domain.c revision 0f2a55d5bb2372058275b0b343d90dd5d640d045 
1/*
2 * security/tomoyo/domain.c
3 *
4 * Copyright (C) 2005-2011  NTT DATA CORPORATION
5 */
6
7#include "common.h"
8#include <linux/binfmts.h>
9#include <linux/slab.h>
10
11/* Variables definitions.*/
12
13/* The initial domain. */
14struct tomoyo_domain_info tomoyo_kernel_domain;
15
16/**
17 * tomoyo_update_policy - Update an entry for exception policy.
18 *
19 * @new_entry:       Pointer to "struct tomoyo_acl_info".
20 * @size:            Size of @new_entry in bytes.
21 * @param:           Pointer to "struct tomoyo_acl_param".
22 * @check_duplicate: Callback function to find duplicated entry.
23 *
24 * Returns 0 on success, negative value otherwise.
25 *
26 * Caller holds tomoyo_read_lock().
27 */
28int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
29			 struct tomoyo_acl_param *param,
30			 bool (*check_duplicate) (const struct tomoyo_acl_head
31						  *,
32						  const struct tomoyo_acl_head
33						  *))
34{
35	int error = param->is_delete ? -ENOENT : -ENOMEM;
36	struct tomoyo_acl_head *entry;
37	struct list_head *list = param->list;
38
39	if (mutex_lock_interruptible(&tomoyo_policy_lock))
40		return -ENOMEM;
41	list_for_each_entry_rcu(entry, list, list) {
42		if (!check_duplicate(entry, new_entry))
43			continue;
44		entry->is_deleted = param->is_delete;
45		error = 0;
46		break;
47	}
48	if (error && !param->is_delete) {
49		entry = tomoyo_commit_ok(new_entry, size);
50		if (entry) {
51			list_add_tail_rcu(&entry->list, list);
52			error = 0;
53		}
54	}
55	mutex_unlock(&tomoyo_policy_lock);
56	return error;
57}
58
59/**
60 * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
61 *
62 * @a: Pointer to "struct tomoyo_acl_info".
63 * @b: Pointer to "struct tomoyo_acl_info".
64 *
65 * Returns true if @a == @b, false otherwise.
66 */
67static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,
68					const struct tomoyo_acl_info *b)
69{
70	return a->type == b->type && a->cond == b->cond;
71}
72
73/**
74 * tomoyo_update_domain - Update an entry for domain policy.
75 *
76 * @new_entry:       Pointer to "struct tomoyo_acl_info".
77 * @size:            Size of @new_entry in bytes.
78 * @param:           Pointer to "struct tomoyo_acl_param".
79 * @check_duplicate: Callback function to find duplicated entry.
80 * @merge_duplicate: Callback function to merge duplicated entry.
81 *
82 * Returns 0 on success, negative value otherwise.
83 *
84 * Caller holds tomoyo_read_lock().
85 */
86int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
87			 struct tomoyo_acl_param *param,
88			 bool (*check_duplicate) (const struct tomoyo_acl_info
89						  *,
90						  const struct tomoyo_acl_info
91						  *),
92			 bool (*merge_duplicate) (struct tomoyo_acl_info *,
93						  struct tomoyo_acl_info *,
94						  const bool))
95{
96	const bool is_delete = param->is_delete;
97	int error = is_delete ? -ENOENT : -ENOMEM;
98	struct tomoyo_acl_info *entry;
99	struct list_head * const list = param->list;
100
101	if (param->data[0]) {
102		new_entry->cond = tomoyo_get_condition(param);
103		if (!new_entry->cond)
104			return -EINVAL;
105	}
106	if (mutex_lock_interruptible(&tomoyo_policy_lock))
107		goto out;
108	list_for_each_entry_rcu(entry, list, list) {
109		if (!tomoyo_same_acl_head(entry, new_entry) ||
110		    !check_duplicate(entry, new_entry))
111			continue;
112		if (merge_duplicate)
113			entry->is_deleted = merge_duplicate(entry, new_entry,
114							    is_delete);
115		else
116			entry->is_deleted = is_delete;
117		error = 0;
118		break;
119	}
120	if (error && !is_delete) {
121		entry = tomoyo_commit_ok(new_entry, size);
122		if (entry) {
123			list_add_tail_rcu(&entry->list, list);
124			error = 0;
125		}
126	}
127	mutex_unlock(&tomoyo_policy_lock);
128out:
129	tomoyo_put_condition(new_entry->cond);
130	return error;
131}
132
133/**
134 * tomoyo_check_acl - Do permission check.
135 *
136 * @r:           Pointer to "struct tomoyo_request_info".
137 * @check_entry: Callback function to check type specific parameters.
138 *
139 * Returns 0 on success, negative value otherwise.
140 *
141 * Caller holds tomoyo_read_lock().
142 */
143void tomoyo_check_acl(struct tomoyo_request_info *r,
144		      bool (*check_entry) (struct tomoyo_request_info *,
145					   const struct tomoyo_acl_info *))
146{
147	const struct tomoyo_domain_info *domain = r->domain;
148	struct tomoyo_acl_info *ptr;
149	bool retried = false;
150	const struct list_head *list = &domain->acl_info_list;
151
152retry:
153	list_for_each_entry_rcu(ptr, list, list) {
154		if (ptr->is_deleted || ptr->type != r->param_type)
155			continue;
156		if (!check_entry(r, ptr))
157			continue;
158		if (!tomoyo_condition(r, ptr->cond))
159			continue;
160		r->granted = true;
161		return;
162	}
163	if (!retried) {
164		retried = true;
165		list = &domain->ns->acl_group[domain->group];
166		goto retry;
167	}
168	r->granted = false;
169}
170
171/* The list for "struct tomoyo_domain_info". */
172LIST_HEAD(tomoyo_domain_list);
173
174/**
175 * tomoyo_last_word - Get last component of a domainname.
176 *
177 * @name: Domainname to check.
178 *
179 * Returns the last word of @domainname.
180 */
181static const char *tomoyo_last_word(const char *name)
182{
183	const char *cp = strrchr(name, ' ');
184	if (cp)
185		return cp + 1;
186	return name;
187}
188
189/**
190 * tomoyo_same_transition_control - Check for duplicated "struct tomoyo_transition_control" entry.
191 *
192 * @a: Pointer to "struct tomoyo_acl_head".
193 * @b: Pointer to "struct tomoyo_acl_head".
194 *
195 * Returns true if @a == @b, false otherwise.
196 */
197static bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a,
198					   const struct tomoyo_acl_head *b)
199{
200	const struct tomoyo_transition_control *p1 = container_of(a,
201								  typeof(*p1),
202								  head);
203	const struct tomoyo_transition_control *p2 = container_of(b,
204								  typeof(*p2),
205								  head);
206	return p1->type == p2->type && p1->is_last_name == p2->is_last_name
207		&& p1->domainname == p2->domainname
208		&& p1->program == p2->program;
209}
210
211/**
212 * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
213 *
214 * @param: Pointer to "struct tomoyo_acl_param".
215 * @type:  Type of this entry.
216 *
217 * Returns 0 on success, negative value otherwise.
218 */
219int tomoyo_write_transition_control(struct tomoyo_acl_param *param,
220				    const u8 type)
221{
222	struct tomoyo_transition_control e = { .type = type };
223	int error = param->is_delete ? -ENOENT : -ENOMEM;
224	char *program = param->data;
225	char *domainname = strstr(program, " from ");
226	if (domainname) {
227		*domainname = '\0';
228		domainname += 6;
229	} else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP ||
230		   type == TOMOYO_TRANSITION_CONTROL_KEEP) {
231		domainname = program;
232		program = NULL;
233	}
234	if (program && strcmp(program, "any")) {
235		if (!tomoyo_correct_path(program))
236			return -EINVAL;
237		e.program = tomoyo_get_name(program);
238		if (!e.program)
239			goto out;
240	}
241	if (domainname && strcmp(domainname, "any")) {
242		if (!tomoyo_correct_domain(domainname)) {
243			if (!tomoyo_correct_path(domainname))
244				goto out;
245			e.is_last_name = true;
246		}
247		e.domainname = tomoyo_get_name(domainname);
248		if (!e.domainname)
249			goto out;
250	}
251	param->list = &param->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];
252	error = tomoyo_update_policy(&e.head, sizeof(e), param,
253				     tomoyo_same_transition_control);
254out:
255	tomoyo_put_name(e.domainname);
256	tomoyo_put_name(e.program);
257	return error;
258}
259
260/**
261 * tomoyo_scan_transition - Try to find specific domain transition type.
262 *
263 * @list:       Pointer to "struct list_head".
264 * @domainname: The name of current domain.
265 * @program:    The name of requested program.
266 * @last_name:  The last component of @domainname.
267 * @type:       One of values in "enum tomoyo_transition_type".
268 *
269 * Returns true if found one, false otherwise.
270 *
271 * Caller holds tomoyo_read_lock().
272 */
273static inline bool tomoyo_scan_transition
274(const struct list_head *list, const struct tomoyo_path_info *domainname,
275 const struct tomoyo_path_info *program, const char *last_name,
276 const enum tomoyo_transition_type type)
277{
278	const struct tomoyo_transition_control *ptr;
279	list_for_each_entry_rcu(ptr, list, head.list) {
280		if (ptr->head.is_deleted || ptr->type != type)
281			continue;
282		if (ptr->domainname) {
283			if (!ptr->is_last_name) {
284				if (ptr->domainname != domainname)
285					continue;
286			} else {
287				/*
288				 * Use direct strcmp() since this is
289				 * unlikely used.
290				 */
291				if (strcmp(ptr->domainname->name, last_name))
292					continue;
293			}
294		}
295		if (ptr->program && tomoyo_pathcmp(ptr->program, program))
296			continue;
297		return true;
298	}
299	return false;
300}
301
302/**
303 * tomoyo_transition_type - Get domain transition type.
304 *
305 * @ns:         Pointer to "struct tomoyo_policy_namespace".
306 * @domainname: The name of current domain.
307 * @program:    The name of requested program.
308 *
309 * Returns TOMOYO_TRANSITION_CONTROL_TRANSIT if executing @program causes
310 * domain transition across namespaces, TOMOYO_TRANSITION_CONTROL_INITIALIZE if
311 * executing @program reinitializes domain transition within that namespace,
312 * TOMOYO_TRANSITION_CONTROL_KEEP if executing @program stays at @domainname ,
313 * others otherwise.
314 *
315 * Caller holds tomoyo_read_lock().
316 */
317static enum tomoyo_transition_type tomoyo_transition_type
318(const struct tomoyo_policy_namespace *ns,
319 const struct tomoyo_path_info *domainname,
320 const struct tomoyo_path_info *program)
321{
322	const char *last_name = tomoyo_last_word(domainname->name);
323	enum tomoyo_transition_type type = TOMOYO_TRANSITION_CONTROL_NO_RESET;
324	while (type < TOMOYO_MAX_TRANSITION_TYPE) {
325		const struct list_head * const list =
326			&ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];
327		if (!tomoyo_scan_transition(list, domainname, program,
328					    last_name, type)) {
329			type++;
330			continue;
331		}
332		if (type != TOMOYO_TRANSITION_CONTROL_NO_RESET &&
333		    type != TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE)
334			break;
335		/*
336		 * Do not check for reset_domain if no_reset_domain matched.
337		 * Do not check for initialize_domain if no_initialize_domain
338		 * matched.
339		 */
340		type++;
341		type++;
342	}
343	return type;
344}
345
346/**
347 * tomoyo_same_aggregator - Check for duplicated "struct tomoyo_aggregator" entry.
348 *
349 * @a: Pointer to "struct tomoyo_acl_head".
350 * @b: Pointer to "struct tomoyo_acl_head".
351 *
352 * Returns true if @a == @b, false otherwise.
353 */
354static bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a,
355				   const struct tomoyo_acl_head *b)
356{
357	const struct tomoyo_aggregator *p1 = container_of(a, typeof(*p1),
358							  head);
359	const struct tomoyo_aggregator *p2 = container_of(b, typeof(*p2),
360							  head);
361	return p1->original_name == p2->original_name &&
362		p1->aggregated_name == p2->aggregated_name;
363}
364
365/**
366 * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
367 *
368 * @param: Pointer to "struct tomoyo_acl_param".
369 *
370 * Returns 0 on success, negative value otherwise.
371 *
372 * Caller holds tomoyo_read_lock().
373 */
374int tomoyo_write_aggregator(struct tomoyo_acl_param *param)
375{
376	struct tomoyo_aggregator e = { };
377	int error = param->is_delete ? -ENOENT : -ENOMEM;
378	const char *original_name = tomoyo_read_token(param);
379	const char *aggregated_name = tomoyo_read_token(param);
380	if (!tomoyo_correct_word(original_name) ||
381	    !tomoyo_correct_path(aggregated_name))
382		return -EINVAL;
383	e.original_name = tomoyo_get_name(original_name);
384	e.aggregated_name = tomoyo_get_name(aggregated_name);
385	if (!e.original_name || !e.aggregated_name ||
386	    e.aggregated_name->is_patterned) /* No patterns allowed. */
387		goto out;
388	param->list = &param->ns->policy_list[TOMOYO_ID_AGGREGATOR];
389	error = tomoyo_update_policy(&e.head, sizeof(e), param,
390				     tomoyo_same_aggregator);
391out:
392	tomoyo_put_name(e.original_name);
393	tomoyo_put_name(e.aggregated_name);
394	return error;
395}
396
397/**
398 * tomoyo_find_namespace - Find specified namespace.
399 *
400 * @name: Name of namespace to find.
401 * @len:  Length of @name.
402 *
403 * Returns pointer to "struct tomoyo_policy_namespace" if found,
404 * NULL otherwise.
405 *
406 * Caller holds tomoyo_read_lock().
407 */
408static struct tomoyo_policy_namespace *tomoyo_find_namespace
409(const char *name, const unsigned int len)
410{
411	struct tomoyo_policy_namespace *ns;
412	list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
413		if (strncmp(name, ns->name, len) ||
414		    (name[len] && name[len] != ' '))
415			continue;
416		return ns;
417	}
418	return NULL;
419}
420
421/**
422 * tomoyo_assign_namespace - Create a new namespace.
423 *
424 * @domainname: Name of namespace to create.
425 *
426 * Returns pointer to "struct tomoyo_policy_namespace" on success,
427 * NULL otherwise.
428 *
429 * Caller holds tomoyo_read_lock().
430 */
431struct tomoyo_policy_namespace *tomoyo_assign_namespace(const char *domainname)
432{
433	struct tomoyo_policy_namespace *ptr;
434	struct tomoyo_policy_namespace *entry;
435	const char *cp = domainname;
436	unsigned int len = 0;
437	while (*cp && *cp++ != ' ')
438		len++;
439	ptr = tomoyo_find_namespace(domainname, len);
440	if (ptr)
441		return ptr;
442	if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname))
443		return NULL;
444	entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS);
445	if (!entry)
446		return NULL;
447	if (mutex_lock_interruptible(&tomoyo_policy_lock))
448		goto out;
449	ptr = tomoyo_find_namespace(domainname, len);
450	if (!ptr && tomoyo_memory_ok(entry)) {
451		char *name = (char *) (entry + 1);
452		ptr = entry;
453		memmove(name, domainname, len);
454		name[len] = '\0';
455		entry->name = name;
456		tomoyo_init_policy_namespace(entry);
457		entry = NULL;
458	}
459	mutex_unlock(&tomoyo_policy_lock);
460out:
461	kfree(entry);
462	return ptr;
463}
464
465/**
466 * tomoyo_namespace_jump - Check for namespace jump.
467 *
468 * @domainname: Name of domain.
469 *
470 * Returns true if namespace differs, false otherwise.
471 */
472static bool tomoyo_namespace_jump(const char *domainname)
473{
474	const char *namespace = tomoyo_current_namespace()->name;
475	const int len = strlen(namespace);
476	return strncmp(domainname, namespace, len) ||
477		(domainname[len] && domainname[len] != ' ');
478}
479
480/**
481 * tomoyo_assign_domain - Create a domain or a namespace.
482 *
483 * @domainname: The name of domain.
484 * @transit:    True if transit to domain found or created.
485 *
486 * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
487 *
488 * Caller holds tomoyo_read_lock().
489 */
490struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
491						const bool transit)
492{
493	struct tomoyo_domain_info e = { };
494	struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname);
495	bool created = false;
496	if (entry) {
497		if (transit) {
498			/*
499			 * Since namespace is created at runtime, profiles may
500			 * not be created by the moment the process transits to
501			 * that domain. Do not perform domain transition if
502			 * profile for that domain is not yet created.
503			 */
504			if (!entry->ns->profile_ptr[entry->profile])
505				return NULL;
506		}
507		return entry;
508	}
509	/* Requested domain does not exist. */
510	/* Don't create requested domain if domainname is invalid. */
511	if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 ||
512	    !tomoyo_correct_domain(domainname))
513		return NULL;
514	/*
515	 * Since definition of profiles and acl_groups may differ across
516	 * namespaces, do not inherit "use_profile" and "use_group" settings
517	 * by automatically creating requested domain upon domain transition.
518	 */
519	if (transit && tomoyo_namespace_jump(domainname))
520		return NULL;
521	e.ns = tomoyo_assign_namespace(domainname);
522	if (!e.ns)
523		return NULL;
524	/*
525	 * "use_profile" and "use_group" settings for automatically created
526	 * domains are inherited from current domain. These are 0 for manually
527	 * created domains.
528	 */
529	if (transit) {
530		const struct tomoyo_domain_info *domain = tomoyo_domain();
531		e.profile = domain->profile;
532		e.group = domain->group;
533	}
534	e.domainname = tomoyo_get_name(domainname);
535	if (!e.domainname)
536		return NULL;
537	if (mutex_lock_interruptible(&tomoyo_policy_lock))
538		goto out;
539	entry = tomoyo_find_domain(domainname);
540	if (!entry) {
541		entry = tomoyo_commit_ok(&e, sizeof(e));
542		if (entry) {
543			INIT_LIST_HEAD(&entry->acl_info_list);
544			list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
545			created = true;
546		}
547	}
548	mutex_unlock(&tomoyo_policy_lock);
549out:
550	tomoyo_put_name(e.domainname);
551	if (entry && transit) {
552		if (created) {
553			struct tomoyo_request_info r;
554			tomoyo_init_request_info(&r, entry,
555						 TOMOYO_MAC_FILE_EXECUTE);
556			r.granted = false;
557			tomoyo_write_log(&r, "use_profile %u\n",
558					 entry->profile);
559			tomoyo_write_log(&r, "use_group %u\n", entry->group);
560		}
561	}
562	return entry;
563}
564
565/**
566 * tomoyo_find_next_domain - Find a domain.
567 *
568 * @bprm: Pointer to "struct linux_binprm".
569 *
570 * Returns 0 on success, negative value otherwise.
571 *
572 * Caller holds tomoyo_read_lock().
573 */
574int tomoyo_find_next_domain(struct linux_binprm *bprm)
575{
576	struct tomoyo_domain_info *old_domain = tomoyo_domain();
577	struct tomoyo_domain_info *domain = NULL;
578	const char *original_name = bprm->filename;
579	int retval = -ENOMEM;
580	bool need_kfree = false;
581	bool reject_on_transition_failure = false;
582	struct tomoyo_path_info rn = { }; /* real name */
583	struct tomoyo_execve *ee = kzalloc(sizeof(*ee), GFP_NOFS);
584	if (!ee)
585		return -ENOMEM;
586	ee->tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
587	if (!ee->tmp) {
588		kfree(ee);
589		return -ENOMEM;
590	}
591	/* ee->dump->data is allocated by tomoyo_dump_page(). */
592	tomoyo_init_request_info(&ee->r, NULL, TOMOYO_MAC_FILE_EXECUTE);
593	ee->r.ee = ee;
594	ee->bprm = bprm;
595	ee->r.obj = &ee->obj;
596	ee->obj.path1 = bprm->file->f_path;
597 retry:
598	if (need_kfree) {
599		kfree(rn.name);
600		need_kfree = false;
601	}
602	/* Get symlink's pathname of program. */
603	retval = -ENOENT;
604	rn.name = tomoyo_realpath_nofollow(original_name);
605	if (!rn.name)
606		goto out;
607	tomoyo_fill_path_info(&rn);
608	need_kfree = true;
609
610	/* Check 'aggregator' directive. */
611	{
612		struct tomoyo_aggregator *ptr;
613		struct list_head *list =
614			&old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR];
615		/* Check 'aggregator' directive. */
616		list_for_each_entry_rcu(ptr, list, head.list) {
617			if (ptr->head.is_deleted ||
618			    !tomoyo_path_matches_pattern(&rn,
619							 ptr->original_name))
620				continue;
621			kfree(rn.name);
622			need_kfree = false;
623			/* This is OK because it is read only. */
624			rn = *ptr->aggregated_name;
625			break;
626		}
627	}
628
629	/* Check execute permission. */
630	retval = tomoyo_path_permission(&ee->r, TOMOYO_TYPE_EXECUTE, &rn);
631	if (retval == TOMOYO_RETRY_REQUEST)
632		goto retry;
633	if (retval < 0)
634		goto out;
635	/*
636	 * To be able to specify domainnames with wildcards, use the
637	 * pathname specified in the policy (which may contain
638	 * wildcard) rather than the pathname passed to execve()
639	 * (which never contains wildcard).
640	 */
641	if (ee->r.param.path.matched_path) {
642		if (need_kfree)
643			kfree(rn.name);
644		need_kfree = false;
645		/* This is OK because it is read only. */
646		rn = *ee->r.param.path.matched_path;
647	}
648
649	/* Calculate domain to transit to. */
650	switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname,
651				       &rn)) {
652	case TOMOYO_TRANSITION_CONTROL_RESET:
653		/* Transit to the root of specified namespace. */
654		snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name);
655		/*
656		 * Make do_execve() fail if domain transition across namespaces
657		 * has failed.
658		 */
659		reject_on_transition_failure = true;
660		break;
661	case TOMOYO_TRANSITION_CONTROL_INITIALIZE:
662		/* Transit to the child of current namespace's root. */
663		snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
664			 old_domain->ns->name, rn.name);
665		break;
666	case TOMOYO_TRANSITION_CONTROL_KEEP:
667		/* Keep current domain. */
668		domain = old_domain;
669		break;
670	default:
671		if (old_domain == &tomoyo_kernel_domain &&
672		    !tomoyo_policy_loaded) {
673			/*
674			 * Needn't to transit from kernel domain before
675			 * starting /sbin/init. But transit from kernel domain
676			 * if executing initializers because they might start
677			 * before /sbin/init.
678			 */
679			domain = old_domain;
680		} else {
681			/* Normal domain transition. */
682			snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
683				 old_domain->domainname->name, rn.name);
684		}
685		break;
686	}
687	if (!domain)
688		domain = tomoyo_assign_domain(ee->tmp, true);
689	if (domain)
690		retval = 0;
691	else if (reject_on_transition_failure) {
692		printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n",
693		       ee->tmp);
694		retval = -ENOMEM;
695	} else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING)
696		retval = -ENOMEM;
697	else {
698		retval = 0;
699		if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) {
700			old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true;
701			ee->r.granted = false;
702			tomoyo_write_log(&ee->r, "%s", tomoyo_dif
703					 [TOMOYO_DIF_TRANSITION_FAILED]);
704			printk(KERN_WARNING
705			       "ERROR: Domain '%s' not defined.\n", ee->tmp);
706		}
707	}
708 out:
709	if (!domain)
710		domain = old_domain;
711	/* Update reference count on "struct tomoyo_domain_info". */
712	atomic_inc(&domain->users);
713	bprm->cred->security = domain;
714	if (need_kfree)
715		kfree(rn.name);
716	kfree(ee->tmp);
717	kfree(ee->dump.data);
718	kfree(ee);
719	return retval;
720}
721
722/**
723 * tomoyo_dump_page - Dump a page to buffer.
724 *
725 * @bprm: Pointer to "struct linux_binprm".
726 * @pos:  Location to dump.
727 * @dump: Poiner to "struct tomoyo_page_dump".
728 *
729 * Returns true on success, false otherwise.
730 */
731bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos,
732		      struct tomoyo_page_dump *dump)
733{
734	struct page *page;
735	/* dump->data is released by tomoyo_finish_execve(). */
736	if (!dump->data) {
737		dump->data = kzalloc(PAGE_SIZE, GFP_NOFS);
738		if (!dump->data)
739			return false;
740	}
741	/* Same with get_arg_page(bprm, pos, 0) in fs/exec.c */
742#ifdef CONFIG_MMU
743	if (get_user_pages(current, bprm->mm, pos, 1, 0, 1, &page, NULL) <= 0)
744		return false;
745#else
746	page = bprm->page[pos / PAGE_SIZE];
747#endif
748	if (page != dump->page) {
749		const unsigned int offset = pos % PAGE_SIZE;
750		/*
751		 * Maybe kmap()/kunmap() should be used here.
752		 * But remove_arg_zero() uses kmap_atomic()/kunmap_atomic().
753		 * So do I.
754		 */
755		char *kaddr = kmap_atomic(page, KM_USER0);
756		dump->page = page;
757		memcpy(dump->data + offset, kaddr + offset,
758		       PAGE_SIZE - offset);
759		kunmap_atomic(kaddr, KM_USER0);
760	}
761	/* Same with put_arg_page(page) in fs/exec.c */
762#ifdef CONFIG_MMU
763	put_page(page);
764#endif
765	return true;
766}
767