linux/security/tomoyo/common.c
<<
>>
Prefs
   1/*
   2 * security/tomoyo/common.c
   3 *
   4 * Common functions for TOMOYO.
   5 *
   6 * Copyright (C) 2005-2010  NTT DATA CORPORATION
   7 */
   8
   9#include <linux/uaccess.h>
  10#include <linux/slab.h>
  11#include <linux/security.h>
  12#include "common.h"
  13
  14static struct tomoyo_profile tomoyo_default_profile = {
  15        .learning = &tomoyo_default_profile.preference,
  16        .permissive = &tomoyo_default_profile.preference,
  17        .enforcing = &tomoyo_default_profile.preference,
  18        .preference.enforcing_verbose = true,
  19        .preference.learning_max_entry = 2048,
  20        .preference.learning_verbose = false,
  21        .preference.permissive_verbose = true
  22};
  23
  24/* Profile version. Currently only 20090903 is defined. */
  25static unsigned int tomoyo_profile_version;
  26
  27/* Profile table. Memory is allocated as needed. */
  28static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES];
  29
  30/* String table for functionality that takes 4 modes. */
  31static const char *tomoyo_mode[4] = {
  32        "disabled", "learning", "permissive", "enforcing"
  33};
  34
  35/* String table for /sys/kernel/security/tomoyo/profile */
  36static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
  37                                       + TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
  38        [TOMOYO_MAC_FILE_EXECUTE]    = "file::execute",
  39        [TOMOYO_MAC_FILE_OPEN]       = "file::open",
  40        [TOMOYO_MAC_FILE_CREATE]     = "file::create",
  41        [TOMOYO_MAC_FILE_UNLINK]     = "file::unlink",
  42        [TOMOYO_MAC_FILE_MKDIR]      = "file::mkdir",
  43        [TOMOYO_MAC_FILE_RMDIR]      = "file::rmdir",
  44        [TOMOYO_MAC_FILE_MKFIFO]     = "file::mkfifo",
  45        [TOMOYO_MAC_FILE_MKSOCK]     = "file::mksock",
  46        [TOMOYO_MAC_FILE_TRUNCATE]   = "file::truncate",
  47        [TOMOYO_MAC_FILE_SYMLINK]    = "file::symlink",
  48        [TOMOYO_MAC_FILE_REWRITE]    = "file::rewrite",
  49        [TOMOYO_MAC_FILE_MKBLOCK]    = "file::mkblock",
  50        [TOMOYO_MAC_FILE_MKCHAR]     = "file::mkchar",
  51        [TOMOYO_MAC_FILE_LINK]       = "file::link",
  52        [TOMOYO_MAC_FILE_RENAME]     = "file::rename",
  53        [TOMOYO_MAC_FILE_CHMOD]      = "file::chmod",
  54        [TOMOYO_MAC_FILE_CHOWN]      = "file::chown",
  55        [TOMOYO_MAC_FILE_CHGRP]      = "file::chgrp",
  56        [TOMOYO_MAC_FILE_IOCTL]      = "file::ioctl",
  57        [TOMOYO_MAC_FILE_CHROOT]     = "file::chroot",
  58        [TOMOYO_MAC_FILE_MOUNT]      = "file::mount",
  59        [TOMOYO_MAC_FILE_UMOUNT]     = "file::umount",
  60        [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root",
  61        [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file",
  62};
  63
  64/* Permit policy management by non-root user? */
  65static bool tomoyo_manage_by_non_root;
  66
  67/* Utility functions. */
  68
  69/**
  70 * tomoyo_yesno - Return "yes" or "no".
  71 *
  72 * @value: Bool value.
  73 */
  74static const char *tomoyo_yesno(const unsigned int value)
  75{
  76        return value ? "yes" : "no";
  77}
  78
  79static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...)
  80{
  81        va_list args;
  82        const int pos = strlen(buffer);
  83        va_start(args, fmt);
  84        vsnprintf(buffer + pos, len - pos - 1, fmt, args);
  85        va_end(args);
  86}
  87
  88/**
  89 * tomoyo_flush - Flush queued string to userspace's buffer.
  90 *
  91 * @head:   Pointer to "struct tomoyo_io_buffer".
  92 *
  93 * Returns true if all data was flushed, false otherwise.
  94 */
  95static bool tomoyo_flush(struct tomoyo_io_buffer *head)
  96{
  97        while (head->r.w_pos) {
  98                const char *w = head->r.w[0];
  99                int len = strlen(w);
 100                if (len) {
 101                        if (len > head->read_user_buf_avail)
 102                                len = head->read_user_buf_avail;
 103                        if (!len)
 104                                return false;
 105                        if (copy_to_user(head->read_user_buf, w, len))
 106                                return false;
 107                        head->read_user_buf_avail -= len;
 108                        head->read_user_buf += len;
 109                        w += len;
 110                }
 111                if (*w) {
 112                        head->r.w[0] = w;
 113                        return false;
 114                }
 115                /* Add '\0' for query. */
 116                if (head->poll) {
 117                        if (!head->read_user_buf_avail ||
 118                            copy_to_user(head->read_user_buf, "", 1))
 119                                return false;
 120                        head->read_user_buf_avail--;
 121                        head->read_user_buf++;
 122                }
 123                head->r.w_pos--;
 124                for (len = 0; len < head->r.w_pos; len++)
 125                        head->r.w[len] = head->r.w[len + 1];
 126        }
 127        head->r.avail = 0;
 128        return true;
 129}
 130
 131/**
 132 * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure.
 133 *
 134 * @head:   Pointer to "struct tomoyo_io_buffer".
 135 * @string: String to print.
 136 *
 137 * Note that @string has to be kept valid until @head is kfree()d.
 138 * This means that char[] allocated on stack memory cannot be passed to
 139 * this function. Use tomoyo_io_printf() for char[] allocated on stack memory.
 140 */
 141static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string)
 142{
 143        if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) {
 144                head->r.w[head->r.w_pos++] = string;
 145                tomoyo_flush(head);
 146        } else
 147                WARN_ON(1);
 148}
 149
 150/**
 151 * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure.
 152 *
 153 * @head: Pointer to "struct tomoyo_io_buffer".
 154 * @fmt:  The printf()'s format string, followed by parameters.
 155 */
 156void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
 157{
 158        va_list args;
 159        int len;
 160        int pos = head->r.avail;
 161        int size = head->readbuf_size - pos;
 162        if (size <= 0)
 163                return;
 164        va_start(args, fmt);
 165        len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
 166        va_end(args);
 167        if (pos + len >= head->readbuf_size) {
 168                WARN_ON(1);
 169                return;
 170        }
 171        head->r.avail += len;
 172        tomoyo_set_string(head, head->read_buf + pos);
 173}
 174
 175static void tomoyo_set_space(struct tomoyo_io_buffer *head)
 176{
 177        tomoyo_set_string(head, " ");
 178}
 179
 180static bool tomoyo_set_lf(struct tomoyo_io_buffer *head)
 181{
 182        tomoyo_set_string(head, "\n");
 183        return !head->r.w_pos;
 184}
 185
 186/**
 187 * tomoyo_print_name_union - Print a tomoyo_name_union.
 188 *
 189 * @head: Pointer to "struct tomoyo_io_buffer".
 190 * @ptr:  Pointer to "struct tomoyo_name_union".
 191 */
 192static void tomoyo_print_name_union(struct tomoyo_io_buffer *head,
 193                                    const struct tomoyo_name_union *ptr)
 194{
 195        tomoyo_set_space(head);
 196        if (ptr->is_group) {
 197                tomoyo_set_string(head, "@");
 198                tomoyo_set_string(head, ptr->group->group_name->name);
 199        } else {
 200                tomoyo_set_string(head, ptr->filename->name);
 201        }
 202}
 203
 204/**
 205 * tomoyo_print_number_union - Print a tomoyo_number_union.
 206 *
 207 * @head:       Pointer to "struct tomoyo_io_buffer".
 208 * @ptr:        Pointer to "struct tomoyo_number_union".
 209 */
 210static void tomoyo_print_number_union(struct tomoyo_io_buffer *head,
 211                                      const struct tomoyo_number_union *ptr)
 212{
 213        tomoyo_set_space(head);
 214        if (ptr->is_group) {
 215                tomoyo_set_string(head, "@");
 216                tomoyo_set_string(head, ptr->group->group_name->name);
 217        } else {
 218                int i;
 219                unsigned long min = ptr->values[0];
 220                const unsigned long max = ptr->values[1];
 221                u8 min_type = ptr->min_type;
 222                const u8 max_type = ptr->max_type;
 223                char buffer[128];
 224                buffer[0] = '\0';
 225                for (i = 0; i < 2; i++) {
 226                        switch (min_type) {
 227                        case TOMOYO_VALUE_TYPE_HEXADECIMAL:
 228                                tomoyo_addprintf(buffer, sizeof(buffer),
 229                                                 "0x%lX", min);
 230                                break;
 231                        case TOMOYO_VALUE_TYPE_OCTAL:
 232                                tomoyo_addprintf(buffer, sizeof(buffer),
 233                                                 "0%lo", min);
 234                                break;
 235                        default:
 236                                tomoyo_addprintf(buffer, sizeof(buffer),
 237                                                 "%lu", min);
 238                                break;
 239                        }
 240                        if (min == max && min_type == max_type)
 241                                break;
 242                        tomoyo_addprintf(buffer, sizeof(buffer), "-");
 243                        min_type = max_type;
 244                        min = max;
 245                }
 246                tomoyo_io_printf(head, "%s", buffer);
 247        }
 248}
 249
 250/**
 251 * tomoyo_assign_profile - Create a new profile.
