search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
TOMOYO: Add ACL group support.
[linux-2.6.git] / security / tomoyo / common.c
blob507ebf01e43bd8afdb5057b3d8f48d2c78573bcd
1 /*
2 * security/tomoyo/common.c
3 *
4 * Common functions for TOMOYO.
5 *
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
7 */
8
9 #include <linux/uaccess.h>
10 #include <linux/slab.h>
11 #include <linux/security.h>
12 #include "common.h"
13
14 /* Profile version. Currently only 20090903 is defined. */
15 static unsigned int tomoyo_profile_version;
16
17 /* Profile table. Memory is allocated as needed. */
18 static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES];
19
20 /* String table for operation mode. */
21 const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = {
22 [TOMOYO_CONFIG_DISABLED] = "disabled",
23 [TOMOYO_CONFIG_LEARNING] = "learning",
24 [TOMOYO_CONFIG_PERMISSIVE] = "permissive",
25 [TOMOYO_CONFIG_ENFORCING] = "enforcing"
26 };
27
28 /* String table for /sys/kernel/security/tomoyo/profile */
29 static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
30 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
31 [TOMOYO_MAC_FILE_EXECUTE] = "file::execute",
32 [TOMOYO_MAC_FILE_OPEN] = "file::open",
33 [TOMOYO_MAC_FILE_CREATE] = "file::create",
34 [TOMOYO_MAC_FILE_UNLINK] = "file::unlink",
35 [TOMOYO_MAC_FILE_GETATTR] = "file::getattr",
36 [TOMOYO_MAC_FILE_MKDIR] = "file::mkdir",
37 [TOMOYO_MAC_FILE_RMDIR] = "file::rmdir",
38 [TOMOYO_MAC_FILE_MKFIFO] = "file::mkfifo",
39 [TOMOYO_MAC_FILE_MKSOCK] = "file::mksock",
40 [TOMOYO_MAC_FILE_TRUNCATE] = "file::truncate",
41 [TOMOYO_MAC_FILE_SYMLINK] = "file::symlink",
42 [TOMOYO_MAC_FILE_MKBLOCK] = "file::mkblock",
43 [TOMOYO_MAC_FILE_MKCHAR] = "file::mkchar",
44 [TOMOYO_MAC_FILE_LINK] = "file::link",
45 [TOMOYO_MAC_FILE_RENAME] = "file::rename",
46 [TOMOYO_MAC_FILE_CHMOD] = "file::chmod",
47 [TOMOYO_MAC_FILE_CHOWN] = "file::chown",
48 [TOMOYO_MAC_FILE_CHGRP] = "file::chgrp",
49 [TOMOYO_MAC_FILE_IOCTL] = "file::ioctl",
50 [TOMOYO_MAC_FILE_CHROOT] = "file::chroot",
51 [TOMOYO_MAC_FILE_MOUNT] = "file::mount",
52 [TOMOYO_MAC_FILE_UMOUNT] = "file::unmount",
53 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root",
54 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file",
55 };
56
57 /* String table for PREFERENCE keyword. */
58 static const char * const tomoyo_pref_keywords[TOMOYO_MAX_PREF] = {
59 [TOMOYO_PREF_MAX_AUDIT_LOG] = "max_audit_log",
60 [TOMOYO_PREF_MAX_LEARNING_ENTRY] = "max_learning_entry",
61 };
62
63 /* Permit policy management by non-root user? */
64 static bool tomoyo_manage_by_non_root;
65
66 /* Utility functions. */
67
68 /**
69 * tomoyo_yesno - Return "yes" or "no".
70 *
71 * @value: Bool value.
72 */
73 const char *tomoyo_yesno(const unsigned int value)
74 {
75 return value ? "yes" : "no";
76 }
77
78 /**
79 * tomoyo_addprintf - strncat()-like-snprintf().
80 *
81 * @buffer: Buffer to write to. Must be '\0'-terminated.
82 * @len: Size of @buffer.
83 * @fmt: The printf()'s format string, followed by parameters.
84 *
85 * Returns nothing.
86 */
87 static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...)
88 {
89 va_list args;
90 const int pos = strlen(buffer);
91 va_start(args, fmt);
92 vsnprintf(buffer + pos, len - pos - 1, fmt, args);
93 va_end(args);
94 }
95
96 /**
97 * tomoyo_flush - Flush queued string to userspace's buffer.
98 *
99 * @head: Pointer to "struct tomoyo_io_buffer".
100 *
101 * Returns true if all data was flushed, false otherwise.
102 */
103 static bool tomoyo_flush(struct tomoyo_io_buffer *head)
104 {
105 while (head->r.w_pos) {
106 const char *w = head->r.w[0];
107 int len = strlen(w);
108 if (len) {
109 if (len > head->read_user_buf_avail)
110 len = head->read_user_buf_avail;
111 if (!len)
112 return false;
113 if (copy_to_user(head->read_user_buf, w, len))
114 return false;
115 head->read_user_buf_avail -= len;
116 head->read_user_buf += len;
117 w += len;
118 }
119 head->r.w[0] = w;
120 if (*w)
121 return false;
122 /* Add '\0' for audit logs and query. */
123 if (head->poll) {
124 if (!head->read_user_buf_avail ||
125 copy_to_user(head->read_user_buf, "", 1))
126 return false;
127 head->read_user_buf_avail--;
128 head->read_user_buf++;
129 }
130 head->r.w_pos--;
131 for (len = 0; len < head->r.w_pos; len++)
132 head->r.w[len] = head->r.w[len + 1];
133 }
134 head->r.avail = 0;
135 return true;
136 }
137
138 /**
139 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure.
140 *
141 * @head: Pointer to "struct tomoyo_io_buffer".
142 * @string: String to print.
143 *
144 * Note that @string has to be kept valid until @head is kfree()d.
145 * This means that char[] allocated on stack memory cannot be passed to
146 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory.
147 */
148 static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string)
149 {
150 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) {
151 head->r.w[head->r.w_pos++] = string;
152 tomoyo_flush(head);
153 } else
154 WARN_ON(1);
155 }
156
157 /**
158 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure.
159 *
160 * @head: Pointer to "struct tomoyo_io_buffer".
161 * @fmt: The printf()'s format string, followed by parameters.
162 */
163 void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
164 {
165 va_list args;
166 int len;
167 int pos = head->r.avail;
168 int size = head->readbuf_size - pos;
169 if (size <= 0)
170 return;
171 va_start(args, fmt);
172 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
173 va_end(args);
174 if (pos + len >= head->readbuf_size) {
175 WARN_ON(1);
176 return;
177 }
178 head->r.avail += len;
179 tomoyo_set_string(head, head->read_buf + pos);
180 }
181
182 /**
183 * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure.
184 *
185 * @head: Pointer to "struct tomoyo_io_buffer".
186 *
187 * Returns nothing.
188 */
189 static void tomoyo_set_space(struct tomoyo_io_buffer *head)
190 {
191 tomoyo_set_string(head, " ");
192 }
193
194 /**
195 * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure.
196 *
197 * @head: Pointer to "struct tomoyo_io_buffer".
198 *
199 * Returns nothing.
200 */
201 static bool tomoyo_set_lf(struct tomoyo_io_buffer *head)
202 {
203 tomoyo_set_string(head, "\n");
204 return !head->r.w_pos;
205 }
206
207 /**
208 * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure.
209 *
210 * @head: Pointer to "struct tomoyo_io_buffer".
211 *
212 * Returns nothing.
213 */
214 static void tomoyo_set_slash(struct tomoyo_io_buffer *head)
215 {
216 tomoyo_set_string(head, "/");
217 }
218
219 /**
220 * tomoyo_print_name_union - Print a tomoyo_name_union.
221 *
222 * @head: Pointer to "struct tomoyo_io_buffer".
223 * @ptr: Pointer to "struct tomoyo_name_union".
224 */
225 static void tomoyo_print_name_union(struct tomoyo_io_buffer *head,
226 const struct tomoyo_name_union *ptr)
227 {
228 tomoyo_set_space(head);
229 if (ptr->group) {
230 tomoyo_set_string(head, "@");
231 tomoyo_set_string(head, ptr->group->group_name->name);
232 } else {
233 tomoyo_set_string(head, ptr->filename->name);
234 }
235 }
236
237 /**
238 * tomoyo_print_number_union - Print a tomoyo_number_union.
239 *
240 * @head: Pointer to "struct tomoyo_io_buffer".
241 * @ptr: Pointer to "struct tomoyo_number_union".
242 */
243 static void tomoyo_print_number_union(struct tomoyo_io_buffer *head,
244 const struct tomoyo_number_union *ptr)
245 {
246 tomoyo_set_space(head);
247 if (ptr->group) {
248 tomoyo_set_string(head, "@");
249 tomoyo_set_string(head, ptr->group->group_name->name);
250 } else {
251 int i;
252 unsigned long min = ptr->values[0];
253 const unsigned long max = ptr->values[1];
254 u8 min_type = ptr->value_type[0];
255 const u8 max_type = ptr->value_type[1];
256 char buffer[128];
257 buffer[0] = '\0';
258 for (i = 0; i < 2; i++) {
259 switch (min_type) {
260 case TOMOYO_VALUE_TYPE_HEXADECIMAL:
261 tomoyo_addprintf(buffer, sizeof(buffer),
262 "0x%lX", min);
263 break;
264 case TOMOYO_VALUE_TYPE_OCTAL:
265 tomoyo_addprintf(buffer, sizeof(buffer),
266 "0%lo", min);
267 break;
268 default:
269 tomoyo_addprintf(buffer, sizeof(buffer),
270 "%lu", min);
271 break;
272 }
273 if (min == max && min_type == max_type)
274 break;
275 tomoyo_addprintf(buffer, sizeof(buffer), "-");
276 min_type = max_type;
277 min = max;
278 }
279 tomoyo_io_printf(head, "%s", buffer);
280 }
281 }
282
283 /**
284 * tomoyo_assign_profile - Create a new profile.
285 *
286 * @profile: Profile number to create.
287 *
288 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
289 */
290 static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile)
291 {
292 struct tomoyo_profile *ptr;
293 struct tomoyo_profile *entry;
294 if (profile >= TOMOYO_MAX_PROFILES)
295 return NULL;
296 ptr = tomoyo_profile_ptr[profile];
297 if (ptr)
298 return ptr;
299 entry = kzalloc(sizeof(*entry), GFP_NOFS);
300 if (mutex_lock_interruptible(&tomoyo_policy_lock))
301 goto out;
302 ptr = tomoyo_profile_ptr[profile];
303 if (!ptr && tomoyo_memory_ok(entry)) {
304 ptr = entry;
305 ptr->default_config = TOMOYO_CONFIG_DISABLED |
306 TOMOYO_CONFIG_WANT_GRANT_LOG |
307 TOMOYO_CONFIG_WANT_REJECT_LOG;
308 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT,
309 sizeof(ptr->config));
310 ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] = 1024;
311 ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 2048;
312 mb(); /* Avoid out-of-order execution. */
313 tomoyo_profile_ptr[profile] = ptr;
314 entry = NULL;
315 }
316 mutex_unlock(&tomoyo_policy_lock);
317 out:
318 kfree(entry);
319 return ptr;
320 }
321
322 /**
323 * tomoyo_profile - Find a profile.
324 *
325 * @profile: Profile number to find.
326 *
327 * Returns pointer to "struct tomoyo_profile".
328 */
329 struct tomoyo_profile *tomoyo_profile(const u8 profile)
330 {
331 static struct tomoyo_profile tomoyo_null_profile;
332 struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile];
333 if (!ptr)
334 ptr = &tomoyo_null_profile;
335 return ptr;
336 }
337
338 /**
339 * tomoyo_find_yesno - Find values for specified keyword.
340 *
341 * @string: String to check.
342 * @find: Name of keyword.
343 *
344 * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise.
345 */
346 static s8 tomoyo_find_yesno(const char *string, const char *find)
347 {
348 const char *cp = strstr(string, find);
349 if (cp) {
350 cp += strlen(find);
351 if (!strncmp(cp, "=yes", 4))
352 return 1;
353 else if (!strncmp(cp, "=no", 3))
354 return 0;
355 }
356 return -1;
357 }
358
359 /**
360 * tomoyo_set_uint - Set value for specified preference.
361 *
362 * @i: Pointer to "unsigned int".
363 * @string: String to check.
364 * @find: Name of keyword.
365 *
366 * Returns nothing.
367 */
368 static void tomoyo_set_uint(unsigned int *i, const char *string,
369 const char *find)
370 {
371 const char *cp = strstr(string, find);
372 if (cp)
373 sscanf(cp + strlen(find), "=%u", i);
374 }
375
376 /**
377 * tomoyo_set_mode - Set mode for specified profile.
378 *
379 * @name: Name of functionality.
380 * @value: Mode for @name.
381 * @profile: Pointer to "struct tomoyo_profile".
382 *
383 * Returns 0 on success, negative value otherwise.
384 */
385 static int tomoyo_set_mode(char *name, const char *value,
386 struct tomoyo_profile *profile)
387 {
388 u8 i;
389 u8 config;
390 if (!strcmp(name, "CONFIG")) {
391 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX;
392 config = profile->default_config;
393 } else if (tomoyo_str_starts(&name, "CONFIG::")) {
394 config = 0;
395 for (i = 0; i < TOMOYO_MAX_MAC_INDEX
396 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) {
397 if (strcmp(name, tomoyo_mac_keywords[i]))
398 continue;
399 config = profile->config[i];
400 break;
401 }
402 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
403 return -EINVAL;
404 } else {
405 return -EINVAL;
406 }
407 if (strstr(value, "use_default")) {
408 config = TOMOYO_CONFIG_USE_DEFAULT;
409 } else {
410 u8 mode;
411 for (mode = 0; mode < 4; mode++)
412 if (strstr(value, tomoyo_mode[mode]))
413 /*
414 * Update lower 3 bits in order to distinguish
415 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
416 */
417 config = (config & ~7) | mode;
418 if (config != TOMOYO_CONFIG_USE_DEFAULT) {
419 switch (tomoyo_find_yesno(value, "grant_log")) {
420 case 1:
421 config |= TOMOYO_CONFIG_WANT_GRANT_LOG;
422 break;
423 case 0:
424 config &= ~TOMOYO_CONFIG_WANT_GRANT_LOG;
425 break;
426 }
427 switch (tomoyo_find_yesno(value, "reject_log")) {
428 case 1:
429 config |= TOMOYO_CONFIG_WANT_REJECT_LOG;
430 break;
431 case 0:
432 config &= ~TOMOYO_CONFIG_WANT_REJECT_LOG;
433 break;
434 }
435 }
436 }
437 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
438 profile->config[i] = config;
439 else if (config != TOMOYO_CONFIG_USE_DEFAULT)
440 profile->default_config = config;
441 return 0;
442 }
443
444 /**
445 * tomoyo_write_profile - Write profile table.
446 *
447 * @head: Pointer to "struct tomoyo_io_buffer".
448 *
449 * Returns 0 on success, negative value otherwise.
450 */
451 static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
452 {
453 char *data = head->write_buf;
454 unsigned int i;
455 char *cp;
456 struct tomoyo_profile *profile;
457 if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1)
458 return 0;
459 i = simple_strtoul(data, &cp, 10);
460 if (*cp != '-')
461 return -EINVAL;
462 data = cp + 1;
463 profile = tomoyo_assign_profile(i);
464 if (!profile)
465 return -EINVAL;
466 cp = strchr(data, '=');
467 if (!cp)
468 return -EINVAL;
469 *cp++ = '\0';
470 if (!strcmp(data, "COMMENT")) {
471 static DEFINE_SPINLOCK(lock);
472 const struct tomoyo_path_info *new_comment
473 = tomoyo_get_name(cp);
474 const struct tomoyo_path_info *old_comment;
475 if (!new_comment)
476 return -ENOMEM;
477 spin_lock(&lock);
478 old_comment = profile->comment;
479 profile->comment = new_comment;
480 spin_unlock(&lock);
481 tomoyo_put_name(old_comment);
482 return 0;
483 }
484 if (!strcmp(data, "PREFERENCE")) {
485 for (i = 0; i < TOMOYO_MAX_PREF; i++)
486 tomoyo_set_uint(&profile->pref[i], cp,
487 tomoyo_pref_keywords[i]);
488 return 0;
489 }
490 return tomoyo_set_mode(data, cp, profile);
491 }
492
493 /**
494 * tomoyo_print_config - Print mode for specified functionality.
495 *
496 * @head: Pointer to "struct tomoyo_io_buffer".
497 * @config: Mode for that functionality.
498 *
499 * Returns nothing.
500 *
501 * Caller prints functionality's name.
502 */
503 static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config)
504 {
505 tomoyo_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n",
506 tomoyo_mode[config & 3],
507 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_GRANT_LOG),
508 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_REJECT_LOG));
509 }
510
511 /**
512 * tomoyo_read_profile - Read profile table.
513 *
514 * @head: Pointer to "struct tomoyo_io_buffer".
515 *
516 * Returns nothing.
517 */
518 static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
519 {
520 u8 index;
521 const struct tomoyo_profile *profile;
522 next:
523 index = head->r.index;
524 profile = tomoyo_profile_ptr[index];
525 switch (head->r.step) {
526 case 0:
527 tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", 20090903);
528 head->r.step++;
529 break;
530 case 1:
531 for ( ; head->r.index < TOMOYO_MAX_PROFILES;
532 head->r.index++)
533 if (tomoyo_profile_ptr[head->r.index])
534 break;
535 if (head->r.index == TOMOYO_MAX_PROFILES)
536 return;
537 head->r.step++;
538 break;
539 case 2:
540 {
541 u8 i;
542 const struct tomoyo_path_info *comment =
543 profile->comment;
544 tomoyo_io_printf(head, "%u-COMMENT=", index);
545 tomoyo_set_string(head, comment ? comment->name : "");
546 tomoyo_set_lf(head);
547 tomoyo_io_printf(head, "%u-PREFERENCE={ ", index);
548 for (i = 0; i < TOMOYO_MAX_PREF; i++)
549 tomoyo_io_printf(head, "%s=%u ",
550 tomoyo_pref_keywords[i],
551 profile->pref[i]);
552 tomoyo_set_string(head, "}\n");
553 head->r.step++;
554 }
555 break;
556 case 3:
557 {
558 tomoyo_io_printf(head, "%u-%s", index, "CONFIG");
559 tomoyo_print_config(head, profile->default_config);
560 head->r.bit = 0;
561 head->r.step++;
562 }
563 break;
564 case 4:
565 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX
566 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
567 const u8 i = head->r.bit;
568 const u8 config = profile->config[i];
569 if (config == TOMOYO_CONFIG_USE_DEFAULT)
570 continue;
571 tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::",
572 tomoyo_mac_keywords[i]);
573 tomoyo_print_config(head, config);
574 head->r.bit++;
575 break;
576 }
577 if (head->r.bit == TOMOYO_MAX_MAC_INDEX
578 + TOMOYO_MAX_MAC_CATEGORY_INDEX) {
579 head->r.index++;
580 head->r.step = 1;
581 }
582 break;
583 }
584 if (tomoyo_flush(head))
585 goto next;
586 }
587
588 static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
589 const struct tomoyo_acl_head *b)
590 {
591 return container_of(a, struct tomoyo_manager, head)->manager ==
592 container_of(b, struct tomoyo_manager, head)->manager;
593 }
594
595 /**
596 * tomoyo_update_manager_entry - Add a manager entry.
597 *
598 * @manager: The path to manager or the domainnamme.
599 * @is_delete: True if it is a delete request.
600 *
601 * Returns 0 on success, negative value otherwise.
602 *
603 * Caller holds tomoyo_read_lock().
604 */
605 static int tomoyo_update_manager_entry(const char *manager,
606 const bool is_delete)
607 {
608 struct tomoyo_manager e = { };
609 struct tomoyo_acl_param param = {
610 .is_delete = is_delete,
611 .list = &tomoyo_policy_list[TOMOYO_ID_MANAGER],
612 };
613 int error = is_delete ? -ENOENT : -ENOMEM;
614 if (tomoyo_domain_def(manager)) {
615 if (!tomoyo_correct_domain(manager))
616 return -EINVAL;
617 e.is_domain = true;
618 } else {
619 if (!tomoyo_correct_path(manager))
620 return -EINVAL;
621 }
622 e.manager = tomoyo_get_name(manager);
623 if (e.manager) {
624 error = tomoyo_update_policy(&e.head, sizeof(e), &param,
625 tomoyo_same_manager);
626 tomoyo_put_name(e.manager);
627 }
628 return error;
629 }
630
631 /**
632 * tomoyo_write_manager - Write manager policy.
633 *
634 * @head: Pointer to "struct tomoyo_io_buffer".
635 *
636 * Returns 0 on success, negative value otherwise.
637 *
638 * Caller holds tomoyo_read_lock().
639 */
640 static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
641 {
642 char *data = head->write_buf;
643 bool is_delete = tomoyo_str_starts(&data, "delete ");
644
645 if (!strcmp(data, "manage_by_non_root")) {
646 tomoyo_manage_by_non_root = !is_delete;
647 return 0;
648 }
649 return tomoyo_update_manager_entry(data, is_delete);
650 }
651
652 /**
653 * tomoyo_read_manager - Read manager policy.
654 *
655 * @head: Pointer to "struct tomoyo_io_buffer".
656 *
657 * Caller holds tomoyo_read_lock().
658 */
659 static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
660 {
661 if (head->r.eof)
662 return;
663 list_for_each_cookie(head->r.acl,
664 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
665 struct tomoyo_manager *ptr =
666 list_entry(head->r.acl, typeof(*ptr), head.list);
667 if (ptr->head.is_deleted)
668 continue;
669 if (!tomoyo_flush(head))
670 return;
671 tomoyo_set_string(head, ptr->manager->name);
672 tomoyo_set_lf(head);
673 }
674 head->r.eof = true;
675 }
676
677 /**
678 * tomoyo_manager - Check whether the current process is a policy manager.
679 *
680 * Returns true if the current process is permitted to modify policy
681 * via /sys/kernel/security/tomoyo/ interface.
682 *
683 * Caller holds tomoyo_read_lock().
684 */
685 static bool tomoyo_manager(void)
686 {
687 struct tomoyo_manager *ptr;
688 const char *exe;
689 const struct task_struct *task = current;
690 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
691 bool found = false;
692
693 if (!tomoyo_policy_loaded)
694 return true;
695 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
696 return false;
697 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
698 head.list) {
699 if (!ptr->head.is_deleted && ptr->is_domain
700 && !tomoyo_pathcmp(domainname, ptr->manager)) {
701 found = true;
702 break;
703 }
704 }
705 if (found)
706 return true;
707 exe = tomoyo_get_exe();
708 if (!exe)
709 return false;
710 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
711 head.list) {
712 if (!ptr->head.is_deleted && !ptr->is_domain
713 && !strcmp(exe, ptr->manager->name)) {
714 found = true;
715 break;
716 }
717 }
718 if (!found) { /* Reduce error messages. */
719 static pid_t last_pid;
720 const pid_t pid = current->pid;
721 if (last_pid != pid) {
722 printk(KERN_WARNING "%s ( %s ) is not permitted to "
723 "update policies.\n", domainname->name, exe);
724 last_pid = pid;
725 }
726 }
727 kfree(exe);
728 return found;
729 }
730
731 /**
732 * tomoyo_select_one - Parse select command.
733 *
734 * @head: Pointer to "struct tomoyo_io_buffer".
735 * @data: String to parse.
736 *
737 * Returns true on success, false otherwise.
738 *
739 * Caller holds tomoyo_read_lock().
740 */
741 static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data)
742 {
743 unsigned int pid;
744 struct tomoyo_domain_info *domain = NULL;
745 bool global_pid = false;
746
747 if (!strcmp(data, "allow_execute")) {
748 head->r.print_execute_only = true;
749 return true;
750 }
751 if (sscanf(data, "pid=%u", &pid) == 1 ||
752 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
753 struct task_struct *p;
754 rcu_read_lock();
755 read_lock(&tasklist_lock);
756 if (global_pid)
757 p = find_task_by_pid_ns(pid, &init_pid_ns);
758 else
759 p = find_task_by_vpid(pid);
760 if (p)
761 domain = tomoyo_real_domain(p);
762 read_unlock(&tasklist_lock);
763 rcu_read_unlock();
764 } else if (!strncmp(data, "domain=", 7)) {
765 if (tomoyo_domain_def(data + 7))
766 domain = tomoyo_find_domain(data + 7);
767 } else
768 return false;
769 head->w.domain = domain;
770 /* Accessing read_buf is safe because head->io_sem is held. */
771 if (!head->read_buf)
772 return true; /* Do nothing if open(O_WRONLY). */
773 memset(&head->r, 0, sizeof(head->r));
774 head->r.print_this_domain_only = true;
775 if (domain)
776 head->r.domain = &domain->list;
777 else
778 head->r.eof = 1;
779 tomoyo_io_printf(head, "# select %s\n", data);
780 if (domain && domain->is_deleted)
781 tomoyo_io_printf(head, "# This is a deleted domain.\n");
782 return true;
783 }
784
785 /**
786 * tomoyo_delete_domain - Delete a domain.
