オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/policy_io.c

Contents of /trunk/1.8.x/ccs-patch/security/ccsecurity/policy_io.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3924 - (show annotations) (download) (as text)
Thu Aug 26 11:01:19 2010 UTC (13 years, 8 months ago) by kumaneko
File MIME type: text/x-csrc
File size: 68588 byte(s) 
Replace task.state[] with auto_domain_transition .
1 /*
2 * security/ccsecurity/policy_io.c
3 *
4 * Copyright (C) 2005-2010 NTT DATA CORPORATION
5 *
6 * Version: 1.8.0-pre 2010/08/01
7 *
8 * This file is applicable to both 2.4.30 and 2.6.11 and later.
9 * See README.ccs for ChangeLog.
10 *
11 */
12
13 #include "internal.h"
14
15 static struct ccs_profile ccs_default_profile = {
16 #ifdef CONFIG_CCSECURITY_AUDIT
17 .preference.audit_max_grant_log = CONFIG_CCSECURITY_MAX_GRANT_LOG,
18 .preference.audit_max_reject_log = CONFIG_CCSECURITY_MAX_REJECT_LOG,
19 #endif
20 .preference.audit_task_info = true,
21 .preference.audit_path_info = true,
22 .preference.enforcing_penalty = 0,
23 .preference.learning_max_entry = CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY,
24 .preference.learning_exec_realpath = true,
25 .preference.learning_exec_argv0 = true,
26 .preference.learning_symlink_target = true,
27 };
28
29 /* Profile version. Currently only 20090903 is defined. */
30 static unsigned int ccs_profile_version;
31
32 /* Profile table. Memory is allocated as needed. */
33 static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES];
34
35 /* String table for functionality that takes 4 modes. */
36 const char *ccs_mode[CCS_CONFIG_MAX_MODE] = {
37 [CCS_CONFIG_DISABLED] = "disabled",
38 [CCS_CONFIG_LEARNING] = "learning",
39 [CCS_CONFIG_PERMISSIVE] = "permissive",
40 [CCS_CONFIG_ENFORCING] = "enforcing"
41 };
42
43 /* String table for /proc/ccs/profile */
44 static const char *ccs_mac_keywords[CCS_MAX_MAC_INDEX +
45 CCS_MAX_CAPABILITY_INDEX +
46 CCS_MAX_MAC_CATEGORY_INDEX] = {
47 [CCS_MAC_FILE_EXECUTE]
48 = "file::execute",
49 [CCS_MAC_FILE_OPEN]
50 = "file::open",
51 [CCS_MAC_FILE_CREATE]
52 = "file::create",
53 [CCS_MAC_FILE_UNLINK]
54 = "file::unlink",
55 [CCS_MAC_FILE_MKDIR]
56 = "file::mkdir",
57 [CCS_MAC_FILE_RMDIR]
58 = "file::rmdir",
59 [CCS_MAC_FILE_MKFIFO]
60 = "file::mkfifo",
61 [CCS_MAC_FILE_MKSOCK]
62 = "file::mksock",
63 [CCS_MAC_FILE_TRUNCATE]
64 = "file::truncate",
65 [CCS_MAC_FILE_SYMLINK]
66 = "file::symlink",
67 [CCS_MAC_FILE_MKBLOCK]
68 = "file::mkblock",
69 [CCS_MAC_FILE_MKCHAR]
70 = "file::mkchar",
71 [CCS_MAC_FILE_LINK]
72 = "file::link",
73 [CCS_MAC_FILE_RENAME]
74 = "file::rename",
75 [CCS_MAC_FILE_CHMOD]
76 = "file::chmod",
77 [CCS_MAC_FILE_CHOWN]
78 = "file::chown",
79 [CCS_MAC_FILE_CHGRP]
80 = "file::chgrp",
81 [CCS_MAC_FILE_IOCTL]
82 = "file::ioctl",
83 [CCS_MAC_FILE_CHROOT]
84 = "file::chroot",
85 [CCS_MAC_FILE_MOUNT]
86 = "file::mount",
87 [CCS_MAC_FILE_UMOUNT]
88 = "file::umount",
89 [CCS_MAC_FILE_PIVOT_ROOT]
90 = "file::pivot_root",
91 [CCS_MAC_ENVIRON]
92 = "misc::env",
93 [CCS_MAC_NETWORK_INET_TCP_BIND]
94 = "network::inet_tcp_bind",
95 [CCS_MAC_NETWORK_INET_TCP_LISTEN]
96 = "network::inet_tcp_listen",
97 [CCS_MAC_NETWORK_INET_TCP_CONNECT]
98 = "network::inet_tcp_connect",
99 [CCS_MAC_NETWORK_INET_TCP_ACCEPT]
100 = "network::inet_tcp_accept",
101 [CCS_MAC_NETWORK_INET_UDP_BIND]
102 = "network::inet_udp_bind",
103 [CCS_MAC_NETWORK_INET_UDP_SEND]
104 = "network::inet_udp_send",
105 [CCS_MAC_NETWORK_INET_UDP_RECV]
106 = "network::inet_udp_recv",
107 [CCS_MAC_NETWORK_INET_RAW_BIND]
108 = "network::inet_raw_bind",
109 [CCS_MAC_NETWORK_INET_RAW_SEND]
110 = "network::inet_raw_send",
111 [CCS_MAC_NETWORK_INET_RAW_RECV]
112 = "network::inet_raw_recv",
113 [CCS_MAC_NETWORK_UNIX_STREAM_BIND]
114 = "network::unix_stream_bind",
115 [CCS_MAC_NETWORK_UNIX_STREAM_LISTEN]
116 = "network::unix_stream_listen",
117 [CCS_MAC_NETWORK_UNIX_STREAM_CONNECT]
118 = "network::unix_stream_connect",
119 [CCS_MAC_NETWORK_UNIX_STREAM_ACCEPT]
120 = "network::unix_stream_accept",
121 [CCS_MAC_NETWORK_UNIX_DGRAM_BIND]
122 = "network::unix_dgram_bind",
123 [CCS_MAC_NETWORK_UNIX_DGRAM_SEND]
124 = "network::unix_dgram_send",
125 [CCS_MAC_NETWORK_UNIX_DGRAM_RECV]
126 = "network::unix_dgram_recv",
127 [CCS_MAC_NETWORK_UNIX_SEQPACKET_BIND]
128 = "network::unix_seqpacket_bind",
129 [CCS_MAC_NETWORK_UNIX_SEQPACKET_LISTEN]
130 = "network::unix_seqpacket_listen",
131 [CCS_MAC_NETWORK_UNIX_SEQPACKET_CONNECT]
132 = "network::unix_seqpacket_connect",
133 [CCS_MAC_NETWORK_UNIX_SEQPACKET_ACCEPT]
134 = "network::unix_seqpacket_accept",
135 [CCS_MAC_SIGNAL]
136 = "ipc::signal",
137 [CCS_MAX_MAC_INDEX + CCS_USE_ROUTE_SOCKET]
138 = "capability::use_route",
139 [CCS_MAX_MAC_INDEX + CCS_USE_PACKET_SOCKET]
140 = "capability::use_packet",
141 [CCS_MAX_MAC_INDEX + CCS_SYS_REBOOT]
142 = "capability::SYS_REBOOT",
143 [CCS_MAX_MAC_INDEX + CCS_SYS_VHANGUP]
144 = "capability::SYS_VHANGUP",
145 [CCS_MAX_MAC_INDEX + CCS_SYS_SETTIME]
146 = "capability::SYS_TIME",
147 [CCS_MAX_MAC_INDEX + CCS_SYS_NICE]
148 = "capability::SYS_NICE",
149 [CCS_MAX_MAC_INDEX + CCS_SYS_SETHOSTNAME]
150 = "capability::SYS_SETHOSTNAME",
151 [CCS_MAX_MAC_INDEX + CCS_USE_KERNEL_MODULE]
152 = "capability::use_kernel_module",
153 [CCS_MAX_MAC_INDEX + CCS_SYS_KEXEC_LOAD]
154 = "capability::SYS_KEXEC_LOAD",
155 [CCS_MAX_MAC_INDEX + CCS_SYS_PTRACE]
156 = "capability::SYS_PTRACE",
157 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
158 + CCS_MAC_CATEGORY_FILE] = "file",
159 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
160 + CCS_MAC_CATEGORY_NETWORK] = "network",
161 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
162 + CCS_MAC_CATEGORY_MISC] = "misc",
163 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
164 + CCS_MAC_CATEGORY_IPC] = "ipc",
165 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
166 + CCS_MAC_CATEGORY_CAPABILITY] = "capability",
167 };
168
169 /* Permit policy management by non-root user? */
170 static bool ccs_manage_by_non_root;
171
172 /**
173 * ccs_cap2keyword - Convert capability operation to capability name.
174 *
175 * @operation: The capability index.
176 *
177 * Returns the name of the specified capability's name.
178 */
179 const char *ccs_cap2keyword(const u8 operation)
180 {
181 return operation < CCS_MAX_CAPABILITY_INDEX
182 ? ccs_mac_keywords[CCS_MAX_MAC_INDEX + operation] + 12 : NULL;
183 }
184
185 /**
186 * ccs_yesno - Return "yes" or "no".
187 *
188 * @value: Bool value.
189 */
190 static const char *ccs_yesno(const unsigned int value)
191 {
192 return value ? "yes" : "no";
193 }
194
195 static void ccs_addprintf(char *buffer, int len, const char *fmt, ...)
196 {
197 va_list args;
198 const int pos = strlen(buffer);
199 va_start(args, fmt);
200 vsnprintf(buffer + pos, len - pos - 1, fmt, args);
201 va_end(args);
202 }
203
204 /**
205 * ccs_flush - Flush queued string to userspace's buffer.
206 *
207 * @head: Pointer to "struct ccs_io_buffer".
208 *
209 * Returns true if all data was flushed, false otherwise.
210 */
211 static bool ccs_flush(struct ccs_io_buffer *head)
212 {
213 while (head->r.w_pos) {
214 const char *w = head->r.w[0];
215 int len = strlen(w);
216 if (len) {
217 if (len > head->read_user_buf_avail)
218 len = head->read_user_buf_avail;
219 if (!len)
220 return false;
221 if (copy_to_user(head->read_user_buf, w, len))
222 return false;
223 head->read_user_buf_avail -= len;
224 head->read_user_buf += len;
225 w += len;
226 }
227 if (*w) {
228 head->r.w[0] = w;
229 return false;
230 }
231 /* Add '\0' for audit logs and query. */
232 if (head->poll) {
233 if (!head->read_user_buf_avail ||
234 copy_to_user(head->read_user_buf, "", 1))
235 return false;
236 head->read_user_buf_avail--;
237 head->read_user_buf++;
238 }
239 head->r.w_pos--;
240 for (len = 0; len < head->r.w_pos; len++)
241 head->r.w[len] = head->r.w[len + 1];
242 }
243 head->r.avail = 0;
244 return true;
245 }
246
247 /**
248 * ccs_set_string - Queue string to "struct ccs_io_buffer" structure.
249 *
250 * @head: Pointer to "struct ccs_io_buffer".
251 * @string: String to print.
252 *
253 * Note that @string has to be kept valid until @head is kfree()d.
254 * This means that char[] allocated on stack memory cannot be passed to
255 * this function. Use ccs_io_printf() for char[] allocated on stack memory.
256 */
257 static void ccs_set_string(struct ccs_io_buffer *head, const char *string)
258 {
259 if (head->r.w_pos < CCS_MAX_IO_READ_QUEUE) {
260 head->r.w[head->r.w_pos++] = string;
261 ccs_flush(head);
262 } else
263 printk(KERN_WARNING "Too many words in a line.\n");
264 }
265
266 /**
267 * ccs_io_printf - printf() to "struct ccs_io_buffer" structure.
268 *
269 * @head: Pointer to "struct ccs_io_buffer".
270 * @fmt: The printf()'s format string, followed by parameters.
271 */
272 void ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...)
273 {
274 va_list args;
275 int len;
276 int pos = head->r.avail;
277 int size = head->readbuf_size - pos;
278 if (size <= 0)
279 return;
280 va_start(args, fmt);
281 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
282 va_end(args);
283 if (pos + len >= head->readbuf_size) {
284 printk(KERN_WARNING "Too many words in a line.\n");
285 return;
286 }
287 head->r.avail += len;
288 ccs_set_string(head, head->read_buf + pos);
289 }
290
291 static void ccs_set_space(struct ccs_io_buffer *head)
292 {
293 ccs_set_string(head, " ");
294 }
295
296 static bool ccs_set_lf(struct ccs_io_buffer *head)
297 {
298 ccs_set_string(head, "\n");
299 return !head->r.w_pos;
300 }
301
302 /**
303 * ccs_assign_profile - Create a new profile.
304 *
305 * @profile: Profile number to create.
306 *
307 * Returns pointer to "struct ccs_profile" on success, NULL otherwise.
308 */
309 static struct ccs_profile *ccs_assign_profile(const unsigned int profile)
310 {
311 struct ccs_profile *ptr;
312 struct ccs_profile *entry;
313 if (profile >= CCS_MAX_PROFILES)
314 return NULL;
315 ptr = ccs_profile_ptr[profile];
316 if (ptr)
317 return ptr;
318 entry = kzalloc(sizeof(*entry), CCS_GFP_FLAGS);
319 if (mutex_lock_interruptible(&ccs_policy_lock))
320 goto out;
321 ptr = ccs_profile_ptr[profile];
322 if (!ptr && ccs_memory_ok(entry, sizeof(*entry))) {
323 ptr = entry;
324 ptr->default_config = CCS_CONFIG_DISABLED |
325 CCS_CONFIG_VERBOSE |
326 CCS_CONFIG_WANT_GRANT_LOG | CCS_CONFIG_WANT_REJECT_LOG;
327 memset(ptr->config, CCS_CONFIG_USE_DEFAULT,
328 sizeof(ptr->config));
329 mb(); /* Avoid out-of-order execution. */
330 ccs_profile_ptr[profile] = ptr;
331 entry = NULL;
332 }
333 mutex_unlock(&ccs_policy_lock);
334 out:
335 kfree(entry);
336 return ptr;
337 }
338
339 /**
340 * ccs_check_profile - Check all profiles currently assigned to domains are defined.
341 */
342 static void ccs_check_profile(void)
343 {
344 struct ccs_domain_info *domain;
345 const int idx = ccs_read_lock();
346 ccs_policy_loaded = true;
347 list_for_each_entry_rcu(domain, &ccs_domain_list, list) {
348 const u8 profile = domain->profile;
349 if (ccs_profile_ptr[profile])
350 continue;
351 panic("Profile %u (used by '%s') not defined.\n",
352 profile, domain->domainname->name);
353 }
354 ccs_read_unlock(idx);
355 if (ccs_profile_version != 20090903)
356 panic("Profile version %u is not supported.\n",
357 ccs_profile_version);
358 printk(KERN_INFO "CCSecurity: 1.8.0-pre 2010/08/01\n");
359 printk(KERN_INFO "Mandatory Access Control activated.\n");
360 }
361
362 /**
363 * ccs_profile - Find a profile.
364 *
365 * @profile: Profile number to find.
366 *
367 * Returns pointer to "struct ccs_profile".
368 */
369 struct ccs_profile *ccs_profile(const u8 profile)
370 {
371 struct ccs_profile *ptr = ccs_profile_ptr[profile];
372 if (!ccs_policy_loaded)
373 return &ccs_default_profile;
374 BUG_ON(!ptr);
375 return ptr;
376 }
377
378 static s8 ccs_find_yesno(const char *string, const char *find)
379 {
380 const char *cp = strstr(string, find);
381 if (cp) {
382 cp += strlen(find);
383 if (!strncmp(cp, "=yes", 4))
384 return 1;
385 else if (!strncmp(cp, "=no", 3))
386 return 0;
387 }
388 return -1;
389 }
390
391 static void ccs_set_bool(bool *b, const char *string, const char *find)
392 {
393 switch (ccs_find_yesno(string, find)) {
394 case 1:
395 *b = true;
396 break;
397 case 0:
398 *b = false;
399 break;
400 }
401 }
402
403 static void ccs_set_uint(unsigned int *i, const char *string, const char *find)
404 {
405 const char *cp = strstr(string, find);
406 if (cp)
407 sscanf(cp + strlen(find), "=%u", i);
408 }
409
410 static void ccs_set_pref(const char *name, const char *value,
411 struct ccs_profile *profile)
412 {
413 if (!strcmp(name, "audit")) {
414 #ifdef CONFIG_CCSECURITY_AUDIT
415 ccs_set_uint(&profile->preference.audit_max_grant_log, value,
416 "max_grant_log");
417 ccs_set_uint(&profile->preference.audit_max_reject_log, value,
418 "max_reject_log");
419 #endif
420 ccs_set_bool(&profile->preference.audit_task_info, value,
421 "task_info");
422 ccs_set_bool(&profile->preference.audit_path_info, value,
423 "path_info");
424 return;
425 }
426 if (!strcmp(name, "enforcing")) {
427 ccs_set_uint(&profile->preference.enforcing_penalty, value,
428 "penalty");
429 return;
430 }
431 if (!strcmp(name, "learning")) {
432 ccs_set_uint(&profile->preference.learning_max_entry, value,
433 "max_entry");
434 ccs_set_bool(&profile->preference.learning_exec_realpath,
435 value, "exec.realpath");
436 ccs_set_bool(&profile->preference.learning_exec_argv0, value,
437 "exec.argv0");
438 ccs_set_bool(&profile->preference.learning_symlink_target,
439 value, "symlink.target");
440 return;
441 }
442 }
443
444 static int ccs_set_mode(char *name, const char *value,
445 struct ccs_profile *profile)
446 {
447 u8 i;
448 u8 config;
449 if (!strcmp(name, "CONFIG")) {
450 i = CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
451 + CCS_MAX_MAC_CATEGORY_INDEX;
452 config = profile->default_config;
453 } else if (ccs_str_starts(&name, "CONFIG::")) {
454 config = 0;
455 for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
456 + CCS_MAX_MAC_CATEGORY_INDEX; i++) {
457 if (strcmp(name, ccs_mac_keywords[i]))
458 continue;
459 config = profile->config[i];
460 break;
461 }
462 if (i == CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
463 + CCS_MAX_MAC_CATEGORY_INDEX)
464 return -EINVAL;
465 } else {
466 return -EINVAL;
467 }
468 if (strstr(value, "use_default")) {
469 config = CCS_CONFIG_USE_DEFAULT;
470 } else {
471 u8 mode;
472 for (mode = 0; mode < CCS_CONFIG_MAX_MODE; mode++)
473 if (strstr(value, ccs_mode[mode]))
474 /*
475 * Update lower 3 bits in order to distinguish
476 * 'config' from 'CCS_CONFIG_USE_DEAFULT'.
477 */
478 config = (config & ~7) | mode;
479 if (config != CCS_CONFIG_USE_DEFAULT) {
480 switch (ccs_find_yesno(value, "verbose")) {
481 case 1:
482 config |= CCS_CONFIG_VERBOSE;
483 break;
484 case 0:
485 config &= ~CCS_CONFIG_VERBOSE;
486 break;
487 }
488 #ifdef CONFIG_CCSECURITY_AUDIT
489 switch (ccs_find_yesno(value, "grant_log")) {
490 case 1:
491 config |= CCS_CONFIG_WANT_GRANT_LOG;
492 break;
493 case 0:
494 config &= ~CCS_CONFIG_WANT_GRANT_LOG;
495 break;
496 }
497 switch (ccs_find_yesno(value, "reject_log")) {
498 case 1:
499 config |= CCS_CONFIG_WANT_REJECT_LOG;
500 break;
501 case 0:
502 config &= ~CCS_CONFIG_WANT_REJECT_LOG;
503 break;
504 }
505 #endif
506 }
507 }
508 if (i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
509 + CCS_MAX_MAC_CATEGORY_INDEX)
510 profile->config[i] = config;
511 else if (config != CCS_CONFIG_USE_DEFAULT)
512 profile->default_config = config;
513 return 0;
514 }
515
516 /**
517 * ccs_write_profile - Write profile table.
518 *
519 * @head: Pointer to "struct ccs_io_buffer".
520 *
521 * Returns 0 on success, negative value otherwise.
522 */
523 static int ccs_write_profile(struct ccs_io_buffer *head)
524 {
525 char *data = head->write_buf;
526 unsigned int i;
527 char *cp;
528 struct ccs_profile *profile;
529 if (sscanf(data, "PROFILE_VERSION=%u", &ccs_profile_version) == 1)
530 return 0;
531 i = simple_strtoul(data, &cp, 10);
532 if (*cp != '-')
533 return -EINVAL;
534 data = cp + 1;
535 profile = ccs_assign_profile(i);
536 if (!profile)
537 return -EINVAL;
538 cp = strchr(data, '=');
539 if (!cp)
540 return -EINVAL;
541 *cp++ = '\0';
542 if (ccs_str_starts(&data, "PREFERENCE::")) {
543 ccs_set_pref(data, cp, profile);
544 return 0;
545 }
546 if (!strcmp(data, "COMMENT")) {
547 const struct ccs_path_info *old_comment = profile->comment;
548 profile->comment = ccs_get_name(cp);
549 ccs_put_name(old_comment);
550 return 0;
551 }
552 return ccs_set_mode(data, cp, profile);
553 }
554
555 static void ccs_print_preference(struct ccs_io_buffer *head, const int index)
556 {
557 struct ccs_profile *profile = ccs_profile_ptr[index];
558 struct ccs_preference *pref = &profile->preference;
559 ccs_io_printf(head, "%u-PREFERENCE::%s={ "
560 #ifdef CONFIG_CCSECURITY_AUDIT
561 "max_grant_log=%u max_reject_log=%u "
562 #endif
563 "task_info=%s path_info=%s }\n", index,
564 "audit",
565 #ifdef CONFIG_CCSECURITY_AUDIT
566 pref->audit_max_grant_log,
567 pref->audit_max_reject_log,
568 #endif
569 ccs_yesno(pref->audit_task_info),
570 ccs_yesno(pref->audit_path_info));
571 ccs_io_printf(head, "%u-PREFERENCE::%s={ "
572 "max_entry=%u exec.realpath=%s "
573 "exec.argv0=%s symlink.target=%s }\n",
574 index, "learning",
575 pref->learning_max_entry,
576 ccs_yesno(pref->learning_exec_realpath),
577 ccs_yesno(pref->learning_exec_argv0),
578 ccs_yesno(pref->learning_symlink_target));
579 ccs_io_printf(head, "%u-PREFERENCE::%s={ penalty=%u }\n", index,
580 "enforcing", pref->enforcing_penalty);
581 }
582
583 static void ccs_print_config(struct ccs_io_buffer *head, const u8 config)
584 {
585 ccs_io_printf(head, "={ mode=%s verbose=%s", ccs_mode[config & 3],
586 ccs_yesno(config & CCS_CONFIG_VERBOSE));
587 #ifdef CONFIG_CCSECURITY_AUDIT
588 ccs_io_printf(head, " grant_log=%s reject_log=%s",
589 ccs_yesno(config & CCS_CONFIG_WANT_GRANT_LOG),
590 ccs_yesno(config & CCS_CONFIG_WANT_REJECT_LOG));
591 #endif
592 ccs_set_string(head, " }\n");
593 }
594
595 /**
596 * ccs_read_profile - Read profile table.
597 *
598 * @head: Pointer to "struct ccs_io_buffer".
599 */
600 static void ccs_read_profile(struct ccs_io_buffer *head)
601 {
602 u8 index;
603 const struct ccs_profile *profile;
604 next:
605 index = head->r.index;
606 profile = ccs_profile_ptr[index];
607 switch (head->r.step) {
608 case 0:
609 ccs_io_printf(head, "PROFILE_VERSION=%s\n", "20090903");
610 head->r.step++;
611 break;
612 case 1:
613 for ( ; head->r.index < CCS_MAX_PROFILES;
614 head->r.index++)
615 if (ccs_profile_ptr[head->r.index])
616 break;
617 if (head->r.index == CCS_MAX_PROFILES)
618 return;
619 head->r.step++;
620 break;
621 case 2:
622 {
623 const struct ccs_path_info *comment = profile->comment;
624 ccs_io_printf(head, "%u-COMMENT=", index);
625 ccs_set_string(head, comment ? comment->name : "");
626 ccs_set_lf(head);
627 head->r.step++;
628 }
629 break;
630 case 3:
631 {
632 ccs_io_printf(head, "%u-%s", index, "CONFIG");
633 ccs_print_config(head, profile->default_config);
634 head->r.bit = 0;
635 head->r.step++;
636 }
637 break;
638 case 4:
639 for ( ; head->r.bit < CCS_MAX_MAC_INDEX
640 + CCS_MAX_CAPABILITY_INDEX
641 + CCS_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
642 const u8 i = head->r.bit;
643 const u8 config = profile->config[i];
644 if (config == CCS_CONFIG_USE_DEFAULT)
645 continue;
646 ccs_io_printf(head, "%u-%s%s", index, "CONFIG::",
647 ccs_mac_keywords[i]);
648 ccs_print_config(head, config);
649 head->r.bit++;
650 break;
651 }
652 if (head->r.bit == CCS_MAX_MAC_INDEX
653 + CCS_MAX_CAPABILITY_INDEX
654 + CCS_MAX_MAC_CATEGORY_INDEX) {
655 ccs_print_preference(head, index);
656 head->r.index++;
657 head->r.step = 1;
658 }
659 break;
660 }
661 if (ccs_flush(head))
662 goto next;
663 }
664
665 static bool ccs_same_manager(const struct ccs_acl_head *a,
666 const struct ccs_acl_head *b)
667 {
668 return container_of(a, struct ccs_manager, head)->manager
669 == container_of(b, struct ccs_manager, head)->manager;
670 }
671
672 /**
673 * ccs_update_manager_entry - Add a manager entry.
674 *
675 * @manager: The path to manager or the domainnamme.
676 * @is_delete: True if it is a delete request.
677 *
678 * Returns 0 on success, negative value otherwise.
679 */
680 static int ccs_update_manager_entry(const char *manager, const bool is_delete)
681 {
682 struct ccs_manager e = { };
683 int error = is_delete ? -ENOENT : -ENOMEM;
684 if (ccs_domain_def(manager)) {
685 if (!ccs_correct_domain(manager))
686 return -EINVAL;
687 e.is_domain = true;
688 } else {
689 if (!ccs_correct_path(manager))
690 return -EINVAL;
691 }
692 e.manager = ccs_get_name(manager);
693 if (!e.manager)
694 return error;
695 error = ccs_update_policy(&e.head, sizeof(e), is_delete,
696 &ccs_policy_list[CCS_ID_MANAGER],
697 ccs_same_manager);
698 ccs_put_name(e.manager);
699 return error;
700 }
701
702 /**
703 * ccs_write_manager - Write manager policy.
704 *
705 * @head: Pointer to "struct ccs_io_buffer".
706 *
707 * Returns 0 on success, negative value otherwise.
708 */
709 static int ccs_write_manager(struct ccs_io_buffer *head)
710 {
711 char *data = head->write_buf;
712 bool is_delete = ccs_str_starts(&data, CCS_KEYWORD_DELETE);
713 if (!strcmp(data, "manage_by_non_root")) {
714 ccs_manage_by_non_root = !is_delete;
715 return 0;
716 }
717 return ccs_update_manager_entry(data, is_delete);
718 }
719
720 /**
721 * ccs_read_manager - Read manager policy.
722 *
723 * @head: Pointer to "struct ccs_io_buffer".
724 *
725 * Caller holds ccs_read_lock().
726 */
727 static void ccs_read_manager(struct ccs_io_buffer *head)
728 {
729 if (head->r.eof)
730 return;
731 list_for_each_cookie(head->r.acl, &ccs_policy_list[CCS_ID_MANAGER]) {
732 struct ccs_manager *ptr =
733 list_entry(head->r.acl, typeof(*ptr), head.list);
734 if (ptr->head.is_deleted)
735 continue;
736 if (!ccs_flush(head))
737 return;
738 ccs_set_string(head, ptr->manager->name);
739 ccs_set_lf(head);
740 }
741 head->r.eof = true;
742 }
743
744 /**
745 * ccs_manager - Check whether the current process is a policy manager.
746 *
747 * Returns true if the current process is permitted to modify policy
748 * via /proc/ccs/ interface.
749 *
750 * Caller holds ccs_read_lock().
751 */
752 static bool ccs_manager(void)
753 {
754 struct ccs_manager *ptr;
755 const char *exe;
756 struct task_struct *task = current;
757 const struct ccs_path_info *domainname
758 = ccs_current_domain()->domainname;
759 bool found = false;
760 if (!ccs_policy_loaded)
761 return true;
762 if (task->ccs_flags & CCS_TASK_IS_MANAGER)
763 return true;
764 if (!ccs_manage_by_non_root && (current_uid() || current_euid()))
765 return false;
766 exe = ccs_get_exe();
767 list_for_each_entry_rcu(ptr, &ccs_policy_list[CCS_ID_MANAGER],
768 head.list) {
769 if (ptr->head.is_deleted)
770 continue;
771 if (ptr->is_domain) {
772 if (ccs_pathcmp(domainname, ptr->manager))
773 continue;
774 } else {
775 if (!exe || strcmp(exe, ptr->manager->name))
776 continue;
777 }
778 /* Set manager flag. */
779 task->ccs_flags |= CCS_TASK_IS_MANAGER;
780 found = true;
781 break;
782 }
783 if (!found) { /* Reduce error messages. */
784 static pid_t ccs_last_pid;
785 const pid_t pid = current->pid;
786 if (ccs_last_pid != pid) {
787 printk(KERN_WARNING "%s ( %s ) is not permitted to "
788 "update policies.\n", domainname->name, exe);
789 ccs_last_pid = pid;
790 }
791 }
792 kfree(exe);
793 return found;
794 }
795
796 /**
797 * ccs_find_condition_part - Find condition part from the statement.
798 *
799 * @data: String to parse.
800 *
801 * Returns pointer to the condition part if it was found in the statement,
802 * NULL otherwise.
803 */
804 static char *ccs_find_condition_part(char *data)
805 {
806 char *cp = strstr(data, " if ");
807 if (cp) {
808 while (1) {
809 char *cp2 = strstr(cp + 3, " if ");
810 if (!cp2)
811 break;
812 cp = cp2;
813 }
814 *cp = '\0';
815 cp += 4;
816 }
817 return cp;
818 }
819
820 /**
821 * ccs_select_one - Parse select command.
822 *
823 * @head: Pointer to "struct ccs_io_buffer".
824 * @data: String to parse.
825 *
826 * Returns true on success, false otherwise.
827 *
828 * Caller holds ccs_read_lock().
829 */
830 static bool ccs_select_one(struct ccs_io_buffer *head, const char *data)
831 {
832 unsigned int pid;
833 struct ccs_domain_info *domain = NULL;
834 bool global_pid = false;
835 if (!strcmp(data, "execute")) {
836 head->r.print_execute_only = true;
837 return true;
838 }
839 if (sscanf(data, "pid=%u", &pid) == 1 ||
840 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
841 struct task_struct *p;
842 ccs_tasklist_lock();
843 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
844 if (global_pid)
845 p = ccsecurity_exports.find_task_by_pid_ns(pid,
846 &init_pid_ns);
847 else
848 p = ccsecurity_exports.find_task_by_vpid(pid);
849 #else
850 p = find_task_by_pid(pid);
851 #endif
852 if (p)
853 domain = ccs_task_domain(p);
854 ccs_tasklist_unlock();
855 } else if (!strncmp(data, "domain=", 7)) {
856 if (ccs_domain_def(data + 7))
857 domain = ccs_find_domain(data + 7);
858 } else
859 return false;
860 head->w.domain = domain;
861 /* Accessing read_buf is safe because head->io_sem is held. */
862 if (!head->read_buf)
863 return true; /* Do nothing if open(O_WRONLY). */
864 memset(&head->r, 0, sizeof(head->r));
865 head->r.print_this_domain_only = true;
866 if (domain)
867 head->r.domain = &domain->list;
868 else
869 head->r.eof = true;
870 ccs_io_printf(head, "# select %s\n", data);
871 if (domain && domain->is_deleted)
872 ccs_set_string(head, "# This is a deleted domain.\n");
873 return true;
874 }
875
876 static bool ccs_same_handler_acl(const struct ccs_acl_info *a,
877 const struct ccs_acl_info *b)
878 {
879 const struct ccs_handler_acl *p1 = container_of(a, typeof(*p1), head);
880 const struct ccs_handler_acl *p2 = container_of(b, typeof(*p2), head);
881 return ccs_same_acl_head(&p1->head, &p2->head) &&
882 p1->handler == p2->handler;
883 }
884
885 static bool ccs_same_task_acl(const struct ccs_acl_info *a,
886 const struct ccs_acl_info *b)
887 {
888 const struct ccs_task_acl *p1 = container_of(a, typeof(*p1), head);
889 const struct ccs_task_acl *p2 = container_of(b, typeof(*p2), head);
890 return ccs_same_acl_head(&p1->head, &p2->head) &&
891 p1->domainname == p2->domainname;
892 }
893
894 /**
895 * ccs_write_task - Update task related list.
896 *
897 * @data: String to parse.
898 * @domain: Pointer to "struct ccs_domain_info".
899 * @condition: Pointer to "struct ccs_condition". Maybe NULL.
900 * @is_delete: True if it is a delete request.
901 *
902 * Returns 0 on success, negative value otherwise.
903 */
904 static int ccs_write_task(char *data, struct ccs_domain_info *domain,
905 struct ccs_condition *condition,
906 const bool is_delete)
907 {
908 int error;
909 const bool is_auto = ccs_str_starts(&data, "auto_domain_transition ");
910 if (!is_auto && !ccs_str_starts(&data, "manual_domain_transition ")) {
911 struct ccs_handler_acl e = {
912 .head.cond = condition,
913 };
914 if (ccs_str_starts(&data, "auto_execute_handler "))
915 e.head.type = CCS_TYPE_AUTO_EXECUTE_HANDLER;
916 else if (ccs_str_starts(&data, "denied_execute_handler "))
917 e.head.type = CCS_TYPE_DENIED_EXECUTE_HANDLER;
918 else
919 return -EINVAL;
920 if (!ccs_correct_path(data))
921 return -EINVAL;
922 e.handler = ccs_get_name(data);
923 if (!e.handler)
924 return -ENOMEM;
925 if (e.handler->is_patterned)
926 error = -EINVAL; /* No patterns allowed. */
927 else
928 error = ccs_update_domain(&e.head, sizeof(e),
929 is_delete, domain,
930 ccs_same_handler_acl, NULL);
931 ccs_put_name(e.handler);
932 } else {
933 struct ccs_task_acl e = {
934 .head.type = is_auto ?
935 CCS_TYPE_AUTO_TASK_ACL : CCS_TYPE_MANUAL_TASK_ACL,
936 .head.cond = condition,
937 };
938 if (!ccs_correct_domain(data))
939 return -EINVAL;
940 e.domainname = ccs_get_name(data);
941 if (!e.domainname)
942 return -ENOMEM;
943 error = ccs_update_domain(&e.head, sizeof(e), is_delete,
944 domain, ccs_same_task_acl, NULL);
945 ccs_put_name(e.domainname);
946 }
947 return error;
948 }
949
950 static int ccs_write_domain2(char *data, struct ccs_domain_info *domain,
951 const bool is_delete)
952 {
953 static const struct {
954 const char *keyword;
955 int (*write) (char *, struct ccs_domain_info *,
956 struct ccs_condition *, const bool);
957 } ccs_callback[7] = {
958 { "file ", ccs_write_file },
959 { "network inet ", ccs_write_inet_network },
960 { "network unix ", ccs_write_unix_network },
961 { "misc ", ccs_write_misc },
962 { "capability ", ccs_write_capability },
963 { "ipc ", ccs_write_ipc },
964 { "task ", ccs_write_task },
965 };
966 int error = -EINVAL;
967 u8 i;
968 struct ccs_condition *cond = NULL;
969 char *cp = ccs_find_condition_part(data);
970 if (cp) {
971 cond = ccs_get_condition(cp);
972 if (!cond)
973 return -EINVAL;
974 }
975 for (i = 0; i < 7; i++) {
976 if (!ccs_str_starts(&data, ccs_callback[i].keyword))
977 continue;
978 error = ccs_callback[i].write(data, domain, cond, is_delete);
979 break;
980 }
981 if (cond)
982 ccs_put_condition(cond);
983 return error;
984 }
985
986 static const char *ccs_dif[CCS_MAX_DOMAIN_INFO_FLAGS] = {
987 [CCS_DIF_QUOTA_WARNED] = CCS_KEYWORD_QUOTA_EXCEEDED "\n",
988 [CCS_DIF_TRANSITION_FAILED] = CCS_KEYWORD_TRANSITION_FAILED "\n"
989 };
990
991 /**
992 * ccs_write_domain - Write domain policy.
993 *
994 * @head: Pointer to "struct ccs_io_buffer".
995 *
996 * Returns 0 on success, negative value otherwise.
997 */
998 static int ccs_write_domain(struct ccs_io_buffer *head)
999 {
1000 char *data = head->write_buf;
1001 struct ccs_domain_info *domain = head->w.domain;
1002 bool is_delete = false;
1003 bool is_select = false;
1004 unsigned int profile;
1005 if (ccs_str_starts(&data, CCS_KEYWORD_DELETE))
1006 is_delete = true;
1007 else if (ccs_str_starts(&data, CCS_KEYWORD_SELECT))
1008 is_select = true;
1009 if (is_select && ccs_select_one(head, data))
1010 return 0;
1011 /* Don't allow updating policies by non manager programs. */
1012 if (!ccs_manager())
1013 return -EPERM;
1014 if (ccs_domain_def(data)) {
1015 domain = NULL;
1016 if (is_delete)
1017 ccs_delete_domain(data);
1018 else if (is_select)
1019 domain = ccs_find_domain(data);
1020 else
1021 domain = ccs_assign_domain(data, 0, 0, false);
1022 head->w.domain = domain;
1023 return 0;
1024 }
1025 if (!domain)
1026 return -EINVAL;
1027
1028 if (sscanf(data, CCS_KEYWORD_USE_PROFILE "%u", &profile) == 1
1029 && profile < CCS_MAX_PROFILES) {
1030 if (!ccs_policy_loaded || ccs_profile_ptr[(u8) profile])
1031 domain->profile = (u8) profile;
1032 return 0;
1033 }
1034 if (sscanf(data, CCS_KEYWORD_USE_GROUP "%u", &profile) == 1
1035 && profile < CCS_MAX_ACL_GROUPS) {
1036 domain->group = (u8) profile;
1037 return 0;
1038 }
1039 for (profile = 0; profile < CCS_MAX_DOMAIN_INFO_FLAGS; profile++) {
1040 const char *cp = ccs_dif[profile];
1041 if (strncmp(data, cp, strlen(cp) - 1))
1042 continue;
1043 domain->flags[profile] = !is_delete;
1044 return 0;
1045 }
1046 return ccs_write_domain2(data, domain, is_delete);
1047 }
1048
1049 /**
1050 * ccs_print_name_union - Print a ccs_name_union.
1051 *
1052 * @head: Pointer to "struct ccs_io_buffer".
1053 * @ptr: Pointer to "struct ccs_name_union".
1054 */
1055 static void ccs_print_name_union(struct ccs_io_buffer *head,
1056 const struct ccs_name_union *ptr)
1057 {
1058 const bool cond = head->r.print_cond_part;
1059 if (!cond)
1060 ccs_set_space(head);
1061 if (ptr->is_group) {
1062 ccs_set_string(head, "@");
1063 ccs_set_string(head, ptr->group->group_name->name);
1064 } else {
1065 if (cond)
1066 ccs_set_string(head, "\"");
1067 ccs_set_string(head, ptr->filename->name);
1068 if (cond)
1069 ccs_set_string(head, "\"");
1070 }
1071 }
1072
1073 /**
1074 * ccs_print_number_union - Print a ccs_number_union.
1075 *
1076 * @head: Pointer to "struct ccs_io_buffer".
1077 * @ptr: Pointer to "struct ccs_number_union".
1078 */
1079 static void ccs_print_number_union(struct ccs_io_buffer *head,
1080 const struct ccs_number_union *ptr)
1081 {
1082 if (!head->r.print_cond_part)
1083 ccs_set_space(head);
1084 if (ptr->is_group) {
1085 ccs_set_string(head, "@");
1086 ccs_set_string(head, ptr->group->group_name->name);
1087 } else {
1088 int i;
1089 unsigned long min = ptr->values[0];
1090 const unsigned long max = ptr->values[1];
1091 u8 min_type = ptr->value_type[0];
1092 const u8 max_type = ptr->value_type[1];
1093 char buffer[128];
1094 buffer[0] = '\0';
1095 for (i = 0; i < 2; i++) {
1096 switch (min_type) {
1097 case CCS_VALUE_TYPE_HEXADECIMAL:
1098 ccs_addprintf(buffer, sizeof(buffer), "0x%lX",
1099 min);
1100 break;
1101 case CCS_VALUE_TYPE_OCTAL:
1102 ccs_addprintf(buffer, sizeof(buffer), "0%lo",
1103 min);
1104 break;
1105 default:
1106 ccs_addprintf(buffer, sizeof(buffer), "%lu",
1107 min);
1108 break;
1109 }
1110 if (min == max && min_type == max_type)
1111 break;
1112 ccs_addprintf(buffer, sizeof(buffer), "-");
1113 min_type = max_type;
1114 min = max;
1115 }
1116 ccs_io_printf(head, "%s", buffer);
1117 }
1118 }
1119
1120 /**
1121 * ccs_print_condition - Print condition part.
1122 *
1123 * @head: Pointer to "struct ccs_io_buffer".
1124 * @cond: Pointer to "struct ccs_condition".
1125 *
1126 * Returns true on success, false otherwise.
1127 */
1128 static bool ccs_print_condition(struct ccs_io_buffer *head,
1129 const struct ccs_condition *cond)
1130 {
1131 switch (head->r.cond_step) {
1132 case 0:
1133 {
1134 ccs_set_string(head, " if");
1135 head->r.cond_index = 0;
1136 head->r.cond_step++;
1137 }
1138 /* fall through */
1139 case 1:
1140 {
1141 const u16 condc = cond->condc;
1142 const struct ccs_condition_element *condp =
1143 (typeof(condp)) (cond + 1);
1144 const struct ccs_number_union *numbers_p =
1145 (typeof(numbers_p)) (condp + condc);
1146 const struct ccs_name_union *names_p =
1147 (typeof(names_p))
1148 (numbers_p + cond->numbers_count);
1149 const struct ccs_argv *argv =
1150 (typeof(argv)) (names_p + cond->names_count);
1151 const struct ccs_envp *envp =
1152 (typeof(envp)) (argv + cond->argc);
1153 u16 skip;
1154 for (skip = 0; skip < head->r.cond_index; skip++) {
1155 const u8 left = condp->left;
1156 const u8 right = condp->right;
1157 condp++;
1158 switch (left) {
1159 case CCS_ARGV_ENTRY:
1160 argv++;
1161 continue;
1162 case CCS_ENVP_ENTRY:
1163 envp++;
1164 continue;
1165 case CCS_NUMBER_UNION:
1166 numbers_p++;
1167 break;
1168 }
1169 switch (right) {
1170 case CCS_NAME_UNION:
1171 names_p++;
1172 break;
1173 case CCS_NUMBER_UNION:
1174 numbers_p++;
1175 break;
1176 }
1177 }
1178 while (head->r.cond_index < condc) {
1179 const u8 match = condp->equals;
1180 const u8 left = condp->left;
1181 const u8 right = condp->right;
1182 if (!ccs_flush(head))
1183 return false;
1184 condp++;
1185 head->r.cond_index++;
1186 ccs_set_space(head);
1187 switch (left) {
1188 case CCS_ARGV_ENTRY:
1189 ccs_io_printf(head,
1190 "exec.argv[%u]%s\"%s\"",
1191 argv->index,
1192 argv->is_not ?
1193 "!=" : "=",
1194 argv->value->name);
1195 argv++;
1196 continue;
1197 case CCS_ENVP_ENTRY:
1198 ccs_io_printf(head,
1199 "exec.envp[\"%s\"]%s",
1200 envp->name->name,
1201 envp->is_not ?
1202 "!=" : "=");
1203 if (envp->value) {
1204 ccs_set_string(head, "\"");
1205 ccs_set_string(head, envp->
1206 value->name);
1207 ccs_set_string(head, "\"");
1208 } else {
1209 ccs_set_string(head, "NULL");
1210 }
1211 envp++;
1212 continue;
1213 case CCS_NUMBER_UNION:
1214 ccs_print_number_union(head,
1215 numbers_p++);
1216 break;
1217 default:
1218 ccs_set_string(head,
1219 ccs_condition_keyword[left]);
1220 break;
1221 }
1222 ccs_set_string(head, match ? "=" : "!=");
1223 switch (right) {
1224 case CCS_NAME_UNION:
1225 ccs_print_name_union(head, names_p++);
1226 break;
1227 case CCS_NUMBER_UNION:
1228 ccs_print_number_union(head,
1229 numbers_p++);
1230 break;
1231 default:
1232 ccs_set_string(head,
1233 ccs_condition_keyword[right]);
1234 break;
1235 }
1236 }
1237 }
1238 head->r.cond_step++;
1239 /* fall through */
1240 case 2:
1241 if (!ccs_flush(head))
1242 break;
1243 head->r.cond_step++;
1244 /* fall through */
1245 case 3:
1246 if (cond->audit)
1247 ccs_io_printf(head, " audit=%s",
1248 ccs_yesno(cond->audit == 2));
1249 if (cond->transit) {
1250 ccs_set_string(head, " auto_domain_transitition=\"");
1251 ccs_set_string(head, cond->transit->name);
1252 ccs_set_string(head, "\"");
1253 }
1254 ccs_set_lf(head);
1255 return true;
1256 }
1257 return false;
1258 }
1259
1260 /**
1261 * ccs_fns - Find next set bit.
1262 *
1263 * @perm: 8 bits value.
1264 * @bit: First bit to find.
1265 *
1266 * Returns next set bit on success, 8 otherwise.
1267 */
1268 static u8 ccs_fns(const u8 perm, u8 bit)
1269 {
1270 for ( ; bit < 8; bit++)
1271 if (perm & (1 << bit))
1272 break;
1273 return bit;
1274 }
1275
1276 static void ccs_set_group(struct ccs_io_buffer *head)
1277 {
1278 if (head->type == CCS_EXCEPTIONPOLICY)
1279 ccs_io_printf(head, "acl_group %u ", head->r.group_index);
1280 }
1281
1282 /**
1283 * ccs_print_entry - Print an ACL entry.
1284 *
1285 * @head: Pointer to "struct ccs_io_buffer".
1286 * @acl: Pointer to an ACL entry.
1287 *
1288 * Returns true on success, false otherwise.
1289 */
1290 static bool ccs_print_entry(struct ccs_io_buffer *head,
1291 const struct ccs_acl_info *acl)
1292 {
1293 const u8 acl_type = acl->type;
1294 u8 bit;
1295 if (head->r.print_cond_part)
1296 goto print_cond_part;
1297 if (acl->is_deleted)
1298 return true;
1299 next:
1300 bit = head->r.bit;
1301 if (!ccs_flush(head))
1302 return false;
1303 else if (acl_type == CCS_TYPE_PATH_ACL) {
1304 struct ccs_path_acl *ptr
1305 = container_of(acl, typeof(*ptr), head);
1306 const u16 perm = ptr->perm;
1307 for ( ; bit < CCS_MAX_PATH_OPERATION; bit++) {
1308 if (!(perm & (1 << bit)))
1309 continue;
1310 if (head->r.print_execute_only &&
1311 bit != CCS_TYPE_EXECUTE
1312 /* && bit != CCS_TYPE_TRANSIT */)
1313 continue;
1314 break;
1315 }
1316 if (bit >= CCS_MAX_PATH_OPERATION)
1317 goto done;
1318 ccs_set_group(head);
1319 ccs_set_string(head, "file ");
1320 ccs_set_string(head, ccs_path_keyword[bit]);
1321 ccs_print_name_union(head, &ptr->name);
1322 } else if (acl_type == CCS_TYPE_AUTO_EXECUTE_HANDLER ||
1323 acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) {
1324 struct ccs_handler_acl *ptr
1325 = container_of(acl, typeof(*ptr), head);
1326 ccs_set_group(head);
1327 ccs_set_string(head, "task ");
1328 ccs_set_string(head, acl_type == CCS_TYPE_AUTO_EXECUTE_HANDLER
1329 ? "auto_execute_handler " :
1330 "denied_execute_handler ");
1331 ccs_set_string(head, ptr->handler->name);
1332 } else if (acl_type == CCS_TYPE_AUTO_TASK_ACL ||
1333 acl_type == CCS_TYPE_MANUAL_TASK_ACL) {
1334 struct ccs_task_acl *ptr =
1335 container_of(acl, typeof(*ptr), head);
1336 ccs_set_group(head);
1337 ccs_set_string(head, "task ");
1338 ccs_set_string(head, acl_type == CCS_TYPE_AUTO_TASK_ACL ?
