Linux Audio

Check our new training course

Yocto distribution development and maintenance

Need a Yocto distribution for your embedded project?
Loading...
v5.9
  1// SPDX-License-Identifier: GPL-2.0
  2/*
  3 * security/tomoyo/load_policy.c
  4 *
  5 * Copyright (C) 2005-2011  NTT DATA CORPORATION
  6 */
  7
  8#include "common.h"
  9
 10#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
 11
 12/*
 13 * Path to the policy loader. (default = CONFIG_SECURITY_TOMOYO_POLICY_LOADER)
 14 */
 15static const char *tomoyo_loader;
 16
 17/**
 18 * tomoyo_loader_setup - Set policy loader.
 19 *
 20 * @str: Program to use as a policy loader (e.g. /sbin/tomoyo-init ).
 21 *
 22 * Returns 0.
 23 */
 24static int __init tomoyo_loader_setup(char *str)
 25{
 26	tomoyo_loader = str;
 27	return 0;
 28}
 29
 30__setup("TOMOYO_loader=", tomoyo_loader_setup);
 31
 32/**
 33 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
 34 *
 35 * Returns true if /sbin/tomoyo-init exists, false otherwise.
 36 */
 37static bool tomoyo_policy_loader_exists(void)
 38{
 39	struct path path;
 40
 41	if (!tomoyo_loader)
 42		tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER;
 43	if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
 44		pr_info("Not activating Mandatory Access Control as %s does not exist.\n",
 45			tomoyo_loader);
 46		return false;
 47	}
 48	path_put(&path);
 49	return true;
 50}
 51
 52/*
 53 * Path to the trigger. (default = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER)
 54 */
 55static const char *tomoyo_trigger;
 56
 57/**
 58 * tomoyo_trigger_setup - Set trigger for activation.
 59 *
 60 * @str: Program to use as an activation trigger (e.g. /sbin/init ).
 61 *
 62 * Returns 0.
 63 */
 64static int __init tomoyo_trigger_setup(char *str)
 65{
 66	tomoyo_trigger = str;
 67	return 0;
 68}
 69
 70__setup("TOMOYO_trigger=", tomoyo_trigger_setup);
 71
 72/**
 73 * tomoyo_load_policy - Run external policy loader to load policy.
 74 *
 75 * @filename: The program about to start.
 76 *
 77 * This function checks whether @filename is /sbin/init , and if so
 78 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
 79 * and then continues invocation of /sbin/init.
 80 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
 81 * writes to /sys/kernel/security/tomoyo/ interfaces.
 82 *
 83 * Returns nothing.
 84 */
 85void tomoyo_load_policy(const char *filename)
 86{
 87	static bool done;
 88	char *argv[2];
 89	char *envp[3];
 90
 91	if (tomoyo_policy_loaded || done)
 92		return;
 93	if (!tomoyo_trigger)
 94		tomoyo_trigger = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER;
 95	if (strcmp(filename, tomoyo_trigger))
 96		return;
 97	if (!tomoyo_policy_loader_exists())
 98		return;
 99	done = true;
100	pr_info("Calling %s to load policy. Please wait.\n", tomoyo_loader);
101	argv[0] = (char *) tomoyo_loader;
102	argv[1] = NULL;
103	envp[0] = "HOME=/";
104	envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
105	envp[2] = NULL;
106	call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
107	tomoyo_check_profile();
108}
109
110#endif
v5.4
  1// SPDX-License-Identifier: GPL-2.0
  2/*
  3 * security/tomoyo/load_policy.c
  4 *
  5 * Copyright (C) 2005-2011  NTT DATA CORPORATION
  6 */
  7
  8#include "common.h"
  9
 10#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
 11
 12/*
 13 * Path to the policy loader. (default = CONFIG_SECURITY_TOMOYO_POLICY_LOADER)
 14 */
 15static const char *tomoyo_loader;
 16
 17/**
 18 * tomoyo_loader_setup - Set policy loader.
 19 *
 20 * @str: Program to use as a policy loader (e.g. /sbin/tomoyo-init ).
 21 *
 22 * Returns 0.
 23 */
 24static int __init tomoyo_loader_setup(char *str)
 25{
 26	tomoyo_loader = str;
 27	return 0;
 28}
 29
 30__setup("TOMOYO_loader=", tomoyo_loader_setup);
 31
 32/**
 33 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
 34 *
 35 * Returns true if /sbin/tomoyo-init exists, false otherwise.
 36 */
 37static bool tomoyo_policy_loader_exists(void)
 38{
 39	struct path path;
 40
 41	if (!tomoyo_loader)
 42		tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER;
 43	if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
 44		pr_info("Not activating Mandatory Access Control as %s does not exist.\n",
 45			tomoyo_loader);
 46		return false;
 47	}
 48	path_put(&path);
 49	return true;
 50}
 51
 52/*
 53 * Path to the trigger. (default = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER)
 54 */
 55static const char *tomoyo_trigger;
 56
 57/**
 58 * tomoyo_trigger_setup - Set trigger for activation.
 59 *
 60 * @str: Program to use as an activation trigger (e.g. /sbin/init ).
 61 *
 62 * Returns 0.
 63 */
 64static int __init tomoyo_trigger_setup(char *str)
 65{
 66	tomoyo_trigger = str;
 67	return 0;
 68}
 69
 70__setup("TOMOYO_trigger=", tomoyo_trigger_setup);
 71
 72/**
 73 * tomoyo_load_policy - Run external policy loader to load policy.
 74 *
 75 * @filename: The program about to start.
 76 *
 77 * This function checks whether @filename is /sbin/init , and if so
 78 * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
 79 * and then continues invocation of /sbin/init.
 80 * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
 81 * writes to /sys/kernel/security/tomoyo/ interfaces.
 82 *
 83 * Returns nothing.
 84 */
 85void tomoyo_load_policy(const char *filename)
 86{
 87	static bool done;
 88	char *argv[2];
 89	char *envp[3];
 90
 91	if (tomoyo_policy_loaded || done)
 92		return;
 93	if (!tomoyo_trigger)
 94		tomoyo_trigger = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER;
 95	if (strcmp(filename, tomoyo_trigger))
 96		return;
 97	if (!tomoyo_policy_loader_exists())
 98		return;
 99	done = true;
100	pr_info("Calling %s to load policy. Please wait.\n", tomoyo_loader);
101	argv[0] = (char *) tomoyo_loader;
102	argv[1] = NULL;
103	envp[0] = "HOME=/";
104	envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
105	envp[2] = NULL;
106	call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
107	tomoyo_check_profile();
108}
109
110#endif