Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 75df713627
Branches Tags
linux-vybrid_pu...
/
security
/
tomoyo
/
securityfs_if.c

securityfs_if.c 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153 
  1. /*
    2. 

  2.  * security/tomoyo/securityfs_if.c
    3. 

  3.  *
    4. 

  4.  * Copyright (C) 2005-2011  NTT DATA CORPORATION
    5. 

  5.  */
    6. 

  6. 

  7. #include <linux/security.h>
    8. 

  8. #include "common.h"
    9. 

  9. 

  10. /**
    11. 

  11.  * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
    12. 

  12.  *
    13. 

  13.  * @inode: Pointer to "struct inode".
    14. 

  14.  * @file:  Pointer to "struct file".
    15. 

  15.  *
    16. 

  16.  * Returns 0 on success, negative value otherwise.
    17. 

  17.  */
    18. 

  18. static int tomoyo_open(struct inode *inode, struct file *file)
    19. 

  19. {
    20. 

  20. 	const int key = ((u8 *) file->f_path.dentry->d_inode->i_private)
    21. 

  21. 		- ((u8 *) NULL);
    22. 

  22. 	return tomoyo_open_control(key, file);
    23. 

  23. }
    24. 

  24. 

  25. /**
    26. 

  26.  * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
    27. 

  27.  *
    28. 

  28.  * @inode: Pointer to "struct inode".
    29. 

  29.  * @file:  Pointer to "struct file".
    30. 

  30.  *
    31. 

  31.  * Returns 0 on success, negative value otherwise.
    32. 

  32.  */
    33. 

  33. static int tomoyo_release(struct inode *inode, struct file *file)
    34. 

  34. {
    35. 

  35. 	return tomoyo_close_control(file->private_data);
    36. 

  36. }
    37. 

  37. 

  38. /**
    39. 

  39.  * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
    40. 

  40.  *
    41. 

  41.  * @file: Pointer to "struct file".
    42. 

  42.  * @wait: Pointer to "poll_table".
    43. 

  43.  *
    44. 

  44.  * Returns 0 on success, negative value otherwise.
    45. 

  45.  */
    46. 

  46. static unsigned int tomoyo_poll(struct file *file, poll_table *wait)
    47. 

  47. {
    48. 

  48. 	return tomoyo_poll_control(file, wait);
    49. 

  49. }
    50. 

  50. 

  51. /**
    52. 

  52.  * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
    53. 

  53.  *
    54. 

  54.  * @file:  Pointer to "struct file".
    55. 

  55.  * @buf:   Pointer to buffer.
    56. 

  56.  * @count: Size of @buf.
    57. 

  57.  * @ppos:  Unused.
    58. 

  58.  *
    59. 

  59.  * Returns bytes read on success, negative value otherwise.
    60. 

  60.  */
    61. 

  61. static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
    62. 

  62. 			   loff_t *ppos)
    63. 

  63. {
    64. 

  64. 	return tomoyo_read_control(file->private_data, buf, count);
    65. 

  65. }
    66. 

  66. 

  67. /**
    68. 

  68.  * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
    69. 

  69.  *
    70. 

  70.  * @file:  Pointer to "struct file".
    71. 

  71.  * @buf:   Pointer to buffer.
    72. 

  72.  * @count: Size of @buf.
    73. 

  73.  * @ppos:  Unused.
    74. 

  74.  *
    75. 

  75.  * Returns @count on success, negative value otherwise.
    76. 

  76.  */
    77. 

  77. static ssize_t tomoyo_write(struct file *file, const char __user *buf,
    78. 

  78. 			    size_t count, loff_t *ppos)
    79. 

  79. {
    80. 

  80. 	return tomoyo_write_control(file->private_data, buf, count);
    81. 

  81. }
    82. 

  82. 

  83. /*
    84. 

  84.  * tomoyo_operations is a "struct file_operations" which is used for handling
    85. 

  85.  * /sys/kernel/security/tomoyo/ interface.
    86. 

  86.  *
    87. 

  87.  * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
    88. 

  88.  * See tomoyo_io_buffer for internals.
    89. 

  89.  */
    90. 

  90. static const struct file_operations tomoyo_operations = {
    91. 

  91. 	.open    = tomoyo_open,
    92. 

  92. 	.release = tomoyo_release,
    93. 

  93. 	.poll    = tomoyo_poll,
    94. 

  94. 	.read    = tomoyo_read,
    95. 

  95. 	.write   = tomoyo_write,
    96. 

  96. 	.llseek  = noop_llseek,
    97. 

  97. };
    98. 

  98. 

  99. /**
    100. 

  100.  * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
    101. 

  101.  *
    102. 

  102.  * @name:   The name of the interface file.
    103. 

  103.  * @mode:   The permission of the interface file.
    104. 

  104.  * @parent: The parent directory.
    105. 

  105.  * @key:    Type of interface.
    106. 

  106.  *
    107. 

  107.  * Returns nothing.
    108. 

  108.  */
    109. 

  109. static void __init tomoyo_create_entry(const char *name, const mode_t mode,
    110. 

  110. 				       struct dentry *parent, const u8 key)
    111. 

  111. {
    112. 

  112. 	securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
    113. 

  113. 			       &tomoyo_operations);
    114. 

  114. }
    115. 

  115. 

  116. /**
    117. 

  117.  * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
    118. 

  118.  *
    119. 

  119.  * Returns 0.
    120. 

  120.  */
    121. 

  121. static int __init tomoyo_initerface_init(void)
    122. 

  122. {
    123. 

  123. 	struct dentry *tomoyo_dir;
    124. 

  124. 

  125. 	/* Don't create securityfs entries unless registered. */
    126. 

  126. 	if (current_cred()->security != &tomoyo_kernel_domain)
    127. 

  127. 		return 0;
    128. 

  128. 

  129. 	tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
    130. 

  130. 	tomoyo_create_entry("query",            0600, tomoyo_dir,
    131. 

  131. 			    TOMOYO_QUERY);
    132. 

  132. 	tomoyo_create_entry("domain_policy",    0600, tomoyo_dir,
    133. 

  133. 			    TOMOYO_DOMAINPOLICY);
    134. 

  134. 	tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
    135. 

  135. 			    TOMOYO_EXCEPTIONPOLICY);
    136. 

  136. 	tomoyo_create_entry("audit",            0400, tomoyo_dir,
    137. 

  137. 			    TOMOYO_AUDIT);
    138. 

  138. 	tomoyo_create_entry("self_domain",      0400, tomoyo_dir,
    139. 

  139. 			    TOMOYO_SELFDOMAIN);
    140. 

  140. 	tomoyo_create_entry(".process_status",  0600, tomoyo_dir,
    141. 

  141. 			    TOMOYO_PROCESS_STATUS);
    142. 

  142. 	tomoyo_create_entry("stat",             0644, tomoyo_dir,
    143. 

  143. 			    TOMOYO_STAT);
    144. 

  144. 	tomoyo_create_entry("profile",          0600, tomoyo_dir,
    145. 

  145. 			    TOMOYO_PROFILE);
    146. 

  146. 	tomoyo_create_entry("manager",          0600, tomoyo_dir,
    147. 

  147. 			    TOMOYO_MANAGER);
    148. 

  148. 	tomoyo_create_entry("version",          0400, tomoyo_dir,
    149. 

  149. 			    TOMOYO_VERSION);
    150. 

  150. 	return 0;
    151. 

  151. }
    152. 

  152. 

  153. fs_initcall(tomoyo_initerface_init);
    154.