via /sys/kernel/security/tomoyo/ interface. 572 * 573 * Caller holds tomoyo_read_lock(). 574 */ 575static bool tomoyo_policy_manager(void) 576{ 577 struct tomoyo_policy_manager_entry *ptr; 578 const char *exe; 579 const struct task_struct *task = current; 580 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 581 bool found = false; 582 583 if (!tomoyo_policy_loaded) 584 return true; 585 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 586 return false; 587 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) { 588 if (!ptr->head.is_deleted && ptr->is_domain 589 && !tomoyo_pathcmp(domainname, ptr->manager)) { 590 found = true; 591 break; 592 } 593 } 594 if (found) 595 return true; 596 exe = tomoyo_get_exe(); 597 if (!exe) 598 return false; 599 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, head.list) { 600 if (!ptr->head.is_deleted && !ptr->is_domain 601 && !strcmp(exe, ptr->manager->name)) { 602 found = true; 603 break; 604 } 605 } 606 if (!found) { /* Reduce error messages. */ 607 static pid_t last_pid; 608 const pid_t pid = current->pid; 609 if (last_pid != pid) { 610 printk(KERN_WARNING "%s ( %s ) is not permitted to " 611 "update policies.\n", domainname->name, exe); 612 last_pid = pid; 613 } 614 } 615 kfree(exe); 616 return found; 617} 618 619/** 620 * tomoyo_select_one - Parse select command. 621 * 622 * @head: Pointer to "struct tomoyo_io_buffer". 623 * @data: String to parse. 624 * 625 * Returns true on success, false otherwise. 626 * 627 * Caller holds tomoyo_read_lock(). 628 */ 629static bool tomoyo_select_one(struct tomoyo_io_buffer *head, 630 const char *data) 631{ 632 unsigned int pid; 633 struct tomoyo_domain_info *domain = NULL; 634 bool global_pid = false; 635 636 if (sscanf(data, "pid=%u", &pid) == 1 || 637 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { 638 struct task_struct *p; 639 rcu_read_lock(); 640 read_lock(&tasklist_lock); 641 if (global_pid) 642 p = find_task_by_pid_ns(pid, &init_pid_ns); 643 else 644 p = find_task_by_vpid(pid); 645 if (p) 646 domain = tomoyo_real_domain(p); 647 read_unlock(&tasklist_lock); 648 rcu_read_unlock(); 649 } else if (!strncmp(data, "domain=", 7)) { 650 if (tomoyo_domain_def(data + 7)) 651 domain = tomoyo_find_domain(data + 7); 652 } else 653 return false; 654 head->write_var1 = domain; 655 /* Accessing read_buf is safe because head->io_sem is held. */ 656 if (!head->read_buf) 657 return true; /* Do nothing if open(O_WRONLY). */ 658 head->read_avail = 0; 659 tomoyo_io_printf(head, "# select %s\n", data); 660 head->read_single_domain = true; 661 head->read_eof = !domain; 662 if (domain) { 663 struct tomoyo_domain_info *d; 664 head->read_var1 = NULL; 665 list_for_each_entry_rcu(d, &tomoyo_domain_list, list) { 666 if (d == domain) 667 break; 668 head->read_var1 = &d->list; 669 } 670 head->read_var2 = NULL; 671 head->read_bit = 0; 672 head->read_step = 0; 673 if (domain->is_deleted) 674 tomoyo_io_printf(head, "# This is a deleted domain.\n"); 675 } 676 return true; 677} 678 679/** 680 * tomoyo_delete_domain - Delete a domain. 681 * 682 * @domainname: The name of domain. 683 * 684 * Returns 0. 685 * 686 * Caller holds tomoyo_read_lock(). 687 */ 688static int tomoyo_delete_domain(char *domainname) 689{ 690 struct tomoyo_domain_info *domain; 691 struct tomoyo_path_info name; 692 693 name.name = domainname; 694 tomoyo_fill_path_info(&name); 695 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 696 return 0; 697 /* Is there an active domain? */ 698 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 699 /* Never delete tomoyo_kernel_domain */ 700 if (domain == &tomoyo_kernel_domain) 701 continue; 702 if (domain->is_deleted || 703 tomoyo_pathcmp(domain->domainname, &name)) 704 continue; 705 domain->is_deleted = true; 706 break; 707 } 708 mutex_unlock(&tomoyo_policy_lock); 709 return 0; 710} 711 712/** 713 * tomoyo_write_domain_policy2 - Write domain policy. 714 * 715 * @head: Pointer to "struct tomoyo_io_buffer". 716 * 717 * Returns 0 on success, negative value otherwise. 718 * 719 * Caller holds tomoyo_read_lock(). 720 */ 721static int tomoyo_write_domain_policy2(char *data, 722 struct tomoyo_domain_info *domain, 723 const bool is_delete) 724{ 725 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT)) 726 return tomoyo_write_mount_policy(data, domain, is_delete); 727 return tomoyo_write_file_policy(data, domain, is_delete); 728} 729 730/** 731 * tomoyo_write_domain_policy - Write domain policy. 732 * 733 * @head: Pointer to "struct tomoyo_io_buffer". 734 * 735 * Returns 0 on success, negative value otherwise. 736 * 737 * Caller holds tomoyo_read_lock(). 738 */ 739static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) 740{ 741 char *data = head->write_buf; 742 struct tomoyo_domain_info *domain = head->write_var1; 743 bool is_delete = false; 744 bool is_select = false; 745 unsigned int profile; 746 747 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE)) 748 is_delete = true; 749 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT)) 750 is_select = true; 751 if (is_select && tomoyo_select_one(head, data)) 752 return 0; 753 /* Don't allow updating policies by non manager programs. */ 754 if (!tomoyo_policy_manager()) 755 return -EPERM; 756 if (tomoyo_domain_def(data)) { 757 domain = NULL; 758 if (is_delete) 759 tomoyo_delete_domain(data); 760 else if (is_select) 761 domain = tomoyo_find_domain(data); 762 else 763 domain = tomoyo_find_or_assign_new_domain(data, 0); 764 head->write_var1 = domain; 765 return 0; 766 } 767 if (!domain) 768 return -EINVAL; 769 770 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1 771 && profile < TOMOYO_MAX_PROFILES) { 772 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) 773 domain->profile = (u8) profile; 774 return 0; 775 } 776 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) { 777 domain->ignore_global_allow_read = !is_delete; 778 return 0; 779 } 780 if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) { 781 domain->quota_warned = !is_delete; 782 return 0; 783 } 784 if (!strcmp(data, TOMOYO_KEYWORD_TRANSITION_FAILED)) { 785 domain->transition_failed = !is_delete; 786 return 0; 787 } 788 return tomoyo_write_domain_policy2(data, domain, is_delete); 789} 790 791/** 792 * tomoyo_print_path_acl - Print a single path ACL entry. 793 * 794 * @head: Pointer to "struct tomoyo_io_buffer". 795 * @ptr: Pointer to "struct tomoyo_path_acl". 796 * 797 * Returns true on success, false otherwise. 798 */ 799static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head, 800 struct tomoyo_path_acl *ptr) 801{ 802 int pos; 803 u8 bit; 804 const u16 perm = ptr->perm; 805 806 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { 807 if (!(perm & (1 << bit))) 808 continue; 809 /* Print "read/write" instead of "read" and "write". */ 810 if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE) 811 && (perm & (1 << TOMOYO_TYPE_READ_WRITE))) 812 continue; 813 pos = head->read_avail; 814 if (!tomoyo_io_printf(head, "allow_%s ", 815 tomoyo_path2keyword(bit)) || 816 !tomoyo_print_name_union(head, &ptr->name) || 817 !tomoyo_io_printf(head, "\n")) 818 goto out; 819 } 820 head->read_bit = 0; 821 return true; 822 out: 823 head->read_bit = bit; 824 head->read_avail = pos; 825 return false; 826} 827 828/** 829 * tomoyo_print_path2_acl - Print a double path ACL entry. 830 * 831 * @head: Pointer to "struct tomoyo_io_buffer". 832 * @ptr: Pointer to "struct tomoyo_path2_acl". 833 * 834 * Returns true on success, false otherwise. 835 */ 836static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer *head, 837 struct tomoyo_path2_acl *ptr) 838{ 839 int pos; 840 const u8 perm = ptr->perm; 841 u8 bit; 842 843 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) { 844 if (!(perm & (1 << bit))) 845 continue; 846 pos = head->read_avail; 847 if (!tomoyo_io_printf(head, "allow_%s ", 848 tomoyo_path22keyword(bit)) || 849 !tomoyo_print_name_union(head, &ptr->name1) || 850 !tomoyo_print_name_union(head, &ptr->name2) || 851 !tomoyo_io_printf(head, "\n")) 852 goto out; 853 } 854 head->read_bit = 0; 855 return true; 856 out: 857 head->read_bit = bit; 858 head->read_avail = pos; 859 return false; 860} 861 862/** 863 * tomoyo_print_path_number_acl - Print a path_number ACL entry. 864 * 865 * @head: Pointer to "struct tomoyo_io_buffer". 866 * @ptr: Pointer to "struct tomoyo_path_number_acl". 867 * 868 * Returns true on success, false otherwise. 869 */ 870static bool tomoyo_print_path_number_acl(struct tomoyo_io_buffer *head, 871 struct tomoyo_path_number_acl *ptr) 872{ 873 int pos; 874 u8 bit; 875 const u8 perm = ptr->perm; 876 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; 877 bit++) { 878 if (!(perm & (1 << bit))) 879 continue; 880 pos = head->read_avail; 881 if (!tomoyo_io_printf(head, "allow_%s", 882 tomoyo_path_number2keyword(bit)) || 883 !tomoyo_print_name_union(head, &ptr->name) || 884 !tomoyo_print_number_union(head, &ptr->number) || 885 !tomoyo_io_printf(head, "\n")) 886 goto out; 887 } 888 head->read_bit = 0; 889 return true; 890 out: 891 head->read_bit = bit; 892 head->read_avail = pos; 893 return false; 894} 895 896/** 897 * tomoyo_print_mkdev_acl - Print a mkdev ACL entry. 898 * 899 * @head: Pointer to "struct tomoyo_io_buffer". 900 * @ptr: Pointer to "struct tomoyo_mkdev_acl". 901 * 902 * Returns true on success, false otherwise. 903 */ 904static bool tomoyo_print_mkdev_acl(struct tomoyo_io_buffer *head, 905 struct tomoyo_mkdev_acl *ptr) 906{ 907 int pos; 908 u8 bit; 909 const u16 perm = ptr->perm; 910 for (bit = head->read_bit; bit < TOMOYO_MAX_MKDEV_OPERATION; 911 bit++) { 912 if (!(perm & (1 << bit))) 913 continue; 914 pos = head->read_avail; 915 if (!tomoyo_io_printf(head, "allow_%s", 916 tomoyo_mkdev2keyword(bit)) || 917 !tomoyo_print_name_union(head, &ptr->name) || 918 !tomoyo_print_number_union(head, &ptr->mode) || 919 !tomoyo_print_number_union(head, &ptr->major) || 920 !tomoyo_print_number_union(head, &ptr->minor) || 921 !tomoyo_io_printf(head, "\n")) 922 goto out; 923 } 924 head->read_bit = 0; 925 return true; 926 out: 927 head->read_bit = bit; 928 head->read_avail = pos; 929 return false; 930} 931 932/** 933 * tomoyo_print_mount_acl - Print a mount ACL entry. 934 * 935 * @head: Pointer to "struct tomoyo_io_buffer". 936 * @ptr: Pointer to "struct tomoyo_mount_acl". 937 * 938 * Returns true on success, false otherwise. 939 */ 940static bool tomoyo_print_mount_acl(struct tomoyo_io_buffer *head, 941 struct tomoyo_mount_acl *ptr) 942{ 943 const int pos = head->read_avail; 944 if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_ALLOW_MOUNT) || 945 !tomoyo_print_name_union(head, &ptr->dev_name) || 946 !tomoyo_print_name_union(head, &ptr->dir_name) || 947 !tomoyo_print_name_union(head, &ptr->fs_type) || 948 !tomoyo_print_number_union(head, &ptr->flags) || 949 !tomoyo_io_printf(head, "\n")) { 950 head->read_avail = pos; 951 return false; 952 } 953 return true; 954} 955 956/** 957 * tomoyo_print_entry - Print an ACL entry. 958 * 959 * @head: Pointer to "struct tomoyo_io_buffer". 960 * @ptr: Pointer to an ACL entry. 961 * 962 * Returns true on success, false otherwise. 963 */ 964static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, 965 struct tomoyo_acl_info *ptr) 966{ 967 const u8 acl_type = ptr->type; 968 969 if (ptr->is_deleted) 970 return true; 971 if (acl_type == TOMOYO_TYPE_PATH_ACL) { 972 struct tomoyo_path_acl *acl 973 = container_of(ptr, struct tomoyo_path_acl, head); 974 return tomoyo_print_path_acl(head, acl); 975 } 976 if (acl_type == TOMOYO_TYPE_PATH2_ACL) { 977 struct tomoyo_path2_acl *acl 978 = container_of(ptr, struct tomoyo_path2_acl, head); 979 return tomoyo_print_path2_acl(head, acl); 980 } 981 if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) { 982 struct tomoyo_path_number_acl *acl 983 = container_of(ptr, struct tomoyo_path_number_acl, 984 head); 985 return tomoyo_print_path_number_acl(head, acl); 986 } 987 if (acl_type == TOMOYO_TYPE_MKDEV_ACL) { 988 struct tomoyo_mkdev_acl *acl 989 = container_of(ptr, struct tomoyo_mkdev_acl, 990 head); 991 return tomoyo_print_mkdev_acl(head, acl); 992 } 993 if (acl_type == TOMOYO_TYPE_MOUNT_ACL) { 994 struct tomoyo_mount_acl *acl 995 = container_of(ptr, struct tomoyo_mount_acl, head); 996 return tomoyo_print_mount_acl(head, acl); 997 } 998 BUG(); /* This must not happen. */ 999 return false; 1000} 1001 1002/** 1003 * tomoyo_read_domain_policy - Read domain policy. 1004 * 1005 * @head: Pointer to "struct tomoyo_io_buffer". 1006 * 1007 * Returns 0. 1008 * 1009 * Caller holds tomoyo_read_lock(). 1010 */ 1011static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head) 1012{ 1013 struct list_head *dpos; 1014 struct list_head *apos; 1015 bool done = true; 1016 1017 if (head->read_eof) 1018 return 0; 1019 if (head->read_step == 0) 1020 head->read_step = 1; 1021 list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) { 1022 struct tomoyo_domain_info *domain; 1023 const char *quota_exceeded = ""; 1024 const char *transition_failed = ""; 1025 const char *ignore_global_allow_read = ""; 1026 domain = list_entry(dpos, struct tomoyo_domain_info, list); 1027 if (head->read_step != 1) 1028 goto acl_loop; 1029 if (domain->is_deleted && !head->read_single_domain) 1030 continue; 1031 /* Print domainname and flags. */ 1032 if (domain->quota_warned) 1033 quota_exceeded = "quota_exceeded\n"; 1034 if (domain->transition_failed) 1035 transition_failed = "transition_failed\n"; 1036 if (domain->ignore_global_allow_read) 1037 ignore_global_allow_read 1038 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n"; 1039 done = tomoyo_io_printf(head, "%s\n" TOMOYO_KEYWORD_USE_PROFILE 1040 "%u\n%s%s%s\n", 1041 domain->domainname->name, 1042 domain->profile, quota_exceeded, 1043 transition_failed, 1044 ignore_global_allow_read); 1045 if (!done) 1046 break; 1047 head->read_step = 2; 1048acl_loop: 1049 if (head->read_step == 3) 1050 goto tail_mark; 1051 /* Print ACL entries in the domain. */ 1052 list_for_each_cookie(apos, head->read_var2, 1053 &domain->acl_info_list) { 1054 struct tomoyo_acl_info *ptr 1055 = list_entry(apos, struct tomoyo_acl_info, 1056 list); 1057 done = tomoyo_print_entry(head, ptr); 1058 if (!done) 1059 break; 1060 } 1061 if (!done) 1062 break; 1063 head->read_step = 3; 1064tail_mark: 1065 done = tomoyo_io_printf(head, "\n"); 1066 if (!done) 1067 break; 1068 head->read_step = 1; 1069 if (head->read_single_domain) 1070 break; 1071 } 1072 head->read_eof = done; 1073 return 0; 1074} 1075 1076/** 1077 * tomoyo_write_domain_profile - Assign profile for specified domain. 1078 * 1079 * @head: Pointer to "struct tomoyo_io_buffer". 1080 * 1081 * Returns 0 on success, -EINVAL otherwise. 1082 * 1083 * This is equivalent to doing 1084 * 1085 * ( echo "select " $domainname; echo "use_profile " $profile ) | 1086 * /usr/sbin/tomoyo-loadpolicy -d 1087 * 1088 * Caller holds tomoyo_read_lock(). 1089 */ 1090static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) 1091{ 1092 char *data = head->write_buf; 1093 char *cp = strchr(data, ' '); 1094 struct tomoyo_domain_info *domain; 1095 unsigned long profile; 1096 1097 if (!cp) 1098 return -EINVAL; 1099 *cp = '\0'; 1100 domain = tomoyo_find_domain(cp + 1); 1101 if (strict_strtoul(data, 10, &profile)) 1102 return -EINVAL; 1103 if (domain && profile < TOMOYO_MAX_PROFILES 1104 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)) 1105 domain->profile = (u8) profile; 1106 return 0; 1107} 1108 1109/** 1110 * tomoyo_read_domain_profile - Read only domainname and profile. 1111 * 1112 * @head: Pointer to "struct tomoyo_io_buffer". 1113 * 1114 * Returns list of profile number and domainname pairs. 1115 * 1116 * This is equivalent to doing 1117 * 1118 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy | 1119 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" ) 1120 * domainname = $0; } else if ( $1 == "use_profile" ) { 1121 * print $2 " " domainname; domainname = ""; } } ; ' 1122 * 1123 * Caller holds tomoyo_read_lock(). 