2 * security/tomoyo/common.c
4 * Common functions for TOMOYO.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
9 #include <linux/uaccess.h>
10 #include <linux/slab.h>
11 #include <linux/security.h>
14 /* String table for operation mode. */
15 const char * const tomoyo_mode
[TOMOYO_CONFIG_MAX_MODE
] = {
16 [TOMOYO_CONFIG_DISABLED
] = "disabled",
17 [TOMOYO_CONFIG_LEARNING
] = "learning",
18 [TOMOYO_CONFIG_PERMISSIVE
] = "permissive",
19 [TOMOYO_CONFIG_ENFORCING
] = "enforcing"
22 /* String table for /sys/kernel/security/tomoyo/profile */
23 const char * const tomoyo_mac_keywords
[TOMOYO_MAX_MAC_INDEX
24 + TOMOYO_MAX_MAC_CATEGORY_INDEX
] = {
25 [TOMOYO_MAC_FILE_EXECUTE
] = "execute",
26 [TOMOYO_MAC_FILE_OPEN
] = "open",
27 [TOMOYO_MAC_FILE_CREATE
] = "create",
28 [TOMOYO_MAC_FILE_UNLINK
] = "unlink",
29 [TOMOYO_MAC_FILE_GETATTR
] = "getattr",
30 [TOMOYO_MAC_FILE_MKDIR
] = "mkdir",
31 [TOMOYO_MAC_FILE_RMDIR
] = "rmdir",
32 [TOMOYO_MAC_FILE_MKFIFO
] = "mkfifo",
33 [TOMOYO_MAC_FILE_MKSOCK
] = "mksock",
34 [TOMOYO_MAC_FILE_TRUNCATE
] = "truncate",
35 [TOMOYO_MAC_FILE_SYMLINK
] = "symlink",
36 [TOMOYO_MAC_FILE_MKBLOCK
] = "mkblock",
37 [TOMOYO_MAC_FILE_MKCHAR
] = "mkchar",
38 [TOMOYO_MAC_FILE_LINK
] = "link",
39 [TOMOYO_MAC_FILE_RENAME
] = "rename",
40 [TOMOYO_MAC_FILE_CHMOD
] = "chmod",
41 [TOMOYO_MAC_FILE_CHOWN
] = "chown",
42 [TOMOYO_MAC_FILE_CHGRP
] = "chgrp",
43 [TOMOYO_MAC_FILE_IOCTL
] = "ioctl",
44 [TOMOYO_MAC_FILE_CHROOT
] = "chroot",
45 [TOMOYO_MAC_FILE_MOUNT
] = "mount",
46 [TOMOYO_MAC_FILE_UMOUNT
] = "unmount",
47 [TOMOYO_MAC_FILE_PIVOT_ROOT
] = "pivot_root",
48 [TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAC_CATEGORY_FILE
] = "file",
51 /* String table for PREFERENCE keyword. */
52 static const char * const tomoyo_pref_keywords
[TOMOYO_MAX_PREF
] = {
53 [TOMOYO_PREF_MAX_AUDIT_LOG
] = "max_audit_log",
54 [TOMOYO_PREF_MAX_LEARNING_ENTRY
] = "max_learning_entry",
57 /* String table for path operation. */
58 const char * const tomoyo_path_keyword
[TOMOYO_MAX_PATH_OPERATION
] = {
59 [TOMOYO_TYPE_EXECUTE
] = "execute",
60 [TOMOYO_TYPE_READ
] = "read",
61 [TOMOYO_TYPE_WRITE
] = "write",
62 [TOMOYO_TYPE_APPEND
] = "append",
63 [TOMOYO_TYPE_UNLINK
] = "unlink",
64 [TOMOYO_TYPE_GETATTR
] = "getattr",
65 [TOMOYO_TYPE_RMDIR
] = "rmdir",
66 [TOMOYO_TYPE_TRUNCATE
] = "truncate",
67 [TOMOYO_TYPE_SYMLINK
] = "symlink",
68 [TOMOYO_TYPE_CHROOT
] = "chroot",
69 [TOMOYO_TYPE_UMOUNT
] = "unmount",
72 /* String table for categories. */
73 static const char * const tomoyo_category_keywords
74 [TOMOYO_MAX_MAC_CATEGORY_INDEX
] = {
75 [TOMOYO_MAC_CATEGORY_FILE
] = "file",
78 /* Permit policy management by non-root user? */
79 static bool tomoyo_manage_by_non_root
;
81 /* Utility functions. */
84 * tomoyo_yesno - Return "yes" or "no".
88 const char *tomoyo_yesno(const unsigned int value
)
90 return value
? "yes" : "no";
94 * tomoyo_addprintf - strncat()-like-snprintf().
96 * @buffer: Buffer to write to. Must be '\0'-terminated.
97 * @len: Size of @buffer.
98 * @fmt: The printf()'s format string, followed by parameters.
102 static void tomoyo_addprintf(char *buffer
, int len
, const char *fmt
, ...)
105 const int pos
= strlen(buffer
);
107 vsnprintf(buffer
+ pos
, len
- pos
- 1, fmt
, args
);
112 * tomoyo_flush - Flush queued string to userspace's buffer.
114 * @head: Pointer to "struct tomoyo_io_buffer".
116 * Returns true if all data was flushed, false otherwise.
118 static bool tomoyo_flush(struct tomoyo_io_buffer
*head
)
120 while (head
->r
.w_pos
) {
121 const char *w
= head
->r
.w
[0];
122 size_t len
= strlen(w
);
124 if (len
> head
->read_user_buf_avail
)
125 len
= head
->read_user_buf_avail
;
128 if (copy_to_user(head
->read_user_buf
, w
, len
))
130 head
->read_user_buf_avail
-= len
;
131 head
->read_user_buf
+= len
;
137 /* Add '\0' for audit logs and query. */
139 if (!head
->read_user_buf_avail
||
140 copy_to_user(head
->read_user_buf
, "", 1))
142 head
->read_user_buf_avail
--;
143 head
->read_user_buf
++;
146 for (len
= 0; len
< head
->r
.w_pos
; len
++)
147 head
->r
.w
[len
] = head
->r
.w
[len
+ 1];
154 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure.
156 * @head: Pointer to "struct tomoyo_io_buffer".
157 * @string: String to print.
159 * Note that @string has to be kept valid until @head is kfree()d.
160 * This means that char[] allocated on stack memory cannot be passed to
161 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory.
163 static void tomoyo_set_string(struct tomoyo_io_buffer
*head
, const char *string
)
165 if (head
->r
.w_pos
< TOMOYO_MAX_IO_READ_QUEUE
) {
166 head
->r
.w
[head
->r
.w_pos
++] = string
;
173 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure.
175 * @head: Pointer to "struct tomoyo_io_buffer".
176 * @fmt: The printf()'s format string, followed by parameters.
178 void tomoyo_io_printf(struct tomoyo_io_buffer
*head
, const char *fmt
, ...)
182 size_t pos
= head
->r
.avail
;
183 int size
= head
->readbuf_size
- pos
;
187 len
= vsnprintf(head
->read_buf
+ pos
, size
, fmt
, args
) + 1;
189 if (pos
+ len
>= head
->readbuf_size
) {
193 head
->r
.avail
+= len
;
194 tomoyo_set_string(head
, head
->read_buf
+ pos
);
198 * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure.
200 * @head: Pointer to "struct tomoyo_io_buffer".
204 static void tomoyo_set_space(struct tomoyo_io_buffer
*head
)
206 tomoyo_set_string(head
, " ");
210 * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure.
212 * @head: Pointer to "struct tomoyo_io_buffer".
216 static bool tomoyo_set_lf(struct tomoyo_io_buffer
*head
)
218 tomoyo_set_string(head
, "\n");
219 return !head
->r
.w_pos
;
223 * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure.
225 * @head: Pointer to "struct tomoyo_io_buffer".
229 static void tomoyo_set_slash(struct tomoyo_io_buffer
*head
)
231 tomoyo_set_string(head
, "/");
234 /* List of namespaces. */
235 LIST_HEAD(tomoyo_namespace_list
);
236 /* True if namespace other than tomoyo_kernel_namespace is defined. */
237 static bool tomoyo_namespace_enabled
;
240 * tomoyo_init_policy_namespace - Initialize namespace.
242 * @ns: Pointer to "struct tomoyo_policy_namespace".
246 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace
*ns
)
249 for (idx
= 0; idx
< TOMOYO_MAX_ACL_GROUPS
; idx
++)
250 INIT_LIST_HEAD(&ns
->acl_group
[idx
]);
251 for (idx
= 0; idx
< TOMOYO_MAX_GROUP
; idx
++)
252 INIT_LIST_HEAD(&ns
->group_list
[idx
]);
253 for (idx
= 0; idx
< TOMOYO_MAX_POLICY
; idx
++)
254 INIT_LIST_HEAD(&ns
->policy_list
[idx
]);
255 ns
->profile_version
= 20100903;
256 tomoyo_namespace_enabled
= !list_empty(&tomoyo_namespace_list
);
257 list_add_tail_rcu(&ns
->namespace_list
, &tomoyo_namespace_list
);
261 * tomoyo_print_namespace - Print namespace header.
263 * @head: Pointer to "struct tomoyo_io_buffer".
267 static void tomoyo_print_namespace(struct tomoyo_io_buffer
*head
)
269 if (!tomoyo_namespace_enabled
)
271 tomoyo_set_string(head
,
272 container_of(head
->r
.ns
,
273 struct tomoyo_policy_namespace
,
274 namespace_list
)->name
);
275 tomoyo_set_space(head
);
279 * tomoyo_print_name_union - Print a tomoyo_name_union.
281 * @head: Pointer to "struct tomoyo_io_buffer".
282 * @ptr: Pointer to "struct tomoyo_name_union".
284 static void tomoyo_print_name_union(struct tomoyo_io_buffer
*head
,
285 const struct tomoyo_name_union
*ptr
)
287 tomoyo_set_space(head
);
289 tomoyo_set_string(head
, "@");
290 tomoyo_set_string(head
, ptr
->group
->group_name
->name
);
292 tomoyo_set_string(head
, ptr
->filename
->name
);
297 * tomoyo_print_number_union - Print a tomoyo_number_union.
299 * @head: Pointer to "struct tomoyo_io_buffer".
300 * @ptr: Pointer to "struct tomoyo_number_union".
302 static void tomoyo_print_number_union(struct tomoyo_io_buffer
*head
,
303 const struct tomoyo_number_union
*ptr
)
305 tomoyo_set_space(head
);
307 tomoyo_set_string(head
, "@");
308 tomoyo_set_string(head
, ptr
->group
->group_name
->name
);
311 unsigned long min
= ptr
->values
[0];
312 const unsigned long max
= ptr
->values
[1];
313 u8 min_type
= ptr
->value_type
[0];
314 const u8 max_type
= ptr
->value_type
[1];
317 for (i
= 0; i
< 2; i
++) {
319 case TOMOYO_VALUE_TYPE_HEXADECIMAL
:
320 tomoyo_addprintf(buffer
, sizeof(buffer
),
323 case TOMOYO_VALUE_TYPE_OCTAL
:
324 tomoyo_addprintf(buffer
, sizeof(buffer
),
328 tomoyo_addprintf(buffer
, sizeof(buffer
),
332 if (min
== max
&& min_type
== max_type
)
334 tomoyo_addprintf(buffer
, sizeof(buffer
), "-");
338 tomoyo_io_printf(head
, "%s", buffer
);
343 * tomoyo_assign_profile - Create a new profile.
345 * @ns: Pointer to "struct tomoyo_policy_namespace".
346 * @profile: Profile number to create.
348 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
350 static struct tomoyo_profile
*tomoyo_assign_profile
351 (struct tomoyo_policy_namespace
*ns
, const unsigned int profile
)
353 struct tomoyo_profile
*ptr
;
354 struct tomoyo_profile
*entry
;
355 if (profile
>= TOMOYO_MAX_PROFILES
)
357 ptr
= ns
->profile_ptr
[profile
];
360 entry
= kzalloc(sizeof(*entry
), GFP_NOFS
);
361 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
363 ptr
= ns
->profile_ptr
[profile
];
364 if (!ptr
&& tomoyo_memory_ok(entry
)) {
366 ptr
->default_config
= TOMOYO_CONFIG_DISABLED
|
367 TOMOYO_CONFIG_WANT_GRANT_LOG
|
368 TOMOYO_CONFIG_WANT_REJECT_LOG
;
369 memset(ptr
->config
, TOMOYO_CONFIG_USE_DEFAULT
,
370 sizeof(ptr
->config
));
371 ptr
->pref
[TOMOYO_PREF_MAX_AUDIT_LOG
] = 1024;
372 ptr
->pref
[TOMOYO_PREF_MAX_LEARNING_ENTRY
] = 2048;
373 mb(); /* Avoid out-of-order execution. */
374 ns
->profile_ptr
[profile
] = ptr
;
377 mutex_unlock(&tomoyo_policy_lock
);
384 * tomoyo_profile - Find a profile.
386 * @ns: Pointer to "struct tomoyo_policy_namespace".
387 * @profile: Profile number to find.
389 * Returns pointer to "struct tomoyo_profile".
391 struct tomoyo_profile
*tomoyo_profile(const struct tomoyo_policy_namespace
*ns
,
394 static struct tomoyo_profile tomoyo_null_profile
;
395 struct tomoyo_profile
*ptr
= ns
->profile_ptr
[profile
];
397 ptr
= &tomoyo_null_profile
;
402 * tomoyo_find_yesno - Find values for specified keyword.
404 * @string: String to check.
405 * @find: Name of keyword.
407 * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise.
409 static s8
tomoyo_find_yesno(const char *string
, const char *find
)
411 const char *cp
= strstr(string
, find
);
414 if (!strncmp(cp
, "=yes", 4))
416 else if (!strncmp(cp
, "=no", 3))
423 * tomoyo_set_uint - Set value for specified preference.
425 * @i: Pointer to "unsigned int".
426 * @string: String to check.
427 * @find: Name of keyword.
431 static void tomoyo_set_uint(unsigned int *i
, const char *string
,
434 const char *cp
= strstr(string
, find
);
436 sscanf(cp
+ strlen(find
), "=%u", i
);
440 * tomoyo_set_mode - Set mode for specified profile.
442 * @name: Name of functionality.
443 * @value: Mode for @name.
444 * @profile: Pointer to "struct tomoyo_profile".
446 * Returns 0 on success, negative value otherwise.
448 static int tomoyo_set_mode(char *name
, const char *value
,
449 struct tomoyo_profile
*profile
)
453 if (!strcmp(name
, "CONFIG")) {
454 i
= TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAX_MAC_CATEGORY_INDEX
;
455 config
= profile
->default_config
;
456 } else if (tomoyo_str_starts(&name
, "CONFIG::")) {
458 for (i
= 0; i
< TOMOYO_MAX_MAC_INDEX
459 + TOMOYO_MAX_MAC_CATEGORY_INDEX
; i
++) {
461 if (i
< TOMOYO_MAX_MAC_INDEX
) {
462 const u8 c
= tomoyo_index2category
[i
];
463 const char *category
=
464 tomoyo_category_keywords
[c
];
465 len
= strlen(category
);
466 if (strncmp(name
, category
, len
) ||
467 name
[len
++] != ':' || name
[len
++] != ':')
470 if (strcmp(name
+ len
, tomoyo_mac_keywords
[i
]))
472 config
= profile
->config
[i
];
475 if (i
== TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAX_MAC_CATEGORY_INDEX
)
480 if (strstr(value
, "use_default")) {
481 config
= TOMOYO_CONFIG_USE_DEFAULT
;
484 for (mode
= 0; mode
< 4; mode
++)
485 if (strstr(value
, tomoyo_mode
[mode
]))
487 * Update lower 3 bits in order to distinguish
488 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
490 config
= (config
& ~7) | mode
;
491 if (config
!= TOMOYO_CONFIG_USE_DEFAULT
) {
492 switch (tomoyo_find_yesno(value
, "grant_log")) {
494 config
|= TOMOYO_CONFIG_WANT_GRANT_LOG
;
497 config
&= ~TOMOYO_CONFIG_WANT_GRANT_LOG
;
500 switch (tomoyo_find_yesno(value
, "reject_log")) {
502 config
|= TOMOYO_CONFIG_WANT_REJECT_LOG
;
505 config
&= ~TOMOYO_CONFIG_WANT_REJECT_LOG
;
510 if (i
< TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAX_MAC_CATEGORY_INDEX
)
511 profile
->config
[i
] = config
;
512 else if (config
!= TOMOYO_CONFIG_USE_DEFAULT
)
513 profile
->default_config
= config
;
518 * tomoyo_write_profile - Write profile table.
520 * @head: Pointer to "struct tomoyo_io_buffer".
522 * Returns 0 on success, negative value otherwise.
524 static int tomoyo_write_profile(struct tomoyo_io_buffer
*head
)
526 char *data
= head
->write_buf
;
529 struct tomoyo_profile
*profile
;
530 if (sscanf(data
, "PROFILE_VERSION=%u", &head
->w
.ns
->profile_version
)
533 i
= simple_strtoul(data
, &cp
, 10);
537 profile
= tomoyo_assign_profile(head
->w
.ns
, i
);
540 cp
= strchr(data
, '=');
544 if (!strcmp(data
, "COMMENT")) {
545 static DEFINE_SPINLOCK(lock
);
546 const struct tomoyo_path_info
*new_comment
547 = tomoyo_get_name(cp
);
548 const struct tomoyo_path_info
*old_comment
;
552 old_comment
= profile
->comment
;
553 profile
->comment
= new_comment
;
555 tomoyo_put_name(old_comment
);
558 if (!strcmp(data
, "PREFERENCE")) {
559 for (i
= 0; i
< TOMOYO_MAX_PREF
; i
++)
560 tomoyo_set_uint(&profile
->pref
[i
], cp
,
561 tomoyo_pref_keywords
[i
]);
564 return tomoyo_set_mode(data
, cp
, profile
);
568 * tomoyo_print_config - Print mode for specified functionality.
570 * @head: Pointer to "struct tomoyo_io_buffer".
571 * @config: Mode for that functionality.
575 * Caller prints functionality's name.
577 static void tomoyo_print_config(struct tomoyo_io_buffer
*head
, const u8 config
)
579 tomoyo_io_printf(head
, "={ mode=%s grant_log=%s reject_log=%s }\n",
580 tomoyo_mode
[config
& 3],
581 tomoyo_yesno(config
& TOMOYO_CONFIG_WANT_GRANT_LOG
),
582 tomoyo_yesno(config
& TOMOYO_CONFIG_WANT_REJECT_LOG
));
586 * tomoyo_read_profile - Read profile table.
588 * @head: Pointer to "struct tomoyo_io_buffer".
592 static void tomoyo_read_profile(struct tomoyo_io_buffer
*head
)
595 struct tomoyo_policy_namespace
*ns
=
596 container_of(head
->r
.ns
, typeof(*ns
), namespace_list
);
597 const struct tomoyo_profile
*profile
;
601 index
= head
->r
.index
;
602 profile
= ns
->profile_ptr
[index
];
603 switch (head
->r
.step
) {
605 tomoyo_print_namespace(head
);
606 tomoyo_io_printf(head
, "PROFILE_VERSION=%u\n",
607 ns
->profile_version
);
611 for ( ; head
->r
.index
< TOMOYO_MAX_PROFILES
;
613 if (ns
->profile_ptr
[head
->r
.index
])
615 if (head
->r
.index
== TOMOYO_MAX_PROFILES
)
622 const struct tomoyo_path_info
*comment
=
624 tomoyo_print_namespace(head
);
625 tomoyo_io_printf(head
, "%u-COMMENT=", index
);
626 tomoyo_set_string(head
, comment
? comment
->name
: "");
628 tomoyo_io_printf(head
, "%u-PREFERENCE={ ", index
);
629 for (i
= 0; i
< TOMOYO_MAX_PREF
; i
++)
630 tomoyo_io_printf(head
, "%s=%u ",
631 tomoyo_pref_keywords
[i
],
633 tomoyo_set_string(head
, "}\n");
639 tomoyo_print_namespace(head
);
640 tomoyo_io_printf(head
, "%u-%s", index
, "CONFIG");
641 tomoyo_print_config(head
, profile
->default_config
);
647 for ( ; head
->r
.bit
< TOMOYO_MAX_MAC_INDEX
648 + TOMOYO_MAX_MAC_CATEGORY_INDEX
; head
->r
.bit
++) {
649 const u8 i
= head
->r
.bit
;
650 const u8 config
= profile
->config
[i
];
651 if (config
== TOMOYO_CONFIG_USE_DEFAULT
)
653 tomoyo_print_namespace(head
);
654 if (i
< TOMOYO_MAX_MAC_INDEX
)
655 tomoyo_io_printf(head
, "%u-CONFIG::%s::%s",
657 tomoyo_category_keywords
658 [tomoyo_index2category
[i
]],
659 tomoyo_mac_keywords
[i
]);
661 tomoyo_io_printf(head
, "%u-CONFIG::%s", index
,
662 tomoyo_mac_keywords
[i
]);
663 tomoyo_print_config(head
, config
);
667 if (head
->r
.bit
== TOMOYO_MAX_MAC_INDEX
668 + TOMOYO_MAX_MAC_CATEGORY_INDEX
) {
674 if (tomoyo_flush(head
))
678 static bool tomoyo_same_manager(const struct tomoyo_acl_head
*a
,
679 const struct tomoyo_acl_head
*b
)
681 return container_of(a
, struct tomoyo_manager
, head
)->manager
==
682 container_of(b
, struct tomoyo_manager
, head
)->manager
;
686 * tomoyo_update_manager_entry - Add a manager entry.
688 * @manager: The path to manager or the domainnamme.
689 * @is_delete: True if it is a delete request.
691 * Returns 0 on success, negative value otherwise.
693 * Caller holds tomoyo_read_lock().
695 static int tomoyo_update_manager_entry(const char *manager
,
696 const bool is_delete
)
698 struct tomoyo_manager e
= { };
699 struct tomoyo_acl_param param
= {
700 /* .ns = &tomoyo_kernel_namespace, */
701 .is_delete
= is_delete
,
702 .list
= &tomoyo_kernel_namespace
.
703 policy_list
[TOMOYO_ID_MANAGER
],
705 int error
= is_delete
? -ENOENT
: -ENOMEM
;
706 if (tomoyo_domain_def(manager
)) {
707 if (!tomoyo_correct_domain(manager
))
711 if (!tomoyo_correct_path(manager
))
714 e
.manager
= tomoyo_get_name(manager
);
716 error
= tomoyo_update_policy(&e
.head
, sizeof(e
), ¶m
,
717 tomoyo_same_manager
);
718 tomoyo_put_name(e
.manager
);
724 * tomoyo_write_manager - Write manager policy.
726 * @head: Pointer to "struct tomoyo_io_buffer".
728 * Returns 0 on success, negative value otherwise.
730 * Caller holds tomoyo_read_lock().
732 static int tomoyo_write_manager(struct tomoyo_io_buffer
*head
)
734 char *data
= head
->write_buf
;
736 if (!strcmp(data
, "manage_by_non_root")) {
737 tomoyo_manage_by_non_root
= !head
->w
.is_delete
;
740 return tomoyo_update_manager_entry(data
, head
->w
.is_delete
);
744 * tomoyo_read_manager - Read manager policy.
746 * @head: Pointer to "struct tomoyo_io_buffer".
748 * Caller holds tomoyo_read_lock().
750 static void tomoyo_read_manager(struct tomoyo_io_buffer
*head
)
754 list_for_each_cookie(head
->r
.acl
, &tomoyo_kernel_namespace
.
755 policy_list
[TOMOYO_ID_MANAGER
]) {
756 struct tomoyo_manager
*ptr
=
757 list_entry(head
->r
.acl
, typeof(*ptr
), head
.list
);
758 if (ptr
->head
.is_deleted
)
760 if (!tomoyo_flush(head
))
762 tomoyo_set_string(head
, ptr
->manager
->name
);
769 * tomoyo_manager - Check whether the current process is a policy manager.
771 * Returns true if the current process is permitted to modify policy
772 * via /sys/kernel/security/tomoyo/ interface.
774 * Caller holds tomoyo_read_lock().
776 static bool tomoyo_manager(void)
778 struct tomoyo_manager
*ptr
;
780 const struct task_struct
*task
= current
;
781 const struct tomoyo_path_info
*domainname
= tomoyo_domain()->domainname
;
784 if (!tomoyo_policy_loaded
)
786 if (!tomoyo_manage_by_non_root
&& (task
->cred
->uid
|| task
->cred
->euid
))
788 list_for_each_entry_rcu(ptr
, &tomoyo_kernel_namespace
.
789 policy_list
[TOMOYO_ID_MANAGER
], head
.list
) {
790 if (!ptr
->head
.is_deleted
&& ptr
->is_domain
791 && !tomoyo_pathcmp(domainname
, ptr
->manager
)) {
798 exe
= tomoyo_get_exe();
801 list_for_each_entry_rcu(ptr
, &tomoyo_kernel_namespace
.
802 policy_list
[TOMOYO_ID_MANAGER
], head
.list
) {
803 if (!ptr
->head
.is_deleted
&& !ptr
->is_domain
804 && !strcmp(exe
, ptr
->manager
->name
)) {
809 if (!found
) { /* Reduce error messages. */
810 static pid_t last_pid
;
811 const pid_t pid
= current
->pid
;
812 if (last_pid
!= pid
) {
813 printk(KERN_WARNING
"%s ( %s ) is not permitted to "
814 "update policies.\n", domainname
->name
, exe
);
823 * tomoyo_select_domain - Parse select command.
825 * @head: Pointer to "struct tomoyo_io_buffer".
826 * @data: String to parse.
828 * Returns true on success, false otherwise.
830 * Caller holds tomoyo_read_lock().
832 static bool tomoyo_select_domain(struct tomoyo_io_buffer
*head
,
836 struct tomoyo_domain_info
*domain
= NULL
;
837 bool global_pid
= false;
838 if (strncmp(data
, "select ", 7))
841 if (sscanf(data
, "pid=%u", &pid
) == 1 ||
842 (global_pid
= true, sscanf(data
, "global-pid=%u", &pid
) == 1)) {
843 struct task_struct
*p
;
845 read_lock(&tasklist_lock
);
847 p
= find_task_by_pid_ns(pid
, &init_pid_ns
);
849 p
= find_task_by_vpid(pid
);
851 domain
= tomoyo_real_domain(p
);
852 read_unlock(&tasklist_lock
);
854 } else if (!strncmp(data
, "domain=", 7)) {
855 if (tomoyo_domain_def(data
+ 7))
856 domain
= tomoyo_find_domain(data
+ 7);
859 head
->w
.domain
= domain
;
860 /* Accessing read_buf is safe because head->io_sem is held. */
862 return true; /* Do nothing if open(O_WRONLY). */
863 memset(&head
->r
, 0, sizeof(head
->r
));
864 head
->r
.print_this_domain_only
= true;
866 head
->r
.domain
= &domain
->list
;
869 tomoyo_io_printf(head
, "# select %s\n", data
);
870 if (domain
&& domain
->is_deleted
)
871 tomoyo_io_printf(head
, "# This is a deleted domain.\n");
876 * tomoyo_delete_domain - Delete a domain.
878 * @domainname: The name of domain.
882 * Caller holds tomoyo_read_lock().
884 static int tomoyo_delete_domain(char *domainname
)
886 struct tomoyo_domain_info
*domain
;
887 struct tomoyo_path_info name
;
889 name
.name
= domainname
;
890 tomoyo_fill_path_info(&name
);
891 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
893 /* Is there an active domain? */
894 list_for_each_entry_rcu(domain
, &tomoyo_domain_list
, list
) {
895 /* Never delete tomoyo_kernel_domain */
896 if (domain
== &tomoyo_kernel_domain
)
898 if (domain
->is_deleted
||
899 tomoyo_pathcmp(domain
->domainname
, &name
))
901 domain
->is_deleted
= true;
904 mutex_unlock(&tomoyo_policy_lock
);
909 * tomoyo_write_domain2 - Write domain policy.
911 * @ns: Pointer to "struct tomoyo_policy_namespace".
912 * @list: Pointer to "struct list_head".
913 * @data: Policy to be interpreted.
914 * @is_delete: True if it is a delete request.
916 * Returns 0 on success, negative value otherwise.
918 * Caller holds tomoyo_read_lock().
920 static int tomoyo_write_domain2(struct tomoyo_policy_namespace
*ns
,
921 struct list_head
*list
, char *data
,
922 const bool is_delete
)
924 struct tomoyo_acl_param param
= {
928 .is_delete
= is_delete
,
930 static const struct {
932 int (*write
) (struct tomoyo_acl_param
*);
933 } tomoyo_callback
[1] = {
934 { "file ", tomoyo_write_file
},
937 for (i
= 0; i
< 1; i
++) {
938 if (!tomoyo_str_starts(¶m
.data
,
939 tomoyo_callback
[i
].keyword
))
941 return tomoyo_callback
[i
].write(¶m
);
946 /* String table for domain flags. */
947 const char * const tomoyo_dif
[TOMOYO_MAX_DOMAIN_INFO_FLAGS
] = {
948 [TOMOYO_DIF_QUOTA_WARNED
] = "quota_exceeded\n",
949 [TOMOYO_DIF_TRANSITION_FAILED
] = "transition_failed\n",
953 * tomoyo_write_domain - Write domain policy.
955 * @head: Pointer to "struct tomoyo_io_buffer".
957 * Returns 0 on success, negative value otherwise.
959 * Caller holds tomoyo_read_lock().
961 static int tomoyo_write_domain(struct tomoyo_io_buffer
*head
)
963 char *data
= head
->write_buf
;
964 struct tomoyo_policy_namespace
*ns
;
965 struct tomoyo_domain_info
*domain
= head
->w
.domain
;
966 const bool is_delete
= head
->w
.is_delete
;
967 bool is_select
= !is_delete
&& tomoyo_str_starts(&data
, "select ");
968 unsigned int profile
;
972 tomoyo_delete_domain(data
);
974 domain
= tomoyo_find_domain(data
);
976 domain
= tomoyo_assign_domain(data
, false);
977 head
->w
.domain
= domain
;
983 if (sscanf(data
, "use_profile %u", &profile
) == 1
984 && profile
< TOMOYO_MAX_PROFILES
) {
985 if (!tomoyo_policy_loaded
|| ns
->profile_ptr
[profile
])
986 domain
->profile
= (u8
) profile
;
989 if (sscanf(data
, "use_group %u\n", &profile
) == 1
990 && profile
< TOMOYO_MAX_ACL_GROUPS
) {
992 domain
->group
= (u8
) profile
;
995 for (profile
= 0; profile
< TOMOYO_MAX_DOMAIN_INFO_FLAGS
; profile
++) {
996 const char *cp
= tomoyo_dif
[profile
];
997 if (strncmp(data
, cp
, strlen(cp
) - 1))
999 domain
->flags
[profile
] = !is_delete
;
1002 return tomoyo_write_domain2(ns
, &domain
->acl_info_list
, data
,
1007 * tomoyo_set_group - Print "acl_group " header keyword and category name.
1009 * @head: Pointer to "struct tomoyo_io_buffer".
1010 * @category: Category name.
1014 static void tomoyo_set_group(struct tomoyo_io_buffer
*head
,
1015 const char *category
)
1017 if (head
->type
== TOMOYO_EXCEPTIONPOLICY
) {
1018 tomoyo_print_namespace(head
);
1019 tomoyo_io_printf(head
, "acl_group %u ",
1020 head
->r
.acl_group_index
);
1022 tomoyo_set_string(head
, category
);
1026 * tomoyo_print_entry - Print an ACL entry.
1028 * @head: Pointer to "struct tomoyo_io_buffer".
1029 * @acl: Pointer to an ACL entry.
1031 * Returns true on success, false otherwise.
1033 static bool tomoyo_print_entry(struct tomoyo_io_buffer
*head
,
1034 struct tomoyo_acl_info
*acl
)
1036 const u8 acl_type
= acl
->type
;
1040 if (acl
->is_deleted
)
1042 if (!tomoyo_flush(head
))
1044 else if (acl_type
== TOMOYO_TYPE_PATH_ACL
) {
1045 struct tomoyo_path_acl
*ptr
=
1046 container_of(acl
, typeof(*ptr
), head
);
1047 const u16 perm
= ptr
->perm
;
1048 for (bit
= 0; bit
< TOMOYO_MAX_PATH_OPERATION
; bit
++) {
1049 if (!(perm
& (1 << bit
)))
1051 if (head
->r
.print_transition_related_only
&&
1052 bit
!= TOMOYO_TYPE_EXECUTE
)
1055 tomoyo_set_group(head
, "file ");
1058 tomoyo_set_slash(head
);
1060 tomoyo_set_string(head
, tomoyo_path_keyword
[bit
]);
1064 tomoyo_print_name_union(head
, &ptr
->name
);
1065 } else if (head
->r
.print_transition_related_only
) {
1067 } else if (acl_type
== TOMOYO_TYPE_PATH2_ACL
) {
1068 struct tomoyo_path2_acl
*ptr
=
1069 container_of(acl
, typeof(*ptr
), head
);
1070 const u8 perm
= ptr
->perm
;
1071 for (bit
= 0; bit
< TOMOYO_MAX_PATH2_OPERATION
; bit
++) {
1072 if (!(perm
& (1 << bit
)))
1075 tomoyo_set_group(head
, "file ");
1078 tomoyo_set_slash(head
);
1080 tomoyo_set_string(head
, tomoyo_mac_keywords
1081 [tomoyo_pp2mac
[bit
]]);
1085 tomoyo_print_name_union(head
, &ptr
->name1
);
1086 tomoyo_print_name_union(head
, &ptr
->name2
);
1087 } else if (acl_type
== TOMOYO_TYPE_PATH_NUMBER_ACL
) {
1088 struct tomoyo_path_number_acl
*ptr
=
1089 container_of(acl
, typeof(*ptr
), head
);
1090 const u8 perm
= ptr
->perm
;
1091 for (bit
= 0; bit
< TOMOYO_MAX_PATH_NUMBER_OPERATION
; bit
++) {
1092 if (!(perm
& (1 << bit
)))
1095 tomoyo_set_group(head
, "file ");
1098 tomoyo_set_slash(head
);
1100 tomoyo_set_string(head
, tomoyo_mac_keywords
1101 [tomoyo_pn2mac
[bit
]]);
1105 tomoyo_print_name_union(head
, &ptr
->name
);
1106 tomoyo_print_number_union(head
, &ptr
->number
);
1107 } else if (acl_type
== TOMOYO_TYPE_MKDEV_ACL
) {
1108 struct tomoyo_mkdev_acl
*ptr
=
1109 container_of(acl
, typeof(*ptr
), head
);
1110 const u8 perm
= ptr
->perm
;
1111 for (bit
= 0; bit
< TOMOYO_MAX_MKDEV_OPERATION
; bit
++) {
1112 if (!(perm
& (1 << bit
)))
1115 tomoyo_set_group(head
, "file ");
1118 tomoyo_set_slash(head
);
1120 tomoyo_set_string(head
, tomoyo_mac_keywords
1121 [tomoyo_pnnn2mac
[bit
]]);
1125 tomoyo_print_name_union(head
, &ptr
->name
);
1126 tomoyo_print_number_union(head
, &ptr
->mode
);
1127 tomoyo_print_number_union(head
, &ptr
->major
);
1128 tomoyo_print_number_union(head
, &ptr
->minor
);
1129 } else if (acl_type
== TOMOYO_TYPE_MOUNT_ACL
) {
1130 struct tomoyo_mount_acl
*ptr
=
1131 container_of(acl
, typeof(*ptr
), head
);
1132 tomoyo_set_group(head
, "file mount");
1133 tomoyo_print_name_union(head
, &ptr
->dev_name
);
1134 tomoyo_print_name_union(head
, &ptr
->dir_name
);
1135 tomoyo_print_name_union(head
, &ptr
->fs_type
);
1136 tomoyo_print_number_union(head
, &ptr
->flags
);
1138 tomoyo_set_lf(head
);
1143 * tomoyo_read_domain2 - Read domain policy.
1145 * @head: Pointer to "struct tomoyo_io_buffer".
1146 * @list: Pointer to "struct list_head".
1148 * Caller holds tomoyo_read_lock().
1150 * Returns true on success, false otherwise.
1152 static bool tomoyo_read_domain2(struct tomoyo_io_buffer
*head
,
1153 struct list_head
*list
)
1155 list_for_each_cookie(head
->r
.acl
, list
) {
1156 struct tomoyo_acl_info
*ptr
=
1157 list_entry(head
->r
.acl
, typeof(*ptr
), list
);
1158 if (!tomoyo_print_entry(head
, ptr
))
1166 * tomoyo_read_domain - Read domain policy.
1168 * @head: Pointer to "struct tomoyo_io_buffer".
1170 * Caller holds tomoyo_read_lock().
1172 static void tomoyo_read_domain(struct tomoyo_io_buffer
*head
)
1176 list_for_each_cookie(head
->r
.domain
, &tomoyo_domain_list
) {
1177 struct tomoyo_domain_info
*domain
=
1178 list_entry(head
->r
.domain
, typeof(*domain
), list
);
1179 switch (head
->r
.step
) {
1182 if (domain
->is_deleted
&&
1183 !head
->r
.print_this_domain_only
)
1185 /* Print domainname and flags. */
1186 tomoyo_set_string(head
, domain
->domainname
->name
);
1187 tomoyo_set_lf(head
);
1188 tomoyo_io_printf(head
, "use_profile %u\n",
1190 tomoyo_io_printf(head
, "use_group %u\n",
1192 for (i
= 0; i
< TOMOYO_MAX_DOMAIN_INFO_FLAGS
; i
++)
1193 if (domain
->flags
[i
])
1194 tomoyo_set_string(head
, tomoyo_dif
[i
]);
1196 tomoyo_set_lf(head
);
1199 if (!tomoyo_read_domain2(head
, &domain
->acl_info_list
))
1202 if (!tomoyo_set_lf(head
))
1207 if (head
->r
.print_this_domain_only
)
1216 * tomoyo_write_domain_profile - Assign profile for specified domain.
1218 * @head: Pointer to "struct tomoyo_io_buffer".
1220 * Returns 0 on success, -EINVAL otherwise.
1222 * This is equivalent to doing
1224 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1225 * /usr/sbin/tomoyo-loadpolicy -d
1227 * Caller holds tomoyo_read_lock().
1229 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer
*head
)
1231 char *data
= head
->write_buf
;
1232 char *cp
= strchr(data
, ' ');
1233 struct tomoyo_domain_info
*domain
;
1234 unsigned long profile
;
1239 domain
= tomoyo_find_domain(cp
+ 1);
1240 if (strict_strtoul(data
, 10, &profile
))
1242 if (domain
&& (!tomoyo_policy_loaded
||
1243 head
->w
.ns
->profile_ptr
[(u8
) profile
]))
1244 domain
->profile
= (u8
) profile
;
1249 * tomoyo_read_domain_profile - Read only domainname and profile.
1251 * @head: Pointer to "struct tomoyo_io_buffer".
1253 * Returns list of profile number and domainname pairs.
1255 * This is equivalent to doing
1257 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1258 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1259 * domainname = $0; } else if ( $1 == "use_profile" ) {
1260 * print $2 " " domainname; domainname = ""; } } ; '
1262 * Caller holds tomoyo_read_lock().
1264 static void tomoyo_read_domain_profile(struct tomoyo_io_buffer
*head
)
1268 list_for_each_cookie(head
->r
.domain
, &tomoyo_domain_list
) {
1269 struct tomoyo_domain_info
*domain
=
1270 list_entry(head
->r
.domain
, typeof(*domain
), list
);
1271 if (domain
->is_deleted
)
1273 if (!tomoyo_flush(head
))
1275 tomoyo_io_printf(head
, "%u ", domain
->profile
);
1276 tomoyo_set_string(head
, domain
->domainname
->name
);
1277 tomoyo_set_lf(head
);
1283 * tomoyo_write_pid: Specify PID to obtain domainname.
1285 * @head: Pointer to "struct tomoyo_io_buffer".
1289 static int tomoyo_write_pid(struct tomoyo_io_buffer
*head
)
1291 head
->r
.eof
= false;
1296 * tomoyo_read_pid - Get domainname of the specified PID.
1298 * @head: Pointer to "struct tomoyo_io_buffer".
1300 * Returns the domainname which the specified PID is in on success,
1301 * empty string otherwise.
1302 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1303 * using read()/write() interface rather than sysctl() interface.
1305 static void tomoyo_read_pid(struct tomoyo_io_buffer
*head
)
1307 char *buf
= head
->write_buf
;
1308 bool global_pid
= false;
1310 struct task_struct
*p
;
1311 struct tomoyo_domain_info
*domain
= NULL
;
1313 /* Accessing write_buf is safe because head->io_sem is held. */
1316 return; /* Do nothing if open(O_RDONLY). */
1318 if (head
->r
.w_pos
|| head
->r
.eof
)
1321 if (tomoyo_str_starts(&buf
, "global-pid "))
1323 pid
= (unsigned int) simple_strtoul(buf
, NULL
, 10);
1325 read_lock(&tasklist_lock
);
1327 p
= find_task_by_pid_ns(pid
, &init_pid_ns
);
1329 p
= find_task_by_vpid(pid
);
1331 domain
= tomoyo_real_domain(p
);
1332 read_unlock(&tasklist_lock
);
1336 tomoyo_io_printf(head
, "%u %u ", pid
, domain
->profile
);
1337 tomoyo_set_string(head
, domain
->domainname
->name
);
1340 static const char *tomoyo_transition_type
[TOMOYO_MAX_TRANSITION_TYPE
] = {
1341 [TOMOYO_TRANSITION_CONTROL_NO_RESET
] = "no_reset_domain ",
1342 [TOMOYO_TRANSITION_CONTROL_RESET
] = "reset_domain ",
1343 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE
] = "no_initialize_domain ",
1344 [TOMOYO_TRANSITION_CONTROL_INITIALIZE
] = "initialize_domain ",
1345 [TOMOYO_TRANSITION_CONTROL_NO_KEEP
] = "no_keep_domain ",
1346 [TOMOYO_TRANSITION_CONTROL_KEEP
] = "keep_domain ",
1349 static const char *tomoyo_group_name
[TOMOYO_MAX_GROUP
] = {
1350 [TOMOYO_PATH_GROUP
] = "path_group ",
1351 [TOMOYO_NUMBER_GROUP
] = "number_group ",
1355 * tomoyo_write_exception - Write exception policy.
1357 * @head: Pointer to "struct tomoyo_io_buffer".
1359 * Returns 0 on success, negative value otherwise.
1361 * Caller holds tomoyo_read_lock().
1363 static int tomoyo_write_exception(struct tomoyo_io_buffer
*head
)
1365 const bool is_delete
= head
->w
.is_delete
;
1366 struct tomoyo_acl_param param
= {
1368 .is_delete
= is_delete
,
1369 .data
= head
->write_buf
,
1372 if (tomoyo_str_starts(¶m
.data
, "aggregator "))
1373 return tomoyo_write_aggregator(¶m
);
1374 for (i
= 0; i
< TOMOYO_MAX_TRANSITION_TYPE
; i
++)
1375 if (tomoyo_str_starts(¶m
.data
, tomoyo_transition_type
[i
]))
1376 return tomoyo_write_transition_control(¶m
, i
);
1377 for (i
= 0; i
< TOMOYO_MAX_GROUP
; i
++)
1378 if (tomoyo_str_starts(¶m
.data
, tomoyo_group_name
[i
]))
1379 return tomoyo_write_group(¶m
, i
);
1380 if (tomoyo_str_starts(¶m
.data
, "acl_group ")) {
1383 group
= simple_strtoul(param
.data
, &data
, 10);
1384 if (group
< TOMOYO_MAX_ACL_GROUPS
&& *data
++ == ' ')
1385 return tomoyo_write_domain2
1386 (head
->w
.ns
, &head
->w
.ns
->acl_group
[group
],
1393 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1395 * @head: Pointer to "struct tomoyo_io_buffer".
1396 * @idx: Index number.
1398 * Returns true on success, false otherwise.
1400 * Caller holds tomoyo_read_lock().
1402 static bool tomoyo_read_group(struct tomoyo_io_buffer
*head
, const int idx
)
1404 struct tomoyo_policy_namespace
*ns
=
1405 container_of(head
->r
.ns
, typeof(*ns
), namespace_list
);
1406 struct list_head
*list
= &ns
->group_list
[idx
];
1407 list_for_each_cookie(head
->r
.group
, list
) {
1408 struct tomoyo_group
*group
=
1409 list_entry(head
->r
.group
, typeof(*group
), head
.list
);
1410 list_for_each_cookie(head
->r
.acl
, &group
->member_list
) {
1411 struct tomoyo_acl_head
*ptr
=
1412 list_entry(head
->r
.acl
, typeof(*ptr
), list
);
1413 if (ptr
->is_deleted
)
1415 if (!tomoyo_flush(head
))
1417 tomoyo_print_namespace(head
);
1418 tomoyo_set_string(head
, tomoyo_group_name
[idx
]);
1419 tomoyo_set_string(head
, group
->group_name
->name
);
1420 if (idx
== TOMOYO_PATH_GROUP
) {
1421 tomoyo_set_space(head
);
1422 tomoyo_set_string(head
, container_of
1423 (ptr
, struct tomoyo_path_group
,
1424 head
)->member_name
->name
);
1425 } else if (idx
== TOMOYO_NUMBER_GROUP
) {
1426 tomoyo_print_number_union(head
, &container_of
1428 struct tomoyo_number_group
,
1431 tomoyo_set_lf(head
);
1435 head
->r
.group
= NULL
;
1440 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
1442 * @head: Pointer to "struct tomoyo_io_buffer".
1443 * @idx: Index number.
1445 * Returns true on success, false otherwise.
1447 * Caller holds tomoyo_read_lock().
1449 static bool tomoyo_read_policy(struct tomoyo_io_buffer
*head
, const int idx
)
1451 struct tomoyo_policy_namespace
*ns
=
1452 container_of(head
->r
.ns
, typeof(*ns
), namespace_list
);
1453 struct list_head
*list
= &ns
->policy_list
[idx
];
1454 list_for_each_cookie(head
->r
.acl
, list
) {
1455 struct tomoyo_acl_head
*acl
=
1456 container_of(head
->r
.acl
, typeof(*acl
), list
);
1457 if (acl
->is_deleted
)
1459 if (!tomoyo_flush(head
))
1462 case TOMOYO_ID_TRANSITION_CONTROL
:
1464 struct tomoyo_transition_control
*ptr
=
1465 container_of(acl
, typeof(*ptr
), head
);
1466 tomoyo_print_namespace(head
);
1467 tomoyo_set_string(head
, tomoyo_transition_type
1469 tomoyo_set_string(head
, ptr
->program
?
1470 ptr
->program
->name
: "any");
1471 tomoyo_set_string(head
, " from ");
1472 tomoyo_set_string(head
, ptr
->domainname
?
1473 ptr
->domainname
->name
:
1477 case TOMOYO_ID_AGGREGATOR
:
1479 struct tomoyo_aggregator
*ptr
=
1480 container_of(acl
, typeof(*ptr
), head
);
1481 tomoyo_print_namespace(head
);
1482 tomoyo_set_string(head
, "aggregator ");
1483 tomoyo_set_string(head
,
1484 ptr
->original_name
->name
);
1485 tomoyo_set_space(head
);
1486 tomoyo_set_string(head
,
1487 ptr
->aggregated_name
->name
);
1493 tomoyo_set_lf(head
);
1500 * tomoyo_read_exception - Read exception policy.
1502 * @head: Pointer to "struct tomoyo_io_buffer".
1504 * Caller holds tomoyo_read_lock().
1506 static void tomoyo_read_exception(struct tomoyo_io_buffer
*head
)
1508 struct tomoyo_policy_namespace
*ns
=
1509 container_of(head
->r
.ns
, typeof(*ns
), namespace_list
);
1512 while (head
->r
.step
< TOMOYO_MAX_POLICY
&&
1513 tomoyo_read_policy(head
, head
->r
.step
))
1515 if (head
->r
.step
< TOMOYO_MAX_POLICY
)
1517 while (head
->r
.step
< TOMOYO_MAX_POLICY
+ TOMOYO_MAX_GROUP
&&
1518 tomoyo_read_group(head
, head
->r
.step
- TOMOYO_MAX_POLICY
))
1520 if (head
->r
.step
< TOMOYO_MAX_POLICY
+ TOMOYO_MAX_GROUP
)
1522 while (head
->r
.step
< TOMOYO_MAX_POLICY
+ TOMOYO_MAX_GROUP
1523 + TOMOYO_MAX_ACL_GROUPS
) {
1524 head
->r
.acl_group_index
= head
->r
.step
- TOMOYO_MAX_POLICY
1526 if (!tomoyo_read_domain2(head
, &ns
->acl_group
1527 [head
->r
.acl_group_index
]))
1534 /* Wait queue for kernel -> userspace notification. */
1535 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait
);
1536 /* Wait queue for userspace -> kernel notification. */
1537 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait
);
1539 /* Structure for query. */
1540 struct tomoyo_query
{
1541 struct list_head list
;
1544 unsigned int serial
;
1550 /* The list for "struct tomoyo_query". */
1551 static LIST_HEAD(tomoyo_query_list
);
1553 /* Lock for manipulating tomoyo_query_list. */
1554 static DEFINE_SPINLOCK(tomoyo_query_list_lock
);
1557 * Number of "struct file" referring /sys/kernel/security/tomoyo/query
1560 static atomic_t tomoyo_query_observers
= ATOMIC_INIT(0);
1563 * tomoyo_add_entry - Add an ACL to current thread's domain. Used by learning mode.
1565 * @domain: Pointer to "struct tomoyo_domain_info".
1566 * @header: Lines containing ACL.
1570 static void tomoyo_add_entry(struct tomoyo_domain_info
*domain
, char *header
)
1573 char *cp
= strchr(header
, '\n');
1577 cp
= strchr(cp
+ 1, '\n');
1581 len
= strlen(cp
) + 1;
1582 buffer
= kmalloc(len
, GFP_NOFS
);
1585 snprintf(buffer
, len
- 1, "%s", cp
);
1586 tomoyo_normalize_line(buffer
);
1587 if (!tomoyo_write_domain2(domain
->ns
, &domain
->acl_info_list
, buffer
,
1589 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES
);
1594 * tomoyo_supervisor - Ask for the supervisor's decision.
1596 * @r: Pointer to "struct tomoyo_request_info".
1597 * @fmt: The printf()'s format string, followed by parameters.
1599 * Returns 0 if the supervisor decided to permit the access request which
1600 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the
1601 * supervisor decided to retry the access request which violated the policy in
1602 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise.
1604 int tomoyo_supervisor(struct tomoyo_request_info
*r
, const char *fmt
, ...)
1609 static unsigned int tomoyo_serial
;
1610 struct tomoyo_query entry
= { };
1611 bool quota_exceeded
= false;
1612 va_start(args
, fmt
);
1613 len
= vsnprintf((char *) &len
, 1, fmt
, args
) + 1;
1615 /* Write /sys/kernel/security/tomoyo/audit. */
1616 va_start(args
, fmt
);
1617 tomoyo_write_log2(r
, len
, fmt
, args
);
1619 /* Nothing more to do if granted. */
1623 tomoyo_update_stat(r
->mode
);
1625 case TOMOYO_CONFIG_ENFORCING
:
1627 if (atomic_read(&tomoyo_query_observers
))
1630 case TOMOYO_CONFIG_LEARNING
:
1632 /* Check max_learning_entry parameter. */
1633 if (tomoyo_domain_quota_is_ok(r
))
1640 va_start(args
, fmt
);
1641 entry
.query
= tomoyo_init_log(r
, len
, fmt
, args
);
1645 entry
.query_len
= strlen(entry
.query
) + 1;
1647 tomoyo_add_entry(r
->domain
, entry
.query
);
1650 len
= tomoyo_round2(entry
.query_len
);
1651 spin_lock(&tomoyo_query_list_lock
);
1652 if (tomoyo_memory_quota
[TOMOYO_MEMORY_QUERY
] &&
1653 tomoyo_memory_used
[TOMOYO_MEMORY_QUERY
] + len
1654 >= tomoyo_memory_quota
[TOMOYO_MEMORY_QUERY
]) {
1655 quota_exceeded
= true;
1657 entry
.serial
= tomoyo_serial
++;
1658 entry
.retry
= r
->retry
;
1659 tomoyo_memory_used
[TOMOYO_MEMORY_QUERY
] += len
;
1660 list_add_tail(&entry
.list
, &tomoyo_query_list
);
1662 spin_unlock(&tomoyo_query_list_lock
);
1665 /* Give 10 seconds for supervisor's opinion. */
1666 while (entry
.timer
< 10) {
1667 wake_up_all(&tomoyo_query_wait
);
1668 if (wait_event_interruptible_timeout
1669 (tomoyo_answer_wait
, entry
.answer
||
1670 !atomic_read(&tomoyo_query_observers
), HZ
))
1675 spin_lock(&tomoyo_query_list_lock
);
1676 list_del(&entry
.list
);
1677 tomoyo_memory_used
[TOMOYO_MEMORY_QUERY
] -= len
;
1678 spin_unlock(&tomoyo_query_list_lock
);
1679 switch (entry
.answer
) {
1680 case 3: /* Asked to retry by administrator. */
1681 error
= TOMOYO_RETRY_REQUEST
;
1685 /* Granted by administrator. */
1689 /* Timed out or rejected by administrator. */
1698 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query.
1700 * @file: Pointer to "struct file".
1701 * @wait: Pointer to "poll_table".
1703 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
1705 * Waits for access requests which violated policy in enforcing mode.
1707 static int tomoyo_poll_query(struct file
*file
, poll_table
*wait
)
1709 struct list_head
*tmp
;
1712 for (i
= 0; i
< 2; i
++) {
1713 spin_lock(&tomoyo_query_list_lock
);
1714 list_for_each(tmp
, &tomoyo_query_list
) {
1715 struct tomoyo_query
*ptr
=
1716 list_entry(tmp
, typeof(*ptr
), list
);
1722 spin_unlock(&tomoyo_query_list_lock
);
1724 return POLLIN
| POLLRDNORM
;
1727 poll_wait(file
, &tomoyo_query_wait
, wait
);
1733 * tomoyo_read_query - Read access requests which violated policy in enforcing mode.
1735 * @head: Pointer to "struct tomoyo_io_buffer".
1737 static void tomoyo_read_query(struct tomoyo_io_buffer
*head
)
1739 struct list_head
*tmp
;
1740 unsigned int pos
= 0;
1745 if (head
->read_buf
) {
1746 kfree(head
->read_buf
);
1747 head
->read_buf
= NULL
;
1749 spin_lock(&tomoyo_query_list_lock
);
1750 list_for_each(tmp
, &tomoyo_query_list
) {
1751 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1754 if (pos
++ != head
->r
.query_index
)
1756 len
= ptr
->query_len
;
1759 spin_unlock(&tomoyo_query_list_lock
);
1761 head
->r
.query_index
= 0;
1764 buf
= kzalloc(len
+ 32, GFP_NOFS
);
1768 spin_lock(&tomoyo_query_list_lock
);
1769 list_for_each(tmp
, &tomoyo_query_list
) {
1770 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1773 if (pos
++ != head
->r
.query_index
)
1776 * Some query can be skipped because tomoyo_query_list
1777 * can change, but I don't care.
1779 if (len
== ptr
->query_len
)
1780 snprintf(buf
, len
+ 31, "Q%u-%hu\n%s", ptr
->serial
,
1781 ptr
->retry
, ptr
->query
);
1784 spin_unlock(&tomoyo_query_list_lock
);
1786 head
->read_buf
= buf
;
1787 head
->r
.w
[head
->r
.w_pos
++] = buf
;
1788 head
->r
.query_index
++;
1795 * tomoyo_write_answer - Write the supervisor's decision.
1797 * @head: Pointer to "struct tomoyo_io_buffer".
1799 * Returns 0 on success, -EINVAL otherwise.
1801 static int tomoyo_write_answer(struct tomoyo_io_buffer
*head
)
1803 char *data
= head
->write_buf
;
1804 struct list_head
*tmp
;
1805 unsigned int serial
;
1806 unsigned int answer
;
1807 spin_lock(&tomoyo_query_list_lock
);
1808 list_for_each(tmp
, &tomoyo_query_list
) {
1809 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1812 spin_unlock(&tomoyo_query_list_lock
);
1813 if (sscanf(data
, "A%u=%u", &serial
, &answer
) != 2)
1815 spin_lock(&tomoyo_query_list_lock
);
1816 list_for_each(tmp
, &tomoyo_query_list
) {
1817 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1818 if (ptr
->serial
!= serial
)
1821 ptr
->answer
= answer
;
1824 spin_unlock(&tomoyo_query_list_lock
);
1829 * tomoyo_read_version: Get version.
1831 * @head: Pointer to "struct tomoyo_io_buffer".
1833 * Returns version information.
1835 static void tomoyo_read_version(struct tomoyo_io_buffer
*head
)
1838 tomoyo_io_printf(head
, "2.4.0");
1844 * tomoyo_read_self_domain - Get the current process's domainname.
1846 * @head: Pointer to "struct tomoyo_io_buffer".
1848 * Returns the current process's domainname.
1850 static void tomoyo_read_self_domain(struct tomoyo_io_buffer
*head
)
1854 * tomoyo_domain()->domainname != NULL
1855 * because every process belongs to a domain and
1856 * the domain's name cannot be NULL.
1858 tomoyo_io_printf(head
, "%s", tomoyo_domain()->domainname
->name
);
1863 /* String table for /sys/kernel/security/tomoyo/stat interface. */
1864 static const char * const tomoyo_policy_headers
[TOMOYO_MAX_POLICY_STAT
] = {
1865 [TOMOYO_STAT_POLICY_UPDATES
] = "update:",
1866 [TOMOYO_STAT_POLICY_LEARNING
] = "violation in learning mode:",
1867 [TOMOYO_STAT_POLICY_PERMISSIVE
] = "violation in permissive mode:",
1868 [TOMOYO_STAT_POLICY_ENFORCING
] = "violation in enforcing mode:",
1871 /* String table for /sys/kernel/security/tomoyo/stat interface. */
1872 static const char * const tomoyo_memory_headers
[TOMOYO_MAX_MEMORY_STAT
] = {
1873 [TOMOYO_MEMORY_POLICY
] = "policy:",
1874 [TOMOYO_MEMORY_AUDIT
] = "audit log:",
1875 [TOMOYO_MEMORY_QUERY
] = "query message:",
1878 /* Timestamp counter for last updated. */
1879 static unsigned int tomoyo_stat_updated
[TOMOYO_MAX_POLICY_STAT
];
1880 /* Counter for number of updates. */
1881 static unsigned int tomoyo_stat_modified
[TOMOYO_MAX_POLICY_STAT
];
1884 * tomoyo_update_stat - Update statistic counters.
1886 * @index: Index for policy type.
1890 void tomoyo_update_stat(const u8 index
)
1893 do_gettimeofday(&tv
);
1895 * I don't use atomic operations because race condition is not fatal.
1897 tomoyo_stat_updated
[index
]++;
1898 tomoyo_stat_modified
[index
] = tv
.tv_sec
;
1902 * tomoyo_read_stat - Read statistic data.
1904 * @head: Pointer to "struct tomoyo_io_buffer".
1908 static void tomoyo_read_stat(struct tomoyo_io_buffer
*head
)
1911 unsigned int total
= 0;
1914 for (i
= 0; i
< TOMOYO_MAX_POLICY_STAT
; i
++) {
1915 tomoyo_io_printf(head
, "Policy %-30s %10u",
1916 tomoyo_policy_headers
[i
],
1917 tomoyo_stat_updated
[i
]);
1918 if (tomoyo_stat_modified
[i
]) {
1919 struct tomoyo_time stamp
;
1920 tomoyo_convert_time(tomoyo_stat_modified
[i
], &stamp
);
1921 tomoyo_io_printf(head
, " (Last: %04u/%02u/%02u "
1923 stamp
.year
, stamp
.month
, stamp
.day
,
1924 stamp
.hour
, stamp
.min
, stamp
.sec
);
1926 tomoyo_set_lf(head
);
1928 for (i
= 0; i
< TOMOYO_MAX_MEMORY_STAT
; i
++) {
1929 unsigned int used
= tomoyo_memory_used
[i
];
1931 tomoyo_io_printf(head
, "Memory used by %-22s %10u",
1932 tomoyo_memory_headers
[i
], used
);
1933 used
= tomoyo_memory_quota
[i
];
1935 tomoyo_io_printf(head
, " (Quota: %10u)", used
);
1936 tomoyo_set_lf(head
);
1938 tomoyo_io_printf(head
, "Total memory used: %10u\n",
1944 * tomoyo_write_stat - Set memory quota.
1946 * @head: Pointer to "struct tomoyo_io_buffer".
1950 static int tomoyo_write_stat(struct tomoyo_io_buffer
*head
)
1952 char *data
= head
->write_buf
;
1954 if (tomoyo_str_starts(&data
, "Memory used by "))
1955 for (i
= 0; i
< TOMOYO_MAX_MEMORY_STAT
; i
++)
1956 if (tomoyo_str_starts(&data
, tomoyo_memory_headers
[i
]))
1957 sscanf(data
, "%u", &tomoyo_memory_quota
[i
]);
1962 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1964 * @type: Type of interface.
1965 * @file: Pointer to "struct file".
1967 * Returns 0 on success, negative value otherwise.
1969 int tomoyo_open_control(const u8 type
, struct file
*file
)
1971 struct tomoyo_io_buffer
*head
= kzalloc(sizeof(*head
), GFP_NOFS
);
1975 mutex_init(&head
->io_sem
);
1978 case TOMOYO_DOMAINPOLICY
:
1979 /* /sys/kernel/security/tomoyo/domain_policy */
1980 head
->write
= tomoyo_write_domain
;
1981 head
->read
= tomoyo_read_domain
;
1983 case TOMOYO_EXCEPTIONPOLICY
:
1984 /* /sys/kernel/security/tomoyo/exception_policy */
1985 head
->write
= tomoyo_write_exception
;
1986 head
->read
= tomoyo_read_exception
;
1989 /* /sys/kernel/security/tomoyo/audit */
1990 head
->poll
= tomoyo_poll_log
;
1991 head
->read
= tomoyo_read_log
;
1993 case TOMOYO_SELFDOMAIN
:
1994 /* /sys/kernel/security/tomoyo/self_domain */
1995 head
->read
= tomoyo_read_self_domain
;
1997 case TOMOYO_DOMAIN_STATUS
:
1998 /* /sys/kernel/security/tomoyo/.domain_status */
1999 head
->write
= tomoyo_write_domain_profile
;
2000 head
->read
= tomoyo_read_domain_profile
;
2002 case TOMOYO_PROCESS_STATUS
:
2003 /* /sys/kernel/security/tomoyo/.process_status */
2004 head
->write
= tomoyo_write_pid
;
2005 head
->read
= tomoyo_read_pid
;
2007 case TOMOYO_VERSION
:
2008 /* /sys/kernel/security/tomoyo/version */
2009 head
->read
= tomoyo_read_version
;
2010 head
->readbuf_size
= 128;
2013 /* /sys/kernel/security/tomoyo/stat */
2014 head
->write
= tomoyo_write_stat
;
2015 head
->read
= tomoyo_read_stat
;
2016 head
->readbuf_size
= 1024;
2018 case TOMOYO_PROFILE
:
2019 /* /sys/kernel/security/tomoyo/profile */
2020 head
->write
= tomoyo_write_profile
;
2021 head
->read
= tomoyo_read_profile
;
2023 case TOMOYO_QUERY
: /* /sys/kernel/security/tomoyo/query */
2024 head
->poll
= tomoyo_poll_query
;
2025 head
->write
= tomoyo_write_answer
;
2026 head
->read
= tomoyo_read_query
;
2028 case TOMOYO_MANAGER
:
2029 /* /sys/kernel/security/tomoyo/manager */
2030 head
->write
= tomoyo_write_manager
;
2031 head
->read
= tomoyo_read_manager
;
2034 if (!(file
->f_mode
& FMODE_READ
)) {
2036 * No need to allocate read_buf since it is not opened
2041 } else if (!head
->poll
) {
2042 /* Don't allocate read_buf for poll() access. */
2043 if (!head
->readbuf_size
)
2044 head
->readbuf_size
= 4096 * 2;
2045 head
->read_buf
= kzalloc(head
->readbuf_size
, GFP_NOFS
);
2046 if (!head
->read_buf
) {
2051 if (!(file
->f_mode
& FMODE_WRITE
)) {
2053 * No need to allocate write_buf since it is not opened
2057 } else if (head
->write
) {
2058 head
->writebuf_size
= 4096 * 2;
2059 head
->write_buf
= kzalloc(head
->writebuf_size
, GFP_NOFS
);
2060 if (!head
->write_buf
) {
2061 kfree(head
->read_buf
);
2067 * If the file is /sys/kernel/security/tomoyo/query , increment the
2069 * The obserber counter is used by tomoyo_supervisor() to see if
2070 * there is some process monitoring /sys/kernel/security/tomoyo/query.
2072 if (type
== TOMOYO_QUERY
)
2073 atomic_inc(&tomoyo_query_observers
);
2074 file
->private_data
= head
;
2075 tomoyo_notify_gc(head
, true);
2080 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
2082 * @file: Pointer to "struct file".
2083 * @wait: Pointer to "poll_table".
2085 * Waits for read readiness.
2086 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd and
2087 * /sys/kernel/security/tomoyo/audit is handled by /usr/sbin/tomoyo-auditd.
2089 int tomoyo_poll_control(struct file
*file
, poll_table
*wait
)
2091 struct tomoyo_io_buffer
*head
= file
->private_data
;
2094 return head
->poll(file
, wait
);
2098 * tomoyo_set_namespace_cursor - Set namespace to read.
