summaryrefslogtreecommitdiffstats
path: root/security/tomoyo/util.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/util.c')
-rw-r--r--security/tomoyo/util.c92
1 files changed, 70 insertions, 22 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index 592b76a2bce8..307793ed6075 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -792,25 +792,67 @@ const char *tomoyo_get_exe(void)
}
/**
+ * tomoyo_get_mode - Get MAC mode.
+ *
+ * @profile: Profile number.
+ * @index: Index number of functionality.
+ *
+ * Returns mode.
+ */
+int tomoyo_get_mode(const u8 profile, const u8 index)
+{
+ u8 mode;
+ const u8 category = TOMOYO_MAC_CATEGORY_FILE;
+ if (!tomoyo_policy_loaded)
+ return TOMOYO_CONFIG_DISABLED;
+ mode = tomoyo_profile(profile)->config[index];
+ if (mode == TOMOYO_CONFIG_USE_DEFAULT)
+ mode = tomoyo_profile(profile)->config[category];
+ if (mode == TOMOYO_CONFIG_USE_DEFAULT)
+ mode = tomoyo_profile(profile)->default_config;
+ return mode & 3;
+}
+
+/**
* tomoyo_init_request_info - Initialize "struct tomoyo_request_info" members.
*
* @r: Pointer to "struct tomoyo_request_info" to initialize.
* @domain: Pointer to "struct tomoyo_domain_info". NULL for tomoyo_domain().
+ * @index: Index number of functionality.
*
* Returns mode.
*/
int tomoyo_init_request_info(struct tomoyo_request_info *r,
- struct tomoyo_domain_info *domain)
+ struct tomoyo_domain_info *domain, const u8 index)
{
+ u8 profile;
memset(r, 0, sizeof(*r));
if (!domain)
domain = tomoyo_domain();
r->domain = domain;
- r->mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
+ profile = domain->profile;
+ r->profile = profile;
+ r->type = index;
+ r->mode = tomoyo_get_mode(profile, index);
return r->mode;
}
/**
+ * tomoyo_last_word - Get last component of a line.
+ *
+ * @line: A line.
+ *
+ * Returns the last word of a line.
+ */
+static const char *tomoyo_last_word(const char *name)
+{
+ const char *cp = strrchr(name, ' ');
+ if (cp)
+ return cp + 1;
+ return name;
+}
+
+/**
* tomoyo_warn_log - Print warning or error message on console.
*
* @r: Pointer to "struct tomoyo_request_info".
@@ -818,29 +860,34 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r,
*/
void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...)
{
- int len = PAGE_SIZE;
va_list args;
char *buffer;
- if (!tomoyo_verbose_mode(r->domain))
- return;
- while (1) {
- int len2;
- buffer = kmalloc(len, GFP_NOFS);
- if (!buffer)
+ const struct tomoyo_domain_info * const domain = r->domain;
+ const struct tomoyo_profile *profile = tomoyo_profile(domain->profile);
+ switch (r->mode) {
+ case TOMOYO_CONFIG_ENFORCING:
+ if (!profile->enforcing->enforcing_verbose)
return;
- va_start(args, fmt);
- len2 = vsnprintf(buffer, len - 1, fmt, args);
- va_end(args);
- if (len2 <= len - 1) {
- buffer[len2] = '\0';
- break;
- }
- len = len2 + 1;
- kfree(buffer);
+ break;
+ case TOMOYO_CONFIG_PERMISSIVE:
+ if (!profile->permissive->permissive_verbose)
+ return;
+ break;
+ case TOMOYO_CONFIG_LEARNING:
+ if (!profile->learning->learning_verbose)
+ return;
+ break;
}
- printk(KERN_WARNING "TOMOYO-%s: Access %s denied for %s\n",
- r->mode == TOMOYO_CONFIG_ENFORCING ? "ERROR" : "WARNING",
- buffer, tomoyo_get_last_name(r->domain));
+ buffer = kmalloc(4096, GFP_NOFS);
+ if (!buffer)
+ return;
+ va_start(args, fmt);
+ vsnprintf(buffer, 4095, fmt, args);
+ va_end(args);
+ buffer[4095] = '\0';
+ printk(KERN_WARNING "%s: Access %s denied for %s\n",
+ r->mode == TOMOYO_CONFIG_ENFORCING ? "ERROR" : "WARNING", buffer,
+ tomoyo_last_word(domain->domainname->name));
kfree(buffer);
}
@@ -903,7 +950,8 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
count++;
}
}
- if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY))
+ if (count < tomoyo_profile(domain->profile)->learning->
+ learning_max_entry)
return true;
if (!domain->quota_warned) {
domain->quota_warned = true;