This patch contains code for policy loader. By default, TOMOYO checks for /sbin/tomoyo-init and run it when /sbin/init (or /sbin/tomoyo-start) is requested. But it is configurable via kernel commandline parameter. /sbin/tomoyo-start is a dummy name for environments where /sbin/init is missing (e.g. Android). Signed-off-by: Tetsuo Handa --- security/tomoyo/load_policy.c | 97 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) --- /dev/null +++ security-testing-2.6/security/tomoyo/load_policy.c @@ -0,0 +1,97 @@ +/* + * security/tomoyo/load_policy.c + * + * Copyright (C) 2005-2009 NTT DATA CORPORATION + */ +#include "internal.h" +#include +#include +#include + +/* Path to the policy loader. The default is /sbin/tomoyo-init. */ +static const char *tomoyo_loader; + +/** + * tomoyo_loader_setup - Specify the policy loader to use. + * + * @str: Path to the policy loader. + * + * Returns 0. + */ +static int __init tomoyo_loader_setup(char *str) +{ + tomoyo_loader = str; + return 0; +} +__setup("TOMOYO_loader=", tomoyo_loader_setup); + +/** + * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists. + * + * Returns true if /sbin/tomoyo-init exists, false otherwise. + */ +static bool tomoyo_policy_loader_exists(void) +{ + /* + * Don't activate MAC if the path given by 'TOMOYO_loader=' option + * doesn't exist. If the initrd includes /sbin/init but real-root-dev + * has not mounted on / yet, activating MAC will block the system since + * policies are not loaded yet. + * Thus, let do_execve() call this function everytime. + */ + struct path path; + if (!tomoyo_loader) + tomoyo_loader = "/sbin/tomoyo-init"; + if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) { + printk(KERN_INFO "Not activating Mandatory Access Control now " + "since %s doesn't exist.\n", tomoyo_loader); + return false; + } + path_put(&path); + return true; +} + +/** + * tomoyo_load_policy - Run external policy loader to load policy. + * + * @filename: The program about to start. + * + * This function checks whether @filename is /sbin/init , and if so + * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init + * and then continues invocation of /sbin/init. + * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and + * writes to /sys/kernel/security/tomoyo/ interfaces. + * + * Returns nothing. + */ +void tomoyo_load_policy(const char *filename) +{ + if (tomoyo_policy_loaded) + return; + /* + * Check filename is /sbin/init or /sbin/tomoyo-start. + * /sbin/tomoyo-start is a dummy filename in case where /sbin/init + * can't be passed. You can create /sbin/tomoyo-start by + * "ln -s /bin/true /sbin/tomoyo-start". + */ + if (strcmp(filename, "/sbin/init") && + strcmp(filename, "/sbin/tomoyo-start")) + return; + if (!tomoyo_policy_loader_exists()) + return; + { + char *argv[2]; + char *envp[3]; + printk(KERN_INFO "Calling %s to load policy. Please wait.\n", + tomoyo_loader); + argv[0] = (char *) tomoyo_loader; + argv[1] = NULL; + envp[0] = "HOME=/"; + envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; + envp[2] = NULL; + call_usermodehelper(argv[0], argv, envp, 1); + } + printk(KERN_INFO "TOMOYO: 2.3.0-pre 2009/10/01\n"); + printk(KERN_INFO "Mandatory Access Control activated.\n"); + tomoyo_check_profile(); +} -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/