2 * security/tomoyo/file.c
4 * Pathname restriction functions.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
10 #include <linux/slab.h>
12 /* Keyword array for operations with one pathname. */
13 static const char *tomoyo_path_keyword
[TOMOYO_MAX_PATH_OPERATION
] = {
14 [TOMOYO_TYPE_READ_WRITE
] = "read/write",
15 [TOMOYO_TYPE_EXECUTE
] = "execute",
16 [TOMOYO_TYPE_READ
] = "read",
17 [TOMOYO_TYPE_WRITE
] = "write",
18 [TOMOYO_TYPE_UNLINK
] = "unlink",
19 [TOMOYO_TYPE_RMDIR
] = "rmdir",
20 [TOMOYO_TYPE_TRUNCATE
] = "truncate",
21 [TOMOYO_TYPE_SYMLINK
] = "symlink",
22 [TOMOYO_TYPE_REWRITE
] = "rewrite",
23 [TOMOYO_TYPE_CHROOT
] = "chroot",
24 [TOMOYO_TYPE_UMOUNT
] = "unmount",
27 /* Keyword array for operations with one pathname and three numbers. */
28 static const char *tomoyo_path_number3_keyword
29 [TOMOYO_MAX_PATH_NUMBER3_OPERATION
] = {
30 [TOMOYO_TYPE_MKBLOCK
] = "mkblock",
31 [TOMOYO_TYPE_MKCHAR
] = "mkchar",
34 /* Keyword array for operations with two pathnames. */
35 static const char *tomoyo_path2_keyword
[TOMOYO_MAX_PATH2_OPERATION
] = {
36 [TOMOYO_TYPE_LINK
] = "link",
37 [TOMOYO_TYPE_RENAME
] = "rename",
38 [TOMOYO_TYPE_PIVOT_ROOT
] = "pivot_root",
41 /* Keyword array for operations with one pathname and one number. */
42 static const char *tomoyo_path_number_keyword
43 [TOMOYO_MAX_PATH_NUMBER_OPERATION
] = {
44 [TOMOYO_TYPE_CREATE
] = "create",
45 [TOMOYO_TYPE_MKDIR
] = "mkdir",
46 [TOMOYO_TYPE_MKFIFO
] = "mkfifo",
47 [TOMOYO_TYPE_MKSOCK
] = "mksock",
48 [TOMOYO_TYPE_IOCTL
] = "ioctl",
49 [TOMOYO_TYPE_CHMOD
] = "chmod",
50 [TOMOYO_TYPE_CHOWN
] = "chown",
51 [TOMOYO_TYPE_CHGRP
] = "chgrp",
54 void tomoyo_put_name_union(struct tomoyo_name_union
*ptr
)
59 tomoyo_put_path_group(ptr
->group
);
61 tomoyo_put_name(ptr
->filename
);
64 bool tomoyo_compare_name_union(const struct tomoyo_path_info
*name
,
65 const struct tomoyo_name_union
*ptr
)
68 return tomoyo_path_matches_group(name
, ptr
->group
, 1);
69 return tomoyo_path_matches_pattern(name
, ptr
->filename
);
72 static bool tomoyo_compare_name_union_pattern(const struct tomoyo_path_info
74 const struct tomoyo_name_union
75 *ptr
, const bool may_use_pattern
)
78 return tomoyo_path_matches_group(name
, ptr
->group
,
80 if (may_use_pattern
|| !ptr
->filename
->is_patterned
)
81 return tomoyo_path_matches_pattern(name
, ptr
->filename
);
85 void tomoyo_put_number_union(struct tomoyo_number_union
*ptr
)
87 if (ptr
&& ptr
->is_group
)
88 tomoyo_put_number_group(ptr
->group
);
91 bool tomoyo_compare_number_union(const unsigned long value
,
92 const struct tomoyo_number_union
*ptr
)
95 return tomoyo_number_matches_group(value
, value
, ptr
->group
);
96 return value
>= ptr
->values
[0] && value
<= ptr
->values
[1];
100 * tomoyo_path2keyword - Get the name of single path operation.
102 * @operation: Type of operation.
104 * Returns the name of single path operation.
106 const char *tomoyo_path2keyword(const u8 operation
)
108 return (operation
< TOMOYO_MAX_PATH_OPERATION
)
109 ? tomoyo_path_keyword
[operation
] : NULL
;
113 * tomoyo_path_number32keyword - Get the name of path/number/number/number operations.
115 * @operation: Type of operation.
117 * Returns the name of path/number/number/number operation.
119 const char *tomoyo_path_number32keyword(const u8 operation
)
121 return (operation
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
)
122 ? tomoyo_path_number3_keyword
[operation
] : NULL
;
126 * tomoyo_path22keyword - Get the name of double path operation.
128 * @operation: Type of operation.
130 * Returns the name of double path operation.
132 const char *tomoyo_path22keyword(const u8 operation
)
134 return (operation
< TOMOYO_MAX_PATH2_OPERATION
)
135 ? tomoyo_path2_keyword
[operation
] : NULL
;
139 * tomoyo_path_number2keyword - Get the name of path/number operations.
141 * @operation: Type of operation.
143 * Returns the name of path/number operation.
145 const char *tomoyo_path_number2keyword(const u8 operation
)
147 return (operation
< TOMOYO_MAX_PATH_NUMBER_OPERATION
)
148 ? tomoyo_path_number_keyword
[operation
] : NULL
;
151 static void tomoyo_add_slash(struct tomoyo_path_info
*buf
)
156 * This is OK because tomoyo_encode() reserves space for appending "/".
158 strcat((char *) buf
->name
, "/");
159 tomoyo_fill_path_info(buf
);
163 * tomoyo_strendswith - Check whether the token ends with the given token.
165 * @name: The token to check.
166 * @tail: The token to find.
168 * Returns true if @name ends with @tail, false otherwise.
170 static bool tomoyo_strendswith(const char *name
, const char *tail
)
176 len
= strlen(name
) - strlen(tail
);
177 return len
>= 0 && !strcmp(name
+ len
, tail
);
181 * tomoyo_get_realpath - Get realpath.
183 * @buf: Pointer to "struct tomoyo_path_info".
184 * @path: Pointer to "struct path".
186 * Returns true on success, false otherwise.
188 static bool tomoyo_get_realpath(struct tomoyo_path_info
*buf
, struct path
*path
)
190 buf
->name
= tomoyo_realpath_from_path(path
);
192 tomoyo_fill_path_info(buf
);
198 static int tomoyo_update_path2_acl(const u8 type
, const char *filename1
,
199 const char *filename2
,
200 struct tomoyo_domain_info
*const domain
,
201 const bool is_delete
);
202 static int tomoyo_update_path_acl(const u8 type
, const char *filename
,
203 struct tomoyo_domain_info
*const domain
,
204 const bool is_delete
);
207 * tomoyo_globally_readable_list is used for holding list of pathnames which
208 * are by default allowed to be open()ed for reading by any process.
210 * An entry is added by
212 * # echo 'allow_read /lib/libc-2.5.so' > \
213 * /sys/kernel/security/tomoyo/exception_policy
217 * # echo 'delete allow_read /lib/libc-2.5.so' > \
218 * /sys/kernel/security/tomoyo/exception_policy
220 * and all entries are retrieved by
222 * # grep ^allow_read /sys/kernel/security/tomoyo/exception_policy
224 * In the example above, any process is allowed to
225 * open("/lib/libc-2.5.so", O_RDONLY).
226 * One exception is, if the domain which current process belongs to is marked
227 * as "ignore_global_allow_read", current process can't do so unless explicitly
228 * given "allow_read /lib/libc-2.5.so" to the domain which current process
231 LIST_HEAD(tomoyo_globally_readable_list
);
234 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
236 * @filename: Filename unconditionally permitted to open() for reading.
237 * @is_delete: True if it is a delete request.
239 * Returns 0 on success, negative value otherwise.
241 * Caller holds tomoyo_read_lock().
243 static int tomoyo_update_globally_readable_entry(const char *filename
,
244 const bool is_delete
)
246 struct tomoyo_globally_readable_file_entry
*ptr
;
247 struct tomoyo_globally_readable_file_entry e
= { };
248 int error
= is_delete
? -ENOENT
: -ENOMEM
;
250 if (!tomoyo_is_correct_path(filename
, 1, 0, -1))
252 e
.filename
= tomoyo_get_name(filename
);
255 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
257 list_for_each_entry_rcu(ptr
, &tomoyo_globally_readable_list
, list
) {
258 if (ptr
->filename
!= e
.filename
)
260 ptr
->is_deleted
= is_delete
;
264 if (!is_delete
&& error
) {
265 struct tomoyo_globally_readable_file_entry
*entry
=
266 tomoyo_commit_ok(&e
, sizeof(e
));
268 list_add_tail_rcu(&entry
->list
,
269 &tomoyo_globally_readable_list
);
273 mutex_unlock(&tomoyo_policy_lock
);
275 tomoyo_put_name(e
.filename
);
280 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
282 * @filename: The filename to check.
284 * Returns true if any domain can open @filename for reading, false otherwise.
286 * Caller holds tomoyo_read_lock().
288 static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info
*
291 struct tomoyo_globally_readable_file_entry
*ptr
;
294 list_for_each_entry_rcu(ptr
, &tomoyo_globally_readable_list
, list
) {
295 if (!ptr
->is_deleted
&&
296 tomoyo_path_matches_pattern(filename
, ptr
->filename
)) {
305 * tomoyo_write_globally_readable_policy - Write "struct tomoyo_globally_readable_file_entry" list.
307 * @data: String to parse.
308 * @is_delete: True if it is a delete request.
310 * Returns 0 on success, negative value otherwise.
312 * Caller holds tomoyo_read_lock().
314 int tomoyo_write_globally_readable_policy(char *data
, const bool is_delete
)
316 return tomoyo_update_globally_readable_entry(data
, is_delete
);
320 * tomoyo_read_globally_readable_policy - Read "struct tomoyo_globally_readable_file_entry" list.
322 * @head: Pointer to "struct tomoyo_io_buffer".
324 * Returns true on success, false otherwise.
326 * Caller holds tomoyo_read_lock().
328 bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer
*head
)
330 struct list_head
*pos
;
333 list_for_each_cookie(pos
, head
->read_var2
,
334 &tomoyo_globally_readable_list
) {
335 struct tomoyo_globally_readable_file_entry
*ptr
;
336 ptr
= list_entry(pos
,
337 struct tomoyo_globally_readable_file_entry
,
341 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_ALLOW_READ
"%s\n",
342 ptr
->filename
->name
);
349 /* tomoyo_pattern_list is used for holding list of pathnames which are used for
350 * converting pathnames to pathname patterns during learning mode.
352 * An entry is added by
354 * # echo 'file_pattern /proc/\$/mounts' > \
355 * /sys/kernel/security/tomoyo/exception_policy
359 * # echo 'delete file_pattern /proc/\$/mounts' > \
360 * /sys/kernel/security/tomoyo/exception_policy
362 * and all entries are retrieved by
364 * # grep ^file_pattern /sys/kernel/security/tomoyo/exception_policy
366 * In the example above, if a process which belongs to a domain which is in
367 * learning mode requested open("/proc/1/mounts", O_RDONLY),
368 * "allow_read /proc/\$/mounts" is automatically added to the domain which that
369 * process belongs to.
371 * It is not a desirable behavior that we have to use /proc/\$/ instead of
372 * /proc/self/ when current process needs to access only current process's
373 * information. As of now, LSM version of TOMOYO is using __d_path() for
374 * calculating pathname. Non LSM version of TOMOYO is using its own function
375 * which pretends as if /proc/self/ is not a symlink; so that we can forbid
376 * current process from accessing other process's information.
378 LIST_HEAD(tomoyo_pattern_list
);
381 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
383 * @pattern: Pathname pattern.
384 * @is_delete: True if it is a delete request.
386 * Returns 0 on success, negative value otherwise.
388 * Caller holds tomoyo_read_lock().
390 static int tomoyo_update_file_pattern_entry(const char *pattern
,
391 const bool is_delete
)
393 struct tomoyo_pattern_entry
*ptr
;
394 struct tomoyo_pattern_entry e
= { .pattern
= tomoyo_get_name(pattern
) };
395 int error
= is_delete
? -ENOENT
: -ENOMEM
;
399 if (!e
.pattern
->is_patterned
)
401 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
403 list_for_each_entry_rcu(ptr
, &tomoyo_pattern_list
, list
) {
404 if (e
.pattern
!= ptr
->pattern
)
406 ptr
->is_deleted
= is_delete
;
410 if (!is_delete
&& error
) {
411 struct tomoyo_pattern_entry
*entry
=
412 tomoyo_commit_ok(&e
, sizeof(e
));
414 list_add_tail_rcu(&entry
->list
, &tomoyo_pattern_list
);
418 mutex_unlock(&tomoyo_policy_lock
);
420 tomoyo_put_name(e
.pattern
);
425 * tomoyo_file_pattern - Get patterned pathname.
427 * @filename: The filename to find patterned pathname.
429 * Returns pointer to pathname pattern if matched, @filename otherwise.
431 * Caller holds tomoyo_read_lock().
433 const char *tomoyo_file_pattern(const struct tomoyo_path_info
*filename
)
435 struct tomoyo_pattern_entry
*ptr
;
436 const struct tomoyo_path_info
*pattern
= NULL
;
438 list_for_each_entry_rcu(ptr
, &tomoyo_pattern_list
, list
) {
441 if (!tomoyo_path_matches_pattern(filename
, ptr
->pattern
))
443 pattern
= ptr
->pattern
;
444 if (tomoyo_strendswith(pattern
->name
, "/\\*")) {
445 /* Do nothing. Try to find the better match. */
447 /* This would be the better match. Use this. */
453 return filename
->name
;
457 * tomoyo_write_pattern_policy - Write "struct tomoyo_pattern_entry" list.
459 * @data: String to parse.
460 * @is_delete: True if it is a delete request.
462 * Returns 0 on success, negative value otherwise.
464 * Caller holds tomoyo_read_lock().
466 int tomoyo_write_pattern_policy(char *data
, const bool is_delete
)
468 return tomoyo_update_file_pattern_entry(data
, is_delete
);
472 * tomoyo_read_file_pattern - Read "struct tomoyo_pattern_entry" list.
474 * @head: Pointer to "struct tomoyo_io_buffer".
476 * Returns true on success, false otherwise.
478 * Caller holds tomoyo_read_lock().
480 bool tomoyo_read_file_pattern(struct tomoyo_io_buffer
*head
)
482 struct list_head
*pos
;
485 list_for_each_cookie(pos
, head
->read_var2
, &tomoyo_pattern_list
) {
486 struct tomoyo_pattern_entry
*ptr
;
487 ptr
= list_entry(pos
, struct tomoyo_pattern_entry
, list
);
490 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_FILE_PATTERN
491 "%s\n", ptr
->pattern
->name
);
499 * tomoyo_no_rewrite_list is used for holding list of pathnames which are by
500 * default forbidden to modify already written content of a file.
502 * An entry is added by
504 * # echo 'deny_rewrite /var/log/messages' > \
505 * /sys/kernel/security/tomoyo/exception_policy
509 * # echo 'delete deny_rewrite /var/log/messages' > \
510 * /sys/kernel/security/tomoyo/exception_policy
512 * and all entries are retrieved by
514 * # grep ^deny_rewrite /sys/kernel/security/tomoyo/exception_policy
516 * In the example above, if a process requested to rewrite /var/log/messages ,
517 * the process can't rewrite unless the domain which that process belongs to
518 * has "allow_rewrite /var/log/messages" entry.
520 * It is not a desirable behavior that we have to add "\040(deleted)" suffix
521 * when we want to allow rewriting already unlink()ed file. As of now,
522 * LSM version of TOMOYO is using __d_path() for calculating pathname.
523 * Non LSM version of TOMOYO is using its own function which doesn't append
524 * " (deleted)" suffix if the file is already unlink()ed; so that we don't
525 * need to worry whether the file is already unlink()ed or not.
527 LIST_HEAD(tomoyo_no_rewrite_list
);
530 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.
532 * @pattern: Pathname pattern that are not rewritable by default.
533 * @is_delete: True if it is a delete request.
535 * Returns 0 on success, negative value otherwise.
537 * Caller holds tomoyo_read_lock().
539 static int tomoyo_update_no_rewrite_entry(const char *pattern
,
540 const bool is_delete
)
542 struct tomoyo_no_rewrite_entry
*ptr
;
543 struct tomoyo_no_rewrite_entry e
= { };
544 int error
= is_delete
? -ENOENT
: -ENOMEM
;
546 if (!tomoyo_is_correct_path(pattern
, 0, 0, 0))
548 e
.pattern
= tomoyo_get_name(pattern
);
551 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
553 list_for_each_entry_rcu(ptr
, &tomoyo_no_rewrite_list
, list
) {
554 if (ptr
->pattern
!= e
.pattern
)
556 ptr
->is_deleted
= is_delete
;
560 if (!is_delete
&& error
) {
561 struct tomoyo_no_rewrite_entry
*entry
=
562 tomoyo_commit_ok(&e
, sizeof(e
));
564 list_add_tail_rcu(&entry
->list
,
565 &tomoyo_no_rewrite_list
);
569 mutex_unlock(&tomoyo_policy_lock
);
571 tomoyo_put_name(e
.pattern
);
576 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
578 * @filename: Filename to check.
580 * Returns true if @filename is specified by "deny_rewrite" directive,
583 * Caller holds tomoyo_read_lock().
585 static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info
*filename
)
587 struct tomoyo_no_rewrite_entry
*ptr
;
590 list_for_each_entry_rcu(ptr
, &tomoyo_no_rewrite_list
, list
) {
593 if (!tomoyo_path_matches_pattern(filename
, ptr
->pattern
))
602 * tomoyo_write_no_rewrite_policy - Write "struct tomoyo_no_rewrite_entry" list.
604 * @data: String to parse.
605 * @is_delete: True if it is a delete request.
