1b2441318SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 */ 29590837bSKentaro Takeda /* 39590837bSKentaro Takeda * security/tomoyo/common.h 49590837bSKentaro Takeda * 576bb0895STetsuo Handa * Header file for TOMOYO. 69590837bSKentaro Takeda * 7843d183cSTetsuo Handa * Copyright (C) 2005-2011 NTT DATA CORPORATION 89590837bSKentaro Takeda */ 99590837bSKentaro Takeda 109590837bSKentaro Takeda #ifndef _SECURITY_TOMOYO_COMMON_H 119590837bSKentaro Takeda #define _SECURITY_TOMOYO_COMMON_H 129590837bSKentaro Takeda 13cdcf6723STetsuo Handa #define pr_fmt(fmt) fmt 14cdcf6723STetsuo Handa 159590837bSKentaro Takeda #include <linux/ctype.h> 169590837bSKentaro Takeda #include <linux/string.h> 179590837bSKentaro Takeda #include <linux/mm.h> 189590837bSKentaro Takeda #include <linux/file.h> 199590837bSKentaro Takeda #include <linux/kmod.h> 209590837bSKentaro Takeda #include <linux/fs.h> 219590837bSKentaro Takeda #include <linux/sched.h> 229590837bSKentaro Takeda #include <linux/namei.h> 239590837bSKentaro Takeda #include <linux/mount.h> 249590837bSKentaro Takeda #include <linux/list.h> 2576bb0895STetsuo Handa #include <linux/cred.h> 2617fcfbd9STetsuo Handa #include <linux/poll.h> 272066a361STetsuo Handa #include <linux/binfmts.h> 282066a361STetsuo Handa #include <linux/highmem.h> 29059d84dbSTetsuo Handa #include <linux/net.h> 30059d84dbSTetsuo Handa #include <linux/inet.h> 31059d84dbSTetsuo Handa #include <linux/in.h> 32059d84dbSTetsuo Handa #include <linux/in6.h> 33059d84dbSTetsuo Handa #include <linux/un.h> 3443fc4609SCasey Schaufler #include <linux/lsm_hooks.h> 35059d84dbSTetsuo Handa #include <net/sock.h> 36059d84dbSTetsuo Handa #include <net/af_unix.h> 37059d84dbSTetsuo Handa #include <net/ip.h> 38059d84dbSTetsuo Handa #include <net/ipv6.h> 39059d84dbSTetsuo Handa #include <net/udp.h> 409590837bSKentaro Takeda 4176bb0895STetsuo Handa /********** Constants definitions. **********/ 4276bb0895STetsuo Handa 4376bb0895STetsuo Handa /* 4476bb0895STetsuo Handa * TOMOYO uses this hash only when appending a string into the string 4576bb0895STetsuo Handa * table. Frequency of appending strings is very low. So we don't need 4676bb0895STetsuo Handa * large (e.g. 64k) hash size. 256 will be sufficient. 4776bb0895STetsuo Handa */ 4876bb0895STetsuo Handa #define TOMOYO_HASH_BITS 8 4976bb0895STetsuo Handa #define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS) 5076bb0895STetsuo Handa 51059d84dbSTetsuo Handa /* 52059d84dbSTetsuo Handa * TOMOYO checks only SOCK_STREAM, SOCK_DGRAM, SOCK_RAW, SOCK_SEQPACKET. 53059d84dbSTetsuo Handa * Therefore, we don't need SOCK_MAX. 54059d84dbSTetsuo Handa */ 55059d84dbSTetsuo Handa #define TOMOYO_SOCK_MAX 6 56059d84dbSTetsuo Handa 57c8c57e84STetsuo Handa #define TOMOYO_EXEC_TMPSIZE 4096 5876bb0895STetsuo Handa 59f9732ea1STetsuo Handa /* Garbage collector is trying to kfree() this element. */ 60f9732ea1STetsuo Handa #define TOMOYO_GC_IN_PROGRESS -1 61f9732ea1STetsuo Handa 6276bb0895STetsuo Handa /* Profile number is an integer between 0 and 255. */ 6376bb0895STetsuo Handa #define TOMOYO_MAX_PROFILES 256 6476bb0895STetsuo Handa 6532997144STetsuo Handa /* Group number is an integer between 0 and 255. */ 6632997144STetsuo Handa #define TOMOYO_MAX_ACL_GROUPS 256 6732997144STetsuo Handa 682066a361STetsuo Handa /* Index numbers for "struct tomoyo_condition". */ 692066a361STetsuo Handa enum tomoyo_conditions_index { 702066a361STetsuo Handa TOMOYO_TASK_UID, /* current_uid() */ 712066a361STetsuo Handa TOMOYO_TASK_EUID, /* current_euid() */ 722066a361STetsuo Handa TOMOYO_TASK_SUID, /* current_suid() */ 732066a361STetsuo Handa TOMOYO_TASK_FSUID, /* current_fsuid() */ 742066a361STetsuo Handa TOMOYO_TASK_GID, /* current_gid() */ 752066a361STetsuo Handa TOMOYO_TASK_EGID, /* current_egid() */ 762066a361STetsuo Handa TOMOYO_TASK_SGID, /* current_sgid() */ 772066a361STetsuo Handa TOMOYO_TASK_FSGID, /* current_fsgid() */ 782066a361STetsuo Handa TOMOYO_TASK_PID, /* sys_getpid() */ 792066a361STetsuo Handa TOMOYO_TASK_PPID, /* sys_getppid() */ 805b636857STetsuo Handa TOMOYO_EXEC_ARGC, /* "struct linux_binprm *"->argc */ 815b636857STetsuo Handa TOMOYO_EXEC_ENVC, /* "struct linux_binprm *"->envc */ 828761afd4STetsuo Handa TOMOYO_TYPE_IS_SOCKET, /* S_IFSOCK */ 838761afd4STetsuo Handa TOMOYO_TYPE_IS_SYMLINK, /* S_IFLNK */ 848761afd4STetsuo Handa TOMOYO_TYPE_IS_FILE, /* S_IFREG */ 858761afd4STetsuo Handa TOMOYO_TYPE_IS_BLOCK_DEV, /* S_IFBLK */ 868761afd4STetsuo Handa TOMOYO_TYPE_IS_DIRECTORY, /* S_IFDIR */ 878761afd4STetsuo Handa TOMOYO_TYPE_IS_CHAR_DEV, /* S_IFCHR */ 888761afd4STetsuo Handa TOMOYO_TYPE_IS_FIFO, /* S_IFIFO */ 898761afd4STetsuo Handa TOMOYO_MODE_SETUID, /* S_ISUID */ 908761afd4STetsuo Handa TOMOYO_MODE_SETGID, /* S_ISGID */ 918761afd4STetsuo Handa TOMOYO_MODE_STICKY, /* S_ISVTX */ 928761afd4STetsuo Handa TOMOYO_MODE_OWNER_READ, /* S_IRUSR */ 938761afd4STetsuo Handa TOMOYO_MODE_OWNER_WRITE, /* S_IWUSR */ 948761afd4STetsuo Handa TOMOYO_MODE_OWNER_EXECUTE, /* S_IXUSR */ 958761afd4STetsuo Handa TOMOYO_MODE_GROUP_READ, /* S_IRGRP */ 968761afd4STetsuo Handa TOMOYO_MODE_GROUP_WRITE, /* S_IWGRP */ 978761afd4STetsuo Handa TOMOYO_MODE_GROUP_EXECUTE, /* S_IXGRP */ 988761afd4STetsuo Handa TOMOYO_MODE_OTHERS_READ, /* S_IROTH */ 998761afd4STetsuo Handa TOMOYO_MODE_OTHERS_WRITE, /* S_IWOTH */ 1008761afd4STetsuo Handa TOMOYO_MODE_OTHERS_EXECUTE, /* S_IXOTH */ 1012ca9bf45STetsuo Handa TOMOYO_EXEC_REALPATH, 1022ca9bf45STetsuo Handa TOMOYO_SYMLINK_TARGET, 1038761afd4STetsuo Handa TOMOYO_PATH1_UID, 1048761afd4STetsuo Handa TOMOYO_PATH1_GID, 1058761afd4STetsuo Handa TOMOYO_PATH1_INO, 1068761afd4STetsuo Handa TOMOYO_PATH1_MAJOR, 1078761afd4STetsuo Handa TOMOYO_PATH1_MINOR, 1088761afd4STetsuo Handa TOMOYO_PATH1_PERM, 1098761afd4STetsuo Handa TOMOYO_PATH1_TYPE, 1108761afd4STetsuo Handa TOMOYO_PATH1_DEV_MAJOR, 1118761afd4STetsuo Handa TOMOYO_PATH1_DEV_MINOR, 1128761afd4STetsuo Handa TOMOYO_PATH2_UID, 1138761afd4STetsuo Handa TOMOYO_PATH2_GID, 1148761afd4STetsuo Handa TOMOYO_PATH2_INO, 1158761afd4STetsuo Handa TOMOYO_PATH2_MAJOR, 1168761afd4STetsuo Handa TOMOYO_PATH2_MINOR, 1178761afd4STetsuo Handa TOMOYO_PATH2_PERM, 1188761afd4STetsuo Handa TOMOYO_PATH2_TYPE, 1198761afd4STetsuo Handa TOMOYO_PATH2_DEV_MAJOR, 1208761afd4STetsuo Handa TOMOYO_PATH2_DEV_MINOR, 1218761afd4STetsuo Handa TOMOYO_PATH1_PARENT_UID, 1228761afd4STetsuo Handa TOMOYO_PATH1_PARENT_GID, 1238761afd4STetsuo Handa TOMOYO_PATH1_PARENT_INO, 1248761afd4STetsuo Handa TOMOYO_PATH1_PARENT_PERM, 1258761afd4STetsuo Handa TOMOYO_PATH2_PARENT_UID, 1268761afd4STetsuo Handa TOMOYO_PATH2_PARENT_GID, 1278761afd4STetsuo Handa TOMOYO_PATH2_PARENT_INO, 1288761afd4STetsuo Handa TOMOYO_PATH2_PARENT_PERM, 1292066a361STetsuo Handa TOMOYO_MAX_CONDITION_KEYWORD, 1302066a361STetsuo Handa TOMOYO_NUMBER_UNION, 1312ca9bf45STetsuo Handa TOMOYO_NAME_UNION, 1325b636857STetsuo Handa TOMOYO_ARGV_ENTRY, 1335b636857STetsuo Handa TOMOYO_ENVP_ENTRY, 1342066a361STetsuo Handa }; 1352066a361STetsuo Handa 1368761afd4STetsuo Handa 1378761afd4STetsuo Handa /* Index numbers for stat(). */ 1388761afd4STetsuo Handa enum tomoyo_path_stat_index { 1398761afd4STetsuo Handa /* Do not change this order. */ 1408761afd4STetsuo Handa TOMOYO_PATH1, 1418761afd4STetsuo Handa TOMOYO_PATH1_PARENT, 1428761afd4STetsuo Handa TOMOYO_PATH2, 1438761afd4STetsuo Handa TOMOYO_PATH2_PARENT, 1448761afd4STetsuo Handa TOMOYO_MAX_PATH_STAT 1458761afd4STetsuo Handa }; 1468761afd4STetsuo Handa 147b5bc60b4STetsuo Handa /* Index numbers for operation mode. */ 148cb0abe6aSTetsuo Handa enum tomoyo_mode_index { 149cb0abe6aSTetsuo Handa TOMOYO_CONFIG_DISABLED, 150cb0abe6aSTetsuo Handa TOMOYO_CONFIG_LEARNING, 151cb0abe6aSTetsuo Handa TOMOYO_CONFIG_PERMISSIVE, 15257c2590fSTetsuo Handa TOMOYO_CONFIG_ENFORCING, 153eadd99ccSTetsuo Handa TOMOYO_CONFIG_MAX_MODE, 154eadd99ccSTetsuo Handa TOMOYO_CONFIG_WANT_REJECT_LOG = 64, 155eadd99ccSTetsuo Handa TOMOYO_CONFIG_WANT_GRANT_LOG = 128, 156eadd99ccSTetsuo Handa TOMOYO_CONFIG_USE_DEFAULT = 255, 157cb0abe6aSTetsuo Handa }; 158cb0abe6aSTetsuo Handa 159b5bc60b4STetsuo Handa /* Index numbers for entry type. */ 160a230f9e7STetsuo Handa enum tomoyo_policy_id { 161a230f9e7STetsuo Handa TOMOYO_ID_GROUP, 162059d84dbSTetsuo Handa TOMOYO_ID_ADDRESS_GROUP, 163a230f9e7STetsuo Handa TOMOYO_ID_PATH_GROUP, 164a230f9e7STetsuo Handa TOMOYO_ID_NUMBER_GROUP, 1655448ec4fSTetsuo Handa TOMOYO_ID_TRANSITION_CONTROL, 166a230f9e7STetsuo Handa TOMOYO_ID_AGGREGATOR, 167a230f9e7STetsuo Handa TOMOYO_ID_MANAGER, 1682066a361STetsuo Handa TOMOYO_ID_CONDITION, 169a230f9e7STetsuo Handa TOMOYO_ID_NAME, 170a230f9e7STetsuo Handa TOMOYO_ID_ACL, 171a230f9e7STetsuo Handa TOMOYO_ID_DOMAIN, 172a230f9e7STetsuo Handa TOMOYO_MAX_POLICY 173a230f9e7STetsuo Handa }; 174a230f9e7STetsuo Handa 1752c47ab93STetsuo Handa /* Index numbers for domain's attributes. */ 1762c47ab93STetsuo Handa enum tomoyo_domain_info_flags_index { 1772c47ab93STetsuo Handa /* Quota warnning flag. */ 1782c47ab93STetsuo Handa TOMOYO_DIF_QUOTA_WARNED, 1792c47ab93STetsuo Handa /* 1802c47ab93STetsuo Handa * This domain was unable to create a new domain at 1812c47ab93STetsuo Handa * tomoyo_find_next_domain() because the name of the domain to be 1822c47ab93STetsuo Handa * created was too long or it could not allocate memory. 1832c47ab93STetsuo Handa * More than one process continued execve() without domain transition. 1842c47ab93STetsuo Handa */ 1852c47ab93STetsuo Handa TOMOYO_DIF_TRANSITION_FAILED, 1862c47ab93STetsuo Handa TOMOYO_MAX_DOMAIN_INFO_FLAGS 1872c47ab93STetsuo Handa }; 1882c47ab93STetsuo Handa 1891f067a68STetsuo Handa /* Index numbers for audit type. */ 1901f067a68STetsuo Handa enum tomoyo_grant_log { 1911f067a68STetsuo Handa /* Follow profile's configuration. */ 1921f067a68STetsuo Handa TOMOYO_GRANTLOG_AUTO, 1931f067a68STetsuo Handa /* Do not generate grant log. */ 1941f067a68STetsuo Handa TOMOYO_GRANTLOG_NO, 1951f067a68STetsuo Handa /* Generate grant_log. */ 1961f067a68STetsuo Handa TOMOYO_GRANTLOG_YES, 1971f067a68STetsuo Handa }; 1981f067a68STetsuo Handa 199b5bc60b4STetsuo Handa /* Index numbers for group entries. */ 200a230f9e7STetsuo Handa enum tomoyo_group_id { 201a230f9e7STetsuo Handa TOMOYO_PATH_GROUP, 202a230f9e7STetsuo Handa TOMOYO_NUMBER_GROUP, 203059d84dbSTetsuo Handa TOMOYO_ADDRESS_GROUP, 204a230f9e7STetsuo Handa TOMOYO_MAX_GROUP 205a230f9e7STetsuo Handa }; 206a230f9e7STetsuo Handa 207b5bc60b4STetsuo Handa /* Index numbers for type of numeric values. */ 208b5bc60b4STetsuo Handa enum tomoyo_value_type { 209b5bc60b4STetsuo Handa TOMOYO_VALUE_TYPE_INVALID, 210b5bc60b4STetsuo Handa TOMOYO_VALUE_TYPE_DECIMAL, 211b5bc60b4STetsuo Handa TOMOYO_VALUE_TYPE_OCTAL, 212b5bc60b4STetsuo Handa TOMOYO_VALUE_TYPE_HEXADECIMAL, 213b5bc60b4STetsuo Handa }; 2144c3e9e2dSTetsuo Handa 215b5bc60b4STetsuo Handa /* Index numbers for domain transition control keywords. */ 2165448ec4fSTetsuo Handa enum tomoyo_transition_type { 2175448ec4fSTetsuo Handa /* Do not change this order, */ 218bd03a3e4STetsuo Handa TOMOYO_TRANSITION_CONTROL_NO_RESET, 219bd03a3e4STetsuo Handa TOMOYO_TRANSITION_CONTROL_RESET, 2205448ec4fSTetsuo Handa TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE, 2215448ec4fSTetsuo Handa TOMOYO_TRANSITION_CONTROL_INITIALIZE, 2225448ec4fSTetsuo Handa TOMOYO_TRANSITION_CONTROL_NO_KEEP, 2235448ec4fSTetsuo Handa TOMOYO_TRANSITION_CONTROL_KEEP, 2245448ec4fSTetsuo Handa TOMOYO_MAX_TRANSITION_TYPE 2255448ec4fSTetsuo Handa }; 2265448ec4fSTetsuo Handa 22776bb0895STetsuo Handa /* Index numbers for Access Controls. */ 228084da356STetsuo Handa enum tomoyo_acl_entry_type_index { 2297ef61233STetsuo Handa TOMOYO_TYPE_PATH_ACL, 2307ef61233STetsuo Handa TOMOYO_TYPE_PATH2_ACL, 231a1f9bb6aSTetsuo Handa TOMOYO_TYPE_PATH_NUMBER_ACL, 23275093152STetsuo Handa TOMOYO_TYPE_MKDEV_ACL, 2332106ccd9STetsuo Handa TOMOYO_TYPE_MOUNT_ACL, 234059d84dbSTetsuo Handa TOMOYO_TYPE_INET_ACL, 235059d84dbSTetsuo Handa TOMOYO_TYPE_UNIX_ACL, 236d58e0da8STetsuo Handa TOMOYO_TYPE_ENV_ACL, 237731d37aaSTetsuo Handa TOMOYO_TYPE_MANUAL_TASK_ACL, 238084da356STetsuo Handa }; 23976bb0895STetsuo Handa 240b5bc60b4STetsuo Handa /* Index numbers for access controls with one pathname. */ 241084da356STetsuo Handa enum tomoyo_path_acl_index { 2427ef61233STetsuo Handa TOMOYO_TYPE_EXECUTE, 2437ef61233STetsuo Handa TOMOYO_TYPE_READ, 2447ef61233STetsuo Handa TOMOYO_TYPE_WRITE, 2457c75964fSTetsuo Handa TOMOYO_TYPE_APPEND, 2467ef61233STetsuo Handa TOMOYO_TYPE_UNLINK, 2477c75964fSTetsuo Handa TOMOYO_TYPE_GETATTR, 2487ef61233STetsuo Handa TOMOYO_TYPE_RMDIR, 2497ef61233STetsuo Handa TOMOYO_TYPE_TRUNCATE, 2507ef61233STetsuo Handa TOMOYO_TYPE_SYMLINK, 2517ef61233STetsuo Handa TOMOYO_TYPE_CHROOT, 2527ef61233STetsuo Handa TOMOYO_TYPE_UMOUNT, 2537ef61233STetsuo Handa TOMOYO_MAX_PATH_OPERATION 254084da356STetsuo Handa }; 25576bb0895STetsuo Handa 256b22b8b9fSTetsuo Handa /* Index numbers for /sys/kernel/security/tomoyo/stat interface. */ 257eadd99ccSTetsuo Handa enum tomoyo_memory_stat_type { 258eadd99ccSTetsuo Handa TOMOYO_MEMORY_POLICY, 259eadd99ccSTetsuo Handa TOMOYO_MEMORY_AUDIT, 260eadd99ccSTetsuo Handa TOMOYO_MEMORY_QUERY, 261eadd99ccSTetsuo Handa TOMOYO_MAX_MEMORY_STAT 262eadd99ccSTetsuo Handa }; 263eadd99ccSTetsuo Handa 26475093152STetsuo Handa enum tomoyo_mkdev_acl_index { 265a1f9bb6aSTetsuo Handa TOMOYO_TYPE_MKBLOCK, 266a1f9bb6aSTetsuo Handa TOMOYO_TYPE_MKCHAR, 26775093152STetsuo Handa TOMOYO_MAX_MKDEV_OPERATION 268a1f9bb6aSTetsuo Handa }; 269a1f9bb6aSTetsuo Handa 270059d84dbSTetsuo Handa /* Index numbers for socket operations. */ 271059d84dbSTetsuo Handa enum tomoyo_network_acl_index { 272059d84dbSTetsuo Handa TOMOYO_NETWORK_BIND, /* bind() operation. */ 273059d84dbSTetsuo Handa TOMOYO_NETWORK_LISTEN, /* listen() operation. */ 274059d84dbSTetsuo Handa TOMOYO_NETWORK_CONNECT, /* connect() operation. */ 275059d84dbSTetsuo Handa TOMOYO_NETWORK_SEND, /* send() operation. */ 276059d84dbSTetsuo Handa TOMOYO_MAX_NETWORK_OPERATION 277059d84dbSTetsuo Handa }; 278059d84dbSTetsuo Handa 279b5bc60b4STetsuo Handa /* Index numbers for access controls with two pathnames. */ 280084da356STetsuo Handa enum tomoyo_path2_acl_index { 2817ef61233STetsuo Handa TOMOYO_TYPE_LINK, 2827ef61233STetsuo Handa TOMOYO_TYPE_RENAME, 2837ef61233STetsuo Handa TOMOYO_TYPE_PIVOT_ROOT, 2847ef61233STetsuo Handa TOMOYO_MAX_PATH2_OPERATION 285084da356STetsuo Handa }; 28676bb0895STetsuo Handa 287b5bc60b4STetsuo Handa /* Index numbers for access controls with one pathname and one number. */ 288a1f9bb6aSTetsuo Handa enum tomoyo_path_number_acl_index { 289a1f9bb6aSTetsuo Handa TOMOYO_TYPE_CREATE, 290a1f9bb6aSTetsuo Handa TOMOYO_TYPE_MKDIR, 291a1f9bb6aSTetsuo Handa TOMOYO_TYPE_MKFIFO, 292a1f9bb6aSTetsuo Handa TOMOYO_TYPE_MKSOCK, 293a1f9bb6aSTetsuo Handa TOMOYO_TYPE_IOCTL, 294a1f9bb6aSTetsuo Handa TOMOYO_TYPE_CHMOD, 295a1f9bb6aSTetsuo Handa TOMOYO_TYPE_CHOWN, 296a1f9bb6aSTetsuo Handa TOMOYO_TYPE_CHGRP, 297a1f9bb6aSTetsuo Handa TOMOYO_MAX_PATH_NUMBER_OPERATION 298a1f9bb6aSTetsuo Handa }; 299a1f9bb6aSTetsuo Handa 300b5bc60b4STetsuo Handa /* Index numbers for /sys/kernel/security/tomoyo/ interfaces. */ 301084da356STetsuo Handa enum tomoyo_securityfs_interface_index { 302084da356STetsuo Handa TOMOYO_DOMAINPOLICY, 303084da356STetsuo Handa TOMOYO_EXCEPTIONPOLICY, 304084da356STetsuo Handa TOMOYO_PROCESS_STATUS, 305b22b8b9fSTetsuo Handa TOMOYO_STAT, 306eadd99ccSTetsuo Handa TOMOYO_AUDIT, 307084da356STetsuo Handa TOMOYO_VERSION, 308084da356STetsuo Handa TOMOYO_PROFILE, 30917fcfbd9STetsuo Handa TOMOYO_QUERY, 310084da356STetsuo Handa TOMOYO_MANAGER 311084da356STetsuo Handa }; 31276bb0895STetsuo Handa 313b5bc60b4STetsuo Handa /* Index numbers for special mount operations. */ 314b5bc60b4STetsuo Handa enum tomoyo_special_mount { 315b5bc60b4STetsuo Handa TOMOYO_MOUNT_BIND, /* mount --bind /source /dest */ 316b5bc60b4STetsuo Handa TOMOYO_MOUNT_MOVE, /* mount --move /old /new */ 317b5bc60b4STetsuo Handa TOMOYO_MOUNT_REMOUNT, /* mount -o remount /dir */ 318b5bc60b4STetsuo Handa TOMOYO_MOUNT_MAKE_UNBINDABLE, /* mount --make-unbindable /dir */ 319b5bc60b4STetsuo Handa TOMOYO_MOUNT_MAKE_PRIVATE, /* mount --make-private /dir */ 320b5bc60b4STetsuo Handa TOMOYO_MOUNT_MAKE_SLAVE, /* mount --make-slave /dir */ 321b5bc60b4STetsuo Handa TOMOYO_MOUNT_MAKE_SHARED, /* mount --make-shared /dir */ 322b5bc60b4STetsuo Handa TOMOYO_MAX_SPECIAL_MOUNT 323b5bc60b4STetsuo Handa }; 324b5bc60b4STetsuo Handa 325b5bc60b4STetsuo Handa /* Index numbers for functionality. */ 32657c2590fSTetsuo Handa enum tomoyo_mac_index { 32757c2590fSTetsuo Handa TOMOYO_MAC_FILE_EXECUTE, 32857c2590fSTetsuo Handa TOMOYO_MAC_FILE_OPEN, 32957c2590fSTetsuo Handa TOMOYO_MAC_FILE_CREATE, 33057c2590fSTetsuo Handa TOMOYO_MAC_FILE_UNLINK, 3317c75964fSTetsuo Handa TOMOYO_MAC_FILE_GETATTR, 33257c2590fSTetsuo Handa TOMOYO_MAC_FILE_MKDIR, 33357c2590fSTetsuo Handa TOMOYO_MAC_FILE_RMDIR, 33457c2590fSTetsuo Handa TOMOYO_MAC_FILE_MKFIFO, 33557c2590fSTetsuo Handa TOMOYO_MAC_FILE_MKSOCK, 33657c2590fSTetsuo Handa TOMOYO_MAC_FILE_TRUNCATE, 33757c2590fSTetsuo Handa TOMOYO_MAC_FILE_SYMLINK, 33857c2590fSTetsuo Handa TOMOYO_MAC_FILE_MKBLOCK, 33957c2590fSTetsuo Handa TOMOYO_MAC_FILE_MKCHAR, 34057c2590fSTetsuo Handa TOMOYO_MAC_FILE_LINK, 34157c2590fSTetsuo Handa TOMOYO_MAC_FILE_RENAME, 34257c2590fSTetsuo Handa TOMOYO_MAC_FILE_CHMOD, 34357c2590fSTetsuo Handa TOMOYO_MAC_FILE_CHOWN, 34457c2590fSTetsuo Handa TOMOYO_MAC_FILE_CHGRP, 34557c2590fSTetsuo Handa TOMOYO_MAC_FILE_IOCTL, 34657c2590fSTetsuo Handa TOMOYO_MAC_FILE_CHROOT, 34757c2590fSTetsuo Handa TOMOYO_MAC_FILE_MOUNT, 34857c2590fSTetsuo Handa TOMOYO_MAC_FILE_UMOUNT, 34957c2590fSTetsuo Handa TOMOYO_MAC_FILE_PIVOT_ROOT, 350059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_INET_STREAM_BIND, 351059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_INET_STREAM_LISTEN, 352059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_INET_STREAM_CONNECT, 353059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_INET_DGRAM_BIND, 354059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_INET_DGRAM_SEND, 355059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_INET_RAW_BIND, 356059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_INET_RAW_SEND, 357059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_UNIX_STREAM_BIND, 358059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_UNIX_STREAM_LISTEN, 359059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_UNIX_STREAM_CONNECT, 360059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_UNIX_DGRAM_BIND, 361059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_UNIX_DGRAM_SEND, 362059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_BIND, 363059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_LISTEN, 364059d84dbSTetsuo Handa TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_CONNECT, 365d58e0da8STetsuo Handa TOMOYO_MAC_ENVIRON, 36657c2590fSTetsuo Handa TOMOYO_MAX_MAC_INDEX 36757c2590fSTetsuo Handa }; 36857c2590fSTetsuo Handa 369b5bc60b4STetsuo Handa /* Index numbers for category of functionality. */ 37057c2590fSTetsuo Handa enum tomoyo_mac_category_index { 37157c2590fSTetsuo Handa TOMOYO_MAC_CATEGORY_FILE, 372059d84dbSTetsuo Handa TOMOYO_MAC_CATEGORY_NETWORK, 373d58e0da8STetsuo Handa TOMOYO_MAC_CATEGORY_MISC, 37457c2590fSTetsuo Handa TOMOYO_MAX_MAC_CATEGORY_INDEX 37557c2590fSTetsuo Handa }; 37657c2590fSTetsuo Handa 377b5bc60b4STetsuo Handa /* 378b5bc60b4STetsuo Handa * Retry this request. Returned by tomoyo_supervisor() if policy violation has 379b5bc60b4STetsuo Handa * occurred in enforcing mode and the userspace daemon decided to retry. 380b5bc60b4STetsuo Handa * 381b5bc60b4STetsuo Handa * We must choose a positive value in order to distinguish "granted" (which is 382b5bc60b4STetsuo Handa * 0) and "rejected" (which is a negative value) and "retry". 383b5bc60b4STetsuo Handa */ 384b5bc60b4STetsuo Handa #define TOMOYO_RETRY_REQUEST 1 38517fcfbd9STetsuo Handa 386b22b8b9fSTetsuo Handa /* Index numbers for /sys/kernel/security/tomoyo/stat interface. */ 387b22b8b9fSTetsuo Handa enum tomoyo_policy_stat_type { 388b22b8b9fSTetsuo Handa /* Do not change this order. */ 389b22b8b9fSTetsuo Handa TOMOYO_STAT_POLICY_UPDATES, 390b22b8b9fSTetsuo Handa TOMOYO_STAT_POLICY_LEARNING, /* == TOMOYO_CONFIG_LEARNING */ 391b22b8b9fSTetsuo Handa TOMOYO_STAT_POLICY_PERMISSIVE, /* == TOMOYO_CONFIG_PERMISSIVE */ 392b22b8b9fSTetsuo Handa TOMOYO_STAT_POLICY_ENFORCING, /* == TOMOYO_CONFIG_ENFORCING */ 393b22b8b9fSTetsuo Handa TOMOYO_MAX_POLICY_STAT 394b22b8b9fSTetsuo Handa }; 395b22b8b9fSTetsuo Handa 396d5ca1725STetsuo Handa /* Index numbers for profile's PREFERENCE values. */ 397d5ca1725STetsuo Handa enum tomoyo_pref_index { 398eadd99ccSTetsuo Handa TOMOYO_PREF_MAX_AUDIT_LOG, 399d5ca1725STetsuo Handa TOMOYO_PREF_MAX_LEARNING_ENTRY, 400d5ca1725STetsuo Handa TOMOYO_MAX_PREF 401d5ca1725STetsuo Handa }; 402d5ca1725STetsuo Handa 40376bb0895STetsuo Handa /********** Structure definitions. **********/ 4049590837bSKentaro Takeda 405b5bc60b4STetsuo Handa /* Common header for holding ACL entries. */ 40682e0f001STetsuo Handa struct tomoyo_acl_head { 40782e0f001STetsuo Handa struct list_head list; 408f9732ea1STetsuo Handa s8 is_deleted; /* true or false or TOMOYO_GC_IN_PROGRESS */ 40982e0f001STetsuo Handa } __packed; 41082e0f001STetsuo Handa 4110df7e8b8STetsuo Handa /* Common header for shared entries. */ 4120df7e8b8STetsuo Handa struct tomoyo_shared_acl_head { 4130df7e8b8STetsuo Handa struct list_head list; 4140df7e8b8STetsuo Handa atomic_t users; 4150df7e8b8STetsuo Handa } __packed; 4160df7e8b8STetsuo Handa 417bd03a3e4STetsuo Handa struct tomoyo_policy_namespace; 418bd03a3e4STetsuo Handa 419b5bc60b4STetsuo Handa /* Structure for request info. */ 420cb0abe6aSTetsuo Handa struct tomoyo_request_info { 4218761afd4STetsuo Handa /* 4228761afd4STetsuo Handa * For holding parameters specific to operations which deal files. 4238761afd4STetsuo Handa * NULL if not dealing files. 4248761afd4STetsuo Handa */ 4258761afd4STetsuo Handa struct tomoyo_obj_info *obj; 4262ca9bf45STetsuo Handa /* 4272ca9bf45STetsuo Handa * For holding parameters specific to execve() request. 4282ca9bf45STetsuo Handa * NULL if not dealing do_execve(). 4292ca9bf45STetsuo Handa */ 4302ca9bf45STetsuo Handa struct tomoyo_execve *ee; 431cb0abe6aSTetsuo Handa struct tomoyo_domain_info *domain; 432cf6e9a64STetsuo Handa /* For holding parameters. */ 433cf6e9a64STetsuo Handa union { 434cf6e9a64STetsuo Handa struct { 435cf6e9a64STetsuo Handa const struct tomoyo_path_info *filename; 436484ca79cSTetsuo Handa /* For using wildcards at tomoyo_find_next_domain(). */ 437484ca79cSTetsuo Handa const struct tomoyo_path_info *matched_path; 438b5bc60b4STetsuo Handa /* One of values in "enum tomoyo_path_acl_index". */ 439cf6e9a64STetsuo Handa u8 operation; 440cf6e9a64STetsuo Handa } path; 441cf6e9a64STetsuo Handa struct { 442cf6e9a64STetsuo Handa const struct tomoyo_path_info *filename1; 443cf6e9a64STetsuo Handa const struct tomoyo_path_info *filename2; 444b5bc60b4STetsuo Handa /* One of values in "enum tomoyo_path2_acl_index". */ 445cf6e9a64STetsuo Handa u8 operation; 446cf6e9a64STetsuo Handa } path2; 447cf6e9a64STetsuo Handa struct { 448cf6e9a64STetsuo Handa const struct tomoyo_path_info *filename; 449cf6e9a64STetsuo Handa unsigned int mode; 450cf6e9a64STetsuo Handa unsigned int major; 451cf6e9a64STetsuo Handa unsigned int minor; 452b5bc60b4STetsuo Handa /* One of values in "enum tomoyo_mkdev_acl_index". */ 453cf6e9a64STetsuo Handa u8 operation; 454cf6e9a64STetsuo Handa } mkdev; 455cf6e9a64STetsuo Handa struct { 456cf6e9a64STetsuo Handa const struct tomoyo_path_info *filename; 457cf6e9a64STetsuo Handa unsigned long number; 458b5bc60b4STetsuo Handa /* 459b5bc60b4STetsuo Handa * One of values in 460b5bc60b4STetsuo Handa * "enum tomoyo_path_number_acl_index". 461b5bc60b4STetsuo Handa */ 462cf6e9a64STetsuo Handa u8 operation; 463cf6e9a64STetsuo Handa } path_number; 464cf6e9a64STetsuo Handa struct { 465d58e0da8STetsuo Handa const struct tomoyo_path_info *name; 466d58e0da8STetsuo Handa } environ; 467d58e0da8STetsuo Handa struct { 468059d84dbSTetsuo Handa const __be32 *address; 469059d84dbSTetsuo Handa u16 port; 470059d84dbSTetsuo Handa /* One of values smaller than TOMOYO_SOCK_MAX. */ 471059d84dbSTetsuo Handa u8 protocol; 472059d84dbSTetsuo Handa /* One of values in "enum tomoyo_network_acl_index". */ 473059d84dbSTetsuo Handa u8 operation; 474059d84dbSTetsuo Handa bool is_ipv6; 475059d84dbSTetsuo Handa } inet_network; 476059d84dbSTetsuo Handa struct { 477059d84dbSTetsuo Handa const struct tomoyo_path_info *address; 478059d84dbSTetsuo Handa /* One of values smaller than TOMOYO_SOCK_MAX. */ 479059d84dbSTetsuo Handa u8 protocol; 480059d84dbSTetsuo Handa /* One of values in "enum tomoyo_network_acl_index". */ 481059d84dbSTetsuo Handa u8 operation; 482059d84dbSTetsuo Handa } unix_network; 483059d84dbSTetsuo Handa struct { 484cf6e9a64STetsuo Handa const struct tomoyo_path_info *type; 485cf6e9a64STetsuo Handa const struct tomoyo_path_info *dir; 486cf6e9a64STetsuo Handa const struct tomoyo_path_info *dev; 487cf6e9a64STetsuo Handa unsigned long flags; 488cf6e9a64STetsuo Handa int need_dev; 489cf6e9a64STetsuo Handa } mount; 490731d37aaSTetsuo Handa struct { 491731d37aaSTetsuo Handa const struct tomoyo_path_info *domainname; 492731d37aaSTetsuo Handa } task; 493cf6e9a64STetsuo Handa } param; 4941f067a68STetsuo Handa struct tomoyo_acl_info *matched_acl; 495cf6e9a64STetsuo Handa u8 param_type; 496cf6e9a64STetsuo Handa bool granted; 49717fcfbd9STetsuo Handa u8 retry; 49817fcfbd9STetsuo Handa u8 profile; 499cb0abe6aSTetsuo Handa u8 mode; /* One of tomoyo_mode_index . */ 50057c2590fSTetsuo Handa u8 type; 501cb0abe6aSTetsuo Handa }; 502cb0abe6aSTetsuo Handa 503b5bc60b4STetsuo Handa /* Structure for holding a token. */ 5049590837bSKentaro Takeda struct tomoyo_path_info { 5059590837bSKentaro Takeda const char *name; 5069590837bSKentaro Takeda u32 hash; /* = full_name_hash(name, strlen(name)) */ 5079590837bSKentaro Takeda u16 const_len; /* = tomoyo_const_part_length(name) */ 5089590837bSKentaro Takeda bool is_dir; /* = tomoyo_strendswith(name, "/") */ 5099590837bSKentaro Takeda bool is_patterned; /* = tomoyo_path_contains_pattern(name) */ 5109590837bSKentaro Takeda }; 5119590837bSKentaro Takeda 512b5bc60b4STetsuo Handa /* Structure for holding string data. */ 513e2bf6907STetsuo Handa struct tomoyo_name { 5140df7e8b8STetsuo Handa struct tomoyo_shared_acl_head head; 51576bb0895STetsuo Handa struct tomoyo_path_info entry; 51676bb0895STetsuo Handa }; 5179590837bSKentaro Takeda 518b5bc60b4STetsuo Handa /* Structure for holding a word. */ 5197762fbffSTetsuo Handa struct tomoyo_name_union { 520b5bc60b4STetsuo Handa /* Either @filename or @group is NULL. */ 5217762fbffSTetsuo Handa const struct tomoyo_path_info *filename; 522a98aa4deSTetsuo Handa struct tomoyo_group *group; 5237762fbffSTetsuo Handa }; 5247762fbffSTetsuo Handa 525b5bc60b4STetsuo Handa /* Structure for holding a number. */ 5264c3e9e2dSTetsuo Handa struct tomoyo_number_union { 5274c3e9e2dSTetsuo Handa unsigned long values[2]; 528b5bc60b4STetsuo Handa struct tomoyo_group *group; /* Maybe NULL. */ 529b5bc60b4STetsuo Handa /* One of values in "enum tomoyo_value_type". */ 5300df7e8b8STetsuo Handa u8 value_type[2]; 5314c3e9e2dSTetsuo Handa }; 5324c3e9e2dSTetsuo Handa 533059d84dbSTetsuo Handa /* Structure for holding an IP address. */ 534059d84dbSTetsuo Handa struct tomoyo_ipaddr_union { 535059d84dbSTetsuo Handa struct in6_addr ip[2]; /* Big endian. */ 536059d84dbSTetsuo Handa struct tomoyo_group *group; /* Pointer to address group. */ 537059d84dbSTetsuo Handa bool is_ipv6; /* Valid only if @group == NULL. */ 538059d84dbSTetsuo Handa }; 539059d84dbSTetsuo Handa 540059d84dbSTetsuo Handa /* Structure for "path_group"/"number_group"/"address_group" directive. */ 541a98aa4deSTetsuo Handa struct tomoyo_group { 5420df7e8b8STetsuo Handa struct tomoyo_shared_acl_head head; 543a98aa4deSTetsuo Handa const struct tomoyo_path_info *group_name; 544a98aa4deSTetsuo Handa struct list_head member_list; 545a98aa4deSTetsuo Handa }; 546a98aa4deSTetsuo Handa 5477762fbffSTetsuo Handa /* Structure for "path_group" directive. */ 5487762fbffSTetsuo Handa struct tomoyo_path_group { 54982e0f001STetsuo Handa struct tomoyo_acl_head head; 5507762fbffSTetsuo Handa const struct tomoyo_path_info *member_name; 5517762fbffSTetsuo Handa }; 5527762fbffSTetsuo Handa 5534c3e9e2dSTetsuo Handa /* Structure for "number_group" directive. */ 554a98aa4deSTetsuo Handa struct tomoyo_number_group { 55582e0f001STetsuo Handa struct tomoyo_acl_head head; 5564c3e9e2dSTetsuo Handa struct tomoyo_number_union number; 5574c3e9e2dSTetsuo Handa }; 5584c3e9e2dSTetsuo Handa 559059d84dbSTetsuo Handa /* Structure for "address_group" directive. */ 560059d84dbSTetsuo Handa struct tomoyo_address_group { 561059d84dbSTetsuo Handa struct tomoyo_acl_head head; 562059d84dbSTetsuo Handa /* Structure for holding an IP address. */ 563059d84dbSTetsuo Handa struct tomoyo_ipaddr_union address; 564059d84dbSTetsuo Handa }; 565059d84dbSTetsuo Handa 5668761afd4STetsuo Handa /* Subset of "struct stat". Used by conditional ACL and audit logs. */ 5678761afd4STetsuo Handa struct tomoyo_mini_stat { 568609fcd1bSEric W. Biederman kuid_t uid; 569609fcd1bSEric W. Biederman kgid_t gid; 5708761afd4STetsuo Handa ino_t ino; 571d179333fSAl Viro umode_t mode; 5728761afd4STetsuo Handa dev_t dev; 5738761afd4STetsuo Handa dev_t rdev; 5748761afd4STetsuo Handa }; 5758761afd4STetsuo Handa 5765b636857STetsuo Handa /* Structure for dumping argv[] and envp[] of "struct linux_binprm". */ 5775b636857STetsuo Handa struct tomoyo_page_dump { 5785b636857STetsuo Handa struct page *page; /* Previously dumped page. */ 5795b636857STetsuo Handa char *data; /* Contents of "page". Size is PAGE_SIZE. */ 5805b636857STetsuo Handa }; 5815b636857STetsuo Handa 5828761afd4STetsuo Handa /* Structure for attribute checks in addition to pathname checks. */ 5838761afd4STetsuo Handa struct tomoyo_obj_info { 5848761afd4STetsuo Handa /* 5858761afd4STetsuo Handa * True if tomoyo_get_attributes() was already called, false otherwise. 5868761afd4STetsuo Handa */ 5878761afd4STetsuo Handa bool validate_done; 5888761afd4STetsuo Handa /* True if @stat[] is valid. */ 5898761afd4STetsuo Handa bool stat_valid[TOMOYO_MAX_PATH_STAT]; 5908761afd4STetsuo Handa /* First pathname. Initialized with { NULL, NULL } if no path. */ 5918761afd4STetsuo Handa struct path path1; 5928761afd4STetsuo Handa /* Second pathname. Initialized with { NULL, NULL } if no path. */ 5938761afd4STetsuo Handa struct path path2; 5948761afd4STetsuo Handa /* 5958761afd4STetsuo Handa * Information on @path1, @path1's parent directory, @path2, @path2's 5968761afd4STetsuo Handa * parent directory. 5978761afd4STetsuo Handa */ 5988761afd4STetsuo Handa struct tomoyo_mini_stat stat[TOMOYO_MAX_PATH_STAT]; 5992ca9bf45STetsuo Handa /* 6002ca9bf45STetsuo Handa * Content of symbolic link to be created. NULL for operations other 6012ca9bf45STetsuo Handa * than symlink(). 6022ca9bf45STetsuo Handa */ 6032ca9bf45STetsuo Handa struct tomoyo_path_info *symlink_target; 6042ca9bf45STetsuo Handa }; 6052ca9bf45STetsuo Handa 6065b636857STetsuo Handa /* Structure for argv[]. */ 6075b636857STetsuo Handa struct tomoyo_argv { 6085b636857STetsuo Handa unsigned long index; 6095b636857STetsuo Handa const struct tomoyo_path_info *value; 6105b636857STetsuo Handa bool is_not; 6115b636857STetsuo Handa }; 6125b636857STetsuo Handa 6135b636857STetsuo Handa /* Structure for envp[]. */ 6145b636857STetsuo Handa struct tomoyo_envp { 6155b636857STetsuo Handa const struct tomoyo_path_info *name; 6165b636857STetsuo Handa const struct tomoyo_path_info *value; 6175b636857STetsuo Handa bool is_not; 6185b636857STetsuo Handa }; 6195b636857STetsuo Handa 6202ca9bf45STetsuo Handa /* Structure for execve() operation. */ 6212ca9bf45STetsuo Handa struct tomoyo_execve { 6222ca9bf45STetsuo Handa struct tomoyo_request_info r; 6232ca9bf45STetsuo Handa struct tomoyo_obj_info obj; 6242ca9bf45STetsuo Handa struct linux_binprm *bprm; 6256bce98edSTetsuo Handa const struct tomoyo_path_info *transition; 6265b636857STetsuo Handa /* For dumping argv[] and envp[]. */ 6275b636857STetsuo Handa struct tomoyo_page_dump dump; 6282ca9bf45STetsuo Handa /* For temporary use. */ 6292ca9bf45STetsuo Handa char *tmp; /* Size is TOMOYO_EXEC_TMPSIZE bytes */ 6308761afd4STetsuo Handa }; 6318761afd4STetsuo Handa 6322066a361STetsuo Handa /* Structure for entries which follows "struct tomoyo_condition". */ 6332066a361STetsuo Handa struct tomoyo_condition_element { 6345b636857STetsuo Handa /* 6355b636857STetsuo Handa * Left hand operand. A "struct tomoyo_argv" for TOMOYO_ARGV_ENTRY, a 6365b636857STetsuo Handa * "struct tomoyo_envp" for TOMOYO_ENVP_ENTRY is attached to the tail 6375b636857STetsuo Handa * of the array of this struct. 6385b636857STetsuo Handa */ 6392066a361STetsuo Handa u8 left; 6405b636857STetsuo Handa /* 6415b636857STetsuo Handa * Right hand operand. A "struct tomoyo_number_union" for 6425b636857STetsuo Handa * TOMOYO_NUMBER_UNION, a "struct tomoyo_name_union" for 6435b636857STetsuo Handa * TOMOYO_NAME_UNION is attached to the tail of the array of this 6445b636857STetsuo Handa * struct. 6455b636857STetsuo Handa */ 6462066a361STetsuo Handa u8 right; 6472066a361STetsuo Handa /* Equation operator. True if equals or overlaps, false otherwise. */ 6482066a361STetsuo Handa bool equals; 6492066a361STetsuo Handa }; 6502066a361STetsuo Handa 6512066a361STetsuo Handa /* Structure for optional arguments. */ 6522066a361STetsuo Handa struct tomoyo_condition { 6532066a361STetsuo Handa struct tomoyo_shared_acl_head head; 6542066a361STetsuo Handa u32 size; /* Memory size allocated for this entry. */ 6552066a361STetsuo Handa u16 condc; /* Number of conditions in this struct. */ 6562066a361STetsuo Handa u16 numbers_count; /* Number of "struct tomoyo_number_union values". */ 6572ca9bf45STetsuo Handa u16 names_count; /* Number of "struct tomoyo_name_union names". */ 6585b636857STetsuo Handa u16 argc; /* Number of "struct tomoyo_argv". */ 6595b636857STetsuo Handa u16 envc; /* Number of "struct tomoyo_envp". */ 6601f067a68STetsuo Handa u8 grant_log; /* One of values in "enum tomoyo_grant_log". */ 6616bce98edSTetsuo Handa const struct tomoyo_path_info *transit; /* Maybe NULL. */ 6622066a361STetsuo Handa /* 6632066a361STetsuo Handa * struct tomoyo_condition_element condition[condc]; 6642066a361STetsuo Handa * struct tomoyo_number_union values[numbers_count]; 6652ca9bf45STetsuo Handa * struct tomoyo_name_union names[names_count]; 6665b636857STetsuo Handa * struct tomoyo_argv argv[argc]; 6675b636857STetsuo Handa * struct tomoyo_envp envp[envc]; 6682066a361STetsuo Handa */ 6692066a361STetsuo Handa }; 6702066a361STetsuo Handa 671b5bc60b4STetsuo Handa /* Common header for individual entries. */ 6729590837bSKentaro Takeda struct tomoyo_acl_info { 6739590837bSKentaro Takeda struct list_head list; 6742066a361STetsuo Handa struct tomoyo_condition *cond; /* Maybe NULL. */ 675f9732ea1STetsuo Handa s8 is_deleted; /* true or false or TOMOYO_GC_IN_PROGRESS */ 676b5bc60b4STetsuo Handa u8 type; /* One of values in "enum tomoyo_acl_entry_type_index". */ 6779590837bSKentaro Takeda } __packed; 6789590837bSKentaro Takeda 679b5bc60b4STetsuo Handa /* Structure for domain information. */ 6809590837bSKentaro Takeda struct tomoyo_domain_info { 6819590837bSKentaro Takeda struct list_head list; 6829590837bSKentaro Takeda struct list_head acl_info_list; 6839590837bSKentaro Takeda /* Name of this domain. Never NULL. */ 6849590837bSKentaro Takeda const struct tomoyo_path_info *domainname; 685bd03a3e4STetsuo Handa /* Namespace for this domain. Never NULL. */ 686bd03a3e4STetsuo Handa struct tomoyo_policy_namespace *ns; 6874b425641STetsuo Handa /* Group numbers to use. */ 6884b425641STetsuo Handa unsigned long group[TOMOYO_MAX_ACL_GROUPS / BITS_PER_LONG]; 6899590837bSKentaro Takeda u8 profile; /* Profile number to use. */ 690a0558fc3STetsuo Handa bool is_deleted; /* Delete flag. */ 6912c47ab93STetsuo Handa bool flags[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; 6928c6cb983STetsuo Handa atomic_t users; /* Number of referring tasks. */ 6939590837bSKentaro Takeda }; 6949590837bSKentaro Takeda 6959590837bSKentaro Takeda /* 696731d37aaSTetsuo Handa * Structure for "task manual_domain_transition" directive. 