search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
blkdev: cgroup whitelist permission fix
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / security / tomoyo / common.c
blob975c45d88baad581d77dbc88be9048854c44ad83
1 /*
2 * security/tomoyo/common.c
3 *
4 * Common functions for TOMOYO.
5 *
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
7 *
8 * Version: 2.2.0 2009/04/01
9 *
10 */
11
12 #include <linux/uaccess.h>
13 #include <linux/slab.h>
14 #include <linux/security.h>
15 #include <linux/hardirq.h>
16 #include "common.h"
17
18 /* Lock for protecting policy. */
19 DEFINE_MUTEX(tomoyo_policy_lock);
20
21 /* Has loading policy done? */
22 bool tomoyo_policy_loaded;
23
24 /* String table for functionality that takes 4 modes. */
25 static const char *tomoyo_mode_4[4] = {
26 "disabled", "learning", "permissive", "enforcing"
27 };
28 /* String table for functionality that takes 2 modes. */
29 static const char *tomoyo_mode_2[4] = {
30 "disabled", "enabled", "enabled", "enabled"
31 };
32
33 /*
34 * tomoyo_control_array is a static data which contains
35 *
36 * (1) functionality name used by /sys/kernel/security/tomoyo/profile .
37 * (2) initial values for "struct tomoyo_profile".
38 * (3) max values for "struct tomoyo_profile".
39 */
40 static struct {
41 const char *keyword;
42 unsigned int current_value;
43 const unsigned int max_value;
44 } tomoyo_control_array[TOMOYO_MAX_CONTROL_INDEX] = {
45 [TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 },
46 [TOMOYO_MAX_ACCEPT_ENTRY] = { "MAX_ACCEPT_ENTRY", 2048, INT_MAX },
47 [TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 },
48 };
49
50 /*
51 * tomoyo_profile is a structure which is used for holding the mode of access
52 * controls. TOMOYO has 4 modes: disabled, learning, permissive, enforcing.
53 * An administrator can define up to 256 profiles.
54 * The ->profile of "struct tomoyo_domain_info" is used for remembering
55 * the profile's number (0 - 255) assigned to that domain.
56 */
57 static struct tomoyo_profile {
58 unsigned int value[TOMOYO_MAX_CONTROL_INDEX];
59 const struct tomoyo_path_info *comment;
60 } *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES];
61
62 /* Permit policy management by non-root user? */
63 static bool tomoyo_manage_by_non_root;
64
65 /* Utility functions. */
66
67 /* Open operation for /sys/kernel/security/tomoyo/ interface. */
68 static int tomoyo_open_control(const u8 type, struct file *file);
69 /* Close /sys/kernel/security/tomoyo/ interface. */
70 static int tomoyo_close_control(struct file *file);
71 /* Read operation for /sys/kernel/security/tomoyo/ interface. */
72 static int tomoyo_read_control(struct file *file, char __user *buffer,
73 const int buffer_len);
74 /* Write operation for /sys/kernel/security/tomoyo/ interface. */
75 static int tomoyo_write_control(struct file *file, const char __user *buffer,
76 const int buffer_len);
77
78 /**
79 * tomoyo_is_byte_range - Check whether the string isa \ooo style octal value.
80 *
81 * @str: Pointer to the string.
82 *
83 * Returns true if @str is a \ooo style octal value, false otherwise.
84 *
85 * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF.
86 * This function verifies that \ooo is in valid range.
87 */
88 static inline bool tomoyo_is_byte_range(const char *str)
89 {
90 return *str >= '0' && *str++ <= '3' &&
91 *str >= '0' && *str++ <= '7' &&
92 *str >= '0' && *str <= '7';
93 }
94
95 /**
96 * tomoyo_is_alphabet_char - Check whether the character is an alphabet.
97 *
98 * @c: The character to check.
99 *
100 * Returns true if @c is an alphabet character, false otherwise.
101 */
102 static inline bool tomoyo_is_alphabet_char(const char c)
103 {
104 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z');
105 }
106
107 /**
108 * tomoyo_make_byte - Make byte value from three octal characters.
109 *
110 * @c1: The first character.
111 * @c2: The second character.
112 * @c3: The third character.
113 *
114 * Returns byte value.
115 */
116 static inline u8 tomoyo_make_byte(const u8 c1, const u8 c2, const u8 c3)
117 {
118 return ((c1 - '0') << 6) + ((c2 - '0') << 3) + (c3 - '0');
119 }
120
121 /**
122 * tomoyo_str_starts - Check whether the given string starts with the given keyword.
123 *
124 * @src: Pointer to pointer to the string.
125 * @find: Pointer to the keyword.
126 *
127 * Returns true if @src starts with @find, false otherwise.
128 *
129 * The @src is updated to point the first character after the @find
130 * if @src starts with @find.
131 */
132 static bool tomoyo_str_starts(char **src, const char *find)
133 {
134 const int len = strlen(find);
135 char *tmp = *src;
136
137 if (strncmp(tmp, find, len))
138 return false;
139 tmp += len;
140 *src = tmp;
141 return true;
142 }
143
144 /**
145 * tomoyo_normalize_line - Format string.
146 *
147 * @buffer: The line to normalize.
148 *
149 * Leading and trailing whitespaces are removed.
150 * Multiple whitespaces are packed into single space.
151 *
152 * Returns nothing.
153 */
154 static void tomoyo_normalize_line(unsigned char *buffer)
155 {
156 unsigned char *sp = buffer;
157 unsigned char *dp = buffer;
158 bool first = true;
159
160 while (tomoyo_is_invalid(*sp))
161 sp++;
162 while (*sp) {
163 if (!first)
164 *dp++ = ' ';
165 first = false;
166 while (tomoyo_is_valid(*sp))
167 *dp++ = *sp++;
168 while (tomoyo_is_invalid(*sp))
169 sp++;
170 }
171 *dp = '\0';
172 }
173
174 /**
175 * tomoyo_is_correct_path - Validate a pathname.
176 * @filename: The pathname to check.
177 * @start_type: Should the pathname start with '/'?
178 * 1 = must / -1 = must not / 0 = don't care
179 * @pattern_type: Can the pathname contain a wildcard?
180 * 1 = must / -1 = must not / 0 = don't care
181 * @end_type: Should the pathname end with '/'?
182 * 1 = must / -1 = must not / 0 = don't care
183 *
184 * Check whether the given filename follows the naming rules.
185 * Returns true if @filename follows the naming rules, false otherwise.
186 */
187 bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
188 const s8 pattern_type, const s8 end_type)
189 {
190 const char *const start = filename;
191 bool in_repetition = false;
192 bool contains_pattern = false;
193 unsigned char c;
194 unsigned char d;
195 unsigned char e;
196
197 if (!filename)
198 goto out;
199 c = *filename;
200 if (start_type == 1) { /* Must start with '/' */
201 if (c != '/')
202 goto out;
203 } else if (start_type == -1) { /* Must not start with '/' */
204 if (c == '/')
205 goto out;
206 }
207 if (c)
208 c = *(filename + strlen(filename) - 1);
209 if (end_type == 1) { /* Must end with '/' */
210 if (c != '/')
211 goto out;
212 } else if (end_type == -1) { /* Must not end with '/' */
213 if (c == '/')
214 goto out;
215 }
216 while (1) {
217 c = *filename++;
218 if (!c)
219 break;
220 if (c == '\\') {
221 c = *filename++;
222 switch (c) {
223 case '\\': /* "\\" */
224 continue;
225 case '$': /* "\$" */
226 case '+': /* "\+" */
227 case '?': /* "\?" */
228 case '*': /* "\*" */
229 case '@': /* "\@" */
230 case 'x': /* "\x" */
231 case 'X': /* "\X" */
232 case 'a': /* "\a" */
233 case 'A': /* "\A" */
234 case '-': /* "\-" */
235 if (pattern_type == -1)
236 break; /* Must not contain pattern */
237 contains_pattern = true;
238 continue;
239 case '{': /* "/\{" */
240 if (filename - 3 < start ||
241 *(filename - 3) != '/')
242 break;
243 if (pattern_type == -1)
244 break; /* Must not contain pattern */
245 contains_pattern = true;
246 in_repetition = true;
247 continue;
248 case '}': /* "\}/" */
249 if (*filename != '/')
250 break;
251 if (!in_repetition)
252 break;
253 in_repetition = false;
254 continue;
255 case '0': /* "\ooo" */
256 case '1':
257 case '2':
258 case '3':
259 d = *filename++;
260 if (d < '0' || d > '7')
261 break;
262 e = *filename++;
263 if (e < '0' || e > '7')
264 break;
265 c = tomoyo_make_byte(c, d, e);
266 if (tomoyo_is_invalid(c))
267 continue; /* pattern is not \000 */
268 }
269 goto out;
270 } else if (in_repetition && c == '/') {
271 goto out;
272 } else if (tomoyo_is_invalid(c)) {
273 goto out;
274 }
275 }
276 if (pattern_type == 1) { /* Must contain pattern */
277 if (!contains_pattern)
278 goto out;
279 }
280 if (in_repetition)
281 goto out;
282 return true;
283 out:
284 return false;
285 }
286
287 /**
288 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules.
289 * @domainname: The domainname to check.
290 *
291 * Returns true if @domainname follows the naming rules, false otherwise.
292 */
293 bool tomoyo_is_correct_domain(const unsigned char *domainname)
294 {
295 unsigned char c;
296 unsigned char d;
297 unsigned char e;
298
299 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME,
300 TOMOYO_ROOT_NAME_LEN))
301 goto out;
302 domainname += TOMOYO_ROOT_NAME_LEN;
303 if (!*domainname)
304 return true;
305 do {
306 if (*domainname++ != ' ')
307 goto out;
308 if (*domainname++ != '/')
309 goto out;
310 while ((c = *domainname) != '\0' && c != ' ') {
311 domainname++;
312 if (c == '\\') {
313 c = *domainname++;
314 switch ((c)) {
315 case '\\': /* "\\" */
316 continue;
317 case '0': /* "\ooo" */
318 case '1':
319 case '2':
320 case '3':
321 d = *domainname++;
322 if (d < '0' || d > '7')
323 break;
324 e = *domainname++;
325 if (e < '0' || e > '7')
326 break;
327 c = tomoyo_make_byte(c, d, e);
328 if (tomoyo_is_invalid(c))
329 /* pattern is not \000 */
330 continue;
331 }
332 goto out;
333 } else if (tomoyo_is_invalid(c)) {
334 goto out;
335 }
336 }
337 } while (*domainname);
338 return true;
339 out:
340 return false;
341 }
342
343 /**
344 * tomoyo_is_domain_def - Check whether the given token can be a domainname.
345 *
346 * @buffer: The token to check.
347 *
348 * Returns true if @buffer possibly be a domainname, false otherwise.
349 */
350 bool tomoyo_is_domain_def(const unsigned char *buffer)
351 {
352 return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN);
353 }
354
355 /**
356 * tomoyo_find_domain - Find a domain by the given name.
357 *
358 * @domainname: The domainname to find.
359 *
360 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise.
361 *
362 * Caller holds tomoyo_read_lock().
363 */
364 struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname)
365 {
366 struct tomoyo_domain_info *domain;
367 struct tomoyo_path_info name;
368
369 name.name = domainname;
370 tomoyo_fill_path_info(&name);
371 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
372 if (!domain->is_deleted &&
373 !tomoyo_pathcmp(&name, domain->domainname))
374 return domain;
375 }
376 return NULL;
377 }
378
379 /**
380 * tomoyo_const_part_length - Evaluate the initial length without a pattern in a token.
381 *
382 * @filename: The string to evaluate.
383 *
384 * Returns the initial length without a pattern in @filename.
385 */
386 static int tomoyo_const_part_length(const char *filename)
387 {
388 char c;
389 int len = 0;
390
391 if (!filename)
392 return 0;
393 while ((c = *filename++) != '\0') {
394 if (c != '\\') {
395 len++;
396 continue;
397 }
398 c = *filename++;
399 switch (c) {
400 case '\\': /* "\\" */
401 len += 2;
402 continue;
403 case '0': /* "\ooo" */
404 case '1':
405 case '2':
406 case '3':
407 c = *filename++;
408 if (c < '0' || c > '7')
409 break;
410 c = *filename++;
411 if (c < '0' || c > '7')
412 break;
413 len += 4;
414 continue;
415 }
416 break;
417 }
418 return len;
419 }
420
421 /**
422 * tomoyo_fill_path_info - Fill in "struct tomoyo_path_info" members.
423 *
424 * @ptr: Pointer to "struct tomoyo_path_info" to fill in.
425 *
426 * The caller sets "struct tomoyo_path_info"->name.
427 */
428 void tomoyo_fill_path_info(struct tomoyo_path_info *ptr)
429 {
430 const char *name = ptr->name;
431 const int len = strlen(name);
432
433 ptr->const_len = tomoyo_const_part_length(name);
434 ptr->is_dir = len && (name[len - 1] == '/');
435 ptr->is_patterned = (ptr->const_len < len);
436 ptr->hash = full_name_hash(name, len);
437 }
438
439 /**
440 * tomoyo_file_matches_pattern2 - Pattern matching without '/' character
441 * and "\-" pattern.
442 *
443 * @filename: The start of string to check.
444 * @filename_end: The end of string to check.
445 * @pattern: The start of pattern to compare.
446 * @pattern_end: The end of pattern to compare.
447 *
448 * Returns true if @filename matches @pattern, false otherwise.
449 */
450 static bool tomoyo_file_matches_pattern2(const char *filename,
451 const char *filename_end,
452 const char *pattern,
453 const char *pattern_end)
454 {
455 while (filename < filename_end && pattern < pattern_end) {
456 char c;
457 if (*pattern != '\\') {
458 if (*filename++ != *pattern++)
459 return false;
460 continue;
461 }
462 c = *filename;
463 pattern++;
464 switch (*pattern) {
465 int i;
466 int j;
467 case '?':
468 if (c == '/') {
469 return false;
470 } else if (c == '\\') {
471 if (filename[1] == '\\')
472 filename++;
473 else if (tomoyo_is_byte_range(filename + 1))
474 filename += 3;
475 else
476 return false;
477 }
478 break;
479 case '\\':
480 if (c != '\\')
481 return false;
482 if (*++filename != '\\')
483 return false;
484 break;
485 case '+':
486 if (!isdigit(c))
487 return false;
488 break;
489 case 'x':
490 if (!isxdigit(c))
491 return false;
492 break;
493 case 'a':
494 if (!tomoyo_is_alphabet_char(c))
495 return false;
496 break;
497 case '0':
498 case '1':
499 case '2':
500 case '3':
501 if (c == '\\' && tomoyo_is_byte_range(filename + 1)
502 && strncmp(filename + 1, pattern, 3) == 0) {
503 filename += 3;
504 pattern += 2;
505 break;
506 }
507 return false; /* Not matched. */
508 case '*':
509 case '@':
510 for (i = 0; i <= filename_end - filename; i++) {
511 if (tomoyo_file_matches_pattern2(
512 filename + i, filename_end,
513 pattern + 1, pattern_end))
514 return true;
515 c = filename[i];
516 if (c == '.' && *pattern == '@')
517 break;
518 if (c != '\\')
519 continue;
520 if (filename[i + 1] == '\\')
521 i++;
522 else if (tomoyo_is_byte_range(filename + i + 1))
523 i += 3;
524 else
525 break; /* Bad pattern. */
526 }
527 return false; /* Not matched. */
528 default:
529 j = 0;
530 c = *pattern;
531 if (c == '$') {
532 while (isdigit(filename[j]))
533 j++;
534 } else if (c == 'X') {
535 while (isxdigit(filename[j]))
536 j++;
537 } else if (c == 'A') {
538 while (tomoyo_is_alphabet_char(filename[j]))
539 j++;
540 }
541 for (i = 1; i <= j; i++) {
542 if (tomoyo_file_matches_pattern2(
543 filename + i, filename_end,
544 pattern + 1, pattern_end))
545 return true;
546 }
547 return false; /* Not matched or bad pattern. */
548 }
549 filename++;
550 pattern++;
551 }
552 while (*pattern == '\\' &&
553 (*(pattern + 1) == '*' || *(pattern + 1) == '@'))
554 pattern += 2;
555 return filename == filename_end && pattern == pattern_end;
556 }
557
558 /**
559 * tomoyo_file_matches_pattern - Pattern matching without without '/' character.
560 *
561 * @filename: The start of string to check.
562 * @filename_end: The end of string to check.
563 * @pattern: The start of pattern to compare.
564 * @pattern_end: The end of pattern to compare.
565 *
566 * Returns true if @filename matches @pattern, false otherwise.
567 */
568 static bool tomoyo_file_matches_pattern(const char *filename,
569 const char *filename_end,
570 const char *pattern,
571 const char *pattern_end)
572 {
573 const char *pattern_start = pattern;
574 bool first = true;
575 bool result;
576
577 while (pattern < pattern_end - 1) {
578 /* Split at "\-" pattern. */
579 if (*pattern++ != '\\' || *pattern++ != '-')
580 continue;
581 result = tomoyo_file_matches_pattern2(filename,
582 filename_end,
583 pattern_start,
584 pattern - 2);
585 if (first)
586 result = !result;
587 if (result)
588 return false;
589 first = false;
590 pattern_start = pattern;
591 }
592 result = tomoyo_file_matches_pattern2(filename, filename_end,
593 pattern_start, pattern_end);
594 return first ? result : !result;
595 }
596
597 /**
598 * tomoyo_path_matches_pattern2 - Do pathname pattern matching.
599 *
600 * @f: The start of string to check.
601 * @p: The start of pattern to compare.
602 *
603 * Returns true if @f matches @p, false otherwise.
604 */
605 static bool tomoyo_path_matches_pattern2(const char *f, const char *p)
606 {
607 const char *f_delimiter;
608 const char *p_delimiter;
609
610 while (*f && *p) {
611 f_delimiter = strchr(f, '/');
612 if (!f_delimiter)
613 f_delimiter = f + strlen(f);
614 p_delimiter = strchr(p, '/');
615 if (!p_delimiter)
616 p_delimiter = p + strlen(p);
617 if (*p == '\\' && *(p + 1) == '{')
618 goto recursive;
619 if (!tomoyo_file_matches_pattern(f, f_delimiter, p,
620 p_delimiter))
621 return false;
622 f = f_delimiter;
623 if (*f)
624 f++;
625 p = p_delimiter;
626 if (*p)
627 p++;
628 }
629 /* Ignore trailing "\*" and "\@" in @pattern. */
630 while (*p == '\\' &&
631 (*(p + 1) == '*' || *(p + 1) == '@'))
632 p += 2;
633 return !*f && !*p;
634 recursive:
635 /*
636 * The "\{" pattern is permitted only after '/' character.
637 * This guarantees that below "*(p - 1)" is safe.
638 * Also, the "\}" pattern is permitted only before '/' character
639 * so that "\{" + "\}" pair will not break the "\-" operator.
640 */
641 if (*(p - 1) != '/' || p_delimiter <= p + 3 || *p_delimiter != '/' ||
642 *(p_delimiter - 1) != '}' || *(p_delimiter - 2) != '\\')
643 return false; /* Bad pattern. */
644 do {
645 /* Compare current component with pattern. */
646 if (!tomoyo_file_matches_pattern(f, f_delimiter, p + 2,
647 p_delimiter - 2))
648 break;
649 /* Proceed to next component. */
650 f = f_delimiter;
651 if (!*f)
652 break;
653 f++;
654 /* Continue comparison. */
655 if (tomoyo_path_matches_pattern2(f, p_delimiter + 1))
656 return true;
657 f_delimiter = strchr(f, '/');
658 } while (f_delimiter);
659 return false; /* Not matched. */
660 }
661
662 /**
663 * tomoyo_path_matches_pattern - Check whether the given filename matches the given pattern.
664 *
665 * @filename: The filename to check.
666 * @pattern: The pattern to compare.
667 *
668 * Returns true if matches, false otherwise.
669 *
670 * The following patterns are available.
671 * \\ \ itself.
672 * \ooo Octal representation of a byte.
673 * \* Zero or more repetitions of characters other than '/'.
674 * \@ Zero or more repetitions of characters other than '/' or '.'.
675 * \? 1 byte character other than '/'.
676 * \$ One or more repetitions of decimal digits.
677 * \+ 1 decimal digit.
678 * \X One or more repetitions of hexadecimal digits.
679 * \x 1 hexadecimal digit.
680 * \A One or more repetitions of alphabet characters.
681 * \a 1 alphabet character.
682 *
683 * \- Subtraction operator.
684 *
685 * /\{dir\}/ '/' + 'One or more repetitions of dir/' (e.g. /dir/ /dir/dir/
686 * /dir/dir/dir/ ).
687 */
688 bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
689 const struct tomoyo_path_info *pattern)
690 {
691 const char *f = filename->name;
692 const char *p = pattern->name;
693 const int len = pattern->const_len;
694
695 /* If @pattern doesn't contain pattern, I can use strcmp(). */
696 if (!pattern->is_patterned)
697 return !tomoyo_pathcmp(filename, pattern);
698 /* Don't compare directory and non-directory. */
699 if (filename->is_dir != pattern->is_dir)
700 return false;
701 /* Compare the initial length without patterns. */
702 if (strncmp(f, p, len))
703 return false;
704 f += len;
705 p += len;
706 return tomoyo_path_matches_pattern2(f, p);
707 }
708
709 /**
710 * tomoyo_io_printf - Transactional printf() to "struct tomoyo_io_buffer" structure.
711 *
712 * @head: Pointer to "struct tomoyo_io_buffer".
713 * @fmt: The printf()'s format string, followed by parameters.
714 *
715 * Returns true if output was written, false otherwise.
716 *
717 * The snprintf() will truncate, but tomoyo_io_printf() won't.
718 */
719 bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
720 {
721 va_list args;
722 int len;
723 int pos = head->read_avail;
724 int size = head->readbuf_size - pos;
725
726 if (size <= 0)
727 return false;
728 va_start(args, fmt);
729 len = vsnprintf(head->read_buf + pos, size, fmt, args);
730 va_end(args);
731 if (pos + len >= head->readbuf_size)
732 return false;
733 head->read_avail += len;
734 return true;
735 }
736
737 /**
738 * tomoyo_get_exe - Get tomoyo_realpath() of current process.
739 *
740 * Returns the tomoyo_realpath() of current process on success, NULL otherwise.
741 *
742 * This function uses kzalloc(), so the caller must call kfree()
743 * if this function didn't return NULL.
744 */
745 static const char *tomoyo_get_exe(void)
746 {
747 struct mm_struct *mm = current->mm;
748 struct vm_area_struct *vma;
749 const char *cp = NULL;
750
751 if (!mm)
752 return NULL;
753 down_read(&mm->mmap_sem);
754 for (vma = mm->mmap; vma; vma = vma->vm_next) {
755 if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {
756 cp = tomoyo_realpath_from_path(&vma->vm_file->f_path);
757 break;
758 }
759 }
760 up_read(&mm->mmap_sem);
761 return cp;
762 }
763
764 /**
765 * tomoyo_get_msg - Get warning message.
766 *
767 * @is_enforce: Is it enforcing mode?
768 *
769 * Returns "ERROR" or "WARNING".
770 */
771 const char *tomoyo_get_msg(const bool is_enforce)
772 {
773 if (is_enforce)
774 return "ERROR";
775 else
776 return "WARNING";
777 }
778
779 /**
780 * tomoyo_check_flags - Check mode for specified functionality.
781 *
782 * @domain: Pointer to "struct tomoyo_domain_info".
783 * @index: The functionality to check mode.
784 *
785 * TOMOYO checks only process context.
786 * This code disables TOMOYO's enforcement in case the function is called from
787 * interrupt context.
788 */
789 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
790 const u8 index)
791 {
792 const u8 profile = domain->profile;
793
794 if (WARN_ON(in_interrupt()))
795 return 0;
796 return tomoyo_policy_loaded && index < TOMOYO_MAX_CONTROL_INDEX
797 #if TOMOYO_MAX_PROFILES != 256
798 && profile < TOMOYO_MAX_PROFILES
799 #endif
800 && tomoyo_profile_ptr[profile] ?
801 tomoyo_profile_ptr[profile]->value[index] : 0;
802 }
803
804 /**
805 * tomoyo_verbose_mode - Check whether TOMOYO is verbose mode.
806 *
807 * @domain: Pointer to "struct tomoyo_domain_info".
808 *
809 * Returns true if domain policy violation warning should be printed to
810 * console.
811 */
812 bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain)
813 {
814 return tomoyo_check_flags(domain, TOMOYO_VERBOSE) != 0;
815 }
816
817 /**
818 * tomoyo_domain_quota_is_ok - Check for domain's quota.
819 *
820 * @domain: Pointer to "struct tomoyo_domain_info".
821 *
822 * Returns true if the domain is not exceeded quota, false otherwise.
823 *
824 * Caller holds tomoyo_read_lock().
825 */
826 bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
827 {
828 unsigned int count = 0;
829 struct tomoyo_acl_info *ptr;
830
831 if (!domain)
832 return true;
833 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
834 switch (ptr->type) {
835 struct tomoyo_path_acl *acl;
836 u32 perm;
837 u8 i;
838 case TOMOYO_TYPE_PATH_ACL:
839 acl = container_of(ptr, struct tomoyo_path_acl, head);
840 perm = acl->perm | (((u32) acl->perm_high) << 16);
841 for (i = 0; i < TOMOYO_MAX_PATH_OPERATION; i++)
842 if (perm & (1 << i))
843 count++;
844 if (perm & (1 << TOMOYO_TYPE_READ_WRITE))
845 count -= 2;
846 break;
847 case TOMOYO_TYPE_PATH2_ACL:
848 perm = container_of(ptr, struct tomoyo_path2_acl, head)
849 ->perm;
850 for (i = 0; i < TOMOYO_MAX_PATH2_OPERATION; i++)
851 if (perm & (1 << i))
852 count++;
853 break;
854 }
855 }
856 if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY))
857 return true;
858 if (!domain->quota_warned) {
859 domain->quota_warned = true;
860 printk(KERN_WARNING "TOMOYO-WARNING: "
861 "Domain '%s' has so many ACLs to hold. "
862 "Stopped learning mode.\n", domain->domainname->name);
863 }
864 return false;
865 }
866
867 /**
868 * tomoyo_find_or_assign_new_profile - Create a new profile.
869 *
870 * @profile: Profile number to create.
871 *
872 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
873 */
874 static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
875 int profile)
876 {
877 static DEFINE_MUTEX(lock);
878 struct tomoyo_profile *ptr = NULL;
879 int i;
880
881 if (profile >= TOMOYO_MAX_PROFILES)
882 return NULL;
883 mutex_lock(&lock);
884 ptr = tomoyo_profile_ptr[profile];
885 if (ptr)
886 goto ok;
887 ptr = kmalloc(sizeof(*ptr), GFP_KERNEL);
888 if (!tomoyo_memory_ok(ptr)) {
889 kfree(ptr);
890 ptr = NULL;
891 goto ok;
892 }
893 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++)
894 ptr->value[i] = tomoyo_control_array[i].current_value;
895 mb(); /* Avoid out-of-order execution. */
896 tomoyo_profile_ptr[profile] = ptr;
897 ok:
898 mutex_unlock(&lock);
899 return ptr;
900 }
901
902 /**
903 * tomoyo_write_profile - Write to profile table.
904 *
905 * @head: Pointer to "struct tomoyo_io_buffer".
906 *
907 * Returns 0 on success, negative value otherwise.
908 */
909 static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
910 {
911 char *data = head->write_buf;
912 unsigned int i;
913 unsigned int value;
914 char *cp;
915 struct tomoyo_profile *profile;
916 unsigned long num;
917
918 cp = strchr(data, '-');
919 if (cp)
920 *cp = '\0';
921 if (strict_strtoul(data, 10, &num))
922 return -EINVAL;
923 if (cp)
924 data = cp + 1;
925 profile = tomoyo_find_or_assign_new_profile(num);
926 if (!profile)
927 return -EINVAL;
928 cp = strchr(data, '=');
929 if (!cp)
930 return -EINVAL;
931 *cp = '\0';
932 if (!strcmp(data, "COMMENT")) {
933 const struct tomoyo_path_info *old_comment = profile->comment;
934 profile->comment = tomoyo_get_name(cp + 1);
935 tomoyo_put_name(old_comment);
936 return 0;
937 }
938 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) {
939 if (strcmp(data, tomoyo_control_array[i].keyword))
940 continue;
941 if (sscanf(cp + 1, "%u", &value) != 1) {
942 int j;
943 const char **modes;
944 switch (i) {
945 case TOMOYO_VERBOSE:
946 modes = tomoyo_mode_2;
947 break;
948 default:
949 modes = tomoyo_mode_4;
950 break;
951 }
952 for (j = 0; j < 4; j++) {
953 if (strcmp(cp + 1, modes[j]))
954 continue;
955 value = j;
956 break;
957 }
958 if (j == 4)
959 return -EINVAL;
960 } else if (value > tomoyo_control_array[i].max_value) {
961 value = tomoyo_control_array[i].max_value;
962 }
963 profile->value[i] = value;
964 return 0;
965 }
966 return -EINVAL;
967 }
968
969 /**
970 * tomoyo_read_profile - Read from profile table.
971 *
972 * @head: Pointer to "struct tomoyo_io_buffer".
973 *
974 * Returns 0.
975 */
976 static int tomoyo_read_profile(struct tomoyo_io_buffer *head)
977 {
978 static const int total = TOMOYO_MAX_CONTROL_INDEX + 1;
979 int step;
980
981 if (head->read_eof)
982 return 0;
983 for (step = head->read_step; step < TOMOYO_MAX_PROFILES * total;
984 step++) {
985 const u8 index = step / total;
986 u8 type = step % total;
987 const struct tomoyo_profile *profile
988 = tomoyo_profile_ptr[index];
989 head->read_step = step;
990 if (!profile)
991 continue;
992 if (!type) { /* Print profile' comment tag. */
993 if (!tomoyo_io_printf(head, "%u-COMMENT=%s\n",
994 index, profile->comment ?
995 profile->comment->name : ""))
996 break;
997 continue;
998 }
999 type--;
1000 if (type < TOMOYO_MAX_CONTROL_INDEX) {
1001 const unsigned int value = profile->value[type];
1002 const char **modes = NULL;
1003 const char *keyword
1004 = tomoyo_control_array[type].keyword;
1005 switch (tomoyo_control_array[type].max_value) {
1006 case 3:
1007 modes = tomoyo_mode_4;
1008 break;
1009 case 1:
1010 modes = tomoyo_mode_2;
1011 break;
1012 }
1013 if (modes) {
1014 if (!tomoyo_io_printf(head, "%u-%s=%s\n", index,
1015 keyword, modes[value]))
1016 break;
1017 } else {
1018 if (!tomoyo_io_printf(head, "%u-%s=%u\n", index,
1019 keyword, value))
1020 break;
1021 }
1022 }
1023 }
1024 if (step == TOMOYO_MAX_PROFILES * total)
1025 head->read_eof = true;
1026 return 0;
1027 }
1028
1029 /*
1030 * tomoyo_policy_manager_list is used for holding list of domainnames or
1031 * programs which are permitted to modify configuration via
1032 * /sys/kernel/security/tomoyo/ interface.
1033 *
1034 * An entry is added by
1035 *
1036 * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \
1037 * /sys/kernel/security/tomoyo/manager
1038 * (if you want to specify by a domainname)
1039 *
1040 * or
1041 *
1042 * # echo '/usr/lib/ccs/editpolicy' > /sys/kernel/security/tomoyo/manager
1043 * (if you want to specify by a program's location)
1044 *
1045 * and is deleted by
1046 *
1047 * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \
1048 * /sys/kernel/security/tomoyo/manager
1049 *
1050 * or
1051 *
1052 * # echo 'delete /usr/lib/ccs/editpolicy' > \
1053 * /sys/kernel/security/tomoyo/manager
1054 *
1055 * and all entries are retrieved by
1056 *
1057 * # cat /sys/kernel/security/tomoyo/manager
1058 */
1059 LIST_HEAD(tomoyo_policy_manager_list);
1060
1061 /**
1062 * tomoyo_update_manager_entry - Add a manager entry.
1063 *
1064 * @manager: The path to manager or the domainnamme.
1065 * @is_delete: True if it is a delete request.
1066 *
1067 * Returns 0 on success, negative value otherwise.
1068 *
1069 * Caller holds tomoyo_read_lock().
1070 */
1071 static int tomoyo_update_manager_entry(const char *manager,
1072 const bool is_delete)
1073 {
1074 struct tomoyo_policy_manager_entry *entry = NULL;
1075 struct tomoyo_policy_manager_entry *ptr;
1076 const struct tomoyo_path_info *saved_manager;
1077 int error = is_delete ? -ENOENT : -ENOMEM;
1078 bool is_domain = false;
1079
1080 if (tomoyo_is_domain_def(manager)) {
1081 if (!tomoyo_is_correct_domain(manager))
1082 return -EINVAL;
1083 is_domain = true;
1084 } else {
1085 if (!tomoyo_is_correct_path(manager, 1, -1, -1))
1086 return -EINVAL;
1087 }
1088 saved_manager = tomoyo_get_name(manager);
1089 if (!saved_manager)
1090 return -ENOMEM;
1091 if (!is_delete)
1092 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
1093 mutex_lock(&tomoyo_policy_lock);
1094 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
1095 if (ptr->manager != saved_manager)
1096 continue;
1097 ptr->is_deleted = is_delete;
1098 error = 0;
1099 break;
1100 }
1101 if (!is_delete && error && tomoyo_memory_ok(entry)) {
1102 entry->manager = saved_manager;
1103 saved_manager = NULL;
1104 entry->is_domain = is_domain;
1105 list_add_tail_rcu(&entry->list, &tomoyo_policy_manager_list);
1106 entry = NULL;
1107 error = 0;
1108 }
1109 mutex_unlock(&tomoyo_policy_lock);
1110 tomoyo_put_name(saved_manager);
1111 kfree(entry);
1112 return error;
1113 }
1114
1115 /**
1116 * tomoyo_write_manager_policy - Write manager policy.
1117 *
1118 * @head: Pointer to "struct tomoyo_io_buffer".
1119 *
1120 * Returns 0 on success, negative value otherwise.
1121 *
1122 * Caller holds tomoyo_read_lock().
1123 */
1124 static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
1125 {
1126 char *data = head->write_buf;
1127 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1128
1129 if (!strcmp(data, "manage_by_non_root")) {
1130 tomoyo_manage_by_non_root = !is_delete;
1131 return 0;
1132 }
1133 return tomoyo_update_manager_entry(data, is_delete);
1134 }
1135
1136 /**
1137 * tomoyo_read_manager_policy - Read manager policy.
1138 *
1139 * @head: Pointer to "struct tomoyo_io_buffer".
1140 *
1141 * Returns 0.
1142 *
1143 * Caller holds tomoyo_read_lock().
1144 */
1145 static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
1146 {
1147 struct list_head *pos;
1148 bool done = true;
1149
1150 if (head->read_eof)
1151 return 0;
1152 list_for_each_cookie(pos, head->read_var2,
1153 &tomoyo_policy_manager_list) {
1154 struct tomoyo_policy_manager_entry *ptr;
1155 ptr = list_entry(pos, struct tomoyo_policy_manager_entry,
1156 list);
1157 if (ptr->is_deleted)
1158 continue;
1159 done = tomoyo_io_printf(head, "%s\n", ptr->manager->name);
1160 if (!done)
1161 break;
1162 }
1163 head->read_eof = done;
1164 return 0;
1165 }
1166
1167 /**
1168 * tomoyo_is_policy_manager - Check whether the current process is a policy manager.
1169 *
1170 * Returns true if the current process is permitted to modify policy
1171 * via /sys/kernel/security/tomoyo/ interface.
1172 *
1173 * Caller holds tomoyo_read_lock().
1174 */
1175 static bool tomoyo_is_policy_manager(void)
1176 {
1177 struct tomoyo_policy_manager_entry *ptr;
1178 const char *exe;
1179 const struct task_struct *task = current;
1180 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
1181 bool found = false;
1182
1183 if (!tomoyo_policy_loaded)
1184 return true;
1185 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
1186 return false;
1187 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
1188 if (!ptr->is_deleted && ptr->is_domain
1189 && !tomoyo_pathcmp(domainname, ptr->manager)) {
1190 found = true;
1191 break;
1192 }
1193 }
1194 if (found)
1195 return true;
1196 exe = tomoyo_get_exe();
1197 if (!exe)
1198 return false;
1199 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
1200 if (!ptr->is_deleted && !ptr->is_domain
1201 && !strcmp(exe, ptr->manager->name)) {
1202 found = true;
1203 break;
1204 }
1205 }
1206 if (!found) { /* Reduce error messages. */
1207 static pid_t last_pid;
1208 const pid_t pid = current->pid;
1209 if (last_pid != pid) {
1210 printk(KERN_WARNING "%s ( %s ) is not permitted to "
1211 "update policies.\n", domainname->name, exe);
1212 last_pid = pid;
1213 }
1214 }
1215 kfree(exe);
1216 return found;
1217 }
1218
1219 /**
1220 * tomoyo_is_select_one - Parse select command.
1221 *
1222 * @head: Pointer to "struct tomoyo_io_buffer".
1223 * @data: String to parse.
1224 *
1225 * Returns true on success, false otherwise.
1226 *
1227 * Caller holds tomoyo_read_lock().
1228 */
1229 static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
1230 const char *data)
1231 {
1232 unsigned int pid;
1233 struct tomoyo_domain_info *domain = NULL;
1234
1235 if (sscanf(data, "pid=%u", &pid) == 1) {
1236 struct task_struct *p;
1237 rcu_read_lock();
1238 read_lock(&tasklist_lock);
1239 p = find_task_by_vpid(pid);
1240 if (p)
1241 domain = tomoyo_real_domain(p);
1242 read_unlock(&tasklist_lock);
1243 rcu_read_unlock();
1244 } else if (!strncmp(data, "domain=", 7)) {
1245 if (tomoyo_is_domain_def(data + 7))
1246 domain = tomoyo_find_domain(data + 7);
1247 } else
1248 return false;
1249 head->write_var1 = domain;
1250 /* Accessing read_buf is safe because head->io_sem is held. */
1251 if (!head->read_buf)
1252 return true; /* Do nothing if open(O_WRONLY). */
1253 head->read_avail = 0;
1254 tomoyo_io_printf(head, "# select %s\n", data);
1255 head->read_single_domain = true;
1256 head->read_eof = !domain;
1257 if (domain) {
1258 struct tomoyo_domain_info *d;
1259 head->read_var1 = NULL;
1260 list_for_each_entry_rcu(d, &tomoyo_domain_list, list) {
1261 if (d == domain)
1262 break;
1263 head->read_var1 = &d->list;
1264 }
1265 head->read_var2 = NULL;
1266 head->read_bit = 0;
1267 head->read_step = 0;
1268 if (domain->is_deleted)
1269 tomoyo_io_printf(head, "# This is a deleted domain.\n");
1270 }
1271 return true;
1272 }
1273
1274 /**
1275 * tomoyo_delete_domain - Delete a domain.
1276 *
1277 * @domainname: The name of domain.
1278 *
1279 * Returns 0.
1280 *
1281 * Caller holds tomoyo_read_lock().
1282 */
1283 static int tomoyo_delete_domain(char *domainname)
1284 {
1285 struct tomoyo_domain_info *domain;
1286 struct tomoyo_path_info name;
1287
1288 name.name = domainname;
1289 tomoyo_fill_path_info(&name);
1290 mutex_lock(&tomoyo_policy_lock);
1291 /* Is there an active domain? */
1292 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
1293 /* Never delete tomoyo_kernel_domain */
1294 if (domain == &tomoyo_kernel_domain)
1295 continue;
1296 if (domain->is_deleted ||
1297 tomoyo_pathcmp(domain->domainname, &name))
1298 continue;
1299 domain->is_deleted = true;
1300 break;
1301 }
1302 mutex_unlock(&tomoyo_policy_lock);
1303 return 0;
1304 }
1305
1306 /**
1307 * tomoyo_write_domain_policy - Write domain policy.
1308 *
1309 * @head: Pointer to "struct tomoyo_io_buffer".
1310 *
1311 * Returns 0 on success, negative value otherwise.
1312 *
1313 * Caller holds tomoyo_read_lock().
1314 */
1315 static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
1316 {
1317 char *data = head->write_buf;
1318 struct tomoyo_domain_info *domain = head->write_var1;
1319 bool is_delete = false;
1320 bool is_select = false;
1321 unsigned int profile;
1322
1323 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
1324 is_delete = true;
1325 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
1326 is_select = true;
1327 if (is_select && tomoyo_is_select_one(head, data))
1328 return 0;
1329 /* Don't allow updating policies by non manager programs. */
1330 if (!tomoyo_is_policy_manager())
1331 return -EPERM;
1332 if (tomoyo_is_domain_def(data)) {
1333 domain = NULL;
1334 if (is_delete)
1335 tomoyo_delete_domain(data);
1336 else if (is_select)
1337 domain = tomoyo_find_domain(data);
1338 else
1339 domain = tomoyo_find_or_assign_new_domain(data, 0);
1340 head->write_var1 = domain;
1341 return 0;
1342 }
1343 if (!domain)
1344 return -EINVAL;
1345
1346 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1
1347 && profile < TOMOYO_MAX_PROFILES) {
1348 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)
1349 domain->profile = (u8) profile;
1350 return 0;
1351 }
1352 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
1353 domain->ignore_global_allow_read = !is_delete;
1354 return 0;
1355 }
1356 return tomoyo_write_file_policy(data, domain, is_delete);
1357 }
1358
1359 /**
1360 * tomoyo_print_path_acl - Print a single path ACL entry.
1361 *
1362 * @head: Pointer to "struct tomoyo_io_buffer".
1363 * @ptr: Pointer to "struct tomoyo_path_acl".
1364 *
1365 * Returns true on success, false otherwise.
1366 */
1367 static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head,
1368 struct tomoyo_path_acl *ptr)
1369 {
1370 int pos;
1371 u8 bit;
1372 const char *atmark = "";
1373 const char *filename;
1374 const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16);
1375
1376 filename = ptr->filename->name;
1377 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
1378 const char *msg;
1379 if (!(perm & (1 << bit)))
1380 continue;
1381 /* Print "read/write" instead of "read" and "write". */
1382 if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE)
1383 && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
1384 continue;
1385 msg = tomoyo_path2keyword(bit);
1386 pos = head->read_avail;
1387 if (!tomoyo_io_printf(head, "allow_%s %s%s\n", msg,
1388 atmark, filename))
1389 goto out;
1390 }
1391 head->read_bit = 0;
1392 return true;
1393 out:
1394 head->read_bit = bit;
1395 head->read_avail = pos;
1396 return false;
1397 }
1398
1399 /**
1400 * tomoyo_print_path2_acl - Print a double path ACL entry.
1401 *
1402 * @head: Pointer to "struct tomoyo_io_buffer".
1403 * @ptr: Pointer to "struct tomoyo_path2_acl".
1404 *
1405 * Returns true on success, false otherwise.
1406 */
1407 static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer *head,
1408 struct tomoyo_path2_acl *ptr)
1409 {
1410 int pos;
1411 const char *atmark1 = "";
1412 const char *atmark2 = "";
1413 const char *filename1;
1414 const char *filename2;
1415 const u8 perm = ptr->perm;
1416 u8 bit;
1417
1418 filename1 = ptr->filename1->name;
1419 filename2 = ptr->filename2->name;
1420 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) {
1421 const char *msg;
1422 if (!(perm & (1 << bit)))
1423 continue;
1424 msg = tomoyo_path22keyword(bit);
1425 pos = head->read_avail;
1426 if (!tomoyo_io_printf(head, "allow_%s %s%s %s%s\n", msg,
1427 atmark1, filename1, atmark2, filename2))
1428 goto out;
1429 }
1430 head->read_bit = 0;
1431 return true;
1432 out:
1433 head->read_bit = bit;
1434 head->read_avail = pos;
1435 return false;
1436 }
1437
1438 /**
1439 * tomoyo_print_entry - Print an ACL entry.
1440 *
1441 * @head: Pointer to "struct tomoyo_io_buffer".
1442 * @ptr: Pointer to an ACL entry.
1443 *
1444 * Returns true on success, false otherwise.
1445 */
1446 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
1447 struct tomoyo_acl_info *ptr)
1448 {
1449 const u8 acl_type = ptr->type;
1450
1451 if (acl_type == TOMOYO_TYPE_PATH_ACL) {
1452 struct tomoyo_path_acl *acl
1453 = container_of(ptr, struct tomoyo_path_acl, head);
1454 return tomoyo_print_path_acl(head, acl);
1455 }
1456 if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
1457 struct tomoyo_path2_acl *acl
1458 = container_of(ptr, struct tomoyo_path2_acl, head);
1459 return tomoyo_print_path2_acl(head, acl);
1460 }
1461 BUG(); /* This must not happen. */
1462 return false;
1463 }
1464
1465 /**
1466 * tomoyo_read_domain_policy - Read domain policy.
1467 *
1468 * @head: Pointer to "struct tomoyo_io_buffer".
1469 *
1470 * Returns 0.
1471 *
1472 * Caller holds tomoyo_read_lock().
1473 */
1474 static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head)
1475 {
1476 struct list_head *dpos;
1477 struct list_head *apos;
1478 bool done = true;
1479
1480 if (head->read_eof)
1481 return 0;
1482 if (head->read_step == 0)
1483 head->read_step = 1;
1484 list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) {
1485 struct tomoyo_domain_info *domain;
1486 const char *quota_exceeded = "";
1487 const char *transition_failed = "";
1488 const char *ignore_global_allow_read = "";
1489 domain = list_entry(dpos, struct tomoyo_domain_info, list);
1490 if (head->read_step != 1)
1491 goto acl_loop;
1492 if (domain->is_deleted && !head->read_single_domain)
1493 continue;
1494 /* Print domainname and flags. */
1495 if (domain->quota_warned)
1496 quota_exceeded = "quota_exceeded\n";
1497 if (domain->transition_failed)
1498 transition_failed = "transition_failed\n";
1499 if (domain->ignore_global_allow_read)
1500 ignore_global_allow_read
1501 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n";
1502 done = tomoyo_io_printf(head, "%s\n" TOMOYO_KEYWORD_USE_PROFILE
1503 "%u\n%s%s%s\n",
1504 domain->domainname->name,
1505 domain->profile, quota_exceeded,
1506 transition_failed,
1507 ignore_global_allow_read);
1508 if (!done)
1509 break;
1510 head->read_step = 2;
1511 acl_loop:
1512 if (head->read_step == 3)
1513 goto tail_mark;
1514 /* Print ACL entries in the domain. */
1515 list_for_each_cookie(apos, head->read_var2,
1516 &domain->acl_info_list) {
1517 struct tomoyo_acl_info *ptr
1518 = list_entry(apos, struct tomoyo_acl_info,
1519 list);
1520 done = tomoyo_print_entry(head, ptr);
1521 if (!done)
1522 break;
1523 }
1524 if (!done)
1525 break;
1526 head->read_step = 3;
1527 tail_mark:
1528 done = tomoyo_io_printf(head, "\n");
1529 if (!done)
1530 break;
1531 head->read_step = 1;
1532 if (head->read_single_domain)
1533 break;
1534 }
1535 head->read_eof = done;
1536 return 0;
1537 }
1538
1539 /**
1540 * tomoyo_write_domain_profile - Assign profile for specified domain.
1541 *
1542 * @head: Pointer to "struct tomoyo_io_buffer".
1543 *
1544 * Returns 0 on success, -EINVAL otherwise.
1545 *
1546 * This is equivalent to doing
1547 *
1548 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1549 * /usr/lib/ccs/loadpolicy -d
1550 *
1551 * Caller holds tomoyo_read_lock().
1552 */
1553 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1554 {
1555 char *data = head->write_buf;
1556 char *cp = strchr(data, ' ');
1557 struct tomoyo_domain_info *domain;
1558 unsigned long profile;
1559
1560 if (!cp)
1561 return -EINVAL;
1562 *cp = '\0';
1563 domain = tomoyo_find_domain(cp + 1);
1564 if (strict_strtoul(data, 10, &profile))
1565 return -EINVAL;
1566 if (domain && profile < TOMOYO_MAX_PROFILES
1567 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded))
1568 domain->profile = (u8) profile;
1569 return 0;
1570 }
1571
1572 /**
1573 * tomoyo_read_domain_profile - Read only domainname and profile.
1574 *
1575 * @head: Pointer to "struct tomoyo_io_buffer".
1576 *
1577 * Returns list of profile number and domainname pairs.
1578 *
1579 * This is equivalent to doing
1580 *
1581 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1582 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1583 * domainname = $0; } else if ( $1 == "use_profile" ) {
1584 * print $2 " " domainname; domainname = ""; } } ; '
1585 *
1586 * Caller holds tomoyo_read_lock().
1587 */
1588 static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1589 {
1590 struct list_head *pos;
1591 bool done = true;
1592
1593 if (head->read_eof)
1594 return 0;
1595 list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) {
1596 struct tomoyo_domain_info *domain;
1597 domain = list_entry(pos, struct tomoyo_domain_info, list);
1598 if (domain->is_deleted)
1599 continue;
1600 done = tomoyo_io_printf(head, "%u %s\n", domain->profile,
1601 domain->domainname->name);
1602 if (!done)
1603 break;
1604 }
1605 head->read_eof = done;
1606 return 0;
1607 }
1608
1609 /**
1610 * tomoyo_write_pid: Specify PID to obtain domainname.
1611 *
1612 * @head: Pointer to "struct tomoyo_io_buffer".
1613 *
1614 * Returns 0.
1615 */
1616 static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1617 {
1618 unsigned long pid;
1619 /* No error check. */
1620 strict_strtoul(head->write_buf, 10, &pid);
1621 head->read_step = (int) pid;
1622 head->read_eof = false;
1623 return 0;
1624 }
1625
1626 /**
1627 * tomoyo_read_pid - Get domainname of the specified PID.
1628 *
1629 * @head: Pointer to "struct tomoyo_io_buffer".
1630 *
1631 * Returns the domainname which the specified PID is in on success,
1632 * empty string otherwise.
1633 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1634 * using read()/write() interface rather than sysctl() interface.
1635 */
1636 static int tomoyo_read_pid(struct tomoyo_io_buffer *head)
1637 {
1638 if (head->read_avail == 0 && !head->read_eof) {
1639 const int pid = head->read_step;
1640 struct task_struct *p;
1641 struct tomoyo_domain_info *domain = NULL;
1642 rcu_read_lock();
1643 read_lock(&tasklist_lock);
1644 p = find_task_by_vpid(pid);
1645 if (p)
1646 domain = tomoyo_real_domain(p);
1647 read_unlock(&tasklist_lock);
1648 rcu_read_unlock();
1649 if (domain)
1650 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile,
1651 domain->domainname->name);
1652 head->read_eof = true;
1653 }
1654 return 0;
1655 }
1656
1657 /**
1658 * tomoyo_write_exception_policy - Write exception policy.
1659 *
1660 * @head: Pointer to "struct tomoyo_io_buffer".
1661 *
1662 * Returns 0 on success, negative value otherwise.
1663 *
1664 * Caller holds tomoyo_read_lock().
1665 */
1666 static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
1667 {
1668 char *data = head->write_buf;
1669 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1670
1671 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_KEEP_DOMAIN))
1672 return tomoyo_write_domain_keeper_policy(data, false,
1673 is_delete);
1674 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_KEEP_DOMAIN))
1675 return tomoyo_write_domain_keeper_policy(data, true, is_delete);
1676 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_INITIALIZE_DOMAIN))
1677 return tomoyo_write_domain_initializer_policy(data, false,
1678 is_delete);
1679 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN))
1680 return tomoyo_write_domain_initializer_policy(data, true,
1681 is_delete);
1682 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS))
1683 return tomoyo_write_alias_policy(data, is_delete);
1684 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ))
1685 return tomoyo_write_globally_readable_policy(data, is_delete);
1686 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN))
1687 return tomoyo_write_pattern_policy(data, is_delete);
1688 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE))
1689 return tomoyo_write_no_rewrite_policy(data, is_delete);
1690 return -EINVAL;
1691 }
1692
1693 /**
1694 * tomoyo_read_exception_policy - Read exception policy.
1695 *
1696 * @head: Pointer to "struct tomoyo_io_buffer".
1697 *
1698 * Returns 0 on success, -EINVAL otherwise.
1699 *
1700 * Caller holds tomoyo_read_lock().
1701 */
1702 static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head)
1703 {
1704 if (!head->read_eof) {
1705 switch (head->read_step) {
1706 case 0:
1707 head->read_var2 = NULL;
1708 head->read_step = 1;
1709 case 1:
1710 if (!tomoyo_read_domain_keeper_policy(head))
1711 break;
1712 head->read_var2 = NULL;
1713 head->read_step = 2;
1714 case 2:
1715 if (!tomoyo_read_globally_readable_policy(head))
1716 break;
1717 head->read_var2 = NULL;
1718 head->read_step = 3;
1719 case 3:
1720 head->read_var2 = NULL;
1721 head->read_step = 4;
1722 case 4:
1723 if (!tomoyo_read_domain_initializer_policy(head))
1724 break;
1725 head->read_var2 = NULL;
1726 head->read_step = 5;
1727 case 5:
1728 if (!tomoyo_read_alias_policy(head))
1729 break;
1730 head->read_var2 = NULL;
1731 head->read_step = 6;
1732 case 6:
1733 head->read_var2 = NULL;
1734 head->read_step = 7;
1735 case 7:
1736 if (!tomoyo_read_file_pattern(head))
1737 break;
1738 head->read_var2 = NULL;
1739 head->read_step = 8;
1740 case 8:
1741 if (!tomoyo_read_no_rewrite_policy(head))
1742 break;
1743 head->read_var2 = NULL;
1744 head->read_step = 9;
1745 case 9:
1746 head->read_eof = true;
1747 break;
1748 default:
1749 return -EINVAL;
1750 }
1751 }
1752 return 0;
1753 }
1754
1755 /* path to policy loader */
1756 static const char *tomoyo_loader = "/sbin/tomoyo-init";
1757
1758 /**
1759 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
1760 *
1761 * Returns true if /sbin/tomoyo-init exists, false otherwise.
1762 */
1763 static bool tomoyo_policy_loader_exists(void)
1764 {
1765 /*
1766 * Don't activate MAC if the policy loader doesn't exist.
1767 * If the initrd includes /sbin/init but real-root-dev has not
1768 * mounted on / yet, activating MAC will block the system since
1769 * policies are not loaded yet.
1770 * Thus, let do_execve() call this function everytime.
1771 */
1772 struct path path;
1773
1774 if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
1775 printk(KERN_INFO "Not activating Mandatory Access Control now "
1776 "since %s doesn't exist.\n", tomoyo_loader);
1777 return false;
1778 }
1779 path_put(&path);
1780 return true;
1781 }
1782
1783 /**
1784 * tomoyo_load_policy - Run external policy loader to load policy.
1785 *
1786 * @filename: The program about to start.
1787 *
1788 * This function checks whether @filename is /sbin/init , and if so
1789 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
1790 * and then continues invocation of /sbin/init.
1791 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
1792 * writes to /sys/kernel/security/tomoyo/ interfaces.
1793 *
1794 * Returns nothing.
1795 */
1796 void tomoyo_load_policy(const char *filename)
1797 {
1798 char *argv[2];
1799 char *envp[3];
1800
1801 if (tomoyo_policy_loaded)
1802 return;
1803 /*
1804 * Check filename is /sbin/init or /sbin/tomoyo-start.
1805 * /sbin/tomoyo-start is a dummy filename in case where /sbin/init can't
1806 * be passed.
1807 * You can create /sbin/tomoyo-start by
1808 * "ln -s /bin/true /sbin/tomoyo-start".
1809 */
1810 if (strcmp(filename, "/sbin/init") &&
1811 strcmp(filename, "/sbin/tomoyo-start"))
1812 return;
1813 if (!tomoyo_policy_loader_exists())
1814 return;
1815
1816 printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
1817 tomoyo_loader);
1818 argv[0] = (char *) tomoyo_loader;
1819 argv[1] = NULL;
1820 envp[0] = "HOME=/";
1821 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
1822 envp[2] = NULL;
1823 call_usermodehelper(argv[0], argv, envp, 1);
1824
1825 printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n");
1826 printk(KERN_INFO "Mandatory Access Control activated.\n");
1827 tomoyo_policy_loaded = true;
1828 { /* Check all profiles currently assigned to domains are defined. */
1829 struct tomoyo_domain_info *domain;
1830 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
1831 const u8 profile = domain->profile;
1832 if (tomoyo_profile_ptr[profile])
1833 continue;
1834 panic("Profile %u (used by '%s') not defined.\n",
1835 profile, domain->domainname->name);
1836 }
1837 }
1838 }
1839
1840 /**
1841 * tomoyo_read_version: Get version.
1842 *
1843 * @head: Pointer to "struct tomoyo_io_buffer".
1844 *
1845 * Returns version information.
1846 */
1847 static int tomoyo_read_version(struct tomoyo_io_buffer *head)
1848 {
1849 if (!head->read_eof) {
1850 tomoyo_io_printf(head, "2.2.0");
1851 head->read_eof = true;
1852 }
1853 return 0;
1854 }
1855
1856 /**
1857 * tomoyo_read_self_domain - Get the current process's domainname.
1858 *
1859 * @head: Pointer to "struct tomoyo_io_buffer".
1860 *
1861 * Returns the current process's domainname.
1862 */
1863 static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1864 {
1865 if (!head->read_eof) {
1866 /*
1867 * tomoyo_domain()->domainname != NULL
1868 * because every process belongs to a domain and
1869 * the domain's name cannot be NULL.
1870 */
1871 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1872 head->read_eof = true;
1873 }
1874 return 0;
1875 }
1876
1877 /**
1878 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1879 *
1880 * @type: Type of interface.
1881 * @file: Pointer to "struct file".
1882 *
1883 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
1884 *
1885 * Caller acquires tomoyo_read_lock().
1886 */
1887 static int tomoyo_open_control(const u8 type, struct file *file)
1888 {
1889 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_KERNEL);
1890
1891 if (!head)
1892 return -ENOMEM;
1893 mutex_init(&head->io_sem);
1894 switch (type) {
1895 case TOMOYO_DOMAINPOLICY:
1896 /* /sys/kernel/security/tomoyo/domain_policy */
1897 head->write = tomoyo_write_domain_policy;
1898 head->read = tomoyo_read_domain_policy;
1899 break;
1900 case TOMOYO_EXCEPTIONPOLICY:
1901 /* /sys/kernel/security/tomoyo/exception_policy */
1902 head->write = tomoyo_write_exception_policy;
1903 head->read = tomoyo_read_exception_policy;
1904 break;
1905 case TOMOYO_SELFDOMAIN:
1906 /* /sys/kernel/security/tomoyo/self_domain */
1907 head->read = tomoyo_read_self_domain;
1908 break;
1909 case TOMOYO_DOMAIN_STATUS:
1910 /* /sys/kernel/security/tomoyo/.domain_status */
1911 head->write = tomoyo_write_domain_profile;
1912 head->read = tomoyo_read_domain_profile;
1913 break;
1914 case TOMOYO_PROCESS_STATUS:
1915 /* /sys/kernel/security/tomoyo/.process_status */
1916 head->write = tomoyo_write_pid;
1917 head->read = tomoyo_read_pid;
1918 break;
1919 case TOMOYO_VERSION:
1920 /* /sys/kernel/security/tomoyo/version */
1921 head->read = tomoyo_read_version;
1922 head->readbuf_size = 128;
1923 break;
1924 case TOMOYO_MEMINFO:
1925 /* /sys/kernel/security/tomoyo/meminfo */
1926 head->write = tomoyo_write_memory_quota;
1927 head->read = tomoyo_read_memory_counter;
1928 head->readbuf_size = 512;
1929 break;
1930 case TOMOYO_PROFILE:
1931 /* /sys/kernel/security/tomoyo/profile */
1932 head->write = tomoyo_write_profile;
1933 head->read = tomoyo_read_profile;
1934 break;
1935 case TOMOYO_MANAGER:
1936 /* /sys/kernel/security/tomoyo/manager */
1937 head->write = tomoyo_write_manager_policy;
1938 head->read = tomoyo_read_manager_policy;
1939 break;
1940 }
1941 if (!(file->f_mode & FMODE_READ)) {
1942 /*
1943 * No need to allocate read_buf since it is not opened
1944 * for reading.
1945 */
1946 head->read = NULL;
1947 } else {
1948 if (!head->readbuf_size)
1949 head->readbuf_size = 4096 * 2;
1950 head->read_buf = kzalloc(head->readbuf_size, GFP_KERNEL);
1951 if (!head->read_buf) {
1952 kfree(head);
1953 return -ENOMEM;
1954 }
1955 }
1956 if (!(file->f_mode & FMODE_WRITE)) {
1957 /*
1958 * No need to allocate write_buf since it is not opened
1959 * for writing.
1960 */
1961 head->write = NULL;
1962 } else if (head->write) {
1963 head->writebuf_size = 4096 * 2;
1964 head->write_buf = kzalloc(head->writebuf_size, GFP_KERNEL);
1965 if (!head->write_buf) {
1966 kfree(head->read_buf);
1967 kfree(head);
1968 return -ENOMEM;
1969 }
1970 }
1971 head->reader_idx = tomoyo_read_lock();
1972 file->private_data = head;
1973 /*
1974 * Call the handler now if the file is
1975 * /sys/kernel/security/tomoyo/self_domain
1976 * so that the user can use
1977 * cat < /sys/kernel/security/tomoyo/self_domain"
1978 * to know the current process's domainname.
1979 */
1980 if (type == TOMOYO_SELFDOMAIN)
1981 tomoyo_read_control(file, NULL, 0);
1982 return 0;
1983 }
1984
1985 /**
1986 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
1987 *
1988 * @file: Pointer to "struct file".
1989 * @buffer: Poiner to buffer to write to.
1990 * @buffer_len: Size of @buffer.
1991 *
1992 * Returns bytes read on success, negative value otherwise.
1993 *
1994 * Caller holds tomoyo_read_lock().
1995 */
1996 static int tomoyo_read_control(struct file *file, char __user *buffer,
1997 const int buffer_len)
1998 {
1999 int len = 0;
2000 struct tomoyo_io_buffer *head = file->private_data;
2001 char *cp;
2002
2003 if (!head->read)
2004 return -ENOSYS;
2005 if (mutex_lock_interruptible(&head->io_sem))
2006 return -EINTR;
2007 /* Call the policy handler. */
2008 len = head->read(head);
2009 if (len < 0)
2010 goto out;
2011 /* Write to buffer. */
2012 len = head->read_avail;
2013 if (len > buffer_len)
2014 len = buffer_len;
2015 if (!len)
2016 goto out;
2017 /* head->read_buf changes by some functions. */
2018 cp = head->read_buf;
2019 if (copy_to_user(buffer, cp, len)) {
2020 len = -EFAULT;
2021 goto out;
2022 }
2023 head->read_avail -= len;
2024 memmove(cp, cp + len, head->read_avail);
2025 out:
2026 mutex_unlock(&head->io_sem);
2027 return len;
2028 }
2029
2030 /**
2031 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
2032 *
2033 * @file: Pointer to "struct file".
2034 * @buffer: Pointer to buffer to read from.
2035 * @buffer_len: Size of @buffer.
2036 *
2037 * Returns @buffer_len on success, negative value otherwise.
2038 *
2039 * Caller holds tomoyo_read_lock().
2040 */
2041 static int tomoyo_write_control(struct file *file, const char __user *buffer,
2042 const int buffer_len)
2043 {
2044 struct tomoyo_io_buffer *head = file->private_data;
2045 int error = buffer_len;
2046 int avail_len = buffer_len;
2047 char *cp0 = head->write_buf;
2048
2049 if (!head->write)
2050 return -ENOSYS;
2051 if (!access_ok(VERIFY_READ, buffer, buffer_len))
2052 return -EFAULT;
2053 /* Don't allow updating policies by non manager programs. */
2054 if (head->write != tomoyo_write_pid &&
2055 head->write != tomoyo_write_domain_policy &&
2056 !tomoyo_is_policy_manager())
2057 return -EPERM;
2058 if (mutex_lock_interruptible(&head->io_sem))
2059 return -EINTR;
2060 /* Read a line and dispatch it to the policy handler. */
2061 while (avail_len > 0) {
2062 char c;
2063 if (head->write_avail >= head->writebuf_size - 1) {
2064 error = -ENOMEM;
2065 break;
2066 } else if (get_user(c, buffer)) {
2067 error = -EFAULT;
2068 break;
2069 }
2070 buffer++;
2071 avail_len--;
2072 cp0[head->write_avail++] = c;
2073 if (c != '\n')
2074 continue;
2075 cp0[head->write_avail - 1] = '\0';
2076 head->write_avail = 0;
2077 tomoyo_normalize_line(cp0);
2078 head->write(head);
2079 }
2080 mutex_unlock(&head->io_sem);
2081 return error;
2082 }
2083
2084 /**
2085 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
2086 *
2087 * @file: Pointer to "struct file".
2088 *
2089 * Releases memory and returns 0.
2090 *
2091 * Caller looses tomoyo_read_lock().
2092 */
2093 static int tomoyo_close_control(struct file *file)
2094 {
2095 struct tomoyo_io_buffer *head = file->private_data;
2096 const bool is_write = !!head->write_buf;
2097
2098 tomoyo_read_unlock(head->reader_idx);
2099 /* Release memory used for policy I/O. */
2100 kfree(head->read_buf);
2101 head->read_buf = NULL;
2102 kfree(head->write_buf);
2103 head->write_buf = NULL;
2104 kfree(head);
2105 head = NULL;
2106 file->private_data = NULL;
2107 if (is_write)
2108 tomoyo_run_gc();
2109 return 0;
2110 }
2111
2112 /**
2113 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
2114 *
2115 * @inode: Pointer to "struct inode".
2116 * @file: Pointer to "struct file".
2117 *
2118 * Returns 0 on success, negative value otherwise.
2119 */
2120 static int tomoyo_open(struct inode *inode, struct file *file)
2121 {
2122 const int key = ((u8 *) file->f_path.dentry->d_inode->i_private)
2123 - ((u8 *) NULL);
2124 return tomoyo_open_control(key, file);
2125 }
2126
2127 /**
2128 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
2129 *
2130 * @inode: Pointer to "struct inode".
2131 * @file: Pointer to "struct file".
2132 *
2133 * Returns 0 on success, negative value otherwise.
2134 */
2135 static int tomoyo_release(struct inode *inode, struct file *file)
2136 {
2137 return tomoyo_close_control(file);
2138 }
2139
2140 /**
2141 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
2142 *
2143 * @file: Pointer to "struct file".
2144 * @buf: Pointer to buffer.
2145 * @count: Size of @buf.
2146 * @ppos: Unused.
2147 *
2148 * Returns bytes read on success, negative value otherwise.
2149 */
2150 static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
2151 loff_t *ppos)
2152 {
2153 return tomoyo_read_control(file, buf, count);
2154 }
2155
2156 /**
2157 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
2158 *
2159 * @file: Pointer to "struct file".
2160 * @buf: Pointer to buffer.
2161 * @count: Size of @buf.
2162 * @ppos: Unused.
2163 *
2164 * Returns @count on success, negative value otherwise.
2165 */
2166 static ssize_t tomoyo_write(struct file *file, const char __user *buf,
2167 size_t count, loff_t *ppos)
2168 {
2169 return tomoyo_write_control(file, buf, count);
2170 }
2171
2172 /*
2173 * tomoyo_operations is a "struct file_operations" which is used for handling
2174 * /sys/kernel/security/tomoyo/ interface.
2175 *
2176 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
2177 * See tomoyo_io_buffer for internals.
2178 */
2179 static const struct file_operations tomoyo_operations = {
2180 .open = tomoyo_open,
2181 .release = tomoyo_release,
2182 .read = tomoyo_read,
2183 .write = tomoyo_write,
2184 };
2185
2186 /**
2187 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
2188 *
2189 * @name: The name of the interface file.
2190 * @mode: The permission of the interface file.
2191 * @parent: The parent directory.
2192 * @key: Type of interface.
2193 *
2194 * Returns nothing.
2195 */
2196 static void __init tomoyo_create_entry(const char *name, const mode_t mode,
2197 struct dentry *parent, const u8 key)
2198 {
2199 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
2200 &tomoyo_operations);
2201 }
2202
2203 /**
2204 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
2205 *
2206 * Returns 0.
2207 */
2208 static int __init tomoyo_initerface_init(void)
2209 {
2210 struct dentry *tomoyo_dir;
2211
2212 /* Don't create securityfs entries unless registered. */
2213 if (current_cred()->security != &tomoyo_kernel_domain)
2214 return 0;
2215
2216 tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
2217 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
2218 TOMOYO_DOMAINPOLICY);
2219 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
2220 TOMOYO_EXCEPTIONPOLICY);
2221 tomoyo_create_entry("self_domain", 0400, tomoyo_dir,
2222 TOMOYO_SELFDOMAIN);
2223 tomoyo_create_entry(".domain_status", 0600, tomoyo_dir,
2224 TOMOYO_DOMAIN_STATUS);
2225 tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
2226 TOMOYO_PROCESS_STATUS);
2227 tomoyo_create_entry("meminfo", 0600, tomoyo_dir,
2228 TOMOYO_MEMINFO);
2229 tomoyo_create_entry("profile", 0600, tomoyo_dir,
2230 TOMOYO_PROFILE);
2231 tomoyo_create_entry("manager", 0600, tomoyo_dir,
2232 TOMOYO_MANAGER);
2233 tomoyo_create_entry("version", 0400, tomoyo_dir,
2234 TOMOYO_VERSION);
2235 return 0;
2236 }
2237
2238 fs_initcall(tomoyo_initerface_init);
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree