オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.7.x/ccs-patch/security/ccsecurity/policy_io.c

Annotation of /trunk/1.7.x/ccs-patch/security/ccsecurity/policy_io.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 2970 - (hide annotations) (download) (as text)
Fri Aug 28 13:19:43 2009 UTC (14 years, 9 months ago) by kumaneko
File MIME type: text/x-csrc
File size: 77491 byte(s) 
Allow reaching tasks via global PID (CONFIG_PID_NS=y)
1 kumaneko 2863 /*
2 kumaneko 2864 * security/ccsecurity/policy_io.c
3 kumaneko 2863 *
4     * Copyright (C) 2005-2009 NTT DATA CORPORATION
5     *
6 kumaneko 2943 * Version: 1.7.0-pre 2009/08/24
7 kumaneko 2863 *
8     * This file is applicable to both 2.4.30 and 2.6.11 and later.
9     * See README.ccs for ChangeLog.
10     *
11     */
12    
13     #include "internal.h"
14    
15 kumaneko 2962 static struct ccs_profile ccs_default_profile = {
16     .learning = &ccs_default_profile.preference,
17     .permissive = &ccs_default_profile.preference,
18     .enforcing = &ccs_default_profile.preference,
19     #ifdef CONFIG_CCSECURITY_AUDIT
20 kumaneko 2963 .audit = &ccs_default_profile.preference,
21 kumaneko 2962 .preference.audit_max_grant_log = CONFIG_CCSECURITY_MAX_GRANT_LOG,
22     .preference.audit_max_reject_log = CONFIG_CCSECURITY_MAX_REJECT_LOG,
23     #endif
24     .preference.enforcing_penalty = 0,
25     .preference.enforcing_verbose = true,
26     .preference.learning_max_entry = CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY,
27     .preference.learning_verbose = false,
28     .preference.learning_exec_realpath = true,
29     .preference.learning_exec_argv0 = true,
30     .preference.learning_symlink_target = true,
31     .preference.permissive_verbose = true
32     };
33    
34 kumaneko 2958 /* Profile table. Memory is allocated as needed. */
35     static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES];
36    
37     /* Lock for protecting "struct ccs_profile"->comment */
38 kumaneko 2863 static DEFINE_SPINLOCK(ccs_profile_comment_lock);
39    
40 kumaneko 2948 /* String table for functionality that takes 4 modes. */
41 kumaneko 2925 static const char *ccs_mode_4[4] = {
42     "disabled", "learning", "permissive", "enforcing"
43 kumaneko 2863 };
44 kumaneko 2915
45 kumaneko 2948 /* String table for /proc/ccs/profile */
46 kumaneko 2918 static const char *ccs_mac_keywords[CCS_MAX_MAC_INDEX +
47 kumaneko 2943 CCS_MAX_CAPABILITY_INDEX +
48     CCS_MAX_MAC_CATEGORY_INDEX] = {
49     [CCS_MAC_FILE_EXECUTE]
50     = "file::execute",
51     [CCS_MAC_FILE_OPEN]
52     = "file::open",
53     [CCS_MAC_FILE_CREATE]
54     = "file::create",
55     [CCS_MAC_FILE_UNLINK]
56     = "file::unlink",
57     [CCS_MAC_FILE_MKDIR]
58     = "file::mkdir",
59     [CCS_MAC_FILE_RMDIR]
60     = "file::rmdir",
61     [CCS_MAC_FILE_MKFIFO]
62     = "file::mkfifo",
63     [CCS_MAC_FILE_MKSOCK]
64     = "file::mksock",
65     [CCS_MAC_FILE_TRUNCATE]
66     = "file::truncate",
67     [CCS_MAC_FILE_SYMLINK]
68     = "file::symlink",
69     [CCS_MAC_FILE_REWRITE]
70     = "file::rewrite",
71     [CCS_MAC_FILE_MKBLOCK]
72     = "file::mkblock",
73     [CCS_MAC_FILE_MKCHAR]
74     = "file::mkchar",
75     [CCS_MAC_FILE_LINK]
76     = "file::link",
77     [CCS_MAC_FILE_RENAME]
78     = "file::rename",
79     [CCS_MAC_FILE_CHMOD]
80     = "file::chmod",
81     [CCS_MAC_FILE_CHOWN]
82     = "file::chown",
83     [CCS_MAC_FILE_CHGRP]
84     = "file::chgrp",
85     [CCS_MAC_FILE_IOCTL]
86     = "file::ioctl",
87     [CCS_MAC_FILE_CHROOT]
88     = "file::chroot",
89     [CCS_MAC_FILE_MOUNT]
90     = "file::mount",
91     [CCS_MAC_FILE_UMOUNT]
92     = "file::umount",
93     [CCS_MAC_FILE_PIVOT_ROOT]
94     = "file::pivot_root",
95     [CCS_MAC_ENVIRON]
96     = "misc::env",
97     [CCS_MAC_NETWORK_UDP_BIND]
98     = "network::inet_udp_bind",
99     [CCS_MAC_NETWORK_UDP_CONNECT]
100     = "network::inet_udp_connect",
101     [CCS_MAC_NETWORK_TCP_BIND]
102     = "network::inet_tcp_bind",
103     [CCS_MAC_NETWORK_TCP_LISTEN]
104     = "network::inet_tcp_listen",
105     [CCS_MAC_NETWORK_TCP_CONNECT]
106     = "network::inet_tcp_connect",
107     [CCS_MAC_NETWORK_TCP_ACCEPT]
108     = "network::inet_tcp_accept",
109     [CCS_MAC_NETWORK_RAW_BIND]
110     = "network::inet_raw_bind",
111     [CCS_MAC_NETWORK_RAW_CONNECT]
112     = "network::inet_raw_connect",
113     [CCS_MAC_SIGNAL]
114     = "ipc::signal",
115 kumaneko 2918 [CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_CREATE]
116 kumaneko 2943 = "capability::inet_tcp_create",
117 kumaneko 2918 [CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_LISTEN]
118 kumaneko 2943 = "capability::inet_tcp_listen",
119 kumaneko 2918 [CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_CONNECT]
120 kumaneko 2943 = "capability::inet_tcp_connect",
121     [CCS_MAX_MAC_INDEX + CCS_USE_INET_DGRAM_SOCKET]
122     = "capability::use_inet_udp",
123     [CCS_MAX_MAC_INDEX + CCS_USE_INET_RAW_SOCKET]
124     = "capability::use_inet_ip",
125     [CCS_MAX_MAC_INDEX + CCS_USE_ROUTE_SOCKET]
126     = "capability::use_route",
127     [CCS_MAX_MAC_INDEX + CCS_USE_PACKET_SOCKET]
128     = "capability::use_packet",
129     [CCS_MAX_MAC_INDEX + CCS_SYS_MOUNT]
130     = "capability::SYS_MOUNT",
131     [CCS_MAX_MAC_INDEX + CCS_SYS_UMOUNT]
132     = "capability::SYS_UMOUNT",
133     [CCS_MAX_MAC_INDEX + CCS_SYS_REBOOT]
134     = "capability::SYS_REBOOT",
135     [CCS_MAX_MAC_INDEX + CCS_SYS_CHROOT]
136     = "capability::SYS_CHROOT",
137     [CCS_MAX_MAC_INDEX + CCS_SYS_KILL]
138     = "capability::SYS_KILL",
139     [CCS_MAX_MAC_INDEX + CCS_SYS_VHANGUP]
140     = "capability::SYS_VHANGUP",
141     [CCS_MAX_MAC_INDEX + CCS_SYS_SETTIME]
142     = "capability::SYS_TIME",
143     [CCS_MAX_MAC_INDEX + CCS_SYS_NICE]
144     = "capability::SYS_NICE",
145     [CCS_MAX_MAC_INDEX + CCS_SYS_SETHOSTNAME]
146     = "capability::SYS_SETHOSTNAME",
147     [CCS_MAX_MAC_INDEX + CCS_USE_KERNEL_MODULE]
148     = "capability::use_kernel_module",
149     [CCS_MAX_MAC_INDEX + CCS_CREATE_FIFO]
150     = "capability::create_fifo",
151     [CCS_MAX_MAC_INDEX + CCS_CREATE_BLOCK_DEV]
152     = "capability::create_block_dev",
153     [CCS_MAX_MAC_INDEX + CCS_CREATE_CHAR_DEV]
154     = "capability::create_char_dev",
155     [CCS_MAX_MAC_INDEX + CCS_CREATE_UNIX_SOCKET]
156     = "capability::create_unix_socket",
157     [CCS_MAX_MAC_INDEX + CCS_SYS_LINK]
158     = "capability::SYS_LINK",
159     [CCS_MAX_MAC_INDEX + CCS_SYS_SYMLINK]
160     = "capability::SYS_SYMLINK",
161     [CCS_MAX_MAC_INDEX + CCS_SYS_RENAME]
162     = "capability::SYS_RENAME",
163     [CCS_MAX_MAC_INDEX + CCS_SYS_UNLINK]
164     = "capability::SYS_UNLINK",
165     [CCS_MAX_MAC_INDEX + CCS_SYS_CHMOD]
166     = "capability::SYS_CHMOD",
167     [CCS_MAX_MAC_INDEX + CCS_SYS_CHOWN]
168     = "capability::SYS_CHOWN",
169     [CCS_MAX_MAC_INDEX + CCS_SYS_IOCTL]
170     = "capability::SYS_IOCTL",
171     [CCS_MAX_MAC_INDEX + CCS_SYS_KEXEC_LOAD]
172     = "capability::SYS_KEXEC_LOAD",
173     [CCS_MAX_MAC_INDEX + CCS_SYS_PIVOT_ROOT]
174     = "capability::SYS_PIVOT_ROOT",
175     [CCS_MAX_MAC_INDEX + CCS_SYS_PTRACE]
176     = "capability::SYS_PTRACE",
177     [CCS_MAX_MAC_INDEX + CCS_CONCEAL_MOUNT]
178     = "capability::conceal_mount",
179     [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
180     + CCS_MAC_CATEGORY_FILE] = "file",
181     [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
182     + CCS_MAC_CATEGORY_NETWORK] = "network",
183     [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
184     + CCS_MAC_CATEGORY_MISC] = "misc",
185     [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
186     + CCS_MAC_CATEGORY_IPC] = "ipc",
187     [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
188     + CCS_MAC_CATEGORY_CAPABILITY] = "capability",
189 kumaneko 2915 };
190    
191 kumaneko 2863 /* Permit policy management by non-root user? */
192     static bool ccs_manage_by_non_root;
193    
194     /**
195 kumaneko 2918 * ccs_cap2keyword - Convert capability operation to capability name.
196     *
197     * @operation: The capability index.
198     *
199     * Returns the name of the specified capability's name.
200     */
201     const char *ccs_cap2keyword(const u8 operation)
202     {
203     return operation < CCS_MAX_CAPABILITY_INDEX
204 kumaneko 2943 ? ccs_mac_keywords[CCS_MAX_MAC_INDEX + operation] + 12 : NULL;
205 kumaneko 2918 }
206    
207     /**
208 kumaneko 2958 * ccs_yesno - Return "yes" or "no".
209 kumaneko 2863 *
210 kumaneko 2958 * @value: Bool value.
211 kumaneko 2863 */
212 kumaneko 2958 static const char *ccs_yesno(const unsigned int value)
213 kumaneko 2863 {
214 kumaneko 2958 return value ? "yes" : "no";
215 kumaneko 2863 }
216    
217     /**
218     * ccs_io_printf - Transactional printf() to "struct ccs_io_buffer" structure.
219     *
220     * @head: Pointer to "struct ccs_io_buffer".
221     * @fmt: The printf()'s format string, followed by parameters.
222     *
223     * Returns true on success, false otherwise.
224     *
225     * The snprintf() will truncate, but ccs_io_printf() won't.
226     */
227     bool ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...)
228     {
229     va_list args;
230     int len;
231     int pos = head->read_avail;
232     int size = head->readbuf_size - pos;
233     if (size <= 0)
234     return false;
235     va_start(args, fmt);
236     len = vsnprintf(head->read_buf + pos, size, fmt, args);
237     va_end(args);
238     if (pos + len >= head->readbuf_size)
239     return false;
240     head->read_avail += len;
241     return true;
242     }
243    
244     /**
245     * ccs_find_or_assign_new_profile - Create a new profile.
246     *
247     * @profile: Profile number to create.
248     *
249     * Returns pointer to "struct ccs_profile" on success, NULL otherwise.
250     */
251 kumaneko 2892 static struct ccs_profile *ccs_find_or_assign_new_profile(const unsigned int
252     profile)
253 kumaneko 2863 {
254     struct ccs_profile *ptr;
255     struct ccs_profile *entry;
256 kumaneko 2892 if (profile >= CCS_MAX_PROFILES)
257 kumaneko 2863 return NULL;
258     ptr = ccs_profile_ptr[profile];
259     if (ptr)
260     return ptr;
261     entry = kzalloc(sizeof(*entry), GFP_KERNEL);
262     mutex_lock(&ccs_policy_lock);
263     ptr = ccs_profile_ptr[profile];
264     if (!ptr && ccs_memory_ok(entry, sizeof(*entry))) {
265     ptr = entry;
266 kumaneko 2963 #ifdef CONFIG_CCSECURITY_AUDIT
267 kumaneko 2962 ptr->audit = &ccs_default_profile.preference;
268 kumaneko 2963 #endif
269 kumaneko 2962 ptr->learning = &ccs_default_profile.preference;
270     ptr->permissive = &ccs_default_profile.preference;
271     ptr->enforcing = &ccs_default_profile.preference;
272 kumaneko 2958 ptr->default_config = CCS_CONFIG_DISABLED |
273     CCS_CONFIG_WANT_GRANT_LOG | CCS_CONFIG_WANT_REJECT_LOG;
274     memset(ptr->config, CCS_CONFIG_USE_DEFAULT,
275 kumaneko 2943 sizeof(ptr->config));
276 kumaneko 2863 mb(); /* Avoid out-of-order execution. */
277     ccs_profile_ptr[profile] = ptr;
278     entry = NULL;
279     }
280     mutex_unlock(&ccs_policy_lock);
281     kfree(entry);
282     return ptr;
283     }
284    
285     /**
286 kumaneko 2958 * ccs_profile - Find a profile.
287     *
288     * @profile: Profile number to find.
289     *
290     * Returns pointer to "struct ccs_profile" on success, NULL otherwise.
291     */
292     struct ccs_profile *ccs_profile(const u8 profile)
293     {
294 kumaneko 2962 if (!ccs_policy_loaded)
295     return &ccs_default_profile;
296 kumaneko 2958 return ccs_profile_ptr[profile];
297     }
298    
299     /**
300 kumaneko 2863 * ccs_write_profile - Write profile table.
301     *
302     * @head: Pointer to "struct ccs_io_buffer".
303     *
304     * Returns 0 on success, negative value otherwise.
305     */
306     static int ccs_write_profile(struct ccs_io_buffer *head)
307     {
308     char *data = head->write_buf;
309     unsigned int i;
310 kumaneko 2958 int value;
311 kumaneko 2915 int mode;
312 kumaneko 2943 u8 config;
313 kumaneko 2962 bool use_default = false;
314 kumaneko 2863 char *cp;
315 kumaneko 2958 struct ccs_profile *profile;
316 kumaneko 2863 i = simple_strtoul(data, &cp, 10);
317 kumaneko 2962 if (data == cp) {
318     profile = &ccs_default_profile;
319     } else {
320 kumaneko 2863 if (*cp != '-')
321     return -EINVAL;
322     data = cp + 1;
323 kumaneko 2962 profile = ccs_find_or_assign_new_profile(i);
324     if (!profile)
325     return -EINVAL;
326 kumaneko 2863 }
327     cp = strchr(data, '=');
328     if (!cp)
329     return -EINVAL;
330 kumaneko 2925 *cp++ = '\0';
331 kumaneko 2962 if (profile != &ccs_default_profile)
332     use_default = strstr(cp, "use_default") != NULL;
333     if (strstr(cp, "verbose=yes"))
334     value = 1;
335     else if (strstr(cp, "verbose=no"))
336     value = 0;
337     else
338     value = -1;
339 kumaneko 2959 #ifdef CONFIG_CCSECURITY_AUDIT
340 kumaneko 2958 if (!strcmp(data, "PREFERENCE::audit")) {
341 kumaneko 2962 char *cp2;
342     if (use_default) {
343     profile->audit = &ccs_default_profile.preference;
344     return 0;
345     }
346     profile->audit = &profile->preference;
347     cp2 = strstr(cp, "max_grant_log=");
348 kumaneko 2958 if (cp2)
349 kumaneko 2962 sscanf(cp2 + 14, "%u",
350     &profile->preference.audit_max_grant_log);
351 kumaneko 2958 cp2 = strstr(cp, "max_reject_log=");
352     if (cp2)
353 kumaneko 2962 sscanf(cp2 + 15, "%u",
354     &profile->preference.audit_max_reject_log);
355 kumaneko 2863 return 0;
356     }
357 kumaneko 2959 #endif
358 kumaneko 2958 if (!strcmp(data, "PREFERENCE::enforcing")) {
359     char *cp2;
360 kumaneko 2962 if (use_default) {
361     profile->enforcing = &ccs_default_profile.preference;
362     return 0;
363     }
364     profile->enforcing = &profile->preference;
365 kumaneko 2958 if (value >= 0)
366 kumaneko 2962 profile->preference.enforcing_verbose = value;
367 kumaneko 2958 cp2 = strstr(cp, "penalty=");
368     if (cp2)
369 kumaneko 2962 sscanf(cp2 + 8, "%u",
370     &profile->preference.enforcing_penalty);
371 kumaneko 2958 return 0;
372     }
373     if (!strcmp(data, "PREFERENCE::permissive")) {
374 kumaneko 2962 if (use_default) {
375     profile->permissive = &ccs_default_profile.preference;
376     return 0;
377     }
378     profile->permissive = &profile->preference;
379 kumaneko 2958 if (value >= 0)
380 kumaneko 2962 profile->preference.permissive_verbose = value;
381 kumaneko 2958 return 0;
382     }
383     if (!strcmp(data, "PREFERENCE::learning")) {
384     char *cp2;
385 kumaneko 2962 if (use_default) {
386     profile->learning = &ccs_default_profile.preference;
387     return 0;
388     }
389     profile->learning = &profile->preference;
390 kumaneko 2958 if (value >= 0)
391 kumaneko 2962 profile->preference.learning_verbose = value;
392 kumaneko 2958 cp2 = strstr(cp, "max_entry=");
393     if (cp2)
394 kumaneko 2962 sscanf(cp2 + 10, "%u",
395     &profile->preference.learning_max_entry);
396 kumaneko 2958 if (strstr(cp, "exec.realpath=yes"))
397 kumaneko 2962 profile->preference.learning_exec_realpath = true;
398 kumaneko 2958 else if (strstr(cp, "exec.realpath=no"))
399 kumaneko 2962 profile->preference.learning_exec_realpath = false;
400 kumaneko 2958 if (strstr(cp, "exec.argv0=yes"))
401 kumaneko 2962 profile->preference.learning_exec_argv0 = true;
402 kumaneko 2958 else if (strstr(cp, "exec.argv0=no"))
403 kumaneko 2962 profile->preference.learning_exec_argv0 = false;
404 kumaneko 2961 if (strstr(cp, "symlink.target=yes"))
405 kumaneko 2962 profile->preference.learning_symlink_target = true;
406 kumaneko 2961 else if (strstr(cp, "symlink.target=no"))
407 kumaneko 2962 profile->preference.learning_symlink_target = false;
408 kumaneko 2958 return 0;
409     }
410 kumaneko 2962 if (profile == &ccs_default_profile)
411     return -EINVAL;
412     if (!strcmp(data, "COMMENT")) {
413     const struct ccs_path_info *new_comment = ccs_get_name(cp);
414     const struct ccs_path_info *old_comment;
415     /* Protect reader from ccs_put_name(). */
416     spin_lock(&ccs_profile_comment_lock);
417     old_comment = profile->comment;
418     profile->comment = new_comment;
419     spin_unlock(&ccs_profile_comment_lock);
420     ccs_put_name(old_comment);
421     return 0;
422     }
423 kumaneko 2958 if (!strcmp(data, "CONFIG")) {
424     i = CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
425     + CCS_MAX_MAC_CATEGORY_INDEX;
426     config = profile->default_config;
427     } else if (ccs_str_starts(&data, "CONFIG::")) {
428     config = 0;
429 kumaneko 2943 for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
430     + CCS_MAX_MAC_CATEGORY_INDEX; i++) {
431     if (strcmp(data, ccs_mac_keywords[i]))
432     continue;
433 kumaneko 2958 config = profile->config[i];
434 kumaneko 2943 break;
435     }
436 kumaneko 2958 if (i == CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
437     + CCS_MAX_MAC_CATEGORY_INDEX)
438     return -EINVAL;
439     } else {
440     return -EINVAL;
441     }
442 kumaneko 2962 if (use_default) {
443 kumaneko 2958 config = CCS_CONFIG_USE_DEFAULT;
444     } else {
445     for (mode = 3; mode >= 0; mode--)
446     if (strstr(cp, ccs_mode_4[mode]))
447     /*
448     * Update lower 3 bits in order to distinguish
449     * 'config' from 'CCS_CONFIG_USE_DEAFULT'.
450     */
451     config = (config & ~7) | mode;
452 kumaneko 2959 #ifdef CONFIG_CCSECURITY_AUDIT
453 kumaneko 2958 if (config != CCS_CONFIG_USE_DEFAULT) {
454     if (strstr(cp, "grant_log=yes"))
455     config |= CCS_CONFIG_WANT_GRANT_LOG;
456     else if (strstr(cp, "grant_log=no"))
457     config &= ~CCS_CONFIG_WANT_GRANT_LOG;
458     if (strstr(cp, "reject_log=yes"))
459     config |= CCS_CONFIG_WANT_REJECT_LOG;
460     else if (strstr(cp, "reject_log=no"))
461     config &= ~CCS_CONFIG_WANT_REJECT_LOG;
462     }
463 kumaneko 2959 #endif
464 kumaneko 2958 }
465     if (i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
466     + CCS_MAX_MAC_CATEGORY_INDEX)
467     profile->config[i] = config;
468     else if (config != CCS_CONFIG_USE_DEFAULT)
469     profile->default_config = config;
470 kumaneko 2943 return 0;
471 kumaneko 2863 }
472    
473     /**
474     * ccs_read_profile - Read profile table.
475     *
476     * @head: Pointer to "struct ccs_io_buffer".
477     */
478 kumaneko 2943 static void ccs_read_profile(struct ccs_io_buffer *head)
479 kumaneko 2863 {
480 kumaneko 2958 int index;
481 kumaneko 2863 if (head->read_eof)
482 kumaneko 2943 return;
483 kumaneko 2965 if (head->read_bit)
484     goto body;
485 kumaneko 2962 ccs_io_printf(head, "PROFILE_VERSION=%s\n", "20090827");
486     #ifdef CONFIG_CCSECURITY_AUDIT
487     ccs_io_printf(head, "PREFERENCE::audit={ max_grant_log=%u "
488     "max_reject_log=%u }\n",
489     ccs_default_profile.preference.audit_max_grant_log,
490     ccs_default_profile.preference.audit_max_reject_log);
491     #endif
492     ccs_io_printf(head, "PREFERENCE::learning={ verbose=%s max_entry=%u "
493     "exec.realpath=%s exec.argv0=%s symlink.target=%s }\n",
494     ccs_yesno(ccs_default_profile.preference.learning_verbose),
495     ccs_default_profile.preference.learning_max_entry,
496     ccs_yesno(ccs_default_profile.preference.learning_exec_realpath),
497     ccs_yesno(ccs_default_profile.preference.learning_exec_argv0),
498     ccs_yesno(ccs_default_profile.preference.
