1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * security/tomoyo/tomoyo.c 4 * 5 * Copyright (C) 2005-2011 NTT DATA CORPORATION 6 */ 7 8 #include <linux/lsm_hooks.h> 9 #include "common.h" 10 11 /** 12 * tomoyo_domain - Get "struct tomoyo_domain_info" for current thread. 13 * 14 * Returns pointer to "struct tomoyo_domain_info" for current thread. 15 */ 16 struct tomoyo_domain_info *tomoyo_domain(void) 17 { 18 struct tomoyo_task *s = tomoyo_task(current); 19 20 if (s->old_domain_info && !current->in_execve) { 21 atomic_dec(&s->old_domain_info->users); 22 s->old_domain_info = NULL; 23 } 24 return s->domain_info; 25 } 26 27 /** 28 * tomoyo_cred_prepare - Target for security_prepare_creds(). 29 * 30 * @new: Pointer to "struct cred". 31 * @old: Pointer to "struct cred". 32 * @gfp: Memory allocation flags. 33 * 34 * Returns 0. 35 */ 36 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, 37 gfp_t gfp) 38 { 39 /* Restore old_domain_info saved by previous execve() request. */ 40 struct tomoyo_task *s = tomoyo_task(current); 41 42 if (s->old_domain_info && !current->in_execve) { 43 atomic_dec(&s->domain_info->users); 44 s->domain_info = s->old_domain_info; 45 s->old_domain_info = NULL; 46 } 47 return 0; 48 } 49 50 /** 51 * tomoyo_bprm_committed_creds - Target for security_bprm_committed_creds(). 52 * 53 * @bprm: Pointer to "struct linux_binprm". 54 */ 55 static void tomoyo_bprm_committed_creds(struct linux_binprm *bprm) 56 { 57 /* Clear old_domain_info saved by execve() request. */ 58 struct tomoyo_task *s = tomoyo_task(current); 59 60 atomic_dec(&s->old_domain_info->users); 61 s->old_domain_info = NULL; 62 } 63 64 #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 65 /** 66 * tomoyo_bprm_set_creds - Target for security_bprm_set_creds(). 67 * 68 * @bprm: Pointer to "struct linux_binprm". 69 * 70 * Returns 0. 71 */ 72 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) 73 { 74 /* 75 * Do only if this function is called for the first time of an execve 76 * operation. 77 */ 78 if (bprm->called_set_creds) 79 return 0; 80 /* 81 * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested 82 * for the first time. 83 */ 84 if (!tomoyo_policy_loaded) 85 tomoyo_load_policy(bprm->filename); 86 return 0; 87 } 88 #endif 89 90 /** 91 * tomoyo_bprm_check_security - Target for security_bprm_check(). 92 * 93 * @bprm: Pointer to "struct linux_binprm". 94 * 95 * Returns 0 on success, negative value otherwise. 96 */ 97 static int tomoyo_bprm_check_security(struct linux_binprm *bprm) 98 { 99 struct tomoyo_task *s = tomoyo_task(current); 100 101 /* 102 * Execute permission is checked against pathname passed to do_execve() 103 * using current domain. 104 */ 105 if (!s->old_domain_info) { 106 const int idx = tomoyo_read_lock(); 107 const int err = tomoyo_find_next_domain(bprm); 108 tomoyo_read_unlock(idx); 109 return err; 110 } 111 /* 112 * Read permission is checked against interpreters using next domain. 113 */ 114 return tomoyo_check_open_permission(s->domain_info, 115 &bprm->file->f_path, O_RDONLY); 116 } 117 118 /** 119 * tomoyo_inode_getattr - Target for security_inode_getattr(). 120 * 121 * @mnt: Pointer to "struct vfsmount". 122 * @dentry: Pointer to "struct dentry". 123 * 124 * Returns 0 on success, negative value otherwise. 125 */ 126 static int tomoyo_inode_getattr(const struct path *path) 127 { 128 return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL); 129 } 130 131 /** 132 * tomoyo_path_truncate - Target for security_path_truncate(). 133 * 134 * @path: Pointer to "struct path". 135 * 136 * Returns 0 on success, negative value otherwise. 137 */ 138 static int tomoyo_path_truncate(const struct path *path) 139 { 140 return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL); 141 } 142 143 /** 144 * tomoyo_path_unlink - Target for security_path_unlink(). 145 * 146 * @parent: Pointer to "struct path". 147 * @dentry: Pointer to "struct dentry". 148 * 149 * Returns 0 on success, negative value otherwise. 150 */ 151 static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) 152 { 153 struct path path = { .mnt = parent->mnt, .dentry = dentry }; 154 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); 155 } 156 157 /** 158 * tomoyo_path_mkdir - Target for security_path_mkdir(). 159 * 160 * @parent: Pointer to "struct path". 161 * @dentry: Pointer to "struct dentry". 