TOMOYO: Make several options configurable.

	  Required userspace tools and further information may be

	  found at <http://tomoyo.sourceforge.jp/>.

	  If you are unsure how to answer this question, answer N.

config SECURITY_TOMOYO_MAX_ACCEPT_ENTRY

	int "Default maximal count for learning mode"

	default 2048

	range 0 2147483647

	depends on SECURITY_TOMOYO

	help

	  This is the default value for maximal ACL entries

	  that are automatically appended into policy at "learning mode".

	  Some programs access thousands of objects, so running

	  such programs in "learning mode" dulls the system response

	  and consumes much memory.

	  This is the safeguard for such programs.

config SECURITY_TOMOYO_MAX_AUDIT_LOG

	int "Default maximal count for audit log"

	default 1024

	range 0 2147483647

	depends on SECURITY_TOMOYO

	help

	  This is the default value for maximal entries for

	  audit logs that the kernel can hold on memory.

	  You can read the log via /sys/kernel/security/tomoyo/audit.

	  If you don't need audit logs, you may set this value to 0.

config SECURITY_TOMOYO_OMIT_USERSPACE_LOADER

	bool "Activate without calling userspace policy loader."

	default n

	depends on SECURITY_TOMOYO

	---help---

	  Say Y here if you want to activate access control as soon as built-in

	  policy was loaded. This option will be useful for systems where

	  operations which can lead to the hijacking of the boot sequence are

	  needed before loading the policy. For example, you can activate

	  immediately after loading the fixed part of policy which will allow

	  only operations needed for mounting a partition which contains the

	  variant part of policy and verifying (e.g. running GPG check) and

	  loading the variant part of policy. Since you can start using

	  enforcing mode from the beginning, you can reduce the possibility of

	  hijacking the boot sequence.

config SECURITY_TOMOYO_POLICY_LOADER

	string "Location of userspace policy loader"

	default "/sbin/tomoyo-init"

	depends on SECURITY_TOMOYO

	depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER

	---help---

	  This is the default pathname of policy loader which is called before

	  activation. You can override this setting via TOMOYO_loader= kernel

	  command line option.

config SECURITY_TOMOYO_ACTIVATION_TRIGGER

	string "Trigger for calling userspace policy loader"

	default "/sbin/init"

	depends on SECURITY_TOMOYO

	depends on !SECURITY_TOMOYO_OMIT_USERSPACE_LOADER

	---help---

	  This is the default pathname of activation trigger.

	  You can override this setting via TOMOYO_trigger= kernel command line

	  option. For example, if you pass init=/bin/systemd option, you may

	  want to also pass TOMOYO_trigger=/bin/systemd option.

		}

	}

	tomoyo_read_unlock(idx);

#ifdef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER

	tomoyo_check_profile();

#endif

}

#include "common.h"

/* path to policy loader */

static const char *tomoyo_loader = "/sbin/tomoyo-init";

#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER

/*

 * Path to the policy loader. (default = CONFIG_SECURITY_TOMOYO_POLICY_LOADER)

 */

static const char *tomoyo_loader;

/**

 * tomoyo_loader_setup - Set policy loader.

 *

 * @str: Program to use as a policy loader (e.g. /sbin/tomoyo-init ).

 *

 * Returns 0.

 */

static int __init tomoyo_loader_setup(char *str)

{

	tomoyo_loader = str;

	return 0;

}

__setup("TOMOYO_loader=", tomoyo_loader_setup);

/**

 * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists.

 */

static bool tomoyo_policy_loader_exists(void)

{

	/*

	 * Don't activate MAC if the policy loader doesn't exist.

	 * If the initrd includes /sbin/init but real-root-dev has not

	 * mounted on / yet, activating MAC will block the system since

	 * policies are not loaded yet.

	 * Thus, let do_execve() call this function every time.

	 */

	struct path path;

	if (!tomoyo_loader)

		tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER;

	if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {

		printk(KERN_INFO "Not activating Mandatory Access Control now "

		       "since %s doesn't exist.\n", tomoyo_loader);

		printk(KERN_INFO "Not activating Mandatory Access Control "

		       "as %s does not exist.\n", tomoyo_loader);

		return false;

	}

	path_put(&path);

	return true;

}

/*

 * Path to the trigger. (default = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER)

 */

static const char *tomoyo_trigger;

/**

 * tomoyo_trigger_setup - Set trigger for activation.

 *

 * @str: Program to use as an activation trigger (e.g. /sbin/init ).

 *

 * Returns 0.

 */

static int __init tomoyo_trigger_setup(char *str)

{

	tomoyo_trigger = str;

	return 0;

}

__setup("TOMOYO_trigger=", tomoyo_trigger_setup);

/**

 * tomoyo_load_policy - Run external policy loader to load policy.

 *

 */

void tomoyo_load_policy(const char *filename)

{

	static bool done;

	char *argv[2];

	char *envp[3];

	if (tomoyo_policy_loaded)

	if (tomoyo_policy_loaded || done)

		return;

	/*

	 * Check filename is /sbin/init or /sbin/tomoyo-start.

	 * /sbin/tomoyo-start is a dummy filename in case where /sbin/init can't

	 * be passed.

	 * You can create /sbin/tomoyo-start by

	 * "ln -s /bin/true /sbin/tomoyo-start".

	 */

	if (strcmp(filename, "/sbin/init") &&

	    strcmp(filename, "/sbin/tomoyo-start"))

	if (!tomoyo_trigger)

		tomoyo_trigger = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER;

	if (strcmp(filename, tomoyo_trigger))

		return;

	if (!tomoyo_policy_loader_exists())

		return;

	done = true;

	printk(KERN_INFO "Calling %s to load policy. Please wait.\n",

	       tomoyo_loader);

	argv[0] = (char *) tomoyo_loader;

	call_usermodehelper(argv[0], argv, envp, 1);

	tomoyo_check_profile();

}

#endif