2 * security/tomoyo/common.c
4 * Common functions for TOMOYO.
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
8 * Version: 2.2.0 2009/04/01
12 #include <linux/uaccess.h>
13 #include <linux/slab.h>
14 #include <linux/security.h>
15 #include <linux/hardirq.h>
18 /* Lock for protecting policy. */
19 DEFINE_MUTEX(tomoyo_policy_lock
);
21 /* Has loading policy done? */
22 bool tomoyo_policy_loaded
;
24 /* String table for functionality that takes 4 modes. */
25 static const char *tomoyo_mode_4
[4] = {
26 "disabled", "learning", "permissive", "enforcing"
28 /* String table for functionality that takes 2 modes. */
29 static const char *tomoyo_mode_2
[4] = {
30 "disabled", "enabled", "enabled", "enabled"
34 * tomoyo_control_array is a static data which contains
36 * (1) functionality name used by /sys/kernel/security/tomoyo/profile .
37 * (2) initial values for "struct tomoyo_profile".
38 * (3) max values for "struct tomoyo_profile".
42 unsigned int current_value
;
43 const unsigned int max_value
;
44 } tomoyo_control_array
[TOMOYO_MAX_CONTROL_INDEX
] = {
45 [TOMOYO_MAC_FOR_FILE
] = { "MAC_FOR_FILE", 0, 3 },
46 [TOMOYO_MAX_ACCEPT_ENTRY
] = { "MAX_ACCEPT_ENTRY", 2048, INT_MAX
},
47 [TOMOYO_VERBOSE
] = { "TOMOYO_VERBOSE", 1, 1 },
51 * tomoyo_profile is a structure which is used for holding the mode of access
52 * controls. TOMOYO has 4 modes: disabled, learning, permissive, enforcing.
53 * An administrator can define up to 256 profiles.
54 * The ->profile of "struct tomoyo_domain_info" is used for remembering
55 * the profile's number (0 - 255) assigned to that domain.
57 static struct tomoyo_profile
{
58 unsigned int value
[TOMOYO_MAX_CONTROL_INDEX
];
59 const struct tomoyo_path_info
*comment
;
60 } *tomoyo_profile_ptr
[TOMOYO_MAX_PROFILES
];
62 /* Permit policy management by non-root user? */
63 static bool tomoyo_manage_by_non_root
;
65 /* Utility functions. */
67 /* Open operation for /sys/kernel/security/tomoyo/ interface. */
68 static int tomoyo_open_control(const u8 type
, struct file
*file
);
69 /* Close /sys/kernel/security/tomoyo/ interface. */
70 static int tomoyo_close_control(struct file
*file
);
71 /* Read operation for /sys/kernel/security/tomoyo/ interface. */
72 static int tomoyo_read_control(struct file
*file
, char __user
*buffer
,
73 const int buffer_len
);
74 /* Write operation for /sys/kernel/security/tomoyo/ interface. */
75 static int tomoyo_write_control(struct file
*file
, const char __user
*buffer
,
76 const int buffer_len
);
79 * tomoyo_parse_name_union - Parse a tomoyo_name_union.
81 * @filename: Name or name group.
82 * @ptr: Pointer to "struct tomoyo_name_union".
84 * Returns true on success, false otherwise.
86 bool tomoyo_parse_name_union(const char *filename
,
87 struct tomoyo_name_union
*ptr
)
89 if (!tomoyo_is_correct_path(filename
, 0, 0, 0))
91 if (filename
[0] == '@') {
92 ptr
->group
= tomoyo_get_path_group(filename
+ 1);
94 return ptr
->group
!= NULL
;
96 ptr
->filename
= tomoyo_get_name(filename
);
97 ptr
->is_group
= false;
98 return ptr
->filename
!= NULL
;
102 * tomoyo_print_name_union - Print a tomoyo_name_union.
104 * @head: Pointer to "struct tomoyo_io_buffer".
105 * @ptr: Pointer to "struct tomoyo_name_union".
107 * Returns true on success, false otherwise.
109 static bool tomoyo_print_name_union(struct tomoyo_io_buffer
*head
,
110 const struct tomoyo_name_union
*ptr
)
112 int pos
= head
->read_avail
;
113 if (pos
&& head
->read_buf
[pos
- 1] == ' ')
116 return tomoyo_io_printf(head
, " @%s",
117 ptr
->group
->group_name
->name
);
118 return tomoyo_io_printf(head
, " %s", ptr
->filename
->name
);
122 * tomoyo_parse_ulong - Parse an "unsigned long" value.
124 * @result: Pointer to "unsigned long".
125 * @str: Pointer to string to parse.
127 * Returns value type on success, 0 otherwise.
129 * The @src is updated to point the first character after the value
132 u8
tomoyo_parse_ulong(unsigned long *result
, char **str
)
134 const char *cp
= *str
;
139 if (c
== 'x' || c
== 'X') {
142 } else if (c
>= '0' && c
<= '7') {
147 *result
= simple_strtoul(cp
, &ep
, base
);
153 return TOMOYO_VALUE_TYPE_HEXADECIMAL
;
155 return TOMOYO_VALUE_TYPE_OCTAL
;
157 return TOMOYO_VALUE_TYPE_DECIMAL
;
162 * tomoyo_print_ulong - Print an "unsigned long" value.
164 * @buffer: Pointer to buffer.
165 * @buffer_len: Size of @buffer.
166 * @value: An "unsigned long" value.
167 * @type: Type of @value.
171 void tomoyo_print_ulong(char *buffer
, const int buffer_len
,
172 const unsigned long value
, const u8 type
)
174 if (type
== TOMOYO_VALUE_TYPE_DECIMAL
)
175 snprintf(buffer
, buffer_len
, "%lu", value
);
176 else if (type
== TOMOYO_VALUE_TYPE_OCTAL
)
177 snprintf(buffer
, buffer_len
, "0%lo", value
);
178 else if (type
== TOMOYO_VALUE_TYPE_HEXADECIMAL
)
179 snprintf(buffer
, buffer_len
, "0x%lX", value
);
181 snprintf(buffer
, buffer_len
, "type(%u)", type
);
185 * tomoyo_print_number_union - Print a tomoyo_number_union.
187 * @head: Pointer to "struct tomoyo_io_buffer".
188 * @ptr: Pointer to "struct tomoyo_number_union".
190 * Returns true on success, false otherwise.
192 bool tomoyo_print_number_union(struct tomoyo_io_buffer
*head
,
193 const struct tomoyo_number_union
*ptr
)
199 if (!tomoyo_io_printf(head
, " "))
202 return tomoyo_io_printf(head
, "@%s",
203 ptr
->group
->group_name
->name
);
204 min_type
= ptr
->min_type
;
205 max_type
= ptr
->max_type
;
206 min
= ptr
->values
[0];
207 max
= ptr
->values
[1];
209 case TOMOYO_VALUE_TYPE_HEXADECIMAL
:
210 if (!tomoyo_io_printf(head
, "0x%lX", min
))
213 case TOMOYO_VALUE_TYPE_OCTAL
:
214 if (!tomoyo_io_printf(head
, "0%lo", min
))
218 if (!tomoyo_io_printf(head
, "%lu", min
))
222 if (min
== max
&& min_type
== max_type
)
225 case TOMOYO_VALUE_TYPE_HEXADECIMAL
:
226 return tomoyo_io_printf(head
, "-0x%lX", max
);
227 case TOMOYO_VALUE_TYPE_OCTAL
:
228 return tomoyo_io_printf(head
, "-0%lo", max
);
230 return tomoyo_io_printf(head
, "-%lu", max
);
235 * tomoyo_parse_number_union - Parse a tomoyo_number_union.
237 * @data: Number or number range or number group.
238 * @ptr: Pointer to "struct tomoyo_number_union".
240 * Returns true on success, false otherwise.
242 bool tomoyo_parse_number_union(char *data
, struct tomoyo_number_union
*num
)
246 memset(num
, 0, sizeof(*num
));
247 if (data
[0] == '@') {
248 if (!tomoyo_is_correct_path(data
, 0, 0, 0))
250 num
->group
= tomoyo_get_number_group(data
+ 1);
251 num
->is_group
= true;
252 return num
->group
!= NULL
;
254 type
= tomoyo_parse_ulong(&v
, &data
);
258 num
->min_type
= type
;
261 num
->max_type
= type
;
266 type
= tomoyo_parse_ulong(&v
, &data
);
270 num
->max_type
= type
;
275 * tomoyo_is_byte_range - Check whether the string isa \ooo style octal value.
277 * @str: Pointer to the string.
279 * Returns true if @str is a \ooo style octal value, false otherwise.
281 * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF.
282 * This function verifies that \ooo is in valid range.
284 static inline bool tomoyo_is_byte_range(const char *str
)
286 return *str
>= '0' && *str
++ <= '3' &&
287 *str
>= '0' && *str
++ <= '7' &&
288 *str
>= '0' && *str
<= '7';
292 * tomoyo_is_alphabet_char - Check whether the character is an alphabet.
294 * @c: The character to check.
296 * Returns true if @c is an alphabet character, false otherwise.