1124 */ 1125static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head) 1126{ 1127 struct list_head *pos; 1128 bool done = true; 1129 1130 if (head->read_eof) 1131 return 0; 1132 list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) { 1133 struct tomoyo_domain_info *domain; 1134 domain = list_entry(pos, struct tomoyo_domain_info, list); 1135 if (domain->is_deleted) 1136 continue; 1137 done = tomoyo_io_printf(head, "%u %s\n", domain->profile, 1138 domain->domainname->name); 1139 if (!done) 1140 break; 1141 } 1142 head->read_eof = done; 1143 return 0; 1144} 1145 1146/** 1147 * tomoyo_write_pid: Specify PID to obtain domainname. 1148 * 1149 * @head: Pointer to "struct tomoyo_io_buffer". 1150 * 1151 * Returns 0. 1152 */ 1153static int tomoyo_write_pid(struct tomoyo_io_buffer *head) 1154{ 1155 unsigned long pid; 1156 /* No error check. */ 1157 strict_strtoul(head->write_buf, 10, &pid); 1158 head->read_step = (int) pid; 1159 head->read_eof = false; 1160 return 0; 1161} 1162 1163/** 1164 * tomoyo_read_pid - Get domainname of the specified PID. 1165 * 1166 * @head: Pointer to "struct tomoyo_io_buffer". 1167 * 1168 * Returns the domainname which the specified PID is in on success, 1169 * empty string otherwise. 1170 * The PID is specified by tomoyo_write_pid() so that the user can obtain 1171 * using read()/write() interface rather than sysctl() interface. 1172 */ 1173static int tomoyo_read_pid(struct tomoyo_io_buffer *head) 1174{ 1175 if (head->read_avail == 0 && !head->read_eof) { 1176 const int pid = head->read_step; 1177 struct task_struct *p; 1178 struct tomoyo_domain_info *domain = NULL; 1179 rcu_read_lock(); 1180 read_lock(&tasklist_lock); 1181 p = find_task_by_vpid(pid); 1182 if (p) 1183 domain = tomoyo_real_domain(p); 1184 read_unlock(&tasklist_lock); 1185 rcu_read_unlock(); 1186 if (domain) 1187 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile, 1188 domain->domainname->name); 1189 head->read_eof = true; 1190 } 1191 return 0; 1192} 1193 1194/** 1195 * tomoyo_write_exception_policy - Write exception policy. 1196 * 1197 * @head: Pointer to "struct tomoyo_io_buffer". 1198 * 1199 * Returns 0 on success, negative value otherwise. 1200 * 1201 * Caller holds tomoyo_read_lock(). 1202 */ 1203static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head) 1204{ 1205 char *data = head->write_buf; 1206 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1207 1208 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_KEEP_DOMAIN)) 1209 return tomoyo_write_domain_keeper_policy(data, false, 1210 is_delete); 1211 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_KEEP_DOMAIN)) 1212 return tomoyo_write_domain_keeper_policy(data, true, is_delete); 1213 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_INITIALIZE_DOMAIN)) 1214 return tomoyo_write_domain_initializer_policy(data, false, 1215 is_delete); 1216 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN)) 1217 return tomoyo_write_domain_initializer_policy(data, true, 1218 is_delete); 1219 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR)) 1220 return tomoyo_write_aggregator_policy(data, is_delete); 1221 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS)) 1222 return tomoyo_write_alias_policy(data, is_delete); 1223 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ)) 1224 return tomoyo_write_globally_readable_policy(data, is_delete); 1225 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN)) 1226 return tomoyo_write_pattern_policy(data, is_delete); 1227 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE)) 1228 return tomoyo_write_no_rewrite_policy(data, is_delete); 1229 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_PATH_GROUP)) 1230 return tomoyo_write_path_group_policy(data, is_delete); 1231 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NUMBER_GROUP)) 1232 return tomoyo_write_number_group_policy(data, is_delete); 1233 return -EINVAL; 1234} 1235 1236/** 1237 * tomoyo_read_exception_policy - Read exception policy. 1238 * 1239 * @head: Pointer to "struct tomoyo_io_buffer". 1240 * 1241 * Returns 0 on success, -EINVAL otherwise. 1242 * 1243 * Caller holds tomoyo_read_lock(). 1244 */ 1245static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head) 1246{ 1247 if (!head->read_eof) { 1248 switch (head->read_step) { 1249 case 0: 1250 head->read_var2 = NULL; 1251 head->read_step = 1; 1252 case 1: 1253 if (!tomoyo_read_domain_keeper_policy(head)) 1254 break; 1255 head->read_var2 = NULL; 1256 head->read_step = 2; 1257 case 2: 1258 if (!tomoyo_read_globally_readable_policy(head)) 1259 break; 1260 head->read_var2 = NULL; 1261 head->read_step = 3; 1262 case 3: 1263 head->read_var2 = NULL; 1264 head->read_step = 4; 1265 case 4: 1266 if (!tomoyo_read_domain_initializer_policy(head)) 1267 break; 1268 head->read_var2 = NULL; 1269 head->read_step = 5; 1270 case 5: 1271 if (!tomoyo_read_alias_policy(head)) 1272 break; 1273 head->read_var2 = NULL; 1274 head->read_step = 6; 1275 case 6: 1276 if (!tomoyo_read_aggregator_policy(head)) 1277 break; 1278 head->read_var2 = NULL; 1279 head->read_step = 7; 1280 case 7: 1281 if (!tomoyo_read_file_pattern(head)) 1282 break; 1283 head->read_var2 = NULL; 1284 head->read_step = 8; 1285 case 8: 1286 if (!tomoyo_read_no_rewrite_policy(head)) 1287 break; 1288 head->read_var2 = NULL; 1289 head->read_step = 9; 1290 case 9: 1291 if (!tomoyo_read_path_group_policy(head)) 1292 break; 1293 head->read_var1 = NULL; 1294 head->read_var2 = NULL; 1295 head->read_step = 10; 1296 case 10: 1297 if (!tomoyo_read_number_group_policy(head)) 1298 break; 1299 head->read_var1 = NULL; 1300 head->read_var2 = NULL; 1301 head->read_step = 11; 1302 case 11: 1303 head->read_eof = true; 1304 break; 1305 default: 1306 return -EINVAL; 1307 } 1308 } 1309 return 0; 1310} 1311 1312/** 1313 * tomoyo_print_header - Get header line of audit log. 1314 * 1315 * @r: Pointer to "struct tomoyo_request_info". 1316 * 1317 * Returns string representation. 1318 * 1319 * This function uses kmalloc(), so caller must kfree() if this function 1320 * didn't return NULL. 1321 */ 1322static char *tomoyo_print_header(struct tomoyo_request_info *r) 1323{ 1324 static const char *tomoyo_mode_4[4] = { 1325 "disabled", "learning", "permissive", "enforcing" 1326 }; 1327 struct timeval tv; 1328 const pid_t gpid = task_pid_nr(current); 1329 static const int tomoyo_buffer_len = 4096; 1330 char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS); 1331 if (!buffer) 1332 return NULL; 1333 do_gettimeofday(&tv); 1334 snprintf(buffer, tomoyo_buffer_len - 1, 1335 "#timestamp=%lu profile=%u mode=%s (global-pid=%u)" 1336 " task={ pid=%u ppid=%u uid=%u gid=%u euid=%u" 1337 " egid=%u suid=%u sgid=%u fsuid=%u fsgid=%u }", 1338 tv.tv_sec, r->profile, tomoyo_mode_4[r->mode], gpid, 1339 (pid_t) sys_getpid(), (pid_t) sys_getppid(), 1340 current_uid(), current_gid(), current_euid(), 1341 current_egid(), current_suid(), current_sgid(), 1342 current_fsuid(), current_fsgid()); 1343 return buffer; 1344} 1345 1346/** 1347 * tomoyo_init_audit_log - Allocate buffer for audit logs. 1348 * 1349 * @len: Required size. 1350 * @r: Pointer to "struct tomoyo_request_info". 1351 * 1352 * Returns pointer to allocated memory. 1353 * 1354 * The @len is updated to add the header lines' size on success. 1355 * 1356 * This function uses kzalloc(), so caller must kfree() if this function 1357 * didn't return NULL. 1358 */ 1359static char *tomoyo_init_audit_log(int *len, struct tomoyo_request_info *r) 1360{ 1361 char *buf = NULL; 1362 const char *header; 1363 const char *domainname; 1364 if (!r->domain) 1365 r->domain = tomoyo_domain(); 1366 domainname = r->domain->domainname->name; 1367 header = tomoyo_print_header(r); 1368 if (!header) 1369 return NULL; 1370 *len += strlen(domainname) + strlen(header) + 10; 1371 buf = kzalloc(*len, GFP_NOFS); 1372 if (buf) 1373 snprintf(buf, (*len) - 1, "%s\n%s\n", header, domainname); 1374 kfree(header); 1375 return buf; 1376} 1377 1378/* Wait queue for tomoyo_query_list. */ 1379static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait); 1380 1381/* Lock for manipulating tomoyo_query_list. */ 1382static DEFINE_SPINLOCK(tomoyo_query_list_lock); 1383 1384/* Structure for query. */ 1385struct tomoyo_query_entry { 1386 struct list_head list; 1387 char *query; 1388 int query_len; 1389 unsigned int serial; 1390 int timer; 1391 int answer; 1392}; 1393 1394/* The list for "struct tomoyo_query_entry". */ 1395static LIST_HEAD(tomoyo_query_list); 1396 1397/* 1398 * Number of "struct file" referring /sys/kernel/security/tomoyo/query 1399 * interface. 1400 */ 1401static atomic_t tomoyo_query_observers = ATOMIC_INIT(0); 1402 1403/** 1404 * tomoyo_supervisor - Ask for the supervisor's decision. 1405 * 1406 * @r: Pointer to "struct tomoyo_request_info". 1407 * @fmt: The printf()'s format string, followed by parameters. 1408 * 1409 * Returns 0 if the supervisor decided to permit the access request which 1410 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the 1411 * supervisor decided to retry the access request which violated the policy in 1412 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise. 1413 */ 1414int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) 1415{ 1416 va_list args; 1417 int error = -EPERM; 1418 int pos; 1419 int len; 1420 static unsigned int tomoyo_serial; 1421 struct tomoyo_query_entry *tomoyo_query_entry = NULL; 1422 bool quota_exceeded = false; 1423 char *header; 1424 switch (r->mode) { 1425 char *buffer; 1426 case TOMOYO_CONFIG_LEARNING: 1427 if (!tomoyo_domain_quota_is_ok(r)) 1428 return 0; 1429 va_start(args, fmt); 1430 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4; 1431 va_end(args); 1432 buffer = kmalloc(len, GFP_NOFS); 1433 if (!buffer) 1434 return 0; 1435 va_start(args, fmt); 1436 vsnprintf(buffer, len - 1, fmt, args); 1437 va_end(args); 1438 tomoyo_normalize_line(buffer); 1439 tomoyo_write_domain_policy2(buffer, r->domain, false); 1440 kfree(buffer); 1441 /* fall through */ 1442 case TOMOYO_CONFIG_PERMISSIVE: 1443 return 0; 1444 } 1445 if (!r->domain) 1446 r->domain = tomoyo_domain(); 1447 if (!atomic_read(&tomoyo_query_observers)) 1448 return -EPERM; 1449 va_start(args, fmt); 1450 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32; 1451 va_end(args); 1452 header = tomoyo_init_audit_log(&len, r); 1453 if (!header) 1454 goto out; 1455 tomoyo_query_entry = kzalloc(sizeof(*tomoyo_query_entry), GFP_NOFS); 1456 if (!tomoyo_query_entry) 1457 goto out; 1458 tomoyo_query_entry->query = kzalloc(len, GFP_NOFS); 1459 if (!tomoyo_query_entry->query) 1460 goto out; 1461 len = ksize(tomoyo_query_entry->query); 1462 INIT_LIST_HEAD(&tomoyo_query_entry->list); 1463 spin_lock(&tomoyo_query_list_lock); 1464 if (tomoyo_quota_for_query && tomoyo_query_memory_size + len + 1465 sizeof(*tomoyo_query_entry) >= tomoyo_quota_for_query) { 1466 quota_exceeded = true; 1467 } else { 1468 tomoyo_query_memory_size += len + sizeof(*tomoyo_query_entry); 1469 tomoyo_query_entry->serial = tomoyo_serial++; 1470 } 1471 spin_unlock(&tomoyo_query_list_lock); 1472 if (quota_exceeded) 1473 goto out; 1474 pos = snprintf(tomoyo_query_entry->query, len - 1, "Q%u-%hu\n%s", 1475 tomoyo_query_entry->serial, r->retry, header); 1476 kfree(header); 1477 header = NULL; 1478 va_start(args, fmt); 1479 vsnprintf(tomoyo_query_entry->query + pos, len - 1 - pos, fmt, args); 1480 tomoyo_query_entry->query_len = strlen(tomoyo_query_entry->query) + 1; 1481 va_end(args); 1482 spin_lock(&tomoyo_query_list_lock); 1483 list_add_tail(&tomoyo_query_entry->list, &tomoyo_query_list); 1484 spin_unlock(&tomoyo_query_list_lock); 1485 /* Give 10 seconds for supervisor's opinion. */ 1486 for (tomoyo_query_entry->timer = 0; 1487 atomic_read(&tomoyo_query_observers) && tomoyo_query_entry->timer < 100; 1488 tomoyo_query_entry->timer++) { 1489 wake_up(&tomoyo_query_wait); 1490 set_current_state(TASK_INTERRUPTIBLE); 1491 schedule_timeout(HZ / 10); 1492 if (tomoyo_query_entry->answer) 1493 break; 1494 } 1495 spin_lock(&tomoyo_query_list_lock); 1496 list_del(&tomoyo_query_entry->list); 1497 tomoyo_query_memory_size -= len + sizeof(*tomoyo_query_entry); 1498 spin_unlock(&tomoyo_query_list_lock); 1499 switch (tomoyo_query_entry->answer) { 1500 case 3: /* Asked to retry by administrator. */ 1501 error = TOMOYO_RETRY_REQUEST; 1502 r->retry++; 1503 break; 1504 case 1: 1505 /* Granted by administrator. */ 1506 error = 0; 1507 break; 1508 case 0: 1509 /* Timed out. */ 1510 break; 1511 default: 1512 /* Rejected by administrator. */ 1513 break; 1514 } 1515 out: 1516 if (tomoyo_query_entry) 1517 kfree(tomoyo_query_entry->query); 1518 kfree(tomoyo_query_entry); 1519 kfree(header); 1520 return error; 1521} 1522 1523/** 1524 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query. 1525 * 1526 * @file: Pointer to "struct file". 1527 * @wait: Pointer to "poll_table". 1528 * 1529 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise. 1530 * 1531 * Waits for access requests which violated policy in enforcing mode. 1532 */ 1533static int tomoyo_poll_query(struct file *file, poll_table *wait) 1534{ 1535 struct list_head *tmp; 1536 bool found = false; 1537 u8 i; 1538 for (i = 0; i < 2; i++) { 1539 spin_lock(&tomoyo_query_list_lock); 1540 list_for_each(tmp, &tomoyo_query_list) { 1541 struct tomoyo_query_entry *ptr 1542 = list_entry(tmp, struct tomoyo_query_entry, 1543 list); 1544 if (ptr->answer) 1545 continue; 1546 found = true; 1547 break; 1548 } 1549 spin_unlock(&tomoyo_query_list_lock); 1550 if (found) 1551 return POLLIN | POLLRDNORM; 1552 if (i) 1553 break; 1554 poll_wait(file, &tomoyo_query_wait, wait); 1555 } 1556 return 0; 1557} 1558 1559/** 1560 * tomoyo_read_query - Read access requests which violated policy in enforcing mode. 1561 * 1562 * @head: Pointer to "struct tomoyo_io_buffer". 1563 * 1564 * Returns 0. 1565 */ 1566static int tomoyo_read_query(struct tomoyo_io_buffer *head) 1567{ 1568 struct list_head *tmp; 1569 int pos = 0; 1570 int len = 0; 1571 char *buf; 1572 if (head->read_avail) 1573 return 0; 1574 if (head->read_buf) { 1575 kfree(head->read_buf); 1576 head->read_buf = NULL; 1577 head->readbuf_size = 0; 1578 } 1579 spin_lock(&tomoyo_query_list_lock); 1580 list_for_each(tmp, &tomoyo_query_list) { 1581 struct tomoyo_query_entry *ptr 1582 = list_entry(tmp, struct tomoyo_query_entry, list); 1583 if (ptr->answer) 1584 continue; 1585 if (pos++ != head->read_step) 1586 continue; 1587 len = ptr->query_len; 1588 break; 1589 } 1590 spin_unlock(&tomoyo_query_list_lock); 1591 if (!len) { 1592 head->read_step = 0; 1593 return 0; 1594 } 1595 buf = kzalloc(len, GFP_NOFS); 1596 if (!buf) 1597 return 0; 1598 pos = 0; 1599 spin_lock(&tomoyo_query_list_lock); 1600 list_for_each(tmp, &tomoyo_query_list) { 1601 struct tomoyo_query_entry *ptr 1602 = list_entry(tmp, struct tomoyo_query_entry, list); 1603 if (ptr->answer) 1604 continue; 1605 if (pos++ != head->read_step) 1606 continue; 1607 /* 1608 * Some query can be skipped because tomoyo_query_list 1609 * can change, but I don't care. 1610 */ 1611 if (len == ptr->query_len) 1612 memmove(buf, ptr->query, len); 1613 break; 1614 } 1615 spin_unlock(&tomoyo_query_list_lock); 1616 if (buf[0]) { 1617 head->read_avail = len; 1618 head->readbuf_size = head->read_avail; 1619 head->read_buf = buf; 1620 head->read_step++; 1621 } else { 1622 kfree(buf); 1623 } 1624 return 0; 1625} 1626 1627/** 1628 * tomoyo_write_answer - Write the supervisor's decision. 1629 * 1630 * @head: Pointer to "struct tomoyo_io_buffer". 1631 * 1632 * Returns 0 on success, -EINVAL otherwise. 1633 */ 1634static int tomoyo_write_answer(struct tomoyo_io_buffer *head) 1635{ 1636 char *data = head->write_buf; 1637 struct list_head *tmp; 1638 unsigned int serial; 1639 unsigned int answer; 1640 spin_lock(&tomoyo_query_list_lock); 1641 list_for_each(tmp, &tomoyo_query_list) { 1642 struct tomoyo_query_entry *ptr 1643 = list_entry(tmp, struct tomoyo_query_entry, list); 1644 ptr->timer = 0; 1645 } 1646 spin_unlock(&tomoyo_query_list_lock); 1647 if (sscanf(data, "A%u=%u", &serial, &answer) != 2) 1648 return -EINVAL; 1649 spin_lock(&tomoyo_query_list_lock); 1650 list_for_each(tmp, &tomoyo_query_list) { 1651 struct tomoyo_query_entry *ptr 1652 = list_entry(tmp, struct tomoyo_query_entry, list); 1653 if (ptr->serial != serial) 1654 continue; 1655 if (!ptr->answer) 1656 ptr->answer = answer; 1657 break; 1658 } 1659 spin_unlock(&tomoyo_query_list_lock); 1660 return 0; 1661} 1662 1663/** 1664 * tomoyo_read_version: Get version. 1665 * 1666 * @head: Pointer to "struct tomoyo_io_buffer". 1667 * 1668 * Returns version information. 1669 */ 1670static int tomoyo_read_version(struct tomoyo_io_buffer *head) 1671{ 1672 if (!head->read_eof) { 1673 tomoyo_io_printf(head, "2.3.0-pre"); 1674 head->read_eof = true; 1675 } 1676 return 0; 1677} 1678 1679/** 1680 * tomoyo_read_self_domain - Get the current process's domainname. 1681 * 1682 * @head: Pointer to "struct tomoyo_io_buffer". 1683 * 1684 * Returns the current process's domainname. 1685 */ 1686static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head) 1687{ 1688 if (!head->read_eof) { 1689 /* 1690 * tomoyo_domain()->domainname != NULL 1691 * because every process belongs to a domain and 1692 * the domain's name cannot be NULL. 1693 */ 1694 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name); 1695 head->read_eof = true; 1696 } 1697 return 0; 1698} 1699 1700/** 1701 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface. 1702 * 1703 * @type: Type of interface. 1704 * @file: Pointer to "struct file". 1705 * 1706 * Associates policy handler and returns 0 on success, -ENOMEM otherwise. 1707 * 1708 * Caller acquires tomoyo_read_lock(). 1709 */ 1710int tomoyo_open_control(const u8 type, struct file *file) 1711{ 1712 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS); 1713 1714 if (!head) 1715 return -ENOMEM; 1716 mutex_init(&head->io_sem); 1717 head->type = type; 1718 switch (type) { 1719 case TOMOYO_DOMAINPOLICY: 1720 /* /sys/kernel/security/tomoyo/domain_policy */ 1721 head->write = tomoyo_write_domain_policy; 1722 head->read = tomoyo_read_domain_policy; 1723 break; 1724 case TOMOYO_EXCEPTIONPOLICY: 1725 /* /sys/kernel/security/tomoyo/exception_policy */ 1726 head->write = tomoyo_write_exception_policy; 1727 head->read = tomoyo_read_exception_policy; 1728 break; 1729 case TOMOYO_SELFDOMAIN: 1730 /* /sys/kernel/security/tomoyo/self_domain */ 1731 head->read = tomoyo_read_self_domain; 1732 break; 1733 case TOMOYO_DOMAIN_STATUS: 1734 /* /sys/kernel/security/tomoyo/.domain_status */ 1735 head->write = tomoyo_write_domain_profile; 1736 head->read = tomoyo_read_domain_profile; 1737 break; 1738 case TOMOYO_PROCESS_STATUS: 1739 /* /sys/kernel/security/tomoyo/.process_status */ 1740 head->write = tomoyo_write_pid; 1741 head->read = tomoyo_read_pid; 1742 break; 1743 case TOMOYO_VERSION: 1744 /* /sys/kernel/security/tomoyo/version */ 1745 head->read = tomoyo_read_version; 1746 head->readbuf_size = 128; 1747 break; 1748 case TOMOYO_MEMINFO: 1749 /* /sys/kernel/security/tomoyo/meminfo */ 1750 head->write = tomoyo_write_memory_quota; 1751 head->read = tomoyo_read_memory_counter; 1752 head->readbuf_size = 512; 1753 break; 1754 case TOMOYO_PROFILE: 1755 /* /sys/kernel/security/tomoyo/profile */ 1756 head->write = tomoyo_write_profile; 1757 head->read = tomoyo_read_profile; 1758 break; 1759 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */ 1760 head->poll = tomoyo_poll_query; 1761 head->write = tomoyo_write_answer; 1762 head->read = tomoyo_read_query; 1763 break; 1764 case TOMOYO_MANAGER: 1765 /* /sys/kernel/security/tomoyo/manager */ 1766 head->write = tomoyo_write_manager_policy; 1767 head->read = tomoyo_read_manager_policy; 1768 break; 1769 } 1770 if (!(file->f_mode & FMODE_READ)) { 1771 /* 1772 * No need to allocate read_buf since it is not opened 1773 * for reading. 1774 */ 1775 head->read = NULL; 1776 head->poll = NULL; 1777 } else if (!head->poll) { 1778 /* Don't allocate read_buf for poll() access. */ 1779 if (!head->readbuf_size) 1780 head->readbuf_size = 4096 * 2; 1781 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS); 1782 if (!head->read_buf) { 1783 kfree(head); 1784 return -ENOMEM; 1785 } 1786 } 1787 if (!(file->f_mode & FMODE_WRITE)) { 1788 /* 1789 * No need to allocate write_buf since it is not opened 1790 * for writing. 1791 */ 1792 head->write = NULL; 1793 } else if (head->write) { 1794 head->writebuf_size = 4096 * 2; 1795 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS); 1796 if (!head->write_buf) { 1797 kfree(head->read_buf); 1798 kfree(head); 1799 return -ENOMEM; 1800 } 1801 } 1802 if (type != TOMOYO_QUERY) 1803 head->reader_idx = tomoyo_read_lock(); 1804 file->private_data = head; 1805 /* 1806 * Call the handler now if the file is 1807 * /sys/kernel/security/tomoyo/self_domain 1808 * so that the user can use 1809 * cat < /sys/kernel/security/tomoyo/self_domain" 1810 * to know the current process's domainname. 1811 */ 1812 if (type == TOMOYO_SELFDOMAIN) 1813 tomoyo_read_control(file, NULL, 0); 1814 /* 1815 * If the file is /sys/kernel/security/tomoyo/query , increment the 1816 * observer counter. 1817 * The obserber counter is used by tomoyo_supervisor() to see if 1818 * there is some process monitoring /sys/kernel/security/tomoyo/query. 1819 */ 1820 else if (type == TOMOYO_QUERY) 1821 atomic_inc(&tomoyo_query_observers); 1822 return 0; 1823} 1824 1825/** 1826 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface. 1827 * 1828 * @file: Pointer to "struct file". 1829 * @wait: Pointer to "poll_table". 1830 * 1831 * Waits for read readiness. 1832 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd . 1833 */ 1834int tomoyo_poll_control(struct file *file, poll_table *wait) 1835{ 1836 struct tomoyo_io_buffer *head = file->private_data; 1837 if (!head->poll) 1838 return -ENOSYS; 1839 return head->poll(file, wait); 1840} 1841 1842/** 1843 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 1844 * 1845 * @file: Pointer to "struct file". 1846 * @buffer: Poiner to buffer to write to. 1847 * @buffer_len: Size of @buffer. 1848 * 1849 * Returns bytes read on success, negative value otherwise. 1850 * 1851 * Caller holds tomoyo_read_lock(). 1852 */ 1853int tomoyo_read_control(struct file *file, char __user *buffer, 1854 const int buffer_len) 1855{ 1856 int len = 0; 1857 struct tomoyo_io_buffer *head = file->private_data; 1858 char *cp; 1859 1860 if (!head->read) 1861 return -ENOSYS; 1862 if (mutex_lock_interruptible(&head->io_sem)) 1863 return -EINTR; 1864 /* Call the policy handler. */ 1865 len = head->read(head); 1866 if (len < 0) 1867 goto out; 1868 /* Write to buffer. */ 1869 len = head->read_avail; 1870 if (len > buffer_len) 1871 len = buffer_len; 1872 if (!len) 1873 goto out; 1874 /* head->read_buf changes by some functions. */ 1875 cp = head->read_buf; 1876 if (copy_to_user(buffer, cp, len)) { 1877 len = -EFAULT; 1878 goto out; 1879 } 1880 head->read_avail -= len; 1881 memmove(cp, cp + len, head->read_avail); 1882 out: 1883 mutex_unlock(&head->io_sem); 1884 return len; 1885} 1886 1887/** 1888 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. 1889 * 1890 * @file: Pointer to "struct file". 1891 * @buffer: Pointer to buffer to read from. 1892 * @buffer_len: Size of @buffer. 1893 * 1894 * Returns @buffer_len on success, negative value otherwise. 1895 * 1896 * Caller holds tomoyo_read_lock(). 1897 */ 1898int tomoyo_write_control(struct file *file, const char __user *buffer, 1899 const int buffer_len) 1900{ 1901 struct tomoyo_io_buffer *head = file->private_data; 1902 int error = buffer_len; 1903 int avail_len = buffer_len; 1904 char *cp0 = head->write_buf; 1905 1906 if (!head->write) 1907 return -ENOSYS; 1908 if (!access_ok(VERIFY_READ, buffer, buffer_len)) 1909 return -EFAULT; 1910 /* Don't allow updating policies by non manager programs. */ 1911 if (head->write != tomoyo_write_pid && 1912 head->write != tomoyo_write_domain_policy && 1913 !tomoyo_policy_manager()) 1914 return -EPERM; 1915 if (mutex_lock_interruptible(&head->io_sem)) 1916 return -EINTR; 1917 /* Read a line and dispatch it to the policy handler. */ 1918 while (avail_len > 0) { 1919 char c; 1920 if (head->write_avail >= head->writebuf_size - 1) { 1921 error = -ENOMEM; 1922 break; 1923 } else if (get_user(c, buffer)) { 1924 error = -EFAULT; 1925 break; 1926 } 1927 buffer++; 1928 avail_len--; 1929 cp0[head->write_avail++] = c; 1930 if (c != '\n') 1931 continue; 1932 cp0[head->write_avail - 1] = '\0'; 1933 head->write_avail = 0; 1934 tomoyo_normalize_line(cp0); 1935 head->write(head); 1936 } 1937 mutex_unlock(&head->io_sem); 1938 return error; 1939} 1940 1941/** 1942 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface. 1943 * 1944 * @file: Pointer to "struct file". 1945 * 1946 * Releases memory and returns 0. 1947 * 1948 * Caller looses tomoyo_read_lock(). 1949 */ 1950int tomoyo_close_control(struct file *file) 1951{ 1952 struct tomoyo_io_buffer *head = file->private_data; 1953 const bool is_write = !!head->write_buf; 1954 1955 /* 1956 * If the file is /sys/kernel/security/tomoyo/query , decrement the 1957 * observer counter. 1958 */ 1959 if (head->type == TOMOYO_QUERY) 1960 atomic_dec(&tomoyo_query_observers); 1961 else 1962 tomoyo_read_unlock(head->reader_idx); 1963 /* Release memory used for policy I/O. */ 1964 kfree(head->read_buf); 1965 head->read_buf = NULL; 1966 kfree(head->write_buf); 1967 head->write_buf = NULL; 1968 kfree(head); 1969 head = NULL; 1970 file->private_data = NULL; 1971 if (is_write) 1972 tomoyo_run_gc(); 1973 return 0; 1974} 1975 1976/** 1977 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined. 1978 */ 1979void tomoyo_check_profile(void) 1980{ 1981 struct tomoyo_domain_info *domain; 1982 const int idx = tomoyo_read_lock(); 1983 tomoyo_policy_loaded = true; 1984 /* Check all profiles currently assigned to domains are defined. */ 1985 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1986 const u8 profile = domain->profile; 1987 if (tomoyo_profile_ptr[profile]) 1988 continue; 1989 panic("Profile %u (used by '%s') not defined.\n", 1990 profile, domain->domainname->name); 1991 } 1992 tomoyo_read_unlock(idx); 1993 if (tomoyo_profile_version != 20090903) 1994 panic("Profile version %u is not supported.\n", 1995 tomoyo_profile_version); 1996 printk(KERN_INFO "TOMOYO: 2.3.0-pre 2010/06/03\n"); 1997 printk(KERN_INFO "Mandatory Access Control activated.\n"); 1998} 1999