Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
common.h
Go to the documentation of this file.
1 /*
2  * security/tomoyo/common.h
3  *
4  * Header file for TOMOYO.
5  *
6  * Copyright (C) 2005-2011 NTT DATA CORPORATION
7  */
8 
9 #ifndef _SECURITY_TOMOYO_COMMON_H
10 #define _SECURITY_TOMOYO_COMMON_H
11 
12 #include <linux/ctype.h>
13 #include <linux/string.h>
14 #include <linux/mm.h>
15 #include <linux/file.h>
16 #include <linux/kmod.h>
17 #include <linux/fs.h>
18 #include <linux/sched.h>
19 #include <linux/namei.h>
20 #include <linux/mount.h>
21 #include <linux/list.h>
22 #include <linux/cred.h>
23 #include <linux/poll.h>
24 #include <linux/binfmts.h>
25 #include <linux/highmem.h>
26 #include <linux/net.h>
27 #include <linux/inet.h>
28 #include <linux/in.h>
29 #include <linux/in6.h>
30 #include <linux/un.h>
31 #include <net/sock.h>
32 #include <net/af_unix.h>
33 #include <net/ip.h>
34 #include <net/ipv6.h>
35 #include <net/udp.h>
36 
37 /********** Constants definitions. **********/
38 
39 /*
40  * TOMOYO uses this hash only when appending a string into the string
41  * table. Frequency of appending strings is very low. So we don't need
42  * large (e.g. 64k) hash size. 256 will be sufficient.
43  */
44 #define TOMOYO_HASH_BITS 8
45 #define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS)
46 
47 /*
48  * TOMOYO checks only SOCK_STREAM, SOCK_DGRAM, SOCK_RAW, SOCK_SEQPACKET.
49  * Therefore, we don't need SOCK_MAX.
50  */
51 #define TOMOYO_SOCK_MAX 6
52 
53 #define TOMOYO_EXEC_TMPSIZE 4096
54 
55 /* Garbage collector is trying to kfree() this element. */
56 #define TOMOYO_GC_IN_PROGRESS -1
57 
58 /* Profile number is an integer between 0 and 255. */
59 #define TOMOYO_MAX_PROFILES 256
60 
61 /* Group number is an integer between 0 and 255. */
62 #define TOMOYO_MAX_ACL_GROUPS 256
63 
64 /* Index numbers for "struct tomoyo_condition". */
66  TOMOYO_TASK_UID, /* current_uid() */
67  TOMOYO_TASK_EUID, /* current_euid() */
68  TOMOYO_TASK_SUID, /* current_suid() */
69  TOMOYO_TASK_FSUID, /* current_fsuid() */
70  TOMOYO_TASK_GID, /* current_gid() */
71  TOMOYO_TASK_EGID, /* current_egid() */
72  TOMOYO_TASK_SGID, /* current_sgid() */
73  TOMOYO_TASK_FSGID, /* current_fsgid() */
74  TOMOYO_TASK_PID, /* sys_getpid() */
75  TOMOYO_TASK_PPID, /* sys_getppid() */
76  TOMOYO_EXEC_ARGC, /* "struct linux_binprm *"->argc */
77  TOMOYO_EXEC_ENVC, /* "struct linux_binprm *"->envc */
78  TOMOYO_TYPE_IS_SOCKET, /* S_IFSOCK */
79  TOMOYO_TYPE_IS_SYMLINK, /* S_IFLNK */
80  TOMOYO_TYPE_IS_FILE, /* S_IFREG */
81  TOMOYO_TYPE_IS_BLOCK_DEV, /* S_IFBLK */
82  TOMOYO_TYPE_IS_DIRECTORY, /* S_IFDIR */
83  TOMOYO_TYPE_IS_CHAR_DEV, /* S_IFCHR */
84  TOMOYO_TYPE_IS_FIFO, /* S_IFIFO */
85  TOMOYO_MODE_SETUID, /* S_ISUID */
86  TOMOYO_MODE_SETGID, /* S_ISGID */
87  TOMOYO_MODE_STICKY, /* S_ISVTX */
88  TOMOYO_MODE_OWNER_READ, /* S_IRUSR */
89  TOMOYO_MODE_OWNER_WRITE, /* S_IWUSR */
91  TOMOYO_MODE_GROUP_READ, /* S_IRGRP */
92  TOMOYO_MODE_GROUP_WRITE, /* S_IWGRP */
94  TOMOYO_MODE_OTHERS_READ, /* S_IROTH */
95  TOMOYO_MODE_OTHERS_WRITE, /* S_IWOTH */
130 };
131 
132 
133 /* Index numbers for stat(). */
135  /* Do not change this order. */
141 };
142 
143 /* Index numbers for operation mode. */
153 };
154 
155 /* Index numbers for entry type. */
169 };
170 
171 /* Index numbers for domain's attributes. */
173  /* Quota warnning flag. */
175  /*
176  * This domain was unable to create a new domain at
177  * tomoyo_find_next_domain() because the name of the domain to be
178  * created was too long or it could not allocate memory.
179  * More than one process continued execve() without domain transition.
180  */
183 };
184 
185 /* Index numbers for audit type. */
187  /* Follow profile's configuration. */
189  /* Do not generate grant log. */
191  /* Generate grant_log. */
193 };
194 
195 /* Index numbers for group entries. */
201 };
202 
203 /* Index numbers for type of numeric values. */
209 };
210 
211 /* Index numbers for domain transition control keywords. */
213  /* Do not change this order, */
221 };
222 
223 /* Index numbers for Access Controls. */
234 };
235 
236 /* Index numbers for access controls with one pathname. */
250 };
251 
252 /* Index numbers for /sys/kernel/security/tomoyo/stat interface. */
258 };
259 
264 };
265 
266 /* Index numbers for socket operations. */
268  TOMOYO_NETWORK_BIND, /* bind() operation. */
269  TOMOYO_NETWORK_LISTEN, /* listen() operation. */
270  TOMOYO_NETWORK_CONNECT, /* connect() operation. */
271  TOMOYO_NETWORK_SEND, /* send() operation. */
273 };
274 
275 /* Index numbers for access controls with two pathnames. */
281 };
282 
283 /* Index numbers for access controls with one pathname and one number. */
294 };
295 
296 /* Index numbers for /sys/kernel/security/tomoyo/ interfaces. */
307 };
308 
309 /* Index numbers for special mount operations. */
311  TOMOYO_MOUNT_BIND, /* mount --bind /source /dest */
312  TOMOYO_MOUNT_MOVE, /* mount --move /old /new */
313  TOMOYO_MOUNT_REMOUNT, /* mount -o remount /dir */
314  TOMOYO_MOUNT_MAKE_UNBINDABLE, /* mount --make-unbindable /dir */
315  TOMOYO_MOUNT_MAKE_PRIVATE, /* mount --make-private /dir */
316  TOMOYO_MOUNT_MAKE_SLAVE, /* mount --make-slave /dir */
317  TOMOYO_MOUNT_MAKE_SHARED, /* mount --make-shared /dir */
319 };
320 
321 /* Index numbers for functionality. */
363 };
364 
365 /* Index numbers for category of functionality. */
371 };
372 
373 /*
374  * Retry this request. Returned by tomoyo_supervisor() if policy violation has
375  * occurred in enforcing mode and the userspace daemon decided to retry.
376  *
377  * We must choose a positive value in order to distinguish "granted" (which is
378  * 0) and "rejected" (which is a negative value) and "retry".
379  */
380 #define TOMOYO_RETRY_REQUEST 1
381 
382 /* Index numbers for /sys/kernel/security/tomoyo/stat interface. */
384  /* Do not change this order. */
386  TOMOYO_STAT_POLICY_LEARNING, /* == TOMOYO_CONFIG_LEARNING */
387  TOMOYO_STAT_POLICY_PERMISSIVE, /* == TOMOYO_CONFIG_PERMISSIVE */
388  TOMOYO_STAT_POLICY_ENFORCING, /* == TOMOYO_CONFIG_ENFORCING */
390 };
391 
392 /* Index numbers for profile's PREFERENCE values. */
397 };
398 
399 /********** Structure definitions. **********/
400 
401 /* Common header for holding ACL entries. */
403  struct list_head list;
404  s8 is_deleted; /* true or false or TOMOYO_GC_IN_PROGRESS */
405 } __packed;
406 
407 /* Common header for shared entries. */
409  struct list_head list;
411 } __packed;
412 
414 
415 /* Structure for request info. */
417  /*
418  * For holding parameters specific to operations which deal files.
419  * NULL if not dealing files.
420  */
422  /*
423  * For holding parameters specific to execve() request.
424  * NULL if not dealing do_execve().
425  */
426  struct tomoyo_execve *ee;
428  /* For holding parameters. */
429  union {
430  struct {
431  const struct tomoyo_path_info *filename;
432  /* For using wildcards at tomoyo_find_next_domain(). */
434  /* One of values in "enum tomoyo_path_acl_index". */
436  } path;
437  struct {
440  /* One of values in "enum tomoyo_path2_acl_index". */
441  u8 operation;
442  } path2;
443  struct {
444  const struct tomoyo_path_info *filename;
445  unsigned int mode;
446  unsigned int major;
447  unsigned int minor;
448  /* One of values in "enum tomoyo_mkdev_acl_index". */
449  u8 operation;
450  } mkdev;
451  struct {
452  const struct tomoyo_path_info *filename;
453  unsigned long number;
454  /*
455  * One of values in
456  * "enum tomoyo_path_number_acl_index".
457  */
458  u8 operation;
459  } path_number;
460  struct {
461  const struct tomoyo_path_info *name;
462  } environ;
463  struct {
464  const __be32 *address;
466  /* One of values smaller than TOMOYO_SOCK_MAX. */
468  /* One of values in "enum tomoyo_network_acl_index". */
469  u8 operation;
470  bool is_ipv6;
471  } inet_network;
472  struct {
473  const struct tomoyo_path_info *address;
474  /* One of values smaller than TOMOYO_SOCK_MAX. */
475  u8 protocol;
476  /* One of values in "enum tomoyo_network_acl_index". */
477  u8 operation;
478  } unix_network;
479  struct {
480  const struct tomoyo_path_info *type;
481  const struct tomoyo_path_info *dir;
482  const struct tomoyo_path_info *dev;
483  unsigned long flags;
484  int need_dev;
485  } mount;
486  struct {
488  } task;
489  } param;
492  bool granted;
495  u8 mode; /* One of tomoyo_mode_index . */
497 };
498 
499 /* Structure for holding a token. */
501  const char *name;
502  u32 hash; /* = full_name_hash(name, strlen(name)) */
503  u16 const_len; /* = tomoyo_const_part_length(name) */
504  bool is_dir; /* = tomoyo_strendswith(name, "/") */
505  bool is_patterned; /* = tomoyo_path_contains_pattern(name) */
506 };
507 
508 /* Structure for holding string data. */
509 struct tomoyo_name {
512 };
513 
514 /* Structure for holding a word. */
516  /* Either @filename or @group is NULL. */
517  const struct tomoyo_path_info *filename;
519 };
520 
521 /* Structure for holding a number. */
523  unsigned long values[2];
524  struct tomoyo_group *group; /* Maybe NULL. */
525  /* One of values in "enum tomoyo_value_type". */
527 };
528 
529 /* Structure for holding an IP address. */
531  struct in6_addr ip[2]; /* Big endian. */
532  struct tomoyo_group *group; /* Pointer to address group. */
533  bool is_ipv6; /* Valid only if @group == NULL. */
534 };
535 
536 /* Structure for "path_group"/"number_group"/"address_group" directive. */
537 struct tomoyo_group {
541 };
542 
543 /* Structure for "path_group" directive. */
547 };
548 
549 /* Structure for "number_group" directive. */
553 };
554 
555 /* Structure for "address_group" directive. */
558  /* Structure for holding an IP address. */
560 };
561 
562 /* Subset of "struct stat". Used by conditional ACL and audit logs. */
570 };
571 
572 /* Structure for dumping argv[] and envp[] of "struct linux_binprm". */
574  struct page *page; /* Previously dumped page. */
575  char *data; /* Contents of "page". Size is PAGE_SIZE. */
576 };
577 
578 /* Structure for attribute checks in addition to pathname checks. */
580  /*
581  * True if tomoyo_get_attributes() was already called, false otherwise.
582  */
584  /* True if @stat[] is valid. */
586  /* First pathname. Initialized with { NULL, NULL } if no path. */
587  struct path path1;
588  /* Second pathname. Initialized with { NULL, NULL } if no path. */
589  struct path path2;
590  /*
591  * Information on @path1, @path1's parent directory, @path2, @path2's
592  * parent directory.
593  */
595  /*
596  * Content of symbolic link to be created. NULL for operations other
597  * than symlink().
598  */
600 };
601 
602 /* Structure for argv[]. */
603 struct tomoyo_argv {
604  unsigned long index;
605  const struct tomoyo_path_info *value;
606  bool is_not;
607 };
608 
609 /* Structure for envp[]. */
610 struct tomoyo_envp {
611  const struct tomoyo_path_info *name;
612  const struct tomoyo_path_info *value;
613  bool is_not;
614 };
615 
616 /* Structure for execve() operation. */
622  /* For dumping argv[] and envp[]. */
624  /* For temporary use. */
625  char *tmp; /* Size is TOMOYO_EXEC_TMPSIZE bytes */
626 };
627 
628 /* Structure for entries which follows "struct tomoyo_condition". */
630  /*
631  * Left hand operand. A "struct tomoyo_argv" for TOMOYO_ARGV_ENTRY, a
632  * "struct tomoyo_envp" for TOMOYO_ENVP_ENTRY is attached to the tail
633  * of the array of this struct.
634  */
636  /*
637  * Right hand operand. A "struct tomoyo_number_union" for
638  * TOMOYO_NUMBER_UNION, a "struct tomoyo_name_union" for
639  * TOMOYO_NAME_UNION is attached to the tail of the array of this
640  * struct.
641  */
643  /* Equation operator. True if equals or overlaps, false otherwise. */
644  bool equals;
645 };
646 
647 /* Structure for optional arguments. */
650  u32 size; /* Memory size allocated for this entry. */
651  u16 condc; /* Number of conditions in this struct. */
652  u16 numbers_count; /* Number of "struct tomoyo_number_union values". */
653  u16 names_count; /* Number of "struct tomoyo_name_union names". */
654  u16 argc; /* Number of "struct tomoyo_argv". */
655  u16 envc; /* Number of "struct tomoyo_envp". */
656  u8 grant_log; /* One of values in "enum tomoyo_grant_log". */
657  const struct tomoyo_path_info *transit; /* Maybe NULL. */
658  /*
659  * struct tomoyo_condition_element condition[condc];
660  * struct tomoyo_number_union values[numbers_count];
661  * struct tomoyo_name_union names[names_count];
662  * struct tomoyo_argv argv[argc];
663  * struct tomoyo_envp envp[envc];
664  */
665 };
666 
667 /* Common header for individual entries. */
669  struct list_head list;
670  struct tomoyo_condition *cond; /* Maybe NULL. */
671  s8 is_deleted; /* true or false or TOMOYO_GC_IN_PROGRESS */
672  u8 type; /* One of values in "enum tomoyo_acl_entry_type_index". */
673 } __packed;
674 
675 /* Structure for domain information. */
677  struct list_head list;
679  /* Name of this domain. Never NULL. */
681  /* Namespace for this domain. Never NULL. */
683  u8 profile; /* Profile number to use. */
684  u8 group; /* Group number to use. */
685  bool is_deleted; /* Delete flag. */
687  atomic_t users; /* Number of referring credentials. */
688 };
689 
690 /*
691  * Structure for "task manual_domain_transition" directive.
692  */
694  struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MANUAL_TASK_ACL */
695  /* Pointer to domainname. */
697 };
698 
699 /*
700  * Structure for "file execute", "file read", "file write", "file append",
701  * "file unlink", "file getattr", "file rmdir", "file truncate",
702  * "file symlink", "file chroot" and "file unmount" directive.
703  */
705  struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */
706  u16 perm; /* Bitmask of values in "enum tomoyo_path_acl_index". */
708 };
709 
710 /*
711  * Structure for "file create", "file mkdir", "file mkfifo", "file mksock",
712  * "file ioctl", "file chmod", "file chown" and "file chgrp" directive.
713  */
715  struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER_ACL */
716  /* Bitmask of values in "enum tomoyo_path_number_acl_index". */
720 };
721 
722 /* Structure for "file mkblock" and "file mkchar" directive. */
724  struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MKDEV_ACL */
725  u8 perm; /* Bitmask of values in "enum tomoyo_mkdev_acl_index". */
730 };
731 
732 /*
733  * Structure for "file rename", "file link" and "file pivot_root" directive.
734  */
736  struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */
737  u8 perm; /* Bitmask of values in "enum tomoyo_path2_acl_index". */
740 };
741 
742 /* Structure for "file mount" directive. */
744  struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MOUNT_ACL */
749 };
750 
751 /* Structure for "misc env" directive in domain policy. */
753  struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_ENV_ACL */
754  const struct tomoyo_path_info *env; /* environment variable */
755 };
756 
757 /* Structure for "network inet" directive. */
759  struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_INET_ACL */
761  u8 perm; /* Bitmask of values in "enum tomoyo_network_acl_index" */
764 };
765 
766 /* Structure for "network unix" directive. */
768  struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_UNIX_ACL */
770  u8 perm; /* Bitmask of values in "enum tomoyo_network_acl_index" */
772 };
773 
774 /* Structure for holding a line from /sys/kernel/security/tomoyo/ interface. */
776  char *data;
777  struct list_head *list;
779  bool is_delete;
780 };
781 
782 #define TOMOYO_MAX_IO_READ_QUEUE 64
783 
784 /*
785  * Structure for reading/writing policy via /sys/kernel/security/tomoyo
786  * interfaces.
787  */
789  void (*read) (struct tomoyo_io_buffer *);
790  int (*write) (struct tomoyo_io_buffer *);
791  unsigned int (*poll) (struct file *file, poll_table *wait);
792  /* Exclusive lock for this structure. */
793  struct mutex io_sem;
796  struct {
797  struct list_head *ns;
798  struct list_head *domain;
799  struct list_head *group;
800  struct list_head *acl;
801  size_t avail;
802  unsigned int step;
803  unsigned int query_index;
810  bool eof;
815  } r;
816  struct {
818  /* The position currently writing to. */
820  /* Bytes available for writing. */
821  size_t avail;
822  bool is_delete;
823  } w;
824  /* Buffer for reading. */
825  char *read_buf;
826  /* Size of read buffer. */
827  size_t readbuf_size;
828  /* Buffer for writing. */
829  char *write_buf;
830  /* Size of write buffer. */
832  /* Type of this interface. */
834  /* Users counter protected by tomoyo_io_buffer_list_lock. */
836  /* List for telling GC not to kfree() elements. */
837  struct list_head list;
838 };
839 
840 /*
841  * Structure for "initialize_domain"/"no_initialize_domain"/"keep_domain"/
842  * "no_keep_domain" keyword.
843  */
846  u8 type; /* One of values in "enum tomoyo_transition_type". */
847  /* True if the domainname is tomoyo_get_last_name(). */
849  const struct tomoyo_path_info *domainname; /* Maybe NULL */
850  const struct tomoyo_path_info *program; /* Maybe NULL */
851 };
852 
853 /* Structure for "aggregator" keyword. */
858 };
859 
860 /* Structure for policy manager. */
863  /* A path to program or a domainname. */
864  const struct tomoyo_path_info *manager;
865 };
866 
868  unsigned int learning_max_entry;
872 };
873 
874 /* Structure for /sys/kernel/security/tomnoyo/profile interface. */
876  const struct tomoyo_path_info *comment;
883  unsigned int pref[TOMOYO_MAX_PREF];
884 };
885 
886 /* Structure for representing YYYY/MM/DD hh/mm/ss. */
887 struct tomoyo_time {
894 };
895 
896 /* Structure for policy namespace. */
898  /* Profile table. Memory is allocated as needed. */
900  /* List of "struct tomoyo_group". */
902  /* List of policy. */
904  /* The global ACL referred by "use_group" keyword. */
906  /* List for connecting to tomoyo_namespace_list list. */
908  /* Profile version. Currently only 20110903 is defined. */
909  unsigned int profile_version;
910  /* Name of this namespace (e.g. "<kernel>", "</usr/sbin/httpd>" ). */
911  const char *name;
912 };
913 
914 /********** Function prototypes. **********/
915 
916 bool tomoyo_address_matches_group(const bool is_ipv6, const __be32 *address,
917  const struct tomoyo_group *group);
918 bool tomoyo_compare_number_union(const unsigned long value,
919  const struct tomoyo_number_union *ptr);
921  const struct tomoyo_condition *cond);
922 bool tomoyo_correct_domain(const unsigned char *domainname);
923 bool tomoyo_correct_path(const char *filename);
924 bool tomoyo_correct_word(const char *string);
925 bool tomoyo_domain_def(const unsigned char *buffer);
927 bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos,
928  struct tomoyo_page_dump *dump);
929 bool tomoyo_memory_ok(void *ptr);
930 bool tomoyo_number_matches_group(const unsigned long min,
931  const unsigned long max,
932  const struct tomoyo_group *group);
934  struct tomoyo_ipaddr_union *ptr);
936  struct tomoyo_name_union *ptr);
938  struct tomoyo_number_union *ptr);
940  const struct tomoyo_path_info *pattern);
941 bool tomoyo_permstr(const char *string, const char *keyword);
942 bool tomoyo_str_starts(char **src, const char *find);
943 char *tomoyo_encode(const char *str);
944 char *tomoyo_encode2(const char *str, int str_len);
945 char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt,
946  va_list args);
948 char *tomoyo_realpath_from_path(struct path *path);
949 char *tomoyo_realpath_nofollow(const char *pathname);
950 const char *tomoyo_get_exe(void);
951 const char *tomoyo_yesno(const unsigned int value);
953 (const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr);
955 (struct tomoyo_acl_param *param);
956 const struct tomoyo_path_info *tomoyo_get_name(const char *name);
958 (const struct tomoyo_path_info *pathname, const struct tomoyo_group *group);
960  struct path *path, const int flag);
962 int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env);
964  const struct tomoyo_path_info *filename);
965 int tomoyo_find_next_domain(struct linux_binprm *bprm);
966 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
967  const u8 index);
969  struct tomoyo_domain_info *domain,
970  const u8 index);
971 int tomoyo_mkdev_perm(const u8 operation, struct path *path,
972  const unsigned int mode, unsigned int dev);
973 int tomoyo_mount_permission(const char *dev_name, struct path *path,
974  const char *type, unsigned long flags,
975  void *data_page);
976 int tomoyo_open_control(const u8 type, struct file *file);
977 int tomoyo_path2_perm(const u8 operation, struct path *path1,
978  struct path *path2);
979 int tomoyo_path_number_perm(const u8 operation, struct path *path,
980  unsigned long number);
981 int tomoyo_path_perm(const u8 operation, struct path *path,
982  const char *target);
983 unsigned int tomoyo_poll_control(struct file *file, poll_table *wait);
984 unsigned int tomoyo_poll_log(struct file *file, poll_table *wait);
986  int addr_len);
988  struct sockaddr *addr, int addr_len);
991  int size);
992 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
993  __printf(2, 3);
996  bool (*check_duplicate)
998  const struct tomoyo_acl_info *),
999  bool (*merge_duplicate)
1000  (struct tomoyo_acl_info *, struct tomoyo_acl_info *,
1001  const bool));
1002 int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
1003  struct tomoyo_acl_param *param,
1004  bool (*check_duplicate)
1006  const struct tomoyo_acl_head *));
1013  const u8 type);
1016  const int buffer_len);
1018  const char __user *buffer, const int buffer_len);
1021  const bool transit);
1024  const u8 idx);
1026 (const char *domainname);
1028  const u8 profile);
1029 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
1030  const u8 index);
1031 u8 tomoyo_parse_ulong(unsigned long *result, char **str);
1032 void *tomoyo_commit_ok(void *data, const unsigned int size);
1034 void __init tomoyo_mm_init(void);
1036  bool (*check_entry) (struct tomoyo_request_info *,
1037  const struct tomoyo_acl_info *));
1038 void tomoyo_check_profile(void);
1044 void tomoyo_load_policy(const char *filename);
1045 void tomoyo_normalize_line(unsigned char *buffer);
1046 void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register);
1047 void tomoyo_print_ip(char *buf, const unsigned int size,
1049 void tomoyo_print_ulong(char *buffer, const int buffer_len,
1050  const unsigned long value, const u8 type);
1054 void tomoyo_update_stat(const u8 index);
1055 void tomoyo_warn_oom(const char *function);
1056 void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...)
1057  __printf(2, 3);
1058 void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt,
1059  va_list args);
1060 
1061 /********** External variable definitions. **********/
1062 
1063 extern bool tomoyo_policy_loaded;
1064 extern const char * const tomoyo_condition_keyword
1077 extern struct list_head tomoyo_condition_list;
1078 extern struct list_head tomoyo_domain_list;
1080 extern struct list_head tomoyo_namespace_list;
1081 extern struct mutex tomoyo_policy_lock;
1085 extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT];
1086 extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT];
1087 
1088 /********** Inlined functions. **********/
1089 
1095 static inline int tomoyo_read_lock(void)
1096 {
1097  return srcu_read_lock(&tomoyo_ss);
1098 }
1099 
1107 static inline void tomoyo_read_unlock(int idx)
1108 {
1109  srcu_read_unlock(&tomoyo_ss, idx);
1110 }
1111 
1120 static inline pid_t tomoyo_sys_getppid(void)
1121 {
1122  pid_t pid;
1123  rcu_read_lock();
1124  pid = task_tgid_vnr(rcu_dereference(current->real_parent));
1125  rcu_read_unlock();
1126  return pid;
1127 }
1128 
1137 static inline pid_t tomoyo_sys_getpid(void)
1138 {
1139  return task_tgid_vnr(current);
1140 }
1141 
1150 static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a,
1151  const struct tomoyo_path_info *b)
1152 {
1153  return a->hash != b->hash || strcmp(a->name, b->name);
1154 }
1155 
1163 static inline void tomoyo_put_name(const struct tomoyo_path_info *name)
1164 {
1165  if (name) {
1166  struct tomoyo_name *ptr =
1167  container_of(name, typeof(*ptr), entry);
1168  atomic_dec(&ptr->head.users);
1169  }
1170 }
1171 
1179 static inline void tomoyo_put_condition(struct tomoyo_condition *cond)
1180 {
1181  if (cond)
1182  atomic_dec(&cond->head.users);
1183 }
1184 
1192 static inline void tomoyo_put_group(struct tomoyo_group *group)
1193 {
1194  if (group)
1195  atomic_dec(&group->head.users);
1196 }
1197 
1203 static inline struct tomoyo_domain_info *tomoyo_domain(void)
1204 {
1205  return current_cred()->security;
1206 }
1207 
1215 static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
1216  *task)
1217 {
1218  return task_cred_xxx(task, security);
1219 }
1220 
1229 static inline bool tomoyo_same_name_union
1230 (const struct tomoyo_name_union *a, const struct tomoyo_name_union *b)
1231 {
1232  return a->filename == b->filename && a->group == b->group;
1233 }
1234 
1243 static inline bool tomoyo_same_number_union
1244 (const struct tomoyo_number_union *a, const struct tomoyo_number_union *b)
1245 {
1246  return a->values[0] == b->values[0] && a->values[1] == b->values[1] &&
1247  a->group == b->group && a->value_type[0] == b->value_type[0] &&
1248  a->value_type[1] == b->value_type[1];
1249 }
1250 
1259 static inline bool tomoyo_same_ipaddr_union
1260 (const struct tomoyo_ipaddr_union *a, const struct tomoyo_ipaddr_union *b)
1261 {
1262  return !memcmp(a->ip, b->ip, sizeof(a->ip)) && a->group == b->group &&
1263  a->is_ipv6 == b->is_ipv6;
1264 }
1265 
1271 static inline struct tomoyo_policy_namespace *tomoyo_current_namespace(void)
1272 {
1273  return tomoyo_domain()->ns;
1274 }
1275 
1276 #if defined(CONFIG_SLOB)
1277 
1287 static inline int tomoyo_round2(size_t size)
1288 {
1289  return size;
1290 }
1291 
1292 #else
1293 
1304 static inline int tomoyo_round2(size_t size)
1305 {
1306 #if PAGE_SIZE == 4096
1307  size_t bsize = 32;
1308 #else
1309  size_t bsize = 64;
1310 #endif
1311  if (!size)
1312  return 0;
1313  while (size > bsize)
1314  bsize <<= 1;
1315  return bsize;
1316 }
1317 
1318 #endif
1319 
1325 #define list_for_each_cookie(pos, head) \
1326  if (!pos) \
1327  pos = srcu_dereference((head)->next, &tomoyo_ss); \
1328  for ( ; pos != (head); pos = srcu_dereference(pos->next, &tomoyo_ss))
1329 
1330 #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */