2 * security/tomoyo/common.c
4 * Common functions for TOMOYO.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
9 #include <linux/uaccess.h>
10 #include <linux/slab.h>
11 #include <linux/security.h>
14 /* Profile version. Currently only 20090903 is defined. */
15 static unsigned int tomoyo_profile_version
;
17 /* Profile table. Memory is allocated as needed. */
18 static struct tomoyo_profile
*tomoyo_profile_ptr
[TOMOYO_MAX_PROFILES
];
20 /* String table for operation mode. */
21 const char * const tomoyo_mode
[TOMOYO_CONFIG_MAX_MODE
] = {
22 [TOMOYO_CONFIG_DISABLED
] = "disabled",
23 [TOMOYO_CONFIG_LEARNING
] = "learning",
24 [TOMOYO_CONFIG_PERMISSIVE
] = "permissive",
25 [TOMOYO_CONFIG_ENFORCING
] = "enforcing"
28 /* String table for /sys/kernel/security/tomoyo/profile */
29 static const char *tomoyo_mac_keywords
[TOMOYO_MAX_MAC_INDEX
30 + TOMOYO_MAX_MAC_CATEGORY_INDEX
] = {
31 [TOMOYO_MAC_FILE_EXECUTE
] = "file::execute",
32 [TOMOYO_MAC_FILE_OPEN
] = "file::open",
33 [TOMOYO_MAC_FILE_CREATE
] = "file::create",
34 [TOMOYO_MAC_FILE_UNLINK
] = "file::unlink",
35 [TOMOYO_MAC_FILE_GETATTR
] = "file::getattr",
36 [TOMOYO_MAC_FILE_MKDIR
] = "file::mkdir",
37 [TOMOYO_MAC_FILE_RMDIR
] = "file::rmdir",
38 [TOMOYO_MAC_FILE_MKFIFO
] = "file::mkfifo",
39 [TOMOYO_MAC_FILE_MKSOCK
] = "file::mksock",
40 [TOMOYO_MAC_FILE_TRUNCATE
] = "file::truncate",
41 [TOMOYO_MAC_FILE_SYMLINK
] = "file::symlink",
42 [TOMOYO_MAC_FILE_MKBLOCK
] = "file::mkblock",
43 [TOMOYO_MAC_FILE_MKCHAR
] = "file::mkchar",
44 [TOMOYO_MAC_FILE_LINK
] = "file::link",
45 [TOMOYO_MAC_FILE_RENAME
] = "file::rename",
46 [TOMOYO_MAC_FILE_CHMOD
] = "file::chmod",
47 [TOMOYO_MAC_FILE_CHOWN
] = "file::chown",
48 [TOMOYO_MAC_FILE_CHGRP
] = "file::chgrp",
49 [TOMOYO_MAC_FILE_IOCTL
] = "file::ioctl",
50 [TOMOYO_MAC_FILE_CHROOT
] = "file::chroot",
51 [TOMOYO_MAC_FILE_MOUNT
] = "file::mount",
52 [TOMOYO_MAC_FILE_UMOUNT
] = "file::unmount",
53 [TOMOYO_MAC_FILE_PIVOT_ROOT
] = "file::pivot_root",
54 [TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAC_CATEGORY_FILE
] = "file",
57 /* String table for PREFERENCE keyword. */
58 static const char * const tomoyo_pref_keywords
[TOMOYO_MAX_PREF
] = {
59 [TOMOYO_PREF_MAX_AUDIT_LOG
] = "max_audit_log",
60 [TOMOYO_PREF_MAX_LEARNING_ENTRY
] = "max_learning_entry",
63 /* Permit policy management by non-root user? */
64 static bool tomoyo_manage_by_non_root
;
66 /* Utility functions. */
69 * tomoyo_yesno - Return "yes" or "no".
73 const char *tomoyo_yesno(const unsigned int value
)
75 return value
? "yes" : "no";
79 * tomoyo_addprintf - strncat()-like-snprintf().
81 * @buffer: Buffer to write to. Must be '\0'-terminated.
82 * @len: Size of @buffer.
83 * @fmt: The printf()'s format string, followed by parameters.
87 static void tomoyo_addprintf(char *buffer
, int len
, const char *fmt
, ...)
90 const int pos
= strlen(buffer
);
92 vsnprintf(buffer
+ pos
, len
- pos
- 1, fmt
, args
);
97 * tomoyo_flush - Flush queued string to userspace's buffer.
99 * @head: Pointer to "struct tomoyo_io_buffer".
101 * Returns true if all data was flushed, false otherwise.
103 static bool tomoyo_flush(struct tomoyo_io_buffer
*head
)
105 while (head
->r
.w_pos
) {
106 const char *w
= head
->r
.w
[0];
109 if (len
> head
->read_user_buf_avail
)
110 len
= head
->read_user_buf_avail
;
113 if (copy_to_user(head
->read_user_buf
, w
, len
))
115 head
->read_user_buf_avail
-= len
;
116 head
->read_user_buf
+= len
;
122 /* Add '\0' for audit logs and query. */
124 if (!head
->read_user_buf_avail
||
125 copy_to_user(head
->read_user_buf
, "", 1))
127 head
->read_user_buf_avail
--;
128 head
->read_user_buf
++;
131 for (len
= 0; len
< head
->r
.w_pos
; len
++)
132 head
->r
.w
[len
] = head
->r
.w
[len
+ 1];
139 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure.
141 * @head: Pointer to "struct tomoyo_io_buffer".
142 * @string: String to print.
144 * Note that @string has to be kept valid until @head is kfree()d.
145 * This means that char[] allocated on stack memory cannot be passed to
146 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory.
148 static void tomoyo_set_string(struct tomoyo_io_buffer
*head
, const char *string
)
150 if (head
->r
.w_pos
< TOMOYO_MAX_IO_READ_QUEUE
) {
151 head
->r
.w
[head
->r
.w_pos
++] = string
;
158 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure.
160 * @head: Pointer to "struct tomoyo_io_buffer".
161 * @fmt: The printf()'s format string, followed by parameters.
163 void tomoyo_io_printf(struct tomoyo_io_buffer
*head
, const char *fmt
, ...)
167 int pos
= head
->r
.avail
;
168 int size
= head
->readbuf_size
- pos
;
172 len
= vsnprintf(head
->read_buf
+ pos
, size
, fmt
, args
) + 1;
174 if (pos
+ len
>= head
->readbuf_size
) {
178 head
->r
.avail
+= len
;
179 tomoyo_set_string(head
, head
->read_buf
+ pos
);
183 * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure.
185 * @head: Pointer to "struct tomoyo_io_buffer".
189 static void tomoyo_set_space(struct tomoyo_io_buffer
*head
)
191 tomoyo_set_string(head
, " ");
195 * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure.
197 * @head: Pointer to "struct tomoyo_io_buffer".
201 static bool tomoyo_set_lf(struct tomoyo_io_buffer
*head
)
203 tomoyo_set_string(head
, "\n");
204 return !head
->r
.w_pos
;
208 * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure.
210 * @head: Pointer to "struct tomoyo_io_buffer".
214 static void tomoyo_set_slash(struct tomoyo_io_buffer
*head
)
216 tomoyo_set_string(head
, "/");
220 * tomoyo_print_name_union - Print a tomoyo_name_union.
222 * @head: Pointer to "struct tomoyo_io_buffer".
223 * @ptr: Pointer to "struct tomoyo_name_union".
225 static void tomoyo_print_name_union(struct tomoyo_io_buffer
*head
,
226 const struct tomoyo_name_union
*ptr
)
228 tomoyo_set_space(head
);
230 tomoyo_set_string(head
, "@");
231 tomoyo_set_string(head
, ptr
->group
->group_name
->name
);
233 tomoyo_set_string(head
, ptr
->filename
->name
);
238 * tomoyo_print_number_union - Print a tomoyo_number_union.
240 * @head: Pointer to "struct tomoyo_io_buffer".
