common.h source code [linux/security/tomoyo/common.h]

1	/ SPDX-License-Identifier: GPL-2.0 /
2	/*
3	* security/tomoyo/common.h
4	*
5	* Header file for TOMOYO.
6	*
7	* Copyright (C) 2005-2011 NTT DATA CORPORATION
8	*/
9
10	#ifndef _SECURITY_TOMOYO_COMMON_H
11	#define _SECURITY_TOMOYO_COMMON_H
12
13	#define pr_fmt(fmt) fmt
14
15	#include <linux/ctype.h>
16	#include <linux/string.h>
17	#include <linux/mm.h>
18	#include <linux/file.h>
19	#include <linux/kmod.h>
20	#include <linux/fs.h>
21	#include <linux/sched.h>
22	#include <linux/namei.h>
23	#include <linux/mount.h>
24	#include <linux/list.h>
25	#include <linux/cred.h>
26	#include <linux/poll.h>
27	#include <linux/binfmts.h>
28	#include <linux/highmem.h>
29	#include <linux/net.h>
30	#include <linux/inet.h>
31	#include <linux/in.h>
32	#include <linux/in6.h>
33	#include <linux/un.h>
34	#include <linux/lsm_hooks.h>
35	#include <net/sock.h>
36	#include <net/af_unix.h>
37	#include <net/ip.h>
38	#include <net/ipv6.h>
39	#include <net/udp.h>
40
41	/******* Constants definitions. *******/
42
43	/*
44	* TOMOYO uses this hash only when appending a string into the string
45	* table. Frequency of appending strings is very low. So we don't need
46	* large (e.g. 64k) hash size. 256 will be sufficient.
47	*/
48	#define TOMOYO_HASH_BITS 8
49	#define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS)
50
51	/*
52	* TOMOYO checks only SOCK_STREAM, SOCK_DGRAM, SOCK_RAW, SOCK_SEQPACKET.
53	* Therefore, we don't need SOCK_MAX.
54	*/
55	#define TOMOYO_SOCK_MAX 6
56
57	#define TOMOYO_EXEC_TMPSIZE 4096
58
59	/ Garbage collector is trying to kfree() this element. /
60	#define TOMOYO_GC_IN_PROGRESS -1
61
62	/ Profile number is an integer between 0 and 255. /
63	#define TOMOYO_MAX_PROFILES 256
64
65	/ Group number is an integer between 0 and 255. /
66	#define TOMOYO_MAX_ACL_GROUPS 256
67
68	/ Index numbers for "struct tomoyo_condition". /
69	enum tomoyo_conditions_index {
70	TOMOYO_TASK_UID, / current_uid() /
71	TOMOYO_TASK_EUID, / current_euid() /
72	TOMOYO_TASK_SUID, / current_suid() /
73	TOMOYO_TASK_FSUID, / current_fsuid() /
74	TOMOYO_TASK_GID, / current_gid() /
75	TOMOYO_TASK_EGID, / current_egid() /
76	TOMOYO_TASK_SGID, / current_sgid() /
77	TOMOYO_TASK_FSGID, / current_fsgid() /
78	TOMOYO_TASK_PID, / sys_getpid() /
79	TOMOYO_TASK_PPID, / sys_getppid() /
80	TOMOYO_EXEC_ARGC, / "struct linux_binprm "->argc /*
81	TOMOYO_EXEC_ENVC, / "struct linux_binprm "->envc /*
82	TOMOYO_TYPE_IS_SOCKET, / S_IFSOCK /
83	TOMOYO_TYPE_IS_SYMLINK, / S_IFLNK /
84	TOMOYO_TYPE_IS_FILE, / S_IFREG /
85	TOMOYO_TYPE_IS_BLOCK_DEV, / S_IFBLK /
86	TOMOYO_TYPE_IS_DIRECTORY, / S_IFDIR /
87	TOMOYO_TYPE_IS_CHAR_DEV, / S_IFCHR /
88	TOMOYO_TYPE_IS_FIFO, / S_IFIFO /
89	TOMOYO_MODE_SETUID, / S_ISUID /
90	TOMOYO_MODE_SETGID, / S_ISGID /
91	TOMOYO_MODE_STICKY, / S_ISVTX /
92	TOMOYO_MODE_OWNER_READ, / S_IRUSR /
93	TOMOYO_MODE_OWNER_WRITE, / S_IWUSR /
94	TOMOYO_MODE_OWNER_EXECUTE, / S_IXUSR /
95	TOMOYO_MODE_GROUP_READ, / S_IRGRP /
96	TOMOYO_MODE_GROUP_WRITE, / S_IWGRP /
97	TOMOYO_MODE_GROUP_EXECUTE, / S_IXGRP /
98	TOMOYO_MODE_OTHERS_READ, / S_IROTH /
99	TOMOYO_MODE_OTHERS_WRITE, / S_IWOTH /
100	TOMOYO_MODE_OTHERS_EXECUTE, / S_IXOTH /
101	TOMOYO_EXEC_REALPATH,
102	TOMOYO_SYMLINK_TARGET,
103	TOMOYO_PATH1_UID,
104	TOMOYO_PATH1_GID,
105	TOMOYO_PATH1_INO,
106	TOMOYO_PATH1_MAJOR,
107	TOMOYO_PATH1_MINOR,
108	TOMOYO_PATH1_PERM,
109	TOMOYO_PATH1_TYPE,
110	TOMOYO_PATH1_DEV_MAJOR,
111	TOMOYO_PATH1_DEV_MINOR,
112	TOMOYO_PATH2_UID,
113	TOMOYO_PATH2_GID,
114	TOMOYO_PATH2_INO,
115	TOMOYO_PATH2_MAJOR,
116	TOMOYO_PATH2_MINOR,
117	TOMOYO_PATH2_PERM,
118	TOMOYO_PATH2_TYPE,
119	TOMOYO_PATH2_DEV_MAJOR,
120	TOMOYO_PATH2_DEV_MINOR,
121	TOMOYO_PATH1_PARENT_UID,
122	TOMOYO_PATH1_PARENT_GID,
123	TOMOYO_PATH1_PARENT_INO,
124	TOMOYO_PATH1_PARENT_PERM,
125	TOMOYO_PATH2_PARENT_UID,
126	TOMOYO_PATH2_PARENT_GID,
127	TOMOYO_PATH2_PARENT_INO,
128	TOMOYO_PATH2_PARENT_PERM,
129	TOMOYO_MAX_CONDITION_KEYWORD,
130	TOMOYO_NUMBER_UNION,
131	TOMOYO_NAME_UNION,
132	TOMOYO_ARGV_ENTRY,
133	TOMOYO_ENVP_ENTRY,
134	};
135
136
137	/ Index numbers for stat(). /
138	enum tomoyo_path_stat_index {
139	/ Do not change this order. /
140	TOMOYO_PATH1,
141	TOMOYO_PATH1_PARENT,
142	TOMOYO_PATH2,
143	TOMOYO_PATH2_PARENT,
144	TOMOYO_MAX_PATH_STAT
145	};
146
147	/ Index numbers for operation mode. /
148	enum tomoyo_mode_index {
149	TOMOYO_CONFIG_DISABLED,
150	TOMOYO_CONFIG_LEARNING,
151	TOMOYO_CONFIG_PERMISSIVE,
152	TOMOYO_CONFIG_ENFORCING,
153	TOMOYO_CONFIG_MAX_MODE,
154	TOMOYO_CONFIG_WANT_REJECT_LOG = `64`,
155	TOMOYO_CONFIG_WANT_GRANT_LOG = `128`,
156	TOMOYO_CONFIG_USE_DEFAULT = `255`,
157	};
158
159	/ Index numbers for entry type. /
160	enum tomoyo_policy_id {
161	TOMOYO_ID_GROUP,
162	TOMOYO_ID_ADDRESS_GROUP,
163	TOMOYO_ID_PATH_GROUP,
164	TOMOYO_ID_NUMBER_GROUP,
165	TOMOYO_ID_TRANSITION_CONTROL,
166	TOMOYO_ID_AGGREGATOR,
167	TOMOYO_ID_MANAGER,
168	TOMOYO_ID_CONDITION,
169	TOMOYO_ID_NAME,
170	TOMOYO_ID_ACL,
171	TOMOYO_ID_DOMAIN,
172	TOMOYO_MAX_POLICY
173	};
174
175	/ Index numbers for domain's attributes. /
176	enum tomoyo_domain_info_flags_index {
177	/ Quota warnning flag. /
178	TOMOYO_DIF_QUOTA_WARNED,
179	/*
180	* This domain was unable to create a new domain at
181	* tomoyo_find_next_domain() because the name of the domain to be
182	* created was too long or it could not allocate memory.
