projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
TOMOYO: Make several options configurable.
[deliverable/linux.git] / security / tomoyo / common.c
1 /*
2 * security/tomoyo/common.c
3 *
4 * Common functions for TOMOYO.
5 *
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
7 */
8
9 #include <linux/uaccess.h>
10 #include <linux/slab.h>
11 #include <linux/security.h>
12 #include "common.h"
13
14 /* String table for operation mode. */
15 const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = {
16 [TOMOYO_CONFIG_DISABLED] = "disabled",
17 [TOMOYO_CONFIG_LEARNING] = "learning",
18 [TOMOYO_CONFIG_PERMISSIVE] = "permissive",
19 [TOMOYO_CONFIG_ENFORCING] = "enforcing"
20 };
21
22 /* String table for /sys/kernel/security/tomoyo/profile */
23 const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
24 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
25 [TOMOYO_MAC_FILE_EXECUTE] = "execute",
26 [TOMOYO_MAC_FILE_OPEN] = "open",
27 [TOMOYO_MAC_FILE_CREATE] = "create",
28 [TOMOYO_MAC_FILE_UNLINK] = "unlink",
29 [TOMOYO_MAC_FILE_GETATTR] = "getattr",
30 [TOMOYO_MAC_FILE_MKDIR] = "mkdir",
31 [TOMOYO_MAC_FILE_RMDIR] = "rmdir",
32 [TOMOYO_MAC_FILE_MKFIFO] = "mkfifo",
33 [TOMOYO_MAC_FILE_MKSOCK] = "mksock",
34 [TOMOYO_MAC_FILE_TRUNCATE] = "truncate",
35 [TOMOYO_MAC_FILE_SYMLINK] = "symlink",
36 [TOMOYO_MAC_FILE_MKBLOCK] = "mkblock",
37 [TOMOYO_MAC_FILE_MKCHAR] = "mkchar",
38 [TOMOYO_MAC_FILE_LINK] = "link",
39 [TOMOYO_MAC_FILE_RENAME] = "rename",
40 [TOMOYO_MAC_FILE_CHMOD] = "chmod",
41 [TOMOYO_MAC_FILE_CHOWN] = "chown",
42 [TOMOYO_MAC_FILE_CHGRP] = "chgrp",
43 [TOMOYO_MAC_FILE_IOCTL] = "ioctl",
44 [TOMOYO_MAC_FILE_CHROOT] = "chroot",
45 [TOMOYO_MAC_FILE_MOUNT] = "mount",
46 [TOMOYO_MAC_FILE_UMOUNT] = "unmount",
47 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "pivot_root",
48 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file",
49 };
50
51 /* String table for PREFERENCE keyword. */
52 static const char * const tomoyo_pref_keywords[TOMOYO_MAX_PREF] = {
53 [TOMOYO_PREF_MAX_AUDIT_LOG] = "max_audit_log",
54 [TOMOYO_PREF_MAX_LEARNING_ENTRY] = "max_learning_entry",
55 };
56
57 /* String table for path operation. */
58 const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
59 [TOMOYO_TYPE_EXECUTE] = "execute",
60 [TOMOYO_TYPE_READ] = "read",
61 [TOMOYO_TYPE_WRITE] = "write",
62 [TOMOYO_TYPE_APPEND] = "append",
63 [TOMOYO_TYPE_UNLINK] = "unlink",
64 [TOMOYO_TYPE_GETATTR] = "getattr",
65 [TOMOYO_TYPE_RMDIR] = "rmdir",
66 [TOMOYO_TYPE_TRUNCATE] = "truncate",
67 [TOMOYO_TYPE_SYMLINK] = "symlink",
68 [TOMOYO_TYPE_CHROOT] = "chroot",
69 [TOMOYO_TYPE_UMOUNT] = "unmount",
70 };
71
72 /* String table for categories. */
73 static const char * const tomoyo_category_keywords
74 [TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
75 [TOMOYO_MAC_CATEGORY_FILE] = "file",
76 };
77
78 /* Permit policy management by non-root user? */
79 static bool tomoyo_manage_by_non_root;
80
81 /* Utility functions. */
82
83 /**
84 * tomoyo_yesno - Return "yes" or "no".
85 *
86 * @value: Bool value.
87 */
88 const char *tomoyo_yesno(const unsigned int value)
89 {
90 return value ? "yes" : "no";
91 }
92
93 /**
94 * tomoyo_addprintf - strncat()-like-snprintf().
95 *
96 * @buffer: Buffer to write to. Must be '\0'-terminated.
97 * @len: Size of @buffer.
98 * @fmt: The printf()'s format string, followed by parameters.
99 *
100 * Returns nothing.
101 */
102 static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...)
103 {
104 va_list args;
105 const int pos = strlen(buffer);
106 va_start(args, fmt);
107 vsnprintf(buffer + pos, len - pos - 1, fmt, args);
108 va_end(args);
109 }
110
111 /**
112 * tomoyo_flush - Flush queued string to userspace's buffer.
113 *
114 * @head: Pointer to "struct tomoyo_io_buffer".
115 *
116 * Returns true if all data was flushed, false otherwise.
117 */
118 static bool tomoyo_flush(struct tomoyo_io_buffer *head)
119 {
120 while (head->r.w_pos) {
121 const char *w = head->r.w[0];
122 size_t len = strlen(w);
123 if (len) {
124 if (len > head->read_user_buf_avail)
125 len = head->read_user_buf_avail;
126 if (!len)
127 return false;
128 if (copy_to_user(head->read_user_buf, w, len))
129 return false;
130 head->read_user_buf_avail -= len;
131 head->read_user_buf += len;
132 w += len;
133 }
134 head->r.w[0] = w;
135 if (*w)
136 return false;
137 /* Add '\0' for audit logs and query. */
138 if (head->poll) {
139 if (!head->read_user_buf_avail ||
140 copy_to_user(head->read_user_buf, "", 1))
141 return false;
142 head->read_user_buf_avail--;
143 head->read_user_buf++;
144 }
145 head->r.w_pos--;
146 for (len = 0; len < head->r.w_pos; len++)
147 head->r.w[len] = head->r.w[len + 1];
148 }
149 head->r.avail = 0;
150 return true;
151 }
152
153 /**
154 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure.
155 *
156 * @head: Pointer to "struct tomoyo_io_buffer".
157 * @string: String to print.
158 *
159 * Note that @string has to be kept valid until @head is kfree()d.
160 * This means that char[] allocated on stack memory cannot be passed to
161 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory.
162 */
163 static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string)
164 {
165 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) {
166 head->r.w[head->r.w_pos++] = string;
167 tomoyo_flush(head);
168 } else
169 WARN_ON(1);
170 }
171
172 /**
173 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure.
174 *
175 * @head: Pointer to "struct tomoyo_io_buffer".
176 * @fmt: The printf()'s format string, followed by parameters.
177 */
178 void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
179 {
180 va_list args;
181 size_t len;
182 size_t pos = head->r.avail;
183 int size = head->readbuf_size - pos;
184 if (size <= 0)
185 return;
186 va_start(args, fmt);
187 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
188 va_end(args);
189 if (pos + len >= head->readbuf_size) {
190 WARN_ON(1);
191 return;
192 }
193 head->r.avail += len;
194 tomoyo_set_string(head, head->read_buf + pos);
195 }
196
197 /**
198 * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure.
199 *
200 * @head: Pointer to "struct tomoyo_io_buffer".
201 *
202 * Returns nothing.
203 */
204 static void tomoyo_set_space(struct tomoyo_io_buffer *head)
205 {
206 tomoyo_set_string(head, " ");
207 }
208
209 /**
210 * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure.
211 *
212 * @head: Pointer to "struct tomoyo_io_buffer".
213 *
214 * Returns nothing.
215 */
216 static bool tomoyo_set_lf(struct tomoyo_io_buffer *head)
217 {
218 tomoyo_set_string(head, "\n");
219 return !head->r.w_pos;
220 }
221
222 /**
223 * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure.
224 *
225 * @head: Pointer to "struct tomoyo_io_buffer".
226 *
227 * Returns nothing.
228 */
229 static void tomoyo_set_slash(struct tomoyo_io_buffer *head)
230 {
231 tomoyo_set_string(head, "/");
232 }
233
234 /* List of namespaces. */
235 LIST_HEAD(tomoyo_namespace_list);
236 /* True if namespace other than tomoyo_kernel_namespace is defined. */
237 static bool tomoyo_namespace_enabled;
238
239 /**
240 * tomoyo_init_policy_namespace - Initialize namespace.
241 *
242 * @ns: Pointer to "struct tomoyo_policy_namespace".
243 *
244 * Returns nothing.
245 */
246 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns)
247 {
248 unsigned int idx;
249 for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++)
250 INIT_LIST_HEAD(&ns->acl_group[idx]);
251 for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++)
252 INIT_LIST_HEAD(&ns->group_list[idx]);
253 for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++)
254 INIT_LIST_HEAD(&ns->policy_list[idx]);
255 ns->profile_version = 20100903;
256 tomoyo_namespace_enabled = !list_empty(&tomoyo_namespace_list);
257 list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list);
258 }
259
260 /**
261 * tomoyo_print_namespace - Print namespace header.
262 *
263 * @head: Pointer to "struct tomoyo_io_buffer".
264 *
265 * Returns nothing.
266 */
267 static void tomoyo_print_namespace(struct tomoyo_io_buffer *head)
268 {
269 if (!tomoyo_namespace_enabled)
270 return;
271 tomoyo_set_string(head,
272 container_of(head->r.ns,
273 struct tomoyo_policy_namespace,
274 namespace_list)->name);
275 tomoyo_set_space(head);
276 }
277
278 /**
279 * tomoyo_print_name_union - Print a tomoyo_name_union.
280 *
281 * @head: Pointer to "struct tomoyo_io_buffer".
282 * @ptr: Pointer to "struct tomoyo_name_union".
283 */
284 static void tomoyo_print_name_union(struct tomoyo_io_buffer *head,
285 const struct tomoyo_name_union *ptr)
286 {
287 tomoyo_set_space(head);
288 if (ptr->group) {
289 tomoyo_set_string(head, "@");
290 tomoyo_set_string(head, ptr->group->group_name->name);
291 } else {
292 tomoyo_set_string(head, ptr->filename->name);
293 }
294 }
295
296 /**
297 * tomoyo_print_number_union - Print a tomoyo_number_union.
