1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * security/tomoyo/common.c 4 * 5 * Copyright (C) 2005-2011 NTT DATA CORPORATION 6 */ 7 8 #include <linux/uaccess.h> 9 #include <linux/slab.h> 10 #include <linux/security.h> 11 #include "common.h" 12 13 /* String table for operation mode. */ 14 const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = { 15 [TOMOYO_CONFIG_DISABLED] = "disabled", 16 [TOMOYO_CONFIG_LEARNING] = "learning", 17 [TOMOYO_CONFIG_PERMISSIVE] = "permissive", 18 [TOMOYO_CONFIG_ENFORCING] = "enforcing" 19 }; 20 21 /* String table for /sys/kernel/security/tomoyo/profile */ 22 const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX 23 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = { 24 /* CONFIG::file group */ 25 [TOMOYO_MAC_FILE_EXECUTE] = "execute", 26 [TOMOYO_MAC_FILE_OPEN] = "open", 27 [TOMOYO_MAC_FILE_CREATE] = "create", 28 [TOMOYO_MAC_FILE_UNLINK] = "unlink", 29 [TOMOYO_MAC_FILE_GETATTR] = "getattr", 30 [TOMOYO_MAC_FILE_MKDIR] = "mkdir", 31 [TOMOYO_MAC_FILE_RMDIR] = "rmdir", 32 [TOMOYO_MAC_FILE_MKFIFO] = "mkfifo", 33 [TOMOYO_MAC_FILE_MKSOCK] = "mksock", 34 [TOMOYO_MAC_FILE_TRUNCATE] = "truncate", 35 [TOMOYO_MAC_FILE_SYMLINK] = "symlink", 36 [TOMOYO_MAC_FILE_MKBLOCK] = "mkblock", 37 [TOMOYO_MAC_FILE_MKCHAR] = "mkchar", 38 [TOMOYO_MAC_FILE_LINK] = "link", 39 [TOMOYO_MAC_FILE_RENAME] = "rename", 40 [TOMOYO_MAC_FILE_CHMOD] = "chmod", 41 [TOMOYO_MAC_FILE_CHOWN] = "chown", 42 [TOMOYO_MAC_FILE_CHGRP] = "chgrp", 43 [TOMOYO_MAC_FILE_IOCTL] = "ioctl", 44 [TOMOYO_MAC_FILE_CHROOT] = "chroot", 45 [TOMOYO_MAC_FILE_MOUNT] = "mount", 46 [TOMOYO_MAC_FILE_UMOUNT] = "unmount", 47 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "pivot_root", 48 /* CONFIG::network group */ 49 [TOMOYO_MAC_NETWORK_INET_STREAM_BIND] = "inet_stream_bind", 50 [TOMOYO_MAC_NETWORK_INET_STREAM_LISTEN] = "inet_stream_listen", 51 [TOMOYO_MAC_NETWORK_INET_STREAM_CONNECT] = "inet_stream_connect", 52 [TOMOYO_MAC_NETWORK_INET_DGRAM_BIND] = "inet_dgram_bind", 53 [TOMOYO_MAC_NETWORK_INET_DGRAM_SEND] = "inet_dgram_send", 54 [TOMOYO_MAC_NETWORK_INET_RAW_BIND] = "inet_raw_bind", 55 [TOMOYO_MAC_NETWORK_INET_RAW_SEND] = "inet_raw_send", 56 [TOMOYO_MAC_NETWORK_UNIX_STREAM_BIND] = "unix_stream_bind", 57 [TOMOYO_MAC_NETWORK_UNIX_STREAM_LISTEN] = "unix_stream_listen", 58 [TOMOYO_MAC_NETWORK_UNIX_STREAM_CONNECT] = "unix_stream_connect", 59 [TOMOYO_MAC_NETWORK_UNIX_DGRAM_BIND] = "unix_dgram_bind", 60 [TOMOYO_MAC_NETWORK_UNIX_DGRAM_SEND] = "unix_dgram_send", 61 [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_BIND] = "unix_seqpacket_bind", 62 [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_LISTEN] = "unix_seqpacket_listen", 63 [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] = "unix_seqpacket_connect", 64 /* CONFIG::misc group */ 65 [TOMOYO_MAC_ENVIRON] = "env", 66 /* CONFIG group */ 67 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file", 68 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_NETWORK] = "network", 69 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_MISC] = "misc", 70 }; 71 72 /* String table for conditions. */ 73 const char * const tomoyo_condition_keyword[TOMOYO_MAX_CONDITION_KEYWORD] = { 74 [TOMOYO_TASK_UID] = "task.uid", 75 [TOMOYO_TASK_EUID] = "task.euid", 76 [TOMOYO_TASK_SUID] = "task.suid", 77 [TOMOYO_TASK_FSUID] = "task.fsuid", 78 [TOMOYO_TASK_GID] = "task.gid", 79 [TOMOYO_TASK_EGID] = "task.egid", 80 [TOMOYO_TASK_SGID] = "task.sgid", 81 [TOMOYO_TASK_FSGID] = "task.fsgid", 82 [TOMOYO_TASK_PID] = "task.pid", 83 [TOMOYO_TASK_PPID] = "task.ppid", 84 [TOMOYO_EXEC_ARGC] = "exec.argc", 85 [TOMOYO_EXEC_ENVC] = "exec.envc", 86 [TOMOYO_TYPE_IS_SOCKET] = "socket", 87 [TOMOYO_TYPE_IS_SYMLINK] = "symlink", 88 [TOMOYO_TYPE_IS_FILE] = "file", 89 [TOMOYO_TYPE_IS_BLOCK_DEV] = "block", 90 [TOMOYO_TYPE_IS_DIRECTORY] = "directory", 91 [TOMOYO_TYPE_IS_CHAR_DEV] = "char", 92 [TOMOYO_TYPE_IS_FIFO] = "fifo", 93 [TOMOYO_MODE_SETUID] = "setuid", 94 [TOMOYO_MODE_SETGID] = "setgid", 95 [TOMOYO_MODE_STICKY] = "sticky", 96 [TOMOYO_MODE_OWNER_READ] = "owner_read", 97 [TOMOYO_MODE_OWNER_WRITE] = "owner_write", 98 [TOMOYO_MODE_OWNER_EXECUTE] = "owner_execute", 99 [TOMOYO_MODE_GROUP_READ] = "group_read", 100 [TOMOYO_MODE_GROUP_WRITE] = "group_write", 101 [TOMOYO_MODE_GROUP_EXECUTE] = "group_execute", 102 [TOMOYO_MODE_OTHERS_READ] = "others_read", 103 [TOMOYO_MODE_OTHERS_WRITE] = "others_write", 104 [TOMOYO_MODE_OTHERS_EXECUTE] = "others_execute", 105 [TOMOYO_EXEC_REALPATH] = "exec.realpath", 106 [TOMOYO_SYMLINK_TARGET] = "symlink.target", 107 [TOMOYO_PATH1_UID] = "path1.uid", 108 [TOMOYO_PATH1_GID] = "path1.gid", 109 [TOMOYO_PATH1_INO] = "path1.ino", 110 [TOMOYO_PATH1_MAJOR] = "path1.major", 111 [TOMOYO_PATH1_MINOR] = "path1.minor", 112 [TOMOYO_PATH1_PERM] = "path1.perm", 113 [TOMOYO_PATH1_TYPE] = "path1.type", 114 [TOMOYO_PATH1_DEV_MAJOR] = "path1.dev_major", 115 [TOMOYO_PATH1_DEV_MINOR] = "path1.dev_minor", 116 [TOMOYO_PATH2_UID] = "path2.uid", 117 [TOMOYO_PATH2_GID] = "path2.gid", 118 [TOMOYO_PATH2_INO] = "path2.ino", 119 [TOMOYO_PATH2_MAJOR] = "path2.major", 120 [TOMOYO_PATH2_MINOR] = "path2.minor", 121 [TOMOYO_PATH2_PERM] = "path2.perm", 122 [TOMOYO_PATH2_TYPE] = "path2.type", 123 [TOMOYO_PATH2_DEV_MAJOR] = "path2.dev_major", 124 [TOMOYO_PATH2_DEV_MINOR] = "path2.dev_minor", 125 [TOMOYO_PATH1_PARENT_UID] = "path1.parent.uid", 126 [TOMOYO_PATH1_PARENT_GID] = "path1.parent.gid", 127 [TOMOYO_PATH1_PARENT_INO] = "path1.parent.ino", 128 [TOMOYO_PATH1_PARENT_PERM] = "path1.parent.perm", 129 [TOMOYO_PATH2_PARENT_UID] = "path2.parent.uid", 130 [TOMOYO_PATH2_PARENT_GID] = "path2.parent.gid", 131 [TOMOYO_PATH2_PARENT_INO] = "path2.parent.ino", 132 [TOMOYO_PATH2_PARENT_PERM] = "path2.parent.perm", 133 }; 134 135 /* String table for PREFERENCE keyword. */ 136 static const char * const tomoyo_pref_keywords[TOMOYO_MAX_PREF] = { 137 [TOMOYO_PREF_MAX_AUDIT_LOG] = "max_audit_log", 138 [TOMOYO_PREF_MAX_LEARNING_ENTRY] = "max_learning_entry", 139 }; 140 141 /* String table for path operation. */ 142 const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = { 143 [TOMOYO_TYPE_EXECUTE] = "execute", 144 [TOMOYO_TYPE_READ] = "read", 145 [TOMOYO_TYPE_WRITE] = "write", 146 [TOMOYO_TYPE_APPEND] = "append", 147 [TOMOYO_TYPE_UNLINK] = "unlink", 148 [TOMOYO_TYPE_GETATTR] = "getattr", 149 [TOMOYO_TYPE_RMDIR] = "rmdir", 150 [TOMOYO_TYPE_TRUNCATE] = "truncate", 151 [TOMOYO_TYPE_SYMLINK] = "symlink", 152 [TOMOYO_TYPE_CHROOT] = "chroot", 153 [TOMOYO_TYPE_UMOUNT] = "unmount", 154 }; 155 156 /* String table for socket's operation. */ 157 const char * const tomoyo_socket_keyword[TOMOYO_MAX_NETWORK_OPERATION] = { 158 [TOMOYO_NETWORK_BIND] = "bind", 159 [TOMOYO_NETWORK_LISTEN] = "listen", 160 [TOMOYO_NETWORK_CONNECT] = "connect", 161 [TOMOYO_NETWORK_SEND] = "send", 162 }; 163 164 /* String table for categories. */ 165 static const char * const tomoyo_category_keywords 166 [TOMOYO_MAX_MAC_CATEGORY_INDEX] = { 167 [TOMOYO_MAC_CATEGORY_FILE] = "file", 168 [TOMOYO_MAC_CATEGORY_NETWORK] = "network", 169 [TOMOYO_MAC_CATEGORY_MISC] = "misc", 170 }; 171 172 /* Permit policy management by non-root user? */ 173 static bool tomoyo_manage_by_non_root; 174 175 /* Utility functions. */ 176 177 /** 178 * tomoyo_yesno - Return "yes" or "no". 179 * 180 * @value: Bool value. 181 */ 182 const char *tomoyo_yesno(const unsigned int value) 183 { 184 return value ? "yes" : "no"; 185 } 186 187 /** 188 * tomoyo_addprintf - strncat()-like-snprintf(). 189 * 190 * @buffer: Buffer to write to. Must be '\0'-terminated. 191 * @len: Size of @buffer. 192 * @fmt: The printf()'s format string, followed by parameters. 193 * 194 * Returns nothing. 195 */ 196 static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...) 197 { 198 va_list args; 199 const int pos = strlen(buffer); 200 201 va_start(args, fmt); 202 vsnprintf(buffer + pos, len - pos - 1, fmt, args); 203 va_end(args); 204 } 205 206 /** 207 * tomoyo_flush - Flush queued string to userspace's buffer. 208 * 209 * @head: Pointer to "struct tomoyo_io_buffer". 210 * 211 * Returns true if all data was flushed, false otherwise. 212 */ 213 static bool tomoyo_flush(struct tomoyo_io_buffer *head) 214 { 215 while (head->r.w_pos) { 216 const char *w = head->r.w[0]; 217 size_t len = strlen(w); 218 219 if (len) { 220 if (len > head->read_user_buf_avail) 221 len = head->read_user_buf_avail; 222 if (!len) 223 return false; 224 if (copy_to_user(head->read_user_buf, w, len)) 225 return false; 226 head->read_user_buf_avail -= len; 227 head->read_user_buf += len; 228 w += len; 229 } 230 head->r.w[0] = w; 231 if (*w) 232 return false; 233 /* Add '\0' for audit logs and query. */ 234 if (head->poll) { 235 if (!head->read_user_buf_avail || 236 copy_to_user(head->read_user_buf, "", 1)) 237 return false; 238 head->read_user_buf_avail--; 239 head->read_user_buf++; 240 } 241 head->r.w_pos--; 242 for (len = 0; len < head->r.w_pos; len++) 243 head->r.w[len] = head->r.w[len + 1]; 244 } 245 head->r.avail = 0; 246 return true; 247 } 248 249 /** 250 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure. 251 * 252 * @head: Pointer to "struct tomoyo_io_buffer". 253 * @string: String to print. 254 * 255 * Note that @string has to be kept valid until @head is kfree()d. 256 * This means that char[] allocated on stack memory cannot be passed to 257 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory. 258 */ 259 static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string) 260 { 261 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) { 262 head->r.w[head->r.w_pos++] = string; 263 tomoyo_flush(head); 264 } else 265 WARN_ON(1); 266 } 267 268 static void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, 269 ...) __printf(2, 3); 270 271 /** 272 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure. 273 * 274 * @head: Pointer to "struct tomoyo_io_buffer". 275 * @fmt: The printf()'s format string, followed by parameters. 276 */ 277 static void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, 278 ...) 279 { 280 va_list args; 281 size_t len; 282 size_t pos = head->r.avail; 283 int size = head->readbuf_size - pos; 284 285 if (size <= 0) 286 return; 287 va_start(args, fmt); 288 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1; 289 va_end(args); 290 if (pos + len >= head->readbuf_size) { 291 WARN_ON(1); 292 return; 293 } 294 head->r.avail += len; 295 tomoyo_set_string(head, head->read_buf + pos); 296 } 297 298 /** 299 * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure. 300 * 301 * @head: Pointer to "struct tomoyo_io_buffer". 302 * 303 * Returns nothing. 304 */ 305 static void tomoyo_set_space(struct tomoyo_io_buffer *head) 306 { 307 tomoyo_set_string(head, " "); 308 } 309 310 /** 311 * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure. 312 * 313 * @head: Pointer to "struct tomoyo_io_buffer". 314 * 315 * Returns nothing. 316 */ 317 static bool tomoyo_set_lf(struct tomoyo_io_buffer *head) 318 { 319 tomoyo_set_string(head, "\n"); 320 return !head->r.w_pos; 321 } 322 323 /** 324 * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure. 325 * 326 * @head: Pointer to "struct tomoyo_io_buffer". 327 * 328 * Returns nothing. 329 */ 330 static void tomoyo_set_slash(struct tomoyo_io_buffer *head) 331 { 332 tomoyo_set_string(head, "/"); 333 } 334 335 /* List of namespaces. */ 336 LIST_HEAD(tomoyo_namespace_list); 337 /* True if namespace other than tomoyo_kernel_namespace is defined. */ 338 static bool tomoyo_namespace_enabled; 339 340 /** 341 * tomoyo_init_policy_namespace - Initialize namespace. 342 * 343 * @ns: Pointer to "struct tomoyo_policy_namespace". 344 * 345 * Returns nothing. 346 */ 347 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) 348 { 349 unsigned int idx; 350 351 for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++) 352 INIT_LIST_HEAD(&ns->acl_group[idx]); 353 for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) 354 INIT_LIST_HEAD(&ns->group_list[idx]); 355 for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) 356 INIT_LIST_HEAD(&ns->policy_list[idx]); 357 ns->profile_version = 20150505; 358 tomoyo_namespace_enabled = !list_empty(&tomoyo_namespace_list); 359 list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list); 360 } 361 362 /** 363 * tomoyo_print_namespace - Print namespace header. 364 * 365 * @head: Pointer to "struct tomoyo_io_buffer". 366 * 367 * Returns nothing. 368 */ 369 static void tomoyo_print_namespace(struct tomoyo_io_buffer *head) 370 { 371 if (!tomoyo_namespace_enabled) 372 return; 373 tomoyo_set_string(head, 374 container_of(head->r.ns, 375 struct tomoyo_policy_namespace, 376 namespace_list)->name); 377 tomoyo_set_space(head); 378 } 379 380 /** 381 * tomoyo_print_name_union - Print a tomoyo_name_union. 382 * 383 * @head: Pointer to "struct tomoyo_io_buffer". 384 * @ptr: Pointer to "struct tomoyo_name_union". 385 */ 386 static void tomoyo_print_name_union(struct tomoyo_io_buffer *head, 387 const struct tomoyo_name_union *ptr) 388 { 389 tomoyo_set_space(head); 390 if (ptr->group) { 391 tomoyo_set_string(head, "@"); 392 tomoyo_set_string(head, ptr->group->group_name->name); 393 } else { 394 tomoyo_set_string(head, ptr->filename->name); 395 } 396 } 397 398 /** 399 * tomoyo_print_name_union_quoted - Print a tomoyo_name_union with a quote. 400 * 401 * @head: Pointer to "struct tomoyo_io_buffer". 402 * @ptr: Pointer to "struct tomoyo_name_union". 403 * 404 * Returns nothing. 405 */ 406 static void tomoyo_print_name_union_quoted(struct tomoyo_io_buffer *head, 407 const struct tomoyo_name_union *ptr) 408 { 409 if (ptr->group) { 410 tomoyo_set_string(head, "@"); 411 tomoyo_set_string(head, ptr->group->group_name->name); 412 } else { 413 tomoyo_set_string(head, "\""); 414 tomoyo_set_string(head, ptr->filename->name); 415 tomoyo_set_string(head, "\""); 416 } 417 } 418 419 /** 420 * tomoyo_print_number_union_nospace - Print a tomoyo_number_union without a space. 421 * 422 * @head: Pointer to "struct tomoyo_io_buffer". 423 * @ptr: Pointer to "struct tomoyo_number_union". 424 * 425 * Returns nothing. 426 */ 427 static void tomoyo_print_number_union_nospace 428 (struct tomoyo_io_buffer *head, const struct tomoyo_number_union *ptr) 429 { 430 if (ptr->group) { 431 tomoyo_set_string(head, "@"); 432 tomoyo_set_string(head, ptr->group->group_name->name); 433 } else { 434 int i; 435 unsigned long min = ptr->values[0]; 436 const unsigned long max = ptr->values[1]; 437 u8 min_type = ptr->value_type[0]; 438 const u8 max_type = ptr->value_type[1]; 439 char buffer[128]; 440 441 buffer[0] = '\0'; 442 for (i = 0; i < 2; i++) { 443 switch (min_type) { 444 case TOMOYO_VALUE_TYPE_HEXADECIMAL: 445 tomoyo_addprintf(buffer, sizeof(buffer), 446 "0x%lX", min); 447 break; 448 case TOMOYO_VALUE_TYPE_OCTAL: 449 tomoyo_addprintf(buffer, sizeof(buffer), 450 "0%lo", min); 451 break; 452 default: 453 tomoyo_addprintf(buffer, sizeof(buffer), "%lu", 454 min); 455 break; 456 } 457 if (min == max && min_type == max_type) 458 break; 459 tomoyo_addprintf(buffer, sizeof(buffer), "-"); 460 min_type = max_type; 461 min = max; 462 } 463 tomoyo_io_printf(head, "%s", buffer); 464 } 465 } 466 467 /** 468 * tomoyo_print_number_union - Print a tomoyo_number_union. 469 * 470 * @head: Pointer to "struct tomoyo_io_buffer". 471 * @ptr: Pointer to "struct tomoyo_number_union". 472 * 473 * Returns nothing. 474 */ 475 static void tomoyo_print_number_union(struct tomoyo_io_buffer *head, 476 const struct tomoyo_number_union *ptr) 477 { 478 tomoyo_set_space(head); 479 tomoyo_print_number_union_nospace(head, ptr); 480 } 481 482 /** 483 * tomoyo_assign_profile - Create a new profile. 484 * 485 * @ns: Pointer to "struct tomoyo_policy_namespace". 486 * @profile: Profile number to create. 487 * 488 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. 489 */ 490 static struct tomoyo_profile *tomoyo_assign_profile 491 (struct tomoyo_policy_namespace *ns, const unsigned int profile) 492 { 493 struct tomoyo_profile *ptr; 494 struct tomoyo_profile *entry; 495 496 if (profile >= TOMOYO_MAX_PROFILES) 497 return NULL; 498 ptr = ns->profile_ptr[profile]; 499 if (ptr) 500 return ptr; 501 entry = kzalloc(sizeof(*entry), GFP_NOFS); 502 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 503 goto out; 504 ptr = ns->profile_ptr[profile]; 505 if (!ptr && tomoyo_memory_ok(entry)) { 506 ptr = entry; 507 ptr->default_config = TOMOYO_CONFIG_DISABLED | 508 TOMOYO_CONFIG_WANT_GRANT_LOG | 509 TOMOYO_CONFIG_WANT_REJECT_LOG; 510 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT, 511 sizeof(ptr->config)); 512 ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] = 513 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG; 514 ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 515 CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY; 516 mb(); /* Avoid out-of-order execution. */ 517 ns->profile_ptr[profile] = ptr; 518 entry = NULL; 519 } 520 mutex_unlock(&tomoyo_policy_lock); 521 out: 522 kfree(entry); 523 return ptr; 524 } 525 526 /** 527 * tomoyo_profile - Find a profile. 528 * 529 * @ns: Pointer to "struct tomoyo_policy_namespace". 530 * @profile: Profile number to find. 531 * 532 * Returns pointer to "struct tomoyo_profile". 533 */ 534 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, 535 const u8 profile) 536 { 537 static struct tomoyo_profile tomoyo_null_profile; 538 struct tomoyo_profile *ptr = ns->profile_ptr[profile]; 539 540 if (!ptr) 541 ptr = &tomoyo_null_profile; 542 return ptr; 543 } 544 545 /** 546 * tomoyo_find_yesno - Find values for specified keyword. 547 * 548 * @string: String to check. 549 * @find: Name of keyword. 550 * 551 * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise. 552 */ 553 static s8 tomoyo_find_yesno(const char *string, const char *find) 554 { 555 const char *cp = strstr(string, find); 556 557 if (cp) { 558 cp += strlen(find); 559 if (!strncmp(cp, "=yes", 4)) 560 return 1; 561 else if (!strncmp(cp, "=no", 3)) 562 return 0; 563 } 564 return -1; 565 } 566 567 /** 568 * tomoyo_set_uint - Set value for specified preference. 569 * 570 * @i: Pointer to "unsigned int". 571 * @string: String to check. 572 * @find: Name of keyword. 573 * 574 * Returns nothing. 575 */ 576 static void tomoyo_set_uint(unsigned int *i, const char *string, 577 const char *find) 578 { 579 const char *cp = strstr(string, find); 580 581 if (cp) 582 sscanf(cp + strlen(find), "=%u", i); 583 } 584 585 /** 586 * tomoyo_set_mode - Set mode for specified profile. 587 * 588 * @name: Name of functionality. 589 * @value: Mode for @name. 590 * @profile: Pointer to "struct tomoyo_profile". 591 * 592 * Returns 0 on success, negative value otherwise. 593 */ 594 static int tomoyo_set_mode(char *name, const char *value, 595 struct tomoyo_profile *profile) 596 { 597 u8 i; 598 u8 config; 599 600 if (!strcmp(name, "CONFIG")) { 601 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX; 602 config = profile->default_config; 603 } else if (tomoyo_str_starts(&name, "CONFIG::")) { 604 config = 0; 605 for (i = 0; i < TOMOYO_MAX_MAC_INDEX 606 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) { 607 int len = 0; 608 609 if (i < TOMOYO_MAX_MAC_INDEX) { 610 const u8 c = tomoyo_index2category[i]; 611 const char *category = 612 tomoyo_category_keywords[c]; 613 614 len = strlen(category); 615 if (strncmp(name, category, len) || 616 name[len++] != ':' || name[len++] != ':') 617 continue; 618 } 619 if (strcmp(name + len, tomoyo_mac_keywords[i])) 620 continue; 621 config = profile->config[i]; 622 break; 623 } 624 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 625 return -EINVAL; 626 } else { 627 return -EINVAL; 628 } 629 if (strstr(value, "use_default")) { 630 config = TOMOYO_CONFIG_USE_DEFAULT; 631 } else { 632 u8 mode; 633 634 for (mode = 0; mode < 4; mode++) 635 if (strstr(value, tomoyo_mode[mode])) 636 /* 637 * Update lower 3 bits in order to distinguish 638 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'. 639 */ 640 config = (config & ~7) | mode; 641 if (config != TOMOYO_CONFIG_USE_DEFAULT) { 642 switch (tomoyo_find_yesno(value, "grant_log")) { 643 case 1: 644 config |= TOMOYO_CONFIG_WANT_GRANT_LOG; 645 break; 646 case 0: 647 config &= ~TOMOYO_CONFIG_WANT_GRANT_LOG; 648 break; 649 } 650 switch (tomoyo_find_yesno(value, "reject_log")) { 651 case 1: 652 config |= TOMOYO_CONFIG_WANT_REJECT_LOG; 653 break; 654 case 0: 655 config &= ~TOMOYO_CONFIG_WANT_REJECT_LOG; 656 break; 657 } 658 } 659 } 660 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 661 profile->config[i] = config; 662 else if (config != TOMOYO_CONFIG_USE_DEFAULT) 663 profile->default_config = config; 664 return 0; 665 } 666 667 /** 668 * tomoyo_write_profile - Write profile table. 669 * 670 * @head: Pointer to "struct tomoyo_io_buffer". 671 * 672 * Returns 0 on success, negative value otherwise. 