[net-next-2.6.git] / security / tomoyo / domain.c

/*
 * security/tomoyo/domain.c
 *
 * Domain transition functions for TOMOYO.
 *
 * Copyright (C) 2005-2010  NTT DATA CORPORATION
 */

#include "common.h"
#include <linux/binfmts.h>
#include <linux/slab.h>

/* Variables definitions.*/

/* The initial domain. */
struct tomoyo_domain_info tomoyo_kernel_domain;

/**
 * tomoyo_update_policy - Update an entry for exception policy.
 *
 * @new_entry:       Pointer to "struct tomoyo_acl_info".
 * @size:            Size of @new_entry in bytes.
 * @is_delete:       True if it is a delete request.
 * @list:            Pointer to "struct list_head".
 * @check_duplicate: Callback function to find duplicated entry.
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds tomoyo_read_lock().
 */
int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
			 bool is_delete, struct list_head *list,
			 bool (*check_duplicate) (const struct tomoyo_acl_head
						  *,
						  const struct tomoyo_acl_head
						  *))
{
	int error = is_delete ? -ENOENT : -ENOMEM;
	struct tomoyo_acl_head *entry;

	if (mutex_lock_interruptible(&tomoyo_policy_lock))
		return -ENOMEM;
	list_for_each_entry_rcu(entry, list, list) {
		if (!check_duplicate(entry, new_entry))
			continue;
		entry->is_deleted = is_delete;
		error = 0;
		break;
	}
	if (error && !is_delete) {
		entry = tomoyo_commit_ok(new_entry, size);
		if (entry) {
			list_add_tail_rcu(&entry->list, list);
			error = 0;
		}
	}
	mutex_unlock(&tomoyo_policy_lock);
	return error;
}

/**
 * tomoyo_update_domain - Update an entry for domain policy.
 *
 * @new_entry:       Pointer to "struct tomoyo_acl_info".
 * @size:            Size of @new_entry in bytes.
 * @is_delete:       True if it is a delete request.
 * @domain:          Pointer to "struct tomoyo_domain_info".
 * @check_duplicate: Callback function to find duplicated entry.
 * @merge_duplicate: Callback function to merge duplicated entry.
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds tomoyo_read_lock().
 */
int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
			 bool is_delete, struct tomoyo_domain_info *domain,
			 bool (*check_duplicate) (const struct tomoyo_acl_info
						  *,
						  const struct tomoyo_acl_info
						  *),
			 bool (*merge_duplicate) (struct tomoyo_acl_info *,
						  struct tomoyo_acl_info *,
						  const bool))
{
	int error = is_delete ? -ENOENT : -ENOMEM;
	struct tomoyo_acl_info *entry;

	if (mutex_lock_interruptible(&tomoyo_policy_lock))
		return error;
	list_for_each_entry_rcu(entry, &domain->acl_info_list, list) {
		if (!check_duplicate(entry, new_entry))
			continue;
		if (merge_duplicate)
			entry->is_deleted = merge_duplicate(entry, new_entry,
							    is_delete);
		else
			entry->is_deleted = is_delete;
		error = 0;
		break;
	}
	if (error && !is_delete) {
		entry = tomoyo_commit_ok(new_entry, size);
		if (entry) {
			list_add_tail_rcu(&entry->list, &domain->acl_info_list);
			error = 0;
		}
	}
	mutex_unlock(&tomoyo_policy_lock);
	return error;
}

void tomoyo_check_acl(struct tomoyo_request_info *r,
		      bool (*check_entry) (const struct tomoyo_request_info *,
					   const struct tomoyo_acl_info *))
{
	const struct tomoyo_domain_info *domain = r->domain;
	struct tomoyo_acl_info *ptr;

	list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
		if (ptr->is_deleted || ptr->type != r->param_type)
			continue;
		if (check_entry(r, ptr)) {
			r->granted = true;
			return;
		}
	}
	r->granted = false;
}

/* The list for "struct tomoyo_domain_info". */
LIST_HEAD(tomoyo_domain_list);

struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];

/**
 * tomoyo_last_word - Get last component of a domainname.
 *
 * @domainname: Domainname to check.
 *
 * Returns the last word of @domainname.
 */
static const char *tomoyo_last_word(const char *name)
{
        const char *cp = strrchr(name, ' ');
        if (cp)
                return cp + 1;
        return name;
}

static bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a,
					   const struct tomoyo_acl_head *b)
{
	const struct tomoyo_transition_control *p1 = container_of(a,
								  typeof(*p1),
								  head);
	const struct tomoyo_transition_control *p2 = container_of(b,
								  typeof(*p2),
								  head);
	return p1->type == p2->type && p1->is_last_name == p2->is_last_name
		&& p1->domainname == p2->domainname
		&& p1->program == p2->program;
}

/**
 * tomoyo_update_transition_control_entry - Update "struct tomoyo_transition_control" list.
 *
 * @domainname: The name of domain. Maybe NULL.
 * @program:    The name of program. Maybe NULL.
 * @type:       Type of transition.
 * @is_delete:  True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_update_transition_control_entry(const char *domainname,
						  const char *program,
						  const u8 type,
						  const bool is_delete)
{
	struct tomoyo_transition_control e = { .type = type };
	int error = is_delete ? -ENOENT : -ENOMEM;
	if (program) {
		if (!tomoyo_correct_path(program))
			return -EINVAL;
		e.program = tomoyo_get_name(program);
		if (!e.program)
			goto out;
	}
	if (domainname) {
		if (!tomoyo_correct_domain(domainname)) {
			if (!tomoyo_correct_path(domainname))
				goto out;
			e.is_last_name = true;
		}
		e.domainname = tomoyo_get_name(domainname);
		if (!e.domainname)
			goto out;
	}
	error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
				     &tomoyo_policy_list
				     [TOMOYO_ID_TRANSITION_CONTROL],
				     tomoyo_same_transition_control);
 out:
	tomoyo_put_name(e.domainname);
	tomoyo_put_name(e.program);
	return error;
}

/**
 * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
 *
 * @data:      String to parse.
 * @is_delete: True if it is a delete request.
 * @type:      Type of this entry.
 *
 * Returns 0 on success, negative value otherwise.
 */
int tomoyo_write_transition_control(char *data, const bool is_delete,
				    const u8 type)
{
	char *domainname = strstr(data, " from ");
	if (domainname) {
		*domainname = '\0';
		domainname += 6;
	} else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP ||
		   type == TOMOYO_TRANSITION_CONTROL_KEEP) {
		domainname = data;
		data = NULL;
	}
	return tomoyo_update_transition_control_entry(domainname, data, type,
						      is_delete);
}

/**
 * tomoyo_transition_type - Get domain transition type.
 *
 * @domainname: The name of domain.
 * @program:    The name of program.
 *
 * Returns TOMOYO_TRANSITION_CONTROL_INITIALIZE if executing @program
 * reinitializes domain transition, TOMOYO_TRANSITION_CONTROL_KEEP if executing
 * @program suppresses domain transition, others otherwise.
 *
 * Caller holds tomoyo_read_lock().
 */
static u8 tomoyo_transition_type(const struct tomoyo_path_info *domainname,
				 const struct tomoyo_path_info *program)
{
	const struct tomoyo_transition_control *ptr;
	const char *last_name = tomoyo_last_word(domainname->name);
	u8 type;
	for (type = 0; type < TOMOYO_MAX_TRANSITION_TYPE; type++) {
 next:
		list_for_each_entry_rcu(ptr, &tomoyo_policy_list
					[TOMOYO_ID_TRANSITION_CONTROL],
					head.list) {
			if (ptr->head.is_deleted || ptr->type != type)
				continue;
			if (ptr->domainname) {
				if (!ptr->is_last_name) {
					if (ptr->domainname != domainname)
						continue;
				} else {
					/*
					 * Use direct strcmp() since this is
					 * unlikely used.
					 */
					if (strcmp(ptr->domainname->name,
						   last_name))
						continue;
				}
			}
			if (ptr->program &&
			    tomoyo_pathcmp(ptr->program, program))
				continue;
			if (type == TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) {
				/*
				 * Do not check for initialize_domain if
				 * no_initialize_domain matched.
				 */
				type = TOMOYO_TRANSITION_CONTROL_NO_KEEP;
				goto next;
			}
			goto done;
		}
	}
 done:
	return type;
}

static bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a,
				   const struct tomoyo_acl_head *b)
{
	const struct tomoyo_aggregator *p1 = container_of(a, typeof(*p1), head);
	const struct tomoyo_aggregator *p2 = container_of(b, typeof(*p2), head);
	return p1->original_name == p2->original_name &&
		p1->aggregated_name == p2->aggregated_name;
}

/**
 * tomoyo_update_aggregator_entry - Update "struct tomoyo_aggregator" list.
 *
 * @original_name:   The original program's name.
 * @aggregated_name: The program name to use.
 * @is_delete:       True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds tomoyo_read_lock().
 */
static int tomoyo_update_aggregator_entry(const char *original_name,
					  const char *aggregated_name,
					  const bool is_delete)
{
	struct tomoyo_aggregator e = { };
	int error = is_delete ? -ENOENT : -ENOMEM;

	if (!tomoyo_correct_path(original_name) ||
	    !tomoyo_correct_path(aggregated_name))
		return -EINVAL;
	e.original_name = tomoyo_get_name(original_name);
	e.aggregated_name = tomoyo_get_name(aggregated_name);
	if (!e.original_name || !e.aggregated_name ||
	    e.aggregated_name->is_patterned) /* No patterns allowed. */
		goto out;
	error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
				     &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR],
				     tomoyo_same_aggregator);
 out:
	tomoyo_put_name(e.original_name);
	tomoyo_put_name(e.aggregated_name);
	return error;
}