607 * Returns 0 on success, negative value otherwise.
609 * Caller holds tomoyo_read_lock().
611 int tomoyo_write_no_rewrite_policy(char *data
, const bool is_delete
)
613 return tomoyo_update_no_rewrite_entry(data
, is_delete
);
617 * tomoyo_read_no_rewrite_policy - Read "struct tomoyo_no_rewrite_entry" list.
619 * @head: Pointer to "struct tomoyo_io_buffer".
621 * Returns true on success, false otherwise.
623 * Caller holds tomoyo_read_lock().
625 bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer
*head
)
627 struct list_head
*pos
;
630 list_for_each_cookie(pos
, head
->read_var2
, &tomoyo_no_rewrite_list
) {
631 struct tomoyo_no_rewrite_entry
*ptr
;
632 ptr
= list_entry(pos
, struct tomoyo_no_rewrite_entry
, list
);
635 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_DENY_REWRITE
636 "%s\n", ptr
->pattern
->name
);
644 * tomoyo_update_file_acl - Update file's read/write/execute ACL.
646 * @perm: Permission (between 1 to 7).
647 * @filename: Filename.
648 * @domain: Pointer to "struct tomoyo_domain_info".
649 * @is_delete: True if it is a delete request.
651 * Returns 0 on success, negative value otherwise.
653 * This is legacy support interface for older policy syntax.
654 * Current policy syntax uses "allow_read/write" instead of "6",
655 * "allow_read" instead of "4", "allow_write" instead of "2",
656 * "allow_execute" instead of "1".
658 * Caller holds tomoyo_read_lock().
660 static int tomoyo_update_file_acl(u8 perm
, const char *filename
,
661 struct tomoyo_domain_info
* const domain
,
662 const bool is_delete
)
664 if (perm
> 7 || !perm
) {
665 printk(KERN_DEBUG
"%s: Invalid permission '%d %s'\n",
666 __func__
, perm
, filename
);
669 if (filename
[0] != '@' && tomoyo_strendswith(filename
, "/"))
671 * Only 'allow_mkdir' and 'allow_rmdir' are valid for
672 * directory permissions.
676 tomoyo_update_path_acl(TOMOYO_TYPE_READ
, filename
, domain
,
679 tomoyo_update_path_acl(TOMOYO_TYPE_WRITE
, filename
, domain
,
682 tomoyo_update_path_acl(TOMOYO_TYPE_EXECUTE
, filename
, domain
,
688 * tomoyo_path_acl - Check permission for single path operation.
690 * @r: Pointer to "struct tomoyo_request_info".
691 * @filename: Filename to check.
693 * @may_use_pattern: True if patterned ACL is permitted.
695 * Returns 0 on success, -EPERM otherwise.
697 * Caller holds tomoyo_read_lock().
699 static int tomoyo_path_acl(const struct tomoyo_request_info
*r
,
700 const struct tomoyo_path_info
*filename
,
701 const u32 perm
, const bool may_use_pattern
)
703 struct tomoyo_domain_info
*domain
= r
->domain
;
704 struct tomoyo_acl_info
*ptr
;
707 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
708 struct tomoyo_path_acl
*acl
;
709 if (ptr
->type
!= TOMOYO_TYPE_PATH_ACL
)
711 acl
= container_of(ptr
, struct tomoyo_path_acl
, head
);
712 if (!(acl
->perm
& perm
) ||
713 !tomoyo_compare_name_union_pattern(filename
, &acl
->name
,
723 * tomoyo_file_perm - Check permission for opening files.
725 * @r: Pointer to "struct tomoyo_request_info".
726 * @filename: Filename to check.
727 * @mode: Mode ("read" or "write" or "read/write" or "execute").
729 * Returns 0 on success, negative value otherwise.
731 * Caller holds tomoyo_read_lock().
733 static int tomoyo_file_perm(struct tomoyo_request_info
*r
,
734 const struct tomoyo_path_info
*filename
,
737 const char *msg
= "<unknown>";
745 msg
= tomoyo_path2keyword(TOMOYO_TYPE_READ_WRITE
);
746 perm
= 1 << TOMOYO_TYPE_READ_WRITE
;
747 } else if (mode
== 4) {
748 msg
= tomoyo_path2keyword(TOMOYO_TYPE_READ
);
749 perm
= 1 << TOMOYO_TYPE_READ
;
750 } else if (mode
== 2) {
751 msg
= tomoyo_path2keyword(TOMOYO_TYPE_WRITE
);
752 perm
= 1 << TOMOYO_TYPE_WRITE
;
753 } else if (mode
== 1) {
754 msg
= tomoyo_path2keyword(TOMOYO_TYPE_EXECUTE
);
755 perm
= 1 << TOMOYO_TYPE_EXECUTE
;
759 error
= tomoyo_path_acl(r
, filename
, perm
, mode
!= 1);
760 if (error
&& mode
== 4 && !r
->domain
->ignore_global_allow_read
761 && tomoyo_is_globally_readable_file(filename
))
765 tomoyo_warn_log(r
, "%s %s", msg
, filename
->name
);
766 error
= tomoyo_supervisor(r
, "allow_%s %s\n", msg
,
767 mode
== 1 ? filename
->name
:
768 tomoyo_file_pattern(filename
));
770 * Do not retry for execute request, for alias may have
773 } while (error
== TOMOYO_RETRY_REQUEST
&& mode
!= 1);
774 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
780 * tomoyo_update_path_acl - Update "struct tomoyo_path_acl" list.
782 * @type: Type of operation.
783 * @filename: Filename.
784 * @domain: Pointer to "struct tomoyo_domain_info".
785 * @is_delete: True if it is a delete request.
787 * Returns 0 on success, negative value otherwise.
789 * Caller holds tomoyo_read_lock().
791 static int tomoyo_update_path_acl(const u8 type
, const char *filename
,
792 struct tomoyo_domain_info
*const domain
,
793 const bool is_delete
)
795 static const u16 tomoyo_rw_mask
=
796 (1 << TOMOYO_TYPE_READ
) | (1 << TOMOYO_TYPE_WRITE
);
797 const u16 perm
= 1 << type
;
798 struct tomoyo_acl_info
*ptr
;
799 struct tomoyo_path_acl e
= {
800 .head
.type
= TOMOYO_TYPE_PATH_ACL
,
803 int error
= is_delete
? -ENOENT
: -ENOMEM
;
805 if (type
== TOMOYO_TYPE_READ_WRITE
)
806 e
.perm
|= tomoyo_rw_mask
;
809 if (!tomoyo_parse_name_union(filename
, &e
.name
))
811 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
813 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
814 struct tomoyo_path_acl
*acl
=
815 container_of(ptr
, struct tomoyo_path_acl
, head
);
816 if (!tomoyo_is_same_path_acl(acl
, &e
))
820 if ((acl
->perm
& tomoyo_rw_mask
) != tomoyo_rw_mask
)
821 acl
->perm
&= ~(1 << TOMOYO_TYPE_READ_WRITE
);
822 else if (!(acl
->perm
& (1 << TOMOYO_TYPE_READ_WRITE
)))
823 acl
->perm
&= ~tomoyo_rw_mask
;
826 if ((acl
->perm
& tomoyo_rw_mask
) == tomoyo_rw_mask
)
827 acl
->perm
|= 1 << TOMOYO_TYPE_READ_WRITE
;
828 else if (acl
->perm
& (1 << TOMOYO_TYPE_READ_WRITE
))
829 acl
->perm
|= tomoyo_rw_mask
;
834 if (!is_delete
&& error
) {
835 struct tomoyo_path_acl
*entry
=
836 tomoyo_commit_ok(&e
, sizeof(e
));
838 list_add_tail_rcu(&entry
->head
.list
,
839 &domain
->acl_info_list
);
843 mutex_unlock(&tomoyo_policy_lock
);
845 tomoyo_put_name_union(&e
.name
);
850 * tomoyo_update_path_number3_acl - Update "struct tomoyo_path_number3_acl" list.
852 * @type: Type of operation.
853 * @filename: Filename.
854 * @mode: Create mode.
855 * @major: Device major number.
856 * @minor: Device minor number.
857 * @domain: Pointer to "struct tomoyo_domain_info".
858 * @is_delete: True if it is a delete request.
860 * Returns 0 on success, negative value otherwise.
862 static inline int tomoyo_update_path_number3_acl(const u8 type
,
863 const char *filename
,
865 char *major
, char *minor
,
866 struct tomoyo_domain_info
*
868 const bool is_delete
)
870 const u8 perm
= 1 << type
;
871 struct tomoyo_acl_info
*ptr
;
872 struct tomoyo_path_number3_acl e
= {
873 .head
.type
= TOMOYO_TYPE_PATH_NUMBER3_ACL
,
876 int error
= is_delete
? -ENOENT
: -ENOMEM
;
877 if (!tomoyo_parse_name_union(filename
, &e
.name
) ||
878 !tomoyo_parse_number_union(mode
, &e
.mode
) ||
879 !tomoyo_parse_number_union(major
, &e
.major
) ||
880 !tomoyo_parse_number_union(minor
, &e
.minor
))
882 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
884 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
885 struct tomoyo_path_number3_acl
*acl
=
886 container_of(ptr
, struct tomoyo_path_number3_acl
, head
);
887 if (!tomoyo_is_same_path_number3_acl(acl
, &e
))
896 if (!is_delete
&& error
) {
897 struct tomoyo_path_number3_acl
*entry
=
898 tomoyo_commit_ok(&e
, sizeof(e
));
900 list_add_tail_rcu(&entry
->head
.list
,
901 &domain
->acl_info_list
);
905 mutex_unlock(&tomoyo_policy_lock
);
907 tomoyo_put_name_union(&e
.name
);
908 tomoyo_put_number_union(&e
.mode
);
909 tomoyo_put_number_union(&e
.major
);
910 tomoyo_put_number_union(&e
.minor
);
915 * tomoyo_update_path2_acl - Update "struct tomoyo_path2_acl" list.
917 * @type: Type of operation.
918 * @filename1: First filename.
919 * @filename2: Second filename.
920 * @domain: Pointer to "struct tomoyo_domain_info".
921 * @is_delete: True if it is a delete request.
923 * Returns 0 on success, negative value otherwise.
925 * Caller holds tomoyo_read_lock().
927 static int tomoyo_update_path2_acl(const u8 type
, const char *filename1
,
928 const char *filename2
,
929 struct tomoyo_domain_info
*const domain
,
930 const bool is_delete
)
932 const u8 perm
= 1 << type
;
933 struct tomoyo_path2_acl e
= {
934 .head
.type
= TOMOYO_TYPE_PATH2_ACL
,
937 struct tomoyo_acl_info
*ptr
;
938 int error
= is_delete
? -ENOENT
: -ENOMEM
;
942 if (!tomoyo_parse_name_union(filename1
, &e
.name1
) ||
943 !tomoyo_parse_name_union(filename2
, &e
.name2
))
945 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
947 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
948 struct tomoyo_path2_acl
*acl
=
949 container_of(ptr
, struct tomoyo_path2_acl
, head
);
950 if (!tomoyo_is_same_path2_acl(acl
, &e
))
959 if (!is_delete
&& error
) {
960 struct tomoyo_path2_acl
*entry
=
961 tomoyo_commit_ok(&e
, sizeof(e
));
963 list_add_tail_rcu(&entry
->head
.list
,
964 &domain
->acl_info_list
);
968 mutex_unlock(&tomoyo_policy_lock
);
970 tomoyo_put_name_union(&e
.name1
);
971 tomoyo_put_name_union(&e
.name2
);
976 * tomoyo_path_number3_acl - Check permission for path/number/number/number operation.
978 * @r: Pointer to "struct tomoyo_request_info".
979 * @filename: Filename to check.
981 * @mode: Create mode.
982 * @major: Device major number.
983 * @minor: Device minor number.
985 * Returns 0 on success, -EPERM otherwise.
987 * Caller holds tomoyo_read_lock().
989 static int tomoyo_path_number3_acl(struct tomoyo_request_info
*r
,
990 const struct tomoyo_path_info
*filename
,
991 const u16 perm
, const unsigned int mode
,
992 const unsigned int major
,
993 const unsigned int minor
)
995 struct tomoyo_domain_info
*domain
= r
->domain
;
996 struct tomoyo_acl_info
*ptr
;
998 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
999 struct tomoyo_path_number3_acl
*acl
;
1000 if (ptr
->type
!= TOMOYO_TYPE_PATH_NUMBER3_ACL
)
1002 acl
= container_of(ptr
, struct tomoyo_path_number3_acl
, head
);
1003 if (!tomoyo_compare_number_union(mode
, &acl
->mode
))
1005 if (!tomoyo_compare_number_union(major
, &acl
->major
))
1007 if (!tomoyo_compare_number_union(minor
, &acl
->minor
))
1009 if (!(acl
->perm
& perm
))
1011 if (!tomoyo_compare_name_union(filename
, &acl
->name
))
1020 * tomoyo_path2_acl - Check permission for double path operation.
1022 * @r: Pointer to "struct tomoyo_request_info".
1023 * @type: Type of operation.
1024 * @filename1: First filename to check.
1025 * @filename2: Second filename to check.
1027 * Returns 0 on success, -EPERM otherwise.
1029 * Caller holds tomoyo_read_lock().
1031 static int tomoyo_path2_acl(const struct tomoyo_request_info
*r
, const u8 type
,
1032 const struct tomoyo_path_info
*filename1
,
1033 const struct tomoyo_path_info
*filename2
)
1035 const struct tomoyo_domain_info
*domain
= r
->domain
;
1036 struct tomoyo_acl_info
*ptr
;
1037 const u8 perm
= 1 << type
;
1040 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1041 struct tomoyo_path2_acl
*acl
;
1042 if (ptr
->type
!= TOMOYO_TYPE_PATH2_ACL
)
1044 acl
= container_of(ptr
, struct tomoyo_path2_acl
, head
);
1045 if (!(acl
->perm
& perm
))
1047 if (!tomoyo_compare_name_union(filename1
, &acl
->name1
))
1049 if (!tomoyo_compare_name_union(filename2
, &acl
->name2
))
1058 * tomoyo_path_permission - Check permission for single path operation.
1060 * @r: Pointer to "struct tomoyo_request_info".
1061 * @operation: Type of operation.
1062 * @filename: Filename to check.
1064 * Returns 0 on success, negative value otherwise.
1066 * Caller holds tomoyo_read_lock().
1068 static int tomoyo_path_permission(struct tomoyo_request_info
*r
, u8 operation
,
1069 const struct tomoyo_path_info
*filename
)
1076 error
= tomoyo_path_acl(r
, filename
, 1 << operation
, 1);
1079 msg
= tomoyo_path2keyword(operation
);
1080 tomoyo_warn_log(r
, "%s %s", msg
, filename
->name
);
1081 error
= tomoyo_supervisor(r
, "allow_%s %s\n", msg
,
1082 tomoyo_file_pattern(filename
));
1083 } while (error
== TOMOYO_RETRY_REQUEST
);
1084 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1087 * Since "allow_truncate" doesn't imply "allow_rewrite" permission,
1088 * we need to check "allow_rewrite" permission if the filename is
1089 * specified by "deny_rewrite" keyword.
1091 if (!error
&& operation
== TOMOYO_TYPE_TRUNCATE
&&
1092 tomoyo_is_no_rewrite_file(filename
)) {
1093 operation
= TOMOYO_TYPE_REWRITE
;
1100 * tomoyo_path_number_acl - Check permission for ioctl/chmod/chown/chgrp operation.
1102 * @r: Pointer to "struct tomoyo_request_info".
1104 * @filename: Filename to check.
1107 * Returns 0 on success, -EPERM otherwise.
1109 * Caller holds tomoyo_read_lock().
1111 static int tomoyo_path_number_acl(struct tomoyo_request_info
*r
, const u8 type
,
1112 const struct tomoyo_path_info
*filename
,
1113 const unsigned long number
)
1115 struct tomoyo_domain_info
*domain
= r
->domain
;
1116 struct tomoyo_acl_info
*ptr
;
1117 const u8 perm
= 1 << type
;
1119 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1120 struct tomoyo_path_number_acl
*acl
;
1121 if (ptr
->type
!= TOMOYO_TYPE_PATH_NUMBER_ACL
)
1123 acl
= container_of(ptr
, struct tomoyo_path_number_acl
,
1125 if (!(acl
->perm
& perm
) ||
1126 !tomoyo_compare_number_union(number
, &acl
->number
) ||
1127 !tomoyo_compare_name_union(filename
, &acl
->name
))
1136 * tomoyo_update_path_number_acl - Update ioctl/chmod/chown/chgrp ACL.
1138 * @type: Type of operation.
1139 * @filename: Filename.
1141 * @domain: Pointer to "struct tomoyo_domain_info".
1142 * @is_delete: True if it is a delete request.
1144 * Returns 0 on success, negative value otherwise.
1146 static inline int tomoyo_update_path_number_acl(const u8 type
,
1147 const char *filename
,
1149 struct tomoyo_domain_info
*
1151 const bool is_delete
)
1153 const u8 perm
= 1 << type
;
1154 struct tomoyo_acl_info
*ptr
;
1155 struct tomoyo_path_number_acl e
= {
1156 .head
.type
= TOMOYO_TYPE_PATH_NUMBER_ACL
,
1159 int error
= is_delete
? -ENOENT
: -ENOMEM
;
1162 if (!tomoyo_parse_name_union(filename
, &e
.name
))
1164 if (!tomoyo_parse_number_union(number
, &e
.number
))
1166 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
1168 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1169 struct tomoyo_path_number_acl
*acl
=
1170 container_of(ptr
, struct tomoyo_path_number_acl
, head
);
1171 if (!tomoyo_is_same_path_number_acl(acl
, &e
))
1180 if (!is_delete
&& error
) {
1181 struct tomoyo_path_number_acl
*entry
=
1182 tomoyo_commit_ok(&e
, sizeof(e
));
1184 list_add_tail_rcu(&entry
->head
.list
,
1185 &domain
->acl_info_list
);
1189 mutex_unlock(&tomoyo_policy_lock
);
1191 tomoyo_put_name_union(&e
.name
);
1192 tomoyo_put_number_union(&e
.number
);
1197 * tomoyo_path_number_perm2 - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1199 * @r: Pointer to "strct tomoyo_request_info".
1200 * @filename: Filename to check.
1203 * Returns 0 on success, negative value otherwise.
1205 * Caller holds tomoyo_read_lock().
1207 static int tomoyo_path_number_perm2(struct tomoyo_request_info
*r
,
1209 const struct tomoyo_path_info
*filename
,
1210 const unsigned long number
)
1220 case TOMOYO_TYPE_CREATE
:
1221 case TOMOYO_TYPE_MKDIR
:
1222 case TOMOYO_TYPE_MKFIFO
:
1223 case TOMOYO_TYPE_MKSOCK
:
1224 case TOMOYO_TYPE_CHMOD
:
1225 radix
= TOMOYO_VALUE_TYPE_OCTAL
;
1227 case TOMOYO_TYPE_IOCTL
:
1228 radix
= TOMOYO_VALUE_TYPE_HEXADECIMAL
;
1231 radix
= TOMOYO_VALUE_TYPE_DECIMAL
;
1234 tomoyo_print_ulong(buffer
, sizeof(buffer
), number
, radix
);
1236 error
= tomoyo_path_number_acl(r
, type
, filename
, number
);
1239 msg
= tomoyo_path_number2keyword(type
);
1240 tomoyo_warn_log(r
, "%s %s %s", msg
, filename
->name
, buffer
);
1241 error
= tomoyo_supervisor(r
, "allow_%s %s %s\n", msg
,
1242 tomoyo_file_pattern(filename
),
1244 } while (error
== TOMOYO_RETRY_REQUEST
);
1245 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1251 * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1253 * @type: Type of operation.
1254 * @path: Pointer to "struct path".
1257 * Returns 0 on success, negative value otherwise.
1259 int tomoyo_path_number_perm(const u8 type
, struct path
*path
,
1260 unsigned long number
)
1262 struct tomoyo_request_info r
;
1263 int error
= -ENOMEM
;
1264 struct tomoyo_path_info buf
;
1267 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1268 !path
->mnt
|| !path
->dentry
)
1270 idx
= tomoyo_read_lock();
1271 if (!tomoyo_get_realpath(&buf
, path
))
1273 if (type
== TOMOYO_TYPE_MKDIR
)
1274 tomoyo_add_slash(&buf
);
1275 error
= tomoyo_path_number_perm2(&r
, type
, &buf
, number
);
1278 tomoyo_read_unlock(idx
);
1279 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1285 * tomoyo_check_exec_perm - Check permission for "execute".
1287 * @domain: Pointer to "struct tomoyo_domain_info".
1288 * @filename: Check permission for "execute".
1290 * Returns 0 on success, negativevalue otherwise.
1292 * Caller holds tomoyo_read_lock().
1294 int tomoyo_check_exec_perm(struct tomoyo_domain_info
*domain
,
1295 const struct tomoyo_path_info
*filename
)
1297 struct tomoyo_request_info r
;
1299 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
)
1301 return tomoyo_file_perm(&r
, filename
, 1);
1305 * tomoyo_check_open_permission - Check permission for "read" and "write".
1307 * @domain: Pointer to "struct tomoyo_domain_info".
1308 * @path: Pointer to "struct path".
1309 * @flag: Flags for open().
1311 * Returns 0 on success, negative value otherwise.
1313 int tomoyo_check_open_permission(struct tomoyo_domain_info
*domain
,
1314 struct path
*path
, const int flag
)
1316 const u8 acc_mode
= ACC_MODE(flag
);
1317 int error
= -ENOMEM
;
1318 struct tomoyo_path_info buf
;
1319 struct tomoyo_request_info r
;
1322 if (tomoyo_init_request_info(&r
, domain
) == TOMOYO_CONFIG_DISABLED
||
1327 if (path
->dentry
->d_inode
&& S_ISDIR(path
->dentry
->d_inode
->i_mode
))
1329 * I don't check directories here because mkdir() and rmdir()
1333 idx
= tomoyo_read_lock();
1334 if (!tomoyo_get_realpath(&buf
, path
))
1338 * If the filename is specified by "deny_rewrite" keyword,
1339 * we need to check "allow_rewrite" permission when the filename is not
1340 * opened for append mode or the filename is truncated at open time.
1342 if ((acc_mode
& MAY_WRITE
) &&
1343 ((flag
& O_TRUNC
) || !(flag
& O_APPEND
)) &&
1344 (tomoyo_is_no_rewrite_file(&buf
))) {
1345 error
= tomoyo_path_permission(&r
, TOMOYO_TYPE_REWRITE
, &buf
);
1348 error
= tomoyo_file_perm(&r
, &buf
, acc_mode
);
1349 if (!error
&& (flag
& O_TRUNC
))
1350 error
= tomoyo_path_permission(&r
, TOMOYO_TYPE_TRUNCATE
, &buf
);
1353 tomoyo_read_unlock(idx
);
1354 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1360 * tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "rewrite", "chroot" and "unmount".
1362 * @operation: Type of operation.
1363 * @path: Pointer to "struct path".
1365 * Returns 0 on success, negative value otherwise.
1367 int tomoyo_path_perm(const u8 operation
, struct path
*path
)
1369 int error
= -ENOMEM
;
1370 struct tomoyo_path_info buf
;
1371 struct tomoyo_request_info r
;
1374 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1377 idx
= tomoyo_read_lock();
1378 if (!tomoyo_get_realpath(&buf
, path
))
1380 switch (operation
) {
1381 case TOMOYO_TYPE_REWRITE
:
1382 if (!tomoyo_is_no_rewrite_file(&buf
)) {
1387 case TOMOYO_TYPE_RMDIR
:
1388 case TOMOYO_TYPE_CHROOT
:
1389 tomoyo_add_slash(&buf
);
1392 error
= tomoyo_path_permission(&r
, operation
, &buf
);
1395 tomoyo_read_unlock(idx
);
1396 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1402 * tomoyo_path_number3_perm2 - Check permission for path/number/number/number operation.
1404 * @r: Pointer to "struct tomoyo_request_info".
1405 * @operation: Type of operation.
1406 * @filename: Filename to check.
1407 * @mode: Create mode.
1408 * @dev: Device number.
1410 * Returns 0 on success, negative value otherwise.
1412 * Caller holds tomoyo_read_lock().
1414 static int tomoyo_path_number3_perm2(struct tomoyo_request_info
*r
,
1416 const struct tomoyo_path_info
*filename
,
1417 const unsigned int mode
,
1418 const unsigned int dev
)
1422 const unsigned int major
= MAJOR(dev
);
1423 const unsigned int minor
= MINOR(dev
);
1426 error
= tomoyo_path_number3_acl(r
, filename
, 1 << operation
,
1427 mode
, major
, minor
);
1430 msg
= tomoyo_path_number32keyword(operation
);
1431 tomoyo_warn_log(r
, "%s %s 0%o %u %u", msg
, filename
->name
,
1432 mode
, major
, minor
);
1433 error
= tomoyo_supervisor(r
, "allow_%s %s 0%o %u %u\n", msg
,
1434 tomoyo_file_pattern(filename
), mode
,
1436 } while (error
== TOMOYO_RETRY_REQUEST
);
1437 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1443 * tomoyo_path_number3_perm - Check permission for "mkblock" and "mkchar".
1445 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)
1446 * @path: Pointer to "struct path".
1447 * @mode: Create mode.
1448 * @dev: Device number.
1450 * Returns 0 on success, negative value otherwise.
1452 int tomoyo_path_number3_perm(const u8 operation
, struct path
*path
,
1453 const unsigned int mode
, unsigned int dev
)
1455 struct tomoyo_request_info r
;
1456 int error
= -ENOMEM
;
1457 struct tomoyo_path_info buf
;
1460 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1463 idx
= tomoyo_read_lock();
1465 if (tomoyo_get_realpath(&buf
, path
)) {
1466 error
= tomoyo_path_number3_perm2(&r
, operation
, &buf
, mode
,
1467 new_decode_dev(dev
));
1470 tomoyo_read_unlock(idx
);
1471 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1477 * tomoyo_path2_perm - Check permission for "rename", "link" and "pivot_root".
1479 * @operation: Type of operation.
1480 * @path1: Pointer to "struct path".
1481 * @path2: Pointer to "struct path".
1483 * Returns 0 on success, negative value otherwise.
1485 int tomoyo_path2_perm(const u8 operation
, struct path
*path1
,
1488 int error
= -ENOMEM
;
1490 struct tomoyo_path_info buf1
;
1491 struct tomoyo_path_info buf2
;
1492 struct tomoyo_request_info r
;
1495 if (tomoyo_init_request_info(&r
, NULL
) == TOMOYO_CONFIG_DISABLED
||
1496 !path1
->mnt
|| !path2
->mnt
)
1500 idx
= tomoyo_read_lock();
1501 if (!tomoyo_get_realpath(&buf1
, path1
) ||
1502 !tomoyo_get_realpath(&buf2
, path2
))
1505 struct dentry
*dentry
= path1
->dentry
;
1506 if (dentry
->d_inode
&& S_ISDIR(dentry
->d_inode
->i_mode
)) {
1507 tomoyo_add_slash(&buf1
);
1508 tomoyo_add_slash(&buf2
);
1512 error
= tomoyo_path2_acl(&r
, operation
, &buf1
, &buf2
);
1515 msg
= tomoyo_path22keyword(operation
);
1516 tomoyo_warn_log(&r
, "%s %s %s", msg
, buf1
.name
, buf2
.name
);
1517 error
= tomoyo_supervisor(&r
, "allow_%s %s %s\n", msg
,
1518 tomoyo_file_pattern(&buf1
),
1519 tomoyo_file_pattern(&buf2
));
1520 } while (error
== TOMOYO_RETRY_REQUEST
);
1524 tomoyo_read_unlock(idx
);
1525 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1531 * tomoyo_write_file_policy - Update file related list.
1533 * @data: String to parse.
1534 * @domain: Pointer to "struct tomoyo_domain_info".
1535 * @is_delete: True if it is a delete request.
1537 * Returns 0 on success, negative value otherwise.
1539 * Caller holds tomoyo_read_lock().
1541 int tomoyo_write_file_policy(char *data
, struct tomoyo_domain_info
*domain
,
1542 const bool is_delete
)
1546 if (!tomoyo_tokenize(data
, w
, sizeof(w
)) || !w
[1][0])
1548 if (strncmp(w
[0], "allow_", 6)) {
1550 if (sscanf(w
[0], "%u", &perm
) == 1)
1551 return tomoyo_update_file_acl((u8
) perm
, w
[1], domain
,
1556 for (type
= 0; type
< TOMOYO_MAX_PATH_OPERATION
; type
++) {
1557 if (strcmp(w
[0], tomoyo_path_keyword
[type
]))
1559 return tomoyo_update_path_acl(type
, w
[1], domain
, is_delete
);
1563 for (type
= 0; type
< TOMOYO_MAX_PATH2_OPERATION
; type
++) {
1564 if (strcmp(w
[0], tomoyo_path2_keyword
[type
]))
1566 return tomoyo_update_path2_acl(type
, w
[1], w
[2], domain
,
1569 for (type
= 0; type
< TOMOYO_MAX_PATH_NUMBER_OPERATION
; type
++) {
1570 if (strcmp(w
[0], tomoyo_path_number_keyword
[type
]))
1572 return tomoyo_update_path_number_acl(type
, w
[1], w
[2], domain
,
1575 if (!w
[3][0] || !w
[4][0])
1577 for (type
= 0; type
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
; type
++) {
1578 if (strcmp(w
[0], tomoyo_path_number3_keyword
[type
]))
1580 return tomoyo_update_path_number3_acl(type
, w
[1], w
[2], w
[3],
1581 w
[4], domain
, is_delete
);