673 */ 674 static int tomoyo_write_profile(struct tomoyo_io_buffer *head) 675 { 676 char *data = head->write_buf; 677 unsigned int i; 678 char *cp; 679 struct tomoyo_profile *profile; 680 681 if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version) 682 == 1) 683 return 0; 684 i = simple_strtoul(data, &cp, 10); 685 if (*cp != '-') 686 return -EINVAL; 687 data = cp + 1; 688 profile = tomoyo_assign_profile(head->w.ns, i); 689 if (!profile) 690 return -EINVAL; 691 cp = strchr(data, '='); 692 if (!cp) 693 return -EINVAL; 694 *cp++ = '\0'; 695 if (!strcmp(data, "COMMENT")) { 696 static DEFINE_SPINLOCK(lock); 697 const struct tomoyo_path_info *new_comment 698 = tomoyo_get_name(cp); 699 const struct tomoyo_path_info *old_comment; 700 701 if (!new_comment) 702 return -ENOMEM; 703 spin_lock(&lock); 704 old_comment = profile->comment; 705 profile->comment = new_comment; 706 spin_unlock(&lock); 707 tomoyo_put_name(old_comment); 708 return 0; 709 } 710 if (!strcmp(data, "PREFERENCE")) { 711 for (i = 0; i < TOMOYO_MAX_PREF; i++) 712 tomoyo_set_uint(&profile->pref[i], cp, 713 tomoyo_pref_keywords[i]); 714 return 0; 715 } 716 return tomoyo_set_mode(data, cp, profile); 717 } 718 719 /** 720 * tomoyo_print_config - Print mode for specified functionality. 721 * 722 * @head: Pointer to "struct tomoyo_io_buffer". 723 * @config: Mode for that functionality. 724 * 725 * Returns nothing. 726 * 727 * Caller prints functionality's name. 728 */ 729 static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config) 730 { 731 tomoyo_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n", 732 tomoyo_mode[config & 3], 733 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_GRANT_LOG), 734 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_REJECT_LOG)); 735 } 736 737 /** 738 * tomoyo_read_profile - Read profile table. 739 * 740 * @head: Pointer to "struct tomoyo_io_buffer". 741 * 742 * Returns nothing. 743 */ 744 static void tomoyo_read_profile(struct tomoyo_io_buffer *head) 745 { 746 u8 index; 747 struct tomoyo_policy_namespace *ns = 748 container_of(head->r.ns, typeof(*ns), namespace_list); 749 const struct tomoyo_profile *profile; 750 751 if (head->r.eof) 752 return; 753 next: 754 index = head->r.index; 755 profile = ns->profile_ptr[index]; 756 switch (head->r.step) { 757 case 0: 758 tomoyo_print_namespace(head); 759 tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", 760 ns->profile_version); 761 head->r.step++; 762 break; 763 case 1: 764 for ( ; head->r.index < TOMOYO_MAX_PROFILES; 765 head->r.index++) 766 if (ns->profile_ptr[head->r.index]) 767 break; 768 if (head->r.index == TOMOYO_MAX_PROFILES) { 769 head->r.eof = true; 770 return; 771 } 772 head->r.step++; 773 break; 774 case 2: 775 { 776 u8 i; 777 const struct tomoyo_path_info *comment = 778 profile->comment; 779 780 tomoyo_print_namespace(head); 781 tomoyo_io_printf(head, "%u-COMMENT=", index); 782 tomoyo_set_string(head, comment ? comment->name : ""); 783 tomoyo_set_lf(head); 784 tomoyo_print_namespace(head); 785 tomoyo_io_printf(head, "%u-PREFERENCE={ ", index); 786 for (i = 0; i < TOMOYO_MAX_PREF; i++) 787 tomoyo_io_printf(head, "%s=%u ", 788 tomoyo_pref_keywords[i], 789 profile->pref[i]); 790 tomoyo_set_string(head, "}\n"); 791 head->r.step++; 792 } 793 break; 794 case 3: 795 { 796 tomoyo_print_namespace(head); 797 tomoyo_io_printf(head, "%u-%s", index, "CONFIG"); 798 tomoyo_print_config(head, profile->default_config); 799 head->r.bit = 0; 800 head->r.step++; 801 } 802 break; 803 case 4: 804 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX 805 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) { 806 const u8 i = head->r.bit; 807 const u8 config = profile->config[i]; 808 809 if (config == TOMOYO_CONFIG_USE_DEFAULT) 810 continue; 811 tomoyo_print_namespace(head); 812 if (i < TOMOYO_MAX_MAC_INDEX) 813 tomoyo_io_printf(head, "%u-CONFIG::%s::%s", 814 index, 815 tomoyo_category_keywords 816 [tomoyo_index2category[i]], 817 tomoyo_mac_keywords[i]); 818 else 819 tomoyo_io_printf(head, "%u-CONFIG::%s", index, 820 tomoyo_mac_keywords[i]); 821 tomoyo_print_config(head, config); 822 head->r.bit++; 823 break; 824 } 825 if (head->r.bit == TOMOYO_MAX_MAC_INDEX 826 + TOMOYO_MAX_MAC_CATEGORY_INDEX) { 827 head->r.index++; 828 head->r.step = 1; 829 } 830 break; 831 } 832 if (tomoyo_flush(head)) 833 goto next; 834 } 835 836 /** 837 * tomoyo_same_manager - Check for duplicated "struct tomoyo_manager" entry. 838 * 839 * @a: Pointer to "struct tomoyo_acl_head". 840 * @b: Pointer to "struct tomoyo_acl_head". 841 * 842 * Returns true if @a == @b, false otherwise. 843 */ 844 static bool tomoyo_same_manager(const struct tomoyo_acl_head *a, 845 const struct tomoyo_acl_head *b) 846 { 847 return container_of(a, struct tomoyo_manager, head)->manager == 848 container_of(b, struct tomoyo_manager, head)->manager; 849 } 850 851 /** 852 * tomoyo_update_manager_entry - Add a manager entry. 853 * 854 * @manager: The path to manager or the domainnamme. 855 * @is_delete: True if it is a delete request. 856 * 857 * Returns 0 on success, negative value otherwise. 858 * 859 * Caller holds tomoyo_read_lock(). 860 */ 861 static int tomoyo_update_manager_entry(const char *manager, 862 const bool is_delete) 863 { 864 struct tomoyo_manager e = { }; 865 struct tomoyo_acl_param param = { 866 /* .ns = &tomoyo_kernel_namespace, */ 867 .is_delete = is_delete, 868 .list = &tomoyo_kernel_namespace.policy_list[TOMOYO_ID_MANAGER], 869 }; 870 int error = is_delete ? -ENOENT : -ENOMEM; 871 872 if (!tomoyo_correct_domain(manager) && 873 !tomoyo_correct_word(manager)) 874 return -EINVAL; 875 e.manager = tomoyo_get_name(manager); 876 if (e.manager) { 877 error = tomoyo_update_policy(&e.head, sizeof(e), ¶m, 878 tomoyo_same_manager); 879 tomoyo_put_name(e.manager); 880 } 881 return error; 882 } 883 884 /** 885 * tomoyo_write_manager - Write manager policy. 886 * 887 * @head: Pointer to "struct tomoyo_io_buffer". 888 * 889 * Returns 0 on success, negative value otherwise. 890 * 891 * Caller holds tomoyo_read_lock(). 892 */ 893 static int tomoyo_write_manager(struct tomoyo_io_buffer *head) 894 { 895 char *data = head->write_buf; 896 897 if (!strcmp(data, "manage_by_non_root")) { 898 tomoyo_manage_by_non_root = !head->w.is_delete; 899 return 0; 900 } 901 return tomoyo_update_manager_entry(data, head->w.is_delete); 902 } 903 904 /** 905 * tomoyo_read_manager - Read manager policy. 906 * 907 * @head: Pointer to "struct tomoyo_io_buffer". 908 * 909 * Caller holds tomoyo_read_lock(). 910 */ 911 static void tomoyo_read_manager(struct tomoyo_io_buffer *head) 912 { 913 if (head->r.eof) 914 return; 915 list_for_each_cookie(head->r.acl, &tomoyo_kernel_namespace.policy_list[TOMOYO_ID_MANAGER]) { 916 struct tomoyo_manager *ptr = 917 list_entry(head->r.acl, typeof(*ptr), head.list); 918 919 if (ptr->head.is_deleted) 920 continue; 921 if (!tomoyo_flush(head)) 922 return; 923 tomoyo_set_string(head, ptr->manager->name); 924 tomoyo_set_lf(head); 925 } 926 head->r.eof = true; 927 } 928 929 /** 930 * tomoyo_manager - Check whether the current process is a policy manager. 931 * 932 * Returns true if the current process is permitted to modify policy 933 * via /sys/kernel/security/tomoyo/ interface. 934 * 935 * Caller holds tomoyo_read_lock(). 936 */ 937 static bool tomoyo_manager(void) 938 { 939 struct tomoyo_manager *ptr; 940 const char *exe; 941 const struct task_struct *task = current; 942 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 943 bool found = IS_ENABLED(CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING); 944 945 if (!tomoyo_policy_loaded) 946 return true; 947 if (!tomoyo_manage_by_non_root && 948 (!uid_eq(task->cred->uid, GLOBAL_ROOT_UID) || 949 !uid_eq(task->cred->euid, GLOBAL_ROOT_UID))) 950 return false; 951 exe = tomoyo_get_exe(); 952 if (!exe) 953 return false; 954 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.policy_list[TOMOYO_ID_MANAGER], head.list, 955 srcu_read_lock_held(&tomoyo_ss)) { 956 if (!ptr->head.is_deleted && 957 (!tomoyo_pathcmp(domainname, ptr->manager) || 958 !strcmp(exe, ptr->manager->name))) { 959 found = true; 960 break; 961 } 962 } 963 if (!found) { /* Reduce error messages. */ 964 static pid_t last_pid; 965 const pid_t pid = current->pid; 966 967 if (last_pid != pid) { 968 pr_warn("%s ( %s ) is not permitted to update policies.\n", 969 domainname->name, exe); 970 last_pid = pid; 971 } 972 } 973 kfree(exe); 974 return found; 975 } 976 977 static struct tomoyo_domain_info *tomoyo_find_domain_by_qid 978 (unsigned int serial); 979 980 /** 981 * tomoyo_select_domain - Parse select command. 982 * 983 * @head: Pointer to "struct tomoyo_io_buffer". 984 * @data: String to parse. 985 * 986 * Returns true on success, false otherwise. 987 * 988 * Caller holds tomoyo_read_lock(). 989 */ 990 static bool tomoyo_select_domain(struct tomoyo_io_buffer *head, 991 const char *data) 992 { 993 unsigned int pid; 994 struct tomoyo_domain_info *domain = NULL; 995 bool global_pid = false; 996 997 if (strncmp(data, "select ", 7)) 998 return false; 999 data += 7; 1000 if (sscanf(data, "pid=%u", &pid) == 1 || 1001 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { 1002 struct task_struct *p; 1003 1004 rcu_read_lock(); 1005 if (global_pid) 1006 p = find_task_by_pid_ns(pid, &init_pid_ns); 1007 else 1008 p = find_task_by_vpid(pid); 1009 if (p) 1010 domain = tomoyo_task(p)->domain_info; 1011 rcu_read_unlock(); 1012 } else if (!strncmp(data, "domain=", 7)) { 1013 if (tomoyo_domain_def(data + 7)) 1014 domain = tomoyo_find_domain(data + 7); 1015 } else if (sscanf(data, "Q=%u", &pid) == 1) { 1016 domain = tomoyo_find_domain_by_qid(pid); 1017 } else 1018 return false; 1019 head->w.domain = domain; 1020 /* Accessing read_buf is safe because head->io_sem is held. */ 1021 if (!head->read_buf) 1022 return true; /* Do nothing if open(O_WRONLY). */ 1023 memset(&head->r, 0, sizeof(head->r)); 1024 head->r.print_this_domain_only = true; 1025 if (domain) 1026 head->r.domain = &domain->list; 1027 else 1028 head->r.eof = 1; 1029 tomoyo_io_printf(head, "# select %s\n", data); 1030 if (domain && domain->is_deleted) 1031 tomoyo_io_printf(head, "# This is a deleted domain.\n"); 1032 return true; 1033 } 1034 1035 /** 1036 * tomoyo_same_task_acl - Check for duplicated "struct tomoyo_task_acl" entry. 1037 * 1038 * @a: Pointer to "struct tomoyo_acl_info". 1039 * @b: Pointer to "struct tomoyo_acl_info". 1040 * 1041 * Returns true if @a == @b, false otherwise. 1042 */ 1043 static bool tomoyo_same_task_acl(const struct tomoyo_acl_info *a, 1044 const struct tomoyo_acl_info *b) 1045 { 1046 const struct tomoyo_task_acl *p1 = container_of(a, typeof(*p1), head); 1047 const struct tomoyo_task_acl *p2 = container_of(b, typeof(*p2), head); 1048 1049 return p1->domainname == p2->domainname; 1050 } 1051 1052 /** 1053 * tomoyo_write_task - Update task related list. 1054 * 1055 * @param: Pointer to "struct tomoyo_acl_param". 1056 * 1057 * Returns 0 on success, negative value otherwise. 1058 * 1059 * Caller holds tomoyo_read_lock(). 