Blame view
security/tomoyo/common.h
40.1 KB
9590837b8 Common functions ... |
1 2 3 |
/* * security/tomoyo/common.h * |
76bb0895d TOMOYO: Merge hea... |
4 |
* Header file for TOMOYO. |
9590837b8 Common functions ... |
5 |
* |
843d183cd TOMOYO: Bump vers... |
6 |
* Copyright (C) 2005-2011 NTT DATA CORPORATION |
9590837b8 Common functions ... |
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
*/ #ifndef _SECURITY_TOMOYO_COMMON_H #define _SECURITY_TOMOYO_COMMON_H #include <linux/ctype.h> #include <linux/string.h> #include <linux/mm.h> #include <linux/file.h> #include <linux/kmod.h> #include <linux/fs.h> #include <linux/sched.h> #include <linux/namei.h> #include <linux/mount.h> #include <linux/list.h> |
76bb0895d TOMOYO: Merge hea... |
22 |
#include <linux/cred.h> |
17fcfbd9d TOMOYO: Add inter... |
23 |
#include <linux/poll.h> |
2066a3612 TOMOYO: Allow usi... |
24 25 |
#include <linux/binfmts.h> #include <linux/highmem.h> |
059d84dbb TOMOYO: Add socke... |
26 27 28 29 30 31 32 33 34 35 |
#include <linux/net.h> #include <linux/inet.h> #include <linux/in.h> #include <linux/in6.h> #include <linux/un.h> #include <net/sock.h> #include <net/af_unix.h> #include <net/ip.h> #include <net/ipv6.h> #include <net/udp.h> |
76bb0895d TOMOYO: Merge hea... |
36 37 38 39 40 41 42 43 44 45 |
/********** Constants definitions. **********/ /* * TOMOYO uses this hash only when appending a string into the string * table. Frequency of appending strings is very low. So we don't need * large (e.g. 64k) hash size. 256 will be sufficient. */ #define TOMOYO_HASH_BITS 8 #define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS) |
059d84dbb TOMOYO: Add socke... |
46 47 48 49 50 |
/* * TOMOYO checks only SOCK_STREAM, SOCK_DGRAM, SOCK_RAW, SOCK_SEQPACKET. * Therefore, we don't need SOCK_MAX. */ #define TOMOYO_SOCK_MAX 6 |
c8c57e842 TOMOYO: Support l... |
51 |
#define TOMOYO_EXEC_TMPSIZE 4096 |
76bb0895d TOMOYO: Merge hea... |
52 |
|
f9732ea14 TOMOYO: Simplify ... |
53 54 |
/* Garbage collector is trying to kfree() this element. */ #define TOMOYO_GC_IN_PROGRESS -1 |
76bb0895d TOMOYO: Merge hea... |
55 56 |
/* Profile number is an integer between 0 and 255. */ #define TOMOYO_MAX_PROFILES 256 |
32997144f TOMOYO: Add ACL g... |
57 58 |
/* Group number is an integer between 0 and 255. */ #define TOMOYO_MAX_ACL_GROUPS 256 |
2066a3612 TOMOYO: Allow usi... |
59 60 61 62 63 64 65 66 67 68 69 70 |
/* Index numbers for "struct tomoyo_condition". */ enum tomoyo_conditions_index { TOMOYO_TASK_UID, /* current_uid() */ TOMOYO_TASK_EUID, /* current_euid() */ TOMOYO_TASK_SUID, /* current_suid() */ TOMOYO_TASK_FSUID, /* current_fsuid() */ TOMOYO_TASK_GID, /* current_gid() */ TOMOYO_TASK_EGID, /* current_egid() */ TOMOYO_TASK_SGID, /* current_sgid() */ TOMOYO_TASK_FSGID, /* current_fsgid() */ TOMOYO_TASK_PID, /* sys_getpid() */ TOMOYO_TASK_PPID, /* sys_getppid() */ |
5b636857f TOMOYO: Allow usi... |
71 72 |
TOMOYO_EXEC_ARGC, /* "struct linux_binprm *"->argc */ TOMOYO_EXEC_ENVC, /* "struct linux_binprm *"->envc */ |
8761afd49 TOMOYO: Allow usi... |
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 |
TOMOYO_TYPE_IS_SOCKET, /* S_IFSOCK */ TOMOYO_TYPE_IS_SYMLINK, /* S_IFLNK */ TOMOYO_TYPE_IS_FILE, /* S_IFREG */ TOMOYO_TYPE_IS_BLOCK_DEV, /* S_IFBLK */ TOMOYO_TYPE_IS_DIRECTORY, /* S_IFDIR */ TOMOYO_TYPE_IS_CHAR_DEV, /* S_IFCHR */ TOMOYO_TYPE_IS_FIFO, /* S_IFIFO */ TOMOYO_MODE_SETUID, /* S_ISUID */ TOMOYO_MODE_SETGID, /* S_ISGID */ TOMOYO_MODE_STICKY, /* S_ISVTX */ TOMOYO_MODE_OWNER_READ, /* S_IRUSR */ TOMOYO_MODE_OWNER_WRITE, /* S_IWUSR */ TOMOYO_MODE_OWNER_EXECUTE, /* S_IXUSR */ TOMOYO_MODE_GROUP_READ, /* S_IRGRP */ TOMOYO_MODE_GROUP_WRITE, /* S_IWGRP */ TOMOYO_MODE_GROUP_EXECUTE, /* S_IXGRP */ TOMOYO_MODE_OTHERS_READ, /* S_IROTH */ TOMOYO_MODE_OTHERS_WRITE, /* S_IWOTH */ TOMOYO_MODE_OTHERS_EXECUTE, /* S_IXOTH */ |
2ca9bf453 TOMOYO: Allow usi... |
92 93 |
TOMOYO_EXEC_REALPATH, TOMOYO_SYMLINK_TARGET, |
8761afd49 TOMOYO: Allow usi... |
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
TOMOYO_PATH1_UID, TOMOYO_PATH1_GID, TOMOYO_PATH1_INO, TOMOYO_PATH1_MAJOR, TOMOYO_PATH1_MINOR, TOMOYO_PATH1_PERM, TOMOYO_PATH1_TYPE, TOMOYO_PATH1_DEV_MAJOR, TOMOYO_PATH1_DEV_MINOR, TOMOYO_PATH2_UID, TOMOYO_PATH2_GID, TOMOYO_PATH2_INO, TOMOYO_PATH2_MAJOR, TOMOYO_PATH2_MINOR, TOMOYO_PATH2_PERM, TOMOYO_PATH2_TYPE, TOMOYO_PATH2_DEV_MAJOR, TOMOYO_PATH2_DEV_MINOR, TOMOYO_PATH1_PARENT_UID, TOMOYO_PATH1_PARENT_GID, TOMOYO_PATH1_PARENT_INO, TOMOYO_PATH1_PARENT_PERM, TOMOYO_PATH2_PARENT_UID, TOMOYO_PATH2_PARENT_GID, TOMOYO_PATH2_PARENT_INO, TOMOYO_PATH2_PARENT_PERM, |
2066a3612 TOMOYO: Allow usi... |
120 121 |
TOMOYO_MAX_CONDITION_KEYWORD, TOMOYO_NUMBER_UNION, |
2ca9bf453 TOMOYO: Allow usi... |
122 |
TOMOYO_NAME_UNION, |
5b636857f TOMOYO: Allow usi... |
123 124 |
TOMOYO_ARGV_ENTRY, TOMOYO_ENVP_ENTRY, |
2066a3612 TOMOYO: Allow usi... |
125 |
}; |
8761afd49 TOMOYO: Allow usi... |
126 127 128 129 130 131 132 133 134 135 |
/* Index numbers for stat(). */ enum tomoyo_path_stat_index { /* Do not change this order. */ TOMOYO_PATH1, TOMOYO_PATH1_PARENT, TOMOYO_PATH2, TOMOYO_PATH2_PARENT, TOMOYO_MAX_PATH_STAT }; |
b5bc60b4c TOMOYO: Cleanup p... |
136 |
/* Index numbers for operation mode. */ |
cb0abe6a5 TOMOYO: Use struc... |
137 138 139 140 |
enum tomoyo_mode_index { TOMOYO_CONFIG_DISABLED, TOMOYO_CONFIG_LEARNING, TOMOYO_CONFIG_PERMISSIVE, |
57c2590fb TOMOYO: Update pr... |
141 |
TOMOYO_CONFIG_ENFORCING, |
eadd99cc8 TOMOYO: Add audit... |
142 143 144 145 |
TOMOYO_CONFIG_MAX_MODE, TOMOYO_CONFIG_WANT_REJECT_LOG = 64, TOMOYO_CONFIG_WANT_GRANT_LOG = 128, TOMOYO_CONFIG_USE_DEFAULT = 255, |
cb0abe6a5 TOMOYO: Use struc... |
146 |
}; |
b5bc60b4c TOMOYO: Cleanup p... |
147 |
/* Index numbers for entry type. */ |
a230f9e71 TOMOYO: Use array... |
148 149 |
enum tomoyo_policy_id { TOMOYO_ID_GROUP, |
059d84dbb TOMOYO: Add socke... |
150 |
TOMOYO_ID_ADDRESS_GROUP, |
a230f9e71 TOMOYO: Use array... |
151 152 |
TOMOYO_ID_PATH_GROUP, TOMOYO_ID_NUMBER_GROUP, |
5448ec4f5 TOMOYO: Use commo... |
153 |
TOMOYO_ID_TRANSITION_CONTROL, |
a230f9e71 TOMOYO: Use array... |
154 |
TOMOYO_ID_AGGREGATOR, |
a230f9e71 TOMOYO: Use array... |
155 |
TOMOYO_ID_MANAGER, |
2066a3612 TOMOYO: Allow usi... |
156 |
TOMOYO_ID_CONDITION, |
a230f9e71 TOMOYO: Use array... |
157 158 159 160 161 |
TOMOYO_ID_NAME, TOMOYO_ID_ACL, TOMOYO_ID_DOMAIN, TOMOYO_MAX_POLICY }; |
2c47ab935 TOMOYO: Cleanup p... |
162 163 164 165 166 167 168 169 170 171 172 173 174 |
/* Index numbers for domain's attributes. */ enum tomoyo_domain_info_flags_index { /* Quota warnning flag. */ TOMOYO_DIF_QUOTA_WARNED, /* * This domain was unable to create a new domain at * tomoyo_find_next_domain() because the name of the domain to be * created was too long or it could not allocate memory. * More than one process continued execve() without domain transition. */ TOMOYO_DIF_TRANSITION_FAILED, TOMOYO_MAX_DOMAIN_INFO_FLAGS }; |
1f067a682 TOMOYO: Allow con... |
175 176 177 178 179 180 181 182 183 |
/* Index numbers for audit type. */ enum tomoyo_grant_log { /* Follow profile's configuration. */ TOMOYO_GRANTLOG_AUTO, /* Do not generate grant log. */ TOMOYO_GRANTLOG_NO, /* Generate grant_log. */ TOMOYO_GRANTLOG_YES, }; |
b5bc60b4c TOMOYO: Cleanup p... |
184 |
/* Index numbers for group entries. */ |
a230f9e71 TOMOYO: Use array... |
185 186 187 |
enum tomoyo_group_id { TOMOYO_PATH_GROUP, TOMOYO_NUMBER_GROUP, |
059d84dbb TOMOYO: Add socke... |
188 |
TOMOYO_ADDRESS_GROUP, |
a230f9e71 TOMOYO: Use array... |
189 190 |
TOMOYO_MAX_GROUP }; |
b5bc60b4c TOMOYO: Cleanup p... |
191 192 193 194 195 196 197 |
