aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/common.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/common.c')
-rw-r--r--security/tomoyo/common.c2836
1 files changed, 1294 insertions, 1542 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index b5dbdc9ff73..ef43995119a 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -3,974 +3,424 @@
3 * 3 *
4 * Common functions for TOMOYO. 4 * Common functions for TOMOYO.
5 * 5 *
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION 6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
7 *
8 * Version: 2.2.0 2009/04/01
9 *
10 */ 7 */
11 8
12#include <linux/uaccess.h> 9#include <linux/uaccess.h>
13#include <linux/slab.h> 10#include <linux/slab.h>
14#include <linux/security.h> 11#include <linux/security.h>
15#include <linux/hardirq.h>
16#include "common.h" 12#include "common.h"
17 13
18/* Lock for protecting policy. */ 14static struct tomoyo_profile tomoyo_default_profile = {
19DEFINE_MUTEX(tomoyo_policy_lock); 15 .learning = &tomoyo_default_profile.preference,
16 .permissive = &tomoyo_default_profile.preference,
17 .enforcing = &tomoyo_default_profile.preference,
18 .preference.enforcing_verbose = true,
19 .preference.learning_max_entry = 2048,
20 .preference.learning_verbose = false,
21 .preference.permissive_verbose = true
22};
23
24/* Profile version. Currently only 20090903 is defined. */
25static unsigned int tomoyo_profile_version;
20 26
21/* Has loading policy done? */ 27/* Profile table. Memory is allocated as needed. */
22bool tomoyo_policy_loaded; 28static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES];
23 29
24/* String table for functionality that takes 4 modes. */ 30/* String table for functionality that takes 4 modes. */
25static const char *tomoyo_mode_4[4] = { 31static const char *tomoyo_mode[4] = {
26 "disabled", "learning", "permissive", "enforcing" 32 "disabled", "learning", "permissive", "enforcing"
27}; 33};
28/* String table for functionality that takes 2 modes. */
29static const char *tomoyo_mode_2[4] = {
30 "disabled", "enabled", "enabled", "enabled"
31};
32 34
33/* 35/* String table for /sys/kernel/security/tomoyo/profile */
34 * tomoyo_control_array is a static data which contains 36static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
35 * 37 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
36 * (1) functionality name used by /sys/kernel/security/tomoyo/profile . 38 [TOMOYO_MAC_FILE_EXECUTE] = "file::execute",
37 * (2) initial values for "struct tomoyo_profile". 39 [TOMOYO_MAC_FILE_OPEN] = "file::open",
38 * (3) max values for "struct tomoyo_profile". 40 [TOMOYO_MAC_FILE_CREATE] = "file::create",
39 */ 41 [TOMOYO_MAC_FILE_UNLINK] = "file::unlink",
40static struct { 42 [TOMOYO_MAC_FILE_MKDIR] = "file::mkdir",
41 const char *keyword; 43 [TOMOYO_MAC_FILE_RMDIR] = "file::rmdir",
42 unsigned int current_value; 44 [TOMOYO_MAC_FILE_MKFIFO] = "file::mkfifo",
43 const unsigned int max_value; 45 [TOMOYO_MAC_FILE_MKSOCK] = "file::mksock",
44} tomoyo_control_array[TOMOYO_MAX_CONTROL_INDEX] = { 46 [TOMOYO_MAC_FILE_TRUNCATE] = "file::truncate",
45 [TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, 47 [TOMOYO_MAC_FILE_SYMLINK] = "file::symlink",
46 [TOMOYO_MAX_ACCEPT_ENTRY] = { "MAX_ACCEPT_ENTRY", 2048, INT_MAX }, 48 [TOMOYO_MAC_FILE_REWRITE] = "file::rewrite",
47 [TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 }, 49 [TOMOYO_MAC_FILE_MKBLOCK] = "file::mkblock",
50 [TOMOYO_MAC_FILE_MKCHAR] = "file::mkchar",
51 [TOMOYO_MAC_FILE_LINK] = "file::link",
52 [TOMOYO_MAC_FILE_RENAME] = "file::rename",
53 [TOMOYO_MAC_FILE_CHMOD] = "file::chmod",
54 [TOMOYO_MAC_FILE_CHOWN] = "file::chown",
55 [TOMOYO_MAC_FILE_CHGRP] = "file::chgrp",
56 [TOMOYO_MAC_FILE_IOCTL] = "file::ioctl",
57 [TOMOYO_MAC_FILE_CHROOT] = "file::chroot",
58 [TOMOYO_MAC_FILE_MOUNT] = "file::mount",
59 [TOMOYO_MAC_FILE_UMOUNT] = "file::umount",
60 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root",
61 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file",
48}; 62};
49 63
50/*
51 * tomoyo_profile is a structure which is used for holding the mode of access
52 * controls. TOMOYO has 4 modes: disabled, learning, permissive, enforcing.
53 * An administrator can define up to 256 profiles.
54 * The ->profile of "struct tomoyo_domain_info" is used for remembering
55 * the profile's number (0 - 255) assigned to that domain.
56 */
57static struct tomoyo_profile {
58 unsigned int value[TOMOYO_MAX_CONTROL_INDEX];
59 const struct tomoyo_path_info *comment;
60} *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES];
61
62/* Permit policy management by non-root user? */ 64/* Permit policy management by non-root user? */
63static bool tomoyo_manage_by_non_root; 65static bool tomoyo_manage_by_non_root;
64 66
65/* Utility functions. */ 67/* Utility functions. */
66 68
67/* Open operation for /sys/kernel/security/tomoyo/ interface. */
68static int tomoyo_open_control(const u8 type, struct file *file);
69/* Close /sys/kernel/security/tomoyo/ interface. */
70static int tomoyo_close_control(struct file *file);
71/* Read operation for /sys/kernel/security/tomoyo/ interface. */
72static int tomoyo_read_control(struct file *file, char __user *buffer,
73 const int buffer_len);
74/* Write operation for /sys/kernel/security/tomoyo/ interface. */
75static int tomoyo_write_control(struct file *file, const char __user *buffer,
76 const int buffer_len);
77
78/** 69/**
79 * tomoyo_parse_name_union - Parse a tomoyo_name_union. 70 * tomoyo_yesno - Return "yes" or "no".
80 * 71 *
81 * @filename: Name or name group. 72 * @value: Bool value.
82 * @ptr: Pointer to "struct tomoyo_name_union".
83 *
84 * Returns true on success, false otherwise.
85 */ 73 */
86bool tomoyo_parse_name_union(const char *filename, 74static const char *tomoyo_yesno(const unsigned int value)
87 struct tomoyo_name_union *ptr)
88{ 75{
89 if (!tomoyo_is_correct_path(filename, 0, 0, 0)) 76 return value ? "yes" : "no";
90 return false;
91 if (filename[0] == '@') {
92 ptr->group = tomoyo_get_path_group(filename + 1);
93 ptr->is_group = true;
94 return ptr->group != NULL;
95 }
96 ptr->filename = tomoyo_get_name(filename);
97 ptr->is_group = false;
98 return ptr->filename != NULL;
99} 77}
100 78
101/** 79static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...)
102 * tomoyo_print_name_union - Print a tomoyo_name_union.
103 *
104 * @head: Pointer to "struct tomoyo_io_buffer".
105 * @ptr: Pointer to "struct tomoyo_name_union".
106 *
107 * Returns true on success, false otherwise.
108 */
109static bool tomoyo_print_name_union(struct tomoyo_io_buffer *head,
110 const struct tomoyo_name_union *ptr)
111{ 80{
112 int pos = head->read_avail; 81 va_list args;
113 if (pos && head->read_buf[pos - 1] == ' ') 82 const int pos = strlen(buffer);
114 head->read_avail--; 83 va_start(args, fmt);
115 if (ptr->is_group) 84 vsnprintf(buffer + pos, len - pos - 1, fmt, args);
116 return tomoyo_io_printf(head, " @%s", 85 va_end(args);
117 ptr->group->group_name->name);
118 return tomoyo_io_printf(head, " %s", ptr->filename->name);
119} 86}
120 87
121/** 88/**
122 * tomoyo_is_byte_range - Check whether the string isa \ooo style octal value. 89 * tomoyo_flush - Flush queued string to userspace's buffer.
123 *
124 * @str: Pointer to the string.
125 * 90 *
126 * Returns true if @str is a \ooo style octal value, false otherwise. 91 * @head: Pointer to "struct tomoyo_io_buffer".
127 * 92 *
128 * TOMOYO uses \ooo style representation for 0x01 - 0x20 and 0x7F - 0xFF. 93 * Returns true if all data was flushed, false otherwise.
129 * This function verifies that \ooo is in valid range.
130 */ 94 */
131static inline bool tomoyo_is_byte_range(const char *str) 95static bool tomoyo_flush(struct tomoyo_io_buffer *head)
132{ 96{
133 return *str >= '0' && *str++ <= '3' && 97 while (head->r.w_pos) {
134 *str >= '0' && *str++ <= '7' && 98 const char *w = head->r.w[0];
135 *str >= '0' && *str <= '7'; 99 int len = strlen(w);
100 if (len) {
101 if (len > head->read_user_buf_avail)
102 len = head->read_user_buf_avail;
103 if (!len)
104 return false;
105 if (copy_to_user(head->read_user_buf, w, len))
106 return false;
107 head->read_user_buf_avail -= len;
108 head->read_user_buf += len;
109 w += len;
110 }
111 if (*w) {
112 head->r.w[0] = w;
113 return false;
114 }
115 /* Add '\0' for query. */
116 if (head->poll) {
117 if (!head->read_user_buf_avail ||
118 copy_to_user(head->read_user_buf, "", 1))
119 return false;
120 head->read_user_buf_avail--;
121 head->read_user_buf++;
122 }
123 head->r.w_pos--;
124 for (len = 0; len < head->r.w_pos; len++)
125 head->r.w[len] = head->r.w[len + 1];
126 }
127 head->r.avail = 0;
128 return true;
136} 129}
137 130
138/** 131/**
139 * tomoyo_is_alphabet_char - Check whether the character is an alphabet. 132 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure.
140 * 133 *
141 * @c: The character to check. 134 * @head: Pointer to "struct tomoyo_io_buffer".
135 * @string: String to print.
142 * 136 *
143 * Returns true if @c is an alphabet character, false otherwise. 137 * Note that @string has to be kept valid until @head is kfree()d.
138 * This means that char[] allocated on stack memory cannot be passed to
139 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory.
144 */ 140 */
145static inline bool tomoyo_is_alphabet_char(const char c) 141static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string)
146{ 142{
147 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z'); 143 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) {
144 head->r.w[head->r.w_pos++] = string;
145 tomoyo_flush(head);
146 } else
147 WARN_ON(1);
148} 148}
149 149
150/** 150/**
151 * tomoyo_make_byte - Make byte value from three octal characters. 151 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure.
152 * 152 *
153 * @c1: The first character. 153 * @head: Pointer to "struct tomoyo_io_buffer".
154 * @c2: The second character. 154 * @fmt: The printf()'s format string, followed by parameters.
155 * @c3: The third character.
156 *
157 * Returns byte value.
158 */ 155 */
159static inline u8 tomoyo_make_byte(const u8 c1, const u8 c2, const u8 c3) 156void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
160{ 157{
161 return ((c1 - '0') << 6) + ((c2 - '0') << 3) + (c3 - '0'); 158 va_list args;
159 int len;
160 int pos = head->r.avail;
161 int size = head->readbuf_size - pos;
162 if (size <= 0)
163 return;
164 va_start(args, fmt);
165 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
166 va_end(args);
167 if (pos + len >= head->readbuf_size) {
168 WARN_ON(1);
169 return;
170 }
171 head->r.avail += len;
172 tomoyo_set_string(head, head->read_buf + pos);
162} 173}
163 174
164/** 175static void tomoyo_set_space(struct tomoyo_io_buffer *head)
165 * tomoyo_str_starts - Check whether the given string starts with the given keyword.
166 *
167 * @src: Pointer to pointer to the string.
168 * @find: Pointer to the keyword.
169 *
170 * Returns true if @src starts with @find, false otherwise.
171 *
172 * The @src is updated to point the first character after the @find
173 * if @src starts with @find.
174 */
175static bool tomoyo_str_starts(char **src, const char *find)
176{ 176{
177 const int len = strlen(find); 177 tomoyo_set_string(head, " ");
178 char *tmp = *src;
179
180 if (strncmp(tmp, find, len))
181 return false;
182 tmp += len;
183 *src = tmp;
184 return true;
185} 178}
186 179
187/** 180static bool tomoyo_set_lf(struct tomoyo_io_buffer *head)
188 * tomoyo_normalize_line - Format string.
189 *
190 * @buffer: The line to normalize.
191 *
192 * Leading and trailing whitespaces are removed.
193 * Multiple whitespaces are packed into single space.
194 *
195 * Returns nothing.
196 */
197static void tomoyo_normalize_line(unsigned char *buffer)
198{ 181{
199 unsigned char *sp = buffer; 182 tomoyo_set_string(head, "\n");
200 unsigned char *dp = buffer; 183 return !head->r.w_pos;
201 bool first = true;
202
203 while (tomoyo_is_invalid(*sp))
204 sp++;
205 while (*sp) {
206 if (!first)
207 *dp++ = ' ';
208 first = false;
209 while (tomoyo_is_valid(*sp))
210 *dp++ = *sp++;
211 while (tomoyo_is_invalid(*sp))
212 sp++;
213 }
214 *dp = '\0';
215} 184}
216 185
217/** 186/**
218 * tomoyo_tokenize - Tokenize string. 187 * tomoyo_print_name_union - Print a tomoyo_name_union.
219 *
220 * @buffer: The line to tokenize.
221 * @w: Pointer to "char *".
222 * @size: Sizeof @w .
223 * 188 *
224 * Returns true on success, false otherwise. 189 * @head: Pointer to "struct tomoyo_io_buffer".
190 * @ptr: Pointer to "struct tomoyo_name_union".
225 */ 191 */
226bool tomoyo_tokenize(char *buffer, char *w[], size_t size) 192static void tomoyo_print_name_union(struct tomoyo_io_buffer *head,
193 const struct tomoyo_name_union *ptr)
227{ 194{
228 int count = size / sizeof(char *); 195 tomoyo_set_space(head);
229 int i; 196 if (ptr->is_group) {
230 for (i = 0; i < count; i++) 197 tomoyo_set_string(head, "@");
231 w[i] = ""; 198 tomoyo_set_string(head, ptr->group->group_name->name);
232 for (i = 0; i < count; i++) { 199 } else {
233 char *cp = strchr(buffer, ' '); 200 tomoyo_set_string(head, ptr->filename->name);
234 if (cp)
235 *cp = '\0';
236 w[i] = buffer;
237 if (!cp)
238 break;
239 buffer = cp + 1;
240 } 201 }
241 return i < count || !*buffer;
242} 202}
243 203
244/** 204/**
245 * tomoyo_is_correct_path - Validate a pathname. 205 * tomoyo_print_number_union - Print a tomoyo_number_union.
246 * @filename: The pathname to check. 206 *
247 * @start_type: Should the pathname start with '/'? 207 * @head: Pointer to "struct tomoyo_io_buffer".
248 * 1 = must / -1 = must not / 0 = don't care 208 * @ptr: Pointer to "struct tomoyo_number_union".
249 * @pattern_type: Can the pathname contain a wildcard?
250 * 1 = must / -1 = must not / 0 = don't care
251 * @end_type: Should the pathname end with '/'?
252 * 1 = must / -1 = must not / 0 = don't care
253 *
254 * Check whether the given filename follows the naming rules.
255 * Returns true if @filename follows the naming rules, false otherwise.
256 */ 209 */
257bool tomoyo_is_correct_path(const char *filename, const s8 start_type, 210static void tomoyo_print_number_union(struct tomoyo_io_buffer *head,
258 const s8 pattern_type, const s8 end_type) 211 const struct tomoyo_number_union *ptr)
259{ 212{
260 const char *const start = filename; 213 tomoyo_set_space(head);
261 bool in_repetition = false; 214 if (ptr->is_group) {
262 bool contains_pattern = false; 215 tomoyo_set_string(head, "@");
263 unsigned char c; 216 tomoyo_set_string(head, ptr->group->group_name->name);
264 unsigned char d; 217 } else {
265 unsigned char e; 218 int i;
266 219 unsigned long min = ptr->values[0];
267 if (!filename) 220 const unsigned long max = ptr->values[1];
268 goto out; 221 u8 min_type = ptr->min_type;
269 c = *filename; 222 const u8 max_type = ptr->max_type;
270 if (start_type == 1) { /* Must start with '/' */ 223 char buffer[128];
271 if (c != '/') 224 buffer[0] = '\0';
272 goto out; 225 for (i = 0; i < 2; i++) {
273 } else if (start_type == -1) { /* Must not start with '/' */ 226 switch (min_type) {
274 if (c == '/') 227 case TOMOYO_VALUE_TYPE_HEXADECIMAL:
275 goto out; 228 tomoyo_addprintf(buffer, sizeof(buffer),
276 } 229 "0x%lX", min);
277 if (c) 230 break;
278 c = *(filename + strlen(filename) - 1); 231 case TOMOYO_VALUE_TYPE_OCTAL:
279 if (end_type == 1) { /* Must end with '/' */ 232 tomoyo_addprintf(buffer, sizeof(buffer),
280 if (c != '/') 233 "0%lo", min);
281 goto out; 234 break;
282 } else if (end_type == -1) { /* Must not end with '/' */ 235 default:
283 if (c == '/') 236 tomoyo_addprintf(buffer, sizeof(buffer),
284 goto out; 237 "%lu", min);
285 } 238 break;
286 while (1) {
287 c = *filename++;
288 if (!c)
289 break;
290 if (c == '\\') {
291 c = *filename++;
292 switch (c) {
293 case '\\': /* "\\" */
294 continue;
295 case '$': /* "\$" */
296 case '+': /* "\+" */
297 case '?': /* "\?" */
298 case '*': /* "\*" */
299 case '@': /* "\@" */
300 case 'x': /* "\x" */
301 case 'X': /* "\X" */
302 case 'a': /* "\a" */
303 case 'A': /* "\A" */
304 case '-': /* "\-" */
305 if (pattern_type == -1)
306 break; /* Must not contain pattern */
307 contains_pattern = true;
308 continue;
309 case '{': /* "/\{" */
310 if (filename - 3 < start ||
311 *(filename - 3) != '/')
312 break;
313 if (pattern_type == -1)
314 break; /* Must not contain pattern */
315 contains_pattern = true;
316 in_repetition = true;
317 continue;
318 case '}': /* "\}/" */
319 if (*filename != '/')
320 break;
321 if (!in_repetition)
322 break;
323 in_repetition = false;
324 continue;
325 case '0': /* "\ooo" */
326 case '1':
327 case '2':
328 case '3':
329 d = *filename++;
330 if (d < '0' || d > '7')
331 break;
332 e = *filename++;
333 if (e < '0' || e > '7')
334 break;
335 c = tomoyo_make_byte(c, d, e);
336 if (tomoyo_is_invalid(c))
337 continue; /* pattern is not \000 */
338 } 239 }
339 goto out; 240 if (min == max && min_type == max_type)
340 } else if (in_repetition && c == '/') { 241 break;
341 goto out; 242 tomoyo_addprintf(buffer, sizeof(buffer), "-");
342 } else if (tomoyo_is_invalid(c)) { 243 min_type = max_type;
343 goto out; 244 min = max;
344 } 245 }
246 tomoyo_io_printf(head, "%s", buffer);
345 } 247 }
346 if (pattern_type == 1) { /* Must contain pattern */
347 if (!contains_pattern)
348 goto out;
349 }
350 if (in_repetition)
351 goto out;
352 return true;
353 out:
354 return false;
355} 248}
356 249
357/** 250/**
358 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules. 251 * tomoyo_assign_profile - Create a new profile.
359 * @domainname: The domainname to check.
360 * 252 *
361 * Returns true if @domainname follows the naming rules, false otherwise. 253 * @profile: Profile number to create.
254 *
255 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
362 */ 256 */
363bool tomoyo_is_correct_domain(const unsigned char *domainname) 257static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile)
364{ 258{
365 unsigned char c; 259 struct tomoyo_profile *ptr;
366 unsigned char d; 260 struct tomoyo_profile *entry;
367 unsigned char e; 261 if (profile >= TOMOYO_MAX_PROFILES)
368 262 return NULL;
369 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, 263 ptr = tomoyo_profile_ptr[profile];
370 TOMOYO_ROOT_NAME_LEN)) 264 if (ptr)
265 return ptr;
266 entry = kzalloc(sizeof(*entry), GFP_NOFS);
267 if (mutex_lock_interruptible(&tomoyo_policy_lock))
371 goto out; 268 goto out;
372 domainname += TOMOYO_ROOT_NAME_LEN; 269 ptr = tomoyo_profile_ptr[profile];
373 if (!*domainname) 270 if (!ptr && tomoyo_memory_ok(entry)) {
374 return true; 271 ptr = entry;
375 do { 272 ptr->learning = &tomoyo_default_profile.preference;
376 if (*domainname++ != ' ') 273 ptr->permissive = &tomoyo_default_profile.preference;
377 goto out; 274 ptr->enforcing = &tomoyo_default_profile.preference;
378 if (*domainname++ != '/') 275 ptr->default_config = TOMOYO_CONFIG_DISABLED;
379 goto out; 276 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT,
380 while ((c = *domainname) != '\0' && c != ' ') { 277 sizeof(ptr->config));
381 domainname++; 278 mb(); /* Avoid out-of-order execution. */
382 if (c == '\\') { 279 tomoyo_profile_ptr[profile] = ptr;
383 c = *domainname++; 280 entry = NULL;
384 switch ((c)) { 281 }
385 case '\\': /* "\\" */ 282 mutex_unlock(&tomoyo_policy_lock);
386 continue;
387 case '0': /* "\ooo" */
388 case '1':
389 case '2':
390 case '3':
391 d = *domainname++;
392 if (d < '0' || d > '7')
393 break;
394 e = *domainname++;
395 if (e < '0' || e > '7')
396 break;
397 c = tomoyo_make_byte(c, d, e);
398 if (tomoyo_is_invalid(c))
399 /* pattern is not \000 */
400 continue;
401 }
402 goto out;
403 } else if (tomoyo_is_invalid(c)) {
404 goto out;
405 }
406 }
407 } while (*domainname);
408 return true;
409 out: 283 out:
410 return false; 284 kfree(entry);
285 return ptr;
411} 286}
412 287
413/** 288/**
414 * tomoyo_is_domain_def - Check whether the given token can be a domainname. 289 * tomoyo_profile - Find a profile.
415 * 290 *
416 * @buffer: The token to check. 291 * @profile: Profile number to find.
417 * 292 *
418 * Returns true if @buffer possibly be a domainname, false otherwise. 293 * Returns pointer to "struct tomoyo_profile".
419 */ 294 */
420bool tomoyo_is_domain_def(const unsigned char *buffer) 295struct tomoyo_profile *tomoyo_profile(const u8 profile)
421{ 296{
422 return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); 297 struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile];
298 if (!tomoyo_policy_loaded)
299 return &tomoyo_default_profile;
300 BUG_ON(!ptr);
301 return ptr;
423} 302}
424 303
425/** 304static s8 tomoyo_find_yesno(const char *string, const char *find)
426 * tomoyo_find_domain - Find a domain by the given name.
427 *
428 * @domainname: The domainname to find.
429 *
430 * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise.
431 *
432 * Caller holds tomoyo_read_lock().
433 */
434struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname)
435{ 305{
436 struct tomoyo_domain_info *domain; 306 const char *cp = strstr(string, find);
437 struct tomoyo_path_info name; 307 if (cp) {
438 308 cp += strlen(find);
439 name.name = domainname; 309 if (!strncmp(cp, "=yes", 4))
440 tomoyo_fill_path_info(&name); 310 return 1;
441 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 311 else if (!strncmp(cp, "=no", 3))
442 if (!domain->is_deleted && 312 return 0;
443 !tomoyo_pathcmp(&name, domain->domainname))
444 return domain;
445 } 313 }
446 return NULL; 314 return -1;
447} 315}
448 316
449/** 317static void tomoyo_set_bool(bool *b, const char *string, const char *find)
450 * tomoyo_const_part_length - Evaluate the initial length without a pattern in a token.
451 *
452 * @filename: The string to evaluate.
453 *
454 * Returns the initial length without a pattern in @filename.
455 */
456static int tomoyo_const_part_length(const char *filename)
457{ 318{
458 char c; 319 switch (tomoyo_find_yesno(string, find)) {
459 int len = 0; 320 case 1:
460 321 *b = true;
461 if (!filename) 322 break;
462 return 0; 323 case 0:
463 while ((c = *filename++) != '\0') { 324 *b = false;
464 if (c != '\\') {
465 len++;
466 continue;
467 }
468 c = *filename++;
469 switch (c) {
470 case '\\': /* "\\" */
471 len += 2;
472 continue;
473 case '0': /* "\ooo" */
474 case '1':
475 case '2':
476 case '3':
477 c = *filename++;
478 if (c < '0' || c > '7')
479 break;
480 c = *filename++;
481 if (c < '0' || c > '7')
482 break;
483 len += 4;
484 continue;
485 }
486 break; 325 break;
487 } 326 }
488 return len;
489} 327}
490 328
491/** 329static void tomoyo_set_uint(unsigned int *i, const char *string,
492 * tomoyo_fill_path_info - Fill in "struct tomoyo_path_info" members. 330 const char *find)
493 *
494 * @ptr: Pointer to "struct tomoyo_path_info" to fill in.
495 *
496 * The caller sets "struct tomoyo_path_info"->name.
497 */
498void tomoyo_fill_path_info(struct tomoyo_path_info *ptr)
499{ 331{
500 const char *name = ptr->name; 332 const char *cp = strstr(string, find);
501 const int len = strlen(name); 333 if (cp)
502 334 sscanf(cp + strlen(find), "=%u", i);
503 ptr->const_len = tomoyo_const_part_length(name);
504 ptr->is_dir = len && (name[len - 1] == '/');
505 ptr->is_patterned = (ptr->const_len < len);
506 ptr->hash = full_name_hash(name, len);
507} 335}
508 336
509/** 337static void tomoyo_set_pref(const char *name, const char *value,
510 * tomoyo_file_matches_pattern2 - Pattern matching without '/' character 338 const bool use_default,
511 * and "\-" pattern. 339 struct tomoyo_profile *profile)
512 *
513 * @filename: The start of string to check.
514 * @filename_end: The end of string to check.
515 * @pattern: The start of pattern to compare.
516 * @pattern_end: The end of pattern to compare.
517 *
518 * Returns true if @filename matches @pattern, false otherwise.
519 */
520static bool tomoyo_file_matches_pattern2(const char *filename,
521 const char *filename_end,
522 const char *pattern,
523 const char *pattern_end)
524{ 340{
525 while (filename < filename_end && pattern < pattern_end) { 341 struct tomoyo_preference **pref;
526 char c; 342 bool *verbose;
527 if (*pattern != '\\') { 343 if (!strcmp(name, "enforcing")) {
528 if (*filename++ != *pattern++) 344 if (use_default) {
529 return false; 345 pref = &profile->enforcing;
530 continue; 346 goto set_default;
531 } 347 }
532 c = *filename; 348 profile->enforcing = &profile->preference;
533 pattern++; 349 verbose = &profile->preference.enforcing_verbose;
534 switch (*pattern) { 350 goto set_verbose;
535 int i;
536 int j;
537 case '?':
538 if (c == '/') {
539 return false;
540 } else if (c == '\\') {
541 if (filename[1] == '\\')
542 filename++;
543 else if (tomoyo_is_byte_range(filename + 1))
544 filename += 3;
545 else
546 return false;
547 }
548 break;
549 case '\\':
550 if (c != '\\')
551 return false;
552 if (*++filename != '\\')
553 return false;
554 break;
555 case '+':
556 if (!isdigit(c))
557 return false;
558 break;
559 case 'x':
560 if (!isxdigit(c))
561 return false;
562 break;
563 case 'a':
564 if (!tomoyo_is_alphabet_char(c))
565 return false;
566 break;
567 case '0':
568 case '1':
569 case '2':
570 case '3':
571 if (c == '\\' && tomoyo_is_byte_range(filename + 1)
572 && strncmp(filename + 1, pattern, 3) == 0) {
573 filename += 3;
574 pattern += 2;
575 break;
576 }
577 return false; /* Not matched. */
578 case '*':
579 case '@':
580 for (i = 0; i <= filename_end - filename; i++) {
581 if (tomoyo_file_matches_pattern2(
582 filename + i, filename_end,
583 pattern + 1, pattern_end))
584 return true;
585 c = filename[i];
586 if (c == '.' && *pattern == '@')
587 break;
588 if (c != '\\')
589 continue;
590 if (filename[i + 1] == '\\')
591 i++;
592 else if (tomoyo_is_byte_range(filename + i + 1))
593 i += 3;
594 else
595 break; /* Bad pattern. */
596 }
597 return false; /* Not matched. */
598 default:
599 j = 0;
600 c = *pattern;
601 if (c == '$') {
602 while (isdigit(filename[j]))
603 j++;
604 } else if (c == 'X') {
605 while (isxdigit(filename[j]))
606 j++;
607 } else if (c == 'A') {
608 while (tomoyo_is_alphabet_char(filename[j]))
609 j++;
610 }
611 for (i = 1; i <= j; i++) {
612 if (tomoyo_file_matches_pattern2(
613 filename + i, filename_end,
614 pattern + 1, pattern_end))
615 return true;
616 }
617 return false; /* Not matched or bad pattern. */
618 }
619 filename++;
620 pattern++;
621 }
622 while (*pattern == '\\' &&
623 (*(pattern + 1) == '*' || *(pattern + 1) == '@'))
624 pattern += 2;
625 return filename == filename_end && pattern == pattern_end;
626}
627
628/**
629 * tomoyo_file_matches_pattern - Pattern matching without without '/' character.
630 *
631 * @filename: The start of string to check.
632 * @filename_end: The end of string to check.
633 * @pattern: The start of pattern to compare.
634 * @pattern_end: The end of pattern to compare.
635 *
636 * Returns true if @filename matches @pattern, false otherwise.
637 */
638static bool tomoyo_file_matches_pattern(const char *filename,
639 const char *filename_end,
640 const char *pattern,
641 const char *pattern_end)
642{
643 const char *pattern_start = pattern;
644 bool first = true;
645 bool result;
646
647 while (pattern < pattern_end - 1) {
648 /* Split at "\-" pattern. */
649 if (*pattern++ != '\\' || *pattern++ != '-')
650 continue;
651 result = tomoyo_file_matches_pattern2(filename,
652 filename_end,
653 pattern_start,
654 pattern - 2);
655 if (first)
656 result = !result;
657 if (result)
658 return false;
659 first = false;
660 pattern_start = pattern;
661 } 351 }
662 result = tomoyo_file_matches_pattern2(filename, filename_end, 352 if (!strcmp(name, "permissive")) {
663 pattern_start, pattern_end); 353 if (use_default) {
664 return first ? result : !result; 354 pref = &profile->permissive;
665} 355 goto set_default;
666 356 }
667/** 357 profile->permissive = &profile->preference;
668 * tomoyo_path_matches_pattern2 - Do pathname pattern matching. 358 verbose = &profile->preference.permissive_verbose;
669 * 359 goto set_verbose;
670 * @f: The start of string to check.
671 * @p: The start of pattern to compare.
672 *
673 * Returns true if @f matches @p, false otherwise.
