Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awilliam
GitHub Repository: awilliam/linux-vfio
 Path: blob/master/security/tomoyo/securityfs_if.c
10814 views
1
/*

2
 * security/tomoyo/common.c

3
 *

4
 * Securityfs interface for TOMOYO.

5
 *

6
 * Copyright (C) 2005-2010  NTT DATA CORPORATION

7
 */

8


9
#include <linux/security.h>

10
#include "common.h"

11


12
/**

13
 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.

14
 *

15
 * @inode: Pointer to "struct inode".

16
 * @file:  Pointer to "struct file".

17
 *

18
 * Returns 0 on success, negative value otherwise.

19
 */

20
static int tomoyo_open(struct inode *inode, struct file *file)

21
{

22
	const int key = ((u8 *) file->f_path.dentry->d_inode->i_private)

23
		- ((u8 *) NULL);

24
	return tomoyo_open_control(key, file);

25
}

26


27
/**

28
 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.

29
 *

30
 * @inode: Pointer to "struct inode".

31
 * @file:  Pointer to "struct file".

32
 *

33
 * Returns 0 on success, negative value otherwise.

34
 */

35
static int tomoyo_release(struct inode *inode, struct file *file)

36
{

37
	return tomoyo_close_control(file);

38
}

39


40
/**

41
 * tomoyo_poll - poll() for /proc/ccs/ interface.

42
 *

43
 * @file: Pointer to "struct file".

44
 * @wait: Pointer to "poll_table".

45
 *

46
 * Returns 0 on success, negative value otherwise.

47
 */

48
static unsigned int tomoyo_poll(struct file *file, poll_table *wait)

49
{

50
	return tomoyo_poll_control(file, wait);

51
}

52


53
/**

54
 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.

55
 *

56
 * @file:  Pointer to "struct file".

57
 * @buf:   Pointer to buffer.

58
 * @count: Size of @buf.

59
 * @ppos:  Unused.

60
 *

61
 * Returns bytes read on success, negative value otherwise.

62
 */

63
static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,

64
			   loff_t *ppos)

65
{

66
	return tomoyo_read_control(file, buf, count);

67
}

68


69
/**

70
 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.

71
 *

72
 * @file:  Pointer to "struct file".

73
 * @buf:   Pointer to buffer.

74
 * @count: Size of @buf.

75
 * @ppos:  Unused.

76
 *

77
 * Returns @count on success, negative value otherwise.

78
 */

79
static ssize_t tomoyo_write(struct file *file, const char __user *buf,

80
			    size_t count, loff_t *ppos)

81
{

82
	return tomoyo_write_control(file, buf, count);

83
}

84


85
/*

86
 * tomoyo_operations is a "struct file_operations" which is used for handling

87
 * /sys/kernel/security/tomoyo/ interface.

88
 *

89
 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).

90
 * See tomoyo_io_buffer for internals.

91
 */

92
static const struct file_operations tomoyo_operations = {

93
	.open    = tomoyo_open,

94
	.release = tomoyo_release,

95
	.poll    = tomoyo_poll,

96
	.read    = tomoyo_read,

97
	.write   = tomoyo_write,

98
	.llseek  = noop_llseek,

99
};

100


101
/**

102
 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.

103
 *

104
 * @name:   The name of the interface file.

105
 * @mode:   The permission of the interface file.

106
 * @parent: The parent directory.

107
 * @key:    Type of interface.

108
 *

109
 * Returns nothing.

110
 */

111
static void __init tomoyo_create_entry(const char *name, const mode_t mode,

112
				       struct dentry *parent, const u8 key)

113
{

114
	securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,

115
			       &tomoyo_operations);

116
}

117


118
/**

119
 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.

120
 *

121
 * Returns 0.

122
 */

123
static int __init tomoyo_initerface_init(void)

124
{

125
	struct dentry *tomoyo_dir;

126


127
	/* Don't create securityfs entries unless registered. */

128
	if (current_cred()->security != &tomoyo_kernel_domain)

129
		return 0;

130


131
	tomoyo_dir = securityfs_create_dir("tomoyo", NULL);

132
	tomoyo_create_entry("query",            0600, tomoyo_dir,

133
			    TOMOYO_QUERY);

134
	tomoyo_create_entry("domain_policy",    0600, tomoyo_dir,

135
			    TOMOYO_DOMAINPOLICY);

136
	tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,

137
			    TOMOYO_EXCEPTIONPOLICY);

138
	tomoyo_create_entry("self_domain",      0400, tomoyo_dir,

139
			    TOMOYO_SELFDOMAIN);

140
	tomoyo_create_entry(".domain_status",   0600, tomoyo_dir,

141
			    TOMOYO_DOMAIN_STATUS);

142
	tomoyo_create_entry(".process_status",  0600, tomoyo_dir,

143
			    TOMOYO_PROCESS_STATUS);

144
	tomoyo_create_entry("meminfo",          0600, tomoyo_dir,

145
			    TOMOYO_MEMINFO);

146
	tomoyo_create_entry("profile",          0600, tomoyo_dir,

147
			    TOMOYO_PROFILE);

148
	tomoyo_create_entry("manager",          0600, tomoyo_dir,

149
			    TOMOYO_MANAGER);

150
	tomoyo_create_entry("version",          0400, tomoyo_dir,

151
			    TOMOYO_VERSION);

152
	return 0;

153
}

154


155
fs_initcall(tomoyo_initerface_init);

156


157