Open-Source-Software-Entwicklung und Downloads

TOMOYO

Browse Subversion Repository

/[tomoyo]/trunk/1.7.x/ccs-patch/security/ccsecurity/policy_io.c

Contents of /trunk/1.7.x/ccs-patch/security/ccsecurity/policy_io.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3248 - (show annotations) (download) (as text)
Sat Dec 12 08:47:01 2009 UTC (14 years, 5 months ago) by kumaneko
File MIME type: text/x-csrc
File size: 75829 byte(s) 
Use rcu_read_lock() for find_task_by_pid().
1 /*
2 * security/ccsecurity/policy_io.c
3 *
4 * Copyright (C) 2005-2009 NTT DATA CORPORATION
5 *
6 * Version: 1.7.1 2009/11/11
7 *
8 * This file is applicable to both 2.4.30 and 2.6.11 and later.
9 * See README.ccs for ChangeLog.
10 *
11 */
12
13 #include "internal.h"
14
15 static struct ccs_profile ccs_default_profile = {
16 .learning = &ccs_default_profile.preference,
17 .permissive = &ccs_default_profile.preference,
18 .enforcing = &ccs_default_profile.preference,
19 .audit = &ccs_default_profile.preference,
20 #ifdef CONFIG_CCSECURITY_AUDIT
21 .preference.audit_max_grant_log = CONFIG_CCSECURITY_MAX_GRANT_LOG,
22 .preference.audit_max_reject_log = CONFIG_CCSECURITY_MAX_REJECT_LOG,
23 #endif
24 .preference.audit_task_info = true,
25 .preference.audit_path_info = true,
26 .preference.enforcing_penalty = 0,
27 .preference.enforcing_verbose = true,
28 .preference.learning_max_entry = CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY,
29 .preference.learning_verbose = false,
30 .preference.learning_exec_realpath = true,
31 .preference.learning_exec_argv0 = true,
32 .preference.learning_symlink_target = true,
33 .preference.permissive_verbose = true
34 };
35
36 /* Profile version. Currently only 20090903 is defined. */
37 static unsigned int ccs_profile_version;
38
39 /* Profile table. Memory is allocated as needed. */
40 static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES];
41
42 /* String table for functionality that takes 4 modes. */
43 static const char *ccs_mode_4[4] = {
44 "disabled", "learning", "permissive", "enforcing"
45 };
46
47 /* String table for /proc/ccs/profile */
48 static const char *ccs_mac_keywords[CCS_MAX_MAC_INDEX +
49 CCS_MAX_CAPABILITY_INDEX +
50 CCS_MAX_MAC_CATEGORY_INDEX] = {
51 [CCS_MAC_FILE_EXECUTE]
52 = "file::execute",
53 [CCS_MAC_FILE_OPEN]
54 = "file::open",
55 [CCS_MAC_FILE_CREATE]
56 = "file::create",
57 [CCS_MAC_FILE_UNLINK]
58 = "file::unlink",
59 [CCS_MAC_FILE_MKDIR]
60 = "file::mkdir",
61 [CCS_MAC_FILE_RMDIR]
62 = "file::rmdir",
63 [CCS_MAC_FILE_MKFIFO]
64 = "file::mkfifo",
65 [CCS_MAC_FILE_MKSOCK]
66 = "file::mksock",
67 [CCS_MAC_FILE_TRUNCATE]
68 = "file::truncate",
69 [CCS_MAC_FILE_SYMLINK]
70 = "file::symlink",
71 [CCS_MAC_FILE_REWRITE]
72 = "file::rewrite",
73 [CCS_MAC_FILE_MKBLOCK]
74 = "file::mkblock",
75 [CCS_MAC_FILE_MKCHAR]
76 = "file::mkchar",
77 [CCS_MAC_FILE_LINK]
78 = "file::link",
79 [CCS_MAC_FILE_RENAME]
80 = "file::rename",
81 [CCS_MAC_FILE_CHMOD]
82 = "file::chmod",
83 [CCS_MAC_FILE_CHOWN]
84 = "file::chown",
85 [CCS_MAC_FILE_CHGRP]
86 = "file::chgrp",
87 [CCS_MAC_FILE_IOCTL]
88 = "file::ioctl",
89 [CCS_MAC_FILE_CHROOT]
90 = "file::chroot",
91 [CCS_MAC_FILE_MOUNT]
92 = "file::mount",
93 [CCS_MAC_FILE_UMOUNT]
94 = "file::umount",
95 [CCS_MAC_FILE_PIVOT_ROOT]
96 = "file::pivot_root",
97 [CCS_MAC_ENVIRON]
98 = "misc::env",
99 [CCS_MAC_NETWORK_UDP_BIND]
100 = "network::inet_udp_bind",
101 [CCS_MAC_NETWORK_UDP_CONNECT]
102 = "network::inet_udp_connect",
103 [CCS_MAC_NETWORK_TCP_BIND]
104 = "network::inet_tcp_bind",
105 [CCS_MAC_NETWORK_TCP_LISTEN]
106 = "network::inet_tcp_listen",
107 [CCS_MAC_NETWORK_TCP_CONNECT]
108 = "network::inet_tcp_connect",
109 [CCS_MAC_NETWORK_TCP_ACCEPT]
110 = "network::inet_tcp_accept",
111 [CCS_MAC_NETWORK_RAW_BIND]
112 = "network::inet_raw_bind",
113 [CCS_MAC_NETWORK_RAW_CONNECT]
114 = "network::inet_raw_connect",
115 [CCS_MAC_SIGNAL]
116 = "ipc::signal",
117 [CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_CREATE]
118 = "capability::inet_tcp_create",
119 [CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_LISTEN]
120 = "capability::inet_tcp_listen",
121 [CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_CONNECT]
122 = "capability::inet_tcp_connect",
123 [CCS_MAX_MAC_INDEX + CCS_USE_INET_DGRAM_SOCKET]
124 = "capability::use_inet_udp",
125 [CCS_MAX_MAC_INDEX + CCS_USE_INET_RAW_SOCKET]
126 = "capability::use_inet_ip",
127 [CCS_MAX_MAC_INDEX + CCS_USE_ROUTE_SOCKET]
128 = "capability::use_route",
129 [CCS_MAX_MAC_INDEX + CCS_USE_PACKET_SOCKET]
130 = "capability::use_packet",
131 [CCS_MAX_MAC_INDEX + CCS_SYS_MOUNT]
132 = "capability::SYS_MOUNT",
133 [CCS_MAX_MAC_INDEX + CCS_SYS_UMOUNT]
134 = "capability::SYS_UMOUNT",
135 [CCS_MAX_MAC_INDEX + CCS_SYS_REBOOT]
136 = "capability::SYS_REBOOT",
137 [CCS_MAX_MAC_INDEX + CCS_SYS_CHROOT]
138 = "capability::SYS_CHROOT",
139 [CCS_MAX_MAC_INDEX + CCS_SYS_KILL]
140 = "capability::SYS_KILL",
141 [CCS_MAX_MAC_INDEX + CCS_SYS_VHANGUP]
142 = "capability::SYS_VHANGUP",
143 [CCS_MAX_MAC_INDEX + CCS_SYS_SETTIME]
144 = "capability::SYS_TIME",
145 [CCS_MAX_MAC_INDEX + CCS_SYS_NICE]
146 = "capability::SYS_NICE",
147 [CCS_MAX_MAC_INDEX + CCS_SYS_SETHOSTNAME]
148 = "capability::SYS_SETHOSTNAME",
149 [CCS_MAX_MAC_INDEX + CCS_USE_KERNEL_MODULE]
150 = "capability::use_kernel_module",
151 [CCS_MAX_MAC_INDEX + CCS_CREATE_FIFO]
152 = "capability::create_fifo",
153 [CCS_MAX_MAC_INDEX + CCS_CREATE_BLOCK_DEV]
154 = "capability::create_block_dev",
155 [CCS_MAX_MAC_INDEX + CCS_CREATE_CHAR_DEV]
156 = "capability::create_char_dev",
157 [CCS_MAX_MAC_INDEX + CCS_CREATE_UNIX_SOCKET]
158 = "capability::create_unix_socket",
159 [CCS_MAX_MAC_INDEX + CCS_SYS_LINK]
160 = "capability::SYS_LINK",
161 [CCS_MAX_MAC_INDEX + CCS_SYS_SYMLINK]
162 = "capability::SYS_SYMLINK",
163 [CCS_MAX_MAC_INDEX + CCS_SYS_RENAME]
164 = "capability::SYS_RENAME",
165 [CCS_MAX_MAC_INDEX + CCS_SYS_UNLINK]
166 = "capability::SYS_UNLINK",
167 [CCS_MAX_MAC_INDEX + CCS_SYS_CHMOD]
168 = "capability::SYS_CHMOD",
169 [CCS_MAX_MAC_INDEX + CCS_SYS_CHOWN]
170 = "capability::SYS_CHOWN",
171 [CCS_MAX_MAC_INDEX + CCS_SYS_IOCTL]
172 = "capability::SYS_IOCTL",
173 [CCS_MAX_MAC_INDEX + CCS_SYS_KEXEC_LOAD]
174 = "capability::SYS_KEXEC_LOAD",
175 [CCS_MAX_MAC_INDEX + CCS_SYS_PIVOT_ROOT]
176 = "capability::SYS_PIVOT_ROOT",
177 [CCS_MAX_MAC_INDEX + CCS_SYS_PTRACE]
178 = "capability::SYS_PTRACE",
179 [CCS_MAX_MAC_INDEX + CCS_CONCEAL_MOUNT]
180 = "capability::conceal_mount",
181 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
182 + CCS_MAC_CATEGORY_FILE] = "file",
183 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
184 + CCS_MAC_CATEGORY_NETWORK] = "network",
185 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
186 + CCS_MAC_CATEGORY_MISC] = "misc",
187 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
188 + CCS_MAC_CATEGORY_IPC] = "ipc",
189 [CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
190 + CCS_MAC_CATEGORY_CAPABILITY] = "capability",
191 };
192
193 /* Permit policy management by non-root user? */
194 static bool ccs_manage_by_non_root;
195
196 /**
197 * ccs_cap2keyword - Convert capability operation to capability name.
198 *
199 * @operation: The capability index.
200 *
201 * Returns the name of the specified capability's name.
202 */
203 const char *ccs_cap2keyword(const u8 operation)
204 {
205 return operation < CCS_MAX_CAPABILITY_INDEX
206 ? ccs_mac_keywords[CCS_MAX_MAC_INDEX + operation] + 12 : NULL;
207 }
208
209 /**
210 * ccs_yesno - Return "yes" or "no".
211 *
212 * @value: Bool value.
213 */
214 static const char *ccs_yesno(const unsigned int value)
215 {
216 return value ? "yes" : "no";
217 }
218
219 /**
220 * ccs_io_printf - Transactional printf() to "struct ccs_io_buffer" structure.
221 *
222 * @head: Pointer to "struct ccs_io_buffer".
223 * @fmt: The printf()'s format string, followed by parameters.
224 *
225 * Returns true on success, false otherwise.
226 *
227 * The snprintf() will truncate, but ccs_io_printf() won't.
228 */
229 bool ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...)
230 {
231 va_list args;
232 int len;
233 int pos = head->read_avail;
234 int size = head->readbuf_size - pos;
235 if (size <= 0)
236 return false;
237 va_start(args, fmt);
238 len = vsnprintf(head->read_buf + pos, size, fmt, args);
239 va_end(args);
240 if (pos + len >= head->readbuf_size)
241 return false;
242 head->read_avail += len;
243 return true;
244 }
245
246 /**
247 * ccs_find_or_assign_new_profile - Create a new profile.
248 *
249 * @profile: Profile number to create.
250 *
251 * Returns pointer to "struct ccs_profile" on success, NULL otherwise.
252 */
253 static struct ccs_profile *ccs_find_or_assign_new_profile(const unsigned int
254 profile)
255 {
256 struct ccs_profile *ptr;
257 struct ccs_profile *entry;
258 if (profile >= CCS_MAX_PROFILES)
259 return NULL;
260 ptr = ccs_profile_ptr[profile];
261 if (ptr)
262 return ptr;
263 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
264 mutex_lock(&ccs_policy_lock);
265 ptr = ccs_profile_ptr[profile];
266 if (!ptr && ccs_memory_ok(entry, sizeof(*entry))) {
267 ptr = entry;
268 ptr->audit = &ccs_default_profile.preference;
269 ptr->learning = &ccs_default_profile.preference;
270 ptr->permissive = &ccs_default_profile.preference;
271 ptr->enforcing = &ccs_default_profile.preference;
272 ptr->default_config = CCS_CONFIG_DISABLED |
273 CCS_CONFIG_WANT_GRANT_LOG | CCS_CONFIG_WANT_REJECT_LOG;
274 memset(ptr->config, CCS_CONFIG_USE_DEFAULT,
275 sizeof(ptr->config));
276 mb(); /* Avoid out-of-order execution. */
277 ccs_profile_ptr[profile] = ptr;
278 entry = NULL;
279 }
280 mutex_unlock(&ccs_policy_lock);
281 kfree(entry);
282 return ptr;
283 }
284
285 /**
286 * ccs_check_profile - Check all profiles currently assigned to domains are defined.
287 */
288 void ccs_check_profile(void)
289 {
290 struct ccs_domain_info *domain;
291 ccs_policy_loaded = true;
292 list_for_each_entry_rcu(domain, &ccs_domain_list, list) {
293 const u8 profile = domain->profile;
294 if (ccs_profile_ptr[profile])
295 continue;
296 panic("Profile %u (used by '%s') not defined.\n",
297 profile, domain->domainname->name);
298 }
299 if (ccs_profile_version != 20090903)
300 panic("Profile version %u is not supported.\n",
301 ccs_profile_version);
302 }
303
304 /**
305 * ccs_profile - Find a profile.
306 *
307 * @profile: Profile number to find.
308 *
309 * Returns pointer to "struct ccs_profile".
310 */
311 struct ccs_profile *ccs_profile(const u8 profile)
312 {
313 struct ccs_profile *ptr = ccs_profile_ptr[profile];
314 if (!ccs_policy_loaded)
315 return &ccs_default_profile;
316 BUG_ON(!ptr);
317 return ptr;
318 }
319
320 /**
321 * ccs_write_profile - Write profile table.
322 *
323 * @head: Pointer to "struct ccs_io_buffer".
324 *
325 * Returns 0 on success, negative value otherwise.
326 */
327 static int ccs_write_profile(struct ccs_io_buffer *head)
328 {
329 char *data = head->write_buf;
330 unsigned int i;
331 int value;
332 int mode;
333 u8 config;
334 bool use_default = false;
335 char *cp;
336 struct ccs_profile *profile;
337 if (sscanf(data, "PROFILE_VERSION=%u", &ccs_profile_version) == 1)
338 return 0;
339 i = simple_strtoul(data, &cp, 10);
340 if (data == cp) {
341 profile = &ccs_default_profile;
342 } else {
343 if (*cp != '-')
344 return -EINVAL;
345 data = cp + 1;
346 profile = ccs_find_or_assign_new_profile(i);
347 if (!profile)
348 return -EINVAL;
349 }
350 cp = strchr(data, '=');
351 if (!cp)
352 return -EINVAL;
353 *cp++ = '\0';
354 if (profile != &ccs_default_profile)
355 use_default = strstr(cp, "use_default") != NULL;
356 if (strstr(cp, "verbose=yes"))
357 value = 1;
358 else if (strstr(cp, "verbose=no"))
359 value = 0;
360 else
361 value = -1;
362 if (!strcmp(data, "PREFERENCE::audit")) {
363 #ifdef CONFIG_CCSECURITY_AUDIT
364 char *cp2;
365 #endif
366 if (use_default) {
367 profile->audit = &ccs_default_profile.preference;
368 return 0;
369 }
370 profile->audit = &profile->preference;
371 #ifdef CONFIG_CCSECURITY_AUDIT
372 cp2 = strstr(cp, "max_grant_log=");
373 if (cp2)
374 sscanf(cp2 + 14, "%u",
375 &profile->preference.audit_max_grant_log);
376 cp2 = strstr(cp, "max_reject_log=");
377 if (cp2)
378 sscanf(cp2 + 15, "%u",
379 &profile->preference.audit_max_reject_log);
380 #endif
381 if (strstr(cp, "task_info=yes"))
382 profile->preference.audit_task_info = true;
383 else if (strstr(cp, "task_info=no"))
384 profile->preference.audit_task_info = false;
385 if (strstr(cp, "path_info=yes"))
386 profile->preference.audit_path_info = true;
387 else if (strstr(cp, "path_info=no"))
388 profile->preference.audit_path_info = false;
389 return 0;
390 }
391 if (!strcmp(data, "PREFERENCE::enforcing")) {
392 char *cp2;
393 if (use_default) {
394 profile->enforcing = &ccs_default_profile.preference;
395 return 0;
396 }
397 profile->enforcing = &profile->preference;
398 if (value >= 0)
399 profile->preference.enforcing_verbose = value;
400 cp2 = strstr(cp, "penalty=");
401 if (cp2)
402 sscanf(cp2 + 8, "%u",
403 &profile->preference.enforcing_penalty);
404 return 0;
405 }
406 if (!strcmp(data, "PREFERENCE::permissive")) {
407 if (use_default) {
408 profile->permissive = &ccs_default_profile.preference;
409 return 0;
410 }
411 profile->permissive = &profile->preference;
412 if (value >= 0)
413 profile->preference.permissive_verbose = value;
414 return 0;
415 }
416 if (!strcmp(data, "PREFERENCE::learning")) {
417 char *cp2;
418 if (use_default) {
419 profile->learning = &ccs_default_profile.preference;
420 return 0;
421 }
422 profile->learning = &profile->preference;
423 if (value >= 0)
424 profile->preference.learning_verbose = value;
425 cp2 = strstr(cp, "max_entry=");
426 if (cp2)
427 sscanf(cp2 + 10, "%u",
428 &profile->preference.learning_max_entry);
429 if (strstr(cp, "exec.realpath=yes"))
430 profile->preference.learning_exec_realpath = true;
431 else if (strstr(cp, "exec.realpath=no"))
432 profile->preference.learning_exec_realpath = false;
433 if (strstr(cp, "exec.argv0=yes"))
434 profile->preference.learning_exec_argv0 = true;
435 else if (strstr(cp, "exec.argv0=no"))
436 profile->preference.learning_exec_argv0 = false;
437 if (strstr(cp, "symlink.target=yes"))
438 profile->preference.learning_symlink_target = true;
439 else if (strstr(cp, "symlink.target=no"))
440 profile->preference.learning_symlink_target = false;
441 return 0;
442 }
443 if (profile == &ccs_default_profile)
444 return -EINVAL;
445 if (!strcmp(data, "COMMENT")) {
446 const struct ccs_path_info *old_comment = profile->comment;
447 profile->comment = ccs_get_name(cp);
448 ccs_put_name(old_comment);
449 return 0;
450 }
451 if (!strcmp(data, "CONFIG")) {
452 i = CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
453 + CCS_MAX_MAC_CATEGORY_INDEX;
454 config = profile->default_config;
455 } else if (ccs_str_starts(&data, "CONFIG::")) {
456 config = 0;
457 for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
458 + CCS_MAX_MAC_CATEGORY_INDEX; i++) {
459 if (strcmp(data, ccs_mac_keywords[i]))
460 continue;
461 config = profile->config[i];
462 break;
463 }
464 if (i == CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
465 + CCS_MAX_MAC_CATEGORY_INDEX)
466 return -EINVAL;
467 } else {
468 return -EINVAL;
469 }
470 if (use_default) {
471 config = CCS_CONFIG_USE_DEFAULT;
472 } else {
473 for (mode = 3; mode >= 0; mode--)
474 if (strstr(cp, ccs_mode_4[mode]))
475 /*
476 * Update lower 3 bits in order to distinguish
477 * 'config' from 'CCS_CONFIG_USE_DEAFULT'.
478 */
479 config = (config & ~7) | mode;
480 #ifdef CONFIG_CCSECURITY_AUDIT
481 if (config != CCS_CONFIG_USE_DEFAULT) {
482 if (strstr(cp, "grant_log=yes"))
483 config |= CCS_CONFIG_WANT_GRANT_LOG;
484 else if (strstr(cp, "grant_log=no"))
485 config &= ~CCS_CONFIG_WANT_GRANT_LOG;
486 if (strstr(cp, "reject_log=yes"))
487 config |= CCS_CONFIG_WANT_REJECT_LOG;
488 else if (strstr(cp, "reject_log=no"))
489 config &= ~CCS_CONFIG_WANT_REJECT_LOG;
490 }
491 #endif
492 }
493 if (i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
494 + CCS_MAX_MAC_CATEGORY_INDEX)
495 profile->config[i] = config;
496 else if (config != CCS_CONFIG_USE_DEFAULT)
497 profile->default_config = config;
498 return 0;
499 }
500
501 /**
502 * ccs_read_profile - Read profile table.
503 *
504 * @head: Pointer to "struct ccs_io_buffer".
505 */
506 static void ccs_read_profile(struct ccs_io_buffer *head)
507 {
508 int index;
509 if (head->read_eof)
510 return;
511 if (head->read_bit)
512 goto body;
513 ccs_io_printf(head, "PROFILE_VERSION=%s\n", "20090903");
514 ccs_io_printf(head, "PREFERENCE::audit={ "
515 #ifdef CONFIG_CCSECURITY_AUDIT
516 "max_grant_log=%u max_reject_log=%u "
517 #endif
518 "task_info=%s path_info=%s }\n",
519 #ifdef CONFIG_CCSECURITY_AUDIT
520 ccs_default_profile.preference.audit_max_grant_log,
521 ccs_default_profile.preference.audit_max_reject_log,
522 #endif
523 ccs_yesno(ccs_default_profile.preference.
524 audit_task_info),
525 ccs_yesno(ccs_default_profile.preference.
526 audit_path_info));
527 ccs_io_printf(head, "PREFERENCE::learning={ verbose=%s max_entry=%u "
528 "exec.realpath=%s exec.argv0=%s symlink.target=%s }\n",
529 ccs_yesno(ccs_default_profile.preference.
530 learning_verbose),
531 ccs_default_profile.preference.learning_max_entry,
532 ccs_yesno(ccs_default_profile.preference.
533 learning_exec_realpath),
534 ccs_yesno(ccs_default_profile.preference.
535 learning_exec_argv0),
536 ccs_yesno(ccs_default_profile.preference.
537 learning_symlink_target));
538 ccs_io_printf(head, "PREFERENCE::permissive={ verbose=%s }\n",
539 ccs_yesno(ccs_default_profile.preference.
540 permissive_verbose));
541 ccs_io_printf(head, "PREFERENCE::enforcing={ verbose=%s penalty=%u "
542 "}\n",
543 ccs_yesno(ccs_default_profile.preference.
544 enforcing_verbose),
545 ccs_default_profile.preference.enforcing_penalty);
546 head->read_bit = 1;
547 body:
548 for (index = head->read_step; index < CCS_MAX_PROFILES; index++) {
549 bool done;
550 u8 config;
551 int i;
552 int pos;
553 const struct ccs_profile *profile = ccs_profile_ptr[index];
554 const struct ccs_path_info *comment;
555 head->read_step = index;
556 if (!profile)
557 continue;
558 pos = head->read_avail;
559 comment = profile->comment;
560 done = ccs_io_printf(head, "%u-COMMENT=%s\n", index,
561 comment ? comment->name : "");
562 if (!done)
563 goto out;
564 config = profile->default_config;
565 #ifdef CONFIG_CCSECURITY_AUDIT
566 if (!ccs_io_printf(head, "%u-CONFIG={ mode=%s grant_log=%s "
567 "reject_log=%s }\n", index,
568 ccs_mode_4[config & 3],
569 ccs_yesno(config &
570 CCS_CONFIG_WANT_GRANT_LOG),
571 ccs_yesno(config &
572 CCS_CONFIG_WANT_REJECT_LOG)))
573 goto out;
574 #else
575 if (!ccs_io_printf(head, "%u-CONFIG={ mode=%s }\n", index,
576 ccs_mode_4[config & 3]))
577 goto out;
578 #endif
579 for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
580 + CCS_MAX_MAC_CATEGORY_INDEX; i++) {
581 #ifdef CONFIG_CCSECURITY_AUDIT
582 const char *g;
583 const char *r;
584 #endif
585 config = profile->config[i];
586 if (config == CCS_CONFIG_USE_DEFAULT)
587 continue;
588 #ifdef CONFIG_CCSECURITY_AUDIT
589 g = ccs_yesno(config & CCS_CONFIG_WANT_GRANT_LOG);
590 r = ccs_yesno(config & CCS_CONFIG_WANT_REJECT_LOG);
591 if (!ccs_io_printf(head, "%u-CONFIG::%s={ mode=%s "
592 "grant_log=%s reject_log=%s }\n",
593 index, ccs_mac_keywords[i],
594 ccs_mode_4[config & 3], g, r))
595 goto out;
596 #else
597 if (!ccs_io_printf(head, "%u-CONFIG::%s={ mode=%s }\n",
598 index, ccs_mac_keywords[i],
599 ccs_mode_4[config & 3]))
600 goto out;
601 #endif
602 }
603 if (profile->audit != &ccs_default_profile.preference &&
604 !ccs_io_printf(head, "%u-PREFERENCE::audit={ "
605 #ifdef CONFIG_CCSECURITY_AUDIT
606 "max_grant_log=%u max_reject_log=%u "
607 #endif
608 "task_info=%s path_info=%s }\n", index,
609 #ifdef CONFIG_CCSECURITY_AUDIT
610 profile->preference.audit_max_grant_log,
611 profile->preference.audit_max_reject_log,
612 #endif
613 ccs_yesno(profile->preference.
614 audit_task_info),
615 ccs_yesno(profile->preference.
616 audit_path_info)))
617 goto out;
618 if (profile->learning != &ccs_default_profile.preference &&
619 !ccs_io_printf(head, "%u-PREFERENCE::learning={ "
620 "verbose=%s max_entry=%u exec.realpath=%s "
621 "exec.argv0=%s symlink.target=%s }\n",
622 index,
623 ccs_yesno(profile->preference.
624 learning_verbose),
625 profile->preference.learning_max_entry,
626 ccs_yesno(profile->preference.
627 learning_exec_realpath),
628 ccs_yesno(profile->preference.
629 learning_exec_argv0),
630 ccs_yesno(profile->preference.
631 learning_symlink_target)))
632 goto out;
633 if (profile->permissive != &ccs_default_profile.preference &&
634 !ccs_io_printf(head, "%u-PREFERENCE::permissive={ "
635 "verbose=%s }\n", index,
636 ccs_yesno(profile->preference.
637 permissive_verbose)))
638 goto out;
639 if (profile->enforcing != &ccs_default_profile.preference &&
640 !ccs_io_printf(head, "%u-PREFERENCE::enforcing={ "
641 "verbose=%s penalty=%u }\n", index,
642 ccs_yesno(profile->preference.
643 enforcing_verbose),
644 profile->preference.enforcing_penalty))
645 goto out;
646 continue;
647 out:
648 head->read_avail = pos;
649 break;
650 }
651 if (index == CCS_MAX_PROFILES)
652 head->read_eof = true;
653 }
654
655 /* The list for "struct ccs_policy_manager_entry". */
656 LIST_HEAD(ccs_policy_manager_list);
657
658 /**
659 * ccs_update_manager_entry - Add a manager entry.
660 *
661 * @manager: The path to manager or the domainnamme.
662 * @is_delete: True if it is a delete request.
663 *
664 * Returns 0 on success, negative value otherwise.
665 */
666 static int ccs_update_manager_entry(const char *manager, const bool is_delete)
667 {
668 struct ccs_policy_manager_entry *entry = NULL;
669 struct ccs_policy_manager_entry *ptr;
670 struct ccs_policy_manager_entry e = { };
671 int error = is_delete ? -ENOENT : -ENOMEM;
672 if (ccs_is_domain_def(manager)) {
673 if (!ccs_is_correct_domain(manager))
674 return -EINVAL;
675 e.is_domain = true;
676 } else {
677 if (!ccs_is_correct_path(manager, 1, -1, -1))
678 return -EINVAL;
679 }
680 e.manager = ccs_get_name(manager);
681 if (!e.manager)
682 return -ENOMEM;
683 if (!is_delete)
684 entry = kmalloc(sizeof(e), GFP_KERNEL);
685 mutex_lock(&ccs_policy_lock);
686 list_for_each_entry_rcu(ptr, &ccs_policy_manager_list, list) {
687 if (ptr->manager != e.manager)
688 continue;
689 ptr->is_deleted = is_delete;
690 error = 0;
691 break;
692 }
693 if (!is_delete && error && ccs_commit_ok(entry, &e, sizeof(e))) {
694 list_add_tail_rcu(&entry->list, &ccs_policy_manager_list);
695 entry = NULL;
696 error = 0;
697 }
698 mutex_unlock(&ccs_policy_lock);
699 ccs_put_name(e.manager);
700 kfree(entry);
701 return error;
702 }
703
704 /**
705 * ccs_write_manager_policy - Write manager policy.
706 *
707 * @head: Pointer to "struct ccs_io_buffer".
708 *
709 * Returns 0 on success, negative value otherwise.
710 */
711 static int ccs_write_manager_policy(struct ccs_io_buffer *head)
712 {
713 char *data = head->write_buf;
714 bool is_delete = ccs_str_starts(&data, CCS_KEYWORD_DELETE);
715 if (!strcmp(data, "manage_by_non_root")) {
716 ccs_manage_by_non_root = !is_delete;
717 return 0;
718 }
719 return ccs_update_manager_entry(data, is_delete);
720 }
721
722 /**
723 * ccs_read_manager_policy - Read manager policy.
724 *
725 * @head: Pointer to "struct ccs_io_buffer".
726 *
727 * Caller holds ccs_read_lock().
728 */
729 static void ccs_read_manager_policy(struct ccs_io_buffer *head)
730 {
731 struct list_head *pos;
732 if (head->read_eof)
733 return;
734 list_for_each_cookie(pos, head->read_var2, &ccs_policy_manager_list) {
735 struct ccs_policy_manager_entry *ptr;
736 ptr = list_entry(pos, struct ccs_policy_manager_entry, list);
737 if (ptr->is_deleted)
738 continue;
739 if (!ccs_io_printf(head, "%s\n", ptr->manager->name))
740 return;
741 }
742 head->read_eof = true;
743 }
744
745 /**
746 * ccs_is_policy_manager - Check whether the current process is a policy manager.
747 *
748 * Returns true if the current process is permitted to modify policy
749 * via /proc/ccs/ interface.
750 *
751 * Caller holds ccs_read_lock().
752 */
753 static bool ccs_is_policy_manager(void)
754 {
755 struct ccs_policy_manager_entry *ptr;
756 const char *exe;
757 struct task_struct *task = current;
758 const struct ccs_path_info *domainname
759 = ccs_current_domain()->domainname;
760 bool found = false;
761 if (!ccs_policy_loaded)
762 return true;
763 if (task->ccs_flags & CCS_TASK_IS_POLICY_MANAGER)
764 return true;
765 if (!ccs_manage_by_non_root && (current_uid() || current_euid()))
766 return false;
767 list_for_each_entry_rcu(ptr, &ccs_policy_manager_list, list) {
768 if (!ptr->is_deleted && ptr->is_domain
769 && !ccs_pathcmp(domainname, ptr->manager)) {
770 /* Set manager flag. */
771 task->ccs_flags |= CCS_TASK_IS_POLICY_MANAGER;
772 return true;
773 }
774 }
775 exe = ccs_get_exe();
776 if (!exe)
777 return false;
778 list_for_each_entry_rcu(ptr, &ccs_policy_manager_list, list) {
779 if (!ptr->is_deleted && !ptr->is_domain
780 && !strcmp(exe, ptr->manager->name)) {
781 found = true;
782 /* Set manager flag. */
783 task->ccs_flags |= CCS_TASK_IS_POLICY_MANAGER;
784 break;
785 }
786 }
787 if (!found) { /* Reduce error messages. */
788 static pid_t ccs_last_pid;
789 const pid_t pid = current->pid;
790 if (ccs_last_pid != pid) {
791 printk(KERN_WARNING "%s ( %s ) is not permitted to "
792 "update policies.\n", domainname->name, exe);
793 ccs_last_pid = pid;
794 }
795 }
796 kfree(exe);
797 return found;
798 }
799
800 /**
801 * ccs_find_condition_part - Find condition part from the statement.
802 *
803 * @data: String to parse.
804 *
805 * Returns pointer to the condition part if it was found in the statement,
806 * NULL otherwise.
807 */
808 static char *ccs_find_condition_part(char *data)
809 {
810 char *cp = strstr(data, " if ");
811 if (cp) {
812 while (1) {
813 char *cp2 = strstr(cp + 3, " if ");
814 if (!cp2)
815 break;
816 cp = cp2;
817 }
818 *cp++ = '\0';
819 } else {
820 cp = strstr(data, " ; set ");
821 if (cp)
822 *cp++ = '\0';
823 }
824 return cp;
825 }
826
827 /**
828 * ccs_is_select_one - Parse select command.
829 *
830 * @head: Pointer to "struct ccs_io_buffer".
831 * @data: String to parse.
832 *
833 * Returns true on success, false otherwise.
834 *
835 * Caller holds ccs_read_lock().
836 */
837 static bool ccs_is_select_one(struct ccs_io_buffer *head, const char *data)
838 {
839 unsigned int pid;
840 struct ccs_domain_info *domain = NULL;
841 bool global_pid = false;
842 if (!strcmp(data, "allow_execute")) {
843 head->read_execute_only = true;
844 return true;
845 }
846 if (sscanf(data, "pid=%u", &pid) == 1 ||
847 (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
848 struct task_struct *p;
849 ccs_tasklist_lock();
850 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
851 if (global_pid)
852 p = find_task_by_pid_ns(pid, &init_pid_ns);
853 else
854 p = find_task_by_vpid(pid);
855 #else
856 p = find_task_by_pid(pid);
857 #endif
858 if (p)
859 domain = ccs_task_domain(p);
860 ccs_tasklist_unlock();
861 } else if (!strncmp(data, "domain=", 7)) {
862 if (ccs_is_domain_def(data + 7))
863 domain = ccs_find_domain(data + 7);
864 } else
865 return false;
866 head->write_var1 = domain;
867 /* Accessing read_buf is safe because head->io_sem is held. */
868 if (!head->read_buf)
869 return true; /* Do nothing if open(O_WRONLY). */
870 head->read_avail = 0;
871 ccs_io_printf(head, "# select %s\n", data);
872 head->read_single_domain = true;
873 head->read_eof = !domain;
874 if (domain) {
875 struct ccs_domain_info *d;
876 head->read_var1 = NULL;
877 list_for_each_entry_rcu(d, &ccs_domain_list, list) {
878 if (d == domain)
879 break;
880 head->read_var1 = &d->list;
881 }
882 head->read_var2 = NULL;
883 head->read_bit = 0;
884 head->read_step = 0;
885 if (domain->is_deleted)
886 ccs_io_printf(head, "# This is a deleted domain.\n");
887 }
888 return true;
889 }
890
891 static int ccs_write_domain_policy2(char *data, struct ccs_domain_info *domain,
892 struct ccs_condition *cond,
893 const bool is_delete)
894 {
895 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_CAPABILITY))
896 return ccs_write_capability_policy(data, domain, cond,
897 is_delete);
898 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_NETWORK))
899 return ccs_write_network_policy(data, domain, cond, is_delete);
900 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_SIGNAL))
901 return ccs_write_signal_policy(data, domain, cond, is_delete);
902 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV))
903 return ccs_write_env_policy(data, domain, cond, is_delete);
904 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_MOUNT))
905 return ccs_write_mount_policy(data, domain, cond, is_delete);
906 return ccs_write_file_policy(data, domain, cond, is_delete);
907 }
908
909 /**
910 * ccs_write_domain_policy - Write domain policy.
911 *
912 * @head: Pointer to "struct ccs_io_buffer".
913 *
914 * Returns 0 on success, negative value otherwise.
915 */
916 static int ccs_write_domain_policy(struct ccs_io_buffer *head)
917 {
918 char *data = head->write_buf;
919 struct ccs_domain_info *domain = head->write_var1;
920 bool is_delete = false;
921 bool is_select = false;
922 unsigned int profile;
923 struct ccs_condition *cond = NULL;
924 char *cp;
925 int error;
926 if (ccs_str_starts(&data, CCS_KEYWORD_DELETE))
927 is_delete = true;
928 else if (ccs_str_starts(&data, CCS_KEYWORD_SELECT))
929 is_select = true;
930 if (is_select && ccs_is_select_one(head, data))
931 return 0;
932 /* Don't allow updating policies by non manager programs. */
933 if (!ccs_is_policy_manager())
934 return -EPERM;
935 if (ccs_is_domain_def(data)) {
936 domain = NULL;
937 if (is_delete)
938 ccs_delete_domain(data);
939 else if (is_select)
940 domain = ccs_find_domain(data);
941 else
942 domain = ccs_find_or_assign_new_domain(data, 0);
943 head->write_var1 = domain;
944 return 0;
945 }
946 if (!domain)
947 return -EINVAL;
948
949 if (sscanf(data, CCS_KEYWORD_USE_PROFILE "%u", &profile) == 1
950 && profile < CCS_MAX_PROFILES) {
951 if (!ccs_policy_loaded || ccs_profile_ptr[(u8) profile])
952 domain->profile = (u8) profile;
953 return 0;
954 }
955 if (!strcmp(data, CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
956 domain->ignore_global_allow_read = !is_delete;
957 return 0;
958 }
959 if (!strcmp(data, CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_ENV)) {
960 domain->ignore_global_allow_env = !is_delete;
961 return 0;
962 }
963 cp = ccs_find_condition_part(data);
964 if (cp) {
965 cond = ccs_get_condition(cp);
966 if (!cond)
967 return -EINVAL;
968 }
969 error = ccs_write_domain_policy2(data, domain, cond, is_delete);
970 if (cond)
971 ccs_put_condition(cond);
972 return error;
973 }
974
975 /**
976 * ccs_print_name_union - Print a ccs_name_union.
977 *
978 * @head: Pointer to "struct ccs_io_buffer".
979 * @ptr: Pointer to "struct ccs_name_union".
980 *
981 * Returns true on success, false otherwise.
982 */
983 static bool ccs_print_name_union(struct ccs_io_buffer *head,
984 const struct ccs_name_union *ptr)
985 {
986 int pos = head->read_avail;
987 if (pos && head->read_buf[pos - 1] == ' ')
988 head->read_avail--;
989 if (ptr->is_group)
990 return ccs_io_printf(head, " @%s",
991 ptr->group->group_name->name);
992 return ccs_io_printf(head, " %s", ptr->filename->name);
993 }
994
995 /**
996 * ccs_print_name_union_quoted - Print a ccs_name_union with double quotes.
997 *
998 * @head: Pointer to "struct ccs_io_buffer".
999 * @ptr: Pointer to "struct ccs_name_union".
1000 *
1001 * Returns true on success, false otherwise.
1002 */
1003 static bool ccs_print_name_union_quoted(struct ccs_io_buffer *head,
1004 const struct ccs_name_union *ptr)
1005 {
1006 if (ptr->is_group)
1007 return ccs_io_printf(head, "@%s",
1008 ptr->group->group_name->name);
1009 return ccs_io_printf(head, "\"%s\"", ptr->filename->name);
1010 }
1011
1012 /**
1013 * ccs_print_number_union_common - Print a ccs_number_union.
1014 *
1015 * @head: Pointer to "struct ccs_io_buffer".
1016 * @ptr: Pointer to "struct ccs_number_union".
1017 * @need_space: True if a space character is needed.
1018 *
1019 * Returns true on success, false otherwise.
1020 */
1021 static bool ccs_print_number_union_common(struct ccs_io_buffer *head,
1022 const struct ccs_number_union *ptr,
1023 const bool need_space)
1024 {
1025 unsigned long min;
1026 unsigned long max;
1027 u8 min_type;
1028 u8 max_type;
1029 if (need_space && !ccs_io_printf(head, " "))
1030 return false;
1031 if (ptr->is_group)
1032 return ccs_io_printf(head, "@%s",
1033 ptr->group->group_name->name);
1034 min_type = ptr->min_type;
1035 max_type = ptr->max_type;
1036 min = ptr->values[0];
1037 max = ptr->values[1];
1038 switch (min_type) {
1039 case CCS_VALUE_TYPE_HEXADECIMAL:
1040 if (!ccs_io_printf(head, "0x%lX", min))
1041 return false;
1042 break;
1043 case CCS_VALUE_TYPE_OCTAL:
1044 if (!ccs_io_printf(head, "0%lo", min))
1045 return false;
1046 break;
1047 default:
1048 if (!ccs_io_printf(head, "%lu", min))
1049 return false;
1050 break;
1051 }
1052 if (min == max && min_type == max_type)
1053 return true;
1054 switch (max_type) {
1055 case CCS_VALUE_TYPE_HEXADECIMAL:
1056 return ccs_io_printf(head, "-0x%lX", max);
1057 case CCS_VALUE_TYPE_OCTAL:
1058 return ccs_io_printf(head, "-0%lo", max);
1059 default:
1060 return ccs_io_printf(head, "-%lu", max);
1061 }
1062 }
1063
1064 /**
1065 * ccs_print_number_union - Print a ccs_number_union.
1066 *
1067 * @head: Pointer to "struct ccs_io_buffer".
1068 * @ptr: Pointer to "struct ccs_number_union".
1069 *
1070 * Returns true on success, false otherwise.
1071 */
1072 bool ccs_print_number_union(struct ccs_io_buffer *head,
1073 const struct ccs_number_union *ptr)
1074 {
1075 return ccs_print_number_union_common(head, ptr, true);
1076 }
1077
1078 /**
1079 * ccs_print_number_union_nospace - Print a ccs_number_union without a space character.
1080 *
1081 * @head: Pointer to "struct ccs_io_buffer".
1082 * @ptr: Pointer to "struct ccs_number_union".
1083 *
1084 * Returns true on success, false otherwise.
1085 */
1086 static bool ccs_print_number_union_nospace(struct ccs_io_buffer *head,
1087 const struct ccs_number_union *ptr)
1088 {
1089 return ccs_print_number_union_common(head, ptr, false);
1090 }
1091
1092 /**
1093 * ccs_print_condition - Print condition part.
1094 *
1095 * @head: Pointer to "struct ccs_io_buffer".
1096 * @cond: Pointer to "struct ccs_condition". May be NULL.
1097 *
1098 * Returns true on success, false otherwise.
1099 */
1100 static bool ccs_print_condition(struct ccs_io_buffer *head,
1101 const struct ccs_condition *cond)
1102 {
1103 const struct ccs_condition_element *condp;
1104 const struct ccs_number_union *numbers_p;
1105 const struct ccs_name_union *names_p;
1106 const struct ccs_argv_entry *argv;
1107 const struct ccs_envp_entry *envp;
1108 u16 condc;
1109 u16 i;
1110 u16 j;
1111 char buffer[32];
1112 if (!cond)
1113 goto no_condition;
1114 condc = cond->condc;
1115 condp = (const struct ccs_condition_element *) (cond + 1);
1116 numbers_p = (const struct ccs_number_union *) (condp + condc);
1117 names_p = (const struct ccs_name_union *)
1118 (numbers_p + cond->numbers_count);
1119 argv = (const struct ccs_argv_entry *) (names_p + cond->names_count);
1120 envp = (const struct ccs_envp_entry *) (argv + cond->argc);
1121 memset(buffer, 0, sizeof(buffer));
1122 if (condc && !ccs_io_printf(head, "%s", " if"))
1123 goto out;
1124 for (i = 0; i < condc; i++) {
1125 const u8 match = condp->equals;
1126 const u8 left = condp->left;
1127 const u8 right = condp->right;
1128 condp++;
1129 switch (left) {
1130 case CCS_ARGV_ENTRY:
1131 if (!ccs_io_printf(head, " exec.argv[%u]%s\"%s\"",
1132 argv->index, argv->is_not ?
1133 "!=" : "=", argv->value->name))
1134 goto out;
1135 argv++;
1136 continue;
1137 case CCS_ENVP_ENTRY:
1138 if (!ccs_io_printf(head, " exec.envp[\"%s\"]%s",
1139 envp->name->name, envp->is_not ?
1140 "!=" : "="))
1141 goto out;
1142 if (envp->value) {
1143 if (!ccs_io_printf(head, "\"%s\"",
1144 envp->value->name))
1145 goto out;
1146 } else {
1147 if (!ccs_io_printf(head, "NULL"))
1148 goto out;
1149 }
1150 envp++;
1151 continue;
1152 case CCS_NUMBER_UNION:
1153 if (!ccs_print_number_union(head, numbers_p++))
1154 goto out;
1155 break;
1156 default:
1157 if (left >= CCS_MAX_CONDITION_KEYWORD)
1158 goto out;
1159 if (!ccs_io_printf(head, " %s",
1160 ccs_condition_keyword[left]))
1161 goto out;
1162 break;
1163 }
1164 if (!ccs_io_printf(head, "%s", match ? "=" : "!="))
1165 goto out;
1166 switch (right) {
1167 case CCS_NAME_UNION:
1168 if (!ccs_print_name_union_quoted(head, names_p++))
1169 goto out;
1170 break;
1171 case CCS_NUMBER_UNION:
1172 if (!ccs_print_number_union_nospace(head, numbers_p++))
1173 goto out;
1174 break;
1175 default:
1176 if (right >= CCS_MAX_CONDITION_KEYWORD)
1177 goto out;
1178 if (!ccs_io_printf(head, "%s",
1179 ccs_condition_keyword[right]))
1180 goto out;
1181 break;
1182 }
1183 }
1184 i = cond->post_state[3];
1185 if (!i)
1186 goto no_condition;
1187 if (!ccs_io_printf(head, " ; set"))
1188 goto out;
1189 for (j = 0; j < 3; j++) {
1190 if (!(i & (1 << j)))
1191 continue;
1192 if (!ccs_io_printf(head, " task.state[%u]=%u", j,
1193 cond->post_state[j]))
1194 goto out;
1195 }
1196 no_condition:
1197 if (ccs_io_printf(head, "\n"))
1198 return true;
1199 out:
1200 return false;
1201 }
1202
1203 /**
1204 * ccs_print_path_acl - Print a path ACL entry.
1205 *
1206 * @head: Pointer to "struct ccs_io_buffer".
1207 * @ptr: Pointer to "struct ccs_path_acl".
1208 * @cond: Pointer to "struct ccs_condition". May be NULL.
1209 *
1210 * Returns true on success, false otherwise.
1211 */
1212 static bool ccs_print_path_acl(struct ccs_io_buffer *head,
1213 struct ccs_path_acl *ptr,
1214 const struct ccs_condition *cond)
1215 {
1216 int pos;
1217 u8 bit;
1218 const u16 perm = ptr->perm;
1219 for (bit = head->read_bit; bit < CCS_MAX_PATH_OPERATION; bit++) {
1220 if (!(perm & (1 << bit)))
1221 continue;
1222 if (head->read_execute_only && bit != CCS_TYPE_EXECUTE)
1223 continue;
1224 /* Print "read/write" instead of "read" and "write". */
1225 if ((bit == CCS_TYPE_READ || bit == CCS_TYPE_WRITE)
1226 && (perm & (1 << CCS_TYPE_READ_WRITE)))
1227 continue;
1228 pos = head->read_avail;
1229 if (!ccs_io_printf(head, "allow_%s", ccs_path2keyword(bit)) ||
1230 !ccs_print_name_union(head, &ptr->name) ||
1231 !ccs_print_condition(head, cond)) {
1232 head->read_bit = bit;
1233 head->read_avail = pos;
1234 return false;
1235 }
1236 }
1237 head->read_bit = 0;
1238 return true;
1239 }
1240
1241 /**
1242 * ccs_print_path_number3_acl - Print a path_number3 ACL entry.
1243 *
1244 * @head: Pointer to "struct ccs_io_buffer".
1245 * @ptr: Pointer to "struct ccs_path_number3_acl".
1246 * @cond: Pointer to "struct ccs_condition". May be NULL.
1247 *
1248 * Returns true on success, false otherwise.
1249 */
1250 static bool ccs_print_path_number3_acl(struct ccs_io_buffer *head,
1251 struct ccs_path_number3_acl *ptr,
1252 const struct ccs_condition *cond)
1253 {
1254 int pos;
1255 u8 bit;
1256 const u16 perm = ptr->perm;
1257 for (bit = head->read_bit; bit < CCS_MAX_PATH_NUMBER3_OPERATION;
1258 bit++) {
1259 if (!(perm & (1 << bit)))
1260 continue;
1261 pos = head->read_avail;
1262 if (!ccs_io_printf(head, "allow_%s",
1263 ccs_path_number32keyword(bit)) ||
1264 !ccs_print_name_union(head, &ptr->name) ||
1265 !ccs_print_number_union(head, &ptr->mode) ||
1266 !ccs_print_number_union(head, &ptr->major) ||
1267 !ccs_print_number_union(head, &ptr->minor) ||
1268 !ccs_print_condition(head, cond)) {
1269 head->read_bit = bit;
1270 head->read_avail = pos;
1271 return false;
1272 }
1273 }
1274 head->read_bit = 0;
1275 return true;
1276 }
1277
1278 /**
1279 * ccs_print_path2_acl - Print a path2 ACL entry.
1280 *
1281 * @head: Pointer to "struct ccs_io_buffer".
1282 * @ptr: Pointer to "struct ccs_path2_acl".
1283 * @cond: Pointer to "struct ccs_condition". May be NULL.
1284 *
1285 * Returns true on success, false otherwise.
1286 */
1287 static bool ccs_print_path2_acl(struct ccs_io_buffer *head,
1288 struct ccs_path2_acl *ptr,
1289 const struct ccs_condition *cond)
1290 {
1291 int pos;
1292 u8 bit;
1293 const u8 perm = ptr->perm;
1294 for (bit = head->read_bit; bit < CCS_MAX_PATH2_OPERATION; bit++) {
1295 if (!(perm & (1 << bit)))
1296 continue;
1297 pos = head->read_avail;
1298 if (!ccs_io_printf(head, "allow_%s",
1299 ccs_path22keyword(bit)) ||
1300 !ccs_print_name_union(head, &ptr->name1) ||
1301 !ccs_print_name_union(head, &ptr->name2) ||
1302 !ccs_print_condition(head, cond)) {
1303 head->read_bit = bit;
1304 head->read_avail = pos;
1305 return false;
1306 }
1307 }
1308 head->read_bit = 0;
1309 return true;
1310 }
1311
1312 /**
1313 * ccs_print_path_number_acl - Print a path_number ACL entry.
1314 *
1315 * @head: Pointer to "struct ccs_io_buffer".
1316 * @ptr: Pointer to "struct ccs_path_number_acl".
1317 * @cond: Pointer to "struct ccs_condition". May be NULL.
1318 *
1319 * Returns true on success, false otherwise.
1320 */
1321 static bool ccs_print_path_number_acl(struct ccs_io_buffer *head,
1322 struct ccs_path_number_acl *ptr,
1323 const struct ccs_condition *cond)
1324 {
1325 int pos;
1326 u8 bit;
1327 const u8 perm = ptr->perm;
1328 for (bit = head->read_bit; bit < CCS_MAX_PATH_NUMBER_OPERATION;
1329 bit++) {
1330 if (!(perm & (1 << bit)))
1331 continue;
1332 pos = head->read_avail;
1333 if (!ccs_io_printf(head, "allow_%s",
1334 ccs_path_number2keyword(bit)) ||
1335 !ccs_print_name_union(head, &ptr->name) ||
1336 !ccs_print_number_union(head, &ptr->number) ||
1337 !ccs_print_condition(head, cond)) {
1338 head->read_bit = bit;
1339 head->read_avail = pos;
1340 return false;
1341 }
1342 }
1343 head->read_bit = 0;
1344 return true;
1345 }
1346
1347 /**
1348 * ccs_print_env_acl - Print an evironment variable name's ACL entry.
1349 *
1350 * @head: Pointer to "struct ccs_io_buffer".
1351 * @ptr: Pointer to "struct ccs_env_acl".
1352 * @cond: Pointer to "struct ccs_condition". May be NULL.
1353 *
1354 * Returns true on success, false otherwise.
1355 */
1356 static bool ccs_print_env_acl(struct ccs_io_buffer *head,
1357 struct ccs_env_acl *ptr,
1358 const struct ccs_condition *cond)
1359 {
1360 const int pos = head->read_avail;
1361 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_ENV "%s", ptr->env->name) ||
1362 !ccs_print_condition(head, cond)) {
1363 head->read_avail = pos;
1364 return false;
1365 }
1366 return true;
1367 }
1368
1369 /**
1370 * ccs_print_capability_acl - Print a capability ACL entry.
1371 *
1372 * @head: Pointer to "struct ccs_io_buffer".
1373 * @ptr: Pointer to "struct ccs_capability_acl".
1374 * @cond: Pointer to "struct ccs_condition". May be NULL.
1375 *
1376 * Returns true on success, false otherwise.
1377 */
1378 static bool ccs_print_capability_acl(struct ccs_io_buffer *head,
1379 struct ccs_capability_acl *ptr,
1380 const struct ccs_condition *cond)
1381 {
1382 const int pos = head->read_avail;
1383 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_CAPABILITY "%s",
1384 ccs_cap2keyword(ptr->operation)) ||
1385 !ccs_print_condition(head, cond)) {
1386 head->read_avail = pos;
1387 return false;
1388 }
1389 return true;
1390 }
1391
1392 /**
1393 * ccs_print_ipv4_entry - Print IPv4 address of a network ACL entry.
1394 *
1395 * @head: Pointer to "struct ccs_io_buffer".
1396 * @ptr: Pointer to "struct ccs_ip_network_acl".
1397 *
1398 * Returns true on success, false otherwise.
1399 */
1400 static bool ccs_print_ipv4_entry(struct ccs_io_buffer *head,
1401 struct ccs_ip_network_acl *ptr)
1402 {
1403 const u32 min_address = ptr->address.ipv4.min;
1404 const u32 max_address = ptr->address.ipv4.max;
1405 if (!ccs_io_printf(head, "%u.%u.%u.%u", HIPQUAD(min_address)))
1406 return false;
1407 if (min_address != max_address
1408 && !ccs_io_printf(head, "-%u.%u.%u.%u", HIPQUAD(max_address)))
1409 return false;
1410 return true;
1411 }
1412
1413 /**
1414 * ccs_print_ipv6_entry - Print IPv6 address of a network ACL entry.
1415 *
1416 * @head: Pointer to "struct ccs_io_buffer".
1417 * @ptr: Pointer to "struct ccs_ip_network_acl".
1418 *
1419 * Returns true on success, false otherwise.
1420 */
1421 static bool ccs_print_ipv6_entry(struct ccs_io_buffer *head,
1422 struct ccs_ip_network_acl *ptr)
1423 {
1424 char buf[64];
1425 const struct in6_addr *min_address = ptr->address.ipv6.min;
1426 const struct in6_addr *max_address = ptr->address.ipv6.max;
1427 ccs_print_ipv6(buf, sizeof(buf), min_address);
1428 if (!ccs_io_printf(head, "%s", buf))
1429 return false;
1430 if (min_address != max_address) {
1431 ccs_print_ipv6(buf, sizeof(buf), max_address);
1432 if (!ccs_io_printf(head, "-%s", buf))
1433 return false;
1434 }
1435 return true;
1436 }
1437
1438 /**
1439 * ccs_print_network_acl - Print a network ACL entry.
1440 *
1441 * @head: Pointer to "struct ccs_io_buffer".
1442 * @ptr: Pointer to "struct ccs_ip_network_acl".
1443 * @cond: Pointer to "struct ccs_condition". May be NULL.
1444 *
1445 * Returns true on success, false otherwise.
1446 */
1447 static bool ccs_print_network_acl(struct ccs_io_buffer *head,
1448 struct ccs_ip_network_acl *ptr,
1449 const struct ccs_condition *cond)
1450 {
1451 int pos;
1452 u8 bit;
1453 const u16 perm = ptr->perm;
1454 for (bit = head->read_bit; bit < CCS_MAX_NETWORK_OPERATION; bit++) {
1455 if (!(perm & (1 << bit)))
1456 continue;
1457 pos = head->read_avail;
1458 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_NETWORK "%s ",
1459 ccs_net2keyword(bit)))
1460 goto out;
1461 switch (ptr->address_type) {
1462 case CCS_IP_ADDRESS_TYPE_ADDRESS_GROUP:
1463 if (!ccs_io_printf(head, "@%s", ptr->address.group->
1464 group_name->name))
1465 goto out;
1466 break;
1467 case CCS_IP_ADDRESS_TYPE_IPv4:
1468 if (!ccs_print_ipv4_entry(head, ptr))
1469 goto out;
1470 break;
1471 case CCS_IP_ADDRESS_TYPE_IPv6:
1472 if (!ccs_print_ipv6_entry(head, ptr))
1473 goto out;
1474 break;
1475 }
1476 if (!ccs_print_number_union(head, &ptr->port) ||
1477 !ccs_print_condition(head, cond))
1478 goto out;
1479 }
1480 head->read_bit = 0;
1481 return true;
1482 out:
1483 head->read_bit = bit;
1484 head->read_avail = pos;
1485 return false;
1486 }
1487
1488 /**
1489 * ccs_print_signal_acl - Print a signal ACL entry.
1490 *
1491 * @head: Pointer to "struct ccs_io_buffer".
1492 * @ptr: Pointer to "struct signale_acl".
1493 * @cond: Pointer to "struct ccs_condition". May be NULL.
1494 *
1495 * Returns true on success, false otherwise.
1496 */
1497 static bool ccs_print_signal_acl(struct ccs_io_buffer *head,
1498 struct ccs_signal_acl *ptr,
1499 const struct ccs_condition *cond)
1500 {
1501 const int pos = head->read_avail;
1502 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_SIGNAL "%u %s",
1503 ptr->sig, ptr->domainname->name) ||
1504 !ccs_print_condition(head, cond)) {
1505 head->read_avail = pos;
1506 return false;
1507 }
1508 return true;
1509 }
1510
1511 /**
1512 * ccs_print_execute_handler_record - Print an execute handler ACL entry.
1513 *
1514 * @head: Pointer to "struct ccs_io_buffer".
1515 * @keyword: Name of the keyword.
1516 * @ptr: Pointer to "struct ccs_execute_handler_record".
1517 *
1518 * Returns true on success, false otherwise.
1519 */
1520 static bool ccs_print_execute_handler_record(struct ccs_io_buffer *head,
1521 const char *keyword,
1522 struct ccs_execute_handler_record *
1523 ptr)
1524 {
1525 return ccs_io_printf(head, "%s %s\n", keyword, ptr->handler->name);
1526 }
1527
1528 /**
1529 * ccs_print_mount_acl - Print a mount ACL entry.
1530 *
1531 * @head: Pointer to "struct ccs_io_buffer".
1532 * @ptr: Pointer to "struct ccs_mount_acl".
1533 * @cond: Pointer to "struct ccs_condition". May be NULL.
1534 *
1535 * Returns true on success, false otherwise.
1536 */
1537 static bool ccs_print_mount_acl(struct ccs_io_buffer *head,
1538 struct ccs_mount_acl *ptr,
1539 const struct ccs_condition *cond)
1540 {
1541 const int pos = head->read_avail;
1542 if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_MOUNT) ||
1543 !ccs_print_name_union(head, &ptr->dev_name) ||
1544 !ccs_print_name_union(head, &ptr->dir_name) ||
1545 !ccs_print_name_union(head, &ptr->fs_type) ||
1546 !ccs_print_number_union(head, &ptr->flags) ||
1547 !ccs_print_condition(head, cond)) {
1548 head->read_avail = pos;
1549 return false;
1550 }
1551 return true;
1552 }
1553
1554 /**
1555 * ccs_print_entry - Print an ACL entry.
1556 *
1557 * @head: Pointer to "struct ccs_io_buffer".
1558 * @ptr: Pointer to an ACL entry.
1559 *
1560 * Returns true on success, false otherwise.
1561 */
1562 static bool ccs_print_entry(struct ccs_io_buffer *head,
1563 struct ccs_acl_info *ptr)
1564 {
1565 const struct ccs_condition *cond = ptr->cond;
1566 const u8 acl_type = ptr->type;
1567 if (ptr->is_deleted)
1568 return true;
1569 if (acl_type == CCS_TYPE_PATH_ACL) {
1570 struct ccs_path_acl *acl
1571 = container_of(ptr, struct ccs_path_acl, head);
1572 return ccs_print_path_acl(head, acl, cond);
1573 }
1574 if (acl_type == CCS_TYPE_EXECUTE_HANDLER) {
1575 struct ccs_execute_handler_record *acl
1576 = container_of(ptr, struct ccs_execute_handler_record,
1577 head);
1578 const char *keyword = CCS_KEYWORD_EXECUTE_HANDLER;
1579 return ccs_print_execute_handler_record(head, keyword, acl);
1580 }
1581 if (acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) {
1582 struct ccs_execute_handler_record *acl
1583 = container_of(ptr, struct ccs_execute_handler_record,
1584 head);
1585 const char *keyword = CCS_KEYWORD_DENIED_EXECUTE_HANDLER;
1586 return ccs_print_execute_handler_record(head, keyword, acl);
1587 }
1588 if (head->read_execute_only)
1589 return true;
1590 if (acl_type == CCS_TYPE_PATH_NUMBER3_ACL) {
1591 struct ccs_path_number3_acl *acl
1592 = container_of(ptr, struct ccs_path_number3_acl, head);
1593 return ccs_print_path_number3_acl(head, acl, cond);
1594 }
1595 if (acl_type == CCS_TYPE_PATH2_ACL) {
1596 struct ccs_path2_acl *acl
1597 = container_of(ptr, struct ccs_path2_acl, head);
1598 return ccs_print_path2_acl(head, acl, cond);
1599 }
1600 if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) {
1601 struct ccs_path_number_acl *acl
1602 = container_of(ptr, struct ccs_path_number_acl, head);
1603 return ccs_print_path_number_acl(head, acl, cond);
1604 }
1605 if (acl_type == CCS_TYPE_ENV_ACL) {
1606 struct ccs_env_acl *acl
1607 = container_of(ptr, struct ccs_env_acl, head);
1608 return ccs_print_env_acl(head, acl, cond);
1609 }
1610 if (acl_type == CCS_TYPE_CAPABILITY_ACL) {
1611 struct ccs_capability_acl *acl
1612 = container_of(ptr, struct ccs_capability_acl, head);
1613 return ccs_print_capability_acl(head, acl, cond);
1614 }
1615 if (acl_type == CCS_TYPE_IP_NETWORK_ACL) {
1616 struct ccs_ip_network_acl *acl
1617 = container_of(ptr, struct ccs_ip_network_acl, head);
1618 return ccs_print_network_acl(head, acl, cond);
1619 }
1620 if (acl_type == CCS_TYPE_SIGNAL_ACL) {
1621 struct ccs_signal_acl *acl
1622 = container_of(ptr, struct ccs_signal_acl, head);
1623 return ccs_print_signal_acl(head, acl, cond);
1624 }
1625 if (acl_type == CCS_TYPE_MOUNT_ACL) {
1626 struct ccs_mount_acl *acl
1627 = container_of(ptr, struct ccs_mount_acl, head);
1628 return ccs_print_mount_acl(head, acl, cond);
1629 }
1630 BUG(); /* This must not happen. */
1631 return false;
1632 }
1633
1634 /**
1635 * ccs_read_domain_policy - Read domain policy.
1636 *
1637 * @head: Pointer to "struct ccs_io_buffer".
1638 *
1639 * Caller holds ccs_read_lock().
1640 */
1641 static void ccs_read_domain_policy(struct ccs_io_buffer *head)
1642 {
1643 struct list_head *dpos;
1644 struct list_head *apos;
1645 if (head->read_eof)
1646 return;
1647 if (head->read_step == 0)
1648 head->read_step = 1;
1649 list_for_each_cookie(dpos, head->read_var1, &ccs_domain_list) {
1650 struct ccs_domain_info *domain;
1651 const char *quota_exceeded = "";
1652 const char *transition_failed = "";
1653 const char *ignore_global_allow_read = "";
1654 const char *ignore_global_allow_env = "";
1655 domain = list_entry(dpos, struct ccs_domain_info, list);
1656 if (head->read_step != 1)
1657 goto acl_loop;
1658 if (domain->is_deleted && !head->read_single_domain)
1659 continue;
1660 /* Print domainname and flags. */
1661 if (domain->quota_warned)
1662 quota_exceeded = "quota_exceeded\n";
1663 if (domain->domain_transition_failed)
1664 transition_failed = "transition_failed\n";
1665 if (domain->ignore_global_allow_read)
1666 ignore_global_allow_read
1667 = CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n";
1668 if (domain->ignore_global_allow_env)
1669 ignore_global_allow_env
1670 = CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "\n";
1671 if (!ccs_io_printf(head, "%s\n" CCS_KEYWORD_USE_PROFILE "%u\n"
1672 "%s%s%s%s\n", domain->domainname->name,
1673 domain->profile, quota_exceeded,
1674 transition_failed,
1675 ignore_global_allow_read,
1676 ignore_global_allow_env))
1677 return;
1678 head->read_step = 2;
1679 acl_loop:
1680 if (head->read_step == 3)
1681 goto tail_mark;
1682 /* Print ACL entries in the domain. */
1683 list_for_each_cookie(apos, head->read_var2,
1684 &domain->acl_info_list) {
1685 struct ccs_acl_info *ptr
1686 = list_entry(apos, struct ccs_acl_info, list);
1687 if (!ccs_print_entry(head, ptr))
1688 return;
1689 }
1690 head->read_step = 3;
1691 tail_mark:
1692 if (!ccs_io_printf(head, "\n"))
1693 return;
1694 head->read_step = 1;
1695 if (head->read_single_domain)
1696 break;
1697 }
1698 head->read_eof = true;
1699 }
1700
1701 /**
1702 * ccs_write_domain_profile - Assign profile for specified domain.
1703 *
1704 * @head: Pointer to "struct ccs_io_buffer".
1705 *
1706 * Returns 0 on success, -EINVAL otherwise.
1707 *
1708 * This is equivalent to doing
1709 *
1710 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1711 * /usr/sbin/ccs-loadpolicy -d
1712 *
1713 * Caller holds ccs_read_lock().
1714 */
1715 static int ccs_write_domain_profile(struct ccs_io_buffer *head)
1716 {
1717 char *data = head->write_buf;
1718 char *cp = strchr(data, ' ');
1719 struct ccs_domain_info *domain;
1720 unsigned int profile;
1721 if (!cp)
1722 return -EINVAL;
1723 *cp = '\0';
1724 profile = simple_strtoul(data, NULL, 10);
1725 if (profile >= CCS_MAX_PROFILES)
1726 return -EINVAL;
1727 domain = ccs_find_domain(cp + 1);
1728 if (domain && (!ccs_policy_loaded || ccs_profile_ptr[(u8) profile]))
1729 domain->profile = (u8) profile;
1730 return 0;
1731 }
1732
1733 /**
1734 * ccs_read_domain_profile - Read only domainname and profile.
1735 *
1736 * @head: Pointer to "struct ccs_io_buffer".
1737 *
1738 * This is equivalent to doing
1739 *
1740 * grep -A 1 '^<kernel>' /proc/ccs/domain_policy |
1741 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1742 * domainname = $0; } else if ( $1 == "use_profile" ) {
1743 * print $2 " " domainname; domainname = ""; } } ; '
1744 *
1745 * Caller holds ccs_read_lock().
1746 */
1747 static void ccs_read_domain_profile(struct ccs_io_buffer *head)
1748 {
1749 struct list_head *pos;
1750 if (head->read_eof)
1751 return;
1752 list_for_each_cookie(pos, head->read_var1, &ccs_domain_list) {
1753 struct ccs_domain_info *domain;
1754 domain = list_entry(pos, struct ccs_domain_info, list);
1755 if (domain->is_deleted)
1756 continue;
1757 if (!ccs_io_printf(head, "%u %s\n", domain->profile,
1758 domain->domainname->name))
1759 return;
1760 }
1761 head->read_eof = true;
1762 }
1763
1764 /**
1765 * ccs_write_pid: Specify PID to obtain domainname.
1766 *
1767 * @head: Pointer to "struct ccs_io_buffer".
1768 *
1769 * Returns 0.
1770 */
1771 static int ccs_write_pid(struct ccs_io_buffer *head)
1772 {
1773 head->read_eof = false;
1774 return 0;
1775 }
1776
1777 /**
1778 * ccs_read_pid - Read information of a process.
1779 *
1780 * @head: Pointer to "struct ccs_io_buffer".
1781 *
1782 * Returns the domainname which the specified PID is in or
1783 * process information of the specified PID on success,
1784 * empty string otherwise.
1785 *
1786 * Caller holds ccs_read_lock().
1787 */
1788 static void ccs_read_pid(struct ccs_io_buffer *head)
1789 {
1790 char *buf = head->write_buf;
1791 bool task_info = false;
1792 bool global_pid = false;
1793 unsigned int pid;
1794 struct task_struct *p;
1795 struct ccs_domain_info *domain = NULL;
1796 u32 ccs_flags = 0;
1797 /* Accessing write_buf is safe because head->io_sem is held. */
1798 if (!buf) {
1799 head->read_eof = true;
1800 return; /* Do nothing if open(O_RDONLY). */
1801 }
1802 if (head->read_avail || head->read_eof)
1803 return;
1804 head->read_eof = true;
1805 if (ccs_str_starts(&buf, "info "))
1806 task_info = true;
1807 if (ccs_str_starts(&buf, "global-pid "))
1808 global_pid = true;
1809 pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1810 ccs_tasklist_lock();
1811 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
1812 if (global_pid)
1813 p = find_task_by_pid_ns(pid, &init_pid_ns);
1814 else
1815 p = find_task_by_vpid(pid);
1816 #else
1817 p = find_task_by_pid(pid);
1818 #endif
1819 if (p) {
1820 domain = ccs_task_domain(p);
1821 ccs_flags = p->ccs_flags;
1822 }
1823 ccs_tasklist_unlock();
1824 if (!domain)
1825 return;
1826 if (!task_info)
1827 ccs_io_printf(head, "%u %u %s", pid, domain->profile,
1828 domain->domainname->name);
1829 else
1830 ccs_io_printf(head, "%u manager=%s execute_handler=%s "
1831 "state[0]=%u state[1]=%u state[2]=%u", pid,
1832 ccs_yesno(ccs_flags &
1833 CCS_TASK_IS_POLICY_MANAGER),
1834 ccs_yesno(ccs_flags &
1835 CCS_TASK_IS_EXECUTE_HANDLER),
1836 (u8) (ccs_flags >> 24),
1837 (u8) (ccs_flags >> 16),
1838 (u8) (ccs_flags >> 8));
1839 }
1840
1841 /**
1842 * ccs_write_exception_policy - Write exception policy.
1843 *
1844 * @head: Pointer to "struct ccs_io_buffer".
1845 *
1846 * Returns 0 on success, negative value otherwise.
1847 */
1848 static int ccs_write_exception_policy(struct ccs_io_buffer *head)
1849 {
1850 char *data = head->write_buf;
1851 bool is_delete = ccs_str_starts(&data, CCS_KEYWORD_DELETE);
1852 if (ccs_str_starts(&data, CCS_KEYWORD_KEEP_DOMAIN))
1853 return ccs_write_domain_keeper_policy(data, false, is_delete);
1854 if (ccs_str_starts(&data, CCS_KEYWORD_NO_KEEP_DOMAIN))
1855 return ccs_write_domain_keeper_policy(data, true, is_delete);
1856 if (ccs_str_starts(&data, CCS_KEYWORD_INITIALIZE_DOMAIN))
1857 return ccs_write_domain_initializer_policy(data, false,
1858 is_delete);
1859 if (ccs_str_starts(&data, CCS_KEYWORD_NO_INITIALIZE_DOMAIN))
1860 return ccs_write_domain_initializer_policy(data, true,
1861 is_delete);
1862 if (ccs_str_starts(&data, CCS_KEYWORD_AGGREGATOR))
1863 return ccs_write_aggregator_policy(data, is_delete);
1864 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_READ))
1865 return ccs_write_globally_readable_policy(data, is_delete);
1866 if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV))
1867 return ccs_write_globally_usable_env_policy(data, is_delete);
1868 if (ccs_str_starts(&data, CCS_KEYWORD_FILE_PATTERN))
1869 return ccs_write_pattern_policy(data, is_delete);
1870 if (ccs_str_starts(&data, CCS_KEYWORD_PATH_GROUP))
1871 return ccs_write_path_group_policy(data, is_delete);
1872 if (ccs_str_starts(&data, CCS_KEYWORD_NUMBER_GROUP))
1873 return ccs_write_number_group_policy(data, is_delete);
1874 if (ccs_str_starts(&data, CCS_KEYWORD_DENY_REWRITE))
1875 return ccs_write_no_rewrite_policy(data, is_delete);
1876 if (ccs_str_starts(&data, CCS_KEYWORD_ADDRESS_GROUP))
1877 return ccs_write_address_group_policy(data, is_delete);
1878 if (ccs_str_starts(&data, CCS_KEYWORD_DENY_AUTOBIND))
1879 return ccs_write_reserved_port_policy(data, is_delete);
1880 return -EINVAL;
1881 }
1882
1883 /**
1884 * ccs_read_exception_policy - Read exception policy.
1885 *
1886 * @head: Pointer to "struct ccs_io_buffer".
1887 *
1888 * Caller holds ccs_read_lock().
1889 */
1890 static void ccs_read_exception_policy(struct ccs_io_buffer *head)
1891 {
1892 if (head->read_eof)
1893 return;
1894 switch (head->read_step) {
1895 case 0:
1896 head->read_var2 = NULL;
1897 head->read_step = 1;
1898 case 1:
1899 if (!ccs_read_domain_keeper_policy(head))
1900 break;
1901 head->read_var2 = NULL;
1902 head->read_step = 2;
1903 case 2:
1904 if (!ccs_read_globally_readable_policy(head))
1905 break;
1906 head->read_var2 = NULL;
1907 head->read_step = 3;
1908 case 3:
1909 if (!ccs_read_globally_usable_env_policy(head))
1910 break;
1911 head->read_var2 = NULL;
1912 head->read_step = 4;
1913 case 4:
1914 if (!ccs_read_domain_initializer_policy(head))
1915 break;
1916 head->read_var2 = NULL;
1917 head->read_step = 6;
1918 case 6:
1919 if (!ccs_read_aggregator_policy(head))
1920 break;
1921 head->read_var2 = NULL;
1922 head->read_step = 7;
1923 case 7:
1924 if (!ccs_read_file_pattern(head))
1925 break;
1926 head->read_var2 = NULL;
1927 head->read_step = 8;
1928 case 8:
1929 if (!ccs_read_no_rewrite_policy(head))
1930 break;
1931 head->read_var2 = NULL;
1932 head->read_step = 9;
1933 case 9:
1934 if (!ccs_read_path_group_policy(head))
1935 break;
1936 head->read_var1 = NULL;
1937 head->read_var2 = NULL;
1938 head->read_step = 10;
1939 case 10:
1940 if (!ccs_read_number_group_policy(head))
1941 break;
1942 head->read_var1 = NULL;
1943 head->read_var2 = NULL;
1944 head->read_step = 11;
1945 case 11:
1946 if (!ccs_read_address_group_policy(head))
1947 break;
1948 head->read_var2 = NULL;
1949 head->read_step = 12;
1950 case 12:
1951 if (!ccs_read_reserved_port_policy(head))
1952 break;
1953 head->read_eof = true;
1954 }
1955 }
1956
1957 /**
1958 * ccs_get_argv0 - Get argv[0].
1959 *
1960 * @ee: Pointer to "struct ccs_execve_entry".
1961 *
1962 * Returns true on success, false otherwise.
1963 */
1964 static bool ccs_get_argv0(struct ccs_execve_entry *ee)
1965 {
1966 struct linux_binprm *bprm = ee->bprm;
1967 char *arg_ptr = ee->tmp;
1968 int arg_len = 0;
1969 unsigned long pos = bprm->p;
1970 int offset = pos % PAGE_SIZE;
1971 bool done = false;
1972 if (!bprm->argc)
1973 goto out;
1974 while (1) {
1975 if (!ccs_dump_page(bprm, pos, &ee->dump))
1976 goto out;
1977 pos += PAGE_SIZE - offset;
1978 /* Read. */
1979 while (offset < PAGE_SIZE) {
1980 const char *kaddr = ee->dump.data;
1981 const unsigned char c = kaddr[offset++];
1982 if (c && arg_len < CCS_EXEC_TMPSIZE - 10) {
1983 if (c == '\\') {
1984 arg_ptr[arg_len++] = '\\';
1985 arg_ptr[arg_len++] = '\\';
1986 } else if (c > ' ' && c < 127) {
1987 arg_ptr[arg_len++] = c;
1988 } else {
1989 arg_ptr[arg_len++] = '\\';
1990 arg_ptr[arg_len++] = (c >> 6) + '0';
1991 arg_ptr[arg_len++]
1992 = ((c >> 3) & 7) + '0';
1993 arg_ptr[arg_len++] = (c & 7) + '0';
1994 }
1995 } else {
1996 arg_ptr[arg_len] = '\0';
1997 done = true;
1998 break;
1999 }
2000 }
2001 offset = 0;
2002 if (done)
2003 break;
2004 }
2005 return true;
2006 out:
2007 return false;
2008 }
2009
2010 /**
2011 * ccs_get_execute_condition - Get condition part for execute requests.
2012 *
2013 * @ee: Pointer to "struct ccs_execve_entry".
2014 *
2015 * Returns pointer to "struct ccs_condition" on success, NULL otherwise.
2016 */
2017 static struct ccs_condition *ccs_get_execute_condition(struct ccs_execve_entry
2018 *ee)
2019 {
2020 struct ccs_condition *cond;
2021 char *buf;
2022 int len = 256;
2023 char *realpath = NULL;
2024 char *argv0 = NULL;
2025 const struct ccs_profile *profile = ccs_profile(ee->r.domain->profile);
2026 if (profile->learning->learning_exec_realpath) {
2027 struct file *file = ee->bprm->file;
2028 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 20)
2029 struct path path = { file->f_vfsmnt, file->f_dentry };
2030 realpath = ccs_realpath_from_path(&path);
2031 #else
2032 realpath = ccs_realpath_from_path(&file->f_path);
2033 #endif
2034 if (realpath)
2035 len += strlen(realpath) + 17;
2036 }
2037 if (profile->learning->learning_exec_argv0) {
2038 if (ccs_get_argv0(ee)) {
2039 argv0 = ee->tmp;
2040 len += strlen(argv0) + 16;
2041 }
2042 }
2043 buf = kmalloc(len, GFP_KERNEL);
2044 if (!buf) {
2045 kfree(realpath);
2046 return NULL;
2047 }
2048 snprintf(buf, len - 1, "if");
2049 if (current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER) {
2050 const int pos = strlen(buf);
2051 snprintf(buf + pos, len - pos - 1,
2052 " task.type=execute_handler");
2053 }
2054 if (realpath) {
2055 const int pos = strlen(buf);
2056 snprintf(buf + pos, len - pos - 1, " exec.realpath=\"%s\"",
2057 realpath);
2058 kfree(realpath);
2059 }
2060 if (argv0) {
2061 const int pos = strlen(buf);
2062 snprintf(buf + pos, len - pos - 1, " exec.argv[0]=\"%s\"",
2063 argv0);
2064 }
2065 cond = ccs_get_condition(buf);
2066 kfree(buf);
2067 return cond;
2068 }
2069
2070 /**
2071 * ccs_get_symlink_condition - Get condition part for symlink requests.
2072 *
2073 * @r: Pointer to "struct ccs_request_info".
2074 *
2075 * Returns pointer to "struct ccs_condition" on success, NULL otherwise.
2076 */
2077 static struct ccs_condition *ccs_get_symlink_condition(struct ccs_request_info
2078 *r)
2079 {
2080 struct ccs_condition *cond;
2081 char *buf;
2082 int len = 256;
2083 const char *symlink = NULL;
2084 const struct ccs_profile *profile = ccs_profile(r->profile);
2085 if (profile->learning->learning_symlink_target) {
2086 symlink = r->obj->symlink_target->name;
2087 len += strlen(symlink) + 18;
2088 }
2089 buf = kmalloc(len, GFP_KERNEL);
2090 if (!buf)
2091 return NULL;
2092 snprintf(buf, len - 1, "if");
2093 if (current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER) {
2094 const int pos = strlen(buf);
2095 snprintf(buf + pos, len - pos - 1,
2096 " task.type=execute_handler");
2097 }
2098 if (symlink) {
2099 const int pos = strlen(buf);
2100 snprintf(buf + pos, len - pos - 1, " symlink.target=\"%s\"",
2101 symlink);
2102 }
2103 cond = ccs_get_condition(buf);
2104 kfree(buf);
2105 return cond;
2106 }
2107
2108 /* Wait queue for ccs_query_list. */
2109 static DECLARE_WAIT_QUEUE_HEAD(ccs_query_wait);
2110
2111 /* Lock for manipulating ccs_query_list. */
2112 static DEFINE_SPINLOCK(ccs_query_list_lock);
2113
2114 /* Structure for query. */
2115 struct ccs_query_entry {
2116 struct list_head list;
2117 char *query;
2118 int query_len;
2119 unsigned int serial;
2120 int timer;
2121 int answer;
2122 };
2123
2124 /* The list for "struct ccs_query_entry". */
2125 static LIST_HEAD(ccs_query_list);
2126
2127 /* Number of "struct file" referring /proc/ccs/query interface. */
2128 static atomic_t ccs_query_observers = ATOMIC_INIT(0);
2129
2130 /**
2131 * ccs_supervisor - Ask for the supervisor's decision.
2132 *
2133 * @r: Pointer to "struct ccs_request_info".
2134 * @fmt: The printf()'s format string, followed by parameters.
2135 *
2136 * Returns 0 if the supervisor decided to permit the access request which
2137 * violated the policy in enforcing mode, 1 if the supervisor decided to
2138 * retry the access request which violated the policy in enforcing mode,
2139 * 0 if it is not in enforcing mode, -EPERM otherwise.
2140 */
2141 int ccs_supervisor(struct ccs_request_info *r, const char *fmt, ...)
2142 {
2143 va_list args;
2144 int error = -EPERM;
2145 int pos;
2146 int len;
2147 static unsigned int ccs_serial;
2148 struct ccs_query_entry *ccs_query_entry = NULL;
2149 bool quota_exceeded = false;
2150 char *header;
2151 if (!r->domain)
2152 r->domain = ccs_current_domain();
2153 switch (r->mode) {
2154 char *buffer;
2155 struct ccs_condition *cond;
2156 case CCS_CONFIG_LEARNING:
2157 if (!ccs_domain_quota_ok(r))
2158 return 0;
2159 va_start(args, fmt);
2160 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4;
2161 va_end(args);
2162 buffer = kmalloc(len, GFP_KERNEL);
2163 if (!buffer)
2164 return 0;
2165 va_start(args, fmt);
2166 vsnprintf(buffer, len - 1, fmt, args);
2167 va_end(args);
2168 ccs_normalize_line(buffer);
2169 if (r->ee && !strncmp(buffer, "allow_execute ", 14))
2170 cond = ccs_get_execute_condition(r->ee);
2171 else if (r->obj && r->obj->symlink_target)
2172 cond = ccs_get_symlink_condition(r);
2173 else if ((current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER)) {
2174 char str[] = "if task.type=execute_handler";
2175 cond = ccs_get_condition(str);
2176 } else
2177 cond = NULL;
2178 ccs_write_domain_policy2(buffer, r->domain, cond, false);
2179 ccs_put_condition(cond);
2180 kfree(buffer);
2181 /* fall through */
2182 case CCS_CONFIG_PERMISSIVE:
2183 return 0;
2184 }
2185 if (!atomic_read(&ccs_query_observers)) {
2186 int i;
2187 if (current->ccs_flags & CCS_DONT_SLEEP_ON_ENFORCE_ERROR)
2188 return -EPERM;
2189 for (i = 0; i < ccs_profile(r->domain->profile)->enforcing->
2190 enforcing_penalty; i++) {
2191 set_current_state(TASK_INTERRUPTIBLE);
2192 schedule_timeout(HZ / 10);
2193 }
2194 return -EPERM;
2195 }
2196 va_start(args, fmt);
2197 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
2198 va_end(args);
2199 header = ccs_init_audit_log(&len, r);
2200 if (!header)
2201 goto out;
2202 ccs_query_entry = kzalloc(sizeof(*ccs_query_entry), GFP_KERNEL);
2203 if (!ccs_query_entry)
2204 goto out;
2205 len = ccs_round2(len);
2206 ccs_query_entry->query = kzalloc(len, GFP_KERNEL);
2207 if (!ccs_query_entry->query)
2208 goto out;
2209 INIT_LIST_HEAD(&ccs_query_entry->list);
2210 spin_lock(&ccs_query_list_lock);
2211 if (ccs_quota_for_query && ccs_query_memory_size + len +
2212 sizeof(*ccs_query_entry) >= ccs_quota_for_query) {
2213 quota_exceeded = true;
2214 } else {
2215 ccs_query_memory_size += len + sizeof(*ccs_query_entry);
2216 ccs_query_entry->serial = ccs_serial++;
2217 }
2218 spin_unlock(&ccs_query_list_lock);
2219 if (quota_exceeded)
2220 goto out;
2221 pos = snprintf(ccs_query_entry->query, len - 1, "Q%u-%hu\n%s",
2222 ccs_query_entry->serial, r->retry, header);
2223 kfree(header);
2224 header = NULL;
2225 va_start(args, fmt);
2226 vsnprintf(ccs_query_entry->query + pos, len - 1 - pos, fmt, args);
2227 ccs_query_entry->query_len = strlen(ccs_query_entry->query) + 1;
2228 va_end(args);
2229 spin_lock(&ccs_query_list_lock);
2230 list_add_tail(&ccs_query_entry->list, &ccs_query_list);
2231 spin_unlock(&ccs_query_list_lock);
2232 /* Give 10 seconds for supervisor's opinion. */
2233 for (ccs_query_entry->timer = 0;
2234 atomic_read(&ccs_query_observers) && ccs_query_entry->timer < 100;
2235 ccs_query_entry->timer++) {
2236 wake_up(&ccs_query_wait);
2237 set_current_state(TASK_INTERRUPTIBLE);
2238 schedule_timeout(HZ / 10);
2239 if (ccs_query_entry->answer)
2240 break;
2241 }
2242 spin_lock(&ccs_query_list_lock);
2243 list_del(&ccs_query_entry->list);
2244 ccs_query_memory_size -= len + sizeof(*ccs_query_entry);
2245 spin_unlock(&ccs_query_list_lock);
2246 switch (ccs_query_entry->answer) {
2247 case 3: /* Asked to retry by administrator. */
2248 error = 1;
2249 r->retry++;
2250 break;
2251 case 1:
2252 /* Granted by administrator. */
2253 error = 0;
2254 break;
2255 case 0:
2256 /* Timed out. */
2257 break;
2258 default:
2259 /* Rejected by administrator. */
2260 break;
2261 }
2262 out:
2263 if (ccs_query_entry)
2264 kfree(ccs_query_entry->query);
2265 kfree(ccs_query_entry);
2266 kfree(header);
2267 return error;
2268 }
2269
2270 /**
2271 * ccs_poll_query - poll() for /proc/ccs/query.
2272 *
2273 * @file: Pointer to "struct file".
2274 * @wait: Pointer to "poll_table".
2275 *
2276 * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
2277 *
2278 * Waits for access requests which violated policy in enforcing mode.
2279 */
2280 static int ccs_poll_query(struct file *file, poll_table *wait)
2281 {
2282 struct list_head *tmp;
2283 bool found = false;
2284 u8 i;
2285 for (i = 0; i < 2; i++) {
2286 spin_lock(&ccs_query_list_lock);
2287 list_for_each(tmp, &ccs_query_list) {
2288 struct ccs_query_entry *ptr
2289 = list_entry(tmp, struct ccs_query_entry, list);
2290 if (ptr->answer)
2291 continue;
2292 found = true;
2293 break;
2294 }
2295 spin_unlock(&ccs_query_list_lock);
2296 if (found)
2297 return POLLIN | POLLRDNORM;
2298 if (i)
2299 break;
2300 poll_wait(file, &ccs_query_wait, wait);
2301 }
2302 return 0;
2303 }
2304
2305 /**
2306 * ccs_read_query - Read access requests which violated policy in enforcing mode.
2307 *
2308 * @head: Pointer to "struct ccs_io_buffer".
2309 */
2310 static void ccs_read_query(struct ccs_io_buffer *head)
2311 {
2312 struct list_head *tmp;
2313 int pos = 0;
2314 int len = 0;
2315 char *buf;
2316 if (head->read_avail)
2317 return;
2318 if (head->read_buf) {
2319 kfree(head->read_buf);
2320 head->read_buf = NULL;
2321 head->readbuf_size = 0;
2322 }
2323 spin_lock(&ccs_query_list_lock);
2324 list_for_each(tmp, &ccs_query_list) {
2325 struct ccs_query_entry *ptr
2326 = list_entry(tmp, struct ccs_query_entry, list);
2327 if (ptr->answer)
2328 continue;
2329 if (pos++ != head->read_step)
2330 continue;
2331 len = ptr->query_len;
2332 break;
2333 }
2334 spin_unlock(&ccs_query_list_lock);
2335 if (!len) {
2336 head->read_step = 0;
2337 return;
2338 }
2339 buf = kzalloc(len, GFP_KERNEL);
2340 if (!buf)
2341 return;
2342 pos = 0;
2343 spin_lock(&ccs_query_list_lock);
2344 list_for_each(tmp, &ccs_query_list) {
2345 struct ccs_query_entry *ptr
2346 = list_entry(tmp, struct ccs_query_entry, list);
2347 if (ptr->answer)
2348 continue;
2349 if (pos++ != head->read_step)
2350 continue;
2351 /*
2352 * Some query can be skipped because ccs_query_list
2353 * can change, but I don't care.
2354 */
2355 if (len == ptr->query_len)
2356 memmove(buf, ptr->query, len);
2357 break;
2358 }
2359 spin_unlock(&ccs_query_list_lock);
2360 if (buf[0]) {
2361 head->read_avail = len;
2362 head->readbuf_size = head->read_avail;
2363 head->read_buf = buf;
2364 head->read_step++;
2365 } else {
2366 kfree(buf);
2367 }
2368 }
2369
2370 /**
2371 * ccs_write_answer - Write the supervisor's decision.
2372 *
2373 * @head: Pointer to "struct ccs_io_buffer".