1060 */ 1061 static int tomoyo_write_task(struct tomoyo_acl_param *param) 1062 { 1063 int error = -EINVAL; 1064 1065 if (tomoyo_str_starts(¶m->data, "manual_domain_transition ")) { 1066 struct tomoyo_task_acl e = { 1067 .head.type = TOMOYO_TYPE_MANUAL_TASK_ACL, 1068 .domainname = tomoyo_get_domainname(param), 1069 }; 1070 1071 if (e.domainname) 1072 error = tomoyo_update_domain(&e.head, sizeof(e), param, 1073 tomoyo_same_task_acl, 1074 NULL); 1075 tomoyo_put_name(e.domainname); 1076 } 1077 return error; 1078 } 1079 1080 /** 1081 * tomoyo_delete_domain - Delete a domain. 1082 * 1083 * @domainname: The name of domain. 1084 * 1085 * Returns 0 on success, negative value otherwise. 1086 * 1087 * Caller holds tomoyo_read_lock(). 1088 */ 1089 static int tomoyo_delete_domain(char *domainname) 1090 { 1091 struct tomoyo_domain_info *domain; 1092 struct tomoyo_path_info name; 1093 1094 name.name = domainname; 1095 tomoyo_fill_path_info(&name); 1096 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 1097 return -EINTR; 1098 /* Is there an active domain? */ 1099 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list, 1100 srcu_read_lock_held(&tomoyo_ss)) { 1101 /* Never delete tomoyo_kernel_domain */ 1102 if (domain == &tomoyo_kernel_domain) 1103 continue; 1104 if (domain->is_deleted || 1105 tomoyo_pathcmp(domain->domainname, &name)) 1106 continue; 1107 domain->is_deleted = true; 1108 break; 1109 } 1110 mutex_unlock(&tomoyo_policy_lock); 1111 return 0; 1112 } 1113 1114 /** 1115 * tomoyo_write_domain2 - Write domain policy. 1116 * 1117 * @ns: Pointer to "struct tomoyo_policy_namespace". 1118 * @list: Pointer to "struct list_head". 1119 * @data: Policy to be interpreted. 1120 * @is_delete: True if it is a delete request. 1121 * 1122 * Returns 0 on success, negative value otherwise. 1123 * 1124 * Caller holds tomoyo_read_lock(). 1125 */ 1126 static int tomoyo_write_domain2(struct tomoyo_policy_namespace *ns, 1127 struct list_head *list, char *data, 1128 const bool is_delete) 1129 { 1130 struct tomoyo_acl_param param = { 1131 .ns = ns, 1132 .list = list, 1133 .data = data, 1134 .is_delete = is_delete, 1135 }; 1136 static const struct { 1137 const char *keyword; 1138 int (*write)(struct tomoyo_acl_param *param); 1139 } tomoyo_callback[5] = { 1140 { "file ", tomoyo_write_file }, 1141 { "network inet ", tomoyo_write_inet_network }, 1142 { "network unix ", tomoyo_write_unix_network }, 1143 { "misc ", tomoyo_write_misc }, 1144 { "task ", tomoyo_write_task }, 1145 }; 1146 u8 i; 1147 1148 for (i = 0; i < ARRAY_SIZE(tomoyo_callback); i++) { 1149 if (!tomoyo_str_starts(¶m.data, 1150 tomoyo_callback[i].keyword)) 1151 continue; 1152 return tomoyo_callback[i].write(¶m); 1153 } 1154 return -EINVAL; 1155 } 1156 1157 /* String table for domain flags. */ 1158 const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS] = { 1159 [TOMOYO_DIF_QUOTA_WARNED] = "quota_exceeded\n", 1160 [TOMOYO_DIF_TRANSITION_FAILED] = "transition_failed\n", 1161 }; 1162 1163 /** 1164 * tomoyo_write_domain - Write domain policy. 1165 * 1166 * @head: Pointer to "struct tomoyo_io_buffer". 1167 * 1168 * Returns 0 on success, negative value otherwise. 1169 * 1170 * Caller holds tomoyo_read_lock(). 1171 */ 1172 static int tomoyo_write_domain(struct tomoyo_io_buffer *head) 1173 { 1174 char *data = head->write_buf; 1175 struct tomoyo_policy_namespace *ns; 1176 struct tomoyo_domain_info *domain = head->w.domain; 1177 const bool is_delete = head->w.is_delete; 1178 bool is_select = !is_delete && tomoyo_str_starts(&data, "select "); 1179 unsigned int idx; 1180 1181 if (*data == '<') { 1182 int ret = 0; 1183 1184 domain = NULL; 1185 if (is_delete) 1186 ret = tomoyo_delete_domain(data); 1187 else if (is_select) 1188 domain = tomoyo_find_domain(data); 1189 else 1190 domain = tomoyo_assign_domain(data, false); 1191 head->w.domain = domain; 1192 return ret; 1193 } 1194 if (!domain) 1195 return -EINVAL; 1196 ns = domain->ns; 1197 if (sscanf(data, "use_profile %u", &idx) == 1 1198 && idx < TOMOYO_MAX_PROFILES) { 1199 if (!tomoyo_policy_loaded || ns->profile_ptr[idx]) 1200 if (!is_delete) 1201 domain->profile = (u8) idx; 1202 return 0; 1203 } 1204 if (sscanf(data, "use_group %u\n", &idx) == 1 1205 && idx < TOMOYO_MAX_ACL_GROUPS) { 1206 if (!is_delete) 1207 set_bit(idx, domain->group); 1208 else 1209 clear_bit(idx, domain->group); 1210 return 0; 1211 } 1212 for (idx = 0; idx < TOMOYO_MAX_DOMAIN_INFO_FLAGS; idx++) { 1213 const char *cp = tomoyo_dif[idx]; 1214 1215 if (strncmp(data, cp, strlen(cp) - 1)) 1216 continue; 1217 domain->flags[idx] = !is_delete; 1218 return 0; 1219 } 1220 return tomoyo_write_domain2(ns, &domain->acl_info_list, data, 1221 is_delete); 1222 } 1223 1224 /** 1225 * tomoyo_print_condition - Print condition part. 1226 * 1227 * @head: Pointer to "struct tomoyo_io_buffer". 1228 * @cond: Pointer to "struct tomoyo_condition". 1229 * 1230 * Returns true on success, false otherwise. 1231 */ 1232 static bool tomoyo_print_condition(struct tomoyo_io_buffer *head, 1233 const struct tomoyo_condition *cond) 1234 { 1235 switch (head->r.cond_step) { 1236 case 0: 1237 head->r.cond_index = 0; 1238 head->r.cond_step++; 1239 if (cond->transit) { 1240 tomoyo_set_space(head); 1241 tomoyo_set_string(head, cond->transit->name); 1242 } 1243 /* fall through */ 1244 case 1: 1245 { 1246 const u16 condc = cond->condc; 1247 const struct tomoyo_condition_element *condp = 1248 (typeof(condp)) (cond + 1); 1249 const struct tomoyo_number_union *numbers_p = 1250 (typeof(numbers_p)) (condp + condc); 1251 const struct tomoyo_name_union *names_p = 1252 (typeof(names_p)) 1253 (numbers_p + cond->numbers_count); 1254 const struct tomoyo_argv *argv = 1255 (typeof(argv)) (names_p + cond->names_count); 1256 const struct tomoyo_envp *envp = 1257 (typeof(envp)) (argv + cond->argc); 1258 u16 skip; 1259 1260 for (skip = 0; skip < head->r.cond_index; skip++) { 1261 const u8 left = condp->left; 1262 const u8 right = condp->right; 1263 1264 condp++; 1265 switch (left) { 1266 case TOMOYO_ARGV_ENTRY: 1267 argv++; 1268 continue; 1269 case TOMOYO_ENVP_ENTRY: 1270 envp++; 1271 continue; 1272 case TOMOYO_NUMBER_UNION: 1273 numbers_p++; 1274 break; 1275 } 1276 switch (right) { 1277 case TOMOYO_NAME_UNION: 1278 names_p++; 1279 break; 1280 case TOMOYO_NUMBER_UNION: 1281 numbers_p++; 1282 break; 1283 } 1284 } 1285 while (head->r.cond_index < condc) { 1286 const u8 match = condp->equals; 1287 const u8 left = condp->left; 1288 const u8 right = condp->right; 1289 1290 if (!tomoyo_flush(head)) 1291 return false; 1292 condp++; 1293 head->r.cond_index++; 1294 tomoyo_set_space(head); 1295 switch (left) { 1296 case TOMOYO_ARGV_ENTRY: 1297 tomoyo_io_printf(head, 1298 "exec.argv[%lu]%s=\"", 1299 argv->index, argv->is_not ? "!" : ""); 1300 tomoyo_set_string(head, 1301 argv->value->name); 1302 tomoyo_set_string(head, "\""); 1303 argv++; 1304 continue; 1305 case TOMOYO_ENVP_ENTRY: 1306 tomoyo_set_string(head, 1307 "exec.envp[\""); 1308 tomoyo_set_string(head, 1309 envp->name->name); 1310 tomoyo_io_printf(head, "\"]%s=", envp->is_not ? "!" : ""); 1311 if (envp->value) { 1312 tomoyo_set_string(head, "\""); 1313 tomoyo_set_string(head, envp->value->name); 1314 tomoyo_set_string(head, "\""); 1315 } else { 1316 tomoyo_set_string(head, 1317 "NULL"); 1318 } 1319 envp++; 1320 continue; 1321 case TOMOYO_NUMBER_UNION: 1322 tomoyo_print_number_union_nospace 1323 (head, numbers_p++); 1324 break; 1325 default: 1326 tomoyo_set_string(head, 1327 tomoyo_condition_keyword[left]); 1328 break; 1329 } 1330 tomoyo_set_string(head, match ? "=" : "!="); 1331 switch (right) { 1332 case TOMOYO_NAME_UNION: 1333 tomoyo_print_name_union_quoted 1334 (head, names_p++); 1335 break; 1336 case TOMOYO_NUMBER_UNION: 1337 tomoyo_print_number_union_nospace 1338 (head, numbers_p++); 1339 break; 1340 default: 1341 tomoyo_set_string(head, 1342 tomoyo_condition_keyword[right]); 1343 break; 1344 } 1345 } 1346 } 1347 head->r.cond_step++; 1348 /* fall through */ 1349 case 2: 1350 if (!tomoyo_flush(head)) 1351 break; 1352 head->r.cond_step++; 1353 /* fall through */ 1354 case 3: 1355 if (cond->grant_log != TOMOYO_GRANTLOG_AUTO) 1356 tomoyo_io_printf(head, " grant_log=%s", 1357 tomoyo_yesno(cond->grant_log == 1358 TOMOYO_GRANTLOG_YES)); 1359 tomoyo_set_lf(head); 1360 return true; 1361 } 1362 return false; 1363 } 1364 1365 /** 1366 * tomoyo_set_group - Print "acl_group " header keyword and category name. 1367 * 1368 * @head: Pointer to "struct tomoyo_io_buffer". 1369 * @category: Category name. 1370 * 1371 * Returns nothing. 1372 */ 1373 static void tomoyo_set_group(struct tomoyo_io_buffer *head, 1374 const char *category) 1375 { 1376 if (head->type == TOMOYO_EXCEPTIONPOLICY) { 1377 tomoyo_print_namespace(head); 1378 tomoyo_io_printf(head, "acl_group %u ", 1379 head->r.acl_group_index); 1380 } 1381 tomoyo_set_string(head, category); 1382 } 1383 1384 /** 1385 * tomoyo_print_entry - Print an ACL entry. 1386 * 1387 * @head: Pointer to "struct tomoyo_io_buffer". 1388 * @acl: Pointer to an ACL entry. 1389 * 1390 * Returns true on success, false otherwise. 1391 */ 1392 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, 1393 struct tomoyo_acl_info *acl) 1394 { 1395 const u8 acl_type = acl->type; 1396 bool first = true; 1397 u8 bit; 1398 1399 if (head->r.print_cond_part) 1400 goto print_cond_part; 1401 if (acl->is_deleted) 1402 return true; 1403 if (!tomoyo_flush(head)) 1404 return false; 1405 else if (acl_type == TOMOYO_TYPE_PATH_ACL) { 1406 struct tomoyo_path_acl *ptr = 1407 container_of(acl, typeof(*ptr), head); 1408 const u16 perm = ptr->perm; 1409 1410 for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { 1411 if (!(perm & (1 << bit))) 1412 continue; 1413 if (head->r.print_transition_related_only && 1414 bit != TOMOYO_TYPE_EXECUTE) 1415 continue; 1416 if (first) { 1417 tomoyo_set_group(head, "file "); 1418 first = false; 1419 } else { 1420 tomoyo_set_slash(head); 1421 } 1422 tomoyo_set_string(head, tomoyo_path_keyword[bit]); 1423 } 1424 if (first) 1425 return true; 1426 tomoyo_print_name_union(head, &ptr->name); 1427 } else if (acl_type == TOMOYO_TYPE_MANUAL_TASK_ACL) { 1428 struct tomoyo_task_acl *ptr = 1429 container_of(acl, typeof(*ptr), head); 1430 1431 tomoyo_set_group(head, "task "); 1432 tomoyo_set_string(head, "manual_domain_transition "); 1433 tomoyo_set_string(head, ptr->domainname->name); 1434 } else if (head->r.print_transition_related_only) { 1435 return true; 1436 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { 1437 struct tomoyo_path2_acl *ptr = 1438 container_of(acl, typeof(*ptr), head); 1439 const u8 perm = ptr->perm; 1440 1441 for (bit = 0; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) { 1442 if (!(perm & (1 << bit))) 1443 continue; 1444 if (first) { 1445 tomoyo_set_group(head, "file "); 1446 first = false; 1447 } else { 1448 tomoyo_set_slash(head); 1449 } 1450 tomoyo_set_string(head, tomoyo_mac_keywords 1451 [tomoyo_pp2mac[bit]]); 1452 } 1453 if (first) 1454 return true; 1455 tomoyo_print_name_union(head, &ptr->name1); 1456 tomoyo_print_name_union(head, &ptr->name2); 1457 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) { 1458 struct tomoyo_path_number_acl *ptr = 1459 container_of(acl, typeof(*ptr), head); 1460 const u8 perm = ptr->perm; 1461 1462 for (bit = 0; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; bit++) { 1463 if (!(perm & (1 << bit))) 1464 continue; 1465 if (first) { 1466 tomoyo_set_group(head, "file "); 1467 first = false; 1468 } else { 1469 tomoyo_set_slash(head); 1470 } 1471 tomoyo_set_string(head, tomoyo_mac_keywords 1472 [tomoyo_pn2mac[bit]]); 1473 } 1474 if (first) 1475 return true; 1476 tomoyo_print_name_union(head, &ptr->name); 1477 tomoyo_print_number_union(head, &ptr->number); 1478 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) { 1479 struct tomoyo_mkdev_acl *ptr = 1480 container_of(acl, typeof(*ptr), head); 1481 const u8 perm = ptr->perm; 1482 1483 for (bit = 0; bit < TOMOYO_MAX_MKDEV_OPERATION; bit++) { 1484 if (!(perm & (1 << bit))) 1485 continue; 1486 if (first) { 1487 tomoyo_set_group(head, "file "); 1488 first = false; 1489 } else { 1490 tomoyo_set_slash(head); 1491 } 1492 tomoyo_set_string(head, tomoyo_mac_keywords 1493 [tomoyo_pnnn2mac[bit]]); 1494 } 1495 if (first) 1496 return true; 1497 tomoyo_print_name_union(head, &ptr->name); 1498 tomoyo_print_number_union(head, &ptr->mode); 1499 tomoyo_print_number_union(head, &ptr->major); 1500 tomoyo_print_number_union(head, &ptr->minor); 1501 } else if (acl_type == TOMOYO_TYPE_INET_ACL) { 1502 struct tomoyo_inet_acl *ptr = 1503 container_of(acl, typeof(*ptr), head); 1504 const u8 perm = ptr->perm; 1505 1506 for (bit = 0; bit < TOMOYO_MAX_NETWORK_OPERATION; bit++) { 1507 if (!(perm & (1 << bit))) 1508 continue; 1509 if (first) { 1510 tomoyo_set_group(head, "network inet "); 1511 tomoyo_set_string(head, tomoyo_proto_keyword 1512 [ptr->protocol]); 1513 tomoyo_set_space(head); 1514 first = false; 1515 } else { 1516 tomoyo_set_slash(head); 1517 } 1518 tomoyo_set_string(head, tomoyo_socket_keyword[bit]); 1519 } 1520 if (first) 1521 return true; 1522 tomoyo_set_space(head); 1523 if (ptr->address.group) { 1524 tomoyo_set_string(head, "@"); 1525 tomoyo_set_string(head, ptr->address.group->group_name 1526 ->name); 1527 } else { 1528 char buf[128]; 1529 1530 tomoyo_print_ip(buf, sizeof(buf), &ptr->address); 1531 tomoyo_io_printf(head, "%s", buf); 1532 } 1533 tomoyo_print_number_union(head, &ptr->port); 1534 } else if (acl_type == TOMOYO_TYPE_UNIX_ACL) { 1535 struct tomoyo_unix_acl *ptr = 1536 container_of(acl, typeof(*ptr), head); 1537 const u8 perm = ptr->perm; 1538 1539 for (bit = 0; bit < TOMOYO_MAX_NETWORK_OPERATION; bit++) { 1540 if (!(perm & (1 << bit))) 1541 continue; 1542 if (first) { 1543 tomoyo_set_group(head, "network unix "); 1544 tomoyo_set_string(head, tomoyo_proto_keyword 1545 [ptr->protocol]); 1546 tomoyo_set_space(head); 1547 first = false; 1548 } else { 1549 tomoyo_set_slash(head); 1550 } 1551 tomoyo_set_string(head, tomoyo_socket_keyword[bit]); 1552 } 1553 if (first) 1554 return true; 1555 tomoyo_print_name_union(head, &ptr->name); 1556 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) { 1557 struct tomoyo_mount_acl *ptr = 1558 container_of(acl, typeof(*ptr), head); 1559 1560 tomoyo_set_group(head, "file mount"); 1561 tomoyo_print_name_union(head, &ptr->dev_name); 1562 tomoyo_print_name_union(head, &ptr->dir_name); 1563 tomoyo_print_name_union(head, &ptr->fs_type); 1564 tomoyo_print_number_union(head, &ptr->flags); 1565 } else if (acl_type == TOMOYO_TYPE_ENV_ACL) { 1566 struct tomoyo_env_acl *ptr = 1567 container_of(acl, typeof(*ptr), head); 1568 1569 tomoyo_set_group(head, "misc env "); 1570 tomoyo_set_string(head, ptr->env->name); 1571 } 1572 if (acl->cond) { 1573 head->r.print_cond_part = true; 1574 head->r.cond_step = 0; 1575 if (!tomoyo_flush(head)) 1576 return false; 1577 print_cond_part: 1578 if (!tomoyo_print_condition(head, acl->cond)) 1579 return false; 1580 head->r.print_cond_part = false; 1581 } else { 1582 tomoyo_set_lf(head); 1583 } 1584 return true; 1585 } 1586 1587 /** 1588 * tomoyo_read_domain2 - Read domain policy. 1589 * 1590 * @head: Pointer to "struct tomoyo_io_buffer". 1591 * @list: Pointer to "struct list_head". 1592 * 1593 * Caller holds tomoyo_read_lock(). 1594 * 1595 * Returns true on success, false otherwise. 1596 */ 1597 static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head, 1598 struct list_head *list) 1599 { 1600 list_for_each_cookie(head->r.acl, list) { 1601 struct tomoyo_acl_info *ptr = 1602 list_entry(head->r.acl, typeof(*ptr), list); 1603 1604 if (!tomoyo_print_entry(head, ptr)) 1605 return false; 1606 } 1607 head->r.acl = NULL; 1608 return true; 1609 } 1610 1611 /** 1612 * tomoyo_read_domain - Read domain policy. 1613 * 1614 * @head: Pointer to "struct tomoyo_io_buffer". 1615 * 1616 * Caller holds tomoyo_read_lock(). 1617 */ 1618 static void tomoyo_read_domain(struct tomoyo_io_buffer *head) 1619 { 1620 if (head->r.eof) 1621 return; 1622 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { 1623 struct tomoyo_domain_info *domain = 1624 list_entry(head->r.domain, typeof(*domain), list); 1625 u8 i; 1626 1627 switch (head->r.step) { 1628 case 0: 1629 if (domain->is_deleted && 1630 !head->r.print_this_domain_only) 1631 continue; 1632 /* Print domainname and flags. */ 1633 tomoyo_set_string(head, domain->domainname->name); 1634 tomoyo_set_lf(head); 1635 tomoyo_io_printf(head, "use_profile %u\n", 1636 domain->profile); 1637 for (i = 0; i < TOMOYO_MAX_DOMAIN_INFO_FLAGS; i++) 1638 if (domain->flags[i]) 1639 tomoyo_set_string(head, tomoyo_dif[i]); 1640 head->r.index = 0; 1641 head->r.step++; 1642 /* fall through */ 1643 case 1: 1644 while (head->r.index < TOMOYO_MAX_ACL_GROUPS) { 1645 i = head->r.index++; 1646 if (!test_bit(i, domain->group)) 1647 continue; 1648 tomoyo_io_printf(head, "use_group %u\n", i); 1649 if (!tomoyo_flush(head)) 1650 return; 1651 } 1652 head->r.index = 0; 1653 head->r.step++; 1654 tomoyo_set_lf(head); 1655 /* fall through */ 1656 case 2: 1657 if (!tomoyo_read_domain2(head, &domain->acl_info_list)) 1658 return; 1659 head->r.step++; 1660 if (!tomoyo_set_lf(head)) 1661 return; 1662 /* fall through */ 1663 case 3: 1664 head->r.step = 0; 1665 if (head->r.print_this_domain_only) 1666 goto done; 1667 } 1668 } 1669 done: 1670 head->r.eof = true; 1671 } 1672 1673 /** 1674 * tomoyo_write_pid: Specify PID to obtain domainname. 1675 * 1676 * @head: Pointer to "struct tomoyo_io_buffer". 1677 * 1678 * Returns 0. 1679 */ 1680 static int tomoyo_write_pid(struct tomoyo_io_buffer *head) 1681 { 1682 head->r.eof = false; 1683 return 0; 1684 } 1685 1686 /** 1687 * tomoyo_read_pid - Get domainname of the specified PID. 1688 * 1689 * @head: Pointer to "struct tomoyo_io_buffer". 1690 * 1691 * Returns the domainname which the specified PID is in on success, 1692 * empty string otherwise. 1693 * The PID is specified by tomoyo_write_pid() so that the user can obtain 1694 * using read()/write() interface rather than sysctl() interface. 1695 */ 1696 static void tomoyo_read_pid(struct tomoyo_io_buffer *head) 1697 { 1698 char *buf = head->write_buf; 1699 bool global_pid = false; 1700 unsigned int pid; 1701 struct task_struct *p; 1702 struct tomoyo_domain_info *domain = NULL; 1703 1704 /* Accessing write_buf is safe because head->io_sem is held. */ 1705 if (!buf) { 1706 head->r.eof = true; 1707 return; /* Do nothing if open(O_RDONLY). */ 1708 } 1709 if (head->r.w_pos || head->r.eof) 1710 return; 1711 head->r.eof = true; 1712 if (tomoyo_str_starts(&buf, "global-pid ")) 1713 global_pid = true; 1714 if (kstrtouint(buf, 10, &pid)) 1715 return; 1716 rcu_read_lock(); 1717 if (global_pid) 1718 p = find_task_by_pid_ns(pid, &init_pid_ns); 1719 else 1720 p = find_task_by_vpid(pid); 1721 if (p) 1722 domain = tomoyo_task(p)->domain_info; 1723 rcu_read_unlock(); 1724 if (!domain) 1725 return; 1726 tomoyo_io_printf(head, "%u %u ", pid, domain->profile); 1727 tomoyo_set_string(head, domain->domainname->name); 1728 } 1729 1730 /* String table for domain transition control keywords. */ 1731 static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { 1732 [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ", 1733 [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ", 1734 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ", 1735 [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ", 1736 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain ", 1737 [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ", 1738 }; 1739 1740 /* String table for grouping keywords. */ 1741 static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { 1742 [TOMOYO_PATH_GROUP] = "path_group ", 1743 [TOMOYO_NUMBER_GROUP] = "number_group ", 1744 [TOMOYO_ADDRESS_GROUP] = "address_group ", 1745 }; 1746 1747 /** 1748 * tomoyo_write_exception - Write exception policy. 1749 * 1750 * @head: Pointer to "struct tomoyo_io_buffer". 1751 * 1752 * Returns 0 on success, negative value otherwise. 1753 * 1754 * Caller holds tomoyo_read_lock(). 1755 */ 1756 static int tomoyo_write_exception(struct tomoyo_io_buffer *head) 1757 { 1758 const bool is_delete = head->w.is_delete; 1759 struct tomoyo_acl_param param = { 1760 .ns = head->w.ns, 1761 .is_delete = is_delete, 1762 .data = head->write_buf, 1763 }; 1764 u8 i; 1765 1766 if (tomoyo_str_starts(¶m.data, "aggregator ")) 1767 return tomoyo_write_aggregator(¶m); 1768 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) 1769 if (tomoyo_str_starts(¶m.data, tomoyo_transition_type[i])) 1770 return tomoyo_write_transition_control(¶m, i); 1771 for (i = 0; i < TOMOYO_MAX_GROUP; i++) 1772 if (tomoyo_str_starts(¶m.data, tomoyo_group_name[i])) 1773 return tomoyo_write_group(¶m, i); 1774 if (tomoyo_str_starts(¶m.data, "acl_group ")) { 1775 unsigned int group; 1776 char *data; 1777 1778 group = simple_strtoul(param.data, &data, 10); 1779 if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ') 1780 return tomoyo_write_domain2 1781 (head->w.ns, &head->w.ns->acl_group[group], 1782 data, is_delete); 1783 } 1784 return -EINVAL; 1785 } 1786 1787 /** 1788 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group"/"struct tomoyo_address_group" list. 1789 * 1790 * @head: Pointer to "struct tomoyo_io_buffer". 1791 * @idx: Index number. 1792 * 1793 * Returns true on success, false otherwise. 1794 * 1795 * Caller holds tomoyo_read_lock(). 1796 */ 1797 static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) 1798 { 1799 struct tomoyo_policy_namespace *ns = 1800 container_of(head->r.ns, typeof(*ns), namespace_list); 1801 struct list_head *list = &ns->group_list[idx]; 1802 1803 list_for_each_cookie(head->r.group, list) { 1804 struct tomoyo_group *group = 1805 list_entry(head->r.group, typeof(*group), head.list); 1806 1807 list_for_each_cookie(head->r.acl, &group->member_list) { 1808 struct tomoyo_acl_head *ptr = 1809 list_entry(head->r.acl, typeof(*ptr), list); 1810 1811 if (ptr->is_deleted) 1812 continue; 1813 if (!tomoyo_flush(head)) 1814 return false; 1815 tomoyo_print_namespace(head); 1816 tomoyo_set_string(head, tomoyo_group_name[idx]); 1817 tomoyo_set_string(head, group->group_name->name); 1818 if (idx == TOMOYO_PATH_GROUP) { 1819 tomoyo_set_space(head); 1820 tomoyo_set_string(head, container_of 1821 (ptr, struct tomoyo_path_group, 1822 head)->member_name->name); 1823 } else if (idx == TOMOYO_NUMBER_GROUP) { 1824 tomoyo_print_number_union(head, &container_of 1825 (ptr, 1826 struct tomoyo_number_group, 1827 head)->number); 1828 } else if (idx == TOMOYO_ADDRESS_GROUP) { 1829 char buffer[128]; 1830 struct tomoyo_address_group *member = 1831 container_of(ptr, typeof(*member), 1832 head); 1833 1834 tomoyo_print_ip(buffer, sizeof(buffer), 1835 &member->address); 1836 tomoyo_io_printf(head, " %s", buffer); 1837 } 1838 tomoyo_set_lf(head); 1839 } 1840 head->r.acl = NULL; 1841 } 1842 head->r.group = NULL; 1843 return true; 1844 } 1845 1846 /** 1847 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list. 1848 * 1849 * @head: Pointer to "struct tomoyo_io_buffer". 1850 * @idx: Index number. 1851 * 1852 * Returns true on success, false otherwise. 1853 * 1854 * Caller holds tomoyo_read_lock(). 1855 */ 1856 static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) 1857 { 1858 struct tomoyo_policy_namespace *ns = 1859 container_of(head->r.ns, typeof(*ns), namespace_list); 1860 struct list_head *list = &ns->policy_list[idx]; 1861 1862 list_for_each_cookie(head->r.acl, list) { 1863 struct tomoyo_acl_head *acl = 1864 container_of(head->r.acl, typeof(*acl), list); 1865 if (acl->is_deleted) 1866 continue; 1867 if (!tomoyo_flush(head)) 1868 return false; 1869 switch (idx) { 1870 case TOMOYO_ID_TRANSITION_CONTROL: 1871 { 1872 struct tomoyo_transition_control *ptr = 1873 container_of(acl, typeof(*ptr), head); 1874 1875 tomoyo_print_namespace(head); 1876 tomoyo_set_string(head, tomoyo_transition_type 1877 [ptr->type]); 1878 tomoyo_set_string(head, ptr->program ? 1879 ptr->program->name : "any"); 1880 tomoyo_set_string(head, " from "); 1881 tomoyo_set_string(head, ptr->domainname ? 1882 ptr->domainname->name : 1883 "any"); 1884 } 1885 break; 1886 case TOMOYO_ID_AGGREGATOR: 1887 { 1888 struct tomoyo_aggregator *ptr = 1889 container_of(acl, typeof(*ptr), head); 1890 1891 tomoyo_print_namespace(head); 1892 tomoyo_set_string(head, "aggregator "); 1893 tomoyo_set_string(head, 1894 ptr->original_name->name); 1895 tomoyo_set_space(head); 1896 tomoyo_set_string(head, 1897 ptr->aggregated_name->name); 1898 } 1899 break; 1900 default: 1901 continue; 1902 } 1903 tomoyo_set_lf(head); 1904 } 1905 head->r.acl = NULL; 1906 return true; 1907 } 1908 1909 /** 1910 * tomoyo_read_exception - Read exception policy. 1911 * 1912 * @head: Pointer to "struct tomoyo_io_buffer". 1913 * 1914 * Caller holds tomoyo_read_lock(). 1915 */ 1916 static void tomoyo_read_exception(struct tomoyo_io_buffer *head) 1917 { 1918 struct tomoyo_policy_namespace *ns = 1919 container_of(head->r.ns, typeof(*ns), namespace_list); 1920 1921 if (head->r.eof) 1922 return; 1923 while (head->r.step < TOMOYO_MAX_POLICY && 1924 tomoyo_read_policy(head, head->r.step)) 1925 head->r.step++; 1926 if (head->r.step < TOMOYO_MAX_POLICY) 1927 return; 1928 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP && 1929 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY)) 1930 head->r.step++; 1931 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP) 1932 return; 1933 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP 1934 + TOMOYO_MAX_ACL_GROUPS) { 1935 head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY 1936 - TOMOYO_MAX_GROUP; 1937 if (!tomoyo_read_domain2(head, &ns->acl_group 1938 [head->r.acl_group_index])) 1939 return; 1940 head->r.step++; 1941 } 1942 head->r.eof = true; 1943 } 1944 1945 /* Wait queue for kernel -> userspace notification. */ 1946 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait); 1947 /* Wait queue for userspace -> kernel notification. */ 1948 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait); 1949 1950 /* Structure for query. */ 1951 struct tomoyo_query { 1952 struct list_head list; 1953 struct tomoyo_domain_info *domain; 1954 char *query; 1955 size_t query_len; 1956 unsigned int serial; 1957 u8 timer; 1958 u8 answer; 1959 u8 retry; 1960 }; 1961 1962 /* The list for "struct tomoyo_query". */ 1963 static LIST_HEAD(tomoyo_query_list); 1964 1965 /* Lock for manipulating tomoyo_query_list. */ 1966 static DEFINE_SPINLOCK(tomoyo_query_list_lock); 1967 1968 /* 1969 * Number of "struct file" referring /sys/kernel/security/tomoyo/query 1970 * interface. 1971 */ 1972 static atomic_t tomoyo_query_observers = ATOMIC_INIT(0); 1973 1974 /** 1975 * tomoyo_truncate - Truncate a line. 1976 * 1977 * @str: String to truncate. 1978 * 1979 * Returns length of truncated @str. 1980 */ 1981 static int tomoyo_truncate(char *str) 1982 { 1983 char *start = str; 1984 1985 while (*(unsigned char *) str > (unsigned char) ' ') 1986 str++; 1987 *str = '\0'; 1988 return strlen(start) + 1; 1989 } 1990 1991 /** 1992 * tomoyo_add_entry - Add an ACL to current thread's domain. Used by learning mode. 1993 * 1994 * @domain: Pointer to "struct tomoyo_domain_info". 1995 * @header: Lines containing ACL. 1996 * 1997 * Returns nothing. 1998 */ 1999 static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header) 2000 { 2001 char *buffer; 2002 char *realpath = NULL; 2003 char *argv0 = NULL; 2004 char *symlink = NULL; 2005 char *cp = strchr(header, '\n'); 2006 int len; 2007 2008 if (!cp) 2009 return; 2010 cp = strchr(cp + 1, '\n'); 2011 if (!cp) 2012 return; 2013 *cp++ = '\0'; 2014 len = strlen(cp) + 1; 2015 /* strstr() will return NULL if ordering is wrong. */ 2016 if (*cp == 'f') { 2017 argv0 = strstr(header, " argv[]={ \""); 2018 if (argv0) { 2019 argv0 += 10; 2020 len += tomoyo_truncate(argv0) + 14; 2021 } 2022 realpath = strstr(header, " exec={ realpath=\""); 2023 if (realpath) { 2024 realpath += 8; 2025 len += tomoyo_truncate(realpath) + 6; 2026 } 2027 symlink = strstr(header, " symlink.target=\""); 2028 if (symlink) 2029 len += tomoyo_truncate(symlink + 1) + 1; 2030 } 2031 buffer = kmalloc(len, GFP_NOFS); 2032 if (!buffer) 2033 return; 2034 snprintf(buffer, len - 1, "%s", cp); 2035 if (realpath) 2036 tomoyo_addprintf(buffer, len, " exec.%s", realpath); 2037 if (argv0) 2038 tomoyo_addprintf(buffer, len, " exec.argv[0]=%s", argv0); 2039 if (symlink) 2040 tomoyo_addprintf(buffer, len, "%s", symlink); 2041 tomoyo_normalize_line(buffer); 2042 if (!tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer, 2043 false)) 2044 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES); 2045 kfree(buffer); 2046 } 2047 2048 /** 2049 * tomoyo_supervisor - Ask for the supervisor's decision. 2050 * 2051 * @r: Pointer to "struct tomoyo_request_info". 2052 * @fmt: The printf()'s format string, followed by parameters. 2053 * 2054 * Returns 0 if the supervisor decided to permit the access request which 2055 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the 2056 * supervisor decided to retry the access request which violated the policy in 2057 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise. 2058 */ 2059 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) 2060 { 2061 va_list args; 2062 int error; 2063 int len; 2064 static unsigned int tomoyo_serial; 2065 struct tomoyo_query entry = { }; 2066 bool quota_exceeded = false; 2067 2068 va_start(args, fmt); 2069 len = vsnprintf((char *) &len, 1, fmt, args) + 1; 2070 va_end(args); 2071 /* Write /sys/kernel/security/tomoyo/audit. */ 2072 va_start(args, fmt); 2073 tomoyo_write_log2(r, len, fmt, args); 2074 va_end(args); 2075 /* Nothing more to do if granted. */ 2076 if (r->granted) 2077 return 0; 2078 if (r->mode) 2079 tomoyo_update_stat(r->mode); 2080 switch (r->mode) { 2081 case TOMOYO_CONFIG_ENFORCING: 2082 error = -EPERM; 2083 if (atomic_read(&tomoyo_query_observers)) 2084 break; 2085 goto out; 2086 case TOMOYO_CONFIG_LEARNING: 2087 error = 0; 2088 /* Check max_learning_entry parameter. */ 2089 if (tomoyo_domain_quota_is_ok(r)) 2090 break; 2091 /* fall through */ 2092 default: 2093 return 0; 2094 } 2095 /* Get message. */ 2096 va_start(args, fmt); 2097 entry.query = tomoyo_init_log(r, len, fmt, args); 2098 va_end(args); 2099 if (!entry.query) 2100 goto out; 2101 entry.query_len = strlen(entry.query) + 1; 2102 if (!error) { 2103 tomoyo_add_entry(r->domain, entry.query); 2104 goto out; 2105 } 2106 len = tomoyo_round2(entry.query_len); 2107 entry.domain = r->domain; 2108 spin_lock(&tomoyo_query_list_lock); 2109 if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] && 2110 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len 2111 >= tomoyo_memory_quota[TOMOYO_MEMORY_QUERY]) { 2112 quota_exceeded = true; 2113 } else { 2114 entry.serial = tomoyo_serial++; 2115 entry.retry = r->retry; 2116 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] += len; 2117 list_add_tail(&entry.list, &tomoyo_query_list); 2118 } 2119 spin_unlock(&tomoyo_query_list_lock); 2120 if (quota_exceeded) 2121 goto out; 2122 /* Give 10 seconds for supervisor's opinion. */ 2123 while (entry.timer < 10) { 2124 wake_up_all(&tomoyo_query_wait); 2125 if (wait_event_interruptible_timeout 2126 (tomoyo_answer_wait, entry.answer || 2127 !atomic_read(&tomoyo_query_observers), HZ)) 2128 break; 2129 entry.timer++; 2130 } 2131 spin_lock(&tomoyo_query_list_lock); 2132 list_del(&entry.list); 2133 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] -= len; 2134 spin_unlock(&tomoyo_query_list_lock); 2135 switch (entry.answer) { 2136 case 3: /* Asked to retry by administrator. */ 2137 error = TOMOYO_RETRY_REQUEST; 2138 r->retry++; 2139 break; 2140 case 1: 2141 /* Granted by administrator. */ 2142 error = 0; 2143 break; 2144 default: 2145 /* Timed out or rejected by administrator. */ 2146 break; 2147 } 2148 out: 2149 kfree(entry.query); 2150 return error; 2151 } 2152 2153 /** 2154 * tomoyo_find_domain_by_qid - Get domain by query id. 2155 * 2156 * @serial: Query ID assigned by tomoyo_supervisor(). 