/*

   * security/tomoyo/securityfs_if.c

   *

   * Copyright (C) 2005-2011  NTT DATA CORPORATION

   */
  
  #include <linux/security.h>
  #include "common.h"
  
  /**

   * tomoyo_check_task_acl - Check permission for task operation.
   *
   * @r:   Pointer to "struct tomoyo_request_info".
   * @ptr: Pointer to "struct tomoyo_acl_info".
   *
   * Returns true if granted, false otherwise.
   */
  static bool tomoyo_check_task_acl(struct tomoyo_request_info *r,
  				  const struct tomoyo_acl_info *ptr)
  {
  	const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl),
  							 head);
  	return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname);
  }
  
  /**
   * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface.
   *
   * @file:  Pointer to "struct file".
   * @buf:   Domainname to transit to.
   * @count: Size of @buf.
   * @ppos:  Unused.
   *
   * Returns @count on success, negative value otherwise.
   *
   * If domain transition was permitted but the domain transition failed, this
   * function returns error rather than terminating current thread with SIGKILL.
   */
  static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
  			      size_t count, loff_t *ppos)
  {
  	char *data;
  	int error;
  	if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10)
  		return -ENOMEM;
  	data = kzalloc(count + 1, GFP_NOFS);
  	if (!data)
  		return -ENOMEM;
  	if (copy_from_user(data, buf, count)) {
  		error = -EFAULT;
  		goto out;
  	}
  	tomoyo_normalize_line(data);
  	if (tomoyo_correct_domain(data)) {
  		const int idx = tomoyo_read_lock();
  		struct tomoyo_path_info name;
  		struct tomoyo_request_info r;
  		name.name = data;
  		tomoyo_fill_path_info(&name);
  		/* Check "task manual_domain_transition" permission. */
  		tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
  		r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL;
  		r.param.task.domainname = &name;
  		tomoyo_check_acl(&r, tomoyo_check_task_acl);
  		if (!r.granted)
  			error = -EPERM;
  		else {
  			struct tomoyo_domain_info *new_domain =
  				tomoyo_assign_domain(data, true);
  			if (!new_domain) {
  				error = -ENOENT;
  			} else {
  				struct cred *cred = prepare_creds();
  				if (!cred) {
  					error = -ENOMEM;
  				} else {
  					struct tomoyo_domain_info *old_domain =
  						cred->security;
  					cred->security = new_domain;
  					atomic_inc(&new_domain->users);
  					atomic_dec(&old_domain->users);
  					commit_creds(cred);
  					error = 0;
  				}
  			}
  		}
  		tomoyo_read_unlock(idx);
  	} else
  		error = -EINVAL;
  out:
  	kfree(data);
  	return error ? error : count;
  }
  
  /**
   * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface.
   *
   * @file:  Pointer to "struct file".
   * @buf:   Domainname which current thread belongs to.
   * @count: Size of @buf.
   * @ppos:  Bytes read by now.
   *
   * Returns read size on success, negative value otherwise.
   */
  static ssize_t tomoyo_read_self(struct file *file, char __user *buf,
  				size_t count, loff_t *ppos)
  {
  	const char *domain = tomoyo_domain()->domainname->name;
  	loff_t len = strlen(domain);
  	loff_t pos = *ppos;
  	if (pos >= len || !count)
  		return 0;
  	len -= pos;
  	if (count < len)
  		len = count;
  	if (copy_to_user(buf, domain + pos, len))
  		return -EFAULT;
  	*ppos += len;
  	return len;
  }
  
  /* Operations for /sys/kernel/security/tomoyo/self_domain interface. */
  static const struct file_operations tomoyo_self_operations = {
  	.write = tomoyo_write_self,
  	.read  = tomoyo_read_self,
  };
  
  /**

   * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
   *
   * @inode: Pointer to "struct inode".
   * @file:  Pointer to "struct file".
   *
   * Returns 0 on success, negative value otherwise.
   */
  static int tomoyo_open(struct inode *inode, struct file *file)
  {
  	const int key = ((u8 *) file->f_path.dentry->d_inode->i_private)
  		- ((u8 *) NULL);
  	return tomoyo_open_control(key, file);
  }
  
  /**
   * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
   *
   * @inode: Pointer to "struct inode".
   * @file:  Pointer to "struct file".
   *
   * Returns 0 on success, negative value otherwise.
   */
  static int tomoyo_release(struct inode *inode, struct file *file)
  {

  	return tomoyo_close_control(file->private_data);

  }
  
  /**

   * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.

   *
   * @file: Pointer to "struct file".
   * @wait: Pointer to "poll_table".
   *
   * Returns 0 on success, negative value otherwise.
   */
  static unsigned int tomoyo_poll(struct file *file, poll_table *wait)
  {
  	return tomoyo_poll_control(file, wait);
  }
  
  /**

   * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
   *
   * @file:  Pointer to "struct file".
   * @buf:   Pointer to buffer.
   * @count: Size of @buf.
   * @ppos:  Unused.
   *
   * Returns bytes read on success, negative value otherwise.
   */
  static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
  			   loff_t *ppos)
  {

  	return tomoyo_read_control(file->private_data, buf, count);

  }
  
  /**
   * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
   *
   * @file:  Pointer to "struct file".
   * @buf:   Pointer to buffer.
   * @count: Size of @buf.
   * @ppos:  Unused.
   *
   * Returns @count on success, negative value otherwise.
   */
  static ssize_t tomoyo_write(struct file *file, const char __user *buf,
  			    size_t count, loff_t *ppos)
  {

  	return tomoyo_write_control(file->private_data, buf, count);

  }
  
  /*
   * tomoyo_operations is a "struct file_operations" which is used for handling
   * /sys/kernel/security/tomoyo/ interface.
   *
   * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
   * See tomoyo_io_buffer for internals.
   */
  static const struct file_operations tomoyo_operations = {
  	.open    = tomoyo_open,
  	.release = tomoyo_release,

  	.poll    = tomoyo_poll,

  	.read    = tomoyo_read,
  	.write   = tomoyo_write,

  	.llseek  = noop_llseek,

  };
  
  /**
   * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
   *
   * @name:   The name of the interface file.
   * @mode:   The permission of the interface file.
   * @parent: The parent directory.
   * @key:    Type of interface.
   *
   * Returns nothing.
   */

  static void __init tomoyo_create_entry(const char *name, const umode_t mode,

  				       struct dentry *parent, const u8 key)
  {
  	securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
  			       &tomoyo_operations);
  }
  
  /**
   * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
   *
   * Returns 0.
   */
  static int __init tomoyo_initerface_init(void)
  {
  	struct dentry *tomoyo_dir;
  
  	/* Don't create securityfs entries unless registered. */
  	if (current_cred()->security != &tomoyo_kernel_domain)
  		return 0;
  
  	tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
  	tomoyo_create_entry("query",            0600, tomoyo_dir,
  			    TOMOYO_QUERY);
  	tomoyo_create_entry("domain_policy",    0600, tomoyo_dir,
  			    TOMOYO_DOMAINPOLICY);
  	tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
  			    TOMOYO_EXCEPTIONPOLICY);

  	tomoyo_create_entry("audit",            0400, tomoyo_dir,
  			    TOMOYO_AUDIT);

  	tomoyo_create_entry(".process_status",  0600, tomoyo_dir,
  			    TOMOYO_PROCESS_STATUS);

  	tomoyo_create_entry("stat",             0644, tomoyo_dir,
  			    TOMOYO_STAT);

  	tomoyo_create_entry("profile",          0600, tomoyo_dir,
  			    TOMOYO_PROFILE);
  	tomoyo_create_entry("manager",          0600, tomoyo_dir,
  			    TOMOYO_MANAGER);
  	tomoyo_create_entry("version",          0400, tomoyo_dir,
  			    TOMOYO_VERSION);

  	securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL,
  			       &tomoyo_self_operations);

  	tomoyo_load_builtin_policy();

  	return 0;
  }
  
  fs_initcall(tomoyo_initerface_init);