2374 *
2375 * Returns 0 on success, -EINVAL otherwise.
2376 */
2377 static int ccs_write_answer(struct ccs_io_buffer *head)
2378 {
2379 char *data = head->write_buf;
2380 struct list_head *tmp;
2381 unsigned int serial;
2382 unsigned int answer;
2383 spin_lock(&ccs_query_list_lock);
2384 list_for_each(tmp, &ccs_query_list) {
2385 struct ccs_query_entry *ptr
2386 = list_entry(tmp, struct ccs_query_entry, list);
2387 ptr->timer = 0;
2388 }
2389 spin_unlock(&ccs_query_list_lock);
2390 if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
2391 return -EINVAL;
2392 spin_lock(&ccs_query_list_lock);
2393 list_for_each(tmp, &ccs_query_list) {
2394 struct ccs_query_entry *ptr
2395 = list_entry(tmp, struct ccs_query_entry, list);
2396 if (ptr->serial != serial)
2397 continue;
2398 if (!ptr->answer)
2399 ptr->answer = answer;
2400 break;
2401 }
2402 spin_unlock(&ccs_query_list_lock);
2403 return 0;
2404 }
2405
2406 /**
2407 * ccs_read_version: Get version.
2408 *
2409 * @head: Pointer to "struct ccs_io_buffer".
2410 */
2411 static void ccs_read_version(struct ccs_io_buffer *head)
2412 {
2413 if (head->read_eof)
2414 return;
2415 ccs_io_printf(head, "1.7.1");
2416 head->read_eof = true;
2417 }
2418
2419 /**
2420 * ccs_read_self_domain - Get the current process's domainname.
2421 *
2422 * @head: Pointer to "struct ccs_io_buffer".
2423 */
2424 static void ccs_read_self_domain(struct ccs_io_buffer *head)
2425 {
2426 if (head->read_eof)
2427 return;
2428 /*
2429 * ccs_current_domain()->domainname != NULL because every process
2430 * belongs to a domain and the domain's name cannot be NULL.
2431 */
2432 ccs_io_printf(head, "%s", ccs_current_domain()->domainname->name);
2433 head->read_eof = true;
2434 }
2435
2436 /**
2437 * ccs_open_control - open() for /proc/ccs/ interface.
2438 *
2439 * @type: Type of interface.
2440 * @file: Pointer to "struct file".
2441 *
2442 * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
2443 */
2444 int ccs_open_control(const u8 type, struct file *file)
2445 {
2446 struct ccs_io_buffer *head = kzalloc(sizeof(*head), GFP_KERNEL);
2447 if (!head)
2448 return -ENOMEM;
2449 mutex_init(&head->io_sem);
2450 head->type = type;
2451 switch (type) {
2452 case CCS_DOMAINPOLICY: /* /proc/ccs/domain_policy */
2453 head->write = ccs_write_domain_policy;
2454 head->read = ccs_read_domain_policy;
2455 break;
2456 case CCS_EXCEPTIONPOLICY: /* /proc/ccs/exception_policy */
2457 head->write = ccs_write_exception_policy;
2458 head->read = ccs_read_exception_policy;
2459 break;
2460 #ifdef CONFIG_CCSECURITY_AUDIT
2461 case CCS_GRANTLOG: /* /proc/ccs/grant_log */
2462 head->poll = ccs_poll_grant_log;
2463 head->read = ccs_read_grant_log;
2464 break;
2465 case CCS_REJECTLOG: /* /proc/ccs/reject_log */
2466 head->poll = ccs_poll_reject_log;
2467 head->read = ccs_read_reject_log;
2468 break;
2469 #endif
2470 case CCS_SELFDOMAIN: /* /proc/ccs/self_domain */
2471 head->read = ccs_read_self_domain;
2472 break;
2473 case CCS_DOMAIN_STATUS: /* /proc/ccs/.domain_status */
2474 head->write = ccs_write_domain_profile;
2475 head->read = ccs_read_domain_profile;
2476 break;
2477 case CCS_EXECUTE_HANDLER: /* /proc/ccs/.execute_handler */
2478 /* Allow execute_handler to read process's status. */
2479 if (!(current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER)) {
2480 kfree(head);
2481 return -EPERM;
2482 }
2483 /* fall through */
2484 case CCS_PROCESS_STATUS: /* /proc/ccs/.process_status */
2485 head->write = ccs_write_pid;
2486 head->read = ccs_read_pid;
2487 break;
2488 case CCS_VERSION: /* /proc/ccs/version */
2489 head->read = ccs_read_version;
2490 head->readbuf_size = 128;
2491 break;
2492 case CCS_MEMINFO: /* /proc/ccs/meminfo */
2493 head->write = ccs_write_memory_quota;
2494 head->read = ccs_read_memory_counter;
2495 head->readbuf_size = 512;
2496 break;
2497 case CCS_PROFILE: /* /proc/ccs/profile */
2498 head->write = ccs_write_profile;
2499 head->read = ccs_read_profile;
2500 break;
2501 case CCS_QUERY: /* /proc/ccs/query */
2502 head->poll = ccs_poll_query;
2503 head->write = ccs_write_answer;
2504 head->read = ccs_read_query;
2505 break;
2506 case CCS_MANAGER: /* /proc/ccs/manager */
2507 head->write = ccs_write_manager_policy;
2508 head->read = ccs_read_manager_policy;
2509 break;
2510 }
2511 if (!(file->f_mode & FMODE_READ)) {
2512 /*
2513 * No need to allocate read_buf since it is not opened
2514 * for reading.
2515 */
2516 head->read = NULL;
2517 head->poll = NULL;
2518 } else if (!head->poll) {
2519 /* Don't allocate read_buf for poll() access. */
2520 if (!head->readbuf_size)
2521 head->readbuf_size = 4096;
2522 head->read_buf = kzalloc(head->readbuf_size, GFP_KERNEL);
2523 if (!head->read_buf) {
2524 kfree(head);
2525 return -ENOMEM;
2526 }
2527 }
2528 if (!(file->f_mode & FMODE_WRITE)) {
2529 /*
2530 * No need to allocate write_buf since it is not opened
2531 * for writing.
2532 */
2533 head->write = NULL;
2534 } else if (head->write) {
2535 head->writebuf_size = 4096;
2536 head->write_buf = kzalloc(head->writebuf_size, GFP_KERNEL);
2537 if (!head->write_buf) {
2538 kfree(head->read_buf);
2539 kfree(head);
2540 return -ENOMEM;
2541 }
2542 }
2543 if (type != CCS_QUERY &&
2544 type != CCS_GRANTLOG && type != CCS_REJECTLOG)
2545 head->reader_idx = ccs_read_lock();
2546 file->private_data = head;
2547 /*
2548 * Call the handler now if the file is /proc/ccs/self_domain
2549 * so that the user can use "cat < /proc/ccs/self_domain" to
2550 * know the current process's domainname.
2551 */
2552 if (type == CCS_SELFDOMAIN)
2553 ccs_read_control(file, NULL, 0);
2554 /*
2555 * If the file is /proc/ccs/query , increment the observer counter.
2556 * The obserber counter is used by ccs_supervisor() to see if
2557 * there is some process monitoring /proc/ccs/query.
2558 */
2559 else if (type == CCS_QUERY)
2560 atomic_inc(&ccs_query_observers);
2561 return 0;
2562 }
2563
2564 /**
2565 * ccs_poll_control - poll() for /proc/ccs/ interface.
2566 *
2567 * @file: Pointer to "struct file".
2568 * @wait: Pointer to "poll_table".
2569 *
2570 * Waits for read readiness.
2571 * /proc/ccs/query is handled by /usr/sbin/ccs-queryd and
2572 * /proc/ccs/grant_log and /proc/ccs/reject_log are handled by
2573 * /usr/sbin/ccs-auditd .
2574 */
2575 int ccs_poll_control(struct file *file, poll_table *wait)
2576 {
2577 struct ccs_io_buffer *head = file->private_data;
2578 if (!head->poll)
2579 return -ENOSYS;
2580 return head->poll(file, wait);
2581 }
2582
2583 /**
2584 * ccs_read_control - read() for /proc/ccs/ interface.
2585 *
2586 * @file: Pointer to "struct file".
2587 * @buffer: Poiner to buffer to write to.
2588 * @buffer_len: Size of @buffer.
2589 *
2590 * Returns bytes read on success, negative value otherwise.
2591 */
2592 int ccs_read_control(struct file *file, char __user *buffer,
2593 const int buffer_len)
2594 {
2595 int len = 0;
2596 struct ccs_io_buffer *head = file->private_data;
2597 char *cp;
2598 if (!head->read)
2599 return -ENOSYS;
2600 if (!access_ok(VERIFY_WRITE, buffer, buffer_len))
2601 return -EFAULT;
2602 if (mutex_lock_interruptible(&head->io_sem))
2603 return -EINTR;
2604 while (1) {
2605 /* Call the policy handler. */
2606 head->read(head);
2607 /* Write to buffer. */
2608 len = head->read_avail;
2609 if (len || head->poll || head->read_eof)
2610 break;
2611 len = head->readbuf_size * 2;
2612 cp = kzalloc(len, GFP_KERNEL);
2613 if (!cp) {
2614 len = -ENOMEM;
2615 goto out;
2616 }
2617 kfree(head->read_buf);
2618 head->read_buf = cp;
2619 head->readbuf_size = len;
2620 }
2621 if (len > buffer_len)
2622 len = buffer_len;
2623 if (!len)
2624 goto out;
2625 /* head->read_buf changes by some functions. */
2626 cp = head->read_buf;
2627 if (copy_to_user(buffer, cp, len)) {
2628 len = -EFAULT;
2629 goto out;
2630 }
2631 head->read_avail -= len;
2632 memmove(cp, cp + len, head->read_avail);
2633 out:
2634 mutex_unlock(&head->io_sem);
2635 return len;
2636 }
2637
2638 /**
2639 * ccs_write_control - write() for /proc/ccs/ interface.
2640 *
2641 * @file: Pointer to "struct file".
2642 * @buffer: Pointer to buffer to read from.
2643 * @buffer_len: Size of @buffer.
2644 *
2645 * Returns @buffer_len on success, negative value otherwise.
2646 */
2647 int ccs_write_control(struct file *file, const char __user *buffer,
2648 const int buffer_len)
2649 {
2650 struct ccs_io_buffer *head = file->private_data;
2651 int error = buffer_len;
2652 int avail_len = buffer_len;
2653 char *cp0 = head->write_buf;
2654 if (!head->write)
2655 return -ENOSYS;
2656 if (!access_ok(VERIFY_READ, buffer, buffer_len))
2657 return -EFAULT;
2658 /* Don't allow updating policies by non manager programs. */
2659 if (head->write != ccs_write_pid &&
2660 head->write != ccs_write_domain_policy &&
2661 !ccs_is_policy_manager())
2662 return -EPERM;
2663 if (mutex_lock_interruptible(&head->io_sem))
2664 return -EINTR;
2665 /* Read a line and dispatch it to the policy handler. */
2666 while (avail_len > 0) {
2667 char c;
2668 if (head->write_avail >= head->writebuf_size - 1) {
2669 const int len = head->writebuf_size * 2;
2670 char *cp = kzalloc(len, GFP_KERNEL);
2671 if (!cp) {
2672 error = -ENOMEM;
2673 break;
2674 }
2675 memmove(cp, cp0, head->write_avail);
2676 kfree(cp0);
2677 head->write_buf = cp;
2678 cp0 = cp;
2679 head->writebuf_size = len;
2680 }
2681 if (get_user(c, buffer)) {
2682 error = -EFAULT;
2683 break;
2684 }
2685 buffer++;
2686 avail_len--;
2687 cp0[head->write_avail++] = c;
2688 if (c != '\n')
2689 continue;
2690 cp0[head->write_avail - 1] = '\0';
2691 head->write_avail = 0;
2692 ccs_normalize_line(cp0);
2693 head->write(head);
2694 }
2695 mutex_unlock(&head->io_sem);
2696 return error;
2697 }
2698
2699 /**
2700 * ccs_close_control - close() for /proc/ccs/ interface.
2701 *
2702 * @file: Pointer to "struct file".
2703 *
2704 * Releases memory and returns 0.
2705 */
2706 int ccs_close_control(struct file *file)
2707 {
2708 struct ccs_io_buffer *head = file->private_data;
2709 const bool is_write = head->write_buf != NULL;
2710 const u8 type = head->type;
2711 /*
2712 * If the file is /proc/ccs/query , decrement the observer counter.
2713 */
2714 if (type == CCS_QUERY)
2715 atomic_dec(&ccs_query_observers);
2716 if (type != CCS_QUERY &&
2717 type != CCS_GRANTLOG && type != CCS_REJECTLOG)
2718 ccs_read_unlock(head->reader_idx);
2719 /* Release memory used for policy I/O. */
2720 kfree(head->read_buf);
2721 head->read_buf = NULL;
2722 kfree(head->write_buf);
2723 head->write_buf = NULL;
2724 kfree(head);
2725 head = NULL;
2726 file->private_data = NULL;
2727 if (is_write)
2728 ccs_run_gc();
2729 return 0;
2730 }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
Über OSDN
Software suchen
Entwickeln Software
Hilfeseiten