2 * security/tomoyo/common.c
4 * Common functions for TOMOYO.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
9 #include <linux/uaccess.h>
10 #include <linux/slab.h>
11 #include <linux/security.h>
14 /* String table for operation mode. */
15 const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = {
16 [TOMOYO_CONFIG_DISABLED] = "disabled",
17 [TOMOYO_CONFIG_LEARNING] = "learning",
18 [TOMOYO_CONFIG_PERMISSIVE] = "permissive",
19 [TOMOYO_CONFIG_ENFORCING] = "enforcing"
22 /* String table for /sys/kernel/security/tomoyo/profile */
23 const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
24 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
25 [TOMOYO_MAC_FILE_EXECUTE] = "execute",
26 [TOMOYO_MAC_FILE_OPEN] = "open",
27 [TOMOYO_MAC_FILE_CREATE] = "create",
28 [TOMOYO_MAC_FILE_UNLINK] = "unlink",
29 [TOMOYO_MAC_FILE_GETATTR] = "getattr",
30 [TOMOYO_MAC_FILE_MKDIR] = "mkdir",
31 [TOMOYO_MAC_FILE_RMDIR] = "rmdir",
32 [TOMOYO_MAC_FILE_MKFIFO] = "mkfifo",
33 [TOMOYO_MAC_FILE_MKSOCK] = "mksock",
34 [TOMOYO_MAC_FILE_TRUNCATE] = "truncate",
35 [TOMOYO_MAC_FILE_SYMLINK] = "symlink",
36 [TOMOYO_MAC_FILE_MKBLOCK] = "mkblock",
37 [TOMOYO_MAC_FILE_MKCHAR] = "mkchar",
38 [TOMOYO_MAC_FILE_LINK] = "link",
39 [TOMOYO_MAC_FILE_RENAME] = "rename",
40 [TOMOYO_MAC_FILE_CHMOD] = "chmod",
41 [TOMOYO_MAC_FILE_CHOWN] = "chown",
42 [TOMOYO_MAC_FILE_CHGRP] = "chgrp",
43 [TOMOYO_MAC_FILE_IOCTL] = "ioctl",
44 [TOMOYO_MAC_FILE_CHROOT] = "chroot",
45 [TOMOYO_MAC_FILE_MOUNT] = "mount",
46 [TOMOYO_MAC_FILE_UMOUNT] = "unmount",
47 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "pivot_root",
48 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file",
51 /* String table for conditions. */
52 const char * const tomoyo_condition_keyword[TOMOYO_MAX_CONDITION_KEYWORD] = {
53 [TOMOYO_TASK_UID] = "task.uid",
54 [TOMOYO_TASK_EUID] = "task.euid",
55 [TOMOYO_TASK_SUID] = "task.suid",
56 [TOMOYO_TASK_FSUID] = "task.fsuid",
57 [TOMOYO_TASK_GID] = "task.gid",
58 [TOMOYO_TASK_EGID] = "task.egid",
59 [TOMOYO_TASK_SGID] = "task.sgid",
60 [TOMOYO_TASK_FSGID] = "task.fsgid",
61 [TOMOYO_TASK_PID] = "task.pid",
62 [TOMOYO_TASK_PPID] = "task.ppid",
63 [TOMOYO_TYPE_IS_SOCKET] = "socket",
64 [TOMOYO_TYPE_IS_SYMLINK] = "symlink",
65 [TOMOYO_TYPE_IS_FILE] = "file",
66 [TOMOYO_TYPE_IS_BLOCK_DEV] = "block",
67 [TOMOYO_TYPE_IS_DIRECTORY] = "directory",
68 [TOMOYO_TYPE_IS_CHAR_DEV] = "char",
69 [TOMOYO_TYPE_IS_FIFO] = "fifo",
70 [TOMOYO_MODE_SETUID] = "setuid",
71 [TOMOYO_MODE_SETGID] = "setgid",
72 [TOMOYO_MODE_STICKY] = "sticky",
73 [TOMOYO_MODE_OWNER_READ] = "owner_read",
74 [TOMOYO_MODE_OWNER_WRITE] = "owner_write",
75 [TOMOYO_MODE_OWNER_EXECUTE] = "owner_execute",
76 [TOMOYO_MODE_GROUP_READ] = "group_read",
77 [TOMOYO_MODE_GROUP_WRITE] = "group_write",
78 [TOMOYO_MODE_GROUP_EXECUTE] = "group_execute",
79 [TOMOYO_MODE_OTHERS_READ] = "others_read",
80 [TOMOYO_MODE_OTHERS_WRITE] = "others_write",
81 [TOMOYO_MODE_OTHERS_EXECUTE] = "others_execute",
82 [TOMOYO_PATH1_UID] = "path1.uid",
83 [TOMOYO_PATH1_GID] = "path1.gid",
84 [TOMOYO_PATH1_INO] = "path1.ino",
85 [TOMOYO_PATH1_MAJOR] = "path1.major",
86 [TOMOYO_PATH1_MINOR] = "path1.minor",
87 [TOMOYO_PATH1_PERM] = "path1.perm",
88 [TOMOYO_PATH1_TYPE] = "path1.type",
89 [TOMOYO_PATH1_DEV_MAJOR] = "path1.dev_major",
90 [TOMOYO_PATH1_DEV_MINOR] = "path1.dev_minor",
91 [TOMOYO_PATH2_UID] = "path2.uid",
92 [TOMOYO_PATH2_GID] = "path2.gid",
93 [TOMOYO_PATH2_INO] = "path2.ino",
94 [TOMOYO_PATH2_MAJOR] = "path2.major",
95 [TOMOYO_PATH2_MINOR] = "path2.minor",
96 [TOMOYO_PATH2_PERM] = "path2.perm",
97 [TOMOYO_PATH2_TYPE] = "path2.type",
98 [TOMOYO_PATH2_DEV_MAJOR] = "path2.dev_major",
99 [TOMOYO_PATH2_DEV_MINOR] = "path2.dev_minor",
100 [TOMOYO_PATH1_PARENT_UID] = "path1.parent.uid",
101 [TOMOYO_PATH1_PARENT_GID] = "path1.parent.gid",
102 [TOMOYO_PATH1_PARENT_INO] = "path1.parent.ino",
103 [TOMOYO_PATH1_PARENT_PERM] = "path1.parent.perm",
104 [TOMOYO_PATH2_PARENT_UID] = "path2.parent.uid",
105 [TOMOYO_PATH2_PARENT_GID] = "path2.parent.gid",
106 [TOMOYO_PATH2_PARENT_INO] = "path2.parent.ino",
107 [TOMOYO_PATH2_PARENT_PERM] = "path2.parent.perm",
110 /* String table for PREFERENCE keyword. */
111 static const char * const tomoyo_pref_keywords[TOMOYO_MAX_PREF] = {
112 [TOMOYO_PREF_MAX_AUDIT_LOG] = "max_audit_log",
113 [TOMOYO_PREF_MAX_LEARNING_ENTRY] = "max_learning_entry",
116 /* String table for path operation. */
117 const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
118 [TOMOYO_TYPE_EXECUTE] = "execute",
119 [TOMOYO_TYPE_READ] = "read",
120 [TOMOYO_TYPE_WRITE] = "write",
121 [TOMOYO_TYPE_APPEND] = "append",
122 [TOMOYO_TYPE_UNLINK] = "unlink",
123 [TOMOYO_TYPE_GETATTR] = "getattr",
124 [TOMOYO_TYPE_RMDIR] = "rmdir",
125 [TOMOYO_TYPE_TRUNCATE] = "truncate",
126 [TOMOYO_TYPE_SYMLINK] = "symlink",
127 [TOMOYO_TYPE_CHROOT] = "chroot",
128 [TOMOYO_TYPE_UMOUNT] = "unmount",
131 /* String table for categories. */
132 static const char * const tomoyo_category_keywords
133 [TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
134 [TOMOYO_MAC_CATEGORY_FILE] = "file",
137 /* Permit policy management by non-root user? */
138 static bool tomoyo_manage_by_non_root;
140 /* Utility functions. */
143 * tomoyo_yesno - Return "yes" or "no".
145 * @value: Bool value.
147 const char *tomoyo_yesno(const unsigned int value)
149 return value ? "yes" : "no";
153 * tomoyo_addprintf - strncat()-like-snprintf().
155 * @buffer: Buffer to write to. Must be '\0'-terminated.
156 * @len: Size of @buffer.
157 * @fmt: The printf()'s format string, followed by parameters.
161 static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...)
164 const int pos = strlen(buffer);
166 vsnprintf(buffer + pos, len - pos - 1, fmt, args);
171 * tomoyo_flush - Flush queued string to userspace's buffer.
173 * @head: Pointer to "struct tomoyo_io_buffer".
175 * Returns true if all data was flushed, false otherwise.
177 static bool tomoyo_flush(struct tomoyo_io_buffer *head)
179 while (head->r.w_pos) {
180 const char *w = head->r.w[0];
181 size_t len = strlen(w);
183 if (len > head->read_user_buf_avail)
184 len = head->read_user_buf_avail;
187 if (copy_to_user(head->read_user_buf, w, len))
189 head->read_user_buf_avail -= len;
190 head->read_user_buf += len;
196 /* Add '\0' for audit logs and query. */
198 if (!head->read_user_buf_avail ||
199 copy_to_user(head->read_user_buf, "", 1))
201 head->read_user_buf_avail--;
202 head->read_user_buf++;
205 for (len = 0; len < head->r.w_pos; len++)
206 head->r.w[len] = head->r.w[len + 1];
213 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure.
215 * @head: Pointer to "struct tomoyo_io_buffer".
216 * @string: String to print.
218 * Note that @string has to be kept valid until @head is kfree()d.
219 * This means that char[] allocated on stack memory cannot be passed to
220 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory.
222 static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string)
224 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) {
225 head->r.w[head->r.w_pos++] = string;
232 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure.
234 * @head: Pointer to "struct tomoyo_io_buffer".
235 * @fmt: The printf()'s format string, followed by parameters.
237 void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
241 size_t pos = head->r.avail;
242 int size = head->readbuf_size - pos;
246 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
248 if (pos + len >= head->readbuf_size) {
252 head->r.avail += len;
253 tomoyo_set_string(head, head->read_buf + pos);
257 * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure.
259 * @head: Pointer to "struct tomoyo_io_buffer".
263 static void tomoyo_set_space(struct tomoyo_io_buffer *head)
265 tomoyo_set_string(head, " ");
269 * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure.
271 * @head: Pointer to "struct tomoyo_io_buffer".
275 static bool tomoyo_set_lf(struct tomoyo_io_buffer *head)
277 tomoyo_set_string(head, "\n");
278 return !head->r.w_pos;
282 * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure.
284 * @head: Pointer to "struct tomoyo_io_buffer".
288 static void tomoyo_set_slash(struct tomoyo_io_buffer *head)
290 tomoyo_set_string(head, "/");
293 /* List of namespaces. */
294 LIST_HEAD(tomoyo_namespace_list);
295 /* True if namespace other than tomoyo_kernel_namespace is defined. */
296 static bool tomoyo_namespace_enabled;
299 * tomoyo_init_policy_namespace - Initialize namespace.
301 * @ns: Pointer to "struct tomoyo_policy_namespace".
305 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns)
308 for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++)
309 INIT_LIST_HEAD(&ns->acl_group[idx]);
310 for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++)
311 INIT_LIST_HEAD(&ns->group_list[idx]);
312 for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++)
313 INIT_LIST_HEAD(&ns->policy_list[idx]);
314 ns->profile_version = 20100903;
315 tomoyo_namespace_enabled = !list_empty(&tomoyo_namespace_list);
316 list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list);
320 * tomoyo_print_namespace - Print namespace header.
322 * @head: Pointer to "struct tomoyo_io_buffer".
326 static void tomoyo_print_namespace(struct tomoyo_io_buffer *head)
328 if (!tomoyo_namespace_enabled)
330 tomoyo_set_string(head,
331 container_of(head->r.ns,
332 struct tomoyo_policy_namespace,
333 namespace_list)->name);
334 tomoyo_set_space(head);
338 * tomoyo_print_name_union - Print a tomoyo_name_union.
340 * @head: Pointer to "struct tomoyo_io_buffer".
341 * @ptr: Pointer to "struct tomoyo_name_union".
343 static void tomoyo_print_name_union(struct tomoyo_io_buffer *head,
344 const struct tomoyo_name_union *ptr)
346 tomoyo_set_space(head);
348 tomoyo_set_string(head, "@");
349 tomoyo_set_string(head, ptr->group->group_name->name);
351 tomoyo_set_string(head, ptr->filename->name);
356 * tomoyo_print_number_union_nospace - Print a tomoyo_number_union without a space.
358 * @head: Pointer to "struct tomoyo_io_buffer".
359 * @ptr: Pointer to "struct tomoyo_number_union".
363 static void tomoyo_print_number_union_nospace
364 (struct tomoyo_io_buffer *head, const struct tomoyo_number_union *ptr)
367 tomoyo_set_string(head, "@");
368 tomoyo_set_string(head, ptr->group->group_name->name);
371 unsigned long min = ptr->values[0];
372 const unsigned long max = ptr->values[1];
373 u8 min_type = ptr->value_type[0];
374 const u8 max_type = ptr->value_type[1];
377 for (i = 0; i < 2; i++) {
379 case TOMOYO_VALUE_TYPE_HEXADECIMAL:
380 tomoyo_addprintf(buffer, sizeof(buffer),
383 case TOMOYO_VALUE_TYPE_OCTAL:
384 tomoyo_addprintf(buffer, sizeof(buffer),
388 tomoyo_addprintf(buffer, sizeof(buffer), "%lu",
392 if (min == max && min_type == max_type)
394 tomoyo_addprintf(buffer, sizeof(buffer), "-");
398 tomoyo_io_printf(head, "%s", buffer);
403 * tomoyo_print_number_union - Print a tomoyo_number_union.
405 * @head: Pointer to "struct tomoyo_io_buffer".
406 * @ptr: Pointer to "struct tomoyo_number_union".
410 static void tomoyo_print_number_union(struct tomoyo_io_buffer *head,
411 const struct tomoyo_number_union *ptr)
413 tomoyo_set_space(head);
414 tomoyo_print_number_union_nospace(head, ptr);
418 * tomoyo_assign_profile - Create a new profile.
420 * @ns: Pointer to "struct tomoyo_policy_namespace".
421 * @profile: Profile number to create.
423 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
425 static struct tomoyo_profile *tomoyo_assign_profile
426 (struct tomoyo_policy_namespace *ns, const unsigned int profile)
428 struct tomoyo_profile *ptr;
429 struct tomoyo_profile *entry;
430 if (profile >= TOMOYO_MAX_PROFILES)
432 ptr = ns->profile_ptr[profile];
435 entry = kzalloc(sizeof(*entry), GFP_NOFS);
436 if (mutex_lock_interruptible(&tomoyo_policy_lock))
438 ptr = ns->profile_ptr[profile];
439 if (!ptr && tomoyo_memory_ok(entry)) {
441 ptr->default_config = TOMOYO_CONFIG_DISABLED |
442 TOMOYO_CONFIG_WANT_GRANT_LOG |
443 TOMOYO_CONFIG_WANT_REJECT_LOG;
444 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT,
445 sizeof(ptr->config));
446 ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] = 1024;
447 ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 2048;
448 mb(); /* Avoid out-of-order execution. */
449 ns->profile_ptr[profile] = ptr;
452 mutex_unlock(&tomoyo_policy_lock);
459 * tomoyo_profile - Find a profile.
461 * @ns: Pointer to "struct tomoyo_policy_namespace".
462 * @profile: Profile number to find.
464 * Returns pointer to "struct tomoyo_profile".
466 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns,
469 static struct tomoyo_profile tomoyo_null_profile;
470 struct tomoyo_profile *ptr = ns->profile_ptr[profile];
472 ptr = &tomoyo_null_profile;
477 * tomoyo_find_yesno - Find values for specified keyword.
479 * @string: String to check.
480 * @find: Name of keyword.
482 * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise.
484 static s8 tomoyo_find_yesno(const char *string, const char *find)
486 const char *cp = strstr(string, find);
489 if (!strncmp(cp, "=yes", 4))
491 else if (!strncmp(cp, "=no", 3))
498 * tomoyo_set_uint - Set value for specified preference.
500 * @i: Pointer to "unsigned int".
501 * @string: String to check.
502 * @find: Name of keyword.
506 static void tomoyo_set_uint(unsigned int *i, const char *string,
509 const char *cp = strstr(string, find);
511 sscanf(cp + strlen(find), "=%u", i);
515 * tomoyo_set_mode - Set mode for specified profile.
517 * @name: Name of functionality.
518 * @value: Mode for @name.
519 * @profile: Pointer to "struct tomoyo_profile".
521 * Returns 0 on success, negative value otherwise.