241 * @ptr: Pointer to "struct tomoyo_number_union".
243 static void tomoyo_print_number_union(struct tomoyo_io_buffer
*head
,
244 const struct tomoyo_number_union
*ptr
)
246 tomoyo_set_space(head
);
248 tomoyo_set_string(head
, "@");
249 tomoyo_set_string(head
, ptr
->group
->group_name
->name
);
252 unsigned long min
= ptr
->values
[0];
253 const unsigned long max
= ptr
->values
[1];
254 u8 min_type
= ptr
->value_type
[0];
255 const u8 max_type
= ptr
->value_type
[1];
258 for (i
= 0; i
< 2; i
++) {
260 case TOMOYO_VALUE_TYPE_HEXADECIMAL
:
261 tomoyo_addprintf(buffer
, sizeof(buffer
),
264 case TOMOYO_VALUE_TYPE_OCTAL
:
265 tomoyo_addprintf(buffer
, sizeof(buffer
),
269 tomoyo_addprintf(buffer
, sizeof(buffer
),
273 if (min
== max
&& min_type
== max_type
)
275 tomoyo_addprintf(buffer
, sizeof(buffer
), "-");
279 tomoyo_io_printf(head
, "%s", buffer
);
284 * tomoyo_assign_profile - Create a new profile.
286 * @profile: Profile number to create.
288 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
290 static struct tomoyo_profile
*tomoyo_assign_profile(const unsigned int profile
)
292 struct tomoyo_profile
*ptr
;
293 struct tomoyo_profile
*entry
;
294 if (profile
>= TOMOYO_MAX_PROFILES
)
296 ptr
= tomoyo_profile_ptr
[profile
];
299 entry
= kzalloc(sizeof(*entry
), GFP_NOFS
);
300 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
302 ptr
= tomoyo_profile_ptr
[profile
];
303 if (!ptr
&& tomoyo_memory_ok(entry
)) {
305 ptr
->default_config
= TOMOYO_CONFIG_DISABLED
|
306 TOMOYO_CONFIG_WANT_GRANT_LOG
|
307 TOMOYO_CONFIG_WANT_REJECT_LOG
;
308 memset(ptr
->config
, TOMOYO_CONFIG_USE_DEFAULT
,
309 sizeof(ptr
->config
));
310 ptr
->pref
[TOMOYO_PREF_MAX_AUDIT_LOG
] = 1024;
311 ptr
->pref
[TOMOYO_PREF_MAX_LEARNING_ENTRY
] = 2048;
312 mb(); /* Avoid out-of-order execution. */
313 tomoyo_profile_ptr
[profile
] = ptr
;
316 mutex_unlock(&tomoyo_policy_lock
);
323 * tomoyo_profile - Find a profile.
325 * @profile: Profile number to find.
327 * Returns pointer to "struct tomoyo_profile".
329 struct tomoyo_profile
*tomoyo_profile(const u8 profile
)
331 static struct tomoyo_profile tomoyo_null_profile
;
332 struct tomoyo_profile
*ptr
= tomoyo_profile_ptr
[profile
];
334 ptr
= &tomoyo_null_profile
;
339 * tomoyo_find_yesno - Find values for specified keyword.
341 * @string: String to check.
342 * @find: Name of keyword.
344 * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise.
346 static s8
tomoyo_find_yesno(const char *string
, const char *find
)
348 const char *cp
= strstr(string
, find
);
351 if (!strncmp(cp
, "=yes", 4))
353 else if (!strncmp(cp
, "=no", 3))
360 * tomoyo_set_uint - Set value for specified preference.
362 * @i: Pointer to "unsigned int".
363 * @string: String to check.
364 * @find: Name of keyword.
368 static void tomoyo_set_uint(unsigned int *i
, const char *string
,
371 const char *cp
= strstr(string
, find
);
373 sscanf(cp
+ strlen(find
), "=%u", i
);
377 * tomoyo_set_mode - Set mode for specified profile.
379 * @name: Name of functionality.
380 * @value: Mode for @name.
381 * @profile: Pointer to "struct tomoyo_profile".
383 * Returns 0 on success, negative value otherwise.
385 static int tomoyo_set_mode(char *name
, const char *value
,
386 struct tomoyo_profile
*profile
)
390 if (!strcmp(name
, "CONFIG")) {
391 i
= TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAX_MAC_CATEGORY_INDEX
;
392 config
= profile
->default_config
;
393 } else if (tomoyo_str_starts(&name
, "CONFIG::")) {
395 for (i
= 0; i
< TOMOYO_MAX_MAC_INDEX
396 + TOMOYO_MAX_MAC_CATEGORY_INDEX
; i
++) {
397 if (strcmp(name
, tomoyo_mac_keywords
[i
]))
399 config
= profile
->config
[i
];
402 if (i
== TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAX_MAC_CATEGORY_INDEX
)
407 if (strstr(value
, "use_default")) {
408 config
= TOMOYO_CONFIG_USE_DEFAULT
;
411 for (mode
= 0; mode
< 4; mode
++)
412 if (strstr(value
, tomoyo_mode
[mode
]))
414 * Update lower 3 bits in order to distinguish
415 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
417 config
= (config
& ~7) | mode
;
418 if (config
!= TOMOYO_CONFIG_USE_DEFAULT
) {
419 switch (tomoyo_find_yesno(value
, "grant_log")) {
421 config
|= TOMOYO_CONFIG_WANT_GRANT_LOG
;
424 config
&= ~TOMOYO_CONFIG_WANT_GRANT_LOG
;
427 switch (tomoyo_find_yesno(value
, "reject_log")) {
429 config
|= TOMOYO_CONFIG_WANT_REJECT_LOG
;
432 config
&= ~TOMOYO_CONFIG_WANT_REJECT_LOG
;
437 if (i
< TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAX_MAC_CATEGORY_INDEX
)
438 profile
->config
[i
] = config
;
439 else if (config
!= TOMOYO_CONFIG_USE_DEFAULT
)
440 profile
->default_config
= config
;
445 * tomoyo_write_profile - Write profile table.
447 * @head: Pointer to "struct tomoyo_io_buffer".
449 * Returns 0 on success, negative value otherwise.
451 static int tomoyo_write_profile(struct tomoyo_io_buffer
*head
)
453 char *data
= head
->write_buf
;
456 struct tomoyo_profile
*profile
;
457 if (sscanf(data
, "PROFILE_VERSION=%u", &tomoyo_profile_version
) == 1)
459 i
= simple_strtoul(data
, &cp
, 10);
463 profile
= tomoyo_assign_profile(i
);
466 cp
= strchr(data
, '=');
470 if (!strcmp(data
, "COMMENT")) {
471 static DEFINE_SPINLOCK(lock
);
472 const struct tomoyo_path_info
*new_comment
473 = tomoyo_get_name(cp
);
474 const struct tomoyo_path_info
*old_comment
;
478 old_comment
= profile
->comment
;
479 profile
->comment
= new_comment
;
481 tomoyo_put_name(old_comment
);
484 if (!strcmp(data
, "PREFERENCE")) {
485 for (i
= 0; i
< TOMOYO_MAX_PREF
; i
++)
486 tomoyo_set_uint(&profile
->pref
[i
], cp
,
487 tomoyo_pref_keywords
[i
]);
490 return tomoyo_set_mode(data
, cp
, profile
);
494 * tomoyo_print_config - Print mode for specified functionality.
496 * @head: Pointer to "struct tomoyo_io_buffer".
497 * @config: Mode for that functionality.
501 * Caller prints functionality's name.
503 static void tomoyo_print_config(struct tomoyo_io_buffer
*head
, const u8 config
)
505 tomoyo_io_printf(head
, "={ mode=%s grant_log=%s reject_log=%s }\n",
506 tomoyo_mode
[config
& 3],
507 tomoyo_yesno(config
& TOMOYO_CONFIG_WANT_GRANT_LOG
),
508 tomoyo_yesno(config
& TOMOYO_CONFIG_WANT_REJECT_LOG
));
512 * tomoyo_read_profile - Read profile table.
514 * @head: Pointer to "struct tomoyo_io_buffer".
518 static void tomoyo_read_profile(struct tomoyo_io_buffer
*head
)
521 const struct tomoyo_profile
*profile
;
523 index
= head
->r
.index
;
524 profile
= tomoyo_profile_ptr
[index
];
525 switch (head
->r
.step
) {
527 tomoyo_io_printf(head
, "PROFILE_VERSION=%u\n", 20090903);
531 for ( ; head
->r
.index
< TOMOYO_MAX_PROFILES
;
533 if (tomoyo_profile_ptr
[head
->r
.index
])
535 if (head
->r
.index
== TOMOYO_MAX_PROFILES
)
542 const struct tomoyo_path_info
*comment
=
544 tomoyo_io_printf(head
, "%u-COMMENT=", index
);
545 tomoyo_set_string(head
, comment
? comment
->name
: "");
547 tomoyo_io_printf(head
, "%u-PREFERENCE={ ", index
);
548 for (i
= 0; i
< TOMOYO_MAX_PREF
; i
++)
549 tomoyo_io_printf(head
, "%s=%u ",
550 tomoyo_pref_keywords
[i
],
552 tomoyo_set_string(head
, "}\n");
558 tomoyo_io_printf(head
, "%u-%s", index
, "CONFIG");
559 tomoyo_print_config(head
, profile
->default_config
);
565 for ( ; head
->r
.bit
< TOMOYO_MAX_MAC_INDEX
566 + TOMOYO_MAX_MAC_CATEGORY_INDEX
; head
->r
.bit
++) {
567 const u8 i
= head
->r
.bit
;
568 const u8 config
= profile
->config
[i
];
569 if (config
== TOMOYO_CONFIG_USE_DEFAULT
)
571 tomoyo_io_printf(head
, "%u-%s%s", index
, "CONFIG::",
572 tomoyo_mac_keywords
[i
]);
573 tomoyo_print_config(head
, config
);
577 if (head
->r
.bit
== TOMOYO_MAX_MAC_INDEX
578 + TOMOYO_MAX_MAC_CATEGORY_INDEX
) {
584 if (tomoyo_flush(head
))
588 static bool tomoyo_same_manager(const struct tomoyo_acl_head
*a
,
589 const struct tomoyo_acl_head
*b
)
591 return container_of(a
, struct tomoyo_manager
, head
)->manager
==
592 container_of(b
, struct tomoyo_manager
, head
)->manager
;
596 * tomoyo_update_manager_entry - Add a manager entry.
598 * @manager: The path to manager or the domainnamme.
599 * @is_delete: True if it is a delete request.
601 * Returns 0 on success, negative value otherwise.
603 * Caller holds tomoyo_read_lock().
605 static int tomoyo_update_manager_entry(const char *manager
,
606 const bool is_delete
)
608 struct tomoyo_manager e
= { };
609 struct tomoyo_acl_param param
= {
610 .is_delete
= is_delete
,
611 .list
= &tomoyo_policy_list
[TOMOYO_ID_MANAGER
],
613 int error
= is_delete
? -ENOENT
: -ENOMEM
;
614 if (tomoyo_domain_def(manager
)) {
615 if (!tomoyo_correct_domain(manager
))
619 if (!tomoyo_correct_path(manager
))
622 e
.manager
= tomoyo_get_name(manager
);
624 error
= tomoyo_update_policy(&e
.head
, sizeof(e
), ¶m
,
625 tomoyo_same_manager
);
626 tomoyo_put_name(e
.manager
);
632 * tomoyo_write_manager - Write manager policy.
634 * @head: Pointer to "struct tomoyo_io_buffer".
636 * Returns 0 on success, negative value otherwise.
638 * Caller holds tomoyo_read_lock().
640 static int tomoyo_write_manager(struct tomoyo_io_buffer
*head
)
642 char *data
= head
->write_buf
;
643 bool is_delete
= tomoyo_str_starts(&data
, "delete ");
645 if (!strcmp(data
, "manage_by_non_root")) {
646 tomoyo_manage_by_non_root
= !is_delete
;
649 return tomoyo_update_manager_entry(data
, is_delete
);
653 * tomoyo_read_manager - Read manager policy.
655 * @head: Pointer to "struct tomoyo_io_buffer".
657 * Caller holds tomoyo_read_lock().
659 static void tomoyo_read_manager(struct tomoyo_io_buffer
*head
)
663 list_for_each_cookie(head
->r
.acl
,
664 &tomoyo_policy_list
[TOMOYO_ID_MANAGER
]) {
665 struct tomoyo_manager
*ptr
=
666 list_entry(head
->r
.acl
, typeof(*ptr
), head
.list
);
667 if (ptr
->head
.is_deleted
)
669 if (!tomoyo_flush(head
))
671 tomoyo_set_string(head
, ptr
->manager
->name
);
678 * tomoyo_manager - Check whether the current process is a policy manager.
680 * Returns true if the current process is permitted to modify policy
681 * via /sys/kernel/security/tomoyo/ interface.
683 * Caller holds tomoyo_read_lock().
685 static bool tomoyo_manager(void)
687 struct tomoyo_manager
*ptr
;
689 const struct task_struct
*task
= current
;
690 const struct tomoyo_path_info
*domainname
= tomoyo_domain()->domainname
;
693 if (!tomoyo_policy_loaded
)
695 if (!tomoyo_manage_by_non_root
&& (task
->cred
->uid
|| task
->cred
->euid
))
697 list_for_each_entry_rcu(ptr
, &tomoyo_policy_list
[TOMOYO_ID_MANAGER
],
699 if (!ptr
->head
.is_deleted
&& ptr
->is_domain
700 && !tomoyo_pathcmp(domainname
, ptr
->manager
)) {
707 exe
= tomoyo_get_exe();
710 list_for_each_entry_rcu(ptr
, &tomoyo_policy_list
[TOMOYO_ID_MANAGER
],
712 if (!ptr
->head
.is_deleted
&& !ptr
->is_domain
713 && !strcmp(exe
, ptr
->manager
->name
)) {
718 if (!found
) { /* Reduce error messages. */
719 static pid_t last_pid
;
720 const pid_t pid
= current
->pid
;
721 if (last_pid
!= pid
) {
722 printk(KERN_WARNING
"%s ( %s ) is not permitted to "
723 "update policies.\n", domainname
->name
, exe
);
732 * tomoyo_select_one - Parse select command.
734 * @head: Pointer to "struct tomoyo_io_buffer".
735 * @data: String to parse.
737 * Returns true on success, false otherwise.
739 * Caller holds tomoyo_read_lock().
741 static bool tomoyo_select_one(struct tomoyo_io_buffer
*head
, const char *data
)
744 struct tomoyo_domain_info
*domain
= NULL
;
745 bool global_pid
= false;
747 if (!strcmp(data
, "allow_execute")) {
748 head
->r
.print_execute_only
= true;
751 if (sscanf(data
, "pid=%u", &pid
) == 1 ||
752 (global_pid
= true, sscanf(data
, "global-pid=%u", &pid
) == 1)) {
753 struct task_struct
*p
;
755 read_lock(&tasklist_lock
);
757 p
= find_task_by_pid_ns(pid
, &init_pid_ns
);
759 p
= find_task_by_vpid(pid
);
761 domain
= tomoyo_real_domain(p
);
762 read_unlock(&tasklist_lock
);
764 } else if (!strncmp(data
, "domain=", 7)) {
765 if (tomoyo_domain_def(data
+ 7))
766 domain
= tomoyo_find_domain(data
+ 7);
769 head
->w
.domain
= domain
;
770 /* Accessing read_buf is safe because head->io_sem is held. */
772 return true; /* Do nothing if open(O_WRONLY). */
773 memset(&head
->r
, 0, sizeof(head
->r
));
774 head
->r
.print_this_domain_only
= true;
776 head
->r
.domain
= &domain
->list
;
779 tomoyo_io_printf(head
, "# select %s\n", data
);
780 if (domain
&& domain
->is_deleted
)
781 tomoyo_io_printf(head
, "# This is a deleted domain.\n");
786 * tomoyo_delete_domain - Delete a domain.
788 * @domainname: The name of domain.
792 * Caller holds tomoyo_read_lock().
794 static int tomoyo_delete_domain(char *domainname
)
796 struct tomoyo_domain_info
*domain
;
797 struct tomoyo_path_info name
;
799 name
.name
= domainname
;
800 tomoyo_fill_path_info(&name
);
801 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
803 /* Is there an active domain? */
804 list_for_each_entry_rcu(domain
, &tomoyo_domain_list
, list
) {
805 /* Never delete tomoyo_kernel_domain */
806 if (domain
== &tomoyo_kernel_domain
)
808 if (domain
->is_deleted
||
809 tomoyo_pathcmp(domain
->domainname
, &name
))
811 domain
->is_deleted
= true;
814 mutex_unlock(&tomoyo_policy_lock
);
819 * tomoyo_write_domain2 - Write domain policy.
821 * @list: Pointer to "struct list_head".
822 * @data: Policy to be interpreted.
823 * @is_delete: True if it is a delete request.
825 * Returns 0 on success, negative value otherwise.
827 * Caller holds tomoyo_read_lock().
829 static int tomoyo_write_domain2(struct list_head
*list
, char *data
,
830 const bool is_delete
)
832 struct tomoyo_acl_param param
= {
835 .is_delete
= is_delete
,
837 static const struct {
839 int (*write
) (struct tomoyo_acl_param
*);
840 } tomoyo_callback
[1] = {
841 { "file ", tomoyo_write_file
},
844 for (i
= 0; i
< 1; i
++) {
845 if (!tomoyo_str_starts(¶m
.data
,
846 tomoyo_callback
[i
].keyword
))
848 return tomoyo_callback
[i
].write(¶m
);
854 * tomoyo_write_domain - Write domain policy.
856 * @head: Pointer to "struct tomoyo_io_buffer".
858 * Returns 0 on success, negative value otherwise.
860 * Caller holds tomoyo_read_lock().
862 static int tomoyo_write_domain(struct tomoyo_io_buffer
*head
)
864 char *data
= head
->write_buf
;
865 struct tomoyo_domain_info
*domain
= head
->w
.domain
;
866 bool is_delete
= false;
867 bool is_select
= false;
868 unsigned int profile
;
870 if (tomoyo_str_starts(&data
, "delete "))
872 else if (tomoyo_str_starts(&data
, "select "))
874 if (is_select
&& tomoyo_select_one(head
, data
))
876 /* Don't allow updating policies by non manager programs. */
877 if (!tomoyo_manager())
879 if (tomoyo_domain_def(data
)) {
882 tomoyo_delete_domain(data
);
884 domain
= tomoyo_find_domain(data
);
886 domain
= tomoyo_assign_domain(data
, 0);
887 head
->w
.domain
= domain
;
893 if (sscanf(data
, "use_profile %u", &profile
) == 1
894 && profile
< TOMOYO_MAX_PROFILES
) {
895 if (tomoyo_profile_ptr
[profile
] || !tomoyo_policy_loaded
)
896 domain
->profile
= (u8
) profile
;
899 if (sscanf(data
, "use_group %u\n", &profile
) == 1
900 && profile
< TOMOYO_MAX_ACL_GROUPS
) {
902 domain
->group
= (u8
) profile
;
905 if (!strcmp(data
, "quota_exceeded")) {
906 domain
->quota_warned
= !is_delete
;
909 if (!strcmp(data
, "transition_failed")) {
910 domain
->transition_failed
= !is_delete
;
913 return tomoyo_write_domain2(&domain
->acl_info_list
, data
, is_delete
);
917 * tomoyo_set_group - Print "acl_group " header keyword and category name.
919 * @head: Pointer to "struct tomoyo_io_buffer".
920 * @category: Category name.
924 static void tomoyo_set_group(struct tomoyo_io_buffer
*head
,
925 const char *category
)
927 if (head
->type
== TOMOYO_EXCEPTIONPOLICY
)
928 tomoyo_io_printf(head
, "acl_group %u ",
929 head
->r
.acl_group_index
);
930 tomoyo_set_string(head
, category
);
934 * tomoyo_print_entry - Print an ACL entry.
936 * @head: Pointer to "struct tomoyo_io_buffer".
937 * @acl: Pointer to an ACL entry.
939 * Returns true on success, false otherwise.
941 static bool tomoyo_print_entry(struct tomoyo_io_buffer
*head
,
942 struct tomoyo_acl_info
*acl
)
944 const u8 acl_type
= acl
->type
;
950 if (!tomoyo_flush(head
))
952 else if (acl_type
== TOMOYO_TYPE_PATH_ACL
) {
953 struct tomoyo_path_acl
*ptr
=
954 container_of(acl
, typeof(*ptr
), head
);
955 const u16 perm
= ptr
->perm
;
956 for (bit
= 0; bit
< TOMOYO_MAX_PATH_OPERATION
; bit
++) {
957 if (!(perm
& (1 << bit
)))
959 if (head
->r
.print_execute_only
&&
960 bit
!= TOMOYO_TYPE_EXECUTE
)
963 tomoyo_set_group(head
, "file ");
966 tomoyo_set_slash(head
);
968 tomoyo_set_string(head
, tomoyo_path_keyword
[bit
]);
972 tomoyo_print_name_union(head
, &ptr
->name
);
973 } else if (head
->r
.print_execute_only
) {
975 } else if (acl_type
== TOMOYO_TYPE_PATH2_ACL
) {
976 struct tomoyo_path2_acl
*ptr
=
977 container_of(acl
, typeof(*ptr
), head
);
978 const u8 perm
= ptr
->perm
;
979 for (bit
= 0; bit
< TOMOYO_MAX_PATH2_OPERATION
; bit
++) {
980 if (!(perm
& (1 << bit
)))
983 tomoyo_set_group(head
, "file ");
986 tomoyo_set_slash(head
);
988 tomoyo_set_string(head
, tomoyo_mac_keywords
989 [tomoyo_pp2mac
[bit
]]);
993 tomoyo_print_name_union(head
, &ptr
->name1
);
994 tomoyo_print_name_union(head
, &ptr
->name2
);
995 } else if (acl_type
== TOMOYO_TYPE_PATH_NUMBER_ACL
) {
996 struct tomoyo_path_number_acl
*ptr
=
997 container_of(acl
, typeof(*ptr
), head
);
998 const u8 perm
= ptr
->perm
;
999 for (bit
= 0; bit
< TOMOYO_MAX_PATH_NUMBER_OPERATION
; bit
++) {
1000 if (!(perm
& (1 << bit
)))
1003 tomoyo_set_group(head
, "file ");
1006 tomoyo_set_slash(head
);
1008 tomoyo_set_string(head
, tomoyo_mac_keywords
1009 [tomoyo_pn2mac
[bit
]]);
1013 tomoyo_print_name_union(head
, &ptr
->name
);
1014 tomoyo_print_number_union(head
, &ptr
->number
);
1015 } else if (acl_type
== TOMOYO_TYPE_MKDEV_ACL
) {
1016 struct tomoyo_mkdev_acl
*ptr
=
1017 container_of(acl
, typeof(*ptr
), head
);
1018 const u8 perm
= ptr
->perm
;
1019 for (bit
= 0; bit
< TOMOYO_MAX_MKDEV_OPERATION
; bit
++) {
1020 if (!(perm
& (1 << bit
)))
1023 tomoyo_set_group(head
, "file ");
1026 tomoyo_set_slash(head
);
1028 tomoyo_set_string(head
, tomoyo_mac_keywords
1029 [tomoyo_pnnn2mac
[bit
]]);
1033 tomoyo_print_name_union(head
, &ptr
->name
);
1034 tomoyo_print_number_union(head
, &ptr
->mode
);
1035 tomoyo_print_number_union(head
, &ptr
->major
);
1036 tomoyo_print_number_union(head
, &ptr
->minor
);
1037 } else if (acl_type
== TOMOYO_TYPE_MOUNT_ACL
) {
1038 struct tomoyo_mount_acl
*ptr
=
1039 container_of(acl
, typeof(*ptr
), head
);
1040 tomoyo_set_group(head
, "file mount");
1041 tomoyo_print_name_union(head
, &ptr
->dev_name
);
1042 tomoyo_print_name_union(head
, &ptr
->dir_name
);
1043 tomoyo_print_name_union(head
, &ptr
->fs_type
);
1044 tomoyo_print_number_union(head
, &ptr
->flags
);
1046 tomoyo_set_lf(head
);
1051 * tomoyo_read_domain2 - Read domain policy.
1053 * @head: Pointer to "struct tomoyo_io_buffer".
1054 * @list: Pointer to "struct list_head".
1056 * Caller holds tomoyo_read_lock().
1058 * Returns true on success, false otherwise.
1060 static bool tomoyo_read_domain2(struct tomoyo_io_buffer
*head
,
1061 struct list_head
*list
)
1063 list_for_each_cookie(head
->r
.acl
, list
) {
1064 struct tomoyo_acl_info
*ptr
=
1065 list_entry(head
->r
.acl
, typeof(*ptr
), list
);
1066 if (!tomoyo_print_entry(head
, ptr
))
1074 * tomoyo_read_domain - Read domain policy.
1076 * @head: Pointer to "struct tomoyo_io_buffer".
1078 * Caller holds tomoyo_read_lock().
1080 static void tomoyo_read_domain(struct tomoyo_io_buffer
*head
)
1084 list_for_each_cookie(head
->r
.domain
, &tomoyo_domain_list
) {
1085 struct tomoyo_domain_info
*domain
=
1086 list_entry(head
->r
.domain
, typeof(*domain
), list
);
1087 switch (head
->r
.step
) {
1089 if (domain
->is_deleted
&&
1090 !head
->r
.print_this_domain_only
)
1092 /* Print domainname and flags. */
1093 tomoyo_set_string(head
, domain
->domainname
->name
);
1094 tomoyo_set_lf(head
);
1095 tomoyo_io_printf(head
, "use_profile %u\n",
1097 tomoyo_io_printf(head
, "use_group %u\n",
1099 if (domain
->quota_warned
)
1100 tomoyo_set_string(head
, "quota_exceeded\n");
1101 if (domain
->transition_failed
)
1102 tomoyo_set_string(head
, "transition_failed\n");
1104 tomoyo_set_lf(head
);
1107 if (!tomoyo_read_domain2(head
, &domain
->acl_info_list
))
1110 if (!tomoyo_set_lf(head
))
1115 if (head
->r
.print_this_domain_only
)
1124 * tomoyo_write_domain_profile - Assign profile for specified domain.
1126 * @head: Pointer to "struct tomoyo_io_buffer".
1128 * Returns 0 on success, -EINVAL otherwise.
1130 * This is equivalent to doing
1132 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1133 * /usr/sbin/tomoyo-loadpolicy -d
1135 * Caller holds tomoyo_read_lock().
1137 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer
*head
)
1139 char *data
= head
->write_buf
;
1140 char *cp
= strchr(data
, ' ');
1141 struct tomoyo_domain_info
*domain
;
1142 unsigned long profile
;
1147 domain
= tomoyo_find_domain(cp
+ 1);
1148 if (strict_strtoul(data
, 10, &profile
))
1150 if (domain
&& profile
< TOMOYO_MAX_PROFILES
1151 && (tomoyo_profile_ptr
[profile
] || !tomoyo_policy_loaded
))
1152 domain
->profile
= (u8
) profile
;
1157 * tomoyo_read_domain_profile - Read only domainname and profile.
1159 * @head: Pointer to "struct tomoyo_io_buffer".
1161 * Returns list of profile number and domainname pairs.
1163 * This is equivalent to doing
1165 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1166 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1167 * domainname = $0; } else if ( $1 == "use_profile" ) {
1168 * print $2 " " domainname; domainname = ""; } } ; '
1170 * Caller holds tomoyo_read_lock().
1172 static void tomoyo_read_domain_profile(struct tomoyo_io_buffer
*head
)
1176 list_for_each_cookie(head
->r
.domain
, &tomoyo_domain_list
) {
1177 struct tomoyo_domain_info
*domain
=
1178 list_entry(head
->r
.domain
, typeof(*domain
), list
);
1179 if (domain
->is_deleted
)
1181 if (!tomoyo_flush(head
))
1183 tomoyo_io_printf(head
, "%u ", domain
->profile
);
1184 tomoyo_set_string(head
, domain
->domainname
->name
);
1185 tomoyo_set_lf(head
);
1191 * tomoyo_write_pid: Specify PID to obtain domainname.
1193 * @head: Pointer to "struct tomoyo_io_buffer".
1197 static int tomoyo_write_pid(struct tomoyo_io_buffer
*head
)
1199 head
->r
.eof
= false;
1204 * tomoyo_read_pid - Get domainname of the specified PID.
1206 * @head: Pointer to "struct tomoyo_io_buffer".
1208 * Returns the domainname which the specified PID is in on success,
1209 * empty string otherwise.
1210 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1211 * using read()/write() interface rather than sysctl() interface.
1213 static void tomoyo_read_pid(struct tomoyo_io_buffer
*head
)
1215 char *buf
= head
->write_buf
;
1216 bool global_pid
= false;
1218 struct task_struct
*p
;
1219 struct tomoyo_domain_info
*domain
= NULL
;
1221 /* Accessing write_buf is safe because head->io_sem is held. */
1224 return; /* Do nothing if open(O_RDONLY). */
1226 if (head
->r
.w_pos
|| head
->r
.eof
)
1229 if (tomoyo_str_starts(&buf
, "global-pid "))
1231 pid
= (unsigned int) simple_strtoul(buf
, NULL
, 10);
1233 read_lock(&tasklist_lock
);
1235 p
= find_task_by_pid_ns(pid
, &init_pid_ns
);
1237 p
= find_task_by_vpid(pid
);
1239 domain
= tomoyo_real_domain(p
);
1240 read_unlock(&tasklist_lock
);
1244 tomoyo_io_printf(head
, "%u %u ", pid
, domain
->profile
);
1245 tomoyo_set_string(head
, domain
->domainname
->name
);
1248 static const char *tomoyo_transition_type
[TOMOYO_MAX_TRANSITION_TYPE
] = {
1249 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE
] = "no_initialize_domain",
1250 [TOMOYO_TRANSITION_CONTROL_INITIALIZE
] = "initialize_domain",
1251 [TOMOYO_TRANSITION_CONTROL_NO_KEEP
] = "no_keep_domain",
1252 [TOMOYO_TRANSITION_CONTROL_KEEP
] = "keep_domain",
1255 static const char *tomoyo_group_name
[TOMOYO_MAX_GROUP
] = {
1256 [TOMOYO_PATH_GROUP
] = "path_group ",
1257 [TOMOYO_NUMBER_GROUP
] = "number_group ",
1261 * tomoyo_write_exception - Write exception policy.
1263 * @head: Pointer to "struct tomoyo_io_buffer".
1265 * Returns 0 on success, negative value otherwise.
1267 * Caller holds tomoyo_read_lock().
1269 static int tomoyo_write_exception(struct tomoyo_io_buffer
*head
)
1271 struct tomoyo_acl_param param
= {
1272 .data
= head
->write_buf
,
1275 param
.is_delete
= tomoyo_str_starts(¶m
.data
, "delete ");
1276 if (!param
.is_delete
&& tomoyo_str_starts(¶m
.data
, "select ") &&
1277 !strcmp(param
.data
, "execute_only")) {
1278 head
->r
.print_execute_only
= true;
1281 /* Don't allow updating policies by non manager programs. */
1282 if (!tomoyo_manager())
1284 if (tomoyo_str_starts(¶m
.data
, "aggregator "))
1285 return tomoyo_write_aggregator(¶m
);
1286 for (i
= 0; i
< TOMOYO_MAX_TRANSITION_TYPE
; i
++)
1287 if (tomoyo_str_starts(¶m
.data
, tomoyo_transition_type
[i
]))
1288 return tomoyo_write_transition_control(¶m
, i
);
1289 for (i
= 0; i
< TOMOYO_MAX_GROUP
; i
++)
1290 if (tomoyo_str_starts(¶m
.data
, tomoyo_group_name
[i
]))
1291 return tomoyo_write_group(¶m
, i
);
1292 if (tomoyo_str_starts(¶m
.data
, "acl_group ")) {
1295 group
= simple_strtoul(param
.data
, &data
, 10);
1296 if (group
< TOMOYO_MAX_ACL_GROUPS
&& *data
++ == ' ')
1297 return tomoyo_write_domain2(&tomoyo_acl_group
[group
],
1298 data
, param
.is_delete
);
1304 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1306 * @head: Pointer to "struct tomoyo_io_buffer".
1307 * @idx: Index number.
1309 * Returns true on success, false otherwise.
1311 * Caller holds tomoyo_read_lock().
1313 static bool tomoyo_read_group(struct tomoyo_io_buffer
*head
, const int idx
)
1315 list_for_each_cookie(head
->r
.group
, &tomoyo_group_list
[idx
]) {
1316 struct tomoyo_group
*group
=
1317 list_entry(head
->r
.group
, typeof(*group
), head
.list
);
1318 list_for_each_cookie(head
->r
.acl
, &group
->member_list
) {
1319 struct tomoyo_acl_head
*ptr
=
1320 list_entry(head
->r
.acl
, typeof(*ptr
), list
);
1321 if (ptr
->is_deleted
)
1323 if (!tomoyo_flush(head
))
1325 tomoyo_set_string(head
, tomoyo_group_name
[idx
]);
1326 tomoyo_set_string(head
, group
->group_name
->name
);
1327 if (idx
== TOMOYO_PATH_GROUP
) {
1328 tomoyo_set_space(head
);
1329 tomoyo_set_string(head
, container_of
1330 (ptr
, struct tomoyo_path_group
,
1331 head
)->member_name
->name
);
1332 } else if (idx
== TOMOYO_NUMBER_GROUP
) {
1333 tomoyo_print_number_union(head
, &container_of
1335 struct tomoyo_number_group
,
1338 tomoyo_set_lf(head
);
1342 head
->r
.group
= NULL
;
1347 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
1349 * @head: Pointer to "struct tomoyo_io_buffer".
1350 * @idx: Index number.
1352 * Returns true on success, false otherwise.
1354 * Caller holds tomoyo_read_lock().
1356 static bool tomoyo_read_policy(struct tomoyo_io_buffer
*head
, const int idx
)
1358 list_for_each_cookie(head
->r
.acl
, &tomoyo_policy_list
[idx
]) {
1359 struct tomoyo_acl_head
*acl
=
1360 container_of(head
->r
.acl
, typeof(*acl
), list
);
1361 if (acl
->is_deleted
)
1363 if (!tomoyo_flush(head
))
1366 case TOMOYO_ID_TRANSITION_CONTROL
:
1368 struct tomoyo_transition_control
*ptr
=
1369 container_of(acl
, typeof(*ptr
), head
);
1370 tomoyo_set_string(head
, tomoyo_transition_type
1372 tomoyo_set_string(head
, ptr
->program
?
1373 ptr
->program
->name
: "any");
1374 tomoyo_set_string(head
, " from ");
1375 tomoyo_set_string(head
, ptr
->domainname
?
1376 ptr
->domainname
->name
:
1380 case TOMOYO_ID_AGGREGATOR
:
1382 struct tomoyo_aggregator
*ptr
=
1383 container_of(acl
, typeof(*ptr
), head
);
1384 tomoyo_set_string(head
, "aggregator ");
1385 tomoyo_set_string(head
,
1386 ptr
->original_name
->name
);
1387 tomoyo_set_space(head
);
1388 tomoyo_set_string(head
,
1389 ptr
->aggregated_name
->name
);
1395 tomoyo_set_lf(head
);
1402 * tomoyo_read_exception - Read exception policy.
1404 * @head: Pointer to "struct tomoyo_io_buffer".
1406 * Caller holds tomoyo_read_lock().
1408 static void tomoyo_read_exception(struct tomoyo_io_buffer
*head
)
1412 while (head
->r
.step
< TOMOYO_MAX_POLICY
&&
1413 tomoyo_read_policy(head
, head
->r
.step
))
1415 if (head
->r
.step
< TOMOYO_MAX_POLICY
)
1417 while (head
->r
.step
< TOMOYO_MAX_POLICY
+ TOMOYO_MAX_GROUP
&&
1418 tomoyo_read_group(head
, head
->r
.step
- TOMOYO_MAX_POLICY
))
1420 if (head
->r
.step
< TOMOYO_MAX_POLICY
+ TOMOYO_MAX_GROUP
)
1422 while (head
->r
.step
< TOMOYO_MAX_POLICY
+ TOMOYO_MAX_GROUP
1423 + TOMOYO_MAX_ACL_GROUPS
) {
1424 head
->r
.acl_group_index
= head
->r
.step
- TOMOYO_MAX_POLICY
1426 if (!tomoyo_read_domain2(head
, &tomoyo_acl_group
1427 [head
->r
.acl_group_index
]))
1434 /* Wait queue for kernel -> userspace notification. */
1435 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait
);
1436 /* Wait queue for userspace -> kernel notification. */
1437 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait
);
1439 /* Structure for query. */
1440 struct tomoyo_query
{
1441 struct list_head list
;
1444 unsigned int serial
;
1450 /* The list for "struct tomoyo_query". */
1451 static LIST_HEAD(tomoyo_query_list
);
1453 /* Lock for manipulating tomoyo_query_list. */
1454 static DEFINE_SPINLOCK(tomoyo_query_list_lock
);
1457 * Number of "struct file" referring /sys/kernel/security/tomoyo/query
1460 static atomic_t tomoyo_query_observers
= ATOMIC_INIT(0);
1463 * tomoyo_add_entry - Add an ACL to current thread's domain. Used by learning mode.
1465 * @domain: Pointer to "struct tomoyo_domain_info".
1466 * @header: Lines containing ACL.
1470 static void tomoyo_add_entry(struct tomoyo_domain_info
*domain
, char *header
)
1473 char *cp
= strchr(header
, '\n');
1477 cp
= strchr(cp
+ 1, '\n');
1481 len
= strlen(cp
) + 1;
1482 buffer
= kmalloc(len
, GFP_NOFS
);
1485 snprintf(buffer
, len
- 1, "%s", cp
);
1486 tomoyo_normalize_line(buffer
);
1487 tomoyo_write_domain2(&domain
->acl_info_list
, buffer
, false);
1492 * tomoyo_supervisor - Ask for the supervisor's decision.
1494 * @r: Pointer to "struct tomoyo_request_info".
1495 * @fmt: The printf()'s format string, followed by parameters.
1497 * Returns 0 if the supervisor decided to permit the access request which
1498 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the
1499 * supervisor decided to retry the access request which violated the policy in
1500 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise.
1502 int tomoyo_supervisor(struct tomoyo_request_info
*r
, const char *fmt
, ...)
1507 static unsigned int tomoyo_serial
;
1508 struct tomoyo_query entry
= { };
1509 bool quota_exceeded
= false;
1510 va_start(args
, fmt
);
1511 len
= vsnprintf((char *) &len
, 1, fmt
, args
) + 1;
1513 /* Write /sys/kernel/security/tomoyo/audit. */
1514 va_start(args
, fmt
);
1515 tomoyo_write_log2(r
, len
, fmt
, args
);
1517 /* Nothing more to do if granted. */
1521 case TOMOYO_CONFIG_ENFORCING
:
1523 if (atomic_read(&tomoyo_query_observers
))
1526 case TOMOYO_CONFIG_LEARNING
:
1528 /* Check max_learning_entry parameter. */
1529 if (tomoyo_domain_quota_is_ok(r
))
1536 va_start(args
, fmt
);
1537 entry
.query
= tomoyo_init_log(r
, len
, fmt
, args
);
1541 entry
.query_len
= strlen(entry
.query
) + 1;
1543 tomoyo_add_entry(r
->domain
, entry
.query
);
1546 len
= tomoyo_round2(entry
.query_len
);
1547 spin_lock(&tomoyo_query_list_lock
);
1548 if (tomoyo_memory_quota
[TOMOYO_MEMORY_QUERY
] &&
1549 tomoyo_memory_used
[TOMOYO_MEMORY_QUERY
] + len
1550 >= tomoyo_memory_quota
[TOMOYO_MEMORY_QUERY
]) {
1551 quota_exceeded
= true;
1553 entry
.serial
= tomoyo_serial
++;
1554 entry
.retry
= r
->retry
;
1555 tomoyo_memory_used
[TOMOYO_MEMORY_QUERY
] += len
;
1556 list_add_tail(&entry
.list
, &tomoyo_query_list
);
1558 spin_unlock(&tomoyo_query_list_lock
);
1561 /* Give 10 seconds for supervisor's opinion. */
1562 while (entry
.timer
< 10) {
1563 wake_up_all(&tomoyo_query_wait
);
1564 if (wait_event_interruptible_timeout
1565 (tomoyo_answer_wait
, entry
.answer
||
1566 !atomic_read(&tomoyo_query_observers
), HZ
))
1571 spin_lock(&tomoyo_query_list_lock
);
1572 list_del(&entry
.list
);
1573 tomoyo_memory_used
[TOMOYO_MEMORY_QUERY
] -= len
;
1574 spin_unlock(&tomoyo_query_list_lock
);
1575 switch (entry
.answer
) {
1576 case 3: /* Asked to retry by administrator. */
1577 error
= TOMOYO_RETRY_REQUEST
;
1581 /* Granted by administrator. */
1585 /* Timed out or rejected by administrator. */
1594 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query.
1596 * @file: Pointer to "struct file".
1597 * @wait: Pointer to "poll_table".
1599 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
1601 * Waits for access requests which violated policy in enforcing mode.
1603 static int tomoyo_poll_query(struct file
*file
, poll_table
*wait
)
1605 struct list_head
*tmp
;
1608 for (i
= 0; i
< 2; i
++) {
1609 spin_lock(&tomoyo_query_list_lock
);
1610 list_for_each(tmp
, &tomoyo_query_list
) {
1611 struct tomoyo_query
*ptr
=
1612 list_entry(tmp
, typeof(*ptr
), list
);
1618 spin_unlock(&tomoyo_query_list_lock
);
1620 return POLLIN
| POLLRDNORM
;
1623 poll_wait(file
, &tomoyo_query_wait
, wait
);
1629 * tomoyo_read_query - Read access requests which violated policy in enforcing mode.
1631 * @head: Pointer to "struct tomoyo_io_buffer".
1633 static void tomoyo_read_query(struct tomoyo_io_buffer
*head
)
1635 struct list_head
*tmp
;
1641 if (head
->read_buf
) {
1642 kfree(head
->read_buf
);
1643 head
->read_buf
= NULL
;
1645 spin_lock(&tomoyo_query_list_lock
);
1646 list_for_each(tmp
, &tomoyo_query_list
) {
1647 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1650 if (pos
++ != head
->r
.query_index
)
1652 len
= ptr
->query_len
;
1655 spin_unlock(&tomoyo_query_list_lock
);
1657 head
->r
.query_index
= 0;
1660 buf
= kzalloc(len
+ 32, GFP_NOFS
);
1664 spin_lock(&tomoyo_query_list_lock
);
1665 list_for_each(tmp
, &tomoyo_query_list
) {
1666 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1669 if (pos
++ != head
->r
.query_index
)
1672 * Some query can be skipped because tomoyo_query_list
1673 * can change, but I don't care.
1675 if (len
== ptr
->query_len
)
1676 snprintf(buf
, len
+ 31, "Q%u-%hu\n%s", ptr
->serial
,
1677 ptr
->retry
, ptr
->query
);
1680 spin_unlock(&tomoyo_query_list_lock
);
1682 head
->read_buf
= buf
;
1683 head
->r
.w
[head
->r
.w_pos
++] = buf
;
1684 head
->r
.query_index
++;
1691 * tomoyo_write_answer - Write the supervisor's decision.
1693 * @head: Pointer to "struct tomoyo_io_buffer".
1695 * Returns 0 on success, -EINVAL otherwise.
1697 static int tomoyo_write_answer(struct tomoyo_io_buffer
*head
)
1699 char *data
= head
->write_buf
;
1700 struct list_head
*tmp
;
1701 unsigned int serial
;
1702 unsigned int answer
;
1703 spin_lock(&tomoyo_query_list_lock
);
1704 list_for_each(tmp
, &tomoyo_query_list
) {
1705 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1708 spin_unlock(&tomoyo_query_list_lock
);
1709 if (sscanf(data
, "A%u=%u", &serial
, &answer
) != 2)
1711 spin_lock(&tomoyo_query_list_lock
);
1712 list_for_each(tmp
, &tomoyo_query_list
) {
1713 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1714 if (ptr
->serial
!= serial
)
1717 ptr
->answer
= answer
;
1720 spin_unlock(&tomoyo_query_list_lock
);
1725 * tomoyo_read_version: Get version.
1727 * @head: Pointer to "struct tomoyo_io_buffer".
1729 * Returns version information.
1731 static void tomoyo_read_version(struct tomoyo_io_buffer
*head
)
1734 tomoyo_io_printf(head
, "2.4.0");
1740 * tomoyo_read_self_domain - Get the current process's domainname.
1742 * @head: Pointer to "struct tomoyo_io_buffer".
1744 * Returns the current process's domainname.
1746 static void tomoyo_read_self_domain(struct tomoyo_io_buffer
*head
)
1750 * tomoyo_domain()->domainname != NULL
1751 * because every process belongs to a domain and
1752 * the domain's name cannot be NULL.
1754 tomoyo_io_printf(head
, "%s", tomoyo_domain()->domainname
->name
);
1760 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1762 * @type: Type of interface.
1763 * @file: Pointer to "struct file".
1765 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
1767 * Caller acquires tomoyo_read_lock().
1769 int tomoyo_open_control(const u8 type
, struct file
*file
)
1771 struct tomoyo_io_buffer
*head
= kzalloc(sizeof(*head
), GFP_NOFS
);
1775 mutex_init(&head
->io_sem
);
1778 case TOMOYO_DOMAINPOLICY
:
1779 /* /sys/kernel/security/tomoyo/domain_policy */
1780 head
->write
= tomoyo_write_domain
;
1781 head
->read
= tomoyo_read_domain
;
1783 case TOMOYO_EXCEPTIONPOLICY
:
1784 /* /sys/kernel/security/tomoyo/exception_policy */
1785 head
->write
= tomoyo_write_exception
;
1786 head
->read
= tomoyo_read_exception
;
1789 /* /sys/kernel/security/tomoyo/audit */
1790 head
->poll
= tomoyo_poll_log
;
1791 head
->read
= tomoyo_read_log
;
1793 case TOMOYO_SELFDOMAIN
:
1794 /* /sys/kernel/security/tomoyo/self_domain */
1795 head
->read
= tomoyo_read_self_domain
;
1797 case TOMOYO_DOMAIN_STATUS
:
1798 /* /sys/kernel/security/tomoyo/.domain_status */
1799 head
->write
= tomoyo_write_domain_profile
;
1800 head
->read
= tomoyo_read_domain_profile
;
1802 case TOMOYO_PROCESS_STATUS
:
1803 /* /sys/kernel/security/tomoyo/.process_status */
1804 head
->write
= tomoyo_write_pid
;
1805 head
->read
= tomoyo_read_pid
;
1807 case TOMOYO_VERSION
:
1808 /* /sys/kernel/security/tomoyo/version */
1809 head
->read
= tomoyo_read_version
;
1810 head
->readbuf_size
= 128;
1812 case TOMOYO_MEMINFO
:
1813 /* /sys/kernel/security/tomoyo/meminfo */
1814 head
->write
= tomoyo_write_memory_quota
;
1815 head
->read
= tomoyo_read_memory_counter
;
1816 head
->readbuf_size
= 512;
1818 case TOMOYO_PROFILE
:
1819 /* /sys/kernel/security/tomoyo/profile */
1820 head
->write
= tomoyo_write_profile
;
1821 head
->read
= tomoyo_read_profile
;
1823 case TOMOYO_QUERY
: /* /sys/kernel/security/tomoyo/query */
1824 head
->poll
= tomoyo_poll_query
;
1825 head
->write
= tomoyo_write_answer
;
1826 head
->read
= tomoyo_read_query
;
1828 case TOMOYO_MANAGER
:
1829 /* /sys/kernel/security/tomoyo/manager */
1830 head
->write
= tomoyo_write_manager
;
1831 head
->read
= tomoyo_read_manager
;
1834 if (!(file
->f_mode
& FMODE_READ
)) {
1836 * No need to allocate read_buf since it is not opened
1841 } else if (!head
->poll
) {
1842 /* Don't allocate read_buf for poll() access. */
1843 if (!head
->readbuf_size
)
1844 head
->readbuf_size
= 4096 * 2;
1845 head
->read_buf
= kzalloc(head
->readbuf_size
, GFP_NOFS
);
1846 if (!head
->read_buf
) {
1851 if (!(file
->f_mode
& FMODE_WRITE
)) {
1853 * No need to allocate write_buf since it is not opened
1857 } else if (head
->write
) {
1858 head
->writebuf_size
= 4096 * 2;
1859 head
->write_buf
= kzalloc(head
->writebuf_size
, GFP_NOFS
);
1860 if (!head
->write_buf
) {
1861 kfree(head
->read_buf
);
1866 if (type
!= TOMOYO_QUERY
&& type
!= TOMOYO_AUDIT
)
1867 head
->reader_idx
= tomoyo_read_lock();
1868 file
->private_data
= head
;
1870 * If the file is /sys/kernel/security/tomoyo/query , increment the
1872 * The obserber counter is used by tomoyo_supervisor() to see if
1873 * there is some process monitoring /sys/kernel/security/tomoyo/query.
1875 if (type
== TOMOYO_QUERY
)
1876 atomic_inc(&tomoyo_query_observers
);
1881 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
1883 * @file: Pointer to "struct file".
1884 * @wait: Pointer to "poll_table".
1886 * Waits for read readiness.
1887 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd and
1888 * /sys/kernel/security/tomoyo/audit is handled by /usr/sbin/tomoyo-auditd.
1890 int tomoyo_poll_control(struct file
*file
, poll_table
*wait
)
1892 struct tomoyo_io_buffer
*head
= file
->private_data
;
1895 return head
->poll(file
, wait
);
1899 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
1901 * @head: Pointer to "struct tomoyo_io_buffer".
1902 * @buffer: Poiner to buffer to write to.
1903 * @buffer_len: Size of @buffer.
1905 * Returns bytes read on success, negative value otherwise.
1907 * Caller holds tomoyo_read_lock().
1909 int tomoyo_read_control(struct tomoyo_io_buffer
*head
, char __user
*buffer
,
1910 const int buffer_len
)
1916 if (mutex_lock_interruptible(&head
->io_sem
))
1918 head
->read_user_buf
= buffer
;
1919 head
->read_user_buf_avail
= buffer_len
;
1920 if (tomoyo_flush(head
))
1921 /* Call the policy handler. */
1924 len
= head
->read_user_buf
- buffer
;
1925 mutex_unlock(&head
->io_sem
);
1930 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
1932 * @head: Pointer to "struct tomoyo_io_buffer".
1933 * @buffer: Pointer to buffer to read from.
1934 * @buffer_len: Size of @buffer.
1936 * Returns @buffer_len on success, negative value otherwise.
1938 * Caller holds tomoyo_read_lock().
1940 int tomoyo_write_control(struct tomoyo_io_buffer
*head
,
1941 const char __user
*buffer
, const int buffer_len
)
1943 int error
= buffer_len
;
1944 int avail_len
= buffer_len
;
1945 char *cp0
= head
->write_buf
;
1949 if (!access_ok(VERIFY_READ
, buffer
, buffer_len
))
1951 /* Don't allow updating policies by non manager programs. */
1952 if (head
->write
!= tomoyo_write_pid
&&
1953 head
->write
!= tomoyo_write_domain
&&
1954 head
->write
!= tomoyo_write_exception
&& !tomoyo_manager())
1956 if (mutex_lock_interruptible(&head
->io_sem
))
1958 /* Read a line and dispatch it to the policy handler. */
1959 while (avail_len
> 0) {
1961 if (head
->w
.avail
>= head
->writebuf_size
- 1) {
1964 } else if (get_user(c
, buffer
)) {
1970 cp0
[head
->w
.avail
++] = c
;
1973 cp0
[head
->w
.avail
- 1] = '\0';
1975 tomoyo_normalize_line(cp0
);
1978 mutex_unlock(&head
->io_sem
);
1983 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
1985 * @head: Pointer to "struct tomoyo_io_buffer".
1987 * Releases memory and returns 0.
1989 * Caller looses tomoyo_read_lock().
1991 int tomoyo_close_control(struct tomoyo_io_buffer
*head
)
1993 const bool is_write
= !!head
->write_buf
;
1996 * If the file is /sys/kernel/security/tomoyo/query , decrement the
1999 if (head
->type
== TOMOYO_QUERY
)
2000 atomic_dec(&tomoyo_query_observers
);
2001 else if (head
->type
!= TOMOYO_AUDIT
)
2002 tomoyo_read_unlock(head
->reader_idx
);
2003 /* Release memory used for policy I/O. */
2004 kfree(head
->read_buf
);
2005 head
->read_buf
= NULL
;
2006 kfree(head
->write_buf
);
2007 head
->write_buf
= NULL
;
2015 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined.
2017 void tomoyo_check_profile(void)
2019 struct tomoyo_domain_info
*domain
;
2020 const int idx
= tomoyo_read_lock();
2021 tomoyo_policy_loaded
= true;
2022 /* Check all profiles currently assigned to domains are defined. */
2023 list_for_each_entry_rcu(domain
, &tomoyo_domain_list
, list
) {
2024 const u8 profile
= domain
->profile
;
2025 if (tomoyo_profile_ptr
[profile
])
2027 printk(KERN_ERR
"You need to define profile %u before using it.\n",
2029 printk(KERN_ERR
"Please see http://tomoyo.sourceforge.jp/2.3/ "
2030 "for more information.\n");
2031 panic("Profile %u (used by '%s') not defined.\n",
2032 profile
, domain
->domainname
->name
);
2034 tomoyo_read_unlock(idx
);
2035 if (tomoyo_profile_version
!= 20090903) {
2036 printk(KERN_ERR
"You need to install userland programs for "
2037 "TOMOYO 2.3 and initialize policy configuration.\n");
2038 printk(KERN_ERR
"Please see http://tomoyo.sourceforge.jp/2.3/ "
2039 "for more information.\n");
2040 panic("Profile version %u is not supported.\n",
2041 tomoyo_profile_version
);
2043 printk(KERN_INFO
"TOMOYO: 2.3.0\n");
2044 printk(KERN_INFO
"Mandatory Access Control activated.\n");