/**
* secfs_Init - security file initialize
*
* This function is security file initialize.
*
* return infomation
* int:result
*/
static int __init secfs_Init(void)
{
int i;
int result = 0;
struct secfs_entry_file *pef;
secfunc_init();
/* create directory */
secfsdir = securityfs_create_dir(SECFS_FOLDERNAME, NULL);
if (IS_ERR(secfsdir)) {
result = PTR_ERR(secfsdir);
} else {
struct dentry* pEntry[ARRAY_SIZE(g_entry_files)];
pef = g_entry_files;
for (i = 0; i < ARRAY_SIZE(g_entry_files); i++, pef++) {
pEntry[i] = secfs_create_entry(secfsdir, pef);
if (IS_ERR(pEntry[i])) {
result = PTR_ERR(pEntry[i]);
for (--i; i >= 0; i--) {
securityfs_remove(pEntry[i]);
}
securityfs_remove(secfsdir);
secfsdir = NULL;
SECERROR("securityfs_remove");
break;
} else {
pef->mExist = true;
}
}
}
return result;
}
/**
* tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
*
* Returns 0.
*/
static int __init tomoyo_initerface_init(void)
{
struct dentry *tomoyo_dir;
/* Don't create securityfs entries unless registered. */
if (current_cred()->security != &tomoyo_kernel_domain)
return 0;
tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
tomoyo_create_entry("query", 0600, tomoyo_dir,
TOMOYO_QUERY);
tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
TOMOYO_DOMAINPOLICY);
tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
TOMOYO_EXCEPTIONPOLICY);
tomoyo_create_entry("audit", 0400, tomoyo_dir,
TOMOYO_AUDIT);
tomoyo_create_entry("self_domain", 0400, tomoyo_dir,
TOMOYO_SELFDOMAIN);
tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
TOMOYO_PROCESS_STATUS);
tomoyo_create_entry("stat", 0644, tomoyo_dir,
TOMOYO_STAT);
tomoyo_create_entry("profile", 0600, tomoyo_dir,
TOMOYO_PROFILE);
tomoyo_create_entry("manager", 0600, tomoyo_dir,
TOMOYO_MANAGER);
tomoyo_create_entry("version", 0400, tomoyo_dir,
TOMOYO_VERSION);
return 0;
}
int hp_init_sysfs(void)
{
struct dentry *hp_dir_entry = securityfs_create_dir(HP_DIR_NAME, NULL);
memset(hp_dentries, 0x0, sizeof(hp_dentries));
if (IS_ERR(hp_dir_entry)) {
alert("failed securityfs_create_dir.\n");
}
if ((long)hp_dir_entry == -ENODEV) {
alert("securityfs is not enabled in this machine.\n");
hp_dir_entry = NULL;
}
debug( "\"/sys/kernel/security/%s/\" was created.\n", HP_DIR_NAME);
hp_dentries[HP_DENTRY_KEY_ROOT] = hp_dir_entry;
if (hp_init_interfaces()) {
debug("Failed creating interfaces");
}
if (hp_init_tty_output_sysfs()) {
debug("Failed creating subdirs of tty_output");
}
/* Success */
return 0;
}
/**
* aa_create_aafs - create the apparmor security filesystem
*
* dentries created here are released by aa_destroy_aafs
*
* Returns: error on failure
*/
static int __init aa_create_aafs(void)
{
int error;
if (!apparmor_initialized)
return 0;
if (aa_fs_dentry) {
AA_ERROR("%s: AppArmor securityfs already exists\n", __func__);
return -EEXIST;
}
aa_fs_dentry = securityfs_create_dir("apparmor", NULL);
if (IS_ERR(aa_fs_dentry)) {
error = PTR_ERR(aa_fs_dentry);
aa_fs_dentry = NULL;
goto error;
}
#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24
error = aafs_create("matching", 0444, &aa_fs_matching_fops);
if (error)
goto error;
error = aafs_create("features", 0444, &aa_fs_features_fops);
if (error)
goto error;
#endif
error = aafs_create("profiles", 0440, &aa_fs_profiles_fops);
if (error)
goto error;
error = aafs_create(".load", 0640, &aa_fs_profile_load);
if (error)
goto error;
error = aafs_create(".replace", 0640, &aa_fs_profile_replace);
if (error)
goto error;
error = aafs_create(".remove", 0640, &aa_fs_profile_remove);
if (error)
goto error;
/* TODO: add support for apparmorfs_null and apparmorfs_mnt */
/* Report that AppArmor fs is enabled */
aa_info_message("AppArmor Filesystem Enabled");
return 0;
error:
aa_destroy_aafs();
AA_ERROR("Error creating AppArmor securityfs\n");
return error;
}
void hp_create_dir_entry(const char *dirname, struct dentry *parent, const u8 key)
{
struct dentry *de = securityfs_create_dir(dirname, parent);
if (!de) {
alert("cannot create %s directory.\n", dirname);
}
if ((long)de == -ENODEV) {
/*
Parent is missing
*/
alert("securityfs is not enabled in this machine.\n");
de = NULL;
}
hp_dentries[key] = de;
return;
}
static __init int sony_ric_secfs_init(void)
{
if (!security_state) {
ric_dir = securityfs_create_dir("sony_ric", NULL);
if (!ric_dir || IS_ERR(ric_dir)) {
pr_err("RIC: failed to create sony_ric dir\n");
return -EFAULT;
}
ric_entry = securityfs_create_file("enable", S_IRUSR | S_IRGRP,
ric_dir, NULL, &ric_enable_ops);
if (!ric_entry || IS_ERR(ric_entry)) {
pr_err("RIC: failed to create secfs fuse entry\n");
return -EFAULT;
}
pr_info("RIC: securityfs entry created\n");
} else {
ric_enable = security_state;
pr_info("RIC: securityfs entry not created\n");
}
return 0;
}
SYSCALL_DEFINE2(mod_securityfs_create_dir, const char*, name, struct dentry*, parent)
{
return securityfs_create_dir (name, parent);
}
