diff options
Diffstat (limited to 'security/tomoyo')
-rw-r--r-- | security/tomoyo/common.h | 213 |
1 files changed, 96 insertions, 117 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index a15fe29740a4..465e34bd4eb9 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -585,165 +585,144 @@ struct tomoyo_policy_namespace { | |||
585 | 585 | ||
586 | /********** Function prototypes. **********/ | 586 | /********** Function prototypes. **********/ |
587 | 587 | ||
588 | void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns); | ||
589 | bool tomoyo_str_starts(char **src, const char *find); | ||
590 | const char *tomoyo_get_exe(void); | ||
591 | void tomoyo_normalize_line(unsigned char *buffer); | ||
592 | void tomoyo_check_profile(void); | ||
593 | int tomoyo_open_control(const u8 type, struct file *file); | ||
594 | int tomoyo_close_control(struct tomoyo_io_buffer *head); | ||
595 | int tomoyo_poll_control(struct file *file, poll_table *wait); | ||
596 | ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, | ||
597 | const int buffer_len); | ||
598 | ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, | ||
599 | const char __user *buffer, const int buffer_len); | ||
600 | bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r); | ||
601 | void tomoyo_warn_oom(const char *function); | ||
602 | const struct tomoyo_path_info * | ||
603 | tomoyo_compare_name_union(const struct tomoyo_path_info *name, | ||
604 | const struct tomoyo_name_union *ptr); | ||
605 | bool tomoyo_compare_number_union(const unsigned long value, | 588 | bool tomoyo_compare_number_union(const unsigned long value, |
606 | const struct tomoyo_number_union *ptr); | 589 | const struct tomoyo_number_union *ptr); |
607 | int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, | ||
608 | const u8 index); | ||
609 | void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) | ||
610 | __attribute__ ((format(printf, 2, 3))); | ||
611 | bool tomoyo_correct_domain(const unsigned char *domainname); | 590 | bool tomoyo_correct_domain(const unsigned char *domainname); |
612 | bool tomoyo_correct_path(const char *filename); | 591 | bool tomoyo_correct_path(const char *filename); |
613 | bool tomoyo_correct_word(const char *string); | 592 | bool tomoyo_correct_word(const char *string); |
614 | bool tomoyo_domain_def(const unsigned char *buffer); | 593 | bool tomoyo_domain_def(const unsigned char *buffer); |
615 | bool tomoyo_parse_name_union(struct tomoyo_acl_param *param, | 594 | bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r); |
616 | struct tomoyo_name_union *ptr); | 595 | bool tomoyo_memory_ok(void *ptr); |
617 | const struct tomoyo_path_info * | ||
618 | tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, | ||
619 | const struct tomoyo_group *group); | ||
620 | bool tomoyo_number_matches_group(const unsigned long min, | 596 | bool tomoyo_number_matches_group(const unsigned long min, |
621 | const unsigned long max, | 597 | const unsigned long max, |
622 | const struct tomoyo_group *group); | 598 | const struct tomoyo_group *group); |
623 | bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, | 599 | bool tomoyo_parse_name_union(struct tomoyo_acl_param *param, |
624 | const struct tomoyo_path_info *pattern); | 600 | struct tomoyo_name_union *ptr); |
625 | bool tomoyo_parse_number_union(struct tomoyo_acl_param *param, | 601 | bool tomoyo_parse_number_union(struct tomoyo_acl_param *param, |
626 | struct tomoyo_number_union *ptr); | 602 | struct tomoyo_number_union *ptr); |
627 | bool tomoyo_tokenize(char *buffer, char *w[], size_t size); | 603 | bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, |
628 | bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); | 604 | const struct tomoyo_path_info *pattern); |
605 | bool tomoyo_permstr(const char *string, const char *keyword); | ||
606 | bool tomoyo_str_starts(char **src, const char *find); | ||
607 | char *tomoyo_encode(const char *str); | ||
608 | char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt, | ||
609 | va_list args); | ||
610 | char *tomoyo_read_token(struct tomoyo_acl_param *param); | ||
611 | char *tomoyo_realpath_from_path(struct path *path); | ||
612 | char *tomoyo_realpath_nofollow(const char *pathname); | ||
613 | const char *tomoyo_get_exe(void); | ||
614 | const char *tomoyo_yesno(const unsigned int value); | ||
615 | const struct tomoyo_path_info *tomoyo_compare_name_union | ||
616 | (const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr); | ||
617 | const struct tomoyo_path_info *tomoyo_get_name(const char *name); | ||
618 | const struct tomoyo_path_info *tomoyo_path_matches_group | ||
619 | (const struct tomoyo_path_info *pathname, const struct tomoyo_group *group); | ||
620 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | ||
621 | struct path *path, const int flag); | ||
622 | int tomoyo_close_control(struct tomoyo_io_buffer *head); | ||
623 | int tomoyo_find_next_domain(struct linux_binprm *bprm); | ||
624 | int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, | ||
625 | const u8 index); | ||
629 | int tomoyo_init_request_info(struct tomoyo_request_info *r, | 626 | int tomoyo_init_request_info(struct tomoyo_request_info *r, |
630 | struct tomoyo_domain_info *domain, | 627 | struct tomoyo_domain_info *domain, |
631 | const u8 index); | 628 | const u8 index); |
629 | int tomoyo_mkdev_perm(const u8 operation, struct path *path, | ||
630 | const unsigned int mode, unsigned int dev); | ||
632 | int tomoyo_mount_permission(char *dev_name, struct path *path, | 631 | int tomoyo_mount_permission(char *dev_name, struct path *path, |
633 | const char *type, unsigned long flags, | 632 | const char *type, unsigned long flags, |
634 | void *data_page); | 633 | void *data_page); |
634 | int tomoyo_open_control(const u8 type, struct file *file); | ||
635 | int tomoyo_path2_perm(const u8 operation, struct path *path1, | ||
636 | struct path *path2); | ||
637 | int tomoyo_path_number_perm(const u8 operation, struct path *path, | ||
638 | unsigned long number); | ||
639 | int tomoyo_path_perm(const u8 operation, struct path *path); | ||
640 | int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, | ||
641 | const struct tomoyo_path_info *filename); | ||
642 | int tomoyo_poll_control(struct file *file, poll_table *wait); | ||
643 | int tomoyo_poll_log(struct file *file, poll_table *wait); | ||
644 | int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) | ||
645 | __printf(2, 3); | ||
646 | int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, | ||
647 | struct tomoyo_acl_param *param, | ||
648 | bool (*check_duplicate) | ||
649 | (const struct tomoyo_acl_info *, | ||
650 | const struct tomoyo_acl_info *), | ||
651 | bool (*merge_duplicate) | ||
652 | (struct tomoyo_acl_info *, struct tomoyo_acl_info *, | ||
653 | const bool)); | ||
654 | int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, | ||
655 | struct tomoyo_acl_param *param, | ||
656 | bool (*check_duplicate) | ||
657 | (const struct tomoyo_acl_head *, | ||
658 | const struct tomoyo_acl_head *)); | ||
635 | int tomoyo_write_aggregator(struct tomoyo_acl_param *param); | 659 | int tomoyo_write_aggregator(struct tomoyo_acl_param *param); |
636 | int tomoyo_write_transition_control(struct tomoyo_acl_param *param, | ||
637 | const u8 type); | ||
638 | int tomoyo_write_file(struct tomoyo_acl_param *param); | 660 | int tomoyo_write_file(struct tomoyo_acl_param *param); |
639 | int tomoyo_write_group(struct tomoyo_acl_param *param, const u8 type); | 661 | int tomoyo_write_group(struct tomoyo_acl_param *param, const u8 type); |
640 | int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) | 662 | int tomoyo_write_transition_control(struct tomoyo_acl_param *param, |
641 | __attribute__ ((format(printf, 2, 3))); | 663 | const u8 type); |
642 | struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); | 664 | ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, |
665 | const int buffer_len); | ||
666 | ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, | ||
667 | const char __user *buffer, const int buffer_len); | ||
643 | struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, | 668 | struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, |
644 | const bool transit); | 669 | const bool transit); |
645 | struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, | 670 | struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); |
646 | const u8 profile); | ||
647 | struct tomoyo_policy_namespace *tomoyo_assign_namespace | ||
648 | (const char *domainname); | ||
649 | struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, | 671 | struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, |
650 | const u8 idx); | 672 | const u8 idx); |
673 | struct tomoyo_policy_namespace *tomoyo_assign_namespace | ||
674 | (const char *domainname); | ||
675 | struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, | ||
676 | const u8 profile); | ||
651 | unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, | 677 | unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, |
652 | const u8 index); | 678 | const u8 index); |
653 | void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); | ||
654 | void tomoyo_load_policy(const char *filename); | ||
655 | void tomoyo_put_number_union(struct tomoyo_number_union *ptr); | ||
656 | char *tomoyo_encode(const char *str); | ||
657 | char *tomoyo_realpath_nofollow(const char *pathname); | ||
658 | char *tomoyo_realpath_from_path(struct path *path); | ||
659 | bool tomoyo_memory_ok(void *ptr); | ||
660 | void *tomoyo_commit_ok(void *data, const unsigned int size); | 679 | void *tomoyo_commit_ok(void *data, const unsigned int size); |
661 | const struct tomoyo_path_info *tomoyo_get_name(const char *name); | ||
662 | void tomoyo_convert_time(time_t time, struct tomoyo_time *stamp); | ||
663 | void tomoyo_update_stat(const u8 index); | ||
664 | void __init tomoyo_mm_init(void); | ||
665 | void __init tomoyo_load_builtin_policy(void); | 680 | void __init tomoyo_load_builtin_policy(void); |
666 | int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, | 681 | void __init tomoyo_mm_init(void); |
667 | const struct tomoyo_path_info *filename); | ||
668 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | ||
669 | struct path *path, const int flag); | ||
670 | int tomoyo_path_number_perm(const u8 operation, struct path *path, | ||
671 | unsigned long number); | ||
672 | int tomoyo_mkdev_perm(const u8 operation, struct path *path, | ||
673 | const unsigned int mode, unsigned int dev); | ||
674 | int tomoyo_path_perm(const u8 operation, struct path *path); | ||
675 | int tomoyo_path2_perm(const u8 operation, struct path *path1, | ||
676 | struct path *path2); | ||
677 | int tomoyo_find_next_domain(struct linux_binprm *bprm); | ||
678 | void tomoyo_print_ulong(char *buffer, const int buffer_len, | ||
679 | const unsigned long value, const u8 type); | ||
680 | void tomoyo_put_name_union(struct tomoyo_name_union *ptr); | ||
681 | void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register); | ||
682 | void tomoyo_memory_free(void *ptr); | ||
683 | int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, | ||
684 | struct tomoyo_acl_param *param, | ||
685 | bool (*check_duplicate) (const struct tomoyo_acl_info | ||
686 | *, | ||
687 | const struct tomoyo_acl_info | ||
688 | *), | ||
689 | bool (*merge_duplicate) (struct tomoyo_acl_info *, | ||
690 | struct tomoyo_acl_info *, | ||
691 | const bool)); | ||
692 | int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, | ||
693 | struct tomoyo_acl_param *param, | ||
694 | bool (*check_duplicate) (const struct tomoyo_acl_head | ||
695 | *, | ||
696 | const struct tomoyo_acl_head | ||
697 | *)); | ||
698 | void tomoyo_check_acl(struct tomoyo_request_info *r, | 682 | void tomoyo_check_acl(struct tomoyo_request_info *r, |
699 | bool (*check_entry) (struct tomoyo_request_info *, | 683 | bool (*check_entry) (struct tomoyo_request_info *, |
700 | const struct tomoyo_acl_info *)); | 684 | const struct tomoyo_acl_info *)); |
701 | char *tomoyo_read_token(struct tomoyo_acl_param *param); | 685 | void tomoyo_check_profile(void); |
702 | bool tomoyo_permstr(const char *string, const char *keyword); | 686 | void tomoyo_convert_time(time_t time, struct tomoyo_time *stamp); |
703 | 687 | void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); | |
704 | const char *tomoyo_yesno(const unsigned int value); | 688 | void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns); |
689 | void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) | ||
690 | __printf(2, 3); | ||
691 | void tomoyo_load_policy(const char *filename); | ||
692 | void tomoyo_memory_free(void *ptr); | ||
693 | void tomoyo_normalize_line(unsigned char *buffer); | ||
694 | void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register); | ||
695 | void tomoyo_print_ulong(char *buffer, const int buffer_len, | ||
696 | const unsigned long value, const u8 type); | ||
697 | void tomoyo_put_name_union(struct tomoyo_name_union *ptr); | ||
698 | void tomoyo_put_number_union(struct tomoyo_number_union *ptr); | ||
699 | void tomoyo_read_log(struct tomoyo_io_buffer *head); | ||
700 | void tomoyo_update_stat(const u8 index); | ||
701 | void tomoyo_warn_oom(const char *function); | ||
705 | void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) | 702 | void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) |
706 | __attribute__ ((format(printf, 2, 3))); | 703 | __printf(2, 3); |
707 | void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, | 704 | void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, |
708 | va_list args); | 705 | va_list args); |
709 | void tomoyo_read_log(struct tomoyo_io_buffer *head); | ||
710 | int tomoyo_poll_log(struct file *file, poll_table *wait); | ||
711 | char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt, | ||
712 | va_list args); | ||
713 | 706 | ||
714 | /********** External variable definitions. **********/ | 707 | /********** External variable definitions. **********/ |
715 | 708 | ||
716 | /* Lock for GC. */ | ||
717 | extern struct srcu_struct tomoyo_ss; | ||
718 | |||
719 | /* The list for "struct tomoyo_domain_info". */ | ||
720 | extern struct list_head tomoyo_domain_list; | ||
721 | |||
722 | extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; | ||
723 | |||
724 | /* Lock for protecting policy. */ | ||
725 | extern struct mutex tomoyo_policy_lock; | ||
726 | |||
727 | /* Has /sbin/init started? */ | ||
728 | extern bool tomoyo_policy_loaded; | 709 | extern bool tomoyo_policy_loaded; |
729 | 710 | extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; | |
730 | /* The kernel's domain. */ | 711 | extern const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX |
731 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | 712 | + TOMOYO_MAX_MAC_CATEGORY_INDEX]; |
732 | extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; | 713 | extern const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE]; |
733 | extern struct list_head tomoyo_namespace_list; | ||
734 | |||
735 | extern const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX + | ||
736 | TOMOYO_MAX_MAC_CATEGORY_INDEX]; | ||
737 | extern const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; | 714 | extern const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; |
738 | extern const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX]; | 715 | extern const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX]; |
739 | 716 | extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION]; | |
740 | |||
741 | extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION]; | 717 | extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION]; |
742 | extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION]; | 718 | extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION]; |
743 | extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION]; | 719 | extern struct list_head tomoyo_domain_list; |
744 | 720 | extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; | |
745 | extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; | 721 | extern struct list_head tomoyo_namespace_list; |
746 | extern const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE]; | 722 | extern struct mutex tomoyo_policy_lock; |
723 | extern struct srcu_struct tomoyo_ss; | ||
724 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | ||
725 | extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; | ||
747 | extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT]; | 726 | extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT]; |
748 | extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT]; | 727 | extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT]; |
749 | 728 | ||