1339 "auto_domain_transition " :
1340 "manual_domain_transition ");
1341 ccs_set_string(head, ptr->domainname->name);
1342 } else if (head->r.print_execute_only) {
1343 return true;
1344 } else if (acl_type == CCS_TYPE_MKDEV_ACL) {
1345 struct ccs_mkdev_acl *ptr =
1346 container_of(acl, typeof(*ptr), head);
1347 bit = ccs_fns(ptr->perm, bit);
1348 if (bit >= CCS_MAX_MKDEV_OPERATION)
1349 goto done;
1350 ccs_set_group(head);
1351 ccs_set_string(head, "file ");
1352 ccs_set_string(head, ccs_mkdev_keyword[bit]);
1353 ccs_print_name_union(head, &ptr->name);
1354 ccs_print_number_union(head, &ptr->mode);
1355 ccs_print_number_union(head, &ptr->major);
1356 ccs_print_number_union(head, &ptr->minor);
1357 } else if (acl_type == CCS_TYPE_PATH2_ACL) {
1358 struct ccs_path2_acl *ptr =
1359 container_of(acl, typeof(*ptr), head);
1360 bit = ccs_fns(ptr->perm, bit);
1361 if (bit >= CCS_MAX_PATH2_OPERATION)
1362 goto done;
1363 ccs_set_group(head);
1364 ccs_set_string(head, "file ");
1365 ccs_set_string(head, ccs_path2_keyword[bit]);
1366 ccs_print_name_union(head, &ptr->name1);
1367 ccs_print_name_union(head, &ptr->name2);
1368 } else if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) {
1369 struct ccs_path_number_acl *ptr =
1370 container_of(acl, typeof(*ptr), head);
1371 bit = ccs_fns(ptr->perm, bit);
1372 if (bit >= CCS_MAX_PATH_NUMBER_OPERATION)
1373 goto done;
1374 ccs_set_group(head);
1375 ccs_set_string(head, "file ");
1376 ccs_set_string(head, ccs_path_number_keyword[bit]);
1377 ccs_print_name_union(head, &ptr->name);
1378 ccs_print_number_union(head, &ptr->number);
1379 } else if (acl_type == CCS_TYPE_ENV_ACL) {
1380 struct ccs_env_acl *ptr =
1381 container_of(acl, typeof(*ptr), head);
1382 ccs_set_group(head);
1383 ccs_set_string(head, "misc env ");
1384 ccs_set_string(head, ptr->env->name);
1385 } else if (acl_type == CCS_TYPE_CAPABILITY_ACL) {
1386 struct ccs_capability_acl *ptr =
1387 container_of(acl, typeof(*ptr), head);
1388 ccs_set_group(head);
1389 ccs_set_string(head, "capability ");
1390 ccs_set_string(head, ccs_cap2keyword(ptr->operation));
1391 } else if (acl_type == CCS_TYPE_INET_ACL) {
1392 struct ccs_inet_acl *ptr =
1393 container_of(acl, typeof(*ptr), head);
1394 bit = ccs_fns(ptr->perm, bit);
1395 if (bit >= CCS_MAX_NETWORK_OPERATION)
1396 goto done;
1397 ccs_set_group(head);
1398 ccs_set_string(head, "network inet ");
1399 ccs_set_string(head, ccs_inet_keyword[ptr->protocol]);
1400 ccs_set_space(head);
1401 ccs_set_string(head, ccs_net_keyword[bit]);
1402 ccs_set_space(head);
1403 switch (ptr->address_type) {
1404 char buf[128];
1405 case CCS_IP_ADDRESS_TYPE_ADDRESS_GROUP:
1406 ccs_set_string(head, "@");
1407 ccs_set_string(head,
1408 ptr->address.group->group_name->name);
1409 break;
1410 case CCS_IP_ADDRESS_TYPE_IPv4:
1411 ccs_print_ipv4(buf, sizeof(buf), ptr->address.ipv4.min,
1412 ptr->address.ipv4.max);
1413 ccs_io_printf(head, "%s", buf);
1414 break;
1415 case CCS_IP_ADDRESS_TYPE_IPv6:
1416 ccs_print_ipv6(buf, sizeof(buf), ptr->address.ipv6.min,
1417 ptr->address.ipv6.max);
1418 ccs_io_printf(head, "%s", buf);
1419 break;
1420 }
1421 ccs_print_number_union(head, &ptr->port);
1422 } else if (acl_type == CCS_TYPE_UNIX_ACL) {
1423 struct ccs_unix_acl *ptr =
1424 container_of(acl, typeof(*ptr), head);
1425 bit = ccs_fns(ptr->perm, bit);
1426 if (bit >= CCS_MAX_NETWORK_OPERATION)
1427 goto done;
1428 ccs_set_group(head);
1429 ccs_set_string(head, "network unix ");
1430 ccs_set_string(head, ccs_unix_keyword[ptr->protocol]);
1431 ccs_set_space(head);
1432 ccs_set_string(head, ccs_net_keyword[bit]);
1433 ccs_print_name_union(head, &ptr->name);
1434 } else if (acl_type == CCS_TYPE_SIGNAL_ACL) {
1435 struct ccs_signal_acl *ptr =
1436 container_of(acl, typeof(*ptr), head);
1437 ccs_set_group(head);
1438 ccs_set_string(head, "ipc signal ");
1439 ccs_io_printf(head, "%u ", ptr->sig);
1440 ccs_set_string(head, ptr->domainname->name);
1441 } else if (acl_type == CCS_TYPE_MOUNT_ACL) {
1442 struct ccs_mount_acl *ptr =
1443 container_of(acl, typeof(*ptr), head);
1444 ccs_set_group(head);
1445 ccs_io_printf(head, "file mount");
1446 ccs_print_name_union(head, &ptr->dev_name);
1447 ccs_print_name_union(head, &ptr->dir_name);
1448 ccs_print_name_union(head, &ptr->fs_type);
1449 ccs_print_number_union(head, &ptr->flags);
1450 }
1451 head->r.bit = bit + 1;
1452 if (acl->cond) {
1453 head->r.print_cond_part = true;
1454 head->r.cond_step = 0;
1455 if (!ccs_flush(head))
1456 return false;
1457 print_cond_part:
1458 if (!ccs_print_condition(head, acl->cond))
1459 return false;
1460 head->r.print_cond_part = false;
1461 } else {
1462 ccs_set_lf(head);
1463 }
1464 switch (acl_type) {
1465 case CCS_TYPE_PATH_ACL:
1466 case CCS_TYPE_MKDEV_ACL:
1467 case CCS_TYPE_PATH2_ACL:
1468 case CCS_TYPE_PATH_NUMBER_ACL:
1469 case CCS_TYPE_INET_ACL:
1470 case CCS_TYPE_UNIX_ACL:
1471 goto next;
1472 }
1473 done:
1474 head->r.bit = 0;
1475 return true;
1476 }
1477
1478 /**
1479 * ccs_read_domain2 - Read domain policy.
1480 *
1481 * @head: Pointer to "struct ccs_io_buffer".
1482 * @domain: Pointer to "struct ccs_domain_info".
1483 * @index: Index number.
1484 *
1485 * Caller holds ccs_read_lock().
1486 *
1487 * Returns true on success, false otherwise.
1488 */
1489 static bool ccs_read_domain2(struct ccs_io_buffer *head,
1490 struct ccs_domain_info *domain,
1491 const u8 index)
1492 {
1493 list_for_each_cookie(head->r.acl, &domain->acl_info_list[index]) {
1494 struct ccs_acl_info *ptr =
1495 list_entry(head->r.acl, typeof(*ptr), list);
1496 if (!ccs_print_entry(head, ptr))
1497 return false;
1498 }
1499 head->r.acl = NULL;
1500 return true;
1501 }
1502
1503 /**
1504 * ccs_read_domain - Read domain policy.
1505 *
1506 * @head: Pointer to "struct ccs_io_buffer".
1507 *
1508 * Caller holds ccs_read_lock().
1509 */
1510 static void ccs_read_domain(struct ccs_io_buffer *head)
1511 {
1512 if (head->r.eof)
1513 return;
1514 list_for_each_cookie(head->r.domain, &ccs_domain_list) {
1515 struct ccs_domain_info *domain =
1516 list_entry(head->r.domain, typeof(*domain), list);
1517 switch (head->r.step) {
1518 u8 i;
1519 case 0:
1520 if (domain->is_deleted &&
1521 !head->r.print_this_domain_only)
1522 continue;
1523 /* Print domainname and flags. */
1524 ccs_set_string(head, domain->domainname->name);
1525 ccs_set_lf(head);
1526 ccs_io_printf(head, CCS_KEYWORD_USE_PROFILE "%u\n",
1527 domain->profile);
1528 ccs_io_printf(head, CCS_KEYWORD_USE_GROUP "%u\n",
1529 domain->group);
1530 for (i = 0; i < CCS_MAX_DOMAIN_INFO_FLAGS; i++)
1531 if (domain->flags[i])
1532 ccs_set_string(head, ccs_dif[i]);
1533 head->r.step++;
1534 ccs_set_lf(head);
1535 /* fall through */
1536 case 1:
1537 if (!ccs_read_domain2(head, domain, 0))
1538 return;
1539 head->r.step++;
1540 /* fall through */
1541 case 2:
1542 if (!ccs_read_domain2(head, domain, 1))
1543 return;
1544 head->r.step++;
1545 if (!ccs_set_lf(head))
1546 return;
1547 /* fall through */
1548 case 3:
1549 head->r.step = 0;
1550 if (head->r.print_this_domain_only)
1551 goto done;
1552 }
1553 }
1554 done:
1555 head->r.eof = true;
1556 }
1557
1558 /**
1559 * ccs_write_domain_profile - Assign profile for specified domain.
1560 *
1561 * @head: Pointer to "struct ccs_io_buffer".
1562 *
1563 * Returns 0 on success, -EINVAL otherwise.
1564 *
1565 * This is equivalent to doing
1566 *
1567 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1568 * /usr/sbin/ccs-loadpolicy -d
1569 *
1570 * Caller holds ccs_read_lock().
1571 */
1572 static int ccs_write_domain_profile(struct ccs_io_buffer *head)
1573 {
1574 char *data = head->write_buf;
1575 char *cp = strchr(data, ' ');
1576 struct ccs_domain_info *domain;
1577 unsigned int profile;
1578 if (!cp)
1579 return -EINVAL;
1580 *cp = '\0';
1581 profile = simple_strtoul(data, NULL, 10);
1582 if (profile >= CCS_MAX_PROFILES)
1583 return -EINVAL;
1584 domain = ccs_find_domain(cp + 1);
1585 if (domain && (!ccs_policy_loaded || ccs_profile_ptr[(u8) profile]))
1586 domain->profile = (u8) profile;
1587 return 0;
1588 }
1589
1590 /**
1591 * ccs_read_domain_profile - Read only domainname and profile.
1592 *
1593 * @head: Pointer to "struct ccs_io_buffer".
1594 *
1595 * This is equivalent to doing
1596 *
1597 * grep -A 1 '^<kernel>' /proc/ccs/domain_policy |
1598 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1599 * domainname = $0; } else if ( $1 == "use_profile" ) {
1600 * print $2 " " domainname; domainname = ""; } } ; '
1601 *
1602 * Caller holds ccs_read_lock().
1603 */
1604 static void ccs_read_domain_profile(struct ccs_io_buffer *head)
1605 {
1606 if (head->r.eof)
1607 return;
1608 list_for_each_cookie(head->r.domain, &ccs_domain_list) {
1609 struct ccs_domain_info *domain =
1610 list_entry(head->r.domain, typeof(*domain), list);
1611 if (domain->is_deleted)
1612 continue;
1613 if (!ccs_flush(head))
1614 return;
1615 ccs_io_printf(head, "%u ", domain->profile);
1616 ccs_set_string(head, domain->domainname->name);
1617 ccs_set_lf(head);
1618 }
1619 head->r.eof = true;
1620 }
1621
1622 /**
1623 * ccs_write_pid: Specify PID to obtain domainname.
1624 *
1625 * @head: Pointer to "struct ccs_io_buffer".
1626 *
1627 * Returns 0.
1628 */
1629 static int ccs_write_pid(struct ccs_io_buffer *head)
1630 {
1631 head->r.eof = false;
1632 return 0;
1633 }
1634
1635 /**
1636 * ccs_read_pid - Read information of a process.
1637 *
1638 * @head: Pointer to "struct ccs_io_buffer".
1639 *
1640 * Returns the domainname which the specified PID is in or
1641 * process information of the specified PID on success,
1642 * empty string otherwise.
1643 *
1644 * Caller holds ccs_read_lock().
1645 */
1646 static void ccs_read_pid(struct ccs_io_buffer *head)
1647 {
1648 char *buf = head->write_buf;
1649 bool task_info = false;
1650 bool global_pid = false;
1651 unsigned int pid;
1652 struct task_struct *p;
1653 struct ccs_domain_info *domain = NULL;
1654 u32 ccs_flags = 0;
1655 /* Accessing write_buf is safe because head->io_sem is held. */
1656 if (!buf) {
1657 head->r.eof = true;
1658 return; /* Do nothing if open(O_RDONLY). */
1659 }
1660 if (head->r.w_pos || head->r.eof)
1661 return;
1662 head->r.eof = true;
1663 if (ccs_str_starts(&buf, "info "))
1664 task_info = true;
1665 if (ccs_str_starts(&buf, "global-pid "))
1666 global_pid = true;
1667 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1668 ccs_tasklist_lock();
1669 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
1670 if (global_pid)
1671 p = ccsecurity_exports.find_task_by_pid_ns(pid, &init_pid_ns);
1672 else
1673 p = ccsecurity_exports.find_task_by_vpid(pid);
1674 #else
1675 p = find_task_by_pid(pid);
1676 #endif
1677 if (p) {
1678 domain = ccs_task_domain(p);
1679 ccs_flags = p->ccs_flags;
1680 }
1681 ccs_tasklist_unlock();
1682 if (!domain)
1683 return;
1684 if (!task_info) {
1685 ccs_io_printf(head, "%u %u ", pid, domain->profile);
1686 ccs_set_string(head, domain->domainname->name);
1687 } else {
1688 ccs_io_printf(head, "%u manager=%s execute_handler=%s ", pid,
1689 ccs_yesno(ccs_flags &
1690 CCS_TASK_IS_MANAGER),
1691 ccs_yesno(ccs_flags &
1692 CCS_TASK_IS_EXECUTE_HANDLER));
1693 }
1694 }
1695
1696 static const char *ccs_transition_type[CCS_MAX_TRANSITION_TYPE] = {
1697 [CCS_TRANSITION_CONTROL_NO_INITIALIZE]
1698 = CCS_KEYWORD_NO_INITIALIZE_DOMAIN,
1699 [CCS_TRANSITION_CONTROL_INITIALIZE] = CCS_KEYWORD_INITIALIZE_DOMAIN,
1700 [CCS_TRANSITION_CONTROL_NO_KEEP] = CCS_KEYWORD_NO_KEEP_DOMAIN,
1701 [CCS_TRANSITION_CONTROL_KEEP] = CCS_KEYWORD_KEEP_DOMAIN
1702 };
1703
1704 static const char *ccs_group_name[CCS_MAX_GROUP] = {
1705 [CCS_PATH_GROUP] = CCS_KEYWORD_PATH_GROUP,
1706 [CCS_NUMBER_GROUP] = CCS_KEYWORD_NUMBER_GROUP,
1707 [CCS_ADDRESS_GROUP] = CCS_KEYWORD_ADDRESS_GROUP
1708 };
1709
1710 /**
1711 * ccs_write_exception - Write exception policy.
1712 *
1713 * @head: Pointer to "struct ccs_io_buffer".
1714 *
1715 * Returns 0 on success, negative value otherwise.
1716 */
1717 static int ccs_write_exception(struct ccs_io_buffer *head)
1718 {
1719 char *data = head->write_buf;
1720 const bool is_delete = ccs_str_starts(&data, CCS_KEYWORD_DELETE);
1721 u8 i;
1722 static const struct {
1723 const char *keyword;
1724 int (*write) (char *, const bool);
1725 } ccs_callback[3] = {
1726 { CCS_KEYWORD_AGGREGATOR, ccs_write_aggregator },
1727 { CCS_KEYWORD_FILE_PATTERN, ccs_write_pattern },
1728 { CCS_KEYWORD_DENY_AUTOBIND, ccs_write_reserved_port }
1729 };
1730 for (i = 0; i < 3; i++)
1731 if (ccs_str_starts(&data, ccs_callback[i].keyword))
1732 return ccs_callback[i].write(data, is_delete);
1733 for (i = 0; i < CCS_MAX_TRANSITION_TYPE; i++)
1734 if (ccs_str_starts(&data, ccs_transition_type[i]))
1735 return ccs_write_transition_control(data, is_delete,
1736 i);
1737 for (i = 0; i < CCS_MAX_GROUP; i++)
1738 if (ccs_str_starts(&data, ccs_group_name[i]))
1739 return ccs_write_group(data, is_delete, i);
1740 if (ccs_str_starts(&data, "acl_group ")) {
1741 unsigned int group;
1742 if (sscanf(data, "%u", &group) == 1 &&
1743 group < CCS_MAX_ACL_GROUPS) {
1744 data = strchr(data, ' ');
1745 if (data)
1746 return ccs_write_domain2(data + 1,
1747 &ccs_acl_group[group],
1748 is_delete);
1749 }
1750 }
1751 return -EINVAL;
1752 }
1753
1754 /**
1755 * ccs_read_group - Read "struct ccs_path_group"/"struct ccs_number_group"/"struct ccs_address_group" list.
1756 *
1757 * @head: Pointer to "struct ccs_io_buffer".
1758 * @idx: Index number.
1759 *
1760 * Returns true on success, false otherwise.
1761 *
1762 * Caller holds ccs_read_lock().
1763 */
1764 static bool ccs_read_group(struct ccs_io_buffer *head, const int idx)
1765 {
1766 list_for_each_cookie(head->r.group, &ccs_group_list[idx]) {
1767 struct ccs_group *group =
1768 list_entry(head->r.group, typeof(*group), head.list);
1769 list_for_each_cookie(head->r.acl, &group->member_list) {
1770 struct ccs_acl_head *ptr =
1771 list_entry(head->r.acl, typeof(*ptr), list);
1772 if (ptr->is_deleted)
1773 continue;
1774 if (!ccs_flush(head))
1775 return false;
1776 ccs_set_string(head, ccs_group_name[idx]);
1777 ccs_set_string(head, group->group_name->name);
1778 if (idx == CCS_PATH_GROUP) {
1779 ccs_set_space(head);
1780 ccs_set_string(head, container_of
1781 (ptr, struct ccs_path_group,
1782 head)->member_name->name);
1783 } else if (idx == CCS_NUMBER_GROUP) {
1784 ccs_print_number_union(head, &container_of
1785 (ptr, struct ccs_number_group,
1786 head)->number);
1787 } else if (idx == CCS_ADDRESS_GROUP) {
1788 char buffer[128];
1789 struct ccs_address_group *member =
1790 container_of(ptr, typeof(*member),
1791 head);
1792 if (member->is_ipv6)
1793 ccs_print_ipv6(buffer, sizeof(buffer),
1794 member->min.ipv6,
1795 member->max.ipv6);
1796 else
1797 ccs_print_ipv4(buffer, sizeof(buffer),
1798 member->min.ipv4,
1799 member->max.ipv4);
1800 ccs_io_printf(head, " %s", buffer);
1801 }
1802 ccs_set_lf(head);
1803 }
1804 head->r.acl = NULL;
1805 }
1806 head->r.group = NULL;
1807 return true;
1808 }
1809
1810 /**
1811 * ccs_read_policy - Read "struct ccs_..._entry" list.
1812 *
1813 * @head: Pointer to "struct ccs_io_buffer".
1814 * @idx: Index number.
1815 *
1816 * Returns true on success, false otherwise.
1817 *
1818 * Caller holds ccs_read_lock().
1819 */
1820 static bool ccs_read_policy(struct ccs_io_buffer *head, const int idx)
1821 {
1822 list_for_each_cookie(head->r.acl, &ccs_policy_list[idx]) {
1823 struct ccs_acl_head *acl =
1824 container_of(head->r.acl, typeof(*acl), list);
1825 if (acl->is_deleted)
1826 continue;
1827 if (!ccs_flush(head))
1828 return false;
1829 switch (idx) {
1830 case CCS_ID_TRANSITION_CONTROL:
1831 {
1832 struct ccs_transition_control *ptr =
1833 container_of(acl, typeof(*ptr), head);
1834 ccs_set_string(head,
1835 ccs_transition_type[ptr->type]);
1836 ccs_set_string(head, ptr->program ?
1837 ptr->program->name : "any");
1838 ccs_set_string(head, " from ");
1839 ccs_set_string(head, ptr->domainname ?
1840 ptr->domainname->name : "any");
1841 }
1842 break;
1843 case CCS_ID_AGGREGATOR:
1844 {
1845 struct ccs_aggregator *ptr =
1846 container_of(acl, typeof(*ptr), head);
1847 ccs_set_string(head, CCS_KEYWORD_AGGREGATOR);
1848 ccs_set_string(head, ptr->original_name->name);
1849 ccs_set_space(head);
1850 ccs_set_string(head,
1851 ptr->aggregated_name->name);
1852 }
1853 break;
1854 case CCS_ID_PATTERN:
1855 {
1856 struct ccs_pattern *ptr =
1857 container_of(acl, typeof(*ptr), head);
1858 ccs_set_string(head, CCS_KEYWORD_FILE_PATTERN);
1859 ccs_set_string(head, ptr->pattern->name);
1860 }
1861 break;
1862 case CCS_ID_RESERVEDPORT:
1863 {
1864 struct ccs_reserved *ptr =
1865 container_of(acl, typeof(*ptr), head);
1866 const u16 min_port = ptr->min_port;
1867 const u16 max_port = ptr->max_port;
1868 ccs_set_string(head,
1869 CCS_KEYWORD_DENY_AUTOBIND);
1870 ccs_io_printf(head, "%u", min_port);
1871 if (min_port != max_port)
1872 ccs_io_printf(head, "-%u", max_port);
1873 }
1874 break;
1875 default:
1876 continue;
1877 }
1878 ccs_set_lf(head);
1879 }
1880 head->r.acl = NULL;
1881 return true;
1882 }
1883
1884 /**
1885 * ccs_read_exception - Read exception policy.
1886 *
1887 * @head: Pointer to "struct ccs_io_buffer".
1888 *
1889 * Caller holds ccs_read_lock().
1890 */
1891 static void ccs_read_exception(struct ccs_io_buffer *head)
1892 {
1893 if (head->r.eof)
1894 return;
1895 while (head->r.step < CCS_MAX_POLICY &&
1896 ccs_read_policy(head, head->r.step))
1897 head->r.step++;
1898 if (head->r.step < CCS_MAX_POLICY)
1899 return;
1900 while (head->r.step < CCS_MAX_POLICY + CCS_MAX_GROUP &&
1901 ccs_read_group(head, head->r.step - CCS_MAX_POLICY))
1902 head->r.step++;
1903 if (head->r.step < CCS_MAX_POLICY + CCS_MAX_GROUP)
1904 return;
1905 while (head->r.step < CCS_MAX_POLICY + CCS_MAX_GROUP
1906 + CCS_MAX_ACL_GROUPS * 2) {
1907 head->r.group_index = (head->r.step - CCS_MAX_POLICY
1908 - CCS_MAX_GROUP) / 2;
1909 if (!ccs_read_domain2(head,
1910 &ccs_acl_group[head->r.group_index],
1911 head->r.step & 1))
1912 return;
1913 head->r.step++;
1914 }
1915 head->r.eof = true;
1916 }
1917
1918 /* Wait queue for ccs_query_list. */
1919 static DECLARE_WAIT_QUEUE_HEAD(ccs_query_wait);
1920
1921 /* Lock for manipulating ccs_query_list. */
1922 static DEFINE_SPINLOCK(ccs_query_list_lock);
1923
1924 /* Structure for query. */
1925 struct ccs_query {
1926 struct list_head list;
1927 char *query;
1928 int query_len;
1929 unsigned int serial;
1930 int timer;
1931 int answer;
1932 };
1933
1934 /* The list for "struct ccs_query". */
1935 static LIST_HEAD(ccs_query_list);
1936
1937 /* Number of "struct file" referring /proc/ccs/query interface. */
1938 static atomic_t ccs_query_observers = ATOMIC_INIT(0);
1939
1940 static void ccs_truncate(char *str)
1941 {
1942 while (* (unsigned char *) str > (unsigned char) ' ')
1943 str++;
1944 *str = '\0';
1945 }
1946
1947 /**
1948 * ccs_supervisor - Ask for the supervisor's decision.
1949 *
1950 * @r: Pointer to "struct ccs_request_info".
1951 * @fmt: The printf()'s format string, followed by parameters.
1952 *
1953 * Returns 0 if the supervisor decided to permit the access request which
1954 * violated the policy in enforcing mode, CCS_RETRY_REQUEST if the supervisor
1955 * decided to retry the access request which violated the policy in enforcing
1956 * mode, 0 if it is not in enforcing mode, -EPERM otherwise.
1957 */
1958 int ccs_supervisor(struct ccs_request_info *r, const char *fmt, ...)
1959 {
1960 va_list args;
1961 int error = -EPERM;
1962 int pos;
1963 int len;
1964 static unsigned int ccs_serial;
1965 struct ccs_query *entry = NULL;
1966 bool quota_exceeded = false;
1967 char *header;
1968 struct ccs_domain_info * const domain = ccs_current_domain();
1969 va_start(args, fmt);
1970 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 80;
1971 va_end(args);
1972 if (r->mode == CCS_CONFIG_LEARNING) {
1973 char *buffer;
1974 char *realpath = NULL;
1975 char *argv0 = NULL;
1976 char *symlink = NULL;
1977 char *handler = NULL;
1978 const struct ccs_preference *pref;
1979 if (!ccs_domain_quota_ok(r))
1980 return 0;
1981 header = ccs_init_log(&len, r);
1982 if (!header)
1983 return 0;
1984 pref = &ccs_profile(r->profile)->preference;
1985 /* strstr() will return NULL if ordering is wrong. */
1986 if (r->param_type == CCS_TYPE_PATH_ACL &&
1987 r->param.path.operation == CCS_TYPE_EXECUTE) {
1988 if (pref->learning_exec_argv0) {
1989 argv0 = strstr(header, " argv[]={ \"");
1990 if (argv0) {
1991 argv0 += 10;
1992 ccs_truncate(argv0);
1993 }
1994 }
1995 if (pref->learning_exec_realpath) {
1996 realpath = strstr(header,
1997 " exec={ realpath=\"");
1998 if (realpath) {
1999 realpath += 8;
2000 ccs_truncate(realpath);
2001 }
2002 }
2003 } else if (r->param_type == CCS_TYPE_PATH_ACL &&
2004 r->param.path.operation == CCS_TYPE_SYMLINK &&
2005 pref->learning_symlink_target) {
2006 symlink = strstr(header, " symlink.target=\"");
2007 if (symlink)
2008 ccs_truncate(symlink + 1);
2009 }
2010 handler = strstr(header, "type=execute_handler");
2011 if (handler)
2012 ccs_truncate(handler);
2013 buffer = kmalloc(len, CCS_GFP_FLAGS);
2014 if (buffer) {
2015 va_start(args, fmt);
2016 vsnprintf(buffer, len - 1, fmt, args);
2017 va_end(args);
2018 if (handler || realpath || argv0 || symlink) {
2019 ccs_addprintf(buffer, len, " if");
2020 if (handler)
2021 ccs_addprintf(buffer, len, " task.%s",
2022 handler);
2023 if (realpath)
2024 ccs_addprintf(buffer, len, " exec.%s",
2025 realpath);
2026 if (argv0)
2027 ccs_addprintf(buffer, len,
2028 " exec.argv[0]=%s",
2029 argv0);
2030 if (symlink)
2031 ccs_addprintf(buffer, len, "%s",
2032 symlink);
2033 }
2034 ccs_normalize_line(buffer);
2035 ccs_write_domain2(buffer, domain, false);
2036 kfree(buffer);
2037 }
2038 kfree(header);
2039 return 0;
2040 }
2041 if (r->mode != CCS_CONFIG_ENFORCING)
2042 return 0;
2043 if (!atomic_read(&ccs_query_observers)) {
2044 int i;
2045 if (current->ccs_flags & CCS_DONT_SLEEP_ON_ENFORCE_ERROR)
2046 return -EPERM;
2047 for (i = 0; i < ccs_profile(domain->profile)->preference.
2048 enforcing_penalty; i++) {
2049 set_current_state(TASK_INTERRUPTIBLE);
2050 schedule_timeout(HZ / 10);
2051 }
2052 return -EPERM;
2053 }
2054 header = ccs_init_log(&len, r);
2055 if (!header)
2056 goto out;
2057 entry = kzalloc(sizeof(*entry), CCS_GFP_FLAGS);
2058 if (!entry)
2059 goto out;
2060 len = ccs_round2(len);
2061 entry->query = kzalloc(len, CCS_GFP_FLAGS);
2062 if (!entry->query)
2063 goto out;
2064 spin_lock(&ccs_query_list_lock);
2065 if (ccs_quota_for_query && ccs_query_memory_size + len +
2066 sizeof(*entry) >= ccs_quota_for_query) {
2067 quota_exceeded = true;
2068 } else {
2069 ccs_query_memory_size += len + sizeof(*entry);
2070 entry->serial = ccs_serial++;
2071 }
2072 spin_unlock(&ccs_query_list_lock);
2073 if (quota_exceeded)
2074 goto out;
2075 pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s",
2076 entry->serial, r->retry, header);
2077 kfree(header);
2078 header = NULL;
2079 va_start(args, fmt);
2080 vsnprintf(entry->query + pos, len - 1 - pos, fmt, args);
2081 entry->query_len = strlen(entry->query) + 1;
2082 va_end(args);
2083 spin_lock(&ccs_query_list_lock);
2084 list_add_tail(&entry->list, &ccs_query_list);
2085 spin_unlock(&ccs_query_list_lock);
2086 /* Give 10 seconds for supervisor's opinion. */
2087 for (entry->timer = 0;
2088 atomic_read(&ccs_query_observers) && entry->timer < 100;
2089 entry->timer++) {
2090 wake_up(&ccs_query_wait);
2091 set_current_state(TASK_INTERRUPTIBLE);
2092 schedule_timeout(HZ / 10);
2093 if (entry->answer)
2094 break;
2095 }
2096 spin_lock(&ccs_query_list_lock);
2097 list_del(&entry->list);
2098 ccs_query_memory_size -= len + sizeof(*entry);
2099 spin_unlock(&ccs_query_list_lock);
2100 switch (entry->answer) {
2101 case 3: /* Asked to retry by administrator. */
2102 error = CCS_RETRY_REQUEST;
2103 r->retry++;
2104 break;
2105 case 1:
2106 /* Granted by administrator. */
2107 error = 0;
2108 break;
2109 case 0:
2110 /* Timed out. */
2111 break;
2112 default:
2113 /* Rejected by administrator. */
2114 break;
2115 }
2116 out:
2117 if (entry)
2118 kfree(entry->query);
2119 kfree(entry);
2120 kfree(header);
2121 return error;
2122 }
2123
2124 /**
2125 * ccs_poll_query - poll() for /proc/ccs/query.
2126 *
2127 * @file: Pointer to "struct file".
2128 * @wait: Pointer to "poll_table".
2129 *
2130 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
2131 *
2132 * Waits for access requests which violated policy in enforcing mode.
2133 */
2134 static int ccs_poll_query(struct file *file, poll_table *wait)
2135 {
2136 struct list_head *tmp;
2137 bool found = false;
2138 u8 i;
2139 for (i = 0; i < 2; i++) {
2140 spin_lock(&ccs_query_list_lock);
2141 list_for_each(tmp, &ccs_query_list) {
2142 struct ccs_query *ptr =
2143 list_entry(tmp, typeof(*ptr), list);
2144 if (ptr->answer)
2145 continue;
2146 found = true;
2147 break;
2148 }
2149 spin_unlock(&ccs_query_list_lock);
2150 if (found)
2151 return POLLIN | POLLRDNORM;
2152 if (i)
2153 break;
2154 poll_wait(file, &ccs_query_wait, wait);
2155 }
2156 return 0;
2157 }
2158
2159 /**
2160 * ccs_read_query - Read access requests which violated policy in enforcing mode.
2161 *
2162 * @head: Pointer to "struct ccs_io_buffer".
2163 */
2164 static void ccs_read_query(struct ccs_io_buffer *head)
2165 {
2166 struct list_head *tmp;
2167 int pos = 0;
2168 int len = 0;
2169 char *buf;
2170 if (head->r.w_pos)
2171 return;
2172 if (head->read_buf) {
2173 kfree(head->read_buf);
2174 head->read_buf = NULL;
2175 }
2176 spin_lock(&ccs_query_list_lock);
2177 list_for_each(tmp, &ccs_query_list) {
2178 struct ccs_query *ptr = list_entry(tmp, typeof(*ptr), list);
2179 if (ptr->answer)
2180 continue;
2181 if (pos++ != head->r.query_index)
2182 continue;
2183 len = ptr->query_len;
2184 break;
2185 }
2186 spin_unlock(&ccs_query_list_lock);
2187 if (!len) {
2188 head->r.query_index = 0;
2189 return;
2190 }
2191 buf = kzalloc(len, CCS_GFP_FLAGS);
2192 if (!buf)
2193 return;
2194 pos = 0;
2195 spin_lock(&ccs_query_list_lock);
2196 list_for_each(tmp, &ccs_query_list) {
2197 struct ccs_query *ptr = list_entry(tmp, typeof(*ptr), list);
2198 if (ptr->answer)
2199 continue;
2200 if (pos++ != head->r.query_index)
2201 continue;
2202 /*
2203 * Some query can be skipped because ccs_query_list
2204 * can change, but I don't care.
2205 */
2206 if (len == ptr->query_len)
2207 memmove(buf, ptr->query, len);
2208 break;
2209 }
2210 spin_unlock(&ccs_query_list_lock);
2211 if (buf[0]) {
2212 head->read_buf = buf;
2213 head->r.w[head->r.w_pos++] = buf;
2214 head->r.query_index++;
2215 } else {
2216 kfree(buf);
2217 }
2218 }
2219
2220 /**
2221 * ccs_write_answer - Write the supervisor's decision.
2222 *
2223 * @head: Pointer to "struct ccs_io_buffer".
2224 *
2225 * Returns 0 on success, -EINVAL otherwise.
2226 */
2227 static int ccs_write_answer(struct ccs_io_buffer *head)
2228 {
2229 char *data = head->write_buf;
2230 struct list_head *tmp;
2231 unsigned int serial;
2232 unsigned int answer;
2233 spin_lock(&ccs_query_list_lock);
2234 list_for_each(tmp, &ccs_query_list) {
2235 struct ccs_query *ptr = list_entry(tmp, typeof(*ptr), list);
2236 ptr->timer = 0;
2237 }
2238 spin_unlock(&ccs_query_list_lock);
2239 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
2240 return -EINVAL;
2241 spin_lock(&ccs_query_list_lock);
2242 list_for_each(tmp, &ccs_query_list) {
2243 struct ccs_query *ptr = list_entry(tmp, typeof(*ptr), list);
2244 if (ptr->serial != serial)
2245 continue;
2246 if (!ptr->answer)
2247 ptr->answer = answer;
2248 break;
2249 }
2250 spin_unlock(&ccs_query_list_lock);
2251 return 0;
2252 }
2253
2254 /**
2255 * ccs_read_version: Get version.
2256 *
2257 * @head: Pointer to "struct ccs_io_buffer".
2258 */
2259 static void ccs_read_version(struct ccs_io_buffer *head)
2260 {
2261 if (head->r.eof)
2262 return;
2263 ccs_set_string(head, "1.8.0-pre");
2264 head->r.eof = true;
2265 }
2266
2267 /**
2268 * ccs_read_self_domain - Get the current process's domainname.
2269 *
2270 * @head: Pointer to "struct ccs_io_buffer".
2271 */
2272 static void ccs_read_self_domain(struct ccs_io_buffer *head)
2273 {
2274 if (head->r.eof)
2275 return;
2276 /*
2277 * ccs_current_domain()->domainname != NULL because every process
2278 * belongs to a domain and the domain's name cannot be NULL.
2279 */
2280 ccs_io_printf(head, "%s", ccs_current_domain()->domainname->name);
2281 head->r.eof = true;
2282 }
2283
2284 /**
2285 * ccs_open_control - open() for /proc/ccs/ interface.
2286 *
2287 * @type: Type of interface.
2288 * @file: Pointer to "struct file".
2289 *
2290 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
2291 */
2292 int ccs_open_control(const u8 type, struct file *file)
2293 {
2294 struct ccs_io_buffer *head = kzalloc(sizeof(*head), CCS_GFP_FLAGS);
2295 if (!head)
2296 return -ENOMEM;
2297 mutex_init(&head->io_sem);
2298 head->type = type;
2299 switch (type) {
2300 case CCS_DOMAINPOLICY: /* /proc/ccs/domain_policy */
2301 head->write = ccs_write_domain;
2302 head->read = ccs_read_domain;
2303 break;
2304 case CCS_EXCEPTIONPOLICY: /* /proc/ccs/exception_policy */
2305 head->write = ccs_write_exception;
2306 head->read = ccs_read_exception;
2307 break;
2308 #ifdef CONFIG_CCSECURITY_AUDIT
2309 case CCS_GRANTLOG: /* /proc/ccs/grant_log */
2310 case CCS_REJECTLOG: /* /proc/ccs/reject_log */
2311 head->poll = ccs_poll_log;
2312 head->read = ccs_read_log;
2313 break;
2314 #endif
2315 case CCS_SELFDOMAIN: /* /proc/ccs/self_domain */
2316 head->read = ccs_read_self_domain;
2317 break;
2318 case CCS_DOMAIN_STATUS: /* /proc/ccs/.domain_status */
2319 head->write = ccs_write_domain_profile;
2320 head->read = ccs_read_domain_profile;
2321 break;
2322 case CCS_EXECUTE_HANDLER: /* /proc/ccs/.execute_handler */
2323 /* Allow execute_handler to read process's status. */
2324 if (!(current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER)) {
2325 kfree(head);
2326 return -EPERM;
2327 }
2328 /* fall through */
2329 case CCS_PROCESS_STATUS: /* /proc/ccs/.process_status */
2330 head->write = ccs_write_pid;
2331 head->read = ccs_read_pid;
2332 break;
2333 case CCS_VERSION: /* /proc/ccs/version */
2334 head->read = ccs_read_version;
2335 head->readbuf_size = 128;
2336 break;
2337 case CCS_MEMINFO: /* /proc/ccs/meminfo */
2338 head->write = ccs_write_memory_quota;
2339 head->read = ccs_read_memory_counter;
2340 head->readbuf_size = 512;
2341 break;
2342 case CCS_PROFILE: /* /proc/ccs/profile */
2343 head->write = ccs_write_profile;
2344 head->read = ccs_read_profile;
2345 break;
2346 case CCS_QUERY: /* /proc/ccs/query */
2347 head->poll = ccs_poll_query;
2348 head->write = ccs_write_answer;
2349 head->read = ccs_read_query;
2350 break;
2351 case CCS_MANAGER: /* /proc/ccs/manager */
2352 head->write = ccs_write_manager;
2353 head->read = ccs_read_manager;
2354 break;
2355 }
2356 if (!(file->f_mode & FMODE_READ)) {
2357 /*
2358 * No need to allocate read_buf since it is not opened
2359 * for reading.
2360 */
2361 head->read = NULL;
2362 head->poll = NULL;
2363 } else if (!head->poll) {
2364 /* Don't allocate read_buf for poll() access. */
2365 if (!head->readbuf_size)
2366 head->readbuf_size = 4096;
2367 head->read_buf = kzalloc(head->readbuf_size, CCS_GFP_FLAGS);
2368 if (!head->read_buf) {
2369 kfree(head);
2370 return -ENOMEM;
2371 }
2372 }
2373 if (!(file->f_mode & FMODE_WRITE)) {
2374 /*
2375 * No need to allocate write_buf since it is not opened
2376 * for writing.
2377 */
2378 head->write = NULL;
2379 } else if (head->write) {
2380 head->writebuf_size = 4096;
2381 head->write_buf = kzalloc(head->writebuf_size, CCS_GFP_FLAGS);
2382 if (!head->write_buf) {
2383 kfree(head->read_buf);
2384 kfree(head);
2385 return -ENOMEM;
2386 }
2387 }
2388 if (type != CCS_QUERY &&
2389 type != CCS_GRANTLOG && type != CCS_REJECTLOG)
2390 head->reader_idx = ccs_lock();
2391 file->private_data = head;
2392 /*
2393 * Call the handler now if the file is /proc/ccs/self_domain
2394 * so that the user can use "cat < /proc/ccs/self_domain" to
2395 * know the current process's domainname.
2396 */
2397 if (type == CCS_SELFDOMAIN)
2398 ccs_read_control(file, NULL, 0);
2399 /*
2400 * If the file is /proc/ccs/query , increment the observer counter.
2401 * The obserber counter is used by ccs_supervisor() to see if
2402 * there is some process monitoring /proc/ccs/query.
2403 */
2404 else if (type == CCS_QUERY)
2405 atomic_inc(&ccs_query_observers);
2406 return 0;
2407 }
2408
2409 /**
2410 * ccs_poll_control - poll() for /proc/ccs/ interface.
2411 *
2412 * @file: Pointer to "struct file".
2413 * @wait: Pointer to "poll_table".
2414 *
2415 * Waits for read readiness.
2416 * /proc/ccs/query is handled by /usr/sbin/ccs-queryd and
2417 * /proc/ccs/grant_log and /proc/ccs/reject_log are handled by
2418 * /usr/sbin/ccs-auditd .
2419 */
2420 int ccs_poll_control(struct file *file, poll_table *wait)
2421 {
2422 struct ccs_io_buffer *head = file->private_data;
2423 if (!head->poll)
2424 return -ENOSYS;
2425 return head->poll(file, wait);
2426 }
2427
2428 /**
2429 * ccs_read_control - read() for /proc/ccs/ interface.
2430 *
2431 * @file: Pointer to "struct file".
2432 * @buffer: Poiner to buffer to write to.
2433 * @buffer_len: Size of @buffer.
2434 *
2435 * Returns bytes read on success, negative value otherwise.
2436 */
2437 int ccs_read_control(struct file *file, char __user *buffer,
2438 const int buffer_len)
2439 {
2440 int len;
2441 struct ccs_io_buffer *head = file->private_data;
2442 int idx;
2443 if (!head->read)
2444 return -ENOSYS;
2445 if (!access_ok(VERIFY_WRITE, buffer, buffer_len))
2446 return -EFAULT;
2447 if (mutex_lock_interruptible(&head->io_sem))
2448 return -EINTR;
2449 head->read_user_buf = buffer;
2450 head->read_user_buf_avail = buffer_len;
2451 idx = ccs_read_lock();
2452 if (ccs_flush(head))
2453 /* Call the policy handler. */
2454 head->read(head);
2455 ccs_flush(head);
2456 ccs_read_unlock(idx);
2457 len = head->read_user_buf - buffer;
2458 mutex_unlock(&head->io_sem);
2459 return len;
2460 }
2461
2462 /**
2463 * ccs_write_control - write() for /proc/ccs/ interface.
2464 *
2465 * @file: Pointer to "struct file".
2466 * @buffer: Pointer to buffer to read from.
2467 * @buffer_len: Size of @buffer.
2468 *
2469 * Returns @buffer_len on success, negative value otherwise.
2470 */
2471 int ccs_write_control(struct file *file, const char __user *buffer,
2472 const int buffer_len)
2473 {
2474 struct ccs_io_buffer *head = file->private_data;
2475 int error = buffer_len;
2476 int avail_len = buffer_len;
2477 char *cp0 = head->write_buf;
2478 int idx;
2479 if (!head->write)
2480 return -ENOSYS;
2481 if (!access_ok(VERIFY_READ, buffer, buffer_len))
2482 return -EFAULT;
2483 if (mutex_lock_interruptible(&head->io_sem))
2484 return -EINTR;
2485 idx = ccs_read_lock();
2486 /* Don't allow updating policies by non manager programs. */
2487 if (head->write != ccs_write_pid && head->write != ccs_write_domain &&
2488 !ccs_manager()) {
2489 ccs_read_unlock(idx);
2490 mutex_unlock(&head->io_sem);
2491 return -EPERM;
2492 }
2493 /* Read a line and dispatch it to the policy handler. */
2494 while (avail_len > 0) {
2495 char c;
2496 if (head->w.avail >= head->writebuf_size - 1) {
2497 const int len = head->writebuf_size * 2;
2498 char *cp = kzalloc(len, CCS_GFP_FLAGS);
2499 if (!cp) {
2500 error = -ENOMEM;
2501 break;
2502 }
2503 memmove(cp, cp0, head->w.avail);
2504 kfree(cp0);
2505 head->write_buf = cp;
2506 cp0 = cp;
2507 head->writebuf_size = len;
2508 }
2509 if (get_user(c, buffer)) {
2510 error = -EFAULT;
2511 break;
2512 }
2513 buffer++;
2514 avail_len--;
2515 cp0[head->w.avail++] = c;
2516 if (c != '\n')
2517 continue;
2518 cp0[head->w.avail - 1] = '\0';
2519 head->w.avail = 0;
2520 ccs_normalize_line(cp0);
2521 head->write(head);
2522 }
2523 ccs_read_unlock(idx);
2524 mutex_unlock(&head->io_sem);
2525 return error;
2526 }
2527
2528 /**
2529 * ccs_close_control - close() for /proc/ccs/ interface.
2530 *
2531 * @file: Pointer to "struct file".
2532 *
2533 * Releases memory and returns 0.
2534 */
2535 int ccs_close_control(struct file *file)
2536 {
2537 struct ccs_io_buffer *head = file->private_data;
2538 const bool is_write = head->write_buf != NULL;
2539 const u8 type = head->type;
2540 /*
2541 * If the file is /proc/ccs/query , decrement the observer counter.
2542 */
2543 if (type == CCS_QUERY)
2544 atomic_dec(&ccs_query_observers);
2545 if (type != CCS_QUERY &&
2546 type != CCS_GRANTLOG && type != CCS_REJECTLOG)
2547 ccs_unlock(head->reader_idx);
2548 /* Release memory used for policy I/O. */
2549 kfree(head->read_buf);
2550 head->read_buf = NULL;
2551 kfree(head->write_buf);
2552 head->write_buf = NULL;
2553 kfree(head);
2554 head = NULL;
2555 file->private_data = NULL;
2556 if (is_write)
2557 ccs_run_gc();
2558 return 0;
2559 }
2560
2561 void __init ccs_policy_io_init(void)
2562 {
2563 ccsecurity_ops.check_profile = ccs_check_profile;
2564 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