 252 *
 253 * @profile: Profile number to create.
 254 *
 255 * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
 256 */
 257static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile)
 258{
 259        struct tomoyo_profile *ptr;
 260        struct tomoyo_profile *entry;
 261        if (profile >= TOMOYO_MAX_PROFILES)
 262                return NULL;
 263        ptr = tomoyo_profile_ptr[profile];
 264        if (ptr)
 265                return ptr;
 266        entry = kzalloc(sizeof(*entry), GFP_NOFS);
 267        if (mutex_lock_interruptible(&tomoyo_policy_lock))
 268                goto out;
 269        ptr = tomoyo_profile_ptr[profile];
 270        if (!ptr && tomoyo_memory_ok(entry)) {
 271                ptr = entry;
 272                ptr->learning = &tomoyo_default_profile.preference;
 273                ptr->permissive = &tomoyo_default_profile.preference;
 274                ptr->enforcing = &tomoyo_default_profile.preference;
 275                ptr->default_config = TOMOYO_CONFIG_DISABLED;
 276                memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT,
 277                       sizeof(ptr->config));
 278                mb(); /* Avoid out-of-order execution. */
 279                tomoyo_profile_ptr[profile] = ptr;
 280                entry = NULL;
 281        }
 282        mutex_unlock(&tomoyo_policy_lock);
 283 out:
 284        kfree(entry);
 285        return ptr;
 286}
 287
 288/**
 289 * tomoyo_profile - Find a profile.
 290 *
 291 * @profile: Profile number to find.
 292 *
 293 * Returns pointer to "struct tomoyo_profile".
 294 */
 295struct tomoyo_profile *tomoyo_profile(const u8 profile)
 296{
 297        struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile];
 298        if (!tomoyo_policy_loaded)
 299                return &tomoyo_default_profile;
 300        BUG_ON(!ptr);
 301        return ptr;
 302}
 303
 304static s8 tomoyo_find_yesno(const char *string, const char *find)
 305{
 306        const char *cp = strstr(string, find);
 307        if (cp) {
 308                cp += strlen(find);
 309                if (!strncmp(cp, "=yes", 4))
 310                        return 1;
 311                else if (!strncmp(cp, "=no", 3))
 312                        return 0;
 313        }
 314        return -1;
 315}
 316
 317static void tomoyo_set_bool(bool *b, const char *string, const char *find)
 318{
 319        switch (tomoyo_find_yesno(string, find)) {
 320        case 1:
 321                *b = true;
 322                break;
 323        case 0:
 324                *b = false;
 325                break;
 326        }
 327}
 328
 329static void tomoyo_set_uint(unsigned int *i, const char *string,
 330                            const char *find)
 331{
 332        const char *cp = strstr(string, find);
 333        if (cp)
 334                sscanf(cp + strlen(find), "=%u", i);
 335}
 336
 337static void tomoyo_set_pref(const char *name, const char *value,
 338                            const bool use_default,
 339                            struct tomoyo_profile *profile)
 340{
 341        struct tomoyo_preference **pref;
 342        bool *verbose;
 343        if (!strcmp(name, "enforcing")) {
 344                if (use_default) {
 345                        pref = &profile->enforcing;
 346                        goto set_default;
 347                }
 348                profile->enforcing = &profile->preference;
 349                verbose = &profile->preference.enforcing_verbose;
 350                goto set_verbose;
 351        }
 352        if (!strcmp(name, "permissive")) {
 353                if (use_default) {
 354                        pref = &profile->permissive;
 355                        goto set_default;
 356                }
 357                profile->permissive = &profile->preference;
 358                verbose = &profile->preference.permissive_verbose;
 359                goto set_verbose;
 360        }
 361        if (!strcmp(name, "learning")) {
 362                if (use_default) {
 363                        pref = &profile->learning;
 364                        goto set_default;
 365                }
 366                profile->learning = &profile->preference;
 367                tomoyo_set_uint(&profile->preference.learning_max_entry, value,
 368                             "max_entry");
 369                verbose = &profile->preference.learning_verbose;
 370                goto set_verbose;
 371        }
 372        return;
 373 set_default:
 374        *pref = &tomoyo_default_profile.preference;
 375        return;
 376 set_verbose:
 377        tomoyo_set_bool(verbose, value, "verbose");
 378}
 379
 380static int tomoyo_set_mode(char *name, const char *value,
 381                           const bool use_default,
 382                           struct tomoyo_profile *profile)
 383{
 384        u8 i;
 385        u8 config;
 386        if (!strcmp(name, "CONFIG")) {
 387                i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX;
 388                config = profile->default_config;
 389        } else if (tomoyo_str_starts(&name, "CONFIG::")) {
 390                config = 0;
 391                for (i = 0; i < TOMOYO_MAX_MAC_INDEX
 392                             + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) {
 393                        if (strcmp(name, tomoyo_mac_keywords[i]))
 394                                continue;
 395                        config = profile->config[i];
 396                        break;
 397                }
 398                if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
 399                        return -EINVAL;
 400        } else {
 401                return -EINVAL;
 402        }
 403        if (use_default) {
 404                config = TOMOYO_CONFIG_USE_DEFAULT;
 405        } else {
 406                u8 mode;
 407                for (mode = 0; mode < 4; mode++)
 408                        if (strstr(value, tomoyo_mode[mode]))
 409                                /*
 410                                 * Update lower 3 bits in order to distinguish
 411                                 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
 412                                 */
 413                                config = (config & ~7) | mode;
 414        }
 415        if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
 416                profile->config[i] = config;
 417        else if (config != TOMOYO_CONFIG_USE_DEFAULT)
 418                profile->default_config = config;
 419        return 0;
 420}
 421
 422/**
 423 * tomoyo_write_profile - Write profile table.
 424 *
 425 * @head: Pointer to "struct tomoyo_io_buffer".
 426 *
 427 * Returns 0 on success, negative value otherwise.
 428 */
 429static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
 430{
 431        char *data = head->write_buf;
 432        unsigned int i;
 433        bool use_default = false;
 434        char *cp;
 435        struct tomoyo_profile *profile;
 436        if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1)
 437                return 0;
 438        i = simple_strtoul(data, &cp, 10);
 439        if (data == cp) {
 440                profile = &tomoyo_default_profile;
 441        } else {
 442                if (*cp != '-')
 443                        return -EINVAL;
 444                data = cp + 1;
 445                profile = tomoyo_assign_profile(i);
 446                if (!profile)
 447                        return -EINVAL;
 448        }
 449        cp = strchr(data, '=');
 450        if (!cp)
 451                return -EINVAL;
 452        *cp++ = '\0';
 453        if (profile != &tomoyo_default_profile)
 454                use_default = strstr(cp, "use_default") != NULL;
 455        if (tomoyo_str_starts(&data, "PREFERENCE::")) {
 456                tomoyo_set_pref(data, cp, use_default, profile);
 457                return 0;
 458        }
 459        if (profile == &tomoyo_default_profile)
 460                return -EINVAL;
 461        if (!strcmp(data, "COMMENT")) {
 462                const struct tomoyo_path_info *old_comment = profile->comment;
 463                profile->comment = tomoyo_get_name(cp);
 464                tomoyo_put_name(old_comment);
 465                return 0;
 466        }
 467        return tomoyo_set_mode(data, cp, use_default, profile);
 468}
 469
 470static void tomoyo_print_preference(struct tomoyo_io_buffer *head,
 471                                    const int idx)
 472{
 473        struct tomoyo_preference *pref = &tomoyo_default_profile.preference;
 474        const struct tomoyo_profile *profile = idx >= 0 ?
 475                tomoyo_profile_ptr[idx] : NULL;
 476        char buffer[16] = "";
 477        if (profile) {
 478                buffer[sizeof(buffer) - 1] = '\0';
 479                snprintf(buffer, sizeof(buffer) - 1, "%u-", idx);
 480        }
 481        if (profile) {
 482                pref = profile->learning;
 483                if (pref == &tomoyo_default_profile.preference)
 484                        goto skip1;
 485        }
 486        tomoyo_io_printf(head, "%sPREFERENCE::%s={ "
 487                         "verbose=%s max_entry=%u }\n",
 488                         buffer, "learning",
 489                         tomoyo_yesno(pref->learning_verbose),
 490                         pref->learning_max_entry);
 491 skip1:
 492        if (profile) {
 493                pref = profile->permissive;
 494                if (pref == &tomoyo_default_profile.preference)
 495                        goto skip2;
 496        }
 497        tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n",
 498                         buffer, "permissive",
 499                         tomoyo_yesno(pref->permissive_verbose));
 500 skip2:
 501        if (profile) {
 502                pref = profile->enforcing;
 503                if (pref == &tomoyo_default_profile.preference)
 504                        return;
 505        }
 506        tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n",
 507                         buffer, "enforcing",
 508                         tomoyo_yesno(pref->enforcing_verbose));
 509}
 510
 511static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config)
 512{
 513        tomoyo_io_printf(head, "={ mode=%s }\n", tomoyo_mode[config & 3]);
 514}
 515
 516/**
 517 * tomoyo_read_profile - Read profile table.
 518 *
 519 * @head: Pointer to "struct tomoyo_io_buffer".
 520 */
 521static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
 522{
 523        u8 index;
 524        const struct tomoyo_profile *profile;
 525 next:
 526        index = head->r.index;
 527        profile = tomoyo_profile_ptr[index];
 528        switch (head->r.step) {
 529        case 0:
 530                tomoyo_io_printf(head, "PROFILE_VERSION=%s\n", "20090903");
 531                tomoyo_print_preference(head, -1);
 532                head->r.step++;
 533                break;
 534        case 1:
 535                for ( ; head->r.index < TOMOYO_MAX_PROFILES;
 536                      head->r.index++)
 537                        if (tomoyo_profile_ptr[head->r.index])
 538                                break;
 539                if (head->r.index == TOMOYO_MAX_PROFILES)
 540                        return;
 541                head->r.step++;
 542                break;
 543        case 2:
 544                {
 545                        const struct tomoyo_path_info *comment =
 546                                profile->comment;
 547                        tomoyo_io_printf(head, "%u-COMMENT=", index);
 548                        tomoyo_set_string(head, comment ? comment->name : "");
 549                        tomoyo_set_lf(head);
 550                        head->r.step++;
 551                }
 552                break;
 553        case 3:
 554                {
 555                        tomoyo_io_printf(head, "%u-%s", index, "CONFIG");
 556                        tomoyo_print_config(head, profile->default_config);
 557                        head->r.bit = 0;
 558                        head->r.step++;
 559                }
 560                break;
 561        case 4:
 562                for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX
 563                              + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
 564                        const u8 i = head->r.bit;
 565                        const u8 config = profile->config[i];
 566                        if (config == TOMOYO_CONFIG_USE_DEFAULT)
 567                                continue;
 568                        tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::",
 569                                         tomoyo_mac_keywords[i]);
 570                        tomoyo_print_config(head, config);
 571                        head->r.bit++;
 572                        break;
 573                }
 574                if (head->r.bit == TOMOYO_MAX_MAC_INDEX
 575                    + TOMOYO_MAX_MAC_CATEGORY_INDEX) {
 576                        tomoyo_print_preference(head, index);
 577                        head->r.index++;
 578                        head->r.step = 1;
 579                }
 580                break;
 581        }
 582        if (tomoyo_flush(head))
 583                goto next;
 584}
 585
 586static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
 587                                const struct tomoyo_acl_head *b)
 588{
 589        return container_of(a, struct tomoyo_manager, head)->manager ==
 590                container_of(b, struct tomoyo_manager, head)->manager;
 591}
 592
 593/**
 594 * tomoyo_update_manager_entry - Add a manager entry.
 595 *
 596 * @manager:   The path to manager or the domainnamme.
 597 * @is_delete: True if it is a delete request.
 598 *
 599 * Returns 0 on success, negative value otherwise.
 600 *
 601 * Caller holds tomoyo_read_lock().
 602 */
 603static int tomoyo_update_manager_entry(const char *manager,
 604                                       const bool is_delete)
 605{
 606        struct tomoyo_manager e = { };
 607        int error;
 608
 609        if (tomoyo_domain_def(manager)) {
 610                if (!tomoyo_correct_domain(manager))
 611                        return -EINVAL;
 612                e.is_domain = true;
 613        } else {
 614                if (!tomoyo_correct_path(manager))
 615                        return -EINVAL;
 616        }
 617        e.manager = tomoyo_get_name(manager);
 618        if (!e.manager)
 619                return -ENOMEM;
 620        error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
 621                                     &tomoyo_policy_list[TOMOYO_ID_MANAGER],
 622                                     tomoyo_same_manager);
 623        tomoyo_put_name(e.manager);
 624        return error;
 625}
 626
 627/**
 628 * tomoyo_write_manager - Write manager policy.
 629 *
 630 * @head: Pointer to "struct tomoyo_io_buffer".
 631 *
 632 * Returns 0 on success, negative value otherwise.
 633 *
 634 * Caller holds tomoyo_read_lock().
 635 */
 636static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
 637{
 638        char *data = head->write_buf;
 639        bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
 640
 641        if (!strcmp(data, "manage_by_non_root")) {
 642                tomoyo_manage_by_non_root = !is_delete;
 643                return 0;
 644        }
 645        return tomoyo_update_manager_entry(data, is_delete);
 646}
 647
 648/**
 649 * tomoyo_read_manager - Read manager policy.
 650 *
 651 * @head: Pointer to "struct tomoyo_io_buffer".
 652 *
 653 * Caller holds tomoyo_read_lock().
 654 */
 655static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
 656{
 657        if (head->r.eof)
 658                return;
 659        list_for_each_cookie(head->r.acl,
 660                             &tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
 661                struct tomoyo_manager *ptr =
 662                        list_entry(head->r.acl, typeof(*ptr), head.list);
 663                if (ptr->head.is_deleted)
 664                        continue;
 665                if (!tomoyo_flush(head))
 666                        return;
 667                tomoyo_set_string(head, ptr->manager->name);
 668                tomoyo_set_lf(head);
 669        }
 670        head->r.eof = true;
 671}
 672
 673/**
 674 * tomoyo_manager - Check whether the current process is a policy manager.
 675 *
 676 * Returns true if the current process is permitted to modify policy
 677 * via /sys/kernel/security/tomoyo/ interface.
 678 *
 679 * Caller holds tomoyo_read_lock().
 680 */
 681static bool tomoyo_manager(void)
 682{
 683        struct tomoyo_manager *ptr;
 684        const char *exe;
 685        const struct task_struct *task = current;
 686        const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
 687        bool found = false;
 688
 689        if (!tomoyo_policy_loaded)
 690                return true;
 691        if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
 692                return false;
 693        list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
 694                                head.list) {
 695                if (!ptr->head.is_deleted && ptr->is_domain
 696                    && !tomoyo_pathcmp(domainname, ptr->manager)) {
 697                        found = true;
 698                        break;
 699                }
 700        }
 701        if (found)
 702                return true;
 703        exe = tomoyo_get_exe();
 704        if (!exe)
 705                return false;
 706        list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
 707                                head.list) {
 708                if (!ptr->head.is_deleted && !ptr->is_domain
 709                    && !strcmp(exe, ptr->manager->name)) {
 710                        found = true;
 711                        break;
 712                }
 713        }
 714        if (!found) { /* Reduce error messages. */
 715                static pid_t last_pid;
 716                const pid_t pid = current->pid;
 717                if (last_pid != pid) {
 718                        printk(KERN_WARNING "%s ( %s ) is not permitted to "
 719                               "update policies.\n", domainname->name, exe);
 720                        last_pid = pid;
 721                }
 722        }
 723        kfree(exe);
 724        return found;
 725}
 726
 727/**
 728 * tomoyo_select_one - Parse select command.
 729 *
 730 * @head: Pointer to "struct tomoyo_io_buffer".
 731 * @data: String to parse.
 732 *
 733 * Returns true on success, false otherwise.
 734 *
 735 * Caller holds tomoyo_read_lock().
 736 */
 737static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data)
 738{
 739        unsigned int pid;
 740        struct tomoyo_domain_info *domain = NULL;
 741        bool global_pid = false;
 742
 743        if (!strcmp(data, "allow_execute")) {
 744                head->r.print_execute_only = true;
 745                return true;
 746        }
 747        if (sscanf(data, "pid=%u", &pid) == 1 ||
 748            (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
 749                struct task_struct *p;
 750                rcu_read_lock();
 751                read_lock(&tasklist_lock);
 752                if (global_pid)
 753                        p = find_task_by_pid_ns(pid, &init_pid_ns);
 754                else
 755                        p = find_task_by_vpid(pid);
 756                if (p)
 757                        domain = tomoyo_real_domain(p);
 758                read_unlock(&tasklist_lock);
 759                rcu_read_unlock();
 760        } else if (!strncmp(data, "domain=", 7)) {
 761                if (tomoyo_domain_def(data + 7))
 762                        domain = tomoyo_find_domain(data + 7);
 763        } else
 764                return false;
 765        head->write_var1 = domain;
 766        /* Accessing read_buf is safe because head->io_sem is held. */
 767        if (!head->read_buf)
 768                return true; /* Do nothing if open(O_WRONLY). */
 769        memset(&head->r, 0, sizeof(head->r));
 770        head->r.print_this_domain_only = true;
 771        if (domain)
 772                head->r.domain = &domain->list;
 773        else
 774                head->r.eof = 1;
 775        tomoyo_io_printf(head, "# select %s\n", data);
 776        if (domain && domain->is_deleted)
 777                tomoyo_io_printf(head, "# This is a deleted domain.\n");
 778        return true;
 779}
 780
 781/**
 782 * tomoyo_delete_domain - Delete a domain.
 783 *
 784 * @domainname: The name of domain.
 785 *
 786 * Returns 0.
 787 *
 788 * Caller holds tomoyo_read_lock().
 789 */
 790static int tomoyo_delete_domain(char *domainname)
 791{
 792        struct tomoyo_domain_info *domain;
 793        struct tomoyo_path_info name;
 794
 795        name.name = domainname;
 796        tomoyo_fill_path_info(&name);
 797        if (mutex_lock_interruptible(&tomoyo_policy_lock))
 798                return 0;
 799        /* Is there an active domain? */
 800        list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
 801                /* Never delete tomoyo_kernel_domain */
 802                if (domain == &tomoyo_kernel_domain)
 803                        continue;
 804                if (domain->is_deleted ||
 805                    tomoyo_pathcmp(domain->domainname, &name))
 806                        continue;
 807                domain->is_deleted = true;
 808                break;
 809        }
 810        mutex_unlock(&tomoyo_policy_lock);
 811        return 0;
 812}
 813
 814/**
 815 * tomoyo_write_domain2 - Write domain policy.
 816 *
 817 * @head: Pointer to "struct tomoyo_io_buffer".
 818 *
 819 * Returns 0 on success, negative value otherwise.
 820 *
 821 * Caller holds tomoyo_read_lock().
 822 */
 823static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain,
 824                                const bool is_delete)
 825{
 826        if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT))
 827                return tomoyo_write_mount(data, domain, is_delete);
 828        return tomoyo_write_file(data, domain, is_delete);
 829}
 830
 831/**
 832 * tomoyo_write_domain - Write domain policy.
 833 *
 834 * @head: Pointer to "struct tomoyo_io_buffer".
 835 *
 836 * Returns 0 on success, negative value otherwise.
 837 *
 838 * Caller holds tomoyo_read_lock().
 839 */
 840static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
 841{
 842        char *data = head->write_buf;
 843        struct tomoyo_domain_info *domain = head->write_var1;
 844        bool is_delete = false;
 845        bool is_select = false;
 846        unsigned int profile;
 847
 848        if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
 849                is_delete = true;
 850        else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
 851                is_select = true;
 852        if (is_select && tomoyo_select_one(head, data))
 853                return 0;
 854        /* Don't allow updating policies by non manager programs. */
 855        if (!tomoyo_manager())
 856                return -EPERM;
 857        if (tomoyo_domain_def(data)) {
 858                domain = NULL;
 859                if (is_delete)
 860                        tomoyo_delete_domain(data);
 861                else if (is_select)
 862                        domain = tomoyo_find_domain(data);
 863                else
 864                        domain = tomoyo_assign_domain(data, 0);
 865                head->write_var1 = domain;
 866                return 0;
 867        }
 868        if (!domain)
 869                return -EINVAL;
 870
 871        if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1
 872            && profile < TOMOYO_MAX_PROFILES) {
 873                if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)
 874                        domain->profile = (u8) profile;
 875                return 0;
 876        }
 877        if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
 878                domain->ignore_global_allow_read = !is_delete;
 879                return 0;
 880        }
 881        if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) {
 882                domain->quota_warned = !is_delete;
 883                return 0;
 884        }
 885        if (!strcmp(data, TOMOYO_KEYWORD_TRANSITION_FAILED)) {
 886                domain->transition_failed = !is_delete;
 887                return 0;
 888        }
 889        return tomoyo_write_domain2(data, domain, is_delete);
 890}
 891
 892/**
 893 * tomoyo_fns - Find next set bit.
 894 *
 895 * @perm: 8 bits value.
 896 * @bit:  First bit to find.
 897 *
 898 * Returns next on-bit on success, 8 otherwise.
 899 */
 900static u8 tomoyo_fns(const u8 perm, u8 bit)
 901{
 902        for ( ; bit < 8; bit++)
 903                if (perm & (1 << bit))
 904                        break;
 905        return bit;
 906}
 907
 908/**
 909 * tomoyo_print_entry - Print an ACL entry.
 910 *
 911 * @head: Pointer to "struct tomoyo_io_buffer".
 912 * @acl:  Pointer to an ACL entry.
 913 *
 914 * Returns true on success, false otherwise.
 915 */
 916static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
 917                               struct tomoyo_acl_info *acl)
 918{
 919        const u8 acl_type = acl->type;
 920        u8 bit;
 921
 922        if (acl->is_deleted)
 923                return true;
 924 next:
 925        bit = head->r.bit;
 926        if (!tomoyo_flush(head))
 927                return false;
 928        else if (acl_type == TOMOYO_TYPE_PATH_ACL) {
 929                struct tomoyo_path_acl *ptr =
 930                        container_of(acl, typeof(*ptr), head);
 931                const u16 perm = ptr->perm;
 932                for ( ; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
 933                        if (!(perm & (1 << bit)))
 934                                continue;
 935                        if (head->r.print_execute_only &&
 936                            bit != TOMOYO_TYPE_EXECUTE)
 937                                continue;
 938                        /* Print "read/write" instead of "read" and "write". */
 939                        if ((bit == TOMOYO_TYPE_READ ||
 940                             bit == TOMOYO_TYPE_WRITE)
 941                            && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
 942                                continue;
 943                        break;
 944                }
 945                if (bit >= TOMOYO_MAX_PATH_OPERATION)
 946                        goto done;
 947                tomoyo_io_printf(head, "allow_%s", tomoyo_path_keyword[bit]);
 948                tomoyo_print_name_union(head, &ptr->name);
 949        } else if (head->r.print_execute_only) {
 950                return true;
 951        } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
 952                struct tomoyo_path2_acl *ptr =
 953                        container_of(acl, typeof(*ptr), head);
 954                bit = tomoyo_fns(ptr->perm, bit);
 955                if (bit >= TOMOYO_MAX_PATH2_OPERATION)
 956                        goto done;
 957                tomoyo_io_printf(head, "allow_%s", tomoyo_path2_keyword[bit]);
 958                tomoyo_print_name_union(head, &ptr->name1);
 959                tomoyo_print_name_union(head, &ptr->name2);
 960        } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) {
 961                struct tomoyo_path_number_acl *ptr =
 962                        container_of(acl, typeof(*ptr), head);
 963                bit = tomoyo_fns(ptr->perm, bit);
 964                if (bit >= TOMOYO_MAX_PATH_NUMBER_OPERATION)
 965                        goto done;
 966                tomoyo_io_printf(head, "allow_%s",
 967                                 tomoyo_path_number_keyword[bit]);
 968                tomoyo_print_name_union(head, &ptr->name);
 969                tomoyo_print_number_union(head, &ptr->number);
 970        } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
 971                struct tomoyo_mkdev_acl *ptr =
 972                        container_of(acl, typeof(*ptr), head);
 973                bit = tomoyo_fns(ptr->perm, bit);
 974                if (bit >= TOMOYO_MAX_MKDEV_OPERATION)
 975                        goto done;
 976                tomoyo_io_printf(head, "allow_%s", tomoyo_mkdev_keyword[bit]);
 977                tomoyo_print_name_union(head, &ptr->name);
 978                tomoyo_print_number_union(head, &ptr->mode);
 979                tomoyo_print_number_union(head, &ptr->major);
 980                tomoyo_print_number_union(head, &ptr->minor);
 981        } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
 982                struct tomoyo_mount_acl *ptr =
 983                        container_of(acl, typeof(*ptr), head);
 984                tomoyo_io_printf(head, "allow_mount");
 985                tomoyo_print_name_union(head, &ptr->dev_name);
 986                tomoyo_print_name_union(head, &ptr->dir_name);
 987                tomoyo_print_name_union(head, &ptr->fs_type);
 988                tomoyo_print_number_union(head, &ptr->flags);
 989        }
 990        head->r.bit = bit + 1;
 991        tomoyo_io_printf(head, "\n");
 992        if (acl_type != TOMOYO_TYPE_MOUNT_ACL)
 993                goto next;
 994 done:
 995        head->r.bit = 0;
 996        return true;
 997}
 998
 999/**
1000 * tomoyo_read_domain2 - Read domain policy.
1001 *
1002 * @head:   Pointer to "struct tomoyo_io_buffer".
1003 * @domain: Pointer to "struct tomoyo_domain_info".
1004 *
1005 * Caller holds tomoyo_read_lock().
1006 *
1007 * Returns true on success, false otherwise.
1008 */
1009static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head,
1010                                struct tomoyo_domain_info *domain)
1011{
1012        list_for_each_cookie(head->r.acl, &domain->acl_info_list) {
1013                struct tomoyo_acl_info *ptr =
1014                        list_entry(head->r.acl, typeof(*ptr), list);
1015                if (!tomoyo_print_entry(head, ptr))
1016                        return false;
1017        }
1018        head->r.acl = NULL;
1019        return true;
1020}
1021
1022/**
1023 * tomoyo_read_domain - Read domain policy.
1024 *
1025 * @head: Pointer to "struct tomoyo_io_buffer".
1026 *
1027 * Caller holds tomoyo_read_lock().
1028 */
1029static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1030{
1031        if (head->r.eof)
1032                return;
1033        list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1034                struct tomoyo_domain_info *domain =
1035                        list_entry(head->r.domain, typeof(*domain), list);
1036                switch (head->r.step) {
1037                case 0:
1038                        if (domain->is_deleted &&
1039                            !head->r.print_this_domain_only)
1040                                continue;
1041                        /* Print domainname and flags. */
1042                        tomoyo_set_string(head, domain->domainname->name);
1043                        tomoyo_set_lf(head);
1044                        tomoyo_io_printf(head,
1045                                         TOMOYO_KEYWORD_USE_PROFILE "%u\n",
1046                                         domain->profile);
1047                        if (domain->quota_warned)
1048                                tomoyo_set_string(head, "quota_exceeded\n");
1049                        if (domain->transition_failed)
1050                                tomoyo_set_string(head, "transition_failed\n");
1051                        if (domain->ignore_global_allow_read)
1052                                tomoyo_set_string(head,
1053                                       TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ
1054                                                  "\n");
1055                        head->r.step++;
1056                        tomoyo_set_lf(head);
1057                        /* fall through */
1058                case 1:
1059                        if (!tomoyo_read_domain2(head, domain))
1060                                return;
1061                        head->r.step++;
1062                        if (!tomoyo_set_lf(head))
1063                                return;
1064                        /* fall through */
1065                case 2:
1066                        head->r.step = 0;
1067                        if (head->r.print_this_domain_only)
1068                                goto done;
1069                }
1070        }
1071 done:
1072        head->r.eof = true;
1073}
1074
1075/**
1076 * tomoyo_write_domain_profile - Assign profile for specified domain.
1077 *
1078 * @head: Pointer to "struct tomoyo_io_buffer".
1079 *
1080 * Returns 0 on success, -EINVAL otherwise.
1081 *
1082 * This is equivalent to doing
1083 *
1084 *     ( echo "select " $domainname; echo "use_profile " $profile ) |
1085 *     /usr/sbin/tomoyo-loadpolicy -d
1086 *
1087 * Caller holds tomoyo_read_lock().
1088 */
1089static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1090{
1091        char *data = head->write_buf;
1092        char *cp = strchr(data, ' ');
1093        struct tomoyo_domain_info *domain;
1094        unsigned long profile;
1095
1096        if (!cp)
1097                return -EINVAL;
1098        *cp = '\0';
1099        domain = tomoyo_find_domain(cp + 1);
1100        if (strict_strtoul(data, 10, &profile))
1101                return -EINVAL;
1102        if (domain && profile < TOMOYO_MAX_PROFILES
1103            && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded))
1104                domain->profile = (u8) profile;
1105        return 0;
1106}
1107
1108/**
1109 * tomoyo_read_domain_profile - Read only domainname and profile.
1110 *
1111 * @head: Pointer to "struct tomoyo_io_buffer".
1112 *
1113 * Returns list of profile number and domainname pairs.
1114 *
1115 * This is equivalent to doing
1116 *
1117 *     grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1118 *     awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1119 *     domainname = $0; } else if ( $1 == "use_profile" ) {
1120 *     print $2 " " domainname; domainname = ""; } } ; '
1121 *
1122 * Caller holds tomoyo_read_lock().
1123 */
1124static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1125{
1126        if (head->r.eof)
1127                return;
1128        list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1129                struct tomoyo_domain_info *domain =
1130                        list_entry(head->r.domain, typeof(*domain), list);
1131                if (domain->is_deleted)
1132                        continue;
1133                if (!tomoyo_flush(head))
1134                        return;
1135                tomoyo_io_printf(head, "%u ", domain->profile);
1136                tomoyo_set_string(head, domain->domainname->name);
1137                tomoyo_set_lf(head);
1138        }
1139        head->r.eof = true;
1140}
1141
1142/**
1143 * tomoyo_write_pid: Specify PID to obtain domainname.
1144 *
1145 * @head: Pointer to "struct tomoyo_io_buffer".
1146 *
1147 * Returns 0.
1148 */
1149static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1150{
1151        head->r.eof = false;
1152        return 0;
1153}
1154
1155/**
1156 * tomoyo_read_pid - Get domainname of the specified PID.
1157 *
1158 * @head: Pointer to "struct tomoyo_io_buffer".
1159 *
1160 * Returns the domainname which the specified PID is in on success,
1161 * empty string otherwise.
1162 * The PID is specified by tomoyo_write_pid() so that the user can obtain
1163 * using read()/write() interface rather than sysctl() interface.
1164 */
1165static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
1166{
1167        char *buf = head->write_buf;
1168        bool global_pid = false;
1169        unsigned int pid;
1170        struct task_struct *p;
1171        struct tomoyo_domain_info *domain = NULL;
1172
1173        /* Accessing write_buf is safe because head->io_sem is held. */
1174        if (!buf) {
1175                head->r.eof = true;
1176                return; /* Do nothing if open(O_RDONLY). */
1177        }
1178        if (head->r.w_pos || head->r.eof)
1179                return;
1180        head->r.eof = true;
1181        if (tomoyo_str_starts(&buf, "global-pid "))
1182                global_pid = true;
1183        pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1184        rcu_read_lock();
1185        read_lock(&tasklist_lock);
1186        if (global_pid)
1187                p = find_task_by_pid_ns(pid, &init_pid_ns);
1188        else
1189                p = find_task_by_vpid(pid);
1190        if (p)
1191                domain = tomoyo_real_domain(p);
1192        read_unlock(&tasklist_lock);
1193        rcu_read_unlock();
1194        if (!domain)
1195                return;
1196        tomoyo_io_printf(head, "%u %u ", pid, domain->profile);
1197        tomoyo_set_string(head, domain->domainname->name);
1198}
1199
1200static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1201        [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE]
1202        = TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN,
1203        [TOMOYO_TRANSITION_CONTROL_INITIALIZE]
1204        = TOMOYO_KEYWORD_INITIALIZE_DOMAIN,
1205        [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = TOMOYO_KEYWORD_NO_KEEP_DOMAIN,
1206        [TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN
1207};
1208
1209static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1210        [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP,
1211        [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP
1212};
1213
1214/**
1215 * tomoyo_write_exception - Write exception policy.
1216 *
1217 * @head: Pointer to "struct tomoyo_io_buffer".
1218 *
1219 * Returns 0 on success, negative value otherwise.
1220 *
1221 * Caller holds tomoyo_read_lock().
1222 */
1223static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1224{
1225        char *data = head->write_buf;
1226        bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1227        u8 i;
1228        static const struct {
1229                const char *keyword;
1230                int (*write) (char *, const bool);
1231        } tomoyo_callback[4] = {
1232                { TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator },
1233                { TOMOYO_KEYWORD_FILE_PATTERN, tomoyo_write_pattern },
1234                { TOMOYO_KEYWORD_DENY_REWRITE, tomoyo_write_no_rewrite },
1235                { TOMOYO_KEYWORD_ALLOW_READ, tomoyo_write_globally_readable },
1236        };
1237
1238        for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1239                if (tomoyo_str_starts(&data, tomoyo_transition_type[i]))
1240                        return tomoyo_write_transition_control(data, is_delete,
1241                                                               i);
1242        for (i = 0; i < 4; i++)
1243                if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword))
1244                        return tomoyo_callback[i].write(data, is_delete);
1245        for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1246                if (tomoyo_str_starts(&data, tomoyo_group_name[i]))
1247                        return tomoyo_write_group(data, is_delete, i);
1248        return -EINVAL;
1249}
1250
1251/**
1252 * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1253 *
1254 * @head: Pointer to "struct tomoyo_io_buffer".
1255 * @idx:  Index number.
1256 *
1257 * Returns true on success, false otherwise.
1258 *
1259 * Caller holds tomoyo_read_lock().
1260 */
1261static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1262{
1263        list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) {
1264                struct tomoyo_group *group =
1265                        list_entry(head->r.group, typeof(*group), list);
1266                list_for_each_cookie(head->r.acl, &group->member_list) {
1267                        struct tomoyo_acl_head *ptr =
1268                                list_entry(head->r.acl, typeof(*ptr), list);
1269                        if (ptr->is_deleted)
1270                                continue;
1271                        if (!tomoyo_flush(head))
1272                                return false;
1273                        tomoyo_set_string(head, tomoyo_group_name[idx]);
1274                        tomoyo_set_string(head, group->group_name->name);
1275                        if (idx == TOMOYO_PATH_GROUP) {
1276                                tomoyo_set_space(head);
1277                                tomoyo_set_string(head, container_of
1278                                               (ptr, struct tomoyo_path_group,
1279                                                head)->member_name->name);
1280                        } else if (idx == TOMOYO_NUMBER_GROUP) {
1281                                tomoyo_print_number_union(head, &container_of
1282                                                          (ptr,
1283                                                   struct tomoyo_number_group,
1284                                                           head)->number);
1285                        }
1286                        tomoyo_set_lf(head);
1287                }
1288                head->r.acl = NULL;
1289        }
1290        head->r.group = NULL;
1291        return true;
1292}
1293
1294/**
1295 * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
1296 *
1297 * @head: Pointer to "struct tomoyo_io_buffer".
1298 * @idx:  Index number.
1299 *
1300 * Returns true on success, false otherwise.
1301 *
1302 * Caller holds tomoyo_read_lock().
1303 */
1304static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1305{
1306        list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) {
1307                struct tomoyo_acl_head *acl =
1308                        container_of(head->r.acl, typeof(*acl), list);
1309                if (acl->is_deleted)
1310                        continue;
1311                if (!tomoyo_flush(head))
1312                        return false;
1313                switch (idx) {
1314                case TOMOYO_ID_TRANSITION_CONTROL:
1315                        {
1316                                struct tomoyo_transition_control *ptr =
1317                                        container_of(acl, typeof(*ptr), head);
1318                                tomoyo_set_string(head,
1319                                                  tomoyo_transition_type
1320                                                  [ptr->type]);
1321                                if (ptr->program)
1322                                        tomoyo_set_string(head,
1323                                                          ptr->program->name);
1324                                if (ptr->program && ptr->domainname)
1325                                        tomoyo_set_string(head, " from ");
1326                                if (ptr->domainname)
1327                                        tomoyo_set_string(head,
1328                                                          ptr->domainname->
1329                                                          name);
1330                        }
1331                        break;
1332                case TOMOYO_ID_GLOBALLY_READABLE:
1333                        {
1334                                struct tomoyo_readable_file *ptr =
1335                                        container_of(acl, typeof(*ptr), head);
1336                                tomoyo_set_string(head,
1337                                                  TOMOYO_KEYWORD_ALLOW_READ);
1338                                tomoyo_set_string(head, ptr->filename->name);
1339                        }
1340                        break;
1341                case TOMOYO_ID_AGGREGATOR:
1342                        {
1343                                struct tomoyo_aggregator *ptr =
1344                                        container_of(acl, typeof(*ptr), head);
1345                                tomoyo_set_string(head,
1346                                                  TOMOYO_KEYWORD_AGGREGATOR);
1347                                tomoyo_set_string(head,
1348                                                  ptr->original_name->name);
1349                                tomoyo_set_space(head);
1350                                tomoyo_set_string(head,
1351                                               ptr->aggregated_name->name);
1352                        }
1353                        break;
1354                case TOMOYO_ID_PATTERN:
1355                        {
1356                                struct tomoyo_no_pattern *ptr =
1357                                        container_of(acl, typeof(*ptr), head);
1358                                tomoyo_set_string(head,
1359                                                  TOMOYO_KEYWORD_FILE_PATTERN);
1360                                tomoyo_set_string(head, ptr->pattern->name);
1361                        }
1362                        break;
1363                case TOMOYO_ID_NO_REWRITE:
1364                        {
1365                                struct tomoyo_no_rewrite *ptr =
1366                                        container_of(acl, typeof(*ptr), head);
1367                                tomoyo_set_string(head,
1368                                                  TOMOYO_KEYWORD_DENY_REWRITE);
1369                                tomoyo_set_string(head, ptr->pattern->name);
1370                        }
1371                        break;
1372                default:
1373                        continue;
1374                }
1375                tomoyo_set_lf(head);
1376        }
1377        head->r.acl = NULL;
1378        return true;
1379}
1380
1381/**
1382 * tomoyo_read_exception - Read exception policy.
1383 *
1384 * @head: Pointer to "struct tomoyo_io_buffer".
1385 *
1386 * Caller holds tomoyo_read_lock().
1387 */
1388static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
1389{
1390        if (head->r.eof)
1391                return;
1392        while (head->r.step < TOMOYO_MAX_POLICY &&
1393               tomoyo_read_policy(head, head->r.step))
1394                head->r.step++;
1395        if (head->r.step < TOMOYO_MAX_POLICY)
1396                return;
1397        while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
1398               tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY))
1399                head->r.step++;
1400        if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
1401                return;
1402        head->r.eof = true;
1403}
1404
1405/**
1406 * tomoyo_print_header - Get header line of audit log.
1407 *
1408 * @r: Pointer to "struct tomoyo_request_info".
1409 *
1410 * Returns string representation.
1411 *
1412 * This function uses kmalloc(), so caller must kfree() if this function
1413 * didn't return NULL.
1414 */
1415static char *tomoyo_print_header(struct tomoyo_request_info *r)
1416{
1417        struct timeval tv;
1418        const pid_t gpid = task_pid_nr(current);
1419        static const int tomoyo_buffer_len = 4096;
1420        char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS);
1421        pid_t ppid;
1422        if (!buffer)
1423                return NULL;
1424        do_gettimeofday(&tv);
1425        rcu_read_lock();
1426        ppid = task_tgid_vnr(current->real_parent);
1427        rcu_read_unlock();
1428        snprintf(buffer, tomoyo_buffer_len - 1,
1429                 "#timestamp=%lu profile=%u mode=%s (global-pid=%u)"
1430                 " task={ pid=%u ppid=%u uid=%u gid=%u euid=%u"
1431                 " egid=%u suid=%u sgid=%u fsuid=%u fsgid=%u }",
1432                 tv.tv_sec, r->profile, tomoyo_mode[r->mode], gpid,
1433                 task_tgid_vnr(current), ppid,
1434                 current_uid(), current_gid(), current_euid(),
1435                 current_egid(), current_suid(), current_sgid(),
1436                 current_fsuid(), current_fsgid());
1437        return buffer;
1438}
1439
1440/**
1441 * tomoyo_init_audit_log - Allocate buffer for audit logs.
1442 *
1443 * @len: Required size.
1444 * @r:   Pointer to "struct tomoyo_request_info".
1445 *
1446 * Returns pointer to allocated memory.
1447 *
1448 * The @len is updated to add the header lines' size on success.
1449 *
1450 * This function uses kzalloc(), so caller must kfree() if this function
1451 * didn't return NULL.
1452 */
1453static char *tomoyo_init_audit_log(int *len, struct tomoyo_request_info *r)
1454{
1455        char *buf = NULL;
1456        const char *header;
1457        const char *domainname;
1458        if (!r->domain)
1459                r->domain = tomoyo_domain();
1460        domainname = r->domain->domainname->name;
1461        header = tomoyo_print_header(r);
1462        if (!header)
1463                return NULL;
1464        *len += strlen(domainname) + strlen(header) + 10;
1465        buf = kzalloc(*len, GFP_NOFS);
1466        if (buf)
1467                snprintf(buf, (*len) - 1, "%s\n%s\n", header, domainname);
1468        kfree(header);
1469        return buf;
1470}
1471
1472/* Wait queue for tomoyo_query_list. */
1473static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait);
1474
1475/* Lock for manipulating tomoyo_query_list. */
1476static DEFINE_SPINLOCK(tomoyo_query_list_lock);
1477
1478/* Structure for query. */
1479struct tomoyo_query {
1480        struct list_head list;
1481        char *query;
1482        int query_len;
1483        unsigned int serial;
1484        int timer;
1485        int answer;
1486};
1487
1488/* The list for "struct tomoyo_query". */
1489static LIST_HEAD(tomoyo_query_list);
1490
1491/*
1492 * Number of "struct file" referring /sys/kernel/security/tomoyo/query
1493 * interface.
1494 */
1495static atomic_t tomoyo_query_observers = ATOMIC_INIT(0);
1496
1497/**
1498 * tomoyo_supervisor - Ask for the supervisor's decision.
1499 *
1500 * @r:       Pointer to "struct tomoyo_request_info".
1501 * @fmt:     The printf()'s format string, followed by parameters.
1502 *
1503 * Returns 0 if the supervisor decided to permit the access request which
1504 * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the
1505 * supervisor decided to retry the access request which violated the policy in
1506 * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise.
1507 */
1508int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1509{
1510        va_list args;
1511        int error = -EPERM;
1512        int pos;
1513        int len;
1514        static unsigned int tomoyo_serial;
1515        struct tomoyo_query *entry = NULL;
1516        bool quota_exceeded = false;
1517        char *header;
1518        switch (r->mode) {
1519                char *buffer;
1520        case TOMOYO_CONFIG_LEARNING:
1521                if (!tomoyo_domain_quota_is_ok(r))
1522                        return 0;
1523                va_start(args, fmt);
1524                len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4;
1525                va_end(args);
1526                buffer = kmalloc(len, GFP_NOFS);
1527                if (!buffer)
1528                        return 0;
1529                va_start(args, fmt);
1530                vsnprintf(buffer, len - 1, fmt, args);
1531                va_end(args);
1532                tomoyo_normalize_line(buffer);
1533                tomoyo_write_domain2(buffer, r->domain, false);
1534                kfree(buffer);
1535                /* fall through */
1536        case TOMOYO_CONFIG_PERMISSIVE:
1537                return 0;
1538        }
1539        if (!r->domain)
1540                r->domain = tomoyo_domain();
1541        if (!atomic_read(&tomoyo_query_observers))
1542                return -EPERM;
1543        va_start(args, fmt);
1544        len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
1545        va_end(args);
1546        header = tomoyo_init_audit_log(&len, r);
1547        if (!header)
1548                goto out;
1549        entry = kzalloc(sizeof(*entry), GFP_NOFS);
1550        if (!entry)
1551                goto out;
1552        entry->query = kzalloc(len, GFP_NOFS);
1553        if (!entry->query)
1554                goto out;
1555        len = ksize(entry->query);
1556        spin_lock(&tomoyo_query_list_lock);
1557        if (tomoyo_quota_for_query && tomoyo_query_memory_size + len +
1558            sizeof(*entry) >= tomoyo_quota_for_query) {
1559                quota_exceeded = true;
1560        } else {
1561                tomoyo_query_memory_size += len + sizeof(*entry);
1562                entry->serial = tomoyo_serial++;
1563        }
1564        spin_unlock(&tomoyo_query_list_lock);
1565        if (quota_exceeded)
1566                goto out;
1567        pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s",
1568                       entry->serial, r->retry, header);
1569        kfree(header);
1570        header = NULL;
1571        va_start(args, fmt);
1572        vsnprintf(entry->query + pos, len - 1 - pos, fmt, args);
1573        entry->query_len = strlen(entry->query) + 1;
1574        va_end(args);
1575        spin_lock(&tomoyo_query_list_lock);
1576        list_add_tail(&entry->list, &tomoyo_query_list);
1577        spin_unlock(&tomoyo_query_list_lock);
1578        /* Give 10 seconds for supervisor's opinion. */
1579        for (entry->timer = 0;
1580             atomic_read(&tomoyo_query_observers) && entry->timer < 100;
1581             entry->timer++) {
1582                wake_up(&tomoyo_query_wait);
1583                set_current_state(TASK_INTERRUPTIBLE);
1584                schedule_timeout(HZ / 10);
1585                if (entry->answer)
1586                        break;
1587        }
1588        spin_lock(&tomoyo_query_list_lock);
1589        list_del(&entry->list);
1590        tomoyo_query_memory_size -= len + sizeof(*entry);
1591        spin_unlock(&tomoyo_query_list_lock);
1592        switch (entry->answer) {
1593        case 3: /* Asked to retry by administrator. */
1594                error = TOMOYO_RETRY_REQUEST;
1595                r->retry++;
1596                break;
1597        case 1:
1598                /* Granted by administrator. */
1599                error = 0;
1600                break;
1601        case 0:
1602                /* Timed out. */
1603                break;
1604        default:
1605                /* Rejected by administrator. */
1606                break;
1607        }
1608 out:
1609        if (entry)
1610                kfree(entry->query);
1611        kfree(entry);
1612        kfree(header);
1613        return error;
1614}
1615
1616/**
1617 * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query.
1618 *
1619 * @file: Pointer to "struct file".
1620 * @wait: Pointer to "poll_table".
1621 *
1622 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
1623 *
1624 * Waits for access requests which violated policy in enforcing mode.
1625 */
1626static int tomoyo_poll_query(struct file *file, poll_table *wait)
1627{
1628        struct list_head *tmp;
1629        bool found = false;
1630        u8 i;
1631        for (i = 0; i < 2; i++) {
1632                spin_lock(&tomoyo_query_list_lock);
1633                list_for_each(tmp, &tomoyo_query_list) {
1634                        struct tomoyo_query *ptr =
1635                                list_entry(tmp, typeof(*ptr), list);
1636                        if (ptr->answer)
1637                                continue;
1638                        found = true;
1639                        break;
1640                }
1641                spin_unlock(&tomoyo_query_list_lock);
1642                if (found)
1643                        return POLLIN | POLLRDNORM;
1644                if (i)
1645                        break;
1646                poll_wait(file, &tomoyo_query_wait, wait);
1647        }
1648        return 0;
1649}
1650
1651/**
1652 * tomoyo_read_query - Read access requests which violated policy in enforcing mode.
1653 *
1654 * @head: Pointer to "struct tomoyo_io_buffer".
1655 */
1656static void tomoyo_read_query(struct tomoyo_io_buffer *head)
1657{
1658        struct list_head *tmp;
1659        int pos = 0;
1660        int len = 0;
1661        char *buf;
1662        if (head->r.w_pos)
1663                return;
1664        if (head->read_buf) {
1665                kfree(head->read_buf);
1666                head->read_buf = NULL;
1667        }
1668        spin_lock(&tomoyo_query_list_lock);
1669        list_for_each(tmp, &tomoyo_query_list) {
1670                struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1671                if (ptr->answer)
1672                        continue;
1673                if (pos++ != head->r.query_index)
1674                        continue;
1675                len = ptr->query_len;
1676                break;
1677        }
1678        spin_unlock(&tomoyo_query_list_lock);
1679        if (!len) {
1680                head->r.query_index = 0;
1681                return;
1682        }
1683        buf = kzalloc(len, GFP_NOFS);
1684        if (!buf)
1685                return;
1686        pos = 0;
1687        spin_lock(&tomoyo_query_list_lock);
1688        list_for_each(tmp, &tomoyo_query_list) {
1689                struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1690                if (ptr->answer)
1691                        continue;
1692                if (pos++ != head->r.query_index)
1693                        continue;
1694                /*
1695                 * Some query can be skipped because tomoyo_query_list
1696                 * can change, but I don't care.
1697                 */
1698                if (len == ptr->query_len)
1699                        memmove(buf, ptr->query, len);
1700                break;
1701        }
1702        spin_unlock(&tomoyo_query_list_lock);
1703        if (buf[0]) {
1704                head->read_buf = buf;
1705                head->r.w[head->r.w_pos++] = buf;
1706                head->r.query_index++;
1707        } else {
1708                kfree(buf);
1709        }
1710}
1711
1712/**
1713 * tomoyo_write_answer - Write the supervisor's decision.
1714 *
1715 * @head: Pointer to "struct tomoyo_io_buffer".
1716 *
1717 * Returns 0 on success, -EINVAL otherwise.
1718 */
1719static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
1720{
1721        char *data = head->write_buf;
1722        struct list_head *tmp;
1723        unsigned int serial;
1724        unsigned int answer;
1725        spin_lock(&tomoyo_query_list_lock);
1726        list_for_each(tmp, &tomoyo_query_list) {
1727                struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1728                ptr->timer = 0;
1729        }
1730        spin_unlock(&tomoyo_query_list_lock);
1731        if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
1732                return -EINVAL;
1733        spin_lock(&tomoyo_query_list_lock);
1734        list_for_each(tmp, &tomoyo_query_list) {
1735                struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1736                if (ptr->serial != serial)
1737                        continue;
1738                if (!ptr->answer)
1739                        ptr->answer = answer;
1740                break;
1741        }
1742        spin_unlock(&tomoyo_query_list_lock);
1743        return 0;
1744}
1745
1746/**
1747 * tomoyo_read_version: Get version.
1748 *
1749 * @head: Pointer to "struct tomoyo_io_buffer".
1750 *
1751 * Returns version information.
1752 */
1753static void tomoyo_read_version(struct tomoyo_io_buffer *head)
1754{
1755        if (!head->r.eof) {
1756                tomoyo_io_printf(head, "2.3.0");
1757                head->r.eof = true;
1758        }
1759}
1760
1761/**
1762 * tomoyo_read_self_domain - Get the current process's domainname.
1763 *
1764 * @head: Pointer to "struct tomoyo_io_buffer".
1765 *
1766 * Returns the current process's domainname.
1767 */
1768static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1769{
1770        if (!head->r.eof) {
1771                /*
1772                 * tomoyo_domain()->domainname != NULL
1773                 * because every process belongs to a domain and
1774                 * the domain's name cannot be NULL.
1775                 */
1776                tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1777                head->r.eof = true;
1778        }
1779}
1780
1781/**
1782 * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1783 *
1784 * @type: Type of interface.
1785 * @file: Pointer to "struct file".
1786 *
1787 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
1788 *
1789 * Caller acquires tomoyo_read_lock().
1790 */
1791int tomoyo_open_control(const u8 type, struct file *file)
1792{
1793        struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS);
1794
1795        if (!head)
1796                return -ENOMEM;
1797        mutex_init(&head->io_sem);
1798        head->type = type;
1799        switch (type) {
1800        case TOMOYO_DOMAINPOLICY:
1801                /* /sys/kernel/security/tomoyo/domain_policy */
1802                head->write = tomoyo_write_domain;
1803                head->read = tomoyo_read_domain;
1804                break;
1805        case TOMOYO_EXCEPTIONPOLICY:
1806                /* /sys/kernel/security/tomoyo/exception_policy */
1807                head->write = tomoyo_write_exception;
1808                head->read = tomoyo_read_exception;
1809                break;
1810        case TOMOYO_SELFDOMAIN:
1811                /* /sys/kernel/security/tomoyo/self_domain */
1812                head->read = tomoyo_read_self_domain;
1813                break;
1814        case TOMOYO_DOMAIN_STATUS:
1815                /* /sys/kernel/security/tomoyo/.domain_status */
1816                head->write = tomoyo_write_domain_profile;
1817                head->read = tomoyo_read_domain_profile;
1818                break;
1819        case TOMOYO_PROCESS_STATUS:
1820                /* /sys/kernel/security/tomoyo/.process_status */
1821                head->write = tomoyo_write_pid;
1822                head->read = tomoyo_read_pid;
1823                break;
1824        case TOMOYO_VERSION:
1825                /* /sys/kernel/security/tomoyo/version */
1826                head->read = tomoyo_read_version;
1827                head->readbuf_size = 128;
1828                break;
1829        case TOMOYO_MEMINFO:
1830                /* /sys/kernel/security/tomoyo/meminfo */
1831                head->write = tomoyo_write_memory_quota;
1832                head->read = tomoyo_read_memory_counter;
1833                head->readbuf_size = 512;
1834                break;
1835        case TOMOYO_PROFILE:
1836                /* /sys/kernel/security/tomoyo/profile */
1837                head->write = tomoyo_write_profile;
1838                head->read = tomoyo_read_profile;
1839                break;
1840        case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */
1841                head->poll = tomoyo_poll_query;
1842                head->write = tomoyo_write_answer;
1843                head->read = tomoyo_read_query;
1844                break;
1845        case TOMOYO_MANAGER:
1846                /* /sys/kernel/security/tomoyo/manager */
1847                head->write = tomoyo_write_manager;
1848                head->read = tomoyo_read_manager;
1849                break;
1850        }
1851        if (!(file->f_mode & FMODE_READ)) {
1852                /*
1853                 * No need to allocate read_buf since it is not opened
1854                 * for reading.
1855                 */
1856                head->read = NULL;
1857                head->poll = NULL;
1858        } else if (!head->poll) {
1859                /* Don't allocate read_buf for poll() access. */
1860                if (!head->readbuf_size)
1861                        head->readbuf_size = 4096 * 2;
1862                head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS);
1863                if (!head->read_buf) {
1864                        kfree(head);
1865                        return -ENOMEM;
1866                }
1867        }
1868        if (!(file->f_mode & FMODE_WRITE)) {
1869                /*
1870                 * No need to allocate write_buf since it is not opened
1871                 * for writing.
1872                 */
1873                head->write = NULL;
1874        } else if (head->write) {
1875                head->writebuf_size = 4096 * 2;
1876                head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS);
1877                if (!head->write_buf) {
1878                        kfree(head->read_buf);
1879                        kfree(head);
1880                        return -ENOMEM;
1881                }
1882        }
1883        if (type != TOMOYO_QUERY)
1884                head->reader_idx = tomoyo_read_lock();
1885        file->private_data = head;
1886        /*
1887         * Call the handler now if the file is
1888         * /sys/kernel/security/tomoyo/self_domain
1889         * so that the user can use
1890         * cat < /sys/kernel/security/tomoyo/self_domain"
1891         * to know the current process's domainname.
1892         */
1893        if (type == TOMOYO_SELFDOMAIN)
1894                tomoyo_read_control(file, NULL, 0);
1895        /*
1896         * If the file is /sys/kernel/security/tomoyo/query , increment the
1897         * observer counter.
1898         * The obserber counter is used by tomoyo_supervisor() to see if
1899         * there is some process monitoring /sys/kernel/security/tomoyo/query.
1900         */
1901        else if (type == TOMOYO_QUERY)
1902                atomic_inc(&tomoyo_query_observers);
1903        return 0;
1904}
1905
1906/**
1907 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
1908 *
1909 * @file: Pointer to "struct file".
1910 * @wait: Pointer to "poll_table".
1911 *
1912 * Waits for read readiness.
1913 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd .
1914 */
1915int tomoyo_poll_control(struct file *file, poll_table *wait)
1916{
1917        struct tomoyo_io_buffer *head = file->private_data;
1918        if (!head->poll)
1919                return -ENOSYS;
1920        return head->poll(file, wait);
1921}
1922
1923/**
1924 * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
1925 *
1926 * @file:       Pointer to "struct file".
1927 * @buffer:     Poiner to buffer to write to.
1928 * @buffer_len: Size of @buffer.
1929 *
1930 * Returns bytes read on success, negative value otherwise.
1931 *
1932 * Caller holds tomoyo_read_lock().
1933 */
1934int tomoyo_read_control(struct file *file, char __user *buffer,
1935                        const int buffer_len)
1936{
1937        int len;
1938        struct tomoyo_io_buffer *head = file->private_data;
1939
1940        if (!head->read)
1941                return -ENOSYS;
1942        if (mutex_lock_interruptible(&head->io_sem))
1943                return -EINTR;
1944        head->read_user_buf = buffer;
1945        head->read_user_buf_avail = buffer_len;
1946        if (tomoyo_flush(head))
1947                /* Call the policy handler. */
1948                head->read(head);
1949        tomoyo_flush(head);
1950        len = head->read_user_buf - buffer;
1951        mutex_unlock(&head->io_sem);
1952        return len;
1953}
1954
1955/**
1956 * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
1957 *
1958 * @file:       Pointer to "struct file".
1959 * @buffer:     Pointer to buffer to read from.
1960 * @buffer_len: Size of @buffer.
1961 *
1962 * Returns @buffer_len on success, negative value otherwise.
1963 *
1964 * Caller holds tomoyo_read_lock().
1965 */
1966int tomoyo_write_control(struct file *file, const char __user *buffer,
1967                         const int buffer_len)
1968{
1969        struct tomoyo_io_buffer *head = file->private_data;
1970        int error = buffer_len;
1971        int avail_len = buffer_len;
1972        char *cp0 = head->write_buf;
1973
1974        if (!head->write)
1975                return -ENOSYS;
1976        if (!access_ok(VERIFY_READ, buffer, buffer_len))
1977                return -EFAULT;
1978        /* Don't allow updating policies by non manager programs. */
1979        if (head->write != tomoyo_write_pid &&
1980            head->write != tomoyo_write_domain && !tomoyo_manager())
1981                return -EPERM;
1982        if (mutex_lock_interruptible(&head->io_sem))
1983                return -EINTR;
1984        /* Read a line and dispatch it to the policy handler. */
1985        while (avail_len > 0) {
1986                char c;
1987                if (head->write_avail >= head->writebuf_size - 1) {
1988                        error = -ENOMEM;
1989                        break;
1990                } else if (get_user(c, buffer)) {
1991                        error = -EFAULT;
1992                        break;
1993                }
1994                buffer++;
1995                avail_len--;
1996                cp0[head->write_avail++] = c;
1997                if (c != '\n')
1998                        continue;
1999                cp0[head->write_avail - 1] = '\0';
2000                head->write_avail = 0;
2001                tomoyo_normalize_line(cp0);
2002                head->write(head);
2003        }
2004        mutex_unlock(&head->io_sem);
2005        return error;
2006}
2007
2008/**
2009 * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
2010 *
2011 * @file: Pointer to "struct file".
2012 *
2013 * Releases memory and returns 0.
2014 *
2015 * Caller looses tomoyo_read_lock().
2016 */
2017int tomoyo_close_control(struct file *file)
2018{
2019        struct tomoyo_io_buffer *head = file->private_data;
2020        const bool is_write = !!head->write_buf;
2021
2022        /*
2023         * If the file is /sys/kernel/security/tomoyo/query , decrement the
2024         * observer counter.
2025         */
2026        if (head->type == TOMOYO_QUERY)
2027                atomic_dec(&tomoyo_query_observers);
2028        else
2029                tomoyo_read_unlock(head->reader_idx);
2030        /* Release memory used for policy I/O. */
2031        kfree(head->read_buf);
2032        head->read_buf = NULL;
2033        kfree(head->write_buf);
2034        head->write_buf = NULL;
2035        kfree(head);
2036        head = NULL;
2037        file->private_data = NULL;
2038        if (is_write)
2039                tomoyo_run_gc();
2040        return 0;
2041}
2042
2043/**
2044 * tomoyo_check_profile - Check all profiles currently assigned to domains are defined.
2045 */
2046void tomoyo_check_profile(void)
2047{
2048        struct tomoyo_domain_info *domain;
2049        const int idx = tomoyo_read_lock();
2050        tomoyo_policy_loaded = true;
2051        /* Check all profiles currently assigned to domains are defined. */
2052        list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
2053                const u8 profile = domain->profile;
2054                if (tomoyo_profile_ptr[profile])
2055                        continue;
2056                printk(KERN_ERR "You need to define profile %u before using it.\n",
2057                       profile);
2058                printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
2059                       "for more information.\n");
2060                panic("Profile %u (used by '%s') not defined.\n",
2061                      profile, domain->domainname->name);
2062        }
2063        tomoyo_read_unlock(idx);
2064        if (tomoyo_profile_version != 20090903) {
2065                printk(KERN_ERR "You need to install userland programs for "
2066                       "TOMOYO 2.3 and initialize policy configuration.\n");
2067                printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
2068                       "for more information.\n");
2069                panic("Profile version %u is not supported.\n",
2070                      tomoyo_profile_version);
2071        }
2072        printk(KERN_INFO "TOMOYO: 2.3.0\n");
2073        printk(KERN_INFO "Mandatory Access Control activated.\n");
2074}
2075