1 /* 2 * security/tomoyo/common.c 3 * 4 * Common functions for TOMOYO. 5 * 6 * Copyright (C) 2005-2009 NTT DATA CORPORATION 7 * 8 * Version: 2.2.0 2009/04/01 9 * 10 */ 11 12 #include <linux/uaccess.h> 13 #include <linux/security.h> 14 #include <linux/hardirq.h> 15 #include "realpath.h" 16 #include "common.h" 17 #include "tomoyo.h" 18 19 /* Has loading policy done? */ 20 bool tomoyo_policy_loaded; 21 22 /* String table for functionality that takes 4 modes. */ 23 static const char *tomoyo_mode_4[4] = { 24 "disabled", "learning", "permissive", "enforcing" 25 }; 26 /* String table for functionality that takes 2 modes. */ 27 static const char *tomoyo_mode_2[4] = { 28 "disabled", "enabled", "enabled", "enabled" 29 }; 30 31 /* Table for profile. */ 32 static struct { 33 const char *keyword; 34 unsigned int current_value; 35 const unsigned int max_value; 36 } tomoyo_control_array[TOMOYO_MAX_CONTROL_INDEX] = { 37 [TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, 38 [TOMOYO_MAX_ACCEPT_ENTRY] = { "MAX_ACCEPT_ENTRY", 2048, INT_MAX }, 39 [TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 }, 40 }; 41 42 /* Profile table. Memory is allocated as needed. */ 43 static struct tomoyo_profile { 44 unsigned int value[TOMOYO_MAX_CONTROL_INDEX]; 45 const struct tomoyo_path_info *comment; 46 } *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES]; 47 48 /* Permit policy management by non-root user? */ 49 static bool tomoyo_manage_by_non_root; 50 51 /* Utility functions. */ 52 53 /* Open operation for /sys/kernel/security/tomoyo/ interface. */ 54 static int tomoyo_open_control(const u8 type, struct file *file); 55 /* Close /sys/kernel/security/tomoyo/ interface. */ 56 static int tomoyo_close_control(struct file *file); 57 /* Read operation for /sys/kernel/security/tomoyo/ interface. */ 58 static int tomoyo_read_control(struct file *file, char __user *buffer, 59 const int buffer_len); 60 /* Write operation for /sys/kernel/security/tomoyo/ interface. */ 61 static int tomoyo_write_control(struct file *file, const char __user *buffer, 62 const int buffer_len); 63 64 /** 65 * tomoyo_is_byte_range - Check whether the string isa \ooo style octal value. 66 * 67 * @str: Pointer to the string. 68 * 69 * Returns true if @str is a \ooo style octal value, false otherwise. 70 * 71 * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF. 72 * This function verifies that \ooo is in valid range. 73 */ 74 static inline bool tomoyo_is_byte_range(const char *str) 75 { 76 return *str >= '0' && *str++ <= '3' && 77 *str >= '0' && *str++ <= '7' && 78 *str >= '0' && *str <= '7'; 79 } 80 81 /** 82 * tomoyo_is_alphabet_char - Check whether the character is an alphabet. 83 * 84 * @c: The character to check. 85 * 86 * Returns true if @c is an alphabet character, false otherwise. 87 */ 88 static inline bool tomoyo_is_alphabet_char(const char c) 89 { 90 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z'); 91 } 92 93 /** 94 * tomoyo_make_byte - Make byte value from three octal characters. 95 * 96 * @c1: The first character. 97 * @c2: The second character. 98 * @c3: The third character. 99 * 100 * Returns byte value. 101 */ 102 static inline u8 tomoyo_make_byte(const u8 c1, const u8 c2, const u8 c3) 103 { 104 return ((c1 - '0') << 6) + ((c2 - '0') << 3) + (c3 - '0'); 105 } 106 107 /** 108 * tomoyo_str_starts - Check whether the given string starts with the given keyword. 109 * 110 * @src: Pointer to pointer to the string. 111 * @find: Pointer to the keyword. 112 * 113 * Returns true if @src starts with @find, false otherwise. 114 * 115 * The @src is updated to point the first character after the @find 116 * if @src starts with @find. 117 */ 118 static bool tomoyo_str_starts(char **src, const char *find) 119 { 120 const int len = strlen(find); 121 char *tmp = *src; 122 123 if (strncmp(tmp, find, len)) 124 return false; 125 tmp += len; 126 *src = tmp; 127 return true; 128 } 129 130 /** 131 * tomoyo_normalize_line - Format string. 132 * 133 * @buffer: The line to normalize. 134 * 135 * Leading and trailing whitespaces are removed. 136 * Multiple whitespaces are packed into single space. 137 * 138 * Returns nothing. 139 */ 140 static void tomoyo_normalize_line(unsigned char *buffer) 141 { 142 unsigned char *sp = buffer; 143 unsigned char *dp = buffer; 144 bool first = true; 145 146 while (tomoyo_is_invalid(*sp)) 147 sp++; 148 while (*sp) { 149 if (!first) 150 *dp++ = ' '; 151 first = false; 152 while (tomoyo_is_valid(*sp)) 153 *dp++ = *sp++; 154 while (tomoyo_is_invalid(*sp)) 155 sp++; 156 } 157 *dp = '\0'; 158 } 159 160 /** 161 * tomoyo_is_correct_path - Validate a pathname. 162 * @filename: The pathname to check. 163 * @start_type: Should the pathname start with '/'? 164 * 1 = must / -1 = must not / 0 = don't care 165 * @pattern_type: Can the pathname contain a wildcard? 166 * 1 = must / -1 = must not / 0 = don't care 167 * @end_type: Should the pathname end with '/'? 168 * 1 = must / -1 = must not / 0 = don't care 169 * @function: The name of function calling me. 170 * 171 * Check whether the given filename follows the naming rules. 172 * Returns true if @filename follows the naming rules, false otherwise. 173 */ 174 bool tomoyo_is_correct_path(const char *filename, const s8 start_type, 175 const s8 pattern_type, const s8 end_type, 176 const char *function) 177 { 178 bool contains_pattern = false; 179 unsigned char c; 180 unsigned char d; 181 unsigned char e; 182 const char *original_filename = filename; 183 184 if (!filename) 185 goto out; 186 c = *filename; 187 if (start_type == 1) { /* Must start with '/' */ 188 if (c != '/') 189 goto out; 190 } else if (start_type == -1) { /* Must not start with '/' */ 191 if (c == '/') 192 goto out; 193 } 194 if (c) 195 c = *(filename + strlen(filename) - 1); 196 if (end_type == 1) { /* Must end with '/' */ 197 if (c != '/') 198 goto out; 199 } else if (end_type == -1) { /* Must not end with '/' */ 200 if (c == '/') 201 goto out; 202 } 203 while ((c = *filename++) != '\0') { 204 if (c == '\\') { 205 switch ((c = *filename++)) { 206 case '\\': /* "\\" */ 207 continue; 208 case '$': /* "\$" */ 209 case '+': /* "\+" */ 210 case '?': /* "\?" */ 211 case '*': /* "\*" */ 212 case '@': /* "\@" */ 213 case 'x': /* "\x" */ 214 case 'X': /* "\X" */ 215 case 'a': /* "\a" */ 216 case 'A': /* "\A" */ 217 case '-': /* "\-" */ 218 if (pattern_type == -1) 219 break; /* Must not contain pattern */ 220 contains_pattern = true; 221 continue; 222 case '0': /* "\ooo" */ 223 case '1': 224 case '2': 225 case '3': 226 d = *filename++; 227 if (d < '0' || d > '7') 228 break; 229 e = *filename++; 230 if (e < '0' || e > '7') 231 break; 232 c = tomoyo_make_byte(c, d, e); 233 if (tomoyo_is_invalid(c)) 234 continue; /* pattern is not \000 */ 235 } 236 goto out; 237 } else if (tomoyo_is_invalid(c)) { 238 goto out; 239 } 240 } 241 if (pattern_type == 1) { /* Must contain pattern */ 242 if (!contains_pattern) 243 goto out; 244 } 245 return true; 246 out: 247 printk(KERN_DEBUG "%s: Invalid pathname '%s'\n", function, 248 original_filename); 249 return false; 250 } 251 252 /** 253 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules. 254 * @domainname: The domainname to check. 255 * @function: The name of function calling me. 256 * 257 * Returns true if @domainname follows the naming rules, false otherwise. 258 */ 259 bool tomoyo_is_correct_domain(const unsigned char *domainname, 260 const char *function) 261 { 262 unsigned char c; 263 unsigned char d; 264 unsigned char e; 265 const char *org_domainname = domainname; 266 267 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, 268 TOMOYO_ROOT_NAME_LEN)) 269 goto out; 270 domainname += TOMOYO_ROOT_NAME_LEN; 271 if (!*domainname) 272 return true; 273 do { 274 if (*domainname++ != ' ') 275 goto out; 276 if (*domainname++ != '/') 277 goto out; 278 while ((c = *domainname) != '\0' && c != ' ') { 279 domainname++; 280 if (c == '\\') { 281 c = *domainname++; 282 switch ((c)) { 283 case '\\': /* "\\" */ 284 continue; 285 case '0': /* "\ooo" */ 286 case '1': 287 case '2': 288 case '3': 289 d = *domainname++; 290 if (d < '0' || d > '7') 291 break; 292 e = *domainname++; 293 if (e < '0' || e > '7') 294 break; 295 c = tomoyo_make_byte(c, d, e); 296 if (tomoyo_is_invalid(c)) 297 /* pattern is not \000 */ 298 continue; 299 } 300 goto out; 301 } else if (tomoyo_is_invalid(c)) { 302 goto out; 303 } 304 } 305 } while (*domainname); 306 return true; 307 out: 308 printk(KERN_DEBUG "%s: Invalid domainname '%s'\n", function, 309 org_domainname); 310 return false; 311 } 312 313 /** 314 * tomoyo_is_domain_def - Check whether the given token can be a domainname. 315 * 316 * @buffer: The token to check. 317 * 318 * Returns true if @buffer possibly be a domainname, false otherwise. 319 */ 320 bool tomoyo_is_domain_def(const unsigned char *buffer) 321 { 322 return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); 323 } 324 325 /** 326 * tomoyo_find_domain - Find a domain by the given name. 327 * 328 * @domainname: The domainname to find. 329 * 330 * Caller must call down_read(&tomoyo_domain_list_lock); or 331 * down_write(&tomoyo_domain_list_lock); . 332 * 333 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise. 334 */ 335 struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname) 336 { 337 struct tomoyo_domain_info *domain; 338 struct tomoyo_path_info name; 339 340 name.name = domainname; 341 tomoyo_fill_path_info(&name); 342 list_for_each_entry(domain, &tomoyo_domain_list, list) { 343 if (!domain->is_deleted && 344 !tomoyo_pathcmp(&name, domain->domainname)) 345 return domain; 346 } 347 return NULL; 348 } 349 350 /** 351 * tomoyo_path_depth - Evaluate the number of '/' in a string. 352 * 353 * @pathname: The string to evaluate. 354 * 355 * Returns path depth of the string. 356 * 357 * I score 2 for each of the '/' in the @pathname 358 * and score 1 if the @pathname ends with '/'. 359 */ 360 static int tomoyo_path_depth(const char *pathname) 361 { 362 int i = 0; 363 364 if (pathname) { 365 const char *ep = pathname + strlen(pathname); 366 if (pathname < ep--) { 367 if (*ep != '/') 368 i++; 369 while (pathname <= ep) 370 if (*ep-- == '/') 371 i += 2; 372 } 373 } 374 return i; 375 } 376 377 /** 378 * tomoyo_const_part_length - Evaluate the initial length without a pattern in a token. 379 * 380 * @filename: The string to evaluate. 381 * 382 * Returns the initial length without a pattern in @filename. 383 */ 384 static int tomoyo_const_part_length(const char *filename) 385 { 386 char c; 387 int len = 0; 388 389 if (!filename) 390 return 0; 391 while ((c = *filename++) != '\0') { 392 if (c != '\\') { 393 len++; 394 continue; 395 } 396 c = *filename++; 397 switch (c) { 398 case '\\': /* "\\" */ 399 len += 2; 400 continue; 401 case '0': /* "\ooo" */ 402 case '1': 403 case '2': 404 case '3': 405 c = *filename++; 406 if (c < '0' || c > '7') 407 break; 408 c = *filename++; 409 if (c < '0' || c > '7') 410 break; 411 len += 4; 412 continue; 413 } 414 break; 415 } 416 return len; 417 } 418 419 /** 420 * tomoyo_fill_path_info - Fill in "struct tomoyo_path_info" members. 421 * 422 * @ptr: Pointer to "struct tomoyo_path_info" to fill in. 423 * 424 * The caller sets "struct tomoyo_path_info"->name. 425 */ 426 void tomoyo_fill_path_info(struct tomoyo_path_info *ptr) 427 { 428 const char *name = ptr->name; 429 const int len = strlen(name); 430 431 ptr->total_len = len; 432 ptr->const_len = tomoyo_const_part_length(name); 433 ptr->is_dir = len && (name[len - 1] == '/'); 434 ptr->is_patterned = (ptr->const_len < len); 435 ptr->hash = full_name_hash(name, len); 436 ptr->depth = tomoyo_path_depth(name); 437 } 438 439 /** 440 * tomoyo_file_matches_to_pattern2 - Pattern matching without '/' character 441 * and "\-" pattern. 442 * 443 * @filename: The start of string to check. 444 * @filename_end: The end of string to check. 445 * @pattern: The start of pattern to compare. 446 * @pattern_end: The end of pattern to compare. 447 * 448 * Returns true if @filename matches @pattern, false otherwise. 449 */ 450 static bool tomoyo_file_matches_to_pattern2(const char *filename, 451 const char *filename_end, 452 const char *pattern, 453 const char *pattern_end) 454 { 455 while (filename < filename_end && pattern < pattern_end) { 456 char c; 457 if (*pattern != '\\') { 458 if (*filename++ != *pattern++) 459 return false; 460 continue; 461 } 462 c = *filename; 463 pattern++; 464 switch (*pattern) { 465 int i; 466 int j; 467 case '?': 468 if (c == '/') { 469 return false; 470 } else if (c == '\\') { 471 if (filename[1] == '\\') 472 filename++; 473 else if (tomoyo_is_byte_range(filename + 1)) 474 filename += 3; 475 else 476 return false; 477 } 478 break; 479 case '\\': 480 if (c != '\\') 481 return false; 482 if (*++filename != '\\') 483 return false; 484 break; 485 case '+': 486 if (!isdigit(c)) 487 return false; 488 break; 489 case 'x': 490 if (!isxdigit(c)) 491 return false; 492 break; 493 case 'a': 494 if (!tomoyo_is_alphabet_char(c)) 495 return false; 496 break; 497 case '0': 498 case '1': 499 case '2': 500 case '3': 501 if (c == '\\' && tomoyo_is_byte_range(filename + 1) 502 && strncmp(filename + 1, pattern, 3) == 0) { 503 filename += 3; 504 pattern += 2; 505 break; 506 } 507 return false; /* Not matched. */ 508 case '*': 509 case '@': 510 for (i = 0; i <= filename_end - filename; i++) { 511 if (tomoyo_file_matches_to_pattern2( 512 filename + i, filename_end, 513 pattern + 1, pattern_end)) 514 return true; 515 c = filename[i]; 516 if (c == '.' && *pattern == '@') 517 break; 518 if (c != '\\') 519 continue; 520 if (filename[i + 1] == '\\') 521 i++; 522 else if (tomoyo_is_byte_range(filename + i + 1)) 523 i += 3; 524 else 525 break; /* Bad pattern. */ 526 } 527 return false; /* Not matched. */ 528 default: 529 j = 0; 530 c = *pattern; 531 if (c == '$') { 532 while (isdigit(filename[j])) 533 j++; 534 } else if (c == 'X') { 535 while (isxdigit(filename[j])) 536 j++; 537 } else if (c == 'A') { 538 while (tomoyo_is_alphabet_char(filename[j])) 539 j++; 540 } 541 for (i = 1; i <= j; i++) { 542 if (tomoyo_file_matches_to_pattern2( 543 filename + i, filename_end, 544 pattern + 1, pattern_end)) 545 return true; 546 } 547 return false; /* Not matched or bad pattern. */ 548 } 549 filename++; 550 pattern++; 551 } 552 while (*pattern == '\\' && 553 (*(pattern + 1) == '*' || *(pattern + 1) == '@')) 554 pattern += 2; 555 return filename == filename_end && pattern == pattern_end; 556 } 557 558 /** 559 * tomoyo_file_matches_to_pattern - Pattern matching without without '/' character. 560 * 561 * @filename: The start of string to check. 562 * @filename_end: The end of string to check. 563 * @pattern: The start of pattern to compare. 564 * @pattern_end: The end of pattern to compare. 565 * 566 * Returns true if @filename matches @pattern, false otherwise. 567 */ 568 static bool tomoyo_file_matches_to_pattern(const char *filename, 569 const char *filename_end, 570 const char *pattern, 571 const char *pattern_end) 572 { 573 const char *pattern_start = pattern; 574 bool first = true; 575 bool result; 576 577 while (pattern < pattern_end - 1) { 578 /* Split at "\-" pattern. */ 579 if (*pattern++ != '\\' || *pattern++ != '-') 580 continue; 581 result = tomoyo_file_matches_to_pattern2(filename, 582 filename_end, 583 pattern_start, 584 pattern - 2); 585 if (first) 586 result = !result; 587 if (result) 588 return false; 589 first = false; 590 pattern_start = pattern; 591 } 592 result = tomoyo_file_matches_to_pattern2(filename, filename_end, 593 pattern_start, pattern_end); 594 return first ? result : !result; 595 } 596 597 /** 598 * tomoyo_path_matches_pattern - Check whether the given filename matches the given pattern. 599 * @filename: The filename to check. 600 * @pattern: The pattern to compare. 601 * 602 * Returns true if matches, false otherwise. 603 * 604 * The following patterns are available. 605 * \\ \ itself. 606 * \ooo Octal representation of a byte. 607 * \* More than or equals to 0 character other than '/'. 608 * \@ More than or equals to 0 character other than '/' or '.'. 609 * \? 1 byte character other than '/'. 610 * \$ More than or equals to 1 decimal digit. 611 * \+ 1 decimal digit. 612 * \X More than or equals to 1 hexadecimal digit. 613 * \x 1 hexadecimal digit. 614 * \A More than or equals to 1 alphabet character. 615 * \a 1 alphabet character. 616 * \- Subtraction operator. 617 */ 618 bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, 619 const struct tomoyo_path_info *pattern) 620 { 621 /* 622 if (!filename || !pattern) 623 return false; 624 */ 625 const char *f = filename->name; 626 const char *p = pattern->name; 627 const int len = pattern->const_len; 628 629 /* If @pattern doesn't contain pattern, I can use strcmp(). */ 630 if (!pattern->is_patterned) 631 return !tomoyo_pathcmp(filename, pattern); 632 /* Dont compare if the number of '/' differs. */ 633 if (filename->depth != pattern->depth) 634 return false; 635 /* Compare the initial length without patterns. */ 636 if (strncmp(f, p, len)) 637 return false; 638 f += len; 639 p += len; 640 /* Main loop. Compare each directory component. */ 641 while (*f && *p) { 642 const char *f_delimiter = strchr(f, '/'); 643 const char *p_delimiter = strchr(p, '/'); 644 if (!f_delimiter) 645 f_delimiter = f + strlen(f); 646 if (!p_delimiter) 647 p_delimiter = p + strlen(p); 648 if (!tomoyo_file_matches_to_pattern(f, f_delimiter, 649 p, p_delimiter)) 650 return false; 651 f = f_delimiter; 652 if (*f) 653 f++; 654 p = p_delimiter; 655 if (*p) 656 p++; 657 } 658 /* Ignore trailing "\*" and "\@" in @pattern. */ 659 while (*p == '\\' && 660 (*(p + 1) == '*' || *(p + 1) == '@')) 661 p += 2; 662 return !*f && !*p; 663 } 664 665 /** 666 * tomoyo_io_printf - Transactional printf() to "struct tomoyo_io_buffer" structure. 667 * 668 * @head: Pointer to "struct tomoyo_io_buffer". 669 * @fmt: The printf()'s format string, followed by parameters. 670 * 671 * Returns true if output was written, false otherwise. 672 * 673 * The snprintf() will truncate, but tomoyo_io_printf() won't. 674 */ 675 bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 676 { 677 va_list args; 678 int len; 679 int pos = head->read_avail; 680 int size = head->readbuf_size - pos; 681 682 if (size <= 0) 683 return false; 684 va_start(args, fmt); 685 len = vsnprintf(head->read_buf + pos, size, fmt, args); 686 va_end(args); 687 if (pos + len >= head->readbuf_size) 688 return false; 689 head->read_avail += len; 690 return true; 691 } 692 693 /** 694 * tomoyo_get_exe - Get tomoyo_realpath() of current process. 695 * 696 * Returns the tomoyo_realpath() of current process on success, NULL otherwise. 697 * 698 * This function uses tomoyo_alloc(), so the caller must call tomoyo_free() 699 * if this function didn't return NULL. 700 */ 701 static const char *tomoyo_get_exe(void) 702 { 703 struct mm_struct *mm = current->mm; 704 struct vm_area_struct *vma; 705 const char *cp = NULL; 706 707 if (!mm) 708 return NULL; 709 down_read(&mm->mmap_sem); 710 for (vma = mm->mmap; vma; vma = vma->vm_next) { 711 if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) { 712 cp = tomoyo_realpath_from_path(&vma->vm_file->f_path); 713 break; 714 } 715 } 716 up_read(&mm->mmap_sem); 717 return cp; 718 } 719 720 /** 721 * tomoyo_get_msg - Get warning message. 722 * 723 * @is_enforce: Is it enforcing mode? 724 * 725 * Returns "ERROR" or "WARNING". 726 */ 727 const char *tomoyo_get_msg(const bool is_enforce) 728 { 729 if (is_enforce) 730 return "ERROR"; 731 else 732 return "WARNING"; 733 } 734 735 /** 736 * tomoyo_check_flags - Check mode for specified functionality. 737 * 738 * @domain: Pointer to "struct tomoyo_domain_info". 739 * @index: The functionality to check mode. 740 * 741 * TOMOYO checks only process context. 742 * This code disables TOMOYO's enforcement in case the function is called from 743 * interrupt context. 744 */ 745 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, 746 const u8 index) 747 { 748 const u8 profile = domain->profile; 749 750 if (WARN_ON(in_interrupt())) 751 return 0; 752 return tomoyo_policy_loaded && index < TOMOYO_MAX_CONTROL_INDEX 753 #if TOMOYO_MAX_PROFILES != 256 754 && profile < TOMOYO_MAX_PROFILES 755 #endif 756 && tomoyo_profile_ptr[profile] ? 757 tomoyo_profile_ptr[profile]->value[index] : 0; 758 } 759 760 /** 761 * tomoyo_verbose_mode - Check whether TOMOYO is verbose mode. 762 * 763 * @domain: Pointer to "struct tomoyo_domain_info". 764 * 765 * Returns true if domain policy violation warning should be printed to 766 * console. 767 */ 768 bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain) 769 { 770 return tomoyo_check_flags(domain, TOMOYO_VERBOSE) != 0; 771 } 772 773 /** 774 * tomoyo_domain_quota_is_ok - Check for domain's quota. 775 * 776 * @domain: Pointer to "struct tomoyo_domain_info". 777 * 778 * Returns true if the domain is not exceeded quota, false otherwise. 779 */ 780 bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain) 781 { 782 unsigned int count = 0; 783 struct tomoyo_acl_info *ptr; 784 785 if (!domain) 786 return true; 787 down_read(&tomoyo_domain_acl_info_list_lock); 788 list_for_each_entry(ptr, &domain->acl_info_list, list) { 789 if (ptr->type & TOMOYO_ACL_DELETED) 790 continue; 791 switch (tomoyo_acl_type2(ptr)) { 792 struct tomoyo_single_path_acl_record *acl1; 793 struct tomoyo_double_path_acl_record *acl2; 794 u16 perm; 795 case TOMOYO_TYPE_SINGLE_PATH_ACL: 796 acl1 = container_of(ptr, 797 struct tomoyo_single_path_acl_record, 798 head); 799 perm = acl1->perm; 800 if (perm & (1 << TOMOYO_TYPE_EXECUTE_ACL)) 801 count++; 802 if (perm & 803 ((1 << TOMOYO_TYPE_READ_ACL) | 804 (1 << TOMOYO_TYPE_WRITE_ACL))) 805 count++; 806 if (perm & (1 << TOMOYO_TYPE_CREATE_ACL)) 807 count++; 808 if (perm & (1 << TOMOYO_TYPE_UNLINK_ACL)) 809 count++; 810 if (perm & (1 << TOMOYO_TYPE_MKDIR_ACL)) 811 count++; 812 if (perm & (1 << TOMOYO_TYPE_RMDIR_ACL)) 813 count++; 814 if (perm & (1 << TOMOYO_TYPE_MKFIFO_ACL)) 815 count++; 816 if (perm & (1 << TOMOYO_TYPE_MKSOCK_ACL)) 817 count++; 818 if (perm & (1 << TOMOYO_TYPE_MKBLOCK_ACL)) 819 count++; 820 if (perm & (1 << TOMOYO_TYPE_MKCHAR_ACL)) 821 count++; 822 if (perm & (1 << TOMOYO_TYPE_TRUNCATE_ACL)) 823 count++; 824 if (perm & (1 << TOMOYO_TYPE_SYMLINK_ACL)) 825 count++; 826 if (perm & (1 << TOMOYO_TYPE_REWRITE_ACL)) 827 count++; 828 break; 829 case TOMOYO_TYPE_DOUBLE_PATH_ACL: 830 acl2 = container_of(ptr, 831 struct tomoyo_double_path_acl_record, 832 head); 833 perm = acl2->perm; 834 if (perm & (1 << TOMOYO_TYPE_LINK_ACL)) 835 count++; 836 if (perm & (1 << TOMOYO_TYPE_RENAME_ACL)) 837 count++; 838 break; 839 } 840 } 841 up_read(&tomoyo_domain_acl_info_list_lock); 842 if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY)) 843 return true; 844 if (!domain->quota_warned) { 845 domain->quota_warned = true; 846 printk(KERN_WARNING "TOMOYO-WARNING: " 847 "Domain '%s' has so many ACLs to hold. " 848 "Stopped learning mode.\n", domain->domainname->name); 849 } 850 return false; 851 } 852 853 /** 854 * tomoyo_find_or_assign_new_profile - Create a new profile. 855 * 856 * @profile: Profile number to create. 857 * 858 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. 859 */ 860 static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned 861 int profile) 862 { 863 static DEFINE_MUTEX(lock); 864 struct tomoyo_profile *ptr = NULL; 865 int i; 866 867 if (profile >= TOMOYO_MAX_PROFILES) 868 return NULL; 869 /***** EXCLUSIVE SECTION START *****/ 870 mutex_lock(&lock); 871 ptr = tomoyo_profile_ptr[profile]; 872 if (ptr) 873 goto ok; 874 ptr = tomoyo_alloc_element(sizeof(*ptr)); 875 if (!ptr) 876 goto ok; 877 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) 878 ptr->value[i] = tomoyo_control_array[i].current_value; 879 mb(); /* Avoid out-of-order execution. */ 880 tomoyo_profile_ptr[profile] = ptr; 881 ok: 882 mutex_unlock(&lock); 883 /***** EXCLUSIVE SECTION END *****/ 884 return ptr; 885 } 886 887 /** 888 * tomoyo_write_profile - Write to profile table. 889 * 890 * @head: Pointer to "struct tomoyo_io_buffer". 891 * 892 * Returns 0 on success, negative value otherwise. 893 */ 894 static int tomoyo_write_profile(struct tomoyo_io_buffer *head) 895 { 896 char *data = head->write_buf; 897 unsigned int i; 898 unsigned int value; 899 char *cp; 900 struct tomoyo_profile *profile; 901 unsigned long num; 902 903 cp = strchr(data, '-'); 904 if (cp) 905 *cp = '\0'; 906 if (strict_strtoul(data, 10, &num)) 907 return -EINVAL; 908 if (cp) 909 data = cp + 1; 910 profile = tomoyo_find_or_assign_new_profile(num); 911 if (!profile) 912 return -EINVAL; 913 cp = strchr(data, '='); 914 if (!cp) 915 return -EINVAL; 916 *cp = '\0'; 917 if (!strcmp(data, "COMMENT")) { 918 profile->comment = tomoyo_save_name(cp + 1); 919 return 0; 920 } 921 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) { 922 if (strcmp(data, tomoyo_control_array[i].keyword)) 923 continue; 924 if (sscanf(cp + 1, "%u", &value) != 1) { 925 int j; 926 const char **modes; 927 switch (i) { 928 case TOMOYO_VERBOSE: 929 modes = tomoyo_mode_2; 930 break; 931 default: 932 modes = tomoyo_mode_4; 933 break; 934 } 935 for (j = 0; j < 4; j++) { 936 if (strcmp(cp + 1, modes[j])) 937 continue; 938 value = j; 939 break; 940 } 941 if (j == 4) 942 return -EINVAL; 943 } else if (value > tomoyo_control_array[i].max_value) { 944 value = tomoyo_control_array[i].max_value; 945 } 946 profile->value[i] = value; 947 return 0; 948 } 949 return -EINVAL; 950 } 951 952 /** 953 * tomoyo_read_profile - Read from profile table. 954 * 955 * @head: Pointer to "struct tomoyo_io_buffer". 956 * 957 * Returns 0. 958 */ 959 static int tomoyo_read_profile(struct tomoyo_io_buffer *head) 960 { 961 static const int total = TOMOYO_MAX_CONTROL_INDEX + 1; 962 int step; 963 964 if (head->read_eof) 965 return 0; 966 for (step = head->read_step; step < TOMOYO_MAX_PROFILES * total; 967 step++) { 968 const u8 index = step / total; 969 u8 type = step % total; 970 const struct tomoyo_profile *profile 971 = tomoyo_profile_ptr[index]; 972 head->read_step = step; 973 if (!profile) 974 continue; 975 if (!type) { /* Print profile' comment tag. */ 976 if (!tomoyo_io_printf(head, "%u-COMMENT=%s\n", 977 index, profile->comment ? 978 profile->comment->name : "")) 979 break; 980 continue; 981 } 982 type--; 983 if (type < TOMOYO_MAX_CONTROL_INDEX) { 984 const unsigned int value = profile->value[type]; 985 const char **modes = NULL; 986 const char *keyword 987 = tomoyo_control_array[type].keyword; 988 switch (tomoyo_control_array[type].max_value) { 989 case 3: 990 modes = tomoyo_mode_4; 991 break; 992 case 1: 993 modes = tomoyo_mode_2; 994 break; 995 } 996 if (modes) { 997 if (!tomoyo_io_printf(head, "%u-%s=%s\n", index, 998 keyword, modes[value])) 999 break; 1000 } else { 1001 if (!tomoyo_io_printf(head, "%u-%s=%u\n", index, 1002 keyword, value)) 1003 break; 1004 } 1005 } 1006 } 1007 if (step == TOMOYO_MAX_PROFILES * total) 1008 head->read_eof = true; 1009 return 0; 1010 } 1011 1012 /* Structure for policy manager. */ 1013 struct tomoyo_policy_manager_entry { 1014 struct list_head list; 1015 /* A path to program or a domainname. */ 1016 const struct tomoyo_path_info *manager; 1017 bool is_domain; /* True if manager is a domainname. */ 1018 bool is_deleted; /* True if this entry is deleted. */ 1019 }; 1020 1021 /* The list for "struct tomoyo_policy_manager_entry". */ 1022 static LIST_HEAD(tomoyo_policy_manager_list); 1023 static DECLARE_RWSEM(tomoyo_policy_manager_list_lock); 1024 1025 /** 1026 * tomoyo_update_manager_entry - Add a manager entry. 1027 * 1028 * @manager: The path to manager or the domainnamme. 1029 * @is_delete: True if it is a delete request. 1030 * 1031 * Returns 0 on success, negative value otherwise. 1032 */ 1033 static int tomoyo_update_manager_entry(const char *manager, 1034 const bool is_delete) 1035 { 1036 struct tomoyo_policy_manager_entry *new_entry; 1037 struct tomoyo_policy_manager_entry *ptr; 1038 const struct tomoyo_path_info *saved_manager; 1039 int error = -ENOMEM; 1040 bool is_domain = false; 1041 1042 if (tomoyo_is_domain_def(manager)) { 1043 if (!tomoyo_is_correct_domain(manager, __func__)) 1044 return -EINVAL; 1045 is_domain = true; 1046 } else { 1047 if (!tomoyo_is_correct_path(manager, 1, -1, -1, __func__)) 1048 return -EINVAL; 1049 } 1050 saved_manager = tomoyo_save_name(manager); 1051 if (!saved_manager) 1052 return -ENOMEM; 1053 /***** EXCLUSIVE SECTION START *****/ 1054 down_write(&tomoyo_policy_manager_list_lock); 1055 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) { 1056 if (ptr->manager != saved_manager) 1057 continue; 1058 ptr->is_deleted = is_delete; 1059 error = 0; 1060 goto out; 1061 } 1062 if (is_delete) { 1063 error = -ENOENT; 1064 goto out; 1065 } 1066 new_entry = tomoyo_alloc_element(sizeof(*new_entry)); 1067 if (!new_entry) 1068 goto out; 1069 new_entry->manager = saved_manager; 1070 new_entry->is_domain = is_domain; 1071 list_add_tail(&new_entry->list, &tomoyo_policy_manager_list); 1072 error = 0; 1073 out: 1074 up_write(&tomoyo_policy_manager_list_lock); 1075 /***** EXCLUSIVE SECTION END *****/ 1076 return error; 1077 } 1078 1079 /** 1080 * tomoyo_write_manager_policy - Write manager policy. 1081 * 1082 * @head: Pointer to "struct tomoyo_io_buffer". 1083 * 1084 * Returns 0 on success, negative value otherwise. 1085 */ 1086 static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) 1087 { 1088 char *data = head->write_buf; 1089 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1090 1091 if (!strcmp(data, "manage_by_non_root")) { 1092 tomoyo_manage_by_non_root = !is_delete; 1093 return 0; 1094 } 1095 return tomoyo_update_manager_entry(data, is_delete); 1096 } 1097 1098 /** 1099 * tomoyo_read_manager_policy - Read manager policy. 1100 * 1101 * @head: Pointer to "struct tomoyo_io_buffer". 1102 * 1103 * Returns 0. 1104 */ 1105 static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) 1106 { 1107 struct list_head *pos; 1108 bool done = true; 1109 1110 if (head->read_eof) 1111 return 0; 1112 down_read(&tomoyo_policy_manager_list_lock); 1113 list_for_each_cookie(pos, head->read_var2, 1114 &tomoyo_policy_manager_list) { 1115 struct tomoyo_policy_manager_entry *ptr; 1116 ptr = list_entry(pos, struct tomoyo_policy_manager_entry, 1117 list); 1118 if (ptr->is_deleted) 1119 continue; 1120 if (!tomoyo_io_printf(head, "%s\n", ptr->manager->name)) { 1121 done = false; 1122 break; 1123 } 1124 } 1125 up_read(&tomoyo_policy_manager_list_lock); 1126 head->read_eof = done; 1127 return 0; 1128 } 1129 1130 /** 1131 * tomoyo_is_policy_manager - Check whether the current process is a policy manager. 1132 * 1133 * Returns true if the current process is permitted to modify policy 1134 * via /sys/kernel/security/tomoyo/ interface. 1135 */ 1136 static bool tomoyo_is_policy_manager(void) 1137 { 1138 struct tomoyo_policy_manager_entry *ptr; 1139 const char *exe; 1140 const struct task_struct *task = current; 1141 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 1142 bool found = false; 1143 1144 if (!tomoyo_policy_loaded) 1145 return true; 1146 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 1147 return false; 1148 down_read(&tomoyo_policy_manager_list_lock); 1149 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) { 1150 if (!ptr->is_deleted && ptr->is_domain 1151 && !tomoyo_pathcmp(domainname, ptr->manager)) { 1152 found = true; 1153 break; 1154 } 1155 } 1156 up_read(&tomoyo_policy_manager_list_lock); 1157 if (found) 1158 return true; 1159 exe = tomoyo_get_exe(); 1160 if (!exe) 1161 return false; 1162 down_read(&tomoyo_policy_manager_list_lock); 1163 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) { 1164 if (!ptr->is_deleted && !ptr->is_domain 1165 && !strcmp(exe, ptr->manager->name)) { 1166 found = true; 1167 break; 1168 } 1169 } 1170 up_read(&tomoyo_policy_manager_list_lock); 1171 if (!found) { /* Reduce error messages. */ 1172 static pid_t last_pid; 1173 const pid_t pid = current->pid; 1174 if (last_pid != pid) { 1175 printk(KERN_WARNING "%s ( %s ) is not permitted to " 1176 "update policies.\n", domainname->name, exe); 1177 last_pid = pid; 1178 } 1179 } 1180 tomoyo_free(exe); 1181 return found; 1182 } 1183 1184 /** 1185 * tomoyo_is_select_one - Parse select command. 1186 * 1187 * @head: Pointer to "struct tomoyo_io_buffer". 1188 * @data: String to parse. 1189 * 1190 * Returns true on success, false otherwise. 1191 */ 1192 static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head, 1193 const char *data) 1194 { 1195 unsigned int pid; 1196 struct tomoyo_domain_info *domain = NULL; 1197 1198 if (sscanf(data, "pid=%u", &pid) == 1) { 1199 struct task_struct *p; 1200 /***** CRITICAL SECTION START *****/ 1201 read_lock(&tasklist_lock); 1202 p = find_task_by_vpid(pid); 1203 if (p) 1204 domain = tomoyo_real_domain(p); 1205 read_unlock(&tasklist_lock); 1206 /***** CRITICAL SECTION END *****/ 1207 } else if (!strncmp(data, "domain=", 7)) { 1208 if (tomoyo_is_domain_def(data + 7)) { 1209 down_read(&tomoyo_domain_list_lock); 1210 domain = tomoyo_find_domain(data + 7); 1211 up_read(&tomoyo_domain_list_lock); 1212 } 1213 } else 1214 return false; 1215 head->write_var1 = domain; 1216 /* Accessing read_buf is safe because head->io_sem is held. */ 1217 if (!head->read_buf) 1218 return true; /* Do nothing if open(O_WRONLY). */ 1219 head->read_avail = 0; 1220 tomoyo_io_printf(head, "# select %s\n", data); 1221 head->read_single_domain = true; 1222 head->read_eof = !domain; 1223 if (domain) { 1224 struct tomoyo_domain_info *d; 1225 head->read_var1 = NULL; 1226 down_read(&tomoyo_domain_list_lock); 1227 list_for_each_entry(d, &tomoyo_domain_list, list) { 1228 if (d == domain) 1229 break; 1230 head->read_var1 = &d->list; 1231 } 1232 up_read(&tomoyo_domain_list_lock); 1233 head->read_var2 = NULL; 1234 head->read_bit = 0; 1235 head->read_step = 0; 1236 if (domain->is_deleted) 1237 tomoyo_io_printf(head, "# This is a deleted domain.\n"); 1238 } 1239 return true; 1240 } 1241 1242 /** 1243 * tomoyo_write_domain_policy - Write domain policy. 1244 * 1245 * @head: Pointer to "struct tomoyo_io_buffer". 1246 * 1247 * Returns 0 on success, negative value otherwise. 1248 */ 1249 static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) 1250 { 1251 char *data = head->write_buf; 1252 struct tomoyo_domain_info *domain = head->write_var1; 1253 bool is_delete = false; 1254 bool is_select = false; 1255 unsigned int profile; 1256 1257 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE)) 1258 is_delete = true; 1259 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT)) 1260 is_select = true; 1261 if (is_select && tomoyo_is_select_one(head, data)) 1262 return 0; 1263 /* Don't allow updating policies by non manager programs. */ 1264 if (!tomoyo_is_policy_manager()) 1265 return -EPERM; 1266 if (tomoyo_is_domain_def(data)) { 1267 domain = NULL; 1268 if (is_delete) 1269 tomoyo_delete_domain(data); 1270 else if (is_select) { 1271 down_read(&tomoyo_domain_list_lock); 1272 domain = tomoyo_find_domain(data); 1273 up_read(&tomoyo_domain_list_lock); 1274 } else 1275 domain = tomoyo_find_or_assign_new_domain(data, 0); 1276 head->write_var1 = domain; 1277 return 0; 1278 } 1279 if (!domain) 1280 return -EINVAL; 1281 1282 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1 1283 && profile < TOMOYO_MAX_PROFILES) { 1284 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) 1285 domain->profile = (u8) profile; 1286 return 0; 1287 } 1288 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) { 1289 tomoyo_set_domain_flag(domain, is_delete, 1290 TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ); 1291 return 0; 1292 } 1293 return tomoyo_write_file_policy(data, domain, is_delete); 1294 } 1295 1296 /** 1297 * tomoyo_print_single_path_acl - Print a single path ACL entry. 1298 * 1299 * @head: Pointer to "struct tomoyo_io_buffer". 1300 * @ptr: Pointer to "struct tomoyo_single_path_acl_record". 1301 * 1302 * Returns true on success, false otherwise. 1303 */ 1304 static bool tomoyo_print_single_path_acl(struct tomoyo_io_buffer *head, 1305 struct tomoyo_single_path_acl_record * 1306 ptr) 1307 { 1308 int pos; 1309 u8 bit; 1310 const char *atmark = ""; 1311 const char *filename; 1312 const u16 perm = ptr->perm; 1313 1314 filename = ptr->filename->name; 1315 for (bit = head->read_bit; bit < TOMOYO_MAX_SINGLE_PATH_OPERATION; 1316 bit++) { 1317 const char *msg; 1318 if (!(perm & (1 << bit))) 1319 continue; 1320 /* Print "read/write" instead of "read" and "write". */ 1321 if ((bit == TOMOYO_TYPE_READ_ACL || 1322 bit == TOMOYO_TYPE_WRITE_ACL) 1323 && (perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL))) 1324 continue; 1325 msg = tomoyo_sp2keyword(bit); 1326 pos = head->read_avail; 1327 if (!tomoyo_io_printf(head, "allow_%s %s%s\n", msg, 1328 atmark, filename)) 1329 goto out; 1330 } 1331 head->read_bit = 0; 1332 return true; 1333 out: 1334 head->read_bit = bit; 1335 head->read_avail = pos; 1336 return false; 1337 } 1338 1339 /** 1340 * tomoyo_print_double_path_acl - Print a double path ACL entry. 1341 * 1342 * @head: Pointer to "struct tomoyo_io_buffer". 1343 * @ptr: Pointer to "struct tomoyo_double_path_acl_record". 1344 * 1345 * Returns true on success, false otherwise. 1346 */ 1347 static bool tomoyo_print_double_path_acl(struct tomoyo_io_buffer *head, 1348 struct tomoyo_double_path_acl_record * 1349 ptr) 1350 { 1351 int pos; 1352 const char *atmark1 = ""; 1353 const char *atmark2 = ""; 1354 const char *filename1; 1355 const char *filename2; 1356 const u8 perm = ptr->perm; 1357 u8 bit; 1358 1359 filename1 = ptr->filename1->name; 1360 filename2 = ptr->filename2->name; 1361 for (bit = head->read_bit; bit < TOMOYO_MAX_DOUBLE_PATH_OPERATION; 1362 bit++) { 1363 const char *msg; 1364 if (!(perm & (1 << bit))) 1365 continue; 1366 msg = tomoyo_dp2keyword(bit); 1367 pos = head->read_avail; 1368 if (!tomoyo_io_printf(head, "allow_%s %s%s %s%s\n", msg, 1369 atmark1, filename1, atmark2, filename2)) 1370 goto out; 1371 } 1372 head->read_bit = 0; 1373 return true; 1374 out: 1375 head->read_bit = bit; 1376 head->read_avail = pos; 1377 return false; 1378 } 1379 1380 /** 1381 * tomoyo_print_entry - Print an ACL entry. 1382 * 1383 * @head: Pointer to "struct tomoyo_io_buffer". 1384 * @ptr: Pointer to an ACL entry. 1385 * 1386 * Returns true on success, false otherwise. 1387 */ 1388 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, 1389 struct tomoyo_acl_info *ptr) 1390 { 1391 const u8 acl_type = tomoyo_acl_type2(ptr); 1392 1393 if (acl_type & TOMOYO_ACL_DELETED) 1394 return true; 1395 if (acl_type == TOMOYO_TYPE_SINGLE_PATH_ACL) { 1396 struct tomoyo_single_path_acl_record *acl 1397 = container_of(ptr, 1398 struct tomoyo_single_path_acl_record, 1399 head); 1400 return tomoyo_print_single_path_acl(head, acl); 1401 } 1402 if (acl_type == TOMOYO_TYPE_DOUBLE_PATH_ACL) { 1403 struct tomoyo_double_path_acl_record *acl 1404 = container_of(ptr, 1405 struct tomoyo_double_path_acl_record, 1406 head); 1407 return tomoyo_print_double_path_acl(head, acl); 1408 } 1409 BUG(); /* This must not happen. */ 1410 return false; 1411 } 1412 1413 /** 1414 * tomoyo_read_domain_policy - Read domain policy. 1415 * 1416 * @head: Pointer to "struct tomoyo_io_buffer". 1417 * 1418 * Returns 0. 1419 */ 1420 static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head) 1421 { 1422 struct list_head *dpos; 1423 struct list_head *apos; 1424 bool done = true; 1425 1426 if (head->read_eof) 1427 return 0; 1428 if (head->read_step == 0) 1429 head->read_step = 1; 1430 down_read(&tomoyo_domain_list_lock); 1431 list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) { 1432 struct tomoyo_domain_info *domain; 1433 const char *quota_exceeded = ""; 1434 const char *transition_failed = ""; 1435 const char *ignore_global_allow_read = ""; 1436 domain = list_entry(dpos, struct tomoyo_domain_info, list); 1437 if (head->read_step != 1) 1438 goto acl_loop; 1439 if (domain->is_deleted && !head->read_single_domain) 1440 continue; 1441 /* Print domainname and flags. */ 1442 if (domain->quota_warned) 1443 quota_exceeded = "quota_exceeded\n"; 1444 if (domain->flags & TOMOYO_DOMAIN_FLAGS_TRANSITION_FAILED) 1445 transition_failed = "transition_failed\n"; 1446 if (domain->flags & 1447 TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ) 1448 ignore_global_allow_read 1449 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n"; 1450 if (!tomoyo_io_printf(head, 1451 "%s\n" TOMOYO_KEYWORD_USE_PROFILE "%u\n" 1452 "%s%s%s\n", domain->domainname->name, 1453 domain->profile, quota_exceeded, 1454 transition_failed, 1455 ignore_global_allow_read)) { 1456 done = false; 1457 break; 1458 } 1459 head->read_step = 2; 1460 acl_loop: 1461 if (head->read_step == 3) 1462 goto tail_mark; 1463 /* Print ACL entries in the domain. */ 1464 down_read(&tomoyo_domain_acl_info_list_lock); 1465 list_for_each_cookie(apos, head->read_var2, 1466 &domain->acl_info_list) { 1467 struct tomoyo_acl_info *ptr 1468 = list_entry(apos, struct tomoyo_acl_info, 1469 list); 1470 if (!tomoyo_print_entry(head, ptr)) { 1471 done = false; 1472 break; 1473 } 1474 } 1475 up_read(&tomoyo_domain_acl_info_list_lock); 1476 if (!done) 1477 break; 1478 head->read_step = 3; 1479 tail_mark: 1480 if (!tomoyo_io_printf(head, "\n")) { 1481 done = false; 1482 break; 1483 } 1484 head->read_step = 1; 1485 if (head->read_single_domain) 1486 break; 1487 } 1488 up_read(&tomoyo_domain_list_lock); 1489 head->read_eof = done; 1490 return 0; 1491 } 1492 1493 /** 1494 * tomoyo_write_domain_profile - Assign profile for specified domain. 1495 * 1496 * @head: Pointer to "struct tomoyo_io_buffer". 1497 * 1498 * Returns 0 on success, -EINVAL otherwise. 1499 * 1500 * This is equivalent to doing 1501 * 1502 * ( echo "select " $domainname; echo "use_profile " $profile ) | 1503 * /usr/lib/ccs/loadpolicy -d 1504 */ 1505 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) 1506 { 1507 char *data = head->write_buf; 1508 char *cp = strchr(data, ' '); 1509 struct tomoyo_domain_info *domain; 1510 unsigned long profile; 1511 1512 if (!cp) 1513 return -EINVAL; 1514 *cp = '\0'; 1515 down_read(&tomoyo_domain_list_lock); 1516 domain = tomoyo_find_domain(cp + 1); 1517 up_read(&tomoyo_domain_list_lock); 1518 if (strict_strtoul(data, 10, &profile)) 1519 return -EINVAL; 1520 if (domain && profile < TOMOYO_MAX_PROFILES 1521 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)) 1522 domain->profile = (u8) profile; 1523 return 0; 1524 } 1525 1526 /** 1527 * tomoyo_read_domain_profile - Read only domainname and profile. 1528 * 1529 * @head: Pointer to "struct tomoyo_io_buffer". 1530 * 1531 * Returns list of profile number and domainname pairs. 1532 * 1533 * This is equivalent to doing 1534 * 1535 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy | 1536 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" ) 1537 * domainname = $0; } else if ( $1 == "use_profile" ) { 1538 * print $2 " " domainname; domainname = ""; } } ; ' 1539 */ 1540 static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head) 1541 { 1542 struct list_head *pos; 1543 bool done = true; 1544 1545 if (head->read_eof) 1546 return 0; 1547 down_read(&tomoyo_domain_list_lock); 1548 list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) { 1549 struct tomoyo_domain_info *domain; 1550 domain = list_entry(pos, struct tomoyo_domain_info, list); 1551 if (domain->is_deleted) 1552 continue; 1553 if (!tomoyo_io_printf(head, "%u %s\n", domain->profile, 1554 domain->domainname->name)) { 1555 done = false; 1556 break; 1557 } 1558 } 1559 up_read(&tomoyo_domain_list_lock); 1560 head->read_eof = done; 1561 return 0; 1562 } 1563 1564 /** 1565 * tomoyo_write_pid: Specify PID to obtain domainname. 1566 * 1567 * @head: Pointer to "struct tomoyo_io_buffer". 1568 * 1569 * Returns 0. 1570 */ 1571 static int tomoyo_write_pid(struct tomoyo_io_buffer *head) 1572 { 1573 unsigned long pid; 1574 /* No error check. */ 1575 strict_strtoul(head->write_buf, 10, &pid); 1576 head->read_step = (int) pid; 1577 head->read_eof = false; 1578 return 0; 1579 } 1580 1581 /** 1582 * tomoyo_read_pid - Get domainname of the specified PID. 1583 * 1584 * @head: Pointer to "struct tomoyo_io_buffer". 1585 * 1586 * Returns the domainname which the specified PID is in on success, 1587 * empty string otherwise. 1588 * The PID is specified by tomoyo_write_pid() so that the user can obtain 1589 * using read()/write() interface rather than sysctl() interface. 1590 */ 1591 static int tomoyo_read_pid(struct tomoyo_io_buffer *head) 1592 { 1593 if (head->read_avail == 0 && !head->read_eof) { 1594 const int pid = head->read_step; 1595 struct task_struct *p; 1596 struct tomoyo_domain_info *domain = NULL; 1597 /***** CRITICAL SECTION START *****/ 1598 read_lock(&tasklist_lock); 1599 p = find_task_by_vpid(pid); 1600 if (p) 1601 domain = tomoyo_real_domain(p); 1602 read_unlock(&tasklist_lock); 1603 /***** CRITICAL SECTION END *****/ 1604 if (domain) 1605 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile, 1606 domain->domainname->name); 1607 head->read_eof = true; 1608 } 1609 return 0; 1610 } 1611 1612 /** 1613 * tomoyo_write_exception_policy - Write exception policy. 1614 * 1615 * @head: Pointer to "struct tomoyo_io_buffer". 1616 * 1617 * Returns 0 on success, negative value otherwise. 1618 */ 1619 static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head) 1620 { 1621 char *data = head->write_buf; 1622 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1623 1624 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_KEEP_DOMAIN)) 1625 return tomoyo_write_domain_keeper_policy(data, false, 1626 is_delete); 1627 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_KEEP_DOMAIN)) 1628 return tomoyo_write_domain_keeper_policy(data, true, is_delete); 1629 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_INITIALIZE_DOMAIN)) 1630 return tomoyo_write_domain_initializer_policy(data, false, 1631 is_delete); 1632 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN)) 1633 return tomoyo_write_domain_initializer_policy(data, true, 1634 is_delete); 1635 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS)) 1636 return tomoyo_write_alias_policy(data, is_delete); 1637 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ)) 1638 return tomoyo_write_globally_readable_policy(data, is_delete); 1639 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN)) 1640 return tomoyo_write_pattern_policy(data, is_delete); 1641 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE)) 1642 return tomoyo_write_no_rewrite_policy(data, is_delete); 1643 return -EINVAL; 1644 } 1645 1646 /** 1647 * tomoyo_read_exception_policy - Read exception policy. 1648 * 1649 * @head: Pointer to "struct tomoyo_io_buffer". 1650 * 1651 * Returns 0 on success, -EINVAL otherwise. 1652 */ 1653 static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head) 1654 { 1655 if (!head->read_eof) { 1656 switch (head->read_step) { 1657 case 0: 1658 head->read_var2 = NULL; 1659 head->read_step = 1; 1660 case 1: 1661 if (!tomoyo_read_domain_keeper_policy(head)) 1662 break; 1663 head->read_var2 = NULL; 1664 head->read_step = 2; 1665 case 2: 1666 if (!tomoyo_read_globally_readable_policy(head)) 1667 break; 1668 head->read_var2 = NULL; 1669 head->read_step = 3; 1670 case 3: 1671 head->read_var2 = NULL; 1672 head->read_step = 4; 1673 case 4: 1674 if (!tomoyo_read_domain_initializer_policy(head)) 1675 break; 1676 head->read_var2 = NULL; 1677 head->read_step = 5; 1678 case 5: 1679 if (!tomoyo_read_alias_policy(head)) 1680 break; 1681 head->read_var2 = NULL; 1682 head->read_step = 6; 1683 case 6: 1684 head->read_var2 = NULL; 1685 head->read_step = 7; 1686 case 7: 1687 if (!tomoyo_read_file_pattern(head)) 1688 break; 1689 head->read_var2 = NULL; 1690 head->read_step = 8; 1691 case 8: 1692 if (!tomoyo_read_no_rewrite_policy(head)) 1693 break; 1694 head->read_var2 = NULL; 1695 head->read_step = 9; 1696 case 9: 1697 head->read_eof = true; 1698 break; 1699 default: 1700 return -EINVAL; 1701 } 1702 } 1703 return 0; 1704 } 1705 1706 /* path to policy loader */ 1707 static const char *tomoyo_loader = "/sbin/tomoyo-init"; 1708 1709 /** 1710 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists. 1711 * 1712 * Returns true if /sbin/tomoyo-init exists, false otherwise. 1713 */ 1714 static bool tomoyo_policy_loader_exists(void) 1715 { 1716 /* 1717 * Don't activate MAC if the policy loader doesn't exist. 1718 * If the initrd includes /sbin/init but real-root-dev has not 1719 * mounted on / yet, activating MAC will block the system since 1720 * policies are not loaded yet. 1721 * Thus, let do_execve() call this function everytime. 1722 */ 1723 struct nameidata nd; 1724 1725 if (path_lookup(tomoyo_loader, LOOKUP_FOLLOW, &nd)) { 1726 printk(KERN_INFO "Not activating Mandatory Access Control now " 1727 "since %s doesn't exist.\n", tomoyo_loader); 1728 return false; 1729 } 1730 path_put(&nd.path); 1731 return true; 1732 } 1733 1734 /** 1735 * tomoyo_load_policy - Run external policy loader to load policy. 1736 * 1737 * @filename: The program about to start. 1738 * 1739 * This function checks whether @filename is /sbin/init , and if so 1740 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init 1741 * and then continues invocation of /sbin/init. 1742 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and 1743 * writes to /sys/kernel/security/tomoyo/ interfaces. 1744 * 1745 * Returns nothing. 1746 */ 1747 void tomoyo_load_policy(const char *filename) 1748 { 1749 char *argv[2]; 1750 char *envp[3]; 1751 1752 if (tomoyo_policy_loaded) 1753 return; 1754 /* 1755 * Check filename is /sbin/init or /sbin/tomoyo-start. 1756 * /sbin/tomoyo-start is a dummy filename in case where /sbin/init can't 1757 * be passed. 1758 * You can create /sbin/tomoyo-start by 1759 * "ln -s /bin/true /sbin/tomoyo-start". 1760 */ 1761 if (strcmp(filename, "/sbin/init") && 1762 strcmp(filename, "/sbin/tomoyo-start")) 1763 return; 1764 if (!tomoyo_policy_loader_exists()) 1765 return; 1766 1767 printk(KERN_INFO "Calling %s to load policy. Please wait.\n", 1768 tomoyo_loader); 1769 argv[0] = (char *) tomoyo_loader; 1770 argv[1] = NULL; 1771 envp[0] = "HOME=/"; 1772 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; 1773 envp[2] = NULL; 1774 call_usermodehelper(argv[0], argv, envp, 1); 1775 1776 printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n"); 1777 printk(KERN_INFO "Mandatory Access Control activated.\n"); 1778 tomoyo_policy_loaded = true; 1779 { /* Check all profiles currently assigned to domains are defined. */ 1780 struct tomoyo_domain_info *domain; 1781 down_read(&tomoyo_domain_list_lock); 1782 list_for_each_entry(domain, &tomoyo_domain_list, list) { 1783 const u8 profile = domain->profile; 1784 if (tomoyo_profile_ptr[profile]) 1785 continue; 1786 panic("Profile %u (used by '%s') not defined.\n", 1787 profile, domain->domainname->name); 1788 } 1789 up_read(&tomoyo_domain_list_lock); 1790 } 1791 } 1792 1793 /** 1794 * tomoyo_read_version: Get version. 1795 * 1796 * @head: Pointer to "struct tomoyo_io_buffer". 1797 * 1798 * Returns version information. 1799 */ 1800 static int tomoyo_read_version(struct tomoyo_io_buffer *head) 1801 { 1802 if (!head->read_eof) { 1803 tomoyo_io_printf(head, "2.2.0"); 1804 head->read_eof = true; 1805 } 1806 return 0; 1807 } 1808 1809 /** 1810 * tomoyo_read_self_domain - Get the current process's domainname. 1811 * 1812 * @head: Pointer to "struct tomoyo_io_buffer". 1813 * 1814 * Returns the current process's domainname. 1815 */ 1816 static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head) 1817 { 1818 if (!head->read_eof) { 1819 /* 1820 * tomoyo_domain()->domainname != NULL 1821 * because every process belongs to a domain and 1822 * the domain's name cannot be NULL. 1823 */ 1824 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name); 1825 head->read_eof = true; 1826 } 1827 return 0; 1828 } 1829 1830 /** 1831 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface. 1832 * 1833 * @type: Type of interface. 1834 * @file: Pointer to "struct file". 1835 * 1836 * Associates policy handler and returns 0 on success, -ENOMEM otherwise. 1837 */ 1838 static int tomoyo_open_control(const u8 type, struct file *file) 1839 { 1840 struct tomoyo_io_buffer *head = tomoyo_alloc(sizeof(*head)); 1841 1842 if (!head) 1843 return -ENOMEM; 1844 mutex_init(&head->io_sem); 1845 switch (type) { 1846 case TOMOYO_DOMAINPOLICY: 1847 /* /sys/kernel/security/tomoyo/domain_policy */ 1848 head->write = tomoyo_write_domain_policy; 1849 head->read = tomoyo_read_domain_policy; 1850 break; 1851 case TOMOYO_EXCEPTIONPOLICY: 1852 /* /sys/kernel/security/tomoyo/exception_policy */ 1853 head->write = tomoyo_write_exception_policy; 1854 head->read = tomoyo_read_exception_policy; 1855 break; 1856 case TOMOYO_SELFDOMAIN: 1857 /* /sys/kernel/security/tomoyo/self_domain */ 1858 head->read = tomoyo_read_self_domain; 1859 break; 1860 case TOMOYO_DOMAIN_STATUS: 1861 /* /sys/kernel/security/tomoyo/.domain_status */ 1862 head->write = tomoyo_write_domain_profile; 1863 head->read = tomoyo_read_domain_profile; 1864 break; 1865 case TOMOYO_PROCESS_STATUS: 1866 /* /sys/kernel/security/tomoyo/.process_status */ 1867 head->write = tomoyo_write_pid; 1868 head->read = tomoyo_read_pid; 1869 break; 1870 case TOMOYO_VERSION: 1871 /* /sys/kernel/security/tomoyo/version */ 1872 head->read = tomoyo_read_version; 1873 head->readbuf_size = 128; 1874 break; 1875 case TOMOYO_MEMINFO: 1876 /* /sys/kernel/security/tomoyo/meminfo */ 1877 head->write = tomoyo_write_memory_quota; 1878 head->read = tomoyo_read_memory_counter; 1879 head->readbuf_size = 512; 1880 break; 1881 case TOMOYO_PROFILE: 1882 /* /sys/kernel/security/tomoyo/profile */ 1883 head->write = tomoyo_write_profile; 1884 head->read = tomoyo_read_profile; 1885 break; 1886 case TOMOYO_MANAGER: 1887 /* /sys/kernel/security/tomoyo/manager */ 1888 head->write = tomoyo_write_manager_policy; 1889 head->read = tomoyo_read_manager_policy; 1890 break; 1891 } 1892 if (!(file->f_mode & FMODE_READ)) { 1893 /* 1894 * No need to allocate read_buf since it is not opened 1895 * for reading. 1896 */ 1897 head->read = NULL; 1898 } else { 1899 if (!head->readbuf_size) 1900 head->readbuf_size = 4096 * 2; 1901 head->read_buf = tomoyo_alloc(head->readbuf_size); 1902 if (!head->read_buf) { 1903 tomoyo_free(head); 1904 return -ENOMEM; 1905 } 1906 } 1907 if (!(file->f_mode & FMODE_WRITE)) { 1908 /* 1909 * No need to allocate write_buf since it is not opened 1910 * for writing. 1911 */ 1912 head->write = NULL; 1913 } else if (head->write) { 1914 head->writebuf_size = 4096 * 2; 1915 head->write_buf = tomoyo_alloc(head->writebuf_size); 1916 if (!head->write_buf) { 1917 tomoyo_free(head->read_buf); 1918 tomoyo_free(head); 1919 return -ENOMEM; 1920 } 1921 } 1922 file->private_data = head; 1923 /* 1924 * Call the handler now if the file is 1925 * /sys/kernel/security/tomoyo/self_domain 1926 * so that the user can use 1927 * cat < /sys/kernel/security/tomoyo/self_domain" 1928 * to know the current process's domainname. 1929 */ 1930 if (type == TOMOYO_SELFDOMAIN) 1931 tomoyo_read_control(file, NULL, 0); 1932 return 0; 1933 } 1934 1935 /** 1936 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 1937 * 1938 * @file: Pointer to "struct file". 1939 * @buffer: Poiner to buffer to write to. 1940 * @buffer_len: Size of @buffer. 1941 * 1942 * Returns bytes read on success, negative value otherwise. 1943 */ 1944 static int tomoyo_read_control(struct file *file, char __user *buffer, 1945 const int buffer_len) 1946 { 1947 int len = 0; 1948 struct tomoyo_io_buffer *head = file->private_data; 1949 char *cp; 1950 1951 if (!head->read) 1952 return -ENOSYS; 1953 if (mutex_lock_interruptible(&head->io_sem)) 1954 return -EINTR; 1955 /* Call the policy handler. */ 1956 len = head->read(head); 1957 if (len < 0) 1958 goto out; 1959 /* Write to buffer. */ 1960 len = head->read_avail; 1961 if (len > buffer_len) 1962 len = buffer_len; 1963 if (!len) 1964 goto out; 1965 /* head->read_buf changes by some functions. */ 1966 cp = head->read_buf; 1967 if (copy_to_user(buffer, cp, len)) { 1968 len = -EFAULT; 1969 goto out; 1970 } 1971 head->read_avail -= len; 1972 memmove(cp, cp + len, head->read_avail); 1973 out: 1974 mutex_unlock(&head->io_sem); 1975 return len; 1976 } 1977 1978 /** 1979 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. 1980 * 1981 * @file: Pointer to "struct file". 1982 * @buffer: Pointer to buffer to read from. 1983 * @buffer_len: Size of @buffer. 1984 * 1985 * Returns @buffer_len on success, negative value otherwise. 1986 */ 1987 static int tomoyo_write_control(struct file *file, const char __user *buffer, 1988 const int buffer_len) 1989 { 1990 struct tomoyo_io_buffer *head = file->private_data; 1991 int error = buffer_len; 1992 int avail_len = buffer_len; 1993 char *cp0 = head->write_buf; 1994 1995 if (!head->write) 1996 return -ENOSYS; 1997 if (!access_ok(VERIFY_READ, buffer, buffer_len)) 1998 return -EFAULT; 1999 /* Don't allow updating policies by non manager programs. */ 2000 if (head->write != tomoyo_write_pid && 2001 head->write != tomoyo_write_domain_policy && 2002 !tomoyo_is_policy_manager()) 2003 return -EPERM; 2004 if (mutex_lock_interruptible(&head->io_sem)) 2005 return -EINTR; 2006 /* Read a line and dispatch it to the policy handler. */ 2007 while (avail_len > 0) { 2008 char c; 2009 if (head->write_avail >= head->writebuf_size - 1) { 2010 error = -ENOMEM; 2011 break; 2012 } else if (get_user(c, buffer)) { 2013 error = -EFAULT; 2014 break; 2015 } 2016 buffer++; 2017 avail_len--; 2018 cp0[head->write_avail++] = c; 2019 if (c != '\n') 2020 continue; 2021 cp0[head->write_avail - 1] = '\0'; 2022 head->write_avail = 0; 2023 tomoyo_normalize_line(cp0); 2024 head->write(head); 2025 } 2026 mutex_unlock(&head->io_sem); 2027 return error; 2028 } 2029 2030 /** 2031 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface. 2032 * 2033 * @file: Pointer to "struct file". 2034 * 2035 * Releases memory and returns 0. 2036 */ 2037 static int tomoyo_close_control(struct file *file) 2038 { 2039 struct tomoyo_io_buffer *head = file->private_data; 2040 2041 /* Release memory used for policy I/O. */ 2042 tomoyo_free(head->read_buf); 2043 head->read_buf = NULL; 2044 tomoyo_free(head->write_buf); 2045 head->write_buf = NULL; 2046 tomoyo_free(head); 2047 head = NULL; 2048 file->private_data = NULL; 2049 return 0; 2050 } 2051 2052 /** 2053 * tomoyo_alloc_acl_element - Allocate permanent memory for ACL entry. 2054 * 2055 * @acl_type: Type of ACL entry. 2056 * 2057 * Returns pointer to the ACL entry on success, NULL otherwise. 2058 */ 2059 void *tomoyo_alloc_acl_element(const u8 acl_type) 2060 { 2061 int len; 2062 struct tomoyo_acl_info *ptr; 2063 2064 switch (acl_type) { 2065 case TOMOYO_TYPE_SINGLE_PATH_ACL: 2066 len = sizeof(struct tomoyo_single_path_acl_record); 2067 break; 2068 case TOMOYO_TYPE_DOUBLE_PATH_ACL: 2069 len = sizeof(struct tomoyo_double_path_acl_record); 2070 break; 2071 default: 2072 return NULL; 2073 } 2074 ptr = tomoyo_alloc_element(len); 2075 if (!ptr) 2076 return NULL; 2077 ptr->type = acl_type; 2078 return ptr; 2079 } 2080 2081 /** 2082 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. 2083 * 2084 * @inode: Pointer to "struct inode". 2085 * @file: Pointer to "struct file". 2086 * 2087 * Returns 0 on success, negative value otherwise. 2088 */ 2089 static int tomoyo_open(struct inode *inode, struct file *file) 2090 { 2091 const int key = ((u8 *) file->f_path.dentry->d_inode->i_private) 2092 - ((u8 *) NULL); 2093 return tomoyo_open_control(key, file); 2094 } 2095 2096 /** 2097 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. 2098 * 2099 * @inode: Pointer to "struct inode". 2100 * @file: Pointer to "struct file". 2101 * 2102 * Returns 0 on success, negative value otherwise. 2103 */ 2104 static int tomoyo_release(struct inode *inode, struct file *file) 2105 { 2106 return tomoyo_close_control(file); 2107 } 2108 2109 /** 2110 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. 2111 * 2112 * @file: Pointer to "struct file". 2113 * @buf: Pointer to buffer. 2114 * @count: Size of @buf. 2115 * @ppos: Unused. 2116 * 2117 * Returns bytes read on success, negative value otherwise. 2118 */ 2119 static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, 2120 loff_t *ppos) 2121 { 2122 return tomoyo_read_control(file, buf, count); 2123 } 2124 2125 /** 2126 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. 2127 * 2128 * @file: Pointer to "struct file". 2129 * @buf: Pointer to buffer. 2130 * @count: Size of @buf. 2131 * @ppos: Unused. 2132 * 2133 * Returns @count on success, negative value otherwise. 2134 */ 2135 static ssize_t tomoyo_write(struct file *file, const char __user *buf, 2136 size_t count, loff_t *ppos) 2137 { 2138 return tomoyo_write_control(file, buf, count); 2139 } 2140 2141 /* Operations for /sys/kernel/security/tomoyo/ interface. */ 2142 static const struct file_operations tomoyo_operations = { 2143 .open = tomoyo_open, 2144 .release = tomoyo_release, 2145 .read = tomoyo_read, 2146 .write = tomoyo_write, 2147 }; 2148 2149 /** 2150 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory. 2151 * 2152 * @name: The name of the interface file. 2153 * @mode: The permission of the interface file. 2154 * @parent: The parent directory. 2155 * @key: Type of interface. 2156 * 2157 * Returns nothing. 2158 */ 2159 static void __init tomoyo_create_entry(const char *name, const mode_t mode, 2160 struct dentry *parent, const u8 key) 2161 { 2162 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, 2163 &tomoyo_operations); 2164 } 2165 2166 /** 2167 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. 2168 * 2169 * Returns 0. 2170 */ 2171 static int __init tomoyo_initerface_init(void) 2172 { 2173 struct dentry *tomoyo_dir; 2174 2175 /* Don't create securityfs entries unless registered. */ 2176 if (current_cred()->security != &tomoyo_kernel_domain) 2177 return 0; 2178 2179 tomoyo_dir = securityfs_create_dir("tomoyo", NULL); 2180 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir, 2181 TOMOYO_DOMAINPOLICY); 2182 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir, 2183 TOMOYO_EXCEPTIONPOLICY); 2184 tomoyo_create_entry("self_domain", 0400, tomoyo_dir, 2185 TOMOYO_SELFDOMAIN); 2186 tomoyo_create_entry(".domain_status", 0600, tomoyo_dir, 2187 TOMOYO_DOMAIN_STATUS); 2188 tomoyo_create_entry(".process_status", 0600, tomoyo_dir, 2189 TOMOYO_PROCESS_STATUS); 2190 tomoyo_create_entry("meminfo", 0600, tomoyo_dir, 2191 TOMOYO_MEMINFO); 2192 tomoyo_create_entry("profile", 0600, tomoyo_dir, 2193 TOMOYO_PROFILE); 2194 tomoyo_create_entry("manager", 0600, tomoyo_dir, 2195 TOMOYO_MANAGER); 2196 tomoyo_create_entry("version", 0400, tomoyo_dir, 2197 TOMOYO_VERSION); 2198 return 0; 2199 } 2200 2201 fs_initcall(tomoyo_initerface_init); 2202