298 *
299 * @head: Pointer to "struct tomoyo_io_buffer".
300 * @ptr: Pointer to "struct tomoyo_number_union".
301 */
302 static void tomoyo_print_number_union(struct tomoyo_io_buffer *head,
303 const struct tomoyo_number_union *ptr)
304 {
305 tomoyo_set_space(head);
306 if (ptr->group) {
307 tomoyo_set_string(head, "@");
308 tomoyo_set_string(head, ptr->group->group_name->name);
309 } else {
310 int i;
311 unsigned long min = ptr->values[0];
312 const unsigned long max = ptr->values[1];
313 u8 min_type = ptr->value_type[0];
314 const u8 max_type = ptr->value_type[1];
315 char buffer[128];
316 buffer[0] = '\0';
317 for (i = 0; i < 2; i++) {
318 switch (min_type) {
319 case TOMOYO_VALUE_TYPE_HEXADECIMAL:
320 tomoyo_addprintf(buffer, sizeof(buffer),
321 "0x%lX", min);
322 break;
323 case TOMOYO_VALUE_TYPE_OCTAL:
324 tomoyo_addprintf(buffer, sizeof(buffer),
325 "0%lo", min);
326 break;
327 default:
328 tomoyo_addprintf(buffer, sizeof(buffer),
329 "%lu", min);
330 break;
331 }
332 if (min == max && min_type == max_type)
333 break;
334 tomoyo_addprintf(buffer, sizeof(buffer), "-");
335 min_type = max_type;
336 min = max;
337 }
338 tomoyo_io_printf(head, "%s", buffer);
339 }
340 }
341
342 /**
343 * tomoyo_assign_profile - Create a new profile.
344 *
345 * @ns: Pointer to "struct tomoyo_policy_namespace".
346 * @profile: Profile number to create.
347 *
348 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
349 */
350 static struct tomoyo_profile *tomoyo_assign_profile
351 (struct tomoyo_policy_namespace *ns, const unsigned int profile)
352 {
353 struct tomoyo_profile *ptr;
354 struct tomoyo_profile *entry;
355 if (profile >= TOMOYO_MAX_PROFILES)
356 return NULL;
357 ptr = ns->profile_ptr[profile];
358 if (ptr)
359 return ptr;
360 entry = kzalloc(sizeof(*entry), GFP_NOFS);
361 if (mutex_lock_interruptible(&tomoyo_policy_lock))
362 goto out;
363 ptr = ns->profile_ptr[profile];
364 if (!ptr && tomoyo_memory_ok(entry)) {
365 ptr = entry;
366 ptr->default_config = TOMOYO_CONFIG_DISABLED |
367 TOMOYO_CONFIG_WANT_GRANT_LOG |
368 TOMOYO_CONFIG_WANT_REJECT_LOG;
369 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT,
370 sizeof(ptr->config));
371 ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] = 1024;
372 ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 2048;
373 mb(); /* Avoid out-of-order execution. */
374 ns->profile_ptr[profile] = ptr;
375 entry = NULL;
376 }
377 mutex_unlock(&tomoyo_policy_lock);
378 out:
379 kfree(entry);
380 return ptr;
381 }
382
383 /**
384 * tomoyo_profile - Find a profile.
385 *
386 * @ns: Pointer to "struct tomoyo_policy_namespace".
387 * @profile: Profile number to find.
388 *
389 * Returns pointer to "struct tomoyo_profile".
390 */
391 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns,
392 const u8 profile)
393 {
394 static struct tomoyo_profile tomoyo_null_profile;
395 struct tomoyo_profile *ptr = ns->profile_ptr[profile];
396 if (!ptr)
397 ptr = &tomoyo_null_profile;
398 return ptr;
399 }
400
401 /**
402 * tomoyo_find_yesno - Find values for specified keyword.
403 *
404 * @string: String to check.
405 * @find: Name of keyword.
406 *
407 * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise.
408 */
409 static s8 tomoyo_find_yesno(const char *string, const char *find)
410 {
411 const char *cp = strstr(string, find);
412 if (cp) {
413 cp += strlen(find);
414 if (!strncmp(cp, "=yes", 4))
415 return 1;
416 else if (!strncmp(cp, "=no", 3))
417 return 0;
418 }
419 return -1;
420 }
421
422 /**
423 * tomoyo_set_uint - Set value for specified preference.
424 *
425 * @i: Pointer to "unsigned int".
426 * @string: String to check.
427 * @find: Name of keyword.
428 *
429 * Returns nothing.
430 */
431 static void tomoyo_set_uint(unsigned int *i, const char *string,
432 const char *find)
433 {
434 const char *cp = strstr(string, find);
435 if (cp)
436 sscanf(cp + strlen(find), "=%u", i);
437 }
438
439 /**
440 * tomoyo_set_mode - Set mode for specified profile.
441 *
442 * @name: Name of functionality.
443 * @value: Mode for @name.
444 * @profile: Pointer to "struct tomoyo_profile".
445 *
446 * Returns 0 on success, negative value otherwise.
447 */
448 static int tomoyo_set_mode(char *name, const char *value,
449 struct tomoyo_profile *profile)
450 {
451 u8 i;
452 u8 config;
453 if (!strcmp(name, "CONFIG")) {
454 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX;
455 config = profile->default_config;
456 } else if (tomoyo_str_starts(&name, "CONFIG::")) {
457 config = 0;
458 for (i = 0; i < TOMOYO_MAX_MAC_INDEX
459 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) {
460 int len = 0;
461 if (i < TOMOYO_MAX_MAC_INDEX) {
462 const u8 c = tomoyo_index2category[i];
463 const char *category =
464 tomoyo_category_keywords[c];
465 len = strlen(category);
466 if (strncmp(name, category, len) ||
467 name[len++] != ':' || name[len++] != ':')
468 continue;
469 }
470 if (strcmp(name + len, tomoyo_mac_keywords[i]))
471 continue;
472 config = profile->config[i];
473 break;
474 }
475 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
476 return -EINVAL;
477 } else {
478 return -EINVAL;
479 }
480 if (strstr(value, "use_default")) {
481 config = TOMOYO_CONFIG_USE_DEFAULT;
482 } else {
483 u8 mode;
484 for (mode = 0; mode < 4; mode++)
485 if (strstr(value, tomoyo_mode[mode]))
486 /*
487 * Update lower 3 bits in order to distinguish
488 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
489 */
490 config = (config & ~7) | mode;
491 if (config != TOMOYO_CONFIG_USE_DEFAULT) {
492 switch (tomoyo_find_yesno(value, "grant_log")) {
493 case 1:
494 config |= TOMOYO_CONFIG_WANT_GRANT_LOG;
495 break;
496 case 0:
497 config &= ~TOMOYO_CONFIG_WANT_GRANT_LOG;
498 break;
499 }
500 switch (tomoyo_find_yesno(value, "reject_log")) {
501 case 1:
502 config |= TOMOYO_CONFIG_WANT_REJECT_LOG;
503 break;
504 case 0:
505 config &= ~TOMOYO_CONFIG_WANT_REJECT_LOG;
506 break;
507 }
508 }
509 }
510 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
511 profile->config[i] = config;
512 else if (config != TOMOYO_CONFIG_USE_DEFAULT)
513 profile->default_config = config;
514 return 0;
515 }
516
517 /**
518 * tomoyo_write_profile - Write profile table.
519 *
520 * @head: Pointer to "struct tomoyo_io_buffer".
521 *
522 * Returns 0 on success, negative value otherwise.
523 */
524 static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
525 {
526 char *data = head->write_buf;
527 unsigned int i;
528 char *cp;
529 struct tomoyo_profile *profile;
530 if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version)
531 == 1)
532 return 0;
533 i = simple_strtoul(data, &cp, 10);
534 if (*cp != '-')
535 return -EINVAL;
536 data = cp + 1;
537 profile = tomoyo_assign_profile(head->w.ns, i);
538 if (!profile)
539 return -EINVAL;
540 cp = strchr(data, '=');
541 if (!cp)
542 return -EINVAL;
543 *cp++ = '\0';
544 if (!strcmp(data, "COMMENT")) {
545 static DEFINE_SPINLOCK(lock);
546 const struct tomoyo_path_info *new_comment
547 = tomoyo_get_name(cp);
548 const struct tomoyo_path_info *old_comment;
549 if (!new_comment)
550 return -ENOMEM;
551 spin_lock(&lock);
552 old_comment = profile->comment;
553 profile->comment = new_comment;
554 spin_unlock(&lock);
555 tomoyo_put_name(old_comment);
556 return 0;
557 }
558 if (!strcmp(data, "PREFERENCE")) {
559 for (i = 0; i < TOMOYO_MAX_PREF; i++)
560 tomoyo_set_uint(&profile->pref[i], cp,
561 tomoyo_pref_keywords[i]);
562 return 0;
563 }
564 return tomoyo_set_mode(data, cp, profile);
565 }
566
567 /**
568 * tomoyo_print_config - Print mode for specified functionality.
569 *
570 * @head: Pointer to "struct tomoyo_io_buffer".
571 * @config: Mode for that functionality.
572 *
573 * Returns nothing.
574 *
575 * Caller prints functionality's name.
576 */
577 static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config)
578 {
579 tomoyo_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n",
580 tomoyo_mode[config & 3],
581 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_GRANT_LOG),
582 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_REJECT_LOG));
583 }
584
585 /**
586 * tomoyo_read_profile - Read profile table.
587 *
588 * @head: Pointer to "struct tomoyo_io_buffer".
589 *
590 * Returns nothing.
591 */
592 static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
593 {
594 u8 index;
595 struct tomoyo_policy_namespace *ns =
596 container_of(head->r.ns, typeof(*ns), namespace_list);
597 const struct tomoyo_profile *profile;
598 if (head->r.eof)
599 return;
600 next:
601 index = head->r.index;
602 profile = ns->profile_ptr[index];
603 switch (head->r.step) {
604 case 0:
605 tomoyo_print_namespace(head);
606 tomoyo_io_printf(head, "PROFILE_VERSION=%u\n",
607 ns->profile_version);
608 head->r.step++;
609 break;
610 case 1:
611 for ( ; head->r.index < TOMOYO_MAX_PROFILES;
612 head->r.index++)
613 if (ns->profile_ptr[head->r.index])
614 break;
615 if (head->r.index == TOMOYO_MAX_PROFILES)
616 return;
617 head->r.step++;
618 break;
619 case 2:
620 {
621 u8 i;
622 const struct tomoyo_path_info *comment =
623 profile->comment;
624 tomoyo_print_namespace(head);
625 tomoyo_io_printf(head, "%u-COMMENT=", index);
626 tomoyo_set_string(head, comment ? comment->name : "");
627 tomoyo_set_lf(head);
628 tomoyo_io_printf(head, "%u-PREFERENCE={ ", index);
629 for (i = 0; i < TOMOYO_MAX_PREF; i++)
630 tomoyo_io_printf(head, "%s=%u ",
631 tomoyo_pref_keywords[i],
632 profile->pref[i]);
633 tomoyo_set_string(head, "}\n");
634 head->r.step++;
635 }
636 break;
637 case 3:
638 {
639 tomoyo_print_namespace(head);
640 tomoyo_io_printf(head, "%u-%s", index, "CONFIG");
641 tomoyo_print_config(head, profile->default_config);
642 head->r.bit = 0;
643 head->r.step++;
644 }
645 break;
646 case 4:
647 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX
648 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
649 const u8 i = head->r.bit;
650 const u8 config = profile->config[i];
651 if (config == TOMOYO_CONFIG_USE_DEFAULT)
652 continue;
653 tomoyo_print_namespace(head);
654 if (i < TOMOYO_MAX_MAC_INDEX)
655 tomoyo_io_printf(head, "%u-CONFIG::%s::%s",
656 index,
657 tomoyo_category_keywords
658 [tomoyo_index2category[i]],
659 tomoyo_mac_keywords[i]);
660 else
661 tomoyo_io_printf(head, "%u-CONFIG::%s", index,
662 tomoyo_mac_keywords[i]);
663 tomoyo_print_config(head, config);
664 head->r.bit++;
665 break;
666 }
667 if (head->r.bit == TOMOYO_MAX_MAC_INDEX
668 + TOMOYO_MAX_MAC_CATEGORY_INDEX) {
669 head->r.index++;
670 head->r.step = 1;
671 }
672 break;
673 }
674 if (tomoyo_flush(head))
675 goto next;
676 }
677
678 static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
679 const struct tomoyo_acl_head *b)
680 {
681 return container_of(a, struct tomoyo_manager, head)->manager ==
682 container_of(b, struct tomoyo_manager, head)->manager;
683 }
684
685 /**
686 * tomoyo_update_manager_entry - Add a manager entry.
687 *
688 * @manager: The path to manager or the domainnamme.
689 * @is_delete: True if it is a delete request.
690 *
691 * Returns 0 on success, negative value otherwise.
692 *
693 * Caller holds tomoyo_read_lock().
694 */
695 static int tomoyo_update_manager_entry(const char *manager,
696 const bool is_delete)
697 {
698 struct tomoyo_manager e = { };
699 struct tomoyo_acl_param param = {
700 /* .ns = &tomoyo_kernel_namespace, */
701 .is_delete = is_delete,
702 .list = &tomoyo_kernel_namespace.
703 policy_list[TOMOYO_ID_MANAGER],
704 };
705 int error = is_delete ? -ENOENT : -ENOMEM;
706 if (tomoyo_domain_def(manager)) {
707 if (!tomoyo_correct_domain(manager))
708 return -EINVAL;
709 e.is_domain = true;
710 } else {
711 if (!tomoyo_correct_path(manager))
712 return -EINVAL;
713 }
714 e.manager = tomoyo_get_name(manager);
715 if (e.manager) {
716 error = tomoyo_update_policy(&e.head, sizeof(e), &param,
717 tomoyo_same_manager);
718 tomoyo_put_name(e.manager);
719 }
720 return error;
721 }
722
723 /**
724 * tomoyo_write_manager - Write manager policy.
725 *
726 * @head: Pointer to "struct tomoyo_io_buffer".
727 *
728 * Returns 0 on success, negative value otherwise.
729 *
730 * Caller holds tomoyo_read_lock().
731 */
732 static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
733 {
734 char *data = head->write_buf;
735
736 if (!strcmp(data, "manage_by_non_root")) {
737 tomoyo_manage_by_non_root = !head->w.is_delete;
738 return 0;
739 }
740 return tomoyo_update_manager_entry(data, head->w.is_delete);
741 }
742
743 /**
744 * tomoyo_read_manager - Read manager policy.
745 *
746 * @head: Pointer to "struct tomoyo_io_buffer".
747 *
748 * Caller holds tomoyo_read_lock().
749 */
750 static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
751 {
752 if (head->r.eof)
753 return;
754 list_for_each_cookie(head->r.acl, &tomoyo_kernel_namespace.
755 policy_list[TOMOYO_ID_MANAGER]) {
756 struct tomoyo_manager *ptr =
757 list_entry(head->r.acl, typeof(*ptr), head.list);
758 if (ptr->head.is_deleted)
759 continue;
760 if (!tomoyo_flush(head))
761 return;
762 tomoyo_set_string(head, ptr->manager->name);
763 tomoyo_set_lf(head);
764 }
765 head->r.eof = true;
766 }
767
768 /**
769 * tomoyo_manager - Check whether the current process is a policy manager.
770 *
771 * Returns true if the current process is permitted to modify policy
772 * via /sys/kernel/security/tomoyo/ interface.
773 *
774 * Caller holds tomoyo_read_lock().
775 */
776 static bool tomoyo_manager(void)
777 {
778 struct tomoyo_manager *ptr;
779 const char *exe;
780 const struct task_struct *task = current;
781 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
782 bool found = false;
783
784 if (!tomoyo_policy_loaded)
785 return true;
786 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
787 return false;
788 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
789 policy_list[TOMOYO_ID_MANAGER], head.list) {
790 if (!ptr->head.is_deleted && ptr->is_domain
791 && !tomoyo_pathcmp(domainname, ptr->manager)) {
792 found = true;
793 break;
794 }
795 }
796 if (found)
797 return true;
798 exe = tomoyo_get_exe();
799 if (!exe)
800 return false;
801 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
802 policy_list[TOMOYO_ID_MANAGER], head.list) {
803 if (!ptr->head.is_deleted && !ptr->is_domain
804 && !strcmp(exe, ptr->manager->name)) {
805 found = true;
806 break;
807 }
808 }
809 if (!found) { /* Reduce error messages. */
810 static pid_t last_pid;
811 const pid_t pid = current->pid;
812 if (last_pid != pid) {
813 printk(KERN_WARNING "%s ( %s ) is not permitted to "
814 "update policies.\n", domainname->name, exe);
815 last_pid = pid;
816 }
817 }
818 kfree(exe);
819 return found;
820 }
821
822 /**
823 * tomoyo_select_domain - Parse select command.
824 *
825 * @head: Pointer to "struct tomoyo_io_buffer".
826 * @data: String to parse.
827 *
828 * Returns true on success, false otherwise.
829 *
830 * Caller holds tomoyo_read_lock().
831 */
832 static bool tomoyo_select_domain(struct tomoyo_io_buffer *head,
833 const char *data)
834 {
835 unsigned int pid;
836 struct tomoyo_domain_info *domain = NULL;
837 bool global_pid = false;
838 if (strncmp(data, "select ", 7))
839 return false;
840 data += 7;
841 if (sscanf(data, "pid=%u", &pid) == 1 ||
842 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
843 struct task_struct *p;
844 rcu_read_lock();
845 read_lock(&tasklist_lock);
846 if (global_pid)
847 p = find_task_by_pid_ns(pid, &init_pid_ns);
848 else
849 p = find_task_by_vpid(pid);
850 if (p)
851 domain = tomoyo_real_domain(p);
852 read_unlock(&tasklist_lock);
853 rcu_read_unlock();
854 } else if (!strncmp(data, "domain=", 7)) {
855 if (tomoyo_domain_def(data + 7))
856 domain = tomoyo_find_domain(data + 7);
857 } else
858 return false;
859 head->w.domain = domain;
860 /* Accessing read_buf is safe because head->io_sem is held. */
861 if (!head->read_buf)
862 return true; /* Do nothing if open(O_WRONLY). */
863 memset(&head->r, 0, sizeof(head->r));
864 head->r.print_this_domain_only = true;
865 if (domain)
866 head->r.domain = &domain->list;
867 else
868 head->r.eof = 1;
869 tomoyo_io_printf(head, "# select %s\n", data);
870 if (domain && domain->is_deleted)
871 tomoyo_io_printf(head, "# This is a deleted domain.\n");
872 return true;
873 }
874
875 /**
876 * tomoyo_delete_domain - Delete a domain.
877 *
878 * @domainname: The name of domain.
879 *
880 * Returns 0.
881 *
882 * Caller holds tomoyo_read_lock().
883 */
884 static int tomoyo_delete_domain(char *domainname)
885 {
886 struct tomoyo_domain_info *domain;
887 struct tomoyo_path_info name;
888
889 name.name = domainname;
890 tomoyo_fill_path_info(&name);
891 if (mutex_lock_interruptible(&tomoyo_policy_lock))
892 return 0;
893 /* Is there an active domain? */
894 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
895 /* Never delete tomoyo_kernel_domain */
896 if (domain == &tomoyo_kernel_domain)
897 continue;
898 if (domain->is_deleted ||
899 tomoyo_pathcmp(domain->domainname, &name))
900 continue;
901 domain->is_deleted = true;
902 break;
903 }
904 mutex_unlock(&tomoyo_policy_lock);
905 return 0;
906 }
907
908 /**
909 * tomoyo_write_domain2 - Write domain policy.
910 *
911 * @ns: Pointer to "struct tomoyo_policy_namespace".
912 * @list: Pointer to "struct list_head".
913 * @data: Policy to be interpreted.
914 * @is_delete: True if it is a delete request.
915 *
916 * Returns 0 on success, negative value otherwise.
917 *
918 * Caller holds tomoyo_read_lock().
919 */
920 static int tomoyo_write_domain2(struct tomoyo_policy_namespace *ns,
921 struct list_head *list, char *data,
922 const bool is_delete)
923 {
924 struct tomoyo_acl_param param = {
925 .ns = ns,
926 .list = list,
927 .data = data,
928 .is_delete = is_delete,
929 };
930 static const struct {
931 const char *keyword;
932 int (*write) (struct tomoyo_acl_param *);
933 } tomoyo_callback[1] = {
934 { "file ", tomoyo_write_file },
935 };
936 u8 i;
937 for (i = 0; i < 1; i++) {
938 if (!tomoyo_str_starts(&param.data,
939 tomoyo_callback[i].keyword))
940 continue;
941 return tomoyo_callback[i].write(&param);
942 }
943 return -EINVAL;
944 }
945
946 /* String table for domain flags. */
947 const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS] = {
948 [TOMOYO_DIF_QUOTA_WARNED] = "quota_exceeded\n",
949 [TOMOYO_DIF_TRANSITION_FAILED] = "transition_failed\n",
950 };
951
952 /**
953 * tomoyo_write_domain - Write domain policy.
954 *
955 * @head: Pointer to "struct tomoyo_io_buffer".
956 *
957 * Returns 0 on success, negative value otherwise.
958 *
959 * Caller holds tomoyo_read_lock().
960 */
961 static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
962 {
963 char *data = head->write_buf;
964 struct tomoyo_policy_namespace *ns;
965 struct tomoyo_domain_info *domain = head->w.domain;
966 const bool is_delete = head->w.is_delete;
967 bool is_select = !is_delete && tomoyo_str_starts(&data, "select ");
968 unsigned int profile;
969 if (*data == '<') {
970 domain = NULL;
971 if (is_delete)
972 tomoyo_delete_domain(data);
973 else if (is_select)
974 domain = tomoyo_find_domain(data);
975 else
976 domain = tomoyo_assign_domain(data, false);
977 head->w.domain = domain;
978 return 0;
979 }
980 if (!domain)
981 return -EINVAL;
982 ns = domain->ns;
983 if (sscanf(data, "use_profile %u", &profile) == 1
984 && profile < TOMOYO_MAX_PROFILES) {
985 if (!tomoyo_policy_loaded || ns->profile_ptr[profile])
986 domain->profile = (u8) profile;
987 return 0;
988 }
989 if (sscanf(data, "use_group %u\n", &profile) == 1
990 && profile < TOMOYO_MAX_ACL_GROUPS) {
991 if (!is_delete)
992 domain->group = (u8) profile;
993 return 0;
994 }
995 for (profile = 0; profile < TOMOYO_MAX_DOMAIN_INFO_FLAGS; profile++) {
996 const char *cp = tomoyo_dif[profile];
997 if (strncmp(data, cp, strlen(cp) - 1))
998 continue;
999 domain->flags[profile] = !is_delete;
1000 return 0;
1001 }
1002 return tomoyo_write_domain2(ns, &domain->acl_info_list, data,
1003 is_delete);
1004 }
1005
1006 /**
1007 * tomoyo_set_group - Print "acl_group " header keyword and category name.
1008 *
1009 * @head: Pointer to "struct tomoyo_io_buffer".
1010 * @category: Category name.
1011 *
1012 * Returns nothing.
1013 */
1014 static void tomoyo_set_group(struct tomoyo_io_buffer *head,
1015 const char *category)
1016 {
1017 if (head->type == TOMOYO_EXCEPTIONPOLICY) {
1018 tomoyo_print_namespace(head);
1019 tomoyo_io_printf(head, "acl_group %u ",
1020 head->r.acl_group_index);
1021 }
1022 tomoyo_set_string(head, category);
1023 }
1024
1025 /**
1026 * tomoyo_print_entry - Print an ACL entry.
1027 *
1028 * @head: Pointer to "struct tomoyo_io_buffer".
1029 * @acl: Pointer to an ACL entry.
1030 *
1031 * Returns true on success, false otherwise.
1032 */
1033 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
1034 struct tomoyo_acl_info *acl)
1035 {
1036 const u8 acl_type = acl->type;
1037 bool first = true;
1038 u8 bit;
1039
1040 if (acl->is_deleted)
1041 return true;
1042 if (!tomoyo_flush(head))
1043 return false;
1044 else if (acl_type == TOMOYO_TYPE_PATH_ACL) {
1045 struct tomoyo_path_acl *ptr =
1046 container_of(acl, typeof(*ptr), head);
1047 const u16 perm = ptr->perm;
1048 for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
1049 if (!(perm & (1 << bit)))
1050 continue;
1051 if (head->r.print_transition_related_only &&
1052 bit != TOMOYO_TYPE_EXECUTE)
1053 continue;
1054 if (first) {
1055 tomoyo_set_group(head, "file ");
1056 first = false;
1057 } else {
1058 tomoyo_set_slash(head);
1059 }
1060 tomoyo_set_string(head, tomoyo_path_keyword[bit]);
1061 }
1062 if (first)
1063 return true;
1064 tomoyo_print_name_union(head, &ptr->name);
1065 } else if (head->r.print_transition_related_only) {
1066 return true;
1067 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
1068 struct tomoyo_path2_acl *ptr =
1069 container_of(acl, typeof(*ptr), head);
1070 const u8 perm = ptr->perm;
1071 for (bit = 0; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) {
1072 if (!(perm & (1 << bit)))
1073 continue;
1074 if (first) {
1075 tomoyo_set_group(head, "file ");
1076 first = false;
1077 } else {
1078 tomoyo_set_slash(head);
1079 }
1080 tomoyo_set_string(head, tomoyo_mac_keywords
1081 [tomoyo_pp2mac[bit]]);
1082 }
1083 if (first)
1084 return true;
1085 tomoyo_print_name_union(head, &ptr->name1);
1086 tomoyo_print_name_union(head, &ptr->name2);
1087 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) {
1088 struct tomoyo_path_number_acl *ptr =
1089 container_of(acl, typeof(*ptr), head);
1090 const u8 perm = ptr->perm;
1091 for (bit = 0; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; bit++) {
1092 if (!(perm & (1 << bit)))
1093 continue;
1094 if (first) {
1095 tomoyo_set_group(head, "file ");
1096 first = false;
1097 } else {
1098 tomoyo_set_slash(head);
1099 }
1100 tomoyo_set_string(head, tomoyo_mac_keywords
1101 [tomoyo_pn2mac[bit]]);
1102 }
1103 if (first)
1104 return true;
1105 tomoyo_print_name_union(head, &ptr->name);
1106 tomoyo_print_number_union(head, &ptr->number);
1107 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
1108 struct tomoyo_mkdev_acl *ptr =
1109 container_of(acl, typeof(*ptr), head);
1110 const u8 perm = ptr->perm;
1111 for (bit = 0; bit < TOMOYO_MAX_MKDEV_OPERATION; bit++) {
1112 if (!(perm & (1 << bit)))
1113 continue;
1114 if (first) {
1115 tomoyo_set_group(head, "file ");
1116 first = false;
1117 } else {
1118 tomoyo_set_slash(head);
1119 }
1120 tomoyo_set_string(head, tomoyo_mac_keywords
1121 [tomoyo_pnnn2mac[bit]]);
1122 }
1123 if (first)
1124 return true;
1125 tomoyo_print_name_union(head, &ptr->name);
1126 tomoyo_print_number_union(head, &ptr->mode);
1127 tomoyo_print_number_union(head, &ptr->major);
1128 tomoyo_print_number_union(head, &ptr->minor);
1129 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
1130 struct tomoyo_mount_acl *ptr =
1131 container_of(acl, typeof(*ptr), head);
1132 tomoyo_set_group(head, "file mount");
1133 tomoyo_print_name_union(head, &ptr->dev_name);
1134 tomoyo_print_name_union(head, &ptr->dir_name);
1135 tomoyo_print_name_union(head, &ptr->fs_type);
1136 tomoyo_print_number_union(head, &ptr->flags);
1137 }
1138 tomoyo_set_lf(head);
1139 return true;
1140 }
1141
1142 /**
1143 * tomoyo_read_domain2 - Read domain policy.
1144 *
1145 * @head: Pointer to "struct tomoyo_io_buffer".
1146 * @list: Pointer to "struct list_head".
1147 *
1148 * Caller holds tomoyo_read_lock().
1149 *
1150 * Returns true on success, false otherwise.
1151 */
1152 static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head,
1153 struct list_head *list)
1154 {
1155 list_for_each_cookie(head->r.acl, list) {
1156 struct tomoyo_acl_info *ptr =
1157 list_entry(head->r.acl, typeof(*ptr), list);
1158 if (!tomoyo_print_entry(head, ptr))
1159 return false;
1160 }
1161 head->r.acl = NULL;
1162 return true;
1163 }
1164
1165 /**
1166 * tomoyo_read_domain - Read domain policy.
1167 *
1168 * @head: Pointer to "struct tomoyo_io_buffer".
1169 *
1170 * Caller holds tomoyo_read_lock().
1171 */
1172 static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1173 {
1174 if (head->r.eof)
1175 return;
1176 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1177 struct tomoyo_domain_info *domain =
1178 list_entry(head->r.domain, typeof(*domain), list);
1179 switch (head->r.step) {
1180 u8 i;
1181 case 0:
1182 if (domain->is_deleted &&
1183 !head->r.print_this_domain_only)
1184 continue;
1185 /* Print domainname and flags. */
1186 tomoyo_set_string(head, domain->domainname->name);
1187 tomoyo_set_lf(head);
1188 tomoyo_io_printf(head, "use_profile %u\n",
1189 domain->profile);
1190 tomoyo_io_printf(head, "use_group %u\n",
1191 domain->group);
1192 for (i = 0; i < TOMOYO_MAX_DOMAIN_INFO_FLAGS; i++)
1193 if (domain->flags[i])
1194 tomoyo_set_string(head, tomoyo_dif[i]);
1195 head->r.step++;
1196 tomoyo_set_lf(head);
1197 /* fall through */
1198 case 1:
1199 if (!tomoyo_read_domain2(head, &domain->acl_info_list))
1200 return;
1201 head->r.step++;
1202 if (!tomoyo_set_lf(head))
1203 return;
1204 /* fall through */
1205 case 2:
1206 head->r.step = 0;
1207 if (head->r.print_this_domain_only)
1208 goto done;
1209 }
1210 }
1211 done:
1212 head->r.eof = true;
1213 }
1214
1215 /**
1216 * tomoyo_write_domain_profile - Assign profile for specified domain.
1217 *
1218 * @head: Pointer to "struct tomoyo_io_buffer".
1219 *
1220 * Returns 0 on success, -EINVAL otherwise.
1221 *
1222 * This is equivalent to doing
1223 *
1224 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1225 * /usr/sbin/tomoyo-loadpolicy -d
1226 *
1227 * Caller holds tomoyo_read_lock().
1228 */
1229 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1230 {
1231 char *data = head->write_buf;
1232 char *cp = strchr(data, ' ');
1233 struct tomoyo_domain_info *domain;
1234 unsigned long profile;
1235
1236 if (!cp)
1237 return -EINVAL;
1238 *cp = '\0';
1239 domain = tomoyo_find_domain(cp + 1);
1240 if (strict_strtoul(data, 10, &profile))
1241 return -EINVAL;
1242 if (domain && (!tomoyo_policy_loaded ||
1243 head->w.ns->profile_ptr[(u8) profile]))
1244 domain->profile = (u8) profile;
1245 return 0;
1246 }
1247
1248 /**
1249 * tomoyo_read_domain_profile - Read only domainname and profile.
1250 *
1251 * @head: Pointer to "struct tomoyo_io_buffer".
1252 *
1253 * Returns list of profile number and domainname pairs.
1254 *
1255 * This is equivalent to doing
1256 *
1257 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1258 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1259 * domainname = $0; } else if ( $1 == "use_profile" ) {
1260 * print $2 " " domainname; domainname = ""; } } ; '
1261 *
1262 * Caller holds tomoyo_read_lock().
1263 */
1264 static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1265 {
1266 if (head->r.eof)
1267 return;
1268 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1269 struct tomoyo_domain_info *domain =
1270 list_entry(head->r.domain, typeof(*domain), list);
1271 if (domain->is_deleted)
1272 continue;
1273 if (!tomoyo_flush(head))
1274 return;
1275 tomoyo_io_printf(head, "%u ", domain->profile);
1276 tomoyo_set_string(head, domain->domainname->name);
1277 tomoyo_set_lf(head);
1278 }
1279 head->r.eof = true;
1280 }
1281
1282 /**
1283 * tomoyo_write_pid: Specify PID to obtain domainname.
1284 *
1285 * @head: Pointer to "struct tomoyo_io_buffer".
1286 *
1287 * Returns 0.
1288 */
1289 static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1290 {
1291 head->r.eof = false;
1292 return 0;
1293 }
1294
1295 /**
1296 * tomoyo_read_pid - Get domainname of the specified PID.
1297 *
1298 * @head: Pointer to "struct tomoyo_io_buffer".
1299 *
1300 * Returns the domainname which the specified PID is in on success,
1301 * empty string otherwise.
1302 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1303 * using read()/write() interface rather than sysctl() interface.
1304 */
1305 static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
1306 {
1307 char *buf = head->write_buf;
1308 bool global_pid = false;
1309 unsigned int pid;
1310 struct task_struct *p;
1311 struct tomoyo_domain_info *domain = NULL;
1312
1313 /* Accessing write_buf is safe because head->io_sem is held. */
1314 if (!buf) {
1315 head->r.eof = true;
1316 return; /* Do nothing if open(O_RDONLY). */
1317 }
1318 if (head->r.w_pos || head->r.eof)
1319 return;
1320 head->r.eof = true;
1321 if (tomoyo_str_starts(&buf, "global-pid "))
1322 global_pid = true;
1323 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1324 rcu_read_lock();
1325 read_lock(&tasklist_lock);
1326 if (global_pid)
1327 p = find_task_by_pid_ns(pid, &init_pid_ns);
1328 else
1329 p = find_task_by_vpid(pid);
1330 if (p)
1331 domain = tomoyo_real_domain(p);
1332 read_unlock(&tasklist_lock);
1333 rcu_read_unlock();
1334 if (!domain)
1335 return;
1336 tomoyo_io_printf(head, "%u %u ", pid, domain->profile);
1337 tomoyo_set_string(head, domain->domainname->name);
1338 }
1339
1340 static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1341 [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ",
1342 [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ",
1343 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ",
1344 [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ",
1345 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain ",
1346 [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ",
1347 };
1348
1349 static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1350 [TOMOYO_PATH_GROUP] = "path_group ",
1351 [TOMOYO_NUMBER_GROUP] = "number_group ",
1352 };
1353
1354 /**
1355 * tomoyo_write_exception - Write exception policy.
1356 *
1357 * @head: Pointer to "struct tomoyo_io_buffer".
1358 *
1359 * Returns 0 on success, negative value otherwise.
1360 *
1361 * Caller holds tomoyo_read_lock().
1362 */
1363 static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1364 {
1365 const bool is_delete = head->w.is_delete;
1366 struct tomoyo_acl_param param = {
1367 .ns = head->w.ns,
1368 .is_delete = is_delete,
1369 .data = head->write_buf,
1370 };
1371 u8 i;
1372 if (tomoyo_str_starts(&param.data, "aggregator "))
1373 return tomoyo_write_aggregator(&param);
1374 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1375 if (tomoyo_str_starts(&param.data, tomoyo_transition_type[i]))
1376 return tomoyo_write_transition_control(&param, i);
1377 for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1378 if (tomoyo_str_starts(&param.data, tomoyo_group_name[i]))
1379 return tomoyo_write_group(&param, i);
1380 if (tomoyo_str_starts(&param.data, "acl_group ")) {
1381 unsigned int group;
1382 char *data;
1383 group = simple_strtoul(param.data, &data, 10);
1384 if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ')
1385 return tomoyo_write_domain2
1386 (head->w.ns, &head->w.ns->acl_group[group],
1387 data, is_delete);
1388 }
1389 return -EINVAL;
1390 }
1391
1392 /**
1393 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1394 *
1395 * @head: Pointer to "struct tomoyo_io_buffer".
1396 * @idx: Index number.
1397 *
1398 * Returns true on success, false otherwise.
1399 *
1400 * Caller holds tomoyo_read_lock().
1401 */
1402 static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1403 {
1404 struct tomoyo_policy_namespace *ns =
1405 container_of(head->r.ns, typeof(*ns), namespace_list);
1406 struct list_head *list = &ns->group_list[idx];
1407 list_for_each_cookie(head->r.group, list) {
1408 struct tomoyo_group *group =
1409 list_entry(head->r.group, typeof(*group), head.list);
1410 list_for_each_cookie(head->r.acl, &group->member_list) {
1411 struct tomoyo_acl_head *ptr =
1412 list_entry(head->r.acl, typeof(*ptr), list);
1413 if (ptr->is_deleted)
1414 continue;
1415 if (!tomoyo_flush(head))
1416 return false;
1417 tomoyo_print_namespace(head);
1418 tomoyo_set_string(head, tomoyo_group_name[idx]);
1419 tomoyo_set_string(head, group->group_name->name);
1420 if (idx == TOMOYO_PATH_GROUP) {
1421 tomoyo_set_space(head);
1422 tomoyo_set_string(head, container_of
1423 (ptr, struct tomoyo_path_group,
1424 head)->member_name->name);
1425 } else if (idx == TOMOYO_NUMBER_GROUP) {
1426 tomoyo_print_number_union(head, &container_of
1427 (ptr,
1428 struct tomoyo_number_group,
1429 head)->number);
1430 }
1431 tomoyo_set_lf(head);
1432 }
1433 head->r.acl = NULL;
1434 }
1435 head->r.group = NULL;
1436 return true;
1437 }
1438
1439 /**
1440 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
1441 *
1442 * @head: Pointer to "struct tomoyo_io_buffer".
1443 * @idx: Index number.
1444 *
1445 * Returns true on success, false otherwise.
1446 *
1447 * Caller holds tomoyo_read_lock().
1448 */
1449 static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1450 {
1451 struct tomoyo_policy_namespace *ns =
1452 container_of(head->r.ns, typeof(*ns), namespace_list);
1453 struct list_head *list = &ns->policy_list[idx];
1454 list_for_each_cookie(head->r.acl, list) {
1455 struct tomoyo_acl_head *acl =
1456 container_of(head->r.acl, typeof(*acl), list);
1457 if (acl->is_deleted)
1458 continue;
1459 if (!tomoyo_flush(head))
1460 return false;
1461 switch (idx) {
1462 case TOMOYO_ID_TRANSITION_CONTROL:
1463 {
1464 struct tomoyo_transition_control *ptr =
1465 container_of(acl, typeof(*ptr), head);
1466 tomoyo_print_namespace(head);
1467 tomoyo_set_string(head, tomoyo_transition_type
1468 [ptr->type]);
1469 tomoyo_set_string(head, ptr->program ?
1470 ptr->program->name : "any");
1471 tomoyo_set_string(head, " from ");
1472 tomoyo_set_string(head, ptr->domainname ?
1473 ptr->domainname->name :
1474 "any");
1475 }
1476 break;
1477 case TOMOYO_ID_AGGREGATOR:
1478 {
1479 struct tomoyo_aggregator *ptr =
1480 container_of(acl, typeof(*ptr), head);
1481 tomoyo_print_namespace(head);
1482 tomoyo_set_string(head, "aggregator ");
1483 tomoyo_set_string(head,
1484 ptr->original_name->name);
1485 tomoyo_set_space(head);
1486 tomoyo_set_string(head,
1487 ptr->aggregated_name->name);
1488 }
1489 break;
1490 default:
1491 continue;
1492 }
1493 tomoyo_set_lf(head);
1494 }
1495 head->r.acl = NULL;
1496 return true;
1497 }
1498
1499 /**
1500 * tomoyo_read_exception - Read exception policy.
1501 *
1502 * @head: Pointer to "struct tomoyo_io_buffer".
1503 *
1504 * Caller holds tomoyo_read_lock().
1505 */
1506 static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
1507 {
1508 struct tomoyo_policy_namespace *ns =
1509 container_of(head->r.ns, typeof(*ns), namespace_list);
1510 if (head->r.eof)
1511 return;
1512 while (head->r.step < TOMOYO_MAX_POLICY &&
1513 tomoyo_read_policy(head, head->r.step))
1514 head->r.step++;
1515 if (head->r.step < TOMOYO_MAX_POLICY)
1516 return;
1517 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
1518 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY))
1519 head->r.step++;
1520 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
1521 return;
1522 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP
1523 + TOMOYO_MAX_ACL_GROUPS) {
1524 head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY
1525 - TOMOYO_MAX_GROUP;
1526 if (!tomoyo_read_domain2(head, &ns->acl_group
1527 [head->r.acl_group_index]))
1528 return;
1529 head->r.step++;
1530 }
1531 head->r.eof = true;
1532 }
1533
1534 /* Wait queue for kernel -> userspace notification. */
1535 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait);
1536 /* Wait queue for userspace -> kernel notification. */
1537 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait);
1538
1539 /* Structure for query. */
1540 struct tomoyo_query {
1541 struct list_head list;
1542 char *query;
1543 size_t query_len;
1544 unsigned int serial;
1545 u8 timer;
1546 u8 answer;
1547 u8 retry;
1548 };
1549
1550 /* The list for "struct tomoyo_query". */
1551 static LIST_HEAD(tomoyo_query_list);
1552
1553 /* Lock for manipulating tomoyo_query_list. */
1554 static DEFINE_SPINLOCK(tomoyo_query_list_lock);
1555
1556 /*
1557 * Number of "struct file" referring /sys/kernel/security/tomoyo/query
1558 * interface.
1559 */
1560 static atomic_t tomoyo_query_observers = ATOMIC_INIT(0);
1561
1562 /**
1563 * tomoyo_add_entry - Add an ACL to current thread's domain. Used by learning mode.
1564 *
1565 * @domain: Pointer to "struct tomoyo_domain_info".
1566 * @header: Lines containing ACL.
1567 *
1568 * Returns nothing.
1569 */
1570 static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header)
1571 {
1572 char *buffer;
1573 char *cp = strchr(header, '\n');
1574 int len;
1575 if (!cp)
1576 return;
1577 cp = strchr(cp + 1, '\n');
1578 if (!cp)
1579 return;
1580 *cp++ = '\0';
1581 len = strlen(cp) + 1;
1582 buffer = kmalloc(len, GFP_NOFS);
1583 if (!buffer)
1584 return;
1585 snprintf(buffer, len - 1, "%s", cp);
1586 tomoyo_normalize_line(buffer);
1587 if (!tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer,
1588 false))
1589 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
1590 kfree(buffer);
1591 }
1592
1593 /**
1594 * tomoyo_supervisor - Ask for the supervisor's decision.
1595 *
1596 * @r: Pointer to "struct tomoyo_request_info".
1597 * @fmt: The printf()'s format string, followed by parameters.
1598 *
1599 * Returns 0 if the supervisor decided to permit the access request which
1600 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the
1601 * supervisor decided to retry the access request which violated the policy in
1602 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise.
1603 */
1604 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1605 {
1606 va_list args;
1607 int error;
1608 int len;
1609 static unsigned int tomoyo_serial;
1610 struct tomoyo_query entry = { };
1611 bool quota_exceeded = false;
1612 va_start(args, fmt);
1613 len = vsnprintf((char *) &len, 1, fmt, args) + 1;
1614 va_end(args);
1615 /* Write /sys/kernel/security/tomoyo/audit. */
1616 va_start(args, fmt);
1617 tomoyo_write_log2(r, len, fmt, args);
1618 va_end(args);
1619 /* Nothing more to do if granted. */
1620 if (r->granted)
1621 return 0;
1622 if (r->mode)
1623 tomoyo_update_stat(r->mode);
1624 switch (r->mode) {
1625 case TOMOYO_CONFIG_ENFORCING:
1626 error = -EPERM;
1627 if (atomic_read(&tomoyo_query_observers))
1628 break;
1629 goto out;
1630 case TOMOYO_CONFIG_LEARNING:
1631 error = 0;
1632 /* Check max_learning_entry parameter. */
1633 if (tomoyo_domain_quota_is_ok(r))
1634 break;
1635 /* fall through */
1636 default:
1637 return 0;
1638 }
1639 /* Get message. */
1640 va_start(args, fmt);
1641 entry.query = tomoyo_init_log(r, len, fmt, args);
1642 va_end(args);
1643 if (!entry.query)
1644 goto out;
1645 entry.query_len = strlen(entry.query) + 1;
1646 if (!error) {
1647 tomoyo_add_entry(r->domain, entry.query);
1648 goto out;
1649 }
1650 len = tomoyo_round2(entry.query_len);
1651 spin_lock(&tomoyo_query_list_lock);
1652 if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] &&
1653 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len
1654 >= tomoyo_memory_quota[TOMOYO_MEMORY_QUERY]) {
1655 quota_exceeded = true;
1656 } else {
1657 entry.serial = tomoyo_serial++;
1658 entry.retry = r->retry;
1659 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] += len;
1660 list_add_tail(&entry.list, &tomoyo_query_list);
1661 }
1662 spin_unlock(&tomoyo_query_list_lock);
1663 if (quota_exceeded)
1664 goto out;
1665 /* Give 10 seconds for supervisor's opinion. */
1666 while (entry.timer < 10) {
1667 wake_up_all(&tomoyo_query_wait);
1668 if (wait_event_interruptible_timeout
1669 (tomoyo_answer_wait, entry.answer ||
1670 !atomic_read(&tomoyo_query_observers), HZ))
1671 break;
1672 else
1673 entry.timer++;
1674 }
1675 spin_lock(&tomoyo_query_list_lock);
1676 list_del(&entry.list);
1677 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] -= len;
1678 spin_unlock(&tomoyo_query_list_lock);
1679 switch (entry.answer) {
1680 case 3: /* Asked to retry by administrator. */
1681 error = TOMOYO_RETRY_REQUEST;
1682 r->retry++;
1683 break;
1684 case 1:
1685 /* Granted by administrator. */
1686 error = 0;
1687 break;
1688 default:
1689 /* Timed out or rejected by administrator. */
1690 break;
1691 }
1692 out:
1693 kfree(entry.query);
1694 return error;
1695 }
1696
1697 /**
1698 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query.
1699 *
1700 * @file: Pointer to "struct file".
1701 * @wait: Pointer to "poll_table".
1702 *
1703 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
1704 *
1705 * Waits for access requests which violated policy in enforcing mode.
1706 */
1707 static int tomoyo_poll_query(struct file *file, poll_table *wait)
1708 {
1709 struct list_head *tmp;
1710 bool found = false;
1711 u8 i;
1712 for (i = 0; i < 2; i++) {
1713 spin_lock(&tomoyo_query_list_lock);
1714 list_for_each(tmp, &tomoyo_query_list) {
1715 struct tomoyo_query *ptr =
1716 list_entry(tmp, typeof(*ptr), list);
1717 if (ptr->answer)
1718 continue;
1719 found = true;
1720 break;
1721 }
1722 spin_unlock(&tomoyo_query_list_lock);
1723 if (found)
1724 return POLLIN | POLLRDNORM;
1725 if (i)
1726 break;
1727 poll_wait(file, &tomoyo_query_wait, wait);
1728 }
1729 return 0;
1730 }
1731
1732 /**
1733 * tomoyo_read_query - Read access requests which violated policy in enforcing mode.
1734 *
1735 * @head: Pointer to "struct tomoyo_io_buffer".
1736 */
1737 static void tomoyo_read_query(struct tomoyo_io_buffer *head)
1738 {
1739 struct list_head *tmp;
1740 unsigned int pos = 0;
1741 size_t len = 0;
1742 char *buf;
1743 if (head->r.w_pos)
1744 return;
1745 if (head->read_buf) {
1746 kfree(head->read_buf);
1747 head->read_buf = NULL;
1748 }
1749 spin_lock(&tomoyo_query_list_lock);
1750 list_for_each(tmp, &tomoyo_query_list) {
1751 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1752 if (ptr->answer)
1753 continue;
1754 if (pos++ != head->r.query_index)
1755 continue;
1756 len = ptr->query_len;
1757 break;
1758 }
1759 spin_unlock(&tomoyo_query_list_lock);
1760 if (!len) {
1761 head->r.query_index = 0;
1762 return;
1763 }
1764 buf = kzalloc(len + 32, GFP_NOFS);
1765 if (!buf)
1766 return;
1767 pos = 0;
1768 spin_lock(&tomoyo_query_list_lock);
1769 list_for_each(tmp, &tomoyo_query_list) {
1770 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1771 if (ptr->answer)
1772 continue;
1773 if (pos++ != head->r.query_index)
1774 continue;
1775 /*
1776 * Some query can be skipped because tomoyo_query_list
1777 * can change, but I don't care.
1778 */
1779 if (len == ptr->query_len)
1780 snprintf(buf, len + 31, "Q%u-%hu\n%s", ptr->serial,
1781 ptr->retry, ptr->query);
1782 break;
1783 }
1784 spin_unlock(&tomoyo_query_list_lock);
1785 if (buf[0]) {
1786 head->read_buf = buf;
1787 head->r.w[head->r.w_pos++] = buf;
1788 head->r.query_index++;
1789 } else {
1790 kfree(buf);
1791 }
1792 }
1793
1794 /**
1795 * tomoyo_write_answer - Write the supervisor's decision.
1796 *
1797 * @head: Pointer to "struct tomoyo_io_buffer".
1798 *
1799 * Returns 0 on success, -EINVAL otherwise.
1800 */
1801 static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
1802 {
1803 char *data = head->write_buf;
1804 struct list_head *tmp;
1805 unsigned int serial;
1806 unsigned int answer;
1807 spin_lock(&tomoyo_query_list_lock);
1808 list_for_each(tmp, &tomoyo_query_list) {
1809 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1810 ptr->timer = 0;
1811 }
1812 spin_unlock(&tomoyo_query_list_lock);
1813 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
1814 return -EINVAL;
1815 spin_lock(&tomoyo_query_list_lock);
1816 list_for_each(tmp, &tomoyo_query_list) {
1817 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1818 if (ptr->serial != serial)
1819 continue;
1820 if (!ptr->answer)
1821 ptr->answer = answer;
1822 break;
1823 }
1824 spin_unlock(&tomoyo_query_list_lock);
1825 return 0;
1826 }
1827
1828 /**
1829 * tomoyo_read_version: Get version.
1830 *
1831 * @head: Pointer to "struct tomoyo_io_buffer".
1832 *
1833 * Returns version information.
1834 */
1835 static void tomoyo_read_version(struct tomoyo_io_buffer *head)
1836 {
1837 if (!head->r.eof) {
1838 tomoyo_io_printf(head, "2.4.0");
1839 head->r.eof = true;
1840 }
1841 }
1842
1843 /**
1844 * tomoyo_read_self_domain - Get the current process's domainname.
1845 *
1846 * @head: Pointer to "struct tomoyo_io_buffer".
1847 *
1848 * Returns the current process's domainname.
1849 */
1850 static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1851 {
1852 if (!head->r.eof) {
1853 /*
1854 * tomoyo_domain()->domainname != NULL
1855 * because every process belongs to a domain and
1856 * the domain's name cannot be NULL.
1857 */
1858 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1859 head->r.eof = true;
1860 }
1861 }
1862
1863 /* String table for /sys/kernel/security/tomoyo/stat interface. */
1864 static const char * const tomoyo_policy_headers[TOMOYO_MAX_POLICY_STAT] = {
1865 [TOMOYO_STAT_POLICY_UPDATES] = "update:",
1866 [TOMOYO_STAT_POLICY_LEARNING] = "violation in learning mode:",
1867 [TOMOYO_STAT_POLICY_PERMISSIVE] = "violation in permissive mode:",
1868 [TOMOYO_STAT_POLICY_ENFORCING] = "violation in enforcing mode:",
1869 };
1870
1871 /* String table for /sys/kernel/security/tomoyo/stat interface. */
1872 static const char * const tomoyo_memory_headers[TOMOYO_MAX_MEMORY_STAT] = {
1873 [TOMOYO_MEMORY_POLICY] = "policy:",
1874 [TOMOYO_MEMORY_AUDIT] = "audit log:",
1875 [TOMOYO_MEMORY_QUERY] = "query message:",
1876 };
1877
1878 /* Timestamp counter for last updated. */
1879 static unsigned int tomoyo_stat_updated[TOMOYO_MAX_POLICY_STAT];
1880 /* Counter for number of updates. */
1881 static unsigned int tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT];
1882
1883 /**
1884 * tomoyo_update_stat - Update statistic counters.
1885 *
1886 * @index: Index for policy type.
1887 *
1888 * Returns nothing.
1889 */
1890 void tomoyo_update_stat(const u8 index)
1891 {
1892 struct timeval tv;
1893 do_gettimeofday(&tv);
1894 /*
1895 * I don't use atomic operations because race condition is not fatal.
1896 */
1897 tomoyo_stat_updated[index]++;
1898 tomoyo_stat_modified[index] = tv.tv_sec;
1899 }
1900
1901 /**
1902 * tomoyo_read_stat - Read statistic data.
1903 *
1904 * @head: Pointer to "struct tomoyo_io_buffer".
1905 *
1906 * Returns nothing.
1907 */
1908 static void tomoyo_read_stat(struct tomoyo_io_buffer *head)
1909 {
1910 u8 i;
1911 unsigned int total = 0;
1912 if (head->r.eof)
1913 return;
1914 for (i = 0; i < TOMOYO_MAX_POLICY_STAT; i++) {
1915 tomoyo_io_printf(head, "Policy %-30s %10u",
1916 tomoyo_policy_headers[i],
1917 tomoyo_stat_updated[i]);
1918 if (tomoyo_stat_modified[i]) {
1919 struct tomoyo_time stamp;
1920 tomoyo_convert_time(tomoyo_stat_modified[i], &stamp);
1921 tomoyo_io_printf(head, " (Last: %04u/%02u/%02u "
1922 "%02u:%02u:%02u)",
1923 stamp.year, stamp.month, stamp.day,
1924 stamp.hour, stamp.min, stamp.sec);
1925 }
1926 tomoyo_set_lf(head);
1927 }
1928 for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) {
1929 unsigned int used = tomoyo_memory_used[i];
1930 total += used;
1931 tomoyo_io_printf(head, "Memory used by %-22s %10u",
1932 tomoyo_memory_headers[i], used);
1933 used = tomoyo_memory_quota[i];
1934 if (used)
1935 tomoyo_io_printf(head, " (Quota: %10u)", used);
1936 tomoyo_set_lf(head);
1937 }
1938 tomoyo_io_printf(head, "Total memory used: %10u\n",
1939 total);
1940 head->r.eof = true;
1941 }
1942
1943 /**
1944 * tomoyo_write_stat - Set memory quota.
1945 *
1946 * @head: Pointer to "struct tomoyo_io_buffer".
1947 *
1948 * Returns 0.
1949 */
1950 static int tomoyo_write_stat(struct tomoyo_io_buffer *head)
1951 {
1952 char *data = head->write_buf;
1953 u8 i;
1954 if (tomoyo_str_starts(&data, "Memory used by "))
1955 for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++)
1956 if (tomoyo_str_starts(&data, tomoyo_memory_headers[i]))
1957 sscanf(data, "%u", &tomoyo_memory_quota[i]);
1958 return 0;
1959 }
1960
1961 /**
1962 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1963 *
1964 * @type: Type of interface.
1965 * @file: Pointer to "struct file".
1966 *
1967 * Returns 0 on success, negative value otherwise.
1968 */
1969 int tomoyo_open_control(const u8 type, struct file *file)
1970 {
1971 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS);
1972
1973 if (!head)
1974 return -ENOMEM;
1975 mutex_init(&head->io_sem);
1976 head->type = type;
1977 switch (type) {
1978 case TOMOYO_DOMAINPOLICY:
1979 /* /sys/kernel/security/tomoyo/domain_policy */
1980 head->write = tomoyo_write_domain;
1981 head->read = tomoyo_read_domain;
1982 break;
1983 case TOMOYO_EXCEPTIONPOLICY:
1984 /* /sys/kernel/security/tomoyo/exception_policy */
1985 head->write = tomoyo_write_exception;
1986 head->read = tomoyo_read_exception;
1987 break;
1988 case TOMOYO_AUDIT:
1989 /* /sys/kernel/security/tomoyo/audit */
1990 head->poll = tomoyo_poll_log;
1991 head->read = tomoyo_read_log;
1992 break;
1993 case TOMOYO_SELFDOMAIN:
1994 /* /sys/kernel/security/tomoyo/self_domain */
1995 head->read = tomoyo_read_self_domain;
1996 break;
1997 case TOMOYO_DOMAIN_STATUS:
1998 /* /sys/kernel/security/tomoyo/.domain_status */
1999 head->write = tomoyo_write_domain_profile;
2000 head->read = tomoyo_read_domain_profile;
2001 break;
2002 case TOMOYO_PROCESS_STATUS:
2003 /* /sys/kernel/security/tomoyo/.process_status */
2004 head->write = tomoyo_write_pid;
2005 head->read = tomoyo_read_pid;
2006 break;
2007 case TOMOYO_VERSION:
2008 /* /sys/kernel/security/tomoyo/version */
2009 head->read = tomoyo_read_version;
2010 head->readbuf_size = 128;
2011 break;
2012 case TOMOYO_STAT:
2013 /* /sys/kernel/security/tomoyo/stat */
2014 head->write = tomoyo_write_stat;
2015 head->read = tomoyo_read_stat;
2016 head->readbuf_size = 1024;
2017 break;
2018 case TOMOYO_PROFILE:
2019 /* /sys/kernel/security/tomoyo/profile */
2020 head->write = tomoyo_write_profile;
2021 head->read = tomoyo_read_profile;
2022 break;
2023 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */
2024 head->poll = tomoyo_poll_query;
2025 head->write = tomoyo_write_answer;
2026 head->read = tomoyo_read_query;
2027 break;
2028 case TOMOYO_MANAGER:
2029 /* /sys/kernel/security/tomoyo/manager */
2030 head->write = tomoyo_write_manager;
2031 head->read = tomoyo_read_manager;
2032 break;
2033 }
2034 if (!(file->f_mode & FMODE_READ)) {
2035 /*
2036 * No need to allocate read_buf since it is not opened
2037 * for reading.
2038 */
2039 head->read = NULL;
2040 head->poll = NULL;
2041 } else if (!head->poll) {
2042 /* Don't allocate read_buf for poll() access. */
2043 if (!head->readbuf_size)
2044 head->readbuf_size = 4096 * 2;
2045 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS);
2046 if (!head->read_buf) {
2047 kfree(head);
2048 return -ENOMEM;
2049 }
2050 }
2051 if (!(file->f_mode & FMODE_WRITE)) {
2052 /*
2053 * No need to allocate write_buf since it is not opened
2054 * for writing.
2055 */
2056 head->write = NULL;
2057 } else if (head->write) {
2058 head->writebuf_size = 4096 * 2;
2059 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS);
2060 if (!head->write_buf) {
2061 kfree(head->read_buf);
2062 kfree(head);
2063 return -ENOMEM;
2064 }
2065 }
2066 /*
2067 * If the file is /sys/kernel/security/tomoyo/query , increment the
2068 * observer counter.
2069 * The obserber counter is used by tomoyo_supervisor() to see if
2070 * there is some process monitoring /sys/kernel/security/tomoyo/query.
2071 */
2072 if (type == TOMOYO_QUERY)
2073 atomic_inc(&tomoyo_query_observers);
2074 file->private_data = head;
2075 tomoyo_notify_gc(head, true);
2076 return 0;
2077 }
2078
2079 /**
2080 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
2081 *
2082 * @file: Pointer to "struct file".
2083 * @wait: Pointer to "poll_table".
2084 *
2085 * Waits for read readiness.
2086 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd and
2087 * /sys/kernel/security/tomoyo/audit is handled by /usr/sbin/tomoyo-auditd.
2088 */
2089 int tomoyo_poll_control(struct file *file, poll_table *wait)
2090 {
2091 struct tomoyo_io_buffer *head = file->private_data;
2092 if (!head->poll)
2093 return -ENOSYS;
2094 return head->poll(file, wait);
2095 }
2096
2097 /**
2098 * tomoyo_set_namespace_cursor - Set namespace to read.
2099 *
2100 * @head: Pointer to "struct tomoyo_io_buffer".
2101 *
2102 * Returns nothing.
2103 */
2104 static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer *head)
2105 {
2106 struct list_head *ns;
2107 if (head->type != TOMOYO_EXCEPTIONPOLICY &&
2108 head->type != TOMOYO_PROFILE)
2109 return;
2110 /*
2111 * If this is the first read, or reading previous namespace finished
2112 * and has more namespaces to read, update the namespace cursor.
2113 */
2114 ns = head->r.ns;
2115 if (!ns || (head->r.eof && ns->next != &tomoyo_namespace_list)) {
2116 /* Clearing is OK because tomoyo_flush() returned true. */
2117 memset(&head->r, 0, sizeof(head->r));
2118 head->r.ns = ns ? ns->next : tomoyo_namespace_list.next;
2119 }
2120 }
2121
2122 /**
2123 * tomoyo_has_more_namespace - Check for unread namespaces.
2124 *
2125 * @head: Pointer to "struct tomoyo_io_buffer".
2126 *
2127 * Returns true if we have more entries to print, false otherwise.
2128 */
2129 static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head)
2130 {
2131 return (head->type == TOMOYO_EXCEPTIONPOLICY ||
2132 head->type == TOMOYO_PROFILE) && head->r.eof &&
2133 head->r.ns->next != &tomoyo_namespace_list;
2134 }
2135
2136 /**
2137 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
2138 *
2139 * @head: Pointer to "struct tomoyo_io_buffer".
2140 * @buffer: Poiner to buffer to write to.
2141 * @buffer_len: Size of @buffer.
2142 *
2143 * Returns bytes read on success, negative value otherwise.
2144 */
2145 ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
2146 const int buffer_len)
2147 {
2148 int len;
2149 int idx;
2150
2151 if (!head->read)
2152 return -ENOSYS;
2153 if (mutex_lock_interruptible(&head->io_sem))
2154 return -EINTR;
2155 head->read_user_buf = buffer;
2156 head->read_user_buf_avail = buffer_len;
2157 idx = tomoyo_read_lock();
2158 if (tomoyo_flush(head))
2159 /* Call the policy handler. */
2160 do {
2161 tomoyo_set_namespace_cursor(head);
2162 head->read(head);
2163 } while (tomoyo_flush(head) &&
2164 tomoyo_has_more_namespace(head));
2165 tomoyo_read_unlock(idx);
2166 len = head->read_user_buf - buffer;
2167 mutex_unlock(&head->io_sem);
2168 return len;
2169 }
2170
2171 /**
2172 * tomoyo_parse_policy - Parse a policy line.
2173 *
2174 * @head: Poiter to "struct tomoyo_io_buffer".
2175 * @line: Line to parse.
2176 *
2177 * Returns 0 on success, negative value otherwise.
2178 *
2179 * Caller holds tomoyo_read_lock().
2180 */
2181 static int tomoyo_parse_policy(struct tomoyo_io_buffer *head, char *line)
2182 {
2183 /* Delete request? */
2184 head->w.is_delete = !strncmp(line, "delete ", 7);
2185 if (head->w.is_delete)
2186 memmove(line, line + 7, strlen(line + 7) + 1);
2187 /* Selecting namespace to update. */
2188 if (head->type == TOMOYO_EXCEPTIONPOLICY ||
2189 head->type == TOMOYO_PROFILE) {
2190 if (*line == '<') {
2191 char *cp = strchr(line, ' ');
2192 if (cp) {
2193 *cp++ = '\0';
2194 head->w.ns = tomoyo_assign_namespace(line);
2195 memmove(line, cp, strlen(cp) + 1);
2196 } else
2197 head->w.ns = NULL;
2198 } else
2199 head->w.ns = &tomoyo_kernel_namespace;
2200 /* Don't allow updating if namespace is invalid. */
2201 if (!head->w.ns)
2202 return -ENOENT;
2203 }
2204 /* Do the update. */
2205 return head->write(head);
2206 }
2207
2208 /**
2209 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
2210 *
2211 * @head: Pointer to "struct tomoyo_io_buffer".
2212 * @buffer: Pointer to buffer to read from.
2213 * @buffer_len: Size of @buffer.
2214 *
2215 * Returns @buffer_len on success, negative value otherwise.
2216 */
2217 ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
2218 const char __user *buffer, const int buffer_len)
2219 {
2220 int error = buffer_len;
2221 size_t avail_len = buffer_len;
2222 char *cp0 = head->write_buf;
2223 int idx;
2224 if (!head->write)
2225 return -ENOSYS;
2226 if (!access_ok(VERIFY_READ, buffer, buffer_len))
2227 return -EFAULT;
2228 if (mutex_lock_interruptible(&head->io_sem))
2229 return -EINTR;
2230 idx = tomoyo_read_lock();
2231 /* Read a line and dispatch it to the policy handler. */
2232 while (avail_len > 0) {
2233 char c;
2234 if (head->w.avail >= head->writebuf_size - 1) {
2235 const int len = head->writebuf_size * 2;
2236 char *cp = kzalloc(len, GFP_NOFS);
2237 if (!cp) {
2238 error = -ENOMEM;
2239 break;
2240 }
2241 memmove(cp, cp0, head->w.avail);
2242 kfree(cp0);
2243 head->write_buf = cp;
2244 cp0 = cp;
2245 head->writebuf_size = len;
2246 }
2247 if (get_user(c, buffer)) {
2248 error = -EFAULT;
2249 break;
2250 }
2251 buffer++;
2252 avail_len--;
2253 cp0[head->w.avail++] = c;
2254 if (c != '\n')
2255 continue;
2256 cp0[head->w.avail - 1] = '\0';
2257 head->w.avail = 0;
2258 tomoyo_normalize_line(cp0);
2259 if (!strcmp(cp0, "reset")) {
2260 head->w.ns = &tomoyo_kernel_namespace;
2261 head->w.domain = NULL;
2262 memset(&head->r, 0, sizeof(head->r));
2263 continue;
2264 }
2265 /* Don't allow updating policies by non manager programs. */
2266 switch (head->type) {
2267 case TOMOYO_PROCESS_STATUS:
2268 /* This does not write anything. */
2269 break;
2270 case TOMOYO_DOMAINPOLICY:
2271 if (tomoyo_select_domain(head, cp0))
2272 continue;
2273 /* fall through */
2274 case TOMOYO_EXCEPTIONPOLICY:
2275 if (!strcmp(cp0, "select transition_only")) {
2276 head->r.print_transition_related_only = true;
2277 continue;
2278 }
2279 /* fall through */
2280 default:
2281 if (!tomoyo_manager()) {
2282 error = -EPERM;
2283 goto out;
2284 }
2285 }
2286 switch (tomoyo_parse_policy(head, cp0)) {
2287 case -EPERM:
2288 error = -EPERM;
2289 goto out;
2290 case 0:
2291 switch (head->type) {
2292 case TOMOYO_DOMAINPOLICY:
2293 case TOMOYO_EXCEPTIONPOLICY:
2294 case TOMOYO_DOMAIN_STATUS:
2295 case TOMOYO_STAT:
2296 case TOMOYO_PROFILE:
2297 case TOMOYO_MANAGER:
2298 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
2299 break;
2300 default:
2301 break;
2302 }
2303 break;
2304 }
2305 }
2306 out:
2307 tomoyo_read_unlock(idx);
2308 mutex_unlock(&head->io_sem);
2309 return error;
2310 }
2311
2312 /**
2313 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
2314 *
2315 * @head: Pointer to "struct tomoyo_io_buffer".
2316 *
2317 * Returns 0.
2318 */
2319 int tomoyo_close_control(struct tomoyo_io_buffer *head)
2320 {
2321 /*
2322 * If the file is /sys/kernel/security/tomoyo/query , decrement the
2323 * observer counter.
2324 */
2325 if (head->type == TOMOYO_QUERY &&
2326 atomic_dec_and_test(&tomoyo_query_observers))
2327 wake_up_all(&tomoyo_answer_wait);
2328 tomoyo_notify_gc(head, false);
2329 return 0;
2330 }
2331
2332 /**
2333 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined.
2334 */
2335 void tomoyo_check_profile(void)
2336 {
2337 struct tomoyo_domain_info *domain;
2338 const int idx = tomoyo_read_lock();
2339 tomoyo_policy_loaded = true;
2340 printk(KERN_INFO "TOMOYO: 2.4.0\n");
2341 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
2342 const u8 profile = domain->profile;
2343 const struct tomoyo_policy_namespace *ns = domain->ns;
2344 if (ns->profile_version != 20100903)
2345 printk(KERN_ERR
2346 "Profile version %u is not supported.\n",
2347 ns->profile_version);
2348 else if (!ns->profile_ptr[profile])
2349 printk(KERN_ERR
2350 "Profile %u (used by '%s') is not defined.\n",
2351 profile, domain->domainname->name);
2352 else
2353 continue;
2354 printk(KERN_ERR
2355 "Userland tools for TOMOYO 2.4 must be installed and "
2356 "policy must be initialized.\n");
2357 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.4/ "
2358 "for more information.\n");
2359 panic("STOP!");
2360 }
2361 tomoyo_read_unlock(idx);
2362 printk(KERN_INFO "Mandatory Access Control activated.\n");
2363 }
2364
2365 /**
2366 * tomoyo_load_builtin_policy - Load built-in policy.
2367 *
2368 * Returns nothing.
2369 */
2370 void __init tomoyo_load_builtin_policy(void)
2371 {
2372 /*
2373 * This include file is manually created and contains built-in policy
2374 * named "tomoyo_builtin_profile", "tomoyo_builtin_exception_policy",
2375 * "tomoyo_builtin_domain_policy", "tomoyo_builtin_manager",
2376 * "tomoyo_builtin_stat" in the form of "static char [] __initdata".
2377 */
2378 #include "builtin-policy.h"
2379 u8 i;
2380 const int idx = tomoyo_read_lock();
2381 for (i = 0; i < 5; i++) {
2382 struct tomoyo_io_buffer head = { };
2383 char *start = "";
2384 switch (i) {
2385 case 0:
2386 start = tomoyo_builtin_profile;
2387 head.type = TOMOYO_PROFILE;
2388 head.write = tomoyo_write_profile;
2389 break;
2390 case 1:
2391 start = tomoyo_builtin_exception_policy;
2392 head.type = TOMOYO_EXCEPTIONPOLICY;
2393 head.write = tomoyo_write_exception;
2394 break;
2395 case 2:
2396 start = tomoyo_builtin_domain_policy;
2397 head.type = TOMOYO_DOMAINPOLICY;
2398 head.write = tomoyo_write_domain;
2399 break;
2400 case 3:
2401 start = tomoyo_builtin_manager;
2402 head.type = TOMOYO_MANAGER;
2403 head.write = tomoyo_write_manager;
2404 break;
2405 case 4:
2406 start = tomoyo_builtin_stat;
2407 head.type = TOMOYO_STAT;
2408 head.write = tomoyo_write_stat;
2409 break;
2410 }
2411 while (1) {
2412 char *end = strchr(start, '\n');
2413 if (!end)
2414 break;
2415 *end = '\0';
2416 tomoyo_normalize_line(start);
2417 head.write_buf = start;
2418 tomoyo_parse_policy(&head, start);
2419 start = end + 1;
2420 }
2421 }
2422 tomoyo_read_unlock(idx);
2423 #ifdef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
2424 tomoyo_check_profile();
2425 #endif
2426 }
Linux kernel - Deliverables
This page took 0.080983 seconds and 6 git commands to generate.