オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.7.x/ccs-patch/security/ccsecurity/util.c

Contents of /trunk/1.7.x/ccs-patch/security/ccsecurity/util.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1809 - (show annotations) (download) (as text)
Sun Nov 9 11:02:44 2008 UTC (15 years, 6 months ago) by kumaneko
Original Path: trunk/1.6.x/ccs-patch/fs/ccs_common.c
File MIME type: text/x-csrc
File size: 86316 byte(s) 
Fix read_pid().
1 /*
2 * fs/ccs_common.c
3 *
4 * Common functions for SAKURA and TOMOYO.
5 *
6 * Copyright (C) 2005-2008 NTT DATA CORPORATION
7 *
8 * Version: 1.6.5-rc 2008/11/07
9 *
10 * This file is applicable to both 2.4.30 and 2.6.11 and later.
11 * See README.ccs for ChangeLog.
12 *
13 */
14
15 #include <linux/version.h>
16 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 5, 0)
17 #define __KERNEL_SYSCALLS__
18 #endif
19 #include <linux/string.h>
20 #include <linux/mm.h>
21 #include <linux/utime.h>
22 #include <linux/file.h>
23 #include <linux/module.h>
24 #include <linux/slab.h>
25 #include <asm/uaccess.h>
26 #include <stdarg.h>
27 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 0)
28 #include <linux/namei.h>
29 #include <linux/mount.h>
30 static const int lookup_flags = LOOKUP_FOLLOW;
31 #else
32 static const int lookup_flags = LOOKUP_FOLLOW | LOOKUP_POSITIVE;
33 #endif
34 #include <linux/realpath.h>
35 #include <linux/ccs_common.h>
36 #include <linux/ccs_proc.h>
37 #include <linux/tomoyo.h>
38 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 5, 0)
39 #include <linux/unistd.h>
40 #endif
41
42 /* To support PID namespace. */
43 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
44 #define find_task_by_pid find_task_by_vpid
45 #endif
46
47 /* Set default specified by the kernel config. */
48 #ifdef CONFIG_TOMOYO
49 #define MAX_ACCEPT_ENTRY (CONFIG_TOMOYO_MAX_ACCEPT_ENTRY)
50 #define MAX_GRANT_LOG (CONFIG_TOMOYO_MAX_GRANT_LOG)
51 #define MAX_REJECT_LOG (CONFIG_TOMOYO_MAX_REJECT_LOG)
52 #else
53 #define MAX_ACCEPT_ENTRY 0
54 #define MAX_GRANT_LOG 0
55 #define MAX_REJECT_LOG 0
56 #endif
57
58 /* Has /sbin/init started? */
59 bool sbin_init_started;
60
61 /* Log level for SAKURA's printk(). */
62 const char *ccs_log_level = KERN_DEBUG;
63
64 /* String table for functionality that takes 4 modes. */
65 static const char *mode_4[4] = {
66 "disabled", "learning", "permissive", "enforcing"
67 };
68 /* String table for functionality that takes 2 modes. */
69 static const char *mode_2[4] = {
70 "disabled", "enabled", "enabled", "enabled"
71 };
72
73 /* Table for profile. */
74 static struct {
75 const char *keyword;
76 unsigned int current_value;
77 const unsigned int max_value;
78 } ccs_control_array[CCS_MAX_CONTROL_INDEX] = {
79 [CCS_TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 },
80 [CCS_TOMOYO_MAC_FOR_ARGV0] = { "MAC_FOR_ARGV0", 0, 3 },
81 [CCS_TOMOYO_MAC_FOR_ENV] = { "MAC_FOR_ENV", 0, 3 },
82 [CCS_TOMOYO_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 },
83 [CCS_TOMOYO_MAC_FOR_SIGNAL] = { "MAC_FOR_SIGNAL", 0, 3 },
84 [CCS_SAKURA_DENY_CONCEAL_MOUNT] = { "DENY_CONCEAL_MOUNT", 0, 3 },
85 [CCS_SAKURA_RESTRICT_CHROOT] = { "RESTRICT_CHROOT", 0, 3 },
86 [CCS_SAKURA_RESTRICT_MOUNT] = { "RESTRICT_MOUNT", 0, 3 },
87 [CCS_SAKURA_RESTRICT_UNMOUNT] = { "RESTRICT_UNMOUNT", 0, 3 },
88 [CCS_SAKURA_RESTRICT_PIVOT_ROOT] = { "RESTRICT_PIVOT_ROOT", 0, 3 },
89 [CCS_SAKURA_RESTRICT_AUTOBIND] = { "RESTRICT_AUTOBIND", 0, 1 },
90 [CCS_TOMOYO_MAX_ACCEPT_ENTRY]
91 = { "MAX_ACCEPT_ENTRY", MAX_ACCEPT_ENTRY, INT_MAX },
92 [CCS_TOMOYO_MAX_GRANT_LOG]
93 = { "MAX_GRANT_LOG", MAX_GRANT_LOG, INT_MAX },
94 [CCS_TOMOYO_MAX_REJECT_LOG]
95 = { "MAX_REJECT_LOG", MAX_REJECT_LOG, INT_MAX },
96 [CCS_TOMOYO_VERBOSE] = { "TOMOYO_VERBOSE", 1, 1 },
97 [CCS_SLEEP_PERIOD]
98 = { "SLEEP_PERIOD", 0, 3000 }, /* in 0.1 second */
99 };
100
101 #ifdef CONFIG_TOMOYO
102 /* Capability name used by domain policy. */
103 static const char *capability_control_keyword[TOMOYO_MAX_CAPABILITY_INDEX] = {
104 [TOMOYO_INET_STREAM_SOCKET_CREATE] = "inet_tcp_create",
105 [TOMOYO_INET_STREAM_SOCKET_LISTEN] = "inet_tcp_listen",
106 [TOMOYO_INET_STREAM_SOCKET_CONNECT] = "inet_tcp_connect",
107 [TOMOYO_USE_INET_DGRAM_SOCKET] = "use_inet_udp",
108 [TOMOYO_USE_INET_RAW_SOCKET] = "use_inet_ip",
109 [TOMOYO_USE_ROUTE_SOCKET] = "use_route",
110 [TOMOYO_USE_PACKET_SOCKET] = "use_packet",
111 [TOMOYO_SYS_MOUNT] = "SYS_MOUNT",
112 [TOMOYO_SYS_UMOUNT] = "SYS_UMOUNT",
113 [TOMOYO_SYS_REBOOT] = "SYS_REBOOT",
114 [TOMOYO_SYS_CHROOT] = "SYS_CHROOT",
115 [TOMOYO_SYS_KILL] = "SYS_KILL",
116 [TOMOYO_SYS_VHANGUP] = "SYS_VHANGUP",
117 [TOMOYO_SYS_SETTIME] = "SYS_TIME",
118 [TOMOYO_SYS_NICE] = "SYS_NICE",
119 [TOMOYO_SYS_SETHOSTNAME] = "SYS_SETHOSTNAME",
120 [TOMOYO_USE_KERNEL_MODULE] = "use_kernel_module",
121 [TOMOYO_CREATE_FIFO] = "create_fifo",
122 [TOMOYO_CREATE_BLOCK_DEV] = "create_block_dev",
123 [TOMOYO_CREATE_CHAR_DEV] = "create_char_dev",
124 [TOMOYO_CREATE_UNIX_SOCKET] = "create_unix_socket",
125 [TOMOYO_SYS_LINK] = "SYS_LINK",
126 [TOMOYO_SYS_SYMLINK] = "SYS_SYMLINK",
127 [TOMOYO_SYS_RENAME] = "SYS_RENAME",
128 [TOMOYO_SYS_UNLINK] = "SYS_UNLINK",
129 [TOMOYO_SYS_CHMOD] = "SYS_CHMOD",
130 [TOMOYO_SYS_CHOWN] = "SYS_CHOWN",
131 [TOMOYO_SYS_IOCTL] = "SYS_IOCTL",
132 [TOMOYO_SYS_KEXEC_LOAD] = "SYS_KEXEC_LOAD",
133 [TOMOYO_SYS_PIVOT_ROOT] = "SYS_PIVOT_ROOT",
134 [TOMOYO_SYS_PTRACE] = "SYS_PTRACE",
135 };
136 #endif
137
138 /* Profile table. Memory is allocated as needed. */
139 static struct profile {
140 unsigned int value[CCS_MAX_CONTROL_INDEX];
141 const struct path_info *comment;
142 #ifdef CONFIG_TOMOYO
143 unsigned char capability_value[TOMOYO_MAX_CAPABILITY_INDEX];
144 #endif
145 } *profile_ptr[MAX_PROFILES];
146
147 /* Permit policy management by non-root user? */
148 static bool manage_by_non_root;
149
150 /* Utility functions. */
151
152 #ifdef CONFIG_TOMOYO
153 /**
154 * tomoyo_quiet_setup - Set TOMOYO_VERBOSE=0 by default.
155 *
156 * @str: Unused.
157 *
158 * Returns 0.
159 */
160 static int __init tomoyo_quiet_setup(char *str)
161 {
162 ccs_control_array[CCS_TOMOYO_VERBOSE].current_value = 0;
163 return 0;
164 }
165
166 __setup("TOMOYO_QUIET", tomoyo_quiet_setup);
167 #endif
168
169 /**
170 * is_byte_range - Check whether the string isa \ooo style octal value.
171 *
172 * @str: Pointer to the string.
173 *
174 * Returns true if @str is a \ooo style octal value, false otherwise.
175 */
176 static inline bool is_byte_range(const char *str)
177 {
178 return *str >= '0' && *str++ <= '3' &&
179 *str >= '0' && *str++ <= '7' &&
180 *str >= '0' && *str <= '7';
181 }
182
183 /**
184 * is_decimal - Check whether the character is a decimal character.
185 *
186 * @c: The character to check.
187 *
188 * Returns true if @c is a decimal character, false otherwise.
189 */
190 static inline bool is_decimal(const char c)
191 {
192 return c >= '0' && c <= '9';
193 }
194
195 /**
196 * is_hexadecimal - Check whether the character is a hexadecimal character.
197 *
198 * @c: The character to check.
199 *
200 * Returns true if @c is a hexadecimal character, false otherwise.
201 */
202 static inline bool is_hexadecimal(const char c)
203 {
204 return (c >= '0' && c <= '9') ||
205 (c >= 'A' && c <= 'F') ||
206 (c >= 'a' && c <= 'f');
207 }
208
209 /**
210 * is_alphabet_char - Check whether the character is an alphabet.
211 *
212 * @c: The character to check.
213 *
214 * Returns true if @c is an alphabet character, false otherwise.
215 */
216 static inline bool is_alphabet_char(const char c)
217 {
218 return (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z');
219 }
220
221 /**
222 * make_byte - Make byte value from three octal characters.
223 *
224 * @c1: The first character.
225 * @c2: The second character.
226 * @c3: The third character.
227 *
228 * Returns byte value.
229 */
230 static inline u8 make_byte(const u8 c1, const u8 c2, const u8 c3)
231 {
232 return ((c1 - '0') << 6) + ((c2 - '0') << 3) + (c3 - '0');
233 }
234
235 /**
236 * str_starts - Check whether the given string starts with the given keyword.
237 *
238 * @src: Pointer to pointer to the string.
239 * @find: Pointer to the keyword.
240 *
241 * Returns true if @src starts with @find, false otherwise.
242 *
243 * The @src is updated to point the first character after the @find
244 * if @src starts with @find.
245 */
246 static bool str_starts(char **src, const char *find)
247 {
248 const int len = strlen(find);
249 char *tmp = *src;
250 if (strncmp(tmp, find, len))
251 return false;
252 tmp += len;
253 *src = tmp;
254 return true;
255 }
256
257 /**
258 * normalize_line - Format string.
259 *
260 * @buffer: The line to normalize.
261 *
262 * Leading and trailing whitespaces are removed.
263 * Multiple whitespaces are packed into single space.
264 *
265 * Returns nothing.
266 */
267 static void normalize_line(unsigned char *buffer)
268 {
269 unsigned char *sp = buffer;
270 unsigned char *dp = buffer;
271 bool first = true;
272 while (*sp && (*sp <= ' ' || *sp >= 127))
273 sp++;
274 while (*sp) {
275 if (!first)
276 *dp++ = ' ';
277 first = false;
278 while (*sp > ' ' && *sp < 127)
279 *dp++ = *sp++;
280 while (*sp && (*sp <= ' ' || *sp >= 127))
281 sp++;
282 }
283 *dp = '\0';
284 }
285
286 /**
287 * ccs_is_correct_path - Validate a pathname.
288 * @filename: The pathname to check.
289 * @start_type: Should the pathname start with '/'?
290 * 1 = must / -1 = must not / 0 = don't care
291 * @pattern_type: Can the pathname contain a wildcard?
292 * 1 = must / -1 = must not / 0 = don't care
293 * @end_type: Should the pathname end with '/'?
294 * 1 = must / -1 = must not / 0 = don't care
295 * @function: The name of function calling me.
296 *
297 * Check whether the given filename follows the naming rules.
298 * Returns true if @filename follows the naming rules, false otherwise.
299 */
300 bool ccs_is_correct_path(const char *filename, const s8 start_type,
301 const s8 pattern_type, const s8 end_type,
302 const char *function)
303 {
304 bool contains_pattern = false;
305 unsigned char c;
306 unsigned char d;
307 unsigned char e;
308 const char *original_filename = filename;
309 if (!filename)
310 goto out;
311 c = *filename;
312 if (start_type == 1) { /* Must start with '/' */
313 if (c != '/')
314 goto out;
315 } else if (start_type == -1) { /* Must not start with '/' */
316 if (c == '/')
317 goto out;
318 }
319 if (c)
320 c = *(filename + strlen(filename) - 1);
321 if (end_type == 1) { /* Must end with '/' */
322 if (c != '/')
323 goto out;
324 } else if (end_type == -1) { /* Must not end with '/' */
325 if (c == '/')
326 goto out;
327 }
328 while (1) {
329 c = *filename++;
330 if (!c)
331 break;
332 if (c == '\\') {
333 c = *filename++;
334 switch (c) {
335 case '\\': /* "\\" */
336 continue;
337 case '$': /* "\$" */
338 case '+': /* "\+" */
339 case '?': /* "\?" */
340 case '*': /* "\*" */
341 case '@': /* "\@" */
342 case 'x': /* "\x" */
343 case 'X': /* "\X" */
344 case 'a': /* "\a" */
345 case 'A': /* "\A" */
346 case '-': /* "\-" */
347 if (pattern_type == -1)
348 break; /* Must not contain pattern */
349 contains_pattern = true;
350 continue;
351 case '0': /* "\ooo" */
352 case '1':
353 case '2':
354 case '3':
355 d = *filename++;
356 if (d < '0' || d > '7')
357 break;
358 e = *filename++;
359 if (e < '0' || e > '7')
360 break;
361 c = make_byte(c, d, e);
362 if (c && (c <= ' ' || c >= 127))
363 continue; /* pattern is not \000 */
364 }
365 goto out;
366 } else if (c <= ' ' || c >= 127) {
367 goto out;
368 }
369 }
370 if (pattern_type == 1) { /* Must contain pattern */
371 if (!contains_pattern)
372 goto out;
373 }
374 return true;
375 out:
376 printk(KERN_DEBUG "%s: Invalid pathname '%s'\n", function,
377 original_filename);
378 return false;
379 }
380
381 /**
382 * ccs_is_correct_domain - Check whether the given domainname follows the naming rules.
