Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
common.c
Go to the documentation of this file.
1 /*
2  * security/tomoyo/common.c
3  *
4  * Copyright (C) 2005-2011 NTT DATA CORPORATION
5  */
6 
7 #include <linux/uaccess.h>
8 #include <linux/slab.h>
9 #include <linux/security.h>
10 #include "common.h"
11 
12 /* String table for operation mode. */
13 const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE] = {
14  [TOMOYO_CONFIG_DISABLED] = "disabled",
15  [TOMOYO_CONFIG_LEARNING] = "learning",
16  [TOMOYO_CONFIG_PERMISSIVE] = "permissive",
17  [TOMOYO_CONFIG_ENFORCING] = "enforcing"
18 };
19 
20 /* String table for /sys/kernel/security/tomoyo/profile */
21 const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
22  + TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
23  /* CONFIG::file group */
24  [TOMOYO_MAC_FILE_EXECUTE] = "execute",
25  [TOMOYO_MAC_FILE_OPEN] = "open",
26  [TOMOYO_MAC_FILE_CREATE] = "create",
27  [TOMOYO_MAC_FILE_UNLINK] = "unlink",
28  [TOMOYO_MAC_FILE_GETATTR] = "getattr",
29  [TOMOYO_MAC_FILE_MKDIR] = "mkdir",
30  [TOMOYO_MAC_FILE_RMDIR] = "rmdir",
31  [TOMOYO_MAC_FILE_MKFIFO] = "mkfifo",
32  [TOMOYO_MAC_FILE_MKSOCK] = "mksock",
33  [TOMOYO_MAC_FILE_TRUNCATE] = "truncate",
34  [TOMOYO_MAC_FILE_SYMLINK] = "symlink",
35  [TOMOYO_MAC_FILE_MKBLOCK] = "mkblock",
36  [TOMOYO_MAC_FILE_MKCHAR] = "mkchar",
37  [TOMOYO_MAC_FILE_LINK] = "link",
38  [TOMOYO_MAC_FILE_RENAME] = "rename",
39  [TOMOYO_MAC_FILE_CHMOD] = "chmod",
40  [TOMOYO_MAC_FILE_CHOWN] = "chown",
41  [TOMOYO_MAC_FILE_CHGRP] = "chgrp",
42  [TOMOYO_MAC_FILE_IOCTL] = "ioctl",
43  [TOMOYO_MAC_FILE_CHROOT] = "chroot",
44  [TOMOYO_MAC_FILE_MOUNT] = "mount",
45  [TOMOYO_MAC_FILE_UMOUNT] = "unmount",
46  [TOMOYO_MAC_FILE_PIVOT_ROOT] = "pivot_root",
47  /* CONFIG::network group */
48  [TOMOYO_MAC_NETWORK_INET_STREAM_BIND] = "inet_stream_bind",
49  [TOMOYO_MAC_NETWORK_INET_STREAM_LISTEN] = "inet_stream_listen",
50  [TOMOYO_MAC_NETWORK_INET_STREAM_CONNECT] = "inet_stream_connect",
51  [TOMOYO_MAC_NETWORK_INET_DGRAM_BIND] = "inet_dgram_bind",
52  [TOMOYO_MAC_NETWORK_INET_DGRAM_SEND] = "inet_dgram_send",
53  [TOMOYO_MAC_NETWORK_INET_RAW_BIND] = "inet_raw_bind",
54  [TOMOYO_MAC_NETWORK_INET_RAW_SEND] = "inet_raw_send",
55  [TOMOYO_MAC_NETWORK_UNIX_STREAM_BIND] = "unix_stream_bind",
56  [TOMOYO_MAC_NETWORK_UNIX_STREAM_LISTEN] = "unix_stream_listen",
57  [TOMOYO_MAC_NETWORK_UNIX_STREAM_CONNECT] = "unix_stream_connect",
58  [TOMOYO_MAC_NETWORK_UNIX_DGRAM_BIND] = "unix_dgram_bind",
59  [TOMOYO_MAC_NETWORK_UNIX_DGRAM_SEND] = "unix_dgram_send",
60  [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_BIND] = "unix_seqpacket_bind",
61  [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_LISTEN] = "unix_seqpacket_listen",
62  [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] = "unix_seqpacket_connect",
63  /* CONFIG::misc group */
64  [TOMOYO_MAC_ENVIRON] = "env",
65  /* CONFIG group */
66  [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file",
67  [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_NETWORK] = "network",
68  [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_MISC] = "misc",
69 };
70 
71 /* String table for conditions. */
72 const char * const tomoyo_condition_keyword[TOMOYO_MAX_CONDITION_KEYWORD] = {
73  [TOMOYO_TASK_UID] = "task.uid",
74  [TOMOYO_TASK_EUID] = "task.euid",
75  [TOMOYO_TASK_SUID] = "task.suid",
76  [TOMOYO_TASK_FSUID] = "task.fsuid",
77  [TOMOYO_TASK_GID] = "task.gid",
78  [TOMOYO_TASK_EGID] = "task.egid",
79  [TOMOYO_TASK_SGID] = "task.sgid",
80  [TOMOYO_TASK_FSGID] = "task.fsgid",
81  [TOMOYO_TASK_PID] = "task.pid",
82  [TOMOYO_TASK_PPID] = "task.ppid",
83  [TOMOYO_EXEC_ARGC] = "exec.argc",
84  [TOMOYO_EXEC_ENVC] = "exec.envc",
85  [TOMOYO_TYPE_IS_SOCKET] = "socket",
86  [TOMOYO_TYPE_IS_SYMLINK] = "symlink",
87  [TOMOYO_TYPE_IS_FILE] = "file",
88  [TOMOYO_TYPE_IS_BLOCK_DEV] = "block",
89  [TOMOYO_TYPE_IS_DIRECTORY] = "directory",
90  [TOMOYO_TYPE_IS_CHAR_DEV] = "char",
91  [TOMOYO_TYPE_IS_FIFO] = "fifo",
92  [TOMOYO_MODE_SETUID] = "setuid",
93  [TOMOYO_MODE_SETGID] = "setgid",
94  [TOMOYO_MODE_STICKY] = "sticky",
95  [TOMOYO_MODE_OWNER_READ] = "owner_read",
96  [TOMOYO_MODE_OWNER_WRITE] = "owner_write",
97  [TOMOYO_MODE_OWNER_EXECUTE] = "owner_execute",
98  [TOMOYO_MODE_GROUP_READ] = "group_read",
99  [TOMOYO_MODE_GROUP_WRITE] = "group_write",
100  [TOMOYO_MODE_GROUP_EXECUTE] = "group_execute",
101  [TOMOYO_MODE_OTHERS_READ] = "others_read",
102  [TOMOYO_MODE_OTHERS_WRITE] = "others_write",
103  [TOMOYO_MODE_OTHERS_EXECUTE] = "others_execute",
104  [TOMOYO_EXEC_REALPATH] = "exec.realpath",
105  [TOMOYO_SYMLINK_TARGET] = "symlink.target",
106  [TOMOYO_PATH1_UID] = "path1.uid",
107  [TOMOYO_PATH1_GID] = "path1.gid",
108  [TOMOYO_PATH1_INO] = "path1.ino",
109  [TOMOYO_PATH1_MAJOR] = "path1.major",
110  [TOMOYO_PATH1_MINOR] = "path1.minor",
111  [TOMOYO_PATH1_PERM] = "path1.perm",
112  [TOMOYO_PATH1_TYPE] = "path1.type",
113  [TOMOYO_PATH1_DEV_MAJOR] = "path1.dev_major",
114  [TOMOYO_PATH1_DEV_MINOR] = "path1.dev_minor",
115  [TOMOYO_PATH2_UID] = "path2.uid",
116  [TOMOYO_PATH2_GID] = "path2.gid",
117  [TOMOYO_PATH2_INO] = "path2.ino",
118  [TOMOYO_PATH2_MAJOR] = "path2.major",
119  [TOMOYO_PATH2_MINOR] = "path2.minor",
120  [TOMOYO_PATH2_PERM] = "path2.perm",
121  [TOMOYO_PATH2_TYPE] = "path2.type",
122  [TOMOYO_PATH2_DEV_MAJOR] = "path2.dev_major",
123  [TOMOYO_PATH2_DEV_MINOR] = "path2.dev_minor",
124  [TOMOYO_PATH1_PARENT_UID] = "path1.parent.uid",
125  [TOMOYO_PATH1_PARENT_GID] = "path1.parent.gid",
126  [TOMOYO_PATH1_PARENT_INO] = "path1.parent.ino",
127  [TOMOYO_PATH1_PARENT_PERM] = "path1.parent.perm",
128  [TOMOYO_PATH2_PARENT_UID] = "path2.parent.uid",
129  [TOMOYO_PATH2_PARENT_GID] = "path2.parent.gid",
130  [TOMOYO_PATH2_PARENT_INO] = "path2.parent.ino",
131  [TOMOYO_PATH2_PARENT_PERM] = "path2.parent.perm",
132 };
133 
134 /* String table for PREFERENCE keyword. */
135 static const char * const tomoyo_pref_keywords[TOMOYO_MAX_PREF] = {
136  [TOMOYO_PREF_MAX_AUDIT_LOG] = "max_audit_log",
137  [TOMOYO_PREF_MAX_LEARNING_ENTRY] = "max_learning_entry",
138 };
139 
140 /* String table for path operation. */
141 const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
142  [TOMOYO_TYPE_EXECUTE] = "execute",
143  [TOMOYO_TYPE_READ] = "read",
144  [TOMOYO_TYPE_WRITE] = "write",
145  [TOMOYO_TYPE_APPEND] = "append",
146  [TOMOYO_TYPE_UNLINK] = "unlink",
147  [TOMOYO_TYPE_GETATTR] = "getattr",
148  [TOMOYO_TYPE_RMDIR] = "rmdir",
149  [TOMOYO_TYPE_TRUNCATE] = "truncate",
150  [TOMOYO_TYPE_SYMLINK] = "symlink",
151  [TOMOYO_TYPE_CHROOT] = "chroot",
152  [TOMOYO_TYPE_UMOUNT] = "unmount",
153 };
154 
155 /* String table for socket's operation. */
156 const char * const tomoyo_socket_keyword[TOMOYO_MAX_NETWORK_OPERATION] = {
157  [TOMOYO_NETWORK_BIND] = "bind",
158  [TOMOYO_NETWORK_LISTEN] = "listen",
159  [TOMOYO_NETWORK_CONNECT] = "connect",
160  [TOMOYO_NETWORK_SEND] = "send",
161 };
162 
163 /* String table for categories. */
164 static const char * const tomoyo_category_keywords
165 [TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
166  [TOMOYO_MAC_CATEGORY_FILE] = "file",
167  [TOMOYO_MAC_CATEGORY_NETWORK] = "network",
168  [TOMOYO_MAC_CATEGORY_MISC] = "misc",
169 };
170 
171 /* Permit policy management by non-root user? */
172 static bool tomoyo_manage_by_non_root;
173 
174 /* Utility functions. */
175 
181 const char *tomoyo_yesno(const unsigned int value)
182 {
183  return value ? "yes" : "no";
184 }
185 
195 static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...)
196 {
197  va_list args;
198  const int pos = strlen(buffer);
199  va_start(args, fmt);
200  vsnprintf(buffer + pos, len - pos - 1, fmt, args);
201  va_end(args);
202 }
203 
211 static bool tomoyo_flush(struct tomoyo_io_buffer *head)
212 {
213  while (head->r.w_pos) {
214  const char *w = head->r.w[0];
215  size_t len = strlen(w);
216  if (len) {
217  if (len > head->read_user_buf_avail)
218  len = head->read_user_buf_avail;
219  if (!len)
220  return false;
221  if (copy_to_user(head->read_user_buf, w, len))
222  return false;
223  head->read_user_buf_avail -= len;
224  head->read_user_buf += len;
225  w += len;
226  }
227  head->r.w[0] = w;
228  if (*w)
229  return false;
230  /* Add '\0' for audit logs and query. */
231  if (head->poll) {
232  if (!head->read_user_buf_avail ||
233  copy_to_user(head->read_user_buf, "", 1))
234  return false;
235  head->read_user_buf_avail--;
236  head->read_user_buf++;
237  }
238  head->r.w_pos--;
239  for (len = 0; len < head->r.w_pos; len++)
240  head->r.w[len] = head->r.w[len + 1];
241  }
242  head->r.avail = 0;
243  return true;
244 }
245 
256 static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string)
257 {
258  if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) {
259  head->r.w[head->r.w_pos++] = string;
260  tomoyo_flush(head);
261  } else
262  WARN_ON(1);
263 }
264 
265 static void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt,
266  ...) __printf(2, 3);
267 
274 static void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt,
275  ...)
276 {
277  va_list args;
278  size_t len;
279  size_t pos = head->r.avail;
280  int size = head->readbuf_size - pos;
281  if (size <= 0)
282  return;
283  va_start(args, fmt);
284  len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
285  va_end(args);
286  if (pos + len >= head->readbuf_size) {
287  WARN_ON(1);
288  return;
289  }
290  head->r.avail += len;
291  tomoyo_set_string(head, head->read_buf + pos);
292 }
293 
301 static void tomoyo_set_space(struct tomoyo_io_buffer *head)
302 {
303  tomoyo_set_string(head, " ");
304 }
305 
313 static bool tomoyo_set_lf(struct tomoyo_io_buffer *head)
314 {
315  tomoyo_set_string(head, "\n");
316  return !head->r.w_pos;
317 }
318 
326 static void tomoyo_set_slash(struct tomoyo_io_buffer *head)
327 {
328  tomoyo_set_string(head, "/");
329 }
330 
331 /* List of namespaces. */
332 LIST_HEAD(tomoyo_namespace_list);
333 /* True if namespace other than tomoyo_kernel_namespace is defined. */
334 static bool tomoyo_namespace_enabled;
335 
343 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns)
344 {
345  unsigned int idx;
346  for (idx = 0; idx < TOMOYO_MAX_ACL_GROUPS; idx++)
347  INIT_LIST_HEAD(&ns->acl_group[idx]);
348  for (idx = 0; idx < TOMOYO_MAX_GROUP; idx++)
349  INIT_LIST_HEAD(&ns->group_list[idx]);
350  for (idx = 0; idx < TOMOYO_MAX_POLICY; idx++)
351  INIT_LIST_HEAD(&ns->policy_list[idx]);
352  ns->profile_version = 20110903;
353  tomoyo_namespace_enabled = !list_empty(&tomoyo_namespace_list);
354  list_add_tail_rcu(&ns->namespace_list, &tomoyo_namespace_list);
355 }
356 
364 static void tomoyo_print_namespace(struct tomoyo_io_buffer *head)
365 {
366  if (!tomoyo_namespace_enabled)
367  return;
368  tomoyo_set_string(head,
369  container_of(head->r.ns,
370  struct tomoyo_policy_namespace,
371  namespace_list)->name);
372  tomoyo_set_space(head);
373 }
374 
381 static void tomoyo_print_name_union(struct tomoyo_io_buffer *head,
382  const struct tomoyo_name_union *ptr)
383 {
384  tomoyo_set_space(head);
385  if (ptr->group) {
386  tomoyo_set_string(head, "@");
387  tomoyo_set_string(head, ptr->group->group_name->name);
388  } else {
389  tomoyo_set_string(head, ptr->filename->name);
390  }
391 }
392 
401 static void tomoyo_print_name_union_quoted(struct tomoyo_io_buffer *head,
402  const struct tomoyo_name_union *ptr)
403 {
404  if (ptr->group) {
405  tomoyo_set_string(head, "@");
406  tomoyo_set_string(head, ptr->group->group_name->name);
407  } else {
408  tomoyo_set_string(head, "\"");
409  tomoyo_set_string(head, ptr->filename->name);
410  tomoyo_set_string(head, "\"");
411  }
412 }
413 
422 static void tomoyo_print_number_union_nospace
423 (struct tomoyo_io_buffer *head, const struct tomoyo_number_union *ptr)
424 {
425  if (ptr->group) {
426  tomoyo_set_string(head, "@");
427  tomoyo_set_string(head, ptr->group->group_name->name);
428  } else {
429  int i;
430  unsigned long min = ptr->values[0];
431  const unsigned long max = ptr->values[1];
432  u8 min_type = ptr->value_type[0];
433  const u8 max_type = ptr->value_type[1];
434  char buffer[128];
435  buffer[0] = '\0';
436  for (i = 0; i < 2; i++) {
437  switch (min_type) {
438  case TOMOYO_VALUE_TYPE_HEXADECIMAL:
439  tomoyo_addprintf(buffer, sizeof(buffer),
440  "0x%lX", min);
441  break;
442  case TOMOYO_VALUE_TYPE_OCTAL:
443  tomoyo_addprintf(buffer, sizeof(buffer),
444  "0%lo", min);
445  break;
446  default:
447  tomoyo_addprintf(buffer, sizeof(buffer), "%lu",
448  min);
449  break;
450  }
451  if (min == max && min_type == max_type)
452  break;
453  tomoyo_addprintf(buffer, sizeof(buffer), "-");
454  min_type = max_type;
455  min = max;
456  }
457  tomoyo_io_printf(head, "%s", buffer);
458  }
459 }
460 
469 static void tomoyo_print_number_union(struct tomoyo_io_buffer *head,
470  const struct tomoyo_number_union *ptr)
471 {
472  tomoyo_set_space(head);
473  tomoyo_print_number_union_nospace(head, ptr);
474 }
475 
484 static struct tomoyo_profile *tomoyo_assign_profile
485 (struct tomoyo_policy_namespace *ns, const unsigned int profile)
486 {
487  struct tomoyo_profile *ptr;
488  struct tomoyo_profile *entry;
489  if (profile >= TOMOYO_MAX_PROFILES)
490  return NULL;
491  ptr = ns->profile_ptr[profile];
492  if (ptr)
493  return ptr;
494  entry = kzalloc(sizeof(*entry), GFP_NOFS);
495  if (mutex_lock_interruptible(&tomoyo_policy_lock))
496  goto out;
497  ptr = ns->profile_ptr[profile];
498  if (!ptr && tomoyo_memory_ok(entry)) {
499  ptr = entry;
500  ptr->default_config = TOMOYO_CONFIG_DISABLED |
501  TOMOYO_CONFIG_WANT_GRANT_LOG |
502  TOMOYO_CONFIG_WANT_REJECT_LOG;
503  memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT,
504  sizeof(ptr->config));
505  ptr->pref[TOMOYO_PREF_MAX_AUDIT_LOG] =
506  CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG;
507  ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] =
508  CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY;
509  mb(); /* Avoid out-of-order execution. */
510  ns->profile_ptr[profile] = ptr;
511  entry = NULL;
512  }
513  mutex_unlock(&tomoyo_policy_lock);
514  out:
515  kfree(entry);
516  return ptr;
517 }
518 
527 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns,
528  const u8 profile)
529 {
530  static struct tomoyo_profile tomoyo_null_profile;
531  struct tomoyo_profile *ptr = ns->profile_ptr[profile];
532  if (!ptr)
533  ptr = &tomoyo_null_profile;
534  return ptr;
535 }
536 
545 static s8 tomoyo_find_yesno(const char *string, const char *find)
546 {
547  const char *cp = strstr(string, find);
548  if (cp) {
549  cp += strlen(find);
550  if (!strncmp(cp, "=yes", 4))
551  return 1;
552  else if (!strncmp(cp, "=no", 3))
553  return 0;
554  }
555  return -1;
556 }
557 
567 static void tomoyo_set_uint(unsigned int *i, const char *string,
568  const char *find)
569 {
570  const char *cp = strstr(string, find);
571  if (cp)
572  sscanf(cp + strlen(find), "=%u", i);
573 }
574 
584 static int tomoyo_set_mode(char *name, const char *value,
585  struct tomoyo_profile *profile)
586 {
587  u8 i;
588  u8 config;
589  if (!strcmp(name, "CONFIG")) {
590  i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX;
591  config = profile->default_config;
592  } else if (tomoyo_str_starts(&name, "CONFIG::")) {
593  config = 0;
594  for (i = 0; i < TOMOYO_MAX_MAC_INDEX
595  + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) {
596  int len = 0;
597  if (i < TOMOYO_MAX_MAC_INDEX) {
598  const u8 c = tomoyo_index2category[i];
599  const char *category =
600  tomoyo_category_keywords[c];
601  len = strlen(category);
602  if (strncmp(name, category, len) ||
603  name[len++] != ':' || name[len++] != ':')
604  continue;
605  }
606  if (strcmp(name + len, tomoyo_mac_keywords[i]))
607  continue;
608  config = profile->config[i];
609  break;
610  }
611  if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
612  return -EINVAL;
613  } else {
614  return -EINVAL;
615  }
616  if (strstr(value, "use_default")) {
617  config = TOMOYO_CONFIG_USE_DEFAULT;
618  } else {
619  u8 mode;
620  for (mode = 0; mode < 4; mode++)
621  if (strstr(value, tomoyo_mode[mode]))
622  /*
623  * Update lower 3 bits in order to distinguish
624  * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
625  */
626  config = (config & ~7) | mode;
627  if (config != TOMOYO_CONFIG_USE_DEFAULT) {
628  switch (tomoyo_find_yesno(value, "grant_log")) {
629  case 1:
630  config |= TOMOYO_CONFIG_WANT_GRANT_LOG;
631  break;
632  case 0:
633  config &= ~TOMOYO_CONFIG_WANT_GRANT_LOG;
634  break;
635  }
636  switch (tomoyo_find_yesno(value, "reject_log")) {
637  case 1:
638  config |= TOMOYO_CONFIG_WANT_REJECT_LOG;
639  break;
640  case 0:
641  config &= ~TOMOYO_CONFIG_WANT_REJECT_LOG;
642  break;
643  }
644  }
645  }
646  if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
647  profile->config[i] = config;
648  else if (config != TOMOYO_CONFIG_USE_DEFAULT)
649  profile->default_config = config;
650  return 0;
651 }
652 
660 static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
661 {
662  char *data = head->write_buf;
663  unsigned int i;
664  char *cp;
665  struct tomoyo_profile *profile;
666  if (sscanf(data, "PROFILE_VERSION=%u", &head->w.ns->profile_version)
667  == 1)
668  return 0;
669  i = simple_strtoul(data, &cp, 10);
670  if (*cp != '-')
671  return -EINVAL;
672  data = cp + 1;
673  profile = tomoyo_assign_profile(head->w.ns, i);
674  if (!profile)
675  return -EINVAL;
676  cp = strchr(data, '=');
677  if (!cp)
678  return -EINVAL;
679  *cp++ = '\0';
680  if (!strcmp(data, "COMMENT")) {
681  static DEFINE_SPINLOCK(lock);
682  const struct tomoyo_path_info *new_comment
683  = tomoyo_get_name(cp);
684  const struct tomoyo_path_info *old_comment;
685  if (!new_comment)
686  return -ENOMEM;
687  spin_lock(&lock);
688  old_comment = profile->comment;
689  profile->comment = new_comment;
690  spin_unlock(&lock);
691  tomoyo_put_name(old_comment);
692  return 0;
693  }
694  if (!strcmp(data, "PREFERENCE")) {
695  for (i = 0; i < TOMOYO_MAX_PREF; i++)
696  tomoyo_set_uint(&profile->pref[i], cp,
697  tomoyo_pref_keywords[i]);
698  return 0;
699  }
700  return tomoyo_set_mode(data, cp, profile);
701 }
702 
713 static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config)
714 {
715  tomoyo_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n",
716  tomoyo_mode[config & 3],
717  tomoyo_yesno(config & TOMOYO_CONFIG_WANT_GRANT_LOG),
718  tomoyo_yesno(config & TOMOYO_CONFIG_WANT_REJECT_LOG));
719 }
720 
728 static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
729 {
730  u8 index;
731  struct tomoyo_policy_namespace *ns =
732  container_of(head->r.ns, typeof(*ns), namespace_list);
733  const struct tomoyo_profile *profile;
734  if (head->r.eof)
735  return;
736  next:
737  index = head->r.index;
738  profile = ns->profile_ptr[index];
739  switch (head->r.step) {
740  case 0:
741  tomoyo_print_namespace(head);
742  tomoyo_io_printf(head, "PROFILE_VERSION=%u\n",
743  ns->profile_version);
744  head->r.step++;
745  break;
746  case 1:
747  for ( ; head->r.index < TOMOYO_MAX_PROFILES;
748  head->r.index++)
749  if (ns->profile_ptr[head->r.index])
750  break;
751  if (head->r.index == TOMOYO_MAX_PROFILES) {
752  head->r.eof = true;
753  return;
754  }
755  head->r.step++;
756  break;
757  case 2:
758  {
759  u8 i;
760  const struct tomoyo_path_info *comment =
761  profile->comment;
762  tomoyo_print_namespace(head);
763  tomoyo_io_printf(head, "%u-COMMENT=", index);
764  tomoyo_set_string(head, comment ? comment->name : "");
765  tomoyo_set_lf(head);
766  tomoyo_print_namespace(head);
767  tomoyo_io_printf(head, "%u-PREFERENCE={ ", index);
768  for (i = 0; i < TOMOYO_MAX_PREF; i++)
769  tomoyo_io_printf(head, "%s=%u ",
770  tomoyo_pref_keywords[i],
771  profile->pref[i]);
772  tomoyo_set_string(head, "}\n");
773  head->r.step++;
774  }
775  break;
776  case 3:
777  {
778  tomoyo_print_namespace(head);
779  tomoyo_io_printf(head, "%u-%s", index, "CONFIG");
780  tomoyo_print_config(head, profile->default_config);
781  head->r.bit = 0;
782  head->r.step++;
783  }
784  break;
785  case 4:
786  for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX
787  + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
788  const u8 i = head->r.bit;
789  const u8 config = profile->config[i];
790  if (config == TOMOYO_CONFIG_USE_DEFAULT)
791  continue;
792  tomoyo_print_namespace(head);
793  if (i < TOMOYO_MAX_MAC_INDEX)
794  tomoyo_io_printf(head, "%u-CONFIG::%s::%s",
795  index,
796  tomoyo_category_keywords
797  [tomoyo_index2category[i]],
798  tomoyo_mac_keywords[i]);
799  else
800  tomoyo_io_printf(head, "%u-CONFIG::%s", index,
801  tomoyo_mac_keywords[i]);
802  tomoyo_print_config(head, config);
803  head->r.bit++;
804  break;
805  }
806  if (head->r.bit == TOMOYO_MAX_MAC_INDEX
807  + TOMOYO_MAX_MAC_CATEGORY_INDEX) {
808  head->r.index++;
809  head->r.step = 1;
810  }
811  break;
812  }
813  if (tomoyo_flush(head))
814  goto next;
815 }
816 
825 static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
826  const struct tomoyo_acl_head *b)
827 {
828  return container_of(a, struct tomoyo_manager, head)->manager ==
829  container_of(b, struct tomoyo_manager, head)->manager;
830 }
831 
842 static int tomoyo_update_manager_entry(const char *manager,
843  const bool is_delete)
844 {
845  struct tomoyo_manager e = { };
846  struct tomoyo_acl_param param = {
847  /* .ns = &tomoyo_kernel_namespace, */
848  .is_delete = is_delete,
849  .list = &tomoyo_kernel_namespace.
850  policy_list[TOMOYO_ID_MANAGER],
851  };
852  int error = is_delete ? -ENOENT : -ENOMEM;
853  if (!tomoyo_correct_domain(manager) &&
854  !tomoyo_correct_word(manager))
855  return -EINVAL;
856  e.manager = tomoyo_get_name(manager);
857  if (e.manager) {
858  error = tomoyo_update_policy(&e.head, sizeof(e), &param,
859  tomoyo_same_manager);
860  tomoyo_put_name(e.manager);
861  }
862  return error;
863 }
864 
874 static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
875 {
876  char *data = head->write_buf;
877 
878  if (!strcmp(data, "manage_by_non_root")) {
879  tomoyo_manage_by_non_root = !head->w.is_delete;
880  return 0;
881  }
882  return tomoyo_update_manager_entry(data, head->w.is_delete);
883 }
884 
892 static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
893 {
894  if (head->r.eof)
895  return;
896  list_for_each_cookie(head->r.acl, &tomoyo_kernel_namespace.
897  policy_list[TOMOYO_ID_MANAGER]) {
898  struct tomoyo_manager *ptr =
899  list_entry(head->r.acl, typeof(*ptr), head.list);
900  if (ptr->head.is_deleted)
901  continue;
902  if (!tomoyo_flush(head))
903  return;
904  tomoyo_set_string(head, ptr->manager->name);
905  tomoyo_set_lf(head);
906  }
907  head->r.eof = true;
908 }
909 
918 static bool tomoyo_manager(void)
919 {
920  struct tomoyo_manager *ptr;
921  const char *exe;
922  const struct task_struct *task = current;
923  const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
924  bool found = false;
925 
926  if (!tomoyo_policy_loaded)
927  return true;
928  if (!tomoyo_manage_by_non_root &&
929  (!uid_eq(task->cred->uid, GLOBAL_ROOT_UID) ||
930  !uid_eq(task->cred->euid, GLOBAL_ROOT_UID)))
931  return false;
932  exe = tomoyo_get_exe();
933  if (!exe)
934  return false;
935  list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.
936  policy_list[TOMOYO_ID_MANAGER], head.list) {
937  if (!ptr->head.is_deleted &&
938  (!tomoyo_pathcmp(domainname, ptr->manager) ||
939  !strcmp(exe, ptr->manager->name))) {
940  found = true;
941  break;
942  }
943  }
944  if (!found) { /* Reduce error messages. */
945  static pid_t last_pid;
946  const pid_t pid = current->pid;
947  if (last_pid != pid) {
948  printk(KERN_WARNING "%s ( %s ) is not permitted to "
949  "update policies.\n", domainname->name, exe);
950  last_pid = pid;
951  }
952  }
953  kfree(exe);
954  return found;
955 }
956 
957 static struct tomoyo_domain_info *tomoyo_find_domain_by_qid
958 (unsigned int serial);
959 
970 static bool tomoyo_select_domain(struct tomoyo_io_buffer *head,
971  const char *data)
972 {
973  unsigned int pid;
974  struct tomoyo_domain_info *domain = NULL;
975  bool global_pid = false;
976  if (strncmp(data, "select ", 7))
977  return false;
978  data += 7;
979  if (sscanf(data, "pid=%u", &pid) == 1 ||
980  (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
981  struct task_struct *p;
982  rcu_read_lock();
983  if (global_pid)
984  p = find_task_by_pid_ns(pid, &init_pid_ns);
985  else
986  p = find_task_by_vpid(pid);
987  if (p)
988  domain = tomoyo_real_domain(p);
989  rcu_read_unlock();
990  } else if (!strncmp(data, "domain=", 7)) {
991  if (tomoyo_domain_def(data + 7))
992  domain = tomoyo_find_domain(data + 7);
993  } else if (sscanf(data, "Q=%u", &pid) == 1) {
994  domain = tomoyo_find_domain_by_qid(pid);
995  } else
996  return false;
997  head->w.domain = domain;
998  /* Accessing read_buf is safe because head->io_sem is held. */
999  if (!head->read_buf)
1000  return true; /* Do nothing if open(O_WRONLY). */
1001  memset(&head->r, 0, sizeof(head->r));
1002  head->r.print_this_domain_only = true;
1003  if (domain)
1004  head->r.domain = &domain->list;
1005  else
1006  head->r.eof = 1;
1007  tomoyo_io_printf(head, "# select %s\n", data);
1008  if (domain && domain->is_deleted)
1009  tomoyo_io_printf(head, "# This is a deleted domain.\n");
1010  return true;
1011 }
1012 
1021 static bool tomoyo_same_task_acl(const struct tomoyo_acl_info *a,
1022  const struct tomoyo_acl_info *b)
1023 {
1024  const struct tomoyo_task_acl *p1 = container_of(a, typeof(*p1), head);
1025  const struct tomoyo_task_acl *p2 = container_of(b, typeof(*p2), head);
1026  return p1->domainname == p2->domainname;
1027 }
1028 
1038 static int tomoyo_write_task(struct tomoyo_acl_param *param)
1039 {
1040  int error = -EINVAL;
1041  if (tomoyo_str_starts(&param->data, "manual_domain_transition ")) {
1042  struct tomoyo_task_acl e = {
1043  .head.type = TOMOYO_TYPE_MANUAL_TASK_ACL,
1044  .domainname = tomoyo_get_domainname(param),
1045  };
1046  if (e.domainname)
1047  error = tomoyo_update_domain(&e.head, sizeof(e), param,
1048  tomoyo_same_task_acl,
1049  NULL);
1050  tomoyo_put_name(e.domainname);
1051  }
1052  return error;
1053 }
1054 
1064 static int tomoyo_delete_domain(char *domainname)
1065 {
1066  struct tomoyo_domain_info *domain;
1067  struct tomoyo_path_info name;
1068 
1069  name.name = domainname;
1070  tomoyo_fill_path_info(&name);
1071  if (mutex_lock_interruptible(&tomoyo_policy_lock))
1072  return -EINTR;
1073  /* Is there an active domain? */
1074  list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
1075  /* Never delete tomoyo_kernel_domain */
1076  if (domain == &tomoyo_kernel_domain)
1077  continue;
1078  if (domain->is_deleted ||
1079  tomoyo_pathcmp(domain->domainname, &name))
1080  continue;
1081  domain->is_deleted = true;
1082  break;
1083  }
1084  mutex_unlock(&tomoyo_policy_lock);
1085  return 0;
1086 }
1087 
1100 static int tomoyo_write_domain2(struct tomoyo_policy_namespace *ns,
1101  struct list_head *list, char *data,
1102  const bool is_delete)
1103 {
1104  struct tomoyo_acl_param param = {
1105  .ns = ns,
1106  .list = list,
1107  .data = data,
1108  .is_delete = is_delete,
1109  };
1110  static const struct {
1111  const char *keyword;
1112  int (*write) (struct tomoyo_acl_param *);
1113  } tomoyo_callback[5] = {
1114  { "file ", tomoyo_write_file },
1115  { "network inet ", tomoyo_write_inet_network },
1116  { "network unix ", tomoyo_write_unix_network },
1117  { "misc ", tomoyo_write_misc },
1118  { "task ", tomoyo_write_task },
1119  };
1120  u8 i;
1121 
1122  for (i = 0; i < ARRAY_SIZE(tomoyo_callback); i++) {
1123  if (!tomoyo_str_starts(&param.data,
1124  tomoyo_callback[i].keyword))
1125  continue;
1126  return tomoyo_callback[i].write(&param);
1127  }
1128  return -EINVAL;
1129 }
1130 
1131 /* String table for domain flags. */
1132 const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS] = {
1133  [TOMOYO_DIF_QUOTA_WARNED] = "quota_exceeded\n",
1134  [TOMOYO_DIF_TRANSITION_FAILED] = "transition_failed\n",
1135 };
1136 
1146 static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
1147 {
1148  char *data = head->write_buf;
1149  struct tomoyo_policy_namespace *ns;
1150  struct tomoyo_domain_info *domain = head->w.domain;
1151  const bool is_delete = head->w.is_delete;
1152  bool is_select = !is_delete && tomoyo_str_starts(&data, "select ");
1153  unsigned int profile;
1154  if (*data == '<') {
1155  int ret = 0;
1156  domain = NULL;
1157  if (is_delete)
1158  ret = tomoyo_delete_domain(data);
1159  else if (is_select)
1160  domain = tomoyo_find_domain(data);
1161  else
1162  domain = tomoyo_assign_domain(data, false);
1163  head->w.domain = domain;
1164  return ret;
1165  }
1166  if (!domain)
1167  return -EINVAL;
1168  ns = domain->ns;
1169  if (sscanf(data, "use_profile %u", &profile) == 1
1170  && profile < TOMOYO_MAX_PROFILES) {
1171  if (!tomoyo_policy_loaded || ns->profile_ptr[profile])
1172  domain->profile = (u8) profile;
1173  return 0;
1174  }
1175  if (sscanf(data, "use_group %u\n", &profile) == 1
1176  && profile < TOMOYO_MAX_ACL_GROUPS) {
1177  if (!is_delete)
1178  domain->group = (u8) profile;
1179  return 0;
1180  }
1181  for (profile = 0; profile < TOMOYO_MAX_DOMAIN_INFO_FLAGS; profile++) {
1182  const char *cp = tomoyo_dif[profile];
1183  if (strncmp(data, cp, strlen(cp) - 1))
1184  continue;
1185  domain->flags[profile] = !is_delete;
1186  return 0;
1187  }
1188  return tomoyo_write_domain2(ns, &domain->acl_info_list, data,
1189  is_delete);
1190 }
1191 
1200 static bool tomoyo_print_condition(struct tomoyo_io_buffer *head,
1201  const struct tomoyo_condition *cond)
1202 {
1203  switch (head->r.cond_step) {
1204  case 0:
1205  head->r.cond_index = 0;
1206  head->r.cond_step++;
1207  if (cond->transit) {
1208  tomoyo_set_space(head);
1209  tomoyo_set_string(head, cond->transit->name);
1210  }
1211  /* fall through */
1212  case 1:
1213  {
1214  const u16 condc = cond->condc;
1215  const struct tomoyo_condition_element *condp =
1216  (typeof(condp)) (cond + 1);
1217  const struct tomoyo_number_union *numbers_p =
1218  (typeof(numbers_p)) (condp + condc);
1219  const struct tomoyo_name_union *names_p =
1220  (typeof(names_p))
1221  (numbers_p + cond->numbers_count);
1222  const struct tomoyo_argv *argv =
1223  (typeof(argv)) (names_p + cond->names_count);
1224  const struct tomoyo_envp *envp =
1225  (typeof(envp)) (argv + cond->argc);
1226  u16 skip;
1227  for (skip = 0; skip < head->r.cond_index; skip++) {
1228  const u8 left = condp->left;
1229  const u8 right = condp->right;
1230  condp++;
1231  switch (left) {
1232  case TOMOYO_ARGV_ENTRY:
1233  argv++;
1234  continue;
1235  case TOMOYO_ENVP_ENTRY:
1236  envp++;
1237  continue;
1238  case TOMOYO_NUMBER_UNION:
1239  numbers_p++;
1240  break;
1241  }
1242  switch (right) {
1243  case TOMOYO_NAME_UNION:
1244  names_p++;
1245  break;
1246  case TOMOYO_NUMBER_UNION:
1247  numbers_p++;
1248  break;
1249  }
1250  }
1251  while (head->r.cond_index < condc) {
1252  const u8 match = condp->equals;
1253  const u8 left = condp->left;
1254  const u8 right = condp->right;
1255  if (!tomoyo_flush(head))
1256  return false;
1257  condp++;
1258  head->r.cond_index++;
1259  tomoyo_set_space(head);
1260  switch (left) {
1261  case TOMOYO_ARGV_ENTRY:
1262  tomoyo_io_printf(head,
1263  "exec.argv[%lu]%s=\"",
1264  argv->index, argv->
1265  is_not ? "!" : "");
1266  tomoyo_set_string(head,
1267  argv->value->name);
1268  tomoyo_set_string(head, "\"");
1269  argv++;
1270  continue;
1271  case TOMOYO_ENVP_ENTRY:
1272  tomoyo_set_string(head,
1273  "exec.envp[\"");
1274  tomoyo_set_string(head,
1275  envp->name->name);
1276  tomoyo_io_printf(head, "\"]%s=", envp->
1277  is_not ? "!" : "");
1278  if (envp->value) {
1279  tomoyo_set_string(head, "\"");
1280  tomoyo_set_string(head, envp->
1281  value->name);
1282  tomoyo_set_string(head, "\"");
1283  } else {
1284  tomoyo_set_string(head,
1285  "NULL");
1286  }
1287  envp++;
1288  continue;
1289  case TOMOYO_NUMBER_UNION:
1290  tomoyo_print_number_union_nospace
1291  (head, numbers_p++);
1292  break;
1293  default:
1294  tomoyo_set_string(head,
1295  tomoyo_condition_keyword[left]);
1296  break;
1297  }
1298  tomoyo_set_string(head, match ? "=" : "!=");
1299  switch (right) {
1300  case TOMOYO_NAME_UNION:
1301  tomoyo_print_name_union_quoted
1302  (head, names_p++);
1303  break;
1304  case TOMOYO_NUMBER_UNION:
1305  tomoyo_print_number_union_nospace
1306  (head, numbers_p++);
1307  break;
1308  default:
1309  tomoyo_set_string(head,
1310  tomoyo_condition_keyword[right]);
1311  break;
1312  }
1313  }
1314  }
1315  head->r.cond_step++;
1316  /* fall through */
1317  case 2:
1318  if (!tomoyo_flush(head))
1319  break;
1320  head->r.cond_step++;
1321  /* fall through */
1322  case 3:
1323  if (cond->grant_log != TOMOYO_GRANTLOG_AUTO)
1324  tomoyo_io_printf(head, " grant_log=%s",
1325  tomoyo_yesno(cond->grant_log ==
1326  TOMOYO_GRANTLOG_YES));
1327  tomoyo_set_lf(head);
1328  return true;
1329  }
1330  return false;
1331 }
1332 
1341 static void tomoyo_set_group(struct tomoyo_io_buffer *head,
1342  const char *category)
1343 {
1344  if (head->type == TOMOYO_EXCEPTIONPOLICY) {
1345  tomoyo_print_namespace(head);
1346  tomoyo_io_printf(head, "acl_group %u ",
1347  head->r.acl_group_index);
1348  }
1349  tomoyo_set_string(head, category);
1350 }
1351 
1360 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
1361  struct tomoyo_acl_info *acl)
1362 {
1363  const u8 acl_type = acl->type;
1364  bool first = true;
1365  u8 bit;
1366 
1367  if (head->r.print_cond_part)
1368  goto print_cond_part;
1369  if (acl->is_deleted)
1370  return true;
1371  if (!tomoyo_flush(head))
1372  return false;
1373  else if (acl_type == TOMOYO_TYPE_PATH_ACL) {
1374  struct tomoyo_path_acl *ptr =
1375  container_of(acl, typeof(*ptr), head);
1376  const u16 perm = ptr->perm;
1377  for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
1378  if (!(perm & (1 << bit)))
1379  continue;
1380  if (head->r.print_transition_related_only &&
1381  bit != TOMOYO_TYPE_EXECUTE)
1382  continue;
1383  if (first) {
1384  tomoyo_set_group(head, "file ");
1385  first = false;
1386  } else {
1387  tomoyo_set_slash(head);
1388  }
1389  tomoyo_set_string(head, tomoyo_path_keyword[bit]);
1390  }
1391  if (first)
1392  return true;
1393  tomoyo_print_name_union(head, &ptr->name);
1394  } else if (acl_type == TOMOYO_TYPE_MANUAL_TASK_ACL) {
1395  struct tomoyo_task_acl *ptr =
1396  container_of(acl, typeof(*ptr), head);
1397  tomoyo_set_group(head, "task ");
1398  tomoyo_set_string(head, "manual_domain_transition ");
1399  tomoyo_set_string(head, ptr->domainname->name);
1400  } else if (head->r.print_transition_related_only) {
1401  return true;
1402  } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
1403  struct tomoyo_path2_acl *ptr =
1404  container_of(acl, typeof(*ptr), head);
1405  const u8 perm = ptr->perm;
1406  for (bit = 0; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) {
1407  if (!(perm & (1 << bit)))
1408  continue;
1409  if (first) {
1410  tomoyo_set_group(head, "file ");
1411  first = false;
1412  } else {
1413  tomoyo_set_slash(head);
1414  }
1415  tomoyo_set_string(head, tomoyo_mac_keywords
1416  [tomoyo_pp2mac[bit]]);
1417  }
1418  if (first)
1419  return true;
1420  tomoyo_print_name_union(head, &ptr->name1);
1421  tomoyo_print_name_union(head, &ptr->name2);
1422  } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) {
1423  struct tomoyo_path_number_acl *ptr =
1424  container_of(acl, typeof(*ptr), head);
1425  const u8 perm = ptr->perm;
1426  for (bit = 0; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; bit++) {
1427  if (!(perm & (1 << bit)))
1428  continue;
1429  if (first) {
1430  tomoyo_set_group(head, "file ");
1431  first = false;
1432  } else {
1433  tomoyo_set_slash(head);
1434  }
1435  tomoyo_set_string(head, tomoyo_mac_keywords
1436  [tomoyo_pn2mac[bit]]);
1437  }
1438  if (first)
1439  return true;
1440  tomoyo_print_name_union(head, &ptr->name);
1441  tomoyo_print_number_union(head, &ptr->number);
1442  } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
1443  struct tomoyo_mkdev_acl *ptr =
1444  container_of(acl, typeof(*ptr), head);
1445  const u8 perm = ptr->perm;
1446  for (bit = 0; bit < TOMOYO_MAX_MKDEV_OPERATION; bit++) {
1447  if (!(perm & (1 << bit)))
1448  continue;
1449  if (first) {
1450  tomoyo_set_group(head, "file ");
1451  first = false;
1452  } else {
1453  tomoyo_set_slash(head);
1454  }
1455  tomoyo_set_string(head, tomoyo_mac_keywords
1456  [tomoyo_pnnn2mac[bit]]);
1457  }
1458  if (first)
1459  return true;
1460  tomoyo_print_name_union(head, &ptr->name);
1461  tomoyo_print_number_union(head, &ptr->mode);
1462  tomoyo_print_number_union(head, &ptr->major);
1463  tomoyo_print_number_union(head, &ptr->minor);
1464  } else if (acl_type == TOMOYO_TYPE_INET_ACL) {
1465  struct tomoyo_inet_acl *ptr =
1466  container_of(acl, typeof(*ptr), head);
1467  const u8 perm = ptr->perm;
1468 
1469  for (bit = 0; bit < TOMOYO_MAX_NETWORK_OPERATION; bit++) {
1470  if (!(perm & (1 << bit)))
1471  continue;
1472  if (first) {
1473  tomoyo_set_group(head, "network inet ");
1474  tomoyo_set_string(head, tomoyo_proto_keyword
1475  [ptr->protocol]);
1476  tomoyo_set_space(head);
1477  first = false;
1478  } else {
1479  tomoyo_set_slash(head);
1480  }
1481  tomoyo_set_string(head, tomoyo_socket_keyword[bit]);
1482  }
1483  if (first)
1484  return true;
1485  tomoyo_set_space(head);
1486  if (ptr->address.group) {
1487  tomoyo_set_string(head, "@");
1488  tomoyo_set_string(head, ptr->address.group->group_name
1489  ->name);
1490  } else {
1491  char buf[128];
1492  tomoyo_print_ip(buf, sizeof(buf), &ptr->address);
1493  tomoyo_io_printf(head, "%s", buf);
1494  }
1495  tomoyo_print_number_union(head, &ptr->port);
1496  } else if (acl_type == TOMOYO_TYPE_UNIX_ACL) {
1497  struct tomoyo_unix_acl *ptr =
1498  container_of(acl, typeof(*ptr), head);
1499  const u8 perm = ptr->perm;
1500 
1501  for (bit = 0; bit < TOMOYO_MAX_NETWORK_OPERATION; bit++) {
1502  if (!(perm & (1 << bit)))
1503  continue;
1504  if (first) {
1505  tomoyo_set_group(head, "network unix ");
1506  tomoyo_set_string(head, tomoyo_proto_keyword
1507  [ptr->protocol]);
1508  tomoyo_set_space(head);
1509  first = false;
1510  } else {
1511  tomoyo_set_slash(head);
1512  }
1513  tomoyo_set_string(head, tomoyo_socket_keyword[bit]);
1514  }
1515  if (first)
1516  return true;
1517  tomoyo_print_name_union(head, &ptr->name);
1518  } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
1519  struct tomoyo_mount_acl *ptr =
1520  container_of(acl, typeof(*ptr), head);
1521  tomoyo_set_group(head, "file mount");
1522  tomoyo_print_name_union(head, &ptr->dev_name);
1523  tomoyo_print_name_union(head, &ptr->dir_name);
1524  tomoyo_print_name_union(head, &ptr->fs_type);
1525  tomoyo_print_number_union(head, &ptr->flags);
1526  } else if (acl_type == TOMOYO_TYPE_ENV_ACL) {
1527  struct tomoyo_env_acl *ptr =
1528  container_of(acl, typeof(*ptr), head);
1529 
1530  tomoyo_set_group(head, "misc env ");
1531  tomoyo_set_string(head, ptr->env->name);
1532  }
1533  if (acl->cond) {
1534  head->r.print_cond_part = true;
1535  head->r.cond_step = 0;
1536  if (!tomoyo_flush(head))
1537  return false;
1538 print_cond_part:
1539  if (!tomoyo_print_condition(head, acl->cond))
1540  return false;
1541  head->r.print_cond_part = false;
1542  } else {
1543  tomoyo_set_lf(head);
1544  }
1545  return true;
1546 }
1547 
1558 static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head,
1559  struct list_head *list)
1560 {
1561  list_for_each_cookie(head->r.acl, list) {
1562  struct tomoyo_acl_info *ptr =
1563  list_entry(head->r.acl, typeof(*ptr), list);
1564  if (!tomoyo_print_entry(head, ptr))
1565  return false;
1566  }
1567  head->r.acl = NULL;
1568  return true;
1569 }
1570 
1578 static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1579 {
1580  if (head->r.eof)
1581  return;
1582  list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1583  struct tomoyo_domain_info *domain =
1584  list_entry(head->r.domain, typeof(*domain), list);
1585  switch (head->r.step) {
1586  u8 i;
1587  case 0:
1588  if (domain->is_deleted &&
1589  !head->r.print_this_domain_only)
1590  continue;
1591  /* Print domainname and flags. */
1592  tomoyo_set_string(head, domain->domainname->name);
1593  tomoyo_set_lf(head);
1594  tomoyo_io_printf(head, "use_profile %u\n",
1595  domain->profile);
1596  tomoyo_io_printf(head, "use_group %u\n",
1597  domain->group);
1598  for (i = 0; i < TOMOYO_MAX_DOMAIN_INFO_FLAGS; i++)
1599  if (domain->flags[i])
1600  tomoyo_set_string(head, tomoyo_dif[i]);
1601  head->r.step++;
1602  tomoyo_set_lf(head);
1603  /* fall through */
1604  case 1:
1605  if (!tomoyo_read_domain2(head, &domain->acl_info_list))
1606  return;
1607  head->r.step++;
1608  if (!tomoyo_set_lf(head))
1609  return;
1610  /* fall through */
1611  case 2:
1612  head->r.step = 0;
1613  if (head->r.print_this_domain_only)
1614  goto done;
1615  }
1616  }
1617  done:
1618  head->r.eof = true;
1619 }
1620 
1628 static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1629 {
1630  head->r.eof = false;
1631  return 0;
1632 }
1633 
1644 static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
1645 {
1646  char *buf = head->write_buf;
1647  bool global_pid = false;
1648  unsigned int pid;
1649  struct task_struct *p;
1650  struct tomoyo_domain_info *domain = NULL;
1651 
1652  /* Accessing write_buf is safe because head->io_sem is held. */
1653  if (!buf) {
1654  head->r.eof = true;
1655  return; /* Do nothing if open(O_RDONLY). */
1656  }
1657  if (head->r.w_pos || head->r.eof)
1658  return;
1659  head->r.eof = true;
1660  if (tomoyo_str_starts(&buf, "global-pid "))
1661  global_pid = true;
1662  pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1663  rcu_read_lock();
1664  if (global_pid)
1665  p = find_task_by_pid_ns(pid, &init_pid_ns);
1666  else
1667  p = find_task_by_vpid(pid);
1668  if (p)
1669  domain = tomoyo_real_domain(p);
1670  rcu_read_unlock();
1671  if (!domain)
1672  return;
1673  tomoyo_io_printf(head, "%u %u ", pid, domain->profile);
1674  tomoyo_set_string(head, domain->domainname->name);
1675 }
1676 
1677 /* String table for domain transition control keywords. */
1678 static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1679  [TOMOYO_TRANSITION_CONTROL_NO_RESET] = "no_reset_domain ",
1680  [TOMOYO_TRANSITION_CONTROL_RESET] = "reset_domain ",
1681  [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ",
1682  [TOMOYO_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ",
1683  [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = "no_keep_domain ",
1684  [TOMOYO_TRANSITION_CONTROL_KEEP] = "keep_domain ",
1685 };
1686 
1687 /* String table for grouping keywords. */
1688 static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1689  [TOMOYO_PATH_GROUP] = "path_group ",
1690  [TOMOYO_NUMBER_GROUP] = "number_group ",
1691  [TOMOYO_ADDRESS_GROUP] = "address_group ",
1692 };
1693 
1703 static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1704 {
1705  const bool is_delete = head->w.is_delete;
1706  struct tomoyo_acl_param param = {
1707  .ns = head->w.ns,
1708  .is_delete = is_delete,
1709  .data = head->write_buf,
1710  };
1711  u8 i;
1712  if (tomoyo_str_starts(&param.data, "aggregator "))
1713  return tomoyo_write_aggregator(&param);
1714  for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1715  if (tomoyo_str_starts(&param.data, tomoyo_transition_type[i]))
1716  return tomoyo_write_transition_control(&param, i);
1717  for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1718  if (tomoyo_str_starts(&param.data, tomoyo_group_name[i]))
1719  return tomoyo_write_group(&param, i);
1720  if (tomoyo_str_starts(&param.data, "acl_group ")) {
1721  unsigned int group;
1722  char *data;
1723  group = simple_strtoul(param.data, &data, 10);
1724  if (group < TOMOYO_MAX_ACL_GROUPS && *data++ == ' ')
1725  return tomoyo_write_domain2
1726  (head->w.ns, &head->w.ns->acl_group[group],
1727  data, is_delete);
1728  }
1729  return -EINVAL;
1730 }
1731 
1742 static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1743 {
1744  struct tomoyo_policy_namespace *ns =
1745  container_of(head->r.ns, typeof(*ns), namespace_list);
1746  struct list_head *list = &ns->group_list[idx];
1747  list_for_each_cookie(head->r.group, list) {
1748  struct tomoyo_group *group =
1749  list_entry(head->r.group, typeof(*group), head.list);
1750  list_for_each_cookie(head->r.acl, &group->member_list) {
1751  struct tomoyo_acl_head *ptr =
1752  list_entry(head->r.acl, typeof(*ptr), list);
1753  if (ptr->is_deleted)
1754  continue;
1755  if (!tomoyo_flush(head))
1756  return false;
1757  tomoyo_print_namespace(head);
1758  tomoyo_set_string(head, tomoyo_group_name[idx]);
1759  tomoyo_set_string(head, group->group_name->name);
1760  if (idx == TOMOYO_PATH_GROUP) {
1761  tomoyo_set_space(head);
1762  tomoyo_set_string(head, container_of
1763  (ptr, struct tomoyo_path_group,
1764  head)->member_name->name);
1765  } else if (idx == TOMOYO_NUMBER_GROUP) {
1766  tomoyo_print_number_union(head, &container_of
1767  (ptr,
1768  struct tomoyo_number_group,
1769  head)->number);
1770  } else if (idx == TOMOYO_ADDRESS_GROUP) {
1771  char buffer[128];
1772 
1773  struct tomoyo_address_group *member =
1774  container_of(ptr, typeof(*member),
1775  head);
1776  tomoyo_print_ip(buffer, sizeof(buffer),
1777  &member->address);
1778  tomoyo_io_printf(head, " %s", buffer);
1779  }
1780  tomoyo_set_lf(head);
1781  }
1782  head->r.acl = NULL;
1783  }
1784  head->r.group = NULL;
1785  return true;
1786 }
1787 
1798 static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1799 {
1800  struct tomoyo_policy_namespace *ns =
1801  container_of(head->r.ns, typeof(*ns), namespace_list);
1802  struct list_head *list = &ns->policy_list[idx];
1803  list_for_each_cookie(head->r.acl, list) {
1804  struct tomoyo_acl_head *acl =
1805  container_of(head->r.acl, typeof(*acl), list);
1806  if (acl->is_deleted)
1807  continue;
1808  if (!tomoyo_flush(head))
1809  return false;
1810  switch (idx) {
1811  case TOMOYO_ID_TRANSITION_CONTROL:
1812  {
1813  struct tomoyo_transition_control *ptr =
1814  container_of(acl, typeof(*ptr), head);
1815  tomoyo_print_namespace(head);
1816  tomoyo_set_string(head, tomoyo_transition_type
1817  [ptr->type]);
1818  tomoyo_set_string(head, ptr->program ?
1819  ptr->program->name : "any");
1820  tomoyo_set_string(head, " from ");
1821  tomoyo_set_string(head, ptr->domainname ?
1822  ptr->domainname->name :
1823  "any");
1824  }
1825  break;
1826  case TOMOYO_ID_AGGREGATOR:
1827  {
1828  struct tomoyo_aggregator *ptr =
1829  container_of(acl, typeof(*ptr), head);
1830  tomoyo_print_namespace(head);
1831  tomoyo_set_string(head, "aggregator ");
1832  tomoyo_set_string(head,
1833  ptr->original_name->name);
1834  tomoyo_set_space(head);
1835  tomoyo_set_string(head,
1836  ptr->aggregated_name->name);
1837  }
1838  break;
1839  default:
1840  continue;
1841  }
1842  tomoyo_set_lf(head);
1843  }
1844  head->r.acl = NULL;
1845  return true;
1846 }
1847 
1855 static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
1856 {
1857  struct tomoyo_policy_namespace *ns =
1858  container_of(head->r.ns, typeof(*ns), namespace_list);
1859  if (head->r.eof)
1860  return;
1861  while (head->r.step < TOMOYO_MAX_POLICY &&
1862  tomoyo_read_policy(head, head->r.step))
1863  head->r.step++;
1864  if (head->r.step < TOMOYO_MAX_POLICY)
1865  return;
1866  while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
1867  tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY))
1868  head->r.step++;
1869  if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
1870  return;
1871  while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP
1872  + TOMOYO_MAX_ACL_GROUPS) {
1873  head->r.acl_group_index = head->r.step - TOMOYO_MAX_POLICY
1874  - TOMOYO_MAX_GROUP;
1875  if (!tomoyo_read_domain2(head, &ns->acl_group
1876  [head->r.acl_group_index]))
1877  return;
1878  head->r.step++;
1879  }
1880  head->r.eof = true;
1881 }
1882 
1883 /* Wait queue for kernel -> userspace notification. */
1884 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait);
1885 /* Wait queue for userspace -> kernel notification. */
1886 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_answer_wait);
1887 
1888 /* Structure for query. */
1889 struct tomoyo_query {
1890  struct list_head list;
1891  struct tomoyo_domain_info *domain;
1892  char *query;
1893  size_t query_len;
1894  unsigned int serial;
1895  u8 timer;
1896  u8 answer;
1897  u8 retry;
1898 };
1899 
1900 /* The list for "struct tomoyo_query". */
1901 static LIST_HEAD(tomoyo_query_list);
1902 
1903 /* Lock for manipulating tomoyo_query_list. */
1904 static DEFINE_SPINLOCK(tomoyo_query_list_lock);
1905 
1906 /*
1907  * Number of "struct file" referring /sys/kernel/security/tomoyo/query
1908  * interface.
1909  */
1910 static atomic_t tomoyo_query_observers = ATOMIC_INIT(0);
1911 
1919 static int tomoyo_truncate(char *str)
1920 {
1921  char *start = str;
1922  while (*(unsigned char *) str > (unsigned char) ' ')
1923  str++;
1924  *str = '\0';
1925  return strlen(start) + 1;
1926 }
1927 
1936 static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header)
1937 {
1938  char *buffer;
1939  char *realpath = NULL;
1940  char *argv0 = NULL;
1941  char *symlink = NULL;
1942  char *cp = strchr(header, '\n');
1943  int len;
1944  if (!cp)
1945  return;
1946  cp = strchr(cp + 1, '\n');
1947  if (!cp)
1948  return;
1949  *cp++ = '\0';
1950  len = strlen(cp) + 1;
1951  /* strstr() will return NULL if ordering is wrong. */
1952  if (*cp == 'f') {
1953  argv0 = strstr(header, " argv[]={ \"");
1954  if (argv0) {
1955  argv0 += 10;
1956  len += tomoyo_truncate(argv0) + 14;
1957  }
1958  realpath = strstr(header, " exec={ realpath=\"");
1959  if (realpath) {
1960  realpath += 8;
1961  len += tomoyo_truncate(realpath) + 6;
1962  }
1963  symlink = strstr(header, " symlink.target=\"");
1964  if (symlink)
1965  len += tomoyo_truncate(symlink + 1) + 1;
1966  }
1967  buffer = kmalloc(len, GFP_NOFS);
1968  if (!buffer)
1969  return;
1970  snprintf(buffer, len - 1, "%s", cp);
1971  if (realpath)
1972  tomoyo_addprintf(buffer, len, " exec.%s", realpath);
1973  if (argv0)
1974  tomoyo_addprintf(buffer, len, " exec.argv[0]=%s", argv0);
1975  if (symlink)
1976  tomoyo_addprintf(buffer, len, "%s", symlink);
1977  tomoyo_normalize_line(buffer);
1978  if (!tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer,
1979  false))
1980  tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
1981  kfree(buffer);
1982 }
1983 
1995 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1996 {
1997  va_list args;
1998  int error;
1999  int len;
2000  static unsigned int tomoyo_serial;
2001  struct tomoyo_query entry = { };
2002  bool quota_exceeded = false;
2003  va_start(args, fmt);
2004  len = vsnprintf((char *) &len, 1, fmt, args) + 1;
2005  va_end(args);
2006  /* Write /sys/kernel/security/tomoyo/audit. */
2007  va_start(args, fmt);
2008  tomoyo_write_log2(r, len, fmt, args);
2009  va_end(args);
2010  /* Nothing more to do if granted. */
2011  if (r->granted)
2012  return 0;
2013  if (r->mode)
2014  tomoyo_update_stat(r->mode);
2015  switch (r->mode) {
2016  case TOMOYO_CONFIG_ENFORCING:
2017  error = -EPERM;
2018  if (atomic_read(&tomoyo_query_observers))
2019  break;
2020  goto out;
2021  case TOMOYO_CONFIG_LEARNING:
2022  error = 0;
2023  /* Check max_learning_entry parameter. */
2024  if (tomoyo_domain_quota_is_ok(r))
2025  break;
2026  /* fall through */
2027  default:
2028  return 0;
2029  }
2030  /* Get message. */
2031  va_start(args, fmt);
2032  entry.query = tomoyo_init_log(r, len, fmt, args);
2033  va_end(args);
2034  if (!entry.query)
2035  goto out;
2036  entry.query_len = strlen(entry.query) + 1;
2037  if (!error) {
2038  tomoyo_add_entry(r->domain, entry.query);
2039  goto out;
2040  }
2041  len = tomoyo_round2(entry.query_len);
2042  entry.domain = r->domain;
2043  spin_lock(&tomoyo_query_list_lock);
2044  if (tomoyo_memory_quota[TOMOYO_MEMORY_QUERY] &&
2045  tomoyo_memory_used[TOMOYO_MEMORY_QUERY] + len
2046  >= tomoyo_memory_quota[TOMOYO_MEMORY_QUERY]) {
2047  quota_exceeded = true;
2048  } else {
2049  entry.serial = tomoyo_serial++;
2050  entry.retry = r->retry;
2051  tomoyo_memory_used[TOMOYO_MEMORY_QUERY] += len;
2052  list_add_tail(&entry.list, &tomoyo_query_list);
2053  }
2054  spin_unlock(&tomoyo_query_list_lock);
2055  if (quota_exceeded)
2056  goto out;
2057  /* Give 10 seconds for supervisor's opinion. */
2058  while (entry.timer < 10) {
2059  wake_up_all(&tomoyo_query_wait);
2060  if (wait_event_interruptible_timeout
2061  (tomoyo_answer_wait, entry.answer ||
2062  !atomic_read(&tomoyo_query_observers), HZ))
2063  break;
2064  else
2065  entry.timer++;
2066  }
2067  spin_lock(&tomoyo_query_list_lock);
2068  list_del(&entry.list);
2069  tomoyo_memory_used[TOMOYO_MEMORY_QUERY] -= len;
2070  spin_unlock(&tomoyo_query_list_lock);
2071  switch (entry.answer) {
2072  case 3: /* Asked to retry by administrator. */
2073  error = TOMOYO_RETRY_REQUEST;
2074  r->retry++;
2075  break;
2076  case 1:
2077  /* Granted by administrator. */
2078  error = 0;
2079  break;
2080  default:
2081  /* Timed out or rejected by administrator. */
2082  break;
2083  }
2084 out:
2085  kfree(entry.query);
2086  return error;
2087 }
2088 
2096 static struct tomoyo_domain_info *tomoyo_find_domain_by_qid
2097 (unsigned int serial)
2098 {
2099  struct tomoyo_query *ptr;
2100  struct tomoyo_domain_info *domain = NULL;
2101  spin_lock(&tomoyo_query_list_lock);
2102  list_for_each_entry(ptr, &tomoyo_query_list, list) {
2103  if (ptr->serial != serial)
2104  continue;
2105  domain = ptr->domain;
2106  break;
2107  }
2108  spin_unlock(&tomoyo_query_list_lock);
2109  return domain;
2110 }
2111 
2122 static unsigned int tomoyo_poll_query(struct file *file, poll_table *wait)
2123 {
2124  if (!list_empty(&tomoyo_query_list))
2125  return POLLIN | POLLRDNORM;
2126  poll_wait(file, &tomoyo_query_wait, wait);
2127  if (!list_empty(&tomoyo_query_list))
2128  return POLLIN | POLLRDNORM;
2129  return 0;
2130 }
2131 
2137 static void tomoyo_read_query(struct tomoyo_io_buffer *head)
2138 {
2139  struct list_head *tmp;
2140  unsigned int pos = 0;
2141  size_t len = 0;
2142  char *buf;
2143  if (head->r.w_pos)
2144  return;
2145  if (head->read_buf) {
2146  kfree(head->read_buf);
2147  head->read_buf = NULL;
2148  }
2149  spin_lock(&tomoyo_query_list_lock);
2150  list_for_each(tmp, &tomoyo_query_list) {
2151  struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
2152  if (pos++ != head->r.query_index)
2153  continue;
2154  len = ptr->query_len;
2155  break;
2156  }
2157  spin_unlock(&tomoyo_query_list_lock);
2158  if (!len) {
2159  head->r.query_index = 0;
2160  return;
2161  }
2162  buf = kzalloc(len + 32, GFP_NOFS);
2163  if (!buf)
2164  return;
2165  pos = 0;
2166  spin_lock(&tomoyo_query_list_lock);
2167  list_for_each(tmp, &tomoyo_query_list) {
2168  struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
2169  if (pos++ != head->r.query_index)
2170  continue;
2171  /*
2172  * Some query can be skipped because tomoyo_query_list
2173  * can change, but I don't care.
2174  */
2175  if (len == ptr->query_len)
2176  snprintf(buf, len + 31, "Q%u-%hu\n%s", ptr->serial,
2177  ptr->retry, ptr->query);
2178  break;
2179  }
2180  spin_unlock(&tomoyo_query_list_lock);
2181  if (buf[0]) {
2182  head->read_buf = buf;
2183  head->r.w[head->r.w_pos++] = buf;
2184  head->r.query_index++;
2185  } else {
2186  kfree(buf);
2187  }
2188 }
2189 
2197 static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
2198 {
2199  char *data = head->write_buf;
2200  struct list_head *tmp;
2201  unsigned int serial;
2202  unsigned int answer;
2203  spin_lock(&tomoyo_query_list_lock);
2204  list_for_each(tmp, &tomoyo_query_list) {
2205  struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
2206  ptr->timer = 0;
2207  }
2208  spin_unlock(&tomoyo_query_list_lock);
2209  if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
2210  return -EINVAL;
2211  spin_lock(&tomoyo_query_list_lock);
2212  list_for_each(tmp, &tomoyo_query_list) {
2213  struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
2214  if (ptr->serial != serial)
2215  continue;
2216  ptr->answer = answer;
2217  /* Remove from tomoyo_query_list. */
2218  if (ptr->answer)
2219  list_del_init(&ptr->list);
2220  break;
2221  }
2222  spin_unlock(&tomoyo_query_list_lock);
2223  return 0;
2224 }
2225 
2233 static void tomoyo_read_version(struct tomoyo_io_buffer *head)
2234 {
2235  if (!head->r.eof) {
2236  tomoyo_io_printf(head, "2.5.0");
2237  head->r.eof = true;
2238  }
2239 }
2240 
2241 /* String table for /sys/kernel/security/tomoyo/stat interface. */
2242 static const char * const tomoyo_policy_headers[TOMOYO_MAX_POLICY_STAT] = {
2243  [TOMOYO_STAT_POLICY_UPDATES] = "update:",
2244  [TOMOYO_STAT_POLICY_LEARNING] = "violation in learning mode:",
2245  [TOMOYO_STAT_POLICY_PERMISSIVE] = "violation in permissive mode:",
2246  [TOMOYO_STAT_POLICY_ENFORCING] = "violation in enforcing mode:",
2247 };
2248 
2249 /* String table for /sys/kernel/security/tomoyo/stat interface. */
2250 static const char * const tomoyo_memory_headers[TOMOYO_MAX_MEMORY_STAT] = {
2251  [TOMOYO_MEMORY_POLICY] = "policy:",
2252  [TOMOYO_MEMORY_AUDIT] = "audit log:",
2253  [TOMOYO_MEMORY_QUERY] = "query message:",
2254 };
2255 
2256 /* Timestamp counter for last updated. */
2257 static unsigned int tomoyo_stat_updated[TOMOYO_MAX_POLICY_STAT];
2258 /* Counter for number of updates. */
2259 static unsigned int tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT];
2260 
2268 void tomoyo_update_stat(const u8 index)
2269 {
2270  struct timeval tv;
2271  do_gettimeofday(&tv);
2272  /*
2273  * I don't use atomic operations because race condition is not fatal.
2274  */
2275  tomoyo_stat_updated[index]++;
2276  tomoyo_stat_modified[index] = tv.tv_sec;
2277 }
2278 
2286 static void tomoyo_read_stat(struct tomoyo_io_buffer *head)
2287 {
2288  u8 i;
2289  unsigned int total = 0;
2290  if (head->r.eof)
2291  return;
2292  for (i = 0; i < TOMOYO_MAX_POLICY_STAT; i++) {
2293  tomoyo_io_printf(head, "Policy %-30s %10u",
2294  tomoyo_policy_headers[i],
2295  tomoyo_stat_updated[i]);
2296  if (tomoyo_stat_modified[i]) {
2297  struct tomoyo_time stamp;
2298  tomoyo_convert_time(tomoyo_stat_modified[i], &stamp);
2299  tomoyo_io_printf(head, " (Last: %04u/%02u/%02u "
2300  "%02u:%02u:%02u)",
2301  stamp.year, stamp.month, stamp.day,
2302  stamp.hour, stamp.min, stamp.sec);
2303  }
2304  tomoyo_set_lf(head);
2305  }
2306  for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) {
2307  unsigned int used = tomoyo_memory_used[i];
2308  total += used;
2309  tomoyo_io_printf(head, "Memory used by %-22s %10u",
2310  tomoyo_memory_headers[i], used);
2311  used = tomoyo_memory_quota[i];
2312  if (used)
2313  tomoyo_io_printf(head, " (Quota: %10u)", used);
2314  tomoyo_set_lf(head);
2315  }
2316  tomoyo_io_printf(head, "Total memory used: %10u\n",
2317  total);
2318  head->r.eof = true;
2319 }
2320 
2328 static int tomoyo_write_stat(struct tomoyo_io_buffer *head)
2329 {
2330  char *data = head->write_buf;
2331  u8 i;
2332  if (tomoyo_str_starts(&data, "Memory used by "))
2333  for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++)
2334  if (tomoyo_str_starts(&data, tomoyo_memory_headers[i]))
2335  sscanf(data, "%u", &tomoyo_memory_quota[i]);
2336  return 0;
2337 }
2338 
2347 int tomoyo_open_control(const u8 type, struct file *file)
2348 {
2349  struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS);
2350 
2351  if (!head)
2352  return -ENOMEM;
2353  mutex_init(&head->io_sem);
2354  head->type = type;
2355  switch (type) {
2356  case TOMOYO_DOMAINPOLICY:
2357  /* /sys/kernel/security/tomoyo/domain_policy */
2358  head->write = tomoyo_write_domain;
2359  head->read = tomoyo_read_domain;
2360  break;
2361  case TOMOYO_EXCEPTIONPOLICY:
2362  /* /sys/kernel/security/tomoyo/exception_policy */
2363  head->write = tomoyo_write_exception;
2364  head->read = tomoyo_read_exception;
2365  break;
2366  case TOMOYO_AUDIT:
2367  /* /sys/kernel/security/tomoyo/audit */
2368  head->poll = tomoyo_poll_log;
2369  head->read = tomoyo_read_log;
2370  break;
2371  case TOMOYO_PROCESS_STATUS:
2372  /* /sys/kernel/security/tomoyo/.process_status */
2373  head->write = tomoyo_write_pid;
2374  head->read = tomoyo_read_pid;
2375  break;
2376  case TOMOYO_VERSION:
2377  /* /sys/kernel/security/tomoyo/version */
2378  head->read = tomoyo_read_version;
2379  head->readbuf_size = 128;
2380  break;
2381  case TOMOYO_STAT:
2382  /* /sys/kernel/security/tomoyo/stat */
2383  head->write = tomoyo_write_stat;
2384  head->read = tomoyo_read_stat;
2385  head->readbuf_size = 1024;
2386  break;
2387  case TOMOYO_PROFILE:
2388  /* /sys/kernel/security/tomoyo/profile */
2389  head->write = tomoyo_write_profile;
2390  head->read = tomoyo_read_profile;
2391  break;
2392  case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */
2393  head->poll = tomoyo_poll_query;
2394  head->write = tomoyo_write_answer;
2395  head->read = tomoyo_read_query;
2396  break;
2397  case TOMOYO_MANAGER:
2398  /* /sys/kernel/security/tomoyo/manager */
2399  head->write = tomoyo_write_manager;
2400  head->read = tomoyo_read_manager;
2401  break;
2402  }
2403  if (!(file->f_mode & FMODE_READ)) {
2404  /*
2405  * No need to allocate read_buf since it is not opened
2406  * for reading.
2407  */
2408  head->read = NULL;
2409  head->poll = NULL;
2410  } else if (!head->poll) {
2411  /* Don't allocate read_buf for poll() access. */
2412  if (!head->readbuf_size)
2413  head->readbuf_size = 4096 * 2;
2414  head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS);
2415  if (!head->read_buf) {
2416  kfree(head);
2417  return -ENOMEM;
2418  }
2419  }
2420  if (!(file->f_mode & FMODE_WRITE)) {
2421  /*
2422  * No need to allocate write_buf since it is not opened
2423  * for writing.
2424  */
2425  head->write = NULL;
2426  } else if (head->write) {
2427  head->writebuf_size = 4096 * 2;
2428  head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS);
2429  if (!head->write_buf) {
2430  kfree(head->read_buf);
2431  kfree(head);
2432  return -ENOMEM;
2433  }
2434  }
2435  /*
2436  * If the file is /sys/kernel/security/tomoyo/query , increment the
2437  * observer counter.
2438  * The obserber counter is used by tomoyo_supervisor() to see if
2439  * there is some process monitoring /sys/kernel/security/tomoyo/query.
2440  */
2441  if (type == TOMOYO_QUERY)
2442  atomic_inc(&tomoyo_query_observers);
2443  file->private_data = head;
2444  tomoyo_notify_gc(head, true);
2445  return 0;
2446 }
2447 
2457 unsigned int tomoyo_poll_control(struct file *file, poll_table *wait)
2458 {
2459  struct tomoyo_io_buffer *head = file->private_data;
2460  if (head->poll)
2461  return head->poll(file, wait) | POLLOUT | POLLWRNORM;
2462  return POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM;
2463 }
2464 
2472 static inline void tomoyo_set_namespace_cursor(struct tomoyo_io_buffer *head)
2473 {
2474  struct list_head *ns;
2475  if (head->type != TOMOYO_EXCEPTIONPOLICY &&
2476  head->type != TOMOYO_PROFILE)
2477  return;
2478  /*
2479  * If this is the first read, or reading previous namespace finished
2480  * and has more namespaces to read, update the namespace cursor.
2481  */
2482  ns = head->r.ns;
2483  if (!ns || (head->r.eof && ns->next != &tomoyo_namespace_list)) {
2484  /* Clearing is OK because tomoyo_flush() returned true. */
2485  memset(&head->r, 0, sizeof(head->r));
2486  head->r.ns = ns ? ns->next : tomoyo_namespace_list.next;
2487  }
2488 }
2489 
2497 static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head)
2498 {
2499  return (head->type == TOMOYO_EXCEPTIONPOLICY ||
2500  head->type == TOMOYO_PROFILE) && head->r.eof &&
2501  head->r.ns->next != &tomoyo_namespace_list;
2502 }
2503 
2513 ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
2514  const int buffer_len)
2515 {
2516  int len;
2517  int idx;
2518 
2519  if (!head->read)
2520  return -ENOSYS;
2521  if (mutex_lock_interruptible(&head->io_sem))
2522  return -EINTR;
2523  head->read_user_buf = buffer;
2524  head->read_user_buf_avail = buffer_len;
2525  idx = tomoyo_read_lock();
2526  if (tomoyo_flush(head))
2527  /* Call the policy handler. */
2528  do {
2529  tomoyo_set_namespace_cursor(head);
2530  head->read(head);
2531  } while (tomoyo_flush(head) &&
2532  tomoyo_has_more_namespace(head));
2533  tomoyo_read_unlock(idx);
2534  len = head->read_user_buf - buffer;
2535  mutex_unlock(&head->io_sem);
2536  return len;
2537 }
2538 
2549 static int tomoyo_parse_policy(struct tomoyo_io_buffer *head, char *line)
2550 {
2551  /* Delete request? */
2552  head->w.is_delete = !strncmp(line, "delete ", 7);
2553  if (head->w.is_delete)
2554  memmove(line, line + 7, strlen(line + 7) + 1);
2555  /* Selecting namespace to update. */
2556  if (head->type == TOMOYO_EXCEPTIONPOLICY ||
2557  head->type == TOMOYO_PROFILE) {
2558  if (*line == '<') {
2559  char *cp = strchr(line, ' ');
2560  if (cp) {
2561  *cp++ = '\0';
2562  head->w.ns = tomoyo_assign_namespace(line);
2563  memmove(line, cp, strlen(cp) + 1);
2564  } else
2565  head->w.ns = NULL;
2566  } else
2567  head->w.ns = &tomoyo_kernel_namespace;
2568  /* Don't allow updating if namespace is invalid. */
2569  if (!head->w.ns)
2570  return -ENOENT;
2571  }
2572  /* Do the update. */
2573  return head->write(head);
2574 }
2575 
2585 ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
2586  const char __user *buffer, const int buffer_len)
2587 {
2588  int error = buffer_len;
2589  size_t avail_len = buffer_len;
2590  char *cp0 = head->write_buf;
2591  int idx;
2592  if (!head->write)
2593  return -ENOSYS;
2594  if (!access_ok(VERIFY_READ, buffer, buffer_len))
2595  return -EFAULT;
2596  if (mutex_lock_interruptible(&head->io_sem))
2597  return -EINTR;
2598  head->read_user_buf_avail = 0;
2599  idx = tomoyo_read_lock();
2600  /* Read a line and dispatch it to the policy handler. */
2601  while (avail_len > 0) {
2602  char c;
2603  if (head->w.avail >= head->writebuf_size - 1) {
2604  const int len = head->writebuf_size * 2;
2605  char *cp = kzalloc(len, GFP_NOFS);
2606  if (!cp) {
2607  error = -ENOMEM;
2608  break;
2609  }
2610  memmove(cp, cp0, head->w.avail);
2611  kfree(cp0);
2612  head->write_buf = cp;
2613  cp0 = cp;
2614  head->writebuf_size = len;
2615  }
2616  if (get_user(c, buffer)) {
2617  error = -EFAULT;
2618  break;
2619  }
2620  buffer++;
2621  avail_len--;
2622  cp0[head->w.avail++] = c;
2623  if (c != '\n')
2624  continue;
2625  cp0[head->w.avail - 1] = '\0';
2626  head->w.avail = 0;
2627  tomoyo_normalize_line(cp0);
2628  if (!strcmp(cp0, "reset")) {
2629  head->w.ns = &tomoyo_kernel_namespace;
2630  head->w.domain = NULL;
2631  memset(&head->r, 0, sizeof(head->r));
2632  continue;
2633  }
2634  /* Don't allow updating policies by non manager programs. */
2635  switch (head->type) {
2636  case TOMOYO_PROCESS_STATUS:
2637  /* This does not write anything. */
2638  break;
2639  case TOMOYO_DOMAINPOLICY:
2640  if (tomoyo_select_domain(head, cp0))
2641  continue;
2642  /* fall through */
2643  case TOMOYO_EXCEPTIONPOLICY:
2644  if (!strcmp(cp0, "select transition_only")) {
2645  head->r.print_transition_related_only = true;
2646  continue;
2647  }
2648  /* fall through */
2649  default:
2650  if (!tomoyo_manager()) {
2651  error = -EPERM;
2652  goto out;
2653  }
2654  }
2655  switch (tomoyo_parse_policy(head, cp0)) {
2656  case -EPERM:
2657  error = -EPERM;
2658  goto out;
2659  case 0:
2660  switch (head->type) {
2661  case TOMOYO_DOMAINPOLICY:
2662  case TOMOYO_EXCEPTIONPOLICY:
2663  case TOMOYO_STAT:
2664  case TOMOYO_PROFILE:
2665  case TOMOYO_MANAGER:
2666  tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
2667  break;
2668  default:
2669  break;
2670  }
2671  break;
2672  }
2673  }
2674 out:
2675  tomoyo_read_unlock(idx);
2676  mutex_unlock(&head->io_sem);
2677  return error;
2678 }
2679 
2687 int tomoyo_close_control(struct tomoyo_io_buffer *head)
2688 {
2689  /*
2690  * If the file is /sys/kernel/security/tomoyo/query , decrement the
2691  * observer counter.
2692  */
2693  if (head->type == TOMOYO_QUERY &&
2694  atomic_dec_and_test(&tomoyo_query_observers))
2695  wake_up_all(&tomoyo_answer_wait);
2696  tomoyo_notify_gc(head, false);
2697  return 0;
2698 }
2699 
2703 void tomoyo_check_profile(void)
2704 {
2705  struct tomoyo_domain_info *domain;
2706  const int idx = tomoyo_read_lock();
2707  tomoyo_policy_loaded = true;
2708  printk(KERN_INFO "TOMOYO: 2.5.0\n");
2709  list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
2710  const u8 profile = domain->profile;
2711  const struct tomoyo_policy_namespace *ns = domain->ns;
2712  if (ns->profile_version != 20110903)
2713  printk(KERN_ERR
2714  "Profile version %u is not supported.\n",
2715  ns->profile_version);
2716  else if (!ns->profile_ptr[profile])
2717  printk(KERN_ERR
2718  "Profile %u (used by '%s') is not defined.\n",
2719  profile, domain->domainname->name);
2720  else
2721  continue;
2722  printk(KERN_ERR
2723  "Userland tools for TOMOYO 2.5 must be installed and "
2724  "policy must be initialized.\n");
2725  printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.5/ "
2726  "for more information.\n");
2727  panic("STOP!");
2728  }
2729  tomoyo_read_unlock(idx);
2730  printk(KERN_INFO "Mandatory Access Control activated.\n");
2731 }
2732 
2738 void __init tomoyo_load_builtin_policy(void)
2739 {
2740  /*
2741  * This include file is manually created and contains built-in policy
2742  * named "tomoyo_builtin_profile", "tomoyo_builtin_exception_policy",
2743  * "tomoyo_builtin_domain_policy", "tomoyo_builtin_manager",
2744  * "tomoyo_builtin_stat" in the form of "static char [] __initdata".
2745  */
2746 #include "builtin-policy.h"
2747  u8 i;
2748  const int idx = tomoyo_read_lock();
2749  for (i = 0; i < 5; i++) {
2750  struct tomoyo_io_buffer head = { };
2751  char *start = "";
2752  switch (i) {
2753  case 0:
2754  start = tomoyo_builtin_profile;
2755  head.type = TOMOYO_PROFILE;
2756  head.write = tomoyo_write_profile;
2757  break;
2758  case 1:
2759  start = tomoyo_builtin_exception_policy;
2760  head.type = TOMOYO_EXCEPTIONPOLICY;
2761  head.write = tomoyo_write_exception;
2762  break;
2763  case 2:
2764  start = tomoyo_builtin_domain_policy;
2765  head.type = TOMOYO_DOMAINPOLICY;
2766  head.write = tomoyo_write_domain;
2767  break;
2768  case 3:
2769  start = tomoyo_builtin_manager;
2770  head.type = TOMOYO_MANAGER;
2771  head.write = tomoyo_write_manager;
2772  break;
2773  case 4:
2774  start = tomoyo_builtin_stat;
2775  head.type = TOMOYO_STAT;
2776  head.write = tomoyo_write_stat;
2777  break;
2778  }
2779  while (1) {
2780  char *end = strchr(start, '\n');
2781  if (!end)
2782  break;
2783  *end = '\0';
2784  tomoyo_normalize_line(start);
2785  head.write_buf = start;
2786  tomoyo_parse_policy(&head, start);
2787  start = end + 1;
2788  }
2789  }
2790  tomoyo_read_unlock(idx);
2791 #ifdef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
2792  tomoyo_check_profile();
2793 #endif
2794 }
Generated on Thu Jan 10 2013 12:54:50 for Linux Kernel by   doxygen 1.8.2