2 * security/tomoyo/file.c
4 * Implementation of the Domain-Based Mandatory Access Control.
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
8 * Version: 2.2.0 2009/04/01
13 #include <linux/slab.h>
15 /* Keyword array for operations with one pathname. */
16 static const char *tomoyo_path_keyword
[TOMOYO_MAX_PATH_OPERATION
] = {
17 [TOMOYO_TYPE_READ_WRITE
] = "read/write",
18 [TOMOYO_TYPE_EXECUTE
] = "execute",
19 [TOMOYO_TYPE_READ
] = "read",
20 [TOMOYO_TYPE_WRITE
] = "write",
21 [TOMOYO_TYPE_UNLINK
] = "unlink",
22 [TOMOYO_TYPE_RMDIR
] = "rmdir",
23 [TOMOYO_TYPE_TRUNCATE
] = "truncate",
24 [TOMOYO_TYPE_SYMLINK
] = "symlink",
25 [TOMOYO_TYPE_REWRITE
] = "rewrite",
26 [TOMOYO_TYPE_CHROOT
] = "chroot",
27 [TOMOYO_TYPE_UMOUNT
] = "unmount",
30 /* Keyword array for operations with one pathname and three numbers. */
31 static const char *tomoyo_path_number3_keyword
32 [TOMOYO_MAX_PATH_NUMBER3_OPERATION
] = {
33 [TOMOYO_TYPE_MKBLOCK
] = "mkblock",
34 [TOMOYO_TYPE_MKCHAR
] = "mkchar",
37 /* Keyword array for operations with two pathnames. */
38 static const char *tomoyo_path2_keyword
[TOMOYO_MAX_PATH2_OPERATION
] = {
39 [TOMOYO_TYPE_LINK
] = "link",
40 [TOMOYO_TYPE_RENAME
] = "rename",
41 [TOMOYO_TYPE_PIVOT_ROOT
] = "pivot_root",
44 /* Keyword array for operations with one pathname and one number. */
45 static const char *tomoyo_path_number_keyword
46 [TOMOYO_MAX_PATH_NUMBER_OPERATION
] = {
47 [TOMOYO_TYPE_CREATE
] = "create",
48 [TOMOYO_TYPE_MKDIR
] = "mkdir",
49 [TOMOYO_TYPE_MKFIFO
] = "mkfifo",
50 [TOMOYO_TYPE_MKSOCK
] = "mksock",
51 [TOMOYO_TYPE_IOCTL
] = "ioctl",
52 [TOMOYO_TYPE_CHMOD
] = "chmod",
53 [TOMOYO_TYPE_CHOWN
] = "chown",
54 [TOMOYO_TYPE_CHGRP
] = "chgrp",
57 void tomoyo_put_name_union(struct tomoyo_name_union
*ptr
)
62 tomoyo_put_path_group(ptr
->group
);
64 tomoyo_put_name(ptr
->filename
);
67 bool tomoyo_compare_name_union(const struct tomoyo_path_info
*name
,
68 const struct tomoyo_name_union
*ptr
)
71 return tomoyo_path_matches_group(name
, ptr
->group
, 1);
72 return tomoyo_path_matches_pattern(name
, ptr
->filename
);
75 static bool tomoyo_compare_name_union_pattern(const struct tomoyo_path_info
77 const struct tomoyo_name_union
78 *ptr
, const bool may_use_pattern
)
81 return tomoyo_path_matches_group(name
, ptr
->group
,
83 if (may_use_pattern
|| !ptr
->filename
->is_patterned
)
84 return tomoyo_path_matches_pattern(name
, ptr
->filename
);
88 void tomoyo_put_number_union(struct tomoyo_number_union
*ptr
)
90 if (ptr
&& ptr
->is_group
)
91 tomoyo_put_number_group(ptr
->group
);
94 bool tomoyo_compare_number_union(const unsigned long value
,
95 const struct tomoyo_number_union
*ptr
)
98 return tomoyo_number_matches_group(value
, value
, ptr
->group
);
99 return value
>= ptr
->values
[0] && value
<= ptr
->values
[1];
103 * tomoyo_init_request_info - Initialize "struct tomoyo_request_info" members.
105 * @r: Pointer to "struct tomoyo_request_info" to initialize.
106 * @domain: Pointer to "struct tomoyo_domain_info". NULL for tomoyo_domain().
110 int tomoyo_init_request_info(struct tomoyo_request_info
*r
,
111 struct tomoyo_domain_info
*domain
)
113 memset(r
, 0, sizeof(*r
));
115 domain
= tomoyo_domain();
117 r
->mode
= tomoyo_check_flags(domain
, TOMOYO_MAC_FOR_FILE
);
121 static void tomoyo_warn_log(struct tomoyo_request_info
*r
, const char *fmt
, ...)
122 __attribute__ ((format(printf
, 2, 3)));
124 * tomoyo_warn_log - Print warning or error message on console.
126 * @r: Pointer to "struct tomoyo_request_info".
127 * @fmt: The printf()'s format string, followed by parameters.
129 static void tomoyo_warn_log(struct tomoyo_request_info
*r
, const char *fmt
, ...)
134 if (!tomoyo_verbose_mode(r
->domain
))
138 buffer
= kmalloc(len
, GFP_NOFS
);
142 len2
= vsnprintf(buffer
, len
- 1, fmt
, args
);
144 if (len2
<= len
- 1) {
151 printk(KERN_WARNING
"TOMOYO-%s: Access %s denied for %s\n",
152 r
->mode
== TOMOYO_CONFIG_ENFORCING
? "ERROR" : "WARNING",
153 buffer
, tomoyo_get_last_name(r
->domain
));
158 * tomoyo_path2keyword - Get the name of single path operation.
160 * @operation: Type of operation.
162 * Returns the name of single path operation.
164 const char *tomoyo_path2keyword(const u8 operation
)
166 return (operation
< TOMOYO_MAX_PATH_OPERATION
)
167 ? tomoyo_path_keyword
[operation
] : NULL
;
171 * tomoyo_path_number32keyword - Get the name of path/number/number/number operations.
173 * @operation: Type of operation.
175 * Returns the name of path/number/number/number operation.
177 const char *tomoyo_path_number32keyword(const u8 operation
)
179 return (operation
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
)
180 ? tomoyo_path_number3_keyword
[operation
] : NULL
;
184 * tomoyo_path22keyword - Get the name of double path operation.