162 * @mode: DAC permission mode. 163 * 164 * Returns 0 on success, negative value otherwise. 165 */ 166 static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, 167 umode_t mode) 168 { 169 struct path path = { .mnt = parent->mnt, .dentry = dentry }; 170 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, 171 mode & S_IALLUGO); 172 } 173 174 /** 175 * tomoyo_path_rmdir - Target for security_path_rmdir(). 176 * 177 * @parent: Pointer to "struct path". 178 * @dentry: Pointer to "struct dentry". 179 * 180 * Returns 0 on success, negative value otherwise. 181 */ 182 static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) 183 { 184 struct path path = { .mnt = parent->mnt, .dentry = dentry }; 185 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); 186 } 187 188 /** 189 * tomoyo_path_symlink - Target for security_path_symlink(). 190 * 191 * @parent: Pointer to "struct path". 192 * @dentry: Pointer to "struct dentry". 193 * @old_name: Symlink's content. 194 * 195 * Returns 0 on success, negative value otherwise. 196 */ 197 static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, 198 const char *old_name) 199 { 200 struct path path = { .mnt = parent->mnt, .dentry = dentry }; 201 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); 202 } 203 204 /** 205 * tomoyo_path_mknod - Target for security_path_mknod(). 206 * 207 * @parent: Pointer to "struct path". 208 * @dentry: Pointer to "struct dentry". 209 * @mode: DAC permission mode. 210 * @dev: Device attributes. 211 * 212 * Returns 0 on success, negative value otherwise. 213 */ 214 static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, 215 umode_t mode, unsigned int dev) 216 { 217 struct path path = { .mnt = parent->mnt, .dentry = dentry }; 218 int type = TOMOYO_TYPE_CREATE; 219 const unsigned int perm = mode & S_IALLUGO; 220 221 switch (mode & S_IFMT) { 222 case S_IFCHR: 223 type = TOMOYO_TYPE_MKCHAR; 224 break; 225 case S_IFBLK: 226 type = TOMOYO_TYPE_MKBLOCK; 227 break; 228 default: 229 goto no_dev; 230 } 231 return tomoyo_mkdev_perm(type, &path, perm, dev); 232 no_dev: 233 switch (mode & S_IFMT) { 234 case S_IFIFO: 235 type = TOMOYO_TYPE_MKFIFO; 236 break; 237 case S_IFSOCK: 238 type = TOMOYO_TYPE_MKSOCK; 239 break; 240 } 241 return tomoyo_path_number_perm(type, &path, perm); 242 } 243 244 /** 245 * tomoyo_path_link - Target for security_path_link(). 246 * 247 * @old_dentry: Pointer to "struct dentry". 248 * @new_dir: Pointer to "struct path". 249 * @new_dentry: Pointer to "struct dentry". 250 * 251 * Returns 0 on success, negative value otherwise. 252 */ 253 static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir, 254 struct dentry *new_dentry) 255 { 256 struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry }; 257 struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry }; 258 return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); 259 } 260 261 /** 262 * tomoyo_path_rename - Target for security_path_rename(). 263 * 264 * @old_parent: Pointer to "struct path". 265 * @old_dentry: Pointer to "struct dentry". 266 * @new_parent: Pointer to "struct path". 267 * @new_dentry: Pointer to "struct dentry". 268 * 269 * Returns 0 on success, negative value otherwise. 270 */ 271 static int tomoyo_path_rename(const struct path *old_parent, 272 struct dentry *old_dentry, 273 const struct path *new_parent, 274 struct dentry *new_dentry) 275 { 276 struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry }; 277 struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry }; 278 return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); 279 } 280 281 /** 282 * tomoyo_file_fcntl - Target for security_file_fcntl(). 283 * 284 * @file: Pointer to "struct file". 285 * @cmd: Command for fcntl(). 286 * @arg: Argument for @cmd. 287 * 288 * Returns 0 on success, negative value otherwise. 289 */ 290 static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, 291 unsigned long arg) 292 { 293 if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND))) 294 return 0; 295 return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path, 296 O_WRONLY | (arg & O_APPEND)); 297 } 298 299 /** 300 * tomoyo_file_open - Target for security_file_open(). 301 * 302 * @f: Pointer to "struct file". 303 * @cred: Pointer to "struct cred". 304 * 305 * Returns 0 on success, negative value otherwise. 306 */ 307 static int tomoyo_file_open(struct file *f) 308 { 309 int flags = f->f_flags; 310 /* Don't check read permission here if called from do_execve(). */ 311 if (current->in_execve) 312 return 0; 313 return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags); 314 } 315 316 /** 317 * tomoyo_file_ioctl - Target for security_file_ioctl(). 318 * 319 * @file: Pointer to "struct file". 320 * @cmd: Command for ioctl(). 321 * @arg: Argument for @cmd. 322 * 323 * Returns 0 on success, negative value otherwise. 324 */ 325 static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, 326 unsigned long arg) 327 { 328 return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd); 329 } 330 331 /** 332 * tomoyo_path_chmod - Target for security_path_chmod(). 333 * 334 * @path: Pointer to "struct path". 335 * @mode: DAC permission mode. 336 * 337 * Returns 0 on success, negative value otherwise. 338 */ 339 static int tomoyo_path_chmod(const struct path *path, umode_t mode) 340 { 341 return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path, 342 mode & S_IALLUGO); 343 } 344 345 /** 346 * tomoyo_path_chown - Target for security_path_chown(). 347 * 348 * @path: Pointer to "struct path". 349 * @uid: Owner ID. 350 * @gid: Group ID. 351 * 352 * Returns 0 on success, negative value otherwise. 353 */ 354 static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 355 { 356 int error = 0; 357 if (uid_valid(uid)) 358 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, 359 from_kuid(&init_user_ns, uid)); 360 if (!error && gid_valid(gid)) 361 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, 362 from_kgid(&init_user_ns, gid)); 363 return error; 364 } 365 366 /** 367 * tomoyo_path_chroot - Target for security_path_chroot(). 368 * 369 * @path: Pointer to "struct path". 370 * 371 * Returns 0 on success, negative value otherwise. 372 */ 373 static int tomoyo_path_chroot(const struct path *path) 374 { 375 return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL); 376 } 377 378 /** 379 * tomoyo_sb_mount - Target for security_sb_mount(). 380 * 381 * @dev_name: Name of device file. Maybe NULL. 382 * @path: Pointer to "struct path". 383 * @type: Name of filesystem type. Maybe NULL. 384 * @flags: Mount options. 385 * @data: Optional data. Maybe NULL. 386 * 387 * Returns 0 on success, negative value otherwise. 388 */ 389 static int tomoyo_sb_mount(const char *dev_name, const struct path *path, 390 const char *type, unsigned long flags, void *data) 391 { 392 return tomoyo_mount_permission(dev_name, path, type, flags, data); 393 } 394 395 /** 396 * tomoyo_sb_umount - Target for security_sb_umount(). 397 * 398 * @mnt: Pointer to "struct vfsmount". 399 * @flags: Unmount options. 400 * 401 * Returns 0 on success, negative value otherwise. 402 */ 403 static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) 404 { 405 struct path path = { .mnt = mnt, .dentry = mnt->mnt_root }; 406 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); 407 } 408 409 /** 410 * tomoyo_sb_pivotroot - Target for security_sb_pivotroot(). 411 * 412 * @old_path: Pointer to "struct path". 413 * @new_path: Pointer to "struct path". 414 * 415 * Returns 0 on success, negative value otherwise. 416 */ 417 static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path) 418 { 419 return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); 420 } 421 422 /** 423 * tomoyo_socket_listen - Check permission for listen(). 424 * 425 * @sock: Pointer to "struct socket". 426 * @backlog: Backlog parameter. 427 * 428 * Returns 0 on success, negative value otherwise. 429 */ 430 static int tomoyo_socket_listen(struct socket *sock, int backlog) 431 { 432 return tomoyo_socket_listen_permission(sock); 433 } 434 435 /** 436 * tomoyo_socket_connect - Check permission for connect(). 437 * 438 * @sock: Pointer to "struct socket". 439 * @addr: Pointer to "struct sockaddr". 440 * @addr_len: Size of @addr. 441 * 442 * Returns 0 on success, negative value otherwise. 443 */ 444 static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr, 445 int addr_len) 446 { 447 return tomoyo_socket_connect_permission(sock, addr, addr_len); 448 } 449 450 /** 451 * tomoyo_socket_bind - Check permission for bind(). 452 * 453 * @sock: Pointer to "struct socket". 454 * @addr: Pointer to "struct sockaddr". 455 * @addr_len: Size of @addr. 456 * 457 * Returns 0 on success, negative value otherwise. 