298 static inline bool tomoyo_is_alphabet_char(const char c
)
300 return (c
>= 'A' && c
<= 'Z') || (c
>= 'a' && c
<= 'z');
304 * tomoyo_make_byte - Make byte value from three octal characters.
306 * @c1: The first character.
307 * @c2: The second character.
308 * @c3: The third character.
310 * Returns byte value.
312 static inline u8
tomoyo_make_byte(const u8 c1
, const u8 c2
, const u8 c3
)
314 return ((c1
- '0') << 6) + ((c2
- '0') << 3) + (c3
- '0');
318 * tomoyo_str_starts - Check whether the given string starts with the given keyword.
320 * @src: Pointer to pointer to the string.
321 * @find: Pointer to the keyword.
323 * Returns true if @src starts with @find, false otherwise.
325 * The @src is updated to point the first character after the @find
326 * if @src starts with @find.
328 static bool tomoyo_str_starts(char **src
, const char *find
)
330 const int len
= strlen(find
);
333 if (strncmp(tmp
, find
, len
))
341 * tomoyo_normalize_line - Format string.
343 * @buffer: The line to normalize.
345 * Leading and trailing whitespaces are removed.
346 * Multiple whitespaces are packed into single space.
350 static void tomoyo_normalize_line(unsigned char *buffer
)
352 unsigned char *sp
= buffer
;
353 unsigned char *dp
= buffer
;
356 while (tomoyo_is_invalid(*sp
))
362 while (tomoyo_is_valid(*sp
))
364 while (tomoyo_is_invalid(*sp
))
371 * tomoyo_tokenize - Tokenize string.
373 * @buffer: The line to tokenize.
374 * @w: Pointer to "char *".
377 * Returns true on success, false otherwise.
379 bool tomoyo_tokenize(char *buffer
, char *w
[], size_t size
)
381 int count
= size
/ sizeof(char *);
383 for (i
= 0; i
< count
; i
++)
385 for (i
= 0; i
< count
; i
++) {
386 char *cp
= strchr(buffer
, ' ');
394 return i
< count
|| !*buffer
;
398 * tomoyo_is_correct_path - Validate a pathname.
399 * @filename: The pathname to check.
400 * @start_type: Should the pathname start with '/'?
401 * 1 = must / -1 = must not / 0 = don't care
402 * @pattern_type: Can the pathname contain a wildcard?
403 * 1 = must / -1 = must not / 0 = don't care
404 * @end_type: Should the pathname end with '/'?
405 * 1 = must / -1 = must not / 0 = don't care
407 * Check whether the given filename follows the naming rules.
408 * Returns true if @filename follows the naming rules, false otherwise.
410 bool tomoyo_is_correct_path(const char *filename
, const s8 start_type
,
411 const s8 pattern_type
, const s8 end_type
)
413 const char *const start
= filename
;
414 bool in_repetition
= false;
415 bool contains_pattern
= false;
423 if (start_type
== 1) { /* Must start with '/' */
426 } else if (start_type
== -1) { /* Must not start with '/' */
431 c
= *(filename
+ strlen(filename
) - 1);
432 if (end_type
== 1) { /* Must end with '/' */
435 } else if (end_type
== -1) { /* Must not end with '/' */
446 case '\\': /* "\\" */
458 if (pattern_type
== -1)
459 break; /* Must not contain pattern */
460 contains_pattern
= true;
462 case '{': /* "/\{" */
463 if (filename
- 3 < start
||
464 *(filename
- 3) != '/')
466 if (pattern_type
== -1)
467 break; /* Must not contain pattern */
468 contains_pattern
= true;
469 in_repetition
= true;
471 case '}': /* "\}/" */
472 if (*filename
!= '/')
476 in_repetition
= false;
478 case '0': /* "\ooo" */
483 if (d
< '0' || d
> '7')
486 if (e
< '0' || e
> '7')
488 c
= tomoyo_make_byte(c
, d
, e
);
489 if (tomoyo_is_invalid(c
))
490 continue; /* pattern is not \000 */
493 } else if (in_repetition
&& c
== '/') {
495 } else if (tomoyo_is_invalid(c
)) {
499 if (pattern_type
== 1) { /* Must contain pattern */
500 if (!contains_pattern
)
511 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules.
512 * @domainname: The domainname to check.
514 * Returns true if @domainname follows the naming rules, false otherwise.
516 bool tomoyo_is_correct_domain(const unsigned char *domainname
)
522 if (!domainname
|| strncmp(domainname
, TOMOYO_ROOT_NAME
,
523 TOMOYO_ROOT_NAME_LEN
))
525 domainname
+= TOMOYO_ROOT_NAME_LEN
;
529 if (*domainname
++ != ' ')
531 if (*domainname
++ != '/')
533 while ((c
= *domainname
) != '\0' && c
!= ' ') {
538 case '\\': /* "\\" */
540 case '0': /* "\ooo" */
545 if (d
< '0' || d
> '7')
548 if (e
< '0' || e
> '7')
550 c
= tomoyo_make_byte(c
, d
, e
);
551 if (tomoyo_is_invalid(c
))
552 /* pattern is not \000 */
556 } else if (tomoyo_is_invalid(c
)) {
560 } while (*domainname
);
567 * tomoyo_is_domain_def - Check whether the given token can be a domainname.
569 * @buffer: The token to check.
571 * Returns true if @buffer possibly be a domainname, false otherwise.
573 bool tomoyo_is_domain_def(const unsigned char *buffer
)
575 return !strncmp(buffer
, TOMOYO_ROOT_NAME
, TOMOYO_ROOT_NAME_LEN
);
579 * tomoyo_find_domain - Find a domain by the given name.
581 * @domainname: The domainname to find.
583 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise.
585 * Caller holds tomoyo_read_lock().
587 struct tomoyo_domain_info
*tomoyo_find_domain(const char *domainname
)
589 struct tomoyo_domain_info
*domain
;
590 struct tomoyo_path_info name
;
592 name
.name
= domainname
;
593 tomoyo_fill_path_info(&name
);
594 list_for_each_entry_rcu(domain
, &tomoyo_domain_list
, list
) {
595 if (!domain
->is_deleted
&&
596 !tomoyo_pathcmp(&name
, domain
->domainname
))
603 * tomoyo_const_part_length - Evaluate the initial length without a pattern in a token.
605 * @filename: The string to evaluate.
607 * Returns the initial length without a pattern in @filename.
609 static int tomoyo_const_part_length(const char *filename
)
616 while ((c
= *filename
++) != '\0') {
623 case '\\': /* "\\" */
626 case '0': /* "\ooo" */
631 if (c
< '0' || c
> '7')
634 if (c
< '0' || c
> '7')
645 * tomoyo_fill_path_info - Fill in "struct tomoyo_path_info" members.
647 * @ptr: Pointer to "struct tomoyo_path_info" to fill in.
649 * The caller sets "struct tomoyo_path_info"->name.
651 void tomoyo_fill_path_info(struct tomoyo_path_info
*ptr
)
653 const char *name
= ptr
->name
;
654 const int len
= strlen(name
);
656 ptr
->const_len
= tomoyo_const_part_length(name
);
657 ptr
->is_dir
= len
&& (name
[len
- 1] == '/');
658 ptr
->is_patterned
= (ptr
->const_len
< len
);
659 ptr
->hash
= full_name_hash(name
, len
);
663 * tomoyo_file_matches_pattern2 - Pattern matching without '/' character
666 * @filename: The start of string to check.
667 * @filename_end: The end of string to check.
668 * @pattern: The start of pattern to compare.
669 * @pattern_end: The end of pattern to compare.
671 * Returns true if @filename matches @pattern, false otherwise.
673 static bool tomoyo_file_matches_pattern2(const char *filename
,
674 const char *filename_end
,
676 const char *pattern_end
)
678 while (filename
< filename_end
&& pattern
< pattern_end
) {
680 if (*pattern
!= '\\') {
681 if (*filename
++ != *pattern
++)
693 } else if (c
== '\\') {
694 if (filename
[1] == '\\')
696 else if (tomoyo_is_byte_range(filename
+ 1))
705 if (*++filename
!= '\\')
717 if (!tomoyo_is_alphabet_char(c
))
724 if (c
== '\\' && tomoyo_is_byte_range(filename
+ 1)
725 && strncmp(filename
+ 1, pattern
, 3) == 0) {
730 return false; /* Not matched. */
733 for (i
= 0; i
<= filename_end
- filename
; i
++) {
734 if (tomoyo_file_matches_pattern2(
735 filename
+ i
, filename_end
,
736 pattern
+ 1, pattern_end
))
739 if (c
== '.' && *pattern
== '@')
743 if (filename
[i
+ 1] == '\\')
745 else if (tomoyo_is_byte_range(filename
+ i
+ 1))
748 break; /* Bad pattern. */
750 return false; /* Not matched. */
755 while (isdigit(filename
[j
]))
757 } else if (c
== 'X') {
758 while (isxdigit(filename
[j
]))
760 } else if (c
== 'A') {
761 while (tomoyo_is_alphabet_char(filename
[j
]))
764 for (i
= 1; i
<= j
; i
++) {
765 if (tomoyo_file_matches_pattern2(
766 filename
+ i
, filename_end
,
767 pattern
+ 1, pattern_end
))
770 return false; /* Not matched or bad pattern. */
775 while (*pattern
== '\\' &&
776 (*(pattern
+ 1) == '*' || *(pattern
+ 1) == '@'))
778 return filename
== filename_end
&& pattern
== pattern_end
;
782 * tomoyo_file_matches_pattern - Pattern matching without without '/' character.
784 * @filename: The start of string to check.
785 * @filename_end: The end of string to check.
786 * @pattern: The start of pattern to compare.
787 * @pattern_end: The end of pattern to compare.
789 * Returns true if @filename matches @pattern, false otherwise.
791 static bool tomoyo_file_matches_pattern(const char *filename
,
792 const char *filename_end
,
794 const char *pattern_end
)
796 const char *pattern_start
= pattern
;
800 while (pattern
< pattern_end
- 1) {
801 /* Split at "\-" pattern. */
802 if (*pattern
++ != '\\' || *pattern
++ != '-')
804 result
= tomoyo_file_matches_pattern2(filename
,
813 pattern_start
= pattern
;
815 result
= tomoyo_file_matches_pattern2(filename
, filename_end
,
816 pattern_start
, pattern_end
);
817 return first
? result
: !result
;
821 * tomoyo_path_matches_pattern2 - Do pathname pattern matching.
823 * @f: The start of string to check.
824 * @p: The start of pattern to compare.
826 * Returns true if @f matches @p, false otherwise.
828 static bool tomoyo_path_matches_pattern2(const char *f
, const char *p
)
830 const char *f_delimiter
;
831 const char *p_delimiter
;
834 f_delimiter
= strchr(f
, '/');
836 f_delimiter
= f
+ strlen(f
);
837 p_delimiter
= strchr(p
, '/');
839 p_delimiter
= p
+ strlen(p
);
840 if (*p
== '\\' && *(p
+ 1) == '{')
842 if (!tomoyo_file_matches_pattern(f
, f_delimiter
, p
,
852 /* Ignore trailing "\*" and "\@" in @pattern. */
854 (*(p
+ 1) == '*' || *(p
+ 1) == '@'))
859 * The "\{" pattern is permitted only after '/' character.
860 * This guarantees that below "*(p - 1)" is safe.
861 * Also, the "\}" pattern is permitted only before '/' character
862 * so that "\{" + "\}" pair will not break the "\-" operator.
864 if (*(p
- 1) != '/' || p_delimiter
<= p
+ 3 || *p_delimiter
!= '/' ||
865 *(p_delimiter
- 1) != '}' || *(p_delimiter
- 2) != '\\')
866 return false; /* Bad pattern. */
868 /* Compare current component with pattern. */
869 if (!tomoyo_file_matches_pattern(f
, f_delimiter
, p
+ 2,
872 /* Proceed to next component. */
877 /* Continue comparison. */
878 if (tomoyo_path_matches_pattern2(f
, p_delimiter
+ 1))
880 f_delimiter
= strchr(f
, '/');
881 } while (f_delimiter
);
882 return false; /* Not matched. */
886 * tomoyo_path_matches_pattern - Check whether the given filename matches the given pattern.
888 * @filename: The filename to check.
889 * @pattern: The pattern to compare.
891 * Returns true if matches, false otherwise.
893 * The following patterns are available.
895 * \ooo Octal representation of a byte.
896 * \* Zero or more repetitions of characters other than '/'.
897 * \@ Zero or more repetitions of characters other than '/' or '.'.
898 * \? 1 byte character other than '/'.
899 * \$ One or more repetitions of decimal digits.
900 * \+ 1 decimal digit.
901 * \X One or more repetitions of hexadecimal digits.
902 * \x 1 hexadecimal digit.
903 * \A One or more repetitions of alphabet characters.
904 * \a 1 alphabet character.
906 * \- Subtraction operator.
908 * /\{dir\}/ '/' + 'One or more repetitions of dir/' (e.g. /dir/ /dir/dir/
911 bool tomoyo_path_matches_pattern(const struct tomoyo_path_info
*filename
,
912 const struct tomoyo_path_info
*pattern
)
914 const char *f
= filename
->name
;
915 const char *p
= pattern
->name
;
916 const int len
= pattern
->const_len
;
918 /* If @pattern doesn't contain pattern, I can use strcmp(). */
919 if (!pattern
->is_patterned
)
920 return !tomoyo_pathcmp(filename
, pattern
);
921 /* Don't compare directory and non-directory. */
922 if (filename
->is_dir
!= pattern
->is_dir
)
924 /* Compare the initial length without patterns. */
925 if (strncmp(f
, p
, len
))
929 return tomoyo_path_matches_pattern2(f
, p
);
933 * tomoyo_io_printf - Transactional printf() to "struct tomoyo_io_buffer" structure.
935 * @head: Pointer to "struct tomoyo_io_buffer".
936 * @fmt: The printf()'s format string, followed by parameters.
938 * Returns true if output was written, false otherwise.
940 * The snprintf() will truncate, but tomoyo_io_printf() won't.
942 bool tomoyo_io_printf(struct tomoyo_io_buffer
*head
, const char *fmt
, ...)
946 int pos
= head
->read_avail
;
947 int size
= head
->readbuf_size
- pos
;
952 len
= vsnprintf(head
->read_buf
+ pos
, size
, fmt
, args
);
954 if (pos
+ len
>= head
->readbuf_size
)
956 head
->read_avail
+= len
;
961 * tomoyo_get_exe - Get tomoyo_realpath() of current process.
963 * Returns the tomoyo_realpath() of current process on success, NULL otherwise.
965 * This function uses kzalloc(), so the caller must call kfree()
966 * if this function didn't return NULL.
968 static const char *tomoyo_get_exe(void)
970 struct mm_struct
*mm
= current
->mm
;
971 struct vm_area_struct
*vma
;
972 const char *cp
= NULL
;
976 down_read(&mm
->mmap_sem
);
977 for (vma
= mm
->mmap
; vma
; vma
= vma
->vm_next
) {
978 if ((vma
->vm_flags
& VM_EXECUTABLE
) && vma
->vm_file
) {
979 cp
= tomoyo_realpath_from_path(&vma
->vm_file
->f_path
);
983 up_read(&mm
->mmap_sem
);
988 * tomoyo_check_flags - Check mode for specified functionality.
990 * @domain: Pointer to "struct tomoyo_domain_info".
991 * @index: The functionality to check mode.
993 * TOMOYO checks only process context.
994 * This code disables TOMOYO's enforcement in case the function is called from
997 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info
*domain
,
1000 const u8 profile
= domain
->profile
;
1002 if (WARN_ON(in_interrupt()))
1004 return tomoyo_policy_loaded
&& index
< TOMOYO_MAX_CONTROL_INDEX
1005 #if TOMOYO_MAX_PROFILES != 256
1006 && profile
< TOMOYO_MAX_PROFILES
1008 && tomoyo_profile_ptr
[profile
] ?
1009 tomoyo_profile_ptr
[profile
]->value
[index
] : 0;
1013 * tomoyo_verbose_mode - Check whether TOMOYO is verbose mode.
1015 * @domain: Pointer to "struct tomoyo_domain_info".
1017 * Returns true if domain policy violation warning should be printed to
1020 bool tomoyo_verbose_mode(const struct tomoyo_domain_info
*domain
)
1022 return tomoyo_check_flags(domain
, TOMOYO_VERBOSE
) != 0;
1026 * tomoyo_domain_quota_is_ok - Check for domain's quota.
1028 * @r: Pointer to "struct tomoyo_request_info".
1030 * Returns true if the domain is not exceeded quota, false otherwise.
1032 * Caller holds tomoyo_read_lock().
1034 bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info
*r
)
1036 unsigned int count
= 0;
1037 struct tomoyo_domain_info
*domain
= r
->domain
;
1038 struct tomoyo_acl_info
*ptr
;
1040 if (r
->mode
!= TOMOYO_CONFIG_LEARNING
)
1044 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1045 switch (ptr
->type
) {
1048 case TOMOYO_TYPE_PATH_ACL
:
1049 perm
= container_of(ptr
, struct tomoyo_path_acl
, head
)
1051 for (i
= 0; i
< TOMOYO_MAX_PATH_OPERATION
; i
++)
1052 if (perm
& (1 << i
))
1054 if (perm
& (1 << TOMOYO_TYPE_READ_WRITE
))
1057 case TOMOYO_TYPE_PATH2_ACL
:
1058 perm
= container_of(ptr
, struct tomoyo_path2_acl
, head
)
1060 for (i
= 0; i
< TOMOYO_MAX_PATH2_OPERATION
; i
++)
1061 if (perm
& (1 << i
))
1064 case TOMOYO_TYPE_PATH_NUMBER_ACL
:
1065 perm
= container_of(ptr
, struct tomoyo_path_number_acl
,
1067 for (i
= 0; i
< TOMOYO_MAX_PATH_NUMBER_OPERATION
; i
++)
1068 if (perm
& (1 << i
))
1071 case TOMOYO_TYPE_PATH_NUMBER3_ACL
:
1072 perm
= container_of(ptr
, struct tomoyo_path_number3_acl
,
1074 for (i
= 0; i
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
; i
++)
1075 if (perm
& (1 << i
))
1078 case TOMOYO_TYPE_MOUNT_ACL
:
1079 if (!container_of(ptr
, struct tomoyo_mount_acl
, head
)->
1084 if (count
< tomoyo_check_flags(domain
, TOMOYO_MAX_ACCEPT_ENTRY
))
1086 if (!domain
->quota_warned
) {
1087 domain
->quota_warned
= true;
1088 printk(KERN_WARNING
"TOMOYO-WARNING: "
1089 "Domain '%s' has so many ACLs to hold. "
1090 "Stopped learning mode.\n", domain
->domainname
->name
);
1096 * tomoyo_find_or_assign_new_profile - Create a new profile.
1098 * @profile: Profile number to create.
1100 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
1102 static struct tomoyo_profile
*tomoyo_find_or_assign_new_profile(const unsigned
1105 struct tomoyo_profile
*ptr
= NULL
;
1108 if (profile
>= TOMOYO_MAX_PROFILES
)
1110 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
1112 ptr
= tomoyo_profile_ptr
[profile
];
1115 ptr
= kmalloc(sizeof(*ptr
), GFP_NOFS
);
1116 if (!tomoyo_memory_ok(ptr
)) {
1121 for (i
= 0; i
< TOMOYO_MAX_CONTROL_INDEX
; i
++)
1122 ptr
->value
[i
] = tomoyo_control_array
[i
].current_value
;
1123 mb(); /* Avoid out-of-order execution. */
1124 tomoyo_profile_ptr
[profile
] = ptr
;
1126 mutex_unlock(&tomoyo_policy_lock
);
1131 * tomoyo_write_profile - Write to profile table.
1133 * @head: Pointer to "struct tomoyo_io_buffer".
1135 * Returns 0 on success, negative value otherwise.
1137 static int tomoyo_write_profile(struct tomoyo_io_buffer
*head
)
1139 char *data
= head
->write_buf
;
1143 struct tomoyo_profile
*profile
;
1146 cp
= strchr(data
, '-');
1149 if (strict_strtoul(data
, 10, &num
))
1153 profile
= tomoyo_find_or_assign_new_profile(num
);
1156 cp
= strchr(data
, '=');
1160 if (!strcmp(data
, "COMMENT")) {
1161 const struct tomoyo_path_info
*old_comment
= profile
->comment
;
1162 profile
->comment
= tomoyo_get_name(cp
+ 1);
1163 tomoyo_put_name(old_comment
);
1166 for (i
= 0; i
< TOMOYO_MAX_CONTROL_INDEX
; i
++) {
1167 if (strcmp(data
, tomoyo_control_array
[i
].keyword
))
1169 if (sscanf(cp
+ 1, "%u", &value
) != 1) {
1173 case TOMOYO_VERBOSE
:
1174 modes
= tomoyo_mode_2
;
1177 modes
= tomoyo_mode_4
;
1180 for (j
= 0; j
< 4; j
++) {
1181 if (strcmp(cp
+ 1, modes
[j
]))
1188 } else if (value
> tomoyo_control_array
[i
].max_value
) {
1189 value
= tomoyo_control_array
[i
].max_value
;
1191 profile
->value
[i
] = value
;
1198 * tomoyo_read_profile - Read from profile table.
1200 * @head: Pointer to "struct tomoyo_io_buffer".
1204 static int tomoyo_read_profile(struct tomoyo_io_buffer
*head
)
1206 static const int total
= TOMOYO_MAX_CONTROL_INDEX
+ 1;
1211 for (step
= head
->read_step
; step
< TOMOYO_MAX_PROFILES
* total
;
1213 const u8 index
= step
/ total
;
1214 u8 type
= step
% total
;
1215 const struct tomoyo_profile
*profile
1216 = tomoyo_profile_ptr
[index
];
1217 head
->read_step
= step
;
1220 if (!type
) { /* Print profile' comment tag. */
1221 if (!tomoyo_io_printf(head
, "%u-COMMENT=%s\n",
1222 index
, profile
->comment
?
1223 profile
->comment
->name
: ""))
1228 if (type
< TOMOYO_MAX_CONTROL_INDEX
) {
1229 const unsigned int value
= profile
->value
[type
];
1230 const char **modes
= NULL
;
1232 = tomoyo_control_array
[type
].keyword
;
1233 switch (tomoyo_control_array
[type
].max_value
) {
1235 modes
= tomoyo_mode_4
;
1238 modes
= tomoyo_mode_2
;
1242 if (!tomoyo_io_printf(head
, "%u-%s=%s\n", index
,
1243 keyword
, modes
[value
]))
1246 if (!tomoyo_io_printf(head
, "%u-%s=%u\n", index
,
1252 if (step
== TOMOYO_MAX_PROFILES
* total
)
1253 head
->read_eof
= true;
1258 * tomoyo_policy_manager_list is used for holding list of domainnames or
1259 * programs which are permitted to modify configuration via
1260 * /sys/kernel/security/tomoyo/ interface.
1262 * An entry is added by
1264 * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \
1265 * /sys/kernel/security/tomoyo/manager
1266 * (if you want to specify by a domainname)
1270 * # echo '/usr/lib/ccs/editpolicy' > /sys/kernel/security/tomoyo/manager
1271 * (if you want to specify by a program's location)
1275 * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \
1276 * /sys/kernel/security/tomoyo/manager
1280 * # echo 'delete /usr/lib/ccs/editpolicy' > \
1281 * /sys/kernel/security/tomoyo/manager
1283 * and all entries are retrieved by
1285 * # cat /sys/kernel/security/tomoyo/manager
1287 LIST_HEAD(tomoyo_policy_manager_list
);
1290 * tomoyo_update_manager_entry - Add a manager entry.
1292 * @manager: The path to manager or the domainnamme.
1293 * @is_delete: True if it is a delete request.
1295 * Returns 0 on success, negative value otherwise.
1297 * Caller holds tomoyo_read_lock().
1299 static int tomoyo_update_manager_entry(const char *manager
,
1300 const bool is_delete
)
1302 struct tomoyo_policy_manager_entry
*ptr
;
1303 struct tomoyo_policy_manager_entry e
= { };
1304 int error
= is_delete
? -ENOENT
: -ENOMEM
;
1306 if (tomoyo_is_domain_def(manager
)) {
1307 if (!tomoyo_is_correct_domain(manager
))
1311 if (!tomoyo_is_correct_path(manager
, 1, -1, -1))
1314 e
.manager
= tomoyo_get_name(manager
);
1317 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
1319 list_for_each_entry_rcu(ptr
, &tomoyo_policy_manager_list
, list
) {
1320 if (ptr
->manager
!= e
.manager
)
1322 ptr
->is_deleted
= is_delete
;
1326 if (!is_delete
&& error
) {
1327 struct tomoyo_policy_manager_entry
*entry
=
1328 tomoyo_commit_ok(&e
, sizeof(e
));
1330 list_add_tail_rcu(&entry
->list
,
1331 &tomoyo_policy_manager_list
);
1335 mutex_unlock(&tomoyo_policy_lock
);
1337 tomoyo_put_name(e
.manager
);
1342 * tomoyo_write_manager_policy - Write manager policy.
1344 * @head: Pointer to "struct tomoyo_io_buffer".
1346 * Returns 0 on success, negative value otherwise.
1348 * Caller holds tomoyo_read_lock().
1350 static int tomoyo_write_manager_policy(struct tomoyo_io_buffer
*head
)
1352 char *data
= head
->write_buf
;
1353 bool is_delete
= tomoyo_str_starts(&data
, TOMOYO_KEYWORD_DELETE
);
1355 if (!strcmp(data
, "manage_by_non_root")) {
1356 tomoyo_manage_by_non_root
= !is_delete
;
1359 return tomoyo_update_manager_entry(data
, is_delete
);
1363 * tomoyo_read_manager_policy - Read manager policy.
1365 * @head: Pointer to "struct tomoyo_io_buffer".
1369 * Caller holds tomoyo_read_lock().
1371 static int tomoyo_read_manager_policy(struct tomoyo_io_buffer
*head
)
1373 struct list_head
*pos
;
1378 list_for_each_cookie(pos
, head
->read_var2
,
1379 &tomoyo_policy_manager_list
) {
1380 struct tomoyo_policy_manager_entry
*ptr
;
1381 ptr
= list_entry(pos
, struct tomoyo_policy_manager_entry
,
1383 if (ptr
->is_deleted
)
1385 done
= tomoyo_io_printf(head
, "%s\n", ptr
->manager
->name
);
1389 head
->read_eof
= done
;
1394 * tomoyo_is_policy_manager - Check whether the current process is a policy manager.
1396 * Returns true if the current process is permitted to modify policy
1397 * via /sys/kernel/security/tomoyo/ interface.
1399 * Caller holds tomoyo_read_lock().
