aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/common.h213
1 files changed, 96 insertions, 117 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index a15fe29740a4..465e34bd4eb9 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -585,165 +585,144 @@ struct tomoyo_policy_namespace {
585 585
586/********** Function prototypes. **********/ 586/********** Function prototypes. **********/
587 587
588void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns);
589bool tomoyo_str_starts(char **src, const char *find);
590const char *tomoyo_get_exe(void);
591void tomoyo_normalize_line(unsigned char *buffer);
592void tomoyo_check_profile(void);
593int tomoyo_open_control(const u8 type, struct file *file);
594int tomoyo_close_control(struct tomoyo_io_buffer *head);
595int tomoyo_poll_control(struct file *file, poll_table *wait);
596ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
597 const int buffer_len);
598ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
599 const char __user *buffer, const int buffer_len);
600bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
601void tomoyo_warn_oom(const char *function);
602const struct tomoyo_path_info *
603tomoyo_compare_name_union(const struct tomoyo_path_info *name,
604 const struct tomoyo_name_union *ptr);
605bool tomoyo_compare_number_union(const unsigned long value, 588bool tomoyo_compare_number_union(const unsigned long value,
606 const struct tomoyo_number_union *ptr); 589 const struct tomoyo_number_union *ptr);
607int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
608 const u8 index);
609void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
610 __attribute__ ((format(printf, 2, 3)));
611bool tomoyo_correct_domain(const unsigned char *domainname); 590bool tomoyo_correct_domain(const unsigned char *domainname);
612bool tomoyo_correct_path(const char *filename); 591bool tomoyo_correct_path(const char *filename);
613bool tomoyo_correct_word(const char *string); 592bool tomoyo_correct_word(const char *string);
614bool tomoyo_domain_def(const unsigned char *buffer); 593bool tomoyo_domain_def(const unsigned char *buffer);
615bool tomoyo_parse_name_union(struct tomoyo_acl_param *param, 594bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
616 struct tomoyo_name_union *ptr); 595bool tomoyo_memory_ok(void *ptr);
617const struct tomoyo_path_info *
618tomoyo_path_matches_group(const struct tomoyo_path_info *pathname,
619 const struct tomoyo_group *group);
620bool tomoyo_number_matches_group(const unsigned long min, 596bool tomoyo_number_matches_group(const unsigned long min,
621 const unsigned long max, 597 const unsigned long max,
622 const struct tomoyo_group *group); 598 const struct tomoyo_group *group);
623bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, 599bool tomoyo_parse_name_union(struct tomoyo_acl_param *param,
624 const struct tomoyo_path_info *pattern); 600 struct tomoyo_name_union *ptr);
625bool tomoyo_parse_number_union(struct tomoyo_acl_param *param, 601bool tomoyo_parse_number_union(struct tomoyo_acl_param *param,
626 struct tomoyo_number_union *ptr); 602 struct tomoyo_number_union *ptr);
627bool tomoyo_tokenize(char *buffer, char *w[], size_t size); 603bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
628bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); 604 const struct tomoyo_path_info *pattern);
605bool tomoyo_permstr(const char *string, const char *keyword);
606bool tomoyo_str_starts(char **src, const char *find);
607char *tomoyo_encode(const char *str);
608char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt,
609 va_list args);
610char *tomoyo_read_token(struct tomoyo_acl_param *param);
611char *tomoyo_realpath_from_path(struct path *path);
612char *tomoyo_realpath_nofollow(const char *pathname);
613const char *tomoyo_get_exe(void);
614const char *tomoyo_yesno(const unsigned int value);
615const struct tomoyo_path_info *tomoyo_compare_name_union
616(const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr);
617const struct tomoyo_path_info *tomoyo_get_name(const char *name);
618const struct tomoyo_path_info *tomoyo_path_matches_group
619(const struct tomoyo_path_info *pathname, const struct tomoyo_group *group);
620int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
621 struct path *path, const int flag);
622int tomoyo_close_control(struct tomoyo_io_buffer *head);
623int tomoyo_find_next_domain(struct linux_binprm *bprm);
624int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
625 const u8 index);
629int tomoyo_init_request_info(struct tomoyo_request_info *r, 626int tomoyo_init_request_info(struct tomoyo_request_info *r,
630 struct tomoyo_domain_info *domain, 627 struct tomoyo_domain_info *domain,
631 const u8 index); 628 const u8 index);
629int tomoyo_mkdev_perm(const u8 operation, struct path *path,
630 const unsigned int mode, unsigned int dev);
632int tomoyo_mount_permission(char *dev_name, struct path *path, 631int tomoyo_mount_permission(char *dev_name, struct path *path,
633 const char *type, unsigned long flags, 632 const char *type, unsigned long flags,
634 void *data_page); 633 void *data_page);
634int tomoyo_open_control(const u8 type, struct file *file);
635int tomoyo_path2_perm(const u8 operation, struct path *path1,
636 struct path *path2);
637int tomoyo_path_number_perm(const u8 operation, struct path *path,
638 unsigned long number);
639int tomoyo_path_perm(const u8 operation, struct path *path);
640int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
641 const struct tomoyo_path_info *filename);
642int tomoyo_poll_control(struct file *file, poll_table *wait);
643int tomoyo_poll_log(struct file *file, poll_table *wait);
644int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
645 __printf(2, 3);
646int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
647 struct tomoyo_acl_param *param,
648 bool (*check_duplicate)
649 (const struct tomoyo_acl_info *,
650 const struct tomoyo_acl_info *),
651 bool (*merge_duplicate)
652 (struct tomoyo_acl_info *, struct tomoyo_acl_info *,
653 const bool));
654int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
655 struct tomoyo_acl_param *param,
656 bool (*check_duplicate)
657 (const struct tomoyo_acl_head *,
658 const struct tomoyo_acl_head *));
635int tomoyo_write_aggregator(struct tomoyo_acl_param *param); 659int tomoyo_write_aggregator(struct tomoyo_acl_param *param);
636int tomoyo_write_transition_control(struct tomoyo_acl_param *param,
637 const u8 type);
638int tomoyo_write_file(struct tomoyo_acl_param *param); 660int tomoyo_write_file(struct tomoyo_acl_param *param);
639int tomoyo_write_group(struct tomoyo_acl_param *param, const u8 type); 661int tomoyo_write_group(struct tomoyo_acl_param *param, const u8 type);
640int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) 662int tomoyo_write_transition_control(struct tomoyo_acl_param *param,
641 __attribute__ ((format(printf, 2, 3))); 663 const u8 type);
642struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); 664ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
665 const int buffer_len);
666ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
667 const char __user *buffer, const int buffer_len);
643struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, 668struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
644 const bool transit); 669 const bool transit);
645struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, 670struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
646 const u8 profile);
647struct tomoyo_policy_namespace *tomoyo_assign_namespace
648(const char *domainname);
649struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, 671struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param,
650 const u8 idx); 672 const u8 idx);
673struct tomoyo_policy_namespace *tomoyo_assign_namespace
674(const char *domainname);
675struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns,
676 const u8 profile);
651unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, 677unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
652 const u8 index); 678 const u8 index);
653void tomoyo_fill_path_info(struct tomoyo_path_info *ptr);
654void tomoyo_load_policy(const char *filename);
655void tomoyo_put_number_union(struct tomoyo_number_union *ptr);
656char *tomoyo_encode(const char *str);
657char *tomoyo_realpath_nofollow(const char *pathname);
658char *tomoyo_realpath_from_path(struct path *path);
659bool tomoyo_memory_ok(void *ptr);
660void *tomoyo_commit_ok(void *data, const unsigned int size); 679void *tomoyo_commit_ok(void *data, const unsigned int size);
661const struct tomoyo_path_info *tomoyo_get_name(const char *name);
662void tomoyo_convert_time(time_t time, struct tomoyo_time *stamp);
663void tomoyo_update_stat(const u8 index);
664void __init tomoyo_mm_init(void);
665void __init tomoyo_load_builtin_policy(void); 680void __init tomoyo_load_builtin_policy(void);
666int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, 681void __init tomoyo_mm_init(void);
667 const struct tomoyo_path_info *filename);
668int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
669 struct path *path, const int flag);
670int tomoyo_path_number_perm(const u8 operation, struct path *path,
671 unsigned long number);
672int tomoyo_mkdev_perm(const u8 operation, struct path *path,
673 const unsigned int mode, unsigned int dev);
674int tomoyo_path_perm(const u8 operation, struct path *path);
675int tomoyo_path2_perm(const u8 operation, struct path *path1,
676 struct path *path2);
677int tomoyo_find_next_domain(struct linux_binprm *bprm);
678void tomoyo_print_ulong(char *buffer, const int buffer_len,
679 const unsigned long value, const u8 type);
680void tomoyo_put_name_union(struct tomoyo_name_union *ptr);
681void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register);
682void tomoyo_memory_free(void *ptr);
683int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
684 struct tomoyo_acl_param *param,
685 bool (*check_duplicate) (const struct tomoyo_acl_info
686 *,
687 const struct tomoyo_acl_info
688 *),
689 bool (*merge_duplicate) (struct tomoyo_acl_info *,
690 struct tomoyo_acl_info *,
691 const bool));
692int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
693 struct tomoyo_acl_param *param,
694 bool (*check_duplicate) (const struct tomoyo_acl_head
695 *,
696 const struct tomoyo_acl_head
697 *));
698void tomoyo_check_acl(struct tomoyo_request_info *r, 682void tomoyo_check_acl(struct tomoyo_request_info *r,
699 bool (*check_entry) (struct tomoyo_request_info *, 683 bool (*check_entry) (struct tomoyo_request_info *,
700 const struct tomoyo_acl_info *)); 684 const struct tomoyo_acl_info *));
701char *tomoyo_read_token(struct tomoyo_acl_param *param); 685void tomoyo_check_profile(void);
702bool tomoyo_permstr(const char *string, const char *keyword); 686void tomoyo_convert_time(time_t time, struct tomoyo_time *stamp);
703 687void tomoyo_fill_path_info(struct tomoyo_path_info *ptr);
704const char *tomoyo_yesno(const unsigned int value); 688void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns);
689void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
690 __printf(2, 3);
691void tomoyo_load_policy(const char *filename);
692void tomoyo_memory_free(void *ptr);
693void tomoyo_normalize_line(unsigned char *buffer);
694void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register);
695void tomoyo_print_ulong(char *buffer, const int buffer_len,
696 const unsigned long value, const u8 type);
697void tomoyo_put_name_union(struct tomoyo_name_union *ptr);
698void tomoyo_put_number_union(struct tomoyo_number_union *ptr);
699void tomoyo_read_log(struct tomoyo_io_buffer *head);
700void tomoyo_update_stat(const u8 index);
701void tomoyo_warn_oom(const char *function);
705void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) 702void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...)
706 __attribute__ ((format(printf, 2, 3))); 703 __printf(2, 3);
707void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, 704void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt,
708 va_list args); 705 va_list args);
709void tomoyo_read_log(struct tomoyo_io_buffer *head);
710int tomoyo_poll_log(struct file *file, poll_table *wait);
711char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt,
712 va_list args);
713 706
714/********** External variable definitions. **********/ 707/********** External variable definitions. **********/
715 708
716/* Lock for GC. */
717extern struct srcu_struct tomoyo_ss;
718
719/* The list for "struct tomoyo_domain_info". */
720extern struct list_head tomoyo_domain_list;
721
722extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
723
724/* Lock for protecting policy. */
725extern struct mutex tomoyo_policy_lock;
726
727/* Has /sbin/init started? */
728extern bool tomoyo_policy_loaded; 709extern bool tomoyo_policy_loaded;
729 710extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS];
730/* The kernel's domain. */ 711extern const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
731extern struct tomoyo_domain_info tomoyo_kernel_domain; 712 + TOMOYO_MAX_MAC_CATEGORY_INDEX];
732extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; 713extern const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE];
733extern struct list_head tomoyo_namespace_list;
734
735extern const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX +
736 TOMOYO_MAX_MAC_CATEGORY_INDEX];
737extern const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; 714extern const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION];
738extern const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX]; 715extern const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX];
739 716extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION];
740
741extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION]; 717extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION];
742extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION]; 718extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION];
743extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION]; 719extern struct list_head tomoyo_domain_list;
744 720extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
745extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; 721extern struct list_head tomoyo_namespace_list;
746extern const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE]; 722extern struct mutex tomoyo_policy_lock;
723extern struct srcu_struct tomoyo_ss;
724extern struct tomoyo_domain_info tomoyo_kernel_domain;
725extern struct tomoyo_policy_namespace tomoyo_kernel_namespace;
747extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT]; 726extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT];
748extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT]; 727extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT];
749 728