オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.7.x/ccs-patch/security/ccsecurity/util.c

Contents of /trunk/1.7.x/ccs-patch/security/ccsecurity/util.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1578 - (show annotations) (download) (as text)
Thu Sep 11 03:40:09 2008 UTC (15 years, 8 months ago) by kumaneko
Original Path: trunk/1.6.x/ccs-patch/fs/ccs_common.c
File MIME type: text/x-csrc
File size: 83237 byte(s) 
Remember manager state.
1 /*
2 * fs/ccs_common.c
3 *
4 * Common functions for SAKURA and TOMOYO.
5 *
6 * Copyright (C) 2005-2008 NTT DATA CORPORATION
7 *
8 * Version: 1.6.5-pre 2008/09/11
9 *
10 * This file is applicable to both 2.4.30 and 2.6.11 and later.
11 * See README.ccs for ChangeLog.
12 *
13 */
14
15 #include <linux/version.h>
16 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 5, 0)
17 #define __KERNEL_SYSCALLS__
18 #endif
19 #include <linux/string.h>
20 #include <linux/mm.h>
21 #include <linux/utime.h>
22 #include <linux/file.h>
23 #include <linux/module.h>
24 #include <linux/slab.h>
25 #include <asm/uaccess.h>
26 #include <stdarg.h>
27 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 0)
28 #include <linux/namei.h>
29 #include <linux/mount.h>
30 static const int lookup_flags = LOOKUP_FOLLOW;
31 #else
32 static const int lookup_flags = LOOKUP_FOLLOW | LOOKUP_POSITIVE;
33 #endif
34 #include <linux/realpath.h>
35 #include <linux/ccs_common.h>
36 #include <linux/ccs_proc.h>
37 #include <linux/tomoyo.h>
38 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 5, 0)
39 #include <linux/unistd.h>
40 #endif
41
42 /* To support PID namespace. */
43 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
44 #define find_task_by_pid find_task_by_vpid
45 #endif
46
47 /* Set default specified by the kernel config. */
48 #ifdef CONFIG_TOMOYO
49 #define MAX_ACCEPT_ENTRY (CONFIG_TOMOYO_MAX_ACCEPT_ENTRY)
50 #define MAX_GRANT_LOG (CONFIG_TOMOYO_MAX_GRANT_LOG)
51 #define MAX_REJECT_LOG (CONFIG_TOMOYO_MAX_REJECT_LOG)
52 #else
53 #define MAX_ACCEPT_ENTRY 0
54 #define MAX_GRANT_LOG 0
55 #define MAX_REJECT_LOG 0
56 #endif
57
58 /* Has /sbin/init started? */
59 bool sbin_init_started = false;
60
61 /* Log level for SAKURA's printk(). */
62 const char *ccs_log_level = KERN_DEBUG;
63
64 /* String table for functionality that takes 4 modes. */
65 static const char *mode_4[4] = {
66 "disabled", "learning", "permissive", "enforcing"
67 };
68 /* String table for functionality that takes 2 modes. */
69 static const char *mode_2[4] = {
70 "disabled", "enabled", "enabled", "enabled"
71 };
72
73 /* Table for profile. */
74 static struct {
75 const char *keyword;
76 unsigned int current_value;
77 const unsigned int max_value;
78 } ccs_control_array[CCS_MAX_CONTROL_INDEX] = {
79 [CCS_TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 },
80 [CCS_TOMOYO_MAC_FOR_ARGV0] = { "MAC_FOR_ARGV0", 0, 3 },
81 [CCS_TOMOYO_MAC_FOR_ENV] = { "MAC_FOR_ENV", 0, 3 },
82 [CCS_TOMOYO_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 },
83 [CCS_TOMOYO_MAC_FOR_SIGNAL] = { "MAC_FOR_SIGNAL", 0, 3 },
84 [CCS_SAKURA_DENY_CONCEAL_MOUNT] = { "DENY_CONCEAL_MOUNT", 0, 3 },
85 [CCS_SAKURA_RESTRICT_CHROOT] = { "RESTRICT_CHROOT", 0, 3 },
86 [CCS_SAKURA_RESTRICT_MOUNT] = { "RESTRICT_MOUNT", 0, 3 },
87 [CCS_SAKURA_RESTRICT_UNMOUNT] = { "RESTRICT_UNMOUNT", 0, 3 },
88 [CCS_SAKURA_RESTRICT_PIVOT_ROOT] = { "RESTRICT_PIVOT_ROOT", 0, 3 },
89 [CCS_SAKURA_RESTRICT_AUTOBIND] = { "RESTRICT_AUTOBIND", 0, 1 },
90 [CCS_TOMOYO_MAX_ACCEPT_ENTRY]
91 = { "MAX_ACCEPT_ENTRY", MAX_ACCEPT_ENTRY, INT_MAX },
92 [CCS_TOMOYO_MAX_GRANT_LOG]
93 = { "MAX_GRANT_LOG", MAX_GRANT_LOG, INT_MAX },
94 [CCS_TOMOYO_MAX_REJECT_LOG]
95 = { "MAX_REJECT_LOG", MAX_REJECT_LOG, INT_MAX },
96 [CCS_TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 },
97 [CCS_SLEEP_PERIOD]
98 = { "SLEEP_PERIOD", 0, 3000 }, /* in 0.1 second */
99 };
100
101 #ifdef CONFIG_TOMOYO
102 /* Capability name used by domain policy. */
103 static const char *capability_control_keyword[TOMOYO_MAX_CAPABILITY_INDEX] = {
104 [TOMOYO_INET_STREAM_SOCKET_CREATE] = "inet_tcp_create",
105 [TOMOYO_INET_STREAM_SOCKET_LISTEN] = "inet_tcp_listen",
106 [TOMOYO_INET_STREAM_SOCKET_CONNECT] = "inet_tcp_connect",
107 [TOMOYO_USE_INET_DGRAM_SOCKET] = "use_inet_udp",
108 [TOMOYO_USE_INET_RAW_SOCKET] = "use_inet_ip",
109 [TOMOYO_USE_ROUTE_SOCKET] = "use_route",
110 [TOMOYO_USE_PACKET_SOCKET] = "use_packet",
111 [TOMOYO_SYS_MOUNT] = "SYS_MOUNT",
112 [TOMOYO_SYS_UMOUNT] = "SYS_UMOUNT",
113 [TOMOYO_SYS_REBOOT] = "SYS_REBOOT",
114 [TOMOYO_SYS_CHROOT] = "SYS_CHROOT",
115 [TOMOYO_SYS_KILL] = "SYS_KILL",
116 [TOMOYO_SYS_VHANGUP] = "SYS_VHANGUP",
117 [TOMOYO_SYS_SETTIME] = "SYS_TIME",
118 [TOMOYO_SYS_NICE] = "SYS_NICE",
119 [TOMOYO_SYS_SETHOSTNAME] = "SYS_SETHOSTNAME",
120 [TOMOYO_USE_KERNEL_MODULE] = "use_kernel_module",
121 [TOMOYO_CREATE_FIFO] = "create_fifo",
122 [TOMOYO_CREATE_BLOCK_DEV] = "create_block_dev",
123 [TOMOYO_CREATE_CHAR_DEV] = "create_char_dev",
124 [TOMOYO_CREATE_UNIX_SOCKET] = "create_unix_socket",
125 [TOMOYO_SYS_LINK] = "SYS_LINK",
126 [TOMOYO_SYS_SYMLINK] = "SYS_SYMLINK",
127 [TOMOYO_SYS_RENAME] = "SYS_RENAME",
128 [TOMOYO_SYS_UNLINK] = "SYS_UNLINK",
129 [TOMOYO_SYS_CHMOD] = "SYS_CHMOD",
130 [TOMOYO_SYS_CHOWN] = "SYS_CHOWN",
131 [TOMOYO_SYS_IOCTL] = "SYS_IOCTL",
132 [TOMOYO_SYS_KEXEC_LOAD] = "SYS_KEXEC_LOAD",
133 [TOMOYO_SYS_PIVOT_ROOT] = "SYS_PIVOT_ROOT",
134 [TOMOYO_SYS_PTRACE] = "SYS_PTRACE",
135 };
136 #endif
137
138 /* Profile table. Memory is allocated as needed. */
139 static struct profile {
140 unsigned int value[CCS_MAX_CONTROL_INDEX];
141 const struct path_info *comment;
142 #ifdef CONFIG_TOMOYO
143 unsigned char capability_value[TOMOYO_MAX_CAPABILITY_INDEX];
144 #endif
145 } *profile_ptr[MAX_PROFILES];
146
147 /* Permit policy management by non-root user? */
148 static bool manage_by_non_root = false;
149
150 /* Utility functions. */
151
152 #ifdef CONFIG_TOMOYO
153 /**
154 * tomoyo_quiet_setup - Set TOMOYO_VERBOSE=0 by default.
155 *
156 * @str: Unused.
157 *
158 * Returns 0.
159 */
160 static int __init tomoyo_quiet_setup(char *str)
161 {
162 ccs_control_array[CCS_TOMOYO_VERBOSE].current_value = 0;
163 return 0;
164 }
165
166 __setup("TOMOYO_QUIET", tomoyo_quiet_setup);
167 #endif
168
169 /**
170 * is_byte_range - Check whether the string isa \ooo style octal value.
171 *
172 * @str: Pointer to the string.
173 *
174 * Returns true if @str is a \ooo style octal value, false otherwise.
175 */
176 static bool is_byte_range(const char *str)
177 {
178 return *str >= '0' && *str++ <= '3' &&
179 *str >= '0' && *str++ <= '7' &&
180 *str >= '0' && *str <= '7';
181 }
182
183 /**
184 * is_decimal - Check whether the character is a decimal character.
185 *
186 * @c: The character to check.
187 *
188 * Returns true if @c is a decimal character, false otherwise.
189 */
190 static bool is_decimal(const char c)
191 {
192 return c >= '0' && c <= '9';
193 }
194
195 /**
196 * is_hexadecimal - Check whether the character is a hexadecimal character.
197 *
198 * @c: The character to check.
199 *
200 * Returns true if @c is a hexadecimal character, false otherwise.
201 */
202 static bool is_hexadecimal(const char c)
203 {
204 return (c >= '0' && c <= '9') ||
205 (c >= 'A' && c <= 'F') ||
206 (c >= 'a' && c <= 'f');
207 }
208
209 /**
210 * is_alphabet_char - Check whether the character is an alphabet.
211 *
212 * @c: The character to check.
213 *
214 * Returns true if @c is an alphabet character, false otherwise.
215 */
216 static bool is_alphabet_char(const char c)
217 {
218 return (c >= 'A' && c <= 'F') || (c >= 'a' && c <= 'f');
219 }
220
221 /**
222 * make_byte - Make byte value from three octal characters.
223 *
224 * @c1: The first character.
225 * @c2: The second character.
226 * @c3: The third character.
227 *
228 * Returns byte value.
229 */
230 static u8 make_byte(const u8 c1, const u8 c2, const u8 c3)
231 {
232 return ((c1 - '0') << 6) + ((c2 - '0') << 3) + (c3 - '0');
233 }
234
235 /**
236 * str_starts - Check whether the given string starts with the given keyword.
237 *
238 * @src: Pointer to pointer to the string.
239 * @find: Pointer to the keyword.
240 *
241 * Returns true if @src starts with @find, false otherwise.
242 *
243 * The @src is updated to point the first character after the @find
244 * if @src starts with @find.
245 */
246 static bool str_starts(char **src, const char *find)
247 {
248 const int len = strlen(find);
249 char *tmp = *src;
250 if (strncmp(tmp, find, len))
251 return false;
252 tmp += len;
253 *src = tmp;
254 return true;
255 }
256
257 /**
258 * normalize_line - Format string.
259 *
260 * @buffer: The line to normalize.
261 *
262 * Leading and trailing whitespaces are removed.
263 * Multiple whitespaces are packed into single space.
264 *
265 * Returns nothing.
266 */
267 static void normalize_line(unsigned char *buffer)
268 {
269 unsigned char *sp = buffer;
270 unsigned char *dp = buffer;
271 bool first = true;
272 while (*sp && (*sp <= ' ' || *sp >= 127))
273 sp++;
274 while (*sp) {
275 if (!first)
276 *dp++ = ' ';
277 first = false;
278 while (*sp > ' ' && *sp < 127)
279 *dp++ = *sp++;
280 while (*sp && (*sp <= ' ' || *sp >= 127))
281 sp++;
282 }
283 *dp = '\0';
284 }
285
286 /**
287 * ccs_is_correct_path - Validate a pathname.
288 * @filename: The pathname to check.
289 * @start_type: Should the pathname start with '/'?
290 * 1 = must / -1 = must not / 0 = don't care
291 * @pattern_type: Can the pathname contain a wildcard?
292 * 1 = must / -1 = must not / 0 = don't care
293 * @end_type: Should the pathname end with '/'?
294 * 1 = must / -1 = must not / 0 = don't care
295 * @function: The name of function calling me.
296 *
297 * Check whether the given filename follows the naming rules.
298 * Returns true if @filename follows the naming rules, false otherwise.
