2 * security/tomoyo/file.c
4 * Pathname restriction functions.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
10 #include <linux/slab.h>
12 /* Keyword array for operations with one pathname. */
13 static const char *tomoyo_path_keyword
[TOMOYO_MAX_PATH_OPERATION
] = {
14 [TOMOYO_TYPE_READ_WRITE
] = "read/write",
15 [TOMOYO_TYPE_EXECUTE
] = "execute",
16 [TOMOYO_TYPE_READ
] = "read",
17 [TOMOYO_TYPE_WRITE
] = "write",
18 [TOMOYO_TYPE_UNLINK
] = "unlink",
19 [TOMOYO_TYPE_RMDIR
] = "rmdir",
20 [TOMOYO_TYPE_TRUNCATE
] = "truncate",
21 [TOMOYO_TYPE_SYMLINK
] = "symlink",
22 [TOMOYO_TYPE_REWRITE
] = "rewrite",
23 [TOMOYO_TYPE_CHROOT
] = "chroot",
24 [TOMOYO_TYPE_UMOUNT
] = "unmount",
27 /* Keyword array for operations with one pathname and three numbers. */
28 static const char *tomoyo_path_number3_keyword
29 [TOMOYO_MAX_PATH_NUMBER3_OPERATION
] = {
30 [TOMOYO_TYPE_MKBLOCK
] = "mkblock",
31 [TOMOYO_TYPE_MKCHAR
] = "mkchar",
34 /* Keyword array for operations with two pathnames. */
35 static const char *tomoyo_path2_keyword
[TOMOYO_MAX_PATH2_OPERATION
] = {
36 [TOMOYO_TYPE_LINK
] = "link",
37 [TOMOYO_TYPE_RENAME
] = "rename",
38 [TOMOYO_TYPE_PIVOT_ROOT
] = "pivot_root",
41 /* Keyword array for operations with one pathname and one number. */
42 static const char *tomoyo_path_number_keyword
43 [TOMOYO_MAX_PATH_NUMBER_OPERATION
] = {
44 [TOMOYO_TYPE_CREATE
] = "create",
45 [TOMOYO_TYPE_MKDIR
] = "mkdir",
46 [TOMOYO_TYPE_MKFIFO
] = "mkfifo",
47 [TOMOYO_TYPE_MKSOCK
] = "mksock",
48 [TOMOYO_TYPE_IOCTL
] = "ioctl",
49 [TOMOYO_TYPE_CHMOD
] = "chmod",
50 [TOMOYO_TYPE_CHOWN
] = "chown",
51 [TOMOYO_TYPE_CHGRP
] = "chgrp",
54 void tomoyo_put_name_union(struct tomoyo_name_union
*ptr
)
59 tomoyo_put_path_group(ptr
->group
);
61 tomoyo_put_name(ptr
->filename
);
64 bool tomoyo_compare_name_union(const struct tomoyo_path_info
*name
,
65 const struct tomoyo_name_union
*ptr
)
68 return tomoyo_path_matches_group(name
, ptr
->group
, 1);
69 return tomoyo_path_matches_pattern(name
, ptr
->filename
);
72 static bool tomoyo_compare_name_union_pattern(const struct tomoyo_path_info
74 const struct tomoyo_name_union
75 *ptr
, const bool may_use_pattern
)
78 return tomoyo_path_matches_group(name
, ptr
->group
,
80 if (may_use_pattern
|| !ptr
->filename
->is_patterned
)
81 return tomoyo_path_matches_pattern(name
, ptr
->filename
);
85 void tomoyo_put_number_union(struct tomoyo_number_union
*ptr
)
87 if (ptr
&& ptr
->is_group
)
88 tomoyo_put_number_group(ptr
->group
);
91 bool tomoyo_compare_number_union(const unsigned long value
,
92 const struct tomoyo_number_union
*ptr
)
95 return tomoyo_number_matches_group(value
, value
, ptr
->group
);
96 return value
>= ptr
->values
[0] && value
<= ptr
->values
[1];
100 * tomoyo_path2keyword - Get the name of single path operation.
102 * @operation: Type of operation.
104 * Returns the name of single path operation.
106 const char *tomoyo_path2keyword(const u8 operation
)
108 return (operation
< TOMOYO_MAX_PATH_OPERATION
)
109 ? tomoyo_path_keyword
[operation
] : NULL
;
113 * tomoyo_path_number32keyword - Get the name of path/number/number/number operations.
115 * @operation: Type of operation.
117 * Returns the name of path/number/number/number operation.
119 const char *tomoyo_path_number32keyword(const u8 operation
)
121 return (operation
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
)
122 ? tomoyo_path_number3_keyword
[operation
] : NULL
;
126 * tomoyo_path22keyword - Get the name of double path operation.
128 * @operation: Type of operation.
130 * Returns the name of double path operation.
132 const char *tomoyo_path22keyword(const u8 operation
)
134 return (operation
< TOMOYO_MAX_PATH2_OPERATION
)
135 ? tomoyo_path2_keyword
[operation
] : NULL
;
139 * tomoyo_path_number2keyword - Get the name of path/number operations.
141 * @operation: Type of operation.
143 * Returns the name of path/number operation.
145 const char *tomoyo_path_number2keyword(const u8 operation
)
147 return (operation
< TOMOYO_MAX_PATH_NUMBER_OPERATION
)
148 ? tomoyo_path_number_keyword
[operation
] : NULL
;
152 * tomoyo_strendswith - Check whether the token ends with the given token.
154 * @name: The token to check.
155 * @tail: The token to find.
157 * Returns true if @name ends with @tail, false otherwise.
159 static bool tomoyo_strendswith(const char *name
, const char *tail
)
165 len
= strlen(name
) - strlen(tail
);
166 return len
>= 0 && !strcmp(name
+ len
, tail
);
170 * tomoyo_get_path - Get realpath.
172 * @path: Pointer to "struct path".
174 * Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise.
176 static struct tomoyo_path_info
*tomoyo_get_path(struct path
*path
)
179 struct tomoyo_path_info_with_data
*buf
= kzalloc(sizeof(*buf
),
184 /* Reserve one byte for appending "/". */
185 error
= tomoyo_realpath_from_path2(path
, buf
->body
,
186 sizeof(buf
->body
) - 2);
188 buf
->head
.name
= buf
->body
;
189 tomoyo_fill_path_info(&buf
->head
);
196 static int tomoyo_update_path2_acl(const u8 type
, const char *filename1
,
197 const char *filename2
,
198 struct tomoyo_domain_info
*const domain
,
199 const bool is_delete
);
200 static int tomoyo_update_path_acl(const u8 type
, const char *filename
,
201 struct tomoyo_domain_info
*const domain
,
202 const bool is_delete
);
205 * tomoyo_globally_readable_list is used for holding list of pathnames which
206 * are by default allowed to be open()ed for reading by any process.
208 * An entry is added by
210 * # echo 'allow_read /lib/libc-2.5.so' > \
211 * /sys/kernel/security/tomoyo/exception_policy
215 * # echo 'delete allow_read /lib/libc-2.5.so' > \
216 * /sys/kernel/security/tomoyo/exception_policy
218 * and all entries are retrieved by
220 * # grep ^allow_read /sys/kernel/security/tomoyo/exception_policy
222 * In the example above, any process is allowed to
223 * open("/lib/libc-2.5.so", O_RDONLY).
224 * One exception is, if the domain which current process belongs to is marked
225 * as "ignore_global_allow_read", current process can't do so unless explicitly
226 * given "allow_read /lib/libc-2.5.so" to the domain which current process
229 LIST_HEAD(tomoyo_globally_readable_list
);
232 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
234 * @filename: Filename unconditionally permitted to open() for reading.
235 * @is_delete: True if it is a delete request.
237 * Returns 0 on success, negative value otherwise.
239 * Caller holds tomoyo_read_lock().
241 static int tomoyo_update_globally_readable_entry(const char *filename
,
242 const bool is_delete
)
244 struct tomoyo_globally_readable_file_entry
*ptr
;
245 struct tomoyo_globally_readable_file_entry e
= { };
246 int error
= is_delete
? -ENOENT
: -ENOMEM
;
248 if (!tomoyo_is_correct_path(filename
, 1, 0, -1))
250 e
.filename
= tomoyo_get_name(filename
);
253 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
255 list_for_each_entry_rcu(ptr
, &tomoyo_globally_readable_list
, list
) {
256 if (ptr
->filename
!= e
.filename
)
258 ptr
->is_deleted
= is_delete
;
262 if (!is_delete
&& error
) {
263 struct tomoyo_globally_readable_file_entry
*entry
=
264 tomoyo_commit_ok(&e
, sizeof(e
));
266 list_add_tail_rcu(&entry
->list
,
267 &tomoyo_globally_readable_list
);
271 mutex_unlock(&tomoyo_policy_lock
);
273 tomoyo_put_name(e
.filename
);
278 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
280 * @filename: The filename to check.
282 * Returns true if any domain can open @filename for reading, false otherwise.
284 * Caller holds tomoyo_read_lock().
286 static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info
*
289 struct tomoyo_globally_readable_file_entry
*ptr
;
292 list_for_each_entry_rcu(ptr
, &tomoyo_globally_readable_list
, list
) {
293 if (!ptr
->is_deleted
&&
294 tomoyo_path_matches_pattern(filename
, ptr
->filename
)) {
303 * tomoyo_write_globally_readable_policy - Write "struct tomoyo_globally_readable_file_entry" list.
305 * @data: String to parse.
306 * @is_delete: True if it is a delete request.
308 * Returns 0 on success, negative value otherwise.
310 * Caller holds tomoyo_read_lock().
312 int tomoyo_write_globally_readable_policy(char *data
, const bool is_delete
)
314 return tomoyo_update_globally_readable_entry(data
, is_delete
);
318 * tomoyo_read_globally_readable_policy - Read "struct tomoyo_globally_readable_file_entry" list.
320 * @head: Pointer to "struct tomoyo_io_buffer".
322 * Returns true on success, false otherwise.
324 * Caller holds tomoyo_read_lock().
326 bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer
*head
)
328 struct list_head
*pos
;
331 list_for_each_cookie(pos
, head
->read_var2
,
332 &tomoyo_globally_readable_list
) {
333 struct tomoyo_globally_readable_file_entry
*ptr
;
334 ptr
= list_entry(pos
,
335 struct tomoyo_globally_readable_file_entry
,
339 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_ALLOW_READ
"%s\n",
340 ptr
->filename
->name
);
347 /* tomoyo_pattern_list is used for holding list of pathnames which are used for
348 * converting pathnames to pathname patterns during learning mode.
350 * An entry is added by
352 * # echo 'file_pattern /proc/\$/mounts' > \
353 * /sys/kernel/security/tomoyo/exception_policy
357 * # echo 'delete file_pattern /proc/\$/mounts' > \
358 * /sys/kernel/security/tomoyo/exception_policy
360 * and all entries are retrieved by
362 * # grep ^file_pattern /sys/kernel/security/tomoyo/exception_policy
364 * In the example above, if a process which belongs to a domain which is in
365 * learning mode requested open("/proc/1/mounts", O_RDONLY),
366 * "allow_read /proc/\$/mounts" is automatically added to the domain which that
367 * process belongs to.
369 * It is not a desirable behavior that we have to use /proc/\$/ instead of
370 * /proc/self/ when current process needs to access only current process's
371 * information. As of now, LSM version of TOMOYO is using __d_path() for
372 * calculating pathname. Non LSM version of TOMOYO is using its own function
373 * which pretends as if /proc/self/ is not a symlink; so that we can forbid
374 * current process from accessing other process's information.
376 LIST_HEAD(tomoyo_pattern_list
);
379 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
381 * @pattern: Pathname pattern.
382 * @is_delete: True if it is a delete request.
384 * Returns 0 on success, negative value otherwise.
386 * Caller holds tomoyo_read_lock().
388 static int tomoyo_update_file_pattern_entry(const char *pattern
,
389 const bool is_delete
)
391 struct tomoyo_pattern_entry
*ptr
;
392 struct tomoyo_pattern_entry e
= { .pattern
= tomoyo_get_name(pattern
) };
393 int error
= is_delete
? -ENOENT
: -ENOMEM
;
397 if (!e
.pattern
->is_patterned
)
399 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
401 list_for_each_entry_rcu(ptr
, &tomoyo_pattern_list
, list
) {
402 if (e
.pattern
!= ptr
->pattern
)
404 ptr
->is_deleted
= is_delete
;
408 if (!is_delete
&& error
) {
409 struct tomoyo_pattern_entry
*entry
=
410 tomoyo_commit_ok(&e
, sizeof(e
));
412 list_add_tail_rcu(&entry
->list
, &tomoyo_pattern_list
);
416 mutex_unlock(&tomoyo_policy_lock
);
418 tomoyo_put_name(e
.pattern
);
423 * tomoyo_file_pattern - Get patterned pathname.
425 * @filename: The filename to find patterned pathname.
427 * Returns pointer to pathname pattern if matched, @filename otherwise.
429 * Caller holds tomoyo_read_lock().
431 const char *tomoyo_file_pattern(const struct tomoyo_path_info
*filename
)
433 struct tomoyo_pattern_entry
*ptr
;
434 const struct tomoyo_path_info
*pattern
= NULL
;
436 list_for_each_entry_rcu(ptr
, &tomoyo_pattern_list
, list
) {
439 if (!tomoyo_path_matches_pattern(filename
, ptr
->pattern
))
441 pattern
= ptr
->pattern
;
442 if (tomoyo_strendswith(pattern
->name
, "/\\*")) {
443 /* Do nothing. Try to find the better match. */
445 /* This would be the better match. Use this. */
451 return filename
->name
;
455 * tomoyo_write_pattern_policy - Write "struct tomoyo_pattern_entry" list.
457 * @data: String to parse.
458 * @is_delete: True if it is a delete request.
460 * Returns 0 on success, negative value otherwise.
462 * Caller holds tomoyo_read_lock().
464 int tomoyo_write_pattern_policy(char *data
, const bool is_delete
)
466 return tomoyo_update_file_pattern_entry(data
, is_delete
);
470 * tomoyo_read_file_pattern - Read "struct tomoyo_pattern_entry" list.
472 * @head: Pointer to "struct tomoyo_io_buffer".
474 * Returns true on success, false otherwise.
476 * Caller holds tomoyo_read_lock().
478 bool tomoyo_read_file_pattern(struct tomoyo_io_buffer
*head
)
480 struct list_head
*pos
;
483 list_for_each_cookie(pos
, head
->read_var2
, &tomoyo_pattern_list
) {
484 struct tomoyo_pattern_entry
*ptr
;
485 ptr
= list_entry(pos
, struct tomoyo_pattern_entry
, list
);
488 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_FILE_PATTERN
489 "%s\n", ptr
->pattern
->name
);
497 * tomoyo_no_rewrite_list is used for holding list of pathnames which are by
498 * default forbidden to modify already written content of a file.
500 * An entry is added by
502 * # echo 'deny_rewrite /var/log/messages' > \
503 * /sys/kernel/security/tomoyo/exception_policy
507 * # echo 'delete deny_rewrite /var/log/messages' > \
508 * /sys/kernel/security/tomoyo/exception_policy
510 * and all entries are retrieved by
512 * # grep ^deny_rewrite /sys/kernel/security/tomoyo/exception_policy
514 * In the example above, if a process requested to rewrite /var/log/messages ,
515 * the process can't rewrite unless the domain which that process belongs to
516 * has "allow_rewrite /var/log/messages" entry.
518 * It is not a desirable behavior that we have to add "\040(deleted)" suffix
519 * when we want to allow rewriting already unlink()ed file. As of now,
520 * LSM version of TOMOYO is using __d_path() for calculating pathname.
521 * Non LSM version of TOMOYO is using its own function which doesn't append
522 * " (deleted)" suffix if the file is already unlink()ed; so that we don't
523 * need to worry whether the file is already unlink()ed or not.
525 LIST_HEAD(tomoyo_no_rewrite_list
);
528 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.
530 * @pattern: Pathname pattern that are not rewritable by default.
531 * @is_delete: True if it is a delete request.
533 * Returns 0 on success, negative value otherwise.
535 * Caller holds tomoyo_read_lock().
537 static int tomoyo_update_no_rewrite_entry(const char *pattern
,
538 const bool is_delete
)
540 struct tomoyo_no_rewrite_entry
*ptr
;
541 struct tomoyo_no_rewrite_entry e
= { };
542 int error
= is_delete
? -ENOENT
: -ENOMEM
;
544 if (!tomoyo_is_correct_path(pattern
, 0, 0, 0))
546 e
.pattern
= tomoyo_get_name(pattern
);
549 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
551 list_for_each_entry_rcu(ptr
, &tomoyo_no_rewrite_list
, list
) {
552 if (ptr
->pattern
!= e
.pattern
)
554 ptr
->is_deleted
= is_delete
;
558 if (!is_delete
&& error
) {
559 struct tomoyo_no_rewrite_entry
*entry
=
560 tomoyo_commit_ok(&e
, sizeof(e
));
562 list_add_tail_rcu(&entry
->list
,
563 &tomoyo_no_rewrite_list
);
567 mutex_unlock(&tomoyo_policy_lock
);
569 tomoyo_put_name(e
.pattern
);
574 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
576 * @filename: Filename to check.
578 * Returns true if @filename is specified by "deny_rewrite" directive,
581 * Caller holds tomoyo_read_lock().
583 static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info
*filename
)
585 struct tomoyo_no_rewrite_entry
*ptr
;
588 list_for_each_entry_rcu(ptr
, &tomoyo_no_rewrite_list
, list
) {
591 if (!tomoyo_path_matches_pattern(filename
, ptr
->pattern
))
600 * tomoyo_write_no_rewrite_policy - Write "struct tomoyo_no_rewrite_entry" list.
602 * @data: String to parse.
603 * @is_delete: True if it is a delete request.
605 * Returns 0 on success, negative value otherwise.
607 * Caller holds tomoyo_read_lock().
609 int tomoyo_write_no_rewrite_policy(char *data
, const bool is_delete
)
611 return tomoyo_update_no_rewrite_entry(data
, is_delete
);
615 * tomoyo_read_no_rewrite_policy - Read "struct tomoyo_no_rewrite_entry" list.
617 * @head: Pointer to "struct tomoyo_io_buffer".
619 * Returns true on success, false otherwise.
621 * Caller holds tomoyo_read_lock().
623 bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer
*head
)
625 struct list_head
*pos
;
628 list_for_each_cookie(pos
, head
->read_var2
, &tomoyo_no_rewrite_list
) {
629 struct tomoyo_no_rewrite_entry
*ptr
;
630 ptr
= list_entry(pos
, struct tomoyo_no_rewrite_entry
, list
);
633 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_DENY_REWRITE
634 "%s\n", ptr
->pattern
->name
);
642 * tomoyo_update_file_acl - Update file's read/write/execute ACL.
644 * @perm: Permission (between 1 to 7).
645 * @filename: Filename.
646 * @domain: Pointer to "struct tomoyo_domain_info".
647 * @is_delete: True if it is a delete request.
649 * Returns 0 on success, negative value otherwise.
651 * This is legacy support interface for older policy syntax.
652 * Current policy syntax uses "allow_read/write" instead of "6",
653 * "allow_read" instead of "4", "allow_write" instead of "2",
654 * "allow_execute" instead of "1".
656 * Caller holds tomoyo_read_lock().
658 static int tomoyo_update_file_acl(u8 perm
, const char *filename
,
659 struct tomoyo_domain_info
* const domain
,
660 const bool is_delete
)
662 if (perm
> 7 || !perm
) {
663 printk(KERN_DEBUG
"%s: Invalid permission '%d %s'\n",
664 __func__
, perm
, filename
);
667 if (filename
[0] != '@' && tomoyo_strendswith(filename
, "/"))
669 * Only 'allow_mkdir' and 'allow_rmdir' are valid for
670 * directory permissions.
674 tomoyo_update_path_acl(TOMOYO_TYPE_READ
, filename
, domain
,
677 tomoyo_update_path_acl(TOMOYO_TYPE_WRITE
, filename
, domain
,
680 tomoyo_update_path_acl(TOMOYO_TYPE_EXECUTE
, filename
, domain
,
686 * tomoyo_path_acl - Check permission for single path operation.
688 * @r: Pointer to "struct tomoyo_request_info".
689 * @filename: Filename to check.
691 * @may_use_pattern: True if patterned ACL is permitted.
693 * Returns 0 on success, -EPERM otherwise.
695 * Caller holds tomoyo_read_lock().
697 static int tomoyo_path_acl(const struct tomoyo_request_info
*r
,
698 const struct tomoyo_path_info
*filename
,
699 const u32 perm
, const bool may_use_pattern
)
701 struct tomoyo_domain_info
*domain
= r
->domain
;
702 struct tomoyo_acl_info
*ptr
;
705 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
706 struct tomoyo_path_acl
*acl
;
707 if (ptr
->type
!= TOMOYO_TYPE_PATH_ACL
)
709 acl
= container_of(ptr
, struct tomoyo_path_acl
, head
);
710 if (!(acl
->perm
& perm
) ||
711 !tomoyo_compare_name_union_pattern(filename
, &acl
->name
,
721 * tomoyo_file_perm - Check permission for opening files.
723 * @r: Pointer to "struct tomoyo_request_info".
724 * @filename: Filename to check.
725 * @mode: Mode ("read" or "write" or "read/write" or "execute").
727 * Returns 0 on success, negative value otherwise.
729 * Caller holds tomoyo_read_lock().
731 static int tomoyo_file_perm(struct tomoyo_request_info
*r
,
732 const struct tomoyo_path_info
*filename
,
735 const char *msg
= "<unknown>";
743 msg
= tomoyo_path2keyword(TOMOYO_TYPE_READ_WRITE
);
744 perm
= 1 << TOMOYO_TYPE_READ_WRITE
;
745 } else if (mode
== 4) {
746 msg
= tomoyo_path2keyword(TOMOYO_TYPE_READ
);
747 perm
= 1 << TOMOYO_TYPE_READ
;
748 } else if (mode
== 2) {
749 msg
= tomoyo_path2keyword(TOMOYO_TYPE_WRITE
);
750 perm
= 1 << TOMOYO_TYPE_WRITE
;
751 } else if (mode
== 1) {
752 msg
= tomoyo_path2keyword(TOMOYO_TYPE_EXECUTE
);
753 perm
= 1 << TOMOYO_TYPE_EXECUTE
;
757 error
= tomoyo_path_acl(r
, filename
, perm
, mode
!= 1);
758 if (error
&& mode
== 4 && !r
->domain
->ignore_global_allow_read
759 && tomoyo_is_globally_readable_file(filename
))
763 tomoyo_warn_log(r
, "%s %s", msg
, filename
->name
);
764 error
= tomoyo_supervisor(r
, "allow_%s %s\n", msg
,
765 mode
== 1 ? filename
->name
:
766 tomoyo_file_pattern(filename
));
768 * Do not retry for execute request, for alias may have
771 } while (error
== TOMOYO_RETRY_REQUEST
&& mode
!= 1);
772 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
778 * tomoyo_update_path_acl - Update "struct tomoyo_path_acl" list.
780 * @type: Type of operation.
781 * @filename: Filename.
782 * @domain: Pointer to "struct tomoyo_domain_info".
783 * @is_delete: True if it is a delete request.
785 * Returns 0 on success, negative value otherwise.
787 * Caller holds tomoyo_read_lock().
789 static int tomoyo_update_path_acl(const u8 type
, const char *filename
,
790 struct tomoyo_domain_info
*const domain
,
791 const bool is_delete
)
793 static const u16 tomoyo_rw_mask
=
794 (1 << TOMOYO_TYPE_READ
) | (1 << TOMOYO_TYPE_WRITE
);
795 const u16 perm
= 1 << type
;
796 struct tomoyo_acl_info
*ptr
;
797 struct tomoyo_path_acl e
= {
798 .head
.type
= TOMOYO_TYPE_PATH_ACL
,
801 int error
= is_delete
? -ENOENT
: -ENOMEM
;
803 if (type
== TOMOYO_TYPE_READ_WRITE
)
804 e
.perm
|= tomoyo_rw_mask
;
807 if (!tomoyo_parse_name_union(filename
, &e
.name
))
809 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
811 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
812 struct tomoyo_path_acl
*acl
=
813 container_of(ptr
, struct tomoyo_path_acl
, head
);
814 if (!tomoyo_is_same_path_acl(acl
, &e
))
818 if ((acl
->perm
& tomoyo_rw_mask
) != tomoyo_rw_mask
)
819 acl
->perm
&= ~(1 << TOMOYO_TYPE_READ_WRITE
);
820 else if (!(acl
->perm
& (1 << TOMOYO_TYPE_READ_WRITE
)))
821 acl
->perm
&= ~tomoyo_rw_mask
;
824 if ((acl
->perm
& tomoyo_rw_mask
) == tomoyo_rw_mask
)
825 acl
->perm
|= 1 << TOMOYO_TYPE_READ_WRITE
;
826 else if (acl
->perm
& (1 << TOMOYO_TYPE_READ_WRITE
))
827 acl
->perm
|= tomoyo_rw_mask
;
832 if (!is_delete
&& error
) {
833 struct tomoyo_path_acl
*entry
=
834 tomoyo_commit_ok(&e
, sizeof(e
));
836 list_add_tail_rcu(&entry
->head
.list
,
837 &domain
->acl_info_list
);
841 mutex_unlock(&tomoyo_policy_lock
);
843 tomoyo_put_name_union(&e
.name
);
848 * tomoyo_update_path_number3_acl - Update "struct tomoyo_path_number3_acl" list.
850 * @type: Type of operation.
851 * @filename: Filename.
852 * @mode: Create mode.
853 * @major: Device major number.
854 * @minor: Device minor number.
855 * @domain: Pointer to "struct tomoyo_domain_info".
856 * @is_delete: True if it is a delete request.
858 * Returns 0 on success, negative value otherwise.
860 static inline int tomoyo_update_path_number3_acl(const u8 type
,
861 const char *filename
,
863 char *major
, char *minor
,
864 struct tomoyo_domain_info
*
866 const bool is_delete
)
868 const u8 perm
= 1 << type
;
869 struct tomoyo_acl_info
*ptr
;
870 struct tomoyo_path_number3_acl e
= {
871 .head
.type
= TOMOYO_TYPE_PATH_NUMBER3_ACL
,
874 int error
= is_delete
? -ENOENT
: -ENOMEM
;
875 if (!tomoyo_parse_name_union(filename
, &e
.name
) ||
876 !tomoyo_parse_number_union(mode
, &e
.mode
) ||
877 !tomoyo_parse_number_union(major
, &e
.major
) ||
878 !tomoyo_parse_number_union(minor
, &e
.minor
))
880 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
882 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
883 struct tomoyo_path_number3_acl
*acl
=
884 container_of(ptr
, struct tomoyo_path_number3_acl
, head
);
885 if (!tomoyo_is_same_path_number3_acl(acl
, &e
))
894 if (!is_delete
&& error
) {
895 struct tomoyo_path_number3_acl
*entry
=
896 tomoyo_commit_ok(&e
, sizeof(e
));
898 list_add_tail_rcu(&entry
->head
.list
,
899 &domain
->acl_info_list
);
903 mutex_unlock(&tomoyo_policy_lock
);
905 tomoyo_put_name_union(&e
.name
);
906 tomoyo_put_number_union(&e
.mode
);
907 tomoyo_put_number_union(&e
.major
);
908 tomoyo_put_number_union(&e
.minor
);
913 * tomoyo_update_path2_acl - Update "struct tomoyo_path2_acl" list.
915 * @type: Type of operation.
916 * @filename1: First filename.
917 * @filename2: Second filename.
918 * @domain: Pointer to "struct tomoyo_domain_info".
919 * @is_delete: True if it is a delete request.
921 * Returns 0 on success, negative value otherwise.
923 * Caller holds tomoyo_read_lock().
925 static int tomoyo_update_path2_acl(const u8 type
, const char *filename1
,
926 const char *filename2
,
927 struct tomoyo_domain_info
*const domain
,
928 const bool is_delete
)
930 const u8 perm
= 1 << type
;
931 struct tomoyo_path2_acl e
= {
932 .head
.type
= TOMOYO_TYPE_PATH2_ACL
,
935 struct tomoyo_acl_info
*ptr
;
936 int error
= is_delete
? -ENOENT
: -ENOMEM
;
940 if (!tomoyo_parse_name_union(filename1
, &e
.name1
) ||
941 !tomoyo_parse_name_union(filename2
, &e
.name2
))
943 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
945 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
946 struct tomoyo_path2_acl
*acl
=
947 container_of(ptr
, struct tomoyo_path2_acl
, head
);
948 if (!tomoyo_is_same_path2_acl(acl
, &e
))
957 if (!is_delete
&& error
) {
958 struct tomoyo_path2_acl
*entry
=
959 tomoyo_commit_ok(&e
, sizeof(e
));
961 list_add_tail_rcu(&entry
->head
.list
,
962 &domain
->acl_info_list
);
966 mutex_unlock(&tomoyo_policy_lock
);
968 tomoyo_put_name_union(&e
.name1
);
969 tomoyo_put_name_union(&e
.name2
);
974 * tomoyo_path_number3_acl - Check permission for path/number/number/number operation.
976 * @r: Pointer to "struct tomoyo_request_info".
977 * @filename: Filename to check.
979 * @mode: Create mode.
980 * @major: Device major number.
981 * @minor: Device minor number.
983 * Returns 0 on success, -EPERM otherwise.
985 * Caller holds tomoyo_read_lock().
987 static int tomoyo_path_number3_acl(struct tomoyo_request_info
*r
,
988 const struct tomoyo_path_info
*filename
,
989 const u16 perm
, const unsigned int mode
,
990 const unsigned int major
,
991 const unsigned int minor
)
993 struct tomoyo_domain_info
*domain
= r
->domain
;
994 struct tomoyo_acl_info
*ptr
;
996 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
997 struct tomoyo_path_number3_acl
*acl
;
998 if (ptr
->type
!= TOMOYO_TYPE_PATH_NUMBER3_ACL
)
1000 acl
= container_of(ptr
, struct tomoyo_path_number3_acl
, head
);
1001 if (!tomoyo_compare_number_union(mode
, &acl
->mode
))
1003 if (!tomoyo_compare_number_union(major
, &acl
->major
))
1005 if (!tomoyo_compare_number_union(minor
, &acl
->minor
))
1007 if (!(acl
->perm
& perm
))
1009 if (!tomoyo_compare_name_union(filename
, &acl
->name
))
1018 * tomoyo_path2_acl - Check permission for double path operation.
1020 * @r: Pointer to "struct tomoyo_request_info".
1021 * @type: Type of operation.
1022 * @filename1: First filename to check.
1023 * @filename2: Second filename to check.
1025 * Returns 0 on success, -EPERM otherwise.
1027 * Caller holds tomoyo_read_lock().
1029 static int tomoyo_path2_acl(const struct tomoyo_request_info
*r
, const u8 type
,
1030 const struct tomoyo_path_info
*filename1
,
1031 const struct tomoyo_path_info
*filename2
)
1033 const struct tomoyo_domain_info
*domain
= r
->domain
;
1034 struct tomoyo_acl_info
*ptr
;
1035 const u8 perm
= 1 << type
;
1038 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1039 struct tomoyo_path2_acl
*acl
;
1040 if (ptr
->type
!= TOMOYO_TYPE_PATH2_ACL
)
1042 acl
= container_of(ptr
, struct tomoyo_path2_acl
, head
);
1043 if (!(acl
->perm
& perm
))
1045 if (!tomoyo_compare_name_union(filename1
, &acl
->name1
))
1047 if (!tomoyo_compare_name_union(filename2
, &acl
->name2
))
1056 * tomoyo_path_permission - Check permission for single path operation.
1058 * @r: Pointer to "struct tomoyo_request_info".
1059 * @operation: Type of operation.
1060 * @filename: Filename to check.
1062 * Returns 0 on success, negative value otherwise.
1064 * Caller holds tomoyo_read_lock().
1066 static int tomoyo_path_permission(struct tomoyo_request_info
*r
, u8 operation
,
1067 const struct tomoyo_path_info
*filename
)
1074 error
= tomoyo_path_acl(r
, filename
, 1 << operation
, 1);
1077 msg
= tomoyo_path2keyword(operation
);
1078 tomoyo_warn_log(r
, "%s %s", msg
, filename
->name
);
1079 error
= tomoyo_supervisor(r
, "allow_%s %s\n", msg
,
1080 tomoyo_file_pattern(filename
));
1081 } while (error
== TOMOYO_RETRY_REQUEST
);
1082 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1085 * Since "allow_truncate" doesn't imply "allow_rewrite" permission,
1086 * we need to check "allow_rewrite" permission if the filename is
1087 * specified by "deny_rewrite" keyword.
1089 if (!error
&& operation
== TOMOYO_TYPE_TRUNCATE
&&
1090 tomoyo_is_no_rewrite_file(filename
)) {
1091 operation
= TOMOYO_TYPE_REWRITE
;
1098 * tomoyo_path_number_acl - Check permission for ioctl/chmod/chown/chgrp operation.
1100 * @r: Pointer to "struct tomoyo_request_info".
1102 * @filename: Filename to check.
1105 * Returns 0 on success, -EPERM otherwise.
1107 * Caller holds tomoyo_read_lock().
1109 static int tomoyo_path_number_acl(struct tomoyo_request_info
*r
, const u8 type
,
1110 const struct tomoyo_path_info
*filename
,
1111 const unsigned long number
)
1113 struct tomoyo_domain_info
*domain
= r
->domain
;
1114 struct tomoyo_acl_info
*ptr
;
1115 const u8 perm
= 1 << type
;
1117 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1118 struct tomoyo_path_number_acl
*acl
;
1119 if (ptr
->type
!= TOMOYO_TYPE_PATH_NUMBER_ACL
)
1121 acl
= container_of(ptr
, struct tomoyo_path_number_acl
,
1123 if (!(acl
->perm
& perm
) ||
1124 !tomoyo_compare_number_union(number
, &acl
->number
) ||
1125 !tomoyo_compare_name_union(filename
, &acl
->name
))
1134 * tomoyo_update_path_number_acl - Update ioctl/chmod/chown/chgrp ACL.
1136 * @type: Type of operation.
1137 * @filename: Filename.
1139 * @domain: Pointer to "struct tomoyo_domain_info".
1140 * @is_delete: True if it is a delete request.
1142 * Returns 0 on success, negative value otherwise.
1144 static inline int tomoyo_update_path_number_acl(const u8 type
,
1145 const char *filename
,
1147 struct tomoyo_domain_info
*
1149 const bool is_delete
)
1151 const u8 perm
= 1 << type
;
1152 struct tomoyo_acl_info
*ptr
;
1153 struct tomoyo_path_number_acl e
= {
1154 .head
.type
= TOMOYO_TYPE_PATH_NUMBER_ACL
,
1157 int error
= is_delete
? -ENOENT
: -ENOMEM
;
1160 if (!tomoyo_parse_name_union(filename
, &e
.name
))
1162 if (!tomoyo_parse_number_union(number
, &e
.number
))
1164 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
1166 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1167 struct tomoyo_path_number_acl
*acl
=
1168 container_of(ptr
, struct tomoyo_path_number_acl
, head
);
1169 if (!tomoyo_is_same_path_number_acl(acl
, &e
))
1178 if (!is_delete
&& error
) {
1179 struct tomoyo_path_number_acl
*entry
=
1180 tomoyo_commit_ok(&e
, sizeof(e
));
1182 list_add_tail_rcu(&entry
->head
.list
,
1183 &domain
->acl_info_list
);
1187 mutex_unlock(&tomoyo_policy_lock
);
1189 tomoyo_put_name_union(&e
.name
);
1190 tomoyo_put_number_union(&e
.number
);
1195 * tomoyo_path_number_perm2 - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1197 * @r: Pointer to "strct tomoyo_request_info".
1198 * @filename: Filename to check.
1201 * Returns 0 on success, negative value otherwise.
1203 * Caller holds tomoyo_read_lock().
1205 static int tomoyo_path_number_perm2(struct tomoyo_request_info
*r
,
1207 const struct tomoyo_path_info
*filename
,
1208 const unsigned long number
)
1218 case TOMOYO_TYPE_CREATE
:
1219 case TOMOYO_TYPE_MKDIR
:
1220 case TOMOYO_TYPE_MKFIFO
:
1221 case TOMOYO_TYPE_MKSOCK
:
1222 case TOMOYO_TYPE_CHMOD
:
1223 radix
= TOMOYO_VALUE_TYPE_OCTAL
;
1225 case TOMOYO_TYPE_IOCTL
:
1226 radix
= TOMOYO_VALUE_TYPE_HEXADECIMAL
;
1229 radix
= TOMOYO_VALUE_TYPE_DECIMAL
;
1232 tomoyo_print_ulong(buffer
, sizeof(buffer
), number
, radix
);
1234 error
= tomoyo_path_number_acl(r
, type
, filename
, number
);
1237 msg
= tomoyo_path_number2keyword(type
);
1238 tomoyo_warn_log(r
, "%s %s %s", msg
, filename
->name
, buffer
);
1239 error
= tomoyo_supervisor(r
, "allow_%s %s %s\n", msg
,
1240 tomoyo_file_pattern(filename
),
1242 } while (error
== TOMOYO_RETRY_REQUEST
);
1243 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1249 * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1251 * @type: Type of operation.
1252 * @path: Pointer to "struct path".
1255 * Returns 0 on success, negative value otherwise.
1257 int tomoyo_path_number_perm(const u8 type
, struct path
*path
,
1258 unsigned long number
)
1260 struct tomoyo_request_info r
;
1261 int error
= -ENOMEM
;
1262 struct tomoyo_path_info
*buf
;
1265 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1266 !path
->mnt
|| !path
->dentry
)
1268 idx
= tomoyo_read_lock();
1269 buf
= tomoyo_get_path(path
);
1272 if (type
== TOMOYO_TYPE_MKDIR
&& !buf
->is_dir
) {
1274 * tomoyo_get_path() reserves space for appending "/."
1276 strcat((char *) buf
->name
, "/");
1277 tomoyo_fill_path_info(buf
);
1279 error
= tomoyo_path_number_perm2(&r
, type
, buf
, number
);
1282 tomoyo_read_unlock(idx
);
1283 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1289 * tomoyo_check_exec_perm - Check permission for "execute".
1291 * @domain: Pointer to "struct tomoyo_domain_info".
1292 * @filename: Check permission for "execute".
1294 * Returns 0 on success, negativevalue otherwise.
1296 * Caller holds tomoyo_read_lock().
1298 int tomoyo_check_exec_perm(struct tomoyo_domain_info
*domain
,
1299 const struct tomoyo_path_info
*filename
)
1301 struct tomoyo_request_info r
;
1303 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
)
1305 return tomoyo_file_perm(&r
, filename
, 1);
1309 * tomoyo_check_open_permission - Check permission for "read" and "write".
1311 * @domain: Pointer to "struct tomoyo_domain_info".
1312 * @path: Pointer to "struct path".
1313 * @flag: Flags for open().
1315 * Returns 0 on success, negative value otherwise.
1317 int tomoyo_check_open_permission(struct tomoyo_domain_info
*domain
,
1318 struct path
*path
, const int flag
)
1320 const u8 acc_mode
= ACC_MODE(flag
);
1321 int error
= -ENOMEM
;
1322 struct tomoyo_path_info
*buf
;
1323 struct tomoyo_request_info r
;
1326 if (tomoyo_init_request_info(&r
, domain
) == TOMOYO_CONFIG_DISABLED
||
1331 if (path
->dentry
->d_inode
&& S_ISDIR(path
->dentry
->d_inode
->i_mode
))
1333 * I don't check directories here because mkdir() and rmdir()
1337 idx
= tomoyo_read_lock();
1338 buf
= tomoyo_get_path(path
);
1343 * If the filename is specified by "deny_rewrite" keyword,
1344 * we need to check "allow_rewrite" permission when the filename is not
1345 * opened for append mode or the filename is truncated at open time.
1347 if ((acc_mode
& MAY_WRITE
) &&
1348 ((flag
& O_TRUNC
) || !(flag
& O_APPEND
)) &&
1349 (tomoyo_is_no_rewrite_file(buf
))) {
1350 error
= tomoyo_path_permission(&r
, TOMOYO_TYPE_REWRITE
, buf
);
1353 error
= tomoyo_file_perm(&r
, buf
, acc_mode
);
1354 if (!error
&& (flag
& O_TRUNC
))
1355 error
= tomoyo_path_permission(&r
, TOMOYO_TYPE_TRUNCATE
, buf
);
1358 tomoyo_read_unlock(idx
);
1359 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1365 * tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "rewrite", "chroot" and "unmount".
1367 * @operation: Type of operation.
1368 * @path: Pointer to "struct path".
1370 * Returns 0 on success, negative value otherwise.
1372 int tomoyo_path_perm(const u8 operation
, struct path
*path
)
1374 int error
= -ENOMEM
;
1375 struct tomoyo_path_info
*buf
;
1376 struct tomoyo_request_info r
;
1379 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1382 idx
= tomoyo_read_lock();
1383 buf
= tomoyo_get_path(path
);
1386 switch (operation
) {
1387 case TOMOYO_TYPE_REWRITE
:
1388 if (!tomoyo_is_no_rewrite_file(buf
)) {
1393 case TOMOYO_TYPE_RMDIR
:
1394 case TOMOYO_TYPE_CHROOT
:
1397 * tomoyo_get_path() reserves space for appending "/."
1399 strcat((char *) buf
->name
, "/");
1400 tomoyo_fill_path_info(buf
);
1403 error
= tomoyo_path_permission(&r
, operation
, buf
);
1406 tomoyo_read_unlock(idx
);
1407 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1413 * tomoyo_path_number3_perm2 - Check permission for path/number/number/number operation.
1415 * @r: Pointer to "struct tomoyo_request_info".
1416 * @operation: Type of operation.
1417 * @filename: Filename to check.
1418 * @mode: Create mode.
1419 * @dev: Device number.
1421 * Returns 0 on success, negative value otherwise.
1423 * Caller holds tomoyo_read_lock().
1425 static int tomoyo_path_number3_perm2(struct tomoyo_request_info
*r
,
1427 const struct tomoyo_path_info
*filename
,
1428 const unsigned int mode
,
1429 const unsigned int dev
)
1433 const unsigned int major
= MAJOR(dev
);
1434 const unsigned int minor
= MINOR(dev
);
1437 error
= tomoyo_path_number3_acl(r
, filename
, 1 << operation
,
1438 mode
, major
, minor
);
1441 msg
= tomoyo_path_number32keyword(operation
);
1442 tomoyo_warn_log(r
, "%s %s 0%o %u %u", msg
, filename
->name
,
1443 mode
, major
, minor
);
1444 error
= tomoyo_supervisor(r
, "allow_%s %s 0%o %u %u\n", msg
,
1445 tomoyo_file_pattern(filename
), mode
,
1447 } while (error
== TOMOYO_RETRY_REQUEST
);
1448 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1454 * tomoyo_path_number3_perm - Check permission for "mkblock" and "mkchar".
1456 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)
1457 * @path: Pointer to "struct path".
1458 * @mode: Create mode.
1459 * @dev: Device number.
1461 * Returns 0 on success, negative value otherwise.
1463 int tomoyo_path_number3_perm(const u8 operation
, struct path
*path
,
1464 const unsigned int mode
, unsigned int dev
)
1466 struct tomoyo_request_info r
;
1467 int error
= -ENOMEM
;
1468 struct tomoyo_path_info
*buf
;
1471 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1474 idx
= tomoyo_read_lock();
1476 buf
= tomoyo_get_path(path
);
1478 error
= tomoyo_path_number3_perm2(&r
, operation
, buf
, mode
,
1479 new_decode_dev(dev
));
1482 tomoyo_read_unlock(idx
);
1483 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1489 * tomoyo_path2_perm - Check permission for "rename", "link" and "pivot_root".
1491 * @operation: Type of operation.
1492 * @path1: Pointer to "struct path".
1493 * @path2: Pointer to "struct path".
1495 * Returns 0 on success, negative value otherwise.
1497 int tomoyo_path2_perm(const u8 operation
, struct path
*path1
,
1500 int error
= -ENOMEM
;
1502 struct tomoyo_path_info
*buf1
;
1503 struct tomoyo_path_info
*buf2
;
1504 struct tomoyo_request_info r
;
1507 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1508 !path1
->mnt
|| !path2
->mnt
)
1510 idx
= tomoyo_read_lock();
1511 buf1
= tomoyo_get_path(path1
);
1512 buf2
= tomoyo_get_path(path2
);
1516 struct dentry
*dentry
= path1
->dentry
;
1517 if (dentry
->d_inode
&& S_ISDIR(dentry
->d_inode
->i_mode
)) {
1519 * tomoyo_get_path() reserves space for appending "/."
1521 if (!buf1
->is_dir
) {
1522 strcat((char *) buf1
->name
, "/");
1523 tomoyo_fill_path_info(buf1
);
1525 if (!buf2
->is_dir
) {
1526 strcat((char *) buf2
->name
, "/");
1527 tomoyo_fill_path_info(buf2
);
1532 error
= tomoyo_path2_acl(&r
, operation
, buf1
, buf2
);
1535 msg
= tomoyo_path22keyword(operation
);
1536 tomoyo_warn_log(&r
, "%s %s %s", msg
, buf1
->name
, buf2
->name
);
1537 error
= tomoyo_supervisor(&r
, "allow_%s %s %s\n", msg
,
1538 tomoyo_file_pattern(buf1
),
1539 tomoyo_file_pattern(buf2
));
1540 } while (error
== TOMOYO_RETRY_REQUEST
);
1544 tomoyo_read_unlock(idx
);
1545 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1551 * tomoyo_write_file_policy - Update file related list.
1553 * @data: String to parse.
1554 * @domain: Pointer to "struct tomoyo_domain_info".
1555 * @is_delete: True if it is a delete request.
1557 * Returns 0 on success, negative value otherwise.
1559 * Caller holds tomoyo_read_lock().
1561 int tomoyo_write_file_policy(char *data
, struct tomoyo_domain_info
*domain
,
1562 const bool is_delete
)
1566 if (!tomoyo_tokenize(data
, w
, sizeof(w
)) || !w
[1][0])
1568 if (strncmp(w
[0], "allow_", 6)) {
1570 if (sscanf(w
[0], "%u", &perm
) == 1)
1571 return tomoyo_update_file_acl((u8
) perm
, w
[1], domain
,
1576 for (type
= 0; type
< TOMOYO_MAX_PATH_OPERATION
; type
++) {
1577 if (strcmp(w
[0], tomoyo_path_keyword
[type
]))
1579 return tomoyo_update_path_acl(type
, w
[1], domain
, is_delete
);
1583 for (type
= 0; type
< TOMOYO_MAX_PATH2_OPERATION
; type
++) {
1584 if (strcmp(w
[0], tomoyo_path2_keyword
[type
]))
1586 return tomoyo_update_path2_acl(type
, w
[1], w
[2], domain
,
1589 for (type
= 0; type
< TOMOYO_MAX_PATH_NUMBER_OPERATION
; type
++) {
1590 if (strcmp(w
[0], tomoyo_path_number_keyword
[type
]))
1592 return tomoyo_update_path_number_acl(type
, w
[1], w
[2], domain
,
1595 if (!w
[3][0] || !w
[4][0])
1597 for (type
= 0; type
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
; type
++) {
1598 if (strcmp(w
[0], tomoyo_path_number3_keyword
[type
]))
1600 return tomoyo_update_path_number3_acl(type
, w
[1], w
[2], w
[3],
1601 w
[4], domain
, is_delete
);