common.h revision 7c75964f432d14062d8eccfc916aa290f56b5aab
1/* 2 * security/tomoyo/common.h 3 * 4 * Header file for TOMOYO. 5 * 6 * Copyright (C) 2005-2010 NTT DATA CORPORATION 7 */ 8 9#ifndef _SECURITY_TOMOYO_COMMON_H 10#define _SECURITY_TOMOYO_COMMON_H 11 12#include <linux/ctype.h> 13#include <linux/string.h> 14#include <linux/mm.h> 15#include <linux/file.h> 16#include <linux/kmod.h> 17#include <linux/fs.h> 18#include <linux/sched.h> 19#include <linux/namei.h> 20#include <linux/mount.h> 21#include <linux/list.h> 22#include <linux/cred.h> 23#include <linux/poll.h> 24struct linux_binprm; 25 26/********** Constants definitions. **********/ 27 28/* 29 * TOMOYO uses this hash only when appending a string into the string 30 * table. Frequency of appending strings is very low. So we don't need 31 * large (e.g. 64k) hash size. 256 will be sufficient. 32 */ 33#define TOMOYO_HASH_BITS 8 34#define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS) 35 36#define TOMOYO_EXEC_TMPSIZE 4096 37 38/* Profile number is an integer between 0 and 255. */ 39#define TOMOYO_MAX_PROFILES 256 40 41enum tomoyo_mode_index { 42 TOMOYO_CONFIG_DISABLED, 43 TOMOYO_CONFIG_LEARNING, 44 TOMOYO_CONFIG_PERMISSIVE, 45 TOMOYO_CONFIG_ENFORCING, 46 TOMOYO_CONFIG_USE_DEFAULT = 255 47}; 48 49enum tomoyo_policy_id { 50 TOMOYO_ID_GROUP, 51 TOMOYO_ID_PATH_GROUP, 52 TOMOYO_ID_NUMBER_GROUP, 53 TOMOYO_ID_TRANSITION_CONTROL, 54 TOMOYO_ID_AGGREGATOR, 55 TOMOYO_ID_MANAGER, 56 TOMOYO_ID_NAME, 57 TOMOYO_ID_ACL, 58 TOMOYO_ID_DOMAIN, 59 TOMOYO_MAX_POLICY 60}; 61 62enum tomoyo_group_id { 63 TOMOYO_PATH_GROUP, 64 TOMOYO_NUMBER_GROUP, 65 TOMOYO_MAX_GROUP 66}; 67 68/* Keywords for ACLs. */ 69#define TOMOYO_KEYWORD_AGGREGATOR "aggregator " 70#define TOMOYO_KEYWORD_ALLOW_MOUNT "allow_mount " 71#define TOMOYO_KEYWORD_ALLOW_READ "allow_read " 72#define TOMOYO_KEYWORD_DELETE "delete " 73#define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain " 74#define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain " 75#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain " 76#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain " 77#define TOMOYO_KEYWORD_PATH_GROUP "path_group " 78#define TOMOYO_KEYWORD_NUMBER_GROUP "number_group " 79#define TOMOYO_KEYWORD_SELECT "select " 80#define TOMOYO_KEYWORD_USE_PROFILE "use_profile " 81#define TOMOYO_KEYWORD_QUOTA_EXCEEDED "quota_exceeded" 82#define TOMOYO_KEYWORD_TRANSITION_FAILED "transition_failed" 83/* A domain definition starts with <kernel>. */ 84#define TOMOYO_ROOT_NAME "<kernel>" 85#define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1) 86 87/* Value type definition. */ 88#define TOMOYO_VALUE_TYPE_INVALID 0 89#define TOMOYO_VALUE_TYPE_DECIMAL 1 90#define TOMOYO_VALUE_TYPE_OCTAL 2 91#define TOMOYO_VALUE_TYPE_HEXADECIMAL 3 92 93enum tomoyo_transition_type { 94 /* Do not change this order, */ 95 TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE, 96 TOMOYO_TRANSITION_CONTROL_INITIALIZE, 97 TOMOYO_TRANSITION_CONTROL_NO_KEEP, 98 TOMOYO_TRANSITION_CONTROL_KEEP, 99 TOMOYO_MAX_TRANSITION_TYPE 100}; 101 102/* Index numbers for Access Controls. */ 103enum tomoyo_acl_entry_type_index { 104 TOMOYO_TYPE_PATH_ACL, 105 TOMOYO_TYPE_PATH2_ACL, 106 TOMOYO_TYPE_PATH_NUMBER_ACL, 107 TOMOYO_TYPE_MKDEV_ACL, 108 TOMOYO_TYPE_MOUNT_ACL, 109}; 110 111/* Index numbers for File Controls. */ 112enum tomoyo_path_acl_index { 113 TOMOYO_TYPE_EXECUTE, 114 TOMOYO_TYPE_READ, 115 TOMOYO_TYPE_WRITE, 116 TOMOYO_TYPE_APPEND, 117 TOMOYO_TYPE_UNLINK, 118 TOMOYO_TYPE_GETATTR, 119 TOMOYO_TYPE_RMDIR, 120 TOMOYO_TYPE_TRUNCATE, 121 TOMOYO_TYPE_SYMLINK, 122 TOMOYO_TYPE_CHROOT, 123 TOMOYO_TYPE_UMOUNT, 124 TOMOYO_MAX_PATH_OPERATION 125}; 126 127enum tomoyo_mkdev_acl_index { 128 TOMOYO_TYPE_MKBLOCK, 129 TOMOYO_TYPE_MKCHAR, 130 TOMOYO_MAX_MKDEV_OPERATION 131}; 132 133enum tomoyo_path2_acl_index { 134 TOMOYO_TYPE_LINK, 135 TOMOYO_TYPE_RENAME, 136 TOMOYO_TYPE_PIVOT_ROOT, 137 TOMOYO_MAX_PATH2_OPERATION 138}; 139 140enum tomoyo_path_number_acl_index { 141 TOMOYO_TYPE_CREATE, 142 TOMOYO_TYPE_MKDIR, 143 TOMOYO_TYPE_MKFIFO, 