697731d37aaSTetsuo Handa */ 698731d37aaSTetsuo Handa struct tomoyo_task_acl { 699731d37aaSTetsuo Handa struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MANUAL_TASK_ACL */ 700731d37aaSTetsuo Handa /* Pointer to domainname. */ 701731d37aaSTetsuo Handa const struct tomoyo_path_info *domainname; 702731d37aaSTetsuo Handa }; 703731d37aaSTetsuo Handa 704731d37aaSTetsuo Handa /* 705b5bc60b4STetsuo Handa * Structure for "file execute", "file read", "file write", "file append", 706b5bc60b4STetsuo Handa * "file unlink", "file getattr", "file rmdir", "file truncate", 707b5bc60b4STetsuo Handa * "file symlink", "file chroot" and "file unmount" directive. 7089590837bSKentaro Takeda */ 7097ef61233STetsuo Handa struct tomoyo_path_acl { 7107ef61233STetsuo Handa struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */ 711b5bc60b4STetsuo Handa u16 perm; /* Bitmask of values in "enum tomoyo_path_acl_index". */ 7127762fbffSTetsuo Handa struct tomoyo_name_union name; 7139590837bSKentaro Takeda }; 7149590837bSKentaro Takeda 715c3fa109aSTetsuo Handa /* 716b5bc60b4STetsuo Handa * Structure for "file create", "file mkdir", "file mkfifo", "file mksock", 717b5bc60b4STetsuo Handa * "file ioctl", "file chmod", "file chown" and "file chgrp" directive. 718a1f9bb6aSTetsuo Handa */ 719a1f9bb6aSTetsuo Handa struct tomoyo_path_number_acl { 720a1f9bb6aSTetsuo Handa struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER_ACL */ 721b5bc60b4STetsuo Handa /* Bitmask of values in "enum tomoyo_path_number_acl_index". */ 722a1f9bb6aSTetsuo Handa u8 perm; 723a1f9bb6aSTetsuo Handa struct tomoyo_name_union name; 724a1f9bb6aSTetsuo Handa struct tomoyo_number_union number; 725a1f9bb6aSTetsuo Handa }; 726a1f9bb6aSTetsuo Handa 727b5bc60b4STetsuo Handa /* Structure for "file mkblock" and "file mkchar" directive. */ 72875093152STetsuo Handa struct tomoyo_mkdev_acl { 72975093152STetsuo Handa struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MKDEV_ACL */ 730b5bc60b4STetsuo Handa u8 perm; /* Bitmask of values in "enum tomoyo_mkdev_acl_index". */ 731a1f9bb6aSTetsuo Handa struct tomoyo_name_union name; 732a1f9bb6aSTetsuo Handa struct tomoyo_number_union mode; 733a1f9bb6aSTetsuo Handa struct tomoyo_number_union major; 734a1f9bb6aSTetsuo Handa struct tomoyo_number_union minor; 735a1f9bb6aSTetsuo Handa }; 736a1f9bb6aSTetsuo Handa 737a1f9bb6aSTetsuo Handa /* 738b5bc60b4STetsuo Handa * Structure for "file rename", "file link" and "file pivot_root" directive. 739c3fa109aSTetsuo Handa */ 7407ef61233STetsuo Handa struct tomoyo_path2_acl { 7417ef61233STetsuo Handa struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */ 742b5bc60b4STetsuo Handa u8 perm; /* Bitmask of values in "enum tomoyo_path2_acl_index". */ 7437762fbffSTetsuo Handa struct tomoyo_name_union name1; 7447762fbffSTetsuo Handa struct tomoyo_name_union name2; 7459590837bSKentaro Takeda }; 7469590837bSKentaro Takeda 747b5bc60b4STetsuo Handa /* Structure for "file mount" directive. */ 7482106ccd9STetsuo Handa struct tomoyo_mount_acl { 7492106ccd9STetsuo Handa struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MOUNT_ACL */ 7502106ccd9STetsuo Handa struct tomoyo_name_union dev_name; 7512106ccd9STetsuo Handa struct tomoyo_name_union dir_name; 7522106ccd9STetsuo Handa struct tomoyo_name_union fs_type; 7532106ccd9STetsuo Handa struct tomoyo_number_union flags; 7542106ccd9STetsuo Handa }; 7552106ccd9STetsuo Handa 756d58e0da8STetsuo Handa /* Structure for "misc env" directive in domain policy. */ 757d58e0da8STetsuo Handa struct tomoyo_env_acl { 758d58e0da8STetsuo Handa struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_ENV_ACL */ 759d58e0da8STetsuo Handa const struct tomoyo_path_info *env; /* environment variable */ 760d58e0da8STetsuo Handa }; 761d58e0da8STetsuo Handa 762059d84dbSTetsuo Handa /* Structure for "network inet" directive. */ 763059d84dbSTetsuo Handa struct tomoyo_inet_acl { 764059d84dbSTetsuo Handa struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_INET_ACL */ 765059d84dbSTetsuo Handa u8 protocol; 766059d84dbSTetsuo Handa u8 perm; /* Bitmask of values in "enum tomoyo_network_acl_index" */ 767059d84dbSTetsuo Handa struct tomoyo_ipaddr_union address; 768059d84dbSTetsuo Handa struct tomoyo_number_union port; 769059d84dbSTetsuo Handa }; 770059d84dbSTetsuo Handa 771059d84dbSTetsuo Handa /* Structure for "network unix" directive. */ 772059d84dbSTetsuo Handa struct tomoyo_unix_acl { 773059d84dbSTetsuo Handa struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_UNIX_ACL */ 774059d84dbSTetsuo Handa u8 protocol; 775059d84dbSTetsuo Handa u8 perm; /* Bitmask of values in "enum tomoyo_network_acl_index" */ 776059d84dbSTetsuo Handa struct tomoyo_name_union name; 777059d84dbSTetsuo Handa }; 778059d84dbSTetsuo Handa 779a238cf5bSTetsuo Handa /* Structure for holding a line from /sys/kernel/security/tomoyo/ interface. */ 780a238cf5bSTetsuo Handa struct tomoyo_acl_param { 781a238cf5bSTetsuo Handa char *data; 782a238cf5bSTetsuo Handa struct list_head *list; 783bd03a3e4STetsuo Handa struct tomoyo_policy_namespace *ns; 784a238cf5bSTetsuo Handa bool is_delete; 785a238cf5bSTetsuo Handa }; 786a238cf5bSTetsuo Handa 7870d2171d7STetsuo Handa #define TOMOYO_MAX_IO_READ_QUEUE 64 788f23571e8STetsuo Handa 7892106ccd9STetsuo Handa /* 790f23571e8STetsuo Handa * Structure for reading/writing policy via /sys/kernel/security/tomoyo 791f23571e8STetsuo Handa * interfaces. 792c3fa109aSTetsuo Handa */ 7939590837bSKentaro Takeda struct tomoyo_io_buffer { 794cdcf6723STetsuo Handa void (*read)(struct tomoyo_io_buffer *head); 795cdcf6723STetsuo Handa int (*write)(struct tomoyo_io_buffer *head); 796c0d4be28SAl Viro __poll_t (*poll)(struct file *file, poll_table *wait); 7979590837bSKentaro Takeda /* Exclusive lock for this structure. */ 7989590837bSKentaro Takeda struct mutex io_sem; 799f23571e8STetsuo Handa char __user *read_user_buf; 8002c47ab93STetsuo Handa size_t read_user_buf_avail; 801f23571e8STetsuo Handa struct { 802bd03a3e4STetsuo Handa struct list_head *ns; 803f23571e8STetsuo Handa struct list_head *domain; 804f23571e8STetsuo Handa struct list_head *group; 805f23571e8STetsuo Handa struct list_head *acl; 8062c47ab93STetsuo Handa size_t avail; 8072c47ab93STetsuo Handa unsigned int step; 8082c47ab93STetsuo Handa unsigned int query_index; 809f23571e8STetsuo Handa u16 index; 8102066a361STetsuo Handa u16 cond_index; 81132997144STetsuo Handa u8 acl_group_index; 8122066a361STetsuo Handa u8 cond_step; 813f23571e8STetsuo Handa u8 bit; 814f23571e8STetsuo Handa u8 w_pos; 815f23571e8STetsuo Handa bool eof; 816f23571e8STetsuo Handa bool print_this_domain_only; 817bd03a3e4STetsuo Handa bool print_transition_related_only; 8182066a361STetsuo Handa bool print_cond_part; 819f23571e8STetsuo Handa const char *w[TOMOYO_MAX_IO_READ_QUEUE]; 820f23571e8STetsuo Handa } r; 8210df7e8b8STetsuo Handa struct { 822bd03a3e4STetsuo Handa struct tomoyo_policy_namespace *ns; 8239590837bSKentaro Takeda /* The position currently writing to. */ 8240df7e8b8STetsuo Handa struct tomoyo_domain_info *domain; 8250df7e8b8STetsuo Handa /* Bytes available for writing. */ 8262c47ab93STetsuo Handa size_t avail; 827bd03a3e4STetsuo Handa bool is_delete; 8280df7e8b8STetsuo Handa } w; 8299590837bSKentaro Takeda /* Buffer for reading. */ 8309590837bSKentaro Takeda char *read_buf; 8319590837bSKentaro Takeda /* Size of read buffer. */ 8322c47ab93STetsuo Handa size_t readbuf_size; 8339590837bSKentaro Takeda /* Buffer for writing. */ 8349590837bSKentaro Takeda char *write_buf; 8359590837bSKentaro Takeda /* Size of write buffer. */ 8362c47ab93STetsuo Handa size_t writebuf_size; 83717fcfbd9STetsuo Handa /* Type of this interface. */ 8382c47ab93STetsuo Handa enum tomoyo_securityfs_interface_index type; 8392e503bbbSTetsuo Handa /* Users counter protected by tomoyo_io_buffer_list_lock. */ 8402e503bbbSTetsuo Handa u8 users; 8412e503bbbSTetsuo Handa /* List for telling GC not to kfree() elements. */ 8422e503bbbSTetsuo Handa struct list_head list; 8439590837bSKentaro Takeda }; 8449590837bSKentaro Takeda 84576bb0895STetsuo Handa /* 846b5bc60b4STetsuo Handa * Structure for "initialize_domain"/"no_initialize_domain"/"keep_domain"/ 847b5bc60b4STetsuo Handa * "no_keep_domain" keyword. 84876bb0895STetsuo Handa */ 8495448ec4fSTetsuo Handa struct tomoyo_transition_control { 85082e0f001STetsuo Handa struct tomoyo_acl_head head; 8515448ec4fSTetsuo Handa u8 type; /* One of values in "enum tomoyo_transition_type". */ 85276bb0895STetsuo Handa /* True if the domainname is tomoyo_get_last_name(). */ 85376bb0895STetsuo Handa bool is_last_name; 8545448ec4fSTetsuo Handa const struct tomoyo_path_info *domainname; /* Maybe NULL */ 8555448ec4fSTetsuo Handa const struct tomoyo_path_info *program; /* Maybe NULL */ 85676bb0895STetsuo Handa }; 85776bb0895STetsuo Handa 858b5bc60b4STetsuo Handa /* Structure for "aggregator" keyword. */ 859e2bf6907STetsuo Handa struct tomoyo_aggregator { 86082e0f001STetsuo Handa struct tomoyo_acl_head head; 8611084307cSTetsuo Handa const struct tomoyo_path_info *original_name; 8621084307cSTetsuo Handa const struct tomoyo_path_info *aggregated_name; 8631084307cSTetsuo Handa }; 8641084307cSTetsuo Handa 865b5bc60b4STetsuo Handa /* Structure for policy manager. */ 866e2bf6907STetsuo Handa struct tomoyo_manager { 86782e0f001STetsuo Handa struct tomoyo_acl_head head; 86876bb0895STetsuo Handa /* A path to program or a domainname. */ 86976bb0895STetsuo Handa const struct tomoyo_path_info *manager; 87076bb0895STetsuo Handa }; 87176bb0895STetsuo Handa 87257c2590fSTetsuo Handa struct tomoyo_preference { 87357c2590fSTetsuo Handa unsigned int learning_max_entry; 87457c2590fSTetsuo Handa bool enforcing_verbose; 87557c2590fSTetsuo Handa bool learning_verbose; 87657c2590fSTetsuo Handa bool permissive_verbose; 87757c2590fSTetsuo Handa }; 87857c2590fSTetsuo Handa 879b5bc60b4STetsuo Handa /* Structure for /sys/kernel/security/tomnoyo/profile interface. */ 88057c2590fSTetsuo Handa struct tomoyo_profile { 88157c2590fSTetsuo Handa const struct tomoyo_path_info *comment; 88257c2590fSTetsuo Handa struct tomoyo_preference *learning; 88357c2590fSTetsuo Handa struct tomoyo_preference *permissive; 88457c2590fSTetsuo Handa struct tomoyo_preference *enforcing; 88557c2590fSTetsuo Handa struct tomoyo_preference preference; 88657c2590fSTetsuo Handa u8 default_config; 88757c2590fSTetsuo Handa u8 config[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX]; 888d5ca1725STetsuo Handa unsigned int pref[TOMOYO_MAX_PREF]; 88957c2590fSTetsuo Handa }; 89057c2590fSTetsuo Handa 891eadd99ccSTetsuo Handa /* Structure for representing YYYY/MM/DD hh/mm/ss. */ 892eadd99ccSTetsuo Handa struct tomoyo_time { 893eadd99ccSTetsuo Handa u16 year; 894eadd99ccSTetsuo Handa u8 month; 895eadd99ccSTetsuo Handa u8 day; 896eadd99ccSTetsuo Handa u8 hour; 897eadd99ccSTetsuo Handa u8 min; 898eadd99ccSTetsuo Handa u8 sec; 899eadd99ccSTetsuo Handa }; 900eadd99ccSTetsuo Handa 901bd03a3e4STetsuo Handa /* Structure for policy namespace. */ 902bd03a3e4STetsuo Handa struct tomoyo_policy_namespace { 903bd03a3e4STetsuo Handa /* Profile table. Memory is allocated as needed. */ 904bd03a3e4STetsuo Handa struct tomoyo_profile *profile_ptr[TOMOYO_MAX_PROFILES]; 905bd03a3e4STetsuo Handa /* List of "struct tomoyo_group". */ 906bd03a3e4STetsuo Handa struct list_head group_list[TOMOYO_MAX_GROUP]; 907bd03a3e4STetsuo Handa /* List of policy. */ 908bd03a3e4STetsuo Handa struct list_head policy_list[TOMOYO_MAX_POLICY]; 909bd03a3e4STetsuo Handa /* The global ACL referred by "use_group" keyword. */ 910bd03a3e4STetsuo Handa struct list_head acl_group[TOMOYO_MAX_ACL_GROUPS]; 911bd03a3e4STetsuo Handa /* List for connecting to tomoyo_namespace_list list. */ 912bd03a3e4STetsuo Handa struct list_head namespace_list; 913861f4bcfSTetsuo Handa /* Profile version. Currently only 20150505 is defined. */ 914bd03a3e4STetsuo Handa unsigned int profile_version; 915bd03a3e4STetsuo Handa /* Name of this namespace (e.g. "<kernel>", "</usr/sbin/httpd>" ). */ 916bd03a3e4STetsuo Handa const char *name; 917bd03a3e4STetsuo Handa }; 918bd03a3e4STetsuo Handa 9198c6cb983STetsuo Handa /* Structure for "struct task_struct"->security. */ 9208c6cb983STetsuo Handa struct tomoyo_task { 9218c6cb983STetsuo Handa struct tomoyo_domain_info *domain_info; 9228c6cb983STetsuo Handa struct tomoyo_domain_info *old_domain_info; 9238c6cb983STetsuo Handa }; 9248c6cb983STetsuo Handa 92576bb0895STetsuo Handa /********** Function prototypes. **********/ 92676bb0895STetsuo Handa 927059d84dbSTetsuo Handa bool tomoyo_address_matches_group(const bool is_ipv6, const __be32 *address, 928059d84dbSTetsuo Handa const struct tomoyo_group *group); 9292106ccd9STetsuo Handa bool tomoyo_compare_number_union(const unsigned long value, 9302106ccd9STetsuo Handa const struct tomoyo_number_union *ptr); 9312066a361STetsuo Handa bool tomoyo_condition(struct tomoyo_request_info *r, 9322066a361STetsuo Handa const struct tomoyo_condition *cond); 93375093152STetsuo Handa bool tomoyo_correct_domain(const unsigned char *domainname); 93475093152STetsuo Handa bool tomoyo_correct_path(const char *filename); 93575093152STetsuo Handa bool tomoyo_correct_word(const char *string); 93675093152STetsuo Handa bool tomoyo_domain_def(const unsigned char *buffer); 9373ddf17f0STetsuo Handa bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r); 9385b636857STetsuo Handa bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos, 9395b636857STetsuo Handa struct tomoyo_page_dump *dump); 9403ddf17f0STetsuo Handa bool tomoyo_memory_ok(void *ptr); 9414c3e9e2dSTetsuo Handa bool tomoyo_number_matches_group(const unsigned long min, 9424c3e9e2dSTetsuo Handa const unsigned long max, 943a98aa4deSTetsuo Handa const struct tomoyo_group *group); 944059d84dbSTetsuo Handa bool tomoyo_parse_ipaddr_union(struct tomoyo_acl_param *param, 945059d84dbSTetsuo Handa struct tomoyo_ipaddr_union *ptr); 9463ddf17f0STetsuo Handa bool tomoyo_parse_name_union(struct tomoyo_acl_param *param, 9473ddf17f0STetsuo Handa struct tomoyo_name_union *ptr); 948a238cf5bSTetsuo Handa bool tomoyo_parse_number_union(struct tomoyo_acl_param *param, 949a238cf5bSTetsuo Handa struct tomoyo_number_union *ptr); 9503ddf17f0STetsuo Handa bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, 9513ddf17f0STetsuo Handa const struct tomoyo_path_info *pattern); 9523ddf17f0STetsuo Handa bool tomoyo_permstr(const char *string, const char *keyword); 9533ddf17f0STetsuo Handa bool tomoyo_str_starts(char **src, const char *find); 9543ddf17f0STetsuo Handa char *tomoyo_encode(const char *str); 955059d84dbSTetsuo Handa char *tomoyo_encode2(const char *str, int str_len); 9563ddf17f0STetsuo Handa char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt, 9573ddf17f0STetsuo Handa va_list args); 9583ddf17f0STetsuo Handa char *tomoyo_read_token(struct tomoyo_acl_param *param); 95922473862SAl Viro char *tomoyo_realpath_from_path(const struct path *path); 9603ddf17f0STetsuo Handa char *tomoyo_realpath_nofollow(const char *pathname); 9613ddf17f0STetsuo Handa const char *tomoyo_get_exe(void); 9623ddf17f0STetsuo Handa const char *tomoyo_yesno(const unsigned int value); 9633ddf17f0STetsuo Handa const struct tomoyo_path_info *tomoyo_compare_name_union 9643ddf17f0STetsuo Handa (const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr); 965731d37aaSTetsuo Handa const struct tomoyo_path_info *tomoyo_get_domainname 966731d37aaSTetsuo Handa (struct tomoyo_acl_param *param); 9673ddf17f0STetsuo Handa const struct tomoyo_path_info *tomoyo_get_name(const char *name); 9683ddf17f0STetsuo Handa const struct tomoyo_path_info *tomoyo_path_matches_group 9693ddf17f0STetsuo Handa (const struct tomoyo_path_info *pathname, const struct tomoyo_group *group); 9703ddf17f0STetsuo Handa int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, 971e6641eddSAl Viro const struct path *path, const int flag); 972e53cfda5SAl Viro void tomoyo_close_control(struct tomoyo_io_buffer *head); 973d58e0da8STetsuo Handa int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env); 9746bce98edSTetsuo Handa int tomoyo_execute_permission(struct tomoyo_request_info *r, 9756bce98edSTetsuo Handa const struct tomoyo_path_info *filename); 9763ddf17f0STetsuo Handa int tomoyo_find_next_domain(struct linux_binprm *bprm); 9773ddf17f0STetsuo Handa int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, 9783ddf17f0STetsuo Handa const u8 index); 9792106ccd9STetsuo Handa int tomoyo_init_request_info(struct tomoyo_request_info *r, 98057c2590fSTetsuo Handa struct tomoyo_domain_info *domain, 98157c2590fSTetsuo Handa const u8 index); 982e6641eddSAl Viro int tomoyo_mkdev_perm(const u8 operation, const struct path *path, 9833ddf17f0STetsuo Handa const unsigned int mode, unsigned int dev); 984e6641eddSAl Viro int tomoyo_mount_permission(const char *dev_name, const struct path *path, 985b5bc60b4STetsuo Handa const char *type, unsigned long flags, 986b5bc60b4STetsuo Handa void *data_page); 9873ddf17f0STetsuo Handa int tomoyo_open_control(const u8 type, struct file *file); 988e6641eddSAl Viro int tomoyo_path2_perm(const u8 operation, const struct path *path1, 989e6641eddSAl Viro const struct path *path2); 990e6641eddSAl Viro int tomoyo_path_number_perm(const u8 operation, const struct path *path, 9913ddf17f0STetsuo Handa unsigned long number); 9923f7036a0SAl Viro int tomoyo_path_perm(const u8 operation, const struct path *path, 99397fb35e4STetsuo Handa const char *target); 994c0d4be28SAl Viro __poll_t tomoyo_poll_control(struct file *file, poll_table *wait); 995c0d4be28SAl Viro __poll_t tomoyo_poll_log(struct file *file, poll_table *wait); 996059d84dbSTetsuo Handa int tomoyo_socket_bind_permission(struct socket *sock, struct sockaddr *addr, 997059d84dbSTetsuo Handa int addr_len); 998059d84dbSTetsuo Handa int tomoyo_socket_connect_permission(struct socket *sock, 999059d84dbSTetsuo Handa struct sockaddr *addr, int addr_len); 1000059d84dbSTetsuo Handa int tomoyo_socket_listen_permission(struct socket *sock); 1001059d84dbSTetsuo Handa int tomoyo_socket_sendmsg_permission(struct socket *sock, struct msghdr *msg, 1002059d84dbSTetsuo Handa int size); 10033ddf17f0STetsuo Handa int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) 10043ddf17f0STetsuo Handa __printf(2, 3); 1005237ab459STetsuo Handa int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, 1006a238cf5bSTetsuo Handa struct tomoyo_acl_param *param, 10073ddf17f0STetsuo Handa bool (*check_duplicate) 10083ddf17f0STetsuo Handa (const struct tomoyo_acl_info *, 10093ddf17f0STetsuo Handa const struct tomoyo_acl_info *), 10103ddf17f0STetsuo Handa bool (*merge_duplicate) 10113ddf17f0STetsuo Handa (struct tomoyo_acl_info *, struct tomoyo_acl_info *, 1012237ab459STetsuo Handa const bool)); 101336f5e1ffSTetsuo Handa int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, 1014a238cf5bSTetsuo Handa struct tomoyo_acl_param *param, 10153ddf17f0STetsuo Handa bool (*check_duplicate) 10163ddf17f0STetsuo Handa (const struct tomoyo_acl_head *, 10173ddf17f0STetsuo Handa const struct tomoyo_acl_head *)); 10183ddf17f0STetsuo Handa int tomoyo_write_aggregator(struct tomoyo_acl_param *param); 10193ddf17f0STetsuo Handa int tomoyo_write_file(struct tomoyo_acl_param *param); 10203ddf17f0STetsuo Handa int tomoyo_write_group(struct tomoyo_acl_param *param, const u8 type); 1021d58e0da8STetsuo Handa int tomoyo_write_misc(struct tomoyo_acl_param *param); 1022059d84dbSTetsuo Handa int tomoyo_write_inet_network(struct tomoyo_acl_param *param); 10233ddf17f0STetsuo Handa int tomoyo_write_transition_control(struct tomoyo_acl_param *param, 10243ddf17f0STetsuo Handa const u8 type); 1025059d84dbSTetsuo Handa int tomoyo_write_unix_network(struct tomoyo_acl_param *param); 10263ddf17f0STetsuo Handa ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, 10273ddf17f0STetsuo Handa const int buffer_len); 10283ddf17f0STetsuo Handa ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, 10293ddf17f0STetsuo Handa const char __user *buffer, const int buffer_len); 10302066a361STetsuo Handa struct tomoyo_condition *tomoyo_get_condition(struct tomoyo_acl_param *param); 10313ddf17f0STetsuo Handa struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, 10323ddf17f0STetsuo Handa const bool transit); 10338c6cb983STetsuo Handa struct tomoyo_domain_info *tomoyo_domain(void); 10343ddf17f0STetsuo Handa struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); 10353ddf17f0STetsuo Handa struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, 10363ddf17f0STetsuo Handa const u8 idx); 10373ddf17f0STetsuo Handa struct tomoyo_policy_namespace *tomoyo_assign_namespace 10383ddf17f0STetsuo Handa (const char *domainname); 10393ddf17f0STetsuo Handa struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, 10403ddf17f0STetsuo Handa const u8 profile); 10413ddf17f0STetsuo Handa unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, 10423ddf17f0STetsuo Handa const u8 index); 10432066a361STetsuo Handa u8 tomoyo_parse_ulong(unsigned long *result, char **str); 10443ddf17f0STetsuo Handa void *tomoyo_commit_ok(void *data, const unsigned int size); 10453ddf17f0STetsuo Handa void __init tomoyo_load_builtin_policy(void); 10463ddf17f0STetsuo Handa void __init tomoyo_mm_init(void); 104799a85259STetsuo Handa void tomoyo_check_acl(struct tomoyo_request_info *r, 1048484ca79cSTetsuo Handa bool (*check_entry)(struct tomoyo_request_info *, 104999a85259STetsuo Handa const struct tomoyo_acl_info *)); 10503ddf17f0STetsuo Handa void tomoyo_check_profile(void); 105192734092SArnd Bergmann void tomoyo_convert_time(time64_t time, struct tomoyo_time *stamp); 10522066a361STetsuo Handa void tomoyo_del_condition(struct list_head *element); 10533ddf17f0STetsuo Handa void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); 10548761afd4STetsuo Handa void tomoyo_get_attributes(struct tomoyo_obj_info *obj); 10553ddf17f0STetsuo Handa void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns); 10563ddf17f0STetsuo Handa void tomoyo_load_policy(const char *filename); 10573ddf17f0STetsuo Handa void tomoyo_normalize_line(unsigned char *buffer); 10583ddf17f0STetsuo Handa void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register); 1059059d84dbSTetsuo Handa void tomoyo_print_ip(char *buf, const unsigned int size, 1060059d84dbSTetsuo Handa const struct tomoyo_ipaddr_union *ptr); 10613ddf17f0STetsuo Handa void tomoyo_print_ulong(char *buffer, const int buffer_len, 10623ddf17f0STetsuo Handa const unsigned long value, const u8 type); 10633ddf17f0STetsuo Handa void tomoyo_put_name_union(struct tomoyo_name_union *ptr); 10643ddf17f0STetsuo Handa void tomoyo_put_number_union(struct tomoyo_number_union *ptr); 1065eadd99ccSTetsuo Handa void tomoyo_read_log(struct tomoyo_io_buffer *head); 10663ddf17f0STetsuo Handa void tomoyo_update_stat(const u8 index); 10673ddf17f0STetsuo Handa void tomoyo_warn_oom(const char *function); 10683ddf17f0STetsuo Handa void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) 10693ddf17f0STetsuo Handa __printf(2, 3); 10703ddf17f0STetsuo Handa void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, 1071eadd99ccSTetsuo Handa va_list args); 1072eadd99ccSTetsuo Handa 107376bb0895STetsuo Handa /********** External variable definitions. **********/ 107476bb0895STetsuo Handa 107576bb0895STetsuo Handa extern bool tomoyo_policy_loaded; 107643fc4609SCasey Schaufler extern int tomoyo_enabled; 10772066a361STetsuo Handa extern const char * const tomoyo_condition_keyword 10782066a361STetsuo Handa [TOMOYO_MAX_CONDITION_KEYWORD]; 10793ddf17f0STetsuo Handa extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; 10803ddf17f0STetsuo Handa extern const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX 10813ddf17f0STetsuo Handa + TOMOYO_MAX_MAC_CATEGORY_INDEX]; 10823ddf17f0STetsuo Handa extern const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE]; 10832c47ab93STetsuo Handa extern const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; 1084059d84dbSTetsuo Handa extern const char * const tomoyo_proto_keyword[TOMOYO_SOCK_MAX]; 1085059d84dbSTetsuo Handa extern const char * const tomoyo_socket_keyword[TOMOYO_MAX_NETWORK_OPERATION]; 10862c47ab93STetsuo Handa extern const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX]; 10873ddf17f0STetsuo Handa extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION]; 10880d2171d7STetsuo Handa extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION]; 10890d2171d7STetsuo Handa extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION]; 10902066a361STetsuo Handa extern struct list_head tomoyo_condition_list; 10913ddf17f0STetsuo Handa extern struct list_head tomoyo_domain_list; 10923ddf17f0STetsuo Handa extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; 10933ddf17f0STetsuo Handa extern struct list_head tomoyo_namespace_list; 10943ddf17f0STetsuo Handa extern struct mutex tomoyo_policy_lock; 10953ddf17f0STetsuo Handa extern struct srcu_struct tomoyo_ss; 10963ddf17f0STetsuo Handa extern struct tomoyo_domain_info tomoyo_kernel_domain; 10973ddf17f0STetsuo Handa extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; 1098eadd99ccSTetsuo Handa extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT]; 1099eadd99ccSTetsuo Handa extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT]; 1100bbd3662aSCasey Schaufler extern struct lsm_blob_sizes tomoyo_blob_sizes; 110117fcfbd9STetsuo Handa 110276bb0895STetsuo Handa /********** Inlined functions. **********/ 110376bb0895STetsuo Handa 1104b5bc60b4STetsuo Handa /** 1105b5bc60b4STetsuo Handa * tomoyo_read_lock - Take lock for protecting policy. 1106b5bc60b4STetsuo Handa * 1107b5bc60b4STetsuo Handa * Returns index number for tomoyo_read_unlock(). 1108b5bc60b4STetsuo Handa */ 110976bb0895STetsuo Handa static inline int tomoyo_read_lock(void) 111076bb0895STetsuo Handa { 111176bb0895STetsuo Handa return srcu_read_lock(&tomoyo_ss); 111276bb0895STetsuo Handa } 111376bb0895STetsuo Handa 1114b5bc60b4STetsuo Handa /** 1115b5bc60b4STetsuo Handa * tomoyo_read_unlock - Release lock for protecting policy. 1116b5bc60b4STetsuo Handa * 1117b5bc60b4STetsuo Handa * @idx: Index number returned by tomoyo_read_lock(). 1118b5bc60b4STetsuo Handa * 1119b5bc60b4STetsuo Handa * Returns nothing. 1120b5bc60b4STetsuo Handa */ 112176bb0895STetsuo Handa static inline void tomoyo_read_unlock(int idx) 112276bb0895STetsuo Handa { 112376bb0895STetsuo Handa srcu_read_unlock(&tomoyo_ss, idx); 112476bb0895STetsuo Handa } 112576bb0895STetsuo Handa 1126b5bc60b4STetsuo Handa /** 11272066a361STetsuo Handa * tomoyo_sys_getppid - Copy of getppid(). 11282066a361STetsuo Handa * 11292066a361STetsuo Handa * Returns parent process's PID. 11302066a361STetsuo Handa * 11312066a361STetsuo Handa * Alpha does not have getppid() defined. To be able to build this module on 11322066a361STetsuo Handa * Alpha, I have to copy getppid() from kernel/timer.c. 11332066a361STetsuo Handa */ 11342066a361STetsuo Handa static inline pid_t tomoyo_sys_getppid(void) 11352066a361STetsuo Handa { 11362066a361STetsuo Handa pid_t pid; 1137cdcf6723STetsuo Handa 11382066a361STetsuo Handa rcu_read_lock(); 1139bb80d880SKees Cook pid = task_tgid_vnr(rcu_dereference(current->real_parent)); 11402066a361STetsuo Handa rcu_read_unlock(); 11412066a361STetsuo Handa return pid; 11422066a361STetsuo Handa } 11432066a361STetsuo Handa 11442066a361STetsuo Handa /** 11452066a361STetsuo Handa * tomoyo_sys_getpid - Copy of getpid(). 11462066a361STetsuo Handa * 11472066a361STetsuo Handa * Returns current thread's PID. 11482066a361STetsuo Handa * 11492066a361STetsuo Handa * Alpha does not have getpid() defined. To be able to build this module on 11502066a361STetsuo Handa * Alpha, I have to copy getpid() from kernel/timer.c. 11512066a361STetsuo Handa */ 11522066a361STetsuo Handa static inline pid_t tomoyo_sys_getpid(void) 11532066a361STetsuo Handa { 11542066a361STetsuo Handa return task_tgid_vnr(current); 11552066a361STetsuo Handa } 11562066a361STetsuo Handa 11572066a361STetsuo Handa /** 1158b5bc60b4STetsuo Handa * tomoyo_pathcmp - strcmp() for "struct tomoyo_path_info" structure. 1159b5bc60b4STetsuo Handa * 1160b5bc60b4STetsuo Handa * @a: Pointer to "struct tomoyo_path_info". 1161b5bc60b4STetsuo Handa * @b: Pointer to "struct tomoyo_path_info". 1162b5bc60b4STetsuo Handa * 1163b5bc60b4STetsuo Handa * Returns true if @a == @b, false otherwise. 1164b5bc60b4STetsuo Handa */ 11659590837bSKentaro Takeda static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, 11669590837bSKentaro Takeda const struct tomoyo_path_info *b) 11679590837bSKentaro Takeda { 11689590837bSKentaro Takeda return a->hash != b->hash || strcmp(a->name, b->name); 11699590837bSKentaro Takeda } 11709590837bSKentaro Takeda 11719590837bSKentaro Takeda /** 1172b5bc60b4STetsuo Handa * tomoyo_put_name - Drop reference on "struct tomoyo_name". 1173b5bc60b4STetsuo Handa * 1174b5bc60b4STetsuo Handa * @name: Pointer to "struct tomoyo_path_info". Maybe NULL. 1175b5bc60b4STetsuo Handa * 1176b5bc60b4STetsuo Handa * Returns nothing. 1177b5bc60b4STetsuo Handa */ 117876bb0895STetsuo Handa static inline void tomoyo_put_name(const struct tomoyo_path_info *name) 117976bb0895STetsuo Handa { 118076bb0895STetsuo Handa if (name) { 1181e2bf6907STetsuo Handa struct tomoyo_name *ptr = 1182e2bf6907STetsuo Handa container_of(name, typeof(*ptr), entry); 11830df7e8b8STetsuo Handa atomic_dec(&ptr->head.users); 118476bb0895STetsuo Handa } 118576bb0895STetsuo Handa } 11869590837bSKentaro Takeda 1187b5bc60b4STetsuo Handa /** 11882066a361STetsuo Handa * tomoyo_put_condition - Drop reference on "struct tomoyo_condition". 11892066a361STetsuo Handa * 11902066a361STetsuo Handa * @cond: Pointer to "struct tomoyo_condition". Maybe NULL. 11912066a361STetsuo Handa * 11922066a361STetsuo Handa * Returns nothing. 11932066a361STetsuo Handa */ 11942066a361STetsuo Handa static inline void tomoyo_put_condition(struct tomoyo_condition *cond) 11952066a361STetsuo Handa { 11962066a361STetsuo Handa if (cond) 11972066a361STetsuo Handa atomic_dec(&cond->head.users); 11982066a361STetsuo Handa } 11992066a361STetsuo Handa 12002066a361STetsuo Handa /** 1201b5bc60b4STetsuo Handa * tomoyo_put_group - Drop reference on "struct tomoyo_group". 1202b5bc60b4STetsuo Handa * 1203b5bc60b4STetsuo Handa * @group: Pointer to "struct tomoyo_group". Maybe NULL. 1204b5bc60b4STetsuo Handa * 1205b5bc60b4STetsuo Handa * Returns nothing. 1206b5bc60b4STetsuo Handa */ 1207a98aa4deSTetsuo Handa static inline void tomoyo_put_group(struct tomoyo_group *group) 12084c3e9e2dSTetsuo Handa { 12094c3e9e2dSTetsuo Handa if (group) 12100df7e8b8STetsuo Handa atomic_dec(&group->head.users); 12114c3e9e2dSTetsuo Handa } 12124c3e9e2dSTetsuo Handa 1213b5bc60b4STetsuo Handa /** 12148c6cb983STetsuo Handa * tomoyo_task - Get "struct tomoyo_task" for specified thread. 121543fc4609SCasey Schaufler * 12168c6cb983STetsuo Handa * @task - Pointer to "struct task_struct". 12178c6cb983STetsuo Handa * 12188c6cb983STetsuo Handa * Returns pointer to "struct tomoyo_task" for specified thread. 121943fc4609SCasey Schaufler */ 12208c6cb983STetsuo Handa static inline struct tomoyo_task *tomoyo_task(struct task_struct *task) 122143fc4609SCasey Schaufler { 12228c6cb983STetsuo Handa return task->security + tomoyo_blob_sizes.lbs_task; 122376bb0895STetsuo Handa } 12249590837bSKentaro Takeda 1225b5bc60b4STetsuo Handa /** 1226b5bc60b4STetsuo Handa * tomoyo_same_name_union - Check for duplicated "struct tomoyo_name_union" entry. 1227b5bc60b4STetsuo Handa * 1228b5bc60b4STetsuo Handa * @a: Pointer to "struct tomoyo_name_union". 1229b5bc60b4STetsuo Handa * @b: Pointer to "struct tomoyo_name_union". 1230b5bc60b4STetsuo Handa * 1231b5bc60b4STetsuo Handa * Returns true if @a == @b, false otherwise. 1232b5bc60b4STetsuo Handa */ 123375093152STetsuo Handa static inline bool tomoyo_same_name_union 1234b5bc60b4STetsuo Handa (const struct tomoyo_name_union *a, const struct tomoyo_name_union *b) 12357762fbffSTetsuo Handa { 12360df7e8b8STetsuo Handa return a->filename == b->filename && a->group == b->group; 12377762fbffSTetsuo Handa } 12387762fbffSTetsuo Handa 1239b5bc60b4STetsuo Handa /** 1240b5bc60b4STetsuo Handa * tomoyo_same_number_union - Check for duplicated "struct tomoyo_number_union" entry. 1241b5bc60b4STetsuo Handa * 1242b5bc60b4STetsuo Handa * @a: Pointer to "struct tomoyo_number_union". 1243b5bc60b4STetsuo Handa * @b: Pointer to "struct tomoyo_number_union". 1244b5bc60b4STetsuo Handa * 1245b5bc60b4STetsuo Handa * Returns true if @a == @b, false otherwise. 1246b5bc60b4STetsuo Handa */ 124775093152STetsuo Handa static inline bool tomoyo_same_number_union 1248b5bc60b4STetsuo Handa (const struct tomoyo_number_union *a, const struct tomoyo_number_union *b) 12494c3e9e2dSTetsuo Handa { 1250b5bc60b4STetsuo Handa return a->values[0] == b->values[0] && a->values[1] == b->values[1] && 12510df7e8b8STetsuo Handa a->group == b->group && a->value_type[0] == b->value_type[0] && 12520df7e8b8STetsuo Handa a->value_type[1] == b->value_type[1]; 12534c3e9e2dSTetsuo Handa } 12544c3e9e2dSTetsuo Handa 1255bd03a3e4STetsuo Handa /** 1256059d84dbSTetsuo Handa * tomoyo_same_ipaddr_union - Check for duplicated "struct tomoyo_ipaddr_union" entry. 1257059d84dbSTetsuo Handa * 1258059d84dbSTetsuo Handa * @a: Pointer to "struct tomoyo_ipaddr_union". 1259059d84dbSTetsuo Handa * @b: Pointer to "struct tomoyo_ipaddr_union". 1260059d84dbSTetsuo Handa * 1261059d84dbSTetsuo Handa * Returns true if @a == @b, false otherwise. 1262059d84dbSTetsuo Handa */ 1263059d84dbSTetsuo Handa static inline bool tomoyo_same_ipaddr_union 1264059d84dbSTetsuo Handa (const struct tomoyo_ipaddr_union *a, const struct tomoyo_ipaddr_union *b) 1265059d84dbSTetsuo Handa { 1266059d84dbSTetsuo Handa return !memcmp(a->ip, b->ip, sizeof(a->ip)) && a->group == b->group && 1267059d84dbSTetsuo Handa a->is_ipv6 == b->is_ipv6; 1268059d84dbSTetsuo Handa } 1269059d84dbSTetsuo Handa 1270059d84dbSTetsuo Handa /** 1271bd03a3e4STetsuo Handa * tomoyo_current_namespace - Get "struct tomoyo_policy_namespace" for current thread. 1272bd03a3e4STetsuo Handa * 1273bd03a3e4STetsuo Handa * Returns pointer to "struct tomoyo_policy_namespace" for current thread. 1274bd03a3e4STetsuo Handa */ 1275bd03a3e4STetsuo Handa static inline struct tomoyo_policy_namespace *tomoyo_current_namespace(void) 1276bd03a3e4STetsuo Handa { 1277bd03a3e4STetsuo Handa return tomoyo_domain()->ns; 1278bd03a3e4STetsuo Handa } 1279bd03a3e4STetsuo Handa 1280eadd99ccSTetsuo Handa #if defined(CONFIG_SLOB) 1281eadd99ccSTetsuo Handa 1282eadd99ccSTetsuo Handa /** 1283eadd99ccSTetsuo Handa * tomoyo_round2 - Round up to power of 2 for calculating memory usage. 1284eadd99ccSTetsuo Handa * 1285eadd99ccSTetsuo Handa * @size: Size to be rounded up. 1286eadd99ccSTetsuo Handa * 1287eadd99ccSTetsuo Handa * Returns @size. 1288eadd99ccSTetsuo Handa * 1289eadd99ccSTetsuo Handa * Since SLOB does not round up, this function simply returns @size. 1290eadd99ccSTetsuo Handa */ 1291eadd99ccSTetsuo Handa static inline int tomoyo_round2(size_t size) 1292eadd99ccSTetsuo Handa { 1293eadd99ccSTetsuo Handa return size; 1294eadd99ccSTetsuo Handa } 1295eadd99ccSTetsuo Handa 1296eadd99ccSTetsuo Handa #else 1297eadd99ccSTetsuo Handa 1298eadd99ccSTetsuo Handa /** 1299eadd99ccSTetsuo Handa * tomoyo_round2 - Round up to power of 2 for calculating memory usage. 1300eadd99ccSTetsuo Handa * 1301eadd99ccSTetsuo Handa * @size: Size to be rounded up. 1302eadd99ccSTetsuo Handa * 1303eadd99ccSTetsuo Handa * Returns rounded size. 1304eadd99ccSTetsuo Handa * 1305eadd99ccSTetsuo Handa * Strictly speaking, SLAB may be able to allocate (e.g.) 96 bytes instead of 1306eadd99ccSTetsuo Handa * (e.g.) 128 bytes. 1307eadd99ccSTetsuo Handa */ 1308eadd99ccSTetsuo Handa static inline int tomoyo_round2(size_t size) 1309eadd99ccSTetsuo Handa { 1310eadd99ccSTetsuo Handa #if PAGE_SIZE == 4096 1311eadd99ccSTetsuo Handa size_t bsize = 32; 1312eadd99ccSTetsuo Handa #else 1313eadd99ccSTetsuo Handa size_t bsize = 64; 1314eadd99ccSTetsuo Handa #endif 1315eadd99ccSTetsuo Handa if (!size) 1316eadd99ccSTetsuo Handa return 0; 1317eadd99ccSTetsuo Handa while (size > bsize) 1318eadd99ccSTetsuo Handa bsize <<= 1; 1319eadd99ccSTetsuo Handa return bsize; 1320eadd99ccSTetsuo Handa } 1321eadd99ccSTetsuo Handa 1322eadd99ccSTetsuo Handa #endif 1323eadd99ccSTetsuo Handa 13249590837bSKentaro Takeda /** 13259590837bSKentaro Takeda * list_for_each_cookie - iterate over a list with cookie. 13269590837bSKentaro Takeda * @pos: the &struct list_head to use as a loop cursor. 13279590837bSKentaro Takeda * @head: the head for your list. 13289590837bSKentaro Takeda */ 1329475e6fa3STetsuo Handa #define list_for_each_cookie(pos, head) \ 1330475e6fa3STetsuo Handa if (!pos) \ 1331475e6fa3STetsuo Handa pos = srcu_dereference((head)->next, &tomoyo_ss); \ 1332475e6fa3STetsuo Handa for ( ; pos != (head); pos = srcu_dereference(pos->next, &tomoyo_ss)) 1333fdb8ebb7STetsuo Handa 13349590837bSKentaro Takeda #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ 1335