2 * security/tomoyo/file.c
4 * Implementation of the Domain-Based Mandatory Access Control.
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
8 * Version: 2.2.0 2009/04/01
13 #include <linux/slab.h>
15 /* Keyword array for operations with one pathname. */
16 static const char *tomoyo_path_keyword
[TOMOYO_MAX_PATH_OPERATION
] = {
17 [TOMOYO_TYPE_READ_WRITE
] = "read/write",
18 [TOMOYO_TYPE_EXECUTE
] = "execute",
19 [TOMOYO_TYPE_READ
] = "read",
20 [TOMOYO_TYPE_WRITE
] = "write",
21 [TOMOYO_TYPE_UNLINK
] = "unlink",
22 [TOMOYO_TYPE_RMDIR
] = "rmdir",
23 [TOMOYO_TYPE_TRUNCATE
] = "truncate",
24 [TOMOYO_TYPE_SYMLINK
] = "symlink",
25 [TOMOYO_TYPE_REWRITE
] = "rewrite",
26 [TOMOYO_TYPE_CHROOT
] = "chroot",
27 [TOMOYO_TYPE_UMOUNT
] = "unmount",
30 /* Keyword array for operations with one pathname and three numbers. */
31 static const char *tomoyo_path_number3_keyword
32 [TOMOYO_MAX_PATH_NUMBER3_OPERATION
] = {
33 [TOMOYO_TYPE_MKBLOCK
] = "mkblock",
34 [TOMOYO_TYPE_MKCHAR
] = "mkchar",
37 /* Keyword array for operations with two pathnames. */
38 static const char *tomoyo_path2_keyword
[TOMOYO_MAX_PATH2_OPERATION
] = {
39 [TOMOYO_TYPE_LINK
] = "link",
40 [TOMOYO_TYPE_RENAME
] = "rename",
41 [TOMOYO_TYPE_PIVOT_ROOT
] = "pivot_root",
44 /* Keyword array for operations with one pathname and one number. */
45 static const char *tomoyo_path_number_keyword
46 [TOMOYO_MAX_PATH_NUMBER_OPERATION
] = {
47 [TOMOYO_TYPE_CREATE
] = "create",
48 [TOMOYO_TYPE_MKDIR
] = "mkdir",
49 [TOMOYO_TYPE_MKFIFO
] = "mkfifo",
50 [TOMOYO_TYPE_MKSOCK
] = "mksock",
51 [TOMOYO_TYPE_IOCTL
] = "ioctl",
52 [TOMOYO_TYPE_CHMOD
] = "chmod",
53 [TOMOYO_TYPE_CHOWN
] = "chown",
54 [TOMOYO_TYPE_CHGRP
] = "chgrp",
57 void tomoyo_put_name_union(struct tomoyo_name_union
*ptr
)
62 tomoyo_put_path_group(ptr
->group
);
64 tomoyo_put_name(ptr
->filename
);
67 bool tomoyo_compare_name_union(const struct tomoyo_path_info
*name
,
68 const struct tomoyo_name_union
*ptr
)
71 return tomoyo_path_matches_group(name
, ptr
->group
, 1);
72 return tomoyo_path_matches_pattern(name
, ptr
->filename
);
75 static bool tomoyo_compare_name_union_pattern(const struct tomoyo_path_info
77 const struct tomoyo_name_union
78 *ptr
, const bool may_use_pattern
)
81 return tomoyo_path_matches_group(name
, ptr
->group
,
83 if (may_use_pattern
|| !ptr
->filename
->is_patterned
)
84 return tomoyo_path_matches_pattern(name
, ptr
->filename
);
88 void tomoyo_put_number_union(struct tomoyo_number_union
*ptr
)
90 if (ptr
&& ptr
->is_group
)
91 tomoyo_put_number_group(ptr
->group
);
94 bool tomoyo_compare_number_union(const unsigned long value
,
95 const struct tomoyo_number_union
*ptr
)
98 return tomoyo_number_matches_group(value
, value
, ptr
->group
);
99 return value
>= ptr
->values
[0] && value
<= ptr
->values
[1];
103 * tomoyo_init_request_info - Initialize "struct tomoyo_request_info" members.
105 * @r: Pointer to "struct tomoyo_request_info" to initialize.
106 * @domain: Pointer to "struct tomoyo_domain_info". NULL for tomoyo_domain().
110 int tomoyo_init_request_info(struct tomoyo_request_info
*r
,
111 struct tomoyo_domain_info
*domain
)
113 memset(r
, 0, sizeof(*r
));
115 domain
= tomoyo_domain();
117 r
->mode
= tomoyo_check_flags(domain
, TOMOYO_MAC_FOR_FILE
);
121 static void tomoyo_warn_log(struct tomoyo_request_info
*r
, const char *fmt
, ...)
122 __attribute__ ((format(printf
, 2, 3)));
124 * tomoyo_warn_log - Print warning or error message on console.
126 * @r: Pointer to "struct tomoyo_request_info".
127 * @fmt: The printf()'s format string, followed by parameters.
129 static void tomoyo_warn_log(struct tomoyo_request_info
*r
, const char *fmt
, ...)
134 if (!tomoyo_verbose_mode(r
->domain
))
138 buffer
= kmalloc(len
, GFP_NOFS
);
142 len2
= vsnprintf(buffer
, len
- 1, fmt
, args
);
144 if (len2
<= len
- 1) {
151 printk(KERN_WARNING
"TOMOYO-%s: Access %s denied for %s\n",
152 r
->mode
== TOMOYO_CONFIG_ENFORCING
? "ERROR" : "WARNING",
153 buffer
, tomoyo_get_last_name(r
->domain
));
158 * tomoyo_path2keyword - Get the name of single path operation.
160 * @operation: Type of operation.
162 * Returns the name of single path operation.
164 const char *tomoyo_path2keyword(const u8 operation
)
166 return (operation
< TOMOYO_MAX_PATH_OPERATION
)
167 ? tomoyo_path_keyword
[operation
] : NULL
;
171 * tomoyo_path_number32keyword - Get the name of path/number/number/number operations.
173 * @operation: Type of operation.
175 * Returns the name of path/number/number/number operation.
177 const char *tomoyo_path_number32keyword(const u8 operation
)
179 return (operation
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
)
180 ? tomoyo_path_number3_keyword
[operation
] : NULL
;
184 * tomoyo_path22keyword - Get the name of double path operation.
186 * @operation: Type of operation.