1401 static bool tomoyo_is_policy_manager(void)
1403 struct tomoyo_policy_manager_entry
*ptr
;
1405 const struct task_struct
*task
= current
;
1406 const struct tomoyo_path_info
*domainname
= tomoyo_domain()->domainname
;
1409 if (!tomoyo_policy_loaded
)
1411 if (!tomoyo_manage_by_non_root
&& (task
->cred
->uid
|| task
->cred
->euid
))
1413 list_for_each_entry_rcu(ptr
, &tomoyo_policy_manager_list
, list
) {
1414 if (!ptr
->is_deleted
&& ptr
->is_domain
1415 && !tomoyo_pathcmp(domainname
, ptr
->manager
)) {
1422 exe
= tomoyo_get_exe();
1425 list_for_each_entry_rcu(ptr
, &tomoyo_policy_manager_list
, list
) {
1426 if (!ptr
->is_deleted
&& !ptr
->is_domain
1427 && !strcmp(exe
, ptr
->manager
->name
)) {
1432 if (!found
) { /* Reduce error messages. */
1433 static pid_t last_pid
;
1434 const pid_t pid
= current
->pid
;
1435 if (last_pid
!= pid
) {
1436 printk(KERN_WARNING
"%s ( %s ) is not permitted to "
1437 "update policies.\n", domainname
->name
, exe
);
1446 * tomoyo_is_select_one - Parse select command.
1448 * @head: Pointer to "struct tomoyo_io_buffer".
1449 * @data: String to parse.
1451 * Returns true on success, false otherwise.
1453 * Caller holds tomoyo_read_lock().
1455 static bool tomoyo_is_select_one(struct tomoyo_io_buffer
*head
,
1459 struct tomoyo_domain_info
*domain
= NULL
;
1461 if (sscanf(data
, "pid=%u", &pid
) == 1) {
1462 struct task_struct
*p
;
1464 read_lock(&tasklist_lock
);
1465 p
= find_task_by_vpid(pid
);
1467 domain
= tomoyo_real_domain(p
);
1468 read_unlock(&tasklist_lock
);
1470 } else if (!strncmp(data
, "domain=", 7)) {
1471 if (tomoyo_is_domain_def(data
+ 7))
1472 domain
= tomoyo_find_domain(data
+ 7);
1475 head
->write_var1
= domain
;
1476 /* Accessing read_buf is safe because head->io_sem is held. */
1477 if (!head
->read_buf
)
1478 return true; /* Do nothing if open(O_WRONLY). */
1479 head
->read_avail
= 0;
1480 tomoyo_io_printf(head
, "# select %s\n", data
);
1481 head
->read_single_domain
= true;
1482 head
->read_eof
= !domain
;
1484 struct tomoyo_domain_info
*d
;
1485 head
->read_var1
= NULL
;
1486 list_for_each_entry_rcu(d
, &tomoyo_domain_list
, list
) {
1489 head
->read_var1
= &d
->list
;
1491 head
->read_var2
= NULL
;
1493 head
->read_step
= 0;
1494 if (domain
->is_deleted
)
1495 tomoyo_io_printf(head
, "# This is a deleted domain.\n");
1501 * tomoyo_delete_domain - Delete a domain.
1503 * @domainname: The name of domain.
1507 * Caller holds tomoyo_read_lock().
1509 static int tomoyo_delete_domain(char *domainname
)
1511 struct tomoyo_domain_info
*domain
;
1512 struct tomoyo_path_info name
;
1514 name
.name
= domainname
;
1515 tomoyo_fill_path_info(&name
);
1516 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
1518 /* Is there an active domain? */
1519 list_for_each_entry_rcu(domain
, &tomoyo_domain_list
, list
) {
1520 /* Never delete tomoyo_kernel_domain */
1521 if (domain
== &tomoyo_kernel_domain
)
1523 if (domain
->is_deleted
||
1524 tomoyo_pathcmp(domain
->domainname
, &name
))
1526 domain
->is_deleted
= true;
1529 mutex_unlock(&tomoyo_policy_lock
);
1534 * tomoyo_write_domain_policy - Write domain policy.
1536 * @head: Pointer to "struct tomoyo_io_buffer".
1538 * Returns 0 on success, negative value otherwise.
1540 * Caller holds tomoyo_read_lock().
1542 static int tomoyo_write_domain_policy(struct tomoyo_io_buffer
*head
)
1544 char *data
= head
->write_buf
;
1545 struct tomoyo_domain_info
*domain
= head
->write_var1
;
1546 bool is_delete
= false;
1547 bool is_select
= false;
1548 unsigned int profile
;
1550 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_DELETE
))
1552 else if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_SELECT
))
1554 if (is_select
&& tomoyo_is_select_one(head
, data
))
1556 /* Don't allow updating policies by non manager programs. */
1557 if (!tomoyo_is_policy_manager())
1559 if (tomoyo_is_domain_def(data
)) {
1562 tomoyo_delete_domain(data
);
1564 domain
= tomoyo_find_domain(data
);
1566 domain
= tomoyo_find_or_assign_new_domain(data
, 0);
1567 head
->write_var1
= domain
;
1573 if (sscanf(data
, TOMOYO_KEYWORD_USE_PROFILE
"%u", &profile
) == 1
1574 && profile
< TOMOYO_MAX_PROFILES
) {
1575 if (tomoyo_profile_ptr
[profile
] || !tomoyo_policy_loaded
)
1576 domain
->profile
= (u8
) profile
;
1579 if (!strcmp(data
, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ
)) {
1580 domain
->ignore_global_allow_read
= !is_delete
;
1583 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_ALLOW_MOUNT
))
1584 return tomoyo_write_mount_policy(data
, domain
, is_delete
);
1585 return tomoyo_write_file_policy(data
, domain
, is_delete
);
1589 * tomoyo_print_path_acl - Print a single path ACL entry.
1591 * @head: Pointer to "struct tomoyo_io_buffer".
1592 * @ptr: Pointer to "struct tomoyo_path_acl".
1594 * Returns true on success, false otherwise.
1596 static bool tomoyo_print_path_acl(struct tomoyo_io_buffer
*head
,
1597 struct tomoyo_path_acl
*ptr
)
1601 const u16 perm
= ptr
->perm
;
1603 for (bit
= head
->read_bit
; bit
< TOMOYO_MAX_PATH_OPERATION
; bit
++) {
1604 if (!(perm
& (1 << bit
)))
1606 /* Print "read/write" instead of "read" and "write". */
1607 if ((bit
== TOMOYO_TYPE_READ
|| bit
== TOMOYO_TYPE_WRITE
)
1608 && (perm
& (1 << TOMOYO_TYPE_READ_WRITE
)))
1610 pos
= head
->read_avail
;
1611 if (!tomoyo_io_printf(head
, "allow_%s ",
1612 tomoyo_path2keyword(bit
)) ||
1613 !tomoyo_print_name_union(head
, &ptr
->name
) ||
1614 !tomoyo_io_printf(head
, "\n"))
1620 head
->read_bit
= bit
;
1621 head
->read_avail
= pos
;
1626 * tomoyo_print_path2_acl - Print a double path ACL entry.
1628 * @head: Pointer to "struct tomoyo_io_buffer".
1629 * @ptr: Pointer to "struct tomoyo_path2_acl".
1631 * Returns true on success, false otherwise.
1633 static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer
*head
,
1634 struct tomoyo_path2_acl
*ptr
)
1637 const u8 perm
= ptr
->perm
;
1640 for (bit
= head
->read_bit
; bit
< TOMOYO_MAX_PATH2_OPERATION
; bit
++) {
1641 if (!(perm
& (1 << bit
)))
1643 pos
= head
->read_avail
;
1644 if (!tomoyo_io_printf(head
, "allow_%s ",
1645 tomoyo_path22keyword(bit
)) ||
1646 !tomoyo_print_name_union(head
, &ptr
->name1
) ||
1647 !tomoyo_print_name_union(head
, &ptr
->name2
) ||
1648 !tomoyo_io_printf(head
, "\n"))
1654 head
->read_bit
= bit
;
1655 head
->read_avail
= pos
;
1660 * tomoyo_print_path_number_acl - Print a path_number ACL entry.
1662 * @head: Pointer to "struct tomoyo_io_buffer".
1663 * @ptr: Pointer to "struct tomoyo_path_number_acl".
1665 * Returns true on success, false otherwise.
1667 static bool tomoyo_print_path_number_acl(struct tomoyo_io_buffer
*head
,
1668 struct tomoyo_path_number_acl
*ptr
)
1672 const u8 perm
= ptr
->perm
;
1673 for (bit
= head
->read_bit
; bit
< TOMOYO_MAX_PATH_NUMBER_OPERATION
;
1675 if (!(perm
& (1 << bit
)))
1677 pos
= head
->read_avail
;
1678 if (!tomoyo_io_printf(head
, "allow_%s",
1679 tomoyo_path_number2keyword(bit
)) ||
1680 !tomoyo_print_name_union(head
, &ptr
->name
) ||
1681 !tomoyo_print_number_union(head
, &ptr
->number
) ||
1682 !tomoyo_io_printf(head
, "\n"))
1688 head
->read_bit
= bit
;
1689 head
->read_avail
= pos
;
1694 * tomoyo_print_path_number3_acl - Print a path_number3 ACL entry.