383 * @domainname: The domainname to check.
384 * @function: The name of function calling me.
385 *
386 * Returns true if @domainname follows the naming rules, false otherwise.
387 */
388 bool ccs_is_correct_domain(const unsigned char *domainname,
389 const char *function)
390 {
391 unsigned char c;
392 unsigned char d;
393 unsigned char e;
394 const char *org_domainname = domainname;
395 if (!domainname || strncmp(domainname, ROOT_NAME, ROOT_NAME_LEN))
396 goto out;
397 domainname += ROOT_NAME_LEN;
398 if (!*domainname)
399 return true;
400 do {
401 if (*domainname++ != ' ')
402 goto out;
403 if (*domainname++ != '/')
404 goto out;
405 while (1) {
406 c = *domainname;
407 if (!c || c == ' ')
408 break;
409 domainname++;
410 if (c == '\\') {
411 c = *domainname++;
412 switch ((c)) {
413 case '\\': /* "\\" */
414 continue;
415 case '0': /* "\ooo" */
416 case '1':
417 case '2':
418 case '3':
419 d = *domainname++;
420 if (d < '0' || d > '7')
421 break;
422 e = *domainname++;
423 if (e < '0' || e > '7')
424 break;
425 c = make_byte(c, d, e);
426 if (c && (c <= ' ' || c >= 127))
427 /* pattern is not \000 */
428 continue;
429 }
430 goto out;
431 } else if (c < ' ' || c >= 127) {
432 goto out;
433 }
434 }
435 } while (*domainname);
436 return true;
437 out:
438 printk(KERN_DEBUG "%s: Invalid domainname '%s'\n", function,
439 org_domainname);
440 return false;
441 }
442
443 /**
444 * ccs_is_domain_def - Check whether the given token can be a domainname.
445 *
446 * @buffer: The token to check.
447 *
448 * Returns true if @buffer possibly be a domainname, false otherwise.
449 */
450 bool ccs_is_domain_def(const unsigned char *buffer)
451 {
452 return !strncmp(buffer, ROOT_NAME, ROOT_NAME_LEN);
453 }
454
455 /**
456 * ccs_find_domain - Find a domain by the given name.
457 *
458 * @domainname: The domainname to find.
459 *
460 * Returns pointer to "struct domain_info" if found, NULL otherwise.
461 */
462 struct domain_info *ccs_find_domain(const char *domainname)
463 {
464 struct domain_info *domain;
465 struct path_info name;
466 name.name = domainname;
467 ccs_fill_path_info(&name);
468 list1_for_each_entry(domain, &domain_list, list) {
469 if (!domain->is_deleted &&
470 !ccs_pathcmp(&name, domain->domainname))
471 return domain;
472 }
473 return NULL;
474 }
475
476 /**
477 * path_depth - Evaluate the number of '/' in a string.
478 *
479 * @pathname: The string to evaluate.
480 *
481 * Returns path depth of the string.
482 *
483 * I score 2 for each of the '/' in the @pathname
484 * and score 1 if the @pathname ends with '/'.
485 */
486 static int path_depth(const char *pathname)
487 {
488 int i = 0;
489 if (pathname) {
490 const char *ep = pathname + strlen(pathname);
491 if (pathname < ep--) {
492 if (*ep != '/')
493 i++;
494 while (pathname <= ep)
495 if (*ep-- == '/')
496 i += 2;
497 }
498 }
499 return i;
500 }
501
502 /**
503 * const_part_length - Evaluate the initial length without a pattern in a token.
504 *
505 * @filename: The string to evaluate.
506 *
507 * Returns the initial length without a pattern in @filename.
508 */
509 static int const_part_length(const char *filename)
510 {
511 char c;
512 int len = 0;
513 if (!filename)
514 return 0;
515 while (1) {
516 c = *filename++;
517 if (!c)
518 break;
519 if (c != '\\') {
520 len++;
521 continue;
522 }
523 c = *filename++;
524 switch (c) {
525 case '\\': /* "\\" */
526 len += 2;
527 continue;
528 case '0': /* "\ooo" */
529 case '1':
530 case '2':
531 case '3':
532 c = *filename++;
533 if (c < '0' || c > '7')
534 break;
535 c = *filename++;
536 if (c < '0' || c > '7')
537 break;
538 len += 4;
539 continue;
540 }
541 break;
542 }
543 return len;
544 }
545
546 /**
547 * ccs_fill_path_info - Fill in "struct path_info" members.
548 *
549 * @ptr: Pointer to "struct path_info" to fill in.
550 *
551 * The caller sets "struct path_info"->name.
552 */
553 void ccs_fill_path_info(struct path_info *ptr)
554 {
555 const char *name = ptr->name;
556 const int len = strlen(name);
557 ptr->total_len = len;
558 ptr->const_len = const_part_length(name);
559 ptr->is_dir = len && (name[len - 1] == '/');
560 ptr->is_patterned = (ptr->const_len < len);
561 ptr->hash = full_name_hash(name, len);
562 ptr->depth = path_depth(name);
563 }
564
565 /**
566 * file_matches_to_pattern2 - Pattern matching without '/' character
567 * and "\-" pattern.
568 *
569 * @filename: The start of string to check.
570 * @filename_end: The end of string to check.
571 * @pattern: The start of pattern to compare.
572 * @pattern_end: The end of pattern to compare.
573 *
574 * Returns true if @filename matches @pattern, false otherwise.
575 */
576 static bool file_matches_to_pattern2(const char *filename,
577 const char *filename_end,
578 const char *pattern,
579 const char *pattern_end)
580 {
581 while (filename < filename_end && pattern < pattern_end) {
582 char c;
583 if (*pattern != '\\') {
584 if (*filename++ != *pattern++)
585 return false;
586 continue;
587 }
588 c = *filename;
589 pattern++;
590 switch (*pattern) {
591 int i;
592 int j;
593 case '?':
594 if (c == '/') {
595 return false;
596 } else if (c == '\\') {
597 if (filename[1] == '\\')
598 filename++;
599 else if (is_byte_range(filename + 1))
600 filename += 3;
601 else
602 return false;
603 }
604 break;
605 case '\\':
606 if (c != '\\')
607 return false;
608 if (*++filename != '\\')
609 return false;
610 break;
611 case '+':
612 if (!is_decimal(c))
613 return false;
614 break;
615 case 'x':
616 if (!is_hexadecimal(c))
617 return false;
618 break;
619 case 'a':
620 if (!is_alphabet_char(c))
621 return false;
622 break;
623 case '0':
624 case '1':
625 case '2':
626 case '3':
627 if (c == '\\' && is_byte_range(filename + 1)
628 && strncmp(filename + 1, pattern, 3) == 0) {
629 filename += 3;
630 pattern += 2;
631 break;
632 }
633 return false; /* Not matched. */
634 case '*':
635 case '@':
636 for (i = 0; i <= filename_end - filename; i++) {
637 if (file_matches_to_pattern2(filename + i,
638 filename_end,
639 pattern + 1,
640 pattern_end))
641 return true;
642 c = filename[i];
643 if (c == '.' && *pattern == '@')
644 break;
645 if (c != '\\')
646 continue;
647 if (filename[i + 1] == '\\')
648 i++;
649 else if (is_byte_range(filename + i + 1))
650 i += 3;
651 else
652 break; /* Bad pattern. */
653 }
654 return false; /* Not matched. */
655 default:
656 j = 0;
657 c = *pattern;
658 if (c == '$') {
659 while (is_decimal(filename[j]))
660 j++;
661 } else if (c == 'X') {
662 while (is_hexadecimal(filename[j]))
663 j++;
664 } else if (c == 'A') {
665 while (is_alphabet_char(filename[j]))
666 j++;
667 }
668 for (i = 1; i <= j; i++) {
669 if (file_matches_to_pattern2(filename + i,
670 filename_end,
671 pattern + 1,
672 pattern_end))
673 return true;
674 }
675 return false; /* Not matched or bad pattern. */
676 }
677 filename++;
678 pattern++;
679 }
680 while (*pattern == '\\' &&
681 (*(pattern + 1) == '*' || *(pattern + 1) == '@'))
682 pattern += 2;
683 return filename == filename_end && pattern == pattern_end;
684 }
685
686 /**
687 * file_matches_to_pattern - Pattern matching without without '/' character.
688 *
689 * @filename: The start of string to check.
690 * @filename_end: The end of string to check.
691 * @pattern: The start of pattern to compare.
692 * @pattern_end: The end of pattern to compare.
693 *
694 * Returns true if @filename matches @pattern, false otherwise.
695 */
696 static bool file_matches_to_pattern(const char *filename,
697 const char *filename_end,
698 const char *pattern,
699 const char *pattern_end)
700 {
701 const char *pattern_start = pattern;
702 bool first = true;
703 bool result;
704 while (pattern < pattern_end - 1) {
705 /* Split at "\-" pattern. */
706 if (*pattern++ != '\\' || *pattern++ != '-')
707 continue;
708 result = file_matches_to_pattern2(filename, filename_end,
709 pattern_start, pattern - 2);
710 if (first)
711 result = !result;
712 if (result)
713 return false;
714 first = false;
715 pattern_start = pattern;
716 }
717 result = file_matches_to_pattern2(filename, filename_end,
718 pattern_start, pattern_end);
719 return first ? result : !result;
720 }
721
722 /**
723 * ccs_path_matches_pattern - Check whether the given filename matches the given pattern.
724 * @filename: The filename to check.
725 * @pattern: The pattern to compare.
726 *
727 * Returns true if matches, false otherwise.
728 *
729 * The following patterns are available.
730 * \\ \ itself.
731 * \ooo Octal representation of a byte.
732 * \* More than or equals to 0 character other than '/'.
733 * \@ More than or equals to 0 character other than '/' or '.'.
734 * \? 1 byte character other than '/'.
735 * \$ More than or equals to 1 decimal digit.
736 * \+ 1 decimal digit.
737 * \X More than or equals to 1 hexadecimal digit.
738 * \x 1 hexadecimal digit.
739 * \A More than or equals to 1 alphabet character.
740 * \a 1 alphabet character.
741 * \- Subtraction operator.
742 */
743 bool ccs_path_matches_pattern(const struct path_info *filename,
744 const struct path_info *pattern)
745 {
746 /*
747 if (!filename || !pattern)
748 return false;
749 */
750 const char *f = filename->name;
751 const char *p = pattern->name;
752 const int len = pattern->const_len;
753 /* If @pattern doesn't contain pattern, I can use strcmp(). */
754 if (!pattern->is_patterned)
755 return !ccs_pathcmp(filename, pattern);
756 /* Dont compare if the number of '/' differs. */
757 if (filename->depth != pattern->depth)
758 return false;
759 /* Compare the initial length without patterns. */
760 if (strncmp(f, p, len))
761 return false;
762 f += len;
763 p += len;
764 /* Main loop. Compare each directory component. */
765 while (*f && *p) {
766 const char *f_delimiter = strchr(f, '/');
767 const char *p_delimiter = strchr(p, '/');
768 if (!f_delimiter)
769 f_delimiter = f + strlen(f);
770 if (!p_delimiter)
771 p_delimiter = p + strlen(p);
772 if (!file_matches_to_pattern(f, f_delimiter, p, p_delimiter))
773 return false;
774 f = f_delimiter;
775 if (*f)
776 f++;
777 p = p_delimiter;
778 if (*p)
779 p++;
780 }
781 /* Ignore trailing "\*" and "\@" in @pattern. */
782 while (*p == '\\' &&
783 (*(p + 1) == '*' || *(p + 1) == '@'))
784 p += 2;
785 return !*f && !*p;
786 }
787
788 /**
789 * ccs_io_printf - Transactional printf() to "struct ccs_io_buffer" structure.
790 *
791 * @head: Pointer to "struct ccs_io_buffer".
792 * @fmt: The printf()'s format string, followed by parameters.
793 *
794 * Returns true on success, false otherwise.
795 *
796 * The snprintf() will truncate, but ccs_io_printf() won't.
797 */
798 bool ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...)
799 {
800 va_list args;
801 int len;
802 int pos = head->read_avail;
803 int size = head->readbuf_size - pos;
804 if (size <= 0)
805 return false;
806 va_start(args, fmt);
807 len = vsnprintf(head->read_buf + pos, size, fmt, args);
808 va_end(args);
809 if (pos + len >= head->readbuf_size)
810 return false;
811 head->read_avail += len;
812 return true;
813 }
814
815 /**
816 * ccs_get_exe - Get ccs_realpath() of current process.
817 *
818 * Returns the ccs_realpath() of current process on success, NULL otherwise.
819 *
820 * This function uses ccs_alloc(), so the caller must ccs_free()
821 * if this function didn't return NULL.
822 */
823 const char *ccs_get_exe(void)
824 {
825 struct mm_struct *mm = current->mm;
826 struct vm_area_struct *vma;
827 const char *cp = NULL;
828 if (!mm)
829 return NULL;
830 down_read(&mm->mmap_sem);
831 for (vma = mm->mmap; vma; vma = vma->vm_next) {
832 if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {
833 cp = ccs_realpath_from_dentry(vma->vm_file->f_dentry,
834 vma->vm_file->f_vfsmnt);
835 break;
836 }
837 }
838 up_read(&mm->mmap_sem);
839 return cp;
840 }
841
842 /**
843 * ccs_get_msg - Get warning message.
844 *
845 * @is_enforce: Is it enforcing mode?
846 *
847 * Returns "ERROR" or "WARNING".
848 */
849 const char *ccs_get_msg(const bool is_enforce)
850 {
851 if (is_enforce)
852 return "ERROR";
853 else
854 return "WARNING";
855 }
856
857 /**
858 * ccs_can_sleep - Check whether it is permitted to do operations that may sleep.
859 *
860 * Returns true if it is permitted to do operations that may sleep,
861 * false otherwise.
862 *
863 * TOMOYO Linux supports interactive enforcement that lets processes
864 * wait for the administrator's decision.
865 * All hooks but the one for ccs_may_autobind() are inserted where
866 * it is permitted to do operations that may sleep.
867 * Thus, this warning should not happen.
868 */
869 bool ccs_can_sleep(void)
870 {
871 static u8 count = 20;
872 if (likely(!in_interrupt()))
873 return true;
874 if (count) {
875 count--;
876 printk(KERN_ERR "BUG: sleeping function called "
877 "from invalid context.\n");
878 dump_stack();
879 }
880 return false;
881 }
882
883 /**
884 * ccs_check_flags - Check mode for specified functionality.
885 *
886 * @domain: Pointer to "struct domain_info". NULL for current->domain_info.
887 * @index: The functionality to check mode.
888 *
889 * Returns the mode of specified functionality.
890 */
891 unsigned int ccs_check_flags(const struct domain_info *domain, const u8 index)
892 {
893 u8 profile;
894 if (!domain)
895 domain = current->domain_info;
896 profile = domain->profile;
897 return sbin_init_started && index < CCS_MAX_CONTROL_INDEX
898 #if MAX_PROFILES != 256
899 && profile < MAX_PROFILES
900 #endif
901 && profile_ptr[profile] ?
902 profile_ptr[profile]->value[index] : 0;
903 }
904
905 #ifdef CONFIG_TOMOYO
906 /**
907 * ccs_check_capability_flags - Check mode for specified capability.
908 *
909 * @domain: Pointer to "struct domain_info". NULL for current->domain_info.
910 * @index: The capability to check mode.
911 *
912 * Returns the mode of specified capability.
913 */
914 static u8 ccs_check_capability_flags(const struct domain_info *domain,
915 const u8 index)
916 {
917 const u8 profile = domain ? domain->profile :
918 current->domain_info->profile;
919 return sbin_init_started && index < TOMOYO_MAX_CAPABILITY_INDEX
920 #if MAX_PROFILES != 256
921 && profile < MAX_PROFILES
922 #endif
923 && profile_ptr[profile] ?
924 profile_ptr[profile]->capability_value[index] : 0;
925 }
926
927 /**
928 * ccs_cap2keyword - Convert capability operation to capability name.
929 *
930 * @operation: The capability index.
931 *
932 * Returns the name of the specified capability's name.
933 */
934 const char *ccs_cap2keyword(const u8 operation)
935 {
936 return operation < TOMOYO_MAX_CAPABILITY_INDEX
937 ? capability_control_keyword[operation] : NULL;
938 }
939
940 #endif
941
942 /**
943 * ccs_init_request_info - Initialize "struct ccs_request_info" members.
944 *
945 * @r: Pointer to "struct ccs_request_info" to initialize.
946 * @domain: Pointer to "struct domain_info". NULL for current->domain_info.
947 * @index: Index number of functionality.
948 */
949 void ccs_init_request_info(struct ccs_request_info *r,
950 struct domain_info *domain, const u8 index)
951 {
952 memset(r, 0, sizeof(*r));
953 if (!domain)
954 domain = current->domain_info;
955 r->domain = domain;
956 r->profile = domain->profile;
957 if (index < CCS_MAX_CONTROL_INDEX)
958 r->mode = ccs_check_flags(domain, index);
959 #ifdef CONFIG_TOMOYO
960 else
961 r->mode = ccs_check_capability_flags(domain, index
962 - CCS_MAX_CONTROL_INDEX);
963 #endif
964 }
965
966 /**
967 * ccs_verbose_mode - Check whether TOMOYO is verbose mode.
968 *
969 * @domain: Pointer to "struct domain_info". NULL for current->domain_info.
970 *
971 * Returns true if domain policy violation warning should be printed to
972 * console.
973 */
974 bool ccs_verbose_mode(const struct domain_info *domain)
975 {
976 return ccs_check_flags(domain, CCS_TOMOYO_VERBOSE) != 0;
977 }
978
979 /**
980 * ccs_check_domain_quota - Check for domain's quota.
981 *
982 * @domain: Pointer to "struct domain_info".
983 *
984 * Returns true if the domain is not exceeded quota, false otherwise.
985 */
986 bool ccs_check_domain_quota(struct domain_info * const domain)
987 {
988 unsigned int count = 0;
989 struct acl_info *ptr;
990 if (!domain)
991 return true;
992 list1_for_each_entry(ptr, &domain->acl_info_list, list) {
993 if (ptr->type & ACL_DELETED)
994 continue;
995 switch (ccs_acl_type2(ptr)) {
996 struct single_path_acl_record *acl1;
997 struct double_path_acl_record *acl2;
998 u16 perm;
999 case TYPE_SINGLE_PATH_ACL:
1000 acl1 = container_of(ptr, struct single_path_acl_record,
1001 head);
1002 perm = acl1->perm;
1003 if (perm & (1 << TYPE_EXECUTE_ACL))
1004 count++;
1005 if (perm &
1006 ((1 << TYPE_READ_ACL) | (1 << TYPE_WRITE_ACL)))
1007 count++;
1008 if (perm & (1 << TYPE_CREATE_ACL))
1009 count++;
1010 if (perm & (1 << TYPE_UNLINK_ACL))
1011 count++;
1012 if (perm & (1 << TYPE_MKDIR_ACL))
1013 count++;
1014 if (perm & (1 << TYPE_RMDIR_ACL))
1015 count++;
1016 if (perm & (1 << TYPE_MKFIFO_ACL))
1017 count++;
1018 if (perm & (1 << TYPE_MKSOCK_ACL))
1019 count++;
1020 if (perm & (1 << TYPE_MKBLOCK_ACL))
1021 count++;
1022 if (perm & (1 << TYPE_MKCHAR_ACL))
1023 count++;
1024 if (perm & (1 << TYPE_TRUNCATE_ACL))
1025 count++;
1026 if (perm & (1 << TYPE_SYMLINK_ACL))
1027 count++;
1028 if (perm & (1 << TYPE_REWRITE_ACL))
1029 count++;
1030 break;
1031 case TYPE_DOUBLE_PATH_ACL:
1032 acl2 = container_of(ptr, struct double_path_acl_record,
1033 head);
1034 perm = acl2->perm;
1035 if (perm & (1 << TYPE_LINK_ACL))
1036 count++;
1037 if (perm & (1 << TYPE_RENAME_ACL))
1038 count++;
1039 break;
1040 case TYPE_EXECUTE_HANDLER:
1041 case TYPE_DENIED_EXECUTE_HANDLER:
1042 break;
1043 default:
1044 count++;
1045 }
1046 }
1047 if (count < ccs_check_flags(domain, CCS_TOMOYO_MAX_ACCEPT_ENTRY))
1048 return true;
1049 if (!domain->quota_warned) {
1050 domain->quota_warned = true;
1051 printk(KERN_WARNING "TOMOYO-WARNING: "
1052 "Domain '%s' has so many ACLs to hold. "
1053 "Stopped learning mode.\n", domain->domainname->name);
1054 }
1055 return false;
1056 }
1057
1058 /**
1059 * ccs_find_or_assign_new_profile - Create a new profile.
1060 *
1061 * @profile: Profile number to create.
1062 *
1063 * Returns pointer to "struct profile" on success, NULL otherwise.
1064 */
1065 static struct profile *ccs_find_or_assign_new_profile(const unsigned int
1066 profile)
1067 {
1068 static DEFINE_MUTEX(lock);
1069 struct profile *ptr = NULL;
1070 mutex_lock(&lock);
1071 if (profile < MAX_PROFILES) {
1072 ptr = profile_ptr[profile];
1073 if (ptr)
1074 goto ok;
1075 ptr = ccs_alloc_element(sizeof(*ptr));
1076 if (ptr) {
1077 int i;
1078 for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++)
1079 ptr->value[i]
1080 = ccs_control_array[i].current_value;
1081 /*
1082 * Needn't to initialize "ptr->capability_value"
1083 * because they are always 0.
1084 */
1085 mb(); /* Avoid out-of-order execution. */
1086 profile_ptr[profile] = ptr;
1087 }
1088 }
1089 ok:
1090 mutex_unlock(&lock);
1091 return ptr;
1092 }
1093
1094 /**
1095 * write_profile - Write profile table.
1096 *
1097 * @head: Pointer to "struct ccs_io_buffer".
1098 *
1099 * Returns 0 on success, negative value otherwise.
1100 */
1101 static int write_profile(struct ccs_io_buffer *head)
1102 {
1103 char *data = head->write_buf;
1104 unsigned int i;
1105 unsigned int value;
1106 char *cp;
1107 struct profile *profile;
1108 i = simple_strtoul(data, &cp, 10);
1109 if (data != cp) {
1110 if (*cp != '-')
1111 return -EINVAL;
1112 data = cp + 1;
1113 }
1114 profile = ccs_find_or_assign_new_profile(i);
1115 if (!profile)
1116 return -EINVAL;
1117 cp = strchr(data, '=');
1118 if (!cp)
1119 return -EINVAL;
1120 *cp = '\0';
1121 ccs_update_counter(CCS_UPDATES_COUNTER_PROFILE);
1122 if (!strcmp(data, "COMMENT")) {
1123 profile->comment = ccs_save_name(cp + 1);
1124 return 0;
1125 }
1126 #ifdef CONFIG_TOMOYO
1127 if (str_starts(&data, KEYWORD_MAC_FOR_CAPABILITY)) {
1128 if (sscanf(cp + 1, "%u", &value) != 1) {
1129 for (i = 0; i < 4; i++) {
1130 if (strcmp(cp + 1, mode_4[i]))
1131 continue;
1132 value = i;
1133 break;
1134 }
1135 if (i == 4)
1136 return -EINVAL;
1137 }
1138 if (value > 3)
1139 value = 3;
1140 for (i = 0; i < TOMOYO_MAX_CAPABILITY_INDEX; i++) {
1141 if (strcmp(data, capability_control_keyword[i]))
1142 continue;
1143 profile->capability_value[i] = value;
1144 return 0;
1145 }
1146 return -EINVAL;
1147 }
1148 #endif
1149 for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++) {
1150 if (strcmp(data, ccs_control_array[i].keyword))
1151 continue;
1152 if (sscanf(cp + 1, "%u", &value) != 1) {
1153 int j;
1154 const char **modes;
1155 switch (i) {
1156 case CCS_SAKURA_RESTRICT_AUTOBIND:
1157 case CCS_TOMOYO_VERBOSE:
1158 modes = mode_2;
1159 break;
1160 default:
1161 modes = mode_4;
1162 break;
1163 }
1164 for (j = 0; j < 4; j++) {
1165 if (strcmp(cp + 1, modes[j]))
1166 continue;
1167 value = j;
1168 break;
1169 }
1170 if (j == 4)
1171 return -EINVAL;
1172 } else if (value > ccs_control_array[i].max_value) {
1173 value = ccs_control_array[i].max_value;
1174 }
1175 switch (i) {
1176 case CCS_SAKURA_DENY_CONCEAL_MOUNT:
1177 case CCS_SAKURA_RESTRICT_UNMOUNT:
1178 if (value == 1)
1179 value = 2; /* learning mode is not supported. */
1180 }
1181 profile->value[i] = value;
1182 return 0;
1183 }
1184 return -EINVAL;
1185 }
1186
1187 /**
1188 * read_profile - Read profile table.
1189 *
1190 * @head: Pointer to "struct ccs_io_buffer".
1191 *
1192 * Returns 0.
1193 */
1194 static int read_profile(struct ccs_io_buffer *head)
1195 {
1196 static const int total
1197 = CCS_MAX_CONTROL_INDEX + TOMOYO_MAX_CAPABILITY_INDEX + 1;
1198 int step;
1199 if (head->read_eof)
1200 return 0;
1201 for (step = head->read_step; step < MAX_PROFILES * total; step++) {
1202 const u8 index = step / total;
1203 u8 type = step % total;
1204 const struct profile *profile = profile_ptr[index];
1205 head->read_step = step;
1206 if (!profile)
1207 continue;
1208 #if !defined(CONFIG_SAKURA) || !defined(CONFIG_TOMOYO)
1209 switch (type) {
1210 #ifndef CONFIG_SAKURA
1211 case CCS_SAKURA_DENY_CONCEAL_MOUNT:
1212 case CCS_SAKURA_RESTRICT_CHROOT:
1213 case CCS_SAKURA_RESTRICT_MOUNT:
1214 case CCS_SAKURA_RESTRICT_UNMOUNT:
1215 case CCS_SAKURA_RESTRICT_PIVOT_ROOT:
1216 case CCS_SAKURA_RESTRICT_AUTOBIND:
1217 #endif
1218 #ifndef CONFIG_TOMOYO
1219 case CCS_TOMOYO_MAC_FOR_FILE:
1220 case CCS_TOMOYO_MAC_FOR_ARGV0:
1221 case CCS_TOMOYO_MAC_FOR_ENV:
1222 case CCS_TOMOYO_MAC_FOR_NETWORK:
1223 case CCS_TOMOYO_MAC_FOR_SIGNAL:
1224 case CCS_TOMOYO_MAX_ACCEPT_ENTRY:
1225 case CCS_TOMOYO_MAX_GRANT_LOG:
1226 case CCS_TOMOYO_MAX_REJECT_LOG:
1227 case CCS_TOMOYO_VERBOSE:
1228 #endif
1229 continue;
1230 }
1231 #endif
1232 if (!type) { /* Print profile' comment tag. */
1233 if (!ccs_io_printf(head, "%u-COMMENT=%s\n",
1234 index, profile->comment ?
1235 profile->comment->name : ""))
1236 break;
1237 continue;
1238 }
1239 type--;
1240 if (type >= CCS_MAX_CONTROL_INDEX) {
1241 #ifdef CONFIG_TOMOYO
1242 const int i = type - CCS_MAX_CONTROL_INDEX;
1243 const u8 value = profile->capability_value[i];
1244 if (!ccs_io_printf(head,
1245 "%u-" KEYWORD_MAC_FOR_CAPABILITY
1246 "%s=%s\n", index,
1247 capability_control_keyword[i],
1248 mode_4[value]))
1249 break;
1250 #endif
1251 } else {
1252 const unsigned int value = profile->value[type];
1253 const char **modes = NULL;
1254 const char *keyword = ccs_control_array[type].keyword;
1255 switch (ccs_control_array[type].max_value) {
1256 case 3:
1257 modes = mode_4;
1258 break;
1259 case 1:
1260 modes = mode_2;
1261 break;
1262 }
1263 if (modes) {
1264 if (!ccs_io_printf(head, "%u-%s=%s\n", index,
1265 keyword, modes[value]))
1266 break;
1267 } else {
1268 if (!ccs_io_printf(head, "%u-%s=%u\n", index,
1269 keyword, value))
1270 break;
1271 }
1272 }
1273 }
1274 if (step == MAX_PROFILES * total)
1275 head->read_eof = true;
1276 return 0;
1277 }
1278
1279 /* Structure for policy manager. */
1280 struct policy_manager_entry {
1281 struct list1_head list;
1282 /* A path to program or a domainname. */
1283 const struct path_info *manager;
1284 bool is_domain; /* True if manager is a domainname. */
1285 bool is_deleted; /* True if this entry is deleted. */
1286 };
1287
1288 /* The list for "struct policy_manager_entry". */
1289 static LIST1_HEAD(policy_manager_list);
1290
1291 /**
1292 * update_manager_entry - Add a manager entry.
1293 *
1294 * @manager: The path to manager or the domainnamme.
1295 * @is_delete: True if it is a delete request.
1296 *
1297 * Returns 0 on success, negative value otherwise.
1298 */
1299 static int update_manager_entry(const char *manager, const bool is_delete)
1300 {
1301 struct policy_manager_entry *new_entry;
1302 struct policy_manager_entry *ptr;
1303 static DEFINE_MUTEX(lock);
1304 const struct path_info *saved_manager;
1305 int error = -ENOMEM;
1306 bool is_domain = false;
1307 if (ccs_is_domain_def(manager)) {
1308 if (!ccs_is_correct_domain(manager, __func__))
1309 return -EINVAL;
1310 is_domain = true;
1311 } else {
1312 if (!ccs_is_correct_path(manager, 1, -1, -1, __func__))
1313 return -EINVAL;
1314 }
1315 saved_manager = ccs_save_name(manager);
1316 if (!saved_manager)
1317 return -ENOMEM;
1318 mutex_lock(&lock);
1319 list1_for_each_entry(ptr, &policy_manager_list, list) {
1320 if (ptr->manager != saved_manager)
1321 continue;
1322 ptr->is_deleted = is_delete;
1323 error = 0;
1324 goto out;
1325 }
1326 if (is_delete) {
1327 error = -ENOENT;
1328 goto out;
1329 }
1330 new_entry = ccs_alloc_element(sizeof(*new_entry));
1331 if (!new_entry)
1332 goto out;
1333 new_entry->manager = saved_manager;
1334 new_entry->is_domain = is_domain;
1335 list1_add_tail_mb(&new_entry->list, &policy_manager_list);
1336 error = 0;
1337 out:
1338 mutex_unlock(&lock);
1339 if (!error)
1340 ccs_update_counter(CCS_UPDATES_COUNTER_MANAGER);
1341 return error;
1342 }
1343
1344 /**
1345 * write_manager_policy - Write manager policy.
1346 *
1347 * @head: Pointer to "struct ccs_io_buffer".
1348 *
1349 * Returns 0 on success, negative value otherwise.
1350 */
1351 static int write_manager_policy(struct ccs_io_buffer *head)
1352 {
1353 char *data = head->write_buf;
1354 bool is_delete = str_starts(&data, KEYWORD_DELETE);
1355 if (!strcmp(data, "manage_by_non_root")) {
1356 manage_by_non_root = !is_delete;
1357 return 0;
1358 }
1359 return update_manager_entry(data, is_delete);
1360 }
1361
1362 /**
1363 * read_manager_policy - Read manager policy.
1364 *
1365 * @head: Pointer to "struct ccs_io_buffer".
1366 *
1367 * Returns 0.
1368 */
1369 static int read_manager_policy(struct ccs_io_buffer *head)
1370 {
1371 struct list1_head *pos;
1372 if (head->read_eof)
1373 return 0;
1374 list1_for_each_cookie(pos, head->read_var2, &policy_manager_list) {
1375 struct policy_manager_entry *ptr;
1376 ptr = list1_entry(pos, struct policy_manager_entry, list);
1377 if (ptr->is_deleted)
1378 continue;
1379 if (!ccs_io_printf(head, "%s\n", ptr->manager->name))
1380 return 0;
1381 }
1382 head->read_eof = true;
1383 return 0;
1384 }
1385
1386 /**
1387 * is_policy_manager - Check whether the current process is a policy manager.
1388 *
1389 * Returns true if the current process is permitted to modify policy
1390 * via /proc/ccs/ interface.
1391 */
1392 static bool is_policy_manager(void)
1393 {
1394 struct policy_manager_entry *ptr;
1395 const char *exe;
1396 struct task_struct *task = current;
1397 const struct path_info *domainname = task->domain_info->domainname;
1398 bool found = false;
1399 if (!sbin_init_started)
1400 return true;
1401 if (task->tomoyo_flags & CCS_TASK_IS_POLICY_MANAGER)
1402 return true;
1403 if (!manage_by_non_root && (task->uid || task->euid))
1404 return false;
1405 list1_for_each_entry(ptr, &policy_manager_list, list) {
1406 if (!ptr->is_deleted && ptr->is_domain
1407 && !ccs_pathcmp(domainname, ptr->manager)) {
1408 /* Set manager flag. */
1409 task->tomoyo_flags |= CCS_TASK_IS_POLICY_MANAGER;
1410 return true;
1411 }
1412 }
1413 exe = ccs_get_exe();
1414 if (!exe)
1415 return false;
1416 list1_for_each_entry(ptr, &policy_manager_list, list) {
1417 if (!ptr->is_deleted && !ptr->is_domain
1418 && !strcmp(exe, ptr->manager->name)) {
1419 found = true;
1420 /* Set manager flag. */
1421 task->tomoyo_flags |= CCS_TASK_IS_POLICY_MANAGER;
1422 break;
1423 }
1424 }
1425 if (!found) { /* Reduce error messages. */
1426 static pid_t last_pid;
1427 const pid_t pid = current->pid;
1428 if (last_pid != pid) {
1429 printk(KERN_WARNING "%s ( %s ) is not permitted to "
1430 "update policies.\n", domainname->name, exe);
1431 last_pid = pid;
1432 }
1433 }
1434 ccs_free(exe);
1435 return found;
1436 }
1437
1438 #ifdef CONFIG_TOMOYO
1439
1440 /**
1441 * ccs_find_condition_part - Find condition part from the statement.
1442 *
1443 * @data: String to parse.
1444 *
1445 * Returns pointer to the condition part if it was found in the statement,
1446 * NULL otherwise.
1447 */
1448 static char *ccs_find_condition_part(char *data)
1449 {
1450 char *cp = strstr(data, " if ");
1451 if (cp) {
1452 while (1) {
1453 char *cp2 = strstr(cp + 3, " if ");
1454 if (!cp2)
1455 break;
1456 cp = cp2;
1457 }
1458 *cp++ = '\0';
1459 } else {
1460 cp = strstr(data, " ; set ");
1461 if (cp)
1462 *cp++ = '\0';
1463 }
1464 return cp;
1465 }
1466
1467 /**
1468 * is_select_one - Parse select command.
1469 *
1470 * @head: Pointer to "struct ccs_io_buffer".
1471 * @data: String to parse.
1472 *
1473 * Returns true on success, false otherwise.
1474 */
1475 static bool is_select_one(struct ccs_io_buffer *head, const char *data)
1476 {
1477 unsigned int pid;
1478 struct domain_info *domain = NULL;
1479 if (sscanf(data, "pid=%u", &pid) == 1) {
1480 struct task_struct *p;
1481 /***** CRITICAL SECTION START *****/
1482 read_lock(&tasklist_lock);
1483 p = find_task_by_pid(pid);
1484 if (p)
1485 domain = p->domain_info;
1486 read_unlock(&tasklist_lock);
1487 /***** CRITICAL SECTION END *****/
1488 } else if (!strncmp(data, "domain=", 7)) {
1489 if (ccs_is_domain_def(data + 7))
1490 domain = ccs_find_domain(data + 7);
1491 } else
1492 return false;
1493 head->write_var1 = domain;
1494 if (!head->read_buf)
1495 return true; /* Do nothing if open(O_WRONLY). */
1496 head->read_avail = 0;
1497 ccs_io_printf(head, "# select %s\n", data);
1498 head->read_single_domain = true;
1499 head->read_eof = !domain;
1500 if (domain) {
1501 struct domain_info *d;
1502 head->read_var1 = NULL;
1503 list1_for_each_entry(d, &domain_list, list) {
1504 if (d == domain)
1505 break;
1506 head->read_var1 = &d->list;
1507 }
1508 head->read_var2 = NULL;
1509 head->read_bit = 0;
1510 head->read_step = 0;
1511 if (domain->is_deleted)
1512 ccs_io_printf(head, "# This is a deleted domain.\n");
1513 }
1514 return true;
1515 }
1516
1517 /**
1518 * write_domain_policy - Write domain policy.
1519 *
1520 * @head: Pointer to "struct ccs_io_buffer".
1521 *
1522 * Returns 0 on success, negative value otherwise.
1523 */
1524 static int write_domain_policy(struct ccs_io_buffer *head)
1525 {
1526 char *data = head->write_buf;
1527 struct domain_info *domain = head->write_var1;
1528 bool is_delete = false;
1529 bool is_select = false;
1530 bool is_undelete = false;
1531 unsigned int profile;
1532 const struct condition_list *cond = NULL;
1533 char *cp;
1534 if (str_starts(&data, KEYWORD_DELETE))
1535 is_delete = true;
1536 else if (str_starts(&data, KEYWORD_SELECT))
1537 is_select = true;
1538 else if (str_starts(&data, KEYWORD_UNDELETE))
1539 is_undelete = true;
1540 if (is_select && is_select_one(head, data))
1541 return 0;
1542 /* Don't allow updating policies by non manager programs. */
1543 if (!is_policy_manager())
1544 return -EPERM;
1545 if (ccs_is_domain_def(data)) {
1546 domain = NULL;
1547 if (is_delete)
1548 ccs_delete_domain(data);
1549 else if (is_select)
1550 domain = ccs_find_domain(data);
1551 else if (is_undelete)
1552 domain = ccs_undelete_domain(data);
1553 else
1554 domain = ccs_find_or_assign_new_domain(data, 0);
1555 head->write_var1 = domain;
1556 ccs_update_counter(CCS_UPDATES_COUNTER_DOMAIN_POLICY);
1557 return 0;
1558 }
1559 if (!domain)
1560 return -EINVAL;
1561
1562 if (sscanf(data, KEYWORD_USE_PROFILE "%u", &profile) == 1
1563 && profile < MAX_PROFILES) {
1564 if (profile_ptr[profile] || !sbin_init_started)
1565 domain->profile = (u8) profile;
1566 return 0;
1567 }
1568 if (!strcmp(data, KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
1569 ccs_set_domain_flag(domain, is_delete,
1570 DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ);
1571 return 0;
1572 }
1573 if (!strcmp(data, KEYWORD_IGNORE_GLOBAL_ALLOW_ENV)) {
1574 ccs_set_domain_flag(domain, is_delete,
1575 DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_ENV);
1576 return 0;
1577 }
1578 cp = ccs_find_condition_part(data);
1579 if (cp) {
1580 cond = ccs_find_or_assign_new_condition(cp);
1581 if (!cond)
1582 return -EINVAL;
1583 }
1584 if (str_starts(&data, KEYWORD_ALLOW_CAPABILITY))
1585 return ccs_write_capability_policy(data, domain, cond,
1586 is_delete);
1587 else if (str_starts(&data, KEYWORD_ALLOW_NETWORK))
1588 return ccs_write_network_policy(data, domain, cond, is_delete);
1589 else if (str_starts(&data, KEYWORD_ALLOW_SIGNAL))
1590 return ccs_write_signal_policy(data, domain, cond, is_delete);
1591 else if (str_starts(&data, KEYWORD_ALLOW_ARGV0))
1592 return ccs_write_argv0_policy(data, domain, cond, is_delete);
1593 else if (str_starts(&data, KEYWORD_ALLOW_ENV))
1594 return ccs_write_env_policy(data, domain, cond, is_delete);
1595 else
1596 return ccs_write_file_policy(data, domain, cond, is_delete);
1597 }
1598
1599 /**
1600 * print_single_path_acl - Print a single path ACL entry.
1601 *
1602 * @head: Pointer to "struct ccs_io_buffer".
1603 * @ptr: Pointer to "struct single_path_acl_record".
1604 * @cond: Pointer to "struct condition_list". May be NULL.
1605 *
1606 * Returns true on success, false otherwise.
1607 */
1608 static bool print_single_path_acl(struct ccs_io_buffer *head,
1609 struct single_path_acl_record *ptr,
1610 const struct condition_list *cond)
1611 {
1612 int pos;
1613 u8 bit;
1614 const char *atmark = "";
1615 const char *filename;
1616 const u16 perm = ptr->perm;
1617 if (ptr->u_is_group) {
1618 atmark = "@";
1619 filename = ptr->u.group->group_name->name;
1620 } else {
1621 filename = ptr->u.filename->name;
1622 }
1623 for (bit = head->read_bit; bit < MAX_SINGLE_PATH_OPERATION; bit++) {
1624 const char *msg;
1625 if (!(perm & (1 << bit)))
1626 continue;
1627 /* Print "read/write" instead of "read" and "write". */
1628 if ((bit == TYPE_READ_ACL || bit == TYPE_WRITE_ACL)
1629 && (perm & (1 << TYPE_READ_WRITE_ACL)))
1630 continue;
1631 msg = ccs_sp2keyword(bit);
1632 pos = head->read_avail;
1633 if (!ccs_io_printf(head, "allow_%s %s%s", msg,
1634 atmark, filename) ||
1635 !ccs_print_condition(head, cond))
1636 goto out;
1637 }
1638 head->read_bit = 0;
1639 return true;
1640 out:
1641 head->read_bit = bit;
1642 head->read_avail = pos;
1643 return false;
1644 }
1645
1646 /**
1647 * print_double_path_acl - Print a double path ACL entry.
1648 *
1649 * @head: Pointer to "struct ccs_io_buffer".
1650 * @ptr: Pointer to "struct double_path_acl_record".
1651 * @cond: Pointer to "struct condition_list". May be NULL.
1652 *
1653 * Returns true on success, false otherwise.
1654 */
1655 static bool print_double_path_acl(struct ccs_io_buffer *head,
1656 struct double_path_acl_record *ptr,
1657 const struct condition_list *cond)
1658 {
1659 int pos;
1660 const char *atmark1 = "";
1661 const char *atmark2 = "";
1662 const char *filename1;
1663 const char *filename2;
1664 const u8 perm = ptr->perm;
1665 u8 bit;
1666 if (ptr->u1_is_group) {
1667 atmark1 = "@";
1668 filename1 = ptr->u1.group1->group_name->name;
1669 } else {
1670 filename1 = ptr->u1.filename1->name;
1671 }
1672 if (ptr->u2_is_group) {
1673 atmark2 = "@";
1674 filename2 = ptr->u2.group2->group_name->name;
1675 } else {
1676 filename2 = ptr->u2.filename2->name;
1677 }
1678 for (bit = head->read_bit; bit < MAX_DOUBLE_PATH_OPERATION; bit++) {
1679 const char *msg;
1680 if (!(perm & (1 << bit)))
1681 continue;
1682 msg = ccs_dp2keyword(bit);
1683 pos = head->read_avail;
1684 if (!ccs_io_printf(head, "allow_%s %s%s %s%s", msg,
1685 atmark1, filename1, atmark2, filename2) ||
1686 !ccs_print_condition(head, cond))
1687 goto out;
1688 }
1689 head->read_bit = 0;
1690 return true;
1691 out:
1692 head->read_bit = bit;
1693 head->read_avail = pos;
1694 return false;
1695 }
1696
1697 /**
1698 * print_argv0_acl - Print an argv[0] ACL entry.
