load_policy.c source code [linux/security/tomoyo/load_policy.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* security/tomoyo/load_policy.c
4	*
5	* Copyright (C) 2005-2011 NTT DATA CORPORATION
6	*/
7
8	#include "common.h"
9
10	#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
11
12	/*
13	* Path to the policy loader. (default = CONFIG_SECURITY_TOMOYO_POLICY_LOADER)
14	*/
15	static const char *tomoyo_loader;
16
17	/**
18	* tomoyo_loader_setup - Set policy loader.
19	*
20	* @str: Program to use as a policy loader (e.g. /sbin/tomoyo-init ).
21	*
22	* Returns 0.
23	*/
24	static int __init tomoyo_loader_setup(char *str)
25	{
26	tomoyo_loader = str;
27	return `1`;
28	}
29
30	__setup("TOMOYO_loader=", tomoyo_loader_setup);
31
32	/**
33	* tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
34	*
35	* Returns true if /sbin/tomoyo-init exists, false otherwise.
36	*/
37	static bool tomoyo_policy_loader_exists(void)
38	{
39	struct path path;
40
41	if (!tomoyo_loader)
42	tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER;
43	if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
44	pr_info("Not activating Mandatory Access Control as %s does not exist.\n",
45	tomoyo_loader);
46	return false;
47	}
48	path_put(&path);
49	return true;
50	}
51
52	/*
53	* Path to the trigger. (default = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER)
54	*/
55	static const char *tomoyo_trigger;
56
57	/**
58	* tomoyo_trigger_setup - Set trigger for activation.
59	*
60	* @str: Program to use as an activation trigger (e.g. /sbin/init ).
61	*
62	* Returns 0.
63	*/
64	static int __init tomoyo_trigger_setup(char *str)
65	{
66	tomoyo_trigger = str;
67	return `1`;
68	}
69
70	__setup("TOMOYO_trigger=", tomoyo_trigger_setup);
71
72	/**
73	* tomoyo_load_policy - Run external policy loader to load policy.
74	*
75	* @filename: The program about to start.
76	*
77	* This function checks whether @filename is /sbin/init , and if so
78	* invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
79	* and then continues invocation of /sbin/init.
80	* /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
81	* writes to /sys/kernel/security/tomoyo/ interfaces.
82	*
83	* Returns nothing.
84	*/
85	void tomoyo_load_policy(const char *filename)
86	{
87	static bool done;
88	char *argv[`2`];
89	char *envp[`3`];
90
91	if (tomoyo_policy_loaded \|\| done)
92	return;
93	if (!tomoyo_trigger)
94	tomoyo_trigger = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER;
95	if (strcmp(filename, tomoyo_trigger))
96	return;
97	if (!tomoyo_policy_loader_exists())
98	return;
99	done = true;
100	pr_info("Calling %s to load policy. Please wait.\n", tomoyo_loader);
101	argv[`0`] = (char *) tomoyo_loader;
102	argv[`1`] = NULL;
103	envp[`0`] = "HOME=/";
104	envp[`1`] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
105	envp[`2`] = NULL;
106	call_usermodehelper(argv[`0`], argv, envp, UMH_WAIT_PROC);
107	tomoyo_check_profile();
108	}
109
110	#endif
111

source code of linux/security/tomoyo/load_policy.c