144 TOMOYO_TYPE_MKSOCK, 145 TOMOYO_TYPE_IOCTL, 146 TOMOYO_TYPE_CHMOD, 147 TOMOYO_TYPE_CHOWN, 148 TOMOYO_TYPE_CHGRP, 149 TOMOYO_MAX_PATH_NUMBER_OPERATION 150}; 151 152enum tomoyo_securityfs_interface_index { 153 TOMOYO_DOMAINPOLICY, 154 TOMOYO_EXCEPTIONPOLICY, 155 TOMOYO_DOMAIN_STATUS, 156 TOMOYO_PROCESS_STATUS, 157 TOMOYO_MEMINFO, 158 TOMOYO_SELFDOMAIN, 159 TOMOYO_VERSION, 160 TOMOYO_PROFILE, 161 TOMOYO_QUERY, 162 TOMOYO_MANAGER 163}; 164 165enum tomoyo_mac_index { 166 TOMOYO_MAC_FILE_EXECUTE, 167 TOMOYO_MAC_FILE_OPEN, 168 TOMOYO_MAC_FILE_CREATE, 169 TOMOYO_MAC_FILE_UNLINK, 170 TOMOYO_MAC_FILE_GETATTR, 171 TOMOYO_MAC_FILE_MKDIR, 172 TOMOYO_MAC_FILE_RMDIR, 173 TOMOYO_MAC_FILE_MKFIFO, 174 TOMOYO_MAC_FILE_MKSOCK, 175 TOMOYO_MAC_FILE_TRUNCATE, 176 TOMOYO_MAC_FILE_SYMLINK, 177 TOMOYO_MAC_FILE_MKBLOCK, 178 TOMOYO_MAC_FILE_MKCHAR, 179 TOMOYO_MAC_FILE_LINK, 180 TOMOYO_MAC_FILE_RENAME, 181 TOMOYO_MAC_FILE_CHMOD, 182 TOMOYO_MAC_FILE_CHOWN, 183 TOMOYO_MAC_FILE_CHGRP, 184 TOMOYO_MAC_FILE_IOCTL, 185 TOMOYO_MAC_FILE_CHROOT, 186 TOMOYO_MAC_FILE_MOUNT, 187 TOMOYO_MAC_FILE_UMOUNT, 188 TOMOYO_MAC_FILE_PIVOT_ROOT, 189 TOMOYO_MAX_MAC_INDEX 190}; 191 192enum tomoyo_mac_category_index { 193 TOMOYO_MAC_CATEGORY_FILE, 194 TOMOYO_MAX_MAC_CATEGORY_INDEX 195}; 196 197#define TOMOYO_RETRY_REQUEST 1 /* Retry this request. */ 198 199/********** Structure definitions. **********/ 200 201/* 202 * tomoyo_acl_head is a structure which is used for holding elements not in 203 * domain policy. 204 * It has following fields. 205 * 206 * (1) "list" which is linked to tomoyo_policy_list[] . 207 * (2) "is_deleted" is a bool which is true if marked as deleted, false 208 * otherwise. 209 */ 210struct tomoyo_acl_head { 211 struct list_head list; 212 bool is_deleted; 213} __packed; 214 215/* 216 * tomoyo_request_info is a structure which is used for holding 217 * 218 * (1) Domain information of current process. 219 * (2) How many retries are made for this request. 220 * (3) Profile number used for this request. 221 * (4) Access control mode of the profile. 222 */ 223struct tomoyo_request_info { 224 struct tomoyo_domain_info *domain; 225 /* For holding parameters. */ 226 union { 227 struct { 228 const struct tomoyo_path_info *filename; 229 /* For using wildcards at tomoyo_find_next_domain(). */ 230 const struct tomoyo_path_info *matched_path; 231 u8 operation; 232 } path; 233 struct { 234 const struct tomoyo_path_info *filename1; 235 const struct tomoyo_path_info *filename2; 236 u8 operation; 237 } path2; 238 struct { 239 const struct tomoyo_path_info *filename; 240 unsigned int mode; 241 unsigned int major; 242 unsigned int minor; 243 u8 operation; 244 } mkdev; 245 struct { 246 const struct tomoyo_path_info *filename; 247 unsigned long number; 248 u8 operation; 249 } path_number; 250 struct { 251 const struct tomoyo_path_info *type; 252 const struct tomoyo_path_info *dir; 253 const struct tomoyo_path_info *dev; 254 unsigned long flags; 255 int need_dev; 256 } mount; 257 } param; 258 u8 param_type; 259 bool granted; 260 u8 retry; 261 u8 profile; 262 u8 mode; /* One of tomoyo_mode_index . */ 263 u8 type; 264}; 265 266/* 267 * tomoyo_path_info is a structure which is used for holding a string data 268 * used by TOMOYO. 269 * This structure has several fields for supporting pattern matching. 270 * 271 * (1) "name" is the '\0' terminated string data. 272 * (2) "hash" is full_name_hash(name, strlen(name)). 273 * This allows tomoyo_pathcmp() to compare by hash before actually compare 274 * using strcmp(). 275 * (3) "const_len" is the length of the initial segment of "name" which 276 * consists entirely of non wildcard characters. In other words, the length 277 * which we can compare two strings using strncmp(). 278 * (4) "is_dir" is a bool which is true if "name" ends with "/", 279 * false otherwise. 280 * TOMOYO distinguishes directory and non-directory. A directory ends with 281 * "/" and non-directory does not end with "/". 282 * (5) "is_patterned" is a bool which is true if "name" contains wildcard 283 * characters, false otherwise. This allows TOMOYO to use "hash" and 284 * strcmp() for string comparison if "is_patterned" is false. 285 */ 286struct tomoyo_path_info { 287 const char *name; 288 u32 hash; /* = full_name_hash(name, strlen(name)) */ 289 u16 const_len; /* = tomoyo_const_part_length(name) */ 290 bool is_dir; /* = tomoyo_strendswith(name, "/") */ 291 bool is_patterned; /* = tomoyo_path_contains_pattern(name) */ 292}; 293 294/* 295 * tomoyo_name is a structure which is used for linking 296 * "struct tomoyo_path_info" into tomoyo_name_list . 297 */ 298struct tomoyo_name { 299 struct list_head list; 300 atomic_t users; 301 struct tomoyo_path_info entry; 302}; 303 304struct tomoyo_name_union { 305 const struct tomoyo_path_info *filename; 306 struct tomoyo_group *group; 307 u8 is_group; 308}; 309 310struct tomoyo_number_union { 311 unsigned long values[2]; 312 struct tomoyo_group *group; 313 u8 min_type; 314 u8 max_type; 315 u8 is_group; 316}; 317 318/* Structure for "path_group"/"number_group" directive. */ 319struct tomoyo_group { 320 struct list_head list; 321 const struct tomoyo_path_info *group_name; 322 struct list_head member_list; 323 atomic_t users; 324}; 325 326/* Structure for "path_group" directive. */ 327struct tomoyo_path_group { 328 struct tomoyo_acl_head head; 329 const struct tomoyo_path_info *member_name; 330}; 331 332/* Structure for "number_group" directive. */ 333struct tomoyo_number_group { 334 struct tomoyo_acl_head head; 335 struct tomoyo_number_union number; 336}; 337 338/* 339 * tomoyo_acl_info is a structure which is used for holding 340 * 341 * (1) "list" which is linked to the ->acl_info_list of 342 * "struct tomoyo_domain_info" 343 * (2) "is_deleted" is a bool which is true if this domain is marked as 344 * "deleted", false otherwise. 345 * (3) "type" which tells type of the entry. 346 * 347 * Packing "struct tomoyo_acl_info" allows 348 * "struct tomoyo_path_acl" to embed "u16" and "struct tomoyo_path2_acl" 349 * "struct tomoyo_path_number_acl" "struct tomoyo_mkdev_acl" to embed 350 * "u8" without enlarging their structure size. 351 */ 352struct tomoyo_acl_info { 353 struct list_head list; 354 bool is_deleted; 355 u8 type; /* = one of values in "enum tomoyo_acl_entry_type_index". */ 356} __packed; 357 358/* 359 * tomoyo_domain_info is a structure which is used for holding permissions 360 * (e.g. "allow_read /lib/libc-2.5.so") given to each domain. 361 * It has following fields. 362 * 363 * (1) "list" which is linked to tomoyo_domain_list . 364 * (2) "acl_info_list" which is linked to "struct tomoyo_acl_info". 365 * (3) "domainname" which holds the name of the domain. 366 * (4) "profile" which remembers profile number assigned to this domain. 367 * (5) "is_deleted" is a bool which is true if this domain is marked as 368 * "deleted", false otherwise. 369 * (6) "quota_warned" is a bool which is used for suppressing warning message 370 * when learning mode learned too much entries. 371 * (7) "transition_failed" is a bool which is set to true when this domain was 372 * unable to create a new domain at tomoyo_find_next_domain() because the 373 * name of the domain to be created was too long or it could not allocate 374 * memory. If set to true, more than one process continued execve() 375 * without domain transition. 376 * (9) "users" is an atomic_t that holds how many "struct cred"->security 377 * are referring this "struct tomoyo_domain_info". If is_deleted == true 378 * and users == 0, this struct will be kfree()d upon next garbage 379 * collection. 380 * 381 * A domain's lifecycle is an analogy of files on / directory. 382 * Multiple domains with the same domainname cannot be created (as with 383 * creating files with the same filename fails with -EEXIST). 384 * If a process reached a domain, that process can reside in that domain after 385 * that domain is marked as "deleted" (as with a process can access an already 386 * open()ed file after that file was unlink()ed). 387 */ 388struct tomoyo_domain_info { 389 struct list_head list; 390 struct list_head acl_info_list; 391 /* Name of this domain. Never NULL. */ 392 const struct tomoyo_path_info *domainname; 393 u8 profile; /* Profile number to use. */ 394 bool is_deleted; /* Delete flag. */ 395 bool quota_warned; /* Quota warnning flag. */ 396 bool transition_failed; /* Domain transition failed flag. */ 397 atomic_t users; /* Number of referring credentials. */ 398}; 399 400/* 401 * tomoyo_path_acl is a structure which is used for holding an 402 * entry with one pathname operation (e.g. open(), mkdir()). 403 * It has following fields. 404 * 405 * (1) "head" which is a "struct tomoyo_acl_info". 406 * (2) "perm" which is a bitmask of permitted operations. 407 * (3) "name" is the pathname. 408 * 409 * Directives held by this structure are "allow_execute", "allow_read", 410 * "allow_write", "allow_append", "allow_unlink", "allow_rmdir", 411 * "allow_truncate", "allow_symlink", "allow_chroot" and "allow_unmount". 412 */ 413struct tomoyo_path_acl { 414 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */ 415 u16 perm; 416 struct tomoyo_name_union name; 417}; 418 419/* 420 * tomoyo_path_number_acl is a structure which is used for holding an 421 * entry with one pathname and one number operation. 422 * It has following fields. 423 * 424 * (1) "head" which is a "struct tomoyo_acl_info". 425 * (2) "perm" which is a bitmask of permitted operations. 426 * (3) "name" is the pathname. 427 * (4) "number" is the numeric value. 428 * 429 * Directives held by this structure are "allow_create", "allow_mkdir", 430 * "allow_ioctl", "allow_mkfifo", "allow_mksock", "allow_chmod", "allow_chown" 431 * and "allow_chgrp". 432 * 433 */ 434struct tomoyo_path_number_acl { 435 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER_ACL */ 436 u8 perm; 437 struct tomoyo_name_union name; 438 struct tomoyo_number_union number; 439}; 440 441/* 442 * tomoyo_mkdev_acl is a structure which is used for holding an 443 * entry with one pathname and three numbers operation. 444 * It has following fields. 445 * 446 * (1) "head" which is a "struct tomoyo_acl_info". 447 * (2) "perm" which is a bitmask of permitted operations. 448 * (3) "mode" is the create mode. 449 * (4) "major" is the major number of device node. 450 * (5) "minor" is the minor number of device node. 451 * 452 * Directives held by this structure are "allow_mkchar", "allow_mkblock". 453 * 454 */ 455struct tomoyo_mkdev_acl { 456 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MKDEV_ACL */ 457 u8 perm; 458 struct tomoyo_name_union name; 459 struct tomoyo_number_union mode; 460 struct tomoyo_number_union major; 461 struct tomoyo_number_union minor; 462}; 463 464/* 465 * tomoyo_path2_acl is a structure which is used for holding an 466 * entry with two pathnames operation (i.e. link(), rename() and pivot_root()). 467 * It has following fields. 468 * 469 * (1) "head" which is a "struct tomoyo_acl_info". 470 * (2) "perm" which is a bitmask of permitted operations. 471 * (3) "name1" is the source/old pathname. 472 * (4) "name2" is the destination/new pathname. 473 * 474 * Directives held by this structure are "allow_rename", "allow_link" and 475 * "allow_pivot_root". 476 */ 477struct tomoyo_path2_acl { 478 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */ 479 u8 perm; 480 struct tomoyo_name_union name1; 481 struct tomoyo_name_union name2; 482}; 483 484/* 485 * tomoyo_mount_acl is a structure which is used for holding an 486 * entry for mount operation. 487 * It has following fields. 488 * 489 * (1) "head" which is a "struct tomoyo_acl_info". 490 * (2) "dev_name" is the device name. 491 * (3) "dir_name" is the mount point. 492 * (4) "fs_type" is the filesystem type. 493 * (5) "flags" is the mount flags. 494 * 495 * Directive held by this structure is "allow_mount". 496 */ 497struct tomoyo_mount_acl { 498 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MOUNT_ACL */ 499 struct tomoyo_name_union dev_name; 500 struct tomoyo_name_union dir_name; 501 struct tomoyo_name_union fs_type; 502 struct tomoyo_number_union flags; 503}; 504 505#define TOMOYO_MAX_IO_READ_QUEUE 32 506 507/* 508 * Structure for reading/writing policy via /sys/kernel/security/tomoyo 509 * interfaces. 