1696 * @head: Pointer to "struct tomoyo_io_buffer".
1697 * @ptr: Pointer to "struct tomoyo_path_number3_acl".
1699 * Returns true on success, false otherwise.
1701 static bool tomoyo_print_path_number3_acl(struct tomoyo_io_buffer
*head
,
1702 struct tomoyo_path_number3_acl
*ptr
)
1706 const u16 perm
= ptr
->perm
;
1707 for (bit
= head
->read_bit
; bit
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
;
1709 if (!(perm
& (1 << bit
)))
1711 pos
= head
->read_avail
;
1712 if (!tomoyo_io_printf(head
, "allow_%s",
1713 tomoyo_path_number32keyword(bit
)) ||
1714 !tomoyo_print_name_union(head
, &ptr
->name
) ||
1715 !tomoyo_print_number_union(head
, &ptr
->mode
) ||
1716 !tomoyo_print_number_union(head
, &ptr
->major
) ||
1717 !tomoyo_print_number_union(head
, &ptr
->minor
) ||
1718 !tomoyo_io_printf(head
, "\n"))
1724 head
->read_bit
= bit
;
1725 head
->read_avail
= pos
;
1730 * tomoyo_print_mount_acl - Print a mount ACL entry.
1732 * @head: Pointer to "struct tomoyo_io_buffer".
1733 * @ptr: Pointer to "struct tomoyo_mount_acl".
1735 * Returns true on success, false otherwise.
1737 static bool tomoyo_print_mount_acl(struct tomoyo_io_buffer
*head
,
1738 struct tomoyo_mount_acl
*ptr
)
1740 const int pos
= head
->read_avail
;
1741 if (!tomoyo_io_printf(head
, TOMOYO_KEYWORD_ALLOW_MOUNT
) ||
1742 !tomoyo_print_name_union(head
, &ptr
->dev_name
) ||
1743 !tomoyo_print_name_union(head
, &ptr
->dir_name
) ||
1744 !tomoyo_print_name_union(head
, &ptr
->fs_type
) ||
1745 !tomoyo_print_number_union(head
, &ptr
->flags
) ||
1746 !tomoyo_io_printf(head
, "\n")) {
1747 head
->read_avail
= pos
;
1754 * tomoyo_print_entry - Print an ACL entry.
1756 * @head: Pointer to "struct tomoyo_io_buffer".
1757 * @ptr: Pointer to an ACL entry.
1759 * Returns true on success, false otherwise.
1761 static bool tomoyo_print_entry(struct tomoyo_io_buffer
*head
,
1762 struct tomoyo_acl_info
*ptr
)
1764 const u8 acl_type
= ptr
->type
;
1766 if (acl_type
== TOMOYO_TYPE_PATH_ACL
) {
1767 struct tomoyo_path_acl
*acl
1768 = container_of(ptr
, struct tomoyo_path_acl
, head
);
1769 return tomoyo_print_path_acl(head
, acl
);
1771 if (acl_type
== TOMOYO_TYPE_PATH2_ACL
) {
1772 struct tomoyo_path2_acl
*acl
1773 = container_of(ptr
, struct tomoyo_path2_acl
, head
);
1774 return tomoyo_print_path2_acl(head
, acl
);
1776 if (acl_type
== TOMOYO_TYPE_PATH_NUMBER_ACL
) {
1777 struct tomoyo_path_number_acl
*acl
1778 = container_of(ptr
, struct tomoyo_path_number_acl
,
1780 return tomoyo_print_path_number_acl(head
, acl
);
1782 if (acl_type
== TOMOYO_TYPE_PATH_NUMBER3_ACL
) {
1783 struct tomoyo_path_number3_acl
*acl
1784 = container_of(ptr
, struct tomoyo_path_number3_acl
,
1786 return tomoyo_print_path_number3_acl(head
, acl
);
1788 if (acl_type
== TOMOYO_TYPE_MOUNT_ACL
) {
1789 struct tomoyo_mount_acl
*acl
1790 = container_of(ptr
, struct tomoyo_mount_acl
, head
);
1791 return tomoyo_print_mount_acl(head
, acl
);
1793 BUG(); /* This must not happen. */
1798 * tomoyo_read_domain_policy - Read domain policy.
1800 * @head: Pointer to "struct tomoyo_io_buffer".
1804 * Caller holds tomoyo_read_lock().
1806 static int tomoyo_read_domain_policy(struct tomoyo_io_buffer
*head
)
1808 struct list_head
*dpos
;
1809 struct list_head
*apos
;
1814 if (head
->read_step
== 0)
1815 head
->read_step
= 1;
1816 list_for_each_cookie(dpos
, head
->read_var1
, &tomoyo_domain_list
) {
1817 struct tomoyo_domain_info
*domain
;
1818 const char *quota_exceeded
= "";
1819 const char *transition_failed
= "";
1820 const char *ignore_global_allow_read
= "";
1821 domain
= list_entry(dpos
, struct tomoyo_domain_info
, list
);
1822 if (head
->read_step
!= 1)
1824 if (domain
->is_deleted
&& !head
->read_single_domain
)
1826 /* Print domainname and flags. */
1827 if (domain
->quota_warned
)
1828 quota_exceeded
= "quota_exceeded\n";
1829 if (domain
->transition_failed
)
1830 transition_failed
= "transition_failed\n";
1831 if (domain
->ignore_global_allow_read
)
1832 ignore_global_allow_read
1833 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ
"\n";
1834 done
= tomoyo_io_printf(head
, "%s\n" TOMOYO_KEYWORD_USE_PROFILE
1836 domain
->domainname
->name
,
1837 domain
->profile
, quota_exceeded
,
1839 ignore_global_allow_read
);
1842 head
->read_step
= 2;
1844 if (head
->read_step
== 3)
1846 /* Print ACL entries in the domain. */
1847 list_for_each_cookie(apos
, head
->read_var2
,
1848 &domain
->acl_info_list
) {
1849 struct tomoyo_acl_info
*ptr
1850 = list_entry(apos
, struct tomoyo_acl_info
,
1852 done
= tomoyo_print_entry(head
, ptr
);
1858 head
->read_step
= 3;
1860 done
= tomoyo_io_printf(head
, "\n");
1863 head
->read_step
= 1;
1864 if (head
->read_single_domain
)
1867 head
->read_eof
= done
;
1872 * tomoyo_write_domain_profile - Assign profile for specified domain.
1874 * @head: Pointer to "struct tomoyo_io_buffer".
1876 * Returns 0 on success, -EINVAL otherwise.
1878 * This is equivalent to doing
1880 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1881 * /usr/lib/ccs/loadpolicy -d
1883 * Caller holds tomoyo_read_lock().
1885 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer
*head
)
1887 char *data
= head
->write_buf
;
1888 char *cp
= strchr(data
, ' ');
1889 struct tomoyo_domain_info
*domain
;
1890 unsigned long profile
;
1895 domain
= tomoyo_find_domain(cp
+ 1);
1896 if (strict_strtoul(data
, 10, &profile
))
1898 if (domain
&& profile
< TOMOYO_MAX_PROFILES
1899 && (tomoyo_profile_ptr
[profile
] || !tomoyo_policy_loaded
))
1900 domain
->profile
= (u8
) profile
;
1905 * tomoyo_read_domain_profile - Read only domainname and profile.
1907 * @head: Pointer to "struct tomoyo_io_buffer".
1909 * Returns list of profile number and domainname pairs.
1911 * This is equivalent to doing
1913 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1914 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1915 * domainname = $0; } else if ( $1 == "use_profile" ) {
1916 * print $2 " " domainname; domainname = ""; } } ; '
1918 * Caller holds tomoyo_read_lock().
1920 static int tomoyo_read_domain_profile(struct tomoyo_io_buffer
*head
)
1922 struct list_head
*pos
;
1927 list_for_each_cookie(pos
, head
->read_var1
, &tomoyo_domain_list
) {
1928 struct tomoyo_domain_info
*domain
;
1929 domain
= list_entry(pos
, struct tomoyo_domain_info
, list
);
1930 if (domain
->is_deleted
)
1932 done
= tomoyo_io_printf(head
, "%u %s\n", domain
->profile
,
1933 domain
->domainname
->name
);
1937 head
->read_eof
= done
;
1942 * tomoyo_write_pid: Specify PID to obtain domainname.
1944 * @head: Pointer to "struct tomoyo_io_buffer".
1948 static int tomoyo_write_pid(struct tomoyo_io_buffer
*head
)
1951 /* No error check. */
1952 strict_strtoul(head
->write_buf
, 10, &pid
);
1953 head
->read_step
= (int) pid
;
1954 head
->read_eof
= false;
1959 * tomoyo_read_pid - Get domainname of the specified PID.
1961 * @head: Pointer to "struct tomoyo_io_buffer".
1963 * Returns the domainname which the specified PID is in on success,
1964 * empty string otherwise.
1965 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1966 * using read()/write() interface rather than sysctl() interface.
1968 static int tomoyo_read_pid(struct tomoyo_io_buffer
*head
)
1970 if (head
->read_avail
== 0 && !head
->read_eof
) {
1971 const int pid
= head
->read_step
;
1972 struct task_struct
*p
;
1973 struct tomoyo_domain_info
*domain
= NULL
;
1975 read_lock(&tasklist_lock
);
1976 p
= find_task_by_vpid(pid
);
1978 domain
= tomoyo_real_domain(p
);
1979 read_unlock(&tasklist_lock
);
1982 tomoyo_io_printf(head
, "%d %u %s", pid
, domain
->profile
,
1983 domain
->domainname
->name
);
1984 head
->read_eof
= true;
1990 * tomoyo_write_exception_policy - Write exception policy.
1992 * @head: Pointer to "struct tomoyo_io_buffer".
1994 * Returns 0 on success, negative value otherwise.
1996 * Caller holds tomoyo_read_lock().
1998 static int tomoyo_write_exception_policy(struct tomoyo_io_buffer
*head
)
2000 char *data
= head
->write_buf
;
2001 bool is_delete
= tomoyo_str_starts(&data
, TOMOYO_KEYWORD_DELETE
);
2003 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_KEEP_DOMAIN
))
2004 return tomoyo_write_domain_keeper_policy(data
, false,
2006 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_NO_KEEP_DOMAIN
))
2007 return tomoyo_write_domain_keeper_policy(data
, true, is_delete
);
2008 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_INITIALIZE_DOMAIN
))
2009 return tomoyo_write_domain_initializer_policy(data
, false,
2011 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN
))
2012 return tomoyo_write_domain_initializer_policy(data
, true,
2014 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_ALIAS
))
2015 return tomoyo_write_alias_policy(data
, is_delete
);
2016 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_ALLOW_READ
))
2017 return tomoyo_write_globally_readable_policy(data
, is_delete
);
2018 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_FILE_PATTERN
))
2019 return tomoyo_write_pattern_policy(data
, is_delete
);
2020 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_DENY_REWRITE
))
2021 return tomoyo_write_no_rewrite_policy(data
, is_delete
);
2022 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_PATH_GROUP
))
2023 return tomoyo_write_path_group_policy(data
, is_delete
);
2024 if (tomoyo_str_starts(&data
, TOMOYO_KEYWORD_NUMBER_GROUP
))
2025 return tomoyo_write_number_group_policy(data
, is_delete
);
2030 * tomoyo_read_exception_policy - Read exception policy.
2032 * @head: Pointer to "struct tomoyo_io_buffer".
2034 * Returns 0 on success, -EINVAL otherwise.
2036 * Caller holds tomoyo_read_lock().
2038 static int tomoyo_read_exception_policy(struct tomoyo_io_buffer
*head
)
2040 if (!head
->read_eof
) {
2041 switch (head
->read_step
) {
2043 head
->read_var2
= NULL
;
2044 head
->read_step
= 1;
2046 if (!tomoyo_read_domain_keeper_policy(head
))
2048 head
->read_var2
= NULL
;
2049 head
->read_step
= 2;
2051 if (!tomoyo_read_globally_readable_policy(head
))
2053 head
->read_var2
= NULL
;
2054 head
->read_step
= 3;
2056 head
->read_var2
= NULL
;
2057 head
->read_step
= 4;
2059 if (!tomoyo_read_domain_initializer_policy(head
))
2061 head
->read_var2
= NULL
;
2062 head
->read_step
= 5;
2064 if (!tomoyo_read_alias_policy(head
))
2066 head
->read_var2
= NULL
;
2067 head
->read_step
= 6;
2069 head
->read_var2
= NULL
;
2070 head
->read_step
= 7;
2072 if (!tomoyo_read_file_pattern(head
))
2074 head
->read_var2
= NULL
;
2075 head
->read_step
= 8;
2077 if (!tomoyo_read_no_rewrite_policy(head
))
2079 head
->read_var2
= NULL
;
2080 head
->read_step
= 9;
2082 if (!tomoyo_read_path_group_policy(head
))
2084 head
->read_var1
= NULL
;
2085 head
->read_var2
= NULL
;
2086 head
->read_step
= 10;
2088 if (!tomoyo_read_number_group_policy(head
))
2090 head
->read_var1
= NULL
;
2091 head
->read_var2
= NULL
;
2092 head
->read_step
= 11;
2094 head
->read_eof
= true;
2103 /* path to policy loader */
2104 static const char *tomoyo_loader
= "/sbin/tomoyo-init";
2107 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
2109 * Returns true if /sbin/tomoyo-init exists, false otherwise.
2111 static bool tomoyo_policy_loader_exists(void)
2114 * Don't activate MAC if the policy loader doesn't exist.
2115 * If the initrd includes /sbin/init but real-root-dev has not
2116 * mounted on / yet, activating MAC will block the system since
2117 * policies are not loaded yet.
2118 * Thus, let do_execve() call this function everytime.
2122 if (kern_path(tomoyo_loader
, LOOKUP_FOLLOW
, &path
)) {
2123 printk(KERN_INFO
"Not activating Mandatory Access Control now "
2124 "since %s doesn't exist.\n", tomoyo_loader
);
2132 * tomoyo_load_policy - Run external policy loader to load policy.
2134 * @filename: The program about to start.
2136 * This function checks whether @filename is /sbin/init , and if so
2137 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
2138 * and then continues invocation of /sbin/init.
2139 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
2140 * writes to /sys/kernel/security/tomoyo/ interfaces.
2144 void tomoyo_load_policy(const char *filename
)
2149 if (tomoyo_policy_loaded
)
2152 * Check filename is /sbin/init or /sbin/tomoyo-start.
2153 * /sbin/tomoyo-start is a dummy filename in case where /sbin/init can't
2155 * You can create /sbin/tomoyo-start by
2156 * "ln -s /bin/true /sbin/tomoyo-start".
2158 if (strcmp(filename
, "/sbin/init") &&
2159 strcmp(filename
, "/sbin/tomoyo-start"))
2161 if (!tomoyo_policy_loader_exists())
2164 printk(KERN_INFO
"Calling %s to load policy. Please wait.\n",
2166 argv
[0] = (char *) tomoyo_loader
;
2169 envp
[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
2171 call_usermodehelper(argv
[0], argv
, envp
, 1);
2173 printk(KERN_INFO
"TOMOYO: 2.2.0 2009/04/01\n");
2174 printk(KERN_INFO
"Mandatory Access Control activated.\n");
2175 tomoyo_policy_loaded
= true;
2176 { /* Check all profiles currently assigned to domains are defined. */
2177 struct tomoyo_domain_info
*domain
;
2178 list_for_each_entry_rcu(domain
, &tomoyo_domain_list
, list
) {
2179 const u8 profile
= domain
->profile
;
2180 if (tomoyo_profile_ptr
[profile
])
2182 panic("Profile %u (used by '%s') not defined.\n",
2183 profile
, domain
->domainname
->name
);
2189 * tomoyo_read_version: Get version.
2191 * @head: Pointer to "struct tomoyo_io_buffer".
2193 * Returns version information.
2195 static int tomoyo_read_version(struct tomoyo_io_buffer
*head
)
2197 if (!head
->read_eof
) {
2198 tomoyo_io_printf(head
, "2.2.0");
2199 head
->read_eof
= true;
2205 * tomoyo_read_self_domain - Get the current process's domainname.
2207 * @head: Pointer to "struct tomoyo_io_buffer".
2209 * Returns the current process's domainname.
2211 static int tomoyo_read_self_domain(struct tomoyo_io_buffer
*head
)
2213 if (!head
->read_eof
) {
2215 * tomoyo_domain()->domainname != NULL
2216 * because every process belongs to a domain and
2217 * the domain's name cannot be NULL.
2219 tomoyo_io_printf(head
, "%s", tomoyo_domain()->domainname
->name
);
2220 head
->read_eof
= true;
2226 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
2228 * @type: Type of interface.
2229 * @file: Pointer to "struct file".
2231 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
2233 * Caller acquires tomoyo_read_lock().
2235 static int tomoyo_open_control(const u8 type
, struct file
*file
)
2237 struct tomoyo_io_buffer
*head
= kzalloc(sizeof(*head
), GFP_NOFS
);
2241 mutex_init(&head
->io_sem
);
2243 case TOMOYO_DOMAINPOLICY
:
2244 /* /sys/kernel/security/tomoyo/domain_policy */
2245 head
->write
= tomoyo_write_domain_policy
;
2246 head
->read
= tomoyo_read_domain_policy
;
2248 case TOMOYO_EXCEPTIONPOLICY
:
2249 /* /sys/kernel/security/tomoyo/exception_policy */
2250 head
->write
= tomoyo_write_exception_policy
;
2251 head
->read
= tomoyo_read_exception_policy
;
2253 case TOMOYO_SELFDOMAIN
:
2254 /* /sys/kernel/security/tomoyo/self_domain */
2255 head
->read
= tomoyo_read_self_domain
;
2257 case TOMOYO_DOMAIN_STATUS
:
2258 /* /sys/kernel/security/tomoyo/.domain_status */
2259 head
->write
= tomoyo_write_domain_profile
;
2260 head
->read
= tomoyo_read_domain_profile
;
2262 case TOMOYO_PROCESS_STATUS
:
2263 /* /sys/kernel/security/tomoyo/.process_status */
2264 head
->write
= tomoyo_write_pid
;
2265 head
->read
= tomoyo_read_pid
;
2267 case TOMOYO_VERSION
:
2268 /* /sys/kernel/security/tomoyo/version */
2269 head
->read
= tomoyo_read_version
;
2270 head
->readbuf_size
= 128;
2272 case TOMOYO_MEMINFO
:
2273 /* /sys/kernel/security/tomoyo/meminfo */
2274 head
->write
= tomoyo_write_memory_quota
;
2275 head
->read
= tomoyo_read_memory_counter
;
2276 head
->readbuf_size
= 512;
2278 case TOMOYO_PROFILE
:
2279 /* /sys/kernel/security/tomoyo/profile */
2280 head
->write
= tomoyo_write_profile
;
2281 head
->read
= tomoyo_read_profile
;
2283 case TOMOYO_MANAGER
:
2284 /* /sys/kernel/security/tomoyo/manager */
2285 head
->write
= tomoyo_write_manager_policy
;
2286 head
->read
= tomoyo_read_manager_policy
;
2289 if (!(file
->f_mode
& FMODE_READ
)) {
2291 * No need to allocate read_buf since it is not opened
2296 if (!head
->readbuf_size
)
2297 head
->readbuf_size
= 4096 * 2;
2298 head
->read_buf
= kzalloc(head
->readbuf_size
, GFP_NOFS
);
2299 if (!head
->read_buf
) {
2304 if (!(file
->f_mode
& FMODE_WRITE
)) {
2306 * No need to allocate write_buf since it is not opened
2310 } else if (head
->write
) {
2311 head
->writebuf_size
= 4096 * 2;
2312 head
->write_buf
= kzalloc(head
->writebuf_size
, GFP_NOFS
);
2313 if (!head
->write_buf
) {
2314 kfree(head
->read_buf
);
2319 head
->reader_idx
= tomoyo_read_lock();
2320 file
->private_data
= head
;
2322 * Call the handler now if the file is
2323 * /sys/kernel/security/tomoyo/self_domain
2324 * so that the user can use
2325 * cat < /sys/kernel/security/tomoyo/self_domain"
2326 * to know the current process's domainname.
2328 if (type
== TOMOYO_SELFDOMAIN
)
2329 tomoyo_read_control(file
, NULL
, 0);
2334 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
2336 * @file: Pointer to "struct file".
2337 * @buffer: Poiner to buffer to write to.
2338 * @buffer_len: Size of @buffer.
2340 * Returns bytes read on success, negative value otherwise.
2342 * Caller holds tomoyo_read_lock().
2344 static int tomoyo_read_control(struct file
*file
, char __user
*buffer
,
2345 const int buffer_len
)
2348 struct tomoyo_io_buffer
*head
= file
->private_data
;
2353 if (mutex_lock_interruptible(&head
->io_sem
))
2355 /* Call the policy handler. */
2356 len
= head
->read(head
);
2359 /* Write to buffer. */
2360 len
= head
->read_avail
;
2361 if (len
> buffer_len
)
2365 /* head->read_buf changes by some functions. */
2366 cp
= head
->read_buf
;
2367 if (copy_to_user(buffer
, cp
, len
)) {
2371 head
->read_avail
-= len
;
2372 memmove(cp
, cp
+ len
, head
->read_avail
);
2374 mutex_unlock(&head
->io_sem
);
2379 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
2381 * @file: Pointer to "struct file".
2382 * @buffer: Pointer to buffer to read from.
2383 * @buffer_len: Size of @buffer.
2385 * Returns @buffer_len on success, negative value otherwise.
2387 * Caller holds tomoyo_read_lock().
2389 static int tomoyo_write_control(struct file
*file
, const char __user
*buffer
,
2390 const int buffer_len
)
2392 struct tomoyo_io_buffer
*head
= file
->private_data
;
2393 int error
= buffer_len
;
2394 int avail_len
= buffer_len
;
2395 char *cp0
= head
->write_buf
;
2399 if (!access_ok(VERIFY_READ
, buffer
, buffer_len
))
2401 /* Don't allow updating policies by non manager programs. */
2402 if (head
->write
!= tomoyo_write_pid
&&
2403 head
->write
!= tomoyo_write_domain_policy
&&
2404 !tomoyo_is_policy_manager())
2406 if (mutex_lock_interruptible(&head
->io_sem
))
2408 /* Read a line and dispatch it to the policy handler. */
2409 while (avail_len
> 0) {
2411 if (head
->write_avail
>= head
->writebuf_size
- 1) {
2414 } else if (get_user(c
, buffer
)) {
2420 cp0
[head
->write_avail
++] = c
;
2423 cp0
[head
->write_avail
- 1] = '\0';
2424 head
->write_avail
= 0;
2425 tomoyo_normalize_line(cp0
);
2428 mutex_unlock(&head
->io_sem
);
2433 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
2435 * @file: Pointer to "struct file".
2437 * Releases memory and returns 0.
2439 * Caller looses tomoyo_read_lock().
2441 static int tomoyo_close_control(struct file
*file
)
2443 struct tomoyo_io_buffer
*head
= file
->private_data
;
2444 const bool is_write
= !!head
->write_buf
;
2446 tomoyo_read_unlock(head
->reader_idx
);
2447 /* Release memory used for policy I/O. */
2448 kfree(head
->read_buf
);
2449 head
->read_buf
= NULL
;
2450 kfree(head
->write_buf
);
2451 head
->write_buf
= NULL
;
2454 file
->private_data
= NULL
;
2461 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
2463 * @inode: Pointer to "struct inode".
2464 * @file: Pointer to "struct file".
2466 * Returns 0 on success, negative value otherwise.
2468 static int tomoyo_open(struct inode
*inode
, struct file
*file
)
2470 const int key
= ((u8
*) file
->f_path
.dentry
->d_inode
->i_private
)
2472 return tomoyo_open_control(key
, file
);
2476 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
2478 * @inode: Pointer to "struct inode".
2479 * @file: Pointer to "struct file".
2481 * Returns 0 on success, negative value otherwise.
2483 static int tomoyo_release(struct inode
*inode
, struct file
*file
)
2485 return tomoyo_close_control(file
);
2489 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
2491 * @file: Pointer to "struct file".
2492 * @buf: Pointer to buffer.
2493 * @count: Size of @buf.
2496 * Returns bytes read on success, negative value otherwise.
2498 static ssize_t
tomoyo_read(struct file
*file
, char __user
*buf
, size_t count
,
2501 return tomoyo_read_control(file
, buf
, count
);
2505 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
2507 * @file: Pointer to "struct file".
2508 * @buf: Pointer to buffer.
2509 * @count: Size of @buf.
2512 * Returns @count on success, negative value otherwise.
2514 static ssize_t
tomoyo_write(struct file
*file
, const char __user
*buf
,
2515 size_t count
, loff_t
*ppos
)
2517 return tomoyo_write_control(file
, buf
, count
);
2521 * tomoyo_operations is a "struct file_operations" which is used for handling
2522 * /sys/kernel/security/tomoyo/ interface.
2524 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
2525 * See tomoyo_io_buffer for internals.
2527 static const struct file_operations tomoyo_operations
= {
2528 .open
= tomoyo_open
,
2529 .release
= tomoyo_release
,
2530 .read
= tomoyo_read
,
2531 .write
= tomoyo_write
,
2535 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
2537 * @name: The name of the interface file.
2538 * @mode: The permission of the interface file.
2539 * @parent: The parent directory.
2540 * @key: Type of interface.
2544 static void __init
tomoyo_create_entry(const char *name
, const mode_t mode
,
2545 struct dentry
*parent
, const u8 key
)
2547 securityfs_create_file(name
, mode
, parent
, ((u8
*) NULL
) + key
,
2548 &tomoyo_operations
);
2552 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
2556 static int __init
tomoyo_initerface_init(void)
2558 struct dentry
*tomoyo_dir
;
2560 /* Don't create securityfs entries unless registered. */
2561 if (current_cred()->security
!= &tomoyo_kernel_domain
)
2564 tomoyo_dir
= securityfs_create_dir("tomoyo", NULL
);
2565 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir
,
2566 TOMOYO_DOMAINPOLICY
);
2567 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir
,
2568 TOMOYO_EXCEPTIONPOLICY
);
2569 tomoyo_create_entry("self_domain", 0400, tomoyo_dir
,
2571 tomoyo_create_entry(".domain_status", 0600, tomoyo_dir
,
2572 TOMOYO_DOMAIN_STATUS
);
2573 tomoyo_create_entry(".process_status", 0600, tomoyo_dir
,
2574 TOMOYO_PROCESS_STATUS
);
2575 tomoyo_create_entry("meminfo", 0600, tomoyo_dir
,
2577 tomoyo_create_entry("profile", 0600, tomoyo_dir
,
2579 tomoyo_create_entry("manager", 0600, tomoyo_dir
,
2581 tomoyo_create_entry("version", 0400, tomoyo_dir
,
2586 fs_initcall(tomoyo_initerface_init
);