299 */
300 bool ccs_is_correct_path(const char *filename, const s8 start_type,
301 const s8 pattern_type, const s8 end_type,
302 const char *function)
303 {
304 bool contains_pattern = false;
305 unsigned char c;
306 unsigned char d;
307 unsigned char e;
308 const char *original_filename = filename;
309 if (!filename)
310 goto out;
311 c = *filename;
312 if (start_type == 1) { /* Must start with '/' */
313 if (c != '/')
314 goto out;
315 } else if (start_type == -1) { /* Must not start with '/' */
316 if (c == '/')
317 goto out;
318 }
319 if (c)
320 c = *(strchr(filename, '\0') - 1);
321 if (end_type == 1) { /* Must end with '/' */
322 if (c != '/')
323 goto out;
324 } else if (end_type == -1) { /* Must not end with '/' */
325 if (c == '/')
326 goto out;
327 }
328 while ((c = *filename++) != '\0') {
329 if (c == '\\') {
330 switch ((c = *filename++)) {
331 case '\\': /* "\\" */
332 continue;
333 case '$': /* "\$" */
334 case '+': /* "\+" */
335 case '?': /* "\?" */
336 case '*': /* "\*" */
337 case '@': /* "\@" */
338 case 'x': /* "\x" */
339 case 'X': /* "\X" */
340 case 'a': /* "\a" */
341 case 'A': /* "\A" */
342 case '-': /* "\-" */
343 if (pattern_type == -1)
344 break; /* Must not contain pattern */
345 contains_pattern = true;
346 continue;
347 case '0': /* "\ooo" */
348 case '1':
349 case '2':
350 case '3':
351 d = *filename++;
352 if (d < '0' || d > '7')
353 break;
354 e = *filename++;
355 if (e < '0' || e > '7')
356 break;
357 c = make_byte(c, d, e);
358 if (c && (c <= ' ' || c >= 127))
359 continue; /* pattern is not \000 */
360 }
361 goto out;
362 } else if (c <= ' ' || c >= 127) {
363 goto out;
364 }
365 }
366 if (pattern_type == 1) { /* Must contain pattern */
367 if (!contains_pattern)
368 goto out;
369 }
370 return true;
371 out:
372 printk(KERN_DEBUG "%s: Invalid pathname '%s'\n", function,
373 original_filename);
374 return false;
375 }
376
377 /**
378 * ccs_is_correct_domain - Check whether the given domainname follows the naming rules.
379 * @domainname: The domainname to check.
380 * @function: The name of function calling me.
381 *
382 * Returns true if @domainname follows the naming rules, false otherwise.
383 */
384 bool ccs_is_correct_domain(const unsigned char *domainname,
385 const char *function)
386 {
387 unsigned char c;
388 unsigned char d;
389 unsigned char e;
390 const char *org_domainname = domainname;
391 if (!domainname || strncmp(domainname, ROOT_NAME, ROOT_NAME_LEN))
392 goto out;
393 domainname += ROOT_NAME_LEN;
394 if (!*domainname)
395 return true;
396 do {
397 if (*domainname++ != ' ')
398 goto out;
399 if (*domainname++ != '/')
400 goto out;
401 while ((c = *domainname) != '\0' && c != ' ') {
402 domainname++;
403 if (c == '\\') {
404 c = *domainname++;
405 switch ((c)) {
406 case '\\': /* "\\" */
407 continue;
408 case '0': /* "\ooo" */
409 case '1':
410 case '2':
411 case '3':
412 d = *domainname++;
413 if (d < '0' || d > '7')
414 break;
415 e = *domainname++;
416 if (e < '0' || e > '7')
417 break;
418 c = make_byte(c, d, e);
419 if (c && (c <= ' ' || c >= 127))
420 /* pattern is not \000 */
421 continue;
422 }
423 goto out;
424 } else if (c < ' ' || c >= 127) {
425 goto out;
426 }
427 }
428 } while (*domainname);
429 return true;
430 out:
431 printk(KERN_DEBUG "%s: Invalid domainname '%s'\n", function,
432 org_domainname);
433 return false;
434 }
435
436 /**
437 * ccs_is_domain_def - Check whether the given token can be a domainname.
438 *
439 * @buffer: The token to check.
440 *
441 * Returns true if @buffer possibly be a domainname, false otherwise.
442 */
443 bool ccs_is_domain_def(const unsigned char *buffer)
444 {
445 return !strncmp(buffer, ROOT_NAME, ROOT_NAME_LEN);
446 }
447
448 /**
449 * ccs_find_domain - Find a domain by the given name.
450 *
451 * @domainname: The domainname to find.
452 *
453 * Returns pointer to "struct domain_info" if found, NULL otherwise.
454 */
455 struct domain_info *ccs_find_domain(const char *domainname)
456 {
457 struct domain_info *domain;
458 struct path_info name;
459 name.name = domainname;
460 ccs_fill_path_info(&name);
461 list1_for_each_entry(domain, &domain_list, list) {
462 if (!domain->is_deleted &&
463 !ccs_pathcmp(&name, domain->domainname))
464 return domain;
465 }
466 return NULL;
467 }
468
469 /**
470 * path_depth - Evaluate the number of '/' in a string.
471 *
472 * @pathname: The string to evaluate.
473 *
474 * Returns path depth of the string.
475 *
476 * I score 2 for each of the '/' in the @pathname
477 * and score 1 if the @pathname ends with '/'.
478 */
479 static int path_depth(const char *pathname)
480 {
481 int i = 0;
482 if (pathname) {
483 char *ep = strchr(pathname, '\0');
484 if (pathname < ep--) {
485 if (*ep != '/')
486 i++;
487 while (pathname <= ep)
488 if (*ep-- == '/')
489 i += 2;
490 }
491 }
492 return i;
493 }
494
495 /**
496 * const_part_length - Evaluate the initial length without a pattern in a token.
497 *
498 * @filename: The string to evaluate.
499 *
500 * Returns the initial length without a pattern in @filename.
501 */
502 static int const_part_length(const char *filename)
503 {
504 char c;
505 int len = 0;
506 if (!filename)
507 return 0;
508 while ((c = *filename++) != '\0') {
509 if (c != '\\') {
510 len++;
511 continue;
512 }
513 c = *filename++;
514 switch (c) {
515 case '\\': /* "\\" */
516 len += 2;
517 continue;
518 case '0': /* "\ooo" */
519 case '1':
520 case '2':
521 case '3':
522 c = *filename++;
523 if (c < '0' || c > '7')
524 break;
525 c = *filename++;
526 if (c < '0' || c > '7')
527 break;
528 len += 4;
529 continue;
530 }
531 break;
532 }
533 return len;
534 }
535
536 /**
537 * ccs_fill_path_info - Fill in "struct path_info" members.
538 *
539 * @ptr: Pointer to "struct path_info" to fill in.
540 *
541 * The caller sets "struct path_info"->name.
542 */
543 void ccs_fill_path_info(struct path_info *ptr)
544 {
545 const char *name = ptr->name;
546 const int len = strlen(name);
547 ptr->total_len = len;
548 ptr->const_len = const_part_length(name);
549 ptr->is_dir = len && (name[len - 1] == '/');
550 ptr->is_patterned = (ptr->const_len < len);
551 ptr->hash = full_name_hash(name, len);
552 ptr->depth = path_depth(name);
553 }
554
555 /**
556 * file_matches_to_pattern2 - Pattern matching without '/' character
557 * and "\-" pattern.
558 *
559 * @filename: The start of string to check.
560 * @filename_end: The end of string to check.
561 * @pattern: The start of pattern to compare.
562 * @pattern_end: The end of pattern to compare.
563 *
564 * Returns true if @filename matches @pattern, false otherwise.
565 */
566 static bool file_matches_to_pattern2(const char *filename,
567 const char *filename_end,
568 const char *pattern,
569 const char *pattern_end)
570 {
571 while (filename < filename_end && pattern < pattern_end) {
572 char c;
573 if (*pattern != '\\') {
574 if (*filename++ != *pattern++)
575 return false;
576 continue;
577 }
578 c = *filename;
579 pattern++;
580 switch (*pattern) {
581 int i;
582 int j;
583 case '?':
584 if (c == '/') {
585 return false;
586 } else if (c == '\\') {
587 if (filename[1] == '\\')
588 filename++;
589 else if (is_byte_range(filename + 1))
590 filename += 3;
591 else
592 return false;
593 }
594 break;
595 case '\\':
596 if (c != '\\')
597 return false;
598 if (*++filename != '\\')
599 return false;
600 break;
601 case '+':
602 if (!is_decimal(c))
603 return false;
604 break;
605 case 'x':
606 if (!is_hexadecimal(c))
607 return false;
608 break;
609 case 'a':
610 if (!is_alphabet_char(c))
611 return false;
612 break;
613 case '0':
614 case '1':
615 case '2':
616 case '3':
617 if (c == '\\' && is_byte_range(filename + 1)
618 && strncmp(filename + 1, pattern, 3) == 0) {
619 filename += 3;
620 pattern += 2;
621 break;
622 }
623 return false; /* Not matched. */
624 case '*':
625 case '@':
626 for (i = 0; i <= filename_end - filename; i++) {
627 if (file_matches_to_pattern2(filename + i,
628 filename_end,
629 pattern + 1,
630 pattern_end))
631 return true;
632 c = filename[i];
633 if (c == '.' && *pattern == '@')
634 break;
635 if (c != '\\')
636 continue;
637 if (filename[i + 1] == '\\')
638 i++;
639 else if (is_byte_range(filename + i + 1))
640 i += 3;
641 else
642 break; /* Bad pattern. */
643 }
644 return false; /* Not matched. */
645 default:
646 j = 0;
647 c = *pattern;
648 if (c == '$') {
649 while (is_decimal(filename[j]))
650 j++;
651 } else if (c == 'X') {
652 while (is_hexadecimal(filename[j]))
653 j++;
654 } else if (c == 'A') {
655 while (is_alphabet_char(filename[j]))
656 j++;
657 }
658 for (i = 1; i <= j; i++) {
659 if (file_matches_to_pattern2(filename + i,
660 filename_end,
661 pattern + 1,
662 pattern_end))
663 return true;
664 }
665 return false; /* Not matched or bad pattern. */
666 }
667 filename++;
668 pattern++;
669 }
670 while (*pattern == '\\' &&
671 (*(pattern + 1) == '*' || *(pattern + 1) == '@'))
672 pattern += 2;
673 return filename == filename_end && pattern == pattern_end;
674 }
675
676 /**
677 * file_matches_to_pattern - Pattern matching without without '/' character.
678 *
679 * @filename: The start of string to check.
680 * @filename_end: The end of string to check.
681 * @pattern: The start of pattern to compare.
682 * @pattern_end: The end of pattern to compare.
683 *
684 * Returns true if @filename matches @pattern, false otherwise.
685 */
686 static bool file_matches_to_pattern(const char *filename,
687 const char *filename_end,
688 const char *pattern,
689 const char *pattern_end)
690 {
691 const char *pattern_start = pattern;
692 bool first = true;
693 bool result;
694 while (pattern < pattern_end - 1) {
695 /* Split at "\-" pattern. */
696 if (*pattern++ != '\\' || *pattern++ != '-')
697 continue;
698 result = file_matches_to_pattern2(filename, filename_end,
699 pattern_start, pattern - 2);
700 if (first)
701 result = !result;
702 if (result)
703 return false;
704 first = false;
705 pattern_start = pattern;
706 }
707 result = file_matches_to_pattern2(filename, filename_end,
708 pattern_start, pattern_end);
709 return first ? result : !result;
710 }
711
712 /**
713 * ccs_path_matches_pattern - Check whether the given filename matches the given pattern.
714 * @filename: The filename to check.
715 * @pattern: The pattern to compare.
716 *
717 * Returns true if matches, false otherwise.
718 *
719 * The following patterns are available.
720 * \\ \ itself.
721 * \ooo Octal representation of a byte.
722 * \* More than or equals to 0 character other than '/'.
723 * \@ More than or equals to 0 character other than '/' or '.'.
724 * \? 1 byte character other than '/'.
725 * \$ More than or equals to 1 decimal digit.
726 * \+ 1 decimal digit.
727 * \X More than or equals to 1 hexadecimal digit.
728 * \x 1 hexadecimal digit.
729 * \A More than or equals to 1 alphabet character.
730 * \a 1 alphabet character.
731 * \- Subtraction operator.
732 */
733 bool ccs_path_matches_pattern(const struct path_info *filename,
734 const struct path_info *pattern)
735 {
736 /*
737 if (!filename || !pattern)
738 return false;
739 */
740 const char *f = filename->name;
741 const char *p = pattern->name;
742 const int len = pattern->const_len;
743 /* If @pattern doesn't contain pattern, I can use strcmp(). */
744 if (!pattern->is_patterned)
745 return !ccs_pathcmp(filename, pattern);
746 /* Dont compare if the number of '/' differs. */
747 if (filename->depth != pattern->depth)
748 return false;
749 /* Compare the initial length without patterns. */
750 if (strncmp(f, p, len))
751 return false;
752 f += len;
753 p += len;
754 /* Main loop. Compare each directory component. */
755 while (*f && *p) {
756 const char *f_delimiter = strchr(f, '/');
757 const char *p_delimiter = strchr(p, '/');
758 if (!f_delimiter)
759 f_delimiter = strchr(f, '\0');
760 if (!p_delimiter)
761 p_delimiter = strchr(p, '\0');
762 if (!file_matches_to_pattern(f, f_delimiter, p, p_delimiter))
763 return false;
764 f = f_delimiter;
765 if (*f)
766 f++;
767 p = p_delimiter;
768 if (*p)
769 p++;
770 }
771 /* Ignore trailing "\*" and "\@" in @pattern. */
772 while (*p == '\\' &&
773 (*(p + 1) == '*' || *(p + 1) == '@'))
774 p += 2;
775 return !*f && !*p;
776 }
777
778 /**
779 * ccs_io_printf - Transactional printf() to "struct ccs_io_buffer" structure.
780 *
781 * @head: Pointer to "struct ccs_io_buffer".
782 * @fmt: The printf()'s format string, followed by parameters.
783 *
784 * Returns true on success, false otherwise.
785 *
786 * The snprintf() will truncate, but ccs_io_printf() won't.
787 */
788 bool ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...)
789 {
790 va_list args;
791 int len;
792 int pos = head->read_avail;
793 int size = head->readbuf_size - pos;
794 if (size <= 0)
795 return false;
796 va_start(args, fmt);
797 len = vsnprintf(head->read_buf + pos, size, fmt, args);
798 va_end(args);
799 if (pos + len >= head->readbuf_size)
800 return false;
801 head->read_avail += len;
802 return true;
803 }
804
805 /**
806 * ccs_get_exe - Get ccs_realpath() of current process.
807 *
808 * Returns the ccs_realpath() of current process on success, NULL otherwise.
809 *
810 * This function uses ccs_alloc(), so the caller must ccs_free()
811 * if this function didn't return NULL.
812 */
813 const char *ccs_get_exe(void)
814 {
815 struct mm_struct *mm = current->mm;
816 struct vm_area_struct *vma;
817 const char *cp = NULL;
818 if (!mm)
819 return NULL;
820 down_read(&mm->mmap_sem);
821 for (vma = mm->mmap; vma; vma = vma->vm_next) {
822 if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {
823 cp = ccs_realpath_from_dentry(vma->vm_file->f_dentry,
824 vma->vm_file->f_vfsmnt);
825 break;
826 }
827 }
828 up_read(&mm->mmap_sem);
829 return cp;
830 }
831
832 /**
833 * ccs_get_msg - Get warning message.
834 *
835 * @is_enforce: Is it enforcing mode?
836 *
837 * Returns "ERROR" or "WARNING".
838 */
839 const char *ccs_get_msg(const bool is_enforce)
840 {
841 if (is_enforce)
842 return "ERROR";
843 else
844 return "WARNING";
845 }
846
847 /**
848 * ccs_check_flags_no_sleep_check - Check mode for specified functionality.
849 *
850 * @index: The functionality to check mode.
851 *
852 * Returns the mode of specified functionality.
853 */
854 unsigned int ccs_check_flags_no_sleep_check(const u8 index)
855 {
856 const u8 profile = current->domain_info->profile;
857 return sbin_init_started && index < CCS_MAX_CONTROL_INDEX
858 #if MAX_PROFILES != 256
859 && profile < MAX_PROFILES
860 #endif
861 && profile_ptr[profile] ?
862 profile_ptr[profile]->value[index] : 0;
863 }
864
865 /**
866 * sleep_check - Check whether it is permitted to do operations that may sleep.
867 *
868 * Returns true if it is permitted to do operations that may sleep,
869 * false otherwise.
870 *
871 * TOMOYO Linux supports interactive enforcement that lets processes
872 * wait for the administrator's decision.
873 * All hooks but the one for ccs_may_autobind() are inserted where
874 * it is permitted to do operations that may sleep.
875 * Thus, this warning should not happen.
876 */
877 static bool sleep_check(void)
878 {
879 static u8 count = 20;
880 if (likely(!in_interrupt()))
881 return true;
882 if (count) {
883 count--;
884 printk(KERN_ERR "BUG: sleeping function called "
885 "from invalid context.\n");
886 dump_stack();
887 }
888 return false;
889 }
890
891 /**
892 * ccs_check_flags - Check mode for specified functionality.
893 *
894 * @index: The functionality to check mode.
895 *
896 * Returns the mode of specified functionality.
897 */
898 unsigned int ccs_check_flags(const u8 index)
899 {
900 return sleep_check() ? ccs_check_flags_no_sleep_check(index) : 0;
901 }
902
903 #ifdef CONFIG_TOMOYO
904 /**
905 * ccs_check_capability_flags - Check mode for specified capability.
906 *
907 * @index: The capability to check mode.
908 *
909 * Returns the mode of specified capability.
910 */
911 u8 ccs_check_capability_flags(const u8 index)
912 {
913 const u8 profile = current->domain_info->profile;
914 return sbin_init_started && index < TOMOYO_MAX_CAPABILITY_INDEX
915 #if MAX_PROFILES != 256
916 && profile < MAX_PROFILES
917 #endif
918 && sleep_check()
919 && profile_ptr[profile] ?
920 profile_ptr[profile]->capability_value[index] : 0;
921 }
922
923 /**
924 * ccs_cap2keyword - Convert capability operation to capability name.
925 *
926 * @operation: The capability index.
927 *
928 * Returns the name of the specified capability's name.
929 */
930 const char *ccs_cap2keyword(const u8 operation)
931 {
932 return operation < TOMOYO_MAX_CAPABILITY_INDEX
933 ? capability_control_keyword[operation] : NULL;
934 }
935
936 #endif
937
938 /**
939 * ccs_verbose_mode - Check whether TOMOYO is verbose mode.
940 *
941 * Returns true if domain policy violation warning should be printed to
942 * console.
943 */
944 bool ccs_verbose_mode(void)
945 {
946 return ccs_check_flags(CCS_TOMOYO_VERBOSE) != 0;
947 }
948
949 /**
950 * ccs_check_domain_quota - Check for domain's quota.
951 *
952 * @domain: Pointer to "struct domain_info".
953 *
954 * Returns true if the domain is not exceeded quota, false otherwise.
955 */
956 bool ccs_check_domain_quota(struct domain_info * const domain)
957 {
958 unsigned int count = 0;
959 struct acl_info *ptr;
960 if (!domain)
961 return true;
962 list1_for_each_entry(ptr, &domain->acl_info_list, list) {
963 if (ptr->type & ACL_DELETED)
964 continue;
965 switch (ccs_acl_type2(ptr)) {
966 struct single_path_acl_record *acl1;
967 struct double_path_acl_record *acl2;
968 u16 perm;
969 case TYPE_SINGLE_PATH_ACL:
970 acl1 = container_of(ptr, struct single_path_acl_record,
971 head);
972 perm = acl1->perm;
973 if (perm & (1 << TYPE_EXECUTE_ACL))
974 count++;
975 if (perm &
976 ((1 << TYPE_READ_ACL) | (1 << TYPE_WRITE_ACL)))
977 count++;
978 if (perm & (1 << TYPE_CREATE_ACL))
979 count++;
980 if (perm & (1 << TYPE_UNLINK_ACL))
981 count++;
982 if (perm & (1 << TYPE_MKDIR_ACL))
983 count++;
984 if (perm & (1 << TYPE_RMDIR_ACL))
985 count++;
986 if (perm & (1 << TYPE_MKFIFO_ACL))
987 count++;
988 if (perm & (1 << TYPE_MKSOCK_ACL))
989 count++;
990 if (perm & (1 << TYPE_MKBLOCK_ACL))
991 count++;
992 if (perm & (1 << TYPE_MKCHAR_ACL))
993 count++;
994 if (perm & (1 << TYPE_TRUNCATE_ACL))
995 count++;
996 if (perm & (1 << TYPE_SYMLINK_ACL))
997 count++;
998 if (perm & (1 << TYPE_REWRITE_ACL))
999 count++;
1000 break;
1001 case TYPE_DOUBLE_PATH_ACL:
1002 acl2 = container_of(ptr, struct double_path_acl_record,
1003 head);
1004 perm = acl2->perm;
1005 if (perm & (1 << TYPE_LINK_ACL))
1006 count++;
1007 if (perm & (1 << TYPE_RENAME_ACL))
1008 count++;
1009 break;
1010 case TYPE_EXECUTE_HANDLER:
1011 case TYPE_DENIED_EXECUTE_HANDLER:
1012 break;
1013 default:
1014 count++;
1015 }
1016 }
1017 if (count < ccs_check_flags(CCS_TOMOYO_MAX_ACCEPT_ENTRY))
1018 return true;
1019 if (!domain->quota_warned) {
1020 domain->quota_warned = true;
1021 printk(KERN_WARNING "TOMOYO-WARNING: "
1022 "Domain '%s' has so many ACLs to hold. "
1023 "Stopped learning mode.\n", domain->domainname->name);
1024 }
1025 return false;
1026 }
1027
1028 /**
1029 * ccs_find_or_assign_new_profile - Create a new profile.
1030 *
1031 * @profile: Profile number to create.
1032 *
1033 * Returns pointer to "struct profile" on success, NULL otherwise.
1034 */
1035 static struct profile *ccs_find_or_assign_new_profile(const unsigned int
1036 profile)
1037 {
1038 static DEFINE_MUTEX(profile_lock);
1039 struct profile *ptr = NULL;
1040 mutex_lock(&profile_lock);
1041 if (profile < MAX_PROFILES) {
1042 ptr = profile_ptr[profile];
1043 if (ptr)
1044 goto ok;
1045 ptr = ccs_alloc_element(sizeof(*ptr));
1046 if (ptr) {
1047 int i;
1048 for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++)
1049 ptr->value[i]
1050 = ccs_control_array[i].current_value;
1051 /*
1052 * Needn't to initialize "ptr->capability_value"
1053 * because they are always 0.
1054 */
1055 mb(); /* Avoid out-of-order execution. */
1056 profile_ptr[profile] = ptr;
1057 }
1058 }
1059 ok:
1060 mutex_unlock(&profile_lock);
1061 return ptr;
1062 }
1063
1064 /**
1065 * write_profile - Write profile table.
1066 *
1067 * @head: Pointer to "struct ccs_io_buffer"
1068 *
1069 * Returns 0 on success, negative value otherwise.
1070 */
1071 static int write_profile(struct ccs_io_buffer *head)
1072 {
1073 char *data = head->write_buf;
1074 unsigned int i;
1075 unsigned int value;
1076 char *cp;
1077 struct profile *profile;
1078 i = simple_strtoul(data, &cp, 10);
1079 if (data != cp) {
1080 if (*cp != '-')
1081 return -EINVAL;
1082 data = cp + 1;
1083 }
1084 profile = ccs_find_or_assign_new_profile(i);
1085 if (!profile)
1086 return -EINVAL;
1087 cp = strchr(data, '=');
1088 if (!cp)
1089 return -EINVAL;
1090 *cp = '\0';
1091 ccs_update_counter(CCS_UPDATES_COUNTER_PROFILE);
1092 if (!strcmp(data, "COMMENT")) {
1093 profile->comment = ccs_save_name(cp + 1);
1094 return 0;
1095 }
1096 #ifdef CONFIG_TOMOYO
1097 if (str_starts(&data, KEYWORD_MAC_FOR_CAPABILITY)) {
1098 if (sscanf(cp + 1, "%u", &value) != 1) {
1099 for (i = 0; i < 4; i++) {
1100 if (strcmp(cp + 1, mode_4[i]))
1101 continue;
1102 value = i;
1103 break;
1104 }
1105 if (i == 4)
1106 return -EINVAL;
1107 }
1108 if (value > 3)
1109 value = 3;
1110 for (i = 0; i < TOMOYO_MAX_CAPABILITY_INDEX; i++) {
1111 if (strcmp(data, capability_control_keyword[i]))
1112 continue;
1113 profile->capability_value[i] = value;
1114 return 0;
1115 }
1116 return -EINVAL;
1117 }
1118 #endif
1119 for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++) {
1120 if (strcmp(data, ccs_control_array[i].keyword))
1121 continue;
1122 if (sscanf(cp + 1, "%u", &value) != 1) {
1123 int j;
1124 const char **modes;
1125 switch (i) {
1126 case CCS_SAKURA_RESTRICT_AUTOBIND:
1127 case CCS_TOMOYO_VERBOSE:
1128 modes = mode_2;
1129 break;
1130 default:
1131 modes = mode_4;
1132 break;
1133 }
1134 for (j = 0; j < 4; j++) {
1135 if (strcmp(cp + 1, modes[j]))
1136 continue;
1137 value = j;
1138 break;
1139 }
1140 if (j == 4)
1141 return -EINVAL;
1142 } else if (value > ccs_control_array[i].max_value) {
1143 value = ccs_control_array[i].max_value;
1144 }
1145 switch (i) {
1146 case CCS_SAKURA_DENY_CONCEAL_MOUNT:
1147 case CCS_SAKURA_RESTRICT_UNMOUNT:
1148 if (value == 1)
1149 value = 2; /* learning mode is not supported. */
1150 }
1151 profile->value[i] = value;
1152 return 0;
1153 }
1154 return -EINVAL;
1155 }
1156
1157 /**
1158 * read_profile - Read profile table.
1159 *
1160 * @head: Pointer to "struct ccs_io_buffer"
1161 *
1162 * Returns 0.
1163 */
1164 static int read_profile(struct ccs_io_buffer *head)
1165 {
1166 static const int total
1167 = CCS_MAX_CONTROL_INDEX + TOMOYO_MAX_CAPABILITY_INDEX + 1;
1168 int step;
1169 if (head->read_eof)
1170 return 0;
1171 for (step = head->read_step; step < MAX_PROFILES * total; step++) {
1172 const u8 index = step / total;
1173 u8 type = step % total;
1174 const struct profile *profile = profile_ptr[index];
1175 head->read_step = step;
1176 if (!profile)
1177 continue;
1178 #if !defined(CONFIG_SAKURA) || !defined(CONFIG_TOMOYO)
1179 switch (type) {
1180 #ifndef CONFIG_SAKURA
1181 case CCS_SAKURA_DENY_CONCEAL_MOUNT:
1182 case CCS_SAKURA_RESTRICT_CHROOT:
1183 case CCS_SAKURA_RESTRICT_MOUNT:
1184 case CCS_SAKURA_RESTRICT_UNMOUNT:
1185 case CCS_SAKURA_RESTRICT_PIVOT_ROOT:
1186 case CCS_SAKURA_RESTRICT_AUTOBIND:
1187 #endif
1188 #ifndef CONFIG_TOMOYO
1189 case CCS_TOMOYO_MAC_FOR_FILE:
1190 case CCS_TOMOYO_MAC_FOR_ARGV0:
1191 case CCS_TOMOYO_MAC_FOR_ENV:
1192 case CCS_TOMOYO_MAC_FOR_NETWORK:
1193 case CCS_TOMOYO_MAC_FOR_SIGNAL:
1194 case CCS_TOMOYO_MAX_ACCEPT_ENTRY:
1195 case CCS_TOMOYO_MAX_GRANT_LOG:
1196 case CCS_TOMOYO_MAX_REJECT_LOG:
1197 case CCS_TOMOYO_VERBOSE:
1198 #endif
1199 continue;
1200 }
1201 #endif
1202 if (!type) { /* Print profile' comment tag. */
1203 if (!ccs_io_printf(head, "%u-COMMENT=%s\n",
1204 index, profile->comment ?
1205 profile->comment->name : ""))
1206 break;
1207 continue;
1208 }
1209 type--;
1210 if (type >= CCS_MAX_CONTROL_INDEX) {
1211 #ifdef CONFIG_TOMOYO
1212 const int i = type - CCS_MAX_CONTROL_INDEX;
1213 const u8 value = profile->capability_value[i];
1214 if (!ccs_io_printf(head,
1215 "%u-" KEYWORD_MAC_FOR_CAPABILITY
1216 "%s=%s\n", index,
1217 capability_control_keyword[i],
1218 mode_4[value]))
1219 break;
1220 #endif
1221 } else {
1222 const unsigned int value = profile->value[type];
1223 const char **modes = NULL;
1224 const char *keyword = ccs_control_array[type].keyword;
1225 switch (ccs_control_array[type].max_value) {
1226 case 3:
1227 modes = mode_4;
1228 break;
1229 case 1:
1230 modes = mode_2;
1231 break;
1232 }
1233 if (modes) {
1234 if (!ccs_io_printf(head, "%u-%s=%s\n", index,
1235 keyword, modes[value]))
1236 break;
1237 } else {
1238 if (!ccs_io_printf(head, "%u-%s=%u\n", index,
1239 keyword, value))
1240 break;
1241 }
1242 }
1243 }
1244 if (step == MAX_PROFILES * total)
1245 head->read_eof = true;
1246 return 0;
1247 }
1248
1249 /* Structure for policy manager. */
1250 struct policy_manager_entry {
1251 struct list1_head list;
1252 /* A path to program or a domainname. */
1253 const struct path_info *manager;
1254 bool is_domain; /* True if manager is a domainname. */
1255 bool is_deleted; /* True if this entry is deleted. */
1256 };
1257
1258 /* The list for "struct policy_manager_entry". */
1259 static LIST1_HEAD(policy_manager_list);
1260
1261 /**
1262 * update_manager_entry - Add a manager entry.
1263 *
1264 * @manager: The path to manager or the domainnamme.
1265 * @is_delete: True if it is a delete request.
1266 *
1267 * Returns 0 on success, negative value otherwise.
1268 */
1269 static int update_manager_entry(const char *manager, const bool is_delete)
1270 {
1271 struct policy_manager_entry *new_entry;
1272 struct policy_manager_entry *ptr;
1273 static DEFINE_MUTEX(lock);
1274 const struct path_info *saved_manager;
1275 int error = -ENOMEM;
1276 bool is_domain = false;
1277 if (ccs_is_domain_def(manager)) {
1278 if (!ccs_is_correct_domain(manager, __func__))
1279 return -EINVAL;
1280 is_domain = true;
1281 } else {
1282 if (!ccs_is_correct_path(manager, 1, -1, -1, __func__))
1283 return -EINVAL;
1284 }
1285 saved_manager = ccs_save_name(manager);
1286 if (!saved_manager)
1287 return -ENOMEM;
1288 mutex_lock(&lock);
1289 list1_for_each_entry(ptr, &policy_manager_list, list) {
1290 if (ptr->manager != saved_manager)
1291 continue;
1292 ptr->is_deleted = is_delete;
1293 error = 0;
1294 goto out;
1295 }
1296 if (is_delete) {
1297 error = -ENOENT;
1298 goto out;
1299 }
1300 new_entry = ccs_alloc_element(sizeof(*new_entry));
1301 if (!new_entry)
1302 goto out;
1303 new_entry->manager = saved_manager;
1304 new_entry->is_domain = is_domain;
1305 list1_add_tail_mb(&new_entry->list, &policy_manager_list);
1306 error = 0;
1307 out:
1308 mutex_unlock(&lock);
1309 if (!error)
1310 ccs_update_counter(CCS_UPDATES_COUNTER_MANAGER);
1311 return error;
1312 }
1313
1314 /**
1315 * write_manager_policy - Write manager policy.
1316 *
1317 * @head: Pointer to "struct ccs_io_buffer"
1318 *
1319 * Returns 0 on success, negative value otherwise.
1320 */
1321 static int write_manager_policy(struct ccs_io_buffer *head)
1322 {
1323 char *data = head->write_buf;
1324 bool is_delete = str_starts(&data, KEYWORD_DELETE);
1325 if (!strcmp(data, "manage_by_non_root")) {
1326 manage_by_non_root = !is_delete;
1327 return 0;
1328 }
1329 return update_manager_entry(data, is_delete);
1330 }
1331
1332 /**
1333 * read_manager_policy - Read manager policy.
1334 *
1335 * @head: Pointer to "struct ccs_io_buffer"
1336 *
1337 * Returns 0.
1338 */
1339 static int read_manager_policy(struct ccs_io_buffer *head)
1340 {
1341 struct list1_head *pos;
1342 if (head->read_eof)
1343 return 0;
1344 list1_for_each_cookie(pos, head->read_var2, &policy_manager_list) {
1345 struct policy_manager_entry *ptr;
1346 ptr = list1_entry(pos, struct policy_manager_entry, list);
1347 if (ptr->is_deleted)
1348 continue;
1349 if (!ccs_io_printf(head, "%s\n", ptr->manager->name))
1350 return 0;
1351 }
1352 head->read_eof = true;
1353 return 0;
1354 }
1355
1356 /**
1357 * is_policy_manager - Check whether the current process is a policy manager.
1358 *
1359 * Returns true if the current process is permitted to modify policy
1360 * via /proc/ccs/ interface.
1361 */
1362 static bool is_policy_manager(void)
1363 {
1364 struct policy_manager_entry *ptr;
1365 const char *exe;
1366 struct task_struct *task = current;
1367 const struct path_info *domainname = task->domain_info->domainname;
1368 bool found = false;
1369 if (!sbin_init_started)
1370 return true;
1371 if (task->tomoyo_flags & CCS_TASK_IS_POLICY_MANAGER)
1372 return true;
1373 if (!manage_by_non_root && (task->uid || task->euid))
1374 return false;
1375 list1_for_each_entry(ptr, &policy_manager_list, list) {
1376 if (!ptr->is_deleted && ptr->is_domain
1377 && !ccs_pathcmp(domainname, ptr->manager)) {
1378 /* Set manager flag. */
1379 task->tomoyo_flags |= CCS_TASK_IS_POLICY_MANAGER;
1380 return true;
1381 }
1382 }
1383 exe = ccs_get_exe();
1384 if (!exe)
1385 return false;
1386 list1_for_each_entry(ptr, &policy_manager_list, list) {
1387 if (!ptr->is_deleted && !ptr->is_domain
1388 && !strcmp(exe, ptr->manager->name)) {
1389 found = true;
1390 /* Set manager flag. */
1391 task->tomoyo_flags |= CCS_TASK_IS_POLICY_MANAGER;
1392 break;
1393 }
1394 }
1395 if (!found) { /* Reduce error messages. */
1396 static pid_t last_pid;
1397 const pid_t pid = current->pid;
1398 if (last_pid != pid) {
1399 printk(KERN_WARNING "%s ( %s ) is not permitted to "
1400 "update policies.\n", domainname->name, exe);
1401 last_pid = pid;
1402 }
1403 }
1404 ccs_free(exe);
1405 return found;
1406 }
1407
1408 #ifdef CONFIG_TOMOYO
1409
1410 /**
1411 * ccs_find_condition_part - Find condition part from the statement.
1412 *
1413 * @data: String to parse.
1414 *
1415 * Returns pointer to the condition part if it was found in the statement,
1416 * NULL otherwise.
1417 */
1418 static char *ccs_find_condition_part(char *data)
1419 {
1420 char *cp = strstr(data, " if ");
1421 if (cp) {
1422 char *cp2;
1423 while ((cp2 = strstr(cp + 3, " if ")) != NULL)
1424 cp = cp2;
1425 *cp++ = '\0';
1426 } else {
1427 cp = strstr(data, " ; set ");
1428 if (cp)
1429 *cp++ = '\0';
1430 }
1431 return cp;
1432 }
1433
1434 /**
1435 * write_domain_policy - Write domain policy.
1436 *
1437 * @head: Pointer to "struct ccs_io_buffer".
1438 *
1439 * Returns 0 on success, negative value otherwise.
1440 */
1441 static int write_domain_policy(struct ccs_io_buffer *head)
1442 {
1443 char *data = head->write_buf;
1444 struct domain_info *domain = head->write_var1;
1445 bool is_delete = false;
1446 bool is_select = false;
1447 bool is_undelete = false;
1448 unsigned int profile;
1449 const struct condition_list *cond = NULL;
1450 char *cp;
1451 if (str_starts(&data, KEYWORD_DELETE))
1452 is_delete = true;
1453 else if (str_starts(&data, KEYWORD_SELECT))
1454 is_select = true;
1455 else if (str_starts(&data, KEYWORD_UNDELETE))
1456 is_undelete = true;
1457 if (ccs_is_domain_def(data)) {
1458 domain = NULL;
1459 if (is_delete)
1460 ccs_delete_domain(data);
1461 else if (is_select)
1462 domain = ccs_find_domain(data);
1463 else if (is_undelete)
1464 domain = ccs_undelete_domain(data);
1465 else
1466 domain = ccs_find_or_assign_new_domain(data, 0);
1467 head->write_var1 = domain;
1468 ccs_update_counter(CCS_UPDATES_COUNTER_DOMAIN_POLICY);
1469 return 0;
1470 }
1471 if (!domain)
1472 return -EINVAL;
1473
1474 if (sscanf(data, KEYWORD_USE_PROFILE "%u", &profile) == 1
1475 && profile < MAX_PROFILES) {
1476 if (profile_ptr[profile] || !sbin_init_started)
1477 domain->profile = (u8) profile;
1478 return 0;
1479 }
1480 if (!strcmp(data, KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
1481 ccs_set_domain_flag(domain, is_delete,
1482 DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ);
1483 return 0;
1484 }
1485 if (!strcmp(data, KEYWORD_IGNORE_GLOBAL_ALLOW_ENV)) {
1486 ccs_set_domain_flag(domain, is_delete,
1487 DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_ENV);
1488 return 0;
1489 }
1490 cp = ccs_find_condition_part(data);
1491 if (cp) {
1492 cond = ccs_find_or_assign_new_condition(cp);
1493 if (!cond)
1494 return -EINVAL;
1495 }
1496 if (str_starts(&data, KEYWORD_ALLOW_CAPABILITY))
1497 return ccs_write_capability_policy(data, domain, cond,
1498 is_delete);
1499 else if (str_starts(&data, KEYWORD_ALLOW_NETWORK))
1500 return ccs_write_network_policy(data, domain, cond, is_delete);
1501 else if (str_starts(&data, KEYWORD_ALLOW_SIGNAL))
1502 return ccs_write_signal_policy(data, domain, cond, is_delete);
1503 else if (str_starts(&data, KEYWORD_ALLOW_ARGV0))
1504 return ccs_write_argv0_policy(data, domain, cond, is_delete);
1505 else if (str_starts(&data, KEYWORD_ALLOW_ENV))
1506 return ccs_write_env_policy(data, domain, cond, is_delete);
1507 else
1508 return ccs_write_file_policy(data, domain, cond, is_delete);
1509 }
1510
1511 /**
1512 * print_single_path_acl - Print a single path ACL entry.
1513 *
1514 * @head: Pointer to "struct ccs_io_buffer".
1515 * @ptr: Pointer to "struct single_path_acl_record".
1516 * @cond: Pointer to "struct condition_list". May be NULL.
1517 *
1518 * Returns true on success, false otherwise.
1519 */
1520 static bool print_single_path_acl(struct ccs_io_buffer *head,
1521 struct single_path_acl_record *ptr,
1522 const struct condition_list *cond)
1523 {
1524 int pos;
1525 u8 bit;
1526 const char *atmark = "";
1527 const char *filename;
1528 const u16 perm = ptr->perm;
1529 if (ptr->u_is_group) {
1530 atmark = "@";
1531 filename = ptr->u.group->group_name->name;
1532 } else {
1533 filename = ptr->u.filename->name;
1534 }
1535 for (bit = head->read_bit; bit < MAX_SINGLE_PATH_OPERATION; bit++) {
1536 const char *msg;
1537 if (!(perm & (1 << bit)))
1538 continue;
1539 /* Print "read/write" instead of "read" and "write". */
1540 if ((bit == TYPE_READ_ACL || bit == TYPE_WRITE_ACL)
1541 && (perm & (1 << TYPE_READ_WRITE_ACL)))
1542 continue;
1543 msg = ccs_sp2keyword(bit);
1544 pos = head->read_avail;
1545 if (!ccs_io_printf(head, "allow_%s %s%s", msg,
1546 atmark, filename) ||
1547 !ccs_print_condition(head, cond))
1548 goto out;
1549 }
1550 head->read_bit = 0;
1551 return true;
1552 out:
1553 head->read_bit = bit;
1554 head->read_avail = pos;
1555 return false;
1556 }
1557
1558 /**
1559 * print_double_path_acl - Print a double path ACL entry.
1560 *
1561 * @head: Pointer to "struct ccs_io_buffer".
1562 * @ptr: Pointer to "struct double_path_acl_record".
1563 * @cond: Pointer to "struct condition_list". May be NULL.
1564 *
1565 * Returns true on success, false otherwise.
1566 */
1567 static bool print_double_path_acl(struct ccs_io_buffer *head,
1568 struct double_path_acl_record *ptr,
1569 const struct condition_list *cond)
1570 {
1571 int pos;
1572 const char *atmark1 = "";
1573 const char *atmark2 = "";
1574 const char *filename1;
1575 const char *filename2;
1576 const u8 perm = ptr->perm;
1577 u8 bit;
1578 if (ptr->u1_is_group) {
1579 atmark1 = "@";
1580 filename1 = ptr->u1.group1->group_name->name;
1581 } else {
1582 filename1 = ptr->u1.filename1->name;
1583 }
1584 if (ptr->u2_is_group) {
1585 atmark2 = "@";
1586 filename2 = ptr->u2.group2->group_name->name;
1587 } else {
1588 filename2 = ptr->u2.filename2->name;
1589 }
1590 for (bit = head->read_bit; bit < MAX_DOUBLE_PATH_OPERATION; bit++) {
1591 const char *msg;
1592 if (!(perm & (1 << bit)))
1593 continue;
1594 msg = ccs_dp2keyword(bit);
1595 pos = head->read_avail;
1596 if (!ccs_io_printf(head, "allow_%s %s%s %s%s", msg,
1597 atmark1, filename1, atmark2, filename2) ||
1598 !ccs_print_condition(head, cond))
1599 goto out;
1600 }
1601 head->read_bit = 0;
1602 return true;
1603 out:
1604 head->read_bit = bit;
1605 head->read_avail = pos;
1606 return false;
1607 }
1608
1609 /**
1610 * print_argv0_acl - Print an argv[0] ACL entry.
1611 *
1612 * @head: Pointer to "struct ccs_io_buffer".
1613 * @ptr: Pointer to "struct argv0_acl_record".
1614 * @cond: Pointer to "struct condition_list". May be NULL.
1615 *
1616 * Returns true on success, false otherwise.
