Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/tomoyo/securityfs_if.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * security/tomoyo/securityfs_if.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright (C) 2005-2011  NTT DATA CORPORATION
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) #include <linux/security.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) #include "common.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12)  * tomoyo_check_task_acl - Check permission for task operation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14)  * @r:   Pointer to "struct tomoyo_request_info".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15)  * @ptr: Pointer to "struct tomoyo_acl_info".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17)  * Returns true if granted, false otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) static bool tomoyo_check_task_acl(struct tomoyo_request_info *r,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 				  const struct tomoyo_acl_info *ptr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 	const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 							 head);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 	return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29)  * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31)  * @file:  Pointer to "struct file".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32)  * @buf:   Domainname to transit to.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33)  * @count: Size of @buf.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34)  * @ppos:  Unused.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36)  * Returns @count on success, negative value otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38)  * If domain transition was permitted but the domain transition failed, this
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39)  * function returns error rather than terminating current thread with SIGKILL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 			      size_t count, loff_t *ppos)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	char *data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 	int error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 	if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 	data = memdup_user_nul(buf, count);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 	if (IS_ERR(data))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 		return PTR_ERR(data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	tomoyo_normalize_line(data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 	if (tomoyo_correct_domain(data)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 		const int idx = tomoyo_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 		struct tomoyo_path_info name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 		struct tomoyo_request_info r;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 		name.name = data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 		tomoyo_fill_path_info(&name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 		/* Check "task manual_domain_transition" permission. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 		tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 		r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 		r.param.task.domainname = &name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 		tomoyo_check_acl(&r, tomoyo_check_task_acl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 		if (!r.granted)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 			error = -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 		else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 			struct tomoyo_domain_info *new_domain =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 				tomoyo_assign_domain(data, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 			if (!new_domain) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 				error = -ENOENT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 			} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 				struct tomoyo_task *s = tomoyo_task(current);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 				struct tomoyo_domain_info *old_domain =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 					s->domain_info;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 				s->domain_info = new_domain;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 				atomic_inc(&new_domain->users);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 				atomic_dec(&old_domain->users);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 				error = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 			}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 		tomoyo_read_unlock(idx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 	} else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 		error = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	kfree(data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	return error ? error : count;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91)  * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93)  * @file:  Pointer to "struct file".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94)  * @buf:   Domainname which current thread belongs to.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95)  * @count: Size of @buf.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96)  * @ppos:  Bytes read by now.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98)  * Returns read size on success, negative value otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) static ssize_t tomoyo_read_self(struct file *file, char __user *buf,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 				size_t count, loff_t *ppos)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	const char *domain = tomoyo_domain()->domainname->name;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	loff_t len = strlen(domain);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 	loff_t pos = *ppos;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 	if (pos >= len || !count)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 	len -= pos;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	if (count < len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 		len = count;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	if (copy_to_user(buf, domain + pos, len))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 		return -EFAULT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 	*ppos += len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 	return len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) /* Operations for /sys/kernel/security/tomoyo/self_domain interface. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) static const struct file_operations tomoyo_self_operations = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 	.write = tomoyo_write_self,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	.read  = tomoyo_read_self,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125)  * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127)  * @inode: Pointer to "struct inode".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128)  * @file:  Pointer to "struct file".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130)  * Returns 0 on success, negative value otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) static int tomoyo_open(struct inode *inode, struct file *file)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 	const int key = ((u8 *) file_inode(file)->i_private)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 		- ((u8 *) NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 	return tomoyo_open_control(key, file);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140)  * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142)  * @file:  Pointer to "struct file".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) static int tomoyo_release(struct inode *inode, struct file *file)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 	tomoyo_close_control(file->private_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)  * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154)  * @file: Pointer to "struct file".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155)  * @wait: Pointer to "poll_table". Maybe NULL.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157)  * Returns EPOLLIN | EPOLLRDNORM | EPOLLOUT | EPOLLWRNORM if ready to read/write,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158)  * EPOLLOUT | EPOLLWRNORM otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) static __poll_t tomoyo_poll(struct file *file, poll_table *wait)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 	return tomoyo_poll_control(file, wait);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166)  * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168)  * @file:  Pointer to "struct file".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169)  * @buf:   Pointer to buffer.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170)  * @count: Size of @buf.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171)  * @ppos:  Unused.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173)  * Returns bytes read on success, negative value otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 			   loff_t *ppos)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 	return tomoyo_read_control(file->private_data, buf, count);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182)  * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184)  * @file:  Pointer to "struct file".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185)  * @buf:   Pointer to buffer.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)  * @count: Size of @buf.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187)  * @ppos:  Unused.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189)  * Returns @count on success, negative value otherwise.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) static ssize_t tomoyo_write(struct file *file, const char __user *buf,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 			    size_t count, loff_t *ppos)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 	return tomoyo_write_control(file->private_data, buf, count);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198)  * tomoyo_operations is a "struct file_operations" which is used for handling
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199)  * /sys/kernel/security/tomoyo/ interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201)  * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202)  * See tomoyo_io_buffer for internals.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) static const struct file_operations tomoyo_operations = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 	.open    = tomoyo_open,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 	.release = tomoyo_release,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 	.poll    = tomoyo_poll,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	.read    = tomoyo_read,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 	.write   = tomoyo_write,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 	.llseek  = noop_llseek,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214)  * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216)  * @name:   The name of the interface file.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217)  * @mode:   The permission of the interface file.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218)  * @parent: The parent directory.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)  * @key:    Type of interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221)  * Returns nothing.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) static void __init tomoyo_create_entry(const char *name, const umode_t mode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 				       struct dentry *parent, const u8 key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 	securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 			       &tomoyo_operations);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231)  * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233)  * Returns 0.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) static int __init tomoyo_initerface_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	struct tomoyo_domain_info *domain;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 	struct dentry *tomoyo_dir;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) 	if (!tomoyo_enabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) 	domain = tomoyo_domain();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) 	/* Don't create securityfs entries unless registered. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) 	if (domain != &tomoyo_kernel_domain)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) 	tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 	tomoyo_create_entry("query",            0600, tomoyo_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 			    TOMOYO_QUERY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 	tomoyo_create_entry("domain_policy",    0600, tomoyo_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 			    TOMOYO_DOMAINPOLICY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 	tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 			    TOMOYO_EXCEPTIONPOLICY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 	tomoyo_create_entry("audit",            0400, tomoyo_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 			    TOMOYO_AUDIT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 	tomoyo_create_entry(".process_status",  0600, tomoyo_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 			    TOMOYO_PROCESS_STATUS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 	tomoyo_create_entry("stat",             0644, tomoyo_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 			    TOMOYO_STAT);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 	tomoyo_create_entry("profile",          0600, tomoyo_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 			    TOMOYO_PROFILE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 	tomoyo_create_entry("manager",          0600, tomoyo_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 			    TOMOYO_MANAGER);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 	tomoyo_create_entry("version",          0400, tomoyo_dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 			    TOMOYO_VERSION);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 	securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 			       &tomoyo_self_operations);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 	tomoyo_load_builtin_policy();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) fs_initcall(tomoyo_initerface_init);
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.