2 * security/tomoyo/common.c
4 * Common functions for TOMOYO.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
9 #include <linux/uaccess.h>
10 #include <linux/slab.h>
11 #include <linux/security.h>
14 /* String table for operation mode. */
15 const char * const tomoyo_mode
[TOMOYO_CONFIG_MAX_MODE
] = {
16 [TOMOYO_CONFIG_DISABLED
] = "disabled",
17 [TOMOYO_CONFIG_LEARNING
] = "learning",
18 [TOMOYO_CONFIG_PERMISSIVE
] = "permissive",
19 [TOMOYO_CONFIG_ENFORCING
] = "enforcing"
22 /* String table for /sys/kernel/security/tomoyo/profile */
23 static const char *tomoyo_mac_keywords
[TOMOYO_MAX_MAC_INDEX
24 + TOMOYO_MAX_MAC_CATEGORY_INDEX
] = {
25 [TOMOYO_MAC_FILE_EXECUTE
] = "file::execute",
26 [TOMOYO_MAC_FILE_OPEN
] = "file::open",
27 [TOMOYO_MAC_FILE_CREATE
] = "file::create",
28 [TOMOYO_MAC_FILE_UNLINK
] = "file::unlink",
29 [TOMOYO_MAC_FILE_GETATTR
] = "file::getattr",
30 [TOMOYO_MAC_FILE_MKDIR
] = "file::mkdir",
31 [TOMOYO_MAC_FILE_RMDIR
] = "file::rmdir",
32 [TOMOYO_MAC_FILE_MKFIFO
] = "file::mkfifo",
33 [TOMOYO_MAC_FILE_MKSOCK
] = "file::mksock",
34 [TOMOYO_MAC_FILE_TRUNCATE
] = "file::truncate",
35 [TOMOYO_MAC_FILE_SYMLINK
] = "file::symlink",
36 [TOMOYO_MAC_FILE_MKBLOCK
] = "file::mkblock",
37 [TOMOYO_MAC_FILE_MKCHAR
] = "file::mkchar",
38 [TOMOYO_MAC_FILE_LINK
] = "file::link",
39 [TOMOYO_MAC_FILE_RENAME
] = "file::rename",
40 [TOMOYO_MAC_FILE_CHMOD
] = "file::chmod",
41 [TOMOYO_MAC_FILE_CHOWN
] = "file::chown",
42 [TOMOYO_MAC_FILE_CHGRP
] = "file::chgrp",
43 [TOMOYO_MAC_FILE_IOCTL
] = "file::ioctl",
44 [TOMOYO_MAC_FILE_CHROOT
] = "file::chroot",
45 [TOMOYO_MAC_FILE_MOUNT
] = "file::mount",
46 [TOMOYO_MAC_FILE_UMOUNT
] = "file::unmount",
47 [TOMOYO_MAC_FILE_PIVOT_ROOT
] = "file::pivot_root",
48 [TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAC_CATEGORY_FILE
] = "file",
51 /* String table for PREFERENCE keyword. */
52 static const char * const tomoyo_pref_keywords
[TOMOYO_MAX_PREF
] = {
53 [TOMOYO_PREF_MAX_AUDIT_LOG
] = "max_audit_log",
54 [TOMOYO_PREF_MAX_LEARNING_ENTRY
] = "max_learning_entry",
57 /* Permit policy management by non-root user? */
58 static bool tomoyo_manage_by_non_root
;
60 /* Utility functions. */
63 * tomoyo_yesno - Return "yes" or "no".
67 const char *tomoyo_yesno(const unsigned int value
)
69 return value
? "yes" : "no";
73 * tomoyo_addprintf - strncat()-like-snprintf().
75 * @buffer: Buffer to write to. Must be '\0'-terminated.
76 * @len: Size of @buffer.
77 * @fmt: The printf()'s format string, followed by parameters.
81 static void tomoyo_addprintf(char *buffer
, int len
, const char *fmt
, ...)
84 const int pos
= strlen(buffer
);
86 vsnprintf(buffer
+ pos
, len
- pos
- 1, fmt
, args
);
91 * tomoyo_flush - Flush queued string to userspace's buffer.
93 * @head: Pointer to "struct tomoyo_io_buffer".
95 * Returns true if all data was flushed, false otherwise.
97 static bool tomoyo_flush(struct tomoyo_io_buffer
*head
)
99 while (head
->r
.w_pos
) {
100 const char *w
= head
->r
.w
[0];
103 if (len
> head
->read_user_buf_avail
)
104 len
= head
->read_user_buf_avail
;
107 if (copy_to_user(head
->read_user_buf
, w
, len
))
109 head
->read_user_buf_avail
-= len
;
110 head
->read_user_buf
+= len
;
116 /* Add '\0' for audit logs and query. */
118 if (!head
->read_user_buf_avail
||
119 copy_to_user(head
->read_user_buf
, "", 1))
121 head
->read_user_buf_avail
--;
122 head
->read_user_buf
++;
125 for (len
= 0; len
< head
->r
.w_pos
; len
++)
126 head
->r
.w
[len
] = head
->r
.w
[len
+ 1];
133 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure.
135 * @head: Pointer to "struct tomoyo_io_buffer".
136 * @string: String to print.
138 * Note that @string has to be kept valid until @head is kfree()d.
139 * This means that char[] allocated on stack memory cannot be passed to
140 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory.
142 static void tomoyo_set_string(struct tomoyo_io_buffer
*head
, const char *string
)
144 if (head
->r
.w_pos
< TOMOYO_MAX_IO_READ_QUEUE
) {
145 head
->r
.w
[head
->r
.w_pos
++] = string
;
152 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure.
154 * @head: Pointer to "struct tomoyo_io_buffer".
155 * @fmt: The printf()'s format string, followed by parameters.
157 void tomoyo_io_printf(struct tomoyo_io_buffer
*head
, const char *fmt
, ...)
161 int pos
= head
->r
.avail
;
162 int size
= head
->readbuf_size
- pos
;
166 len
= vsnprintf(head
->read_buf
+ pos
, size
, fmt
, args
) + 1;
168 if (pos
+ len
>= head
->readbuf_size
) {
172 head
->r
.avail
+= len
;
173 tomoyo_set_string(head
, head
->read_buf
+ pos
);
177 * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure.
179 * @head: Pointer to "struct tomoyo_io_buffer".
183 static void tomoyo_set_space(struct tomoyo_io_buffer
*head
)
185 tomoyo_set_string(head
, " ");
189 * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure.
191 * @head: Pointer to "struct tomoyo_io_buffer".
195 static bool tomoyo_set_lf(struct tomoyo_io_buffer
*head
)
197 tomoyo_set_string(head
, "\n");
198 return !head
->r
.w_pos
;
202 * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure.
204 * @head: Pointer to "struct tomoyo_io_buffer".
208 static void tomoyo_set_slash(struct tomoyo_io_buffer
*head
)
210 tomoyo_set_string(head
, "/");
213 /* List of namespaces. */
214 LIST_HEAD(tomoyo_namespace_list
);
215 /* True if namespace other than tomoyo_kernel_namespace is defined. */
216 static bool tomoyo_namespace_enabled
;
219 * tomoyo_init_policy_namespace - Initialize namespace.
221 * @ns: Pointer to "struct tomoyo_policy_namespace".
225 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace
*ns
)
228 for (idx
= 0; idx
< TOMOYO_MAX_ACL_GROUPS
; idx
++)
229 INIT_LIST_HEAD(&ns
->acl_group
[idx
]);
230 for (idx
= 0; idx
< TOMOYO_MAX_GROUP
; idx
++)
231 INIT_LIST_HEAD(&ns
->group_list
[idx
]);
232 for (idx
= 0; idx
< TOMOYO_MAX_POLICY
; idx
++)
233 INIT_LIST_HEAD(&ns
->policy_list
[idx
]);
234 ns
->profile_version
= 20100903;
235 tomoyo_namespace_enabled
= !list_empty(&tomoyo_namespace_list
);
236 list_add_tail_rcu(&ns
->namespace_list
, &tomoyo_namespace_list
);
240 * tomoyo_print_namespace - Print namespace header.
242 * @head: Pointer to "struct tomoyo_io_buffer".
246 static void tomoyo_print_namespace(struct tomoyo_io_buffer
*head
)
248 if (!tomoyo_namespace_enabled
)
250 tomoyo_set_string(head
,
251 container_of(head
->r
.ns
,
252 struct tomoyo_policy_namespace
,
253 namespace_list
)->name
);
254 tomoyo_set_space(head
);
258 * tomoyo_print_name_union - Print a tomoyo_name_union.
