This patch contains structure/prototype/variable declarations for TOMOYO. Signed-off-by: Tetsuo Handa --- security/tomoyo/internal.h | 1317 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1317 insertions(+) --- /dev/null +++ security-testing-2.6/security/tomoyo/internal.h @@ -0,0 +1,1317 @@ +/* + * security/tomoyo/internal.h + * + * Copyright (C) 2005-2009 NTT DATA CORPORATION + */ + +#ifndef _SECURITY_TOMOYO_INTERNAL_H +#define _SECURITY_TOMOYO_INTERNAL_H + +#include +#include +extern asmlinkage long sys_getpid(void); +extern asmlinkage long sys_getppid(void); +extern spinlock_t vfsmount_lock; + +/* Index numbers for Access Controls. */ +enum tomoyo_acl_entry_type_index { + TOMOYO_TYPE_PATH_ACL, + TOMOYO_TYPE_PATH2_ACL, + TOMOYO_TYPE_PATH_NUMBER_ACL, + TOMOYO_TYPE_PATH_NUMBER3_ACL, + TOMOYO_TYPE_ENV_ACL, + TOMOYO_TYPE_CAPABILITY_ACL, + TOMOYO_TYPE_IP_NETWORK_ACL, + TOMOYO_TYPE_MOUNT_ACL, + TOMOYO_TYPE_EXECUTE_HANDLER, + TOMOYO_TYPE_DENIED_EXECUTE_HANDLER +}; + +/* Index numbers for Capability Controls. */ +enum tomoyo_capability_acl_index { + /* socket(PF_INET or PF_INET6, SOCK_STREAM, *) */ + TOMOYO_INET_STREAM_SOCKET_CREATE, + /* listen() for PF_INET or PF_INET6, SOCK_STREAM */ + TOMOYO_INET_STREAM_SOCKET_LISTEN, + /* connect() for PF_INET or PF_INET6, SOCK_STREAM */ + TOMOYO_INET_STREAM_SOCKET_CONNECT, + /* socket(PF_INET or PF_INET6, SOCK_DGRAM, *) */ + TOMOYO_USE_INET_DGRAM_SOCKET, + /* socket(PF_INET or PF_INET6, SOCK_RAW, *) */ + TOMOYO_USE_INET_RAW_SOCKET, + /* socket(PF_ROUTE, *, *) */ + TOMOYO_USE_ROUTE_SOCKET, + /* socket(PF_PACKET, *, *) */ + TOMOYO_USE_PACKET_SOCKET, + /* sys_mount() */ + TOMOYO_SYS_MOUNT, + /* sys_umount() */ + TOMOYO_SYS_UMOUNT, + /* sys_chroot() */ + TOMOYO_SYS_CHROOT, + /* sys_mknod(S_IFIFO) */ + TOMOYO_CREATE_FIFO, + /* sys_mknod(S_IFBLK) */ + TOMOYO_CREATE_BLOCK_DEV, + /* sys_mknod(S_IFCHR) */ + TOMOYO_CREATE_CHAR_DEV, + /* sys_mknod(S_IFSOCK) */ + TOMOYO_CREATE_UNIX_SOCKET, + /* sys_link() */ + TOMOYO_SYS_LINK, + /* sys_symlink() */ + TOMOYO_SYS_SYMLINK, + /* sys_rename() */ + TOMOYO_SYS_RENAME, + /* sys_unlink() */ + TOMOYO_SYS_UNLINK, + /* sys_chmod(), sys_fchmod() */ + TOMOYO_SYS_CHMOD, + /* sys_chown(), sys_fchown(), sys_lchown() */ + TOMOYO_SYS_CHOWN, + /* sys_ioctl(), compat_sys_ioctl() */ + TOMOYO_SYS_IOCTL, + /* sys_pivot_root() */ + TOMOYO_SYS_PIVOT_ROOT, + TOMOYO_MAX_CAPABILITY_INDEX +}; + +/* + * TOMOYO_TYPE_READ_WRITE is special. TOMOYO_TYPE_READ_WRITE is automatically + * set if both TOMOYO_TYPE_READ and TOMOYO_TYPE_WRITE are set. Both + * TOMOYO_TYPE_READ and TOMOYO_TYPE_WRITE are automatically set if + * TOMOYO_TYPE_READ_WRITE is set. + * TOMOYO_TYPE_READ_WRITE is automatically cleared if either TOMOYO_TYPE_READ + * or TOMOYO_TYPE_WRITE is cleared. Both TOMOYO_TYPE_READ and TOMOYO_TYPE_WRITE + * are automatically cleared if TOMOYO_TYPE_READ_WRITE is cleared. + */ + +enum tomoyo_path_acl_index { + TOMOYO_TYPE_READ_WRITE, + TOMOYO_TYPE_EXECUTE, + TOMOYO_TYPE_READ, + TOMOYO_TYPE_WRITE, + TOMOYO_TYPE_UNLINK, + TOMOYO_TYPE_RMDIR, + TOMOYO_TYPE_TRUNCATE, + TOMOYO_TYPE_SYMLINK, + TOMOYO_TYPE_REWRITE, + TOMOYO_TYPE_CHROOT, + TOMOYO_TYPE_UMOUNT, + TOMOYO_MAX_PATH_OPERATION +}; + +enum tomoyo_path_number3_acl_index { + TOMOYO_TYPE_MKBLOCK, + TOMOYO_TYPE_MKCHAR, + TOMOYO_MAX_PATH_NUMBER3_OPERATION +}; + +enum tomoyo_path2_acl_index { + TOMOYO_TYPE_LINK, + TOMOYO_TYPE_RENAME, + TOMOYO_TYPE_PIVOT_ROOT, + TOMOYO_MAX_PATH2_OPERATION +}; + +enum tomoyo_path_number_acl_index { + TOMOYO_TYPE_CREATE, + TOMOYO_TYPE_MKDIR, + TOMOYO_TYPE_MKFIFO, + TOMOYO_TYPE_MKSOCK, + TOMOYO_TYPE_IOCTL, + TOMOYO_TYPE_CHMOD, + TOMOYO_TYPE_CHOWN, + TOMOYO_TYPE_CHGRP, + TOMOYO_MAX_PATH_NUMBER_OPERATION +}; + +enum tomoyo_network_acl_index { + /* UDP's bind() operation. */ + TOMOYO_NETWORK_UDP_BIND, + /* UDP's connect()/send()/recv() operation. */ + TOMOYO_NETWORK_UDP_CONNECT, + /* TCP's bind() operation. */ + TOMOYO_NETWORK_TCP_BIND, + /* TCP's listen() operation. */ + TOMOYO_NETWORK_TCP_LISTEN, + /* TCP's connect() operation. */ + TOMOYO_NETWORK_TCP_CONNECT, + /* TCP's accept() operation. */ + TOMOYO_NETWORK_TCP_ACCEPT, + /* IP's bind() operation. */ + TOMOYO_NETWORK_RAW_BIND, + /* IP's connect()/send()/recv() operation. */ + TOMOYO_NETWORK_RAW_CONNECT, + TOMOYO_MAX_NETWORK_OPERATION +}; + +enum tomoyo_ip_address_type { + TOMOYO_IP_ADDRESS_TYPE_ADDRESS_GROUP, + TOMOYO_IP_ADDRESS_TYPE_IPv4, + TOMOYO_IP_ADDRESS_TYPE_IPv6 +}; + +/* Indexes for /sys/kernel/security/tomoyo/ interfaces. */ +enum tomoyo_proc_interface_index { + TOMOYO_DOMAINPOLICY, + TOMOYO_EXCEPTIONPOLICY, + TOMOYO_DOMAIN_STATUS, + TOMOYO_PROCESS_STATUS, + TOMOYO_MEMINFO, + TOMOYO_GRANTLOG, + TOMOYO_REJECTLOG, + TOMOYO_SELFDOMAIN, + TOMOYO_VERSION, + TOMOYO_PROFILE, + TOMOYO_QUERY, + TOMOYO_MANAGER, + TOMOYO_EXECUTE_HANDLER +}; + +enum tomoyo_mac_index { + TOMOYO_MAC_FILE_EXECUTE, + TOMOYO_MAC_FILE_OPEN, + TOMOYO_MAC_FILE_CREATE, + TOMOYO_MAC_FILE_UNLINK, + TOMOYO_MAC_FILE_MKDIR, + TOMOYO_MAC_FILE_RMDIR, + TOMOYO_MAC_FILE_MKFIFO, + TOMOYO_MAC_FILE_MKSOCK, + TOMOYO_MAC_FILE_TRUNCATE, + TOMOYO_MAC_FILE_SYMLINK, + TOMOYO_MAC_FILE_REWRITE, + TOMOYO_MAC_FILE_MKBLOCK, + TOMOYO_MAC_FILE_MKCHAR, + TOMOYO_MAC_FILE_LINK, + TOMOYO_MAC_FILE_RENAME, + TOMOYO_MAC_FILE_CHMOD, + TOMOYO_MAC_FILE_CHOWN, + TOMOYO_MAC_FILE_CHGRP, + TOMOYO_MAC_FILE_IOCTL, + TOMOYO_MAC_FILE_CHROOT, + TOMOYO_MAC_FILE_MOUNT, + TOMOYO_MAC_FILE_UMOUNT, + TOMOYO_MAC_FILE_PIVOT_ROOT, + TOMOYO_MAC_NETWORK_UDP_BIND, + TOMOYO_MAC_NETWORK_UDP_CONNECT, + TOMOYO_MAC_NETWORK_TCP_BIND, + TOMOYO_MAC_NETWORK_TCP_LISTEN, + TOMOYO_MAC_NETWORK_TCP_CONNECT, + TOMOYO_MAC_NETWORK_TCP_ACCEPT, + TOMOYO_MAC_NETWORK_RAW_BIND, + TOMOYO_MAC_NETWORK_RAW_CONNECT, + TOMOYO_MAC_ENVIRON, + TOMOYO_MAX_MAC_INDEX +}; + +enum tomoyo_mac_category_index { + TOMOYO_MAC_CATEGORY_FILE, + TOMOYO_MAC_CATEGORY_NETWORK, + TOMOYO_MAC_CATEGORY_MISC, + TOMOYO_MAC_CATEGORY_CAPABILITY, + TOMOYO_MAX_MAC_CATEGORY_INDEX +}; + +enum tomoyo_conditions_index { + TOMOYO_TASK_UID, /* current_uid() */ + TOMOYO_TASK_EUID, /* current_euid() */ + TOMOYO_TASK_SUID, /* current_suid() */ + TOMOYO_TASK_FSUID, /* current_fsuid() */ + TOMOYO_TASK_GID, /* current_gid() */ + TOMOYO_TASK_EGID, /* current_egid() */ + TOMOYO_TASK_SGID, /* current_sgid() */ + TOMOYO_TASK_FSGID, /* current_fsgid() */ + TOMOYO_TASK_PID, /* sys_getpid() */ + TOMOYO_TASK_PPID, /* sys_getppid() */ + TOMOYO_EXEC_ARGC, /* "struct linux_binprm *"->argc */ + TOMOYO_EXEC_ENVC, /* "struct linux_binprm *"->envc */ + TOMOYO_TASK_STATE_0, /* (u8) (current->tomoyo_flags >> 24) */ + TOMOYO_TASK_STATE_1, /* (u8) (current->tomoyo_flags >> 16) */ + TOMOYO_TASK_STATE_2, /* (u8) (task->tomoyo_flags >> 8) */ + TOMOYO_TYPE_IS_SOCKET, /* S_IFSOCK */ + TOMOYO_TYPE_IS_SYMLINK, /* S_IFLNK */ + TOMOYO_TYPE_IS_FILE, /* S_IFREG */ + TOMOYO_TYPE_IS_BLOCK_DEV, /* S_IFBLK */ + TOMOYO_TYPE_IS_DIRECTORY, /* S_IFDIR */ + TOMOYO_TYPE_IS_CHAR_DEV, /* S_IFCHR */ + TOMOYO_TYPE_IS_FIFO, /* S_IFIFO */ + TOMOYO_MODE_SETUID, /* S_ISUID */ + TOMOYO_MODE_SETGID, /* S_ISGID */ + TOMOYO_MODE_STICKY, /* S_ISVTX */ + TOMOYO_MODE_OWNER_READ, /* S_IRUSR */ + TOMOYO_MODE_OWNER_WRITE, /* S_IWUSR */ + TOMOYO_MODE_OWNER_EXECUTE, /* S_IXUSR */ + TOMOYO_MODE_GROUP_READ, /* S_IRGRP */ + TOMOYO_MODE_GROUP_WRITE, /* S_IWGRP */ + TOMOYO_MODE_GROUP_EXECUTE, /* S_IXGRP */ + TOMOYO_MODE_OTHERS_READ, /* S_IROTH */ + TOMOYO_MODE_OTHERS_WRITE, /* S_IWOTH */ + TOMOYO_MODE_OTHERS_EXECUTE, /* S_IXOTH */ + TOMOYO_TASK_TYPE, /* ((u8) task->tomoyo_flags) & + TOMOYO_TASK_IS_EXECUTE_HANDLER */ + TOMOYO_TASK_EXECUTE_HANDLER, /* TOMOYO_TASK_IS_EXECUTE_HANDLER */ + TOMOYO_EXEC_REALPATH, + TOMOYO_SYMLINK_TARGET, + TOMOYO_PATH1_UID, + TOMOYO_PATH1_GID, + TOMOYO_PATH1_INO, + TOMOYO_PATH1_MAJOR, + TOMOYO_PATH1_MINOR, + TOMOYO_PATH1_PERM, + TOMOYO_PATH1_TYPE, + TOMOYO_PATH1_DEV_MAJOR, + TOMOYO_PATH1_DEV_MINOR, + TOMOYO_PATH2_UID, + TOMOYO_PATH2_GID, + TOMOYO_PATH2_INO, + TOMOYO_PATH2_MAJOR, + TOMOYO_PATH2_MINOR, + TOMOYO_PATH2_PERM, + TOMOYO_PATH2_TYPE, + TOMOYO_PATH2_DEV_MAJOR, + TOMOYO_PATH2_DEV_MINOR, + TOMOYO_PATH1_PARENT_UID, + TOMOYO_PATH1_PARENT_GID, + TOMOYO_PATH1_PARENT_INO, + TOMOYO_PATH1_PARENT_PERM, + TOMOYO_PATH2_PARENT_UID, + TOMOYO_PATH2_PARENT_GID, + TOMOYO_PATH2_PARENT_INO, + TOMOYO_PATH2_PARENT_PERM, + TOMOYO_MAX_CONDITION_KEYWORD, + TOMOYO_NUMBER_UNION, + TOMOYO_NAME_UNION, + TOMOYO_ARGV_ENTRY, + TOMOYO_ENVP_ENTRY +}; + +/* Keywords for ACLs. */ +#define TOMOYO_KEYWORD_ADDRESS_GROUP "address_group " +#define TOMOYO_KEYWORD_AGGREGATOR "aggregator " +#define TOMOYO_KEYWORD_ALLOW_CAPABILITY "allow_capability " +#define TOMOYO_KEYWORD_ALLOW_ENV "allow_env " +#define TOMOYO_KEYWORD_ALLOW_IOCTL "allow_ioctl " +#define TOMOYO_KEYWORD_ALLOW_CHMOD "allow_chmod " +#define TOMOYO_KEYWORD_ALLOW_CHOWN "allow_chown " +#define TOMOYO_KEYWORD_ALLOW_CHGRP "allow_chgrp " +#define TOMOYO_KEYWORD_ALLOW_MOUNT "allow_mount " +#define TOMOYO_KEYWORD_ALLOW_NETWORK "allow_network " +#define TOMOYO_KEYWORD_ALLOW_READ "allow_read " +#define TOMOYO_KEYWORD_DELETE "delete " +#define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite " +#define TOMOYO_KEYWORD_FILE_PATTERN "file_pattern " +#define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain " +#define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain " +#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain " +#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain " +#define TOMOYO_KEYWORD_PATH_GROUP "path_group " +#define TOMOYO_KEYWORD_NUMBER_GROUP "number_group " +#define TOMOYO_KEYWORD_SELECT "select " +#define TOMOYO_KEYWORD_USE_PROFILE "use_profile " +#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read" +#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "ignore_global_allow_env" +#define TOMOYO_KEYWORD_EXECUTE_HANDLER "execute_handler" +#define TOMOYO_KEYWORD_DENIED_EXECUTE_HANDLER "denied_execute_handler" + +/* A domain definition starts with . */ +#define ROOT_NAME "" +#define ROOT_NAME_LEN (sizeof(ROOT_NAME) - 1) + +/* Value type definition. */ +#define TOMOYO_VALUE_TYPE_INVALID 0 +#define TOMOYO_VALUE_TYPE_DECIMAL 1 +#define TOMOYO_VALUE_TYPE_OCTAL 2 +#define TOMOYO_VALUE_TYPE_HEXADECIMAL 3 + +#define TOMOYO_EXEC_TMPSIZE 4096 + +/* Profile number is an integer between 0 and 255. */ +#define TOMOYO_MAX_PROFILES 256 + +#define TOMOYO_CONFIG_DISABLED 0 +#define TOMOYO_CONFIG_LEARNING 1 +#define TOMOYO_CONFIG_PERMISSIVE 2 +#define TOMOYO_CONFIG_ENFORCING 3 +#define TOMOYO_CONFIG_WANT_REJECT_LOG 64 +#define TOMOYO_CONFIG_WANT_GRANT_LOG 128 +#define TOMOYO_CONFIG_USE_DEFAULT 255 + +#define TOMOYO_TASK_IS_IN_EXECVE 16 +#define TOMOYO_DONT_SLEEP_ON_ENFORCE_ERROR 32 +#define TOMOYO_TASK_IS_EXECUTE_HANDLER 64 +#define TOMOYO_TASK_IS_POLICY_MANAGER 128 +/* Highest 24 bits are reserved for task.state[] conditions. */ + +/** + * list_for_each_cookie - iterate over a list with cookie. + * @pos: the &struct list_head to use as a loop cursor. + * @cookie: the &struct list_head to use as a cookie. + * @head: the head for your list. + * + * Same with list_for_each_rcu() except that this primitive uses @cookie + * so that we can continue iteration. + * @cookie must be NULL when iteration starts, and @cookie will become + * NULL when iteration finishes. + */ +#define list_for_each_cookie(pos, cookie, head) \ + for (({ if (!cookie) \ + cookie = head; }), \ + pos = rcu_dereference((cookie)->next); \ + prefetch(pos->next), pos != (head) || ((cookie) = NULL); \ + (cookie) = pos, pos = rcu_dereference(pos->next)) + +struct tomoyo_name_union { + const struct tomoyo_path_info *filename; + struct tomoyo_path_group *group; + u8 is_group; +}; + +struct tomoyo_number_union { + unsigned long values[2]; + struct tomoyo_number_group *group; + u8 min_type; + u8 max_type; + u8 is_group; +}; + +/* Structure for "path_group" directive. */ +struct tomoyo_path_group { + struct list_head