674 */
675static bool tomoyo_path_matches_pattern2(const char *f, const char *p)
676{
677 const char *f_delimiter;
678 const char *p_delimiter;
679
680 while (*f && *p) {
681 f_delimiter = strchr(f, '/');
682 if (!f_delimiter)
683 f_delimiter = f + strlen(f);
684 p_delimiter = strchr(p, '/');
685 if (!p_delimiter)
686 p_delimiter = p + strlen(p);
687 if (*p == '\\' && *(p + 1) == '{')
688 goto recursive;
689 if (!tomoyo_file_matches_pattern(f, f_delimiter, p,
690 p_delimiter))
691 return false;
692 f = f_delimiter;
693 if (*f)
694 f++;
695 p = p_delimiter;
696 if (*p)
697 p++;
698 } 360 }
699 /* Ignore trailing "\*" and "\@" in @pattern. */ 361 if (!strcmp(name, "learning")) {
700 while (*p == '\\' && 362 if (use_default) {
701 (*(p + 1) == '*' || *(p + 1) == '@')) 363 pref = &profile->learning;
702 p += 2; 364 goto set_default;
703 return !*f && !*p;
704 recursive:
705 /*
706 * The "\{" pattern is permitted only after '/' character.
707 * This guarantees that below "*(p - 1)" is safe.
708 * Also, the "\}" pattern is permitted only before '/' character
709 * so that "\{" + "\}" pair will not break the "\-" operator.
710 */
711 if (*(p - 1) != '/' || p_delimiter <= p + 3 || *p_delimiter != '/' ||
712 *(p_delimiter - 1) != '}' || *(p_delimiter - 2) != '\\')
713 return false; /* Bad pattern. */
714 do {
715 /* Compare current component with pattern. */
716 if (!tomoyo_file_matches_pattern(f, f_delimiter, p + 2,
717 p_delimiter - 2))
718 break;
719 /* Proceed to next component. */
720 f = f_delimiter;
721 if (!*f)
722 break;
723 f++;
724 /* Continue comparison. */
725 if (tomoyo_path_matches_pattern2(f, p_delimiter + 1))
726 return true;
727 f_delimiter = strchr(f, '/');
728 } while (f_delimiter);
729 return false; /* Not matched. */
730}
731
732/**
733 * tomoyo_path_matches_pattern - Check whether the given filename matches the given pattern.
734 *
735 * @filename: The filename to check.
736 * @pattern: The pattern to compare.
737 *
738 * Returns true if matches, false otherwise.
739 *
740 * The following patterns are available.
741 * \\ \ itself.
742 * \ooo Octal representation of a byte.
743 * \* Zero or more repetitions of characters other than '/'.
744 * \@ Zero or more repetitions of characters other than '/' or '.'.
745 * \? 1 byte character other than '/'.
746 * \$ One or more repetitions of decimal digits.
747 * \+ 1 decimal digit.
748 * \X One or more repetitions of hexadecimal digits.
749 * \x 1 hexadecimal digit.
750 * \A One or more repetitions of alphabet characters.
751 * \a 1 alphabet character.
752 *
753 * \- Subtraction operator.
754 *
755 * /\{dir\}/ '/' + 'One or more repetitions of dir/' (e.g. /dir/ /dir/dir/
756 * /dir/dir/dir/ ).
757 */
758bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
759 const struct tomoyo_path_info *pattern)
760{
761 const char *f = filename->name;
762 const char *p = pattern->name;
763 const int len = pattern->const_len;
764
765 /* If @pattern doesn't contain pattern, I can use strcmp(). */
766 if (!pattern->is_patterned)
767 return !tomoyo_pathcmp(filename, pattern);
768 /* Don't compare directory and non-directory. */
769 if (filename->is_dir != pattern->is_dir)
770 return false;
771 /* Compare the initial length without patterns. */
772 if (strncmp(f, p, len))
773 return false;
774 f += len;
775 p += len;
776 return tomoyo_path_matches_pattern2(f, p);
777}
778
779/**
780 * tomoyo_io_printf - Transactional printf() to "struct tomoyo_io_buffer" structure.
781 *
782 * @head: Pointer to "struct tomoyo_io_buffer".
783 * @fmt: The printf()'s format string, followed by parameters.
784 *
785 * Returns true if output was written, false otherwise.
786 *
787 * The snprintf() will truncate, but tomoyo_io_printf() won't.
788 */
789bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
790{
791 va_list args;
792 int len;
793 int pos = head->read_avail;
794 int size = head->readbuf_size - pos;
795
796 if (size <= 0)
797 return false;
798 va_start(args, fmt);
799 len = vsnprintf(head->read_buf + pos, size, fmt, args);
800 va_end(args);
801 if (pos + len >= head->readbuf_size)
802 return false;
803 head->read_avail += len;
804 return true;
805}
806
807/**
808 * tomoyo_get_exe - Get tomoyo_realpath() of current process.
809 *
810 * Returns the tomoyo_realpath() of current process on success, NULL otherwise.
811 *
812 * This function uses kzalloc(), so the caller must call kfree()
813 * if this function didn't return NULL.
814 */
815static const char *tomoyo_get_exe(void)
816{
817 struct mm_struct *mm = current->mm;
818 struct vm_area_struct *vma;
819 const char *cp = NULL;
820
821 if (!mm)
822 return NULL;
823 down_read(&mm->mmap_sem);
824 for (vma = mm->mmap; vma; vma = vma->vm_next) {
825 if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {
826 cp = tomoyo_realpath_from_path(&vma->vm_file->f_path);
827 break;
828 } 365 }
366 profile->learning = &profile->preference;
367 tomoyo_set_uint(&profile->preference.learning_max_entry, value,
368 "max_entry");
369 verbose = &profile->preference.learning_verbose;
370 goto set_verbose;
829 } 371 }
830 up_read(&mm->mmap_sem); 372 return;
831 return cp; 373 set_default:
374 *pref = &tomoyo_default_profile.preference;
375 return;
376 set_verbose:
377 tomoyo_set_bool(verbose, value, "verbose");
832} 378}
833 379
834/** 380static int tomoyo_set_mode(char *name, const char *value,
835 * tomoyo_get_msg - Get warning message. 381 const bool use_default,
836 * 382 struct tomoyo_profile *profile)
837 * @is_enforce: Is it enforcing mode?
838 *
839 * Returns "ERROR" or "WARNING".
840 */
841const char *tomoyo_get_msg(const bool is_enforce)
842{ 383{
843 if (is_enforce) 384 u8 i;
844 return "ERROR"; 385 u8 config;
845 else 386 if (!strcmp(name, "CONFIG")) {
846 return "WARNING"; 387 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX;
847} 388 config = profile->default_config;
848 389 } else if (tomoyo_str_starts(&name, "CONFIG::")) {
849/** 390 config = 0;
850 * tomoyo_check_flags - Check mode for specified functionality. 391 for (i = 0; i < TOMOYO_MAX_MAC_INDEX
851 * 392 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) {
852 * @domain: Pointer to "struct tomoyo_domain_info". 393 if (strcmp(name, tomoyo_mac_keywords[i]))
853 * @index: The functionality to check mode. 394 continue;
854 * 395 config = profile->config[i];
855 * TOMOYO checks only process context.
856 * This code disables TOMOYO's enforcement in case the function is called from
857 * interrupt context.
858 */
859unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
860 const u8 index)
861{
862 const u8 profile = domain->profile;
863
864 if (WARN_ON(in_interrupt()))
865 return 0;
866 return tomoyo_policy_loaded && index < TOMOYO_MAX_CONTROL_INDEX
867#if TOMOYO_MAX_PROFILES != 256
868 && profile < TOMOYO_MAX_PROFILES
869#endif
870 && tomoyo_profile_ptr[profile] ?
871 tomoyo_profile_ptr[profile]->value[index] : 0;
872}
873
874/**
875 * tomoyo_verbose_mode - Check whether TOMOYO is verbose mode.
876 *
877 * @domain: Pointer to "struct tomoyo_domain_info".
878 *
879 * Returns true if domain policy violation warning should be printed to
880 * console.
881 */
882bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain)
883{
884 return tomoyo_check_flags(domain, TOMOYO_VERBOSE) != 0;
885}
886
887/**
888 * tomoyo_domain_quota_is_ok - Check for domain's quota.
889 *
890 * @domain: Pointer to "struct tomoyo_domain_info".
891 *
892 * Returns true if the domain is not exceeded quota, false otherwise.
893 *
894 * Caller holds tomoyo_read_lock().
895 */
896bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
897{
898 unsigned int count = 0;
899 struct tomoyo_acl_info *ptr;
900
901 if (!domain)
902 return true;
903 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
904 switch (ptr->type) {
905 struct tomoyo_path_acl *acl;
906 u32 perm;
907 u8 i;
908 case TOMOYO_TYPE_PATH_ACL:
909 acl = container_of(ptr, struct tomoyo_path_acl, head);
910 perm = acl->perm | (((u32) acl->perm_high) << 16);
911 for (i = 0; i < TOMOYO_MAX_PATH_OPERATION; i++)
912 if (perm & (1 << i))
913 count++;
914 if (perm & (1 << TOMOYO_TYPE_READ_WRITE))
915 count -= 2;
916 break;
917 case TOMOYO_TYPE_PATH2_ACL:
918 perm = container_of(ptr, struct tomoyo_path2_acl, head)
919 ->perm;
920 for (i = 0; i < TOMOYO_MAX_PATH2_OPERATION; i++)
921 if (perm & (1 << i))
922 count++;
923 break; 396 break;
924 } 397 }
398 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
399 return -EINVAL;
400 } else {
401 return -EINVAL;
925 } 402 }
926 if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY)) 403 if (use_default) {
927 return true; 404 config = TOMOYO_CONFIG_USE_DEFAULT;
928 if (!domain->quota_warned) { 405 } else {
929 domain->quota_warned = true; 406 u8 mode;
930 printk(KERN_WARNING "TOMOYO-WARNING: " 407 for (mode = 0; mode < 4; mode++)
931 "Domain '%s' has so many ACLs to hold. " 408 if (strstr(value, tomoyo_mode[mode]))
932 "Stopped learning mode.\n", domain->domainname->name); 409 /*
933 } 410 * Update lower 3 bits in order to distinguish
934 return false; 411 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
935} 412 */
936 413 config = (config & ~7) | mode;
937/**
938 * tomoyo_find_or_assign_new_profile - Create a new profile.
939 *
940 * @profile: Profile number to create.
941 *
942 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
943 */
944static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
945 int profile)
946{
947 struct tomoyo_profile *ptr = NULL;
948 int i;
949
950 if (profile >= TOMOYO_MAX_PROFILES)
951 return NULL;
952 if (mutex_lock_interruptible(&tomoyo_policy_lock))
953 return NULL;
954 ptr = tomoyo_profile_ptr[profile];
955 if (ptr)
956 goto ok;
957 ptr = kmalloc(sizeof(*ptr), GFP_NOFS);
958 if (!tomoyo_memory_ok(ptr)) {
959 kfree(ptr);
960 ptr = NULL;
961 goto ok;
962 } 414 }
963 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) 415 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
964 ptr->value[i] = tomoyo_control_array[i].current_value; 416 profile->config[i] = config;
965 mb(); /* Avoid out-of-order execution. */ 417 else if (config != TOMOYO_CONFIG_USE_DEFAULT)
966 tomoyo_profile_ptr[profile] = ptr; 418 profile->default_config = config;
967 ok: 419 return 0;
968 mutex_unlock(&tomoyo_policy_lock);
969 return ptr;
970} 420}
971 421
972/** 422/**
973 * tomoyo_write_profile - Write to profile table. 423 * tomoyo_write_profile - Write profile table.
974 * 424 *
975 * @head: Pointer to "struct tomoyo_io_buffer". 425 * @head: Pointer to "struct tomoyo_io_buffer".
976 * 426 *
@@ -980,153 +430,165 @@ static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
980{ 430{
981 char *data = head->write_buf; 431 char *data = head->write_buf;
982 unsigned int i; 432 unsigned int i;
983 unsigned int value; 433 bool use_default = false;
984 char *cp; 434 char *cp;
985 struct tomoyo_profile *profile; 435 struct tomoyo_profile *profile;
986 unsigned long num; 436 if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1)
987 437 return 0;
988 cp = strchr(data, '-'); 438 i = simple_strtoul(data, &cp, 10);
989 if (cp) 439 if (data == cp) {
990 *cp = '\0'; 440 profile = &tomoyo_default_profile;
991 if (strict_strtoul(data, 10, &num)) 441 } else {
992 return -EINVAL; 442 if (*cp != '-')
993 if (cp) 443 return -EINVAL;
994 data = cp + 1; 444 data = cp + 1;
995 profile = tomoyo_find_or_assign_new_profile(num); 445 profile = tomoyo_assign_profile(i);
996 if (!profile) 446 if (!profile)
997 return -EINVAL; 447 return -EINVAL;
448 }
998 cp = strchr(data, '='); 449 cp = strchr(data, '=');
999 if (!cp) 450 if (!cp)
1000 return -EINVAL; 451 return -EINVAL;
1001 *cp = '\0'; 452 *cp++ = '\0';
453 if (profile != &tomoyo_default_profile)
454 use_default = strstr(cp, "use_default") != NULL;
455 if (tomoyo_str_starts(&data, "PREFERENCE::")) {
456 tomoyo_set_pref(data, cp, use_default, profile);
457 return 0;
458 }
459 if (profile == &tomoyo_default_profile)
460 return -EINVAL;
1002 if (!strcmp(data, "COMMENT")) { 461 if (!strcmp(data, "COMMENT")) {
1003 const struct tomoyo_path_info *old_comment = profile->comment; 462 const struct tomoyo_path_info *old_comment = profile->comment;
1004 profile->comment = tomoyo_get_name(cp + 1); 463 profile->comment = tomoyo_get_name(cp);
1005 tomoyo_put_name(old_comment); 464 tomoyo_put_name(old_comment);
1006 return 0; 465 return 0;
1007 } 466 }
1008 for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) { 467 return tomoyo_set_mode(data, cp, use_default, profile);
1009 if (strcmp(data, tomoyo_control_array[i].keyword)) 468}
1010 continue; 469
1011 if (sscanf(cp + 1, "%u", &value) != 1) { 470static void tomoyo_print_preference(struct tomoyo_io_buffer *head,
1012 int j; 471 const int idx)
1013 const char **modes; 472{
1014 switch (i) { 473 struct tomoyo_preference *pref = &tomoyo_default_profile.preference;
1015 case TOMOYO_VERBOSE: 474 const struct tomoyo_profile *profile = idx >= 0 ?
1016 modes = tomoyo_mode_2; 475 tomoyo_profile_ptr[idx] : NULL;
1017 break; 476 char buffer[16] = "";
1018 default: 477 if (profile) {
1019 modes = tomoyo_mode_4; 478 buffer[sizeof(buffer) - 1] = '\0';
1020 break; 479 snprintf(buffer, sizeof(buffer) - 1, "%u-", idx);
1021 }
1022 for (j = 0; j < 4; j++) {
1023 if (strcmp(cp + 1, modes[j]))
1024 continue;
1025 value = j;
1026 break;
1027 }
1028 if (j == 4)
1029 return -EINVAL;
1030 } else if (value > tomoyo_control_array[i].max_value) {
1031 value = tomoyo_control_array[i].max_value;
1032 }
1033 profile->value[i] = value;
1034 return 0;
1035 } 480 }
1036 return -EINVAL; 481 if (profile) {
482 pref = profile->learning;
483 if (pref == &tomoyo_default_profile.preference)
484 goto skip1;
485 }
486 tomoyo_io_printf(head, "%sPREFERENCE::%s={ "
487 "verbose=%s max_entry=%u }\n",
488 buffer, "learning",
489 tomoyo_yesno(pref->learning_verbose),
490 pref->learning_max_entry);
491 skip1:
492 if (profile) {
493 pref = profile->permissive;
494 if (pref == &tomoyo_default_profile.preference)
495 goto skip2;
496 }
497 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n",
498 buffer, "permissive",
499 tomoyo_yesno(pref->permissive_verbose));
500 skip2:
501 if (profile) {
502 pref = profile->enforcing;
503 if (pref == &tomoyo_default_profile.preference)
504 return;
505 }
506 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n",
507 buffer, "enforcing",
508 tomoyo_yesno(pref->enforcing_verbose));
509}
510
511static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config)
512{
513 tomoyo_io_printf(head, "={ mode=%s }\n", tomoyo_mode[config & 3]);
1037} 514}
1038 515
1039/** 516/**
1040 * tomoyo_read_profile - Read from profile table. 517 * tomoyo_read_profile - Read profile table.
1041 * 518 *
1042 * @head: Pointer to "struct tomoyo_io_buffer". 519 * @head: Pointer to "struct tomoyo_io_buffer".
1043 *
1044 * Returns 0.
1045 */ 520 */
1046static int tomoyo_read_profile(struct tomoyo_io_buffer *head) 521static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
1047{ 522{
1048 static const int total = TOMOYO_MAX_CONTROL_INDEX + 1; 523 u8 index;
1049 int step; 524 const struct tomoyo_profile *profile;
1050 525 next:
1051 if (head->read_eof) 526 index = head->r.index;
1052 return 0; 527 profile = tomoyo_profile_ptr[index];
1053 for (step = head->read_step; step < TOMOYO_MAX_PROFILES * total; 528 switch (head->r.step) {
1054 step++) { 529 case 0:
1055 const u8 index = step / total; 530 tomoyo_io_printf(head, "PROFILE_VERSION=%s\n", "20090903");
1056 u8 type = step % total; 531 tomoyo_print_preference(head, -1);
1057 const struct tomoyo_profile *profile 532 head->r.step++;
1058 = tomoyo_profile_ptr[index]; 533 break;
1059 head->read_step = step; 534 case 1:
1060 if (!profile) 535 for ( ; head->r.index < TOMOYO_MAX_PROFILES;
1061 continue; 536 head->r.index++)
1062 if (!type) { /* Print profile' comment tag. */ 537 if (tomoyo_profile_ptr[head->r.index])
1063 if (!tomoyo_io_printf(head, "%u-COMMENT=%s\n",
1064 index, profile->comment ?
1065 profile->comment->name : ""))
1066 break; 538 break;
1067 continue; 539 if (head->r.index == TOMOYO_MAX_PROFILES)
540 return;
541 head->r.step++;
542 break;
543 case 2:
544 {
545 const struct tomoyo_path_info *comment =
546 profile->comment;
547 tomoyo_io_printf(head, "%u-COMMENT=", index);
548 tomoyo_set_string(head, comment ? comment->name : "");
549 tomoyo_set_lf(head);
550 head->r.step++;
1068 } 551 }
1069 type--; 552 break;
1070 if (type < TOMOYO_MAX_CONTROL_INDEX) { 553 case 3:
1071 const unsigned int value = profile->value[type]; 554 {
1072 const char **modes = NULL; 555 tomoyo_io_printf(head, "%u-%s", index, "CONFIG");
1073 const char *keyword 556 tomoyo_print_config(head, profile->default_config);
1074 = tomoyo_control_array[type].keyword; 557 head->r.bit = 0;
1075 switch (tomoyo_control_array[type].max_value) { 558 head->r.step++;
1076 case 3: 559 }
1077 modes = tomoyo_mode_4; 560 break;
1078 break; 561 case 4:
1079 case 1: 562 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX
1080 modes = tomoyo_mode_2; 563 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
1081 break; 564 const u8 i = head->r.bit;
1082 } 565 const u8 config = profile->config[i];
1083 if (modes) { 566 if (config == TOMOYO_CONFIG_USE_DEFAULT)
1084 if (!tomoyo_io_printf(head, "%u-%s=%s\n", index, 567 continue;
1085 keyword, modes[value])) 568 tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::",
1086 break; 569 tomoyo_mac_keywords[i]);
1087 } else { 570 tomoyo_print_config(head, config);
1088 if (!tomoyo_io_printf(head, "%u-%s=%u\n", index, 571 head->r.bit++;
1089 keyword, value)) 572 break;
1090 break; 573 }
1091 } 574 if (head->r.bit == TOMOYO_MAX_MAC_INDEX
575 + TOMOYO_MAX_MAC_CATEGORY_INDEX) {
576 tomoyo_print_preference(head, index);
577 head->r.index++;
578 head->r.step = 1;
1092 } 579 }
580 break;
1093 } 581 }
1094 if (step == TOMOYO_MAX_PROFILES * total) 582 if (tomoyo_flush(head))
1095 head->read_eof = true; 583 goto next;
1096 return 0;
1097} 584}
1098 585
1099/* 586static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
1100 * tomoyo_policy_manager_list is used for holding list of domainnames or 587 const struct tomoyo_acl_head *b)
1101 * programs which are permitted to modify configuration via 588{
1102 * /sys/kernel/security/tomoyo/ interface. 589 return container_of(a, struct tomoyo_manager, head)->manager ==
1103 * 590 container_of(b, struct tomoyo_manager, head)->manager;
1104 * An entry is added by 591}
1105 *
1106 * # echo '<kernel> /sbin/mingetty /bin/login /bin/bash' > \
1107 * /sys/kernel/security/tomoyo/manager
1108 * (if you want to specify by a domainname)
1109 *
1110 * or
1111 *
1112 * # echo '/usr/lib/ccs/editpolicy' > /sys/kernel/security/tomoyo/manager
1113 * (if you want to specify by a program's location)
1114 *
1115 * and is deleted by
1116 *
1117 * # echo 'delete <kernel> /sbin/mingetty /bin/login /bin/bash' > \
1118 * /sys/kernel/security/tomoyo/manager
1119 *
1120 * or
1121 *
1122 * # echo 'delete /usr/lib/ccs/editpolicy' > \
1123 * /sys/kernel/security/tomoyo/manager
1124 *
1125 * and all entries are retrieved by
1126 *
1127 * # cat /sys/kernel/security/tomoyo/manager
1128 */
1129LIST_HEAD(tomoyo_policy_manager_list);
1130 592
1131/** 593/**
1132 * tomoyo_update_manager_entry - Add a manager entry. 594 * tomoyo_update_manager_entry - Add a manager entry.
@@ -1141,47 +603,29 @@ LIST_HEAD(tomoyo_policy_manager_list);
1141static int tomoyo_update_manager_entry(const char *manager, 603static int tomoyo_update_manager_entry(const char *manager,
1142 const bool is_delete) 604 const bool is_delete)
1143{ 605{
1144 struct tomoyo_policy_manager_entry *ptr; 606 struct tomoyo_manager e = { };
1145 struct tomoyo_policy_manager_entry e = { }; 607 int error;
1146 int error = is_delete ? -ENOENT : -ENOMEM;
1147 608
1148 if (tomoyo_is_domain_def(manager)) { 609 if (tomoyo_domain_def(manager)) {
1149 if (!tomoyo_is_correct_domain(manager)) 610 if (!tomoyo_correct_domain(manager))
1150 return -EINVAL; 611 return -EINVAL;
1151 e.is_domain = true; 612 e.is_domain = true;
1152 } else { 613 } else {
1153 if (!tomoyo_is_correct_path(manager, 1, -1, -1)) 614 if (!tomoyo_correct_path(manager))
1154 return -EINVAL; 615 return -EINVAL;
1155 } 616 }
1156 e.manager = tomoyo_get_name(manager); 617 e.manager = tomoyo_get_name(manager);
1157 if (!e.manager) 618 if (!e.manager)
1158 return -ENOMEM; 619 return -ENOMEM;
1159 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 620 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
1160 goto out; 621 &tomoyo_policy_list[TOMOYO_ID_MANAGER],
1161 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { 622 tomoyo_same_manager);
1162 if (ptr->manager != e.manager)
1163 continue;
1164 ptr->is_deleted = is_delete;
1165 error = 0;
1166 break;
1167 }
1168 if (!is_delete && error) {
1169 struct tomoyo_policy_manager_entry *entry =
1170 tomoyo_commit_ok(&e, sizeof(e));
1171 if (entry) {
1172 list_add_tail_rcu(&entry->list,
1173 &tomoyo_policy_manager_list);
1174 error = 0;
1175 }
1176 }
1177 mutex_unlock(&tomoyo_policy_lock);
1178 out:
1179 tomoyo_put_name(e.manager); 623 tomoyo_put_name(e.manager);
1180 return error; 624 return error;
1181} 625}
1182 626
1183/** 627/**
1184 * tomoyo_write_manager_policy - Write manager policy. 628 * tomoyo_write_manager - Write manager policy.
1185 * 629 *
1186 * @head: Pointer to "struct tomoyo_io_buffer". 630 * @head: Pointer to "struct tomoyo_io_buffer".
1187 * 631 *
@@ -1189,7 +633,7 @@ static int tomoyo_update_manager_entry(const char *manager,
1189 * 633 *
1190 * Caller holds tomoyo_read_lock(). 634 * Caller holds tomoyo_read_lock().
1191 */ 635 */
1192static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) 636static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
1193{ 637{
1194 char *data = head->write_buf; 638 char *data = head->write_buf;
1195 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 639 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
@@ -1202,47 +646,41 @@ static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head)
1202} 646}
1203 647
1204/** 648/**
1205 * tomoyo_read_manager_policy - Read manager policy. 649 * tomoyo_read_manager - Read manager policy.
1206 * 650 *
1207 * @head: Pointer to "struct tomoyo_io_buffer". 651 * @head: Pointer to "struct tomoyo_io_buffer".
1208 * 652 *
1209 * Returns 0.
1210 *
1211 * Caller holds tomoyo_read_lock(). 653 * Caller holds tomoyo_read_lock().
1212 */ 654 */
1213static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) 655static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
1214{ 656{
1215 struct list_head *pos; 657 if (head->r.eof)
1216 bool done = true; 658 return;
1217 659 list_for_each_cookie(head->r.acl,
1218 if (head->read_eof) 660 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
1219 return 0; 661 struct tomoyo_manager *ptr =
1220 list_for_each_cookie(pos, head->read_var2, 662 list_entry(head->r.acl, typeof(*ptr), head.list);
1221 &tomoyo_policy_manager_list) { 663 if (ptr->head.is_deleted)
1222 struct tomoyo_policy_manager_entry *ptr;
1223 ptr = list_entry(pos, struct tomoyo_policy_manager_entry,
1224 list);
1225 if (ptr->is_deleted)
1226 continue; 664 continue;
1227 done = tomoyo_io_printf(head, "%s\n", ptr->manager->name); 665 if (!tomoyo_flush(head))
1228 if (!done) 666 return;
1229 break; 667 tomoyo_set_string(head, ptr->manager->name);
668 tomoyo_set_lf(head);
1230 } 669 }
1231 head->read_eof = done; 670 head->r.eof = true;
1232 return 0;
1233} 671}
1234 672
1235/** 673/**
1236 * tomoyo_is_policy_manager - Check whether the current process is a policy manager. 674 * tomoyo_manager - Check whether the current process is a policy manager.
1237 * 675 *
1238 * Returns true if the current process is permitted to modify policy 676 * Returns true if the current process is permitted to modify policy
1239 * via /sys/kernel/security/tomoyo/ interface. 677 * via /sys/kernel/security/tomoyo/ interface.
1240 * 678 *
1241 * Caller holds tomoyo_read_lock(). 679 * Caller holds tomoyo_read_lock().
1242 */ 680 */
1243static bool tomoyo_is_policy_manager(void) 681static bool tomoyo_manager(void)
1244{ 682{
1245 struct tomoyo_policy_manager_entry *ptr; 683 struct tomoyo_manager *ptr;
1246 const char *exe; 684 const char *exe;
1247 const struct task_struct *task = current; 685 const struct task_struct *task = current;
1248 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname; 686 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
@@ -1252,8 +690,9 @@ static bool tomoyo_is_policy_manager(void)
1252 return true; 690 return true;
1253 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) 691 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
1254 return false; 692 return false;
1255 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { 693 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
1256 if (!ptr->is_deleted && ptr->is_domain 694 head.list) {
695 if (!ptr->head.is_deleted && ptr->is_domain
1257 && !tomoyo_pathcmp(domainname, ptr->manager)) { 696 && !tomoyo_pathcmp(domainname, ptr->manager)) {
1258 found = true; 697 found = true;
1259 break; 698 break;
@@ -1264,8 +703,9 @@ static bool tomoyo_is_policy_manager(void)
1264 exe = tomoyo_get_exe(); 703 exe = tomoyo_get_exe();
1265 if (!exe) 704 if (!exe)
1266 return false; 705 return false;
1267 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { 706 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
1268 if (!ptr->is_deleted && !ptr->is_domain 707 head.list) {
708 if (!ptr->head.is_deleted && !ptr->is_domain
1269 && !strcmp(exe, ptr->manager->name)) { 709 && !strcmp(exe, ptr->manager->name)) {
1270 found = true; 710 found = true;
1271 break; 711 break;
@@ -1285,7 +725,7 @@ static bool tomoyo_is_policy_manager(void)
1285} 725}
1286 726
1287/** 727/**
1288 * tomoyo_is_select_one - Parse select command. 728 * tomoyo_select_one - Parse select command.
1289 * 729 *
1290 * @head: Pointer to "struct tomoyo_io_buffer". 730 * @head: Pointer to "struct tomoyo_io_buffer".
1291 * @data: String to parse. 731 * @data: String to parse.
@@ -1294,23 +734,31 @@ static bool tomoyo_is_policy_manager(void)
1294 * 734 *
1295 * Caller holds tomoyo_read_lock(). 735 * Caller holds tomoyo_read_lock().
1296 */ 736 */
1297static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head, 737static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data)
1298 const char *data)
1299{ 738{
1300 unsigned int pid; 739 unsigned int pid;
1301 struct tomoyo_domain_info *domain = NULL; 740 struct tomoyo_domain_info *domain = NULL;
741 bool global_pid = false;
1302 742
1303 if (sscanf(data, "pid=%u", &pid) == 1) { 743 if (!strcmp(data, "allow_execute")) {
744 head->r.print_execute_only = true;
745 return true;
746 }
747 if (sscanf(data, "pid=%u", &pid) == 1 ||
748 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
1304 struct task_struct *p; 749 struct task_struct *p;
1305 rcu_read_lock(); 750 rcu_read_lock();
1306 read_lock(&tasklist_lock); 751 read_lock(&tasklist_lock);
1307 p = find_task_by_vpid(pid); 752 if (global_pid)
753 p = find_task_by_pid_ns(pid, &init_pid_ns);
754 else
755 p = find_task_by_vpid(pid);
1308 if (p) 756 if (p)
1309 domain = tomoyo_real_domain(p); 757 domain = tomoyo_real_domain(p);
1310 read_unlock(&tasklist_lock); 758 read_unlock(&tasklist_lock);
1311 rcu_read_unlock(); 759 rcu_read_unlock();
1312 } else if (!strncmp(data, "domain=", 7)) { 760 } else if (!strncmp(data, "domain=", 7)) {
1313 if (tomoyo_is_domain_def(data + 7)) 761 if (tomoyo_domain_def(data + 7))
1314 domain = tomoyo_find_domain(data + 7); 762 domain = tomoyo_find_domain(data + 7);
1315 } else 763 } else
1316 return false; 764 return false;
@@ -1318,24 +766,13 @@ static bool tomoyo_is_select_one(struct tomoyo_io_buffer *head,
1318 /* Accessing read_buf is safe because head->io_sem is held. */ 766 /* Accessing read_buf is safe because head->io_sem is held. */
1319 if (!head->read_buf) 767 if (!head->read_buf)
1320 return true; /* Do nothing if open(O_WRONLY). */ 768 return true; /* Do nothing if open(O_WRONLY). */
1321 head->read_avail = 0; 769 memset(&head->r, 0, sizeof(head->r));
770 head->r.print_this_domain_only = true;
771 head->r.eof = !domain;
772 head->r.domain = &domain->list;
1322 tomoyo_io_printf(head, "# select %s\n", data); 773 tomoyo_io_printf(head, "# select %s\n", data);
1323 head->read_single_domain = true; 774 if (domain && domain->is_deleted)
1324 head->read_eof = !domain; 775 tomoyo_io_printf(head, "# This is a deleted domain.\n");
1325 if (domain) {
1326 struct tomoyo_domain_info *d;
1327 head->read_var1 = NULL;
1328 list_for_each_entry_rcu(d, &tomoyo_domain_list, list) {
1329 if (d == domain)
1330 break;
1331 head->read_var1 = &d->list;
1332 }
1333 head->read_var2 = NULL;
1334 head->read_bit = 0;
1335 head->read_step = 0;
1336 if (domain->is_deleted)
1337 tomoyo_io_printf(head, "# This is a deleted domain.\n");
1338 }
1339 return true; 776 return true;
1340} 777}
1341 778
@@ -1373,7 +810,7 @@ static int tomoyo_delete_domain(char *domainname)
1373} 810}
1374 811
1375/** 812/**
1376 * tomoyo_write_domain_policy - Write domain policy. 813 * tomoyo_write_domain2 - Write domain policy.
1377 * 814 *
1378 * @head: Pointer to "struct tomoyo_io_buffer". 815 * @head: Pointer to "struct tomoyo_io_buffer".
1379 * 816 *
@@ -1381,7 +818,24 @@ static int tomoyo_delete_domain(char *domainname)
1381 * 818 *
1382 * Caller holds tomoyo_read_lock(). 819 * Caller holds tomoyo_read_lock().
1383 */ 820 */
1384static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head) 821static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain,
822 const bool is_delete)
823{
824 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT))
825 return tomoyo_write_mount(data, domain, is_delete);
826 return tomoyo_write_file(data, domain, is_delete);
827}
828
829/**
830 * tomoyo_write_domain - Write domain policy.
831 *
832 * @head: Pointer to "struct tomoyo_io_buffer".
833 *
834 * Returns 0 on success, negative value otherwise.
835 *
836 * Caller holds tomoyo_read_lock().
837 */
838static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
1385{ 839{
1386 char *data = head->write_buf; 840 char *data = head->write_buf;
1387 struct tomoyo_domain_info *domain = head->write_var1; 841 struct tomoyo_domain_info *domain = head->write_var1;
@@ -1393,19 +847,19 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
1393 is_delete = true; 847 is_delete = true;
1394 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT)) 848 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
1395 is_select = true; 849 is_select = true;
1396 if (is_select && tomoyo_is_select_one(head, data)) 850 if (is_select && tomoyo_select_one(head, data))
1397 return 0; 851 return 0;
1398 /* Don't allow updating policies by non manager programs. */ 852 /* Don't allow updating policies by non manager programs. */
1399 if (!tomoyo_is_policy_manager()) 853 if (!tomoyo_manager())
1400 return -EPERM; 854 return -EPERM;
1401 if (tomoyo_is_domain_def(data)) { 855 if (tomoyo_domain_def(data)) {
1402 domain = NULL; 856 domain = NULL;
1403 if (is_delete) 857 if (is_delete)
1404 tomoyo_delete_domain(data); 858 tomoyo_delete_domain(data);
1405 else if (is_select) 859 else if (is_select)
1406 domain = tomoyo_find_domain(data); 860 domain = tomoyo_find_domain(data);
1407 else 861 else
1408 domain = tomoyo_find_or_assign_new_domain(data, 0); 862 domain = tomoyo_assign_domain(data, 0);
1409 head->write_var1 = domain; 863 head->write_var1 = domain;
1410 return 0; 864 return 0;
1411 } 865 }
@@ -1422,179 +876,198 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
1422 domain->ignore_global_allow_read = !is_delete; 876 domain->ignore_global_allow_read = !is_delete;
1423 return 0; 877 return 0;
1424 } 878 }
1425 return tomoyo_write_file_policy(data, domain, is_delete); 879 if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) {
880 domain->quota_warned = !is_delete;
881 return 0;
882 }
883 if (!strcmp(data, TOMOYO_KEYWORD_TRANSITION_FAILED)) {
884 domain->transition_failed = !is_delete;
885 return 0;
886 }
887 return tomoyo_write_domain2(data, domain, is_delete);
1426} 888}
1427 889
1428/** 890/**
1429 * tomoyo_print_path_acl - Print a single path ACL entry. 891 * tomoyo_fns - Find next set bit.
1430 * 892 *
1431 * @head: Pointer to "struct tomoyo_io_buffer". 893 * @perm: 8 bits value.
1432 * @ptr: Pointer to "struct tomoyo_path_acl". 894 * @bit: First bit to find.
1433 * 895 *
1434 * Returns true on success, false otherwise. 896 * Returns next on-bit on success, 8 otherwise.
1435 */ 897 */
1436static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head, 898static u8 tomoyo_fns(const u8 perm, u8 bit)
1437 struct tomoyo_path_acl *ptr)
1438{ 899{
1439 int pos; 900 for ( ; bit < 8; bit++)
1440 u8 bit; 901 if (perm & (1 << bit))
1441 const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16); 902 break;
1442 903 return bit;
1443 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
1444 if (!(perm & (1 << bit)))
1445 continue;
1446 /* Print "read/write" instead of "read" and "write". */
1447 if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE)
1448 && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
1449 continue;
1450 pos = head->read_avail;
1451 if (!tomoyo_io_printf(head, "allow_%s ",
1452 tomoyo_path2keyword(bit)) ||
1453 !tomoyo_print_name_union(head, &ptr->name) ||
1454 !tomoyo_io_printf(head, "\n"))
1455 goto out;
1456 }
1457 head->read_bit = 0;
1458 return true;
1459 out:
1460 head->read_bit = bit;
1461 head->read_avail = pos;
1462 return false;
1463} 904}
1464 905
1465/** 906/**
1466 * tomoyo_print_path2_acl - Print a double path ACL entry. 907 * tomoyo_print_entry - Print an ACL entry.
1467 * 908 *
1468 * @head: Pointer to "struct tomoyo_io_buffer". 909 * @head: Pointer to "struct tomoyo_io_buffer".
1469 * @ptr: Pointer to "struct tomoyo_path2_acl". 910 * @acl: Pointer to an ACL entry.
1470 * 911 *
1471 * Returns true on success, false otherwise. 912 * Returns true on success, false otherwise.
1472 */ 913 */
1473static bool tomoyo_print_path2_acl(struct tomoyo_io_buffer *head, 914static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
1474 struct tomoyo_path2_acl *ptr) 915 struct tomoyo_acl_info *acl)
1475{ 916{
1476 int pos; 917 const u8 acl_type = acl->type;
1477 const u8 perm = ptr->perm;
1478 u8 bit; 918 u8 bit;
1479 919
1480 for (bit = head->read_bit; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) { 920 if (acl->is_deleted)
1481 if (!(perm & (1 << bit))) 921 return true;
1482 continue; 922 next:
1483 pos = head->read_avail; 923 bit = head->r.bit;
1484 if (!tomoyo_io_printf(head, "allow_%s ", 924 if (!tomoyo_flush(head))
1485 tomoyo_path22keyword(bit)) || 925 return false;
1486 !tomoyo_print_name_union(head, &ptr->name1) || 926 else if (acl_type == TOMOYO_TYPE_PATH_ACL) {
1487 !tomoyo_print_name_union(head, &ptr->name2) || 927 struct tomoyo_path_acl *ptr =
1488 !tomoyo_io_printf(head, "\n")) 928 container_of(acl, typeof(*ptr), head);
1489 goto out; 929 const u16 perm = ptr->perm;
930 for ( ; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
931 if (!(perm & (1 << bit)))
932 continue;
933 if (head->r.print_execute_only &&
934 bit != TOMOYO_TYPE_EXECUTE)
935 continue;
936 /* Print "read/write" instead of "read" and "write". */
937 if ((bit == TOMOYO_TYPE_READ ||
938 bit == TOMOYO_TYPE_WRITE)
939 && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
940 continue;
941 break;
942 }
943 if (bit >= TOMOYO_MAX_PATH_OPERATION)
944 goto done;
945 tomoyo_io_printf(head, "allow_%s", tomoyo_path_keyword[bit]);
946 tomoyo_print_name_union(head, &ptr->name);
947 } else if (head->r.print_execute_only) {
948 return true;
949 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
950 struct tomoyo_path2_acl *ptr =
951 container_of(acl, typeof(*ptr), head);
952 bit = tomoyo_fns(ptr->perm, bit);
953 if (bit >= TOMOYO_MAX_PATH2_OPERATION)
954 goto done;
955 tomoyo_io_printf(head, "allow_%s", tomoyo_path2_keyword[bit]);
956 tomoyo_print_name_union(head, &ptr->name1);
957 tomoyo_print_name_union(head, &ptr->name2);
958 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) {
959 struct tomoyo_path_number_acl *ptr =
960 container_of(acl, typeof(*ptr), head);
961 bit = tomoyo_fns(ptr->perm, bit);
962 if (bit >= TOMOYO_MAX_PATH_NUMBER_OPERATION)
963 goto done;
964 tomoyo_io_printf(head, "allow_%s",
965 tomoyo_path_number_keyword[bit]);
966 tomoyo_print_name_union(head, &ptr->name);
967 tomoyo_print_number_union(head, &ptr->number);
968 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
969 struct tomoyo_mkdev_acl *ptr =
970 container_of(acl, typeof(*ptr), head);
971 bit = tomoyo_fns(ptr->perm, bit);
972 if (bit >= TOMOYO_MAX_MKDEV_OPERATION)
973 goto done;
974 tomoyo_io_printf(head, "allow_%s", tomoyo_mkdev_keyword[bit]);
975 tomoyo_print_name_union(head, &ptr->name);
976 tomoyo_print_number_union(head, &ptr->mode);
977 tomoyo_print_number_union(head, &ptr->major);
978 tomoyo_print_number_union(head, &ptr->minor);
979 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
980 struct tomoyo_mount_acl *ptr =
981 container_of(acl, typeof(*ptr), head);
982 tomoyo_io_printf(head, "allow_mount");
983 tomoyo_print_name_union(head, &ptr->dev_name);
984 tomoyo_print_name_union(head, &ptr->dir_name);
985 tomoyo_print_name_union(head, &ptr->fs_type);
986 tomoyo_print_number_union(head, &ptr->flags);
1490 } 987 }
1491 head->read_bit = 0; 988 head->r.bit = bit + 1;
989 tomoyo_io_printf(head, "\n");
990 if (acl_type != TOMOYO_TYPE_MOUNT_ACL)
991 goto next;
992 done:
993 head->r.bit = 0;
1492 return true; 994 return true;
1493 out:
1494 head->read_bit = bit;
1495 head->read_avail = pos;
1496 return false;
1497} 995}
1498 996
1499/** 997/**
1500 * tomoyo_print_entry - Print an ACL entry. 998 * tomoyo_read_domain2 - Read domain policy.
1501 * 999 *
1502 * @head: Pointer to "struct tomoyo_io_buffer". 1000 * @head: Pointer to "struct tomoyo_io_buffer".
1503 * @ptr: Pointer to an ACL entry. 1001 * @domain: Pointer to "struct tomoyo_domain_info".
1002 *
1003 * Caller holds tomoyo_read_lock().
1504 * 1004 *
1505 * Returns true on success, false otherwise. 1005 * Returns true on success, false otherwise.
1506 */ 1006 */
1507static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, 1007static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head,
1508 struct tomoyo_acl_info *ptr) 1008 struct tomoyo_domain_info *domain)
1509{ 1009{
1510 const u8 acl_type = ptr->type; 1010 list_for_each_cookie(head->r.acl, &domain->acl_info_list) {
1511 1011 struct tomoyo_acl_info *ptr =
1512 if (acl_type == TOMOYO_TYPE_PATH_ACL) { 1012 list_entry(head->r.acl, typeof(*ptr), list);
1513 struct tomoyo_path_acl *acl 1013 if (!tomoyo_print_entry(head, ptr))
1514 = container_of(ptr, struct tomoyo_path_acl, head); 1014 return false;
1515 return tomoyo_print_path_acl(head, acl);
1516 }
1517 if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
1518 struct tomoyo_path2_acl *acl
1519 = container_of(ptr, struct tomoyo_path2_acl, head);
1520 return tomoyo_print_path2_acl(head, acl);
1521 } 1015 }
1522 BUG(); /* This must not happen. */ 1016 head->r.acl = NULL;
1523 return false; 1017 return true;
1524} 1018}
1525 1019
1526/** 1020/**
1527 * tomoyo_read_domain_policy - Read domain policy. 1021 * tomoyo_read_domain - Read domain policy.
1528 * 1022 *
1529 * @head: Pointer to "struct tomoyo_io_buffer". 1023 * @head: Pointer to "struct tomoyo_io_buffer".
1530 * 1024 *
1531 * Returns 0.
1532 *
1533 * Caller holds tomoyo_read_lock(). 1025 * Caller holds tomoyo_read_lock().
1534 */ 1026 */
1535static int tomoyo_read_domain_policy(struct tomoyo_io_buffer *head) 1027static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1536{ 1028{
1537 struct list_head *dpos; 1029 if (head->r.eof)
1538 struct list_head *apos; 1030 return;
1539 bool done = true; 1031 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1540 1032 struct tomoyo_domain_info *domain =
1541 if (head->read_eof) 1033 list_entry(head->r.domain, typeof(*domain), list);
1542 return 0; 1034 switch (head->r.step) {
1543 if (head->read_step == 0) 1035 case 0:
1544 head->read_step = 1; 1036 if (domain->is_deleted &&
1545 list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) { 1037 !head->r.print_this_domain_only)
1546 struct tomoyo_domain_info *domain; 1038 continue;
1547 const char *quota_exceeded = ""; 1039 /* Print domainname and flags. */
1548 const char *transition_failed = ""; 1040 tomoyo_set_string(head, domain->domainname->name);
1549 const char *ignore_global_allow_read = ""; 1041 tomoyo_set_lf(head);
1550 domain = list_entry(dpos, struct tomoyo_domain_info, list); 1042 tomoyo_io_printf(head,
1551 if (head->read_step != 1) 1043 TOMOYO_KEYWORD_USE_PROFILE "%u\n",
1552 goto acl_loop; 1044 domain->profile);
1553 if (domain->is_deleted && !head->read_single_domain) 1045 if (domain->quota_warned)
1554 continue; 1046 tomoyo_set_string(head, "quota_exceeded\n");
1555 /* Print domainname and flags. */ 1047 if (domain->transition_failed)
1556 if (domain->quota_warned) 1048 tomoyo_set_string(head, "transition_failed\n");
1557 quota_exceeded = "quota_exceeded\n"; 1049 if (domain->ignore_global_allow_read)
1558 if (domain->transition_failed) 1050 tomoyo_set_string(head,
1559 transition_failed = "transition_failed\n"; 1051 TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ
1560 if (domain->ignore_global_allow_read) 1052 "\n");
1561 ignore_global_allow_read 1053 head->r.step++;
1562 = TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n"; 1054 tomoyo_set_lf(head);
1563 done = tomoyo_io_printf(head, "%s\n" TOMOYO_KEYWORD_USE_PROFILE 1055 /* fall through */
1564 "%u\n%s%s%s\n", 1056 case 1:
1565 domain->domainname->name, 1057 if (!tomoyo_read_domain2(head, domain))
1566 domain->profile, quota_exceeded, 1058 return;
1567 transition_failed, 1059 head->r.step++;
1568 ignore_global_allow_read); 1060 if (!tomoyo_set_lf(head))
1569 if (!done) 1061 return;
1570 break; 1062 /* fall through */
1571 head->read_step = 2; 1063 case 2:
1572acl_loop: 1064 head->r.step = 0;
1573 if (head->read_step == 3) 1065 if (head->r.print_this_domain_only)
1574 goto tail_mark; 1066 goto done;
1575 /* Print ACL entries in the domain. */
1576 list_for_each_cookie(apos, head->read_var2,
1577 &domain->acl_info_list) {
1578 struct tomoyo_acl_info *ptr
1579 = list_entry(apos, struct tomoyo_acl_info,
1580 list);
1581 done = tomoyo_print_entry(head, ptr);
1582 if (!done)
1583 break;
1584 } 1067 }
1585 if (!done)
1586 break;
1587 head->read_step = 3;
1588tail_mark:
1589 done = tomoyo_io_printf(head, "\n");
1590 if (!done)
1591 break;
1592 head->read_step = 1;
1593 if (head->read_single_domain)
1594 break;
1595 } 1068 }
1596 head->read_eof = done; 1069 done:
1597 return 0; 1070 head->r.eof = true;
1598} 1071}
1599 1072
1600/** 1073/**
@@ -1607,7 +1080,7 @@ tail_mark:
1607 * This is equivalent to doing 1080 * This is equivalent to doing
1608 * 1081 *
1609 * ( echo "select " $domainname; echo "use_profile " $profile ) | 1082 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1610 * /usr/lib/ccs/loadpolicy -d 1083 * /usr/sbin/tomoyo-loadpolicy -d
1611 * 1084 *
1612 * Caller holds tomoyo_read_lock(). 1085 * Caller holds tomoyo_read_lock().
1613 */ 1086 */
@@ -1646,25 +1119,22 @@ static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1646 * 1119 *
1647 * Caller holds tomoyo_read_lock(). 1120 * Caller holds tomoyo_read_lock().
1648 */ 1121 */
1649static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head) 1122static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1650{ 1123{
1651 struct list_head *pos; 1124 if (head->r.eof)
1652 bool done = true; 1125 return;
1653 1126 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1654 if (head->read_eof) 1127 struct tomoyo_domain_info *domain =
1655 return 0; 1128 list_entry(head->r.domain, typeof(*domain), list);
1656 list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) {
1657 struct tomoyo_domain_info *domain;
1658 domain = list_entry(pos, struct tomoyo_domain_info, list);
1659 if (domain->is_deleted) 1129 if (domain->is_deleted)
1660 continue; 1130 continue;
1661 done = tomoyo_io_printf(head, "%u %s\n", domain->profile, 1131 if (!tomoyo_flush(head))
1662 domain->domainname->name); 1132 return;
1663 if (!done) 1133 tomoyo_io_printf(head, "%u ", domain->profile);
1664 break; 1134 tomoyo_set_string(head, domain->domainname->name);
1135 tomoyo_set_lf(head);
1665 } 1136 }
1666 head->read_eof = done; 1137 head->r.eof = true;
1667 return 0;
1668} 1138}
1669 1139
1670/** 1140/**
@@ -1676,11 +1146,7 @@ static int tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1676 */ 1146 */
1677static int tomoyo_write_pid(struct tomoyo_io_buffer *head) 1147static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1678{ 1148{
1679 unsigned long pid; 1149 head->r.eof = false;
1680 /* No error check. */
1681 strict_strtoul(head->write_buf, 10, &pid);
1682 head->read_step = (int) pid;
1683 head->read_eof = false;
1684 return 0; 1150 return 0;
1685} 1151}
1686 1152
@@ -1694,29 +1160,57 @@ static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1694 * The PID is specified by tomoyo_write_pid() so that the user can obtain 1160 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1695 * using read()/write() interface rather than sysctl() interface. 1161 * using read()/write() interface rather than sysctl() interface.
1696 */ 1162 */
1697static int tomoyo_read_pid(struct tomoyo_io_buffer *head) 1163static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
1698{ 1164{
1699 if (head->read_avail == 0 && !head->read_eof) { 1165 char *buf = head->write_buf;
1700 const int pid = head->read_step; 1166 bool global_pid = false;
1701 struct task_struct *p; 1167 unsigned int pid;
1702 struct tomoyo_domain_info *domain = NULL; 1168 struct task_struct *p;
1703 rcu_read_lock(); 1169 struct tomoyo_domain_info *domain = NULL;
1704 read_lock(&tasklist_lock); 1170
1705 p = find_task_by_vpid(pid); 1171 /* Accessing write_buf is safe because head->io_sem is held. */
1706 if (p) 1172 if (!buf) {
1707 domain = tomoyo_real_domain(p); 1173 head->r.eof = true;
1708 read_unlock(&tasklist_lock); 1174 return; /* Do nothing if open(O_RDONLY). */
1709 rcu_read_unlock();
1710 if (domain)
1711 tomoyo_io_printf(head, "%d %u %s", pid, domain->profile,
1712 domain->domainname->name);
1713 head->read_eof = true;
1714 } 1175 }
1715 return 0; 1176 if (head->r.w_pos || head->r.eof)
1177 return;
1178 head->r.eof = true;
1179 if (tomoyo_str_starts(&buf, "global-pid "))
1180 global_pid = true;
1181 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1182 rcu_read_lock();
1183 read_lock(&tasklist_lock);
1184 if (global_pid)
1185 p = find_task_by_pid_ns(pid, &init_pid_ns);
1186 else
1187 p = find_task_by_vpid(pid);
1188 if (p)
1189 domain = tomoyo_real_domain(p);
1190 read_unlock(&tasklist_lock);
1191 rcu_read_unlock();
1192 if (!domain)
1193 return;
1194 tomoyo_io_printf(head, "%u %u ", pid, domain->profile);
1195 tomoyo_set_string(head, domain->domainname->name);
1716} 1196}
1717 1197
1198static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1199 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE]
1200 = TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN,
1201 [TOMOYO_TRANSITION_CONTROL_INITIALIZE]
1202 = TOMOYO_KEYWORD_INITIALIZE_DOMAIN,
1203 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = TOMOYO_KEYWORD_NO_KEEP_DOMAIN,
1204 [TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN
1205};
1206
1207static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1208 [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP,
1209 [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP
1210};
1211
1718/** 1212/**
1719 * tomoyo_write_exception_policy - Write exception policy. 1213 * tomoyo_write_exception - Write exception policy.
1720 * 1214 *
1721 * @head: Pointer to "struct tomoyo_io_buffer". 1215 * @head: Pointer to "struct tomoyo_io_buffer".
1722 * 1216 *
@@ -1724,186 +1218,523 @@ static int tomoyo_read_pid(struct tomoyo_io_buffer *head)
1724 * 1218 *
1725 * Caller holds tomoyo_read_lock(). 1219 * Caller holds tomoyo_read_lock().
1726 */ 1220 */
1727static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head) 1221static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1728{ 1222{
1729 char *data = head->write_buf; 1223 char *data = head->write_buf;
1730 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE); 1224 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1731 1225 u8 i;
1732 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_KEEP_DOMAIN)) 1226 static const struct {
1733 return tomoyo_write_domain_keeper_policy(data, false, 1227 const char *keyword;
1734 is_delete); 1228 int (*write) (char *, const bool);
1735 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_KEEP_DOMAIN)) 1229 } tomoyo_callback[4] = {
1736 return tomoyo_write_domain_keeper_policy(data, true, is_delete); 1230 { TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator },
1737 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_INITIALIZE_DOMAIN)) 1231 { TOMOYO_KEYWORD_FILE_PATTERN, tomoyo_write_pattern },
1738 return tomoyo_write_domain_initializer_policy(data, false, 1232 { TOMOYO_KEYWORD_DENY_REWRITE, tomoyo_write_no_rewrite },
1739 is_delete); 1233 { TOMOYO_KEYWORD_ALLOW_READ, tomoyo_write_globally_readable },
1740 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN)) 1234 };
1741 return tomoyo_write_domain_initializer_policy(data, true, 1235
1742 is_delete); 1236 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1743 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS)) 1237 if (tomoyo_str_starts(&data, tomoyo_transition_type[i]))
1744 return tomoyo_write_alias_policy(data, is_delete); 1238 return tomoyo_write_transition_control(data, is_delete,
1745 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ)) 1239 i);
1746 return tomoyo_write_globally_readable_policy(data, is_delete); 1240 for (i = 0; i < 4; i++)
1747 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN)) 1241 if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword))
1748 return tomoyo_write_pattern_policy(data, is_delete); 1242 return tomoyo_callback[i].write(data, is_delete);
1749 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DENY_REWRITE)) 1243 for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1750 return tomoyo_write_no_rewrite_policy(data, is_delete); 1244 if (tomoyo_str_starts(&data, tomoyo_group_name[i]))
1751 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_PATH_GROUP)) 1245 return tomoyo_write_group(data, is_delete, i);
1752 return tomoyo_write_path_group_policy(data, is_delete);
1753 return -EINVAL; 1246 return -EINVAL;
1754} 1247}
1755 1248
1756/** 1249/**
1757 * tomoyo_read_exception_policy - Read exception policy. 1250 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1758 * 1251 *
1759 * @head: Pointer to "struct tomoyo_io_buffer". 1252 * @head: Pointer to "struct tomoyo_io_buffer".
1253 * @idx: Index number.
1760 * 1254 *
1761 * Returns 0 on success, -EINVAL otherwise. 1255 * Returns true on success, false otherwise.
1762 * 1256 *
1763 * Caller holds tomoyo_read_lock(). 1257 * Caller holds tomoyo_read_lock().
1764 */ 1258 */
1765static int tomoyo_read_exception_policy(struct tomoyo_io_buffer *head) 1259static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1766{ 1260{
1767 if (!head->read_eof) { 1261 list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) {
1768 switch (head->read_step) { 1262 struct tomoyo_group *group =
1769 case 0: 1263 list_entry(head->r.group, typeof(*group), list);
1770 head->read_var2 = NULL; 1264 list_for_each_cookie(head->r.acl, &group->member_list) {
1771 head->read_step = 1; 1265 struct tomoyo_acl_head *ptr =
1772 case 1: 1266 list_entry(head->r.acl, typeof(*ptr), list);
1773 if (!tomoyo_read_domain_keeper_policy(head)) 1267 if (ptr->is_deleted)
1774 break; 1268 continue;
1775 head->read_var2 = NULL; 1269 if (!tomoyo_flush(head))
1776 head->read_step = 2; 1270 return false;
1777 case 2: 1271 tomoyo_set_string(head, tomoyo_group_name[idx]);
1778 if (!tomoyo_read_globally_readable_policy(head)) 1272 tomoyo_set_string(head, group->group_name->name);
1779 break; 1273 if (idx == TOMOYO_PATH_GROUP) {
1780 head->read_var2 = NULL; 1274 tomoyo_set_space(head);
1781 head->read_step = 3; 1275 tomoyo_set_string(head, container_of
1782 case 3: 1276 (ptr, struct tomoyo_path_group,
1783 head->read_var2 = NULL; 1277 head)->member_name->name);
1784 head->read_step = 4; 1278 } else if (idx == TOMOYO_NUMBER_GROUP) {
1785 case 4: 1279 tomoyo_print_number_union(head, &container_of
1786 if (!tomoyo_read_domain_initializer_policy(head)) 1280 (ptr,
1787 break; 1281 struct tomoyo_number_group,
1788 head->read_var2 = NULL; 1282 head)->number);
1789 head->read_step = 5; 1283 }
1790 case 5: 1284 tomoyo_set_lf(head);
1791 if (!tomoyo_read_alias_policy(head)) 1285 }
1792 break; 1286 head->r.acl = NULL;
1793 head->read_var2 = NULL; 1287 }
1794 head->read_step = 6; 1288 head->r.group = NULL;
1795 case 6: 1289 return true;
1796 head->read_var2 = NULL; 1290}
1797 head->read_step = 7; 1291
1798 case 7: 1292/**
1799 if (!tomoyo_read_file_pattern(head)) 1293 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
1800 break; 1294 *
1801 head->read_var2 = NULL; 1295 * @head: Pointer to "struct tomoyo_io_buffer".
1802 head->read_step = 8; 1296 * @idx: Index number.
1803 case 8: 1297 *
1804 if (!tomoyo_read_no_rewrite_policy(head)) 1298 * Returns true on success, false otherwise.
1805 break; 1299 *
1806 head->read_var2 = NULL; 1300 * Caller holds tomoyo_read_lock().
1807 head->read_step = 9; 1301 */
1808 case 9: 1302static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1809 if (!tomoyo_read_path_group_policy(head)) 1303{
1810 break; 1304 list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) {
1811 head->read_var1 = NULL; 1305 struct tomoyo_acl_head *acl =
1812 head->read_var2 = NULL; 1306 container_of(head->r.acl, typeof(*acl), list);
1813 head->read_step = 10; 1307 if (acl->is_deleted)
1814 case 10: 1308 continue;
1815 head->read_eof = true; 1309 if (!tomoyo_flush(head))
1310 return false;
1311 switch (idx) {
1312 case TOMOYO_ID_TRANSITION_CONTROL:
1313 {
1314 struct tomoyo_transition_control *ptr =
1315 container_of(acl, typeof(*ptr), head);
1316 tomoyo_set_string(head,
1317 tomoyo_transition_type
1318 [ptr->type]);
1319 if (ptr->program)
1320 tomoyo_set_string(head,
1321 ptr->program->name);
1322 if (ptr->program && ptr->domainname)
1323 tomoyo_set_string(head, " from ");
1324 if (ptr->domainname)
1325 tomoyo_set_string(head,
1326 ptr->domainname->
1327 name);
1328 }
1329 break;
1330 case TOMOYO_ID_GLOBALLY_READABLE:
1331 {
1332 struct tomoyo_readable_file *ptr =
1333 container_of(acl, typeof(*ptr), head);
1334 tomoyo_set_string(head,
1335 TOMOYO_KEYWORD_ALLOW_READ);
1336 tomoyo_set_string(head, ptr->filename->name);
1337 }
1338 break;
1339 case TOMOYO_ID_AGGREGATOR:
1340 {
1341 struct tomoyo_aggregator *ptr =
1342 container_of(acl, typeof(*ptr), head);
1343 tomoyo_set_string(head,
1344 TOMOYO_KEYWORD_AGGREGATOR);
1345 tomoyo_set_string(head,
1346 ptr->original_name->name);
1347 tomoyo_set_space(head);
1348 tomoyo_set_string(head,
1349 ptr->aggregated_name->name);
1350 }
1351 break;
1352 case TOMOYO_ID_PATTERN:
1353 {
1354 struct tomoyo_no_pattern *ptr =
1355 container_of(acl, typeof(*ptr), head);
1356 tomoyo_set_string(head,
1357 TOMOYO_KEYWORD_FILE_PATTERN);
1358 tomoyo_set_string(head, ptr->pattern->name);
1359 }
1360 break;
1361 case TOMOYO_ID_NO_REWRITE:
1362 {
1363 struct tomoyo_no_rewrite *ptr =
1364 container_of(acl, typeof(*ptr), head);
1365 tomoyo_set_string(head,
1366 TOMOYO_KEYWORD_DENY_REWRITE);
1367 tomoyo_set_string(head, ptr->pattern->name);
1368 }
1816 break; 1369 break;
1817 default: 1370 default:
1818 return -EINVAL; 1371 continue;
1819 } 1372 }
1373 tomoyo_set_lf(head);
1820 } 1374 }
1821 return 0; 1375 head->r.acl = NULL;
1376 return true;
1822} 1377}
1823 1378
1824/* path to policy loader */ 1379/**
1825static const char *tomoyo_loader = "/sbin/tomoyo-init"; 1380 * tomoyo_read_exception - Read exception policy.
1381 *
1382 * @head: Pointer to "struct tomoyo_io_buffer".
1383 *
1384 * Caller holds tomoyo_read_lock().
1385 */
1386static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
1387{
1388 if (head->r.eof)
1389 return;
1390 while (head->r.step < TOMOYO_MAX_POLICY &&
1391 tomoyo_read_policy(head, head->r.step))
1392 head->r.step++;
1393 if (head->r.step < TOMOYO_MAX_POLICY)
1394 return;
1395 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
1396 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY))
1397 head->r.step++;
1398 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
1399 return;
1400 head->r.eof = true;
1401}
1826 1402
1827/** 1403/**
1828 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists. 1404 * tomoyo_print_header - Get header line of audit log.
1405 *
1406 * @r: Pointer to "struct tomoyo_request_info".
1829 * 1407 *
1830 * Returns true if /sbin/tomoyo-init exists, false otherwise. 1408 * Returns string representation.
1409 *
1410 * This function uses kmalloc(), so caller must kfree() if this function
1411 * didn't return NULL.
1831 */ 1412 */
1832static bool tomoyo_policy_loader_exists(void) 1413static char *tomoyo_print_header(struct tomoyo_request_info *r)
1833{ 1414{
1834 /* 1415 struct timeval tv;
1835 * Don't activate MAC if the policy loader doesn't exist. 1416 const pid_t gpid = task_pid_nr(current);
1836 * If the initrd includes /sbin/init but real-root-dev has not 1417 static const int tomoyo_buffer_len = 4096;
1837 * mounted on / yet, activating MAC will block the system since 1418 char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS);
1838 * policies are not loaded yet. 1419 if (!buffer)
1839 * Thus, let do_execve() call this function everytime. 1420 return NULL;
1840 */ 1421 do_gettimeofday(&tv);
1841 struct path path; 1422 snprintf(buffer, tomoyo_buffer_len - 1,
1423 "#timestamp=%lu profile=%u mode=%s (global-pid=%u)"
1424 " task={ pid=%u ppid=%u uid=%u gid=%u euid=%u"
1425 " egid=%u suid=%u sgid=%u fsuid=%u fsgid=%u }",
1426 tv.tv_sec, r->profile, tomoyo_mode[r->mode], gpid,
1427 (pid_t) sys_getpid(), (pid_t) sys_getppid(),
1428 current_uid(), current_gid(), current_euid(),
1429 current_egid(), current_suid(), current_sgid(),
1430 current_fsuid(), current_fsgid());
1431 return buffer;
1432}
1842 1433
1843 if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) { 1434/**
1844 printk(KERN_INFO "Not activating Mandatory Access Control now " 1435 * tomoyo_init_audit_log - Allocate buffer for audit logs.
1845 "since %s doesn't exist.\n", tomoyo_loader); 1436 *
1846 return false; 1437 * @len: Required size.
1438 * @r: Pointer to "struct tomoyo_request_info".
1439 *
1440 * Returns pointer to allocated memory.
1441 *
1442 * The @len is updated to add the header lines' size on success.
1443 *
1444 * This function uses kzalloc(), so caller must kfree() if this function
1445 * didn't return NULL.
1446 */
1447static char *tomoyo_init_audit_log(int *len, struct tomoyo_request_info *r)
1448{
1449 char *buf = NULL;
1450 const char *header;
1451 const char *domainname;
1452 if (!r->domain)
1453 r->domain = tomoyo_domain();
1454 domainname = r->domain->domainname->name;
1455 header = tomoyo_print_header(r);
1456 if (!header)
1457 return NULL;
1458 *len += strlen(domainname) + strlen(header) + 10;
1459 buf = kzalloc(*len, GFP_NOFS);
1460 if (buf)
1461 snprintf(buf, (*len) - 1, "%s\n%s\n", header, domainname);
1462 kfree(header);
1463 return buf;
1464}
1465
1466/* Wait queue for tomoyo_query_list. */
1467static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait);
1468
1469/* Lock for manipulating tomoyo_query_list. */
1470static DEFINE_SPINLOCK(tomoyo_query_list_lock);
1471
1472/* Structure for query. */
1473struct tomoyo_query {
1474 struct list_head list;
1475 char *query;
1476 int query_len;
1477 unsigned int serial;
1478 int timer;
1479 int answer;
1480};
1481
1482/* The list for "struct tomoyo_query". */
1483static LIST_HEAD(tomoyo_query_list);
1484
1485/*
1486 * Number of "struct file" referring /sys/kernel/security/tomoyo/query
1487 * interface.
1488 */
1489static atomic_t tomoyo_query_observers = ATOMIC_INIT(0);
1490
1491/**
1492 * tomoyo_supervisor - Ask for the supervisor's decision.
1493 *
1494 * @r: Pointer to "struct tomoyo_request_info".
1495 * @fmt: The printf()'s format string, followed by parameters.
1496 *
1497 * Returns 0 if the supervisor decided to permit the access request which
1498 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the
1499 * supervisor decided to retry the access request which violated the policy in
1500 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise.
1501 */
1502int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1503{
1504 va_list args;
1505 int error = -EPERM;
1506 int pos;
1507 int len;
1508 static unsigned int tomoyo_serial;
1509 struct tomoyo_query *entry = NULL;
1510 bool quota_exceeded = false;
1511 char *header;
1512 switch (r->mode) {
1513 char *buffer;
1514 case TOMOYO_CONFIG_LEARNING:
1515 if (!tomoyo_domain_quota_is_ok(r))
1516 return 0;
1517 va_start(args, fmt);
1518 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4;
1519 va_end(args);
1520 buffer = kmalloc(len, GFP_NOFS);
1521 if (!buffer)
1522 return 0;
1523 va_start(args, fmt);
1524 vsnprintf(buffer, len - 1, fmt, args);
1525 va_end(args);
1526 tomoyo_normalize_line(buffer);
1527 tomoyo_write_domain2(buffer, r->domain, false);
1528 kfree(buffer);
1529 /* fall through */
1530 case TOMOYO_CONFIG_PERMISSIVE:
1531 return 0;
1847 } 1532 }
1848 path_put(&path); 1533 if (!r->domain)
1849 return true; 1534 r->domain = tomoyo_domain();
1535 if (!atomic_read(&tomoyo_query_observers))
1536 return -EPERM;
1537 va_start(args, fmt);
1538 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
1539 va_end(args);
1540 header = tomoyo_init_audit_log(&len, r);
1541 if (!header)
1542 goto out;
1543 entry = kzalloc(sizeof(*entry), GFP_NOFS);
1544 if (!entry)
1545 goto out;
1546 entry->query = kzalloc(len, GFP_NOFS);
1547 if (!entry->query)
1548 goto out;
1549 len = ksize(entry->query);
1550 spin_lock(&tomoyo_query_list_lock);
1551 if (tomoyo_quota_for_query && tomoyo_query_memory_size + len +
1552 sizeof(*entry) >= tomoyo_quota_for_query) {
1553 quota_exceeded = true;
1554 } else {
1555 tomoyo_query_memory_size += len + sizeof(*entry);
1556 entry->serial = tomoyo_serial++;
1557 }
1558 spin_unlock(&tomoyo_query_list_lock);
1559 if (quota_exceeded)
1560 goto out;
1561 pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s",
1562 entry->serial, r->retry, header);
1563 kfree(header);
1564 header = NULL;
1565 va_start(args, fmt);
1566 vsnprintf(entry->query + pos, len - 1 - pos, fmt, args);
1567 entry->query_len = strlen(entry->query) + 1;
1568 va_end(args);
1569 spin_lock(&tomoyo_query_list_lock);
1570 list_add_tail(&entry->list, &tomoyo_query_list);
1571 spin_unlock(&tomoyo_query_list_lock);
1572 /* Give 10 seconds for supervisor's opinion. */
1573 for (entry->timer = 0;
1574 atomic_read(&tomoyo_query_observers) && entry->timer < 100;
1575 entry->timer++) {
1576 wake_up(&tomoyo_query_wait);
1577 set_current_state(TASK_INTERRUPTIBLE);
1578 schedule_timeout(HZ / 10);
1579 if (entry->answer)
1580 break;
1581 }
1582 spin_lock(&tomoyo_query_list_lock);
1583 list_del(&entry->list);
1584 tomoyo_query_memory_size -= len + sizeof(*entry);
1585 spin_unlock(&tomoyo_query_list_lock);
1586 switch (entry->answer) {
1587 case 3: /* Asked to retry by administrator. */
1588 error = TOMOYO_RETRY_REQUEST;
1589 r->retry++;
1590 break;
1591 case 1:
1592 /* Granted by administrator. */
1593 error = 0;
1594 break;
1595 case 0:
1596 /* Timed out. */
1597 break;
1598 default:
1599 /* Rejected by administrator. */
1600 break;
1601 }
1602 out:
1603 if (entry)
1604 kfree(entry->query);
1605 kfree(entry);
1606 kfree(header);
1607 return error;
1850} 1608}
1851 1609
1852/** 1610/**
1853 * tomoyo_load_policy - Run external policy loader to load policy. 1611 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query.
1854 * 1612 *
1855 * @filename: The program about to start. 1613 * @file: Pointer to "struct file".
1614 * @wait: Pointer to "poll_table".
1856 * 1615 *
1857 * This function checks whether @filename is /sbin/init , and if so 1616 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
1858 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
1859 * and then continues invocation of /sbin/init.
1860 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
1861 * writes to /sys/kernel/security/tomoyo/ interfaces.
1862 * 1617 *
1863 * Returns nothing. 1618 * Waits for access requests which violated policy in enforcing mode.
1864 */ 1619 */
1865void tomoyo_load_policy(const char *filename) 1620static int tomoyo_poll_query(struct file *file, poll_table *wait)
1866{ 1621{
1867 char *argv[2]; 1622 struct list_head *tmp;
1868 char *envp[3]; 1623 bool found = false;
1624 u8 i;
1625 for (i = 0; i < 2; i++) {
1626 spin_lock(&tomoyo_query_list_lock);
1627 list_for_each(tmp, &tomoyo_query_list) {
1628 struct tomoyo_query *ptr =
1629 list_entry(tmp, typeof(*ptr), list);
1630 if (ptr->answer)
1631 continue;
1632 found = true;
1633 break;
1634 }
1635 spin_unlock(&tomoyo_query_list_lock);
1636 if (found)
1637 return POLLIN | POLLRDNORM;
1638 if (i)
1639 break;
1640 poll_wait(file, &tomoyo_query_wait, wait);
1641 }
1642 return 0;
1643}
1869 1644
1870 if (tomoyo_policy_loaded) 1645/**
1646 * tomoyo_read_query - Read access requests which violated policy in enforcing mode.
1647 *
1648 * @head: Pointer to "struct tomoyo_io_buffer".
1649 */
1650static void tomoyo_read_query(struct tomoyo_io_buffer *head)
1651{
1652 struct list_head *tmp;
1653 int pos = 0;
1654 int len = 0;
1655 char *buf;
1656 if (head->r.w_pos)
1871 return; 1657 return;
1872 /* 1658 if (head->read_buf) {
1873 * Check filename is /sbin/init or /sbin/tomoyo-start. 1659 kfree(head->read_buf);
1874 * /sbin/tomoyo-start is a dummy filename in case where /sbin/init can't 1660 head->read_buf = NULL;
1875 * be passed. 1661 }
1876 * You can create /sbin/tomoyo-start by 1662 spin_lock(&tomoyo_query_list_lock);
1877 * "ln -s /bin/true /sbin/tomoyo-start". 1663 list_for_each(tmp, &tomoyo_query_list) {
1878 */ 1664 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1879 if (strcmp(filename, "/sbin/init") && 1665 if (ptr->answer)
1880 strcmp(filename, "/sbin/tomoyo-start")) 1666 continue;
1667 if (pos++ != head->r.query_index)
1668 continue;
1669 len = ptr->query_len;
1670 break;
1671 }
1672 spin_unlock(&tomoyo_query_list_lock);
1673 if (!len) {
1674 head->r.query_index = 0;
1881 return; 1675 return;
1882 if (!tomoyo_policy_loader_exists()) 1676 }
1677 buf = kzalloc(len, GFP_NOFS);
1678 if (!buf)
1883 return; 1679 return;
1680 pos = 0;
1681 spin_lock(&tomoyo_query_list_lock);
1682 list_for_each(tmp, &tomoyo_query_list) {
1683 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1684 if (ptr->answer)
1685 continue;
1686 if (pos++ != head->r.query_index)
1687 continue;
1688 /*
1689 * Some query can be skipped because tomoyo_query_list
1690 * can change, but I don't care.
1691 */
1692 if (len == ptr->query_len)
1693 memmove(buf, ptr->query, len);
1694 break;
1695 }
1696 spin_unlock(&tomoyo_query_list_lock);
1697 if (buf[0]) {
1698 head->read_buf = buf;
1699 head->r.w[head->r.w_pos++] = buf;
1700 head->r.query_index++;
1701 } else {
1702 kfree(buf);
1703 }
1704}
1884 1705
1885 printk(KERN_INFO "Calling %s to load policy. Please wait.\n", 1706/**
1886 tomoyo_loader); 1707 * tomoyo_write_answer - Write the supervisor's decision.
1887 argv[0] = (char *) tomoyo_loader; 1708 *
1888 argv[1] = NULL; 1709 * @head: Pointer to "struct tomoyo_io_buffer".
1889 envp[0] = "HOME=/"; 1710 *
1890 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; 1711 * Returns 0 on success, -EINVAL otherwise.
1891 envp[2] = NULL; 1712 */
1892 call_usermodehelper(argv[0], argv, envp, 1); 1713static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
1893 1714{
1894 printk(KERN_INFO "TOMOYO: 2.2.0 2009/04/01\n"); 1715 char *data = head->write_buf;
1895 printk(KERN_INFO "Mandatory Access Control activated.\n"); 1716 struct list_head *tmp;
1896 tomoyo_policy_loaded = true; 1717 unsigned int serial;
1897 { /* Check all profiles currently assigned to domains are defined. */ 1718 unsigned int answer;
1898 struct tomoyo_domain_info *domain; 1719 spin_lock(&tomoyo_query_list_lock);
1899 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1720 list_for_each(tmp, &tomoyo_query_list) {
1900 const u8 profile = domain->profile; 1721 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1901 if (tomoyo_profile_ptr[profile]) 1722 ptr->timer = 0;
1902 continue; 1723 }
1903 panic("Profile %u (used by '%s') not defined.\n", 1724 spin_unlock(&tomoyo_query_list_lock);
1904 profile, domain->domainname->name); 1725 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
1905 } 1726 return -EINVAL;
1727 spin_lock(&tomoyo_query_list_lock);
1728 list_for_each(tmp, &tomoyo_query_list) {
1729 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1730 if (ptr->serial != serial)
1731 continue;
1732 if (!ptr->answer)
1733 ptr->answer = answer;
1734 break;
1906 } 1735 }
1736 spin_unlock(&tomoyo_query_list_lock);
1737 return 0;
1907} 1738}
1908 1739
1909/** 1740/**
@@ -1913,13 +1744,12 @@ void tomoyo_load_policy(const char *filename)
1913 * 1744 *
1914 * Returns version information. 1745 * Returns version information.
1915 */ 1746 */
1916static int tomoyo_read_version(struct tomoyo_io_buffer *head) 1747static void tomoyo_read_version(struct tomoyo_io_buffer *head)
1917{ 1748{
1918 if (!head->read_eof) { 1749 if (!head->r.eof) {
1919 tomoyo_io_printf(head, "2.2.0"); 1750 tomoyo_io_printf(head, "2.3.0");
1920 head->read_eof = true; 1751 head->r.eof = true;
1921 } 1752 }
1922 return 0;
1923} 1753}
1924 1754
1925/** 1755/**
@@ -1929,18 +1759,17 @@ static int tomoyo_read_version(struct tomoyo_io_buffer *head)
1929 * 1759 *
1930 * Returns the current process's domainname. 1760 * Returns the current process's domainname.
1931 */ 1761 */
1932static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head) 1762static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1933{ 1763{
1934 if (!head->read_eof) { 1764 if (!head->r.eof) {
1935 /* 1765 /*
1936 * tomoyo_domain()->domainname != NULL 1766 * tomoyo_domain()->domainname != NULL
1937 * because every process belongs to a domain and 1767 * because every process belongs to a domain and
1938 * the domain's name cannot be NULL. 1768 * the domain's name cannot be NULL.
1939 */ 1769 */
1940 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name); 1770 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1941 head->read_eof = true; 1771 head->r.eof = true;
1942 } 1772 }
1943 return 0;
1944} 1773}
1945 1774
1946/** 1775/**
@@ -1953,23 +1782,24 @@ static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1953 * 1782 *
1954 * Caller acquires tomoyo_read_lock(). 1783 * Caller acquires tomoyo_read_lock().
1955 */ 1784 */
1956static int tomoyo_open_control(const u8 type, struct file *file) 1785int tomoyo_open_control(const u8 type, struct file *file)
1957{ 1786{
1958 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS); 1787 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS);
1959 1788
1960 if (!head) 1789 if (!head)
1961 return -ENOMEM; 1790 return -ENOMEM;
1962 mutex_init(&head->io_sem); 1791 mutex_init(&head->io_sem);
1792 head->type = type;
1963 switch (type) { 1793 switch (type) {
1964 case TOMOYO_DOMAINPOLICY: 1794 case TOMOYO_DOMAINPOLICY:
1965 /* /sys/kernel/security/tomoyo/domain_policy */ 1795 /* /sys/kernel/security/tomoyo/domain_policy */
1966 head->write = tomoyo_write_domain_policy; 1796 head->write = tomoyo_write_domain;
1967 head->read = tomoyo_read_domain_policy; 1797 head->read = tomoyo_read_domain;
1968 break; 1798 break;
1969 case TOMOYO_EXCEPTIONPOLICY: 1799 case TOMOYO_EXCEPTIONPOLICY:
1970 /* /sys/kernel/security/tomoyo/exception_policy */ 1800 /* /sys/kernel/security/tomoyo/exception_policy */
1971 head->write = tomoyo_write_exception_policy; 1801 head->write = tomoyo_write_exception;
1972 head->read = tomoyo_read_exception_policy; 1802 head->read = tomoyo_read_exception;
1973 break; 1803 break;
1974 case TOMOYO_SELFDOMAIN: 1804 case TOMOYO_SELFDOMAIN:
1975 /* /sys/kernel/security/tomoyo/self_domain */ 1805 /* /sys/kernel/security/tomoyo/self_domain */
@@ -2001,10 +1831,15 @@ static int tomoyo_open_control(const u8 type, struct file *file)
2001 head->write = tomoyo_write_profile; 1831 head->write = tomoyo_write_profile;
2002 head->read = tomoyo_read_profile; 1832 head->read = tomoyo_read_profile;
2003 break; 1833 break;
1834 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */
1835 head->poll = tomoyo_poll_query;
1836 head->write = tomoyo_write_answer;
1837 head->read = tomoyo_read_query;
1838 break;
2004 case TOMOYO_MANAGER: 1839 case TOMOYO_MANAGER:
2005 /* /sys/kernel/security/tomoyo/manager */ 1840 /* /sys/kernel/security/tomoyo/manager */
2006 head->write = tomoyo_write_manager_policy; 1841 head->write = tomoyo_write_manager;
2007 head->read = tomoyo_read_manager_policy; 1842 head->read = tomoyo_read_manager;
2008 break; 1843 break;
2009 } 1844 }
2010 if (!(file->f_mode & FMODE_READ)) { 1845 if (!(file->f_mode & FMODE_READ)) {
@@ -2013,7 +1848,9 @@ static int tomoyo_open_control(const u8 type, struct file *file)
2013 * for reading. 1848 * for reading.
2014 */ 1849 */
2015 head->read = NULL; 1850 head->read = NULL;
2016 } else { 1851 head->poll = NULL;
1852 } else if (!head->poll) {
1853 /* Don't allocate read_buf for poll() access. */
2017 if (!head->readbuf_size) 1854 if (!head->readbuf_size)
2018 head->readbuf_size = 4096 * 2; 1855 head->readbuf_size = 4096 * 2;
2019 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS); 1856 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS);
@@ -2037,7 +1874,8 @@ static int tomoyo_open_control(const u8 type, struct file *file)
2037 return -ENOMEM; 1874 return -ENOMEM;
2038 } 1875 }
2039 } 1876 }
2040 head->reader_idx = tomoyo_read_lock(); 1877 if (type != TOMOYO_QUERY)
1878 head->reader_idx = tomoyo_read_lock();
2041 file->private_data = head; 1879 file->private_data = head;
2042 /* 1880 /*
2043 * Call the handler now if the file is 1881 * Call the handler now if the file is
@@ -2048,10 +1886,35 @@ static int tomoyo_open_control(const u8 type, struct file *file)
2048 */ 1886 */
2049 if (type == TOMOYO_SELFDOMAIN) 1887 if (type == TOMOYO_SELFDOMAIN)
2050 tomoyo_read_control(file, NULL, 0); 1888 tomoyo_read_control(file, NULL, 0);
1889 /*
1890 * If the file is /sys/kernel/security/tomoyo/query , increment the
1891 * observer counter.
1892 * The obserber counter is used by tomoyo_supervisor() to see if
1893 * there is some process monitoring /sys/kernel/security/tomoyo/query.
1894 */
1895 else if (type == TOMOYO_QUERY)
1896 atomic_inc(&tomoyo_query_observers);
2051 return 0; 1897 return 0;
2052} 1898}
2053 1899
2054/** 1900/**
1901 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
1902 *
1903 * @file: Pointer to "struct file".
1904 * @wait: Pointer to "poll_table".
1905 *
1906 * Waits for read readiness.
1907 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd .
1908 */
1909int tomoyo_poll_control(struct file *file, poll_table *wait)
1910{
1911 struct tomoyo_io_buffer *head = file->private_data;
1912 if (!head->poll)
1913 return -ENOSYS;
1914 return head->poll(file, wait);
1915}
1916
1917/**
2055 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface. 1918 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
2056 * 1919 *
2057 * @file: Pointer to "struct file". 1920 * @file: Pointer to "struct file".
@@ -2062,36 +1925,23 @@ static int tomoyo_open_control(const u8 type, struct file *file)
2062 * 1925 *
2063 * Caller holds tomoyo_read_lock(). 1926 * Caller holds tomoyo_read_lock().
2064 */ 1927 */
2065static int tomoyo_read_control(struct file *file, char __user *buffer, 1928int tomoyo_read_control(struct file *file, char __user *buffer,
2066 const int buffer_len) 1929 const int buffer_len)
2067{ 1930{
2068 int len = 0; 1931 int len;
2069 struct tomoyo_io_buffer *head = file->private_data; 1932 struct tomoyo_io_buffer *head = file->private_data;
2070 char *cp;
2071 1933
2072 if (!head->read) 1934 if (!head->read)
2073 return -ENOSYS; 1935 return -ENOSYS;
2074 if (mutex_lock_interruptible(&head->io_sem)) 1936 if (mutex_lock_interruptible(&head->io_sem))
2075 return -EINTR; 1937 return -EINTR;
2076 /* Call the policy handler. */ 1938 head->read_user_buf = buffer;
2077 len = head->read(head); 1939 head->read_user_buf_avail = buffer_len;
2078 if (len < 0) 1940 if (tomoyo_flush(head))
2079 goto out; 1941 /* Call the policy handler. */
2080 /* Write to buffer. */ 1942 head->read(head);
2081 len = head->read_avail; 1943 tomoyo_flush(head);
2082 if (len > buffer_len) 1944 len = head->read_user_buf - buffer;
2083 len = buffer_len;
2084 if (!len)
2085 goto out;
2086 /* head->read_buf changes by some functions. */
2087 cp = head->read_buf;
2088 if (copy_to_user(buffer, cp, len)) {
2089 len = -EFAULT;
2090 goto out;
2091 }
2092 head->read_avail -= len;
2093 memmove(cp, cp + len, head->read_avail);
2094 out:
2095 mutex_unlock(&head->io_sem); 1945 mutex_unlock(&head->io_sem);
2096 return len; 1946 return len;
2097} 1947}
@@ -2107,8 +1957,8 @@ static int tomoyo_read_control(struct file *file, char __user *buffer,
2107 * 1957 *
2108 * Caller holds tomoyo_read_lock(). 1958 * Caller holds tomoyo_read_lock().
2109 */ 1959 */
2110static int tomoyo_write_control(struct file *file, const char __user *buffer, 1960int tomoyo_write_control(struct file *file, const char __user *buffer,
2111 const int buffer_len) 1961 const int buffer_len)
2112{ 1962{
2113 struct tomoyo_io_buffer *head = file->private_data; 1963 struct tomoyo_io_buffer *head = file->private_data;
2114 int error = buffer_len; 1964 int error = buffer_len;
@@ -2121,8 +1971,7 @@ static int tomoyo_write_control(struct file *file, const char __user *buffer,
2121 return -EFAULT; 1971 return -EFAULT;
2122 /* Don't allow updating policies by non manager programs. */ 1972 /* Don't allow updating policies by non manager programs. */
2123 if (head->write != tomoyo_write_pid && 1973 if (head->write != tomoyo_write_pid &&
2124 head->write != tomoyo_write_domain_policy && 1974 head->write != tomoyo_write_domain && !tomoyo_manager())
2125 !tomoyo_is_policy_manager())
2126 return -EPERM; 1975 return -EPERM;
2127 if (mutex_lock_interruptible(&head->io_sem)) 1976 if (mutex_lock_interruptible(&head->io_sem))
2128 return -EINTR; 1977 return -EINTR;
@@ -2159,12 +2008,19 @@ static int tomoyo_write_control(struct file *file, const char __user *buffer,
2159 * 2008 *
2160 * Caller looses tomoyo_read_lock(). 2009 * Caller looses tomoyo_read_lock().
2161 */ 2010 */
2162static int tomoyo_close_control(struct file *file) 2011int tomoyo_close_control(struct file *file)
2163{ 2012{
2164 struct tomoyo_io_buffer *head = file->private_data; 2013 struct tomoyo_io_buffer *head = file->private_data;
2165 const bool is_write = !!head->write_buf; 2014 const bool is_write = !!head->write_buf;
2166 2015
2167 tomoyo_read_unlock(head->reader_idx); 2016 /*
2017 * If the file is /sys/kernel/security/tomoyo/query , decrement the
2018 * observer counter.
2019 */
2020 if (head->type == TOMOYO_QUERY)
2021 atomic_dec(&tomoyo_query_observers);
2022 else
2023 tomoyo_read_unlock(head->reader_idx);
2168 /* Release memory used for policy I/O. */ 2024 /* Release memory used for policy I/O. */
2169 kfree(head->read_buf); 2025 kfree(head->read_buf);
2170 head->read_buf = NULL; 2026 head->read_buf = NULL;
@@ -2179,129 +2035,25 @@ static int tomoyo_close_control(struct file *file)
2179} 2035}
2180 2036
2181/** 2037/**
2182 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. 2038 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined.
2183 *
2184 * @inode: Pointer to "struct inode".
2185 * @file: Pointer to "struct file".
2186 *
2187 * Returns 0 on success, negative value otherwise.
2188 */
2189static int tomoyo_open(struct inode *inode, struct file *file)
2190{
2191 const int key = ((u8 *) file->f_path.dentry->d_inode->i_private)
2192 - ((u8 *) NULL);
2193 return tomoyo_open_control(key, file);
2194}
2195
2196/**
2197 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
2198 *
2199 * @inode: Pointer to "struct inode".
2200 * @file: Pointer to "struct file".
2201 *
2202 * Returns 0 on success, negative value otherwise.
2203 */
2204static int tomoyo_release(struct inode *inode, struct file *file)
2205{
2206 return tomoyo_close_control(file);
2207}
2208
2209/**
2210 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
2211 *
2212 * @file: Pointer to "struct file".
2213 * @buf: Pointer to buffer.
2214 * @count: Size of @buf.
2215 * @ppos: Unused.
2216 *
2217 * Returns bytes read on success, negative value otherwise.
2218 */ 2039 */
2219static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, 2040void tomoyo_check_profile(void)
2220 loff_t *ppos)
2221{ 2041{
2222 return tomoyo_read_control(file, buf, count); 2042 struct tomoyo_domain_info *domain;
2223} 2043 const int idx = tomoyo_read_lock();
2224 2044 tomoyo_policy_loaded = true;
2225/** 2045 /* Check all profiles currently assigned to domains are defined. */
2226 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. 2046 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
2227 * 2047 const u8 profile = domain->profile;
2228 * @file: Pointer to "struct file". 2048 if (tomoyo_profile_ptr[profile])
2229 * @buf: Pointer to buffer. 2049 continue;
2230 * @count: Size of @buf. 2050 panic("Profile %u (used by '%s') not defined.\n",
2231 * @ppos: Unused. 2051 profile, domain->domainname->name);
2232 * 2052 }
2233 * Returns @count on success, negative value otherwise. 2053 tomoyo_read_unlock(idx);
2234 */ 2054 if (tomoyo_profile_version != 20090903)
2235static ssize_t tomoyo_write(struct file *file, const char __user *buf, 2055 panic("Profile version %u is not supported.\n",
2236 size_t count, loff_t *ppos) 2056 tomoyo_profile_version);
2237{ 2057 printk(KERN_INFO "TOMOYO: 2.3.0\n");
2238 return tomoyo_write_control(file, buf, count); 2058 printk(KERN_INFO "Mandatory Access Control activated.\n");
2239}
2240
2241/*
2242 * tomoyo_operations is a "struct file_operations" which is used for handling
2243 * /sys/kernel/security/tomoyo/ interface.
2244 *
2245 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
2246 * See tomoyo_io_buffer for internals.
2247 */
2248static const struct file_operations tomoyo_operations = {
2249 .open = tomoyo_open,
2250 .release = tomoyo_release,
2251 .read = tomoyo_read,
2252 .write = tomoyo_write,
2253};
2254
2255/**
2256 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
2257 *
2258 * @name: The name of the interface file.
2259 * @mode: The permission of the interface file.
2260 * @parent: The parent directory.
2261 * @key: Type of interface.
2262 *
2263 * Returns nothing.
2264 */
2265static void __init tomoyo_create_entry(const char *name, const mode_t mode,
2266 struct dentry *parent, const u8 key)
2267{
2268 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
2269 &tomoyo_operations);
2270}
2271
2272/**
2273 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
2274 *
2275 * Returns 0.
2276 */
2277static int __init tomoyo_initerface_init(void)
2278{
2279 struct dentry *tomoyo_dir;
2280
2281 /* Don't create securityfs entries unless registered. */
2282 if (current_cred()->security != &tomoyo_kernel_domain)
2283 return 0;
2284
2285 tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
2286 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
2287 TOMOYO_DOMAINPOLICY);
2288 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
2289 TOMOYO_EXCEPTIONPOLICY);
2290 tomoyo_create_entry("self_domain", 0400, tomoyo_dir,
2291 TOMOYO_SELFDOMAIN);
2292 tomoyo_create_entry(".domain_status", 0600, tomoyo_dir,
2293 TOMOYO_DOMAIN_STATUS);
2294 tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
2295 TOMOYO_PROCESS_STATUS);
2296 tomoyo_create_entry("meminfo", 0600, tomoyo_dir,
2297 TOMOYO_MEMINFO);
2298 tomoyo_create_entry("profile", 0600, tomoyo_dir,
2299 TOMOYO_PROFILE);
2300 tomoyo_create_entry("manager", 0600, tomoyo_dir,
2301 TOMOYO_MANAGER);
2302 tomoyo_create_entry("version", 0400, tomoyo_dir,
2303 TOMOYO_VERSION);
2304 return 0;
2305} 2059}
2306
2307fs_initcall(tomoyo_initerface_init);
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-13 14:12:32 -0500