1 /* 2 * security/tomoyo/common.c 3 * 4 * Common functions for TOMOYO. 5 * 6 * Copyright (C) 2005-2009 NTT DATA CORPORATION 7 * 8 * Version: 2.2.0 2009/04/01 9 * 10 */ 11 12 #include <linux/uaccess.h> 13 #include <linux/slab.h> 14 #include <linux/security.h> 15 #include <linux/hardirq.h> 16 #include "common.h" 17 18 /* Lock for protecting policy. */ 19 DEFINE_MUTEX(tomoyo_policy_lock); 20 21 /* Has loading policy done? */ 22 bool tomoyo_policy_loaded; 23 24 /* String table for functionality that takes 4 modes. */ 25 static const char *tomoyo_mode_4[4] = { 26 "disabled", "learning", "permissive", "enforcing" 27 }; 28 /* String table for functionality that takes 2 modes. */ 29 static const char *tomoyo_mode_2[4] = { 30 "disabled", "enabled", "enabled", "enabled" 31 }; 32 33 /* 34 * tomoyo_control_array is a static data which contains 35 * 36 * (1) functionality name used by /sys/kernel/security/tomoyo/profile . 37 * (2) initial values for "struct tomoyo_profile". 38 * (3) max values for "struct tomoyo_profile". 39 */ 40 static struct { 41 const char *keyword; 42 unsigned int current_value; 43 const unsigned int max_value; 44 } tomoyo_control_array[TOMOYO_MAX_CONTROL_INDEX] = { 45 [TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, 46 [TOMOYO_MAX_ACCEPT_ENTRY] = { "MAX_ACCEPT_ENTRY", 2048, INT_MAX }, 47 [TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 }, 48 }; 49 50 /* 51 * tomoyo_profile is a structure which is used for holding the mode of access 52 * controls. TOMOYO has 4 modes: disabled, learning, permissive, enforcing. 53 * An administrator can define up to 256 profiles. 54 * The ->profile of "struct tomoyo_domain_info" is used for remembering 55 * the profile's number (0 - 255) assigned to that domain. 56 */ 57 static struct tomoyo_profile { 58 unsigned int value[TOMOYO_MAX_CONTROL_INDEX]; 59 const struct tomoyo_path_info *comment; 60 } *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES]; 61 62 /* Permit policy management by non-root user? */ 63 static bool tomoyo_manage_by_non_root; 64 65 /* Utility functions. */ 66 67 /* Open operation for /sys/kernel/security/tomoyo/ interface. */ 68 static int tomoyo_open_control(const u8 type, struct file *file); 69 /* Close /sys/kernel/security/tomoyo/ interface. */ 70 static int tomoyo_close_control(struct file *file); 71 /* Read operation for /sys/kernel/security/tomoyo/ interface. */ 72 static int tomoyo_read_control(struct file *file, char __user *buffer, 73 const int buffer_len); 74 /* Write operation for /sys/kernel/security/tomoyo/ interface. */ 75 static int tomoyo_write_control(struct file *file, const char __user *buffer, 76 const int buffer_len); 77 78 /** 79 * tomoyo_is_byte_range - Check whether the string isa \ooo style octal value. 80 * 81 * @str: Pointer to the string. 82 * 83 * Returns true if @str is a \ooo style octal value, false otherwise. 84 * 85 * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF. 86 * This function verifies that \ooo is in valid range. 87 */ 88 static inline bool tomoyo_is_byte_range(const char *str) 89 { 90 return *str >= '0' && *str++ <= '3' && 91 *str >= '0' && *str++ <= '7' && 92 *str >= '0' && *str <= '7'; 93 } 94 95 /** 96 * tomoyo_is_alphabet_char - Check whether the character is an alphabet. 97 * 98 * @c: The character to check. 99 * 100 * Returns true if @c is an alphabet character, false otherwise. 101 */ 102 static inline bool tomoyo_is_alphabet_char(const char c) 103 { 104 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z'); 105 } 106 107 /** 108 * tomoyo_make_byte - Make byte value from three octal characters. 109 * 110 * @c1: The first character. 111 * @c2: The second character. 112 * @c3: The third character. 113 * 114 * Returns byte value. 115 */ 116 static inline u8 tomoyo_make_byte(const u8 c1, const u8 c2, const u8 c3) 117 { 118 return ((c1 - '0') << 6) + ((c2 - '0') << 3) + (c3 - '0'); 119 } 120 121 /** 122 * tomoyo_str_starts - Check whether the given string starts with the given keyword. 123 * 124 * @src: Pointer to pointer to the string. 125 * @find: Pointer to the keyword. 126 * 127 * Returns true if @src starts with @find, false otherwise. 128 * 129 * The @src is updated to point the first character after the @find 130 * if @src starts with @find. 131 */ 132 static bool tomoyo_str_starts(char **src, const char *find) 133 { 134 const int len = strlen(find); 135 char *tmp = *src; 136 137 if (strncmp(tmp, find, len)) 138 return false; 139 tmp += len; 140 *src = tmp; 141 return true; 142 } 143 144 /** 145 * tomoyo_normalize_line - Format string. 146 * 147 * @buffer: The line to normalize. 148 * 149 * Leading and trailing whitespaces are removed. 150 * Multiple whitespaces are packed into single space. 151 * 152 * Returns nothing. 153 */ 154 static void tomoyo_normalize_line(unsigned char *buffer) 155 { 156 unsigned char *sp = buffer; 157 unsigned char *dp = buffer; 158 bool first = true; 159 160 while (tomoyo_is_invalid(*sp)) 161 sp++; 162 while (*sp) { 163 if (!first) 164 *dp++ = ' '; 165 first = false; 166 while (tomoyo_is_valid(*sp)) 167 *dp++ = *sp++; 168 while (tomoyo_is_invalid(*sp)) 169 sp++; 170 } 171 *dp = '\0'; 172 } 173 174 /** 175 * tomoyo_is_correct_path - Validate a pathname. 176 * @filename: The pathname to check. 177 * @start_type: Should the pathname start with '/'? 178 * 1 = must / -1 = must not / 0 = don't care 179 * @pattern_type: Can the pathname contain a wildcard? 180 * 1 = must / -1 = must not / 0 = don't care 181 * @end_type: Should the pathname end with '/'? 182 * 1 = must / -1 = must not / 0 = don't care 183 * 184 * Check whether the given filename follows the naming rules. 185 * Returns true if @filename follows the naming rules, false otherwise. 186 */ 187 bool tomoyo_is_correct_path(const char *filename, const s8 start_type, 188 const s8 pattern_type, const s8 end_type) 189 { 190 const char *const start = filename; 191 bool in_repetition = false; 192 bool contains_pattern = false; 193 unsigned char c; 194 unsigned char d; 195 unsigned char e; 196 197 if (!filename) 198 goto out; 199 c = *filename; 200 if (start_type == 1) { /* Must start with '/' */ 201 if (c != '/') 202 goto out; 203 } else if (start_type == -1) { /* Must not start with '/' */ 204 if (c == '/') 205 goto out; 206 } 207 if (c) 208 c = *(filename + strlen(filename) - 1); 209 if (end_type == 1) { /* Must end with '/' */ 210 if (c != '/') 211 goto out; 212 } else if (end_type == -1) { /* Must not end with '/' */ 213 if (c == '/') 214 goto out; 215 } 216 while (1) { 217 c = *filename++; 218 if (!c) 219 break; 220 if (c == '\\') { 221 c = *filename++; 222 switch (c) { 223 case '\\': /* "\\" */ 224 continue; 225 case '$': /* "\$" */ 226 case '+': /* "\+" */ 227 case '?': /* "\?" */ 228 case '*': /* "\*" */ 229 case '@': /* "\@" */ 230 case 'x': /* "\x" */ 231 case 'X': /* "\X" */ 232 case 'a': /* "\a" */ 233 case 'A': /* "\A" */ 234 case '-': /* "\-" */ 235 if (pattern_type == -1) 236 break; /* Must not contain pattern */ 237 contains_pattern = true; 238 continue; 239 case '{': /* "/\{" */ 240 if (filename - 3 < start || 241 *(filename - 3) != '/') 242 break; 243 if (pattern_type == -1) 244 break; /* Must not contain pattern */ 245 contains_pattern = true; 246 in_repetition = true; 247 continue; 248 case '}': /* "\}/" */ 249 if (*filename != '/') 250 break; 251 if (!in_repetition) 252 break; 253 in_repetition = false; 254 continue; 255 case '0': /* "\ooo" */ 256 case '1': 257 case '2': 258 case '3': 259 d = *filename++; 260 if (d < '0' || d > '7') 261 break; 262 e = *filename++; 263 if (e < '0' || e > '7') 264 break; 265 c = tomoyo_make_byte(c, d, e); 266 if (tomoyo_is_invalid(c)) 267 continue; /* pattern is not \000 */ 268 } 269 goto out; 270 } else if (in_repetition && c == '/') { 271 goto out; 272 } else if (tomoyo_is_invalid(c)) { 273 goto out; 274 } 275 } 276 if (pattern_type == 1) { /* Must contain pattern */ 277 if (!contains_pattern) 278 goto out; 279 } 280 if (in_repetition) 281 goto out; 282 return true; 283 out: 284 return false; 285 } 286 287 /** 288 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules. 289 * @domainname: The domainname to check. 290 * 291 * Returns true if @domainname follows the naming rules, false otherwise. 292 */ 293 bool tomoyo_is_correct_domain(const unsigned char *domainname) 294 { 295 unsigned char c; 296 unsigned char d; 297 unsigned char e; 298 299 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, 300 TOMOYO_ROOT_NAME_LEN)) 301 goto out; 302 domainname += TOMOYO_ROOT_NAME_LEN; 303 if (!*domainname) 304 return true; 305 do { 306 if (*domainname++ != ' ') 307 goto out; 308 if (*domainname++ != '/') 309 goto out; 310 while ((c = *domainname) != '\0' && c != ' ') { 311 domainname++; 312 if (c == '\\') { 313 c = *domainname++; 314 switch ((c)) { 315 case '\\': /* "\\" */ 316 continue; 317 case '0': /* "\ooo" */ 318 case '1': 319 case '2': 320 case '3': 321 d = *domainname++; 322 if (d < '0' || d > '7') 323 break; 324 e = *domainname++; 325 if (e < '0' || e > '7') 326 break; 327 c = tomoyo_make_byte(c, d, e); 328 if (tomoyo_is_invalid(c)) 329 /* pattern is not \000 */ 330 continue; 331 } 332 goto out; 333 } else if (tomoyo_is_invalid(c)) { 334 goto out; 335 } 336 } 337 } while (*domainname); 338 return true; 339 out: 340 return false; 341 } 342 343 /** 344 * tomoyo_is_domain_def - Check whether the given token can be a domainname. 345 * 346 * @buffer: The token to check. 347 * 348 * Returns true if @buffer possibly be a domainname, false otherwise. 349 */ 350 bool tomoyo_is_domain_def(const unsigned char *buffer) 351 { 352 return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); 353 } 354 355 /** 356 * tomoyo_find_domain - Find a domain by the given name. 357 * 358 * @domainname: The domainname to find. 359 * 360 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise. 361 * 362 * Caller holds tomoyo_read_lock(). 363 */ 364 struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname) 365 { 366 struct tomoyo_domain_info *domain; 367 struct tomoyo_path_info name; 368 369 name.name = domainname; 370 tomoyo_fill_path_info(&name); 371 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 372 if (!domain->is_deleted && 373 !tomoyo_pathcmp(&name, domain->domainname)) 374 return domain; 375 } 376 return NULL; 377 } 378 379 /** 380 * tomoyo_const_part_length - Evaluate the initial length without a pattern in a token. 381 * 382 * @filename: The string to evaluate. 383 * 384 * Returns the initial length without a pattern in @filename. 385 */ 386 static int tomoyo_const_part_length(const char *filename) 387 { 388 char c; 389 int len = 0; 390 391 if (!filename) 392 return 0; 393 while ((c = *filename++) != '\0') { 394 if (c != '\\') { 395 len++; 396 continue; 397 } 398 c = *filename++; 399 switch (c) { 400 case '\\': /* "\\" */ 401 len += 2; 402 continue; 403 case '0': /* "\ooo" */ 404 case '1': 405 case '2': 406 case '3': 407 c = *filename++; 408 if (c < '0' || c > '7') 409 break; 410 c = *filename++; 411 if (c < '0' || c > '7') 412 break; 413 len += 4; 414 continue; 415 } 416 break; 417 } 418 return len; 419 } 420 421 /** 422 * tomoyo_fill_path_info - Fill in "struct tomoyo_path_info" members. 423 * 424 * @ptr: Pointer to "struct tomoyo_path_info" to fill in. 425 * 426 * The caller sets "struct tomoyo_path_info"->name. 427 */ 428 void tomoyo_fill_path_info(struct tomoyo_path_info *ptr) 429 { 430 const char *name = ptr->name; 431 const int len = strlen(name); 432 433 ptr->const_len = tomoyo_const_part_length(name); 434 ptr->is_dir = len && (name[len - 1] == '/'); 435 ptr->is_patterned = (ptr->const_len < len); 436 ptr->hash = full_name_hash(name, len); 437 } 438 439 /** 440 * tomoyo_file_matches_pattern2 - Pattern matching without '/' character 441 * and "\-" pattern. 442 * 443 * @filename: The start of string to check. 444 * @filename_end: The end of string to check. 445 * @pattern: The start of pattern to compare. 446 * @pattern_end: The end of pattern to compare. 447 * 448 * Returns true if @filename matches @pattern, false otherwise. 449 */ 450 static bool tomoyo_file_matches_pattern2(const char *filename, 451 const char *filename_end, 452 const char *pattern, 453 const char *pattern_end) 454 { 455 while (filename < filename_end && pattern < pattern_end) { 456 char c; 457 if (*pattern != '\\') { 458 if (*filename++ != *pattern++) 459 return false; 460 continue; 461 } 462 c = *filename; 463 pattern++; 464 switch (*pattern) { 465 int i; 466 int j; 467 case '?': 468 if (c == '/') { 469 return false; 470 } else if (c == '\\') { 471 if (filename[1] == '\\') 472 filename++; 473 else if (tomoyo_is_byte_range(filename + 1)) 474 filename += 3; 475 else 476 return false; 477 } 478 break; 479 case '\\': 480 if (c != '\\') 481 return false; 482 if (*++filename != '\\') 483 return false; 484 break; 485 case '+': 486 if (!isdigit(c)) 487 return false; 488 break; 489 case 'x': 490 if (!isxdigit(c)) 491 return false; 492 break; 493 case 'a': 494 if (!tomoyo_is_alphabet_char(c)) 495 return false; 496 break; 497 case '0': 498 case '1': 499 case '2': 500 case '3': 501 if (c == '\\' && tomoyo_is_byte_range(filename + 1) 502 && strncmp(filename + 1, pattern, 3) == 0) { 503 filename += 3; 504 pattern += 2; 505 break; 506 } 507 return false; /* Not matched. */ 508 case '*': 509 case '@': 510 for (i = 0; i <= filename_end - filename; i++) { 511 if (tomoyo_file_matches_pattern2( 512 filename + i, filename_end, 513 pattern + 1, pattern_end)) 514 return true; 515 c = filename[i]; 516 if (c == '.' && *pattern == '@') 517 break; 518 if (c != '\\') 519 continue; 520 if (filename[i + 1] == '\\') 521 i++; 522 else if (tomoyo_is_byte_range(filename + i + 1)) 523 i += 3; 524 else 525 break; /* Bad pattern. */ 526 } 527 return false; /* Not matched. */ 528 default: 529 j = 0; 530 c = *pattern; 531 if (c == '$') { 532 while (isdigit(filename[j])) 533 j++; 534 } else if (c == 'X') { 535 while (isxdigit(filename[j])) 536 j++; 537 } else if (c == 'A') { 538 while (tomoyo_is_alphabet_char(filename[j])) 539 j++; 540 } 541 for (i = 1; i <= j; i++) { 542 if (tomoyo_file_matches_pattern2( 543 filename + i, filename_end, 544 pattern + 1, pattern_end)) 545 return true; 546 } 547 return false; /* Not matched or bad pattern. */ 548 } 549 filename++; 550 pattern++; 551 } 552 while (*pattern == '\\' && 553 (*(pattern + 1) == '*' || *(pattern + 1) == '@')) 554 pattern += 2; 555 return filename == filename_end && pattern == pattern_end; 556 } 557 558 /** 559 * tomoyo_file_matches_pattern - Pattern matching without without '/' character. 560 * 561 * @filename: The start of string to check. 562 * @filename_end: The end of string to check. 563 * @pattern: The start of pattern to compare. 564 * @pattern_end: The end of pattern to compare. 565 * 566 * Returns true if @filename matches @pattern, false otherwise. 567 */ 568 static bool tomoyo_file_matches_pattern(const char *filename, 569 const char *filename_end, 570 const char *pattern, 571 const char *pattern_end) 572 { 573 const char *pattern_start = pattern; 574 bool first = true; 575 bool result; 576 577 while (pattern < pattern_end - 1) { 578 /* Split at "\-" pattern. */ 579 if (*pattern++ != '\\' || *pattern++ != '-') 580 continue; 581 result = tomoyo_file_matches_pattern2(filename, 582 filename_end, 583 pattern_start, 584 pattern - 2); 585 if (first) 586 result = !result; 587 if (result) 588 return false; 589 first = false; 590 pattern_start = pattern; 591 } 592 result = tomoyo_file_matches_pattern2(filename, filename_end, 593 pattern_start, pattern_end); 594 return first ? result : !result; 595 } 596 597 /** 598 * tomoyo_path_matches_pattern2 - Do pathname pattern matching. 599 * 600 * @f: The start of string to check. 601 * @p: The start of pattern to compare. 602 * 603 * Returns true if @f matches @p, false otherwise. 604 */ 605 static bool tomoyo_path_matches_pattern2(const char *f, const char *p) 606 { 607 const char *f_delimiter; 608 const char *p_delimiter; 609 610 while (*f && *p) { 611 f_delimiter = strchr(f, '/'); 612 if (!f_delimiter) 613 f_delimiter = f + strlen(f); 614 p_delimiter = strchr(p, '/'); 615 if (!p_delimiter) 616 p_delimiter = p + strlen(p); 617 if (*p == '\\' && *(p + 1) == '{') 618 goto recursive; 619 if (!tomoyo_file_matches_pattern(f, f_delimiter, p, 620 p_delimiter)) 621 return false; 622 f = f_delimiter; 623 if (*f) 624 f++; 625 p = p_delimiter; 626 if (*p) 627 p++; 628 } 629 /* Ignore trailing "\*" and "\@" in @pattern. */ 630 while (*p == '\\' && 631 (*(p + 1) == '*' || *(p + 1) == '@')) 632 p += 2; 633 return !*f && !*p; 634 recursive: 635 /* 636 * The "\{" pattern is permitted only after '/' character. 637 * This guarantees that below "*(p - 1)" is safe. 638 * Also, the "\}" pattern is permitted only before '/' character 639 * so that "\{" + "\}" pair will not break the "\-" operator. 640 */ 641 if (*(p - 1) != '/' || p_delimiter <= p + 3 || *p_delimiter != '/' || 642 *(p_delimiter - 1) != '}' || *(p_delimiter - 2) != '\\') 643 return false; /* Bad pattern. */ 644 do { 645 /* Compare current component with pattern. */ 646 if (!tomoyo_file_matches_pattern(f, f_delimiter, p + 2, 647 p_delimiter - 2)) 648 break; 649 /* Proceed to next component. */ 650 f = f_delimiter; 651 if (!*f) 652 break; 653 f++; 654 /* Continue comparison. */ 655 if (tomoyo_path_matches_pattern2(f, p_delimiter + 1)) 656 return true; 657 f_delimiter = strchr(f, '/'); 658 } while (f_delimiter); 659 return false; /* Not matched. */ 660 } 661 662 /** 663 * tomoyo_path_matches_pattern - Check whether the given filename matches the given pattern. 664 * 665 * @filename: The filename to check. 666 * @pattern: The pattern to compare. 667 * 668 * Returns true if matches, false otherwise. 669 * 670 * The following patterns are available. 671 * \\ \ itself. 672 * \ooo Octal representation of a byte. 673 * \* Zero or more repetitions of characters other than '/'. 674 * \@ Zero or more repetitions of characters other than '/' or '.'. 675 * \? 1 byte character other than '/'. 676 * \$ One or more repetitions of decimal digits. 677 * \+ 1 decimal digit. 678 * \X One or more repetitions of hexadecimal digits. 679 * \x 1 hexadecimal digit. 680 * \A One or more repetitions of alphabet characters. 681 * \a 1 alphabet character. 682 * 683 * \- Subtraction operator. 684 * 685 * /\{dir\}/ '/' + 'One or more repetitions of dir/' (e.g. /dir/ /dir/dir/ 686 * /dir/dir/dir/ ). 687 */ 688 bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, 689 const struct tomoyo_path_info *pattern) 690 { 691 const char *f = filename->name; 692 const char *p = pattern->name; 693 const int len = pattern->const_len; 694 695 /* If @pattern doesn't contain pattern, I can use strcmp(). */ 696 if (!pattern->is_patterned) 697 return !tomoyo_pathcmp(filename, pattern); 698 /* Don't compare directory and non-directory. */ 699 if (filename->is_dir != pattern->is_dir) 700 return false; 701 /* Compare the initial length without patterns. */ 702 if (strncmp(f, p, len)) 703 return false; 704 f += len; 705 p += len; 706 return tomoyo_path_matches_pattern2(f, p); 707 } 708 709 /** 710 * tomoyo_io_printf - Transactional printf() to "struct tomoyo_io_buffer" structure. 711 * 712 * @head: Pointer to "struct tomoyo_io_buffer". 713 * @fmt: The printf()'s format string, followed by parameters. 714 * 715 * Returns true if output was written, false otherwise. 716 * 717 * The snprintf() will truncate, but tomoyo_io_printf() won't. 718 */ 719 bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 720 { 721 va_list args; 722 int len; 723 int pos = head->read_avail; 724 int size = head->readbuf_size - pos; 725 726 if (size <= 0) 727 return false; 728 va_start(args, fmt); 729 len = vsnprintf(head->read_buf + pos, size, fmt, args); 730 va_end(args); 731 if (pos + len >= head->readbuf_size) 732 return false; 733 head->read_avail += len; 734 return true; 735 } 736 737 /** 738 * tomoyo_get_exe - Get tomoyo_realpath() of current process. 739 * 740 * Returns the tomoyo_realpath() of current process on success, NULL otherwise. 741 * 742 * This function uses kzalloc(), so the caller must call kfree() 743 * if this function didn't return NULL. 744 */ 745 static const char *tomoyo_get_exe(void) 746 { 747 struct mm_struct *mm = current->mm; 748 struct vm_area_struct *vma; 749 const char *cp = NULL; 750 751 if (!mm) 752 return NULL; 753 down_read(&mm->mmap_sem); 754 for (vma = mm->mmap; vma; vma = vma->vm_next) { 755 if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) { 756 cp = tomoyo_realpath_from_path(&vma->vm_file->f_path); 757 break; 758 } 759 } 760 up_read(&mm->mmap_sem); 761 return cp; 762 } 763 764 /** 765 * tomoyo_get_msg - Get warning message. 766 * 767 * @is_enforce: Is it enforcing mode? 768 * 769 * Returns "ERROR" or "WARNING". 770 */ 771 const char *tomoyo_get_msg(const bool is_enforce) 772 { 773 if (is_enforce) 774 return "ERROR"; 775 else 776 return "WARNING"; 777 } 778 779 /** 780 * tomoyo_check_flags - Check mode for specified functionality. 781 * 782 * @domain: Pointer to "struct tomoyo_domain_info". 783 * @index: The functionality to check mode. 784 * 785 * TOMOYO checks only process context. 786 * This code disables TOMOYO's enforcement in case the function is called from 787 * interrupt context. 788 */ 789 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, 790 const u8 index) 791 { 792 const u8 profile = domain->profile; 793 794 if (WARN_ON(in_interrupt())) 795 return 0; 796 return tomoyo_policy_loaded && index < TOMOYO_MAX_CONTROL_INDEX 797 #if TOMOYO_MAX_PROFILES != 256 798 && profile < TOMOYO_MAX_PROFILES 799 #endif 800 && tomoyo_profile_ptr[profile] ? 801 tomoyo_profile_ptr[profile]->value[index] : 0; 802 } 803 804 /** 805 * tomoyo_verbose_mode - Check whether TOMOYO is verbose mode. 806 * 807 * @domain: Pointer to "struct tomoyo_domain_info". 808 * 809 * Returns true if domain policy violation warning should be printed to 810 * console. 811 */ 812 bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain) 813 { 814 return tomoyo_check_flags(domain, TOMOYO_VERBOSE) != 0; 815 } 816 817 /** 818 * tomoyo_domain_quota_is_ok - Check for domain's quota. 819 * 820 * @domain: Pointer to "struct tomoyo_domain_info". 821 * 822 * Returns true if the domain is not exceeded quota, false otherwise. 823 * 824 * Caller holds tomoyo_read_lock(). 825 */ 826 bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain) 827 { 828 unsigned int count = 0; 829 struct tomoyo_acl_info *ptr; 830 831 if (!domain) 832 return true; 833 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { 834 switch (ptr->type) { 835 struct tomoyo_path_acl *acl; 836 u32 perm; 837 u8 i; 838 case TOMOYO_TYPE_PATH_ACL: 839 acl = container_of(ptr, struct tomoyo_path_acl, head); 840 perm = acl->perm | (((u32) acl->perm_high) << 16); 841 for (i = 0; i < TOMOYO_MAX_PATH_OPERATION; i++) 842 if (perm & (1 << i)) 843 count++; 844 if (perm & (1 << TOMOYO_TYPE_READ_WRITE)) 845 count -= 2; 846 break; 847 case TOMOYO_TYPE_PATH2_ACL: 848 perm = container_of(ptr, struct tomoyo_path2_acl, head) 849 ->perm; 850 for (i = 0; i < TOMOYO_MAX_PATH2_OPERATION; i++) 851 if (perm & (1 << i)) 852 count++; 853 break; 854 } 855 } 856 if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY)) 857 return true; 858 if (!domain->quota_warned) { 859 domain->quota_warned = true; 860 printk(KERN_WARNING "TOMOYO-WARNING: " 861 "Domain '%s' has so many ACLs to hold. " 862 "Stopped learning mode.\n", domain->domainname->name); 863 } 864 return false; 865 } 866 867 /** 868 * tomoyo_find_or_assign_new_profile - Create a new profile. 869 * 870 * @profile: Profile number to create. 871 * 872 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise. 873 */ 874 static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned 875 int profile) 876 { 877 static DEFINE_MUTEX(lock); 878 struct tomoyo_profile *ptr = NULL; 879 int i; 880 881 if (profile >= TOMOYO_MAX_PROFILES) 882 return NULL; 883 mutex_lock(&lock); 884 ptr = tomoyo_profile_ptr[profile]; 885 if (ptr) 886 goto ok; 887 ptr = kmalloc(sizeof(*ptr), GFP_KERNEL); 888 if (!tomoyo_memory_ok(ptr)) { 889 kfree(ptr); 890 ptr = NULL; 891 goto ok; 892 } 893 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) 894 ptr->value[i] = tomoyo_control_array[i].current_value; 895 mb(); /* Avoid out-of-order execution. */ 896 tomoyo_profile_ptr[profile] = ptr; 897 ok: 898 mutex_unlock(&lock); 899 return ptr; 900 } 901 902 /** 903 * tomoyo_write_profile - Write to profile table. 904 * 905 * @head: Pointer to "struct tomoyo_io_buffer". 906 * 907 * Returns 0 on success, negative value otherwise. 908 */ 909 static int tomoyo_write_profile(struct tomoyo_io_buffer *head) 910 { 911 char *data = head->write_buf; 912 unsigned int i; 913 unsigned int value; 914 char *cp; 915 struct tomoyo_profile *profile; 916 unsigned long num; 917 918 cp = strchr(data, '-'); 919 if (cp) 920 *cp = '\0'; 921 if (strict_strtoul(data, 10, &num)) 922 return -EINVAL; 923 if (cp) 924 data = cp + 1; 925 profile = tomoyo_find_or_assign_new_profile(num); 926 if (!profile) 927 return -EINVAL; 928 cp = strchr(data, '='); 929 if (!cp) 930 return -EINVAL; 931 *cp = '\0'; 932 if (!strcmp(data, "COMMENT")) { 933 const struct tomoyo_path_info *old_comment = profile->comment; 934 profile->comment = tomoyo_get_name(cp + 1); 935 tomoyo_put_name(old_comment); 936 return 0; 937 } 938 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) { 939 if (strcmp(data, tomoyo_control_array[i].keyword)) 940 continue; 941 if (sscanf(cp + 1, "%u", &value) != 1) { 942 int j; 943 const char **modes; 944 switch (i) { 945 case TOMOYO_VERBOSE: 946 modes = tomoyo_mode_2; 947 break; 948 default: 949 modes = tomoyo_mode_4; 950 break; 951 } 952 for (j = 0; j < 4; j++) { 953 if (strcmp(cp + 1, modes[j])) 954 continue; 955 value = j; 956 break; 957 } 958 if (j == 4) 959 return -EINVAL; 960 } else if (value > tomoyo_control_array[i].max_value) { 961 value = tomoyo_control_array[i].max_value; 962 } 963 profile->value[i] = value; 964 return 0; 965 } 966 return -EINVAL; 967 } 968 969 /** 970 * tomoyo_read_profile - Read from profile table. 971 * 972 * @head: Pointer to "struct tomoyo_io_buffer". 973 * 974 * Returns 0. 975 */ 976 static int tomoyo_read_profile(struct tomoyo_io_buffer *head) 977 { 978 static const int total = TOMOYO_MAX_CONTROL_INDEX + 1; 979 int step; 980 981 if (head->read_eof) 982 return 0; 983 for (step = head->read_step; step < TOMOYO_MAX_PROFILES * total; 984 step++) { 985 const u8 index = step / total; 986 u8 type = step % total; 987 const struct tomoyo_profile *profile 988 = tomoyo_profile_ptr[index]; 989 head->read_step = step; 990 if (!profile) 991 continue; 992 if (!type) { /* Print profile' comment tag. */ 993 if (!tomoyo_io_printf(head, "%u-COMMENT=%s\n", 994 index, profile->comment ? 995 profile->comment->name : "")) 996 break; 997 continue; 998 } 999 type--; 1000 if (type < TOMOYO_MAX_CONTROL_INDEX) { 1001 const unsigned int value = profile->value[type]; 1002 const char **modes = NULL; 1003 const char *keyword 1004 = tomoyo_control_array[type].keyword; 1005 switch (tomoyo_control_array[type].max_value) { 1006 case 3: 1007 modes = tomoyo_mode_4; 1008 break; 1009 case 1: 1010 modes = tomoyo_mode_2; 1011 break; 1012 } 1013 if (modes) { 1014 if (!tomoyo_io_printf(head, "%u-%s=%s\n", index, 1015 keyword, modes[value])) 1016 break; 1017 } else { 1018 if (!tomoyo_io_printf(head, "%u-%s=%u\n", index, 1019 keyword, value)) 1020 break; 1021 } 1022 } 1023 } 1024 if (step == TOMOYO_MAX_PROFILES * total) 1025 head->read_eof = true; 1026 return 0; 1027 } 1028 1029 /* 1030 * tomoyo_policy_manager_list is used for holding list of domainnames or 1031 * programs which are permitted to modify configuration via 1032 * /sys/kernel/security/tomoyo/ interface. 1033 * 1034 * An entry is added by 1035 * 1036 * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \ 1037 * /sys/kernel/security/tomoyo/manager 1038 * (if you want to specify by a domainname) 1039 * 1040 * or 1041 * 1042 * # echo '/usr/lib/ccs/editpolicy' > /sys/kernel/security/tomoyo/manager 1043 * (if you want to specify by a program's location) 1044 * 1045 * and is deleted by 1046 * 1047 * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \ 1048 * /sys/kernel/security/tomoyo/manager 1049 * 1050 * or 1051 * 1052 * # echo 'delete /usr/lib/ccs/editpolicy' > \ 1053 * /sys/kernel/security/tomoyo/manager 1054 * 1055 * and all entries are retrieved by 1056 * 1057 * # cat /sys/kernel/security/tomoyo/manager 1058 */ 1059 LIST_HEAD(tomoyo_policy_manager_list); 1060 1061 /** 1062 * tomoyo_update_manager_entry - Add a manager entry. 1063 * 1064 * @manager: The path to manager or the domainnamme. 1065 * @is_delete: True if it is a delete request. 1066 * 1067 * Returns 0 on success, negative value otherwise. 1068 * 1069 * Caller holds tomoyo_read_lock(). 1070 */ 1071 static int tomoyo_update_manager_entry(const char *manager, 1072 const bool is_delete) 1073 { 1074 struct tomoyo_policy_manager_entry *entry = NULL; 1075 struct tomoyo_policy_manager_entry *ptr; 1076 const struct tomoyo_path_info *saved_manager; 1077 int error = is_delete ? -ENOENT : -ENOMEM; 1078 bool is_domain = false; 1079 1080 if (tomoyo_is_domain_def(manager)) { 1081 if (!tomoyo_is_correct_domain(manager)) 1082 return -EINVAL; 1083 is_domain = true; 1084 } else { 1085 if (!tomoyo_is_correct_path(manager, 1, -1, -1)) 1086 return -EINVAL; 1087 } 1088 saved_manager = tomoyo_get_name(manager); 1089 if (!saved_manager) 1090 return -ENOMEM; 1091 if (!is_delete) 1092 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 1093 mutex_lock(&tomoyo_policy_lock); 1094 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { 1095 if (ptr->manager != saved_manager) 1096 continue; 1097 ptr->is_deleted = is_delete; 1098 error = 0; 1099 break; 1100 } 1101 if (!is_delete && error && tomoyo_memory_ok(entry)) { 1102 entry->manager = saved_manager; 1103 saved_manager = NULL; 1104 entry->is_domain = is_domain; 1105 list_add_tail_rcu(&entry->list, &tomoyo_policy_manager_list); 1106 entry = NULL; 1107 error = 0; 1108 } 1109 mutex_unlock(&tomoyo_policy_lock); 1110 tomoyo_put_name(saved_manager); 1111 kfree(entry); 1112 return error; 1113 } 1114 1115 /** 1116 * tomoyo_write_manager_policy - Write manager policy. 1117 * 1118 * @head: Pointer to "struct tomoyo_io_buffer". 1119 * 1120 * Returns 0 on success, negative value otherwise. 1121 * 1122 * Caller holds tomoyo_read_lock(). 1123 */ 1124 static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) 1125 { 1126 char *data = head->write_buf; 1127 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1128 1129 if (!strcmp(data, "manage_by_non_root")) { 1130 tomoyo_manage_by_non_root = !is_delete; 1131 return 0; 1132 } 1133 return tomoyo_update_manager_entry(data, is_delete); 1134 } 1135 1136 /** 1137 * tomoyo_read_manager_policy - Read manager policy. 1138 * 1139 * @head: Pointer to "struct tomoyo_io_buffer". 1140 * 1141 * Returns 0. 1142 * 1143 * Caller holds tomoyo_read_lock(). 1144 */ 1145 static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) 1146 { 1147 struct list_head *pos; 1148 bool done = true; 1149 1150 if (head->read_eof) 1151 return 0; 1152 list_for_each_cookie(pos, head->read_var2, 1153 &tomoyo_policy_manager_list) { 1154 struct tomoyo_policy_manager_entry *ptr; 1155 ptr = list_entry(pos, struct tomoyo_policy_manager_entry, 1156 list); 1157 if (ptr->is_deleted) 1158 continue; 1159 done = tomoyo_io_printf(head, "%s\n", ptr->manager->name); 1160 if (!done) 1161 break; 1162 } 1163 head->read_eof = done; 1164 return 0; 1165 } 1166 1167 /** 1168 * tomoyo_is_policy_manager - Check whether the current process is a policy manager. 1169 * 1170 * Returns true if the current process is permitted to modify policy 1171 * via /sys/kernel/security/tomoyo/ interface. 1172 * 1173 * Caller holds tomoyo_read_lock(). 1174 */ 1175 static bool tomoyo_is_policy_manager(void) 1176 { 1177 struct tomoyo_policy_manager_entry *ptr; 1178 const char *exe; 1179 const struct task_struct *task = current; 1180 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 1181 bool found = false; 1182 1183 if (!tomoyo_policy_loaded) 1184 return true; 1185 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 1186 return false; 1187 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { 1188 if (!ptr->is_deleted && ptr->is_domain 1189 && !tomoyo_pathcmp(domainname, ptr->manager)) { 1190 found = true; 1191 break; 1192 } 1193 } 1194 if (found) 1195 return true; 1196 exe = tomoyo_get_exe(); 1197 if (!exe) 1198 return false; 1199 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { 1200 if (!ptr->is_deleted && !ptr->is_domain 1201 && !strcmp(exe, ptr->manager->name)) { 1202 found = true; 1203 break; 1204 } 1205 } 1206 if (!found) { /* Reduce error messages. */ 1207 static pid_t last_pid; 1208 const pid_t pid = current->pid; 1209 if (last_pid != pid) { 1210 printk(KERN_WARNING "%s ( %s ) is not permitted to " 1211 "update policies.\n", domainname->name, exe); 1212 last_pid = pid; 1213 } 1214 } 1215 kfree(exe); 1216 return found; 1217 } 1218 1219 /** 1220 * tomoyo_is_select_one - Parse select command. 1221 * 1222 * @head: Pointer to "struct tomoyo_io_buffer". 1223 * @data: String to parse. 1224 * 1225 * Returns true on success, false otherwise. 1226 * 1227 * Caller holds tomoyo_read_lock(). 1228 */ 1229 static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head, 1230 const char *data) 1231 { 1232 unsigned int pid; 1233 struct tomoyo_domain_info *domain = NULL; 1234 1235 if (sscanf(data, "pid=%u", &pid) == 1) { 1236 struct task_struct *p; 1237 rcu_read_lock(); 1238 read_lock(&tasklist_lock); 1239 p = find_task_by_vpid(pid); 1240 if (p) 1241 domain = tomoyo_real_domain(p); 1242 read_unlock(&tasklist_lock); 1243 rcu_read_unlock(); 1244 } else if (!strncmp(data, "domain=", 7)) { 1245 if (tomoyo_is_domain_def(data + 7)) 1246 domain = tomoyo_find_domain(data + 7); 1247 } else 1248 return false; 1249 head->write_var1 = domain; 1250 /* Accessing read_buf is safe because head->io_sem is held. */ 1251 if (!head->read_buf) 1252 return true; /* Do nothing if open(O_WRONLY). */ 1253 head->read_avail = 0; 1254 tomoyo_io_printf(head, "# select %s\n", data); 1255 head->read_single_domain = true; 1256 head->read_eof = !domain; 1257 if (domain) { 1258 struct tomoyo_domain_info *d; 1259 head->read_var1 = NULL; 1260 list_for_each_entry_rcu(d, &tomoyo_domain_list, list) { 1261 if (d == domain) 1262 break; 1263 head->read_var1 = &d->list; 1264 } 1265 head->read_var2 = NULL; 1266 head->read_bit = 0; 1267 head->read_step = 0; 1268 if (domain->is_deleted) 1269 tomoyo_io_printf(head, "# This is a deleted domain.\n"); 1270 } 1271 return true; 1272 } 1273 1274 /** 1275 * tomoyo_delete_domain - Delete a domain. 1276 * 1277 * @domainname: The name of domain. 1278 * 1279 * Returns 0. 1280 * 1281 * Caller holds tomoyo_read_lock(). 1282 */ 1283 static int tomoyo_delete_domain(char *domainname) 1284 { 1285 struct tomoyo_domain_info *domain; 1286 struct tomoyo_path_info name; 1287 1288 name.name = domainname; 1289 tomoyo_fill_path_info(&name); 1290 mutex_lock(&tomoyo_policy_lock); 1291 /* Is there an active domain? */ 1292 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1293 /* Never delete tomoyo_kernel_domain */ 1294 if (domain == &tomoyo_kernel_domain) 1295 continue; 1296 if (domain->is_deleted || 1297 tomoyo_pathcmp(domain->domainname, &name)) 1298 continue; 1299 domain->is_deleted = true; 1300 break; 1301 } 1302 mutex_unlock(&tomoyo_policy_lock); 1303 return 0; 1304 } 1305 1306 /** 1307 * tomoyo_write_domain_policy - Write domain policy. 1308 * 1309 * @head: Pointer to "struct tomoyo_io_buffer". 1310 * 1311 * Returns 0 on success, negative value otherwise. 1312 * 1313 * Caller holds tomoyo_read_lock(). 1314 */ 1315 static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) 1316 { 1317 char *data = head->write_buf; 1318 struct tomoyo_domain_info *domain = head->write_var1; 1319 bool is_delete = false; 1320 bool is_select = false; 1321 unsigned int profile; 1322 1323 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE)) 1324 is_delete = true; 1325 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT)) 1326 is_select = true; 1327 if (is_select && tomoyo_is_select_one(head, data)) 1328 return 0; 1329 /* Don't allow updating policies by non manager programs. */ 1330 if (!tomoyo_is_policy_manager()) 1331 return -EPERM; 1332 if (tomoyo_is_domain_def(data)) { 1333 domain = NULL; 1334 if (is_delete) 1335 tomoyo_delete_domain(data); 1336 else if (is_select) 1337 domain = tomoyo_find_domain(data); 1338 else 1339 domain = tomoyo_find_or_assign_new_domain(data, 0); 1340 head->write_var1 = domain; 1341 return 0; 1342 } 1343 if (!domain) 1344 return -EINVAL; 1345 1346 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1 1347 && profile < TOMOYO_MAX_PROFILES) { 1348 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded) 1349 domain->profile = (u8) profile; 1350 return 0; 1351 } 1352 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) { 1353 domain->ignore_global_allow_read = !is_delete; 1354 return 0; 1355 } 1356 return tomoyo_write_file_policy(data, domain, is_delete); 1357 } 1358 1359 /** 1360 * tomoyo_print_path_acl - Print a single path ACL entry. 1361 * 1362 * @head: Pointer to "struct tomoyo_io_buffer". 1363 * @ptr: Pointer to "struct tomoyo_path_acl". 1364 * 1365 * Returns true on success, false otherwise. 1366 */ 1367 static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head, 1368 struct tomoyo_path_acl *ptr) 1369 { 1370 int pos; 1371 u8 bit; 1372 const char *atmark = ""; 1373 const char *filename; 1374 const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16); 1375 1376 filename = ptr->filename->name; 1377 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { 1378 const char *msg; 1379 if (!(perm & (1 << bit))) 1380 continue; 1381 /* Print "read/write" instead of "read" and "write". */ 1382 if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE) 1383 && (perm & (1 << TOMOYO_TYPE_READ_WRITE))) 1384 continue; 1385 msg = tomoyo_path2keyword(bit); 1386 pos = head->read_avail; 1387 if (!tomoyo_io_printf(head, "allow_%s %s%s\n", msg, 1388 atmark, filename)) 1389 goto out; 1390 } 1391 head->read_bit = 0; 1392 return true; 1393 out: 1394 head->read_bit = bit; 1395 head->read_avail = pos; 1396 return false; 1397 } 1398 1399 /** 1400 * tomoyo_print_path2_acl - Print a double path ACL entry. 1401 * 1402 * @head: Pointer to "struct tomoyo_io_buffer". 1403 * @ptr: Pointer to "struct tomoyo_path2_acl". 1404 * 1405 * Returns true on success, false otherwise. 1406 */ 1407 static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer *head, 1408 struct tomoyo_path2_acl *ptr) 1409 { 1410 int pos; 1411 const char *atmark1 = ""; 1412 const char *atmark2 = ""; 1413 const char *filename1; 1414 const char *filename2; 1415 const u8 perm = ptr->perm; 1416 u8 bit; 1417 1418 filename1 = ptr->filename1->name; 1419 filename2 = ptr->filename2->name; 1420 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) { 1421 const char *msg; 1422 if (!(perm & (1 << bit))) 1423 continue; 1424 msg = tomoyo_path22keyword(bit); 1425 pos = head->read_avail; 1426 if (!tomoyo_io_printf(head, "allow_%s %s%s %s%s\n", msg, 1427 atmark1, filename1, atmark2, filename2)) 1428 goto out; 1429 } 1430 head->read_bit = 0; 1431 return true; 1432 out: 1433 head->read_bit = bit; 1434 head->read_avail = pos; 1435 return false; 1436 } 1437 1438 /** 1439 * tomoyo_print_entry - Print an ACL entry. 1440 * 1441 * @head: Pointer to "struct tomoyo_io_buffer". 1442 * @ptr: Pointer to an ACL entry. 1443 * 1444 * Returns true on success, false otherwise. 1445 */ 1446 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, 1447 struct tomoyo_acl_info *ptr) 1448 { 1449 const u8 acl_type = ptr->type; 1450 1451 if (acl_type == TOMOYO_TYPE_PATH_ACL) { 1452 struct tomoyo_path_acl *acl 1453 = container_of(ptr, struct tomoyo_path_acl, head); 1454 return tomoyo_print_path_acl(head, acl); 1455 } 1456 if (acl_type == TOMOYO_TYPE_PATH2_ACL) { 1457 struct tomoyo_path2_acl *acl 1458 = container_of(ptr, struct tomoyo_path2_acl, head); 1459 return tomoyo_print_path2_acl(head, acl); 1460 } 1461 BUG(); /* This must not happen. */ 1462 return false; 1463 } 1464 1465 /** 1466 * tomoyo_read_domain_policy - Read domain policy. 1467 * 1468 * @head: Pointer to "struct tomoyo_io_buffer". 1469 * 1470 * Returns 0. 1471 * 1472 * Caller holds tomoyo_read_lock(). 1473 */ 1474 static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head) 1475 { 1476 struct list_head *dpos; 1477 struct list_head *apos; 1478 bool done = true; 1479 1480 if (head->read_eof) 1481 return 0; 1482 if (head->read_step == 0) 1483 head->read_step = 1; 1484 list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) { 1485 struct tomoyo_domain_info *domain; 1486 const char *quota_exceeded = ""; 1487 const char *transition_failed = ""; 1488 const char *ignore_global_allow_read = ""; 1489 domain = list_entry(dpos, struct tomoyo_domain_info, list); 1490 if (head->read_step != 1) 1491 goto acl_loop; 1492 if (domain->is_deleted && !head->read_single_domain) 1493 continue; 1494 /* Print domainname and flags. */ 1495 if (domain->quota_warned) 1496 quota_exceeded = "quota_exceeded\n"; 1497 if (domain->transition_failed) 1498 transition_failed = "transition_failed\n"; 1499 if (domain->ignore_global_allow_read) 1500 ignore_global_allow_read 1501 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n"; 1502 done = tomoyo_io_printf(head, "%s\n" TOMOYO_KEYWORD_USE_PROFILE 1503 "%u\n%s%s%s\n", 1504 domain->domainname->name, 1505 domain->profile, quota_exceeded, 1506 transition_failed, 1507 ignore_global_allow_read); 1508 if (!done) 1509 break; 1510 head->read_step = 2; 1511 acl_loop: 1512 if (head->read_step == 3) 1513 goto tail_mark; 1514 /* Print ACL entries in the domain. */ 1515 list_for_each_cookie(apos, head->read_var2, 1516 &domain->acl_info_list) { 1517 struct tomoyo_acl_info *ptr 1518 = list_entry(apos, struct tomoyo_acl_info, 1519 list); 1520 done = tomoyo_print_entry(head, ptr); 1521 if (!done) 1522 break; 1523 } 1524 if (!done) 1525 break; 1526 head->read_step = 3; 1527 tail_mark: 1528 done = tomoyo_io_printf(head, "\n"); 1529 if (!done) 1530 break; 1531 head->read_step = 1; 1532 if (head->read_single_domain) 1533 break; 1534 } 1535 head->read_eof = done; 1536 return 0; 1537 } 1538 1539 /** 1540 * tomoyo_write_domain_profile - Assign profile for specified domain. 1541 * 1542 * @head: Pointer to "struct tomoyo_io_buffer". 1543 * 1544 * Returns 0 on success, -EINVAL otherwise. 1545 * 1546 * This is equivalent to doing 1547 * 1548 * ( echo "select " $domainname; echo "use_profile " $profile ) | 1549 * /usr/lib/ccs/loadpolicy -d 1550 * 1551 * Caller holds tomoyo_read_lock(). 1552 */ 1553 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) 1554 { 1555 char *data = head->write_buf; 1556 char *cp = strchr(data, ' '); 1557 struct tomoyo_domain_info *domain; 1558 unsigned long profile; 1559 1560 if (!cp) 1561 return -EINVAL; 1562 *cp = '\0'; 1563 domain = tomoyo_find_domain(cp + 1); 1564 if (strict_strtoul(data, 10, &profile)) 1565 return -EINVAL; 1566 if (domain && profile < TOMOYO_MAX_PROFILES 1567 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)) 1568 domain->profile = (u8) profile; 1569 return 0; 1570 } 1571 1572 /** 1573 * tomoyo_read_domain_profile - Read only domainname and profile. 1574 * 1575 * @head: Pointer to "struct tomoyo_io_buffer". 1576 * 1577 * Returns list of profile number and domainname pairs. 1578 * 1579 * This is equivalent to doing 1580 * 1581 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy | 1582 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" ) 1583 * domainname = $0; } else if ( $1 == "use_profile" ) { 1584 * print $2 " " domainname; domainname = ""; } } ; ' 1585 * 1586 * Caller holds tomoyo_read_lock(). 1587 */ 1588 static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head) 1589 { 1590 struct list_head *pos; 1591 bool done = true; 1592 1593 if (head->read_eof) 1594 return 0; 1595 list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) { 1596 struct tomoyo_domain_info *domain; 1597 domain = list_entry(pos, struct tomoyo_domain_info, list); 1598 if (domain->is_deleted) 1599 continue; 1600 done = tomoyo_io_printf(head, "%u %s\n", domain->profile, 1601 domain->domainname->name); 1602 if (!done) 1603 break; 1604 } 1605 head->read_eof = done; 1606 return 0; 1607 } 1608 1609 /** 1610 * tomoyo_write_pid: Specify PID to obtain domainname. 1611 * 1612 * @head: Pointer to "struct tomoyo_io_buffer". 1613 * 1614 * Returns 0. 1615 */ 1616 static int tomoyo_write_pid(struct tomoyo_io_buffer *head) 1617 { 1618 unsigned long pid; 1619 /* No error check. */ 1620 strict_strtoul(head->write_buf, 10, &pid); 1621 head->read_step = (int) pid; 1622 head->read_eof = false; 1623 return 0; 1624 } 1625 1626 /** 1627 * tomoyo_read_pid - Get domainname of the specified PID. 1628 * 1629 * @head: Pointer to "struct tomoyo_io_buffer". 1630 * 1631 * Returns the domainname which the specified PID is in on success, 1632 * empty string otherwise. 1633 * The PID is specified by tomoyo_write_pid() so that the user can obtain 1634 * using read()/write() interface rather than sysctl() interface. 1635 */ 1636 static int tomoyo_read_pid(struct tomoyo_io_buffer *head) 1637 { 1638 if (head->read_avail == 0 && !head->read_eof) { 1639 const int pid = head->read_step; 1640 struct task_struct *p; 1641 struct tomoyo_domain_info *domain = NULL; 1642 rcu_read_lock(); 1643 read_lock(&tasklist_lock); 1644 p = find_task_by_vpid(pid); 1645 if (p) 1646 domain = tomoyo_real_domain(p); 1647 read_unlock(&tasklist_lock); 1648 rcu_read_unlock(); 1649 if (domain) 1650 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile, 1651 domain->domainname->name); 1652 head->read_eof = true; 1653 } 1654 return 0; 1655 } 1656 1657 /** 1658 * tomoyo_write_exception_policy - Write exception policy. 1659 * 1660 * @head: Pointer to "struct tomoyo_io_buffer". 1661 * 1662 * Returns 0 on success, negative value otherwise. 1663 * 1664 * Caller holds tomoyo_read_lock(). 1665 */ 1666 static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head) 1667 { 1668 char *data = head->write_buf; 1669 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1670 1671 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_KEEP_DOMAIN)) 1672 return tomoyo_write_domain_keeper_policy(data, false, 1673 is_delete); 1674 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_KEEP_DOMAIN)) 1675 return tomoyo_write_domain_keeper_policy(data, true, is_delete); 1676 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_INITIALIZE_DOMAIN)) 1677 return tomoyo_write_domain_initializer_policy(data, false, 1678 is_delete); 1679 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN)) 1680 return tomoyo_write_domain_initializer_policy(data, true, 1681 is_delete); 1682 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS)) 1683 return tomoyo_write_alias_policy(data, is_delete); 1684 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ)) 1685 return tomoyo_write_globally_readable_policy(data, is_delete); 1686 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN)) 1687 return tomoyo_write_pattern_policy(data, is_delete); 1688 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE)) 1689 return tomoyo_write_no_rewrite_policy(data, is_delete); 1690 return -EINVAL; 1691 } 1692 1693 /** 1694 * tomoyo_read_exception_policy - Read exception policy. 1695 * 1696 * @head: Pointer to "struct tomoyo_io_buffer". 1697 * 1698 * Returns 0 on success, -EINVAL otherwise. 1699 * 1700 * Caller holds tomoyo_read_lock(). 1701 */ 1702 static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head) 1703 { 1704 if (!head->read_eof) { 1705 switch (head->read_step) { 1706 case 0: 1707 head->read_var2 = NULL; 1708 head->read_step = 1; 1709 case 1: 1710 if (!tomoyo_read_domain_keeper_policy(head)) 1711 break; 1712 head->read_var2 = NULL; 1713 head->read_step = 2; 1714 case 2: 1715 if (!tomoyo_read_globally_readable_policy(head)) 1716 break; 1717 head->read_var2 = NULL; 1718 head->read_step = 3; 1719 case 3: 1720 head->read_var2 = NULL; 1721 head->read_step = 4; 1722 case 4: 1723 if (!tomoyo_read_domain_initializer_policy(head)) 1724 break; 1725 head->read_var2 = NULL; 1726 head->read_step = 5; 1727 case 5: 1728 if (!tomoyo_read_alias_policy(head)) 1729 break; 1730 head->read_var2 = NULL; 1731 head->read_step = 6; 1732 case 6: 1733 head->read_var2 = NULL; 1734 head->read_step = 7; 1735 case 7: 1736 if (!tomoyo_read_file_pattern(head)) 1737 break; 1738 head->read_var2 = NULL; 1739 head->read_step = 8; 1740 case 8: 1741 if (!tomoyo_read_no_rewrite_policy(head)) 1742 break; 1743 head->read_var2 = NULL; 1744 head->read_step = 9; 1745 case 9: 1746 head->read_eof = true; 1747 break; 1748 default: 1749 return -EINVAL; 1750 } 1751 } 1752 return 0; 1753 } 1754 1755 /* path to policy loader */ 1756 static const char *tomoyo_loader = "/sbin/tomoyo-init"; 1757 1758 /** 1759 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists. 1760 * 1761 * Returns true if /sbin/tomoyo-init exists, false otherwise. 1762 */ 1763 static bool tomoyo_policy_loader_exists(void) 1764 { 1765 /* 1766 * Don't activate MAC if the policy loader doesn't exist. 1767 * If the initrd includes /sbin/init but real-root-dev has not 1768 * mounted on / yet, activating MAC will block the system since 1769 * policies are not loaded yet. 1770 * Thus, let do_execve() call this function everytime. 1771 */ 1772 struct path path; 1773 1774 if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) { 1775 printk(KERN_INFO "Not activating Mandatory Access Control now " 1776 "since %s doesn't exist.\n", tomoyo_loader); 1777 return false; 1778 } 1779 path_put(&path); 1780 return true; 1781 } 1782 1783 /** 1784 * tomoyo_load_policy - Run external policy loader to load policy. 1785 * 1786 * @filename: The program about to start. 1787 * 1788 * This function checks whether @filename is /sbin/init , and if so 1789 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init 1790 * and then continues invocation of /sbin/init. 1791 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and 1792 * writes to /sys/kernel/security/tomoyo/ interfaces. 1793 * 1794 * Returns nothing. 1795 */ 1796 void tomoyo_load_policy(const char *filename) 1797 { 1798 char *argv[2]; 1799 char *envp[3]; 1800 1801 if (tomoyo_policy_loaded) 1802 return; 1803 /* 1804 * Check filename is /sbin/init or /sbin/tomoyo-start. 1805 * /sbin/tomoyo-start is a dummy filename in case where /sbin/init can't 1806 * be passed. 1807 * You can create /sbin/tomoyo-start by 1808 * "ln -s /bin/true /sbin/tomoyo-start". 1809 */ 1810 if (strcmp(filename, "/sbin/init") && 1811 strcmp(filename, "/sbin/tomoyo-start")) 1812 return; 1813 if (!tomoyo_policy_loader_exists()) 1814 return; 1815 1816 printk(KERN_INFO "Calling %s to load policy. Please wait.\n", 1817 tomoyo_loader); 1818 argv[0] = (char *) tomoyo_loader; 1819 argv[1] = NULL; 1820 envp[0] = "HOME=/"; 1821 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; 1822 envp[2] = NULL; 1823 call_usermodehelper(argv[0], argv, envp, 1); 1824 1825 printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n"); 1826 printk(KERN_INFO "Mandatory Access Control activated.\n"); 1827 tomoyo_policy_loaded = true; 1828 { /* Check all profiles currently assigned to domains are defined. */ 1829 struct tomoyo_domain_info *domain; 1830 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1831 const u8 profile = domain->profile; 1832 if (tomoyo_profile_ptr[profile]) 1833 continue; 1834 panic("Profile %u (used by '%s') not defined.\n", 1835 profile, domain->domainname->name); 1836 } 1837 } 1838 } 1839 1840 /** 1841 * tomoyo_read_version: Get version. 1842 * 1843 * @head: Pointer to "struct tomoyo_io_buffer". 1844 * 1845 * Returns version information. 1846 */ 1847 static int tomoyo_read_version(struct tomoyo_io_buffer *head) 1848 { 1849 if (!head->read_eof) { 1850 tomoyo_io_printf(head, "2.2.0"); 1851 head->read_eof = true; 1852 } 1853 return 0; 1854 } 1855 1856 /** 1857 * tomoyo_read_self_domain - Get the current process's domainname. 1858 * 1859 * @head: Pointer to "struct tomoyo_io_buffer". 1860 * 1861 * Returns the current process's domainname. 1862 */ 1863 static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head) 1864 { 1865 if (!head->read_eof) { 1866 /* 1867 * tomoyo_domain()->domainname != NULL 1868 * because every process belongs to a domain and 1869 * the domain's name cannot be NULL. 1870 */ 1871 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name); 1872 head->read_eof = true; 1873 } 1874 return 0; 1875 } 1876 1877 /** 1878 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface. 1879 * 1880 * @type: Type of interface. 1881 * @file: Pointer to "struct file". 1882 * 1883 * Associates policy handler and returns 0 on success, -ENOMEM otherwise. 1884 * 1885 * Caller acquires tomoyo_read_lock(). 1886 */ 1887 static int tomoyo_open_control(const u8 type, struct file *file) 1888 { 1889 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_KERNEL); 1890 1891 if (!head) 1892 return -ENOMEM; 1893 mutex_init(&head->io_sem); 1894 switch (type) { 1895 case TOMOYO_DOMAINPOLICY: 1896 /* /sys/kernel/security/tomoyo/domain_policy */ 1897 head->write = tomoyo_write_domain_policy; 1898 head->read = tomoyo_read_domain_policy; 1899 break; 1900 case TOMOYO_EXCEPTIONPOLICY: 1901 /* /sys/kernel/security/tomoyo/exception_policy */ 1902 head->write = tomoyo_write_exception_policy; 1903 head->read = tomoyo_read_exception_policy; 1904 break; 1905 case TOMOYO_SELFDOMAIN: 1906 /* /sys/kernel/security/tomoyo/self_domain */ 1907 head->read = tomoyo_read_self_domain; 1908 break; 1909 case TOMOYO_DOMAIN_STATUS: 1910 /* /sys/kernel/security/tomoyo/.domain_status */ 1911 head->write = tomoyo_write_domain_profile; 1912 head->read = tomoyo_read_domain_profile; 1913 break; 1914 case TOMOYO_PROCESS_STATUS: 1915 /* /sys/kernel/security/tomoyo/.process_status */ 1916 head->write = tomoyo_write_pid; 1917 head->read = tomoyo_read_pid; 1918 break; 1919 case TOMOYO_VERSION: 1920 /* /sys/kernel/security/tomoyo/version */ 1921 head->read = tomoyo_read_version; 1922 head->readbuf_size = 128; 1923 break; 1924 case TOMOYO_MEMINFO: 1925 /* /sys/kernel/security/tomoyo/meminfo */ 1926 head->write = tomoyo_write_memory_quota; 1927 head->read = tomoyo_read_memory_counter; 1928 head->readbuf_size = 512; 1929 break; 1930 case TOMOYO_PROFILE: 1931 /* /sys/kernel/security/tomoyo/profile */ 1932 head->write = tomoyo_write_profile; 1933 head->read = tomoyo_read_profile; 1934 break; 1935 case TOMOYO_MANAGER: 1936 /* /sys/kernel/security/tomoyo/manager */ 1937 head->write = tomoyo_write_manager_policy; 1938 head->read = tomoyo_read_manager_policy; 1939 break; 1940 } 1941 if (!(file->f_mode & FMODE_READ)) { 1942 /* 1943 * No need to allocate read_buf since it is not opened 1944 * for reading. 1945 */ 1946 head->read = NULL; 1947 } else { 1948 if (!head->readbuf_size) 1949 head->readbuf_size = 4096 * 2; 1950 head->read_buf = kzalloc(head->readbuf_size, GFP_KERNEL); 1951 if (!head->read_buf) { 1952 kfree(head); 1953 return -ENOMEM; 1954 } 1955 } 1956 if (!(file->f_mode & FMODE_WRITE)) { 1957 /* 1958 * No need to allocate write_buf since it is not opened 1959 * for writing. 1960 */ 1961 head->write = NULL; 1962 } else if (head->write) { 1963 head->writebuf_size = 4096 * 2; 1964 head->write_buf = kzalloc(head->writebuf_size, GFP_KERNEL); 1965 if (!head->write_buf) { 1966 kfree(head->read_buf); 1967 kfree(head); 1968 return -ENOMEM; 1969 } 1970 } 1971 head->reader_idx = tomoyo_read_lock(); 1972 file->private_data = head; 1973 /* 1974 * Call the handler now if the file is 1975 * /sys/kernel/security/tomoyo/self_domain 1976 * so that the user can use 1977 * cat < /sys/kernel/security/tomoyo/self_domain" 1978 * to know the current process's domainname. 1979 */ 1980 if (type == TOMOYO_SELFDOMAIN) 1981 tomoyo_read_control(file, NULL, 0); 1982 return 0; 1983 } 1984 1985 /** 1986 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 1987 * 1988 * @file: Pointer to "struct file". 1989 * @buffer: Poiner to buffer to write to. 1990 * @buffer_len: Size of @buffer. 1991 * 1992 * Returns bytes read on success, negative value otherwise. 1993 * 1994 * Caller holds tomoyo_read_lock(). 1995 */ 1996 static int tomoyo_read_control(struct file *file, char __user *buffer, 1997 const int buffer_len) 1998 { 1999 int len = 0; 2000 struct tomoyo_io_buffer *head = file->private_data; 2001 char *cp; 2002 2003 if (!head->read) 2004 return -ENOSYS; 2005 if (mutex_lock_interruptible(&head->io_sem)) 2006 return -EINTR; 2007 /* Call the policy handler. */ 2008 len = head->read(head); 2009 if (len < 0) 2010 goto out; 2011 /* Write to buffer. */ 2012 len = head->read_avail; 2013 if (len > buffer_len) 2014 len = buffer_len; 2015 if (!len) 2016 goto out; 2017 /* head->read_buf changes by some functions. */ 2018 cp = head->read_buf; 2019 if (copy_to_user(buffer, cp, len)) { 2020 len = -EFAULT; 2021 goto out; 2022 } 2023 head->read_avail -= len; 2024 memmove(cp, cp + len, head->read_avail); 2025 out: 2026 mutex_unlock(&head->io_sem); 2027 return len; 2028 } 2029 2030 /** 2031 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface. 2032 * 2033 * @file: Pointer to "struct file". 2034 * @buffer: Pointer to buffer to read from. 2035 * @buffer_len: Size of @buffer. 2036 * 2037 * Returns @buffer_len on success, negative value otherwise. 2038 * 2039 * Caller holds tomoyo_read_lock(). 2040 */ 2041 static int tomoyo_write_control(struct file *file, const char __user *buffer, 2042 const int buffer_len) 2043 { 2044 struct tomoyo_io_buffer *head = file->private_data; 2045 int error = buffer_len; 2046 int avail_len = buffer_len; 2047 char *cp0 = head->write_buf; 2048 2049 if (!head->write) 2050 return -ENOSYS; 2051 if (!access_ok(VERIFY_READ, buffer, buffer_len)) 2052 return -EFAULT; 2053 /* Don't allow updating policies by non manager programs. */ 2054 if (head->write != tomoyo_write_pid && 2055 head->write != tomoyo_write_domain_policy && 2056 !tomoyo_is_policy_manager()) 2057 return -EPERM; 2058 if (mutex_lock_interruptible(&head->io_sem)) 2059 return -EINTR; 2060 /* Read a line and dispatch it to the policy handler. */ 2061 while (avail_len > 0) { 2062 char c; 2063 if (head->write_avail >= head->writebuf_size - 1) { 2064 error = -ENOMEM; 2065 break; 2066 } else if (get_user(c, buffer)) { 2067 error = -EFAULT; 2068 break; 2069 } 2070 buffer++; 2071 avail_len--; 2072 cp0[head->write_avail++] = c; 2073 if (c != '\n') 2074 continue; 2075 cp0[head->write_avail - 1] = '\0'; 2076 head->write_avail = 0; 2077 tomoyo_normalize_line(cp0); 2078 head->write(head); 2079 } 2080 mutex_unlock(&head->io_sem); 2081 return error; 2082 } 2083 2084 /** 2085 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface. 2086 * 2087 * @file: Pointer to "struct file". 2088 * 2089 * Releases memory and returns 0. 2090 * 2091 * Caller looses tomoyo_read_lock(). 2092 */ 2093 static int tomoyo_close_control(struct file *file) 2094 { 2095 struct tomoyo_io_buffer *head = file->private_data; 2096 const bool is_write = !!head->write_buf; 2097 2098 tomoyo_read_unlock(head->reader_idx); 2099 /* Release memory used for policy I/O. */ 2100 kfree(head->read_buf); 2101 head->read_buf = NULL; 2102 kfree(head->write_buf); 2103 head->write_buf = NULL; 2104 kfree(head); 2105 head = NULL; 2106 file->private_data = NULL; 2107 if (is_write) 2108 tomoyo_run_gc(); 2109 return 0; 2110 } 2111 2112 /** 2113 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. 2114 * 2115 * @inode: Pointer to "struct inode". 2116 * @file: Pointer to "struct file". 2117 * 2118 * Returns 0 on success, negative value otherwise. 2119 */ 2120 static int tomoyo_open(struct inode *inode, struct file *file) 2121 { 2122 const int key = ((u8 *) file->f_path.dentry->d_inode->i_private) 2123 - ((u8 *) NULL); 2124 return tomoyo_open_control(key, file); 2125 } 2126 2127 /** 2128 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. 2129 * 2130 * @inode: Pointer to "struct inode". 2131 * @file: Pointer to "struct file". 2132 * 2133 * Returns 0 on success, negative value otherwise. 2134 */ 2135 static int tomoyo_release(struct inode *inode, struct file *file) 2136 { 2137 return tomoyo_close_control(file); 2138 } 2139 2140 /** 2141 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. 2142 * 2143 * @file: Pointer to "struct file". 2144 * @buf: Pointer to buffer. 2145 * @count: Size of @buf. 2146 * @ppos: Unused. 2147 * 2148 * Returns bytes read on success, negative value otherwise. 2149 */ 2150 static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, 2151 loff_t *ppos) 2152 { 2153 return tomoyo_read_control(file, buf, count); 2154 } 2155 2156 /** 2157 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. 2158 * 2159 * @file: Pointer to "struct file". 2160 * @buf: Pointer to buffer. 2161 * @count: Size of @buf. 2162 * @ppos: Unused. 2163 * 2164 * Returns @count on success, negative value otherwise. 2165 */ 2166 static ssize_t tomoyo_write(struct file *file, const char __user *buf, 2167 size_t count, loff_t *ppos) 2168 { 2169 return tomoyo_write_control(file, buf, count); 2170 } 2171 2172 /* 2173 * tomoyo_operations is a "struct file_operations" which is used for handling 2174 * /sys/kernel/security/tomoyo/ interface. 2175 * 2176 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR). 2177 * See tomoyo_io_buffer for internals. 2178 */ 2179 static const struct file_operations tomoyo_operations = { 2180 .open = tomoyo_open, 2181 .release = tomoyo_release, 2182 .read = tomoyo_read, 2183 .write = tomoyo_write, 2184 }; 2185 2186 /** 2187 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory. 2188 * 2189 * @name: The name of the interface file. 2190 * @mode: The permission of the interface file. 2191 * @parent: The parent directory. 2192 * @key: Type of interface. 2193 * 2194 * Returns nothing. 2195 */ 2196 static void __init tomoyo_create_entry(const char *name, const mode_t mode, 2197 struct dentry *parent, const u8 key) 2198 { 2199 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, 2200 &tomoyo_operations); 2201 } 2202 2203 /** 2204 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. 2205 * 2206 * Returns 0. 2207 */ 2208 static int __init tomoyo_initerface_init(void) 2209 { 2210 struct dentry *tomoyo_dir; 2211 2212 /* Don't create securityfs entries unless registered. */ 2213 if (current_cred()->security != &tomoyo_kernel_domain) 2214 return 0; 2215 2216 tomoyo_dir = securityfs_create_dir("tomoyo", NULL); 2217 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir, 2218 TOMOYO_DOMAINPOLICY); 2219 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir, 2220 TOMOYO_EXCEPTIONPOLICY); 2221 tomoyo_create_entry("self_domain", 0400, tomoyo_dir, 2222 TOMOYO_SELFDOMAIN); 2223 tomoyo_create_entry(".domain_status", 0600, tomoyo_dir, 2224 TOMOYO_DOMAIN_STATUS); 2225 tomoyo_create_entry(".process_status", 0600, tomoyo_dir, 2226 TOMOYO_PROCESS_STATUS); 2227 tomoyo_create_entry("meminfo", 0600, tomoyo_dir, 2228 TOMOYO_MEMINFO); 2229 tomoyo_create_entry("profile", 0600, tomoyo_dir, 2230 TOMOYO_PROFILE); 2231 tomoyo_create_entry("manager", 0600, tomoyo_dir, 2232 TOMOYO_MANAGER); 2233 tomoyo_create_entry("version", 0400, tomoyo_dir, 2234 TOMOYO_VERSION); 2235 return 0; 2236 } 2237 2238 fs_initcall(tomoyo_initerface_init); 2239