list; + const struct tomoyo_path_info *group_name; + struct list_head member_list; + atomic_t users; +}; + +/* Structure for "number_group" directive. */ +struct tomoyo_number_group { + struct list_head list; + const struct tomoyo_path_info *group_name; + struct list_head member_list; + atomic_t users; +}; + +/* Structure for "address_group" directive. */ +struct tomoyo_address_group { + struct list_head list; + const struct tomoyo_path_info *group_name; + struct list_head member_list; + atomic_t users; +}; + +/* Structure for "path_group" directive. */ +struct tomoyo_path_group_member { + struct list_head list; + bool is_deleted; + const struct tomoyo_path_info *member_name; +}; + +/* Structure for "number_group" directive. */ +struct tomoyo_number_group_member { + struct list_head list; + bool is_deleted; + struct tomoyo_number_union number; +}; + +/* Structure for "address_group" directive. */ +struct tomoyo_address_group_member { + struct list_head list; + bool is_deleted; + bool is_ipv6; + union { + u32 ipv4; /* Host byte order */ + const struct in6_addr *ipv6; /* Network byte order */ + } min, max; +}; + + +/* Subset of "struct stat". */ +struct tomoyo_mini_stat { + uid_t uid; + gid_t gid; + ino_t ino; + mode_t mode; + dev_t dev; + dev_t rdev; +}; + +/* Structure for dumping argv[] and envp[] of "struct linux_binprm". */ +struct tomoyo_page_dump { + struct page *page; /* Previously dumped page. */ + char *data; /* Contents of "page". Size is PAGE_SIZE. */ +}; + +/* Structure for attribute checks in addition to pathname checks. */ +struct tomoyo_obj_info { + bool validate_done; + bool path1_valid; + bool path1_parent_valid; + bool path2_valid; + bool path2_parent_valid; + struct path path1; + struct path path2; + struct tomoyo_mini_stat path1_stat; + /* I don't handle path2_stat for rename operation. */ + struct tomoyo_mini_stat path2_stat; + struct tomoyo_mini_stat path1_parent_stat; + struct tomoyo_mini_stat path2_parent_stat; + struct tomoyo_path_info *symlink_target; + unsigned int dev; +}; + +struct tomoyo_condition_element { + /* + * Left hand operand. A "struct tomoyo_argv_entry" for + * TOMOYO_ARGV_ENTRY, a "struct tomoyo_envp_entry" for + * TOMOYO_ENVP_ENTRY is attached to the tail of the array of this + * struct. + */ + u8 left; + /* + * Right hand operand. A "struct tomoyo_number_union" for + * TOMOYO_NUMBER_UNION, a "struct tomoyo_name_union" for + * TOMOYO_NAME_UNION is attached to the tail of the array of this + * struct. + */ + u8 right; + /* Equation operator. true if equals or overlaps, false otherwise. */ + bool equals; +}; + +/* Structure for " if " and "; set" part. */ +struct tomoyo_condition { + struct list_head list; + atomic_t users; + u32 size; + u16 condc; + u16 numbers_count; + u16 names_count; + u16 argc; + u16 envc; + u8 post_state[4]; + /* + * struct tomoyo_condition_element condition[condc]; + * struct tomoyo_number_union values[numbers_count]; + * struct tomoyo_name_union names[names_count]; + * struct tomoyo_argv_entry argv[argc]; + * struct tomoyo_envp_entry envp[envc]; + */ +}; + +struct tomoyo_execve_entry; + +/* Structure for request info. */ +struct tomoyo_request_info { + struct tomoyo_domain_info *domain; + struct tomoyo_obj_info *obj; + struct tomoyo_execve_entry *ee; + struct tomoyo_condition *cond; + u8 retry; + u8 profile; + u8 mode; + u8 type; +}; + +/* + * tomoyo_path_info is a structure which is used for holding a string data + * used by TOMOYO. + * This structure has several fields for supporting pattern matching. + * + * (1) "name" is the '\0' terminated string data. + * (2) "hash" is full_name_hash(name, strlen(name)). + * This allows tomoyo_pathcmp() to compare by hash before actually compare + * using strcmp(). + * (3) "const_len" is the length of the initial segment of "name" which + * consists entirely of non wildcard characters. In other words, the length + * which we can compare two strings using strncmp(). + * (4) "is_dir" is a bool which is true if "name" ends with "/", + * false otherwise. + * TOMOYO distinguishes directory and non-directory. A directory ends with + * "/" and non-directory does not end with "/". + * (5) "is_patterned" is a bool which is true if "name" contains wildcard + * characters, false otherwise. This allows TOMOYO to use "hash" and + * strcmp() for string comparison if "is_patterned" is false. + */ +struct tomoyo_path_info { + const char *name; + u32 hash; /* = full_name_hash(name, strlen(name)) */ + u16 const_len; /* = tomoyo_const_part_length(name) */ + bool is_dir; /* = tomoyo_strendswith(name, "/") */ + bool is_patterned; /* = const_len < strlen(name) */ +}; + +/* Structure for execve() operation. */ +struct tomoyo_execve_entry { + struct tomoyo_request_info r; + struct tomoyo_obj_info obj; + struct linux_binprm *bprm; + struct tomoyo_domain_info *previous_domain; + int reader_idx; + /* For execute_handler */ + const struct tomoyo_path_info *handler; + char *handler_path; /* = kstrdup(handler->name, GFP_KERNEL) */ + /* For dumping argv[] and envp[]. */ + struct tomoyo_page_dump dump; + /* For temporary use. */ + char *tmp; /* Size is TOMOYO_EXEC_TMPSIZE bytes */ + atomic_t cred_users; +}; + +/* + * tomoyo_acl_info is a structure which is used for holding + * + * (1) "list" which is linked to the ->acl_info_list of + * "struct tomoyo_domain_info" + * (2) "type" which tells type of the enrty. + * (3) "is_deleted" is a bool which is true if marked as deleted, false + * otherwise. + * (4) "cond" is condition part ("if" clause and "; set" clause). + * + * Packing "struct tomoyo_acl_info" allows users of this struct + * to embed "u16" or "u8" without enlarging their structure size. + */ +struct tomoyo_acl_info { + struct list_head list; + struct tomoyo_condition *cond; + bool is_deleted; + u8 type; /* = one of values in "enum tomoyo_acl_entry_type_index" */ +} __attribute__((__packed__)); + +/* + * tomoyo_domain_info