1
2
3
4
5
6
7
8
9#include <linux/uaccess.h>
10#include <linux/slab.h>
11#include <linux/security.h>
12#include "common.h"
13
14static struct tomoyo_profile tomoyo_default_profile = {
15 .learning = &tomoyo_default_profile.preference,
16 .permissive = &tomoyo_default_profile.preference,
17 .enforcing = &tomoyo_default_profile.preference,
18 .preference.enforcing_verbose = true,
19 .preference.learning_max_entry = 2048,
20 .preference.learning_verbose = false,
21 .preference.permissive_verbose = true
22};
23
24
25static unsigned int tomoyo_profile_version;
26
27
28static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES];
29
30
31static const char *tomoyo_mode[4] = {
32 "disabled", "learning", "permissive", "enforcing"
33};
34
35
36static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
37 + TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
38 [TOMOYO_MAC_FILE_EXECUTE] = "file::execute",
39 [TOMOYO_MAC_FILE_OPEN] = "file::open",
40 [TOMOYO_MAC_FILE_CREATE] = "file::create",
41 [TOMOYO_MAC_FILE_UNLINK] = "file::unlink",
42 [TOMOYO_MAC_FILE_MKDIR] = "file::mkdir",
43 [TOMOYO_MAC_FILE_RMDIR] = "file::rmdir",
44 [TOMOYO_MAC_FILE_MKFIFO] = "file::mkfifo",
45 [TOMOYO_MAC_FILE_MKSOCK] = "file::mksock",
46 [TOMOYO_MAC_FILE_TRUNCATE] = "file::truncate",
47 [TOMOYO_MAC_FILE_SYMLINK] = "file::symlink",
48 [TOMOYO_MAC_FILE_REWRITE] = "file::rewrite",
49 [TOMOYO_MAC_FILE_MKBLOCK] = "file::mkblock",
50 [TOMOYO_MAC_FILE_MKCHAR] = "file::mkchar",
51 [TOMOYO_MAC_FILE_LINK] = "file::link",
52 [TOMOYO_MAC_FILE_RENAME] = "file::rename",
53 [TOMOYO_MAC_FILE_CHMOD] = "file::chmod",
54 [TOMOYO_MAC_FILE_CHOWN] = "file::chown",
55 [TOMOYO_MAC_FILE_CHGRP] = "file::chgrp",
56 [TOMOYO_MAC_FILE_IOCTL] = "file::ioctl",
57 [TOMOYO_MAC_FILE_CHROOT] = "file::chroot",
58 [TOMOYO_MAC_FILE_MOUNT] = "file::mount",
59 [TOMOYO_MAC_FILE_UMOUNT] = "file::umount",
60 [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root",
61 [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file",
62};
63
64
65static bool tomoyo_manage_by_non_root;
66
67
68
69
70
71
72
73
74static const char *tomoyo_yesno(const unsigned int value)
75{
76 return value ? "yes" : "no";
77}
78
79static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...)
80{
81 va_list args;
82 const int pos = strlen(buffer);
83 va_start(args, fmt);
84 vsnprintf(buffer + pos, len - pos - 1, fmt, args);
85 va_end(args);
86}
87
88
89
90
91
92
93
94
95static bool tomoyo_flush(struct tomoyo_io_buffer *head)
96{
97 while (head->r.w_pos) {
98 const char *w = head->r.w[0];
99 int len = strlen(w);
100 if (len) {
101 if (len > head->read_user_buf_avail)
102 len = head->read_user_buf_avail;
103 if (!len)
104 return false;
105 if (copy_to_user(head->read_user_buf, w, len))
106 return false;
107 head->read_user_buf_avail -= len;
108 head->read_user_buf += len;
109 w += len;
110 }
111 head->r.w[0] = w;
112 if (*w)
113 return false;
114
115 if (head->poll) {
116 if (!head->read_user_buf_avail ||
117 copy_to_user(head->read_user_buf, "", 1))
118 return false;
119 head->read_user_buf_avail--;
120 head->read_user_buf++;
121 }
122 head->r.w_pos--;
123 for (len = 0; len < head->r.w_pos; len++)
124 head->r.w[len] = head->r.w[len + 1];
125 }
126 head->r.avail = 0;
127 return true;
128}
129
130
131
132
133
134
135
136
137
138
139
140static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string)
141{
142 if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) {
143 head->r.w[head->r.w_pos++] = string;
144 tomoyo_flush(head);
145 } else
146 WARN_ON(1);
147}
148
149
150
151
152
153
154
155void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
156{
157 va_list args;
158 int len;
159 int pos = head->r.avail;
160 int size = head->readbuf_size - pos;
161 if (size <= 0)
162 return;
163 va_start(args, fmt);
164 len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
165 va_end(args);
166 if (pos + len >= head->readbuf_size) {
167 WARN_ON(1);
168 return;
169 }
170 head->r.avail += len;
171 tomoyo_set_string(head, head->read_buf + pos);
172}
173
174static void tomoyo_set_space(struct tomoyo_io_buffer *head)
175{
176 tomoyo_set_string(head, " ");
177}
178
179static bool tomoyo_set_lf(struct tomoyo_io_buffer *head)
180{
181 tomoyo_set_string(head, "\n");
182 return !head->r.w_pos;
183}
184
185
186
187
188
189
190
191static void tomoyo_print_name_union(struct tomoyo_io_buffer *head,
192 const struct tomoyo_name_union *ptr)
193{
194 tomoyo_set_space(head);
195 if (ptr->is_group) {
196 tomoyo_set_string(head, "@");
197 tomoyo_set_string(head, ptr->group->group_name->name);
198 } else {
199 tomoyo_set_string(head, ptr->filename->name);
200 }
201}
202
203
204
205
206
207
208
209static void tomoyo_print_number_union(struct tomoyo_io_buffer *head,
210 const struct tomoyo_number_union *ptr)
211{
212 tomoyo_set_space(head);
213 if (ptr->is_group) {
214 tomoyo_set_string(head, "@");
215 tomoyo_set_string(head, ptr->group->group_name->name);
216 } else {
217 int i;
218 unsigned long min = ptr->values[0];
219 const unsigned long max = ptr->values[1];
220 u8 min_type = ptr->min_type;
221 const u8 max_type = ptr->max_type;
222 char buffer[128];
223 buffer[0] = '\0';
224 for (i = 0; i < 2; i++) {
225 switch (min_type) {
226 case TOMOYO_VALUE_TYPE_HEXADECIMAL:
227 tomoyo_addprintf(buffer, sizeof(buffer),
228 "0x%lX", min);
229 break;
230 case TOMOYO_VALUE_TYPE_OCTAL:
231 tomoyo_addprintf(buffer, sizeof(buffer),
232 "0%lo", min);
233 break;
234 default:
235 tomoyo_addprintf(buffer, sizeof(buffer),
236 "%lu", min);
237 break;
238 }
239 if (min == max && min_type == max_type)
240 break;
241 tomoyo_addprintf(buffer, sizeof(buffer), "-");
242 min_type = max_type;
243 min = max;
244 }
245 tomoyo_io_printf(head, "%s", buffer);
246 }
247}
248
249
250
251
252
253
254
255
256static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile)
257{
258 struct tomoyo_profile *ptr;
259 struct tomoyo_profile *entry;
260 if (profile >= TOMOYO_MAX_PROFILES)
261 return NULL;
262 ptr = tomoyo_profile_ptr[profile];
263 if (ptr)
264 return ptr;
265 entry = kzalloc(sizeof(*entry), GFP_NOFS);
266 if (mutex_lock_interruptible(&tomoyo_policy_lock))
267 goto out;
268 ptr = tomoyo_profile_ptr[profile];
269 if (!ptr && tomoyo_memory_ok(entry)) {
270 ptr = entry;
271 ptr->learning = &tomoyo_default_profile.preference;
272 ptr->permissive = &tomoyo_default_profile.preference;
273 ptr->enforcing = &tomoyo_default_profile.preference;
274 ptr->default_config = TOMOYO_CONFIG_DISABLED;
275 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT,
276 sizeof(ptr->config));
277 mb();
278 tomoyo_profile_ptr[profile] = ptr;
279 entry = NULL;
280 }
281 mutex_unlock(&tomoyo_policy_lock);
282 out:
283 kfree(entry);
284 return ptr;
285}
286
287
288
289
290
291
292
293
294struct tomoyo_profile *tomoyo_profile(const u8 profile)
295{
296 struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile];
297 if (!tomoyo_policy_loaded)
298 return &tomoyo_default_profile;
299 BUG_ON(!ptr);
300 return ptr;
301}
302
303static s8 tomoyo_find_yesno(const char *string, const char *find)
304{
305 const char *cp = strstr(string, find);
306 if (cp) {
307 cp += strlen(find);
308 if (!strncmp(cp, "=yes", 4))
309 return 1;
310 else if (!strncmp(cp, "=no", 3))
311 return 0;
312 }
313 return -1;
314}
315
316static void tomoyo_set_bool(bool *b, const char *string, const char *find)
317{
318 switch (tomoyo_find_yesno(string, find)) {
319 case 1:
320 *b = true;
321 break;
322 case 0:
323 *b = false;
324 break;
325 }
326}
327
328static void tomoyo_set_uint(unsigned int *i, const char *string,
329 const char *find)
330{
331 const char *cp = strstr(string, find);
332 if (cp)
333 sscanf(cp + strlen(find), "=%u", i);
334}
335
336static void tomoyo_set_pref(const char *name, const char *value,
337 const bool use_default,
338 struct tomoyo_profile *profile)
339{
340 struct tomoyo_preference **pref;
341 bool *verbose;
342 if (!strcmp(name, "enforcing")) {
343 if (use_default) {
344 pref = &profile->enforcing;
345 goto set_default;
346 }
347 profile->enforcing = &profile->preference;
348 verbose = &profile->preference.enforcing_verbose;
349 goto set_verbose;
350 }
351 if (!strcmp(name, "permissive")) {
352 if (use_default) {
353 pref = &profile->permissive;
354 goto set_default;
355 }
356 profile->permissive = &profile->preference;
357 verbose = &profile->preference.permissive_verbose;
358 goto set_verbose;
359 }
360 if (!strcmp(name, "learning")) {
361 if (use_default) {
362 pref = &profile->learning;
363 goto set_default;
364 }
365 profile->learning = &profile->preference;
366 tomoyo_set_uint(&profile->preference.learning_max_entry, value,
367 "max_entry");
368 verbose = &profile->preference.learning_verbose;
369 goto set_verbose;
370 }
371 return;
372 set_default:
373 *pref = &tomoyo_default_profile.preference;
374 return;
375 set_verbose:
376 tomoyo_set_bool(verbose, value, "verbose");
377}
378
379static int tomoyo_set_mode(char *name, const char *value,
380 const bool use_default,
381 struct tomoyo_profile *profile)
382{
383 u8 i;
384 u8 config;
385 if (!strcmp(name, "CONFIG")) {
386 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX;
387 config = profile->default_config;
388 } else if (tomoyo_str_starts(&name, "CONFIG::")) {
389 config = 0;
390 for (i = 0; i < TOMOYO_MAX_MAC_INDEX
391 + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) {
392 if (strcmp(name, tomoyo_mac_keywords[i]))
393 continue;
394 config = profile->config[i];
395 break;
396 }
397 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
398 return -EINVAL;
399 } else {
400 return -EINVAL;
401 }
402 if (use_default) {
403 config = TOMOYO_CONFIG_USE_DEFAULT;
404 } else {
405 u8 mode;
406 for (mode = 0; mode < 4; mode++)
407 if (strstr(value, tomoyo_mode[mode]))
408
409
410
411
412 config = (config & ~7) | mode;
413 }
414 if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
415 profile->config[i] = config;
416 else if (config != TOMOYO_CONFIG_USE_DEFAULT)
417 profile->default_config = config;
418 return 0;
419}
420
421
422
423
424
425
426
427
428static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
429{
430 char *data = head->write_buf;
431 unsigned int i;
432 bool use_default = false;
433 char *cp;
434 struct tomoyo_profile *profile;
435 if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1)
436 return 0;
437 i = simple_strtoul(data, &cp, 10);
438 if (data == cp) {
439 profile = &tomoyo_default_profile;
440 } else {
441 if (*cp != '-')
442 return -EINVAL;
443 data = cp + 1;
444 profile = tomoyo_assign_profile(i);
445 if (!profile)
446 return -EINVAL;
447 }
448 cp = strchr(data, '=');
449 if (!cp)
450 return -EINVAL;
451 *cp++ = '\0';
452 if (profile != &tomoyo_default_profile)
453 use_default = strstr(cp, "use_default") != NULL;
454 if (tomoyo_str_starts(&data, "PREFERENCE::")) {
455 tomoyo_set_pref(data, cp, use_default, profile);
456 return 0;
457 }
458 if (profile == &tomoyo_default_profile)
459 return -EINVAL;
460 if (!strcmp(data, "COMMENT")) {
461 static DEFINE_SPINLOCK(lock);
462 const struct tomoyo_path_info *new_comment
463 = tomoyo_get_name(cp);
464 const struct tomoyo_path_info *old_comment;
465 if (!new_comment)
466 return -ENOMEM;
467 spin_lock(&lock);
468 old_comment = profile->comment;
469 profile->comment = new_comment;
470 spin_unlock(&lock);
471 tomoyo_put_name(old_comment);
472 return 0;
473 }
474 return tomoyo_set_mode(data, cp, use_default, profile);
475}
476
477static void tomoyo_print_preference(struct tomoyo_io_buffer *head,
478 const int idx)
479{
480 struct tomoyo_preference *pref = &tomoyo_default_profile.preference;
481 const struct tomoyo_profile *profile = idx >= 0 ?
482 tomoyo_profile_ptr[idx] : NULL;
483 char buffer[16] = "";
484 if (profile) {
485 buffer[sizeof(buffer) - 1] = '\0';
486 snprintf(buffer, sizeof(buffer) - 1, "%u-", idx);
487 }
488 if (profile) {
489 pref = profile->learning;
490 if (pref == &tomoyo_default_profile.preference)
491 goto skip1;
492 }
493 tomoyo_io_printf(head, "%sPREFERENCE::%s={ "
494 "verbose=%s max_entry=%u }\n",
495 buffer, "learning",
496 tomoyo_yesno(pref->learning_verbose),
497 pref->learning_max_entry);
498 skip1:
499 if (profile) {
500 pref = profile->permissive;
501 if (pref == &tomoyo_default_profile.preference)
502 goto skip2;
503 }
504 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n",
505 buffer, "permissive",
506 tomoyo_yesno(pref->permissive_verbose));
507 skip2:
508 if (profile) {
509 pref = profile->enforcing;
510 if (pref == &tomoyo_default_profile.preference)
511 return;
512 }
513 tomoyo_io_printf(head, "%sPREFERENCE::%s={ verbose=%s }\n",
514 buffer, "enforcing",
515 tomoyo_yesno(pref->enforcing_verbose));
516}
517
518static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config)
519{
520 tomoyo_io_printf(head, "={ mode=%s }\n", tomoyo_mode[config & 3]);
521}
522
523
524
525
526
527
528static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
529{
530 u8 index;
531 const struct tomoyo_profile *profile;
532 next:
533 index = head->r.index;
534 profile = tomoyo_profile_ptr[index];
535 switch (head->r.step) {
536 case 0:
537 tomoyo_io_printf(head, "PROFILE_VERSION=%s\n", "20090903");
538 tomoyo_print_preference(head, -1);
539 head->r.step++;
540 break;
541 case 1:
542 for ( ; head->r.index < TOMOYO_MAX_PROFILES;
543 head->r.index++)
544 if (tomoyo_profile_ptr[head->r.index])
545 break;
546 if (head->r.index == TOMOYO_MAX_PROFILES)
547 return;
548 head->r.step++;
549 break;
550 case 2:
551 {
552 const struct tomoyo_path_info *comment =
553 profile->comment;
554 tomoyo_io_printf(head, "%u-COMMENT=", index);
555 tomoyo_set_string(head, comment ? comment->name : "");
556 tomoyo_set_lf(head);
557 head->r.step++;
558 }
559 break;
560 case 3:
561 {
562 tomoyo_io_printf(head, "%u-%s", index, "CONFIG");
563 tomoyo_print_config(head, profile->default_config);
564 head->r.bit = 0;
565 head->r.step++;
566 }
567 break;
568 case 4:
569 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX
570 + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
571 const u8 i = head->r.bit;
572 const u8 config = profile->config[i];
573 if (config == TOMOYO_CONFIG_USE_DEFAULT)
574 continue;
575 tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::",
576 tomoyo_mac_keywords[i]);
577 tomoyo_print_config(head, config);
578 head->r.bit++;
579 break;
580 }
581 if (head->r.bit == TOMOYO_MAX_MAC_INDEX
582 + TOMOYO_MAX_MAC_CATEGORY_INDEX) {
583 tomoyo_print_preference(head, index);
584 head->r.index++;
585 head->r.step = 1;
586 }
587 break;
588 }
589 if (tomoyo_flush(head))
590 goto next;
591}
592
593static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
594 const struct tomoyo_acl_head *b)
595{
596 return container_of(a, struct tomoyo_manager, head)->manager ==
597 container_of(b, struct tomoyo_manager, head)->manager;
598}
599
600
601
602
603
604
605
606
607
608
609
610static int tomoyo_update_manager_entry(const char *manager,
611 const bool is_delete)
612{
613 struct tomoyo_manager e = { };
614 int error;
615
616 if (tomoyo_domain_def(manager)) {
617 if (!tomoyo_correct_domain(manager))
618 return -EINVAL;
619 e.is_domain = true;
620 } else {
621 if (!tomoyo_correct_path(manager))
622 return -EINVAL;
623 }
624 e.manager = tomoyo_get_name(manager);
625 if (!e.manager)
626 return -ENOMEM;
627 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
628 &tomoyo_policy_list[TOMOYO_ID_MANAGER],
629 tomoyo_same_manager);
630 tomoyo_put_name(e.manager);
631 return error;
632}
633
634
635
636
637
638
639
640
641
642
643static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
644{
645 char *data = head->write_buf;
646 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
647
648 if (!strcmp(data, "manage_by_non_root")) {
649 tomoyo_manage_by_non_root = !is_delete;
650 return 0;
651 }
652 return tomoyo_update_manager_entry(data, is_delete);
653}
654
655
656
657
658
659
660
661
662static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
663{
664 if (head->r.eof)
665 return;
666 list_for_each_cookie(head->r.acl,
667 &tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
668 struct tomoyo_manager *ptr =
669 list_entry(head->r.acl, typeof(*ptr), head.list);
670 if (ptr->head.is_deleted)
671 continue;
672 if (!tomoyo_flush(head))
673 return;
674 tomoyo_set_string(head, ptr->manager->name);
675 tomoyo_set_lf(head);
676 }
677 head->r.eof = true;
678}
679
680
681
682
683
684
685
686
687
688static bool tomoyo_manager(void)
689{
690 struct tomoyo_manager *ptr;
691 const char *exe;
692 const struct task_struct *task = current;
693 const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
694 bool found = false;
695
696 if (!tomoyo_policy_loaded)
697 return true;
698 if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
699 return false;
700 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
701 head.list) {
702 if (!ptr->head.is_deleted && ptr->is_domain
703 && !tomoyo_pathcmp(domainname, ptr->manager)) {
704 found = true;
705 break;
706 }
707 }
708 if (found)
709 return true;
710 exe = tomoyo_get_exe();
711 if (!exe)
712 return false;
713 list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
714 head.list) {
715 if (!ptr->head.is_deleted && !ptr->is_domain
716 && !strcmp(exe, ptr->manager->name)) {
717 found = true;
718 break;
719 }
720 }
721 if (!found) {
722 static pid_t last_pid;
723 const pid_t pid = current->pid;
724 if (last_pid != pid) {
725 printk(KERN_WARNING "%s ( %s ) is not permitted to "
726 "update policies.\n", domainname->name, exe);
727 last_pid = pid;
728 }
729 }
730 kfree(exe);
731 return found;
732}
733
734
735
736
737
738
739
740
741
742
743
744static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data)
745{
746 unsigned int pid;
747 struct tomoyo_domain_info *domain = NULL;
748 bool global_pid = false;
749
750 if (!strcmp(data, "allow_execute")) {
751 head->r.print_execute_only = true;
752 return true;
753 }
754 if (sscanf(data, "pid=%u", &pid) == 1 ||
755 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
756 struct task_struct *p;
757 rcu_read_lock();
758 read_lock(&tasklist_lock);
759 if (global_pid)
760 p = find_task_by_pid_ns(pid, &init_pid_ns);
761 else
762 p = find_task_by_vpid(pid);
763 if (p)
764 domain = tomoyo_real_domain(p);
765 read_unlock(&tasklist_lock);
766 rcu_read_unlock();
767 } else if (!strncmp(data, "domain=", 7)) {
768 if (tomoyo_domain_def(data + 7))
769 domain = tomoyo_find_domain(data + 7);
770 } else
771 return false;
772 head->write_var1 = domain;
773
774 if (!head->read_buf)
775 return true;
776 memset(&head->r, 0, sizeof(head->r));
777 head->r.print_this_domain_only = true;
778 if (domain)
779 head->r.domain = &domain->list;
780 else
781 head->r.eof = 1;
782 tomoyo_io_printf(head, "# select %s\n", data);
783 if (domain && domain->is_deleted)
784 tomoyo_io_printf(head, "# This is a deleted domain.\n");
785 return true;
786}
787
788
789
790
791
792
793
794
795
796
797static int tomoyo_delete_domain(char *domainname)
798{
799 struct tomoyo_domain_info *domain;
800 struct tomoyo_path_info name;
801
802 name.name = domainname;
803 tomoyo_fill_path_info(&name);
804 if (mutex_lock_interruptible(&tomoyo_policy_lock))
805 return 0;
806
807 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
808
809 if (domain == &tomoyo_kernel_domain)
810 continue;
811 if (domain->is_deleted ||
812 tomoyo_pathcmp(domain->domainname, &name))
813 continue;
814 domain->is_deleted = true;
815 break;
816 }
817 mutex_unlock(&tomoyo_policy_lock);
818 return 0;
819}
820
821
822
823
824
825
826
827
828
829
830static int tomoyo_write_domain2(char *data, struct tomoyo_domain_info *domain,
831 const bool is_delete)
832{
833 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT))
834 return tomoyo_write_mount(data, domain, is_delete);
835 return tomoyo_write_file(data, domain, is_delete);
836}
837
838
839
840
841
842
843
844
845
846
847static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
848{
849 char *data = head->write_buf;
850 struct tomoyo_domain_info *domain = head->write_var1;
851 bool is_delete = false;
852 bool is_select = false;
853 unsigned int profile;
854
855 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
856 is_delete = true;
857 else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
858 is_select = true;
859 if (is_select && tomoyo_select_one(head, data))
860 return 0;
861
862 if (!tomoyo_manager())
863 return -EPERM;
864 if (tomoyo_domain_def(data)) {
865 domain = NULL;
866 if (is_delete)
867 tomoyo_delete_domain(data);
868 else if (is_select)
869 domain = tomoyo_find_domain(data);
870 else
871 domain = tomoyo_assign_domain(data, 0);
872 head->write_var1 = domain;
873 return 0;
874 }
875 if (!domain)
876 return -EINVAL;
877
878 if (sscanf(data, TOMOYO_KEYWORD_USE_PROFILE "%u", &profile) == 1
879 && profile < TOMOYO_MAX_PROFILES) {
880 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)
881 domain->profile = (u8) profile;
882 return 0;
883 }
884 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
885 domain->ignore_global_allow_read = !is_delete;
886 return 0;
887 }
888 if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) {
889 domain->quota_warned = !is_delete;
890 return 0;
891 }
892 if (!strcmp(data, TOMOYO_KEYWORD_TRANSITION_FAILED)) {
893 domain->transition_failed = !is_delete;
894 return 0;
895 }
896 return tomoyo_write_domain2(data, domain, is_delete);
897}
898
899
900
901
902
903
904
905
906
907static u8 tomoyo_fns(const u8 perm, u8 bit)
908{
909 for ( ; bit < 8; bit++)
910 if (perm & (1 << bit))
911 break;
912 return bit;
913}
914
915
916
917
918
919
920
921
922
923static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
924 struct tomoyo_acl_info *acl)
925{
926 const u8 acl_type = acl->type;
927 u8 bit;
928
929 if (acl->is_deleted)
930 return true;
931 next:
932 bit = head->r.bit;
933 if (!tomoyo_flush(head))
934 return false;
935 else if (acl_type == TOMOYO_TYPE_PATH_ACL) {
936 struct tomoyo_path_acl *ptr =
937 container_of(acl, typeof(*ptr), head);
938 const u16 perm = ptr->perm;
939 for ( ; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
940 if (!(perm & (1 << bit)))
941 continue;
942 if (head->r.print_execute_only &&
943 bit != TOMOYO_TYPE_EXECUTE)
944 continue;
945
946 if ((bit == TOMOYO_TYPE_READ ||
947 bit == TOMOYO_TYPE_WRITE)
948 && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
949 continue;
950 break;
951 }
952 if (bit >= TOMOYO_MAX_PATH_OPERATION)
953 goto done;
954 tomoyo_io_printf(head, "allow_%s", tomoyo_path_keyword[bit]);
955 tomoyo_print_name_union(head, &ptr->name);
956 } else if (head->r.print_execute_only) {
957 return true;
958 } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
959 struct tomoyo_path2_acl *ptr =
960 container_of(acl, typeof(*ptr), head);
961 bit = tomoyo_fns(ptr->perm, bit);
962 if (bit >= TOMOYO_MAX_PATH2_OPERATION)
963 goto done;
964 tomoyo_io_printf(head, "allow_%s", tomoyo_path2_keyword[bit]);
965 tomoyo_print_name_union(head, &ptr->name1);
966 tomoyo_print_name_union(head, &ptr->name2);
967 } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) {
968 struct tomoyo_path_number_acl *ptr =
969 container_of(acl, typeof(*ptr), head);
970 bit = tomoyo_fns(ptr->perm, bit);
971 if (bit >= TOMOYO_MAX_PATH_NUMBER_OPERATION)
972 goto done;
973 tomoyo_io_printf(head, "allow_%s",
974 tomoyo_path_number_keyword[bit]);
975 tomoyo_print_name_union(head, &ptr->name);
976 tomoyo_print_number_union(head, &ptr->number);
977 } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
978 struct tomoyo_mkdev_acl *ptr =
979 container_of(acl, typeof(*ptr), head);
980 bit = tomoyo_fns(ptr->perm, bit);
981 if (bit >= TOMOYO_MAX_MKDEV_OPERATION)
982 goto done;
983 tomoyo_io_printf(head, "allow_%s", tomoyo_mkdev_keyword[bit]);
984 tomoyo_print_name_union(head, &ptr->name);
985 tomoyo_print_number_union(head, &ptr->mode);
986 tomoyo_print_number_union(head, &ptr->major);
987 tomoyo_print_number_union(head, &ptr->minor);
988 } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
989 struct tomoyo_mount_acl *ptr =
990 container_of(acl, typeof(*ptr), head);
991 tomoyo_io_printf(head, "allow_mount");
992 tomoyo_print_name_union(head, &ptr->dev_name);
993 tomoyo_print_name_union(head, &ptr->dir_name);
994 tomoyo_print_name_union(head, &ptr->fs_type);
995 tomoyo_print_number_union(head, &ptr->flags);
996 }
997 head->r.bit = bit + 1;
998 tomoyo_io_printf(head, "\n");
999 if (acl_type != TOMOYO_TYPE_MOUNT_ACL)
1000 goto next;
1001 done:
1002 head->r.bit = 0;
1003 return true;
1004}
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head,
1017 struct tomoyo_domain_info *domain)
1018{
1019 list_for_each_cookie(head->r.acl, &domain->acl_info_list) {
1020 struct tomoyo_acl_info *ptr =
1021 list_entry(head->r.acl, typeof(*ptr), list);
1022 if (!tomoyo_print_entry(head, ptr))
1023 return false;
1024 }
1025 head->r.acl = NULL;
1026 return true;
1027}
1028
1029
1030
1031
1032
1033
1034
1035
1036static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1037{
1038 if (head->r.eof)
1039 return;
1040 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1041 struct tomoyo_domain_info *domain =
1042 list_entry(head->r.domain, typeof(*domain), list);
1043 switch (head->r.step) {
1044 case 0:
1045 if (domain->is_deleted &&
1046 !head->r.print_this_domain_only)
1047 continue;
1048
1049 tomoyo_set_string(head, domain->domainname->name);
1050 tomoyo_set_lf(head);
1051 tomoyo_io_printf(head,
1052 TOMOYO_KEYWORD_USE_PROFILE "%u\n",
1053 domain->profile);
1054 if (domain->quota_warned)
1055 tomoyo_set_string(head, "quota_exceeded\n");
1056 if (domain->transition_failed)
1057 tomoyo_set_string(head, "transition_failed\n");
1058 if (domain->ignore_global_allow_read)
1059 tomoyo_set_string(head,
1060 TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ
1061 "\n");
1062 head->r.step++;
1063 tomoyo_set_lf(head);
1064
1065 case 1:
1066 if (!tomoyo_read_domain2(head, domain))
1067 return;
1068 head->r.step++;
1069 if (!tomoyo_set_lf(head))
1070 return;
1071
1072 case 2:
1073 head->r.step = 0;
1074 if (head->r.print_this_domain_only)
1075 goto done;
1076 }
1077 }
1078 done:
1079 head->r.eof = true;
1080}
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1097{
1098 char *data = head->write_buf;
1099 char *cp = strchr(data, ' ');
1100 struct tomoyo_domain_info *domain;
1101 unsigned long profile;
1102
1103 if (!cp)
1104 return -EINVAL;
1105 *cp = '\0';
1106 domain = tomoyo_find_domain(cp + 1);
1107 if (strict_strtoul(data, 10, &profile))
1108 return -EINVAL;
1109 if (domain && profile < TOMOYO_MAX_PROFILES
1110 && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded))
1111 domain->profile = (u8) profile;
1112 return 0;
1113}
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1132{
1133 if (head->r.eof)
1134 return;
1135 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1136 struct tomoyo_domain_info *domain =
1137 list_entry(head->r.domain, typeof(*domain), list);
1138 if (domain->is_deleted)
1139 continue;
1140 if (!tomoyo_flush(head))
1141 return;
1142 tomoyo_io_printf(head, "%u ", domain->profile);
1143 tomoyo_set_string(head, domain->domainname->name);
1144 tomoyo_set_lf(head);
1145 }
1146 head->r.eof = true;
1147}
1148
1149
1150
1151
1152
1153
1154
1155
1156static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1157{
1158 head->r.eof = false;
1159 return 0;
1160}
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
1173{
1174 char *buf = head->write_buf;
1175 bool global_pid = false;
1176 unsigned int pid;
1177 struct task_struct *p;
1178 struct tomoyo_domain_info *domain = NULL;
1179
1180
1181 if (!buf) {
1182 head->r.eof = true;
1183 return;
1184 }
1185 if (head->r.w_pos || head->r.eof)
1186 return;
1187 head->r.eof = true;
1188 if (tomoyo_str_starts(&buf, "global-pid "))
1189 global_pid = true;
1190 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1191 rcu_read_lock();
1192 read_lock(&tasklist_lock);
1193 if (global_pid)
1194 p = find_task_by_pid_ns(pid, &init_pid_ns);
1195 else
1196 p = find_task_by_vpid(pid);
1197 if (p)
1198 domain = tomoyo_real_domain(p);
1199 read_unlock(&tasklist_lock);
1200 rcu_read_unlock();
1201 if (!domain)
1202 return;
1203 tomoyo_io_printf(head, "%u %u ", pid, domain->profile);
1204 tomoyo_set_string(head, domain->domainname->name);
1205}
1206
1207static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1208 [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE]
1209 = TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN,
1210 [TOMOYO_TRANSITION_CONTROL_INITIALIZE]
1211 = TOMOYO_KEYWORD_INITIALIZE_DOMAIN,
1212 [TOMOYO_TRANSITION_CONTROL_NO_KEEP] = TOMOYO_KEYWORD_NO_KEEP_DOMAIN,
1213 [TOMOYO_TRANSITION_CONTROL_KEEP] = TOMOYO_KEYWORD_KEEP_DOMAIN
1214};
1215
1216static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1217 [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP,
1218 [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP
1219};
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1231{
1232 char *data = head->write_buf;
1233 bool is_delete = tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE);
1234 u8 i;
1235 static const struct {
1236 const char *keyword;
1237 int (*write) (char *, const bool);
1238 } tomoyo_callback[4] = {
1239 { TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator },
1240 { TOMOYO_KEYWORD_FILE_PATTERN, tomoyo_write_pattern },
1241 { TOMOYO_KEYWORD_DENY_REWRITE, tomoyo_write_no_rewrite },
1242 { TOMOYO_KEYWORD_ALLOW_READ, tomoyo_write_globally_readable },
1243 };
1244
1245 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1246 if (tomoyo_str_starts(&data, tomoyo_transition_type[i]))
1247 return tomoyo_write_transition_control(data, is_delete,
1248 i);
1249 for (i = 0; i < 4; i++)
1250 if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword))
1251 return tomoyo_callback[i].write(data, is_delete);
1252 for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1253 if (tomoyo_str_starts(&data, tomoyo_group_name[i]))
1254 return tomoyo_write_group(data, is_delete, i);
1255 return -EINVAL;
1256}
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1269{
1270 list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) {
1271 struct tomoyo_group *group =
1272 list_entry(head->r.group, typeof(*group), list);
1273 list_for_each_cookie(head->r.acl, &group->member_list) {
1274 struct tomoyo_acl_head *ptr =
1275 list_entry(head->r.acl, typeof(*ptr), list);
1276 if (ptr->is_deleted)
1277 continue;
1278 if (!tomoyo_flush(head))
1279 return false;
1280 tomoyo_set_string(head, tomoyo_group_name[idx]);
1281 tomoyo_set_string(head, group->group_name->name);
1282 if (idx == TOMOYO_PATH_GROUP) {
1283 tomoyo_set_space(head);
1284 tomoyo_set_string(head, container_of
1285 (ptr, struct tomoyo_path_group,
1286 head)->member_name->name);
1287 } else if (idx == TOMOYO_NUMBER_GROUP) {
1288 tomoyo_print_number_union(head, &container_of
1289 (ptr,
1290 struct tomoyo_number_group,
1291 head)->number);
1292 }
1293 tomoyo_set_lf(head);
1294 }
1295 head->r.acl = NULL;
1296 }
1297 head->r.group = NULL;
1298 return true;
1299}
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1312{
1313 list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) {
1314 struct tomoyo_acl_head *acl =
1315 container_of(head->r.acl, typeof(*acl), list);
1316 if (acl->is_deleted)
1317 continue;
1318 if (!tomoyo_flush(head))
1319 return false;
1320 switch (idx) {
1321 case TOMOYO_ID_TRANSITION_CONTROL:
1322 {
1323 struct tomoyo_transition_control *ptr =
1324 container_of(acl, typeof(*ptr), head);
1325 tomoyo_set_string(head,
1326 tomoyo_transition_type
1327 [ptr->type]);
1328 if (ptr->program)
1329 tomoyo_set_string(head,
1330 ptr->program->name);
1331 if (ptr->program && ptr->domainname)
1332 tomoyo_set_string(head, " from ");
1333 if (ptr->domainname)
1334 tomoyo_set_string(head,
1335 ptr->domainname->
1336 name);
1337 }
1338 break;
1339 case TOMOYO_ID_GLOBALLY_READABLE:
1340 {
1341 struct tomoyo_readable_file *ptr =
1342 container_of(acl, typeof(*ptr), head);
1343 tomoyo_set_string(head,
1344 TOMOYO_KEYWORD_ALLOW_READ);
1345 tomoyo_set_string(head, ptr->filename->name);
1346 }
1347 break;
1348 case TOMOYO_ID_AGGREGATOR:
1349 {
1350 struct tomoyo_aggregator *ptr =
1351 container_of(acl, typeof(*ptr), head);
1352 tomoyo_set_string(head,
1353 TOMOYO_KEYWORD_AGGREGATOR);
1354 tomoyo_set_string(head,
1355 ptr->original_name->name);
1356 tomoyo_set_space(head);
1357 tomoyo_set_string(head,
1358 ptr->aggregated_name->name);
1359 }
1360 break;
1361 case TOMOYO_ID_PATTERN:
1362 {
1363 struct tomoyo_no_pattern *ptr =
1364 container_of(acl, typeof(*ptr), head);
1365 tomoyo_set_string(head,
1366 TOMOYO_KEYWORD_FILE_PATTERN);
1367 tomoyo_set_string(head, ptr->pattern->name);
1368 }
1369 break;
1370 case TOMOYO_ID_NO_REWRITE:
1371 {
1372 struct tomoyo_no_rewrite *ptr =
1373 container_of(acl, typeof(*ptr), head);
1374 tomoyo_set_string(head,
1375 TOMOYO_KEYWORD_DENY_REWRITE);
1376 tomoyo_set_string(head, ptr->pattern->name);
1377 }
1378 break;
1379 default:
1380 continue;
1381 }
1382 tomoyo_set_lf(head);
1383 }
1384 head->r.acl = NULL;
1385 return true;
1386}
1387
1388
1389
1390
1391
1392
1393
1394
1395static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
1396{
1397 if (head->r.eof)
1398 return;
1399 while (head->r.step < TOMOYO_MAX_POLICY &&
1400 tomoyo_read_policy(head, head->r.step))
1401 head->r.step++;
1402 if (head->r.step < TOMOYO_MAX_POLICY)
1403 return;
1404 while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
1405 tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY))
1406 head->r.step++;
1407 if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
1408 return;
1409 head->r.eof = true;
1410}
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422static char *tomoyo_print_header(struct tomoyo_request_info *r)
1423{
1424 struct timeval tv;
1425 const pid_t gpid = task_pid_nr(current);
1426 static const int tomoyo_buffer_len = 4096;
1427 char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS);
1428 pid_t ppid;
1429 if (!buffer)
1430 return NULL;
1431 do_gettimeofday(&tv);
1432 rcu_read_lock();
1433 ppid = task_tgid_vnr(current->real_parent);
1434 rcu_read_unlock();
1435 snprintf(buffer, tomoyo_buffer_len - 1,
1436 "#timestamp=%lu profile=%u mode=%s (global-pid=%u)"
1437 " task={ pid=%u ppid=%u uid=%u gid=%u euid=%u"
1438 " egid=%u suid=%u sgid=%u fsuid=%u fsgid=%u }",
1439 tv.tv_sec, r->profile, tomoyo_mode[r->mode], gpid,
1440 task_tgid_vnr(current), ppid,
1441 current_uid(), current_gid(), current_euid(),
1442 current_egid(), current_suid(), current_sgid(),
1443 current_fsuid(), current_fsgid());
1444 return buffer;
1445}
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460static char *tomoyo_init_audit_log(int *len, struct tomoyo_request_info *r)
1461{
1462 char *buf = NULL;
1463 const char *header;
1464 const char *domainname;
1465 if (!r->domain)
1466 r->domain = tomoyo_domain();
1467 domainname = r->domain->domainname->name;
1468 header = tomoyo_print_header(r);
1469 if (!header)
1470 return NULL;
1471 *len += strlen(domainname) + strlen(header) + 10;
1472 buf = kzalloc(*len, GFP_NOFS);
1473 if (buf)
1474 snprintf(buf, (*len) - 1, "%s\n%s\n", header, domainname);
1475 kfree(header);
1476 return buf;
1477}
1478
1479
1480static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait);
1481
1482
1483static DEFINE_SPINLOCK(tomoyo_query_list_lock);
1484
1485
1486struct tomoyo_query {
1487 struct list_head list;
1488 char *query;
1489 int query_len;
1490 unsigned int serial;
1491 int timer;
1492 int answer;
1493};
1494
1495
1496static LIST_HEAD(tomoyo_query_list);
1497
1498
1499
1500
1501
1502static atomic_t tomoyo_query_observers = ATOMIC_INIT(0);
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1516{
1517 va_list args;
1518 int error = -EPERM;
1519 int pos;
1520 int len;
1521 static unsigned int tomoyo_serial;
1522 struct tomoyo_query *entry = NULL;
1523 bool quota_exceeded = false;
1524 char *header;
1525 switch (r->mode) {
1526 char *buffer;
1527 case TOMOYO_CONFIG_LEARNING:
1528 if (!tomoyo_domain_quota_is_ok(r))
1529 return 0;
1530 va_start(args, fmt);
1531 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4;
1532 va_end(args);
1533 buffer = kmalloc(len, GFP_NOFS);
1534 if (!buffer)
1535 return 0;
1536 va_start(args, fmt);
1537 vsnprintf(buffer, len - 1, fmt, args);
1538 va_end(args);
1539 tomoyo_normalize_line(buffer);
1540 tomoyo_write_domain2(buffer, r->domain, false);
1541 kfree(buffer);
1542
1543 case TOMOYO_CONFIG_PERMISSIVE:
1544 return 0;
1545 }
1546 if (!r->domain)
1547 r->domain = tomoyo_domain();
1548 if (!atomic_read(&tomoyo_query_observers))
1549 return -EPERM;
1550 va_start(args, fmt);
1551 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
1552 va_end(args);
1553 header = tomoyo_init_audit_log(&len, r);
1554 if (!header)
1555 goto out;
1556 entry = kzalloc(sizeof(*entry), GFP_NOFS);
1557 if (!entry)
1558 goto out;
1559 entry->query = kzalloc(len, GFP_NOFS);
1560 if (!entry->query)
1561 goto out;
1562 len = ksize(entry->query);
1563 spin_lock(&tomoyo_query_list_lock);
1564 if (tomoyo_quota_for_query && tomoyo_query_memory_size + len +
1565 sizeof(*entry) >= tomoyo_quota_for_query) {
1566 quota_exceeded = true;
1567 } else {
1568 tomoyo_query_memory_size += len + sizeof(*entry);
1569 entry->serial = tomoyo_serial++;
1570 }
1571 spin_unlock(&tomoyo_query_list_lock);
1572 if (quota_exceeded)
1573 goto out;
1574 pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s",
1575 entry->serial, r->retry, header);
1576 kfree(header);
1577 header = NULL;
1578 va_start(args, fmt);
1579 vsnprintf(entry->query + pos, len - 1 - pos, fmt, args);
1580 entry->query_len = strlen(entry->query) + 1;
1581 va_end(args);
1582 spin_lock(&tomoyo_query_list_lock);
1583 list_add_tail(&entry->list, &tomoyo_query_list);
1584 spin_unlock(&tomoyo_query_list_lock);
1585
1586 for (entry->timer = 0;
1587 atomic_read(&tomoyo_query_observers) && entry->timer < 100;
1588 entry->timer++) {
1589 wake_up(&tomoyo_query_wait);
1590 set_current_state(TASK_INTERRUPTIBLE);
1591 schedule_timeout(HZ / 10);
1592 if (entry->answer)
1593 break;
1594 }
1595 spin_lock(&tomoyo_query_list_lock);
1596 list_del(&entry->list);
1597 tomoyo_query_memory_size -= len + sizeof(*entry);
1598 spin_unlock(&tomoyo_query_list_lock);
1599 switch (entry->answer) {
1600 case 3:
1601 error = TOMOYO_RETRY_REQUEST;
1602 r->retry++;
1603 break;
1604 case 1:
1605
1606 error = 0;
1607 break;
1608 case 0:
1609
1610 break;
1611 default:
1612
1613 break;
1614 }
1615 out:
1616 if (entry)
1617 kfree(entry->query);
1618 kfree(entry);
1619 kfree(header);
1620 return error;
1621}
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633static int tomoyo_poll_query(struct file *file, poll_table *wait)
1634{
1635 struct list_head *tmp;
1636 bool found = false;
1637 u8 i;
1638 for (i = 0; i < 2; i++) {
1639 spin_lock(&tomoyo_query_list_lock);
1640 list_for_each(tmp, &tomoyo_query_list) {
1641 struct tomoyo_query *ptr =
1642 list_entry(tmp, typeof(*ptr), list);
1643 if (ptr->answer)
1644 continue;
1645 found = true;
1646 break;
1647 }
1648 spin_unlock(&tomoyo_query_list_lock);
1649 if (found)
1650 return POLLIN | POLLRDNORM;
1651 if (i)
1652 break;
1653 poll_wait(file, &tomoyo_query_wait, wait);
1654 }
1655 return 0;
1656}
1657
1658
1659
1660
1661
1662
1663static void tomoyo_read_query(struct tomoyo_io_buffer *head)
1664{
1665 struct list_head *tmp;
1666 int pos = 0;
1667 int len = 0;
1668 char *buf;
1669 if (head->r.w_pos)
1670 return;
1671 if (head->read_buf) {
1672 kfree(head->read_buf);
1673 head->read_buf = NULL;
1674 }
1675 spin_lock(&tomoyo_query_list_lock);
1676 list_for_each(tmp, &tomoyo_query_list) {
1677 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1678 if (ptr->answer)
1679 continue;
1680 if (pos++ != head->r.query_index)
1681 continue;
1682 len = ptr->query_len;
1683 break;
1684 }
1685 spin_unlock(&tomoyo_query_list_lock);
1686 if (!len) {
1687 head->r.query_index = 0;
1688 return;
1689 }
1690 buf = kzalloc(len, GFP_NOFS);
1691 if (!buf)
1692 return;
1693 pos = 0;
1694 spin_lock(&tomoyo_query_list_lock);
1695 list_for_each(tmp, &tomoyo_query_list) {
1696 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1697 if (ptr->answer)
1698 continue;
1699 if (pos++ != head->r.query_index)
1700 continue;
1701
1702
1703
1704
1705 if (len == ptr->query_len)
1706 memmove(buf, ptr->query, len);
1707 break;
1708 }
1709 spin_unlock(&tomoyo_query_list_lock);
1710 if (buf[0]) {
1711 head->read_buf = buf;
1712 head->r.w[head->r.w_pos++] = buf;
1713 head->r.query_index++;
1714 } else {
1715 kfree(buf);
1716 }
1717}
1718
1719
1720
1721
1722
1723
1724
1725
1726static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
1727{
1728 char *data = head->write_buf;
1729 struct list_head *tmp;
1730 unsigned int serial;
1731 unsigned int answer;
1732 spin_lock(&tomoyo_query_list_lock);
1733 list_for_each(tmp, &tomoyo_query_list) {
1734 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1735 ptr->timer = 0;
1736 }
1737 spin_unlock(&tomoyo_query_list_lock);
1738 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
1739 return -EINVAL;
1740 spin_lock(&tomoyo_query_list_lock);
1741 list_for_each(tmp, &tomoyo_query_list) {
1742 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1743 if (ptr->serial != serial)
1744 continue;
1745 if (!ptr->answer)
1746 ptr->answer = answer;
1747 break;
1748 }
1749 spin_unlock(&tomoyo_query_list_lock);
1750 return 0;
1751}
1752
1753
1754
1755
1756
1757
1758
1759
1760static void tomoyo_read_version(struct tomoyo_io_buffer *head)
1761{
1762 if (!head->r.eof) {
1763 tomoyo_io_printf(head, "2.3.0");
1764 head->r.eof = true;
1765 }
1766}
1767
1768
1769
1770
1771
1772
1773
1774
1775static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1776{
1777 if (!head->r.eof) {
1778
1779
1780
1781
1782
1783 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1784 head->r.eof = true;
1785 }
1786}
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798int tomoyo_open_control(const u8 type, struct file *file)
1799{
1800 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS);
1801
1802 if (!head)
1803 return -ENOMEM;
1804 mutex_init(&head->io_sem);
1805 head->type = type;
1806 switch (type) {
1807 case TOMOYO_DOMAINPOLICY:
1808
1809 head->write = tomoyo_write_domain;
1810 head->read = tomoyo_read_domain;
1811 break;
1812 case TOMOYO_EXCEPTIONPOLICY:
1813
1814 head->write = tomoyo_write_exception;
1815 head->read = tomoyo_read_exception;
1816 break;
1817 case TOMOYO_SELFDOMAIN:
1818
1819 head->read = tomoyo_read_self_domain;
1820 break;
1821 case TOMOYO_DOMAIN_STATUS:
1822
1823 head->write = tomoyo_write_domain_profile;
1824 head->read = tomoyo_read_domain_profile;
1825 break;
1826 case TOMOYO_PROCESS_STATUS:
1827
1828 head->write = tomoyo_write_pid;
1829 head->read = tomoyo_read_pid;
1830 break;
1831 case TOMOYO_VERSION:
1832
1833 head->read = tomoyo_read_version;
1834 head->readbuf_size = 128;
1835 break;
1836 case TOMOYO_MEMINFO:
1837
1838 head->write = tomoyo_write_memory_quota;
1839 head->read = tomoyo_read_memory_counter;
1840 head->readbuf_size = 512;
1841 break;
1842 case TOMOYO_PROFILE:
1843
1844 head->write = tomoyo_write_profile;
1845 head->read = tomoyo_read_profile;
1846 break;
1847 case TOMOYO_QUERY:
1848 head->poll = tomoyo_poll_query;
1849 head->write = tomoyo_write_answer;
1850 head->read = tomoyo_read_query;
1851 break;
1852 case TOMOYO_MANAGER:
1853
1854 head->write = tomoyo_write_manager;
1855 head->read = tomoyo_read_manager;
1856 break;
1857 }
1858 if (!(file->f_mode & FMODE_READ)) {
1859
1860
1861
1862
1863 head->read = NULL;
1864 head->poll = NULL;
1865 } else if (!head->poll) {
1866
1867 if (!head->readbuf_size)
1868 head->readbuf_size = 4096 * 2;
1869 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS);
1870 if (!head->read_buf) {
1871 kfree(head);
1872 return -ENOMEM;
1873 }
1874 }
1875 if (!(file->f_mode & FMODE_WRITE)) {
1876
1877
1878
1879
1880 head->write = NULL;
1881 } else if (head->write) {
1882 head->writebuf_size = 4096 * 2;
1883 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS);
1884 if (!head->write_buf) {
1885 kfree(head->read_buf);
1886 kfree(head);
1887 return -ENOMEM;
1888 }
1889 }
1890 if (type != TOMOYO_QUERY)
1891 head->reader_idx = tomoyo_read_lock();
1892 file->private_data = head;
1893
1894
1895
1896
1897
1898
1899
1900 if (type == TOMOYO_SELFDOMAIN)
1901 tomoyo_read_control(file, NULL, 0);
1902
1903
1904
1905
1906
1907
1908 else if (type == TOMOYO_QUERY)
1909 atomic_inc(&tomoyo_query_observers);
1910 return 0;
1911}
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922int tomoyo_poll_control(struct file *file, poll_table *wait)
1923{
1924 struct tomoyo_io_buffer *head = file->private_data;
1925 if (!head->poll)
1926 return -ENOSYS;
1927 return head->poll(file, wait);
1928}
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941int tomoyo_read_control(struct file *file, char __user *buffer,
1942 const int buffer_len)
1943{
1944 int len;
1945 struct tomoyo_io_buffer *head = file->private_data;
1946
1947 if (!head->read)
1948 return -ENOSYS;
1949 if (mutex_lock_interruptible(&head->io_sem))
1950 return -EINTR;
1951 head->read_user_buf = buffer;
1952 head->read_user_buf_avail = buffer_len;
1953 if (tomoyo_flush(head))
1954
1955 head->read(head);
1956 tomoyo_flush(head);
1957 len = head->read_user_buf - buffer;
1958 mutex_unlock(&head->io_sem);
1959 return len;
1960}
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973int tomoyo_write_control(struct file *file, const char __user *buffer,
1974 const int buffer_len)
1975{
1976 struct tomoyo_io_buffer *head = file->private_data;
1977 int error = buffer_len;
1978 int avail_len = buffer_len;
1979 char *cp0 = head->write_buf;
1980
1981 if (!head->write)
1982 return -ENOSYS;
1983 if (!access_ok(VERIFY_READ, buffer, buffer_len))
1984 return -EFAULT;
1985
1986 if (head->write != tomoyo_write_pid &&
1987 head->write != tomoyo_write_domain && !tomoyo_manager())
1988 return -EPERM;
1989 if (mutex_lock_interruptible(&head->io_sem))
1990 return -EINTR;
1991
1992 while (avail_len > 0) {
1993 char c;
1994 if (head->write_avail >= head->writebuf_size - 1) {
1995 error = -ENOMEM;
1996 break;
1997 } else if (get_user(c, buffer)) {
1998 error = -EFAULT;
1999 break;
2000 }
2001 buffer++;
2002 avail_len--;
2003 cp0[head->write_avail++] = c;
2004 if (c != '\n')
2005 continue;
2006 cp0[head->write_avail - 1] = '\0';
2007 head->write_avail = 0;
2008 tomoyo_normalize_line(cp0);
2009 head->write(head);
2010 }
2011 mutex_unlock(&head->io_sem);
2012 return error;
2013}
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024int tomoyo_close_control(struct file *file)
2025{
2026 struct tomoyo_io_buffer *head = file->private_data;
2027 const bool is_write = !!head->write_buf;
2028
2029
2030
2031
2032
2033 if (head->type == TOMOYO_QUERY)
2034 atomic_dec(&tomoyo_query_observers);
2035 else
2036 tomoyo_read_unlock(head->reader_idx);
2037
2038 kfree(head->read_buf);
2039 head->read_buf = NULL;
2040 kfree(head->write_buf);
2041 head->write_buf = NULL;
2042 kfree(head);
2043 head = NULL;
2044 file->private_data = NULL;
2045 if (is_write)
2046 tomoyo_run_gc();
2047 return 0;
2048}
2049
2050
2051
2052
2053void tomoyo_check_profile(void)
2054{
2055 struct tomoyo_domain_info *domain;
2056 const int idx = tomoyo_read_lock();
2057 tomoyo_policy_loaded = true;
2058
2059 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
2060 const u8 profile = domain->profile;
2061 if (tomoyo_profile_ptr[profile])
2062 continue;
2063 printk(KERN_ERR "You need to define profile %u before using it.\n",
2064 profile);
2065 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
2066 "for more information.\n");
2067 panic("Profile %u (used by '%s') not defined.\n",
2068 profile, domain->domainname->name);
2069 }
2070 tomoyo_read_unlock(idx);
2071 if (tomoyo_profile_version != 20090903) {
2072 printk(KERN_ERR "You need to install userland programs for "
2073 "TOMOYO 2.3 and initialize policy configuration.\n");
2074 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
2075 "for more information.\n");
2076 panic("Profile version %u is not supported.\n",
2077 tomoyo_profile_version);
2078 }
2079 printk(KERN_INFO "TOMOYO: 2.3.0\n");
2080 printk(KERN_INFO "Mandatory Access Control activated.\n");
2081}
2082
