securityfs_if.c revision eadd99cc85347b4f9eb10122ac90032eb4971b02 
1c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/*
2c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * security/tomoyo/common.c
3c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
4c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Securityfs interface for TOMOYO.
5c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
6c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Copyright (C) 2005-2010  NTT DATA CORPORATION
7c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */
8c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa
9c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa#include <linux/security.h>
10c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa#include "common.h"
11c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa
12c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/**
13c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
14c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
15c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @inode: Pointer to "struct inode".
16c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @file:  Pointer to "struct file".
17c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
18c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns 0 on success, negative value otherwise.
19c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */
20c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic int tomoyo_open(struct inode *inode, struct file *file)
21c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{
22c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	const int key = ((u8 *) file->f_path.dentry->d_inode->i_private)
23c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa		- ((u8 *) NULL);
24c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	return tomoyo_open_control(key, file);
25c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa}
26c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa
27c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/**
28c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
29c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
30c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @inode: Pointer to "struct inode".
31c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @file:  Pointer to "struct file".
32c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
33c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns 0 on success, negative value otherwise.
34c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */
35c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic int tomoyo_release(struct inode *inode, struct file *file)
36c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{
370df7e8b8f1c25c10820bdc679555f2fbfb897ca0Tetsuo Handa	return tomoyo_close_control(file->private_data);
38c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa}
39c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa
40c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/**
41b5bc60b4ce313b6dbb42e7d32915dcf0a07c2a68Tetsuo Handa * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
420849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa *
430849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa * @file: Pointer to "struct file".
440849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa * @wait: Pointer to "poll_table".
450849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa *
460849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa * Returns 0 on success, negative value otherwise.
470849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa */
480849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handastatic unsigned int tomoyo_poll(struct file *file, poll_table *wait)
490849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa{
500849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa	return tomoyo_poll_control(file, wait);
510849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa}
520849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa
530849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa/**
54c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
55c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
56c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @file:  Pointer to "struct file".
57c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @buf:   Pointer to buffer.
58c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @count: Size of @buf.
59c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @ppos:  Unused.
60c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
61c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns bytes read on success, negative value otherwise.
62c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */
63c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
64c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			   loff_t *ppos)
65c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{
660df7e8b8f1c25c10820bdc679555f2fbfb897ca0Tetsuo Handa	return tomoyo_read_control(file->private_data, buf, count);
67c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa}
68c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa
69c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/**
70c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
71c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
72c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @file:  Pointer to "struct file".
73c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @buf:   Pointer to buffer.
74c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @count: Size of @buf.
75c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @ppos:  Unused.
76c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
77c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns @count on success, negative value otherwise.
78c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */
79c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic ssize_t tomoyo_write(struct file *file, const char __user *buf,
80c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			    size_t count, loff_t *ppos)
81c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{
820df7e8b8f1c25c10820bdc679555f2fbfb897ca0Tetsuo Handa	return tomoyo_write_control(file->private_data, buf, count);
83c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa}
84c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa
85c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/*
86c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_operations is a "struct file_operations" which is used for handling
87c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * /sys/kernel/security/tomoyo/ interface.
88c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
89c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
90c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * See tomoyo_io_buffer for internals.
91c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */
92c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic const struct file_operations tomoyo_operations = {
93c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	.open    = tomoyo_open,
94c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	.release = tomoyo_release,
950849e3ba53c3ef603dffa9758a73e07ed186a937Tetsuo Handa	.poll    = tomoyo_poll,
96c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	.read    = tomoyo_read,
97c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	.write   = tomoyo_write,
987e2deb7ce8f662bce877dbfd3b0053e9559c25a3Tetsuo Handa	.llseek  = noop_llseek,
99c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa};
100c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa
101c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/**
102c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
103c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
104c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @name:   The name of the interface file.
105c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @mode:   The permission of the interface file.
106c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @parent: The parent directory.
107c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * @key:    Type of interface.
108c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
109c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns nothing.
110c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */
111c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic void __init tomoyo_create_entry(const char *name, const mode_t mode,
112c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa				       struct dentry *parent, const u8 key)
113c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{
114c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
115c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			       &tomoyo_operations);
116c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa}
117c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa
118c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa/**
119c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
120c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa *
121c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa * Returns 0.
122c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa */
123c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handastatic int __init tomoyo_initerface_init(void)
124c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa{
125c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	struct dentry *tomoyo_dir;
126c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa
127c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	/* Don't create securityfs entries unless registered. */
128c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	if (current_cred()->security != &tomoyo_kernel_domain)
129c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa		return 0;
130c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa
131c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
132c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	tomoyo_create_entry("query",            0600, tomoyo_dir,
133c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			    TOMOYO_QUERY);
134c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	tomoyo_create_entry("domain_policy",    0600, tomoyo_dir,
135c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			    TOMOYO_DOMAINPOLICY);
136c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
137c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			    TOMOYO_EXCEPTIONPOLICY);
138eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa	tomoyo_create_entry("audit",            0400, tomoyo_dir,
139eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa			    TOMOYO_AUDIT);
140c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	tomoyo_create_entry("self_domain",      0400, tomoyo_dir,
141c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			    TOMOYO_SELFDOMAIN);
142c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	tomoyo_create_entry(".domain_status",   0600, tomoyo_dir,
143c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			    TOMOYO_DOMAIN_STATUS);
144c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	tomoyo_create_entry(".process_status",  0600, tomoyo_dir,
145c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			    TOMOYO_PROCESS_STATUS);
146c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	tomoyo_create_entry("meminfo",          0600, tomoyo_dir,
147c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			    TOMOYO_MEMINFO);
148c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	tomoyo_create_entry("profile",          0600, tomoyo_dir,
149c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			    TOMOYO_PROFILE);
150c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	tomoyo_create_entry("manager",          0600, tomoyo_dir,
151c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			    TOMOYO_MANAGER);
152c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	tomoyo_create_entry("version",          0400, tomoyo_dir,
153c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa			    TOMOYO_VERSION);
154c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa	return 0;
155c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa}
156c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handa
157c3ef1500ec833890275172c7d063333404b64d60Tetsuo Handafs_initcall(tomoyo_initerface_init);
158