1699 *
1700 * @head: Pointer to "struct ccs_io_buffer".
1701 * @ptr: Pointer to "struct argv0_acl_record".
1702 * @cond: Pointer to "struct condition_list". May be NULL.
1703 *
1704 * Returns true on success, false otherwise.
1705 */
1706 static bool print_argv0_acl(struct ccs_io_buffer *head,
1707 struct argv0_acl_record *ptr,
1708 const struct condition_list *cond)
1709 {
1710 int pos = head->read_avail;
1711 if (!ccs_io_printf(head, KEYWORD_ALLOW_ARGV0 "%s %s",
1712 ptr->filename->name, ptr->argv0->name))
1713 goto out;
1714 if (!ccs_print_condition(head, cond))
1715 goto out;
1716 return true;
1717 out:
1718 head->read_avail = pos;
1719 return false;
1720 }
1721
1722 /**
1723 * print_env_acl - Print an evironment variable name's ACL entry.
1724 *
1725 * @head: Pointer to "struct ccs_io_buffer".
1726 * @ptr: Pointer to "struct env_acl_record".
1727 * @cond: Pointer to "struct condition_list". May be NULL.
1728 *
1729 * Returns true on success, false otherwise.
1730 */
1731 static bool print_env_acl(struct ccs_io_buffer *head,
1732 struct env_acl_record *ptr,
1733 const struct condition_list *cond)
1734 {
1735 int pos = head->read_avail;
1736 if (!ccs_io_printf(head, KEYWORD_ALLOW_ENV "%s", ptr->env->name))
1737 goto out;
1738 if (!ccs_print_condition(head, cond))
1739 goto out;
1740 return true;
1741 out:
1742 head->read_avail = pos;
1743 return false;
1744 }
1745
1746 /**
1747 * print_capability_acl - Print a capability ACL entry.
1748 *
1749 * @head: Pointer to "struct ccs_io_buffer".
1750 * @ptr: Pointer to "struct capability_acl_record".
1751 * @cond: Pointer to "struct condition_list". May be NULL.
1752 *
1753 * Returns true on success, false otherwise.
1754 */
1755 static bool print_capability_acl(struct ccs_io_buffer *head,
1756 struct capability_acl_record *ptr,
1757 const struct condition_list *cond)
1758 {
1759 int pos = head->read_avail;
1760 if (!ccs_io_printf(head, KEYWORD_ALLOW_CAPABILITY "%s",
1761 ccs_cap2keyword(ptr->operation)))
1762 goto out;
1763 if (!ccs_print_condition(head, cond))
1764 goto out;
1765 return true;
1766 out:
1767 head->read_avail = pos;
1768 return false;
1769 }
1770
1771 /**
1772 * print_ipv4_entry - Print IPv4 address of a network ACL entry.
1773 *
1774 * @head: Pointer to "struct ccs_io_buffer".
1775 * @ptr: Pointer to "struct ip_network_acl_record".
1776 *
1777 * Returns true on success, false otherwise.
1778 */
1779 static bool print_ipv4_entry(struct ccs_io_buffer *head,
1780 struct ip_network_acl_record *ptr)
1781 {
1782 const u32 min_address = ptr->u.ipv4.min;
1783 const u32 max_address = ptr->u.ipv4.max;
1784 if (!ccs_io_printf(head, "%u.%u.%u.%u", HIPQUAD(min_address)))
1785 return false;
1786 if (min_address != max_address
1787 && !ccs_io_printf(head, "-%u.%u.%u.%u", HIPQUAD(max_address)))
1788 return false;
1789 return true;
1790 }
1791
1792 /**
1793 * print_ipv6_entry - Print IPv6 address of a network ACL entry.
1794 *
1795 * @head: Pointer to "struct ccs_io_buffer".
1796 * @ptr: Pointer to "struct ip_network_acl_record".
1797 *
1798 * Returns true on success, false otherwise.
1799 */
1800 static bool print_ipv6_entry(struct ccs_io_buffer *head,
1801 struct ip_network_acl_record *ptr)
1802 {
1803 char buf[64];
1804 const struct in6_addr *min_address = ptr->u.ipv6.min;
1805 const struct in6_addr *max_address = ptr->u.ipv6.max;
1806 ccs_print_ipv6(buf, sizeof(buf), min_address);
1807 if (!ccs_io_printf(head, "%s", buf))
1808 return false;
1809 if (min_address != max_address) {
1810 ccs_print_ipv6(buf, sizeof(buf), max_address);
1811 if (!ccs_io_printf(head, "-%s", buf))
1812 return false;
1813 }
1814 return true;
1815 }
1816
1817 /**
1818 * print_port_entry - Print port number of a network ACL entry.
1819 *
1820 * @head: Pointer to "struct ccs_io_buffer".
1821 * @ptr: Pointer to "struct ip_network_acl_record".
1822 *
1823 * Returns true on success, false otherwise.
1824 */
1825 static bool print_port_entry(struct ccs_io_buffer *head,
1826 struct ip_network_acl_record *ptr)
1827 {
1828 const u16 min_port = ptr->min_port, max_port = ptr->max_port;
1829 if (!ccs_io_printf(head, " %u", min_port))
1830 return false;
1831 if (min_port != max_port && !ccs_io_printf(head, "-%u", max_port))
1832 return false;
1833 return true;
1834 }
1835
1836 /**
1837 * print_network_acl - Print a network ACL entry.
1838 *
1839 * @head: Pointer to "struct ccs_io_buffer".
1840 * @ptr: Pointer to "struct ip_network_acl_record".
1841 * @cond: Pointer to "struct condition_list". May be NULL.
1842 *
1843 * Returns true on success, false otherwise.
1844 */
1845 static bool print_network_acl(struct ccs_io_buffer *head,
1846 struct ip_network_acl_record *ptr,
1847 const struct condition_list *cond)
1848 {
1849 int pos = head->read_avail;
1850 if (!ccs_io_printf(head, KEYWORD_ALLOW_NETWORK "%s ",
1851 ccs_net2keyword(ptr->operation_type)))
1852 goto out;
1853 switch (ptr->record_type) {
1854 case IP_RECORD_TYPE_ADDRESS_GROUP:
1855 if (!ccs_io_printf(head, "@%s", ptr->u.group->group_name->name))
1856 goto out;
1857 break;
1858 case IP_RECORD_TYPE_IPv4:
1859 if (!print_ipv4_entry(head, ptr))
1860 goto out;
1861 break;
1862 case IP_RECORD_TYPE_IPv6:
1863 if (!print_ipv6_entry(head, ptr))
1864 goto out;
1865 break;
1866 }
1867 if (!print_port_entry(head, ptr))
1868 goto out;
1869 if (!ccs_print_condition(head, cond))
1870 goto out;
1871 return true;
1872 out:
1873 head->read_avail = pos;
1874 return false;
1875 }
1876
1877 /**
1878 * print_signal_acl - Print a signal ACL entry.
1879 *
1880 * @head: Pointer to "struct ccs_io_buffer".
1881 * @ptr: Pointer to "struct signale_acl_record".
1882 * @cond: Pointer to "struct condition_list". May be NULL.
1883 *
1884 * Returns true on success, false otherwise.
1885 */
1886 static bool print_signal_acl(struct ccs_io_buffer *head,
1887 struct signal_acl_record *ptr,
1888 const struct condition_list *cond)
1889 {
1890 int pos = head->read_avail;
1891 if (!ccs_io_printf(head, KEYWORD_ALLOW_SIGNAL "%u %s",
1892 ptr->sig, ptr->domainname->name))
1893 goto out;
1894 if (!ccs_print_condition(head, cond))
1895 goto out;
1896 return true;
1897 out:
1898 head->read_avail = pos;
1899 return false;
1900 }
1901
1902 /**
1903 * print_execute_handler_record - Print an execute handler ACL entry.
1904 *
1905 * @head: Pointer to "struct ccs_io_buffer".
1906 * @keyword: Name of the keyword.
1907 * @ptr: Pointer to "struct execute_handler_record".
1908 *
1909 * Returns true on success, false otherwise.
1910 */
1911 static bool print_execute_handler_record(struct ccs_io_buffer *head,
1912 const char *keyword,
1913 struct execute_handler_record *ptr)
1914 {
1915 return ccs_io_printf(head, "%s %s\n", keyword, ptr->handler->name);
1916 }
1917
1918 /**
1919 * print_entry - Print an ACL entry.
1920 *
1921 * @head: Pointer to "struct ccs_io_buffer".
1922 * @ptr: Pointer to an ACL entry.
1923 *
1924 * Returns true on success, false otherwise.
1925 */
1926 static bool print_entry(struct ccs_io_buffer *head, struct acl_info *ptr)
1927 {
1928 const struct condition_list *cond = ccs_get_condition_part(ptr);
1929 const u8 acl_type = ccs_acl_type2(ptr);
1930 if (acl_type & ACL_DELETED)
1931 return true;
1932 if (acl_type == TYPE_SINGLE_PATH_ACL) {
1933 struct single_path_acl_record *acl
1934 = container_of(ptr, struct single_path_acl_record,
1935 head);
1936 return print_single_path_acl(head, acl, cond);
1937 }
1938 if (acl_type == TYPE_DOUBLE_PATH_ACL) {
1939 struct double_path_acl_record *acl
1940 = container_of(ptr, struct double_path_acl_record,
1941 head);
1942 return print_double_path_acl(head, acl, cond);
1943 }
1944 if (acl_type == TYPE_ARGV0_ACL) {
1945 struct argv0_acl_record *acl
1946 = container_of(ptr, struct argv0_acl_record, head);
1947 return print_argv0_acl(head, acl, cond);
1948 }
1949 if (acl_type == TYPE_ENV_ACL) {
1950 struct env_acl_record *acl
1951 = container_of(ptr, struct env_acl_record, head);
1952 return print_env_acl(head, acl, cond);
1953 }
1954 if (acl_type == TYPE_CAPABILITY_ACL) {
1955 struct capability_acl_record *acl
1956 = container_of(ptr, struct capability_acl_record, head);
1957 return print_capability_acl(head, acl, cond);
1958 }
1959 if (acl_type == TYPE_IP_NETWORK_ACL) {
1960 struct ip_network_acl_record *acl
1961 = container_of(ptr, struct ip_network_acl_record, head);
1962 return print_network_acl(head, acl, cond);
1963 }
1964 if (acl_type == TYPE_SIGNAL_ACL) {
1965 struct signal_acl_record *acl
1966 = container_of(ptr, struct signal_acl_record, head);
1967 return print_signal_acl(head, acl, cond);
1968 }
1969 if (acl_type == TYPE_EXECUTE_HANDLER) {
1970 struct execute_handler_record *acl
1971 = container_of(ptr, struct execute_handler_record,
1972 head);
1973 const char *keyword = KEYWORD_EXECUTE_HANDLER;
1974 return print_execute_handler_record(head, keyword, acl);
1975 }
1976 if (acl_type == TYPE_DENIED_EXECUTE_HANDLER) {
1977 struct execute_handler_record *acl
1978 = container_of(ptr, struct execute_handler_record,
1979 head);
1980 const char *keyword = KEYWORD_DENIED_EXECUTE_HANDLER;
1981 return print_execute_handler_record(head, keyword, acl);
1982 }
1983 /* Workaround for gcc 3.2.2's inline bug. */
1984 if (acl_type & ACL_DELETED)
1985 return true;
1986 BUG(); /* This must not happen. */
1987 return false;
1988 }
1989
1990 /**
1991 * read_domain_policy - Read domain policy.
1992 *
1993 * @head: Pointer to "struct ccs_io_buffer".
1994 *
1995 * Returns 0.
1996 */
1997 static int read_domain_policy(struct ccs_io_buffer *head)
1998 {
1999 struct list1_head *dpos;
2000 struct list1_head *apos;
2001 if (head->read_eof)
2002 return 0;
2003 if (head->read_step == 0)
2004 head->read_step = 1;
2005 list1_for_each_cookie(dpos, head->read_var1, &domain_list) {
2006 struct domain_info *domain;
2007 const char *quota_exceeded = "";
2008 const char *transition_failed = "";
2009 const char *ignore_global_allow_read = "";
2010 const char *ignore_global_allow_env = "";
2011 domain = list1_entry(dpos, struct domain_info, list);
2012 if (head->read_step != 1)
2013 goto acl_loop;
2014 if (domain->is_deleted && !head->read_single_domain)
2015 continue;
2016 /* Print domainname and flags. */
2017 if (domain->quota_warned)
2018 quota_exceeded = "quota_exceeded\n";
2019 if (domain->flags & DOMAIN_FLAGS_TRANSITION_FAILED)
2020 transition_failed = "transition_failed\n";
2021 if (domain->flags & DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ)
2022 ignore_global_allow_read
2023 = KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n";
2024 if (domain->flags & DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_ENV)
2025 ignore_global_allow_env
2026 = KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "\n";
2027 if (!ccs_io_printf(head, "%s\n" KEYWORD_USE_PROFILE "%u\n"
2028 "%s%s%s%s\n", domain->domainname->name,
2029 domain->profile, quota_exceeded,
2030 transition_failed,
2031 ignore_global_allow_read,
2032 ignore_global_allow_env))
2033 return 0;
2034 head->read_step = 2;
2035 acl_loop:
2036 if (head->read_step == 3)
2037 goto tail_mark;
2038 /* Print ACL entries in the domain. */
2039 list1_for_each_cookie(apos, head->read_var2,
2040 &domain->acl_info_list) {
2041 struct acl_info *ptr
2042 = list1_entry(apos, struct acl_info, list);
2043 if (!print_entry(head, ptr))
2044 return 0;
2045 }
2046 head->read_step = 3;
2047 tail_mark:
2048 if (!ccs_io_printf(head, "\n"))
2049 return 0;
2050 head->read_step = 1;
2051 if (head->read_single_domain)
2052 break;
2053 }
2054 head->read_eof = true;
2055 return 0;
2056 }
2057
2058 #endif
2059
2060 /**
2061 * write_domain_profile - Assign profile for specified domain.
2062 *
2063 * @head: Pointer to "struct ccs_io_buffer".
2064 *
2065 * Returns 0 on success, -EINVAL otherwise.
2066 *
2067 * This is equivalent to doing
2068 *
2069 * ( echo "select " $domainname; echo "use_profile " $profile ) |
2070 * /usr/lib/ccs/loadpolicy -d
2071 */
2072 static int write_domain_profile(struct ccs_io_buffer *head)
2073 {
2074 char *data = head->write_buf;
2075 char *cp = strchr(data, ' ');
2076 struct domain_info *domain;
2077 unsigned int profile;
2078 if (!cp)
2079 return -EINVAL;
2080 *cp = '\0';
2081 domain = ccs_find_domain(cp + 1);
2082 profile = simple_strtoul(data, NULL, 10);
2083 if (domain && profile < MAX_PROFILES
2084 && (profile_ptr[profile] || !sbin_init_started))
2085 domain->profile = (u8) profile;
2086 ccs_update_counter(CCS_UPDATES_COUNTER_DOMAIN_POLICY);
2087 return 0;
2088 }
2089
2090 /**
2091 * read_domain_profile - Read only domainname and profile.
2092 *
2093 * @head: Pointer to "struct ccs_io_buffer".
2094 *
2095 * Returns list of profile number and domainname pairs.
2096 *
2097 * This is equivalent to doing
2098 *
2099 * grep -A 1 '^<kernel>' /proc/ccs/domain_policy |
2100 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
2101 * domainname = $0; } else if ( $1 == "use_profile" ) {
2102 * print $2 " " domainname; domainname = ""; } } ; '
2103 */
2104 static int read_domain_profile(struct ccs_io_buffer *head)
2105 {
2106 struct list1_head *pos;
2107 if (head->read_eof)
2108 return 0;
2109 list1_for_each_cookie(pos, head->read_var1, &domain_list) {
2110 struct domain_info *domain;
2111 domain = list1_entry(pos, struct domain_info, list);
2112 if (domain->is_deleted)
2113 continue;
2114 if (!ccs_io_printf(head, "%u %s\n", domain->profile,
2115 domain->domainname->name))
2116 return 0;
2117 }
2118 head->read_eof = true;
2119 return 0;
2120 }
2121
2122 /**
2123 * write_pid: Specify PID to obtain domainname.
2124 *
2125 * @head: Pointer to "struct ccs_io_buffer".
2126 *
2127 * Returns 0.
2128 */
2129 static int write_pid(struct ccs_io_buffer *head)
2130 {
2131 head->read_eof = false;
2132 return 0;
2133 }
2134
2135 /**
2136 * read_pid - Read information of a process.
2137 *
2138 * @head: Pointer to "struct ccs_io_buffer".
2139 *
2140 * Returns the domainname which the specified PID is in or
2141 * process information of the specified PID on success,
2142 * empty string otherwise.
2143 */
2144 static int read_pid(struct ccs_io_buffer *head)
2145 {
2146 /* Accessing write_buf is safe because head->io_sem is held. */
2147 char *buf = head->write_buf;
2148 bool task_info = false;
2149 unsigned int pid;
2150 struct task_struct *p;
2151 struct domain_info *domain = NULL;
2152 u32 tomoyo_flags = 0;
2153 if (!buf)
2154 goto done; /* Do nothing if open(O_RDONLY). */
2155 if (head->read_avail || head->read_eof)
2156 goto done;
2157 head->read_eof = true;
2158 if (str_starts(&buf, "info "))
2159 task_info = true;
2160 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
2161 /***** CRITICAL SECTION START *****/
2162 read_lock(&tasklist_lock);
2163 p = find_task_by_pid(pid);
2164 if (p) {
2165 domain = p->domain_info;
2166 tomoyo_flags = p->tomoyo_flags;
2167 }
2168 read_unlock(&tasklist_lock);
2169 /***** CRITICAL SECTION END *****/
2170 if (!domain)
2171 goto done;
2172 if (!task_info)
2173 ccs_io_printf(head, "%u %u %s", pid, domain->profile,
2174 domain->domainname->name);
2175 else
2176 ccs_io_printf(head, "%u manager=%s execute_handler=%s "
2177 "state[0]=%u state[1]=%u state[2]=%u", pid,
2178 tomoyo_flags & CCS_TASK_IS_POLICY_MANAGER ?
2179 "yes" : "no",
2180 tomoyo_flags & TOMOYO_TASK_IS_EXECUTE_HANDLER ?
2181 "yes" : "no",
2182 (u8) (tomoyo_flags >> 24),
2183 (u8) (tomoyo_flags >> 16),
2184 (u8) (tomoyo_flags >> 8));
2185 done:
2186 return 0;
2187 }
2188
2189 #ifdef CONFIG_TOMOYO
2190
2191 /**
2192 * write_exception_policy - Write exception policy.
2193 *
2194 * @head: Pointer to "struct ccs_io_buffer".
2195 *
2196 * Returns 0 on success, negative value otherwise.
2197 */
2198 static int write_exception_policy(struct ccs_io_buffer *head)
2199 {
2200 char *data = head->write_buf;
2201 bool is_delete = str_starts(&data, KEYWORD_DELETE);
2202 if (str_starts(&data, KEYWORD_KEEP_DOMAIN))
2203 return ccs_write_domain_keeper_policy(data, false, is_delete);
2204 if (str_starts(&data, KEYWORD_NO_KEEP_DOMAIN))
2205 return ccs_write_domain_keeper_policy(data, true, is_delete);
2206 if (str_starts(&data, KEYWORD_INITIALIZE_DOMAIN))
2207 return ccs_write_domain_initializer_policy(data, false,
2208 is_delete);
2209 if (str_starts(&data, KEYWORD_NO_INITIALIZE_DOMAIN))
2210 return ccs_write_domain_initializer_policy(data, true,
2211 is_delete);
2212 if (str_starts(&data, KEYWORD_ALIAS))
2213 return ccs_write_alias_policy(data, is_delete);
2214 if (str_starts(&data, KEYWORD_AGGREGATOR))
2215 return ccs_write_aggregator_policy(data, is_delete);
2216 if (str_starts(&data, KEYWORD_ALLOW_READ))
2217 return ccs_write_globally_readable_policy(data, is_delete);
2218 if (str_starts(&data, KEYWORD_ALLOW_ENV))
2219 return ccs_write_globally_usable_env_policy(data, is_delete);
2220 if (str_starts(&data, KEYWORD_FILE_PATTERN))
2221 return ccs_write_pattern_policy(data, is_delete);
2222 if (str_starts(&data, KEYWORD_PATH_GROUP))
2223 return ccs_write_path_group_policy(data, is_delete);
2224 if (str_starts(&data, KEYWORD_DENY_REWRITE))
2225 return ccs_write_no_rewrite_policy(data, is_delete);
2226 if (str_starts(&data, KEYWORD_ADDRESS_GROUP))
2227 return ccs_write_address_group_policy(data, is_delete);
2228 return -EINVAL;
2229 }
2230
2231 /**
2232 * read_exception_policy - Read exception policy.
2233 *
2234 * @head: Pointer to "struct ccs_io_buffer".
2235 *
2236 * Returns 0 on success, -EINVAL otherwise.
2237 */
2238 static int read_exception_policy(struct ccs_io_buffer *head)
2239 {
2240 if (!head->read_eof) {
2241 switch (head->read_step) {
2242 case 0:
2243 head->read_var2 = NULL;
2244 head->read_step = 1;
2245 case 1:
2246 if (!ccs_read_domain_keeper_policy(head))
2247 break;
2248 head->read_var2 = NULL;
2249 head->read_step = 2;
2250 case 2:
2251 if (!ccs_read_globally_readable_policy(head))
2252 break;
2253 head->read_var2 = NULL;
2254 head->read_step = 3;
2255 case 3:
2256 if (!ccs_read_globally_usable_env_policy(head))
2257 break;
2258 head->read_var2 = NULL;
2259 head->read_step = 4;
2260 case 4:
2261 if (!ccs_read_domain_initializer_policy(head))
2262 break;
2263 head->read_var2 = NULL;
2264 head->read_step = 5;
2265 case 5:
2266 if (!ccs_read_alias_policy(head))
2267 break;
2268 head->read_var2 = NULL;
2269 head->read_step = 6;
2270 case 6:
2271 if (!ccs_read_aggregator_policy(head))
2272 break;
2273 head->read_var2 = NULL;
2274 head->read_step = 7;
2275 case 7:
2276 if (!ccs_read_file_pattern(head))
2277 break;
2278 head->read_var2 = NULL;
2279 head->read_step = 8;
2280 case 8:
2281 if (!ccs_read_no_rewrite_policy(head))
2282 break;
2283 head->read_var2 = NULL;
2284 head->read_step = 9;
2285 case 9:
2286 if (!ccs_read_path_group_policy(head))
2287 break;
2288 head->read_var1 = NULL;
2289 head->read_var2 = NULL;
2290 head->read_step = 10;
2291 case 10:
2292 if (!ccs_read_address_group_policy(head))
2293 break;
2294 head->read_eof = true;
2295 break;
2296 default:
2297 return -EINVAL;
2298 }
2299 }
2300 return 0;
2301 }
2302
2303 #endif
2304
2305 #ifdef CONFIG_SAKURA
2306
2307 /**
2308 * write_system_policy - Write system policy.
2309 *
2310 * @head: Pointer to "struct ccs_io_buffer".
2311 *
2312 * Returns 0 on success, negative value otherwise.
2313 */
2314 static int write_system_policy(struct ccs_io_buffer *head)
2315 {
2316 char *data = head->write_buf;
2317 bool is_delete = false;
2318 if (str_starts(&data, KEYWORD_DELETE))
2319 is_delete = true;
2320 if (str_starts(&data, KEYWORD_ALLOW_MOUNT))
2321 return ccs_write_mount_policy(data, is_delete);
2322 if (str_starts(&data, KEYWORD_DENY_UNMOUNT))
2323 return ccs_write_no_umount_policy(data, is_delete);
2324 if (str_starts(&data, KEYWORD_ALLOW_CHROOT))
2325 return ccs_write_chroot_policy(data, is_delete);
2326 if (str_starts(&data, KEYWORD_ALLOW_PIVOT_ROOT))
2327 return ccs_write_pivot_root_policy(data, is_delete);
2328 if (str_starts(&data, KEYWORD_DENY_AUTOBIND))
2329 return ccs_write_reserved_port_policy(data, is_delete);
2330 return -EINVAL;
2331 }
2332
2333 /**
2334 * read_system_policy - Read system policy.
2335 *
2336 * @head: Pointer to "struct ccs_io_buffer".
2337 *
2338 * Returns 0 on success, -EINVAL otherwise.
2339 */
2340 static int read_system_policy(struct ccs_io_buffer *head)
2341 {
2342 if (!head->read_eof) {
2343 switch (head->read_step) {
2344 case 0:
2345 head->read_var2 = NULL;
2346 head->read_step = 1;
2347 case 1:
2348 if (!ccs_read_mount_policy(head))
2349 break;
2350 head->read_var2 = NULL;
2351 head->read_step = 2;
2352 case 2:
2353 if (!ccs_read_no_umount_policy(head))
2354 break;
2355 head->read_var2 = NULL;
2356 head->read_step = 3;
2357 case 3:
2358 if (!ccs_read_chroot_policy(head))
2359 break;
2360 head->read_var2 = NULL;
2361 head->read_step = 4;
2362 case 4:
2363 if (!ccs_read_pivot_root_policy(head))
2364 break;
2365 head->read_var2 = NULL;
2366 head->read_step = 5;
2367 case 5:
2368 if (!ccs_read_reserved_port_policy(head))
2369 break;
2370 head->read_eof = true;
2371 break;
2372 default:
2373 return -EINVAL;
2374 }
2375 }
2376 return 0;
2377 }
2378
2379 #endif
2380
2381 /* Path to the policy loader. The default is /sbin/ccs-init. */
2382 static const char *ccs_loader;
2383
2384 /**
2385 * loader_setup - Specify the policy loader to use.
2386 *
2387 * @str: Path to the policy loader.
2388 *
2389 * Returns 0.
2390 */
2391 static int __init loader_setup(char *str)
2392 {
2393 ccs_loader = str;
2394 return 0;
2395 }
2396
2397 __setup("CCS_loader=", loader_setup);
2398
2399 /**
2400 * policy_loader_exists - Check whether /sbin/ccs-init exists.
2401 *
2402 * Returns true if /sbin/ccs-init exists, false otherwise.
2403 */
2404 static bool policy_loader_exists(void)
2405 {
2406 /*
2407 * Don't activate MAC if the path given by 'CCS_loader=' option doesn't
2408 * exist. If the initrd includes /sbin/init but real-root-dev has not
2409 * mounted on / yet, activating MAC will block the system since
2410 * policies are not loaded yet.
2411 * Thus, let do_execve() call this function everytime.
2412 */
2413 struct nameidata nd;
2414 if (!ccs_loader)
2415 ccs_loader = "/sbin/ccs-init";
2416 if (path_lookup(ccs_loader, lookup_flags, &nd)) {
2417 printk(KERN_INFO "Not activating Mandatory Access Control now "
2418 "since %s doesn't exist.\n", ccs_loader);
2419 return false;
2420 }
2421 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 25)
2422 path_put(&nd.path);
2423 #else
2424 path_release(&nd);
2425 #endif
2426 return true;
2427 }
2428
2429 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 5, 0)
2430 /**
2431 * run_ccs_loader - Start /sbin/ccs-init .
2432 *
2433 * @unused: Not used.
2434 *
2435 * Returns PID of /sbin/ccs-init on success, negative value otherwise.
2436 */
2437 static int run_ccs_loader(void *unused)
2438 {
2439 char *argv[2];
2440 char *envp[3];
2441 printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
2442 ccs_loader);
2443 argv[0] = (char *) ccs_loader;
2444 argv[1] = NULL;
2445 envp[0] = "HOME=/";
2446 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
2447 envp[2] = NULL;
2448 return exec_usermodehelper(argv[0], argv, envp);
2449 }
2450 #endif
2451
2452 /**
2453 * ccs_load_policy - Run external policy loader to load policy.
2454 *
2455 * @filename: The program about to start.
2456 *
2457 * This function checks whether @filename is /sbin/init , and if so
2458 * invoke /sbin/ccs-init and wait for the termination of /sbin/ccs-init
2459 * and then continues invocation of /sbin/init.
2460 * /sbin/ccs-init reads policy files in /etc/ccs/ directory and
2461 * writes to /proc/ccs/ interfaces.
2462 *
2463 * Returns nothing.
2464 */
2465 void ccs_load_policy(const char *filename)
2466 {
2467 if (sbin_init_started)
2468 return;
2469 /*
2470 * Check filename is /sbin/init or /sbin/ccs-start.
2471 * /sbin/ccs-start is a dummy filename in case where /sbin/init can't
2472 * be passed.
2473 * You can create /sbin/ccs-start by "ln -s /bin/true /sbin/ccs-start".
2474 */
2475 if (strcmp(filename, "/sbin/init") &&
2476 strcmp(filename, "/sbin/ccs-start"))
2477 return;
2478 if (!policy_loader_exists())
2479 return;
2480 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 0)
2481 {
2482 char *argv[2];
2483 char *envp[3];
2484 printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
2485 ccs_loader);
2486 argv[0] = (char *) ccs_loader;
2487 argv[1] = NULL;
2488 envp[0] = "HOME=/";
2489 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
2490 envp[2] = NULL;
2491 call_usermodehelper(argv[0], argv, envp, 1);
2492 }
2493 #elif defined(TASK_DEAD)
2494 {
2495 /* Copied from kernel/kmod.c */
2496 struct task_struct *task = current;
2497 pid_t pid = kernel_thread(run_ccs_loader, NULL, 0);
2498 sigset_t tmpsig;
2499 spin_lock_irq(&task->sighand->siglock);
2500 tmpsig = task->blocked;
2501 siginitsetinv(&task->blocked,
2502 sigmask(SIGKILL) | sigmask(SIGSTOP));
2503 recalc_sigpending();
2504 spin_unlock_irq(&current->sighand->siglock);
2505 if (pid >= 0)
2506 waitpid(pid, NULL, __WCLONE);
2507 spin_lock_irq(&task->sighand->siglock);
2508 task->blocked = tmpsig;
2509 recalc_sigpending();
2510 spin_unlock_irq(&task->sighand->siglock);
2511 }
2512 #else
2513 {
2514 /* Copied from kernel/kmod.c */
2515 struct task_struct *task = current;
2516 pid_t pid = kernel_thread(run_ccs_loader, NULL, 0);
2517 sigset_t tmpsig;
2518 spin_lock_irq(&task->sigmask_lock);
2519 tmpsig = task->blocked;
2520 siginitsetinv(&task->blocked,
2521 sigmask(SIGKILL) | sigmask(SIGSTOP));
2522 recalc_sigpending(task);
2523 spin_unlock_irq(&task->sigmask_lock);
2524 if (pid >= 0)
2525 waitpid(pid, NULL, __WCLONE);
2526 spin_lock_irq(&task->sigmask_lock);
2527 task->blocked = tmpsig;
2528 recalc_sigpending(task);
2529 spin_unlock_irq(&task->sigmask_lock);
2530 }
2531 #endif
2532 #ifdef CONFIG_SAKURA
2533 printk(KERN_INFO "SAKURA: 1.6.5-rc 2008/11/07\n");
2534 #endif
2535 #ifdef CONFIG_TOMOYO
2536 printk(KERN_INFO "TOMOYO: 1.6.5-rc 2008/11/09\n");
2537 #endif
2538 printk(KERN_INFO "Mandatory Access Control activated.\n");
2539 sbin_init_started = true;
2540 ccs_log_level = KERN_WARNING;
2541 { /* Check all profiles currently assigned to domains are defined. */
2542 struct domain_info *domain;
2543 list1_for_each_entry(domain, &domain_list, list) {
2544 const u8 profile = domain->profile;
2545 if (profile_ptr[profile])
2546 continue;
2547 panic("Profile %u (used by '%s') not defined.\n",
2548 profile, domain->domainname->name);
2549 }
2550 }
2551 }
2552
2553 /* Wait queue for query_list. */
2554 static DECLARE_WAIT_QUEUE_HEAD(query_wait);
2555
2556 /* Lock for manipulating query_list. */
2557 static DEFINE_SPINLOCK(query_list_lock);
2558
2559 /* Structure for query. */
2560 struct query_entry {
2561 struct list_head list;
2562 char *query;
2563 int query_len;
2564 unsigned int serial;
2565 int timer;
2566 int answer;
2567 };
2568
2569 /* The list for "struct query_entry". */
2570 static LIST_HEAD(query_list);
2571
2572 /* Number of "struct file" referring /proc/ccs/query interface. */
2573 static atomic_t queryd_watcher = ATOMIC_INIT(0);
2574
2575 /**
2576 * ccs_check_supervisor - Ask for the supervisor's decision.
2577 *
2578 * @r: Pointer to "struct ccs_request_info".
2579 * @fmt: The printf()'s format string, followed by parameters.
2580 *
2581 * Returns 0 if the supervisor decided to permit the access request which
2582 * violated the policy in enforcing mode, 1 if the supervisor decided to
2583 * retry the access request which violated the policy in enforcing mode,
2584 * -EPERM otherwise.
2585 */
2586 int ccs_check_supervisor(struct ccs_request_info *r, const char *fmt, ...)
2587 {
2588 va_list args;
2589 int error = -EPERM;
2590 int pos;
2591 int len;
2592 static unsigned int serial;
2593 struct query_entry *query_entry = NULL;
2594 char *header;
2595 if (!r->domain)
2596 r->domain = current->domain_info;
2597 if (!atomic_read(&queryd_watcher)) {
2598 int i;
2599 if (current->tomoyo_flags & CCS_DONT_SLEEP_ON_ENFORCE_ERROR)
2600 return -EPERM;
2601 for (i = 0; i < ccs_check_flags(r->domain, CCS_SLEEP_PERIOD);
2602 i++) {
2603 set_current_state(TASK_INTERRUPTIBLE);
2604 schedule_timeout(HZ / 10);
2605 }
2606 return -EPERM;
2607 }
2608 va_start(args, fmt);
2609 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
2610 va_end(args);
2611 #ifdef CONFIG_TOMOYO
2612 header = ccs_init_audit_log(&len, r);
2613 #else
2614 header = ccs_alloc(1);
2615 #endif
2616 if (!header)
2617 goto out;
2618 query_entry = ccs_alloc(sizeof(*query_entry));
2619 if (!query_entry)
2620 goto out;
2621 query_entry->query = ccs_alloc(len);
2622 if (!query_entry->query)
2623 goto out;
2624 INIT_LIST_HEAD(&query_entry->list);
2625 /***** CRITICAL SECTION START *****/
2626 spin_lock(&query_list_lock);
2627 query_entry->serial = serial++;
2628 spin_unlock(&query_list_lock);
2629 /***** CRITICAL SECTION END *****/
2630 pos = snprintf(query_entry->query, len - 1, "Q%u-%hu\n%s",
2631 query_entry->serial, r->retry, header);
2632 ccs_free(header);
2633 header = NULL;
2634 va_start(args, fmt);
2635 vsnprintf(query_entry->query + pos, len - 1 - pos, fmt, args);
2636 query_entry->query_len = strlen(query_entry->query) + 1;
2637 va_end(args);
2638 /***** CRITICAL SECTION START *****/
2639 spin_lock(&query_list_lock);
2640 list_add_tail(&query_entry->list, &query_list);
2641 spin_unlock(&query_list_lock);
2642 /***** CRITICAL SECTION END *****/
2643 ccs_update_counter(CCS_UPDATES_COUNTER_QUERY);
2644 /* Give 10 seconds for supervisor's opinion. */
2645 for (query_entry->timer = 0; atomic_read(&queryd_watcher)
2646 && query_entry->timer < 100; query_entry->timer++) {
2647 wake_up(&query_wait);
2648 set_current_state(TASK_INTERRUPTIBLE);
2649 schedule_timeout(HZ / 10);
2650 if (query_entry->answer)
2651 break;
2652 }
2653 ccs_update_counter(CCS_UPDATES_COUNTER_QUERY);
2654 /***** CRITICAL SECTION START *****/
2655 spin_lock(&query_list_lock);
2656 list_del(&query_entry->list);
2657 spin_unlock(&query_list_lock);
2658 /***** CRITICAL SECTION END *****/
2659 switch (query_entry->answer) {
2660 case 3: /* Asked to retry by administrator. */
2661 error = 1;
2662 r->retry++;
2663 break;
2664 case 1:
2665 /* Granted by administrator. */
2666 error = 0;
2667 break;
2668 case 0:
2669 /* Timed out. */
2670 break;
2671 default:
2672 /* Rejected by administrator. */
2673 break;
2674 }
2675 out:
2676 if (query_entry)
2677 ccs_free(query_entry->query);
2678 ccs_free(query_entry);
2679 ccs_free(header);
2680 return error;
2681 }
2682
2683 /**
2684 * poll_query - poll() for /proc/ccs/query.
2685 *
2686 * @file: Pointer to "struct file".
2687 * @wait: Pointer to "poll_table".
2688 *
2689 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
2690 *
2691 * Waits for access requests which violated policy in enforcing mode.
2692 */
2693 static int poll_query(struct file *file, poll_table *wait)
2694 {
2695 struct list_head *tmp;
2696 bool found = false;
2697 u8 i;
2698 for (i = 0; i < 2; i++) {
2699 /***** CRITICAL SECTION START *****/
2700 spin_lock(&query_list_lock);
2701 list_for_each(tmp, &query_list) {
2702 struct query_entry *ptr
2703 = list_entry(tmp, struct query_entry, list);
2704 if (ptr->answer)
2705 continue;
2706 found = true;
2707 break;
2708 }
2709 spin_unlock(&query_list_lock);
2710 /***** CRITICAL SECTION END *****/
2711 if (found)
2712 return POLLIN | POLLRDNORM;
2713 if (i)
2714 break;
2715 poll_wait(file, &query_wait, wait);
2716 }
2717 return 0;
2718 }
2719
2720 /**
2721 * read_query - Read access requests which violated policy in enforcing mode.
2722 *
2723 * @head: Pointer to "struct ccs_io_buffer".
2724 *
2725 * Returns 0.
2726 */
2727 static int read_query(struct ccs_io_buffer *head)
2728 {
2729 struct list_head *tmp;
2730 int pos = 0;
2731 int len = 0;
2732 char *buf;
2733 if (head->read_avail)
2734 return 0;
2735 if (head->read_buf) {
2736 ccs_free(head->read_buf);
2737 head->read_buf = NULL;
2738 head->readbuf_size = 0;
2739 }
2740 /***** CRITICAL SECTION START *****/
2741 spin_lock(&query_list_lock);
2742 list_for_each(tmp, &query_list) {
2743 struct query_entry *ptr
2744 = list_entry(tmp, struct query_entry, list);
2745 if (ptr->answer)
2746 continue;
2747 if (pos++ != head->read_step)
2748 continue;
2749 len = ptr->query_len;
2750 break;
2751 }
2752 spin_unlock(&query_list_lock);
2753 /***** CRITICAL SECTION END *****/
2754 if (!len) {
2755 head->read_step = 0;
2756 return 0;
2757 }
2758 buf = ccs_alloc(len);
2759 if (!buf)
2760 return 0;
2761 pos = 0;
2762 /***** CRITICAL SECTION START *****/
2763 spin_lock(&query_list_lock);
2764 list_for_each(tmp, &query_list) {
2765 struct query_entry *ptr
2766 = list_entry(tmp, struct query_entry, list);
2767 if (ptr->answer)
2768 continue;
2769 if (pos++ != head->read_step)
2770 continue;
2771 /*
2772 * Some query can be skipped because query_list
2773 * can change, but I don't care.
2774 */
2775 if (len == ptr->query_len)
2776 memmove(buf, ptr->query, len);
2777 break;
2778 }
2779 spin_unlock(&query_list_lock);
2780 /***** CRITICAL SECTION END *****/
2781 if (buf[0]) {
2782 head->read_avail = len;
2783 head->readbuf_size = head->read_avail;
2784 head->read_buf = buf;
2785 head->read_step++;
2786 } else {
2787 ccs_free(buf);
2788 }
2789 return 0;
2790 }
2791
2792 /**
2793 * write_answer - Write the supervisor's decision.
2794 *
2795 * @head: Pointer to "struct ccs_io_buffer".
2796 *
2797 * Returns 0 on success, -EINVAL otherwise.
2798 */
2799 static int write_answer(struct ccs_io_buffer *head)
2800 {
2801 char *data = head->write_buf;
2802 struct list_head *tmp;
2803 unsigned int serial;
2804 unsigned int answer;
2805 /***** CRITICAL SECTION START *****/
2806 spin_lock(&query_list_lock);
2807 list_for_each(tmp, &query_list) {
2808 struct query_entry *ptr
2809 = list_entry(tmp, struct query_entry, list);
2810 ptr->timer = 0;
2811 }
2812 spin_unlock(&query_list_lock);
2813 /***** CRITICAL SECTION END *****/
2814 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
2815 return -EINVAL;
2816 /***** CRITICAL SECTION START *****/
2817 spin_lock(&query_list_lock);
2818 list_for_each(tmp, &query_list) {
2819 struct query_entry *ptr
2820 = list_entry(tmp, struct query_entry, list);
2821 if (ptr->serial != serial)
2822 continue;
2823 if (!ptr->answer)
2824 ptr->answer = answer;
2825 break;
2826 }
2827 spin_unlock(&query_list_lock);
2828 /***** CRITICAL SECTION END *****/
2829 return 0;
2830 }
2831
2832 /* Policy updates counter. */
2833 static unsigned int updates_counter[MAX_CCS_UPDATES_COUNTER];
2834
2835 /* Policy updates counter lock. */
2836 static DEFINE_SPINLOCK(updates_counter_lock);
2837
2838 /**
2839 * ccs_update_counter - Increment policy change counter.
2840 *
2841 * @index: Type of policy.
2842 *
2843 * Returns nothing.
2844 */
2845 void ccs_update_counter(const unsigned char index)
2846 {
2847 /***** CRITICAL SECTION START *****/
2848 spin_lock(&updates_counter_lock);
2849 if (index < MAX_CCS_UPDATES_COUNTER)
2850 updates_counter[index]++;
2851 spin_unlock(&updates_counter_lock);
2852 /***** CRITICAL SECTION END *****/
2853 }
2854
2855 /**
2856 * read_updates_counter - Check for policy change counter.
2857 *
2858 * @head: Pointer to "struct ccs_io_buffer".
2859 *
2860 * Returns how many times policy has changed since the previous check.
2861 */
2862 static int read_updates_counter(struct ccs_io_buffer *head)
2863 {
2864 if (!head->read_eof) {
2865 unsigned int counter[MAX_CCS_UPDATES_COUNTER];
2866 /***** CRITICAL SECTION START *****/
2867 spin_lock(&updates_counter_lock);
2868 memmove(counter, updates_counter, sizeof(updates_counter));
2869 memset(updates_counter, 0, sizeof(updates_counter));
2870 spin_unlock(&updates_counter_lock);
2871 /***** CRITICAL SECTION END *****/
2872 ccs_io_printf(head,
2873 "/proc/ccs/system_policy: %10u\n"
2874 "/proc/ccs/domain_policy: %10u\n"
2875 "/proc/ccs/exception_policy: %10u\n"
2876 "/proc/ccs/profile: %10u\n"
2877 "/proc/ccs/query: %10u\n"
2878 "/proc/ccs/manager: %10u\n"
2879 "/proc/ccs/grant_log: %10u\n"
2880 "/proc/ccs/reject_log: %10u\n",
2881 counter[CCS_UPDATES_COUNTER_SYSTEM_POLICY],
2882 counter[CCS_UPDATES_COUNTER_DOMAIN_POLICY],
2883 counter[CCS_UPDATES_COUNTER_EXCEPTION_POLICY],
2884 counter[CCS_UPDATES_COUNTER_PROFILE],
2885 counter[CCS_UPDATES_COUNTER_QUERY],
2886 counter[CCS_UPDATES_COUNTER_MANAGER],
2887 counter[CCS_UPDATES_COUNTER_GRANT_LOG],
2888 counter[CCS_UPDATES_COUNTER_REJECT_LOG]);
2889 head->read_eof = true;
2890 }
2891 return 0;
2892 }
2893
2894 /**
2895 * read_version: Get version.
2896 *
2897 * @head: Pointer to "struct ccs_io_buffer".
2898 *
2899 * Returns version information.
2900 */
2901 static int read_version(struct ccs_io_buffer *head)
2902 {
2903 if (!head->read_eof) {
2904 ccs_io_printf(head, "1.6.5-rc");
2905 head->read_eof = true;
2906 }
2907 return 0;
2908 }
2909
2910 /**
2911 * read_self_domain - Get the current process's domainname.
2912 *
2913 * @head: Pointer to "struct ccs_io_buffer".
2914 *
2915 * Returns the current process's domainname.
2916 */
2917 static int read_self_domain(struct ccs_io_buffer *head)
2918 {
2919 if (!head->read_eof) {
2920 /*
2921 * current->domain_info->domainname != NULL
2922 * because every process belongs to a domain and
2923 * the domain's name cannot be NULL.
2924 */
2925 ccs_io_printf(head, "%s",
2926 current->domain_info->domainname->name);
2927 head->read_eof = true;
2928 }
2929 return 0;
2930 }
2931
2932 /**
2933 * ccs_open_control - open() for /proc/ccs/ interface.
2934 *
2935 * @type: Type of interface.
2936 * @file: Pointer to "struct file".
2937 *
2938 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
2939 */
2940 int ccs_open_control(const u8 type, struct file *file)
2941 {
2942 struct ccs_io_buffer *head = ccs_alloc(sizeof(*head));
2943 if (!head)
2944 return -ENOMEM;
2945 mutex_init(&head->io_sem);
2946 switch (type) {
2947 #ifdef CONFIG_SAKURA
2948 case CCS_SYSTEMPOLICY: /* /proc/ccs/system_policy */
2949 head->write = write_system_policy;
2950 head->read = read_system_policy;
2951 break;
2952 #endif
2953 #ifdef CONFIG_TOMOYO
2954 case CCS_DOMAINPOLICY: /* /proc/ccs/domain_policy */
2955 head->write = write_domain_policy;
2956 head->read = read_domain_policy;
2957 break;
2958 case CCS_EXCEPTIONPOLICY: /* /proc/ccs/exception_policy */
2959 head->write = write_exception_policy;
2960 head->read = read_exception_policy;
2961 break;
2962 case CCS_GRANTLOG: /* /proc/ccs/grant_log */
2963 head->poll = ccs_poll_grant_log;
2964 head->read = ccs_read_grant_log;
2965 break;
2966 case CCS_REJECTLOG: /* /proc/ccs/reject_log */
2967 head->poll = ccs_poll_reject_log;
2968 head->read = ccs_read_reject_log;
2969 break;
2970 #endif
2971 case CCS_SELFDOMAIN: /* /proc/ccs/self_domain */
2972 head->read = read_self_domain;
2973 break;
2974 case CCS_DOMAIN_STATUS: /* /proc/ccs/.domain_status */
2975 head->write = write_domain_profile;
2976 head->read = read_domain_profile;
2977 break;
2978 case CCS_EXECUTE_HANDLER: /* /proc/ccs/.execute_handler */
2979 /* Allow execute_handler to read process's status. */
2980 if (!(current->tomoyo_flags & TOMOYO_TASK_IS_EXECUTE_HANDLER)) {
2981 ccs_free(head);
2982 return -EPERM;
2983 }
2984 /* fall through */
2985 case CCS_PROCESS_STATUS: /* /proc/ccs/.process_status */
2986 head->write = write_pid;
2987 head->read = read_pid;
2988 break;
2989 case CCS_VERSION: /* /proc/ccs/version */
2990 head->read = read_version;
2991 head->readbuf_size = 128;
2992 break;
2993 case CCS_MEMINFO: /* /proc/ccs/meminfo */
2994 head->write = ccs_write_memory_quota;
2995 head->read = ccs_read_memory_counter;
2996 head->readbuf_size = 512;
2997 break;
2998 case CCS_PROFILE: /* /proc/ccs/profile */
2999 head->write = write_profile;
3000 head->read = read_profile;
3001 break;
3002 case CCS_QUERY: /* /proc/ccs/query */
3003 head->poll = poll_query;
3004 head->write = write_answer;
3005 head->read = read_query;
3006 break;
3007 case CCS_MANAGER: /* /proc/ccs/manager */
3008 head->write = write_manager_policy;
3009 head->read = read_manager_policy;
3010 break;
3011 case CCS_UPDATESCOUNTER: /* /proc/ccs/.updates_counter */
3012 head->read = read_updates_counter;
3013 break;
3014 }
3015 if (!(file->f_mode & FMODE_READ)) {
3016 /*
3017 * No need to allocate read_buf since it is not opened
3018 * for reading.
3019 */
3020 head->read = NULL;
3021 head->poll = NULL;
3022 } else if (type != CCS_GRANTLOG && type != CCS_REJECTLOG
3023 && type != CCS_QUERY) {
3024 /*
3025 * Don't allocate buffer for reading if the file is one of
3026 * /proc/ccs/grant_log , /proc/ccs/reject_log , /proc/ccs/query.
3027 */
3028 if (!head->readbuf_size)
3029 head->readbuf_size = 4096 * 2;
3030 head->read_buf = ccs_alloc(head->readbuf_size);
3031 if (!head->read_buf) {
3032 ccs_free(head);
3033 return -ENOMEM;
3034 }
3035 }
3036 if (!(file->f_mode & FMODE_WRITE)) {
3037 /*
3038 * No need to allocate write_buf since it is not opened
3039 * for writing.
3040 */
3041 head->write = NULL;
3042 } else if (head->write) {
3043 head->writebuf_size = 4096 * 2;
3044 head->write_buf = ccs_alloc(head->writebuf_size);
3045 if (!head->write_buf) {
3046 ccs_free(head->read_buf);
3047 ccs_free(head);
3048 return -ENOMEM;
3049 }
3050 }
3051 file->private_data = head;
3052 /*
3053 * Call the handler now if the file is /proc/ccs/self_domain
3054 * so that the user can use "cat < /proc/ccs/self_domain" to
3055 * know the current process's domainname.
3056 */
3057 if (type == CCS_SELFDOMAIN)
3058 ccs_read_control(file, NULL, 0);
3059 /*
3060 * If the file is /proc/ccs/query , increment the monitor count.
3061 * The monitor count is used by ccs_check_supervisor() to see if
3062 * there is some process monitoring /proc/ccs/query.
3063 */
3064 else if (head->write == write_answer || head->read == read_query)
3065 atomic_inc(&queryd_watcher);
3066 return 0;
3067 }
3068
3069 /**
3070 * ccs_poll_control - poll() for /proc/ccs/ interface.
3071 *
3072 * @file: Pointer to "struct file".
3073 * @wait: Pointer to "poll_table".
3074 *
3075 * Waits for read readiness.
3076 * /proc/ccs/query is handled by /usr/lib/ccs/ccs-queryd and
3077 * /proc/ccs/grant_log and /proc/ccs/reject_log are handled by
3078 * /usr/lib/ccs/ccs-auditd.
3079 */
3080 int ccs_poll_control(struct file *file, poll_table *wait)
3081 {
3082 struct ccs_io_buffer *head = file->private_data;
3083 if (!head->poll)
3084 return -ENOSYS;
3085 return head->poll(file, wait);
3086 }
3087
3088 /**
3089 * ccs_read_control - read() for /proc/ccs/ interface.
3090 *
3091 * @file: Pointer to "struct file".
3092 * @buffer: Poiner to buffer to write to.
3093 * @buffer_len: Size of @buffer.
3094 *
3095 * Returns bytes read on success, negative value otherwise.
3096 */
3097 int ccs_read_control(struct file *file, char __user *buffer,
3098 const int buffer_len)
3099 {
3100 int len = 0;
3101 struct ccs_io_buffer *head = file->private_data;
3102 char *cp;
3103 if (!head->read)
3104 return -ENOSYS;
3105 if (!access_ok(VERIFY_WRITE, buffer, buffer_len))
3106 return -EFAULT;
3107 if (mutex_lock_interruptible(&head->io_sem))
3108 return -EINTR;
3109 /* Call the policy handler. */
3110 len = head->read(head);
3111 if (len < 0)
3112 goto out;
3113 /* Write to buffer. */
3114 len = head->read_avail;
3115 if (len > buffer_len)
3116 len = buffer_len;
3117 if (!len)
3118 goto out;
3119 /* head->read_buf changes by some functions. */
3120 cp = head->read_buf;
3121 if (copy_to_user(buffer, cp, len)) {
3122 len = -EFAULT;
3123 goto out;
3124 }
3125 head->read_avail -= len;
3126 memmove(cp, cp + len, head->read_avail);
3127 out:
3128 mutex_unlock(&head->io_sem);
3129 return len;
3130 }
3131
3132 /**
3133 * ccs_write_control - write() for /proc/ccs/ interface.
3134 *
3135 * @file: Pointer to "struct file".
3136 * @buffer: Pointer to buffer to read from.
3137 * @buffer_len: Size of @buffer.
3138 *
3139 * Returns @buffer_len on success, negative value otherwise.
3140 */
3141 int ccs_write_control(struct file *file, const char __user *buffer,
3142 const int buffer_len)
3143 {
3144 struct ccs_io_buffer *head = file->private_data;
3145 int error = buffer_len;
3146 int avail_len = buffer_len;
3147 char *cp0 = head->write_buf;
3148 if (!head->write)
3149 return -ENOSYS;
3150 if (!access_ok(VERIFY_READ, buffer, buffer_len))
3151 return -EFAULT;
3152 /* Don't allow updating policies by non manager programs. */
3153 if (head->write != write_pid &&
3154 #ifdef CONFIG_TOMOYO
3155 head->write != write_domain_policy &&
3156 #endif
3157 !is_policy_manager())
3158 return -EPERM;
3159 if (mutex_lock_interruptible(&head->io_sem))
3160 return -EINTR;
3161 /* Read a line and dispatch it to the policy handler. */
3162 while (avail_len > 0) {
3163 char c;
3164 if (head->write_avail >= head->writebuf_size - 1) {
3165 error = -ENOMEM;
3166 break;
3167 } else if (get_user(c, buffer)) {
3168 error = -EFAULT;
3169 break;
3170 }
3171 buffer++;
3172 avail_len--;
3173 cp0[head->write_avail++] = c;
3174 if (c != '\n')
3175 continue;
3176 cp0[head->write_avail - 1] = '\0';
3177 head->write_avail = 0;
3178 normalize_line(cp0);
3179 head->write(head);
3180 }
3181 mutex_unlock(&head->io_sem);
3182 return error;
3183 }
3184
3185 /**
3186 * ccs_close_control - close() for /proc/ccs/ interface.
3187 *
3188 * @file: Pointer to "struct file".
3189 *
3190 * Releases memory and returns 0.
3191 */
3192 int ccs_close_control(struct file *file)
3193 {
3194 struct ccs_io_buffer *head = file->private_data;
3195 /*
3196 * If the file is /proc/ccs/query , decrement the monitor count.
3197 */
3198 if (head->write == write_answer || head->read == read_query)
3199 atomic_dec(&queryd_watcher);
3200 /* Release memory used for policy I/O. */
3201 ccs_free(head->read_buf);
3202 head->read_buf = NULL;
3203 ccs_free(head->write_buf);
3204 head->write_buf = NULL;
3205 ccs_free(head);
3206 head = NULL;
3207 file->private_data = NULL;
3208 return 0;
3209 }
3210
3211 /**
3212 * ccs_alloc_acl_element - Allocate permanent memory for ACL entry.
3213 *
3214 * @acl_type: Type of ACL entry.
3215 * @condition: Pointer to condition part of the ACL entry. May be NULL.
3216 *
3217 * Returns pointer to the ACL entry on success, NULL otherwise.
3218 */
3219 void *ccs_alloc_acl_element(const u8 acl_type,
3220 const struct condition_list *condition)
3221 {
3222 int len;
3223 struct acl_info *ptr;
3224 switch (acl_type) {
3225 case TYPE_SINGLE_PATH_ACL:
3226 len = sizeof(struct single_path_acl_record);
3227 break;
3228 case TYPE_DOUBLE_PATH_ACL:
3229 len = sizeof(struct double_path_acl_record);
3230 break;
3231 case TYPE_ARGV0_ACL:
3232 len = sizeof(struct argv0_acl_record);
3233 break;
3234 case TYPE_ENV_ACL:
3235 len = sizeof(struct env_acl_record);
3236 break;
3237 case TYPE_CAPABILITY_ACL:
3238 len = sizeof(struct capability_acl_record);
3239 break;
3240 case TYPE_IP_NETWORK_ACL:
3241 len = sizeof(struct ip_network_acl_record);
3242 break;
3243 case TYPE_SIGNAL_ACL:
3244 len = sizeof(struct signal_acl_record);
3245 break;
3246 case TYPE_EXECUTE_HANDLER:
3247 case TYPE_DENIED_EXECUTE_HANDLER:
3248 len = sizeof(struct execute_handler_record);
3249 break;
3250 default:
3251 return NULL;
3252 }
3253 /*
3254 * If the ACL doesn't have condition part, reduce memory usage
3255 * by eliminating sizeof(struct condition_list *).
3256 */
3257 if (!condition)
3258 len -= sizeof(ptr->access_me_via_ccs_get_condition_part);
3259 ptr = ccs_alloc_element(len);
3260 if (!ptr)
3261 return NULL;
3262 if (condition) {
3263 ptr->access_me_via_ccs_get_condition_part = condition;
3264 ptr->type = acl_type | ACL_WITH_CONDITION;
3265 return ptr;
3266 }
3267 /*
3268 * Substract sizeof(struct condition_list *) because I eliminated
3269 * sizeof(struct condition_list *) from "struct acl_info"
3270 * but I must return the start address of "struct acl_info".
3271 */
3272 ptr = (void *) (((u8 *) ptr)
3273 - sizeof(ptr->access_me_via_ccs_get_condition_part));
3274 ptr->type = acl_type;
3275 return ptr;
3276 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