523 static int tomoyo_set_mode(char *name, const char *value,
524 struct tomoyo_profile *profile)
528 if (!strcmp(name, "CONFIG")) {
529 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX;
530 config = profile->default_config;
531 } else if (tomoyo_str_starts(&name, "CONFIG::")) {
533 for (i = 0; i < TOMOYO_MAX_MAC_INDEX
534 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) {
536 if (i < TOMOYO_MAX_MAC_INDEX) {
537 const u8 c = tomoyo_index2category[i];
538 const char *category =
539 tomoyo_category_keywords[c];
540 len = strlen(category);
541 if (strncmp(name, category, len) ||
542 name[len++] != ':' || name[len++] != ':')
545 if (strcmp(name + len, tomoyo_mac_keywords[i]))
547 config = profile->config[i];
550 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
555 if (strstr(value, "use_default")) {
556 config = TOMOYO_CONFIG_USE_DEFAULT;
559 for (mode = 0; mode < 4; mode++)
560 if (strstr(value, tomoyo_mode[mode]))
562 * Update lower 3 bits in order to distinguish
563 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
565 config = (config & ~7) | mode;
566 if (config != TOMOYO_CONFIG_USE_DEFAULT) {
567 switch (tomoyo_find_yesno(value, "grant_log")) {
569 config |= TOMOYO_CONFIG_WANT_GRANT_LOG;
572 config &= ~TOMOYO_CONFIG_WANT_GRANT_LOG;
575 switch (tomoyo_find_yesno(value, "reject_log")) {
577 config |= TOMOYO_CONFIG_WANT_REJECT_LOG;
580 config &= ~TOMOYO_CONFIG_WANT_REJECT_LOG;
585 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
586 profile->config[i] = config;
587 else if (config != TOMOYO_CONFIG_USE_DEFAULT)
588 profile->default_config = config;
593 * tomoyo_write_profile - Write profile table.
595 * @head: Pointer to "struct tomoyo_io_buffer".
597 * Returns 0 on success, negative value otherwise.
599 static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
601 char *data = head->write_buf;
604 struct tomoyo_profile *profile;
605 if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version)
608 i = simple_strtoul(data, &cp, 10);
612 profile = tomoyo_assign_profile(head->w.ns, i);
615 cp = strchr(data, '=');
619 if (!strcmp(data, "COMMENT")) {
620 static DEFINE_SPINLOCK(lock);
621 const struct tomoyo_path_info *new_comment
622 = tomoyo_get_name(cp);
623 const struct tomoyo_path_info *old_comment;
627 old_comment = profile->comment;
628 profile->comment = new_comment;
630 tomoyo_put_name(old_comment);
633 if (!strcmp(data, "PREFERENCE")) {
634 for (i = 0; i < TOMOYO_MAX_PREF; i++)
635 tomoyo_set_uint(&profile->pref[i], cp,
636 tomoyo_pref_keywords[i]);
639 return tomoyo_set_mode(data, cp, profile);
643 * tomoyo_print_config - Print mode for specified functionality.
645 * @head: Pointer to "struct tomoyo_io_buffer".
646 * @config: Mode for that functionality.
650 * Caller prints functionality's name.
652 static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config)
654 tomoyo_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n",
655 tomoyo_mode[config & 3],
656 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_GRANT_LOG),
657 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_REJECT_LOG));
661 * tomoyo_read_profile - Read profile table.
663 * @head: Pointer to "struct tomoyo_io_buffer".
667 static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
670 struct tomoyo_policy_namespace *ns =
671 container_of(head->r.ns, typeof(*ns), namespace_list);
672 const struct tomoyo_profile *profile;
676 index = head->r.index;
677 profile = ns->profile_ptr[index];
678 switch (head->r.step) {
680 tomoyo_print_namespace(head);
681 tomoyo_io_printf(head, "PROFILE_VERSION=%u\n",
682 ns->profile_version);
686 for ( ; head->r.index < TOMOYO_MAX_PROFILES;
688 if (ns->profile_ptr[head->r.index])
690 if (head->r.index == TOMOYO_MAX_PROFILES)
697 const struct tomoyo_path_info *comment =
699 tomoyo_print_namespace(head);
700 tomoyo_io_printf(head, "%u-COMMENT=", index);
701 tomoyo_set_string(head, comment ? comment->name : "");
703 tomoyo_io_printf(head, "%u-PREFERENCE={ ", index);
704 for (i = 0; i < TOMOYO_MAX_PREF; i++)
705 tomoyo_io_printf(head, "%s=%u ",
706 tomoyo_pref_keywords[i],
708 tomoyo_set_string(head, "}\n");
714 tomoyo_print_namespace(head);
715 tomoyo_io_printf(head, "%u-%s", index, "CONFIG");
716 tomoyo_print_config(head, profile->default_config);
722 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX
723 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
724 const u8 i = head->r.bit;
725 const u8 config = profile->config[i];
726 if (config == TOMOYO_CONFIG_USE_DEFAULT)
728 tomoyo_print_namespace(head);
729 if (i < TOMOYO_MAX_MAC_INDEX)
730 tomoyo_io_printf(head, "%u-CONFIG::%s::%s",
732 tomoyo_category_keywords
733 [tomoyo_index2category[i]],
734 tomoyo_mac_keywords[i]);
736 tomoyo_io_printf(head, "%u-CONFIG::%s", index,
737 tomoyo_mac_keywords[i]);
738 tomoyo_print_config(head, config);
742 if (head->r.bit == TOMOYO_MAX_MAC_INDEX
743 + TOMOYO_MAX_MAC_CATEGORY_INDEX) {
749 if (tomoyo_flush(head))
753 static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
754 const struct tomoyo_acl_head *b)
756 return container_of(a, struct tomoyo_manager, head)->manager ==
757 container_of(b, struct tomoyo_manager, head)->manager;
761 * tomoyo_update_manager_entry - Add a manager entry.
763 * @manager: The path to manager or the domainnamme.
764 * @is_delete: True if it is a delete request.
766 * Returns 0 on success, negative value otherwise.
768 * Caller holds tomoyo_read_lock().
770 static int tomoyo_update_manager_entry(const char *manager,
771 const bool is_delete)
773 struct tomoyo_manager e = { };
774 struct tomoyo_acl_param param = {
775 /* .ns = &tomoyo_kernel_namespace, */
776 .is_delete = is_delete,
777 .list = &tomoyo_kernel_namespace.
778 policy_list[TOMOYO_ID_MANAGER],
780 int error = is_delete ? -ENOENT : -ENOMEM;
781 if (tomoyo_domain_def(manager)) {
782 if (!tomoyo_correct_domain(manager))
786 if (!tomoyo_correct_path(manager))
789 e.manager = tomoyo_get_name(manager);
791 error = tomoyo_update_policy(&e.head, sizeof(e), ¶m,
792 tomoyo_same_manager);
793 tomoyo_put_name(e.manager);
799 * tomoyo_write_manager - Write manager policy.
801 * @head: Pointer to "struct tomoyo_io_buffer".
803 * Returns 0 on success, negative value otherwise.
805 * Caller holds tomoyo_read_lock().
807 static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
809 char *data = head->write_buf;
811 if (!strcmp(data, "manage_by_non_root")) {
812 tomoyo_manage_by_non_root = !head->w.is_delete;
815 return tomoyo_update_manager_entry(data, head->w.is_delete);
819 * tomoyo_read_manager - Read manager policy.
821 * @head: Pointer to "struct tomoyo_io_buffer".
823 * Caller holds tomoyo_read_lock().
825 static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
829 list_for_each_cookie(head->r.acl, &tomoyo_kernel_namespace.
830 policy_list[TOMOYO_ID_MANAGER]) {
831 struct tomoyo_manager *ptr =
832 list_entry(head->r.acl, typeof(*ptr), head.list);
833 if (ptr->head.is_deleted)
835 if (!tomoyo_flush(head))
837 tomoyo_set_string(head, ptr->manager->name);
844 * tomoyo_manager - Check whether the current process is a policy manager.
846 * Returns true if the current process is permitted to modify policy
847 * via /sys/kernel/security/tomoyo/ interface.
849 * Caller holds tomoyo_read_lock().
851 static bool tomoyo_manager(void)
853 struct tomoyo_manager *ptr;
855 const struct task_struct *task = current;
856 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
859 if (!tomoyo_policy_loaded)
861 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
863 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
864 policy_list[TOMOYO_ID_MANAGER], head.list) {
865 if (!ptr->head.is_deleted && ptr->is_domain
866 && !tomoyo_pathcmp(domainname, ptr->manager)) {
873 exe = tomoyo_get_exe();
876 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
877 policy_list[TOMOYO_ID_MANAGER], head.list) {
878 if (!ptr->head.is_deleted && !ptr->is_domain
879 && !strcmp(exe, ptr->manager->name)) {
884 if (!found) { /* Reduce error messages. */
885 static pid_t last_pid;
886 const pid_t pid = current->pid;
887 if (last_pid != pid) {
888 printk(KERN_WARNING "%s ( %s ) is not permitted to "
889 "update policies.\n", domainname->name, exe);
898 * tomoyo_select_domain - Parse select command.
900 * @head: Pointer to "struct tomoyo_io_buffer".
901 * @data: String to parse.
903 * Returns true on success, false otherwise.
905 * Caller holds tomoyo_read_lock().
907 static bool tomoyo_select_domain(struct tomoyo_io_buffer *head,
911 struct tomoyo_domain_info *domain = NULL;
912 bool global_pid = false;
913 if (strncmp(data, "select ", 7))
916 if (sscanf(data, "pid=%u", &pid) == 1 ||
917 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
918 struct task_struct *p;
920 read_lock(&tasklist_lock);
922 p = find_task_by_pid_ns(pid, &init_pid_ns);
924 p = find_task_by_vpid(pid);
926 domain = tomoyo_real_domain(p);
927 read_unlock(&tasklist_lock);
929 } else if (!strncmp(data, "domain=", 7)) {
930 if (tomoyo_domain_def(data + 7))
931 domain = tomoyo_find_domain(data + 7);
934 head->w.domain = domain;
935 /* Accessing read_buf is safe because head->io_sem is held. */
937 return true; /* Do nothing if open(O_WRONLY). */
938 memset(&head->r, 0, sizeof(head->r));
939 head->r.print_this_domain_only = true;
941 head->r.domain = &domain->list;
944 tomoyo_io_printf(head, "# select %s\n", data);
945 if (domain && domain->is_deleted)
946 tomoyo_io_printf(head, "# This is a deleted domain.\n");
951 * tomoyo_delete_domain - Delete a domain.
953 * @domainname: The name of domain.
957 * Caller holds tomoyo_read_lock().
959 static int tomoyo_delete_domain(char *domainname)
961 struct tomoyo_domain_info *domain;
962 struct tomoyo_path_info name;
964 name.name = domainname;
965 tomoyo_fill_path_info(&name);
966 if (mutex_lock_interruptible(&tomoyo_policy_lock))
968 /* Is there an active domain? */
969 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
970 /* Never delete tomoyo_kernel_domain */
971 if (domain == &tomoyo_kernel_domain)
973 if (domain->is_deleted ||
974 tomoyo_pathcmp(domain->domainname, &name))
976 domain->is_deleted = true;
979 mutex_unlock(&tomoyo_policy_lock);
984 * tomoyo_write_domain2 - Write domain policy.
986 * @ns: Pointer to "struct tomoyo_policy_namespace".
987 * @list: Pointer to "struct list_head".
988 * @data: Policy to be interpreted.
989 * @is_delete: True if it is a delete request.
991 * Returns 0 on success, negative value otherwise.
993 * Caller holds tomoyo_read_lock().
995 static int tomoyo_write_domain2(struct tomoyo_policy_namespace *ns,
996 struct list_head *list, char *data,
997 const bool is_delete)
999 struct tomoyo_acl_param param = {
1003 .is_delete = is_delete,
1005 static const struct {
1006 const char *keyword;
1007 int (*write) (struct tomoyo_acl_param *);
1008 } tomoyo_callback[1] = {
1009 { "file ", tomoyo_write_file },
1012 for (i = 0; i < 1; i++) {
1013 if (!tomoyo_str_starts(¶m.data,
1014 tomoyo_callback[i].keyword))
1016 return tomoyo_callback[i].write(¶m);
1021 /* String table for domain flags. */
1022 const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS] = {
1023 [TOMOYO_DIF_QUOTA_WARNED] = "quota_exceeded\n",
1024 [TOMOYO_DIF_TRANSITION_FAILED] = "transition_failed\n",
1028 * tomoyo_write_domain - Write domain policy.
1030 * @head: Pointer to "struct tomoyo_io_buffer".
1032 * Returns 0 on success, negative value otherwise.
1034 * Caller holds tomoyo_read_lock().
1036 static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
1038 char *data = head->write_buf;
1039 struct tomoyo_policy_namespace *ns;
1040 struct tomoyo_domain_info *domain = head->w.domain;
1041 const bool is_delete = head->w.is_delete;
1042 bool is_select = !is_delete && tomoyo_str_starts(&data, "select ");
1043 unsigned int profile;
1047 tomoyo_delete_domain(data);
1049 domain = tomoyo_find_domain(data);
1051 domain = tomoyo_assign_domain(data, false);
1052 head->w.domain = domain;
1058 if (sscanf(data, "use_profile %u", &profile) == 1
1059 && profile < TOMOYO_MAX_PROFILES) {
1060 if (!tomoyo_policy_loaded || ns->profile_ptr[profile])
1061 domain->profile = (u8) profile;
1064 if (sscanf(data, "use_group %u\n", &profile) == 1
1065 && profile < TOMOYO_MAX_ACL_GROUPS) {
1067 domain->group = (u8) profile;
1070 for (profile = 0; profile < TOMOYO_MAX_DOMAIN_INFO_FLAGS; profile++) {
1071 const char *cp = tomoyo_dif[profile];
1072 if (strncmp(data, cp, strlen(cp) - 1))
1074 domain->flags[profile] = !is_delete;
1077 return tomoyo_write_domain2(ns, &domain->acl_info_list, data,
1082 * tomoyo_print_condition - Print condition part.
1084 * @head: Pointer to "struct tomoyo_io_buffer".
1085 * @cond: Pointer to "struct tomoyo_condition".
1087 * Returns true on success, false otherwise.
1089 static bool tomoyo_print_condition(struct tomoyo_io_buffer *head,
1090 const struct tomoyo_condition *cond)
1092 switch (head->r.cond_step) {
1094 head->r.cond_index = 0;
1095 head->r.cond_step++;
1099 const u16 condc = cond->condc;
1100 const struct tomoyo_condition_element *condp =
1101 (typeof(condp)) (cond + 1);
1102 const struct tomoyo_number_union *numbers_p =
1103 (typeof(numbers_p)) (condp + condc);
1105 for (skip = 0; skip < head->r.cond_index; skip++) {
1106 const u8 left = condp->left;
1107 const u8 right = condp->right;
1110 case TOMOYO_NUMBER_UNION:
1115 case TOMOYO_NUMBER_UNION:
1120 while (head->r.cond_index < condc) {
1121 const u8 match = condp->equals;
1122 const u8 left = condp->left;
1123 const u8 right = condp->right;
1124 if (!tomoyo_flush(head))
1127 head->r.cond_index++;
1128 tomoyo_set_space(head);
1130 case TOMOYO_NUMBER_UNION:
1131 tomoyo_print_number_union_nospace
1132 (head, numbers_p++);
1135 tomoyo_set_string(head,
1136 tomoyo_condition_keyword[left]);
1139 tomoyo_set_string(head, match ? "=" : "!=");
1141 case TOMOYO_NUMBER_UNION:
1142 tomoyo_print_number_union_nospace
1143 (head, numbers_p++);
1146 tomoyo_set_string(head,
1147 tomoyo_condition_keyword[right]);
1152 head->r.cond_step++;
1155 if (!tomoyo_flush(head))
1157 head->r.cond_step++;
1160 tomoyo_set_lf(head);
1167 * tomoyo_set_group - Print "acl_group " header keyword and category name.
1169 * @head: Pointer to "struct tomoyo_io_buffer".
1170 * @category: Category name.
1174 static void tomoyo_set_group(struct tomoyo_io_buffer *head,
1175 const char *category)
1177 if (head->type == TOMOYO_EXCEPTIONPOLICY) {
1178 tomoyo_print_namespace(head);
1179 tomoyo_io_printf(head, "acl_group %u ",
1180 head->r.acl_group_index);
1182 tomoyo_set_string(head, category);
1186 * tomoyo_print_entry - Print an ACL entry.
1188 * @head: Pointer to "struct tomoyo_io_buffer".
1189 * @acl: Pointer to an ACL entry.
1191 * Returns true on success, false otherwise.
1193 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
1194 struct tomoyo_acl_info *acl)
1196 const u8 acl_type = acl->type;
1200 if (head->r.print_cond_part)
1201 goto print_cond_part;
1202 if (acl->is_deleted)
1204 if (!tomoyo_flush(head))
1206 else if (acl_type == TOMOYO_TYPE_PATH_ACL) {
1207 struct tomoyo_path_acl *ptr =
1208 container_of(acl, typeof(*ptr), head);
1209 const u16 perm = ptr->perm;
1210 for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
1211 if (!(perm & (1 << bit)))
1213 if (head->r.print_transition_related_only &&
1214 bit != TOMOYO_TYPE_EXECUTE)
1217 tomoyo_set_group(head, "file ");
1220 tomoyo_set_slash(head);
1222 tomoyo_set_string(head, tomoyo_path_keyword[bit]);
1226 tomoyo_print_name_union(head, &ptr->name);
1227 } else if (head->r.print_transition_related_only) {
1229 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
1230 struct tomoyo_path2_acl *ptr =
1231 container_of(acl, typeof(*ptr), head);
1232 const u8 perm = ptr->perm;
1233 for (bit = 0; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) {
1234 if (!(perm & (1 << bit)))
1237 tomoyo_set_group(head, "file ");
1240 tomoyo_set_slash(head);
1242 tomoyo_set_string(head, tomoyo_mac_keywords
1243 [tomoyo_pp2mac[bit]]);
1247 tomoyo_print_name_union(head, &ptr->name1);
1248 tomoyo_print_name_union(head, &ptr->name2);
1249 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) {
1250 struct tomoyo_path_number_acl *ptr =
1251 container_of(acl, typeof(*ptr), head);
1252 const u8 perm = ptr->perm;
1253 for (bit = 0; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; bit++) {
1254 if (!(perm & (1 << bit)))
1257 tomoyo_set_group(head, "file ");
1260 tomoyo_set_slash(head);
1262 tomoyo_set_string(head, tomoyo_mac_keywords
1263 [tomoyo_pn2mac[bit]]);
1267 tomoyo_print_name_union(head, &ptr->name);
1268 tomoyo_print_number_union(head, &ptr->number);
1269 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
1270 struct tomoyo_mkdev_acl *ptr =
1271 container_of(acl, typeof(*ptr), head);
1272 const u8 perm = ptr->perm;
1273 for (bit = 0; bit < TOMOYO_MAX_MKDEV_OPERATION; bit++) {
1274 if (!(perm & (1 << bit)))
1277 tomoyo_set_group(head, "file ");
1280 tomoyo_set_slash(head);
1282 tomoyo_set_string(head, tomoyo_mac_keywords
1283 [tomoyo_pnnn2mac[bit]]);
1287 tomoyo_print_name_union(head, &ptr->name);
1288 tomoyo_print_number_union(head, &ptr->mode);
1289 tomoyo_print_number_union(head, &ptr->major);
1290 tomoyo_print_number_union(head, &ptr->minor);
1291 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
1292 struct tomoyo_mount_acl *ptr =
1293 container_of(acl, typeof(*ptr), head);
1294 tomoyo_set_group(head, "file mount");
1295 tomoyo_print_name_union(head, &ptr->dev_name);
1296 tomoyo_print_name_union(head, &ptr->dir_name);
1297 tomoyo_print_name_union(head, &ptr->fs_type);
1298 tomoyo_print_number_union(head, &ptr->flags);
1301 head->r.print_cond_part = true;
1302 head->r.cond_step = 0;
1303 if (!tomoyo_flush(head))
1306 if (!tomoyo_print_condition(head, acl->cond))
1308 head->r.print_cond_part = false;
1310 tomoyo_set_lf(head);
1316 * tomoyo_read_domain2 - Read domain policy.
1318 * @head: Pointer to "struct tomoyo_io_buffer".
1319 * @list: Pointer to "struct list_head".
1321 * Caller holds tomoyo_read_lock().
1323 * Returns true on success, false otherwise.
1325 static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head,
1326 struct list_head *list)
1328 list_for_each_cookie(head->r.acl, list) {
1329 struct tomoyo_acl_info *ptr =
1330 list_entry(head->r.acl, typeof(*ptr), list);
1331 if (!tomoyo_print_entry(head, ptr))
1339 * tomoyo_read_domain - Read domain policy.
1341 * @head: Pointer to "struct tomoyo_io_buffer".
1343 * Caller holds tomoyo_read_lock().
1345 static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1349 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1350 struct tomoyo_domain_info *domain =
1351 list_entry(head->r.domain, typeof(*domain), list);
1352 switch (head->r.step) {
1355 if (domain->is_deleted &&
1356 !head->r.print_this_domain_only)
1358 /* Print domainname and flags. */
1359 tomoyo_set_string(head, domain->domainname->name);
1360 tomoyo_set_lf(head);
1361 tomoyo_io_printf(head, "use_profile %u\n",
1363 tomoyo_io_printf(head, "use_group %u\n",
1365 for (i = 0; i < TOMOYO_MAX_DOMAIN_INFO_FLAGS; i++)
1366 if (domain->flags[i])
1367 tomoyo_set_string(head, tomoyo_dif[i]);
1369 tomoyo_set_lf(head);
1372 if (!tomoyo_read_domain2(head, &domain->acl_info_list))
1375 if (!tomoyo_set_lf(head))
1380 if (head->r.print_this_domain_only)
1389 * tomoyo_write_pid: Specify PID to obtain domainname.
1391 * @head: Pointer to "struct tomoyo_io_buffer".
1395 static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1397 head->r.eof = false;
1402 * tomoyo_read_pid - Get domainname of the specified PID.
1404 * @head: Pointer to "struct tomoyo_io_buffer".
1406 * Returns the domainname which the specified PID is in on success,
1407 * empty string otherwise.
1408 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1409 * using read()/write() interface rather than sysctl() interface.
1411 static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
1413 char *buf = head->write_buf;
1414 bool global_pid = false;
1416 struct task_struct *p;
1417 struct tomoyo_domain_info *domain = NULL;
1419 /* Accessing write_buf is safe because head->io_sem is held. */
1422 return; /* Do nothing if open(O_RDONLY). */
1424 if (head->r.w_pos || head->r.eof)
1427 if (tomoyo_str_starts(&buf, "global-pid "))
1429 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1431 read_lock(&tasklist_lock);
1433 p = find_task_by_pid_ns(pid, &init_pid_ns);
1435 p = find_task_by_vpid(pid);
1437 domain = tomoyo_real_domain(p);
1438 read_unlock(&tasklist_lock);
1442 tomoyo_io_printf(head, "%u %u ", pid, domain->profile);
1443 tomoyo_set_string(head, domain->domainname->name);
1446 static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1447 [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ",
1448 [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ",
1449 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ",
1450 [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ",
1451 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain ",
1452 [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ",
1455 static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1456 [TOMOYO_PATH_GROUP] = "path_group ",
1457 [TOMOYO_NUMBER_GROUP] = "number_group ",
1461 * tomoyo_write_exception - Write exception policy.
1463 * @head: Pointer to "struct tomoyo_io_buffer".
1465 * Returns 0 on success, negative value otherwise.
1467 * Caller holds tomoyo_read_lock().
1469 static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1471 const bool is_delete = head->w.is_delete;
1472 struct tomoyo_acl_param param = {
1474 .is_delete = is_delete,
1475 .data = head->write_buf,
1478 if (tomoyo_str_starts(¶m.data, "aggregator "))
1479 return tomoyo_write_aggregator(¶m);
1480 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1481 if (tomoyo_str_starts(¶m.data, tomoyo_transition_type[i]))
1482 return tomoyo_write_transition_control(¶m, i);
1483 for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1484 if (tomoyo_str_starts(¶m.data, tomoyo_group_name[i]))
1485 return tomoyo_write_group(¶m, i);
1486 if (tomoyo_str_starts(¶m.data, "acl_group ")) {
1489 group = simple_strtoul(param.data, &data, 10);
1490 if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ')
1491 return tomoyo_write_domain2
1492 (head->w.ns, &head->w.ns->acl_group[group],
1499 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1501 * @head: Pointer to "struct tomoyo_io_buffer".
1502 * @idx: Index number.
1504 * Returns true on success, false otherwise.
1506 * Caller holds tomoyo_read_lock().
1508 static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1510 struct tomoyo_policy_namespace *ns =
1511 container_of(head->r.ns, typeof(*ns), namespace_list);
1512 struct list_head *list = &ns->group_list[idx];
1513 list_for_each_cookie(head->r.group, list) {
1514 struct tomoyo_group *group =
1515 list_entry(head->r.group, typeof(*group), head.list);
1516 list_for_each_cookie(head->r.acl, &group->member_list) {
1517 struct tomoyo_acl_head *ptr =
1518 list_entry(head->r.acl, typeof(*ptr), list);
1519 if (ptr->is_deleted)
1521 if (!tomoyo_flush(head))
1523 tomoyo_print_namespace(head);
1524 tomoyo_set_string(head, tomoyo_group_name[idx]);
1525 tomoyo_set_string(head, group->group_name->name);
1526 if (idx == TOMOYO_PATH_GROUP) {
1527 tomoyo_set_space(head);
1528 tomoyo_set_string(head, container_of
1529 (ptr, struct tomoyo_path_group,
1530 head)->member_name->name);
1531 } else if (idx == TOMOYO_NUMBER_GROUP) {
1532 tomoyo_print_number_union(head, &container_of
1534 struct tomoyo_number_group,
1537 tomoyo_set_lf(head);
1541 head->r.group = NULL;
1546 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
1548 * @head: Pointer to "struct tomoyo_io_buffer".
1549 * @idx: Index number.
1551 * Returns true on success, false otherwise.
1553 * Caller holds tomoyo_read_lock().
1555 static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1557 struct tomoyo_policy_namespace *ns =
1558 container_of(head->r.ns, typeof(*ns), namespace_list);
1559 struct list_head *list = &ns->policy_list[idx];
1560 list_for_each_cookie(head->r.acl, list) {
1561 struct tomoyo_acl_head *acl =
1562 container_of(head->r.acl, typeof(*acl), list);
1563 if (acl->is_deleted)
1565 if (!tomoyo_flush(head))
1568 case TOMOYO_ID_TRANSITION_CONTROL:
1570 struct tomoyo_transition_control *ptr =
1571 container_of(acl, typeof(*ptr), head);
1572 tomoyo_print_namespace(head);
1573 tomoyo_set_string(head, tomoyo_transition_type
1575 tomoyo_set_string(head, ptr->program ?
1576 ptr->program->name : "any");
1577 tomoyo_set_string(head, " from ");
1578 tomoyo_set_string(head, ptr->domainname ?
1579 ptr->domainname->name :
1583 case TOMOYO_ID_AGGREGATOR:
1585 struct tomoyo_aggregator *ptr =
1586 container_of(acl, typeof(*ptr), head);
1587 tomoyo_print_namespace(head);
1588 tomoyo_set_string(head, "aggregator ");
1589 tomoyo_set_string(head,
1590 ptr->original_name->name);
1591 tomoyo_set_space(head);
1592 tomoyo_set_string(head,
1593 ptr->aggregated_name->name);
1599 tomoyo_set_lf(head);
1606 * tomoyo_read_exception - Read exception policy.
1608 * @head: Pointer to "struct tomoyo_io_buffer".
1610 * Caller holds tomoyo_read_lock().
1612 static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
1614 struct tomoyo_policy_namespace *ns =
1615 container_of(head->r.ns, typeof(*ns), namespace_list);
1618 while (head->r.step < TOMOYO_MAX_POLICY &&
1619 tomoyo_read_policy(head, head->r.step))
1621 if (head->r.step < TOMOYO_MAX_POLICY)
1623 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
1624 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY))
1626 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
1628 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP
1629 + TOMOYO_MAX_ACL_GROUPS) {
1630 head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY
1632 if (!tomoyo_read_domain2(head, &ns->acl_group
1633 [head->r.acl_group_index]))
1640 /* Wait queue for kernel -> userspace notification. */
1641 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait);
1642 /* Wait queue for userspace -> kernel notification. */
1643 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait);
1645 /* Structure for query. */
1646 struct tomoyo_query {
1647 struct list_head list;
1650 unsigned int serial;
1656 /* The list for "struct tomoyo_query". */
1657 static LIST_HEAD(tomoyo_query_list);
1659 /* Lock for manipulating tomoyo_query_list. */
1660 static DEFINE_SPINLOCK(tomoyo_query_list_lock);
1663 * Number of "struct file" referring /sys/kernel/security/tomoyo/query
1666 static atomic_t tomoyo_query_observers = ATOMIC_INIT(0);
1669 * tomoyo_add_entry - Add an ACL to current thread's domain. Used by learning mode.
1671 * @domain: Pointer to "struct tomoyo_domain_info".
1672 * @header: Lines containing ACL.
1676 static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header)
1679 char *cp = strchr(header, '\n');
1683 cp = strchr(cp + 1, '\n');
1687 len = strlen(cp) + 1;
1688 buffer = kmalloc(len, GFP_NOFS);
1691 snprintf(buffer, len - 1, "%s", cp);
1692 tomoyo_normalize_line(buffer);
1693 if (!tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer,
1695 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
1700 * tomoyo_supervisor - Ask for the supervisor's decision.
1702 * @r: Pointer to "struct tomoyo_request_info".
1703 * @fmt: The printf()'s format string, followed by parameters.
1705 * Returns 0 if the supervisor decided to permit the access request which
1706 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the
1707 * supervisor decided to retry the access request which violated the policy in
1708 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise.
1710 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1715 static unsigned int tomoyo_serial;
1716 struct tomoyo_query entry = { };
1717 bool quota_exceeded = false;
1718 va_start(args, fmt);
1719 len = vsnprintf((char *) &len, 1, fmt, args) + 1;
1721 /* Write /sys/kernel/security/tomoyo/audit. */
1722 va_start(args, fmt);
1723 tomoyo_write_log2(r, len, fmt, args);
1725 /* Nothing more to do if granted. */
1729 tomoyo_update_stat(r->mode);
1731 case TOMOYO_CONFIG_ENFORCING:
1733 if (atomic_read(&tomoyo_query_observers))
1736 case TOMOYO_CONFIG_LEARNING:
1738 /* Check max_learning_entry parameter. */
1739 if (tomoyo_domain_quota_is_ok(r))
1746 va_start(args, fmt);
1747 entry.query = tomoyo_init_log(r, len, fmt, args);
1751 entry.query_len = strlen(entry.query) + 1;
1753 tomoyo_add_entry(r->domain, entry.query);
1756 len = tomoyo_round2(entry.query_len);
1757 spin_lock(&tomoyo_query_list_lock);
1758 if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] &&
1759 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len
1760 >= tomoyo_memory_quota[TOMOYO_MEMORY_QUERY]) {
1761 quota_exceeded = true;
1763 entry.serial = tomoyo_serial++;
1764 entry.retry = r->retry;
1765 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] += len;
1766 list_add_tail(&entry.list, &tomoyo_query_list);
1768 spin_unlock(&tomoyo_query_list_lock);
1771 /* Give 10 seconds for supervisor's opinion. */
1772 while (entry.timer < 10) {
1773 wake_up_all(&tomoyo_query_wait);
1774 if (wait_event_interruptible_timeout
1775 (tomoyo_answer_wait, entry.answer ||
1776 !atomic_read(&tomoyo_query_observers), HZ))
1781 spin_lock(&tomoyo_query_list_lock);
1782 list_del(&entry.list);
1783 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] -= len;
1784 spin_unlock(&tomoyo_query_list_lock);
1785 switch (entry.answer) {
1786 case 3: /* Asked to retry by administrator. */
1787 error = TOMOYO_RETRY_REQUEST;
1791 /* Granted by administrator. */
1795 /* Timed out or rejected by administrator. */
1804 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query.
1806 * @file: Pointer to "struct file".
1807 * @wait: Pointer to "poll_table".
1809 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
1811 * Waits for access requests which violated policy in enforcing mode.
1813 static int tomoyo_poll_query(struct file *file, poll_table *wait)
1815 struct list_head *tmp;
1818 for (i = 0; i < 2; i++) {
1819 spin_lock(&tomoyo_query_list_lock);
1820 list_for_each(tmp, &tomoyo_query_list) {
1821 struct tomoyo_query *ptr =
1822 list_entry(tmp, typeof(*ptr), list);
1828 spin_unlock(&tomoyo_query_list_lock);
1830 return POLLIN | POLLRDNORM;
1833 poll_wait(file, &tomoyo_query_wait, wait);
1839 * tomoyo_read_query - Read access requests which violated policy in enforcing mode.
1841 * @head: Pointer to "struct tomoyo_io_buffer".
1843 static void tomoyo_read_query(struct tomoyo_io_buffer *head)
1845 struct list_head *tmp;
1846 unsigned int pos = 0;
1851 if (head->read_buf) {
1852 kfree(head->read_buf);
1853 head->read_buf = NULL;
1855 spin_lock(&tomoyo_query_list_lock);
1856 list_for_each(tmp, &tomoyo_query_list) {
1857 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1860 if (pos++ != head->r.query_index)
1862 len = ptr->query_len;
1865 spin_unlock(&tomoyo_query_list_lock);
1867 head->r.query_index = 0;
1870 buf = kzalloc(len + 32, GFP_NOFS);
1874 spin_lock(&tomoyo_query_list_lock);
1875 list_for_each(tmp, &tomoyo_query_list) {
1876 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1879 if (pos++ != head->r.query_index)
1882 * Some query can be skipped because tomoyo_query_list
1883 * can change, but I don't care.
1885 if (len == ptr->query_len)
1886 snprintf(buf, len + 31, "Q%u-%hu\n%s", ptr->serial,
1887 ptr->retry, ptr->query);
1890 spin_unlock(&tomoyo_query_list_lock);
1892 head->read_buf = buf;
1893 head->r.w[head->r.w_pos++] = buf;
1894 head->r.query_index++;
1901 * tomoyo_write_answer - Write the supervisor's decision.
1903 * @head: Pointer to "struct tomoyo_io_buffer".
1905 * Returns 0 on success, -EINVAL otherwise.
1907 static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
1909 char *data = head->write_buf;
1910 struct list_head *tmp;
1911 unsigned int serial;
1912 unsigned int answer;
1913 spin_lock(&tomoyo_query_list_lock);
1914 list_for_each(tmp, &tomoyo_query_list) {
1915 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1918 spin_unlock(&tomoyo_query_list_lock);
1919 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
1921 spin_lock(&tomoyo_query_list_lock);
1922 list_for_each(tmp, &tomoyo_query_list) {
1923 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1924 if (ptr->serial != serial)
1927 ptr->answer = answer;
1930 spin_unlock(&tomoyo_query_list_lock);
1935 * tomoyo_read_version: Get version.
1937 * @head: Pointer to "struct tomoyo_io_buffer".
1939 * Returns version information.
1941 static void tomoyo_read_version(struct tomoyo_io_buffer *head)
1944 tomoyo_io_printf(head, "2.4.0");
1950 * tomoyo_read_self_domain - Get the current process's domainname.
1952 * @head: Pointer to "struct tomoyo_io_buffer".
1954 * Returns the current process's domainname.
1956 static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1960 * tomoyo_domain()->domainname != NULL
1961 * because every process belongs to a domain and
1962 * the domain's name cannot be NULL.
1964 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1969 /* String table for /sys/kernel/security/tomoyo/stat interface. */
1970 static const char * const tomoyo_policy_headers[TOMOYO_MAX_POLICY_STAT] = {
1971 [TOMOYO_STAT_POLICY_UPDATES] = "update:",
1972 [TOMOYO_STAT_POLICY_LEARNING] = "violation in learning mode:",
1973 [TOMOYO_STAT_POLICY_PERMISSIVE] = "violation in permissive mode:",
1974 [TOMOYO_STAT_POLICY_ENFORCING] = "violation in enforcing mode:",
1977 /* String table for /sys/kernel/security/tomoyo/stat interface. */
1978 static const char * const tomoyo_memory_headers[TOMOYO_MAX_MEMORY_STAT] = {
1979 [TOMOYO_MEMORY_POLICY] = "policy:",
1980 [TOMOYO_MEMORY_AUDIT] = "audit log:",
1981 [TOMOYO_MEMORY_QUERY] = "query message:",
1984 /* Timestamp counter for last updated. */
1985 static unsigned int tomoyo_stat_updated[TOMOYO_MAX_POLICY_STAT];
1986 /* Counter for number of updates. */
1987 static unsigned int tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT];
1990 * tomoyo_update_stat - Update statistic counters.
1992 * @index: Index for policy type.
1996 void tomoyo_update_stat(const u8 index)
1999 do_gettimeofday(&tv);
2001 * I don't use atomic operations because race condition is not fatal.
2003 tomoyo_stat_updated[index]++;
2004 tomoyo_stat_modified[index] = tv.tv_sec;
2008 * tomoyo_read_stat - Read statistic data.
2010 * @head: Pointer to "struct tomoyo_io_buffer".
2014 static void tomoyo_read_stat(struct tomoyo_io_buffer *head)
2017 unsigned int total = 0;
2020 for (i = 0; i < TOMOYO_MAX_POLICY_STAT; i++) {
2021 tomoyo_io_printf(head, "Policy %-30s %10u",
2022 tomoyo_policy_headers[i],
2023 tomoyo_stat_updated[i]);
2024 if (tomoyo_stat_modified[i]) {
2025 struct tomoyo_time stamp;
2026 tomoyo_convert_time(tomoyo_stat_modified[i], &stamp);
2027 tomoyo_io_printf(head, " (Last: %04u/%02u/%02u "
2029 stamp.year, stamp.month, stamp.day,
2030 stamp.hour, stamp.min, stamp.sec);
2032 tomoyo_set_lf(head);
2034 for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) {
2035 unsigned int used = tomoyo_memory_used[i];
2037 tomoyo_io_printf(head, "Memory used by %-22s %10u",
2038 tomoyo_memory_headers[i], used);
2039 used = tomoyo_memory_quota[i];
2041 tomoyo_io_printf(head, " (Quota: %10u)", used);
2042 tomoyo_set_lf(head);
2044 tomoyo_io_printf(head, "Total memory used: %10u\n",
2050 * tomoyo_write_stat - Set memory quota.
2052 * @head: Pointer to "struct tomoyo_io_buffer".
2056 static int tomoyo_write_stat(struct tomoyo_io_buffer *head)
2058 char *data = head->write_buf;
2060 if (tomoyo_str_starts(&data, "Memory used by "))
2061 for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++)
2062 if (tomoyo_str_starts(&data, tomoyo_memory_headers[i]))
2063 sscanf(data, "%u", &tomoyo_memory_quota[i]);
2068 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
2070 * @type: Type of interface.
2071 * @file: Pointer to "struct file".
2073 * Returns 0 on success, negative value otherwise.
2075 int tomoyo_open_control(const u8 type, struct file *file)
2077 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS);
2081 mutex_init(&head->io_sem);
2084 case TOMOYO_DOMAINPOLICY:
2085 /* /sys/kernel/security/tomoyo/domain_policy */
2086 head->write = tomoyo_write_domain;
2087 head->read = tomoyo_read_domain;
2089 case TOMOYO_EXCEPTIONPOLICY:
2090 /* /sys/kernel/security/tomoyo/exception_policy */
2091 head->write = tomoyo_write_exception;
2092 head->read = tomoyo_read_exception;
2095 /* /sys/kernel/security/tomoyo/audit */
2096 head->poll = tomoyo_poll_log;
2097 head->read = tomoyo_read_log;
2099 case TOMOYO_SELFDOMAIN:
2100 /* /sys/kernel/security/tomoyo/self_domain */
2101 head->read = tomoyo_read_self_domain;
2103 case TOMOYO_PROCESS_STATUS:
2104 /* /sys/kernel/security/tomoyo/.process_status */
2105 head->write = tomoyo_write_pid;
2106 head->read = tomoyo_read_pid;
2108 case TOMOYO_VERSION:
2109 /* /sys/kernel/security/tomoyo/version */
2110 head->read = tomoyo_read_version;
2111 head->readbuf_size = 128;
2114 /* /sys/kernel/security/tomoyo/stat */
2115 head->write = tomoyo_write_stat;
2116 head->read = tomoyo_read_stat;
2117 head->readbuf_size = 1024;
2119 case TOMOYO_PROFILE:
2120 /* /sys/kernel/security/tomoyo/profile */
2121 head->write = tomoyo_write_profile;
2122 head->read = tomoyo_read_profile;
2124 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */
2125 head->poll = tomoyo_poll_query;
2126 head->write = tomoyo_write_answer;
2127 head->read = tomoyo_read_query;
2129 case TOMOYO_MANAGER:
2130 /* /sys/kernel/security/tomoyo/manager */
2131 head->write = tomoyo_write_manager;
2132 head->read = tomoyo_read_manager;
2135 if (!(file->f_mode & FMODE_READ)) {
2137 * No need to allocate read_buf since it is not opened
2142 } else if (!head->poll) {
2143 /* Don't allocate read_buf for poll() access. */
2144 if (!head->readbuf_size)
2145 head->readbuf_size = 4096 * 2;
2146 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS);
2147 if (!head->read_buf) {
2152 if (!(file->f_mode & FMODE_WRITE)) {
2154 * No need to allocate write_buf since it is not opened
2158 } else if (head->write) {
2159 head->writebuf_size = 4096 * 2;
2160 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS);
2161 if (!head->write_buf) {
2162 kfree(head->read_buf);
2168 * If the file is /sys/kernel/security/tomoyo/query , increment the
2170 * The obserber counter is used by tomoyo_supervisor() to see if
2171 * there is some process monitoring /sys/kernel/security/tomoyo/query.
2173 if (type == TOMOYO_QUERY)
2174 atomic_inc(&tomoyo_query_observers);
2175 file->private_data = head;
2176 tomoyo_notify_gc(head, true);
2181 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
2183 * @file: Pointer to "struct file".
2184 * @wait: Pointer to "poll_table".
2186 * Waits for read readiness.
2187 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd and
2188 * /sys/kernel/security/tomoyo/audit is handled by /usr/sbin/tomoyo-auditd.
2190 int tomoyo_poll_control(struct file *file, poll_table *wait)
2192 struct tomoyo_io_buffer *head = file->private_data;
2195 return head->poll(file, wait);
2199 * tomoyo_set_namespace_cursor - Set namespace to read.
2201 * @head: Pointer to "struct tomoyo_io_buffer".
2205 static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer *head)
2207 struct list_head *ns;
2208 if (head->type != TOMOYO_EXCEPTIONPOLICY &&
2209 head->type != TOMOYO_PROFILE)
2212 * If this is the first read, or reading previous namespace finished
2213 * and has more namespaces to read, update the namespace cursor.
2216 if (!ns || (head->r.eof && ns->next != &tomoyo_namespace_list)) {
2217 /* Clearing is OK because tomoyo_flush() returned true. */
2218 memset(&head->r, 0, sizeof(head->r));
2219 head->r.ns = ns ? ns->next : tomoyo_namespace_list.next;
2224 * tomoyo_has_more_namespace - Check for unread namespaces.
2226 * @head: Pointer to "struct tomoyo_io_buffer".
2228 * Returns true if we have more entries to print, false otherwise.
2230 static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head)
2232 return (head->type == TOMOYO_EXCEPTIONPOLICY ||
2233 head->type == TOMOYO_PROFILE) && head->r.eof &&
2234 head->r.ns->next != &tomoyo_namespace_list;
2238 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
2240 * @head: Pointer to "struct tomoyo_io_buffer".
2241 * @buffer: Poiner to buffer to write to.
2242 * @buffer_len: Size of @buffer.
2244 * Returns bytes read on success, negative value otherwise.
2246 ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
2247 const int buffer_len)
2254 if (mutex_lock_interruptible(&head->io_sem))
2256 head->read_user_buf = buffer;
2257 head->read_user_buf_avail = buffer_len;
2258 idx = tomoyo_read_lock();
2259 if (tomoyo_flush(head))
2260 /* Call the policy handler. */
2262 tomoyo_set_namespace_cursor(head);
2264 } while (tomoyo_flush(head) &&
2265 tomoyo_has_more_namespace(head));
2266 tomoyo_read_unlock(idx);
2267 len = head->read_user_buf - buffer;
2268 mutex_unlock(&head->io_sem);
2273 * tomoyo_parse_policy - Parse a policy line.
2275 * @head: Poiter to "struct tomoyo_io_buffer".
2276 * @line: Line to parse.
2278 * Returns 0 on success, negative value otherwise.
2280 * Caller holds tomoyo_read_lock().
2282 static int tomoyo_parse_policy(struct tomoyo_io_buffer *head, char *line)
2284 /* Delete request? */
2285 head->w.is_delete = !strncmp(line, "delete ", 7);
2286 if (head->w.is_delete)
2287 memmove(line, line + 7, strlen(line + 7) + 1);
2288 /* Selecting namespace to update. */
2289 if (head->type == TOMOYO_EXCEPTIONPOLICY ||
2290 head->type == TOMOYO_PROFILE) {
2292 char *cp = strchr(line, ' ');
2295 head->w.ns = tomoyo_assign_namespace(line);
2296 memmove(line, cp, strlen(cp) + 1);
2300 head->w.ns = &tomoyo_kernel_namespace;
2301 /* Don't allow updating if namespace is invalid. */
2305 /* Do the update. */
2306 return head->write(head);
2310 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
2312 * @head: Pointer to "struct tomoyo_io_buffer".
2313 * @buffer: Pointer to buffer to read from.
2314 * @buffer_len: Size of @buffer.
2316 * Returns @buffer_len on success, negative value otherwise.
2318 ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
2319 const char __user *buffer, const int buffer_len)
2321 int error = buffer_len;
2322 size_t avail_len = buffer_len;
2323 char *cp0 = head->write_buf;
2327 if (!access_ok(VERIFY_READ, buffer, buffer_len))
2329 if (mutex_lock_interruptible(&head->io_sem))
2331 idx = tomoyo_read_lock();
2332 /* Read a line and dispatch it to the policy handler. */
2333 while (avail_len > 0) {
2335 if (head->w.avail >= head->writebuf_size - 1) {
2336 const int len = head->writebuf_size * 2;
2337 char *cp = kzalloc(len, GFP_NOFS);
2342 memmove(cp, cp0, head->w.avail);
2344 head->write_buf = cp;
2346 head->writebuf_size = len;
2348 if (get_user(c, buffer)) {
2354 cp0[head->w.avail++] = c;
2357 cp0[head->w.avail - 1] = '\0';
2359 tomoyo_normalize_line(cp0);
2360 if (!strcmp(cp0, "reset")) {
2361 head->w.ns = &tomoyo_kernel_namespace;
2362 head->w.domain = NULL;
2363 memset(&head->r, 0, sizeof(head->r));
2366 /* Don't allow updating policies by non manager programs. */
2367 switch (head->type) {
2368 case TOMOYO_PROCESS_STATUS:
2369 /* This does not write anything. */
2371 case TOMOYO_DOMAINPOLICY:
2372 if (tomoyo_select_domain(head, cp0))
2375 case TOMOYO_EXCEPTIONPOLICY:
2376 if (!strcmp(cp0, "select transition_only")) {
2377 head->r.print_transition_related_only = true;
2382 if (!tomoyo_manager()) {
2387 switch (tomoyo_parse_policy(head, cp0)) {
2392 switch (head->type) {
2393 case TOMOYO_DOMAINPOLICY:
2394 case TOMOYO_EXCEPTIONPOLICY:
2396 case TOMOYO_PROFILE:
2397 case TOMOYO_MANAGER:
2398 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
2407 tomoyo_read_unlock(idx);
2408 mutex_unlock(&head->io_sem);
2413 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
2415 * @head: Pointer to "struct tomoyo_io_buffer".
2419 int tomoyo_close_control(struct tomoyo_io_buffer *head)
2422 * If the file is /sys/kernel/security/tomoyo/query , decrement the
2425 if (head->type == TOMOYO_QUERY &&
2426 atomic_dec_and_test(&tomoyo_query_observers))
2427 wake_up_all(&tomoyo_answer_wait);
2428 tomoyo_notify_gc(head, false);
2433 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined.
2435 void tomoyo_check_profile(void)
2437 struct tomoyo_domain_info *domain;
2438 const int idx = tomoyo_read_lock();
2439 tomoyo_policy_loaded = true;
2440 printk(KERN_INFO "TOMOYO: 2.4.0\n");
2441 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
2442 const u8 profile = domain->profile;
2443 const struct tomoyo_policy_namespace *ns = domain->ns;
2444 if (ns->profile_version != 20100903)
2446 "Profile version %u is not supported.\n",
2447 ns->profile_version);
2448 else if (!ns->profile_ptr[profile])
2450 "Profile %u (used by '%s') is not defined.\n",
2451 profile, domain->domainname->name);
2455 "Userland tools for TOMOYO 2.4 must be installed and "
2456 "policy must be initialized.\n");
2457 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.4/ "
2458 "for more information.\n");
2461 tomoyo_read_unlock(idx);
2462 printk(KERN_INFO "Mandatory Access Control activated.\n");
2466 * tomoyo_load_builtin_policy - Load built-in policy.
2470 void __init tomoyo_load_builtin_policy(void)
2473 * This include file is manually created and contains built-in policy
2474 * named "tomoyo_builtin_profile", "tomoyo_builtin_exception_policy",
2475 * "tomoyo_builtin_domain_policy", "tomoyo_builtin_manager",
2476 * "tomoyo_builtin_stat" in the form of "static char [] __initdata".
2478 #include "builtin-policy.h"
2480 const int idx = tomoyo_read_lock();
2481 for (i = 0; i < 5; i++) {
2482 struct tomoyo_io_buffer head = { };
2486 start = tomoyo_builtin_profile;
2487 head.type = TOMOYO_PROFILE;
2488 head.write = tomoyo_write_profile;
2491 start = tomoyo_builtin_exception_policy;
2492 head.type = TOMOYO_EXCEPTIONPOLICY;
2493 head.write = tomoyo_write_exception;
2496 start = tomoyo_builtin_domain_policy;
2497 head.type = TOMOYO_DOMAINPOLICY;
2498 head.write = tomoyo_write_domain;
2501 start = tomoyo_builtin_manager;
2502 head.type = TOMOYO_MANAGER;
2503 head.write = tomoyo_write_manager;
2506 start = tomoyo_builtin_stat;
2507 head.type = TOMOYO_STAT;
2508 head.write = tomoyo_write_stat;
2512 char *end = strchr(start, '\n');
2516 tomoyo_normalize_line(start);
2517 head.write_buf = start;
2518 tomoyo_parse_policy(&head, start);
2522 tomoyo_read_unlock(idx);
2523 #ifdef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
2524 tomoyo_check_profile();
git.openpandora.org / pandora-kernel.git / blob