1617 */
1618 static bool print_argv0_acl(struct ccs_io_buffer *head,
1619 struct argv0_acl_record *ptr,
1620 const struct condition_list *cond)
1621 {
1622 int pos = head->read_avail;
1623 if (!ccs_io_printf(head, KEYWORD_ALLOW_ARGV0 "%s %s",
1624 ptr->filename->name, ptr->argv0->name))
1625 goto out;
1626 if (!ccs_print_condition(head, cond))
1627 goto out;
1628 return true;
1629 out:
1630 head->read_avail = pos;
1631 return false;
1632 }
1633
1634 /**
1635 * print_env_acl - Print an evironment variable name's ACL entry.
1636 *
1637 * @head: Pointer to "struct ccs_io_buffer".
1638 * @ptr: Pointer to "struct env_acl_record".
1639 * @cond: Pointer to "struct condition_list". May be NULL.
1640 *
1641 * Returns true on success, false otherwise.
1642 */
1643 static bool print_env_acl(struct ccs_io_buffer *head,
1644 struct env_acl_record *ptr,
1645 const struct condition_list *cond)
1646 {
1647 int pos = head->read_avail;
1648 if (!ccs_io_printf(head, KEYWORD_ALLOW_ENV "%s", ptr->env->name))
1649 goto out;
1650 if (!ccs_print_condition(head, cond))
1651 goto out;
1652 return true;
1653 out:
1654 head->read_avail = pos;
1655 return false;
1656 }
1657
1658 /**
1659 * print_capability_acl - Print a capability ACL entry.
1660 *
1661 * @head: Pointer to "struct ccs_io_buffer".
1662 * @ptr: Pointer to "struct capability_acl_record".
1663 * @cond: Pointer to "struct condition_list". May be NULL.
1664 *
1665 * Returns true on success, false otherwise.
1666 */
1667 static bool print_capability_acl(struct ccs_io_buffer *head,
1668 struct capability_acl_record *ptr,
1669 const struct condition_list *cond)
1670 {
1671 int pos = head->read_avail;
1672 if (!ccs_io_printf(head, KEYWORD_ALLOW_CAPABILITY "%s",
1673 ccs_cap2keyword(ptr->operation)))
1674 goto out;
1675 if (!ccs_print_condition(head, cond))
1676 goto out;
1677 return true;
1678 out:
1679 head->read_avail = pos;
1680 return false;
1681 }
1682
1683 /**
1684 * print_ipv4_entry - Print IPv4 address of a network ACL entry.
1685 *
1686 * @head: Pointer to "struct ccs_io_buffer".
1687 * @ptr: Pointer to "struct ip_network_acl_record".
1688 *
1689 * Returns true on success, false otherwise.
1690 */
1691 static bool print_ipv4_entry(struct ccs_io_buffer *head,
1692 struct ip_network_acl_record *ptr)
1693 {
1694 const u32 min_address = ptr->u.ipv4.min;
1695 const u32 max_address = ptr->u.ipv4.max;
1696 if (!ccs_io_printf(head, "%u.%u.%u.%u", HIPQUAD(min_address)))
1697 return false;
1698 if (min_address != max_address
1699 && !ccs_io_printf(head, "-%u.%u.%u.%u", HIPQUAD(max_address)))
1700 return false;
1701 return true;
1702 }
1703
1704 /**
1705 * print_ipv6_entry - Print IPv6 address of a network ACL entry.
1706 *
1707 * @head: Pointer to "struct ccs_io_buffer".
1708 * @ptr: Pointer to "struct ip_network_acl_record".
1709 *
1710 * Returns true on success, false otherwise.
1711 */
1712 static bool print_ipv6_entry(struct ccs_io_buffer *head,
1713 struct ip_network_acl_record *ptr)
1714 {
1715 char buf[64];
1716 const struct in6_addr *min_address = ptr->u.ipv6.min;
1717 const struct in6_addr *max_address = ptr->u.ipv6.max;
1718 ccs_print_ipv6(buf, sizeof(buf), min_address);
1719 if (!ccs_io_printf(head, "%s", buf))
1720 return false;
1721 if (min_address != max_address) {
1722 ccs_print_ipv6(buf, sizeof(buf), max_address);
1723 if (!ccs_io_printf(head, "-%s", buf))
1724 return false;
1725 }
1726 return true;
1727 }
1728
1729 /**
1730 * print_port_entry - Print port number of a network ACL entry.
1731 *
1732 * @head: Pointer to "struct ccs_io_buffer".
1733 * @ptr: Pointer to "struct ip_network_acl_record".
1734 *
1735 * Returns true on success, false otherwise.
1736 */
1737 static bool print_port_entry(struct ccs_io_buffer *head,
1738 struct ip_network_acl_record *ptr)
1739 {
1740 const u16 min_port = ptr->min_port, max_port = ptr->max_port;
1741 if (!ccs_io_printf(head, " %u", min_port))
1742 return false;
1743 if (min_port != max_port && !ccs_io_printf(head, "-%u", max_port))
1744 return false;
1745 return true;
1746 }
1747
1748 /**
1749 * print_network_acl - Print a network ACL entry.
1750 *
1751 * @head: Pointer to "struct ccs_io_buffer".
1752 * @ptr: Pointer to "struct ip_network_acl_record".
1753 * @cond: Pointer to "struct condition_list". May be NULL.
1754 *
1755 * Returns true on success, false otherwise.
1756 */
1757 static bool print_network_acl(struct ccs_io_buffer *head,
1758 struct ip_network_acl_record *ptr,
1759 const struct condition_list *cond)
1760 {
1761 int pos = head->read_avail;
1762 if (!ccs_io_printf(head, KEYWORD_ALLOW_NETWORK "%s ",
1763 ccs_net2keyword(ptr->operation_type)))
1764 goto out;
1765 switch (ptr->record_type) {
1766 case IP_RECORD_TYPE_ADDRESS_GROUP:
1767 if (!ccs_io_printf(head, "@%s", ptr->u.group->group_name->name))
1768 goto out;
1769 break;
1770 case IP_RECORD_TYPE_IPv4:
1771 if (!print_ipv4_entry(head, ptr))
1772 goto out;
1773 break;
1774 case IP_RECORD_TYPE_IPv6:
1775 if (!print_ipv6_entry(head, ptr))
1776 goto out;
1777 break;
1778 }
1779 if (!print_port_entry(head, ptr))
1780 goto out;
1781 if (!ccs_print_condition(head, cond))
1782 goto out;
1783 return true;
1784 out:
1785 head->read_avail = pos;
1786 return false;
1787 }
1788
1789 /**
1790 * print_signal_acl - Print a signal ACL entry.
1791 *
1792 * @head: Pointer to "struct ccs_io_buffer".
1793 * @ptr: Pointer to "struct signale_acl_record".
1794 * @cond: Pointer to "struct condition_list". May be NULL.
1795 *
1796 * Returns true on success, false otherwise.
1797 */
1798 static bool print_signal_acl(struct ccs_io_buffer *head,
1799 struct signal_acl_record *ptr,
1800 const struct condition_list *cond)
1801 {
1802 int pos = head->read_avail;
1803 if (!ccs_io_printf(head, KEYWORD_ALLOW_SIGNAL "%u %s",
1804 ptr->sig, ptr->domainname->name))
1805 goto out;
1806 if (!ccs_print_condition(head, cond))
1807 goto out;
1808 return true;
1809 out:
1810 head->read_avail = pos;
1811 return false;
1812 }
1813
1814 /**
1815 * print_execute_handler_record - Print an execute handler ACL entry.
1816 *
1817 * @head: Pointer to "struct ccs_io_buffer".
1818 * @keyword: Name of the keyword.
1819 * @ptr: Pointer to "struct execute_handler_record".
1820 *
1821 * Returns true on success, false otherwise.
1822 */
1823 static bool print_execute_handler_record(struct ccs_io_buffer *head,
1824 const char *keyword,
1825 struct execute_handler_record *ptr)
1826 {
1827 return ccs_io_printf(head, "%s %s\n", keyword, ptr->handler->name);
1828 }
1829
1830 /**
1831 * print_entry - Print an ACL entry.
1832 *
1833 * @head: Pointer to "struct ccs_io_buffer".
1834 * @ptr: Pointer to an ACL entry.
1835 *
1836 * Returns true on success, false otherwise.
1837 */
1838 static bool print_entry(struct ccs_io_buffer *head, struct acl_info *ptr)
1839 {
1840 const struct condition_list *cond = ccs_get_condition_part(ptr);
1841 const u8 acl_type = ccs_acl_type2(ptr);
1842 if (acl_type & ACL_DELETED)
1843 return true;
1844 if (acl_type == TYPE_SINGLE_PATH_ACL) {
1845 struct single_path_acl_record *acl
1846 = container_of(ptr, struct single_path_acl_record,
1847 head);
1848 return print_single_path_acl(head, acl, cond);
1849 }
1850 if (acl_type == TYPE_DOUBLE_PATH_ACL) {
1851 struct double_path_acl_record *acl
1852 = container_of(ptr, struct double_path_acl_record,
1853 head);
1854 return print_double_path_acl(head, acl, cond);
1855 }
1856 if (acl_type == TYPE_ARGV0_ACL) {
1857 struct argv0_acl_record *acl
1858 = container_of(ptr, struct argv0_acl_record, head);
1859 return print_argv0_acl(head, acl, cond);
1860 }
1861 if (acl_type == TYPE_ENV_ACL) {
1862 struct env_acl_record *acl
1863 = container_of(ptr, struct env_acl_record, head);
1864 return print_env_acl(head, acl, cond);
1865 }
1866 if (acl_type == TYPE_CAPABILITY_ACL) {
1867 struct capability_acl_record *acl
1868 = container_of(ptr, struct capability_acl_record, head);
1869 return print_capability_acl(head, acl, cond);
1870 }
1871 if (acl_type == TYPE_IP_NETWORK_ACL) {
1872 struct ip_network_acl_record *acl
1873 = container_of(ptr, struct ip_network_acl_record, head);
1874 return print_network_acl(head, acl, cond);
1875 }
1876 if (acl_type == TYPE_SIGNAL_ACL) {
1877 struct signal_acl_record *acl
1878 = container_of(ptr, struct signal_acl_record, head);
1879 return print_signal_acl(head, acl, cond);
1880 }
1881 if (acl_type == TYPE_EXECUTE_HANDLER) {
1882 struct execute_handler_record *acl
1883 = container_of(ptr, struct execute_handler_record,
1884 head);
1885 const char *keyword = KEYWORD_EXECUTE_HANDLER;
1886 return print_execute_handler_record(head, keyword, acl);
1887 }
1888 if (acl_type == TYPE_DENIED_EXECUTE_HANDLER) {
1889 struct execute_handler_record *acl
1890 = container_of(ptr, struct execute_handler_record,
1891 head);
1892 const char *keyword = KEYWORD_DENIED_EXECUTE_HANDLER;
1893 return print_execute_handler_record(head, keyword, acl);
1894 }
1895 /* Workaround for gcc 3.2.2's inline bug. */
1896 if (acl_type & ACL_DELETED)
1897 return true;
1898 BUG(); /* This must not happen. */
1899 return false;
1900 }
1901
1902 /**
1903 * read_domain_policy - Read domain policy.
1904 *
1905 * @head: Pointer to "struct ccs_io_buffer".
1906 *
1907 * Returns 0.
1908 */
1909 static int read_domain_policy(struct ccs_io_buffer *head)
1910 {
1911 struct list1_head *dpos;
1912 struct list1_head *apos;
1913 if (head->read_eof)
1914 return 0;
1915 if (head->read_step == 0)
1916 head->read_step = 1;
1917 list1_for_each_cookie(dpos, head->read_var1, &domain_list) {
1918 struct domain_info *domain;
1919 const char *quota_exceeded = "";
1920 const char *transition_failed = "";
1921 const char *ignore_global_allow_read = "";
1922 const char *ignore_global_allow_env = "";
1923 domain = list1_entry(dpos, struct domain_info, list);
1924 if (head->read_step != 1)
1925 goto acl_loop;
1926 if (domain->is_deleted)
1927 continue;
1928 /* Print domainname and flags. */
1929 if (domain->quota_warned)
1930 quota_exceeded = "quota_exceeded\n";
1931 if (domain->flags & DOMAIN_FLAGS_TRANSITION_FAILED)
1932 transition_failed = "transition_failed\n";
1933 if (domain->flags & DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ)
1934 ignore_global_allow_read
1935 = KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n";
1936 if (domain->flags & DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_ENV)
1937 ignore_global_allow_env
1938 = KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "\n";
1939 if (!ccs_io_printf(head, "%s\n" KEYWORD_USE_PROFILE "%u\n"
1940 "%s%s%s%s\n", domain->domainname->name,
1941 domain->profile, quota_exceeded,
1942 transition_failed,
1943 ignore_global_allow_read,
1944 ignore_global_allow_env))
1945 return 0;
1946 head->read_step = 2;
1947 acl_loop:
1948 if (head->read_step == 3)
1949 goto tail_mark;
1950 /* Print ACL entries in the domain. */
1951 list1_for_each_cookie(apos, head->read_var2,
1952 &domain->acl_info_list) {
1953 struct acl_info *ptr
1954 = list1_entry(apos, struct acl_info, list);
1955 if (!print_entry(head, ptr))
1956 return 0;
1957 }
1958 head->read_step = 3;
1959 tail_mark:
1960 if (!ccs_io_printf(head, "\n"))
1961 return 0;
1962 head->read_step = 1;
1963 }
1964 head->read_eof = true;
1965 return 0;
1966 }
1967
1968 #endif
1969
1970 /**
1971 * write_domain_profile - Assign profile for specified domain.
1972 *
1973 * @head: Pointer to "struct ccs_io_buffer".
1974 *
1975 * Returns 0 on success, -EINVAL otherwise.
1976 *
1977 * This is equivalent to doing
1978 *
1979 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1980 * /usr/lib/ccs/loadpolicy -d
1981 */
1982 static int write_domain_profile(struct ccs_io_buffer *head)
1983 {
1984 char *data = head->write_buf;
1985 char *cp = strchr(data, ' ');
1986 struct domain_info *domain;
1987 unsigned int profile;
1988 if (!cp)
1989 return -EINVAL;
1990 *cp = '\0';
1991 domain = ccs_find_domain(cp + 1);
1992 profile = simple_strtoul(data, NULL, 10);
1993 if (domain && profile < MAX_PROFILES
1994 && (profile_ptr[profile] || !sbin_init_started))
1995 domain->profile = (u8) profile;
1996 ccs_update_counter(CCS_UPDATES_COUNTER_DOMAIN_POLICY);
1997 return 0;
1998 }
1999
2000 /**
2001 * read_domain_profile - Read only domainname and profile.
2002 *
2003 * @head: Pointer to "struct ccs_io_buffer".
2004 *
2005 * Returns list of profile number and domainname pairs.
2006 *
2007 * This is equivalent to doing
2008 *
2009 * grep -A 1 '^<kernel>' /proc/ccs/domain_policy |
2010 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
2011 * domainname = $0; } else if ( $1 == "use_profile" ) {
2012 * print $2 " " domainname; domainname = ""; } } ; '
2013 */
2014 static int read_domain_profile(struct ccs_io_buffer *head)
2015 {
2016 struct list1_head *pos;
2017 if (head->read_eof)
2018 return 0;
2019 list1_for_each_cookie(pos, head->read_var1, &domain_list) {
2020 struct domain_info *domain;
2021 domain = list1_entry(pos, struct domain_info, list);
2022 if (domain->is_deleted)
2023 continue;
2024 if (!ccs_io_printf(head, "%u %s\n", domain->profile,
2025 domain->domainname->name))
2026 return 0;
2027 }
2028 head->read_eof = true;
2029 return 0;
2030 }
2031
2032 /**
2033 * write_pid: Specify PID to obtain domainname.
2034 *
2035 * @head: Pointer to "struct ccs_io_buffer".
2036 *
2037 * Returns 0.
2038 */
2039 static int write_pid(struct ccs_io_buffer *head)
2040 {
2041 head->read_step = (int) simple_strtoul(head->write_buf, NULL, 10);
2042 head->read_eof = false;
2043 return 0;
2044 }
2045
2046 /**
2047 * read_pid - Get domainname of the specified PID.
2048 *
2049 * @head: Pointer to "struct ccs_io_buffer".
2050 *
2051 * Returns the domainname which the specified PID is in on success,
2052 * empty string otherwise.
2053 * The PID is specified by write_pid() so that the user can obtain
2054 * using read()/write() interface rather than sysctl() interface.
2055 */
2056 static int read_pid(struct ccs_io_buffer *head)
2057 {
2058 if (head->read_avail == 0 && !head->read_eof) {
2059 const int pid = head->read_step;
2060 struct task_struct *p;
2061 struct domain_info *domain = NULL;
2062 /***** CRITICAL SECTION START *****/
2063 read_lock(&tasklist_lock);
2064 p = find_task_by_pid(pid);
2065 if (p)
2066 domain = p->domain_info;
2067 read_unlock(&tasklist_lock);
2068 /***** CRITICAL SECTION END *****/
2069 if (domain)
2070 ccs_io_printf(head, "%d %u %s", pid, domain->profile,
2071 domain->domainname->name);
2072 head->read_eof = true;
2073 }
2074 return 0;
2075 }
2076
2077 #ifdef CONFIG_TOMOYO
2078
2079 /**
2080 * write_exception_policy - Write exception policy.
2081 *
2082 * @head: Pointer to "struct ccs_io_buffer".
2083 *
2084 * Returns 0 on success, negative value otherwise.
2085 */
2086 static int write_exception_policy(struct ccs_io_buffer *head)
2087 {
2088 char *data = head->write_buf;
2089 bool is_delete = str_starts(&data, KEYWORD_DELETE);
2090 if (str_starts(&data, KEYWORD_KEEP_DOMAIN))
2091 return ccs_write_domain_keeper_policy(data, false, is_delete);
2092 if (str_starts(&data, KEYWORD_NO_KEEP_DOMAIN))
2093 return ccs_write_domain_keeper_policy(data, true, is_delete);
2094 if (str_starts(&data, KEYWORD_INITIALIZE_DOMAIN))
2095 return ccs_write_domain_initializer_policy(data, false,
2096 is_delete);
2097 if (str_starts(&data, KEYWORD_NO_INITIALIZE_DOMAIN))
2098 return ccs_write_domain_initializer_policy(data, true,
2099 is_delete);
2100 if (str_starts(&data, KEYWORD_ALIAS))
2101 return ccs_write_alias_policy(data, is_delete);
2102 if (str_starts(&data, KEYWORD_AGGREGATOR))
2103 return ccs_write_aggregator_policy(data, is_delete);
2104 if (str_starts(&data, KEYWORD_ALLOW_READ))
2105 return ccs_write_globally_readable_policy(data, is_delete);
2106 if (str_starts(&data, KEYWORD_ALLOW_ENV))
2107 return ccs_write_globally_usable_env_policy(data, is_delete);
2108 if (str_starts(&data, KEYWORD_FILE_PATTERN))
2109 return ccs_write_pattern_policy(data, is_delete);
2110 if (str_starts(&data, KEYWORD_PATH_GROUP))
2111 return ccs_write_path_group_policy(data, is_delete);
2112 if (str_starts(&data, KEYWORD_DENY_REWRITE))
2113 return ccs_write_no_rewrite_policy(data, is_delete);
2114 if (str_starts(&data, KEYWORD_ADDRESS_GROUP))
2115 return ccs_write_address_group_policy(data, is_delete);
2116 return -EINVAL;
2117 }
2118
2119 /**
2120 * read_exception_policy - Read exception policy.
2121 *
2122 * @head: Pointer to "struct ccs_io_buffer".
2123 *
2124 * Returns 0 on success, -EINVAL otherwise.
2125 */
2126 static int read_exception_policy(struct ccs_io_buffer *head)
2127 {
2128 if (!head->read_eof) {
2129 switch (head->read_step) {
2130 case 0:
2131 head->read_var2 = NULL;
2132 head->read_step = 1;
2133 case 1:
2134 if (!ccs_read_domain_keeper_policy(head))
2135 break;
2136 head->read_var2 = NULL;
2137 head->read_step = 2;
2138 case 2:
2139 if (!ccs_read_globally_readable_policy(head))
2140 break;
2141 head->read_var2 = NULL;
2142 head->read_step = 3;
2143 case 3:
2144 if (!ccs_read_globally_usable_env_policy(head))
2145 break;
2146 head->read_var2 = NULL;
2147 head->read_step = 4;
2148 case 4:
2149 if (!ccs_read_domain_initializer_policy(head))
2150 break;
2151 head->read_var2 = NULL;
2152 head->read_step = 5;
2153 case 5:
2154 if (!ccs_read_alias_policy(head))
2155 break;
2156 head->read_var2 = NULL;
2157 head->read_step = 6;
2158 case 6:
2159 if (!ccs_read_aggregator_policy(head))
2160 break;
2161 head->read_var2 = NULL;
2162 head->read_step = 7;
2163 case 7:
2164 if (!ccs_read_file_pattern(head))
2165 break;
2166 head->read_var2 = NULL;
2167 head->read_step = 8;
2168 case 8:
2169 if (!ccs_read_no_rewrite_policy(head))
2170 break;
2171 head->read_var2 = NULL;
2172 head->read_step = 9;
2173 case 9:
2174 if (!ccs_read_path_group_policy(head))
2175 break;
2176 head->read_var1 = NULL;
2177 head->read_var2 = NULL;
2178 head->read_step = 10;
2179 case 10:
2180 if (!ccs_read_address_group_policy(head))
2181 break;
2182 head->read_eof = true;
2183 break;
2184 default:
2185 return -EINVAL;
2186 }
2187 }
2188 return 0;
2189 }
2190
2191 #endif
2192
2193 #ifdef CONFIG_SAKURA
2194
2195 /**
2196 * write_system_policy - Write system policy.
2197 *
2198 * @head: Pointer to "struct ccs_io_buffer".
2199 *
2200 * Returns 0 on success, negative value otherwise.
2201 */
2202 static int write_system_policy(struct ccs_io_buffer *head)
2203 {
2204 char *data = head->write_buf;
2205 bool is_delete = false;
2206 if (str_starts(&data, KEYWORD_DELETE))
2207 is_delete = true;
2208 if (str_starts(&data, KEYWORD_ALLOW_MOUNT))
2209 return ccs_write_mount_policy(data, is_delete);
2210 if (str_starts(&data, KEYWORD_DENY_UNMOUNT))
2211 return ccs_write_no_umount_policy(data, is_delete);
2212 if (str_starts(&data, KEYWORD_ALLOW_CHROOT))
2213 return ccs_write_chroot_policy(data, is_delete);
2214 if (str_starts(&data, KEYWORD_ALLOW_PIVOT_ROOT))
2215 return ccs_write_pivot_root_policy(data, is_delete);
2216 if (str_starts(&data, KEYWORD_DENY_AUTOBIND))
2217 return ccs_write_reserved_port_policy(data, is_delete);
2218 return -EINVAL;
2219 }
2220
2221 /**
2222 * read_system_policy - Read system policy.
2223 *
2224 * @head: Pointer to "struct ccs_io_buffer".
2225 *
2226 * Returns 0 on success, -EINVAL otherwise.
2227 */
2228 static int read_system_policy(struct ccs_io_buffer *head)
2229 {
2230 if (!head->read_eof) {
2231 switch (head->read_step) {
2232 case 0:
2233 head->read_var2 = NULL;
2234 head->read_step = 1;
2235 case 1:
2236 if (!ccs_read_mount_policy(head))
2237 break;
2238 head->read_var2 = NULL;
2239 head->read_step = 2;
2240 case 2:
2241 if (!ccs_read_no_umount_policy(head))
2242 break;
2243 head->read_var2 = NULL;
2244 head->read_step = 3;
2245 case 3:
2246 if (!ccs_read_chroot_policy(head))
2247 break;
2248 head->read_var2 = NULL;
2249 head->read_step = 4;
2250 case 4:
2251 if (!ccs_read_pivot_root_policy(head))
2252 break;
2253 head->read_var2 = NULL;
2254 head->read_step = 5;
2255 case 5:
2256 if (!ccs_read_reserved_port_policy(head))
2257 break;
2258 head->read_eof = true;
2259 break;
2260 default:
2261 return -EINVAL;
2262 }
2263 }
2264 return 0;
2265 }
2266
2267 #endif
2268
2269 /* Path to the policy loader. The default is /sbin/ccs-init. */
2270 static const char *ccs_loader;
2271
2272 /**
2273 * loader_setup - Specify the policy loader to use.
2274 *
2275 * @str: Path to the policy loader.
2276 *
2277 * Returns 0.
2278 */
2279 static int __init loader_setup(char *str)
2280 {
2281 ccs_loader = str;
2282 return 0;
2283 }
2284
2285 __setup("CCS_loader=", loader_setup);
2286
2287 /**
2288 * policy_loader_exists - Check whether /sbin/ccs-init exists.
2289 *
2290 * Returns true if /sbin/ccs-init exists, false otherwise.
2291 */
2292 static bool policy_loader_exists(void)
2293 {
2294 /*
2295 * Don't activate MAC if the path given by 'CCS_loader=' option doesn't
2296 * exist. If the initrd includes /sbin/init but real-root-dev has not
2297 * mounted on / yet, activating MAC will block the system since
2298 * policies are not loaded yet.
2299 * Thus, let do_execve() call this function everytime.
2300 */
2301 struct nameidata nd;
2302 if (!ccs_loader)
2303 ccs_loader = "/sbin/ccs-init";
2304 if (path_lookup(ccs_loader, lookup_flags, &nd)) {
2305 printk(KERN_INFO "Not activating Mandatory Access Control now "
2306 "since %s doesn't exist.\n", ccs_loader);
2307 return false;
2308 }
2309 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 25)
2310 path_put(&nd.path);
2311 #else
2312 path_release(&nd);
2313 #endif
2314 return true;
2315 }
2316
2317 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 5, 0)
2318 /**
2319 * run_ccs_loader - Start /sbin/ccs-init .
2320 *
2321 * @unused: Not used.
2322 *
2323 * Returns PID of /sbin/ccs-init on success, negative value otherwise.
2324 */
2325 static int run_ccs_loader(void *unused)
2326 {
2327 char *argv[2];
2328 char *envp[3];
2329 printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
2330 ccs_loader);
2331 argv[0] = (char *) ccs_loader;
2332 argv[1] = NULL;
2333 envp[0] = "HOME=/";
2334 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
2335 envp[2] = NULL;
2336 return exec_usermodehelper(argv[0], argv, envp);
2337 }
2338 #endif
2339
2340 /**
2341 * ccs_load_policy - Run external policy loader to load policy.
2342 *
2343 * @filename: The program about to start.
2344 *
2345 * This function checks whether @filename is /sbin/init , and if so
2346 * invoke /sbin/ccs-init and wait for the termination of /sbin/ccs-init
2347 * and then continues invocation of /sbin/init.
2348 * /sbin/ccs-init reads policy files in /etc/ccs/ directory and
2349 * writes to /proc/ccs/ interfaces.
2350 *
2351 * Returns nothing.
2352 */
2353 void ccs_load_policy(const char *filename)
2354 {
2355 if (sbin_init_started)
2356 return;
2357 /*
2358 * Check filename is /sbin/init or /sbin/ccs-start.
2359 * /sbin/ccs-start is a dummy filename in case where /sbin/init can't
2360 * be passed.
2361 * You can create /sbin/ccs-start by "ln -s /bin/true /sbin/ccs-start".
2362 */
2363 if (strcmp(filename, "/sbin/init") &&
2364 strcmp(filename, "/sbin/ccs-start"))
2365 return;
2366 if (!policy_loader_exists())
2367 return;
2368 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 0)
2369 {
2370 char *argv[2];
2371 char *envp[3];
2372 printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
2373 ccs_loader);
2374 argv[0] = (char *) ccs_loader;
2375 argv[1] = NULL;
2376 envp[0] = "HOME=/";
2377 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
2378 envp[2] = NULL;
2379 call_usermodehelper(argv[0], argv, envp, 1);
2380 }
2381 #elif defined(TASK_DEAD)
2382 {
2383 /* Copied from kernel/kmod.c */
2384 struct task_struct *task = current;
2385 pid_t pid = kernel_thread(run_ccs_loader, NULL, 0);
2386 sigset_t tmpsig;
2387 spin_lock_irq(&task->sighand->siglock);
2388 tmpsig = task->blocked;
2389 siginitsetinv(&task->blocked,
2390 sigmask(SIGKILL) | sigmask(SIGSTOP));
2391 recalc_sigpending();
2392 spin_unlock_irq(&current->sighand->siglock);
2393 if (pid >= 0)
2394 waitpid(pid, NULL, __WCLONE);
2395 spin_lock_irq(&task->sighand->siglock);
2396 task->blocked = tmpsig;
2397 recalc_sigpending();
2398 spin_unlock_irq(&task->sighand->siglock);
2399 }
2400 #else
2401 {
2402 /* Copied from kernel/kmod.c */
2403 struct task_struct *task = current;
2404 pid_t pid = kernel_thread(run_ccs_loader, NULL, 0);
2405 sigset_t tmpsig;
2406 spin_lock_irq(&task->sigmask_lock);
2407 tmpsig = task->blocked;
2408 siginitsetinv(&task->blocked,
2409 sigmask(SIGKILL) | sigmask(SIGSTOP));
2410 recalc_sigpending(task);
2411 spin_unlock_irq(&task->sigmask_lock);
2412 if (pid >= 0)
2413 waitpid(pid, NULL, __WCLONE);
2414 spin_lock_irq(&task->sigmask_lock);
2415 task->blocked = tmpsig;
2416 recalc_sigpending(task);
2417 spin_unlock_irq(&task->sigmask_lock);
2418 }
2419 #endif
2420 #ifdef CONFIG_SAKURA
2421 printk(KERN_INFO "SAKURA: 1.6.5-pre 2008/09/09\n");
2422 #endif
2423 #ifdef CONFIG_TOMOYO
2424 printk(KERN_INFO "TOMOYO: 1.6.5-pre 2008/09/09\n");
2425 #endif
2426 printk(KERN_INFO "Mandatory Access Control activated.\n");
2427 sbin_init_started = true;
2428 ccs_log_level = KERN_WARNING;
2429 { /* Check all profiles currently assigned to domains are defined. */
2430 struct domain_info *domain;
2431 list1_for_each_entry(domain, &domain_list, list) {
2432 const u8 profile = domain->profile;
2433 if (profile_ptr[profile])
2434 continue;
2435 panic("Profile %u (used by '%s') not defined.\n",
2436 profile, domain->domainname->name);
2437 }
2438 }
2439 }
2440
2441 /* Wait queue for query_list. */
2442 static DECLARE_WAIT_QUEUE_HEAD(query_wait);
2443
2444 /* Lock for manipurating query_list. */
2445 static DEFINE_SPINLOCK(query_lock);
2446
2447 /* Structure for query. */
2448 struct query_entry {
2449 struct list_head list;
2450 char *query;
2451 int query_len;
2452 unsigned int serial;
2453 int timer;
2454 int answer;
2455 };
2456
2457 /* The list for "struct query_entry". */
2458 static LIST_HEAD(query_list);
2459
2460 /* Number of "struct file" referring /proc/ccs/query interface. */
2461 static atomic_t queryd_watcher = ATOMIC_INIT(0);
2462
2463 /**
2464 * ccs_check_supervisor - Ask for the supervisor's decision.
2465 *
2466 * @bprm: Pointer to "struct linux_binprm". May be NULL.
2467 * @fmt: The printf()'s format string, followed by parameters.
2468 *
2469 * Returns 0 if the supervisor decided to permit the access request which
2470 * violated the policy in enforcing mode, 1 if the supervisor decided to
2471 * retry the access request which violated the policy in enforcing mode,
2472 * -EPERM otherwise.
2473 */
2474 int ccs_check_supervisor(struct linux_binprm *bprm, const char *fmt, ...)
2475 {
2476 va_list args;
2477 int error = -EPERM;
2478 int pos;
2479 int len;
2480 static unsigned int serial;
2481 struct query_entry *query_entry = NULL;
2482 char *header;
2483 if (!atomic_read(&queryd_watcher)) {
2484 int i;
2485 if (current->tomoyo_flags & CCS_DONT_SLEEP_ON_ENFORCE_ERROR)
2486 return -EPERM;
2487 for (i = 0; i < ccs_check_flags(CCS_SLEEP_PERIOD); i++) {
2488 set_current_state(TASK_INTERRUPTIBLE);
2489 schedule_timeout(HZ / 10);
2490 }
2491 return -EPERM;
2492 }
2493 va_start(args, fmt);
2494 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
2495 va_end(args);
2496 #ifdef CONFIG_TOMOYO
2497 header = ccs_init_audit_log(&len, current->domain_info->profile,
2498 3, bprm);
2499 #else
2500 header = ccs_alloc(1);
2501 #endif
2502 if (!header)
2503 goto out;
2504 query_entry = ccs_alloc(sizeof(*query_entry));
2505 if (!query_entry)
2506 goto out;
2507 query_entry->query = ccs_alloc(len);
2508 if (!query_entry->query)
2509 goto out;
2510 INIT_LIST_HEAD(&query_entry->list);
2511 /***** CRITICAL SECTION START *****/
2512 spin_lock(&query_lock);
2513 query_entry->serial = serial++;
2514 spin_unlock(&query_lock);
2515 /***** CRITICAL SECTION END *****/
2516 pos = snprintf(query_entry->query, len - 1, "Q%u\n%s",
2517 query_entry->serial, header);
2518 ccs_free(header);
2519 header = NULL;
2520 va_start(args, fmt);
2521 vsnprintf(query_entry->query + pos, len - 1 - pos, fmt, args);
2522 query_entry->query_len = strlen(query_entry->query) + 1;
2523 va_end(args);
2524 /***** CRITICAL SECTION START *****/
2525 spin_lock(&query_lock);
2526 list_add_tail(&query_entry->list, &query_list);
2527 spin_unlock(&query_lock);
2528 /***** CRITICAL SECTION END *****/
2529 ccs_update_counter(CCS_UPDATES_COUNTER_QUERY);
2530 /* Give 10 seconds for supervisor's opinion. */
2531 for (query_entry->timer = 0; atomic_read(&queryd_watcher)
2532 && query_entry->timer < 100; query_entry->timer++) {
2533 wake_up(&query_wait);
2534 set_current_state(TASK_INTERRUPTIBLE);
2535 schedule_timeout(HZ / 10);
2536 if (query_entry->answer)
2537 break;
2538 }
2539 ccs_update_counter(CCS_UPDATES_COUNTER_QUERY);
2540 /***** CRITICAL SECTION START *****/
2541 spin_lock(&query_lock);
2542 list_del(&query_entry->list);
2543 spin_unlock(&query_lock);
2544 /***** CRITICAL SECTION END *****/
2545 switch (query_entry->answer) {
2546 case 3: /* Asked to retry by administrator. */
2547 error = 1;
2548 break;
2549 case 1:
2550 /* Granted by administrator. */
2551 error = 0;
2552 break;
2553 case 0:
2554 /* Timed out. */
2555 break;
2556 default:
2557 /* Rejected by administrator. */
2558 break;
2559 }
2560 out:
2561 if (query_entry)
2562 ccs_free(query_entry->query);
2563 ccs_free(query_entry);
2564 ccs_free(header);
2565 return error;
2566 }
2567
2568 /**
2569 * poll_query - poll() for /proc/ccs/query.
2570 *
2571 * @file: Pointer to "struct file".
2572 * @wait: Pointer to "poll_table".
2573 *
2574 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
2575 *
2576 * Waits for access requests which violated policy in enforcing mode.
2577 */
2578 static int poll_query(struct file *file, poll_table *wait)
2579 {
2580 bool found;
2581 /***** CRITICAL SECTION START *****/
2582 spin_lock(&query_lock);
2583 found = !list_empty(&query_list);
2584 spin_unlock(&query_lock);
2585 /***** CRITICAL SECTION END *****/
2586 if (found)
2587 return POLLIN | POLLRDNORM;
2588 poll_wait(file, &query_wait, wait);
2589 /***** CRITICAL SECTION START *****/
2590 spin_lock(&query_lock);
2591 found = !list_empty(&query_list);
2592 spin_unlock(&query_lock);
2593 /***** CRITICAL SECTION END *****/
2594 if (found)
2595 return POLLIN | POLLRDNORM;
2596 return 0;
2597 }
2598
2599 /**
2600 * read_query - Read access requests which violated policy in enforcing mode.
2601 *
2602 * @head: Pointer to "struct ccs_io_buffer".
2603 *
2604 * Returns 0.
2605 */
2606 static int read_query(struct ccs_io_buffer *head)
2607 {
2608 struct list_head *tmp;
2609 int pos = 0;
2610 int len = 0;
2611 char *buf;
2612 if (head->read_avail)
2613 return 0;
2614 if (head->read_buf) {
2615 ccs_free(head->read_buf);
2616 head->read_buf = NULL;
2617 head->readbuf_size = 0;
2618 }
2619 /***** CRITICAL SECTION START *****/
2620 spin_lock(&query_lock);
2621 list_for_each(tmp, &query_list) {
2622 struct query_entry *ptr
2623 = list_entry(tmp, struct query_entry, list);
2624 if (pos++ != head->read_step)
2625 continue;
2626 len = ptr->query_len;
2627 break;
2628 }
2629 spin_unlock(&query_lock);
2630 /***** CRITICAL SECTION END *****/
2631 if (!len) {
2632 head->read_step = 0;
2633 return 0;
2634 }
2635 buf = ccs_alloc(len);
2636 if (buf) {
2637 pos = 0;
2638 /***** CRITICAL SECTION START *****/
2639 spin_lock(&query_lock);
2640 list_for_each(tmp, &query_list) {
2641 struct query_entry *ptr
2642 = list_entry(tmp, struct query_entry, list);
2643 if (pos++ != head->read_step)
2644 continue;
2645 /*
2646 * Some query can be skipped because query_list
2647 * can change, but I don't care.
2648 */
2649 if (len == ptr->query_len)
2650 memmove(buf, ptr->query, len);
2651 break;
2652 }
2653 spin_unlock(&query_lock);
2654 /***** CRITICAL SECTION END *****/
2655 if (buf[0]) {
2656 head->read_avail = len;
2657 head->readbuf_size = head->read_avail;
2658 head->read_buf = buf;
2659 head->read_step++;
2660 } else {
2661 ccs_free(buf);
2662 }
2663 }
2664 return 0;
2665 }
2666
2667 /**
2668 * write_answer - Write the supervisor's decision.
2669 *
2670 * @head: Pointer to "struct ccs_io_buffer".
2671 *
2672 * Returns 0 on success, -EINVAL otherwise.
2673 */
2674 static int write_answer(struct ccs_io_buffer *head)
2675 {
2676 char *data = head->write_buf;
2677 struct list_head *tmp;
2678 unsigned int serial;
2679 unsigned int answer;
2680 /***** CRITICAL SECTION START *****/
2681 spin_lock(&query_lock);
2682 list_for_each(tmp, &query_list) {
2683 struct query_entry *ptr
2684 = list_entry(tmp, struct query_entry, list);
2685 ptr->timer = 0;
2686 }
2687 spin_unlock(&query_lock);
2688 /***** CRITICAL SECTION END *****/
2689 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
2690 return -EINVAL;
2691 /***** CRITICAL SECTION START *****/
2692 spin_lock(&query_lock);
2693 list_for_each(tmp, &query_list) {
2694 struct query_entry *ptr
2695 = list_entry(tmp, struct query_entry, list);
2696 if (ptr->serial != serial)
2697 continue;
2698 if (!ptr->answer)
2699 ptr->answer = answer;
2700 break;
2701 }
2702 spin_unlock(&query_lock);
2703 /***** CRITICAL SECTION END *****/
2704 return 0;
2705 }
2706
2707 /* Policy updates counter. */
2708 static unsigned int updates_counter[MAX_CCS_UPDATES_COUNTER];
2709
2710 /* Policy updates counter lock. */
2711 static DEFINE_SPINLOCK(updates_counter_lock);
2712
2713 /**
2714 * ccs_update_counter - Increment policy change counter.
2715 *
2716 * @index: Type of policy.
2717 *
2718 * Returns nothing.
2719 */
2720 void ccs_update_counter(const unsigned char index)
2721 {
2722 /***** CRITICAL SECTION START *****/
2723 spin_lock(&updates_counter_lock);
2724 if (index < MAX_CCS_UPDATES_COUNTER)
2725 updates_counter[index]++;
2726 spin_unlock(&updates_counter_lock);
2727 /***** CRITICAL SECTION END *****/
2728 }
2729
2730 /**
2731 * read_updates_counter - Check for policy change counter.
2732 *
2733 * @head: Pointer to "struct ccs_io_buffer".
2734 *
2735 * Returns how many times policy has changed since the previous check.
2736 */
2737 static int read_updates_counter(struct ccs_io_buffer *head)
2738 {
2739 if (!head->read_eof) {
2740 unsigned int counter[MAX_CCS_UPDATES_COUNTER];
2741 /***** CRITICAL SECTION START *****/
2742 spin_lock(&updates_counter_lock);
2743 memmove(counter, updates_counter, sizeof(updates_counter));
2744 memset(updates_counter, 0, sizeof(updates_counter));
2745 spin_unlock(&updates_counter_lock);
2746 /***** CRITICAL SECTION END *****/
2747 ccs_io_printf(head,
2748 "/proc/ccs/system_policy: %10u\n"
2749 "/proc/ccs/domain_policy: %10u\n"
2750 "/proc/ccs/exception_policy: %10u\n"
2751 "/proc/ccs/profile: %10u\n"
2752 "/proc/ccs/query: %10u\n"
2753 "/proc/ccs/manager: %10u\n"
2754 "/proc/ccs/grant_log: %10u\n"
2755 "/proc/ccs/reject_log: %10u\n",
2756 counter[CCS_UPDATES_COUNTER_SYSTEM_POLICY],
2757 counter[CCS_UPDATES_COUNTER_DOMAIN_POLICY],
2758 counter[CCS_UPDATES_COUNTER_EXCEPTION_POLICY],
2759 counter[CCS_UPDATES_COUNTER_PROFILE],
2760 counter[CCS_UPDATES_COUNTER_QUERY],
2761 counter[CCS_UPDATES_COUNTER_MANAGER],
2762 counter[CCS_UPDATES_COUNTER_GRANT_LOG],
2763 counter[CCS_UPDATES_COUNTER_REJECT_LOG]);
2764 head->read_eof = true;
2765 }
2766 return 0;
2767 }
2768
2769 /**
2770 * read_version: Get version.
2771 *
2772 * @head: Pointer to "struct ccs_io_buffer".
2773 *
2774 * Returns version information.
2775 */
2776 static int read_version(struct ccs_io_buffer *head)
2777 {
2778 if (!head->read_eof) {
2779 ccs_io_printf(head, "1.6.4");
2780 head->read_eof = true;
2781 }
2782 return 0;
2783 }
2784
2785 /**
2786 * read_self_domain - Get the current process's domainname.
2787 *
2788 * @head: Pointer to "struct ccs_io_buffer".
2789 *
2790 * Returns the current process's domainname.
2791 */
2792 static int read_self_domain(struct ccs_io_buffer *head)
2793 {
2794 if (!head->read_eof) {
2795 /*
2796 * current->domain_info->domainname != NULL
2797 * because every process belongs to a domain and
2798 * the domain's name cannot be NULL.
2799 */
2800 ccs_io_printf(head, "%s",
2801 current->domain_info->domainname->name);
2802 head->read_eof = true;
2803 }
2804 return 0;
2805 }
2806
2807 /**
2808 * ccs_open_control - open() for /proc/ccs/ interface.
2809 *
2810 * @type: Type of interface.
2811 * @file: Pointer to "struct file".
2812 *
2813 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
2814 */
2815 int ccs_open_control(const u8 type, struct file *file)
2816 {
2817 struct ccs_io_buffer *head = ccs_alloc(sizeof(*head));
2818 if (!head)
2819 return -ENOMEM;
2820 mutex_init(&head->read_sem);
2821 mutex_init(&head->write_sem);
2822 switch (type) {
2823 #ifdef CONFIG_SAKURA
2824 case CCS_SYSTEMPOLICY: /* /proc/ccs/system_policy */
2825 head->write = write_system_policy;
2826 head->read = read_system_policy;
2827 break;
2828 #endif
2829 #ifdef CONFIG_TOMOYO
2830 case CCS_DOMAINPOLICY: /* /proc/ccs/domain_policy */
2831 head->write = write_domain_policy;
2832 head->read = read_domain_policy;
2833 break;
2834 case CCS_EXCEPTIONPOLICY: /* /proc/ccs/exception_policy */
2835 head->write = write_exception_policy;
2836 head->read = read_exception_policy;
2837 break;
2838 case CCS_GRANTLOG: /* /proc/ccs/grant_log */
2839 head->poll = ccs_poll_grant_log;
2840 head->read = ccs_read_grant_log;
2841 break;
2842 case CCS_REJECTLOG: /* /proc/ccs/reject_log */
2843 head->poll = ccs_poll_reject_log;
2844 head->read = ccs_read_reject_log;
2845 break;
2846 #endif
2847 case CCS_SELFDOMAIN: /* /proc/ccs/self_domain */
2848 head->read = read_self_domain;
2849 break;
2850 case CCS_DOMAIN_STATUS: /* /proc/ccs/.domain_status */
2851 head->write = write_domain_profile;
2852 head->read = read_domain_profile;
2853 break;
2854 case CCS_PROCESS_STATUS: /* /proc/ccs/.process_status */
2855 head->write = write_pid;
2856 head->read = read_pid;
2857 break;
2858 case CCS_VERSION: /* /proc/ccs/version */
2859 head->read = read_version;
2860 head->readbuf_size = 128;
2861 break;
2862 case CCS_MEMINFO: /* /proc/ccs/meminfo */
2863 head->write = ccs_write_memory_quota;
2864 head->read = ccs_read_memory_counter;
2865 head->readbuf_size = 512;
2866 break;
2867 case CCS_PROFILE: /* /proc/ccs/profile */
2868 head->write = write_profile;
2869 head->read = read_profile;
2870 break;
2871 case CCS_QUERY: /* /proc/ccs/query */
2872 head->poll = poll_query;
2873 head->write = write_answer;
2874 head->read = read_query;
2875 break;
2876 case CCS_MANAGER: /* /proc/ccs/manager */
2877 head->write = write_manager_policy;
2878 head->read = read_manager_policy;
2879 break;
2880 case CCS_UPDATESCOUNTER: /* /proc/ccs/.updates_counter */
2881 head->read = read_updates_counter;
2882 break;
2883 }
2884 if (!(file->f_mode & FMODE_READ)) {
2885 /*
2886 * No need to allocate read_buf since it is not opened
2887 * for reading.
2888 */
2889 head->read = NULL;
2890 head->poll = NULL;
2891 } else if (type != CCS_GRANTLOG && type != CCS_REJECTLOG
2892 && type != CCS_QUERY) {
2893 /*
2894 * Don't allocate buffer for reading if the file is one of
2895 * /proc/ccs/grant_log , /proc/ccs/reject_log , /proc/ccs/query.
2896 */
2897 if (!head->readbuf_size)
2898 head->readbuf_size = 4096 * 2;
2899 head->read_buf = ccs_alloc(head->readbuf_size);
2900 if (!head->read_buf) {
2901 ccs_free(head);
2902 return -ENOMEM;
2903 }
2904 }
2905 if (!(file->f_mode & FMODE_WRITE)) {
2906 /*
2907 * No need to allocate write_buf since it is not opened
2908 * for writing.
2909 */
2910 head->write = NULL;
2911 } else if (head->write) {
2912 head->writebuf_size = 4096 * 2;
2913 head->write_buf = ccs_alloc(head->writebuf_size);
2914 if (!head->write_buf) {
2915 ccs_free(head->read_buf);
2916 ccs_free(head);
2917 return -ENOMEM;
2918 }
2919 }
2920 file->private_data = head;
2921 /*
2922 * Call the handler now if the file is /proc/ccs/self_domain
2923 * so that the user can use "cat < /proc/ccs/self_domain" to
2924 * know the current process's domainname.
2925 */
2926 if (type == CCS_SELFDOMAIN)
2927 ccs_read_control(file, NULL, 0);
2928 /*
2929 * If the file is /proc/ccs/query , increment the monitor count.
2930 * The monitor count is used by ccs_check_supervisor() to see if
2931 * there is some process monitoring /proc/ccs/query.
2932 */
2933 else if (head->write == write_answer || head->read == read_query)
2934 atomic_inc(&queryd_watcher);
2935 return 0;
2936 }
2937
2938 /**
2939 * ccs_poll_control - poll() for /proc/ccs/ interface.
2940 *
2941 * @file: Pointer to "struct file".
2942 * @wait: Pointer to "poll_table".
2943 *
2944 * Waits for read readiness.
2945 * /proc/ccs/query is handled by /usr/lib/ccs/ccs-queryd and
2946 * /proc/ccs/grant_log and /proc/ccs/reject_log are handled by
2947 * /usr/lib/ccs/ccs-auditd.
2948 */
2949 int ccs_poll_control(struct file *file, poll_table *wait)
2950 {
2951 struct ccs_io_buffer *head = file->private_data;
2952 if (!head->poll)
2953 return -ENOSYS;
2954 return head->poll(file, wait);
2955 }
2956
2957 /**
2958 * ccs_read_control - read() for /proc/ccs/ interface.
2959 *
2960 * @file: Pointer to "struct file".
2961 * @buffer: Poiner to buffer to write to.
2962 * @buffer_len: Size of @buffer.
2963 *
2964 * Returns bytes read on success, negative value otherwise.
2965 */
2966 int ccs_read_control(struct file *file, char __user *buffer,
2967 const int buffer_len)
2968 {
2969 int len = 0;
2970 struct ccs_io_buffer *head = file->private_data;
2971 char *cp;
2972 if (!head->read)
2973 return -ENOSYS;
2974 if (!access_ok(VERIFY_WRITE, buffer, buffer_len))
2975 return -EFAULT;
2976 if (mutex_lock_interruptible(&head->read_sem))
2977 return -EINTR;
2978 /* Call the policy handler. */
2979 len = head->read(head);
2980 if (len < 0)
2981 goto out;
2982 /* Write to buffer. */
2983 len = head->read_avail;
2984 if (len > buffer_len)
2985 len = buffer_len;
2986 if (!len)
2987 goto out;
2988 /* head->read_buf changes by some functions. */
2989 cp = head->read_buf;
2990 if (copy_to_user(buffer, cp, len)) {
2991 len = -EFAULT;
2992 goto out;
2993 }
2994 head->read_avail -= len;
2995 memmove(cp, cp + len, head->read_avail);
2996 out:
2997 mutex_unlock(&head->read_sem);
2998 return len;
2999 }
3000
3001 /**
3002 * ccs_write_control - write() for /proc/ccs/ interface.
3003 *
3004 * @file: Pointer to "struct file".
3005 * @buffer: Pointer to buffer to read from.
3006 * @buffer_len: Size of @buffer.
3007 *
3008 * Returns @buffer_len on success, negative value otherwise.
3009 */
3010 int ccs_write_control(struct file *file, const char __user *buffer,
3011 const int buffer_len)
3012 {
3013 struct ccs_io_buffer *head = file->private_data;
3014 int error = buffer_len;
3015 int avail_len = buffer_len;
3016 char *cp0 = head->write_buf;
3017 if (!head->write)
3018 return -ENOSYS;
3019 if (!access_ok(VERIFY_READ, buffer, buffer_len))
3020 return -EFAULT;
3021 /* Don't allow updating policies by non manager programs. */
3022 if (head->write != write_pid && !is_policy_manager())
3023 return -EPERM;
3024 if (mutex_lock_interruptible(&head->write_sem))
3025 return -EINTR;
3026 /* Read a line and dispatch it to the policy handler. */
3027 while (avail_len > 0) {
3028 char c;
3029 if (head->write_avail >= head->writebuf_size - 1) {
3030 error = -ENOMEM;
3031 break;
3032 } else if (get_user(c, buffer)) {
3033 error = -EFAULT;
3034 break;
3035 }
3036 buffer++;
3037 avail_len--;
3038 cp0[head->write_avail++] = c;
3039 if (c != '\n')
3040 continue;
3041 cp0[head->write_avail - 1] = '\0';
3042 head->write_avail = 0;
3043 normalize_line(cp0);
3044 head->write(head);
3045 }
3046 mutex_unlock(&head->write_sem);
3047 return error;
3048 }
3049
3050 /**
3051 * ccs_close_control - close() for /proc/ccs/ interface.
3052 *
3053 * @file: Pointer to "struct file".
3054 *
3055 * Releases memory and returns 0.
3056 */
3057 int ccs_close_control(struct file *file)
3058 {
3059 struct ccs_io_buffer *head = file->private_data;
3060 /*
3061 * If the file is /proc/ccs/query , decrement the monitor count.
3062 */
3063 if (head->write == write_answer || head->read == read_query)
3064 atomic_dec(&queryd_watcher);
3065 /* Release memory used for policy I/O. */
3066 ccs_free(head->read_buf);
3067 head->read_buf = NULL;
3068 ccs_free(head->write_buf);
3069 head->write_buf = NULL;
3070 ccs_free(head);
3071 head = NULL;
3072 file->private_data = NULL;
3073 return 0;
3074 }
3075
3076 /**
3077 * ccs_alloc_acl_element - Allocate permanent memory for ACL entry.
3078 *
3079 * @acl_type: Type of ACL entry.
3080 * @condition: Pointer to condition part of the ACL entry. May be NULL.
3081 *
3082 * Returns pointer to the ACL entry on success, NULL otherwise.
3083 */
3084 void *ccs_alloc_acl_element(const u8 acl_type,
3085 const struct condition_list *condition)
3086 {
3087 int len;
3088 struct acl_info *ptr;
3089 switch (acl_type) {
3090 case TYPE_SINGLE_PATH_ACL:
3091 len = sizeof(struct single_path_acl_record);
3092 break;
3093 case TYPE_DOUBLE_PATH_ACL:
3094 len = sizeof(struct double_path_acl_record);
3095 break;
3096 case TYPE_ARGV0_ACL:
3097 len = sizeof(struct argv0_acl_record);
3098 break;
3099 case TYPE_ENV_ACL:
3100 len = sizeof(struct env_acl_record);
3101 break;
3102 case TYPE_CAPABILITY_ACL:
3103 len = sizeof(struct capability_acl_record);
3104 break;
3105 case TYPE_IP_NETWORK_ACL:
3106 len = sizeof(struct ip_network_acl_record);
3107 break;
3108 case TYPE_SIGNAL_ACL:
3109 len = sizeof(struct signal_acl_record);
3110 break;
3111 case TYPE_EXECUTE_HANDLER:
3112 case TYPE_DENIED_EXECUTE_HANDLER:
3113 len = sizeof(struct execute_handler_record);
3114 break;
3115 default:
3116 return NULL;
3117 }
3118 /*
3119 * If the ACL doesn't have condition part, reduce memory usage
3120 * by eliminating sizeof(struct condition_list *).
3121 */
3122 if (!condition)
3123 len -= sizeof(ptr->access_me_via_ccs_get_condition_part);
3124 ptr = ccs_alloc_element(len);
3125 if (!ptr)
3126 return NULL;
3127 if (condition) {
3128 ptr->access_me_via_ccs_get_condition_part = condition;
3129 ptr->type = acl_type | ACL_WITH_CONDITION;
3130 return ptr;
3131 }
3132 /*
3133 * Substract sizeof(struct condition_list *) because I eliminated
3134 * sizeof(struct condition_list *) from "struct acl_info"
3135 * but I must return the start address of "struct acl_info".
3136 */
3137 ptr = (void *) (((u8 *) ptr)
3138 - sizeof(ptr->access_me_via_ccs_get_condition_part));
3139 ptr->type = acl_type;
3140 return ptr;
3141 }
3142
3143 /**
3144 * ccs_get_condition_part - Get condition part of the given ACL entry.
3145 *
3146 * @acl: Pointer to "struct acl_info". Pointer to an ACL entry.
3147 *
3148 * Returns pointer to the condition part if the ACL has it, NULL otherwise.
3149 */
3150 const struct condition_list *ccs_get_condition_part(const struct acl_info *acl)
3151 {
3152 return (acl->type & ACL_WITH_CONDITION) ?
3153 acl->access_me_via_ccs_get_condition_part : NULL;
3154 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