1 /* 2 * security/tomoyo/common.c 3 * 4 * Copyright (C) 2005-2011 NTT DATA CORPORATION 5 */ 6 7 #include <linux/uaccess.h> 8 #include <linux/slab.h> 9 #include <linux/security.h> 10 #include "common.h" 11 12 /* String table for operation mode. */ 13 const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = { 14 [TOMOYO_CONFIG_DISABLED] = "disabled", 15 [TOMOYO_CONFIG_LEARNING] = "learning", 16 [TOMOYO_CONFIG_PERMISSIVE] = "permissive", 17 [TOMOYO_CONFIG_ENFORCING] = "enforcing" 18 }; 19 20 /* String table for /sys/kernel/security/tomoyo/profile */ 21 const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX 22 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = { 23 [TOMOYO_MAC_FILE_EXECUTE] = "execute", 24 [TOMOYO_MAC_FILE_OPEN] = "open", 25 [TOMOYO_MAC_FILE_CREATE] = "create", 26 [TOMOYO_MAC_FILE_UNLINK] = "unlink", 27 [TOMOYO_MAC_FILE_GETATTR] = "getattr", 28 [TOMOYO_MAC_FILE_MKDIR] = "mkdir", 29 [TOMOYO_MAC_FILE_RMDIR] = "rmdir", 30 [TOMOYO_MAC_FILE_MKFIFO] = "mkfifo", 31 [TOMOYO_MAC_FILE_MKSOCK] = "mksock", 32 [TOMOYO_MAC_FILE_TRUNCATE] = "truncate", 33 [TOMOYO_MAC_FILE_SYMLINK] = "symlink", 34 [TOMOYO_MAC_FILE_MKBLOCK] = "mkblock", 35 [TOMOYO_MAC_FILE_MKCHAR] = "mkchar", 36 [TOMOYO_MAC_FILE_LINK] = "link", 37 [TOMOYO_MAC_FILE_RENAME] = "rename", 38 [TOMOYO_MAC_FILE_CHMOD] = "chmod", 39 [TOMOYO_MAC_FILE_CHOWN] = "chown", 40 [TOMOYO_MAC_FILE_CHGRP] = "chgrp", 41 [TOMOYO_MAC_FILE_IOCTL] = "ioctl", 42 [TOMOYO_MAC_FILE_CHROOT] = "chroot", 43 [TOMOYO_MAC_FILE_MOUNT] = "mount", 44 [TOMOYO_MAC_FILE_UMOUNT] = "unmount", 45 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "pivot_root", 46 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file", 47 }; 48 49 /* String table for conditions. */ 50 const char * const tomoyo_condition_keyword[TOMOYO_MAX_CONDITION_KEYWORD] = { 51 [TOMOYO_TASK_UID] = "task.uid", 52 [TOMOYO_TASK_EUID] = "task.euid", 53 [TOMOYO_TASK_SUID] = "task.suid", 54 [TOMOYO_TASK_FSUID] = "task.fsuid", 55 [TOMOYO_TASK_GID] = "task.gid", 56 [TOMOYO_TASK_EGID] = "task.egid", 57 [TOMOYO_TASK_SGID] = "task.sgid", 58 [TOMOYO_TASK_FSGID] = "task.fsgid", 59 [TOMOYO_TASK_PID] = "task.pid", 60 [TOMOYO_TASK_PPID] = "task.ppid", 61 [TOMOYO_EXEC_ARGC] = "exec.argc", 62 [TOMOYO_EXEC_ENVC] = "exec.envc", 63 [TOMOYO_TYPE_IS_SOCKET] = "socket", 64 [TOMOYO_TYPE_IS_SYMLINK] = "symlink", 65 [TOMOYO_TYPE_IS_FILE] = "file", 66 [TOMOYO_TYPE_IS_BLOCK_DEV] = "block", 67 [TOMOYO_TYPE_IS_DIRECTORY] = "directory", 68 [TOMOYO_TYPE_IS_CHAR_DEV] = "char", 69 [TOMOYO_TYPE_IS_FIFO] = "fifo", 70 [TOMOYO_MODE_SETUID] = "setuid", 71 [TOMOYO_MODE_SETGID] = "setgid", 72 [TOMOYO_MODE_STICKY] = "sticky", 73 [TOMOYO_MODE_OWNER_READ] = "owner_read", 74 [TOMOYO_MODE_OWNER_WRITE] = "owner_write", 75 [TOMOYO_MODE_OWNER_EXECUTE] = "owner_execute", 76 [TOMOYO_MODE_GROUP_READ] = "group_read", 77 [TOMOYO_MODE_GROUP_WRITE] = "group_write", 78 [TOMOYO_MODE_GROUP_EXECUTE] = "group_execute", 79 [TOMOYO_MODE_OTHERS_READ] = "others_read", 80 [TOMOYO_MODE_OTHERS_WRITE] = "others_write", 81 [TOMOYO_MODE_OTHERS_EXECUTE] = "others_execute", 82 [TOMOYO_EXEC_REALPATH] = "exec.realpath", 83 [TOMOYO_SYMLINK_TARGET] = "symlink.target", 84 [TOMOYO_PATH1_UID] = "path1.uid", 85 [TOMOYO_PATH1_GID] = "path1.gid", 86 [TOMOYO_PATH1_INO] = "path1.ino", 87 [TOMOYO_PATH1_MAJOR] = "path1.major", 88 [TOMOYO_PATH1_MINOR] = "path1.minor", 89 [TOMOYO_PATH1_PERM] = "path1.perm", 90 [TOMOYO_PATH1_TYPE] = "path1.type", 91 [TOMOYO_PATH1_DEV_MAJOR] = "path1.dev_major", 92 [TOMOYO_PATH1_DEV_MINOR] = "path1.dev_minor", 93 [TOMOYO_PATH2_UID] = "path2.uid", 94 [TOMOYO_PATH2_GID] = "path2.gid", 95 [TOMOYO_PATH2_INO] = "path2.ino", 96 [TOMOYO_PATH2_MAJOR] = "path2.major", 97 [TOMOYO_PATH2_MINOR] = "path2.minor", 98 [TOMOYO_PATH2_PERM] = "path2.perm", 99 [TOMOYO_PATH2_TYPE] = "path2.type", 100 [TOMOYO_PATH2_DEV_MAJOR] = "path2.dev_major", 101 [TOMOYO_PATH2_DEV_MINOR] = "path2.dev_minor", 102 [TOMOYO_PATH1_PARENT_UID] = "path1.parent.uid", 103 [TOMOYO_PATH1_PARENT_GID] = "path1.parent.gid", 104 [TOMOYO_PATH1_PARENT_INO] = "path1.parent.ino", 105 [TOMOYO_PATH1_PARENT_PERM] = "path1.parent.perm", 106 [TOMOYO_PATH2_PARENT_UID] = "path2.parent.uid", 107 [TOMOYO_PATH2_PARENT_GID] = "path2.parent.gid", 108 [TOMOYO_PATH2_PARENT_INO] = "path2.parent.ino", 109 [TOMOYO_PATH2_PARENT_PERM] = "path2.parent.perm", 110 }; 111 112 /* String table for PREFERENCE keyword. */ 113 static const char * const tomoyo_pref_keywords[TOMOYO_MAX_PREF] = { 114 [TOMOYO_PREF_MAX_AUDIT_LOG] = "max_audit_log", 115 [TOMOYO_PREF_MAX_LEARNING_ENTRY] = "max_learning_entry", 116 }; 117 118 /* String table for path operation. */ 119 const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = { 120 [TOMOYO_TYPE_EXECUTE] = "execute", 121 [TOMOYO_TYPE_READ] = "read", 122 [TOMOYO_TYPE_WRITE] = "write", 123 [TOMOYO_TYPE_APPEND] = "append", 124 [TOMOYO_TYPE_UNLINK] = "unlink", 125 [TOMOYO_TYPE_GETATTR] = "getattr", 126 [TOMOYO_TYPE_RMDIR] = "rmdir", 127 [TOMOYO_TYPE_TRUNCATE] = "truncate", 128 [TOMOYO_TYPE_SYMLINK] = "symlink", 129 [TOMOYO_TYPE_CHROOT] = "chroot", 130 [TOMOYO_TYPE_UMOUNT] = "unmount", 131 }; 132 133 /* String table for categories. */ 134 static const char * const tomoyo_category_keywords 135 [TOMOYO_MAX_MAC_CATEGORY_INDEX] = { 136 [TOMOYO_MAC_CATEGORY_FILE] = "file", 137 }; 138 139 /* Permit policy management by non-root user? */ 140 static bool tomoyo_manage_by_non_root; 141 142 /* Utility functions. */ 143 144 /** 145 * tomoyo_yesno - Return "yes" or "no". 146 * 147 * @value: Bool value. 148 */ 149 const char *tomoyo_yesno(const unsigned int value) 150 { 151 return value ? "yes" : "no"; 152 } 153 154 /** 155 * tomoyo_addprintf - strncat()-like-snprintf(). 156 * 157 * @buffer: Buffer to write to. Must be '\0'-terminated. 158 * @len: Size of @buffer. 159 * @fmt: The printf()'s format string, followed by parameters. 160 * 161 * Returns nothing. 162 */ 163 static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...) 164 { 165 va_list args; 166 const int pos = strlen(buffer); 167 va_start(args, fmt); 168 vsnprintf(buffer + pos, len - pos - 1, fmt, args); 169 va_end(args); 170 } 171 172 /** 173 * tomoyo_flush - Flush queued string to userspace's buffer. 174 * 175 * @head: Pointer to "struct tomoyo_io_buffer". 176 * 177 * Returns true if all data was flushed, false otherwise. 178 */ 179 static bool tomoyo_flush(struct tomoyo_io_buffer *head) 180 { 181 while (head->r.w_pos) { 182 const char *w = head->r.w[0]; 183 size_t len = strlen(w); 184 if (len) { 185 if (len > head->read_user_buf_avail) 186 len = head->read_user_buf_avail; 187 if (!len) 188 return false; 189 if (copy_to_user(head->read_user_buf, w, len)) 190 return false; 191 head->read_user_buf_avail -= len; 192 head->read_user_buf += len; 193 w += len; 194 } 195 head->r.w[0] = w; 196 if (*w) 197 return false; 198 /* Add '\0' for audit logs and query. */ 199 if (head->poll) { 200 if (!head->read_user_buf_avail || 201 copy_to_user(head->read_user_buf, "", 1)) 202 return false; 203 head->read_user_buf_avail--; 204 head->read_user_buf++; 205 } 206 head->r.w_pos--; 207 for (len = 0; len < head->r.w_pos; len++) 208 head->r.w[len] = head->r.w[len + 1]; 209 } 210 head->r.avail = 0; 211 return true; 212 } 213 214 /** 215 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure. 216 * 217 * @head: Pointer to "struct tomoyo_io_buffer". 218 * @string: String to print. 219 * 220 * Note that @string has to be kept valid until @head is kfree()d. 221 * This means that char[] allocated on stack memory cannot be passed to 222 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory. 223 */ 224 static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string) 225 { 226 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) { 227 head->r.w[head->r.w_pos++] = string; 228 tomoyo_flush(head); 229 } else 230 WARN_ON(1); 231 } 232 233 /** 234 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure. 235 * 236 * @head: Pointer to "struct tomoyo_io_buffer". 237 * @fmt: The printf()'s format string, followed by parameters. 238 */ 239 void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 240 { 241 va_list args; 242 size_t len; 243 size_t pos = head->r.avail; 244 int size = head->readbuf_size - pos; 245 if (size <= 0) 246 return; 247 va_start(args, fmt); 248 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1; 249 va_end(args); 250 if (pos + len >= head->readbuf_size) { 251 WARN_ON(1); 252 return; 253 } 254 head->r.avail += len; 255 tomoyo_set_string(head, head->read_buf + pos); 256 } 257 258 /** 259 * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure. 260 * 261 * @head: Pointer to "struct tomoyo_io_buffer". 262 * 263 * Returns nothing. 264 */ 265 static void tomoyo_set_space(struct tomoyo_io_buffer *head) 266 { 267 tomoyo_set_string(head, " "); 268 } 269 270 /** 271 * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure. 272 * 273 * @head: Pointer to "struct tomoyo_io_buffer". 274 * 275 * Returns nothing. 276 */ 277 static bool tomoyo_set_lf(struct tomoyo_io_buffer *head) 278 { 279 tomoyo_set_string(head, "\n"); 280 return !head->r.w_pos; 281 } 282 283 /** 284 * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure. 285 * 286 * @head: Pointer to "struct tomoyo_io_buffer". 287 * 288 * Returns nothing. 289 */ 290 static void tomoyo_set_slash(struct tomoyo_io_buffer *head) 291 { 292 tomoyo_set_string(head, "/"); 293 } 294 295 /* List of namespaces. */ 296 LIST_HEAD(tomoyo_namespace_list); 297 /* True if namespace other than tomoyo_kernel_namespace is defined. */ 298 static bool tomoyo_namespace_enabled; 299 300 /** 301 * tomoyo_init_policy_namespace - Initialize namespace. 302 * 303 * @ns: Pointer to "struct tomoyo_policy_namespace". 304 * 305 * Returns nothing. 306 */ 307 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns) 308 { 309 unsigned int idx; 310 for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++) 311 INIT_LIST_HEAD(&ns->acl_group[idx]); 312 for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++) 313 INIT_LIST_HEAD(&ns->group_list[idx]); 314 for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++) 315 INIT_LIST_HEAD(&ns->policy_list[idx]); 316 ns->profile_version = 20100903; 317 tomoyo_namespace_enabled = !list_empty(&tomoyo_namespace_list); 318 list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list); 319 } 320 321 /** 322 * tomoyo_print_namespace - Print namespace header. 323 * 324 * @head: Pointer to "struct tomoyo_io_buffer". 325 * 326 * Returns nothing. 327 */ 328 static void tomoyo_print_namespace(struct tomoyo_io_buffer *head) 329 { 330 if (!tomoyo_namespace_enabled) 331 return; 332 tomoyo_set_string(head, 333 container_of(head->r.ns, 334 struct tomoyo_policy_namespace, 335 namespace_list)->name); 336 tomoyo_set_space(head); 337 } 338 339 /** 340 * tomoyo_print_name_union - Print a tomoyo_name_union. 341 * 342 * @head: Pointer to "struct tomoyo_io_buffer". 343 * @ptr: Pointer to "struct tomoyo_name_union". 344 */ 345 static void tomoyo_print_name_union(struct tomoyo_io_buffer *head, 346 const struct tomoyo_name_union *ptr) 347 { 348 tomoyo_set_space(head); 349 if (ptr->group) { 350 tomoyo_set_string(head, "@"); 351 tomoyo_set_string(head, ptr->group->group_name->name); 352 } else { 353 tomoyo_set_string(head, ptr->filename->name); 354 } 355 } 356 357 /** 358 * tomoyo_print_name_union_quoted - Print a tomoyo_name_union with a quote. 359 * 360 * @head: Pointer to "struct tomoyo_io_buffer". 361 * @ptr: Pointer to "struct tomoyo_name_union". 362 * 363 * Returns nothing. 364 */ 365 static void tomoyo_print_name_union_quoted(struct tomoyo_io_buffer *head, 366 const struct tomoyo_name_union *ptr) 367 { 368 if (ptr->group) { 369 tomoyo_set_string(head, "@"); 370 tomoyo_set_string(head, ptr->group->group_name->name); 371 } else { 372 tomoyo_set_string(head, "\""); 373 tomoyo_set_string(head, ptr->filename->name); 374 tomoyo_set_string(head, "\""); 375 } 376 } 377 378 /** 379 * tomoyo_print_number_union_nospace - Print a tomoyo_number_union without a space. 380 * 381 * @head: Pointer to "struct tomoyo_io_buffer". 382 * @ptr: Pointer to "struct tomoyo_number_union". 383 * 384 * Returns nothing. 385 */ 386 static void tomoyo_print_number_union_nospace 387 (struct tomoyo_io_buffer *head, const struct tomoyo_number_union *ptr) 388 { 389 if (ptr->group) { 390 tomoyo_set_string(head, "@"); 391 tomoyo_set_string(head, ptr->group->group_name->name); 392 } else { 393 int i; 394 unsigned long min = ptr->values[0]; 395 const unsigned long max = ptr->values[1]; 396 u8 min_type = ptr->value_type[0]; 397 const u8 max_type = ptr->value_type[1]; 398 char buffer[128]; 399 buffer[0] = '\0'; 400 for (i = 0; i < 2; i++) { 401 switch (min_type) { 402 case TOMOYO_VALUE_TYPE_HEXADECIMAL: 403 tomoyo_addprintf(buffer, sizeof(buffer), 404 "0x%lX", min); 405 break; 406 case TOMOYO_VALUE_TYPE_OCTAL: 407 tomoyo_addprintf(buffer, sizeof(buffer), 408 "0%lo", min); 409 break; 410 default: 411 tomoyo_addprintf(buffer, sizeof(buffer), "%lu", 412 min); 413 break; 414 } 415 if (min == max && min_type == max_type) 416 break; 417 tomoyo_addprintf(buffer, sizeof(buffer), "-"); 418 min_type = max_type; 419 min = max; 420 } 421 tomoyo_io_printf(head, "%s", buffer); 422 } 423 } 424 425 /** 426 * tomoyo_print_number_union - Print a tomoyo_number_union. 427 * 428 * @head: Pointer to "struct tomoyo_io_buffer". 429 * @ptr: Pointer to "struct tomoyo_number_union". 430 * 431 * Returns nothing. 432 */ 433 static void tomoyo_print_number_union(struct tomoyo_io_buffer *head, 434 const struct tomoyo_number_union *ptr) 435 { 436 tomoyo_set_space(head); 437 tomoyo_print_number_union_nospace(head, ptr); 438 } 439 440 /** 441 * tomoyo_assign_profile - Create a new profile. 442 * 443 * @ns: Pointer to "struct tomoyo_policy_namespace". 444 * @profile: Profile number to create. 445 * 446 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. 447 */ 448 static struct tomoyo_profile *tomoyo_assign_profile 449 (struct tomoyo_policy_namespace *ns, const unsigned int profile) 450 { 451 struct tomoyo_profile *ptr; 452 struct tomoyo_profile *entry; 453 if (profile >= TOMOYO_MAX_PROFILES) 454 return NULL; 455 ptr = ns->profile_ptr[profile]; 456 if (ptr) 457 return ptr; 458 entry = kzalloc(sizeof(*entry), GFP_NOFS); 459 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 460 goto out; 461 ptr = ns->profile_ptr[profile]; 462 if (!ptr && tomoyo_memory_ok(entry)) { 463 ptr = entry; 464 ptr->default_config = TOMOYO_CONFIG_DISABLED | 465 TOMOYO_CONFIG_WANT_GRANT_LOG | 466 TOMOYO_CONFIG_WANT_REJECT_LOG; 467 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT, 468 sizeof(ptr->config)); 469 ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] = 1024; 470 ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 2048; 471 mb(); /* Avoid out-of-order execution. */ 472 ns->profile_ptr[profile] = ptr; 473 entry = NULL; 474 } 475 mutex_unlock(&tomoyo_policy_lock); 476 out: 477 kfree(entry); 478 return ptr; 479 } 480 481 /** 482 * tomoyo_profile - Find a profile. 483 * 484 * @ns: Pointer to "struct tomoyo_policy_namespace". 485 * @profile: Profile number to find. 486 * 487 * Returns pointer to "struct tomoyo_profile". 488 */ 489 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, 490 const u8 profile) 491 { 492 static struct tomoyo_profile tomoyo_null_profile; 493 struct tomoyo_profile *ptr = ns->profile_ptr[profile]; 494 if (!ptr) 495 ptr = &tomoyo_null_profile; 496 return ptr; 497 } 498 499 /** 500 * tomoyo_find_yesno - Find values for specified keyword. 501 * 502 * @string: String to check. 503 * @find: Name of keyword. 504 * 505 * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise. 506 */ 507 static s8 tomoyo_find_yesno(const char *string, const char *find) 508 { 509 const char *cp = strstr(string, find); 510 if (cp) { 511 cp += strlen(find); 512 if (!strncmp(cp, "=yes", 4)) 513 return 1; 514 else if (!strncmp(cp, "=no", 3)) 515 return 0; 516 } 517 return -1; 518 } 519 520 /** 521 * tomoyo_set_uint - Set value for specified preference. 522 * 523 * @i: Pointer to "unsigned int". 524 * @string: String to check. 525 * @find: Name of keyword. 526 * 527 * Returns nothing. 528 */ 529 static void tomoyo_set_uint(unsigned int *i, const char *string, 530 const char *find) 531 { 532 const char *cp = strstr(string, find); 533 if (cp) 534 sscanf(cp + strlen(find), "=%u", i); 535 } 536 537 /** 538 * tomoyo_set_mode - Set mode for specified profile. 539 * 540 * @name: Name of functionality. 541 * @value: Mode for @name. 542 * @profile: Pointer to "struct tomoyo_profile". 543 * 544 * Returns 0 on success, negative value otherwise. 545 */ 546 static int tomoyo_set_mode(char *name, const char *value, 547 struct tomoyo_profile *profile) 548 { 549 u8 i; 550 u8 config; 551 if (!strcmp(name, "CONFIG")) { 552 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX; 553 config = profile->default_config; 554 } else if (tomoyo_str_starts(&name, "CONFIG::")) { 555 config = 0; 556 for (i = 0; i < TOMOYO_MAX_MAC_INDEX 557 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) { 558 int len = 0; 559 if (i < TOMOYO_MAX_MAC_INDEX) { 560 const u8 c = tomoyo_index2category[i]; 561 const char *category = 562 tomoyo_category_keywords[c]; 563 len = strlen(category); 564 if (strncmp(name, category, len) || 565 name[len++] != ':' || name[len++] != ':') 566 continue; 567 } 568 if (strcmp(name + len, tomoyo_mac_keywords[i])) 569 continue; 570 config = profile->config[i]; 571 break; 572 } 573 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 574 return -EINVAL; 575 } else { 576 return -EINVAL; 577 } 578 if (strstr(value, "use_default")) { 579 config = TOMOYO_CONFIG_USE_DEFAULT; 580 } else { 581 u8 mode; 582 for (mode = 0; mode < 4; mode++) 583 if (strstr(value, tomoyo_mode[mode])) 584 /* 585 * Update lower 3 bits in order to distinguish 586 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'. 587 */ 588 config = (config & ~7) | mode; 589 if (config != TOMOYO_CONFIG_USE_DEFAULT) { 590 switch (tomoyo_find_yesno(value, "grant_log")) { 591 case 1: 592 config |= TOMOYO_CONFIG_WANT_GRANT_LOG; 593 break; 594 case 0: 595 config &= ~TOMOYO_CONFIG_WANT_GRANT_LOG; 596 break; 597 } 598 switch (tomoyo_find_yesno(value, "reject_log")) { 599 case 1: 600 config |= TOMOYO_CONFIG_WANT_REJECT_LOG; 601 break; 602 case 0: 603 config &= ~TOMOYO_CONFIG_WANT_REJECT_LOG; 604 break; 605 } 606 } 607 } 608 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX) 609 profile->config[i] = config; 610 else if (config != TOMOYO_CONFIG_USE_DEFAULT) 611 profile->default_config = config; 612 return 0; 613 } 614 615 /** 616 * tomoyo_write_profile - Write profile table. 617 * 618 * @head: Pointer to "struct tomoyo_io_buffer". 619 * 620 * Returns 0 on success, negative value otherwise. 621 */ 622 static int tomoyo_write_profile(struct tomoyo_io_buffer *head) 623 { 624 char *data = head->write_buf; 625 unsigned int i; 626 char *cp; 627 struct tomoyo_profile *profile; 628 if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version) 629 == 1) 630 return 0; 631 i = simple_strtoul(data, &cp, 10); 632 if (*cp != '-') 633 return -EINVAL; 634 data = cp + 1; 635 profile = tomoyo_assign_profile(head->w.ns, i); 636 if (!profile) 637 return -EINVAL; 638 cp = strchr(data, '='); 639 if (!cp) 640 return -EINVAL; 641 *cp++ = '\0'; 642 if (!strcmp(data, "COMMENT")) { 643 static DEFINE_SPINLOCK(lock); 644 const struct tomoyo_path_info *new_comment 645 = tomoyo_get_name(cp); 646 const struct tomoyo_path_info *old_comment; 647 if (!new_comment) 648 return -ENOMEM; 649 spin_lock(&lock); 650 old_comment = profile->comment; 651 profile->comment = new_comment; 652 spin_unlock(&lock); 653 tomoyo_put_name(old_comment); 654 return 0; 655 } 656 if (!strcmp(data, "PREFERENCE")) { 657 for (i = 0; i < TOMOYO_MAX_PREF; i++) 658 tomoyo_set_uint(&profile->pref[i], cp, 659 tomoyo_pref_keywords[i]); 660 return 0; 661 } 662 return tomoyo_set_mode(data, cp, profile); 663 } 664 665 /** 666 * tomoyo_print_config - Print mode for specified functionality. 667 * 668 * @head: Pointer to "struct tomoyo_io_buffer". 669 * @config: Mode for that functionality. 670 * 671 * Returns nothing. 672 * 673 * Caller prints functionality's name. 674 */ 675 static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config) 676 { 677 tomoyo_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n", 678 tomoyo_mode[config & 3], 679 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_GRANT_LOG), 680 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_REJECT_LOG)); 681 } 682 683 /** 684 * tomoyo_read_profile - Read profile table. 685 * 686 * @head: Pointer to "struct tomoyo_io_buffer". 687 * 688 * Returns nothing. 689 */ 690 static void tomoyo_read_profile(struct tomoyo_io_buffer *head) 691 { 692 u8 index; 693 struct tomoyo_policy_namespace *ns = 694 container_of(head->r.ns, typeof(*ns), namespace_list); 695 const struct tomoyo_profile *profile; 696 if (head->r.eof) 697 return; 698 next: 699 index = head->r.index; 700 profile = ns->profile_ptr[index]; 701 switch (head->r.step) { 702 case 0: 703 tomoyo_print_namespace(head); 704 tomoyo_io_printf(head, "PROFILE_VERSION=%u\n", 705 ns->profile_version); 706 head->r.step++; 707 break; 708 case 1: 709 for ( ; head->r.index < TOMOYO_MAX_PROFILES; 710 head->r.index++) 711 if (ns->profile_ptr[head->r.index]) 712 break; 713 if (head->r.index == TOMOYO_MAX_PROFILES) { 714 head->r.eof = true; 715 return; 716 } 717 head->r.step++; 718 break; 719 case 2: 720 { 721 u8 i; 722 const struct tomoyo_path_info *comment = 723 profile->comment; 724 tomoyo_print_namespace(head); 725 tomoyo_io_printf(head, "%u-COMMENT=", index); 726 tomoyo_set_string(head, comment ? comment->name : ""); 727 tomoyo_set_lf(head); 728 tomoyo_print_namespace(head); 729 tomoyo_io_printf(head, "%u-PREFERENCE={ ", index); 730 for (i = 0; i < TOMOYO_MAX_PREF; i++) 731 tomoyo_io_printf(head, "%s=%u ", 732 tomoyo_pref_keywords[i], 733 profile->pref[i]); 734 tomoyo_set_string(head, "}\n"); 735 head->r.step++; 736 } 737 break; 738 case 3: 739 { 740 tomoyo_print_namespace(head); 741 tomoyo_io_printf(head, "%u-%s", index, "CONFIG"); 742 tomoyo_print_config(head, profile->default_config); 743 head->r.bit = 0; 744 head->r.step++; 745 } 746 break; 747 case 4: 748 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX 749 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) { 750 const u8 i = head->r.bit; 751 const u8 config = profile->config[i]; 752 if (config == TOMOYO_CONFIG_USE_DEFAULT) 753 continue; 754 tomoyo_print_namespace(head); 755 if (i < TOMOYO_MAX_MAC_INDEX) 756 tomoyo_io_printf(head, "%u-CONFIG::%s::%s", 757 index, 758 tomoyo_category_keywords 759 [tomoyo_index2category[i]], 760 tomoyo_mac_keywords[i]); 761 else 762 tomoyo_io_printf(head, "%u-CONFIG::%s", index, 763 tomoyo_mac_keywords[i]); 764 tomoyo_print_config(head, config); 765 head->r.bit++; 766 break; 767 } 768 if (head->r.bit == TOMOYO_MAX_MAC_INDEX 769 + TOMOYO_MAX_MAC_CATEGORY_INDEX) { 770 head->r.index++; 771 head->r.step = 1; 772 } 773 break; 774 } 775 if (tomoyo_flush(head)) 776 goto next; 777 } 778 779 /** 780 * tomoyo_same_manager - Check for duplicated "struct tomoyo_manager" entry. 781 * 782 * @a: Pointer to "struct tomoyo_acl_head". 783 * @b: Pointer to "struct tomoyo_acl_head". 784 * 785 * Returns true if @a == @b, false otherwise. 786 */ 787 static bool tomoyo_same_manager(const struct tomoyo_acl_head *a, 788 const struct tomoyo_acl_head *b) 789 { 790 return container_of(a, struct tomoyo_manager, head)->manager == 791 container_of(b, struct tomoyo_manager, head)->manager; 792 } 793 794 /** 795 * tomoyo_update_manager_entry - Add a manager entry. 796 * 797 * @manager: The path to manager or the domainnamme. 798 * @is_delete: True if it is a delete request. 799 * 800 * Returns 0 on success, negative value otherwise. 801 * 802 * Caller holds tomoyo_read_lock(). 803 */ 804 static int tomoyo_update_manager_entry(const char *manager, 805 const bool is_delete) 806 { 807 struct tomoyo_manager e = { }; 808 struct tomoyo_acl_param param = { 809 /* .ns = &tomoyo_kernel_namespace, */ 810 .is_delete = is_delete, 811 .list = &tomoyo_kernel_namespace. 812 policy_list[TOMOYO_ID_MANAGER], 813 }; 814 int error = is_delete ? -ENOENT : -ENOMEM; 815 if (tomoyo_domain_def(manager)) { 816 if (!tomoyo_correct_domain(manager)) 817 return -EINVAL; 818 e.is_domain = true; 819 } else { 820 if (!tomoyo_correct_path(manager)) 821 return -EINVAL; 822 } 823 e.manager = tomoyo_get_name(manager); 824 if (e.manager) { 825 error = tomoyo_update_policy(&e.head, sizeof(e), ¶m, 826 tomoyo_same_manager); 827 tomoyo_put_name(e.manager); 828 } 829 return error; 830 } 831 832 /** 833 * tomoyo_write_manager - Write manager policy. 834 * 835 * @head: Pointer to "struct tomoyo_io_buffer". 836 * 837 * Returns 0 on success, negative value otherwise. 838 * 839 * Caller holds tomoyo_read_lock(). 840 */ 841 static int tomoyo_write_manager(struct tomoyo_io_buffer *head) 842 { 843 char *data = head->write_buf; 844 845 if (!strcmp(data, "manage_by_non_root")) { 846 tomoyo_manage_by_non_root = !head->w.is_delete; 847 return 0; 848 } 849 return tomoyo_update_manager_entry(data, head->w.is_delete); 850 } 851 852 /** 853 * tomoyo_read_manager - Read manager policy. 854 * 855 * @head: Pointer to "struct tomoyo_io_buffer". 856 * 857 * Caller holds tomoyo_read_lock(). 858 */ 859 static void tomoyo_read_manager(struct tomoyo_io_buffer *head) 860 { 861 if (head->r.eof) 862 return; 863 list_for_each_cookie(head->r.acl, &tomoyo_kernel_namespace. 864 policy_list[TOMOYO_ID_MANAGER]) { 865 struct tomoyo_manager *ptr = 866 list_entry(head->r.acl, typeof(*ptr), head.list); 867 if (ptr->head.is_deleted) 868 continue; 869 if (!tomoyo_flush(head)) 870 return; 871 tomoyo_set_string(head, ptr->manager->name); 872 tomoyo_set_lf(head); 873 } 874 head->r.eof = true; 875 } 876 877 /** 878 * tomoyo_manager - Check whether the current process is a policy manager. 879 * 880 * Returns true if the current process is permitted to modify policy 881 * via /sys/kernel/security/tomoyo/ interface. 882 * 883 * Caller holds tomoyo_read_lock(). 884 */ 885 static bool tomoyo_manager(void) 886 { 887 struct tomoyo_manager *ptr; 888 const char *exe; 889 const struct task_struct *task = current; 890 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 891 bool found = false; 892 893 if (!tomoyo_policy_loaded) 894 return true; 895 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 896 return false; 897 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. 898 policy_list[TOMOYO_ID_MANAGER], head.list) { 899 if (!ptr->head.is_deleted && ptr->is_domain 900 && !tomoyo_pathcmp(domainname, ptr->manager)) { 901 found = true; 902 break; 903 } 904 } 905 if (found) 906 return true; 907 exe = tomoyo_get_exe(); 908 if (!exe) 909 return false; 910 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace. 911 policy_list[TOMOYO_ID_MANAGER], head.list) { 912 if (!ptr->head.is_deleted && !ptr->is_domain 913 && !strcmp(exe, ptr->manager->name)) { 914 found = true; 915 break; 916 } 917 } 918 if (!found) { /* Reduce error messages. */ 919 static pid_t last_pid; 920 const pid_t pid = current->pid; 921 if (last_pid != pid) { 922 printk(KERN_WARNING "%s ( %s ) is not permitted to " 923 "update policies.\n", domainname->name, exe); 924 last_pid = pid; 925 } 926 } 927 kfree(exe); 928 return found; 929 } 930 931 /** 932 * tomoyo_select_domain - Parse select command. 933 * 934 * @head: Pointer to "struct tomoyo_io_buffer". 935 * @data: String to parse. 936 * 937 * Returns true on success, false otherwise. 938 * 939 * Caller holds tomoyo_read_lock(). 940 */ 941 static bool tomoyo_select_domain(struct tomoyo_io_buffer *head, 942 const char *data) 943 { 944 unsigned int pid; 945 struct tomoyo_domain_info *domain = NULL; 946 bool global_pid = false; 947 if (strncmp(data, "select ", 7)) 948 return false; 949 data += 7; 950 if (sscanf(data, "pid=%u", &pid) == 1 || 951 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { 952 struct task_struct *p; 953 rcu_read_lock(); 954 read_lock(&tasklist_lock); 955 if (global_pid) 956 p = find_task_by_pid_ns(pid, &init_pid_ns); 957 else 958 p = find_task_by_vpid(pid); 959 if (p) 960 domain = tomoyo_real_domain(p); 961 read_unlock(&tasklist_lock); 962 rcu_read_unlock(); 963 } else if (!strncmp(data, "domain=", 7)) { 964 if (tomoyo_domain_def(data + 7)) 965 domain = tomoyo_find_domain(data + 7); 966 } else 967 return false; 968 head->w.domain = domain; 969 /* Accessing read_buf is safe because head->io_sem is held. */ 970 if (!head->read_buf) 971 return true; /* Do nothing if open(O_WRONLY). */ 972 memset(&head->r, 0, sizeof(head->r)); 973 head->r.print_this_domain_only = true; 974 if (domain) 975 head->r.domain = &domain->list; 976 else 977 head->r.eof = 1; 978 tomoyo_io_printf(head, "# select %s\n", data); 979 if (domain && domain->is_deleted) 980 tomoyo_io_printf(head, "# This is a deleted domain.\n"); 981 return true; 982 } 983 984 /** 985 * tomoyo_delete_domain - Delete a domain. 986 * 987 * @domainname: The name of domain. 988 * 989 * Returns 0. 990 * 991 * Caller holds tomoyo_read_lock(). 992 */ 993 static int tomoyo_delete_domain(char *domainname) 994 { 995 struct tomoyo_domain_info *domain; 996 struct tomoyo_path_info name; 997 998 name.name = domainname; 999 tomoyo_fill_path_info(&name); 1000 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 1001 return 0; 1002 /* Is there an active domain? */ 1003 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1004 /* Never delete tomoyo_kernel_domain */ 1005 if (domain == &tomoyo_kernel_domain) 1006 continue; 1007 if (domain->is_deleted || 1008 tomoyo_pathcmp(domain->domainname, &name)) 1009 continue; 1010 domain->is_deleted = true; 1011 break; 1012 } 1013 mutex_unlock(&tomoyo_policy_lock); 1014 return 0; 1015 } 1016 1017 /** 1018 * tomoyo_write_domain2 - Write domain policy. 1019 * 1020 * @ns: Pointer to "struct tomoyo_policy_namespace". 1021 * @list: Pointer to "struct list_head". 1022 * @data: Policy to be interpreted. 1023 * @is_delete: True if it is a delete request. 1024 * 1025 * Returns 0 on success, negative value otherwise. 1026 * 1027 * Caller holds tomoyo_read_lock(). 1028 */ 1029 static int tomoyo_write_domain2(struct tomoyo_policy_namespace *ns, 1030 struct list_head *list, char *data, 1031 const bool is_delete) 1032 { 1033 struct tomoyo_acl_param param = { 1034 .ns = ns, 1035 .list = list, 1036 .data = data, 1037 .is_delete = is_delete, 1038 }; 1039 static const struct { 1040 const char *keyword; 1041 int (*write) (struct tomoyo_acl_param *); 1042 } tomoyo_callback[1] = { 1043 { "file ", tomoyo_write_file }, 1044 }; 1045 u8 i; 1046 for (i = 0; i < 1; i++) { 1047 if (!tomoyo_str_starts(¶m.data, 1048 tomoyo_callback[i].keyword)) 1049 continue; 1050 return tomoyo_callback[i].write(¶m); 1051 } 1052 return -EINVAL; 1053 } 1054 1055 /* String table for domain flags. */ 1056 const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS] = { 1057 [TOMOYO_DIF_QUOTA_WARNED] = "quota_exceeded\n", 1058 [TOMOYO_DIF_TRANSITION_FAILED] = "transition_failed\n", 1059 }; 1060 1061 /** 1062 * tomoyo_write_domain - Write domain policy. 1063 * 1064 * @head: Pointer to "struct tomoyo_io_buffer". 1065 * 1066 * Returns 0 on success, negative value otherwise. 1067 * 1068 * Caller holds tomoyo_read_lock(). 1069 */ 1070 static int tomoyo_write_domain(struct tomoyo_io_buffer *head) 1071 { 1072 char *data = head->write_buf; 1073 struct tomoyo_policy_namespace *ns; 1074 struct tomoyo_domain_info *domain = head->w.domain; 1075 const bool is_delete = head->w.is_delete; 1076 bool is_select = !is_delete && tomoyo_str_starts(&data, "select "); 1077 unsigned int profile; 1078 if (*data == '<') { 1079 domain = NULL; 1080 if (is_delete) 1081 tomoyo_delete_domain(data); 1082 else if (is_select) 1083 domain = tomoyo_find_domain(data); 1084 else 1085 domain = tomoyo_assign_domain(data, false); 1086 head->w.domain = domain; 1087 return 0; 1088 } 1089 if (!domain) 1090 return -EINVAL; 1091 ns = domain->ns; 1092 if (sscanf(data, "use_profile %u", &profile) == 1 1093 && profile < TOMOYO_MAX_PROFILES) { 1094 if (!tomoyo_policy_loaded || ns->profile_ptr[profile]) 1095 domain->profile = (u8) profile; 1096 return 0; 1097 } 1098 if (sscanf(data, "use_group %u\n", &profile) == 1 1099 && profile < TOMOYO_MAX_ACL_GROUPS) { 1100 if (!is_delete) 1101 domain->group = (u8) profile; 1102 return 0; 1103 } 1104 for (profile = 0; profile < TOMOYO_MAX_DOMAIN_INFO_FLAGS; profile++) { 1105 const char *cp = tomoyo_dif[profile]; 1106 if (strncmp(data, cp, strlen(cp) - 1)) 1107 continue; 1108 domain->flags[profile] = !is_delete; 1109 return 0; 1110 } 1111 return tomoyo_write_domain2(ns, &domain->acl_info_list, data, 1112 is_delete); 1113 } 1114 1115 /** 1116 * tomoyo_print_condition - Print condition part. 1117 * 1118 * @head: Pointer to "struct tomoyo_io_buffer". 1119 * @cond: Pointer to "struct tomoyo_condition". 1120 * 1121 * Returns true on success, false otherwise. 1122 */ 1123 static bool tomoyo_print_condition(struct tomoyo_io_buffer *head, 1124 const struct tomoyo_condition *cond) 1125 { 1126 switch (head->r.cond_step) { 1127 case 0: 1128 head->r.cond_index = 0; 1129 head->r.cond_step++; 1130 /* fall through */ 1131 case 1: 1132 { 1133 const u16 condc = cond->condc; 1134 const struct tomoyo_condition_element *condp = 1135 (typeof(condp)) (cond + 1); 1136 const struct tomoyo_number_union *numbers_p = 1137 (typeof(numbers_p)) (condp + condc); 1138 const struct tomoyo_name_union *names_p = 1139 (typeof(names_p)) 1140 (numbers_p + cond->numbers_count); 1141 const struct tomoyo_argv *argv = 1142 (typeof(argv)) (names_p + cond->names_count); 1143 const struct tomoyo_envp *envp = 1144 (typeof(envp)) (argv + cond->argc); 1145 u16 skip; 1146 for (skip = 0; skip < head->r.cond_index; skip++) { 1147 const u8 left = condp->left; 1148 const u8 right = condp->right; 1149 condp++; 1150 switch (left) { 1151 case TOMOYO_ARGV_ENTRY: 1152 argv++; 1153 continue; 1154 case TOMOYO_ENVP_ENTRY: 1155 envp++; 1156 continue; 1157 case TOMOYO_NUMBER_UNION: 1158 numbers_p++; 1159 break; 1160 } 1161 switch (right) { 1162 case TOMOYO_NAME_UNION: 1163 names_p++; 1164 break; 1165 case TOMOYO_NUMBER_UNION: 1166 numbers_p++; 1167 break; 1168 } 1169 } 1170 while (head->r.cond_index < condc) { 1171 const u8 match = condp->equals; 1172 const u8 left = condp->left; 1173 const u8 right = condp->right; 1174 if (!tomoyo_flush(head)) 1175 return false; 1176 condp++; 1177 head->r.cond_index++; 1178 tomoyo_set_space(head); 1179 switch (left) { 1180 case TOMOYO_ARGV_ENTRY: 1181 tomoyo_io_printf(head, 1182 "exec.argv[%lu]%s=\"", 1183 argv->index, argv-> 1184 is_not ? "!" : ""); 1185 tomoyo_set_string(head, 1186 argv->value->name); 1187 tomoyo_set_string(head, "\""); 1188 argv++; 1189 continue; 1190 case TOMOYO_ENVP_ENTRY: 1191 tomoyo_set_string(head, 1192 "exec.envp[\""); 1193 tomoyo_set_string(head, 1194 envp->name->name); 1195 tomoyo_io_printf(head, "\"]%s=", envp-> 1196 is_not ? "!" : ""); 1197 if (envp->value) { 1198 tomoyo_set_string(head, "\""); 1199 tomoyo_set_string(head, envp-> 1200 value->name); 1201 tomoyo_set_string(head, "\""); 1202 } else { 1203 tomoyo_set_string(head, 1204 "NULL"); 1205 } 1206 envp++; 1207 continue; 1208 case TOMOYO_NUMBER_UNION: 1209 tomoyo_print_number_union_nospace 1210 (head, numbers_p++); 1211 break; 1212 default: 1213 tomoyo_set_string(head, 1214 tomoyo_condition_keyword[left]); 1215 break; 1216 } 1217 tomoyo_set_string(head, match ? "=" : "!="); 1218 switch (right) { 1219 case TOMOYO_NAME_UNION: 1220 tomoyo_print_name_union_quoted 1221 (head, names_p++); 1222 break; 1223 case TOMOYO_NUMBER_UNION: 1224 tomoyo_print_number_union_nospace 1225 (head, numbers_p++); 1226 break; 1227 default: 1228 tomoyo_set_string(head, 1229 tomoyo_condition_keyword[right]); 1230 break; 1231 } 1232 } 1233 } 1234 head->r.cond_step++; 1235 /* fall through */ 1236 case 2: 1237 if (!tomoyo_flush(head)) 1238 break; 1239 head->r.cond_step++; 1240 /* fall through */ 1241 case 3: 1242 tomoyo_set_lf(head); 1243 return true; 1244 } 1245 return false; 1246 } 1247 1248 /** 1249 * tomoyo_set_group - Print "acl_group " header keyword and category name. 1250 * 1251 * @head: Pointer to "struct tomoyo_io_buffer". 1252 * @category: Category name. 1253 * 1254 * Returns nothing. 1255 */ 1256 static void tomoyo_set_group(struct tomoyo_io_buffer *head, 1257 const char *category) 1258 { 1259 if (head->type == TOMOYO_EXCEPTIONPOLICY) { 1260 tomoyo_print_namespace(head); 1261 tomoyo_io_printf(head, "acl_group %u ", 1262 head->r.acl_group_index); 1263 } 1264 tomoyo_set_string(head, category); 1265 } 1266 1267 /** 1268 * tomoyo_print_entry - Print an ACL entry. 1269 * 1270 * @head: Pointer to "struct tomoyo_io_buffer". 1271 * @acl: Pointer to an ACL entry. 1272 * 1273 * Returns true on success, false otherwise. 1274 */ 1275 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, 1276 struct tomoyo_acl_info *acl) 1277 { 1278 const u8 acl_type = acl->type; 1279 bool first = true; 1280 u8 bit; 1281 1282 if (head->r.print_cond_part) 1283 goto print_cond_part; 1284 if (acl->is_deleted) 1285 return true; 1286 if (!tomoyo_flush(head)) 1287 return false; 1288 else if (acl_type == TOMOYO_TYPE_PATH_ACL) { 1289 struct tomoyo_path_acl *ptr = 1290 container_of(acl, typeof(*ptr), head); 1291 const u16 perm = ptr->perm; 1292 for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { 1293 if (!(perm & (1 << bit))) 1294 continue; 1295 if (head->r.print_transition_related_only && 1296 bit != TOMOYO_TYPE_EXECUTE) 1297 continue; 1298 if (first) { 1299 tomoyo_set_group(head, "file "); 1300 first = false; 1301 } else { 1302 tomoyo_set_slash(head); 1303 } 1304 tomoyo_set_string(head, tomoyo_path_keyword[bit]); 1305 } 1306 if (first) 1307 return true; 1308 tomoyo_print_name_union(head, &ptr->name); 1309 } else if (head->r.print_transition_related_only) { 1310 return true; 1311 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { 1312 struct tomoyo_path2_acl *ptr = 1313 container_of(acl, typeof(*ptr), head); 1314 const u8 perm = ptr->perm; 1315 for (bit = 0; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) { 1316 if (!(perm & (1 << bit))) 1317 continue; 1318 if (first) { 1319 tomoyo_set_group(head, "file "); 1320 first = false; 1321 } else { 1322 tomoyo_set_slash(head); 1323 } 1324 tomoyo_set_string(head, tomoyo_mac_keywords 1325 [tomoyo_pp2mac[bit]]); 1326 } 1327 if (first) 1328 return true; 1329 tomoyo_print_name_union(head, &ptr->name1); 1330 tomoyo_print_name_union(head, &ptr->name2); 1331 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) { 1332 struct tomoyo_path_number_acl *ptr = 1333 container_of(acl, typeof(*ptr), head); 1334 const u8 perm = ptr->perm; 1335 for (bit = 0; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; bit++) { 1336 if (!(perm & (1 << bit))) 1337 continue; 1338 if (first) { 1339 tomoyo_set_group(head, "file "); 1340 first = false; 1341 } else { 1342 tomoyo_set_slash(head); 1343 } 1344 tomoyo_set_string(head, tomoyo_mac_keywords 1345 [tomoyo_pn2mac[bit]]); 1346 } 1347 if (first) 1348 return true; 1349 tomoyo_print_name_union(head, &ptr->name); 1350 tomoyo_print_number_union(head, &ptr->number); 1351 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) { 1352 struct tomoyo_mkdev_acl *ptr = 1353 container_of(acl, typeof(*ptr), head); 1354 const u8 perm = ptr->perm; 1355 for (bit = 0; bit < TOMOYO_MAX_MKDEV_OPERATION; bit++) { 1356 if (!(perm & (1 << bit))) 1357 continue; 1358 if (first) { 1359 tomoyo_set_group(head, "file "); 1360 first = false; 1361 } else { 1362 tomoyo_set_slash(head); 1363 } 1364 tomoyo_set_string(head, tomoyo_mac_keywords 1365 [tomoyo_pnnn2mac[bit]]); 1366 } 1367 if (first) 1368 return true; 1369 tomoyo_print_name_union(head, &ptr->name); 1370 tomoyo_print_number_union(head, &ptr->mode); 1371 tomoyo_print_number_union(head, &ptr->major); 1372 tomoyo_print_number_union(head, &ptr->minor); 1373 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) { 1374 struct tomoyo_mount_acl *ptr = 1375 container_of(acl, typeof(*ptr), head); 1376 tomoyo_set_group(head, "file mount"); 1377 tomoyo_print_name_union(head, &ptr->dev_name); 1378 tomoyo_print_name_union(head, &ptr->dir_name); 1379 tomoyo_print_name_union(head, &ptr->fs_type); 1380 tomoyo_print_number_union(head, &ptr->flags); 1381 } 1382 if (acl->cond) { 1383 head->r.print_cond_part = true; 1384 head->r.cond_step = 0; 1385 if (!tomoyo_flush(head)) 1386 return false; 1387 print_cond_part: 1388 if (!tomoyo_print_condition(head, acl->cond)) 1389 return false; 1390 head->r.print_cond_part = false; 1391 } else { 1392 tomoyo_set_lf(head); 1393 } 1394 return true; 1395 } 1396 1397 /** 1398 * tomoyo_read_domain2 - Read domain policy. 1399 * 1400 * @head: Pointer to "struct tomoyo_io_buffer". 1401 * @list: Pointer to "struct list_head". 1402 * 1403 * Caller holds tomoyo_read_lock(). 1404 * 1405 * Returns true on success, false otherwise. 1406 */ 1407 static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head, 1408 struct list_head *list) 1409 { 1410 list_for_each_cookie(head->r.acl, list) { 1411 struct tomoyo_acl_info *ptr = 1412 list_entry(head->r.acl, typeof(*ptr), list); 1413 if (!tomoyo_print_entry(head, ptr)) 1414 return false; 1415 } 1416 head->r.acl = NULL; 1417 return true; 1418 } 1419 1420 /** 1421 * tomoyo_read_domain - Read domain policy. 1422 * 1423 * @head: Pointer to "struct tomoyo_io_buffer". 1424 * 1425 * Caller holds tomoyo_read_lock(). 1426 */ 1427 static void tomoyo_read_domain(struct tomoyo_io_buffer *head) 1428 { 1429 if (head->r.eof) 1430 return; 1431 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { 1432 struct tomoyo_domain_info *domain = 1433 list_entry(head->r.domain, typeof(*domain), list); 1434 switch (head->r.step) { 1435 u8 i; 1436 case 0: 1437 if (domain->is_deleted && 1438 !head->r.print_this_domain_only) 1439 continue; 1440 /* Print domainname and flags. */ 1441 tomoyo_set_string(head, domain->domainname->name); 1442 tomoyo_set_lf(head); 1443 tomoyo_io_printf(head, "use_profile %u\n", 1444 domain->profile); 1445 tomoyo_io_printf(head, "use_group %u\n", 1446 domain->group); 1447 for (i = 0; i < TOMOYO_MAX_DOMAIN_INFO_FLAGS; i++) 1448 if (domain->flags[i]) 1449 tomoyo_set_string(head, tomoyo_dif[i]); 1450 head->r.step++; 1451 tomoyo_set_lf(head); 1452 /* fall through */ 1453 case 1: 1454 if (!tomoyo_read_domain2(head, &domain->acl_info_list)) 1455 return; 1456 head->r.step++; 1457 if (!tomoyo_set_lf(head)) 1458 return; 1459 /* fall through */ 1460 case 2: 1461 head->r.step = 0; 1462 if (head->r.print_this_domain_only) 1463 goto done; 1464 } 1465 } 1466 done: 1467 head->r.eof = true; 1468 } 1469 1470 /** 1471 * tomoyo_write_pid: Specify PID to obtain domainname. 1472 * 1473 * @head: Pointer to "struct tomoyo_io_buffer". 1474 * 1475 * Returns 0. 1476 */ 1477 static int tomoyo_write_pid(struct tomoyo_io_buffer *head) 1478 { 1479 head->r.eof = false; 1480 return 0; 1481 } 1482 1483 /** 1484 * tomoyo_read_pid - Get domainname of the specified PID. 1485 * 1486 * @head: Pointer to "struct tomoyo_io_buffer". 1487 * 1488 * Returns the domainname which the specified PID is in on success, 1489 * empty string otherwise. 1490 * The PID is specified by tomoyo_write_pid() so that the user can obtain 1491 * using read()/write() interface rather than sysctl() interface. 1492 */ 1493 static void tomoyo_read_pid(struct tomoyo_io_buffer *head) 1494 { 1495 char *buf = head->write_buf; 1496 bool global_pid = false; 1497 unsigned int pid; 1498 struct task_struct *p; 1499 struct tomoyo_domain_info *domain = NULL; 1500 1501 /* Accessing write_buf is safe because head->io_sem is held. */ 1502 if (!buf) { 1503 head->r.eof = true; 1504 return; /* Do nothing if open(O_RDONLY). */ 1505 } 1506 if (head->r.w_pos || head->r.eof) 1507 return; 1508 head->r.eof = true; 1509 if (tomoyo_str_starts(&buf, "global-pid ")) 1510 global_pid = true; 1511 pid = (unsigned int) simple_strtoul(buf, NULL, 10); 1512 rcu_read_lock(); 1513 read_lock(&tasklist_lock); 1514 if (global_pid) 1515 p = find_task_by_pid_ns(pid, &init_pid_ns); 1516 else 1517 p = find_task_by_vpid(pid); 1518 if (p) 1519 domain = tomoyo_real_domain(p); 1520 read_unlock(&tasklist_lock); 1521 rcu_read_unlock(); 1522 if (!domain) 1523 return; 1524 tomoyo_io_printf(head, "%u %u ", pid, domain->profile); 1525 tomoyo_set_string(head, domain->domainname->name); 1526 } 1527 1528 /* String table for domain transition control keywords. */ 1529 static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = { 1530 [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ", 1531 [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ", 1532 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ", 1533 [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ", 1534 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain ", 1535 [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ", 1536 }; 1537 1538 /* String table for grouping keywords. */ 1539 static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = { 1540 [TOMOYO_PATH_GROUP] = "path_group ", 1541 [TOMOYO_NUMBER_GROUP] = "number_group ", 1542 }; 1543 1544 /** 1545 * tomoyo_write_exception - Write exception policy. 1546 * 1547 * @head: Pointer to "struct tomoyo_io_buffer". 1548 * 1549 * Returns 0 on success, negative value otherwise. 1550 * 1551 * Caller holds tomoyo_read_lock(). 1552 */ 1553 static int tomoyo_write_exception(struct tomoyo_io_buffer *head) 1554 { 1555 const bool is_delete = head->w.is_delete; 1556 struct tomoyo_acl_param param = { 1557 .ns = head->w.ns, 1558 .is_delete = is_delete, 1559 .data = head->write_buf, 1560 }; 1561 u8 i; 1562 if (tomoyo_str_starts(¶m.data, "aggregator ")) 1563 return tomoyo_write_aggregator(¶m); 1564 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) 1565 if (tomoyo_str_starts(¶m.data, tomoyo_transition_type[i])) 1566 return tomoyo_write_transition_control(¶m, i); 1567 for (i = 0; i < TOMOYO_MAX_GROUP; i++) 1568 if (tomoyo_str_starts(¶m.data, tomoyo_group_name[i])) 1569 return tomoyo_write_group(¶m, i); 1570 if (tomoyo_str_starts(¶m.data, "acl_group ")) { 1571 unsigned int group; 1572 char *data; 1573 group = simple_strtoul(param.data, &data, 10); 1574 if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ') 1575 return tomoyo_write_domain2 1576 (head->w.ns, &head->w.ns->acl_group[group], 1577 data, is_delete); 1578 } 1579 return -EINVAL; 1580 } 1581 1582 /** 1583 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list. 1584 * 1585 * @head: Pointer to "struct tomoyo_io_buffer". 1586 * @idx: Index number. 1587 * 1588 * Returns true on success, false otherwise. 1589 * 1590 * Caller holds tomoyo_read_lock(). 1591 */ 1592 static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx) 1593 { 1594 struct tomoyo_policy_namespace *ns = 1595 container_of(head->r.ns, typeof(*ns), namespace_list); 1596 struct list_head *list = &ns->group_list[idx]; 1597 list_for_each_cookie(head->r.group, list) { 1598 struct tomoyo_group *group = 1599 list_entry(head->r.group, typeof(*group), head.list); 1600 list_for_each_cookie(head->r.acl, &group->member_list) { 1601 struct tomoyo_acl_head *ptr = 1602 list_entry(head->r.acl, typeof(*ptr), list); 1603 if (ptr->is_deleted) 1604 continue; 1605 if (!tomoyo_flush(head)) 1606 return false; 1607 tomoyo_print_namespace(head); 1608 tomoyo_set_string(head, tomoyo_group_name[idx]); 1609 tomoyo_set_string(head, group->group_name->name); 1610 if (idx == TOMOYO_PATH_GROUP) { 1611 tomoyo_set_space(head); 1612 tomoyo_set_string(head, container_of 1613 (ptr, struct tomoyo_path_group, 1614 head)->member_name->name); 1615 } else if (idx == TOMOYO_NUMBER_GROUP) { 1616 tomoyo_print_number_union(head, &container_of 1617 (ptr, 1618 struct tomoyo_number_group, 1619 head)->number); 1620 } 1621 tomoyo_set_lf(head); 1622 } 1623 head->r.acl = NULL; 1624 } 1625 head->r.group = NULL; 1626 return true; 1627 } 1628 1629 /** 1630 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list. 1631 * 1632 * @head: Pointer to "struct tomoyo_io_buffer". 1633 * @idx: Index number. 1634 * 1635 * Returns true on success, false otherwise. 1636 * 1637 * Caller holds tomoyo_read_lock(). 1638 */ 1639 static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) 1640 { 1641 struct tomoyo_policy_namespace *ns = 1642 container_of(head->r.ns, typeof(*ns), namespace_list); 1643 struct list_head *list = &ns->policy_list[idx]; 1644 list_for_each_cookie(head->r.acl, list) { 1645 struct tomoyo_acl_head *acl = 1646 container_of(head->r.acl, typeof(*acl), list); 1647 if (acl->is_deleted) 1648 continue; 1649 if (!tomoyo_flush(head)) 1650 return false; 1651 switch (idx) { 1652 case TOMOYO_ID_TRANSITION_CONTROL: 1653 { 1654 struct tomoyo_transition_control *ptr = 1655 container_of(acl, typeof(*ptr), head); 1656 tomoyo_print_namespace(head); 1657 tomoyo_set_string(head, tomoyo_transition_type 1658 [ptr->type]); 1659 tomoyo_set_string(head, ptr->program ? 1660 ptr->program->name : "any"); 1661 tomoyo_set_string(head, " from "); 1662 tomoyo_set_string(head, ptr->domainname ? 1663 ptr->domainname->name : 1664 "any"); 1665 } 1666 break; 1667 case TOMOYO_ID_AGGREGATOR: 1668 { 1669 struct tomoyo_aggregator *ptr = 1670 container_of(acl, typeof(*ptr), head); 1671 tomoyo_print_namespace(head); 1672 tomoyo_set_string(head, "aggregator "); 1673 tomoyo_set_string(head, 1674 ptr->original_name->name); 1675 tomoyo_set_space(head); 1676 tomoyo_set_string(head, 1677 ptr->aggregated_name->name); 1678 } 1679 break; 1680 default: 1681 continue; 1682 } 1683 tomoyo_set_lf(head); 1684 } 1685 head->r.acl = NULL; 1686 return true; 1687 } 1688 1689 /** 1690 * tomoyo_read_exception - Read exception policy. 1691 * 1692 * @head: Pointer to "struct tomoyo_io_buffer". 1693 * 1694 * Caller holds tomoyo_read_lock(). 1695 */ 1696 static void tomoyo_read_exception(struct tomoyo_io_buffer *head) 1697 { 1698 struct tomoyo_policy_namespace *ns = 1699 container_of(head->r.ns, typeof(*ns), namespace_list); 1700 if (head->r.eof) 1701 return; 1702 while (head->r.step < TOMOYO_MAX_POLICY && 1703 tomoyo_read_policy(head, head->r.step)) 1704 head->r.step++; 1705 if (head->r.step < TOMOYO_MAX_POLICY) 1706 return; 1707 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP && 1708 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY)) 1709 head->r.step++; 1710 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP) 1711 return; 1712 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP 1713 + TOMOYO_MAX_ACL_GROUPS) { 1714 head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY 1715 - TOMOYO_MAX_GROUP; 1716 if (!tomoyo_read_domain2(head, &ns->acl_group 1717 [head->r.acl_group_index])) 1718 return; 1719 head->r.step++; 1720 } 1721 head->r.eof = true; 1722 } 1723 1724 /* Wait queue for kernel -> userspace notification. */ 1725 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait); 1726 /* Wait queue for userspace -> kernel notification. */ 1727 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait); 1728 1729 /* Structure for query. */ 1730 struct tomoyo_query { 1731 struct list_head list; 1732 char *query; 1733 size_t query_len; 1734 unsigned int serial; 1735 u8 timer; 1736 u8 answer; 1737 u8 retry; 1738 }; 1739 1740 /* The list for "struct tomoyo_query". */ 1741 static LIST_HEAD(tomoyo_query_list); 1742 1743 /* Lock for manipulating tomoyo_query_list. */ 1744 static DEFINE_SPINLOCK(tomoyo_query_list_lock); 1745 1746 /* 1747 * Number of "struct file" referring /sys/kernel/security/tomoyo/query 1748 * interface. 1749 */ 1750 static atomic_t tomoyo_query_observers = ATOMIC_INIT(0); 1751 1752 /** 1753 * tomoyo_truncate - Truncate a line. 1754 * 1755 * @str: String to truncate. 1756 * 1757 * Returns length of truncated @str. 1758 */ 1759 static int tomoyo_truncate(char *str) 1760 { 1761 char *start = str; 1762 while (*(unsigned char *) str > (unsigned char) ' ') 1763 str++; 1764 *str = '\0'; 1765 return strlen(start) + 1; 1766 } 1767 1768 /** 1769 * tomoyo_add_entry - Add an ACL to current thread's domain. Used by learning mode. 1770 * 1771 * @domain: Pointer to "struct tomoyo_domain_info". 1772 * @header: Lines containing ACL. 1773 * 1774 * Returns nothing. 1775 */ 1776 static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header) 1777 { 1778 char *buffer; 1779 char *realpath = NULL; 1780 char *argv0 = NULL; 1781 char *symlink = NULL; 1782 char *cp = strchr(header, '\n'); 1783 int len; 1784 if (!cp) 1785 return; 1786 cp = strchr(cp + 1, '\n'); 1787 if (!cp) 1788 return; 1789 *cp++ = '\0'; 1790 len = strlen(cp) + 1; 1791 /* strstr() will return NULL if ordering is wrong. */ 1792 if (*cp == 'f') { 1793 argv0 = strstr(header, " argv[]={ \""); 1794 if (argv0) { 1795 argv0 += 10; 1796 len += tomoyo_truncate(argv0) + 14; 1797 } 1798 realpath = strstr(header, " exec={ realpath=\""); 1799 if (realpath) { 1800 realpath += 8; 1801 len += tomoyo_truncate(realpath) + 6; 1802 } 1803 symlink = strstr(header, " symlink.target=\""); 1804 if (symlink) 1805 len += tomoyo_truncate(symlink + 1) + 1; 1806 } 1807 buffer = kmalloc(len, GFP_NOFS); 1808 if (!buffer) 1809 return; 1810 snprintf(buffer, len - 1, "%s", cp); 1811 if (realpath) 1812 tomoyo_addprintf(buffer, len, " exec.%s", realpath); 1813 if (argv0) 1814 tomoyo_addprintf(buffer, len, " exec.argv[0]=%s", argv0); 1815 if (symlink) 1816 tomoyo_addprintf(buffer, len, "%s", symlink); 1817 tomoyo_normalize_line(buffer); 1818 if (!tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer, 1819 false)) 1820 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES); 1821 kfree(buffer); 1822 } 1823 1824 /** 1825 * tomoyo_supervisor - Ask for the supervisor's decision. 1826 * 1827 * @r: Pointer to "struct tomoyo_request_info". 1828 * @fmt: The printf()'s format string, followed by parameters. 1829 * 1830 * Returns 0 if the supervisor decided to permit the access request which 1831 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the 1832 * supervisor decided to retry the access request which violated the policy in 1833 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise. 1834 */ 1835 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) 1836 { 1837 va_list args; 1838 int error; 1839 int len; 1840 static unsigned int tomoyo_serial; 1841 struct tomoyo_query entry = { }; 1842 bool quota_exceeded = false; 1843 va_start(args, fmt); 1844 len = vsnprintf((char *) &len, 1, fmt, args) + 1; 1845 va_end(args); 1846 /* Write /sys/kernel/security/tomoyo/audit. */ 1847 va_start(args, fmt); 1848 tomoyo_write_log2(r, len, fmt, args); 1849 va_end(args); 1850 /* Nothing more to do if granted. */ 1851 if (r->granted) 1852 return 0; 1853 if (r->mode) 1854 tomoyo_update_stat(r->mode); 1855 switch (r->mode) { 1856 case TOMOYO_CONFIG_ENFORCING: 1857 error = -EPERM; 1858 if (atomic_read(&tomoyo_query_observers)) 1859 break; 1860 goto out; 1861 case TOMOYO_CONFIG_LEARNING: 1862 error = 0; 1863 /* Check max_learning_entry parameter. */ 1864 if (tomoyo_domain_quota_is_ok(r)) 1865 break; 1866 /* fall through */ 1867 default: 1868 return 0; 1869 } 1870 /* Get message. */ 1871 va_start(args, fmt); 1872 entry.query = tomoyo_init_log(r, len, fmt, args); 1873 va_end(args); 1874 if (!entry.query) 1875 goto out; 1876 entry.query_len = strlen(entry.query) + 1; 1877 if (!error) { 1878 tomoyo_add_entry(r->domain, entry.query); 1879 goto out; 1880 } 1881 len = tomoyo_round2(entry.query_len); 1882 spin_lock(&tomoyo_query_list_lock); 1883 if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] && 1884 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len 1885 >= tomoyo_memory_quota[TOMOYO_MEMORY_QUERY]) { 1886 quota_exceeded = true; 1887 } else { 1888 entry.serial = tomoyo_serial++; 1889 entry.retry = r->retry; 1890 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] += len; 1891 list_add_tail(&entry.list, &tomoyo_query_list); 1892 } 1893 spin_unlock(&tomoyo_query_list_lock); 1894 if (quota_exceeded) 1895 goto out; 1896 /* Give 10 seconds for supervisor's opinion. */ 1897 while (entry.timer < 10) { 1898 wake_up_all(&tomoyo_query_wait); 1899 if (wait_event_interruptible_timeout 1900 (tomoyo_answer_wait, entry.answer || 1901 !atomic_read(&tomoyo_query_observers), HZ)) 1902 break; 1903 else 1904 entry.timer++; 1905 } 1906 spin_lock(&tomoyo_query_list_lock); 1907 list_del(&entry.list); 1908 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] -= len; 1909 spin_unlock(&tomoyo_query_list_lock); 1910 switch (entry.answer) { 1911 case 3: /* Asked to retry by administrator. */ 1912 error = TOMOYO_RETRY_REQUEST; 1913 r->retry++; 1914 break; 1915 case 1: 1916 /* Granted by administrator. */ 1917 error = 0; 1918 break; 1919 default: 1920 /* Timed out or rejected by administrator. */ 1921 break; 1922 } 1923 out: 1924 kfree(entry.query); 1925 return error; 1926 } 1927 1928 /** 1929 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query. 1930 * 1931 * @file: Pointer to "struct file". 1932 * @wait: Pointer to "poll_table". 1933 * 1934 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise. 1935 * 1936 * Waits for access requests which violated policy in enforcing mode. 1937 */ 1938 static int tomoyo_poll_query(struct file *file, poll_table *wait) 1939 { 1940 struct list_head *tmp; 1941 bool found = false; 1942 u8 i; 1943 for (i = 0; i < 2; i++) { 1944 spin_lock(&tomoyo_query_list_lock); 1945 list_for_each(tmp, &tomoyo_query_list) { 1946 struct tomoyo_query *ptr = 1947 list_entry(tmp, typeof(*ptr), list); 1948 if (ptr->answer) 1949 continue; 1950 found = true; 1951 break; 1952 } 1953 spin_unlock(&tomoyo_query_list_lock); 1954 if (found) 1955 return POLLIN | POLLRDNORM; 1956 if (i) 1957 break; 1958 poll_wait(file, &tomoyo_query_wait, wait); 1959 } 1960 return 0; 1961 } 1962 1963 /** 1964 * tomoyo_read_query - Read access requests which violated policy in enforcing mode. 1965 * 1966 * @head: Pointer to "struct tomoyo_io_buffer". 1967 */ 1968 static void tomoyo_read_query(struct tomoyo_io_buffer *head) 1969 { 1970 struct list_head *tmp; 1971 unsigned int pos = 0; 1972 size_t len = 0; 1973 char *buf; 1974 if (head->r.w_pos) 1975 return; 1976 if (head->read_buf) { 1977 kfree(head->read_buf); 1978 head->read_buf = NULL; 1979 } 1980 spin_lock(&tomoyo_query_list_lock); 1981 list_for_each(tmp, &tomoyo_query_list) { 1982 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 1983 if (ptr->answer) 1984 continue; 1985 if (pos++ != head->r.query_index) 1986 continue; 1987 len = ptr->query_len; 1988 break; 1989 } 1990 spin_unlock(&tomoyo_query_list_lock); 1991 if (!len) { 1992 head->r.query_index = 0; 1993 return; 1994 } 1995 buf = kzalloc(len + 32, GFP_NOFS); 1996 if (!buf) 1997 return; 1998 pos = 0; 1999 spin_lock(&tomoyo_query_list_lock); 2000 list_for_each(tmp, &tomoyo_query_list) { 2001 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2002 if (ptr->answer) 2003 continue; 2004 if (pos++ != head->r.query_index) 2005 continue; 2006 /* 2007 * Some query can be skipped because tomoyo_query_list 2008 * can change, but I don't care. 2009 */ 2010 if (len == ptr->query_len) 2011 snprintf(buf, len + 31, "Q%u-%hu\n%s", ptr->serial, 2012 ptr->retry, ptr->query); 2013 break; 2014 } 2015 spin_unlock(&tomoyo_query_list_lock); 2016 if (buf[0]) { 2017 head->read_buf = buf; 2018 head->r.w[head->r.w_pos++] = buf; 2019 head->r.query_index++; 2020 } else { 2021 kfree(buf); 2022 } 2023 } 2024 2025 /** 2026 * tomoyo_write_answer - Write the supervisor's decision. 2027 * 2028 * @head: Pointer to "struct tomoyo_io_buffer". 2029 * 2030 * Returns 0 on success, -EINVAL otherwise. 2031 */ 2032 static int tomoyo_write_answer(struct tomoyo_io_buffer *head) 2033 { 2034 char *data = head->write_buf; 2035 struct list_head *tmp; 2036 unsigned int serial; 2037 unsigned int answer; 2038 spin_lock(&tomoyo_query_list_lock); 2039 list_for_each(tmp, &tomoyo_query_list) { 2040 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2041 ptr->timer = 0; 2042 } 2043 spin_unlock(&tomoyo_query_list_lock); 2044 if (sscanf(data, "A%u=%u", &serial, &answer) != 2) 2045 return -EINVAL; 2046 spin_lock(&tomoyo_query_list_lock); 2047 list_for_each(tmp, &tomoyo_query_list) { 2048 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2049 if (ptr->serial != serial) 2050 continue; 2051 if (!ptr->answer) 2052 ptr->answer = answer; 2053 break; 2054 } 2055 spin_unlock(&tomoyo_query_list_lock); 2056 return 0; 2057 } 2058 2059 /** 2060 * tomoyo_read_version: Get version. 2061 * 2062 * @head: Pointer to "struct tomoyo_io_buffer". 2063 * 2064 * Returns version information. 2065 */ 2066 static void tomoyo_read_version(struct tomoyo_io_buffer *head) 2067 { 2068 if (!head->r.eof) { 2069 tomoyo_io_printf(head, "2.4.0"); 2070 head->r.eof = true; 2071 } 2072 } 2073 2074 /** 2075 * tomoyo_read_self_domain - Get the current process's domainname. 2076 * 2077 * @head: Pointer to "struct tomoyo_io_buffer". 2078 * 2079 * Returns the current process's domainname. 2080 */ 2081 static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head) 2082 { 2083 if (!head->r.eof) { 2084 /* 2085 * tomoyo_domain()->domainname != NULL 2086 * because every process belongs to a domain and 2087 * the domain's name cannot be NULL. 2088 */ 2089 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name); 2090 head->r.eof = true; 2091 } 2092 } 2093 2094 /* String table for /sys/kernel/security/tomoyo/stat interface. */ 2095 static const char * const tomoyo_policy_headers[TOMOYO_MAX_POLICY_STAT] = { 2096 [TOMOYO_STAT_POLICY_UPDATES] = "update:", 2097 [TOMOYO_STAT_POLICY_LEARNING] = "violation in learning mode:", 2098 [TOMOYO_STAT_POLICY_PERMISSIVE] = "violation in permissive mode:", 2099 [TOMOYO_STAT_POLICY_ENFORCING] = "violation in enforcing mode:", 2100 }; 2101 2102 /* String table for /sys/kernel/security/tomoyo/stat interface. */ 2103 static const char * const tomoyo_memory_headers[TOMOYO_MAX_MEMORY_STAT] = { 2104 [TOMOYO_MEMORY_POLICY] = "policy:", 2105 [TOMOYO_MEMORY_AUDIT] = "audit log:", 2106 [TOMOYO_MEMORY_QUERY] = "query message:", 2107 }; 2108 2109 /* Timestamp counter for last updated. */ 2110 static unsigned int tomoyo_stat_updated[TOMOYO_MAX_POLICY_STAT]; 2111 /* Counter for number of updates. */ 2112 static unsigned int tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT]; 2113 2114 /** 2115 * tomoyo_update_stat - Update statistic counters. 2116 * 2117 * @index: Index for policy type. 2118 * 2119 * Returns nothing. 2120 */ 2121 void tomoyo_update_stat(const u8 index) 2122 { 2123 struct timeval tv; 2124 do_gettimeofday(&tv); 2125 /* 2126 * I don't use atomic operations because race condition is not fatal. 2127 */ 2128 tomoyo_stat_updated[index]++; 2129 tomoyo_stat_modified[index] = tv.tv_sec; 2130 } 2131 2132 /** 2133 * tomoyo_read_stat - Read statistic data. 2134 * 2135 * @head: Pointer to "struct tomoyo_io_buffer". 2136 * 2137 * Returns nothing. 2138 */ 2139 static void tomoyo_read_stat(struct tomoyo_io_buffer *head) 2140 { 2141 u8 i; 2142 unsigned int total = 0; 2143 if (head->r.eof) 2144 return; 2145 for (i = 0; i < TOMOYO_MAX_POLICY_STAT; i++) { 2146 tomoyo_io_printf(head, "Policy %-30s %10u", 2147 tomoyo_policy_headers[i], 2148 tomoyo_stat_updated[i]); 2149 if (tomoyo_stat_modified[i]) { 2150 struct tomoyo_time stamp; 2151 tomoyo_convert_time(tomoyo_stat_modified[i], &stamp); 2152 tomoyo_io_printf(head, " (Last: %04u/%02u/%02u " 2153 "%02u:%02u:%02u)", 2154 stamp.year, stamp.month, stamp.day, 2155 stamp.hour, stamp.min, stamp.sec); 2156 } 2157 tomoyo_set_lf(head); 2158 } 2159 for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) { 2160 unsigned int used = tomoyo_memory_used[i]; 2161 total += used; 2162 tomoyo_io_printf(head, "Memory used by %-22s %10u", 2163 tomoyo_memory_headers[i], used); 2164 used = tomoyo_memory_quota[i]; 2165 if (used) 2166 tomoyo_io_printf(head, " (Quota: %10u)", used); 2167 tomoyo_set_lf(head); 2168 } 2169 tomoyo_io_printf(head, "Total memory used: %10u\n", 2170 total); 2171 head->r.eof = true; 2172 } 2173 2174 /** 2175 * tomoyo_write_stat - Set memory quota. 2176 * 2177 * @head: Pointer to "struct tomoyo_io_buffer". 2178 * 2179 * Returns 0. 2180 */ 2181 static int tomoyo_write_stat(struct tomoyo_io_buffer *head) 2182 { 2183 char *data = head->write_buf; 2184 u8 i; 2185 if (tomoyo_str_starts(&data, "Memory used by ")) 2186 for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) 2187 if (tomoyo_str_starts(&data, tomoyo_memory_headers[i])) 2188 sscanf(data, "%u", &tomoyo_memory_quota[i]); 2189 return 0; 2190 } 2191 2192 /** 2193 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface. 2194 * 2195 * @type: Type of interface. 2196 * @file: Pointer to "struct file". 2197 * 2198 * Returns 0 on success, negative value otherwise. 2199 */ 2200 int tomoyo_open_control(const u8 type, struct file *file) 2201 { 2202 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS); 2203 2204 if (!head) 2205 return -ENOMEM; 2206 mutex_init(&head->io_sem); 2207 head->type = type; 2208 switch (type) { 2209 case TOMOYO_DOMAINPOLICY: 2210 /* /sys/kernel/security/tomoyo/domain_policy */ 2211 head->write = tomoyo_write_domain; 2212 head->read = tomoyo_read_domain; 2213 break; 2214 case TOMOYO_EXCEPTIONPOLICY: 2215 /* /sys/kernel/security/tomoyo/exception_policy */ 2216 head->write = tomoyo_write_exception; 2217 head->read = tomoyo_read_exception; 2218 break; 2219 case TOMOYO_AUDIT: 2220 /* /sys/kernel/security/tomoyo/audit */ 2221 head->poll = tomoyo_poll_log; 2222 head->read = tomoyo_read_log; 2223 break; 2224 case TOMOYO_SELFDOMAIN: 2225 /* /sys/kernel/security/tomoyo/self_domain */ 2226 head->read = tomoyo_read_self_domain; 2227 break; 2228 case TOMOYO_PROCESS_STATUS: 2229 /* /sys/kernel/security/tomoyo/.process_status */ 2230 head->write = tomoyo_write_pid; 2231 head->read = tomoyo_read_pid; 2232 break; 2233 case TOMOYO_VERSION: 2234 /* /sys/kernel/security/tomoyo/version */ 2235 head->read = tomoyo_read_version; 2236 head->readbuf_size = 128; 2237 break; 2238 case TOMOYO_STAT: 2239 /* /sys/kernel/security/tomoyo/stat */ 2240 head->write = tomoyo_write_stat; 2241 head->read = tomoyo_read_stat; 2242 head->readbuf_size = 1024; 2243 break; 2244 case TOMOYO_PROFILE: 2245 /* /sys/kernel/security/tomoyo/profile */ 2246 head->write = tomoyo_write_profile; 2247 head->read = tomoyo_read_profile; 2248 break; 2249 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */ 2250 head->poll = tomoyo_poll_query; 2251 head->write = tomoyo_write_answer; 2252 head->read = tomoyo_read_query; 2253 break; 2254 case TOMOYO_MANAGER: 2255 /* /sys/kernel/security/tomoyo/manager */ 2256 head->write = tomoyo_write_manager; 2257 head->read = tomoyo_read_manager; 2258 break; 2259 } 2260 if (!(file->f_mode & FMODE_READ)) { 2261 /* 2262 * No need to allocate read_buf since it is not opened 2263 * for reading. 2264 */ 2265 head->read = NULL; 2266 head->poll = NULL; 2267 } else if (!head->poll) { 2268 /* Don't allocate read_buf for poll() access. */ 2269 if (!head->readbuf_size) 2270 head->readbuf_size = 4096 * 2; 2271 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS); 2272 if (!head->read_buf) { 2273 kfree(head); 2274 return -ENOMEM; 2275 } 2276 } 2277 if (!(file->f_mode & FMODE_WRITE)) { 2278 /* 2279 * No need to allocate write_buf since it is not opened 2280 * for writing. 2281 */ 2282 head->write = NULL; 2283 } else if (head->write) { 2284 head->writebuf_size = 4096 * 2; 2285 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS); 2286 if (!head->write_buf) { 2287 kfree(head->read_buf); 2288 kfree(head); 2289 return -ENOMEM; 2290 } 2291 } 2292 /* 2293 * If the file is /sys/kernel/security/tomoyo/query , increment the 2294 * observer counter. 2295 * The obserber counter is used by tomoyo_supervisor() to see if 2296 * there is some process monitoring /sys/kernel/security/tomoyo/query. 2297 */ 2298 if (type == TOMOYO_QUERY) 2299 atomic_inc(&tomoyo_query_observers); 2300 file->private_data = head; 2301 tomoyo_notify_gc(head, true); 2302 return 0; 2303 } 2304 2305 /** 2306 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface. 2307 * 2308 * @file: Pointer to "struct file". 2309 * @wait: Pointer to "poll_table". 2310 * 2311 * Waits for read readiness. 2312 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd and 2313 * /sys/kernel/security/tomoyo/audit is handled by /usr/sbin/tomoyo-auditd. 2314 */ 2315 int tomoyo_poll_control(struct file *file, poll_table *wait) 2316 { 2317 struct tomoyo_io_buffer *head = file->private_data; 2318 if (!head->poll) 2319 return -ENOSYS; 2320 return head->poll(file, wait); 2321 } 2322 2323 /** 2324 * tomoyo_set_namespace_cursor - Set namespace to read. 2325 * 2326 * @head: Pointer to "struct tomoyo_io_buffer". 2327 * 2328 * Returns nothing. 2329 */ 2330 static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer *head) 2331 { 2332 struct list_head *ns; 2333 if (head->type != TOMOYO_EXCEPTIONPOLICY && 2334 head->type != TOMOYO_PROFILE) 2335 return; 2336 /* 2337 * If this is the first read, or reading previous namespace finished 2338 * and has more namespaces to read, update the namespace cursor. 2339 */ 2340 ns = head->r.ns; 2341 if (!ns || (head->r.eof && ns->next != &tomoyo_namespace_list)) { 2342 /* Clearing is OK because tomoyo_flush() returned true. */ 2343 memset(&head->r, 0, sizeof(head->r)); 2344 head->r.ns = ns ? ns->next : tomoyo_namespace_list.next; 2345 } 2346 } 2347 2348 /** 2349 * tomoyo_has_more_namespace - Check for unread namespaces. 2350 * 2351 * @head: Pointer to "struct tomoyo_io_buffer". 2352 * 2353 * Returns true if we have more entries to print, false otherwise. 2354 */ 2355 static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head) 2356 { 2357 return (head->type == TOMOYO_EXCEPTIONPOLICY || 2358 head->type == TOMOYO_PROFILE) && head->r.eof && 2359 head->r.ns->next != &tomoyo_namespace_list; 2360 } 2361 2362 /** 2363 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 2364 * 2365 * @head: Pointer to "struct tomoyo_io_buffer". 2366 * @buffer: Poiner to buffer to write to. 2367 * @buffer_len: Size of @buffer. 2368 * 2369 * Returns bytes read on success, negative value otherwise. 2370 */ 2371 ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, 2372 const int buffer_len) 2373 { 2374 int len; 2375 int idx; 2376 2377 if (!head->read) 2378 return -ENOSYS; 2379 if (mutex_lock_interruptible(&head->io_sem)) 2380 return -EINTR; 2381 head->read_user_buf = buffer; 2382 head->read_user_buf_avail = buffer_len; 2383 idx = tomoyo_read_lock(); 2384 if (tomoyo_flush(head)) 2385 /* Call the policy handler. */ 2386 do { 2387 tomoyo_set_namespace_cursor(head); 2388 head->read(head); 2389 } while (tomoyo_flush(head) && 2390 tomoyo_has_more_namespace(head)); 2391 tomoyo_read_unlock(idx); 2392 len = head->read_user_buf - buffer; 2393 mutex_unlock(&head->io_sem); 2394 return len; 2395 } 2396 2397 /** 2398 * tomoyo_parse_policy - Parse a policy line. 2399 * 2400 * @head: Poiter to "struct tomoyo_io_buffer". 2401 * @line: Line to parse. 2402 * 2403 * Returns 0 on success, negative value otherwise. 2404 * 2405 * Caller holds tomoyo_read_lock(). 2406 */ 2407 static int tomoyo_parse_policy(struct tomoyo_io_buffer *head, char *line) 2408 { 2409 /* Delete request? */ 2410 head->w.is_delete = !strncmp(line, "delete ", 7); 2411 if (head->w.is_delete) 2412 memmove(line, line + 7, strlen(line + 7) + 1); 2413 /* Selecting namespace to update. */ 2414 if (head->type == TOMOYO_EXCEPTIONPOLICY || 2415 head->type == TOMOYO_PROFILE) { 2416 if (*line == '<') { 2417 char *cp = strchr(line, ' '); 2418 if (cp) { 2419 *cp++ = '\0'; 2420 head->w.ns = tomoyo_assign_namespace(line); 2421 memmove(line, cp, strlen(cp) + 1); 2422 } else 2423 head->w.ns = NULL; 2424 } else 2425 head->w.ns = &tomoyo_kernel_namespace; 2426 /* Don't allow updating if namespace is invalid. */ 2427 if (!head->w.ns) 2428 return -ENOENT; 2429 } 2430 /* Do the update. */ 2431 return head->write(head); 2432 } 2433 2434 /** 2435 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. 2436 * 2437 * @head: Pointer to "struct tomoyo_io_buffer". 2438 * @buffer: Pointer to buffer to read from. 2439 * @buffer_len: Size of @buffer. 2440 * 2441 * Returns @buffer_len on success, negative value otherwise. 2442 */ 2443 ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, 2444 const char __user *buffer, const int buffer_len) 2445 { 2446 int error = buffer_len; 2447 size_t avail_len = buffer_len; 2448 char *cp0 = head->write_buf; 2449 int idx; 2450 if (!head->write) 2451 return -ENOSYS; 2452 if (!access_ok(VERIFY_READ, buffer, buffer_len)) 2453 return -EFAULT; 2454 if (mutex_lock_interruptible(&head->io_sem)) 2455 return -EINTR; 2456 idx = tomoyo_read_lock(); 2457 /* Read a line and dispatch it to the policy handler. */ 2458 while (avail_len > 0) { 2459 char c; 2460 if (head->w.avail >= head->writebuf_size - 1) { 2461 const int len = head->writebuf_size * 2; 2462 char *cp = kzalloc(len, GFP_NOFS); 2463 if (!cp) { 2464 error = -ENOMEM; 2465 break; 2466 } 2467 memmove(cp, cp0, head->w.avail); 2468 kfree(cp0); 2469 head->write_buf = cp; 2470 cp0 = cp; 2471 head->writebuf_size = len; 2472 } 2473 if (get_user(c, buffer)) { 2474 error = -EFAULT; 2475 break; 2476 } 2477 buffer++; 2478 avail_len--; 2479 cp0[head->w.avail++] = c; 2480 if (c != '\n') 2481 continue; 2482 cp0[head->w.avail - 1] = '\0'; 2483 head->w.avail = 0; 2484 tomoyo_normalize_line(cp0); 2485 if (!strcmp(cp0, "reset")) { 2486 head->w.ns = &tomoyo_kernel_namespace; 2487 head->w.domain = NULL; 2488 memset(&head->r, 0, sizeof(head->r)); 2489 continue; 2490 } 2491 /* Don't allow updating policies by non manager programs. */ 2492 switch (head->type) { 2493 case TOMOYO_PROCESS_STATUS: 2494 /* This does not write anything. */ 2495 break; 2496 case TOMOYO_DOMAINPOLICY: 2497 if (tomoyo_select_domain(head, cp0)) 2498 continue; 2499 /* fall through */ 2500 case TOMOYO_EXCEPTIONPOLICY: 2501 if (!strcmp(cp0, "select transition_only")) { 2502 head->r.print_transition_related_only = true; 2503 continue; 2504 } 2505 /* fall through */ 2506 default: 2507 if (!tomoyo_manager()) { 2508 error = -EPERM; 2509 goto out; 2510 } 2511 } 2512 switch (tomoyo_parse_policy(head, cp0)) { 2513 case -EPERM: 2514 error = -EPERM; 2515 goto out; 2516 case 0: 2517 switch (head->type) { 2518 case TOMOYO_DOMAINPOLICY: 2519 case TOMOYO_EXCEPTIONPOLICY: 2520 case TOMOYO_STAT: 2521 case TOMOYO_PROFILE: 2522 case TOMOYO_MANAGER: 2523 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES); 2524 break; 2525 default: 2526 break; 2527 } 2528 break; 2529 } 2530 } 2531 out: 2532 tomoyo_read_unlock(idx); 2533 mutex_unlock(&head->io_sem); 2534 return error; 2535 } 2536 2537 /** 2538 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface. 2539 * 2540 * @head: Pointer to "struct tomoyo_io_buffer". 2541 * 2542 * Returns 0. 2543 */ 2544 int tomoyo_close_control(struct tomoyo_io_buffer *head) 2545 { 2546 /* 2547 * If the file is /sys/kernel/security/tomoyo/query , decrement the 2548 * observer counter. 2549 */ 2550 if (head->type == TOMOYO_QUERY && 2551 atomic_dec_and_test(&tomoyo_query_observers)) 2552 wake_up_all(&tomoyo_answer_wait); 2553 tomoyo_notify_gc(head, false); 2554 return 0; 2555 } 2556 2557 /** 2558 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined. 2559 */ 2560 void tomoyo_check_profile(void) 2561 { 2562 struct tomoyo_domain_info *domain; 2563 const int idx = tomoyo_read_lock(); 2564 tomoyo_policy_loaded = true; 2565 printk(KERN_INFO "TOMOYO: 2.4.0\n"); 2566 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 2567 const u8 profile = domain->profile; 2568 const struct tomoyo_policy_namespace *ns = domain->ns; 2569 if (ns->profile_version != 20100903) 2570 printk(KERN_ERR 2571 "Profile version %u is not supported.\n", 2572 ns->profile_version); 2573 else if (!ns->profile_ptr[profile]) 2574 printk(KERN_ERR 2575 "Profile %u (used by '%s') is not defined.\n", 2576 profile, domain->domainname->name); 2577 else 2578 continue; 2579 printk(KERN_ERR 2580 "Userland tools for TOMOYO 2.4 must be installed and " 2581 "policy must be initialized.\n"); 2582 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.4/ " 2583 "for more information.\n"); 2584 panic("STOP!"); 2585 } 2586 tomoyo_read_unlock(idx); 2587 printk(KERN_INFO "Mandatory Access Control activated.\n"); 2588 } 2589 2590 /** 2591 * tomoyo_load_builtin_policy - Load built-in policy. 2592 * 2593 * Returns nothing. 2594 */ 2595 void __init tomoyo_load_builtin_policy(void) 2596 { 2597 /* 2598 * This include file is manually created and contains built-in policy 2599 * named "tomoyo_builtin_profile", "tomoyo_builtin_exception_policy", 2600 * "tomoyo_builtin_domain_policy", "tomoyo_builtin_manager", 2601 * "tomoyo_builtin_stat" in the form of "static char [] __initdata". 2602 */ 2603 #include "builtin-policy.h" 2604 u8 i; 2605 const int idx = tomoyo_read_lock(); 2606 for (i = 0; i < 5; i++) { 2607 struct tomoyo_io_buffer head = { }; 2608 char *start = ""; 2609 switch (i) { 2610 case 0: 2611 start = tomoyo_builtin_profile; 2612 head.type = TOMOYO_PROFILE; 2613 head.write = tomoyo_write_profile; 2614 break; 2615 case 1: 2616 start = tomoyo_builtin_exception_policy; 2617 head.type = TOMOYO_EXCEPTIONPOLICY; 2618 head.write = tomoyo_write_exception; 2619 break; 2620 case 2: 2621 start = tomoyo_builtin_domain_policy; 2622 head.type = TOMOYO_DOMAINPOLICY; 2623 head.write = tomoyo_write_domain; 2624 break; 2625 case 3: 2626 start = tomoyo_builtin_manager; 2627 head.type = TOMOYO_MANAGER; 2628 head.write = tomoyo_write_manager; 2629 break; 2630 case 4: 2631 start = tomoyo_builtin_stat; 2632 head.type = TOMOYO_STAT; 2633 head.write = tomoyo_write_stat; 2634 break; 2635 } 2636 while (1) { 2637 char *end = strchr(start, '\n'); 2638 if (!end) 2639 break; 2640 *end = '\0'; 2641 tomoyo_normalize_line(start); 2642 head.write_buf = start; 2643 tomoyo_parse_policy(&head, start); 2644 start = end + 1; 2645 } 2646 } 2647 tomoyo_read_unlock(idx); 2648 #ifdef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 2649 tomoyo_check_profile(); 2650 #endif 2651 } 2652