TOMOYO: Rename meminfo to stat and show more statistics.
Tetsuo Handa [Sun, 26 Jun 2011 14:21:50 +0000 (23:21 +0900)]
Show statistics such as last policy update time and last policy violation time
in addition to memory usage.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/audit.c
security/tomoyo/common.c
security/tomoyo/common.h
security/tomoyo/memory.c
security/tomoyo/securityfs_if.c
security/tomoyo/util.c

index 45e0a9f..f2c8697 100644 (file)
 #include <linux/slab.h>
 
 /**
- * tomoyo_convert_time - Convert time_t to YYYY/MM/DD hh/mm/ss.
- *
- * @time:  Seconds since 1970/01/01 00:00:00.
- * @stamp: Pointer to "struct tomoyo_time".
- *
- * Returns nothing.
- *
- * This function does not handle Y2038 problem.
- */
-static void tomoyo_convert_time(time_t time, struct tomoyo_time *stamp)
-{
-       static const u16 tomoyo_eom[2][12] = {
-               { 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365 },
-               { 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, 366 }
-       };
-       u16 y;
-       u8 m;
-       bool r;
-       stamp->sec = time % 60;
-       time /= 60;
-       stamp->min = time % 60;
-       time /= 60;
-       stamp->hour = time % 24;
-       time /= 24;
-       for (y = 1970; ; y++) {
-               const unsigned short days = (y & 3) ? 365 : 366;
-               if (time < days)
-                       break;
-               time -= days;
-       }
-       r = (y & 3) == 0;
-       for (m = 0; m < 11 && time >= tomoyo_eom[r][m]; m++)
-               ;
-       if (m)
-               time -= tomoyo_eom[r][m - 1];
-       stamp->year = y;
-       stamp->month = ++m;
-       stamp->day = ++time;
-}
-
-/**
  * tomoyo_print_header - Get header line of audit log.
  *
  * @r: Pointer to "struct tomoyo_request_info".
index 6402183..7bc0d1d 100644 (file)
@@ -1584,8 +1584,9 @@ static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header)
                return;
        snprintf(buffer, len - 1, "%s", cp);
        tomoyo_normalize_line(buffer);
-       tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer,
-                            false);
+       if (!tomoyo_write_domain2(domain->ns, &domain->acl_info_list, buffer,
+                                 false))
+               tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
        kfree(buffer);
 }
 
@@ -1618,6 +1619,8 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...)
        /* Nothing more to do if granted. */
        if (r->granted)
                return 0;
+       if (r->mode)
+               tomoyo_update_stat(r->mode);
        switch (r->mode) {
        case TOMOYO_CONFIG_ENFORCING:
                error = -EPERM;
@@ -1857,6 +1860,104 @@ static void tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
        }
 }
 
+/* String table for /sys/kernel/security/tomoyo/stat interface. */
+static const char * const tomoyo_policy_headers[TOMOYO_MAX_POLICY_STAT] = {
+       [TOMOYO_STAT_POLICY_UPDATES]    = "update:",
+       [TOMOYO_STAT_POLICY_LEARNING]   = "violation in learning mode:",
+       [TOMOYO_STAT_POLICY_PERMISSIVE] = "violation in permissive mode:",
+       [TOMOYO_STAT_POLICY_ENFORCING]  = "violation in enforcing mode:",
+};
+
+/* String table for /sys/kernel/security/tomoyo/stat interface. */
+static const char * const tomoyo_memory_headers[TOMOYO_MAX_MEMORY_STAT] = {
+       [TOMOYO_MEMORY_POLICY] = "policy:",
+       [TOMOYO_MEMORY_AUDIT]  = "audit log:",
+       [TOMOYO_MEMORY_QUERY]  = "query message:",
+};
+
+/* Timestamp counter for last updated. */
+static unsigned int tomoyo_stat_updated[TOMOYO_MAX_POLICY_STAT];
+/* Counter for number of updates. */
+static unsigned int tomoyo_stat_modified[TOMOYO_MAX_POLICY_STAT];
+
+/**
+ * tomoyo_update_stat - Update statistic counters.
+ *
+ * @index: Index for policy type.
+ *
+ * Returns nothing.
+ */
+void tomoyo_update_stat(const u8 index)
+{
+       struct timeval tv;
+       do_gettimeofday(&tv);
+       /*
+        * I don't use atomic operations because race condition is not fatal.
+        */
+       tomoyo_stat_updated[index]++;
+       tomoyo_stat_modified[index] = tv.tv_sec;
+}
+
+/**
+ * tomoyo_read_stat - Read statistic data.
+ *
+ * @head: Pointer to "struct tomoyo_io_buffer".
+ *
+ * Returns nothing.
+ */
+static void tomoyo_read_stat(struct tomoyo_io_buffer *head)
+{
+       u8 i;
+       unsigned int total = 0;
+       if (head->r.eof)
+               return;
+       for (i = 0; i < TOMOYO_MAX_POLICY_STAT; i++) {
+               tomoyo_io_printf(head, "Policy %-30s %10u",
+                                tomoyo_policy_headers[i],
+                                tomoyo_stat_updated[i]);
+               if (tomoyo_stat_modified[i]) {
+                       struct tomoyo_time stamp;
+                       tomoyo_convert_time(tomoyo_stat_modified[i], &stamp);
+                       tomoyo_io_printf(head, " (Last: %04u/%02u/%02u "
+                                        "%02u:%02u:%02u)",
+                                        stamp.year, stamp.month, stamp.day,
+                                        stamp.hour, stamp.min, stamp.sec);
+               }
+               tomoyo_set_lf(head);
+       }
+       for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++) {
+               unsigned int used = tomoyo_memory_used[i];
+               total += used;
+               tomoyo_io_printf(head, "Memory used by %-22s %10u",
+                                tomoyo_memory_headers[i], used);
+               used = tomoyo_memory_quota[i];
+               if (used)
+                       tomoyo_io_printf(head, " (Quota: %10u)", used);
+               tomoyo_set_lf(head);
+       }
+       tomoyo_io_printf(head, "Total memory used:                    %10u\n",
+                        total);
+       head->r.eof = true;
+}
+
+/**
+ * tomoyo_write_stat - Set memory quota.
+ *
+ * @head: Pointer to "struct tomoyo_io_buffer".
+ *
+ * Returns 0.
+ */
+static int tomoyo_write_stat(struct tomoyo_io_buffer *head)
+{
+       char *data = head->write_buf;
+       u8 i;
+       if (tomoyo_str_starts(&data, "Memory used by "))
+               for (i = 0; i < TOMOYO_MAX_MEMORY_STAT; i++)
+                       if (tomoyo_str_starts(&data, tomoyo_memory_headers[i]))
+                               sscanf(data, "%u", &tomoyo_memory_quota[i]);
+       return 0;
+}
+
 /**
  * tomoyo_open_control - open() for /sys/kernel/security/tomoyo/ interface.
  *
@@ -1908,11 +2009,11 @@ int tomoyo_open_control(const u8 type, struct file *file)
                head->read = tomoyo_read_version;
                head->readbuf_size = 128;
                break;
-       case TOMOYO_MEMINFO:
-               /* /sys/kernel/security/tomoyo/meminfo */
-               head->write = tomoyo_write_memory_quota;
-               head->read = tomoyo_read_memory_counter;
-               head->readbuf_size = 512;
+       case TOMOYO_STAT:
+               /* /sys/kernel/security/tomoyo/stat */
+               head->write = tomoyo_write_stat;
+               head->read = tomoyo_read_stat;
+               head->readbuf_size = 1024;
                break;
        case TOMOYO_PROFILE:
                /* /sys/kernel/security/tomoyo/profile */
@@ -2186,6 +2287,20 @@ ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
                case -EPERM:
                        error = -EPERM;
                        goto out;
+               case 0:
+                       switch (head->type) {
+                       case TOMOYO_DOMAINPOLICY:
+                       case TOMOYO_EXCEPTIONPOLICY:
+                       case TOMOYO_DOMAIN_STATUS:
+                       case TOMOYO_STAT:
+                       case TOMOYO_PROFILE:
+                       case TOMOYO_MANAGER:
+                               tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES);
+                               break;
+                       default:
+                               break;
+                       }
+                       break;
                }
        }
 out:
index b54455d..7984a0e 100644 (file)
@@ -133,6 +133,7 @@ enum tomoyo_path_acl_index {
        TOMOYO_MAX_PATH_OPERATION
 };
 
+/* Index numbers for /sys/kernel/security/tomoyo/stat interface. */
 enum tomoyo_memory_stat_type {
        TOMOYO_MEMORY_POLICY,
        TOMOYO_MEMORY_AUDIT,
@@ -173,7 +174,7 @@ enum tomoyo_securityfs_interface_index {
        TOMOYO_EXCEPTIONPOLICY,
        TOMOYO_DOMAIN_STATUS,
        TOMOYO_PROCESS_STATUS,
-       TOMOYO_MEMINFO,
+       TOMOYO_STAT,
        TOMOYO_SELFDOMAIN,
        TOMOYO_AUDIT,
        TOMOYO_VERSION,
@@ -237,6 +238,16 @@ enum tomoyo_mac_category_index {
  */
 #define TOMOYO_RETRY_REQUEST 1
 
+/* Index numbers for /sys/kernel/security/tomoyo/stat interface. */
+enum tomoyo_policy_stat_type {
+       /* Do not change this order. */
+       TOMOYO_STAT_POLICY_UPDATES,
+       TOMOYO_STAT_POLICY_LEARNING,   /* == TOMOYO_CONFIG_LEARNING */
+       TOMOYO_STAT_POLICY_PERMISSIVE, /* == TOMOYO_CONFIG_PERMISSIVE */
+       TOMOYO_STAT_POLICY_ENFORCING,  /* == TOMOYO_CONFIG_ENFORCING */
+       TOMOYO_MAX_POLICY_STAT
+};
+
 /* Index numbers for profile's PREFERENCE values. */
 enum tomoyo_pref_index {
        TOMOYO_PREF_MAX_AUDIT_LOG,
@@ -648,8 +659,8 @@ char *tomoyo_realpath_from_path(struct path *path);
 bool tomoyo_memory_ok(void *ptr);
 void *tomoyo_commit_ok(void *data, const unsigned int size);
 const struct tomoyo_path_info *tomoyo_get_name(const char *name);
-void tomoyo_read_memory_counter(struct tomoyo_io_buffer *head);
-int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head);
+void tomoyo_convert_time(time_t time, struct tomoyo_time *stamp);
+void tomoyo_update_stat(const u8 index);
 void __init tomoyo_mm_init(void);
 int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
                           const struct tomoyo_path_info *filename);
index 39d0128..78b6143 100644 (file)
@@ -29,16 +29,13 @@ void tomoyo_warn_oom(const char *function)
                panic("MAC Initialization failed.\n");
 }
 
+/* Lock for protecting tomoyo_memory_used. */
+static DEFINE_SPINLOCK(tomoyo_policy_memory_lock);
 /* Memoy currently used by policy/audit log/query. */
 unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT];
 /* Memory quota for "policy"/"audit log"/"query". */
 unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT];
 
-/* Memory allocated for policy. */
-static atomic_t tomoyo_policy_memory_size;
-/* Quota for holding policy. */
-static unsigned int tomoyo_quota_for_policy;
-
 /**
  * tomoyo_memory_ok - Check memory quota.
  *
@@ -50,15 +47,20 @@ static unsigned int tomoyo_quota_for_policy;
  */
 bool tomoyo_memory_ok(void *ptr)
 {
-       size_t s = ptr ? ksize(ptr) : 0;
-       atomic_add(s, &tomoyo_policy_memory_size);
-       if (ptr && (!tomoyo_quota_for_policy ||
-                   atomic_read(&tomoyo_policy_memory_size)
-                   <= tomoyo_quota_for_policy)) {
-               memset(ptr, 0, s);
-               return true;
+       if (ptr) {
+               const size_t s = ksize(ptr);
+               bool result;
+               spin_lock(&tomoyo_policy_memory_lock);
+               tomoyo_memory_used[TOMOYO_MEMORY_POLICY] += s;
+               result = !tomoyo_memory_quota[TOMOYO_MEMORY_POLICY] ||
+                       tomoyo_memory_used[TOMOYO_MEMORY_POLICY] <=
+                       tomoyo_memory_quota[TOMOYO_MEMORY_POLICY];
+               if (!result)
+                       tomoyo_memory_used[TOMOYO_MEMORY_POLICY] -= s;
+               spin_unlock(&tomoyo_policy_memory_lock);
+               if (result)
+                       return true;
        }
-       atomic_sub(s, &tomoyo_policy_memory_size);
        tomoyo_warn_oom(__func__);
        return false;
 }
@@ -91,7 +93,10 @@ void *tomoyo_commit_ok(void *data, const unsigned int size)
  */
 void tomoyo_memory_free(void *ptr)
 {
-       atomic_sub(ksize(ptr), &tomoyo_policy_memory_size);
+       size_t s = ksize(ptr);
+       spin_lock(&tomoyo_policy_memory_lock);
+       tomoyo_memory_used[TOMOYO_MEMORY_POLICY] -= s;
+       spin_unlock(&tomoyo_policy_memory_lock);
        kfree(ptr);
 }
 
@@ -162,7 +167,6 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name)
        struct tomoyo_name *ptr;
        unsigned int hash;
        int len;
-       int allocated_len;
        struct list_head *head;
 
        if (!name)
@@ -179,22 +183,17 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name)
                goto out;
        }
        ptr = kzalloc(sizeof(*ptr) + len, GFP_NOFS);
-       allocated_len = ptr ? ksize(ptr) : 0;
-       if (!ptr || (tomoyo_quota_for_policy &&
-                    atomic_read(&tomoyo_policy_memory_size) + allocated_len
-                    > tomoyo_quota_for_policy)) {
+       if (tomoyo_memory_ok(ptr)) {
+               ptr->entry.name = ((char *) ptr) + sizeof(*ptr);
+               memmove((char *) ptr->entry.name, name, len);
+               atomic_set(&ptr->head.users, 1);
+               tomoyo_fill_path_info(&ptr->entry);
+               list_add_tail(&ptr->head.list, head);
+       } else {
                kfree(ptr);
                ptr = NULL;
-               tomoyo_warn_oom(__func__);
-               goto out;
        }
-       atomic_add(allocated_len, &tomoyo_policy_memory_size);
-       ptr->entry.name = ((char *) ptr) + sizeof(*ptr);
-       memmove((char *) ptr->entry.name, name, len);
-       atomic_set(&ptr->head.users, 1);
-       tomoyo_fill_path_info(&ptr->entry);
-       list_add_tail(&ptr->head.list, head);
- out:
+out:
        mutex_unlock(&tomoyo_policy_lock);
        return ptr ? &ptr->entry : NULL;
 }
@@ -227,65 +226,3 @@ void __init tomoyo_mm_init(void)
        }
 #endif
 }
-
-
-/* Memory allocated for query lists. */
-unsigned int tomoyo_query_memory_size;
-/* Quota for holding query lists. */
-unsigned int tomoyo_quota_for_query;
-
-/**
- * tomoyo_read_memory_counter - Check for memory usage in bytes.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns memory usage.
- */
-void tomoyo_read_memory_counter(struct tomoyo_io_buffer *head)
-{
-       if (!head->r.eof) {
-               const unsigned int policy
-                       = atomic_read(&tomoyo_policy_memory_size);
-               const unsigned int query = tomoyo_query_memory_size;
-               char buffer[64];
-
-               memset(buffer, 0, sizeof(buffer));
-               if (tomoyo_quota_for_policy)
-                       snprintf(buffer, sizeof(buffer) - 1,
-                                "   (Quota: %10u)",
-                                tomoyo_quota_for_policy);
-               else
-                       buffer[0] = '\0';
-               tomoyo_io_printf(head, "Policy:       %10u%s\n", policy,
-                                buffer);
-               if (tomoyo_quota_for_query)
-                       snprintf(buffer, sizeof(buffer) - 1,
-                                "   (Quota: %10u)",
-                                tomoyo_quota_for_query);
-               else
-                       buffer[0] = '\0';
-               tomoyo_io_printf(head, "Query lists:  %10u%s\n", query,
-                                buffer);
-               tomoyo_io_printf(head, "Total:        %10u\n", policy + query);
-               head->r.eof = true;
-       }
-}
-
-/**
- * tomoyo_write_memory_quota - Set memory quota.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns 0.
- */
-int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head)
-{
-       char *data = head->write_buf;
-       unsigned int size;
-
-       if (sscanf(data, "Policy: %u", &size) == 1)
-               tomoyo_quota_for_policy = size;
-       else if (sscanf(data, "Query lists: %u", &size) == 1)
-               tomoyo_quota_for_query = size;
-       return 0;
-}
index e056609..b509e2c 100644 (file)
@@ -143,8 +143,8 @@ static int __init tomoyo_initerface_init(void)
                            TOMOYO_DOMAIN_STATUS);
        tomoyo_create_entry(".process_status",  0600, tomoyo_dir,
                            TOMOYO_PROCESS_STATUS);
-       tomoyo_create_entry("meminfo",          0600, tomoyo_dir,
-                           TOMOYO_MEMINFO);
+       tomoyo_create_entry("stat",             0644, tomoyo_dir,
+                           TOMOYO_STAT);
        tomoyo_create_entry("profile",          0600, tomoyo_dir,
                            TOMOYO_PROFILE);
        tomoyo_create_entry("manager",          0600, tomoyo_dir,
index daf7a45..7ff54c9 100644 (file)
@@ -47,6 +47,47 @@ const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX] = {
 };
 
 /**
+ * tomoyo_convert_time - Convert time_t to YYYY/MM/DD hh/mm/ss.
+ *
+ * @time:  Seconds since 1970/01/01 00:00:00.
+ * @stamp: Pointer to "struct tomoyo_time".
+ *
+ * Returns nothing.
+ *
+ * This function does not handle Y2038 problem.
+ */
+void tomoyo_convert_time(time_t time, struct tomoyo_time *stamp)
+{
+       static const u16 tomoyo_eom[2][12] = {
+               { 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365 },
+               { 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, 366 }
+       };
+       u16 y;
+       u8 m;
+       bool r;
+       stamp->sec = time % 60;
+       time /= 60;
+       stamp->min = time % 60;
+       time /= 60;
+       stamp->hour = time % 24;
+       time /= 24;
+       for (y = 1970; ; y++) {
+               const unsigned short days = (y & 3) ? 365 : 366;
+               if (time < days)
+                       break;
+               time -= days;
+       }
+       r = (y & 3) == 0;
+       for (m = 0; m < 11 && time >= tomoyo_eom[r][m]; m++)
+               ;
+       if (m)
+               time -= tomoyo_eom[r][m - 1];
+       stamp->year = y;
+       stamp->month = ++m;
+       stamp->day = ++time;
+}
+
+/**
  * tomoyo_permstr - Find permission keywords.
  *
  * @string: String representation for permissions in foo/bar/buz format.