188 * Returns the name of double path operation.
190 const char *tomoyo_path22keyword(const u8 operation
)
192 return (operation
< TOMOYO_MAX_PATH2_OPERATION
)
193 ? tomoyo_path2_keyword
[operation
] : NULL
;
197 * tomoyo_path_number2keyword - Get the name of path/number operations.
199 * @operation: Type of operation.
201 * Returns the name of path/number operation.
203 const char *tomoyo_path_number2keyword(const u8 operation
)
205 return (operation
< TOMOYO_MAX_PATH_NUMBER_OPERATION
)
206 ? tomoyo_path_number_keyword
[operation
] : NULL
;
210 * tomoyo_strendswith - Check whether the token ends with the given token.
212 * @name: The token to check.
213 * @tail: The token to find.
215 * Returns true if @name ends with @tail, false otherwise.
217 static bool tomoyo_strendswith(const char *name
, const char *tail
)
223 len
= strlen(name
) - strlen(tail
);
224 return len
>= 0 && !strcmp(name
+ len
, tail
);
228 * tomoyo_get_path - Get realpath.
230 * @path: Pointer to "struct path".
232 * Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise.
234 static struct tomoyo_path_info
*tomoyo_get_path(struct path
*path
)
237 struct tomoyo_path_info_with_data
*buf
= kzalloc(sizeof(*buf
),
242 /* Reserve one byte for appending "/". */
243 error
= tomoyo_realpath_from_path2(path
, buf
->body
,
244 sizeof(buf
->body
) - 2);
246 buf
->head
.name
= buf
->body
;
247 tomoyo_fill_path_info(&buf
->head
);
254 static int tomoyo_update_path2_acl(const u8 type
, const char *filename1
,
255 const char *filename2
,
256 struct tomoyo_domain_info
*const domain
,
257 const bool is_delete
);
258 static int tomoyo_update_path_acl(const u8 type
, const char *filename
,
259 struct tomoyo_domain_info
*const domain
,
260 const bool is_delete
);
263 * tomoyo_globally_readable_list is used for holding list of pathnames which
264 * are by default allowed to be open()ed for reading by any process.
266 * An entry is added by
268 * # echo 'allow_read /lib/libc-2.5.so' > \
269 * /sys/kernel/security/tomoyo/exception_policy
273 * # echo 'delete allow_read /lib/libc-2.5.so' > \
274 * /sys/kernel/security/tomoyo/exception_policy
276 * and all entries are retrieved by
278 * # grep ^allow_read /sys/kernel/security/tomoyo/exception_policy
280 * In the example above, any process is allowed to
281 * open("/lib/libc-2.5.so", O_RDONLY).
282 * One exception is, if the domain which current process belongs to is marked
283 * as "ignore_global_allow_read", current process can't do so unless explicitly
284 * given "allow_read /lib/libc-2.5.so" to the domain which current process
287 LIST_HEAD(tomoyo_globally_readable_list
);
290 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
292 * @filename: Filename unconditionally permitted to open() for reading.
293 * @is_delete: True if it is a delete request.
295 * Returns 0 on success, negative value otherwise.
297 * Caller holds tomoyo_read_lock().
299 static int tomoyo_update_globally_readable_entry(const char *filename
,
300 const bool is_delete
)
302 struct tomoyo_globally_readable_file_entry
*ptr
;
303 struct tomoyo_globally_readable_file_entry e
= { };
304 int error
= is_delete
? -ENOENT
: -ENOMEM
;
306 if (!tomoyo_is_correct_path(filename
, 1, 0, -1))
308 e
.filename
= tomoyo_get_name(filename
);
311 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
313 list_for_each_entry_rcu(ptr
, &tomoyo_globally_readable_list
, list
) {
314 if (ptr
->filename
!= e
.filename
)
316 ptr
->is_deleted
= is_delete
;
320 if (!is_delete
&& error
) {
321 struct tomoyo_globally_readable_file_entry
*entry
=
322 tomoyo_commit_ok(&e
, sizeof(e
));
324 list_add_tail_rcu(&entry
->list
,
325 &tomoyo_globally_readable_list
);
329 mutex_unlock(&tomoyo_policy_lock
);
331 tomoyo_put_name(e
.filename
);
336 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
338 * @filename: The filename to check.
340 * Returns true if any domain can open @filename for reading, false otherwise.
342 * Caller holds tomoyo_read_lock().
344 static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info
*
347 struct tomoyo_globally_readable_file_entry
*ptr
;
350 list_for_each_entry_rcu(ptr
, &tomoyo_globally_readable_list
, list
) {
351 if (!ptr
->is_deleted
&&
352 tomoyo_path_matches_pattern(filename
, ptr
->filename
)) {
361 * tomoyo_write_globally_readable_policy - Write "struct tomoyo_globally_readable_file_entry" list.
363 * @data: String to parse.
364 * @is_delete: True if it is a delete request.
366 * Returns 0 on success, negative value otherwise.
368 * Caller holds tomoyo_read_lock().
370 int tomoyo_write_globally_readable_policy(char *data
, const bool is_delete
)
372 return tomoyo_update_globally_readable_entry(data
, is_delete
);
376 * tomoyo_read_globally_readable_policy - Read "struct tomoyo_globally_readable_file_entry" list.
378 * @head: Pointer to "struct tomoyo_io_buffer".
380 * Returns true on success, false otherwise.
382 * Caller holds tomoyo_read_lock().
384 bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer
*head
)
386 struct list_head
*pos
;
389 list_for_each_cookie(pos
, head
->read_var2
,
390 &tomoyo_globally_readable_list
) {
391 struct tomoyo_globally_readable_file_entry
*ptr
;
392 ptr
= list_entry(pos
,
393 struct tomoyo_globally_readable_file_entry
,
397 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_ALLOW_READ
"%s\n",
398 ptr
->filename
->name
);
405 /* tomoyo_pattern_list is used for holding list of pathnames which are used for
406 * converting pathnames to pathname patterns during learning mode.
408 * An entry is added by
410 * # echo 'file_pattern /proc/\$/mounts' > \
411 * /sys/kernel/security/tomoyo/exception_policy
415 * # echo 'delete file_pattern /proc/\$/mounts' > \
416 * /sys/kernel/security/tomoyo/exception_policy
418 * and all entries are retrieved by
420 * # grep ^file_pattern /sys/kernel/security/tomoyo/exception_policy
422 * In the example above, if a process which belongs to a domain which is in
423 * learning mode requested open("/proc/1/mounts", O_RDONLY),
424 * "allow_read /proc/\$/mounts" is automatically added to the domain which that
425 * process belongs to.
427 * It is not a desirable behavior that we have to use /proc/\$/ instead of
428 * /proc/self/ when current process needs to access only current process's
429 * information. As of now, LSM version of TOMOYO is using __d_path() for
430 * calculating pathname. Non LSM version of TOMOYO is using its own function
431 * which pretends as if /proc/self/ is not a symlink; so that we can forbid
432 * current process from accessing other process's information.
434 LIST_HEAD(tomoyo_pattern_list
);
437 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
439 * @pattern: Pathname pattern.
440 * @is_delete: True if it is a delete request.
442 * Returns 0 on success, negative value otherwise.
444 * Caller holds tomoyo_read_lock().
446 static int tomoyo_update_file_pattern_entry(const char *pattern
,
447 const bool is_delete
)
449 struct tomoyo_pattern_entry
*ptr
;
450 struct tomoyo_pattern_entry e
= { .pattern
= tomoyo_get_name(pattern
) };
451 int error
= is_delete
? -ENOENT
: -ENOMEM
;
455 if (!e
.pattern
->is_patterned
)
457 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
459 list_for_each_entry_rcu(ptr
, &tomoyo_pattern_list
, list
) {
460 if (e
.pattern
!= ptr
->pattern
)
462 ptr
->is_deleted
= is_delete
;
466 if (!is_delete
&& error
) {
467 struct tomoyo_pattern_entry
*entry
=
468 tomoyo_commit_ok(&e
, sizeof(e
));
470 list_add_tail_rcu(&entry
->list
, &tomoyo_pattern_list
);
474 mutex_unlock(&tomoyo_policy_lock
);
476 tomoyo_put_name(e
.pattern
);
481 * tomoyo_get_file_pattern - Get patterned pathname.
483 * @filename: The filename to find patterned pathname.
485 * Returns pointer to pathname pattern if matched, @filename otherwise.
487 * Caller holds tomoyo_read_lock().
489 const struct tomoyo_path_info
*
490 tomoyo_get_file_pattern(const struct tomoyo_path_info
*filename
)
492 struct tomoyo_pattern_entry
*ptr
;
493 const struct tomoyo_path_info
*pattern
= NULL
;
495 list_for_each_entry_rcu(ptr
, &tomoyo_pattern_list
, list
) {
498 if (!tomoyo_path_matches_pattern(filename
, ptr
->pattern
))
500 pattern
= ptr
->pattern
;
501 if (tomoyo_strendswith(pattern
->name
, "/\\*")) {
502 /* Do nothing. Try to find the better match. */
504 /* This would be the better match. Use this. */
514 * tomoyo_write_pattern_policy - Write "struct tomoyo_pattern_entry" list.
516 * @data: String to parse.
517 * @is_delete: True if it is a delete request.
519 * Returns 0 on success, negative value otherwise.
521 * Caller holds tomoyo_read_lock().
523 int tomoyo_write_pattern_policy(char *data
, const bool is_delete
)
525 return tomoyo_update_file_pattern_entry(data
, is_delete
);
529 * tomoyo_read_file_pattern - Read "struct tomoyo_pattern_entry" list.
531 * @head: Pointer to "struct tomoyo_io_buffer".
533 * Returns true on success, false otherwise.
535 * Caller holds tomoyo_read_lock().
537 bool tomoyo_read_file_pattern(struct tomoyo_io_buffer
*head
)
539 struct list_head
*pos
;
542 list_for_each_cookie(pos
, head
->read_var2
, &tomoyo_pattern_list
) {
543 struct tomoyo_pattern_entry
*ptr
;
544 ptr
= list_entry(pos
, struct tomoyo_pattern_entry
, list
);
547 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_FILE_PATTERN
548 "%s\n", ptr
->pattern
->name
);
556 * tomoyo_no_rewrite_list is used for holding list of pathnames which are by
557 * default forbidden to modify already written content of a file.
559 * An entry is added by
561 * # echo 'deny_rewrite /var/log/messages' > \
562 * /sys/kernel/security/tomoyo/exception_policy
566 * # echo 'delete deny_rewrite /var/log/messages' > \
567 * /sys/kernel/security/tomoyo/exception_policy
569 * and all entries are retrieved by
571 * # grep ^deny_rewrite /sys/kernel/security/tomoyo/exception_policy
573 * In the example above, if a process requested to rewrite /var/log/messages ,
574 * the process can't rewrite unless the domain which that process belongs to
575 * has "allow_rewrite /var/log/messages" entry.
577 * It is not a desirable behavior that we have to add "\040(deleted)" suffix
578 * when we want to allow rewriting already unlink()ed file. As of now,
579 * LSM version of TOMOYO is using __d_path() for calculating pathname.
580 * Non LSM version of TOMOYO is using its own function which doesn't append
581 * " (deleted)" suffix if the file is already unlink()ed; so that we don't
582 * need to worry whether the file is already unlink()ed or not.
584 LIST_HEAD(tomoyo_no_rewrite_list
);
587 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.
589 * @pattern: Pathname pattern that are not rewritable by default.
590 * @is_delete: True if it is a delete request.
592 * Returns 0 on success, negative value otherwise.
594 * Caller holds tomoyo_read_lock().
596 static int tomoyo_update_no_rewrite_entry(const char *pattern
,
597 const bool is_delete
)
599 struct tomoyo_no_rewrite_entry
*ptr
;
600 struct tomoyo_no_rewrite_entry e
= { };
601 int error
= is_delete
? -ENOENT
: -ENOMEM
;
603 if (!tomoyo_is_correct_path(pattern
, 0, 0, 0))
605 e
.pattern
= tomoyo_get_name(pattern
);
608 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
610 list_for_each_entry_rcu(ptr
, &tomoyo_no_rewrite_list
, list
) {
611 if (ptr
->pattern
!= e
.pattern
)
613 ptr
->is_deleted
= is_delete
;
617 if (!is_delete
&& error
) {
618 struct tomoyo_no_rewrite_entry
*entry
=
619 tomoyo_commit_ok(&e
, sizeof(e
));
621 list_add_tail_rcu(&entry
->list
,
622 &tomoyo_no_rewrite_list
);
626 mutex_unlock(&tomoyo_policy_lock
);
628 tomoyo_put_name(e
.pattern
);
633 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
635 * @filename: Filename to check.
637 * Returns true if @filename is specified by "deny_rewrite" directive,
640 * Caller holds tomoyo_read_lock().
642 static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info
*filename
)
644 struct tomoyo_no_rewrite_entry
*ptr
;
647 list_for_each_entry_rcu(ptr
, &tomoyo_no_rewrite_list
, list
) {
650 if (!tomoyo_path_matches_pattern(filename
, ptr
->pattern
))
659 * tomoyo_write_no_rewrite_policy - Write "struct tomoyo_no_rewrite_entry" list.
661 * @data: String to parse.
662 * @is_delete: True if it is a delete request.
664 * Returns 0 on success, negative value otherwise.
666 * Caller holds tomoyo_read_lock().
668 int tomoyo_write_no_rewrite_policy(char *data
, const bool is_delete
)
670 return tomoyo_update_no_rewrite_entry(data
, is_delete
);
674 * tomoyo_read_no_rewrite_policy - Read "struct tomoyo_no_rewrite_entry" list.
676 * @head: Pointer to "struct tomoyo_io_buffer".
678 * Returns true on success, false otherwise.
680 * Caller holds tomoyo_read_lock().
682 bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer
*head
)
684 struct list_head
*pos
;
687 list_for_each_cookie(pos
, head
->read_var2
, &tomoyo_no_rewrite_list
) {
688 struct tomoyo_no_rewrite_entry
*ptr
;
689 ptr
= list_entry(pos
, struct tomoyo_no_rewrite_entry
, list
);
692 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_DENY_REWRITE
693 "%s\n", ptr
->pattern
->name
);
701 * tomoyo_update_file_acl - Update file's read/write/execute ACL.
703 * @perm: Permission (between 1 to 7).
704 * @filename: Filename.
705 * @domain: Pointer to "struct tomoyo_domain_info".
706 * @is_delete: True if it is a delete request.
708 * Returns 0 on success, negative value otherwise.
710 * This is legacy support interface for older policy syntax.
711 * Current policy syntax uses "allow_read/write" instead of "6",
712 * "allow_read" instead of "4", "allow_write" instead of "2",
713 * "allow_execute" instead of "1".
715 * Caller holds tomoyo_read_lock().
717 static int tomoyo_update_file_acl(u8 perm
, const char *filename
,
718 struct tomoyo_domain_info
* const domain
,
719 const bool is_delete
)
721 if (perm
> 7 || !perm
) {
722 printk(KERN_DEBUG
"%s: Invalid permission '%d %s'\n",
723 __func__
, perm
, filename
);
726 if (filename
[0] != '@' && tomoyo_strendswith(filename
, "/"))
728 * Only 'allow_mkdir' and 'allow_rmdir' are valid for
729 * directory permissions.
733 tomoyo_update_path_acl(TOMOYO_TYPE_READ
, filename
, domain
,
736 tomoyo_update_path_acl(TOMOYO_TYPE_WRITE
, filename
, domain
,
739 tomoyo_update_path_acl(TOMOYO_TYPE_EXECUTE
, filename
, domain
,
745 * tomoyo_path_acl - Check permission for single path operation.
747 * @r: Pointer to "struct tomoyo_request_info".
748 * @filename: Filename to check.
750 * @may_use_pattern: True if patterned ACL is permitted.
752 * Returns 0 on success, -EPERM otherwise.
754 * Caller holds tomoyo_read_lock().
756 static int tomoyo_path_acl(const struct tomoyo_request_info
*r
,
757 const struct tomoyo_path_info
*filename
,
758 const u32 perm
, const bool may_use_pattern
)
760 struct tomoyo_domain_info
*domain
= r
->domain
;
761 struct tomoyo_acl_info
*ptr
;
764 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
765 struct tomoyo_path_acl
*acl
;
766 if (ptr
->type
!= TOMOYO_TYPE_PATH_ACL
)
768 acl
= container_of(ptr
, struct tomoyo_path_acl
, head
);
769 if (!(acl
->perm
& perm
) ||
770 !tomoyo_compare_name_union_pattern(filename
, &acl
->name
,
780 * tomoyo_file_perm - Check permission for opening files.
782 * @r: Pointer to "struct tomoyo_request_info".
783 * @filename: Filename to check.
784 * @mode: Mode ("read" or "write" or "read/write" or "execute").
786 * Returns 0 on success, negative value otherwise.
788 * Caller holds tomoyo_read_lock().
790 static int tomoyo_file_perm(struct tomoyo_request_info
*r
,
791 const struct tomoyo_path_info
*filename
,
794 const char *msg
= "<unknown>";
802 msg
= tomoyo_path2keyword(TOMOYO_TYPE_READ_WRITE
);
803 perm
= 1 << TOMOYO_TYPE_READ_WRITE
;
804 } else if (mode
== 4) {
805 msg
= tomoyo_path2keyword(TOMOYO_TYPE_READ
);
806 perm
= 1 << TOMOYO_TYPE_READ
;
807 } else if (mode
== 2) {
808 msg
= tomoyo_path2keyword(TOMOYO_TYPE_WRITE
);
809 perm
= 1 << TOMOYO_TYPE_WRITE
;
810 } else if (mode
== 1) {
811 msg
= tomoyo_path2keyword(TOMOYO_TYPE_EXECUTE
);
812 perm
= 1 << TOMOYO_TYPE_EXECUTE
;
815 error
= tomoyo_path_acl(r
, filename
, perm
, mode
!= 1);
816 if (error
&& mode
== 4 && !r
->domain
->ignore_global_allow_read
817 && tomoyo_is_globally_readable_file(filename
))
821 tomoyo_warn_log(r
, "%s %s", msg
, filename
->name
);
822 if (r
->mode
== TOMOYO_CONFIG_ENFORCING
)
824 if (tomoyo_domain_quota_is_ok(r
)) {
825 /* Don't use patterns for execute permission. */
826 const struct tomoyo_path_info
*patterned_file
= (mode
!= 1) ?
827 tomoyo_get_file_pattern(filename
) : filename
;
828 tomoyo_update_file_acl(mode
, patterned_file
->name
, r
->domain
,
835 * tomoyo_update_path_acl - Update "struct tomoyo_path_acl" list.
837 * @type: Type of operation.
838 * @filename: Filename.
839 * @domain: Pointer to "struct tomoyo_domain_info".
840 * @is_delete: True if it is a delete request.
842 * Returns 0 on success, negative value otherwise.
844 * Caller holds tomoyo_read_lock().
846 static int tomoyo_update_path_acl(const u8 type
, const char *filename
,
847 struct tomoyo_domain_info
*const domain
,
848 const bool is_delete
)
850 static const u16 tomoyo_rw_mask
=
851 (1 << TOMOYO_TYPE_READ
) | (1 << TOMOYO_TYPE_WRITE
);
852 const u16 perm
= 1 << type
;
853 struct tomoyo_acl_info
*ptr
;
854 struct tomoyo_path_acl e
= {
855 .head
.type
= TOMOYO_TYPE_PATH_ACL
,
858 int error
= is_delete
? -ENOENT
: -ENOMEM
;
860 if (type
== TOMOYO_TYPE_READ_WRITE
)
861 e
.perm
|= tomoyo_rw_mask
;
864 if (!tomoyo_parse_name_union(filename
, &e
.name
))
866 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
868 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
869 struct tomoyo_path_acl
*acl
=
870 container_of(ptr
, struct tomoyo_path_acl
, head
);
871 if (!tomoyo_is_same_path_acl(acl
, &e
))
875 if ((acl
->perm
& tomoyo_rw_mask
) != tomoyo_rw_mask
)
876 acl
->perm
&= ~(1 << TOMOYO_TYPE_READ_WRITE
);
877 else if (!(acl
->perm
& (1 << TOMOYO_TYPE_READ_WRITE
)))
878 acl
->perm
&= ~tomoyo_rw_mask
;
881 if ((acl
->perm
& tomoyo_rw_mask
) == tomoyo_rw_mask
)
882 acl
->perm
|= 1 << TOMOYO_TYPE_READ_WRITE
;
883 else if (acl
->perm
& (1 << TOMOYO_TYPE_READ_WRITE
))
884 acl
->perm
|= tomoyo_rw_mask
;
889 if (!is_delete
&& error
) {
890 struct tomoyo_path_acl
*entry
=
891 tomoyo_commit_ok(&e
, sizeof(e
));
893 list_add_tail_rcu(&entry
->head
.list
,
894 &domain
->acl_info_list
);
898 mutex_unlock(&tomoyo_policy_lock
);
900 tomoyo_put_name_union(&e
.name
);
905 * tomoyo_update_path_number3_acl - Update "struct tomoyo_path_number3_acl" list.
907 * @type: Type of operation.
908 * @filename: Filename.
909 * @mode: Create mode.
910 * @major: Device major number.
911 * @minor: Device minor number.
912 * @domain: Pointer to "struct tomoyo_domain_info".
913 * @is_delete: True if it is a delete request.
915 * Returns 0 on success, negative value otherwise.
917 static inline int tomoyo_update_path_number3_acl(const u8 type
,
918 const char *filename
,
920 char *major
, char *minor
,
921 struct tomoyo_domain_info
*
923 const bool is_delete
)
925 const u8 perm
= 1 << type
;
926 struct tomoyo_acl_info
*ptr
;
927 struct tomoyo_path_number3_acl e
= {
928 .head
.type
= TOMOYO_TYPE_PATH_NUMBER3_ACL
,
931 int error
= is_delete
? -ENOENT
: -ENOMEM
;
932 if (!tomoyo_parse_name_union(filename
, &e
.name
) ||
933 !tomoyo_parse_number_union(mode
, &e
.mode
) ||
934 !tomoyo_parse_number_union(major
, &e
.major
) ||
935 !tomoyo_parse_number_union(minor
, &e
.minor
))
937 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
939 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
940 struct tomoyo_path_number3_acl
*acl
=
941 container_of(ptr
, struct tomoyo_path_number3_acl
, head
);
942 if (!tomoyo_is_same_path_number3_acl(acl
, &e
))
951 if (!is_delete
&& error
) {
952 struct tomoyo_path_number3_acl
*entry
=
953 tomoyo_commit_ok(&e
, sizeof(e
));
955 list_add_tail_rcu(&entry
->head
.list
,
956 &domain
->acl_info_list
);
960 mutex_unlock(&tomoyo_policy_lock
);
962 tomoyo_put_name_union(&e
.name
);
963 tomoyo_put_number_union(&e
.mode
);
964 tomoyo_put_number_union(&e
.major
);
965 tomoyo_put_number_union(&e
.minor
);
970 * tomoyo_update_path2_acl - Update "struct tomoyo_path2_acl" list.
972 * @type: Type of operation.
973 * @filename1: First filename.
974 * @filename2: Second filename.
975 * @domain: Pointer to "struct tomoyo_domain_info".
976 * @is_delete: True if it is a delete request.
978 * Returns 0 on success, negative value otherwise.
980 * Caller holds tomoyo_read_lock().
982 static int tomoyo_update_path2_acl(const u8 type
, const char *filename1
,
983 const char *filename2
,
984 struct tomoyo_domain_info
*const domain
,
985 const bool is_delete
)
987 const u8 perm
= 1 << type
;
988 struct tomoyo_path2_acl e
= {
989 .head
.type
= TOMOYO_TYPE_PATH2_ACL
,
992 struct tomoyo_acl_info
*ptr
;
993 int error
= is_delete
? -ENOENT
: -ENOMEM
;
997 if (!tomoyo_parse_name_union(filename1
, &e
.name1
) ||
998 !tomoyo_parse_name_union(filename2
, &e
.name2
))
1000 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
1002 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1003 struct tomoyo_path2_acl
*acl
=
1004 container_of(ptr
, struct tomoyo_path2_acl
, head
);
1005 if (!tomoyo_is_same_path2_acl(acl
, &e
))
1014 if (!is_delete
&& error
) {
1015 struct tomoyo_path2_acl
*entry
=
1016 tomoyo_commit_ok(&e
, sizeof(e
));
1018 list_add_tail_rcu(&entry
->head
.list
,
1019 &domain
->acl_info_list
);
1023 mutex_unlock(&tomoyo_policy_lock
);
1025 tomoyo_put_name_union(&e
.name1
);
1026 tomoyo_put_name_union(&e
.name2
);
1031 * tomoyo_path_number3_acl - Check permission for path/number/number/number operation.
1033 * @r: Pointer to "struct tomoyo_request_info".
1034 * @filename: Filename to check.
1035 * @perm: Permission.
1036 * @mode: Create mode.
1037 * @major: Device major number.
1038 * @minor: Device minor number.
1040 * Returns 0 on success, -EPERM otherwise.
1042 * Caller holds tomoyo_read_lock().
1044 static int tomoyo_path_number3_acl(struct tomoyo_request_info
*r
,
1045 const struct tomoyo_path_info
*filename
,
1046 const u16 perm
, const unsigned int mode
,
1047 const unsigned int major
,
1048 const unsigned int minor
)
1050 struct tomoyo_domain_info
*domain
= r
->domain
;
1051 struct tomoyo_acl_info
*ptr
;
1053 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1054 struct tomoyo_path_number3_acl
*acl
;
1055 if (ptr
->type
!= TOMOYO_TYPE_PATH_NUMBER3_ACL
)
1057 acl
= container_of(ptr
, struct tomoyo_path_number3_acl
, head
);
1058 if (!tomoyo_compare_number_union(mode
, &acl
->mode
))
1060 if (!tomoyo_compare_number_union(major
, &acl
->major
))
1062 if (!tomoyo_compare_number_union(minor
, &acl
->minor
))
1064 if (!(acl
->perm
& perm
))
1066 if (!tomoyo_compare_name_union(filename
, &acl
->name
))
1075 * tomoyo_path2_acl - Check permission for double path operation.
1077 * @r: Pointer to "struct tomoyo_request_info".
1078 * @type: Type of operation.
1079 * @filename1: First filename to check.
1080 * @filename2: Second filename to check.
1082 * Returns 0 on success, -EPERM otherwise.
1084 * Caller holds tomoyo_read_lock().
1086 static int tomoyo_path2_acl(const struct tomoyo_request_info
*r
, const u8 type
,
1087 const struct tomoyo_path_info
*filename1
,
1088 const struct tomoyo_path_info
*filename2
)
1090 const struct tomoyo_domain_info
*domain
= r
->domain
;
1091 struct tomoyo_acl_info
*ptr
;
1092 const u8 perm
= 1 << type
;
1095 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1096 struct tomoyo_path2_acl
*acl
;
1097 if (ptr
->type
!= TOMOYO_TYPE_PATH2_ACL
)
1099 acl
= container_of(ptr
, struct tomoyo_path2_acl
, head
);
1100 if (!(acl
->perm
& perm
))
1102 if (!tomoyo_compare_name_union(filename1
, &acl
->name1
))
1104 if (!tomoyo_compare_name_union(filename2
, &acl
->name2
))
1113 * tomoyo_path_permission - Check permission for single path operation.
1115 * @r: Pointer to "struct tomoyo_request_info".
1116 * @operation: Type of operation.
1117 * @filename: Filename to check.
1119 * Returns 0 on success, negative value otherwise.
1121 * Caller holds tomoyo_read_lock().
1123 static int tomoyo_path_permission(struct tomoyo_request_info
*r
, u8 operation
,
1124 const struct tomoyo_path_info
*filename
)
1129 error
= tomoyo_path_acl(r
, filename
, 1 << operation
, 1);
1132 tomoyo_warn_log(r
, "%s %s", tomoyo_path2keyword(operation
),
1134 if (tomoyo_domain_quota_is_ok(r
)) {
1135 const char *name
= tomoyo_get_file_pattern(filename
)->name
;
1136 tomoyo_update_path_acl(operation
, name
, r
->domain
, false);
1138 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1142 * Since "allow_truncate" doesn't imply "allow_rewrite" permission,
1143 * we need to check "allow_rewrite" permission if the filename is
1144 * specified by "deny_rewrite" keyword.
1146 if (!error
&& operation
== TOMOYO_TYPE_TRUNCATE
&&
1147 tomoyo_is_no_rewrite_file(filename
)) {
1148 operation
= TOMOYO_TYPE_REWRITE
;
1155 * tomoyo_path_number_acl - Check permission for ioctl/chmod/chown/chgrp operation.
1157 * @r: Pointer to "struct tomoyo_request_info".
1159 * @filename: Filename to check.
1162 * Returns 0 on success, -EPERM otherwise.
1164 * Caller holds tomoyo_read_lock().
1166 static int tomoyo_path_number_acl(struct tomoyo_request_info
*r
, const u8 type
,
1167 const struct tomoyo_path_info
*filename
,
1168 const unsigned long number
)
1170 struct tomoyo_domain_info
*domain
= r
->domain
;
1171 struct tomoyo_acl_info
*ptr
;
1172 const u8 perm
= 1 << type
;
1174 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1175 struct tomoyo_path_number_acl
*acl
;
1176 if (ptr
->type
!= TOMOYO_TYPE_PATH_NUMBER_ACL
)
1178 acl
= container_of(ptr
, struct tomoyo_path_number_acl
,
1180 if (!(acl
->perm
& perm
) ||
1181 !tomoyo_compare_number_union(number
, &acl
->number
) ||
1182 !tomoyo_compare_name_union(filename
, &acl
->name
))
1191 * tomoyo_update_path_number_acl - Update ioctl/chmod/chown/chgrp ACL.
1193 * @type: Type of operation.
1194 * @filename: Filename.
1196 * @domain: Pointer to "struct tomoyo_domain_info".
1197 * @is_delete: True if it is a delete request.
1199 * Returns 0 on success, negative value otherwise.
1201 static inline int tomoyo_update_path_number_acl(const u8 type
,
1202 const char *filename
,
1204 struct tomoyo_domain_info
*
1206 const bool is_delete
)
1208 const u8 perm
= 1 << type
;
1209 struct tomoyo_acl_info
*ptr
;
1210 struct tomoyo_path_number_acl e
= {
1211 .head
.type
= TOMOYO_TYPE_PATH_NUMBER_ACL
,
1214 int error
= is_delete
? -ENOENT
: -ENOMEM
;
1217 if (!tomoyo_parse_name_union(filename
, &e
.name
))
1219 if (!tomoyo_parse_number_union(number
, &e
.number
))
1221 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
1223 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1224 struct tomoyo_path_number_acl
*acl
=
1225 container_of(ptr
, struct tomoyo_path_number_acl
, head
);
1226 if (!tomoyo_is_same_path_number_acl(acl
, &e
))
1235 if (!is_delete
&& error
) {
1236 struct tomoyo_path_number_acl
*entry
=
1237 tomoyo_commit_ok(&e
, sizeof(e
));
1239 list_add_tail_rcu(&entry
->head
.list
,
1240 &domain
->acl_info_list
);
1244 mutex_unlock(&tomoyo_policy_lock
);
1246 tomoyo_put_name_union(&e
.name
);
1247 tomoyo_put_number_union(&e
.number
);
1252 * tomoyo_path_number_perm2 - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1254 * @r: Pointer to "strct tomoyo_request_info".
1255 * @filename: Filename to check.
1258 * Returns 0 on success, negative value otherwise.
1260 * Caller holds tomoyo_read_lock().
1262 static int tomoyo_path_number_perm2(struct tomoyo_request_info
*r
,
1264 const struct tomoyo_path_info
*filename
,
1265 const unsigned long number
)
1274 case TOMOYO_TYPE_CREATE
:
1275 case TOMOYO_TYPE_MKDIR
:
1276 case TOMOYO_TYPE_MKFIFO
:
1277 case TOMOYO_TYPE_MKSOCK
:
1278 case TOMOYO_TYPE_CHMOD
:
1279 radix
= TOMOYO_VALUE_TYPE_OCTAL
;
1281 case TOMOYO_TYPE_IOCTL
:
1282 radix
= TOMOYO_VALUE_TYPE_HEXADECIMAL
;
1285 radix
= TOMOYO_VALUE_TYPE_DECIMAL
;
1288 tomoyo_print_ulong(buffer
, sizeof(buffer
), number
, radix
);
1289 error
= tomoyo_path_number_acl(r
, type
, filename
, number
);
1292 tomoyo_warn_log(r
, "%s %s %s", tomoyo_path_number2keyword(type
),
1293 filename
->name
, buffer
);
1294 if (tomoyo_domain_quota_is_ok(r
))
1295 tomoyo_update_path_number_acl(type
,
1296 tomoyo_get_file_pattern(filename
)
1297 ->name
, buffer
, r
->domain
, false);
1298 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1304 * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1306 * @type: Type of operation.
1307 * @path: Pointer to "struct path".
1310 * Returns 0 on success, negative value otherwise.
1312 int tomoyo_path_number_perm(const u8 type
, struct path
*path
,
1313 unsigned long number
)
1315 struct tomoyo_request_info r
;
1316 int error
= -ENOMEM
;
1317 struct tomoyo_path_info
*buf
;
1320 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1321 !path
->mnt
|| !path
->dentry
)
1323 idx
= tomoyo_read_lock();
1324 buf
= tomoyo_get_path(path
);
1327 if (type
== TOMOYO_TYPE_MKDIR
&& !buf
->is_dir
) {
1329 * tomoyo_get_path() reserves space for appending "/."
1331 strcat((char *) buf
->name
, "/");
1332 tomoyo_fill_path_info(buf
);
1334 error
= tomoyo_path_number_perm2(&r
, type
, buf
, number
);
1337 tomoyo_read_unlock(idx
);
1338 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1344 * tomoyo_check_exec_perm - Check permission for "execute".
1346 * @domain: Pointer to "struct tomoyo_domain_info".
1347 * @filename: Check permission for "execute".
1349 * Returns 0 on success, negativevalue otherwise.
1351 * Caller holds tomoyo_read_lock().
1353 int tomoyo_check_exec_perm(struct tomoyo_domain_info
*domain
,
1354 const struct tomoyo_path_info
*filename
)
1356 struct tomoyo_request_info r
;
1358 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
)
1360 return tomoyo_file_perm(&r
, filename
, 1);
1364 * tomoyo_check_open_permission - Check permission for "read" and "write".
1366 * @domain: Pointer to "struct tomoyo_domain_info".
1367 * @path: Pointer to "struct path".
1368 * @flag: Flags for open().
1370 * Returns 0 on success, negative value otherwise.
1372 int tomoyo_check_open_permission(struct tomoyo_domain_info
*domain
,
1373 struct path
*path
, const int flag
)
1375 const u8 acc_mode
= ACC_MODE(flag
);
1376 int error
= -ENOMEM
;
1377 struct tomoyo_path_info
*buf
;
1378 struct tomoyo_request_info r
;
1381 if (tomoyo_init_request_info(&r
, domain
) == TOMOYO_CONFIG_DISABLED
||
1386 if (path
->dentry
->d_inode
&& S_ISDIR(path
->dentry
->d_inode
->i_mode
))
1388 * I don't check directories here because mkdir() and rmdir()
1392 idx
= tomoyo_read_lock();
1393 buf
= tomoyo_get_path(path
);
1398 * If the filename is specified by "deny_rewrite" keyword,
1399 * we need to check "allow_rewrite" permission when the filename is not
1400 * opened for append mode or the filename is truncated at open time.
1402 if ((acc_mode
& MAY_WRITE
) &&
1403 ((flag
& O_TRUNC
) || !(flag
& O_APPEND
)) &&
1404 (tomoyo_is_no_rewrite_file(buf
))) {
1405 error
= tomoyo_path_permission(&r
, TOMOYO_TYPE_REWRITE
, buf
);
1408 error
= tomoyo_file_perm(&r
, buf
, acc_mode
);
1409 if (!error
&& (flag
& O_TRUNC
))
1410 error
= tomoyo_path_permission(&r
, TOMOYO_TYPE_TRUNCATE
, buf
);
1413 tomoyo_read_unlock(idx
);
1414 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1420 * tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "rewrite", "chroot" and "unmount".
1422 * @operation: Type of operation.
1423 * @path: Pointer to "struct path".
1425 * Returns 0 on success, negative value otherwise.
1427 int tomoyo_path_perm(const u8 operation
, struct path
*path
)
1429 int error
= -ENOMEM
;
1430 struct tomoyo_path_info
*buf
;
1431 struct tomoyo_request_info r
;
1434 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1437 idx
= tomoyo_read_lock();
1438 buf
= tomoyo_get_path(path
);
1441 switch (operation
) {
1442 case TOMOYO_TYPE_REWRITE
:
1443 if (!tomoyo_is_no_rewrite_file(buf
)) {
1448 case TOMOYO_TYPE_RMDIR
:
1449 case TOMOYO_TYPE_CHROOT
:
1452 * tomoyo_get_path() reserves space for appending "/."
1454 strcat((char *) buf
->name
, "/");
1455 tomoyo_fill_path_info(buf
);
1458 error
= tomoyo_path_permission(&r
, operation
, buf
);
1461 tomoyo_read_unlock(idx
);
1462 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1468 * tomoyo_path_number3_perm2 - Check permission for path/number/number/number operation.
1470 * @r: Pointer to "struct tomoyo_request_info".
1471 * @operation: Type of operation.
1472 * @filename: Filename to check.
1473 * @mode: Create mode.
1474 * @dev: Device number.
1476 * Returns 0 on success, negative value otherwise.
1478 * Caller holds tomoyo_read_lock().
1480 static int tomoyo_path_number3_perm2(struct tomoyo_request_info
*r
,
1482 const struct tomoyo_path_info
*filename
,
1483 const unsigned int mode
,
1484 const unsigned int dev
)
1487 const unsigned int major
= MAJOR(dev
);
1488 const unsigned int minor
= MINOR(dev
);
1490 error
= tomoyo_path_number3_acl(r
, filename
, 1 << operation
, mode
,
1494 tomoyo_warn_log(r
, "%s %s 0%o %u %u",
1495 tomoyo_path_number32keyword(operation
),
1496 filename
->name
, mode
, major
, minor
);
1497 if (tomoyo_domain_quota_is_ok(r
)) {
1501 memset(mode_buf
, 0, sizeof(mode_buf
));
1502 memset(major_buf
, 0, sizeof(major_buf
));
1503 memset(minor_buf
, 0, sizeof(minor_buf
));
1504 snprintf(mode_buf
, sizeof(mode_buf
) - 1, "0%o", mode
);
1505 snprintf(major_buf
, sizeof(major_buf
) - 1, "%u", major
);
1506 snprintf(minor_buf
, sizeof(minor_buf
) - 1, "%u", minor
);
1507 tomoyo_update_path_number3_acl(operation
,
1508 tomoyo_get_file_pattern(filename
)
1509 ->name
, mode_buf
, major_buf
,
1510 minor_buf
, r
->domain
, false);
1512 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1518 * tomoyo_path_number3_perm - Check permission for "mkblock" and "mkchar".
1520 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)
1521 * @path: Pointer to "struct path".
1522 * @mode: Create mode.
1523 * @dev: Device number.
1525 * Returns 0 on success, negative value otherwise.
1527 int tomoyo_path_number3_perm(const u8 operation
, struct path
*path
,
1528 const unsigned int mode
, unsigned int dev
)
1530 struct tomoyo_request_info r
;
1531 int error
= -ENOMEM
;
1532 struct tomoyo_path_info
*buf
;
1535 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1538 idx
= tomoyo_read_lock();
1540 buf
= tomoyo_get_path(path
);
1542 error
= tomoyo_path_number3_perm2(&r
, operation
, buf
, mode
,
1543 new_decode_dev(dev
));
1546 tomoyo_read_unlock(idx
);
1547 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1553 * tomoyo_path2_perm - Check permission for "rename", "link" and "pivot_root".
1555 * @operation: Type of operation.
1556 * @path1: Pointer to "struct path".
1557 * @path2: Pointer to "struct path".
1559 * Returns 0 on success, negative value otherwise.
1561 int tomoyo_path2_perm(const u8 operation
, struct path
*path1
,
1564 int error
= -ENOMEM
;
1565 struct tomoyo_path_info
*buf1
;
1566 struct tomoyo_path_info
*buf2
;
1567 struct tomoyo_request_info r
;
1570 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1571 !path1
->mnt
|| !path2
->mnt
)
1573 idx
= tomoyo_read_lock();
1574 buf1
= tomoyo_get_path(path1
);
1575 buf2
= tomoyo_get_path(path2
);
1579 struct dentry
*dentry
= path1
->dentry
;
1580 if (dentry
->d_inode
&& S_ISDIR(dentry
->d_inode
->i_mode
)) {
1582 * tomoyo_get_path() reserves space for appending "/."
1584 if (!buf1
->is_dir
) {
1585 strcat((char *) buf1
->name
, "/");
1586 tomoyo_fill_path_info(buf1
);
1588 if (!buf2
->is_dir
) {
1589 strcat((char *) buf2
->name
, "/");
1590 tomoyo_fill_path_info(buf2
);
1594 error
= tomoyo_path2_acl(&r
, operation
, buf1
, buf2
);
1597 tomoyo_warn_log(&r
, "%s %s %s", tomoyo_path22keyword(operation
),
1598 buf1
->name
, buf2
->name
);
1599 if (tomoyo_domain_quota_is_ok(&r
)) {
1600 const char *name1
= tomoyo_get_file_pattern(buf1
)->name
;
1601 const char *name2
= tomoyo_get_file_pattern(buf2
)->name
;
1602 tomoyo_update_path2_acl(operation
, name1
, name2
, r
.domain
,
1608 tomoyo_read_unlock(idx
);
1609 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1615 * tomoyo_write_file_policy - Update file related list.
1617 * @data: String to parse.
1618 * @domain: Pointer to "struct tomoyo_domain_info".
1619 * @is_delete: True if it is a delete request.
1621 * Returns 0 on success, negative value otherwise.
1623 * Caller holds tomoyo_read_lock().
1625 int tomoyo_write_file_policy(char *data
, struct tomoyo_domain_info
*domain
,
1626 const bool is_delete
)
1630 if (!tomoyo_tokenize(data
, w
, sizeof(w
)) || !w
[1][0])
1632 if (strncmp(w
[0], "allow_", 6)) {
1634 if (sscanf(w
[0], "%u", &perm
) == 1)
1635 return tomoyo_update_file_acl((u8
) perm
, w
[1], domain
,
1640 for (type
= 0; type
< TOMOYO_MAX_PATH_OPERATION
; type
++) {
1641 if (strcmp(w
[0], tomoyo_path_keyword
[type
]))
1643 return tomoyo_update_path_acl(type
, w
[1], domain
, is_delete
);
1647 for (type
= 0; type
< TOMOYO_MAX_PATH2_OPERATION
; type
++) {
1648 if (strcmp(w
[0], tomoyo_path2_keyword
[type
]))
1650 return tomoyo_update_path2_acl(type
, w
[1], w
[2], domain
,
1653 for (type
= 0; type
< TOMOYO_MAX_PATH_NUMBER_OPERATION
; type
++) {
1654 if (strcmp(w
[0], tomoyo_path_number_keyword
[type
]))
1656 return tomoyo_update_path_number_acl(type
, w
[1], w
[2], domain
,
1659 if (!w
[3][0] || !w
[4][0])
1661 for (type
= 0; type
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
; type
++) {
1662 if (strcmp(w
[0], tomoyo_path_number3_keyword
[type
]))
1664 return tomoyo_update_path_number3_acl(type
, w
[1], w
[2], w
[3],
1665 w
[4], domain
, is_delete
);