~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/tomoyo/load_policy.c

Version: ~ [ linux-5.1-rc5 ] ~ [ linux-5.0.7 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.34 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.111 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.168 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.178 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.138 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.65 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 // SPDX-License-Identifier: GPL-2.0
  2 /*
  3  * security/tomoyo/load_policy.c
  4  *
  5  * Copyright (C) 2005-2011  NTT DATA CORPORATION
  6  */
  7 
  8 #include "common.h"
  9 
 10 #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
 11 
 12 /*
 13  * Path to the policy loader. (default = CONFIG_SECURITY_TOMOYO_POLICY_LOADER)
 14  */
 15 static const char *tomoyo_loader;
 16 
 17 /**
 18  * tomoyo_loader_setup - Set policy loader.
 19  *
 20  * @str: Program to use as a policy loader (e.g. /sbin/tomoyo-init ).
 21  *
 22  * Returns 0.
 23  */
 24 static int __init tomoyo_loader_setup(char *str)
 25 {
 26         tomoyo_loader = str;
 27         return 0;
 28 }
 29 
 30 __setup("TOMOYO_loader=", tomoyo_loader_setup);
 31 
 32 /**
 33  * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
 34  *
 35  * Returns true if /sbin/tomoyo-init exists, false otherwise.
 36  */
 37 static bool tomoyo_policy_loader_exists(void)
 38 {
 39         struct path path;
 40         if (!tomoyo_loader)
 41                 tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER;
 42         if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
 43                 printk(KERN_INFO "Not activating Mandatory Access Control "
 44                        "as %s does not exist.\n", tomoyo_loader);
 45                 return false;
 46         }
 47         path_put(&path);
 48         return true;
 49 }
 50 
 51 /*
 52  * Path to the trigger. (default = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER)
 53  */
 54 static const char *tomoyo_trigger;
 55 
 56 /**
 57  * tomoyo_trigger_setup - Set trigger for activation.
 58  *
 59  * @str: Program to use as an activation trigger (e.g. /sbin/init ).
 60  *
 61  * Returns 0.
 62  */
 63 static int __init tomoyo_trigger_setup(char *str)
 64 {
 65         tomoyo_trigger = str;
 66         return 0;
 67 }
 68 
 69 __setup("TOMOYO_trigger=", tomoyo_trigger_setup);
 70 
 71 /**
 72  * tomoyo_load_policy - Run external policy loader to load policy.
 73  *
 74  * @filename: The program about to start.
 75  *
 76  * This function checks whether @filename is /sbin/init , and if so
 77  * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
 78  * and then continues invocation of /sbin/init.
 79  * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
 80  * writes to /sys/kernel/security/tomoyo/ interfaces.
 81  *
 82  * Returns nothing.
 83  */
 84 void tomoyo_load_policy(const char *filename)
 85 {
 86         static bool done;
 87         char *argv[2];
 88         char *envp[3];
 89 
 90         if (tomoyo_policy_loaded || done)
 91                 return;
 92         if (!tomoyo_trigger)
 93                 tomoyo_trigger = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER;
 94         if (strcmp(filename, tomoyo_trigger))
 95                 return;
 96         if (!tomoyo_policy_loader_exists())
 97                 return;
 98         done = true;
 99         printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
100                tomoyo_loader);
101         argv[0] = (char *) tomoyo_loader;
102         argv[1] = NULL;
103         envp[0] = "HOME=/";
104         envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
105         envp[2] = NULL;
106         call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
107         tomoyo_check_profile();
108 }
109 
110 #endif
111 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp