^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * security/tomoyo/load_policy.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Copyright (C) 2005-2011 NTT DATA CORPORATION
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #include "common.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) * Path to the policy loader. (default = CONFIG_SECURITY_TOMOYO_POLICY_LOADER)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) static const char *tomoyo_loader;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) * tomoyo_loader_setup - Set policy loader.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) * @str: Program to use as a policy loader (e.g. /sbin/tomoyo-init ).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) * Returns 0.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) static int __init tomoyo_loader_setup(char *str)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) tomoyo_loader = str;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) __setup("TOMOYO_loader=", tomoyo_loader_setup);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) * Returns true if /sbin/tomoyo-init exists, false otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) static bool tomoyo_policy_loader_exists(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) struct path path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) if (!tomoyo_loader)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) pr_info("Not activating Mandatory Access Control as %s does not exist.\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) tomoyo_loader);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) path_put(&path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) return true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) * Path to the trigger. (default = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) static const char *tomoyo_trigger;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) * tomoyo_trigger_setup - Set trigger for activation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) * @str: Program to use as an activation trigger (e.g. /sbin/init ).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) * Returns 0.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) static int __init tomoyo_trigger_setup(char *str)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) tomoyo_trigger = str;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) __setup("TOMOYO_trigger=", tomoyo_trigger_setup);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) * tomoyo_load_policy - Run external policy loader to load policy.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) * @filename: The program about to start.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) * This function checks whether @filename is /sbin/init , and if so
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) * and then continues invocation of /sbin/init.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) * writes to /sys/kernel/security/tomoyo/ interfaces.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) * Returns nothing.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) void tomoyo_load_policy(const char *filename)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) static bool done;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) char *argv[2];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) char *envp[3];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) if (tomoyo_policy_loaded || done)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) if (!tomoyo_trigger)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) tomoyo_trigger = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) if (strcmp(filename, tomoyo_trigger))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) if (!tomoyo_policy_loader_exists())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) done = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) pr_info("Calling %s to load policy. Please wait.\n", tomoyo_loader);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) argv[0] = (char *) tomoyo_loader;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) argv[1] = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) envp[0] = "HOME=/";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) envp[2] = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) tomoyo_check_profile();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) #endif
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags