1/* 2 * security/tomoyo/common.h 3 * 4 * Header file for TOMOYO. 5 * 6 * Copyright (C) 2005-2010 NTT DATA CORPORATION 7 */ 8 9#ifndef _SECURITY_TOMOYO_COMMON_H 10#define _SECURITY_TOMOYO_COMMON_H 11 12#include <linux/ctype.h> 13#include <linux/string.h> 14#include <linux/mm.h> 15#include <linux/file.h> 16#include <linux/kmod.h> 17#include <linux/fs.h> 18#include <linux/sched.h> 19#include <linux/namei.h> 20#include <linux/mount.h> 21#include <linux/list.h> 22#include <linux/cred.h> 23struct linux_binprm; 24 25/********** Constants definitions. **********/ 26 27/* 28 * TOMOYO uses this hash only when appending a string into the string 29 * table. Frequency of appending strings is very low. So we don't need 30 * large (e.g. 64k) hash size. 256 will be sufficient. 31 */ 32#define TOMOYO_HASH_BITS 8 33#define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS) 34 35/* 36 * This is the max length of a token. 37 * 38 * A token consists of only ASCII printable characters. 39 * Non printable characters in a token is represented in \ooo style 40 * octal string. Thus, \ itself is represented as \\. 41 */ 42#define TOMOYO_MAX_PATHNAME_LEN 4000 43 44/* Profile number is an integer between 0 and 255. */ 45#define TOMOYO_MAX_PROFILES 256 46 47/* Keywords for ACLs. */ 48#define TOMOYO_KEYWORD_ALIAS "alias " 49#define TOMOYO_KEYWORD_ALLOW_READ "allow_read " 50#define TOMOYO_KEYWORD_DELETE "delete " 51#define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite " 52#define TOMOYO_KEYWORD_FILE_PATTERN "file_pattern " 53#define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain " 54#define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain " 55#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain " 56#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain " 57#define TOMOYO_KEYWORD_PATH_GROUP "path_group " 58#define TOMOYO_KEYWORD_SELECT "select " 59#define TOMOYO_KEYWORD_USE_PROFILE "use_profile " 60#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read" 61/* A domain definition starts with <kernel>. */ 62#define TOMOYO_ROOT_NAME "<kernel>" 63#define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1) 64 65/* Index numbers for Access Controls. */ 66enum tomoyo_mac_index { 67 TOMOYO_MAC_FOR_FILE, /* domain_policy.conf */ 68 TOMOYO_MAX_ACCEPT_ENTRY, 69 TOMOYO_VERBOSE, 70 TOMOYO_MAX_CONTROL_INDEX 71}; 72 73/* Index numbers for Access Controls. */ 74enum tomoyo_acl_entry_type_index { 75 TOMOYO_TYPE_PATH_ACL, 76 TOMOYO_TYPE_PATH2_ACL, 77}; 78 79/* Index numbers for File Controls. */ 80 81/* 82 * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set 83 * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and 84 * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set. 85 * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or 86 * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are 87 * automatically cleared if TYPE_READ_WRITE_ACL is cleared. 88 */ 89 90enum tomoyo_path_acl_index { 91 TOMOYO_TYPE_READ_WRITE, 92 TOMOYO_TYPE_EXECUTE, 93 TOMOYO_TYPE_READ, 94 TOMOYO_TYPE_WRITE, 95 TOMOYO_TYPE_CREATE, 96 TOMOYO_TYPE_UNLINK, 97 TOMOYO_TYPE_MKDIR, 98 TOMOYO_TYPE_RMDIR, 99 TOMOYO_TYPE_MKFIFO, 100 TOMOYO_TYPE_MKSOCK, 101 TOMOYO_TYPE_MKBLOCK, 102 TOMOYO_TYPE_MKCHAR, 103 TOMOYO_TYPE_TRUNCATE, 104 TOMOYO_TYPE_SYMLINK, 105 TOMOYO_TYPE_REWRITE, 106 TOMOYO_TYPE_IOCTL, 107 TOMOYO_TYPE_CHMOD, 108 TOMOYO_TYPE_CHOWN, 109 TOMOYO_TYPE_CHGRP, 110 TOMOYO_TYPE_CHROOT, 111 TOMOYO_TYPE_MOUNT, 112 TOMOYO_TYPE_UMOUNT, 113 TOMOYO_MAX_PATH_OPERATION 114}; 115 116enum tomoyo_path2_acl_index { 117 TOMOYO_TYPE_LINK, 118 TOMOYO_TYPE_RENAME, 119 TOMOYO_TYPE_PIVOT_ROOT, 120 TOMOYO_MAX_PATH2_OPERATION 121}; 122 123enum tomoyo_securityfs_interface_index { 124 TOMOYO_DOMAINPOLICY, 125 TOMOYO_EXCEPTIONPOLICY, 126 TOMOYO_DOMAIN_STATUS, 127 TOMOYO_PROCESS_STATUS, 128 TOMOYO_MEMINFO, 129 TOMOYO_SELFDOMAIN, 130 TOMOYO_VERSION, 131 TOMOYO_PROFILE, 132 TOMOYO_MANAGER 133}; 134 135/********** Structure definitions. **********/ 136 137/* 138 * tomoyo_page_buffer is a structure which is used for holding a pathname 139 * obtained from "struct dentry" and "struct vfsmount" pair. 140 * As of now, it is 4096 bytes. If users complain that 4096 bytes is too small 141 * (because TOMOYO escapes non ASCII printable characters using \ooo format), 142 * we will make the buffer larger. 143 */ 144struct tomoyo_page_buffer { 145 char buffer[4096]; 146}; 147 148/* 149 * tomoyo_path_info is a structure which is used for holding a string data 150 * used by TOMOYO. 151 * This structure has several fields for supporting pattern matching. 152 * 153 * (1) "name" is the '\0' terminated string data. 154 * (2) "hash" is full_name_hash(name, strlen(name)). 155 * This allows tomoyo_pathcmp() to compare by hash before actually compare 156 * using strcmp(). 157 * (3) "const_len" is the length of the initial segment of "name" which 158 * consists entirely of non wildcard characters. In other words, the length 159 * which we can compare two strings using strncmp(). 160 * (4) "is_dir" is a bool which is true if "name" ends with "/", 161 * false otherwise. 162 * TOMOYO distinguishes directory and non-directory. A directory ends with 163 * "/" and non-directory does not end with "/". 164 * (5) "is_patterned" is a bool which is true if "name" contains wildcard 165 * characters, false otherwise. This allows TOMOYO to use "hash" and 166 * strcmp() for string comparison if "is_patterned" is false. 167 */ 168struct tomoyo_path_info { 169 const char *name; 170 u32 hash; /* = full_name_hash(name, strlen(name)) */ 171 u16 const_len; /* = tomoyo_const_part_length(name) */ 172 bool is_dir; /* = tomoyo_strendswith(name, "/") */ 173 bool is_patterned; /* = tomoyo_path_contains_pattern(name) */ 174}; 175 176/* 177 * tomoyo_name_entry is a structure which is used for linking 178 * "struct tomoyo_path_info" into tomoyo_name_list . 179 */ 180struct tomoyo_name_entry { 181 struct list_head list; 182 atomic_t users; 183 struct tomoyo_path_info entry; 184}; 185 186/* 187 * tomoyo_path_info_with_data is a structure which is used for holding a 188 * pathname obtained from "struct dentry" and "struct vfsmount" pair. 189 * 190 * "struct tomoyo_path_info_with_data" consists of "struct tomoyo_path_info" 191 * and buffer for the pathname, while "struct tomoyo_page_buffer" consists of 192 * buffer for the pathname only. 193 * 194 * "struct tomoyo_path_info_with_data" is intended to allow TOMOYO to release 195 * both "struct tomoyo_path_info" and buffer for the pathname by single kfree() 196 * so that we don't need to return two pointers to the caller. If the caller 197 * puts "struct tomoyo_path_info" on stack memory, we will be able to remove 198 * "struct tomoyo_path_info_with_data". 199 */ 200struct tomoyo_path_info_with_data { 201 /* Keep "head" first, for this pointer is passed to kfree(). */ 202 struct tomoyo_path_info head; 203 char barrier1[16]; /* Safeguard for overrun. */ 204 char body[TOMOYO_MAX_PATHNAME_LEN]; 205 char barrier2[16]; /* Safeguard for overrun. */ 206}; 207 208struct tomoyo_name_union { 209 const struct tomoyo_path_info *filename; 210 struct tomoyo_path_group *group; 211 u8 is_group; 212}; 213 214/* Structure for "path_group" directive. */ 215struct tomoyo_path_group { 216 struct list_head list; 217 const struct tomoyo_path_info *group_name; 218 struct list_head member_list; 219 atomic_t users; 220}; 221 222/* Structure for "path_group" directive. */ 223struct tomoyo_path_group_member { 224 struct list_head list; 225 bool is_deleted; 226 const struct tomoyo_path_info *member_name; 227}; 228 229/* 230 * tomoyo_acl_info is a structure which is used for holding 231 * 232 * (1) "list" which is linked to the ->acl_info_list of 233 * "struct tomoyo_domain_info" 234 * (2) "type" which tells type of the entry (either 235 * "struct tomoyo_path_acl" or "struct tomoyo_path2_acl"). 236 * 237 * Packing "struct tomoyo_acl_info" allows 238 * "struct tomoyo_path_acl" to embed "u8" + "u16" and 239 * "struct tomoyo_path2_acl" to embed "u8" 240 * without enlarging their structure size. 241 */ 242struct tomoyo_acl_info { 243 struct list_head list; 244 u8 type; 245} __packed; 246 247/* 248 * tomoyo_domain_info is a structure which is used for holding permissions 249 * (e.g. "allow_read /lib/libc-2.5.so") given to each domain. 250 * It has following fields. 251 * 252 * (1) "list" which is linked to tomoyo_domain_list . 253 * (2) "acl_info_list" which is linked to "struct tomoyo_acl_info". 254 * (3) "domainname" which holds the name of the domain. 255 * (4) "profile" which remembers profile number assigned to this domain. 256 * (5) "is_deleted" is a bool which is true if this domain is marked as 257 * "deleted", false otherwise. 258 * (6) "quota_warned" is a bool which is used for suppressing warning message 259 * when learning mode learned too much entries. 260 * (7) "ignore_global_allow_read" is a bool which is true if this domain 261 * should ignore "allow_read" directive in exception policy. 262 * (8) "transition_failed" is a bool which is set to true when this domain was 263 * unable to create a new domain at tomoyo_find_next_domain() because the 264 * name of the domain to be created was too long or it could not allocate 265 * memory. If set to true, more than one process continued execve() 266 * without domain transition. 267 * (9) "users" is an atomic_t that holds how many "struct cred"->security 268 * are referring this "struct tomoyo_domain_info". If is_deleted == true 269 * and users == 0, this struct will be kfree()d upon next garbage 270 * collection. 271 * 272 * A domain's lifecycle is an analogy of files on / directory. 273 * Multiple domains with the same domainname cannot be created (as with 274 * creating files with the same filename fails with -EEXIST). 275 * If a process reached a domain, that process can reside in that domain after 276 * that domain is marked as "deleted" (as with a process can access an already 277 * open()ed file after that file was unlink()ed). 278 */ 279struct tomoyo_domain_info { 280 struct list_head list; 281 struct list_head acl_info_list; 282 /* Name of this domain. Never NULL. */ 283 const struct tomoyo_path_info *domainname; 284 u8 profile; /* Profile number to use. */ 285 bool is_deleted; /* Delete flag. */ 286 bool quota_warned; /* Quota warnning flag. */ 287 bool ignore_global_allow_read; /* Ignore "allow_read" flag. */ 288 bool transition_failed; /* Domain transition failed flag. */ 289 atomic_t users; /* Number of referring credentials. */ 290}; 291 292/* 293 * tomoyo_path_acl is a structure which is used for holding an 294 * entry with one pathname operation (e.g. open(), mkdir()). 295 * It has following fields. 296 * 297 * (1) "head" which is a "struct tomoyo_acl_info". 298 * (2) "perm" which is a bitmask of permitted operations. 299 * (3) "name" is the pathname. 300 * 301 * Directives held by this structure are "allow_read/write", "allow_execute", 302 * "allow_read", "allow_write", "allow_create", "allow_unlink", "allow_mkdir", 303 * "allow_rmdir", "allow_mkfifo", "allow_mksock", "allow_mkblock", 304 * "allow_mkchar", "allow_truncate", "allow_symlink", "allow_rewrite", 305 * "allow_chmod", "allow_chown", "allow_chgrp", "allow_chroot", "allow_mount" 306 * and "allow_unmount". 307 */ 308struct tomoyo_path_acl { 309 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */ 310 u8 perm_high; 311 u16 perm; 312 struct tomoyo_name_union name; 313}; 314 315/* 316 * tomoyo_path2_acl is a structure which is used for holding an 317 * entry with two pathnames operation (i.e. link(), rename() and pivot_root()). 318 * It has following fields. 319 * 320 * (1) "head" which is a "struct tomoyo_acl_info". 321 * (2) "perm" which is a bitmask of permitted operations. 322 * (3) "name1" is the source/old pathname. 323 * (4) "name2" is the destination/new pathname. 324 * 325 * Directives held by this structure are "allow_rename", "allow_link" and 326 * "allow_pivot_root". 327 */ 328struct tomoyo_path2_acl { 329 struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */ 330 u8 perm; 331 struct tomoyo_name_union name1; 332 struct tomoyo_name_union name2; 333}; 334 335/* 336 * tomoyo_io_buffer is a structure which is used for reading and modifying 337 * configuration via /sys/kernel/security/tomoyo/ interface. 338 * It has many fields. ->read_var1 , ->read_var2 , ->write_var1 are used as 339 * cursors. 340 * 341 * Since the content of /sys/kernel/security/tomoyo/domain_policy is a list of 342 * "struct tomoyo_domain_info" entries and each "struct tomoyo_domain_info" 343 * entry has a list of "struct tomoyo_acl_info", we need two cursors when 344 * reading (one is for traversing tomoyo_domain_list and the other is for 345 * traversing "struct tomoyo_acl_info"->acl_info_list ). 346 * 347 * If a line written to /sys/kernel/security/tomoyo/domain_policy starts with 348 * "select ", TOMOYO seeks the cursor ->read_var1 and ->write_var1 to the 349 * domain with the domainname specified by the rest of that line (NULL is set 350 * if seek failed). 351 * If a line written to /sys/kernel/security/tomoyo/domain_policy starts with 352 * "delete ", TOMOYO deletes an entry or a domain specified by the rest of that 353 * line (->write_var1 is set to NULL if a domain was deleted). 354 * If a line written to /sys/kernel/security/tomoyo/domain_policy starts with 355 * neither "select " nor "delete ", an entry or a domain specified by that line 356 * is appended. 357 */ 358struct tomoyo_io_buffer { 359 int (*read) (struct tomoyo_io_buffer *); 360 int (*write) (struct tomoyo_io_buffer *); 361 /* Exclusive lock for this structure. */ 362 struct mutex io_sem; 363 /* Index returned by tomoyo_read_lock(). */ 364 int reader_idx; 365 /* The position currently reading from. */ 366 struct list_head *read_var1; 367 /* Extra variables for reading. */ 368 struct list_head *read_var2; 369 /* The position currently writing to. */ 370 struct tomoyo_domain_info *write_var1; 371 /* The step for reading. */ 372 int read_step; 373 /* Buffer for reading. */ 374 char *read_buf; 375 /* EOF flag for reading. */ 376 bool read_eof; 377 /* Read domain ACL of specified PID? */ 378 bool read_single_domain; 379 /* Extra variable for reading. */ 380 u8 read_bit; 381 /* Bytes available for reading. */ 382 int read_avail; 383 /* Size of read buffer. */ 384 int readbuf_size; 385 /* Buffer for writing. */ 386 char *write_buf; 387 /* Bytes available for writing. */ 388 int write_avail; 389 /* Size of write buffer. */ 390 int writebuf_size; 391}; 392 393/* 394 * tomoyo_globally_readable_file_entry is a structure which is used for holding 395 * "allow_read" entries. 396 * It has following fields. 397 * 398 * (1) "list" which is linked to tomoyo_globally_readable_list . 399 * (2) "filename" is a pathname which is allowed to open(O_RDONLY). 400 * (3) "is_deleted" is a bool which is true if marked as deleted, false 401 * otherwise. 402 */ 403struct tomoyo_globally_readable_file_entry { 404 struct list_head list; 405 const struct tomoyo_path_info *filename; 406 bool is_deleted; 407}; 408 409/* 410 * tomoyo_pattern_entry is a structure which is used for holding 411 * "tomoyo_pattern_list" entries. 412 * It has following fields. 413 * 414 * (1) "list" which is linked to tomoyo_pattern_list . 415 * (2) "pattern" is a pathname pattern which is used for converting pathnames 416 * to pathname patterns during learning mode. 417 * (3) "is_deleted" is a bool which is true if marked as deleted, false 418 * otherwise. 419 */ 420struct tomoyo_pattern_entry { 421 struct list_head list; 422 const struct tomoyo_path_info *pattern; 423 bool is_deleted; 424}; 425 426/* 427 * tomoyo_no_rewrite_entry is a structure which is used for holding 428 * "deny_rewrite" entries. 429 * It has following fields. 430 * 431 * (1) "list" which is linked to tomoyo_no_rewrite_list . 432 * (2) "pattern" is a pathname which is by default not permitted to modify 433 * already existing content. 434 * (3) "is_deleted" is a bool which is true if marked as deleted, false 435 * otherwise. 436 */ 437struct tomoyo_no_rewrite_entry { 438 struct list_head list; 439 const struct tomoyo_path_info *pattern; 440 bool is_deleted; 441}; 442 443/* 444 * tomoyo_domain_initializer_entry is a structure which is used for holding 445 * "initialize_domain" and "no_initialize_domain" entries. 446 * It has following fields. 447 * 448 * (1) "list" which is linked to tomoyo_domain_initializer_list . 449 * (2) "domainname" which is "a domainname" or "the last component of a 450 * domainname". This field is NULL if "from" clause is not specified. 451 * (3) "program" which is a program's pathname. 452 * (4) "is_deleted" is a bool which is true if marked as deleted, false 453 * otherwise. 454 * (5) "is_not" is a bool which is true if "no_initialize_domain", false 455 * otherwise. 456 * (6) "is_last_name" is a bool which is true if "domainname" is "the last 457 * component of a domainname", false otherwise. 458 */ 459struct tomoyo_domain_initializer_entry { 460 struct list_head list; 461 const struct tomoyo_path_info *domainname; /* This may be NULL */ 462 const struct tomoyo_path_info *program; 463 bool is_deleted; 464 bool is_not; /* True if this entry is "no_initialize_domain". */ 465 /* True if the domainname is tomoyo_get_last_name(). */ 466 bool is_last_name; 467}; 468 469/* 470 * tomoyo_domain_keeper_entry is a structure which is used for holding 471 * "keep_domain" and "no_keep_domain" entries. 472 * It has following fields. 473 * 474 * (1) "list" which is linked to tomoyo_domain_keeper_list . 475 * (2) "domainname" which is "a domainname" or "the last component of a 476 * domainname". 477 * (3) "program" which is a program's pathname. 478 * This field is NULL if "from" clause is not specified. 479 * (4) "is_deleted" is a bool which is true if marked as deleted, false 480 * otherwise. 481 * (5) "is_not" is a bool which is true if "no_initialize_domain", false 482 * otherwise. 483 * (6) "is_last_name" is a bool which is true if "domainname" is "the last 484 * component of a domainname", false otherwise. 485 */ 486struct tomoyo_domain_keeper_entry { 487 struct list_head list; 488 const struct tomoyo_path_info *domainname; 489 const struct tomoyo_path_info *program; /* This may be NULL */ 490 bool is_deleted; 491 bool is_not; /* True if this entry is "no_keep_domain". */ 492 /* True if the domainname is tomoyo_get_last_name(). */ 493 bool is_last_name; 494}; 495 496/* 497 * tomoyo_alias_entry is a structure which is used for holding "alias" entries. 498 * It has following fields. 499 * 500 * (1) "list" which is linked to tomoyo_alias_list . 501 * (2) "original_name" which is a dereferenced pathname. 502 * (3) "aliased_name" which is a symlink's pathname. 503 * (4) "is_deleted" is a bool which is true if marked as deleted, false 504 * otherwise. 505 */ 506struct tomoyo_alias_entry { 507 struct list_head list; 508 const struct tomoyo_path_info *original_name; 509 const struct tomoyo_path_info *aliased_name; 510 bool is_deleted; 511}; 512 513/* 514 * tomoyo_policy_manager_entry is a structure which is used for holding list of 515 * domainnames or programs which are permitted to modify configuration via 516 * /sys/kernel/security/tomoyo/ interface. 517 * It has following fields. 518 * 519 * (1) "list" which is linked to tomoyo_policy_manager_list . 520 * (2) "manager" is a domainname or a program's pathname. 521 * (3) "is_domain" is a bool which is true if "manager" is a domainname, false 522 * otherwise. 523 * (4) "is_deleted" is a bool which is true if marked as deleted, false 524 * otherwise. 525 */ 526struct tomoyo_policy_manager_entry { 527 struct list_head list; 528 /* A path to program or a domainname. */ 529 const struct tomoyo_path_info *manager; 530 bool is_domain; /* True if manager is a domainname. */ 531 bool is_deleted; /* True if this entry is deleted. */ 532}; 533 534/********** Function prototypes. **********/ 535 536/* Check whether the given name matches the given name_union. */ 537bool tomoyo_compare_name_union(const struct tomoyo_path_info *name, 538 const struct tomoyo_name_union *ptr); 539/* Check whether the domain has too many ACL entries to hold. */ 540bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain); 541/* Transactional sprintf() for policy dump. */ 542bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 543 __attribute__ ((format(printf, 2, 3))); 544/* Check whether the domainname is correct. */ 545bool tomoyo_is_correct_domain(const unsigned char *domainname); 546/* Check whether the token is correct. */ 547bool tomoyo_is_correct_path(const char *filename, const s8 start_type, 548 const s8 pattern_type, const s8 end_type); 549/* Check whether the token can be a domainname. */ 550bool tomoyo_is_domain_def(const unsigned char *buffer); 551bool tomoyo_parse_name_union(const char *filename, 552 struct tomoyo_name_union *ptr); 553/* Check whether the given filename matches the given path_group. */ 554bool tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, 555 const struct tomoyo_path_group *group, 556 const bool may_use_pattern); 557/* Check whether the given filename matches the given pattern. */ 558bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, 559 const struct tomoyo_path_info *pattern); 560/* Read "alias" entry in exception policy. */ 561bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head); 562/* 563 * Read "initialize_domain" and "no_initialize_domain" entry 564 * in exception policy. 565 */ 566bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head); 567/* Read "keep_domain" and "no_keep_domain" entry in exception policy. */ 568bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head); 569/* Read "file_pattern" entry in exception policy. */ 570bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head); 571/* Read "path_group" entry in exception policy. */ 572bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head); 573/* Read "allow_read" entry in exception policy. */ 574bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head); 575/* Read "deny_rewrite" entry in exception policy. */ 576bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head); 577/* Tokenize a line. */ 578bool tomoyo_tokenize(char *buffer, char *w[], size_t size); 579/* Write domain policy violation warning message to console? */ 580bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain); 581/* Convert double path operation to operation name. */ 582const char *tomoyo_path22keyword(const u8 operation); 583/* Get the last component of the given domainname. */ 584const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain); 585/* Get warning message. */ 586const char *tomoyo_get_msg(const bool is_enforce); 587/* Convert single path operation to operation name. */ 588const char *tomoyo_path2keyword(const u8 operation); 589/* Create "alias" entry in exception policy. */ 590int tomoyo_write_alias_policy(char *data, const bool is_delete); 591/* 592 * Create "initialize_domain" and "no_initialize_domain" entry 593 * in exception policy. 594 */ 595int tomoyo_write_domain_initializer_policy(char *data, const bool is_not, 596 const bool is_delete); 597/* Create "keep_domain" and "no_keep_domain" entry in exception policy. */ 598int tomoyo_write_domain_keeper_policy(char *data, const bool is_not, 599 const bool is_delete); 600/* 601 * Create "allow_read/write", "allow_execute", "allow_read", "allow_write", 602 * "allow_create", "allow_unlink", "allow_mkdir", "allow_rmdir", 603 * "allow_mkfifo", "allow_mksock", "allow_mkblock", "allow_mkchar", 604 * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_rename" and 605 * "allow_link" entry in domain policy. 606 */ 607int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain, 608 const bool is_delete); 609/* Create "allow_read" entry in exception policy. */ 610int tomoyo_write_globally_readable_policy(char *data, const bool is_delete); 611/* Create "deny_rewrite" entry in exception policy. */ 612int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete); 613/* Create "file_pattern" entry in exception policy. */ 614int tomoyo_write_pattern_policy(char *data, const bool is_delete); 615/* Create "path_group" entry in exception policy. */ 616int tomoyo_write_path_group_policy(char *data, const bool is_delete); 617/* Find a domain by the given name. */ 618struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); 619/* Find or create a domain by the given name. */ 620struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * 621 domainname, 622 const u8 profile); 623 624/* Allocate memory for "struct tomoyo_path_group". */ 625struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name); 626 627/* Check mode for specified functionality. */ 628unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, 629 const u8 index); 630/* Fill in "struct tomoyo_path_info" members. */ 631void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); 632/* Run policy loader when /sbin/init starts. */ 633void tomoyo_load_policy(const char *filename); 634 635/* Convert binary string to ascii string. */ 636int tomoyo_encode(char *buffer, int buflen, const char *str); 637 638/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */ 639int tomoyo_realpath_from_path2(struct path *path, char *newname, 640 int newname_len); 641 642/* 643 * Returns realpath(3) of the given pathname but ignores chroot'ed root. 644 * These functions use kzalloc(), so the caller must call kfree() 645 * if these functions didn't return NULL. 646 */ 647char *tomoyo_realpath(const char *pathname); 648/* 649 * Same with tomoyo_realpath() except that it doesn't follow the final symlink. 650 */ 651char *tomoyo_realpath_nofollow(const char *pathname); 652/* Same with tomoyo_realpath() except that the pathname is already solved. */ 653char *tomoyo_realpath_from_path(struct path *path); 654 655/* Check memory quota. */ 656bool tomoyo_memory_ok(void *ptr); 657void *tomoyo_commit_ok(void *data, const unsigned int size); 658 659/* 660 * Keep the given name on the RAM. 661 * The RAM is shared, so NEVER try to modify or kfree() the returned name. 662 */ 663const struct tomoyo_path_info *tomoyo_get_name(const char *name); 664 665/* Check for memory usage. */ 666int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head); 667 668/* Set memory quota. */ 669int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head); 670 671/* Initialize realpath related code. */ 672void __init tomoyo_realpath_init(void); 673int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, 674 const struct tomoyo_path_info *filename); 675int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, 676 struct path *path, const int flag); 677int tomoyo_path_perm(const u8 operation, struct path *path); 678int tomoyo_path2_perm(const u8 operation, struct path *path1, 679 struct path *path2); 680int tomoyo_check_rewrite_permission(struct file *filp); 681int tomoyo_find_next_domain(struct linux_binprm *bprm); 682 683/* Drop refcount on tomoyo_name_union. */ 684void tomoyo_put_name_union(struct tomoyo_name_union *ptr); 685 686/* Run garbage collector. */ 687void tomoyo_run_gc(void); 688 689void tomoyo_memory_free(void *ptr); 690 691/********** External variable definitions. **********/ 692 693/* Lock for GC. */ 694extern struct srcu_struct tomoyo_ss; 695 696/* The list for "struct tomoyo_domain_info". */ 697extern struct list_head tomoyo_domain_list; 698 699extern struct list_head tomoyo_path_group_list; 700extern struct list_head tomoyo_domain_initializer_list; 701extern struct list_head tomoyo_domain_keeper_list; 702extern struct list_head tomoyo_alias_list; 703extern struct list_head tomoyo_globally_readable_list; 704extern struct list_head tomoyo_pattern_list; 705extern struct list_head tomoyo_no_rewrite_list; 706extern struct list_head tomoyo_policy_manager_list; 707extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; 708 709/* Lock for protecting policy. */ 710extern struct mutex tomoyo_policy_lock; 711 712/* Has /sbin/init started? */ 713extern bool tomoyo_policy_loaded; 714 715/* The kernel's domain. */ 716extern struct tomoyo_domain_info tomoyo_kernel_domain; 717 718/********** Inlined functions. **********/ 719 720static inline int tomoyo_read_lock(void) 721{ 722 return srcu_read_lock(&tomoyo_ss); 723} 724 725static inline void tomoyo_read_unlock(int idx) 726{ 727 srcu_read_unlock(&tomoyo_ss, idx); 728} 729 730/* strcmp() for "struct tomoyo_path_info" structure. */ 731static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, 732 const struct tomoyo_path_info *b) 733{ 734 return a->hash != b->hash || strcmp(a->name, b->name); 735} 736 737/** 738 * tomoyo_is_valid - Check whether the character is a valid char. 739 * 740 * @c: The character to check. 741 * 742 * Returns true if @c is a valid character, false otherwise. 743 */ 744static inline bool tomoyo_is_valid(const unsigned char c) 745{ 746 return c > ' ' && c < 127; 747} 748 749/** 750 * tomoyo_is_invalid - Check whether the character is an invalid char. 751 * 752 * @c: The character to check. 753 * 754 * Returns true if @c is an invalid character, false otherwise. 755 */ 756static inline bool tomoyo_is_invalid(const unsigned char c) 757{ 758 return c && (c <= ' ' || c >= 127); 759} 760 761static inline void tomoyo_put_name(const struct tomoyo_path_info *name) 762{ 763 if (name) { 764 struct tomoyo_name_entry *ptr = 765 container_of(name, struct tomoyo_name_entry, entry); 766 atomic_dec(&ptr->users); 767 } 768} 769 770static inline void tomoyo_put_path_group(struct tomoyo_path_group *group) 771{ 772 if (group) 773 atomic_dec(&group->users); 774} 775 776static inline struct tomoyo_domain_info *tomoyo_domain(void) 777{ 778 return current_cred()->security; 779} 780 781static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct 782 *task) 783{ 784 return task_cred_xxx(task, security); 785} 786 787static inline bool tomoyo_is_same_acl_head(const struct tomoyo_acl_info *p1, 788 const struct tomoyo_acl_info *p2) 789{ 790 return p1->type == p2->type; 791} 792 793static inline bool tomoyo_is_same_name_union 794(const struct tomoyo_name_union *p1, const struct tomoyo_name_union *p2) 795{ 796 return p1->filename == p2->filename && p1->group == p2->group && 797 p1->is_group == p2->is_group; 798} 799 800static inline bool tomoyo_is_same_path_acl(const struct tomoyo_path_acl *p1, 801 const struct tomoyo_path_acl *p2) 802{ 803 return tomoyo_is_same_acl_head(&p1->head, &p2->head) && 804 tomoyo_is_same_name_union(&p1->name, &p2->name); 805} 806 807static inline bool tomoyo_is_same_path2_acl(const struct tomoyo_path2_acl *p1, 808 const struct tomoyo_path2_acl *p2) 809{ 810 return tomoyo_is_same_acl_head(&p1->head, &p2->head) && 811 tomoyo_is_same_name_union(&p1->name1, &p2->name1) && 812 tomoyo_is_same_name_union(&p1->name2, &p2->name2); 813} 814 815static inline bool tomoyo_is_same_domain_initializer_entry 816(const struct tomoyo_domain_initializer_entry *p1, 817 const struct tomoyo_domain_initializer_entry *p2) 818{ 819 return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name 820 && p1->domainname == p2->domainname 821 && p1->program == p2->program; 822} 823 824static inline bool tomoyo_is_same_domain_keeper_entry 825(const struct tomoyo_domain_keeper_entry *p1, 826 const struct tomoyo_domain_keeper_entry *p2) 827{ 828 return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name 829 && p1->domainname == p2->domainname 830 && p1->program == p2->program; 831} 832 833static inline bool tomoyo_is_same_alias_entry 834(const struct tomoyo_alias_entry *p1, const struct tomoyo_alias_entry *p2) 835{ 836 return p1->original_name == p2->original_name && 837 p1->aliased_name == p2->aliased_name; 838} 839 840/** 841 * list_for_each_cookie - iterate over a list with cookie. 842 * @pos: the &struct list_head to use as a loop cursor. 843 * @cookie: the &struct list_head to use as a cookie. 844 * @head: the head for your list. 845 * 846 * Same with list_for_each_rcu() except that this primitive uses @cookie 847 * so that we can continue iteration. 848 * @cookie must be NULL when iteration starts, and @cookie will become 849 * NULL when iteration finishes. 850 */ 851#define list_for_each_cookie(pos, cookie, head) \ 852 for (({ if (!cookie) \ 853 cookie = head; }), \ 854 pos = rcu_dereference((cookie)->next); \ 855 prefetch(pos->next), pos != (head) || ((cookie) = NULL); \ 856 (cookie) = pos, pos = rcu_dereference(pos->next)) 857 858#endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ 859