/**
 * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
 *
 * @data:      String to parse.
 * @is_delete: True if it is a delete request.
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds tomoyo_read_lock().
 */
int tomoyo_write_aggregator(char *data, const bool is_delete)
{
	char *cp = strchr(data, ' ');

	if (!cp)
		return -EINVAL;
	*cp++ = '\0';
	return tomoyo_update_aggregator_entry(data, cp, is_delete);
}

/**
 * tomoyo_assign_domain - Create a domain.
 *
 * @domainname: The name of domain.
 * @profile:    Profile number to assign if the domain was newly created.
 *
 * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
 *
 * Caller holds tomoyo_read_lock().
 */
struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
						const u8 profile)
{
	struct tomoyo_domain_info *entry;
	struct tomoyo_domain_info *domain = NULL;
	const struct tomoyo_path_info *saved_domainname;
	bool found = false;

	if (!tomoyo_correct_domain(domainname))
		return NULL;
	saved_domainname = tomoyo_get_name(domainname);
	if (!saved_domainname)
		return NULL;
	entry = kzalloc(sizeof(*entry), GFP_NOFS);
	if (mutex_lock_interruptible(&tomoyo_policy_lock))
		goto out;
	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
		if (domain->is_deleted ||
		    tomoyo_pathcmp(saved_domainname, domain->domainname))
			continue;
		found = true;
		break;
	}
	if (!found && tomoyo_memory_ok(entry)) {
		INIT_LIST_HEAD(&entry->acl_info_list);
		entry->domainname = saved_domainname;
		saved_domainname = NULL;
		entry->profile = profile;
		list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
		domain = entry;
		entry = NULL;
		found = true;
	}
	mutex_unlock(&tomoyo_policy_lock);
 out:
	tomoyo_put_name(saved_domainname);
	kfree(entry);
	return found ? domain : NULL;
}

/**
 * tomoyo_find_next_domain - Find a domain.
 *
 * @bprm: Pointer to "struct linux_binprm".
 *
 * Returns 0 on success, negative value otherwise.
 *
 * Caller holds tomoyo_read_lock().
 */
int tomoyo_find_next_domain(struct linux_binprm *bprm)
{
	struct tomoyo_request_info r;
	char *tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
	struct tomoyo_domain_info *old_domain = tomoyo_domain();
	struct tomoyo_domain_info *domain = NULL;
	const char *original_name = bprm->filename;
	u8 mode;
	bool is_enforce;
	int retval = -ENOMEM;
	bool need_kfree = false;
	struct tomoyo_path_info rn = { }; /* real name */

	mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
	is_enforce = (mode == TOMOYO_CONFIG_ENFORCING);
	if (!tmp)
		goto out;

 retry:
	if (need_kfree) {
		kfree(rn.name);
		need_kfree = false;
	}
	/* Get symlink's pathname of program. */
	retval = -ENOENT;
	rn.name = tomoyo_realpath_nofollow(original_name);
	if (!rn.name)
		goto out;
	tomoyo_fill_path_info(&rn);
	need_kfree = true;

	/* Check 'aggregator' directive. */
	{
		struct tomoyo_aggregator *ptr;
		list_for_each_entry_rcu(ptr, &tomoyo_policy_list
					[TOMOYO_ID_AGGREGATOR], head.list) {
			if (ptr->head.is_deleted ||
			    !tomoyo_path_matches_pattern(&rn,
							 ptr->original_name))
				continue;
			kfree(rn.name);
			need_kfree = false;
			/* This is OK because it is read only. */
			rn = *ptr->aggregated_name;
			break;
		}
	}

	/* Check execute permission. */
	retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn);
	if (retval == TOMOYO_RETRY_REQUEST)
		goto retry;
	if (retval < 0)
		goto out;

	/* Calculate domain to transit to. */
	switch (tomoyo_transition_type(old_domain->domainname, &rn)) {
	case TOMOYO_TRANSITION_CONTROL_INITIALIZE:
		/* Transit to the child of tomoyo_kernel_domain domain. */
		snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, TOMOYO_ROOT_NAME " "
			 "%s", rn.name);
		break;
	case TOMOYO_TRANSITION_CONTROL_KEEP:
		/* Keep current domain. */
		domain = old_domain;
		break;
	default:
		if (old_domain == &tomoyo_kernel_domain &&
		    !tomoyo_policy_loaded) {
			/*
			 * Needn't to transit from kernel domain before
			 * starting /sbin/init. But transit from kernel domain
			 * if executing initializers because they might start
			 * before /sbin/init.
			 */
			domain = old_domain;
		} else {
			/* Normal domain transition. */
			snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
				 old_domain->domainname->name, rn.name);
		}
		break;
	}
	if (domain || strlen(tmp) >= TOMOYO_EXEC_TMPSIZE - 10)
		goto done;
	domain = tomoyo_find_domain(tmp);
	if (domain)
		goto done;
	if (is_enforce) {
		int error = tomoyo_supervisor(&r, "# wants to create domain\n"
					      "%s\n", tmp);
		if (error == TOMOYO_RETRY_REQUEST)
			goto retry;
		if (error < 0)
			goto done;
	}
	domain = tomoyo_assign_domain(tmp, old_domain->profile);
 done:
	if (domain)
		goto out;
	printk(KERN_WARNING "TOMOYO-ERROR: Domain '%s' not defined.\n", tmp);
	if (is_enforce)
		retval = -EPERM;
	else
		old_domain->transition_failed = true;
 out:
	if (!domain)
		domain = old_domain;
	/* Update reference count on "struct tomoyo_domain_info". */
	atomic_inc(&domain->users);
	bprm->cred->security = domain;
	if (need_kfree)
		kfree(rn.name);
	kfree(tmp);
	return retval;
}
Commit	Line	Data
26a2a1c9 KT	1	/*
	2	* security/tomoyo/domain.c
	3	*
c3ef1500	4	* Domain transition functions for TOMOYO.
26a2a1c9	5	*
c3ef1500	6	* Copyright (C) 2005-2010 NTT DATA CORPORATION
26a2a1c9 KT	7	*/
	8
	9	#include "common.h"
26a2a1c9	10	#include <linux/binfmts.h>
5a0e3ad6	11	#include <linux/slab.h>
26a2a1c9 KT	12
	13	/* Variables definitions.*/
	14
	15	/* The initial domain. */
	16	struct tomoyo_domain_info tomoyo_kernel_domain;
	17
36f5e1ff TH	18	/**
	19	* tomoyo_update_policy - Update an entry for exception policy.
	20	*
	21	* @new_entry: Pointer to "struct tomoyo_acl_info".
	22	* @size: Size of @new_entry in bytes.
	23	* @is_delete: True if it is a delete request.
	24	* @list: Pointer to "struct list_head".
	25	* @check_duplicate: Callback function to find duplicated entry.
	26	*
	27	* Returns 0 on success, negative value otherwise.
	28	*
	29	* Caller holds tomoyo_read_lock().
	30	*/
	31	int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
	32	bool is_delete, struct list_head *list,
	33	bool (*check_duplicate) (const struct tomoyo_acl_head
	34	*,
	35	const struct tomoyo_acl_head
	36	*))
	37	{
	38	int error = is_delete ? -ENOENT : -ENOMEM;
	39	struct tomoyo_acl_head *entry;
	40
	41	if (mutex_lock_interruptible(&tomoyo_policy_lock))
	42	return -ENOMEM;
	43	list_for_each_entry_rcu(entry, list, list) {
	44	if (!check_duplicate(entry, new_entry))
	45	continue;
	46	entry->is_deleted = is_delete;
	47	error = 0;
	48	break;
	49	}
	50	if (error && !is_delete) {
	51	entry = tomoyo_commit_ok(new_entry, size);
	52	if (entry) {
	53	list_add_tail_rcu(&entry->list, list);
	54	error = 0;
	55	}
	56	}
	57	mutex_unlock(&tomoyo_policy_lock);
	58	return error;
	59	}
	60
237ab459 TH	61	/**
	62	* tomoyo_update_domain - Update an entry for domain policy.
	63	*
	64	* @new_entry: Pointer to "struct tomoyo_acl_info".
	65	* @size: Size of @new_entry in bytes.
	66	* @is_delete: True if it is a delete request.
	67	* @domain: Pointer to "struct tomoyo_domain_info".
	68	* @check_duplicate: Callback function to find duplicated entry.
	69	* @merge_duplicate: Callback function to merge duplicated entry.
	70	*
	71	* Returns 0 on success, negative value otherwise.
	72	*
	73	* Caller holds tomoyo_read_lock().
	74	*/
	75	int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
	76	bool is_delete, struct tomoyo_domain_info *domain,
	77	bool (*check_duplicate) (const struct tomoyo_acl_info
	78	*,
	79	const struct tomoyo_acl_info
	80	*),
	81	bool (merge_duplicate) (struct tomoyo_acl_info ,
	82	struct tomoyo_acl_info *,
	83	const bool))
	84	{
	85	int error = is_delete ? -ENOENT : -ENOMEM;
	86	struct tomoyo_acl_info *entry;
	87
	88	if (mutex_lock_interruptible(&tomoyo_policy_lock))
	89	return error;
	90	list_for_each_entry_rcu(entry, &domain->acl_info_list, list) {
	91	if (!check_duplicate(entry, new_entry))
	92	continue;
	93	if (merge_duplicate)
	94	entry->is_deleted = merge_duplicate(entry, new_entry,
	95	is_delete);
	96	else
	97	entry->is_deleted = is_delete;
	98	error = 0;
	99	break;
	100	}
	101	if (error && !is_delete) {
	102	entry = tomoyo_commit_ok(new_entry, size);
	103	if (entry) {
	104	list_add_tail_rcu(&entry->list, &domain->acl_info_list);
	105	error = 0;
	106	}
	107	}
	108	mutex_unlock(&tomoyo_policy_lock);
	109	return error;
	110	}
	111
99a85259 TH	112	void tomoyo_check_acl(struct tomoyo_request_info *r,
	113	bool (check_entry) (const struct tomoyo_request_info ,
	114	const struct tomoyo_acl_info *))
	115	{
	116	const struct tomoyo_domain_info *domain = r->domain;
	117	struct tomoyo_acl_info *ptr;
	118
	119	list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
	120	if (ptr->is_deleted \|\| ptr->type != r->param_type)
	121	continue;
	122	if (check_entry(r, ptr)) {
	123	r->granted = true;
	124	return;
	125	}
	126	}
	127	r->granted = false;
	128	}
	129
a230f9e7	130	/* The list for "struct tomoyo_domain_info". */
26a2a1c9	131	LIST_HEAD(tomoyo_domain_list);
26a2a1c9	132
a230f9e7 TH	133	struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
	134	struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
	135
26a2a1c9	136	/**
e2bf6907	137	* tomoyo_last_word - Get last component of a domainname.
26a2a1c9	138	*
e2bf6907	139	* @domainname: Domainname to check.
26a2a1c9	140	*
e2bf6907	141	* Returns the last word of @domainname.
26a2a1c9	142	*/
e2bf6907	143	static const char tomoyo_last_word(const char name)
26a2a1c9	144	{
e2bf6907 TH	145	const char *cp = strrchr(name, ' ');
	146	if (cp)
	147	return cp + 1;
	148	return name;
26a2a1c9 KT	149	}
26a2a1c9 KT	150
e2bf6907 TH	151	static bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a,
e2bf6907 TH	152	const struct tomoyo_acl_head *b)
36f5e1ff	153	{
5448ec4f TH	154	const struct tomoyo_transition_control *p1 = container_of(a,
	155	typeof(*p1),
	156	head);
	157	const struct tomoyo_transition_control *p2 = container_of(b,
	158	typeof(*p2),
	159	head);
	160	return p1->type == p2->type && p1->is_last_name == p2->is_last_name
36f5e1ff TH	161	&& p1->domainname == p2->domainname
	162	&& p1->program == p2->program;
	163	}
	164
26a2a1c9	165	/**
5448ec4f	166	* tomoyo_update_transition_control_entry - Update "struct tomoyo_transition_control" list.
26a2a1c9	167	*
5448ec4f TH	168	* @domainname: The name of domain. Maybe NULL.
	169	* @program: The name of program. Maybe NULL.
	170	* @type: Type of transition.
26a2a1c9 KT	171	* @is_delete: True if it is a delete request.
	172	*
	173	* Returns 0 on success, negative value otherwise.
	174	*/
5448ec4f	175	static int tomoyo_update_transition_control_entry(const char *domainname,
26a2a1c9	176	const char *program,
5448ec4f	177	const u8 type,
26a2a1c9 KT	178	const bool is_delete)
26a2a1c9 KT	179	{
5448ec4f	180	struct tomoyo_transition_control e = { .type = type };
ca0b7df3	181	int error = is_delete ? -ENOENT : -ENOMEM;
5448ec4f TH	182	if (program) {
	183	if (!tomoyo_correct_path(program))
	184	return -EINVAL;
	185	e.program = tomoyo_get_name(program);
	186	if (!e.program)
	187	goto out;
	188	}
26a2a1c9	189	if (domainname) {
5448ec4f TH	190	if (!tomoyo_correct_domain(domainname)) {
	191	if (!tomoyo_correct_path(domainname))
	192	goto out;
9e4b50e9	193	e.is_last_name = true;
5448ec4f	194	}
9e4b50e9 TH	195	e.domainname = tomoyo_get_name(domainname);
9e4b50e9 TH	196	if (!e.domainname)
ca0b7df3	197	goto out;
26a2a1c9	198	}
36f5e1ff	199	error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
a230f9e7	200	&tomoyo_policy_list
5448ec4f	201	[TOMOYO_ID_TRANSITION_CONTROL],
e2bf6907	202	tomoyo_same_transition_control);
ca0b7df3	203	out:
9e4b50e9 TH	204	tomoyo_put_name(e.domainname);
9e4b50e9 TH	205	tomoyo_put_name(e.program);
26a2a1c9 KT	206	return error;
	207	}
	208
26a2a1c9	209	/**
5448ec4f	210	* tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
26a2a1c9 KT	211	*
26a2a1c9 KT	212	* @data: String to parse.
26a2a1c9	213	* @is_delete: True if it is a delete request.
5448ec4f	214	* @type: Type of this entry.
26a2a1c9 KT	215	*
	216	* Returns 0 on success, negative value otherwise.
	217	*/
5448ec4f TH	218	int tomoyo_write_transition_control(char *data, const bool is_delete,
5448ec4f TH	219	const u8 type)
26a2a1c9	220	{
5448ec4f TH	221	char *domainname = strstr(data, " from ");
	222	if (domainname) {
	223	*domainname = '\0';
	224	domainname += 6;
	225	} else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP \|\|
	226	type == TOMOYO_TRANSITION_CONTROL_KEEP) {
	227	domainname = data;
	228	data = NULL;
26a2a1c9	229	}
5448ec4f	230	return tomoyo_update_transition_control_entry(domainname, data, type,
26a2a1c9 KT	231	is_delete);
	232	}
	233
	234	/**
5448ec4f	235	* tomoyo_transition_type - Get domain transition type.
26a2a1c9 KT	236	*
	237	* @domainname: The name of domain.
	238	* @program: The name of program.
26a2a1c9	239	*
5448ec4f TH	240	* Returns TOMOYO_TRANSITION_CONTROL_INITIALIZE if executing @program
	241	* reinitializes domain transition, TOMOYO_TRANSITION_CONTROL_KEEP if executing
	242	* @program suppresses domain transition, others otherwise.
fdb8ebb7 TH	243	*
fdb8ebb7 TH	244	* Caller holds tomoyo_read_lock().
26a2a1c9	245	*/
5448ec4f TH	246	static u8 tomoyo_transition_type(const struct tomoyo_path_info *domainname,
5448ec4f TH	247	const struct tomoyo_path_info *program)
26a2a1c9	248	{
5448ec4f TH	249	const struct tomoyo_transition_control *ptr;
	250	const char *last_name = tomoyo_last_word(domainname->name);
	251	u8 type;
	252	for (type = 0; type < TOMOYO_MAX_TRANSITION_TYPE; type++) {
	253	next:
	254	list_for_each_entry_rcu(ptr, &tomoyo_policy_list
	255	[TOMOYO_ID_TRANSITION_CONTROL],
	256	head.list) {
	257	if (ptr->head.is_deleted \|\| ptr->type != type)
26a2a1c9	258	continue;
5448ec4f TH	259	if (ptr->domainname) {
	260	if (!ptr->is_last_name) {
	261	if (ptr->domainname != domainname)
	262	continue;
	263	} else {
	264	/*
	265	* Use direct strcmp() since this is
	266	* unlikely used.
	267	*/
	268	if (strcmp(ptr->domainname->name,
	269	last_name))
	270	continue;
	271	}
	272	}
	273	if (ptr->program &&
	274	tomoyo_pathcmp(ptr->program, program))
26a2a1c9	275	continue;
5448ec4f TH	276	if (type == TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) {
	277	/*
	278	* Do not check for initialize_domain if
	279	* no_initialize_domain matched.
	280	*/
	281	type = TOMOYO_TRANSITION_CONTROL_NO_KEEP;
	282	goto next;
	283	}
	284	goto done;
26a2a1c9	285	}
26a2a1c9	286	}
5448ec4f TH	287	done:
5448ec4f TH	288	return type;
26a2a1c9 KT	289	}
26a2a1c9 KT	290
e2bf6907 TH	291	static bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a,
e2bf6907 TH	292	const struct tomoyo_acl_head *b)
36f5e1ff	293	{
e2bf6907 TH	294	const struct tomoyo_aggregator p1 = container_of(a, typeof(p1), head);
e2bf6907 TH	295	const struct tomoyo_aggregator p2 = container_of(b, typeof(p2), head);
36f5e1ff TH	296	return p1->original_name == p2->original_name &&
	297	p1->aggregated_name == p2->aggregated_name;
	298	}
	299
1084307c	300	/**
e2bf6907	301	* tomoyo_update_aggregator_entry - Update "struct tomoyo_aggregator" list.
1084307c TH	302	*
	303	* @original_name: The original program's name.
	304	* @aggregated_name: The program name to use.
	305	* @is_delete: True if it is a delete request.
	306	*
	307	* Returns 0 on success, negative value otherwise.
	308	*
	309	* Caller holds tomoyo_read_lock().
	310	*/
	311	static int tomoyo_update_aggregator_entry(const char *original_name,
	312	const char *aggregated_name,
	313	const bool is_delete)
	314	{
e2bf6907	315	struct tomoyo_aggregator e = { };
1084307c TH	316	int error = is_delete ? -ENOENT : -ENOMEM;
1084307c TH	317
75093152 TH	318	if (!tomoyo_correct_path(original_name) \|\|
75093152 TH	319	!tomoyo_correct_path(aggregated_name))
1084307c TH	320	return -EINVAL;
	321	e.original_name = tomoyo_get_name(original_name);
	322	e.aggregated_name = tomoyo_get_name(aggregated_name);
	323	if (!e.original_name \|\| !e.aggregated_name \|\|
	324	e.aggregated_name->is_patterned) /* No patterns allowed. */
	325	goto out;
36f5e1ff	326	error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
a230f9e7	327	&tomoyo_policy_list[TOMOYO_ID_AGGREGATOR],
e2bf6907	328	tomoyo_same_aggregator);
1084307c TH	329	out:
	330	tomoyo_put_name(e.original_name);
	331	tomoyo_put_name(e.aggregated_name);
	332	return error;
	333	}
	334
1084307c	335	/**
e2bf6907	336	* tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
1084307c TH	337	*
	338	* @data: String to parse.
	339	* @is_delete: True if it is a delete request.
	340	*
	341	* Returns 0 on success, negative value otherwise.
	342	*
	343	* Caller holds tomoyo_read_lock().
	344	*/
e2bf6907	345	int tomoyo_write_aggregator(char *data, const bool is_delete)
1084307c TH	346	{
	347	char *cp = strchr(data, ' ');
	348
	349	if (!cp)
	350	return -EINVAL;
	351	*cp++ = '\0';
	352	return tomoyo_update_aggregator_entry(data, cp, is_delete);
	353	}
	354
26a2a1c9	355	/**
e2bf6907	356	* tomoyo_assign_domain - Create a domain.
26a2a1c9 KT	357	*
	358	* @domainname: The name of domain.
	359	* @profile: Profile number to assign if the domain was newly created.
	360	*
	361	* Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
fdb8ebb7 TH	362	*
fdb8ebb7 TH	363	* Caller holds tomoyo_read_lock().
26a2a1c9	364	*/
e2bf6907 TH	365	struct tomoyo_domain_info tomoyo_assign_domain(const char domainname,
e2bf6907 TH	366	const u8 profile)
26a2a1c9	367	{
ca0b7df3	368	struct tomoyo_domain_info *entry;
29282381	369	struct tomoyo_domain_info *domain = NULL;
26a2a1c9	370	const struct tomoyo_path_info *saved_domainname;
ca0b7df3	371	bool found = false;
26a2a1c9	372
75093152	373	if (!tomoyo_correct_domain(domainname))
ca0b7df3	374	return NULL;
bf24fb01	375	saved_domainname = tomoyo_get_name(domainname);
26a2a1c9	376	if (!saved_domainname)
ca0b7df3	377	return NULL;
4e5d6f7e	378	entry = kzalloc(sizeof(*entry), GFP_NOFS);
29282381 TH	379	if (mutex_lock_interruptible(&tomoyo_policy_lock))
29282381 TH	380	goto out;
ca0b7df3 TH	381	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
	382	if (domain->is_deleted \|\|
	383	tomoyo_pathcmp(saved_domainname, domain->domainname))
	384	continue;
	385	found = true;
	386	break;
	387	}
	388	if (!found && tomoyo_memory_ok(entry)) {
	389	INIT_LIST_HEAD(&entry->acl_info_list);
	390	entry->domainname = saved_domainname;
bf24fb01	391	saved_domainname = NULL;
ca0b7df3 TH	392	entry->profile = profile;
	393	list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
	394	domain = entry;
	395	entry = NULL;
	396	found = true;
26a2a1c9	397	}
f737d95d	398	mutex_unlock(&tomoyo_policy_lock);
29282381	399	out:
bf24fb01	400	tomoyo_put_name(saved_domainname);
ca0b7df3 TH	401	kfree(entry);
ca0b7df3 TH	402	return found ? domain : NULL;
26a2a1c9 KT	403	}
	404
	405	/**
	406	* tomoyo_find_next_domain - Find a domain.
	407	*
56f8c9bc	408	* @bprm: Pointer to "struct linux_binprm".
26a2a1c9 KT	409	*
26a2a1c9 KT	410	* Returns 0 on success, negative value otherwise.
fdb8ebb7 TH	411	*
fdb8ebb7 TH	412	* Caller holds tomoyo_read_lock().
26a2a1c9	413	*/
56f8c9bc	414	int tomoyo_find_next_domain(struct linux_binprm *bprm)
26a2a1c9	415	{
17fcfbd9	416	struct tomoyo_request_info r;
c8c57e84	417	char *tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
26a2a1c9 KT	418	struct tomoyo_domain_info *old_domain = tomoyo_domain();
26a2a1c9 KT	419	struct tomoyo_domain_info *domain = NULL;
26a2a1c9	420	const char *original_name = bprm->filename;
57c2590f TH	421	u8 mode;
57c2590f TH	422	bool is_enforce;
26a2a1c9	423	int retval = -ENOMEM;
c8c57e84 TH	424	bool need_kfree = false;
c8c57e84 TH	425	struct tomoyo_path_info rn = { }; /* real name */
26a2a1c9	426
57c2590f TH	427	mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
57c2590f TH	428	is_enforce = (mode == TOMOYO_CONFIG_ENFORCING);
26a2a1c9 KT	429	if (!tmp)
	430	goto out;
	431
17fcfbd9	432	retry:
c8c57e84 TH	433	if (need_kfree) {
	434	kfree(rn.name);
	435	need_kfree = false;
	436	}
0617c7ff	437	/* Get symlink's pathname of program. */
26a2a1c9	438	retval = -ENOENT;
0617c7ff	439	rn.name = tomoyo_realpath_nofollow(original_name);
c8c57e84	440	if (!rn.name)
26a2a1c9	441	goto out;
c8c57e84 TH	442	tomoyo_fill_path_info(&rn);
	443	need_kfree = true;
	444
1084307c TH	445	/* Check 'aggregator' directive. */
1084307c TH	446	{
e2bf6907	447	struct tomoyo_aggregator *ptr;
a230f9e7 TH	448	list_for_each_entry_rcu(ptr, &tomoyo_policy_list
a230f9e7 TH	449	[TOMOYO_ID_AGGREGATOR], head.list) {
82e0f001	450	if (ptr->head.is_deleted \|\|
1084307c TH	451	!tomoyo_path_matches_pattern(&rn,
	452	ptr->original_name))
	453	continue;
0617c7ff	454	kfree(rn.name);
1084307c TH	455	need_kfree = false;
	456	/* This is OK because it is read only. */
	457	rn = *ptr->aggregated_name;
	458	break;
	459	}
	460	}
	461
26a2a1c9	462	/* Check execute permission. */
05336dee	463	retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn);
17fcfbd9 TH	464	if (retval == TOMOYO_RETRY_REQUEST)
17fcfbd9 TH	465	goto retry;
26a2a1c9 KT	466	if (retval < 0)
	467	goto out;
	468
5448ec4f TH	469	/* Calculate domain to transit to. */
	470	switch (tomoyo_transition_type(old_domain->domainname, &rn)) {
	471	case TOMOYO_TRANSITION_CONTROL_INITIALIZE:
26a2a1c9	472	/* Transit to the child of tomoyo_kernel_domain domain. */
5448ec4f TH	473	snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, TOMOYO_ROOT_NAME " "
	474	"%s", rn.name);
	475	break;
	476	case TOMOYO_TRANSITION_CONTROL_KEEP:
26a2a1c9 KT	477	/* Keep current domain. */
26a2a1c9 KT	478	domain = old_domain;
5448ec4f TH	479	break;
	480	default:
	481	if (old_domain == &tomoyo_kernel_domain &&
	482	!tomoyo_policy_loaded) {
	483	/*
	484	* Needn't to transit from kernel domain before
	485	* starting /sbin/init. But transit from kernel domain
	486	* if executing initializers because they might start
	487	* before /sbin/init.
	488	*/
	489	domain = old_domain;
	490	} else {
	491	/* Normal domain transition. */
	492	snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
	493	old_domain->domainname->name, rn.name);
	494	}
	495	break;
26a2a1c9	496	}
c8c57e84	497	if (domain \|\| strlen(tmp) >= TOMOYO_EXEC_TMPSIZE - 10)
26a2a1c9	498	goto done;
c8c57e84	499	domain = tomoyo_find_domain(tmp);
26a2a1c9 KT	500	if (domain)
26a2a1c9 KT	501	goto done;
17fcfbd9 TH	502	if (is_enforce) {
17fcfbd9 TH	503	int error = tomoyo_supervisor(&r, "# wants to create domain\n"
c8c57e84	504	"%s\n", tmp);
17fcfbd9 TH	505	if (error == TOMOYO_RETRY_REQUEST)
	506	goto retry;
	507	if (error < 0)
	508	goto done;
	509	}
e2bf6907	510	domain = tomoyo_assign_domain(tmp, old_domain->profile);
26a2a1c9 KT	511	done:
	512	if (domain)
	513	goto out;
c8c57e84	514	printk(KERN_WARNING "TOMOYO-ERROR: Domain '%s' not defined.\n", tmp);
26a2a1c9 KT	515	if (is_enforce)
	516	retval = -EPERM;
	517	else
ea13ddba	518	old_domain->transition_failed = true;
26a2a1c9	519	out:
56f8c9bc TH	520	if (!domain)
56f8c9bc TH	521	domain = old_domain;
ec8e6a4e TH	522	/* Update reference count on "struct tomoyo_domain_info". */
ec8e6a4e TH	523	atomic_inc(&domain->users);
56f8c9bc	524	bprm->cred->security = domain;
c8c57e84 TH	525	if (need_kfree)
c8c57e84 TH	526	kfree(rn.name);
8e2d39a1	527	kfree(tmp);
26a2a1c9 KT	528	return retval;
26a2a1c9 KT	529	}