search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
TOMOYO: Reduce lines by using common path for addition and deletion.
[linux-2.6/libata-dev.git] / security / tomoyo / file.c
blobf4a27714e0778933fbc5bdada751ac46f4bb0a83
1 /*
2 * security/tomoyo/file.c
3 *
4 * Implementation of the Domain-Based Mandatory Access Control.
5 *
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
7 *
8 * Version: 2.2.0 2009/04/01
9 *
10 */
11
12 #include "common.h"
13 #include "tomoyo.h"
14 #include "realpath.h"
15
16 /*
17 * tomoyo_globally_readable_file_entry is a structure which is used for holding
18 * "allow_read" entries.
19 * It has following fields.
20 *
21 * (1) "list" which is linked to tomoyo_globally_readable_list .
22 * (2) "filename" is a pathname which is allowed to open(O_RDONLY).
23 * (3) "is_deleted" is a bool which is true if marked as deleted, false
24 * otherwise.
25 */
26 struct tomoyo_globally_readable_file_entry {
27 struct list_head list;
28 const struct tomoyo_path_info *filename;
29 bool is_deleted;
30 };
31
32 /*
33 * tomoyo_pattern_entry is a structure which is used for holding
34 * "tomoyo_pattern_list" entries.
35 * It has following fields.
36 *
37 * (1) "list" which is linked to tomoyo_pattern_list .
38 * (2) "pattern" is a pathname pattern which is used for converting pathnames
39 * to pathname patterns during learning mode.
40 * (3) "is_deleted" is a bool which is true if marked as deleted, false
41 * otherwise.
42 */
43 struct tomoyo_pattern_entry {
44 struct list_head list;
45 const struct tomoyo_path_info *pattern;
46 bool is_deleted;
47 };
48
49 /*
50 * tomoyo_no_rewrite_entry is a structure which is used for holding
51 * "deny_rewrite" entries.
52 * It has following fields.
53 *
54 * (1) "list" which is linked to tomoyo_no_rewrite_list .
55 * (2) "pattern" is a pathname which is by default not permitted to modify
56 * already existing content.
57 * (3) "is_deleted" is a bool which is true if marked as deleted, false
58 * otherwise.
59 */
60 struct tomoyo_no_rewrite_entry {
61 struct list_head list;
62 const struct tomoyo_path_info *pattern;
63 bool is_deleted;
64 };
65
66 /* Keyword array for single path operations. */
67 static const char *tomoyo_sp_keyword[TOMOYO_MAX_SINGLE_PATH_OPERATION] = {
68 [TOMOYO_TYPE_READ_WRITE_ACL] = "read/write",
69 [TOMOYO_TYPE_EXECUTE_ACL] = "execute",
70 [TOMOYO_TYPE_READ_ACL] = "read",
71 [TOMOYO_TYPE_WRITE_ACL] = "write",
72 [TOMOYO_TYPE_CREATE_ACL] = "create",
73 [TOMOYO_TYPE_UNLINK_ACL] = "unlink",
74 [TOMOYO_TYPE_MKDIR_ACL] = "mkdir",
75 [TOMOYO_TYPE_RMDIR_ACL] = "rmdir",
76 [TOMOYO_TYPE_MKFIFO_ACL] = "mkfifo",
77 [TOMOYO_TYPE_MKSOCK_ACL] = "mksock",
78 [TOMOYO_TYPE_MKBLOCK_ACL] = "mkblock",
79 [TOMOYO_TYPE_MKCHAR_ACL] = "mkchar",
80 [TOMOYO_TYPE_TRUNCATE_ACL] = "truncate",
81 [TOMOYO_TYPE_SYMLINK_ACL] = "symlink",
82 [TOMOYO_TYPE_REWRITE_ACL] = "rewrite",
83 [TOMOYO_TYPE_IOCTL_ACL] = "ioctl",
84 [TOMOYO_TYPE_CHMOD_ACL] = "chmod",
85 [TOMOYO_TYPE_CHOWN_ACL] = "chown",
86 [TOMOYO_TYPE_CHGRP_ACL] = "chgrp",
87 [TOMOYO_TYPE_CHROOT_ACL] = "chroot",
88 [TOMOYO_TYPE_MOUNT_ACL] = "mount",
89 [TOMOYO_TYPE_UMOUNT_ACL] = "unmount",
90 };
91
92 /* Keyword array for double path operations. */
93 static const char *tomoyo_dp_keyword[TOMOYO_MAX_DOUBLE_PATH_OPERATION] = {
94 [TOMOYO_TYPE_LINK_ACL] = "link",
95 [TOMOYO_TYPE_RENAME_ACL] = "rename",
96 [TOMOYO_TYPE_PIVOT_ROOT_ACL] = "pivot_root",
97 };
98
99 /**
100 * tomoyo_sp2keyword - Get the name of single path operation.
101 *
102 * @operation: Type of operation.
103 *
104 * Returns the name of single path operation.
105 */
106 const char *tomoyo_sp2keyword(const u8 operation)
107 {
108 return (operation < TOMOYO_MAX_SINGLE_PATH_OPERATION)
109 ? tomoyo_sp_keyword[operation] : NULL;
110 }
111
112 /**
113 * tomoyo_dp2keyword - Get the name of double path operation.
114 *
115 * @operation: Type of operation.
116 *
117 * Returns the name of double path operation.
118 */
119 const char *tomoyo_dp2keyword(const u8 operation)
120 {
121 return (operation < TOMOYO_MAX_DOUBLE_PATH_OPERATION)
122 ? tomoyo_dp_keyword[operation] : NULL;
123 }
124
125 /**
126 * tomoyo_strendswith - Check whether the token ends with the given token.
127 *
128 * @name: The token to check.
129 * @tail: The token to find.
130 *
131 * Returns true if @name ends with @tail, false otherwise.
132 */
133 static bool tomoyo_strendswith(const char *name, const char *tail)
134 {
135 int len;
136
137 if (!name || !tail)
138 return false;
139 len = strlen(name) - strlen(tail);
140 return len >= 0 && !strcmp(name + len, tail);
141 }
142
143 /**
144 * tomoyo_get_path - Get realpath.
145 *
146 * @path: Pointer to "struct path".
147 *
148 * Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise.
149 */
150 static struct tomoyo_path_info *tomoyo_get_path(struct path *path)
151 {
152 int error;
153 struct tomoyo_path_info_with_data *buf = kzalloc(sizeof(*buf),
154 GFP_KERNEL);
155
156 if (!buf)
157 return NULL;
158 /* Reserve one byte for appending "/". */
159 error = tomoyo_realpath_from_path2(path, buf->body,
160 sizeof(buf->body) - 2);
161 if (!error) {
162 buf->head.name = buf->body;
163 tomoyo_fill_path_info(&buf->head);
164 return &buf->head;
165 }
166 kfree(buf);
167 return NULL;
168 }
169
170 static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
171 const char *filename2,
172 struct tomoyo_domain_info *
173 const domain, const bool is_delete);
174 static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
175 struct tomoyo_domain_info *
176 const domain, const bool is_delete);
177
178 /*
179 * tomoyo_globally_readable_list is used for holding list of pathnames which
180 * are by default allowed to be open()ed for reading by any process.
181 *
182 * An entry is added by
183 *
184 * # echo 'allow_read /lib/libc-2.5.so' > \
185 * /sys/kernel/security/tomoyo/exception_policy
186 *
187 * and is deleted by
188 *
189 * # echo 'delete allow_read /lib/libc-2.5.so' > \
190 * /sys/kernel/security/tomoyo/exception_policy
191 *
192 * and all entries are retrieved by
193 *
194 * # grep ^allow_read /sys/kernel/security/tomoyo/exception_policy
195 *
196 * In the example above, any process is allowed to
197 * open("/lib/libc-2.5.so", O_RDONLY).
198 * One exception is, if the domain which current process belongs to is marked
199 * as "ignore_global_allow_read", current process can't do so unless explicitly
200 * given "allow_read /lib/libc-2.5.so" to the domain which current process
201 * belongs to.
202 */
203 static LIST_HEAD(tomoyo_globally_readable_list);
204
205 /**
206 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
207 *
208 * @filename: Filename unconditionally permitted to open() for reading.
209 * @is_delete: True if it is a delete request.
210 *
211 * Returns 0 on success, negative value otherwise.
212 *
213 * Caller holds tomoyo_read_lock().
214 */
215 static int tomoyo_update_globally_readable_entry(const char *filename,
216 const bool is_delete)
217 {
218 struct tomoyo_globally_readable_file_entry *entry = NULL;
219 struct tomoyo_globally_readable_file_entry *ptr;
220 const struct tomoyo_path_info *saved_filename;
221 int error = is_delete ? -ENOENT : -ENOMEM;
222
223 if (!tomoyo_is_correct_path(filename, 1, 0, -1, __func__))
224 return -EINVAL;
225 saved_filename = tomoyo_save_name(filename);
226 if (!saved_filename)
227 return -ENOMEM;
228 if (!is_delete)
229 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
230 mutex_lock(&tomoyo_policy_lock);
231 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) {
232 if (ptr->filename != saved_filename)
233 continue;
234 ptr->is_deleted = is_delete;
235 error = 0;
236 break;
237 }
238 if (!is_delete && error && tomoyo_memory_ok(entry)) {
239 entry->filename = saved_filename;
240 list_add_tail_rcu(&entry->list, &tomoyo_globally_readable_list);
241 entry = NULL;
242 error = 0;
243 }
244 mutex_unlock(&tomoyo_policy_lock);
245 kfree(entry);
246 return error;
247 }
248
249 /**
250 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
251 *
252 * @filename: The filename to check.
253 *
254 * Returns true if any domain can open @filename for reading, false otherwise.
255 *
256 * Caller holds tomoyo_read_lock().
257 */
258 static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info *
259 filename)
260 {
261 struct tomoyo_globally_readable_file_entry *ptr;
262 bool found = false;
263
264 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) {
265 if (!ptr->is_deleted &&
266 tomoyo_path_matches_pattern(filename, ptr->filename)) {
267 found = true;
268 break;
269 }
270 }
271 return found;
272 }
273
274 /**
275 * tomoyo_write_globally_readable_policy - Write "struct tomoyo_globally_readable_file_entry" list.
276 *
277 * @data: String to parse.
278 * @is_delete: True if it is a delete request.
279 *
280 * Returns 0 on success, negative value otherwise.
281 *
282 * Caller holds tomoyo_read_lock().
283 */
284 int tomoyo_write_globally_readable_policy(char *data, const bool is_delete)
285 {
286 return tomoyo_update_globally_readable_entry(data, is_delete);
287 }
288
289 /**
290 * tomoyo_read_globally_readable_policy - Read "struct tomoyo_globally_readable_file_entry" list.
291 *
292 * @head: Pointer to "struct tomoyo_io_buffer".
293 *
294 * Returns true on success, false otherwise.
295 *
296 * Caller holds tomoyo_read_lock().
297 */
298 bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
299 {
300 struct list_head *pos;
301 bool done = true;
302
303 list_for_each_cookie(pos, head->read_var2,
304 &tomoyo_globally_readable_list) {
305 struct tomoyo_globally_readable_file_entry *ptr;
306 ptr = list_entry(pos,
307 struct tomoyo_globally_readable_file_entry,
308 list);
309 if (ptr->is_deleted)
310 continue;
311 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALLOW_READ "%s\n",
312 ptr->filename->name);
313 if (!done)
314 break;
315 }
316 return done;
317 }
318
319 /* tomoyo_pattern_list is used for holding list of pathnames which are used for
320 * converting pathnames to pathname patterns during learning mode.
321 *
322 * An entry is added by
323 *
324 * # echo 'file_pattern /proc/\$/mounts' > \
325 * /sys/kernel/security/tomoyo/exception_policy
326 *
327 * and is deleted by
328 *
329 * # echo 'delete file_pattern /proc/\$/mounts' > \
330 * /sys/kernel/security/tomoyo/exception_policy
331 *
332 * and all entries are retrieved by
333 *
334 * # grep ^file_pattern /sys/kernel/security/tomoyo/exception_policy
335 *
336 * In the example above, if a process which belongs to a domain which is in
337 * learning mode requested open("/proc/1/mounts", O_RDONLY),
338 * "allow_read /proc/\$/mounts" is automatically added to the domain which that
339 * process belongs to.
340 *
341 * It is not a desirable behavior that we have to use /proc/\$/ instead of
342 * /proc/self/ when current process needs to access only current process's
343 * information. As of now, LSM version of TOMOYO is using __d_path() for
344 * calculating pathname. Non LSM version of TOMOYO is using its own function
345 * which pretends as if /proc/self/ is not a symlink; so that we can forbid
346 * current process from accessing other process's information.
347 */
348 static LIST_HEAD(tomoyo_pattern_list);
349
350 /**
351 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
352 *
353 * @pattern: Pathname pattern.
354 * @is_delete: True if it is a delete request.
355 *
356 * Returns 0 on success, negative value otherwise.
357 *
358 * Caller holds tomoyo_read_lock().
359 */
360 static int tomoyo_update_file_pattern_entry(const char *pattern,
361 const bool is_delete)
362 {
363 struct tomoyo_pattern_entry *entry = NULL;
364 struct tomoyo_pattern_entry *ptr;
365 const struct tomoyo_path_info *saved_pattern;
366 int error = is_delete ? -ENOENT : -ENOMEM;
367
368 saved_pattern = tomoyo_save_name(pattern);
369 if (!saved_pattern)
370 return error;
371 if (!saved_pattern->is_patterned)
372 goto out;
373 if (!is_delete)
374 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
375 mutex_lock(&tomoyo_policy_lock);
376 list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
377 if (saved_pattern != ptr->pattern)
378 continue;
379 ptr->is_deleted = is_delete;
380 error = 0;
381 break;
382 }
383 if (!is_delete && error && tomoyo_memory_ok(entry)) {
384 entry->pattern = saved_pattern;
385 list_add_tail_rcu(&entry->list, &tomoyo_pattern_list);
386 entry = NULL;
387 error = 0;
388 }
389 mutex_unlock(&tomoyo_policy_lock);
390 out:
391 kfree(entry);
392 return error;
393 }
394
395 /**
396 * tomoyo_get_file_pattern - Get patterned pathname.
397 *
398 * @filename: The filename to find patterned pathname.
399 *
400 * Returns pointer to pathname pattern if matched, @filename otherwise.
401 *
402 * Caller holds tomoyo_read_lock().
403 */
404 static const struct tomoyo_path_info *
405 tomoyo_get_file_pattern(const struct tomoyo_path_info *filename)
406 {
407 struct tomoyo_pattern_entry *ptr;
408 const struct tomoyo_path_info *pattern = NULL;
409
410 list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
411 if (ptr->is_deleted)
412 continue;
413 if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
414 continue;
415 pattern = ptr->pattern;
416 if (tomoyo_strendswith(pattern->name, "/\\*")) {
417 /* Do nothing. Try to find the better match. */
418 } else {
419 /* This would be the better match. Use this. */
420 break;
421 }
422 }
423 if (pattern)
424 filename = pattern;
425 return filename;
426 }
427
428 /**
429 * tomoyo_write_pattern_policy - Write "struct tomoyo_pattern_entry" list.
430 *
431 * @data: String to parse.
432 * @is_delete: True if it is a delete request.
433 *
434 * Returns 0 on success, negative value otherwise.
435 *
436 * Caller holds tomoyo_read_lock().
437 */
438 int tomoyo_write_pattern_policy(char *data, const bool is_delete)
439 {
440 return tomoyo_update_file_pattern_entry(data, is_delete);
441 }
442
443 /**
444 * tomoyo_read_file_pattern - Read "struct tomoyo_pattern_entry" list.
445 *
446 * @head: Pointer to "struct tomoyo_io_buffer".
447 *
448 * Returns true on success, false otherwise.
449 *
450 * Caller holds tomoyo_read_lock().
451 */
452 bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
453 {
454 struct list_head *pos;
455 bool done = true;
456
457 list_for_each_cookie(pos, head->read_var2, &tomoyo_pattern_list) {
458 struct tomoyo_pattern_entry *ptr;
459 ptr = list_entry(pos, struct tomoyo_pattern_entry, list);
460 if (ptr->is_deleted)
461 continue;
462 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_FILE_PATTERN
463 "%s\n", ptr->pattern->name);
464 if (!done)
465 break;
466 }
467 return done;
468 }
469
470 /*
471 * tomoyo_no_rewrite_list is used for holding list of pathnames which are by
472 * default forbidden to modify already written content of a file.
473 *
474 * An entry is added by
475 *
476 * # echo 'deny_rewrite /var/log/messages' > \
477 * /sys/kernel/security/tomoyo/exception_policy
478 *
479 * and is deleted by
480 *
481 * # echo 'delete deny_rewrite /var/log/messages' > \
482 * /sys/kernel/security/tomoyo/exception_policy
483 *
484 * and all entries are retrieved by
485 *
486 * # grep ^deny_rewrite /sys/kernel/security/tomoyo/exception_policy
487 *
488 * In the example above, if a process requested to rewrite /var/log/messages ,
489 * the process can't rewrite unless the domain which that process belongs to
490 * has "allow_rewrite /var/log/messages" entry.
491 *
492 * It is not a desirable behavior that we have to add "\040(deleted)" suffix
493 * when we want to allow rewriting already unlink()ed file. As of now,
494 * LSM version of TOMOYO is using __d_path() for calculating pathname.
495 * Non LSM version of TOMOYO is using its own function which doesn't append
496 * " (deleted)" suffix if the file is already unlink()ed; so that we don't
497 * need to worry whether the file is already unlink()ed or not.
498 */
499 static LIST_HEAD(tomoyo_no_rewrite_list);
500
501 /**
502 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.
503 *
504 * @pattern: Pathname pattern that are not rewritable by default.
505 * @is_delete: True if it is a delete request.
506 *
507 * Returns 0 on success, negative value otherwise.
508 *
509 * Caller holds tomoyo_read_lock().
510 */
511 static int tomoyo_update_no_rewrite_entry(const char *pattern,
512 const bool is_delete)
513 {
514 struct tomoyo_no_rewrite_entry *entry = NULL;
515 struct tomoyo_no_rewrite_entry *ptr;
516 const struct tomoyo_path_info *saved_pattern;
517 int error = is_delete ? -ENOENT : -ENOMEM;
518
519 if (!tomoyo_is_correct_path(pattern, 0, 0, 0, __func__))
520 return -EINVAL;
521 saved_pattern = tomoyo_save_name(pattern);
522 if (!saved_pattern)
523 return error;
524 if (!is_delete)
525 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
526 mutex_lock(&tomoyo_policy_lock);
527 list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
528 if (ptr->pattern != saved_pattern)
529 continue;
530 ptr->is_deleted = is_delete;
531 error = 0;
532 break;
533 }
534 if (!is_delete && error && tomoyo_memory_ok(entry)) {
535 entry->pattern = saved_pattern;
536 list_add_tail_rcu(&entry->list, &tomoyo_no_rewrite_list);
537 entry = NULL;
538 error = 0;
539 }
540 mutex_unlock(&tomoyo_policy_lock);
541 kfree(entry);
542 return error;
543 }
544
545 /**
546 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
547 *
548 * @filename: Filename to check.
549 *
550 * Returns true if @filename is specified by "deny_rewrite" directive,
551 * false otherwise.
552 *
553 * Caller holds tomoyo_read_lock().
554 */
555 static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info *filename)
556 {
557 struct tomoyo_no_rewrite_entry *ptr;
558 bool found = false;
559
560 list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
561 if (ptr->is_deleted)
562 continue;
563 if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
564 continue;
565 found = true;
566 break;
567 }
568 return found;
569 }
570
571 /**
572 * tomoyo_write_no_rewrite_policy - Write "struct tomoyo_no_rewrite_entry" list.
573 *
574 * @data: String to parse.
575 * @is_delete: True if it is a delete request.
576 *
577 * Returns 0 on success, negative value otherwise.
578 *
579 * Caller holds tomoyo_read_lock().
580 */
581 int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete)
582 {
583 return tomoyo_update_no_rewrite_entry(data, is_delete);
584 }
585
586 /**
587 * tomoyo_read_no_rewrite_policy - Read "struct tomoyo_no_rewrite_entry" list.
588 *
589 * @head: Pointer to "struct tomoyo_io_buffer".
590 *
591 * Returns true on success, false otherwise.
592 *
593 * Caller holds tomoyo_read_lock().
594 */
595 bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
596 {
597 struct list_head *pos;
598 bool done = true;
599
600 list_for_each_cookie(pos, head->read_var2, &tomoyo_no_rewrite_list) {
601 struct tomoyo_no_rewrite_entry *ptr;
602 ptr = list_entry(pos, struct tomoyo_no_rewrite_entry, list);
603 if (ptr->is_deleted)
604 continue;
605 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_DENY_REWRITE
606 "%s\n", ptr->pattern->name);
607 if (!done)
608 break;
609 }
610 return done;
611 }
612
613 /**
614 * tomoyo_update_file_acl - Update file's read/write/execute ACL.
615 *
616 * @filename: Filename.
617 * @perm: Permission (between 1 to 7).
618 * @domain: Pointer to "struct tomoyo_domain_info".
619 * @is_delete: True if it is a delete request.
620 *
621 * Returns 0 on success, negative value otherwise.
622 *
623 * This is legacy support interface for older policy syntax.
624 * Current policy syntax uses "allow_read/write" instead of "6",
625 * "allow_read" instead of "4", "allow_write" instead of "2",
626 * "allow_execute" instead of "1".
627 *
628 * Caller holds tomoyo_read_lock().
629 */
630 static int tomoyo_update_file_acl(const char *filename, u8 perm,
631 struct tomoyo_domain_info * const domain,
632 const bool is_delete)
633 {
634 if (perm > 7 || !perm) {
635 printk(KERN_DEBUG "%s: Invalid permission '%d %s'\n",
636 __func__, perm, filename);
637 return -EINVAL;
638 }
639 if (filename[0] != '@' && tomoyo_strendswith(filename, "/"))
640 /*
641 * Only 'allow_mkdir' and 'allow_rmdir' are valid for
642 * directory permissions.
643 */
644 return 0;
645 if (perm & 4)
646 tomoyo_update_single_path_acl(TOMOYO_TYPE_READ_ACL, filename,
647 domain, is_delete);
648 if (perm & 2)
649 tomoyo_update_single_path_acl(TOMOYO_TYPE_WRITE_ACL, filename,
650 domain, is_delete);
651 if (perm & 1)
652 tomoyo_update_single_path_acl(TOMOYO_TYPE_EXECUTE_ACL,
653 filename, domain, is_delete);
654 return 0;
655 }
656
657 /**
658 * tomoyo_check_single_path_acl2 - Check permission for single path operation.
659 *
660 * @domain: Pointer to "struct tomoyo_domain_info".
661 * @filename: Filename to check.
662 * @perm: Permission.
663 * @may_use_pattern: True if patterned ACL is permitted.
664 *
665 * Returns 0 on success, -EPERM otherwise.
666 *
667 * Caller holds tomoyo_read_lock().
668 */
669 static int tomoyo_check_single_path_acl2(const struct tomoyo_domain_info *
670 domain,
671 const struct tomoyo_path_info *
672 filename,
673 const u32 perm,
674 const bool may_use_pattern)
675 {
676 struct tomoyo_acl_info *ptr;
677 int error = -EPERM;
678
679 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
680 struct tomoyo_single_path_acl_record *acl;
681 if (ptr->type != TOMOYO_TYPE_SINGLE_PATH_ACL)
682 continue;
683 acl = container_of(ptr, struct tomoyo_single_path_acl_record,
684 head);
685 if (perm <= 0xFFFF) {
686 if (!(acl->perm & perm))
687 continue;
688 } else {
689 if (!(acl->perm_high & (perm >> 16)))
690 continue;
691 }
692 if (may_use_pattern || !acl->filename->is_patterned) {
693 if (!tomoyo_path_matches_pattern(filename,
694 acl->filename))
695 continue;
696 } else {
697 continue;
698 }
699 error = 0;
700 break;
701 }
702 return error;
703 }
704
705 /**
706 * tomoyo_check_file_acl - Check permission for opening files.
707 *
708 * @domain: Pointer to "struct tomoyo_domain_info".
709 * @filename: Filename to check.
710 * @operation: Mode ("read" or "write" or "read/write" or "execute").
711 *
712 * Returns 0 on success, -EPERM otherwise.
713 *
714 * Caller holds tomoyo_read_lock().
715 */
716 static int tomoyo_check_file_acl(const struct tomoyo_domain_info *domain,
717 const struct tomoyo_path_info *filename,
718 const u8 operation)
719 {
720 u32 perm = 0;
721
722 if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE))
723 return 0;
724 if (operation == 6)
725 perm = 1 << TOMOYO_TYPE_READ_WRITE_ACL;
726 else if (operation == 4)
727 perm = 1 << TOMOYO_TYPE_READ_ACL;
728 else if (operation == 2)
729 perm = 1 << TOMOYO_TYPE_WRITE_ACL;
730 else if (operation == 1)
731 perm = 1 << TOMOYO_TYPE_EXECUTE_ACL;
732 else
733 BUG();
734 return tomoyo_check_single_path_acl2(domain, filename, perm,
735 operation != 1);
736 }
737
738 /**
739 * tomoyo_check_file_perm2 - Check permission for opening files.
740 *
741 * @domain: Pointer to "struct tomoyo_domain_info".
742 * @filename: Filename to check.
743 * @perm: Mode ("read" or "write" or "read/write" or "execute").
744 * @operation: Operation name passed used for verbose mode.
745 * @mode: Access control mode.
746 *
747 * Returns 0 on success, negative value otherwise.
748 *
749 * Caller holds tomoyo_read_lock().
750 */
751 static int tomoyo_check_file_perm2(struct tomoyo_domain_info * const domain,
752 const struct tomoyo_path_info *filename,
753 const u8 perm, const char *operation,
754 const u8 mode)
755 {
756 const bool is_enforce = (mode == 3);
757 const char *msg = "<unknown>";
758 int error = 0;
759
760 if (!filename)
761 return 0;
762 error = tomoyo_check_file_acl(domain, filename, perm);
763 if (error && perm == 4 && !domain->ignore_global_allow_read
764 && tomoyo_is_globally_readable_file(filename))
765 error = 0;
766 if (perm == 6)
767 msg = tomoyo_sp2keyword(TOMOYO_TYPE_READ_WRITE_ACL);
768 else if (perm == 4)
769 msg = tomoyo_sp2keyword(TOMOYO_TYPE_READ_ACL);
770 else if (perm == 2)
771 msg = tomoyo_sp2keyword(TOMOYO_TYPE_WRITE_ACL);
772 else if (perm == 1)
773 msg = tomoyo_sp2keyword(TOMOYO_TYPE_EXECUTE_ACL);
774 else
775 BUG();
776 if (!error)
777 return 0;
778 if (tomoyo_verbose_mode(domain))
779 printk(KERN_WARNING "TOMOYO-%s: Access '%s(%s) %s' denied "
780 "for %s\n", tomoyo_get_msg(is_enforce), msg, operation,
781 filename->name, tomoyo_get_last_name(domain));
782 if (is_enforce)
783 return error;
784 if (mode == 1 && tomoyo_domain_quota_is_ok(domain)) {
785 /* Don't use patterns for execute permission. */
786 const struct tomoyo_path_info *patterned_file = (perm != 1) ?
787 tomoyo_get_file_pattern(filename) : filename;
788 tomoyo_update_file_acl(patterned_file->name, perm,
789 domain, false);
790 }
791 return 0;
792 }
793
794 /**
795 * tomoyo_write_file_policy - Update file related list.
796 *
797 * @data: String to parse.
798 * @domain: Pointer to "struct tomoyo_domain_info".
799 * @is_delete: True if it is a delete request.
800 *
801 * Returns 0 on success, negative value otherwise.
802 *
803 * Caller holds tomoyo_read_lock().
804 */
805 int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain,
806 const bool is_delete)
807 {
808 char *filename = strchr(data, ' ');
809 char *filename2;
810 unsigned int perm;
811 u8 type;
812
813 if (!filename)
814 return -EINVAL;
815 *filename++ = '\0';
816 if (sscanf(data, "%u", &perm) == 1)
817 return tomoyo_update_file_acl(filename, (u8) perm, domain,
818 is_delete);
819 if (strncmp(data, "allow_", 6))
820 goto out;
821 data += 6;
822 for (type = 0; type < TOMOYO_MAX_SINGLE_PATH_OPERATION; type++) {
823 if (strcmp(data, tomoyo_sp_keyword[type]))
824 continue;
825 return tomoyo_update_single_path_acl(type, filename,
826 domain, is_delete);
827 }
828 filename2 = strchr(filename, ' ');
829 if (!filename2)
830 goto out;
831 *filename2++ = '\0';
832 for (type = 0; type < TOMOYO_MAX_DOUBLE_PATH_OPERATION; type++) {
833 if (strcmp(data, tomoyo_dp_keyword[type]))
834 continue;
835 return tomoyo_update_double_path_acl(type, filename, filename2,
836 domain, is_delete);
837 }
838 out:
839 return -EINVAL;
840 }
841
842 /**
843 * tomoyo_update_single_path_acl - Update "struct tomoyo_single_path_acl_record" list.
844 *
845 * @type: Type of operation.
846 * @filename: Filename.
847 * @domain: Pointer to "struct tomoyo_domain_info".
848 * @is_delete: True if it is a delete request.
849 *
850 * Returns 0 on success, negative value otherwise.
851 *
852 * Caller holds tomoyo_read_lock().
853 */
854 static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
855 struct tomoyo_domain_info *
856 const domain, const bool is_delete)
857 {
858 static const u32 rw_mask =
859 (1 << TOMOYO_TYPE_READ_ACL) | (1 << TOMOYO_TYPE_WRITE_ACL);
860 const struct tomoyo_path_info *saved_filename;
861 struct tomoyo_acl_info *ptr;
862 struct tomoyo_single_path_acl_record *entry = NULL;
863 int error = is_delete ? -ENOENT : -ENOMEM;
864 const u32 perm = 1 << type;
865
866 if (!domain)
867 return -EINVAL;
868 if (!tomoyo_is_correct_path(filename, 0, 0, 0, __func__))
869 return -EINVAL;
870 saved_filename = tomoyo_save_name(filename);
871 if (!saved_filename)
872 return -ENOMEM;
873 if (!is_delete)
874 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
875 mutex_lock(&tomoyo_policy_lock);
876 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
877 struct tomoyo_single_path_acl_record *acl =
878 container_of(ptr, struct tomoyo_single_path_acl_record,
879 head);
880 if (ptr->type != TOMOYO_TYPE_SINGLE_PATH_ACL)
881 continue;
882 if (acl->filename != saved_filename)
883 continue;
884 if (is_delete) {
885 if (perm <= 0xFFFF)
886 acl->perm &= ~perm;
887 else
888 acl->perm_high &= ~(perm >> 16);
889 if ((acl->perm & rw_mask) != rw_mask)
890 acl->perm &= ~(1 << TOMOYO_TYPE_READ_WRITE_ACL);
891 else if (!(acl->perm &
892 (1 << TOMOYO_TYPE_READ_WRITE_ACL)))
893 acl->perm &= ~rw_mask;
894 } else {
895 if (perm <= 0xFFFF)
896 acl->perm |= perm;
897 else
898 acl->perm_high |= (perm >> 16);
899 if ((acl->perm & rw_mask) == rw_mask)
900 acl->perm |= 1 << TOMOYO_TYPE_READ_WRITE_ACL;
901 else if (acl->perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL))
902 acl->perm |= rw_mask;
903 }
904 error = 0;
905 break;
906 }
907 if (!is_delete && error && tomoyo_memory_ok(entry)) {
908 entry->head.type = TOMOYO_TYPE_SINGLE_PATH_ACL;
909 if (perm <= 0xFFFF)
910 entry->perm = perm;
911 else
912 entry->perm_high = (perm >> 16);
913 if (perm == (1 << TOMOYO_TYPE_READ_WRITE_ACL))
914 entry->perm |= rw_mask;
915 entry->filename = saved_filename;
916 list_add_tail_rcu(&entry->head.list, &domain->acl_info_list);
917 entry = NULL;
918 error = 0;
919 }
920 mutex_unlock(&tomoyo_policy_lock);
921 kfree(entry);
922 return error;
923 }
924
925 /**
926 * tomoyo_update_double_path_acl - Update "struct tomoyo_double_path_acl_record" list.
927 *
928 * @type: Type of operation.
929 * @filename1: First filename.
930 * @filename2: Second filename.
931 * @domain: Pointer to "struct tomoyo_domain_info".
932 * @is_delete: True if it is a delete request.
933 *
934 * Returns 0 on success, negative value otherwise.
935 *
936 * Caller holds tomoyo_read_lock().
937 */
938 static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
939 const char *filename2,
940 struct tomoyo_domain_info *
941 const domain, const bool is_delete)
942 {
943 const struct tomoyo_path_info *saved_filename1;
944 const struct tomoyo_path_info *saved_filename2;
945 struct tomoyo_acl_info *ptr;
946 struct tomoyo_double_path_acl_record *entry = NULL;
947 int error = is_delete ? -ENOENT : -ENOMEM;
948 const u8 perm = 1 << type;
949
950 if (!domain)
951 return -EINVAL;
952 if (!tomoyo_is_correct_path(filename1, 0, 0, 0, __func__) ||
953 !tomoyo_is_correct_path(filename2, 0, 0, 0, __func__))
954 return -EINVAL;
955 saved_filename1 = tomoyo_save_name(filename1);
956 saved_filename2 = tomoyo_save_name(filename2);
957 if (!saved_filename1 || !saved_filename2)
958 goto out;
959 if (!is_delete)
960 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
961 mutex_lock(&tomoyo_policy_lock);
962 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
963 struct tomoyo_double_path_acl_record *acl =
964 container_of(ptr, struct tomoyo_double_path_acl_record,
965 head);
966 if (ptr->type != TOMOYO_TYPE_DOUBLE_PATH_ACL)
967 continue;
968 if (acl->filename1 != saved_filename1 ||
969 acl->filename2 != saved_filename2)
970 continue;
971 if (is_delete)
972 acl->perm &= ~perm;
973 else
974 acl->perm |= perm;
975 error = 0;
976 break;
977 }
978 if (!is_delete && error && tomoyo_memory_ok(entry)) {
979 entry->head.type = TOMOYO_TYPE_DOUBLE_PATH_ACL;
980 entry->perm = perm;
981 entry->filename1 = saved_filename1;
982 entry->filename2 = saved_filename2;
983 list_add_tail_rcu(&entry->head.list, &domain->acl_info_list);
984 entry = NULL;
985 error = 0;
986 }
987 mutex_unlock(&tomoyo_policy_lock);
988 out:
989 kfree(entry);
990 return error;
991 }
992
993 /**
994 * tomoyo_check_single_path_acl - Check permission for single path operation.
995 *
996 * @domain: Pointer to "struct tomoyo_domain_info".
997 * @type: Type of operation.
998 * @filename: Filename to check.
999 *
1000 * Returns 0 on success, negative value otherwise.
1001 *
1002 * Caller holds tomoyo_read_lock().
1003 */
1004 static int tomoyo_check_single_path_acl(struct tomoyo_domain_info *domain,
1005 const u8 type,
1006 const struct tomoyo_path_info *filename)
1007 {
1008 if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE))
1009 return 0;
1010 return tomoyo_check_single_path_acl2(domain, filename, 1 << type, 1);
1011 }
1012
1013 /**
1014 * tomoyo_check_double_path_acl - Check permission for double path operation.
1015 *
1016 * @domain: Pointer to "struct tomoyo_domain_info".
1017 * @type: Type of operation.
1018 * @filename1: First filename to check.
1019 * @filename2: Second filename to check.
1020 *
1021 * Returns 0 on success, -EPERM otherwise.
1022 *
1023 * Caller holds tomoyo_read_lock().
1024 */
1025 static int tomoyo_check_double_path_acl(const struct tomoyo_domain_info *domain,
1026 const u8 type,
1027 const struct tomoyo_path_info *
1028 filename1,
1029 const struct tomoyo_path_info *
1030 filename2)
1031 {
1032 struct tomoyo_acl_info *ptr;
1033 const u8 perm = 1 << type;
1034 int error = -EPERM;
1035
1036 if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE))
1037 return 0;
1038 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
1039 struct tomoyo_double_path_acl_record *acl;
1040 if (ptr->type != TOMOYO_TYPE_DOUBLE_PATH_ACL)
1041 continue;
1042 acl = container_of(ptr, struct tomoyo_double_path_acl_record,
1043 head);
1044 if (!(acl->perm & perm))
1045 continue;
1046 if (!tomoyo_path_matches_pattern(filename1, acl->filename1))
1047 continue;
1048 if (!tomoyo_path_matches_pattern(filename2, acl->filename2))
1049 continue;
1050 error = 0;
1051 break;
1052 }
1053 return error;
1054 }
1055
1056 /**
1057 * tomoyo_check_single_path_permission2 - Check permission for single path operation.
1058 *
1059 * @domain: Pointer to "struct tomoyo_domain_info".
1060 * @operation: Type of operation.
1061 * @filename: Filename to check.
1062 * @mode: Access control mode.
1063 *
1064 * Returns 0 on success, negative value otherwise.
1065 *
1066 * Caller holds tomoyo_read_lock().
1067 */
1068 static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info *
1069 const domain, u8 operation,
1070 const struct tomoyo_path_info *
1071 filename, const u8 mode)
1072 {
1073 const char *msg;
1074 int error;
1075 const bool is_enforce = (mode == 3);
1076
1077 if (!mode)
1078 return 0;
1079 next:
1080 error = tomoyo_check_single_path_acl(domain, operation, filename);
1081 msg = tomoyo_sp2keyword(operation);
1082 if (!error)
1083 goto ok;
1084 if (tomoyo_verbose_mode(domain))
1085 printk(KERN_WARNING "TOMOYO-%s: Access '%s %s' denied for %s\n",
1086 tomoyo_get_msg(is_enforce), msg, filename->name,
1087 tomoyo_get_last_name(domain));
1088 if (mode == 1 && tomoyo_domain_quota_is_ok(domain)) {
1089 const char *name = tomoyo_get_file_pattern(filename)->name;
1090 tomoyo_update_single_path_acl(operation, name, domain, false);
1091 }
1092 if (!is_enforce)
1093 error = 0;
1094 ok:
1095 /*
1096 * Since "allow_truncate" doesn't imply "allow_rewrite" permission,
1097 * we need to check "allow_rewrite" permission if the filename is
1098 * specified by "deny_rewrite" keyword.
1099 */
1100 if (!error && operation == TOMOYO_TYPE_TRUNCATE_ACL &&
1101 tomoyo_is_no_rewrite_file(filename)) {
1102 operation = TOMOYO_TYPE_REWRITE_ACL;
1103 goto next;
1104 }
1105 return error;
1106 }
1107
1108 /**
1109 * tomoyo_check_exec_perm - Check permission for "execute".
1110 *
1111 * @domain: Pointer to "struct tomoyo_domain_info".
1112 * @filename: Check permission for "execute".
1113 *
1114 * Returns 0 on success, negativevalue otherwise.
1115 *
1116 * Caller holds tomoyo_read_lock().
1117 */
1118 int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
1119 const struct tomoyo_path_info *filename)
1120 {
1121 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1122
1123 if (!mode)
1124 return 0;
1125 return tomoyo_check_file_perm2(domain, filename, 1, "do_execve", mode);
1126 }
1127
1128 /**
1129 * tomoyo_check_open_permission - Check permission for "read" and "write".
1130 *
1131 * @domain: Pointer to "struct tomoyo_domain_info".
1132 * @path: Pointer to "struct path".
1133 * @flag: Flags for open().
1134 *
1135 * Returns 0 on success, negative value otherwise.
1136 */
1137 int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
1138 struct path *path, const int flag)
1139 {
1140 const u8 acc_mode = ACC_MODE(flag);
1141 int error = -ENOMEM;
1142 struct tomoyo_path_info *buf;
1143 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1144 const bool is_enforce = (mode == 3);
1145 int idx;
1146
1147 if (!mode || !path->mnt)
1148 return 0;
1149 if (acc_mode == 0)
1150 return 0;
1151 if (path->dentry->d_inode && S_ISDIR(path->dentry->d_inode->i_mode))
1152 /*
1153 * I don't check directories here because mkdir() and rmdir()
1154 * don't call me.
1155 */
1156 return 0;
1157 idx = tomoyo_read_lock();
1158 buf = tomoyo_get_path(path);
1159 if (!buf)
1160 goto out;
1161 error = 0;
1162 /*
1163 * If the filename is specified by "deny_rewrite" keyword,
1164 * we need to check "allow_rewrite" permission when the filename is not
1165 * opened for append mode or the filename is truncated at open time.
1166 */
1167 if ((acc_mode & MAY_WRITE) &&
1168 ((flag & O_TRUNC) || !(flag & O_APPEND)) &&
1169 (tomoyo_is_no_rewrite_file(buf))) {
1170 error = tomoyo_check_single_path_permission2(domain,
1171 TOMOYO_TYPE_REWRITE_ACL,
1172 buf, mode);
1173 }
1174 if (!error)
1175 error = tomoyo_check_file_perm2(domain, buf, acc_mode, "open",
1176 mode);
1177 if (!error && (flag & O_TRUNC))
1178 error = tomoyo_check_single_path_permission2(domain,
1179 TOMOYO_TYPE_TRUNCATE_ACL,
1180 buf, mode);
1181 out:
1182 kfree(buf);
1183 tomoyo_read_unlock(idx);
1184 if (!is_enforce)
1185 error = 0;
1186 return error;
1187 }
1188
1189 /**
1190 * tomoyo_check_1path_perm - Check permission for "create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock", "mkblock", "mkchar", "truncate", "symlink", "ioctl", "chmod", "chown", "chgrp", "chroot", "mount" and "unmount".
1191 *
1192 * @domain: Pointer to "struct tomoyo_domain_info".
1193 * @operation: Type of operation.
1194 * @path: Pointer to "struct path".
1195 *
1196 * Returns 0 on success, negative value otherwise.
1197 */
1198 int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
1199 const u8 operation, struct path *path)
1200 {
1201 int error = -ENOMEM;
1202 struct tomoyo_path_info *buf;
1203 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1204 const bool is_enforce = (mode == 3);
1205 int idx;
1206
1207 if (!mode || !path->mnt)
1208 return 0;
1209 idx = tomoyo_read_lock();
1210 buf = tomoyo_get_path(path);
1211 if (!buf)
1212 goto out;
1213 switch (operation) {
1214 case TOMOYO_TYPE_MKDIR_ACL:
1215 case TOMOYO_TYPE_RMDIR_ACL:
1216 case TOMOYO_TYPE_CHROOT_ACL:
1217 if (!buf->is_dir) {
1218 /*
1219 * tomoyo_get_path() reserves space for appending "/."
1220 */
1221 strcat((char *) buf->name, "/");
1222 tomoyo_fill_path_info(buf);
1223 }
1224 }
1225 error = tomoyo_check_single_path_permission2(domain, operation, buf,
1226 mode);
1227 out:
1228 kfree(buf);
1229 tomoyo_read_unlock(idx);
1230 if (!is_enforce)
1231 error = 0;
1232 return error;
1233 }
1234
1235 /**
1236 * tomoyo_check_rewrite_permission - Check permission for "rewrite".
1237 *
1238 * @domain: Pointer to "struct tomoyo_domain_info".
1239 * @filp: Pointer to "struct file".
1240 *
1241 * Returns 0 on success, negative value otherwise.
1242 */
1243 int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
1244 struct file *filp)
1245 {
1246 int error = -ENOMEM;
1247 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1248 const bool is_enforce = (mode == 3);
1249 struct tomoyo_path_info *buf;
1250 int idx;
1251
1252 if (!mode || !filp->f_path.mnt)
1253 return 0;
1254
1255 idx = tomoyo_read_lock();
1256 buf = tomoyo_get_path(&filp->f_path);
1257 if (!buf)
1258 goto out;
1259 if (!tomoyo_is_no_rewrite_file(buf)) {
1260 error = 0;
1261 goto out;
1262 }
1263 error = tomoyo_check_single_path_permission2(domain,
1264 TOMOYO_TYPE_REWRITE_ACL,
1265 buf, mode);
1266 out:
1267 kfree(buf);
1268 tomoyo_read_unlock(idx);
1269 if (!is_enforce)
1270 error = 0;
1271 return error;
1272 }
1273
1274 /**
1275 * tomoyo_check_2path_perm - Check permission for "rename", "link" and "pivot_root".
1276 *
1277 * @domain: Pointer to "struct tomoyo_domain_info".
1278 * @operation: Type of operation.
1279 * @path1: Pointer to "struct path".
1280 * @path2: Pointer to "struct path".
1281 *
1282 * Returns 0 on success, negative value otherwise.
1283 */
1284 int tomoyo_check_2path_perm(struct tomoyo_domain_info * const domain,
1285 const u8 operation, struct path *path1,
1286 struct path *path2)
1287 {
1288 int error = -ENOMEM;
1289 struct tomoyo_path_info *buf1, *buf2;
1290 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1291 const bool is_enforce = (mode == 3);
1292 const char *msg;
1293 int idx;
1294
1295 if (!mode || !path1->mnt || !path2->mnt)
1296 return 0;
1297 idx = tomoyo_read_lock();
1298 buf1 = tomoyo_get_path(path1);
1299 buf2 = tomoyo_get_path(path2);
1300 if (!buf1 || !buf2)
1301 goto out;
1302 {
1303 struct dentry *dentry = path1->dentry;
1304 if (dentry->d_inode && S_ISDIR(dentry->d_inode->i_mode)) {
1305 /*
1306 * tomoyo_get_path() reserves space for appending "/."
1307 */
1308 if (!buf1->is_dir) {
1309 strcat((char *) buf1->name, "/");
1310 tomoyo_fill_path_info(buf1);
1311 }
1312 if (!buf2->is_dir) {
1313 strcat((char *) buf2->name, "/");
1314 tomoyo_fill_path_info(buf2);
1315 }
1316 }
1317 }
1318 error = tomoyo_check_double_path_acl(domain, operation, buf1, buf2);
1319 msg = tomoyo_dp2keyword(operation);
1320 if (!error)
1321 goto out;
1322 if (tomoyo_verbose_mode(domain))
1323 printk(KERN_WARNING "TOMOYO-%s: Access '%s %s %s' "
1324 "denied for %s\n", tomoyo_get_msg(is_enforce),
1325 msg, buf1->name, buf2->name,
1326 tomoyo_get_last_name(domain));
1327 if (mode == 1 && tomoyo_domain_quota_is_ok(domain)) {
1328 const char *name1 = tomoyo_get_file_pattern(buf1)->name;
1329 const char *name2 = tomoyo_get_file_pattern(buf2)->name;
1330 tomoyo_update_double_path_acl(operation, name1, name2, domain,
1331 false);
1332 }
1333 out:
1334 kfree(buf1);
1335 kfree(buf2);
1336 tomoyo_read_unlock(idx);
1337 if (!is_enforce)
1338 error = 0;
1339 return error;
1340 }
Linux 2.6 libata-dev (mirror)