オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/policy_io.c

Contents of /trunk/1.8.x/ccs-patch/security/ccsecurity/policy_io.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3075 - (show annotations) (download) (as text)
Thu Oct 1 03:33:21 2009 UTC (14 years, 7 months ago) by kumaneko
Original Path: trunk/1.7.x/ccs-patch/security/ccsecurity/policy_io.c
File MIME type: text/x-csrc
File size: 78836 byte(s) 
Update sendmsg() hook.
1 /*
2 * security/ccsecurity/policy_io.c
3 *
4 * Copyright (C) 2005-2009 NTT DATA CORPORATION
5 *
6 * Version: 1.7.0 2009/10/01
7 *
8 * This file is applicable to both 2.4.30 and 2.6.11 and later.
9 * See README.ccs for ChangeLog.
10 *
11 */
12
13 #include "internal.h"
14
15 static struct ccs_profile ccs_default_profile = {
16 .learning = &ccs_default_profile.preference,
17 .permissive = &ccs_default_profile.preference,
18 .enforcing = &ccs_default_profile.preference,
19 .audit = &ccs_default_profile.preference,
20 #ifdef CONFIG_CCSECURITY_AUDIT
21 .preference.audit_max_grant_log = CONFIG_CCSECURITY_MAX_GRANT_LOG,
22 .preference.audit_max_reject_log = CONFIG_CCSECURITY_MAX_REJECT_LOG,
23 #endif
24 .preference.audit_task_info = true,
25 .preference.audit_path_info = true,
26 .preference.enforcing_penalty = 0,
27 .preference.enforcing_verbose = true,
28 .preference.learning_max_entry = CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY,
29 .preference.learning_verbose = false,
30 .preference.learning_exec_realpath = true,
31 .preference.learning_exec_argv0 = true,
32 .preference.learning_symlink_target = true,
33 .preference.permissive_verbose = true
34 };
35
36 /* Profile table. Memory is allocated as needed. */
37 static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES];
38
39 /* Lock for protecting "struct ccs_profile"->comment */
40 static DEFINE_SPINLOCK(ccs_profile_comment_lock);
41
42 /* String table for functionality that takes 4 modes. */
43 static const char *ccs_mode_4[4] = {
44 "disabled", "learning", "permissive", "enforcing"
45 };
46
47 /* String table for /proc/ccs/profile */
48 static const char *ccs_mac_keywords[CCS_MAX_MAC_INDEX +
49 CCS_MAX_CAPABILITY_INDEX +
50 CCS_MAX_MAC_CATEGORY_INDEX] = {
51 [CCS_MAC_FILE_EXECUTE]
52 = "file::execute",
53 [CCS_MAC_FILE_OPEN]
54 = "file::open",
55 [CCS_MAC_FILE_CREATE]
56 = "file::create",
57 [CCS_MAC_FILE_UNLINK]
58 = "file::unlink",
59 [CCS_MAC_FILE_MKDIR]
60 = "file::mkdir",
61 [CCS_MAC_FILE_RMDIR]
62 = "file::rmdir",
63 [CCS_MAC_FILE_MKFIFO]
64 = "file::mkfifo",
65 [CCS_MAC_FILE_MKSOCK]
66 = "file::mksock",
67 [CCS_MAC_FILE_TRUNCATE]
68 = "file::truncate",
69 [CCS_MAC_FILE_SYMLINK]
70 = "file::symlink",
71 [CCS_MAC_FILE_REWRITE]
72 = "file::rewrite",
73 [CCS_MAC_FILE_MKBLOCK]
74 = "file::mkblock",
75 [CCS_MAC_FILE_MKCHAR]
76 = "file::mkchar",
77 [CCS_MAC_FILE_LINK]
78 = "file::link",
79 [CCS_MAC_FILE_RENAME]
80 = "file::rename",
81 [CCS_MAC_FILE_CHMOD]
82 = "file::chmod",
83 [CCS_MAC_FILE_CHOWN]
84 = "file::chown",
85 [CCS_MAC_FILE_CHGRP]
86 = "file::chgrp",
87 [CCS_MAC_FILE_IOCTL]
88 = "file::ioctl",
89 [CCS_MAC_FILE_CHROOT]
90 = "file::chroot",
91 [CCS_MAC_FILE_MOUNT]
92 = "file::mount",
93 [CCS_MAC_FILE_UMOUNT]
94 = "file::umount",
95 [CCS_MAC_FILE_PIVOT_ROOT]
96 = "file::pivot_root",
97 [CCS_MAC_ENVIRON]
98 = "misc::env",
99 [CCS_MAC_NETWORK_UDP_BIND]
100 = "network::inet_udp_bind",
101 [CCS_MAC_NETWORK_UDP_CONNECT]
102 = "network::inet_udp_connect",
103 [CCS_MAC_NETWORK_TCP_BIND]
104 = "network::inet_tcp_bind",
105 [CCS_MAC_NETWORK_TCP_LISTEN]
106 = "network::inet_tcp_listen",
107 [CCS_MAC_NETWORK_TCP_CONNECT]
108 = "network::inet_tcp_connect",
109 [CCS_MAC_NETWORK_TCP_ACCEPT]
110 = "network::inet_tcp_accept",
111 [CCS_MAC_NETWORK_RAW_BIND]
112 = "network::inet_raw_bind",
113 [CCS_MAC_NETWORK_RAW_CONNECT]
114 = "network::inet_raw_connect",
115 [CCS_MAC_SIGNAL]
116 = "ipc::signal",
117 [CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_CREATE]
118 = "capability::inet_tcp_create",
119 [CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_LISTEN]
120 = "capability::inet_tcp_listen",
121 [CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_CONNECT]
122 = "capability::inet_tcp_connect",
123 [CCS_MAX_MAC_INDEX + CCS_USE_INET_DGRAM_SOCKET]
124 = "capability::use_inet_udp",
125 [CCS_MAX_MAC_INDEX + CCS_USE_INET_RAW_SOCKET]
126 = "capability::use_inet_ip",
127 [CCS_MAX_MAC_INDEX + CCS_USE_ROUTE_SOCKET]
128 = "capability::use_route",
129 [CCS_MAX_MAC_INDEX + CCS_USE_PACKET_SOCKET]
130 = "capability::use_packet",
131 [CCS_MAX_MAC_INDEX + CCS_SYS_MOUNT]
132 = "capability::SYS_MOUNT",
133 [CCS_MAX_MAC_INDEX + CCS_SYS_UMOUNT]
134 = "capability::SYS_UMOUNT",
135 [CCS_MAX_MAC_INDEX + CCS_SYS_REBOOT]
136 = "capability::SYS_REBOOT",
137 [CCS_MAX_MAC_INDEX + CCS_SYS_CHROOT]
138 = "capability::SYS_CHROOT",
139 [CCS_MAX_MAC_INDEX + CCS_SYS_KILL]
140 = "capability::SYS_KILL",
141 [CCS_MAX_MAC_INDEX + CCS_SYS_VHANGUP]
142 = "capability::SYS_VHANGUP",
143 [CCS_MAX_MAC_INDEX + CCS_SYS_SETTIME]
144 = "capability::SYS_TIME",
145 [CCS_MAX_MAC_INDEX + CCS_SYS_NICE]
146 = "capability::SYS_NICE",
147 [CCS_MAX_MAC_INDEX + CCS_SYS_SETHOSTNAME]
148 = "capability::SYS_SETHOSTNAME",
149 [CCS_MAX_MAC_INDEX + CCS_USE_KERNEL_MODULE]
150 = "capability::use_kernel_module",
151 [CCS_MAX_MAC_INDEX + CCS_CREATE_FIFO]
152 = "capability::create_fifo",
153 [CCS_MAX_MAC_INDEX + CCS_CREATE_BLOCK_DEV]
154 = "capability::create_block_dev",
155 [CCS_MAX_MAC_INDEX + CCS_CREATE_CHAR_DEV]
156 = "capability::create_char_dev",
157 [CCS_MAX_MAC_INDEX + CCS_CREATE_UNIX_SOCKET]
158 = "capability::create_unix_socket",
159 [CCS_MAX_MAC_INDEX + CCS_SYS_LINK]
160 = "capability::SYS_LINK",
161 [CCS_MAX_MAC_INDEX + CCS_SYS_SYMLINK]
162 = "capability::SYS_SYMLINK",
163 [CCS_MAX_MAC_INDEX + CCS_SYS_RENAME]
164 = "capability::SYS_RENAME",
165 [CCS_MAX_MAC_INDEX + CCS_SYS_UNLINK]
166 = "capability::SYS_UNLINK",
167 [CCS_MAX_MAC_INDEX + CCS_SYS_CHMOD]
168 = "capability::SYS_CHMOD",
169 [CCS_MAX_MAC_INDEX + CCS_SYS_CHOWN]
170 = "capability::SYS_CHOWN",
171 [CCS_MAX_MAC_INDEX + CCS_SYS_IOCTL]
172 = "capability::SYS_IOCTL",
173 [CCS_MAX_MAC_INDEX + CCS_SYS_KEXEC_LOAD]
174 = "capability::SYS_KEXEC_LOAD",
175 [CCS_MAX_MAC_INDEX + CCS_SYS_PIVOT_ROOT]
176 = "capability::SYS_PIVOT_ROOT",
177 [CCS_MAX_MAC_INDEX + CCS_SYS_PTRACE]
178 = "capability::SYS_PTRACE",
179 [CCS_MAX_MAC_INDEX + CCS_CONCEAL_MOUNT]
180 = "capability::conceal_mount",
181 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
182 + CCS_MAC_CATEGORY_FILE] = "file",
183 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
184 + CCS_MAC_CATEGORY_NETWORK] = "network",
185 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
186 + CCS_MAC_CATEGORY_MISC] = "misc",
187 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
188 + CCS_MAC_CATEGORY_IPC] = "ipc",
189 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
190 + CCS_MAC_CATEGORY_CAPABILITY] = "capability",
191 };
192
193 /* Permit policy management by non-root user? */
194 static bool ccs_manage_by_non_root;
195
196 /**
197 * ccs_cap2keyword - Convert capability operation to capability name.
198 *
199 * @operation: The capability index.
200 *
201 * Returns the name of the specified capability's name.
202 */
203 const char *ccs_cap2keyword(const u8 operation)
204 {
205 return operation < CCS_MAX_CAPABILITY_INDEX
206 ? ccs_mac_keywords[CCS_MAX_MAC_INDEX + operation] + 12 : NULL;
207 }
208
209 /**
210 * ccs_yesno - Return "yes" or "no".
211 *
212 * @value: Bool value.
213 */
214 static const char *ccs_yesno(const unsigned int value)
215 {
216 return value ? "yes" : "no";
217 }
218
219 /**
220 * ccs_io_printf - Transactional printf() to "struct ccs_io_buffer" structure.
221 *
222 * @head: Pointer to "struct ccs_io_buffer".
223 * @fmt: The printf()'s format string, followed by parameters.
224 *
225 * Returns true on success, false otherwise.
226 *
227 * The snprintf() will truncate, but ccs_io_printf() won't.
228 */
229 bool ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...)
230 {
231 va_list args;
232 int len;
233 int pos = head->read_avail;
234 int size = head->readbuf_size - pos;
235 if (size <= 0)
236 return false;
237 va_start(args, fmt);
238 len = vsnprintf(head->read_buf + pos, size, fmt, args);
239 va_end(args);
240 if (pos + len >= head->readbuf_size)
241 return false;
242 head->read_avail += len;
243 return true;
244 }
245
246 /**
247 * ccs_find_or_assign_new_profile - Create a new profile.
248 *
249 * @profile: Profile number to create.
250 *
251 * Returns pointer to "struct ccs_profile" on success, NULL otherwise.
252 */
253 static struct ccs_profile *ccs_find_or_assign_new_profile(const unsigned int
254 profile)
255 {
256 struct ccs_profile *ptr;
257 struct ccs_profile *entry;
258 if (profile >= CCS_MAX_PROFILES)
259 return NULL;
260 ptr = ccs_profile_ptr[profile];
261 if (ptr)
262 return ptr;
263 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
264 mutex_lock(&ccs_policy_lock);
265 ptr = ccs_profile_ptr[profile];
266 if (!ptr && ccs_memory_ok(entry, sizeof(*entry))) {
267 ptr = entry;
268 ptr->audit = &ccs_default_profile.preference;
269 ptr->learning = &ccs_default_profile.preference;
270 ptr->permissive = &ccs_default_profile.preference;
271 ptr->enforcing = &ccs_default_profile.preference;
272 ptr->default_config = CCS_CONFIG_DISABLED |
273 CCS_CONFIG_WANT_GRANT_LOG | CCS_CONFIG_WANT_REJECT_LOG;
274 memset(ptr->config, CCS_CONFIG_USE_DEFAULT,
275 sizeof(ptr->config));
276 mb(); /* Avoid out-of-order execution. */
277 ccs_profile_ptr[profile] = ptr;
278 entry = NULL;
279 }
280 mutex_unlock(&ccs_policy_lock);
281 kfree(entry);
282 return ptr;
283 }
284
285 /**
286 * ccs_check_profile - Check all profiles currently assigned to domains are defined.
287 */
288 void ccs_check_profile(void)
289 {
290 struct ccs_domain_info *domain;
291 ccs_policy_loaded = true;
292 list_for_each_entry_rcu(domain, &ccs_domain_list, list) {
293 const u8 profile = domain->profile;
294 if (ccs_profile_ptr[profile])
295 continue;
296 panic("Profile %u (used by '%s') not defined.\n",
297 profile, domain->domainname->name);
298 }
299 }
300
301 /**
302 * ccs_profile - Find a profile.
