diff options
Diffstat (limited to 'security/tomoyo')
-rw-r--r-- | security/tomoyo/common.c | 23 | ||||
-rw-r--r-- | security/tomoyo/common.h | 411 | ||||
-rw-r--r-- | security/tomoyo/domain.c | 72 | ||||
-rw-r--r-- | security/tomoyo/file.c | 52 | ||||
-rw-r--r-- | security/tomoyo/realpath.c | 10 | ||||
-rw-r--r-- | security/tomoyo/realpath.h | 76 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.c | 2 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.h | 102 |
8 files changed, 351 insertions, 397 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 0c7ea51e7a45..634f7449e8ba 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
@@ -13,8 +13,6 @@ | |||
13 | #include <linux/security.h> | 13 | #include <linux/security.h> |
14 | #include <linux/hardirq.h> | 14 | #include <linux/hardirq.h> |
15 | #include "common.h" | 15 | #include "common.h" |
16 | #include "realpath.h" | ||
17 | #include "tomoyo.h" | ||
18 | 16 | ||
19 | /* Lock for protecting policy. */ | 17 | /* Lock for protecting policy. */ |
20 | DEFINE_MUTEX(tomoyo_policy_lock); | 18 | DEFINE_MUTEX(tomoyo_policy_lock); |
@@ -1040,27 +1038,6 @@ static int tomoyo_read_profile(struct tomoyo_io_buffer *head) | |||
1040 | } | 1038 | } |
1041 | 1039 | ||
1042 | /* | 1040 | /* |
1043 | * tomoyo_policy_manager_entry is a structure which is used for holding list of | ||
1044 | * domainnames or programs which are permitted to modify configuration via | ||
1045 | * /sys/kernel/security/tomoyo/ interface. | ||
1046 | * It has following fields. | ||
1047 | * | ||
1048 | * (1) "list" which is linked to tomoyo_policy_manager_list . | ||
1049 | * (2) "manager" is a domainname or a program's pathname. | ||
1050 | * (3) "is_domain" is a bool which is true if "manager" is a domainname, false | ||
1051 | * otherwise. | ||
1052 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
1053 | * otherwise. | ||
1054 | */ | ||
1055 | struct tomoyo_policy_manager_entry { | ||
1056 | struct list_head list; | ||
1057 | /* A path to program or a domainname. */ | ||
1058 | const struct tomoyo_path_info *manager; | ||
1059 | bool is_domain; /* True if manager is a domainname. */ | ||
1060 | bool is_deleted; /* True if this entry is deleted. */ | ||
1061 | }; | ||
1062 | |||
1063 | /* | ||
1064 | * tomoyo_policy_manager_list is used for holding list of domainnames or | 1041 | * tomoyo_policy_manager_list is used for holding list of domainnames or |
1065 | * programs which are permitted to modify configuration via | 1042 | * programs which are permitted to modify configuration via |
1066 | * /sys/kernel/security/tomoyo/ interface. | 1043 | * /sys/kernel/security/tomoyo/ interface. |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 509ced9ce698..f6aff59b0885 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -1,12 +1,9 @@ | |||
1 | /* | 1 | /* |
2 | * security/tomoyo/common.h | 2 | * security/tomoyo/common.h |
3 | * | 3 | * |
4 | * Common functions for TOMOYO. | 4 | * Header file for TOMOYO. |
5 | * | ||
6 | * Copyright (C) 2005-2009 NTT DATA CORPORATION | ||
7 | * | ||
8 | * Version: 2.2.0 2009/04/01 | ||
9 | * | 5 | * |
6 | * Copyright (C) 2005-2010 NTT DATA CORPORATION | ||
10 | */ | 7 | */ |
11 | 8 | ||
12 | #ifndef _SECURITY_TOMOYO_COMMON_H | 9 | #ifndef _SECURITY_TOMOYO_COMMON_H |
@@ -22,9 +19,110 @@ | |||
22 | #include <linux/namei.h> | 19 | #include <linux/namei.h> |
23 | #include <linux/mount.h> | 20 | #include <linux/mount.h> |
24 | #include <linux/list.h> | 21 | #include <linux/list.h> |
22 | #include <linux/cred.h> | ||
23 | struct linux_binprm; | ||
24 | |||
25 | /********** Constants definitions. **********/ | ||
26 | |||
27 | /* | ||
28 | * TOMOYO uses this hash only when appending a string into the string | ||
29 | * table. Frequency of appending strings is very low. So we don't need | ||
30 | * large (e.g. 64k) hash size. 256 will be sufficient. | ||
31 | */ | ||
32 | #define TOMOYO_HASH_BITS 8 | ||
33 | #define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS) | ||
34 | |||
35 | /* | ||
36 | * This is the max length of a token. | ||
37 | * | ||
38 | * A token consists of only ASCII printable characters. | ||
39 | * Non printable characters in a token is represented in \ooo style | ||
40 | * octal string. Thus, \ itself is represented as \\. | ||
41 | */ | ||
42 | #define TOMOYO_MAX_PATHNAME_LEN 4000 | ||
43 | |||
44 | /* Profile number is an integer between 0 and 255. */ | ||
45 | #define TOMOYO_MAX_PROFILES 256 | ||
46 | |||
47 | /* Keywords for ACLs. */ | ||
48 | #define TOMOYO_KEYWORD_ALIAS "alias " | ||
49 | #define TOMOYO_KEYWORD_ALLOW_READ "allow_read " | ||
50 | #define TOMOYO_KEYWORD_DELETE "delete " | ||
51 | #define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite " | ||
52 | #define TOMOYO_KEYWORD_FILE_PATTERN "file_pattern " | ||
53 | #define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain " | ||
54 | #define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain " | ||
55 | #define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain " | ||
56 | #define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain " | ||
57 | #define TOMOYO_KEYWORD_SELECT "select " | ||
58 | #define TOMOYO_KEYWORD_USE_PROFILE "use_profile " | ||
59 | #define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read" | ||
60 | /* A domain definition starts with <kernel>. */ | ||
61 | #define TOMOYO_ROOT_NAME "<kernel>" | ||
62 | #define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1) | ||
63 | |||
64 | /* Index numbers for Access Controls. */ | ||
65 | #define TOMOYO_MAC_FOR_FILE 0 /* domain_policy.conf */ | ||
66 | #define TOMOYO_MAX_ACCEPT_ENTRY 1 | ||
67 | #define TOMOYO_VERBOSE 2 | ||
68 | #define TOMOYO_MAX_CONTROL_INDEX 3 | ||
69 | |||
70 | /* Index numbers for Access Controls. */ | ||
71 | |||
72 | #define TOMOYO_TYPE_SINGLE_PATH_ACL 0 | ||
73 | #define TOMOYO_TYPE_DOUBLE_PATH_ACL 1 | ||
74 | |||
75 | /* Index numbers for File Controls. */ | ||
76 | |||
77 | /* | ||
78 | * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set | ||
79 | * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and | ||
80 | * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set. | ||
81 | * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or | ||
82 | * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are | ||
83 | * automatically cleared if TYPE_READ_WRITE_ACL is cleared. | ||
84 | */ | ||
85 | |||
86 | #define TOMOYO_TYPE_READ_WRITE_ACL 0 | ||
87 | #define TOMOYO_TYPE_EXECUTE_ACL 1 | ||
88 | #define TOMOYO_TYPE_READ_ACL 2 | ||
89 | #define TOMOYO_TYPE_WRITE_ACL 3 | ||
90 | #define TOMOYO_TYPE_CREATE_ACL 4 | ||
91 | #define TOMOYO_TYPE_UNLINK_ACL 5 | ||
92 | #define TOMOYO_TYPE_MKDIR_ACL 6 | ||
93 | #define TOMOYO_TYPE_RMDIR_ACL 7 | ||
94 | #define TOMOYO_TYPE_MKFIFO_ACL 8 | ||
95 | #define TOMOYO_TYPE_MKSOCK_ACL 9 | ||
96 | #define TOMOYO_TYPE_MKBLOCK_ACL 10 | ||
97 | #define TOMOYO_TYPE_MKCHAR_ACL 11 | ||
98 | #define TOMOYO_TYPE_TRUNCATE_ACL 12 | ||
99 | #define TOMOYO_TYPE_SYMLINK_ACL 13 | ||
100 | #define TOMOYO_TYPE_REWRITE_ACL 14 | ||
101 | #define TOMOYO_TYPE_IOCTL_ACL 15 | ||
102 | #define TOMOYO_TYPE_CHMOD_ACL 16 | ||
103 | #define TOMOYO_TYPE_CHOWN_ACL 17 | ||
104 | #define TOMOYO_TYPE_CHGRP_ACL 18 | ||
105 | #define TOMOYO_TYPE_CHROOT_ACL 19 | ||
106 | #define TOMOYO_TYPE_MOUNT_ACL 20 | ||
107 | #define TOMOYO_TYPE_UMOUNT_ACL 21 | ||
108 | #define TOMOYO_MAX_SINGLE_PATH_OPERATION 22 | ||
109 | |||
110 | #define TOMOYO_TYPE_LINK_ACL 0 | ||
111 | #define TOMOYO_TYPE_RENAME_ACL 1 | ||
112 | #define TOMOYO_TYPE_PIVOT_ROOT_ACL 2 | ||
113 | #define TOMOYO_MAX_DOUBLE_PATH_OPERATION 3 | ||
114 | |||
115 | #define TOMOYO_DOMAINPOLICY 0 | ||
116 | #define TOMOYO_EXCEPTIONPOLICY 1 | ||
117 | #define TOMOYO_DOMAIN_STATUS 2 | ||
118 | #define TOMOYO_PROCESS_STATUS 3 | ||
119 | #define TOMOYO_MEMINFO 4 | ||
120 | #define TOMOYO_SELFDOMAIN 5 | ||
121 | #define TOMOYO_VERSION 6 | ||
122 | #define TOMOYO_PROFILE 7 | ||
123 | #define TOMOYO_MANAGER 8 | ||
25 | 124 | ||
26 | struct dentry; | 125 | /********** Structure definitions. **********/ |
27 | struct vfsmount; | ||
28 | 126 | ||
29 | /* | 127 | /* |
30 | * tomoyo_page_buffer is a structure which is used for holding a pathname | 128 | * tomoyo_page_buffer is a structure which is used for holding a pathname |
@@ -66,13 +164,14 @@ struct tomoyo_path_info { | |||
66 | }; | 164 | }; |
67 | 165 | ||
68 | /* | 166 | /* |
69 | * This is the max length of a token. | 167 | * tomoyo_name_entry is a structure which is used for linking |
70 | * | 168 | * "struct tomoyo_path_info" into tomoyo_name_list . |
71 | * A token consists of only ASCII printable characters. | ||
72 | * Non printable characters in a token is represented in \ooo style | ||
73 | * octal string. Thus, \ itself is represented as \\. | ||
74 | */ | 169 | */ |
75 | #define TOMOYO_MAX_PATHNAME_LEN 4000 | 170 | struct tomoyo_name_entry { |
171 | struct list_head list; | ||
172 | atomic_t users; | ||
173 | struct tomoyo_path_info entry; | ||
174 | }; | ||
76 | 175 | ||
77 | /* | 176 | /* |
78 | * tomoyo_path_info_with_data is a structure which is used for holding a | 177 | * tomoyo_path_info_with_data is a structure which is used for holding a |
@@ -155,9 +254,6 @@ struct tomoyo_domain_info { | |||
155 | bool transition_failed; /* Domain transition failed flag. */ | 254 | bool transition_failed; /* Domain transition failed flag. */ |
156 | }; | 255 | }; |
157 | 256 | ||
158 | /* Profile number is an integer between 0 and 255. */ | ||
159 | #define TOMOYO_MAX_PROFILES 256 | ||
160 | |||
161 | /* | 257 | /* |
162 | * tomoyo_single_path_acl_record is a structure which is used for holding an | 258 | * tomoyo_single_path_acl_record is a structure which is used for holding an |
163 | * entry with one pathname operation (e.g. open(), mkdir()). | 259 | * entry with one pathname operation (e.g. open(), mkdir()). |
@@ -204,29 +300,6 @@ struct tomoyo_double_path_acl_record { | |||
204 | const struct tomoyo_path_info *filename2; | 300 | const struct tomoyo_path_info *filename2; |
205 | }; | 301 | }; |
206 | 302 | ||
207 | /* Keywords for ACLs. */ | ||
208 | #define TOMOYO_KEYWORD_ALIAS "alias " | ||
209 | #define TOMOYO_KEYWORD_ALLOW_READ "allow_read " | ||
210 | #define TOMOYO_KEYWORD_DELETE "delete " | ||
211 | #define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite " | ||
212 | #define TOMOYO_KEYWORD_FILE_PATTERN "file_pattern " | ||
213 | #define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain " | ||
214 | #define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain " | ||
215 | #define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain " | ||
216 | #define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain " | ||
217 | #define TOMOYO_KEYWORD_SELECT "select " | ||
218 | #define TOMOYO_KEYWORD_USE_PROFILE "use_profile " | ||
219 | #define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read" | ||
220 | /* A domain definition starts with <kernel>. */ | ||
221 | #define TOMOYO_ROOT_NAME "<kernel>" | ||
222 | #define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1) | ||
223 | |||
224 | /* Index numbers for Access Controls. */ | ||
225 | #define TOMOYO_MAC_FOR_FILE 0 /* domain_policy.conf */ | ||
226 | #define TOMOYO_MAX_ACCEPT_ENTRY 1 | ||
227 | #define TOMOYO_VERBOSE 2 | ||
228 | #define TOMOYO_MAX_CONTROL_INDEX 3 | ||
229 | |||
230 | /* | 303 | /* |
231 | * tomoyo_io_buffer is a structure which is used for reading and modifying | 304 | * tomoyo_io_buffer is a structure which is used for reading and modifying |
232 | * configuration via /sys/kernel/security/tomoyo/ interface. | 305 | * configuration via /sys/kernel/security/tomoyo/ interface. |
@@ -285,6 +358,149 @@ struct tomoyo_io_buffer { | |||
285 | int writebuf_size; | 358 | int writebuf_size; |
286 | }; | 359 | }; |
287 | 360 | ||
361 | /* | ||
362 | * tomoyo_globally_readable_file_entry is a structure which is used for holding | ||
363 | * "allow_read" entries. | ||
364 | * It has following fields. | ||
365 | * | ||
366 | * (1) "list" which is linked to tomoyo_globally_readable_list . | ||
367 | * (2) "filename" is a pathname which is allowed to open(O_RDONLY). | ||
368 | * (3) "is_deleted" is a bool which is true if marked as deleted, false | ||
369 | * otherwise. | ||
370 | */ | ||
371 | struct tomoyo_globally_readable_file_entry { | ||
372 | struct list_head list; | ||
373 | const struct tomoyo_path_info *filename; | ||
374 | bool is_deleted; | ||
375 | }; | ||
376 | |||
377 | /* | ||
378 | * tomoyo_pattern_entry is a structure which is used for holding | ||
379 | * "tomoyo_pattern_list" entries. | ||
380 | * It has following fields. | ||
381 | * | ||
382 | * (1) "list" which is linked to tomoyo_pattern_list . | ||
383 | * (2) "pattern" is a pathname pattern which is used for converting pathnames | ||
384 | * to pathname patterns during learning mode. | ||
385 | * (3) "is_deleted" is a bool which is true if marked as deleted, false | ||
386 | * otherwise. | ||
387 | */ | ||
388 | struct tomoyo_pattern_entry { | ||
389 | struct list_head list; | ||
390 | const struct tomoyo_path_info *pattern; | ||
391 | bool is_deleted; | ||
392 | }; | ||
393 | |||
394 | /* | ||
395 | * tomoyo_no_rewrite_entry is a structure which is used for holding | ||
396 | * "deny_rewrite" entries. | ||
397 | * It has following fields. | ||
398 | * | ||
399 | * (1) "list" which is linked to tomoyo_no_rewrite_list . | ||
400 | * (2) "pattern" is a pathname which is by default not permitted to modify | ||
401 | * already existing content. | ||
402 | * (3) "is_deleted" is a bool which is true if marked as deleted, false | ||
403 | * otherwise. | ||
404 | */ | ||
405 | struct tomoyo_no_rewrite_entry { | ||
406 | struct list_head list; | ||
407 | const struct tomoyo_path_info *pattern; | ||
408 | bool is_deleted; | ||
409 | }; | ||
410 | |||
411 | /* | ||
412 | * tomoyo_domain_initializer_entry is a structure which is used for holding | ||
413 | * "initialize_domain" and "no_initialize_domain" entries. | ||
414 | * It has following fields. | ||
415 | * | ||
416 | * (1) "list" which is linked to tomoyo_domain_initializer_list . | ||
417 | * (2) "domainname" which is "a domainname" or "the last component of a | ||
418 | * domainname". This field is NULL if "from" clause is not specified. | ||
419 | * (3) "program" which is a program's pathname. | ||
420 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
421 | * otherwise. | ||
422 | * (5) "is_not" is a bool which is true if "no_initialize_domain", false | ||
423 | * otherwise. | ||
424 | * (6) "is_last_name" is a bool which is true if "domainname" is "the last | ||
425 | * component of a domainname", false otherwise. | ||
426 | */ | ||
427 | struct tomoyo_domain_initializer_entry { | ||
428 | struct list_head list; | ||
429 | const struct tomoyo_path_info *domainname; /* This may be NULL */ | ||
430 | const struct tomoyo_path_info *program; | ||
431 | bool is_deleted; | ||
432 | bool is_not; /* True if this entry is "no_initialize_domain". */ | ||
433 | /* True if the domainname is tomoyo_get_last_name(). */ | ||
434 | bool is_last_name; | ||
435 | }; | ||
436 | |||
437 | /* | ||
438 | * tomoyo_domain_keeper_entry is a structure which is used for holding | ||
439 | * "keep_domain" and "no_keep_domain" entries. | ||
440 | * It has following fields. | ||
441 | * | ||
442 | * (1) "list" which is linked to tomoyo_domain_keeper_list . | ||
443 | * (2) "domainname" which is "a domainname" or "the last component of a | ||
444 | * domainname". | ||
445 | * (3) "program" which is a program's pathname. | ||
446 | * This field is NULL if "from" clause is not specified. | ||
447 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
448 | * otherwise. | ||
449 | * (5) "is_not" is a bool which is true if "no_initialize_domain", false | ||
450 | * otherwise. | ||
451 | * (6) "is_last_name" is a bool which is true if "domainname" is "the last | ||
452 | * component of a domainname", false otherwise. | ||
453 | */ | ||
454 | struct tomoyo_domain_keeper_entry { | ||
455 | struct list_head list; | ||
456 | const struct tomoyo_path_info *domainname; | ||
457 | const struct tomoyo_path_info *program; /* This may be NULL */ | ||
458 | bool is_deleted; | ||
459 | bool is_not; /* True if this entry is "no_keep_domain". */ | ||
460 | /* True if the domainname is tomoyo_get_last_name(). */ | ||
461 | bool is_last_name; | ||
462 | }; | ||
463 | |||
464 | /* | ||
465 | * tomoyo_alias_entry is a structure which is used for holding "alias" entries. | ||
466 | * It has following fields. | ||
467 | * | ||
468 | * (1) "list" which is linked to tomoyo_alias_list . | ||
469 | * (2) "original_name" which is a dereferenced pathname. | ||
470 | * (3) "aliased_name" which is a symlink's pathname. | ||
471 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
472 | * otherwise. | ||
473 | */ | ||
474 | struct tomoyo_alias_entry { | ||
475 | struct list_head list; | ||
476 | const struct tomoyo_path_info *original_name; | ||
477 | const struct tomoyo_path_info *aliased_name; | ||
478 | bool is_deleted; | ||
479 | }; | ||
480 | |||
481 | /* | ||
482 | * tomoyo_policy_manager_entry is a structure which is used for holding list of | ||
483 | * domainnames or programs which are permitted to modify configuration via | ||
484 | * /sys/kernel/security/tomoyo/ interface. | ||
485 | * It has following fields. | ||
486 | * | ||
487 | * (1) "list" which is linked to tomoyo_policy_manager_list . | ||
488 | * (2) "manager" is a domainname or a program's pathname. | ||
489 | * (3) "is_domain" is a bool which is true if "manager" is a domainname, false | ||
490 | * otherwise. | ||
491 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
492 | * otherwise. | ||
493 | */ | ||
494 | struct tomoyo_policy_manager_entry { | ||
495 | struct list_head list; | ||
496 | /* A path to program or a domainname. */ | ||
497 | const struct tomoyo_path_info *manager; | ||
498 | bool is_domain; /* True if manager is a domainname. */ | ||
499 | bool is_deleted; /* True if this entry is deleted. */ | ||
500 | }; | ||
501 | |||
502 | /********** Function prototypes. **********/ | ||
503 | |||
288 | /* Check whether the domain has too many ACL entries to hold. */ | 504 | /* Check whether the domain has too many ACL entries to hold. */ |
289 | bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain); | 505 | bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain); |
290 | /* Transactional sprintf() for policy dump. */ | 506 | /* Transactional sprintf() for policy dump. */ |
@@ -367,6 +583,85 @@ void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); | |||
367 | /* Run policy loader when /sbin/init starts. */ | 583 | /* Run policy loader when /sbin/init starts. */ |
368 | void tomoyo_load_policy(const char *filename); | 584 | void tomoyo_load_policy(const char *filename); |
369 | 585 | ||
586 | /* Convert binary string to ascii string. */ | ||
587 | int tomoyo_encode(char *buffer, int buflen, const char *str); | ||
588 | |||
589 | /* Returns realpath(3) of the given pathname but ignores chroot'ed root. */ | ||
590 | int tomoyo_realpath_from_path2(struct path *path, char *newname, | ||
591 | int newname_len); | ||
592 | |||
593 | /* | ||
594 | * Returns realpath(3) of the given pathname but ignores chroot'ed root. | ||
595 | * These functions use kzalloc(), so the caller must call kfree() | ||
596 | * if these functions didn't return NULL. | ||
597 | */ | ||
598 | char *tomoyo_realpath(const char *pathname); | ||
599 | /* | ||
600 | * Same with tomoyo_realpath() except that it doesn't follow the final symlink. | ||
601 | */ | ||
602 | char *tomoyo_realpath_nofollow(const char *pathname); | ||
603 | /* Same with tomoyo_realpath() except that the pathname is already solved. */ | ||
604 | char *tomoyo_realpath_from_path(struct path *path); | ||
605 | |||
606 | /* Check memory quota. */ | ||
607 | bool tomoyo_memory_ok(void *ptr); | ||
608 | |||
609 | /* | ||
610 | * Keep the given name on the RAM. | ||
611 | * The RAM is shared, so NEVER try to modify or kfree() the returned name. | ||
612 | */ | ||
613 | const struct tomoyo_path_info *tomoyo_get_name(const char *name); | ||
614 | |||
615 | /* Check for memory usage. */ | ||
616 | int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head); | ||
617 | |||
618 | /* Set memory quota. */ | ||
619 | int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head); | ||
620 | |||
621 | /* Initialize realpath related code. */ | ||
622 | void __init tomoyo_realpath_init(void); | ||
623 | int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, | ||
624 | const struct tomoyo_path_info *filename); | ||
625 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | ||
626 | struct path *path, const int flag); | ||
627 | int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, | ||
628 | const u8 operation, struct path *path); | ||
629 | int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain, | ||
630 | const u8 operation, struct path *path1, | ||
631 | struct path *path2); | ||
632 | int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, | ||
633 | struct file *filp); | ||
634 | int tomoyo_find_next_domain(struct linux_binprm *bprm); | ||
635 | |||
636 | /********** External variable definitions. **********/ | ||
637 | |||
638 | /* Lock for GC. */ | ||
639 | extern struct srcu_struct tomoyo_ss; | ||
640 | |||
641 | /* The list for "struct tomoyo_domain_info". */ | ||
642 | extern struct list_head tomoyo_domain_list; | ||
643 | |||
644 | /* Lock for protecting policy. */ | ||
645 | extern struct mutex tomoyo_policy_lock; | ||
646 | |||
647 | /* Has /sbin/init started? */ | ||
648 | extern bool tomoyo_policy_loaded; | ||
649 | |||
650 | /* The kernel's domain. */ | ||
651 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | ||
652 | |||
653 | /********** Inlined functions. **********/ | ||
654 | |||
655 | static inline int tomoyo_read_lock(void) | ||
656 | { | ||
657 | return srcu_read_lock(&tomoyo_ss); | ||
658 | } | ||
659 | |||
660 | static inline void tomoyo_read_unlock(int idx) | ||
661 | { | ||
662 | srcu_read_unlock(&tomoyo_ss, idx); | ||
663 | } | ||
664 | |||
370 | /* strcmp() for "struct tomoyo_path_info" structure. */ | 665 | /* strcmp() for "struct tomoyo_path_info" structure. */ |
371 | static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, | 666 | static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, |
372 | const struct tomoyo_path_info *b) | 667 | const struct tomoyo_path_info *b) |
@@ -398,17 +693,25 @@ static inline bool tomoyo_is_invalid(const unsigned char c) | |||
398 | return c && (c <= ' ' || c >= 127); | 693 | return c && (c <= ' ' || c >= 127); |
399 | } | 694 | } |
400 | 695 | ||
401 | /* The list for "struct tomoyo_domain_info". */ | 696 | static inline void tomoyo_put_name(const struct tomoyo_path_info *name) |
402 | extern struct list_head tomoyo_domain_list; | 697 | { |
403 | 698 | if (name) { | |
404 | /* Lock for protecting policy. */ | 699 | struct tomoyo_name_entry *ptr = |
405 | extern struct mutex tomoyo_policy_lock; | 700 | container_of(name, struct tomoyo_name_entry, entry); |
701 | atomic_dec(&ptr->users); | ||
702 | } | ||
703 | } | ||
406 | 704 | ||
407 | /* Has /sbin/init started? */ | 705 | static inline struct tomoyo_domain_info *tomoyo_domain(void) |
408 | extern bool tomoyo_policy_loaded; | 706 | { |
707 | return current_cred()->security; | ||
708 | } | ||
409 | 709 | ||
410 | /* The kernel's domain. */ | 710 | static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct |
411 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | 711 | *task) |
712 | { | ||
713 | return task_cred_xxx(task, security); | ||
714 | } | ||
412 | 715 | ||
413 | /** | 716 | /** |
414 | * list_for_each_cookie - iterate over a list with cookie. | 717 | * list_for_each_cookie - iterate over a list with cookie. |
@@ -428,16 +731,4 @@ extern struct tomoyo_domain_info tomoyo_kernel_domain; | |||
428 | prefetch(pos->next), pos != (head) || ((cookie) = NULL); \ | 731 | prefetch(pos->next), pos != (head) || ((cookie) = NULL); \ |
429 | (cookie) = pos, pos = rcu_dereference(pos->next)) | 732 | (cookie) = pos, pos = rcu_dereference(pos->next)) |
430 | 733 | ||
431 | extern struct srcu_struct tomoyo_ss; | ||
432 | |||
433 | static inline int tomoyo_read_lock(void) | ||
434 | { | ||
435 | return srcu_read_lock(&tomoyo_ss); | ||
436 | } | ||
437 | |||
438 | static inline void tomoyo_read_unlock(int idx) | ||
439 | { | ||
440 | srcu_read_unlock(&tomoyo_ss, idx); | ||
441 | } | ||
442 | |||
443 | #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ | 734 | #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ |
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 0b8262567809..d60b8a61b0c8 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c | |||
@@ -10,8 +10,6 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "common.h" | 12 | #include "common.h" |
13 | #include "tomoyo.h" | ||
14 | #include "realpath.h" | ||
15 | #include <linux/binfmts.h> | 13 | #include <linux/binfmts.h> |
16 | 14 | ||
17 | /* Variables definitions.*/ | 15 | /* Variables definitions.*/ |
@@ -59,76 +57,6 @@ struct tomoyo_domain_info tomoyo_kernel_domain; | |||
59 | */ | 57 | */ |
60 | LIST_HEAD(tomoyo_domain_list); | 58 | LIST_HEAD(tomoyo_domain_list); |
61 | 59 | ||
62 | /* | ||
63 | * tomoyo_domain_initializer_entry is a structure which is used for holding | ||
64 | * "initialize_domain" and "no_initialize_domain" entries. | ||
65 | * It has following fields. | ||
66 | * | ||
67 | * (1) "list" which is linked to tomoyo_domain_initializer_list . | ||
68 | * (2) "domainname" which is "a domainname" or "the last component of a | ||
69 | * domainname". This field is NULL if "from" clause is not specified. | ||
70 | * (3) "program" which is a program's pathname. | ||
71 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
72 | * otherwise. | ||
73 | * (5) "is_not" is a bool which is true if "no_initialize_domain", false | ||
74 | * otherwise. | ||
75 | * (6) "is_last_name" is a bool which is true if "domainname" is "the last | ||
76 | * component of a domainname", false otherwise. | ||
77 | */ | ||
78 | struct tomoyo_domain_initializer_entry { | ||
79 | struct list_head list; | ||
80 | const struct tomoyo_path_info *domainname; /* This may be NULL */ | ||
81 | const struct tomoyo_path_info *program; | ||
82 | bool is_deleted; | ||
83 | bool is_not; /* True if this entry is "no_initialize_domain". */ | ||
84 | /* True if the domainname is tomoyo_get_last_name(). */ | ||
85 | bool is_last_name; | ||
86 | }; | ||
87 | |||
88 | /* | ||
89 | * tomoyo_domain_keeper_entry is a structure which is used for holding | ||
90 | * "keep_domain" and "no_keep_domain" entries. | ||
91 | * It has following fields. | ||
92 | * | ||
93 | * (1) "list" which is linked to tomoyo_domain_keeper_list . | ||
94 | * (2) "domainname" which is "a domainname" or "the last component of a | ||
95 | * domainname". | ||
96 | * (3) "program" which is a program's pathname. | ||
97 | * This field is NULL if "from" clause is not specified. | ||
98 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
99 | * otherwise. | ||
100 | * (5) "is_not" is a bool which is true if "no_initialize_domain", false | ||
101 | * otherwise. | ||
102 | * (6) "is_last_name" is a bool which is true if "domainname" is "the last | ||
103 | * component of a domainname", false otherwise. | ||
104 | */ | ||
105 | struct tomoyo_domain_keeper_entry { | ||
106 | struct list_head list; | ||
107 | const struct tomoyo_path_info *domainname; | ||
108 | const struct tomoyo_path_info *program; /* This may be NULL */ | ||
109 | bool is_deleted; | ||
110 | bool is_not; /* True if this entry is "no_keep_domain". */ | ||
111 | /* True if the domainname is tomoyo_get_last_name(). */ | ||
112 | bool is_last_name; | ||
113 | }; | ||
114 | |||
115 | /* | ||
116 | * tomoyo_alias_entry is a structure which is used for holding "alias" entries. | ||
117 | * It has following fields. | ||
118 | * | ||
119 | * (1) "list" which is linked to tomoyo_alias_list . | ||
120 | * (2) "original_name" which is a dereferenced pathname. | ||
121 | * (3) "aliased_name" which is a symlink's pathname. | ||
122 | * (4) "is_deleted" is a bool which is true if marked as deleted, false | ||
123 | * otherwise. | ||
124 | */ | ||
125 | struct tomoyo_alias_entry { | ||
126 | struct list_head list; | ||
127 | const struct tomoyo_path_info *original_name; | ||
128 | const struct tomoyo_path_info *aliased_name; | ||
129 | bool is_deleted; | ||
130 | }; | ||
131 | |||
132 | /** | 60 | /** |
133 | * tomoyo_get_last_name - Get last component of a domainname. | 61 | * tomoyo_get_last_name - Get last component of a domainname. |
134 | * | 62 | * |
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index a49e18cc7bc2..c69dd39e6042 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
@@ -10,58 +10,6 @@ | |||
10 | */ | 10 | */ |
11 | 11 | ||
12 | #include "common.h" | 12 | #include "common.h" |
13 | #include "tomoyo.h" | ||
14 | #include "realpath.h" | ||
15 | |||
16 | /* | ||
17 | * tomoyo_globally_readable_file_entry is a structure which is used for holding | ||
18 | * "allow_read" entries. | ||
19 | * It has following fields. | ||
20 | * | ||
21 | * (1) "list" which is linked to tomoyo_globally_readable_list . | ||
22 | * (2) "filename" is a pathname which is allowed to open(O_RDONLY). | ||
23 | * (3) "is_deleted" is a bool which is true if marked as deleted, false | ||
24 | * otherwise. | ||
25 | */ | ||
26 | struct tomoyo_globally_readable_file_entry { | ||
27 | struct list_head list; | ||
28 | const struct tomoyo_path_info *filename; | ||
29 | bool is_deleted; | ||
30 | }; | ||
31 | |||
32 | /* | ||
33 | * tomoyo_pattern_entry is a structure which is used for holding | ||
34 | * "tomoyo_pattern_list" entries. | ||
35 | * It has following fields. | ||
36 | * | ||
37 | * (1) "list" which is linked to tomoyo_pattern_list . | ||
38 | * (2) "pattern" is a pathname pattern which is used for converting pathnames | ||
39 | * to pathname patterns during learning mode. | ||
40 | * (3) "is_deleted" is a bool which is true if marked as deleted, false | ||
41 | * otherwise. | ||
42 | */ | ||
43 | struct tomoyo_pattern_entry { | ||
44 | struct list_head list; | ||
45 | const struct tomoyo_path_info *pattern; | ||
46 | bool is_deleted; | ||
47 | }; | ||
48 | |||
49 | /* | ||
50 | * tomoyo_no_rewrite_entry is a structure which is used for holding | ||
51 | * "deny_rewrite" entries. | ||
52 | * It has following fields. | ||
53 | * | ||
54 | * (1) "list" which is linked to tomoyo_no_rewrite_list . | ||
55 | * (2) "pattern" is a pathname which is by default not permitted to modify | ||
56 | * already existing content. | ||
57 | * (3) "is_deleted" is a bool which is true if marked as deleted, false | ||
58 | * otherwise. | ||
59 | */ | ||
60 | struct tomoyo_no_rewrite_entry { | ||
61 | struct list_head list; | ||
62 | const struct tomoyo_path_info *pattern; | ||
63 | bool is_deleted; | ||
64 | }; | ||
65 | 13 | ||
66 | /* Keyword array for single path operations. */ | 14 | /* Keyword array for single path operations. */ |
67 | static const char *tomoyo_sp_keyword[TOMOYO_MAX_SINGLE_PATH_OPERATION] = { | 15 | static const char *tomoyo_sp_keyword[TOMOYO_MAX_SINGLE_PATH_OPERATION] = { |
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 2f7f54fc6812..9557168b3767 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c | |||
@@ -15,9 +15,7 @@ | |||
15 | #include <linux/fs_struct.h> | 15 | #include <linux/fs_struct.h> |
16 | #include <linux/hash.h> | 16 | #include <linux/hash.h> |
17 | #include <linux/magic.h> | 17 | #include <linux/magic.h> |
18 | |||
19 | #include "common.h" | 18 | #include "common.h" |
20 | #include "realpath.h" | ||
21 | 19 | ||
22 | /** | 20 | /** |
23 | * tomoyo_encode: Convert binary string to ascii string. | 21 | * tomoyo_encode: Convert binary string to ascii string. |
@@ -246,14 +244,6 @@ static unsigned int tomoyo_allocated_memory_for_savename; | |||
246 | static unsigned int tomoyo_quota_for_savename; | 244 | static unsigned int tomoyo_quota_for_savename; |
247 | 245 | ||
248 | /* | 246 | /* |
249 | * TOMOYO uses this hash only when appending a string into the string | ||
250 | * table. Frequency of appending strings is very low. So we don't need | ||
251 | * large (e.g. 64k) hash size. 256 will be sufficient. | ||
252 | */ | ||
253 | #define TOMOYO_HASH_BITS 8 | ||
254 | #define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS) | ||
255 | |||
256 | /* | ||
257 | * tomoyo_name_list is used for holding string data used by TOMOYO. | 247 | * tomoyo_name_list is used for holding string data used by TOMOYO. |
258 | * Since same string data is likely used for multiple times (e.g. | 248 | * Since same string data is likely used for multiple times (e.g. |
259 | * "/lib/libc-2.5.so"), TOMOYO shares string data in the form of | 249 | * "/lib/libc-2.5.so"), TOMOYO shares string data in the form of |
diff --git a/security/tomoyo/realpath.h b/security/tomoyo/realpath.h deleted file mode 100644 index b94cb512adb5..000000000000 --- a/security/tomoyo/realpath.h +++ /dev/null | |||
@@ -1,76 +0,0 @@ | |||
1 | /* | ||
2 | * security/tomoyo/realpath.h | ||
3 | * | ||
4 | * Get the canonicalized absolute pathnames. The basis for TOMOYO. | ||
5 | * | ||
6 | * Copyright (C) 2005-2009 NTT DATA CORPORATION | ||
7 | * | ||
8 | * Version: 2.2.0 2009/04/01 | ||
9 | * | ||
10 | */ | ||
11 | |||
12 | #ifndef _SECURITY_TOMOYO_REALPATH_H | ||
13 | #define _SECURITY_TOMOYO_REALPATH_H | ||
14 | |||
15 | struct path; | ||
16 | struct tomoyo_path_info; | ||
17 | struct tomoyo_io_buffer; | ||
18 | |||
19 | /* Convert binary string to ascii string. */ | ||
20 | int tomoyo_encode(char *buffer, int buflen, const char *str); | ||
21 | |||
22 | /* Returns realpath(3) of the given pathname but ignores chroot'ed root. */ | ||
23 | int tomoyo_realpath_from_path2(struct path *path, char *newname, | ||
24 | int newname_len); | ||
25 | |||
26 | /* | ||
27 | * Returns realpath(3) of the given pathname but ignores chroot'ed root. | ||
28 | * These functions use kzalloc(), so the caller must call kfree() | ||
29 | * if these functions didn't return NULL. | ||
30 | */ | ||
31 | char *tomoyo_realpath(const char *pathname); | ||
32 | /* | ||
33 | * Same with tomoyo_realpath() except that it doesn't follow the final symlink. | ||
34 | */ | ||
35 | char *tomoyo_realpath_nofollow(const char *pathname); | ||
36 | /* Same with tomoyo_realpath() except that the pathname is already solved. */ | ||
37 | char *tomoyo_realpath_from_path(struct path *path); | ||
38 | |||
39 | /* Check memory quota. */ | ||
40 | bool tomoyo_memory_ok(void *ptr); | ||
41 | |||
42 | /* | ||
43 | * Keep the given name on the RAM. | ||
44 | * The RAM is shared, so NEVER try to modify or kfree() the returned name. | ||
45 | */ | ||
46 | const struct tomoyo_path_info *tomoyo_get_name(const char *name); | ||
47 | |||
48 | /* Check for memory usage. */ | ||
49 | int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head); | ||
50 | |||
51 | /* Set memory quota. */ | ||
52 | int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head); | ||
53 | |||
54 | /* Initialize realpath related code. */ | ||
55 | void __init tomoyo_realpath_init(void); | ||
56 | |||
57 | /* | ||
58 | * tomoyo_name_entry is a structure which is used for linking | ||
59 | * "struct tomoyo_path_info" into tomoyo_name_list . | ||
60 | */ | ||
61 | struct tomoyo_name_entry { | ||
62 | struct list_head list; | ||
63 | atomic_t users; | ||
64 | struct tomoyo_path_info entry; | ||
65 | }; | ||
66 | |||
67 | static inline void tomoyo_put_name(const struct tomoyo_path_info *name) | ||
68 | { | ||
69 | if (name) { | ||
70 | struct tomoyo_name_entry *ptr = | ||
71 | container_of(name, struct tomoyo_name_entry, entry); | ||
72 | atomic_dec(&ptr->users); | ||
73 | } | ||
74 | } | ||
75 | |||
76 | #endif /* !defined(_SECURITY_TOMOYO_REALPATH_H) */ | ||
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 714daa34d493..8a0988dade79 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c | |||
@@ -11,8 +11,6 @@ | |||
11 | 11 | ||
12 | #include <linux/security.h> | 12 | #include <linux/security.h> |
13 | #include "common.h" | 13 | #include "common.h" |
14 | #include "tomoyo.h" | ||
15 | #include "realpath.h" | ||
16 | 14 | ||
17 | static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) | 15 | static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) |
18 | { | 16 | { |
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h deleted file mode 100644 index bf3986addc1a..000000000000 --- a/security/tomoyo/tomoyo.h +++ /dev/null | |||
@@ -1,102 +0,0 @@ | |||
1 | /* | ||
2 | * security/tomoyo/tomoyo.h | ||
3 | * | ||
4 | * Implementation of the Domain-Based Mandatory Access Control. | ||
5 | * | ||
6 | * Copyright (C) 2005-2009 NTT DATA CORPORATION | ||
7 | * | ||
8 | * Version: 2.2.0 2009/04/01 | ||
9 | * | ||
10 | */ | ||
11 | |||
12 | #ifndef _SECURITY_TOMOYO_TOMOYO_H | ||
13 | #define _SECURITY_TOMOYO_TOMOYO_H | ||
14 | |||
15 | struct tomoyo_path_info; | ||
16 | struct path; | ||
17 | struct inode; | ||
18 | struct linux_binprm; | ||
19 | struct pt_regs; | ||
20 | |||
21 | int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, | ||
22 | const struct tomoyo_path_info *filename); | ||
23 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | ||
24 | struct path *path, const int flag); | ||
25 | int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, | ||
26 | const u8 operation, struct path *path); | ||
27 | int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain, | ||
28 | const u8 operation, struct path *path1, | ||
29 | struct path *path2); | ||
30 | int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, | ||
31 | struct file *filp); | ||
32 | int tomoyo_find_next_domain(struct linux_binprm *bprm); | ||
33 | |||
34 | /* Index numbers for Access Controls. */ | ||
35 | |||
36 | #define TOMOYO_TYPE_SINGLE_PATH_ACL 0 | ||
37 | #define TOMOYO_TYPE_DOUBLE_PATH_ACL 1 | ||
38 | |||
39 | /* Index numbers for File Controls. */ | ||
40 | |||
41 | /* | ||
42 | * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set | ||
43 | * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and | ||
44 | * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set. | ||
45 | * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or | ||
46 | * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are | ||
47 | * automatically cleared if TYPE_READ_WRITE_ACL is cleared. | ||
48 | */ | ||
49 | |||
50 | #define TOMOYO_TYPE_READ_WRITE_ACL 0 | ||
51 | #define TOMOYO_TYPE_EXECUTE_ACL 1 | ||
52 | #define TOMOYO_TYPE_READ_ACL 2 | ||
53 | #define TOMOYO_TYPE_WRITE_ACL 3 | ||
54 | #define TOMOYO_TYPE_CREATE_ACL 4 | ||
55 | #define TOMOYO_TYPE_UNLINK_ACL 5 | ||
56 | #define TOMOYO_TYPE_MKDIR_ACL 6 | ||
57 | #define TOMOYO_TYPE_RMDIR_ACL 7 | ||
58 | #define TOMOYO_TYPE_MKFIFO_ACL 8 | ||
59 | #define TOMOYO_TYPE_MKSOCK_ACL 9 | ||
60 | #define TOMOYO_TYPE_MKBLOCK_ACL 10 | ||
61 | #define TOMOYO_TYPE_MKCHAR_ACL 11 | ||
62 | #define TOMOYO_TYPE_TRUNCATE_ACL 12 | ||
63 | #define TOMOYO_TYPE_SYMLINK_ACL 13 | ||
64 | #define TOMOYO_TYPE_REWRITE_ACL 14 | ||
65 | #define TOMOYO_TYPE_IOCTL_ACL 15 | ||
66 | #define TOMOYO_TYPE_CHMOD_ACL 16 | ||
67 | #define TOMOYO_TYPE_CHOWN_ACL 17 | ||
68 | #define TOMOYO_TYPE_CHGRP_ACL 18 | ||
69 | #define TOMOYO_TYPE_CHROOT_ACL 19 | ||
70 | #define TOMOYO_TYPE_MOUNT_ACL 20 | ||
71 | #define TOMOYO_TYPE_UMOUNT_ACL 21 | ||
72 | #define TOMOYO_MAX_SINGLE_PATH_OPERATION 22 | ||
73 | |||
74 | #define TOMOYO_TYPE_LINK_ACL 0 | ||
75 | #define TOMOYO_TYPE_RENAME_ACL 1 | ||
76 | #define TOMOYO_TYPE_PIVOT_ROOT_ACL 2 | ||
77 | #define TOMOYO_MAX_DOUBLE_PATH_OPERATION 3 | ||
78 | |||
79 | #define TOMOYO_DOMAINPOLICY 0 | ||
80 | #define TOMOYO_EXCEPTIONPOLICY 1 | ||
81 | #define TOMOYO_DOMAIN_STATUS 2 | ||
82 | #define TOMOYO_PROCESS_STATUS 3 | ||
83 | #define TOMOYO_MEMINFO 4 | ||
84 | #define TOMOYO_SELFDOMAIN 5 | ||
85 | #define TOMOYO_VERSION 6 | ||
86 | #define TOMOYO_PROFILE 7 | ||
87 | #define TOMOYO_MANAGER 8 | ||
88 | |||
89 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | ||
90 | |||
91 | static inline struct tomoyo_domain_info *tomoyo_domain(void) | ||
92 | { | ||
93 | return current_cred()->security; | ||
94 | } | ||
95 | |||
96 | static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct | ||
97 | *task) | ||
98 | { | ||
99 | return task_cred_xxx(task, security); | ||
100 | } | ||
101 | |||
102 | #endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */ | ||