TOMOYO: Rename meminfo to stat and show more statistics.

Show statistics such as last policy update time and last policy violation time in addition to memory usage. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2011-06-26 10:21:50 -0400
committer: James Morris <jmorris@namei.org> 2011-06-28 19:31:22 -0400
commit: b22b8b9fd90eecfb7133e56b4e113595f09f4492 (patch)
tree: 6e15e497a05aa219c598b8b8690fbdb5ae5f0b0a /security/tomoyo/common.c
parent: 2c47ab9353242b0f061959318f83c55360b88fa4 (diff)
1 files changed, 122 insertions, 7 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 6402183e2a6b..7bc0d1d95867 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1584,8 +1584,9 @@ static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header)
                return;
        snprintf(buffer, len - 1, "%s", cp);
        tomoyo_normalize_line(buffer);
-        tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer,
+        if (!tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer,
-                             false);
+                                  false))
+                tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
        kfree(buffer);
 }
@@ -1618,6 +1619,8 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
        /* Nothing more to do if granted. */
        if (r->granted)
                return 0;
+        if (r->mode)
+                tomoyo_update_stat(r->mode);
        switch (r->mode) {
        case TOMOYO_CONFIG_ENFORCING:
                error = -EPERM;
@@ -1857,6 +1860,104 @@ static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
        }
 }
+/* String table for /sys/kernel/security/tomoyo/stat interface. */
+static const char * const tomoyo_policy_headers[TOMOYO_MAX_POLICY_STAT] = {
+        [TOMOYO_STAT_POLICY_UPDATES]    = "update:",
+        [TOMOYO_STAT_POLICY_LEARNING]   = "violation in learning mode:",
+        [TOMOYO_STAT_POLICY_PERMISSIVE] = "violation in permissive mode:",
+        [TOMOYO_STAT_POLICY_ENFORCING]  = "violation in enforcing mode:",
+};
+/* String table for /sys/kernel/security/tomoyo/stat interface. */
+static const char * const tomoyo_memory_headers[TOMOYO_MAX_MEMORY_STAT] = {
+        [TOMOYO_MEMORY_POLICY] = "policy:",
+        [TOMOYO_MEMORY_AUDIT]  = "audit log:",
+        [TOMOYO_MEMORY_QUERY]  = "query message:",
+};
+/* Timestamp counter for last updated. */
+static unsigned int tomoyo_stat_updated[TOMOYO_MAX_POLICY_STAT];
+/* Counter for number of updates. */
+static unsigned int tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT];
+/**
+ * tomoyo_update_stat - Update statistic counters.
+ *
+ * @index: Index for policy type.
+ *
+ * Returns nothing.
+ */
+void tomoyo_update_stat(const u8 index)
+{
+        struct timeval tv;
+        do_gettimeofday(&tv);
+        /*
+         * I don't use atomic operations because race condition is not fatal.
+         */
+        tomoyo_stat_updated[index]++;
+        tomoyo_stat_modified[index] = tv.tv_sec;
+}
+/**
+ * tomoyo_read_stat - Read statistic data.
+ *
+ * @head: Pointer to "struct tomoyo_io_buffer".
+ *
+ * Returns nothing.
+ */
+static void tomoyo_read_stat(struct tomoyo_io_buffer *head)
+{
+        u8 i;
+        unsigned int total = 0;
+        if (head->r.eof)
+                return;
+        for (i = 0; i < TOMOYO_MAX_POLICY_STAT; i++) {
+                tomoyo_io_printf(head, "Policy %-30s %10u",
+                                 tomoyo_policy_headers[i],
+                                 tomoyo_stat_updated[i]);
+                if (tomoyo_stat_modified[i]) {
+                        struct tomoyo_time stamp;
+                        tomoyo_convert_time(tomoyo_stat_modified[i], &stamp);
+                        tomoyo_io_printf(head, " (Last: %04u/%02u/%02u "
+                                         "%02u:%02u:%02u)",
+                                         stamp.year, stamp.month, stamp.day,
+                                         stamp.hour, stamp.min, stamp.sec);
+                }
+                tomoyo_set_lf(head);
+        }
+        for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) {
+                unsigned int used = tomoyo_memory_used[i];
+                total += used;
+                tomoyo_io_printf(head, "Memory used by %-22s %10u",
+                                 tomoyo_memory_headers[i], used);
+                used = tomoyo_memory_quota[i];
+                if (used)
+                        tomoyo_io_printf(head, " (Quota: %10u)", used);
+                tomoyo_set_lf(head);
+        }
+        tomoyo_io_printf(head, "Total memory used:                    %10u\n",
+                         total);
+        head->r.eof = true;
+}
+/**
+ * tomoyo_write_stat - Set memory quota.
+ *
+ * @head: Pointer to "struct tomoyo_io_buffer".
+ *
+ * Returns 0.
+ */
+static int tomoyo_write_stat(struct tomoyo_io_buffer *head)
+{
+        char *data = head->write_buf;
+        u8 i;
+        if (tomoyo_str_starts(&data, "Memory used by "))
+                for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++)
+                        if (tomoyo_str_starts(&data, tomoyo_memory_headers[i]))
+                                sscanf(data, "%u", &tomoyo_memory_quota[i]);
+        return 0;
+}
 /**
 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
 *
@@ -1908,11 +2009,11 @@ int tomoyo_open_control(const u8 type, struct file *file)
                head->read = tomoyo_read_version;
                head->readbuf_size = 128;
                break;
-        case TOMOYO_MEMINFO:
+        case TOMOYO_STAT:
-                /* /sys/kernel/security/tomoyo/meminfo */
+                /* /sys/kernel/security/tomoyo/stat */
-                head->write = tomoyo_write_memory_quota;
+                head->write = tomoyo_write_stat;
-                head->read = tomoyo_read_memory_counter;
+                head->read = tomoyo_read_stat;
-                head->readbuf_size = 512;
+                head->readbuf_size = 1024;
                break;
        case TOMOYO_PROFILE:
                /* /sys/kernel/security/tomoyo/profile */
@@ -2186,6 +2287,20 @@ ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
                case -EPERM:
                        error = -EPERM;
                        goto out;
+                case 0:
+                        switch (head->type) {
+                        case TOMOYO_DOMAINPOLICY:
+                        case TOMOYO_EXCEPTIONPOLICY:
+                        case TOMOYO_DOMAIN_STATUS:
+                        case TOMOYO_STAT:
+                        case TOMOYO_PROFILE:
+                        case TOMOYO_MANAGER:
+                                tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
+                                break;
+                        default:
+                                break;
+                        }
+                        break;
                }
        }
 out:
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2011-06-26 10:21:50 -0400
committer	James Morris <jmorris@namei.org>	2011-06-28 19:31:22 -0400
commit	b22b8b9fd90eecfb7133e56b4e113595f09f4492 (patch)
tree	6e15e497a05aa219c598b8b8690fbdb5ae5f0b0a /security/tomoyo/common.c
parent	2c47ab9353242b0f061959318f83c55360b88fa4 (diff)

diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 6402183e2a6b..7bc0d1d95867 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c
@@ -1584,8 +1584,9 @@ static void tomoyo_add_entry(struct tomoyo_domain_info domain, char header)
1584	return;	1584	return;
1585	snprintf(buffer, len - 1, "%s", cp);	1585	snprintf(buffer, len - 1, "%s", cp);
1586	tomoyo_normalize_line(buffer);	1586	tomoyo_normalize_line(buffer);
1587	tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer,	1587	if (!tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer,
1588	false);	1588	false))
		1589	tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
1589	kfree(buffer);	1590	kfree(buffer);
1590	}	1591	}
1591		1592
@@ -1618,6 +1619,8 @@ int tomoyo_supervisor(struct tomoyo_request_info r, const char fmt, ...)
1618	/* Nothing more to do if granted. */	1619	/* Nothing more to do if granted. */
1619	if (r->granted)	1620	if (r->granted)
1620	return 0;	1621	return 0;
		1622	if (r->mode)
		1623	tomoyo_update_stat(r->mode);
1621	switch (r->mode) {	1624	switch (r->mode) {
1622	case TOMOYO_CONFIG_ENFORCING:	1625	case TOMOYO_CONFIG_ENFORCING:
1623	error = -EPERM;	1626	error = -EPERM;
@@ -1857,6 +1860,104 @@ static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1857	}	1860	}
1858	}	1861	}
1859		1862
		1863	/* String table for /sys/kernel/security/tomoyo/stat interface. */
		1864	static const char * const tomoyo_policy_headers[TOMOYO_MAX_POLICY_STAT] = {
		1865	[TOMOYO_STAT_POLICY_UPDATES] = "update:",
		1866	[TOMOYO_STAT_POLICY_LEARNING] = "violation in learning mode:",
		1867	[TOMOYO_STAT_POLICY_PERMISSIVE] = "violation in permissive mode:",
		1868	[TOMOYO_STAT_POLICY_ENFORCING] = "violation in enforcing mode:",
		1869	};
		1870
		1871	/* String table for /sys/kernel/security/tomoyo/stat interface. */
		1872	static const char * const tomoyo_memory_headers[TOMOYO_MAX_MEMORY_STAT] = {
		1873	[TOMOYO_MEMORY_POLICY] = "policy:",
		1874	[TOMOYO_MEMORY_AUDIT] = "audit log:",
		1875	[TOMOYO_MEMORY_QUERY] = "query message:",
		1876	};
		1877
		1878	/* Timestamp counter for last updated. */
		1879	static unsigned int tomoyo_stat_updated[TOMOYO_MAX_POLICY_STAT];
		1880	/* Counter for number of updates. */
		1881	static unsigned int tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT];
		1882
		1883	/**
		1884	* tomoyo_update_stat - Update statistic counters.
		1885	*
		1886	* @index: Index for policy type.
		1887	*
		1888	* Returns nothing.
		1889	*/
		1890	void tomoyo_update_stat(const u8 index)
		1891	{
		1892	struct timeval tv;
		1893	do_gettimeofday(&tv);
		1894	/*
		1895	* I don't use atomic operations because race condition is not fatal.
		1896	*/
		1897	tomoyo_stat_updated[index]++;
		1898	tomoyo_stat_modified[index] = tv.tv_sec;
		1899	}
		1900
		1901	/**
		1902	* tomoyo_read_stat - Read statistic data.
		1903	*
		1904	* @head: Pointer to "struct tomoyo_io_buffer".
		1905	*
		1906	* Returns nothing.
		1907	*/
		1908	static void tomoyo_read_stat(struct tomoyo_io_buffer *head)
		1909	{
		1910	u8 i;
		1911	unsigned int total = 0;
		1912	if (head->r.eof)
		1913	return;
		1914	for (i = 0; i < TOMOYO_MAX_POLICY_STAT; i++) {
		1915	tomoyo_io_printf(head, "Policy %-30s %10u",
		1916	tomoyo_policy_headers[i],
		1917	tomoyo_stat_updated[i]);
		1918	if (tomoyo_stat_modified[i]) {
		1919	struct tomoyo_time stamp;
		1920	tomoyo_convert_time(tomoyo_stat_modified[i], &stamp);
		1921	tomoyo_io_printf(head, " (Last: %04u/%02u/%02u "
		1922	"%02u:%02u:%02u)",
		1923	stamp.year, stamp.month, stamp.day,
		1924	stamp.hour, stamp.min, stamp.sec);
		1925	}
		1926	tomoyo_set_lf(head);
		1927	}
		1928	for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) {
		1929	unsigned int used = tomoyo_memory_used[i];
		1930	total += used;
		1931	tomoyo_io_printf(head, "Memory used by %-22s %10u",
		1932	tomoyo_memory_headers[i], used);
		1933	used = tomoyo_memory_quota[i];
		1934	if (used)
		1935	tomoyo_io_printf(head, " (Quota: %10u)", used);
		1936	tomoyo_set_lf(head);
		1937	}
		1938	tomoyo_io_printf(head, "Total memory used: %10u\n",
		1939	total);
		1940	head->r.eof = true;
		1941	}
		1942
		1943	/**
		1944	* tomoyo_write_stat - Set memory quota.
		1945	*
		1946	* @head: Pointer to "struct tomoyo_io_buffer".
		1947	*
		1948	* Returns 0.
		1949	*/
		1950	static int tomoyo_write_stat(struct tomoyo_io_buffer *head)
		1951	{
		1952	char *data = head->write_buf;
		1953	u8 i;
		1954	if (tomoyo_str_starts(&data, "Memory used by "))
		1955	for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++)
		1956	if (tomoyo_str_starts(&data, tomoyo_memory_headers[i]))
		1957	sscanf(data, "%u", &tomoyo_memory_quota[i]);
		1958	return 0;
		1959	}
		1960
1860	/**	1961	/**
1861	* tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.	1962	* tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1862	*	1963	*
@@ -1908,11 +2009,11 @@ int tomoyo_open_control(const u8 type, struct file *file)
1908	head->read = tomoyo_read_version;	2009	head->read = tomoyo_read_version;
1909	head->readbuf_size = 128;	2010	head->readbuf_size = 128;
1910	break;	2011	break;
1911	case TOMOYO_MEMINFO:	2012	case TOMOYO_STAT:
1912	/* /sys/kernel/security/tomoyo/meminfo */	2013	/* /sys/kernel/security/tomoyo/stat */
1913	head->write = tomoyo_write_memory_quota;	2014	head->write = tomoyo_write_stat;
1914	head->read = tomoyo_read_memory_counter;	2015	head->read = tomoyo_read_stat;
1915	head->readbuf_size = 512;	2016	head->readbuf_size = 1024;
1916	break;	2017	break;
1917	case TOMOYO_PROFILE:	2018	case TOMOYO_PROFILE:
1918	/* /sys/kernel/security/tomoyo/profile */	2019	/* /sys/kernel/security/tomoyo/profile */
@@ -2186,6 +2287,20 @@ ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
2186	case -EPERM:	2287	case -EPERM:
2187	error = -EPERM;	2288	error = -EPERM;
2188	goto out;	2289	goto out;
		2290	case 0:
		2291	switch (head->type) {
		2292	case TOMOYO_DOMAINPOLICY:
		2293	case TOMOYO_EXCEPTIONPOLICY:
		2294	case TOMOYO_DOMAIN_STATUS:
		2295	case TOMOYO_STAT:
		2296	case TOMOYO_PROFILE:
		2297	case TOMOYO_MANAGER:
		2298	tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
		2299	break;
		2300	default:
		2301	break;
		2302	}
		2303	break;
2189	}	2304	}
2190	}	2305	}
2191	out:	2306	out: