common.h revision 084da356f6e55ce42f1d2739178502023908c107
1/* 2 * security/tomoyo/common.h 3 * 4 * Header file for TOMOYO. 5 * 6 * Copyright (C) 2005-2010 NTT DATA CORPORATION 7 */ 8 9#ifndef _SECURITY_TOMOYO_COMMON_H 10#define _SECURITY_TOMOYO_COMMON_H 11 12#include <linux/ctype.h> 13#include <linux/string.h> 14#include <linux/mm.h> 15#include <linux/file.h> 16#include <linux/kmod.h> 17#include <linux/fs.h> 18#include <linux/sched.h> 19#include <linux/namei.h> 20#include <linux/mount.h> 21#include <linux/list.h> 22#include <linux/cred.h> 23struct linux_binprm; 24 25/********** Constants definitions. **********/ 26 27/* 28 * TOMOYO uses this hash only when appending a string into the string 29 * table. Frequency of appending strings is very low. So we don't need 30 * large (e.g. 64k) hash size. 256 will be sufficient. 31 */ 32#define TOMOYO_HASH_BITS 8 33#define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS) 34 35/* 36 * This is the max length of a token. 37 * 38 * A token consists of only ASCII printable characters. 39 * Non printable characters in a token is represented in \ooo style 40 * octal string. Thus, \ itself is represented as \\. 41 */ 42#define TOMOYO_MAX_PATHNAME_LEN 4000 43 44/* Profile number is an integer between 0 and 255. */ 45#define TOMOYO_MAX_PROFILES 256 46 47/* Keywords for ACLs. */ 48#define TOMOYO_KEYWORD_ALIAS "alias " 49#define TOMOYO_KEYWORD_ALLOW_READ "allow_read " 50#define TOMOYO_KEYWORD_DELETE "delete " 51#define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite " 52#define TOMOYO_KEYWORD_FILE_PATTERN "file_pattern " 53#define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain " 54#define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain " 55#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain " 56#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain " 57#define TOMOYO_KEYWORD_SELECT "select " 58#define TOMOYO_KEYWORD_USE_PROFILE "use_profile " 59#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read" 60/* A domain definition starts with <kernel>. */ 61#define TOMOYO_ROOT_NAME "<kernel>" 62#define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1) 63 64/* Index numbers for Access Controls. */ 65enum tomoyo_mac_index { 66 TOMOYO_MAC_FOR_FILE, /* domain_policy.conf */ 67 TOMOYO_MAX_ACCEPT_ENTRY, 68 TOMOYO_VERBOSE, 69 TOMOYO_MAX_CONTROL_INDEX 70}; 71 72/* Index numbers for Access Controls. */ 73enum tomoyo_acl_entry_type_index { 74 TOMOYO_TYPE_SINGLE_PATH_ACL, 75 TOMOYO_TYPE_DOUBLE_PATH_ACL, 76}; 77 78/* Index numbers for File Controls. */ 79 80/* 81 * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set 82 * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and 83 * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set. 84 * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or 85 * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are 86 * automatically cleared if TYPE_READ_WRITE_ACL is cleared. 87 */ 88 89enum tomoyo_path_acl_index { 90 TOMOYO_TYPE_READ_WRITE_ACL, 91 TOMOYO_TYPE_EXECUTE_ACL, 92 TOMOYO_TYPE_READ_ACL, 93 TOMOYO_TYPE_WRITE_ACL, 94 TOMOYO_TYPE_CREATE_ACL, 95 TOMOYO_TYPE_UNLINK_ACL, 96 TOMOYO_TYPE_MKDIR_ACL, 97 TOMOYO_TYPE_RMDIR_ACL, 98 TOMOYO_TYPE_MKFIFO_ACL, 99 TOMOYO_TYPE_MKSOCK_ACL, 100 TOMOYO_TYPE_MKBLOCK_ACL, 101 TOMOYO_TYPE_MKCHAR_ACL, 102 TOMOYO_TYPE_TRUNCATE_ACL, 103 TOMOYO_TYPE_SYMLINK_ACL, 104 TOMOYO_TYPE_REWRITE_ACL, 105 TOMOYO_TYPE_IOCTL_ACL, 106 TOMOYO_TYPE_CHMOD_ACL, 107 TOMOYO_TYPE_CHOWN_ACL, 108 TOMOYO_TYPE_CHGRP_ACL, 109 TOMOYO_TYPE_CHROOT_ACL, 110 TOMOYO_TYPE_MOUNT_ACL, 111 TOMOYO_TYPE_UMOUNT_ACL, 112 TOMOYO_MAX_SINGLE_PATH_OPERATION 113}; 114 115enum tomoyo_path2_acl_index { 116 TOMOYO_TYPE_LINK_ACL, 117 TOMOYO_TYPE_RENAME_ACL, 118 TOMOYO_TYPE_PIVOT_ROOT_ACL, 119 TOMOYO_MAX_DOUBLE_PATH_OPERATION 120}; 121 122enum tomoyo_securityfs_interface_index { 123 TOMOYO_DOMAINPOLICY, 124 TOMOYO_EXCEPTIONPOLICY, 125 TOMOYO_DOMAIN_STATUS, 126 TOMOYO_PROCESS_STATUS, 127 TOMOYO_MEMINFO, 128 TOMOYO_SELFDOMAIN, 129 TOMOYO_VERSION, 130 TOMOYO_PROFILE, 131 TOMOYO_MANAGER 132}; 133 134/********** Structure definitions. **********/ 135 136/* 137 * tomoyo_page_buffer is a structure which is used for holding a pathname 138 * obtained from "struct dentry" and "struct vfsmount" pair. 139 * As of now, it is 4096 bytes. If users complain that 4096 bytes is too small 140 * (because TOMOYO escapes non ASCII printable characters using \ooo format), 141 * we will make the buffer larger. 142 */ 143struct tomoyo_page_buffer { 144 char buffer[4096]; 145}; 146 147/* 148 * tomoyo_path_info is a structure which is used for holding a string data 149 * used by TOMOYO. 150 * This structure has several fields for supporting pattern matching. 151 * 152 * (1) "name" is the '\0' terminated string data. 153 * (2) "hash" is full_name_hash(name, strlen(name)). 154 * This allows tomoyo_pathcmp() to compare by hash before actually compare 155 * using strcmp(). 156 * (3) "const_len" is the length of the initial segment of "name" which 157 * consists entirely of non wildcard characters. In other words, the length 158 * which we can compare two strings using strncmp(). 159 * (4) "is_dir" is a bool which is true if "name" ends with "/", 160 * false otherwise. 161 * TOMOYO distinguishes directory and non-directory. A directory ends with 162 * "/" and non-directory does not end with "/". 163 * (5) "is_patterned" is a bool which is true if "name" contains wildcard 164 * characters, false otherwise. This allows TOMOYO to use "hash" and 165 * strcmp() for string comparison if "is_patterned" is false. 166 */ 167struct tomoyo_path_info { 168 const char *name; 169 u32 hash; /* = full_name_hash(name, strlen(name)) */ 170 u16 const_len; /* = tomoyo_const_part_length(name) */ 171 bool is_dir; /* = tomoyo_strendswith(name, "/") */ 172 bool is_patterned; /* = tomoyo_path_contains_pattern(name) */ 173}; 174 175/* 176 * tomoyo_name_entry is a structure which is used for linking 177 * "struct tomoyo_path_info" into tomoyo_name_list . 178 */ 179struct tomoyo_name_entry { 180 struct list_head list; 181 atomic_t users; 182 struct tomoyo_path_info entry; 183}; 184 185/* 186 * tomoyo_path_info_with_data is a structure which is used for holding a 187 * pathname obtained from "struct dentry" and "struct vfsmount" pair. 188 * 189 * "struct tomoyo_path_info_with_data" consists of "struct tomoyo_path_info" 190 * and buffer for the pathname, while "struct tomoyo_page_buffer" consists of 191 * buffer for the pathname only. 192 * 193 * "struct tomoyo_path_info_with_data" is intended to allow TOMOYO to release 194 * both "struct tomoyo_path_info" and buffer for the pathname by single kfree() 195 * so that we don't need to return two pointers to the caller. If the caller 196 * puts "struct tomoyo_path_info" on stack memory, we will be able to remove 197 * "struct tomoyo_path_info_with_data". 198 */ 199struct tomoyo_path_info_with_data { 200 /* Keep "head" first, for this pointer is passed to kfree(). */ 201 struct tomoyo_path_info head; 202 char barrier1[16]; /* Safeguard for overrun. */ 203 char body[TOMOYO_MAX_PATHNAME_LEN]; 204 char barrier2[16]; /* Safeguard for overrun. */ 205}; 206 207/* 208 * tomoyo_acl_info is a structure which is used for holding 209 * 210 * (1) "list" which is linked to the ->acl_info_list of 211 * "struct tomoyo_domain_info" 212 * (2) "type" which tells type of the entry (either 213 * "struct tomoyo_single_path_acl_record" or 214 * "struct tomoyo_double_path_acl_record"). 215 * 216 * Packing "struct tomoyo_acl_info" allows 217 * "struct tomoyo_single_path_acl_record" to embed "u8" + "u16" and 218 * "struct tomoyo_double_path_acl_record" to embed "u8" 219 * without enlarging their structure size. 220 */ 221struct tomoyo_acl_info { 222 struct list_head list; 223 u8 type; 224} __packed; 225 226/* 227 * tomoyo_domain_info is a structure which is used for holding permissions 228 * (e.g. "allow_read /lib/libc-2.5.so") given to each domain. 229 * It has following fields. 230 * 231 * (1) "list" which is linked to tomoyo_domain_list . 232 * (2) "acl_info_list" which is linked to "struct tomoyo_acl_info". 233 * (3) "domainname" which holds the name of the domain. 234 * (4) "profile" which remembers profile number assigned to this domain. 235 * (5) "is_deleted" is a bool which is true if this domain is marked as 236 * "deleted", false otherwise. 237 * (6) "quota_warned" is a bool which is used for suppressing warning message 238 * when learning mode learned too much entries. 239 * (7) "ignore_global_allow_read" is a bool which is true if this domain 240 * should ignore "allow_read" directive in exception policy. 241 * (8) "transition_failed" is a bool which is set to true when this domain was 242 * unable to create a new domain at tomoyo_find_next_domain() because the 243 * name of the domain to be created was too long or it could not allocate 244 * memory. If set to true, more than one process continued execve() 245 * without domain transition. 246 * (9) "users" is an atomic_t that holds how many "struct cred"->security 247 * are referring this "struct tomoyo_domain_info". If is_deleted == true 248 * and users == 0, this struct will be kfree()d upon next garbage 249 * collection. 250 * 251 * A domain's lifecycle is an analogy of files on / directory. 252 * Multiple domains with the same domainname cannot be created (as with 253 * creating files with the same filename fails with -EEXIST). 254 * If a process reached a domain, that process can reside in that domain after 255 * that domain is marked as "deleted" (as with a process can access an already 256 * open()ed file after that file was unlink()ed). 257 */ 258struct tomoyo_domain_info { 259 struct list_head list; 260 struct list_head acl_info_list; 261 /* Name of this domain. Never NULL. */ 262 const struct tomoyo_path_info *domainname; 263 u8 profile; /* Profile number to use. */ 264 bool is_deleted; /* Delete flag. */ 265 bool quota_warned; /* Quota warnning flag. */ 266 bool ignore_global_allow_read; /* Ignore "allow_read" flag. */ 267 bool transition_failed; /* Domain transition failed flag. */ 268 atomic_t users; /* Number of referring credentials. */ 269}; 270 271/* 272 * tomoyo_single_path_acl_record is a structure which is used for holding an 273 * entry with one pathname operation (e.g. open(), mkdir()). 274 * It has following fields. 275 * 276 * (1) "head" which is a "struct tomoyo_acl_info". 277 * (2) "perm" which is a bitmask of permitted operations. 278 * (3) "filename" is the pathname. 279 * 280 * Directives held by this structure are "allow_read/write", "allow_execute", 281 * "allow_read", "allow_write", "allow_create", "allow_unlink", "allow_mkdir", 282 * "allow_rmdir", "allow_mkfifo", "allow_mksock", "allow_mkblock", 283 * "allow_mkchar", "allow_truncate", "allow_symlink", "allow_rewrite", 284 * "allow_chmod", "allow_chown", "allow_chgrp", "allow_chroot", "allow_mount" 285 * and "allow_unmount". 286 */ 287struct tomoyo_single_path_acl_record { 288 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_SINGLE_PATH_ACL */ 289 u8 perm_high; 290 u16 perm; 291 /* Pointer to single pathname. */ 292 const struct tomoyo_path_info *filename; 293}; 294 295/* 296 * tomoyo_double_path_acl_record is a structure which is used for holding an 297 * entry with two pathnames operation (i.e. link(), rename() and pivot_root()). 298 * It has following fields. 299 * 300 * (1) "head" which is a "struct tomoyo_acl_info". 301 * (2) "perm" which is a bitmask of permitted operations. 302 * (3) "filename1" is the source/old pathname. 303 * (4) "filename2" is the destination/new pathname. 304 * 305 * Directives held by this structure are "allow_rename", "allow_link" and 306 * "allow_pivot_root". 307 */ 308struct tomoyo_double_path_acl_record { 309 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_DOUBLE_PATH_ACL */ 310 u8 perm; 311 /* Pointer to single pathname. */ 312 const struct tomoyo_path_info *filename1; 313 /* Pointer to single pathname. */ 314 const struct tomoyo_path_info *filename2; 315}; 316 317/* 318 * tomoyo_io_buffer is a structure which is used for reading and modifying 319 * configuration via /sys/kernel/security/tomoyo/ interface. 320 * It has many fields. ->read_var1 , ->read_var2 , ->write_var1 are used as 321 * cursors. 322 * 323 * Since the content of /sys/kernel/security/tomoyo/domain_policy is a list of 324 * "struct tomoyo_domain_info" entries and each "struct tomoyo_domain_info" 325 * entry has a list of "struct tomoyo_acl_info", we need two cursors when 326 * reading (one is for traversing tomoyo_domain_list and the other is for 327 * traversing "struct tomoyo_acl_info"->acl_info_list ). 328 * 329 * If a line written to /sys/kernel/security/tomoyo/domain_policy starts with 330 * "select ", TOMOYO seeks the cursor ->read_var1 and ->write_var1 to the 331 * domain with the domainname specified by the rest of that line (NULL is set 332 * if seek failed). 333 * If a line written to /sys/kernel/security/tomoyo/domain_policy starts with 334 * "delete ", TOMOYO deletes an entry or a domain specified by the rest of that 335 * line (->write_var1 is set to NULL if a domain was deleted). 336 * If a line written to /sys/kernel/security/tomoyo/domain_policy starts with 337 * neither "select " nor "delete ", an entry or a domain specified by that line 338 * is appended. 339 */ 340struct tomoyo_io_buffer { 341 int (*read) (struct tomoyo_io_buffer *); 342 int (*write) (struct tomoyo_io_buffer *); 343 /* Exclusive lock for this structure. */ 344 struct mutex io_sem; 345 /* Index returned by tomoyo_read_lock(). */ 346 int reader_idx; 347 /* The position currently reading from. */ 348 struct list_head *read_var1; 349 /* Extra variables for reading. */ 350 struct list_head *read_var2; 351 /* The position currently writing to. */ 352 struct tomoyo_domain_info *write_var1; 353 /* The step for reading. */ 354 int read_step; 355 /* Buffer for reading. */ 356 char *read_buf; 357 /* EOF flag for reading. */ 358 bool read_eof; 359 /* Read domain ACL of specified PID? */ 360 bool read_single_domain; 361 /* Extra variable for reading. */ 362 u8 read_bit; 363 /* Bytes available for reading. */ 364 int read_avail; 365 /* Size of read buffer. */ 366 int readbuf_size; 367 /* Buffer for writing. */ 368 char *write_buf; 369 /* Bytes available for writing. */ 370 int write_avail; 371 /* Size of write buffer. */ 372 int writebuf_size; 373}; 374 375/* 376 * tomoyo_globally_readable_file_entry is a structure which is used for holding 377 * "allow_read" entries. 378 * It has following fields. 379 * 380 * (1) "list" which is linked to tomoyo_globally_readable_list . 381 * (2) "filename" is a pathname which is allowed to open(O_RDONLY). 382 * (3) "is_deleted" is a bool which is true if marked as deleted, false 383 * otherwise. 384 */ 385struct tomoyo_globally_readable_file_entry { 386 struct list_head list; 387 const struct tomoyo_path_info *filename; 388 bool is_deleted; 389}; 390 391/* 392 * tomoyo_pattern_entry is a structure which is used for holding 393 * "tomoyo_pattern_list" entries. 394 * It has following fields. 395 * 396 * (1) "list" which is linked to tomoyo_pattern_list . 397 * (2) "pattern" is a pathname pattern which is used for converting pathnames 398 * to pathname patterns during learning mode. 399 * (3) "is_deleted" is a bool which is true if marked as deleted, false 400 * otherwise. 401 */ 402struct tomoyo_pattern_entry { 403 struct list_head list; 404 const struct tomoyo_path_info *pattern; 405 bool is_deleted; 406}; 407 408/* 409 * tomoyo_no_rewrite_entry is a structure which is used for holding 410 * "deny_rewrite" entries. 411 * It has following fields. 412 * 413 * (1) "list" which is linked to tomoyo_no_rewrite_list . 414 * (2) "pattern" is a pathname which is by default not permitted to modify 415 * already existing content. 416 * (3) "is_deleted" is a bool which is true if marked as deleted, false 417 * otherwise. 418 */ 419struct tomoyo_no_rewrite_entry { 420 struct list_head list; 421 const struct tomoyo_path_info *pattern; 422 bool is_deleted; 423}; 424 425/* 426 * tomoyo_domain_initializer_entry is a structure which is used for holding 427 * "initialize_domain" and "no_initialize_domain" entries. 428 * It has following fields. 429 * 430 * (1) "list" which is linked to tomoyo_domain_initializer_list . 431 * (2) "domainname" which is "a domainname" or "the last component of a 432 * domainname". This field is NULL if "from" clause is not specified. 433 * (3) "program" which is a program's pathname. 434 * (4) "is_deleted" is a bool which is true if marked as deleted, false 435 * otherwise. 436 * (5) "is_not" is a bool which is true if "no_initialize_domain", false 437 * otherwise. 438 * (6) "is_last_name" is a bool which is true if "domainname" is "the last 439 * component of a domainname", false otherwise. 440 */ 441struct tomoyo_domain_initializer_entry { 442 struct list_head list; 443 const struct tomoyo_path_info *domainname; /* This may be NULL */ 444 const struct tomoyo_path_info *program; 445 bool is_deleted; 446 bool is_not; /* True if this entry is "no_initialize_domain". */ 447 /* True if the domainname is tomoyo_get_last_name(). */ 448 bool is_last_name; 449}; 450 451/* 452 * tomoyo_domain_keeper_entry is a structure which is used for holding 453 * "keep_domain" and "no_keep_domain" entries. 454 * It has following fields. 455 * 456 * (1) "list" which is linked to tomoyo_domain_keeper_list . 457 * (2) "domainname" which is "a domainname" or "the last component of a 458 * domainname". 459 * (3) "program" which is a program's pathname. 460 * This field is NULL if "from" clause is not specified. 461 * (4) "is_deleted" is a bool which is true if marked as deleted, false 462 * otherwise. 463 * (5) "is_not" is a bool which is true if "no_initialize_domain", false 464 * otherwise. 465 * (6) "is_last_name" is a bool which is true if "domainname" is "the last 466 * component of a domainname", false otherwise. 467 */ 468struct tomoyo_domain_keeper_entry { 469 struct list_head list; 470 const struct tomoyo_path_info *domainname; 471 const struct tomoyo_path_info *program; /* This may be NULL */ 472 bool is_deleted; 473 bool is_not; /* True if this entry is "no_keep_domain". */ 474 /* True if the domainname is tomoyo_get_last_name(). */ 475 bool is_last_name; 476}; 477 478/* 479 * tomoyo_alias_entry is a structure which is used for holding "alias" entries. 480 * It has following fields. 481 * 482 * (1) "list" which is linked to tomoyo_alias_list . 483 * (2) "original_name" which is a dereferenced pathname. 484 * (3) "aliased_name" which is a symlink's pathname. 485 * (4) "is_deleted" is a bool which is true if marked as deleted, false 486 * otherwise. 487 */ 488struct tomoyo_alias_entry { 489 struct list_head list; 490 const struct tomoyo_path_info *original_name; 491 const struct tomoyo_path_info *aliased_name; 492 bool is_deleted; 493}; 494 495/* 496 * tomoyo_policy_manager_entry is a structure which is used for holding list of 497 * domainnames or programs which are permitted to modify configuration via 498 * /sys/kernel/security/tomoyo/ interface. 499 * It has following fields. 500 * 501 * (1) "list" which is linked to tomoyo_policy_manager_list . 502 * (2) "manager" is a domainname or a program's pathname. 503 * (3) "is_domain" is a bool which is true if "manager" is a domainname, false 504 * otherwise. 505 * (4) "is_deleted" is a bool which is true if marked as deleted, false 506 * otherwise. 507 */ 508struct tomoyo_policy_manager_entry { 509 struct list_head list; 510 /* A path to program or a domainname. */ 511 const struct tomoyo_path_info *manager; 512 bool is_domain; /* True if manager is a domainname. */ 513 bool is_deleted; /* True if this entry is deleted. */ 514}; 515 516/********** Function prototypes. **********/ 517 518/* Check whether the domain has too many ACL entries to hold. */ 519bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain); 520/* Transactional sprintf() for policy dump. */ 521bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 522 __attribute__ ((format(printf, 2, 3))); 523/* Check whether the domainname is correct. */ 524bool tomoyo_is_correct_domain(const unsigned char *domainname, 525 const char *function); 526/* Check whether the token is correct. */ 527bool tomoyo_is_correct_path(const char *filename, const s8 start_type, 528 const s8 pattern_type, const s8 end_type, 529 const char *function); 530/* Check whether the token can be a domainname. */ 531bool tomoyo_is_domain_def(const unsigned char *buffer); 532/* Check whether the given filename matches the given pattern. */ 533bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, 534 const struct tomoyo_path_info *pattern); 535/* Read "alias" entry in exception policy. */ 536bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head); 537/* 538 * Read "initialize_domain" and "no_initialize_domain" entry 539 * in exception policy. 540 */ 541bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head); 542/* Read "keep_domain" and "no_keep_domain" entry in exception policy. */ 543bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head); 544/* Read "file_pattern" entry in exception policy. */ 545bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head); 546/* Read "allow_read" entry in exception policy. */ 547bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head); 548/* Read "deny_rewrite" entry in exception policy. */ 549bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head); 550/* Write domain policy violation warning message to console? */ 551bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); 552/* Convert double path operation to operation name. */ 553const char *tomoyo_dp2keyword(const u8 operation); 554/* Get the last component of the given domainname. */ 555const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain); 556/* Get warning message. */ 557const char *tomoyo_get_msg(const bool is_enforce); 558/* Convert single path operation to operation name. */ 559const char *tomoyo_sp2keyword(const u8 operation); 560/* Create "alias" entry in exception policy. */ 561int tomoyo_write_alias_policy(char *data, const bool is_delete); 562/* 563 * Create "initialize_domain" and "no_initialize_domain" entry 564 * in exception policy. 565 */ 566int tomoyo_write_domain_initializer_policy(char *data, const bool is_not, 567 const bool is_delete); 568/* Create "keep_domain" and "no_keep_domain" entry in exception policy. */ 569int tomoyo_write_domain_keeper_policy(char *data, const bool is_not, 570 const bool is_delete); 571/* 572 * Create "allow_read/write", "allow_execute", "allow_read", "allow_write", 573 * "allow_create", "allow_unlink", "allow_mkdir", "allow_rmdir", 574 * "allow_mkfifo", "allow_mksock", "allow_mkblock", "allow_mkchar", 575 * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_rename" and 576 * "allow_link" entry in domain policy. 577 */ 578int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain, 579 const bool is_delete); 580/* Create "allow_read" entry in exception policy. */ 581int tomoyo_write_globally_readable_policy(char *data, const bool is_delete); 582/* Create "deny_rewrite" entry in exception policy. */ 583int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete); 584/* Create "file_pattern" entry in exception policy. */ 585int tomoyo_write_pattern_policy(char *data, const bool is_delete); 586/* Find a domain by the given name. */ 587struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); 588/* Find or create a domain by the given name. */ 589struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * 590 domainname, 591 const u8 profile); 592/* Check mode for specified functionality. */ 593unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, 594 const u8 index); 595/* Fill in "struct tomoyo_path_info" members. */ 596void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); 597/* Run policy loader when /sbin/init starts. */ 598void tomoyo_load_policy(const char *filename); 599 600/* Convert binary string to ascii string. */ 601int tomoyo_encode(char *buffer, int buflen, const char *str); 602 603/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */ 604int tomoyo_realpath_from_path2(struct path *path, char *newname, 605 int newname_len); 606 607/* 608 * Returns realpath(3) of the given pathname but ignores chroot'ed root. 609 * These functions use kzalloc(), so the caller must call kfree() 610 * if these functions didn't return NULL. 611 */ 612char *tomoyo_realpath(const char *pathname); 613/* 614 * Same with tomoyo_realpath() except that it doesn't follow the final symlink. 615 */ 616char *tomoyo_realpath_nofollow(const char *pathname); 617/* Same with tomoyo_realpath() except that the pathname is already solved. */ 618char *tomoyo_realpath_from_path(struct path *path); 619 620/* Check memory quota. */ 621bool tomoyo_memory_ok(void *ptr); 622 623/* 624 * Keep the given name on the RAM. 625 * The RAM is shared, so NEVER try to modify or kfree() the returned name. 626 */ 627const struct tomoyo_path_info *tomoyo_get_name(const char *name); 628 629/* Check for memory usage. */ 630int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head); 631 632/* Set memory quota. */ 633int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head); 634 635/* Initialize realpath related code. */ 636void __init tomoyo_realpath_init(void); 637int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, 638 const struct tomoyo_path_info *filename); 639int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, 640 struct path *path, const int flag); 641int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, 642 const u8 operation, struct path *path); 643int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain, 644 const u8 operation, struct path *path1, 645 struct path *path2); 646int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, 647 struct file *filp); 648int tomoyo_find_next_domain(struct linux_binprm *bprm); 649 650/* Run garbage collector. */ 651void tomoyo_run_gc(void); 652 653void tomoyo_memory_free(void *ptr); 654 655/********** External variable definitions. **********/ 656 657/* Lock for GC. */ 658extern struct srcu_struct tomoyo_ss; 659 660/* The list for "struct tomoyo_domain_info". */ 661extern struct list_head tomoyo_domain_list; 662 663extern struct list_head tomoyo_domain_initializer_list; 664extern struct list_head tomoyo_domain_keeper_list; 665extern struct list_head tomoyo_alias_list; 666extern struct list_head tomoyo_globally_readable_list; 667extern struct list_head tomoyo_pattern_list; 668extern struct list_head tomoyo_no_rewrite_list; 669extern struct list_head tomoyo_policy_manager_list; 670extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; 671extern struct mutex tomoyo_name_list_lock; 672 673/* Lock for protecting policy. */ 674extern struct mutex tomoyo_policy_lock; 675 676/* Has /sbin/init started? */ 677extern bool tomoyo_policy_loaded; 678 679/* The kernel's domain. */ 680extern struct tomoyo_domain_info tomoyo_kernel_domain; 681 682/********** Inlined functions. **********/ 683 684static inline int tomoyo_read_lock(void) 685{ 686 return srcu_read_lock(&tomoyo_ss); 687} 688 689static inline void tomoyo_read_unlock(int idx) 690{ 691 srcu_read_unlock(&tomoyo_ss, idx); 692} 693 694/* strcmp() for "struct tomoyo_path_info" structure. */ 695static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, 696 const struct tomoyo_path_info *b) 697{ 698 return a->hash != b->hash || strcmp(a->name, b->name); 699} 700 701/** 702 * tomoyo_is_valid - Check whether the character is a valid char. 703 * 704 * @c: The character to check. 705 * 706 * Returns true if @c is a valid character, false otherwise. 707 */ 708static inline bool tomoyo_is_valid(const unsigned char c) 709{ 710 return c > ' ' && c < 127; 711} 712 713/** 714 * tomoyo_is_invalid - Check whether the character is an invalid char. 715 * 716 * @c: The character to check. 717 * 718 * Returns true if @c is an invalid character, false otherwise. 719 */ 720static inline bool tomoyo_is_invalid(const unsigned char c) 721{ 722 return c && (c <= ' ' || c >= 127); 723} 724 725static inline void tomoyo_put_name(const struct tomoyo_path_info *name) 726{ 727 if (name) { 728 struct tomoyo_name_entry *ptr = 729 container_of(name, struct tomoyo_name_entry, entry); 730 atomic_dec(&ptr->users); 731 } 732} 733 734static inline struct tomoyo_domain_info *tomoyo_domain(void) 735{ 736 return current_cred()->security; 737} 738 739static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct 740 *task) 741{ 742 return task_cred_xxx(task, security); 743} 744 745/** 746 * list_for_each_cookie - iterate over a list with cookie. 747 * @pos: the &struct list_head to use as a loop cursor. 748 * @cookie: the &struct list_head to use as a cookie. 749 * @head: the head for your list. 750 * 751 * Same with list_for_each_rcu() except that this primitive uses @cookie 752 * so that we can continue iteration. 753 * @cookie must be NULL when iteration starts, and @cookie will become 754 * NULL when iteration finishes. 755 */ 756#define list_for_each_cookie(pos, cookie, head) \ 757 for (({ if (!cookie) \ 758 cookie = head; }), \ 759 pos = rcu_dereference((cookie)->next); \ 760 prefetch(pos->next), pos != (head) || ((cookie) = NULL); \ 761 (cookie) = pos, pos = rcu_dereference(pos->next)) 762 763#endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ 764