securityfs_if.c revision 0f2a55d5bb2372058275b0b343d90dd5d640d045
1c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/* 20f2a55d5bb2372058275b0b343d90dd5d640d045Tetsuo Handa * security/tomoyo/securityfs_if.c 3c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 40f2a55d5bb2372058275b0b343d90dd5d640d045Tetsuo Handa * Copyright (C) 2005-2011 NTT DATA CORPORATION 5c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */ 6c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa 7c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa#include <linux/security.h> 8c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa#include "common.h" 9c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa 10c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/** 11c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. 12c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 13c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @inode: Pointer to "struct inode". 14c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @file: Pointer to "struct file". 15c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 16c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns 0 on success, negative value otherwise. 17c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */ 18c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic int tomoyo_open(struct inode *inode, struct file *file) 19c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{ 20c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa const int key = ((u8 *) file->f_path.dentry->d_inode->i_private) 21c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa - ((u8 *) NULL); 22c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa return tomoyo_open_control(key, file); 23c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa} 24c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa 25c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/** 26c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. 27c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 28c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @inode: Pointer to "struct inode". 29c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @file: Pointer to "struct file". 30c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 31c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns 0 on success, negative value otherwise. 32c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */ 33c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic int tomoyo_release(struct inode *inode, struct file *file) 34c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{ 350df7e8b8f1c25c10820bdc679555f2fbfb897ca0Tetsuo Handa return tomoyo_close_control(file->private_data); 36c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa} 37c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa 38c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/** 39b5bc60b4ce313b6dbb42e7d32915dcf0a07c2a68Tetsuo Handa * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface. 400849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa * 410849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa * @file: Pointer to "struct file". 420849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa * @wait: Pointer to "poll_table". 430849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa * 440849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa * Returns 0 on success, negative value otherwise. 450849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa */ 460849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handastatic unsigned int tomoyo_poll(struct file *file, poll_table *wait) 470849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa{ 480849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa return tomoyo_poll_control(file, wait); 490849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa} 500849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa 510849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa/** 52c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. 53c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 54c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @file: Pointer to "struct file". 55c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @buf: Pointer to buffer. 56c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @count: Size of @buf. 57c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @ppos: Unused. 58c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 59c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns bytes read on success, negative value otherwise. 60c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */ 61c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, 62c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa loff_t *ppos) 63c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{ 640df7e8b8f1c25c10820bdc679555f2fbfb897ca0Tetsuo Handa return tomoyo_read_control(file->private_data, buf, count); 65c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa} 66c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa 67c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/** 68c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. 69c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 70c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @file: Pointer to "struct file". 71c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @buf: Pointer to buffer. 72c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @count: Size of @buf. 73c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @ppos: Unused. 74c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 75c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns @count on success, negative value otherwise. 76c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */ 77c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic ssize_t tomoyo_write(struct file *file, const char __user *buf, 78c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa size_t count, loff_t *ppos) 79c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{ 800df7e8b8f1c25c10820bdc679555f2fbfb897ca0Tetsuo Handa return tomoyo_write_control(file->private_data, buf, count); 81c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa} 82c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa 83c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/* 84c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_operations is a "struct file_operations" which is used for handling 85c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * /sys/kernel/security/tomoyo/ interface. 86c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 87c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR). 88c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * See tomoyo_io_buffer for internals. 89c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */ 90c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic const struct file_operations tomoyo_operations = { 91c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa .open = tomoyo_open, 92c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa .release = tomoyo_release, 930849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa .poll = tomoyo_poll, 94c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa .read = tomoyo_read, 95c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa .write = tomoyo_write, 967e2deb7ce8f662bce877dbfd3b0053e9559c25a3Tetsuo Handa .llseek = noop_llseek, 97c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa}; 98c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa 99c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/** 100c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory. 101c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 102c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @name: The name of the interface file. 103c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @mode: The permission of the interface file. 104c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @parent: The parent directory. 105c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @key: Type of interface. 106c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 107c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns nothing. 108c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */ 109c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic void __init tomoyo_create_entry(const char *name, const mode_t mode, 110c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa struct dentry *parent, const u8 key) 111c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{ 112c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, 113c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa &tomoyo_operations); 114c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa} 115c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa 116c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/** 117c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. 118c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * 119c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns 0. 120c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */ 121c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic int __init tomoyo_initerface_init(void) 122c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{ 123c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa struct dentry *tomoyo_dir; 124c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa 125c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa /* Don't create securityfs entries unless registered. */ 126c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa if (current_cred()->security != &tomoyo_kernel_domain) 127c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa return 0; 128c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa 129c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa tomoyo_dir = securityfs_create_dir("tomoyo", NULL); 130c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa tomoyo_create_entry("query", 0600, tomoyo_dir, 131c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa TOMOYO_QUERY); 132c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa tomoyo_create_entry("domain_policy", 0600, tomoyo_dir, 133c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa TOMOYO_DOMAINPOLICY); 134c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa tomoyo_create_entry("exception_policy", 0600, tomoyo_dir, 135c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa TOMOYO_EXCEPTIONPOLICY); 136eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa tomoyo_create_entry("audit", 0400, tomoyo_dir, 137eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa TOMOYO_AUDIT); 138c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa tomoyo_create_entry("self_domain", 0400, tomoyo_dir, 139c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa TOMOYO_SELFDOMAIN); 140c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa tomoyo_create_entry(".process_status", 0600, tomoyo_dir, 141c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa TOMOYO_PROCESS_STATUS); 142b22b8b9fd90eecfb7133e56b4e113595f09f4492Tetsuo Handa tomoyo_create_entry("stat", 0644, tomoyo_dir, 143b22b8b9fd90eecfb7133e56b4e113595f09f4492Tetsuo Handa TOMOYO_STAT); 144c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa tomoyo_create_entry("profile", 0600, tomoyo_dir, 145c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa TOMOYO_PROFILE); 146c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa tomoyo_create_entry("manager", 0600, tomoyo_dir, 147c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa TOMOYO_MANAGER); 148c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa tomoyo_create_entry("version", 0400, tomoyo_dir, 149c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa TOMOYO_VERSION); 150c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa return 0; 151c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa} 152c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa 153c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handafs_initcall(tomoyo_initerface_init); 154