183	* More than one process continued execve() without domain transition.
184	*/
185	TOMOYO_DIF_TRANSITION_FAILED,
186	TOMOYO_MAX_DOMAIN_INFO_FLAGS
187	};
188
189	/ Index numbers for audit type. /
190	enum tomoyo_grant_log {
191	/ Follow profile's configuration. /
192	TOMOYO_GRANTLOG_AUTO,
193	/ Do not generate grant log. /
194	TOMOYO_GRANTLOG_NO,
195	/ Generate grant_log. /
196	TOMOYO_GRANTLOG_YES,
197	};
198
199	/ Index numbers for group entries. /
200	enum tomoyo_group_id {
201	TOMOYO_PATH_GROUP,
202	TOMOYO_NUMBER_GROUP,
203	TOMOYO_ADDRESS_GROUP,
204	TOMOYO_MAX_GROUP
205	};
206
207	/ Index numbers for type of numeric values. /
208	enum tomoyo_value_type {
209	TOMOYO_VALUE_TYPE_INVALID,
210	TOMOYO_VALUE_TYPE_DECIMAL,
211	TOMOYO_VALUE_TYPE_OCTAL,
212	TOMOYO_VALUE_TYPE_HEXADECIMAL,
213	};
214
215	/ Index numbers for domain transition control keywords. /
216	enum tomoyo_transition_type {
217	/ Do not change this order, /
218	TOMOYO_TRANSITION_CONTROL_NO_RESET,
219	TOMOYO_TRANSITION_CONTROL_RESET,
220	TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE,
221	TOMOYO_TRANSITION_CONTROL_INITIALIZE,
222	TOMOYO_TRANSITION_CONTROL_NO_KEEP,
223	TOMOYO_TRANSITION_CONTROL_KEEP,
224	TOMOYO_MAX_TRANSITION_TYPE
225	};
226
227	/ Index numbers for Access Controls. /
228	enum tomoyo_acl_entry_type_index {
229	TOMOYO_TYPE_PATH_ACL,
230	TOMOYO_TYPE_PATH2_ACL,
231	TOMOYO_TYPE_PATH_NUMBER_ACL,
232	TOMOYO_TYPE_MKDEV_ACL,
233	TOMOYO_TYPE_MOUNT_ACL,
234	TOMOYO_TYPE_INET_ACL,
235	TOMOYO_TYPE_UNIX_ACL,
236	TOMOYO_TYPE_ENV_ACL,
237	TOMOYO_TYPE_MANUAL_TASK_ACL,
238	};
239
240	/ Index numbers for access controls with one pathname. /
241	enum tomoyo_path_acl_index {
242	TOMOYO_TYPE_EXECUTE,
243	TOMOYO_TYPE_READ,
244	TOMOYO_TYPE_WRITE,
245	TOMOYO_TYPE_APPEND,
246	TOMOYO_TYPE_UNLINK,
247	TOMOYO_TYPE_GETATTR,
248	TOMOYO_TYPE_RMDIR,
249	TOMOYO_TYPE_TRUNCATE,
250	TOMOYO_TYPE_SYMLINK,
251	TOMOYO_TYPE_CHROOT,
252	TOMOYO_TYPE_UMOUNT,
253	TOMOYO_MAX_PATH_OPERATION
254	};
255
256	/ Index numbers for /sys/kernel/security/tomoyo/stat interface. /
257	enum tomoyo_memory_stat_type {
258	TOMOYO_MEMORY_POLICY,
259	TOMOYO_MEMORY_AUDIT,
260	TOMOYO_MEMORY_QUERY,
261	TOMOYO_MAX_MEMORY_STAT
262	};
263
264	enum tomoyo_mkdev_acl_index {
265	TOMOYO_TYPE_MKBLOCK,
266	TOMOYO_TYPE_MKCHAR,
267	TOMOYO_MAX_MKDEV_OPERATION
268	};
269
270	/ Index numbers for socket operations. /
271	enum tomoyo_network_acl_index {
272	TOMOYO_NETWORK_BIND, / bind() operation. /
273	TOMOYO_NETWORK_LISTEN, / listen() operation. /
274	TOMOYO_NETWORK_CONNECT, / connect() operation. /
275	TOMOYO_NETWORK_SEND, / send() operation. /
276	TOMOYO_MAX_NETWORK_OPERATION
277	};
278
279	/ Index numbers for access controls with two pathnames. /
280	enum tomoyo_path2_acl_index {
281	TOMOYO_TYPE_LINK,
282	TOMOYO_TYPE_RENAME,
283	TOMOYO_TYPE_PIVOT_ROOT,
284	TOMOYO_MAX_PATH2_OPERATION
285	};
286
287	/ Index numbers for access controls with one pathname and one number. /
288	enum tomoyo_path_number_acl_index {
289	TOMOYO_TYPE_CREATE,
290	TOMOYO_TYPE_MKDIR,
291	TOMOYO_TYPE_MKFIFO,
292	TOMOYO_TYPE_MKSOCK,
293	TOMOYO_TYPE_IOCTL,
294	TOMOYO_TYPE_CHMOD,
295	TOMOYO_TYPE_CHOWN,
296	TOMOYO_TYPE_CHGRP,
297	TOMOYO_MAX_PATH_NUMBER_OPERATION
298	};
299
300	/ Index numbers for /sys/kernel/security/tomoyo/ interfaces. /
301	enum tomoyo_securityfs_interface_index {
302	TOMOYO_DOMAINPOLICY,
303	TOMOYO_EXCEPTIONPOLICY,
304	TOMOYO_PROCESS_STATUS,
305	TOMOYO_STAT,
306	TOMOYO_AUDIT,
307	TOMOYO_VERSION,
308	TOMOYO_PROFILE,
309	TOMOYO_QUERY,
310	TOMOYO_MANAGER
311	};
312
313	/ Index numbers for special mount operations. /
314	enum tomoyo_special_mount {
315	TOMOYO_MOUNT_BIND, / mount --bind /source /dest /
316	TOMOYO_MOUNT_MOVE, / mount --move /old /new /
317	TOMOYO_MOUNT_REMOUNT, / mount -o remount /dir /
318	TOMOYO_MOUNT_MAKE_UNBINDABLE, / mount --make-unbindable /dir /
319	TOMOYO_MOUNT_MAKE_PRIVATE, / mount --make-private /dir /
320	TOMOYO_MOUNT_MAKE_SLAVE, / mount --make-slave /dir /
321	TOMOYO_MOUNT_MAKE_SHARED, / mount --make-shared /dir /
322	TOMOYO_MAX_SPECIAL_MOUNT
323	};
324
325	/ Index numbers for functionality. /
326	enum tomoyo_mac_index {
327	TOMOYO_MAC_FILE_EXECUTE,
328	TOMOYO_MAC_FILE_OPEN,