510 */ 511struct tomoyo_io_buffer { 512 void (*read) (struct tomoyo_io_buffer *); 513 int (*write) (struct tomoyo_io_buffer *); 514 int (*poll) (struct file *file, poll_table *wait); 515 /* Exclusive lock for this structure. */ 516 struct mutex io_sem; 517 /* Index returned by tomoyo_read_lock(). */ 518 int reader_idx; 519 char __user *read_user_buf; 520 int read_user_buf_avail; 521 struct { 522 struct list_head *domain; 523 struct list_head *group; 524 struct list_head *acl; 525 int avail; 526 int step; 527 int query_index; 528 u16 index; 529 u8 bit; 530 u8 w_pos; 531 bool eof; 532 bool print_this_domain_only; 533 bool print_execute_only; 534 const char *w[TOMOYO_MAX_IO_READ_QUEUE]; 535 } r; 536 /* The position currently writing to. */ 537 struct tomoyo_domain_info *write_var1; 538 /* Buffer for reading. */ 539 char *read_buf; 540 /* Size of read buffer. */ 541 int readbuf_size; 542 /* Buffer for writing. */ 543 char *write_buf; 544 /* Bytes available for writing. */ 545 int write_avail; 546 /* Size of write buffer. */ 547 int writebuf_size; 548 /* Type of this interface. */ 549 u8 type; 550}; 551 552/* 553 * tomoyo_transition_control is a structure which is used for holding 554 * "initialize_domain"/"no_initialize_domain"/"keep_domain"/"no_keep_domain" 555 * entries. 556 * It has following fields. 557 * 558 * (1) "head" is "struct tomoyo_acl_head". 559 * (2) "type" is type of this entry. 560 * (3) "is_last_name" is a bool which is true if "domainname" is "the last 561 * component of a domainname", false otherwise. 562 * (4) "domainname" which is "a domainname" or "the last component of a 563 * domainname". 564 * (5) "program" which is a program's pathname. 565 */ 566struct tomoyo_transition_control { 567 struct tomoyo_acl_head head; 568 u8 type; /* One of values in "enum tomoyo_transition_type". */ 569 /* True if the domainname is tomoyo_get_last_name(). */ 570 bool is_last_name; 571 const struct tomoyo_path_info *domainname; /* Maybe NULL */ 572 const struct tomoyo_path_info *program; /* Maybe NULL */ 573}; 574 575/* 576 * tomoyo_aggregator is a structure which is used for holding 577 * "aggregator" entries. 578 * It has following fields. 579 * 580 * (1) "head" is "struct tomoyo_acl_head". 581 * (2) "original_name" which is originally requested name. 582 * (3) "aggregated_name" which is name to rewrite. 583 */ 584struct tomoyo_aggregator { 585 struct tomoyo_acl_head head; 586 const struct tomoyo_path_info *original_name; 587 const struct tomoyo_path_info *aggregated_name; 588}; 589 590/* 591 * tomoyo_manager is a structure which is used for holding list of 592 * domainnames or programs which are permitted to modify configuration via 593 * /sys/kernel/security/tomoyo/ interface. 594 * It has following fields. 595 * 596 * (1) "head" is "struct tomoyo_acl_head". 597 * (2) "is_domain" is a bool which is true if "manager" is a domainname, false 598 * otherwise. 599 * (3) "manager" is a domainname or a program's pathname. 600 */ 601struct tomoyo_manager { 602 struct tomoyo_acl_head head; 603 bool is_domain; /* True if manager is a domainname. */ 604 /* A path to program or a domainname. */ 605 const struct tomoyo_path_info *manager; 606}; 607 608struct tomoyo_preference { 609 unsigned int learning_max_entry; 610 bool enforcing_verbose; 611 bool learning_verbose; 612 bool permissive_verbose; 613}; 614 615struct tomoyo_profile { 616 const struct tomoyo_path_info *comment; 617 struct tomoyo_preference *learning; 618 struct tomoyo_preference *permissive; 619 struct tomoyo_preference *enforcing; 620 struct tomoyo_preference preference; 621 u8 default_config; 622 u8 config[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX]; 623}; 624 625/********** Function prototypes. **********/ 626 627/* Check whether the given string starts with the given keyword. */ 628bool tomoyo_str_starts(char **src, const char *find); 629/* Get tomoyo_realpath() of current process. */ 630const char *tomoyo_get_exe(void); 631/* Format string. */ 632void tomoyo_normalize_line(unsigned char *buffer); 633/* Print warning or error message on console. */ 634void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...) 635 __attribute__ ((format(printf, 2, 3))); 636/* Check all profiles currently assigned to domains are defined. */ 637void tomoyo_check_profile(void); 638/* Open operation for /sys/kernel/security/tomoyo/ interface. */ 639int tomoyo_open_control(const u8 type, struct file *file); 640/* Close /sys/kernel/security/tomoyo/ interface. */ 641int tomoyo_close_control(struct file *file); 642/* Poll operation for /sys/kernel/security/tomoyo/ interface. */ 643int tomoyo_poll_control(struct file *file, poll_table *wait); 644/* Read operation for /sys/kernel/security/tomoyo/ interface. */ 645int tomoyo_read_control(struct file *file, char __user *buffer, 646 const int buffer_len); 647/* Write operation for /sys/kernel/security/tomoyo/ interface. */ 648int tomoyo_write_control(struct file *file, const char __user *buffer, 649 const int buffer_len); 650/* Check whether the domain has too many ACL entries to hold. */ 651bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r); 652/* Print out of memory warning message. */ 653void tomoyo_warn_oom(const char *function); 654/* Check whether the given name matches the given name_union. */ 655const struct tomoyo_path_info * 656tomoyo_compare_name_union(const struct tomoyo_path_info *name, 657 const struct tomoyo_name_union *ptr); 658/* Check whether the given number matches the given number_union. */ 659bool tomoyo_compare_number_union(const unsigned long value, 660 const struct tomoyo_number_union *ptr); 661int tomoyo_get_mode(const u8 profile, const u8 index); 662void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 663 __attribute__ ((format(printf, 2, 3))); 664/* Check whether the domainname is correct. */ 665bool tomoyo_correct_domain(const unsigned char *domainname); 666/* Check whether the token is correct. */ 667bool tomoyo_correct_path(const char *filename); 668bool tomoyo_correct_word(const char *string); 669/* Check whether the token can be a domainname. */ 670bool tomoyo_domain_def(const unsigned char *buffer); 671bool tomoyo_parse_name_union(const char *filename, 672 struct tomoyo_name_union *ptr); 673/* Check whether the given filename matches the given path_group. */ 674const struct tomoyo_path_info * 675tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, 676 const struct tomoyo_group *group); 677/* Check whether the given value matches the given number_group. */ 678bool tomoyo_number_matches_group(const unsigned long min, 679 const unsigned long max, 680 const struct tomoyo_group *group); 681/* Check whether the given filename matches the given pattern. */ 682bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, 683 const struct tomoyo_path_info *pattern); 684 685bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num); 686/* Tokenize a line. */ 687bool tomoyo_tokenize(char *buffer, char *w[], size_t size); 688/* Write domain policy violation warning message to console? */ 689bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); 690/* Fill "struct tomoyo_request_info". */ 691int tomoyo_init_request_info(struct tomoyo_request_info *r, 692 struct tomoyo_domain_info *domain, 693 const u8 index); 694/* Check permission for mount operation. */ 695int tomoyo_mount_permission(char *dev_name, struct path *path, char *type, 696 unsigned long flags, void *data_page); 697/* Create "aggregator" entry in exception policy. */ 698int tomoyo_write_aggregator(char *data, const bool is_delete); 699int tomoyo_write_transition_control(char *data, const bool is_delete, 700 const u8 type); 701/* 702 * Create "allow_execute", "allow_read", "allow_write", "allow_append", 703 * "allow_create", "allow_unlink", "allow_mkdir", "allow_rmdir", 704 * "allow_mkfifo", "allow_mksock", "allow_mkblock", "allow_mkchar", 705 * "allow_truncate", "allow_symlink", "allow_rename" and "allow_link" entry 706 * in domain policy. 707 */ 708int tomoyo_write_file(char *data, struct tomoyo_domain_info *domain, 709 const bool is_delete); 710/* Create "allow_mount" entry in domain policy. */ 711int tomoyo_write_mount(char *data, struct tomoyo_domain_info *domain, 712 const bool is_delete); 713/* Create "path_group"/"number_group" entry in exception policy. */ 714int tomoyo_write_group(char *data, const bool is_delete, const u8 type); 715int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) 716 __attribute__ ((format(printf, 2, 3))); 717/* Find a domain by the given name. */ 718struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); 719/* Find or create a domain by the given name. */ 720struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, 721 const u8 profile); 722struct tomoyo_profile *tomoyo_profile(const u8 profile); 723/* 724 * Allocate memory for "struct tomoyo_path_group"/"struct tomoyo_number_group". 725 */ 726struct tomoyo_group *tomoyo_get_group(const char *group_name, const u8 type); 727 728/* Check mode for specified functionality. */ 729unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, 730 const u8 index); 731/* Fill in "struct tomoyo_path_info" members. */ 732void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); 733/* Run policy loader when /sbin/init starts. */ 734void tomoyo_load_policy(const char *filename); 735 736void tomoyo_put_number_union(struct tomoyo_number_union *ptr); 737 738/* Convert binary string to ascii string. */ 739char *tomoyo_encode(const char *str); 740 741/* 742 * Returns realpath(3) of the given pathname except that 743 * ignores chroot'ed root and does not follow the final symlink. 744 */ 745char *tomoyo_realpath_nofollow(const char *pathname); 746/* 747 * Returns realpath(3) of the given pathname except that 748 * ignores chroot'ed root and the pathname is already solved. 749 */ 750char *tomoyo_realpath_from_path(struct path *path); 751 752/* Check memory quota. */ 753bool tomoyo_memory_ok(void *ptr); 754void *tomoyo_commit_ok(void *data, const unsigned int size); 755 756/* 757 * Keep the given name on the RAM. 758 * The RAM is shared, so NEVER try to modify or kfree() the returned name. 759 */ 760const struct tomoyo_path_info *tomoyo_get_name(const char *name); 761 762/* Check for memory usage. */ 763void tomoyo_read_memory_counter(struct tomoyo_io_buffer *head); 764 765/* Set memory quota. */ 766int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head); 767 768/* Initialize mm related code. */ 769void __init tomoyo_mm_init(void); 770int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, 771 const struct tomoyo_path_info *filename); 772int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, 773 struct path *path, const int flag); 774int tomoyo_path_number_perm(const u8 operation, struct path *path, 775 unsigned long number); 776int tomoyo_mkdev_perm(const u8 operation, struct path *path, 777 const unsigned int mode, unsigned int dev); 778int tomoyo_path_perm(const u8 operation, struct path *path); 779int tomoyo_path2_perm(const u8 operation, struct path *path1, 780 struct path *path2); 781int tomoyo_find_next_domain(struct linux_binprm *bprm); 782 783void tomoyo_print_ulong(char *buffer, const int buffer_len, 784 const unsigned long value, const u8 type); 785 786/* Drop refcount on tomoyo_name_union. */ 787void tomoyo_put_name_union(struct tomoyo_name_union *ptr); 788 789/* Run garbage collector. */ 790void tomoyo_run_gc(void); 791 792void tomoyo_memory_free(void *ptr); 793 794int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, 795 bool is_delete, struct tomoyo_domain_info *domain, 796 bool (*check_duplicate) (const struct tomoyo_acl_info 797 *, 798 const struct tomoyo_acl_info 799 *), 800 bool (*merge_duplicate) (struct tomoyo_acl_info *, 801 struct tomoyo_acl_info *, 802 const bool)); 803int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, 804 bool is_delete, struct list_head *list, 805 bool (*check_duplicate) (const struct tomoyo_acl_head 806 *, 807 const struct tomoyo_acl_head 808 *)); 809void tomoyo_check_acl(struct tomoyo_request_info *r, 810 bool (*check_entry) (struct tomoyo_request_info *, 811 const struct tomoyo_acl_info *)); 812 813/********** External variable definitions. **********/ 814 815/* Lock for GC. */ 816extern struct srcu_struct tomoyo_ss; 817 818/* The list for "struct tomoyo_domain_info". */ 819extern struct list_head tomoyo_domain_list; 820 821extern struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY]; 822extern struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP]; 823extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; 824 825/* Lock for protecting policy. */ 826extern struct mutex tomoyo_policy_lock; 827 828/* Has /sbin/init started? */ 829extern bool tomoyo_policy_loaded; 830 831/* The kernel's domain. */ 832extern struct tomoyo_domain_info tomoyo_kernel_domain; 833 834extern const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; 835extern const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION]; 836extern const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION]; 837extern const char *tomoyo_path_number_keyword[TOMOYO_MAX_PATH_NUMBER_OPERATION]; 838 839extern unsigned int tomoyo_quota_for_query; 840extern unsigned int tomoyo_query_memory_size; 841 842/********** Inlined functions. **********/ 843 844static inline int tomoyo_read_lock(void) 845{ 846 return srcu_read_lock(&tomoyo_ss); 847} 848 849static inline void tomoyo_read_unlock(int idx) 850{ 851 srcu_read_unlock(&tomoyo_ss, idx); 852} 853 854/* strcmp() for "struct tomoyo_path_info" structure. */ 855static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, 856 const struct tomoyo_path_info *b) 857{ 858 return a->hash != b->hash || strcmp(a->name, b->name); 859} 860 861/** 862 * tomoyo_valid - Check whether the character is a valid char. 863 * 864 * @c: The character to check. 865 * 866 * Returns true if @c is a valid character, false otherwise. 867 */ 868static inline bool tomoyo_valid(const unsigned char c) 869{ 870 return c > ' ' && c < 127; 871} 872 873/** 874 * tomoyo_invalid - Check whether the character is an invalid char. 875 * 876 * @c: The character to check. 877 * 878 * Returns true if @c is an invalid character, false otherwise. 879 */ 880static inline bool tomoyo_invalid(const unsigned char c) 881{ 882 return c && (c <= ' ' || c >= 127); 883} 884 885static inline void tomoyo_put_name(const struct tomoyo_path_info *name) 886{ 887 if (name) { 888 struct tomoyo_name *ptr = 889 container_of(name, typeof(*ptr), entry); 890 atomic_dec(&ptr->users); 891 } 892} 893 894static inline void tomoyo_put_group(struct tomoyo_group *group) 895{ 896 if (group) 897 atomic_dec(&group->users); 898} 899 900static inline struct tomoyo_domain_info *tomoyo_domain(void) 901{ 902 return current_cred()->security; 903} 904 905static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct 906 *task) 907{ 908 return task_cred_xxx(task, security); 909} 910 911static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *p1, 912 const struct tomoyo_acl_info *p2) 913{ 914 return p1->type == p2->type; 915} 916 917static inline bool tomoyo_same_name_union 918(const struct tomoyo_name_union *p1, const struct tomoyo_name_union *p2) 919{ 920 return p1->filename == p2->filename && p1->group == p2->group && 921 p1->is_group == p2->is_group; 922} 923 924static inline bool tomoyo_same_number_union 925(const struct tomoyo_number_union *p1, const struct tomoyo_number_union *p2) 926{ 927 return p1->values[0] == p2->values[0] && p1->values[1] == p2->values[1] 928 && p1->group == p2->group && p1->min_type == p2->min_type && 929 p1->max_type == p2->max_type && p1->is_group == p2->is_group; 930} 931 932/** 933 * list_for_each_cookie - iterate over a list with cookie. 934 * @pos: the &struct list_head to use as a loop cursor. 935 * @head: the head for your list. 936 */ 937#define list_for_each_cookie(pos, head) \ 938 if (!pos) \ 939 pos = srcu_dereference((head)->next, &tomoyo_ss); \ 940 for ( ; pos != (head); pos = srcu_dereference(pos->next, &tomoyo_ss)) 941 942#endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ 943