2 * security/tomoyo/common.c
4 * Common functions for TOMOYO.
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
8 * Version: 2.2.0 2009/04/01
12 #include <linux/uaccess.h>
13 #include <linux/security.h>
14 #include <linux/hardirq.h>
19 /* Has loading policy done? */
20 bool tomoyo_policy_loaded;
22 /* String table for functionality that takes 4 modes. */
23 static const char *tomoyo_mode_4[4] = {
24 "disabled", "learning", "permissive", "enforcing"
26 /* String table for functionality that takes 2 modes. */
27 static const char *tomoyo_mode_2[4] = {
28 "disabled", "enabled", "enabled", "enabled"
31 /* Table for profile. */
34 unsigned int current_value;
35 const unsigned int max_value;
36 } tomoyo_control_array[TOMOYO_MAX_CONTROL_INDEX] = {
37 [TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 },
38 [TOMOYO_MAX_ACCEPT_ENTRY] = { "MAX_ACCEPT_ENTRY", 2048, INT_MAX },
39 [TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 },
42 /* Profile table. Memory is allocated as needed. */
43 static struct tomoyo_profile {
44 unsigned int value[TOMOYO_MAX_CONTROL_INDEX];
45 const struct tomoyo_path_info *comment;
46 } *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES];
48 /* Permit policy management by non-root user? */
49 static bool tomoyo_manage_by_non_root;
51 /* Utility functions. */
53 /* Open operation for /sys/kernel/security/tomoyo/ interface. */
54 static int tomoyo_open_control(const u8 type, struct file *file);
55 /* Close /sys/kernel/security/tomoyo/ interface. */
56 static int tomoyo_close_control(struct file *file);
57 /* Read operation for /sys/kernel/security/tomoyo/ interface. */
58 static int tomoyo_read_control(struct file *file, char __user *buffer,
59 const int buffer_len);
60 /* Write operation for /sys/kernel/security/tomoyo/ interface. */
61 static int tomoyo_write_control(struct file *file, const char __user *buffer,
62 const int buffer_len);
65 * tomoyo_is_byte_range - Check whether the string isa \ooo style octal value.
67 * @str: Pointer to the string.
69 * Returns true if @str is a \ooo style octal value, false otherwise.
71 * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF.
72 * This function verifies that \ooo is in valid range.
74 static inline bool tomoyo_is_byte_range(const char *str)
76 return *str >= '0' && *str++ <= '3' &&
77 *str >= '0' && *str++ <= '7' &&
78 *str >= '0' && *str <= '7';
82 * tomoyo_is_alphabet_char - Check whether the character is an alphabet.
84 * @c: The character to check.
86 * Returns true if @c is an alphabet character, false otherwise.
88 static inline bool tomoyo_is_alphabet_char(const char c)
90 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z');
94 * tomoyo_make_byte - Make byte value from three octal characters.
96 * @c1: The first character.
97 * @c2: The second character.
98 * @c3: The third character.
100 * Returns byte value.
102 static inline u8 tomoyo_make_byte(const u8 c1, const u8 c2, const u8 c3)
104 return ((c1 - '0') << 6) + ((c2 - '0') << 3) + (c3 - '0');
108 * tomoyo_str_starts - Check whether the given string starts with the given keyword.
110 * @src: Pointer to pointer to the string.
111 * @find: Pointer to the keyword.
113 * Returns true if @src starts with @find, false otherwise.
115 * The @src is updated to point the first character after the @find
116 * if @src starts with @find.
118 static bool tomoyo_str_starts(char **src, const char *find)
120 const int len = strlen(find);
123 if (strncmp(tmp, find, len))
131 * tomoyo_normalize_line - Format string.
133 * @buffer: The line to normalize.
135 * Leading and trailing whitespaces are removed.
136 * Multiple whitespaces are packed into single space.
140 static void tomoyo_normalize_line(unsigned char *buffer)
142 unsigned char *sp = buffer;
143 unsigned char *dp = buffer;
146 while (tomoyo_is_invalid(*sp))
152 while (tomoyo_is_valid(*sp))
154 while (tomoyo_is_invalid(*sp))
161 * tomoyo_is_correct_path - Validate a pathname.
162 * @filename: The pathname to check.
163 * @start_type: Should the pathname start with '/'?
164 * 1 = must / -1 = must not / 0 = don't care
165 * @pattern_type: Can the pathname contain a wildcard?
166 * 1 = must / -1 = must not / 0 = don't care
167 * @end_type: Should the pathname end with '/'?
168 * 1 = must / -1 = must not / 0 = don't care
169 * @function: The name of function calling me.
171 * Check whether the given filename follows the naming rules.
172 * Returns true if @filename follows the naming rules, false otherwise.
174 bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
175 const s8 pattern_type, const s8 end_type,
176 const char *function)
178 bool contains_pattern = false;
182 const char *original_filename = filename;
187 if (start_type == 1) { /* Must start with '/' */
190 } else if (start_type == -1) { /* Must not start with '/' */
195 c = *(filename + strlen(filename) - 1);
196 if (end_type == 1) { /* Must end with '/' */
199 } else if (end_type == -1) { /* Must not end with '/' */
203 while ((c = *filename++) != '\0') {
205 switch ((c = *filename++)) {
206 case '\\': /* "\\" */
218 if (pattern_type == -1)
219 break; /* Must not contain pattern */
220 contains_pattern = true;
222 case '0': /* "\ooo" */
227 if (d < '0' || d > '7')
230 if (e < '0' || e > '7')
232 c = tomoyo_make_byte(c, d, e);
233 if (tomoyo_is_invalid(c))
234 continue; /* pattern is not \000 */
237 } else if (tomoyo_is_invalid(c)) {
241 if (pattern_type == 1) { /* Must contain pattern */
242 if (!contains_pattern)
247 printk(KERN_DEBUG "%s: Invalid pathname '%s'\n", function,
253 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules.
254 * @domainname: The domainname to check.
255 * @function: The name of function calling me.
257 * Returns true if @domainname follows the naming rules, false otherwise.
259 bool tomoyo_is_correct_domain(const unsigned char *domainname,
260 const char *function)
265 const char *org_domainname = domainname;
267 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME,
268 TOMOYO_ROOT_NAME_LEN))
270 domainname += TOMOYO_ROOT_NAME_LEN;
274 if (*domainname++ != ' ')
276 if (*domainname++ != '/')
278 while ((c = *domainname) != '\0' && c != ' ') {
283 case '\\': /* "\\" */
285 case '0': /* "\ooo" */
290 if (d < '0' || d > '7')
293 if (e < '0' || e > '7')
295 c = tomoyo_make_byte(c, d, e);
296 if (tomoyo_is_invalid(c))
297 /* pattern is not \000 */
301 } else if (tomoyo_is_invalid(c)) {
305 } while (*domainname);
308 printk(KERN_DEBUG "%s: Invalid domainname '%s'\n", function,
314 * tomoyo_is_domain_def - Check whether the given token can be a domainname.
316 * @buffer: The token to check.
318 * Returns true if @buffer possibly be a domainname, false otherwise.
320 bool tomoyo_is_domain_def(const unsigned char *buffer)
322 return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN);
326 * tomoyo_find_domain - Find a domain by the given name.
328 * @domainname: The domainname to find.
330 * Caller must call down_read(&tomoyo_domain_list_lock); or
331 * down_write(&tomoyo_domain_list_lock); .
333 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise.
335 struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname)
337 struct tomoyo_domain_info *domain;
338 struct tomoyo_path_info name;
340 name.name = domainname;
341 tomoyo_fill_path_info(&name);
342 list_for_each_entry(domain, &tomoyo_domain_list, list) {
343 if (!domain->is_deleted &&
344 !tomoyo_pathcmp(&name, domain->domainname))
351 * tomoyo_path_depth - Evaluate the number of '/' in a string.
353 * @pathname: The string to evaluate.
355 * Returns path depth of the string.
357 * I score 2 for each of the '/' in the @pathname
358 * and score 1 if the @pathname ends with '/'.
360 static int tomoyo_path_depth(const char *pathname)
365 const char *ep = pathname + strlen(pathname);
366 if (pathname < ep--) {
369 while (pathname <= ep)
378 * tomoyo_const_part_length - Evaluate the initial length without a pattern in a token.
380 * @filename: The string to evaluate.
382 * Returns the initial length without a pattern in @filename.
384 static int tomoyo_const_part_length(const char *filename)
391 while ((c = *filename++) != '\0') {
398 case '\\': /* "\\" */
401 case '0': /* "\ooo" */
406 if (c < '0' || c > '7')
409 if (c < '0' || c > '7')
420 * tomoyo_fill_path_info - Fill in "struct tomoyo_path_info" members.
422 * @ptr: Pointer to "struct tomoyo_path_info" to fill in.
424 * The caller sets "struct tomoyo_path_info"->name.
426 void tomoyo_fill_path_info(struct tomoyo_path_info *ptr)
428 const char *name = ptr->name;
429 const int len = strlen(name);
431 ptr->total_len = len;
432 ptr->const_len = tomoyo_const_part_length(name);
433 ptr->is_dir = len && (name[len - 1] == '/');
434 ptr->is_patterned = (ptr->const_len < len);
435 ptr->hash = full_name_hash(name, len);
436 ptr->depth = tomoyo_path_depth(name);
440 * tomoyo_file_matches_to_pattern2 - Pattern matching without '/' character
443 * @filename: The start of string to check.
444 * @filename_end: The end of string to check.
445 * @pattern: The start of pattern to compare.
446 * @pattern_end: The end of pattern to compare.
448 * Returns true if @filename matches @pattern, false otherwise.
450 static bool tomoyo_file_matches_to_pattern2(const char *filename,
451 const char *filename_end,
453 const char *pattern_end)
455 while (filename < filename_end && pattern < pattern_end) {
457 if (*pattern != '\\') {
458 if (*filename++ != *pattern++)
470 } else if (c == '\\') {
471 if (filename[1] == '\\')
473 else if (tomoyo_is_byte_range(filename + 1))
482 if (*++filename != '\\')
494 if (!tomoyo_is_alphabet_char(c))
501 if (c == '\\' && tomoyo_is_byte_range(filename + 1)
502 && strncmp(filename + 1, pattern, 3) == 0) {
507 return false; /* Not matched. */
510 for (i = 0; i <= filename_end - filename; i++) {
511 if (tomoyo_file_matches_to_pattern2(
512 filename + i, filename_end,
513 pattern + 1, pattern_end))
516 if (c == '.' && *pattern == '@')
520 if (filename[i + 1] == '\\')
522 else if (tomoyo_is_byte_range(filename + i + 1))
525 break; /* Bad pattern. */
527 return false; /* Not matched. */
532 while (isdigit(filename[j]))
534 } else if (c == 'X') {
535 while (isxdigit(filename[j]))
537 } else if (c == 'A') {
538 while (tomoyo_is_alphabet_char(filename[j]))
541 for (i = 1; i <= j; i++) {
542 if (tomoyo_file_matches_to_pattern2(
543 filename + i, filename_end,
544 pattern + 1, pattern_end))
547 return false; /* Not matched or bad pattern. */
552 while (*pattern == '\\' &&
553 (*(pattern + 1) == '*' || *(pattern + 1) == '@'))
555 return filename == filename_end && pattern == pattern_end;
559 * tomoyo_file_matches_to_pattern - Pattern matching without without '/' character.
561 * @filename: The start of string to check.
562 * @filename_end: The end of string to check.
563 * @pattern: The start of pattern to compare.
564 * @pattern_end: The end of pattern to compare.
566 * Returns true if @filename matches @pattern, false otherwise.
568 static bool tomoyo_file_matches_to_pattern(const char *filename,
569 const char *filename_end,
571 const char *pattern_end)
573 const char *pattern_start = pattern;
577 while (pattern < pattern_end - 1) {
578 /* Split at "\-" pattern. */
579 if (*pattern++ != '\\' || *pattern++ != '-')
581 result = tomoyo_file_matches_to_pattern2(filename,
590 pattern_start = pattern;
592 result = tomoyo_file_matches_to_pattern2(filename, filename_end,
593 pattern_start, pattern_end);
594 return first ? result : !result;
598 * tomoyo_path_matches_pattern - Check whether the given filename matches the given pattern.
599 * @filename: The filename to check.
600 * @pattern: The pattern to compare.
602 * Returns true if matches, false otherwise.
604 * The following patterns are available.
606 * \ooo Octal representation of a byte.
607 * \* More than or equals to 0 character other than '/'.
608 * \@ More than or equals to 0 character other than '/' or '.'.
609 * \? 1 byte character other than '/'.
610 * \$ More than or equals to 1 decimal digit.
611 * \+ 1 decimal digit.
612 * \X More than or equals to 1 hexadecimal digit.
613 * \x 1 hexadecimal digit.
614 * \A More than or equals to 1 alphabet character.
615 * \a 1 alphabet character.
616 * \- Subtraction operator.
618 bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
619 const struct tomoyo_path_info *pattern)
622 if (!filename || !pattern)
625 const char *f = filename->name;
626 const char *p = pattern->name;
627 const int len = pattern->const_len;
629 /* If @pattern doesn't contain pattern, I can use strcmp(). */
630 if (!pattern->is_patterned)
631 return !tomoyo_pathcmp(filename, pattern);
632 /* Dont compare if the number of '/' differs. */
633 if (filename->depth != pattern->depth)
635 /* Compare the initial length without patterns. */
636 if (strncmp(f, p, len))
640 /* Main loop. Compare each directory component. */
642 const char *f_delimiter = strchr(f, '/');
643 const char *p_delimiter = strchr(p, '/');
645 f_delimiter = f + strlen(f);
647 p_delimiter = p + strlen(p);
648 if (!tomoyo_file_matches_to_pattern(f, f_delimiter,
658 /* Ignore trailing "\*" and "\@" in @pattern. */
660 (*(p + 1) == '*' || *(p + 1) == '@'))
666 * tomoyo_io_printf - Transactional printf() to "struct tomoyo_io_buffer" structure.
668 * @head: Pointer to "struct tomoyo_io_buffer".
669 * @fmt: The printf()'s format string, followed by parameters.
671 * Returns true if output was written, false otherwise.
673 * The snprintf() will truncate, but tomoyo_io_printf() won't.
675 bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
679 int pos = head->read_avail;
680 int size = head->readbuf_size - pos;
685 len = vsnprintf(head->read_buf + pos, size, fmt, args);
687 if (pos + len >= head->readbuf_size)
689 head->read_avail += len;
694 * tomoyo_get_exe - Get tomoyo_realpath() of current process.
696 * Returns the tomoyo_realpath() of current process on success, NULL otherwise.
698 * This function uses tomoyo_alloc(), so the caller must call tomoyo_free()
699 * if this function didn't return NULL.
701 static const char *tomoyo_get_exe(void)
703 struct mm_struct *mm = current->mm;
704 struct vm_area_struct *vma;
705 const char *cp = NULL;
709 down_read(&mm->mmap_sem);
710 for (vma = mm->mmap; vma; vma = vma->vm_next) {
711 if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {
712 cp = tomoyo_realpath_from_path(&vma->vm_file->f_path);
716 up_read(&mm->mmap_sem);
721 * tomoyo_get_msg - Get warning message.
723 * @is_enforce: Is it enforcing mode?
725 * Returns "ERROR" or "WARNING".
727 const char *tomoyo_get_msg(const bool is_enforce)
736 * tomoyo_check_flags - Check mode for specified functionality.
738 * @domain: Pointer to "struct tomoyo_domain_info".
739 * @index: The functionality to check mode.
741 * TOMOYO checks only process context.
742 * This code disables TOMOYO's enforcement in case the function is called from
745 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
748 const u8 profile = domain->profile;
750 if (WARN_ON(in_interrupt()))
752 return tomoyo_policy_loaded && index < TOMOYO_MAX_CONTROL_INDEX
753 #if TOMOYO_MAX_PROFILES != 256
754 && profile < TOMOYO_MAX_PROFILES
756 && tomoyo_profile_ptr[profile] ?
757 tomoyo_profile_ptr[profile]->value[index] : 0;
761 * tomoyo_verbose_mode - Check whether TOMOYO is verbose mode.
763 * @domain: Pointer to "struct tomoyo_domain_info".
765 * Returns true if domain policy violation warning should be printed to
768 bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain)
770 return tomoyo_check_flags(domain, TOMOYO_VERBOSE) != 0;
774 * tomoyo_domain_quota_is_ok - Check for domain's quota.
776 * @domain: Pointer to "struct tomoyo_domain_info".
778 * Returns true if the domain is not exceeded quota, false otherwise.
780 bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
782 unsigned int count = 0;
783 struct tomoyo_acl_info *ptr;
787 down_read(&tomoyo_domain_acl_info_list_lock);
788 list_for_each_entry(ptr, &domain->acl_info_list, list) {
789 if (ptr->type & TOMOYO_ACL_DELETED)
791 switch (tomoyo_acl_type2(ptr)) {
792 struct tomoyo_single_path_acl_record *acl1;
793 struct tomoyo_double_path_acl_record *acl2;
795 case TOMOYO_TYPE_SINGLE_PATH_ACL:
796 acl1 = container_of(ptr,
797 struct tomoyo_single_path_acl_record,
800 if (perm & (1 << TOMOYO_TYPE_EXECUTE_ACL))
803 ((1 << TOMOYO_TYPE_READ_ACL) |
804 (1 << TOMOYO_TYPE_WRITE_ACL)))
806 if (perm & (1 << TOMOYO_TYPE_CREATE_ACL))
808 if (perm & (1 << TOMOYO_TYPE_UNLINK_ACL))
810 if (perm & (1 << TOMOYO_TYPE_MKDIR_ACL))
812 if (perm & (1 << TOMOYO_TYPE_RMDIR_ACL))
814 if (perm & (1 << TOMOYO_TYPE_MKFIFO_ACL))
816 if (perm & (1 << TOMOYO_TYPE_MKSOCK_ACL))
818 if (perm & (1 << TOMOYO_TYPE_MKBLOCK_ACL))
820 if (perm & (1 << TOMOYO_TYPE_MKCHAR_ACL))
822 if (perm & (1 << TOMOYO_TYPE_TRUNCATE_ACL))
824 if (perm & (1 << TOMOYO_TYPE_SYMLINK_ACL))
826 if (perm & (1 << TOMOYO_TYPE_REWRITE_ACL))
829 case TOMOYO_TYPE_DOUBLE_PATH_ACL:
830 acl2 = container_of(ptr,
831 struct tomoyo_double_path_acl_record,
834 if (perm & (1 << TOMOYO_TYPE_LINK_ACL))
836 if (perm & (1 << TOMOYO_TYPE_RENAME_ACL))
841 up_read(&tomoyo_domain_acl_info_list_lock);
842 if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY))
844 if (!domain->quota_warned) {
845 domain->quota_warned = true;
846 printk(KERN_WARNING "TOMOYO-WARNING: "
847 "Domain '%s' has so many ACLs to hold. "
848 "Stopped learning mode.\n", domain->domainname->name);
854 * tomoyo_find_or_assign_new_profile - Create a new profile.
856 * @profile: Profile number to create.
858 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
860 static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
863 static DEFINE_MUTEX(lock);
864 struct tomoyo_profile *ptr = NULL;
867 if (profile >= TOMOYO_MAX_PROFILES)
870 ptr = tomoyo_profile_ptr[profile];
873 ptr = tomoyo_alloc_element(sizeof(*ptr));
876 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++)
877 ptr->value[i] = tomoyo_control_array[i].current_value;
878 mb(); /* Avoid out-of-order execution. */
879 tomoyo_profile_ptr[profile] = ptr;
886 * tomoyo_write_profile - Write to profile table.
888 * @head: Pointer to "struct tomoyo_io_buffer".
890 * Returns 0 on success, negative value otherwise.
892 static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
894 char *data = head->write_buf;
898 struct tomoyo_profile *profile;
901 cp = strchr(data, '-');
904 if (strict_strtoul(data, 10, &num))
908 profile = tomoyo_find_or_assign_new_profile(num);
911 cp = strchr(data, '=');
915 if (!strcmp(data, "COMMENT")) {
916 profile->comment = tomoyo_save_name(cp + 1);
919 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) {
920 if (strcmp(data, tomoyo_control_array[i].keyword))
922 if (sscanf(cp + 1, "%u", &value) != 1) {
927 modes = tomoyo_mode_2;
930 modes = tomoyo_mode_4;
933 for (j = 0; j < 4; j++) {
934 if (strcmp(cp + 1, modes[j]))
941 } else if (value > tomoyo_control_array[i].max_value) {
942 value = tomoyo_control_array[i].max_value;
944 profile->value[i] = value;
951 * tomoyo_read_profile - Read from profile table.
953 * @head: Pointer to "struct tomoyo_io_buffer".
957 static int tomoyo_read_profile(struct tomoyo_io_buffer *head)
959 static const int total = TOMOYO_MAX_CONTROL_INDEX + 1;
964 for (step = head->read_step; step < TOMOYO_MAX_PROFILES * total;
966 const u8 index = step / total;
967 u8 type = step % total;
968 const struct tomoyo_profile *profile
969 = tomoyo_profile_ptr[index];
970 head->read_step = step;
973 if (!type) { /* Print profile' comment tag. */
974 if (!tomoyo_io_printf(head, "%u-COMMENT=%s\n",
975 index, profile->comment ?
976 profile->comment->name : ""))
981 if (type < TOMOYO_MAX_CONTROL_INDEX) {
982 const unsigned int value = profile->value[type];
983 const char **modes = NULL;
985 = tomoyo_control_array[type].keyword;
986 switch (tomoyo_control_array[type].max_value) {
988 modes = tomoyo_mode_4;
991 modes = tomoyo_mode_2;
995 if (!tomoyo_io_printf(head, "%u-%s=%s\n", index,
996 keyword, modes[value]))
999 if (!tomoyo_io_printf(head, "%u-%s=%u\n", index,
1005 if (step == TOMOYO_MAX_PROFILES * total)
1006 head->read_eof = true;
1010 /* Structure for policy manager. */
1011 struct tomoyo_policy_manager_entry {
1012 struct list_head list;
1013 /* A path to program or a domainname. */
1014 const struct tomoyo_path_info *manager;
1015 bool is_domain; /* True if manager is a domainname. */
1016 bool is_deleted; /* True if this entry is deleted. */
1019 /* The list for "struct tomoyo_policy_manager_entry". */
1020 static LIST_HEAD(tomoyo_policy_manager_list);
1021 static DECLARE_RWSEM(tomoyo_policy_manager_list_lock);
1024 * tomoyo_update_manager_entry - Add a manager entry.
1026 * @manager: The path to manager or the domainnamme.
1027 * @is_delete: True if it is a delete request.
1029 * Returns 0 on success, negative value otherwise.
1031 static int tomoyo_update_manager_entry(const char *manager,
1032 const bool is_delete)
1034 struct tomoyo_policy_manager_entry *new_entry;
1035 struct tomoyo_policy_manager_entry *ptr;
1036 const struct tomoyo_path_info *saved_manager;
1037 int error = -ENOMEM;
1038 bool is_domain = false;
1040 if (tomoyo_is_domain_def(manager)) {
1041 if (!tomoyo_is_correct_domain(manager, __func__))
1045 if (!tomoyo_is_correct_path(manager, 1, -1, -1, __func__))
1048 saved_manager = tomoyo_save_name(manager);
1051 down_write(&tomoyo_policy_manager_list_lock);
1052 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
1053 if (ptr->manager != saved_manager)
1055 ptr->is_deleted = is_delete;
1063 new_entry = tomoyo_alloc_element(sizeof(*new_entry));
1066 new_entry->manager = saved_manager;
1067 new_entry->is_domain = is_domain;
1068 list_add_tail(&new_entry->list, &tomoyo_policy_manager_list);
1071 up_write(&tomoyo_policy_manager_list_lock);
1076 * tomoyo_write_manager_policy - Write manager policy.
1078 * @head: Pointer to "struct tomoyo_io_buffer".
1080 * Returns 0 on success, negative value otherwise.
1082 static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
1084 char *data = head->write_buf;
1085 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1087 if (!strcmp(data, "manage_by_non_root")) {
1088 tomoyo_manage_by_non_root = !is_delete;
1091 return tomoyo_update_manager_entry(data, is_delete);
1095 * tomoyo_read_manager_policy - Read manager policy.
1097 * @head: Pointer to "struct tomoyo_io_buffer".
1101 static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head)
1103 struct list_head *pos;
1108 down_read(&tomoyo_policy_manager_list_lock);
1109 list_for_each_cookie(pos, head->read_var2,
1110 &tomoyo_policy_manager_list) {
1111 struct tomoyo_policy_manager_entry *ptr;
1112 ptr = list_entry(pos, struct tomoyo_policy_manager_entry,
1114 if (ptr->is_deleted)
1116 done = tomoyo_io_printf(head, "%s\n", ptr->manager->name);
1120 up_read(&tomoyo_policy_manager_list_lock);
1121 head->read_eof = done;
1126 * tomoyo_is_policy_manager - Check whether the current process is a policy manager.
1128 * Returns true if the current process is permitted to modify policy
1129 * via /sys/kernel/security/tomoyo/ interface.
1131 static bool tomoyo_is_policy_manager(void)
1133 struct tomoyo_policy_manager_entry *ptr;
1135 const struct task_struct *task = current;
1136 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
1139 if (!tomoyo_policy_loaded)
1141 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
1143 down_read(&tomoyo_policy_manager_list_lock);
1144 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
1145 if (!ptr->is_deleted && ptr->is_domain
1146 && !tomoyo_pathcmp(domainname, ptr->manager)) {
1151 up_read(&tomoyo_policy_manager_list_lock);
1154 exe = tomoyo_get_exe();
1157 down_read(&tomoyo_policy_manager_list_lock);
1158 list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
1159 if (!ptr->is_deleted && !ptr->is_domain
1160 && !strcmp(exe, ptr->manager->name)) {
1165 up_read(&tomoyo_policy_manager_list_lock);
1166 if (!found) { /* Reduce error messages. */
1167 static pid_t last_pid;
1168 const pid_t pid = current->pid;
1169 if (last_pid != pid) {
1170 printk(KERN_WARNING "%s ( %s ) is not permitted to "
1171 "update policies.\n", domainname->name, exe);
1180 * tomoyo_is_select_one - Parse select command.
1182 * @head: Pointer to "struct tomoyo_io_buffer".
1183 * @data: String to parse.
1185 * Returns true on success, false otherwise.
1187 static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
1191 struct tomoyo_domain_info *domain = NULL;
1193 if (sscanf(data, "pid=%u", &pid) == 1) {
1194 struct task_struct *p;
1195 read_lock(&tasklist_lock);
1196 p = find_task_by_vpid(pid);
1198 domain = tomoyo_real_domain(p);
1199 read_unlock(&tasklist_lock);
1200 } else if (!strncmp(data, "domain=", 7)) {
1201 if (tomoyo_is_domain_def(data + 7)) {
1202 down_read(&tomoyo_domain_list_lock);
1203 domain = tomoyo_find_domain(data + 7);
1204 up_read(&tomoyo_domain_list_lock);
1208 head->write_var1 = domain;
1209 /* Accessing read_buf is safe because head->io_sem is held. */
1210 if (!head->read_buf)
1211 return true; /* Do nothing if open(O_WRONLY). */
1212 head->read_avail = 0;
1213 tomoyo_io_printf(head, "# select %s\n", data);
1214 head->read_single_domain = true;
1215 head->read_eof = !domain;
1217 struct tomoyo_domain_info *d;
1218 head->read_var1 = NULL;
1219 down_read(&tomoyo_domain_list_lock);
1220 list_for_each_entry(d, &tomoyo_domain_list, list) {
1223 head->read_var1 = &d->list;
1225 up_read(&tomoyo_domain_list_lock);
1226 head->read_var2 = NULL;
1228 head->read_step = 0;
1229 if (domain->is_deleted)
1230 tomoyo_io_printf(head, "# This is a deleted domain.\n");
1236 * tomoyo_write_domain_policy - Write domain policy.
1238 * @head: Pointer to "struct tomoyo_io_buffer".
1240 * Returns 0 on success, negative value otherwise.
1242 static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
1244 char *data = head->write_buf;
1245 struct tomoyo_domain_info *domain = head->write_var1;
1246 bool is_delete = false;
1247 bool is_select = false;
1248 unsigned int profile;
1250 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
1252 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
1254 if (is_select && tomoyo_is_select_one(head, data))
1256 /* Don't allow updating policies by non manager programs. */
1257 if (!tomoyo_is_policy_manager())
1259 if (tomoyo_is_domain_def(data)) {
1262 tomoyo_delete_domain(data);
1263 else if (is_select) {
1264 down_read(&tomoyo_domain_list_lock);
1265 domain = tomoyo_find_domain(data);
1266 up_read(&tomoyo_domain_list_lock);
1268 domain = tomoyo_find_or_assign_new_domain(data, 0);
1269 head->write_var1 = domain;
1275 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1
1276 && profile < TOMOYO_MAX_PROFILES) {
1277 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)
1278 domain->profile = (u8) profile;
1281 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
1282 tomoyo_set_domain_flag(domain, is_delete,
1283 TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ);
1286 return tomoyo_write_file_policy(data, domain, is_delete);
1290 * tomoyo_print_single_path_acl - Print a single path ACL entry.
1292 * @head: Pointer to "struct tomoyo_io_buffer".
1293 * @ptr: Pointer to "struct tomoyo_single_path_acl_record".
1295 * Returns true on success, false otherwise.
1297 static bool tomoyo_print_single_path_acl(struct tomoyo_io_buffer *head,
1298 struct tomoyo_single_path_acl_record *
1303 const char *atmark = "";
1304 const char *filename;
1305 const u16 perm = ptr->perm;
1307 filename = ptr->filename->name;
1308 for (bit = head->read_bit; bit < TOMOYO_MAX_SINGLE_PATH_OPERATION;
1311 if (!(perm & (1 << bit)))
1313 /* Print "read/write" instead of "read" and "write". */
1314 if ((bit == TOMOYO_TYPE_READ_ACL ||
1315 bit == TOMOYO_TYPE_WRITE_ACL)
1316 && (perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL)))
1318 msg = tomoyo_sp2keyword(bit);
1319 pos = head->read_avail;
1320 if (!tomoyo_io_printf(head, "allow_%s %s%s\n", msg,
1327 head->read_bit = bit;
1328 head->read_avail = pos;
1333 * tomoyo_print_double_path_acl - Print a double path ACL entry.
1335 * @head: Pointer to "struct tomoyo_io_buffer".
1336 * @ptr: Pointer to "struct tomoyo_double_path_acl_record".
1338 * Returns true on success, false otherwise.
1340 static bool tomoyo_print_double_path_acl(struct tomoyo_io_buffer *head,
1341 struct tomoyo_double_path_acl_record *
1345 const char *atmark1 = "";
1346 const char *atmark2 = "";
1347 const char *filename1;
1348 const char *filename2;
1349 const u8 perm = ptr->perm;
1352 filename1 = ptr->filename1->name;
1353 filename2 = ptr->filename2->name;
1354 for (bit = head->read_bit; bit < TOMOYO_MAX_DOUBLE_PATH_OPERATION;
1357 if (!(perm & (1 << bit)))
1359 msg = tomoyo_dp2keyword(bit);
1360 pos = head->read_avail;
1361 if (!tomoyo_io_printf(head, "allow_%s %s%s %s%s\n", msg,
1362 atmark1, filename1, atmark2, filename2))
1368 head->read_bit = bit;
1369 head->read_avail = pos;
1374 * tomoyo_print_entry - Print an ACL entry.
1376 * @head: Pointer to "struct tomoyo_io_buffer".
1377 * @ptr: Pointer to an ACL entry.
1379 * Returns true on success, false otherwise.
1381 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
1382 struct tomoyo_acl_info *ptr)
1384 const u8 acl_type = tomoyo_acl_type2(ptr);
1386 if (acl_type & TOMOYO_ACL_DELETED)
1388 if (acl_type == TOMOYO_TYPE_SINGLE_PATH_ACL) {
1389 struct tomoyo_single_path_acl_record *acl
1391 struct tomoyo_single_path_acl_record,
1393 return tomoyo_print_single_path_acl(head, acl);
1395 if (acl_type == TOMOYO_TYPE_DOUBLE_PATH_ACL) {
1396 struct tomoyo_double_path_acl_record *acl
1398 struct tomoyo_double_path_acl_record,
1400 return tomoyo_print_double_path_acl(head, acl);
1402 BUG(); /* This must not happen. */
1407 * tomoyo_read_domain_policy - Read domain policy.
1409 * @head: Pointer to "struct tomoyo_io_buffer".
1413 static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head)
1415 struct list_head *dpos;
1416 struct list_head *apos;
1421 if (head->read_step == 0)
1422 head->read_step = 1;
1423 down_read(&tomoyo_domain_list_lock);
1424 list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) {
1425 struct tomoyo_domain_info *domain;
1426 const char *quota_exceeded = "";
1427 const char *transition_failed = "";
1428 const char *ignore_global_allow_read = "";
1429 domain = list_entry(dpos, struct tomoyo_domain_info, list);
1430 if (head->read_step != 1)
1432 if (domain->is_deleted && !head->read_single_domain)
1434 /* Print domainname and flags. */
1435 if (domain->quota_warned)
1436 quota_exceeded = "quota_exceeded\n";
1437 if (domain->flags & TOMOYO_DOMAIN_FLAGS_TRANSITION_FAILED)
1438 transition_failed = "transition_failed\n";
1440 TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ)
1441 ignore_global_allow_read
1442 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n";
1443 done = tomoyo_io_printf(head, "%s\n" TOMOYO_KEYWORD_USE_PROFILE
1445 domain->domainname->name,
1446 domain->profile, quota_exceeded,
1448 ignore_global_allow_read);
1451 head->read_step = 2;
1453 if (head->read_step == 3)
1455 /* Print ACL entries in the domain. */
1456 down_read(&tomoyo_domain_acl_info_list_lock);
1457 list_for_each_cookie(apos, head->read_var2,
1458 &domain->acl_info_list) {
1459 struct tomoyo_acl_info *ptr
1460 = list_entry(apos, struct tomoyo_acl_info,
1462 done = tomoyo_print_entry(head, ptr);
1466 up_read(&tomoyo_domain_acl_info_list_lock);
1469 head->read_step = 3;
1471 done = tomoyo_io_printf(head, "\n");
1474 head->read_step = 1;
1475 if (head->read_single_domain)
1478 up_read(&tomoyo_domain_list_lock);
1479 head->read_eof = done;
1484 * tomoyo_write_domain_profile - Assign profile for specified domain.
1486 * @head: Pointer to "struct tomoyo_io_buffer".
1488 * Returns 0 on success, -EINVAL otherwise.
1490 * This is equivalent to doing
1492 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1493 * /usr/lib/ccs/loadpolicy -d
1495 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1497 char *data = head->write_buf;
1498 char *cp = strchr(data, ' ');
1499 struct tomoyo_domain_info *domain;
1500 unsigned long profile;
1505 down_read(&tomoyo_domain_list_lock);
1506 domain = tomoyo_find_domain(cp + 1);
1507 up_read(&tomoyo_domain_list_lock);
1508 if (strict_strtoul(data, 10, &profile))
1510 if (domain && profile < TOMOYO_MAX_PROFILES
1511 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded))
1512 domain->profile = (u8) profile;
1517 * tomoyo_read_domain_profile - Read only domainname and profile.
1519 * @head: Pointer to "struct tomoyo_io_buffer".
1521 * Returns list of profile number and domainname pairs.
1523 * This is equivalent to doing
1525 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1526 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1527 * domainname = $0; } else if ( $1 == "use_profile" ) {
1528 * print $2 " " domainname; domainname = ""; } } ; '
1530 static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1532 struct list_head *pos;
1537 down_read(&tomoyo_domain_list_lock);
1538 list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) {
1539 struct tomoyo_domain_info *domain;
1540 domain = list_entry(pos, struct tomoyo_domain_info, list);
1541 if (domain->is_deleted)
1543 done = tomoyo_io_printf(head, "%u %s\n", domain->profile,
1544 domain->domainname->name);
1548 up_read(&tomoyo_domain_list_lock);
1549 head->read_eof = done;
1554 * tomoyo_write_pid: Specify PID to obtain domainname.
1556 * @head: Pointer to "struct tomoyo_io_buffer".
1560 static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1563 /* No error check. */
1564 strict_strtoul(head->write_buf, 10, &pid);
1565 head->read_step = (int) pid;
1566 head->read_eof = false;
1571 * tomoyo_read_pid - Get domainname of the specified PID.
1573 * @head: Pointer to "struct tomoyo_io_buffer".
1575 * Returns the domainname which the specified PID is in on success,
1576 * empty string otherwise.
1577 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1578 * using read()/write() interface rather than sysctl() interface.
1580 static int tomoyo_read_pid(struct tomoyo_io_buffer *head)
1582 if (head->read_avail == 0 && !head->read_eof) {
1583 const int pid = head->read_step;
1584 struct task_struct *p;
1585 struct tomoyo_domain_info *domain = NULL;
1586 read_lock(&tasklist_lock);
1587 p = find_task_by_vpid(pid);
1589 domain = tomoyo_real_domain(p);
1590 read_unlock(&tasklist_lock);
1592 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile,
1593 domain->domainname->name);
1594 head->read_eof = true;
1600 * tomoyo_write_exception_policy - Write exception policy.
1602 * @head: Pointer to "struct tomoyo_io_buffer".
1604 * Returns 0 on success, negative value otherwise.
1606 static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
1608 char *data = head->write_buf;
1609 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1611 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_KEEP_DOMAIN))
1612 return tomoyo_write_domain_keeper_policy(data, false,
1614 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_KEEP_DOMAIN))
1615 return tomoyo_write_domain_keeper_policy(data, true, is_delete);
1616 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_INITIALIZE_DOMAIN))
1617 return tomoyo_write_domain_initializer_policy(data, false,
1619 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN))
1620 return tomoyo_write_domain_initializer_policy(data, true,
1622 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS))
1623 return tomoyo_write_alias_policy(data, is_delete);
1624 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ))
1625 return tomoyo_write_globally_readable_policy(data, is_delete);
1626 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN))
1627 return tomoyo_write_pattern_policy(data, is_delete);
1628 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE))
1629 return tomoyo_write_no_rewrite_policy(data, is_delete);
1634 * tomoyo_read_exception_policy - Read exception policy.
1636 * @head: Pointer to "struct tomoyo_io_buffer".
1638 * Returns 0 on success, -EINVAL otherwise.
1640 static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head)
1642 if (!head->read_eof) {
1643 switch (head->read_step) {
1645 head->read_var2 = NULL;
1646 head->read_step = 1;
1648 if (!tomoyo_read_domain_keeper_policy(head))
1650 head->read_var2 = NULL;
1651 head->read_step = 2;
1653 if (!tomoyo_read_globally_readable_policy(head))
1655 head->read_var2 = NULL;
1656 head->read_step = 3;
1658 head->read_var2 = NULL;
1659 head->read_step = 4;
1661 if (!tomoyo_read_domain_initializer_policy(head))
1663 head->read_var2 = NULL;
1664 head->read_step = 5;
1666 if (!tomoyo_read_alias_policy(head))
1668 head->read_var2 = NULL;
1669 head->read_step = 6;
1671 head->read_var2 = NULL;
1672 head->read_step = 7;
1674 if (!tomoyo_read_file_pattern(head))
1676 head->read_var2 = NULL;
1677 head->read_step = 8;
1679 if (!tomoyo_read_no_rewrite_policy(head))
1681 head->read_var2 = NULL;
1682 head->read_step = 9;
1684 head->read_eof = true;
1693 /* path to policy loader */
1694 static const char *tomoyo_loader = "/sbin/tomoyo-init";
1697 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
1699 * Returns true if /sbin/tomoyo-init exists, false otherwise.
1701 static bool tomoyo_policy_loader_exists(void)
1704 * Don't activate MAC if the policy loader doesn't exist.
1705 * If the initrd includes /sbin/init but real-root-dev has not
1706 * mounted on / yet, activating MAC will block the system since
1707 * policies are not loaded yet.
1708 * Thus, let do_execve() call this function everytime.
1712 if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
1713 printk(KERN_INFO "Not activating Mandatory Access Control now "
1714 "since %s doesn't exist.\n", tomoyo_loader);
1722 * tomoyo_load_policy - Run external policy loader to load policy.
1724 * @filename: The program about to start.
1726 * This function checks whether @filename is /sbin/init , and if so
1727 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
1728 * and then continues invocation of /sbin/init.
1729 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
1730 * writes to /sys/kernel/security/tomoyo/ interfaces.
1734 void tomoyo_load_policy(const char *filename)
1739 if (tomoyo_policy_loaded)
1742 * Check filename is /sbin/init or /sbin/tomoyo-start.
1743 * /sbin/tomoyo-start is a dummy filename in case where /sbin/init can't
1745 * You can create /sbin/tomoyo-start by
1746 * "ln -s /bin/true /sbin/tomoyo-start".
1748 if (strcmp(filename, "/sbin/init") &&
1749 strcmp(filename, "/sbin/tomoyo-start"))
1751 if (!tomoyo_policy_loader_exists())
1754 printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
1756 argv[0] = (char *) tomoyo_loader;
1759 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
1761 call_usermodehelper(argv[0], argv, envp, 1);
1763 printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n");
1764 printk(KERN_INFO "Mandatory Access Control activated.\n");
1765 tomoyo_policy_loaded = true;
1766 { /* Check all profiles currently assigned to domains are defined. */
1767 struct tomoyo_domain_info *domain;
1768 down_read(&tomoyo_domain_list_lock);
1769 list_for_each_entry(domain, &tomoyo_domain_list, list) {
1770 const u8 profile = domain->profile;
1771 if (tomoyo_profile_ptr[profile])
1773 panic("Profile %u (used by '%s') not defined.\n",
1774 profile, domain->domainname->name);
1776 up_read(&tomoyo_domain_list_lock);
1781 * tomoyo_read_version: Get version.
1783 * @head: Pointer to "struct tomoyo_io_buffer".
1785 * Returns version information.
1787 static int tomoyo_read_version(struct tomoyo_io_buffer *head)
1789 if (!head->read_eof) {
1790 tomoyo_io_printf(head, "2.2.0");
1791 head->read_eof = true;
1797 * tomoyo_read_self_domain - Get the current process's domainname.
1799 * @head: Pointer to "struct tomoyo_io_buffer".
1801 * Returns the current process's domainname.
1803 static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1805 if (!head->read_eof) {
1807 * tomoyo_domain()->domainname != NULL
1808 * because every process belongs to a domain and
1809 * the domain's name cannot be NULL.
1811 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1812 head->read_eof = true;
1818 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1820 * @type: Type of interface.
1821 * @file: Pointer to "struct file".
1823 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
1825 static int tomoyo_open_control(const u8 type, struct file *file)
1827 struct tomoyo_io_buffer *head = tomoyo_alloc(sizeof(*head));
1831 mutex_init(&head->io_sem);
1833 case TOMOYO_DOMAINPOLICY:
1834 /* /sys/kernel/security/tomoyo/domain_policy */
1835 head->write = tomoyo_write_domain_policy;
1836 head->read = tomoyo_read_domain_policy;
1838 case TOMOYO_EXCEPTIONPOLICY:
1839 /* /sys/kernel/security/tomoyo/exception_policy */
1840 head->write = tomoyo_write_exception_policy;
1841 head->read = tomoyo_read_exception_policy;
1843 case TOMOYO_SELFDOMAIN:
1844 /* /sys/kernel/security/tomoyo/self_domain */
1845 head->read = tomoyo_read_self_domain;
1847 case TOMOYO_DOMAIN_STATUS:
1848 /* /sys/kernel/security/tomoyo/.domain_status */
1849 head->write = tomoyo_write_domain_profile;
1850 head->read = tomoyo_read_domain_profile;
1852 case TOMOYO_PROCESS_STATUS:
1853 /* /sys/kernel/security/tomoyo/.process_status */
1854 head->write = tomoyo_write_pid;
1855 head->read = tomoyo_read_pid;
1857 case TOMOYO_VERSION:
1858 /* /sys/kernel/security/tomoyo/version */
1859 head->read = tomoyo_read_version;
1860 head->readbuf_size = 128;
1862 case TOMOYO_MEMINFO:
1863 /* /sys/kernel/security/tomoyo/meminfo */
1864 head->write = tomoyo_write_memory_quota;
1865 head->read = tomoyo_read_memory_counter;
1866 head->readbuf_size = 512;
1868 case TOMOYO_PROFILE:
1869 /* /sys/kernel/security/tomoyo/profile */
1870 head->write = tomoyo_write_profile;
1871 head->read = tomoyo_read_profile;
1873 case TOMOYO_MANAGER:
1874 /* /sys/kernel/security/tomoyo/manager */
1875 head->write = tomoyo_write_manager_policy;
1876 head->read = tomoyo_read_manager_policy;
1879 if (!(file->f_mode & FMODE_READ)) {
1881 * No need to allocate read_buf since it is not opened
1886 if (!head->readbuf_size)
1887 head->readbuf_size = 4096 * 2;
1888 head->read_buf = tomoyo_alloc(head->readbuf_size);
1889 if (!head->read_buf) {
1894 if (!(file->f_mode & FMODE_WRITE)) {
1896 * No need to allocate write_buf since it is not opened
1900 } else if (head->write) {
1901 head->writebuf_size = 4096 * 2;
1902 head->write_buf = tomoyo_alloc(head->writebuf_size);
1903 if (!head->write_buf) {
1904 tomoyo_free(head->read_buf);
1909 file->private_data = head;
1911 * Call the handler now if the file is
1912 * /sys/kernel/security/tomoyo/self_domain
1913 * so that the user can use
1914 * cat < /sys/kernel/security/tomoyo/self_domain"
1915 * to know the current process's domainname.
1917 if (type == TOMOYO_SELFDOMAIN)
1918 tomoyo_read_control(file, NULL, 0);
1923 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
1925 * @file: Pointer to "struct file".
1926 * @buffer: Poiner to buffer to write to.
1927 * @buffer_len: Size of @buffer.
1929 * Returns bytes read on success, negative value otherwise.
1931 static int tomoyo_read_control(struct file *file, char __user *buffer,
1932 const int buffer_len)
1935 struct tomoyo_io_buffer *head = file->private_data;
1940 if (mutex_lock_interruptible(&head->io_sem))
1942 /* Call the policy handler. */
1943 len = head->read(head);
1946 /* Write to buffer. */
1947 len = head->read_avail;
1948 if (len > buffer_len)
1952 /* head->read_buf changes by some functions. */
1953 cp = head->read_buf;
1954 if (copy_to_user(buffer, cp, len)) {
1958 head->read_avail -= len;
1959 memmove(cp, cp + len, head->read_avail);
1961 mutex_unlock(&head->io_sem);
1966 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
1968 * @file: Pointer to "struct file".
1969 * @buffer: Pointer to buffer to read from.
1970 * @buffer_len: Size of @buffer.
1972 * Returns @buffer_len on success, negative value otherwise.
1974 static int tomoyo_write_control(struct file *file, const char __user *buffer,
1975 const int buffer_len)
1977 struct tomoyo_io_buffer *head = file->private_data;
1978 int error = buffer_len;
1979 int avail_len = buffer_len;
1980 char *cp0 = head->write_buf;
1984 if (!access_ok(VERIFY_READ, buffer, buffer_len))
1986 /* Don't allow updating policies by non manager programs. */
1987 if (head->write != tomoyo_write_pid &&
1988 head->write != tomoyo_write_domain_policy &&
1989 !tomoyo_is_policy_manager())
1991 if (mutex_lock_interruptible(&head->io_sem))
1993 /* Read a line and dispatch it to the policy handler. */
1994 while (avail_len > 0) {
1996 if (head->write_avail >= head->writebuf_size - 1) {
1999 } else if (get_user(c, buffer)) {
2005 cp0[head->write_avail++] = c;
2008 cp0[head->write_avail - 1] = '\0';
2009 head->write_avail = 0;
2010 tomoyo_normalize_line(cp0);
2013 mutex_unlock(&head->io_sem);
2018 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
2020 * @file: Pointer to "struct file".
2022 * Releases memory and returns 0.
2024 static int tomoyo_close_control(struct file *file)
2026 struct tomoyo_io_buffer *head = file->private_data;
2028 /* Release memory used for policy I/O. */
2029 tomoyo_free(head->read_buf);
2030 head->read_buf = NULL;
2031 tomoyo_free(head->write_buf);
2032 head->write_buf = NULL;
2035 file->private_data = NULL;
2040 * tomoyo_alloc_acl_element - Allocate permanent memory for ACL entry.
2042 * @acl_type: Type of ACL entry.
2044 * Returns pointer to the ACL entry on success, NULL otherwise.
2046 void *tomoyo_alloc_acl_element(const u8 acl_type)
2049 struct tomoyo_acl_info *ptr;
2052 case TOMOYO_TYPE_SINGLE_PATH_ACL:
2053 len = sizeof(struct tomoyo_single_path_acl_record);
2055 case TOMOYO_TYPE_DOUBLE_PATH_ACL:
2056 len = sizeof(struct tomoyo_double_path_acl_record);
2061 ptr = tomoyo_alloc_element(len);
2064 ptr->type = acl_type;
2069 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
2071 * @inode: Pointer to "struct inode".
2072 * @file: Pointer to "struct file".
2074 * Returns 0 on success, negative value otherwise.
2076 static int tomoyo_open(struct inode *inode, struct file *file)
2078 const int key = ((u8 *) file->f_path.dentry->d_inode->i_private)
2080 return tomoyo_open_control(key, file);
2084 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
2086 * @inode: Pointer to "struct inode".
2087 * @file: Pointer to "struct file".
2089 * Returns 0 on success, negative value otherwise.
2091 static int tomoyo_release(struct inode *inode, struct file *file)
2093 return tomoyo_close_control(file);
2097 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
2099 * @file: Pointer to "struct file".
2100 * @buf: Pointer to buffer.
2101 * @count: Size of @buf.
2104 * Returns bytes read on success, negative value otherwise.
2106 static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
2109 return tomoyo_read_control(file, buf, count);
2113 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
2115 * @file: Pointer to "struct file".
2116 * @buf: Pointer to buffer.
2117 * @count: Size of @buf.
2120 * Returns @count on success, negative value otherwise.
2122 static ssize_t tomoyo_write(struct file *file, const char __user *buf,
2123 size_t count, loff_t *ppos)
2125 return tomoyo_write_control(file, buf, count);
2128 /* Operations for /sys/kernel/security/tomoyo/ interface. */
2129 static const struct file_operations tomoyo_operations = {
2130 .open = tomoyo_open,
2131 .release = tomoyo_release,
2132 .read = tomoyo_read,
2133 .write = tomoyo_write,
2137 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
2139 * @name: The name of the interface file.
2140 * @mode: The permission of the interface file.
2141 * @parent: The parent directory.
2142 * @key: Type of interface.
2146 static void __init tomoyo_create_entry(const char *name, const mode_t mode,
2147 struct dentry *parent, const u8 key)
2149 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
2150 &tomoyo_operations);
2154 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
2158 static int __init tomoyo_initerface_init(void)
2160 struct dentry *tomoyo_dir;
2162 /* Don't create securityfs entries unless registered. */
2163 if (current_cred()->security != &tomoyo_kernel_domain)
2166 tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
2167 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
2168 TOMOYO_DOMAINPOLICY);
2169 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
2170 TOMOYO_EXCEPTIONPOLICY);
2171 tomoyo_create_entry("self_domain", 0400, tomoyo_dir,
2173 tomoyo_create_entry(".domain_status", 0600, tomoyo_dir,
2174 TOMOYO_DOMAIN_STATUS);
2175 tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
2176 TOMOYO_PROCESS_STATUS);
2177 tomoyo_create_entry("meminfo", 0600, tomoyo_dir,
2179 tomoyo_create_entry("profile", 0600, tomoyo_dir,
2181 tomoyo_create_entry("manager", 0600, tomoyo_dir,
2183 tomoyo_create_entry("version", 0400, tomoyo_dir,
2188 fs_initcall(tomoyo_initerface_init);