260 * @head: Pointer to "struct tomoyo_io_buffer".
261 * @ptr: Pointer to "struct tomoyo_name_union".
263 static void tomoyo_print_name_union(struct tomoyo_io_buffer
*head
,
264 const struct tomoyo_name_union
*ptr
)
266 tomoyo_set_space(head
);
268 tomoyo_set_string(head
, "@");
269 tomoyo_set_string(head
, ptr
->group
->group_name
->name
);
271 tomoyo_set_string(head
, ptr
->filename
->name
);
276 * tomoyo_print_number_union - Print a tomoyo_number_union.
278 * @head: Pointer to "struct tomoyo_io_buffer".
279 * @ptr: Pointer to "struct tomoyo_number_union".
281 static void tomoyo_print_number_union(struct tomoyo_io_buffer
*head
,
282 const struct tomoyo_number_union
*ptr
)
284 tomoyo_set_space(head
);
286 tomoyo_set_string(head
, "@");
287 tomoyo_set_string(head
, ptr
->group
->group_name
->name
);
290 unsigned long min
= ptr
->values
[0];
291 const unsigned long max
= ptr
->values
[1];
292 u8 min_type
= ptr
->value_type
[0];
293 const u8 max_type
= ptr
->value_type
[1];
296 for (i
= 0; i
< 2; i
++) {
298 case TOMOYO_VALUE_TYPE_HEXADECIMAL
:
299 tomoyo_addprintf(buffer
, sizeof(buffer
),
302 case TOMOYO_VALUE_TYPE_OCTAL
:
303 tomoyo_addprintf(buffer
, sizeof(buffer
),
307 tomoyo_addprintf(buffer
, sizeof(buffer
),
311 if (min
== max
&& min_type
== max_type
)
313 tomoyo_addprintf(buffer
, sizeof(buffer
), "-");
317 tomoyo_io_printf(head
, "%s", buffer
);
322 * tomoyo_assign_profile - Create a new profile.
324 * @ns: Pointer to "struct tomoyo_policy_namespace".
325 * @profile: Profile number to create.
327 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
329 static struct tomoyo_profile
*tomoyo_assign_profile
330 (struct tomoyo_policy_namespace
*ns
, const unsigned int profile
)
332 struct tomoyo_profile
*ptr
;
333 struct tomoyo_profile
*entry
;
334 if (profile
>= TOMOYO_MAX_PROFILES
)
336 ptr
= ns
->profile_ptr
[profile
];
339 entry
= kzalloc(sizeof(*entry
), GFP_NOFS
);
340 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
342 ptr
= ns
->profile_ptr
[profile
];
343 if (!ptr
&& tomoyo_memory_ok(entry
)) {
345 ptr
->default_config
= TOMOYO_CONFIG_DISABLED
|
346 TOMOYO_CONFIG_WANT_GRANT_LOG
|
347 TOMOYO_CONFIG_WANT_REJECT_LOG
;
348 memset(ptr
->config
, TOMOYO_CONFIG_USE_DEFAULT
,
349 sizeof(ptr
->config
));
350 ptr
->pref
[TOMOYO_PREF_MAX_AUDIT_LOG
] = 1024;
351 ptr
->pref
[TOMOYO_PREF_MAX_LEARNING_ENTRY
] = 2048;
352 mb(); /* Avoid out-of-order execution. */
353 ns
->profile_ptr
[profile
] = ptr
;
356 mutex_unlock(&tomoyo_policy_lock
);
363 * tomoyo_profile - Find a profile.
365 * @ns: Pointer to "struct tomoyo_policy_namespace".
366 * @profile: Profile number to find.
368 * Returns pointer to "struct tomoyo_profile".
370 struct tomoyo_profile
*tomoyo_profile(const struct tomoyo_policy_namespace
*ns
,
373 static struct tomoyo_profile tomoyo_null_profile
;
374 struct tomoyo_profile
*ptr
= ns
->profile_ptr
[profile
];
376 ptr
= &tomoyo_null_profile
;
381 * tomoyo_find_yesno - Find values for specified keyword.
383 * @string: String to check.
384 * @find: Name of keyword.
386 * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise.
388 static s8
tomoyo_find_yesno(const char *string
, const char *find
)
390 const char *cp
= strstr(string
, find
);
393 if (!strncmp(cp
, "=yes", 4))
395 else if (!strncmp(cp
, "=no", 3))
402 * tomoyo_set_uint - Set value for specified preference.
404 * @i: Pointer to "unsigned int".
405 * @string: String to check.
406 * @find: Name of keyword.
410 static void tomoyo_set_uint(unsigned int *i
, const char *string
,
413 const char *cp
= strstr(string
, find
);
415 sscanf(cp
+ strlen(find
), "=%u", i
);
419 * tomoyo_set_mode - Set mode for specified profile.
421 * @name: Name of functionality.
422 * @value: Mode for @name.
423 * @profile: Pointer to "struct tomoyo_profile".
425 * Returns 0 on success, negative value otherwise.
427 static int tomoyo_set_mode(char *name
, const char *value
,
428 struct tomoyo_profile
*profile
)
432 if (!strcmp(name
, "CONFIG")) {
433 i
= TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAX_MAC_CATEGORY_INDEX
;
434 config
= profile
->default_config
;
435 } else if (tomoyo_str_starts(&name
, "CONFIG::")) {
437 for (i
= 0; i
< TOMOYO_MAX_MAC_INDEX
438 + TOMOYO_MAX_MAC_CATEGORY_INDEX
; i
++) {
439 if (strcmp(name
, tomoyo_mac_keywords
[i
]))
441 config
= profile
->config
[i
];
444 if (i
== TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAX_MAC_CATEGORY_INDEX
)
449 if (strstr(value
, "use_default")) {
450 config
= TOMOYO_CONFIG_USE_DEFAULT
;
453 for (mode
= 0; mode
< 4; mode
++)
454 if (strstr(value
, tomoyo_mode
[mode
]))
456 * Update lower 3 bits in order to distinguish
457 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
459 config
= (config
& ~7) | mode
;
460 if (config
!= TOMOYO_CONFIG_USE_DEFAULT
) {
461 switch (tomoyo_find_yesno(value
, "grant_log")) {
463 config
|= TOMOYO_CONFIG_WANT_GRANT_LOG
;
466 config
&= ~TOMOYO_CONFIG_WANT_GRANT_LOG
;
469 switch (tomoyo_find_yesno(value
, "reject_log")) {
471 config
|= TOMOYO_CONFIG_WANT_REJECT_LOG
;
474 config
&= ~TOMOYO_CONFIG_WANT_REJECT_LOG
;
479 if (i
< TOMOYO_MAX_MAC_INDEX
+ TOMOYO_MAX_MAC_CATEGORY_INDEX
)
480 profile
->config
[i
] = config
;
481 else if (config
!= TOMOYO_CONFIG_USE_DEFAULT
)
482 profile
->default_config
= config
;
487 * tomoyo_write_profile - Write profile table.
489 * @head: Pointer to "struct tomoyo_io_buffer".
491 * Returns 0 on success, negative value otherwise.
493 static int tomoyo_write_profile(struct tomoyo_io_buffer
*head
)
495 char *data
= head
->write_buf
;
498 struct tomoyo_profile
*profile
;
499 if (sscanf(data
, "PROFILE_VERSION=%u", &head
->w
.ns
->profile_version
)
502 i
= simple_strtoul(data
, &cp
, 10);
506 profile
= tomoyo_assign_profile(head
->w
.ns
, i
);
509 cp
= strchr(data
, '=');
513 if (!strcmp(data
, "COMMENT")) {
514 static DEFINE_SPINLOCK(lock
);
515 const struct tomoyo_path_info
*new_comment
516 = tomoyo_get_name(cp
);
517 const struct tomoyo_path_info
*old_comment
;
521 old_comment
= profile
->comment
;
522 profile
->comment
= new_comment
;
524 tomoyo_put_name(old_comment
);
527 if (!strcmp(data
, "PREFERENCE")) {
528 for (i
= 0; i
< TOMOYO_MAX_PREF
; i
++)
529 tomoyo_set_uint(&profile
->pref
[i
], cp
,
530 tomoyo_pref_keywords
[i
]);
533 return tomoyo_set_mode(data
, cp
, profile
);
537 * tomoyo_print_config - Print mode for specified functionality.
539 * @head: Pointer to "struct tomoyo_io_buffer".
540 * @config: Mode for that functionality.
544 * Caller prints functionality's name.
546 static void tomoyo_print_config(struct tomoyo_io_buffer
*head
, const u8 config
)
548 tomoyo_io_printf(head
, "={ mode=%s grant_log=%s reject_log=%s }\n",
549 tomoyo_mode
[config
& 3],
550 tomoyo_yesno(config
& TOMOYO_CONFIG_WANT_GRANT_LOG
),
551 tomoyo_yesno(config
& TOMOYO_CONFIG_WANT_REJECT_LOG
));
555 * tomoyo_read_profile - Read profile table.
557 * @head: Pointer to "struct tomoyo_io_buffer".
561 static void tomoyo_read_profile(struct tomoyo_io_buffer
*head
)
564 struct tomoyo_policy_namespace
*ns
=
565 container_of(head
->r
.ns
, typeof(*ns
), namespace_list
);
566 const struct tomoyo_profile
*profile
;
570 index
= head
->r
.index
;
571 profile
= ns
->profile_ptr
[index
];
572 switch (head
->r
.step
) {
574 tomoyo_print_namespace(head
);
575 tomoyo_io_printf(head
, "PROFILE_VERSION=%u\n",
576 ns
->profile_version
);
580 for ( ; head
->r
.index
< TOMOYO_MAX_PROFILES
;
582 if (ns
->profile_ptr
[head
->r
.index
])
584 if (head
->r
.index
== TOMOYO_MAX_PROFILES
)
591 const struct tomoyo_path_info
*comment
=
593 tomoyo_print_namespace(head
);
594 tomoyo_io_printf(head
, "%u-COMMENT=", index
);
595 tomoyo_set_string(head
, comment
? comment
->name
: "");
597 tomoyo_io_printf(head
, "%u-PREFERENCE={ ", index
);
598 for (i
= 0; i
< TOMOYO_MAX_PREF
; i
++)
599 tomoyo_io_printf(head
, "%s=%u ",
600 tomoyo_pref_keywords
[i
],
602 tomoyo_set_string(head
, "}\n");
608 tomoyo_print_namespace(head
);
609 tomoyo_io_printf(head
, "%u-%s", index
, "CONFIG");
610 tomoyo_print_config(head
, profile
->default_config
);
616 for ( ; head
->r
.bit
< TOMOYO_MAX_MAC_INDEX
617 + TOMOYO_MAX_MAC_CATEGORY_INDEX
; head
->r
.bit
++) {
618 const u8 i
= head
->r
.bit
;
619 const u8 config
= profile
->config
[i
];
620 if (config
== TOMOYO_CONFIG_USE_DEFAULT
)
622 tomoyo_print_namespace(head
);
623 tomoyo_io_printf(head
, "%u-%s%s", index
, "CONFIG::",
624 tomoyo_mac_keywords
[i
]);
625 tomoyo_print_config(head
, config
);
629 if (head
->r
.bit
== TOMOYO_MAX_MAC_INDEX
630 + TOMOYO_MAX_MAC_CATEGORY_INDEX
) {
636 if (tomoyo_flush(head
))
640 static bool tomoyo_same_manager(const struct tomoyo_acl_head
*a
,
641 const struct tomoyo_acl_head
*b
)
643 return container_of(a
, struct tomoyo_manager
, head
)->manager
==
644 container_of(b
, struct tomoyo_manager
, head
)->manager
;
648 * tomoyo_update_manager_entry - Add a manager entry.
650 * @manager: The path to manager or the domainnamme.
651 * @is_delete: True if it is a delete request.
653 * Returns 0 on success, negative value otherwise.
655 * Caller holds tomoyo_read_lock().
657 static int tomoyo_update_manager_entry(const char *manager
,
658 const bool is_delete
)
660 struct tomoyo_manager e
= { };
661 struct tomoyo_acl_param param
= {
662 /* .ns = &tomoyo_kernel_namespace, */
663 .is_delete
= is_delete
,
664 .list
= &tomoyo_kernel_namespace
.
665 policy_list
[TOMOYO_ID_MANAGER
],
667 int error
= is_delete
? -ENOENT
: -ENOMEM
;
668 if (tomoyo_domain_def(manager
)) {
669 if (!tomoyo_correct_domain(manager
))
673 if (!tomoyo_correct_path(manager
))
676 e
.manager
= tomoyo_get_name(manager
);
678 error
= tomoyo_update_policy(&e
.head
, sizeof(e
), ¶m
,
679 tomoyo_same_manager
);
680 tomoyo_put_name(e
.manager
);
686 * tomoyo_write_manager - Write manager policy.
688 * @head: Pointer to "struct tomoyo_io_buffer".
690 * Returns 0 on success, negative value otherwise.
692 * Caller holds tomoyo_read_lock().
694 static int tomoyo_write_manager(struct tomoyo_io_buffer
*head
)
696 char *data
= head
->write_buf
;
698 if (!strcmp(data
, "manage_by_non_root")) {
699 tomoyo_manage_by_non_root
= !head
->w
.is_delete
;
702 return tomoyo_update_manager_entry(data
, head
->w
.is_delete
);
706 * tomoyo_read_manager - Read manager policy.
708 * @head: Pointer to "struct tomoyo_io_buffer".
710 * Caller holds tomoyo_read_lock().
712 static void tomoyo_read_manager(struct tomoyo_io_buffer
*head
)
716 list_for_each_cookie(head
->r
.acl
, &tomoyo_kernel_namespace
.
717 policy_list
[TOMOYO_ID_MANAGER
]) {
718 struct tomoyo_manager
*ptr
=
719 list_entry(head
->r
.acl
, typeof(*ptr
), head
.list
);
720 if (ptr
->head
.is_deleted
)
722 if (!tomoyo_flush(head
))
724 tomoyo_set_string(head
, ptr
->manager
->name
);
731 * tomoyo_manager - Check whether the current process is a policy manager.
733 * Returns true if the current process is permitted to modify policy
734 * via /sys/kernel/security/tomoyo/ interface.
736 * Caller holds tomoyo_read_lock().
738 static bool tomoyo_manager(void)
740 struct tomoyo_manager
*ptr
;
742 const struct task_struct
*task
= current
;
743 const struct tomoyo_path_info
*domainname
= tomoyo_domain()->domainname
;
746 if (!tomoyo_policy_loaded
)
748 if (!tomoyo_manage_by_non_root
&& (task
->cred
->uid
|| task
->cred
->euid
))
750 list_for_each_entry_rcu(ptr
, &tomoyo_kernel_namespace
.
751 policy_list
[TOMOYO_ID_MANAGER
], head
.list
) {
752 if (!ptr
->head
.is_deleted
&& ptr
->is_domain
753 && !tomoyo_pathcmp(domainname
, ptr
->manager
)) {
760 exe
= tomoyo_get_exe();
763 list_for_each_entry_rcu(ptr
, &tomoyo_kernel_namespace
.
764 policy_list
[TOMOYO_ID_MANAGER
], head
.list
) {
765 if (!ptr
->head
.is_deleted
&& !ptr
->is_domain
766 && !strcmp(exe
, ptr
->manager
->name
)) {
771 if (!found
) { /* Reduce error messages. */
772 static pid_t last_pid
;
773 const pid_t pid
= current
->pid
;
774 if (last_pid
!= pid
) {
775 printk(KERN_WARNING
"%s ( %s ) is not permitted to "
776 "update policies.\n", domainname
->name
, exe
);
785 * tomoyo_select_domain - Parse select command.
787 * @head: Pointer to "struct tomoyo_io_buffer".
788 * @data: String to parse.
790 * Returns true on success, false otherwise.
792 * Caller holds tomoyo_read_lock().
794 static bool tomoyo_select_domain(struct tomoyo_io_buffer
*head
,
798 struct tomoyo_domain_info
*domain
= NULL
;
799 bool global_pid
= false;
800 if (strncmp(data
, "select ", 7))
803 if (sscanf(data
, "pid=%u", &pid
) == 1 ||
804 (global_pid
= true, sscanf(data
, "global-pid=%u", &pid
) == 1)) {
805 struct task_struct
*p
;
807 read_lock(&tasklist_lock
);
809 p
= find_task_by_pid_ns(pid
, &init_pid_ns
);
811 p
= find_task_by_vpid(pid
);
813 domain
= tomoyo_real_domain(p
);
814 read_unlock(&tasklist_lock
);
816 } else if (!strncmp(data
, "domain=", 7)) {
817 if (tomoyo_domain_def(data
+ 7))
818 domain
= tomoyo_find_domain(data
+ 7);
821 head
->w
.domain
= domain
;
822 /* Accessing read_buf is safe because head->io_sem is held. */
824 return true; /* Do nothing if open(O_WRONLY). */
825 memset(&head
->r
, 0, sizeof(head
->r
));
826 head
->r
.print_this_domain_only
= true;
828 head
->r
.domain
= &domain
->list
;
831 tomoyo_io_printf(head
, "# select %s\n", data
);
832 if (domain
&& domain
->is_deleted
)
833 tomoyo_io_printf(head
, "# This is a deleted domain.\n");
838 * tomoyo_delete_domain - Delete a domain.
840 * @domainname: The name of domain.
844 * Caller holds tomoyo_read_lock().
846 static int tomoyo_delete_domain(char *domainname
)
848 struct tomoyo_domain_info
*domain
;
849 struct tomoyo_path_info name
;
851 name
.name
= domainname
;
852 tomoyo_fill_path_info(&name
);
853 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
855 /* Is there an active domain? */
856 list_for_each_entry_rcu(domain
, &tomoyo_domain_list
, list
) {
857 /* Never delete tomoyo_kernel_domain */
858 if (domain
== &tomoyo_kernel_domain
)
860 if (domain
->is_deleted
||
861 tomoyo_pathcmp(domain
->domainname
, &name
))
863 domain
->is_deleted
= true;
866 mutex_unlock(&tomoyo_policy_lock
);
871 * tomoyo_write_domain2 - Write domain policy.
873 * @ns: Pointer to "struct tomoyo_policy_namespace".
874 * @list: Pointer to "struct list_head".
875 * @data: Policy to be interpreted.
876 * @is_delete: True if it is a delete request.
878 * Returns 0 on success, negative value otherwise.
880 * Caller holds tomoyo_read_lock().
882 static int tomoyo_write_domain2(struct tomoyo_policy_namespace
*ns
,
883 struct list_head
*list
, char *data
,
884 const bool is_delete
)
886 struct tomoyo_acl_param param
= {
890 .is_delete
= is_delete
,
892 static const struct {
894 int (*write
) (struct tomoyo_acl_param
*);
895 } tomoyo_callback
[1] = {
896 { "file ", tomoyo_write_file
},
899 for (i
= 0; i
< 1; i
++) {
900 if (!tomoyo_str_starts(¶m
.data
,
901 tomoyo_callback
[i
].keyword
))
903 return tomoyo_callback
[i
].write(¶m
);
909 * tomoyo_write_domain - Write domain policy.
911 * @head: Pointer to "struct tomoyo_io_buffer".
913 * Returns 0 on success, negative value otherwise.
915 * Caller holds tomoyo_read_lock().
917 static int tomoyo_write_domain(struct tomoyo_io_buffer
*head
)
919 char *data
= head
->write_buf
;
920 struct tomoyo_policy_namespace
*ns
;
921 struct tomoyo_domain_info
*domain
= head
->w
.domain
;
922 const bool is_delete
= head
->w
.is_delete
;
923 bool is_select
= !is_delete
&& tomoyo_str_starts(&data
, "select ");
924 unsigned int profile
;
928 tomoyo_delete_domain(data
);
930 domain
= tomoyo_find_domain(data
);
932 domain
= tomoyo_assign_domain(data
, false);
933 head
->w
.domain
= domain
;
939 if (sscanf(data
, "use_profile %u", &profile
) == 1
940 && profile
< TOMOYO_MAX_PROFILES
) {
941 if (!tomoyo_policy_loaded
|| ns
->profile_ptr
[profile
])
942 domain
->profile
= (u8
) profile
;
945 if (sscanf(data
, "use_group %u\n", &profile
) == 1
946 && profile
< TOMOYO_MAX_ACL_GROUPS
) {
948 domain
->group
= (u8
) profile
;
951 if (!strcmp(data
, "quota_exceeded")) {
952 domain
->quota_warned
= !is_delete
;
955 if (!strcmp(data
, "transition_failed")) {
956 domain
->transition_failed
= !is_delete
;
959 return tomoyo_write_domain2(ns
, &domain
->acl_info_list
, data
,
964 * tomoyo_set_group - Print "acl_group " header keyword and category name.
966 * @head: Pointer to "struct tomoyo_io_buffer".
967 * @category: Category name.
971 static void tomoyo_set_group(struct tomoyo_io_buffer
*head
,
972 const char *category
)
974 if (head
->type
== TOMOYO_EXCEPTIONPOLICY
) {
975 tomoyo_print_namespace(head
);
976 tomoyo_io_printf(head
, "acl_group %u ",
977 head
->r
.acl_group_index
);
979 tomoyo_set_string(head
, category
);
983 * tomoyo_print_entry - Print an ACL entry.
985 * @head: Pointer to "struct tomoyo_io_buffer".
986 * @acl: Pointer to an ACL entry.
988 * Returns true on success, false otherwise.
990 static bool tomoyo_print_entry(struct tomoyo_io_buffer
*head
,
991 struct tomoyo_acl_info
*acl
)
993 const u8 acl_type
= acl
->type
;
999 if (!tomoyo_flush(head
))
1001 else if (acl_type
== TOMOYO_TYPE_PATH_ACL
) {
1002 struct tomoyo_path_acl
*ptr
=
1003 container_of(acl
, typeof(*ptr
), head
);
1004 const u16 perm
= ptr
->perm
;
1005 for (bit
= 0; bit
< TOMOYO_MAX_PATH_OPERATION
; bit
++) {
1006 if (!(perm
& (1 << bit
)))
1008 if (head
->r
.print_transition_related_only
&&
1009 bit
!= TOMOYO_TYPE_EXECUTE
)
1012 tomoyo_set_group(head
, "file ");
1015 tomoyo_set_slash(head
);
1017 tomoyo_set_string(head
, tomoyo_path_keyword
[bit
]);
1021 tomoyo_print_name_union(head
, &ptr
->name
);
1022 } else if (head
->r
.print_transition_related_only
) {
1024 } else if (acl_type
== TOMOYO_TYPE_PATH2_ACL
) {
1025 struct tomoyo_path2_acl
*ptr
=
1026 container_of(acl
, typeof(*ptr
), head
);
1027 const u8 perm
= ptr
->perm
;
1028 for (bit
= 0; bit
< TOMOYO_MAX_PATH2_OPERATION
; bit
++) {
1029 if (!(perm
& (1 << bit
)))
1032 tomoyo_set_group(head
, "file ");
1035 tomoyo_set_slash(head
);
1037 tomoyo_set_string(head
, tomoyo_mac_keywords
1038 [tomoyo_pp2mac
[bit
]]);
1042 tomoyo_print_name_union(head
, &ptr
->name1
);
1043 tomoyo_print_name_union(head
, &ptr
->name2
);
1044 } else if (acl_type
== TOMOYO_TYPE_PATH_NUMBER_ACL
) {
1045 struct tomoyo_path_number_acl
*ptr
=
1046 container_of(acl
, typeof(*ptr
), head
);
1047 const u8 perm
= ptr
->perm
;
1048 for (bit
= 0; bit
< TOMOYO_MAX_PATH_NUMBER_OPERATION
; bit
++) {
1049 if (!(perm
& (1 << bit
)))
1052 tomoyo_set_group(head
, "file ");
1055 tomoyo_set_slash(head
);
1057 tomoyo_set_string(head
, tomoyo_mac_keywords
1058 [tomoyo_pn2mac
[bit
]]);
1062 tomoyo_print_name_union(head
, &ptr
->name
);
1063 tomoyo_print_number_union(head
, &ptr
->number
);
1064 } else if (acl_type
== TOMOYO_TYPE_MKDEV_ACL
) {
1065 struct tomoyo_mkdev_acl
*ptr
=
1066 container_of(acl
, typeof(*ptr
), head
);
1067 const u8 perm
= ptr
->perm
;
1068 for (bit
= 0; bit
< TOMOYO_MAX_MKDEV_OPERATION
; bit
++) {
1069 if (!(perm
& (1 << bit
)))
1072 tomoyo_set_group(head
, "file ");
1075 tomoyo_set_slash(head
);
1077 tomoyo_set_string(head
, tomoyo_mac_keywords
1078 [tomoyo_pnnn2mac
[bit
]]);
1082 tomoyo_print_name_union(head
, &ptr
->name
);
1083 tomoyo_print_number_union(head
, &ptr
->mode
);
1084 tomoyo_print_number_union(head
, &ptr
->major
);
1085 tomoyo_print_number_union(head
, &ptr
->minor
);
1086 } else if (acl_type
== TOMOYO_TYPE_MOUNT_ACL
) {
1087 struct tomoyo_mount_acl
*ptr
=
1088 container_of(acl
, typeof(*ptr
), head
);
1089 tomoyo_set_group(head
, "file mount");
1090 tomoyo_print_name_union(head
, &ptr
->dev_name
);
1091 tomoyo_print_name_union(head
, &ptr
->dir_name
);
1092 tomoyo_print_name_union(head
, &ptr
->fs_type
);
1093 tomoyo_print_number_union(head
, &ptr
->flags
);
1095 tomoyo_set_lf(head
);
1100 * tomoyo_read_domain2 - Read domain policy.
1102 * @head: Pointer to "struct tomoyo_io_buffer".
1103 * @list: Pointer to "struct list_head".
1105 * Caller holds tomoyo_read_lock().
1107 * Returns true on success, false otherwise.
1109 static bool tomoyo_read_domain2(struct tomoyo_io_buffer
*head
,
1110 struct list_head
*list
)
1112 list_for_each_cookie(head
->r
.acl
, list
) {
1113 struct tomoyo_acl_info
*ptr
=
1114 list_entry(head
->r
.acl
, typeof(*ptr
), list
);
1115 if (!tomoyo_print_entry(head
, ptr
))
1123 * tomoyo_read_domain - Read domain policy.
1125 * @head: Pointer to "struct tomoyo_io_buffer".
1127 * Caller holds tomoyo_read_lock().
1129 static void tomoyo_read_domain(struct tomoyo_io_buffer
*head
)
1133 list_for_each_cookie(head
->r
.domain
, &tomoyo_domain_list
) {
1134 struct tomoyo_domain_info
*domain
=
1135 list_entry(head
->r
.domain
, typeof(*domain
), list
);
1136 switch (head
->r
.step
) {
1138 if (domain
->is_deleted
&&
1139 !head
->r
.print_this_domain_only
)
1141 /* Print domainname and flags. */
1142 tomoyo_set_string(head
, domain
->domainname
->name
);
1143 tomoyo_set_lf(head
);
1144 tomoyo_io_printf(head
, "use_profile %u\n",
1146 tomoyo_io_printf(head
, "use_group %u\n",
1148 if (domain
->quota_warned
)
1149 tomoyo_set_string(head
, "quota_exceeded\n");
1150 if (domain
->transition_failed
)
1151 tomoyo_set_string(head
, "transition_failed\n");
1153 tomoyo_set_lf(head
);
1156 if (!tomoyo_read_domain2(head
, &domain
->acl_info_list
))
1159 if (!tomoyo_set_lf(head
))
1164 if (head
->r
.print_this_domain_only
)
1173 * tomoyo_write_domain_profile - Assign profile for specified domain.
1175 * @head: Pointer to "struct tomoyo_io_buffer".
1177 * Returns 0 on success, -EINVAL otherwise.
1179 * This is equivalent to doing
1181 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1182 * /usr/sbin/tomoyo-loadpolicy -d
1184 * Caller holds tomoyo_read_lock().
1186 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer
*head
)
1188 char *data
= head
->write_buf
;
1189 char *cp
= strchr(data
, ' ');
1190 struct tomoyo_domain_info
*domain
;
1191 unsigned long profile
;
1196 domain
= tomoyo_find_domain(cp
+ 1);
1197 if (strict_strtoul(data
, 10, &profile
))
1199 if (domain
&& (!tomoyo_policy_loaded
||
1200 head
->w
.ns
->profile_ptr
[(u8
) profile
]))
1201 domain
->profile
= (u8
) profile
;
1206 * tomoyo_read_domain_profile - Read only domainname and profile.
1208 * @head: Pointer to "struct tomoyo_io_buffer".
1210 * Returns list of profile number and domainname pairs.
1212 * This is equivalent to doing
1214 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1215 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1216 * domainname = $0; } else if ( $1 == "use_profile" ) {
1217 * print $2 " " domainname; domainname = ""; } } ; '
1219 * Caller holds tomoyo_read_lock().
1221 static void tomoyo_read_domain_profile(struct tomoyo_io_buffer
*head
)
1225 list_for_each_cookie(head
->r
.domain
, &tomoyo_domain_list
) {
1226 struct tomoyo_domain_info
*domain
=
1227 list_entry(head
->r
.domain
, typeof(*domain
), list
);
1228 if (domain
->is_deleted
)
1230 if (!tomoyo_flush(head
))
1232 tomoyo_io_printf(head
, "%u ", domain
->profile
);
1233 tomoyo_set_string(head
, domain
->domainname
->name
);
1234 tomoyo_set_lf(head
);
1240 * tomoyo_write_pid: Specify PID to obtain domainname.
1242 * @head: Pointer to "struct tomoyo_io_buffer".
1246 static int tomoyo_write_pid(struct tomoyo_io_buffer
*head
)
1248 head
->r
.eof
= false;
1253 * tomoyo_read_pid - Get domainname of the specified PID.
1255 * @head: Pointer to "struct tomoyo_io_buffer".
1257 * Returns the domainname which the specified PID is in on success,
1258 * empty string otherwise.
1259 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1260 * using read()/write() interface rather than sysctl() interface.
1262 static void tomoyo_read_pid(struct tomoyo_io_buffer
*head
)
1264 char *buf
= head
->write_buf
;
1265 bool global_pid
= false;
1267 struct task_struct
*p
;
1268 struct tomoyo_domain_info
*domain
= NULL
;
1270 /* Accessing write_buf is safe because head->io_sem is held. */
1273 return; /* Do nothing if open(O_RDONLY). */
1275 if (head
->r
.w_pos
|| head
->r
.eof
)
1278 if (tomoyo_str_starts(&buf
, "global-pid "))
1280 pid
= (unsigned int) simple_strtoul(buf
, NULL
, 10);
1282 read_lock(&tasklist_lock
);
1284 p
= find_task_by_pid_ns(pid
, &init_pid_ns
);
1286 p
= find_task_by_vpid(pid
);
1288 domain
= tomoyo_real_domain(p
);
1289 read_unlock(&tasklist_lock
);
1293 tomoyo_io_printf(head
, "%u %u ", pid
, domain
->profile
);
1294 tomoyo_set_string(head
, domain
->domainname
->name
);
1297 static const char *tomoyo_transition_type
[TOMOYO_MAX_TRANSITION_TYPE
] = {
1298 [TOMOYO_TRANSITION_CONTROL_NO_RESET
] = "no_reset_domain ",
1299 [TOMOYO_TRANSITION_CONTROL_RESET
] = "reset_domain ",
1300 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE
] = "no_initialize_domain ",
1301 [TOMOYO_TRANSITION_CONTROL_INITIALIZE
] = "initialize_domain ",
1302 [TOMOYO_TRANSITION_CONTROL_NO_KEEP
] = "no_keep_domain ",
1303 [TOMOYO_TRANSITION_CONTROL_KEEP
] = "keep_domain ",
1306 static const char *tomoyo_group_name
[TOMOYO_MAX_GROUP
] = {
1307 [TOMOYO_PATH_GROUP
] = "path_group ",
1308 [TOMOYO_NUMBER_GROUP
] = "number_group ",
1312 * tomoyo_write_exception - Write exception policy.
1314 * @head: Pointer to "struct tomoyo_io_buffer".
1316 * Returns 0 on success, negative value otherwise.
1318 * Caller holds tomoyo_read_lock().
1320 static int tomoyo_write_exception(struct tomoyo_io_buffer
*head
)
1322 const bool is_delete
= head
->w
.is_delete
;
1323 struct tomoyo_acl_param param
= {
1325 .is_delete
= is_delete
,
1326 .data
= head
->write_buf
,
1329 if (tomoyo_str_starts(¶m
.data
, "aggregator "))
1330 return tomoyo_write_aggregator(¶m
);
1331 for (i
= 0; i
< TOMOYO_MAX_TRANSITION_TYPE
; i
++)
1332 if (tomoyo_str_starts(¶m
.data
, tomoyo_transition_type
[i
]))
1333 return tomoyo_write_transition_control(¶m
, i
);
1334 for (i
= 0; i
< TOMOYO_MAX_GROUP
; i
++)
1335 if (tomoyo_str_starts(¶m
.data
, tomoyo_group_name
[i
]))
1336 return tomoyo_write_group(¶m
, i
);
1337 if (tomoyo_str_starts(¶m
.data
, "acl_group ")) {
1340 group
= simple_strtoul(param
.data
, &data
, 10);
1341 if (group
< TOMOYO_MAX_ACL_GROUPS
&& *data
++ == ' ')
1342 return tomoyo_write_domain2
1343 (head
->w
.ns
, &head
->w
.ns
->acl_group
[group
],
1350 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1352 * @head: Pointer to "struct tomoyo_io_buffer".
1353 * @idx: Index number.
1355 * Returns true on success, false otherwise.
1357 * Caller holds tomoyo_read_lock().
1359 static bool tomoyo_read_group(struct tomoyo_io_buffer
*head
, const int idx
)
1361 struct tomoyo_policy_namespace
*ns
=
1362 container_of(head
->r
.ns
, typeof(*ns
), namespace_list
);
1363 struct list_head
*list
= &ns
->group_list
[idx
];
1364 list_for_each_cookie(head
->r
.group
, list
) {
1365 struct tomoyo_group
*group
=
1366 list_entry(head
->r
.group
, typeof(*group
), head
.list
);
1367 list_for_each_cookie(head
->r
.acl
, &group
->member_list
) {
1368 struct tomoyo_acl_head
*ptr
=
1369 list_entry(head
->r
.acl
, typeof(*ptr
), list
);
1370 if (ptr
->is_deleted
)
1372 if (!tomoyo_flush(head
))
1374 tomoyo_print_namespace(head
);
1375 tomoyo_set_string(head
, tomoyo_group_name
[idx
]);
1376 tomoyo_set_string(head
, group
->group_name
->name
);
1377 if (idx
== TOMOYO_PATH_GROUP
) {
1378 tomoyo_set_space(head
);
1379 tomoyo_set_string(head
, container_of
1380 (ptr
, struct tomoyo_path_group
,
1381 head
)->member_name
->name
);
1382 } else if (idx
== TOMOYO_NUMBER_GROUP
) {
1383 tomoyo_print_number_union(head
, &container_of
1385 struct tomoyo_number_group
,
1388 tomoyo_set_lf(head
);
1392 head
->r
.group
= NULL
;
1397 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
1399 * @head: Pointer to "struct tomoyo_io_buffer".
1400 * @idx: Index number.
1402 * Returns true on success, false otherwise.
1404 * Caller holds tomoyo_read_lock().
1406 static bool tomoyo_read_policy(struct tomoyo_io_buffer
*head
, const int idx
)
1408 struct tomoyo_policy_namespace
*ns
=
1409 container_of(head
->r
.ns
, typeof(*ns
), namespace_list
);
1410 struct list_head
*list
= &ns
->policy_list
[idx
];
1411 list_for_each_cookie(head
->r
.acl
, list
) {
1412 struct tomoyo_acl_head
*acl
=
1413 container_of(head
->r
.acl
, typeof(*acl
), list
);
1414 if (acl
->is_deleted
)
1416 if (!tomoyo_flush(head
))
1419 case TOMOYO_ID_TRANSITION_CONTROL
:
1421 struct tomoyo_transition_control
*ptr
=
1422 container_of(acl
, typeof(*ptr
), head
);
1423 tomoyo_print_namespace(head
);
1424 tomoyo_set_string(head
, tomoyo_transition_type
1426 tomoyo_set_string(head
, ptr
->program
?
1427 ptr
->program
->name
: "any");
1428 tomoyo_set_string(head
, " from ");
1429 tomoyo_set_string(head
, ptr
->domainname
?
1430 ptr
->domainname
->name
:
1434 case TOMOYO_ID_AGGREGATOR
:
1436 struct tomoyo_aggregator
*ptr
=
1437 container_of(acl
, typeof(*ptr
), head
);
1438 tomoyo_print_namespace(head
);
1439 tomoyo_set_string(head
, "aggregator ");
1440 tomoyo_set_string(head
,
1441 ptr
->original_name
->name
);
1442 tomoyo_set_space(head
);
1443 tomoyo_set_string(head
,
1444 ptr
->aggregated_name
->name
);
1450 tomoyo_set_lf(head
);
1457 * tomoyo_read_exception - Read exception policy.
1459 * @head: Pointer to "struct tomoyo_io_buffer".
1461 * Caller holds tomoyo_read_lock().
1463 static void tomoyo_read_exception(struct tomoyo_io_buffer
*head
)
1465 struct tomoyo_policy_namespace
*ns
=
1466 container_of(head
->r
.ns
, typeof(*ns
), namespace_list
);
1469 while (head
->r
.step
< TOMOYO_MAX_POLICY
&&
1470 tomoyo_read_policy(head
, head
->r
.step
))
1472 if (head
->r
.step
< TOMOYO_MAX_POLICY
)
1474 while (head
->r
.step
< TOMOYO_MAX_POLICY
+ TOMOYO_MAX_GROUP
&&
1475 tomoyo_read_group(head
, head
->r
.step
- TOMOYO_MAX_POLICY
))
1477 if (head
->r
.step
< TOMOYO_MAX_POLICY
+ TOMOYO_MAX_GROUP
)
1479 while (head
->r
.step
< TOMOYO_MAX_POLICY
+ TOMOYO_MAX_GROUP
1480 + TOMOYO_MAX_ACL_GROUPS
) {
1481 head
->r
.acl_group_index
= head
->r
.step
- TOMOYO_MAX_POLICY
1483 if (!tomoyo_read_domain2(head
, &ns
->acl_group
1484 [head
->r
.acl_group_index
]))
1491 /* Wait queue for kernel -> userspace notification. */
1492 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait
);
1493 /* Wait queue for userspace -> kernel notification. */
1494 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait
);
1496 /* Structure for query. */
1497 struct tomoyo_query
{
1498 struct list_head list
;
1501 unsigned int serial
;
1507 /* The list for "struct tomoyo_query". */
1508 static LIST_HEAD(tomoyo_query_list
);
1510 /* Lock for manipulating tomoyo_query_list. */
1511 static DEFINE_SPINLOCK(tomoyo_query_list_lock
);
1514 * Number of "struct file" referring /sys/kernel/security/tomoyo/query
1517 static atomic_t tomoyo_query_observers
= ATOMIC_INIT(0);
1520 * tomoyo_add_entry - Add an ACL to current thread's domain. Used by learning mode.
1522 * @domain: Pointer to "struct tomoyo_domain_info".
1523 * @header: Lines containing ACL.
1527 static void tomoyo_add_entry(struct tomoyo_domain_info
*domain
, char *header
)
1530 char *cp
= strchr(header
, '\n');
1534 cp
= strchr(cp
+ 1, '\n');
1538 len
= strlen(cp
) + 1;
1539 buffer
= kmalloc(len
, GFP_NOFS
);
1542 snprintf(buffer
, len
- 1, "%s", cp
);
1543 tomoyo_normalize_line(buffer
);
1544 tomoyo_write_domain2(domain
->ns
, &domain
->acl_info_list
, buffer
,
1550 * tomoyo_supervisor - Ask for the supervisor's decision.
1552 * @r: Pointer to "struct tomoyo_request_info".
1553 * @fmt: The printf()'s format string, followed by parameters.
1555 * Returns 0 if the supervisor decided to permit the access request which
1556 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the
1557 * supervisor decided to retry the access request which violated the policy in
1558 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise.
1560 int tomoyo_supervisor(struct tomoyo_request_info
*r
, const char *fmt
, ...)
1565 static unsigned int tomoyo_serial
;
1566 struct tomoyo_query entry
= { };
1567 bool quota_exceeded
= false;
1568 va_start(args
, fmt
);
1569 len
= vsnprintf((char *) &len
, 1, fmt
, args
) + 1;
1571 /* Write /sys/kernel/security/tomoyo/audit. */
1572 va_start(args
, fmt
);
1573 tomoyo_write_log2(r
, len
, fmt
, args
);
1575 /* Nothing more to do if granted. */
1579 case TOMOYO_CONFIG_ENFORCING
:
1581 if (atomic_read(&tomoyo_query_observers
))
1584 case TOMOYO_CONFIG_LEARNING
:
1586 /* Check max_learning_entry parameter. */
1587 if (tomoyo_domain_quota_is_ok(r
))
1594 va_start(args
, fmt
);
1595 entry
.query
= tomoyo_init_log(r
, len
, fmt
, args
);
1599 entry
.query_len
= strlen(entry
.query
) + 1;
1601 tomoyo_add_entry(r
->domain
, entry
.query
);
1604 len
= tomoyo_round2(entry
.query_len
);
1605 spin_lock(&tomoyo_query_list_lock
);
1606 if (tomoyo_memory_quota
[TOMOYO_MEMORY_QUERY
] &&
1607 tomoyo_memory_used
[TOMOYO_MEMORY_QUERY
] + len
1608 >= tomoyo_memory_quota
[TOMOYO_MEMORY_QUERY
]) {
1609 quota_exceeded
= true;
1611 entry
.serial
= tomoyo_serial
++;
1612 entry
.retry
= r
->retry
;
1613 tomoyo_memory_used
[TOMOYO_MEMORY_QUERY
] += len
;
1614 list_add_tail(&entry
.list
, &tomoyo_query_list
);
1616 spin_unlock(&tomoyo_query_list_lock
);
1619 /* Give 10 seconds for supervisor's opinion. */
1620 while (entry
.timer
< 10) {
1621 wake_up_all(&tomoyo_query_wait
);
1622 if (wait_event_interruptible_timeout
1623 (tomoyo_answer_wait
, entry
.answer
||
1624 !atomic_read(&tomoyo_query_observers
), HZ
))
1629 spin_lock(&tomoyo_query_list_lock
);
1630 list_del(&entry
.list
);
1631 tomoyo_memory_used
[TOMOYO_MEMORY_QUERY
] -= len
;
1632 spin_unlock(&tomoyo_query_list_lock
);
1633 switch (entry
.answer
) {
1634 case 3: /* Asked to retry by administrator. */
1635 error
= TOMOYO_RETRY_REQUEST
;
1639 /* Granted by administrator. */
1643 /* Timed out or rejected by administrator. */
1652 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query.
1654 * @file: Pointer to "struct file".
1655 * @wait: Pointer to "poll_table".
1657 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
1659 * Waits for access requests which violated policy in enforcing mode.
1661 static int tomoyo_poll_query(struct file
*file
, poll_table
*wait
)
1663 struct list_head
*tmp
;
1666 for (i
= 0; i
< 2; i
++) {
1667 spin_lock(&tomoyo_query_list_lock
);
1668 list_for_each(tmp
, &tomoyo_query_list
) {
1669 struct tomoyo_query
*ptr
=
1670 list_entry(tmp
, typeof(*ptr
), list
);
1676 spin_unlock(&tomoyo_query_list_lock
);
1678 return POLLIN
| POLLRDNORM
;
1681 poll_wait(file
, &tomoyo_query_wait
, wait
);
1687 * tomoyo_read_query - Read access requests which violated policy in enforcing mode.
1689 * @head: Pointer to "struct tomoyo_io_buffer".
1691 static void tomoyo_read_query(struct tomoyo_io_buffer
*head
)
1693 struct list_head
*tmp
;
1699 if (head
->read_buf
) {
1700 kfree(head
->read_buf
);
1701 head
->read_buf
= NULL
;
1703 spin_lock(&tomoyo_query_list_lock
);
1704 list_for_each(tmp
, &tomoyo_query_list
) {
1705 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1708 if (pos
++ != head
->r
.query_index
)
1710 len
= ptr
->query_len
;
1713 spin_unlock(&tomoyo_query_list_lock
);
1715 head
->r
.query_index
= 0;
1718 buf
= kzalloc(len
+ 32, GFP_NOFS
);
1722 spin_lock(&tomoyo_query_list_lock
);
1723 list_for_each(tmp
, &tomoyo_query_list
) {
1724 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1727 if (pos
++ != head
->r
.query_index
)
1730 * Some query can be skipped because tomoyo_query_list
1731 * can change, but I don't care.
1733 if (len
== ptr
->query_len
)
1734 snprintf(buf
, len
+ 31, "Q%u-%hu\n%s", ptr
->serial
,
1735 ptr
->retry
, ptr
->query
);
1738 spin_unlock(&tomoyo_query_list_lock
);
1740 head
->read_buf
= buf
;
1741 head
->r
.w
[head
->r
.w_pos
++] = buf
;
1742 head
->r
.query_index
++;
1749 * tomoyo_write_answer - Write the supervisor's decision.
1751 * @head: Pointer to "struct tomoyo_io_buffer".
1753 * Returns 0 on success, -EINVAL otherwise.
1755 static int tomoyo_write_answer(struct tomoyo_io_buffer
*head
)
1757 char *data
= head
->write_buf
;
1758 struct list_head
*tmp
;
1759 unsigned int serial
;
1760 unsigned int answer
;
1761 spin_lock(&tomoyo_query_list_lock
);
1762 list_for_each(tmp
, &tomoyo_query_list
) {
1763 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1766 spin_unlock(&tomoyo_query_list_lock
);
1767 if (sscanf(data
, "A%u=%u", &serial
, &answer
) != 2)
1769 spin_lock(&tomoyo_query_list_lock
);
1770 list_for_each(tmp
, &tomoyo_query_list
) {
1771 struct tomoyo_query
*ptr
= list_entry(tmp
, typeof(*ptr
), list
);
1772 if (ptr
->serial
!= serial
)
1775 ptr
->answer
= answer
;
1778 spin_unlock(&tomoyo_query_list_lock
);
1783 * tomoyo_read_version: Get version.
1785 * @head: Pointer to "struct tomoyo_io_buffer".
1787 * Returns version information.
1789 static void tomoyo_read_version(struct tomoyo_io_buffer
*head
)
1792 tomoyo_io_printf(head
, "2.4.0");
1798 * tomoyo_read_self_domain - Get the current process's domainname.
1800 * @head: Pointer to "struct tomoyo_io_buffer".
1802 * Returns the current process's domainname.
1804 static void tomoyo_read_self_domain(struct tomoyo_io_buffer
*head
)
1808 * tomoyo_domain()->domainname != NULL
1809 * because every process belongs to a domain and
1810 * the domain's name cannot be NULL.
1812 tomoyo_io_printf(head
, "%s", tomoyo_domain()->domainname
->name
);
1818 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1820 * @type: Type of interface.
1821 * @file: Pointer to "struct file".
1823 * Returns 0 on success, negative value otherwise.
1825 int tomoyo_open_control(const u8 type
, struct file
*file
)
1827 struct tomoyo_io_buffer
*head
= kzalloc(sizeof(*head
), GFP_NOFS
);
1831 mutex_init(&head
->io_sem
);
1834 case TOMOYO_DOMAINPOLICY
:
1835 /* /sys/kernel/security/tomoyo/domain_policy */
1836 head
->write
= tomoyo_write_domain
;
1837 head
->read
= tomoyo_read_domain
;
1839 case TOMOYO_EXCEPTIONPOLICY
:
1840 /* /sys/kernel/security/tomoyo/exception_policy */
1841 head
->write
= tomoyo_write_exception
;
1842 head
->read
= tomoyo_read_exception
;
1845 /* /sys/kernel/security/tomoyo/audit */
1846 head
->poll
= tomoyo_poll_log
;
1847 head
->read
= tomoyo_read_log
;
1849 case TOMOYO_SELFDOMAIN
:
1850 /* /sys/kernel/security/tomoyo/self_domain */
1851 head
->read
= tomoyo_read_self_domain
;
1853 case TOMOYO_DOMAIN_STATUS
:
1854 /* /sys/kernel/security/tomoyo/.domain_status */
1855 head
->write
= tomoyo_write_domain_profile
;
1856 head
->read
= tomoyo_read_domain_profile
;
1858 case TOMOYO_PROCESS_STATUS
:
1859 /* /sys/kernel/security/tomoyo/.process_status */
1860 head
->write
= tomoyo_write_pid
;
1861 head
->read
= tomoyo_read_pid
;
1863 case TOMOYO_VERSION
:
1864 /* /sys/kernel/security/tomoyo/version */
1865 head
->read
= tomoyo_read_version
;
1866 head
->readbuf_size
= 128;
1868 case TOMOYO_MEMINFO
:
1869 /* /sys/kernel/security/tomoyo/meminfo */
1870 head
->write
= tomoyo_write_memory_quota
;
1871 head
->read
= tomoyo_read_memory_counter
;
1872 head
->readbuf_size
= 512;
1874 case TOMOYO_PROFILE
:
1875 /* /sys/kernel/security/tomoyo/profile */
1876 head
->write
= tomoyo_write_profile
;
1877 head
->read
= tomoyo_read_profile
;
1879 case TOMOYO_QUERY
: /* /sys/kernel/security/tomoyo/query */
1880 head
->poll
= tomoyo_poll_query
;
1881 head
->write
= tomoyo_write_answer
;
1882 head
->read
= tomoyo_read_query
;
1884 case TOMOYO_MANAGER
:
1885 /* /sys/kernel/security/tomoyo/manager */
1886 head
->write
= tomoyo_write_manager
;
1887 head
->read
= tomoyo_read_manager
;
1890 if (!(file
->f_mode
& FMODE_READ
)) {
1892 * No need to allocate read_buf since it is not opened
1897 } else if (!head
->poll
) {
1898 /* Don't allocate read_buf for poll() access. */
1899 if (!head
->readbuf_size
)
1900 head
->readbuf_size
= 4096 * 2;
1901 head
->read_buf
= kzalloc(head
->readbuf_size
, GFP_NOFS
);
1902 if (!head
->read_buf
) {
1907 if (!(file
->f_mode
& FMODE_WRITE
)) {
1909 * No need to allocate write_buf since it is not opened
1913 } else if (head
->write
) {
1914 head
->writebuf_size
= 4096 * 2;
1915 head
->write_buf
= kzalloc(head
->writebuf_size
, GFP_NOFS
);
1916 if (!head
->write_buf
) {
1917 kfree(head
->read_buf
);
1923 * If the file is /sys/kernel/security/tomoyo/query , increment the
1925 * The obserber counter is used by tomoyo_supervisor() to see if
1926 * there is some process monitoring /sys/kernel/security/tomoyo/query.
1928 if (type
== TOMOYO_QUERY
)
1929 atomic_inc(&tomoyo_query_observers
);
1930 file
->private_data
= head
;
1931 tomoyo_notify_gc(head
, true);
1936 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
1938 * @file: Pointer to "struct file".
1939 * @wait: Pointer to "poll_table".
1941 * Waits for read readiness.
1942 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd and
1943 * /sys/kernel/security/tomoyo/audit is handled by /usr/sbin/tomoyo-auditd.
1945 int tomoyo_poll_control(struct file
*file
, poll_table
*wait
)
1947 struct tomoyo_io_buffer
*head
= file
->private_data
;
1950 return head
->poll(file
, wait
);
1954 * tomoyo_set_namespace_cursor - Set namespace to read.
1956 * @head: Pointer to "struct tomoyo_io_buffer".
1960 static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer
*head
)
1962 struct list_head
*ns
;
1963 if (head
->type
!= TOMOYO_EXCEPTIONPOLICY
&&
1964 head
->type
!= TOMOYO_PROFILE
)
1967 * If this is the first read, or reading previous namespace finished
1968 * and has more namespaces to read, update the namespace cursor.
1971 if (!ns
|| (head
->r
.eof
&& ns
->next
!= &tomoyo_namespace_list
)) {
1972 /* Clearing is OK because tomoyo_flush() returned true. */
1973 memset(&head
->r
, 0, sizeof(head
->r
));
1974 head
->r
.ns
= ns
? ns
->next
: tomoyo_namespace_list
.next
;
1979 * tomoyo_has_more_namespace - Check for unread namespaces.
1981 * @head: Pointer to "struct tomoyo_io_buffer".
1983 * Returns true if we have more entries to print, false otherwise.
1985 static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer
*head
)
1987 return (head
->type
== TOMOYO_EXCEPTIONPOLICY
||
1988 head
->type
== TOMOYO_PROFILE
) && head
->r
.eof
&&
1989 head
->r
.ns
->next
!= &tomoyo_namespace_list
;
1993 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
1995 * @head: Pointer to "struct tomoyo_io_buffer".
1996 * @buffer: Poiner to buffer to write to.
1997 * @buffer_len: Size of @buffer.
1999 * Returns bytes read on success, negative value otherwise.
2001 int tomoyo_read_control(struct tomoyo_io_buffer
*head
, char __user
*buffer
,
2002 const int buffer_len
)
2009 if (mutex_lock_interruptible(&head
->io_sem
))
2011 head
->read_user_buf
= buffer
;
2012 head
->read_user_buf_avail
= buffer_len
;
2013 idx
= tomoyo_read_lock();
2014 if (tomoyo_flush(head
))
2015 /* Call the policy handler. */
2017 tomoyo_set_namespace_cursor(head
);
2019 } while (tomoyo_flush(head
) &&
2020 tomoyo_has_more_namespace(head
));
2021 tomoyo_read_unlock(idx
);
2022 len
= head
->read_user_buf
- buffer
;
2023 mutex_unlock(&head
->io_sem
);
2028 * tomoyo_parse_policy - Parse a policy line.
2030 * @head: Poiter to "struct tomoyo_io_buffer".
2031 * @line: Line to parse.
2033 * Returns 0 on success, negative value otherwise.
2035 * Caller holds tomoyo_read_lock().
2037 static int tomoyo_parse_policy(struct tomoyo_io_buffer
*head
, char *line
)
2039 /* Delete request? */
2040 head
->w
.is_delete
= !strncmp(line
, "delete ", 7);
2041 if (head
->w
.is_delete
)
2042 memmove(line
, line
+ 7, strlen(line
+ 7) + 1);
2043 /* Selecting namespace to update. */
2044 if (head
->type
== TOMOYO_EXCEPTIONPOLICY
||
2045 head
->type
== TOMOYO_PROFILE
) {
2047 char *cp
= strchr(line
, ' ');
2050 head
->w
.ns
= tomoyo_assign_namespace(line
);
2051 memmove(line
, cp
, strlen(cp
) + 1);
2055 head
->w
.ns
= &tomoyo_kernel_namespace
;
2056 /* Don't allow updating if namespace is invalid. */
2060 /* Do the update. */
2061 return head
->write(head
);
2065 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
2067 * @head: Pointer to "struct tomoyo_io_buffer".
2068 * @buffer: Pointer to buffer to read from.
2069 * @buffer_len: Size of @buffer.
2071 * Returns @buffer_len on success, negative value otherwise.
2073 int tomoyo_write_control(struct tomoyo_io_buffer
*head
,
2074 const char __user
*buffer
, const int buffer_len
)
2076 int error
= buffer_len
;
2077 size_t avail_len
= buffer_len
;
2078 char *cp0
= head
->write_buf
;
2082 if (!access_ok(VERIFY_READ
, buffer
, buffer_len
))
2084 if (mutex_lock_interruptible(&head
->io_sem
))
2086 idx
= tomoyo_read_lock();
2087 /* Read a line and dispatch it to the policy handler. */
2088 while (avail_len
> 0) {
2090 if (head
->w
.avail
>= head
->writebuf_size
- 1) {
2091 const int len
= head
->writebuf_size
* 2;
2092 char *cp
= kzalloc(len
, GFP_NOFS
);
2097 memmove(cp
, cp0
, head
->w
.avail
);
2099 head
->write_buf
= cp
;
2101 head
->writebuf_size
= len
;
2103 if (get_user(c
, buffer
)) {
2109 cp0
[head
->w
.avail
++] = c
;
2112 cp0
[head
->w
.avail
- 1] = '\0';
2114 tomoyo_normalize_line(cp0
);
2115 if (!strcmp(cp0
, "reset")) {
2116 head
->w
.ns
= &tomoyo_kernel_namespace
;
2117 head
->w
.domain
= NULL
;
2118 memset(&head
->r
, 0, sizeof(head
->r
));
2121 /* Don't allow updating policies by non manager programs. */
2122 switch (head
->type
) {
2123 case TOMOYO_PROCESS_STATUS
:
2124 /* This does not write anything. */
2126 case TOMOYO_DOMAINPOLICY
:
2127 if (tomoyo_select_domain(head
, cp0
))
2130 case TOMOYO_EXCEPTIONPOLICY
:
2131 if (!strcmp(cp0
, "select transition_only")) {
2132 head
->r
.print_transition_related_only
= true;
2137 if (!tomoyo_manager()) {
2142 switch (tomoyo_parse_policy(head
, cp0
)) {
2149 tomoyo_read_unlock(idx
);
2150 mutex_unlock(&head
->io_sem
);
2155 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
2157 * @head: Pointer to "struct tomoyo_io_buffer".
2161 int tomoyo_close_control(struct tomoyo_io_buffer
*head
)
2164 * If the file is /sys/kernel/security/tomoyo/query , decrement the
2167 if (head
->type
== TOMOYO_QUERY
&&
2168 atomic_dec_and_test(&tomoyo_query_observers
))
2169 wake_up_all(&tomoyo_answer_wait
);
2170 tomoyo_notify_gc(head
, false);
2175 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined.
2177 void tomoyo_check_profile(void)
2179 struct tomoyo_domain_info
*domain
;
2180 const int idx
= tomoyo_read_lock();
2181 tomoyo_policy_loaded
= true;
2182 printk(KERN_INFO
"TOMOYO: 2.4.0\n");
2183 list_for_each_entry_rcu(domain
, &tomoyo_domain_list
, list
) {
2184 const u8 profile
= domain
->profile
;
2185 const struct tomoyo_policy_namespace
*ns
= domain
->ns
;
2186 if (ns
->profile_version
!= 20100903)
2188 "Profile version %u is not supported.\n",
2189 ns
->profile_version
);
2190 else if (!ns
->profile_ptr
[profile
])
2192 "Profile %u (used by '%s') is not defined.\n",
2193 profile
, domain
->domainname
->name
);
2197 "Userland tools for TOMOYO 2.4 must be installed and "
2198 "policy must be initialized.\n");
2199 printk(KERN_ERR
"Please see http://tomoyo.sourceforge.jp/2.4/ "
2200 "for more information.\n");
2203 tomoyo_read_unlock(idx
);
2204 printk(KERN_INFO
"Mandatory Access Control activated.\n");