458 */ 459 static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr, 460 int addr_len) 461 { 462 return tomoyo_socket_bind_permission(sock, addr, addr_len); 463 } 464 465 /** 466 * tomoyo_socket_sendmsg - Check permission for sendmsg(). 467 * 468 * @sock: Pointer to "struct socket". 469 * @msg: Pointer to "struct msghdr". 470 * @size: Size of message. 471 * 472 * Returns 0 on success, negative value otherwise. 473 */ 474 static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, 475 int size) 476 { 477 return tomoyo_socket_sendmsg_permission(sock, msg, size); 478 } 479 480 struct lsm_blob_sizes tomoyo_blob_sizes __lsm_ro_after_init = { 481 .lbs_task = sizeof(struct tomoyo_task), 482 }; 483 484 /** 485 * tomoyo_task_alloc - Target for security_task_alloc(). 486 * 487 * @task: Pointer to "struct task_struct". 488 * @flags: clone() flags. 489 * 490 * Returns 0. 491 */ 492 static int tomoyo_task_alloc(struct task_struct *task, 493 unsigned long clone_flags) 494 { 495 struct tomoyo_task *old = tomoyo_task(current); 496 struct tomoyo_task *new = tomoyo_task(task); 497 498 new->domain_info = old->domain_info; 499 atomic_inc(&new->domain_info->users); 500 new->old_domain_info = NULL; 501 return 0; 502 } 503 504 /** 505 * tomoyo_task_free - Target for security_task_free(). 506 * 507 * @task: Pointer to "struct task_struct". 508 */ 509 static void tomoyo_task_free(struct task_struct *task) 510 { 511 struct tomoyo_task *s = tomoyo_task(task); 512 513 if (s->domain_info) { 514 atomic_dec(&s->domain_info->users); 515 s->domain_info = NULL; 516 } 517 if (s->old_domain_info) { 518 atomic_dec(&s->old_domain_info->users); 519 s->old_domain_info = NULL; 520 } 521 } 522 523 /* 524 * tomoyo_security_ops is a "struct security_operations" which is used for 525 * registering TOMOYO. 526 */ 527 static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = { 528 LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare), 529 LSM_HOOK_INIT(bprm_committed_creds, tomoyo_bprm_committed_creds), 530 LSM_HOOK_INIT(task_alloc, tomoyo_task_alloc), 531 LSM_HOOK_INIT(task_free, tomoyo_task_free), 532 #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 533 LSM_HOOK_INIT(bprm_set_creds, tomoyo_bprm_set_creds), 534 #endif 535 LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security), 536 LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl), 537 LSM_HOOK_INIT(file_open, tomoyo_file_open), 538 LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate), 539 LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink), 540 LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir), 541 LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir), 542 LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink), 543 LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod), 544 LSM_HOOK_INIT(path_link, tomoyo_path_link), 545 LSM_HOOK_INIT(path_rename, tomoyo_path_rename), 546 LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr), 547 LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl), 548 LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod), 549 LSM_HOOK_INIT(path_chown, tomoyo_path_chown), 550 LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot), 551 LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount), 552 LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount), 553 LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot), 554 LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind), 555 LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect), 556 LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen), 557 LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg), 558 }; 559 560 /* Lock for GC. */ 561 DEFINE_SRCU(tomoyo_ss); 562 563 int tomoyo_enabled __lsm_ro_after_init = 1; 564 565 /** 566 * tomoyo_init - Register TOMOYO Linux as a LSM module. 567 * 568 * Returns 0. 569 */ 570 static int __init tomoyo_init(void) 571 { 572 struct tomoyo_task *s = tomoyo_task(current); 573 574 /* register ourselves with the security framework */ 575 security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); 576 printk(KERN_INFO "TOMOYO Linux initialized\n"); 577 s->domain_info = &tomoyo_kernel_domain; 578 atomic_inc(&tomoyo_kernel_domain.users); 579 s->old_domain_info = NULL; 580 tomoyo_mm_init(); 581 582 return 0; 583 } 584 585 DEFINE_LSM(tomoyo) = { 586 .name = "tomoyo", 587 .enabled = &tomoyo_enabled, 588 .flags = LSM_FLAG_LEGACY_MAJOR, 589 .blobs = &tomoyo_blob_sizes, 590 .init = tomoyo_init, 591 }; 592