[TOMOYO #16 20/25] TOMOYO: Add policy loader launcher.

[Tetsuo Handa]

This patch contains code for policy loader.
By default, TOMOYO checks for /sbin/tomoyo-init and run it when /sbin/init (or
/sbin/tomoyo-start) is requested. But it is configurable via kernel commandline
parameter. /sbin/tomoyo-start is a dummy name for environments where /sbin/init
is missing (e.g. Android).

Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
---
 security/tomoyo/load_policy.c |   97 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 97 insertions(+)

--- /dev/null
+++ security-testing-2.6/security/tomoyo/load_policy.c
@@ -0,0 +1,97 @@
+/*
+ * security/tomoyo/load_policy.c
+ *
+ * Copyright (C) 2005-2009  NTT DATA CORPORATION
+ */
+#include "internal.h"
+#include <linux/module.h>
+#include <linux/namei.h>
+#include <linux/mount.h>
+
+/* Path to the policy loader. The default is /sbin/tomoyo-init. */
+static const char *tomoyo_loader;
+
+/**
+ * tomoyo_loader_setup - Specify the policy loader to use.
+ *
+ * @str: Path to the policy loader.
+ *
+ * Returns 0.
+ */
+static int __init tomoyo_loader_setup(char *str)
+{
+	tomoyo_loader = str;
+	return 0;
+}
+__setup("TOMOYO_loader=", tomoyo_loader_setup);
+
+/**
+ * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.
+ *
+ * Returns true if /sbin/tomoyo-init exists, false otherwise.
+ */
+static bool tomoyo_policy_loader_exists(void)
+{
+	/*
+	 * Don't activate MAC if the path given by 'TOMOYO_loader=' option
+	 * doesn't exist. If the initrd includes /sbin/init but real-root-dev
+	 * has not mounted on / yet, activating MAC will block the system since
+	 * policies are not loaded yet.
+	 * Thus, let do_execve() call this function everytime.
+	 */
+	struct path path;
+	if (!tomoyo_loader)
+		tomoyo_loader = "/sbin/tomoyo-init";
+	if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
+		printk(KERN_INFO "Not activating Mandatory Access Control now "
+		       "since %s doesn't exist.\n", tomoyo_loader);
+		return false;
+	}
+	path_put(&path);
+	return true;
+}
+
+/**
+ * tomoyo_load_policy - Run external policy loader to load policy.
+ *
+ * @filename: The program about to start.
+ *
+ * This function checks whether @filename is /sbin/init , and if so
+ * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init
+ * and then continues invocation of /sbin/init.
+ * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and
+ * writes to /sys/kernel/security/tomoyo/ interfaces.
+ *
+ * Returns nothing.
+ */
+void tomoyo_load_policy(const char *filename)
+{
+	if (tomoyo_policy_loaded)
+		return;
+	/*
+	 * Check filename is /sbin/init or /sbin/tomoyo-start.
+	 * /sbin/tomoyo-start is a dummy filename in case where /sbin/init
+	 * can't be passed. You can create /sbin/tomoyo-start by
+	 * "ln -s /bin/true /sbin/tomoyo-start".
+	 */
+	if (strcmp(filename, "/sbin/init") &&
+	    strcmp(filename, "/sbin/tomoyo-start"))
+		return;
+	if (!tomoyo_policy_loader_exists())
+		return;
+	{
+		char *argv[2];
+		char *envp[3];
+		printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
+		       tomoyo_loader);
+		argv[0] = (char *) tomoyo_loader;
+		argv[1] = NULL;
+		envp[0] = "HOME=/";
+		envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
+		envp[2] = NULL;
+		call_usermodehelper(argv[0], argv, envp, 1);
+	}
+	printk(KERN_INFO "TOMOYO: 2.3.0-pre   2009/10/01\n");
+	printk(KERN_INFO "Mandatory Access Control activated.\n");
+	tomoyo_check_profile();
+}

-- 
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/