2 * security/tomoyo/file.c
4 * Implementation of the Domain-Based Mandatory Access Control.
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
8 * Version: 2.2.0 2009/04/01
13 #include <linux/slab.h>
15 /* Keyword array for operations with one pathname. */
16 static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
17 [TOMOYO_TYPE_READ_WRITE] = "read/write",
18 [TOMOYO_TYPE_EXECUTE] = "execute",
19 [TOMOYO_TYPE_READ] = "read",
20 [TOMOYO_TYPE_WRITE] = "write",
21 [TOMOYO_TYPE_UNLINK] = "unlink",
22 [TOMOYO_TYPE_RMDIR] = "rmdir",
23 [TOMOYO_TYPE_TRUNCATE] = "truncate",
24 [TOMOYO_TYPE_SYMLINK] = "symlink",
25 [TOMOYO_TYPE_REWRITE] = "rewrite",
26 [TOMOYO_TYPE_CHROOT] = "chroot",
27 [TOMOYO_TYPE_MOUNT] = "mount",
28 [TOMOYO_TYPE_UMOUNT] = "unmount",
31 /* Keyword array for operations with one pathname and three numbers. */
32 static const char *tomoyo_path_number3_keyword
33 [TOMOYO_MAX_PATH_NUMBER3_OPERATION] = {
34 [TOMOYO_TYPE_MKBLOCK] = "mkblock",
35 [TOMOYO_TYPE_MKCHAR] = "mkchar",
38 /* Keyword array for operations with two pathnames. */
39 static const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION] = {
40 [TOMOYO_TYPE_LINK] = "link",
41 [TOMOYO_TYPE_RENAME] = "rename",
42 [TOMOYO_TYPE_PIVOT_ROOT] = "pivot_root",
45 /* Keyword array for operations with one pathname and one number. */
46 static const char *tomoyo_path_number_keyword
47 [TOMOYO_MAX_PATH_NUMBER_OPERATION] = {
48 [TOMOYO_TYPE_CREATE] = "create",
49 [TOMOYO_TYPE_MKDIR] = "mkdir",
50 [TOMOYO_TYPE_MKFIFO] = "mkfifo",
51 [TOMOYO_TYPE_MKSOCK] = "mksock",
52 [TOMOYO_TYPE_IOCTL] = "ioctl",
53 [TOMOYO_TYPE_CHMOD] = "chmod",
54 [TOMOYO_TYPE_CHOWN] = "chown",
55 [TOMOYO_TYPE_CHGRP] = "chgrp",
58 void tomoyo_put_name_union(struct tomoyo_name_union *ptr)
63 tomoyo_put_path_group(ptr->group);
65 tomoyo_put_name(ptr->filename);
68 bool tomoyo_compare_name_union(const struct tomoyo_path_info *name,
69 const struct tomoyo_name_union *ptr)
72 return tomoyo_path_matches_group(name, ptr->group, 1);
73 return tomoyo_path_matches_pattern(name, ptr->filename);
76 static bool tomoyo_compare_name_union_pattern(const struct tomoyo_path_info
78 const struct tomoyo_name_union
79 *ptr, const bool may_use_pattern)
82 return tomoyo_path_matches_group(name, ptr->group,
84 if (may_use_pattern || !ptr->filename->is_patterned)
85 return tomoyo_path_matches_pattern(name, ptr->filename);
89 void tomoyo_put_number_union(struct tomoyo_number_union *ptr)
91 if (ptr && ptr->is_group)
92 tomoyo_put_number_group(ptr->group);
95 bool tomoyo_compare_number_union(const unsigned long value,
96 const struct tomoyo_number_union *ptr)
99 return tomoyo_number_matches_group(value, value, ptr->group);
100 return value >= ptr->values[0] && value <= ptr->values[1];
104 * tomoyo_init_request_info - Initialize "struct tomoyo_request_info" members.
106 * @r: Pointer to "struct tomoyo_request_info" to initialize.
107 * @domain: Pointer to "struct tomoyo_domain_info". NULL for tomoyo_domain().
111 static int tomoyo_init_request_info(struct tomoyo_request_info *r,
112 struct tomoyo_domain_info *domain)
114 memset(r, 0, sizeof(*r));
116 domain = tomoyo_domain();
118 r->mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
122 static void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...)
123 __attribute__ ((format(printf, 2, 3)));
125 * tomoyo_warn_log - Print warning or error message on console.
127 * @r: Pointer to "struct tomoyo_request_info".
128 * @fmt: The printf()'s format string, followed by parameters.
130 static void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...)
135 if (!tomoyo_verbose_mode(r->domain))
139 buffer = kmalloc(len, GFP_NOFS);
143 len2 = vsnprintf(buffer, len - 1, fmt, args);
145 if (len2 <= len - 1) {
152 printk(KERN_WARNING "TOMOYO-%s: Access %s denied for %s\n",
153 r->mode == TOMOYO_CONFIG_ENFORCING ? "ERROR" : "WARNING",
154 buffer, tomoyo_get_last_name(r->domain));
159 * tomoyo_path2keyword - Get the name of single path operation.
161 * @operation: Type of operation.
163 * Returns the name of single path operation.
165 const char *tomoyo_path2keyword(const u8 operation)
167 return (operation < TOMOYO_MAX_PATH_OPERATION)
168 ? tomoyo_path_keyword[operation] : NULL;
172 * tomoyo_path_number32keyword - Get the name of path/number/number/number operations.
174 * @operation: Type of operation.
176 * Returns the name of path/number/number/number operation.
178 const char *tomoyo_path_number32keyword(const u8 operation)
180 return (operation < TOMOYO_MAX_PATH_NUMBER3_OPERATION)
181 ? tomoyo_path_number3_keyword[operation] : NULL;
185 * tomoyo_path22keyword - Get the name of double path operation.
187 * @operation: Type of operation.
189 * Returns the name of double path operation.
191 const char *tomoyo_path22keyword(const u8 operation)
193 return (operation < TOMOYO_MAX_PATH2_OPERATION)
194 ? tomoyo_path2_keyword[operation] : NULL;
198 * tomoyo_path_number2keyword - Get the name of path/number operations.
200 * @operation: Type of operation.
202 * Returns the name of path/number operation.
204 const char *tomoyo_path_number2keyword(const u8 operation)
206 return (operation < TOMOYO_MAX_PATH_NUMBER_OPERATION)
207 ? tomoyo_path_number_keyword[operation] : NULL;
211 * tomoyo_strendswith - Check whether the token ends with the given token.
213 * @name: The token to check.
214 * @tail: The token to find.
216 * Returns true if @name ends with @tail, false otherwise.
218 static bool tomoyo_strendswith(const char *name, const char *tail)
224 len = strlen(name) - strlen(tail);
225 return len >= 0 && !strcmp(name + len, tail);
229 * tomoyo_get_path - Get realpath.
231 * @path: Pointer to "struct path".
233 * Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise.
235 static struct tomoyo_path_info *tomoyo_get_path(struct path *path)
238 struct tomoyo_path_info_with_data *buf = kzalloc(sizeof(*buf),
243 /* Reserve one byte for appending "/". */
244 error = tomoyo_realpath_from_path2(path, buf->body,
245 sizeof(buf->body) - 2);
247 buf->head.name = buf->body;
248 tomoyo_fill_path_info(&buf->head);
255 static int tomoyo_update_path2_acl(const u8 type, const char *filename1,
256 const char *filename2,
257 struct tomoyo_domain_info *const domain,
258 const bool is_delete);
259 static int tomoyo_update_path_acl(const u8 type, const char *filename,
260 struct tomoyo_domain_info *const domain,
261 const bool is_delete);
264 * tomoyo_globally_readable_list is used for holding list of pathnames which
265 * are by default allowed to be open()ed for reading by any process.
267 * An entry is added by
269 * # echo 'allow_read /lib/libc-2.5.so' > \
270 * /sys/kernel/security/tomoyo/exception_policy
274 * # echo 'delete allow_read /lib/libc-2.5.so' > \
275 * /sys/kernel/security/tomoyo/exception_policy
277 * and all entries are retrieved by
279 * # grep ^allow_read /sys/kernel/security/tomoyo/exception_policy
281 * In the example above, any process is allowed to
282 * open("/lib/libc-2.5.so", O_RDONLY).
283 * One exception is, if the domain which current process belongs to is marked
284 * as "ignore_global_allow_read", current process can't do so unless explicitly
285 * given "allow_read /lib/libc-2.5.so" to the domain which current process
288 LIST_HEAD(tomoyo_globally_readable_list);
291 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
293 * @filename: Filename unconditionally permitted to open() for reading.
294 * @is_delete: True if it is a delete request.
296 * Returns 0 on success, negative value otherwise.
298 * Caller holds tomoyo_read_lock().
300 static int tomoyo_update_globally_readable_entry(const char *filename,
301 const bool is_delete)
303 struct tomoyo_globally_readable_file_entry *ptr;
304 struct tomoyo_globally_readable_file_entry e = { };
305 int error = is_delete ? -ENOENT : -ENOMEM;
307 if (!tomoyo_is_correct_path(filename, 1, 0, -1))
309 e.filename = tomoyo_get_name(filename);
312 if (mutex_lock_interruptible(&tomoyo_policy_lock))
314 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) {
315 if (ptr->filename != e.filename)
317 ptr->is_deleted = is_delete;
321 if (!is_delete && error) {
322 struct tomoyo_globally_readable_file_entry *entry =
323 tomoyo_commit_ok(&e, sizeof(e));
325 list_add_tail_rcu(&entry->list,
326 &tomoyo_globally_readable_list);
330 mutex_unlock(&tomoyo_policy_lock);
332 tomoyo_put_name(e.filename);
337 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
339 * @filename: The filename to check.
341 * Returns true if any domain can open @filename for reading, false otherwise.
343 * Caller holds tomoyo_read_lock().
345 static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info *
348 struct tomoyo_globally_readable_file_entry *ptr;
351 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) {
352 if (!ptr->is_deleted &&
353 tomoyo_path_matches_pattern(filename, ptr->filename)) {
362 * tomoyo_write_globally_readable_policy - Write "struct tomoyo_globally_readable_file_entry" list.
364 * @data: String to parse.
365 * @is_delete: True if it is a delete request.
367 * Returns 0 on success, negative value otherwise.
369 * Caller holds tomoyo_read_lock().
371 int tomoyo_write_globally_readable_policy(char *data, const bool is_delete)
373 return tomoyo_update_globally_readable_entry(data, is_delete);
377 * tomoyo_read_globally_readable_policy - Read "struct tomoyo_globally_readable_file_entry" list.
379 * @head: Pointer to "struct tomoyo_io_buffer".
381 * Returns true on success, false otherwise.
383 * Caller holds tomoyo_read_lock().
385 bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
387 struct list_head *pos;
390 list_for_each_cookie(pos, head->read_var2,
391 &tomoyo_globally_readable_list) {
392 struct tomoyo_globally_readable_file_entry *ptr;
393 ptr = list_entry(pos,
394 struct tomoyo_globally_readable_file_entry,
398 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALLOW_READ "%s\n",
399 ptr->filename->name);
406 /* tomoyo_pattern_list is used for holding list of pathnames which are used for
407 * converting pathnames to pathname patterns during learning mode.
409 * An entry is added by
411 * # echo 'file_pattern /proc/\$/mounts' > \
412 * /sys/kernel/security/tomoyo/exception_policy
416 * # echo 'delete file_pattern /proc/\$/mounts' > \
417 * /sys/kernel/security/tomoyo/exception_policy
419 * and all entries are retrieved by
421 * # grep ^file_pattern /sys/kernel/security/tomoyo/exception_policy
423 * In the example above, if a process which belongs to a domain which is in
424 * learning mode requested open("/proc/1/mounts", O_RDONLY),
425 * "allow_read /proc/\$/mounts" is automatically added to the domain which that
426 * process belongs to.
428 * It is not a desirable behavior that we have to use /proc/\$/ instead of
429 * /proc/self/ when current process needs to access only current process's
430 * information. As of now, LSM version of TOMOYO is using __d_path() for
431 * calculating pathname. Non LSM version of TOMOYO is using its own function
432 * which pretends as if /proc/self/ is not a symlink; so that we can forbid
433 * current process from accessing other process's information.
435 LIST_HEAD(tomoyo_pattern_list);
438 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
440 * @pattern: Pathname pattern.
441 * @is_delete: True if it is a delete request.
443 * Returns 0 on success, negative value otherwise.
445 * Caller holds tomoyo_read_lock().
447 static int tomoyo_update_file_pattern_entry(const char *pattern,
448 const bool is_delete)
450 struct tomoyo_pattern_entry *ptr;
451 struct tomoyo_pattern_entry e = { .pattern = tomoyo_get_name(pattern) };
452 int error = is_delete ? -ENOENT : -ENOMEM;
456 if (!e.pattern->is_patterned)
458 if (mutex_lock_interruptible(&tomoyo_policy_lock))
460 list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
461 if (e.pattern != ptr->pattern)
463 ptr->is_deleted = is_delete;
467 if (!is_delete && error) {
468 struct tomoyo_pattern_entry *entry =
469 tomoyo_commit_ok(&e, sizeof(e));
471 list_add_tail_rcu(&entry->list, &tomoyo_pattern_list);
475 mutex_unlock(&tomoyo_policy_lock);
477 tomoyo_put_name(e.pattern);
482 * tomoyo_get_file_pattern - Get patterned pathname.
484 * @filename: The filename to find patterned pathname.
486 * Returns pointer to pathname pattern if matched, @filename otherwise.
488 * Caller holds tomoyo_read_lock().
490 static const struct tomoyo_path_info *
491 tomoyo_get_file_pattern(const struct tomoyo_path_info *filename)
493 struct tomoyo_pattern_entry *ptr;
494 const struct tomoyo_path_info *pattern = NULL;
496 list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
499 if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
501 pattern = ptr->pattern;
502 if (tomoyo_strendswith(pattern->name, "/\\*")) {
503 /* Do nothing. Try to find the better match. */
505 /* This would be the better match. Use this. */
515 * tomoyo_write_pattern_policy - Write "struct tomoyo_pattern_entry" list.
517 * @data: String to parse.
518 * @is_delete: True if it is a delete request.
520 * Returns 0 on success, negative value otherwise.
522 * Caller holds tomoyo_read_lock().
524 int tomoyo_write_pattern_policy(char *data, const bool is_delete)
526 return tomoyo_update_file_pattern_entry(data, is_delete);
530 * tomoyo_read_file_pattern - Read "struct tomoyo_pattern_entry" list.
532 * @head: Pointer to "struct tomoyo_io_buffer".
534 * Returns true on success, false otherwise.
536 * Caller holds tomoyo_read_lock().
538 bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
540 struct list_head *pos;
543 list_for_each_cookie(pos, head->read_var2, &tomoyo_pattern_list) {
544 struct tomoyo_pattern_entry *ptr;
545 ptr = list_entry(pos, struct tomoyo_pattern_entry, list);
548 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_FILE_PATTERN
549 "%s\n", ptr->pattern->name);
557 * tomoyo_no_rewrite_list is used for holding list of pathnames which are by
558 * default forbidden to modify already written content of a file.
560 * An entry is added by
562 * # echo 'deny_rewrite /var/log/messages' > \
563 * /sys/kernel/security/tomoyo/exception_policy
567 * # echo 'delete deny_rewrite /var/log/messages' > \
568 * /sys/kernel/security/tomoyo/exception_policy
570 * and all entries are retrieved by
572 * # grep ^deny_rewrite /sys/kernel/security/tomoyo/exception_policy
574 * In the example above, if a process requested to rewrite /var/log/messages ,
575 * the process can't rewrite unless the domain which that process belongs to
576 * has "allow_rewrite /var/log/messages" entry.
578 * It is not a desirable behavior that we have to add "\040(deleted)" suffix
579 * when we want to allow rewriting already unlink()ed file. As of now,
580 * LSM version of TOMOYO is using __d_path() for calculating pathname.
581 * Non LSM version of TOMOYO is using its own function which doesn't append
582 * " (deleted)" suffix if the file is already unlink()ed; so that we don't
583 * need to worry whether the file is already unlink()ed or not.
585 LIST_HEAD(tomoyo_no_rewrite_list);
588 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.
590 * @pattern: Pathname pattern that are not rewritable by default.
591 * @is_delete: True if it is a delete request.
593 * Returns 0 on success, negative value otherwise.
595 * Caller holds tomoyo_read_lock().
597 static int tomoyo_update_no_rewrite_entry(const char *pattern,
598 const bool is_delete)
600 struct tomoyo_no_rewrite_entry *ptr;
601 struct tomoyo_no_rewrite_entry e = { };
602 int error = is_delete ? -ENOENT : -ENOMEM;
604 if (!tomoyo_is_correct_path(pattern, 0, 0, 0))
606 e.pattern = tomoyo_get_name(pattern);
609 if (mutex_lock_interruptible(&tomoyo_policy_lock))
611 list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
612 if (ptr->pattern != e.pattern)
614 ptr->is_deleted = is_delete;
618 if (!is_delete && error) {
619 struct tomoyo_no_rewrite_entry *entry =
620 tomoyo_commit_ok(&e, sizeof(e));
622 list_add_tail_rcu(&entry->list,
623 &tomoyo_no_rewrite_list);
627 mutex_unlock(&tomoyo_policy_lock);
629 tomoyo_put_name(e.pattern);
634 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
636 * @filename: Filename to check.
638 * Returns true if @filename is specified by "deny_rewrite" directive,
641 * Caller holds tomoyo_read_lock().
643 static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info *filename)
645 struct tomoyo_no_rewrite_entry *ptr;
648 list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
651 if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
660 * tomoyo_write_no_rewrite_policy - Write "struct tomoyo_no_rewrite_entry" list.
662 * @data: String to parse.
663 * @is_delete: True if it is a delete request.
665 * Returns 0 on success, negative value otherwise.
667 * Caller holds tomoyo_read_lock().
669 int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete)
671 return tomoyo_update_no_rewrite_entry(data, is_delete);
675 * tomoyo_read_no_rewrite_policy - Read "struct tomoyo_no_rewrite_entry" list.
677 * @head: Pointer to "struct tomoyo_io_buffer".
679 * Returns true on success, false otherwise.
681 * Caller holds tomoyo_read_lock().
683 bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
685 struct list_head *pos;
688 list_for_each_cookie(pos, head->read_var2, &tomoyo_no_rewrite_list) {
689 struct tomoyo_no_rewrite_entry *ptr;
690 ptr = list_entry(pos, struct tomoyo_no_rewrite_entry, list);
693 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_DENY_REWRITE
694 "%s\n", ptr->pattern->name);
702 * tomoyo_update_file_acl - Update file's read/write/execute ACL.
704 * @perm: Permission (between 1 to 7).
705 * @filename: Filename.
706 * @domain: Pointer to "struct tomoyo_domain_info".
707 * @is_delete: True if it is a delete request.
709 * Returns 0 on success, negative value otherwise.
711 * This is legacy support interface for older policy syntax.
712 * Current policy syntax uses "allow_read/write" instead of "6",
713 * "allow_read" instead of "4", "allow_write" instead of "2",
714 * "allow_execute" instead of "1".
716 * Caller holds tomoyo_read_lock().
718 static int tomoyo_update_file_acl(u8 perm, const char *filename,
719 struct tomoyo_domain_info * const domain,
720 const bool is_delete)
722 if (perm > 7 || !perm) {
723 printk(KERN_DEBUG "%s: Invalid permission '%d %s'\n",
724 __func__, perm, filename);
727 if (filename[0] != '@' && tomoyo_strendswith(filename, "/"))
729 * Only 'allow_mkdir' and 'allow_rmdir' are valid for
730 * directory permissions.
734 tomoyo_update_path_acl(TOMOYO_TYPE_READ, filename, domain,
737 tomoyo_update_path_acl(TOMOYO_TYPE_WRITE, filename, domain,
740 tomoyo_update_path_acl(TOMOYO_TYPE_EXECUTE, filename, domain,
746 * tomoyo_path_acl - Check permission for single path operation.
748 * @r: Pointer to "struct tomoyo_request_info".
749 * @filename: Filename to check.
751 * @may_use_pattern: True if patterned ACL is permitted.
753 * Returns 0 on success, -EPERM otherwise.
755 * Caller holds tomoyo_read_lock().
757 static int tomoyo_path_acl(const struct tomoyo_request_info *r,
758 const struct tomoyo_path_info *filename,
759 const u32 perm, const bool may_use_pattern)
761 struct tomoyo_domain_info *domain = r->domain;
762 struct tomoyo_acl_info *ptr;
765 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
766 struct tomoyo_path_acl *acl;
767 if (ptr->type != TOMOYO_TYPE_PATH_ACL)
769 acl = container_of(ptr, struct tomoyo_path_acl, head);
770 if (!(acl->perm & perm) ||
771 !tomoyo_compare_name_union_pattern(filename, &acl->name,
781 * tomoyo_file_perm - Check permission for opening files.
783 * @r: Pointer to "struct tomoyo_request_info".
784 * @filename: Filename to check.
785 * @mode: Mode ("read" or "write" or "read/write" or "execute").
787 * Returns 0 on success, negative value otherwise.
789 * Caller holds tomoyo_read_lock().
791 static int tomoyo_file_perm(struct tomoyo_request_info *r,
792 const struct tomoyo_path_info *filename,
795 const char *msg = "<unknown>";
803 msg = tomoyo_path2keyword(TOMOYO_TYPE_READ_WRITE);
804 perm = 1 << TOMOYO_TYPE_READ_WRITE;
805 } else if (mode == 4) {
806 msg = tomoyo_path2keyword(TOMOYO_TYPE_READ);
807 perm = 1 << TOMOYO_TYPE_READ;
808 } else if (mode == 2) {
809 msg = tomoyo_path2keyword(TOMOYO_TYPE_WRITE);
810 perm = 1 << TOMOYO_TYPE_WRITE;
811 } else if (mode == 1) {
812 msg = tomoyo_path2keyword(TOMOYO_TYPE_EXECUTE);
813 perm = 1 << TOMOYO_TYPE_EXECUTE;
816 error = tomoyo_path_acl(r, filename, perm, mode != 1);
817 if (error && mode == 4 && !r->domain->ignore_global_allow_read
818 && tomoyo_is_globally_readable_file(filename))
822 tomoyo_warn_log(r, "%s %s", msg, filename->name);
823 if (r->mode == TOMOYO_CONFIG_ENFORCING)
825 if (tomoyo_domain_quota_is_ok(r)) {
826 /* Don't use patterns for execute permission. */
827 const struct tomoyo_path_info *patterned_file = (mode != 1) ?
828 tomoyo_get_file_pattern(filename) : filename;
829 tomoyo_update_file_acl(mode, patterned_file->name, r->domain,
836 * tomoyo_update_path_acl - Update "struct tomoyo_path_acl" list.
838 * @type: Type of operation.
839 * @filename: Filename.
840 * @domain: Pointer to "struct tomoyo_domain_info".
841 * @is_delete: True if it is a delete request.
843 * Returns 0 on success, negative value otherwise.
845 * Caller holds tomoyo_read_lock().
847 static int tomoyo_update_path_acl(const u8 type, const char *filename,
848 struct tomoyo_domain_info *const domain,
849 const bool is_delete)
851 static const u16 tomoyo_rw_mask =
852 (1 << TOMOYO_TYPE_READ) | (1 << TOMOYO_TYPE_WRITE);
853 const u16 perm = 1 << type;
854 struct tomoyo_acl_info *ptr;
855 struct tomoyo_path_acl e = {
856 .head.type = TOMOYO_TYPE_PATH_ACL,
859 int error = is_delete ? -ENOENT : -ENOMEM;
861 if (type == TOMOYO_TYPE_READ_WRITE)
862 e.perm |= tomoyo_rw_mask;
865 if (!tomoyo_parse_name_union(filename, &e.name))
867 if (mutex_lock_interruptible(&tomoyo_policy_lock))
869 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
870 struct tomoyo_path_acl *acl =
871 container_of(ptr, struct tomoyo_path_acl, head);
872 if (!tomoyo_is_same_path_acl(acl, &e))
876 if ((acl->perm & tomoyo_rw_mask) != tomoyo_rw_mask)
877 acl->perm &= ~(1 << TOMOYO_TYPE_READ_WRITE);
878 else if (!(acl->perm & (1 << TOMOYO_TYPE_READ_WRITE)))
879 acl->perm &= ~tomoyo_rw_mask;
882 if ((acl->perm & tomoyo_rw_mask) == tomoyo_rw_mask)
883 acl->perm |= 1 << TOMOYO_TYPE_READ_WRITE;
884 else if (acl->perm & (1 << TOMOYO_TYPE_READ_WRITE))
885 acl->perm |= tomoyo_rw_mask;
890 if (!is_delete && error) {
891 struct tomoyo_path_acl *entry =
892 tomoyo_commit_ok(&e, sizeof(e));
894 list_add_tail_rcu(&entry->head.list,
895 &domain->acl_info_list);
899 mutex_unlock(&tomoyo_policy_lock);
901 tomoyo_put_name_union(&e.name);
906 * tomoyo_update_path_number3_acl - Update "struct tomoyo_path_number3_acl" list.
908 * @type: Type of operation.
909 * @filename: Filename.
910 * @mode: Create mode.
911 * @major: Device major number.
912 * @minor: Device minor number.
913 * @domain: Pointer to "struct tomoyo_domain_info".
914 * @is_delete: True if it is a delete request.
916 * Returns 0 on success, negative value otherwise.
918 static inline int tomoyo_update_path_number3_acl(const u8 type,
919 const char *filename,
921 char *major, char *minor,
922 struct tomoyo_domain_info *
924 const bool is_delete)
926 const u8 perm = 1 << type;
927 struct tomoyo_acl_info *ptr;
928 struct tomoyo_path_number3_acl e = {
929 .head.type = TOMOYO_TYPE_PATH_NUMBER3_ACL,
932 int error = is_delete ? -ENOENT : -ENOMEM;
933 if (!tomoyo_parse_name_union(filename, &e.name) ||
934 !tomoyo_parse_number_union(mode, &e.mode) ||
935 !tomoyo_parse_number_union(major, &e.major) ||
936 !tomoyo_parse_number_union(minor, &e.minor))
938 if (mutex_lock_interruptible(&tomoyo_policy_lock))
940 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
941 struct tomoyo_path_number3_acl *acl =
942 container_of(ptr, struct tomoyo_path_number3_acl, head);
943 if (!tomoyo_is_same_path_number3_acl(acl, &e))
952 if (!is_delete && error) {
953 struct tomoyo_path_number3_acl *entry =
954 tomoyo_commit_ok(&e, sizeof(e));
956 list_add_tail_rcu(&entry->head.list,
957 &domain->acl_info_list);
961 mutex_unlock(&tomoyo_policy_lock);
963 tomoyo_put_name_union(&e.name);
964 tomoyo_put_number_union(&e.mode);
965 tomoyo_put_number_union(&e.major);
966 tomoyo_put_number_union(&e.minor);
971 * tomoyo_update_path2_acl - Update "struct tomoyo_path2_acl" list.
973 * @type: Type of operation.
974 * @filename1: First filename.
975 * @filename2: Second filename.
976 * @domain: Pointer to "struct tomoyo_domain_info".
977 * @is_delete: True if it is a delete request.
979 * Returns 0 on success, negative value otherwise.
981 * Caller holds tomoyo_read_lock().
983 static int tomoyo_update_path2_acl(const u8 type, const char *filename1,
984 const char *filename2,
985 struct tomoyo_domain_info *const domain,
986 const bool is_delete)
988 const u8 perm = 1 << type;
989 struct tomoyo_path2_acl e = {
990 .head.type = TOMOYO_TYPE_PATH2_ACL,
993 struct tomoyo_acl_info *ptr;
994 int error = is_delete ? -ENOENT : -ENOMEM;
998 if (!tomoyo_parse_name_union(filename1, &e.name1) ||
999 !tomoyo_parse_name_union(filename2, &e.name2))
1001 if (mutex_lock_interruptible(&tomoyo_policy_lock))
1003 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
1004 struct tomoyo_path2_acl *acl =
1005 container_of(ptr, struct tomoyo_path2_acl, head);
1006 if (!tomoyo_is_same_path2_acl(acl, &e))
1015 if (!is_delete && error) {
1016 struct tomoyo_path2_acl *entry =
1017 tomoyo_commit_ok(&e, sizeof(e));
1019 list_add_tail_rcu(&entry->head.list,
1020 &domain->acl_info_list);
1024 mutex_unlock(&tomoyo_policy_lock);
1026 tomoyo_put_name_union(&e.name1);
1027 tomoyo_put_name_union(&e.name2);
1032 * tomoyo_path_number3_acl - Check permission for path/number/number/number operation.
1034 * @r: Pointer to "struct tomoyo_request_info".
1035 * @filename: Filename to check.
1036 * @perm: Permission.
1037 * @mode: Create mode.
1038 * @major: Device major number.
1039 * @minor: Device minor number.
1041 * Returns 0 on success, -EPERM otherwise.
1043 * Caller holds tomoyo_read_lock().
1045 static int tomoyo_path_number3_acl(struct tomoyo_request_info *r,
1046 const struct tomoyo_path_info *filename,
1047 const u16 perm, const unsigned int mode,
1048 const unsigned int major,
1049 const unsigned int minor)
1051 struct tomoyo_domain_info *domain = r->domain;
1052 struct tomoyo_acl_info *ptr;
1054 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
1055 struct tomoyo_path_number3_acl *acl;
1056 if (ptr->type != TOMOYO_TYPE_PATH_NUMBER3_ACL)
1058 acl = container_of(ptr, struct tomoyo_path_number3_acl, head);
1059 if (!tomoyo_compare_number_union(mode, &acl->mode))
1061 if (!tomoyo_compare_number_union(major, &acl->major))
1063 if (!tomoyo_compare_number_union(minor, &acl->minor))
1065 if (!(acl->perm & perm))
1067 if (!tomoyo_compare_name_union(filename, &acl->name))
1076 * tomoyo_path2_acl - Check permission for double path operation.
1078 * @r: Pointer to "struct tomoyo_request_info".
1079 * @type: Type of operation.
1080 * @filename1: First filename to check.
1081 * @filename2: Second filename to check.
1083 * Returns 0 on success, -EPERM otherwise.
1085 * Caller holds tomoyo_read_lock().
1087 static int tomoyo_path2_acl(const struct tomoyo_request_info *r, const u8 type,
1088 const struct tomoyo_path_info *filename1,
1089 const struct tomoyo_path_info *filename2)
1091 const struct tomoyo_domain_info *domain = r->domain;
1092 struct tomoyo_acl_info *ptr;
1093 const u8 perm = 1 << type;
1096 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
1097 struct tomoyo_path2_acl *acl;
1098 if (ptr->type != TOMOYO_TYPE_PATH2_ACL)
1100 acl = container_of(ptr, struct tomoyo_path2_acl, head);
1101 if (!(acl->perm & perm))
1103 if (!tomoyo_compare_name_union(filename1, &acl->name1))
1105 if (!tomoyo_compare_name_union(filename2, &acl->name2))
1114 * tomoyo_path_permission - Check permission for single path operation.
1116 * @r: Pointer to "struct tomoyo_request_info".
1117 * @operation: Type of operation.
1118 * @filename: Filename to check.
1120 * Returns 0 on success, negative value otherwise.
1122 * Caller holds tomoyo_read_lock().
1124 static int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
1125 const struct tomoyo_path_info *filename)
1130 error = tomoyo_path_acl(r, filename, 1 << operation, 1);
1133 tomoyo_warn_log(r, "%s %s", tomoyo_path2keyword(operation),
1135 if (tomoyo_domain_quota_is_ok(r)) {
1136 const char *name = tomoyo_get_file_pattern(filename)->name;
1137 tomoyo_update_path_acl(operation, name, r->domain, false);
1139 if (r->mode != TOMOYO_CONFIG_ENFORCING)
1143 * Since "allow_truncate" doesn't imply "allow_rewrite" permission,
1144 * we need to check "allow_rewrite" permission if the filename is
1145 * specified by "deny_rewrite" keyword.
1147 if (!error && operation == TOMOYO_TYPE_TRUNCATE &&
1148 tomoyo_is_no_rewrite_file(filename)) {
1149 operation = TOMOYO_TYPE_REWRITE;
1156 * tomoyo_path_number_acl - Check permission for ioctl/chmod/chown/chgrp operation.
1158 * @r: Pointer to "struct tomoyo_request_info".
1160 * @filename: Filename to check.
1163 * Returns 0 on success, -EPERM otherwise.
1165 * Caller holds tomoyo_read_lock().
1167 static int tomoyo_path_number_acl(struct tomoyo_request_info *r, const u8 type,
1168 const struct tomoyo_path_info *filename,
1169 const unsigned long number)
1171 struct tomoyo_domain_info *domain = r->domain;
1172 struct tomoyo_acl_info *ptr;
1173 const u8 perm = 1 << type;
1175 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
1176 struct tomoyo_path_number_acl *acl;
1177 if (ptr->type != TOMOYO_TYPE_PATH_NUMBER_ACL)
1179 acl = container_of(ptr, struct tomoyo_path_number_acl,
1181 if (!(acl->perm & perm) ||
1182 !tomoyo_compare_number_union(number, &acl->number) ||
1183 !tomoyo_compare_name_union(filename, &acl->name))
1192 * tomoyo_update_path_number_acl - Update ioctl/chmod/chown/chgrp ACL.
1194 * @type: Type of operation.
1195 * @filename: Filename.
1197 * @domain: Pointer to "struct tomoyo_domain_info".
1198 * @is_delete: True if it is a delete request.
1200 * Returns 0 on success, negative value otherwise.
1202 static inline int tomoyo_update_path_number_acl(const u8 type,
1203 const char *filename,
1205 struct tomoyo_domain_info *
1207 const bool is_delete)
1209 const u8 perm = 1 << type;
1210 struct tomoyo_acl_info *ptr;
1211 struct tomoyo_path_number_acl e = {
1212 .head.type = TOMOYO_TYPE_PATH_NUMBER_ACL,
1215 int error = is_delete ? -ENOENT : -ENOMEM;
1218 if (!tomoyo_parse_name_union(filename, &e.name))
1220 if (!tomoyo_parse_number_union(number, &e.number))
1222 if (mutex_lock_interruptible(&tomoyo_policy_lock))
1224 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
1225 struct tomoyo_path_number_acl *acl =
1226 container_of(ptr, struct tomoyo_path_number_acl, head);
1227 if (!tomoyo_is_same_path_number_acl(acl, &e))
1236 if (!is_delete && error) {
1237 struct tomoyo_path_number_acl *entry =
1238 tomoyo_commit_ok(&e, sizeof(e));
1240 list_add_tail_rcu(&entry->head.list,
1241 &domain->acl_info_list);
1245 mutex_unlock(&tomoyo_policy_lock);
1247 tomoyo_put_name_union(&e.name);
1248 tomoyo_put_number_union(&e.number);
1253 * tomoyo_path_number_perm2 - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1255 * @r: Pointer to "strct tomoyo_request_info".
1256 * @filename: Filename to check.
1259 * Returns 0 on success, negative value otherwise.
1261 * Caller holds tomoyo_read_lock().
1263 static int tomoyo_path_number_perm2(struct tomoyo_request_info *r,
1265 const struct tomoyo_path_info *filename,
1266 const unsigned long number)
1275 case TOMOYO_TYPE_CREATE:
1276 case TOMOYO_TYPE_MKDIR:
1277 case TOMOYO_TYPE_MKFIFO:
1278 case TOMOYO_TYPE_MKSOCK:
1279 case TOMOYO_TYPE_CHMOD:
1280 radix = TOMOYO_VALUE_TYPE_OCTAL;
1282 case TOMOYO_TYPE_IOCTL:
1283 radix = TOMOYO_VALUE_TYPE_HEXADECIMAL;
1286 radix = TOMOYO_VALUE_TYPE_DECIMAL;
1289 tomoyo_print_ulong(buffer, sizeof(buffer), number, radix);
1290 error = tomoyo_path_number_acl(r, type, filename, number);
1293 tomoyo_warn_log(r, "%s %s %s", tomoyo_path_number2keyword(type),
1294 filename->name, buffer);
1295 if (tomoyo_domain_quota_is_ok(r))
1296 tomoyo_update_path_number_acl(type,
1297 tomoyo_get_file_pattern(filename)
1298 ->name, buffer, r->domain, false);
1299 if (r->mode != TOMOYO_CONFIG_ENFORCING)
1305 * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1307 * @type: Type of operation.
1308 * @path: Pointer to "struct path".
1311 * Returns 0 on success, negative value otherwise.
1313 int tomoyo_path_number_perm(const u8 type, struct path *path,
1314 unsigned long number)
1316 struct tomoyo_request_info r;
1317 int error = -ENOMEM;
1318 struct tomoyo_path_info *buf;
1321 if (tomoyo_init_request_info(&r, NULL) == TOMOYO_CONFIG_DISABLED ||
1322 !path->mnt || !path->dentry)
1324 idx = tomoyo_read_lock();
1325 buf = tomoyo_get_path(path);
1328 if (type == TOMOYO_TYPE_MKDIR && !buf->is_dir) {
1330 * tomoyo_get_path() reserves space for appending "/."
1332 strcat((char *) buf->name, "/");
1333 tomoyo_fill_path_info(buf);
1335 error = tomoyo_path_number_perm2(&r, type, buf, number);
1338 tomoyo_read_unlock(idx);
1339 if (r.mode != TOMOYO_CONFIG_ENFORCING)
1345 * tomoyo_check_exec_perm - Check permission for "execute".
1347 * @domain: Pointer to "struct tomoyo_domain_info".
1348 * @filename: Check permission for "execute".
1350 * Returns 0 on success, negativevalue otherwise.
1352 * Caller holds tomoyo_read_lock().
1354 int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
1355 const struct tomoyo_path_info *filename)
1357 struct tomoyo_request_info r;
1359 if (tomoyo_init_request_info(&r, NULL) == TOMOYO_CONFIG_DISABLED)
1361 return tomoyo_file_perm(&r, filename, 1);
1365 * tomoyo_check_open_permission - Check permission for "read" and "write".
1367 * @domain: Pointer to "struct tomoyo_domain_info".
1368 * @path: Pointer to "struct path".
1369 * @flag: Flags for open().
1371 * Returns 0 on success, negative value otherwise.
1373 int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
1374 struct path *path, const int flag)
1376 const u8 acc_mode = ACC_MODE(flag);
1377 int error = -ENOMEM;
1378 struct tomoyo_path_info *buf;
1379 struct tomoyo_request_info r;
1382 if (tomoyo_init_request_info(&r, domain) == TOMOYO_CONFIG_DISABLED ||
1387 if (path->dentry->d_inode && S_ISDIR(path->dentry->d_inode->i_mode))
1389 * I don't check directories here because mkdir() and rmdir()
1393 idx = tomoyo_read_lock();
1394 buf = tomoyo_get_path(path);
1399 * If the filename is specified by "deny_rewrite" keyword,
1400 * we need to check "allow_rewrite" permission when the filename is not
1401 * opened for append mode or the filename is truncated at open time.
1403 if ((acc_mode & MAY_WRITE) &&
1404 ((flag & O_TRUNC) || !(flag & O_APPEND)) &&
1405 (tomoyo_is_no_rewrite_file(buf))) {
1406 error = tomoyo_path_permission(&r, TOMOYO_TYPE_REWRITE, buf);
1409 error = tomoyo_file_perm(&r, buf, acc_mode);
1410 if (!error && (flag & O_TRUNC))
1411 error = tomoyo_path_permission(&r, TOMOYO_TYPE_TRUNCATE, buf);
1414 tomoyo_read_unlock(idx);
1415 if (r.mode != TOMOYO_CONFIG_ENFORCING)
1421 * tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "rewrite", "chroot", "mount" and "unmount".
1423 * @operation: Type of operation.
1424 * @path: Pointer to "struct path".
1426 * Returns 0 on success, negative value otherwise.
1428 int tomoyo_path_perm(const u8 operation, struct path *path)
1430 int error = -ENOMEM;
1431 struct tomoyo_path_info *buf;
1432 struct tomoyo_request_info r;
1435 if (tomoyo_init_request_info(&r, NULL) == TOMOYO_CONFIG_DISABLED ||
1438 idx = tomoyo_read_lock();
1439 buf = tomoyo_get_path(path);
1442 switch (operation) {
1443 case TOMOYO_TYPE_REWRITE:
1444 if (!tomoyo_is_no_rewrite_file(buf)) {
1449 case TOMOYO_TYPE_RMDIR:
1450 case TOMOYO_TYPE_CHROOT:
1453 * tomoyo_get_path() reserves space for appending "/."
1455 strcat((char *) buf->name, "/");
1456 tomoyo_fill_path_info(buf);
1459 error = tomoyo_path_permission(&r, operation, buf);
1462 tomoyo_read_unlock(idx);
1463 if (r.mode != TOMOYO_CONFIG_ENFORCING)
1469 * tomoyo_path_number3_perm2 - Check permission for path/number/number/number operation.
1471 * @r: Pointer to "struct tomoyo_request_info".
1472 * @operation: Type of operation.
1473 * @filename: Filename to check.
1474 * @mode: Create mode.
1475 * @dev: Device number.
1477 * Returns 0 on success, negative value otherwise.
1479 * Caller holds tomoyo_read_lock().
1481 static int tomoyo_path_number3_perm2(struct tomoyo_request_info *r,
1483 const struct tomoyo_path_info *filename,
1484 const unsigned int mode,
1485 const unsigned int dev)
1488 const unsigned int major = MAJOR(dev);
1489 const unsigned int minor = MINOR(dev);
1491 error = tomoyo_path_number3_acl(r, filename, 1 << operation, mode,
1495 tomoyo_warn_log(r, "%s %s 0%o %u %u",
1496 tomoyo_path_number32keyword(operation),
1497 filename->name, mode, major, minor);
1498 if (tomoyo_domain_quota_is_ok(r)) {
1502 memset(mode_buf, 0, sizeof(mode_buf));
1503 memset(major_buf, 0, sizeof(major_buf));
1504 memset(minor_buf, 0, sizeof(minor_buf));
1505 snprintf(mode_buf, sizeof(mode_buf) - 1, "0%o", mode);
1506 snprintf(major_buf, sizeof(major_buf) - 1, "%u", major);
1507 snprintf(minor_buf, sizeof(minor_buf) - 1, "%u", minor);
1508 tomoyo_update_path_number3_acl(operation,
1509 tomoyo_get_file_pattern(filename)
1510 ->name, mode_buf, major_buf,
1511 minor_buf, r->domain, false);
1513 if (r->mode != TOMOYO_CONFIG_ENFORCING)
1519 * tomoyo_path_number3_perm - Check permission for "mkblock" and "mkchar".
1521 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)
1522 * @path: Pointer to "struct path".
1523 * @mode: Create mode.
1524 * @dev: Device number.
1526 * Returns 0 on success, negative value otherwise.
1528 int tomoyo_path_number3_perm(const u8 operation, struct path *path,
1529 const unsigned int mode, unsigned int dev)
1531 struct tomoyo_request_info r;
1532 int error = -ENOMEM;
1533 struct tomoyo_path_info *buf;
1536 if (tomoyo_init_request_info(&r, NULL) == TOMOYO_CONFIG_DISABLED ||
1539 idx = tomoyo_read_lock();
1541 buf = tomoyo_get_path(path);
1543 error = tomoyo_path_number3_perm2(&r, operation, buf, mode,
1544 new_decode_dev(dev));
1547 tomoyo_read_unlock(idx);
1548 if (r.mode != TOMOYO_CONFIG_ENFORCING)
1554 * tomoyo_path2_perm - Check permission for "rename", "link" and "pivot_root".
1556 * @operation: Type of operation.
1557 * @path1: Pointer to "struct path".
1558 * @path2: Pointer to "struct path".
1560 * Returns 0 on success, negative value otherwise.
1562 int tomoyo_path2_perm(const u8 operation, struct path *path1,
1565 int error = -ENOMEM;
1566 struct tomoyo_path_info *buf1;
1567 struct tomoyo_path_info *buf2;
1568 struct tomoyo_request_info r;
1571 if (tomoyo_init_request_info(&r, NULL) == TOMOYO_CONFIG_DISABLED ||
1572 !path1->mnt || !path2->mnt)
1574 idx = tomoyo_read_lock();
1575 buf1 = tomoyo_get_path(path1);
1576 buf2 = tomoyo_get_path(path2);
1580 struct dentry *dentry = path1->dentry;
1581 if (dentry->d_inode && S_ISDIR(dentry->d_inode->i_mode)) {
1583 * tomoyo_get_path() reserves space for appending "/."
1585 if (!buf1->is_dir) {
1586 strcat((char *) buf1->name, "/");
1587 tomoyo_fill_path_info(buf1);
1589 if (!buf2->is_dir) {
1590 strcat((char *) buf2->name, "/");
1591 tomoyo_fill_path_info(buf2);
1595 error = tomoyo_path2_acl(&r, operation, buf1, buf2);
1598 tomoyo_warn_log(&r, "%s %s %s", tomoyo_path22keyword(operation),
1599 buf1->name, buf2->name);
1600 if (tomoyo_domain_quota_is_ok(&r)) {
1601 const char *name1 = tomoyo_get_file_pattern(buf1)->name;
1602 const char *name2 = tomoyo_get_file_pattern(buf2)->name;
1603 tomoyo_update_path2_acl(operation, name1, name2, r.domain,
1609 tomoyo_read_unlock(idx);
1610 if (r.mode != TOMOYO_CONFIG_ENFORCING)
1616 * tomoyo_write_file_policy - Update file related list.
1618 * @data: String to parse.
1619 * @domain: Pointer to "struct tomoyo_domain_info".
1620 * @is_delete: True if it is a delete request.
1622 * Returns 0 on success, negative value otherwise.
1624 * Caller holds tomoyo_read_lock().
1626 int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain,
1627 const bool is_delete)
1631 if (!tomoyo_tokenize(data, w, sizeof(w)) || !w[1][0])
1633 if (strncmp(w[0], "allow_", 6)) {
1635 if (sscanf(w[0], "%u", &perm) == 1)
1636 return tomoyo_update_file_acl((u8) perm, w[1], domain,
1641 for (type = 0; type < TOMOYO_MAX_PATH_OPERATION; type++) {
1642 if (strcmp(w[0], tomoyo_path_keyword[type]))
1644 return tomoyo_update_path_acl(type, w[1], domain, is_delete);
1648 for (type = 0; type < TOMOYO_MAX_PATH2_OPERATION; type++) {
1649 if (strcmp(w[0], tomoyo_path2_keyword[type]))
1651 return tomoyo_update_path2_acl(type, w[1], w[2], domain,
1654 for (type = 0; type < TOMOYO_MAX_PATH_NUMBER_OPERATION; type++) {
1655 if (strcmp(w[0], tomoyo_path_number_keyword[type]))
1657 return tomoyo_update_path_number_acl(type, w[1], w[2], domain,
1660 if (!w[3][0] || !w[4][0])
1662 for (type = 0; type < TOMOYO_MAX_PATH_NUMBER3_OPERATION; type++) {
1663 if (strcmp(w[0], tomoyo_path_number3_keyword[type]))
1665 return tomoyo_update_path_number3_acl(type, w[1], w[2], w[3],
1666 w[4], domain, is_delete);