Re: [TOMOYO #12 (2.6.28-rc2-mm1) 06/11] Common functions for TOMOYOLinux.

[Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>]

Hello.

Andrew Morton wrote:
> (That's two hours of tomoyo-reading for me.  I need to stop now)
Thank you very much for reviewing.
Before I answer for individual comments, I'd like to show three basic outlines.

(1) The way TOMOYO handles string data.

To be able to handle any characters correctly, TOMOYO Linux follows the rules
shown below to represent a word. A word means all tokens that are treated as
string data, such as pathnames and comments.

 * NUL character (0x00) is used for indicating end of string.
   Thus you cannot include \000 in a word.
 * \ character (0x5C) is used for indicating octal expression.
   Thus, you need to use \\ to represent a \.
 * Characters 0x01 - 0x20 and 0x7F - 0xFF are represented using octal
   expression \ooo .
 * The rest characters (i.e. 0x21 - 0x5B and 0x5D - 0x7E) are represented
   as is.

 * Space character (0x20) is used as a delimiter that separates words.
   Line feed character (0x0A) is used as a delimiter that separates lines.
 * Only words that follow the rule above and the delimiters (i.e. space
   character and line feed characters) are valid. All other characters are
   regarded as space character. Multiple spaces are automatically compressed
   into one space. Leading and trailing spaces are automatically deleted.

(2) The way TOMOYO allocates memory.

In TOMOYO Linux, memory allocated for holding access permissions and words are
never freed. There is no way except rebooting the system that can free unneeded
memory.

But don't worry. The policy seldom changes after you start production mode.
By tuning policy before starting production mode, you can reduce memory usage
to (usually) less than 1 Mega Bytes. You can also enable memory quota.

(3) The kernel-userspace interface of TOMOYO.

Policy files are automatically loaded into the kernel upon boot.
When a system boots, /sbin/init is executed. When the execution of /sbin/init
is requested and if /sbin/tomoyo-init exists, /sbin/tomoyo-init is executed,
and /sbin/init is executed after /sbin/tomoyo-init terminates.
/sbin/tomoyo-init is called only once.

TOMOYO requires no modifications of existing userland applications.
The pathname /sbin/tomoyo-init is embedded into the kernel so that we don't
need to modify /sbin/init for loading policy.

/sbin/tomoyo-init loads policy via /sys/kernel/security/tomoyo/ interface.
All data passed through this interface consists of only ASCII printable
characters, for all words consist of only ASCII printable characters.

Regards.