186 * @operation: Type of operation.
188 * Returns the name of double path operation.
190 const char *tomoyo_path22keyword(const u8 operation
)
192 return (operation
< TOMOYO_MAX_PATH2_OPERATION
)
193 ? tomoyo_path2_keyword
[operation
] : NULL
;
197 * tomoyo_path_number2keyword - Get the name of path/number operations.
199 * @operation: Type of operation.
201 * Returns the name of path/number operation.
203 const char *tomoyo_path_number2keyword(const u8 operation
)
205 return (operation
< TOMOYO_MAX_PATH_NUMBER_OPERATION
)
206 ? tomoyo_path_number_keyword
[operation
] : NULL
;
210 * tomoyo_strendswith - Check whether the token ends with the given token.
212 * @name: The token to check.
213 * @tail: The token to find.
215 * Returns true if @name ends with @tail, false otherwise.
217 static bool tomoyo_strendswith(const char *name
, const char *tail
)
223 len
= strlen(name
) - strlen(tail
);
224 return len
>= 0 && !strcmp(name
+ len
, tail
);
228 * tomoyo_get_path - Get realpath.
230 * @path: Pointer to "struct path".
232 * Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise.
234 static struct tomoyo_path_info
*tomoyo_get_path(struct path
*path
)
237 struct tomoyo_path_info_with_data
*buf
= kzalloc(sizeof(*buf
),
242 /* Reserve one byte for appending "/". */
243 error
= tomoyo_realpath_from_path2(path
, buf
->body
,
244 sizeof(buf
->body
) - 2);
246 buf
->head
.name
= buf
->body
;
247 tomoyo_fill_path_info(&buf
->head
);
254 static int tomoyo_update_path2_acl(const u8 type
, const char *filename1
,
255 const char *filename2
,
256 struct tomoyo_domain_info
*const domain
,
257 const bool is_delete
);
258 static int tomoyo_update_path_acl(const u8 type
, const char *filename
,
259 struct tomoyo_domain_info
*const domain
,
260 const bool is_delete
);
263 * tomoyo_globally_readable_list is used for holding list of pathnames which
264 * are by default allowed to be open()ed for reading by any process.
266 * An entry is added by
268 * # echo 'allow_read /lib/libc-2.5.so' > \
269 * /sys/kernel/security/tomoyo/exception_policy
273 * # echo 'delete allow_read /lib/libc-2.5.so' > \
274 * /sys/kernel/security/tomoyo/exception_policy
276 * and all entries are retrieved by
278 * # grep ^allow_read /sys/kernel/security/tomoyo/exception_policy
280 * In the example above, any process is allowed to
281 * open("/lib/libc-2.5.so", O_RDONLY).
282 * One exception is, if the domain which current process belongs to is marked
283 * as "ignore_global_allow_read", current process can't do so unless explicitly
284 * given "allow_read /lib/libc-2.5.so" to the domain which current process
287 LIST_HEAD(tomoyo_globally_readable_list
);
290 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
292 * @filename: Filename unconditionally permitted to open() for reading.
293 * @is_delete: True if it is a delete request.
295 * Returns 0 on success, negative value otherwise.
297 * Caller holds tomoyo_read_lock().
299 static int tomoyo_update_globally_readable_entry(const char *filename
,
300 const bool is_delete
)
302 struct tomoyo_globally_readable_file_entry
*ptr
;
303 struct tomoyo_globally_readable_file_entry e
= { };
304 int error
= is_delete
? -ENOENT
: -ENOMEM
;
306 if (!tomoyo_is_correct_path(filename
, 1, 0, -1))
308 e
.filename
= tomoyo_get_name(filename
);
311 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
313 list_for_each_entry_rcu(ptr
, &tomoyo_globally_readable_list
, list
) {
314 if (ptr
->filename
!= e
.filename
)
316 ptr
->is_deleted
= is_delete
;
320 if (!is_delete
&& error
) {
321 struct tomoyo_globally_readable_file_entry
*entry
=
322 tomoyo_commit_ok(&e
, sizeof(e
));
324 list_add_tail_rcu(&entry
->list
,
325 &tomoyo_globally_readable_list
);
329 mutex_unlock(&tomoyo_policy_lock
);
331 tomoyo_put_name(e
.filename
);
336 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
338 * @filename: The filename to check.
340 * Returns true if any domain can open @filename for reading, false otherwise.
342 * Caller holds tomoyo_read_lock().
344 static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info
*
347 struct tomoyo_globally_readable_file_entry
*ptr
;
350 list_for_each_entry_rcu(ptr
, &tomoyo_globally_readable_list
, list
) {
351 if (!ptr
->is_deleted
&&
352 tomoyo_path_matches_pattern(filename
, ptr
->filename
)) {
361 * tomoyo_write_globally_readable_policy - Write "struct tomoyo_globally_readable_file_entry" list.
363 * @data: String to parse.
364 * @is_delete: True if it is a delete request.
366 * Returns 0 on success, negative value otherwise.
368 * Caller holds tomoyo_read_lock().
370 int tomoyo_write_globally_readable_policy(char *data
, const bool is_delete
)
372 return tomoyo_update_globally_readable_entry(data
, is_delete
);
376 * tomoyo_read_globally_readable_policy - Read "struct tomoyo_globally_readable_file_entry" list.
378 * @head: Pointer to "struct tomoyo_io_buffer".
380 * Returns true on success, false otherwise.
382 * Caller holds tomoyo_read_lock().
384 bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer
*head
)
386 struct list_head
*pos
;
389 list_for_each_cookie(pos
, head
->read_var2
,
390 &tomoyo_globally_readable_list
) {
391 struct tomoyo_globally_readable_file_entry
*ptr
;
392 ptr
= list_entry(pos
,
393 struct tomoyo_globally_readable_file_entry
,
397 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_ALLOW_READ
"%s\n",
398 ptr
->filename
->name
);
405 /* tomoyo_pattern_list is used for holding list of pathnames which are used for
406 * converting pathnames to pathname patterns during learning mode.
408 * An entry is added by
410 * # echo 'file_pattern /proc/\$/mounts' > \
411 * /sys/kernel/security/tomoyo/exception_policy
415 * # echo 'delete file_pattern /proc/\$/mounts' > \
416 * /sys/kernel/security/tomoyo/exception_policy
418 * and all entries are retrieved by
420 * # grep ^file_pattern /sys/kernel/security/tomoyo/exception_policy
422 * In the example above, if a process which belongs to a domain which is in
423 * learning mode requested open("/proc/1/mounts", O_RDONLY),
424 * "allow_read /proc/\$/mounts" is automatically added to the domain which that
425 * process belongs to.
427 * It is not a desirable behavior that we have to use /proc/\$/ instead of
428 * /proc/self/ when current process needs to access only current process's
429 * information. As of now, LSM version of TOMOYO is using __d_path() for
430 * calculating pathname. Non LSM version of TOMOYO is using its own function
431 * which pretends as if /proc/self/ is not a symlink; so that we can forbid
432 * current process from accessing other process's information.
434 LIST_HEAD(tomoyo_pattern_list
);
437 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
439 * @pattern: Pathname pattern.
440 * @is_delete: True if it is a delete request.
442 * Returns 0 on success, negative value otherwise.
444 * Caller holds tomoyo_read_lock().
446 static int tomoyo_update_file_pattern_entry(const char *pattern
,
447 const bool is_delete
)
449 struct tomoyo_pattern_entry
*ptr
;
450 struct tomoyo_pattern_entry e
= { .pattern
= tomoyo_get_name(pattern
) };
451 int error
= is_delete
? -ENOENT
: -ENOMEM
;
455 if (!e
.pattern
->is_patterned
)
457 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
459 list_for_each_entry_rcu(ptr
, &tomoyo_pattern_list
, list
) {
460 if (e
.pattern
!= ptr
->pattern
)
462 ptr
->is_deleted
= is_delete
;
466 if (!is_delete
&& error
) {
467 struct tomoyo_pattern_entry
*entry
=
468 tomoyo_commit_ok(&e
, sizeof(e
));
470 list_add_tail_rcu(&entry
->list
, &tomoyo_pattern_list
);
474 mutex_unlock(&tomoyo_policy_lock
);
476 tomoyo_put_name(e
.pattern
);
481 * tomoyo_file_pattern - Get patterned pathname.
483 * @filename: The filename to find patterned pathname.
485 * Returns pointer to pathname pattern if matched, @filename otherwise.
487 * Caller holds tomoyo_read_lock().
489 const char *tomoyo_file_pattern(const struct tomoyo_path_info
*filename
)
491 struct tomoyo_pattern_entry
*ptr
;
492 const struct tomoyo_path_info
*pattern
= NULL
;
494 list_for_each_entry_rcu(ptr
, &tomoyo_pattern_list
, list
) {
497 if (!tomoyo_path_matches_pattern(filename
, ptr
->pattern
))
499 pattern
= ptr
->pattern
;
500 if (tomoyo_strendswith(pattern
->name
, "/\\*")) {
501 /* Do nothing. Try to find the better match. */
503 /* This would be the better match. Use this. */
509 return filename
->name
;
513 * tomoyo_write_pattern_policy - Write "struct tomoyo_pattern_entry" list.
515 * @data: String to parse.
516 * @is_delete: True if it is a delete request.
518 * Returns 0 on success, negative value otherwise.
520 * Caller holds tomoyo_read_lock().
522 int tomoyo_write_pattern_policy(char *data
, const bool is_delete
)
524 return tomoyo_update_file_pattern_entry(data
, is_delete
);
528 * tomoyo_read_file_pattern - Read "struct tomoyo_pattern_entry" list.
530 * @head: Pointer to "struct tomoyo_io_buffer".
532 * Returns true on success, false otherwise.
534 * Caller holds tomoyo_read_lock().
536 bool tomoyo_read_file_pattern(struct tomoyo_io_buffer
*head
)
538 struct list_head
*pos
;
541 list_for_each_cookie(pos
, head
->read_var2
, &tomoyo_pattern_list
) {
542 struct tomoyo_pattern_entry
*ptr
;
543 ptr
= list_entry(pos
, struct tomoyo_pattern_entry
, list
);
546 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_FILE_PATTERN
547 "%s\n", ptr
->pattern
->name
);
555 * tomoyo_no_rewrite_list is used for holding list of pathnames which are by
556 * default forbidden to modify already written content of a file.
558 * An entry is added by
560 * # echo 'deny_rewrite /var/log/messages' > \
561 * /sys/kernel/security/tomoyo/exception_policy
565 * # echo 'delete deny_rewrite /var/log/messages' > \
566 * /sys/kernel/security/tomoyo/exception_policy
568 * and all entries are retrieved by
570 * # grep ^deny_rewrite /sys/kernel/security/tomoyo/exception_policy
572 * In the example above, if a process requested to rewrite /var/log/messages ,
573 * the process can't rewrite unless the domain which that process belongs to
574 * has "allow_rewrite /var/log/messages" entry.
576 * It is not a desirable behavior that we have to add "\040(deleted)" suffix
577 * when we want to allow rewriting already unlink()ed file. As of now,
578 * LSM version of TOMOYO is using __d_path() for calculating pathname.
579 * Non LSM version of TOMOYO is using its own function which doesn't append
580 * " (deleted)" suffix if the file is already unlink()ed; so that we don't
581 * need to worry whether the file is already unlink()ed or not.
583 LIST_HEAD(tomoyo_no_rewrite_list
);
586 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.
588 * @pattern: Pathname pattern that are not rewritable by default.
589 * @is_delete: True if it is a delete request.
591 * Returns 0 on success, negative value otherwise.
593 * Caller holds tomoyo_read_lock().
595 static int tomoyo_update_no_rewrite_entry(const char *pattern
,
596 const bool is_delete
)
598 struct tomoyo_no_rewrite_entry
*ptr
;
599 struct tomoyo_no_rewrite_entry e
= { };
600 int error
= is_delete
? -ENOENT
: -ENOMEM
;
602 if (!tomoyo_is_correct_path(pattern
, 0, 0, 0))
604 e
.pattern
= tomoyo_get_name(pattern
);
607 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
609 list_for_each_entry_rcu(ptr
, &tomoyo_no_rewrite_list
, list
) {
610 if (ptr
->pattern
!= e
.pattern
)
612 ptr
->is_deleted
= is_delete
;
616 if (!is_delete
&& error
) {
617 struct tomoyo_no_rewrite_entry
*entry
=
618 tomoyo_commit_ok(&e
, sizeof(e
));
620 list_add_tail_rcu(&entry
->list
,
621 &tomoyo_no_rewrite_list
);
625 mutex_unlock(&tomoyo_policy_lock
);
627 tomoyo_put_name(e
.pattern
);
632 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
634 * @filename: Filename to check.
636 * Returns true if @filename is specified by "deny_rewrite" directive,
639 * Caller holds tomoyo_read_lock().
641 static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info
*filename
)
643 struct tomoyo_no_rewrite_entry
*ptr
;
646 list_for_each_entry_rcu(ptr
, &tomoyo_no_rewrite_list
, list
) {
649 if (!tomoyo_path_matches_pattern(filename
, ptr
->pattern
))
658 * tomoyo_write_no_rewrite_policy - Write "struct tomoyo_no_rewrite_entry" list.
660 * @data: String to parse.
661 * @is_delete: True if it is a delete request.
663 * Returns 0 on success, negative value otherwise.
665 * Caller holds tomoyo_read_lock().
667 int tomoyo_write_no_rewrite_policy(char *data
, const bool is_delete
)
669 return tomoyo_update_no_rewrite_entry(data
, is_delete
);
673 * tomoyo_read_no_rewrite_policy - Read "struct tomoyo_no_rewrite_entry" list.
675 * @head: Pointer to "struct tomoyo_io_buffer".
677 * Returns true on success, false otherwise.
679 * Caller holds tomoyo_read_lock().
681 bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer
*head
)
683 struct list_head
*pos
;
686 list_for_each_cookie(pos
, head
->read_var2
, &tomoyo_no_rewrite_list
) {
687 struct tomoyo_no_rewrite_entry
*ptr
;
688 ptr
= list_entry(pos
, struct tomoyo_no_rewrite_entry
, list
);
691 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_DENY_REWRITE
692 "%s\n", ptr
->pattern
->name
);
700 * tomoyo_update_file_acl - Update file's read/write/execute ACL.
702 * @perm: Permission (between 1 to 7).
703 * @filename: Filename.
704 * @domain: Pointer to "struct tomoyo_domain_info".
705 * @is_delete: True if it is a delete request.
707 * Returns 0 on success, negative value otherwise.
709 * This is legacy support interface for older policy syntax.
710 * Current policy syntax uses "allow_read/write" instead of "6",
711 * "allow_read" instead of "4", "allow_write" instead of "2",
712 * "allow_execute" instead of "1".
714 * Caller holds tomoyo_read_lock().
716 static int tomoyo_update_file_acl(u8 perm
, const char *filename
,
717 struct tomoyo_domain_info
* const domain
,
718 const bool is_delete
)
720 if (perm
> 7 || !perm
) {
721 printk(KERN_DEBUG
"%s: Invalid permission '%d %s'\n",
722 __func__
, perm
, filename
);
725 if (filename
[0] != '@' && tomoyo_strendswith(filename
, "/"))
727 * Only 'allow_mkdir' and 'allow_rmdir' are valid for
728 * directory permissions.
732 tomoyo_update_path_acl(TOMOYO_TYPE_READ
, filename
, domain
,
735 tomoyo_update_path_acl(TOMOYO_TYPE_WRITE
, filename
, domain
,
738 tomoyo_update_path_acl(TOMOYO_TYPE_EXECUTE
, filename
, domain
,
744 * tomoyo_path_acl - Check permission for single path operation.
746 * @r: Pointer to "struct tomoyo_request_info".
747 * @filename: Filename to check.
749 * @may_use_pattern: True if patterned ACL is permitted.
751 * Returns 0 on success, -EPERM otherwise.
753 * Caller holds tomoyo_read_lock().
755 static int tomoyo_path_acl(const struct tomoyo_request_info
*r
,
756 const struct tomoyo_path_info
*filename
,
757 const u32 perm
, const bool may_use_pattern
)
759 struct tomoyo_domain_info
*domain
= r
->domain
;
760 struct tomoyo_acl_info
*ptr
;
763 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
764 struct tomoyo_path_acl
*acl
;
765 if (ptr
->type
!= TOMOYO_TYPE_PATH_ACL
)
767 acl
= container_of(ptr
, struct tomoyo_path_acl
, head
);
768 if (!(acl
->perm
& perm
) ||
769 !tomoyo_compare_name_union_pattern(filename
, &acl
->name
,
779 * tomoyo_file_perm - Check permission for opening files.
781 * @r: Pointer to "struct tomoyo_request_info".
782 * @filename: Filename to check.
783 * @mode: Mode ("read" or "write" or "read/write" or "execute").
785 * Returns 0 on success, negative value otherwise.
787 * Caller holds tomoyo_read_lock().
789 static int tomoyo_file_perm(struct tomoyo_request_info
*r
,
790 const struct tomoyo_path_info
*filename
,
793 const char *msg
= "<unknown>";
801 msg
= tomoyo_path2keyword(TOMOYO_TYPE_READ_WRITE
);
802 perm
= 1 << TOMOYO_TYPE_READ_WRITE
;
803 } else if (mode
== 4) {
804 msg
= tomoyo_path2keyword(TOMOYO_TYPE_READ
);
805 perm
= 1 << TOMOYO_TYPE_READ
;
806 } else if (mode
== 2) {
807 msg
= tomoyo_path2keyword(TOMOYO_TYPE_WRITE
);
808 perm
= 1 << TOMOYO_TYPE_WRITE
;
809 } else if (mode
== 1) {
810 msg
= tomoyo_path2keyword(TOMOYO_TYPE_EXECUTE
);
811 perm
= 1 << TOMOYO_TYPE_EXECUTE
;
815 error
= tomoyo_path_acl(r
, filename
, perm
, mode
!= 1);
816 if (error
&& mode
== 4 && !r
->domain
->ignore_global_allow_read
817 && tomoyo_is_globally_readable_file(filename
))
821 tomoyo_warn_log(r
, "%s %s", msg
, filename
->name
);
822 error
= tomoyo_supervisor(r
, "allow_%s %s\n", msg
,
823 mode
== 1 ? filename
->name
:
824 tomoyo_file_pattern(filename
));
826 * Do not retry for execute request, for alias may have
829 } while (error
== TOMOYO_RETRY_REQUEST
&& mode
!= 1);
830 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
836 * tomoyo_update_path_acl - Update "struct tomoyo_path_acl" list.
838 * @type: Type of operation.
839 * @filename: Filename.
840 * @domain: Pointer to "struct tomoyo_domain_info".
841 * @is_delete: True if it is a delete request.
843 * Returns 0 on success, negative value otherwise.
845 * Caller holds tomoyo_read_lock().
847 static int tomoyo_update_path_acl(const u8 type
, const char *filename
,
848 struct tomoyo_domain_info
*const domain
,
849 const bool is_delete
)
851 static const u16 tomoyo_rw_mask
=
852 (1 << TOMOYO_TYPE_READ
) | (1 << TOMOYO_TYPE_WRITE
);
853 const u16 perm
= 1 << type
;
854 struct tomoyo_acl_info
*ptr
;
855 struct tomoyo_path_acl e
= {
856 .head
.type
= TOMOYO_TYPE_PATH_ACL
,
859 int error
= is_delete
? -ENOENT
: -ENOMEM
;
861 if (type
== TOMOYO_TYPE_READ_WRITE
)
862 e
.perm
|= tomoyo_rw_mask
;
865 if (!tomoyo_parse_name_union(filename
, &e
.name
))
867 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
869 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
870 struct tomoyo_path_acl
*acl
=
871 container_of(ptr
, struct tomoyo_path_acl
, head
);
872 if (!tomoyo_is_same_path_acl(acl
, &e
))
876 if ((acl
->perm
& tomoyo_rw_mask
) != tomoyo_rw_mask
)
877 acl
->perm
&= ~(1 << TOMOYO_TYPE_READ_WRITE
);
878 else if (!(acl
->perm
& (1 << TOMOYO_TYPE_READ_WRITE
)))
879 acl
->perm
&= ~tomoyo_rw_mask
;
882 if ((acl
->perm
& tomoyo_rw_mask
) == tomoyo_rw_mask
)
883 acl
->perm
|= 1 << TOMOYO_TYPE_READ_WRITE
;
884 else if (acl
->perm
& (1 << TOMOYO_TYPE_READ_WRITE
))
885 acl
->perm
|= tomoyo_rw_mask
;
890 if (!is_delete
&& error
) {
891 struct tomoyo_path_acl
*entry
=
892 tomoyo_commit_ok(&e
, sizeof(e
));
894 list_add_tail_rcu(&entry
->head
.list
,
895 &domain
->acl_info_list
);
899 mutex_unlock(&tomoyo_policy_lock
);
901 tomoyo_put_name_union(&e
.name
);
906 * tomoyo_update_path_number3_acl - Update "struct tomoyo_path_number3_acl" list.
908 * @type: Type of operation.
909 * @filename: Filename.
910 * @mode: Create mode.
911 * @major: Device major number.
912 * @minor: Device minor number.
913 * @domain: Pointer to "struct tomoyo_domain_info".
914 * @is_delete: True if it is a delete request.
916 * Returns 0 on success, negative value otherwise.
918 static inline int tomoyo_update_path_number3_acl(const u8 type
,
919 const char *filename
,
921 char *major
, char *minor
,
922 struct tomoyo_domain_info
*
924 const bool is_delete
)
926 const u8 perm
= 1 << type
;
927 struct tomoyo_acl_info
*ptr
;
928 struct tomoyo_path_number3_acl e
= {
929 .head
.type
= TOMOYO_TYPE_PATH_NUMBER3_ACL
,
932 int error
= is_delete
? -ENOENT
: -ENOMEM
;
933 if (!tomoyo_parse_name_union(filename
, &e
.name
) ||
934 !tomoyo_parse_number_union(mode
, &e
.mode
) ||
935 !tomoyo_parse_number_union(major
, &e
.major
) ||
936 !tomoyo_parse_number_union(minor
, &e
.minor
))
938 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
940 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
941 struct tomoyo_path_number3_acl
*acl
=
942 container_of(ptr
, struct tomoyo_path_number3_acl
, head
);
943 if (!tomoyo_is_same_path_number3_acl(acl
, &e
))
952 if (!is_delete
&& error
) {
953 struct tomoyo_path_number3_acl
*entry
=
954 tomoyo_commit_ok(&e
, sizeof(e
));
956 list_add_tail_rcu(&entry
->head
.list
,
957 &domain
->acl_info_list
);
961 mutex_unlock(&tomoyo_policy_lock
);
963 tomoyo_put_name_union(&e
.name
);
964 tomoyo_put_number_union(&e
.mode
);
965 tomoyo_put_number_union(&e
.major
);
966 tomoyo_put_number_union(&e
.minor
);
971 * tomoyo_update_path2_acl - Update "struct tomoyo_path2_acl" list.
973 * @type: Type of operation.
974 * @filename1: First filename.
975 * @filename2: Second filename.
976 * @domain: Pointer to "struct tomoyo_domain_info".
977 * @is_delete: True if it is a delete request.
979 * Returns 0 on success, negative value otherwise.
981 * Caller holds tomoyo_read_lock().
983 static int tomoyo_update_path2_acl(const u8 type
, const char *filename1
,
984 const char *filename2
,
985 struct tomoyo_domain_info
*const domain
,
986 const bool is_delete
)
988 const u8 perm
= 1 << type
;
989 struct tomoyo_path2_acl e
= {
990 .head
.type
= TOMOYO_TYPE_PATH2_ACL
,
993 struct tomoyo_acl_info
*ptr
;
994 int error
= is_delete
? -ENOENT
: -ENOMEM
;
998 if (!tomoyo_parse_name_union(filename1
, &e
.name1
) ||
999 !tomoyo_parse_name_union(filename2
, &e
.name2
))
1001 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
1003 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1004 struct tomoyo_path2_acl
*acl
=
1005 container_of(ptr
, struct tomoyo_path2_acl
, head
);
1006 if (!tomoyo_is_same_path2_acl(acl
, &e
))
1015 if (!is_delete
&& error
) {
1016 struct tomoyo_path2_acl
*entry
=
1017 tomoyo_commit_ok(&e
, sizeof(e
));
1019 list_add_tail_rcu(&entry
->head
.list
,
1020 &domain
->acl_info_list
);
1024 mutex_unlock(&tomoyo_policy_lock
);
1026 tomoyo_put_name_union(&e
.name1
);
1027 tomoyo_put_name_union(&e
.name2
);
1032 * tomoyo_path_number3_acl - Check permission for path/number/number/number operation.
1034 * @r: Pointer to "struct tomoyo_request_info".
1035 * @filename: Filename to check.
1036 * @perm: Permission.
1037 * @mode: Create mode.
1038 * @major: Device major number.
1039 * @minor: Device minor number.
1041 * Returns 0 on success, -EPERM otherwise.
1043 * Caller holds tomoyo_read_lock().
1045 static int tomoyo_path_number3_acl(struct tomoyo_request_info
*r
,
1046 const struct tomoyo_path_info
*filename
,
1047 const u16 perm
, const unsigned int mode
,
1048 const unsigned int major
,
1049 const unsigned int minor
)
1051 struct tomoyo_domain_info
*domain
= r
->domain
;
1052 struct tomoyo_acl_info
*ptr
;
1054 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1055 struct tomoyo_path_number3_acl
*acl
;
1056 if (ptr
->type
!= TOMOYO_TYPE_PATH_NUMBER3_ACL
)
1058 acl
= container_of(ptr
, struct tomoyo_path_number3_acl
, head
);
1059 if (!tomoyo_compare_number_union(mode
, &acl
->mode
))
1061 if (!tomoyo_compare_number_union(major
, &acl
->major
))
1063 if (!tomoyo_compare_number_union(minor
, &acl
->minor
))
1065 if (!(acl
->perm
& perm
))
1067 if (!tomoyo_compare_name_union(filename
, &acl
->name
))
1076 * tomoyo_path2_acl - Check permission for double path operation.
1078 * @r: Pointer to "struct tomoyo_request_info".
1079 * @type: Type of operation.
1080 * @filename1: First filename to check.
1081 * @filename2: Second filename to check.
1083 * Returns 0 on success, -EPERM otherwise.
1085 * Caller holds tomoyo_read_lock().
1087 static int tomoyo_path2_acl(const struct tomoyo_request_info
*r
, const u8 type
,
1088 const struct tomoyo_path_info
*filename1
,
1089 const struct tomoyo_path_info
*filename2
)
1091 const struct tomoyo_domain_info
*domain
= r
->domain
;
1092 struct tomoyo_acl_info
*ptr
;
1093 const u8 perm
= 1 << type
;
1096 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1097 struct tomoyo_path2_acl
*acl
;
1098 if (ptr
->type
!= TOMOYO_TYPE_PATH2_ACL
)
1100 acl
= container_of(ptr
, struct tomoyo_path2_acl
, head
);
1101 if (!(acl
->perm
& perm
))
1103 if (!tomoyo_compare_name_union(filename1
, &acl
->name1
))
1105 if (!tomoyo_compare_name_union(filename2
, &acl
->name2
))
1114 * tomoyo_path_permission - Check permission for single path operation.
1116 * @r: Pointer to "struct tomoyo_request_info".
1117 * @operation: Type of operation.
1118 * @filename: Filename to check.
1120 * Returns 0 on success, negative value otherwise.
1122 * Caller holds tomoyo_read_lock().
1124 static int tomoyo_path_permission(struct tomoyo_request_info
*r
, u8 operation
,
1125 const struct tomoyo_path_info
*filename
)
1132 error
= tomoyo_path_acl(r
, filename
, 1 << operation
, 1);
1135 msg
= tomoyo_path2keyword(operation
);
1136 tomoyo_warn_log(r
, "%s %s", msg
, filename
->name
);
1137 error
= tomoyo_supervisor(r
, "allow_%s %s\n", msg
,
1138 tomoyo_file_pattern(filename
));
1139 } while (error
== TOMOYO_RETRY_REQUEST
);
1140 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1143 * Since "allow_truncate" doesn't imply "allow_rewrite" permission,
1144 * we need to check "allow_rewrite" permission if the filename is
1145 * specified by "deny_rewrite" keyword.
1147 if (!error
&& operation
== TOMOYO_TYPE_TRUNCATE
&&
1148 tomoyo_is_no_rewrite_file(filename
)) {
1149 operation
= TOMOYO_TYPE_REWRITE
;
1156 * tomoyo_path_number_acl - Check permission for ioctl/chmod/chown/chgrp operation.
1158 * @r: Pointer to "struct tomoyo_request_info".
1160 * @filename: Filename to check.
1163 * Returns 0 on success, -EPERM otherwise.
1165 * Caller holds tomoyo_read_lock().
1167 static int tomoyo_path_number_acl(struct tomoyo_request_info
*r
, const u8 type
,
1168 const struct tomoyo_path_info
*filename
,
1169 const unsigned long number
)
1171 struct tomoyo_domain_info
*domain
= r
->domain
;
1172 struct tomoyo_acl_info
*ptr
;
1173 const u8 perm
= 1 << type
;
1175 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1176 struct tomoyo_path_number_acl
*acl
;
1177 if (ptr
->type
!= TOMOYO_TYPE_PATH_NUMBER_ACL
)
1179 acl
= container_of(ptr
, struct tomoyo_path_number_acl
,
1181 if (!(acl
->perm
& perm
) ||
1182 !tomoyo_compare_number_union(number
, &acl
->number
) ||
1183 !tomoyo_compare_name_union(filename
, &acl
->name
))
1192 * tomoyo_update_path_number_acl - Update ioctl/chmod/chown/chgrp ACL.
1194 * @type: Type of operation.
1195 * @filename: Filename.
1197 * @domain: Pointer to "struct tomoyo_domain_info".
1198 * @is_delete: True if it is a delete request.
1200 * Returns 0 on success, negative value otherwise.
1202 static inline int tomoyo_update_path_number_acl(const u8 type
,
1203 const char *filename
,
1205 struct tomoyo_domain_info
*
1207 const bool is_delete
)
1209 const u8 perm
= 1 << type
;
1210 struct tomoyo_acl_info
*ptr
;
1211 struct tomoyo_path_number_acl e
= {
1212 .head
.type
= TOMOYO_TYPE_PATH_NUMBER_ACL
,
1215 int error
= is_delete
? -ENOENT
: -ENOMEM
;
1218 if (!tomoyo_parse_name_union(filename
, &e
.name
))
1220 if (!tomoyo_parse_number_union(number
, &e
.number
))
1222 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
1224 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1225 struct tomoyo_path_number_acl
*acl
=
1226 container_of(ptr
, struct tomoyo_path_number_acl
, head
);
1227 if (!tomoyo_is_same_path_number_acl(acl
, &e
))
1236 if (!is_delete
&& error
) {
1237 struct tomoyo_path_number_acl
*entry
=
1238 tomoyo_commit_ok(&e
, sizeof(e
));
1240 list_add_tail_rcu(&entry
->head
.list
,
1241 &domain
->acl_info_list
);
1245 mutex_unlock(&tomoyo_policy_lock
);
1247 tomoyo_put_name_union(&e
.name
);
1248 tomoyo_put_number_union(&e
.number
);
1253 * tomoyo_path_number_perm2 - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1255 * @r: Pointer to "strct tomoyo_request_info".
1256 * @filename: Filename to check.
1259 * Returns 0 on success, negative value otherwise.
1261 * Caller holds tomoyo_read_lock().
1263 static int tomoyo_path_number_perm2(struct tomoyo_request_info
*r
,
1265 const struct tomoyo_path_info
*filename
,
1266 const unsigned long number
)
1276 case TOMOYO_TYPE_CREATE
:
1277 case TOMOYO_TYPE_MKDIR
:
1278 case TOMOYO_TYPE_MKFIFO
:
1279 case TOMOYO_TYPE_MKSOCK
:
1280 case TOMOYO_TYPE_CHMOD
:
1281 radix
= TOMOYO_VALUE_TYPE_OCTAL
;
1283 case TOMOYO_TYPE_IOCTL
:
1284 radix
= TOMOYO_VALUE_TYPE_HEXADECIMAL
;
1287 radix
= TOMOYO_VALUE_TYPE_DECIMAL
;
1290 tomoyo_print_ulong(buffer
, sizeof(buffer
), number
, radix
);
1292 error
= tomoyo_path_number_acl(r
, type
, filename
, number
);
1295 msg
= tomoyo_path_number2keyword(type
);
1296 tomoyo_warn_log(r
, "%s %s %s", msg
, filename
->name
, buffer
);
1297 error
= tomoyo_supervisor(r
, "allow_%s %s %s\n", msg
,
1298 tomoyo_file_pattern(filename
),
1300 } while (error
== TOMOYO_RETRY_REQUEST
);
1301 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1307 * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1309 * @type: Type of operation.
1310 * @path: Pointer to "struct path".
1313 * Returns 0 on success, negative value otherwise.
1315 int tomoyo_path_number_perm(const u8 type
, struct path
*path
,
1316 unsigned long number
)
1318 struct tomoyo_request_info r
;
1319 int error
= -ENOMEM
;
1320 struct tomoyo_path_info
*buf
;
1323 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1324 !path
->mnt
|| !path
->dentry
)
1326 idx
= tomoyo_read_lock();
1327 buf
= tomoyo_get_path(path
);
1330 if (type
== TOMOYO_TYPE_MKDIR
&& !buf
->is_dir
) {
1332 * tomoyo_get_path() reserves space for appending "/."
1334 strcat((char *) buf
->name
, "/");
1335 tomoyo_fill_path_info(buf
);
1337 error
= tomoyo_path_number_perm2(&r
, type
, buf
, number
);
1340 tomoyo_read_unlock(idx
);
1341 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1347 * tomoyo_check_exec_perm - Check permission for "execute".
1349 * @domain: Pointer to "struct tomoyo_domain_info".
1350 * @filename: Check permission for "execute".
1352 * Returns 0 on success, negativevalue otherwise.
1354 * Caller holds tomoyo_read_lock().
1356 int tomoyo_check_exec_perm(struct tomoyo_domain_info
*domain
,
1357 const struct tomoyo_path_info
*filename
)
1359 struct tomoyo_request_info r
;
1361 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
)
1363 return tomoyo_file_perm(&r
, filename
, 1);
1367 * tomoyo_check_open_permission - Check permission for "read" and "write".
1369 * @domain: Pointer to "struct tomoyo_domain_info".
1370 * @path: Pointer to "struct path".
1371 * @flag: Flags for open().
1373 * Returns 0 on success, negative value otherwise.
1375 int tomoyo_check_open_permission(struct tomoyo_domain_info
*domain
,
1376 struct path
*path
, const int flag
)
1378 const u8 acc_mode
= ACC_MODE(flag
);
1379 int error
= -ENOMEM
;
1380 struct tomoyo_path_info
*buf
;
1381 struct tomoyo_request_info r
;
1384 if (tomoyo_init_request_info(&r
, domain
) == TOMOYO_CONFIG_DISABLED
||
1389 if (path
->dentry
->d_inode
&& S_ISDIR(path
->dentry
->d_inode
->i_mode
))
1391 * I don't check directories here because mkdir() and rmdir()
1395 idx
= tomoyo_read_lock();
1396 buf
= tomoyo_get_path(path
);
1401 * If the filename is specified by "deny_rewrite" keyword,
1402 * we need to check "allow_rewrite" permission when the filename is not
1403 * opened for append mode or the filename is truncated at open time.
1405 if ((acc_mode
& MAY_WRITE
) &&
1406 ((flag
& O_TRUNC
) || !(flag
& O_APPEND
)) &&
1407 (tomoyo_is_no_rewrite_file(buf
))) {
1408 error
= tomoyo_path_permission(&r
, TOMOYO_TYPE_REWRITE
, buf
);
1411 error
= tomoyo_file_perm(&r
, buf
, acc_mode
);
1412 if (!error
&& (flag
& O_TRUNC
))
1413 error
= tomoyo_path_permission(&r
, TOMOYO_TYPE_TRUNCATE
, buf
);
1416 tomoyo_read_unlock(idx
);
1417 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1423 * tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "rewrite", "chroot" and "unmount".
1425 * @operation: Type of operation.
1426 * @path: Pointer to "struct path".
1428 * Returns 0 on success, negative value otherwise.
1430 int tomoyo_path_perm(const u8 operation
, struct path
*path
)
1432 int error
= -ENOMEM
;
1433 struct tomoyo_path_info
*buf
;
1434 struct tomoyo_request_info r
;
1437 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1440 idx
= tomoyo_read_lock();
1441 buf
= tomoyo_get_path(path
);
1444 switch (operation
) {
1445 case TOMOYO_TYPE_REWRITE
:
1446 if (!tomoyo_is_no_rewrite_file(buf
)) {
1451 case TOMOYO_TYPE_RMDIR
:
1452 case TOMOYO_TYPE_CHROOT
:
1455 * tomoyo_get_path() reserves space for appending "/."
1457 strcat((char *) buf
->name
, "/");
1458 tomoyo_fill_path_info(buf
);
1461 error
= tomoyo_path_permission(&r
, operation
, buf
);
1464 tomoyo_read_unlock(idx
);
1465 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1471 * tomoyo_path_number3_perm2 - Check permission for path/number/number/number operation.
1473 * @r: Pointer to "struct tomoyo_request_info".
1474 * @operation: Type of operation.
1475 * @filename: Filename to check.
1476 * @mode: Create mode.
1477 * @dev: Device number.
1479 * Returns 0 on success, negative value otherwise.
1481 * Caller holds tomoyo_read_lock().
1483 static int tomoyo_path_number3_perm2(struct tomoyo_request_info
*r
,
1485 const struct tomoyo_path_info
*filename
,
1486 const unsigned int mode
,
1487 const unsigned int dev
)
1491 const unsigned int major
= MAJOR(dev
);
1492 const unsigned int minor
= MINOR(dev
);
1495 error
= tomoyo_path_number3_acl(r
, filename
, 1 << operation
,
1496 mode
, major
, minor
);
1499 msg
= tomoyo_path_number32keyword(operation
);
1500 tomoyo_warn_log(r
, "%s %s 0%o %u %u", msg
, filename
->name
,
1501 mode
, major
, minor
);
1502 error
= tomoyo_supervisor(r
, "allow_%s %s 0%o %u %u\n", msg
,
1503 tomoyo_file_pattern(filename
), mode
,
1505 } while (error
== TOMOYO_RETRY_REQUEST
);
1506 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1512 * tomoyo_path_number3_perm - Check permission for "mkblock" and "mkchar".
1514 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)
1515 * @path: Pointer to "struct path".
1516 * @mode: Create mode.
1517 * @dev: Device number.
1519 * Returns 0 on success, negative value otherwise.
1521 int tomoyo_path_number3_perm(const u8 operation
, struct path
*path
,
1522 const unsigned int mode
, unsigned int dev
)
1524 struct tomoyo_request_info r
;
1525 int error
= -ENOMEM
;
1526 struct tomoyo_path_info
*buf
;
1529 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1532 idx
= tomoyo_read_lock();
1534 buf
= tomoyo_get_path(path
);
1536 error
= tomoyo_path_number3_perm2(&r
, operation
, buf
, mode
,
1537 new_decode_dev(dev
));
1540 tomoyo_read_unlock(idx
);
1541 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1547 * tomoyo_path2_perm - Check permission for "rename", "link" and "pivot_root".
1549 * @operation: Type of operation.
1550 * @path1: Pointer to "struct path".
1551 * @path2: Pointer to "struct path".
1553 * Returns 0 on success, negative value otherwise.
1555 int tomoyo_path2_perm(const u8 operation
, struct path
*path1
,
1558 int error
= -ENOMEM
;
1560 struct tomoyo_path_info
*buf1
;
1561 struct tomoyo_path_info
*buf2
;
1562 struct tomoyo_request_info r
;
1565 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1566 !path1
->mnt
|| !path2
->mnt
)
1568 idx
= tomoyo_read_lock();
1569 buf1
= tomoyo_get_path(path1
);
1570 buf2
= tomoyo_get_path(path2
);
1574 struct dentry
*dentry
= path1
->dentry
;
1575 if (dentry
->d_inode
&& S_ISDIR(dentry
->d_inode
->i_mode
)) {
1577 * tomoyo_get_path() reserves space for appending "/."
1579 if (!buf1
->is_dir
) {
1580 strcat((char *) buf1
->name
, "/");
1581 tomoyo_fill_path_info(buf1
);
1583 if (!buf2
->is_dir
) {
1584 strcat((char *) buf2
->name
, "/");
1585 tomoyo_fill_path_info(buf2
);
1590 error
= tomoyo_path2_acl(&r
, operation
, buf1
, buf2
);
1593 msg
= tomoyo_path22keyword(operation
);
1594 tomoyo_warn_log(&r
, "%s %s %s", msg
, buf1
->name
, buf2
->name
);
1595 error
= tomoyo_supervisor(&r
, "allow_%s %s %s\n", msg
,
1596 tomoyo_file_pattern(buf1
),
1597 tomoyo_file_pattern(buf2
));
1598 } while (error
== TOMOYO_RETRY_REQUEST
);
1602 tomoyo_read_unlock(idx
);
1603 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1609 * tomoyo_write_file_policy - Update file related list.
1611 * @data: String to parse.
1612 * @domain: Pointer to "struct tomoyo_domain_info".
1613 * @is_delete: True if it is a delete request.
1615 * Returns 0 on success, negative value otherwise.
1617 * Caller holds tomoyo_read_lock().
1619 int tomoyo_write_file_policy(char *data
, struct tomoyo_domain_info
*domain
,
1620 const bool is_delete
)
1624 if (!tomoyo_tokenize(data
, w
, sizeof(w
)) || !w
[1][0])
1626 if (strncmp(w
[0], "allow_", 6)) {
1628 if (sscanf(w
[0], "%u", &perm
) == 1)
1629 return tomoyo_update_file_acl((u8
) perm
, w
[1], domain
,
1634 for (type
= 0; type
< TOMOYO_MAX_PATH_OPERATION
; type
++) {
1635 if (strcmp(w
[0], tomoyo_path_keyword
[type
]))
1637 return tomoyo_update_path_acl(type
, w
[1], domain
, is_delete
);
1641 for (type
= 0; type
< TOMOYO_MAX_PATH2_OPERATION
; type
++) {
1642 if (strcmp(w
[0], tomoyo_path2_keyword
[type
]))
1644 return tomoyo_update_path2_acl(type
, w
[1], w
[2], domain
,
1647 for (type
= 0; type
< TOMOYO_MAX_PATH_NUMBER_OPERATION
; type
++) {
1648 if (strcmp(w
[0], tomoyo_path_number_keyword
[type
]))
1650 return tomoyo_update_path_number_acl(type
, w
[1], w
[2], domain
,
1653 if (!w
[3][0] || !w
[4][0])
1655 for (type
= 0; type
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
; type
++) {
1656 if (strcmp(w
[0], tomoyo_path_number3_keyword
[type
]))
1658 return tomoyo_update_path_number3_acl(type
, w
[1], w
[2], w
[3],
1659 w
[4], domain
, is_delete
);