2 * security/tomoyo/common.c
4 * Common functions for TOMOYO.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
9 #include <linux/uaccess.h>
10 #include <linux/slab.h>
11 #include <linux/security.h>
14 /* String table for operation mode. */
15 const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = {
16 [TOMOYO_CONFIG_DISABLED] = "disabled",
17 [TOMOYO_CONFIG_LEARNING] = "learning",
18 [TOMOYO_CONFIG_PERMISSIVE] = "permissive",
19 [TOMOYO_CONFIG_ENFORCING] = "enforcing"
22 /* String table for /sys/kernel/security/tomoyo/profile */
23 static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
24 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
25 [TOMOYO_MAC_FILE_EXECUTE] = "file::execute",
26 [TOMOYO_MAC_FILE_OPEN] = "file::open",
27 [TOMOYO_MAC_FILE_CREATE] = "file::create",
28 [TOMOYO_MAC_FILE_UNLINK] = "file::unlink",
29 [TOMOYO_MAC_FILE_GETATTR] = "file::getattr",
30 [TOMOYO_MAC_FILE_MKDIR] = "file::mkdir",
31 [TOMOYO_MAC_FILE_RMDIR] = "file::rmdir",
32 [TOMOYO_MAC_FILE_MKFIFO] = "file::mkfifo",
33 [TOMOYO_MAC_FILE_MKSOCK] = "file::mksock",
34 [TOMOYO_MAC_FILE_TRUNCATE] = "file::truncate",
35 [TOMOYO_MAC_FILE_SYMLINK] = "file::symlink",
36 [TOMOYO_MAC_FILE_MKBLOCK] = "file::mkblock",
37 [TOMOYO_MAC_FILE_MKCHAR] = "file::mkchar",
38 [TOMOYO_MAC_FILE_LINK] = "file::link",
39 [TOMOYO_MAC_FILE_RENAME] = "file::rename",
40 [TOMOYO_MAC_FILE_CHMOD] = "file::chmod",
41 [TOMOYO_MAC_FILE_CHOWN] = "file::chown",
42 [TOMOYO_MAC_FILE_CHGRP] = "file::chgrp",
43 [TOMOYO_MAC_FILE_IOCTL] = "file::ioctl",
44 [TOMOYO_MAC_FILE_CHROOT] = "file::chroot",
45 [TOMOYO_MAC_FILE_MOUNT] = "file::mount",
46 [TOMOYO_MAC_FILE_UMOUNT] = "file::unmount",
47 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root",
48 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file",
51 /* String table for PREFERENCE keyword. */
52 static const char * const tomoyo_pref_keywords[TOMOYO_MAX_PREF] = {
53 [TOMOYO_PREF_MAX_AUDIT_LOG] = "max_audit_log",
54 [TOMOYO_PREF_MAX_LEARNING_ENTRY] = "max_learning_entry",
57 /* Permit policy management by non-root user? */
58 static bool tomoyo_manage_by_non_root;
60 /* Utility functions. */
63 * tomoyo_yesno - Return "yes" or "no".
67 const char *tomoyo_yesno(const unsigned int value)
69 return value ? "yes" : "no";
73 * tomoyo_addprintf - strncat()-like-snprintf().
75 * @buffer: Buffer to write to. Must be '\0'-terminated.
76 * @len: Size of @buffer.
77 * @fmt: The printf()'s format string, followed by parameters.
81 static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...)
84 const int pos = strlen(buffer);
86 vsnprintf(buffer + pos, len - pos - 1, fmt, args);
91 * tomoyo_flush - Flush queued string to userspace's buffer.
93 * @head: Pointer to "struct tomoyo_io_buffer".
95 * Returns true if all data was flushed, false otherwise.
97 static bool tomoyo_flush(struct tomoyo_io_buffer *head)
99 while (head->r.w_pos) {
100 const char *w = head->r.w[0];
103 if (len > head->read_user_buf_avail)
104 len = head->read_user_buf_avail;
107 if (copy_to_user(head->read_user_buf, w, len))
109 head->read_user_buf_avail -= len;
110 head->read_user_buf += len;
116 /* Add '\0' for audit logs and query. */
118 if (!head->read_user_buf_avail ||
119 copy_to_user(head->read_user_buf, "", 1))
121 head->read_user_buf_avail--;
122 head->read_user_buf++;
125 for (len = 0; len < head->r.w_pos; len++)
126 head->r.w[len] = head->r.w[len + 1];
133 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure.
135 * @head: Pointer to "struct tomoyo_io_buffer".
136 * @string: String to print.
138 * Note that @string has to be kept valid until @head is kfree()d.
139 * This means that char[] allocated on stack memory cannot be passed to
140 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory.
142 static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string)
144 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) {
145 head->r.w[head->r.w_pos++] = string;
152 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure.
154 * @head: Pointer to "struct tomoyo_io_buffer".
155 * @fmt: The printf()'s format string, followed by parameters.
157 void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
161 int pos = head->r.avail;
162 int size = head->readbuf_size - pos;
166 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
168 if (pos + len >= head->readbuf_size) {
172 head->r.avail += len;
173 tomoyo_set_string(head, head->read_buf + pos);
177 * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure.
179 * @head: Pointer to "struct tomoyo_io_buffer".
183 static void tomoyo_set_space(struct tomoyo_io_buffer *head)
185 tomoyo_set_string(head, " ");
189 * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure.
191 * @head: Pointer to "struct tomoyo_io_buffer".
195 static bool tomoyo_set_lf(struct tomoyo_io_buffer *head)
197 tomoyo_set_string(head, "\n");
198 return !head->r.w_pos;
202 * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure.
204 * @head: Pointer to "struct tomoyo_io_buffer".
208 static void tomoyo_set_slash(struct tomoyo_io_buffer *head)
210 tomoyo_set_string(head, "/");
213 /* List of namespaces. */
214 LIST_HEAD(tomoyo_namespace_list);
215 /* True if namespace other than tomoyo_kernel_namespace is defined. */
216 static bool tomoyo_namespace_enabled;
219 * tomoyo_init_policy_namespace - Initialize namespace.
221 * @ns: Pointer to "struct tomoyo_policy_namespace".
225 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns)
228 for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++)
229 INIT_LIST_HEAD(&ns->acl_group[idx]);
230 for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++)
231 INIT_LIST_HEAD(&ns->group_list[idx]);
232 for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++)
233 INIT_LIST_HEAD(&ns->policy_list[idx]);
234 ns->profile_version = 20100903;
235 tomoyo_namespace_enabled = !list_empty(&tomoyo_namespace_list);
236 list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list);
240 * tomoyo_print_namespace - Print namespace header.
242 * @head: Pointer to "struct tomoyo_io_buffer".
246 static void tomoyo_print_namespace(struct tomoyo_io_buffer *head)
248 if (!tomoyo_namespace_enabled)
250 tomoyo_set_string(head,
251 container_of(head->r.ns,
252 struct tomoyo_policy_namespace,
253 namespace_list)->name);
254 tomoyo_set_space(head);
258 * tomoyo_print_name_union - Print a tomoyo_name_union.
260 * @head: Pointer to "struct tomoyo_io_buffer".
261 * @ptr: Pointer to "struct tomoyo_name_union".
263 static void tomoyo_print_name_union(struct tomoyo_io_buffer *head,
264 const struct tomoyo_name_union *ptr)
266 tomoyo_set_space(head);
268 tomoyo_set_string(head, "@");
269 tomoyo_set_string(head, ptr->group->group_name->name);
271 tomoyo_set_string(head, ptr->filename->name);
276 * tomoyo_print_number_union - Print a tomoyo_number_union.
278 * @head: Pointer to "struct tomoyo_io_buffer".
279 * @ptr: Pointer to "struct tomoyo_number_union".
281 static void tomoyo_print_number_union(struct tomoyo_io_buffer *head,
282 const struct tomoyo_number_union *ptr)
284 tomoyo_set_space(head);
286 tomoyo_set_string(head, "@");
287 tomoyo_set_string(head, ptr->group->group_name->name);
290 unsigned long min = ptr->values[0];
291 const unsigned long max = ptr->values[1];
292 u8 min_type = ptr->value_type[0];
293 const u8 max_type = ptr->value_type[1];
296 for (i = 0; i < 2; i++) {
298 case TOMOYO_VALUE_TYPE_HEXADECIMAL:
299 tomoyo_addprintf(buffer, sizeof(buffer),
302 case TOMOYO_VALUE_TYPE_OCTAL:
303 tomoyo_addprintf(buffer, sizeof(buffer),
307 tomoyo_addprintf(buffer, sizeof(buffer),
311 if (min == max && min_type == max_type)
313 tomoyo_addprintf(buffer, sizeof(buffer), "-");
317 tomoyo_io_printf(head, "%s", buffer);
322 * tomoyo_assign_profile - Create a new profile.
324 * @ns: Pointer to "struct tomoyo_policy_namespace".
325 * @profile: Profile number to create.
327 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
329 static struct tomoyo_profile *tomoyo_assign_profile
330 (struct tomoyo_policy_namespace *ns, const unsigned int profile)
332 struct tomoyo_profile *ptr;
333 struct tomoyo_profile *entry;
334 if (profile >= TOMOYO_MAX_PROFILES)
336 ptr = ns->profile_ptr[profile];
339 entry = kzalloc(sizeof(*entry), GFP_NOFS);
340 if (mutex_lock_interruptible(&tomoyo_policy_lock))
342 ptr = ns->profile_ptr[profile];
343 if (!ptr && tomoyo_memory_ok(entry)) {
345 ptr->default_config = TOMOYO_CONFIG_DISABLED |
346 TOMOYO_CONFIG_WANT_GRANT_LOG |
347 TOMOYO_CONFIG_WANT_REJECT_LOG;
348 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT,
349 sizeof(ptr->config));
350 ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] = 1024;
351 ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 2048;
352 mb(); /* Avoid out-of-order execution. */
353 ns->profile_ptr[profile] = ptr;
356 mutex_unlock(&tomoyo_policy_lock);
363 * tomoyo_profile - Find a profile.
365 * @ns: Pointer to "struct tomoyo_policy_namespace".
366 * @profile: Profile number to find.
368 * Returns pointer to "struct tomoyo_profile".
370 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns,
373 static struct tomoyo_profile tomoyo_null_profile;
374 struct tomoyo_profile *ptr = ns->profile_ptr[profile];
376 ptr = &tomoyo_null_profile;
381 * tomoyo_find_yesno - Find values for specified keyword.
383 * @string: String to check.
384 * @find: Name of keyword.
386 * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise.
388 static s8 tomoyo_find_yesno(const char *string, const char *find)
390 const char *cp = strstr(string, find);
393 if (!strncmp(cp, "=yes", 4))
395 else if (!strncmp(cp, "=no", 3))
402 * tomoyo_set_uint - Set value for specified preference.
404 * @i: Pointer to "unsigned int".
405 * @string: String to check.
406 * @find: Name of keyword.
410 static void tomoyo_set_uint(unsigned int *i, const char *string,
413 const char *cp = strstr(string, find);
415 sscanf(cp + strlen(find), "=%u", i);
419 * tomoyo_set_mode - Set mode for specified profile.
421 * @name: Name of functionality.
422 * @value: Mode for @name.
423 * @profile: Pointer to "struct tomoyo_profile".
425 * Returns 0 on success, negative value otherwise.
427 static int tomoyo_set_mode(char *name, const char *value,
428 struct tomoyo_profile *profile)
432 if (!strcmp(name, "CONFIG")) {
433 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX;
434 config = profile->default_config;
435 } else if (tomoyo_str_starts(&name, "CONFIG::")) {
437 for (i = 0; i < TOMOYO_MAX_MAC_INDEX
438 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) {
439 if (strcmp(name, tomoyo_mac_keywords[i]))
441 config = profile->config[i];
444 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
449 if (strstr(value, "use_default")) {
450 config = TOMOYO_CONFIG_USE_DEFAULT;
453 for (mode = 0; mode < 4; mode++)
454 if (strstr(value, tomoyo_mode[mode]))
456 * Update lower 3 bits in order to distinguish
457 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
459 config = (config & ~7) | mode;
460 if (config != TOMOYO_CONFIG_USE_DEFAULT) {
461 switch (tomoyo_find_yesno(value, "grant_log")) {
463 config |= TOMOYO_CONFIG_WANT_GRANT_LOG;
466 config &= ~TOMOYO_CONFIG_WANT_GRANT_LOG;
469 switch (tomoyo_find_yesno(value, "reject_log")) {
471 config |= TOMOYO_CONFIG_WANT_REJECT_LOG;
474 config &= ~TOMOYO_CONFIG_WANT_REJECT_LOG;
479 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
480 profile->config[i] = config;
481 else if (config != TOMOYO_CONFIG_USE_DEFAULT)
482 profile->default_config = config;
487 * tomoyo_write_profile - Write profile table.
489 * @head: Pointer to "struct tomoyo_io_buffer".
491 * Returns 0 on success, negative value otherwise.
493 static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
495 char *data = head->write_buf;
498 struct tomoyo_profile *profile;
499 if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version)
502 i = simple_strtoul(data, &cp, 10);
506 profile = tomoyo_assign_profile(head->w.ns, i);
509 cp = strchr(data, '=');
513 if (!strcmp(data, "COMMENT")) {
514 static DEFINE_SPINLOCK(lock);
515 const struct tomoyo_path_info *new_comment
516 = tomoyo_get_name(cp);
517 const struct tomoyo_path_info *old_comment;
521 old_comment = profile->comment;
522 profile->comment = new_comment;
524 tomoyo_put_name(old_comment);
527 if (!strcmp(data, "PREFERENCE")) {
528 for (i = 0; i < TOMOYO_MAX_PREF; i++)
529 tomoyo_set_uint(&profile->pref[i], cp,
530 tomoyo_pref_keywords[i]);
533 return tomoyo_set_mode(data, cp, profile);
537 * tomoyo_print_config - Print mode for specified functionality.
539 * @head: Pointer to "struct tomoyo_io_buffer".
540 * @config: Mode for that functionality.
544 * Caller prints functionality's name.
546 static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config)
548 tomoyo_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n",
549 tomoyo_mode[config & 3],
550 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_GRANT_LOG),
551 tomoyo_yesno(config & TOMOYO_CONFIG_WANT_REJECT_LOG));
555 * tomoyo_read_profile - Read profile table.
557 * @head: Pointer to "struct tomoyo_io_buffer".
561 static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
564 struct tomoyo_policy_namespace *ns =
565 container_of(head->r.ns, typeof(*ns), namespace_list);
566 const struct tomoyo_profile *profile;
570 index = head->r.index;
571 profile = ns->profile_ptr[index];
572 switch (head->r.step) {
574 tomoyo_print_namespace(head);
575 tomoyo_io_printf(head, "PROFILE_VERSION=%u\n",
576 ns->profile_version);
580 for ( ; head->r.index < TOMOYO_MAX_PROFILES;
582 if (ns->profile_ptr[head->r.index])
584 if (head->r.index == TOMOYO_MAX_PROFILES)
591 const struct tomoyo_path_info *comment =
593 tomoyo_print_namespace(head);
594 tomoyo_io_printf(head, "%u-COMMENT=", index);
595 tomoyo_set_string(head, comment ? comment->name : "");
597 tomoyo_io_printf(head, "%u-PREFERENCE={ ", index);
598 for (i = 0; i < TOMOYO_MAX_PREF; i++)
599 tomoyo_io_printf(head, "%s=%u ",
600 tomoyo_pref_keywords[i],
602 tomoyo_set_string(head, "}\n");
608 tomoyo_print_namespace(head);
609 tomoyo_io_printf(head, "%u-%s", index, "CONFIG");
610 tomoyo_print_config(head, profile->default_config);
616 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX
617 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
618 const u8 i = head->r.bit;
619 const u8 config = profile->config[i];
620 if (config == TOMOYO_CONFIG_USE_DEFAULT)
622 tomoyo_print_namespace(head);
623 tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::",
624 tomoyo_mac_keywords[i]);
625 tomoyo_print_config(head, config);
629 if (head->r.bit == TOMOYO_MAX_MAC_INDEX
630 + TOMOYO_MAX_MAC_CATEGORY_INDEX) {
636 if (tomoyo_flush(head))
640 static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
641 const struct tomoyo_acl_head *b)
643 return container_of(a, struct tomoyo_manager, head)->manager ==
644 container_of(b, struct tomoyo_manager, head)->manager;
648 * tomoyo_update_manager_entry - Add a manager entry.
650 * @manager: The path to manager or the domainnamme.
651 * @is_delete: True if it is a delete request.
653 * Returns 0 on success, negative value otherwise.
655 * Caller holds tomoyo_read_lock().
657 static int tomoyo_update_manager_entry(const char *manager,
658 const bool is_delete)
660 struct tomoyo_manager e = { };
661 struct tomoyo_acl_param param = {
662 /* .ns = &tomoyo_kernel_namespace, */
663 .is_delete = is_delete,
664 .list = &tomoyo_kernel_namespace.
665 policy_list[TOMOYO_ID_MANAGER],
667 int error = is_delete ? -ENOENT : -ENOMEM;
668 if (tomoyo_domain_def(manager)) {
669 if (!tomoyo_correct_domain(manager))
673 if (!tomoyo_correct_path(manager))
676 e.manager = tomoyo_get_name(manager);
678 error = tomoyo_update_policy(&e.head, sizeof(e), ¶m,
679 tomoyo_same_manager);
680 tomoyo_put_name(e.manager);
686 * tomoyo_write_manager - Write manager policy.
688 * @head: Pointer to "struct tomoyo_io_buffer".
690 * Returns 0 on success, negative value otherwise.
692 * Caller holds tomoyo_read_lock().
694 static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
696 char *data = head->write_buf;
698 if (!strcmp(data, "manage_by_non_root")) {
699 tomoyo_manage_by_non_root = !head->w.is_delete;
702 return tomoyo_update_manager_entry(data, head->w.is_delete);
706 * tomoyo_read_manager - Read manager policy.
708 * @head: Pointer to "struct tomoyo_io_buffer".
710 * Caller holds tomoyo_read_lock().
712 static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
716 list_for_each_cookie(head->r.acl, &tomoyo_kernel_namespace.
717 policy_list[TOMOYO_ID_MANAGER]) {
718 struct tomoyo_manager *ptr =
719 list_entry(head->r.acl, typeof(*ptr), head.list);
720 if (ptr->head.is_deleted)
722 if (!tomoyo_flush(head))
724 tomoyo_set_string(head, ptr->manager->name);
731 * tomoyo_manager - Check whether the current process is a policy manager.
733 * Returns true if the current process is permitted to modify policy
734 * via /sys/kernel/security/tomoyo/ interface.
736 * Caller holds tomoyo_read_lock().
738 static bool tomoyo_manager(void)
740 struct tomoyo_manager *ptr;
742 const struct task_struct *task = current;
743 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
746 if (!tomoyo_policy_loaded)
748 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
750 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
751 policy_list[TOMOYO_ID_MANAGER], head.list) {
752 if (!ptr->head.is_deleted && ptr->is_domain
753 && !tomoyo_pathcmp(domainname, ptr->manager)) {
760 exe = tomoyo_get_exe();
763 list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
764 policy_list[TOMOYO_ID_MANAGER], head.list) {
765 if (!ptr->head.is_deleted && !ptr->is_domain
766 && !strcmp(exe, ptr->manager->name)) {
771 if (!found) { /* Reduce error messages. */
772 static pid_t last_pid;
773 const pid_t pid = current->pid;
774 if (last_pid != pid) {
775 printk(KERN_WARNING "%s ( %s ) is not permitted to "
776 "update policies.\n", domainname->name, exe);
785 * tomoyo_select_domain - Parse select command.
787 * @head: Pointer to "struct tomoyo_io_buffer".
788 * @data: String to parse.
790 * Returns true on success, false otherwise.
792 * Caller holds tomoyo_read_lock().
794 static bool tomoyo_select_domain(struct tomoyo_io_buffer *head,
798 struct tomoyo_domain_info *domain = NULL;
799 bool global_pid = false;
800 if (strncmp(data, "select ", 7))
803 if (sscanf(data, "pid=%u", &pid) == 1 ||
804 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
805 struct task_struct *p;
807 read_lock(&tasklist_lock);
809 p = find_task_by_pid_ns(pid, &init_pid_ns);
811 p = find_task_by_vpid(pid);
813 domain = tomoyo_real_domain(p);
814 read_unlock(&tasklist_lock);
816 } else if (!strncmp(data, "domain=", 7)) {
817 if (tomoyo_domain_def(data + 7))
818 domain = tomoyo_find_domain(data + 7);
821 head->w.domain = domain;
822 /* Accessing read_buf is safe because head->io_sem is held. */
824 return true; /* Do nothing if open(O_WRONLY). */
825 memset(&head->r, 0, sizeof(head->r));
826 head->r.print_this_domain_only = true;
828 head->r.domain = &domain->list;
831 tomoyo_io_printf(head, "# select %s\n", data);
832 if (domain && domain->is_deleted)
833 tomoyo_io_printf(head, "# This is a deleted domain.\n");
838 * tomoyo_delete_domain - Delete a domain.
840 * @domainname: The name of domain.
844 * Caller holds tomoyo_read_lock().
846 static int tomoyo_delete_domain(char *domainname)
848 struct tomoyo_domain_info *domain;
849 struct tomoyo_path_info name;
851 name.name = domainname;
852 tomoyo_fill_path_info(&name);
853 if (mutex_lock_interruptible(&tomoyo_policy_lock))
855 /* Is there an active domain? */
856 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
857 /* Never delete tomoyo_kernel_domain */
858 if (domain == &tomoyo_kernel_domain)
860 if (domain->is_deleted ||
861 tomoyo_pathcmp(domain->domainname, &name))
863 domain->is_deleted = true;
866 mutex_unlock(&tomoyo_policy_lock);
871 * tomoyo_write_domain2 - Write domain policy.
873 * @ns: Pointer to "struct tomoyo_policy_namespace".
874 * @list: Pointer to "struct list_head".
875 * @data: Policy to be interpreted.
876 * @is_delete: True if it is a delete request.
878 * Returns 0 on success, negative value otherwise.
880 * Caller holds tomoyo_read_lock().
882 static int tomoyo_write_domain2(struct tomoyo_policy_namespace *ns,
883 struct list_head *list, char *data,
884 const bool is_delete)
886 struct tomoyo_acl_param param = {
890 .is_delete = is_delete,
892 static const struct {
894 int (*write) (struct tomoyo_acl_param *);
895 } tomoyo_callback[1] = {
896 { "file ", tomoyo_write_file },
899 for (i = 0; i < 1; i++) {
900 if (!tomoyo_str_starts(¶m.data,
901 tomoyo_callback[i].keyword))
903 return tomoyo_callback[i].write(¶m);
909 * tomoyo_write_domain - Write domain policy.
911 * @head: Pointer to "struct tomoyo_io_buffer".
913 * Returns 0 on success, negative value otherwise.
915 * Caller holds tomoyo_read_lock().
917 static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
919 char *data = head->write_buf;
920 struct tomoyo_policy_namespace *ns;
921 struct tomoyo_domain_info *domain = head->w.domain;
922 const bool is_delete = head->w.is_delete;
923 bool is_select = !is_delete && tomoyo_str_starts(&data, "select ");
924 unsigned int profile;
928 tomoyo_delete_domain(data);
930 domain = tomoyo_find_domain(data);
932 domain = tomoyo_assign_domain(data, false);
933 head->w.domain = domain;
939 if (sscanf(data, "use_profile %u", &profile) == 1
940 && profile < TOMOYO_MAX_PROFILES) {
941 if (!tomoyo_policy_loaded || ns->profile_ptr[profile])
942 domain->profile = (u8) profile;
945 if (sscanf(data, "use_group %u\n", &profile) == 1
946 && profile < TOMOYO_MAX_ACL_GROUPS) {
948 domain->group = (u8) profile;
951 if (!strcmp(data, "quota_exceeded")) {
952 domain->quota_warned = !is_delete;
955 if (!strcmp(data, "transition_failed")) {
956 domain->transition_failed = !is_delete;
959 return tomoyo_write_domain2(ns, &domain->acl_info_list, data,
964 * tomoyo_set_group - Print "acl_group " header keyword and category name.
966 * @head: Pointer to "struct tomoyo_io_buffer".
967 * @category: Category name.
971 static void tomoyo_set_group(struct tomoyo_io_buffer *head,
972 const char *category)
974 if (head->type == TOMOYO_EXCEPTIONPOLICY) {
975 tomoyo_print_namespace(head);
976 tomoyo_io_printf(head, "acl_group %u ",
977 head->r.acl_group_index);
979 tomoyo_set_string(head, category);
983 * tomoyo_print_entry - Print an ACL entry.
985 * @head: Pointer to "struct tomoyo_io_buffer".
986 * @acl: Pointer to an ACL entry.
988 * Returns true on success, false otherwise.
990 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
991 struct tomoyo_acl_info *acl)
993 const u8 acl_type = acl->type;
999 if (!tomoyo_flush(head))
1001 else if (acl_type == TOMOYO_TYPE_PATH_ACL) {
1002 struct tomoyo_path_acl *ptr =
1003 container_of(acl, typeof(*ptr), head);
1004 const u16 perm = ptr->perm;
1005 for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
1006 if (!(perm & (1 << bit)))
1008 if (head->r.print_transition_related_only &&
1009 bit != TOMOYO_TYPE_EXECUTE)
1012 tomoyo_set_group(head, "file ");
1015 tomoyo_set_slash(head);
1017 tomoyo_set_string(head, tomoyo_path_keyword[bit]);
1021 tomoyo_print_name_union(head, &ptr->name);
1022 } else if (head->r.print_transition_related_only) {
1024 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
1025 struct tomoyo_path2_acl *ptr =
1026 container_of(acl, typeof(*ptr), head);
1027 const u8 perm = ptr->perm;
1028 for (bit = 0; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) {
1029 if (!(perm & (1 << bit)))
1032 tomoyo_set_group(head, "file ");
1035 tomoyo_set_slash(head);
1037 tomoyo_set_string(head, tomoyo_mac_keywords
1038 [tomoyo_pp2mac[bit]]);
1042 tomoyo_print_name_union(head, &ptr->name1);
1043 tomoyo_print_name_union(head, &ptr->name2);
1044 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) {
1045 struct tomoyo_path_number_acl *ptr =
1046 container_of(acl, typeof(*ptr), head);
1047 const u8 perm = ptr->perm;
1048 for (bit = 0; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; bit++) {
1049 if (!(perm & (1 << bit)))
1052 tomoyo_set_group(head, "file ");
1055 tomoyo_set_slash(head);
1057 tomoyo_set_string(head, tomoyo_mac_keywords
1058 [tomoyo_pn2mac[bit]]);
1062 tomoyo_print_name_union(head, &ptr->name);
1063 tomoyo_print_number_union(head, &ptr->number);
1064 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
1065 struct tomoyo_mkdev_acl *ptr =
1066 container_of(acl, typeof(*ptr), head);
1067 const u8 perm = ptr->perm;
1068 for (bit = 0; bit < TOMOYO_MAX_MKDEV_OPERATION; bit++) {
1069 if (!(perm & (1 << bit)))
1072 tomoyo_set_group(head, "file ");
1075 tomoyo_set_slash(head);
1077 tomoyo_set_string(head, tomoyo_mac_keywords
1078 [tomoyo_pnnn2mac[bit]]);
1082 tomoyo_print_name_union(head, &ptr->name);
1083 tomoyo_print_number_union(head, &ptr->mode);
1084 tomoyo_print_number_union(head, &ptr->major);
1085 tomoyo_print_number_union(head, &ptr->minor);
1086 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
1087 struct tomoyo_mount_acl *ptr =
1088 container_of(acl, typeof(*ptr), head);
1089 tomoyo_set_group(head, "file mount");
1090 tomoyo_print_name_union(head, &ptr->dev_name);
1091 tomoyo_print_name_union(head, &ptr->dir_name);
1092 tomoyo_print_name_union(head, &ptr->fs_type);
1093 tomoyo_print_number_union(head, &ptr->flags);
1095 tomoyo_set_lf(head);
1100 * tomoyo_read_domain2 - Read domain policy.
1102 * @head: Pointer to "struct tomoyo_io_buffer".
1103 * @list: Pointer to "struct list_head".
1105 * Caller holds tomoyo_read_lock().
1107 * Returns true on success, false otherwise.
1109 static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head,
1110 struct list_head *list)
1112 list_for_each_cookie(head->r.acl, list) {
1113 struct tomoyo_acl_info *ptr =
1114 list_entry(head->r.acl, typeof(*ptr), list);
1115 if (!tomoyo_print_entry(head, ptr))
1123 * tomoyo_read_domain - Read domain policy.
1125 * @head: Pointer to "struct tomoyo_io_buffer".
1127 * Caller holds tomoyo_read_lock().
1129 static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1133 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1134 struct tomoyo_domain_info *domain =
1135 list_entry(head->r.domain, typeof(*domain), list);
1136 switch (head->r.step) {
1138 if (domain->is_deleted &&
1139 !head->r.print_this_domain_only)
1141 /* Print domainname and flags. */
1142 tomoyo_set_string(head, domain->domainname->name);
1143 tomoyo_set_lf(head);
1144 tomoyo_io_printf(head, "use_profile %u\n",
1146 tomoyo_io_printf(head, "use_group %u\n",
1148 if (domain->quota_warned)
1149 tomoyo_set_string(head, "quota_exceeded\n");
1150 if (domain->transition_failed)
1151 tomoyo_set_string(head, "transition_failed\n");
1153 tomoyo_set_lf(head);
1156 if (!tomoyo_read_domain2(head, &domain->acl_info_list))
1159 if (!tomoyo_set_lf(head))
1164 if (head->r.print_this_domain_only)
1173 * tomoyo_write_domain_profile - Assign profile for specified domain.
1175 * @head: Pointer to "struct tomoyo_io_buffer".
1177 * Returns 0 on success, -EINVAL otherwise.
1179 * This is equivalent to doing
1181 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1182 * /usr/sbin/tomoyo-loadpolicy -d
1184 * Caller holds tomoyo_read_lock().
1186 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1188 char *data = head->write_buf;
1189 char *cp = strchr(data, ' ');
1190 struct tomoyo_domain_info *domain;
1191 unsigned long profile;
1196 domain = tomoyo_find_domain(cp + 1);
1197 if (strict_strtoul(data, 10, &profile))
1199 if (domain && (!tomoyo_policy_loaded ||
1200 head->w.ns->profile_ptr[(u8) profile]))
1201 domain->profile = (u8) profile;
1206 * tomoyo_read_domain_profile - Read only domainname and profile.
1208 * @head: Pointer to "struct tomoyo_io_buffer".
1210 * Returns list of profile number and domainname pairs.
1212 * This is equivalent to doing
1214 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1215 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1216 * domainname = $0; } else if ( $1 == "use_profile" ) {
1217 * print $2 " " domainname; domainname = ""; } } ; '
1219 * Caller holds tomoyo_read_lock().
1221 static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1225 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1226 struct tomoyo_domain_info *domain =
1227 list_entry(head->r.domain, typeof(*domain), list);
1228 if (domain->is_deleted)
1230 if (!tomoyo_flush(head))
1232 tomoyo_io_printf(head, "%u ", domain->profile);
1233 tomoyo_set_string(head, domain->domainname->name);
1234 tomoyo_set_lf(head);
1240 * tomoyo_write_pid: Specify PID to obtain domainname.
1242 * @head: Pointer to "struct tomoyo_io_buffer".
1246 static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1248 head->r.eof = false;
1253 * tomoyo_read_pid - Get domainname of the specified PID.
1255 * @head: Pointer to "struct tomoyo_io_buffer".
1257 * Returns the domainname which the specified PID is in on success,
1258 * empty string otherwise.
1259 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1260 * using read()/write() interface rather than sysctl() interface.
1262 static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
1264 char *buf = head->write_buf;
1265 bool global_pid = false;
1267 struct task_struct *p;
1268 struct tomoyo_domain_info *domain = NULL;
1270 /* Accessing write_buf is safe because head->io_sem is held. */
1273 return; /* Do nothing if open(O_RDONLY). */
1275 if (head->r.w_pos || head->r.eof)
1278 if (tomoyo_str_starts(&buf, "global-pid "))
1280 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1282 read_lock(&tasklist_lock);
1284 p = find_task_by_pid_ns(pid, &init_pid_ns);
1286 p = find_task_by_vpid(pid);
1288 domain = tomoyo_real_domain(p);
1289 read_unlock(&tasklist_lock);
1293 tomoyo_io_printf(head, "%u %u ", pid, domain->profile);
1294 tomoyo_set_string(head, domain->domainname->name);
1297 static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1298 [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ",
1299 [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ",
1300 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ",
1301 [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ",
1302 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain ",
1303 [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ",
1306 static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1307 [TOMOYO_PATH_GROUP] = "path_group ",
1308 [TOMOYO_NUMBER_GROUP] = "number_group ",
1312 * tomoyo_write_exception - Write exception policy.
1314 * @head: Pointer to "struct tomoyo_io_buffer".
1316 * Returns 0 on success, negative value otherwise.
1318 * Caller holds tomoyo_read_lock().
1320 static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1322 const bool is_delete = head->w.is_delete;
1323 struct tomoyo_acl_param param = {
1325 .is_delete = is_delete,
1326 .data = head->write_buf,
1329 if (tomoyo_str_starts(¶m.data, "aggregator "))
1330 return tomoyo_write_aggregator(¶m);
1331 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1332 if (tomoyo_str_starts(¶m.data, tomoyo_transition_type[i]))
1333 return tomoyo_write_transition_control(¶m, i);
1334 for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1335 if (tomoyo_str_starts(¶m.data, tomoyo_group_name[i]))
1336 return tomoyo_write_group(¶m, i);
1337 if (tomoyo_str_starts(¶m.data, "acl_group ")) {
1340 group = simple_strtoul(param.data, &data, 10);
1341 if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ')
1342 return tomoyo_write_domain2
1343 (head->w.ns, &head->w.ns->acl_group[group],
1350 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1352 * @head: Pointer to "struct tomoyo_io_buffer".
1353 * @idx: Index number.
1355 * Returns true on success, false otherwise.
1357 * Caller holds tomoyo_read_lock().
1359 static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1361 struct tomoyo_policy_namespace *ns =
1362 container_of(head->r.ns, typeof(*ns), namespace_list);
1363 struct list_head *list = &ns->group_list[idx];
1364 list_for_each_cookie(head->r.group, list) {
1365 struct tomoyo_group *group =
1366 list_entry(head->r.group, typeof(*group), head.list);
1367 list_for_each_cookie(head->r.acl, &group->member_list) {
1368 struct tomoyo_acl_head *ptr =
1369 list_entry(head->r.acl, typeof(*ptr), list);
1370 if (ptr->is_deleted)
1372 if (!tomoyo_flush(head))
1374 tomoyo_print_namespace(head);
1375 tomoyo_set_string(head, tomoyo_group_name[idx]);
1376 tomoyo_set_string(head, group->group_name->name);
1377 if (idx == TOMOYO_PATH_GROUP) {
1378 tomoyo_set_space(head);
1379 tomoyo_set_string(head, container_of
1380 (ptr, struct tomoyo_path_group,
1381 head)->member_name->name);
1382 } else if (idx == TOMOYO_NUMBER_GROUP) {
1383 tomoyo_print_number_union(head, &container_of
1385 struct tomoyo_number_group,
1388 tomoyo_set_lf(head);
1392 head->r.group = NULL;
1397 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
1399 * @head: Pointer to "struct tomoyo_io_buffer".
1400 * @idx: Index number.
1402 * Returns true on success, false otherwise.
1404 * Caller holds tomoyo_read_lock().
1406 static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1408 struct tomoyo_policy_namespace *ns =
1409 container_of(head->r.ns, typeof(*ns), namespace_list);
1410 struct list_head *list = &ns->policy_list[idx];
1411 list_for_each_cookie(head->r.acl, list) {
1412 struct tomoyo_acl_head *acl =
1413 container_of(head->r.acl, typeof(*acl), list);
1414 if (acl->is_deleted)
1416 if (!tomoyo_flush(head))
1419 case TOMOYO_ID_TRANSITION_CONTROL:
1421 struct tomoyo_transition_control *ptr =
1422 container_of(acl, typeof(*ptr), head);
1423 tomoyo_print_namespace(head);
1424 tomoyo_set_string(head, tomoyo_transition_type
1426 tomoyo_set_string(head, ptr->program ?
1427 ptr->program->name : "any");
1428 tomoyo_set_string(head, " from ");
1429 tomoyo_set_string(head, ptr->domainname ?
1430 ptr->domainname->name :
1434 case TOMOYO_ID_AGGREGATOR:
1436 struct tomoyo_aggregator *ptr =
1437 container_of(acl, typeof(*ptr), head);
1438 tomoyo_print_namespace(head);
1439 tomoyo_set_string(head, "aggregator ");
1440 tomoyo_set_string(head,
1441 ptr->original_name->name);
1442 tomoyo_set_space(head);
1443 tomoyo_set_string(head,
1444 ptr->aggregated_name->name);
1450 tomoyo_set_lf(head);
1457 * tomoyo_read_exception - Read exception policy.
1459 * @head: Pointer to "struct tomoyo_io_buffer".
1461 * Caller holds tomoyo_read_lock().
1463 static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
1465 struct tomoyo_policy_namespace *ns =
1466 container_of(head->r.ns, typeof(*ns), namespace_list);
1469 while (head->r.step < TOMOYO_MAX_POLICY &&
1470 tomoyo_read_policy(head, head->r.step))
1472 if (head->r.step < TOMOYO_MAX_POLICY)
1474 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
1475 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY))
1477 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
1479 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP
1480 + TOMOYO_MAX_ACL_GROUPS) {
1481 head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY
1483 if (!tomoyo_read_domain2(head, &ns->acl_group
1484 [head->r.acl_group_index]))
1491 /* Wait queue for kernel -> userspace notification. */
1492 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait);
1493 /* Wait queue for userspace -> kernel notification. */
1494 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait);
1496 /* Structure for query. */
1497 struct tomoyo_query {
1498 struct list_head list;
1501 unsigned int serial;
1507 /* The list for "struct tomoyo_query". */
1508 static LIST_HEAD(tomoyo_query_list);
1510 /* Lock for manipulating tomoyo_query_list. */
1511 static DEFINE_SPINLOCK(tomoyo_query_list_lock);
1514 * Number of "struct file" referring /sys/kernel/security/tomoyo/query
1517 static atomic_t tomoyo_query_observers = ATOMIC_INIT(0);
1520 * tomoyo_add_entry - Add an ACL to current thread's domain. Used by learning mode.
1522 * @domain: Pointer to "struct tomoyo_domain_info".
1523 * @header: Lines containing ACL.
1527 static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header)
1530 char *cp = strchr(header, '\n');
1534 cp = strchr(cp + 1, '\n');
1538 len = strlen(cp) + 1;
1539 buffer = kmalloc(len, GFP_NOFS);
1542 snprintf(buffer, len - 1, "%s", cp);
1543 tomoyo_normalize_line(buffer);
1544 tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer,
1550 * tomoyo_supervisor - Ask for the supervisor's decision.
1552 * @r: Pointer to "struct tomoyo_request_info".
1553 * @fmt: The printf()'s format string, followed by parameters.
1555 * Returns 0 if the supervisor decided to permit the access request which
1556 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the
1557 * supervisor decided to retry the access request which violated the policy in
1558 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise.
1560 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1565 static unsigned int tomoyo_serial;
1566 struct tomoyo_query entry = { };
1567 bool quota_exceeded = false;
1568 va_start(args, fmt);
1569 len = vsnprintf((char *) &len, 1, fmt, args) + 1;
1571 /* Write /sys/kernel/security/tomoyo/audit. */
1572 va_start(args, fmt);
1573 tomoyo_write_log2(r, len, fmt, args);
1575 /* Nothing more to do if granted. */
1579 case TOMOYO_CONFIG_ENFORCING:
1581 if (atomic_read(&tomoyo_query_observers))
1584 case TOMOYO_CONFIG_LEARNING:
1586 /* Check max_learning_entry parameter. */
1587 if (tomoyo_domain_quota_is_ok(r))
1594 va_start(args, fmt);
1595 entry.query = tomoyo_init_log(r, len, fmt, args);
1599 entry.query_len = strlen(entry.query) + 1;
1601 tomoyo_add_entry(r->domain, entry.query);
1604 len = tomoyo_round2(entry.query_len);
1605 spin_lock(&tomoyo_query_list_lock);
1606 if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] &&
1607 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len
1608 >= tomoyo_memory_quota[TOMOYO_MEMORY_QUERY]) {
1609 quota_exceeded = true;
1611 entry.serial = tomoyo_serial++;
1612 entry.retry = r->retry;
1613 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] += len;
1614 list_add_tail(&entry.list, &tomoyo_query_list);
1616 spin_unlock(&tomoyo_query_list_lock);
1619 /* Give 10 seconds for supervisor's opinion. */
1620 while (entry.timer < 10) {
1621 wake_up_all(&tomoyo_query_wait);
1622 if (wait_event_interruptible_timeout
1623 (tomoyo_answer_wait, entry.answer ||
1624 !atomic_read(&tomoyo_query_observers), HZ))
1629 spin_lock(&tomoyo_query_list_lock);
1630 list_del(&entry.list);
1631 tomoyo_memory_used[TOMOYO_MEMORY_QUERY] -= len;
1632 spin_unlock(&tomoyo_query_list_lock);
1633 switch (entry.answer) {
1634 case 3: /* Asked to retry by administrator. */
1635 error = TOMOYO_RETRY_REQUEST;
1639 /* Granted by administrator. */
1643 /* Timed out or rejected by administrator. */
1652 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query.
1654 * @file: Pointer to "struct file".
1655 * @wait: Pointer to "poll_table".
1657 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
1659 * Waits for access requests which violated policy in enforcing mode.
1661 static int tomoyo_poll_query(struct file *file, poll_table *wait)
1663 struct list_head *tmp;
1666 for (i = 0; i < 2; i++) {
1667 spin_lock(&tomoyo_query_list_lock);
1668 list_for_each(tmp, &tomoyo_query_list) {
1669 struct tomoyo_query *ptr =
1670 list_entry(tmp, typeof(*ptr), list);
1676 spin_unlock(&tomoyo_query_list_lock);
1678 return POLLIN | POLLRDNORM;
1681 poll_wait(file, &tomoyo_query_wait, wait);
1687 * tomoyo_read_query - Read access requests which violated policy in enforcing mode.
1689 * @head: Pointer to "struct tomoyo_io_buffer".
1691 static void tomoyo_read_query(struct tomoyo_io_buffer *head)
1693 struct list_head *tmp;
1699 if (head->read_buf) {
1700 kfree(head->read_buf);
1701 head->read_buf = NULL;
1703 spin_lock(&tomoyo_query_list_lock);
1704 list_for_each(tmp, &tomoyo_query_list) {
1705 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1708 if (pos++ != head->r.query_index)
1710 len = ptr->query_len;
1713 spin_unlock(&tomoyo_query_list_lock);
1715 head->r.query_index = 0;
1718 buf = kzalloc(len + 32, GFP_NOFS);
1722 spin_lock(&tomoyo_query_list_lock);
1723 list_for_each(tmp, &tomoyo_query_list) {
1724 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1727 if (pos++ != head->r.query_index)
1730 * Some query can be skipped because tomoyo_query_list
1731 * can change, but I don't care.
1733 if (len == ptr->query_len)
1734 snprintf(buf, len + 31, "Q%u-%hu\n%s", ptr->serial,
1735 ptr->retry, ptr->query);
1738 spin_unlock(&tomoyo_query_list_lock);
1740 head->read_buf = buf;
1741 head->r.w[head->r.w_pos++] = buf;
1742 head->r.query_index++;
1749 * tomoyo_write_answer - Write the supervisor's decision.
1751 * @head: Pointer to "struct tomoyo_io_buffer".
1753 * Returns 0 on success, -EINVAL otherwise.
1755 static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
1757 char *data = head->write_buf;
1758 struct list_head *tmp;
1759 unsigned int serial;
1760 unsigned int answer;
1761 spin_lock(&tomoyo_query_list_lock);
1762 list_for_each(tmp, &tomoyo_query_list) {
1763 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1766 spin_unlock(&tomoyo_query_list_lock);
1767 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
1769 spin_lock(&tomoyo_query_list_lock);
1770 list_for_each(tmp, &tomoyo_query_list) {
1771 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1772 if (ptr->serial != serial)
1775 ptr->answer = answer;
1778 spin_unlock(&tomoyo_query_list_lock);
1783 * tomoyo_read_version: Get version.
1785 * @head: Pointer to "struct tomoyo_io_buffer".
1787 * Returns version information.
1789 static void tomoyo_read_version(struct tomoyo_io_buffer *head)
1792 tomoyo_io_printf(head, "2.4.0");
1798 * tomoyo_read_self_domain - Get the current process's domainname.
1800 * @head: Pointer to "struct tomoyo_io_buffer".
1802 * Returns the current process's domainname.
1804 static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1808 * tomoyo_domain()->domainname != NULL
1809 * because every process belongs to a domain and
1810 * the domain's name cannot be NULL.
1812 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1818 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1820 * @type: Type of interface.
1821 * @file: Pointer to "struct file".
1823 * Returns 0 on success, negative value otherwise.
1825 int tomoyo_open_control(const u8 type, struct file *file)
1827 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS);
1831 mutex_init(&head->io_sem);
1834 case TOMOYO_DOMAINPOLICY:
1835 /* /sys/kernel/security/tomoyo/domain_policy */
1836 head->write = tomoyo_write_domain;
1837 head->read = tomoyo_read_domain;
1839 case TOMOYO_EXCEPTIONPOLICY:
1840 /* /sys/kernel/security/tomoyo/exception_policy */
1841 head->write = tomoyo_write_exception;
1842 head->read = tomoyo_read_exception;
1845 /* /sys/kernel/security/tomoyo/audit */
1846 head->poll = tomoyo_poll_log;
1847 head->read = tomoyo_read_log;
1849 case TOMOYO_SELFDOMAIN:
1850 /* /sys/kernel/security/tomoyo/self_domain */
1851 head->read = tomoyo_read_self_domain;
1853 case TOMOYO_DOMAIN_STATUS:
1854 /* /sys/kernel/security/tomoyo/.domain_status */
1855 head->write = tomoyo_write_domain_profile;
1856 head->read = tomoyo_read_domain_profile;
1858 case TOMOYO_PROCESS_STATUS:
1859 /* /sys/kernel/security/tomoyo/.process_status */
1860 head->write = tomoyo_write_pid;
1861 head->read = tomoyo_read_pid;
1863 case TOMOYO_VERSION:
1864 /* /sys/kernel/security/tomoyo/version */
1865 head->read = tomoyo_read_version;
1866 head->readbuf_size = 128;
1868 case TOMOYO_MEMINFO:
1869 /* /sys/kernel/security/tomoyo/meminfo */
1870 head->write = tomoyo_write_memory_quota;
1871 head->read = tomoyo_read_memory_counter;
1872 head->readbuf_size = 512;
1874 case TOMOYO_PROFILE:
1875 /* /sys/kernel/security/tomoyo/profile */
1876 head->write = tomoyo_write_profile;
1877 head->read = tomoyo_read_profile;
1879 case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */
1880 head->poll = tomoyo_poll_query;
1881 head->write = tomoyo_write_answer;
1882 head->read = tomoyo_read_query;
1884 case TOMOYO_MANAGER:
1885 /* /sys/kernel/security/tomoyo/manager */
1886 head->write = tomoyo_write_manager;
1887 head->read = tomoyo_read_manager;
1890 if (!(file->f_mode & FMODE_READ)) {
1892 * No need to allocate read_buf since it is not opened
1897 } else if (!head->poll) {
1898 /* Don't allocate read_buf for poll() access. */
1899 if (!head->readbuf_size)
1900 head->readbuf_size = 4096 * 2;
1901 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS);
1902 if (!head->read_buf) {
1907 if (!(file->f_mode & FMODE_WRITE)) {
1909 * No need to allocate write_buf since it is not opened
1913 } else if (head->write) {
1914 head->writebuf_size = 4096 * 2;
1915 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS);
1916 if (!head->write_buf) {
1917 kfree(head->read_buf);
1923 * If the file is /sys/kernel/security/tomoyo/query , increment the
1925 * The obserber counter is used by tomoyo_supervisor() to see if
1926 * there is some process monitoring /sys/kernel/security/tomoyo/query.
1928 if (type == TOMOYO_QUERY)
1929 atomic_inc(&tomoyo_query_observers);
1930 file->private_data = head;
1931 tomoyo_notify_gc(head, true);
1936 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
1938 * @file: Pointer to "struct file".
1939 * @wait: Pointer to "poll_table".
1941 * Waits for read readiness.
1942 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd and
1943 * /sys/kernel/security/tomoyo/audit is handled by /usr/sbin/tomoyo-auditd.
1945 int tomoyo_poll_control(struct file *file, poll_table *wait)
1947 struct tomoyo_io_buffer *head = file->private_data;
1950 return head->poll(file, wait);
1954 * tomoyo_set_namespace_cursor - Set namespace to read.
1956 * @head: Pointer to "struct tomoyo_io_buffer".
1960 static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer *head)
1962 struct list_head *ns;
1963 if (head->type != TOMOYO_EXCEPTIONPOLICY &&
1964 head->type != TOMOYO_PROFILE)
1967 * If this is the first read, or reading previous namespace finished
1968 * and has more namespaces to read, update the namespace cursor.
1971 if (!ns || (head->r.eof && ns->next != &tomoyo_namespace_list)) {
1972 /* Clearing is OK because tomoyo_flush() returned true. */
1973 memset(&head->r, 0, sizeof(head->r));
1974 head->r.ns = ns ? ns->next : tomoyo_namespace_list.next;
1979 * tomoyo_has_more_namespace - Check for unread namespaces.
1981 * @head: Pointer to "struct tomoyo_io_buffer".
1983 * Returns true if we have more entries to print, false otherwise.
1985 static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head)
1987 return (head->type == TOMOYO_EXCEPTIONPOLICY ||
1988 head->type == TOMOYO_PROFILE) && head->r.eof &&
1989 head->r.ns->next != &tomoyo_namespace_list;
1993 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
1995 * @head: Pointer to "struct tomoyo_io_buffer".
1996 * @buffer: Poiner to buffer to write to.
1997 * @buffer_len: Size of @buffer.
1999 * Returns bytes read on success, negative value otherwise.
2001 int tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
2002 const int buffer_len)
2009 if (mutex_lock_interruptible(&head->io_sem))
2011 head->read_user_buf = buffer;
2012 head->read_user_buf_avail = buffer_len;
2013 idx = tomoyo_read_lock();
2014 if (tomoyo_flush(head))
2015 /* Call the policy handler. */
2017 tomoyo_set_namespace_cursor(head);
2019 } while (tomoyo_flush(head) &&
2020 tomoyo_has_more_namespace(head));
2021 tomoyo_read_unlock(idx);
2022 len = head->read_user_buf - buffer;
2023 mutex_unlock(&head->io_sem);
2028 * tomoyo_parse_policy - Parse a policy line.
2030 * @head: Poiter to "struct tomoyo_io_buffer".
2031 * @line: Line to parse.
2033 * Returns 0 on success, negative value otherwise.
2035 * Caller holds tomoyo_read_lock().
2037 static int tomoyo_parse_policy(struct tomoyo_io_buffer *head, char *line)
2039 /* Delete request? */
2040 head->w.is_delete = !strncmp(line, "delete ", 7);
2041 if (head->w.is_delete)
2042 memmove(line, line + 7, strlen(line + 7) + 1);
2043 /* Selecting namespace to update. */
2044 if (head->type == TOMOYO_EXCEPTIONPOLICY ||
2045 head->type == TOMOYO_PROFILE) {
2047 char *cp = strchr(line, ' ');
2050 head->w.ns = tomoyo_assign_namespace(line);
2051 memmove(line, cp, strlen(cp) + 1);
2055 head->w.ns = &tomoyo_kernel_namespace;
2056 /* Don't allow updating if namespace is invalid. */
2060 /* Do the update. */
2061 return head->write(head);
2065 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
2067 * @head: Pointer to "struct tomoyo_io_buffer".
2068 * @buffer: Pointer to buffer to read from.
2069 * @buffer_len: Size of @buffer.
2071 * Returns @buffer_len on success, negative value otherwise.
2073 int tomoyo_write_control(struct tomoyo_io_buffer *head,
2074 const char __user *buffer, const int buffer_len)
2076 int error = buffer_len;
2077 size_t avail_len = buffer_len;
2078 char *cp0 = head->write_buf;
2082 if (!access_ok(VERIFY_READ, buffer, buffer_len))
2084 if (mutex_lock_interruptible(&head->io_sem))
2086 idx = tomoyo_read_lock();
2087 /* Read a line and dispatch it to the policy handler. */
2088 while (avail_len > 0) {
2090 if (head->w.avail >= head->writebuf_size - 1) {
2091 const int len = head->writebuf_size * 2;
2092 char *cp = kzalloc(len, GFP_NOFS);
2097 memmove(cp, cp0, head->w.avail);
2099 head->write_buf = cp;
2101 head->writebuf_size = len;
2103 if (get_user(c, buffer)) {
2109 cp0[head->w.avail++] = c;
2112 cp0[head->w.avail - 1] = '\0';
2114 tomoyo_normalize_line(cp0);
2115 if (!strcmp(cp0, "reset")) {
2116 head->w.ns = &tomoyo_kernel_namespace;
2117 head->w.domain = NULL;
2118 memset(&head->r, 0, sizeof(head->r));
2121 /* Don't allow updating policies by non manager programs. */
2122 switch (head->type) {
2123 case TOMOYO_PROCESS_STATUS:
2124 /* This does not write anything. */
2126 case TOMOYO_DOMAINPOLICY:
2127 if (tomoyo_select_domain(head, cp0))
2130 case TOMOYO_EXCEPTIONPOLICY:
2131 if (!strcmp(cp0, "select transition_only")) {
2132 head->r.print_transition_related_only = true;
2137 if (!tomoyo_manager()) {
2142 switch (tomoyo_parse_policy(head, cp0)) {
2149 tomoyo_read_unlock(idx);
2150 mutex_unlock(&head->io_sem);
2155 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
2157 * @head: Pointer to "struct tomoyo_io_buffer".
2161 int tomoyo_close_control(struct tomoyo_io_buffer *head)
2164 * If the file is /sys/kernel/security/tomoyo/query , decrement the
2167 if (head->type == TOMOYO_QUERY &&
2168 atomic_dec_and_test(&tomoyo_query_observers))
2169 wake_up_all(&tomoyo_answer_wait);
2170 tomoyo_notify_gc(head, false);
2175 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined.
2177 void tomoyo_check_profile(void)
2179 struct tomoyo_domain_info *domain;
2180 const int idx = tomoyo_read_lock();
2181 tomoyo_policy_loaded = true;
2182 printk(KERN_INFO "TOMOYO: 2.4.0\n");
2183 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
2184 const u8 profile = domain->profile;
2185 const struct tomoyo_policy_namespace *ns = domain->ns;
2186 if (ns->profile_version != 20100903)
2188 "Profile version %u is not supported.\n",
2189 ns->profile_version);
2190 else if (!ns->profile_ptr[profile])
2192 "Profile %u (used by '%s') is not defined.\n",
2193 profile, domain->domainname->name);
2197 "Userland tools for TOMOYO 2.4 must be installed and "
2198 "policy must be initialized.\n");
2199 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.4/ "
2200 "for more information.\n");
2203 tomoyo_read_unlock(idx);
2204 printk(KERN_INFO "Mandatory Access Control activated.\n");
projects / linux-beck.git / blob