readlinkat: ensure we return ENOENT for the empty pathname for normal lookups
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / security / tomoyo / load_policy.c
blob67975405140f4413010830bc737746815e2b1914
1 /*
2 * security/tomoyo/load_policy.c
4 * Copyright (C) 2005-2011 NTT DATA CORPORATION
5 */
7 #include "common.h"
9 #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
12 * Path to the policy loader. (default = CONFIG_SECURITY_TOMOYO_POLICY_LOADER)
14 static const char *tomoyo_loader;
16 /**
17 * tomoyo_loader_setup - Set policy loader.
19 * @str: Program to use as a policy loader (e.g. /sbin/tomoyo-init ).
21 * Returns 0.
23 static int __init tomoyo_loader_setup(char *str)
25 tomoyo_loader = str;
26 return 0;
29 __setup("TOMOYO_loader=", tomoyo_loader_setup);
31 /**
32 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
34 * Returns true if /sbin/tomoyo-init exists, false otherwise.
36 static bool tomoyo_policy_loader_exists(void)
38 struct path path;
39 if (!tomoyo_loader)
40 tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER;
41 if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
42 printk(KERN_INFO "Not activating Mandatory Access Control "
43 "as %s does not exist.\n", tomoyo_loader);
44 return false;
46 path_put(&path);
47 return true;
51 * Path to the trigger. (default = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER)
53 static const char *tomoyo_trigger;
55 /**
56 * tomoyo_trigger_setup - Set trigger for activation.
58 * @str: Program to use as an activation trigger (e.g. /sbin/init ).
60 * Returns 0.
62 static int __init tomoyo_trigger_setup(char *str)
64 tomoyo_trigger = str;
65 return 0;
68 __setup("TOMOYO_trigger=", tomoyo_trigger_setup);
70 /**
71 * tomoyo_load_policy - Run external policy loader to load policy.
73 * @filename: The program about to start.
75 * This function checks whether @filename is /sbin/init , and if so
76 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
77 * and then continues invocation of /sbin/init.
78 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
79 * writes to /sys/kernel/security/tomoyo/ interfaces.
81 * Returns nothing.
83 void tomoyo_load_policy(const char *filename)
85 static bool done;
86 char *argv[2];
87 char *envp[3];
89 if (tomoyo_policy_loaded || done)
90 return;
91 if (!tomoyo_trigger)
92 tomoyo_trigger = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER;
93 if (strcmp(filename, tomoyo_trigger))
94 return;
95 if (!tomoyo_policy_loader_exists())
96 return;
97 done = true;
98 printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
99 tomoyo_loader);
100 argv[0] = (char *) tomoyo_loader;
101 argv[1] = NULL;
102 envp[0] = "HOME=/";
103 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
104 envp[2] = NULL;
105 call_usermodehelper(argv[0], argv, envp, 1);
106 tomoyo_check_profile();
109 #endif