2b280350708f7af4524ea9386fa97f9c717b4996
[linux-2.6.git] / security / tomoyo / common.c
1 /*
2  * security/tomoyo/common.c
3  *
4  * Common functions for TOMOYO.
5  *
6  * Copyright (C) 2005-2010  NTT DATA CORPORATION
7  */
8
9 #include <linux/uaccess.h>
10 #include <linux/slab.h>
11 #include <linux/security.h>
12 #include "common.h"
13
14 /* Profile version. Currently only 20090903 is defined. */
15 static unsigned int tomoyo_profile_version;
16
17 /* Profile table. Memory is allocated as needed. */
18 static struct tomoyo_profile *tomoyo_profile_ptr[TOMOYO_MAX_PROFILES];
19
20 /* String table for functionality that takes 4 modes. */
21 static const char *tomoyo_mode[4] = {
22         "disabled", "learning", "permissive", "enforcing"
23 };
24
25 /* String table for /sys/kernel/security/tomoyo/profile */
26 static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
27                                        + TOMOYO_MAX_MAC_CATEGORY_INDEX] = {
28         [TOMOYO_MAC_FILE_EXECUTE]    = "file::execute",
29         [TOMOYO_MAC_FILE_OPEN]       = "file::open",
30         [TOMOYO_MAC_FILE_CREATE]     = "file::create",
31         [TOMOYO_MAC_FILE_UNLINK]     = "file::unlink",
32         [TOMOYO_MAC_FILE_GETATTR]    = "file::getattr",
33         [TOMOYO_MAC_FILE_MKDIR]      = "file::mkdir",
34         [TOMOYO_MAC_FILE_RMDIR]      = "file::rmdir",
35         [TOMOYO_MAC_FILE_MKFIFO]     = "file::mkfifo",
36         [TOMOYO_MAC_FILE_MKSOCK]     = "file::mksock",
37         [TOMOYO_MAC_FILE_TRUNCATE]   = "file::truncate",
38         [TOMOYO_MAC_FILE_SYMLINK]    = "file::symlink",
39         [TOMOYO_MAC_FILE_MKBLOCK]    = "file::mkblock",
40         [TOMOYO_MAC_FILE_MKCHAR]     = "file::mkchar",
41         [TOMOYO_MAC_FILE_LINK]       = "file::link",
42         [TOMOYO_MAC_FILE_RENAME]     = "file::rename",
43         [TOMOYO_MAC_FILE_CHMOD]      = "file::chmod",
44         [TOMOYO_MAC_FILE_CHOWN]      = "file::chown",
45         [TOMOYO_MAC_FILE_CHGRP]      = "file::chgrp",
46         [TOMOYO_MAC_FILE_IOCTL]      = "file::ioctl",
47         [TOMOYO_MAC_FILE_CHROOT]     = "file::chroot",
48         [TOMOYO_MAC_FILE_MOUNT]      = "file::mount",
49         [TOMOYO_MAC_FILE_UMOUNT]     = "file::unmount",
50         [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root",
51         [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file",
52 };
53
54 /* String table for PREFERENCE keyword. */
55 static const char * const tomoyo_pref_keywords[TOMOYO_MAX_PREF] = {
56         [TOMOYO_PREF_MAX_LEARNING_ENTRY] = "max_learning_entry",
57 };
58
59 /* Permit policy management by non-root user? */
60 static bool tomoyo_manage_by_non_root;
61
62 /* Utility functions. */
63
64 /**
65  * tomoyo_yesno - Return "yes" or "no".
66  *
67  * @value: Bool value.
68  */
69 /*
70 static const char *tomoyo_yesno(const unsigned int value)
71 {
72         return value ? "yes" : "no";
73 }
74 */
75
76 /**
77  * tomoyo_addprintf - strncat()-like-snprintf().
78  *
79  * @buffer: Buffer to write to. Must be '\0'-terminated.
80  * @len:    Size of @buffer.
81  * @fmt:    The printf()'s format string, followed by parameters.
82  *
83  * Returns nothing.
84  */
85 static void tomoyo_addprintf(char *buffer, int len, const char *fmt, ...)
86 {
87         va_list args;
88         const int pos = strlen(buffer);
89         va_start(args, fmt);
90         vsnprintf(buffer + pos, len - pos - 1, fmt, args);
91         va_end(args);
92 }
93
94 /**
95  * tomoyo_flush - Flush queued string to userspace's buffer.
96  *
97  * @head:   Pointer to "struct tomoyo_io_buffer".
98  *
99  * Returns true if all data was flushed, false otherwise.
100  */
101 static bool tomoyo_flush(struct tomoyo_io_buffer *head)
102 {
103         while (head->r.w_pos) {
104                 const char *w = head->r.w[0];
105                 int len = strlen(w);
106                 if (len) {
107                         if (len > head->read_user_buf_avail)
108                                 len = head->read_user_buf_avail;
109                         if (!len)
110                                 return false;
111                         if (copy_to_user(head->read_user_buf, w, len))
112                                 return false;
113                         head->read_user_buf_avail -= len;
114                         head->read_user_buf += len;
115                         w += len;
116                 }
117                 head->r.w[0] = w;
118                 if (*w)
119                         return false;
120                 /* Add '\0' for query. */
121                 if (head->poll) {
122                         if (!head->read_user_buf_avail ||
123                             copy_to_user(head->read_user_buf, "", 1))
124                                 return false;
125                         head->read_user_buf_avail--;
126                         head->read_user_buf++;
127                 }
128                 head->r.w_pos--;
129                 for (len = 0; len < head->r.w_pos; len++)
130                         head->r.w[len] = head->r.w[len + 1];
131         }
132         head->r.avail = 0;
133         return true;
134 }
135
136 /**
137  * tomoyo_set_string - Queue string to "struct tomoyo_io_buffer" structure.
138  *
139  * @head:   Pointer to "struct tomoyo_io_buffer".
140  * @string: String to print.
141  *
142  * Note that @string has to be kept valid until @head is kfree()d.
143  * This means that char[] allocated on stack memory cannot be passed to
144  * this function. Use tomoyo_io_printf() for char[] allocated on stack memory.
145  */
146 static void tomoyo_set_string(struct tomoyo_io_buffer *head, const char *string)
147 {
148         if (head->r.w_pos < TOMOYO_MAX_IO_READ_QUEUE) {
149                 head->r.w[head->r.w_pos++] = string;
150                 tomoyo_flush(head);
151         } else
152                 WARN_ON(1);
153 }
154
155 /**
156  * tomoyo_io_printf - printf() to "struct tomoyo_io_buffer" structure.
157  *
158  * @head: Pointer to "struct tomoyo_io_buffer".
159  * @fmt:  The printf()'s format string, followed by parameters.
160  */
161 void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
162 {
163         va_list args;
164         int len;
165         int pos = head->r.avail;
166         int size = head->readbuf_size - pos;
167         if (size <= 0)
168                 return;
169         va_start(args, fmt);
170         len = vsnprintf(head->read_buf + pos, size, fmt, args) + 1;
171         va_end(args);
172         if (pos + len >= head->readbuf_size) {
173                 WARN_ON(1);
174                 return;
175         }
176         head->r.avail += len;
177         tomoyo_set_string(head, head->read_buf + pos);
178 }
179
180 /**
181  * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure.
182  *
183  * @head: Pointer to "struct tomoyo_io_buffer".
184  *
185  * Returns nothing.
186  */
187 static void tomoyo_set_space(struct tomoyo_io_buffer *head)
188 {
189         tomoyo_set_string(head, " ");
190 }
191
192 /**
193  * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure.
194  *
195  * @head: Pointer to "struct tomoyo_io_buffer".
196  *
197  * Returns nothing.
198  */
199 static bool tomoyo_set_lf(struct tomoyo_io_buffer *head)
200 {
201         tomoyo_set_string(head, "\n");
202         return !head->r.w_pos;
203 }
204
205 /**
206  * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure.
207  *
208  * @head: Pointer to "struct tomoyo_io_buffer".
209  *
210  * Returns nothing.
211  */
212 static void tomoyo_set_slash(struct tomoyo_io_buffer *head)
213 {
214         tomoyo_set_string(head, "/");
215 }
216
217 /**
218  * tomoyo_print_name_union - Print a tomoyo_name_union.
219  *
220  * @head: Pointer to "struct tomoyo_io_buffer".
221  * @ptr:  Pointer to "struct tomoyo_name_union".
222  */
223 static void tomoyo_print_name_union(struct tomoyo_io_buffer *head,
224                                     const struct tomoyo_name_union *ptr)
225 {
226         tomoyo_set_space(head);
227         if (ptr->group) {
228                 tomoyo_set_string(head, "@");
229                 tomoyo_set_string(head, ptr->group->group_name->name);
230         } else {
231                 tomoyo_set_string(head, ptr->filename->name);
232         }
233 }
234
235 /**
236  * tomoyo_print_number_union - Print a tomoyo_number_union.
237  *
238  * @head:       Pointer to "struct tomoyo_io_buffer".
239  * @ptr:        Pointer to "struct tomoyo_number_union".
240  */
241 static void tomoyo_print_number_union(struct tomoyo_io_buffer *head,
242                                       const struct tomoyo_number_union *ptr)
243 {
244         tomoyo_set_space(head);
245         if (ptr->group) {
246                 tomoyo_set_string(head, "@");
247                 tomoyo_set_string(head, ptr->group->group_name->name);
248         } else {
249                 int i;
250                 unsigned long min = ptr->values[0];
251                 const unsigned long max = ptr->values[1];
252                 u8 min_type = ptr->value_type[0];
253                 const u8 max_type = ptr->value_type[1];
254                 char buffer[128];
255                 buffer[0] = '\0';
256                 for (i = 0; i < 2; i++) {
257                         switch (min_type) {
258                         case TOMOYO_VALUE_TYPE_HEXADECIMAL:
259                                 tomoyo_addprintf(buffer, sizeof(buffer),
260                                                  "0x%lX", min);
261                                 break;
262                         case TOMOYO_VALUE_TYPE_OCTAL:
263                                 tomoyo_addprintf(buffer, sizeof(buffer),
264                                                  "0%lo", min);
265                                 break;
266                         default:
267                                 tomoyo_addprintf(buffer, sizeof(buffer),
268                                                  "%lu", min);
269                                 break;
270                         }
271                         if (min == max && min_type == max_type)
272                                 break;
273                         tomoyo_addprintf(buffer, sizeof(buffer), "-");
274                         min_type = max_type;
275                         min = max;
276                 }
277                 tomoyo_io_printf(head, "%s", buffer);
278         }
279 }
280
281 /**
282  * tomoyo_assign_profile - Create a new profile.
283  *
284  * @profile: Profile number to create.
285  *
286  * Returns pointer to "struct tomoyo_profile" on success, NULL otherwise.
287  */
288 static struct tomoyo_profile *tomoyo_assign_profile(const unsigned int profile)
289 {
290         struct tomoyo_profile *ptr;
291         struct tomoyo_profile *entry;
292         if (profile >= TOMOYO_MAX_PROFILES)
293                 return NULL;
294         ptr = tomoyo_profile_ptr[profile];
295         if (ptr)
296                 return ptr;
297         entry = kzalloc(sizeof(*entry), GFP_NOFS);
298         if (mutex_lock_interruptible(&tomoyo_policy_lock))
299                 goto out;
300         ptr = tomoyo_profile_ptr[profile];
301         if (!ptr && tomoyo_memory_ok(entry)) {
302                 ptr = entry;
303                 ptr->default_config = TOMOYO_CONFIG_DISABLED;
304                 memset(ptr->config, TOMOYO_CONFIG_USE_DEFAULT,
305                        sizeof(ptr->config));
306                 ptr->pref[TOMOYO_PREF_MAX_LEARNING_ENTRY] = 2048;
307                 mb(); /* Avoid out-of-order execution. */
308                 tomoyo_profile_ptr[profile] = ptr;
309                 entry = NULL;
310         }
311         mutex_unlock(&tomoyo_policy_lock);
312  out:
313         kfree(entry);
314         return ptr;
315 }
316
317 /**
318  * tomoyo_profile - Find a profile.
319  *
320  * @profile: Profile number to find.
321  *
322  * Returns pointer to "struct tomoyo_profile".
323  */
324 struct tomoyo_profile *tomoyo_profile(const u8 profile)
325 {
326         static struct tomoyo_profile tomoyo_null_profile;
327         struct tomoyo_profile *ptr = tomoyo_profile_ptr[profile];
328         if (!ptr)
329                 ptr = &tomoyo_null_profile;
330         return ptr;
331 }
332
333 /**
334  * tomoyo_find_yesno - Find values for specified keyword.
335  *
336  * @string: String to check.
337  * @find:   Name of keyword.
338  *
339  * Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise.
340  */
341 /*
342 static s8 tomoyo_find_yesno(const char *string, const char *find)
343 {
344         const char *cp = strstr(string, find);
345         if (cp) {
346                 cp += strlen(find);
347                 if (!strncmp(cp, "=yes", 4))
348                         return 1;
349                 else if (!strncmp(cp, "=no", 3))
350                         return 0;
351         }
352         return -1;
353 }
354 */
355
356 /**
357  * tomoyo_set_uint - Set value for specified preference.
358  *
359  * @i:      Pointer to "unsigned int".
360  * @string: String to check.
361  * @find:   Name of keyword.
362  *
363  * Returns nothing.
364  */
365 static void tomoyo_set_uint(unsigned int *i, const char *string,
366                             const char *find)
367 {
368         const char *cp = strstr(string, find);
369         if (cp)
370                 sscanf(cp + strlen(find), "=%u", i);
371 }
372
373 /**
374  * tomoyo_set_mode - Set mode for specified profile.
375  *
376  * @name:    Name of functionality.
377  * @value:   Mode for @name.
378  * @profile: Pointer to "struct tomoyo_profile".
379  *
380  * Returns 0 on success, negative value otherwise.
381  */
382 static int tomoyo_set_mode(char *name, const char *value,
383                            struct tomoyo_profile *profile)
384 {
385         u8 i;
386         u8 config;
387         if (!strcmp(name, "CONFIG")) {
388                 i = TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX;
389                 config = profile->default_config;
390         } else if (tomoyo_str_starts(&name, "CONFIG::")) {
391                 config = 0;
392                 for (i = 0; i < TOMOYO_MAX_MAC_INDEX
393                              + TOMOYO_MAX_MAC_CATEGORY_INDEX; i++) {
394                         if (strcmp(name, tomoyo_mac_keywords[i]))
395                                 continue;
396                         config = profile->config[i];
397                         break;
398                 }
399                 if (i == TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
400                         return -EINVAL;
401         } else {
402                 return -EINVAL;
403         }
404         if (strstr(value, "use_default")) {
405                 config = TOMOYO_CONFIG_USE_DEFAULT;
406         } else {
407                 u8 mode;
408                 for (mode = 0; mode < 4; mode++)
409                         if (strstr(value, tomoyo_mode[mode]))
410                                 /*
411                                  * Update lower 3 bits in order to distinguish
412                                  * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
413                                  */
414                                 config = (config & ~7) | mode;
415         }
416         if (i < TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX)
417                 profile->config[i] = config;
418         else if (config != TOMOYO_CONFIG_USE_DEFAULT)
419                 profile->default_config = config;
420         return 0;
421 }
422
423 /**
424  * tomoyo_write_profile - Write profile table.
425  *
426  * @head: Pointer to "struct tomoyo_io_buffer".
427  *
428  * Returns 0 on success, negative value otherwise.
429  */
430 static int tomoyo_write_profile(struct tomoyo_io_buffer *head)
431 {
432         char *data = head->write_buf;
433         unsigned int i;
434         char *cp;
435         struct tomoyo_profile *profile;
436         if (sscanf(data, "PROFILE_VERSION=%u", &tomoyo_profile_version) == 1)
437                 return 0;
438         i = simple_strtoul(data, &cp, 10);
439         if (*cp != '-')
440                 return -EINVAL;
441         data = cp + 1;
442         profile = tomoyo_assign_profile(i);
443         if (!profile)
444                 return -EINVAL;
445         cp = strchr(data, '=');
446         if (!cp)
447                 return -EINVAL;
448         *cp++ = '\0';
449         if (!strcmp(data, "COMMENT")) {
450                 static DEFINE_SPINLOCK(lock);
451                 const struct tomoyo_path_info *new_comment
452                         = tomoyo_get_name(cp);
453                 const struct tomoyo_path_info *old_comment;
454                 if (!new_comment)
455                         return -ENOMEM;
456                 spin_lock(&lock);
457                 old_comment = profile->comment;
458                 profile->comment = new_comment;
459                 spin_unlock(&lock);
460                 tomoyo_put_name(old_comment);
461                 return 0;
462         }
463         if (!strcmp(data, "PREFERENCE")) {
464                 for (i = 0; i < TOMOYO_MAX_PREF; i++)
465                         tomoyo_set_uint(&profile->pref[i], cp,
466                                         tomoyo_pref_keywords[i]);
467                 return 0;
468         }
469         return tomoyo_set_mode(data, cp, profile);
470 }
471
472 static void tomoyo_print_config(struct tomoyo_io_buffer *head, const u8 config)
473 {
474         tomoyo_io_printf(head, "={ mode=%s }\n", tomoyo_mode[config & 3]);
475 }
476
477 /**
478  * tomoyo_read_profile - Read profile table.
479  *
480  * @head: Pointer to "struct tomoyo_io_buffer".
481  */
482 static void tomoyo_read_profile(struct tomoyo_io_buffer *head)
483 {
484         u8 index;
485         const struct tomoyo_profile *profile;
486  next:
487         index = head->r.index;
488         profile = tomoyo_profile_ptr[index];
489         switch (head->r.step) {
490         case 0:
491                 tomoyo_io_printf(head, "PROFILE_VERSION=%s\n", "20090903");
492                 head->r.step++;
493                 break;
494         case 1:
495                 for ( ; head->r.index < TOMOYO_MAX_PROFILES;
496                       head->r.index++)
497                         if (tomoyo_profile_ptr[head->r.index])
498                                 break;
499                 if (head->r.index == TOMOYO_MAX_PROFILES)
500                         return;
501                 head->r.step++;
502                 break;
503         case 2:
504                 {
505                         u8 i;
506                         const struct tomoyo_path_info *comment =
507                                 profile->comment;
508                         tomoyo_io_printf(head, "%u-COMMENT=", index);
509                         tomoyo_set_string(head, comment ? comment->name : "");
510                         tomoyo_set_lf(head);
511                         tomoyo_io_printf(head, "%u-PREFERENCE={ ", index);
512                         for (i = 0; i < TOMOYO_MAX_PREF; i++)
513                                 tomoyo_io_printf(head, "%s=%u ",
514                                                  tomoyo_pref_keywords[i],
515                                                  profile->pref[i]);
516                         tomoyo_set_string(head, "}\n");
517                         head->r.step++;
518                 }
519                 break;
520         case 3:
521                 {
522                         tomoyo_io_printf(head, "%u-%s", index, "CONFIG");
523                         tomoyo_print_config(head, profile->default_config);
524                         head->r.bit = 0;
525                         head->r.step++;
526                 }
527                 break;
528         case 4:
529                 for ( ; head->r.bit < TOMOYO_MAX_MAC_INDEX
530                               + TOMOYO_MAX_MAC_CATEGORY_INDEX; head->r.bit++) {
531                         const u8 i = head->r.bit;
532                         const u8 config = profile->config[i];
533                         if (config == TOMOYO_CONFIG_USE_DEFAULT)
534                                 continue;
535                         tomoyo_io_printf(head, "%u-%s%s", index, "CONFIG::",
536                                          tomoyo_mac_keywords[i]);
537                         tomoyo_print_config(head, config);
538                         head->r.bit++;
539                         break;
540                 }
541                 if (head->r.bit == TOMOYO_MAX_MAC_INDEX
542                     + TOMOYO_MAX_MAC_CATEGORY_INDEX) {
543                         head->r.index++;
544                         head->r.step = 1;
545                 }
546                 break;
547         }
548         if (tomoyo_flush(head))
549                 goto next;
550 }
551
552 static bool tomoyo_same_manager(const struct tomoyo_acl_head *a,
553                                 const struct tomoyo_acl_head *b)
554 {
555         return container_of(a, struct tomoyo_manager, head)->manager ==
556                 container_of(b, struct tomoyo_manager, head)->manager;
557 }
558
559 /**
560  * tomoyo_update_manager_entry - Add a manager entry.
561  *
562  * @manager:   The path to manager or the domainnamme.
563  * @is_delete: True if it is a delete request.
564  *
565  * Returns 0 on success, negative value otherwise.
566  *
567  * Caller holds tomoyo_read_lock().
568  */
569 static int tomoyo_update_manager_entry(const char *manager,
570                                        const bool is_delete)
571 {
572         struct tomoyo_manager e = { };
573         struct tomoyo_acl_param param = {
574                 .is_delete = is_delete,
575                 .list = &tomoyo_policy_list[TOMOYO_ID_MANAGER],
576         };
577         int error = is_delete ? -ENOENT : -ENOMEM;
578         if (tomoyo_domain_def(manager)) {
579                 if (!tomoyo_correct_domain(manager))
580                         return -EINVAL;
581                 e.is_domain = true;
582         } else {
583                 if (!tomoyo_correct_path(manager))
584                         return -EINVAL;
585         }
586         e.manager = tomoyo_get_name(manager);
587         if (e.manager) {
588                 error = tomoyo_update_policy(&e.head, sizeof(e), &param,
589                                              tomoyo_same_manager);
590                 tomoyo_put_name(e.manager);
591         }
592         return error;
593 }
594
595 /**
596  * tomoyo_write_manager - Write manager policy.
597  *
598  * @head: Pointer to "struct tomoyo_io_buffer".
599  *
600  * Returns 0 on success, negative value otherwise.
601  *
602  * Caller holds tomoyo_read_lock().
603  */
604 static int tomoyo_write_manager(struct tomoyo_io_buffer *head)
605 {
606         char *data = head->write_buf;
607         bool is_delete = tomoyo_str_starts(&data, "delete ");
608
609         if (!strcmp(data, "manage_by_non_root")) {
610                 tomoyo_manage_by_non_root = !is_delete;
611                 return 0;
612         }
613         return tomoyo_update_manager_entry(data, is_delete);
614 }
615
616 /**
617  * tomoyo_read_manager - Read manager policy.
618  *
619  * @head: Pointer to "struct tomoyo_io_buffer".
620  *
621  * Caller holds tomoyo_read_lock().
622  */
623 static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
624 {
625         if (head->r.eof)
626                 return;
627         list_for_each_cookie(head->r.acl,
628                              &tomoyo_policy_list[TOMOYO_ID_MANAGER]) {
629                 struct tomoyo_manager *ptr =
630                         list_entry(head->r.acl, typeof(*ptr), head.list);
631                 if (ptr->head.is_deleted)
632                         continue;
633                 if (!tomoyo_flush(head))
634                         return;
635                 tomoyo_set_string(head, ptr->manager->name);
636                 tomoyo_set_lf(head);
637         }
638         head->r.eof = true;
639 }
640
641 /**
642  * tomoyo_manager - Check whether the current process is a policy manager.
643  *
644  * Returns true if the current process is permitted to modify policy
645  * via /sys/kernel/security/tomoyo/ interface.
646  *
647  * Caller holds tomoyo_read_lock().
648  */
649 static bool tomoyo_manager(void)
650 {
651         struct tomoyo_manager *ptr;
652         const char *exe;
653         const struct task_struct *task = current;
654         const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
655         bool found = false;
656
657         if (!tomoyo_policy_loaded)
658                 return true;
659         if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
660                 return false;
661         list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
662                                 head.list) {
663                 if (!ptr->head.is_deleted && ptr->is_domain
664                     && !tomoyo_pathcmp(domainname, ptr->manager)) {
665                         found = true;
666                         break;
667                 }
668         }
669         if (found)
670                 return true;
671         exe = tomoyo_get_exe();
672         if (!exe)
673                 return false;
674         list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_MANAGER],
675                                 head.list) {
676                 if (!ptr->head.is_deleted && !ptr->is_domain
677                     && !strcmp(exe, ptr->manager->name)) {
678                         found = true;
679                         break;
680                 }
681         }
682         if (!found) { /* Reduce error messages. */
683                 static pid_t last_pid;
684                 const pid_t pid = current->pid;
685                 if (last_pid != pid) {
686                         printk(KERN_WARNING "%s ( %s ) is not permitted to "
687                                "update policies.\n", domainname->name, exe);
688                         last_pid = pid;
689                 }
690         }
691         kfree(exe);
692         return found;
693 }
694
695 /**
696  * tomoyo_select_one - Parse select command.
697  *
698  * @head: Pointer to "struct tomoyo_io_buffer".
699  * @data: String to parse.
700  *
701  * Returns true on success, false otherwise.
702  *
703  * Caller holds tomoyo_read_lock().
704  */
705 static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data)
706 {
707         unsigned int pid;
708         struct tomoyo_domain_info *domain = NULL;
709         bool global_pid = false;
710
711         if (!strcmp(data, "allow_execute")) {
712                 head->r.print_execute_only = true;
713                 return true;
714         }
715         if (sscanf(data, "pid=%u", &pid) == 1 ||
716             (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
717                 struct task_struct *p;
718                 rcu_read_lock();
719                 read_lock(&tasklist_lock);
720                 if (global_pid)
721                         p = find_task_by_pid_ns(pid, &init_pid_ns);
722                 else
723                         p = find_task_by_vpid(pid);
724                 if (p)
725                         domain = tomoyo_real_domain(p);
726                 read_unlock(&tasklist_lock);
727                 rcu_read_unlock();
728         } else if (!strncmp(data, "domain=", 7)) {
729                 if (tomoyo_domain_def(data + 7))
730                         domain = tomoyo_find_domain(data + 7);
731         } else
732                 return false;
733         head->w.domain = domain;
734         /* Accessing read_buf is safe because head->io_sem is held. */
735         if (!head->read_buf)
736                 return true; /* Do nothing if open(O_WRONLY). */
737         memset(&head->r, 0, sizeof(head->r));
738         head->r.print_this_domain_only = true;
739         if (domain)
740                 head->r.domain = &domain->list;
741         else
742                 head->r.eof = 1;
743         tomoyo_io_printf(head, "# select %s\n", data);
744         if (domain && domain->is_deleted)
745                 tomoyo_io_printf(head, "# This is a deleted domain.\n");
746         return true;
747 }
748
749 /**
750  * tomoyo_delete_domain - Delete a domain.
751  *
752  * @domainname: The name of domain.
753  *
754  * Returns 0.
755  *
756  * Caller holds tomoyo_read_lock().
757  */
758 static int tomoyo_delete_domain(char *domainname)
759 {
760         struct tomoyo_domain_info *domain;
761         struct tomoyo_path_info name;
762
763         name.name = domainname;
764         tomoyo_fill_path_info(&name);
765         if (mutex_lock_interruptible(&tomoyo_policy_lock))
766                 return 0;
767         /* Is there an active domain? */
768         list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
769                 /* Never delete tomoyo_kernel_domain */
770                 if (domain == &tomoyo_kernel_domain)
771                         continue;
772                 if (domain->is_deleted ||
773                     tomoyo_pathcmp(domain->domainname, &name))
774                         continue;
775                 domain->is_deleted = true;
776                 break;
777         }
778         mutex_unlock(&tomoyo_policy_lock);
779         return 0;
780 }
781
782 /**
783  * tomoyo_write_domain2 - Write domain policy.
784  *
785  * @list:      Pointer to "struct list_head".
786  * @data:      Policy to be interpreted.
787  * @is_delete: True if it is a delete request.
788  *
789  * Returns 0 on success, negative value otherwise.
790  *
791  * Caller holds tomoyo_read_lock().
792  */
793 static int tomoyo_write_domain2(struct list_head *list, char *data,
794                                 const bool is_delete)
795 {
796         struct tomoyo_acl_param param = {
797                 .list = list,
798                 .data = data,
799                 .is_delete = is_delete,
800         };
801         static const struct {
802                 const char *keyword;
803                 int (*write) (struct tomoyo_acl_param *);
804         } tomoyo_callback[1] = {
805                 { "file ", tomoyo_write_file },
806         };
807         u8 i;
808         for (i = 0; i < 1; i++) {
809                 if (!tomoyo_str_starts(&param.data,
810                                        tomoyo_callback[i].keyword))
811                         continue;
812                 return tomoyo_callback[i].write(&param);
813         }
814         return -EINVAL;
815 }
816
817 /**
818  * tomoyo_write_domain - Write domain policy.
819  *
820  * @head: Pointer to "struct tomoyo_io_buffer".
821  *
822  * Returns 0 on success, negative value otherwise.
823  *
824  * Caller holds tomoyo_read_lock().
825  */
826 static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
827 {
828         char *data = head->write_buf;
829         struct tomoyo_domain_info *domain = head->w.domain;
830         bool is_delete = false;
831         bool is_select = false;
832         unsigned int profile;
833
834         if (tomoyo_str_starts(&data, "delete "))
835                 is_delete = true;
836         else if (tomoyo_str_starts(&data, "select "))
837                 is_select = true;
838         if (is_select && tomoyo_select_one(head, data))
839                 return 0;
840         /* Don't allow updating policies by non manager programs. */
841         if (!tomoyo_manager())
842                 return -EPERM;
843         if (tomoyo_domain_def(data)) {
844                 domain = NULL;
845                 if (is_delete)
846                         tomoyo_delete_domain(data);
847                 else if (is_select)
848                         domain = tomoyo_find_domain(data);
849                 else
850                         domain = tomoyo_assign_domain(data, 0);
851                 head->w.domain = domain;
852                 return 0;
853         }
854         if (!domain)
855                 return -EINVAL;
856
857         if (sscanf(data, "use_profile %u", &profile) == 1
858             && profile < TOMOYO_MAX_PROFILES) {
859                 if (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded)
860                         domain->profile = (u8) profile;
861                 return 0;
862         }
863         if (!strcmp(data, "quota_exceeded")) {
864                 domain->quota_warned = !is_delete;
865                 return 0;
866         }
867         if (!strcmp(data, "transition_failed")) {
868                 domain->transition_failed = !is_delete;
869                 return 0;
870         }
871         return tomoyo_write_domain2(&domain->acl_info_list, data, is_delete);
872 }
873
874 /**
875  * tomoyo_set_group - Print category name.
876  *
877  * @head:     Pointer to "struct tomoyo_io_buffer".
878  * @category: Category name.
879  *
880  * Returns nothing.
881  */
882 static void tomoyo_set_group(struct tomoyo_io_buffer *head,
883                              const char *category)
884 {
885         tomoyo_set_string(head, category);
886 }
887
888 /**
889  * tomoyo_print_entry - Print an ACL entry.
890  *
891  * @head: Pointer to "struct tomoyo_io_buffer".
892  * @acl:  Pointer to an ACL entry.
893  *
894  * Returns true on success, false otherwise.
895  */
896 static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
897                                struct tomoyo_acl_info *acl)
898 {
899         const u8 acl_type = acl->type;
900         bool first = true;
901         u8 bit;
902
903         if (acl->is_deleted)
904                 return true;
905         if (!tomoyo_flush(head))
906                 return false;
907         else if (acl_type == TOMOYO_TYPE_PATH_ACL) {
908                 struct tomoyo_path_acl *ptr =
909                         container_of(acl, typeof(*ptr), head);
910                 const u16 perm = ptr->perm;
911                 for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
912                         if (!(perm & (1 << bit)))
913                                 continue;
914                         if (head->r.print_execute_only &&
915                             bit != TOMOYO_TYPE_EXECUTE)
916                                 continue;
917                         if (first) {
918                                 tomoyo_set_group(head, "file ");
919                                 first = false;
920                         } else {
921                                 tomoyo_set_slash(head);
922                         }
923                         tomoyo_set_string(head, tomoyo_path_keyword[bit]);
924                 }
925                 if (first)
926                         return true;
927                 tomoyo_print_name_union(head, &ptr->name);
928         } else if (head->r.print_execute_only) {
929                 return true;
930         } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
931                 struct tomoyo_path2_acl *ptr =
932                         container_of(acl, typeof(*ptr), head);
933                 const u8 perm = ptr->perm;
934                 for (bit = 0; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) {
935                         if (!(perm & (1 << bit)))
936                                 continue;
937                         if (first) {
938                                 tomoyo_set_group(head, "file ");
939                                 first = false;
940                         } else {
941                                 tomoyo_set_slash(head);
942                         }
943                         tomoyo_set_string(head, tomoyo_mac_keywords
944                                           [tomoyo_pp2mac[bit]]);
945                 }
946                 if (first)
947                         return true;
948                 tomoyo_print_name_union(head, &ptr->name1);
949                 tomoyo_print_name_union(head, &ptr->name2);
950         } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) {
951                 struct tomoyo_path_number_acl *ptr =
952                         container_of(acl, typeof(*ptr), head);
953                 const u8 perm = ptr->perm;
954                 for (bit = 0; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; bit++) {
955                         if (!(perm & (1 << bit)))
956                                 continue;
957                         if (first) {
958                                 tomoyo_set_group(head, "file ");
959                                 first = false;
960                         } else {
961                                 tomoyo_set_slash(head);
962                         }
963                         tomoyo_set_string(head, tomoyo_mac_keywords
964                                           [tomoyo_pn2mac[bit]]);
965                 }
966                 if (first)
967                         return true;
968                 tomoyo_print_name_union(head, &ptr->name);
969                 tomoyo_print_number_union(head, &ptr->number);
970         } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) {
971                 struct tomoyo_mkdev_acl *ptr =
972                         container_of(acl, typeof(*ptr), head);
973                 const u8 perm = ptr->perm;
974                 for (bit = 0; bit < TOMOYO_MAX_MKDEV_OPERATION; bit++) {
975                         if (!(perm & (1 << bit)))
976                                 continue;
977                         if (first) {
978                                 tomoyo_set_group(head, "file ");
979                                 first = false;
980                         } else {
981                                 tomoyo_set_slash(head);
982                         }
983                         tomoyo_set_string(head, tomoyo_mac_keywords
984                                           [tomoyo_pnnn2mac[bit]]);
985                 }
986                 if (first)
987                         return true;
988                 tomoyo_print_name_union(head, &ptr->name);
989                 tomoyo_print_number_union(head, &ptr->mode);
990                 tomoyo_print_number_union(head, &ptr->major);
991                 tomoyo_print_number_union(head, &ptr->minor);
992         } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
993                 struct tomoyo_mount_acl *ptr =
994                         container_of(acl, typeof(*ptr), head);
995                 tomoyo_set_group(head, "file mount");
996                 tomoyo_print_name_union(head, &ptr->dev_name);
997                 tomoyo_print_name_union(head, &ptr->dir_name);
998                 tomoyo_print_name_union(head, &ptr->fs_type);
999                 tomoyo_print_number_union(head, &ptr->flags);
1000         }
1001         tomoyo_set_lf(head);
1002         return true;
1003 }
1004
1005 /**
1006  * tomoyo_read_domain2 - Read domain policy.
1007  *
1008  * @head:   Pointer to "struct tomoyo_io_buffer".
1009  * @domain: Pointer to "struct tomoyo_domain_info".
1010  *
1011  * Caller holds tomoyo_read_lock().
1012  *
1013  * Returns true on success, false otherwise.
1014  */
1015 static bool tomoyo_read_domain2(struct tomoyo_io_buffer *head,
1016                                 struct tomoyo_domain_info *domain)
1017 {
1018         list_for_each_cookie(head->r.acl, &domain->acl_info_list) {
1019                 struct tomoyo_acl_info *ptr =
1020                         list_entry(head->r.acl, typeof(*ptr), list);
1021                 if (!tomoyo_print_entry(head, ptr))
1022                         return false;
1023         }
1024         head->r.acl = NULL;
1025         return true;
1026 }
1027
1028 /**
1029  * tomoyo_read_domain - Read domain policy.
1030  *
1031  * @head: Pointer to "struct tomoyo_io_buffer".
1032  *
1033  * Caller holds tomoyo_read_lock().
1034  */
1035 static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1036 {
1037         if (head->r.eof)
1038                 return;
1039         list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1040                 struct tomoyo_domain_info *domain =
1041                         list_entry(head->r.domain, typeof(*domain), list);
1042                 switch (head->r.step) {
1043                 case 0:
1044                         if (domain->is_deleted &&
1045                             !head->r.print_this_domain_only)
1046                                 continue;
1047                         /* Print domainname and flags. */
1048                         tomoyo_set_string(head, domain->domainname->name);
1049                         tomoyo_set_lf(head);
1050                         tomoyo_io_printf(head, "use_profile %u\n",
1051                                          domain->profile);
1052                         if (domain->quota_warned)
1053                                 tomoyo_set_string(head, "quota_exceeded\n");
1054                         if (domain->transition_failed)
1055                                 tomoyo_set_string(head, "transition_failed\n");
1056                         head->r.step++;
1057                         tomoyo_set_lf(head);
1058                         /* fall through */
1059                 case 1:
1060                         if (!tomoyo_read_domain2(head, domain))
1061                                 return;
1062                         head->r.step++;
1063                         if (!tomoyo_set_lf(head))
1064                                 return;
1065                         /* fall through */
1066                 case 2:
1067                         head->r.step = 0;
1068                         if (head->r.print_this_domain_only)
1069                                 goto done;
1070                 }
1071         }
1072  done:
1073         head->r.eof = true;
1074 }
1075
1076 /**
1077  * tomoyo_write_domain_profile - Assign profile for specified domain.
1078  *
1079  * @head: Pointer to "struct tomoyo_io_buffer".
1080  *
1081  * Returns 0 on success, -EINVAL otherwise.
1082  *
1083  * This is equivalent to doing
1084  *
1085  *     ( echo "select " $domainname; echo "use_profile " $profile ) |
1086  *     /usr/sbin/tomoyo-loadpolicy -d
1087  *
1088  * Caller holds tomoyo_read_lock().
1089  */
1090 static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1091 {
1092         char *data = head->write_buf;
1093         char *cp = strchr(data, ' ');
1094         struct tomoyo_domain_info *domain;
1095         unsigned long profile;
1096
1097         if (!cp)
1098                 return -EINVAL;
1099         *cp = '\0';
1100         domain = tomoyo_find_domain(cp + 1);
1101         if (strict_strtoul(data, 10, &profile))
1102                 return -EINVAL;
1103         if (domain && profile < TOMOYO_MAX_PROFILES
1104             && (tomoyo_profile_ptr[profile] || !tomoyo_policy_loaded))
1105                 domain->profile = (u8) profile;
1106         return 0;
1107 }
1108
1109 /**
1110  * tomoyo_read_domain_profile - Read only domainname and profile.
1111  *
1112  * @head: Pointer to "struct tomoyo_io_buffer".
1113  *
1114  * Returns list of profile number and domainname pairs.
1115  *
1116  * This is equivalent to doing
1117  *
1118  *     grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1119  *     awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1120  *     domainname = $0; } else if ( $1 == "use_profile" ) {
1121  *     print $2 " " domainname; domainname = ""; } } ; '
1122  *
1123  * Caller holds tomoyo_read_lock().
1124  */
1125 static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1126 {
1127         if (head->r.eof)
1128                 return;
1129         list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1130                 struct tomoyo_domain_info *domain =
1131                         list_entry(head->r.domain, typeof(*domain), list);
1132                 if (domain->is_deleted)
1133                         continue;
1134                 if (!tomoyo_flush(head))
1135                         return;
1136                 tomoyo_io_printf(head, "%u ", domain->profile);
1137                 tomoyo_set_string(head, domain->domainname->name);
1138                 tomoyo_set_lf(head);
1139         }
1140         head->r.eof = true;
1141 }
1142
1143 /**
1144  * tomoyo_write_pid: Specify PID to obtain domainname.
1145  *
1146  * @head: Pointer to "struct tomoyo_io_buffer".
1147  *
1148  * Returns 0.
1149  */
1150 static int tomoyo_write_pid(struct tomoyo_io_buffer *head)
1151 {
1152         head->r.eof = false;
1153         return 0;
1154 }
1155
1156 /**
1157  * tomoyo_read_pid - Get domainname of the specified PID.
1158  *
1159  * @head: Pointer to "struct tomoyo_io_buffer".
1160  *
1161  * Returns the domainname which the specified PID is in on success,
1162  * empty string otherwise.
1163  * The PID is specified by tomoyo_write_pid() so that the user can obtain
1164  * using read()/write() interface rather than sysctl() interface.
1165  */
1166 static void tomoyo_read_pid(struct tomoyo_io_buffer *head)
1167 {
1168         char *buf = head->write_buf;
1169         bool global_pid = false;
1170         unsigned int pid;
1171         struct task_struct *p;
1172         struct tomoyo_domain_info *domain = NULL;
1173
1174         /* Accessing write_buf is safe because head->io_sem is held. */
1175         if (!buf) {
1176                 head->r.eof = true;
1177                 return; /* Do nothing if open(O_RDONLY). */
1178         }
1179         if (head->r.w_pos || head->r.eof)
1180                 return;
1181         head->r.eof = true;
1182         if (tomoyo_str_starts(&buf, "global-pid "))
1183                 global_pid = true;
1184         pid = (unsigned int) simple_strtoul(buf, NULL, 10);
1185         rcu_read_lock();
1186         read_lock(&tasklist_lock);
1187         if (global_pid)
1188                 p = find_task_by_pid_ns(pid, &init_pid_ns);
1189         else
1190                 p = find_task_by_vpid(pid);
1191         if (p)
1192                 domain = tomoyo_real_domain(p);
1193         read_unlock(&tasklist_lock);
1194         rcu_read_unlock();
1195         if (!domain)
1196                 return;
1197         tomoyo_io_printf(head, "%u %u ", pid, domain->profile);
1198         tomoyo_set_string(head, domain->domainname->name);
1199 }
1200
1201 static const char *tomoyo_transition_type[TOMOYO_MAX_TRANSITION_TYPE] = {
1202         [TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain",
1203         [TOMOYO_TRANSITION_CONTROL_INITIALIZE]    = "initialize_domain",
1204         [TOMOYO_TRANSITION_CONTROL_NO_KEEP]       = "no_keep_domain",
1205         [TOMOYO_TRANSITION_CONTROL_KEEP]          = "keep_domain",
1206 };
1207
1208 static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
1209         [TOMOYO_PATH_GROUP]   = "path_group ",
1210         [TOMOYO_NUMBER_GROUP] = "number_group ",
1211 };
1212
1213 /**
1214  * tomoyo_write_exception - Write exception policy.
1215  *
1216  * @head: Pointer to "struct tomoyo_io_buffer".
1217  *
1218  * Returns 0 on success, negative value otherwise.
1219  *
1220  * Caller holds tomoyo_read_lock().
1221  */
1222 static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1223 {
1224         struct tomoyo_acl_param param = {
1225                 .data = head->write_buf,
1226         };
1227         u8 i;
1228         param.is_delete = tomoyo_str_starts(&param.data, "delete ");
1229         if (tomoyo_str_starts(&param.data, "aggregator "))
1230                 return tomoyo_write_aggregator(&param);
1231         for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1232                 if (tomoyo_str_starts(&param.data, tomoyo_transition_type[i]))
1233                         return tomoyo_write_transition_control(&param, i);
1234         for (i = 0; i < TOMOYO_MAX_GROUP; i++)
1235                 if (tomoyo_str_starts(&param.data, tomoyo_group_name[i]))
1236                         return tomoyo_write_group(&param, i);
1237         return -EINVAL;
1238 }
1239
1240 /**
1241  * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
1242  *
1243  * @head: Pointer to "struct tomoyo_io_buffer".
1244  * @idx:  Index number.
1245  *
1246  * Returns true on success, false otherwise.
1247  *
1248  * Caller holds tomoyo_read_lock().
1249  */
1250 static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
1251 {
1252         list_for_each_cookie(head->r.group, &tomoyo_group_list[idx]) {
1253                 struct tomoyo_group *group =
1254                         list_entry(head->r.group, typeof(*group), head.list);
1255                 list_for_each_cookie(head->r.acl, &group->member_list) {
1256                         struct tomoyo_acl_head *ptr =
1257                                 list_entry(head->r.acl, typeof(*ptr), list);
1258                         if (ptr->is_deleted)
1259                                 continue;
1260                         if (!tomoyo_flush(head))
1261                                 return false;
1262                         tomoyo_set_string(head, tomoyo_group_name[idx]);
1263                         tomoyo_set_string(head, group->group_name->name);
1264                         if (idx == TOMOYO_PATH_GROUP) {
1265                                 tomoyo_set_space(head);
1266                                 tomoyo_set_string(head, container_of
1267                                                (ptr, struct tomoyo_path_group,
1268                                                 head)->member_name->name);
1269                         } else if (idx == TOMOYO_NUMBER_GROUP) {
1270                                 tomoyo_print_number_union(head, &container_of
1271                                                           (ptr,
1272                                                    struct tomoyo_number_group,
1273                                                            head)->number);
1274                         }
1275                         tomoyo_set_lf(head);
1276                 }
1277                 head->r.acl = NULL;
1278         }
1279         head->r.group = NULL;
1280         return true;
1281 }
1282
1283 /**
1284  * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
1285  *
1286  * @head: Pointer to "struct tomoyo_io_buffer".
1287  * @idx:  Index number.
1288  *
1289  * Returns true on success, false otherwise.
1290  *
1291  * Caller holds tomoyo_read_lock().
1292  */
1293 static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1294 {
1295         list_for_each_cookie(head->r.acl, &tomoyo_policy_list[idx]) {
1296                 struct tomoyo_acl_head *acl =
1297                         container_of(head->r.acl, typeof(*acl), list);
1298                 if (acl->is_deleted)
1299                         continue;
1300                 if (!tomoyo_flush(head))
1301                         return false;
1302                 switch (idx) {
1303                 case TOMOYO_ID_TRANSITION_CONTROL:
1304                         {
1305                                 struct tomoyo_transition_control *ptr =
1306                                         container_of(acl, typeof(*ptr), head);
1307                                 tomoyo_set_string(head, tomoyo_transition_type
1308                                                   [ptr->type]);
1309                                 tomoyo_set_string(head, ptr->program ?
1310                                                   ptr->program->name : "any");
1311                                 tomoyo_set_string(head, " from ");
1312                                 tomoyo_set_string(head, ptr->domainname ?
1313                                                   ptr->domainname->name :
1314                                                   "any");
1315                         }
1316                         break;
1317                 case TOMOYO_ID_AGGREGATOR:
1318                         {
1319                                 struct tomoyo_aggregator *ptr =
1320                                         container_of(acl, typeof(*ptr), head);
1321                                 tomoyo_set_string(head, "aggregator ");
1322                                 tomoyo_set_string(head,
1323                                                   ptr->original_name->name);
1324                                 tomoyo_set_space(head);
1325                                 tomoyo_set_string(head,
1326                                                ptr->aggregated_name->name);
1327                         }
1328                         break;
1329                 default:
1330                         continue;
1331                 }
1332                 tomoyo_set_lf(head);
1333         }
1334         head->r.acl = NULL;
1335         return true;
1336 }
1337
1338 /**
1339  * tomoyo_read_exception - Read exception policy.
1340  *
1341  * @head: Pointer to "struct tomoyo_io_buffer".
1342  *
1343  * Caller holds tomoyo_read_lock().
1344  */
1345 static void tomoyo_read_exception(struct tomoyo_io_buffer *head)
1346 {
1347         if (head->r.eof)
1348                 return;
1349         while (head->r.step < TOMOYO_MAX_POLICY &&
1350                tomoyo_read_policy(head, head->r.step))
1351                 head->r.step++;
1352         if (head->r.step < TOMOYO_MAX_POLICY)
1353                 return;
1354         while (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
1355                tomoyo_read_group(head, head->r.step - TOMOYO_MAX_POLICY))
1356                 head->r.step++;
1357         if (head->r.step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
1358                 return;
1359         head->r.eof = true;
1360 }
1361
1362 /**
1363  * tomoyo_print_header - Get header line of audit log.
1364  *
1365  * @r: Pointer to "struct tomoyo_request_info".
1366  *
1367  * Returns string representation.
1368  *
1369  * This function uses kmalloc(), so caller must kfree() if this function
1370  * didn't return NULL.
1371  */
1372 static char *tomoyo_print_header(struct tomoyo_request_info *r)
1373 {
1374         struct timeval tv;
1375         const pid_t gpid = task_pid_nr(current);
1376         static const int tomoyo_buffer_len = 4096;
1377         char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS);
1378         pid_t ppid;
1379         if (!buffer)
1380                 return NULL;
1381         do_gettimeofday(&tv);
1382         rcu_read_lock();
1383         ppid = task_tgid_vnr(current->real_parent);
1384         rcu_read_unlock();
1385         snprintf(buffer, tomoyo_buffer_len - 1,
1386                  "#timestamp=%lu profile=%u mode=%s (global-pid=%u)"
1387                  " task={ pid=%u ppid=%u uid=%u gid=%u euid=%u"
1388                  " egid=%u suid=%u sgid=%u fsuid=%u fsgid=%u }",
1389                  tv.tv_sec, r->profile, tomoyo_mode[r->mode], gpid,
1390                  task_tgid_vnr(current), ppid,
1391                  current_uid(), current_gid(), current_euid(),
1392                  current_egid(), current_suid(), current_sgid(),
1393                  current_fsuid(), current_fsgid());
1394         return buffer;
1395 }
1396
1397 /**
1398  * tomoyo_init_audit_log - Allocate buffer for audit logs.
1399  *
1400  * @len: Required size.
1401  * @r:   Pointer to "struct tomoyo_request_info".
1402  *
1403  * Returns pointer to allocated memory.
1404  *
1405  * The @len is updated to add the header lines' size on success.
1406  *
1407  * This function uses kzalloc(), so caller must kfree() if this function
1408  * didn't return NULL.
1409  */
1410 static char *tomoyo_init_audit_log(int *len, struct tomoyo_request_info *r)
1411 {
1412         char *buf = NULL;
1413         const char *header;
1414         const char *domainname;
1415         if (!r->domain)
1416                 r->domain = tomoyo_domain();
1417         domainname = r->domain->domainname->name;
1418         header = tomoyo_print_header(r);
1419         if (!header)
1420                 return NULL;
1421         *len += strlen(domainname) + strlen(header) + 10;
1422         buf = kzalloc(*len, GFP_NOFS);
1423         if (buf)
1424                 snprintf(buf, (*len) - 1, "%s\n%s\n", header, domainname);
1425         kfree(header);
1426         return buf;
1427 }
1428
1429 /* Wait queue for tomoyo_query_list. */
1430 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_query_wait);
1431
1432 /* Lock for manipulating tomoyo_query_list. */
1433 static DEFINE_SPINLOCK(tomoyo_query_list_lock);
1434
1435 /* Structure for query. */
1436 struct tomoyo_query {
1437         struct list_head list;
1438         char *query;
1439         int query_len;
1440         unsigned int serial;
1441         int timer;
1442         int answer;
1443 };
1444
1445 /* The list for "struct tomoyo_query". */
1446 static LIST_HEAD(tomoyo_query_list);
1447
1448 /*
1449  * Number of "struct file" referring /sys/kernel/security/tomoyo/query
1450  * interface.
1451  */
1452 static atomic_t tomoyo_query_observers = ATOMIC_INIT(0);
1453
1454 /**
1455  * tomoyo_supervisor - Ask for the supervisor's decision.
1456  *
1457  * @r:       Pointer to "struct tomoyo_request_info".
1458  * @fmt:     The printf()'s format string, followed by parameters.
1459  *
1460  * Returns 0 if the supervisor decided to permit the access request which
1461  * violated the policy in enforcing mode, TOMOYO_RETRY_REQUEST if the
1462  * supervisor decided to retry the access request which violated the policy in
1463  * enforcing mode, 0 if it is not in enforcing mode, -EPERM otherwise.
1464  */
1465 int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
1466 {
1467         va_list args;
1468         int error = -EPERM;
1469         int pos;
1470         int len;
1471         static unsigned int tomoyo_serial;
1472         struct tomoyo_query *entry = NULL;
1473         bool quota_exceeded = false;
1474         char *header;
1475         switch (r->mode) {
1476                 char *buffer;
1477         case TOMOYO_CONFIG_LEARNING:
1478                 if (!tomoyo_domain_quota_is_ok(r))
1479                         return 0;
1480                 va_start(args, fmt);
1481                 len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 4;
1482                 va_end(args);
1483                 buffer = kmalloc(len, GFP_NOFS);
1484                 if (!buffer)
1485                         return 0;
1486                 va_start(args, fmt);
1487                 vsnprintf(buffer, len - 1, fmt, args);
1488                 va_end(args);
1489                 tomoyo_normalize_line(buffer);
1490                 tomoyo_write_domain2(&r->domain->acl_info_list, buffer, false);
1491                 kfree(buffer);
1492                 /* fall through */
1493         case TOMOYO_CONFIG_PERMISSIVE:
1494                 return 0;
1495         }
1496         if (!r->domain)
1497                 r->domain = tomoyo_domain();
1498         if (!atomic_read(&tomoyo_query_observers))
1499                 return -EPERM;
1500         va_start(args, fmt);
1501         len = vsnprintf((char *) &pos, sizeof(pos) - 1, fmt, args) + 32;
1502         va_end(args);
1503         header = tomoyo_init_audit_log(&len, r);
1504         if (!header)
1505                 goto out;
1506         entry = kzalloc(sizeof(*entry), GFP_NOFS);
1507         if (!entry)
1508                 goto out;
1509         entry->query = kzalloc(len, GFP_NOFS);
1510         if (!entry->query)
1511                 goto out;
1512         len = ksize(entry->query);
1513         spin_lock(&tomoyo_query_list_lock);
1514         if (tomoyo_quota_for_query && tomoyo_query_memory_size + len +
1515             sizeof(*entry) >= tomoyo_quota_for_query) {
1516                 quota_exceeded = true;
1517         } else {
1518                 tomoyo_query_memory_size += len + sizeof(*entry);
1519                 entry->serial = tomoyo_serial++;
1520         }
1521         spin_unlock(&tomoyo_query_list_lock);
1522         if (quota_exceeded)
1523                 goto out;
1524         pos = snprintf(entry->query, len - 1, "Q%u-%hu\n%s",
1525                        entry->serial, r->retry, header);
1526         kfree(header);
1527         header = NULL;
1528         va_start(args, fmt);
1529         vsnprintf(entry->query + pos, len - 1 - pos, fmt, args);
1530         entry->query_len = strlen(entry->query) + 1;
1531         va_end(args);
1532         spin_lock(&tomoyo_query_list_lock);
1533         list_add_tail(&entry->list, &tomoyo_query_list);
1534         spin_unlock(&tomoyo_query_list_lock);
1535         /* Give 10 seconds for supervisor's opinion. */
1536         for (entry->timer = 0;
1537              atomic_read(&tomoyo_query_observers) && entry->timer < 100;
1538              entry->timer++) {
1539                 wake_up(&tomoyo_query_wait);
1540                 set_current_state(TASK_INTERRUPTIBLE);
1541                 schedule_timeout(HZ / 10);
1542                 if (entry->answer)
1543                         break;
1544         }
1545         spin_lock(&tomoyo_query_list_lock);
1546         list_del(&entry->list);
1547         tomoyo_query_memory_size -= len + sizeof(*entry);
1548         spin_unlock(&tomoyo_query_list_lock);
1549         switch (entry->answer) {
1550         case 3: /* Asked to retry by administrator. */
1551                 error = TOMOYO_RETRY_REQUEST;
1552                 r->retry++;
1553                 break;
1554         case 1:
1555                 /* Granted by administrator. */
1556                 error = 0;
1557                 break;
1558         case 0:
1559                 /* Timed out. */
1560                 break;
1561         default:
1562                 /* Rejected by administrator. */
1563                 break;
1564         }
1565  out:
1566         if (entry)
1567                 kfree(entry->query);
1568         kfree(entry);
1569         kfree(header);
1570         return error;
1571 }
1572
1573 /**
1574  * tomoyo_poll_query - poll() for /sys/kernel/security/tomoyo/query.
1575  *
1576  * @file: Pointer to "struct file".
1577  * @wait: Pointer to "poll_table".
1578  *
1579  * Returns POLLIN | POLLRDNORM when ready to read, 0 otherwise.
1580  *
1581  * Waits for access requests which violated policy in enforcing mode.
1582  */
1583 static int tomoyo_poll_query(struct file *file, poll_table *wait)
1584 {
1585         struct list_head *tmp;
1586         bool found = false;
1587         u8 i;
1588         for (i = 0; i < 2; i++) {
1589                 spin_lock(&tomoyo_query_list_lock);
1590                 list_for_each(tmp, &tomoyo_query_list) {
1591                         struct tomoyo_query *ptr =
1592                                 list_entry(tmp, typeof(*ptr), list);
1593                         if (ptr->answer)
1594                                 continue;
1595                         found = true;
1596                         break;
1597                 }
1598                 spin_unlock(&tomoyo_query_list_lock);
1599                 if (found)
1600                         return POLLIN | POLLRDNORM;
1601                 if (i)
1602                         break;
1603                 poll_wait(file, &tomoyo_query_wait, wait);
1604         }
1605         return 0;
1606 }
1607
1608 /**
1609  * tomoyo_read_query - Read access requests which violated policy in enforcing mode.
1610  *
1611  * @head: Pointer to "struct tomoyo_io_buffer".
1612  */
1613 static void tomoyo_read_query(struct tomoyo_io_buffer *head)
1614 {
1615         struct list_head *tmp;
1616         int pos = 0;
1617         int len = 0;
1618         char *buf;
1619         if (head->r.w_pos)
1620                 return;
1621         if (head->read_buf) {
1622                 kfree(head->read_buf);
1623                 head->read_buf = NULL;
1624         }
1625         spin_lock(&tomoyo_query_list_lock);
1626         list_for_each(tmp, &tomoyo_query_list) {
1627                 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1628                 if (ptr->answer)
1629                         continue;
1630                 if (pos++ != head->r.query_index)
1631                         continue;
1632                 len = ptr->query_len;
1633                 break;
1634         }
1635         spin_unlock(&tomoyo_query_list_lock);
1636         if (!len) {
1637                 head->r.query_index = 0;
1638                 return;
1639         }
1640         buf = kzalloc(len, GFP_NOFS);
1641         if (!buf)
1642                 return;
1643         pos = 0;
1644         spin_lock(&tomoyo_query_list_lock);
1645         list_for_each(tmp, &tomoyo_query_list) {
1646                 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1647                 if (ptr->answer)
1648                         continue;
1649                 if (pos++ != head->r.query_index)
1650                         continue;
1651                 /*
1652                  * Some query can be skipped because tomoyo_query_list
1653                  * can change, but I don't care.
1654                  */
1655                 if (len == ptr->query_len)
1656                         memmove(buf, ptr->query, len);
1657                 break;
1658         }
1659         spin_unlock(&tomoyo_query_list_lock);
1660         if (buf[0]) {
1661                 head->read_buf = buf;
1662                 head->r.w[head->r.w_pos++] = buf;
1663                 head->r.query_index++;
1664         } else {
1665                 kfree(buf);
1666         }
1667 }
1668
1669 /**
1670  * tomoyo_write_answer - Write the supervisor's decision.
1671  *
1672  * @head: Pointer to "struct tomoyo_io_buffer".
1673  *
1674  * Returns 0 on success, -EINVAL otherwise.
1675  */
1676 static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
1677 {
1678         char *data = head->write_buf;
1679         struct list_head *tmp;
1680         unsigned int serial;
1681         unsigned int answer;
1682         spin_lock(&tomoyo_query_list_lock);
1683         list_for_each(tmp, &tomoyo_query_list) {
1684                 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1685                 ptr->timer = 0;
1686         }
1687         spin_unlock(&tomoyo_query_list_lock);
1688         if (sscanf(data, "A%u=%u", &serial, &answer) != 2)
1689                 return -EINVAL;
1690         spin_lock(&tomoyo_query_list_lock);
1691         list_for_each(tmp, &tomoyo_query_list) {
1692                 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
1693                 if (ptr->serial != serial)
1694                         continue;
1695                 if (!ptr->answer)
1696                         ptr->answer = answer;
1697                 break;
1698         }
1699         spin_unlock(&tomoyo_query_list_lock);
1700         return 0;
1701 }
1702
1703 /**
1704  * tomoyo_read_version: Get version.
1705  *
1706  * @head: Pointer to "struct tomoyo_io_buffer".
1707  *
1708  * Returns version information.
1709  */
1710 static void tomoyo_read_version(struct tomoyo_io_buffer *head)
1711 {
1712         if (!head->r.eof) {
1713                 tomoyo_io_printf(head, "2.4.0");
1714                 head->r.eof = true;
1715         }
1716 }
1717
1718 /**
1719  * tomoyo_read_self_domain - Get the current process's domainname.
1720  *
1721  * @head: Pointer to "struct tomoyo_io_buffer".
1722  *
1723  * Returns the current process's domainname.
1724  */
1725 static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1726 {
1727         if (!head->r.eof) {
1728                 /*
1729                  * tomoyo_domain()->domainname != NULL
1730                  * because every process belongs to a domain and
1731                  * the domain's name cannot be NULL.
1732                  */
1733                 tomoyo_io_printf(head, "%s", tomoyo_domain()->domainname->name);
1734                 head->r.eof = true;
1735         }
1736 }
1737
1738 /**
1739  * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
1740  *
1741  * @type: Type of interface.
1742  * @file: Pointer to "struct file".
1743  *
1744  * Associates policy handler and returns 0 on success, -ENOMEM otherwise.
1745  *
1746  * Caller acquires tomoyo_read_lock().
1747  */
1748 int tomoyo_open_control(const u8 type, struct file *file)
1749 {
1750         struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_NOFS);
1751
1752         if (!head)
1753                 return -ENOMEM;
1754         mutex_init(&head->io_sem);
1755         head->type = type;
1756         switch (type) {
1757         case TOMOYO_DOMAINPOLICY:
1758                 /* /sys/kernel/security/tomoyo/domain_policy */
1759                 head->write = tomoyo_write_domain;
1760                 head->read = tomoyo_read_domain;
1761                 break;
1762         case TOMOYO_EXCEPTIONPOLICY:
1763                 /* /sys/kernel/security/tomoyo/exception_policy */
1764                 head->write = tomoyo_write_exception;
1765                 head->read = tomoyo_read_exception;
1766                 break;
1767         case TOMOYO_SELFDOMAIN:
1768                 /* /sys/kernel/security/tomoyo/self_domain */
1769                 head->read = tomoyo_read_self_domain;
1770                 break;
1771         case TOMOYO_DOMAIN_STATUS:
1772                 /* /sys/kernel/security/tomoyo/.domain_status */
1773                 head->write = tomoyo_write_domain_profile;
1774                 head->read = tomoyo_read_domain_profile;
1775                 break;
1776         case TOMOYO_PROCESS_STATUS:
1777                 /* /sys/kernel/security/tomoyo/.process_status */
1778                 head->write = tomoyo_write_pid;
1779                 head->read = tomoyo_read_pid;
1780                 break;
1781         case TOMOYO_VERSION:
1782                 /* /sys/kernel/security/tomoyo/version */
1783                 head->read = tomoyo_read_version;
1784                 head->readbuf_size = 128;
1785                 break;
1786         case TOMOYO_MEMINFO:
1787                 /* /sys/kernel/security/tomoyo/meminfo */
1788                 head->write = tomoyo_write_memory_quota;
1789                 head->read = tomoyo_read_memory_counter;
1790                 head->readbuf_size = 512;
1791                 break;
1792         case TOMOYO_PROFILE:
1793                 /* /sys/kernel/security/tomoyo/profile */
1794                 head->write = tomoyo_write_profile;
1795                 head->read = tomoyo_read_profile;
1796                 break;
1797         case TOMOYO_QUERY: /* /sys/kernel/security/tomoyo/query */
1798                 head->poll = tomoyo_poll_query;
1799                 head->write = tomoyo_write_answer;
1800                 head->read = tomoyo_read_query;
1801                 break;
1802         case TOMOYO_MANAGER:
1803                 /* /sys/kernel/security/tomoyo/manager */
1804                 head->write = tomoyo_write_manager;
1805                 head->read = tomoyo_read_manager;
1806                 break;
1807         }
1808         if (!(file->f_mode & FMODE_READ)) {
1809                 /*
1810                  * No need to allocate read_buf since it is not opened
1811                  * for reading.
1812                  */
1813                 head->read = NULL;
1814                 head->poll = NULL;
1815         } else if (!head->poll) {
1816                 /* Don't allocate read_buf for poll() access. */
1817                 if (!head->readbuf_size)
1818                         head->readbuf_size = 4096 * 2;
1819                 head->read_buf = kzalloc(head->readbuf_size, GFP_NOFS);
1820                 if (!head->read_buf) {
1821                         kfree(head);
1822                         return -ENOMEM;
1823                 }
1824         }
1825         if (!(file->f_mode & FMODE_WRITE)) {
1826                 /*
1827                  * No need to allocate write_buf since it is not opened
1828                  * for writing.
1829                  */
1830                 head->write = NULL;
1831         } else if (head->write) {
1832                 head->writebuf_size = 4096 * 2;
1833                 head->write_buf = kzalloc(head->writebuf_size, GFP_NOFS);
1834                 if (!head->write_buf) {
1835                         kfree(head->read_buf);
1836                         kfree(head);
1837                         return -ENOMEM;
1838                 }
1839         }
1840         if (type != TOMOYO_QUERY)
1841                 head->reader_idx = tomoyo_read_lock();
1842         file->private_data = head;
1843         /*
1844          * If the file is /sys/kernel/security/tomoyo/query , increment the
1845          * observer counter.
1846          * The obserber counter is used by tomoyo_supervisor() to see if
1847          * there is some process monitoring /sys/kernel/security/tomoyo/query.
1848          */
1849         if (type == TOMOYO_QUERY)
1850                 atomic_inc(&tomoyo_query_observers);
1851         return 0;
1852 }
1853
1854 /**
1855  * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
1856  *
1857  * @file: Pointer to "struct file".
1858  * @wait: Pointer to "poll_table".
1859  *
1860  * Waits for read readiness.
1861  * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd .
1862  */
1863 int tomoyo_poll_control(struct file *file, poll_table *wait)
1864 {
1865         struct tomoyo_io_buffer *head = file->private_data;
1866         if (!head->poll)
1867                 return -ENOSYS;
1868         return head->poll(file, wait);
1869 }
1870
1871 /**
1872  * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
1873  *
1874  * @head:       Pointer to "struct tomoyo_io_buffer".
1875  * @buffer:     Poiner to buffer to write to.
1876  * @buffer_len: Size of @buffer.
1877  *
1878  * Returns bytes read on success, negative value otherwise.
1879  *
1880  * Caller holds tomoyo_read_lock().
1881  */
1882 int tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
1883                         const int buffer_len)
1884 {
1885         int len;
1886
1887         if (!head->read)
1888                 return -ENOSYS;
1889         if (mutex_lock_interruptible(&head->io_sem))
1890                 return -EINTR;
1891         head->read_user_buf = buffer;
1892         head->read_user_buf_avail = buffer_len;
1893         if (tomoyo_flush(head))
1894                 /* Call the policy handler. */
1895                 head->read(head);
1896         tomoyo_flush(head);
1897         len = head->read_user_buf - buffer;
1898         mutex_unlock(&head->io_sem);
1899         return len;
1900 }
1901
1902 /**
1903  * tomoyo_write_control - write() for /sys/kernel/security/tomoyo/ interface.
1904  *
1905  * @head:       Pointer to "struct tomoyo_io_buffer".
1906  * @buffer:     Pointer to buffer to read from.
1907  * @buffer_len: Size of @buffer.
1908  *
1909  * Returns @buffer_len on success, negative value otherwise.
1910  *
1911  * Caller holds tomoyo_read_lock().
1912  */
1913 int tomoyo_write_control(struct tomoyo_io_buffer *head,
1914                          const char __user *buffer, const int buffer_len)
1915 {
1916         int error = buffer_len;
1917         int avail_len = buffer_len;
1918         char *cp0 = head->write_buf;
1919
1920         if (!head->write)
1921                 return -ENOSYS;
1922         if (!access_ok(VERIFY_READ, buffer, buffer_len))
1923                 return -EFAULT;
1924         /* Don't allow updating policies by non manager programs. */
1925         if (head->write != tomoyo_write_pid &&
1926             head->write != tomoyo_write_domain && !tomoyo_manager())
1927                 return -EPERM;
1928         if (mutex_lock_interruptible(&head->io_sem))
1929                 return -EINTR;
1930         /* Read a line and dispatch it to the policy handler. */
1931         while (avail_len > 0) {
1932                 char c;
1933                 if (head->w.avail >= head->writebuf_size - 1) {
1934                         error = -ENOMEM;
1935                         break;
1936                 } else if (get_user(c, buffer)) {
1937                         error = -EFAULT;
1938                         break;
1939                 }
1940                 buffer++;
1941                 avail_len--;
1942                 cp0[head->w.avail++] = c;
1943                 if (c != '\n')
1944                         continue;
1945                 cp0[head->w.avail - 1] = '\0';
1946                 head->w.avail = 0;
1947                 tomoyo_normalize_line(cp0);
1948                 head->write(head);
1949         }
1950         mutex_unlock(&head->io_sem);
1951         return error;
1952 }
1953
1954 /**
1955  * tomoyo_close_control - close() for /sys/kernel/security/tomoyo/ interface.
1956  *
1957  * @head: Pointer to "struct tomoyo_io_buffer".
1958  *
1959  * Releases memory and returns 0.
1960  *
1961  * Caller looses tomoyo_read_lock().
1962  */
1963 int tomoyo_close_control(struct tomoyo_io_buffer *head)
1964 {
1965         const bool is_write = !!head->write_buf;
1966
1967         /*
1968          * If the file is /sys/kernel/security/tomoyo/query , decrement the
1969          * observer counter.
1970          */
1971         if (head->type == TOMOYO_QUERY)
1972                 atomic_dec(&tomoyo_query_observers);
1973         else
1974                 tomoyo_read_unlock(head->reader_idx);
1975         /* Release memory used for policy I/O. */
1976         kfree(head->read_buf);
1977         head->read_buf = NULL;
1978         kfree(head->write_buf);
1979         head->write_buf = NULL;
1980         kfree(head);
1981         if (is_write)
1982                 tomoyo_run_gc();
1983         return 0;
1984 }
1985
1986 /**
1987  * tomoyo_check_profile - Check all profiles currently assigned to domains are defined.
1988  */
1989 void tomoyo_check_profile(void)
1990 {
1991         struct tomoyo_domain_info *domain;
1992         const int idx = tomoyo_read_lock();
1993         tomoyo_policy_loaded = true;
1994         /* Check all profiles currently assigned to domains are defined. */
1995         list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
1996                 const u8 profile = domain->profile;
1997                 if (tomoyo_profile_ptr[profile])
1998                         continue;
1999                 printk(KERN_ERR "You need to define profile %u before using it.\n",
2000                        profile);
2001                 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
2002                        "for more information.\n");
2003                 panic("Profile %u (used by '%s') not defined.\n",
2004                       profile, domain->domainname->name);
2005         }
2006         tomoyo_read_unlock(idx);
2007         if (tomoyo_profile_version != 20090903) {
2008                 printk(KERN_ERR "You need to install userland programs for "
2009                        "TOMOYO 2.3 and initialize policy configuration.\n");
2010                 printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.3/ "
2011                        "for more information.\n");
2012                 panic("Profile version %u is not supported.\n",
2013                       tomoyo_profile_version);
2014         }
2015         printk(KERN_INFO "TOMOYO: 2.3.0\n");
2016         printk(KERN_INFO "Mandatory Access Control activated.\n");
2017 }