1
2
3
4
5
6
7
8
9#include <linux/uaccess.h>
10#include <linux/slab.h>
11#include <linux/security.h>
12#include "common.h"
13
14static struct tomoyo_profile tomoyo_default_profile = {
15 .learning = &tomoyo_default_profile.preference,
16 .permissive = &tomoyo_default_profile.preference,
17 .enforcing = &tomoyo_default_profile.preference,
18 .preference.enforcing_verbose = true,
19 .preference.learning_max_entry = 2048,
20 .preference.learning_verbose = false,
21 .preference.permissive_verbose = true
22};
23
24
25static unsigned int tomoyo_profile_version;
26
27
28static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES];
29
30
31static const char *tomoyo_mode[4] = {
32 "disabled", "learning", "permissive", "enforcing"
33};
34
35
36static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
37 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
38 [TOMOYO_MAC_FILE_EXECUTE] = "file::execute",
39 [TOMOYO_MAC_FILE_OPEN] = "file::open",
40 [TOMOYO_MAC_FILE_CREATE] = "file::create",
41 [TOMOYO_MAC_FILE_UNLINK] = "file::unlink",
42 [TOMOYO_MAC_FILE_MKDIR] = "file::mkdir",
43 [TOMOYO_MAC_FILE_RMDIR] = "file::rmdir",
44 [TOMOYO_MAC_FILE_MKFIFO] = "file::mkfifo",
45 [TOMOYO_MAC_FILE_MKSOCK] = "file::mksock",
46 [TOMOYO_MAC_FILE_TRUNCATE] = "file::truncate",
47 [TOMOYO_MAC_FILE_SYMLINK] = "file::symlink",
48 [TOMOYO_MAC_FILE_REWRITE] = "file::rewrite",
49 [TOMOYO_MAC_FILE_MKBLOCK] = "file::mkblock",
50 [TOMOYO_MAC_FILE_MKCHAR] = "file::mkchar",
51 [TOMOYO_MAC_FILE_LINK] = "file::link",
52 [TOMOYO_MAC_FILE_RENAME] = "file::rename",
53 [TOMOYO_MAC_FILE_CHMOD] = "file::chmod",
54 [TOMOYO_MAC_FILE_CHOWN] = "file::chown",
55 [TOMOYO_MAC_FILE_CHGRP] = "file::chgrp",
56 [TOMOYO_MAC_FILE_IOCTL] = "file::ioctl",
57 [TOMOYO_MAC_FILE_CHROOT] = "file::chroot",
58 [TOMOYO_MAC_FILE_MOUNT] = "file::mount",
59 [TOMOYO_MAC_FILE_UMOUNT] = "file::umount",
60 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root",
61 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file",
62};
63
64
65static bool tomoyo_manage_by_non_root;
66
67
68
69
70
71
72
73
74static const char *tomoyo_yesno(const unsigned int value)
75{
76 return value ? "yes" : "no";
77}
78
79static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...)
80{
81 va_list args;
82 const int pos = strlen(buffer);
83 va_start(args, fmt);
84 vsnprintf(buffer + pos, len - pos - 1, fmt, args);
85 va_end(args);
86}
87
88
89
90
91
92
93
94
95static bool tomoyo_flush(struct tomoyo_io_buffer *head)
96{
97 while (head->r.w_pos) {
98 const char *w = head->r.w[0];
99 int len = strlen(w);
100 if (len) {
101 if (len > head->read_user_buf_avail)
102 len = head->read_user_buf_avail;
103 if (!len)
104 return false;
105 if (copy_to_user(head->read_user_buf, w, len))
106 return false;
107 head->read_user_buf_avail -= len;
108 head->read_user_buf += len;
109 w += len;
110 }
111 if (*w) {
112 head->r.w[0] = w;
113 return false;
114 }
115
116 if (head->poll) {
117 if (!head->read_user_buf_avail ||
118 copy_to_user(head->read_user_buf, "", 1))
119 return false;
120 head->read_user_buf_avail--;
121 head->read_user_buf++;
122 }
123 head->r.w_pos--;
124 for (len = 0; len < head->r.w_pos; len++)
125 head->r.w[len] = head->r.w[len + 1];
126 }
127 head->r.avail = 0;
128 return true;
129}
130
131
132
133
134
135
136
137
138
139
140
141static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string)
142{
143 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) {
144 head->r.w[head->r.w_pos++] = string;
145 tomoyo_flush(head);
146 } else
147 WARN_ON(1);
148}
149
150
151
152
153
154
155
156void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
157{
158 va_list args;
159 int len;
160 int pos = head->r.avail;
161 int size = head->readbuf_size - pos;
162 if (size <= 0)
163 return;
164 va_start(args, fmt);
165 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
166 va_end(args);
167 if (pos + len >= head->readbuf_size) {
168 WARN_ON(1);
169 return;
170 }
171 head->r.avail += len;
172 tomoyo_set_string(head, head->read_buf + pos);
173}
174
175static void tomoyo_set_space(struct tomoyo_io_buffer *head)
176{
177 tomoyo_set_string(head, " ");
178}
179
180static bool tomoyo_set_lf(struct tomoyo_io_buffer *head)
181{
182 tomoyo_set_string(head, "\n");
183 return !head->r.w_pos;
184}
185
186
187
188
189
190
191
192static void tomoyo_print_name_union(struct tomoyo_io_buffer *head,
193 const struct tomoyo_name_union *ptr)
194{
195 tomoyo_set_space(head);
196 if (ptr->is_group) {
197 tomoyo_set_string(head, "@");
198 tomoyo_set_string(head, ptr->group->group_name->name);
199 } else {
200 tomoyo_set_string(head, ptr->filename->name);
201 }
202}
203
204
205
206
207
208
209
210static void tomoyo_print_number_union(struct tomoyo_io_buffer *head,
211 const struct tomoyo_number_union *ptr)
212{
213 tomoyo_set_space(head);
214 if (ptr->is_group) {
215 tomoyo_set_string(head, "@");
216 tomoyo_set_string(head, ptr->group->group_name->name);
217 } else {
218 int i;
219 unsigned long min = ptr->values[0];
220 const unsigned long max = ptr->values[1];
221 u8 min_type = ptr->min_type;
222 const u8 max_type = ptr->max_type;
223 char buffer[128];
224 buffer[0] = '\0';
225 for (i = 0; i < 2; i++) {
226 switch (min_type) {
227 case TOMOYO_VALUE_TYPE_HEXADECIMAL:
228 tomoyo_addprintf(buffer, sizeof(buffer),
229 "0x%lX", min);
230 break;
231 case TOMOYO_VALUE_TYPE_OCTAL:
232 tomoyo_addprintf(buffer, sizeof(buffer),
233 "0%lo", min);
234 break;
235 default:
236 tomoyo_addprintf(buffer, sizeof(buffer),
237 "%lu", min);
238 break;
239 }
240 if (min == max && min_type == max_type)
241 break;
242 tomoyo_addprintf(buffer, sizeof(buffer), "-");
243 min_type = max_type;
244 min = max;
245 }
246 tomoyo_io_printf(head, "%s", buffer);
247 }
248}
249
250
251
252
253
254
255
256
257static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile)
258{
259 struct tomoyo_profile *ptr;
260 struct tomoyo_profile *entry;
261 if (profile >= TOMOYO_MAX_PROFILES)
262 return NULL;
263 ptr = tomoyo_profile_ptr[profile];
264 if (ptr)
265 return ptr;
266 entry = kzalloc(sizeof(*entry), GFP_NOFS);
267 if (mutex_lock_interruptible(&tomoyo_policy_lock))
268 goto out;
269 ptr = tomoyo_profile_ptr[profile];
270 if (!ptr && tomoyo_memory_ok(entry)) {
271 ptr = entry;
272 ptr->learning = &tomoyo_default_profile.preference;
273 ptr->permissive = &tomoyo_default_profile.preference;
274 ptr->enforcing = &tomoyo_default_profile.preference;
275 ptr->default_config = TOMOYO_CONFIG_DISABLED;
276 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT,
277 sizeof(ptr->config));
278 mb();
279 tomoyo_profile_ptr[profile] = ptr;
280 entry = NULL;
281 }
282 mutex_unlock(&tomoyo_policy_lock);
283 out:
284 kfree(entry);
285 return ptr;
286}
287
288
289
290
291
292
293
294
295struct tomoyo_profile *tomoyo_profile(const u8 profile)
296{
297 struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile];
298 if (!tomoyo_policy_loaded)
299 return &tomoyo_default_profile;
300 BUG_ON(!ptr);
301 return ptr;
302}
303
304static s8 tomoyo_find_yesno(const char *string, const char *find)
305{
306 const char *cp = strstr(string, find);
307 if (cp) {
308 cp += strlen(find);
309 if (!strncmp(cp, "=yes", 4))
310 return 1;
311 else if (!strncmp(cp, "=no", 3))
312 return 0;
313 }
314 return -1;
315}
316
317static void tomoyo_set_bool(bool *b, const char *string, const char *find)
318{
319 switch (tomoyo_find_yesno(string, find)) {
320 case 1:
321 *b = true;
322 break;
323 case 0:
324 *b = false;
325 break;
326 }
327}
328
329static void tomoyo_set_uint(unsigned int *i, const char *string,
330 const char *find)
331{
332 const char *cp = strstr(string, find);
333 if (cp)
334 sscanf(cp + strlen(find), "=%u", i);
335}
336
337static void tomoyo_set_pref(const char *name, const char *value,
338 const bool use_default,
339 struct tomoyo_profile *profile)
340{
341 struct tomoyo_preference **pref;
342 bool *verbose;
343 if (!strcmp(name, "enforcing")) {
344 if (use_default) {
345 pref = &profile->enforcing;
346 goto set_default;
347 }
348 profile->enforcing = &profile->preference;
349 verbose = &profile->preference.enforcing_verbose;
350 goto set_verbose;
351 }
352 if (!strcmp(name, "permissive")) {
353 if (use_default) {
354 pref = &profile->permissive;
355 goto set_default;
356 }
357 profile->permissive = &profile->preference;
358 verbose = &profile->preference.permissive_verbose;
359 goto set_verbose;
360 }
361 if (!strcmp(name, "learning")) {
362 if (use_default) {
363 pref = &profile->learning;
364 goto set_default;
365 }
366 profile->learning = &profile->preference;
367 tomoyo_set_uint(&profile->preference.learning_max_entry, value,
368 "max_entry");
369 verbose = &profile->preference.learning_verbose;
370 goto set_verbose;
371 }
372 return;
373 set_default:
374 *pref = &tomoyo_default_profile.preference;
375 return;
376 set_verbose:
377 tomoyo_set_bool(verbose, value, "verbose");
378}
379
380static int tomoyo_set_mode(char *name, const char *value,
381 const bool use_default,
382 struct tomoyo_profile *profile)
383{
384 u8 i;
385 u8 config;
386 if (!strcmp(name, "CONFIG")) {
387 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX;
388 config = profile->default_config;
389 } else if (tomoyo_str_starts(&name, "CONFIG::")) {
390 config = 0;
391 for (i = 0; i < TOMOYO_MAX_MAC_INDEX
392 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) {
393 if (strcmp(name, tomoyo_mac_keywords[i]))
394 continue;
395 config = profile->config[i];
396 break;
397 }
398 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
399 return -EINVAL;
400 } else {
401 return -EINVAL;
402 }
403 if (use_default) {
404 config = TOMOYO_CONFIG_USE_DEFAULT;
405 } else {
406 u8 mode;
407 for (mode = 0; mode < 4; mode++)
408 if (strstr(value, tomoyo_mode[mode]))
409
410
411
412
413 config = (config & ~7) | mode;
414 }
415 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
416 profile->config[i] = config;
417 else if (config != TOMOYO_CONFIG_USE_DEFAULT)
418 profile->default_config = config;
419 return 0;
420}
421
422
423
424
425
426
427
428
429static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
430{
431 char *data = head->write_buf;
432 unsigned int i;
433 bool use_default = false;
434 char *cp;
435 struct tomoyo_profile *profile;
436 if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1)
437 return 0;
438 i = simple_strtoul(data, &cp, 10);
439 if (data == cp) {
440 profile = &tomoyo_default_profile;
441 } else {
442 if (*cp != '-')
443 return -EINVAL;
444 data = cp + 1;
445 profile = tomoyo_assign_profile(i);
446 if (!profile)
447 return -EINVAL;
448 }
449 cp = strchr(data, '=');
450 if (!cp)
451 return -EINVAL;
452 *cp++ = '\0';
453 if (profile != &tomoyo_default_profile)
454 use_default = strstr(cp, "use_default") != NULL;
455 if (tomoyo_str_starts(&data, "PREFERENCE::")) {
456 tomoyo_set_pref(data, cp, use_default, profile);
457 return 0;
458 }
459 if (profile == &tomoyo_default_profile)
460 return -EINVAL;
461 if (!strcmp(data, "COMMENT")) {
462 const struct tomoyo_path_info *old_comment = profile->comment;
463 profile->comment = tomoyo_get_name(cp);
464 tomoyo_put_name(old_comment);
465 return 0;
466 }
467 return tomoyo_set_mode(data, cp, use_default, profile);
468}
469
470static void tomoyo_print_preference(struct tomoyo_io_buffer *head,
471 const int idx)
472{
473 struct tomoyo_preference *pref = &tomoyo_default_profile.preference;
474 const struct tomoyo_profile *profile = idx >= 0 ?
475 tomoyo_profile_ptr[idx] : NULL;
476 char buffer[16] = "";
477 if (profile) {
478 buffer[sizeof(buffer) - 1] = '\0';
479 snprintf(buffer, sizeof(buffer) - 1, "%u-", idx);
480 }
481 if (profile) {
482 pref = profile->learning;
483 if (pref == &tomoyo_default_profile.preference)
484 goto skip1;
485 }
486 tomoyo_io_printf(head, "%sPREFERENCE::%s={ "
487 "verbose=%s max_entry=%u }\n",
488 buffer, "learning",
489 tomoyo_yesno(pref->learning_verbose),
490 pref->learning_max_entry);
491 skip1:
492 if (profile) {
493 pref = profile->permissive;
494 if (pref == &tomoyo_default_profile.preference)
495 goto skip2;
496 }
497 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n",
498 buffer, "permissive",
499 tomoyo_yesno(pref->permissive_verbose));
500 skip2:
501 if (profile) {
502 pref = profile->enforcing;
503 if (pref == &tomoyo_default_profile.preference)
504 return;
505 }
506 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n",
507 buffer, "enforcing",
508 tomoyo_yesno(pref->enforcing_verbose));
509}
510
511static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config)
512{
513 tomoyo_io_printf(head, "={ mode=%s }\n", tomoyo_mode[config & 3]);
514}
515
516
517
518
519
520
521static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
522{
523 u8 index;
524 const struct tomoyo_profile *profile;
525 next:
526 index = head->r.index;
527 profile = tomoyo_profile_ptr[index];
528 switch (head->r.step) {
529 case 0:
530 tomoyo_io_printf(head, "PROFILE_VERSION=%s\n", "20090903");
531 tomoyo_print_preference(head, -1);
532 head->r.step++;
533 break;
534 case 1:
535 for ( ; head->r.index < TOMOYO_MAX_PROFILES;
536 head->r.index++)
537 if (tomoyo_profile_ptr[head->r.index])
538 break;
539 if (head->r.index == TOMOYO_MAX_PROFILES)
540 return;
541 head->r.step++;
542 break;
543 case 2:
544 {
545 const struct tomoyo_path_info *comment =
546 profile->comment;
547 tomoyo_io_printf(head, "%u-COMMENT=", index);
548 tomoyo_set_string(head, comment ? comment->name : "");
549 tomoyo_set_lf(head);
550 head->r.step++;
551 }
552 break;
553 case 3:
554 {
555 tomoyo_io_printf(head, "%u-%s", index, "CONFIG");
556 tomoyo_print_config(head, profile->default_config);
557 head->r.bit = 0;
558 head->r.step++;
559 }
560 break;
561 case 4:
562 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX
563 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
564 const u8 i = head->r.bit;
565 const u8 config = profile->config[i];
566 if (config == TOMOYO_CONFIG_USE_DEFAULT)
567 continue;
568 tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::",
569 tomoyo_mac_keywords[i]);
570 tomoyo_print_config(head, config);
571 head->r.bit++;
572 break;
573 }
574 if (head->r.bit == TOMOYO_MAX_MAC_INDEX
575 + TOMOYO_MAX_MAC_CATEGORY_INDEX) {
576 tomoyo_print_preference(head, index);
577 head->r.index++;
578 head->r.step = 1;
579 }
580 break;
581 }
582 if (tomoyo_flush(head))
583 goto next;
584}
585
586static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
587 const struct tomoyo_acl_head *b)
588{
589 return container_of(a, struct tomoyo_manager, head)->manager ==
590 container_of(b, struct tomoyo_manager, head)->manager;
591}
592
593
594
595
596
597
598
599
600
601
602
603static int tomoyo_update_manager_entry(const char *manager,
604 const bool is_delete)
605{
606 struct tomoyo_manager e = { };
607 int error;
608
609 if (tomoyo_domain_def(manager)) {
610 if (!tomoyo_correct_domain(manager))
611 return -EINVAL;
612 e.is_domain = true;
613 } else {
614 if (!tomoyo_correct_path(manager))
615 return -EINVAL;
616 }
617 e.manager = tomoyo_get_name(manager);
618 if (!e.manager)
619 return -ENOMEM;
620 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
621 &tomoyo_policy_list[TOMOYO_ID_MANAGER],
622 tomoyo_same_manager);
623 tomoyo_put_name(e.manager);
624 return error;
625}
626
627
628
629
630
631
632
633
634
635
636static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
637{
638 char *data = head->write_buf;
639 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
640
641 if (!strcmp(data, "manage_by_non_root")) {
642 tomoyo_manage_by_non_root = !is_delete;
643 return 0;
644 }
645 return tomoyo_update_manager_entry(data, is_delete);
646}
647
648
649
650
651
652
653
654
655static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
656{
657 if (head->r.eof)
658 return;
659 list_for_each_cookie(head->r.acl,
660 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
661 struct tomoyo_manager *ptr =
662 list_entry(head->r.acl, typeof(*ptr), head.list);
663 if (ptr->head.is_deleted)
664 continue;
665 if (!tomoyo_flush(head))
666 return;
667 tomoyo_set_string(head, ptr->manager->name);
668 tomoyo_set_lf(head);
669 }
670 head->r.eof = true;
671}
672
673
674
675
676
677
678
679
680
681static bool tomoyo_manager(void)
682{
683 struct tomoyo_manager *ptr;
684 const char *exe;
685 const struct task_struct *task = current;
686 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
687 bool found = false;
688
689 if (!tomoyo_policy_loaded)
690 return true;
691 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
692 return false;
693 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
694 head.list) {
695 if (!ptr->head.is_deleted && ptr->is_domain
696 && !tomoyo_pathcmp(domainname, ptr->manager)) {
697 found = true;
698 break;
699 }
700 }
701 if (found)
702 return true;
703 exe = tomoyo_get_exe();
704 if (!exe)
705 return false;
706 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
707 head.list) {
708 if (!ptr->head.is_deleted && !ptr->is_domain
709 && !strcmp(exe, ptr->manager->name)) {
710 found = true;
711 break;
712 }
713 }
714 if (!found) {
715 static pid_t last_pid;
716 const pid_t pid = current->pid;
717 if (last_pid != pid) {
718 printk(KERN_WARNING "%s ( %s ) is not permitted to "
719 "update policies.\n", domainname->name, exe);
720 last_pid = pid;
721 }
722 }
723 kfree(exe);
724 return found;
725}
726
727
728
729
730
731
732
733
734
735
736
737static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data)
738{
739 unsigned int pid;
740 struct tomoyo_domain_info *domain = NULL;
741 bool global_pid = false;
742
743 if (!strcmp(data, "allow_execute")) {
744 head->r.print_execute_only = true;
745 return true;
746 }
747 if (sscanf(data, "pid=%u", &pid) == 1 ||
748 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
749 struct task_struct *p;
750 rcu_read_lock();
751 read_lock(&tasklist_lock);
752 if (global_pid)
753 p = find_task_by_pid_ns(pid, &init_pid_ns);
754 else
755 p = find_task_by_vpid(pid);
756 if (p)
757 domain = tomoyo_real_domain(p);
758 read_unlock(&tasklist_lock);
759 rcu_read_unlock();
760 } else if (!strncmp(data, "domain=", 7)) {
761 if (tomoyo_domain_def(data + 7))
762 domain = tomoyo_find_domain(data + 7);
763 } else
764 return false;
765 head->write_var1 = domain;
766
767 if (!head->read_buf)
768 return true;
769 memset(&head->r, 0, sizeof(head->r));
770 head->r.print_this_domain_only = true;
771 if (domain)
772 head->r.domain = &domain->list;
773 else
774 head->r.eof = 1;
775 tomoyo_io_printf(head, "# select %s\n", data);
776 if (domain && domain->is_deleted)
777 tomoyo_io_printf(head, "# This is a deleted domain.\n");
778 return true;
779}
780
781
782
783
784
785
786
787
788
789
790static int tomoyo_delete_domain(char *domainname)
791{
792 struct tomoyo_domain_info *domain;
793 struct tomoyo_path_info name;
794
795 name.name = domainname;
796 tomoyo_fill_path_info(&name);
797 if (mutex_lock_interruptible(&tomoyo_policy_lock))
798 return 0;
799
800 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
801
802 if (domain == &tomoyo_kernel_domain)
803 continue;
804 if (domain->is_deleted ||
805 tomoyo_pathcmp(domain->domainname, &name))
806 continue;
807 domain->is_deleted = true;
808 break;
809 }
810 mutex_unlock(&tomoyo_policy_lock);
811 return 0;
812}
813
814
815
816
817
818
819
820
821
822
823static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain,
824 const bool is_delete)
825{
826 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT))
827 return tomoyo_write_mount(data, domain, is_delete);
828 return tomoyo_write_file(data, domain, is_delete);
829}
830
831
832
833
834
835
836
837
838
839
840static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
841{
842 char *data = head->write_buf;
843 struct tomoyo_domain_info *domain = head->write_var1;
844 bool is_delete = false;
845 bool is_select = false;
846 unsigned int profile;
847
848 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
849 is_delete = true;
850 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
851 is_select = true;
852 if (is_select && tomoyo_select_one(head, data))
853 return 0;
854
855 if (!tomoyo_manager())
856 return -EPERM;
857 if (tomoyo_domain_def(data)) {
858 domain = NULL;
859 if (is_delete)
860 tomoyo_delete_domain(data);
861 else if (is_select)
862 domain = tomoyo_find_domain(data);
863 else
864 domain = tomoyo_assign_domain(data, 0);
865 head->write_var1 = domain;
866 return 0;
867 }
868 if (!domain)
869 return -EINVAL;
870
871 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1
872 && profile < TOMOYO_MAX_PROFILES) {
873 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)
874 domain->profile = (u8) profile;
875 return 0;
876 }
877 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
878 domain->ignore_global_allow_read = !is_delete;
879 return 0;
880 }
881 if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) {
882 domain->quota_warned = !is_delete;
883 return 0;
884 }
885 if (!strcmp(data, TOMOYO_KEYWORD_TRANSITION_FAILED)) {
886 domain->transition_failed = !is_delete;
887 return 0;
888 }
889 return tomoyo_write_domain2(data, domain, is_delete);
890}
891
892
893
894
895
896
897
898
899
900static u8 tomoyo_fns(const u8 perm, u8 bit)
901{
902 for ( ; bit < 8; bit++)
903 if (perm & (1 << bit))
904 break;
905 return bit;
906}
907
908
909
910
911
912
913
914
915
916static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
917 struct tomoyo_acl_info *acl)
918{
919 const u8 acl_type = acl->type;
920 u8 bit;
921
922 if (acl->is_deleted)
923 return true;
924 next:
925 bit = head->r.bit;
926 if (!tomoyo_flush(head))
927 return false;
928 else if (acl_type == TOMOYO_TYPE_PATH_ACL) {
929 struct tomoyo_path_acl *ptr =
930 container_of(acl, typeof(*ptr), head);
931 const u16 perm = ptr->perm;
932 for ( ; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
933 if (!(perm & (1 << bit)))
934 continue;
935 if (head->r.print_execute_only &&
936 bit != TOMOYO_TYPE_EXECUTE)
937 continue;
938
939 if ((bit == TOMOYO_TYPE_READ ||
940 bit == TOMOYO_TYPE_WRITE)
941 && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
942 continue;
943 break;
944 }
945 if (bit >= TOMOYO_MAX_PATH_OPERATION)
946 goto done;
947 tomoyo_io_printf(head, "allow_%s", tomoyo_path_keyword[bit]);
948 tomoyo_print_name_union(head, &ptr->name);
949 } else if (head->r.print_execute_only) {
950 return true;
951 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
952 struct tomoyo_path2_acl *ptr =
953 container_of(acl, typeof(*ptr), head);
954 bit = tomoyo_fns(ptr->perm, bit);
955 if (bit >= TOMOYO_MAX_PATH2_OPERATION)
956 goto done;
957 tomoyo_io_printf(head, "allow_%s", tomoyo_path2_keyword[bit]);
958 tomoyo_print_name_union(head, &ptr->name1);
959 tomoyo_print_name_union(head, &ptr->name2);
960 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) {
961 struct tomoyo_path_number_acl *ptr =
962 container_of(acl, typeof(*ptr), head);
963 bit = tomoyo_fns(ptr->perm, bit);
964 if (bit >= TOMOYO_MAX_PATH_NUMBER_OPERATION)
965 goto done;
966 tomoyo_io_printf(head, "allow_%s",
967 tomoyo_path_number_keyword[bit]);
968 tomoyo_print_name_union(head, &ptr->name);
969 tomoyo_print_number_union(head, &ptr->number);
970 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
971 struct tomoyo_mkdev_acl *ptr =
972 container_of(acl, typeof(*ptr), head);
973 bit = tomoyo_fns(ptr->perm, bit);
974 if (bit >= TOMOYO_MAX_MKDEV_OPERATION)
975 goto done;
976 tomoyo_io_printf(head, "allow_%s", tomoyo_mkdev_keyword[bit]);
977 tomoyo_print_name_union(head, &ptr->name);
978 tomoyo_print_number_union(head, &ptr->mode);
979 tomoyo_print_number_union(head, &ptr->major);
980 tomoyo_print_number_union(head, &ptr->minor);
981 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
982 struct tomoyo_mount_acl *ptr =
983 container_of(acl, typeof(*ptr), head);
984 tomoyo_io_printf(head, "allow_mount");
985 tomoyo_print_name_union(head, &ptr->dev_name);
986 tomoyo_print_name_union(head, &ptr->dir_name);
987 tomoyo_print_name_union(head, &ptr->fs_type);
988 tomoyo_print_number_union(head, &ptr->flags);
989 }
990 head->r.bit = bit + 1;
991 tomoyo_io_printf(head, "\n");
992 if (acl_type != TOMOYO_TYPE_MOUNT_ACL)
993 goto next;
994 done:
995 head->r.bit = 0;
996 return true;
997}
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head,
1010 struct tomoyo_domain_info *domain)
1011{
1012 list_for_each_cookie(head->r.acl, &domain->acl_info_list) {
1013 struct tomoyo_acl_info *ptr =
1014 list_entry(head->r.acl, typeof(*ptr), list);
1015 if (!tomoyo_print_entry(head, ptr))
1016 return false;
1017 }
1018 head->r.acl = NULL;
1019 return true;
1020}
1021
1022
1023
1024
1025
1026
1027
1028
1029static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1030{
1031 if (head->r.eof)
1032 return;
1033 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1034 struct tomoyo_domain_info *domain =
1035 list_entry(head->r.domain, typeof(*domain), list);
1036 switch (head->r.step) {
1037 case 0:
1038 if (domain->is_deleted &&
1039 !head->r.print_this_domain_only)
1040 continue;
1041
1042 tomoyo_set_string(head, domain->domainname->name);
1043 tomoyo_set_lf(head);
1044 tomoyo_io_printf(head,
1045 TOMOYO_KEYWORD_USE_PROFILE "%u\n",
1046 domain->profile);
1047 if (domain->quota_warned)
1048 tomoyo_set_string(head, "quota_exceeded\n");
1049 if (domain->transition_failed)
1050 tomoyo_set_string(head, "transition_failed\n");
1051 if (domain->ignore_global_allow_read)
1052 tomoyo_set_string(head,
1053 TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ
1054 "\n");
1055 head->r.step++;
1056 tomoyo_set_lf(head);
1057
1058 case 1:
1059 if (!tomoyo_read_domain2(head, domain))
1060 return;
1061 head->r.step++;
1062 if (!tomoyo_set_lf(head))
1063 return;
1064
1065 case 2:
1066 head->r.step = 0;
1067 if (head->r.print_this_domain_only)
1068 goto done;
1069 }
1070 }
1071 done:
1072 head->r.eof = true;
1073}
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1090{
1091 char *data = head->write_buf;
1092 char *cp = strchr(data, ' ');
1093 struct tomoyo_domain_info *domain;
1094 unsigned long profile;
1095
1096 if (!cp)
1097 return -EINVAL;
1098 *cp = '\0';
1099 domain = tomoyo_find_domain(cp + 1);
1100 if (strict_strtoul(data, 10, &profile))
1101 return -EINVAL;
1102 if (domain && profile < TOMOYO_MAX_PROFILES
1103 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded))
1104 domain->profile = (u8) profile;
1105 return 0;
1106}
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1125{
1126 if (head->r.eof)
1127 return;
1128 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1129 struct tomoyo_domain_info *domain =
1130 list_entry(head->r.domain, typeof(*domain), list);
1131 if (domain->is_deleted)
1132 continue;
1133 if (!tomoyo_flush(head))
1134 return;
1135 tomoyo_io_printf(head, "%u ", domain->profile);
1136 tomoyo_set_string(head, domain->domainname->name);
1137 tomoyo_set_lf(head);
1138 }
1139 head->r.eof = true;
1140}
1141
1142
1143
1144
1145
1146
1147
1148
1149static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1150{
1151 head->r.eof = false;
1152 return 0;
1153}
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
1166{
1167 char *buf = head->write_buf;
1168 bool global_pid = false;
1169 unsigned int pid;
1170 struct task_struct *p;
1171 struct tomoyo_domain_info *domain = NULL;
1172
1173
1174 if (!buf) {
1175 head->r.eof = true;
1176 return;
1177 }
1178 if (head->r.w_pos || head->r.eof)
1179 return;
1180 head->r.eof = true;
1181 if (tomoyo_str_starts(&buf, "global-pid "))
1182 global_pid = true;
1183 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1184 rcu_read_lock();
1185 read_lock(&tasklist_lock);
1186 if (global_pid)
1187 p = find_task_by_pid_ns(pid, &init_pid_ns);
1188 else
1189 p = find_task_by_vpid(pid);
1190 if (p)
1191 domain = tomoyo_real_domain(p);
1192 read_unlock(&tasklist_lock);
1193 rcu_read_unlock();
1194 if (!domain)
1195 return;
1196 tomoyo_io_printf(head, "%u %u ", pid, domain->profile);
1197 tomoyo_set_string(head, domain->domainname->name);
1198}
1199
1200static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1201 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE]
1202 = TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN,
1203 [TOMOYO_TRANSITION_CONTROL_INITIALIZE]
1204 = TOMOYO_KEYWORD_INITIALIZE_DOMAIN,
1205 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = TOMOYO_KEYWORD_NO_KEEP_DOMAIN,
1206 [TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN
1207};
1208
1209static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1210 [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP,
1211 [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP
1212};
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1224{
1225 char *data = head->write_buf;
1226 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1227 u8 i;
1228 static const struct {
1229 const char *keyword;
1230 int (*write) (char *, const bool);
1231 } tomoyo_callback[4] = {
1232 { TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator },
1233 { TOMOYO_KEYWORD_FILE_PATTERN, tomoyo_write_pattern },
1234 { TOMOYO_KEYWORD_DENY_REWRITE, tomoyo_write_no_rewrite },
1235 { TOMOYO_KEYWORD_ALLOW_READ, tomoyo_write_globally_readable },
1236 };
1237
1238 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1239 if (tomoyo_str_starts(&data, tomoyo_transition_type[i]))
1240 return tomoyo_write_transition_control(data, is_delete,
1241 i);
1242 for (i = 0; i < 4; i++)
1243 if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword))
1244 return tomoyo_callback[i].write(data, is_delete);
1245 for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1246 if (tomoyo_str_starts(&data, tomoyo_group_name[i]))
1247 return tomoyo_write_group(data, is_delete, i);
1248 return -EINVAL;
1249}
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1262{
1263 list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) {
1264 struct tomoyo_group *group =
1265 list_entry(head->r.group, typeof(*group), list);
1266 list_for_each_cookie(head->r.acl, &group->member_list) {
1267 struct tomoyo_acl_head *ptr =
1268 list_entry(head->r.acl, typeof(*ptr), list);
1269 if (ptr->is_deleted)
1270 continue;
1271 if (!tomoyo_flush(head))
1272 return false;
1273 tomoyo_set_string(head, tomoyo_group_name[idx]);
1274 tomoyo_set_string(head, group->group_name->name);
1275 if (idx == TOMOYO_PATH_GROUP) {
1276 tomoyo_set_space(head);
1277 tomoyo_set_string(head, container_of
1278 (ptr, struct tomoyo_path_group,
1279 head)->member_name->name);
1280 } else if (idx == TOMOYO_NUMBER_GROUP) {
1281 tomoyo_print_number_union(head, &container_of
1282 (ptr,
1283 struct tomoyo_number_group,
1284 head)->number);
1285 }
1286 tomoyo_set_lf(head);
1287 }
1288 head->r.acl = NULL;
1289 }
1290 head->r.group = NULL;
1291 return true;
1292}
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1305{
1306 list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) {
1307 struct tomoyo_acl_head *acl =
1308 container_of(head->r.acl, typeof(*acl), list);
1309 if (acl->is_deleted)
1310 continue;
1311 if (!tomoyo_flush(head))
1312 return false;
1313 switch (idx) {
1314 case TOMOYO_ID_TRANSITION_CONTROL:
1315 {
1316 struct tomoyo_transition_control *ptr =
1317 container_of(acl, typeof(*ptr), head);
1318 tomoyo_set_string(head,
1319 tomoyo_transition_type
1320 [ptr->type]);
1321 if (ptr->program)
1322 tomoyo_set_string(head,
1323 ptr->program->name);
1324 if (ptr->program && ptr->domainname)
1325 tomoyo_set_string(head, " from ");
1326 if (ptr->domainname)
1327 tomoyo_set_string(head,
1328 ptr->domainname->
1329 name);
1330 }
1331 break;
1332 case TOMOYO_ID_GLOBALLY_READABLE:
1333 {
1334 struct tomoyo_readable_file *ptr =
1335 container_of(acl, typeof(*ptr), head);
1336 tomoyo_set_string(head,
1337 TOMOYO_KEYWORD_ALLOW_READ);
1338 tomoyo_set_string(head, ptr->filename->name);
1339 }
1340 break;
1341 case TOMOYO_ID_AGGREGATOR:
1342 {
1343 struct tomoyo_aggregator *ptr =
1344 container_of(acl, typeof(*ptr), head);
1345 tomoyo_set_string(head,
1346 TOMOYO_KEYWORD_AGGREGATOR);
1347 tomoyo_set_string(head,
1348 ptr->original_name->name);
1349 tomoyo_set_space(head);
1350 tomoyo_set_string(head,
1351 ptr->aggregated_name->name);
1352 }
1353 break;
1354 case TOMOYO_ID_PATTERN:
1355 {
1356 struct tomoyo_no_pattern *ptr =
1357 container_of(acl, typeof(*ptr), head);
1358 tomoyo_set_string(head,
1359 TOMOYO_KEYWORD_FILE_PATTERN);
1360 tomoyo_set_string(head, ptr->pattern->name);
1361 }
1362 break;
1363 case TOMOYO_ID_NO_REWRITE:
1364 {
1365 struct tomoyo_no_rewrite *ptr =
1366 container_of(acl, typeof(*ptr), head);
1367 tomoyo_set_string(head,
1368 TOMOYO_KEYWORD_DENY_REWRITE);
1369 tomoyo_set_string(head, ptr->pattern->name);
1370 }
1371 break;
1372 default:
1373 continue;
1374 }
1375 tomoyo_set_lf(head);
1376 }
1377 head->r.acl = NULL;
1378 return true;
1379}
1380
1381
1382
1383
1384
1385
1386
1387
1388static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
1389{
1390 if (head->r.eof)
1391 return;
1392 while (head->r.step < TOMOYO_MAX_POLICY &&
1393 tomoyo_read_policy(head, head->r.step))
1394 head->r.step++;
1395 if (head->r.step < TOMOYO_MAX_POLICY)
1396 return;
1397 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
1398 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY))
1399 head->r.step++;
1400 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
1401 return;
1402 head->r.eof = true;
1403}
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415static char *tomoyo_print_header(struct tomoyo_request_info *r)
1416{
1417 struct timeval tv;
1418 const pid_t gpid = task_pid_nr(current);
1419 static const int tomoyo_buffer_len = 4096;
1420 char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS);
1421 pid_t ppid;
1422 if (!buffer)
1423 return NULL;
1424 do_gettimeofday(&tv);
1425 rcu_read_lock();
1426 ppid = task_tgid_vnr(current->real_parent);
1427 rcu_read_unlock();
1428 snprintf(buffer, tomoyo_buffer_len - 1,
1429 "#timestamp=%lu profile=%u mode=%s (global-pid=%u)"
1430 " task={ pid=%u ppid=%u uid=%u gid=%u euid=%u"
1431 " egid=%u suid=%u sgid=%u fsuid=%u fsgid=%u }",
1432 tv.tv_sec, r->profile, tomoyo_mode[r->mode], gpid,
1433 task_tgid_vnr(current), ppid,
1434 current_uid(), current_gid(), current_euid(),
1435 current_egid(), current_suid(), current_sgid(),
1436 current_fsuid(), current_fsgid());
1437 return buffer;
1438}
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453static char *tomoyo_init_audit_log(int *len, struct tomoyo_request_info *r)
1454{
1455 char *buf = NULL;
1456 const char *header;
1457 const char *domainname;
1458 if (!r->domain)
1459 r->domain = tomoyo_domain();
1460 domainname = r->domain->domainname->name;
1461 header = tomoyo_print_header(r);
1462 if (!header)
1463 return NULL;
1464 *len += strlen(domainname) + strlen(header) + 10;
1465 buf = kzalloc(*len, GFP_NOFS);
1466 if (buf)
1467 snprintf(buf, (*len) - 1, "%s\n%s\n", header, domainname);
1468 kfree(header);
1469 return buf;
1470}
1471
1472
1473static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait);
1474
1475
1476static DEFINE_SPINLOCK(tomoyo_query_list_lock);
1477
1478
1479struct tomoyo_query {
1480 struct list_head list;
1481 char *query;
1482 int query_len;
1483 unsigned int serial;
1484 int timer;
1485 int answer;
1486};
1487
1488
1489static LIST_HEAD(tomoyo_query_list);
1490
1491
1492
1493
1494
1495static atomic_t tomoyo_query_observers = ATOMIC_INIT(0);
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1509{
1510 va_list args;
1511 int error = -EPERM;
1512 int pos;
1513 int len;
1514 static unsigned int tomoyo_serial;
1515 struct tomoyo_query *entry = NULL;
1516 bool quota_exceeded = false;
1517 char *header;
1518 switch (r->mode) {
1519 char *buffer;
1520 case TOMOYO_CONFIG_LEARNING:
1521 if (!tomoyo_domain_quota_is_ok(r))
1522 return 0;
1523 va_start(args, fmt);
1524 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4;
1525 va_end(args);
1526 buffer = kmalloc(len, GFP_NOFS);
1527 if (!buffer)
1528 return 0;
1529 va_start(args, fmt);
1530 vsnprintf(buffer, len - 1, fmt, args);
1531 va_end(args);
1532 tomoyo_normalize_line(buffer);
1533 tomoyo_write_domain2(buffer, r->domain, false);
1534 kfree(buffer);
1535
1536 case TOMOYO_CONFIG_PERMISSIVE:
1537 return 0;
1538 }
1539 if (!r->domain)
1540 r->domain = tomoyo_domain();
1541 if (!atomic_read(&tomoyo_query_observers))
1542 return -EPERM;
1543 va_start(args, fmt);
1544 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
1545 va_end(args);
1546 header = tomoyo_init_audit_log(&len, r);
1547 if (!header)
1548 goto out;
1549 entry = kzalloc(sizeof(*entry), GFP_NOFS);
1550 if (!entry)
1551 goto out;
1552 entry->query = kzalloc(len, GFP_NOFS);
1553 if (!entry->query)
1554 goto out;
1555 len = ksize(entry->query);
1556 spin_lock(&tomoyo_query_list_lock);
1557 if (tomoyo_quota_for_query && tomoyo_query_memory_size + len +
1558 sizeof(*entry) >= tomoyo_quota_for_query) {
1559 quota_exceeded = true;
1560 } else {
1561 tomoyo_query_memory_size += len + sizeof(*entry);
1562 entry->serial = tomoyo_serial++;
1563 }
1564 spin_unlock(&tomoyo_query_list_lock);
1565 if (quota_exceeded)
1566 goto out;
1567 pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s",
1568 entry->serial, r->retry, header);
1569 kfree(header);
1570 header = NULL;
1571 va_start(args, fmt);
1572 vsnprintf(entry->query + pos, len - 1 - pos, fmt, args);
1573 entry->query_len = strlen(entry->query) + 1;
1574 va_end(args);
1575 spin_lock(&tomoyo_query_list_lock);
1576 list_add_tail(&entry->list, &tomoyo_query_list);
1577 spin_unlock(&tomoyo_query_list_lock);
1578
1579 for (entry->timer = 0;
1580 atomic_read(&tomoyo_query_observers) && entry->timer < 100;
1581 entry->timer++) {
1582 wake_up(&tomoyo_query_wait);
1583 set_current_state(TASK_INTERRUPTIBLE);
1584 schedule_timeout(HZ / 10);
1585 if (entry->answer)
1586 break;
1587 }
1588 spin_lock(&tomoyo_query_list_lock);
1589 list_del(&entry->list);
1590 tomoyo_query_memory_size -= len + sizeof(*entry);
1591 spin_unlock(&tomoyo_query_list_lock);
1592 switch (entry->answer) {
1593 case 3:
1594 error = TOMOYO_RETRY_REQUEST;
1595 r->retry++;
1596 break;
1597 case 1:
1598
1599 error = 0;
1600 break;
1601 case 0:
1602
1603 break;
1604 default:
1605
1606 break;
1607 }
1608 out:
1609 if (entry)
1610 kfree(entry->query);
1611 kfree(entry);
1612 kfree(header);
1613 return error;
1614}
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626static int tomoyo_poll_query(struct file *file, poll_table *wait)
1627{
1628 struct list_head *tmp;
1629 bool found = false;
1630 u8 i;
1631 for (i = 0; i < 2; i++) {
1632 spin_lock(&tomoyo_query_list_lock);
1633 list_for_each(tmp, &tomoyo_query_list) {
1634 struct tomoyo_query *ptr =
1635 list_entry(tmp, typeof(*ptr), list);
1636 if (ptr->answer)
1637 continue;
1638 found = true;
1639 break;
1640 }
1641 spin_unlock(&tomoyo_query_list_lock);
1642 if (found)
1643 return POLLIN | POLLRDNORM;
1644 if (i)
1645 break;
1646 poll_wait(file, &tomoyo_query_wait, wait);
1647 }
1648 return 0;
1649}
1650
1651
1652
1653
1654
1655
1656static void tomoyo_read_query(struct tomoyo_io_buffer *head)
1657{
1658 struct list_head *tmp;
1659 int pos = 0;
1660 int len = 0;
1661 char *buf;
1662 if (head->r.w_pos)
1663 return;
1664 if (head->read_buf) {
1665 kfree(head->read_buf);
1666 head->read_buf = NULL;
1667 }
1668 spin_lock(&tomoyo_query_list_lock);
1669 list_for_each(tmp, &tomoyo_query_list) {
1670 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1671 if (ptr->answer)
1672 continue;
1673 if (pos++ != head->r.query_index)
1674 continue;
1675 len = ptr->query_len;
1676 break;
1677 }
1678 spin_unlock(&tomoyo_query_list_lock);
1679 if (!len) {
1680 head->r.query_index = 0;
1681 return;
1682 }
1683 buf = kzalloc(len, GFP_NOFS);
1684 if (!buf)
1685 return;
1686 pos = 0;
1687 spin_lock(&tomoyo_query_list_lock);
1688 list_for_each(tmp, &tomoyo_query_list) {
1689 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1690 if (ptr->answer)
1691 continue;
1692 if (pos++ != head->r.query_index)
1693 continue;
1694
1695
1696
1697
1698 if (len == ptr->query_len)
1699 memmove(buf, ptr->query, len);
1700 break;
1701 }
1702 spin_unlock(&tomoyo_query_list_lock);
1703 if (buf[0]) {
1704 head->read_buf = buf;
1705 head->r.w[head->r.w_pos++] = buf;
1706 head->r.query_index++;
1707 } else {
1708 kfree(buf);
1709 }
1710}
1711
1712
1713
1714
1715
1716
1717
1718
1719static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
1720{
1721 char *data = head->write_buf;
1722 struct list_head *tmp;
1723 unsigned int serial;
1724 unsigned int answer;
1725 spin_lock(&tomoyo_query_list_lock);
1726 list_for_each(tmp, &tomoyo_query_list) {
1727 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1728 ptr->timer = 0;
1729 }
1730 spin_unlock(&tomoyo_query_list_lock);
1731 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
1732 return -EINVAL;
1733 spin_lock(&tomoyo_query_list_lock);
1734 list_for_each(tmp, &tomoyo_query_list) {
1735 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1736 if (ptr->serial != serial)
1737 continue;
1738 if (!ptr->answer)
1739 ptr->answer = answer;
1740 break;
1741 }
1742 spin_unlock(&tomoyo_query_list_lock);
1743 return 0;
1744}
1745
1746
1747
1748
1749
1750
1751
1752
1753static void tomoyo_read_version(struct tomoyo_io_buffer *head)
1754{
1755 if (!head->r.eof) {
1756 tomoyo_io_printf(head, "2.3.0");
1757 head->r.eof = true;
1758 }
1759}
1760
1761
1762
1763
1764
1765
1766
1767
1768static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1769{
1770 if (!head->r.eof) {
1771
1772
1773
1774
1775
1776 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1777 head->r.eof = true;
1778 }
1779}
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791int tomoyo_open_control(const u8 type, struct file *file)
1792{
1793 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS);
1794
1795 if (!head)
1796 return -ENOMEM;
1797 mutex_init(&head->io_sem);
1798 head->type = type;
1799 switch (type) {
1800 case TOMOYO_DOMAINPOLICY:
1801
1802 head->write = tomoyo_write_domain;
1803 head->read = tomoyo_read_domain;
1804 break;
1805 case TOMOYO_EXCEPTIONPOLICY:
1806
1807 head->write = tomoyo_write_exception;
1808 head->read = tomoyo_read_exception;
1809 break;
1810 case TOMOYO_SELFDOMAIN:
1811
1812 head->read = tomoyo_read_self_domain;
1813 break;
1814 case TOMOYO_DOMAIN_STATUS:
1815
1816 head->write = tomoyo_write_domain_profile;
1817 head->read = tomoyo_read_domain_profile;
1818 break;
1819 case TOMOYO_PROCESS_STATUS:
1820
1821 head->write = tomoyo_write_pid;
1822 head->read = tomoyo_read_pid;
1823 break;
1824 case TOMOYO_VERSION:
1825
1826 head->read = tomoyo_read_version;
1827 head->readbuf_size = 128;
1828 break;
1829 case TOMOYO_MEMINFO:
1830
1831 head->write = tomoyo_write_memory_quota;
1832 head->read = tomoyo_read_memory_counter;
1833 head->readbuf_size = 512;
1834 break;
1835 case TOMOYO_PROFILE:
1836
1837 head->write = tomoyo_write_profile;
1838 head->read = tomoyo_read_profile;
1839 break;
1840 case TOMOYO_QUERY:
1841 head->poll = tomoyo_poll_query;
1842 head->write = tomoyo_write_answer;
1843 head->read = tomoyo_read_query;
1844 break;
1845 case TOMOYO_MANAGER:
1846
1847 head->write = tomoyo_write_manager;
1848 head->read = tomoyo_read_manager;
1849 break;
1850 }
1851 if (!(file->f_mode & FMODE_READ)) {
1852
1853
1854
1855
1856 head->read = NULL;
1857 head->poll = NULL;
1858 } else if (!head->poll) {
1859
1860 if (!head->readbuf_size)
1861 head->readbuf_size = 4096 * 2;
1862 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS);
1863 if (!head->read_buf) {
1864 kfree(head);
1865 return -ENOMEM;
1866 }
1867 }
1868 if (!(file->f_mode & FMODE_WRITE)) {
1869
1870
1871
1872
1873 head->write = NULL;
1874 } else if (head->write) {
1875 head->writebuf_size = 4096 * 2;
1876 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS);
1877 if (!head->write_buf) {
1878 kfree(head->read_buf);
1879 kfree(head);
1880 return -ENOMEM;
1881 }
1882 }
1883 if (type != TOMOYO_QUERY)
1884 head->reader_idx = tomoyo_read_lock();
1885 file->private_data = head;
1886
1887
1888
1889
1890
1891
1892
1893 if (type == TOMOYO_SELFDOMAIN)
1894 tomoyo_read_control(file, NULL, 0);
1895
1896
1897
1898
1899
1900
1901 else if (type == TOMOYO_QUERY)
1902 atomic_inc(&tomoyo_query_observers);
1903 return 0;
1904}
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915int tomoyo_poll_control(struct file *file, poll_table *wait)
1916{
1917 struct tomoyo_io_buffer *head = file->private_data;
1918 if (!head->poll)
1919 return -ENOSYS;
1920 return head->poll(file, wait);
1921}
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934int tomoyo_read_control(struct file *file, char __user *buffer,
1935 const int buffer_len)
1936{
1937 int len;
1938 struct tomoyo_io_buffer *head = file->private_data;
1939
1940 if (!head->read)
1941 return -ENOSYS;
1942 if (mutex_lock_interruptible(&head->io_sem))
1943 return -EINTR;
1944 head->read_user_buf = buffer;
1945 head->read_user_buf_avail = buffer_len;
1946 if (tomoyo_flush(head))
1947
1948 head->read(head);
1949 tomoyo_flush(head);
1950 len = head->read_user_buf - buffer;
1951 mutex_unlock(&head->io_sem);
1952 return len;
1953}
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966int tomoyo_write_control(struct file *file, const char __user *buffer,
1967 const int buffer_len)
1968{
1969 struct tomoyo_io_buffer *head = file->private_data;
1970 int error = buffer_len;
1971 int avail_len = buffer_len;
1972 char *cp0 = head->write_buf;
1973
1974 if (!head->write)
1975 return -ENOSYS;
1976 if (!access_ok(VERIFY_READ, buffer, buffer_len))
1977 return -EFAULT;
1978
1979 if (head->write != tomoyo_write_pid &&
1980 head->write != tomoyo_write_domain && !tomoyo_manager())
1981 return -EPERM;
1982 if (mutex_lock_interruptible(&head->io_sem))
1983 return -EINTR;
1984
1985 while (avail_len > 0) {
1986 char c;
1987 if (head->write_avail >= head->writebuf_size - 1) {
1988 error = -ENOMEM;
1989 break;
1990 } else if (get_user(c, buffer)) {
1991 error = -EFAULT;
1992 break;
1993 }
1994 buffer++;
1995 avail_len--;
1996 cp0[head->write_avail++] = c;
1997 if (c != '\n')
1998 continue;
1999 cp0[head->write_avail - 1] = '\0';
2000 head->write_avail = 0;
2001 tomoyo_normalize_line(cp0);
2002 head->write(head);
2003 }
2004 mutex_unlock(&head->io_sem);
2005 return error;
2006}
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017int tomoyo_close_control(struct file *file)
2018{
2019 struct tomoyo_io_buffer *head = file->private_data;
2020 const bool is_write = !!head->write_buf;
2021
2022
2023
2024
2025
2026 if (head->type == TOMOYO_QUERY)
2027 atomic_dec(&tomoyo_query_observers);
2028 else
2029 tomoyo_read_unlock(head->reader_idx);
2030
2031 kfree(head->read_buf);
2032 head->read_buf = NULL;
2033 kfree(head->write_buf);
2034 head->write_buf = NULL;
2035 kfree(head);
2036 head = NULL;
2037 file->private_data = NULL;
2038 if (is_write)
2039 tomoyo_run_gc();
2040 return 0;
2041}
2042
2043
2044
2045
2046void tomoyo_check_profile(void)
2047{
2048 struct tomoyo_domain_info *domain;
2049 const int idx = tomoyo_read_lock();
2050 tomoyo_policy_loaded = true;
2051
2052 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
2053 const u8 profile = domain->profile;
2054 if (tomoyo_profile_ptr[profile])
2055 continue;
2056 printk(KERN_ERR "You need to define profile %u before using it.\n",
2057 profile);
2058 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
2059 "for more information.\n");
2060 panic("Profile %u (used by '%s') not defined.\n",
2061 profile, domain->domainname->name);
2062 }
2063 tomoyo_read_unlock(idx);
2064 if (tomoyo_profile_version != 20090903) {
2065 printk(KERN_ERR "You need to install userland programs for "
2066 "TOMOYO 2.3 and initialize policy configuration.\n");
2067 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
2068 "for more information.\n");
2069 panic("Profile version %u is not supported.\n",
2070 tomoyo_profile_version);
2071 }
2072 printk(KERN_INFO "TOMOYO: 2.3.0\n");
2073 printk(KERN_INFO "Mandatory Access Control activated.\n");
2074}
2075
