TOMOYO: Add auditing interface.
[linux-2.6.git] / security / tomoyo / securityfs_if.c
1 /*
2  * security/tomoyo/common.c
3  *
4  * Securityfs interface for TOMOYO.
5  *
6  * Copyright (C) 2005-2010  NTT DATA CORPORATION
7  */
8
9 #include <linux/security.h>
10 #include "common.h"
11
12 /**
13  * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
14  *
15  * @inode: Pointer to "struct inode".
16  * @file:  Pointer to "struct file".
17  *
18  * Returns 0 on success, negative value otherwise.
19  */
20 static int tomoyo_open(struct inode *inode, struct file *file)
21 {
22         const int key = ((u8 *) file->f_path.dentry->d_inode->i_private)
23                 - ((u8 *) NULL);
24         return tomoyo_open_control(key, file);
25 }
26
27 /**
28  * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
29  *
30  * @inode: Pointer to "struct inode".
31  * @file:  Pointer to "struct file".
32  *
33  * Returns 0 on success, negative value otherwise.
34  */
35 static int tomoyo_release(struct inode *inode, struct file *file)
36 {
37         return tomoyo_close_control(file->private_data);
38 }
39
40 /**
41  * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
42  *
43  * @file: Pointer to "struct file".
44  * @wait: Pointer to "poll_table".
45  *
46  * Returns 0 on success, negative value otherwise.
47  */
48 static unsigned int tomoyo_poll(struct file *file, poll_table *wait)
49 {
50         return tomoyo_poll_control(file, wait);
51 }
52
53 /**
54  * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
55  *
56  * @file:  Pointer to "struct file".
57  * @buf:   Pointer to buffer.
58  * @count: Size of @buf.
59  * @ppos:  Unused.
60  *
61  * Returns bytes read on success, negative value otherwise.
62  */
63 static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
64                            loff_t *ppos)
65 {
66         return tomoyo_read_control(file->private_data, buf, count);
67 }
68
69 /**
70  * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
71  *
72  * @file:  Pointer to "struct file".
73  * @buf:   Pointer to buffer.
74  * @count: Size of @buf.
75  * @ppos:  Unused.
76  *
77  * Returns @count on success, negative value otherwise.
78  */
79 static ssize_t tomoyo_write(struct file *file, const char __user *buf,
80                             size_t count, loff_t *ppos)
81 {
82         return tomoyo_write_control(file->private_data, buf, count);
83 }
84
85 /*
86  * tomoyo_operations is a "struct file_operations" which is used for handling
87  * /sys/kernel/security/tomoyo/ interface.
88  *
89  * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
90  * See tomoyo_io_buffer for internals.
91  */
92 static const struct file_operations tomoyo_operations = {
93         .open    = tomoyo_open,
94         .release = tomoyo_release,
95         .poll    = tomoyo_poll,
96         .read    = tomoyo_read,
97         .write   = tomoyo_write,
98         .llseek  = noop_llseek,
99 };
100
101 /**
102  * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
103  *
104  * @name:   The name of the interface file.
105  * @mode:   The permission of the interface file.
106  * @parent: The parent directory.
107  * @key:    Type of interface.
108  *
109  * Returns nothing.
110  */
111 static void __init tomoyo_create_entry(const char *name, const mode_t mode,
112                                        struct dentry *parent, const u8 key)
113 {
114         securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
115                                &tomoyo_operations);
116 }
117
118 /**
119  * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
120  *
121  * Returns 0.
122  */
123 static int __init tomoyo_initerface_init(void)
124 {
125         struct dentry *tomoyo_dir;
126
127         /* Don't create securityfs entries unless registered. */
128         if (current_cred()->security != &tomoyo_kernel_domain)
129                 return 0;
130
131         tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
132         tomoyo_create_entry("query",            0600, tomoyo_dir,
133                             TOMOYO_QUERY);
134         tomoyo_create_entry("domain_policy",    0600, tomoyo_dir,
135                             TOMOYO_DOMAINPOLICY);
136         tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
137                             TOMOYO_EXCEPTIONPOLICY);
138         tomoyo_create_entry("audit",            0400, tomoyo_dir,
139                             TOMOYO_AUDIT);
140         tomoyo_create_entry("self_domain",      0400, tomoyo_dir,
141                             TOMOYO_SELFDOMAIN);
142         tomoyo_create_entry(".domain_status",   0600, tomoyo_dir,
143                             TOMOYO_DOMAIN_STATUS);
144         tomoyo_create_entry(".process_status",  0600, tomoyo_dir,
145                             TOMOYO_PROCESS_STATUS);
146         tomoyo_create_entry("meminfo",          0600, tomoyo_dir,
147                             TOMOYO_MEMINFO);
148         tomoyo_create_entry("profile",          0600, tomoyo_dir,
149                             TOMOYO_PROFILE);
150         tomoyo_create_entry("manager",          0600, tomoyo_dir,
151                             TOMOYO_MANAGER);
152         tomoyo_create_entry("version",          0400, tomoyo_dir,
153                             TOMOYO_VERSION);
154         return 0;
155 }
156
157 fs_initcall(tomoyo_initerface_init);