Commit | Line | Data |
---|---|---|
b2441318 | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
9590837b KT |
2 | /* |
3 | * security/tomoyo/common.h | |
4 | * | |
76bb0895 | 5 | * Header file for TOMOYO. |
9590837b | 6 | * |
843d183c | 7 | * Copyright (C) 2005-2011 NTT DATA CORPORATION |
9590837b KT |
8 | */ |
9 | ||
10 | #ifndef _SECURITY_TOMOYO_COMMON_H | |
11 | #define _SECURITY_TOMOYO_COMMON_H | |
12 | ||
13 | #include <linux/ctype.h> | |
14 | #include <linux/string.h> | |
15 | #include <linux/mm.h> | |
16 | #include <linux/file.h> | |
17 | #include <linux/kmod.h> | |
18 | #include <linux/fs.h> | |
19 | #include <linux/sched.h> | |
20 | #include <linux/namei.h> | |
21 | #include <linux/mount.h> | |
22 | #include <linux/list.h> | |
76bb0895 | 23 | #include <linux/cred.h> |
17fcfbd9 | 24 | #include <linux/poll.h> |
2066a361 TH |
25 | #include <linux/binfmts.h> |
26 | #include <linux/highmem.h> | |
059d84db TH |
27 | #include <linux/net.h> |
28 | #include <linux/inet.h> | |
29 | #include <linux/in.h> | |
30 | #include <linux/in6.h> | |
31 | #include <linux/un.h> | |
32 | #include <net/sock.h> | |
33 | #include <net/af_unix.h> | |
34 | #include <net/ip.h> | |
35 | #include <net/ipv6.h> | |
36 | #include <net/udp.h> | |
76bb0895 TH |
37 | |
38 | /********** Constants definitions. **********/ | |
39 | ||
40 | /* | |
41 | * TOMOYO uses this hash only when appending a string into the string | |
42 | * table. Frequency of appending strings is very low. So we don't need | |
43 | * large (e.g. 64k) hash size. 256 will be sufficient. | |
44 | */ | |
45 | #define TOMOYO_HASH_BITS 8 | |
46 | #define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS) | |
47 | ||
059d84db TH |
48 | /* |
49 | * TOMOYO checks only SOCK_STREAM, SOCK_DGRAM, SOCK_RAW, SOCK_SEQPACKET. | |
50 | * Therefore, we don't need SOCK_MAX. | |
51 | */ | |
52 | #define TOMOYO_SOCK_MAX 6 | |
53 | ||
c8c57e84 | 54 | #define TOMOYO_EXEC_TMPSIZE 4096 |
76bb0895 | 55 | |
f9732ea1 TH |
56 | /* Garbage collector is trying to kfree() this element. */ |
57 | #define TOMOYO_GC_IN_PROGRESS -1 | |
58 | ||
76bb0895 TH |
59 | /* Profile number is an integer between 0 and 255. */ |
60 | #define TOMOYO_MAX_PROFILES 256 | |
61 | ||
32997144 TH |
62 | /* Group number is an integer between 0 and 255. */ |
63 | #define TOMOYO_MAX_ACL_GROUPS 256 | |
64 | ||
2066a361 TH |
65 | /* Index numbers for "struct tomoyo_condition". */ |
66 | enum tomoyo_conditions_index { | |
67 | TOMOYO_TASK_UID, /* current_uid() */ | |
68 | TOMOYO_TASK_EUID, /* current_euid() */ | |
69 | TOMOYO_TASK_SUID, /* current_suid() */ | |
70 | TOMOYO_TASK_FSUID, /* current_fsuid() */ | |
71 | TOMOYO_TASK_GID, /* current_gid() */ | |
72 | TOMOYO_TASK_EGID, /* current_egid() */ | |
73 | TOMOYO_TASK_SGID, /* current_sgid() */ | |
74 | TOMOYO_TASK_FSGID, /* current_fsgid() */ | |
75 | TOMOYO_TASK_PID, /* sys_getpid() */ | |
76 | TOMOYO_TASK_PPID, /* sys_getppid() */ | |
5b636857 TH |
77 | TOMOYO_EXEC_ARGC, /* "struct linux_binprm *"->argc */ |
78 | TOMOYO_EXEC_ENVC, /* "struct linux_binprm *"->envc */ | |
8761afd4 TH |
79 | TOMOYO_TYPE_IS_SOCKET, /* S_IFSOCK */ |
80 | TOMOYO_TYPE_IS_SYMLINK, /* S_IFLNK */ | |
81 | TOMOYO_TYPE_IS_FILE, /* S_IFREG */ | |
82 | TOMOYO_TYPE_IS_BLOCK_DEV, /* S_IFBLK */ | |
83 | TOMOYO_TYPE_IS_DIRECTORY, /* S_IFDIR */ | |
84 | TOMOYO_TYPE_IS_CHAR_DEV, /* S_IFCHR */ | |
85 | TOMOYO_TYPE_IS_FIFO, /* S_IFIFO */ | |
86 | TOMOYO_MODE_SETUID, /* S_ISUID */ | |
87 | TOMOYO_MODE_SETGID, /* S_ISGID */ | |
88 | TOMOYO_MODE_STICKY, /* S_ISVTX */ | |
89 | TOMOYO_MODE_OWNER_READ, /* S_IRUSR */ | |
90 | TOMOYO_MODE_OWNER_WRITE, /* S_IWUSR */ | |
91 | TOMOYO_MODE_OWNER_EXECUTE, /* S_IXUSR */ | |
92 | TOMOYO_MODE_GROUP_READ, /* S_IRGRP */ | |
93 | TOMOYO_MODE_GROUP_WRITE, /* S_IWGRP */ | |
94 | TOMOYO_MODE_GROUP_EXECUTE, /* S_IXGRP */ | |
95 | TOMOYO_MODE_OTHERS_READ, /* S_IROTH */ | |
96 | TOMOYO_MODE_OTHERS_WRITE, /* S_IWOTH */ | |
97 | TOMOYO_MODE_OTHERS_EXECUTE, /* S_IXOTH */ | |
2ca9bf45 TH |
98 | TOMOYO_EXEC_REALPATH, |
99 | TOMOYO_SYMLINK_TARGET, | |
8761afd4 TH |
100 | TOMOYO_PATH1_UID, |
101 | TOMOYO_PATH1_GID, | |
102 | TOMOYO_PATH1_INO, | |
103 | TOMOYO_PATH1_MAJOR, | |
104 | TOMOYO_PATH1_MINOR, | |
105 | TOMOYO_PATH1_PERM, | |
106 | TOMOYO_PATH1_TYPE, | |
107 | TOMOYO_PATH1_DEV_MAJOR, | |
108 | TOMOYO_PATH1_DEV_MINOR, | |
109 | TOMOYO_PATH2_UID, | |
110 | TOMOYO_PATH2_GID, | |
111 | TOMOYO_PATH2_INO, | |
112 | TOMOYO_PATH2_MAJOR, | |
113 | TOMOYO_PATH2_MINOR, | |
114 | TOMOYO_PATH2_PERM, | |
115 | TOMOYO_PATH2_TYPE, | |
116 | TOMOYO_PATH2_DEV_MAJOR, | |
117 | TOMOYO_PATH2_DEV_MINOR, | |
118 | TOMOYO_PATH1_PARENT_UID, | |
119 | TOMOYO_PATH1_PARENT_GID, | |
120 | TOMOYO_PATH1_PARENT_INO, | |
121 | TOMOYO_PATH1_PARENT_PERM, | |
122 | TOMOYO_PATH2_PARENT_UID, | |
123 | TOMOYO_PATH2_PARENT_GID, | |
124 | TOMOYO_PATH2_PARENT_INO, | |
125 | TOMOYO_PATH2_PARENT_PERM, | |
2066a361 TH |
126 | TOMOYO_MAX_CONDITION_KEYWORD, |
127 | TOMOYO_NUMBER_UNION, | |
2ca9bf45 | 128 | TOMOYO_NAME_UNION, |
5b636857 TH |
129 | TOMOYO_ARGV_ENTRY, |
130 | TOMOYO_ENVP_ENTRY, | |
2066a361 TH |
131 | }; |
132 | ||
8761afd4 TH |
133 | |
134 | /* Index numbers for stat(). */ | |
135 | enum tomoyo_path_stat_index { | |
136 | /* Do not change this order. */ | |
137 | TOMOYO_PATH1, | |
138 | TOMOYO_PATH1_PARENT, | |
139 | TOMOYO_PATH2, | |
140 | TOMOYO_PATH2_PARENT, | |
141 | TOMOYO_MAX_PATH_STAT | |
142 | }; | |
143 | ||
b5bc60b4 | 144 | /* Index numbers for operation mode. */ |
cb0abe6a TH |
145 | enum tomoyo_mode_index { |
146 | TOMOYO_CONFIG_DISABLED, | |
147 | TOMOYO_CONFIG_LEARNING, | |
148 | TOMOYO_CONFIG_PERMISSIVE, | |
57c2590f | 149 | TOMOYO_CONFIG_ENFORCING, |
eadd99cc TH |
150 | TOMOYO_CONFIG_MAX_MODE, |
151 | TOMOYO_CONFIG_WANT_REJECT_LOG = 64, | |
152 | TOMOYO_CONFIG_WANT_GRANT_LOG = 128, | |
153 | TOMOYO_CONFIG_USE_DEFAULT = 255, | |
cb0abe6a TH |
154 | }; |
155 | ||
b5bc60b4 | 156 | /* Index numbers for entry type. */ |
a230f9e7 TH |
157 | enum tomoyo_policy_id { |
158 | TOMOYO_ID_GROUP, | |
059d84db | 159 | TOMOYO_ID_ADDRESS_GROUP, |
a230f9e7 TH |
160 | TOMOYO_ID_PATH_GROUP, |
161 | TOMOYO_ID_NUMBER_GROUP, | |
5448ec4f | 162 | TOMOYO_ID_TRANSITION_CONTROL, |
a230f9e7 | 163 | TOMOYO_ID_AGGREGATOR, |
a230f9e7 | 164 | TOMOYO_ID_MANAGER, |
2066a361 | 165 | TOMOYO_ID_CONDITION, |
a230f9e7 TH |
166 | TOMOYO_ID_NAME, |
167 | TOMOYO_ID_ACL, | |
168 | TOMOYO_ID_DOMAIN, | |
169 | TOMOYO_MAX_POLICY | |
170 | }; | |
171 | ||
2c47ab93 TH |
172 | /* Index numbers for domain's attributes. */ |
173 | enum tomoyo_domain_info_flags_index { | |
174 | /* Quota warnning flag. */ | |
175 | TOMOYO_DIF_QUOTA_WARNED, | |
176 | /* | |
177 | * This domain was unable to create a new domain at | |
178 | * tomoyo_find_next_domain() because the name of the domain to be | |
179 | * created was too long or it could not allocate memory. | |
180 | * More than one process continued execve() without domain transition. | |
181 | */ | |
182 | TOMOYO_DIF_TRANSITION_FAILED, | |
183 | TOMOYO_MAX_DOMAIN_INFO_FLAGS | |
184 | }; | |
185 | ||
1f067a68 TH |
186 | /* Index numbers for audit type. */ |
187 | enum tomoyo_grant_log { | |
188 | /* Follow profile's configuration. */ | |
189 | TOMOYO_GRANTLOG_AUTO, | |
190 | /* Do not generate grant log. */ | |
191 | TOMOYO_GRANTLOG_NO, | |
192 | /* Generate grant_log. */ | |
193 | TOMOYO_GRANTLOG_YES, | |
194 | }; | |
195 | ||
b5bc60b4 | 196 | /* Index numbers for group entries. */ |
a230f9e7 TH |
197 | enum tomoyo_group_id { |
198 | TOMOYO_PATH_GROUP, | |
199 | TOMOYO_NUMBER_GROUP, | |
059d84db | 200 | TOMOYO_ADDRESS_GROUP, |
a230f9e7 TH |
201 | TOMOYO_MAX_GROUP |
202 | }; | |
203 | ||
b5bc60b4 TH |
204 | /* Index numbers for type of numeric values. */ |
205 | enum tomoyo_value_type { | |
206 | TOMOYO_VALUE_TYPE_INVALID, | |
207 | TOMOYO_VALUE_TYPE_DECIMAL, | |
208 | TOMOYO_VALUE_TYPE_OCTAL, | |
209 | TOMOYO_VALUE_TYPE_HEXADECIMAL, | |
210 | }; | |
4c3e9e2d | 211 | |
b5bc60b4 | 212 | /* Index numbers for domain transition control keywords. */ |
5448ec4f TH |
213 | enum tomoyo_transition_type { |
214 | /* Do not change this order, */ | |
bd03a3e4 TH |
215 | TOMOYO_TRANSITION_CONTROL_NO_RESET, |
216 | TOMOYO_TRANSITION_CONTROL_RESET, | |
5448ec4f TH |
217 | TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE, |
218 | TOMOYO_TRANSITION_CONTROL_INITIALIZE, | |
219 | TOMOYO_TRANSITION_CONTROL_NO_KEEP, | |
220 | TOMOYO_TRANSITION_CONTROL_KEEP, | |
221 | TOMOYO_MAX_TRANSITION_TYPE | |
222 | }; | |
223 | ||
76bb0895 | 224 | /* Index numbers for Access Controls. */ |
084da356 | 225 | enum tomoyo_acl_entry_type_index { |
7ef61233 TH |
226 | TOMOYO_TYPE_PATH_ACL, |
227 | TOMOYO_TYPE_PATH2_ACL, | |
a1f9bb6a | 228 | TOMOYO_TYPE_PATH_NUMBER_ACL, |
75093152 | 229 | TOMOYO_TYPE_MKDEV_ACL, |
2106ccd9 | 230 | TOMOYO_TYPE_MOUNT_ACL, |
059d84db TH |
231 | TOMOYO_TYPE_INET_ACL, |
232 | TOMOYO_TYPE_UNIX_ACL, | |
d58e0da8 | 233 | TOMOYO_TYPE_ENV_ACL, |
731d37aa | 234 | TOMOYO_TYPE_MANUAL_TASK_ACL, |
084da356 | 235 | }; |
76bb0895 | 236 | |
b5bc60b4 | 237 | /* Index numbers for access controls with one pathname. */ |
084da356 | 238 | enum tomoyo_path_acl_index { |
7ef61233 TH |
239 | TOMOYO_TYPE_EXECUTE, |
240 | TOMOYO_TYPE_READ, | |
241 | TOMOYO_TYPE_WRITE, | |
7c75964f | 242 | TOMOYO_TYPE_APPEND, |
7ef61233 | 243 | TOMOYO_TYPE_UNLINK, |
7c75964f | 244 | TOMOYO_TYPE_GETATTR, |
7ef61233 | 245 | TOMOYO_TYPE_RMDIR, |
7ef61233 TH |
246 | TOMOYO_TYPE_TRUNCATE, |
247 | TOMOYO_TYPE_SYMLINK, | |
7ef61233 | 248 | TOMOYO_TYPE_CHROOT, |
7ef61233 TH |
249 | TOMOYO_TYPE_UMOUNT, |
250 | TOMOYO_MAX_PATH_OPERATION | |
084da356 TH |
251 | }; |
252 | ||
b22b8b9f | 253 | /* Index numbers for /sys/kernel/security/tomoyo/stat interface. */ |
eadd99cc TH |
254 | enum tomoyo_memory_stat_type { |
255 | TOMOYO_MEMORY_POLICY, | |
256 | TOMOYO_MEMORY_AUDIT, | |
257 | TOMOYO_MEMORY_QUERY, | |
258 | TOMOYO_MAX_MEMORY_STAT | |
259 | }; | |
260 | ||
75093152 | 261 | enum tomoyo_mkdev_acl_index { |
a1f9bb6a TH |
262 | TOMOYO_TYPE_MKBLOCK, |
263 | TOMOYO_TYPE_MKCHAR, | |
75093152 | 264 | TOMOYO_MAX_MKDEV_OPERATION |
a1f9bb6a TH |
265 | }; |
266 | ||
059d84db TH |
267 | /* Index numbers for socket operations. */ |
268 | enum tomoyo_network_acl_index { | |
269 | TOMOYO_NETWORK_BIND, /* bind() operation. */ | |
270 | TOMOYO_NETWORK_LISTEN, /* listen() operation. */ | |
271 | TOMOYO_NETWORK_CONNECT, /* connect() operation. */ | |
272 | TOMOYO_NETWORK_SEND, /* send() operation. */ | |
273 | TOMOYO_MAX_NETWORK_OPERATION | |
274 | }; | |
275 | ||
b5bc60b4 | 276 | /* Index numbers for access controls with two pathnames. */ |
084da356 | 277 | enum tomoyo_path2_acl_index { |
7ef61233 TH |
278 | TOMOYO_TYPE_LINK, |
279 | TOMOYO_TYPE_RENAME, | |
280 | TOMOYO_TYPE_PIVOT_ROOT, | |
281 | TOMOYO_MAX_PATH2_OPERATION | |
084da356 TH |
282 | }; |
283 | ||
b5bc60b4 | 284 | /* Index numbers for access controls with one pathname and one number. */ |
a1f9bb6a TH |
285 | enum tomoyo_path_number_acl_index { |
286 | TOMOYO_TYPE_CREATE, | |
287 | TOMOYO_TYPE_MKDIR, | |
288 | TOMOYO_TYPE_MKFIFO, | |
289 | TOMOYO_TYPE_MKSOCK, | |
290 | TOMOYO_TYPE_IOCTL, | |
291 | TOMOYO_TYPE_CHMOD, | |
292 | TOMOYO_TYPE_CHOWN, | |
293 | TOMOYO_TYPE_CHGRP, | |
294 | TOMOYO_MAX_PATH_NUMBER_OPERATION | |
295 | }; | |
296 | ||
b5bc60b4 | 297 | /* Index numbers for /sys/kernel/security/tomoyo/ interfaces. */ |
084da356 TH |
298 | enum tomoyo_securityfs_interface_index { |
299 | TOMOYO_DOMAINPOLICY, | |
300 | TOMOYO_EXCEPTIONPOLICY, | |
084da356 | 301 | TOMOYO_PROCESS_STATUS, |
b22b8b9f | 302 | TOMOYO_STAT, |
eadd99cc | 303 | TOMOYO_AUDIT, |
084da356 TH |
304 | TOMOYO_VERSION, |
305 | TOMOYO_PROFILE, | |
17fcfbd9 | 306 | TOMOYO_QUERY, |
084da356 TH |
307 | TOMOYO_MANAGER |
308 | }; | |
9590837b | 309 | |
b5bc60b4 TH |
310 | /* Index numbers for special mount operations. */ |
311 | enum tomoyo_special_mount { | |
312 | TOMOYO_MOUNT_BIND, /* mount --bind /source /dest */ | |
313 | TOMOYO_MOUNT_MOVE, /* mount --move /old /new */ | |
314 | TOMOYO_MOUNT_REMOUNT, /* mount -o remount /dir */ | |
315 | TOMOYO_MOUNT_MAKE_UNBINDABLE, /* mount --make-unbindable /dir */ | |
316 | TOMOYO_MOUNT_MAKE_PRIVATE, /* mount --make-private /dir */ | |
317 | TOMOYO_MOUNT_MAKE_SLAVE, /* mount --make-slave /dir */ | |
318 | TOMOYO_MOUNT_MAKE_SHARED, /* mount --make-shared /dir */ | |
319 | TOMOYO_MAX_SPECIAL_MOUNT | |
320 | }; | |
321 | ||
322 | /* Index numbers for functionality. */ | |
57c2590f TH |
323 | enum tomoyo_mac_index { |
324 | TOMOYO_MAC_FILE_EXECUTE, | |
325 | TOMOYO_MAC_FILE_OPEN, | |
326 | TOMOYO_MAC_FILE_CREATE, | |
327 | TOMOYO_MAC_FILE_UNLINK, | |
7c75964f | 328 | TOMOYO_MAC_FILE_GETATTR, |
57c2590f TH |
329 | TOMOYO_MAC_FILE_MKDIR, |
330 | TOMOYO_MAC_FILE_RMDIR, | |
331 | TOMOYO_MAC_FILE_MKFIFO, | |
332 | TOMOYO_MAC_FILE_MKSOCK, | |
333 | TOMOYO_MAC_FILE_TRUNCATE, | |
334 | TOMOYO_MAC_FILE_SYMLINK, | |
57c2590f TH |
335 | TOMOYO_MAC_FILE_MKBLOCK, |
336 | TOMOYO_MAC_FILE_MKCHAR, | |
337 | TOMOYO_MAC_FILE_LINK, | |
338 | TOMOYO_MAC_FILE_RENAME, | |
339 | TOMOYO_MAC_FILE_CHMOD, | |
340 | TOMOYO_MAC_FILE_CHOWN, | |
341 | TOMOYO_MAC_FILE_CHGRP, | |
342 | TOMOYO_MAC_FILE_IOCTL, | |
343 | TOMOYO_MAC_FILE_CHROOT, | |
344 | TOMOYO_MAC_FILE_MOUNT, | |
345 | TOMOYO_MAC_FILE_UMOUNT, | |
346 | TOMOYO_MAC_FILE_PIVOT_ROOT, | |
059d84db TH |
347 | TOMOYO_MAC_NETWORK_INET_STREAM_BIND, |
348 | TOMOYO_MAC_NETWORK_INET_STREAM_LISTEN, | |
349 | TOMOYO_MAC_NETWORK_INET_STREAM_CONNECT, | |
350 | TOMOYO_MAC_NETWORK_INET_DGRAM_BIND, | |
351 | TOMOYO_MAC_NETWORK_INET_DGRAM_SEND, | |
352 | TOMOYO_MAC_NETWORK_INET_RAW_BIND, | |
353 | TOMOYO_MAC_NETWORK_INET_RAW_SEND, | |
354 | TOMOYO_MAC_NETWORK_UNIX_STREAM_BIND, | |
355 | TOMOYO_MAC_NETWORK_UNIX_STREAM_LISTEN, | |
356 | TOMOYO_MAC_NETWORK_UNIX_STREAM_CONNECT, | |
357 | TOMOYO_MAC_NETWORK_UNIX_DGRAM_BIND, | |
358 | TOMOYO_MAC_NETWORK_UNIX_DGRAM_SEND, | |
359 | TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_BIND, | |
360 | TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_LISTEN, | |
361 | TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_CONNECT, | |
d58e0da8 | 362 | TOMOYO_MAC_ENVIRON, |
57c2590f TH |
363 | TOMOYO_MAX_MAC_INDEX |
364 | }; | |
365 | ||
b5bc60b4 | 366 | /* Index numbers for category of functionality. */ |
57c2590f TH |
367 | enum tomoyo_mac_category_index { |
368 | TOMOYO_MAC_CATEGORY_FILE, | |
059d84db | 369 | TOMOYO_MAC_CATEGORY_NETWORK, |
d58e0da8 | 370 | TOMOYO_MAC_CATEGORY_MISC, |
57c2590f TH |
371 | TOMOYO_MAX_MAC_CATEGORY_INDEX |
372 | }; | |
373 | ||
82e0f001 | 374 | /* |
b5bc60b4 TH |
375 | * Retry this request. Returned by tomoyo_supervisor() if policy violation has |
376 | * occurred in enforcing mode and the userspace daemon decided to retry. | |
82e0f001 | 377 | * |
b5bc60b4 TH |
378 | * We must choose a positive value in order to distinguish "granted" (which is |
379 | * 0) and "rejected" (which is a negative value) and "retry". | |
82e0f001 | 380 | */ |
b5bc60b4 TH |
381 | #define TOMOYO_RETRY_REQUEST 1 |
382 | ||
b22b8b9f TH |
383 | /* Index numbers for /sys/kernel/security/tomoyo/stat interface. */ |
384 | enum tomoyo_policy_stat_type { | |
385 | /* Do not change this order. */ | |
386 | TOMOYO_STAT_POLICY_UPDATES, | |
387 | TOMOYO_STAT_POLICY_LEARNING, /* == TOMOYO_CONFIG_LEARNING */ | |
388 | TOMOYO_STAT_POLICY_PERMISSIVE, /* == TOMOYO_CONFIG_PERMISSIVE */ | |
389 | TOMOYO_STAT_POLICY_ENFORCING, /* == TOMOYO_CONFIG_ENFORCING */ | |
390 | TOMOYO_MAX_POLICY_STAT | |
391 | }; | |
392 | ||
d5ca1725 TH |
393 | /* Index numbers for profile's PREFERENCE values. */ |
394 | enum tomoyo_pref_index { | |
eadd99cc | 395 | TOMOYO_PREF_MAX_AUDIT_LOG, |
d5ca1725 TH |
396 | TOMOYO_PREF_MAX_LEARNING_ENTRY, |
397 | TOMOYO_MAX_PREF | |
398 | }; | |
399 | ||
b5bc60b4 TH |
400 | /********** Structure definitions. **********/ |
401 | ||
402 | /* Common header for holding ACL entries. */ | |
82e0f001 TH |
403 | struct tomoyo_acl_head { |
404 | struct list_head list; | |
f9732ea1 | 405 | s8 is_deleted; /* true or false or TOMOYO_GC_IN_PROGRESS */ |
82e0f001 TH |
406 | } __packed; |
407 | ||
0df7e8b8 TH |
408 | /* Common header for shared entries. */ |
409 | struct tomoyo_shared_acl_head { | |
410 | struct list_head list; | |
411 | atomic_t users; | |
412 | } __packed; | |
413 | ||
bd03a3e4 TH |
414 | struct tomoyo_policy_namespace; |
415 | ||
b5bc60b4 | 416 | /* Structure for request info. */ |
cb0abe6a | 417 | struct tomoyo_request_info { |
8761afd4 TH |
418 | /* |
419 | * For holding parameters specific to operations which deal files. | |
420 | * NULL if not dealing files. | |
421 | */ | |
422 | struct tomoyo_obj_info *obj; | |
2ca9bf45 TH |
423 | /* |
424 | * For holding parameters specific to execve() request. | |
425 | * NULL if not dealing do_execve(). | |
426 | */ | |
427 | struct tomoyo_execve *ee; | |
cb0abe6a | 428 | struct tomoyo_domain_info *domain; |
cf6e9a64 TH |
429 | /* For holding parameters. */ |
430 | union { | |
431 | struct { | |
432 | const struct tomoyo_path_info *filename; | |
484ca79c TH |
433 | /* For using wildcards at tomoyo_find_next_domain(). */ |
434 | const struct tomoyo_path_info *matched_path; | |
b5bc60b4 | 435 | /* One of values in "enum tomoyo_path_acl_index". */ |
cf6e9a64 TH |
436 | u8 operation; |
437 | } path; | |
438 | struct { | |
439 | const struct tomoyo_path_info *filename1; | |
440 | const struct tomoyo_path_info *filename2; | |
b5bc60b4 | 441 | /* One of values in "enum tomoyo_path2_acl_index". */ |
cf6e9a64 TH |
442 | u8 operation; |
443 | } path2; | |
444 | struct { | |
445 | const struct tomoyo_path_info *filename; | |
446 | unsigned int mode; | |
447 | unsigned int major; | |
448 | unsigned int minor; | |
b5bc60b4 | 449 | /* One of values in "enum tomoyo_mkdev_acl_index". */ |
cf6e9a64 TH |
450 | u8 operation; |
451 | } mkdev; | |
452 | struct { | |
453 | const struct tomoyo_path_info *filename; | |
454 | unsigned long number; | |
b5bc60b4 TH |
455 | /* |
456 | * One of values in | |
457 | * "enum tomoyo_path_number_acl_index". | |
458 | */ | |
cf6e9a64 TH |
459 | u8 operation; |
460 | } path_number; | |
d58e0da8 TH |
461 | struct { |
462 | const struct tomoyo_path_info *name; | |
463 | } environ; | |
059d84db TH |
464 | struct { |
465 | const __be32 *address; | |
466 | u16 port; | |
467 | /* One of values smaller than TOMOYO_SOCK_MAX. */ | |
468 | u8 protocol; | |
469 | /* One of values in "enum tomoyo_network_acl_index". */ | |
470 | u8 operation; | |
471 | bool is_ipv6; | |
472 | } inet_network; | |
473 | struct { | |
474 | const struct tomoyo_path_info *address; | |
475 | /* One of values smaller than TOMOYO_SOCK_MAX. */ | |
476 | u8 protocol; | |
477 | /* One of values in "enum tomoyo_network_acl_index". */ | |
478 | u8 operation; | |
479 | } unix_network; | |
cf6e9a64 TH |
480 | struct { |
481 | const struct tomoyo_path_info *type; | |
482 | const struct tomoyo_path_info *dir; | |
483 | const struct tomoyo_path_info *dev; | |
484 | unsigned long flags; | |
485 | int need_dev; | |
486 | } mount; | |
731d37aa TH |
487 | struct { |
488 | const struct tomoyo_path_info *domainname; | |
489 | } task; | |
cf6e9a64 | 490 | } param; |
1f067a68 | 491 | struct tomoyo_acl_info *matched_acl; |
cf6e9a64 TH |
492 | u8 param_type; |
493 | bool granted; | |
17fcfbd9 TH |
494 | u8 retry; |
495 | u8 profile; | |
cb0abe6a | 496 | u8 mode; /* One of tomoyo_mode_index . */ |
57c2590f | 497 | u8 type; |
cb0abe6a TH |
498 | }; |
499 | ||
b5bc60b4 | 500 | /* Structure for holding a token. */ |
9590837b KT |
501 | struct tomoyo_path_info { |
502 | const char *name; | |
503 | u32 hash; /* = full_name_hash(name, strlen(name)) */ | |
9590837b KT |
504 | u16 const_len; /* = tomoyo_const_part_length(name) */ |
505 | bool is_dir; /* = tomoyo_strendswith(name, "/") */ | |
506 | bool is_patterned; /* = tomoyo_path_contains_pattern(name) */ | |
9590837b KT |
507 | }; |
508 | ||
b5bc60b4 | 509 | /* Structure for holding string data. */ |
e2bf6907 | 510 | struct tomoyo_name { |
0df7e8b8 | 511 | struct tomoyo_shared_acl_head head; |
76bb0895 TH |
512 | struct tomoyo_path_info entry; |
513 | }; | |
9590837b | 514 | |
b5bc60b4 | 515 | /* Structure for holding a word. */ |
7762fbff | 516 | struct tomoyo_name_union { |
b5bc60b4 | 517 | /* Either @filename or @group is NULL. */ |
7762fbff | 518 | const struct tomoyo_path_info *filename; |
a98aa4de | 519 | struct tomoyo_group *group; |
7762fbff TH |
520 | }; |
521 | ||
b5bc60b4 | 522 | /* Structure for holding a number. */ |
4c3e9e2d TH |
523 | struct tomoyo_number_union { |
524 | unsigned long values[2]; | |
b5bc60b4 TH |
525 | struct tomoyo_group *group; /* Maybe NULL. */ |
526 | /* One of values in "enum tomoyo_value_type". */ | |
0df7e8b8 | 527 | u8 value_type[2]; |
4c3e9e2d TH |
528 | }; |
529 | ||
059d84db TH |
530 | /* Structure for holding an IP address. */ |
531 | struct tomoyo_ipaddr_union { | |
532 | struct in6_addr ip[2]; /* Big endian. */ | |
533 | struct tomoyo_group *group; /* Pointer to address group. */ | |
534 | bool is_ipv6; /* Valid only if @group == NULL. */ | |
535 | }; | |
536 | ||
537 | /* Structure for "path_group"/"number_group"/"address_group" directive. */ | |
a98aa4de | 538 | struct tomoyo_group { |
0df7e8b8 | 539 | struct tomoyo_shared_acl_head head; |
4c3e9e2d TH |
540 | const struct tomoyo_path_info *group_name; |
541 | struct list_head member_list; | |
4c3e9e2d TH |
542 | }; |
543 | ||
7762fbff | 544 | /* Structure for "path_group" directive. */ |
a98aa4de | 545 | struct tomoyo_path_group { |
82e0f001 | 546 | struct tomoyo_acl_head head; |
7762fbff TH |
547 | const struct tomoyo_path_info *member_name; |
548 | }; | |
549 | ||
4c3e9e2d | 550 | /* Structure for "number_group" directive. */ |
a98aa4de | 551 | struct tomoyo_number_group { |
82e0f001 | 552 | struct tomoyo_acl_head head; |
4c3e9e2d TH |
553 | struct tomoyo_number_union number; |
554 | }; | |
555 | ||
059d84db TH |
556 | /* Structure for "address_group" directive. */ |
557 | struct tomoyo_address_group { | |
558 | struct tomoyo_acl_head head; | |
559 | /* Structure for holding an IP address. */ | |
560 | struct tomoyo_ipaddr_union address; | |
561 | }; | |
562 | ||
8761afd4 TH |
563 | /* Subset of "struct stat". Used by conditional ACL and audit logs. */ |
564 | struct tomoyo_mini_stat { | |
609fcd1b EB |
565 | kuid_t uid; |
566 | kgid_t gid; | |
8761afd4 | 567 | ino_t ino; |
d179333f | 568 | umode_t mode; |
8761afd4 TH |
569 | dev_t dev; |
570 | dev_t rdev; | |
571 | }; | |
572 | ||
5b636857 TH |
573 | /* Structure for dumping argv[] and envp[] of "struct linux_binprm". */ |
574 | struct tomoyo_page_dump { | |
575 | struct page *page; /* Previously dumped page. */ | |
576 | char *data; /* Contents of "page". Size is PAGE_SIZE. */ | |
577 | }; | |
578 | ||
8761afd4 TH |
579 | /* Structure for attribute checks in addition to pathname checks. */ |
580 | struct tomoyo_obj_info { | |
581 | /* | |
582 | * True if tomoyo_get_attributes() was already called, false otherwise. | |
583 | */ | |
584 | bool validate_done; | |
585 | /* True if @stat[] is valid. */ | |
586 | bool stat_valid[TOMOYO_MAX_PATH_STAT]; | |
587 | /* First pathname. Initialized with { NULL, NULL } if no path. */ | |
588 | struct path path1; | |
589 | /* Second pathname. Initialized with { NULL, NULL } if no path. */ | |
590 | struct path path2; | |
591 | /* | |
592 | * Information on @path1, @path1's parent directory, @path2, @path2's | |
593 | * parent directory. | |
594 | */ | |
595 | struct tomoyo_mini_stat stat[TOMOYO_MAX_PATH_STAT]; | |
2ca9bf45 TH |
596 | /* |
597 | * Content of symbolic link to be created. NULL for operations other | |
598 | * than symlink(). | |
599 | */ | |
600 | struct tomoyo_path_info *symlink_target; | |
601 | }; | |
602 | ||
5b636857 TH |
603 | /* Structure for argv[]. */ |
604 | struct tomoyo_argv { | |
605 | unsigned long index; | |
606 | const struct tomoyo_path_info *value; | |
607 | bool is_not; | |
608 | }; | |
609 | ||
610 | /* Structure for envp[]. */ | |
611 | struct tomoyo_envp { | |
612 | const struct tomoyo_path_info *name; | |
613 | const struct tomoyo_path_info *value; | |
614 | bool is_not; | |
615 | }; | |
616 | ||
2ca9bf45 TH |
617 | /* Structure for execve() operation. */ |
618 | struct tomoyo_execve { | |
619 | struct tomoyo_request_info r; | |
620 | struct tomoyo_obj_info obj; | |
621 | struct linux_binprm *bprm; | |
6bce98ed | 622 | const struct tomoyo_path_info *transition; |
5b636857 TH |
623 | /* For dumping argv[] and envp[]. */ |
624 | struct tomoyo_page_dump dump; | |
2ca9bf45 TH |
625 | /* For temporary use. */ |
626 | char *tmp; /* Size is TOMOYO_EXEC_TMPSIZE bytes */ | |
8761afd4 TH |
627 | }; |
628 | ||
2066a361 TH |
629 | /* Structure for entries which follows "struct tomoyo_condition". */ |
630 | struct tomoyo_condition_element { | |
5b636857 TH |
631 | /* |
632 | * Left hand operand. A "struct tomoyo_argv" for TOMOYO_ARGV_ENTRY, a | |
633 | * "struct tomoyo_envp" for TOMOYO_ENVP_ENTRY is attached to the tail | |
634 | * of the array of this struct. | |
635 | */ | |
2066a361 | 636 | u8 left; |
5b636857 TH |
637 | /* |
638 | * Right hand operand. A "struct tomoyo_number_union" for | |
639 | * TOMOYO_NUMBER_UNION, a "struct tomoyo_name_union" for | |
640 | * TOMOYO_NAME_UNION is attached to the tail of the array of this | |
641 | * struct. | |
642 | */ | |
2066a361 TH |
643 | u8 right; |
644 | /* Equation operator. True if equals or overlaps, false otherwise. */ | |
645 | bool equals; | |
646 | }; | |
647 | ||
648 | /* Structure for optional arguments. */ | |
649 | struct tomoyo_condition { | |
650 | struct tomoyo_shared_acl_head head; | |
651 | u32 size; /* Memory size allocated for this entry. */ | |
652 | u16 condc; /* Number of conditions in this struct. */ | |
653 | u16 numbers_count; /* Number of "struct tomoyo_number_union values". */ | |
2ca9bf45 | 654 | u16 names_count; /* Number of "struct tomoyo_name_union names". */ |
5b636857 TH |
655 | u16 argc; /* Number of "struct tomoyo_argv". */ |
656 | u16 envc; /* Number of "struct tomoyo_envp". */ | |
1f067a68 | 657 | u8 grant_log; /* One of values in "enum tomoyo_grant_log". */ |
6bce98ed | 658 | const struct tomoyo_path_info *transit; /* Maybe NULL. */ |
2066a361 TH |
659 | /* |
660 | * struct tomoyo_condition_element condition[condc]; | |
661 | * struct tomoyo_number_union values[numbers_count]; | |
2ca9bf45 | 662 | * struct tomoyo_name_union names[names_count]; |
5b636857 TH |
663 | * struct tomoyo_argv argv[argc]; |
664 | * struct tomoyo_envp envp[envc]; | |
2066a361 TH |
665 | */ |
666 | }; | |
667 | ||
b5bc60b4 | 668 | /* Common header for individual entries. */ |
9590837b KT |
669 | struct tomoyo_acl_info { |
670 | struct list_head list; | |
2066a361 | 671 | struct tomoyo_condition *cond; /* Maybe NULL. */ |
f9732ea1 | 672 | s8 is_deleted; /* true or false or TOMOYO_GC_IN_PROGRESS */ |
b5bc60b4 | 673 | u8 type; /* One of values in "enum tomoyo_acl_entry_type_index". */ |
9590837b KT |
674 | } __packed; |
675 | ||
b5bc60b4 | 676 | /* Structure for domain information. */ |
9590837b KT |
677 | struct tomoyo_domain_info { |
678 | struct list_head list; | |
679 | struct list_head acl_info_list; | |
680 | /* Name of this domain. Never NULL. */ | |
681 | const struct tomoyo_path_info *domainname; | |
bd03a3e4 TH |
682 | /* Namespace for this domain. Never NULL. */ |
683 | struct tomoyo_policy_namespace *ns; | |
9590837b | 684 | u8 profile; /* Profile number to use. */ |
32997144 | 685 | u8 group; /* Group number to use. */ |
a0558fc3 | 686 | bool is_deleted; /* Delete flag. */ |
2c47ab93 | 687 | bool flags[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; |
ec8e6a4e | 688 | atomic_t users; /* Number of referring credentials. */ |
9590837b KT |
689 | }; |
690 | ||
731d37aa TH |
691 | /* |
692 | * Structure for "task manual_domain_transition" directive. | |
693 | */ | |
694 | struct tomoyo_task_acl { | |
695 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MANUAL_TASK_ACL */ | |
696 | /* Pointer to domainname. */ | |
697 | const struct tomoyo_path_info *domainname; | |
698 | }; | |
699 | ||
9590837b | 700 | /* |
b5bc60b4 TH |
701 | * Structure for "file execute", "file read", "file write", "file append", |
702 | * "file unlink", "file getattr", "file rmdir", "file truncate", | |
703 | * "file symlink", "file chroot" and "file unmount" directive. | |
9590837b | 704 | */ |
7ef61233 TH |
705 | struct tomoyo_path_acl { |
706 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */ | |
b5bc60b4 | 707 | u16 perm; /* Bitmask of values in "enum tomoyo_path_acl_index". */ |
7762fbff | 708 | struct tomoyo_name_union name; |
9590837b KT |
709 | }; |
710 | ||
a1f9bb6a | 711 | /* |
b5bc60b4 TH |
712 | * Structure for "file create", "file mkdir", "file mkfifo", "file mksock", |
713 | * "file ioctl", "file chmod", "file chown" and "file chgrp" directive. | |
a1f9bb6a TH |
714 | */ |
715 | struct tomoyo_path_number_acl { | |
716 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_NUMBER_ACL */ | |
b5bc60b4 | 717 | /* Bitmask of values in "enum tomoyo_path_number_acl_index". */ |
a1f9bb6a TH |
718 | u8 perm; |
719 | struct tomoyo_name_union name; | |
720 | struct tomoyo_number_union number; | |
721 | }; | |
722 | ||
b5bc60b4 | 723 | /* Structure for "file mkblock" and "file mkchar" directive. */ |
75093152 TH |
724 | struct tomoyo_mkdev_acl { |
725 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MKDEV_ACL */ | |
b5bc60b4 | 726 | u8 perm; /* Bitmask of values in "enum tomoyo_mkdev_acl_index". */ |
a1f9bb6a TH |
727 | struct tomoyo_name_union name; |
728 | struct tomoyo_number_union mode; | |
729 | struct tomoyo_number_union major; | |
730 | struct tomoyo_number_union minor; | |
731 | }; | |
732 | ||
c3fa109a | 733 | /* |
b5bc60b4 | 734 | * Structure for "file rename", "file link" and "file pivot_root" directive. |
c3fa109a | 735 | */ |
7ef61233 TH |
736 | struct tomoyo_path2_acl { |
737 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH2_ACL */ | |
b5bc60b4 | 738 | u8 perm; /* Bitmask of values in "enum tomoyo_path2_acl_index". */ |
7762fbff TH |
739 | struct tomoyo_name_union name1; |
740 | struct tomoyo_name_union name2; | |
9590837b KT |
741 | }; |
742 | ||
b5bc60b4 | 743 | /* Structure for "file mount" directive. */ |
2106ccd9 TH |
744 | struct tomoyo_mount_acl { |
745 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MOUNT_ACL */ | |
2106ccd9 TH |
746 | struct tomoyo_name_union dev_name; |
747 | struct tomoyo_name_union dir_name; | |
748 | struct tomoyo_name_union fs_type; | |
749 | struct tomoyo_number_union flags; | |
750 | }; | |
751 | ||
d58e0da8 TH |
752 | /* Structure for "misc env" directive in domain policy. */ |
753 | struct tomoyo_env_acl { | |
754 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_ENV_ACL */ | |
755 | const struct tomoyo_path_info *env; /* environment variable */ | |
756 | }; | |
757 | ||
059d84db TH |
758 | /* Structure for "network inet" directive. */ |
759 | struct tomoyo_inet_acl { | |
760 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_INET_ACL */ | |
761 | u8 protocol; | |
762 | u8 perm; /* Bitmask of values in "enum tomoyo_network_acl_index" */ | |
763 | struct tomoyo_ipaddr_union address; | |
764 | struct tomoyo_number_union port; | |
765 | }; | |
766 | ||
767 | /* Structure for "network unix" directive. */ | |
768 | struct tomoyo_unix_acl { | |
769 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_UNIX_ACL */ | |
770 | u8 protocol; | |
771 | u8 perm; /* Bitmask of values in "enum tomoyo_network_acl_index" */ | |
772 | struct tomoyo_name_union name; | |
773 | }; | |
774 | ||
a238cf5b TH |
775 | /* Structure for holding a line from /sys/kernel/security/tomoyo/ interface. */ |
776 | struct tomoyo_acl_param { | |
777 | char *data; | |
778 | struct list_head *list; | |
bd03a3e4 | 779 | struct tomoyo_policy_namespace *ns; |
a238cf5b TH |
780 | bool is_delete; |
781 | }; | |
782 | ||
0d2171d7 | 783 | #define TOMOYO_MAX_IO_READ_QUEUE 64 |
f23571e8 | 784 | |
c3fa109a | 785 | /* |
f23571e8 TH |
786 | * Structure for reading/writing policy via /sys/kernel/security/tomoyo |
787 | * interfaces. | |
c3fa109a | 788 | */ |
9590837b | 789 | struct tomoyo_io_buffer { |
8fbe71f0 | 790 | void (*read) (struct tomoyo_io_buffer *); |
9590837b | 791 | int (*write) (struct tomoyo_io_buffer *); |
c0d4be28 | 792 | __poll_t (*poll) (struct file *file, poll_table *wait); |
9590837b KT |
793 | /* Exclusive lock for this structure. */ |
794 | struct mutex io_sem; | |
f23571e8 | 795 | char __user *read_user_buf; |
2c47ab93 | 796 | size_t read_user_buf_avail; |
f23571e8 | 797 | struct { |
bd03a3e4 | 798 | struct list_head *ns; |
f23571e8 TH |
799 | struct list_head *domain; |
800 | struct list_head *group; | |
801 | struct list_head *acl; | |
2c47ab93 TH |
802 | size_t avail; |
803 | unsigned int step; | |
804 | unsigned int query_index; | |
f23571e8 | 805 | u16 index; |
2066a361 | 806 | u16 cond_index; |
32997144 | 807 | u8 acl_group_index; |
2066a361 | 808 | u8 cond_step; |
f23571e8 TH |
809 | u8 bit; |
810 | u8 w_pos; | |
811 | bool eof; | |
812 | bool print_this_domain_only; | |
bd03a3e4 | 813 | bool print_transition_related_only; |
2066a361 | 814 | bool print_cond_part; |
f23571e8 TH |
815 | const char *w[TOMOYO_MAX_IO_READ_QUEUE]; |
816 | } r; | |
0df7e8b8 | 817 | struct { |
bd03a3e4 | 818 | struct tomoyo_policy_namespace *ns; |
0df7e8b8 TH |
819 | /* The position currently writing to. */ |
820 | struct tomoyo_domain_info *domain; | |
821 | /* Bytes available for writing. */ | |
2c47ab93 | 822 | size_t avail; |
bd03a3e4 | 823 | bool is_delete; |
0df7e8b8 | 824 | } w; |
9590837b KT |
825 | /* Buffer for reading. */ |
826 | char *read_buf; | |
9590837b | 827 | /* Size of read buffer. */ |
2c47ab93 | 828 | size_t readbuf_size; |
9590837b KT |
829 | /* Buffer for writing. */ |
830 | char *write_buf; | |
9590837b | 831 | /* Size of write buffer. */ |
2c47ab93 | 832 | size_t writebuf_size; |
17fcfbd9 | 833 | /* Type of this interface. */ |
2c47ab93 | 834 | enum tomoyo_securityfs_interface_index type; |
2e503bbb TH |
835 | /* Users counter protected by tomoyo_io_buffer_list_lock. */ |
836 | u8 users; | |
837 | /* List for telling GC not to kfree() elements. */ | |
838 | struct list_head list; | |
9590837b KT |
839 | }; |
840 | ||
76bb0895 | 841 | /* |
b5bc60b4 TH |
842 | * Structure for "initialize_domain"/"no_initialize_domain"/"keep_domain"/ |
843 | * "no_keep_domain" keyword. | |
76bb0895 | 844 | */ |
5448ec4f | 845 | struct tomoyo_transition_control { |
82e0f001 | 846 | struct tomoyo_acl_head head; |
5448ec4f | 847 | u8 type; /* One of values in "enum tomoyo_transition_type". */ |
76bb0895 TH |
848 | /* True if the domainname is tomoyo_get_last_name(). */ |
849 | bool is_last_name; | |
5448ec4f TH |
850 | const struct tomoyo_path_info *domainname; /* Maybe NULL */ |
851 | const struct tomoyo_path_info *program; /* Maybe NULL */ | |
76bb0895 TH |
852 | }; |
853 | ||
b5bc60b4 | 854 | /* Structure for "aggregator" keyword. */ |
e2bf6907 | 855 | struct tomoyo_aggregator { |
82e0f001 | 856 | struct tomoyo_acl_head head; |
1084307c TH |
857 | const struct tomoyo_path_info *original_name; |
858 | const struct tomoyo_path_info *aggregated_name; | |
1084307c TH |
859 | }; |
860 | ||
b5bc60b4 | 861 | /* Structure for policy manager. */ |
e2bf6907 | 862 | struct tomoyo_manager { |
82e0f001 | 863 | struct tomoyo_acl_head head; |
76bb0895 TH |
864 | /* A path to program or a domainname. */ |
865 | const struct tomoyo_path_info *manager; | |
76bb0895 TH |
866 | }; |
867 | ||
57c2590f TH |
868 | struct tomoyo_preference { |
869 | unsigned int learning_max_entry; | |
870 | bool enforcing_verbose; | |
871 | bool learning_verbose; | |
872 | bool permissive_verbose; | |
873 | }; | |
874 | ||
b5bc60b4 | 875 | /* Structure for /sys/kernel/security/tomnoyo/profile interface. */ |
57c2590f TH |
876 | struct tomoyo_profile { |
877 | const struct tomoyo_path_info *comment; | |
878 | struct tomoyo_preference *learning; | |
879 | struct tomoyo_preference *permissive; | |
880 | struct tomoyo_preference *enforcing; | |
881 | struct tomoyo_preference preference; | |
882 | u8 default_config; | |
883 | u8 config[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX]; | |
d5ca1725 | 884 | unsigned int pref[TOMOYO_MAX_PREF]; |
57c2590f TH |
885 | }; |
886 | ||
eadd99cc TH |
887 | /* Structure for representing YYYY/MM/DD hh/mm/ss. */ |
888 | struct tomoyo_time { | |
889 | u16 year; | |
890 | u8 month; | |
891 | u8 day; | |
892 | u8 hour; | |
893 | u8 min; | |
894 | u8 sec; | |
895 | }; | |
896 | ||
bd03a3e4 TH |
897 | /* Structure for policy namespace. */ |
898 | struct tomoyo_policy_namespace { | |
899 | /* Profile table. Memory is allocated as needed. */ | |
900 | struct tomoyo_profile *profile_ptr[TOMOYO_MAX_PROFILES]; | |
901 | /* List of "struct tomoyo_group". */ | |
902 | struct list_head group_list[TOMOYO_MAX_GROUP]; | |
903 | /* List of policy. */ | |
904 | struct list_head policy_list[TOMOYO_MAX_POLICY]; | |
905 | /* The global ACL referred by "use_group" keyword. */ | |
906 | struct list_head acl_group[TOMOYO_MAX_ACL_GROUPS]; | |
907 | /* List for connecting to tomoyo_namespace_list list. */ | |
908 | struct list_head namespace_list; | |
843d183c | 909 | /* Profile version. Currently only 20110903 is defined. */ |
bd03a3e4 TH |
910 | unsigned int profile_version; |
911 | /* Name of this namespace (e.g. "<kernel>", "</usr/sbin/httpd>" ). */ | |
912 | const char *name; | |
913 | }; | |
914 | ||
76bb0895 TH |
915 | /********** Function prototypes. **********/ |
916 | ||
059d84db TH |
917 | bool tomoyo_address_matches_group(const bool is_ipv6, const __be32 *address, |
918 | const struct tomoyo_group *group); | |
2106ccd9 TH |
919 | bool tomoyo_compare_number_union(const unsigned long value, |
920 | const struct tomoyo_number_union *ptr); | |
2066a361 TH |
921 | bool tomoyo_condition(struct tomoyo_request_info *r, |
922 | const struct tomoyo_condition *cond); | |
75093152 | 923 | bool tomoyo_correct_domain(const unsigned char *domainname); |
75093152 TH |
924 | bool tomoyo_correct_path(const char *filename); |
925 | bool tomoyo_correct_word(const char *string); | |
75093152 | 926 | bool tomoyo_domain_def(const unsigned char *buffer); |
3ddf17f0 | 927 | bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r); |
5b636857 TH |
928 | bool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos, |
929 | struct tomoyo_page_dump *dump); | |
3ddf17f0 | 930 | bool tomoyo_memory_ok(void *ptr); |
4c3e9e2d TH |
931 | bool tomoyo_number_matches_group(const unsigned long min, |
932 | const unsigned long max, | |
a98aa4de | 933 | const struct tomoyo_group *group); |
059d84db TH |
934 | bool tomoyo_parse_ipaddr_union(struct tomoyo_acl_param *param, |
935 | struct tomoyo_ipaddr_union *ptr); | |
3ddf17f0 TH |
936 | bool tomoyo_parse_name_union(struct tomoyo_acl_param *param, |
937 | struct tomoyo_name_union *ptr); | |
a238cf5b TH |
938 | bool tomoyo_parse_number_union(struct tomoyo_acl_param *param, |
939 | struct tomoyo_number_union *ptr); | |
3ddf17f0 TH |
940 | bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, |
941 | const struct tomoyo_path_info *pattern); | |
942 | bool tomoyo_permstr(const char *string, const char *keyword); | |
943 | bool tomoyo_str_starts(char **src, const char *find); | |
944 | char *tomoyo_encode(const char *str); | |
059d84db | 945 | char *tomoyo_encode2(const char *str, int str_len); |
3ddf17f0 TH |
946 | char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt, |
947 | va_list args); | |
948 | char *tomoyo_read_token(struct tomoyo_acl_param *param); | |
22473862 | 949 | char *tomoyo_realpath_from_path(const struct path *path); |
3ddf17f0 TH |
950 | char *tomoyo_realpath_nofollow(const char *pathname); |
951 | const char *tomoyo_get_exe(void); | |
952 | const char *tomoyo_yesno(const unsigned int value); | |
953 | const struct tomoyo_path_info *tomoyo_compare_name_union | |
954 | (const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr); | |
731d37aa TH |
955 | const struct tomoyo_path_info *tomoyo_get_domainname |
956 | (struct tomoyo_acl_param *param); | |
3ddf17f0 TH |
957 | const struct tomoyo_path_info *tomoyo_get_name(const char *name); |
958 | const struct tomoyo_path_info *tomoyo_path_matches_group | |
959 | (const struct tomoyo_path_info *pathname, const struct tomoyo_group *group); | |
960 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | |
e6641edd | 961 | const struct path *path, const int flag); |
e53cfda5 | 962 | void tomoyo_close_control(struct tomoyo_io_buffer *head); |
d58e0da8 | 963 | int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env); |
6bce98ed TH |
964 | int tomoyo_execute_permission(struct tomoyo_request_info *r, |
965 | const struct tomoyo_path_info *filename); | |
3ddf17f0 TH |
966 | int tomoyo_find_next_domain(struct linux_binprm *bprm); |
967 | int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, | |
968 | const u8 index); | |
2106ccd9 | 969 | int tomoyo_init_request_info(struct tomoyo_request_info *r, |
57c2590f TH |
970 | struct tomoyo_domain_info *domain, |
971 | const u8 index); | |
e6641edd | 972 | int tomoyo_mkdev_perm(const u8 operation, const struct path *path, |
3ddf17f0 | 973 | const unsigned int mode, unsigned int dev); |
e6641edd | 974 | int tomoyo_mount_permission(const char *dev_name, const struct path *path, |
b5bc60b4 TH |
975 | const char *type, unsigned long flags, |
976 | void *data_page); | |
3ddf17f0 | 977 | int tomoyo_open_control(const u8 type, struct file *file); |
e6641edd AV |
978 | int tomoyo_path2_perm(const u8 operation, const struct path *path1, |
979 | const struct path *path2); | |
980 | int tomoyo_path_number_perm(const u8 operation, const struct path *path, | |
3ddf17f0 | 981 | unsigned long number); |
3f7036a0 | 982 | int tomoyo_path_perm(const u8 operation, const struct path *path, |
97fb35e4 | 983 | const char *target); |
c0d4be28 AV |
984 | __poll_t tomoyo_poll_control(struct file *file, poll_table *wait); |
985 | __poll_t tomoyo_poll_log(struct file *file, poll_table *wait); | |
059d84db TH |
986 | int tomoyo_socket_bind_permission(struct socket *sock, struct sockaddr *addr, |
987 | int addr_len); | |
988 | int tomoyo_socket_connect_permission(struct socket *sock, | |
989 | struct sockaddr *addr, int addr_len); | |
990 | int tomoyo_socket_listen_permission(struct socket *sock); | |
991 | int tomoyo_socket_sendmsg_permission(struct socket *sock, struct msghdr *msg, | |
992 | int size); | |
3ddf17f0 TH |
993 | int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) |
994 | __printf(2, 3); | |
995 | int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, | |
996 | struct tomoyo_acl_param *param, | |
997 | bool (*check_duplicate) | |
998 | (const struct tomoyo_acl_info *, | |
999 | const struct tomoyo_acl_info *), | |
1000 | bool (*merge_duplicate) | |
1001 | (struct tomoyo_acl_info *, struct tomoyo_acl_info *, | |
1002 | const bool)); | |
1003 | int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, | |
1004 | struct tomoyo_acl_param *param, | |
1005 | bool (*check_duplicate) | |
1006 | (const struct tomoyo_acl_head *, | |
1007 | const struct tomoyo_acl_head *)); | |
a238cf5b | 1008 | int tomoyo_write_aggregator(struct tomoyo_acl_param *param); |
a238cf5b TH |
1009 | int tomoyo_write_file(struct tomoyo_acl_param *param); |
1010 | int tomoyo_write_group(struct tomoyo_acl_param *param, const u8 type); | |
d58e0da8 | 1011 | int tomoyo_write_misc(struct tomoyo_acl_param *param); |
059d84db | 1012 | int tomoyo_write_inet_network(struct tomoyo_acl_param *param); |
3ddf17f0 TH |
1013 | int tomoyo_write_transition_control(struct tomoyo_acl_param *param, |
1014 | const u8 type); | |
059d84db | 1015 | int tomoyo_write_unix_network(struct tomoyo_acl_param *param); |
3ddf17f0 TH |
1016 | ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer, |
1017 | const int buffer_len); | |
1018 | ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, | |
1019 | const char __user *buffer, const int buffer_len); | |
2066a361 | 1020 | struct tomoyo_condition *tomoyo_get_condition(struct tomoyo_acl_param *param); |
e2bf6907 | 1021 | struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, |
bd03a3e4 | 1022 | const bool transit); |
3ddf17f0 | 1023 | struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname); |
a238cf5b TH |
1024 | struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, |
1025 | const u8 idx); | |
3ddf17f0 TH |
1026 | struct tomoyo_policy_namespace *tomoyo_assign_namespace |
1027 | (const char *domainname); | |
1028 | struct tomoyo_profile *tomoyo_profile(const struct tomoyo_policy_namespace *ns, | |
1029 | const u8 profile); | |
9590837b KT |
1030 | unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain, |
1031 | const u8 index); | |
2066a361 | 1032 | u8 tomoyo_parse_ulong(unsigned long *result, char **str); |
9e4b50e9 | 1033 | void *tomoyo_commit_ok(void *data, const unsigned int size); |
efe836ab | 1034 | void __init tomoyo_load_builtin_policy(void); |
3ddf17f0 | 1035 | void __init tomoyo_mm_init(void); |
99a85259 | 1036 | void tomoyo_check_acl(struct tomoyo_request_info *r, |
484ca79c | 1037 | bool (*check_entry) (struct tomoyo_request_info *, |
99a85259 | 1038 | const struct tomoyo_acl_info *)); |
3ddf17f0 | 1039 | void tomoyo_check_profile(void); |
92734092 | 1040 | void tomoyo_convert_time(time64_t time, struct tomoyo_time *stamp); |
2066a361 | 1041 | void tomoyo_del_condition(struct list_head *element); |
3ddf17f0 | 1042 | void tomoyo_fill_path_info(struct tomoyo_path_info *ptr); |
8761afd4 | 1043 | void tomoyo_get_attributes(struct tomoyo_obj_info *obj); |
3ddf17f0 | 1044 | void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns); |
3ddf17f0 | 1045 | void tomoyo_load_policy(const char *filename); |
3ddf17f0 TH |
1046 | void tomoyo_normalize_line(unsigned char *buffer); |
1047 | void tomoyo_notify_gc(struct tomoyo_io_buffer *head, const bool is_register); | |
059d84db TH |
1048 | void tomoyo_print_ip(char *buf, const unsigned int size, |
1049 | const struct tomoyo_ipaddr_union *ptr); | |
3ddf17f0 TH |
1050 | void tomoyo_print_ulong(char *buffer, const int buffer_len, |
1051 | const unsigned long value, const u8 type); | |
1052 | void tomoyo_put_name_union(struct tomoyo_name_union *ptr); | |
1053 | void tomoyo_put_number_union(struct tomoyo_number_union *ptr); | |
1054 | void tomoyo_read_log(struct tomoyo_io_buffer *head); | |
1055 | void tomoyo_update_stat(const u8 index); | |
1056 | void tomoyo_warn_oom(const char *function); | |
bd03a3e4 | 1057 | void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) |
3ddf17f0 | 1058 | __printf(2, 3); |
eadd99cc TH |
1059 | void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, |
1060 | va_list args); | |
eadd99cc | 1061 | |
76bb0895 TH |
1062 | /********** External variable definitions. **********/ |
1063 | ||
76bb0895 | 1064 | extern bool tomoyo_policy_loaded; |
2066a361 TH |
1065 | extern const char * const tomoyo_condition_keyword |
1066 | [TOMOYO_MAX_CONDITION_KEYWORD]; | |
3ddf17f0 TH |
1067 | extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS]; |
1068 | extern const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX | |
1069 | + TOMOYO_MAX_MAC_CATEGORY_INDEX]; | |
1070 | extern const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE]; | |
2c47ab93 | 1071 | extern const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION]; |
059d84db TH |
1072 | extern const char * const tomoyo_proto_keyword[TOMOYO_SOCK_MAX]; |
1073 | extern const char * const tomoyo_socket_keyword[TOMOYO_MAX_NETWORK_OPERATION]; | |
2c47ab93 | 1074 | extern const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX]; |
3ddf17f0 | 1075 | extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION]; |
0d2171d7 TH |
1076 | extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION]; |
1077 | extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION]; | |
2066a361 | 1078 | extern struct list_head tomoyo_condition_list; |
3ddf17f0 TH |
1079 | extern struct list_head tomoyo_domain_list; |
1080 | extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; | |
1081 | extern struct list_head tomoyo_namespace_list; | |
1082 | extern struct mutex tomoyo_policy_lock; | |
1083 | extern struct srcu_struct tomoyo_ss; | |
1084 | extern struct tomoyo_domain_info tomoyo_kernel_domain; | |
1085 | extern struct tomoyo_policy_namespace tomoyo_kernel_namespace; | |
eadd99cc TH |
1086 | extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT]; |
1087 | extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT]; | |
17fcfbd9 | 1088 | |
76bb0895 TH |
1089 | /********** Inlined functions. **********/ |
1090 | ||
b5bc60b4 TH |
1091 | /** |
1092 | * tomoyo_read_lock - Take lock for protecting policy. | |
1093 | * | |
1094 | * Returns index number for tomoyo_read_unlock(). | |
1095 | */ | |
76bb0895 TH |
1096 | static inline int tomoyo_read_lock(void) |
1097 | { | |
1098 | return srcu_read_lock(&tomoyo_ss); | |
1099 | } | |
1100 | ||
b5bc60b4 TH |
1101 | /** |
1102 | * tomoyo_read_unlock - Release lock for protecting policy. | |
1103 | * | |
1104 | * @idx: Index number returned by tomoyo_read_lock(). | |
1105 | * | |
1106 | * Returns nothing. | |
1107 | */ | |
76bb0895 TH |
1108 | static inline void tomoyo_read_unlock(int idx) |
1109 | { | |
1110 | srcu_read_unlock(&tomoyo_ss, idx); | |
1111 | } | |
1112 | ||
2066a361 TH |
1113 | /** |
1114 | * tomoyo_sys_getppid - Copy of getppid(). | |
1115 | * | |
1116 | * Returns parent process's PID. | |
1117 | * | |
1118 | * Alpha does not have getppid() defined. To be able to build this module on | |
1119 | * Alpha, I have to copy getppid() from kernel/timer.c. | |
1120 | */ | |
1121 | static inline pid_t tomoyo_sys_getppid(void) | |
1122 | { | |
1123 | pid_t pid; | |
1124 | rcu_read_lock(); | |
bb80d880 | 1125 | pid = task_tgid_vnr(rcu_dereference(current->real_parent)); |
2066a361 TH |
1126 | rcu_read_unlock(); |
1127 | return pid; | |
1128 | } | |
1129 | ||
1130 | /** | |
1131 | * tomoyo_sys_getpid - Copy of getpid(). | |
1132 | * | |
1133 | * Returns current thread's PID. | |
1134 | * | |
1135 | * Alpha does not have getpid() defined. To be able to build this module on | |
1136 | * Alpha, I have to copy getpid() from kernel/timer.c. | |
1137 | */ | |
1138 | static inline pid_t tomoyo_sys_getpid(void) | |
1139 | { | |
1140 | return task_tgid_vnr(current); | |
1141 | } | |
1142 | ||
b5bc60b4 TH |
1143 | /** |
1144 | * tomoyo_pathcmp - strcmp() for "struct tomoyo_path_info" structure. | |
1145 | * | |
1146 | * @a: Pointer to "struct tomoyo_path_info". | |
1147 | * @b: Pointer to "struct tomoyo_path_info". | |
1148 | * | |
1149 | * Returns true if @a == @b, false otherwise. | |
1150 | */ | |
9590837b KT |
1151 | static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a, |
1152 | const struct tomoyo_path_info *b) | |
1153 | { | |
1154 | return a->hash != b->hash || strcmp(a->name, b->name); | |
1155 | } | |
1156 | ||
b5bc60b4 TH |
1157 | /** |
1158 | * tomoyo_put_name - Drop reference on "struct tomoyo_name". | |
1159 | * | |
1160 | * @name: Pointer to "struct tomoyo_path_info". Maybe NULL. | |
1161 | * | |
1162 | * Returns nothing. | |
1163 | */ | |
76bb0895 TH |
1164 | static inline void tomoyo_put_name(const struct tomoyo_path_info *name) |
1165 | { | |
1166 | if (name) { | |
e2bf6907 TH |
1167 | struct tomoyo_name *ptr = |
1168 | container_of(name, typeof(*ptr), entry); | |
0df7e8b8 | 1169 | atomic_dec(&ptr->head.users); |
76bb0895 TH |
1170 | } |
1171 | } | |
9590837b | 1172 | |
2066a361 TH |
1173 | /** |
1174 | * tomoyo_put_condition - Drop reference on "struct tomoyo_condition". | |
1175 | * | |
1176 | * @cond: Pointer to "struct tomoyo_condition". Maybe NULL. | |
1177 | * | |
1178 | * Returns nothing. | |
1179 | */ | |
1180 | static inline void tomoyo_put_condition(struct tomoyo_condition *cond) | |
1181 | { | |
1182 | if (cond) | |
1183 | atomic_dec(&cond->head.users); | |
1184 | } | |
1185 | ||
b5bc60b4 TH |
1186 | /** |
1187 | * tomoyo_put_group - Drop reference on "struct tomoyo_group". | |
1188 | * | |
1189 | * @group: Pointer to "struct tomoyo_group". Maybe NULL. | |
1190 | * | |
1191 | * Returns nothing. | |
1192 | */ | |
a98aa4de | 1193 | static inline void tomoyo_put_group(struct tomoyo_group *group) |
4c3e9e2d TH |
1194 | { |
1195 | if (group) | |
0df7e8b8 | 1196 | atomic_dec(&group->head.users); |
4c3e9e2d TH |
1197 | } |
1198 | ||
b5bc60b4 TH |
1199 | /** |
1200 | * tomoyo_domain - Get "struct tomoyo_domain_info" for current thread. | |
1201 | * | |
1202 | * Returns pointer to "struct tomoyo_domain_info" for current thread. | |
1203 | */ | |
76bb0895 TH |
1204 | static inline struct tomoyo_domain_info *tomoyo_domain(void) |
1205 | { | |
1206 | return current_cred()->security; | |
1207 | } | |
9590837b | 1208 | |
b5bc60b4 TH |
1209 | /** |
1210 | * tomoyo_real_domain - Get "struct tomoyo_domain_info" for specified thread. | |
1211 | * | |
1212 | * @task: Pointer to "struct task_struct". | |
1213 | * | |
1214 | * Returns pointer to "struct tomoyo_security" for specified thread. | |
1215 | */ | |
76bb0895 TH |
1216 | static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct |
1217 | *task) | |
1218 | { | |
1219 | return task_cred_xxx(task, security); | |
1220 | } | |
9590837b | 1221 | |
b5bc60b4 TH |
1222 | /** |
1223 | * tomoyo_same_name_union - Check for duplicated "struct tomoyo_name_union" entry. | |
1224 | * | |
1225 | * @a: Pointer to "struct tomoyo_name_union". | |
1226 | * @b: Pointer to "struct tomoyo_name_union". | |
1227 | * | |
1228 | * Returns true if @a == @b, false otherwise. | |
1229 | */ | |
75093152 | 1230 | static inline bool tomoyo_same_name_union |
b5bc60b4 | 1231 | (const struct tomoyo_name_union *a, const struct tomoyo_name_union *b) |
7762fbff | 1232 | { |
0df7e8b8 | 1233 | return a->filename == b->filename && a->group == b->group; |
7762fbff TH |
1234 | } |
1235 | ||
b5bc60b4 TH |
1236 | /** |
1237 | * tomoyo_same_number_union - Check for duplicated "struct tomoyo_number_union" entry. | |
1238 | * | |
1239 | * @a: Pointer to "struct tomoyo_number_union". | |
1240 | * @b: Pointer to "struct tomoyo_number_union". | |
1241 | * | |
1242 | * Returns true if @a == @b, false otherwise. | |
1243 | */ | |
75093152 | 1244 | static inline bool tomoyo_same_number_union |
b5bc60b4 | 1245 | (const struct tomoyo_number_union *a, const struct tomoyo_number_union *b) |
4c3e9e2d | 1246 | { |
b5bc60b4 | 1247 | return a->values[0] == b->values[0] && a->values[1] == b->values[1] && |
0df7e8b8 TH |
1248 | a->group == b->group && a->value_type[0] == b->value_type[0] && |
1249 | a->value_type[1] == b->value_type[1]; | |
4c3e9e2d TH |
1250 | } |
1251 | ||
059d84db TH |
1252 | /** |
1253 | * tomoyo_same_ipaddr_union - Check for duplicated "struct tomoyo_ipaddr_union" entry. | |
1254 | * | |
1255 | * @a: Pointer to "struct tomoyo_ipaddr_union". | |
1256 | * @b: Pointer to "struct tomoyo_ipaddr_union". | |
1257 | * | |
1258 | * Returns true if @a == @b, false otherwise. | |
1259 | */ | |
1260 | static inline bool tomoyo_same_ipaddr_union | |
1261 | (const struct tomoyo_ipaddr_union *a, const struct tomoyo_ipaddr_union *b) | |
1262 | { | |
1263 | return !memcmp(a->ip, b->ip, sizeof(a->ip)) && a->group == b->group && | |
1264 | a->is_ipv6 == b->is_ipv6; | |
1265 | } | |
1266 | ||
bd03a3e4 TH |
1267 | /** |
1268 | * tomoyo_current_namespace - Get "struct tomoyo_policy_namespace" for current thread. | |
1269 | * | |
1270 | * Returns pointer to "struct tomoyo_policy_namespace" for current thread. | |
1271 | */ | |
1272 | static inline struct tomoyo_policy_namespace *tomoyo_current_namespace(void) | |
1273 | { | |
1274 | return tomoyo_domain()->ns; | |
1275 | } | |
1276 | ||
eadd99cc TH |
1277 | #if defined(CONFIG_SLOB) |
1278 | ||
1279 | /** | |
1280 | * tomoyo_round2 - Round up to power of 2 for calculating memory usage. | |
1281 | * | |
1282 | * @size: Size to be rounded up. | |
1283 | * | |
1284 | * Returns @size. | |
1285 | * | |
1286 | * Since SLOB does not round up, this function simply returns @size. | |
1287 | */ | |
1288 | static inline int tomoyo_round2(size_t size) | |
1289 | { | |
1290 | return size; | |
1291 | } | |
1292 | ||
1293 | #else | |
1294 | ||
1295 | /** | |
1296 | * tomoyo_round2 - Round up to power of 2 for calculating memory usage. | |
1297 | * | |
1298 | * @size: Size to be rounded up. | |
1299 | * | |
1300 | * Returns rounded size. | |
1301 | * | |
1302 | * Strictly speaking, SLAB may be able to allocate (e.g.) 96 bytes instead of | |
1303 | * (e.g.) 128 bytes. | |
1304 | */ | |
1305 | static inline int tomoyo_round2(size_t size) | |
1306 | { | |
1307 | #if PAGE_SIZE == 4096 | |
1308 | size_t bsize = 32; | |
1309 | #else | |
1310 | size_t bsize = 64; | |
1311 | #endif | |
1312 | if (!size) | |
1313 | return 0; | |
1314 | while (size > bsize) | |
1315 | bsize <<= 1; | |
1316 | return bsize; | |
1317 | } | |
1318 | ||
1319 | #endif | |
1320 | ||
9590837b KT |
1321 | /** |
1322 | * list_for_each_cookie - iterate over a list with cookie. | |
1323 | * @pos: the &struct list_head to use as a loop cursor. | |
9590837b | 1324 | * @head: the head for your list. |
9590837b | 1325 | */ |
475e6fa3 TH |
1326 | #define list_for_each_cookie(pos, head) \ |
1327 | if (!pos) \ | |
1328 | pos = srcu_dereference((head)->next, &tomoyo_ss); \ | |
1329 | for ( ; pos != (head); pos = srcu_dereference(pos->next, &tomoyo_ss)) | |
fdb8ebb7 | 1330 | |
9590837b | 1331 | #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ |