diff options
Diffstat (limited to 'security/tomoyo/util.c')
| -rw-r--r-- | security/tomoyo/util.c | 92 |
1 files changed, 70 insertions, 22 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 592b76a2bce8..307793ed6075 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c | |||
| @@ -792,25 +792,67 @@ const char *tomoyo_get_exe(void) | |||
| 792 | } | 792 | } |
| 793 | 793 | ||
| 794 | /** | 794 | /** |
| 795 | * tomoyo_get_mode - Get MAC mode. | ||
| 796 | * | ||
| 797 | * @profile: Profile number. | ||
| 798 | * @index: Index number of functionality. | ||
| 799 | * | ||
| 800 | * Returns mode. | ||
| 801 | */ | ||
| 802 | int tomoyo_get_mode(const u8 profile, const u8 index) | ||
| 803 | { | ||
| 804 | u8 mode; | ||
| 805 | const u8 category = TOMOYO_MAC_CATEGORY_FILE; | ||
| 806 | if (!tomoyo_policy_loaded) | ||
| 807 | return TOMOYO_CONFIG_DISABLED; | ||
| 808 | mode = tomoyo_profile(profile)->config[index]; | ||
| 809 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) | ||
| 810 | mode = tomoyo_profile(profile)->config[category]; | ||
| 811 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) | ||
| 812 | mode = tomoyo_profile(profile)->default_config; | ||
| 813 | return mode & 3; | ||
| 814 | } | ||
| 815 | |||
| 816 | /** | ||
| 795 | * tomoyo_init_request_info - Initialize "struct tomoyo_request_info" members. | 817 | * tomoyo_init_request_info - Initialize "struct tomoyo_request_info" members. |
| 796 | * | 818 | * |
| 797 | * @r: Pointer to "struct tomoyo_request_info" to initialize. | 819 | * @r: Pointer to "struct tomoyo_request_info" to initialize. |
| 798 | * @domain: Pointer to "struct tomoyo_domain_info". NULL for tomoyo_domain(). | 820 | * @domain: Pointer to "struct tomoyo_domain_info". NULL for tomoyo_domain(). |
| 821 | * @index: Index number of functionality. | ||
| 799 | * | 822 | * |
| 800 | * Returns mode. | 823 | * Returns mode. |
| 801 | */ | 824 | */ |
| 802 | int tomoyo_init_request_info(struct tomoyo_request_info *r, | 825 | int tomoyo_init_request_info(struct tomoyo_request_info *r, |
| 803 | struct tomoyo_domain_info *domain) | 826 | struct tomoyo_domain_info *domain, const u8 index) |
| 804 | { | 827 | { |
| 828 | u8 profile; | ||
| 805 | memset(r, 0, sizeof(*r)); | 829 | memset(r, 0, sizeof(*r)); |
| 806 | if (!domain) | 830 | if (!domain) |
| 807 | domain = tomoyo_domain(); | 831 | domain = tomoyo_domain(); |
| 808 | r->domain = domain; | 832 | r->domain = domain; |
| 809 | r->mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE); | 833 | profile = domain->profile; |
| 834 | r->profile = profile; | ||
| 835 | r->type = index; | ||
| 836 | r->mode = tomoyo_get_mode(profile, index); | ||
| 810 | return r->mode; | 837 | return r->mode; |
| 811 | } | 838 | } |
| 812 | 839 | ||
| 813 | /** | 840 | /** |
| 841 | * tomoyo_last_word - Get last component of a line. | ||
| 842 | * | ||
| 843 | * @line: A line. | ||
| 844 | * | ||
| 845 | * Returns the last word of a line. | ||
| 846 | */ | ||
| 847 | static const char *tomoyo_last_word(const char *name) | ||
| 848 | { | ||
| 849 | const char *cp = strrchr(name, ' '); | ||
| 850 | if (cp) | ||
| 851 | return cp + 1; | ||
| 852 | return name; | ||
| 853 | } | ||
| 854 | |||
| 855 | /** | ||
| 814 | * tomoyo_warn_log - Print warning or error message on console. | 856 | * tomoyo_warn_log - Print warning or error message on console. |
| 815 | * | 857 | * |
| 816 | * @r: Pointer to "struct tomoyo_request_info". | 858 | * @r: Pointer to "struct tomoyo_request_info". |
| @@ -818,29 +860,34 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r, | |||
| 818 | */ | 860 | */ |
| 819 | void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...) | 861 | void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...) |
| 820 | { | 862 | { |
| 821 | int len = PAGE_SIZE; | ||
| 822 | va_list args; | 863 | va_list args; |
| 823 | char *buffer; | 864 | char *buffer; |
| 824 | if (!tomoyo_verbose_mode(r->domain)) | 865 | const struct tomoyo_domain_info * const domain = r->domain; |
| 825 | return; | 866 | const struct tomoyo_profile *profile = tomoyo_profile(domain->profile); |
| 826 | while (1) { | 867 | switch (r->mode) { |
| 827 | int len2; | 868 | case TOMOYO_CONFIG_ENFORCING: |
| 828 | buffer = kmalloc(len, GFP_NOFS); | 869 | if (!profile->enforcing->enforcing_verbose) |
| 829 | if (!buffer) | ||
| 830 | return; | 870 | return; |
| 831 | va_start(args, fmt); | 871 | break; |
| 832 | len2 = vsnprintf(buffer, len - 1, fmt, args); | 872 | case TOMOYO_CONFIG_PERMISSIVE: |
| 833 | va_end(args); | 873 | if (!profile->permissive->permissive_verbose) |
| 834 | if (len2 <= len - 1) { | 874 | return; |
| 835 | buffer[len2] = '\0'; | 875 | break; |
| 836 | break; | 876 | case TOMOYO_CONFIG_LEARNING: |
| 837 | } | 877 | if (!profile->learning->learning_verbose) |
| 838 | len = len2 + 1; | 878 | return; |
| 839 | kfree(buffer); | 879 | break; |
| 840 | } | 880 | } |
| 841 | printk(KERN_WARNING "TOMOYO-%s: Access %s denied for %s\n", | 881 | buffer = kmalloc(4096, GFP_NOFS); |
| 842 | r->mode == TOMOYO_CONFIG_ENFORCING ? "ERROR" : "WARNING", | 882 | if (!buffer) |
| 843 | buffer, tomoyo_get_last_name(r->domain)); | 883 | return; |
| 884 | va_start(args, fmt); | ||
| 885 | vsnprintf(buffer, 4095, fmt, args); | ||
| 886 | va_end(args); | ||
| 887 | buffer[4095] = '\0'; | ||
| 888 | printk(KERN_WARNING "%s: Access %s denied for %s\n", | ||
| 889 | r->mode == TOMOYO_CONFIG_ENFORCING ? "ERROR" : "WARNING", buffer, | ||
| 890 | tomoyo_last_word(domain->domainname->name)); | ||
| 844 | kfree(buffer); | 891 | kfree(buffer); |
| 845 | } | 892 | } |
| 846 | 893 | ||
| @@ -903,7 +950,8 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) | |||
| 903 | count++; | 950 | count++; |
| 904 | } | 951 | } |
| 905 | } | 952 | } |
| 906 | if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY)) | 953 | if (count < tomoyo_profile(domain->profile)->learning-> |
| 954 | learning_max_entry) | ||
| 907 | return true; | 955 | return true; |
| 908 | if (!domain->quota_warned) { | 956 | if (!domain->quota_warned) { |
| 909 | domain->quota_warned = true; | 957 | domain->quota_warned = true; |