/**
* tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
*
* Returns 0.
*/
static int __init tomoyo_initerface_init(void)
{
struct dentry *tomoyo_dir;
/* Don't create securityfs entries unless registered. */
if (current_cred()->security != &tomoyo_kernel_domain)
return 0;
tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
tomoyo_create_entry("query", 0600, tomoyo_dir,
TOMOYO_QUERY);
tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
TOMOYO_DOMAINPOLICY);
tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
TOMOYO_EXCEPTIONPOLICY);
tomoyo_create_entry("audit", 0400, tomoyo_dir,
TOMOYO_AUDIT);
tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
TOMOYO_PROCESS_STATUS);
tomoyo_create_entry("stat", 0644, tomoyo_dir,
TOMOYO_STAT);
tomoyo_create_entry("profile", 0600, tomoyo_dir,
TOMOYO_PROFILE);
tomoyo_create_entry("manager", 0600, tomoyo_dir,
TOMOYO_MANAGER);
tomoyo_create_entry("version", 0400, tomoyo_dir,
TOMOYO_VERSION);
securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL,
&tomoyo_self_operations);
tomoyo_load_builtin_policy();
return 0;
}
/**
* aafs_create - create an entry in the apparmor filesystem
* @name: name of the entry (NOT NULL)
* @mask: file permission mask of the file
* @fops: file operations for the file (NOT NULL)
*
* Used aafs_remove to remove entries created with this fn.
*/
static int __init aafs_create(const char *name, umode_t mask,
const struct file_operations *fops)
{
struct dentry *dentry;
dentry = securityfs_create_file(name, S_IFREG | mask, aa_fs_dentry,
NULL, fops);
return IS_ERR(dentry) ? PTR_ERR(dentry) : 0;
}
static __init int setup_securelevel(void)
{
struct dentry *securelevel_file;
securelevel_file = securityfs_create_file("securelevel",
S_IWUSR | S_IRUGO,
NULL, NULL,
&securelevel_fops);
if (IS_ERR(securelevel_file))
return PTR_ERR(securelevel_file);
return 0;
}
/**
* secfs_create_entry - create security file
* @parent: struct dentry pointer
* @pEnrtyFile: entry file pointer
*
* This function is to create security file.
*
*/
static struct dentry* secfs_create_entry(
struct dentry *parent,
struct secfs_entry_file *pEnrtyFile)
{
struct dentry *ret;
/* create file */
ret = securityfs_create_file(pEnrtyFile->mName,
pEnrtyFile->mMode,
parent,
(void *)pEnrtyFile->mKey,
&pEnrtyFile->mOperations);
return ret;
}
static void hp_create_entry(const char *name, const mode_t mode,
struct dentry *parent, const u8 key)
{
struct dentry *hp_file_entry;
hp_file_entry = securityfs_create_file(name, mode, parent,
((u8 *)NULL) + key,
&hp_operations);
if (hp_file_entry && !IS_ERR(hp_file_entry)) {
debug("Ceated %s in sysfs.\n", name);
} else {
alert("Failed creating %s in sysfs.\n", name);
}
/* save the pointer for removing */
hp_dentries[key] = hp_file_entry;
}
static __init int sony_ric_secfs_init(void)
{
if (!security_state) {
ric_dir = securityfs_create_dir("sony_ric", NULL);
if (!ric_dir || IS_ERR(ric_dir)) {
pr_err("RIC: failed to create sony_ric dir\n");
return -EFAULT;
}
ric_entry = securityfs_create_file("enable", S_IRUSR | S_IRGRP,
ric_dir, NULL, &ric_enable_ops);
if (!ric_entry || IS_ERR(ric_entry)) {
pr_err("RIC: failed to create secfs fuse entry\n");
return -EFAULT;
}
pr_info("RIC: securityfs entry created\n");
} else {
ric_enable = security_state;
pr_info("RIC: securityfs entry not created\n");
}
return 0;
}
/**
* securityfs_create_dir - create a directory in the securityfs filesystem
*
* @name: a pointer to a string containing the name of the directory to
* create.
* @parent: a pointer to the parent dentry for this file. This should be a
* directory dentry if set. If this parameter is %NULL, then the
* directory will be created in the root of the securityfs filesystem.
*
* This function creates a directory in securityfs with the given @name.
*
* This function returns a pointer to a dentry if it succeeds. This
* pointer must be passed to the securityfs_remove() function when the file is
* to be removed (no automatic cleanup happens if your module is unloaded,
* you are responsible here). If an error occurs, %NULL will be returned.
*
* If securityfs is not enabled in the kernel, the value %-ENODEV is
* returned. It is not wise to check for this value, but rather, check for
* %NULL or !%NULL instead as to eliminate the need for #ifdef in the calling
* code.
*/
struct dentry *securityfs_create_dir(const char *name, struct dentry *parent)
{
return securityfs_create_file(name,
S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO,
parent, NULL, NULL);
}
/**
* tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
*
* @name: The name of the interface file.
* @mode: The permission of the interface file.
* @parent: The parent directory.
* @key: Type of interface.
*
* Returns nothing.
*/
static void __init tomoyo_create_entry(const char *name, const mode_t mode,
struct dentry *parent, const u8 key)
{
securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
&tomoyo_operations);
}
SYSCALL_DEFINE5(mod_securityfs_create_file, const char*, name, mode_t, mode, struct dentry*, parent, void*, data, const struct file_operations*, fops)
{
return securityfs_create_file(name, mode, parent, data, fops);
}