2 * security/tomoyo/file.c
4 * Pathname restriction functions.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
10 #include <linux/slab.h>
12 /* Keyword array for operations with one pathname. */
13 static const char *tomoyo_path_keyword
[TOMOYO_MAX_PATH_OPERATION
] = {
14 [TOMOYO_TYPE_READ_WRITE
] = "read/write",
15 [TOMOYO_TYPE_EXECUTE
] = "execute",
16 [TOMOYO_TYPE_READ
] = "read",
17 [TOMOYO_TYPE_WRITE
] = "write",
18 [TOMOYO_TYPE_UNLINK
] = "unlink",
19 [TOMOYO_TYPE_RMDIR
] = "rmdir",
20 [TOMOYO_TYPE_TRUNCATE
] = "truncate",
21 [TOMOYO_TYPE_SYMLINK
] = "symlink",
22 [TOMOYO_TYPE_REWRITE
] = "rewrite",
23 [TOMOYO_TYPE_CHROOT
] = "chroot",
24 [TOMOYO_TYPE_UMOUNT
] = "unmount",
27 /* Keyword array for operations with one pathname and three numbers. */
28 static const char *tomoyo_path_number3_keyword
29 [TOMOYO_MAX_PATH_NUMBER3_OPERATION
] = {
30 [TOMOYO_TYPE_MKBLOCK
] = "mkblock",
31 [TOMOYO_TYPE_MKCHAR
] = "mkchar",
34 /* Keyword array for operations with two pathnames. */
35 static const char *tomoyo_path2_keyword
[TOMOYO_MAX_PATH2_OPERATION
] = {
36 [TOMOYO_TYPE_LINK
] = "link",
37 [TOMOYO_TYPE_RENAME
] = "rename",
38 [TOMOYO_TYPE_PIVOT_ROOT
] = "pivot_root",
41 /* Keyword array for operations with one pathname and one number. */
42 static const char *tomoyo_path_number_keyword
43 [TOMOYO_MAX_PATH_NUMBER_OPERATION
] = {
44 [TOMOYO_TYPE_CREATE
] = "create",
45 [TOMOYO_TYPE_MKDIR
] = "mkdir",
46 [TOMOYO_TYPE_MKFIFO
] = "mkfifo",
47 [TOMOYO_TYPE_MKSOCK
] = "mksock",
48 [TOMOYO_TYPE_IOCTL
] = "ioctl",
49 [TOMOYO_TYPE_CHMOD
] = "chmod",
50 [TOMOYO_TYPE_CHOWN
] = "chown",
51 [TOMOYO_TYPE_CHGRP
] = "chgrp",
54 static const u8 tomoyo_p2mac
[TOMOYO_MAX_PATH_OPERATION
] = {
55 [TOMOYO_TYPE_READ_WRITE
] = TOMOYO_MAC_FILE_OPEN
,
56 [TOMOYO_TYPE_EXECUTE
] = TOMOYO_MAC_FILE_EXECUTE
,
57 [TOMOYO_TYPE_READ
] = TOMOYO_MAC_FILE_OPEN
,
58 [TOMOYO_TYPE_WRITE
] = TOMOYO_MAC_FILE_OPEN
,
59 [TOMOYO_TYPE_UNLINK
] = TOMOYO_MAC_FILE_UNLINK
,
60 [TOMOYO_TYPE_RMDIR
] = TOMOYO_MAC_FILE_RMDIR
,
61 [TOMOYO_TYPE_TRUNCATE
] = TOMOYO_MAC_FILE_TRUNCATE
,
62 [TOMOYO_TYPE_SYMLINK
] = TOMOYO_MAC_FILE_SYMLINK
,
63 [TOMOYO_TYPE_REWRITE
] = TOMOYO_MAC_FILE_REWRITE
,
64 [TOMOYO_TYPE_CHROOT
] = TOMOYO_MAC_FILE_CHROOT
,
65 [TOMOYO_TYPE_UMOUNT
] = TOMOYO_MAC_FILE_UMOUNT
,
68 static const u8 tomoyo_pnnn2mac
[TOMOYO_MAX_PATH_NUMBER3_OPERATION
] = {
69 [TOMOYO_TYPE_MKBLOCK
] = TOMOYO_MAC_FILE_MKBLOCK
,
70 [TOMOYO_TYPE_MKCHAR
] = TOMOYO_MAC_FILE_MKCHAR
,
73 static const u8 tomoyo_pp2mac
[TOMOYO_MAX_PATH2_OPERATION
] = {
74 [TOMOYO_TYPE_LINK
] = TOMOYO_MAC_FILE_LINK
,
75 [TOMOYO_TYPE_RENAME
] = TOMOYO_MAC_FILE_RENAME
,
76 [TOMOYO_TYPE_PIVOT_ROOT
] = TOMOYO_MAC_FILE_PIVOT_ROOT
,
79 static const u8 tomoyo_pn2mac
[TOMOYO_MAX_PATH_NUMBER_OPERATION
] = {
80 [TOMOYO_TYPE_CREATE
] = TOMOYO_MAC_FILE_CREATE
,
81 [TOMOYO_TYPE_MKDIR
] = TOMOYO_MAC_FILE_MKDIR
,
82 [TOMOYO_TYPE_MKFIFO
] = TOMOYO_MAC_FILE_MKFIFO
,
83 [TOMOYO_TYPE_MKSOCK
] = TOMOYO_MAC_FILE_MKSOCK
,
84 [TOMOYO_TYPE_IOCTL
] = TOMOYO_MAC_FILE_IOCTL
,
85 [TOMOYO_TYPE_CHMOD
] = TOMOYO_MAC_FILE_CHMOD
,
86 [TOMOYO_TYPE_CHOWN
] = TOMOYO_MAC_FILE_CHOWN
,
87 [TOMOYO_TYPE_CHGRP
] = TOMOYO_MAC_FILE_CHGRP
,
90 void tomoyo_put_name_union(struct tomoyo_name_union
*ptr
)
95 tomoyo_put_path_group(ptr
->group
);
97 tomoyo_put_name(ptr
->filename
);
100 bool tomoyo_compare_name_union(const struct tomoyo_path_info
*name
,
101 const struct tomoyo_name_union
*ptr
)
104 return tomoyo_path_matches_group(name
, ptr
->group
);
105 return tomoyo_path_matches_pattern(name
, ptr
->filename
);
108 void tomoyo_put_number_union(struct tomoyo_number_union
*ptr
)
110 if (ptr
&& ptr
->is_group
)
111 tomoyo_put_number_group(ptr
->group
);
114 bool tomoyo_compare_number_union(const unsigned long value
,
115 const struct tomoyo_number_union
*ptr
)
118 return tomoyo_number_matches_group(value
, value
, ptr
->group
);
119 return value
>= ptr
->values
[0] && value
<= ptr
->values
[1];
123 * tomoyo_path2keyword - Get the name of single path operation.
125 * @operation: Type of operation.
127 * Returns the name of single path operation.
129 const char *tomoyo_path2keyword(const u8 operation
)
131 return (operation
< TOMOYO_MAX_PATH_OPERATION
)
132 ? tomoyo_path_keyword
[operation
] : NULL
;
136 * tomoyo_path_number32keyword - Get the name of path/number/number/number operations.
138 * @operation: Type of operation.
140 * Returns the name of path/number/number/number operation.
142 const char *tomoyo_path_number32keyword(const u8 operation
)
144 return (operation
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
)
145 ? tomoyo_path_number3_keyword
[operation
] : NULL
;
149 * tomoyo_path22keyword - Get the name of double path operation.
151 * @operation: Type of operation.
153 * Returns the name of double path operation.
155 const char *tomoyo_path22keyword(const u8 operation
)
157 return (operation
< TOMOYO_MAX_PATH2_OPERATION
)
158 ? tomoyo_path2_keyword
[operation
] : NULL
;
162 * tomoyo_path_number2keyword - Get the name of path/number operations.
164 * @operation: Type of operation.
166 * Returns the name of path/number operation.
168 const char *tomoyo_path_number2keyword(const u8 operation
)
170 return (operation
< TOMOYO_MAX_PATH_NUMBER_OPERATION
)
171 ? tomoyo_path_number_keyword
[operation
] : NULL
;
174 static void tomoyo_add_slash(struct tomoyo_path_info
*buf
)
179 * This is OK because tomoyo_encode() reserves space for appending "/".
181 strcat((char *) buf
->name
, "/");
182 tomoyo_fill_path_info(buf
);
186 * tomoyo_strendswith - Check whether the token ends with the given token.
188 * @name: The token to check.
189 * @tail: The token to find.
191 * Returns true if @name ends with @tail, false otherwise.
193 static bool tomoyo_strendswith(const char *name
, const char *tail
)
199 len
= strlen(name
) - strlen(tail
);
200 return len
>= 0 && !strcmp(name
+ len
, tail
);
204 * tomoyo_get_realpath - Get realpath.
206 * @buf: Pointer to "struct tomoyo_path_info".
207 * @path: Pointer to "struct path".
209 * Returns true on success, false otherwise.
211 static bool tomoyo_get_realpath(struct tomoyo_path_info
*buf
, struct path
*path
)
213 buf
->name
= tomoyo_realpath_from_path(path
);
215 tomoyo_fill_path_info(buf
);
221 static int tomoyo_update_path2_acl(const u8 type
, const char *filename1
,
222 const char *filename2
,
223 struct tomoyo_domain_info
*const domain
,
224 const bool is_delete
);
225 static int tomoyo_update_path_acl(const u8 type
, const char *filename
,
226 struct tomoyo_domain_info
*const domain
,
227 const bool is_delete
);
230 * tomoyo_globally_readable_list is used for holding list of pathnames which
231 * are by default allowed to be open()ed for reading by any process.
233 * An entry is added by
235 * # echo 'allow_read /lib/libc-2.5.so' > \
236 * /sys/kernel/security/tomoyo/exception_policy
240 * # echo 'delete allow_read /lib/libc-2.5.so' > \
241 * /sys/kernel/security/tomoyo/exception_policy
243 * and all entries are retrieved by
245 * # grep ^allow_read /sys/kernel/security/tomoyo/exception_policy
247 * In the example above, any process is allowed to
248 * open("/lib/libc-2.5.so", O_RDONLY).
249 * One exception is, if the domain which current process belongs to is marked
250 * as "ignore_global_allow_read", current process can't do so unless explicitly
251 * given "allow_read /lib/libc-2.5.so" to the domain which current process
254 LIST_HEAD(tomoyo_globally_readable_list
);
257 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
259 * @filename: Filename unconditionally permitted to open() for reading.
260 * @is_delete: True if it is a delete request.
262 * Returns 0 on success, negative value otherwise.
264 * Caller holds tomoyo_read_lock().
266 static int tomoyo_update_globally_readable_entry(const char *filename
,
267 const bool is_delete
)
269 struct tomoyo_globally_readable_file_entry
*ptr
;
270 struct tomoyo_globally_readable_file_entry e
= { };
271 int error
= is_delete
? -ENOENT
: -ENOMEM
;
273 if (!tomoyo_is_correct_word(filename
))
275 e
.filename
= tomoyo_get_name(filename
);
278 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
280 list_for_each_entry_rcu(ptr
, &tomoyo_globally_readable_list
, list
) {
281 if (ptr
->filename
!= e
.filename
)
283 ptr
->is_deleted
= is_delete
;
287 if (!is_delete
&& error
) {
288 struct tomoyo_globally_readable_file_entry
*entry
=
289 tomoyo_commit_ok(&e
, sizeof(e
));
291 list_add_tail_rcu(&entry
->list
,
292 &tomoyo_globally_readable_list
);
296 mutex_unlock(&tomoyo_policy_lock
);
298 tomoyo_put_name(e
.filename
);
303 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
305 * @filename: The filename to check.
307 * Returns true if any domain can open @filename for reading, false otherwise.
309 * Caller holds tomoyo_read_lock().
311 static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info
*
314 struct tomoyo_globally_readable_file_entry
*ptr
;
317 list_for_each_entry_rcu(ptr
, &tomoyo_globally_readable_list
, list
) {
318 if (!ptr
->is_deleted
&&
319 tomoyo_path_matches_pattern(filename
, ptr
->filename
)) {
328 * tomoyo_write_globally_readable_policy - Write "struct tomoyo_globally_readable_file_entry" list.
330 * @data: String to parse.
331 * @is_delete: True if it is a delete request.
333 * Returns 0 on success, negative value otherwise.
335 * Caller holds tomoyo_read_lock().
337 int tomoyo_write_globally_readable_policy(char *data
, const bool is_delete
)
339 return tomoyo_update_globally_readable_entry(data
, is_delete
);
343 * tomoyo_read_globally_readable_policy - Read "struct tomoyo_globally_readable_file_entry" list.
345 * @head: Pointer to "struct tomoyo_io_buffer".
347 * Returns true on success, false otherwise.
349 * Caller holds tomoyo_read_lock().
351 bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer
*head
)
353 struct list_head
*pos
;
356 list_for_each_cookie(pos
, head
->read_var2
,
357 &tomoyo_globally_readable_list
) {
358 struct tomoyo_globally_readable_file_entry
*ptr
;
359 ptr
= list_entry(pos
,
360 struct tomoyo_globally_readable_file_entry
,
364 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_ALLOW_READ
"%s\n",
365 ptr
->filename
->name
);
372 /* tomoyo_pattern_list is used for holding list of pathnames which are used for
373 * converting pathnames to pathname patterns during learning mode.
375 * An entry is added by
377 * # echo 'file_pattern /proc/\$/mounts' > \
378 * /sys/kernel/security/tomoyo/exception_policy
382 * # echo 'delete file_pattern /proc/\$/mounts' > \
383 * /sys/kernel/security/tomoyo/exception_policy
385 * and all entries are retrieved by
387 * # grep ^file_pattern /sys/kernel/security/tomoyo/exception_policy
389 * In the example above, if a process which belongs to a domain which is in
390 * learning mode requested open("/proc/1/mounts", O_RDONLY),
391 * "allow_read /proc/\$/mounts" is automatically added to the domain which that
392 * process belongs to.
394 * It is not a desirable behavior that we have to use /proc/\$/ instead of
395 * /proc/self/ when current process needs to access only current process's
396 * information. As of now, LSM version of TOMOYO is using __d_path() for
397 * calculating pathname. Non LSM version of TOMOYO is using its own function
398 * which pretends as if /proc/self/ is not a symlink; so that we can forbid
399 * current process from accessing other process's information.
401 LIST_HEAD(tomoyo_pattern_list
);
404 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
406 * @pattern: Pathname pattern.
407 * @is_delete: True if it is a delete request.
409 * Returns 0 on success, negative value otherwise.
411 * Caller holds tomoyo_read_lock().
413 static int tomoyo_update_file_pattern_entry(const char *pattern
,
414 const bool is_delete
)
416 struct tomoyo_pattern_entry
*ptr
;
417 struct tomoyo_pattern_entry e
= { };
418 int error
= is_delete
? -ENOENT
: -ENOMEM
;
420 if (!tomoyo_is_correct_word(pattern
))
422 e
.pattern
= tomoyo_get_name(pattern
);
425 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
427 list_for_each_entry_rcu(ptr
, &tomoyo_pattern_list
, list
) {
428 if (e
.pattern
!= ptr
->pattern
)
430 ptr
->is_deleted
= is_delete
;
434 if (!is_delete
&& error
) {
435 struct tomoyo_pattern_entry
*entry
=
436 tomoyo_commit_ok(&e
, sizeof(e
));
438 list_add_tail_rcu(&entry
->list
, &tomoyo_pattern_list
);
442 mutex_unlock(&tomoyo_policy_lock
);
444 tomoyo_put_name(e
.pattern
);
449 * tomoyo_file_pattern - Get patterned pathname.
451 * @filename: The filename to find patterned pathname.
453 * Returns pointer to pathname pattern if matched, @filename otherwise.
455 * Caller holds tomoyo_read_lock().
457 const char *tomoyo_file_pattern(const struct tomoyo_path_info
*filename
)
459 struct tomoyo_pattern_entry
*ptr
;
460 const struct tomoyo_path_info
*pattern
= NULL
;
462 list_for_each_entry_rcu(ptr
, &tomoyo_pattern_list
, list
) {
465 if (!tomoyo_path_matches_pattern(filename
, ptr
->pattern
))
467 pattern
= ptr
->pattern
;
468 if (tomoyo_strendswith(pattern
->name
, "/\\*")) {
469 /* Do nothing. Try to find the better match. */
471 /* This would be the better match. Use this. */
477 return filename
->name
;
481 * tomoyo_write_pattern_policy - Write "struct tomoyo_pattern_entry" list.
483 * @data: String to parse.
484 * @is_delete: True if it is a delete request.
486 * Returns 0 on success, negative value otherwise.
488 * Caller holds tomoyo_read_lock().
490 int tomoyo_write_pattern_policy(char *data
, const bool is_delete
)
492 return tomoyo_update_file_pattern_entry(data
, is_delete
);
496 * tomoyo_read_file_pattern - Read "struct tomoyo_pattern_entry" list.
498 * @head: Pointer to "struct tomoyo_io_buffer".
500 * Returns true on success, false otherwise.
502 * Caller holds tomoyo_read_lock().
504 bool tomoyo_read_file_pattern(struct tomoyo_io_buffer
*head
)
506 struct list_head
*pos
;
509 list_for_each_cookie(pos
, head
->read_var2
, &tomoyo_pattern_list
) {
510 struct tomoyo_pattern_entry
*ptr
;
511 ptr
= list_entry(pos
, struct tomoyo_pattern_entry
, list
);
514 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_FILE_PATTERN
515 "%s\n", ptr
->pattern
->name
);
523 * tomoyo_no_rewrite_list is used for holding list of pathnames which are by
524 * default forbidden to modify already written content of a file.
526 * An entry is added by
528 * # echo 'deny_rewrite /var/log/messages' > \
529 * /sys/kernel/security/tomoyo/exception_policy
533 * # echo 'delete deny_rewrite /var/log/messages' > \
534 * /sys/kernel/security/tomoyo/exception_policy
536 * and all entries are retrieved by
538 * # grep ^deny_rewrite /sys/kernel/security/tomoyo/exception_policy
540 * In the example above, if a process requested to rewrite /var/log/messages ,
541 * the process can't rewrite unless the domain which that process belongs to
542 * has "allow_rewrite /var/log/messages" entry.
544 * It is not a desirable behavior that we have to add "\040(deleted)" suffix
545 * when we want to allow rewriting already unlink()ed file. As of now,
546 * LSM version of TOMOYO is using __d_path() for calculating pathname.
547 * Non LSM version of TOMOYO is using its own function which doesn't append
548 * " (deleted)" suffix if the file is already unlink()ed; so that we don't
549 * need to worry whether the file is already unlink()ed or not.
551 LIST_HEAD(tomoyo_no_rewrite_list
);
554 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.
556 * @pattern: Pathname pattern that are not rewritable by default.
557 * @is_delete: True if it is a delete request.
559 * Returns 0 on success, negative value otherwise.
561 * Caller holds tomoyo_read_lock().
563 static int tomoyo_update_no_rewrite_entry(const char *pattern
,
564 const bool is_delete
)
566 struct tomoyo_no_rewrite_entry
*ptr
;
567 struct tomoyo_no_rewrite_entry e
= { };
568 int error
= is_delete
? -ENOENT
: -ENOMEM
;
570 if (!tomoyo_is_correct_word(pattern
))
572 e
.pattern
= tomoyo_get_name(pattern
);
575 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
577 list_for_each_entry_rcu(ptr
, &tomoyo_no_rewrite_list
, list
) {
578 if (ptr
->pattern
!= e
.pattern
)
580 ptr
->is_deleted
= is_delete
;
584 if (!is_delete
&& error
) {
585 struct tomoyo_no_rewrite_entry
*entry
=
586 tomoyo_commit_ok(&e
, sizeof(e
));
588 list_add_tail_rcu(&entry
->list
,
589 &tomoyo_no_rewrite_list
);
593 mutex_unlock(&tomoyo_policy_lock
);
595 tomoyo_put_name(e
.pattern
);
600 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
602 * @filename: Filename to check.
604 * Returns true if @filename is specified by "deny_rewrite" directive,
607 * Caller holds tomoyo_read_lock().
609 static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info
*filename
)
611 struct tomoyo_no_rewrite_entry
*ptr
;
614 list_for_each_entry_rcu(ptr
, &tomoyo_no_rewrite_list
, list
) {
617 if (!tomoyo_path_matches_pattern(filename
, ptr
->pattern
))
626 * tomoyo_write_no_rewrite_policy - Write "struct tomoyo_no_rewrite_entry" list.
628 * @data: String to parse.
629 * @is_delete: True if it is a delete request.
631 * Returns 0 on success, negative value otherwise.
633 * Caller holds tomoyo_read_lock().
635 int tomoyo_write_no_rewrite_policy(char *data
, const bool is_delete
)
637 return tomoyo_update_no_rewrite_entry(data
, is_delete
);
641 * tomoyo_read_no_rewrite_policy - Read "struct tomoyo_no_rewrite_entry" list.
643 * @head: Pointer to "struct tomoyo_io_buffer".
645 * Returns true on success, false otherwise.
647 * Caller holds tomoyo_read_lock().
649 bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer
*head
)
651 struct list_head
*pos
;
654 list_for_each_cookie(pos
, head
->read_var2
, &tomoyo_no_rewrite_list
) {
655 struct tomoyo_no_rewrite_entry
*ptr
;
656 ptr
= list_entry(pos
, struct tomoyo_no_rewrite_entry
, list
);
659 done
= tomoyo_io_printf(head
, TOMOYO_KEYWORD_DENY_REWRITE
660 "%s\n", ptr
->pattern
->name
);
668 * tomoyo_update_file_acl - Update file's read/write/execute ACL.
670 * @perm: Permission (between 1 to 7).
671 * @filename: Filename.
672 * @domain: Pointer to "struct tomoyo_domain_info".
673 * @is_delete: True if it is a delete request.
675 * Returns 0 on success, negative value otherwise.
677 * This is legacy support interface for older policy syntax.
678 * Current policy syntax uses "allow_read/write" instead of "6",
679 * "allow_read" instead of "4", "allow_write" instead of "2",
680 * "allow_execute" instead of "1".
682 * Caller holds tomoyo_read_lock().
684 static int tomoyo_update_file_acl(u8 perm
, const char *filename
,
685 struct tomoyo_domain_info
* const domain
,
686 const bool is_delete
)
688 if (perm
> 7 || !perm
) {
689 printk(KERN_DEBUG
"%s: Invalid permission '%d %s'\n",
690 __func__
, perm
, filename
);
693 if (filename
[0] != '@' && tomoyo_strendswith(filename
, "/"))
695 * Only 'allow_mkdir' and 'allow_rmdir' are valid for
696 * directory permissions.
700 tomoyo_update_path_acl(TOMOYO_TYPE_READ
, filename
, domain
,
703 tomoyo_update_path_acl(TOMOYO_TYPE_WRITE
, filename
, domain
,
706 tomoyo_update_path_acl(TOMOYO_TYPE_EXECUTE
, filename
, domain
,
712 * tomoyo_path_acl - Check permission for single path operation.
714 * @r: Pointer to "struct tomoyo_request_info".
715 * @filename: Filename to check.
718 * Returns 0 on success, -EPERM otherwise.
720 * Caller holds tomoyo_read_lock().
722 static int tomoyo_path_acl(const struct tomoyo_request_info
*r
,
723 const struct tomoyo_path_info
*filename
,
726 struct tomoyo_domain_info
*domain
= r
->domain
;
727 struct tomoyo_acl_info
*ptr
;
730 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
731 struct tomoyo_path_acl
*acl
;
732 if (ptr
->type
!= TOMOYO_TYPE_PATH_ACL
)
734 acl
= container_of(ptr
, struct tomoyo_path_acl
, head
);
735 if (!(acl
->perm
& perm
) ||
736 !tomoyo_compare_name_union(filename
, &acl
->name
))
745 * tomoyo_file_perm - Check permission for opening files.
747 * @r: Pointer to "struct tomoyo_request_info".
748 * @filename: Filename to check.
749 * @mode: Mode ("read" or "write" or "read/write" or "execute").
751 * Returns 0 on success, negative value otherwise.
753 * Caller holds tomoyo_read_lock().
755 static int tomoyo_file_perm(struct tomoyo_request_info
*r
,
756 const struct tomoyo_path_info
*filename
,
759 const char *msg
= "<unknown>";
767 msg
= tomoyo_path2keyword(TOMOYO_TYPE_READ_WRITE
);
768 perm
= 1 << TOMOYO_TYPE_READ_WRITE
;
769 } else if (mode
== 4) {
770 msg
= tomoyo_path2keyword(TOMOYO_TYPE_READ
);
771 perm
= 1 << TOMOYO_TYPE_READ
;
772 } else if (mode
== 2) {
773 msg
= tomoyo_path2keyword(TOMOYO_TYPE_WRITE
);
774 perm
= 1 << TOMOYO_TYPE_WRITE
;
775 } else if (mode
== 1) {
776 msg
= tomoyo_path2keyword(TOMOYO_TYPE_EXECUTE
);
777 perm
= 1 << TOMOYO_TYPE_EXECUTE
;
781 error
= tomoyo_path_acl(r
, filename
, perm
);
782 if (error
&& mode
== 4 && !r
->domain
->ignore_global_allow_read
783 && tomoyo_is_globally_readable_file(filename
))
787 tomoyo_warn_log(r
, "%s %s", msg
, filename
->name
);
788 error
= tomoyo_supervisor(r
, "allow_%s %s\n", msg
,
789 tomoyo_file_pattern(filename
));
791 * Do not retry for execute request, for alias may have
794 } while (error
== TOMOYO_RETRY_REQUEST
&& mode
!= 1);
795 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
801 * tomoyo_update_path_acl - Update "struct tomoyo_path_acl" list.
803 * @type: Type of operation.
804 * @filename: Filename.
805 * @domain: Pointer to "struct tomoyo_domain_info".
806 * @is_delete: True if it is a delete request.
808 * Returns 0 on success, negative value otherwise.
810 * Caller holds tomoyo_read_lock().
812 static int tomoyo_update_path_acl(const u8 type
, const char *filename
,
813 struct tomoyo_domain_info
*const domain
,
814 const bool is_delete
)
816 static const u16 tomoyo_rw_mask
=
817 (1 << TOMOYO_TYPE_READ
) | (1 << TOMOYO_TYPE_WRITE
);
818 const u16 perm
= 1 << type
;
819 struct tomoyo_acl_info
*ptr
;
820 struct tomoyo_path_acl e
= {
821 .head
.type
= TOMOYO_TYPE_PATH_ACL
,
824 int error
= is_delete
? -ENOENT
: -ENOMEM
;
826 if (type
== TOMOYO_TYPE_READ_WRITE
)
827 e
.perm
|= tomoyo_rw_mask
;
830 if (!tomoyo_parse_name_union(filename
, &e
.name
))
832 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
834 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
835 struct tomoyo_path_acl
*acl
=
836 container_of(ptr
, struct tomoyo_path_acl
, head
);
837 if (!tomoyo_is_same_path_acl(acl
, &e
))
841 if ((acl
->perm
& tomoyo_rw_mask
) != tomoyo_rw_mask
)
842 acl
->perm
&= ~(1 << TOMOYO_TYPE_READ_WRITE
);
843 else if (!(acl
->perm
& (1 << TOMOYO_TYPE_READ_WRITE
)))
844 acl
->perm
&= ~tomoyo_rw_mask
;
847 if ((acl
->perm
& tomoyo_rw_mask
) == tomoyo_rw_mask
)
848 acl
->perm
|= 1 << TOMOYO_TYPE_READ_WRITE
;
849 else if (acl
->perm
& (1 << TOMOYO_TYPE_READ_WRITE
))
850 acl
->perm
|= tomoyo_rw_mask
;
855 if (!is_delete
&& error
) {
856 struct tomoyo_path_acl
*entry
=
857 tomoyo_commit_ok(&e
, sizeof(e
));
859 list_add_tail_rcu(&entry
->head
.list
,
860 &domain
->acl_info_list
);
864 mutex_unlock(&tomoyo_policy_lock
);
866 tomoyo_put_name_union(&e
.name
);
871 * tomoyo_update_path_number3_acl - Update "struct tomoyo_path_number3_acl" list.
873 * @type: Type of operation.
874 * @filename: Filename.
875 * @mode: Create mode.
876 * @major: Device major number.
877 * @minor: Device minor number.
878 * @domain: Pointer to "struct tomoyo_domain_info".
879 * @is_delete: True if it is a delete request.
881 * Returns 0 on success, negative value otherwise.
883 static inline int tomoyo_update_path_number3_acl(const u8 type
,
884 const char *filename
,
886 char *major
, char *minor
,
887 struct tomoyo_domain_info
*
889 const bool is_delete
)
891 const u8 perm
= 1 << type
;
892 struct tomoyo_acl_info
*ptr
;
893 struct tomoyo_path_number3_acl e
= {
894 .head
.type
= TOMOYO_TYPE_PATH_NUMBER3_ACL
,
897 int error
= is_delete
? -ENOENT
: -ENOMEM
;
898 if (!tomoyo_parse_name_union(filename
, &e
.name
) ||
899 !tomoyo_parse_number_union(mode
, &e
.mode
) ||
900 !tomoyo_parse_number_union(major
, &e
.major
) ||
901 !tomoyo_parse_number_union(minor
, &e
.minor
))
903 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
905 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
906 struct tomoyo_path_number3_acl
*acl
=
907 container_of(ptr
, struct tomoyo_path_number3_acl
, head
);
908 if (!tomoyo_is_same_path_number3_acl(acl
, &e
))
917 if (!is_delete
&& error
) {
918 struct tomoyo_path_number3_acl
*entry
=
919 tomoyo_commit_ok(&e
, sizeof(e
));
921 list_add_tail_rcu(&entry
->head
.list
,
922 &domain
->acl_info_list
);
926 mutex_unlock(&tomoyo_policy_lock
);
928 tomoyo_put_name_union(&e
.name
);
929 tomoyo_put_number_union(&e
.mode
);
930 tomoyo_put_number_union(&e
.major
);
931 tomoyo_put_number_union(&e
.minor
);
936 * tomoyo_update_path2_acl - Update "struct tomoyo_path2_acl" list.
938 * @type: Type of operation.
939 * @filename1: First filename.
940 * @filename2: Second filename.
941 * @domain: Pointer to "struct tomoyo_domain_info".
942 * @is_delete: True if it is a delete request.
944 * Returns 0 on success, negative value otherwise.
946 * Caller holds tomoyo_read_lock().
948 static int tomoyo_update_path2_acl(const u8 type
, const char *filename1
,
949 const char *filename2
,
950 struct tomoyo_domain_info
*const domain
,
951 const bool is_delete
)
953 const u8 perm
= 1 << type
;
954 struct tomoyo_path2_acl e
= {
955 .head
.type
= TOMOYO_TYPE_PATH2_ACL
,
958 struct tomoyo_acl_info
*ptr
;
959 int error
= is_delete
? -ENOENT
: -ENOMEM
;
963 if (!tomoyo_parse_name_union(filename1
, &e
.name1
) ||
964 !tomoyo_parse_name_union(filename2
, &e
.name2
))
966 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
968 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
969 struct tomoyo_path2_acl
*acl
=
970 container_of(ptr
, struct tomoyo_path2_acl
, head
);
971 if (!tomoyo_is_same_path2_acl(acl
, &e
))
980 if (!is_delete
&& error
) {
981 struct tomoyo_path2_acl
*entry
=
982 tomoyo_commit_ok(&e
, sizeof(e
));
984 list_add_tail_rcu(&entry
->head
.list
,
985 &domain
->acl_info_list
);
989 mutex_unlock(&tomoyo_policy_lock
);
991 tomoyo_put_name_union(&e
.name1
);
992 tomoyo_put_name_union(&e
.name2
);
997 * tomoyo_path_number3_acl - Check permission for path/number/number/number operation.
999 * @r: Pointer to "struct tomoyo_request_info".
1000 * @filename: Filename to check.
1001 * @perm: Permission.
1002 * @mode: Create mode.
1003 * @major: Device major number.
1004 * @minor: Device minor number.
1006 * Returns 0 on success, -EPERM otherwise.
1008 * Caller holds tomoyo_read_lock().
1010 static int tomoyo_path_number3_acl(struct tomoyo_request_info
*r
,
1011 const struct tomoyo_path_info
*filename
,
1012 const u16 perm
, const unsigned int mode
,
1013 const unsigned int major
,
1014 const unsigned int minor
)
1016 struct tomoyo_domain_info
*domain
= r
->domain
;
1017 struct tomoyo_acl_info
*ptr
;
1019 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1020 struct tomoyo_path_number3_acl
*acl
;
1021 if (ptr
->type
!= TOMOYO_TYPE_PATH_NUMBER3_ACL
)
1023 acl
= container_of(ptr
, struct tomoyo_path_number3_acl
, head
);
1024 if (!tomoyo_compare_number_union(mode
, &acl
->mode
))
1026 if (!tomoyo_compare_number_union(major
, &acl
->major
))
1028 if (!tomoyo_compare_number_union(minor
, &acl
->minor
))
1030 if (!(acl
->perm
& perm
))
1032 if (!tomoyo_compare_name_union(filename
, &acl
->name
))
1041 * tomoyo_path2_acl - Check permission for double path operation.
1043 * @r: Pointer to "struct tomoyo_request_info".
1044 * @type: Type of operation.
1045 * @filename1: First filename to check.
1046 * @filename2: Second filename to check.
1048 * Returns 0 on success, -EPERM otherwise.
1050 * Caller holds tomoyo_read_lock().
1052 static int tomoyo_path2_acl(const struct tomoyo_request_info
*r
, const u8 type
,
1053 const struct tomoyo_path_info
*filename1
,
1054 const struct tomoyo_path_info
*filename2
)
1056 const struct tomoyo_domain_info
*domain
= r
->domain
;
1057 struct tomoyo_acl_info
*ptr
;
1058 const u8 perm
= 1 << type
;
1061 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1062 struct tomoyo_path2_acl
*acl
;
1063 if (ptr
->type
!= TOMOYO_TYPE_PATH2_ACL
)
1065 acl
= container_of(ptr
, struct tomoyo_path2_acl
, head
);
1066 if (!(acl
->perm
& perm
))
1068 if (!tomoyo_compare_name_union(filename1
, &acl
->name1
))
1070 if (!tomoyo_compare_name_union(filename2
, &acl
->name2
))
1079 * tomoyo_path_permission - Check permission for single path operation.
1081 * @r: Pointer to "struct tomoyo_request_info".
1082 * @operation: Type of operation.
1083 * @filename: Filename to check.
1085 * Returns 0 on success, negative value otherwise.
1087 * Caller holds tomoyo_read_lock().
1089 static int tomoyo_path_permission(struct tomoyo_request_info
*r
, u8 operation
,
1090 const struct tomoyo_path_info
*filename
)
1096 r
->type
= tomoyo_p2mac
[operation
];
1097 r
->mode
= tomoyo_get_mode(r
->profile
, r
->type
);
1098 if (r
->mode
== TOMOYO_CONFIG_DISABLED
)
1101 error
= tomoyo_path_acl(r
, filename
, 1 << operation
);
1104 msg
= tomoyo_path2keyword(operation
);
1105 tomoyo_warn_log(r
, "%s %s", msg
, filename
->name
);
1106 error
= tomoyo_supervisor(r
, "allow_%s %s\n", msg
,
1107 tomoyo_file_pattern(filename
));
1108 } while (error
== TOMOYO_RETRY_REQUEST
);
1109 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1112 * Since "allow_truncate" doesn't imply "allow_rewrite" permission,
1113 * we need to check "allow_rewrite" permission if the filename is
1114 * specified by "deny_rewrite" keyword.
1116 if (!error
&& operation
== TOMOYO_TYPE_TRUNCATE
&&
1117 tomoyo_is_no_rewrite_file(filename
)) {
1118 operation
= TOMOYO_TYPE_REWRITE
;
1125 * tomoyo_path_number_acl - Check permission for ioctl/chmod/chown/chgrp operation.
1127 * @r: Pointer to "struct tomoyo_request_info".
1129 * @filename: Filename to check.
1132 * Returns 0 on success, -EPERM otherwise.
1134 * Caller holds tomoyo_read_lock().
1136 static int tomoyo_path_number_acl(struct tomoyo_request_info
*r
, const u8 type
,
1137 const struct tomoyo_path_info
*filename
,
1138 const unsigned long number
)
1140 struct tomoyo_domain_info
*domain
= r
->domain
;
1141 struct tomoyo_acl_info
*ptr
;
1142 const u8 perm
= 1 << type
;
1144 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1145 struct tomoyo_path_number_acl
*acl
;
1146 if (ptr
->type
!= TOMOYO_TYPE_PATH_NUMBER_ACL
)
1148 acl
= container_of(ptr
, struct tomoyo_path_number_acl
,
1150 if (!(acl
->perm
& perm
) ||
1151 !tomoyo_compare_number_union(number
, &acl
->number
) ||
1152 !tomoyo_compare_name_union(filename
, &acl
->name
))
1161 * tomoyo_update_path_number_acl - Update ioctl/chmod/chown/chgrp ACL.
1163 * @type: Type of operation.
1164 * @filename: Filename.
1166 * @domain: Pointer to "struct tomoyo_domain_info".
1167 * @is_delete: True if it is a delete request.
1169 * Returns 0 on success, negative value otherwise.
1171 static inline int tomoyo_update_path_number_acl(const u8 type
,
1172 const char *filename
,
1174 struct tomoyo_domain_info
*
1176 const bool is_delete
)
1178 const u8 perm
= 1 << type
;
1179 struct tomoyo_acl_info
*ptr
;
1180 struct tomoyo_path_number_acl e
= {
1181 .head
.type
= TOMOYO_TYPE_PATH_NUMBER_ACL
,
1184 int error
= is_delete
? -ENOENT
: -ENOMEM
;
1187 if (!tomoyo_parse_name_union(filename
, &e
.name
))
1189 if (!tomoyo_parse_number_union(number
, &e
.number
))
1191 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
1193 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
1194 struct tomoyo_path_number_acl
*acl
=
1195 container_of(ptr
, struct tomoyo_path_number_acl
, head
);
1196 if (!tomoyo_is_same_path_number_acl(acl
, &e
))
1205 if (!is_delete
&& error
) {
1206 struct tomoyo_path_number_acl
*entry
=
1207 tomoyo_commit_ok(&e
, sizeof(e
));
1209 list_add_tail_rcu(&entry
->head
.list
,
1210 &domain
->acl_info_list
);
1214 mutex_unlock(&tomoyo_policy_lock
);
1216 tomoyo_put_name_union(&e
.name
);
1217 tomoyo_put_number_union(&e
.number
);
1222 * tomoyo_path_number_perm2 - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1224 * @r: Pointer to "strct tomoyo_request_info".
1225 * @filename: Filename to check.
1228 * Returns 0 on success, negative value otherwise.
1230 * Caller holds tomoyo_read_lock().
1232 static int tomoyo_path_number_perm2(struct tomoyo_request_info
*r
,
1234 const struct tomoyo_path_info
*filename
,
1235 const unsigned long number
)
1245 case TOMOYO_TYPE_CREATE
:
1246 case TOMOYO_TYPE_MKDIR
:
1247 case TOMOYO_TYPE_MKFIFO
:
1248 case TOMOYO_TYPE_MKSOCK
:
1249 case TOMOYO_TYPE_CHMOD
:
1250 radix
= TOMOYO_VALUE_TYPE_OCTAL
;
1252 case TOMOYO_TYPE_IOCTL
:
1253 radix
= TOMOYO_VALUE_TYPE_HEXADECIMAL
;
1256 radix
= TOMOYO_VALUE_TYPE_DECIMAL
;
1259 tomoyo_print_ulong(buffer
, sizeof(buffer
), number
, radix
);
1261 error
= tomoyo_path_number_acl(r
, type
, filename
, number
);
1264 msg
= tomoyo_path_number2keyword(type
);
1265 tomoyo_warn_log(r
, "%s %s %s", msg
, filename
->name
, buffer
);
1266 error
= tomoyo_supervisor(r
, "allow_%s %s %s\n", msg
,
1267 tomoyo_file_pattern(filename
),
1269 } while (error
== TOMOYO_RETRY_REQUEST
);
1270 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1276 * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1278 * @type: Type of operation.
1279 * @path: Pointer to "struct path".
1282 * Returns 0 on success, negative value otherwise.
1284 int tomoyo_path_number_perm(const u8 type
, struct path
*path
,
1285 unsigned long number
)
1287 struct tomoyo_request_info r
;
1288 int error
= -ENOMEM
;
1289 struct tomoyo_path_info buf
;
1292 if (tomoyo_init_request_info(&r
, NULL
, tomoyo_pn2mac
[type
])
1293 == TOMOYO_CONFIG_DISABLED
|| !path
->mnt
|| !path
->dentry
)
1295 idx
= tomoyo_read_lock();
1296 if (!tomoyo_get_realpath(&buf
, path
))
1298 if (type
== TOMOYO_TYPE_MKDIR
)
1299 tomoyo_add_slash(&buf
);
1300 error
= tomoyo_path_number_perm2(&r
, type
, &buf
, number
);
1303 tomoyo_read_unlock(idx
);
1304 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1310 * tomoyo_check_exec_perm - Check permission for "execute".
1312 * @r: Pointer to "struct tomoyo_request_info".
1313 * @filename: Check permission for "execute".
1315 * Returns 0 on success, negativevalue otherwise.
1317 * Caller holds tomoyo_read_lock().
1319 int tomoyo_check_exec_perm(struct tomoyo_request_info
*r
,
1320 const struct tomoyo_path_info
*filename
)
1322 if (r
->mode
== TOMOYO_CONFIG_DISABLED
)
1324 return tomoyo_file_perm(r
, filename
, 1);
1328 * tomoyo_check_open_permission - Check permission for "read" and "write".
1330 * @domain: Pointer to "struct tomoyo_domain_info".
1331 * @path: Pointer to "struct path".
1332 * @flag: Flags for open().
1334 * Returns 0 on success, negative value otherwise.
1336 int tomoyo_check_open_permission(struct tomoyo_domain_info
*domain
,
1337 struct path
*path
, const int flag
)
1339 const u8 acc_mode
= ACC_MODE(flag
);
1340 int error
= -ENOMEM
;
1341 struct tomoyo_path_info buf
;
1342 struct tomoyo_request_info r
;
1346 (path
->dentry
->d_inode
&& S_ISDIR(path
->dentry
->d_inode
->i_mode
)))
1349 r
.mode
= TOMOYO_CONFIG_DISABLED
;
1350 idx
= tomoyo_read_lock();
1351 if (!tomoyo_get_realpath(&buf
, path
))
1355 * If the filename is specified by "deny_rewrite" keyword,
1356 * we need to check "allow_rewrite" permission when the filename is not
1357 * opened for append mode or the filename is truncated at open time.
1359 if ((acc_mode
& MAY_WRITE
) && !(flag
& O_APPEND
)
1360 && tomoyo_init_request_info(&r
, domain
, TOMOYO_MAC_FILE_REWRITE
)
1361 != TOMOYO_CONFIG_DISABLED
) {
1362 if (!tomoyo_get_realpath(&buf
, path
)) {
1366 if (tomoyo_is_no_rewrite_file(&buf
))
1367 error
= tomoyo_path_permission(&r
, TOMOYO_TYPE_REWRITE
,
1370 if (!error
&& acc_mode
&&
1371 tomoyo_init_request_info(&r
, domain
, TOMOYO_MAC_FILE_OPEN
)
1372 != TOMOYO_CONFIG_DISABLED
) {
1373 if (!buf
.name
&& !tomoyo_get_realpath(&buf
, path
)) {
1377 error
= tomoyo_file_perm(&r
, &buf
, acc_mode
);
1381 tomoyo_read_unlock(idx
);
1382 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1388 * tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "rewrite", "chroot" and "unmount".
1390 * @operation: Type of operation.
1391 * @path: Pointer to "struct path".
1393 * Returns 0 on success, negative value otherwise.
1395 int tomoyo_path_perm(const u8 operation
, struct path
*path
)
1397 int error
= -ENOMEM
;
1398 struct tomoyo_path_info buf
;
1399 struct tomoyo_request_info r
;
1404 if (tomoyo_init_request_info(&r
, NULL
, tomoyo_p2mac
[operation
])
1405 == TOMOYO_CONFIG_DISABLED
)
1408 idx
= tomoyo_read_lock();
1409 if (!tomoyo_get_realpath(&buf
, path
))
1411 switch (operation
) {
1412 case TOMOYO_TYPE_REWRITE
:
1413 if (!tomoyo_is_no_rewrite_file(&buf
)) {
1418 case TOMOYO_TYPE_RMDIR
:
1419 case TOMOYO_TYPE_CHROOT
:
1420 case TOMOYO_TYPE_UMOUNT
:
1421 tomoyo_add_slash(&buf
);
1424 error
= tomoyo_path_permission(&r
, operation
, &buf
);
1427 tomoyo_read_unlock(idx
);
1428 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1434 * tomoyo_path_number3_perm2 - Check permission for path/number/number/number operation.
1436 * @r: Pointer to "struct tomoyo_request_info".
1437 * @operation: Type of operation.
1438 * @filename: Filename to check.
1439 * @mode: Create mode.
1440 * @dev: Device number.
1442 * Returns 0 on success, negative value otherwise.
1444 * Caller holds tomoyo_read_lock().
1446 static int tomoyo_path_number3_perm2(struct tomoyo_request_info
*r
,
1448 const struct tomoyo_path_info
*filename
,
1449 const unsigned int mode
,
1450 const unsigned int dev
)
1454 const unsigned int major
= MAJOR(dev
);
1455 const unsigned int minor
= MINOR(dev
);
1458 error
= tomoyo_path_number3_acl(r
, filename
, 1 << operation
,
1459 mode
, major
, minor
);
1462 msg
= tomoyo_path_number32keyword(operation
);
1463 tomoyo_warn_log(r
, "%s %s 0%o %u %u", msg
, filename
->name
,
1464 mode
, major
, minor
);
1465 error
= tomoyo_supervisor(r
, "allow_%s %s 0%o %u %u\n", msg
,
1466 tomoyo_file_pattern(filename
), mode
,
1468 } while (error
== TOMOYO_RETRY_REQUEST
);
1469 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
1475 * tomoyo_path_number3_perm - Check permission for "mkblock" and "mkchar".
1477 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)
1478 * @path: Pointer to "struct path".
1479 * @mode: Create mode.
1480 * @dev: Device number.
1482 * Returns 0 on success, negative value otherwise.
1484 int tomoyo_path_number3_perm(const u8 operation
, struct path
*path
,
1485 const unsigned int mode
, unsigned int dev
)
1487 struct tomoyo_request_info r
;
1488 int error
= -ENOMEM
;
1489 struct tomoyo_path_info buf
;
1493 tomoyo_init_request_info(&r
, NULL
, tomoyo_pnnn2mac
[operation
])
1494 == TOMOYO_CONFIG_DISABLED
)
1496 idx
= tomoyo_read_lock();
1498 if (tomoyo_get_realpath(&buf
, path
)) {
1499 error
= tomoyo_path_number3_perm2(&r
, operation
, &buf
, mode
,
1500 new_decode_dev(dev
));
1503 tomoyo_read_unlock(idx
);
1504 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1510 * tomoyo_path2_perm - Check permission for "rename", "link" and "pivot_root".
1512 * @operation: Type of operation.
1513 * @path1: Pointer to "struct path".
1514 * @path2: Pointer to "struct path".
1516 * Returns 0 on success, negative value otherwise.
1518 int tomoyo_path2_perm(const u8 operation
, struct path
*path1
,
1521 int error
= -ENOMEM
;
1523 struct tomoyo_path_info buf1
;
1524 struct tomoyo_path_info buf2
;
1525 struct tomoyo_request_info r
;
1528 if (!path1
->mnt
|| !path2
->mnt
||
1529 tomoyo_init_request_info(&r
, NULL
, tomoyo_pp2mac
[operation
])
1530 == TOMOYO_CONFIG_DISABLED
)
1534 idx
= tomoyo_read_lock();
1535 if (!tomoyo_get_realpath(&buf1
, path1
) ||
1536 !tomoyo_get_realpath(&buf2
, path2
))
1538 switch (operation
) {
1539 struct dentry
*dentry
;
1540 case TOMOYO_TYPE_RENAME
:
1541 case TOMOYO_TYPE_LINK
:
1542 dentry
= path1
->dentry
;
1543 if (!dentry
->d_inode
|| !S_ISDIR(dentry
->d_inode
->i_mode
))
1546 case TOMOYO_TYPE_PIVOT_ROOT
:
1547 tomoyo_add_slash(&buf1
);
1548 tomoyo_add_slash(&buf2
);
1552 error
= tomoyo_path2_acl(&r
, operation
, &buf1
, &buf2
);
1555 msg
= tomoyo_path22keyword(operation
);
1556 tomoyo_warn_log(&r
, "%s %s %s", msg
, buf1
.name
, buf2
.name
);
1557 error
= tomoyo_supervisor(&r
, "allow_%s %s %s\n", msg
,
1558 tomoyo_file_pattern(&buf1
),
1559 tomoyo_file_pattern(&buf2
));
1560 } while (error
== TOMOYO_RETRY_REQUEST
);
1564 tomoyo_read_unlock(idx
);
1565 if (r
.mode
!= TOMOYO_CONFIG_ENFORCING
)
1571 * tomoyo_write_file_policy - Update file related list.
1573 * @data: String to parse.
1574 * @domain: Pointer to "struct tomoyo_domain_info".
1575 * @is_delete: True if it is a delete request.
1577 * Returns 0 on success, negative value otherwise.
1579 * Caller holds tomoyo_read_lock().
1581 int tomoyo_write_file_policy(char *data
, struct tomoyo_domain_info
*domain
,
1582 const bool is_delete
)
1586 if (!tomoyo_tokenize(data
, w
, sizeof(w
)) || !w
[1][0])
1588 if (strncmp(w
[0], "allow_", 6)) {
1590 if (sscanf(w
[0], "%u", &perm
) == 1)
1591 return tomoyo_update_file_acl((u8
) perm
, w
[1], domain
,
1596 for (type
= 0; type
< TOMOYO_MAX_PATH_OPERATION
; type
++) {
1597 if (strcmp(w
[0], tomoyo_path_keyword
[type
]))
1599 return tomoyo_update_path_acl(type
, w
[1], domain
, is_delete
);
1603 for (type
= 0; type
< TOMOYO_MAX_PATH2_OPERATION
; type
++) {
1604 if (strcmp(w
[0], tomoyo_path2_keyword
[type
]))
1606 return tomoyo_update_path2_acl(type
, w
[1], w
[2], domain
,
1609 for (type
= 0; type
< TOMOYO_MAX_PATH_NUMBER_OPERATION
; type
++) {
1610 if (strcmp(w
[0], tomoyo_path_number_keyword
[type
]))
1612 return tomoyo_update_path_number_acl(type
, w
[1], w
[2], domain
,
1615 if (!w
[3][0] || !w
[4][0])
1617 for (type
= 0; type
< TOMOYO_MAX_PATH_NUMBER3_OPERATION
; type
++) {
1618 if (strcmp(w
[0], tomoyo_path_number3_keyword
[type
]))
1620 return tomoyo_update_path_number3_acl(type
, w
[1], w
[2], w
[3],
1621 w
[4], domain
, is_delete
);