1*c3ef1500STetsuo Handa /* 2*c3ef1500STetsuo Handa * security/tomoyo/common.c 3*c3ef1500STetsuo Handa * 4*c3ef1500STetsuo Handa * Securityfs interface for TOMOYO. 5*c3ef1500STetsuo Handa * 6*c3ef1500STetsuo Handa * Copyright (C) 2005-2010 NTT DATA CORPORATION 7*c3ef1500STetsuo Handa */ 8*c3ef1500STetsuo Handa 9*c3ef1500STetsuo Handa #include <linux/security.h> 10*c3ef1500STetsuo Handa #include "common.h" 11*c3ef1500STetsuo Handa 12*c3ef1500STetsuo Handa /** 13*c3ef1500STetsuo Handa * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. 14*c3ef1500STetsuo Handa * 15*c3ef1500STetsuo Handa * @inode: Pointer to "struct inode". 16*c3ef1500STetsuo Handa * @file: Pointer to "struct file". 17*c3ef1500STetsuo Handa * 18*c3ef1500STetsuo Handa * Returns 0 on success, negative value otherwise. 19*c3ef1500STetsuo Handa */ 20*c3ef1500STetsuo Handa static int tomoyo_open(struct inode *inode, struct file *file) 21*c3ef1500STetsuo Handa { 22*c3ef1500STetsuo Handa const int key = ((u8 *) file->f_path.dentry->d_inode->i_private) 23*c3ef1500STetsuo Handa - ((u8 *) NULL); 24*c3ef1500STetsuo Handa return tomoyo_open_control(key, file); 25*c3ef1500STetsuo Handa } 26*c3ef1500STetsuo Handa 27*c3ef1500STetsuo Handa /** 28*c3ef1500STetsuo Handa * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. 29*c3ef1500STetsuo Handa * 30*c3ef1500STetsuo Handa * @inode: Pointer to "struct inode". 31*c3ef1500STetsuo Handa * @file: Pointer to "struct file". 32*c3ef1500STetsuo Handa * 33*c3ef1500STetsuo Handa * Returns 0 on success, negative value otherwise. 34*c3ef1500STetsuo Handa */ 35*c3ef1500STetsuo Handa static int tomoyo_release(struct inode *inode, struct file *file) 36*c3ef1500STetsuo Handa { 37*c3ef1500STetsuo Handa return tomoyo_close_control(file); 38*c3ef1500STetsuo Handa } 39*c3ef1500STetsuo Handa 40*c3ef1500STetsuo Handa /** 41*c3ef1500STetsuo Handa * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. 42*c3ef1500STetsuo Handa * 43*c3ef1500STetsuo Handa * @file: Pointer to "struct file". 44*c3ef1500STetsuo Handa * @buf: Pointer to buffer. 45*c3ef1500STetsuo Handa * @count: Size of @buf. 46*c3ef1500STetsuo Handa * @ppos: Unused. 47*c3ef1500STetsuo Handa * 48*c3ef1500STetsuo Handa * Returns bytes read on success, negative value otherwise. 49*c3ef1500STetsuo Handa */ 50*c3ef1500STetsuo Handa static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, 51*c3ef1500STetsuo Handa loff_t *ppos) 52*c3ef1500STetsuo Handa { 53*c3ef1500STetsuo Handa return tomoyo_read_control(file, buf, count); 54*c3ef1500STetsuo Handa } 55*c3ef1500STetsuo Handa 56*c3ef1500STetsuo Handa /** 57*c3ef1500STetsuo Handa * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. 58*c3ef1500STetsuo Handa * 59*c3ef1500STetsuo Handa * @file: Pointer to "struct file". 60*c3ef1500STetsuo Handa * @buf: Pointer to buffer. 61*c3ef1500STetsuo Handa * @count: Size of @buf. 62*c3ef1500STetsuo Handa * @ppos: Unused. 63*c3ef1500STetsuo Handa * 64*c3ef1500STetsuo Handa * Returns @count on success, negative value otherwise. 65*c3ef1500STetsuo Handa */ 66*c3ef1500STetsuo Handa static ssize_t tomoyo_write(struct file *file, const char __user *buf, 67*c3ef1500STetsuo Handa size_t count, loff_t *ppos) 68*c3ef1500STetsuo Handa { 69*c3ef1500STetsuo Handa return tomoyo_write_control(file, buf, count); 70*c3ef1500STetsuo Handa } 71*c3ef1500STetsuo Handa 72*c3ef1500STetsuo Handa /* 73*c3ef1500STetsuo Handa * tomoyo_operations is a "struct file_operations" which is used for handling 74*c3ef1500STetsuo Handa * /sys/kernel/security/tomoyo/ interface. 75*c3ef1500STetsuo Handa * 76*c3ef1500STetsuo Handa * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR). 77*c3ef1500STetsuo Handa * See tomoyo_io_buffer for internals. 78*c3ef1500STetsuo Handa */ 79*c3ef1500STetsuo Handa static const struct file_operations tomoyo_operations = { 80*c3ef1500STetsuo Handa .open = tomoyo_open, 81*c3ef1500STetsuo Handa .release = tomoyo_release, 82*c3ef1500STetsuo Handa .read = tomoyo_read, 83*c3ef1500STetsuo Handa .write = tomoyo_write, 84*c3ef1500STetsuo Handa }; 85*c3ef1500STetsuo Handa 86*c3ef1500STetsuo Handa /** 87*c3ef1500STetsuo Handa * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory. 88*c3ef1500STetsuo Handa * 89*c3ef1500STetsuo Handa * @name: The name of the interface file. 90*c3ef1500STetsuo Handa * @mode: The permission of the interface file. 91*c3ef1500STetsuo Handa * @parent: The parent directory. 92*c3ef1500STetsuo Handa * @key: Type of interface. 93*c3ef1500STetsuo Handa * 94*c3ef1500STetsuo Handa * Returns nothing. 95*c3ef1500STetsuo Handa */ 96*c3ef1500STetsuo Handa static void __init tomoyo_create_entry(const char *name, const mode_t mode, 97*c3ef1500STetsuo Handa struct dentry *parent, const u8 key) 98*c3ef1500STetsuo Handa { 99*c3ef1500STetsuo Handa securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, 100*c3ef1500STetsuo Handa &tomoyo_operations); 101*c3ef1500STetsuo Handa } 102*c3ef1500STetsuo Handa 103*c3ef1500STetsuo Handa /** 104*c3ef1500STetsuo Handa * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. 105*c3ef1500STetsuo Handa * 106*c3ef1500STetsuo Handa * Returns 0. 107*c3ef1500STetsuo Handa */ 108*c3ef1500STetsuo Handa static int __init tomoyo_initerface_init(void) 109*c3ef1500STetsuo Handa { 110*c3ef1500STetsuo Handa struct dentry *tomoyo_dir; 111*c3ef1500STetsuo Handa 112*c3ef1500STetsuo Handa /* Don't create securityfs entries unless registered. */ 113*c3ef1500STetsuo Handa if (current_cred()->security != &tomoyo_kernel_domain) 114*c3ef1500STetsuo Handa return 0; 115*c3ef1500STetsuo Handa 116*c3ef1500STetsuo Handa tomoyo_dir = securityfs_create_dir("tomoyo", NULL); 117*c3ef1500STetsuo Handa tomoyo_create_entry("query", 0600, tomoyo_dir, 118*c3ef1500STetsuo Handa TOMOYO_QUERY); 119*c3ef1500STetsuo Handa tomoyo_create_entry("domain_policy", 0600, tomoyo_dir, 120*c3ef1500STetsuo Handa TOMOYO_DOMAINPOLICY); 121*c3ef1500STetsuo Handa tomoyo_create_entry("exception_policy", 0600, tomoyo_dir, 122*c3ef1500STetsuo Handa TOMOYO_EXCEPTIONPOLICY); 123*c3ef1500STetsuo Handa tomoyo_create_entry("self_domain", 0400, tomoyo_dir, 124*c3ef1500STetsuo Handa TOMOYO_SELFDOMAIN); 125*c3ef1500STetsuo Handa tomoyo_create_entry(".domain_status", 0600, tomoyo_dir, 126*c3ef1500STetsuo Handa TOMOYO_DOMAIN_STATUS); 127*c3ef1500STetsuo Handa tomoyo_create_entry(".process_status", 0600, tomoyo_dir, 128*c3ef1500STetsuo Handa TOMOYO_PROCESS_STATUS); 129*c3ef1500STetsuo Handa tomoyo_create_entry("meminfo", 0600, tomoyo_dir, 130*c3ef1500STetsuo Handa TOMOYO_MEMINFO); 131*c3ef1500STetsuo Handa tomoyo_create_entry("profile", 0600, tomoyo_dir, 132*c3ef1500STetsuo Handa TOMOYO_PROFILE); 133*c3ef1500STetsuo Handa tomoyo_create_entry("manager", 0600, tomoyo_dir, 134*c3ef1500STetsuo Handa TOMOYO_MANAGER); 135*c3ef1500STetsuo Handa tomoyo_create_entry("version", 0400, tomoyo_dir, 136*c3ef1500STetsuo Handa TOMOYO_VERSION); 137*c3ef1500STetsuo Handa return 0; 138*c3ef1500STetsuo Handa } 139*c3ef1500STetsuo Handa 140*c3ef1500STetsuo Handa fs_initcall(tomoyo_initerface_init); 141