499     learning_symlink_target));
500     ccs_io_printf(head, "PREFERENCE::permissive={ verbose=%s }\n",
501     ccs_yesno(ccs_default_profile.preference.permissive_verbose));
502     ccs_io_printf(head, "PREFERENCE::enforcing={ verbose=%s penalty=%u "
503     "}\n",
504     ccs_yesno(ccs_default_profile.preference.enforcing_verbose),
505     ccs_default_profile.preference.enforcing_penalty);
506 kumaneko 2965 head->read_bit = 1;
507     body:
508 kumaneko 2958 for (index = head->read_step; index < CCS_MAX_PROFILES; index++) {
509     bool done;
510     u8 config;
511     int i;
512 kumaneko 2965 int pos;
513 kumaneko 2958 const struct ccs_profile *profile = ccs_profile_ptr[index];
514     head->read_step = index;
515     if (!profile)
516 kumaneko 2863 continue;
517 kumaneko 2965 pos = head->read_avail;
518 kumaneko 2958 spin_lock(&ccs_profile_comment_lock);
519     done = ccs_io_printf(head, "%u-COMMENT=%s\n", index,
520     profile->comment ? profile->comment->name
521     : "");
522     spin_unlock(&ccs_profile_comment_lock);
523     if (!done)
524     goto out;
525     config = profile->default_config;
526 kumaneko 2959 #ifdef CONFIG_CCSECURITY_AUDIT
527 kumaneko 2958 if (!ccs_io_printf(head, "%u-CONFIG={ mode=%s grant_log=%s "
528     "reject_log=%s }\n", index,
529     ccs_mode_4[config & 3],
530     ccs_yesno(config &
531     CCS_CONFIG_WANT_GRANT_LOG),
532     ccs_yesno(config &
533     CCS_CONFIG_WANT_REJECT_LOG)))
534     goto out;
535 kumaneko 2959 #else
536     if (!ccs_io_printf(head, "%u-CONFIG={ mode=%s }\n", index,
537     ccs_mode_4[config & 3]))
538     goto out;
539     #endif
540 kumaneko 2958 for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
541     + CCS_MAX_MAC_CATEGORY_INDEX; i++) {
542 kumaneko 2959 #ifdef CONFIG_CCSECURITY_AUDIT
543 kumaneko 2958 const char *g;
544     const char *r;
545 kumaneko 2959 #endif
546 kumaneko 2958 config = profile->config[i];
547     if (config == CCS_CONFIG_USE_DEFAULT)
548     continue;
549 kumaneko 2959 #ifdef CONFIG_CCSECURITY_AUDIT
550 kumaneko 2958 g = ccs_yesno(config & CCS_CONFIG_WANT_GRANT_LOG);
551     r = ccs_yesno(config & CCS_CONFIG_WANT_REJECT_LOG);
552     if (!ccs_io_printf(head, "%u-CONFIG::%s={ mode=%s "
553     "grant_log=%s reject_log=%s }\n",
554     index, ccs_mac_keywords[i],
555     ccs_mode_4[config & 3], g, r))
556     goto out;
557 kumaneko 2959 #else
558     if (!ccs_io_printf(head, "%u-CONFIG::%s={ mode=%s }\n",
559     index, ccs_mac_keywords[i],
560     ccs_mode_4[config & 3]))
561     goto out;
562     #endif
563    
564 kumaneko 2908 }
565 kumaneko 2959 #ifdef CONFIG_CCSECURITY_AUDIT
566 kumaneko 2962 if (profile->audit != &ccs_default_profile.preference &&
567     !ccs_io_printf(head, "%u-PREFERENCE::audit={ "
568 kumaneko 2958 "max_grant_log=%u max_reject_log=%u }\n",
569 kumaneko 2962 index,
570     profile->preference.audit_max_grant_log,
571     profile->preference.audit_max_reject_log))
572 kumaneko 2959 goto out;
573     #endif
574 kumaneko 2962 if (profile->learning != &ccs_default_profile.preference &&
575     !ccs_io_printf(head, "%u-PREFERENCE::learning={ "
576 kumaneko 2958 "verbose=%s max_entry=%u exec.realpath=%s "
577 kumaneko 2961 "exec.argv0=%s symlink.target=%s }\n",
578 kumaneko 2962 index,
579     ccs_yesno(profile->preference.
580     learning_verbose),
581     profile->preference.learning_max_entry,
582     ccs_yesno(profile->preference.
583     learning_exec_realpath),
584     ccs_yesno(profile->preference.
585     learning_exec_argv0),
586     ccs_yesno(profile->preference.
587     learning_symlink_target)))
588 kumaneko 2958 goto out;
589 kumaneko 2962 if (profile->permissive != &ccs_default_profile.preference &&
590     !ccs_io_printf(head, "%u-PREFERENCE::permissive={ "
591     "verbose=%s }\n", index,
592     ccs_yesno(profile->preference.
593     permissive_verbose)))
594     goto out;
595     if (profile->enforcing != &ccs_default_profile.preference &&
596     !ccs_io_printf(head, "%u-PREFERENCE::enforcing={ "
597     "verbose=%s penalty=%u }\n", index,
598     ccs_yesno(profile->preference.
599     enforcing_verbose),
600     profile->preference.enforcing_penalty))
601     goto out;
602 kumaneko 2958 continue;
603     out:
604     head->read_avail = pos;
605     break;
606 kumaneko 2863 }
607 kumaneko 2958 if (index == CCS_MAX_PROFILES)
608 kumaneko 2863 head->read_eof = true;
609     }
610    
611     /* The list for "struct ccs_policy_manager_entry". */
612     LIST_HEAD(ccs_policy_manager_list);
613    
614     /**
615     * ccs_update_manager_entry - Add a manager entry.
616     *
617     * @manager: The path to manager or the domainnamme.
618     * @is_delete: True if it is a delete request.
619     *
620     * Returns 0 on success, negative value otherwise.
621     */
622     static int ccs_update_manager_entry(const char *manager, const bool is_delete)
623     {
624     struct ccs_policy_manager_entry *entry = NULL;
625     struct ccs_policy_manager_entry *ptr;
626 kumaneko 2900 struct ccs_policy_manager_entry e = { };
627 kumaneko 2863 int error = is_delete ? -ENOENT : -ENOMEM;
628     if (ccs_is_domain_def(manager)) {
629     if (!ccs_is_correct_domain(manager))
630     return -EINVAL;
631 kumaneko 2900 e.is_domain = true;
632 kumaneko 2863 } else {
633     if (!ccs_is_correct_path(manager, 1, -1, -1))
634     return -EINVAL;
635     }
636 kumaneko 2900 e.manager = ccs_get_name(manager);
637     if (!e.manager)
638 kumaneko 2863 return -ENOMEM;
639     if (!is_delete)
640 kumaneko 2900 entry = kmalloc(sizeof(e), GFP_KERNEL);
641 kumaneko 2863 mutex_lock(&ccs_policy_lock);
642     list_for_each_entry_rcu(ptr, &ccs_policy_manager_list, list) {
643 kumaneko 2900 if (ptr->manager != e.manager)
644 kumaneko 2863 continue;
645     ptr->is_deleted = is_delete;
646     error = 0;
647     break;
648     }
649 kumaneko 2900 if (!is_delete && error && ccs_commit_ok(entry, &e, sizeof(e))) {
650 kumaneko 2863 list_add_tail_rcu(&entry->list, &ccs_policy_manager_list);
651     entry = NULL;
652     error = 0;
653     }
654     mutex_unlock(&ccs_policy_lock);
655 kumaneko 2900 ccs_put_name(e.manager);
656 kumaneko 2863 kfree(entry);
657     return error;
658     }
659    
660     /**
661     * ccs_write_manager_policy - Write manager policy.
662     *
663     * @head: Pointer to "struct ccs_io_buffer".
664     *
665     * Returns 0 on success, negative value otherwise.
666     */
667     static int ccs_write_manager_policy(struct ccs_io_buffer *head)
668     {
669     char *data = head->write_buf;
670 kumaneko 2892 bool is_delete = ccs_str_starts(&data, CCS_KEYWORD_DELETE);
671 kumaneko 2863 if (!strcmp(data, "manage_by_non_root")) {
672     ccs_manage_by_non_root = !is_delete;
673     return 0;
674     }
675     return ccs_update_manager_entry(data, is_delete);
676     }
677    
678     /**
679     * ccs_read_manager_policy - Read manager policy.
680     *
681     * @head: Pointer to "struct ccs_io_buffer".
682     *
683     * Caller holds ccs_read_lock().
684     */
685 kumaneko 2943 static void ccs_read_manager_policy(struct ccs_io_buffer *head)
686 kumaneko 2863 {
687     struct list_head *pos;
688     if (head->read_eof)
689 kumaneko 2943 return;
690 kumaneko 2863 list_for_each_cookie(pos, head->read_var2, &ccs_policy_manager_list) {
691     struct ccs_policy_manager_entry *ptr;
692     ptr = list_entry(pos, struct ccs_policy_manager_entry, list);
693     if (ptr->is_deleted)
694     continue;
695     if (!ccs_io_printf(head, "%s\n", ptr->manager->name))
696 kumaneko 2943 return;
697 kumaneko 2863 }
698     head->read_eof = true;
699     }
700    
701     /**
702     * ccs_is_policy_manager - Check whether the current process is a policy manager.
703     *
704     * Returns true if the current process is permitted to modify policy
705     * via /proc/ccs/ interface.
706     *
707     * Caller holds ccs_read_lock().
708     */
709     static bool ccs_is_policy_manager(void)
710     {
711     struct ccs_policy_manager_entry *ptr;
712     const char *exe;
713     struct task_struct *task = current;
714     const struct ccs_path_info *domainname
715     = ccs_current_domain()->domainname;
716     bool found = false;
717     if (!ccs_policy_loaded)
718     return true;
719     if (task->ccs_flags & CCS_TASK_IS_POLICY_MANAGER)
720     return true;
721     if (!ccs_manage_by_non_root && (current_uid() || current_euid()))
722     return false;
723     list_for_each_entry_rcu(ptr, &ccs_policy_manager_list, list) {
724     if (!ptr->is_deleted && ptr->is_domain
725     && !ccs_pathcmp(domainname, ptr->manager)) {
726     /* Set manager flag. */
727     task->ccs_flags |= CCS_TASK_IS_POLICY_MANAGER;
728     return true;
729     }
730     }
731     exe = ccs_get_exe();
732     if (!exe)
733     return false;
734     list_for_each_entry_rcu(ptr, &ccs_policy_manager_list, list) {
735     if (!ptr->is_deleted && !ptr->is_domain
736     && !strcmp(exe, ptr->manager->name)) {
737     found = true;
738     /* Set manager flag. */
739     task->ccs_flags |= CCS_TASK_IS_POLICY_MANAGER;
740     break;
741     }
742     }
743     if (!found) { /* Reduce error messages. */
744     static pid_t ccs_last_pid;
745     const pid_t pid = current->pid;
746     if (ccs_last_pid != pid) {
747     printk(KERN_WARNING "%s ( %s ) is not permitted to "
748     "update policies.\n", domainname->name, exe);
749     ccs_last_pid = pid;
750     }
751     }
752     kfree(exe);
753     return found;
754     }
755    
756     /**
757     * ccs_find_condition_part - Find condition part from the statement.
758     *
759     * @data: String to parse.
760     *
761     * Returns pointer to the condition part if it was found in the statement,
762     * NULL otherwise.
763     */
764     static char *ccs_find_condition_part(char *data)
765     {
766     char *cp = strstr(data, " if ");
767     if (cp) {
768     while (1) {
769     char *cp2 = strstr(cp + 3, " if ");
770     if (!cp2)
771     break;
772     cp = cp2;
773     }
774     *cp++ = '\0';
775     } else {
776     cp = strstr(data, " ; set ");
777     if (cp)
778     *cp++ = '\0';
779     }
780     return cp;
781     }
782    
783     /**
784     * ccs_is_select_one - Parse select command.
785     *
786     * @head: Pointer to "struct ccs_io_buffer".
787     * @data: String to parse.
788     *
789     * Returns true on success, false otherwise.
790     *
791     * Caller holds ccs_read_lock().
792     */
793     static bool ccs_is_select_one(struct ccs_io_buffer *head, const char *data)
794     {
795     unsigned int pid;
796     struct ccs_domain_info *domain = NULL;
797 kumaneko 2970 bool global_pid = false;
798 kumaneko 2863 if (!strcmp(data, "allow_execute")) {
799     head->read_execute_only = true;
800     return true;
801     }
802 kumaneko 2970 if (sscanf(data, "pid=%u", &pid) == 1 ||
803     (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
804 kumaneko 2863 struct task_struct *p;
805     read_lock(&tasklist_lock);
806 kumaneko 2970 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
807     if (global_pid)
808     p = find_task_by_pid_ns(pid, &init_pid_ns);
809     else
810     p = find_task_by_vpid(pid);
811     #else
812 kumaneko 2863 p = find_task_by_pid(pid);
813 kumaneko 2970 #endif
814 kumaneko 2863 if (p)
815     domain = ccs_task_domain(p);
816     read_unlock(&tasklist_lock);
817     } else if (!strncmp(data, "domain=", 7)) {
818     if (ccs_is_domain_def(data + 7))
819     domain = ccs_find_domain(data + 7);
820     } else
821     return false;
822     head->write_var1 = domain;
823     /* Accessing read_buf is safe because head->io_sem is held. */
824     if (!head->read_buf)
825     return true; /* Do nothing if open(O_WRONLY). */
826     head->read_avail = 0;
827     ccs_io_printf(head, "# select %s\n", data);
828     head->read_single_domain = true;
829     head->read_eof = !domain;
830     if (domain) {
831     struct ccs_domain_info *d;
832     head->read_var1 = NULL;
833     list_for_each_entry_rcu(d, &ccs_domain_list, list) {
834     if (d == domain)
835     break;
836     head->read_var1 = &d->list;
837     }
838     head->read_var2 = NULL;
839     head->read_bit = 0;
840     head->read_step = 0;
841     if (domain->is_deleted)
842     ccs_io_printf(head, "# This is a deleted domain.\n");
843     }
844     return true;
845     }
846    
847 kumaneko 2897 static int ccs_write_domain_policy2(char *data, struct ccs_domain_info *domain,
848     struct ccs_condition *cond,
849     const bool is_delete)
850     {
851     if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_CAPABILITY))
852     return ccs_write_capability_policy(data, domain, cond,
853     is_delete);
854     if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_NETWORK))
855     return ccs_write_network_policy(data, domain, cond, is_delete);
856     if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_SIGNAL))
857     return ccs_write_signal_policy(data, domain, cond, is_delete);
858     if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV))
859     return ccs_write_env_policy(data, domain, cond, is_delete);
860     if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_MOUNT))
861     return ccs_write_mount_policy(data, domain, cond, is_delete);
862     if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_UNMOUNT))
863     return ccs_write_umount_policy(data, domain, cond, is_delete);
864     if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_CHROOT))
865     return ccs_write_chroot_policy(data, domain, cond, is_delete);
866     if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_PIVOT_ROOT))
867     return ccs_write_pivot_root_policy(data, domain, cond,
868     is_delete);
869     return ccs_write_file_policy(data, domain, cond, is_delete);
870     }
871    
872 kumaneko 2863 /**
873     * ccs_write_domain_policy - Write domain policy.
874     *
875     * @head: Pointer to "struct ccs_io_buffer".
876     *
877     * Returns 0 on success, negative value otherwise.
878     */
879     static int ccs_write_domain_policy(struct ccs_io_buffer *head)
880     {
881     char *data = head->write_buf;
882     struct ccs_domain_info *domain = head->write_var1;
883     bool is_delete = false;
884     bool is_select = false;
885     unsigned int profile;
886     struct ccs_condition *cond = NULL;
887     char *cp;
888     int error;
889 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_DELETE))
890 kumaneko 2863 is_delete = true;
891 kumaneko 2892 else if (ccs_str_starts(&data, CCS_KEYWORD_SELECT))
892 kumaneko 2863 is_select = true;
893     if (is_select && ccs_is_select_one(head, data))
894     return 0;
895     /* Don't allow updating policies by non manager programs. */
896     if (!ccs_is_policy_manager())
897     return -EPERM;
898     if (ccs_is_domain_def(data)) {
899     domain = NULL;
900     if (is_delete)
901     ccs_delete_domain(data);
902     else if (is_select)
903     domain = ccs_find_domain(data);
904     else
905     domain = ccs_find_or_assign_new_domain(data, 0);
906     head->write_var1 = domain;
907     return 0;
908     }
909     if (!domain)
910     return -EINVAL;
911    
912 kumaneko 2892 if (sscanf(data, CCS_KEYWORD_USE_PROFILE "%u", &profile) == 1
913     && profile < CCS_MAX_PROFILES) {
914 kumaneko 2958 if (ccs_profile(profile))
915 kumaneko 2863 domain->profile = (u8) profile;
916     return 0;
917     }
918 kumaneko 2892 if (!strcmp(data, CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
919 kumaneko 2863 domain->ignore_global_allow_read = !is_delete;
920     return 0;
921     }
922 kumaneko 2892 if (!strcmp(data, CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_ENV)) {
923 kumaneko 2863 domain->ignore_global_allow_env = !is_delete;
924     return 0;
925     }
926     cp = ccs_find_condition_part(data);
927     if (cp) {
928     cond = ccs_get_condition(cp);
929     if (!cond)
930     return -EINVAL;
931     }
932 kumaneko 2897 error = ccs_write_domain_policy2(data, domain, cond, is_delete);
933 kumaneko 2863 if (cond)
934     ccs_put_condition(cond);
935     return error;
936     }
937    
938 kumaneko 2948 /**
939     * ccs_print_name_union - Print a ccs_name_union.
940     *
941     * @head: Pointer to "struct ccs_io_buffer".
942     * @ptr: Pointer to "struct ccs_name_union".
943     *
944     * Returns true on success, false otherwise.
945     */
946 kumaneko 2888 static bool ccs_print_name_union(struct ccs_io_buffer *head,
947 kumaneko 2894 const struct ccs_name_union *ptr)
948 kumaneko 2863 {
949 kumaneko 2894 int pos = head->read_avail;
950 kumaneko 2863 if (pos && head->read_buf[pos - 1] == ' ')
951     head->read_avail--;
952 kumaneko 2888 if (ptr->is_group)
953 kumaneko 2870 return ccs_io_printf(head, " @%s",
954 kumaneko 2888 ptr->group->group_name->name);
955     return ccs_io_printf(head, " %s", ptr->filename->name);
956 kumaneko 2863 }
957    
958 kumaneko 2948 /**
959     * ccs_print_name_union_quoted - Print a ccs_name_union with double quotes.
960     *
961     * @head: Pointer to "struct ccs_io_buffer".
962     * @ptr: Pointer to "struct ccs_name_union".
963     *
964     * Returns true on success, false otherwise.
965     */
966 kumaneko 2894 static bool ccs_print_name_union_quoted(struct ccs_io_buffer *head,
967     const struct ccs_name_union *ptr)
968 kumaneko 2863 {
969 kumaneko 2894 if (ptr->is_group)
970     return ccs_io_printf(head, "@%s",
971     ptr->group->group_name->name);
972     return ccs_io_printf(head, "\"%s\"", ptr->filename->name);
973     }
974    
975 kumaneko 2948 /**
976     * ccs_print_number_union_common - Print a ccs_number_union.
977     *
978     * @head: Pointer to "struct ccs_io_buffer".
979     * @ptr: Pointer to "struct ccs_number_union".
980     * @need_space: True if a space character is needed.
981     *
982     * Returns true on success, false otherwise.
983     */
984 kumaneko 2894 static bool ccs_print_number_union_common(struct ccs_io_buffer *head,
985     const struct ccs_number_union *ptr,
986     const bool need_space)
987     {
988 kumaneko 2888 unsigned long min;
989     unsigned long max;
990 kumaneko 2890 u8 min_type;
991     u8 max_type;
992 kumaneko 2894 if (need_space && !ccs_io_printf(head, " "))
993     return false;
994 kumaneko 2888 if (ptr->is_group)
995 kumaneko 2894 return ccs_io_printf(head, "@%s",
996 kumaneko 2888 ptr->group->group_name->name);
997 kumaneko 2890 min_type = ptr->min_type;
998     max_type = ptr->max_type;
999 kumaneko 2888 min = ptr->values[0];
1000     max = ptr->values[1];
1001 kumaneko 2890 switch (min_type) {
1002 kumaneko 2892 case CCS_VALUE_TYPE_HEXADECIMAL:
1003 kumaneko 2894 if (!ccs_io_printf(head, "0x%lX", min))
1004 kumaneko 2890 return false;
1005     break;
1006 kumaneko 2892 case CCS_VALUE_TYPE_OCTAL:
1007 kumaneko 2894 if (!ccs_io_printf(head, "0%lo", min))
1008 kumaneko 2890 return false;
1009     break;
1010     default:
1011 kumaneko 2894 if (!ccs_io_printf(head, "%lu", min))
1012 kumaneko 2890 return false;
1013     break;
1014     }
1015     if (min == max && min_type == max_type)
1016     return true;
1017     switch (max_type) {
1018 kumaneko 2892 case CCS_VALUE_TYPE_HEXADECIMAL:
1019 kumaneko 2890 return ccs_io_printf(head, "-0x%lX", max);
1020 kumaneko 2892 case CCS_VALUE_TYPE_OCTAL:
1021 kumaneko 2890 return ccs_io_printf(head, "-0%lo", max);
1022     default:
1023     return ccs_io_printf(head, "-%lu", max);
1024     }
1025 kumaneko 2863 }
1026    
1027 kumaneko 2948 /**
1028     * ccs_print_number_union - Print a ccs_number_union.
1029     *
1030     * @head: Pointer to "struct ccs_io_buffer".
1031     * @ptr: Pointer to "struct ccs_number_union".
1032     *
1033     * Returns true on success, false otherwise.
1034     */
1035 kumaneko 2900 bool ccs_print_number_union(struct ccs_io_buffer *head,
1036     const struct ccs_number_union *ptr)
1037 kumaneko 2894 {
1038     return ccs_print_number_union_common(head, ptr, true);
1039     }
1040    
1041 kumaneko 2948 /**
1042     * ccs_print_number_union_nospace - Print a ccs_number_union without a space character.
1043     *
1044     * @head: Pointer to "struct ccs_io_buffer".
1045     * @ptr: Pointer to "struct ccs_number_union".
1046     *
1047     * Returns true on success, false otherwise.
1048     */
1049 kumaneko 2894 static bool ccs_print_number_union_nospace(struct ccs_io_buffer *head,
1050     const struct ccs_number_union *ptr)
1051     {
1052     return ccs_print_number_union_common(head, ptr, false);
1053     }
1054    
1055 kumaneko 2863 /**
1056 kumaneko 2894 * ccs_print_condition - Print condition part.
1057     *
1058     * @head: Pointer to "struct ccs_io_buffer".
1059     * @cond: Pointer to "struct ccs_condition". May be NULL.
1060     *
1061     * Returns true on success, false otherwise.
1062     */
1063     static bool ccs_print_condition(struct ccs_io_buffer *head,
1064     const struct ccs_condition *cond)
1065     {
1066     const struct ccs_condition_element *condp;
1067     const struct ccs_number_union *numbers_p;
1068     const struct ccs_name_union *names_p;
1069     const struct ccs_argv_entry *argv;
1070     const struct ccs_envp_entry *envp;
1071     u16 condc;
1072     u16 i;
1073     u16 j;
1074     char buffer[32];
1075     if (!cond)
1076     goto no_condition;
1077     condc = cond->condc;
1078     condp = (const struct ccs_condition_element *) (cond + 1);
1079     numbers_p = (const struct ccs_number_union *) (condp + condc);
1080     names_p = (const struct ccs_name_union *)
1081     (numbers_p + cond->numbers_count);
1082     argv = (const struct ccs_argv_entry *) (names_p + cond->names_count);
1083     envp = (const struct ccs_envp_entry *) (argv + cond->argc);
1084     memset(buffer, 0, sizeof(buffer));
1085     if (condc && !ccs_io_printf(head, "%s", " if"))
1086     goto out;
1087     for (i = 0; i < condc; i++) {
1088     const u8 match = condp->equals;
1089     const u8 left = condp->left;
1090     const u8 right = condp->right;
1091     condp++;
1092     switch (left) {
1093     case CCS_ARGV_ENTRY:
1094     if (!ccs_io_printf(head, " exec.argv[%u]%s\"%s\"",
1095     argv->index, argv->is_not ?
1096     "!=" : "=", argv->value->name))
1097     goto out;
1098     argv++;
1099     continue;
1100     case CCS_ENVP_ENTRY:
1101     if (!ccs_io_printf(head, " exec.envp[\"%s\"]%s",
1102     envp->name->name, envp->is_not ?
1103     "!=" : "="))
1104     goto out;
1105     if (envp->value) {
1106     if (!ccs_io_printf(head, "\"%s\"",
1107     envp->value->name))
1108     goto out;
1109     } else {
1110     if (!ccs_io_printf(head, "NULL"))
1111     goto out;
1112     }
1113     envp++;
1114     continue;
1115     case CCS_NUMBER_UNION:
1116     if (!ccs_print_number_union(head, numbers_p++))
1117     goto out;
1118     break;
1119     default:
1120     if (left >= CCS_MAX_CONDITION_KEYWORD)
1121     goto out;
1122     if (!ccs_io_printf(head, " %s",
1123     ccs_condition_keyword[left]))
1124     goto out;
1125     break;
1126     }
1127     if (!ccs_io_printf(head, "%s", match ? "=" : "!="))
1128     goto out;
1129     switch (right) {
1130     case CCS_NAME_UNION:
1131     if (!ccs_print_name_union_quoted(head, names_p++))
1132     goto out;
1133     break;
1134     case CCS_NUMBER_UNION:
1135     if (!ccs_print_number_union_nospace(head, numbers_p++))
1136     goto out;
1137     break;
1138     default:
1139     if (right >= CCS_MAX_CONDITION_KEYWORD)
1140     goto out;
1141     if (!ccs_io_printf(head, "%s",
1142     ccs_condition_keyword[right]))
1143     goto out;
1144     break;
1145     }
1146     }
1147     i = cond->post_state[3];
1148     if (!i)
1149     goto no_condition;
1150     if (!ccs_io_printf(head, " ; set"))
1151     goto out;
1152     for (j = 0; j < 3; j++) {
1153     if (!(i & (1 << j)))
1154     continue;
1155     if (!ccs_io_printf(head, " task.state[%u]=%u", j,
1156     cond->post_state[j]))
1157     goto out;
1158     }
1159     no_condition:
1160     if (ccs_io_printf(head, "\n"))
1161     return true;
1162     out:
1163     return false;
1164     }
1165    
1166     /**
1167 kumaneko 2915 * ccs_print_path_acl - Print a single path ACL entry.
1168 kumaneko 2863 *
1169     * @head: Pointer to "struct ccs_io_buffer".
1170 kumaneko 2915 * @ptr: Pointer to "struct ccs_path_acl".
1171 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1172     *
1173     * Returns true on success, false otherwise.
1174     */
1175 kumaneko 2915 static bool ccs_print_path_acl(struct ccs_io_buffer *head,
1176 kumaneko 2943 struct ccs_path_acl *ptr,
1177     const struct ccs_condition *cond)
1178 kumaneko 2863 {
1179     int pos;
1180     u8 bit;
1181     const u16 perm = ptr->perm;
1182 kumaneko 2915 for (bit = head->read_bit; bit < CCS_MAX_PATH_OPERATION; bit++) {
1183 kumaneko 2863 if (!(perm & (1 << bit)))
1184     continue;
1185 kumaneko 2915 if (head->read_execute_only && bit != CCS_TYPE_EXECUTE)
1186 kumaneko 2863 continue;
1187     /* Print "read/write" instead of "read" and "write". */
1188 kumaneko 2915 if ((bit == CCS_TYPE_READ || bit == CCS_TYPE_WRITE)
1189     && (perm & (1 << CCS_TYPE_READ_WRITE)))
1190 kumaneko 2863 continue;
1191     pos = head->read_avail;
1192 kumaneko 2916 if (!ccs_io_printf(head, "allow_%s", ccs_path2keyword(bit)) ||
1193 kumaneko 2888 !ccs_print_name_union(head, &ptr->name) ||
1194 kumaneko 2897 !ccs_print_condition(head, cond)) {
1195     head->read_bit = bit;
1196     head->read_avail = pos;
1197     return false;
1198     }
1199 kumaneko 2863 }
1200     head->read_bit = 0;
1201     return true;
1202     }
1203    
1204     /**
1205 kumaneko 2922 * ccs_print_path_number3_acl - Print a path_number3 ACL entry.
1206 kumaneko 2863 *
1207     * @head: Pointer to "struct ccs_io_buffer".
1208 kumaneko 2922 * @ptr: Pointer to "struct ccs_path_number3_acl".
1209 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1210     *
1211     * Returns true on success, false otherwise.
1212     */
1213 kumaneko 2922 static bool ccs_print_path_number3_acl(struct ccs_io_buffer *head,
1214 kumaneko 2943 struct ccs_path_number3_acl *ptr,
1215     const struct ccs_condition *cond)
1216 kumaneko 2863 {
1217     int pos;
1218     u8 bit;
1219     const u16 perm = ptr->perm;
1220 kumaneko 2922 for (bit = head->read_bit; bit < CCS_MAX_PATH_NUMBER3_OPERATION;
1221 kumaneko 2916 bit++) {
1222 kumaneko 2863 if (!(perm & (1 << bit)))
1223     continue;
1224     pos = head->read_avail;
1225 kumaneko 2916 if (!ccs_io_printf(head, "allow_%s",
1226 kumaneko 2922 ccs_path_number32keyword(bit)) ||
1227 kumaneko 2888 !ccs_print_name_union(head, &ptr->name) ||
1228 kumaneko 2922 !ccs_print_number_union(head, &ptr->mode) ||
1229 kumaneko 2888 !ccs_print_number_union(head, &ptr->major) ||
1230     !ccs_print_number_union(head, &ptr->minor) ||
1231 kumaneko 2897 !ccs_print_condition(head, cond)) {
1232     head->read_bit = bit;
1233     head->read_avail = pos;
1234     return false;
1235     }
1236 kumaneko 2863 }
1237     head->read_bit = 0;
1238     return true;
1239     }
1240    
1241     /**
1242 kumaneko 2948 * ccs_print_path2_acl - Print a path2 ACL entry.
1243 kumaneko 2863 *
1244     * @head: Pointer to "struct ccs_io_buffer".
1245 kumaneko 2922 * @ptr: Pointer to "struct ccs_path2_acl".
1246 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1247     *
1248     * Returns true on success, false otherwise.
1249     */
1250 kumaneko 2922 static bool ccs_print_path2_acl(struct ccs_io_buffer *head,
1251 kumaneko 2943 struct ccs_path2_acl *ptr,
1252     const struct ccs_condition *cond)
1253 kumaneko 2863 {
1254     int pos;
1255     u8 bit;
1256     const u8 perm = ptr->perm;
1257 kumaneko 2922 for (bit = head->read_bit; bit < CCS_MAX_PATH2_OPERATION; bit++) {
1258 kumaneko 2863 if (!(perm & (1 << bit)))
1259     continue;
1260     pos = head->read_avail;
1261 kumaneko 2916 if (!ccs_io_printf(head, "allow_%s",
1262 kumaneko 2922 ccs_path22keyword(bit)) ||
1263 kumaneko 2888 !ccs_print_name_union(head, &ptr->name1) ||
1264     !ccs_print_name_union(head, &ptr->name2) ||
1265 kumaneko 2897 !ccs_print_condition(head, cond)) {
1266     head->read_bit = bit;
1267     head->read_avail = pos;
1268     return false;
1269     }
1270 kumaneko 2863 }
1271     head->read_bit = 0;
1272     return true;
1273     }
1274    
1275     /**
1276 kumaneko 2948 * ccs_print_path_number_acl - Print a path_number ACL entry.
1277 kumaneko 2863 *
1278     * @head: Pointer to "struct ccs_io_buffer".
1279 kumaneko 2915 * @ptr: Pointer to "struct ccs_path_number_acl".
1280 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1281     *
1282     * Returns true on success, false otherwise.
1283     */
1284 kumaneko 2871 static bool ccs_print_path_number_acl(struct ccs_io_buffer *head,
1285 kumaneko 2915 struct ccs_path_number_acl *ptr,
1286 kumaneko 2871 const struct ccs_condition *cond)
1287 kumaneko 2863 {
1288 kumaneko 2871 int pos;
1289     u8 bit;
1290     const u8 perm = ptr->perm;
1291 kumaneko 2916 for (bit = head->read_bit; bit < CCS_MAX_PATH_NUMBER_OPERATION;
1292     bit++) {
1293 kumaneko 2871 if (!(perm & (1 << bit)))
1294     continue;
1295     pos = head->read_avail;
1296 kumaneko 2916 if (!ccs_io_printf(head, "allow_%s",
1297     ccs_path_number2keyword(bit)) ||
1298 kumaneko 2888 !ccs_print_name_union(head, &ptr->name) ||
1299     !ccs_print_number_union(head, &ptr->number) ||
1300 kumaneko 2897 !ccs_print_condition(head, cond)) {
1301     head->read_bit = bit;
1302     head->read_avail = pos;
1303     return false;
1304     }
1305 kumaneko 2871 }
1306     head->read_bit = 0;
1307 kumaneko 2863 return true;
1308     }
1309    
1310     /**
1311     * ccs_print_env_acl - Print an evironment variable name's ACL entry.
1312     *
1313     * @head: Pointer to "struct ccs_io_buffer".
1314 kumaneko 2915 * @ptr: Pointer to "struct ccs_env_acl".
1315 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1316     *
1317     * Returns true on success, false otherwise.
1318     */
1319     static bool ccs_print_env_acl(struct ccs_io_buffer *head,
1320 kumaneko 2915 struct ccs_env_acl *ptr,
1321 kumaneko 2863 const struct ccs_condition *cond)
1322     {
1323 kumaneko 2897 const int pos = head->read_avail;
1324     if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_ENV "%s", ptr->env->name) ||
1325     !ccs_print_condition(head, cond)) {
1326     head->read_avail = pos;
1327     return false;
1328     }
1329 kumaneko 2863 return true;
1330     }
1331    
1332     /**
1333     * ccs_print_capability_acl - Print a capability ACL entry.
1334     *
1335     * @head: Pointer to "struct ccs_io_buffer".
1336 kumaneko 2915 * @ptr: Pointer to "struct ccs_capability_acl".
1337 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1338     *
1339     * Returns true on success, false otherwise.
1340     */
1341     static bool ccs_print_capability_acl(struct ccs_io_buffer *head,
1342 kumaneko 2915 struct ccs_capability_acl *ptr,
1343 kumaneko 2863 const struct ccs_condition *cond)
1344     {
1345 kumaneko 2897 const int pos = head->read_avail;
1346 kumaneko 2892 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_CAPABILITY "%s",
1347 kumaneko 2897 ccs_cap2keyword(ptr->operation)) ||
1348     !ccs_print_condition(head, cond)) {
1349     head->read_avail = pos;
1350     return false;
1351     }
1352 kumaneko 2863 return true;
1353     }
1354    
1355     /**
1356     * ccs_print_ipv4_entry - Print IPv4 address of a network ACL entry.
1357     *
1358     * @head: Pointer to "struct ccs_io_buffer".
1359 kumaneko 2915 * @ptr: Pointer to "struct ccs_ip_network_acl".
1360 kumaneko 2863 *
1361     * Returns true on success, false otherwise.
1362     */
1363     static bool ccs_print_ipv4_entry(struct ccs_io_buffer *head,
1364 kumaneko 2915 struct ccs_ip_network_acl *ptr)
1365 kumaneko 2863 {
1366     const u32 min_address = ptr->address.ipv4.min;
1367     const u32 max_address = ptr->address.ipv4.max;
1368     if (!ccs_io_printf(head, "%u.%u.%u.%u", HIPQUAD(min_address)))
1369     return false;
1370     if (min_address != max_address
1371     && !ccs_io_printf(head, "-%u.%u.%u.%u", HIPQUAD(max_address)))
1372     return false;
1373     return true;
1374     }
1375    
1376     /**
1377     * ccs_print_ipv6_entry - Print IPv6 address of a network ACL entry.
1378     *
1379     * @head: Pointer to "struct ccs_io_buffer".
1380 kumaneko 2915 * @ptr: Pointer to "struct ccs_ip_network_acl".
1381 kumaneko 2863 *
1382     * Returns true on success, false otherwise.
1383     */
1384     static bool ccs_print_ipv6_entry(struct ccs_io_buffer *head,
1385 kumaneko 2915 struct ccs_ip_network_acl *ptr)
1386 kumaneko 2863 {
1387     char buf[64];
1388     const struct in6_addr *min_address = ptr->address.ipv6.min;
1389     const struct in6_addr *max_address = ptr->address.ipv6.max;
1390     ccs_print_ipv6(buf, sizeof(buf), min_address);
1391     if (!ccs_io_printf(head, "%s", buf))
1392     return false;
1393     if (min_address != max_address) {
1394     ccs_print_ipv6(buf, sizeof(buf), max_address);
1395     if (!ccs_io_printf(head, "-%s", buf))
1396     return false;
1397     }
1398     return true;
1399     }
1400    
1401     /**
1402     * ccs_print_network_acl - Print a network ACL entry.
1403     *
1404     * @head: Pointer to "struct ccs_io_buffer".
1405 kumaneko 2915 * @ptr: Pointer to "struct ccs_ip_network_acl".
1406 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1407     *
1408     * Returns true on success, false otherwise.
1409     */
1410     static bool ccs_print_network_acl(struct ccs_io_buffer *head,
1411 kumaneko 2915 struct ccs_ip_network_acl *ptr,
1412 kumaneko 2863 const struct ccs_condition *cond)
1413     {
1414 kumaneko 2916 int pos;
1415     u8 bit;
1416     const u16 perm = ptr->perm;
1417     for (bit = head->read_bit; bit < CCS_MAX_NETWORK_OPERATION; bit++) {
1418     if (!(perm & (1 << bit)))
1419     continue;
1420     pos = head->read_avail;
1421     if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_NETWORK "%s ",
1422     ccs_net2keyword(bit)))
1423 kumaneko 2863 goto out;
1424 kumaneko 2916 switch (ptr->address_type) {
1425     case CCS_IP_ADDRESS_TYPE_ADDRESS_GROUP:
1426     if (!ccs_io_printf(head, "@%s", ptr->address.group->
1427     group_name->name))
1428     goto out;
1429     break;
1430     case CCS_IP_ADDRESS_TYPE_IPv4:
1431     if (!ccs_print_ipv4_entry(head, ptr))
1432     goto out;
1433     break;
1434     case CCS_IP_ADDRESS_TYPE_IPv6:
1435     if (!ccs_print_ipv6_entry(head, ptr))
1436     goto out;
1437     break;
1438     }
1439     if (!ccs_print_number_union(head, &ptr->port) ||
1440     !ccs_print_condition(head, cond))
1441 kumaneko 2863 goto out;
1442     }
1443 kumaneko 2916 head->read_bit = 0;
1444 kumaneko 2863 return true;
1445     out:
1446 kumaneko 2916 head->read_bit = bit;
1447 kumaneko 2863 head->read_avail = pos;
1448     return false;
1449     }
1450    
1451     /**
1452     * ccs_print_signal_acl - Print a signal ACL entry.
1453     *
1454     * @head: Pointer to "struct ccs_io_buffer".
1455 kumaneko 2915 * @ptr: Pointer to "struct signale_acl".
1456 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1457     *
1458     * Returns true on success, false otherwise.
1459     */
1460     static bool ccs_print_signal_acl(struct ccs_io_buffer *head,
1461 kumaneko 2915 struct ccs_signal_acl *ptr,
1462 kumaneko 2863 const struct ccs_condition *cond)
1463     {
1464 kumaneko 2897 const int pos = head->read_avail;
1465 kumaneko 2892 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_SIGNAL "%u %s",
1466 kumaneko 2897 ptr->sig, ptr->domainname->name) ||
1467     !ccs_print_condition(head, cond)) {
1468     head->read_avail = pos;
1469     return false;
1470     }
1471 kumaneko 2863 return true;
1472     }
1473    
1474     /**
1475     * ccs_print_execute_handler_record - Print an execute handler ACL entry.
1476     *
1477     * @head: Pointer to "struct ccs_io_buffer".
1478     * @keyword: Name of the keyword.
1479     * @ptr: Pointer to "struct ccs_execute_handler_record".
1480     *
1481     * Returns true on success, false otherwise.
1482     */
1483     static bool ccs_print_execute_handler_record(struct ccs_io_buffer *head,
1484     const char *keyword,
1485     struct ccs_execute_handler_record *
1486     ptr)
1487     {
1488     return ccs_io_printf(head, "%s %s\n", keyword, ptr->handler->name);
1489     }
1490    
1491     /**
1492     * ccs_print_mount_acl - Print a mount ACL entry.
1493     *
1494     * @head: Pointer to "struct ccs_io_buffer".
1495 kumaneko 2915 * @ptr: Pointer to "struct ccs_mount_acl".
1496 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1497     *
1498     * Returns true on success, false otherwise.
1499     */
1500     static bool ccs_print_mount_acl(struct ccs_io_buffer *head,
1501 kumaneko 2915 struct ccs_mount_acl *ptr,
1502 kumaneko 2863 const struct ccs_condition *cond)
1503     {
1504 kumaneko 2897 const int pos = head->read_avail;
1505     if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_MOUNT) ||
1506     !ccs_print_name_union(head, &ptr->dev_name) ||
1507     !ccs_print_name_union(head, &ptr->dir_name) ||
1508     !ccs_print_name_union(head, &ptr->fs_type) ||
1509     !ccs_print_number_union(head, &ptr->flags) ||
1510     !ccs_print_condition(head, cond)) {
1511     head->read_avail = pos;
1512     return false;
1513     }
1514 kumaneko 2863 return true;
1515     }
1516    
1517     /**
1518     * ccs_print_umount_acl - Print a mount ACL entry.
1519     *
1520     * @head: Pointer to "struct ccs_io_buffer".
1521 kumaneko 2915 * @ptr: Pointer to "struct ccs_umount_acl".
1522 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1523     *
1524     * Returns true on success, false otherwise.
1525     */
1526     static bool ccs_print_umount_acl(struct ccs_io_buffer *head,
1527 kumaneko 2915 struct ccs_umount_acl *ptr,
1528 kumaneko 2863 const struct ccs_condition *cond)
1529     {
1530 kumaneko 2897 const int pos = head->read_avail;
1531     if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_UNMOUNT) ||
1532     !ccs_print_name_union(head, &ptr->dir) ||
1533     !ccs_print_condition(head, cond)) {
1534     head->read_avail = pos;
1535     return false;
1536     }
1537 kumaneko 2863 return true;
1538     }
1539    
1540     /**
1541     * ccs_print_chroot_acl - Print a chroot ACL entry.
1542     *
1543     * @head: Pointer to "struct ccs_io_buffer".
1544 kumaneko 2915 * @ptr: Pointer to "struct ccs_chroot_acl".
1545 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1546     *
1547     * Returns true on success, false otherwise.
1548     */
1549     static bool ccs_print_chroot_acl(struct ccs_io_buffer *head,
1550 kumaneko 2915 struct ccs_chroot_acl *ptr,
1551 kumaneko 2863 const struct ccs_condition *cond)
1552     {
1553 kumaneko 2897 const int pos = head->read_avail;
1554     if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_CHROOT) ||
1555     !ccs_print_name_union(head, &ptr->dir) ||
1556     !ccs_print_condition(head, cond)) {
1557     head->read_avail = pos;
1558     return false;
1559     }
1560 kumaneko 2863 return true;
1561     }
1562    
1563     /**
1564     * ccs_print_pivot_root_acl - Print a pivot_root ACL entry.
1565     *
1566     * @head: Pointer to "struct ccs_io_buffer".
1567 kumaneko 2915 * @ptr: Pointer to "struct ccs_pivot_root_acl".
1568 kumaneko 2863 * @cond: Pointer to "struct ccs_condition". May be NULL.
1569     *
1570     * Returns true on success, false otherwise.
1571     */
1572     static bool ccs_print_pivot_root_acl(struct ccs_io_buffer *head,
1573 kumaneko 2915 struct ccs_pivot_root_acl *ptr,
1574 kumaneko 2863 const struct ccs_condition *cond)
1575     {
1576 kumaneko 2897 const int pos = head->read_avail;
1577     if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_PIVOT_ROOT) ||
1578     !ccs_print_name_union(head, &ptr->new_root) ||
1579     !ccs_print_name_union(head, &ptr->old_root) ||
1580     !ccs_print_condition(head, cond)) {
1581     head->read_avail = pos;
1582     return false;
1583     }
1584 kumaneko 2863 return true;
1585     }
1586    
1587     /**
1588     * ccs_print_entry - Print an ACL entry.
1589     *
1590     * @head: Pointer to "struct ccs_io_buffer".
1591     * @ptr: Pointer to an ACL entry.
1592     *
1593     * Returns true on success, false otherwise.
1594     */
1595     static bool ccs_print_entry(struct ccs_io_buffer *head,
1596     struct ccs_acl_info *ptr)
1597     {
1598     const struct ccs_condition *cond = ptr->cond;
1599 kumaneko 2900 const u8 acl_type = ptr->type;
1600     if (ptr->is_deleted)
1601 kumaneko 2863 return true;
1602 kumaneko 2915 if (acl_type == CCS_TYPE_PATH_ACL) {
1603     struct ccs_path_acl *acl
1604     = container_of(ptr, struct ccs_path_acl,
1605 kumaneko 2863 head);
1606 kumaneko 2915 return ccs_print_path_acl(head, acl, cond);
1607 kumaneko 2863 }
1608 kumaneko 2892 if (acl_type == CCS_TYPE_EXECUTE_HANDLER) {
1609 kumaneko 2863 struct ccs_execute_handler_record *acl
1610     = container_of(ptr, struct ccs_execute_handler_record,
1611     head);
1612 kumaneko 2892 const char *keyword = CCS_KEYWORD_EXECUTE_HANDLER;
1613 kumaneko 2863 return ccs_print_execute_handler_record(head, keyword, acl);
1614     }
1615 kumaneko 2892 if (acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) {
1616 kumaneko 2863 struct ccs_execute_handler_record *acl
1617     = container_of(ptr, struct ccs_execute_handler_record,
1618     head);
1619 kumaneko 2892 const char *keyword = CCS_KEYWORD_DENIED_EXECUTE_HANDLER;
1620 kumaneko 2863 return ccs_print_execute_handler_record(head, keyword, acl);
1621     }
1622     if (head->read_execute_only)
1623     return true;
1624 kumaneko 2922 if (acl_type == CCS_TYPE_PATH_NUMBER3_ACL) {
1625     struct ccs_path_number3_acl *acl
1626     = container_of(ptr, struct ccs_path_number3_acl, head);
1627     return ccs_print_path_number3_acl(head, acl, cond);
1628 kumaneko 2863 }
1629 kumaneko 2922 if (acl_type == CCS_TYPE_PATH2_ACL) {
1630     struct ccs_path2_acl *acl
1631     = container_of(ptr, struct ccs_path2_acl,
1632 kumaneko 2863 head);
1633 kumaneko 2922 return ccs_print_path2_acl(head, acl, cond);
1634 kumaneko 2863 }
1635 kumaneko 2892 if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) {
1636 kumaneko 2915 struct ccs_path_number_acl *acl
1637     = container_of(ptr, struct ccs_path_number_acl,
1638 kumaneko 2871 head);
1639     return ccs_print_path_number_acl(head, acl, cond);
1640 kumaneko 2863 }
1641 kumaneko 2892 if (acl_type == CCS_TYPE_ENV_ACL) {
1642 kumaneko 2915 struct ccs_env_acl *acl
1643     = container_of(ptr, struct ccs_env_acl, head);
1644 kumaneko 2863 return ccs_print_env_acl(head, acl, cond);
1645     }
1646 kumaneko 2892 if (acl_type == CCS_TYPE_CAPABILITY_ACL) {
1647 kumaneko 2915 struct ccs_capability_acl *acl
1648     = container_of(ptr, struct ccs_capability_acl,
1649 kumaneko 2863 head);
1650     return ccs_print_capability_acl(head, acl, cond);
1651     }
1652 kumaneko 2892 if (acl_type == CCS_TYPE_IP_NETWORK_ACL) {
1653 kumaneko 2915 struct ccs_ip_network_acl *acl
1654     = container_of(ptr, struct ccs_ip_network_acl,
1655 kumaneko 2863 head);
1656     return ccs_print_network_acl(head, acl, cond);
1657     }
1658 kumaneko 2892 if (acl_type == CCS_TYPE_SIGNAL_ACL) {
1659 kumaneko 2915 struct ccs_signal_acl *acl
1660     = container_of(ptr, struct ccs_signal_acl, head);
1661 kumaneko 2863 return ccs_print_signal_acl(head, acl, cond);
1662     }
1663 kumaneko 2892 if (acl_type == CCS_TYPE_MOUNT_ACL) {
1664 kumaneko 2915 struct ccs_mount_acl *acl
1665     = container_of(ptr, struct ccs_mount_acl, head);
1666 kumaneko 2863 return ccs_print_mount_acl(head, acl, cond);
1667     }
1668 kumaneko 2892 if (acl_type == CCS_TYPE_UMOUNT_ACL) {
1669 kumaneko 2915 struct ccs_umount_acl *acl
1670     = container_of(ptr, struct ccs_umount_acl, head);
1671 kumaneko 2863 return ccs_print_umount_acl(head, acl, cond);
1672     }
1673 kumaneko 2892 if (acl_type == CCS_TYPE_CHROOT_ACL) {
1674 kumaneko 2915 struct ccs_chroot_acl *acl
1675     = container_of(ptr, struct ccs_chroot_acl, head);
1676 kumaneko 2863 return ccs_print_chroot_acl(head, acl, cond);
1677     }
1678 kumaneko 2892 if (acl_type == CCS_TYPE_PIVOT_ROOT_ACL) {
1679 kumaneko 2915 struct ccs_pivot_root_acl *acl
1680     = container_of(ptr, struct ccs_pivot_root_acl,
1681 kumaneko 2863 head);
1682     return ccs_print_pivot_root_acl(head, acl, cond);
1683     }
1684     BUG(); /* This must not happen. */
1685     return false;
1686     }
1687    
1688     /**
1689     * ccs_read_domain_policy - Read domain policy.
1690     *
1691     * @head: Pointer to "struct ccs_io_buffer".
1692     *
1693     * Caller holds ccs_read_lock().
1694     */
1695 kumaneko 2943 static void ccs_read_domain_policy(struct ccs_io_buffer *head)
1696 kumaneko 2863 {
1697     struct list_head *dpos;
1698     struct list_head *apos;
1699     if (head->read_eof)
1700 kumaneko 2943 return;
1701 kumaneko 2863 if (head->read_step == 0)
1702     head->read_step = 1;
1703     list_for_each_cookie(dpos, head->read_var1, &ccs_domain_list) {
1704     struct ccs_domain_info *domain;
1705     const char *quota_exceeded = "";
1706     const char *transition_failed = "";
1707     const char *ignore_global_allow_read = "";
1708     const char *ignore_global_allow_env = "";
1709     domain = list_entry(dpos, struct ccs_domain_info, list);
1710     if (head->read_step != 1)
1711     goto acl_loop;
1712     if (domain->is_deleted && !head->read_single_domain)
1713     continue;
1714     /* Print domainname and flags. */
1715     if (domain->quota_warned)
1716     quota_exceeded = "quota_exceeded\n";
1717     if (domain->domain_transition_failed)
1718     transition_failed = "transition_failed\n";
1719     if (domain->ignore_global_allow_read)
1720     ignore_global_allow_read
1721 kumaneko 2892 = CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n";
1722 kumaneko 2863 if (domain->ignore_global_allow_env)
1723     ignore_global_allow_env
1724 kumaneko 2892 = CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "\n";
1725     if (!ccs_io_printf(head, "%s\n" CCS_KEYWORD_USE_PROFILE "%u\n"
1726 kumaneko 2863 "%s%s%s%s\n", domain->domainname->name,
1727     domain->profile, quota_exceeded,
1728     transition_failed,
1729     ignore_global_allow_read,
1730     ignore_global_allow_env))
1731 kumaneko 2943 return;
1732 kumaneko 2863 head->read_step = 2;
1733     acl_loop:
1734     if (head->read_step == 3)
1735     goto tail_mark;
1736     /* Print ACL entries in the domain. */
1737     list_for_each_cookie(apos, head->read_var2,
1738     &domain->acl_info_list) {
1739     struct ccs_acl_info *ptr
1740     = list_entry(apos, struct ccs_acl_info, list);
1741     if (!ccs_print_entry(head, ptr))
1742 kumaneko 2943 return;
1743 kumaneko 2863 }
1744     head->read_step = 3;
1745     tail_mark:
1746     if (!ccs_io_printf(head, "\n"))
1747 kumaneko 2943 return;
1748 kumaneko 2863 head->read_step = 1;
1749     if (head->read_single_domain)
1750     break;
1751     }
1752     head->read_eof = true;
1753     }
1754    
1755     /**
1756     * ccs_write_domain_profile - Assign profile for specified domain.
1757     *
1758     * @head: Pointer to "struct ccs_io_buffer".
1759     *
1760     * Returns 0 on success, -EINVAL otherwise.
1761     *
1762     * This is equivalent to doing
1763     *
1764     * ( echo "select " $domainname; echo "use_profile " $profile ) |
1765 kumaneko 2948 * /usr/sbin/ccs-loadpolicy -d
1766 kumaneko 2863 *
1767     * Caller holds ccs_read_lock().
1768     */
1769     static int ccs_write_domain_profile(struct ccs_io_buffer *head)
1770     {
1771     char *data = head->write_buf;
1772     char *cp = strchr(data, ' ');
1773     struct ccs_domain_info *domain;
1774     unsigned int profile;
1775     if (!cp)
1776     return -EINVAL;
1777     *cp = '\0';
1778     profile = simple_strtoul(data, NULL, 10);
1779 kumaneko 2892 if (profile >= CCS_MAX_PROFILES)
1780 kumaneko 2863 return -EINVAL;
1781     domain = ccs_find_domain(cp + 1);
1782 kumaneko 2958 if (domain && ccs_profile(profile))
1783 kumaneko 2863 domain->profile = (u8) profile;
1784     return 0;
1785     }
1786    
1787     /**
1788     * ccs_read_domain_profile - Read only domainname and profile.
1789     *
1790     * @head: Pointer to "struct ccs_io_buffer".
1791     *
1792     * This is equivalent to doing
1793     *
1794     * grep -A 1 '^<kernel>' /proc/ccs/domain_policy |
1795     * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1796     * domainname = $0; } else if ( $1 == "use_profile" ) {
1797     * print $2 " " domainname; domainname = ""; } } ; '
1798     *
1799     * Caller holds ccs_read_lock().
1800     */
1801 kumaneko 2943 static void ccs_read_domain_profile(struct ccs_io_buffer *head)
1802 kumaneko 2863 {
1803     struct list_head *pos;
1804     if (head->read_eof)
1805 kumaneko 2943 return;
1806 kumaneko 2863 list_for_each_cookie(pos, head->read_var1, &ccs_domain_list) {
1807     struct ccs_domain_info *domain;
1808     domain = list_entry(pos, struct ccs_domain_info, list);
1809     if (domain->is_deleted)
1810     continue;
1811     if (!ccs_io_printf(head, "%u %s\n", domain->profile,
1812     domain->domainname->name))
1813 kumaneko 2943 return;
1814 kumaneko 2863 }
1815     head->read_eof = true;
1816     }
1817    
1818     /**
1819     * ccs_write_pid: Specify PID to obtain domainname.
1820     *
1821     * @head: Pointer to "struct ccs_io_buffer".
1822     *
1823     * Returns 0.
1824     */
1825     static int ccs_write_pid(struct ccs_io_buffer *head)
1826     {
1827     head->read_eof = false;
1828     return 0;
1829     }
1830    
1831     /**
1832     * ccs_read_pid - Read information of a process.
1833     *
1834     * @head: Pointer to "struct ccs_io_buffer".
1835     *
1836     * Returns the domainname which the specified PID is in or
1837     * process information of the specified PID on success,
1838     * empty string otherwise.
1839     *
1840     * Caller holds ccs_read_lock().
1841     */
1842 kumaneko 2943 static void ccs_read_pid(struct ccs_io_buffer *head)
1843 kumaneko 2863 {
1844     char *buf = head->write_buf;
1845     bool task_info = false;
1846 kumaneko 2970 bool global_pid = false;
1847 kumaneko 2863 unsigned int pid;
1848     struct task_struct *p;
1849     struct ccs_domain_info *domain = NULL;
1850     u32 ccs_flags = 0;
1851     /* Accessing write_buf is safe because head->io_sem is held. */
1852     if (!buf)
1853 kumaneko 2943 return; /* Do nothing if open(O_RDONLY). */
1854 kumaneko 2863 if (head->read_avail || head->read_eof)
1855 kumaneko 2943 return;
1856 kumaneko 2863 head->read_eof = true;
1857     if (ccs_str_starts(&buf, "info "))
1858     task_info = true;
1859 kumaneko 2970 if (ccs_str_starts(&buf, "global-pid "))
1860     global_pid = true;
1861 kumaneko 2863 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1862     read_lock(&tasklist_lock);
1863 kumaneko 2970 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
1864     if (global_pid)
1865     p = find_task_by_pid_ns(pid, &init_pid_ns);
1866     else
1867     p = find_task_by_vpid(pid);
1868     #else
1869 kumaneko 2863 p = find_task_by_pid(pid);
1870 kumaneko 2970 #endif
1871 kumaneko 2863 if (p) {
1872     domain = ccs_task_domain(p);
1873     ccs_flags = p->ccs_flags;
1874     }
1875     read_unlock(&tasklist_lock);
1876     if (!domain)
1877 kumaneko 2943 return;
1878 kumaneko 2863 if (!task_info)
1879     ccs_io_printf(head, "%u %u %s", pid, domain->profile,
1880     domain->domainname->name);
1881     else
1882     ccs_io_printf(head, "%u manager=%s execute_handler=%s "
1883     "state[0]=%u state[1]=%u state[2]=%u", pid,
1884 kumaneko 2958 ccs_yesno(ccs_flags &
1885     CCS_TASK_IS_POLICY_MANAGER),
1886     ccs_yesno(ccs_flags &
1887     CCS_TASK_IS_EXECUTE_HANDLER),
1888 kumaneko 2863 (u8) (ccs_flags >> 24),
1889     (u8) (ccs_flags >> 16),
1890     (u8) (ccs_flags >> 8));
1891     }
1892    
1893     /**
1894     * ccs_write_exception_policy - Write exception policy.
1895     *
1896     * @head: Pointer to "struct ccs_io_buffer".
1897     *
1898     * Returns 0 on success, negative value otherwise.
1899     */
1900     static int ccs_write_exception_policy(struct ccs_io_buffer *head)
1901     {
1902     char *data = head->write_buf;
1903 kumaneko 2892 bool is_delete = ccs_str_starts(&data, CCS_KEYWORD_DELETE);
1904     if (ccs_str_starts(&data, CCS_KEYWORD_KEEP_DOMAIN))
1905 kumaneko 2863 return ccs_write_domain_keeper_policy(data, false, is_delete);
1906 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_NO_KEEP_DOMAIN))
1907 kumaneko 2863 return ccs_write_domain_keeper_policy(data, true, is_delete);
1908 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_INITIALIZE_DOMAIN))
1909 kumaneko 2863 return ccs_write_domain_initializer_policy(data, false,
1910     is_delete);
1911 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_NO_INITIALIZE_DOMAIN))
1912 kumaneko 2863 return ccs_write_domain_initializer_policy(data, true,
1913     is_delete);
1914 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_AGGREGATOR))
1915 kumaneko 2863 return ccs_write_aggregator_policy(data, is_delete);
1916 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_READ))
1917 kumaneko 2863 return ccs_write_globally_readable_policy(data, is_delete);
1918 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV))
1919 kumaneko 2863 return ccs_write_globally_usable_env_policy(data, is_delete);
1920 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_FILE_PATTERN))
1921 kumaneko 2863 return ccs_write_pattern_policy(data, is_delete);
1922 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_PATH_GROUP))
1923 kumaneko 2863 return ccs_write_path_group_policy(data, is_delete);
1924 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_NUMBER_GROUP))
1925 kumaneko 2863 return ccs_write_number_group_policy(data, is_delete);
1926 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_DENY_REWRITE))
1927 kumaneko 2863 return ccs_write_no_rewrite_policy(data, is_delete);
1928 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_ADDRESS_GROUP))
1929 kumaneko 2863 return ccs_write_address_group_policy(data, is_delete);
1930 kumaneko 2892 if (ccs_str_starts(&data, CCS_KEYWORD_DENY_AUTOBIND))
1931 kumaneko 2863 return ccs_write_reserved_port_policy(data, is_delete);
1932     return -EINVAL;
1933     }
1934    
1935     /**
1936     * ccs_read_exception_policy - Read exception policy.
1937     *
1938     * @head: Pointer to "struct ccs_io_buffer".
1939     *
1940     * Caller holds ccs_read_lock().
1941     */
1942 kumaneko 2943 static void ccs_read_exception_policy(struct ccs_io_buffer *head)
1943 kumaneko 2863 {
1944 kumaneko 2943 if (head->read_eof)
1945     return;
1946     switch (head->read_step) {
1947     case 0:
1948     head->read_var2 = NULL;
1949     head->read_step = 1;
1950     case 1:
1951     if (!ccs_read_domain_keeper_policy(head))
1952 kumaneko 2863 break;
1953 kumaneko 2943 head->read_var2 = NULL;
1954     head->read_step = 2;
1955     case 2:
1956     if (!ccs_read_globally_readable_policy(head))
1957     break;
1958     head->read_var2 = NULL;
1959     head->read_step = 3;
1960     case 3:
1961     if (!ccs_read_globally_usable_env_policy(head))
1962     break;
1963     head->read_var2 = NULL;
1964     head->read_step = 4;
1965     case 4:
1966     if (!ccs_read_domain_initializer_policy(head))
1967     break;
1968     head->read_var2 = NULL;
1969     head->read_step = 6;
1970     case 6:
1971     if (!ccs_read_aggregator_policy(head))
1972     break;
1973     head->read_var2 = NULL;
1974     head->read_step = 7;
1975     case 7:
1976     if (!ccs_read_file_pattern(head))
1977     break;
1978     head->read_var2 = NULL;
1979     head->read_step = 8;
1980     case 8:
1981     if (!ccs_read_no_rewrite_policy(head))
1982     break;
1983     head->read_var2 = NULL;
1984     head->read_step = 9;
1985     case 9:
1986     if (!ccs_read_path_group_policy(head))
1987     break;
1988     head->read_var1 = NULL;
1989     head->read_var2 = NULL;
1990     head->read_step = 10;
1991     case 10:
1992     if (!ccs_read_number_group_policy(head))
1993     break;
1994     head->read_var1 = NULL;
1995     head->read_var2 = NULL;
1996     head->read_step = 11;
1997     case 11:
1998     if (!ccs_read_address_group_policy(head))
1999     break;
2000     head->read_var2 = NULL;
2001     head->read_step = 12;
2002     case 12:
2003     if (!ccs_read_reserved_port_policy(head))
2004     break;
2005     head->read_eof = true;
2006 kumaneko 2863 }
2007     }
2008    
2009 kumaneko 2897 /**
2010     * ccs_get_argv0 - Get argv[0].
2011     *
2012     * @ee: Pointer to "struct ccs_execve_entry".
2013     *
2014     * Returns true on success, false otherwise.
2015     */
2016     static bool ccs_get_argv0(struct ccs_execve_entry *ee)
2017     {
2018     struct linux_binprm *bprm = ee->bprm;
2019     char *arg_ptr = ee->tmp;
2020     int arg_len = 0;
2021     unsigned long pos = bprm->p;
2022     int offset = pos % PAGE_SIZE;
2023     bool done = false;
2024     if (!bprm->argc)
2025     goto out;
2026     while (1) {
2027     if (!ccs_dump_page(bprm, pos, &ee->dump))
2028     goto out;
2029     pos += PAGE_SIZE - offset;
2030     /* Read. */
2031     while (offset < PAGE_SIZE) {
2032     const char *kaddr = ee->dump.data;
2033     const unsigned char c = kaddr[offset++];
2034 kumaneko 2932 if (c && arg_len < CCS_EXEC_TMPSIZE - 10) {
2035 kumaneko 2897 if (c == '\\') {
2036     arg_ptr[arg_len++] = '\\';
2037     arg_ptr[arg_len++] = '\\';
2038     } else if (c > ' ' && c < 127) {
2039     arg_ptr[arg_len++] = c;
2040     } else {
2041     arg_ptr[arg_len++] = '\\';
2042     arg_ptr[arg_len++] = (c >> 6) + '0';
2043     arg_ptr[arg_len++]
2044     = ((c >> 3) & 7) + '0';
2045     arg_ptr[arg_len++] = (c & 7) + '0';
2046     }
2047     } else {
2048     arg_ptr[arg_len] = '\0';
2049     done = true;
2050     break;
2051     }
2052     }
2053     offset = 0;
2054     if (done)
2055     break;
2056     }
2057     return true;
2058     out:
2059     return false;
2060     }
2061    
2062 kumaneko 2948 /**
2063     * ccs_get_execute_condition - Get condition part for execute requests.
2064     *
2065     * @ee: Pointer to "struct ccs_execve_entry".
2066     *
2067     * Returns pointer to "struct ccs_condition" on success, NULL otherwise.
2068     */
2069 kumaneko 2897 static struct ccs_condition *ccs_get_execute_condition(struct ccs_execve_entry
2070     *ee)
2071     {
2072     struct ccs_condition *cond;
2073     char *buf;
2074     int len = 256;
2075     char *realpath = NULL;
2076     char *argv0 = NULL;
2077 kumaneko 2958 const struct ccs_profile *profile = ccs_profile(ee->r.domain->profile);
2078 kumaneko 2962 if (profile->learning->learning_exec_realpath) {
2079 kumaneko 2897 struct file *file = ee->bprm->file;
2080 kumaneko 2911 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 20)
2081     struct path path = { file->f_vfsmnt, file->f_dentry };
2082     realpath = ccs_realpath_from_path(&path);
2083     #else
2084     realpath = ccs_realpath_from_path(&file->f_path);
2085     #endif
2086 kumaneko 2897 if (realpath)
2087     len += strlen(realpath) + 17;
2088     }
2089 kumaneko 2962 if (profile->learning->learning_exec_argv0) {
2090 kumaneko 2897 if (ccs_get_argv0(ee)) {
2091     argv0 = ee->tmp;
2092     len += strlen(argv0) + 16;
2093     }
2094     }
2095     buf = kmalloc(len, GFP_KERNEL);
2096 kumaneko 2958 if (!buf) {
2097     kfree(realpath);
2098 kumaneko 2897 return NULL;
2099 kumaneko 2958 }
2100 kumaneko 2897 snprintf(buf, len - 1, "if");
2101     if (current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER) {
2102     const int pos = strlen(buf);
2103     snprintf(buf + pos, len - pos - 1,
2104     " task.type=execute_handler");
2105     }
2106     if (realpath) {
2107     const int pos = strlen(buf);
2108     snprintf(buf + pos, len - pos - 1, " exec.realpath=\"%s\"",
2109     realpath);
2110     kfree(realpath);
2111     }
2112     if (argv0) {
2113     const int pos = strlen(buf);
2114     snprintf(buf + pos, len - pos - 1, " exec.argv[0]=\"%s\"",
2115     argv0);
2116     }
2117     cond = ccs_get_condition(buf);
2118     kfree(buf);
2119     return cond;
2120     }
2121    
2122 kumaneko 2961 /**
2123     * ccs_get_symlink_condition - Get condition part for symlink requests.
2124     *
2125     * @r: Pointer to "struct ccs_request_info".
2126     *
2127     * Returns pointer to "struct ccs_condition" on success, NULL otherwise.
2128     */
2129     static struct ccs_condition *ccs_get_symlink_condition(struct ccs_request_info
2130     *r)
2131     {
2132     struct ccs_condition *cond;
2133     char *buf;
2134     int len = 256;
2135     const char *symlink = NULL;
2136     const struct ccs_profile *profile = ccs_profile(r->profile);
2137 kumaneko 2962 if (profile->learning->learning_symlink_target) {
2138 kumaneko 2961 symlink = r->obj->symlink_target->name;
2139     len += strlen(symlink) + 18;
2140     }
2141     buf = kmalloc(len, GFP_KERNEL);
2142     if (!buf)
2143     return NULL;
2144     snprintf(buf, len - 1, "if");
2145     if (current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER) {
2146     const int pos = strlen(buf);
2147     snprintf(buf + pos, len - pos - 1,
2148     " task.type=execute_handler");
2149     }
2150     if (symlink) {
2151     const int pos = strlen(buf);
2152     snprintf(buf + pos, len - pos - 1, " symlink.target=\"%s\"",
2153     symlink);
2154     }
2155     cond = ccs_get_condition(buf);
2156     kfree(buf);
2157     return cond;
2158     }
2159    
2160 kumaneko 2863 /* Wait queue for ccs_query_list. */
2161     static DECLARE_WAIT_QUEUE_HEAD(ccs_query_wait);
2162    
2163     /* Lock for manipulating ccs_query_list. */
2164     static DEFINE_SPINLOCK(ccs_query_list_lock);
2165    
2166     /* Structure for query. */
2167     struct ccs_query_entry {
2168     struct list_head list;
2169     char *query;
2170     int query_len;
2171     unsigned int serial;
2172     int timer;
2173     int answer;
2174     };
2175    
2176     /* The list for "struct ccs_query_entry". */
2177     static LIST_HEAD(ccs_query_list);
2178    
2179     /* Number of "struct file" referring /proc/ccs/query interface. */
2180     static atomic_t ccs_query_observers = ATOMIC_INIT(0);
2181    
2182     /**
2183 kumaneko 2922 * ccs_supervisor - Ask for the supervisor's decision.
2184 kumaneko 2863 *
2185     * @r: Pointer to "struct ccs_request_info".
2186     * @fmt: The printf()'s format string, followed by parameters.
2187     *
2188     * Returns 0 if the supervisor decided to permit the access request which
2189     * violated the policy in enforcing mode, 1 if the supervisor decided to
2190     * retry the access request which violated the policy in enforcing mode,
2191 kumaneko 2897 * 0 if it is not in enforcing mode, -EPERM otherwise.
2192 kumaneko 2863 */
2193 kumaneko 2922 int ccs_supervisor(struct ccs_request_info *r, const char *fmt, ...)
2194 kumaneko 2863 {
2195     va_list args;
2196     int error = -EPERM;
2197     int pos;
2198     int len;
2199     static unsigned int ccs_serial;
2200     struct ccs_query_entry *ccs_query_entry = NULL;
2201     bool quota_exceeded = false;
2202     char *header;
2203     if (!r->domain)
2204     r->domain = ccs_current_domain();
2205 kumaneko 2897 switch (r->mode) {
2206     char *buffer;
2207     struct ccs_condition *cond;
2208 kumaneko 2958 case CCS_CONFIG_LEARNING:
2209 kumaneko 2897 if (!ccs_domain_quota_ok(r))
2210     return 0;
2211     va_start(args, fmt);
2212     len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4;
2213     va_end(args);
2214     buffer = kmalloc(len, GFP_KERNEL);
2215     if (!buffer)
2216     return 0;
2217     va_start(args, fmt);
2218     vsnprintf(buffer, len - 1, fmt, args);
2219     va_end(args);
2220     ccs_normalize_line(buffer);
2221     if (r->ee && !strncmp(buffer, "allow_execute ", 14))
2222     cond = ccs_get_execute_condition(r->ee);
2223 kumaneko 2961 else if (r->obj && r->obj->symlink_target)
2224     cond = ccs_get_symlink_condition(r);
2225 kumaneko 2897 else if ((current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER)) {
2226     char str[] = "if task.type=execute_handler";
2227     cond = ccs_get_condition(str);
2228     } else
2229     cond = NULL;
2230     ccs_write_domain_policy2(buffer, r->domain, cond, false);
2231     ccs_put_condition(cond);
2232     kfree(buffer);
2233     /* fall through */
2234 kumaneko 2958 case CCS_CONFIG_PERMISSIVE:
2235 kumaneko 2897 return 0;
2236     }
2237 kumaneko 2863 if (!atomic_read(&ccs_query_observers)) {
2238     int i;
2239     if (current->ccs_flags & CCS_DONT_SLEEP_ON_ENFORCE_ERROR)
2240     return -EPERM;
2241 kumaneko 2962 for (i = 0; i < ccs_profile(r->domain->profile)->enforcing->
2242 kumaneko 2958 enforcing_penalty; i++) {
2243 kumaneko 2863 set_current_state(TASK_INTERRUPTIBLE);
2244     schedule_timeout(HZ / 10);
2245     }
2246     return -EPERM;
2247     }
2248     va_start(args, fmt);
2249     len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
2250     va_end(args);
2251     header = ccs_init_audit_log(&len, r);
2252     if (!header)
2253     goto out;
2254     ccs_query_entry = kzalloc(sizeof(*ccs_query_entry), GFP_KERNEL);
2255     if (!ccs_query_entry)
2256     goto out;
2257 kumaneko 2900 len = ccs_round2(len);
2258 kumaneko 2863 ccs_query_entry->query = kzalloc(len, GFP_KERNEL);
2259     if (!ccs_query_entry->query)
2260     goto out;
2261     INIT_LIST_HEAD(&ccs_query_entry->list);
2262     spin_lock(&ccs_query_list_lock);
2263     if (ccs_quota_for_query && ccs_query_memory_size + len +
2264     sizeof(*ccs_query_entry) >= ccs_quota_for_query) {
2265     quota_exceeded = true;
2266     } else {
2267     ccs_query_memory_size += len + sizeof(*ccs_query_entry);
2268     ccs_query_entry->serial = ccs_serial++;
2269     }
2270     spin_unlock(&ccs_query_list_lock);
2271     if (quota_exceeded)
2272     goto out;
2273     pos = snprintf(ccs_query_entry->query, len - 1, "Q%u-%hu\n%s",
2274     ccs_query_entry->serial, r->retry, header);
2275     kfree(header);
2276     header = NULL;
2277     va_start(args, fmt);
2278     vsnprintf(ccs_query_entry->query + pos, len - 1 - pos, fmt, args);
2279     ccs_query_entry->query_len = strlen(ccs_query_entry->query) + 1;
2280     va_end(args);
2281     spin_lock(&ccs_query_list_lock);
2282     list_add_tail(&ccs_query_entry->list, &ccs_query_list);
2283     spin_unlock(&ccs_query_list_lock);
2284     /* Give 10 seconds for supervisor's opinion. */
2285     for (ccs_query_entry->timer = 0;
2286     atomic_read(&ccs_query_observers) && ccs_query_entry->timer < 100;
2287     ccs_query_entry->timer++) {
2288     wake_up(&ccs_query_wait);
2289     set_current_state(TASK_INTERRUPTIBLE);
2290     schedule_timeout(HZ / 10);
2291     if (ccs_query_entry->answer)
2292     break;
2293     }
2294     spin_lock(&ccs_query_list_lock);
2295     list_del(&ccs_query_entry->list);
2296     ccs_query_memory_size -= len + sizeof(*ccs_query_entry);
2297     spin_unlock(&ccs_query_list_lock);
2298     switch (ccs_query_entry->answer) {
2299     case 3: /* Asked to retry by administrator. */
2300     error = 1;
2301     r->retry++;
2302     break;
2303     case 1:
2304     /* Granted by administrator. */
2305     error = 0;
2306     break;
2307     case 0:
2308     /* Timed out. */
2309     break;
2310     default:
2311     /* Rejected by administrator. */
2312     break;
2313     }
2314     out:
2315     if (ccs_query_entry)
2316     kfree(ccs_query_entry->query);
2317     kfree(ccs_query_entry);
2318     kfree(header);
2319     return error;
2320     }
2321    
2322     /**
2323     * ccs_poll_query - poll() for /proc/ccs/query.
2324     *
2325     * @file: Pointer to "struct file".
2326     * @wait: Pointer to "poll_table".
2327     *
2328     * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
2329     *
2330     * Waits for access requests which violated policy in enforcing mode.
2331     */
2332     static int ccs_poll_query(struct file *file, poll_table *wait)
2333     {
2334     struct list_head *tmp;
2335     bool found = false;
2336     u8 i;
2337     for (i = 0; i < 2; i++) {
2338     spin_lock(&ccs_query_list_lock);
2339     list_for_each(tmp, &ccs_query_list) {
2340     struct ccs_query_entry *ptr
2341     = list_entry(tmp, struct ccs_query_entry, list);
2342     if (ptr->answer)
2343     continue;
2344     found = true;
2345     break;
2346     }
2347     spin_unlock(&ccs_query_list_lock);
2348     if (found)
2349     return POLLIN | POLLRDNORM;
2350     if (i)
2351     break;
2352     poll_wait(file, &ccs_query_wait, wait);
2353     }
2354     return 0;
2355     }
2356    
2357     /**
2358     * ccs_read_query - Read access requests which violated policy in enforcing mode.
2359     *
2360     * @head: Pointer to "struct ccs_io_buffer".
2361     */
2362 kumaneko 2943 static void ccs_read_query(struct ccs_io_buffer *head)
2363 kumaneko 2863 {
2364     struct list_head *tmp;
2365     int pos = 0;
2366     int len = 0;
2367     char *buf;
2368     if (head->read_avail)
2369 kumaneko 2943 return;
2370 kumaneko 2863 if (head->read_buf) {
2371     kfree(head->read_buf);
2372     head->read_buf = NULL;
2373     head->readbuf_size = 0;
2374     }
2375     spin_lock(&ccs_query_list_lock);
2376     list_for_each(tmp, &ccs_query_list) {
2377     struct ccs_query_entry *ptr
2378     = list_entry(tmp, struct ccs_query_entry, list);
2379     if (ptr->answer)
2380     continue;
2381     if (pos++ != head->read_step)
2382     continue;
2383     len = ptr->query_len;
2384     break;
2385     }
2386     spin_unlock(&ccs_query_list_lock);
2387     if (!len) {
2388     head->read_step = 0;
2389 kumaneko