security/tomoyo/securityfs_if.c

   1 /*
   2  * security/tomoyo/securityfs_if.c
   3  *
   4  * Copyright (C) 2005-2011  NTT DATA CORPORATION
   5  */
   6
   7 #include <linux/security.h>
   8 #include "common.h"
   9
  10 /**
  11  * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
  12  *
  13  * @inode: Pointer to "struct inode".
  14  * @file:  Pointer to "struct file".
  15  *
  16  * Returns 0 on success, negative value otherwise.
  17  */
  18 static int tomoyo_open(struct inode *inode, struct file *file)
  19 {
  20         const int key = ((u8 *) file->f_path.dentry->d_inode->i_private)
  21                 - ((u8 *) NULL);
  22         return tomoyo_open_control(key, file);
  23 }
  24
  25 /**
  26  * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
  27  *
  28  * @inode: Pointer to "struct inode".
  29  * @file:  Pointer to "struct file".
  30  *
  31  * Returns 0 on success, negative value otherwise.
  32  */
  33 static int tomoyo_release(struct inode *inode, struct file *file)
  34 {
  35         return tomoyo_close_control(file->private_data);
  36 }
  37
  38 /**
  39  * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
  40  *
  41  * @file: Pointer to "struct file".
  42  * @wait: Pointer to "poll_table".
  43  *
  44  * Returns 0 on success, negative value otherwise.
  45  */
  46 static unsigned int tomoyo_poll(struct file *file, poll_table *wait)
  47 {
  48         return tomoyo_poll_control(file, wait);
  49 }
  50
  51 /**
  52  * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
  53  *
  54  * @file:  Pointer to "struct file".
  55  * @buf:   Pointer to buffer.
  56  * @count: Size of @buf.
  57  * @ppos:  Unused.
  58  *
  59  * Returns bytes read on success, negative value otherwise.
  60  */
  61 static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
  62                            loff_t *ppos)
  63 {
  64         return tomoyo_read_control(file->private_data, buf, count);
  65 }
  66
  67 /**
  68  * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
  69  *
  70  * @file:  Pointer to "struct file".
  71  * @buf:   Pointer to buffer.
  72  * @count: Size of @buf.
  73  * @ppos:  Unused.
  74  *
  75  * Returns @count on success, negative value otherwise.
  76  */
  77 static ssize_t tomoyo_write(struct file *file, const char __user *buf,
  78                             size_t count, loff_t *ppos)
  79 {
  80         return tomoyo_write_control(file->private_data, buf, count);
  81 }
  82
  83 /*
  84  * tomoyo_operations is a "struct file_operations" which is used for handling
  85  * /sys/kernel/security/tomoyo/ interface.
  86  *
  87  * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
  88  * See tomoyo_io_buffer for internals.
  89  */
  90 static const struct file_operations tomoyo_operations = {
  91         .open    = tomoyo_open,
  92         .release = tomoyo_release,
  93         .poll    = tomoyo_poll,
  94         .read    = tomoyo_read,
  95         .write   = tomoyo_write,
  96         .llseek  = noop_llseek,
  97 };
  98
  99 /**
 100  * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
 101  *
 102  * @name:   The name of the interface file.
 103  * @mode:   The permission of the interface file.
 104  * @parent: The parent directory.
 105  * @key:    Type of interface.
 106  *
 107  * Returns nothing.
 108  */
 109 static void __init tomoyo_create_entry(const char *name, const mode_t mode,
 110                                        struct dentry *parent, const u8 key)
 111 {
 112         securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
 113                                &tomoyo_operations);
 114 }
 115
 116 /**
 117  * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
 118  *
 119  * Returns 0.
 120  */
 121 static int __init tomoyo_initerface_init(void)
 122 {
 123         struct dentry *tomoyo_dir;
 124
 125         /* Don't create securityfs entries unless registered. */
 126         if (current_cred()->security != &tomoyo_kernel_domain)
 127                 return 0;
 128
 129         tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
 130         tomoyo_create_entry("query",            0600, tomoyo_dir,
 131                             TOMOYO_QUERY);
 132         tomoyo_create_entry("domain_policy",    0600, tomoyo_dir,
 133                             TOMOYO_DOMAINPOLICY);
 134         tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
 135                             TOMOYO_EXCEPTIONPOLICY);
 136         tomoyo_create_entry("audit",            0400, tomoyo_dir,
 137                             TOMOYO_AUDIT);
 138         tomoyo_create_entry("self_domain",      0400, tomoyo_dir,
 139                             TOMOYO_SELFDOMAIN);
 140         tomoyo_create_entry(".process_status",  0600, tomoyo_dir,
 141                             TOMOYO_PROCESS_STATUS);
 142         tomoyo_create_entry("stat",             0644, tomoyo_dir,
 143                             TOMOYO_STAT);
 144         tomoyo_create_entry("profile",          0600, tomoyo_dir,
 145                             TOMOYO_PROFILE);
 146         tomoyo_create_entry("manager",          0600, tomoyo_dir,
 147                             TOMOYO_MANAGER);
 148         tomoyo_create_entry("version",          0400, tomoyo_dir,
 149                             TOMOYO_VERSION);
 150         return 0;
 151 }
 152
 153 fs_initcall(tomoyo_initerface_init);