303 *
304 * @profile: Profile number to find.
305 *
306 * Returns pointer to "struct ccs_profile".
307 */
308 struct ccs_profile *ccs_profile(const u8 profile)
309 {
310 struct ccs_profile *ptr = ccs_profile_ptr[profile];
311 if (!ccs_policy_loaded)
312 return &ccs_default_profile;
313 BUG_ON(!ptr);
314 return ptr;
315 }
316
317 /**
318 * ccs_write_profile - Write profile table.
319 *
320 * @head: Pointer to "struct ccs_io_buffer".
321 *
322 * Returns 0 on success, negative value otherwise.
323 */
324 static int ccs_write_profile(struct ccs_io_buffer *head)
325 {
326 char *data = head->write_buf;
327 unsigned int i;
328 int value;
329 int mode;
330 u8 config;
331 bool use_default = false;
332 char *cp;
333 struct ccs_profile *profile;
334 i = simple_strtoul(data, &cp, 10);
335 if (data == cp) {
336 profile = &ccs_default_profile;
337 } else {
338 if (*cp != '-')
339 return -EINVAL;
340 data = cp + 1;
341 profile = ccs_find_or_assign_new_profile(i);
342 if (!profile)
343 return -EINVAL;
344 }
345 cp = strchr(data, '=');
346 if (!cp)
347 return -EINVAL;
348 *cp++ = '\0';
349 if (profile != &ccs_default_profile)
350 use_default = strstr(cp, "use_default") != NULL;
351 if (strstr(cp, "verbose=yes"))
352 value = 1;
353 else if (strstr(cp, "verbose=no"))
354 value = 0;
355 else
356 value = -1;
357 if (!strcmp(data, "PREFERENCE::audit")) {
358 #ifdef CONFIG_CCSECURITY_AUDIT
359 char *cp2;
360 #endif
361 if (use_default) {
362 profile->audit = &ccs_default_profile.preference;
363 return 0;
364 }
365 profile->audit = &profile->preference;
366 #ifdef CONFIG_CCSECURITY_AUDIT
367 cp2 = strstr(cp, "max_grant_log=");
368 if (cp2)
369 sscanf(cp2 + 14, "%u",
370 &profile->preference.audit_max_grant_log);
371 cp2 = strstr(cp, "max_reject_log=");
372 if (cp2)
373 sscanf(cp2 + 15, "%u",
374 &profile->preference.audit_max_reject_log);
375 #endif
376 if (strstr(cp, "task_info=yes"))
377 profile->preference.audit_task_info = true;
378 else if (strstr(cp, "task_info=no"))
379 profile->preference.audit_task_info = false;
380 if (strstr(cp, "path_info=yes"))
381 profile->preference.audit_path_info = true;
382 else if (strstr(cp, "path_info=no"))
383 profile->preference.audit_path_info = false;
384 return 0;
385 }
386 if (!strcmp(data, "PREFERENCE::enforcing")) {
387 char *cp2;
388 if (use_default) {
389 profile->enforcing = &ccs_default_profile.preference;
390 return 0;
391 }
392 profile->enforcing = &profile->preference;
393 if (value >= 0)
394 profile->preference.enforcing_verbose = value;
395 cp2 = strstr(cp, "penalty=");
396 if (cp2)
397 sscanf(cp2 + 8, "%u",
398 &profile->preference.enforcing_penalty);
399 return 0;
400 }
401 if (!strcmp(data, "PREFERENCE::permissive")) {
402 if (use_default) {
403 profile->permissive = &ccs_default_profile.preference;
404 return 0;
405 }
406 profile->permissive = &profile->preference;
407 if (value >= 0)
408 profile->preference.permissive_verbose = value;
409 return 0;
410 }
411 if (!strcmp(data, "PREFERENCE::learning")) {
412 char *cp2;
413 if (use_default) {
414 profile->learning = &ccs_default_profile.preference;
415 return 0;
416 }
417 profile->learning = &profile->preference;
418 if (value >= 0)
419 profile->preference.learning_verbose = value;
420 cp2 = strstr(cp, "max_entry=");
421 if (cp2)
422 sscanf(cp2 + 10, "%u",
423 &profile->preference.learning_max_entry);
424 if (strstr(cp, "exec.realpath=yes"))
425 profile->preference.learning_exec_realpath = true;
426 else if (strstr(cp, "exec.realpath=no"))
427 profile->preference.learning_exec_realpath = false;
428 if (strstr(cp, "exec.argv0=yes"))
429 profile->preference.learning_exec_argv0 = true;
430 else if (strstr(cp, "exec.argv0=no"))
431 profile->preference.learning_exec_argv0 = false;
432 if (strstr(cp, "symlink.target=yes"))
433 profile->preference.learning_symlink_target = true;
434 else if (strstr(cp, "symlink.target=no"))
435 profile->preference.learning_symlink_target = false;
436 return 0;
437 }
438 if (profile == &ccs_default_profile)
439 return -EINVAL;
440 if (!strcmp(data, "COMMENT")) {
441 const struct ccs_path_info *new_comment = ccs_get_name(cp);
442 const struct ccs_path_info *old_comment;
443 /* Protect reader from ccs_put_name(). */
444 spin_lock(&ccs_profile_comment_lock);
445 old_comment = profile->comment;
446 profile->comment = new_comment;
447 spin_unlock(&ccs_profile_comment_lock);
448 ccs_put_name(old_comment);
449 return 0;
450 }
451 if (!strcmp(data, "CONFIG")) {
452 i = CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
453 + CCS_MAX_MAC_CATEGORY_INDEX;
454 config = profile->default_config;
455 } else if (ccs_str_starts(&data, "CONFIG::")) {
456 config = 0;
457 for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
458 + CCS_MAX_MAC_CATEGORY_INDEX; i++) {
459 if (strcmp(data, ccs_mac_keywords[i]))
460 continue;
461 config = profile->config[i];
462 break;
463 }
464 if (i == CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
465 + CCS_MAX_MAC_CATEGORY_INDEX)
466 return -EINVAL;
467 } else {
468 return -EINVAL;
469 }
470 if (use_default) {
471 config = CCS_CONFIG_USE_DEFAULT;
472 } else {
473 for (mode = 3; mode >= 0; mode--)
474 if (strstr(cp, ccs_mode_4[mode]))
475 /*
476 * Update lower 3 bits in order to distinguish
477 * 'config' from 'CCS_CONFIG_USE_DEAFULT'.
478 */
479 config = (config & ~7) | mode;
480 #ifdef CONFIG_CCSECURITY_AUDIT
481 if (config != CCS_CONFIG_USE_DEFAULT) {
482 if (strstr(cp, "grant_log=yes"))
483 config |= CCS_CONFIG_WANT_GRANT_LOG;
484 else if (strstr(cp, "grant_log=no"))
485 config &= ~CCS_CONFIG_WANT_GRANT_LOG;
486 if (strstr(cp, "reject_log=yes"))
487 config |= CCS_CONFIG_WANT_REJECT_LOG;
488 else if (strstr(cp, "reject_log=no"))
489 config &= ~CCS_CONFIG_WANT_REJECT_LOG;
490 }
491 #endif
492 }
493 if (i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
494 + CCS_MAX_MAC_CATEGORY_INDEX)
495 profile->config[i] = config;
496 else if (config != CCS_CONFIG_USE_DEFAULT)
497 profile->default_config = config;
498 return 0;
499 }
500
501 /**
502 * ccs_read_profile - Read profile table.
503 *
504 * @head: Pointer to "struct ccs_io_buffer".
505 */
506 static void ccs_read_profile(struct ccs_io_buffer *head)
507 {
508 int index;
509 if (head->read_eof)
510 return;
511 if (head->read_bit)
512 goto body;
513 ccs_io_printf(head, "PROFILE_VERSION=%s\n", "20090903");
514 ccs_io_printf(head, "PREFERENCE::audit={ "
515 #ifdef CONFIG_CCSECURITY_AUDIT
516 "max_grant_log=%u max_reject_log=%u "
517 #endif
518 "task_info=%s path_info=%s }\n",
519 #ifdef CONFIG_CCSECURITY_AUDIT
520 ccs_default_profile.preference.audit_max_grant_log,
521 ccs_default_profile.preference.audit_max_reject_log,
522 #endif
523 ccs_yesno(ccs_default_profile.preference.
524 audit_task_info),
525 ccs_yesno(ccs_default_profile.preference.
526 audit_path_info));
527 ccs_io_printf(head, "PREFERENCE::learning={ verbose=%s max_entry=%u "
528 "exec.realpath=%s exec.argv0=%s symlink.target=%s }\n",
529 ccs_yesno(ccs_default_profile.preference.
530 learning_verbose),
531 ccs_default_profile.preference.learning_max_entry,
532 ccs_yesno(ccs_default_profile.preference.
533 learning_exec_realpath),
534 ccs_yesno(ccs_default_profile.preference.
535 learning_exec_argv0),
536 ccs_yesno(ccs_default_profile.preference.
537 learning_symlink_target));
538 ccs_io_printf(head, "PREFERENCE::permissive={ verbose=%s }\n",
539 ccs_yesno(ccs_default_profile.preference.
540 permissive_verbose));
541 ccs_io_printf(head, "PREFERENCE::enforcing={ verbose=%s penalty=%u "
542 "}\n",
543 ccs_yesno(ccs_default_profile.preference.
544 enforcing_verbose),
545 ccs_default_profile.preference.enforcing_penalty);
546 head->read_bit = 1;
547 body:
548 for (index = head->read_step; index < CCS_MAX_PROFILES; index++) {
549 bool done;
550 u8 config;
551 int i;
552 int pos;
553 const struct ccs_profile *profile = ccs_profile_ptr[index];
554 head->read_step = index;
555 if (!profile)
556 continue;
557 pos = head->read_avail;
558 spin_lock(&ccs_profile_comment_lock);
559 done = ccs_io_printf(head, "%u-COMMENT=%s\n", index,
560 profile->comment ? profile->comment->name
561 : "");
562 spin_unlock(&ccs_profile_comment_lock);
563 if (!done)
564 goto out;
565 config = profile->default_config;
566 #ifdef CONFIG_CCSECURITY_AUDIT
567 if (!ccs_io_printf(head, "%u-CONFIG={ mode=%s grant_log=%s "
568 "reject_log=%s }\n", index,
569 ccs_mode_4[config & 3],
570 ccs_yesno(config &
571 CCS_CONFIG_WANT_GRANT_LOG),
572 ccs_yesno(config &
573 CCS_CONFIG_WANT_REJECT_LOG)))
574 goto out;
575 #else
576 if (!ccs_io_printf(head, "%u-CONFIG={ mode=%s }\n", index,
577 ccs_mode_4[config & 3]))
578 goto out;
579 #endif
580 for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
581 + CCS_MAX_MAC_CATEGORY_INDEX; i++) {
582 #ifdef CONFIG_CCSECURITY_AUDIT
583 const char *g;
584 const char *r;
585 #endif
586 config = profile->config[i];
587 if (config == CCS_CONFIG_USE_DEFAULT)
588 continue;
589 #ifdef CONFIG_CCSECURITY_AUDIT
590 g = ccs_yesno(config & CCS_CONFIG_WANT_GRANT_LOG);
591 r = ccs_yesno(config & CCS_CONFIG_WANT_REJECT_LOG);
592 if (!ccs_io_printf(head, "%u-CONFIG::%s={ mode=%s "
593 "grant_log=%s reject_log=%s }\n",
594 index, ccs_mac_keywords[i],
595 ccs_mode_4[config & 3], g, r))
596 goto out;
597 #else
598 if (!ccs_io_printf(head, "%u-CONFIG::%s={ mode=%s }\n",
599 index, ccs_mac_keywords[i],
600 ccs_mode_4[config & 3]))
601 goto out;
602 #endif
603 }
604 if (profile->audit != &ccs_default_profile.preference &&
605 !ccs_io_printf(head, "%u-PREFERENCE::audit={ "
606 #ifdef CONFIG_CCSECURITY_AUDIT
607 "max_grant_log=%u max_reject_log=%u "
608 #endif
609 "task_info=%s path_info=%s }\n", index,
610 #ifdef CONFIG_CCSECURITY_AUDIT
611 profile->preference.audit_max_grant_log,
612 profile->preference.audit_max_reject_log,
613 #endif
614 ccs_yesno(profile->preference.
615 audit_task_info),
616 ccs_yesno(profile->preference.
617 audit_path_info)))
618 goto out;
619 if (profile->learning != &ccs_default_profile.preference &&
620 !ccs_io_printf(head, "%u-PREFERENCE::learning={ "
621 "verbose=%s max_entry=%u exec.realpath=%s "
622 "exec.argv0=%s symlink.target=%s }\n",
623 index,
624 ccs_yesno(profile->preference.
625 learning_verbose),
626 profile->preference.learning_max_entry,
627 ccs_yesno(profile->preference.
628 learning_exec_realpath),
629 ccs_yesno(profile->preference.
630 learning_exec_argv0),
631 ccs_yesno(profile->preference.
632 learning_symlink_target)))
633 goto out;
634 if (profile->permissive != &ccs_default_profile.preference &&
635 !ccs_io_printf(head, "%u-PREFERENCE::permissive={ "
636 "verbose=%s }\n", index,
637 ccs_yesno(profile->preference.
638 permissive_verbose)))
639 goto out;
640 if (profile->enforcing != &ccs_default_profile.preference &&
641 !ccs_io_printf(head, "%u-PREFERENCE::enforcing={ "
642 "verbose=%s penalty=%u }\n", index,
643 ccs_yesno(profile->preference.
644 enforcing_verbose),
645 profile->preference.enforcing_penalty))
646 goto out;
647 continue;
648 out:
649 head->read_avail = pos;
650 break;
651 }
652 if (index == CCS_MAX_PROFILES)
653 head->read_eof = true;
654 }
655
656 /* The list for "struct ccs_policy_manager_entry". */
657 LIST_HEAD(ccs_policy_manager_list);
658
659 /**
660 * ccs_update_manager_entry - Add a manager entry.
661 *
662 * @manager: The path to manager or the domainnamme.
663 * @is_delete: True if it is a delete request.
664 *
665 * Returns 0 on success, negative value otherwise.
666 */
667 static int ccs_update_manager_entry(const char *manager, const bool is_delete)
668 {
669 struct ccs_policy_manager_entry *entry = NULL;
670 struct ccs_policy_manager_entry *ptr;
671 struct ccs_policy_manager_entry e = { };
672 int error = is_delete ? -ENOENT : -ENOMEM;
673 if (ccs_is_domain_def(manager)) {
674 if (!ccs_is_correct_domain(manager))
675 return -EINVAL;
676 e.is_domain = true;
677 } else {
678 if (!ccs_is_correct_path(manager, 1, -1, -1))
679 return -EINVAL;
680 }
681 e.manager = ccs_get_name(manager);
682 if (!e.manager)
683 return -ENOMEM;
684 if (!is_delete)
685 entry = kmalloc(sizeof(e), GFP_KERNEL);
686 mutex_lock(&ccs_policy_lock);
687 list_for_each_entry_rcu(ptr, &ccs_policy_manager_list, list) {
688 if (ptr->manager != e.manager)
689 continue;
690 ptr->is_deleted = is_delete;
691 error = 0;
692 break;
693 }
694 if (!is_delete && error && ccs_commit_ok(entry, &e, sizeof(e))) {
695 list_add_tail_rcu(&entry->list, &ccs_policy_manager_list);
696 entry = NULL;
697 error = 0;
698 }
699 mutex_unlock(&ccs_policy_lock);
700 ccs_put_name(e.manager);
701 kfree(entry);
702 return error;
703 }
704
705 /**
706 * ccs_write_manager_policy - Write manager policy.
707 *
708 * @head: Pointer to "struct ccs_io_buffer".
709 *
710 * Returns 0 on success, negative value otherwise.
711 */
712 static int ccs_write_manager_policy(struct ccs_io_buffer *head)
713 {
714 char *data = head->write_buf;
715 bool is_delete = ccs_str_starts(&data, CCS_KEYWORD_DELETE);
716 if (!strcmp(data, "manage_by_non_root")) {
717 ccs_manage_by_non_root = !is_delete;
718 return 0;
719 }
720 return ccs_update_manager_entry(data, is_delete);
721 }
722
723 /**
724 * ccs_read_manager_policy - Read manager policy.
725 *
726 * @head: Pointer to "struct ccs_io_buffer".
727 *
728 * Caller holds ccs_read_lock().
729 */
730 static void ccs_read_manager_policy(struct ccs_io_buffer *head)
731 {
732 struct list_head *pos;
733 if (head->read_eof)
734 return;
735 list_for_each_cookie(pos, head->read_var2, &ccs_policy_manager_list) {
736 struct ccs_policy_manager_entry *ptr;
737 ptr = list_entry(pos, struct ccs_policy_manager_entry, list);
738 if (ptr->is_deleted)
739 continue;
740 if (!ccs_io_printf(head, "%s\n", ptr->manager->name))
741 return;
742 }
743 head->read_eof = true;
744 }
745
746 /**
747 * ccs_is_policy_manager - Check whether the current process is a policy manager.
748 *
749 * Returns true if the current process is permitted to modify policy
750 * via /proc/ccs/ interface.
751 *
752 * Caller holds ccs_read_lock().
753 */
754 static bool ccs_is_policy_manager(void)
755 {
756 struct ccs_policy_manager_entry *ptr;
757 const char *exe;
758 struct task_struct *task = current;
759 const struct ccs_path_info *domainname
760 = ccs_current_domain()->domainname;
761 bool found = false;
762 if (!ccs_policy_loaded)
763 return true;
764 if (task->ccs_flags & CCS_TASK_IS_POLICY_MANAGER)
765 return true;
766 if (!ccs_manage_by_non_root && (current_uid() || current_euid()))
767 return false;
768 list_for_each_entry_rcu(ptr, &ccs_policy_manager_list, list) {
769 if (!ptr->is_deleted && ptr->is_domain
770 && !ccs_pathcmp(domainname, ptr->manager)) {
771 /* Set manager flag. */
772 task->ccs_flags |= CCS_TASK_IS_POLICY_MANAGER;
773 return true;
774 }
775 }
776 exe = ccs_get_exe();
777 if (!exe)
778 return false;
779 list_for_each_entry_rcu(ptr, &ccs_policy_manager_list, list) {
780 if (!ptr->is_deleted && !ptr->is_domain
781 && !strcmp(exe, ptr->manager->name)) {
782 found = true;
783 /* Set manager flag. */
784 task->ccs_flags |= CCS_TASK_IS_POLICY_MANAGER;
785 break;
786 }
787 }
788 if (!found) { /* Reduce error messages. */
789 static pid_t ccs_last_pid;
790 const pid_t pid = current->pid;
791 if (ccs_last_pid != pid) {
792 printk(KERN_WARNING "%s ( %s ) is not permitted to "
793 "update policies.\n", domainname->name, exe);
794 ccs_last_pid = pid;
795 }
796 }
797 kfree(exe);
798 return found;
799 }
800
801 /**
802 * ccs_find_condition_part - Find condition part from the statement.
803 *
804 * @data: String to parse.
805 *
806 * Returns pointer to the condition part if it was found in the statement,
807 * NULL otherwise.
808 */
809 static char *ccs_find_condition_part(char *data)
810 {
811 char *cp = strstr(data, " if ");
812 if (cp) {
813 while (1) {
814 char *cp2 = strstr(cp + 3, " if ");
815 if (!cp2)
816 break;
817 cp = cp2;
818 }
819 *cp++ = '\0';
820 } else {
821 cp = strstr(data, " ; set ");
822 if (cp)
823 *cp++ = '\0';
824 }
825 return cp;
826 }
827
828 /**
829 * ccs_is_select_one - Parse select command.
830 *
831 * @head: Pointer to "struct ccs_io_buffer".
832 * @data: String to parse.
833 *
834 * Returns true on success, false otherwise.
835 *
836 * Caller holds ccs_read_lock().
837 */
838 static bool ccs_is_select_one(struct ccs_io_buffer *head, const char *data)
839 {
840 unsigned int pid;
841 struct ccs_domain_info *domain = NULL;
842 bool global_pid = false;
843 if (!strcmp(data, "allow_execute")) {
844 head->read_execute_only = true;
845 return true;
846 }
847 if (sscanf(data, "pid=%u", &pid) == 1 ||
848 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
849 struct task_struct *p;
850 read_lock(&tasklist_lock);
851 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
852 if (global_pid)
853 p = find_task_by_pid_ns(pid, &init_pid_ns);
854 else
855 p = find_task_by_vpid(pid);
856 #else
857 p = find_task_by_pid(pid);
858 #endif
859 if (p)
860 domain = ccs_task_domain(p);
861 read_unlock(&tasklist_lock);
862 } else if (!strncmp(data, "domain=", 7)) {
863 if (ccs_is_domain_def(data + 7))
864 domain = ccs_find_domain(data + 7);
865 } else
866 return false;
867 head->write_var1 = domain;
868 /* Accessing read_buf is safe because head->io_sem is held. */
869 if (!head->read_buf)
870 return true; /* Do nothing if open(O_WRONLY). */
871 head->read_avail = 0;
872 ccs_io_printf(head, "# select %s\n", data);
873 head->read_single_domain = true;
874 head->read_eof = !domain;
875 if (domain) {
876 struct ccs_domain_info *d;
877 head->read_var1 = NULL;
878 list_for_each_entry_rcu(d, &ccs_domain_list, list) {
879 if (d == domain)
880 break;
881 head->read_var1 = &d->list;
882 }
883 head->read_var2 = NULL;
884 head->read_bit = 0;
885 head->read_step = 0;
886 if (domain->is_deleted)
887 ccs_io_printf(head, "# This is a deleted domain.\n");
888 }
889 return true;
890 }
891
892 static int ccs_write_domain_policy2(char *data, struct ccs_domain_info *domain,
893 struct ccs_condition *cond,
894 const bool is_delete)
895 {
896 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_CAPABILITY))
897 return ccs_write_capability_policy(data, domain, cond,
898 is_delete);
899 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_NETWORK))
900 return ccs_write_network_policy(data, domain, cond, is_delete);
901 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_SIGNAL))
902 return ccs_write_signal_policy(data, domain, cond, is_delete);
903 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV))
904 return ccs_write_env_policy(data, domain, cond, is_delete);
905 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_MOUNT))
906 return ccs_write_mount_policy(data, domain, cond, is_delete);
907 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_UNMOUNT))
908 return ccs_write_umount_policy(data, domain, cond, is_delete);
909 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_CHROOT))
910 return ccs_write_chroot_policy(data, domain, cond, is_delete);
911 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_PIVOT_ROOT))
912 return ccs_write_pivot_root_policy(data, domain, cond,
913 is_delete);
914 return ccs_write_file_policy(data, domain, cond, is_delete);
915 }
916
917 /**
918 * ccs_write_domain_policy - Write domain policy.
919 *
920 * @head: Pointer to "struct ccs_io_buffer".
921 *
922 * Returns 0 on success, negative value otherwise.
923 */
924 static int ccs_write_domain_policy(struct ccs_io_buffer *head)
925 {
926 char *data = head->write_buf;
927 struct ccs_domain_info *domain = head->write_var1;
928 bool is_delete = false;
929 bool is_select = false;
930 unsigned int profile;
931 struct ccs_condition *cond = NULL;
932 char *cp;
933 int error;
934 if (ccs_str_starts(&data, CCS_KEYWORD_DELETE))
935 is_delete = true;
936 else if (ccs_str_starts(&data, CCS_KEYWORD_SELECT))
937 is_select = true;
938 if (is_select && ccs_is_select_one(head, data))
939 return 0;
940 /* Don't allow updating policies by non manager programs. */
941 if (!ccs_is_policy_manager())
942 return -EPERM;
943 if (ccs_is_domain_def(data)) {
944 domain = NULL;
945 if (is_delete)
946 ccs_delete_domain(data);
947 else if (is_select)
948 domain = ccs_find_domain(data);
949 else
950 domain = ccs_find_or_assign_new_domain(data, 0);
951 head->write_var1 = domain;
952 return 0;
953 }
954 if (!domain)
955 return -EINVAL;
956
957 if (sscanf(data, CCS_KEYWORD_USE_PROFILE "%u", &profile) == 1
958 && profile < CCS_MAX_PROFILES) {
959 if (!ccs_policy_loaded || ccs_profile_ptr[(u8) profile])
960 domain->profile = (u8) profile;
961 return 0;
962 }
963 if (!strcmp(data, CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
964 domain->ignore_global_allow_read = !is_delete;
965 return 0;
966 }
967 if (!strcmp(data, CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_ENV)) {
968 domain->ignore_global_allow_env = !is_delete;
969 return 0;
970 }
971 cp = ccs_find_condition_part(data);
972 if (cp) {
973 cond = ccs_get_condition(cp);
974 if (!cond)
975 return -EINVAL;
976 }
977 error = ccs_write_domain_policy2(data, domain, cond, is_delete);
978 if (cond)
979 ccs_put_condition(cond);
980 return error;
981 }
982
983 /**
984 * ccs_print_name_union - Print a ccs_name_union.
985 *
986 * @head: Pointer to "struct ccs_io_buffer".
987 * @ptr: Pointer to "struct ccs_name_union".
988 *
989 * Returns true on success, false otherwise.
990 */
991 static bool ccs_print_name_union(struct ccs_io_buffer *head,
992 const struct ccs_name_union *ptr)
993 {
994 int pos = head->read_avail;
995 if (pos && head->read_buf[pos - 1] == ' ')
996 head->read_avail--;
997 if (ptr->is_group)
998 return ccs_io_printf(head, " @%s",
999 ptr->group->group_name->name);
1000 return ccs_io_printf(head, " %s", ptr->filename->name);
1001 }
1002
1003 /**
1004 * ccs_print_name_union_quoted - Print a ccs_name_union with double quotes.
1005 *
1006 * @head: Pointer to "struct ccs_io_buffer".
1007 * @ptr: Pointer to "struct ccs_name_union".
1008 *
1009 * Returns true on success, false otherwise.
1010 */
1011 static bool ccs_print_name_union_quoted(struct ccs_io_buffer *head,
1012 const struct ccs_name_union *ptr)
1013 {
1014 if (ptr->is_group)
1015 return ccs_io_printf(head, "@%s",
1016 ptr->group->group_name->name);
1017 return ccs_io_printf(head, "\"%s\"", ptr->filename->name);
1018 }
1019
1020 /**
1021 * ccs_print_number_union_common - Print a ccs_number_union.
1022 *
1023 * @head: Pointer to "struct ccs_io_buffer".
1024 * @ptr: Pointer to "struct ccs_number_union".
1025 * @need_space: True if a space character is needed.
1026 *
1027 * Returns true on success, false otherwise.
1028 */
1029 static bool ccs_print_number_union_common(struct ccs_io_buffer *head,
1030 const struct ccs_number_union *ptr,
1031 const bool need_space)
1032 {
1033 unsigned long min;
1034 unsigned long max;
1035 u8 min_type;
1036 u8 max_type;
1037 if (need_space && !ccs_io_printf(head, " "))
1038 return false;
1039 if (ptr->is_group)
1040 return ccs_io_printf(head, "@%s",
1041 ptr->group->group_name->name);
1042 min_type = ptr->min_type;
1043 max_type = ptr->max_type;
1044 min = ptr->values[0];
1045 max = ptr->values[1];
1046 switch (min_type) {
1047 case CCS_VALUE_TYPE_HEXADECIMAL:
1048 if (!ccs_io_printf(head, "0x%lX", min))
1049 return false;
1050 break;
1051 case CCS_VALUE_TYPE_OCTAL:
1052 if (!ccs_io_printf(head, "0%lo", min))
1053 return false;
1054 break;
1055 default:
1056 if (!ccs_io_printf(head, "%lu", min))
1057 return false;
1058 break;
1059 }
1060 if (min == max && min_type == max_type)
1061 return true;
1062 switch (max_type) {
1063 case CCS_VALUE_TYPE_HEXADECIMAL:
1064 return ccs_io_printf(head, "-0x%lX", max);
1065 case CCS_VALUE_TYPE_OCTAL:
1066 return ccs_io_printf(head, "-0%lo", max);
1067 default:
1068 return ccs_io_printf(head, "-%lu", max);
1069 }
1070 }
1071
1072 /**
1073 * ccs_print_number_union - Print a ccs_number_union.
1074 *
1075 * @head: Pointer to "struct ccs_io_buffer".
1076 * @ptr: Pointer to "struct ccs_number_union".
1077 *
1078 * Returns true on success, false otherwise.
1079 */
1080 bool ccs_print_number_union(struct ccs_io_buffer *head,
1081 const struct ccs_number_union *ptr)
1082 {
1083 return ccs_print_number_union_common(head, ptr, true);
1084 }
1085
1086 /**
1087 * ccs_print_number_union_nospace - Print a ccs_number_union without a space character.
1088 *
1089 * @head: Pointer to "struct ccs_io_buffer".
1090 * @ptr: Pointer to "struct ccs_number_union".
1091 *
1092 * Returns true on success, false otherwise.
1093 */
1094 static bool ccs_print_number_union_nospace(struct ccs_io_buffer *head,
1095 const struct ccs_number_union *ptr)
1096 {
1097 return ccs_print_number_union_common(head, ptr, false);
1098 }
1099
1100 /**
1101 * ccs_print_condition - Print condition part.
1102 *
1103 * @head: Pointer to "struct ccs_io_buffer".
1104 * @cond: Pointer to "struct ccs_condition". May be NULL.
1105 *
1106 * Returns true on success, false otherwise.
1107 */
1108 static bool ccs_print_condition(struct ccs_io_buffer *head,
1109 const struct ccs_condition *cond)
1110 {
1111 const struct ccs_condition_element *condp;
1112 const struct ccs_number_union *numbers_p;
1113 const struct ccs_name_union *names_p;
1114 const struct ccs_argv_entry *argv;
1115 const struct ccs_envp_entry *envp;
1116 u16 condc;
1117 u16 i;
1118 u16 j;
1119 char buffer[32];
1120 if (!cond)
1121 goto no_condition;
1122 condc = cond->condc;
1123 condp = (const struct ccs_condition_element *) (cond + 1);
1124 numbers_p = (const struct ccs_number_union *) (condp + condc);
1125 names_p = (const struct ccs_name_union *)
1126 (numbers_p + cond->numbers_count);
1127 argv = (const struct ccs_argv_entry *) (names_p + cond->names_count);
1128 envp = (const struct ccs_envp_entry *) (argv + cond->argc);
1129 memset(buffer, 0, sizeof(buffer));
1130 if (condc && !ccs_io_printf(head, "%s", " if"))
1131 goto out;
1132 for (i = 0; i < condc; i++) {
1133 const u8 match = condp->equals;
1134 const u8 left = condp->left;
1135 const u8 right = condp->right;
1136 condp++;
1137 switch (left) {
1138 case CCS_ARGV_ENTRY:
1139 if (!ccs_io_printf(head, " exec.argv[%u]%s\"%s\"",
1140 argv->index, argv->is_not ?
1141 "!=" : "=", argv->value->name))
1142 goto out;
1143 argv++;
1144 continue;
1145 case CCS_ENVP_ENTRY:
1146 if (!ccs_io_printf(head, " exec.envp[\"%s\"]%s",
1147 envp->name->name, envp->is_not ?
1148 "!=" : "="))
1149 goto out;
1150 if (envp->value) {
1151 if (!ccs_io_printf(head, "\"%s\"",
1152 envp->value->name))
1153 goto out;
1154 } else {
1155 if (!ccs_io_printf(head, "NULL"))
1156 goto out;
1157 }
1158 envp++;
1159 continue;
1160 case CCS_NUMBER_UNION:
1161 if (!ccs_print_number_union(head, numbers_p++))
1162 goto out;
1163 break;
1164 default:
1165 if (left >= CCS_MAX_CONDITION_KEYWORD)
1166 goto out;
1167 if (!ccs_io_printf(head, " %s",
1168 ccs_condition_keyword[left]))
1169 goto out;
1170 break;
1171 }
1172 if (!ccs_io_printf(head, "%s", match ? "=" : "!="))
1173 goto out;
1174 switch (right) {
1175 case CCS_NAME_UNION:
1176 if (!ccs_print_name_union_quoted(head, names_p++))
1177 goto out;
1178 break;
1179 case CCS_NUMBER_UNION:
1180 if (!ccs_print_number_union_nospace(head, numbers_p++))
1181 goto out;
1182 break;
1183 default:
1184 if (right >= CCS_MAX_CONDITION_KEYWORD)
1185 goto out;
1186 if (!ccs_io_printf(head, "%s",
1187 ccs_condition_keyword[right]))
1188 goto out;
1189 break;
1190 }
1191 }
1192 i = cond->post_state[3];
1193 if (!i)
1194 goto no_condition;
1195 if (!ccs_io_printf(head, " ; set"))
1196 goto out;
1197 for (j = 0; j < 3; j++) {
1198 if (!(i & (1 << j)))
1199 continue;
1200 if (!ccs_io_printf(head, " task.state[%u]=%u", j,
1201 cond->post_state[j]))
1202 goto out;
1203 }
1204 no_condition:
1205 if (ccs_io_printf(head, "\n"))
1206 return true;
1207 out:
1208 return false;
1209 }
1210
1211 /**
1212 * ccs_print_path_acl - Print a single path ACL entry.
1213 *
1214 * @head: Pointer to "struct ccs_io_buffer".
1215 * @ptr: Pointer to "struct ccs_path_acl".
1216 * @cond: Pointer to "struct ccs_condition". May be NULL.
1217 *
1218 * Returns true on success, false otherwise.
1219 */
1220 static bool ccs_print_path_acl(struct ccs_io_buffer *head,
1221 struct ccs_path_acl *ptr,
1222 const struct ccs_condition *cond)
1223 {
1224 int pos;
1225 u8 bit;
1226 const u16 perm = ptr->perm;
1227 for (bit = head->read_bit; bit < CCS_MAX_PATH_OPERATION; bit++) {
1228 if (!(perm & (1 << bit)))
1229 continue;
1230 if (head->read_execute_only && bit != CCS_TYPE_EXECUTE)
1231 continue;
1232 /* Print "read/write" instead of "read" and "write". */
1233 if ((bit == CCS_TYPE_READ || bit == CCS_TYPE_WRITE)
1234 && (perm & (1 << CCS_TYPE_READ_WRITE)))
1235 continue;
1236 pos = head->read_avail;
1237 if (!ccs_io_printf(head, "allow_%s", ccs_path2keyword(bit)) ||
1238 !ccs_print_name_union(head, &ptr->name) ||
1239 !ccs_print_condition(head, cond)) {
1240 head->read_bit = bit;
1241 head->read_avail = pos;
1242 return false;
1243 }
1244 }
1245 head->read_bit = 0;
1246 return true;
1247 }
1248
1249 /**
1250 * ccs_print_path_number3_acl - Print a path_number3 ACL entry.
1251 *
1252 * @head: Pointer to "struct ccs_io_buffer".
1253 * @ptr: Pointer to "struct ccs_path_number3_acl".
1254 * @cond: Pointer to "struct ccs_condition". May be NULL.
1255 *
1256 * Returns true on success, false otherwise.
1257 */
1258 static bool ccs_print_path_number3_acl(struct ccs_io_buffer *head,
1259 struct ccs_path_number3_acl *ptr,
1260 const struct ccs_condition *cond)
1261 {
1262 int pos;
1263 u8 bit;
1264 const u16 perm = ptr->perm;
1265 for (bit = head->read_bit; bit < CCS_MAX_PATH_NUMBER3_OPERATION;
1266 bit++) {
1267 if (!(perm & (1 << bit)))
1268 continue;
1269 pos = head->read_avail;
1270 if (!ccs_io_printf(head, "allow_%s",
1271 ccs_path_number32keyword(bit)) ||
1272 !ccs_print_name_union(head, &ptr->name) ||
1273 !ccs_print_number_union(head, &ptr->mode) ||
1274 !ccs_print_number_union(head, &ptr->major) ||
1275 !ccs_print_number_union(head, &ptr->minor) ||
1276 !ccs_print_condition(head, cond)) {
1277 head->read_bit = bit;
1278 head->read_avail = pos;
1279 return false;
1280 }
1281 }
1282 head->read_bit = 0;
1283 return true;
1284 }
1285
1286 /**
1287 * ccs_print_path2_acl - Print a path2 ACL entry.
1288 *
1289 * @head: Pointer to "struct ccs_io_buffer".
1290 * @ptr: Pointer to "struct ccs_path2_acl".
1291 * @cond: Pointer to "struct ccs_condition". May be NULL.
1292 *
1293 * Returns true on success, false otherwise.
1294 */
1295 static bool ccs_print_path2_acl(struct ccs_io_buffer *head,
1296 struct ccs_path2_acl *ptr,
1297 const struct ccs_condition *cond)
1298 {
1299 int pos;
1300 u8 bit;
1301 const u8 perm = ptr->perm;
1302 for (bit = head->read_bit; bit < CCS_MAX_PATH2_OPERATION; bit++) {
1303 if (!(perm & (1 << bit)))
1304 continue;
1305 pos = head->read_avail;
1306 if (!ccs_io_printf(head, "allow_%s",
1307 ccs_path22keyword(bit)) ||
1308 !ccs_print_name_union(head, &ptr->name1) ||
1309 !ccs_print_name_union(head, &ptr->name2) ||
1310 !ccs_print_condition(head, cond)) {
1311 head->read_bit = bit;
1312 head->read_avail = pos;
1313 return false;
1314 }
1315 }
1316 head->read_bit = 0;
1317 return true;
1318 }
1319
1320 /**
1321 * ccs_print_path_number_acl - Print a path_number ACL entry.
1322 *
1323 * @head: Pointer to "struct ccs_io_buffer".
1324 * @ptr: Pointer to "struct ccs_path_number_acl".
1325 * @cond: Pointer to "struct ccs_condition". May be NULL.
1326 *
1327 * Returns true on success, false otherwise.
1328 */
1329 static bool ccs_print_path_number_acl(struct ccs_io_buffer *head,
1330 struct ccs_path_number_acl *ptr,
1331 const struct ccs_condition *cond)
1332 {
1333 int pos;
1334 u8 bit;
1335 const u8 perm = ptr->perm;
1336 for (bit = head->read_bit; bit < CCS_MAX_PATH_NUMBER_OPERATION;
1337 bit++) {
1338 if (!(perm & (1 << bit)))
1339 continue;
1340 pos = head->read_avail;
1341 if (!ccs_io_printf(head, "allow_%s",
1342 ccs_path_number2keyword(bit)) ||
1343 !ccs_print_name_union(head, &ptr->name) ||
1344 !ccs_print_number_union(head, &ptr->number) ||
1345 !ccs_print_condition(head, cond)) {
1346 head->read_bit = bit;
1347 head->read_avail = pos;
1348 return false;
1349 }
1350 }
1351 head->read_bit = 0;
1352 return true;
1353 }
1354
1355 /**
1356 * ccs_print_env_acl - Print an evironment variable name's ACL entry.
1357 *
1358 * @head: Pointer to "struct ccs_io_buffer".
1359 * @ptr: Pointer to "struct ccs_env_acl".
1360 * @cond: Pointer to "struct ccs_condition". May be NULL.
1361 *
1362 * Returns true on success, false otherwise.
1363 */
1364 static bool ccs_print_env_acl(struct ccs_io_buffer *head,
1365 struct ccs_env_acl *ptr,
1366 const struct ccs_condition *cond)
1367 {
1368 const int pos = head->read_avail;
1369 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_ENV "%s", ptr->env->name) ||
1370 !ccs_print_condition(head, cond)) {
1371 head->read_avail = pos;
1372 return false;
1373 }
1374 return true;
1375 }
1376
1377 /**
1378 * ccs_print_capability_acl - Print a capability ACL entry.
1379 *
1380 * @head: Pointer to "struct ccs_io_buffer".
1381 * @ptr: Pointer to "struct ccs_capability_acl".
1382 * @cond: Pointer to "struct ccs_condition". May be NULL.
1383 *
1384 * Returns true on success, false otherwise.
1385 */
1386 static bool ccs_print_capability_acl(struct ccs_io_buffer *head,
1387 struct ccs_capability_acl *ptr,
1388 const struct ccs_condition *cond)
1389 {
1390 const int pos = head->read_avail;
1391 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_CAPABILITY "%s",
1392 ccs_cap2keyword(ptr->operation)) ||
1393 !ccs_print_condition(head, cond)) {
1394 head->read_avail = pos;
1395 return false;
1396 }
1397 return true;
1398 }
1399
1400 /**
1401 * ccs_print_ipv4_entry - Print IPv4 address of a network ACL entry.
1402 *
1403 * @head: Pointer to "struct ccs_io_buffer".
1404 * @ptr: Pointer to "struct ccs_ip_network_acl".
1405 *
1406 * Returns true on success, false otherwise.
1407 */
1408 static bool ccs_print_ipv4_entry(struct ccs_io_buffer *head,
1409 struct ccs_ip_network_acl *ptr)
1410 {
1411 const u32 min_address = ptr->address.ipv4.min;
1412 const u32 max_address = ptr->address.ipv4.max;
1413 if (!ccs_io_printf(head, "%u.%u.%u.%u", HIPQUAD(min_address)))
1414 return false;
1415 if (min_address != max_address
1416 && !ccs_io_printf(head, "-%u.%u.%u.%u", HIPQUAD(max_address)))
1417 return false;
1418 return true;
1419 }
1420
1421 /**
1422 * ccs_print_ipv6_entry - Print IPv6 address of a network ACL entry.
1423 *
1424 * @head: Pointer to "struct ccs_io_buffer".
1425 * @ptr: Pointer to "struct ccs_ip_network_acl".
1426 *
1427 * Returns true on success, false otherwise.
1428 */
1429 static bool ccs_print_ipv6_entry(struct ccs_io_buffer *head,
1430 struct ccs_ip_network_acl *ptr)
1431 {
1432 char buf[64];
1433 const struct in6_addr *min_address = ptr->address.ipv6.min;
1434 const struct in6_addr *max_address = ptr->address.ipv6.max;
1435 ccs_print_ipv6(buf, sizeof(buf), min_address);
1436 if (!ccs_io_printf(head, "%s", buf))
1437 return false;
1438 if (min_address != max_address) {
1439 ccs_print_ipv6(buf, sizeof(buf), max_address);
1440 if (!ccs_io_printf(head, "-%s", buf))
1441 return false;
1442 }
1443 return true;
1444 }
1445
1446 /**
1447 * ccs_print_network_acl - Print a network ACL entry.
1448 *
1449 * @head: Pointer to "struct ccs_io_buffer".
1450 * @ptr: Pointer to "struct ccs_ip_network_acl".
1451 * @cond: Pointer to "struct ccs_condition". May be NULL.
1452 *
1453 * Returns true on success, false otherwise.
1454 */
1455 static bool ccs_print_network_acl(struct ccs_io_buffer *head,
1456 struct ccs_ip_network_acl *ptr,
1457 const struct ccs_condition *cond)
1458 {
1459 int pos;
1460 u8 bit;
1461 const u16 perm = ptr->perm;
1462 for (bit = head->read_bit; bit < CCS_MAX_NETWORK_OPERATION; bit++) {
1463 if (!(perm & (1 << bit)))
1464 continue;
1465 pos = head->read_avail;
1466 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_NETWORK "%s ",
1467 ccs_net2keyword(bit)))
1468 goto out;
1469 switch (ptr->address_type) {
1470 case CCS_IP_ADDRESS_TYPE_ADDRESS_GROUP:
1471 if (!ccs_io_printf(head, "@%s", ptr->address.group->
1472 group_name->name))
1473 goto out;
1474 break;
1475 case CCS_IP_ADDRESS_TYPE_IPv4:
1476 if (!ccs_print_ipv4_entry(head, ptr))
1477 goto out;
1478 break;
1479 case CCS_IP_ADDRESS_TYPE_IPv6:
1480 if (!ccs_print_ipv6_entry(head, ptr))
1481 goto out;
1482 break;
1483 }
1484 if (!ccs_print_number_union(head, &ptr->port) ||
1485 !ccs_print_condition(head, cond))
1486 goto out;
1487 }
1488 head->read_bit = 0;
1489 return true;
1490 out:
1491 head->read_bit = bit;
1492 head->read_avail = pos;
1493 return false;
1494 }
1495
1496 /**
1497 * ccs_print_signal_acl - Print a signal ACL entry.
1498 *
1499 * @head: Pointer to "struct ccs_io_buffer".
1500 * @ptr: Pointer to "struct signale_acl".
1501 * @cond: Pointer to "struct ccs_condition". May be NULL.
1502 *
1503 * Returns true on success, false otherwise.
1504 */
1505 static bool ccs_print_signal_acl(struct ccs_io_buffer *head,
1506 struct ccs_signal_acl *ptr,
1507 const struct ccs_condition *cond)
1508 {
1509 const int pos = head->read_avail;
1510 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_SIGNAL "%u %s",
1511 ptr->sig, ptr->domainname->name) ||
1512 !ccs_print_condition(head, cond)) {
1513 head->read_avail = pos;
1514 return false;
1515 }
1516 return true;
1517 }
1518
1519 /**
1520 * ccs_print_execute_handler_record - Print an execute handler ACL entry.
1521 *
1522 * @head: Pointer to "struct ccs_io_buffer".
1523 * @keyword: Name of the keyword.
1524 * @ptr: Pointer to "struct ccs_execute_handler_record".
1525 *
1526 * Returns true on success, false otherwise.
1527 */
1528 static bool ccs_print_execute_handler_record(struct ccs_io_buffer *head,
1529 const char *keyword,
1530 struct ccs_execute_handler_record *
1531 ptr)
1532 {
1533 return ccs_io_printf(head, "%s %s\n", keyword, ptr->handler->name);
1534 }
1535
1536 /**
1537 * ccs_print_mount_acl - Print a mount ACL entry.
1538 *
1539 * @head: Pointer to "struct ccs_io_buffer".
1540 * @ptr: Pointer to "struct ccs_mount_acl".
1541 * @cond: Pointer to "struct ccs_condition". May be NULL.
1542 *
1543 * Returns true on success, false otherwise.
1544 */
1545 static bool ccs_print_mount_acl(struct ccs_io_buffer *head,
1546 struct ccs_mount_acl *ptr,
1547 const struct ccs_condition *cond)
1548 {
1549 const int pos = head->read_avail;
1550 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_MOUNT) ||
1551 !ccs_print_name_union(head, &ptr->dev_name) ||
1552 !ccs_print_name_union(head, &ptr->dir_name) ||
1553 !ccs_print_name_union(head, &ptr->fs_type) ||
1554 !ccs_print_number_union(head, &ptr->flags) ||
1555 !ccs_print_condition(head, cond)) {
1556 head->read_avail = pos;
1557 return false;
1558 }
1559 return true;
1560 }
1561
1562 /**
1563 * ccs_print_umount_acl - Print a mount ACL entry.
1564 *
1565 * @head: Pointer to "struct ccs_io_buffer".
1566 * @ptr: Pointer to "struct ccs_umount_acl".
1567 * @cond: Pointer to "struct ccs_condition". May be NULL.
1568 *
1569 * Returns true on success, false otherwise.
1570 */
1571 static bool ccs_print_umount_acl(struct ccs_io_buffer *head,
1572 struct ccs_umount_acl *ptr,
1573 const struct ccs_condition *cond)
1574 {
1575 const int pos = head->read_avail;
1576 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_UNMOUNT) ||
1577 !ccs_print_name_union(head, &ptr->dir) ||
1578 !ccs_print_condition(head, cond)) {
1579 head->read_avail = pos;
1580 return false;
1581 }
1582 return true;
1583 }
1584
1585 /**
1586 * ccs_print_chroot_acl - Print a chroot ACL entry.
1587 *
1588 * @head: Pointer to "struct ccs_io_buffer".
1589 * @ptr: Pointer to "struct ccs_chroot_acl".
1590 * @cond: Pointer to "struct ccs_condition". May be NULL.
1591 *
1592 * Returns true on success, false otherwise.
1593 */
1594 static bool ccs_print_chroot_acl(struct ccs_io_buffer *head,
1595 struct ccs_chroot_acl *ptr,
1596 const struct ccs_condition *cond)
1597 {
1598 const int pos = head->read_avail;
1599 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_CHROOT) ||
1600 !ccs_print_name_union(head, &ptr->dir) ||
1601 !ccs_print_condition(head, cond)) {
1602 head->read_avail = pos;
1603 return false;
1604 }
1605 return true;
1606 }
1607
1608 /**
1609 * ccs_print_pivot_root_acl - Print a pivot_root ACL entry.
1610 *
1611 * @head: Pointer to "struct ccs_io_buffer".
1612 * @ptr: Pointer to "struct ccs_pivot_root_acl".
1613 * @cond: Pointer to "struct ccs_condition". May be NULL.
1614 *
1615 * Returns true on success, false otherwise.
1616 */
1617 static bool ccs_print_pivot_root_acl(struct ccs_io_buffer *head,
1618 struct ccs_pivot_root_acl *ptr,
1619 const struct ccs_condition *cond)
1620 {
1621 const int pos = head->read_avail;
1622 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_PIVOT_ROOT) ||
1623 !ccs_print_name_union(head, &ptr->new_root) ||
1624 !ccs_print_name_union(head, &ptr->old_root) ||
1625 !ccs_print_condition(head, cond)) {
1626 head->read_avail = pos;
1627 return false;
1628 }
1629 return true;
1630 }
1631
1632 /**
1633 * ccs_print_entry - Print an ACL entry.
1634 *
1635 * @head: Pointer to "struct ccs_io_buffer".
1636 * @ptr: Pointer to an ACL entry.
1637 *
1638 * Returns true on success, false otherwise.
1639 */
1640 static bool ccs_print_entry(struct ccs_io_buffer *head,
1641 struct ccs_acl_info *ptr)
1642 {
1643 const struct ccs_condition *cond = ptr->cond;
1644 const u8 acl_type = ptr->type;
1645 if (ptr->is_deleted)
1646 return true;
1647 if (acl_type == CCS_TYPE_PATH_ACL) {
1648 struct ccs_path_acl *acl
1649 = container_of(ptr, struct ccs_path_acl, head);
1650 return ccs_print_path_acl(head, acl, cond);
1651 }
1652 if (acl_type == CCS_TYPE_EXECUTE_HANDLER) {
1653 struct ccs_execute_handler_record *acl
1654 = container_of(ptr, struct ccs_execute_handler_record,
1655 head);
1656 const char *keyword = CCS_KEYWORD_EXECUTE_HANDLER;
1657 return ccs_print_execute_handler_record(head, keyword, acl);
1658 }
1659 if (acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) {
1660 struct ccs_execute_handler_record *acl
1661 = container_of(ptr, struct ccs_execute_handler_record,
1662 head);
1663 const char *keyword = CCS_KEYWORD_DENIED_EXECUTE_HANDLER;
1664 return ccs_print_execute_handler_record(head, keyword, acl);
1665 }
1666 if (head->read_execute_only)
1667 return true;
1668 if (acl_type == CCS_TYPE_PATH_NUMBER3_ACL) {
1669 struct ccs_path_number3_acl *acl
1670 = container_of(ptr, struct ccs_path_number3_acl, head);
1671 return ccs_print_path_number3_acl(head, acl, cond);
1672 }
1673 if (acl_type == CCS_TYPE_PATH2_ACL) {
1674 struct ccs_path2_acl *acl
1675 = container_of(ptr, struct ccs_path2_acl,
1676 head);
1677 return ccs_print_path2_acl(head, acl, cond);
1678 }
1679 if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) {
1680 struct ccs_path_number_acl *acl
1681 = container_of(ptr, struct ccs_path_number_acl,
1682 head);
1683 return ccs_print_path_number_acl(head, acl, cond);
1684 }
1685 if (acl_type == CCS_TYPE_ENV_ACL) {
1686 struct ccs_env_acl *acl
1687 = container_of(ptr, struct ccs_env_acl, head);
1688 return ccs_print_env_acl(head, acl, cond);
1689 }
1690 if (acl_type == CCS_TYPE_CAPABILITY_ACL) {
1691 struct ccs_capability_acl *acl
1692 = container_of(ptr, struct ccs_capability_acl,
1693 head);
1694 return ccs_print_capability_acl(head, acl, cond);
1695 }
1696 if (acl_type == CCS_TYPE_IP_NETWORK_ACL) {
1697 struct ccs_ip_network_acl *acl
1698 = container_of(ptr, struct ccs_ip_network_acl,
1699 head);
1700 return ccs_print_network_acl(head, acl, cond);
1701 }
1702 if (acl_type == CCS_TYPE_SIGNAL_ACL) {
1703 struct ccs_signal_acl *acl
1704 = container_of(ptr, struct ccs_signal_acl, head);
1705 return ccs_print_signal_acl(head, acl, cond);
1706 }
1707 if (acl_type == CCS_TYPE_MOUNT_ACL) {
1708 struct ccs_mount_acl *acl
1709 = container_of(ptr, struct ccs_mount_acl, head);
1710 return ccs_print_mount_acl(head, acl, cond);
1711 }
1712 if (acl_type == CCS_TYPE_UMOUNT_ACL) {
1713 struct ccs_umount_acl *acl
1714 = container_of(ptr, struct ccs_umount_acl, head);
1715 return ccs_print_umount_acl(head, acl, cond);
1716 }
1717 if (acl_type == CCS_TYPE_CHROOT_ACL) {
1718 struct ccs_chroot_acl *acl
1719 = container_of(ptr, struct ccs_chroot_acl, head);
1720 return ccs_print_chroot_acl(head, acl, cond);
1721 }
1722 if (acl_type == CCS_TYPE_PIVOT_ROOT_ACL) {
1723 struct ccs_pivot_root_acl *acl
1724 = container_of(ptr, struct ccs_pivot_root_acl,
1725 head);
1726 return ccs_print_pivot_root_acl(head, acl, cond);
1727 }
1728 BUG(); /* This must not happen. */
1729 return false;
1730 }
1731
1732 /**
1733 * ccs_read_domain_policy - Read domain policy.
1734 *
1735 * @head: Pointer to "struct ccs_io_buffer".
1736 *
1737 * Caller holds ccs_read_lock().
1738 */
1739 static void ccs_read_domain_policy(struct ccs_io_buffer *head)
1740 {
1741 struct list_head *dpos;
1742 struct list_head *apos;
1743 if (head->read_eof)
1744 return;
1745 if (head->read_step == 0)
1746 head->read_step = 1;
1747 list_for_each_cookie(dpos, head->read_var1, &ccs_domain_list) {
1748 struct ccs_domain_info *domain;
1749 const char *quota_exceeded = "";
1750 const char *transition_failed = "";
1751 const char *ignore_global_allow_read = "";
1752 const char *ignore_global_allow_env = "";
1753 domain = list_entry(dpos, struct ccs_domain_info, list);
1754 if (head->read_step != 1)
1755 goto acl_loop;
1756 if (domain->is_deleted && !head->read_single_domain)
1757 continue;
1758 /* Print domainname and flags. */
1759 if (domain->quota_warned)
1760 quota_exceeded = "quota_exceeded\n";
1761 if (domain->domain_transition_failed)
1762 transition_failed = "transition_failed\n";
1763 if (domain->ignore_global_allow_read)
1764 ignore_global_allow_read
1765 = CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n";
1766 if (domain->ignore_global_allow_env)
1767 ignore_global_allow_env
1768 = CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "\n";
1769 if (!ccs_io_printf(head, "%s\n" CCS_KEYWORD_USE_PROFILE "%u\n"
1770 "%s%s%s%s\n", domain->domainname->name,
1771 domain->profile, quota_exceeded,
1772 transition_failed,
1773 ignore_global_allow_read,
1774 ignore_global_allow_env))
1775 return;
1776 head->read_step = 2;
1777 acl_loop:
1778 if (head->read_step == 3)
1779 goto tail_mark;
1780 /* Print ACL entries in the domain. */
1781 list_for_each_cookie(apos, head->read_var2,
1782 &domain->acl_info_list) {
1783 struct ccs_acl_info *ptr
1784 = list_entry(apos, struct ccs_acl_info, list);
1785 if (!ccs_print_entry(head, ptr))
1786 return;
1787 }
1788 head->read_step = 3;
1789 tail_mark:
1790 if (!ccs_io_printf(head, "\n"))
1791 return;
1792 head->read_step = 1;
1793 if (head->read_single_domain)
1794 break;
1795 }
1796 head->read_eof = true;
1797 }
1798
1799 /**
1800 * ccs_write_domain_profile - Assign profile for specified domain.
1801 *
1802 * @head: Pointer to "struct ccs_io_buffer".
1803 *
1804 * Returns 0 on success, -EINVAL otherwise.
1805 *
1806 * This is equivalent to doing
1807 *
1808 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1809 * /usr/sbin/ccs-loadpolicy -d
1810 *
1811 * Caller holds ccs_read_lock().
1812 */
1813 static int ccs_write_domain_profile(struct ccs_io_buffer *head)
1814 {
1815 char *data = head->write_buf;
1816 char *cp = strchr(data, ' ');
1817 struct ccs_domain_info *domain;
1818 unsigned int profile;
1819 if (!cp)
1820 return -EINVAL;
1821 *cp = '\0';
1822 profile = simple_strtoul(data, NULL, 10);
1823 if (profile >= CCS_MAX_PROFILES)
1824 return -EINVAL;
1825 domain = ccs_find_domain(cp + 1);
1826 if (domain && (!ccs_policy_loaded || ccs_profile_ptr[(u8) profile]))
1827 domain->profile = (u8) profile;
1828 return 0;
1829 }
1830
1831 /**
1832 * ccs_read_domain_profile - Read only domainname and profile.
1833 *
1834 * @head: Pointer to "struct ccs_io_buffer".
1835 *
1836 * This is equivalent to doing
1837 *
1838 * grep -A 1 '^<kernel>' /proc/ccs/domain_policy |
1839 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1840 * domainname = $0; } else if ( $1 == "use_profile" ) {
1841 * print $2 " " domainname; domainname = ""; } } ; '
1842 *
1843 * Caller holds ccs_read_lock().
1844 */
1845 static void ccs_read_domain_profile(struct ccs_io_buffer *head)
1846 {
1847 struct list_head *pos;
1848 if (head->read_eof)
1849 return;
1850 list_for_each_cookie(pos, head->read_var1, &ccs_domain_list) {
1851 struct ccs_domain_info *domain;
1852 domain = list_entry(pos, struct ccs_domain_info, list);
1853 if (domain->is_deleted)
1854 continue;
1855 if (!ccs_io_printf(head, "%u %s\n", domain->profile,
1856 domain->domainname->name))
1857 return;
1858 }
1859 head->read_eof = true;
1860 }
1861
1862 /**
1863 * ccs_write_pid: Specify PID to obtain domainname.
1864 *
1865 * @head: Pointer to "struct ccs_io_buffer".
1866 *
1867 * Returns 0.
1868 */
1869 static int ccs_write_pid(struct ccs_io_buffer *head)
1870 {
1871 head->read_eof = false;
1872 return 0;
1873 }
1874
1875 /**
1876 * ccs_read_pid - Read information of a process.
1877 *
1878 * @head: Pointer to "struct ccs_io_buffer".
1879 *
1880 * Returns the domainname which the specified PID is in or
1881 * process information of the specified PID on success,
1882 * empty string otherwise.
1883 *
1884 * Caller holds ccs_read_lock().
1885 */
1886 static void ccs_read_pid(struct ccs_io_buffer *head)
1887 {
1888 char *buf = head->write_buf;
1889 bool task_info = false;
1890 bool global_pid = false;
1891 unsigned int pid;
1892 struct task_struct *p;
1893 struct ccs_domain_info *domain = NULL;
1894 u32 ccs_flags = 0;
1895 /* Accessing write_buf is safe because head->io_sem is held. */
1896 if (!buf)
1897 return; /* Do nothing if open(O_RDONLY). */
1898 if (head->read_avail || head->read_eof)
1899 return;
1900 head->read_eof = true;
1901 if (ccs_str_starts(&buf, "info "))
1902 task_info = true;
1903 if (ccs_str_starts(&buf, "global-pid "))
1904 global_pid = true;
1905 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1906 read_lock(&tasklist_lock);
1907 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
1908 if (global_pid)
1909 p = find_task_by_pid_ns(pid, &init_pid_ns);
1910 else
1911 p = find_task_by_vpid(pid);
1912 #else
1913 p = find_task_by_pid(pid);
1914 #endif
1915 if (p) {
1916 domain = ccs_task_domain(p);
1917 ccs_flags = p->ccs_flags;
1918 }
1919 read_unlock(&tasklist_lock);
1920 if (!domain)
1921 return;
1922 if (!task_info)
1923 ccs_io_printf(head, "%u %u %s", pid, domain->profile,
1924 domain->domainname->name);
1925 else
1926 ccs_io_printf(head, "%u manager=%s execute_handler=%s "
1927 "state[0]=%u state[1]=%u state[2]=%u", pid,
1928 ccs_yesno(ccs_flags &
1929 CCS_TASK_IS_POLICY_MANAGER),
1930 ccs_yesno(ccs_flags &
1931 CCS_TASK_IS_EXECUTE_HANDLER),
1932 (u8) (ccs_flags >> 24),
1933 (u8) (ccs_flags >> 16),
1934 (u8) (ccs_flags >> 8));
1935 }
1936
1937 /**
1938 * ccs_write_exception_policy - Write exception policy.
1939 *
1940 * @head: Pointer to "struct ccs_io_buffer".
1941 *
1942 * Returns 0 on success, negative value otherwise.
1943 */
1944 static int ccs_write_exception_policy(struct ccs_io_buffer *head)
1945 {
1946 char *data = head->write_buf;
1947 bool is_delete = ccs_str_starts(&data, CCS_KEYWORD_DELETE);
1948 if (ccs_str_starts(&data, CCS_KEYWORD_KEEP_DOMAIN))
1949 return ccs_write_domain_keeper_policy(data, false, is_delete);
1950 if (ccs_str_starts(&data, CCS_KEYWORD_NO_KEEP_DOMAIN))
1951 return ccs_write_domain_keeper_policy(data, true, is_delete);
1952 if (ccs_str_starts(&data, CCS_KEYWORD_INITIALIZE_DOMAIN))
1953 return ccs_write_domain_initializer_policy(data, false,
1954 is_delete);
1955 if (ccs_str_starts(&data, CCS_KEYWORD_NO_INITIALIZE_DOMAIN))
1956 return ccs_write_domain_initializer_policy(data, true,
1957 is_delete);
1958 if (ccs_str_starts(&data, CCS_KEYWORD_AGGREGATOR))
1959 return ccs_write_aggregator_policy(data, is_delete);
1960 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_READ))
1961 return ccs_write_globally_readable_policy(data, is_delete);
1962 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV))
1963 return ccs_write_globally_usable_env_policy(data, is_delete);
1964 if (ccs_str_starts(&data, CCS_KEYWORD_FILE_PATTERN))
1965 return ccs_write_pattern_policy(data, is_delete);
1966 if (ccs_str_starts(&data, CCS_KEYWORD_PATH_GROUP))
1967 return ccs_write_path_group_policy(data, is_delete);
1968 if (ccs_str_starts(&data, CCS_KEYWORD_NUMBER_GROUP))
1969 return ccs_write_number_group_policy(data, is_delete);
1970 if (ccs_str_starts(&data, CCS_KEYWORD_DENY_REWRITE))
1971 return ccs_write_no_rewrite_policy(data, is_delete);
1972 if (ccs_str_starts(&data, CCS_KEYWORD_ADDRESS_GROUP))
1973 return ccs_write_address_group_policy(data, is_delete);
1974 if (ccs_str_starts(&data, CCS_KEYWORD_DENY_AUTOBIND))
1975 return ccs_write_reserved_port_policy(data, is_delete);
1976 return -EINVAL;
1977 }
1978
1979 /**
1980 * ccs_read_exception_policy - Read exception policy.
1981 *
1982 * @head: Pointer to "struct ccs_io_buffer".
1983 *
1984 * Caller holds ccs_read_lock().
1985 */
1986 static void ccs_read_exception_policy(struct ccs_io_buffer *head)
1987 {
1988 if (head->read_eof)
1989 return;
1990 switch (head->read_step) {
1991 case 0:
1992 head->read_var2 = NULL;
1993 head->read_step = 1;
1994 case 1:
1995 if (!ccs_read_domain_keeper_policy(head))
1996 break;
1997 head->read_var2 = NULL;
1998 head->read_step = 2;
1999 case 2:
2000 if (!ccs_read_globally_readable_policy(head))
2001 break;
2002 head->read_var2 = NULL;
2003 head->read_step = 3;
2004 case 3:
2005 if (!ccs_read_globally_usable_env_policy(head))
2006 break;
2007 head->read_var2 = NULL;
2008 head->read_step = 4;
2009 case 4:
2010 if (!ccs_read_domain_initializer_policy(head))
2011 break;
2012 head->read_var2 = NULL;
2013 head->read_step = 6;
2014 case 6:
2015 if (!ccs_read_aggregator_policy(head))
2016 break;
2017 head->read_var2 = NULL;
2018 head->read_step = 7;
2019 case 7:
2020 if (!ccs_read_file_pattern(head))
2021 break;
2022 head->read_var2 = NULL;
2023 head->read_step = 8;
2024 case 8:
2025 if (!ccs_read_no_rewrite_policy(head))
2026 break;
2027 head->read_var2 = NULL;
2028 head->read_step = 9;
2029 case 9:
2030 if (!ccs_read_path_group_policy(head))
2031 break;
2032 head->read_var1 = NULL;
2033 head->read_var2 = NULL;
2034 head->read_step = 10;
2035 case 10:
2036 if (!ccs_read_number_group_policy(head))
2037 break;
2038 head->read_var1 = NULL;
2039 head->read_var2 = NULL;
2040 head->read_step = 11;
2041 case 11:
2042 if (!ccs_read_address_group_policy(head))
2043 break;
2044 head->read_var2 = NULL;
2045 head->read_step = 12;
2046 case 12:
2047 if (!ccs_read_reserved_port_policy(head))
2048 break;
2049 head->read_eof = true;
2050 }
2051 }
2052
2053 /**
2054 * ccs_get_argv0 - Get argv[0].
2055 *
2056 * @ee: Pointer to "struct ccs_execve_entry".
2057 *
2058 * Returns true on success, false otherwise.
2059 */
2060 static bool ccs_get_argv0(struct ccs_execve_entry *ee)
2061 {
2062 struct linux_binprm *bprm = ee->bprm;
2063 char *arg_ptr = ee->tmp;
2064 int arg_len = 0;
2065 unsigned long pos = bprm->p;
2066 int offset = pos % PAGE_SIZE;
2067 bool done = false;
2068 if (!bprm->argc)
2069 goto out;
2070 while (1) {
2071 if (!ccs_dump_page(bprm, pos, &ee->dump))
2072 goto out;
2073 pos += PAGE_SIZE - offset;
2074 /* Read. */
2075 while (offset < PAGE_SIZE) {
2076 const char *kaddr = ee->dump.data;
2077 const unsigned char c = kaddr[offset++];
2078 if (c && arg_len < CCS_EXEC_TMPSIZE - 10) {
2079 if (c == '\\') {
2080 arg_ptr[arg_len++] = '\\';
2081 arg_ptr[arg_len++] = '\\';
2082 } else if (c > ' ' && c < 127) {
2083 arg_ptr[arg_len++] = c;
2084 } else {
2085 arg_ptr[arg_len++] = '\\';
2086 arg_ptr[arg_len++] = (c >> 6) + '0';
2087 arg_ptr[arg_len++]
2088 = ((c >> 3) & 7) + '0';
2089 arg_ptr[arg_len++] = (c & 7) + '0';
2090 }
2091 } else {
2092 arg_ptr[arg_len] = '\0';
2093 done = true;
2094 break;
2095 }
2096 }
2097 offset = 0;
2098 if (done)
2099 break;
2100 }
2101 return true;
2102 out:
2103 return false;
2104 }
2105
2106 /**
2107 * ccs_get_execute_condition - Get condition part for execute requests.
2108 *
2109 * @ee: Pointer to "struct ccs_execve_entry".
2110 *
2111 * Returns pointer to "struct ccs_condition" on success, NULL otherwise.
2112 */
2113 static struct ccs_condition *ccs_get_execute_condition(struct ccs_execve_entry
2114 *ee)
2115 {
2116 struct ccs_condition *cond;
2117 char *buf;
2118 int len = 256;
2119 char *realpath = NULL;
2120 char *argv0 = NULL;
2121 const struct ccs_profile *profile = ccs_profile(ee->r.domain->profile);
2122 if (profile->learning->learning_exec_realpath) {
2123 struct file *file = ee->bprm->file;
2124 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 20)
2125 struct path path = { file->f_vfsmnt, file->f_dentry };
2126 realpath = ccs_realpath_from_path(&path);
2127 #else
2128 realpath = ccs_realpath_from_path(&file->f_path);
2129 #endif
2130 if (realpath)
2131 len += strlen(realpath) + 17;
2132 }
2133 if (profile->learning->learning_exec_argv0) {
2134 if (ccs_get_argv0(ee)) {
2135 argv0 = ee->tmp;
2136 len += strlen(argv0) + 16;
2137 }
2138 }
2139 buf = kmalloc(len, GFP_KERNEL);
2140 if (!buf) {
2141 kfree(realpath);
2142 return NULL;
2143 }
2144 snprintf(buf, len - 1, "if");
2145 if (current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER) {
2146 const int pos = strlen(buf);
2147 snprintf(buf + pos, len - pos - 1,
2148 " task.type=execute_handler");
2149 }
2150 if (realpath) {
2151 const int pos = strlen(buf);
2152 snprintf(buf + pos, len - pos - 1, " exec.realpath=\"%s\"",
2153 realpath);
2154 kfree(realpath);
2155 }
2156 if (argv0) {
2157 const int pos = strlen(buf);
2158 snprintf(buf + pos, len - pos - 1, " exec.argv[0]=\"%s\"",
2159 argv0);
2160 }
2161 cond = ccs_get_condition(buf);
2162 kfree(buf);
2163 return cond;
2164 }
2165
2166 /**
2167 * ccs_get_symlink_condition - Get condition part for symlink requests.
2168 *
2169 * @r: Pointer to "struct ccs_request_info".
2170 *
2171 * Returns pointer to "struct ccs_condition" on success, NULL otherwise.
2172 */
2173 static struct ccs_condition *ccs_get_symlink_condition(struct ccs_request_info
2174 *r)
2175 {
2176 struct ccs_condition *cond;
2177 char *buf;
2178 int len = 256;
2179 const char *symlink = NULL;
2180 const struct ccs_profile *profile = ccs_profile(r->profile);
2181 if (profile->learning->learning_symlink_target) {
2182 symlink = r->obj->symlink_target->name;
2183 len += strlen(symlink) + 18;
2184 }
2185 buf = kmalloc(len, GFP_KERNEL);
2186 if (!buf)
2187 return NULL;
2188 snprintf(buf, len - 1, "if");
2189 if (current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER) {
2190 const int pos = strlen(buf);
2191 snprintf(buf + pos, len - pos - 1,
2192 " task.type=execute_handler");
2193 }
2194 if (symlink) {
2195 const int pos = strlen(buf);
2196 snprintf(buf + pos, len - pos - 1, " symlink.target=\"%s\"",
2197 symlink);
2198 }
2199 cond = ccs_get_condition(buf);
2200 kfree(buf);
2201 return cond;
2202 }
2203
2204 /* Wait queue for ccs_query_list. */
2205 static DECLARE_WAIT_QUEUE_HEAD(ccs_query_wait);
2206
2207 /* Lock for manipulating ccs_query_list. */
2208 static DEFINE_SPINLOCK(ccs_query_list_lock);
2209
2210 /* Structure for query. */
2211 struct ccs_query_entry {
2212 struct list_head list;
2213 char *query;
2214 int query_len;
2215 unsigned int serial;
2216 int timer;
2217 int answer;
2218 };
2219
2220 /* The list for "struct ccs_query_entry". */
2221 static LIST_HEAD(ccs_query_list);
2222
2223 /* Number of "struct file" referring /proc/ccs/query interface. */
2224 static atomic_t ccs_query_observers = ATOMIC_INIT(0);
2225
2226 /**
2227 * ccs_supervisor - Ask for the supervisor's decision.
2228 *
2229 * @r: Pointer to "struct ccs_request_info".
2230 * @fmt: The printf()'s format string, followed by parameters.
2231 *
2232 * Returns 0 if the supervisor decided to permit the access request which
2233 * violated the policy in enforcing mode, 1 if the supervisor decided to
2234 * retry the access request which violated the policy in enforcing mode,
2235 * 0 if it is not in enforcing mode, -EPERM otherwise.
2236 */
2237 int ccs_supervisor(struct ccs_request_info *r, const char *fmt, ...)
2238 {
2239 va_list args;
2240 int error = -EPERM;
2241 int pos;
2242 int len;
2243 static unsigned int ccs_serial;
2244 struct ccs_query_entry *ccs_query_entry = NULL;
2245 bool quota_exceeded = false;
2246 char *header;
2247 if (!r->domain)
2248 r->domain = ccs_current_domain();
2249 switch (r->mode) {
2250 char *buffer;
2251 struct ccs_condition *cond;
2252 case CCS_CONFIG_LEARNING:
2253 if (!ccs_domain_quota_ok(r))
2254 return 0;
2255 va_start(args, fmt);
2256 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4;
2257 va_end(args);
2258 buffer = kmalloc(len, GFP_KERNEL);
2259 if (!buffer)
2260 return 0;
2261 va_start(args, fmt);
2262 vsnprintf(buffer, len - 1, fmt, args);
2263 va_end(args);
2264 ccs_normalize_line(buffer);
2265 if (r->ee && !strncmp(buffer, "allow_execute ", 14))
2266 cond = ccs_get_execute_condition(r->ee);
2267 else if (r->obj && r->obj->symlink_target)
2268 cond = ccs_get_symlink_condition(r);
2269 else if ((current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER)) {
2270 char str[] = "if task.type=execute_handler";
2271 cond = ccs_get_condition(str);
2272 } else
2273 cond = NULL;
2274 ccs_write_domain_policy2(buffer, r->domain, cond, false);
2275 ccs_put_condition(cond);
2276 kfree(buffer);
2277 /* fall through */
2278 case CCS_CONFIG_PERMISSIVE:
2279 return 0;
2280 }
2281 if (!atomic_read(&ccs_query_observers)) {
2282 int i;
2283 if (current->ccs_flags & CCS_DONT_SLEEP_ON_ENFORCE_ERROR)
2284 return -EPERM;
2285 for (i = 0; i < ccs_profile(r->domain->profile)->enforcing->
2286 enforcing_penalty; i++) {
2287 set_current_state(TASK_INTERRUPTIBLE);
2288 schedule_timeout(HZ / 10);
2289 }
2290 return -EPERM;
2291 }
2292 va_start(args, fmt);
2293 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
2294 va_end(args);
2295 header = ccs_init_audit_log(&len, r);
2296 if (!header)
2297 goto out;
2298 ccs_query_entry = kzalloc(sizeof(*ccs_query_entry), GFP_KERNEL);
2299 if (!ccs_query_entry)
2300 goto out;
2301 len = ccs_round2(len);
2302 ccs_query_entry->query = kzalloc(len, GFP_KERNEL);
2303 if (!ccs_query_entry->query)
2304 goto out;
2305 INIT_LIST_HEAD(&ccs_query_entry->list);
2306 spin_lock(&ccs_query_list_lock);
2307 if (ccs_quota_for_query && ccs_query_memory_size + len +
2308 sizeof(*ccs_query_entry) >= ccs_quota_for_query) {
2309 quota_exceeded = true;
2310 } else {
2311 ccs_query_memory_size += len + sizeof(*ccs_query_entry);
2312 ccs_query_entry->serial = ccs_serial++;
2313 }
2314 spin_unlock(&ccs_query_list_lock);
2315 if (quota_exceeded)
2316 goto out;
2317 pos = snprintf(ccs_query_entry->query, len - 1, "Q%u-%hu\n%s",
2318 ccs_query_entry->serial, r->retry, header);
2319 kfree(header);
2320 header = NULL;
2321 va_start(args, fmt);
2322 vsnprintf(ccs_query_entry->query + pos, len - 1 - pos, fmt, args);
2323 ccs_query_entry->query_len = strlen(ccs_query_entry->query) + 1;
2324 va_end(args);
2325 spin_lock(&ccs_query_list_lock);
2326 list_add_tail(&ccs_query_entry->list, &ccs_query_list);
2327 spin_unlock(&ccs_query_list_lock);
2328 /* Give 10 seconds for supervisor's opinion. */
2329 for (ccs_query_entry->timer = 0;
2330 atomic_read(&ccs_query_observers) && ccs_query_entry->timer < 100;
2331 ccs_query_entry->timer++) {
2332 wake_up(&ccs_query_wait);
2333 set_current_state(TASK_INTERRUPTIBLE);
2334 schedule_timeout(HZ / 10);
2335 if (ccs_query_entry->answer)
2336 break;
2337 }
2338 spin_lock(&ccs_query_list_lock);
2339 list_del(&ccs_query_entry->list);
2340 ccs_query_memory_size -= len + sizeof(*ccs_query_entry);
2341 spin_unlock(&ccs_query_list_lock);
2342 switch (ccs_query_entry->answer) {
2343 case 3: /* Asked to retry by administrator. */
2344 error = 1;
2345 r->retry++;
2346 break;
2347 case 1:
2348 /* Granted by administrator. */
2349 error = 0;
2350 break;
2351 case 0:
2352 /* Timed out. */
2353 break;
2354 default:
2355 /* Rejected by administrator. */
2356 break;
2357 }
2358 out:
2359 if (ccs_query_entry)
2360 kfree(ccs_query_entry->query);
2361 kfree(ccs_query_entry);
2362 kfree(header);
2363 return error;
2364 }
2365
2366 /**
2367 * ccs_poll_query - poll() for /proc/ccs/query.
2368 *
2369 * @file: Pointer to "struct file".
2370 * @wait: Pointer to "poll_table".
2371 *
2372 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
2373 *
2374 * Waits for access requests which violated policy in enforcing mode.
2375 */
2376 static int ccs_poll_query(struct file *file, poll_table *wait)
2377 {
2378 struct list_head *tmp;
2379 bool found = false;
2380 u8 i;
2381 for (i = 0; i < 2; i++) {
2382 spin_lock(&ccs_query_list_lock);
2383 list_for_each(tmp, &ccs_query_list) {
2384 struct ccs_query_entry *ptr
2385 = list_entry(tmp, struct ccs_query_entry, list);
2386 if (ptr->answer)
2387 continue;
2388 found = true;
2389 break;
2390 }
2391 spin_unlock(&ccs_query_list_lock);
2392 if (found)
2393 return POLLIN | POLLRDNORM;
2394 if (i)
2395 break;
2396 poll_wait(file, &ccs_query_wait, wait);
2397 }
2398 return 0;
2399 }
2400
2401 /**
2402 * ccs_read_query - Read access requests which violated policy in enforcing mode.
2403 *
2404 * @head: Pointer to "struct ccs_io_buffer".
2405 */
2406 static void ccs_read_query(struct ccs_io_buffer *head)
2407 {
2408 struct list_head *tmp;
2409 int pos = 0;
2410 int len = 0;
2411 char *buf;
2412 if (head->read_avail)
2413 return;
2414 if (head->read_buf) {
2415 kfree(head->read_buf);
2416 head->read_buf = NULL;
2417 head->readbuf_size = 0;
2418 }
2419 spin_lock(&ccs_query_list_lock);
2420 list_for_each(tmp, &ccs_query_list) {
2421 struct ccs_query_entry *ptr
2422 = list_entry(tmp, struct ccs_query_entry, list);
2423 if (ptr->answer)
2424 continue;
2425 if (pos++ != head->read_step)
2426 continue;
2427 len = ptr->query_len;
2428 break;
2429 }
2430 spin_unlock(&ccs_query_list_lock);
2431 if (!len) {
2432 head->read_step = 0;
2433 return;
2434 }
2435 buf = kzalloc(len, GFP_KERNEL);
2436 if (!buf)
2437 return;
2438 pos = 0;
2439 spin_lock(&ccs_query_list_lock);
2440 list_for_each(tmp, &ccs_query_list) {
2441 struct ccs_query_entry *ptr
2442 = list_entry(tmp, struct ccs_query_entry, list);
2443 if (ptr->answer)
2444 continue;
2445 if (pos++ != head->read_step)
2446 continue;
2447 /*
2448 * Some query can be skipped because ccs_query_list
2449 * can change, but I don't care.
2450 */
2451 if (len == ptr->query_len)
2452 memmove(buf, ptr->query, len);
2453 break;
2454 }
2455 spin_unlock(&ccs_query_list_lock);
2456 if (buf[0]) {
2457 head->read_avail = len;
2458 head->readbuf_size = head->read_avail;
2459 head->read_buf = buf;
2460 head->read_step++;
2461 } else {
2462 kfree(buf);
2463 }
2464 }
2465
2466 /**
2467 * ccs_write_answer - Write the supervisor's decision.
2468 *
2469 * @head: Pointer to "struct ccs_io_buffer".
2470 *
2471 * Returns 0 on success, -EINVAL otherwise.
2472 */
2473 static int ccs_write_answer(struct ccs_io_buffer *head)
2474 {
2475 char *data = head->write_buf;
2476 struct list_head *tmp;
2477 unsigned int serial;
2478 unsigned int answer;
2479 spin_lock(&ccs_query_list_lock);
2480 list_for_each(tmp, &ccs_query_list) {
2481 struct ccs_query_entry *ptr
2482 = list_entry(tmp, struct ccs_query_entry, list);
2483 ptr->timer = 0;
2484 }
2485 spin_unlock(&ccs_query_list_lock);
2486 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
2487 return -EINVAL;
2488 spin_lock(&ccs_query_list_lock);
2489 list_for_each(tmp, &ccs_query_list) {
2490 struct ccs_query_entry *ptr
2491 = list_entry(tmp, struct ccs_query_entry, list);
2492 if (ptr->serial != serial)
2493 continue;
2494 if (!ptr->answer)
2495 ptr->answer = answer;
2496 break;
2497 }
2498 spin_unlock(&ccs_query_list_lock);
2499 return 0;
2500 }
2501
2502 /**
2503 * ccs_read_version: Get version.
2504 *
2505 * @head: Pointer to "struct ccs_io_buffer".
2506 */
2507 static void ccs_read_version(struct ccs_io_buffer *head)
2508 {
2509 if (head->read_eof)
2510 return;
2511 ccs_io_printf(head, "1.7.0");
2512 head->read_eof = true;
2513 }
2514
2515 /**
2516 * ccs_read_self_domain - Get the current process's domainname.
2517 *
2518 * @head: Pointer to "struct ccs_io_buffer".
2519 */
2520 static void ccs_read_self_domain(struct ccs_io_buffer *head)
2521 {
2522 if (head->read_eof)
2523 return;
2524 /*
2525 * ccs_current_domain()->domainname != NULL because every process
2526 * belongs to a domain and the domain's name cannot be NULL.
2527 */
2528 ccs_io_printf(head, "%s", ccs_current_domain()->domainname->name);
2529 head->read_eof = true;
2530 }
2531
2532 /**
2533 * ccs_open_control - open() for /proc/ccs/ interface.
2534 *
2535 * @type: Type of interface.
2536 * @file: Pointer to "struct file".
2537 *
2538 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
2539 */
2540 int ccs_open_control(const u8 type, struct file *file)
2541 {
2542 struct ccs_io_buffer *head = kzalloc(sizeof(*head), GFP_KERNEL);
2543 if (!head)
2544 return -ENOMEM;
2545 mutex_init(&head->io_sem);
2546 head->type = type;
2547 switch (type) {
2548 case CCS_DOMAINPOLICY: /* /proc/ccs/domain_policy */
2549 head->write = ccs_write_domain_policy;
2550 head->read = ccs_read_domain_policy;
2551 break;
2552 case CCS_EXCEPTIONPOLICY: /* /proc/ccs/exception_policy */
2553 head->write = ccs_write_exception_policy;
2554 head->read = ccs_read_exception_policy;
2555 break;
2556 #ifdef CONFIG_CCSECURITY_AUDIT
2557 case CCS_GRANTLOG: /* /proc/ccs/grant_log */
2558 head->poll = ccs_poll_grant_log;
2559 head->read = ccs_read_grant_log;
2560 break;
2561 case CCS_REJECTLOG: /* /proc/ccs/reject_log */
2562 head->poll = ccs_poll_reject_log;
2563 head->read = ccs_read_reject_log;
2564 break;
2565 #endif
2566 case CCS_SELFDOMAIN: /* /proc/ccs/self_domain */
2567 head->read = ccs_read_self_domain;
2568 break;
2569 case CCS_DOMAIN_STATUS: /* /proc/ccs/.domain_status */
2570 head->write = ccs_write_domain_profile;
2571 head->read = ccs_read_domain_profile;
2572 break;
2573 case CCS_EXECUTE_HANDLER: /* /proc/ccs/.execute_handler */
2574 /* Allow execute_handler to read process's status. */
2575 if (!(current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER)) {
2576 kfree(head);
2577 return -EPERM;
2578 }
2579 /* fall through */
2580 case CCS_PROCESS_STATUS: /* /proc/ccs/.process_status */
2581 head->write = ccs_write_pid;
2582 head->read = ccs_read_pid;
2583 break;
2584 case CCS_VERSION: /* /proc/ccs/version */
2585 head->read = ccs_read_version;
2586 head->readbuf_size = 128;
2587 break;
2588 case CCS_MEMINFO: /* /proc/ccs/meminfo */
2589 head->write = ccs_write_memory_quota;
2590 head->read = ccs_read_memory_counter;
2591 head->readbuf_size = 512;
2592 break;
2593 case CCS_PROFILE: /* /proc/ccs/profile */
2594 head->write = ccs_write_profile;
2595 head->read = ccs_read_profile;
2596 break;
2597 case CCS_QUERY: /* /proc/ccs/query */
2598 head->poll = ccs_poll_query;
2599 head->write = ccs_write_answer;
2600 head->read = ccs_read_query;
2601 break;
2602 case CCS_MANAGER: /* /proc/ccs/manager */
2603 head->write = ccs_write_manager_policy;
2604 head->read = ccs_read_manager_policy;
2605 break;
2606 }
2607 if (!(file->f_mode & FMODE_READ)) {
2608 /*
2609 * No need to allocate read_buf since it is not opened
2610 * for reading.
2611 */
2612 head->read = NULL;
2613 head->poll = NULL;
2614 } else if (!head->poll) {
2615 /* Don't allocate read_buf for poll() access. */
2616 if (!head->readbuf_size)
2617 head->readbuf_size = 4096;
2618 head->read_buf = kzalloc(head->readbuf_size, GFP_KERNEL);
2619 if (!head->read_buf) {
2620 kfree(head);
2621 return -ENOMEM;
2622 }
2623 }
2624 if (!(file->f_mode & FMODE_WRITE)) {
2625 /*
2626 * No need to allocate write_buf since it is not opened
2627 * for writing.
2628 */
2629 head->write = NULL;
2630 } else if (head->write) {
2631 head->writebuf_size = 4096;
2632 head->write_buf = kzalloc(head->writebuf_size, GFP_KERNEL);
2633 if (!head->write_buf) {
2634 kfree(head->read_buf);
2635 kfree(head);
2636 return -ENOMEM;
2637 }
2638 }
2639 if (type != CCS_QUERY &&
2640 type != CCS_GRANTLOG && type != CCS_REJECTLOG)
2641 head->reader_idx = ccs_read_lock();
2642 file->private_data = head;
2643 /*
2644 * Call the handler now if the file is /proc/ccs/self_domain
2645 * so that the user can use "cat < /proc/ccs/self_domain" to
2646 * know the current process's domainname.
2647 */
2648 if (type == CCS_SELFDOMAIN)
2649 ccs_read_control(file, NULL, 0);
2650 /*
2651 * If the file is /proc/ccs/query , increment the observer counter.
2652 * The obserber counter is used by ccs_supervisor() to see if
2653 * there is some process monitoring /proc/ccs/query.
2654 */
2655 else if (type == CCS_QUERY)
2656 atomic_inc(&ccs_query_observers);
2657 return 0;
2658 }
2659
2660 /**
2661 * ccs_poll_control - poll() for /proc/ccs/ interface.
2662 *
2663 * @file: Pointer to "struct file".
2664 * @wait: Pointer to "poll_table".
2665 *
2666 * Waits for read readiness.
2667 * /proc/ccs/query is handled by /usr/sbin/ccs-queryd and
2668 * /proc/ccs/grant_log and /proc/ccs/reject_log are handled by
2669 * /usr/sbin/ccs-auditd .
2670 */
2671 int ccs_poll_control(struct file *file, poll_table *wait)
2672 {
2673 struct ccs_io_buffer *head = file->private_data;
2674 if (!head->poll)
2675 return -ENOSYS;
2676 return head->poll(file, wait);
2677 }
2678
2679 /**
2680 * ccs_read_control - read() for /proc/ccs/ interface.
2681 *
2682 * @file: Pointer to "struct file".
2683 * @buffer: Poiner to buffer to write to.
2684 * @buffer_len: Size of @buffer.
2685 *
2686 * Returns bytes read on success, negative value otherwise.
2687 */
2688 int ccs_read_control(struct file *file, char __user *buffer,
2689 const int buffer_len)
2690 {
2691 int len = 0;
2692 struct ccs_io_buffer *head = file->private_data;
2693 char *cp;
2694 if (!head->read)
2695 return -ENOSYS;
2696 if (!access_ok(VERIFY_WRITE, buffer, buffer_len))
2697 return -EFAULT;
2698 if (mutex_lock_interruptible(&head->io_sem))
2699 return -EINTR;
2700 while (1) {
2701 /* Call the policy handler. */
2702 head->read(head);
2703 /* Write to buffer. */
2704 len = head->read_avail;
2705 if (len || head->poll || head->read_eof)
2706 break;
2707 len = head->readbuf_size * 2;
2708 cp = kzalloc(len, GFP_KERNEL);
2709 if (!cp) {
2710 len = -ENOMEM;
2711 goto out;
2712 }
2713 kfree(head->read_buf);
2714 head->read_buf = cp;
2715 head->readbuf_size = len;
2716 }
2717 if (len > buffer_len)
2718 len = buffer_len;
2719 if (!len)
2720 goto out;
2721 /* head->read_buf changes by some functions. */
2722 cp = head->read_buf;
2723 if (copy_to_user(buffer, cp, len)) {
2724 len = -EFAULT;
2725 goto out;
2726 }
2727 head->read_avail -= len;
2728 memmove(cp, cp + len, head->read_avail);
2729 out:
2730 mutex_unlock(&head->io_sem);
2731 return len;
2732 }
2733
2734 /**
2735 * ccs_write_control - write() for /proc/ccs/ interface.
2736 *
2737 * @file: Pointer to "struct file".
2738 * @buffer: Pointer to buffer to read from.
2739 * @buffer_len: Size of @buffer.
2740 *
2741 * Returns @buffer_len on success, negative value otherwise.
2742 */
2743 int ccs_write_control(struct file *file, const char __user *buffer,
2744 const int buffer_len)
2745 {
2746 struct ccs_io_buffer *head = file->private_data;
2747 int error = buffer_len;
2748 int avail_len = buffer_len;
2749 char *cp0 = head->write_buf;
2750 if (!head->write)
2751 return -ENOSYS;
2752 if (!access_ok(VERIFY_READ, buffer, buffer_len))
2753 return -EFAULT;
2754 /* Don't allow updating policies by non manager programs. */
2755 if (head->write != ccs_write_pid &&
2756 head->write != ccs_write_domain_policy &&
2757 !ccs_is_policy_manager())
2758 return -EPERM;
2759 if (mutex_lock_interruptible(&head->io_sem))
2760 return -EINTR;
2761 /* Read a line and dispatch it to the policy handler. */
2762 while (avail_len > 0) {
2763 char c;
2764 if (head->write_avail >= head->writebuf_size - 1) {
2765 const int len = head->writebuf_size * 2;
2766 char *cp = kzalloc(len, GFP_KERNEL);
2767 if (!cp) {
2768 error = -ENOMEM;
2769 break;
2770 }
2771 memmove(cp, cp0, head->write_avail);
2772 kfree(cp0);
2773 head->write_buf = cp;
2774 cp0 = cp;
2775 head->writebuf_size = len;
2776 }
2777 if (get_user(c, buffer)) {
2778 error = -EFAULT;
2779 break;
2780 }
2781 buffer++;
2782 avail_len--;
2783 cp0[head->write_avail++] = c;
2784 if (c != '\n')
2785 continue;
2786 cp0[head->write_avail - 1] = '\0';
2787 head->write_avail = 0;
2788 ccs_normalize_line(cp0);
2789 head->write(head);
2790 }
2791 mutex_unlock(&head->io_sem);
2792 return error;
2793 }
2794
2795 /**
2796 * ccs_close_control - close() for /proc/ccs/ interface.
2797 *
2798 * @file: Pointer to "struct file".
2799 *
2800 * Releases memory and returns 0.
2801 */
2802 int ccs_close_control(struct file *file)
2803 {
2804 struct ccs_io_buffer *head = file->private_data;
2805 const bool is_write = head->write_buf != NULL;
2806 const u8 type = head->type;
2807 /*
2808 * If the file is /proc/ccs/query , decrement the observer counter.
2809 */
2810 if (type == CCS_QUERY)
2811 atomic_dec(&ccs_query_observers);
2812 if (type != CCS_QUERY &&
2813 type != CCS_GRANTLOG && type != CCS_REJECTLOG)
2814 ccs_read_unlock(head->reader_idx);
2815 /* Release memory used for policy I/O. */
2816 kfree(head->read_buf);
2817 head->read_buf = NULL;
2818 kfree(head->write_buf);
2819 head->write_buf = NULL;
2820 kfree(head);
2821 head = NULL;
2822 file->private_data = NULL;
2823 if (is_write)
2824 ccs_run_gc();
2825 return 0;
2826 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