aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/common.c23
-rw-r--r--security/tomoyo/common.h411
-rw-r--r--security/tomoyo/domain.c72
-rw-r--r--security/tomoyo/file.c52
-rw-r--r--security/tomoyo/realpath.c10
-rw-r--r--security/tomoyo/realpath.h76
-rw-r--r--security/tomoyo/tomoyo.c2
-rw-r--r--security/tomoyo/tomoyo.h102
8 files changed, 351 insertions, 397 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 0c7ea51e7a45..634f7449e8ba 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -13,8 +13,6 @@
13#include <linux/security.h> 13#include <linux/security.h>
14#include <linux/hardirq.h> 14#include <linux/hardirq.h>
15#include "common.h" 15#include "common.h"
16#include "realpath.h"
17#include "tomoyo.h"
18 16
19/* Lock for protecting policy. */ 17/* Lock for protecting policy. */
20DEFINE_MUTEX(tomoyo_policy_lock); 18DEFINE_MUTEX(tomoyo_policy_lock);
@@ -1040,27 +1038,6 @@ static int tomoyo_read_profile(struct tomoyo_io_buffer *head)
1040} 1038}
1041 1039
1042/* 1040/*
1043 * tomoyo_policy_manager_entry is a structure which is used for holding list of
1044 * domainnames or programs which are permitted to modify configuration via
1045 * /sys/kernel/security/tomoyo/ interface.
1046 * It has following fields.
1047 *
1048 * (1) "list" which is linked to tomoyo_policy_manager_list .
1049 * (2) "manager" is a domainname or a program's pathname.
1050 * (3) "is_domain" is a bool which is true if "manager" is a domainname, false
1051 * otherwise.
1052 * (4) "is_deleted" is a bool which is true if marked as deleted, false
1053 * otherwise.
1054 */
1055struct tomoyo_policy_manager_entry {
1056 struct list_head list;
1057 /* A path to program or a domainname. */
1058 const struct tomoyo_path_info *manager;
1059 bool is_domain; /* True if manager is a domainname. */
1060 bool is_deleted; /* True if this entry is deleted. */
1061};
1062
1063/*
1064 * tomoyo_policy_manager_list is used for holding list of domainnames or 1041 * tomoyo_policy_manager_list is used for holding list of domainnames or
1065 * programs which are permitted to modify configuration via 1042 * programs which are permitted to modify configuration via
1066 * /sys/kernel/security/tomoyo/ interface. 1043 * /sys/kernel/security/tomoyo/ interface.
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 509ced9ce698..f6aff59b0885 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -1,12 +1,9 @@
1/* 1/*
2 * security/tomoyo/common.h 2 * security/tomoyo/common.h
3 * 3 *
4 * Common functions for TOMOYO. 4 * Header file for TOMOYO.
5 *
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
7 *
8 * Version: 2.2.0 2009/04/01
9 * 5 *
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
10 */ 7 */
11 8
12#ifndef _SECURITY_TOMOYO_COMMON_H 9#ifndef _SECURITY_TOMOYO_COMMON_H
@@ -22,9 +19,110 @@
22#include <linux/namei.h> 19#include <linux/namei.h>
23#include <linux/mount.h> 20#include <linux/mount.h>
24#include <linux/list.h> 21#include <linux/list.h>
22#include <linux/cred.h>
23struct linux_binprm;
24
25/********** Constants definitions. **********/
26
27/*
28 * TOMOYO uses this hash only when appending a string into the string
29 * table. Frequency of appending strings is very low. So we don't need
30 * large (e.g. 64k) hash size. 256 will be sufficient.
31 */
32#define TOMOYO_HASH_BITS 8
33#define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS)
34
35/*
36 * This is the max length of a token.
37 *
38 * A token consists of only ASCII printable characters.
39 * Non printable characters in a token is represented in \ooo style
40 * octal string. Thus, \ itself is represented as \\.
41 */
42#define TOMOYO_MAX_PATHNAME_LEN 4000
43
44/* Profile number is an integer between 0 and 255. */
45#define TOMOYO_MAX_PROFILES 256
46
47/* Keywords for ACLs. */
48#define TOMOYO_KEYWORD_ALIAS "alias "
49#define TOMOYO_KEYWORD_ALLOW_READ "allow_read "
50#define TOMOYO_KEYWORD_DELETE "delete "
51#define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite "
52#define TOMOYO_KEYWORD_FILE_PATTERN "file_pattern "
53#define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain "
54#define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain "
55#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain "
56#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain "
57#define TOMOYO_KEYWORD_SELECT "select "
58#define TOMOYO_KEYWORD_USE_PROFILE "use_profile "
59#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read"
60/* A domain definition starts with <kernel>. */
61#define TOMOYO_ROOT_NAME "<kernel>"
62#define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1)
63
64/* Index numbers for Access Controls. */
65#define TOMOYO_MAC_FOR_FILE 0 /* domain_policy.conf */
66#define TOMOYO_MAX_ACCEPT_ENTRY 1
67#define TOMOYO_VERBOSE 2
68#define TOMOYO_MAX_CONTROL_INDEX 3
69
70/* Index numbers for Access Controls. */
71
72#define TOMOYO_TYPE_SINGLE_PATH_ACL 0
73#define TOMOYO_TYPE_DOUBLE_PATH_ACL 1
74
75/* Index numbers for File Controls. */
76
77/*
78 * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set
79 * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and
80 * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set.
81 * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or
82 * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are
83 * automatically cleared if TYPE_READ_WRITE_ACL is cleared.
84 */
85
86#define TOMOYO_TYPE_READ_WRITE_ACL 0
87#define TOMOYO_TYPE_EXECUTE_ACL 1
88#define TOMOYO_TYPE_READ_ACL 2
89#define TOMOYO_TYPE_WRITE_ACL 3
90#define TOMOYO_TYPE_CREATE_ACL 4
91#define TOMOYO_TYPE_UNLINK_ACL 5
92#define TOMOYO_TYPE_MKDIR_ACL 6
93#define TOMOYO_TYPE_RMDIR_ACL 7
94#define TOMOYO_TYPE_MKFIFO_ACL 8
95#define TOMOYO_TYPE_MKSOCK_ACL 9
96#define TOMOYO_TYPE_MKBLOCK_ACL 10
97#define TOMOYO_TYPE_MKCHAR_ACL 11
98#define TOMOYO_TYPE_TRUNCATE_ACL 12
99#define TOMOYO_TYPE_SYMLINK_ACL 13
100#define TOMOYO_TYPE_REWRITE_ACL 14
101#define TOMOYO_TYPE_IOCTL_ACL 15
102#define TOMOYO_TYPE_CHMOD_ACL 16
103#define TOMOYO_TYPE_CHOWN_ACL 17
104#define TOMOYO_TYPE_CHGRP_ACL 18
105#define TOMOYO_TYPE_CHROOT_ACL 19
106#define TOMOYO_TYPE_MOUNT_ACL 20
107#define TOMOYO_TYPE_UMOUNT_ACL 21
108#define TOMOYO_MAX_SINGLE_PATH_OPERATION 22
109
110#define TOMOYO_TYPE_LINK_ACL 0
111#define TOMOYO_TYPE_RENAME_ACL 1
112#define TOMOYO_TYPE_PIVOT_ROOT_ACL 2
113#define TOMOYO_MAX_DOUBLE_PATH_OPERATION 3
114
115#define TOMOYO_DOMAINPOLICY 0
116#define TOMOYO_EXCEPTIONPOLICY 1
117#define TOMOYO_DOMAIN_STATUS 2
118#define TOMOYO_PROCESS_STATUS 3
119#define TOMOYO_MEMINFO 4
120#define TOMOYO_SELFDOMAIN 5
121#define TOMOYO_VERSION 6
122#define TOMOYO_PROFILE 7
123#define TOMOYO_MANAGER 8
25 124
26struct dentry; 125/********** Structure definitions. **********/
27struct vfsmount;
28 126
29/* 127/*
30 * tomoyo_page_buffer is a structure which is used for holding a pathname 128 * tomoyo_page_buffer is a structure which is used for holding a pathname
@@ -66,13 +164,14 @@ struct tomoyo_path_info {
66}; 164};
67 165
68/* 166/*
69 * This is the max length of a token. 167 * tomoyo_name_entry is a structure which is used for linking
70 * 168 * "struct tomoyo_path_info" into tomoyo_name_list .
71 * A token consists of only ASCII printable characters.
72 * Non printable characters in a token is represented in \ooo style
73 * octal string. Thus, \ itself is represented as \\.
74 */ 169 */
75#define TOMOYO_MAX_PATHNAME_LEN 4000 170struct tomoyo_name_entry {
171 struct list_head list;
172 atomic_t users;
173 struct tomoyo_path_info entry;
174};
76 175
77/* 176/*
78 * tomoyo_path_info_with_data is a structure which is used for holding a 177 * tomoyo_path_info_with_data is a structure which is used for holding a
@@ -155,9 +254,6 @@ struct tomoyo_domain_info {
155 bool transition_failed; /* Domain transition failed flag. */ 254 bool transition_failed; /* Domain transition failed flag. */
156}; 255};
157 256
158/* Profile number is an integer between 0 and 255. */
159#define TOMOYO_MAX_PROFILES 256
160
161/* 257/*
162 * tomoyo_single_path_acl_record is a structure which is used for holding an 258 * tomoyo_single_path_acl_record is a structure which is used for holding an
163 * entry with one pathname operation (e.g. open(), mkdir()). 259 * entry with one pathname operation (e.g. open(), mkdir()).
@@ -204,29 +300,6 @@ struct tomoyo_double_path_acl_record {
204 const struct tomoyo_path_info *filename2; 300 const struct tomoyo_path_info *filename2;
205}; 301};
206 302
207/* Keywords for ACLs. */
208#define TOMOYO_KEYWORD_ALIAS "alias "
209#define TOMOYO_KEYWORD_ALLOW_READ "allow_read "
210#define TOMOYO_KEYWORD_DELETE "delete "
211#define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite "
212#define TOMOYO_KEYWORD_FILE_PATTERN "file_pattern "
213#define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain "
214#define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain "
215#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain "
216#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain "
217#define TOMOYO_KEYWORD_SELECT "select "
218#define TOMOYO_KEYWORD_USE_PROFILE "use_profile "
219#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read"
220/* A domain definition starts with <kernel>. */
221#define TOMOYO_ROOT_NAME "<kernel>"
222#define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1)
223
224/* Index numbers for Access Controls. */
225#define TOMOYO_MAC_FOR_FILE 0 /* domain_policy.conf */
226#define TOMOYO_MAX_ACCEPT_ENTRY 1
227#define TOMOYO_VERBOSE 2
228#define TOMOYO_MAX_CONTROL_INDEX 3
229
230/* 303/*
231 * tomoyo_io_buffer is a structure which is used for reading and modifying 304 * tomoyo_io_buffer is a structure which is used for reading and modifying
232 * configuration via /sys/kernel/security/tomoyo/ interface. 305 * configuration via /sys/kernel/security/tomoyo/ interface.
@@ -285,6 +358,149 @@ struct tomoyo_io_buffer {
285 int writebuf_size; 358 int writebuf_size;
286}; 359};
287 360
361/*
362 * tomoyo_globally_readable_file_entry is a structure which is used for holding
363 * "allow_read" entries.
364 * It has following fields.
365 *
366 * (1) "list" which is linked to tomoyo_globally_readable_list .
367 * (2) "filename" is a pathname which is allowed to open(O_RDONLY).
368 * (3) "is_deleted" is a bool which is true if marked as deleted, false
369 * otherwise.
370 */
371struct tomoyo_globally_readable_file_entry {
372 struct list_head list;
373 const struct tomoyo_path_info *filename;
374 bool is_deleted;
375};
376
377/*
378 * tomoyo_pattern_entry is a structure which is used for holding
379 * "tomoyo_pattern_list" entries.
380 * It has following fields.
381 *
382 * (1) "list" which is linked to tomoyo_pattern_list .
383 * (2) "pattern" is a pathname pattern which is used for converting pathnames
384 * to pathname patterns during learning mode.
385 * (3) "is_deleted" is a bool which is true if marked as deleted, false
386 * otherwise.
387 */
388struct tomoyo_pattern_entry {
389 struct list_head list;
390 const struct tomoyo_path_info *pattern;
391 bool is_deleted;
392};
393
394/*
395 * tomoyo_no_rewrite_entry is a structure which is used for holding
396 * "deny_rewrite" entries.
397 * It has following fields.
398 *
399 * (1) "list" which is linked to tomoyo_no_rewrite_list .
400 * (2) "pattern" is a pathname which is by default not permitted to modify
401 * already existing content.
402 * (3) "is_deleted" is a bool which is true if marked as deleted, false
403 * otherwise.
404 */
405struct tomoyo_no_rewrite_entry {
406 struct list_head list;
407 const struct tomoyo_path_info *pattern;
408 bool is_deleted;
409};
410
411/*
412 * tomoyo_domain_initializer_entry is a structure which is used for holding
413 * "initialize_domain" and "no_initialize_domain" entries.
414 * It has following fields.
415 *
416 * (1) "list" which is linked to tomoyo_domain_initializer_list .
417 * (2) "domainname" which is "a domainname" or "the last component of a
418 * domainname". This field is NULL if "from" clause is not specified.
419 * (3) "program" which is a program's pathname.
420 * (4) "is_deleted" is a bool which is true if marked as deleted, false
421 * otherwise.
422 * (5) "is_not" is a bool which is true if "no_initialize_domain", false
423 * otherwise.
424 * (6) "is_last_name" is a bool which is true if "domainname" is "the last
425 * component of a domainname", false otherwise.
426 */
427struct tomoyo_domain_initializer_entry {
428 struct list_head list;
429 const struct tomoyo_path_info *domainname; /* This may be NULL */
430 const struct tomoyo_path_info *program;
431 bool is_deleted;
432 bool is_not; /* True if this entry is "no_initialize_domain". */
433 /* True if the domainname is tomoyo_get_last_name(). */
434 bool is_last_name;
435};
436
437/*
438 * tomoyo_domain_keeper_entry is a structure which is used for holding
439 * "keep_domain" and "no_keep_domain" entries.
440 * It has following fields.
441 *
442 * (1) "list" which is linked to tomoyo_domain_keeper_list .
443 * (2) "domainname" which is "a domainname" or "the last component of a
444 * domainname".
445 * (3) "program" which is a program's pathname.
446 * This field is NULL if "from" clause is not specified.
447 * (4) "is_deleted" is a bool which is true if marked as deleted, false
448 * otherwise.
449 * (5) "is_not" is a bool which is true if "no_initialize_domain", false
450 * otherwise.
451 * (6) "is_last_name" is a bool which is true if "domainname" is "the last
452 * component of a domainname", false otherwise.
453 */
454struct tomoyo_domain_keeper_entry {
455 struct list_head list;
456 const struct tomoyo_path_info *domainname;
457 const struct tomoyo_path_info *program; /* This may be NULL */
458 bool is_deleted;
459 bool is_not; /* True if this entry is "no_keep_domain". */
460 /* True if the domainname is tomoyo_get_last_name(). */
461 bool is_last_name;
462};
463
464/*
465 * tomoyo_alias_entry is a structure which is used for holding "alias" entries.
466 * It has following fields.
467 *
468 * (1) "list" which is linked to tomoyo_alias_list .
469 * (2) "original_name" which is a dereferenced pathname.
470 * (3) "aliased_name" which is a symlink's pathname.
471 * (4) "is_deleted" is a bool which is true if marked as deleted, false
472 * otherwise.
473 */
474struct tomoyo_alias_entry {
475 struct list_head list;
476 const struct tomoyo_path_info *original_name;
477 const struct tomoyo_path_info *aliased_name;
478 bool is_deleted;
479};
480
481/*
482 * tomoyo_policy_manager_entry is a structure which is used for holding list of
483 * domainnames or programs which are permitted to modify configuration via
484 * /sys/kernel/security/tomoyo/ interface.
485 * It has following fields.
486 *
487 * (1) "list" which is linked to tomoyo_policy_manager_list .
488 * (2) "manager" is a domainname or a program's pathname.
489 * (3) "is_domain" is a bool which is true if "manager" is a domainname, false
490 * otherwise.
491 * (4) "is_deleted" is a bool which is true if marked as deleted, false
492 * otherwise.
493 */
494struct tomoyo_policy_manager_entry {
495 struct list_head list;
496 /* A path to program or a domainname. */
497 const struct tomoyo_path_info *manager;
498 bool is_domain; /* True if manager is a domainname. */
499 bool is_deleted; /* True if this entry is deleted. */
500};
501
502/********** Function prototypes. **********/
503
288/* Check whether the domain has too many ACL entries to hold. */ 504/* Check whether the domain has too many ACL entries to hold. */
289bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain); 505bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain);
290/* Transactional sprintf() for policy dump. */ 506/* Transactional sprintf() for policy dump. */
@@ -367,6 +583,85 @@ void tomoyo_fill_path_info(struct tomoyo_path_info *ptr);
367/* Run policy loader when /sbin/init starts. */ 583/* Run policy loader when /sbin/init starts. */
368void tomoyo_load_policy(const char *filename); 584void tomoyo_load_policy(const char *filename);
369 585
586/* Convert binary string to ascii string. */
587int tomoyo_encode(char *buffer, int buflen, const char *str);
588
589/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */
590int tomoyo_realpath_from_path2(struct path *path, char *newname,
591 int newname_len);
592
593/*
594 * Returns realpath(3) of the given pathname but ignores chroot'ed root.
595 * These functions use kzalloc(), so the caller must call kfree()
596 * if these functions didn't return NULL.
597 */
598char *tomoyo_realpath(const char *pathname);
599/*
600 * Same with tomoyo_realpath() except that it doesn't follow the final symlink.
601 */
602char *tomoyo_realpath_nofollow(const char *pathname);
603/* Same with tomoyo_realpath() except that the pathname is already solved. */
604char *tomoyo_realpath_from_path(struct path *path);
605
606/* Check memory quota. */
607bool tomoyo_memory_ok(void *ptr);
608
609/*
610 * Keep the given name on the RAM.
611 * The RAM is shared, so NEVER try to modify or kfree() the returned name.
612 */
613const struct tomoyo_path_info *tomoyo_get_name(const char *name);
614
615/* Check for memory usage. */
616int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head);
617
618/* Set memory quota. */
619int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head);
620
621/* Initialize realpath related code. */
622void __init tomoyo_realpath_init(void);
623int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
624 const struct tomoyo_path_info *filename);
625int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
626 struct path *path, const int flag);
627int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
628 const u8 operation, struct path *path);
629int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain,
630 const u8 operation, struct path *path1,
631 struct path *path2);
632int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
633 struct file *filp);
634int tomoyo_find_next_domain(struct linux_binprm *bprm);
635
636/********** External variable definitions. **********/
637
638/* Lock for GC. */
639extern struct srcu_struct tomoyo_ss;
640
641/* The list for "struct tomoyo_domain_info". */
642extern struct list_head tomoyo_domain_list;
643
644/* Lock for protecting policy. */
645extern struct mutex tomoyo_policy_lock;
646
647/* Has /sbin/init started? */
648extern bool tomoyo_policy_loaded;
649
650/* The kernel's domain. */
651extern struct tomoyo_domain_info tomoyo_kernel_domain;
652
653/********** Inlined functions. **********/
654
655static inline int tomoyo_read_lock(void)
656{
657 return srcu_read_lock(&tomoyo_ss);
658}
659
660static inline void tomoyo_read_unlock(int idx)
661{
662 srcu_read_unlock(&tomoyo_ss, idx);
663}
664
370/* strcmp() for "struct tomoyo_path_info" structure. */ 665/* strcmp() for "struct tomoyo_path_info" structure. */
371static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, 666static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a,
372 const struct tomoyo_path_info *b) 667 const struct tomoyo_path_info *b)
@@ -398,17 +693,25 @@ static inline bool tomoyo_is_invalid(const unsigned char c)
398 return c && (c <= ' ' || c >= 127); 693 return c && (c <= ' ' || c >= 127);
399} 694}
400 695
401/* The list for "struct tomoyo_domain_info". */ 696static inline void tomoyo_put_name(const struct tomoyo_path_info *name)
402extern struct list_head tomoyo_domain_list; 697{
403 698 if (name) {
404/* Lock for protecting policy. */ 699 struct tomoyo_name_entry *ptr =
405extern struct mutex tomoyo_policy_lock; 700 container_of(name, struct tomoyo_name_entry, entry);
701 atomic_dec(&ptr->users);
702 }
703}
406 704
407/* Has /sbin/init started? */ 705static inline struct tomoyo_domain_info *tomoyo_domain(void)
408extern bool tomoyo_policy_loaded; 706{
707 return current_cred()->security;
708}
409 709
410/* The kernel's domain. */ 710static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
411extern struct tomoyo_domain_info tomoyo_kernel_domain; 711 *task)
712{
713 return task_cred_xxx(task, security);
714}
412 715
413/** 716/**
414 * list_for_each_cookie - iterate over a list with cookie. 717 * list_for_each_cookie - iterate over a list with cookie.
@@ -428,16 +731,4 @@ extern struct tomoyo_domain_info tomoyo_kernel_domain;
428 prefetch(pos->next), pos != (head) || ((cookie) = NULL); \ 731 prefetch(pos->next), pos != (head) || ((cookie) = NULL); \
429 (cookie) = pos, pos = rcu_dereference(pos->next)) 732 (cookie) = pos, pos = rcu_dereference(pos->next))
430 733
431extern struct srcu_struct tomoyo_ss;
432
433static inline int tomoyo_read_lock(void)
434{
435 return srcu_read_lock(&tomoyo_ss);
436}
437
438static inline void tomoyo_read_unlock(int idx)
439{
440 srcu_read_unlock(&tomoyo_ss, idx);
441}
442
443#endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ 734#endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 0b8262567809..d60b8a61b0c8 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -10,8 +10,6 @@
10 */ 10 */
11 11
12#include "common.h" 12#include "common.h"
13#include "tomoyo.h"
14#include "realpath.h"
15#include <linux/binfmts.h> 13#include <linux/binfmts.h>
16 14
17/* Variables definitions.*/ 15/* Variables definitions.*/
@@ -59,76 +57,6 @@ struct tomoyo_domain_info tomoyo_kernel_domain;
59 */ 57 */
60LIST_HEAD(tomoyo_domain_list); 58LIST_HEAD(tomoyo_domain_list);
61 59
62/*
63 * tomoyo_domain_initializer_entry is a structure which is used for holding
64 * "initialize_domain" and "no_initialize_domain" entries.
65 * It has following fields.
66 *
67 * (1) "list" which is linked to tomoyo_domain_initializer_list .
68 * (2) "domainname" which is "a domainname" or "the last component of a
69 * domainname". This field is NULL if "from" clause is not specified.
70 * (3) "program" which is a program's pathname.
71 * (4) "is_deleted" is a bool which is true if marked as deleted, false
72 * otherwise.
73 * (5) "is_not" is a bool which is true if "no_initialize_domain", false
74 * otherwise.
75 * (6) "is_last_name" is a bool which is true if "domainname" is "the last
76 * component of a domainname", false otherwise.
77 */
78struct tomoyo_domain_initializer_entry {
79 struct list_head list;
80 const struct tomoyo_path_info *domainname; /* This may be NULL */
81 const struct tomoyo_path_info *program;
82 bool is_deleted;
83 bool is_not; /* True if this entry is "no_initialize_domain". */
84 /* True if the domainname is tomoyo_get_last_name(). */
85 bool is_last_name;
86};
87
88/*
89 * tomoyo_domain_keeper_entry is a structure which is used for holding
90 * "keep_domain" and "no_keep_domain" entries.
91 * It has following fields.
92 *
93 * (1) "list" which is linked to tomoyo_domain_keeper_list .
94 * (2) "domainname" which is "a domainname" or "the last component of a
95 * domainname".
96 * (3) "program" which is a program's pathname.
97 * This field is NULL if "from" clause is not specified.
98 * (4) "is_deleted" is a bool which is true if marked as deleted, false
99 * otherwise.
100 * (5) "is_not" is a bool which is true if "no_initialize_domain", false
101 * otherwise.
102 * (6) "is_last_name" is a bool which is true if "domainname" is "the last
103 * component of a domainname", false otherwise.
104 */
105struct tomoyo_domain_keeper_entry {
106 struct list_head list;
107 const struct tomoyo_path_info *domainname;
108 const struct tomoyo_path_info *program; /* This may be NULL */
109 bool is_deleted;
110 bool is_not; /* True if this entry is "no_keep_domain". */
111 /* True if the domainname is tomoyo_get_last_name(). */
112 bool is_last_name;
113};
114
115/*
116 * tomoyo_alias_entry is a structure which is used for holding "alias" entries.
117 * It has following fields.
118 *
119 * (1) "list" which is linked to tomoyo_alias_list .
120 * (2) "original_name" which is a dereferenced pathname.
121 * (3) "aliased_name" which is a symlink's pathname.
122 * (4) "is_deleted" is a bool which is true if marked as deleted, false
123 * otherwise.
124 */
125struct tomoyo_alias_entry {
126 struct list_head list;
127 const struct tomoyo_path_info *original_name;
128 const struct tomoyo_path_info *aliased_name;
129 bool is_deleted;
130};
131
132/** 60/**
133 * tomoyo_get_last_name - Get last component of a domainname. 61 * tomoyo_get_last_name - Get last component of a domainname.
134 * 62 *
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index a49e18cc7bc2..c69dd39e6042 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -10,58 +10,6 @@
10 */ 10 */
11 11
12#include "common.h" 12#include "common.h"
13#include "tomoyo.h"
14#include "realpath.h"
15
16/*
17 * tomoyo_globally_readable_file_entry is a structure which is used for holding
18 * "allow_read" entries.
19 * It has following fields.
20 *
21 * (1) "list" which is linked to tomoyo_globally_readable_list .
22 * (2) "filename" is a pathname which is allowed to open(O_RDONLY).
23 * (3) "is_deleted" is a bool which is true if marked as deleted, false
24 * otherwise.
25 */
26struct tomoyo_globally_readable_file_entry {
27 struct list_head list;
28 const struct tomoyo_path_info *filename;
29 bool is_deleted;
30};
31
32/*
33 * tomoyo_pattern_entry is a structure which is used for holding
34 * "tomoyo_pattern_list" entries.
35 * It has following fields.
36 *
37 * (1) "list" which is linked to tomoyo_pattern_list .
38 * (2) "pattern" is a pathname pattern which is used for converting pathnames
39 * to pathname patterns during learning mode.
40 * (3) "is_deleted" is a bool which is true if marked as deleted, false
41 * otherwise.
42 */
43struct tomoyo_pattern_entry {
44 struct list_head list;
45 const struct tomoyo_path_info *pattern;
46 bool is_deleted;
47};
48
49/*
50 * tomoyo_no_rewrite_entry is a structure which is used for holding
51 * "deny_rewrite" entries.
52 * It has following fields.
53 *
54 * (1) "list" which is linked to tomoyo_no_rewrite_list .
55 * (2) "pattern" is a pathname which is by default not permitted to modify
56 * already existing content.
57 * (3) "is_deleted" is a bool which is true if marked as deleted, false
58 * otherwise.
59 */
60struct tomoyo_no_rewrite_entry {
61 struct list_head list;
62 const struct tomoyo_path_info *pattern;
63 bool is_deleted;
64};
65 13
66/* Keyword array for single path operations. */ 14/* Keyword array for single path operations. */
67static const char *tomoyo_sp_keyword[TOMOYO_MAX_SINGLE_PATH_OPERATION] = { 15static const char *tomoyo_sp_keyword[TOMOYO_MAX_SINGLE_PATH_OPERATION] = {
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 2f7f54fc6812..9557168b3767 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -15,9 +15,7 @@
15#include <linux/fs_struct.h> 15#include <linux/fs_struct.h>
16#include <linux/hash.h> 16#include <linux/hash.h>
17#include <linux/magic.h> 17#include <linux/magic.h>
18
19#include "common.h" 18#include "common.h"
20#include "realpath.h"
21 19
22/** 20/**
23 * tomoyo_encode: Convert binary string to ascii string. 21 * tomoyo_encode: Convert binary string to ascii string.
@@ -246,14 +244,6 @@ static unsigned int tomoyo_allocated_memory_for_savename;
246static unsigned int tomoyo_quota_for_savename; 244static unsigned int tomoyo_quota_for_savename;
247 245
248/* 246/*
249 * TOMOYO uses this hash only when appending a string into the string
250 * table. Frequency of appending strings is very low. So we don't need
251 * large (e.g. 64k) hash size. 256 will be sufficient.
252 */
253#define TOMOYO_HASH_BITS 8
254#define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS)
255
256/*
257 * tomoyo_name_list is used for holding string data used by TOMOYO. 247 * tomoyo_name_list is used for holding string data used by TOMOYO.
258 * Since same string data is likely used for multiple times (e.g. 248 * Since same string data is likely used for multiple times (e.g.
259 * "/lib/libc-2.5.so"), TOMOYO shares string data in the form of 249 * "/lib/libc-2.5.so"), TOMOYO shares string data in the form of
diff --git a/security/tomoyo/realpath.h b/security/tomoyo/realpath.h
deleted file mode 100644
index b94cb512adb5..000000000000
--- a/security/tomoyo/realpath.h
+++ /dev/null
@@ -1,76 +0,0 @@
1/*
2 * security/tomoyo/realpath.h
3 *
4 * Get the canonicalized absolute pathnames. The basis for TOMOYO.
5 *
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
7 *
8 * Version: 2.2.0 2009/04/01
9 *
10 */
11
12#ifndef _SECURITY_TOMOYO_REALPATH_H
13#define _SECURITY_TOMOYO_REALPATH_H
14
15struct path;
16struct tomoyo_path_info;
17struct tomoyo_io_buffer;
18
19/* Convert binary string to ascii string. */
20int tomoyo_encode(char *buffer, int buflen, const char *str);
21
22/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */
23int tomoyo_realpath_from_path2(struct path *path, char *newname,
24 int newname_len);
25
26/*
27 * Returns realpath(3) of the given pathname but ignores chroot'ed root.
28 * These functions use kzalloc(), so the caller must call kfree()
29 * if these functions didn't return NULL.
30 */
31char *tomoyo_realpath(const char *pathname);
32/*
33 * Same with tomoyo_realpath() except that it doesn't follow the final symlink.
34 */
35char *tomoyo_realpath_nofollow(const char *pathname);
36/* Same with tomoyo_realpath() except that the pathname is already solved. */
37char *tomoyo_realpath_from_path(struct path *path);
38
39/* Check memory quota. */
40bool tomoyo_memory_ok(void *ptr);
41
42/*
43 * Keep the given name on the RAM.
44 * The RAM is shared, so NEVER try to modify or kfree() the returned name.
45 */
46const struct tomoyo_path_info *tomoyo_get_name(const char *name);
47
48/* Check for memory usage. */
49int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head);
50
51/* Set memory quota. */
52int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head);
53
54/* Initialize realpath related code. */
55void __init tomoyo_realpath_init(void);
56
57/*
58 * tomoyo_name_entry is a structure which is used for linking
59 * "struct tomoyo_path_info" into tomoyo_name_list .
60 */
61struct tomoyo_name_entry {
62 struct list_head list;
63 atomic_t users;
64 struct tomoyo_path_info entry;
65};
66
67static inline void tomoyo_put_name(const struct tomoyo_path_info *name)
68{
69 if (name) {
70 struct tomoyo_name_entry *ptr =
71 container_of(name, struct tomoyo_name_entry, entry);
72 atomic_dec(&ptr->users);
73 }
74}
75
76#endif /* !defined(_SECURITY_TOMOYO_REALPATH_H) */
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 714daa34d493..8a0988dade79 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -11,8 +11,6 @@
11 11
12#include <linux/security.h> 12#include <linux/security.h>
13#include "common.h" 13#include "common.h"
14#include "tomoyo.h"
15#include "realpath.h"
16 14
17static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) 15static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
18{ 16{
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h
deleted file mode 100644
index bf3986addc1a..000000000000
--- a/security/tomoyo/tomoyo.h
+++ /dev/null
@@ -1,102 +0,0 @@
1/*
2 * security/tomoyo/tomoyo.h
3 *
4 * Implementation of the Domain-Based Mandatory Access Control.
5 *
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
7 *
8 * Version: 2.2.0 2009/04/01
9 *
10 */
11
12#ifndef _SECURITY_TOMOYO_TOMOYO_H
13#define _SECURITY_TOMOYO_TOMOYO_H
14
15struct tomoyo_path_info;
16struct path;
17struct inode;
18struct linux_binprm;
19struct pt_regs;
20
21int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
22 const struct tomoyo_path_info *filename);
23int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
24 struct path *path, const int flag);
25int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
26 const u8 operation, struct path *path);
27int tomoyo_check_2path_perm(struct tomoyo_domain_info *domain,
28 const u8 operation, struct path *path1,
29 struct path *path2);
30int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
31 struct file *filp);
32int tomoyo_find_next_domain(struct linux_binprm *bprm);
33
34/* Index numbers for Access Controls. */
35
36#define TOMOYO_TYPE_SINGLE_PATH_ACL 0
37#define TOMOYO_TYPE_DOUBLE_PATH_ACL 1
38
39/* Index numbers for File Controls. */
40
41/*
42 * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set
43 * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and
44 * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set.
45 * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or
46 * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are
47 * automatically cleared if TYPE_READ_WRITE_ACL is cleared.
48 */
49
50#define TOMOYO_TYPE_READ_WRITE_ACL 0
51#define TOMOYO_TYPE_EXECUTE_ACL 1
52#define TOMOYO_TYPE_READ_ACL 2
53#define TOMOYO_TYPE_WRITE_ACL 3
54#define TOMOYO_TYPE_CREATE_ACL 4
55#define TOMOYO_TYPE_UNLINK_ACL 5
56#define TOMOYO_TYPE_MKDIR_ACL 6
57#define TOMOYO_TYPE_RMDIR_ACL 7
58#define TOMOYO_TYPE_MKFIFO_ACL 8
59#define TOMOYO_TYPE_MKSOCK_ACL 9
60#define TOMOYO_TYPE_MKBLOCK_ACL 10
61#define TOMOYO_TYPE_MKCHAR_ACL 11
62#define TOMOYO_TYPE_TRUNCATE_ACL 12
63#define TOMOYO_TYPE_SYMLINK_ACL 13
64#define TOMOYO_TYPE_REWRITE_ACL 14
65#define TOMOYO_TYPE_IOCTL_ACL 15
66#define TOMOYO_TYPE_CHMOD_ACL 16
67#define TOMOYO_TYPE_CHOWN_ACL 17
68#define TOMOYO_TYPE_CHGRP_ACL 18
69#define TOMOYO_TYPE_CHROOT_ACL 19
70#define TOMOYO_TYPE_MOUNT_ACL 20
71#define TOMOYO_TYPE_UMOUNT_ACL 21
72#define TOMOYO_MAX_SINGLE_PATH_OPERATION 22
73
74#define TOMOYO_TYPE_LINK_ACL 0
75#define TOMOYO_TYPE_RENAME_ACL 1
76#define TOMOYO_TYPE_PIVOT_ROOT_ACL 2
77#define TOMOYO_MAX_DOUBLE_PATH_OPERATION 3
78
79#define TOMOYO_DOMAINPOLICY 0
80#define TOMOYO_EXCEPTIONPOLICY 1
81#define TOMOYO_DOMAIN_STATUS 2
82#define TOMOYO_PROCESS_STATUS 3
83#define TOMOYO_MEMINFO 4
84#define TOMOYO_SELFDOMAIN 5
85#define TOMOYO_VERSION 6
86#define TOMOYO_PROFILE 7
87#define TOMOYO_MANAGER 8
88
89extern struct tomoyo_domain_info tomoyo_kernel_domain;
90
91static inline struct tomoyo_domain_info *tomoyo_domain(void)
92{
93 return current_cred()->security;
94}
95
96static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
97 *task)
98{
99 return task_cred_xxx(task, security);
100}
101
102#endif /* !defined(_SECURITY_TOMOYO_TOMOYO_H) */