Eric Lee / linux-smarc-t335x-v3.2

Commit 97fb35e413f256ded07b88c73b3d932ec31ea84e

Authored by Tetsuo Handa 2011-07-08 12:25:53 +0800

Committed by James Morris 2011-07-11 09:05:34 +0800

Exists in master and in 4 other branches

TOMOYO: Enable conditional ACL.

Enable conditional ACL by passing object's pointers.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

Showing 5 changed files with 80 additions and 33 deletions Inline Diff

security/tomoyo/common.h
security/tomoyo/domain.c
security/tomoyo/file.c
security/tomoyo/mount.c
security/tomoyo/tomoyo.c

security/tomoyo/common.h

Diff comments View file @ 97fb35e

 /*
  * security/tomoyo/common.h
  *
  * Header file for TOMOYO.
  *
  * Copyright (C) 2005-2010  NTT DATA CORPORATION
  */
 #ifndef _SECURITY_TOMOYO_COMMON_H
 #define _SECURITY_TOMOYO_COMMON_H
 #include <linux/ctype.h>
 #include <linux/string.h>
 #include <linux/mm.h>
 #include <linux/file.h>
 #include <linux/kmod.h>
 #include <linux/fs.h>
 #include <linux/sched.h>
 #include <linux/namei.h>
 #include <linux/mount.h>
 #include <linux/list.h>
 #include <linux/cred.h>
 #include <linux/poll.h>
 #include <linux/binfmts.h>
 #include <linux/highmem.h>
 /********** Constants definitions. **********/
 /*
  * TOMOYO uses this hash only when appending a string into the string
  * table. Frequency of appending strings is very low. So we don't need
  * large (e.g. 64k) hash size. 256 will be sufficient.
  */
 #define TOMOYO_HASH_BITS  8
 #define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS)
 #define TOMOYO_EXEC_TMPSIZE     4096
 /* Profile number is an integer between 0 and 255. */
 #define TOMOYO_MAX_PROFILES 256
 /* Group number is an integer between 0 and 255. */
 #define TOMOYO_MAX_ACL_GROUPS 256
 /* Index numbers for "struct tomoyo_condition". */
 enum tomoyo_conditions_index {
 	TOMOYO_TASK_UID,             /* current_uid()   */
 	TOMOYO_TASK_EUID,            /* current_euid()  */
 	TOMOYO_TASK_SUID,            /* current_suid()  */
 	TOMOYO_TASK_FSUID,           /* current_fsuid() */
 	TOMOYO_TASK_GID,             /* current_gid()   */
 	TOMOYO_TASK_EGID,            /* current_egid()  */
 	TOMOYO_TASK_SGID,            /* current_sgid()  */
 	TOMOYO_TASK_FSGID,           /* current_fsgid() */
 	TOMOYO_TASK_PID,             /* sys_getpid()   */
 	TOMOYO_TASK_PPID,            /* sys_getppid()  */
 	TOMOYO_EXEC_ARGC,            /* "struct linux_binprm *"->argc */
 	TOMOYO_EXEC_ENVC,            /* "struct linux_binprm *"->envc */
 	TOMOYO_TYPE_IS_SOCKET,       /* S_IFSOCK */
 	TOMOYO_TYPE_IS_SYMLINK,      /* S_IFLNK */
 	TOMOYO_TYPE_IS_FILE,         /* S_IFREG */
 	TOMOYO_TYPE_IS_BLOCK_DEV,    /* S_IFBLK */
 	TOMOYO_TYPE_IS_DIRECTORY,    /* S_IFDIR */
 	TOMOYO_TYPE_IS_CHAR_DEV,     /* S_IFCHR */
 	TOMOYO_TYPE_IS_FIFO,         /* S_IFIFO */
 	TOMOYO_MODE_SETUID,          /* S_ISUID */
 	TOMOYO_MODE_SETGID,          /* S_ISGID */
 	TOMOYO_MODE_STICKY,          /* S_ISVTX */
 	TOMOYO_MODE_OWNER_READ,      /* S_IRUSR */
 	TOMOYO_MODE_OWNER_WRITE,     /* S_IWUSR */
 	TOMOYO_MODE_OWNER_EXECUTE,   /* S_IXUSR */
 	TOMOYO_MODE_GROUP_READ,      /* S_IRGRP */
 	TOMOYO_MODE_GROUP_WRITE,     /* S_IWGRP */
 	TOMOYO_MODE_GROUP_EXECUTE,   /* S_IXGRP */
 	TOMOYO_MODE_OTHERS_READ,     /* S_IROTH */
 	TOMOYO_MODE_OTHERS_WRITE,    /* S_IWOTH */
 	TOMOYO_MODE_OTHERS_EXECUTE,  /* S_IXOTH */
 	TOMOYO_EXEC_REALPATH,
 	TOMOYO_SYMLINK_TARGET,
 	TOMOYO_PATH1_UID,
 	TOMOYO_PATH1_GID,
 	TOMOYO_PATH1_INO,
 	TOMOYO_PATH1_MAJOR,
 	TOMOYO_PATH1_MINOR,
 	TOMOYO_PATH1_PERM,
 	TOMOYO_PATH1_TYPE,
 	TOMOYO_PATH1_DEV_MAJOR,
 	TOMOYO_PATH1_DEV_MINOR,
 	TOMOYO_PATH2_UID,
 	TOMOYO_PATH2_GID,
 	TOMOYO_PATH2_INO,
 	TOMOYO_PATH2_MAJOR,
 	TOMOYO_PATH2_MINOR,
 	TOMOYO_PATH2_PERM,
 	TOMOYO_PATH2_TYPE,
 	TOMOYO_PATH2_DEV_MAJOR,
 	TOMOYO_PATH2_DEV_MINOR,
 	TOMOYO_PATH1_PARENT_UID,
 	TOMOYO_PATH1_PARENT_GID,
 	TOMOYO_PATH1_PARENT_INO,
 	TOMOYO_PATH1_PARENT_PERM,
 	TOMOYO_PATH2_PARENT_UID,
 	TOMOYO_PATH2_PARENT_GID,
 	TOMOYO_PATH2_PARENT_INO,
 	TOMOYO_PATH2_PARENT_PERM,
 	TOMOYO_MAX_CONDITION_KEYWORD,
 	TOMOYO_NUMBER_UNION,
 	TOMOYO_NAME_UNION,
 	TOMOYO_ARGV_ENTRY,
 	TOMOYO_ENVP_ENTRY,
 };
 /* Index numbers for stat(). */
 enum tomoyo_path_stat_index {
 	/* Do not change this order. */
 	TOMOYO_PATH1,
 	TOMOYO_PATH1_PARENT,
 	TOMOYO_PATH2,
 	TOMOYO_PATH2_PARENT,
 	TOMOYO_MAX_PATH_STAT
 };
 /* Index numbers for operation mode. */
 enum tomoyo_mode_index {
 	TOMOYO_CONFIG_DISABLED,
 	TOMOYO_CONFIG_LEARNING,
 	TOMOYO_CONFIG_PERMISSIVE,
 	TOMOYO_CONFIG_ENFORCING,
 	TOMOYO_CONFIG_MAX_MODE,
 	TOMOYO_CONFIG_WANT_REJECT_LOG =  64,
 	TOMOYO_CONFIG_WANT_GRANT_LOG  = 128,
 	TOMOYO_CONFIG_USE_DEFAULT     = 255,
 };
 /* Index numbers for entry type. */
 enum tomoyo_policy_id {
 	TOMOYO_ID_GROUP,
 	TOMOYO_ID_PATH_GROUP,
 	TOMOYO_ID_NUMBER_GROUP,
 	TOMOYO_ID_TRANSITION_CONTROL,
 	TOMOYO_ID_AGGREGATOR,
 	TOMOYO_ID_MANAGER,
 	TOMOYO_ID_CONDITION,
 	TOMOYO_ID_NAME,
 	TOMOYO_ID_ACL,
 	TOMOYO_ID_DOMAIN,
 	TOMOYO_MAX_POLICY
 };
 /* Index numbers for domain's attributes. */
 enum tomoyo_domain_info_flags_index {
 	/* Quota warnning flag.   */
 	TOMOYO_DIF_QUOTA_WARNED,
 	/*
 	 * This domain was unable to create a new domain at
 	 * tomoyo_find_next_domain() because the name of the domain to be
 	 * created was too long or it could not allocate memory.
 	 * More than one process continued execve() without domain transition.
 	 */
 	TOMOYO_DIF_TRANSITION_FAILED,
 	TOMOYO_MAX_DOMAIN_INFO_FLAGS
 };
 /* Index numbers for group entries. */
 enum tomoyo_group_id {
 	TOMOYO_PATH_GROUP,
 	TOMOYO_NUMBER_GROUP,
 	TOMOYO_MAX_GROUP
 };
 /* Index numbers for type of numeric values. */
 enum tomoyo_value_type {
 	TOMOYO_VALUE_TYPE_INVALID,
 	TOMOYO_VALUE_TYPE_DECIMAL,
 	TOMOYO_VALUE_TYPE_OCTAL,
 	TOMOYO_VALUE_TYPE_HEXADECIMAL,
 };
 /* Index numbers for domain transition control keywords. */
 enum tomoyo_transition_type {
 	/* Do not change this order, */
 	TOMOYO_TRANSITION_CONTROL_NO_RESET,
 	TOMOYO_TRANSITION_CONTROL_RESET,
 	TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE,
 	TOMOYO_TRANSITION_CONTROL_INITIALIZE,
 	TOMOYO_TRANSITION_CONTROL_NO_KEEP,
 	TOMOYO_TRANSITION_CONTROL_KEEP,
 	TOMOYO_MAX_TRANSITION_TYPE
 };
 /* Index numbers for Access Controls. */
 enum tomoyo_acl_entry_type_index {
 	TOMOYO_TYPE_PATH_ACL,
 	TOMOYO_TYPE_PATH2_ACL,
 	TOMOYO_TYPE_PATH_NUMBER_ACL,
 	TOMOYO_TYPE_MKDEV_ACL,
 	TOMOYO_TYPE_MOUNT_ACL,
 };
 /* Index numbers for access controls with one pathname. */
 enum tomoyo_path_acl_index {
 	TOMOYO_TYPE_EXECUTE,
 	TOMOYO_TYPE_READ,
 	TOMOYO_TYPE_WRITE,
 	TOMOYO_TYPE_APPEND,
 	TOMOYO_TYPE_UNLINK,
 	TOMOYO_TYPE_GETATTR,
 	TOMOYO_TYPE_RMDIR,
 	TOMOYO_TYPE_TRUNCATE,
 	TOMOYO_TYPE_SYMLINK,
 	TOMOYO_TYPE_CHROOT,
 	TOMOYO_TYPE_UMOUNT,
 	TOMOYO_MAX_PATH_OPERATION
 };
 /* Index numbers for /sys/kernel/security/tomoyo/stat interface. */
 enum tomoyo_memory_stat_type {
 	TOMOYO_MEMORY_POLICY,
 	TOMOYO_MEMORY_AUDIT,
 	TOMOYO_MEMORY_QUERY,
 	TOMOYO_MAX_MEMORY_STAT
 };
 enum tomoyo_mkdev_acl_index {
 	TOMOYO_TYPE_MKBLOCK,
 	TOMOYO_TYPE_MKCHAR,
 	TOMOYO_MAX_MKDEV_OPERATION
 };
 /* Index numbers for access controls with two pathnames. */
 enum tomoyo_path2_acl_index {
 	TOMOYO_TYPE_LINK,
 	TOMOYO_TYPE_RENAME,
 	TOMOYO_TYPE_PIVOT_ROOT,
 	TOMOYO_MAX_PATH2_OPERATION
 };
 /* Index numbers for access controls with one pathname and one number. */
 enum tomoyo_path_number_acl_index {
 	TOMOYO_TYPE_CREATE,
 	TOMOYO_TYPE_MKDIR,
 	TOMOYO_TYPE_MKFIFO,
 	TOMOYO_TYPE_MKSOCK,
 	TOMOYO_TYPE_IOCTL,
 	TOMOYO_TYPE_CHMOD,
 	TOMOYO_TYPE_CHOWN,
 	TOMOYO_TYPE_CHGRP,
 	TOMOYO_MAX_PATH_NUMBER_OPERATION
 };
 /* Index numbers for /sys/kernel/security/tomoyo/ interfaces. */
 enum tomoyo_securityfs_interface_index {
 	TOMOYO_DOMAINPOLICY,
 	TOMOYO_EXCEPTIONPOLICY,
 	TOMOYO_PROCESS_STATUS,
 	TOMOYO_STAT,
 	TOMOYO_SELFDOMAIN,
 	TOMOYO_AUDIT,
 	TOMOYO_VERSION,
 	TOMOYO_PROFILE,
 	TOMOYO_QUERY,
 	TOMOYO_MANAGER
 };
 /* Index numbers for special mount operations. */
 enum tomoyo_special_mount {
 	TOMOYO_MOUNT_BIND,            /* mount --bind /source /dest   */
 	TOMOYO_MOUNT_MOVE,            /* mount --move /old /new       */
 	TOMOYO_MOUNT_REMOUNT,         /* mount -o remount /dir        */
 	TOMOYO_MOUNT_MAKE_UNBINDABLE, /* mount --make-unbindable /dir */
 	TOMOYO_MOUNT_MAKE_PRIVATE,    /* mount --make-private /dir    */
 	TOMOYO_MOUNT_MAKE_SLAVE,      /* mount --make-slave /dir      */
 	TOMOYO_MOUNT_MAKE_SHARED,     /* mount --make-shared /dir     */
 	TOMOYO_MAX_SPECIAL_MOUNT
 };
 /* Index numbers for functionality. */
 enum tomoyo_mac_index {
 	TOMOYO_MAC_FILE_EXECUTE,
 	TOMOYO_MAC_FILE_OPEN,
 	TOMOYO_MAC_FILE_CREATE,
 	TOMOYO_MAC_FILE_UNLINK,
 	TOMOYO_MAC_FILE_GETATTR,
 	TOMOYO_MAC_FILE_MKDIR,
 	TOMOYO_MAC_FILE_RMDIR,
 	TOMOYO_MAC_FILE_MKFIFO,
 	TOMOYO_MAC_FILE_MKSOCK,
 	TOMOYO_MAC_FILE_TRUNCATE,
 	TOMOYO_MAC_FILE_SYMLINK,
 	TOMOYO_MAC_FILE_MKBLOCK,
 	TOMOYO_MAC_FILE_MKCHAR,
 	TOMOYO_MAC_FILE_LINK,
 	TOMOYO_MAC_FILE_RENAME,
 	TOMOYO_MAC_FILE_CHMOD,
 	TOMOYO_MAC_FILE_CHOWN,
 	TOMOYO_MAC_FILE_CHGRP,
 	TOMOYO_MAC_FILE_IOCTL,
 	TOMOYO_MAC_FILE_CHROOT,
 	TOMOYO_MAC_FILE_MOUNT,
 	TOMOYO_MAC_FILE_UMOUNT,
 	TOMOYO_MAC_FILE_PIVOT_ROOT,
 	TOMOYO_MAX_MAC_INDEX
 };
 /* Index numbers for category of functionality. */
 enum tomoyo_mac_category_index {
 	TOMOYO_MAC_CATEGORY_FILE,
 	TOMOYO_MAX_MAC_CATEGORY_INDEX
 };
 /*
  * Retry this request. Returned by tomoyo_supervisor() if policy violation has
  * occurred in enforcing mode and the userspace daemon decided to retry.
  *
  * We must choose a positive value in order to distinguish "granted" (which is
  * 0) and "rejected" (which is a negative value) and "retry".
  */
 #define TOMOYO_RETRY_REQUEST 1
 /* Index numbers for /sys/kernel/security/tomoyo/stat interface. */
 enum tomoyo_policy_stat_type {
 	/* Do not change this order. */
 	TOMOYO_STAT_POLICY_UPDATES,
 	TOMOYO_STAT_POLICY_LEARNING,   /* == TOMOYO_CONFIG_LEARNING */
 	TOMOYO_STAT_POLICY_PERMISSIVE, /* == TOMOYO_CONFIG_PERMISSIVE */
 	TOMOYO_STAT_POLICY_ENFORCING,  /* == TOMOYO_CONFIG_ENFORCING */
 	TOMOYO_MAX_POLICY_STAT
 };
 /* Index numbers for profile's PREFERENCE values. */
 enum tomoyo_pref_index {
 	TOMOYO_PREF_MAX_AUDIT_LOG,
 	TOMOYO_PREF_MAX_LEARNING_ENTRY,
 	TOMOYO_MAX_PREF
 };
 /********** Structure definitions. **********/
 /* Common header for holding ACL entries. */
 struct tomoyo_acl_head {
 	struct list_head list;
 	bool is_deleted;
 } __packed;
 /* Common header for shared entries. */
 struct tomoyo_shared_acl_head {
 	struct list_head list;
 	atomic_t users;
 } __packed;
 struct tomoyo_policy_namespace;
 /* Structure for request info. */
 struct tomoyo_request_info {
 	/*
 	 * For holding parameters specific to operations which deal files.
 	 * NULL if not dealing files.
 	 */
 	struct tomoyo_obj_info *obj;
 	/*
 	 * For holding parameters specific to execve() request.
 	 * NULL if not dealing do_execve().
 	 */
 	struct tomoyo_execve *ee;
 	struct tomoyo_domain_info *domain;
 	/* For holding parameters. */
 	union {
 		struct {
 			const struct tomoyo_path_info *filename;
 			/* For using wildcards at tomoyo_find_next_domain(). */
 			const struct tomoyo_path_info *matched_path;
 			/* One of values in "enum tomoyo_path_acl_index". */
 			u8 operation;
 		} path;
 		struct {
 			const struct tomoyo_path_info *filename1;
 			const struct tomoyo_path_info *filename2;
 			/* One of values in "enum tomoyo_path2_acl_index". */
 			u8 operation;
 		} path2;
 		struct {
 			const struct tomoyo_path_info *filename;
 			unsigned int mode;
 			unsigned int major;
 			unsigned int minor;
 			/* One of values in "enum tomoyo_mkdev_acl_index". */
 			u8 operation;
 		} mkdev;
 		struct {
 			const struct tomoyo_path_info *filename;
 			unsigned long number;
 			/*
 			 * One of values in
 			 * "enum tomoyo_path_number_acl_index".
 			 */
 			u8 operation;
 		} path_number;
 		struct {
 			const struct tomoyo_path_info *type;
 			const struct tomoyo_path_info *dir;
 			const struct tomoyo_path_info *dev;
 			unsigned long flags;
 			int need_dev;
 		} mount;
 	} param;
 	u8 param_type;
 	bool granted;
 	u8 retry;
 	u8 profile;
 	u8 mode; /* One of tomoyo_mode_index . */
 	u8 type;
 };
 /* Structure for holding a token. */
 struct tomoyo_path_info {
 	const char *name;
 	u32 hash;          /* = full_name_hash(name, strlen(name)) */
 	u16 const_len;     /* = tomoyo_const_part_length(name)     */
 	bool is_dir;       /* = tomoyo_strendswith(name, "/")      */
 	bool is_patterned; /* = tomoyo_path_contains_pattern(name) */
 };
 /* Structure for holding string data. */
 struct tomoyo_name {
 	struct tomoyo_shared_acl_head head;
 	struct tomoyo_path_info entry;
 };
 /* Structure for holding a word. */
 struct tomoyo_name_union {
 	/* Either @filename or @group is NULL. */
 	const struct tomoyo_path_info *filename;
 	struct tomoyo_group *group;
 };
 /* Structure for holding a number. */
 struct tomoyo_number_union {
 	unsigned long values[2];
 	struct tomoyo_group *group; /* Maybe NULL. */
 	/* One of values in "enum tomoyo_value_type". */
 	u8 value_type[2];
 };
 /* Structure for "path_group"/"number_group" directive. */
 struct tomoyo_group {
 	struct tomoyo_shared_acl_head head;
 	const struct tomoyo_path_info *group_name;
 	struct list_head member_list;
 };
 /* Structure for "path_group" directive. */
 struct tomoyo_path_group {
 	struct tomoyo_acl_head head;
 	const struct tomoyo_path_info *member_name;
 };
 /* Structure for "number_group" directive. */
 struct tomoyo_number_group {
 	struct tomoyo_acl_head head;
 	struct tomoyo_number_union number;
 };
 /* Subset of "struct stat". Used by conditional ACL and audit logs. */
 struct tomoyo_mini_stat {
 	uid_t uid;
 	gid_t gid;
 	ino_t ino;
 	mode_t mode;
 	dev_t dev;
 	dev_t rdev;
 };
 /* Structure for dumping argv[] and envp[] of "struct linux_binprm". */
 struct tomoyo_page_dump {
 	struct page *page;    /* Previously dumped page. */
 	char *data;           /* Contents of "page". Size is PAGE_SIZE. */
 };
 /* Structure for attribute checks in addition to pathname checks. */
 struct tomoyo_obj_info {
 	/*
 	 * True if tomoyo_get_attributes() was already called, false otherwise.
 	 */
 	bool validate_done;
 	/* True if @stat[] is valid. */
 	bool stat_valid[TOMOYO_MAX_PATH_STAT];
 	/* First pathname. Initialized with { NULL, NULL } if no path. */
 	struct path path1;
 	/* Second pathname. Initialized with { NULL, NULL } if no path. */
 	struct path path2;
 	/*
 	 * Information on @path1, @path1's parent directory, @path2, @path2's
 	 * parent directory.
 	 */
 	struct tomoyo_mini_stat stat[TOMOYO_MAX_PATH_STAT];
 	/*
 	 * Content of symbolic link to be created. NULL for operations other
 	 * than symlink().
 	 */
 	struct tomoyo_path_info *symlink_target;
 };
 /* Structure for argv[]. */
 struct tomoyo_argv {
 	unsigned long index;
 	const struct tomoyo_path_info *value;
 	bool is_not;
 };
 /* Structure for envp[]. */
 struct tomoyo_envp {
 	const struct tomoyo_path_info *name;
 	const struct tomoyo_path_info *value;
 	bool is_not;
 };
 /* Structure for execve() operation. */
 struct tomoyo_execve {
 	struct tomoyo_request_info r;
 	struct tomoyo_obj_info obj;
 	struct linux_binprm *bprm;
 	/* For dumping argv[] and envp[]. */
 	struct tomoyo_page_dump dump;
 	/* For temporary use. */
 	char *tmp; /* Size is TOMOYO_EXEC_TMPSIZE bytes */
 };
 /* Structure for entries which follows "struct tomoyo_condition". */
 struct tomoyo_condition_element {
 	/*
 	 * Left hand operand. A "struct tomoyo_argv" for TOMOYO_ARGV_ENTRY, a
 	 * "struct tomoyo_envp" for TOMOYO_ENVP_ENTRY is attached to the tail
 	 * of the array of this struct.
 	 */
 	u8 left;
 	/*
 	 * Right hand operand. A "struct tomoyo_number_union" for
 	 * TOMOYO_NUMBER_UNION, a "struct tomoyo_name_union" for
 	 * TOMOYO_NAME_UNION is attached to the tail of the array of this
 	 * struct.
 	 */
 	u8 right;
 	/* Equation operator. True if equals or overlaps, false otherwise. */
 	bool equals;
 };
 /* Structure for optional arguments. */
 struct tomoyo_condition {
 	struct tomoyo_shared_acl_head head;
 	u32 size; /* Memory size allocated for this entry. */
 	u16 condc; /* Number of conditions in this struct. */
 	u16 numbers_count; /* Number of "struct tomoyo_number_union values". */
 	u16 names_count; /* Number of "struct tomoyo_name_union names". */
 	u16 argc; /* Number of "struct tomoyo_argv". */
 	u16 envc; /* Number of "struct tomoyo_envp". */
 	/*
 	 * struct tomoyo_condition_element condition[condc];
 	 * struct tomoyo_number_union values[numbers_count];
 	 * struct tomoyo_name_union names[names_count];
 	 * struct tomoyo_argv argv[argc];
 	 * struct tomoyo_envp envp[envc];
 	 */
 };
 /* Common header for individual entries. */
 struct tomoyo_acl_info {
 	struct list_head list;
 	struct tomoyo_condition *cond; /* Maybe NULL. */
 	bool is_deleted;
 	u8 type; /* One of values in "enum tomoyo_acl_entry_type_index". */
 } __packed;
 /* Structure for domain information. */
 struct tomoyo_domain_info {
 	struct list_head list;
 	struct list_head acl_info_list;
 	/* Name of this domain. Never NULL.          */
 	const struct tomoyo_path_info *domainname;
 	/* Namespace for this domain. Never NULL. */
 	struct tomoyo_policy_namespace *ns;
 	u8 profile;        /* Profile number to use. */
 	u8 group;          /* Group number to use.   */
 	bool is_deleted;   /* Delete flag.           */
 	bool flags[TOMOYO_MAX_DOMAIN_INFO_FLAGS];
 	atomic_t users; /* Number of referring credentials. */
 };
 /*
  * Structure for "file execute", "file read", "file write", "file append",
  * "file unlink", "file getattr", "file rmdir", "file truncate",
  * "file symlink", "file chroot" and "file unmount" directive.
  */
 struct tomoyo_path_acl {
 	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */
 	u16 perm; /* Bitmask of values in "enum tomoyo_path_acl_index". */
 	struct tomoyo_name_union name;
 };
 /*
  * Structure for "file create", "file mkdir", "file mkfifo", "file mksock",
  * "file ioctl", "file chmod", "file chown" and "file chgrp" directive.
  */
 struct tomoyo_path_number_acl {
 	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER_ACL */
 	/* Bitmask of values in "enum tomoyo_path_number_acl_index". */
 	u8 perm;
 	struct tomoyo_name_union name;
 	struct tomoyo_number_union number;
 };
 /* Structure for "file mkblock" and "file mkchar" directive. */
 struct tomoyo_mkdev_acl {