787 *
788 * @domainname: The name of domain.
789 *
790 * Returns 0.
791 *
792 * Caller holds tomoyo_read_lock().
793 */
794 static int tomoyo_delete_domain(char *domainname)
795 {
796 struct tomoyo_domain_info *domain;
797 struct tomoyo_path_info name;
798
799 name.name = domainname;
800 tomoyo_fill_path_info(&name);
801 if (mutex_lock_interruptible(&tomoyo_policy_lock))
802 return 0;
803 /* Is there an active domain? */
804 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
805 /* Never delete tomoyo_kernel_domain */
806 if (domain == &tomoyo_kernel_domain)
807 continue;
808 if (domain->is_deleted ||
809 tomoyo_pathcmp(domain->domainname, &name))
810 continue;
811 domain->is_deleted = true;
812 break;
813 }
814 mutex_unlock(&tomoyo_policy_lock);
815 return 0;
816 }
817
818 /**
819 * tomoyo_write_domain2 - Write domain policy.
820 *
821 * @list: Pointer to "struct list_head".
822 * @data: Policy to be interpreted.
823 * @is_delete: True if it is a delete request.
824 *
825 * Returns 0 on success, negative value otherwise.
826 *
827 * Caller holds tomoyo_read_lock().
828 */
829 static int tomoyo_write_domain2(struct list_head *list, char *data,
830 const bool is_delete)
831 {
832 struct tomoyo_acl_param param = {
833 .list = list,
834 .data = data,
835 .is_delete = is_delete,
836 };
837 static const struct {
838 const char *keyword;
839 int (*write) (struct tomoyo_acl_param *);
840 } tomoyo_callback[1] = {
841 { "file ", tomoyo_write_file },
842 };
843 u8 i;
844 for (i = 0; i < 1; i++) {
845 if (!tomoyo_str_starts(&param.data,
846 tomoyo_callback[i].keyword))
847 continue;
848 return tomoyo_callback[i].write(&param);
849 }
850 return -EINVAL;
851 }
852
853 /**
854 * tomoyo_write_domain - Write domain policy.
855 *
856 * @head: Pointer to "struct tomoyo_io_buffer".
857 *
858 * Returns 0 on success, negative value otherwise.
859 *
860 * Caller holds tomoyo_read_lock().
861 */
862 static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
863 {
864 char *data = head->write_buf;
865 struct tomoyo_domain_info *domain = head->w.domain;
866 bool is_delete = false;
867 bool is_select = false;
868 unsigned int profile;
869
870 if (tomoyo_str_starts(&data, "delete "))
871 is_delete = true;
872 else if (tomoyo_str_starts(&data, "select "))
873 is_select = true;
874 if (is_select && tomoyo_select_one(head, data))
875 return 0;
876 /* Don't allow updating policies by non manager programs. */
877 if (!tomoyo_manager())
878 return -EPERM;
879 if (tomoyo_domain_def(data)) {
880 domain = NULL;
881 if (is_delete)
882 tomoyo_delete_domain(data);
883 else if (is_select)
884 domain = tomoyo_find_domain(data);
885 else
886 domain = tomoyo_assign_domain(data, 0);
887 head->w.domain = domain;
888 return 0;
889 }
890 if (!domain)
891 return -EINVAL;
892
893 if (sscanf(data, "use_profile %u", &profile) == 1
894 && profile < TOMOYO_MAX_PROFILES) {
895 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)
896 domain->profile = (u8) profile;
897 return 0;
898 }
899 if (sscanf(data, "use_group %u\n", &profile) == 1
900 && profile < TOMOYO_MAX_ACL_GROUPS) {
901 if (!is_delete)
902 domain->group = (u8) profile;
903 return 0;
904 }
905 if (!strcmp(data, "quota_exceeded")) {
906 domain->quota_warned = !is_delete;
907 return 0;
908 }
909 if (!strcmp(data, "transition_failed")) {
910 domain->transition_failed = !is_delete;
911 return 0;
912 }
913 return tomoyo_write_domain2(&domain->acl_info_list, data, is_delete);
914 }
915
916 /**
917 * tomoyo_set_group - Print "acl_group " header keyword and category name.
918 *
919 * @head: Pointer to "struct tomoyo_io_buffer".
920 * @category: Category name.
921 *
922 * Returns nothing.
923 */
924 static void tomoyo_set_group(struct tomoyo_io_buffer *head,
925 const char *category)
926 {
927 if (head->type == TOMOYO_EXCEPTIONPOLICY)
928 tomoyo_io_printf(head, "acl_group %u ",
929 head->r.acl_group_index);
930 tomoyo_set_string(head, category);
931 }
932
933 /**
934 * tomoyo_print_entry - Print an ACL entry.
935 *
936 * @head: Pointer to "struct tomoyo_io_buffer".
937 * @acl: Pointer to an ACL entry.
938 *
939 * Returns true on success, false otherwise.
940 */
941 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
942 struct tomoyo_acl_info *acl)
943 {
944 const u8 acl_type = acl->type;
945 bool first = true;
946 u8 bit;
947
948 if (acl->is_deleted)
949 return true;
950 if (!tomoyo_flush(head))
951 return false;
952 else if (acl_type == TOMOYO_TYPE_PATH_ACL) {
953 struct tomoyo_path_acl *ptr =
954 container_of(acl, typeof(*ptr), head);
955 const u16 perm = ptr->perm;
956 for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
957 if (!(perm & (1 << bit)))
958 continue;
959 if (head->r.print_execute_only &&
960 bit != TOMOYO_TYPE_EXECUTE)
961 continue;
962 if (first) {
963 tomoyo_set_group(head, "file ");
964 first = false;
965 } else {
966 tomoyo_set_slash(head);
967 }
968 tomoyo_set_string(head, tomoyo_path_keyword[bit]);
969 }
970 if (first)
971 return true;
972 tomoyo_print_name_union(head, &ptr->name);
973 } else if (head->r.print_execute_only) {
974 return true;
975 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
976 struct tomoyo_path2_acl *ptr =
977 container_of(acl, typeof(*ptr), head);
978 const u8 perm = ptr->perm;
979 for (bit = 0; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) {
980 if (!(perm & (1 << bit)))
981 continue;
982 if (first) {
983 tomoyo_set_group(head, "file ");
984 first = false;
985 } else {
986 tomoyo_set_slash(head);
987 }
988 tomoyo_set_string(head, tomoyo_mac_keywords
989 [tomoyo_pp2mac[bit]]);
990 }
991 if (first)
992 return true;
993 tomoyo_print_name_union(head, &ptr->name1);
994 tomoyo_print_name_union(head, &ptr->name2);
995 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) {
996 struct tomoyo_path_number_acl *ptr =
997 container_of(acl, typeof(*ptr), head);
998 const u8 perm = ptr->perm;
999 for (bit = 0; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; bit++) {
1000 if (!(perm & (1 << bit)))
1001 continue;
1002 if (first) {
1003 tomoyo_set_group(head, "file ");
1004 first = false;
1005 } else {
1006 tomoyo_set_slash(head);
1007 }
1008 tomoyo_set_string(head, tomoyo_mac_keywords
1009 [tomoyo_pn2mac[bit]]);
1010 }
1011 if (first)
1012 return true;
1013 tomoyo_print_name_union(head, &ptr->name);
1014 tomoyo_print_number_union(head, &ptr->number);
1015 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
1016 struct tomoyo_mkdev_acl *ptr =
1017 container_of(acl, typeof(*ptr), head);
1018 const u8 perm = ptr->perm;
1019 for (bit = 0; bit < TOMOYO_MAX_MKDEV_OPERATION; bit++) {
1020 if (!(perm & (1 << bit)))
1021 continue;
1022 if (first) {
1023 tomoyo_set_group(head, "file ");
1024 first = false;
1025 } else {
1026 tomoyo_set_slash(head);
1027 }
1028 tomoyo_set_string(head, tomoyo_mac_keywords
1029 [tomoyo_pnnn2mac[bit]]);
1030 }
1031 if (first)
1032 return true;
1033 tomoyo_print_name_union(head, &ptr->name);
1034 tomoyo_print_number_union(head, &ptr->mode);
1035 tomoyo_print_number_union(head, &ptr->major);
1036 tomoyo_print_number_union(head, &ptr->minor);
1037 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
1038 struct tomoyo_mount_acl *ptr =
1039 container_of(acl, typeof(*ptr), head);
1040 tomoyo_set_group(head, "file mount");
1041 tomoyo_print_name_union(head, &ptr->dev_name);
1042 tomoyo_print_name_union(head, &ptr->dir_name);
1043 tomoyo_print_name_union(head, &ptr->fs_type);
1044 tomoyo_print_number_union(head, &ptr->flags);
1045 }
1046 tomoyo_set_lf(head);
1047 return true;
1048 }
1049
1050 /**
1051 * tomoyo_read_domain2 - Read domain policy.
1052 *
1053 * @head: Pointer to "struct tomoyo_io_buffer".
1054 * @list: Pointer to "struct list_head".
1055 *
1056 * Caller holds tomoyo_read_lock().
1057 *
1058 * Returns true on success, false otherwise.
1059 */
1060 static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head,
1061 struct list_head *list)
1062 {
1063 list_for_each_cookie(head->r.acl, list) {
1064 struct tomoyo_acl_info *ptr =
1065 list_entry(head->r.acl, typeof(*ptr), list);
1066 if (!tomoyo_print_entry(head, ptr))
1067 return false;
1068 }
1069 head->r.acl = NULL;
1070 return true;
1071 }
1072
1073 /**
1074 * tomoyo_read_domain - Read domain policy.
1075 *
1076 * @head: Pointer to "struct tomoyo_io_buffer".
1077 *
1078 * Caller holds tomoyo_read_lock().
1079 */
1080 static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1081 {
1082 if (head->r.eof)
1083 return;
1084 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1085 struct tomoyo_domain_info *domain =
1086 list_entry(head->r.domain, typeof(*domain), list);
1087 switch (head->r.step) {
1088 case 0:
1089 if (domain->is_deleted &&
1090 !head->r.print_this_domain_only)
1091 continue;
1092 /* Print domainname and flags. */
1093 tomoyo_set_string(head, domain->domainname->name);
1094 tomoyo_set_lf(head);
1095 tomoyo_io_printf(head, "use_profile %u\n",
1096 domain->profile);
1097 tomoyo_io_printf(head, "use_group %u\n",
1098 domain->group);
1099 if (domain->quota_warned)
1100 tomoyo_set_string(head, "quota_exceeded\n");
1101 if (domain->transition_failed)
1102 tomoyo_set_string(head, "transition_failed\n");
1103 head->r.step++;
1104 tomoyo_set_lf(head);
1105 /* fall through */
1106 case 1:
1107 if (!tomoyo_read_domain2(head, &domain->acl_info_list))
1108 return;
1109 head->r.step++;
1110 if (!tomoyo_set_lf(head))
1111 return;
1112 /* fall through */
1113 case 2:
1114 head->r.step = 0;
1115 if (head->r.print_this_domain_only)
1116 goto done;
1117 }
1118 }
1119 done:
1120 head->r.eof = true;
1121 }
1122
1123 /**
1124 * tomoyo_write_domain_profile - Assign profile for specified domain.
1125 *
1126 * @head: Pointer to "struct tomoyo_io_buffer".
1127 *
1128 * Returns 0 on success, -EINVAL otherwise.
1129 *
1130 * This is equivalent to doing
1131 *
1132 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1133 * /usr/sbin/tomoyo-loadpolicy -d
1134 *
1135 * Caller holds tomoyo_read_lock().
1136 */
1137 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1138 {
1139 char *data = head->write_buf;
1140 char *cp = strchr(data, ' ');
1141 struct tomoyo_domain_info *domain;
1142 unsigned long profile;
1143
1144 if (!cp)
1145 return -EINVAL;
1146 *cp = '\0';
1147 domain = tomoyo_find_domain(cp + 1);
1148 if (strict_strtoul(data, 10, &profile))
1149 return -EINVAL;
1150 if (domain && profile < TOMOYO_MAX_PROFILES
1151 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded))
1152 domain->profile = (u8) profile;
1153 return 0;
1154 }
1155
1156 /**
1157 * tomoyo_read_domain_profile - Read only domainname and profile.
1158 *
1159 * @head: Pointer to "struct tomoyo_io_buffer".
1160 *
1161 * Returns list of profile number and domainname pairs.
1162 *
1163 * This is equivalent to doing
1164 *
1165 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1166 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1167 * domainname = $0; } else if ( $1 == "use_profile" ) {
1168 * print $2 " " domainname; domainname = ""; } } ; '
1169 *
1170 * Caller holds tomoyo_read_lock().
1171 */
1172 static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1173 {
1174 if (head->r.eof)
1175 return;
1176 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1177 struct tomoyo_domain_info *domain =
1178 list_entry(head->r.domain, typeof(*domain), list);
1179 if (domain->is_deleted)
1180 continue;
1181 if (!tomoyo_flush(head))
1182 return;
1183 tomoyo_io_printf(head, "%u ", domain->profile);
1184 tomoyo_set_string(head, domain->domainname->name);
1185 tomoyo_set_lf(head);
1186 }
1187 head->r.eof = true;
1188 }
1189
1190 /**
1191 * tomoyo_write_pid: Specify PID to obtain domainname.
1192 *
1193 * @head: Pointer to "struct tomoyo_io_buffer".
1194 *
1195 * Returns 0.
1196 */
1197 static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1198 {
1199 head->r.eof = false;
1200 return 0;
1201 }
1202
1203 /**
1204 * tomoyo_read_pid - Get domainname of the specified PID.
1205 *
1206 * @head: Pointer to "struct tomoyo_io_buffer".
1207 *
1208 * Returns the domainname which the specified PID is in on success,
1209 * empty string otherwise.
1210 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1211 * using read()/write() interface rather than sysctl() interface.
1212 */
1213 static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
1214 {
1215 char *buf = head->write_buf;
1216 bool global_pid = false;
1217 unsigned int pid;
1218 struct task_struct *p;
1219 struct tomoyo_domain_info *domain = NULL;
1220
1221 /* Accessing write_buf is safe because head->io_sem is held. */
1222 if (!buf) {
1223 head->r.eof = true;
1224 return; /* Do nothing if open(O_RDONLY). */
1225 }
1226 if (head->r.w_pos || head->r.eof)
1227 return;
1228 head->r.eof = true;
1229 if (tomoyo_str_starts(&buf, "global-pid "))
1230 global_pid = true;
1231 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1232 rcu_read_lock();
1233 read_lock(&tasklist_lock);
1234 if (global_pid)
1235 p = find_task_by_pid_ns(pid, &init_pid_ns);
1236 else
1237 p = find_task_by_vpid(pid);
1238 if (p)
1239 domain = tomoyo_real_domain(p);
1240 read_unlock(&tasklist_lock);
1241 rcu_read_unlock();
1242 if (!domain)
1243 return;
1244 tomoyo_io_printf(head, "%u %u ", pid, domain->profile);
1245 tomoyo_set_string(head, domain->domainname->name);
1246 }
1247
1248 static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1249 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain",
1250 [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain",
1251 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain",
1252 [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain",
1253 };
1254
1255 static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1256 [TOMOYO_PATH_GROUP] = "path_group ",
1257 [TOMOYO_NUMBER_GROUP] = "number_group ",
1258 };
1259
1260 /**
1261 * tomoyo_write_exception - Write exception policy.
1262 *
1263 * @head: Pointer to "struct tomoyo_io_buffer".
1264 *
1265 * Returns 0 on success, negative value otherwise.
1266 *
1267 * Caller holds tomoyo_read_lock().
1268 */
1269 static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1270 {
1271 struct tomoyo_acl_param param = {
1272 .data = head->write_buf,
1273 };
1274 u8 i;
1275 param.is_delete = tomoyo_str_starts(&param.data, "delete ");
1276 if (!param.is_delete && tomoyo_str_starts(&param.data, "select ") &&
1277 !strcmp(param.data, "execute_only")) {
1278 head->r.print_execute_only = true;
1279 return 0;
1280 }
1281 /* Don't allow updating policies by non manager programs. */
1282 if (!tomoyo_manager())
1283 return -EPERM;
1284 if (tomoyo_str_starts(&param.data, "aggregator "))
1285 return tomoyo_write_aggregator(&param);
1286 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1287 if (tomoyo_str_starts(&param.data, tomoyo_transition_type[i]))
1288 return tomoyo_write_transition_control(&param, i);
1289 for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1290 if (tomoyo_str_starts(&param.data, tomoyo_group_name[i]))
1291 return tomoyo_write_group(&param, i);
1292 if (tomoyo_str_starts(&param.data, "acl_group ")) {
1293 unsigned int group;
1294 char *data;
1295 group = simple_strtoul(param.data, &data, 10);
1296 if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ')
1297 return tomoyo_write_domain2(&tomoyo_acl_group[group],
1298 data, param.is_delete);
1299 }
1300 return -EINVAL;
1301 }
1302
1303 /**
1304 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1305 *
1306 * @head: Pointer to "struct tomoyo_io_buffer".
1307 * @idx: Index number.
1308 *
1309 * Returns true on success, false otherwise.
1310 *
1311 * Caller holds tomoyo_read_lock().
1312 */
1313 static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1314 {
1315 list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) {
1316 struct tomoyo_group *group =
1317 list_entry(head->r.group, typeof(*group), head.list);
1318 list_for_each_cookie(head->r.acl, &group->member_list) {
1319 struct tomoyo_acl_head *ptr =
1320 list_entry(head->r.acl, typeof(*ptr), list);
1321 if (ptr->is_deleted)
1322 continue;
1323 if (!tomoyo_flush(head))
1324 return false;
1325 tomoyo_set_string(head, tomoyo_group_name[idx]);
1326 tomoyo_set_string(head, group->group_name->name);
1327 if (idx == TOMOYO_PATH_GROUP) {
1328 tomoyo_set_space(head);
1329 tomoyo_set_string(head, container_of
1330 (ptr, struct tomoyo_path_group,
1331 head)->member_name->name);
1332 } else if (idx == TOMOYO_NUMBER_GROUP) {
1333 tomoyo_print_number_union(head, &container_of
1334 (ptr,
1335 struct tomoyo_number_group,
1336 head)->number);
1337 }
1338 tomoyo_set_lf(head);
1339 }
1340 head->r.acl = NULL;
1341 }
1342 head->r.group = NULL;
1343 return true;
1344 }
1345
1346 /**
1347 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
1348 *
1349 * @head: Pointer to "struct tomoyo_io_buffer".
1350 * @idx: Index number.
1351 *
1352 * Returns true on success, false otherwise.
1353 *
1354 * Caller holds tomoyo_read_lock().
1355 */
1356 static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1357 {
1358 list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) {
1359 struct tomoyo_acl_head *acl =
1360 container_of(head->r.acl, typeof(*acl), list);
1361 if (acl->is_deleted)
1362 continue;
1363 if (!tomoyo_flush(head))
1364 return false;
1365 switch (idx) {
1366 case TOMOYO_ID_TRANSITION_CONTROL:
1367 {
1368 struct tomoyo_transition_control *ptr =
1369 container_of(acl, typeof(*ptr), head);
1370 tomoyo_set_string(head, tomoyo_transition_type
1371 [ptr->type]);
1372 tomoyo_set_string(head, ptr->program ?
1373 ptr->program->name : "any");
1374 tomoyo_set_string(head, " from ");
1375 tomoyo_set_string(head, ptr->domainname ?
1376 ptr->domainname->name :
1377 "any");
1378 }
1379 break;
1380 case TOMOYO_ID_AGGREGATOR:
1381 {
1382 struct tomoyo_aggregator *ptr =
1383 container_of(acl, typeof(*ptr), head);
1384 tomoyo_set_string(head, "aggregator ");
1385 tomoyo_set_string(head,
1386 ptr->original_name->name);
1387 tomoyo_set_space(head);
1388 tomoyo_set_string(head,
1389 ptr->aggregated_name->name);
1390 }
1391 break;
1392 default:
1393 continue;
1394 }
1395 tomoyo_set_lf(head);
1396 }
1397 head->r.acl = NULL;
1398 return true;
1399 }
1400
1401 /**
1402 * tomoyo_read_exception - Read exception policy.
1403 *
1404 * @head: Pointer to "struct tomoyo_io_buffer".
1405 *
1406 * Caller holds tomoyo_read_lock().
1407 */
1408 static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
1409 {
1410 if (head->r.eof)
1411 return;
1412 while (head->r.step < TOMOYO_MAX_POLICY &&
1413 tomoyo_read_policy(head, head->r.step))
1414 head->r.step++;
1415 if (head->r.step < TOMOYO_MAX_POLICY)
1416 return;
1417 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
1418 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY))
1419 head->r.step++;
1420 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
1421 return;
1422 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP
1423 + TOMOYO_MAX_ACL_GROUPS) {
1424 head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY
1425 - TOMOYO_MAX_GROUP;
1426 if (!tomoyo_read_domain2(head, &tomoyo_acl_group
1427 [head->r.acl_group_index]))
1428 return;
1429 head->r.step++;
1430 }
1431 head->r.eof = true;
1432 }
1433
1434 /* Wait queue for kernel -> userspace notification. */
1435 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait);
1436 /* Wait queue for userspace -> kernel notification. */
1437 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait);
1438
1439 /* Structure for query. */
1440 struct tomoyo_query {
1441 struct list_head list;
1442 char *query;
1443 size_t query_len;
1444 unsigned int serial;
1445 u8 timer;
1446 u8 answer;
1447 u8 retry;
1448 };
1449
1450 /* The list for "struct tomoyo_query". */
1451 static LIST_HEAD(tomoyo_query_list);
1452
1453 /* Lock for manipulating tomoyo_query_list. */
1454 static DEFINE_SPINLOCK(tomoyo_query_list_lock);
1455
1456 /*
1457 * Number of "struct file" referring /sys/kernel/security/tomoyo/query
1458 * interface.
1459 */
1460 static atomic_t tomoyo_query_observers = ATOMIC_INIT(0);
1461
1462 /**
1463 * tomoyo_add_entry - Add an ACL to current thread's domain. Used by learning mode.
1464 *
1465 * @domain: Pointer to "struct tomoyo_domain_info".
1466 * @header: Lines containing ACL.
1467 *
1468 * Returns nothing.
1469 */
1470 static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header)
1471 {
1472 char *buffer;
1473 char *cp = strchr(header, '\n');
1474 int len;
1475 if (!cp)
1476 return;
1477 cp = strchr(cp + 1, '\n');
1478 if (!cp)
1479 return;
1480 *cp++ = '\0';
1481 len = strlen(cp) + 1;
1482 buffer = kmalloc(len, GFP_NOFS);
1483 if (!buffer)
1484 return;
1485 snprintf(buffer, len - 1, "%s", cp);
1486 tomoyo_normalize_line(buffer);
1487 tomoyo_write_domain2(&domain->acl_info_list, buffer, false);
1488 kfree(buffer);
1489 }
1490
1491 /**
1492 * tomoyo_supervisor - Ask for the supervisor's decision.
1493 *
1494 * @r: Pointer to "struct tomoyo_request_info".
1495 * @fmt: The printf()'s format string, followed by parameters.
1496 *
1497 * Returns 0 if the supervisor decided to permit the access request which
1498 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the
1499 * supervisor decided to retry the access request which violated the policy in
1500 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise.
1501 */
1502 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1503 {
1504 va_list args;
1505 int error;
1506 int len;
1507 static unsigned int tomoyo_serial;
1508 struct tomoyo_query entry = { };
1509 bool quota_exceeded = false;
1510 va_start(args, fmt);
1511 len = vsnprintf((char *) &len, 1, fmt, args) + 1;
1512 va_end(args);
1513 /* Write /sys/kernel/security/tomoyo/audit. */
1514 va_start(args, fmt);
1515 tomoyo_write_log2(r, len, fmt, args);
1516 va_end(args);
1517 /* Nothing more to do if granted. */
1518 if (r->granted)
1519 return 0;
1520 switch (r->mode) {
1521 case TOMOYO_CONFIG_ENFORCING:
1522 error = -EPERM;
1523 if (atomic_read(&tomoyo_query_observers))
1524 break;
1525 goto out;
1526 case TOMOYO_CONFIG_LEARNING:
1527 error = 0;
1528 /* Check max_learning_entry parameter. */
1529 if (tomoyo_domain_quota_is_ok(r))
1530 break;
1531 /* fall through */
1532 default:
1533 return 0;
1534 }
1535 /* Get message. */
1536 va_start(args, fmt);
1537 entry.query = tomoyo_init_log(r, len, fmt, args);
1538 va_end(args);
1539 if (!entry.query)
1540 goto out;
1541 entry.query_len = strlen(entry.query) + 1;
1542 if (!error) {
1543 tomoyo_add_entry(r->domain, entry.query);
1544 goto out;
1545 }
1546 len = tomoyo_round2(entry.query_len);
1547 spin_lock(&tomoyo_query_list_lock);
1548 if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] &&
1549 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len
1550 >= tomoyo_memory_quota[TOMOYO_MEMORY_QUERY]) {
1551 quota_exceeded = true;
1552 } else {
1553 entry.serial = tomoyo_serial++;
1554 entry.retry = r->retry;
1555 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] += len;
1556 list_add_tail(&entry.list, &tomoyo_query_list);
1557 }
1558 spin_unlock(&tomoyo_query_list_lock);
1559 if (quota_exceeded)
1560 goto out;
1561 /* Give 10 seconds for supervisor's opinion. */
1562 while (entry.timer < 10) {
1563 wake_up_all(&tomoyo_query_wait);
1564 if (wait_event_interruptible_timeout
1565 (tomoyo_answer_wait, entry.answer ||
1566 !atomic_read(&tomoyo_query_observers), HZ))
1567 break;
1568 else
1569 entry.timer++;
1570 }
1571 spin_lock(&tomoyo_query_list_lock);
1572 list_del(&entry.list);
1573 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] -= len;
1574 spin_unlock(&tomoyo_query_list_lock);
1575 switch (entry.answer) {
1576 case 3: /* Asked to retry by administrator. */
1577 error = TOMOYO_RETRY_REQUEST;
1578 r->retry++;
1579 break;
1580 case 1:
1581 /* Granted by administrator. */
1582 error = 0;
1583 break;
1584 default:
1585 /* Timed out or rejected by administrator. */
1586 break;
1587 }
1588 out:
1589 kfree(entry.query);
1590 return error;
1591 }
1592
1593 /**
1594 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query.
1595 *
1596 * @file: Pointer to "struct file".
1597 * @wait: Pointer to "poll_table".
1598 *
1599 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
1600 *
1601 * Waits for access requests which violated policy in enforcing mode.
1602 */
1603 static int tomoyo_poll_query(struct file *file, poll_table *wait)
1604 {
1605 struct list_head *tmp;
1606 bool found = false;
1607 u8 i;
1608 for (i = 0; i < 2; i++) {
1609 spin_lock(&tomoyo_query_list_lock);
1610 list_for_each(tmp, &tomoyo_query_list) {
1611 struct tomoyo_query *ptr =
1612 list_entry(tmp, typeof(*ptr), list);
1613 if (ptr->answer)
1614 continue;
1615 found = true;
1616 break;
1617 }
1618 spin_unlock(&tomoyo_query_list_lock);
1619 if (found)
1620 return POLLIN | POLLRDNORM;
1621 if (i)
1622 break;
1623 poll_wait(file, &tomoyo_query_wait, wait);
1624 }
1625 return 0;
1626 }
1627
1628 /**
1629 * tomoyo_read_query - Read access requests which violated policy in enforcing mode.
1630 *
1631 * @head: Pointer to "struct tomoyo_io_buffer".
1632 */
1633 static void tomoyo_read_query(struct tomoyo_io_buffer *head)
1634 {
1635 struct list_head *tmp;
1636 int pos = 0;
1637 int len = 0;
1638 char *buf;
1639 if (head->r.w_pos)
1640 return;
1641 if (head->read_buf) {
1642 kfree(head->read_buf);
1643 head->read_buf = NULL;
1644 }
1645 spin_lock(&tomoyo_query_list_lock);
1646 list_for_each(tmp, &tomoyo_query_list) {
1647 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1648 if (ptr->answer)
1649 continue;
1650 if (pos++ != head->r.query_index)
1651 continue;
1652 len = ptr->query_len;
1653 break;
1654 }
1655 spin_unlock(&tomoyo_query_list_lock);
1656 if (!len) {
1657 head->r.query_index = 0;
1658 return;
1659 }
1660 buf = kzalloc(len + 32, GFP_NOFS);
1661 if (!buf)
1662 return;
1663 pos = 0;
1664 spin_lock(&tomoyo_query_list_lock);
1665 list_for_each(tmp, &tomoyo_query_list) {
1666 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1667 if (ptr->answer)
1668 continue;
1669 if (pos++ != head->r.query_index)
1670 continue;
1671 /*
1672 * Some query can be skipped because tomoyo_query_list
1673 * can change, but I don't care.
1674 */
1675 if (len == ptr->query_len)
1676 snprintf(buf, len + 31, "Q%u-%hu\n%s", ptr->serial,
1677 ptr->retry, ptr->query);
1678 break;
1679 }
1680 spin_unlock(&tomoyo_query_list_lock);
1681 if (buf[0]) {
1682 head->read_buf = buf;
1683 head->r.w[head->r.w_pos++] = buf;
1684 head->r.query_index++;
1685 } else {
1686 kfree(buf);
1687 }
1688 }
1689
1690 /**
1691 * tomoyo_write_answer - Write the supervisor's decision.
1692 *
1693 * @head: Pointer to "struct tomoyo_io_buffer".
1694 *
1695 * Returns 0 on success, -EINVAL otherwise.
1696 */
1697 static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
1698 {
1699 char *data = head->write_buf;
1700 struct list_head *tmp;
1701 unsigned int serial;
1702 unsigned int answer;
1703 spin_lock(&tomoyo_query_list_lock);
1704 list_for_each(tmp, &tomoyo_query_list) {
1705 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1706 ptr->timer = 0;
1707 }
1708 spin_unlock(&tomoyo_query_list_lock);
1709 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
1710 return -EINVAL;
1711 spin_lock(&tomoyo_query_list_lock);
1712 list_for_each(tmp, &tomoyo_query_list) {
1713 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1714 if (ptr->serial != serial)
1715 continue;
1716 if (!ptr->answer)
1717 ptr->answer = answer;
1718 break;
1719 }
1720 spin_unlock(&tomoyo_query_list_lock);
1721 return 0;
1722 }
1723
1724 /**
1725 * tomoyo_read_version: Get version.
1726 *
1727 * @head: Pointer to "struct tomoyo_io_buffer".
1728 *
1729 * Returns version information.
1730 */
1731 static void tomoyo_read_version(struct tomoyo_io_buffer *head)
1732 {
1733 if (!head->r.eof) {
1734 tomoyo_io_printf(head, "2.4.0");
1735 head->r.eof = true;
1736 }
1737 }
1738
1739 /**
1740 * tomoyo_read_self_domain - Get the current process's domainname.
1741 *
1742 * @head: Pointer to "struct tomoyo_io_buffer".
1743 *
1744 * Returns the current process's domainname.
1745 */
1746 static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1747 {
1748 if (!head->r.eof) {
1749 /*
1750 * tomoyo_domain()->domainname != NULL
1751 * because every process belongs to a domain and
1752 * the domain's name cannot be NULL.
1753 */
1754 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1755 head->r.eof = true;
1756 }
1757 }
1758
1759 /**
1760 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1761 *
1762 * @type: Type of interface.
1763 * @file: Pointer to "struct file".
1764 *
1765 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
1766 *
1767 * Caller acquires tomoyo_read_lock().
1768 */
1769 int tomoyo_open_control(const u8 type, struct file *file)
1770 {
1771 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS);
1772
1773 if (!head)
1774 return -ENOMEM;
1775 mutex_init(&head->io_sem);
1776 head->type = type;
1777 switch (type) {
1778 case TOMOYO_DOMAINPOLICY:
1779 /* /sys/kernel/security/tomoyo/domain_policy */
1780 head->write = tomoyo_write_domain;
1781 head->read = tomoyo_read_domain;
1782 break;
1783 case TOMOYO_EXCEPTIONPOLICY:
1784 /* /sys/kernel/security/tomoyo/exception_policy */
1785 head->write = tomoyo_write_exception;
1786 head->read = tomoyo_read_exception;
1787 break;
1788 case TOMOYO_AUDIT:
1789 /* /sys/kernel/security/tomoyo/audit */
1790 head->poll = tomoyo_poll_log;
1791 head->read = tomoyo_read_log;
1792 break;
1793 case TOMOYO_SELFDOMAIN:
1794 /* /sys/kernel/security/tomoyo/self_domain */
1795 head->read = tomoyo_read_self_domain;
1796 break;
1797 case TOMOYO_DOMAIN_STATUS:
1798 /* /sys/kernel/security/tomoyo/.domain_status */
1799 head->write = tomoyo_write_domain_profile;
1800 head->read = tomoyo_read_domain_profile;
1801 break;
1802 case TOMOYO_PROCESS_STATUS:
1803 /* /sys/kernel/security/tomoyo/.process_status */
1804 head->write = tomoyo_write_pid;
1805 head->read = tomoyo_read_pid;
1806 break;
1807 case TOMOYO_VERSION:
1808 /* /sys/kernel/security/tomoyo/version */
1809 head->read = tomoyo_read_version;
1810 head->readbuf_size = 128;
1811 break;
1812 case TOMOYO_MEMINFO:
1813 /* /sys/kernel/security/tomoyo/meminfo */
1814 head->write = tomoyo_write_memory_quota;
1815 head->read = tomoyo_read_memory_counter;
1816 head->readbuf_size = 512;
1817 break;
1818 case TOMOYO_PROFILE:
1819 /* /sys/kernel/security/tomoyo/profile */
1820 head->write = tomoyo_write_profile;
1821 head->read = tomoyo_read_profile;
1822 break;
1823 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */
1824 head->poll = tomoyo_poll_query;
1825 head->write = tomoyo_write_answer;
1826 head->read = tomoyo_read_query;
1827 break;
1828 case TOMOYO_MANAGER:
1829 /* /sys/kernel/security/tomoyo/manager */
1830 head->write = tomoyo_write_manager;
1831 head->read = tomoyo_read_manager;
1832 break;
1833 }
1834 if (!(file->f_mode & FMODE_READ)) {
1835 /*
1836 * No need to allocate read_buf since it is not opened
1837 * for reading.
1838 */
1839 head->read = NULL;
1840 head->poll = NULL;
1841 } else if (!head->poll) {
1842 /* Don't allocate read_buf for poll() access. */
1843 if (!head->readbuf_size)
1844 head->readbuf_size = 4096 * 2;
1845 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS);
1846 if (!head->read_buf) {
1847 kfree(head);
1848 return -ENOMEM;
1849 }
1850 }
1851 if (!(file->f_mode & FMODE_WRITE)) {
1852 /*
1853 * No need to allocate write_buf since it is not opened
1854 * for writing.
1855 */
1856 head->write = NULL;
1857 } else if (head->write) {
1858 head->writebuf_size = 4096 * 2;
1859 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS);
1860 if (!head->write_buf) {
1861 kfree(head->read_buf);
1862 kfree(head);
1863 return -ENOMEM;
1864 }
1865 }
1866 if (type != TOMOYO_QUERY && type != TOMOYO_AUDIT)
1867 head->reader_idx = tomoyo_read_lock();
1868 file->private_data = head;
1869 /*
1870 * If the file is /sys/kernel/security/tomoyo/query , increment the
1871 * observer counter.
1872 * The obserber counter is used by tomoyo_supervisor() to see if
1873 * there is some process monitoring /sys/kernel/security/tomoyo/query.
1874 */
1875 if (type == TOMOYO_QUERY)
1876 atomic_inc(&tomoyo_query_observers);
1877 return 0;
1878 }
1879
1880 /**
1881 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
1882 *
1883 * @file: Pointer to "struct file".
1884 * @wait: Pointer to "poll_table".
1885 *
1886 * Waits for read readiness.
1887 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd and
1888 * /sys/kernel/security/tomoyo/audit is handled by /usr/sbin/tomoyo-auditd.
1889 */
1890 int tomoyo_poll_control(struct file *file, poll_table *wait)
1891 {
1892 struct tomoyo_io_buffer *head = file->private_data;
1893 if (!head->poll)
1894 return -ENOSYS;
1895 return head->poll(file, wait);
1896 }
1897
1898 /**
1899 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
1900 *
1901 * @head: Pointer to "struct tomoyo_io_buffer".
1902 * @buffer: Poiner to buffer to write to.
1903 * @buffer_len: Size of @buffer.
1904 *
1905 * Returns bytes read on success, negative value otherwise.
1906 *
1907 * Caller holds tomoyo_read_lock().
1908 */
1909 int tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
1910 const int buffer_len)
1911 {
1912 int len;
1913
1914 if (!head->read)
1915 return -ENOSYS;
1916 if (mutex_lock_interruptible(&head->io_sem))
1917 return -EINTR;
1918 head->read_user_buf = buffer;
1919 head->read_user_buf_avail = buffer_len;
1920 if (tomoyo_flush(head))
1921 /* Call the policy handler. */
1922 head->read(head);
1923 tomoyo_flush(head);
1924 len = head->read_user_buf - buffer;
1925 mutex_unlock(&head->io_sem);
1926 return len;
1927 }
1928
1929 /**
1930 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
1931 *
1932 * @head: Pointer to "struct tomoyo_io_buffer".
1933 * @buffer: Pointer to buffer to read from.
1934 * @buffer_len: Size of @buffer.
1935 *
1936 * Returns @buffer_len on success, negative value otherwise.
1937 *
1938 * Caller holds tomoyo_read_lock().
1939 */
1940 int tomoyo_write_control(struct tomoyo_io_buffer *head,
1941 const char __user *buffer, const int buffer_len)
1942 {
1943 int error = buffer_len;
1944 int avail_len = buffer_len;
1945 char *cp0 = head->write_buf;
1946
1947 if (!head->write)
1948 return -ENOSYS;
1949 if (!access_ok(VERIFY_READ, buffer, buffer_len))
1950 return -EFAULT;
1951 /* Don't allow updating policies by non manager programs. */
1952 if (head->write != tomoyo_write_pid &&
1953 head->write != tomoyo_write_domain &&
1954 head->write != tomoyo_write_exception && !tomoyo_manager())
1955 return -EPERM;
1956 if (mutex_lock_interruptible(&head->io_sem))
1957 return -EINTR;
1958 /* Read a line and dispatch it to the policy handler. */
1959 while (avail_len > 0) {
1960 char c;
1961 if (head->w.avail >= head->writebuf_size - 1) {
1962 error = -ENOMEM;
1963 break;
1964 } else if (get_user(c, buffer)) {
1965 error = -EFAULT;
1966 break;
1967 }
1968 buffer++;
1969 avail_len--;
1970 cp0[head->w.avail++] = c;
1971 if (c != '\n')
1972 continue;
1973 cp0[head->w.avail - 1] = '\0';
1974 head->w.avail = 0;
1975 tomoyo_normalize_line(cp0);
1976 head->write(head);
1977 }
1978 mutex_unlock(&head->io_sem);
1979 return error;
1980 }
1981
1982 /**
1983 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
1984 *
1985 * @head: Pointer to "struct tomoyo_io_buffer".
1986 *
1987 * Releases memory and returns 0.
1988 *
1989 * Caller looses tomoyo_read_lock().
1990 */
1991 int tomoyo_close_control(struct tomoyo_io_buffer *head)
1992 {
1993 const bool is_write = !!head->write_buf;
1994
1995 /*
1996 * If the file is /sys/kernel/security/tomoyo/query , decrement the
1997 * observer counter.
1998 */
1999 if (head->type == TOMOYO_QUERY)
2000 atomic_dec(&tomoyo_query_observers);
2001 else if (head->type != TOMOYO_AUDIT)
2002 tomoyo_read_unlock(head->reader_idx);
2003 /* Release memory used for policy I/O. */
2004 kfree(head->read_buf);
2005 head->read_buf = NULL;
2006 kfree(head->write_buf);
2007 head->write_buf = NULL;
2008 kfree(head);
2009 if (is_write)
2010 tomoyo_run_gc();
2011 return 0;
2012 }
2013
2014 /**
2015 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined.
2016 */
2017 void tomoyo_check_profile(void)
2018 {
2019 struct tomoyo_domain_info *domain;
2020 const int idx = tomoyo_read_lock();
2021 tomoyo_policy_loaded = true;
2022 /* Check all profiles currently assigned to domains are defined. */
2023 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
2024 const u8 profile = domain->profile;
2025 if (tomoyo_profile_ptr[profile])
2026 continue;
2027 printk(KERN_ERR "You need to define profile %u before using it.\n",
2028 profile);
2029 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
2030 "for more information.\n");
2031 panic("Profile %u (used by '%s') not defined.\n",
2032 profile, domain->domainname->name);
2033 }
2034 tomoyo_read_unlock(idx);
2035 if (tomoyo_profile_version != 20090903) {
2036 printk(KERN_ERR "You need to install userland programs for "
2037 "TOMOYO 2.3 and initialize policy configuration.\n");
2038 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
2039 "for more information.\n");
2040 panic("Profile version %u is not supported.\n",
2041 tomoyo_profile_version);
2042 }
2043 printk(KERN_INFO "TOMOYO: 2.3.0\n");
2044 printk(KERN_INFO "Mandatory Access Control activated.\n");
2045 }
Linus' kernel tree