is a structure which is used for holding permissions + * (e.g. "allow_read /lib/libc-2.5.so") given to each domain. + * It has following fields. + * + * (1) "list" which is linked to tomoyo_domain_list . + * (2) "acl_info_list" which is linked to "struct tomoyo_acl_info". + * (3) "domainname" which holds the name of the domain. + * (4) "profile" which remembers profile number assigned to this domain. + * (5) "is_deleted" is a bool which is true if this domain is marked as + * "deleted", false otherwise. + * (6) "quota_warned" is a bool which is used for suppressing warning message + * when learning mode learned too much entries. + * (7) "ignore_global_allow_read" is a bool which is true if this domain + * ignores tomoyo_globally_readable_list, false otherwise. + * (8) "ignore_global_allow_env" is a bool which is true if this domain + * ignores tomoyo_globally_usable_env_list, false otherwise. + * (9) "domain_transition_failed" is a bool which is true if this domain + * has failed to transit domain. + * + * A domain's lifecycle is an analogy of files on / directory. + * Multiple domains with the same domainname cannot be created (as with + * creating files with the same filename fails with -EEXIST). + * If a process reached a domain, that process can reside in that domain after + * that domain is marked as "deleted" (as with a process can access an already + * open()ed file after that file was unlink()ed). + */ +struct tomoyo_domain_info { + struct list_head list; + struct list_head acl_info_list; + /* Name of this domain. Never NULL. */ + const struct tomoyo_path_info *domainname; + u8 profile; /* Profile number to use. */ + bool is_deleted; /* Delete flag. */ + bool quota_warned; /* Quota warnning flag. */ + /* Ignore "allow_read" directive in exception policy. */ + bool ignore_global_allow_read; + /* Ignore "allow_env" directive in exception policy. */ + bool ignore_global_allow_env; + /* + * This domain was unable to create a new domain at + * tomoyo_find_next_domain() because the name of the domain to be + * created was too long or it could not allocate memory. + * More than one process continued execve() without domain transition. + */ + bool domain_transition_failed; +}; + +/* + * tomoyo_globally_readable_file_entry is a structure which is used for holding + * "allow_read" entries. + * It has following fields. + * + * (1) "list" which is linked to tomoyo_globally_readable_list . + * (2) "filename" is a pathname which is allowed to open(O_RDONLY). + * (3) "is_deleted" is a bool which is true if marked as deleted, false + * otherwise. + */ +struct tomoyo_globally_readable_file_entry { + struct list_head list; + bool is_deleted; + const struct tomoyo_path_info *filename; +}; + +/* + * tomoyo_pattern_entry is a structure which is used for holding + * "tomoyo_pattern_list" entries. + * It has following fields. + * + * (1) "list" which is linked to tomoyo_pattern_list . + * (2) "pattern" is a pathname pattern which is used for converting pathnames + * to pathname patterns during learning mode. + * (3) "is_deleted" is a bool which is true if marked as deleted, false + * otherwise. + */ +struct tomoyo_pattern_entry { + struct list_head list; + bool is_deleted; + const struct tomoyo_path_info *pattern; +}; + +/* + * tomoyo_no_rewrite_entry is a structure which is used for holding + * "deny_rewrite" entries. + * It has following fields. + * + * (1) "list" which is linked to tomoyo_no_rewrite_list . + * (2) "pattern" is a pathname which is by default not permitted to modify + * already existing content. + * (3) "is_deleted" is a bool which is true if marked as deleted, false + * otherwise. + */ +struct tomoyo_no_rewrite_entry { + struct list_head list; + bool is_deleted; + const struct tomoyo_path_info *pattern; +}; + +/* Structure for "allow_env" keyword. */ +struct tomoyo_globally_usable_env_entry { + struct list_head list; + bool is_deleted; + const struct tomoyo_path_info *env; +}; + +/* + * tomoyo_domain_initializer_entry is a structure which is used for holding + * "initialize_domain" and "no_initialize_domain" entries. + * It has following fields. + * + * (1) "list" which is linked to tomoyo_domain_initializer_list . + * (2) "domainname" which is "a domainname" or "the last component of a + * domainname". This field is NULL if "from" clause is not specified. + * (3) "program" which is a program's pathname. + * (4) "is_deleted" is a bool which is true if marked as deleted, false + * otherwise. + * (5) "is_not" is a bool which is true if "no_initialize_domain", false + * otherwise. + * (6) "is_last_name" is a bool which is true if "domainname" is "the last + * component of a domainname", false otherwise. + */ +struct tomoyo_domain_initializer_entry { + struct list_head list; + bool is_deleted; + bool is_not; /* True if this entry is "no_initialize_domain". */ + bool is_last_name; /* True if the domainname is tomoyo_last_word(). */ + const struct tomoyo_path_info *domainname; /* This may be NULL */ + const struct tomoyo_path_info *program; +}; + +/* + * tomoyo_domain_keeper_entry is a structure which is used for holding + * "keep_domain" and "no_keep_domain" entries. + * It has following fields. + * + * (1) "list" which is linked to tomoyo_domain_keeper_list . + * (2) "domainname" which is "a domainname" or "the last component of a + * domainname". + * (3) "program" which is a program's pathname. + * This field is NULL if "from" clause is not specified. + * (4) "is_deleted" is a bool which is true if marked as deleted, false + * otherwise. + * (5) "is_not" is a bool which is true if "no_initialize_domain", false + * otherwise. + * (6) "is_last_name" is a bool which is true if "domainname" is "the last + * component of a domainname", false otherwise. + */ +struct tomoyo_domain_keeper_entry { + struct list_head list; + bool is_deleted; + bool is_not; /* True if this entry is "no_keep_domain". */ + bool is_last_name; /* True if the domainname is tomoyo_last_word(). */ + const struct tomoyo_path_info *domainname; + const struct tomoyo_path_info *program; /* This may be NULL */ +}; + +/* Structure for "aggregator" keyword. */ +struct tomoyo_aggregator_entry { + struct list_head list; + bool is_deleted; + const struct tomoyo_path_info *original_name; + const struct tomoyo_path_info *aggregated_name; +}; + +/* Structure for "allow_mount" keyword. */ +struct tomoyo_mount_acl { + struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MOUNT_ACL */ + struct tomoyo_name_union dev_name; + struct tomoyo_name_union dir_name; + struct tomoyo_name_union fs_type; + struct tomoyo_number_union flags; +}; + +/* + * tomoyo_policy_manager_entry is a structure which is used for holding list of + * domainnames or programs which are permitted to modify configuration via + * /sys/kernel/security/tomoyo/ interface. + * It has following fields. + * + * (1) "list" which is linked to tomoyo_policy_manager_list . + * (2) "manager" is a domainname or a program's pathname. + * (3) "is_domain" is a bool which is true if "manager" is a domainname, false + * otherwise. + * (4) "is_deleted" is a bool which is true if marked as deleted, false + * otherwise. + */ +struct tomoyo_policy_manager_entry { + struct list_head list; + bool is_deleted; /* True if this entry is deleted. */ + bool is_domain; /* True if manager is a domainname. */ + /* A path to program or a domainname. */ + const struct tomoyo_path_info *manager; +}; + +/* Structure for argv[]. */ +struct tomoyo_argv_entry { + unsigned int index; + const struct tomoyo_path_info *value; + bool is_not; +}; + +/* Structure for envp[]. */ +struct tomoyo_envp_entry { + const struct tomoyo_path_info *name; + const struct tomoyo_path_info *value; + bool is_not; +}; + +/* + * Structure for "execute_handler" and "denied_execute_handler" directive. + * These directives can exist only one entry in a domain. + * + * If "execute_handler" directive exists and the current process is not + * an execute handler, all execve() requests are replaced by execve() requests + * of a program specified by "execute_handler" directive. + * If the current process is an execute handler, + * "execute_handler" and "denied_execute_handler" directives are ignored. + * The program specified by "execute_handler" validates execve() parameters + * and executes the original execve() requests if appropriate. + * + * "denied_execute_handler" directive is used only when execve() request was + * rejected in enforcing mode (i.e. MAC_FOR_FILE=enforcing). + * The program specified by "denied_execute_handler" does whatever it wants + * to do (e.g. silently terminate, change firewall settings, + * redirect the user to honey pot etc.). + */ +struct tomoyo_execute_handler_record { + struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_*EXECUTE_HANDLER */ + /* Pointer to single pathname. */ + const struct tomoyo_path_info *handler; +}; + +/* + * tomoyo_path_acl is a structure which is used for holding an entry with + * one pathname operation (e.g. open(), unlink()). + * It has following fields. + * + * (1) "head" which is a "struct tomoyo_acl_info". + * (2) "perm" which is a bitmask of permitted operations. + * (3) "name" is the pathname or pathname group. + * + * Directives held by this structure are "allow_read/write", "allow_execute", + * "allow_read", "allow_write", "allow_unlink", "allow_rmdir", + * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_chroot" and + * "allow_unmount". + */ +struct tomoyo_path_acl { + struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */ + u16 perm; + struct tomoyo_name_union name; +}; + +/* Structure for "allow_mkblock" and "allow_mkchar" directive. */ +struct tomoyo_path_number3_acl { + struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER3_ACL */ + u8 perm; + struct tomoyo_name_union name; + struct tomoyo_number_union mode; + struct tomoyo_number_union major; + struct tomoyo_number_union minor; +}; + +/* + * tomoyo_path2_acl is a structure which is used for holding an entry with + * two pathnames operation (i.e. link(), rename(), pivot_root()). + * It has following fields. + * + * (1) "head" which is a "struct tomoyo_acl_info". + * (2) "perm" which is a bitmask of permitted operations. + * (3) "filename1" is the source/old pathname. + * (4) "filename2" is the destination/new pathname. + * + * Directives held by this structure are "allow_rename", "allow_link" and + * "allow_pivot_root". + */ +struct tomoyo_path2_acl { + struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */ + u8 perm; + struct tomoyo_name_union name1; + struct tomoyo_name_union name2; +}; + +/* + * Structure for "allow_create", "allow_mkdir", "allow_mkfifo", "allow_mksock", + * "allow_ioctl", "allow_chmod", "allow_chown" and "allow_chgrp" directive. + */ +struct tomoyo_path_number_acl { + struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER_ACL */ + u8 perm; + struct tomoyo_name_union name; + struct tomoyo_number_union number; +}; + +/* Structure for "allow_env" directive in domain policy. */ +struct tomoyo_env_acl { + struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_ENV_ACL */ + const struct tomoyo_path_info *env; /* environment variable */ +}; + +/* Structure for "allow_capability" directive. */ +struct tomoyo_capability_acl { + struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_CAPABILITY_ACL */ + u8 operation; +}; + +struct tomoyo_ipv6addr_entry { + struct list_head list; + atomic_t users; + struct in6_addr addr; +}; + +/* Structure for "allow_network" directive. */ +struct tomoyo_ip_network_acl { + struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_IP_NETWORK_ACL */ + u16 perm; + /* + * address_type takes one of the following constants. + * TOMOYO_IP_ADDRESS_TYPE_ADDRESS_GROUP + * if address points to "address_group" directive. + * TOMOYO_IP_ADDRESS_TYPE_IPv4 + * if address points to an IPv4 address. + * TOMOYO_IP_ADDRESS_TYPE_IPv6 + * if address points to an IPv6 address. + */ + u8 address_type; + union { + struct { + /* Start of IPv4 address range. Host endian. */ + u32 min; + /* End of IPv4 address range. Host endian. */ + u32 max; + } ipv4; + struct { + /* Start of IPv6 address range. Big endian. */ + const struct in6_addr *min; + /* End of IPv6 address range. Big endian. */ + const struct in6_addr *max; + } ipv6; + /* Pointer to address group. */ + struct tomoyo_address_group *group; + } address; + struct tomoyo_number_union port; +}; + + +/* + * tomoyo_io_buffer is a structure which is used for reading and modifying + * configuration via /sys/kernel/security/tomoyo/ interface. + * It has many fields. ->read_var1 , ->read_var2 , ->write_var1 are used as + * cursors. + * + * Since the content of /sys/kernel/security/tomoyo/domain_policy is a list of + * "struct tomoyo_domain_info" entries and each "struct tomoyo_domain_info" + * entry has a list of "struct tomoyo_acl_info", we need two cursors when + * reading (one is for traversing tomoyo_domain_list and the other is for + * traversing "struct tomoyo_acl_info"->acl_info_list ). + * + * If a line written to /sys/kernel/security/tomoyo/domain_policy starts with + * "select ", TOMOYO seeks the cursor ->read_var1 and ->write_var1 to the + * domain with the domainname specified by the rest of that line (NULL is set + * if seek failed). + * If a line written to /sys/kernel/security/tomoyo/domain_policy starts with + * "delete ", TOMOYO deletes an entry or a domain specified by the rest of that + * line (->write_var1 is set to NULL if a domain was deleted). + * If a line written to /sys/kernel/security/tomoyo/domain_policy starts with + * neither "select " nor "delete ", an entry or a domain specified by that line + * is appended. + */ +struct tomoyo_io_buffer { + void (*read) (struct tomoyo_io_buffer *); + int (*write) (struct tomoyo_io_buffer *); + int (*poll) (struct file *file, poll_table *wait); + /* Exclusive lock for this structure. */ + struct mutex io_sem; + /* Index returned by tomoyo_read_lock(). */ + int reader_idx; + /* The position currently reading from. */ + struct list_head *read_var1; + /* Extra variables for reading. */ + struct list_head *read_var2; + /* The position currently writing to. */ + struct tomoyo_domain_info *write_var1; + /* The step for reading. */ + int read_step; + /* Buffer for reading. */ + char *read_buf; + /* EOF flag for reading. */ + bool read_eof; + /* Read domain ACL of specified PID? */ + bool read_single_domain; + /* Read allow_execute entry only? */ + bool read_execute_only; + /* Extra variable for reading. */ + u8 read_bit; + /* Bytes available for reading. */ + int read_avail; + /* Size of read buffer. */ + int readbuf_size; + /* Buffer for writing. */ + char *write_buf; + /* Bytes available for writing. */ + int write_avail; + /* Size of write buffer. */ + int writebuf_size; + /* Type of this interface. */ + u8 type; +}; + +struct tomoyo_preference { +#ifdef CONFIG_SECURITY_TOMOYO_AUDIT + unsigned int audit_max_grant_log; + unsigned int audit_max_reject_log; +#endif + unsigned int learning_max_entry; + unsigned int enforcing_penalty; + bool audit_task_info; + bool audit_path_info; + bool enforcing_verbose; + bool learning_verbose; + bool learning_exec_realpath; + bool learning_exec_argv0; + bool learning_symlink_target; + bool permissive_verbose; +}; + +/* + * tomoyo_profile is a structure which is used for holding the mode of access + * controls. TOMOYO has 4 modes: disabled, learning, permissive, enforcing. + * An administrator can define up to 256 profiles. + * The ->profile of "struct tomoyo_domain_info" is used for remembering + * the profile's number (0 - 255) assigned to that domain. + * + * audit/learning/permissive/enforcing point to either self->preference or + * tomoyo_default_profile->preference. + */ +struct tomoyo_profile { + const struct tomoyo_path_info *comment; + struct tomoyo_preference *audit; + struct tomoyo_preference *learning; + struct tomoyo_preference *permissive; + struct tomoyo_preference *enforcing; + struct tomoyo_preference preference; + u8 default_config; + u8 config[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_CAPABILITY_INDEX + + TOMOYO_MAX_MAC_CATEGORY_INDEX]; +}; + +/* Prototype definition. */ + +bool tomoyo_address_matches_group(const bool is_ipv6, const u32 *address, + const struct tomoyo_address_group *group); +bool tomoyo_commit_ok(void *ptr, void *data, const unsigned int size); +bool tomoyo_compare_name_union(const struct tomoyo_path_info *name, + const struct tomoyo_name_union *ptr); +bool tomoyo_compare_number_union(const unsigned long value, + const struct tomoyo_number_union *ptr); +bool tomoyo_condition(struct tomoyo_request_info *r, + const struct tomoyo_acl_info *acl); +bool tomoyo_domain_quota_ok(struct tomoyo_request_info *r); +bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos, + struct tomoyo_page_dump *dump); +bool tomoyo_get_audit(const u8 profile, const u8 index, const bool is_granted); +bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) + __attribute__ ((format(printf, 2, 3))); +bool tomoyo_is_correct_domain(const unsigned char *domainname); +bool tomoyo_is_correct_path(const char *filename, const s8 start_type, + const s8 pattern_type, const s8 end_type); +bool tomoyo_is_domain_def(const unsigned char *buffer); +bool tomoyo_memory_ok(const void *ptr, const unsigned int size); +bool tomoyo_number_matches_group(const unsigned long min, + const unsigned long max, + const struct tomoyo_number_group *group); +bool tomoyo_parse_name_union(const char *filename, + struct tomoyo_name_union *ptr); +bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num); +bool tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, + const struct tomoyo_path_group *group, + const bool may_use_pattern); +bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, + const struct tomoyo_path_info *pattern); +bool tomoyo_print_number_union(struct tomoyo_io_buffer *head, + const struct tomoyo_number_union *ptr); +bool tomoyo_read_address_group_policy(struct tomoyo_io_buffer *head); +bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head); +bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head); +bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head); +bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head); +bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head); +bool tomoyo_read_globally_usable_env_policy(struct tomoyo_io_buffer *head); +bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head); +bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head); +bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head); +bool tomoyo_str_starts(char **src, const char *find); +bool tomoyo_tokenize(char *buffer, char *w[], size_t size); +char *tomoyo_encode(const char *str); +char *tomoyo_init_audit_log(int *len, struct tomoyo_request_info *r); +char *tomoyo_realpath_from_path(struct path *path); +const char *tomoyo_cap2keyword(const u8 operation); +const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename); +const char *tomoyo_get_exe(void); +const char *tomoyo_last_word(const char *name); +const char *tomoyo_net2keyword(const u8 operation); +const char *tomoyo_path22keyword(const u8 operation); +const char *tomoyo_path2keyword(const u8 operation); +const char *tomoyo_path_number2keyword(const u8 operation); +const char *tomoyo_path_number32keyword(const u8 operation); +const struct tomoyo_path_info *tomoyo_get_name(const char *name); +const struct in6_addr *tomoyo_get_ipv6_address(const struct in6_addr *addr); +int tomoyo_close_control(struct file *file); +int tomoyo_delete_domain(char *data); +int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env); +int tomoyo_exec_perm(struct tomoyo_request_info *r, + const struct tomoyo_path_info *filename); +int tomoyo_get_mode(const u8 profile, const u8 index); +int tomoyo_get_path(const char *pathname, struct path *path); +int tomoyo_init_request_info(struct tomoyo_request_info *r, + struct tomoyo_domain_info *domain, + const u8 index); +int tomoyo_open_control(const u8 type, struct file *file); +int tomoyo_parse_ip_address(char *address, u16 *min, u16 *max); +int tomoyo_poll_control(struct file *file, poll_table *wait); +int tomoyo_poll_grant_log(struct file *file, poll_table *wait); +int tomoyo_poll_reject_log(struct file *file, poll_table *wait); +int tomoyo_read_control(struct file *file, char __user *buffer, + const int buffer_len); +int tomoyo_read_lock(void) __acquires(tomoyo_ss); +int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) + __attribute__ ((format(printf, 2, 3))); +int tomoyo_symlink_path(const char *pathname, struct tomoyo_path_info *name); +int tomoyo_write_address_group_policy(char *data, const bool is_delete); +int tomoyo_write_aggregator_policy(char *data, const bool is_delete); +int tomoyo_write_audit_log(const bool is_granted, + struct tomoyo_request_info *r, + const char *fmt, ...) + __attribute__ ((format(printf, 3, 4))); +int tomoyo_write_capability_policy(char *data, + struct tomoyo_domain_info *domain, + struct tomoyo_condition *condition, + const bool is_delete); +int tomoyo_write_control(struct file *file, const char __user *buffer, + const int buffer_len); +int tomoyo_write_domain_initializer_policy(char *data, const bool is_not, + const bool is_delete); +int tomoyo_write_domain_keeper_policy(char *data, const bool is_not, + const bool is_delete); +int tomoyo_write_env_policy(char *data, struct tomoyo_domain_info *domain, + struct tomoyo_condition *condition, + const bool is_delete); +int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain, + struct tomoyo_condition *condition, + const bool is_delete); +int tomoyo_write_globally_readable_policy(char *data, const bool is_delete); +int tomoyo_write_globally_usable_env_policy(char *data, const bool is_delete); +int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head); +int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain, + struct tomoyo_condition *condition, + const bool is_delete); +int tomoyo_write_network_policy(char *data, struct tomoyo_domain_info *domain, + struct tomoyo_condition *condition, + const bool is_delete); +int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete); +int tomoyo_write_number_group_policy(char *data, const bool is_delete); +int tomoyo_write_path_group_policy(char *data, const bool is_delete); +int tomoyo_write_pattern_policy(char *data, const bool is_delete); +struct tomoyo_address_group *tomoyo_get_address_group(const char *group_name); +struct tomoyo_condition *tomoyo_get_condition(char * const condition); +struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); +struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain +(const char *domainname, const u8 profile); +struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name); +struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name); +struct tomoyo_profile *tomoyo_profile(const u8 profile); +u8 tomoyo_parse_ulong(unsigned long *result, char **str); +void tomoyo_check_profile(void); +void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); +void tomoyo_get_attributes(struct tomoyo_obj_info *obj); +void tomoyo_load_policy(const char *filename); +void tomoyo_memory_free(const void *ptr, size_t size); +void tomoyo_normalize_line(unsigned char *buffer); +void tomoyo_print_ipv6(char *buffer, const int buffer_len, + const struct in6_addr *ip); +void tomoyo_print_ulong(char *buffer, const int buffer_len, + const unsigned long value, const u8 type); +void tomoyo_put_address_group(struct tomoyo_address_group *group); +void tomoyo_put_condition(struct tomoyo_condition *cond); +void tomoyo_put_ipv6_address(const struct in6_addr *addr); +void tomoyo_put_name(const struct tomoyo_path_info *name); +void tomoyo_put_name_union(struct tomoyo_name_union *ptr); +void tomoyo_put_number_group(struct tomoyo_number_group *group); +void tomoyo_put_number_union(struct tomoyo_number_union *ptr); +void tomoyo_put_path_group(struct tomoyo_path_group *group); +void tomoyo_read_grant_log(struct tomoyo_io_buffer *head); +void tomoyo_read_memory_counter(struct tomoyo_io_buffer *head); +void tomoyo_read_reject_log(struct tomoyo_io_buffer *head); +void tomoyo_read_unlock(const int idx) __releases(tomoyo_ss); +void tomoyo_run_gc(void); +void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...) + __attribute__ ((format(printf, 2, 3))); +void tomoyo_warn_oom(const char *function); +int tomoyo_start_execve(struct linux_binprm *bprm); +void tomoyo_finish_execve(struct tomoyo_execve_entry *ee, const bool rollback); +int tomoyo_file_perm(struct tomoyo_request_info *r, + const struct tomoyo_path_info *filename, const u8 mode); +int tomoyo_chroot_permission(struct path *path); +int tomoyo_mount_permission(char *dev_name, struct path *dir, char *type, + const unsigned long flags); +int tomoyo_pivot_root_permission(struct path *old_path, struct path *new_path); +int tomoyo_umount_permission(struct vfsmount *mnt); +int tomoyo_open_permission(struct dentry *dentry, struct vfsmount *mnt, + const int flag); +int tomoyo_rewrite_permission(struct file *filp); +int tomoyo_ioctl_permission(struct file *filp, unsigned int cmd, + unsigned long arg); +_Bool tomoyo_capable(const u8 operation); +int tomoyo_mknod_permission(struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, unsigned int mode, + unsigned int dev); +int tomoyo_mkdir_permission(struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, unsigned int mode); +int tomoyo_rmdir_permission(struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt); +int tomoyo_unlink_permission(struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt); +int tomoyo_symlink_permission(struct inode *dir, struct dentry *dentry, + struct vfsmount *mnt, const char *from); +int tomoyo_truncate_permission(struct dentry *dentry, struct vfsmount *mnt, + loff_t length, unsigned int time_attrs); +int tomoyo_rename_permission(struct inode *old_dir, struct dentry *old_dentry, + struct inode *new_dir, struct dentry *new_dentry, + struct vfsmount *mnt); +int tomoyo_link_permission(struct dentry *old_dentry, struct inode *new_dir, + struct dentry *new_dentry, struct vfsmount *mnt); +int tomoyo_socket_create_permission(int family, int type, int protocol); +int tomoyo_socket_listen_permission(struct socket *sock); +int tomoyo_socket_connect_permission(struct socket *sock, + struct sockaddr *addr, int addr_len); +int tomoyo_socket_bind_permission(struct socket *sock, struct sockaddr *addr, + int addr_len); +int tomoyo_socket_accept_permission(struct socket *sock); +int tomoyo_socket_sendmsg_permission(struct socket *sock, struct msghdr *msg); +int tomoyo_chown_permission(struct dentry *dentry, struct vfsmount *mnt, + uid_t user, gid_t group); +int tomoyo_chmod_permission(struct dentry *dentry, struct vfsmount *mnt, + mode_t mode); + +/* strcmp() for "struct tomoyo_path_info" structure. */ +static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, + const struct tomoyo_path_info *b) +{ + return a->hash != b->hash || strcmp(a->name, b->name); +} + +static inline int tomoyo_memcmp(void *a, void *b, const u8 offset, + const u8 size) +{ + return memcmp(((char *) a) + offset, ((char *) b) + offset, + size - offset); +} + +extern struct mutex tomoyo_policy_lock; +extern struct list_head tomoyo_domain_list; +extern struct list_head tomoyo_address_group_list; +extern struct list_head tomoyo_globally_readable_list; +extern struct list_head tomoyo_path_group_list; +extern struct list_head tomoyo_number_group_list; +extern struct list_head tomoyo_pattern_list; +extern struct list_head tomoyo_no_rewrite_list; +extern struct list_head tomoyo_globally_usable_env_list; +extern struct list_head tomoyo_domain_initializer_list; +extern struct list_head tomoyo_domain_keeper_list; +extern struct list_head tomoyo_aggregator_list; +extern struct list_head tomoyo_policy_manager_list; +extern __initdata bool tomoyo_registered; +extern bool tomoyo_policy_loaded; +extern struct tomoyo_domain_info tomoyo_kernel_domain; +extern const char *tomoyo_condition_keyword[TOMOYO_MAX_CONDITION_KEYWORD]; +extern unsigned int tomoyo_audit_log_memory_size; +extern unsigned int tomoyo_quota_for_audit_log; +extern unsigned int tomoyo_query_memory_size; +extern unsigned int tomoyo_quota_for_query; + +static inline struct tomoyo_domain_info *tomoyo_task_domain(struct task_struct + *task) +{ + return task->tomoyo_domain_info ? + task->tomoyo_domain_info : &tomoyo_kernel_domain; +} + +static inline struct tomoyo_domain_info *tomoyo_current_domain(void) +{ + struct task_struct *task = current; + if (!task->tomoyo_domain_info) + task->tomoyo_domain_info = &tomoyo_kernel_domain; + return task->tomoyo_domain_info; +} + +static inline void tomoyo_add_domain_acl(struct tomoyo_domain_info *domain, + struct tomoyo_acl_info *acl) +{ + if (acl->cond) + atomic_inc(&acl->cond->users); + list_add_tail_rcu(&acl->list, &domain->acl_info_list); +} + +#if defined(CONFIG_SLOB) +static inline int tomoyo_round2(size_t size) +{ + return size; +} +#else +static inline int tomoyo_round2(size_t size) +{ +#if PAGE_SIZE == 4096 + size_t bsize = 32; +#else + size_t bsize = 64; +#endif + if (!size) + return 0; + while (size > bsize) + bsize <<= 1; + return bsize; +} +#endif + +#if defined(__LITTLE_ENDIAN) +#define HIPQUAD(addr) \ + ((unsigned char *)&addr)[3], \ + ((unsigned char *)&addr)[2], \ + ((unsigned char *)&addr)[1], \ + ((unsigned char *)&addr)[0] +#elif defined(__BIG_ENDIAN) +#define HIPQUAD NIPQUAD +#else +#error "Please fix asm/byteorder.h" +#endif /* __LITTLE_ENDIAN */ + +#endif -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/