 	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MKDEV_ACL */
 	u8 perm; /* Bitmask of values in "enum tomoyo_mkdev_acl_index". */
 	struct tomoyo_name_union name;
 	struct tomoyo_number_union mode;
 	struct tomoyo_number_union major;
 	struct tomoyo_number_union minor;
 };
 /*
  * Structure for "file rename", "file link" and "file pivot_root" directive.
  */
 struct tomoyo_path2_acl {
 	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */
 	u8 perm; /* Bitmask of values in "enum tomoyo_path2_acl_index". */
 	struct tomoyo_name_union name1;
 	struct tomoyo_name_union name2;
 };
 /* Structure for "file mount" directive. */
 struct tomoyo_mount_acl {
 	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MOUNT_ACL */
 	struct tomoyo_name_union dev_name;
 	struct tomoyo_name_union dir_name;
 	struct tomoyo_name_union fs_type;
 	struct tomoyo_number_union flags;
 };
 /* Structure for holding a line from /sys/kernel/security/tomoyo/ interface. */
 struct tomoyo_acl_param {
 	char *data;
 	struct list_head *list;
 	struct tomoyo_policy_namespace *ns;
 	bool is_delete;
 };
 #define TOMOYO_MAX_IO_READ_QUEUE 64
 /*
  * Structure for reading/writing policy via /sys/kernel/security/tomoyo
  * interfaces.
  */
 struct tomoyo_io_buffer {
 	void (*read) (struct tomoyo_io_buffer *);
 	int (*write) (struct tomoyo_io_buffer *);
 	int (*poll) (struct file *file, poll_table *wait);
 	/* Exclusive lock for this structure.   */
 	struct mutex io_sem;
 	char __user *read_user_buf;
 	size_t read_user_buf_avail;
 	struct {
 		struct list_head *ns;
 		struct list_head *domain;
 		struct list_head *group;
 		struct list_head *acl;
 		size_t avail;
 		unsigned int step;
 		unsigned int query_index;
 		u16 index;
 		u16 cond_index;
 		u8 acl_group_index;
 		u8 cond_step;
 		u8 bit;
 		u8 w_pos;
 		bool eof;
 		bool print_this_domain_only;
 		bool print_transition_related_only;
 		bool print_cond_part;
 		const char *w[TOMOYO_MAX_IO_READ_QUEUE];
 	} r;
 	struct {
 		struct tomoyo_policy_namespace *ns;
 		/* The position currently writing to.   */
 		struct tomoyo_domain_info *domain;
 		/* Bytes available for writing.         */
 		size_t avail;
 		bool is_delete;
 	} w;
 	/* Buffer for reading.                  */
 	char *read_buf;
 	/* Size of read buffer.                 */
 	size_t readbuf_size;
 	/* Buffer for writing.                  */
 	char *write_buf;
 	/* Size of write buffer.                */
 	size_t writebuf_size;
 	/* Type of this interface.              */
 	enum tomoyo_securityfs_interface_index type;
 	/* Users counter protected by tomoyo_io_buffer_list_lock. */
 	u8 users;
 	/* List for telling GC not to kfree() elements. */
 	struct list_head list;
 };
 /*
  * Structure for "initialize_domain"/"no_initialize_domain"/"keep_domain"/
  * "no_keep_domain" keyword.
  */
 struct tomoyo_transition_control {
 	struct tomoyo_acl_head head;
 	u8 type; /* One of values in "enum tomoyo_transition_type".  */
 	/* True if the domainname is tomoyo_get_last_name(). */
 	bool is_last_name;
 	const struct tomoyo_path_info *domainname; /* Maybe NULL */
 	const struct tomoyo_path_info *program;    /* Maybe NULL */
 };
 /* Structure for "aggregator" keyword. */
 struct tomoyo_aggregator {
 	struct tomoyo_acl_head head;
 	const struct tomoyo_path_info *original_name;
 	const struct tomoyo_path_info *aggregated_name;
 };
 /* Structure for policy manager. */
 struct tomoyo_manager {
 	struct tomoyo_acl_head head;
 	bool is_domain;  /* True if manager is a domainname. */
 	/* A path to program or a domainname. */
 	const struct tomoyo_path_info *manager;
 };
 struct tomoyo_preference {
 	unsigned int learning_max_entry;
 	bool enforcing_verbose;
 	bool learning_verbose;
 	bool permissive_verbose;
 };
 /* Structure for /sys/kernel/security/tomnoyo/profile interface. */
 struct tomoyo_profile {
 	const struct tomoyo_path_info *comment;
 	struct tomoyo_preference *learning;
 	struct tomoyo_preference *permissive;
 	struct tomoyo_preference *enforcing;
 	struct tomoyo_preference preference;
 	u8 default_config;
 	u8 config[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX];
 	unsigned int pref[TOMOYO_MAX_PREF];
 };
 /* Structure for representing YYYY/MM/DD hh/mm/ss. */
 struct tomoyo_time {
 	u16 year;
 	u8 month;
 	u8 day;
 	u8 hour;
 	u8 min;
 	u8 sec;
 };
 /* Structure for policy namespace. */
 struct tomoyo_policy_namespace {
 	/* Profile table. Memory is allocated as needed. */
 	struct tomoyo_profile *profile_ptr[TOMOYO_MAX_PROFILES];
 	/* List of "struct tomoyo_group". */
 	struct list_head group_list[TOMOYO_MAX_GROUP];
 	/* List of policy. */
 	struct list_head policy_list[TOMOYO_MAX_POLICY];
 	/* The global ACL referred by "use_group" keyword. */
 	struct list_head acl_group[TOMOYO_MAX_ACL_GROUPS];
 	/* List for connecting to tomoyo_namespace_list list. */
 	struct list_head namespace_list;
 	/* Profile version. Currently only 20100903 is defined. */
 	unsigned int profile_version;
 	/* Name of this namespace (e.g. "<kernel>", "</usr/sbin/httpd>" ). */
 	const char *name;
 };
 /********** Function prototypes. **********/
 bool tomoyo_compare_number_union(const unsigned long value,
 				 const struct tomoyo_number_union *ptr);
 bool tomoyo_condition(struct tomoyo_request_info *r,
 		      const struct tomoyo_condition *cond);
 bool tomoyo_correct_domain(const unsigned char *domainname);
 bool tomoyo_correct_path(const char *filename);
 bool tomoyo_correct_word(const char *string);
 bool tomoyo_domain_def(const unsigned char *buffer);
 bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
 bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos,
 		      struct tomoyo_page_dump *dump);
 bool tomoyo_memory_ok(void *ptr);
 bool tomoyo_number_matches_group(const unsigned long min,
 				 const unsigned long max,
 				 const struct tomoyo_group *group);
 bool tomoyo_parse_name_union(struct tomoyo_acl_param *param,
 			     struct tomoyo_name_union *ptr);
 bool tomoyo_parse_number_union(struct tomoyo_acl_param *param,
 			       struct tomoyo_number_union *ptr);
 bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
 				 const struct tomoyo_path_info *pattern);
 bool tomoyo_permstr(const char *string, const char *keyword);
 bool tomoyo_str_starts(char **src, const char *find);
 char *tomoyo_encode(const char *str);
 char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt,
 		      va_list args);
 char *tomoyo_read_token(struct tomoyo_acl_param *param);
 char *tomoyo_realpath_from_path(struct path *path);
 char *tomoyo_realpath_nofollow(const char *pathname);
 const char *tomoyo_get_exe(void);
 const char *tomoyo_yesno(const unsigned int value);
 const struct tomoyo_path_info *tomoyo_compare_name_union
 (const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr);
 const struct tomoyo_path_info *tomoyo_get_name(const char *name);
 const struct tomoyo_path_info *tomoyo_path_matches_group
 (const struct tomoyo_path_info *pathname, const struct tomoyo_group *group);
 int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
 				 struct path *path, const int flag);
 int tomoyo_close_control(struct tomoyo_io_buffer *head);
 int tomoyo_find_next_domain(struct linux_binprm *bprm);
 int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
 		    const u8 index);
 int tomoyo_init_request_info(struct tomoyo_request_info *r,
 			     struct tomoyo_domain_info *domain,
 			     const u8 index);
 int tomoyo_mkdev_perm(const u8 operation, struct path *path,
 		      const unsigned int mode, unsigned int dev);
 int tomoyo_mount_permission(char *dev_name, struct path *path,
 			    const char *type, unsigned long flags,
 			    void *data_page);
 int tomoyo_open_control(const u8 type, struct file *file);
 int tomoyo_path2_perm(const u8 operation, struct path *path1,
 		      struct path *path2);
 int tomoyo_path_number_perm(const u8 operation, struct path *path,
 			    unsigned long number);
-int tomoyo_path_perm(const u8 operation, struct path *path);
+int tomoyo_path_perm(const u8 operation, struct path *path,
+		     const char *target);
 int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
 			   const struct tomoyo_path_info *filename);
 int tomoyo_poll_control(struct file *file, poll_table *wait);
 int tomoyo_poll_log(struct file *file, poll_table *wait);
 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
 	__printf(2, 3);
 int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
 			 struct tomoyo_acl_param *param,
 			 bool (*check_duplicate)
 			 (const struct tomoyo_acl_info *,
 			  const struct tomoyo_acl_info *),
 			 bool (*merge_duplicate)
 			 (struct tomoyo_acl_info *, struct tomoyo_acl_info *,
 			  const bool));
 int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
 			 struct tomoyo_acl_param *param,
 			 bool (*check_duplicate)
 			 (const struct tomoyo_acl_head *,
 			  const struct tomoyo_acl_head *));
 int tomoyo_write_aggregator(struct tomoyo_acl_param *param);
 int tomoyo_write_file(struct tomoyo_acl_param *param);
 int tomoyo_write_group(struct tomoyo_acl_param *param, const u8 type);
 int tomoyo_write_transition_control(struct tomoyo_acl_param *param,
 				    const u8 type);
 ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
 			    const int buffer_len);
 ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
 			     const char __user *buffer, const int buffer_len);
 struct tomoyo_condition *tomoyo_get_condition(struct tomoyo_acl_param *param);
 struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
 						const bool transit);
 struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
 struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param,
 				      const u8 idx);
 struct tomoyo_policy_namespace *tomoyo_assign_namespace
 (const char *domainname);
 struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns,
 				      const u8 profile);
 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
 				const u8 index);
 u8 tomoyo_parse_ulong(unsigned long *result, char **str);
 void *tomoyo_commit_ok(void *data, const unsigned int size);
 void __init tomoyo_load_builtin_policy(void);
 void __init tomoyo_mm_init(void);
 void tomoyo_check_acl(struct tomoyo_request_info *r,
 		      bool (*check_entry) (struct tomoyo_request_info *,
 					   const struct tomoyo_acl_info *));
 void tomoyo_check_profile(void);
 void tomoyo_convert_time(time_t time, struct tomoyo_time *stamp);
 void tomoyo_del_condition(struct list_head *element);
 void tomoyo_fill_path_info(struct tomoyo_path_info *ptr);
 void tomoyo_get_attributes(struct tomoyo_obj_info *obj);
 void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns);
 void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
 	 __printf(2, 3);
 void tomoyo_load_policy(const char *filename);
 void tomoyo_memory_free(void *ptr);
 void tomoyo_normalize_line(unsigned char *buffer);
 void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register);
 void tomoyo_print_ulong(char *buffer, const int buffer_len,
 			const unsigned long value, const u8 type);
 void tomoyo_put_name_union(struct tomoyo_name_union *ptr);
 void tomoyo_put_number_union(struct tomoyo_number_union *ptr);
 void tomoyo_read_log(struct tomoyo_io_buffer *head);
 void tomoyo_update_stat(const u8 index);
 void tomoyo_warn_oom(const char *function);
 void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...)
 	__printf(2, 3);
 void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt,
 		       va_list args);
 /********** External variable definitions. **********/
 extern bool tomoyo_policy_loaded;
 extern const char * const tomoyo_condition_keyword
 [TOMOYO_MAX_CONDITION_KEYWORD];
 extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS];
 extern const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
 					      + TOMOYO_MAX_MAC_CATEGORY_INDEX];
 extern const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE];
 extern const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION];
 extern const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX];
 extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION];
 extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION];
 extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION];
 extern struct list_head tomoyo_condition_list;
 extern struct list_head tomoyo_domain_list;
 extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
 extern struct list_head tomoyo_namespace_list;
 extern struct mutex tomoyo_policy_lock;
 extern struct srcu_struct tomoyo_ss;
 extern struct tomoyo_domain_info tomoyo_kernel_domain;
 extern struct tomoyo_policy_namespace tomoyo_kernel_namespace;
 extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT];
 extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT];
 /********** Inlined functions. **********/
 /**
  * tomoyo_read_lock - Take lock for protecting policy.
  *
  * Returns index number for tomoyo_read_unlock().
  */
 static inline int tomoyo_read_lock(void)
 {
 	return srcu_read_lock(&tomoyo_ss);
 }
 /**
  * tomoyo_read_unlock - Release lock for protecting policy.
  *
  * @idx: Index number returned by tomoyo_read_lock().
  *
  * Returns nothing.
  */
 static inline void tomoyo_read_unlock(int idx)
 {
 	srcu_read_unlock(&tomoyo_ss, idx);
 }
 /**
  * tomoyo_sys_getppid - Copy of getppid().
  *
  * Returns parent process's PID.
  *
  * Alpha does not have getppid() defined. To be able to build this module on
  * Alpha, I have to copy getppid() from kernel/timer.c.
  */
 static inline pid_t tomoyo_sys_getppid(void)
 {
 	pid_t pid;
 	rcu_read_lock();
 	pid = task_tgid_vnr(current->real_parent);
 	rcu_read_unlock();
 	return pid;
 }
 /**
  * tomoyo_sys_getpid - Copy of getpid().
  *
  * Returns current thread's PID.
  *
  * Alpha does not have getpid() defined. To be able to build this module on
  * Alpha, I have to copy getpid() from kernel/timer.c.
  */
 static inline pid_t tomoyo_sys_getpid(void)
 {
 	return task_tgid_vnr(current);
 }
 /**
  * tomoyo_pathcmp - strcmp() for "struct tomoyo_path_info" structure.
  *
  * @a: Pointer to "struct tomoyo_path_info".
  * @b: Pointer to "struct tomoyo_path_info".
  *
  * Returns true if @a == @b, false otherwise.
  */
 static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a,
 				  const struct tomoyo_path_info *b)
 {
 	return a->hash != b->hash || strcmp(a->name, b->name);
 }
 /**
  * tomoyo_put_name - Drop reference on "struct tomoyo_name".
  *
  * @name: Pointer to "struct tomoyo_path_info". Maybe NULL.
  *
  * Returns nothing.
  */
 static inline void tomoyo_put_name(const struct tomoyo_path_info *name)
 {
 	if (name) {
 		struct tomoyo_name *ptr =
 			container_of(name, typeof(*ptr), entry);
 		atomic_dec(&ptr->head.users);
 	}
 }
 /**
  * tomoyo_put_condition - Drop reference on "struct tomoyo_condition".
  *
  * @cond: Pointer to "struct tomoyo_condition". Maybe NULL.
  *
  * Returns nothing.
  */
 static inline void tomoyo_put_condition(struct tomoyo_condition *cond)
 {
 	if (cond)
 		atomic_dec(&cond->head.users);
 }
 /**
  * tomoyo_put_group - Drop reference on "struct tomoyo_group".
  *
  * @group: Pointer to "struct tomoyo_group". Maybe NULL.
  *
  * Returns nothing.
  */
 static inline void tomoyo_put_group(struct tomoyo_group *group)
 {
 	if (group)
 		atomic_dec(&group->head.users);
 }
 /**
  * tomoyo_domain - Get "struct tomoyo_domain_info" for current thread.
  *
  * Returns pointer to "struct tomoyo_domain_info" for current thread.
  */
 static inline struct tomoyo_domain_info *tomoyo_domain(void)
 {
 	return current_cred()->security;
 }
 /**
  * tomoyo_real_domain - Get "struct tomoyo_domain_info" for specified thread.
  *
  * @task: Pointer to "struct task_struct".
  *
  * Returns pointer to "struct tomoyo_security" for specified thread.
  */
 static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
 							    *task)
 {
 	return task_cred_xxx(task, security);
 }
 /**
  * tomoyo_same_name_union - Check for duplicated "struct tomoyo_name_union" entry.
  *
  * @a: Pointer to "struct tomoyo_name_union".
  * @b: Pointer to "struct tomoyo_name_union".
  *
  * Returns true if @a == @b, false otherwise.
  */
 static inline bool tomoyo_same_name_union
 (const struct tomoyo_name_union *a, const struct tomoyo_name_union *b)
 {
 	return a->filename == b->filename && a->group == b->group;
 }
 /**
  * tomoyo_same_number_union - Check for duplicated "struct tomoyo_number_union" entry.
  *
  * @a: Pointer to "struct tomoyo_number_union".
  * @b: Pointer to "struct tomoyo_number_union".
  *
  * Returns true if @a == @b, false otherwise.
  */
 static inline bool tomoyo_same_number_union
 (const struct tomoyo_number_union *a, const struct tomoyo_number_union *b)
 {
 	return a->values[0] == b->values[0] && a->values[1] == b->values[1] &&
 		a->group == b->group && a->value_type[0] == b->value_type[0] &&
 		a->value_type[1] == b->value_type[1];
 }
 /**
  * tomoyo_current_namespace - Get "struct tomoyo_policy_namespace" for current thread.
  *
  * Returns pointer to "struct tomoyo_policy_namespace" for current thread.
  */
 static inline struct tomoyo_policy_namespace *tomoyo_current_namespace(void)
 {
 	return tomoyo_domain()->ns;
 }
 #if defined(CONFIG_SLOB)
 /**
  * tomoyo_round2 - Round up to power of 2 for calculating memory usage.
  *
  * @size: Size to be rounded up.
  *
  * Returns @size.
  *
  * Since SLOB does not round up, this function simply returns @size.
  */
 static inline int tomoyo_round2(size_t size)
 {
 	return size;
 }
 #else
 /**
  * tomoyo_round2 - Round up to power of 2 for calculating memory usage.
  *
  * @size: Size to be rounded up.
  *
  * Returns rounded size.
  *
  * Strictly speaking, SLAB may be able to allocate (e.g.) 96 bytes instead of
  * (e.g.) 128 bytes.
  */
 static inline int tomoyo_round2(size_t size)
 {
 #if PAGE_SIZE == 4096
 	size_t bsize = 32;
 #else
 	size_t bsize = 64;
 #endif
 	if (!size)
 		return 0;
 	while (size > bsize)
 		bsize <<= 1;
 	return bsize;
 }
 #endif
 /**
  * list_for_each_cookie - iterate over a list with cookie.
  * @pos:        the &struct list_head to use as a loop cursor.
  * @head:       the head for your list.
  */
 #define list_for_each_cookie(pos, head)					\
 	if (!pos)							\
 		pos =  srcu_dereference((head)->next, &tomoyo_ss);	\
 	for ( ; pos != (head); pos = srcu_dereference(pos->next, &tomoyo_ss))
 #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */

security/tomoyo/domain.c

Diff comments View file @ 97fb35e

1	/*	1	/*
2	* security/tomoyo/domain.c	2	* security/tomoyo/domain.c
3	*	3	*
4	* Domain transition functions for TOMOYO.	4	* Domain transition functions for TOMOYO.
5	*	5	*
6	* Copyright (C) 2005-2010 NTT DATA CORPORATION	6	* Copyright (C) 2005-2010 NTT DATA CORPORATION
7	*/	7	*/
8		8
9	#include "common.h"	9	#include "common.h"
10	#include <linux/binfmts.h>	10	#include <linux/binfmts.h>
11	#include <linux/slab.h>	11	#include <linux/slab.h>
12		12
13	/* Variables definitions.*/	13	/* Variables definitions.*/
14		14
15	/* The initial domain. */	15	/* The initial domain. */
16	struct tomoyo_domain_info tomoyo_kernel_domain;	16	struct tomoyo_domain_info tomoyo_kernel_domain;
17		17
18	/**	18	/**
19	* tomoyo_update_policy - Update an entry for exception policy.	19	* tomoyo_update_policy - Update an entry for exception policy.
20	*	20	*
21	* @new_entry: Pointer to "struct tomoyo_acl_info".	21	* @new_entry: Pointer to "struct tomoyo_acl_info".
22	* @size: Size of @new_entry in bytes.	22	* @size: Size of @new_entry in bytes.
23	* @param: Pointer to "struct tomoyo_acl_param".	23	* @param: Pointer to "struct tomoyo_acl_param".
24	* @check_duplicate: Callback function to find duplicated entry.	24	* @check_duplicate: Callback function to find duplicated entry.
25	*	25	*
26	* Returns 0 on success, negative value otherwise.	26	* Returns 0 on success, negative value otherwise.
27	*	27	*
28	* Caller holds tomoyo_read_lock().	28	* Caller holds tomoyo_read_lock().
29	*/	29	*/
30	int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,	30	int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
31	struct tomoyo_acl_param *param,	31	struct tomoyo_acl_param *param,
32	bool (*check_duplicate) (const struct tomoyo_acl_head	32	bool (*check_duplicate) (const struct tomoyo_acl_head
33	*,	33	*,
34	const struct tomoyo_acl_head	34	const struct tomoyo_acl_head
35	*))	35	*))
36	{	36	{
37	int error = param->is_delete ? -ENOENT : -ENOMEM;	37	int error = param->is_delete ? -ENOENT : -ENOMEM;
38	struct tomoyo_acl_head *entry;	38	struct tomoyo_acl_head *entry;
39	struct list_head *list = param->list;	39	struct list_head *list = param->list;
40		40
41	if (mutex_lock_interruptible(&tomoyo_policy_lock))	41	if (mutex_lock_interruptible(&tomoyo_policy_lock))
42	return -ENOMEM;	42	return -ENOMEM;
43	list_for_each_entry_rcu(entry, list, list) {	43	list_for_each_entry_rcu(entry, list, list) {
44	if (!check_duplicate(entry, new_entry))	44	if (!check_duplicate(entry, new_entry))
45	continue;	45	continue;
46	entry->is_deleted = param->is_delete;	46	entry->is_deleted = param->is_delete;
47	error = 0;	47	error = 0;
48	break;	48	break;
49	}	49	}
50	if (error && !param->is_delete) {	50	if (error && !param->is_delete) {
51	entry = tomoyo_commit_ok(new_entry, size);	51	entry = tomoyo_commit_ok(new_entry, size);
52	if (entry) {	52	if (entry) {
53	list_add_tail_rcu(&entry->list, list);	53	list_add_tail_rcu(&entry->list, list);
54	error = 0;	54	error = 0;
55	}	55	}
56	}	56	}
57	mutex_unlock(&tomoyo_policy_lock);	57	mutex_unlock(&tomoyo_policy_lock);
58	return error;	58	return error;
59	}	59	}
60		60
61	/**	61	/**
62	* tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.	62	* tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
63	*	63	*
64	* @a: Pointer to "struct tomoyo_acl_info".	64	* @a: Pointer to "struct tomoyo_acl_info".
65	* @b: Pointer to "struct tomoyo_acl_info".	65	* @b: Pointer to "struct tomoyo_acl_info".
66	*	66	*
67	* Returns true if @a == @b, false otherwise.	67	* Returns true if @a == @b, false otherwise.
68	*/	68	*/
69	static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,	69	static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,
70	const struct tomoyo_acl_info *b)	70	const struct tomoyo_acl_info *b)
71	{	71	{
72	return a->type == b->type && a->cond == b->cond;	72	return a->type == b->type && a->cond == b->cond;
73	}	73	}
74		74
75	/**	75	/**
76	* tomoyo_update_domain - Update an entry for domain policy.	76	* tomoyo_update_domain - Update an entry for domain policy.
77	*	77	*
78	* @new_entry: Pointer to "struct tomoyo_acl_info".	78	* @new_entry: Pointer to "struct tomoyo_acl_info".
79	* @size: Size of @new_entry in bytes.	79	* @size: Size of @new_entry in bytes.
80	* @param: Pointer to "struct tomoyo_acl_param".	80	* @param: Pointer to "struct tomoyo_acl_param".
81	* @check_duplicate: Callback function to find duplicated entry.	81	* @check_duplicate: Callback function to find duplicated entry.
82	* @merge_duplicate: Callback function to merge duplicated entry.	82	* @merge_duplicate: Callback function to merge duplicated entry.
83	*	83	*
84	* Returns 0 on success, negative value otherwise.	84	* Returns 0 on success, negative value otherwise.
85	*	85	*
86	* Caller holds tomoyo_read_lock().	86	* Caller holds tomoyo_read_lock().
87	*/	87	*/
88	int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,	88	int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
89	struct tomoyo_acl_param *param,	89	struct tomoyo_acl_param *param,
90	bool (*check_duplicate) (const struct tomoyo_acl_info	90	bool (*check_duplicate) (const struct tomoyo_acl_info
91	*,	91	*,
92	const struct tomoyo_acl_info	92	const struct tomoyo_acl_info
93	*),	93	*),
94	bool (merge_duplicate) (struct tomoyo_acl_info ,	94	bool (merge_duplicate) (struct tomoyo_acl_info ,
95	struct tomoyo_acl_info *,	95	struct tomoyo_acl_info *,
96	const bool))	96	const bool))
97	{	97	{
98	const bool is_delete = param->is_delete;	98	const bool is_delete = param->is_delete;
99	int error = is_delete ? -ENOENT : -ENOMEM;	99	int error = is_delete ? -ENOENT : -ENOMEM;
100	struct tomoyo_acl_info *entry;	100	struct tomoyo_acl_info *entry;
101	struct list_head * const list = param->list;	101	struct list_head * const list = param->list;
102		102
103	if (param->data[0]) {	103	if (param->data[0]) {
104	new_entry->cond = tomoyo_get_condition(param);	104	new_entry->cond = tomoyo_get_condition(param);
105	if (!new_entry->cond)	105	if (!new_entry->cond)
106	return -EINVAL;	106	return -EINVAL;
107	}	107	}
108	if (mutex_lock_interruptible(&tomoyo_policy_lock))	108	if (mutex_lock_interruptible(&tomoyo_policy_lock))
109	goto out;	109	goto out;
110	list_for_each_entry_rcu(entry, list, list) {	110	list_for_each_entry_rcu(entry, list, list) {
111	if (!tomoyo_same_acl_head(entry, new_entry) \|\|	111	if (!tomoyo_same_acl_head(entry, new_entry) \|\|
112	!check_duplicate(entry, new_entry))	112	!check_duplicate(entry, new_entry))
113	continue;	113	continue;
114	if (merge_duplicate)	114	if (merge_duplicate)
115	entry->is_deleted = merge_duplicate(entry, new_entry,	115	entry->is_deleted = merge_duplicate(entry, new_entry,
116	is_delete);	116	is_delete);
117	else	117	else
118	entry->is_deleted = is_delete;	118	entry->is_deleted = is_delete;
119	error = 0;	119	error = 0;
120	break;	120	break;
121	}	121	}
122	if (error && !is_delete) {	122	if (error && !is_delete) {
123	entry = tomoyo_commit_ok(new_entry, size);	123	entry = tomoyo_commit_ok(new_entry, size);
124	if (entry) {	124	if (entry) {
125	list_add_tail_rcu(&entry->list, list);	125	list_add_tail_rcu(&entry->list, list);
126	error = 0;	126	error = 0;
127	}	127	}
128	}	128	}
129	mutex_unlock(&tomoyo_policy_lock);	129	mutex_unlock(&tomoyo_policy_lock);
130	out:	130	out:
131	tomoyo_put_condition(new_entry->cond);	131	tomoyo_put_condition(new_entry->cond);
132	return error;	132	return error;
133	}	133	}
134		134
135	/**	135	/**
136	* tomoyo_check_acl - Do permission check.	136	* tomoyo_check_acl - Do permission check.
137	*	137	*
138	* @r: Pointer to "struct tomoyo_request_info".	138	* @r: Pointer to "struct tomoyo_request_info".
139	* @check_entry: Callback function to check type specific parameters.	139	* @check_entry: Callback function to check type specific parameters.
140	*	140	*
141	* Returns 0 on success, negative value otherwise.	141	* Returns 0 on success, negative value otherwise.
142	*	142	*
143	* Caller holds tomoyo_read_lock().	143	* Caller holds tomoyo_read_lock().
144	*/	144	*/
145	void tomoyo_check_acl(struct tomoyo_request_info *r,	145	void tomoyo_check_acl(struct tomoyo_request_info *r,
146	bool (check_entry) (struct tomoyo_request_info ,	146	bool (check_entry) (struct tomoyo_request_info ,
147	const struct tomoyo_acl_info *))	147	const struct tomoyo_acl_info *))
148	{	148	{
149	const struct tomoyo_domain_info *domain = r->domain;	149	const struct tomoyo_domain_info *domain = r->domain;
150	struct tomoyo_acl_info *ptr;	150	struct tomoyo_acl_info *ptr;
151	bool retried = false;	151	bool retried = false;
152	const struct list_head *list = &domain->acl_info_list;	152	const struct list_head *list = &domain->acl_info_list;
153		153
154	retry:	154	retry:
155	list_for_each_entry_rcu(ptr, list, list) {	155	list_for_each_entry_rcu(ptr, list, list) {
156	if (ptr->is_deleted \|\| ptr->type != r->param_type)	156	if (ptr->is_deleted \|\| ptr->type != r->param_type)
157	continue;	157	continue;
158	if (!check_entry(r, ptr))	158	if (!check_entry(r, ptr))
159	continue;	159	continue;
160	if (!tomoyo_condition(r, ptr->cond))	160	if (!tomoyo_condition(r, ptr->cond))
161	continue;	161	continue;
162	r->granted = true;	162	r->granted = true;
163	return;	163	return;
164	}	164	}
165	if (!retried) {	165	if (!retried) {
166	retried = true;	166	retried = true;
167	list = &domain->ns->acl_group[domain->group];	167	list = &domain->ns->acl_group[domain->group];
168	goto retry;	168	goto retry;
169	}	169	}
170	r->granted = false;	170	r->granted = false;
171	}	171	}
172		172
173	/* The list for "struct tomoyo_domain_info". */	173	/* The list for "struct tomoyo_domain_info". */
174	LIST_HEAD(tomoyo_domain_list);	174	LIST_HEAD(tomoyo_domain_list);
175		175
176	/**	176	/**
177	* tomoyo_last_word - Get last component of a domainname.	177	* tomoyo_last_word - Get last component of a domainname.
178	*	178	*
179	* @name: Domainname to check.	179	* @name: Domainname to check.
180	*	180	*
181	* Returns the last word of @domainname.	181	* Returns the last word of @domainname.
182	*/	182	*/
183	static const char tomoyo_last_word(const char name)	183	static const char tomoyo_last_word(const char name)
184	{	184	{
185	const char *cp = strrchr(name, ' ');	185	const char *cp = strrchr(name, ' ');
186	if (cp)	186	if (cp)
187	return cp + 1;	187	return cp + 1;
188	return name;	188	return name;
189	}	189	}
190		190
191	/**	191	/**
192	* tomoyo_same_transition_control - Check for duplicated "struct tomoyo_transition_control" entry.	192	* tomoyo_same_transition_control - Check for duplicated "struct tomoyo_transition_control" entry.
193	*	193	*
194	* @a: Pointer to "struct tomoyo_acl_head".	194	* @a: Pointer to "struct tomoyo_acl_head".
195	* @b: Pointer to "struct tomoyo_acl_head".	195	* @b: Pointer to "struct tomoyo_acl_head".
196	*	196	*
197	* Returns true if @a == @b, false otherwise.	197	* Returns true if @a == @b, false otherwise.
198	*/	198	*/
199	static bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a,	199	static bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a,
200	const struct tomoyo_acl_head *b)	200	const struct tomoyo_acl_head *b)
201	{	201	{
202	const struct tomoyo_transition_control *p1 = container_of(a,	202	const struct tomoyo_transition_control *p1 = container_of(a,
203	typeof(*p1),	203	typeof(*p1),
204	head);	204	head);
205	const struct tomoyo_transition_control *p2 = container_of(b,	205	const struct tomoyo_transition_control *p2 = container_of(b,
206	typeof(*p2),	206	typeof(*p2),
207	head);	207	head);
208	return p1->type == p2->type && p1->is_last_name == p2->is_last_name	208	return p1->type == p2->type && p1->is_last_name == p2->is_last_name
209	&& p1->domainname == p2->domainname	209	&& p1->domainname == p2->domainname
210	&& p1->program == p2->program;	210	&& p1->program == p2->program;
211	}	211	}
212		212
213	/**	213	/**
214	* tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.	214	* tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
215	*	215	*
216	* @param: Pointer to "struct tomoyo_acl_param".	216	* @param: Pointer to "struct tomoyo_acl_param".
217	* @type: Type of this entry.	217	* @type: Type of this entry.
218	*	218	*
219	* Returns 0 on success, negative value otherwise.	219	* Returns 0 on success, negative value otherwise.
220	*/	220	*/
221	int tomoyo_write_transition_control(struct tomoyo_acl_param *param,	221	int tomoyo_write_transition_control(struct tomoyo_acl_param *param,
222	const u8 type)	222	const u8 type)
223	{	223	{
224	struct tomoyo_transition_control e = { .type = type };	224	struct tomoyo_transition_control e = { .type = type };
225	int error = param->is_delete ? -ENOENT : -ENOMEM;	225	int error = param->is_delete ? -ENOENT : -ENOMEM;
226	char *program = param->data;	226	char *program = param->data;
227	char *domainname = strstr(program, " from ");	227	char *domainname = strstr(program, " from ");
228	if (domainname) {	228	if (domainname) {
229	*domainname = '\0';	229	*domainname = '\0';
230	domainname += 6;	230	domainname += 6;
231	} else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP \|\|	231	} else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP \|\|
232	type == TOMOYO_TRANSITION_CONTROL_KEEP) {	232	type == TOMOYO_TRANSITION_CONTROL_KEEP) {
233	domainname = program;	233	domainname = program;
234	program = NULL;	234	program = NULL;
235	}	235	}
236	if (program && strcmp(program, "any")) {	236	if (program && strcmp(program, "any")) {
237	if (!tomoyo_correct_path(program))	237	if (!tomoyo_correct_path(program))
238	return -EINVAL;	238	return -EINVAL;
239	e.program = tomoyo_get_name(program);	239	e.program = tomoyo_get_name(program);
240	if (!e.program)	240	if (!e.program)
241	goto out;	241	goto out;
242	}	242	}
243	if (domainname && strcmp(domainname, "any")) {	243	if (domainname && strcmp(domainname, "any")) {
244	if (!tomoyo_correct_domain(domainname)) {	244	if (!tomoyo_correct_domain(domainname)) {
245	if (!tomoyo_correct_path(domainname))	245	if (!tomoyo_correct_path(domainname))
246	goto out;	246	goto out;
247	e.is_last_name = true;	247	e.is_last_name = true;
248	}	248	}
249	e.domainname = tomoyo_get_name(domainname);	249	e.domainname = tomoyo_get_name(domainname);
250	if (!e.domainname)	250	if (!e.domainname)
251	goto out;	251	goto out;
252	}	252	}
253	param->list = &param->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];	253	param->list = &param->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];
254	error = tomoyo_update_policy(&e.head, sizeof(e), param,	254	error = tomoyo_update_policy(&e.head, sizeof(e), param,
255	tomoyo_same_transition_control);	255	tomoyo_same_transition_control);
256	out:	256	out:
257	tomoyo_put_name(e.domainname);	257	tomoyo_put_name(e.domainname);
258	tomoyo_put_name(e.program);	258	tomoyo_put_name(e.program);
259	return error;	259	return error;
260	}	260	}
261		261
262	/**	262	/**
263	* tomoyo_scan_transition - Try to find specific domain transition type.	263	* tomoyo_scan_transition - Try to find specific domain transition type.
264	*	264	*
265	* @list: Pointer to "struct list_head".	265	* @list: Pointer to "struct list_head".
266	* @domainname: The name of current domain.	266	* @domainname: The name of current domain.
267	* @program: The name of requested program.	267	* @program: The name of requested program.
268	* @last_name: The last component of @domainname.	268	* @last_name: The last component of @domainname.
269	* @type: One of values in "enum tomoyo_transition_type".	269	* @type: One of values in "enum tomoyo_transition_type".
270	*	270	*
271	* Returns true if found one, false otherwise.	271	* Returns true if found one, false otherwise.
272	*	272	*
273	* Caller holds tomoyo_read_lock().	273	* Caller holds tomoyo_read_lock().
274	*/	274	*/
275	static inline bool tomoyo_scan_transition	275	static inline bool tomoyo_scan_transition
276	(const struct list_head list, const struct tomoyo_path_info domainname,	276	(const struct list_head list, const struct tomoyo_path_info domainname,
277	const struct tomoyo_path_info program, const char last_name,	277	const struct tomoyo_path_info program, const char last_name,
278	const enum tomoyo_transition_type type)	278	const enum tomoyo_transition_type type)
279	{	279	{
280	const struct tomoyo_transition_control *ptr;	280	const struct tomoyo_transition_control *ptr;
281	list_for_each_entry_rcu(ptr, list, head.list) {	281	list_for_each_entry_rcu(ptr, list, head.list) {
282	if (ptr->head.is_deleted \|\| ptr->type != type)	282	if (ptr->head.is_deleted \|\| ptr->type != type)
283	continue;	283	continue;
284	if (ptr->domainname) {	284	if (ptr->domainname) {
285	if (!ptr->is_last_name) {	285	if (!ptr->is_last_name) {
286	if (ptr->domainname != domainname)	286	if (ptr->domainname != domainname)
287	continue;	287	continue;
288	} else {	288	} else {
289	/*	289	/*
290	* Use direct strcmp() since this is	290	* Use direct strcmp() since this is
291	* unlikely used.	291	* unlikely used.
292	*/	292	*/
293	if (strcmp(ptr->domainname->name, last_name))	293	if (strcmp(ptr->domainname->name, last_name))
294	continue;	294	continue;
295	}	295	}
296	}	296	}
297	if (ptr->program && tomoyo_pathcmp(ptr->program, program))	297	if (ptr->program && tomoyo_pathcmp(ptr->program, program))
298	continue;	298	continue;
299	return true;	299	return true;
300	}	300	}
301	return false;	301	return false;
302	}	302	}
303		303
304	/**	304	/**
305	* tomoyo_transition_type - Get domain transition type.	305	* tomoyo_transition_type - Get domain transition type.
306	*	306	*
307	* @ns: Pointer to "struct tomoyo_policy_namespace".	307	* @ns: Pointer to "struct tomoyo_policy_namespace".
308	* @domainname: The name of current domain.	308	* @domainname: The name of current domain.
309	* @program: The name of requested program.	309	* @program: The name of requested program.
310	*	310	*
311	* Returns TOMOYO_TRANSITION_CONTROL_TRANSIT if executing @program causes	311	* Returns TOMOYO_TRANSITION_CONTROL_TRANSIT if executing @program causes
312	* domain transition across namespaces, TOMOYO_TRANSITION_CONTROL_INITIALIZE if	312	* domain transition across namespaces, TOMOYO_TRANSITION_CONTROL_INITIALIZE if
313	* executing @program reinitializes domain transition within that namespace,	313	* executing @program reinitializes domain transition within that namespace,
314	* TOMOYO_TRANSITION_CONTROL_KEEP if executing @program stays at @domainname ,	314	* TOMOYO_TRANSITION_CONTROL_KEEP if executing @program stays at @domainname ,
315	* others otherwise.	315	* others otherwise.
316	*	316	*
317	* Caller holds tomoyo_read_lock().	317	* Caller holds tomoyo_read_lock().
318	*/	318	*/
319	static enum tomoyo_transition_type tomoyo_transition_type	319	static enum tomoyo_transition_type tomoyo_transition_type
320	(const struct tomoyo_policy_namespace *ns,	320	(const struct tomoyo_policy_namespace *ns,
321	const struct tomoyo_path_info *domainname,	321	const struct tomoyo_path_info *domainname,
322	const struct tomoyo_path_info *program)	322	const struct tomoyo_path_info *program)
323	{	323	{
324	const char *last_name = tomoyo_last_word(domainname->name);	324	const char *last_name = tomoyo_last_word(domainname->name);
325	enum tomoyo_transition_type type = TOMOYO_TRANSITION_CONTROL_NO_RESET;	325	enum tomoyo_transition_type type = TOMOYO_TRANSITION_CONTROL_NO_RESET;
326	while (type < TOMOYO_MAX_TRANSITION_TYPE) {	326	while (type < TOMOYO_MAX_TRANSITION_TYPE) {
327	const struct list_head * const list =	327	const struct list_head * const list =
328	&ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];	328	&ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];
329	if (!tomoyo_scan_transition(list, domainname, program,	329	if (!tomoyo_scan_transition(list, domainname, program,
330	last_name, type)) {	330	last_name, type)) {
331	type++;	331	type++;
332	continue;	332	continue;
333	}	333	}
334	if (type != TOMOYO_TRANSITION_CONTROL_NO_RESET &&	334	if (type != TOMOYO_TRANSITION_CONTROL_NO_RESET &&
335	type != TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE)	335	type != TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE)
336	break;	336	break;
337	/*	337	/*
338	* Do not check for reset_domain if no_reset_domain matched.	338	* Do not check for reset_domain if no_reset_domain matched.
339	* Do not check for initialize_domain if no_initialize_domain	339	* Do not check for initialize_domain if no_initialize_domain
340	* matched.	340	* matched.
341	*/	341	*/
342	type++;	342	type++;
343	type++;	343	type++;
344	}	344	}
345	return type;	345	return type;
346	}	346	}
347		347
348	/**	348	/**
349	* tomoyo_same_aggregator - Check for duplicated "struct tomoyo_aggregator" entry.	349	* tomoyo_same_aggregator - Check for duplicated "struct tomoyo_aggregator" entry.
350	*	350	*
351	* @a: Pointer to "struct tomoyo_acl_head".	351	* @a: Pointer to "struct tomoyo_acl_head".
352	* @b: Pointer to "struct tomoyo_acl_head".	352	* @b: Pointer to "struct tomoyo_acl_head".
353	*	353	*
354	* Returns true if @a == @b, false otherwise.	354	* Returns true if @a == @b, false otherwise.
355	*/	355	*/
356	static bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a,	356	static bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a,
357	const struct tomoyo_acl_head *b)	357	const struct tomoyo_acl_head *b)
358	{	358	{
359	const struct tomoyo_aggregator p1 = container_of(a, typeof(p1),	359	const struct tomoyo_aggregator p1 = container_of(a, typeof(p1),
360	head);	360	head);
361	const struct tomoyo_aggregator p2 = container_of(b, typeof(p2),	361	const struct tomoyo_aggregator p2 = container_of(b, typeof(p2),
362	head);	362	head);
363	return p1->original_name == p2->original_name &&	363	return p1->original_name == p2->original_name &&
364	p1->aggregated_name == p2->aggregated_name;	364	p1->aggregated_name == p2->aggregated_name;
365	}	365	}
366		366
367	/**	367	/**
368	* tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.	368	* tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
369	*	369	*
370	* @param: Pointer to "struct tomoyo_acl_param".	370	* @param: Pointer to "struct tomoyo_acl_param".
371	*	371	*
372	* Returns 0 on success, negative value otherwise.	372	* Returns 0 on success, negative value otherwise.
373	*	373	*
374	* Caller holds tomoyo_read_lock().	374	* Caller holds tomoyo_read_lock().
375	*/	375	*/
376	int tomoyo_write_aggregator(struct tomoyo_acl_param *param)	376	int tomoyo_write_aggregator(struct tomoyo_acl_param *param)
377	{	377	{
378	struct tomoyo_aggregator e = { };	378	struct tomoyo_aggregator e = { };
379	int error = param->is_delete ? -ENOENT : -ENOMEM;	379	int error = param->is_delete ? -ENOENT : -ENOMEM;
380	const char *original_name = tomoyo_read_token(param);	380	const char *original_name = tomoyo_read_token(param);
381	const char *aggregated_name = tomoyo_read_token(param);	381	const char *aggregated_name = tomoyo_read_token(param);
382	if (!tomoyo_correct_word(original_name) \|\|	382	if (!tomoyo_correct_word(original_name) \|\|
383	!tomoyo_correct_path(aggregated_name))	383	!tomoyo_correct_path(aggregated_name))
384	return -EINVAL;	384	return -EINVAL;
385	e.original_name = tomoyo_get_name(original_name);	385	e.original_name = tomoyo_get_name(original_name);
386	e.aggregated_name = tomoyo_get_name(aggregated_name);	386	e.aggregated_name = tomoyo_get_name(aggregated_name);
387	if (!e.original_name \|\| !e.aggregated_name \|\|	387	if (!e.original_name \|\| !e.aggregated_name \|\|
388	e.aggregated_name->is_patterned) /* No patterns allowed. */	388	e.aggregated_name->is_patterned) /* No patterns allowed. */
389	goto out;	389	goto out;
390	param->list = &param->ns->policy_list[TOMOYO_ID_AGGREGATOR];	390	param->list = &param->ns->policy_list[TOMOYO_ID_AGGREGATOR];
391	error = tomoyo_update_policy(&e.head, sizeof(e), param,	391	error = tomoyo_update_policy(&e.head, sizeof(e), param,
392	tomoyo_same_aggregator);	392	tomoyo_same_aggregator);
393	out:	393	out:
394	tomoyo_put_name(e.original_name);	394	tomoyo_put_name(e.original_name);
395	tomoyo_put_name(e.aggregated_name);	395	tomoyo_put_name(e.aggregated_name);
396	return error;	396	return error;
397	}	397	}
398		398
399	/**	399	/**
400	* tomoyo_find_namespace - Find specified namespace.	400	* tomoyo_find_namespace - Find specified namespace.
401	*	401	*
402	* @name: Name of namespace to find.	402	* @name: Name of namespace to find.
403	* @len: Length of @name.	403	* @len: Length of @name.
404	*	404	*
405	* Returns pointer to "struct tomoyo_policy_namespace" if found,	405	* Returns pointer to "struct tomoyo_policy_namespace" if found,
406	* NULL otherwise.	406	* NULL otherwise.
407	*	407	*
408	* Caller holds tomoyo_read_lock().	408	* Caller holds tomoyo_read_lock().
409	*/	409	*/
410	static struct tomoyo_policy_namespace *tomoyo_find_namespace	410	static struct tomoyo_policy_namespace *tomoyo_find_namespace
411	(const char *name, const unsigned int len)	411	(const char *name, const unsigned int len)
412	{	412	{
413	struct tomoyo_policy_namespace *ns;	413	struct tomoyo_policy_namespace *ns;
414	list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {	414	list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
415	if (strncmp(name, ns->name, len) \|\|	415	if (strncmp(name, ns->name, len) \|\|
416	(name[len] && name[len] != ' '))	416	(name[len] && name[len] != ' '))
417	continue;	417	continue;
418	return ns;	418	return ns;
419	}	419	}
420	return NULL;	420	return NULL;
421	}	421	}
422		422
423	/**	423	/**
424	* tomoyo_assign_namespace - Create a new namespace.	424	* tomoyo_assign_namespace - Create a new namespace.
425	*	425	*
426	* @domainname: Name of namespace to create.	426	* @domainname: Name of namespace to create.
427	*	427	*
428	* Returns pointer to "struct tomoyo_policy_namespace" on success,	428	* Returns pointer to "struct tomoyo_policy_namespace" on success,
429	* NULL otherwise.	429	* NULL otherwise.
430	*	430	*
431	* Caller holds tomoyo_read_lock().	431	* Caller holds tomoyo_read_lock().
432	*/	432	*/
433	struct tomoyo_policy_namespace tomoyo_assign_namespace(const char domainname)	433	struct tomoyo_policy_namespace tomoyo_assign_namespace(const char domainname)
434	{	434	{
435	struct tomoyo_policy_namespace *ptr;	435	struct tomoyo_policy_namespace *ptr;
436	struct tomoyo_policy_namespace *entry;	436	struct tomoyo_policy_namespace *entry;
437	const char *cp = domainname;	437	const char *cp = domainname;
438	unsigned int len = 0;	438	unsigned int len = 0;
439	while (cp && cp++ != ' ')	439	while (cp && cp++ != ' ')
440	len++;	440	len++;
441	ptr = tomoyo_find_namespace(domainname, len);	441	ptr = tomoyo_find_namespace(domainname, len);
442	if (ptr)	442	if (ptr)
443	return ptr;	443	return ptr;
444	if (len >= TOMOYO_EXEC_TMPSIZE - 10 \|\| !tomoyo_domain_def(domainname))	444	if (len >= TOMOYO_EXEC_TMPSIZE - 10 \|\| !tomoyo_domain_def(domainname))
445	return NULL;	445	return NULL;
446	entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS);	446	entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS);
447	if (!entry)	447	if (!entry)
448	return NULL;	448	return NULL;
449	if (mutex_lock_interruptible(&tomoyo_policy_lock))	449	if (mutex_lock_interruptible(&tomoyo_policy_lock))
450	goto out;	450	goto out;
451	ptr = tomoyo_find_namespace(domainname, len);	451	ptr = tomoyo_find_namespace(domainname, len);
452	if (!ptr && tomoyo_memory_ok(entry)) {	452	if (!ptr && tomoyo_memory_ok(entry)) {
453	char name = (char ) (entry + 1);	453	char name = (char ) (entry + 1);
454	ptr = entry;	454	ptr = entry;
455	memmove(name, domainname, len);	455	memmove(name, domainname, len);
456	name[len] = '\0';	456	name[len] = '\0';
457	entry->name = name;	457	entry->name = name;
458	tomoyo_init_policy_namespace(entry);	458	tomoyo_init_policy_namespace(entry);
459	entry = NULL;	459	entry = NULL;
460	}	460	}
461	mutex_unlock(&tomoyo_policy_lock);	461	mutex_unlock(&tomoyo_policy_lock);
462	out:	462	out:
463	kfree(entry);	463	kfree(entry);
464	return ptr;	464	return ptr;
465	}	465	}
466		466
467	/**	467	/**
468	* tomoyo_namespace_jump - Check for namespace jump.	468	* tomoyo_namespace_jump - Check for namespace jump.
469	*	469	*
470	* @domainname: Name of domain.	470	* @domainname: Name of domain.
471	*	471	*
472	* Returns true if namespace differs, false otherwise.	472	* Returns true if namespace differs, false otherwise.
473	*/	473	*/
474	static bool tomoyo_namespace_jump(const char *domainname)	474	static bool tomoyo_namespace_jump(const char *domainname)
475	{	475	{
476	const char *namespace = tomoyo_current_namespace()->name;	476	const char *namespace = tomoyo_current_namespace()->name;
477	const int len = strlen(namespace);	477	const int len = strlen(namespace);
478	return strncmp(domainname, namespace, len) \|\|	478	return strncmp(domainname, namespace, len) \|\|
479	(domainname[len] && domainname[len] != ' ');	479	(domainname[len] && domainname[len] != ' ');
480	}	480	}
481		481
482	/**	482	/**
483	* tomoyo_assign_domain - Create a domain or a namespace.	483	* tomoyo_assign_domain - Create a domain or a namespace.
484	*	484	*
485	* @domainname: The name of domain.	485	* @domainname: The name of domain.
486	* @transit: True if transit to domain found or created.	486	* @transit: True if transit to domain found or created.
487	*	487	*
488	* Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.	488	* Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
489	*	489	*
490	* Caller holds tomoyo_read_lock().	490	* Caller holds tomoyo_read_lock().
491	*/	491	*/
492	struct tomoyo_domain_info tomoyo_assign_domain(const char domainname,	492	struct tomoyo_domain_info tomoyo_assign_domain(const char domainname,
493	const bool transit)	493	const bool transit)
494	{	494	{
495	struct tomoyo_domain_info e = { };	495	struct tomoyo_domain_info e = { };
496	struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname);	496	struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname);
497	bool created = false;	497	bool created = false;
498	if (entry) {	498	if (entry) {
499	if (transit) {	499	if (transit) {
500	/*	500	/*
501	* Since namespace is created at runtime, profiles may	501	* Since namespace is created at runtime, profiles may
502	* not be created by the moment the process transits to	502	* not be created by the moment the process transits to
503	* that domain. Do not perform domain transition if	503	* that domain. Do not perform domain transition if
504	* profile for that domain is not yet created.	504	* profile for that domain is not yet created.
505	*/	505	*/
506	if (!entry->ns->profile_ptr[entry->profile])	506	if (!entry->ns->profile_ptr[entry->profile])
507	return NULL;	507	return NULL;
508	}	508	}
509	return entry;	509	return entry;
510	}	510	}
511	/* Requested domain does not exist. */	511	/* Requested domain does not exist. */
512	/* Don't create requested domain if domainname is invalid. */	512	/* Don't create requested domain if domainname is invalid. */
513	if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 \|\|	513	if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 \|\|
514	!tomoyo_correct_domain(domainname))	514	!tomoyo_correct_domain(domainname))
515	return NULL;	515	return NULL;
516	/*	516	/*
517	* Since definition of profiles and acl_groups may differ across	517	* Since definition of profiles and acl_groups may differ across
518	* namespaces, do not inherit "use_profile" and "use_group" settings	518	* namespaces, do not inherit "use_profile" and "use_group" settings
519	* by automatically creating requested domain upon domain transition.	519	* by automatically creating requested domain upon domain transition.
520	*/	520	*/
521	if (transit && tomoyo_namespace_jump(domainname))	521	if (transit && tomoyo_namespace_jump(domainname))
522	return NULL;	522	return NULL;
523	e.ns = tomoyo_assign_namespace(domainname);	523	e.ns = tomoyo_assign_namespace(domainname);
524	if (!e.ns)	524	if (!e.ns)
525	return NULL;	525	return NULL;
526	/*	526	/*
527	* "use_profile" and "use_group" settings for automatically created	527	* "use_profile" and "use_group" settings for automatically created
528	* domains are inherited from current domain. These are 0 for manually	528	* domains are inherited from current domain. These are 0 for manually
529	* created domains.	529	* created domains.
530	*/	530	*/
531	if (transit) {	531	if (transit) {
532	const struct tomoyo_domain_info *domain = tomoyo_domain();	532	const struct tomoyo_domain_info *domain = tomoyo_domain();
533	e.profile = domain->profile;	533	e.profile = domain->profile;
534	e.group = domain->group;	534	e.group = domain->group;
535	}	535	}
536	e.domainname = tomoyo_get_name(domainname);	536	e.domainname = tomoyo_get_name(domainname);
537	if (!e.domainname)	537	if (!e.domainname)
538	return NULL;	538	return NULL;
539	if (mutex_lock_interruptible(&tomoyo_policy_lock))	539	if (mutex_lock_interruptible(&tomoyo_policy_lock))
540	goto out;	540	goto out;
541	entry = tomoyo_find_domain(domainname);	541	entry = tomoyo_find_domain(domainname);
542	if (!entry) {	542	if (!entry) {
543	entry = tomoyo_commit_ok(&e, sizeof(e));	543	entry = tomoyo_commit_ok(&e, sizeof(e));
544	if (entry) {	544	if (entry) {
545	INIT_LIST_HEAD(&entry->acl_info_list);	545	INIT_LIST_HEAD(&entry->acl_info_list);
546	list_add_tail_rcu(&entry->list, &tomoyo_domain_list);	546	list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
547	created = true;	547	created = true;
548	}	548	}
549	}	549	}
550	mutex_unlock(&tomoyo_policy_lock);	550	mutex_unlock(&tomoyo_policy_lock);
551	out:	551	out:
552	tomoyo_put_name(e.domainname);	552	tomoyo_put_name(e.domainname);
553	if (entry && transit) {	553	if (entry && transit) {
554	if (created) {	554	if (created) {
555	struct tomoyo_request_info r;	555	struct tomoyo_request_info r;
556	tomoyo_init_request_info(&r, entry,	556	tomoyo_init_request_info(&r, entry,
557	TOMOYO_MAC_FILE_EXECUTE);	557	TOMOYO_MAC_FILE_EXECUTE);
558	r.granted = false;	558	r.granted = false;
559	tomoyo_write_log(&r, "use_profile %u\n",	559	tomoyo_write_log(&r, "use_profile %u\n",
560	entry->profile);	560	entry->profile);
561	tomoyo_write_log(&r, "use_group %u\n", entry->group);	561	tomoyo_write_log(&r, "use_group %u\n", entry->group);
562	}	562	}
563	}	563	}
564	return entry;	564	return entry;
565	}	565	}
566		566
567	/**	567	/**
568	* tomoyo_find_next_domain - Find a domain.	568	* tomoyo_find_next_domain - Find a domain.
569	*	569	*
570	* @bprm: Pointer to "struct linux_binprm".	570	* @bprm: Pointer to "struct linux_binprm".
571	*	571	*
572	* Returns 0 on success, negative value otherwise.	572	* Returns 0 on success, negative value otherwise.
573	*	573	*
574	* Caller holds tomoyo_read_lock().	574	* Caller holds tomoyo_read_lock().
575	*/	575	*/
576	int tomoyo_find_next_domain(struct linux_binprm *bprm)	576	int tomoyo_find_next_domain(struct linux_binprm *bprm)
577	{	577	{
578	struct tomoyo_request_info r;
579	char *tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
580	struct tomoyo_domain_info *old_domain = tomoyo_domain();	578	struct tomoyo_domain_info *old_domain = tomoyo_domain();
581	struct tomoyo_domain_info *domain = NULL;	579	struct tomoyo_domain_info *domain = NULL;
582	const char *original_name = bprm->filename;	580	const char *original_name = bprm->filename;
583	u8 mode;
584	bool is_enforce;
585	int retval = -ENOMEM;	581	int retval = -ENOMEM;
586	bool need_kfree = false;	582	bool need_kfree = false;
587	bool reject_on_transition_failure = false;	583	bool reject_on_transition_failure = false;
588	struct tomoyo_path_info rn = { }; /* real name */	584	struct tomoyo_path_info rn = { }; /* real name */
589		585	struct tomoyo_execve ee = kzalloc(sizeof(ee), GFP_NOFS);
590	mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);	586	if (!ee)
591	is_enforce = (mode == TOMOYO_CONFIG_ENFORCING);	587	return -ENOMEM;
592	if (!tmp)	588	ee->tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
593	goto out;	589	if (!ee->tmp) {
594		590	kfree(ee);
		591	return -ENOMEM;
		592	}
		593	/* ee->dump->data is allocated by tomoyo_dump_page(). */
		594	tomoyo_init_request_info(&ee->r, NULL, TOMOYO_MAC_FILE_EXECUTE);
		595	ee->r.ee = ee;
		596	ee->bprm = bprm;
		597	ee->r.obj = &ee->obj;
		598	ee->obj.path1 = bprm->file->f_path;
595	retry:	599	retry:
596	if (need_kfree) {	600	if (need_kfree) {
597	kfree(rn.name);	601	kfree(rn.name);
598	need_kfree = false;	602	need_kfree = false;
599	}	603	}
600	/* Get symlink's pathname of program. */	604	/* Get symlink's pathname of program. */
601	retval = -ENOENT;	605	retval = -ENOENT;
602	rn.name = tomoyo_realpath_nofollow(original_name);	606	rn.name = tomoyo_realpath_nofollow(original_name);
603	if (!rn.name)	607	if (!rn.name)
604	goto out;	608	goto out;
605	tomoyo_fill_path_info(&rn);	609	tomoyo_fill_path_info(&rn);
606	need_kfree = true;	610	need_kfree = true;
607		611
608	/* Check 'aggregator' directive. */	612	/* Check 'aggregator' directive. */
609	{	613	{
610	struct tomoyo_aggregator *ptr;	614	struct tomoyo_aggregator *ptr;
611	struct list_head *list =	615	struct list_head *list =
612	&old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR];	616	&old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR];
613	/* Check 'aggregator' directive. */	617	/* Check 'aggregator' directive. */
614	list_for_each_entry_rcu(ptr, list, head.list) {	618	list_for_each_entry_rcu(ptr, list, head.list) {
615	if (ptr->head.is_deleted \|\|	619	if (ptr->head.is_deleted \|\|
616	!tomoyo_path_matches_pattern(&rn,	620	!tomoyo_path_matches_pattern(&rn,
617	ptr->original_name))	621	ptr->original_name))
618	continue;	622	continue;
619	kfree(rn.name);	623	kfree(rn.name);
620	need_kfree = false;	624	need_kfree = false;
621	/* This is OK because it is read only. */	625	/* This is OK because it is read only. */
622	rn = *ptr->aggregated_name;	626	rn = *ptr->aggregated_name;
623	break;	627	break;
624	}	628	}
625	}	629	}
626		630
627	/* Check execute permission. */	631	/* Check execute permission. */
628	retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn);	632	retval = tomoyo_path_permission(&ee->r, TOMOYO_TYPE_EXECUTE, &rn);
629	if (retval == TOMOYO_RETRY_REQUEST)	633	if (retval == TOMOYO_RETRY_REQUEST)
630	goto retry;	634	goto retry;
631	if (retval < 0)	635	if (retval < 0)
632	goto out;	636	goto out;
633	/*	637	/*
634	* To be able to specify domainnames with wildcards, use the	638	* To be able to specify domainnames with wildcards, use the
635	* pathname specified in the policy (which may contain	639	* pathname specified in the policy (which may contain
636	* wildcard) rather than the pathname passed to execve()	640	* wildcard) rather than the pathname passed to execve()
637	* (which never contains wildcard).	641	* (which never contains wildcard).
638	*/	642	*/
639	if (r.param.path.matched_path) {	643	if (ee->r.param.path.matched_path) {
640	if (need_kfree)	644	if (need_kfree)
641	kfree(rn.name);	645	kfree(rn.name);
642	need_kfree = false;	646	need_kfree = false;
643	/* This is OK because it is read only. */	647	/* This is OK because it is read only. */
644	rn = *r.param.path.matched_path;	648	rn = *ee->r.param.path.matched_path;
645	}	649	}
646		650
647	/* Calculate domain to transit to. */	651	/* Calculate domain to transit to. */
648	switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname,	652	switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname,
649	&rn)) {	653	&rn)) {
650	case TOMOYO_TRANSITION_CONTROL_RESET:	654	case TOMOYO_TRANSITION_CONTROL_RESET:
651	/* Transit to the root of specified namespace. */	655	/* Transit to the root of specified namespace. */
652	snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name);	656	snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name);
653	/*	657	/*
654	* Make do_execve() fail if domain transition across namespaces	658	* Make do_execve() fail if domain transition across namespaces
655	* has failed.	659	* has failed.
656	*/	660	*/
657	reject_on_transition_failure = true;	661	reject_on_transition_failure = true;
658	break;	662	break;
659	case TOMOYO_TRANSITION_CONTROL_INITIALIZE:	663	case TOMOYO_TRANSITION_CONTROL_INITIALIZE:
660	/* Transit to the child of current namespace's root. */	664	/* Transit to the child of current namespace's root. */
661	snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",	665	snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
662	old_domain->ns->name, rn.name);	666	old_domain->ns->name, rn.name);
663	break;	667	break;
664	case TOMOYO_TRANSITION_CONTROL_KEEP:	668	case TOMOYO_TRANSITION_CONTROL_KEEP:
665	/* Keep current domain. */	669	/* Keep current domain. */
666	domain = old_domain;	670	domain = old_domain;
667	break;	671	break;
668	default:	672	default:
669	if (old_domain == &tomoyo_kernel_domain &&	673	if (old_domain == &tomoyo_kernel_domain &&
670	!tomoyo_policy_loaded) {	674	!tomoyo_policy_loaded) {
671	/*	675	/*
672	* Needn't to transit from kernel domain before	676	* Needn't to transit from kernel domain before
673	* starting /sbin/init. But transit from kernel domain	677	* starting /sbin/init. But transit from kernel domain
674	* if executing initializers because they might start	678	* if executing initializers because they might start
675	* before /sbin/init.	679	* before /sbin/init.
676	*/	680	*/
677	domain = old_domain;	681	domain = old_domain;
678	} else {	682	} else {
679	/* Normal domain transition. */	683	/* Normal domain transition. */
680	snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",	684	snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
681	old_domain->domainname->name, rn.name);	685	old_domain->domainname->name, rn.name);
682	}	686	}
683	break;	687	break;
684	}	688	}
685	if (!domain)	689	if (!domain)
686	domain = tomoyo_assign_domain(tmp, true);	690	domain = tomoyo_assign_domain(ee->tmp, true);
687	if (domain)	691	if (domain)
688	retval = 0;	692	retval = 0;
689	else if (reject_on_transition_failure) {	693	else if (reject_on_transition_failure) {
690	printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n", tmp);	694	printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n",
		695	ee->tmp);
691	retval = -ENOMEM;	696	retval = -ENOMEM;
692	} else if (r.mode == TOMOYO_CONFIG_ENFORCING)	697	} else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING)
693	retval = -ENOMEM;	698	retval = -ENOMEM;
694	else {	699	else {
695	retval = 0;	700	retval = 0;
696	if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) {	701	if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) {
697	old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true;	702	old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true;
698	r.granted = false;	703	ee->r.granted = false;
699	tomoyo_write_log(&r, "%s", tomoyo_dif	704	tomoyo_write_log(&ee->r, "%s", tomoyo_dif
700	[TOMOYO_DIF_TRANSITION_FAILED]);	705	[TOMOYO_DIF_TRANSITION_FAILED]);
701	printk(KERN_WARNING	706	printk(KERN_WARNING
702	"ERROR: Domain '%s' not defined.\n", tmp);	707	"ERROR: Domain '%s' not defined.\n", ee->tmp);
703	}	708	}
704	}	709	}
705	out:	710	out:
706	if (!domain)	711	if (!domain)
707	domain = old_domain;	712	domain = old_domain;
708	/* Update reference count on "struct tomoyo_domain_info". */	713	/* Update reference count on "struct tomoyo_domain_info". */
709	atomic_inc(&domain->users);	714	atomic_inc(&domain->users);
710	bprm->cred->security = domain;	715	bprm->cred->security = domain;
711	if (need_kfree)	716	if (need_kfree)
712	kfree(rn.name);	717	kfree(rn.name);
713	kfree(tmp);	718	kfree(ee->tmp);
		719	kfree(ee->dump.data);
		720	kfree(ee);
714	return retval;	721	return retval;
715	}	722	}
716		723
717	/**	724	/**
718	* tomoyo_dump_page - Dump a page to buffer.	725	* tomoyo_dump_page - Dump a page to buffer.
719	*	726	*
720	* @bprm: Pointer to "struct linux_binprm".	727	* @bprm: Pointer to "struct linux_binprm".
721	* @pos: Location to dump.	728	* @pos: Location to dump.
722	* @dump: Poiner to "struct tomoyo_page_dump".	729	* @dump: Poiner to "struct tomoyo_page_dump".
723	*	730	*
724	* Returns true on success, false otherwise.	731	* Returns true on success, false otherwise.
725	*/	732	*/
726	bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos,	733	bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos,
727	struct tomoyo_page_dump *dump)	734	struct tomoyo_page_dump *dump)
728	{	735	{
729	struct page *page;	736	struct page *page;
730	/* dump->data is released by tomoyo_finish_execve(). */	737	/* dump->data is released by tomoyo_finish_execve(). */
731	if (!dump->data) {	738	if (!dump->data) {
732	dump->data = kzalloc(PAGE_SIZE, GFP_NOFS);	739	dump->data = kzalloc(PAGE_SIZE, GFP_NOFS);
733	if (!dump->data)	740	if (!dump->data)
734	return false;	741	return false;
735	}	742	}
736	/* Same with get_arg_page(bprm, pos, 0) in fs/exec.c */	743	/* Same with get_arg_page(bprm, pos, 0) in fs/exec.c */
737	#ifdef CONFIG_MMU	744	#ifdef CONFIG_MMU
738	if (get_user_pages(current, bprm->mm, pos, 1, 0, 1, &page, NULL) <= 0)	745	if (get_user_pages(current, bprm->mm, pos, 1, 0, 1, &page, NULL) <= 0)
739	return false;	746	return false;
740	#else	747	#else
741	page = bprm->page[pos / PAGE_SIZE];	748	page = bprm->page[pos / PAGE_SIZE];
742	#endif	749	#endif
743	if (page != dump->page) {	750	if (page != dump->page) {
744	const unsigned int offset = pos % PAGE_SIZE;	751	const unsigned int offset = pos % PAGE_SIZE;
745	/*	752	/*
746	* Maybe kmap()/kunmap() should be used here.	753	* Maybe kmap()/kunmap() should be used here.
747	* But remove_arg_zero() uses kmap_atomic()/kunmap_atomic().	754	* But remove_arg_zero() uses kmap_atomic()/kunmap_atomic().
748	* So do I.	755	* So do I.
749	*/	756	*/
750	char *kaddr = kmap_atomic(page, KM_USER0);	757	char *kaddr = kmap_atomic(page, KM_USER0);
751	dump->page = page;	758	dump->page = page;
752	memcpy(dump->data + offset, kaddr + offset,	759	memcpy(dump->data + offset, kaddr + offset,
753	PAGE_SIZE - offset);	760	PAGE_SIZE - offset);
754	kunmap_atomic(kaddr, KM_USER0);	761	kunmap_atomic(kaddr, KM_USER0);
755	}	762	}
756	/* Same with put_arg_page(page) in fs/exec.c */	763	/* Same with put_arg_page(page) in fs/exec.c */
757	#ifdef CONFIG_MMU	764	#ifdef CONFIG_MMU
758	put_page(page);	765	put_page(page);

security/tomoyo/file.c

Diff comments View file @ 97fb35e

 /*
  * security/tomoyo/file.c
  *
  * Pathname restriction functions.
  *
  * Copyright (C) 2005-2010  NTT DATA CORPORATION
  */
 #include "common.h"
 #include <linux/slab.h>
 /*
  * Mapping table from "enum tomoyo_path_acl_index" to "enum tomoyo_mac_index".
  */
 static const u8 tomoyo_p2mac[TOMOYO_MAX_PATH_OPERATION] = {
 	[TOMOYO_TYPE_EXECUTE]    = TOMOYO_MAC_FILE_EXECUTE,
 	[TOMOYO_TYPE_READ]       = TOMOYO_MAC_FILE_OPEN,
 	[TOMOYO_TYPE_WRITE]      = TOMOYO_MAC_FILE_OPEN,
 	[TOMOYO_TYPE_APPEND]     = TOMOYO_MAC_FILE_OPEN,
 	[TOMOYO_TYPE_UNLINK]     = TOMOYO_MAC_FILE_UNLINK,
 	[TOMOYO_TYPE_GETATTR]    = TOMOYO_MAC_FILE_GETATTR,
 	[TOMOYO_TYPE_RMDIR]      = TOMOYO_MAC_FILE_RMDIR,
 	[TOMOYO_TYPE_TRUNCATE]   = TOMOYO_MAC_FILE_TRUNCATE,
 	[TOMOYO_TYPE_SYMLINK]    = TOMOYO_MAC_FILE_SYMLINK,
 	[TOMOYO_TYPE_CHROOT]     = TOMOYO_MAC_FILE_CHROOT,
 	[TOMOYO_TYPE_UMOUNT]     = TOMOYO_MAC_FILE_UMOUNT,
 };
 /*
  * Mapping table from "enum tomoyo_mkdev_acl_index" to "enum tomoyo_mac_index".
  */
 const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = {
 	[TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK,
 	[TOMOYO_TYPE_MKCHAR]  = TOMOYO_MAC_FILE_MKCHAR,
 };
 /*
  * Mapping table from "enum tomoyo_path2_acl_index" to "enum tomoyo_mac_index".
  */
 const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION] = {
 	[TOMOYO_TYPE_LINK]       = TOMOYO_MAC_FILE_LINK,
 	[TOMOYO_TYPE_RENAME]     = TOMOYO_MAC_FILE_RENAME,
 	[TOMOYO_TYPE_PIVOT_ROOT] = TOMOYO_MAC_FILE_PIVOT_ROOT,
 };
 /*
  * Mapping table from "enum tomoyo_path_number_acl_index" to
  * "enum tomoyo_mac_index".
  */
 const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION] = {
 	[TOMOYO_TYPE_CREATE] = TOMOYO_MAC_FILE_CREATE,
 	[TOMOYO_TYPE_MKDIR]  = TOMOYO_MAC_FILE_MKDIR,
 	[TOMOYO_TYPE_MKFIFO] = TOMOYO_MAC_FILE_MKFIFO,
 	[TOMOYO_TYPE_MKSOCK] = TOMOYO_MAC_FILE_MKSOCK,
 	[TOMOYO_TYPE_IOCTL]  = TOMOYO_MAC_FILE_IOCTL,
 	[TOMOYO_TYPE_CHMOD]  = TOMOYO_MAC_FILE_CHMOD,
 	[TOMOYO_TYPE_CHOWN]  = TOMOYO_MAC_FILE_CHOWN,
 	[TOMOYO_TYPE_CHGRP]  = TOMOYO_MAC_FILE_CHGRP,
 };
 /**
  * tomoyo_put_name_union - Drop reference on "struct tomoyo_name_union".
  *
  * @ptr: Pointer to "struct tomoyo_name_union".
  *
  * Returns nothing.
  */
 void tomoyo_put_name_union(struct tomoyo_name_union *ptr)
 {
 	tomoyo_put_group(ptr->group);
 	tomoyo_put_name(ptr->filename);
 }
 /**
  * tomoyo_compare_name_union - Check whether a name matches "struct tomoyo_name_union" or not.
  *
  * @name: Pointer to "struct tomoyo_path_info".
  * @ptr:  Pointer to "struct tomoyo_name_union".
  *
  * Returns "struct tomoyo_path_info" if @name matches @ptr, NULL otherwise.
  */
 const struct tomoyo_path_info *
 tomoyo_compare_name_union(const struct tomoyo_path_info *name,
 			  const struct tomoyo_name_union *ptr)
 {
 	if (ptr->group)
 		return tomoyo_path_matches_group(name, ptr->group);
 	if (tomoyo_path_matches_pattern(name, ptr->filename))
 		return ptr->filename;
 	return NULL;
 }
 /**
  * tomoyo_put_number_union - Drop reference on "struct tomoyo_number_union".
  *
  * @ptr: Pointer to "struct tomoyo_number_union".
  *
  * Returns nothing.
  */
 void tomoyo_put_number_union(struct tomoyo_number_union *ptr)
 {
 	tomoyo_put_group(ptr->group);
 }
 /**
  * tomoyo_compare_number_union - Check whether a value matches "struct tomoyo_number_union" or not.
  *
  * @value: Number to check.
  * @ptr:   Pointer to "struct tomoyo_number_union".
  *
  * Returns true if @value matches @ptr, false otherwise.
  */
 bool tomoyo_compare_number_union(const unsigned long value,
 				 const struct tomoyo_number_union *ptr)
 {
 	if (ptr->group)
 		return tomoyo_number_matches_group(value, value, ptr->group);
 	return value >= ptr->values[0] && value <= ptr->values[1];
 }
 /**
  * tomoyo_add_slash - Add trailing '/' if needed.
  *
  * @buf: Pointer to "struct tomoyo_path_info".
  *
  * Returns nothing.
  *
  * @buf must be generated by tomoyo_encode() because this function does not
  * allocate memory for adding '/'.
  */
 static void tomoyo_add_slash(struct tomoyo_path_info *buf)
 {
 	if (buf->is_dir)
 		return;
 	/*
 	 * This is OK because tomoyo_encode() reserves space for appending "/".
 	 */
 	strcat((char *) buf->name, "/");
 	tomoyo_fill_path_info(buf);
 }
 /**
  * tomoyo_get_realpath - Get realpath.
  *
  * @buf:  Pointer to "struct tomoyo_path_info".
  * @path: Pointer to "struct path".
  *
  * Returns true on success, false otherwise.
  */
 static bool tomoyo_get_realpath(struct tomoyo_path_info *buf, struct path *path)
 {
 	buf->name = tomoyo_realpath_from_path(path);
 	if (buf->name) {
 		tomoyo_fill_path_info(buf);
 		return true;
 	}
         return false;
 }
 /**
  * tomoyo_audit_path_log - Audit path request log.
  *
  * @r: Pointer to "struct tomoyo_request_info".
  *
  * Returns 0 on success, negative value otherwise.
  */
 static int tomoyo_audit_path_log(struct tomoyo_request_info *r)
 {
 	return tomoyo_supervisor(r, "file %s %s\n", tomoyo_path_keyword
 				 [r->param.path.operation],
 				 r->param.path.filename->name);
 }
 /**
  * tomoyo_audit_path2_log - Audit path/path request log.
  *
  * @r: Pointer to "struct tomoyo_request_info".
  *
  * Returns 0 on success, negative value otherwise.
  */
 static int tomoyo_audit_path2_log(struct tomoyo_request_info *r)
 {
 	return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_mac_keywords
 				 [tomoyo_pp2mac[r->param.path2.operation]],
 				 r->param.path2.filename1->name,
 				 r->param.path2.filename2->name);
 }
 /**
  * tomoyo_audit_mkdev_log - Audit path/number/number/number request log.
  *
  * @r: Pointer to "struct tomoyo_request_info".
  *
  * Returns 0 on success, negative value otherwise.
  */
 static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r)
 {
 	return tomoyo_supervisor(r, "file %s %s 0%o %u %u\n",
 				 tomoyo_mac_keywords
 				 [tomoyo_pnnn2mac[r->param.mkdev.operation]],
 				 r->param.mkdev.filename->name,
 				 r->param.mkdev.mode, r->param.mkdev.major,
 				 r->param.mkdev.minor);
 }
 /**
  * tomoyo_audit_path_number_log - Audit path/number request log.
  *
  * @r: Pointer to "struct tomoyo_request_info".
  *
  * Returns 0 on success, negative value otherwise.
  */
 static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r)
 {
 	const u8 type = r->param.path_number.operation;
 	u8 radix;
 	char buffer[64];
 	switch (type) {
 	case TOMOYO_TYPE_CREATE:
 	case TOMOYO_TYPE_MKDIR:
 	case TOMOYO_TYPE_MKFIFO:
 	case TOMOYO_TYPE_MKSOCK:
 	case TOMOYO_TYPE_CHMOD:
 		radix = TOMOYO_VALUE_TYPE_OCTAL;
 		break;
 	case TOMOYO_TYPE_IOCTL:
 		radix = TOMOYO_VALUE_TYPE_HEXADECIMAL;
 		break;
 	default:
 		radix = TOMOYO_VALUE_TYPE_DECIMAL;
 		break;
 	}
 	tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number,
 			   radix);
 	return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_mac_keywords
 				 [tomoyo_pn2mac[type]],
 				 r->param.path_number.filename->name, buffer);
 }
 /**
  * tomoyo_check_path_acl - Check permission for path operation.
  *
  * @r:   Pointer to "struct tomoyo_request_info".
  * @ptr: Pointer to "struct tomoyo_acl_info".
  *
  * Returns true if granted, false otherwise.
  *
  * To be able to use wildcard for domain transition, this function sets
  * matching entry on success. Since the caller holds tomoyo_read_lock(),
  * it is safe to set matching entry.
  */
 static bool tomoyo_check_path_acl(struct tomoyo_request_info *r,
 				  const struct tomoyo_acl_info *ptr)
 {
 	const struct tomoyo_path_acl *acl = container_of(ptr, typeof(*acl),
 							 head);
 	if (acl->perm & (1 << r->param.path.operation)) {
 		r->param.path.matched_path =
 			tomoyo_compare_name_union(r->param.path.filename,
 						  &acl->name);
 		return r->param.path.matched_path != NULL;
 	}
 	return false;
 }
 /**
  * tomoyo_check_path_number_acl - Check permission for path number operation.
  *
  * @r:   Pointer to "struct tomoyo_request_info".
  * @ptr: Pointer to "struct tomoyo_acl_info".
  *
  * Returns true if granted, false otherwise.
  */
 static bool tomoyo_check_path_number_acl(struct tomoyo_request_info *r,
 					 const struct tomoyo_acl_info *ptr)
 {
 	const struct tomoyo_path_number_acl *acl =
 		container_of(ptr, typeof(*acl), head);
 	return (acl->perm & (1 << r->param.path_number.operation)) &&
 		tomoyo_compare_number_union(r->param.path_number.number,
 					    &acl->number) &&
 		tomoyo_compare_name_union(r->param.path_number.filename,
 					  &acl->name);
 }
 /**
  * tomoyo_check_path2_acl - Check permission for path path operation.
  *
  * @r:   Pointer to "struct tomoyo_request_info".
  * @ptr: Pointer to "struct tomoyo_acl_info".
  *
  * Returns true if granted, false otherwise.
  */
 static bool tomoyo_check_path2_acl(struct tomoyo_request_info *r,
 				   const struct tomoyo_acl_info *ptr)
 {
 	const struct tomoyo_path2_acl *acl =
 		container_of(ptr, typeof(*acl), head);
 	return (acl->perm & (1 << r->param.path2.operation)) &&
 		tomoyo_compare_name_union(r->param.path2.filename1, &acl->name1)
 		&& tomoyo_compare_name_union(r->param.path2.filename2,
 					     &acl->name2);
 }
 /**
  * tomoyo_check_mkdev_acl - Check permission for path number number number operation.
  *
  * @r:   Pointer to "struct tomoyo_request_info".
  * @ptr: Pointer to "struct tomoyo_acl_info".
  *
  * Returns true if granted, false otherwise.
  */
 static bool tomoyo_check_mkdev_acl(struct tomoyo_request_info *r,
 				   const struct tomoyo_acl_info *ptr)
 {
 	const struct tomoyo_mkdev_acl *acl =
 		container_of(ptr, typeof(*acl), head);
 	return (acl->perm & (1 << r->param.mkdev.operation)) &&
 		tomoyo_compare_number_union(r->param.mkdev.mode,
 					    &acl->mode) &&
 		tomoyo_compare_number_union(r->param.mkdev.major,
 					    &acl->major) &&
 		tomoyo_compare_number_union(r->param.mkdev.minor,
 					    &acl->minor) &&
 		tomoyo_compare_name_union(r->param.mkdev.filename,
 					  &acl->name);
 }
 /**
  * tomoyo_same_path_acl - Check for duplicated "struct tomoyo_path_acl" entry.
  *
  * @a: Pointer to "struct tomoyo_acl_info".
  * @b: Pointer to "struct tomoyo_acl_info".
  *
  * Returns true if @a == @b except permission bits, false otherwise.
  */
 static bool tomoyo_same_path_acl(const struct tomoyo_acl_info *a,
 				 const struct tomoyo_acl_info *b)
 {
 	const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head);
 	const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head);
 	return tomoyo_same_name_union(&p1->name, &p2->name);
 }
 /**
  * tomoyo_merge_path_acl - Merge duplicated "struct tomoyo_path_acl" entry.
  *
  * @a:         Pointer to "struct tomoyo_acl_info".
  * @b:         Pointer to "struct tomoyo_acl_info".
  * @is_delete: True for @a &= ~@b, false for @a |= @b.
  *
  * Returns true if @a is empty, false otherwise.
  */
 static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a,
 				  struct tomoyo_acl_info *b,
 				  const bool is_delete)
 {
 	u16 * const a_perm = &container_of(a, struct tomoyo_path_acl, head)
 		->perm;
 	u16 perm = *a_perm;
 	const u16 b_perm = container_of(b, struct tomoyo_path_acl, head)->perm;
 	if (is_delete)
 		perm &= ~b_perm;
 	else
 		perm |= b_perm;
 	*a_perm = perm;
 	return !perm;
 }
 /**
  * tomoyo_update_path_acl - Update "struct tomoyo_path_acl" list.
  *
  * @perm:  Permission.
  * @param: Pointer to "struct tomoyo_acl_param".
  *
  * Returns 0 on success, negative value otherwise.
  *
  * Caller holds tomoyo_read_lock().
  */
 static int tomoyo_update_path_acl(const u16 perm,
 				  struct tomoyo_acl_param *param)
 {
 	struct tomoyo_path_acl e = {
 		.head.type = TOMOYO_TYPE_PATH_ACL,
 		.perm = perm
 	};
 	int error;
 	if (!tomoyo_parse_name_union(param, &e.name))
 		error = -EINVAL;
 	else
 		error = tomoyo_update_domain(&e.head, sizeof(e), param,
 					     tomoyo_same_path_acl,
 					     tomoyo_merge_path_acl);
 	tomoyo_put_name_union(&e.name);
 	return error;
 }
 /**
  * tomoyo_same_mkdev_acl - Check for duplicated "struct tomoyo_mkdev_acl" entry.
  *
  * @a: Pointer to "struct tomoyo_acl_info".
  * @b: Pointer to "struct tomoyo_acl_info".
  *
  * Returns true if @a == @b except permission bits, false otherwise.
  */
 static bool tomoyo_same_mkdev_acl(const struct tomoyo_acl_info *a,
 					 const struct tomoyo_acl_info *b)
 {
 	const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1), head);
 	const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2), head);
 	return tomoyo_same_name_union(&p1->name, &p2->name) &&
 		tomoyo_same_number_union(&p1->mode, &p2->mode) &&
 		tomoyo_same_number_union(&p1->major, &p2->major) &&
 		tomoyo_same_number_union(&p1->minor, &p2->minor);
 }
 /**
  * tomoyo_merge_mkdev_acl - Merge duplicated "struct tomoyo_mkdev_acl" entry.
  *
  * @a:         Pointer to "struct tomoyo_acl_info".
  * @b:         Pointer to "struct tomoyo_acl_info".
  * @is_delete: True for @a &= ~@b, false for @a |= @b.
  *
  * Returns true if @a is empty, false otherwise.
  */
 static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a,
 				   struct tomoyo_acl_info *b,
 				   const bool is_delete)
 {
 	u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl,
 					 head)->perm;
 	u8 perm = *a_perm;
 	const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head)
 		->perm;
 	if (is_delete)
 		perm &= ~b_perm;
 	else
 		perm |= b_perm;
 	*a_perm = perm;
 	return !perm;
 }
 /**
  * tomoyo_update_mkdev_acl - Update "struct tomoyo_mkdev_acl" list.
  *
  * @perm:  Permission.
  * @param: Pointer to "struct tomoyo_acl_param".
  *
  * Returns 0 on success, negative value otherwise.
  *
  * Caller holds tomoyo_read_lock().
  */
 static int tomoyo_update_mkdev_acl(const u8 perm,
 				   struct tomoyo_acl_param *param)
 {
 	struct tomoyo_mkdev_acl e = {
 		.head.type = TOMOYO_TYPE_MKDEV_ACL,
 		.perm = perm
 	};
 	int error;
 	if (!tomoyo_parse_name_union(param, &e.name) ||
 	    !tomoyo_parse_number_union(param, &e.mode) ||
 	    !tomoyo_parse_number_union(param, &e.major) ||
 	    !tomoyo_parse_number_union(param, &e.minor))
 		error = -EINVAL;
 	else
 		error = tomoyo_update_domain(&e.head, sizeof(e), param,
 					     tomoyo_same_mkdev_acl,
 					     tomoyo_merge_mkdev_acl);
 	tomoyo_put_name_union(&e.name);
 	tomoyo_put_number_union(&e.mode);
 	tomoyo_put_number_union(&e.major);
 	tomoyo_put_number_union(&e.minor);
 	return error;
 }
 /**
  * tomoyo_same_path2_acl - Check for duplicated "struct tomoyo_path2_acl" entry.
  *
  * @a: Pointer to "struct tomoyo_acl_info".
  * @b: Pointer to "struct tomoyo_acl_info".
  *
  * Returns true if @a == @b except permission bits, false otherwise.
  */
 static bool tomoyo_same_path2_acl(const struct tomoyo_acl_info *a,
 				  const struct tomoyo_acl_info *b)
 {
 	const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head);
 	const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head);
 	return tomoyo_same_name_union(&p1->name1, &p2->name1) &&
 		tomoyo_same_name_union(&p1->name2, &p2->name2);
 }
 /**
  * tomoyo_merge_path2_acl - Merge duplicated "struct tomoyo_path2_acl" entry.
  *
  * @a:         Pointer to "struct tomoyo_acl_info".
  * @b:         Pointer to "struct tomoyo_acl_info".
  * @is_delete: True for @a &= ~@b, false for @a |= @b.
  *
  * Returns true if @a is empty, false otherwise.
  */
 static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a,
 				   struct tomoyo_acl_info *b,
 				   const bool is_delete)
 {
 	u8 * const a_perm = &container_of(a, struct tomoyo_path2_acl, head)
 		->perm;
 	u8 perm = *a_perm;
 	const u8 b_perm = container_of(b, struct tomoyo_path2_acl, head)->perm;
 	if (is_delete)
 		perm &= ~b_perm;
 	else
 		perm |= b_perm;
 	*a_perm = perm;
 	return !perm;
 }
 /**
  * tomoyo_update_path2_acl - Update "struct tomoyo_path2_acl" list.
  *
  * @perm:  Permission.
  * @param: Pointer to "struct tomoyo_acl_param".
  *
  * Returns 0 on success, negative value otherwise.
  *
  * Caller holds tomoyo_read_lock().
  */
 static int tomoyo_update_path2_acl(const u8 perm,
 				   struct tomoyo_acl_param *param)
 {
 	struct tomoyo_path2_acl e = {
 		.head.type = TOMOYO_TYPE_PATH2_ACL,
 		.perm = perm
 	};
 	int error;
 	if (!tomoyo_parse_name_union(param, &e.name1) ||
 	    !tomoyo_parse_name_union(param, &e.name2))
 		error = -EINVAL;
 	else
 		error = tomoyo_update_domain(&e.head, sizeof(e), param,
 					     tomoyo_same_path2_acl,
 					     tomoyo_merge_path2_acl);
 	tomoyo_put_name_union(&e.name1);
 	tomoyo_put_name_union(&e.name2);
 	return error;
 }
 /**
  * tomoyo_path_permission - Check permission for single path operation.
  *
  * @r:         Pointer to "struct tomoyo_request_info".
  * @operation: Type of operation.
  * @filename:  Filename to check.
  *
  * Returns 0 on success, negative value otherwise.
  *
  * Caller holds tomoyo_read_lock().
  */
 int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
 			   const struct tomoyo_path_info *filename)
 {
 	int error;
 	r->type = tomoyo_p2mac[operation];
 	r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type);
 	if (r->mode == TOMOYO_CONFIG_DISABLED)
 		return 0;
 	r->param_type = TOMOYO_TYPE_PATH_ACL;
 	r->param.path.filename = filename;
 	r->param.path.operation = operation;
 	do {
 		tomoyo_check_acl(r, tomoyo_check_path_acl);
 		error = tomoyo_audit_path_log(r);
 		/*
 		 * Do not retry for execute request, for alias may have
 		 * changed.
 		 */
 	} while (error == TOMOYO_RETRY_REQUEST &&
 		 operation != TOMOYO_TYPE_EXECUTE);
 	return error;
 }
 /**
  * tomoyo_same_path_number_acl - Check for duplicated "struct tomoyo_path_number_acl" entry.
  *
  * @a: Pointer to "struct tomoyo_acl_info".
  * @b: Pointer to "struct tomoyo_acl_info".
  *
  * Returns true if @a == @b except permission bits, false otherwise.
  */
 static bool tomoyo_same_path_number_acl(const struct tomoyo_acl_info *a,
 					const struct tomoyo_acl_info *b)
 {
 	const struct tomoyo_path_number_acl *p1 = container_of(a, typeof(*p1),
 							       head);
 	const struct tomoyo_path_number_acl *p2 = container_of(b, typeof(*p2),
 							       head);
 	return tomoyo_same_name_union(&p1->name, &p2->name) &&
 		tomoyo_same_number_union(&p1->number, &p2->number);
 }
 /**
  * tomoyo_merge_path_number_acl - Merge duplicated "struct tomoyo_path_number_acl" entry.
  *
  * @a:         Pointer to "struct tomoyo_acl_info".
  * @b:         Pointer to "struct tomoyo_acl_info".
  * @is_delete: True for @a &= ~@b, false for @a |= @b.
  *
  * Returns true if @a is empty, false otherwise.
  */
 static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a,
 					 struct tomoyo_acl_info *b,
 					 const bool is_delete)
 {
 	u8 * const a_perm = &container_of(a, struct tomoyo_path_number_acl,
 					  head)->perm;
 	u8 perm = *a_perm;
 	const u8 b_perm = container_of(b, struct tomoyo_path_number_acl, head)
 		->perm;
 	if (is_delete)
 		perm &= ~b_perm;
 	else
 		perm |= b_perm;
 	*a_perm = perm;
 	return !perm;
 }
 /**
  * tomoyo_update_path_number_acl - Update ioctl/chmod/chown/chgrp ACL.
  *
  * @perm:  Permission.
  * @param: Pointer to "struct tomoyo_acl_param".
  *
  * Returns 0 on success, negative value otherwise.
  */
 static int tomoyo_update_path_number_acl(const u8 perm,
 					 struct tomoyo_acl_param *param)
 {
 	struct tomoyo_path_number_acl e = {
 		.head.type = TOMOYO_TYPE_PATH_NUMBER_ACL,
 		.perm = perm
 	};
 	int error;
 	if (!tomoyo_parse_name_union(param, &e.name) ||
 	    !tomoyo_parse_number_union(param, &e.number))
 		error = -EINVAL;
 	else
 		error = tomoyo_update_domain(&e.head, sizeof(e), param,
 					     tomoyo_same_path_number_acl,
 					     tomoyo_merge_path_number_acl);
 	tomoyo_put_name_union(&e.name);
 	tomoyo_put_number_union(&e.number);
 	return error;
 }
 /**
  * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
  *
  * @type:   Type of operation.
  * @path:   Pointer to "struct path".
  * @number: Number.
  *
  * Returns 0 on success, negative value otherwise.
  */
 int tomoyo_path_number_perm(const u8 type, struct path *path,
 			    unsigned long number)
 {
 	struct tomoyo_request_info r;
+	struct tomoyo_obj_info obj = {
+		.path1 = *path,
+	};
 	int error = -ENOMEM;
 	struct tomoyo_path_info buf;
 	int idx;
 	if (tomoyo_init_request_info(&r, NULL, tomoyo_pn2mac[type])
 	    == TOMOYO_CONFIG_DISABLED || !path->dentry)
 		return 0;
 	idx = tomoyo_read_lock();
 	if (!tomoyo_get_realpath(&buf, path))
 		goto out;
+	r.obj = &obj;
 	if (type == TOMOYO_TYPE_MKDIR)
 		tomoyo_add_slash(&buf);
 	r.param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;
 	r.param.path_number.operation = type;
 	r.param.path_number.filename = &buf;
 	r.param.path_number.number = number;
 	do {
 		tomoyo_check_acl(&r, tomoyo_check_path_number_acl);
 		error = tomoyo_audit_path_number_log(&r);
 	} while (error == TOMOYO_RETRY_REQUEST);
 	kfree(buf.name);
  out:
 	tomoyo_read_unlock(idx);
 	if (r.mode != TOMOYO_CONFIG_ENFORCING)
 		error = 0;
 	return error;
 }
 /**
  * tomoyo_check_open_permission - Check permission for "read" and "write".
  *
  * @domain: Pointer to "struct tomoyo_domain_info".
  * @path:   Pointer to "struct path".
  * @flag:   Flags for open().
  *
  * Returns 0 on success, negative value otherwise.
  */
 int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
 				 struct path *path, const int flag)
 {
 	const u8 acc_mode = ACC_MODE(flag);
 	int error = 0;
 	struct tomoyo_path_info buf;
 	struct tomoyo_request_info r;
+	struct tomoyo_obj_info obj = {
+		.path1 = *path,
+	};
 	int idx;
 	buf.name = NULL;
 	r.mode = TOMOYO_CONFIG_DISABLED;
 	idx = tomoyo_read_lock();
 	if (acc_mode &&
 	    tomoyo_init_request_info(&r, domain, TOMOYO_MAC_FILE_OPEN)
 	    != TOMOYO_CONFIG_DISABLED) {
 		if (!tomoyo_get_realpath(&buf, path)) {
 			error = -ENOMEM;
 			goto out;
 		}
+		r.obj = &obj;
 		if (acc_mode & MAY_READ)
 			error = tomoyo_path_permission(&r, TOMOYO_TYPE_READ,
 						       &buf);
 		if (!error && (acc_mode & MAY_WRITE))
 			error = tomoyo_path_permission(&r, (flag & O_APPEND) ?
 						       TOMOYO_TYPE_APPEND :
 						       TOMOYO_TYPE_WRITE,
 						       &buf);
 	}
  out:
 	kfree(buf.name);
 	tomoyo_read_unlock(idx);
 	if (r.mode != TOMOYO_CONFIG_ENFORCING)
 		error = 0;
 	return error;
 }
 /**
  * tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "append", "chroot" and "unmount".
  *
  * @operation: Type of operation.
  * @path:      Pointer to "struct path".
+ * @target:    Symlink's target if @operation is TOMOYO_TYPE_SYMLINK,
+ *             NULL otherwise.
  *
  * Returns 0 on success, negative value otherwise.
  */
-int tomoyo_path_perm(const u8 operation, struct path *path)
+int tomoyo_path_perm(const u8 operation, struct path *path, const char *target)
 {
 	struct tomoyo_request_info r;
+	struct tomoyo_obj_info obj = {
+		.path1 = *path,
+	};
 	int error;
 	struct tomoyo_path_info buf;
 	bool is_enforce;
+	struct tomoyo_path_info symlink_target;
 	int idx;
 	if (tomoyo_init_request_info(&r, NULL, tomoyo_p2mac[operation])
 	    == TOMOYO_CONFIG_DISABLED)
 		return 0;
 	is_enforce = (r.mode == TOMOYO_CONFIG_ENFORCING);
 	error = -ENOMEM;
 	buf.name = NULL;
 	idx = tomoyo_read_lock();
 	if (!tomoyo_get_realpath(&buf, path))
 		goto out;
+	r.obj = &obj;
 	switch (operation) {
 	case TOMOYO_TYPE_RMDIR:
 	case TOMOYO_TYPE_CHROOT:
 		tomoyo_add_slash(&buf);
 		break;
+	case TOMOYO_TYPE_SYMLINK:
+		symlink_target.name = tomoyo_encode(target);
+		if (!symlink_target.name)
+			goto out;
+		tomoyo_fill_path_info(&symlink_target);
+		obj.symlink_target = &symlink_target;
+		break;
 	}
 	error = tomoyo_path_permission(&r, operation, &buf);
+	if (operation == TOMOYO_TYPE_SYMLINK)
+		kfree(symlink_target.name);
  out:
 	kfree(buf.name);
 	tomoyo_read_unlock(idx);
 	if (!is_enforce)
 		error = 0;
 	return error;
 }
 /**
  * tomoyo_mkdev_perm - Check permission for "mkblock" and "mkchar".
  *
  * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)
  * @path:      Pointer to "struct path".
  * @mode:      Create mode.
  * @dev:       Device number.
  *
  * Returns 0 on success, negative value otherwise.
  */
 int tomoyo_mkdev_perm(const u8 operation, struct path *path,
 		      const unsigned int mode, unsigned int dev)
 {
 	struct tomoyo_request_info r;
+	struct tomoyo_obj_info obj = {
+		.path1 = *path,
+	};
 	int error = -ENOMEM;
 	struct tomoyo_path_info buf;
 	int idx;
 	if (tomoyo_init_request_info(&r, NULL, tomoyo_pnnn2mac[operation])
 	    == TOMOYO_CONFIG_DISABLED)
 		return 0;
 	idx = tomoyo_read_lock();
 	error = -ENOMEM;
 	if (tomoyo_get_realpath(&buf, path)) {
+		r.obj = &obj;
 		dev = new_decode_dev(dev);
 		r.param_type = TOMOYO_TYPE_MKDEV_ACL;
 		r.param.mkdev.filename = &buf;
 		r.param.mkdev.operation = operation;
 		r.param.mkdev.mode = mode;
 		r.param.mkdev.major = MAJOR(dev);
 		r.param.mkdev.minor = MINOR(dev);
 		tomoyo_check_acl(&r, tomoyo_check_mkdev_acl);
 		error = tomoyo_audit_mkdev_log(&r);
 		kfree(buf.name);
 	}
 	tomoyo_read_unlock(idx);
 	if (r.mode != TOMOYO_CONFIG_ENFORCING)
 		error = 0;
 	return error;
 }
 /**
  * tomoyo_path2_perm - Check permission for "rename", "link" and "pivot_root".
  *
  * @operation: Type of operation.
  * @path1:      Pointer to "struct path".
  * @path2:      Pointer to "struct path".
  *
  * Returns 0 on success, negative value otherwise.
  */
 int tomoyo_path2_perm(const u8 operation, struct path *path1,
 		      struct path *path2)
 {
 	int error = -ENOMEM;
 	struct tomoyo_path_info buf1;
 	struct tomoyo_path_info buf2;
 	struct tomoyo_request_info r;
+	struct tomoyo_obj_info obj = {
+		.path1 = *path1,
+		.path2 = *path2,
+	};
 	int idx;
 	if (tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation])
 	    == TOMOYO_CONFIG_DISABLED)
 		return 0;
 	buf1.name = NULL;
 	buf2.name = NULL;
 	idx = tomoyo_read_lock();
 	if (!tomoyo_get_realpath(&buf1, path1) ||
 	    !tomoyo_get_realpath(&buf2, path2))
 		goto out;
 	switch (operation) {
 		struct dentry *dentry;
 	case TOMOYO_TYPE_RENAME:
         case TOMOYO_TYPE_LINK:
 		dentry = path1->dentry;
 	        if (!dentry->d_inode || !S_ISDIR(dentry->d_inode->i_mode))
                         break;
                 /* fall through */
         case TOMOYO_TYPE_PIVOT_ROOT:
                 tomoyo_add_slash(&buf1);
                 tomoyo_add_slash(&buf2);
 		break;
         }
+	r.obj = &obj;
 	r.param_type = TOMOYO_TYPE_PATH2_ACL;
 	r.param.path2.operation = operation;
 	r.param.path2.filename1 = &buf1;
 	r.param.path2.filename2 = &buf2;
 	do {
 		tomoyo_check_acl(&r, tomoyo_check_path2_acl);
 		error = tomoyo_audit_path2_log(&r);
 	} while (error == TOMOYO_RETRY_REQUEST);
  out:
 	kfree(buf1.name);
 	kfree(buf2.name);
 	tomoyo_read_unlock(idx);
 	if (r.mode != TOMOYO_CONFIG_ENFORCING)
 		error = 0;
 	return error;
 }
 /**
  * tomoyo_same_mount_acl - Check for duplicated "struct tomoyo_mount_acl" entry.
  *
  * @a: Pointer to "struct tomoyo_acl_info".
  * @b: Pointer to "struct tomoyo_acl_info".
  *
  * Returns true if @a == @b, false otherwise.
  */
 static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a,
 				  const struct tomoyo_acl_info *b)
 {
 	const struct tomoyo_mount_acl *p1 = container_of(a, typeof(*p1), head);
 	const struct tomoyo_mount_acl *p2 = container_of(b, typeof(*p2), head);
 	return tomoyo_same_name_union(&p1->dev_name, &p2->dev_name) &&
 		tomoyo_same_name_union(&p1->dir_name, &p2->dir_name) &&
 		tomoyo_same_name_union(&p1->fs_type, &p2->fs_type) &&
 		tomoyo_same_number_union(&p1->flags, &p2->flags);
 }
 /**
  * tomoyo_update_mount_acl - Write "struct tomoyo_mount_acl" list.
  *
  * @param: Pointer to "struct tomoyo_acl_param".
  *
  * Returns 0 on success, negative value otherwise.
  *
  * Caller holds tomoyo_read_lock().
  */
 static int tomoyo_update_mount_acl(struct tomoyo_acl_param *param)
 {
 	struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL };
 	int error;
 	if (!tomoyo_parse_name_union(param, &e.dev_name) ||
 	    !tomoyo_parse_name_union(param, &e.dir_name) ||
 	    !tomoyo_parse_name_union(param, &e.fs_type) ||
 	    !tomoyo_parse_number_union(param, &e.flags))
 		error = -EINVAL;
 	else
 		error = tomoyo_update_domain(&e.head, sizeof(e), param,
 					     tomoyo_same_mount_acl, NULL);
 	tomoyo_put_name_union(&e.dev_name);
 	tomoyo_put_name_union(&e.dir_name);
 	tomoyo_put_name_union(&e.fs_type);
 	tomoyo_put_number_union(&e.flags);
 	return error;
 }
 /**
  * tomoyo_write_file - Update file related list.
  *
  * @param: Pointer to "struct tomoyo_acl_param".
  *
  * Returns 0 on success, negative value otherwise.
  *
  * Caller holds tomoyo_read_lock().
  */
 int tomoyo_write_file(struct tomoyo_acl_param *param)
 {
 	u16 perm = 0;
 	u8 type;
 	const char *operation = tomoyo_read_token(param);
 	for (type = 0; type < TOMOYO_MAX_PATH_OPERATION; type++)
 		if (tomoyo_permstr(operation, tomoyo_path_keyword[type]))
 			perm |= 1 << type;
 	if (perm)
 		return tomoyo_update_path_acl(perm, param);
 	for (type = 0; type < TOMOYO_MAX_PATH2_OPERATION; type++)
 		if (tomoyo_permstr(operation,
 				   tomoyo_mac_keywords[tomoyo_pp2mac[type]]))
 			perm |= 1 << type;
 	if (perm)
 		return tomoyo_update_path2_acl(perm, param);
 	for (type = 0; type < TOMOYO_MAX_PATH_NUMBER_OPERATION; type++)
 		if (tomoyo_permstr(operation,
 				   tomoyo_mac_keywords[tomoyo_pn2mac[type]]))
 			perm |= 1 << type;
 	if (perm)
 		return tomoyo_update_path_number_acl(perm, param);
 	for (type = 0; type < TOMOYO_MAX_MKDEV_OPERATION; type++)
 		if (tomoyo_permstr(operation,
 				   tomoyo_mac_keywords[tomoyo_pnnn2mac[type]]))
 			perm |= 1 << type;
 	if (perm)
 		return tomoyo_update_mkdev_acl(perm, param);
 	if (tomoyo_permstr(operation,
 			   tomoyo_mac_keywords[TOMOYO_MAC_FILE_MOUNT]))
 		return tomoyo_update_mount_acl(param);
 	return -EINVAL;
 }

security/tomoyo/mount.c

Diff comments View file @ 97fb35e

 /*
  * security/tomoyo/mount.c
  *
  * Copyright (C) 2005-2010  NTT DATA CORPORATION
  */
 #include <linux/slab.h>
 #include "common.h"
 /* String table for special mount operations. */
 static const char * const tomoyo_mounts[TOMOYO_MAX_SPECIAL_MOUNT] = {
 	[TOMOYO_MOUNT_BIND]            = "--bind",
 	[TOMOYO_MOUNT_MOVE]            = "--move",
 	[TOMOYO_MOUNT_REMOUNT]         = "--remount",
 	[TOMOYO_MOUNT_MAKE_UNBINDABLE] = "--make-unbindable",
 	[TOMOYO_MOUNT_MAKE_PRIVATE]    = "--make-private",
 	[TOMOYO_MOUNT_MAKE_SLAVE]      = "--make-slave",
 	[TOMOYO_MOUNT_MAKE_SHARED]     = "--make-shared",
 };
 /**
  * tomoyo_audit_mount_log - Audit mount log.
  *
  * @r: Pointer to "struct tomoyo_request_info".
  *
  * Returns 0 on success, negative value otherwise.
  */
 static int tomoyo_audit_mount_log(struct tomoyo_request_info *r)
 {
 	return tomoyo_supervisor(r, "file mount %s %s %s 0x%lX\n",
 				 r->param.mount.dev->name,
 				 r->param.mount.dir->name,
 				 r->param.mount.type->name,
 				 r->param.mount.flags);
 }
 /**
  * tomoyo_check_mount_acl - Check permission for path path path number operation.
  *
  * @r:   Pointer to "struct tomoyo_request_info".
  * @ptr: Pointer to "struct tomoyo_acl_info".
  *
  * Returns true if granted, false otherwise.
  */
 static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
 				   const struct tomoyo_acl_info *ptr)
 {
 	const struct tomoyo_mount_acl *acl =
 		container_of(ptr, typeof(*acl), head);
 	return tomoyo_compare_number_union(r->param.mount.flags,
 					   &acl->flags) &&
 		tomoyo_compare_name_union(r->param.mount.type,
 					  &acl->fs_type) &&
 		tomoyo_compare_name_union(r->param.mount.dir,
 					  &acl->dir_name) &&
 		(!r->param.mount.need_dev ||
 		 tomoyo_compare_name_union(r->param.mount.dev,
 					   &acl->dev_name));
 }
 /**
  * tomoyo_mount_acl - Check permission for mount() operation.
  *
  * @r:        Pointer to "struct tomoyo_request_info".
  * @dev_name: Name of device file.
  * @dir:      Pointer to "struct path".
  * @type:     Name of filesystem type.
  * @flags:    Mount options.
  *
  * Returns 0 on success, negative value otherwise.
  *
  * Caller holds tomoyo_read_lock().
  */
 static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
 			    struct path *dir, const char *type,
 			    unsigned long flags)
 {
+	struct tomoyo_obj_info obj = { };
 	struct path path;
 	struct file_system_type *fstype = NULL;
 	const char *requested_type = NULL;
 	const char *requested_dir_name = NULL;
 	const char *requested_dev_name = NULL;
 	struct tomoyo_path_info rtype;
 	struct tomoyo_path_info rdev;
 	struct tomoyo_path_info rdir;
 	int need_dev = 0;
 	int error = -ENOMEM;
+	r->obj = &obj;
 	/* Get fstype. */
 	requested_type = tomoyo_encode(type);
 	if (!requested_type)
 		goto out;
 	rtype.name = requested_type;
 	tomoyo_fill_path_info(&rtype);
 	/* Get mount point. */
+	obj.path2 = *dir;
 	requested_dir_name = tomoyo_realpath_from_path(dir);
 	if (!requested_dir_name) {
 		error = -ENOMEM;
 		goto out;
 	}
 	rdir.name = requested_dir_name;
 	tomoyo_fill_path_info(&rdir);
 	/* Compare fs name. */
 	if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT]) {
 		/* dev_name is ignored. */
 	} else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] ||
 		   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] ||
 		   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] ||
 		   type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]) {
 		/* dev_name is ignored. */
 	} else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND] ||
 		   type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) {
 		need_dev = -1; /* dev_name is a directory */
 	} else {
 		fstype = get_fs_type(type);
 		if (!fstype) {
 			error = -ENODEV;
 			goto out;
 		}
 		if (fstype->fs_flags & FS_REQUIRES_DEV)
 			/* dev_name is a block device file. */
 			need_dev = 1;
 	}
 	if (need_dev) {
 		/* Get mount point or device file. */
 		if (!dev_name || kern_path(dev_name, LOOKUP_FOLLOW, &path)) {
 			error = -ENOENT;
 			goto out;
 		}
+		obj.path1 = path;
 		requested_dev_name = tomoyo_realpath_from_path(&path);
-		path_put(&path);
 		if (!requested_dev_name) {
 			error = -ENOENT;
 			goto out;
 		}
 	} else {
 		/* Map dev_name to "<NULL>" if no dev_name given. */
 		if (!dev_name)
 			dev_name = "<NULL>";
 		requested_dev_name = tomoyo_encode(dev_name);
 		if (!requested_dev_name) {
 			error = -ENOMEM;
 			goto out;
 		}
 	}
 	rdev.name = requested_dev_name;
 	tomoyo_fill_path_info(&rdev);
 	r->param_type = TOMOYO_TYPE_MOUNT_ACL;
 	r->param.mount.need_dev = need_dev;
 	r->param.mount.dev = &rdev;
 	r->param.mount.dir = &rdir;
 	r->param.mount.type = &rtype;
 	r->param.mount.flags = flags;
 	do {
 		tomoyo_check_acl(r, tomoyo_check_mount_acl);
 		error = tomoyo_audit_mount_log(r);
 	} while (error == TOMOYO_RETRY_REQUEST);
  out:
 	kfree(requested_dev_name);
 	kfree(requested_dir_name);
 	if (fstype)
 		put_filesystem(fstype);
 	kfree(requested_type);
+	/* Drop refcount obtained by kern_path(). */
+	if (obj.path1.dentry)
+		path_put(&obj.path1);
 	return error;
 }
 /**
  * tomoyo_mount_permission - Check permission for mount() operation.
  *
  * @dev_name:  Name of device file.
  * @path:      Pointer to "struct path".
  * @type:      Name of filesystem type. May be NULL.
  * @flags:     Mount options.
  * @data_page: Optional data. May be NULL.
  *
  * Returns 0 on success, negative value otherwise.
  */
 int tomoyo_mount_permission(char *dev_name, struct path *path,
 			    const char *type, unsigned long flags,
 			    void *data_page)
 {
 	struct tomoyo_request_info r;
 	int error;
 	int idx;
 	if (tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_MOUNT)
 	    == TOMOYO_CONFIG_DISABLED)
 		return 0;
 	if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
 		flags &= ~MS_MGC_MSK;
 	if (flags & MS_REMOUNT) {
 		type = tomoyo_mounts[TOMOYO_MOUNT_REMOUNT];
 		flags &= ~MS_REMOUNT;
 	}
 	if (flags & MS_MOVE) {
 		type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];
 		flags &= ~MS_MOVE;
 	}
 	if (flags & MS_BIND) {
 		type = tomoyo_mounts[TOMOYO_MOUNT_BIND];
 		flags &= ~MS_BIND;
 	}
 	if (flags & MS_UNBINDABLE) {
 		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];
 		flags &= ~MS_UNBINDABLE;
 	}
 	if (flags & MS_PRIVATE) {
 		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE];
 		flags &= ~MS_PRIVATE;
 	}
 	if (flags & MS_SLAVE) {
 		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE];
 		flags &= ~MS_SLAVE;
 	}
 	if (flags & MS_SHARED) {
 		type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];
 		flags &= ~MS_SHARED;
 	}
 	if (!type)
 		type = "<NULL>";
 	idx = tomoyo_read_lock();
 	error = tomoyo_mount_acl(&r, dev_name, path, type, flags);
 	tomoyo_read_unlock(idx);
 	return error;
 }

security/tomoyo/tomoyo.c

Diff comments View file @ 97fb35e

1	/*	1	/*
2	* security/tomoyo/tomoyo.c	2	* security/tomoyo/tomoyo.c
3	*	3	*
4	* LSM hooks for TOMOYO Linux.	4	* LSM hooks for TOMOYO Linux.
5	*	5	*
6	* Copyright (C) 2005-2010 NTT DATA CORPORATION	6	* Copyright (C) 2005-2010 NTT DATA CORPORATION
7	*/	7	*/
8		8
9	#include <linux/security.h>	9	#include <linux/security.h>
10	#include "common.h"	10	#include "common.h"
11		11
12	static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)	12	static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
13	{	13	{
14	new->security = NULL;	14	new->security = NULL;
15	return 0;	15	return 0;
16	}	16	}
17		17
18	static int tomoyo_cred_prepare(struct cred new, const struct cred old,	18	static int tomoyo_cred_prepare(struct cred new, const struct cred old,
19	gfp_t gfp)	19	gfp_t gfp)
20	{	20	{
21	struct tomoyo_domain_info *domain = old->security;	21	struct tomoyo_domain_info *domain = old->security;
22	new->security = domain;	22	new->security = domain;
23	if (domain)	23	if (domain)
24	atomic_inc(&domain->users);	24	atomic_inc(&domain->users);
25	return 0;	25	return 0;
26	}	26	}
27		27
28	static void tomoyo_cred_transfer(struct cred new, const struct cred old)	28	static void tomoyo_cred_transfer(struct cred new, const struct cred old)
29	{	29	{
30	tomoyo_cred_prepare(new, old, 0);	30	tomoyo_cred_prepare(new, old, 0);
31	}	31	}
32		32
33	static void tomoyo_cred_free(struct cred *cred)	33	static void tomoyo_cred_free(struct cred *cred)
34	{	34	{
35	struct tomoyo_domain_info *domain = cred->security;	35	struct tomoyo_domain_info *domain = cred->security;
36	if (domain)	36	if (domain)
37	atomic_dec(&domain->users);	37	atomic_dec(&domain->users);
38	}	38	}
39		39
40	static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)	40	static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
41	{	41	{
42	int rc;	42	int rc;
43		43
44	rc = cap_bprm_set_creds(bprm);	44	rc = cap_bprm_set_creds(bprm);
45	if (rc)	45	if (rc)
46	return rc;	46	return rc;
47		47
48	/*	48	/*
49	* Do only if this function is called for the first time of an execve	49	* Do only if this function is called for the first time of an execve
50	* operation.	50	* operation.
51	*/	51	*/
52	if (bprm->cred_prepared)	52	if (bprm->cred_prepared)
53	return 0;	53	return 0;
54	#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER	54	#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
55	/*	55	/*
56	* Load policy if /sbin/tomoyo-init exists and /sbin/init is requested	56	* Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
57	* for the first time.	57	* for the first time.
58	*/	58	*/
59	if (!tomoyo_policy_loaded)	59	if (!tomoyo_policy_loaded)
60	tomoyo_load_policy(bprm->filename);	60	tomoyo_load_policy(bprm->filename);
61	#endif	61	#endif
62	/*	62	/*
63	* Release reference to "struct tomoyo_domain_info" stored inside	63	* Release reference to "struct tomoyo_domain_info" stored inside
64	* "bprm->cred->security". New reference to "struct tomoyo_domain_info"	64	* "bprm->cred->security". New reference to "struct tomoyo_domain_info"
65	* stored inside "bprm->cred->security" will be acquired later inside	65	* stored inside "bprm->cred->security" will be acquired later inside
66	* tomoyo_find_next_domain().	66	* tomoyo_find_next_domain().
67	*/	67	*/
68	atomic_dec(&((struct tomoyo_domain_info *)	68	atomic_dec(&((struct tomoyo_domain_info *)
69	bprm->cred->security)->users);	69	bprm->cred->security)->users);
70	/*	70	/*
71	* Tell tomoyo_bprm_check_security() is called for the first time of an	71	* Tell tomoyo_bprm_check_security() is called for the first time of an
72	* execve operation.	72	* execve operation.
73	*/	73	*/
74	bprm->cred->security = NULL;	74	bprm->cred->security = NULL;
75	return 0;	75	return 0;
76	}	76	}
77		77
78	static int tomoyo_bprm_check_security(struct linux_binprm *bprm)	78	static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
79	{	79	{
80	struct tomoyo_domain_info *domain = bprm->cred->security;	80	struct tomoyo_domain_info *domain = bprm->cred->security;
81		81
82	/*	82	/*
83	* Execute permission is checked against pathname passed to do_execve()	83	* Execute permission is checked against pathname passed to do_execve()
84	* using current domain.	84	* using current domain.
85	*/	85	*/
86	if (!domain) {	86	if (!domain) {
87	const int idx = tomoyo_read_lock();	87	const int idx = tomoyo_read_lock();
88	const int err = tomoyo_find_next_domain(bprm);	88	const int err = tomoyo_find_next_domain(bprm);
89	tomoyo_read_unlock(idx);	89	tomoyo_read_unlock(idx);
90	return err;	90	return err;
91	}	91	}
92	/*	92	/*
93	* Read permission is checked against interpreters using next domain.	93	* Read permission is checked against interpreters using next domain.
94	*/	94	*/
95	return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY);	95	return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY);
96	}	96	}
97		97
98	static int tomoyo_inode_getattr(struct vfsmount mnt, struct dentry dentry)	98	static int tomoyo_inode_getattr(struct vfsmount mnt, struct dentry dentry)
99	{	99	{
100	struct path path = { mnt, dentry };	100	struct path path = { mnt, dentry };
101	return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path);	101	return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL);
102	}	102	}
103		103
104	static int tomoyo_path_truncate(struct path *path)	104	static int tomoyo_path_truncate(struct path *path)
105	{	105	{
106	return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path);	106	return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
107	}	107	}
108		108
109	static int tomoyo_path_unlink(struct path parent, struct dentry dentry)	109	static int tomoyo_path_unlink(struct path parent, struct dentry dentry)
110	{	110	{
111	struct path path = { parent->mnt, dentry };	111	struct path path = { parent->mnt, dentry };
112	return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path);	112	return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
113	}	113	}
114		114
115	static int tomoyo_path_mkdir(struct path parent, struct dentry dentry,	115	static int tomoyo_path_mkdir(struct path parent, struct dentry dentry,
116	int mode)	116	int mode)
117	{	117	{
118	struct path path = { parent->mnt, dentry };	118	struct path path = { parent->mnt, dentry };
119	return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,	119	return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
120	mode & S_IALLUGO);	120	mode & S_IALLUGO);
121	}	121	}
122		122
123	static int tomoyo_path_rmdir(struct path parent, struct dentry dentry)	123	static int tomoyo_path_rmdir(struct path parent, struct dentry dentry)
124	{	124	{
125	struct path path = { parent->mnt, dentry };	125	struct path path = { parent->mnt, dentry };
126	return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path);	126	return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
127	}	127	}
128		128
129	static int tomoyo_path_symlink(struct path parent, struct dentry dentry,	129	static int tomoyo_path_symlink(struct path parent, struct dentry dentry,
130	const char *old_name)	130	const char *old_name)
131	{	131	{
132	struct path path = { parent->mnt, dentry };	132	struct path path = { parent->mnt, dentry };
133	return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path);	133	return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
134	}	134	}
135		135
136	static int tomoyo_path_mknod(struct path parent, struct dentry dentry,	136	static int tomoyo_path_mknod(struct path parent, struct dentry dentry,
137	int mode, unsigned int dev)	137	int mode, unsigned int dev)
138	{	138	{
139	struct path path = { parent->mnt, dentry };	139	struct path path = { parent->mnt, dentry };
140	int type = TOMOYO_TYPE_CREATE;	140	int type = TOMOYO_TYPE_CREATE;
141	const unsigned int perm = mode & S_IALLUGO;	141	const unsigned int perm = mode & S_IALLUGO;
142		142
143	switch (mode & S_IFMT) {	143	switch (mode & S_IFMT) {
144	case S_IFCHR:	144	case S_IFCHR:
145	type = TOMOYO_TYPE_MKCHAR;	145	type = TOMOYO_TYPE_MKCHAR;
146	break;	146	break;
147	case S_IFBLK:	147	case S_IFBLK:
148	type = TOMOYO_TYPE_MKBLOCK;	148	type = TOMOYO_TYPE_MKBLOCK;
149	break;	149	break;
150	default:	150	default:
151	goto no_dev;	151	goto no_dev;
152	}	152	}
153	return tomoyo_mkdev_perm(type, &path, perm, dev);	153	return tomoyo_mkdev_perm(type, &path, perm, dev);
154	no_dev:	154	no_dev:
155	switch (mode & S_IFMT) {	155	switch (mode & S_IFMT) {
156	case S_IFIFO:	156	case S_IFIFO:
157	type = TOMOYO_TYPE_MKFIFO;	157	type = TOMOYO_TYPE_MKFIFO;
158	break;	158	break;
159	case S_IFSOCK:	159	case S_IFSOCK:
160	type = TOMOYO_TYPE_MKSOCK;	160	type = TOMOYO_TYPE_MKSOCK;
161	break;	161	break;
162	}	162	}
163	return tomoyo_path_number_perm(type, &path, perm);	163	return tomoyo_path_number_perm(type, &path, perm);
164	}	164	}
165		165
166	static int tomoyo_path_link(struct dentry old_dentry, struct path new_dir,	166	static int tomoyo_path_link(struct dentry old_dentry, struct path new_dir,
167	struct dentry *new_dentry)	167	struct dentry *new_dentry)
168	{	168	{
169	struct path path1 = { new_dir->mnt, old_dentry };	169	struct path path1 = { new_dir->mnt, old_dentry };
170	struct path path2 = { new_dir->mnt, new_dentry };	170	struct path path2 = { new_dir->mnt, new_dentry };
171	return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);	171	return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
172	}	172	}
173		173
174	static int tomoyo_path_rename(struct path *old_parent,	174	static int tomoyo_path_rename(struct path *old_parent,
175	struct dentry *old_dentry,	175	struct dentry *old_dentry,
176	struct path *new_parent,	176	struct path *new_parent,
177	struct dentry *new_dentry)	177	struct dentry *new_dentry)
178	{	178	{
179	struct path path1 = { old_parent->mnt, old_dentry };	179	struct path path1 = { old_parent->mnt, old_dentry };
180	struct path path2 = { new_parent->mnt, new_dentry };	180	struct path path2 = { new_parent->mnt, new_dentry };
181	return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);	181	return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
182	}	182	}
183		183
184	static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,	184	static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
185	unsigned long arg)	185	unsigned long arg)
186	{	186	{
187	if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))	187	if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
188	return 0;	188	return 0;
189	return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,	189	return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
190	O_WRONLY \| (arg & O_APPEND));	190	O_WRONLY \| (arg & O_APPEND));
191	}	191	}
192		192
193	static int tomoyo_dentry_open(struct file f, const struct cred cred)	193	static int tomoyo_dentry_open(struct file f, const struct cred cred)
194	{	194	{
195	int flags = f->f_flags;	195	int flags = f->f_flags;
196	/* Don't check read permission here if called from do_execve(). */	196	/* Don't check read permission here if called from do_execve(). */
197	if (current->in_execve)	197	if (current->in_execve)
198	return 0;	198	return 0;
199	return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);	199	return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
200	}	200	}
201		201
202	static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,	202	static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
203	unsigned long arg)	203	unsigned long arg)
204	{	204	{
205	return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);	205	return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
206	}	206	}
207		207
208	static int tomoyo_path_chmod(struct dentry dentry, struct vfsmount mnt,	208	static int tomoyo_path_chmod(struct dentry dentry, struct vfsmount mnt,
209	mode_t mode)	209	mode_t mode)
210	{	210	{
211	struct path path = { mnt, dentry };	211	struct path path = { mnt, dentry };
212	return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path,	212	return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path,
213	mode & S_IALLUGO);	213	mode & S_IALLUGO);
214	}	214	}
215		215
216	static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)	216	static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
217	{	217	{
218	int error = 0;	218	int error = 0;
219	if (uid != (uid_t) -1)	219	if (uid != (uid_t) -1)
220	error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, uid);	220	error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, uid);
221	if (!error && gid != (gid_t) -1)	221	if (!error && gid != (gid_t) -1)
222	error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, gid);	222	error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, gid);
223	return error;	223	return error;
224	}	224	}
225		225
226	static int tomoyo_path_chroot(struct path *path)	226	static int tomoyo_path_chroot(struct path *path)
227	{	227	{
228	return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path);	228	return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
229	}	229	}
230		230
231	static int tomoyo_sb_mount(char dev_name, struct path path,	231	static int tomoyo_sb_mount(char dev_name, struct path path,
232	char type, unsigned long flags, void data)	232	char type, unsigned long flags, void data)
233	{	233	{
234	return tomoyo_mount_permission(dev_name, path, type, flags, data);	234	return tomoyo_mount_permission(dev_name, path, type, flags, data);
235	}	235	}
236		236
237	static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)	237	static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
238	{	238	{
239	struct path path = { mnt, mnt->mnt_root };	239	struct path path = { mnt, mnt->mnt_root };
240	return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path);	240	return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
241	}	241	}
242		242
243	static int tomoyo_sb_pivotroot(struct path old_path, struct path new_path)	243	static int tomoyo_sb_pivotroot(struct path old_path, struct path new_path)
244	{	244	{
245	return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);	245	return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
246	}	246	}
247		247
248	/*	248	/*
249	* tomoyo_security_ops is a "struct security_operations" which is used for	249	* tomoyo_security_ops is a "struct security_operations" which is used for
250	* registering TOMOYO.	250	* registering TOMOYO.
251	*/	251	*/
252	static struct security_operations tomoyo_security_ops = {	252	static struct security_operations tomoyo_security_ops = {
253	.name = "tomoyo",	253	.name = "tomoyo",
254	.cred_alloc_blank = tomoyo_cred_alloc_blank,	254	.cred_alloc_blank = tomoyo_cred_alloc_blank,
255	.cred_prepare = tomoyo_cred_prepare,	255	.cred_prepare = tomoyo_cred_prepare,
256	.cred_transfer = tomoyo_cred_transfer,	256	.cred_transfer = tomoyo_cred_transfer,
257	.cred_free = tomoyo_cred_free,	257	.cred_free = tomoyo_cred_free,
258	.bprm_set_creds = tomoyo_bprm_set_creds,	258	.bprm_set_creds = tomoyo_bprm_set_creds,
259	.bprm_check_security = tomoyo_bprm_check_security,	259	.bprm_check_security = tomoyo_bprm_check_security,
260	.file_fcntl = tomoyo_file_fcntl,	260	.file_fcntl = tomoyo_file_fcntl,
261	.dentry_open = tomoyo_dentry_open,	261	.dentry_open = tomoyo_dentry_open,
262	.path_truncate = tomoyo_path_truncate,	262	.path_truncate = tomoyo_path_truncate,
263	.path_unlink = tomoyo_path_unlink,	263	.path_unlink = tomoyo_path_unlink,
264	.path_mkdir = tomoyo_path_mkdir,	264	.path_mkdir = tomoyo_path_mkdir,
265	.path_rmdir = tomoyo_path_rmdir,	265	.path_rmdir = tomoyo_path_rmdir,
266	.path_symlink = tomoyo_path_symlink,	266	.path_symlink = tomoyo_path_symlink,
267	.path_mknod = tomoyo_path_mknod,	267	.path_mknod = tomoyo_path_mknod,
268	.path_link = tomoyo_path_link,	268	.path_link = tomoyo_path_link,
269	.path_rename = tomoyo_path_rename,	269	.path_rename = tomoyo_path_rename,
270	.inode_getattr = tomoyo_inode_getattr,	270	.inode_getattr = tomoyo_inode_getattr,
271	.file_ioctl = tomoyo_file_ioctl,	271	.file_ioctl = tomoyo_file_ioctl,
272	.path_chmod = tomoyo_path_chmod,	272	.path_chmod = tomoyo_path_chmod,
273	.path_chown = tomoyo_path_chown,	273	.path_chown = tomoyo_path_chown,
274	.path_chroot = tomoyo_path_chroot,	274	.path_chroot = tomoyo_path_chroot,
275	.sb_mount = tomoyo_sb_mount,	275	.sb_mount = tomoyo_sb_mount,
276	.sb_umount = tomoyo_sb_umount,	276	.sb_umount = tomoyo_sb_umount,
277	.sb_pivotroot = tomoyo_sb_pivotroot,	277	.sb_pivotroot = tomoyo_sb_pivotroot,
278	};	278	};
279		279
280	/* Lock for GC. */	280	/* Lock for GC. */
281	struct srcu_struct tomoyo_ss;	281	struct srcu_struct tomoyo_ss;
282		282
283	static int __init tomoyo_init(void)	283	static int __init tomoyo_init(void)
284	{	284	{
285	struct cred cred = (struct cred ) current_cred();	285	struct cred cred = (struct cred ) current_cred();
286		286
287	if (!security_module_enable(&tomoyo_security_ops))	287	if (!security_module_enable(&tomoyo_security_ops))
288	return 0;	288	return 0;
289	/* register ourselves with the security framework */	289	/* register ourselves with the security framework */
290	if (register_security(&tomoyo_security_ops) \|\|	290	if (register_security(&tomoyo_security_ops) \|\|
291	init_srcu_struct(&tomoyo_ss))	291	init_srcu_struct(&tomoyo_ss))
292	panic("Failure registering TOMOYO Linux");	292	panic("Failure registering TOMOYO Linux");
293	printk(KERN_INFO "TOMOYO Linux initialized\n");	293	printk(KERN_INFO "TOMOYO Linux initialized\n");
294	cred->security = &tomoyo_kernel_domain;	294	cred->security = &tomoyo_kernel_domain;
295	tomoyo_mm_init();	295	tomoyo_mm_init();
296	return 0;	296	return 0;
297	}	297	}
298		298
299	security_initcall(tomoyo_init);	299	security_initcall(tomoyo_init);
300		300