329	TOMOYO_MAC_FILE_CREATE,
330	TOMOYO_MAC_FILE_UNLINK,
331	TOMOYO_MAC_FILE_GETATTR,
332	TOMOYO_MAC_FILE_MKDIR,
333	TOMOYO_MAC_FILE_RMDIR,
334	TOMOYO_MAC_FILE_MKFIFO,
335	TOMOYO_MAC_FILE_MKSOCK,
336	TOMOYO_MAC_FILE_TRUNCATE,
337	TOMOYO_MAC_FILE_SYMLINK,
338	TOMOYO_MAC_FILE_MKBLOCK,
339	TOMOYO_MAC_FILE_MKCHAR,
340	TOMOYO_MAC_FILE_LINK,
341	TOMOYO_MAC_FILE_RENAME,
342	TOMOYO_MAC_FILE_CHMOD,
343	TOMOYO_MAC_FILE_CHOWN,
344	TOMOYO_MAC_FILE_CHGRP,
345	TOMOYO_MAC_FILE_IOCTL,
346	TOMOYO_MAC_FILE_CHROOT,
347	TOMOYO_MAC_FILE_MOUNT,
348	TOMOYO_MAC_FILE_UMOUNT,
349	TOMOYO_MAC_FILE_PIVOT_ROOT,
350	TOMOYO_MAC_NETWORK_INET_STREAM_BIND,
351	TOMOYO_MAC_NETWORK_INET_STREAM_LISTEN,
352	TOMOYO_MAC_NETWORK_INET_STREAM_CONNECT,
353	TOMOYO_MAC_NETWORK_INET_DGRAM_BIND,
354	TOMOYO_MAC_NETWORK_INET_DGRAM_SEND,
355	TOMOYO_MAC_NETWORK_INET_RAW_BIND,
356	TOMOYO_MAC_NETWORK_INET_RAW_SEND,
357	TOMOYO_MAC_NETWORK_UNIX_STREAM_BIND,
358	TOMOYO_MAC_NETWORK_UNIX_STREAM_LISTEN,
359	TOMOYO_MAC_NETWORK_UNIX_STREAM_CONNECT,
360	TOMOYO_MAC_NETWORK_UNIX_DGRAM_BIND,
361	TOMOYO_MAC_NETWORK_UNIX_DGRAM_SEND,
362	TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_BIND,
363	TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_LISTEN,
364	TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_CONNECT,
365	TOMOYO_MAC_ENVIRON,
366	TOMOYO_MAX_MAC_INDEX
367	};
368
369	/ Index numbers for category of functionality. /
370	enum tomoyo_mac_category_index {
371	TOMOYO_MAC_CATEGORY_FILE,
372	TOMOYO_MAC_CATEGORY_NETWORK,
373	TOMOYO_MAC_CATEGORY_MISC,
374	TOMOYO_MAX_MAC_CATEGORY_INDEX
375	};
376
377	/*
378	* Retry this request. Returned by tomoyo_supervisor() if policy violation has
379	* occurred in enforcing mode and the userspace daemon decided to retry.
380	*
381	* We must choose a positive value in order to distinguish "granted" (which is
382	* 0) and "rejected" (which is a negative value) and "retry".
383	*/
384	#define TOMOYO_RETRY_REQUEST 1
385
386	/ Index numbers for /sys/kernel/security/tomoyo/stat interface. /
387	enum tomoyo_policy_stat_type {
388	/ Do not change this order. /
389	TOMOYO_STAT_POLICY_UPDATES,
390	TOMOYO_STAT_POLICY_LEARNING, / == TOMOYO_CONFIG_LEARNING /
391	TOMOYO_STAT_POLICY_PERMISSIVE, / == TOMOYO_CONFIG_PERMISSIVE /
392	TOMOYO_STAT_POLICY_ENFORCING, / == TOMOYO_CONFIG_ENFORCING /
393	TOMOYO_MAX_POLICY_STAT
394	};
395
396	/ Index numbers for profile's PREFERENCE values. /
397	enum tomoyo_pref_index {
398	TOMOYO_PREF_MAX_AUDIT_LOG,
399	TOMOYO_PREF_MAX_LEARNING_ENTRY,
400	TOMOYO_MAX_PREF
401	};
402
403	/******* Structure definitions. *******/
404
405	/ Common header for holding ACL entries. /
406	struct tomoyo_acl_head {
407	struct list_head list;
408	s8 is_deleted; / true or false or TOMOYO_GC_IN_PROGRESS /
409	} __packed;
410
411	/ Common header for shared entries. /
412	struct tomoyo_shared_acl_head {
413	struct list_head list;
414	atomic_t users;
415	} __packed;
416
417	struct tomoyo_policy_namespace;
418
419	/ Structure for request info. /
420	struct tomoyo_request_info {
421	/*
422	* For holding parameters specific to operations which deal files.
423	* NULL if not dealing files.
424	*/
425	struct tomoyo_obj_info *obj;
426	/*
427	* For holding parameters specific to execve() request.
428	* NULL if not dealing execve().
429	*/
430	struct tomoyo_execve *ee;
431	struct tomoyo_domain_info *domain;
432	/ For holding parameters. /
433	union {
434	struct {
435	const struct tomoyo_path_info *filename;
436	/ For using wildcards at tomoyo_find_next_domain(). /
437	const struct tomoyo_path_info *matched_path;
438	/ One of values in "enum tomoyo_path_acl_index". /
439	u8 operation;
440	} path;
441	struct {
442	const struct tomoyo_path_info *filename1;
443	const struct tomoyo_path_info *filename2;
444	/ One of values in "enum tomoyo_path2_acl_index". /
445	u8 operation;
446	} path2;
447	struct {
448	const struct tomoyo_path_info *filename;
449	unsigned int mode;
450	unsigned int major;
451	unsigned int minor;
452	/ One of values in "enum tomoyo_mkdev_acl_index". /
453	u8 operation;
454	} mkdev;
455	struct {
456	const struct tomoyo_path_info *filename;
457	unsigned long number;
458	/*
459	* One of values in
460	* "enum tomoyo_path_number_acl_index".
461	*/
462	u8 operation;
463	} path_number;
464	struct {
465	const struct tomoyo_path_info *name;
466	} environ;
467	struct {
468	const __be32 *address;
469	u16 port;
470	/ One of values smaller than TOMOYO_SOCK_MAX. /
471	u8 protocol;
472	/ One of values in "enum tomoyo_network_acl_index". /
473	u8 operation;
474	bool is_ipv6;
475	} inet_network;
476	struct {
477	const struct tomoyo_path_info *address;
478	/ One of values smaller than TOMOYO_SOCK_MAX. /
479	u8 protocol;
480	/ One of values in "enum tomoyo_network_acl_index". /
481	u8 operation;
482	} unix_network;
483	struct {
484	const struct tomoyo_path_info *type;
485	const struct tomoyo_path_info *dir;
486	const struct tomoyo_path_info *dev;
487	unsigned long flags;
488	int need_dev;
489	} mount;
490	struct {
491	const struct tomoyo_path_info *domainname;
492	} task;
493	} param;
494	struct tomoyo_acl_info *matched_acl;
495	u8 param_type;
496	bool granted;
497	u8 retry;
498	u8 profile;
499	u8 mode; / One of tomoyo_mode_index . /
500	u8 type;
501	};
502
503	/ Structure for holding a token. /
504	struct tomoyo_path_info {
505	const char *name;
506	u32 hash; / = full_name_hash(name, strlen(name)) /
507	u16 const_len; / = tomoyo_const_part_length(name) /
508	bool is_dir; / = tomoyo_strendswith(name, "/") /
509	bool is_patterned; / = tomoyo_path_contains_pattern(name) /
510	};
511
512	/ Structure for holding string data. /
513	struct tomoyo_name {
514	struct tomoyo_shared_acl_head head;
515	struct tomoyo_path_info entry;
516	};
517
518	/ Structure for holding a word. /
519	struct tomoyo_name_union {
520	/ Either @filename or @group is NULL. /
521	const struct tomoyo_path_info *filename;
522	struct tomoyo_group *group;
523	};
524
525	/ Structure for holding a number. /
526	struct tomoyo_number_union {
527	unsigned long values[`2`];
528	struct tomoyo_group group; /* Maybe NULL. /
529	/ One of values in "enum tomoyo_value_type". /
530	u8 value_type[`2`];
531	};
532
533	/ Structure for holding an IP address. /
534	struct tomoyo_ipaddr_union {
535	struct in6_addr ip[`2`]; / Big endian. /
536	struct tomoyo_group group; /* Pointer to address group. /
537	bool is_ipv6; / Valid only if @group == NULL. /
538	};
539
540	/ Structure for "path_group"/"number_group"/"address_group" directive. /
541	struct tomoyo_group {
542	struct tomoyo_shared_acl_head head;
543	const struct tomoyo_path_info *group_name;
544	struct list_head member_list;
545	};
546
547	/ Structure for "path_group" directive. /
548	struct tomoyo_path_group {
549	struct tomoyo_acl_head head;
550	const struct tomoyo_path_info *member_name;
551	};
552
553	/ Structure for "number_group" directive. /
554	struct tomoyo_number_group {
555	struct tomoyo_acl_head head;
556	struct tomoyo_number_union number;
557	};
558
559	/ Structure for "address_group" directive. /
560	struct tomoyo_address_group {
561	struct tomoyo_acl_head head;
562	/ Structure for holding an IP address. /
563	struct tomoyo_ipaddr_union address;
564	};
565
566	/ Subset of "struct stat". Used by conditional ACL and audit logs. /
567	struct tomoyo_mini_stat {
568	kuid_t uid;
569	kgid_t gid;
570	ino_t ino;
571	umode_t mode;
572	dev_t dev;
573	dev_t rdev;
574	};
575
576	/ Structure for dumping argv[] and envp[] of "struct linux_binprm". /
577	struct tomoyo_page_dump {
578	struct page page; /* Previously dumped page. /
579	char data; /* Contents of "page". Size is PAGE_SIZE. /
580	};
581
582	/ Structure for attribute checks in addition to pathname checks. /
583	struct tomoyo_obj_info {
584	/*
585	* True if tomoyo_get_attributes() was already called, false otherwise.
586	*/
587	bool validate_done;
588	/ True if @stat[] is valid. /
589	bool stat_valid[TOMOYO_MAX_PATH_STAT];
590	/ First pathname. Initialized with { NULL, NULL } if no path. /
591	struct path path1;
592	/ Second pathname. Initialized with { NULL, NULL } if no path. /
593	struct path path2;
594	/*
595	* Information on @path1, @path1's parent directory, @path2, @path2's
596	* parent directory.
597	*/
598	struct tomoyo_mini_stat stat[TOMOYO_MAX_PATH_STAT];
599	/*
600	* Content of symbolic link to be created. NULL for operations other
601	* than symlink().
602	*/
603	struct tomoyo_path_info *symlink_target;
604	};
605
606	/ Structure for argv[]. /
607	struct tomoyo_argv {
608	unsigned long index;
609	const struct tomoyo_path_info *value;
610	bool is_not;
611	};
612
613	/ Structure for envp[]. /
614	struct tomoyo_envp {
615	const struct tomoyo_path_info *name;
616	const struct tomoyo_path_info *value;
617	bool is_not;
618	};
619
620	/ Structure for execve() operation. /
621	struct tomoyo_execve {
622	struct tomoyo_request_info r;
623	struct tomoyo_obj_info obj;
624	struct linux_binprm *bprm;
625	const struct tomoyo_path_info *transition;
626	/ For dumping argv[] and envp[]. /
627	struct tomoyo_page_dump dump;
628	/ For temporary use. /
629	char tmp; /* Size is TOMOYO_EXEC_TMPSIZE bytes /
630	};
631
632	/ Structure for entries which follows "struct tomoyo_condition". /
633	struct tomoyo_condition_element {
634	/*
635	* Left hand operand. A "struct tomoyo_argv" for TOMOYO_ARGV_ENTRY, a
636	* "struct tomoyo_envp" for TOMOYO_ENVP_ENTRY is attached to the tail
637	* of the array of this struct.
638	*/
639	u8 left;
640	/*
641	* Right hand operand. A "struct tomoyo_number_union" for
642	* TOMOYO_NUMBER_UNION, a "struct tomoyo_name_union" for
643	* TOMOYO_NAME_UNION is attached to the tail of the array of this
644	* struct.
645	*/
646	u8 right;
647	/ Equation operator. True if equals or overlaps, false otherwise. /
648	bool equals;
649	};
650
651	/ Structure for optional arguments. /
652	struct tomoyo_condition {
653	struct tomoyo_shared_acl_head head;
654	u32 size; / Memory size allocated for this entry. /
655	u16 condc; / Number of conditions in this struct. /
656	u16 numbers_count; / Number of "struct tomoyo_number_union values". /
657	u16 names_count; / Number of "struct tomoyo_name_union names". /
658	u16 argc; / Number of "struct tomoyo_argv". /
659	u16 envc; / Number of "struct tomoyo_envp". /
660	u8 grant_log; / One of values in "enum tomoyo_grant_log". /
661	const struct tomoyo_path_info transit; /* Maybe NULL. /
662	/*
663	* struct tomoyo_condition_element condition[condc];
664	* struct tomoyo_number_union values[numbers_count];
665	* struct tomoyo_name_union names[names_count];
666	* struct tomoyo_argv argv[argc];
667	* struct tomoyo_envp envp[envc];
668	*/
669	};
670
671	/ Common header for individual entries. /
672	struct tomoyo_acl_info {
673	struct list_head list;
674	struct tomoyo_condition cond; /* Maybe NULL. /
675	s8 is_deleted; / true or false or TOMOYO_GC_IN_PROGRESS /
676	u8 type; / One of values in "enum tomoyo_acl_entry_type_index". /
677	} __packed;
678
679	/ Structure for domain information. /
680	struct tomoyo_domain_info {
681	struct list_head list;
682	struct list_head acl_info_list;
683	/ Name of this domain. Never NULL. /
684	const struct tomoyo_path_info *domainname;
685	/ Namespace for this domain. Never NULL. /
686	struct tomoyo_policy_namespace *ns;
687	/ Group numbers to use. /
688	unsigned long group[TOMOYO_MAX_ACL_GROUPS / BITS_PER_LONG];
689	u8 profile; / Profile number to use. /
690	bool is_deleted; / Delete flag. /
691	bool flags[TOMOYO_MAX_DOMAIN_INFO_FLAGS];
692	atomic_t users; / Number of referring tasks. /
693	};
694
695	/*
696	* Structure for "task manual_domain_transition" directive.
697	*/
698	struct tomoyo_task_acl {
699	struct tomoyo_acl_info head; / type = TOMOYO_TYPE_MANUAL_TASK_ACL /
700	/ Pointer to domainname. /
701	const struct tomoyo_path_info *domainname;
702	};
703
704	/*
705	* Structure for "file execute", "file read", "file write", "file append",
706	* "file unlink", "file getattr", "file rmdir", "file truncate",
707	* "file symlink", "file chroot" and "file unmount" directive.
708	*/
709	struct tomoyo_path_acl {
710	struct tomoyo_acl_info head; / type = TOMOYO_TYPE_PATH_ACL /
711	u16 perm; / Bitmask of values in "enum tomoyo_path_acl_index". /
712	struct tomoyo_name_union name;
713	};
714
715	/*
716	* Structure for "file create", "file mkdir", "file mkfifo", "file mksock",
717	* "file ioctl", "file chmod", "file chown" and "file chgrp" directive.
718	*/
719	struct tomoyo_path_number_acl {
720	struct tomoyo_acl_info head; / type = TOMOYO_TYPE_PATH_NUMBER_ACL /
721	/ Bitmask of values in "enum tomoyo_path_number_acl_index". /
722	u8 perm;
723	struct tomoyo_name_union name;
724	struct tomoyo_number_union number;
725	};
726
727	/ Structure for "file mkblock" and "file mkchar" directive. /
728	struct tomoyo_mkdev_acl {
729	struct tomoyo_acl_info head; / type = TOMOYO_TYPE_MKDEV_ACL /
730	u8 perm; / Bitmask of values in "enum tomoyo_mkdev_acl_index". /
731	struct tomoyo_name_union name;
732	struct tomoyo_number_union mode;
733	struct tomoyo_number_union major;
734	struct tomoyo_number_union minor;
735	};
736
737	/*
738	* Structure for "file rename", "file link" and "file pivot_root" directive.
739	*/
740	struct tomoyo_path2_acl {
741	struct tomoyo_acl_info head; / type = TOMOYO_TYPE_PATH2_ACL /
742	u8 perm; / Bitmask of values in "enum tomoyo_path2_acl_index". /
743	struct tomoyo_name_union name1;
744	struct tomoyo_name_union name2;
745	};
746
747	/ Structure for "file mount" directive. /
748	struct tomoyo_mount_acl {
749	struct tomoyo_acl_info head; / type = TOMOYO_TYPE_MOUNT_ACL /
750	struct tomoyo_name_union dev_name;
751	struct tomoyo_name_union dir_name;
752	struct tomoyo_name_union fs_type;
753	struct tomoyo_number_union flags;
754	};
755
756	/ Structure for "misc env" directive in domain policy. /
757	struct tomoyo_env_acl {
758	struct tomoyo_acl_info head; / type = TOMOYO_TYPE_ENV_ACL /
759	const struct tomoyo_path_info env; /* environment variable /
760	};
761
762	/ Structure for "network inet" directive. /
763	struct tomoyo_inet_acl {
764	struct tomoyo_acl_info head; / type = TOMOYO_TYPE_INET_ACL /
765	u8 protocol;
766	u8 perm; / Bitmask of values in "enum tomoyo_network_acl_index" /
767	struct tomoyo_ipaddr_union address;
768	struct tomoyo_number_union port;
769	};
770
771	/ Structure for "network unix" directive. /
772	struct tomoyo_unix_acl {
773	struct tomoyo_acl_info head; / type = TOMOYO_TYPE_UNIX_ACL /
774	u8 protocol;
775	u8 perm; / Bitmask of values in "enum tomoyo_network_acl_index" /
776	struct tomoyo_name_union name;
777	};
778
779	/ Structure for holding a line from /sys/kernel/security/tomoyo/ interface. /
780	struct tomoyo_acl_param {
781	char *data;
782	struct list_head *list;
783	struct tomoyo_policy_namespace *ns;
784	bool is_delete;
785	};
786
787	#define TOMOYO_MAX_IO_READ_QUEUE 64
788
789	/*
790	* Structure for reading/writing policy via /sys/kernel/security/tomoyo
791	* interfaces.
792	*/
793	struct tomoyo_io_buffer {
794	void (read)(struct* tomoyo_io_buffer *head);
795	int (write)(struct* tomoyo_io_buffer *head);
796	__poll_t (poll)(struct* file file, poll_table wait);
797	/ Exclusive lock for this structure. /
798	struct mutex io_sem;
799	char __user *read_user_buf;
800	size_t read_user_buf_avail;
801	struct {
802	struct list_head *ns;
803	struct list_head *domain;
804	struct list_head *group;
805	struct list_head *acl;
806	size_t avail;
807	unsigned int step;
808	unsigned int query_index;
809	u16 index;
810	u16 cond_index;
811	u8 acl_group_index;
812	u8 cond_step;
813	u8 bit;
814	u8 w_pos;
815	bool eof;
816	bool print_this_domain_only;
817	bool print_transition_related_only;
818	bool print_cond_part;
819	const char *w[TOMOYO_MAX_IO_READ_QUEUE];
820	} r;
821	struct {
822	struct tomoyo_policy_namespace *ns;
823	/ The position currently writing to. /
824	struct tomoyo_domain_info *domain;
825	/ Bytes available for writing. /
826	size_t avail;
827	bool is_delete;
828	} w;
829	/ Buffer for reading. /
830	char *read_buf;
831	/ Size of read buffer. /
832	size_t readbuf_size;
833	/ Buffer for writing. /
834	char *write_buf;
835	/ Size of write buffer. /
836	size_t writebuf_size;
837	/ Type of this interface. /
838	enum tomoyo_securityfs_interface_index type;
839	/ Users counter protected by tomoyo_io_buffer_list_lock. /
840	u8 users;
841	/ List for telling GC not to kfree() elements. /
842	struct list_head list;
843	};
844
845	/*
846	* Structure for "initialize_domain"/"no_initialize_domain"/"keep_domain"/
847	* "no_keep_domain" keyword.
848	*/
849	struct tomoyo_transition_control {
850	struct tomoyo_acl_head head;
851	u8 type; / One of values in "enum tomoyo_transition_type". /
852	/ True if the domainname is tomoyo_get_last_name(). /
853	bool is_last_name;
854	const struct tomoyo_path_info domainname; /* Maybe NULL /
855	const struct tomoyo_path_info program; /* Maybe NULL /
856	};
857
858	/ Structure for "aggregator" keyword. /
859	struct tomoyo_aggregator {
860	struct tomoyo_acl_head head;
861	const struct tomoyo_path_info *original_name;
862	const struct tomoyo_path_info *aggregated_name;
863	};
864
865	/ Structure for policy manager. /
866	struct tomoyo_manager {
867	struct tomoyo_acl_head head;
868	/ A path to program or a domainname. /
869	const struct tomoyo_path_info *manager;
870	};
871
872	struct tomoyo_preference {
873	unsigned int learning_max_entry;
874	bool enforcing_verbose;
875	bool learning_verbose;
876	bool permissive_verbose;
877	};
878
879	/ Structure for /sys/kernel/security/tomnoyo/profile interface. /
880	struct tomoyo_profile {
881	const struct tomoyo_path_info *comment;
882	struct tomoyo_preference *learning;
883	struct tomoyo_preference *permissive;
884	struct tomoyo_preference *enforcing;
885	struct tomoyo_preference preference;
886	u8 default_config;
887	u8 config[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAX_MAC_CATEGORY_INDEX];
888	unsigned int pref[TOMOYO_MAX_PREF];
889	};
890
891	/ Structure for representing YYYY/MM/DD hh/mm/ss. /
892	struct tomoyo_time {
893	u16 year;
894	u8 month;
895	u8 day;
896	u8 hour;
897	u8 min;
898	u8 sec;
899	};
900
901	/ Structure for policy namespace. /
902	struct tomoyo_policy_namespace {
903	/ Profile table. Memory is allocated as needed. /
904	struct tomoyo_profile *profile_ptr[TOMOYO_MAX_PROFILES];
905	/ List of "struct tomoyo_group". /
906	struct list_head group_list[TOMOYO_MAX_GROUP];
907	/ List of policy. /
908	struct list_head policy_list[TOMOYO_MAX_POLICY];
909	/ The global ACL referred by "use_group" keyword. /
910	struct list_head acl_group[TOMOYO_MAX_ACL_GROUPS];
911	/ List for connecting to tomoyo_namespace_list list. /
912	struct list_head namespace_list;
913	/ Profile version. Currently only 20150505 is defined. /
914	unsigned int profile_version;
915	/ Name of this namespace (e.g. "<kernel>", "</usr/sbin/httpd>" ). /
916	const char *name;
917	};
918
919	/ Structure for "struct task_struct"->security. /
920	struct tomoyo_task {
921	struct tomoyo_domain_info *domain_info;
922	struct tomoyo_domain_info *old_domain_info;
923	};
924
925	/******* Function prototypes. *******/
926
927	bool tomoyo_address_matches_group(const bool is_ipv6, const __be32 *address,
928	const struct tomoyo_group *group);
929	bool tomoyo_compare_number_union(const unsigned long value,
930	const struct tomoyo_number_union *ptr);
931	bool tomoyo_condition(struct tomoyo_request_info *r,
932	const struct tomoyo_condition *cond);
933	bool tomoyo_correct_domain(const unsigned char *domainname);
934	bool tomoyo_correct_path(const char *filename);
935	bool tomoyo_correct_word(const char *string);
936	bool tomoyo_domain_def(const unsigned char *buffer);
937	bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
938	bool tomoyo_dump_page(struct linux_binprm bprm, unsigned* long pos,
939	struct tomoyo_page_dump *dump);
940	bool tomoyo_memory_ok(void *ptr);
941	bool tomoyo_number_matches_group(const unsigned long min,
942	const unsigned long max,
943	const struct tomoyo_group *group);
944	bool tomoyo_parse_ipaddr_union(struct tomoyo_acl_param *param,
945	struct tomoyo_ipaddr_union *ptr);
946	bool tomoyo_parse_name_union(struct tomoyo_acl_param *param,
947	struct tomoyo_name_union *ptr);
948	bool tomoyo_parse_number_union(struct tomoyo_acl_param *param,
949	struct tomoyo_number_union *ptr);
950	bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
951	const struct tomoyo_path_info *pattern);
952	bool tomoyo_permstr(const char string, const* char *keyword);
953	bool tomoyo_str_starts(char *src, const* char *find);
954	char tomoyo_encode(const* char *str);
955	char tomoyo_encode2(const* char str, int* str_len);
956	char tomoyo_init_log(struct* tomoyo_request_info r, int* len, const char *fmt,
957	va_list args) __printf(`3`, `0`);
958	char tomoyo_read_token(struct* tomoyo_acl_param *param);
959	char tomoyo_realpath_from_path(const* struct path *path);
960	char tomoyo_realpath_nofollow(const* char *pathname);
961	const char tomoyo_get_exe(void*);
962	const struct tomoyo_path_info *tomoyo_compare_name_union
963	(const struct tomoyo_path_info name, const* struct tomoyo_name_union *ptr);
964	const struct tomoyo_path_info *tomoyo_get_domainname
965	(struct tomoyo_acl_param *param);
966	const struct tomoyo_path_info tomoyo_get_name(const* char *name);
967	const struct tomoyo_path_info *tomoyo_path_matches_group
968	(const struct tomoyo_path_info pathname, const* struct tomoyo_group *group);
969	int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
970	const struct path path, const* int flag);
971	void tomoyo_close_control(struct tomoyo_io_buffer *head);
972	int tomoyo_env_perm(struct tomoyo_request_info r, const* char *env);
973	int tomoyo_execute_permission(struct tomoyo_request_info *r,
974	const struct tomoyo_path_info *filename);
975	int tomoyo_find_next_domain(struct linux_binprm *bprm);
976	int tomoyo_get_mode(const struct tomoyo_policy_namespace ns, const* u8 profile,
977	const u8 index);
978	int tomoyo_init_request_info(struct tomoyo_request_info *r,
979	struct tomoyo_domain_info *domain,
980	const u8 index);
981	int tomoyo_mkdev_perm(const u8 operation, const struct path *path,
982	const unsigned int mode, unsigned int dev);
983	int tomoyo_mount_permission(const char dev_name, const* struct path *path,
984	const char type, unsigned* long flags,
985	void *data_page);
986	int tomoyo_open_control(const u8 type, struct file *file);
987	int tomoyo_path2_perm(const u8 operation, const struct path *path1,
988	const struct path *path2);
989	int tomoyo_path_number_perm(const u8 operation, const struct path *path,
990	unsigned long number);
991	int tomoyo_path_perm(const u8 operation, const struct path *path,
992	const char *target);
993	__poll_t tomoyo_poll_control(struct file file, poll_table wait);
994	__poll_t tomoyo_poll_log(struct file file, poll_table wait);
995	int tomoyo_socket_bind_permission(struct socket sock, struct* sockaddr *addr,
996	int addr_len);
997	int tomoyo_socket_connect_permission(struct socket *sock,
998	struct sockaddr addr, int* addr_len);
999	int tomoyo_socket_listen_permission(struct socket *sock);
1000	int tomoyo_socket_sendmsg_permission(struct socket sock, struct* msghdr *msg,
1001	int size);
1002	int tomoyo_supervisor(struct tomoyo_request_info r, const* char *fmt, ...)
1003	__printf(`2`, `3`);
1004	int tomoyo_update_domain(struct tomoyo_acl_info new_entry, const* int size,
1005	struct tomoyo_acl_param *param,
1006	bool (*check_duplicate)
1007	(const struct tomoyo_acl_info *,
1008	const struct tomoyo_acl_info *),
1009	bool (*merge_duplicate)
1010	(struct tomoyo_acl_info , struct* tomoyo_acl_info *,
1011	const bool));
1012	int tomoyo_update_policy(struct tomoyo_acl_head new_entry, const* int size,
1013	struct tomoyo_acl_param *param,
1014	bool (*check_duplicate)
1015	(const struct tomoyo_acl_head *,
1016	const struct tomoyo_acl_head *));
1017	int tomoyo_write_aggregator(struct tomoyo_acl_param *param);
1018	int tomoyo_write_file(struct tomoyo_acl_param *param);
1019	int tomoyo_write_group(struct tomoyo_acl_param param, const* u8 type);
1020	int tomoyo_write_misc(struct tomoyo_acl_param *param);
1021	int tomoyo_write_inet_network(struct tomoyo_acl_param *param);
1022	int tomoyo_write_transition_control(struct tomoyo_acl_param *param,
1023	const u8 type);
1024	int tomoyo_write_unix_network(struct tomoyo_acl_param *param);
1025	ssize_t tomoyo_read_control(struct tomoyo_io_buffer head, char* __user *buffer,
1026	const int buffer_len);
1027	ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
1028	const char __user buffer, const* int buffer_len);
1029	struct tomoyo_condition tomoyo_get_condition(struct* tomoyo_acl_param *param);
1030	struct tomoyo_domain_info tomoyo_assign_domain(const* char *domainname,
1031	const bool transit);
1032	struct tomoyo_domain_info tomoyo_domain(void*);
1033	struct tomoyo_domain_info tomoyo_find_domain(const* char *domainname);
1034	struct tomoyo_group tomoyo_get_group(struct* tomoyo_acl_param *param,
1035	const u8 idx);
1036	struct tomoyo_policy_namespace *tomoyo_assign_namespace
1037	(const char *domainname);
1038	struct tomoyo_profile tomoyo_profile(const* struct tomoyo_policy_namespace *ns,
1039	const u8 profile);
1040	u8 tomoyo_parse_ulong(unsigned long result, char* **str);
1041	void tomoyo_commit_ok(void* data, const* unsigned int size);
1042	void __init tomoyo_load_builtin_policy(void);
1043	void __init tomoyo_mm_init(void);
1044	void tomoyo_check_acl(struct tomoyo_request_info *r,
1045	bool (check_entry)(struct* tomoyo_request_info *,
1046	const struct tomoyo_acl_info *));
1047	void tomoyo_check_profile(void);
1048	void tomoyo_convert_time(time64_t time, struct tomoyo_time *stamp);
1049	void tomoyo_del_condition(struct list_head *element);
1050	void tomoyo_fill_path_info(struct tomoyo_path_info *ptr);
1051	void tomoyo_get_attributes(struct tomoyo_obj_info *obj);
1052	void tomoyo_init_policy_namespace(struct tomoyo_policy_namespace *ns);
1053	void tomoyo_load_policy(const char *filename);
1054	void tomoyo_normalize_line(unsigned char *buffer);
1055	void tomoyo_notify_gc(struct tomoyo_io_buffer head, const* bool is_register);
1056	void tomoyo_print_ip(char buf, const* unsigned int size,
1057	const struct tomoyo_ipaddr_union *ptr);
1058	void tomoyo_print_ulong(char buffer, const* int buffer_len,
1059	const unsigned long value, const u8 type);
1060	void tomoyo_put_name_union(struct tomoyo_name_union *ptr);
1061	void tomoyo_put_number_union(struct tomoyo_number_union *ptr);
1062	void tomoyo_read_log(struct tomoyo_io_buffer *head);
1063	void tomoyo_update_stat(const u8 index);
1064	void tomoyo_warn_oom(const char *function);
1065	void tomoyo_write_log(struct tomoyo_request_info r, const* char *fmt, ...)
1066	__printf(`2`, `3`);
1067	void tomoyo_write_log2(struct tomoyo_request_info r, int* len, const char *fmt,
1068	va_list args) __printf(`3`, `0`);
1069
1070	/******* External variable definitions. *******/
1071
1072	extern bool tomoyo_policy_loaded;
1073	extern int tomoyo_enabled;
1074	extern const char * const tomoyo_condition_keyword
1075	[TOMOYO_MAX_CONDITION_KEYWORD];
1076	extern const char * const tomoyo_dif[TOMOYO_MAX_DOMAIN_INFO_FLAGS];
1077	extern const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
1078	+ TOMOYO_MAX_MAC_CATEGORY_INDEX];
1079	extern const char * const tomoyo_mode[TOMOYO_CONFIG_MAX_MODE];
1080	extern const char * const tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION];
1081	extern const char * const tomoyo_proto_keyword[TOMOYO_SOCK_MAX];
1082	extern const char * const tomoyo_socket_keyword[TOMOYO_MAX_NETWORK_OPERATION];
1083	extern const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX];
1084	extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION];
1085	extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION];
1086	extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION];
1087	extern struct list_head tomoyo_condition_list;
1088	extern struct list_head tomoyo_domain_list;
1089	extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
1090	extern struct list_head tomoyo_namespace_list;
1091	extern struct mutex tomoyo_policy_lock;
1092	extern struct srcu_struct tomoyo_ss;
1093	extern struct tomoyo_domain_info tomoyo_kernel_domain;
1094	extern struct tomoyo_policy_namespace tomoyo_kernel_namespace;
1095	extern unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT];
1096	extern unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT];
1097	extern struct lsm_blob_sizes tomoyo_blob_sizes;
1098
1099	/******* Inlined functions. *******/
1100
1101	/**
1102	* tomoyo_read_lock - Take lock for protecting policy.
1103	*
1104	* Returns index number for tomoyo_read_unlock().
1105	*/
1106	static inline int tomoyo_read_lock(void)
1107	{
1108	return srcu_read_lock(ssp: &tomoyo_ss);
1109	}
1110
1111	/**
1112	* tomoyo_read_unlock - Release lock for protecting policy.
1113	*
1114	* @idx: Index number returned by tomoyo_read_lock().
1115	*
1116	* Returns nothing.
1117	*/
1118	static inline void tomoyo_read_unlock(int idx)
1119	{
1120	srcu_read_unlock(ssp: &tomoyo_ss, idx);
1121	}
1122
1123	/**
1124	* tomoyo_sys_getppid - Copy of getppid().
1125	*
1126	* Returns parent process's PID.
1127	*
1128	* Alpha does not have getppid() defined. To be able to build this module on
1129	* Alpha, I have to copy getppid() from kernel/timer.c.
1130	*/
1131	static inline pid_t tomoyo_sys_getppid(void)
1132	{
1133	pid_t pid;
1134
1135	rcu_read_lock();
1136	pid = task_tgid_vnr(rcu_dereference(current->real_parent));
1137	rcu_read_unlock();
1138	return pid;
1139	}
1140
1141	/**
1142	* tomoyo_sys_getpid - Copy of getpid().
1143	*
1144	* Returns current thread's PID.
1145	*
1146	* Alpha does not have getpid() defined. To be able to build this module on
1147	* Alpha, I have to copy getpid() from kernel/timer.c.
1148	*/
1149	static inline pid_t tomoyo_sys_getpid(void)
1150	{
1151	return task_tgid_vnr(current);
1152	}
1153
1154	/**
1155	* tomoyo_pathcmp - strcmp() for "struct tomoyo_path_info" structure.
1156	*
1157	* @a: Pointer to "struct tomoyo_path_info".
1158	* @b: Pointer to "struct tomoyo_path_info".
1159	*
1160	* Returns true if @a == @b, false otherwise.
1161	*/
1162	static inline bool tomoyo_pathcmp(const struct tomoyo_path_info *a,
1163	const struct tomoyo_path_info *b)
1164	{
1165	return a->hash != b->hash \|\| strcmp(a->name, b->name);
1166	}
1167
1168	/**
1169	* tomoyo_put_name - Drop reference on "struct tomoyo_name".
1170	*
1171	* @name: Pointer to "struct tomoyo_path_info". Maybe NULL.
1172	*
1173	* Returns nothing.
1174	*/
1175	static inline void tomoyo_put_name(const struct tomoyo_path_info *name)
1176	{
1177	if (name) {
1178	struct tomoyo_name *ptr =
1179	container_of(name, typeof(*ptr), entry);
1180	atomic_dec(v: &ptr->head.users);
1181	}
1182	}
1183
1184	/**
1185	* tomoyo_put_condition - Drop reference on "struct tomoyo_condition".
1186	*
1187	* @cond: Pointer to "struct tomoyo_condition". Maybe NULL.
1188	*
1189	* Returns nothing.
1190	*/
1191	static inline void tomoyo_put_condition(struct tomoyo_condition *cond)
1192	{
1193	if (cond)
1194	atomic_dec(v: &cond->head.users);
1195	}
1196
1197	/**
1198	* tomoyo_put_group - Drop reference on "struct tomoyo_group".
1199	*
1200	* @group: Pointer to "struct tomoyo_group". Maybe NULL.
1201	*
1202	* Returns nothing.
1203	*/
1204	static inline void tomoyo_put_group(struct tomoyo_group *group)
1205	{
1206	if (group)
1207	atomic_dec(v: &group->head.users);
1208	}
1209
1210	/**
1211	* tomoyo_task - Get "struct tomoyo_task" for specified thread.
1212	*
1213	* @task - Pointer to "struct task_struct".
1214	*
1215	* Returns pointer to "struct tomoyo_task" for specified thread.
1216	*/
1217	static inline struct tomoyo_task tomoyo_task(struct* task_struct *task)
1218	{
1219	return task->security + tomoyo_blob_sizes.lbs_task;
1220	}
1221
1222	/**
1223	* tomoyo_same_name_union - Check for duplicated "struct tomoyo_name_union" entry.
1224	*
1225	* @a: Pointer to "struct tomoyo_name_union".
1226	* @b: Pointer to "struct tomoyo_name_union".
1227	*
1228	* Returns true if @a == @b, false otherwise.
1229	*/
1230	static inline bool tomoyo_same_name_union
1231	(const struct tomoyo_name_union a, const* struct tomoyo_name_union *b)
1232	{
1233	return a->filename == b->filename && a->group == b->group;
1234	}
1235
1236	/**
1237	* tomoyo_same_number_union - Check for duplicated "struct tomoyo_number_union" entry.
1238	*
1239	* @a: Pointer to "struct tomoyo_number_union".
1240	* @b: Pointer to "struct tomoyo_number_union".
1241	*
1242	* Returns true if @a == @b, false otherwise.
1243	*/
1244	static inline bool tomoyo_same_number_union
1245	(const struct tomoyo_number_union a, const* struct tomoyo_number_union *b)
1246	{
1247	return a->values[`0`] == b->values[`0`] && a->values[`1`] == b->values[`1`] &&
1248	a->group == b->group && a->value_type[`0`] == b->value_type[`0`] &&
1249	a->value_type[`1`] == b->value_type[`1`];
1250	}
1251
1252	/**
1253	* tomoyo_same_ipaddr_union - Check for duplicated "struct tomoyo_ipaddr_union" entry.
1254	*
1255	* @a: Pointer to "struct tomoyo_ipaddr_union".
1256	* @b: Pointer to "struct tomoyo_ipaddr_union".
1257	*
1258	* Returns true if @a == @b, false otherwise.
1259	*/
1260	static inline bool tomoyo_same_ipaddr_union
1261	(const struct tomoyo_ipaddr_union a, const* struct tomoyo_ipaddr_union *b)
1262	{
1263	return !memcmp(p: a->ip, q: b->ip, size: sizeof(a->ip)) && a->group == b->group &&
1264	a->is_ipv6 == b->is_ipv6;
1265	}
1266
1267	/**
1268	* tomoyo_current_namespace - Get "struct tomoyo_policy_namespace" for current thread.
1269	*
1270	* Returns pointer to "struct tomoyo_policy_namespace" for current thread.
1271	*/
1272	static inline struct tomoyo_policy_namespace tomoyo_current_namespace(void*)
1273	{
1274	return tomoyo_domain()->ns;
1275	}
1276
1277	/**
1278	* list_for_each_cookie - iterate over a list with cookie.
1279	* @pos: the &struct list_head to use as a loop cursor.
1280	* @head: the head for your list.
1281	*/
1282	#define list_for_each_cookie(pos, head) \
1283	if (!pos) \
1284	pos = srcu_dereference((head)->next, &tomoyo_ss); \
1285	for ( ; pos != (head); pos = srcu_dereference(pos->next, &tomoyo_ss))
1286
1287	#endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */
1288

source code of linux/security/tomoyo/common.h