common.c revision 7ef612331fb219620cc1abfc2446bb027d388aa0
1/* 2 * security/tomoyo/common.c 3 * 4 * Common functions for TOMOYO. 5 * 6 * Copyright (C) 2005-2009 NTT DATA CORPORATION 7 * 8 * Version: 2.2.0 2009/04/01 9 * 10 */ 11 12#include <linux/uaccess.h> 13#include <linux/security.h> 14#include <linux/hardirq.h> 15#include "common.h" 16 17/* Lock for protecting policy. */ 18DEFINE_MUTEX(tomoyo_policy_lock); 19 20/* Has loading policy done? */ 21bool tomoyo_policy_loaded; 22 23/* String table for functionality that takes 4 modes. */ 24static const char *tomoyo_mode_4[4] = { 25 "disabled", "learning", "permissive", "enforcing" 26}; 27/* String table for functionality that takes 2 modes. */ 28static const char *tomoyo_mode_2[4] = { 29 "disabled", "enabled", "enabled", "enabled" 30}; 31 32/* 33 * tomoyo_control_array is a static data which contains 34 * 35 * (1) functionality name used by /sys/kernel/security/tomoyo/profile . 36 * (2) initial values for "struct tomoyo_profile". 37 * (3) max values for "struct tomoyo_profile". 38 */ 39static struct { 40 const char *keyword; 41 unsigned int current_value; 42 const unsigned int max_value; 43} tomoyo_control_array[TOMOYO_MAX_CONTROL_INDEX] = { 44 [TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, 45 [TOMOYO_MAX_ACCEPT_ENTRY] = { "MAX_ACCEPT_ENTRY", 2048, INT_MAX }, 46 [TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 }, 47}; 48 49/* 50 * tomoyo_profile is a structure which is used for holding the mode of access 51 * controls. TOMOYO has 4 modes: disabled, learning, permissive, enforcing. 52 * An administrator can define up to 256 profiles. 53 * The ->profile of "struct tomoyo_domain_info" is used for remembering 54 * the profile's number (0 - 255) assigned to that domain. 55 */ 56static struct tomoyo_profile { 57 unsigned int value[TOMOYO_MAX_CONTROL_INDEX]; 58 const struct tomoyo_path_info *comment; 59} *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES]; 60 61/* Permit policy management by non-root user? */ 62static bool tomoyo_manage_by_non_root; 63 64/* Utility functions. */ 65 66/* Open operation for /sys/kernel/security/tomoyo/ interface. */ 67static int tomoyo_open_control(const u8 type, struct file *file); 68/* Close /sys/kernel/security/tomoyo/ interface. */ 69static int tomoyo_close_control(struct file *file); 70/* Read operation for /sys/kernel/security/tomoyo/ interface. */ 71static int tomoyo_read_control(struct file *file, char __user *buffer, 72 const int buffer_len); 73/* Write operation for /sys/kernel/security/tomoyo/ interface. */ 74static int tomoyo_write_control(struct file *file, const char __user *buffer, 75 const int buffer_len); 76 77/** 78 * tomoyo_is_byte_range - Check whether the string isa \ooo style octal value. 79 * 80 * @str: Pointer to the string. 81 * 82 * Returns true if @str is a \ooo style octal value, false otherwise. 83 * 84 * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF. 85 * This function verifies that \ooo is in valid range. 86 */ 87static inline bool tomoyo_is_byte_range(const char *str) 88{ 89 return *str >= '0' && *str++ <= '3' && 90 *str >= '0' && *str++ <= '7' && 91 *str >= '0' && *str <= '7'; 92} 93 94/** 95 * tomoyo_is_alphabet_char - Check whether the character is an alphabet. 96 * 97 * @c: The character to check. 98 * 99 * Returns true if @c is an alphabet character, false otherwise. 100 */ 101static inline bool tomoyo_is_alphabet_char(const char c) 102{ 103 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z'); 104} 105 106/** 107 * tomoyo_make_byte - Make byte value from three octal characters. 108 * 109 * @c1: The first character. 110 * @c2: The second character. 111 * @c3: The third character. 112 * 113 * Returns byte value. 114 */ 115static inline u8 tomoyo_make_byte(const u8 c1, const u8 c2, const u8 c3) 116{ 117 return ((c1 - '0') << 6) + ((c2 - '0') << 3) + (c3 - '0'); 118} 119 120/** 121 * tomoyo_str_starts - Check whether the given string starts with the given keyword. 122 * 123 * @src: Pointer to pointer to the string. 124 * @find: Pointer to the keyword. 125 * 126 * Returns true if @src starts with @find, false otherwise. 127 * 128 * The @src is updated to point the first character after the @find 129 * if @src starts with @find. 130 */ 131static bool tomoyo_str_starts(char **src, const char *find) 132{ 133 const int len = strlen(find); 134 char *tmp = *src; 135 136 if (strncmp(tmp, find, len)) 137 return false; 138 tmp += len; 139 *src = tmp; 140 return true; 141} 142 143/** 144 * tomoyo_normalize_line - Format string. 145 * 146 * @buffer: The line to normalize. 147 * 148 * Leading and trailing whitespaces are removed. 149 * Multiple whitespaces are packed into single space. 150 * 151 * Returns nothing. 152 */ 153static void tomoyo_normalize_line(unsigned char *buffer) 154{ 155 unsigned char *sp = buffer; 156 unsigned char *dp = buffer; 157 bool first = true; 158 159 while (tomoyo_is_invalid(*sp)) 160 sp++; 161 while (*sp) { 162 if (!first) 163 *dp++ = ' '; 164 first = false; 165 while (tomoyo_is_valid(*sp)) 166 *dp++ = *sp++; 167 while (tomoyo_is_invalid(*sp)) 168 sp++; 169 } 170 *dp = '\0'; 171} 172 173/** 174 * tomoyo_is_correct_path - Validate a pathname. 175 * @filename: The pathname to check. 176 * @start_type: Should the pathname start with '/'? 177 * 1 = must / -1 = must not / 0 = don't care 178 * @pattern_type: Can the pathname contain a wildcard? 179 * 1 = must / -1 = must not / 0 = don't care 180 * @end_type: Should the pathname end with '/'? 181 * 1 = must / -1 = must not / 0 = don't care 182 * @function: The name of function calling me. 183 * 184 * Check whether the given filename follows the naming rules. 185 * Returns true if @filename follows the naming rules, false otherwise. 186 */ 187bool tomoyo_is_correct_path(const char *filename, const s8 start_type, 188 const s8 pattern_type, const s8 end_type, 189 const char *function) 190{ 191 const char *const start = filename; 192 bool in_repetition = false; 193 bool contains_pattern = false; 194 unsigned char c; 195 unsigned char d; 196 unsigned char e; 197 const char *original_filename = filename; 198 199 if (!filename) 200 goto out; 201 c = *filename; 202 if (start_type == 1) { /* Must start with '/' */ 203 if (c != '/') 204 goto out; 205 } else if (start_type == -1) { /* Must not start with '/' */ 206 if (c == '/') 207 goto out; 208 } 209 if (c) 210 c = *(filename + strlen(filename) - 1); 211 if (end_type == 1) { /* Must end with '/' */ 212 if (c != '/') 213 goto out; 214 } else if (end_type == -1) { /* Must not end with '/' */ 215 if (c == '/') 216 goto out; 217 } 218 while (1) { 219 c = *filename++; 220 if (!c) 221 break; 222 if (c == '\\') { 223 c = *filename++; 224 switch (c) { 225 case '\\': /* "\\" */ 226 continue; 227 case '$': /* "\$" */ 228 case '+': /* "\+" */ 229 case '?': /* "\?" */ 230 case '*': /* "\*" */ 231 case '@': /* "\@" */ 232 case 'x': /* "\x" */ 233 case 'X': /* "\X" */ 234 case 'a': /* "\a" */ 235 case 'A': /* "\A" */ 236 case '-': /* "\-" */ 237 if (pattern_type == -1) 238 break; /* Must not contain pattern */ 239 contains_pattern = true; 240 continue; 241 case '{': /* "/\{" */ 242 if (filename - 3 < start || 243 *(filename - 3) != '/') 244 break; 245 if (pattern_type == -1) 246 break; /* Must not contain pattern */ 247 contains_pattern = true; 248 in_repetition = true; 249 continue; 250 case '}': /* "\}/" */ 251 if (*filename != '/') 252 break; 253 if (!in_repetition) 254 break; 255 in_repetition = false; 256 continue; 257 case '0': /* "\ooo" */ 258 case '1': 259 case '2': 260 case '3': 261 d = *filename++; 262 if (d < '0' || d > '7') 263 break; 264 e = *filename++; 265 if (e < '0' || e > '7') 266 break; 267 c = tomoyo_make_byte(c, d, e); 268 if (tomoyo_is_invalid(c)) 269 continue; /* pattern is not \000 */ 270 } 271 goto out; 272 } else if (in_repetition && c == '/') { 273 goto out; 274 } else if (tomoyo_is_invalid(c)) { 275 goto out; 276 } 277 } 278 if (pattern_type == 1) { /* Must contain pattern */ 279 if (!contains_pattern) 280 goto out; 281 } 282 if (in_repetition) 283 goto out; 284 return true; 285 out: 286 printk(KERN_DEBUG "%s: Invalid pathname '%s'\n", function, 287 original_filename); 288 return false; 289} 290 291/** 292 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules. 293 * @domainname: The domainname to check. 294 * @function: The name of function calling me. 295 * 296 * Returns true if @domainname follows the naming rules, false otherwise. 297 */ 298bool tomoyo_is_correct_domain(const unsigned char *domainname, 299 const char *function) 300{ 301 unsigned char c; 302 unsigned char d; 303 unsigned char e; 304 const char *org_domainname = domainname; 305 306 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, 307 TOMOYO_ROOT_NAME_LEN)) 308 goto out; 309 domainname += TOMOYO_ROOT_NAME_LEN; 310 if (!*domainname) 311 return true; 312 do { 313 if (*domainname++ != ' ') 314 goto out; 315 if (*domainname++ != '/') 316 goto out; 317 while ((c = *domainname) != '\0' && c != ' ') { 318 domainname++; 319 if (c == '\\') { 320 c = *domainname++; 321 switch ((c)) { 322 case '\\': /* "\\" */ 323 continue; 324 case '0': /* "\ooo" */ 325 case '1': 326 case '2': 327 case '3': 328 d = *domainname++; 329 if (d < '0' || d > '7') 330 break; 331 e = *domainname++; 332 if (e < '0' || e > '7') 333 break; 334 c = tomoyo_make_byte(c, d, e); 335 if (tomoyo_is_invalid(c)) 336 /* pattern is not \000 */ 337 continue; 338 } 339 goto out; 340 } else if (tomoyo_is_invalid(c)) { 341 goto out; 342 } 343 } 344 } while (*domainname); 345 return true; 346 out: 347 printk(KERN_DEBUG "%s: Invalid domainname '%s'\n", function, 348 org_domainname); 349 return false; 350} 351 352/** 353 * tomoyo_is_domain_def - Check whether the given token can be a domainname. 354 * 355 * @buffer: The token to check. 356 * 357 * Returns true if @buffer possibly be a domainname, false otherwise. 358 */ 359bool tomoyo_is_domain_def(const unsigned char *buffer) 360{ 361 return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); 362} 363 364/** 365 * tomoyo_find_domain - Find a domain by the given name. 366 * 367 * @domainname: The domainname to find. 368 * 369 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise. 370 * 371 * Caller holds tomoyo_read_lock(). 372 */ 373struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname) 374{ 375 struct tomoyo_domain_info *domain; 376 struct tomoyo_path_info name; 377 378 name.name = domainname; 379 tomoyo_fill_path_info(&name); 380 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 381 if (!domain->is_deleted && 382 !tomoyo_pathcmp(&name, domain->domainname)) 383 return domain; 384 } 385 return NULL; 386} 387 388/** 389 * tomoyo_const_part_length - Evaluate the initial length without a pattern in a token. 390 * 391 * @filename: The string to evaluate. 392 * 393 * Returns the initial length without a pattern in @filename. 394 */ 395static int tomoyo_const_part_length(const char *filename) 396{ 397 char c; 398 int len = 0; 399 400 if (!filename) 401 return 0; 402 while ((c = *filename++) != '\0') { 403 if (c != '\\') { 404 len++; 405 continue; 406 } 407 c = *filename++; 408 switch (c) { 409 case '\\': /* "\\" */ 410 len += 2; 411 continue; 412 case '0': /* "\ooo" */ 413 case '1': 414 case '2': 415 case '3': 416 c = *filename++; 417 if (c < '0' || c > '7') 418 break; 419 c = *filename++; 420 if (c < '0' || c > '7') 421 break; 422 len += 4; 423 continue; 424 } 425 break; 426 } 427 return len; 428} 429 430/** 431 * tomoyo_fill_path_info - Fill in "struct tomoyo_path_info" members. 432 * 433 * @ptr: Pointer to "struct tomoyo_path_info" to fill in. 434 * 435 * The caller sets "struct tomoyo_path_info"->name. 436 */ 437void tomoyo_fill_path_info(struct tomoyo_path_info *ptr) 438{ 439 const char *name = ptr->name; 440 const int len = strlen(name); 441 442 ptr->const_len = tomoyo_const_part_length(name); 443 ptr->is_dir = len && (name[len - 1] == '/'); 444 ptr->is_patterned = (ptr->const_len < len); 445 ptr->hash = full_name_hash(name, len); 446} 447 448/** 449 * tomoyo_file_matches_pattern2 - Pattern matching without '/' character 450 * and "\-" pattern. 451 * 452 * @filename: The start of string to check. 453 * @filename_end: The end of string to check. 454 * @pattern: The start of pattern to compare. 455 * @pattern_end: The end of pattern to compare. 456 * 457 * Returns true if @filename matches @pattern, false otherwise. 458 */ 459static bool tomoyo_file_matches_pattern2(const char *filename, 460 const char *filename_end, 461 const char *pattern, 462 const char *pattern_end) 463{ 464 while (filename < filename_end && pattern < pattern_end) { 465 char c; 466 if (*pattern != '\\') { 467 if (*filename++ != *pattern++) 468 return false; 469 continue; 470 } 471 c = *filename; 472 pattern++; 473 switch (*pattern) { 474 int i; 475 int j; 476 case '?': 477 if (c == '/') { 478 return false; 479 } else if (c == '\\') { 480 if (filename[1] == '\\') 481 filename++; 482 else if (tomoyo_is_byte_range(filename + 1)) 483 filename += 3; 484 else 485 return false; 486 } 487 break; 488 case '\\': 489 if (c != '\\') 490 return false; 491 if (*++filename != '\\') 492 return false; 493 break; 494 case '+': 495 if (!isdigit(c)) 496 return false; 497 break; 498 case 'x': 499 if (!isxdigit(c)) 500 return false; 501 break; 502 case 'a': 503 if (!tomoyo_is_alphabet_char(c)) 504 return false; 505 break; 506 case '0': 507 case '1': 508 case '2': 509 case '3': 510 if (c == '\\' && tomoyo_is_byte_range(filename + 1) 511 && strncmp(filename + 1, pattern, 3) == 0) { 512 filename += 3; 513 pattern += 2; 514 break; 515 } 516 return false; /* Not matched. */ 517 case '*': 518 case '@': 519 for (i = 0; i <= filename_end - filename; i++) { 520 if (tomoyo_file_matches_pattern2( 521 filename + i, filename_end, 522 pattern + 1, pattern_end)) 523 return true; 524 c = filename[i]; 525 if (c == '.' && *pattern == '@') 526 break; 527 if (c != '\\') 528 continue; 529 if (filename[i + 1] == '\\') 530 i++; 531 else if (tomoyo_is_byte_range(filename + i + 1)) 532 i += 3; 533 else 534 break; /* Bad pattern. */ 535 } 536 return false; /* Not matched. */ 537 default: 538 j = 0; 539 c = *pattern; 540 if (c == '$') { 541 while (isdigit(filename[j])) 542 j++; 543 } else if (c == 'X') { 544 while (isxdigit(filename[j])) 545 j++; 546 } else if (c == 'A') { 547 while (tomoyo_is_alphabet_char(filename[j])) 548 j++; 549 } 550 for (i = 1; i <= j; i++) { 551 if (tomoyo_file_matches_pattern2( 552 filename + i, filename_end, 553 pattern + 1, pattern_end)) 554 return true; 555 } 556 return false; /* Not matched or bad pattern. */ 557 } 558 filename++; 559 pattern++; 560 } 561 while (*pattern == '\\' && 562 (*(pattern + 1) == '*' || *(pattern + 1) == '@')) 563 pattern += 2; 564 return filename == filename_end && pattern == pattern_end; 565} 566 567/** 568 * tomoyo_file_matches_pattern - Pattern matching without without '/' character. 569 * 570 * @filename: The start of string to check. 571 * @filename_end: The end of string to check. 572 * @pattern: The start of pattern to compare. 573 * @pattern_end: The end of pattern to compare. 574 * 575 * Returns true if @filename matches @pattern, false otherwise. 576 */ 577static bool tomoyo_file_matches_pattern(const char *filename, 578 const char *filename_end, 579 const char *pattern, 580 const char *pattern_end) 581{ 582 const char *pattern_start = pattern; 583 bool first = true; 584 bool result; 585 586 while (pattern < pattern_end - 1) { 587 /* Split at "\-" pattern. */ 588 if (*pattern++ != '\\' || *pattern++ != '-') 589 continue; 590 result = tomoyo_file_matches_pattern2(filename, 591 filename_end, 592 pattern_start, 593 pattern - 2); 594 if (first) 595 result = !result; 596 if (result) 597 return false; 598 first = false; 599 pattern_start = pattern; 600 } 601 result = tomoyo_file_matches_pattern2(filename, filename_end, 602 pattern_start, pattern_end); 603 return first ? result : !result; 604} 605 606/** 607 * tomoyo_path_matches_pattern2 - Do pathname pattern matching. 608 * 609 * @f: The start of string to check. 610 * @p: The start of pattern to compare. 611 * 612 * Returns true if @f matches @p, false otherwise. 613 */ 614static bool tomoyo_path_matches_pattern2(const char *f, const char *p) 615{ 616 const char *f_delimiter; 617 const char *p_delimiter; 618 619 while (*f && *p) { 620 f_delimiter = strchr(f, '/'); 621 if (!f_delimiter) 622 f_delimiter = f + strlen(f); 623 p_delimiter = strchr(p, '/'); 624 if (!p_delimiter) 625 p_delimiter = p + strlen(p); 626 if (*p == '\\' && *(p + 1) == '{') 627 goto recursive; 628 if (!tomoyo_file_matches_pattern(f, f_delimiter, p, 629 p_delimiter)) 630 return false; 631 f = f_delimiter; 632 if (*f) 633 f++; 634 p = p_delimiter; 635 if (*p) 636 p++; 637 } 638 /* Ignore trailing "\*" and "\@" in @pattern. */ 639 while (*p == '\\' && 640 (*(p + 1) == '*' || *(p + 1) == '@')) 641 p += 2; 642 return !*f && !*p; 643 recursive: 644 /* 645 * The "\{" pattern is permitted only after '/' character. 646 * This guarantees that below "*(p - 1)" is safe. 647 * Also, the "\}" pattern is permitted only before '/' character 648 * so that "\{" + "\}" pair will not break the "\-" operator. 649 */ 650 if (*(p - 1) != '/' || p_delimiter <= p + 3 || *p_delimiter != '/' || 651 *(p_delimiter - 1) != '}' || *(p_delimiter - 2) != '\\') 652 return false; /* Bad pattern. */ 653 do { 654 /* Compare current component with pattern. */ 655 if (!tomoyo_file_matches_pattern(f, f_delimiter, p + 2, 656 p_delimiter - 2)) 657 break; 658 /* Proceed to next component. */ 659 f = f_delimiter; 660 if (!*f) 661 break; 662 f++; 663 /* Continue comparison. */ 664 if (tomoyo_path_matches_pattern2(f, p_delimiter + 1)) 665 return true; 666 f_delimiter = strchr(f, '/'); 667 } while (f_delimiter); 668 return false; /* Not matched. */ 669} 670 671/** 672 * tomoyo_path_matches_pattern - Check whether the given filename matches the given pattern. 673 * 674 * @filename: The filename to check. 675 * @pattern: The pattern to compare. 676 * 677 * Returns true if matches, false otherwise. 678 * 679 * The following patterns are available. 680 * \\ \ itself. 681 * \ooo Octal representation of a byte. 682 * \* Zero or more repetitions of characters other than '/'. 683 * \@ Zero or more repetitions of characters other than '/' or '.'. 684 * \? 1 byte character other than '/'. 685 * \$ One or more repetitions of decimal digits. 686 * \+ 1 decimal digit. 687 * \X One or more repetitions of hexadecimal digits. 688 * \x 1 hexadecimal digit. 689 * \A One or more repetitions of alphabet characters. 690 * \a 1 alphabet character. 691 * 692 * \- Subtraction operator. 693 * 694 * /\{dir\}/ '/' + 'One or more repetitions of dir/' (e.g. /dir/ /dir/dir/ 695 * /dir/dir/dir/ ). 696 */ 697bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, 698 const struct tomoyo_path_info *pattern) 699{ 700 const char *f = filename->name; 701 const char *p = pattern->name; 702 const int len = pattern->const_len; 703 704 /* If @pattern doesn't contain pattern, I can use strcmp(). */ 705 if (!pattern->is_patterned) 706 return !tomoyo_pathcmp(filename, pattern); 707 /* Don't compare directory and non-directory. */ 708 if (filename->is_dir != pattern->is_dir) 709 return false; 710 /* Compare the initial length without patterns. */ 711 if (strncmp(f, p, len)) 712 return false; 713 f += len; 714 p += len; 715 return tomoyo_path_matches_pattern2(f, p); 716} 717 718/** 719 * tomoyo_io_printf - Transactional printf() to "struct tomoyo_io_buffer" structure. 720 * 721 * @head: Pointer to "struct tomoyo_io_buffer". 722 * @fmt: The printf()'s format string, followed by parameters. 723 * 724 * Returns true if output was written, false otherwise. 725 * 726 * The snprintf() will truncate, but tomoyo_io_printf() won't. 727 */ 728bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 729{ 730 va_list args; 731 int len; 732 int pos = head->read_avail; 733 int size = head->readbuf_size - pos; 734 735 if (size <= 0) 736 return false; 737 va_start(args, fmt); 738 len = vsnprintf(head->read_buf + pos, size, fmt, args); 739 va_end(args); 740 if (pos + len >= head->readbuf_size) 741 return false; 742 head->read_avail += len; 743 return true; 744} 745 746/** 747 * tomoyo_get_exe - Get tomoyo_realpath() of current process. 748 * 749 * Returns the tomoyo_realpath() of current process on success, NULL otherwise. 750 * 751 * This function uses kzalloc(), so the caller must call kfree() 752 * if this function didn't return NULL. 753 */ 754static const char *tomoyo_get_exe(void) 755{ 756 struct mm_struct *mm = current->mm; 757 struct vm_area_struct *vma; 758 const char *cp = NULL; 759 760 if (!mm) 761 return NULL; 762 down_read(&mm->mmap_sem); 763 for (vma = mm->mmap; vma; vma = vma->vm_next) { 764 if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) { 765 cp = tomoyo_realpath_from_path(&vma->vm_file->f_path); 766 break; 767 } 768 } 769 up_read(&mm->mmap_sem); 770 return cp; 771} 772 773/** 774 * tomoyo_get_msg - Get warning message. 775 * 776 * @is_enforce: Is it enforcing mode? 777 * 778 * Returns "ERROR" or "WARNING". 779 */ 780const char *tomoyo_get_msg(const bool is_enforce) 781{ 782 if (is_enforce) 783 return "ERROR"; 784 else 785 return "WARNING"; 786} 787 788/** 789 * tomoyo_check_flags - Check mode for specified functionality. 790 * 791 * @domain: Pointer to "struct tomoyo_domain_info". 792 * @index: The functionality to check mode. 793 * 794 * TOMOYO checks only process context. 795 * This code disables TOMOYO's enforcement in case the function is called from 796 * interrupt context. 797 */ 798unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, 799 const u8 index) 800{ 801 const u8 profile = domain->profile; 802 803 if (WARN_ON(in_interrupt())) 804 return 0; 805 return tomoyo_policy_loaded && index < TOMOYO_MAX_CONTROL_INDEX 806#if TOMOYO_MAX_PROFILES != 256 807 && profile < TOMOYO_MAX_PROFILES 808#endif 809 && tomoyo_profile_ptr[profile] ? 810 tomoyo_profile_ptr[profile]->value[index] : 0; 811} 812 813/** 814 * tomoyo_verbose_mode - Check whether TOMOYO is verbose mode. 815 * 816 * @domain: Pointer to "struct tomoyo_domain_info". 817 * 818 * Returns true if domain policy violation warning should be printed to 819 * console. 820 */ 821bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain) 822{ 823 return tomoyo_check_flags(domain, TOMOYO_VERBOSE) != 0; 824} 825 826/** 827 * tomoyo_domain_quota_is_ok - Check for domain's quota. 828 * 829 * @domain: Pointer to "struct tomoyo_domain_info". 830 * 831 * Returns true if the domain is not exceeded quota, false otherwise. 832 * 833 * Caller holds tomoyo_read_lock(). 834 */ 835bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain) 836{ 837 unsigned int count = 0; 838 struct tomoyo_acl_info *ptr; 839 840 if (!domain) 841 return true; 842 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { 843 switch (ptr->type) { 844 struct tomoyo_path_acl *acl; 845 u32 perm; 846 u8 i; 847 case TOMOYO_TYPE_PATH_ACL: 848 acl = container_of(ptr, struct tomoyo_path_acl, head); 849 perm = acl->perm | (((u32) acl->perm_high) << 16); 850 for (i = 0; i < TOMOYO_MAX_PATH_OPERATION; i++) 851 if (perm & (1 << i)) 852 count++; 853 if (perm & (1 << TOMOYO_TYPE_READ_WRITE)) 854 count -= 2; 855 break; 856 case TOMOYO_TYPE_PATH2_ACL: 857 perm = container_of(ptr, struct tomoyo_path2_acl, head) 858 ->perm; 859 for (i = 0; i < TOMOYO_MAX_PATH2_OPERATION; i++) 860 if (perm & (1 << i)) 861 count++; 862 break; 863 } 864 } 865 if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY)) 866 return true; 867 if (!domain->quota_warned) { 868 domain->quota_warned = true; 869 printk(KERN_WARNING "TOMOYO-WARNING: " 870 "Domain '%s' has so many ACLs to hold. " 871 "Stopped learning mode.\n", domain->domainname->name); 872 } 873 return false; 874} 875 876/** 877 * tomoyo_find_or_assign_new_profile - Create a new profile. 878 * 879 * @profile: Profile number to create. 880 * 881 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. 882 */ 883static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned 884 int profile) 885{ 886 static DEFINE_MUTEX(lock); 887 struct tomoyo_profile *ptr = NULL; 888 int i; 889 890 if (profile >= TOMOYO_MAX_PROFILES) 891 return NULL; 892 mutex_lock(&lock); 893 ptr = tomoyo_profile_ptr[profile]; 894 if (ptr) 895 goto ok; 896 ptr = kmalloc(sizeof(*ptr), GFP_KERNEL); 897 if (!tomoyo_memory_ok(ptr)) { 898 kfree(ptr); 899 goto ok; 900 } 901 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) 902 ptr->value[i] = tomoyo_control_array[i].current_value; 903 mb(); /* Avoid out-of-order execution. */ 904 tomoyo_profile_ptr[profile] = ptr; 905 ok: 906 mutex_unlock(&lock); 907 return ptr; 908} 909 910/** 911 * tomoyo_write_profile - Write to profile table. 912 * 913 * @head: Pointer to "struct tomoyo_io_buffer". 914 * 915 * Returns 0 on success, negative value otherwise. 916 */ 917static int tomoyo_write_profile(struct tomoyo_io_buffer *head) 918{ 919 char *data = head->write_buf; 920 unsigned int i; 921 unsigned int value; 922 char *cp; 923 struct tomoyo_profile *profile; 924 unsigned long num; 925 926 cp = strchr(data, '-'); 927 if (cp) 928 *cp = '\0'; 929 if (strict_strtoul(data, 10, &num)) 930 return -EINVAL; 931 if (cp) 932 data = cp + 1; 933 profile = tomoyo_find_or_assign_new_profile(num); 934 if (!profile) 935 return -EINVAL; 936 cp = strchr(data, '='); 937 if (!cp) 938 return -EINVAL; 939 *cp = '\0'; 940 if (!strcmp(data, "COMMENT")) { 941 const struct tomoyo_path_info *old_comment = profile->comment; 942 profile->comment = tomoyo_get_name(cp + 1); 943 tomoyo_put_name(old_comment); 944 return 0; 945 } 946 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) { 947 if (strcmp(data, tomoyo_control_array[i].keyword)) 948 continue; 949 if (sscanf(cp + 1, "%u", &value) != 1) { 950 int j; 951 const char **modes; 952 switch (i) { 953 case TOMOYO_VERBOSE: 954 modes = tomoyo_mode_2; 955 break; 956 default: 957 modes = tomoyo_mode_4; 958 break; 959 } 960 for (j = 0; j < 4; j++) { 961 if (strcmp(cp + 1, modes[j])) 962 continue; 963 value = j; 964 break; 965 } 966 if (j == 4) 967 return -EINVAL; 968 } else if (value > tomoyo_control_array[i].max_value) { 969 value = tomoyo_control_array[i].max_value; 970 } 971 profile->value[i] = value; 972 return 0; 973 } 974 return -EINVAL; 975} 976 977/** 978 * tomoyo_read_profile - Read from profile table. 979 * 980 * @head: Pointer to "struct tomoyo_io_buffer". 981 * 982 * Returns 0. 983 */ 984static int tomoyo_read_profile(struct tomoyo_io_buffer *head) 985{ 986 static const int total = TOMOYO_MAX_CONTROL_INDEX + 1; 987 int step; 988 989 if (head->read_eof) 990 return 0; 991 for (step = head->read_step; step < TOMOYO_MAX_PROFILES * total; 992 step++) { 993 const u8 index = step / total; 994 u8 type = step % total; 995 const struct tomoyo_profile *profile 996 = tomoyo_profile_ptr[index]; 997 head->read_step = step; 998 if (!profile) 999 continue; 1000 if (!type) { /* Print profile' comment tag. */ 1001 if (!tomoyo_io_printf(head, "%u-COMMENT=%s\n", 1002 index, profile->comment ? 1003 profile->comment->name : "")) 1004 break; 1005 continue; 1006 } 1007 type--; 1008 if (type < TOMOYO_MAX_CONTROL_INDEX) { 1009 const unsigned int value = profile->value[type]; 1010 const char **modes = NULL; 1011 const char *keyword 1012 = tomoyo_control_array[type].keyword; 1013 switch (tomoyo_control_array[type].max_value) { 1014 case 3: 1015 modes = tomoyo_mode_4; 1016 break; 1017 case 1: 1018 modes = tomoyo_mode_2; 1019 break; 1020 } 1021 if (modes) { 1022 if (!tomoyo_io_printf(head, "%u-%s=%s\n", index, 1023 keyword, modes[value])) 1024 break; 1025 } else { 1026 if (!tomoyo_io_printf(head, "%u-%s=%u\n", index, 1027 keyword, value)) 1028 break; 1029 } 1030 } 1031 } 1032 if (step == TOMOYO_MAX_PROFILES * total) 1033 head->read_eof = true; 1034 return 0; 1035} 1036 1037/* 1038 * tomoyo_policy_manager_list is used for holding list of domainnames or 1039 * programs which are permitted to modify configuration via 1040 * /sys/kernel/security/tomoyo/ interface. 1041 * 1042 * An entry is added by 1043 * 1044 * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \ 1045 * /sys/kernel/security/tomoyo/manager 1046 * (if you want to specify by a domainname) 1047 * 1048 * or 1049 * 1050 * # echo '/usr/lib/ccs/editpolicy' > /sys/kernel/security/tomoyo/manager 1051 * (if you want to specify by a program's location) 1052 * 1053 * and is deleted by 1054 * 1055 * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \ 1056 * /sys/kernel/security/tomoyo/manager 1057 * 1058 * or 1059 * 1060 * # echo 'delete /usr/lib/ccs/editpolicy' > \ 1061 * /sys/kernel/security/tomoyo/manager 1062 * 1063 * and all entries are retrieved by 1064 * 1065 * # cat /sys/kernel/security/tomoyo/manager 1066 */ 1067LIST_HEAD(tomoyo_policy_manager_list); 1068 1069/** 1070 * tomoyo_update_manager_entry - Add a manager entry. 1071 * 1072 * @manager: The path to manager or the domainnamme. 1073 * @is_delete: True if it is a delete request. 1074 * 1075 * Returns 0 on success, negative value otherwise. 1076 * 1077 * Caller holds tomoyo_read_lock(). 1078 */ 1079static int tomoyo_update_manager_entry(const char *manager, 1080 const bool is_delete) 1081{ 1082 struct tomoyo_policy_manager_entry *entry = NULL; 1083 struct tomoyo_policy_manager_entry *ptr; 1084 const struct tomoyo_path_info *saved_manager; 1085 int error = is_delete ? -ENOENT : -ENOMEM; 1086 bool is_domain = false; 1087 1088 if (tomoyo_is_domain_def(manager)) { 1089 if (!tomoyo_is_correct_domain(manager, __func__)) 1090 return -EINVAL; 1091 is_domain = true; 1092 } else { 1093 if (!tomoyo_is_correct_path(manager, 1, -1, -1, __func__)) 1094 return -EINVAL; 1095 } 1096 saved_manager = tomoyo_get_name(manager); 1097 if (!saved_manager) 1098 return -ENOMEM; 1099 if (!is_delete) 1100 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 1101 mutex_lock(&tomoyo_policy_lock); 1102 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { 1103 if (ptr->manager != saved_manager) 1104 continue; 1105 ptr->is_deleted = is_delete; 1106 error = 0; 1107 break; 1108 } 1109 if (!is_delete && error && tomoyo_memory_ok(entry)) { 1110 entry->manager = saved_manager; 1111 saved_manager = NULL; 1112 entry->is_domain = is_domain; 1113 list_add_tail_rcu(&entry->list, &tomoyo_policy_manager_list); 1114 entry = NULL; 1115 error = 0; 1116 } 1117 mutex_unlock(&tomoyo_policy_lock); 1118 tomoyo_put_name(saved_manager); 1119 kfree(entry); 1120 return error; 1121} 1122 1123/** 1124 * tomoyo_write_manager_policy - Write manager policy. 1125 * 1126 * @head: Pointer to "struct tomoyo_io_buffer". 1127 * 1128 * Returns 0 on success, negative value otherwise. 1129 * 1130 * Caller holds tomoyo_read_lock(). 1131 */ 1132static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) 1133{ 1134 char *data = head->write_buf; 1135 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1136 1137 if (!strcmp(data, "manage_by_non_root")) { 1138 tomoyo_manage_by_non_root = !is_delete; 1139 return 0; 1140 } 1141 return tomoyo_update_manager_entry(data, is_delete); 1142} 1143 1144/** 1145 * tomoyo_read_manager_policy - Read manager policy. 1146 * 1147 * @head: Pointer to "struct tomoyo_io_buffer". 1148 * 1149 * Returns 0. 1150 * 1151 * Caller holds tomoyo_read_lock(). 1152 */ 1153static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) 1154{ 1155 struct list_head *pos; 1156 bool done = true; 1157 1158 if (head->read_eof) 1159 return 0; 1160 list_for_each_cookie(pos, head->read_var2, 1161 &tomoyo_policy_manager_list) { 1162 struct tomoyo_policy_manager_entry *ptr; 1163 ptr = list_entry(pos, struct tomoyo_policy_manager_entry, 1164 list); 1165 if (ptr->is_deleted) 1166 continue; 1167 done = tomoyo_io_printf(head, "%s\n", ptr->manager->name); 1168 if (!done) 1169 break; 1170 } 1171 head->read_eof = done; 1172 return 0; 1173} 1174 1175/** 1176 * tomoyo_is_policy_manager - Check whether the current process is a policy manager. 1177 * 1178 * Returns true if the current process is permitted to modify policy 1179 * via /sys/kernel/security/tomoyo/ interface. 1180 * 1181 * Caller holds tomoyo_read_lock(). 1182 */ 1183static bool tomoyo_is_policy_manager(void) 1184{ 1185 struct tomoyo_policy_manager_entry *ptr; 1186 const char *exe; 1187 const struct task_struct *task = current; 1188 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 1189 bool found = false; 1190 1191 if (!tomoyo_policy_loaded) 1192 return true; 1193 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 1194 return false; 1195 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { 1196 if (!ptr->is_deleted && ptr->is_domain 1197 && !tomoyo_pathcmp(domainname, ptr->manager)) { 1198 found = true; 1199 break; 1200 } 1201 } 1202 if (found) 1203 return true; 1204 exe = tomoyo_get_exe(); 1205 if (!exe) 1206 return false; 1207 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { 1208 if (!ptr->is_deleted && !ptr->is_domain 1209 && !strcmp(exe, ptr->manager->name)) { 1210 found = true; 1211 break; 1212 } 1213 } 1214 if (!found) { /* Reduce error messages. */ 1215 static pid_t last_pid; 1216 const pid_t pid = current->pid; 1217 if (last_pid != pid) { 1218 printk(KERN_WARNING "%s ( %s ) is not permitted to " 1219 "update policies.\n", domainname->name, exe); 1220 last_pid = pid; 1221 } 1222 } 1223 kfree(exe); 1224 return found; 1225} 1226 1227/** 1228 * tomoyo_is_select_one - Parse select command. 1229 * 1230 * @head: Pointer to "struct tomoyo_io_buffer". 1231 * @data: String to parse. 1232 * 1233 * Returns true on success, false otherwise. 1234 * 1235 * Caller holds tomoyo_read_lock(). 1236 */ 1237static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head, 1238 const char *data) 1239{ 1240 unsigned int pid; 1241 struct tomoyo_domain_info *domain = NULL; 1242 1243 if (sscanf(data, "pid=%u", &pid) == 1) { 1244 struct task_struct *p; 1245 read_lock(&tasklist_lock); 1246 p = find_task_by_vpid(pid); 1247 if (p) 1248 domain = tomoyo_real_domain(p); 1249 read_unlock(&tasklist_lock); 1250 } else if (!strncmp(data, "domain=", 7)) { 1251 if (tomoyo_is_domain_def(data + 7)) 1252 domain = tomoyo_find_domain(data + 7); 1253 } else 1254 return false; 1255 head->write_var1 = domain; 1256 /* Accessing read_buf is safe because head->io_sem is held. */ 1257 if (!head->read_buf) 1258 return true; /* Do nothing if open(O_WRONLY). */ 1259 head->read_avail = 0; 1260 tomoyo_io_printf(head, "# select %s\n", data); 1261 head->read_single_domain = true; 1262 head->read_eof = !domain; 1263 if (domain) { 1264 struct tomoyo_domain_info *d; 1265 head->read_var1 = NULL; 1266 list_for_each_entry_rcu(d, &tomoyo_domain_list, list) { 1267 if (d == domain) 1268 break; 1269 head->read_var1 = &d->list; 1270 } 1271 head->read_var2 = NULL; 1272 head->read_bit = 0; 1273 head->read_step = 0; 1274 if (domain->is_deleted) 1275 tomoyo_io_printf(head, "# This is a deleted domain.\n"); 1276 } 1277 return true; 1278} 1279 1280/** 1281 * tomoyo_delete_domain - Delete a domain. 1282 * 1283 * @domainname: The name of domain. 1284 * 1285 * Returns 0. 1286 * 1287 * Caller holds tomoyo_read_lock(). 1288 */ 1289static int tomoyo_delete_domain(char *domainname) 1290{ 1291 struct tomoyo_domain_info *domain; 1292 struct tomoyo_path_info name; 1293 1294 name.name = domainname; 1295 tomoyo_fill_path_info(&name); 1296 mutex_lock(&tomoyo_policy_lock); 1297 /* Is there an active domain? */ 1298 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1299 /* Never delete tomoyo_kernel_domain */ 1300 if (domain == &tomoyo_kernel_domain) 1301 continue; 1302 if (domain->is_deleted || 1303 tomoyo_pathcmp(domain->domainname, &name)) 1304 continue; 1305 domain->is_deleted = true; 1306 break; 1307 } 1308 mutex_unlock(&tomoyo_policy_lock); 1309 return 0; 1310} 1311 1312/** 1313 * tomoyo_write_domain_policy - Write domain policy. 1314 * 1315 * @head: Pointer to "struct tomoyo_io_buffer". 1316 * 1317 * Returns 0 on success, negative value otherwise. 1318 * 1319 * Caller holds tomoyo_read_lock(). 1320 */ 1321static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) 1322{ 1323 char *data = head->write_buf; 1324 struct tomoyo_domain_info *domain = head->write_var1; 1325 bool is_delete = false; 1326 bool is_select = false; 1327 unsigned int profile; 1328 1329 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE)) 1330 is_delete = true; 1331 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT)) 1332 is_select = true; 1333 if (is_select && tomoyo_is_select_one(head, data)) 1334 return 0; 1335 /* Don't allow updating policies by non manager programs. */ 1336 if (!tomoyo_is_policy_manager()) 1337 return -EPERM; 1338 if (tomoyo_is_domain_def(data)) { 1339 domain = NULL; 1340 if (is_delete) 1341 tomoyo_delete_domain(data); 1342 else if (is_select) 1343 domain = tomoyo_find_domain(data); 1344 else 1345 domain = tomoyo_find_or_assign_new_domain(data, 0); 1346 head->write_var1 = domain; 1347 return 0; 1348 } 1349 if (!domain) 1350 return -EINVAL; 1351 1352 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1 1353 && profile < TOMOYO_MAX_PROFILES) { 1354 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) 1355 domain->profile = (u8) profile; 1356 return 0; 1357 } 1358 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) { 1359 domain->ignore_global_allow_read = !is_delete; 1360 return 0; 1361 } 1362 return tomoyo_write_file_policy(data, domain, is_delete); 1363} 1364 1365/** 1366 * tomoyo_print_path_acl - Print a single path ACL entry. 1367 * 1368 * @head: Pointer to "struct tomoyo_io_buffer". 1369 * @ptr: Pointer to "struct tomoyo_path_acl". 1370 * 1371 * Returns true on success, false otherwise. 1372 */ 1373static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head, 1374 struct tomoyo_path_acl *ptr) 1375{ 1376 int pos; 1377 u8 bit; 1378 const char *atmark = ""; 1379 const char *filename; 1380 const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16); 1381 1382 filename = ptr->filename->name; 1383 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { 1384 const char *msg; 1385 if (!(perm & (1 << bit))) 1386 continue; 1387 /* Print "read/write" instead of "read" and "write". */ 1388 if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE) 1389 && (perm & (1 << TOMOYO_TYPE_READ_WRITE))) 1390 continue; 1391 msg = tomoyo_path2keyword(bit); 1392 pos = head->read_avail; 1393 if (!tomoyo_io_printf(head, "allow_%s %s%s\n", msg, 1394 atmark, filename)) 1395 goto out; 1396 } 1397 head->read_bit = 0; 1398 return true; 1399 out: 1400 head->read_bit = bit; 1401 head->read_avail = pos; 1402 return false; 1403} 1404 1405/** 1406 * tomoyo_print_path2_acl - Print a double path ACL entry. 1407 * 1408 * @head: Pointer to "struct tomoyo_io_buffer". 1409 * @ptr: Pointer to "struct tomoyo_path2_acl". 1410 * 1411 * Returns true on success, false otherwise. 1412 */ 1413static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer *head, 1414 struct tomoyo_path2_acl *ptr) 1415{ 1416 int pos; 1417 const char *atmark1 = ""; 1418 const char *atmark2 = ""; 1419 const char *filename1; 1420 const char *filename2; 1421 const u8 perm = ptr->perm; 1422 u8 bit; 1423 1424 filename1 = ptr->filename1->name; 1425 filename2 = ptr->filename2->name; 1426 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) { 1427 const char *msg; 1428 if (!(perm & (1 << bit))) 1429 continue; 1430 msg = tomoyo_path22keyword(bit); 1431 pos = head->read_avail; 1432 if (!tomoyo_io_printf(head, "allow_%s %s%s %s%s\n", msg, 1433 atmark1, filename1, atmark2, filename2)) 1434 goto out; 1435 } 1436 head->read_bit = 0; 1437 return true; 1438 out: 1439 head->read_bit = bit; 1440 head->read_avail = pos; 1441 return false; 1442} 1443 1444/** 1445 * tomoyo_print_entry - Print an ACL entry. 1446 * 1447 * @head: Pointer to "struct tomoyo_io_buffer". 1448 * @ptr: Pointer to an ACL entry. 1449 * 1450 * Returns true on success, false otherwise. 1451 */ 1452static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, 1453 struct tomoyo_acl_info *ptr) 1454{ 1455 const u8 acl_type = ptr->type; 1456 1457 if (acl_type == TOMOYO_TYPE_PATH_ACL) { 1458 struct tomoyo_path_acl *acl 1459 = container_of(ptr, struct tomoyo_path_acl, head); 1460 return tomoyo_print_path_acl(head, acl); 1461 } 1462 if (acl_type == TOMOYO_TYPE_PATH2_ACL) { 1463 struct tomoyo_path2_acl *acl 1464 = container_of(ptr, struct tomoyo_path2_acl, head); 1465 return tomoyo_print_path2_acl(head, acl); 1466 } 1467 BUG(); /* This must not happen. */ 1468 return false; 1469} 1470 1471/** 1472 * tomoyo_read_domain_policy - Read domain policy. 1473 * 1474 * @head: Pointer to "struct tomoyo_io_buffer". 1475 * 1476 * Returns 0. 1477 * 1478 * Caller holds tomoyo_read_lock(). 1479 */ 1480static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head) 1481{ 1482 struct list_head *dpos; 1483 struct list_head *apos; 1484 bool done = true; 1485 1486 if (head->read_eof) 1487 return 0; 1488 if (head->read_step == 0) 1489 head->read_step = 1; 1490 list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) { 1491 struct tomoyo_domain_info *domain; 1492 const char *quota_exceeded = ""; 1493 const char *transition_failed = ""; 1494 const char *ignore_global_allow_read = ""; 1495 domain = list_entry(dpos, struct tomoyo_domain_info, list); 1496 if (head->read_step != 1) 1497 goto acl_loop; 1498 if (domain->is_deleted && !head->read_single_domain) 1499 continue; 1500 /* Print domainname and flags. */ 1501 if (domain->quota_warned) 1502 quota_exceeded = "quota_exceeded\n"; 1503 if (domain->transition_failed) 1504 transition_failed = "transition_failed\n"; 1505 if (domain->ignore_global_allow_read) 1506 ignore_global_allow_read 1507 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n"; 1508 done = tomoyo_io_printf(head, "%s\n" TOMOYO_KEYWORD_USE_PROFILE 1509 "%u\n%s%s%s\n", 1510 domain->domainname->name, 1511 domain->profile, quota_exceeded, 1512 transition_failed, 1513 ignore_global_allow_read); 1514 if (!done) 1515 break; 1516 head->read_step = 2; 1517acl_loop: 1518 if (head->read_step == 3) 1519 goto tail_mark; 1520 /* Print ACL entries in the domain. */ 1521 list_for_each_cookie(apos, head->read_var2, 1522 &domain->acl_info_list) { 1523 struct tomoyo_acl_info *ptr 1524 = list_entry(apos, struct tomoyo_acl_info, 1525 list); 1526 done = tomoyo_print_entry(head, ptr); 1527 if (!done) 1528 break; 1529 } 1530 if (!done) 1531 break; 1532 head->read_step = 3; 1533tail_mark: 1534 done = tomoyo_io_printf(head, "\n"); 1535 if (!done) 1536 break; 1537 head->read_step = 1; 1538 if (head->read_single_domain) 1539 break; 1540 } 1541 head->read_eof = done; 1542 return 0; 1543} 1544 1545/** 1546 * tomoyo_write_domain_profile - Assign profile for specified domain. 1547 * 1548 * @head: Pointer to "struct tomoyo_io_buffer". 1549 * 1550 * Returns 0 on success, -EINVAL otherwise. 1551 * 1552 * This is equivalent to doing 1553 * 1554 * ( echo "select " $domainname; echo "use_profile " $profile ) | 1555 * /usr/lib/ccs/loadpolicy -d 1556 * 1557 * Caller holds tomoyo_read_lock(). 1558 */ 1559static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) 1560{ 1561 char *data = head->write_buf; 1562 char *cp = strchr(data, ' '); 1563 struct tomoyo_domain_info *domain; 1564 unsigned long profile; 1565 1566 if (!cp) 1567 return -EINVAL; 1568 *cp = '\0'; 1569 domain = tomoyo_find_domain(cp + 1); 1570 if (strict_strtoul(data, 10, &profile)) 1571 return -EINVAL; 1572 if (domain && profile < TOMOYO_MAX_PROFILES 1573 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)) 1574 domain->profile = (u8) profile; 1575 return 0; 1576} 1577 1578/** 1579 * tomoyo_read_domain_profile - Read only domainname and profile. 1580 * 1581 * @head: Pointer to "struct tomoyo_io_buffer". 1582 * 1583 * Returns list of profile number and domainname pairs. 1584 * 1585 * This is equivalent to doing 1586 * 1587 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy | 1588 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" ) 1589 * domainname = $0; } else if ( $1 == "use_profile" ) { 1590 * print $2 " " domainname; domainname = ""; } } ; ' 1591 * 1592 * Caller holds tomoyo_read_lock(). 1593 */ 1594static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head) 1595{ 1596 struct list_head *pos; 1597 bool done = true; 1598 1599 if (head->read_eof) 1600 return 0; 1601 list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) { 1602 struct tomoyo_domain_info *domain; 1603 domain = list_entry(pos, struct tomoyo_domain_info, list); 1604 if (domain->is_deleted) 1605 continue; 1606 done = tomoyo_io_printf(head, "%u %s\n", domain->profile, 1607 domain->domainname->name); 1608 if (!done) 1609 break; 1610 } 1611 head->read_eof = done; 1612 return 0; 1613} 1614 1615/** 1616 * tomoyo_write_pid: Specify PID to obtain domainname. 1617 * 1618 * @head: Pointer to "struct tomoyo_io_buffer". 1619 * 1620 * Returns 0. 1621 */ 1622static int tomoyo_write_pid(struct tomoyo_io_buffer *head) 1623{ 1624 unsigned long pid; 1625 /* No error check. */ 1626 strict_strtoul(head->write_buf, 10, &pid); 1627 head->read_step = (int) pid; 1628 head->read_eof = false; 1629 return 0; 1630} 1631 1632/** 1633 * tomoyo_read_pid - Get domainname of the specified PID. 1634 * 1635 * @head: Pointer to "struct tomoyo_io_buffer". 1636 * 1637 * Returns the domainname which the specified PID is in on success, 1638 * empty string otherwise. 1639 * The PID is specified by tomoyo_write_pid() so that the user can obtain 1640 * using read()/write() interface rather than sysctl() interface. 1641 */ 1642static int tomoyo_read_pid(struct tomoyo_io_buffer *head) 1643{ 1644 if (head->read_avail == 0 && !head->read_eof) { 1645 const int pid = head->read_step; 1646 struct task_struct *p; 1647 struct tomoyo_domain_info *domain = NULL; 1648 read_lock(&tasklist_lock); 1649 p = find_task_by_vpid(pid); 1650 if (p) 1651 domain = tomoyo_real_domain(p); 1652 read_unlock(&tasklist_lock); 1653 if (domain) 1654 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile, 1655 domain->domainname->name); 1656 head->read_eof = true; 1657 } 1658 return 0; 1659} 1660 1661/** 1662 * tomoyo_write_exception_policy - Write exception policy. 1663 * 1664 * @head: Pointer to "struct tomoyo_io_buffer". 1665 * 1666 * Returns 0 on success, negative value otherwise. 1667 * 1668 * Caller holds tomoyo_read_lock(). 1669 */ 1670static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head) 1671{ 1672 char *data = head->write_buf; 1673 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1674 1675 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_KEEP_DOMAIN)) 1676 return tomoyo_write_domain_keeper_policy(data, false, 1677 is_delete); 1678 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_KEEP_DOMAIN)) 1679 return tomoyo_write_domain_keeper_policy(data, true, is_delete); 1680 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_INITIALIZE_DOMAIN)) 1681 return tomoyo_write_domain_initializer_policy(data, false, 1682 is_delete); 1683 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN)) 1684 return tomoyo_write_domain_initializer_policy(data, true, 1685 is_delete); 1686 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS)) 1687 return tomoyo_write_alias_policy(data, is_delete); 1688 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ)) 1689 return tomoyo_write_globally_readable_policy(data, is_delete); 1690 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN)) 1691 return tomoyo_write_pattern_policy(data, is_delete); 1692 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE)) 1693 return tomoyo_write_no_rewrite_policy(data, is_delete); 1694 return -EINVAL; 1695} 1696 1697/** 1698 * tomoyo_read_exception_policy - Read exception policy. 1699 * 1700 * @head: Pointer to "struct tomoyo_io_buffer". 1701 * 1702 * Returns 0 on success, -EINVAL otherwise. 1703 * 1704 * Caller holds tomoyo_read_lock(). 1705 */ 1706static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head) 1707{ 1708 if (!head->read_eof) { 1709 switch (head->read_step) { 1710 case 0: 1711 head->read_var2 = NULL; 1712 head->read_step = 1; 1713 case 1: 1714 if (!tomoyo_read_domain_keeper_policy(head)) 1715 break; 1716 head->read_var2 = NULL; 1717 head->read_step = 2; 1718 case 2: 1719 if (!tomoyo_read_globally_readable_policy(head)) 1720 break; 1721 head->read_var2 = NULL; 1722 head->read_step = 3; 1723 case 3: 1724 head->read_var2 = NULL; 1725 head->read_step = 4; 1726 case 4: 1727 if (!tomoyo_read_domain_initializer_policy(head)) 1728 break; 1729 head->read_var2 = NULL; 1730 head->read_step = 5; 1731 case 5: 1732 if (!tomoyo_read_alias_policy(head)) 1733 break; 1734 head->read_var2 = NULL; 1735 head->read_step = 6; 1736 case 6: 1737 head->read_var2 = NULL; 1738 head->read_step = 7; 1739 case 7: 1740 if (!tomoyo_read_file_pattern(head)) 1741 break; 1742 head->read_var2 = NULL; 1743 head->read_step = 8; 1744 case 8: 1745 if (!tomoyo_read_no_rewrite_policy(head)) 1746 break; 1747 head->read_var2 = NULL; 1748 head->read_step = 9; 1749 case 9: 1750 head->read_eof = true; 1751 break; 1752 default: 1753 return -EINVAL; 1754 } 1755 } 1756 return 0; 1757} 1758 1759/* path to policy loader */ 1760static const char *tomoyo_loader = "/sbin/tomoyo-init"; 1761 1762/** 1763 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists. 1764 * 1765 * Returns true if /sbin/tomoyo-init exists, false otherwise. 1766 */ 1767static bool tomoyo_policy_loader_exists(void) 1768{ 1769 /* 1770 * Don't activate MAC if the policy loader doesn't exist. 1771 * If the initrd includes /sbin/init but real-root-dev has not 1772 * mounted on / yet, activating MAC will block the system since 1773 * policies are not loaded yet. 1774 * Thus, let do_execve() call this function everytime. 1775 */ 1776 struct path path; 1777 1778 if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) { 1779 printk(KERN_INFO "Not activating Mandatory Access Control now " 1780 "since %s doesn't exist.\n", tomoyo_loader); 1781 return false; 1782 } 1783 path_put(&path); 1784 return true; 1785} 1786 1787/** 1788 * tomoyo_load_policy - Run external policy loader to load policy. 1789 * 1790 * @filename: The program about to start. 1791 * 1792 * This function checks whether @filename is /sbin/init , and if so 1793 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init 1794 * and then continues invocation of /sbin/init. 1795 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and 1796 * writes to /sys/kernel/security/tomoyo/ interfaces. 1797 * 1798 * Returns nothing. 1799 */ 1800void tomoyo_load_policy(const char *filename) 1801{ 1802 char *argv[2]; 1803 char *envp[3]; 1804 1805 if (tomoyo_policy_loaded) 1806 return; 1807 /* 1808 * Check filename is /sbin/init or /sbin/tomoyo-start. 1809 * /sbin/tomoyo-start is a dummy filename in case where /sbin/init can't 1810 * be passed. 1811 * You can create /sbin/tomoyo-start by 1812 * "ln -s /bin/true /sbin/tomoyo-start". 1813 */ 1814 if (strcmp(filename, "/sbin/init") && 1815 strcmp(filename, "/sbin/tomoyo-start")) 1816 return; 1817 if (!tomoyo_policy_loader_exists()) 1818 return; 1819 1820 printk(KERN_INFO "Calling %s to load policy. Please wait.\n", 1821 tomoyo_loader); 1822 argv[0] = (char *) tomoyo_loader; 1823 argv[1] = NULL; 1824 envp[0] = "HOME=/"; 1825 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; 1826 envp[2] = NULL; 1827 call_usermodehelper(argv[0], argv, envp, 1); 1828 1829 printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n"); 1830 printk(KERN_INFO "Mandatory Access Control activated.\n"); 1831 tomoyo_policy_loaded = true; 1832 { /* Check all profiles currently assigned to domains are defined. */ 1833 struct tomoyo_domain_info *domain; 1834 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1835 const u8 profile = domain->profile; 1836 if (tomoyo_profile_ptr[profile]) 1837 continue; 1838 panic("Profile %u (used by '%s') not defined.\n", 1839 profile, domain->domainname->name); 1840 } 1841 } 1842} 1843 1844/** 1845 * tomoyo_read_version: Get version. 1846 * 1847 * @head: Pointer to "struct tomoyo_io_buffer". 1848 * 1849 * Returns version information. 1850 */ 1851static int tomoyo_read_version(struct tomoyo_io_buffer *head) 1852{ 1853 if (!head->read_eof) { 1854 tomoyo_io_printf(head, "2.2.0"); 1855 head->read_eof = true; 1856 } 1857 return 0; 1858} 1859 1860/** 1861 * tomoyo_read_self_domain - Get the current process's domainname. 1862 * 1863 * @head: Pointer to "struct tomoyo_io_buffer". 1864 * 1865 * Returns the current process's domainname. 1866 */ 1867static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head) 1868{ 1869 if (!head->read_eof) { 1870 /* 1871 * tomoyo_domain()->domainname != NULL 1872 * because every process belongs to a domain and 1873 * the domain's name cannot be NULL. 1874 */ 1875 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name); 1876 head->read_eof = true; 1877 } 1878 return 0; 1879} 1880 1881/** 1882 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface. 1883 * 1884 * @type: Type of interface. 1885 * @file: Pointer to "struct file". 1886 * 1887 * Associates policy handler and returns 0 on success, -ENOMEM otherwise. 1888 * 1889 * Caller acquires tomoyo_read_lock(). 1890 */ 1891static int tomoyo_open_control(const u8 type, struct file *file) 1892{ 1893 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_KERNEL); 1894 1895 if (!head) 1896 return -ENOMEM; 1897 mutex_init(&head->io_sem); 1898 switch (type) { 1899 case TOMOYO_DOMAINPOLICY: 1900 /* /sys/kernel/security/tomoyo/domain_policy */ 1901 head->write = tomoyo_write_domain_policy; 1902 head->read = tomoyo_read_domain_policy; 1903 break; 1904 case TOMOYO_EXCEPTIONPOLICY: 1905 /* /sys/kernel/security/tomoyo/exception_policy */ 1906 head->write = tomoyo_write_exception_policy; 1907 head->read = tomoyo_read_exception_policy; 1908 break; 1909 case TOMOYO_SELFDOMAIN: 1910 /* /sys/kernel/security/tomoyo/self_domain */ 1911 head->read = tomoyo_read_self_domain; 1912 break; 1913 case TOMOYO_DOMAIN_STATUS: 1914 /* /sys/kernel/security/tomoyo/.domain_status */ 1915 head->write = tomoyo_write_domain_profile; 1916 head->read = tomoyo_read_domain_profile; 1917 break; 1918 case TOMOYO_PROCESS_STATUS: 1919 /* /sys/kernel/security/tomoyo/.process_status */ 1920 head->write = tomoyo_write_pid; 1921 head->read = tomoyo_read_pid; 1922 break; 1923 case TOMOYO_VERSION: 1924 /* /sys/kernel/security/tomoyo/version */ 1925 head->read = tomoyo_read_version; 1926 head->readbuf_size = 128; 1927 break; 1928 case TOMOYO_MEMINFO: 1929 /* /sys/kernel/security/tomoyo/meminfo */ 1930 head->write = tomoyo_write_memory_quota; 1931 head->read = tomoyo_read_memory_counter; 1932 head->readbuf_size = 512; 1933 break; 1934 case TOMOYO_PROFILE: 1935 /* /sys/kernel/security/tomoyo/profile */ 1936 head->write = tomoyo_write_profile; 1937 head->read = tomoyo_read_profile; 1938 break; 1939 case TOMOYO_MANAGER: 1940 /* /sys/kernel/security/tomoyo/manager */ 1941 head->write = tomoyo_write_manager_policy; 1942 head->read = tomoyo_read_manager_policy; 1943 break; 1944 } 1945 if (!(file->f_mode & FMODE_READ)) { 1946 /* 1947 * No need to allocate read_buf since it is not opened 1948 * for reading. 1949 */ 1950 head->read = NULL; 1951 } else { 1952 if (!head->readbuf_size) 1953 head->readbuf_size = 4096 * 2; 1954 head->read_buf = kzalloc(head->readbuf_size, GFP_KERNEL); 1955 if (!head->read_buf) { 1956 kfree(head); 1957 return -ENOMEM; 1958 } 1959 } 1960 if (!(file->f_mode & FMODE_WRITE)) { 1961 /* 1962 * No need to allocate write_buf since it is not opened 1963 * for writing. 1964 */ 1965 head->write = NULL; 1966 } else if (head->write) { 1967 head->writebuf_size = 4096 * 2; 1968 head->write_buf = kzalloc(head->writebuf_size, GFP_KERNEL); 1969 if (!head->write_buf) { 1970 kfree(head->read_buf); 1971 kfree(head); 1972 return -ENOMEM; 1973 } 1974 } 1975 head->reader_idx = tomoyo_read_lock(); 1976 file->private_data = head; 1977 /* 1978 * Call the handler now if the file is 1979 * /sys/kernel/security/tomoyo/self_domain 1980 * so that the user can use 1981 * cat < /sys/kernel/security/tomoyo/self_domain" 1982 * to know the current process's domainname. 1983 */ 1984 if (type == TOMOYO_SELFDOMAIN) 1985 tomoyo_read_control(file, NULL, 0); 1986 return 0; 1987} 1988 1989/** 1990 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 1991 * 1992 * @file: Pointer to "struct file". 1993 * @buffer: Poiner to buffer to write to. 1994 * @buffer_len: Size of @buffer. 1995 * 1996 * Returns bytes read on success, negative value otherwise. 1997 * 1998 * Caller holds tomoyo_read_lock(). 1999 */ 2000static int tomoyo_read_control(struct file *file, char __user *buffer, 2001 const int buffer_len) 2002{ 2003 int len = 0; 2004 struct tomoyo_io_buffer *head = file->private_data; 2005 char *cp; 2006 2007 if (!head->read) 2008 return -ENOSYS; 2009 if (mutex_lock_interruptible(&head->io_sem)) 2010 return -EINTR; 2011 /* Call the policy handler. */ 2012 len = head->read(head); 2013 if (len < 0) 2014 goto out; 2015 /* Write to buffer. */ 2016 len = head->read_avail; 2017 if (len > buffer_len) 2018 len = buffer_len; 2019 if (!len) 2020 goto out; 2021 /* head->read_buf changes by some functions. */ 2022 cp = head->read_buf; 2023 if (copy_to_user(buffer, cp, len)) { 2024 len = -EFAULT; 2025 goto out; 2026 } 2027 head->read_avail -= len; 2028 memmove(cp, cp + len, head->read_avail); 2029 out: 2030 mutex_unlock(&head->io_sem); 2031 return len; 2032} 2033 2034/** 2035 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. 2036 * 2037 * @file: Pointer to "struct file". 2038 * @buffer: Pointer to buffer to read from. 2039 * @buffer_len: Size of @buffer. 2040 * 2041 * Returns @buffer_len on success, negative value otherwise. 2042 * 2043 * Caller holds tomoyo_read_lock(). 2044 */ 2045static int tomoyo_write_control(struct file *file, const char __user *buffer, 2046 const int buffer_len) 2047{ 2048 struct tomoyo_io_buffer *head = file->private_data; 2049 int error = buffer_len; 2050 int avail_len = buffer_len; 2051 char *cp0 = head->write_buf; 2052 2053 if (!head->write) 2054 return -ENOSYS; 2055 if (!access_ok(VERIFY_READ, buffer, buffer_len)) 2056 return -EFAULT; 2057 /* Don't allow updating policies by non manager programs. */ 2058 if (head->write != tomoyo_write_pid && 2059 head->write != tomoyo_write_domain_policy && 2060 !tomoyo_is_policy_manager()) 2061 return -EPERM; 2062 if (mutex_lock_interruptible(&head->io_sem)) 2063 return -EINTR; 2064 /* Read a line and dispatch it to the policy handler. */ 2065 while (avail_len > 0) { 2066 char c; 2067 if (head->write_avail >= head->writebuf_size - 1) { 2068 error = -ENOMEM; 2069 break; 2070 } else if (get_user(c, buffer)) { 2071 error = -EFAULT; 2072 break; 2073 } 2074 buffer++; 2075 avail_len--; 2076 cp0[head->write_avail++] = c; 2077 if (c != '\n') 2078 continue; 2079 cp0[head->write_avail - 1] = '\0'; 2080 head->write_avail = 0; 2081 tomoyo_normalize_line(cp0); 2082 head->write(head); 2083 } 2084 mutex_unlock(&head->io_sem); 2085 return error; 2086} 2087 2088/** 2089 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface. 2090 * 2091 * @file: Pointer to "struct file". 2092 * 2093 * Releases memory and returns 0. 2094 * 2095 * Caller looses tomoyo_read_lock(). 2096 */ 2097static int tomoyo_close_control(struct file *file) 2098{ 2099 struct tomoyo_io_buffer *head = file->private_data; 2100 const bool is_write = !!head->write_buf; 2101 2102 tomoyo_read_unlock(head->reader_idx); 2103 /* Release memory used for policy I/O. */ 2104 kfree(head->read_buf); 2105 head->read_buf = NULL; 2106 kfree(head->write_buf); 2107 head->write_buf = NULL; 2108 kfree(head); 2109 head = NULL; 2110 file->private_data = NULL; 2111 if (is_write) 2112 tomoyo_run_gc(); 2113 return 0; 2114} 2115 2116/** 2117 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. 2118 * 2119 * @inode: Pointer to "struct inode". 2120 * @file: Pointer to "struct file". 2121 * 2122 * Returns 0 on success, negative value otherwise. 2123 */ 2124static int tomoyo_open(struct inode *inode, struct file *file) 2125{ 2126 const int key = ((u8 *) file->f_path.dentry->d_inode->i_private) 2127 - ((u8 *) NULL); 2128 return tomoyo_open_control(key, file); 2129} 2130 2131/** 2132 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. 2133 * 2134 * @inode: Pointer to "struct inode". 2135 * @file: Pointer to "struct file". 2136 * 2137 * Returns 0 on success, negative value otherwise. 2138 */ 2139static int tomoyo_release(struct inode *inode, struct file *file) 2140{ 2141 return tomoyo_close_control(file); 2142} 2143 2144/** 2145 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. 2146 * 2147 * @file: Pointer to "struct file". 2148 * @buf: Pointer to buffer. 2149 * @count: Size of @buf. 2150 * @ppos: Unused. 2151 * 2152 * Returns bytes read on success, negative value otherwise. 2153 */ 2154static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, 2155 loff_t *ppos) 2156{ 2157 return tomoyo_read_control(file, buf, count); 2158} 2159 2160/** 2161 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. 2162 * 2163 * @file: Pointer to "struct file". 2164 * @buf: Pointer to buffer. 2165 * @count: Size of @buf. 2166 * @ppos: Unused. 2167 * 2168 * Returns @count on success, negative value otherwise. 2169 */ 2170static ssize_t tomoyo_write(struct file *file, const char __user *buf, 2171 size_t count, loff_t *ppos) 2172{ 2173 return tomoyo_write_control(file, buf, count); 2174} 2175 2176/* 2177 * tomoyo_operations is a "struct file_operations" which is used for handling 2178 * /sys/kernel/security/tomoyo/ interface. 2179 * 2180 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR). 2181 * See tomoyo_io_buffer for internals. 2182 */ 2183static const struct file_operations tomoyo_operations = { 2184 .open = tomoyo_open, 2185 .release = tomoyo_release, 2186 .read = tomoyo_read, 2187 .write = tomoyo_write, 2188}; 2189 2190/** 2191 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory. 2192 * 2193 * @name: The name of the interface file. 2194 * @mode: The permission of the interface file. 2195 * @parent: The parent directory. 2196 * @key: Type of interface. 2197 * 2198 * Returns nothing. 2199 */ 2200static void __init tomoyo_create_entry(const char *name, const mode_t mode, 2201 struct dentry *parent, const u8 key) 2202{ 2203 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, 2204 &tomoyo_operations); 2205} 2206 2207/** 2208 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. 2209 * 2210 * Returns 0. 2211 */ 2212static int __init tomoyo_initerface_init(void) 2213{ 2214 struct dentry *tomoyo_dir; 2215 2216 /* Don't create securityfs entries unless registered. */ 2217 if (current_cred()->security != &tomoyo_kernel_domain) 2218 return 0; 2219 2220 tomoyo_dir = securityfs_create_dir("tomoyo", NULL); 2221 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir, 2222 TOMOYO_DOMAINPOLICY); 2223 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir, 2224 TOMOYO_EXCEPTIONPOLICY); 2225 tomoyo_create_entry("self_domain", 0400, tomoyo_dir, 2226 TOMOYO_SELFDOMAIN); 2227 tomoyo_create_entry(".domain_status", 0600, tomoyo_dir, 2228 TOMOYO_DOMAIN_STATUS); 2229 tomoyo_create_entry(".process_status", 0600, tomoyo_dir, 2230 TOMOYO_PROCESS_STATUS); 2231 tomoyo_create_entry("meminfo", 0600, tomoyo_dir, 2232 TOMOYO_MEMINFO); 2233 tomoyo_create_entry("profile", 0600, tomoyo_dir, 2234 TOMOYO_PROFILE); 2235 tomoyo_create_entry("manager", 0600, tomoyo_dir, 2236 TOMOYO_MANAGER); 2237 tomoyo_create_entry("version", 0400, tomoyo_dir, 2238 TOMOYO_VERSION); 2239 return 0; 2240} 2241 2242fs_initcall(tomoyo_initerface_init); 2243