2157 * 2158 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise. 2159 */ 2160 static struct tomoyo_domain_info *tomoyo_find_domain_by_qid 2161 (unsigned int serial) 2162 { 2163 struct tomoyo_query *ptr; 2164 struct tomoyo_domain_info *domain = NULL; 2165 2166 spin_lock(&tomoyo_query_list_lock); 2167 list_for_each_entry(ptr, &tomoyo_query_list, list) { 2168 if (ptr->serial != serial) 2169 continue; 2170 domain = ptr->domain; 2171 break; 2172 } 2173 spin_unlock(&tomoyo_query_list_lock); 2174 return domain; 2175 } 2176 2177 /** 2178 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query. 2179 * 2180 * @file: Pointer to "struct file". 2181 * @wait: Pointer to "poll_table". 2182 * 2183 * Returns EPOLLIN | EPOLLRDNORM when ready to read, 0 otherwise. 2184 * 2185 * Waits for access requests which violated policy in enforcing mode. 2186 */ 2187 static __poll_t tomoyo_poll_query(struct file *file, poll_table *wait) 2188 { 2189 if (!list_empty(&tomoyo_query_list)) 2190 return EPOLLIN | EPOLLRDNORM; 2191 poll_wait(file, &tomoyo_query_wait, wait); 2192 if (!list_empty(&tomoyo_query_list)) 2193 return EPOLLIN | EPOLLRDNORM; 2194 return 0; 2195 } 2196 2197 /** 2198 * tomoyo_read_query - Read access requests which violated policy in enforcing mode. 2199 * 2200 * @head: Pointer to "struct tomoyo_io_buffer". 2201 */ 2202 static void tomoyo_read_query(struct tomoyo_io_buffer *head) 2203 { 2204 struct list_head *tmp; 2205 unsigned int pos = 0; 2206 size_t len = 0; 2207 char *buf; 2208 2209 if (head->r.w_pos) 2210 return; 2211 kfree(head->read_buf); 2212 head->read_buf = NULL; 2213 spin_lock(&tomoyo_query_list_lock); 2214 list_for_each(tmp, &tomoyo_query_list) { 2215 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2216 2217 if (pos++ != head->r.query_index) 2218 continue; 2219 len = ptr->query_len; 2220 break; 2221 } 2222 spin_unlock(&tomoyo_query_list_lock); 2223 if (!len) { 2224 head->r.query_index = 0; 2225 return; 2226 } 2227 buf = kzalloc(len + 32, GFP_NOFS); 2228 if (!buf) 2229 return; 2230 pos = 0; 2231 spin_lock(&tomoyo_query_list_lock); 2232 list_for_each(tmp, &tomoyo_query_list) { 2233 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2234 2235 if (pos++ != head->r.query_index) 2236 continue; 2237 /* 2238 * Some query can be skipped because tomoyo_query_list 2239 * can change, but I don't care. 2240 */ 2241 if (len == ptr->query_len) 2242 snprintf(buf, len + 31, "Q%u-%hu\n%s", ptr->serial, 2243 ptr->retry, ptr->query); 2244 break; 2245 } 2246 spin_unlock(&tomoyo_query_list_lock); 2247 if (buf[0]) { 2248 head->read_buf = buf; 2249 head->r.w[head->r.w_pos++] = buf; 2250 head->r.query_index++; 2251 } else { 2252 kfree(buf); 2253 } 2254 } 2255 2256 /** 2257 * tomoyo_write_answer - Write the supervisor's decision. 2258 * 2259 * @head: Pointer to "struct tomoyo_io_buffer". 2260 * 2261 * Returns 0 on success, -EINVAL otherwise. 2262 */ 2263 static int tomoyo_write_answer(struct tomoyo_io_buffer *head) 2264 { 2265 char *data = head->write_buf; 2266 struct list_head *tmp; 2267 unsigned int serial; 2268 unsigned int answer; 2269 2270 spin_lock(&tomoyo_query_list_lock); 2271 list_for_each(tmp, &tomoyo_query_list) { 2272 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2273 2274 ptr->timer = 0; 2275 } 2276 spin_unlock(&tomoyo_query_list_lock); 2277 if (sscanf(data, "A%u=%u", &serial, &answer) != 2) 2278 return -EINVAL; 2279 spin_lock(&tomoyo_query_list_lock); 2280 list_for_each(tmp, &tomoyo_query_list) { 2281 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2282 2283 if (ptr->serial != serial) 2284 continue; 2285 ptr->answer = answer; 2286 /* Remove from tomoyo_query_list. */ 2287 if (ptr->answer) 2288 list_del_init(&ptr->list); 2289 break; 2290 } 2291 spin_unlock(&tomoyo_query_list_lock); 2292 return 0; 2293 } 2294 2295 /** 2296 * tomoyo_read_version: Get version. 2297 * 2298 * @head: Pointer to "struct tomoyo_io_buffer". 2299 * 2300 * Returns version information. 2301 */ 2302 static void tomoyo_read_version(struct tomoyo_io_buffer *head) 2303 { 2304 if (!head->r.eof) { 2305 tomoyo_io_printf(head, "2.6.0"); 2306 head->r.eof = true; 2307 } 2308 } 2309 2310 /* String table for /sys/kernel/security/tomoyo/stat interface. */ 2311 static const char * const tomoyo_policy_headers[TOMOYO_MAX_POLICY_STAT] = { 2312 [TOMOYO_STAT_POLICY_UPDATES] = "update:", 2313 [TOMOYO_STAT_POLICY_LEARNING] = "violation in learning mode:", 2314 [TOMOYO_STAT_POLICY_PERMISSIVE] = "violation in permissive mode:", 2315 [TOMOYO_STAT_POLICY_ENFORCING] = "violation in enforcing mode:", 2316 }; 2317 2318 /* String table for /sys/kernel/security/tomoyo/stat interface. */ 2319 static const char * const tomoyo_memory_headers[TOMOYO_MAX_MEMORY_STAT] = { 2320 [TOMOYO_MEMORY_POLICY] = "policy:", 2321 [TOMOYO_MEMORY_AUDIT] = "audit log:", 2322 [TOMOYO_MEMORY_QUERY] = "query message:", 2323 }; 2324 2325 /* Timestamp counter for last updated. */ 2326 static unsigned int tomoyo_stat_updated[TOMOYO_MAX_POLICY_STAT]; 2327 /* Counter for number of updates. */ 2328 static time64_t tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT]; 2329 2330 /** 2331 * tomoyo_update_stat - Update statistic counters. 2332 * 2333 * @index: Index for policy type. 2334 * 2335 * Returns nothing. 2336 */ 2337 void tomoyo_update_stat(const u8 index) 2338 { 2339 /* 2340 * I don't use atomic operations because race condition is not fatal. 2341 */ 2342 tomoyo_stat_updated[index]++; 2343 tomoyo_stat_modified[index] = ktime_get_real_seconds(); 2344 } 2345 2346 /** 2347 * tomoyo_read_stat - Read statistic data. 2348 * 2349 * @head: Pointer to "struct tomoyo_io_buffer". 2350 * 2351 * Returns nothing. 2352 */ 2353 static void tomoyo_read_stat(struct tomoyo_io_buffer *head) 2354 { 2355 u8 i; 2356 unsigned int total = 0; 2357 2358 if (head->r.eof) 2359 return; 2360 for (i = 0; i < TOMOYO_MAX_POLICY_STAT; i++) { 2361 tomoyo_io_printf(head, "Policy %-30s %10u", 2362 tomoyo_policy_headers[i], 2363 tomoyo_stat_updated[i]); 2364 if (tomoyo_stat_modified[i]) { 2365 struct tomoyo_time stamp; 2366 2367 tomoyo_convert_time(tomoyo_stat_modified[i], &stamp); 2368 tomoyo_io_printf(head, " (Last: %04u/%02u/%02u %02u:%02u:%02u)", 2369 stamp.year, stamp.month, stamp.day, 2370 stamp.hour, stamp.min, stamp.sec); 2371 } 2372 tomoyo_set_lf(head); 2373 } 2374 for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) { 2375 unsigned int used = tomoyo_memory_used[i]; 2376 2377 total += used; 2378 tomoyo_io_printf(head, "Memory used by %-22s %10u", 2379 tomoyo_memory_headers[i], used); 2380 used = tomoyo_memory_quota[i]; 2381 if (used) 2382 tomoyo_io_printf(head, " (Quota: %10u)", used); 2383 tomoyo_set_lf(head); 2384 } 2385 tomoyo_io_printf(head, "Total memory used: %10u\n", 2386 total); 2387 head->r.eof = true; 2388 } 2389 2390 /** 2391 * tomoyo_write_stat - Set memory quota. 2392 * 2393 * @head: Pointer to "struct tomoyo_io_buffer". 2394 * 2395 * Returns 0. 2396 */ 2397 static int tomoyo_write_stat(struct tomoyo_io_buffer *head) 2398 { 2399 char *data = head->write_buf; 2400 u8 i; 2401 2402 if (tomoyo_str_starts(&data, "Memory used by ")) 2403 for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) 2404 if (tomoyo_str_starts(&data, tomoyo_memory_headers[i])) 2405 sscanf(data, "%u", &tomoyo_memory_quota[i]); 2406 return 0; 2407 } 2408 2409 /** 2410 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface. 2411 * 2412 * @type: Type of interface. 2413 * @file: Pointer to "struct file". 2414 * 2415 * Returns 0 on success, negative value otherwise. 2416 */ 2417 int tomoyo_open_control(const u8 type, struct file *file) 2418 { 2419 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS); 2420 2421 if (!head) 2422 return -ENOMEM; 2423 mutex_init(&head->io_sem); 2424 head->type = type; 2425 switch (type) { 2426 case TOMOYO_DOMAINPOLICY: 2427 /* /sys/kernel/security/tomoyo/domain_policy */ 2428 head->write = tomoyo_write_domain; 2429 head->read = tomoyo_read_domain; 2430 break; 2431 case TOMOYO_EXCEPTIONPOLICY: 2432 /* /sys/kernel/security/tomoyo/exception_policy */ 2433 head->write = tomoyo_write_exception; 2434 head->read = tomoyo_read_exception; 2435 break; 2436 case TOMOYO_AUDIT: 2437 /* /sys/kernel/security/tomoyo/audit */ 2438 head->poll = tomoyo_poll_log; 2439 head->read = tomoyo_read_log; 2440 break; 2441 case TOMOYO_PROCESS_STATUS: 2442 /* /sys/kernel/security/tomoyo/.process_status */ 2443 head->write = tomoyo_write_pid; 2444 head->read = tomoyo_read_pid; 2445 break; 2446 case TOMOYO_VERSION: 2447 /* /sys/kernel/security/tomoyo/version */ 2448 head->read = tomoyo_read_version; 2449 head->readbuf_size = 128; 2450 break; 2451 case TOMOYO_STAT: 2452 /* /sys/kernel/security/tomoyo/stat */ 2453 head->write = tomoyo_write_stat; 2454 head->read = tomoyo_read_stat; 2455 head->readbuf_size = 1024; 2456 break; 2457 case TOMOYO_PROFILE: 2458 /* /sys/kernel/security/tomoyo/profile */ 2459 head->write = tomoyo_write_profile; 2460 head->read = tomoyo_read_profile; 2461 break; 2462 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */ 2463 head->poll = tomoyo_poll_query; 2464 head->write = tomoyo_write_answer; 2465 head->read = tomoyo_read_query; 2466 break; 2467 case TOMOYO_MANAGER: 2468 /* /sys/kernel/security/tomoyo/manager */ 2469 head->write = tomoyo_write_manager; 2470 head->read = tomoyo_read_manager; 2471 break; 2472 } 2473 if (!(file->f_mode & FMODE_READ)) { 2474 /* 2475 * No need to allocate read_buf since it is not opened 2476 * for reading. 2477 */ 2478 head->read = NULL; 2479 head->poll = NULL; 2480 } else if (!head->poll) { 2481 /* Don't allocate read_buf for poll() access. */ 2482 if (!head->readbuf_size) 2483 head->readbuf_size = 4096 * 2; 2484 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS); 2485 if (!head->read_buf) { 2486 kfree(head); 2487 return -ENOMEM; 2488 } 2489 } 2490 if (!(file->f_mode & FMODE_WRITE)) { 2491 /* 2492 * No need to allocate write_buf since it is not opened 2493 * for writing. 2494 */ 2495 head->write = NULL; 2496 } else if (head->write) { 2497 head->writebuf_size = 4096 * 2; 2498 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS); 2499 if (!head->write_buf) { 2500 kfree(head->read_buf); 2501 kfree(head); 2502 return -ENOMEM; 2503 } 2504 } 2505 /* 2506 * If the file is /sys/kernel/security/tomoyo/query , increment the 2507 * observer counter. 2508 * The obserber counter is used by tomoyo_supervisor() to see if 2509 * there is some process monitoring /sys/kernel/security/tomoyo/query. 2510 */ 2511 if (type == TOMOYO_QUERY) 2512 atomic_inc(&tomoyo_query_observers); 2513 file->private_data = head; 2514 tomoyo_notify_gc(head, true); 2515 return 0; 2516 } 2517 2518 /** 2519 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface. 2520 * 2521 * @file: Pointer to "struct file". 2522 * @wait: Pointer to "poll_table". Maybe NULL. 2523 * 2524 * Returns EPOLLIN | EPOLLRDNORM | EPOLLOUT | EPOLLWRNORM if ready to read/write, 2525 * EPOLLOUT | EPOLLWRNORM otherwise. 2526 */ 2527 __poll_t tomoyo_poll_control(struct file *file, poll_table *wait) 2528 { 2529 struct tomoyo_io_buffer *head = file->private_data; 2530 2531 if (head->poll) 2532 return head->poll(file, wait) | EPOLLOUT | EPOLLWRNORM; 2533 return EPOLLIN | EPOLLRDNORM | EPOLLOUT | EPOLLWRNORM; 2534 } 2535 2536 /** 2537 * tomoyo_set_namespace_cursor - Set namespace to read. 2538 * 2539 * @head: Pointer to "struct tomoyo_io_buffer". 2540 * 2541 * Returns nothing. 2542 */ 2543 static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer *head) 2544 { 2545 struct list_head *ns; 2546 2547 if (head->type != TOMOYO_EXCEPTIONPOLICY && 2548 head->type != TOMOYO_PROFILE) 2549 return; 2550 /* 2551 * If this is the first read, or reading previous namespace finished 2552 * and has more namespaces to read, update the namespace cursor. 2553 */ 2554 ns = head->r.ns; 2555 if (!ns || (head->r.eof && ns->next != &tomoyo_namespace_list)) { 2556 /* Clearing is OK because tomoyo_flush() returned true. */ 2557 memset(&head->r, 0, sizeof(head->r)); 2558 head->r.ns = ns ? ns->next : tomoyo_namespace_list.next; 2559 } 2560 } 2561 2562 /** 2563 * tomoyo_has_more_namespace - Check for unread namespaces. 2564 * 2565 * @head: Pointer to "struct tomoyo_io_buffer". 2566 * 2567 * Returns true if we have more entries to print, false otherwise. 2568 */ 2569 static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head) 2570 { 2571 return (head->type == TOMOYO_EXCEPTIONPOLICY || 2572 head->type == TOMOYO_PROFILE) && head->r.eof && 2573 head->r.ns->next != &tomoyo_namespace_list; 2574 } 2575 2576 /** 2577 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 2578 * 2579 * @head: Pointer to "struct tomoyo_io_buffer". 2580 * @buffer: Poiner to buffer to write to. 2581 * @buffer_len: Size of @buffer. 2582 * 2583 * Returns bytes read on success, negative value otherwise. 2584 */ 2585 ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, 2586 const int buffer_len) 2587 { 2588 int len; 2589 int idx; 2590 2591 if (!head->read) 2592 return -EINVAL; 2593 if (mutex_lock_interruptible(&head->io_sem)) 2594 return -EINTR; 2595 head->read_user_buf = buffer; 2596 head->read_user_buf_avail = buffer_len; 2597 idx = tomoyo_read_lock(); 2598 if (tomoyo_flush(head)) 2599 /* Call the policy handler. */ 2600 do { 2601 tomoyo_set_namespace_cursor(head); 2602 head->read(head); 2603 } while (tomoyo_flush(head) && 2604 tomoyo_has_more_namespace(head)); 2605 tomoyo_read_unlock(idx); 2606 len = head->read_user_buf - buffer; 2607 mutex_unlock(&head->io_sem); 2608 return len; 2609 } 2610 2611 /** 2612 * tomoyo_parse_policy - Parse a policy line. 2613 * 2614 * @head: Poiter to "struct tomoyo_io_buffer". 2615 * @line: Line to parse. 2616 * 2617 * Returns 0 on success, negative value otherwise. 2618 * 2619 * Caller holds tomoyo_read_lock(). 2620 */ 2621 static int tomoyo_parse_policy(struct tomoyo_io_buffer *head, char *line) 2622 { 2623 /* Delete request? */ 2624 head->w.is_delete = !strncmp(line, "delete ", 7); 2625 if (head->w.is_delete) 2626 memmove(line, line + 7, strlen(line + 7) + 1); 2627 /* Selecting namespace to update. */ 2628 if (head->type == TOMOYO_EXCEPTIONPOLICY || 2629 head->type == TOMOYO_PROFILE) { 2630 if (*line == '<') { 2631 char *cp = strchr(line, ' '); 2632 2633 if (cp) { 2634 *cp++ = '\0'; 2635 head->w.ns = tomoyo_assign_namespace(line); 2636 memmove(line, cp, strlen(cp) + 1); 2637 } else 2638 head->w.ns = NULL; 2639 } else 2640 head->w.ns = &tomoyo_kernel_namespace; 2641 /* Don't allow updating if namespace is invalid. */ 2642 if (!head->w.ns) 2643 return -ENOENT; 2644 } 2645 /* Do the update. */ 2646 return head->write(head); 2647 } 2648 2649 /** 2650 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. 2651 * 2652 * @head: Pointer to "struct tomoyo_io_buffer". 2653 * @buffer: Pointer to buffer to read from. 2654 * @buffer_len: Size of @buffer. 2655 * 2656 * Returns @buffer_len on success, negative value otherwise. 2657 */ 2658 ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, 2659 const char __user *buffer, const int buffer_len) 2660 { 2661 int error = buffer_len; 2662 size_t avail_len = buffer_len; 2663 char *cp0 = head->write_buf; 2664 int idx; 2665 2666 if (!head->write) 2667 return -EINVAL; 2668 if (!access_ok(buffer, buffer_len)) 2669 return -EFAULT; 2670 if (mutex_lock_interruptible(&head->io_sem)) 2671 return -EINTR; 2672 head->read_user_buf_avail = 0; 2673 idx = tomoyo_read_lock(); 2674 /* Read a line and dispatch it to the policy handler. */ 2675 while (avail_len > 0) { 2676 char c; 2677 2678 if (head->w.avail >= head->writebuf_size - 1) { 2679 const int len = head->writebuf_size * 2; 2680 char *cp = kzalloc(len, GFP_NOFS); 2681 2682 if (!cp) { 2683 error = -ENOMEM; 2684 break; 2685 } 2686 memmove(cp, cp0, head->w.avail); 2687 kfree(cp0); 2688 head->write_buf = cp; 2689 cp0 = cp; 2690 head->writebuf_size = len; 2691 } 2692 if (get_user(c, buffer)) { 2693 error = -EFAULT; 2694 break; 2695 } 2696 buffer++; 2697 avail_len--; 2698 cp0[head->w.avail++] = c; 2699 if (c != '\n') 2700 continue; 2701 cp0[head->w.avail - 1] = '\0'; 2702 head->w.avail = 0; 2703 tomoyo_normalize_line(cp0); 2704 if (!strcmp(cp0, "reset")) { 2705 head->w.ns = &tomoyo_kernel_namespace; 2706 head->w.domain = NULL; 2707 memset(&head->r, 0, sizeof(head->r)); 2708 continue; 2709 } 2710 /* Don't allow updating policies by non manager programs. */ 2711 switch (head->type) { 2712 case TOMOYO_PROCESS_STATUS: 2713 /* This does not write anything. */ 2714 break; 2715 case TOMOYO_DOMAINPOLICY: 2716 if (tomoyo_select_domain(head, cp0)) 2717 continue; 2718 /* fall through */ 2719 case TOMOYO_EXCEPTIONPOLICY: 2720 if (!strcmp(cp0, "select transition_only")) { 2721 head->r.print_transition_related_only = true; 2722 continue; 2723 } 2724 /* fall through */ 2725 default: 2726 if (!tomoyo_manager()) { 2727 error = -EPERM; 2728 goto out; 2729 } 2730 } 2731 switch (tomoyo_parse_policy(head, cp0)) { 2732 case -EPERM: 2733 error = -EPERM; 2734 goto out; 2735 case 0: 2736 switch (head->type) { 2737 case TOMOYO_DOMAINPOLICY: 2738 case TOMOYO_EXCEPTIONPOLICY: 2739 case TOMOYO_STAT: 2740 case TOMOYO_PROFILE: 2741 case TOMOYO_MANAGER: 2742 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES); 2743 break; 2744 default: 2745 break; 2746 } 2747 break; 2748 } 2749 } 2750 out: 2751 tomoyo_read_unlock(idx); 2752 mutex_unlock(&head->io_sem); 2753 return error; 2754 } 2755 2756 /** 2757 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface. 2758 * 2759 * @head: Pointer to "struct tomoyo_io_buffer". 2760 */ 2761 void tomoyo_close_control(struct tomoyo_io_buffer *head) 2762 { 2763 /* 2764 * If the file is /sys/kernel/security/tomoyo/query , decrement the 2765 * observer counter. 2766 */ 2767 if (head->type == TOMOYO_QUERY && 2768 atomic_dec_and_test(&tomoyo_query_observers)) 2769 wake_up_all(&tomoyo_answer_wait); 2770 tomoyo_notify_gc(head, false); 2771 } 2772 2773 /** 2774 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined. 2775 */ 2776 void tomoyo_check_profile(void) 2777 { 2778 struct tomoyo_domain_info *domain; 2779 const int idx = tomoyo_read_lock(); 2780 2781 tomoyo_policy_loaded = true; 2782 pr_info("TOMOYO: 2.6.0\n"); 2783 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list, 2784 srcu_read_lock_held(&tomoyo_ss)) { 2785 const u8 profile = domain->profile; 2786 struct tomoyo_policy_namespace *ns = domain->ns; 2787 2788 if (ns->profile_version == 20110903) { 2789 pr_info_once("Converting profile version from %u to %u.\n", 2790 20110903, 20150505); 2791 ns->profile_version = 20150505; 2792 } 2793 if (ns->profile_version != 20150505) 2794 pr_err("Profile version %u is not supported.\n", 2795 ns->profile_version); 2796 else if (!ns->profile_ptr[profile]) 2797 pr_err("Profile %u (used by '%s') is not defined.\n", 2798 profile, domain->domainname->name); 2799 else 2800 continue; 2801 pr_err("Userland tools for TOMOYO 2.6 must be installed and policy must be initialized.\n"); 2802 pr_err("Please see https://tomoyo.osdn.jp/2.6/ for more information.\n"); 2803 panic("STOP!"); 2804 } 2805 tomoyo_read_unlock(idx); 2806 pr_info("Mandatory Access Control activated.\n"); 2807 } 2808 2809 /** 2810 * tomoyo_load_builtin_policy - Load built-in policy. 2811 * 2812 * Returns nothing. 2813 */ 2814 void __init tomoyo_load_builtin_policy(void) 2815 { 2816 #ifdef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING 2817 static char tomoyo_builtin_profile[] __initdata = 2818 "PROFILE_VERSION=20150505\n" 2819 "0-CONFIG={ mode=learning grant_log=no reject_log=yes }\n"; 2820 static char tomoyo_builtin_exception_policy[] __initdata = 2821 "aggregator proc:/self/exe /proc/self/exe\n"; 2822 static char tomoyo_builtin_domain_policy[] __initdata = ""; 2823 static char tomoyo_builtin_manager[] __initdata = ""; 2824 static char tomoyo_builtin_stat[] __initdata = ""; 2825 #else 2826 /* 2827 * This include file is manually created and contains built-in policy 2828 * named "tomoyo_builtin_profile", "tomoyo_builtin_exception_policy", 2829 * "tomoyo_builtin_domain_policy", "tomoyo_builtin_manager", 2830 * "tomoyo_builtin_stat" in the form of "static char [] __initdata". 2831 */ 2832 #include "builtin-policy.h" 2833 #endif 2834 u8 i; 2835 const int idx = tomoyo_read_lock(); 2836 2837 for (i = 0; i < 5; i++) { 2838 struct tomoyo_io_buffer head = { }; 2839 char *start = ""; 2840 2841 switch (i) { 2842 case 0: 2843 start = tomoyo_builtin_profile; 2844 head.type = TOMOYO_PROFILE; 2845 head.write = tomoyo_write_profile; 2846 break; 2847 case 1: 2848 start = tomoyo_builtin_exception_policy; 2849 head.type = TOMOYO_EXCEPTIONPOLICY; 2850 head.write = tomoyo_write_exception; 2851 break; 2852 case 2: 2853 start = tomoyo_builtin_domain_policy; 2854 head.type = TOMOYO_DOMAINPOLICY; 2855 head.write = tomoyo_write_domain; 2856 break; 2857 case 3: 2858 start = tomoyo_builtin_manager; 2859 head.type = TOMOYO_MANAGER; 2860 head.write = tomoyo_write_manager; 2861 break; 2862 case 4: 2863 start = tomoyo_builtin_stat; 2864 head.type = TOMOYO_STAT; 2865 head.write = tomoyo_write_stat; 2866 break; 2867 } 2868 while (1) { 2869 char *end = strchr(start, '\n'); 2870 2871 if (!end) 2872 break; 2873 *end = '\0'; 2874 tomoyo_normalize_line(start); 2875 head.write_buf = start; 2876 tomoyo_parse_policy(&head, start); 2877 start = end + 1; 2878 } 2879 } 2880 tomoyo_read_unlock(idx); 2881 #ifdef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 2882 tomoyo_check_profile(); 2883 #endif 2884 } 2885