2100 * @head: Pointer to "struct tomoyo_io_buffer".
2104 static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer
*head
)
2106 struct list_head
*ns
;
2107 if (head
->type
!= TOMOYO_EXCEPTIONPOLICY
&&
2108 head
->type
!= TOMOYO_PROFILE
)
2111 * If this is the first read, or reading previous namespace finished
2112 * and has more namespaces to read, update the namespace cursor.
2115 if (!ns
|| (head
->r
.eof
&& ns
->next
!= &tomoyo_namespace_list
)) {
2116 /* Clearing is OK because tomoyo_flush() returned true. */
2117 memset(&head
->r
, 0, sizeof(head
->r
));
2118 head
->r
.ns
= ns
? ns
->next
: tomoyo_namespace_list
.next
;
2123 * tomoyo_has_more_namespace - Check for unread namespaces.
2125 * @head: Pointer to "struct tomoyo_io_buffer".
2127 * Returns true if we have more entries to print, false otherwise.
2129 static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer
*head
)
2131 return (head
->type
== TOMOYO_EXCEPTIONPOLICY
||
2132 head
->type
== TOMOYO_PROFILE
) && head
->r
.eof
&&
2133 head
->r
.ns
->next
!= &tomoyo_namespace_list
;
2137 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
2139 * @head: Pointer to "struct tomoyo_io_buffer".
2140 * @buffer: Poiner to buffer to write to.
2141 * @buffer_len: Size of @buffer.
2143 * Returns bytes read on success, negative value otherwise.
2145 ssize_t
tomoyo_read_control(struct tomoyo_io_buffer
*head
, char __user
*buffer
,
2146 const int buffer_len
)
2153 if (mutex_lock_interruptible(&head
->io_sem
))
2155 head
->read_user_buf
= buffer
;
2156 head
->read_user_buf_avail
= buffer_len
;
2157 idx
= tomoyo_read_lock();
2158 if (tomoyo_flush(head
))
2159 /* Call the policy handler. */
2161 tomoyo_set_namespace_cursor(head
);
2163 } while (tomoyo_flush(head
) &&
2164 tomoyo_has_more_namespace(head
));
2165 tomoyo_read_unlock(idx
);
2166 len
= head
->read_user_buf
- buffer
;
2167 mutex_unlock(&head
->io_sem
);
2172 * tomoyo_parse_policy - Parse a policy line.
2174 * @head: Poiter to "struct tomoyo_io_buffer".
2175 * @line: Line to parse.
2177 * Returns 0 on success, negative value otherwise.
2179 * Caller holds tomoyo_read_lock().
2181 static int tomoyo_parse_policy(struct tomoyo_io_buffer
*head
, char *line
)
2183 /* Delete request? */
2184 head
->w
.is_delete
= !strncmp(line
, "delete ", 7);
2185 if (head
->w
.is_delete
)
2186 memmove(line
, line
+ 7, strlen(line
+ 7) + 1);
2187 /* Selecting namespace to update. */
2188 if (head
->type
== TOMOYO_EXCEPTIONPOLICY
||
2189 head
->type
== TOMOYO_PROFILE
) {
2191 char *cp
= strchr(line
, ' ');
2194 head
->w
.ns
= tomoyo_assign_namespace(line
);
2195 memmove(line
, cp
, strlen(cp
) + 1);
2199 head
->w
.ns
= &tomoyo_kernel_namespace
;
2200 /* Don't allow updating if namespace is invalid. */
2204 /* Do the update. */
2205 return head
->write(head
);
2209 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
2211 * @head: Pointer to "struct tomoyo_io_buffer".
2212 * @buffer: Pointer to buffer to read from.
2213 * @buffer_len: Size of @buffer.
2215 * Returns @buffer_len on success, negative value otherwise.
2217 ssize_t
tomoyo_write_control(struct tomoyo_io_buffer
*head
,
2218 const char __user
*buffer
, const int buffer_len
)
2220 int error
= buffer_len
;
2221 size_t avail_len
= buffer_len
;
2222 char *cp0
= head
->write_buf
;
2226 if (!access_ok(VERIFY_READ
, buffer
, buffer_len
))
2228 if (mutex_lock_interruptible(&head
->io_sem
))
2230 idx
= tomoyo_read_lock();
2231 /* Read a line and dispatch it to the policy handler. */
2232 while (avail_len
> 0) {
2234 if (head
->w
.avail
>= head
->writebuf_size
- 1) {
2235 const int len
= head
->writebuf_size
* 2;
2236 char *cp
= kzalloc(len
, GFP_NOFS
);
2241 memmove(cp
, cp0
, head
->w
.avail
);
2243 head
->write_buf
= cp
;
2245 head
->writebuf_size
= len
;
2247 if (get_user(c
, buffer
)) {
2253 cp0
[head
->w
.avail
++] = c
;
2256 cp0
[head
->w
.avail
- 1] = '\0';
2258 tomoyo_normalize_line(cp0
);
2259 if (!strcmp(cp0
, "reset")) {
2260 head
->w
.ns
= &tomoyo_kernel_namespace
;
2261 head
->w
.domain
= NULL
;
2262 memset(&head
->r
, 0, sizeof(head
->r
));
2265 /* Don't allow updating policies by non manager programs. */
2266 switch (head
->type
) {
2267 case TOMOYO_PROCESS_STATUS
:
2268 /* This does not write anything. */
2270 case TOMOYO_DOMAINPOLICY
:
2271 if (tomoyo_select_domain(head
, cp0
))
2274 case TOMOYO_EXCEPTIONPOLICY
:
2275 if (!strcmp(cp0
, "select transition_only")) {
2276 head
->r
.print_transition_related_only
= true;
2281 if (!tomoyo_manager()) {
2286 switch (tomoyo_parse_policy(head
, cp0
)) {
2291 switch (head
->type
) {
2292 case TOMOYO_DOMAINPOLICY
:
2293 case TOMOYO_EXCEPTIONPOLICY
:
2294 case TOMOYO_DOMAIN_STATUS
:
2296 case TOMOYO_PROFILE
:
2297 case TOMOYO_MANAGER
:
2298 tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES
);
2307 tomoyo_read_unlock(idx
);
2308 mutex_unlock(&head
->io_sem
);
2313 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
2315 * @head: Pointer to "struct tomoyo_io_buffer".
2319 int tomoyo_close_control(struct tomoyo_io_buffer
*head
)
2322 * If the file is /sys/kernel/security/tomoyo/query , decrement the
2325 if (head
->type
== TOMOYO_QUERY
&&
2326 atomic_dec_and_test(&tomoyo_query_observers
))
2327 wake_up_all(&tomoyo_answer_wait
);
2328 tomoyo_notify_gc(head
, false);
2333 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined.
2335 void tomoyo_check_profile(void)
2337 struct tomoyo_domain_info
*domain
;
2338 const int idx
= tomoyo_read_lock();
2339 tomoyo_policy_loaded
= true;
2340 printk(KERN_INFO
"TOMOYO: 2.4.0\n");
2341 list_for_each_entry_rcu(domain
, &tomoyo_domain_list
, list
) {
2342 const u8 profile
= domain
->profile
;
2343 const struct tomoyo_policy_namespace
*ns
= domain
->ns
;
2344 if (ns
->profile_version
!= 20100903)
2346 "Profile version %u is not supported.\n",
2347 ns
->profile_version
);
2348 else if (!ns
->profile_ptr
[profile
])
2350 "Profile %u (used by '%s') is not defined.\n",
2351 profile
, domain
->domainname
->name
);
2355 "Userland tools for TOMOYO 2.4 must be installed and "
2356 "policy must be initialized.\n");
2357 printk(KERN_ERR
"Please see http://tomoyo.sourceforge.jp/2.4/ "
2358 "for more information.\n");
2361 tomoyo_read_unlock(idx
);
2362 printk(KERN_INFO
"Mandatory Access Control activated.\n");
2366 * tomoyo_load_builtin_policy - Load built-in policy.
2370 void __init
tomoyo_load_builtin_policy(void)
2373 * This include file is manually created and contains built-in policy
2374 * named "tomoyo_builtin_profile", "tomoyo_builtin_exception_policy",
2375 * "tomoyo_builtin_domain_policy", "tomoyo_builtin_manager",
2376 * "tomoyo_builtin_stat" in the form of "static char [] __initdata".
2378 #include "builtin-policy.h"
2380 const int idx
= tomoyo_read_lock();
2381 for (i
= 0; i
< 5; i
++) {
2382 struct tomoyo_io_buffer head
= { };
2386 start
= tomoyo_builtin_profile
;
2387 head
.type
= TOMOYO_PROFILE
;
2388 head
.write
= tomoyo_write_profile
;
2391 start
= tomoyo_builtin_exception_policy
;
2392 head
.type
= TOMOYO_EXCEPTIONPOLICY
;
2393 head
.write
= tomoyo_write_exception
;
2396 start
= tomoyo_builtin_domain_policy
;
2397 head
.type
= TOMOYO_DOMAINPOLICY
;
2398 head
.write
= tomoyo_write_domain
;
2401 start
= tomoyo_builtin_manager
;
2402 head
.type
= TOMOYO_MANAGER
;
2403 head
.write
= tomoyo_write_manager
;
2406 start
= tomoyo_builtin_stat
;
2407 head
.type
= TOMOYO_STAT
;
2408 head
.write
= tomoyo_write_stat
;
2412 char *end
= strchr(start
, '\n');
2416 tomoyo_normalize_line(start
);
2417 head
.write_buf
= start
;
2418 tomoyo_parse_policy(&head
, start
);
2422 tomoyo_read_unlock(idx
);
2423 #ifdef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
2424 tomoyo_check_profile();