/* Index numbers for type of numeric values. */ enum tomoyo_value_type { TOMOYO_VALUE_TYPE_INVALID, TOMOYO_VALUE_TYPE_DECIMAL, TOMOYO_VALUE_TYPE_OCTAL, TOMOYO_VALUE_TYPE_HEXADECIMAL, }; |
4c3e9e2de TOMOYO: Add numer... |
198 |
|
b5bc60b4c TOMOYO: Cleanup p... |
199 |
/* Index numbers for domain transition control keywords. */ |
5448ec4f5 TOMOYO: Use commo... |
200 201 |
enum tomoyo_transition_type { /* Do not change this order, */ |
bd03a3e4c TOMOYO: Add polic... |
202 203 |
TOMOYO_TRANSITION_CONTROL_NO_RESET, TOMOYO_TRANSITION_CONTROL_RESET, |
5448ec4f5 TOMOYO: Use commo... |
204 205 206 207 208 209 |
TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE, TOMOYO_TRANSITION_CONTROL_INITIALIZE, TOMOYO_TRANSITION_CONTROL_NO_KEEP, TOMOYO_TRANSITION_CONTROL_KEEP, TOMOYO_MAX_TRANSITION_TYPE }; |
76bb0895d TOMOYO: Merge hea... |
210 |
/* Index numbers for Access Controls. */ |
084da356f TOMOYO: Use enum ... |
211 |
enum tomoyo_acl_entry_type_index { |
7ef612331 TOMOYO: Use short... |
212 213 |
TOMOYO_TYPE_PATH_ACL, TOMOYO_TYPE_PATH2_ACL, |
a1f9bb6a3 TOMOYO: Split fil... |
214 |
TOMOYO_TYPE_PATH_NUMBER_ACL, |
75093152a TOMOYO: Rename sy... |
215 |
TOMOYO_TYPE_MKDEV_ACL, |
2106ccd97 TOMOYO: Add mount... |
216 |
TOMOYO_TYPE_MOUNT_ACL, |
059d84dbb TOMOYO: Add socke... |
217 218 |
TOMOYO_TYPE_INET_ACL, TOMOYO_TYPE_UNIX_ACL, |
d58e0da85 TOMOYO: Add envir... |
219 |
TOMOYO_TYPE_ENV_ACL, |
731d37aa7 TOMOYO: Allow dom... |
220 |
TOMOYO_TYPE_MANUAL_TASK_ACL, |
084da356f TOMOYO: Use enum ... |
221 |
}; |
76bb0895d TOMOYO: Merge hea... |
222 |
|
b5bc60b4c TOMOYO: Cleanup p... |
223 |
/* Index numbers for access controls with one pathname. */ |
084da356f TOMOYO: Use enum ... |
224 |
enum tomoyo_path_acl_index { |
7ef612331 TOMOYO: Use short... |
225 226 227 |
TOMOYO_TYPE_EXECUTE, TOMOYO_TYPE_READ, TOMOYO_TYPE_WRITE, |
7c75964f4 TOMOYO: Cleanup p... |
228 |
TOMOYO_TYPE_APPEND, |
7ef612331 TOMOYO: Use short... |
229 |
TOMOYO_TYPE_UNLINK, |
7c75964f4 TOMOYO: Cleanup p... |
230 |
TOMOYO_TYPE_GETATTR, |
7ef612331 TOMOYO: Use short... |
231 |
TOMOYO_TYPE_RMDIR, |
7ef612331 TOMOYO: Use short... |
232 233 |
TOMOYO_TYPE_TRUNCATE, TOMOYO_TYPE_SYMLINK, |
7ef612331 TOMOYO: Use short... |
234 |
TOMOYO_TYPE_CHROOT, |
7ef612331 TOMOYO: Use short... |
235 236 |
TOMOYO_TYPE_UMOUNT, TOMOYO_MAX_PATH_OPERATION |
084da356f TOMOYO: Use enum ... |
237 |
}; |
b22b8b9fd TOMOYO: Rename me... |
238 |
/* Index numbers for /sys/kernel/security/tomoyo/stat interface. */ |
eadd99cc8 TOMOYO: Add audit... |
239 240 241 242 243 244 |
enum tomoyo_memory_stat_type { TOMOYO_MEMORY_POLICY, TOMOYO_MEMORY_AUDIT, TOMOYO_MEMORY_QUERY, TOMOYO_MAX_MEMORY_STAT }; |
75093152a TOMOYO: Rename sy... |
245 |
enum tomoyo_mkdev_acl_index { |
a1f9bb6a3 TOMOYO: Split fil... |
246 247 |
TOMOYO_TYPE_MKBLOCK, TOMOYO_TYPE_MKCHAR, |
75093152a TOMOYO: Rename sy... |
248 |
TOMOYO_MAX_MKDEV_OPERATION |
a1f9bb6a3 TOMOYO: Split fil... |
249 |
}; |
059d84dbb TOMOYO: Add socke... |
250 251 252 253 254 255 256 257 |
/* Index numbers for socket operations. */ enum tomoyo_network_acl_index { TOMOYO_NETWORK_BIND, /* bind() operation. */ TOMOYO_NETWORK_LISTEN, /* listen() operation. */ TOMOYO_NETWORK_CONNECT, /* connect() operation. */ TOMOYO_NETWORK_SEND, /* send() operation. */ TOMOYO_MAX_NETWORK_OPERATION }; |
b5bc60b4c TOMOYO: Cleanup p... |
258 |
/* Index numbers for access controls with two pathnames. */ |
084da356f TOMOYO: Use enum ... |
259 |
enum tomoyo_path2_acl_index { |
7ef612331 TOMOYO: Use short... |
260 261 262 263 |
TOMOYO_TYPE_LINK, TOMOYO_TYPE_RENAME, TOMOYO_TYPE_PIVOT_ROOT, TOMOYO_MAX_PATH2_OPERATION |
084da356f TOMOYO: Use enum ... |
264 |
}; |
b5bc60b4c TOMOYO: Cleanup p... |
265 |
/* Index numbers for access controls with one pathname and one number. */ |
a1f9bb6a3 TOMOYO: Split fil... |
266 267 268 269 270 271 272 273 274 275 276 |
enum tomoyo_path_number_acl_index { TOMOYO_TYPE_CREATE, TOMOYO_TYPE_MKDIR, TOMOYO_TYPE_MKFIFO, TOMOYO_TYPE_MKSOCK, TOMOYO_TYPE_IOCTL, TOMOYO_TYPE_CHMOD, TOMOYO_TYPE_CHOWN, TOMOYO_TYPE_CHGRP, TOMOYO_MAX_PATH_NUMBER_OPERATION }; |
b5bc60b4c TOMOYO: Cleanup p... |
277 |
/* Index numbers for /sys/kernel/security/tomoyo/ interfaces. */ |
084da356f TOMOYO: Use enum ... |
278 279 280 |
enum tomoyo_securityfs_interface_index { TOMOYO_DOMAINPOLICY, TOMOYO_EXCEPTIONPOLICY, |
084da356f TOMOYO: Use enum ... |
281 |
TOMOYO_PROCESS_STATUS, |
b22b8b9fd TOMOYO: Rename me... |
282 |
TOMOYO_STAT, |
eadd99cc8 TOMOYO: Add audit... |
283 |
TOMOYO_AUDIT, |
084da356f TOMOYO: Use enum ... |
284 285 |
TOMOYO_VERSION, TOMOYO_PROFILE, |
17fcfbd9d TOMOYO: Add inter... |
286 |
TOMOYO_QUERY, |
084da356f TOMOYO: Use enum ... |
287 288 |
TOMOYO_MANAGER }; |
9590837b8 Common functions ... |
289 |
|
b5bc60b4c TOMOYO: Cleanup p... |
290 291 292 293 294 295 296 297 298 299 300 301 302 |
/* Index numbers for special mount operations. */ enum tomoyo_special_mount { TOMOYO_MOUNT_BIND, /* mount --bind /source /dest */ TOMOYO_MOUNT_MOVE, /* mount --move /old /new */ TOMOYO_MOUNT_REMOUNT, /* mount -o remount /dir */ TOMOYO_MOUNT_MAKE_UNBINDABLE, /* mount --make-unbindable /dir */ TOMOYO_MOUNT_MAKE_PRIVATE, /* mount --make-private /dir */ TOMOYO_MOUNT_MAKE_SLAVE, /* mount --make-slave /dir */ TOMOYO_MOUNT_MAKE_SHARED, /* mount --make-shared /dir */ TOMOYO_MAX_SPECIAL_MOUNT }; /* Index numbers for functionality. */ |
57c2590fb TOMOYO: Update pr... |
303 304 305 306 307 |
enum tomoyo_mac_index { TOMOYO_MAC_FILE_EXECUTE, TOMOYO_MAC_FILE_OPEN, TOMOYO_MAC_FILE_CREATE, TOMOYO_MAC_FILE_UNLINK, |
7c75964f4 TOMOYO: Cleanup p... |
308 |
TOMOYO_MAC_FILE_GETATTR, |
57c2590fb TOMOYO: Update pr... |
309 310 311 312 313 314 |
TOMOYO_MAC_FILE_MKDIR, TOMOYO_MAC_FILE_RMDIR, TOMOYO_MAC_FILE_MKFIFO, TOMOYO_MAC_FILE_MKSOCK, TOMOYO_MAC_FILE_TRUNCATE, TOMOYO_MAC_FILE_SYMLINK, |
57c2590fb TOMOYO: Update pr... |
315 316 317 318 319 320 321 322 323 324 325 326 |
TOMOYO_MAC_FILE_MKBLOCK, TOMOYO_MAC_FILE_MKCHAR, TOMOYO_MAC_FILE_LINK, TOMOYO_MAC_FILE_RENAME, TOMOYO_MAC_FILE_CHMOD, TOMOYO_MAC_FILE_CHOWN, TOMOYO_MAC_FILE_CHGRP, TOMOYO_MAC_FILE_IOCTL, TOMOYO_MAC_FILE_CHROOT, TOMOYO_MAC_FILE_MOUNT, TOMOYO_MAC_FILE_UMOUNT, TOMOYO_MAC_FILE_PIVOT_ROOT, |
059d84dbb TOMOYO: Add socke... |
327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 |
TOMOYO_MAC_NETWORK_INET_STREAM_BIND, TOMOYO_MAC_NETWORK_INET_STREAM_LISTEN, TOMOYO_MAC_NETWORK_INET_STREAM_CONNECT, TOMOYO_MAC_NETWORK_INET_DGRAM_BIND, TOMOYO_MAC_NETWORK_INET_DGRAM_SEND, TOMOYO_MAC_NETWORK_INET_RAW_BIND, TOMOYO_MAC_NETWORK_INET_RAW_SEND, TOMOYO_MAC_NETWORK_UNIX_STREAM_BIND, TOMOYO_MAC_NETWORK_UNIX_STREAM_LISTEN, TOMOYO_MAC_NETWORK_UNIX_STREAM_CONNECT, TOMOYO_MAC_NETWORK_UNIX_DGRAM_BIND, TOMOYO_MAC_NETWORK_UNIX_DGRAM_SEND, TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_BIND, TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_LISTEN, TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_CONNECT, |
d58e0da85 TOMOYO: Add envir... |
342 |
TOMOYO_MAC_ENVIRON, |
57c2590fb TOMOYO: Update pr... |
343 344 |
TOMOYO_MAX_MAC_INDEX }; |
b5bc60b4c TOMOYO: Cleanup p... |
345 |
/* Index numbers for category of functionality. */ |
57c2590fb TOMOYO: Update pr... |
346 347 |
enum tomoyo_mac_category_index { TOMOYO_MAC_CATEGORY_FILE, |
059d84dbb TOMOYO: Add socke... |
348 |
TOMOYO_MAC_CATEGORY_NETWORK, |
d58e0da85 TOMOYO: Add envir... |
349 |
TOMOYO_MAC_CATEGORY_MISC, |
57c2590fb TOMOYO: Update pr... |
350 351 |
TOMOYO_MAX_MAC_CATEGORY_INDEX }; |
c3fa109a5 TOMOYO: Add descr... |
352 |
/* |
b5bc60b4c TOMOYO: Cleanup p... |
353 354 |
* Retry this request. Returned by tomoyo_supervisor() if policy violation has * occurred in enforcing mode and the userspace daemon decided to retry. |
82e0f001a TOMOYO: Use commo... |
355 |
* |
b5bc60b4c TOMOYO: Cleanup p... |
356 357 |
* We must choose a positive value in order to distinguish "granted" (which is * 0) and "rejected" (which is a negative value) and "retry". |
82e0f001a TOMOYO: Use commo... |
358 |
*/ |
b5bc60b4c TOMOYO: Cleanup p... |
359 |
#define TOMOYO_RETRY_REQUEST 1 |
b22b8b9fd TOMOYO: Rename me... |
360 361 362 363 364 365 366 367 368 |
/* Index numbers for /sys/kernel/security/tomoyo/stat interface. */ enum tomoyo_policy_stat_type { /* Do not change this order. */ TOMOYO_STAT_POLICY_UPDATES, TOMOYO_STAT_POLICY_LEARNING, /* == TOMOYO_CONFIG_LEARNING */ TOMOYO_STAT_POLICY_PERMISSIVE, /* == TOMOYO_CONFIG_PERMISSIVE */ TOMOYO_STAT_POLICY_ENFORCING, /* == TOMOYO_CONFIG_ENFORCING */ TOMOYO_MAX_POLICY_STAT }; |
d5ca1725a TOMOYO: Simplify ... |
369 370 |
/* Index numbers for profile's PREFERENCE values. */ enum tomoyo_pref_index { |
eadd99cc8 TOMOYO: Add audit... |
371 |
TOMOYO_PREF_MAX_AUDIT_LOG, |
d5ca1725a TOMOYO: Simplify ... |
372 373 374 |
TOMOYO_PREF_MAX_LEARNING_ENTRY, TOMOYO_MAX_PREF }; |
b5bc60b4c TOMOYO: Cleanup p... |
375 376 377 |
/********** Structure definitions. **********/ /* Common header for holding ACL entries. */ |
82e0f001a TOMOYO: Use commo... |
378 379 |
struct tomoyo_acl_head { struct list_head list; |
f9732ea14 TOMOYO: Simplify ... |
380 |
s8 is_deleted; /* true or false or TOMOYO_GC_IN_PROGRESS */ |
82e0f001a TOMOYO: Use commo... |
381 |
} __packed; |
0df7e8b8f TOMOYO: Cleanup p... |
382 383 384 385 386 |
/* Common header for shared entries. */ struct tomoyo_shared_acl_head { struct list_head list; atomic_t users; } __packed; |
bd03a3e4c TOMOYO: Add polic... |
387 |
struct tomoyo_policy_namespace; |
b5bc60b4c TOMOYO: Cleanup p... |
388 |
/* Structure for request info. */ |
cb0abe6a5 TOMOYO: Use struc... |
389 |
struct tomoyo_request_info { |
8761afd49 TOMOYO: Allow usi... |
390 391 392 393 394 |
/* * For holding parameters specific to operations which deal files. * NULL if not dealing files. */ struct tomoyo_obj_info *obj; |
2ca9bf453 TOMOYO: Allow usi... |
395 396 397 398 399 |
/* * For holding parameters specific to execve() request. * NULL if not dealing do_execve(). */ struct tomoyo_execve *ee; |
cb0abe6a5 TOMOYO: Use struc... |
400 |
struct tomoyo_domain_info *domain; |
cf6e9a646 TOMOYO: Pass para... |
401 402 403 404 |
/* For holding parameters. */ union { struct { const struct tomoyo_path_info *filename; |
484ca79c6 TOMOYO: Use pathn... |
405 406 |
/* For using wildcards at tomoyo_find_next_domain(). */ const struct tomoyo_path_info *matched_path; |
b5bc60b4c TOMOYO: Cleanup p... |
407 |
/* One of values in "enum tomoyo_path_acl_index". */ |
cf6e9a646 TOMOYO: Pass para... |
408 409 410 411 412 |
u8 operation; } path; struct { const struct tomoyo_path_info *filename1; const struct tomoyo_path_info *filename2; |
b5bc60b4c TOMOYO: Cleanup p... |
413 |
/* One of values in "enum tomoyo_path2_acl_index". */ |
cf6e9a646 TOMOYO: Pass para... |
414 415 416 417 418 419 420 |
u8 operation; } path2; struct { const struct tomoyo_path_info *filename; unsigned int mode; unsigned int major; unsigned int minor; |
b5bc60b4c TOMOYO: Cleanup p... |
421 |
/* One of values in "enum tomoyo_mkdev_acl_index". */ |
cf6e9a646 TOMOYO: Pass para... |
422 423 424 425 426 |
u8 operation; } mkdev; struct { const struct tomoyo_path_info *filename; unsigned long number; |
b5bc60b4c TOMOYO: Cleanup p... |
427 428 429 430 |
/* * One of values in * "enum tomoyo_path_number_acl_index". */ |
cf6e9a646 TOMOYO: Pass para... |
431 432 433 |
u8 operation; } path_number; struct { |
d58e0da85 TOMOYO: Add envir... |
434 435 436 |
const struct tomoyo_path_info *name; } environ; struct { |
059d84dbb TOMOYO: Add socke... |
437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 |
const __be32 *address; u16 port; /* One of values smaller than TOMOYO_SOCK_MAX. */ u8 protocol; /* One of values in "enum tomoyo_network_acl_index". */ u8 operation; bool is_ipv6; } inet_network; struct { const struct tomoyo_path_info *address; /* One of values smaller than TOMOYO_SOCK_MAX. */ u8 protocol; /* One of values in "enum tomoyo_network_acl_index". */ u8 operation; } unix_network; struct { |
cf6e9a646 TOMOYO: Pass para... |
453 454 455 456 457 458 |
const struct tomoyo_path_info *type; const struct tomoyo_path_info *dir; const struct tomoyo_path_info *dev; unsigned long flags; int need_dev; } mount; |
731d37aa7 TOMOYO: Allow dom... |
459 460 461 |
struct { const struct tomoyo_path_info *domainname; } task; |
cf6e9a646 TOMOYO: Pass para... |
462 |
} param; |
1f067a682 TOMOYO: Allow con... |
463 |
struct tomoyo_acl_info *matched_acl; |
cf6e9a646 TOMOYO: Pass para... |
464 465 |
u8 param_type; bool granted; |
17fcfbd9d TOMOYO: Add inter... |
466 467 |
u8 retry; u8 profile; |
cb0abe6a5 TOMOYO: Use struc... |
468 |
u8 mode; /* One of tomoyo_mode_index . */ |
57c2590fb TOMOYO: Update pr... |
469 |
u8 type; |
cb0abe6a5 TOMOYO: Use struc... |
470 |
}; |
b5bc60b4c TOMOYO: Cleanup p... |
471 |
/* Structure for holding a token. */ |
9590837b8 Common functions ... |
472 473 474 |
struct tomoyo_path_info { const char *name; u32 hash; /* = full_name_hash(name, strlen(name)) */ |
9590837b8 Common functions ... |
475 476 477 |
u16 const_len; /* = tomoyo_const_part_length(name) */ bool is_dir; /* = tomoyo_strendswith(name, "/") */ bool is_patterned; /* = tomoyo_path_contains_pattern(name) */ |
9590837b8 Common functions ... |
478 |
}; |
b5bc60b4c TOMOYO: Cleanup p... |
479 |
/* Structure for holding string data. */ |
e2bf69077 TOMOYO: Rename sy... |
480 |
struct tomoyo_name { |
0df7e8b8f TOMOYO: Cleanup p... |
481 |
struct tomoyo_shared_acl_head head; |
76bb0895d TOMOYO: Merge hea... |
482 483 |
struct tomoyo_path_info entry; }; |
9590837b8 Common functions ... |
484 |
|
b5bc60b4c TOMOYO: Cleanup p... |
485 |
/* Structure for holding a word. */ |
7762fbfff TOMOYO: Add pathn... |
486 |
struct tomoyo_name_union { |
b5bc60b4c TOMOYO: Cleanup p... |
487 |
/* Either @filename or @group is NULL. */ |
7762fbfff TOMOYO: Add pathn... |
488 |
const struct tomoyo_path_info *filename; |
a98aa4deb TOMOYO: Merge tom... |
489 |
struct tomoyo_group *group; |
7762fbfff TOMOYO: Add pathn... |
490 |
}; |
b5bc60b4c TOMOYO: Cleanup p... |
491 |
/* Structure for holding a number. */ |
4c3e9e2de TOMOYO: Add numer... |
492 493 |
struct tomoyo_number_union { unsigned long values[2]; |
b5bc60b4c TOMOYO: Cleanup p... |
494 495 |
struct tomoyo_group *group; /* Maybe NULL. */ /* One of values in "enum tomoyo_value_type". */ |
0df7e8b8f TOMOYO: Cleanup p... |
496 |
u8 value_type[2]; |
4c3e9e2de TOMOYO: Add numer... |
497 |
}; |
059d84dbb TOMOYO: Add socke... |
498 499 500 501 502 503 504 505 |
/* Structure for holding an IP address. */ struct tomoyo_ipaddr_union { struct in6_addr ip[2]; /* Big endian. */ struct tomoyo_group *group; /* Pointer to address group. */ bool is_ipv6; /* Valid only if @group == NULL. */ }; /* Structure for "path_group"/"number_group"/"address_group" directive. */ |
a98aa4deb TOMOYO: Merge tom... |
506 |
struct tomoyo_group { |
0df7e8b8f TOMOYO: Cleanup p... |
507 |
struct tomoyo_shared_acl_head head; |
4c3e9e2de TOMOYO: Add numer... |
508 509 |
const struct tomoyo_path_info *group_name; struct list_head member_list; |
4c3e9e2de TOMOYO: Add numer... |
510 |
}; |
7762fbfff TOMOYO: Add pathn... |
511 |
/* Structure for "path_group" directive. */ |
a98aa4deb TOMOYO: Merge tom... |
512 |
struct tomoyo_path_group { |
82e0f001a TOMOYO: Use commo... |
513 |
struct tomoyo_acl_head head; |
7762fbfff TOMOYO: Add pathn... |
514 515 |
const struct tomoyo_path_info *member_name; }; |
4c3e9e2de TOMOYO: Add numer... |
516 |
/* Structure for "number_group" directive. */ |
a98aa4deb TOMOYO: Merge tom... |
517 |
struct tomoyo_number_group { |
82e0f001a TOMOYO: Use commo... |
518 |
struct tomoyo_acl_head head; |
4c3e9e2de TOMOYO: Add numer... |
519 520 |
struct tomoyo_number_union number; }; |
059d84dbb TOMOYO: Add socke... |
521 522 523 524 525 526 |
/* Structure for "address_group" directive. */ struct tomoyo_address_group { struct tomoyo_acl_head head; /* Structure for holding an IP address. */ struct tomoyo_ipaddr_union address; }; |
8761afd49 TOMOYO: Allow usi... |
527 528 |
/* Subset of "struct stat". Used by conditional ACL and audit logs. */ struct tomoyo_mini_stat { |
609fcd1b3 userns: Convert t... |
529 530 |
kuid_t uid; kgid_t gid; |
8761afd49 TOMOYO: Allow usi... |
531 |
ino_t ino; |
d179333f3 tomoyo_mini_stat:... |
532 |
umode_t mode; |
8761afd49 TOMOYO: Allow usi... |
533 534 535 |
dev_t dev; dev_t rdev; }; |
5b636857f TOMOYO: Allow usi... |
536 537 538 539 540 |
/* Structure for dumping argv[] and envp[] of "struct linux_binprm". */ struct tomoyo_page_dump { struct page *page; /* Previously dumped page. */ char *data; /* Contents of "page". Size is PAGE_SIZE. */ }; |
8761afd49 TOMOYO: Allow usi... |
541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 |
/* Structure for attribute checks in addition to pathname checks. */ struct tomoyo_obj_info { /* * True if tomoyo_get_attributes() was already called, false otherwise. */ bool validate_done; /* True if @stat[] is valid. */ bool stat_valid[TOMOYO_MAX_PATH_STAT]; /* First pathname. Initialized with { NULL, NULL } if no path. */ struct path path1; /* Second pathname. Initialized with { NULL, NULL } if no path. */ struct path path2; /* * Information on @path1, @path1's parent directory, @path2, @path2's * parent directory. */ struct tomoyo_mini_stat stat[TOMOYO_MAX_PATH_STAT]; |
2ca9bf453 TOMOYO: Allow usi... |
558 559 560 561 562 563 |
/* * Content of symbolic link to be created. NULL for operations other * than symlink(). */ struct tomoyo_path_info *symlink_target; }; |
5b636857f TOMOYO: Allow usi... |
564 565 566 567 568 569 570 571 572 573 574 575 576 |
/* Structure for argv[]. */ struct tomoyo_argv { unsigned long index; const struct tomoyo_path_info *value; bool is_not; }; /* Structure for envp[]. */ struct tomoyo_envp { const struct tomoyo_path_info *name; const struct tomoyo_path_info *value; bool is_not; }; |
2ca9bf453 TOMOYO: Allow usi... |
577 578 579 580 581 |
/* Structure for execve() operation. */ struct tomoyo_execve { struct tomoyo_request_info r; struct tomoyo_obj_info obj; struct linux_binprm *bprm; |
6bce98edc TOMOYO: Allow spe... |
582 |
const struct tomoyo_path_info *transition; |
5b636857f TOMOYO: Allow usi... |
583 584 |
/* For dumping argv[] and envp[]. */ struct tomoyo_page_dump dump; |
2ca9bf453 TOMOYO: Allow usi... |
585 586 |
/* For temporary use. */ char *tmp; /* Size is TOMOYO_EXEC_TMPSIZE bytes */ |
8761afd49 TOMOYO: Allow usi... |
587 |
}; |
2066a3612 TOMOYO: Allow usi... |
588 589 |
/* Structure for entries which follows "struct tomoyo_condition". */ struct tomoyo_condition_element { |
5b636857f TOMOYO: Allow usi... |
590 591 592 593 594 |
/* * Left hand operand. A "struct tomoyo_argv" for TOMOYO_ARGV_ENTRY, a * "struct tomoyo_envp" for TOMOYO_ENVP_ENTRY is attached to the tail * of the array of this struct. */ |
2066a3612 TOMOYO: Allow usi... |
595 |
u8 left; |
5b636857f TOMOYO: Allow usi... |
596 597 598 599 600 601 |
/* * Right hand operand. A "struct tomoyo_number_union" for * TOMOYO_NUMBER_UNION, a "struct tomoyo_name_union" for * TOMOYO_NAME_UNION is attached to the tail of the array of this * struct. */ |
2066a3612 TOMOYO: Allow usi... |
602 603 604 605 606 607 608 609 610 611 612 |
u8 right; /* Equation operator. True if equals or overlaps, false otherwise. */ bool equals; }; /* Structure for optional arguments. */ struct tomoyo_condition { struct tomoyo_shared_acl_head head; u32 size; /* Memory size allocated for this entry. */ u16 condc; /* Number of conditions in this struct. */ u16 numbers_count; /* Number of "struct tomoyo_number_union values". */ |
2ca9bf453 TOMOYO: Allow usi... |
613 |
u16 names_count; /* Number of "struct tomoyo_name_union names". */ |
5b636857f TOMOYO: Allow usi... |
614 615 |
u16 argc; /* Number of "struct tomoyo_argv". */ u16 envc; /* Number of "struct tomoyo_envp". */ |
1f067a682 TOMOYO: Allow con... |
616 |
u8 grant_log; /* One of values in "enum tomoyo_grant_log". */ |
6bce98edc TOMOYO: Allow spe... |
617 |
const struct tomoyo_path_info *transit; /* Maybe NULL. */ |
2066a3612 TOMOYO: Allow usi... |
618 619 620 |
/* * struct tomoyo_condition_element condition[condc]; * struct tomoyo_number_union values[numbers_count]; |
2ca9bf453 TOMOYO: Allow usi... |
621 |
* struct tomoyo_name_union names[names_count]; |
5b636857f TOMOYO: Allow usi... |
622 623 |
* struct tomoyo_argv argv[argc]; * struct tomoyo_envp envp[envc]; |
2066a3612 TOMOYO: Allow usi... |
624 625 |
*/ }; |
b5bc60b4c TOMOYO: Cleanup p... |
626 |
/* Common header for individual entries. */ |
9590837b8 Common functions ... |
627 628 |
struct tomoyo_acl_info { struct list_head list; |
2066a3612 TOMOYO: Allow usi... |
629 |
struct tomoyo_condition *cond; /* Maybe NULL. */ |
f9732ea14 TOMOYO: Simplify ... |
630 |
s8 is_deleted; /* true or false or TOMOYO_GC_IN_PROGRESS */ |
b5bc60b4c TOMOYO: Cleanup p... |
631 |
u8 type; /* One of values in "enum tomoyo_acl_entry_type_index". */ |
9590837b8 Common functions ... |
632 |
} __packed; |
b5bc60b4c TOMOYO: Cleanup p... |
633 |
/* Structure for domain information. */ |
9590837b8 Common functions ... |
634 635 636 637 638 |
struct tomoyo_domain_info { struct list_head list; struct list_head acl_info_list; /* Name of this domain. Never NULL. */ const struct tomoyo_path_info *domainname; |
bd03a3e4c TOMOYO: Add polic... |
639 640 |
/* Namespace for this domain. Never NULL. */ struct tomoyo_policy_namespace *ns; |
9590837b8 Common functions ... |
641 |
u8 profile; /* Profile number to use. */ |
32997144f TOMOYO: Add ACL g... |
642 |
u8 group; /* Group number to use. */ |
a0558fc34 tomoyo: remove "u... |
643 |
bool is_deleted; /* Delete flag. */ |
2c47ab935 TOMOYO: Cleanup p... |
644 |
bool flags[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; |
ec8e6a4e0 TOMOYO: Add refco... |
645 |
atomic_t users; /* Number of referring credentials. */ |
9590837b8 Common functions ... |
646 |
}; |
9590837b8 Common functions ... |
647 |
/* |
731d37aa7 TOMOYO: Allow dom... |
648 649 650 651 652 653 654 655 656 |
* Structure for "task manual_domain_transition" directive. */ struct tomoyo_task_acl { struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MANUAL_TASK_ACL */ /* Pointer to domainname. */ const struct tomoyo_path_info *domainname; }; /* |
b5bc60b4c TOMOYO: Cleanup p... |
657 658 659 |
* Structure for "file execute", "file read", "file write", "file append", * "file unlink", "file getattr", "file rmdir", "file truncate", * "file symlink", "file chroot" and "file unmount" directive. |
9590837b8 Common functions ... |
660 |
*/ |
7ef612331 TOMOYO: Use short... |
661 662 |
struct tomoyo_path_acl { struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */ |
b5bc60b4c TOMOYO: Cleanup p... |
663 |
u16 perm; /* Bitmask of values in "enum tomoyo_path_acl_index". */ |
7762fbfff TOMOYO: Add pathn... |
664 |
struct tomoyo_name_union name; |
9590837b8 Common functions ... |
665 |
}; |
c3fa109a5 TOMOYO: Add descr... |
666 |
/* |
b5bc60b4c TOMOYO: Cleanup p... |
667 668 |
* Structure for "file create", "file mkdir", "file mkfifo", "file mksock", * "file ioctl", "file chmod", "file chown" and "file chgrp" directive. |
a1f9bb6a3 TOMOYO: Split fil... |
669 670 671 |
*/ struct tomoyo_path_number_acl { struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER_ACL */ |
b5bc60b4c TOMOYO: Cleanup p... |
672 |
/* Bitmask of values in "enum tomoyo_path_number_acl_index". */ |
a1f9bb6a3 TOMOYO: Split fil... |
673 674 675 676 |
u8 perm; struct tomoyo_name_union name; struct tomoyo_number_union number; }; |
b5bc60b4c TOMOYO: Cleanup p... |
677 |
/* Structure for "file mkblock" and "file mkchar" directive. */ |
75093152a TOMOYO: Rename sy... |
678 679 |
struct tomoyo_mkdev_acl { struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MKDEV_ACL */ |
b5bc60b4c TOMOYO: Cleanup p... |
680 |
u8 perm; /* Bitmask of values in "enum tomoyo_mkdev_acl_index". */ |
a1f9bb6a3 TOMOYO: Split fil... |
681 682 683 684 685 686 687 |
struct tomoyo_name_union name; struct tomoyo_number_union mode; struct tomoyo_number_union major; struct tomoyo_number_union minor; }; /* |
b5bc60b4c TOMOYO: Cleanup p... |
688 |
* Structure for "file rename", "file link" and "file pivot_root" directive. |
c3fa109a5 TOMOYO: Add descr... |
689 |
*/ |
7ef612331 TOMOYO: Use short... |
690 691 |
struct tomoyo_path2_acl { struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */ |
b5bc60b4c TOMOYO: Cleanup p... |
692 |
u8 perm; /* Bitmask of values in "enum tomoyo_path2_acl_index". */ |
7762fbfff TOMOYO: Add pathn... |
693 694 |
struct tomoyo_name_union name1; struct tomoyo_name_union name2; |
9590837b8 Common functions ... |
695 |
}; |
b5bc60b4c TOMOYO: Cleanup p... |
696 |
/* Structure for "file mount" directive. */ |
2106ccd97 TOMOYO: Add mount... |
697 698 |
struct tomoyo_mount_acl { struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MOUNT_ACL */ |
2106ccd97 TOMOYO: Add mount... |
699 700 701 702 703 |
struct tomoyo_name_union dev_name; struct tomoyo_name_union dir_name; struct tomoyo_name_union fs_type; struct tomoyo_number_union flags; }; |
d58e0da85 TOMOYO: Add envir... |
704 705 706 707 708 |
/* Structure for "misc env" directive in domain policy. */ struct tomoyo_env_acl { struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_ENV_ACL */ const struct tomoyo_path_info *env; /* environment variable */ }; |
059d84dbb TOMOYO: Add socke... |
709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 |
/* Structure for "network inet" directive. */ struct tomoyo_inet_acl { struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_INET_ACL */ u8 protocol; u8 perm; /* Bitmask of values in "enum tomoyo_network_acl_index" */ struct tomoyo_ipaddr_union address; struct tomoyo_number_union port; }; /* Structure for "network unix" directive. */ struct tomoyo_unix_acl { struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_UNIX_ACL */ u8 protocol; u8 perm; /* Bitmask of values in "enum tomoyo_network_acl_index" */ struct tomoyo_name_union name; }; |
a238cf5b8 TOMOYO: Use struc... |
725 726 727 728 |
/* Structure for holding a line from /sys/kernel/security/tomoyo/ interface. */ struct tomoyo_acl_param { char *data; struct list_head *list; |
bd03a3e4c TOMOYO: Add polic... |
729 |
struct tomoyo_policy_namespace *ns; |
a238cf5b8 TOMOYO: Use struc... |
730 731 |
bool is_delete; }; |
0d2171d71 TOMOYO: Rename di... |
732 |
#define TOMOYO_MAX_IO_READ_QUEUE 64 |
f23571e86 TOMOYO: Copy dire... |
733 |
|
2106ccd97 TOMOYO: Add mount... |
734 |
/* |
f23571e86 TOMOYO: Copy dire... |
735 736 |
* Structure for reading/writing policy via /sys/kernel/security/tomoyo * interfaces. |
c3fa109a5 TOMOYO: Add descr... |
737 |
*/ |
9590837b8 Common functions ... |
738 |
struct tomoyo_io_buffer { |
8fbe71f0e TOMOYO: Make read... |
739 |
void (*read) (struct tomoyo_io_buffer *); |
9590837b8 Common functions ... |
740 |
int (*write) (struct tomoyo_io_buffer *); |
6041e8346 TOMOYO: Return ap... |
741 |
unsigned int (*poll) (struct file *file, poll_table *wait); |
9590837b8 Common functions ... |
742 743 |
/* Exclusive lock for this structure. */ struct mutex io_sem; |
f23571e86 TOMOYO: Copy dire... |
744 |
char __user *read_user_buf; |
2c47ab935 TOMOYO: Cleanup p... |
745 |
size_t read_user_buf_avail; |
f23571e86 TOMOYO: Copy dire... |
746 |
struct { |
bd03a3e4c TOMOYO: Add polic... |
747 |
struct list_head *ns; |
f23571e86 TOMOYO: Copy dire... |
748 749 750 |
struct list_head *domain; struct list_head *group; struct list_head *acl; |
2c47ab935 TOMOYO: Cleanup p... |
751 752 753 |
size_t avail; unsigned int step; unsigned int query_index; |
f23571e86 TOMOYO: Copy dire... |
754 |
u16 index; |
2066a3612 TOMOYO: Allow usi... |
755 |
u16 cond_index; |
32997144f TOMOYO: Add ACL g... |
756 |
u8 acl_group_index; |
2066a3612 TOMOYO: Allow usi... |
757 |
u8 cond_step; |
f23571e86 TOMOYO: Copy dire... |
758 759 760 761 |
u8 bit; u8 w_pos; bool eof; bool print_this_domain_only; |
bd03a3e4c TOMOYO: Add polic... |
762 |
bool print_transition_related_only; |
2066a3612 TOMOYO: Allow usi... |
763 |
bool print_cond_part; |
f23571e86 TOMOYO: Copy dire... |
764 765 |
const char *w[TOMOYO_MAX_IO_READ_QUEUE]; } r; |
0df7e8b8f TOMOYO: Cleanup p... |
766 |
struct { |
bd03a3e4c TOMOYO: Add polic... |
767 |
struct tomoyo_policy_namespace *ns; |
0df7e8b8f TOMOYO: Cleanup p... |
768 769 770 |
/* The position currently writing to. */ struct tomoyo_domain_info *domain; /* Bytes available for writing. */ |
2c47ab935 TOMOYO: Cleanup p... |
771 |
size_t avail; |
bd03a3e4c TOMOYO: Add polic... |
772 |
bool is_delete; |
0df7e8b8f TOMOYO: Cleanup p... |
773 |
} w; |
9590837b8 Common functions ... |
774 775 |
/* Buffer for reading. */ char *read_buf; |
9590837b8 Common functions ... |
776 |
/* Size of read buffer. */ |
2c47ab935 TOMOYO: Cleanup p... |
777 |
size_t readbuf_size; |
9590837b8 Common functions ... |
778 779 |
/* Buffer for writing. */ char *write_buf; |
9590837b8 Common functions ... |
780 |
/* Size of write buffer. */ |
2c47ab935 TOMOYO: Cleanup p... |
781 |
size_t writebuf_size; |
17fcfbd9d TOMOYO: Add inter... |
782 |
/* Type of this interface. */ |
2c47ab935 TOMOYO: Cleanup p... |
783 |
enum tomoyo_securityfs_interface_index type; |
2e503bbb4 TOMOYO: Fix lockd... |
784 785 786 787 |
/* Users counter protected by tomoyo_io_buffer_list_lock. */ u8 users; /* List for telling GC not to kfree() elements. */ struct list_head list; |
9590837b8 Common functions ... |
788 |
}; |
76bb0895d TOMOYO: Merge hea... |
789 |
/* |
b5bc60b4c TOMOYO: Cleanup p... |
790 791 |
* Structure for "initialize_domain"/"no_initialize_domain"/"keep_domain"/ * "no_keep_domain" keyword. |
76bb0895d TOMOYO: Merge hea... |
792 |
*/ |
5448ec4f5 TOMOYO: Use commo... |
793 |
struct tomoyo_transition_control { |
82e0f001a TOMOYO: Use commo... |
794 |
struct tomoyo_acl_head head; |
5448ec4f5 TOMOYO: Use commo... |
795 |
u8 type; /* One of values in "enum tomoyo_transition_type". */ |
76bb0895d TOMOYO: Merge hea... |
796 797 |
/* True if the domainname is tomoyo_get_last_name(). */ bool is_last_name; |
5448ec4f5 TOMOYO: Use commo... |
798 799 |
const struct tomoyo_path_info *domainname; /* Maybe NULL */ const struct tomoyo_path_info *program; /* Maybe NULL */ |
76bb0895d TOMOYO: Merge hea... |
800 |
}; |
b5bc60b4c TOMOYO: Cleanup p... |
801 |
/* Structure for "aggregator" keyword. */ |
e2bf69077 TOMOYO: Rename sy... |
802 |
struct tomoyo_aggregator { |
82e0f001a TOMOYO: Use commo... |
803 |
struct tomoyo_acl_head head; |
1084307ca TOMOYO: Add pathn... |
804 805 |
const struct tomoyo_path_info *original_name; const struct tomoyo_path_info *aggregated_name; |
1084307ca TOMOYO: Add pathn... |
806 |
}; |
b5bc60b4c TOMOYO: Cleanup p... |
807 |
/* Structure for policy manager. */ |
e2bf69077 TOMOYO: Rename sy... |
808 |
struct tomoyo_manager { |
82e0f001a TOMOYO: Use commo... |
809 |
struct tomoyo_acl_head head; |
76bb0895d TOMOYO: Merge hea... |
810 811 |
/* A path to program or a domainname. */ const struct tomoyo_path_info *manager; |
76bb0895d TOMOYO: Merge hea... |
812 |
}; |
57c2590fb TOMOYO: Update pr... |
813 814 815 816 817 818 |
struct tomoyo_preference { unsigned int learning_max_entry; bool enforcing_verbose; bool learning_verbose; bool permissive_verbose; }; |
b5bc60b4c TOMOYO: Cleanup p... |
819 |
/* Structure for /sys/kernel/security/tomnoyo/profile interface. */ |
57c2590fb TOMOYO: Update pr... |
820 821 822 823 824 825 826 827 |
struct tomoyo_profile { const struct tomoyo_path_info *comment; struct tomoyo_preference *learning; struct tomoyo_preference *permissive; struct tomoyo_preference *enforcing; struct tomoyo_preference preference; u8 default_config; u8 config[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX]; |
d5ca1725a TOMOYO: Simplify ... |
828 |
unsigned int pref[TOMOYO_MAX_PREF]; |
57c2590fb TOMOYO: Update pr... |
829 |
}; |
eadd99cc8 TOMOYO: Add audit... |
830 831 832 833 834 835 836 837 838 |
/* Structure for representing YYYY/MM/DD hh/mm/ss. */ struct tomoyo_time { u16 year; u8 month; u8 day; u8 hour; u8 min; u8 sec; }; |
bd03a3e4c TOMOYO: Add polic... |
839 840 841 842 843 844 845 846 847 848 849 850 |
/* Structure for policy namespace. */ struct tomoyo_policy_namespace { /* Profile table. Memory is allocated as needed. */ struct tomoyo_profile *profile_ptr[TOMOYO_MAX_PROFILES]; /* List of "struct tomoyo_group". */ struct list_head group_list[TOMOYO_MAX_GROUP]; /* List of policy. */ struct list_head policy_list[TOMOYO_MAX_POLICY]; /* The global ACL referred by "use_group" keyword. */ struct list_head acl_group[TOMOYO_MAX_ACL_GROUPS]; /* List for connecting to tomoyo_namespace_list list. */ struct list_head namespace_list; |
843d183cd TOMOYO: Bump vers... |
851 |
/* Profile version. Currently only 20110903 is defined. */ |
bd03a3e4c TOMOYO: Add polic... |
852 853 854 855 |
unsigned int profile_version; /* Name of this namespace (e.g. "<kernel>", "</usr/sbin/httpd>" ). */ const char *name; }; |
76bb0895d TOMOYO: Merge hea... |
856 |
/********** Function prototypes. **********/ |
059d84dbb TOMOYO: Add socke... |
857 858 |
bool tomoyo_address_matches_group(const bool is_ipv6, const __be32 *address, const struct tomoyo_group *group); |
2106ccd97 TOMOYO: Add mount... |
859 860 |
bool tomoyo_compare_number_union(const unsigned long value, const struct tomoyo_number_union *ptr); |
2066a3612 TOMOYO: Allow usi... |
861 862 |
bool tomoyo_condition(struct tomoyo_request_info *r, const struct tomoyo_condition *cond); |
75093152a TOMOYO: Rename sy... |
863 |
bool tomoyo_correct_domain(const unsigned char *domainname); |
75093152a TOMOYO: Rename sy... |
864 865 |
bool tomoyo_correct_path(const char *filename); bool tomoyo_correct_word(const char *string); |
75093152a TOMOYO: Rename sy... |
866 |
bool tomoyo_domain_def(const unsigned char *buffer); |
3ddf17f08 TOMOYO: Cleanup h... |
867 |
bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r); |
5b636857f TOMOYO: Allow usi... |
868 869 |
bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos, struct tomoyo_page_dump *dump); |
3ddf17f08 TOMOYO: Cleanup h... |
870 |
bool tomoyo_memory_ok(void *ptr); |
4c3e9e2de TOMOYO: Add numer... |
871 872 |
bool tomoyo_number_matches_group(const unsigned long min, const unsigned long max, |
a98aa4deb TOMOYO: Merge tom... |
873 |
const struct tomoyo_group *group); |
059d84dbb TOMOYO: Add socke... |
874 875 |
bool tomoyo_parse_ipaddr_union(struct tomoyo_acl_param *param, struct tomoyo_ipaddr_union *ptr); |
3ddf17f08 TOMOYO: Cleanup h... |
876 877 |
bool tomoyo_parse_name_union(struct tomoyo_acl_param *param, struct tomoyo_name_union *ptr); |
a238cf5b8 TOMOYO: Use struc... |
878 879 |
bool tomoyo_parse_number_union(struct tomoyo_acl_param *param, struct tomoyo_number_union *ptr); |
3ddf17f08 TOMOYO: Cleanup h... |
880 881 882 883 884 |
bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, const struct tomoyo_path_info *pattern); bool tomoyo_permstr(const char *string, const char *keyword); bool tomoyo_str_starts(char **src, const char *find); char *tomoyo_encode(const char *str); |
059d84dbb TOMOYO: Add socke... |
885 |
char *tomoyo_encode2(const char *str, int str_len); |
3ddf17f08 TOMOYO: Cleanup h... |
886 887 888 |
char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt, va_list args); char *tomoyo_read_token(struct tomoyo_acl_param *param); |
224738624 constify tomoyo_r... |
889 |
char *tomoyo_realpath_from_path(const struct path *path); |
3ddf17f08 TOMOYO: Cleanup h... |
890 891 892 893 894 |
char *tomoyo_realpath_nofollow(const char *pathname); const char *tomoyo_get_exe(void); const char *tomoyo_yesno(const unsigned int value); const struct tomoyo_path_info *tomoyo_compare_name_union (const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr); |
731d37aa7 TOMOYO: Allow dom... |
895 896 |
const struct tomoyo_path_info *tomoyo_get_domainname (struct tomoyo_acl_param *param); |
3ddf17f08 TOMOYO: Cleanup h... |
897 898 899 900 |
const struct tomoyo_path_info *tomoyo_get_name(const char *name); const struct tomoyo_path_info *tomoyo_path_matches_group (const struct tomoyo_path_info *pathname, const struct tomoyo_group *group); int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, |
e6641eddf tomoyo: constify ... |
901 |
const struct path *path, const int flag); |
e53cfda5d tomoyo_close_cont... |
902 |
void tomoyo_close_control(struct tomoyo_io_buffer *head); |
d58e0da85 TOMOYO: Add envir... |
903 |
int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env); |
6bce98edc TOMOYO: Allow spe... |
904 905 |
int tomoyo_execute_permission(struct tomoyo_request_info *r, const struct tomoyo_path_info *filename); |
3ddf17f08 TOMOYO: Cleanup h... |
906 907 908 |
int tomoyo_find_next_domain(struct linux_binprm *bprm); int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, const u8 index); |
2106ccd97 TOMOYO: Add mount... |
909 |
int tomoyo_init_request_info(struct tomoyo_request_info *r, |
57c2590fb TOMOYO: Update pr... |
910 911 |
struct tomoyo_domain_info *domain, const u8 index); |
e6641eddf tomoyo: constify ... |
912 |
int tomoyo_mkdev_perm(const u8 operation, const struct path *path, |
3ddf17f08 TOMOYO: Cleanup h... |
913 |
const unsigned int mode, unsigned int dev); |
e6641eddf tomoyo: constify ... |
914 |
int tomoyo_mount_permission(const char *dev_name, const struct path *path, |
b5bc60b4c TOMOYO: Cleanup p... |
915 916 |
const char *type, unsigned long flags, void *data_page); |
3ddf17f08 TOMOYO: Cleanup h... |
917 |
int tomoyo_open_control(const u8 type, struct file *file); |
e6641eddf tomoyo: constify ... |
918 919 920 |
int tomoyo_path2_perm(const u8 operation, const struct path *path1, const struct path *path2); int tomoyo_path_number_perm(const u8 operation, const struct path *path, |
3ddf17f08 TOMOYO: Cleanup h... |
921 |
unsigned long number); |
3f7036a07 switch security_i... |
922 |
int tomoyo_path_perm(const u8 operation, const struct path *path, |
97fb35e41 TOMOYO: Enable co... |
923 |
const char *target); |
6041e8346 TOMOYO: Return ap... |
924 925 |
unsigned int tomoyo_poll_control(struct file *file, poll_table *wait); unsigned int tomoyo_poll_log(struct file *file, poll_table *wait); |
059d84dbb TOMOYO: Add socke... |
926 927 928 929 930 931 932 |
int tomoyo_socket_bind_permission(struct socket *sock, struct sockaddr *addr, int addr_len); int tomoyo_socket_connect_permission(struct socket *sock, struct sockaddr *addr, int addr_len); int tomoyo_socket_listen_permission(struct socket *sock); int tomoyo_socket_sendmsg_permission(struct socket *sock, struct msghdr *msg, int size); |
3ddf17f08 TOMOYO: Cleanup h... |
933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 |
int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) __printf(2, 3); int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, struct tomoyo_acl_param *param, bool (*check_duplicate) (const struct tomoyo_acl_info *, const struct tomoyo_acl_info *), bool (*merge_duplicate) (struct tomoyo_acl_info *, struct tomoyo_acl_info *, const bool)); int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, struct tomoyo_acl_param *param, bool (*check_duplicate) (const struct tomoyo_acl_head *, const struct tomoyo_acl_head *)); |
a238cf5b8 TOMOYO: Use struc... |
948 |
int tomoyo_write_aggregator(struct tomoyo_acl_param *param); |
a238cf5b8 TOMOYO: Use struc... |
949 950 |
int tomoyo_write_file(struct tomoyo_acl_param *param); int tomoyo_write_group(struct tomoyo_acl_param *param, const u8 type); |
d58e0da85 TOMOYO: Add envir... |
951 |
int tomoyo_write_misc(struct tomoyo_acl_param *param); |
059d84dbb TOMOYO: Add socke... |
952 |
int tomoyo_write_inet_network(struct tomoyo_acl_param *param); |
3ddf17f08 TOMOYO: Cleanup h... |
953 954 |
int tomoyo_write_transition_control(struct tomoyo_acl_param *param, const u8 type); |
059d84dbb TOMOYO: Add socke... |
955 |
int tomoyo_write_unix_network(struct tomoyo_acl_param *param); |
3ddf17f08 TOMOYO: Cleanup h... |
956 957 958 959 |
ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, const int buffer_len); ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, const char __user *buffer, const int buffer_len); |
2066a3612 TOMOYO: Allow usi... |
960 |
struct tomoyo_condition *tomoyo_get_condition(struct tomoyo_acl_param *param); |
e2bf69077 TOMOYO: Rename sy... |
961 |
struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, |
bd03a3e4c TOMOYO: Add polic... |
962 |
const bool transit); |
3ddf17f08 TOMOYO: Cleanup h... |
963 |
struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); |
a238cf5b8 TOMOYO: Use struc... |
964 965 |
struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, const u8 idx); |
3ddf17f08 TOMOYO: Cleanup h... |
966 967 968 969 |
struct tomoyo_policy_namespace *tomoyo_assign_namespace (const char *domainname); struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, const u8 profile); |
9590837b8 Common functions ... |
970 971 |
unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, const u8 index); |
2066a3612 TOMOYO: Allow usi... |
972 |
u8 tomoyo_parse_ulong(unsigned long *result, char **str); |
9e4b50e93 TOMOYO: Use stack... |
973 |
void *tomoyo_commit_ok(void *data, const unsigned int size); |
efe836ab2 TOMOYO: Add built... |
974 |
void __init tomoyo_load_builtin_policy(void); |
3ddf17f08 TOMOYO: Cleanup h... |
975 |
void __init tomoyo_mm_init(void); |
99a852596 TOMOYO: Use callb... |
976 |
void tomoyo_check_acl(struct tomoyo_request_info *r, |
484ca79c6 TOMOYO: Use pathn... |
977 |
bool (*check_entry) (struct tomoyo_request_info *, |
99a852596 TOMOYO: Use callb... |
978 |
const struct tomoyo_acl_info *)); |
3ddf17f08 TOMOYO: Cleanup h... |
979 980 |
void tomoyo_check_profile(void); void tomoyo_convert_time(time_t time, struct tomoyo_time *stamp); |
2066a3612 TOMOYO: Allow usi... |
981 |
void tomoyo_del_condition(struct list_head *element); |
3ddf17f08 TOMOYO: Cleanup h... |
982 |
void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); |
8761afd49 TOMOYO: Allow usi... |
983 |
void tomoyo_get_attributes(struct tomoyo_obj_info *obj); |
3ddf17f08 TOMOYO: Cleanup h... |
984 |
void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns); |
3ddf17f08 TOMOYO: Cleanup h... |
985 |
void tomoyo_load_policy(const char *filename); |
3ddf17f08 TOMOYO: Cleanup h... |
986 987 |
void tomoyo_normalize_line(unsigned char *buffer); void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register); |
059d84dbb TOMOYO: Add socke... |
988 989 |
void tomoyo_print_ip(char *buf, const unsigned int size, const struct tomoyo_ipaddr_union *ptr); |
3ddf17f08 TOMOYO: Cleanup h... |
990 991 992 993 994 995 996 |
void tomoyo_print_ulong(char *buffer, const int buffer_len, const unsigned long value, const u8 type); void tomoyo_put_name_union(struct tomoyo_name_union *ptr); void tomoyo_put_number_union(struct tomoyo_number_union *ptr); void tomoyo_read_log(struct tomoyo_io_buffer *head); void tomoyo_update_stat(const u8 index); void tomoyo_warn_oom(const char *function); |
bd03a3e4c TOMOYO: Add polic... |
997 |
void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) |
3ddf17f08 TOMOYO: Cleanup h... |
998 |
__printf(2, 3); |
eadd99cc8 TOMOYO: Add audit... |
999 1000 |
void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, va_list args); |
eadd99cc8 TOMOYO: Add audit... |
1001 |
|
76bb0895d TOMOYO: Merge hea... |
1002 |
/********** External variable definitions. **********/ |
76bb0895d TOMOYO: Merge hea... |
1003 |
extern bool tomoyo_policy_loaded; |
2066a3612 TOMOYO: Allow usi... |
1004 1005 |
extern const char * const tomoyo_condition_keyword [TOMOYO_MAX_CONDITION_KEYWORD]; |
3ddf17f08 TOMOYO: Cleanup h... |
1006 1007 1008 1009 |
extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; extern const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX]; extern const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE]; |
2c47ab935 TOMOYO: Cleanup p... |
1010 |
extern const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; |
059d84dbb TOMOYO: Add socke... |
1011 1012 |
extern const char * const tomoyo_proto_keyword[TOMOYO_SOCK_MAX]; extern const char * const tomoyo_socket_keyword[TOMOYO_MAX_NETWORK_OPERATION]; |
2c47ab935 TOMOYO: Cleanup p... |
1013 |
extern const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX]; |
3ddf17f08 TOMOYO: Cleanup h... |
1014 |
extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION]; |
0d2171d71 TOMOYO: Rename di... |
1015 1016 |
extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION]; extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION]; |
2066a3612 TOMOYO: Allow usi... |
1017 |
extern struct list_head tomoyo_condition_list; |
3ddf17f08 TOMOYO: Cleanup h... |
1018 1019 1020 1021 1022 1023 1024 |
extern struct list_head tomoyo_domain_list; extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; extern struct list_head tomoyo_namespace_list; extern struct mutex tomoyo_policy_lock; extern struct srcu_struct tomoyo_ss; extern struct tomoyo_domain_info tomoyo_kernel_domain; extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; |
eadd99cc8 TOMOYO: Add audit... |
1025 1026 |
extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT]; extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT]; |
17fcfbd9d TOMOYO: Add inter... |
1027 |
|
76bb0895d TOMOYO: Merge hea... |
1028 |
/********** Inlined functions. **********/ |
b5bc60b4c TOMOYO: Cleanup p... |
1029 1030 1031 1032 1033 |
/** * tomoyo_read_lock - Take lock for protecting policy. * * Returns index number for tomoyo_read_unlock(). */ |
76bb0895d TOMOYO: Merge hea... |
1034 1035 1036 1037 |
static inline int tomoyo_read_lock(void) { return srcu_read_lock(&tomoyo_ss); } |
b5bc60b4c TOMOYO: Cleanup p... |
1038 1039 1040 1041 1042 1043 1044 |
/** * tomoyo_read_unlock - Release lock for protecting policy. * * @idx: Index number returned by tomoyo_read_lock(). * * Returns nothing. */ |
76bb0895d TOMOYO: Merge hea... |
1045 1046 1047 1048 |
static inline void tomoyo_read_unlock(int idx) { srcu_read_unlock(&tomoyo_ss, idx); } |
b5bc60b4c TOMOYO: Cleanup p... |
1049 |
/** |
2066a3612 TOMOYO: Allow usi... |
1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 |
* tomoyo_sys_getppid - Copy of getppid(). * * Returns parent process's PID. * * Alpha does not have getppid() defined. To be able to build this module on * Alpha, I have to copy getppid() from kernel/timer.c. */ static inline pid_t tomoyo_sys_getppid(void) { pid_t pid; rcu_read_lock(); |
bb80d880a tomoyo: add missi... |
1061 |
pid = task_tgid_vnr(rcu_dereference(current->real_parent)); |
2066a3612 TOMOYO: Allow usi... |
1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 |
rcu_read_unlock(); return pid; } /** * tomoyo_sys_getpid - Copy of getpid(). * * Returns current thread's PID. * * Alpha does not have getpid() defined. To be able to build this module on * Alpha, I have to copy getpid() from kernel/timer.c. */ static inline pid_t tomoyo_sys_getpid(void) { return task_tgid_vnr(current); } /** |
b5bc60b4c TOMOYO: Cleanup p... |
1080 1081 1082 1083 1084 1085 1086 |
* tomoyo_pathcmp - strcmp() for "struct tomoyo_path_info" structure. * * @a: Pointer to "struct tomoyo_path_info". * @b: Pointer to "struct tomoyo_path_info". * * Returns true if @a == @b, false otherwise. */ |
9590837b8 Common functions ... |
1087 1088 1089 1090 1091 |
static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, const struct tomoyo_path_info *b) { return a->hash != b->hash || strcmp(a->name, b->name); } |
9590837b8 Common functions ... |
1092 |
/** |
b5bc60b4c TOMOYO: Cleanup p... |
1093 1094 1095 1096 1097 1098 |
* tomoyo_put_name - Drop reference on "struct tomoyo_name". * * @name: Pointer to "struct tomoyo_path_info". Maybe NULL. * * Returns nothing. */ |
76bb0895d TOMOYO: Merge hea... |
1099 1100 1101 |
static inline void tomoyo_put_name(const struct tomoyo_path_info *name) { if (name) { |
e2bf69077 TOMOYO: Rename sy... |
1102 1103 |
struct tomoyo_name *ptr = container_of(name, typeof(*ptr), entry); |
0df7e8b8f TOMOYO: Cleanup p... |
1104 |
atomic_dec(&ptr->head.users); |
76bb0895d TOMOYO: Merge hea... |
1105 1106 |
} } |
9590837b8 Common functions ... |
1107 |
|
b5bc60b4c TOMOYO: Cleanup p... |
1108 |
/** |
2066a3612 TOMOYO: Allow usi... |
1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 |
* tomoyo_put_condition - Drop reference on "struct tomoyo_condition". * * @cond: Pointer to "struct tomoyo_condition". Maybe NULL. * * Returns nothing. */ static inline void tomoyo_put_condition(struct tomoyo_condition *cond) { if (cond) atomic_dec(&cond->head.users); } /** |
b5bc60b4c TOMOYO: Cleanup p... |
1122 1123 1124 1125 1126 1127 |
* tomoyo_put_group - Drop reference on "struct tomoyo_group". * * @group: Pointer to "struct tomoyo_group". Maybe NULL. * * Returns nothing. */ |
a98aa4deb TOMOYO: Merge tom... |
1128 |
static inline void tomoyo_put_group(struct tomoyo_group *group) |
4c3e9e2de TOMOYO: Add numer... |
1129 1130 |
{ if (group) |
0df7e8b8f TOMOYO: Cleanup p... |
1131 |
atomic_dec(&group->head.users); |
4c3e9e2de TOMOYO: Add numer... |
1132 |
} |
b5bc60b4c TOMOYO: Cleanup p... |
1133 1134 1135 1136 1137 |
/** * tomoyo_domain - Get "struct tomoyo_domain_info" for current thread. * * Returns pointer to "struct tomoyo_domain_info" for current thread. */ |
76bb0895d TOMOYO: Merge hea... |
1138 1139 1140 1141 |
static inline struct tomoyo_domain_info *tomoyo_domain(void) { return current_cred()->security; } |
9590837b8 Common functions ... |
1142 |
|
b5bc60b4c TOMOYO: Cleanup p... |
1143 1144 1145 1146 1147 1148 1149 |
/** * tomoyo_real_domain - Get "struct tomoyo_domain_info" for specified thread. * * @task: Pointer to "struct task_struct". * * Returns pointer to "struct tomoyo_security" for specified thread. */ |
76bb0895d TOMOYO: Merge hea... |
1150 1151 1152 1153 1154 |
static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct *task) { return task_cred_xxx(task, security); } |
9590837b8 Common functions ... |
1155 |
|
b5bc60b4c TOMOYO: Cleanup p... |
1156 1157 1158 1159 1160 1161 1162 1163 |
/** * tomoyo_same_name_union - Check for duplicated "struct tomoyo_name_union" entry. * * @a: Pointer to "struct tomoyo_name_union". * @b: Pointer to "struct tomoyo_name_union". * * Returns true if @a == @b, false otherwise. */ |
75093152a TOMOYO: Rename sy... |
1164 |
static inline bool tomoyo_same_name_union |
b5bc60b4c TOMOYO: Cleanup p... |
1165 |
(const struct tomoyo_name_union *a, const struct tomoyo_name_union *b) |
7762fbfff TOMOYO: Add pathn... |
1166 |
{ |
0df7e8b8f TOMOYO: Cleanup p... |
1167 |
return a->filename == b->filename && a->group == b->group; |
7762fbfff TOMOYO: Add pathn... |
1168 |
} |
b5bc60b4c TOMOYO: Cleanup p... |
1169 1170 1171 1172 1173 1174 1175 1176 |
/** * tomoyo_same_number_union - Check for duplicated "struct tomoyo_number_union" entry. * * @a: Pointer to "struct tomoyo_number_union". * @b: Pointer to "struct tomoyo_number_union". * * Returns true if @a == @b, false otherwise. */ |
75093152a TOMOYO: Rename sy... |
1177 |
static inline bool tomoyo_same_number_union |
b5bc60b4c TOMOYO: Cleanup p... |
1178 |
(const struct tomoyo_number_union *a, const struct tomoyo_number_union *b) |
4c3e9e2de TOMOYO: Add numer... |
1179 |
{ |
b5bc60b4c TOMOYO: Cleanup p... |
1180 |
return a->values[0] == b->values[0] && a->values[1] == b->values[1] && |
0df7e8b8f TOMOYO: Cleanup p... |
1181 1182 |
a->group == b->group && a->value_type[0] == b->value_type[0] && a->value_type[1] == b->value_type[1]; |
4c3e9e2de TOMOYO: Add numer... |
1183 |
} |
bd03a3e4c TOMOYO: Add polic... |
1184 |
/** |
059d84dbb TOMOYO: Add socke... |
1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 |
* tomoyo_same_ipaddr_union - Check for duplicated "struct tomoyo_ipaddr_union" entry. * * @a: Pointer to "struct tomoyo_ipaddr_union". * @b: Pointer to "struct tomoyo_ipaddr_union". * * Returns true if @a == @b, false otherwise. */ static inline bool tomoyo_same_ipaddr_union (const struct tomoyo_ipaddr_union *a, const struct tomoyo_ipaddr_union *b) { return !memcmp(a->ip, b->ip, sizeof(a->ip)) && a->group == b->group && a->is_ipv6 == b->is_ipv6; } /** |
bd03a3e4c TOMOYO: Add polic... |
1200 1201 1202 1203 1204 1205 1206 1207 |
* tomoyo_current_namespace - Get "struct tomoyo_policy_namespace" for current thread. * * Returns pointer to "struct tomoyo_policy_namespace" for current thread. */ static inline struct tomoyo_policy_namespace *tomoyo_current_namespace(void) { return tomoyo_domain()->ns; } |
eadd99cc8 TOMOYO: Add audit... |
1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 |
#if defined(CONFIG_SLOB) /** * tomoyo_round2 - Round up to power of 2 for calculating memory usage. * * @size: Size to be rounded up. * * Returns @size. * * Since SLOB does not round up, this function simply returns @size. */ static inline int tomoyo_round2(size_t size) { return size; } #else /** * tomoyo_round2 - Round up to power of 2 for calculating memory usage. * * @size: Size to be rounded up. * * Returns rounded size. * * Strictly speaking, SLAB may be able to allocate (e.g.) 96 bytes instead of * (e.g.) 128 bytes. */ static inline int tomoyo_round2(size_t size) { #if PAGE_SIZE == 4096 size_t bsize = 32; #else size_t bsize = 64; #endif if (!size) return 0; while (size > bsize) bsize <<= 1; return bsize; } #endif |
9590837b8 Common functions ... |
1251 1252 1253 |
/** * list_for_each_cookie - iterate over a list with cookie. * @pos: the &struct list_head to use as a loop cursor. |
9590837b8 Common functions ... |
1254 |
* @head: the head for your list. |
9590837b8 Common functions ... |
1255 |
*/ |
475e6fa3d TOMOYO: Change li... |
1256 1257 1258 1259 |
#define list_for_each_cookie(pos, head) \ if (!pos) \ pos = srcu_dereference((head)->next, &tomoyo_ss); \ for ( ; pos != (head); pos = srcu_dereference(pos->next, &tomoyo_ss)) |
fdb8ebb72 TOMOYO: Use RCU p... |
1260 |
|
9590837b8 Common functions ... |
1261 |
#endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ |