1 /* 2 * inode.c - securityfs 3 * 4 * Copyright (C) 2005 Greg Kroah-Hartman <gregkh@suse.de> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License version 8 * 2 as published by the Free Software Foundation. 9 * 10 * Based on fs/debugfs/inode.c which had the following copyright notice: 11 * Copyright (C) 2004 Greg Kroah-Hartman <greg@kroah.com> 12 * Copyright (C) 2004 IBM Inc. 13 */ 14 15 /* #define DEBUG */ 16 #include <linux/module.h> 17 #include <linux/fs.h> 18 #include <linux/mount.h> 19 #include <linux/pagemap.h> 20 #include <linux/init.h> 21 #include <linux/namei.h> 22 #include <linux/security.h> 23 24 #define SECURITYFS_MAGIC 0x73636673 25 26 static struct vfsmount *mount; 27 static int mount_count; 28 29 /* 30 * TODO: 31 * I think I can get rid of these default_file_ops, but not quite sure... 32 */ 33 static ssize_t default_read_file(struct file *file, char __user *buf, 34 size_t count, loff_t *ppos) 35 { 36 return 0; 37 } 38 39 static ssize_t default_write_file(struct file *file, const char __user *buf, 40 size_t count, loff_t *ppos) 41 { 42 return count; 43 } 44 45 static int default_open(struct inode *inode, struct file *file) 46 { 47 if (inode->i_private) 48 file->private_data = inode->i_private; 49 50 return 0; 51 } 52 53 static const struct file_operations default_file_ops = { 54 .read = default_read_file, 55 .write = default_write_file, 56 .open = default_open, 57 }; 58 59 static struct inode *get_inode(struct super_block *sb, int mode, dev_t dev) 60 { 61 struct inode *inode = new_inode(sb); 62 63 if (inode) { 64 inode->i_mode = mode; 65 inode->i_uid = 0; 66 inode->i_gid = 0; 67 inode->i_blocks = 0; 68 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 69 switch (mode & S_IFMT) { 70 default: 71 init_special_inode(inode, mode, dev); 72 break; 73 case S_IFREG: 74 inode->i_fop = &default_file_ops; 75 break; 76 case S_IFDIR: 77 inode->i_op = &simple_dir_inode_operations; 78 inode->i_fop = &simple_dir_operations; 79 80 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 81 inc_nlink(inode); 82 break; 83 } 84 } 85 return inode; 86 } 87 88 /* SMP-safe */ 89 static int mknod(struct inode *dir, struct dentry *dentry, 90 int mode, dev_t dev) 91 { 92 struct inode *inode; 93 int error = -EPERM; 94 95 if (dentry->d_inode) 96 return -EEXIST; 97 98 inode = get_inode(dir->i_sb, mode, dev); 99 if (inode) { 100 d_instantiate(dentry, inode); 101 dget(dentry); 102 error = 0; 103 } 104 return error; 105 } 106 107 static int mkdir(struct inode *dir, struct dentry *dentry, int mode) 108 { 109 int res; 110 111 mode = (mode & (S_IRWXUGO | S_ISVTX)) | S_IFDIR; 112 res = mknod(dir, dentry, mode, 0); 113 if (!res) 114 inc_nlink(dir); 115 return res; 116 } 117 118 static int create(struct inode *dir, struct dentry *dentry, int mode) 119 { 120 mode = (mode & S_IALLUGO) | S_IFREG; 121 return mknod(dir, dentry, mode, 0); 122 } 123 124 static inline int positive(struct dentry *dentry) 125 { 126 return dentry->d_inode && !d_unhashed(dentry); 127 } 128 129 static int fill_super(struct super_block *sb, void *data, int silent) 130 { 131 static struct tree_descr files[] = {{""}}; 132 133 return simple_fill_super(sb, SECURITYFS_MAGIC, files); 134 } 135 136 static int get_sb(struct file_system_type *fs_type, 137 int flags, const char *dev_name, 138 void *data, struct vfsmount *mnt) 139 { 140 return get_sb_single(fs_type, flags, data, fill_super, mnt); 141 } 142 143 static struct file_system_type fs_type = { 144 .owner = THIS_MODULE, 145 .name = "securityfs", 146 .get_sb = get_sb, 147 .kill_sb = kill_litter_super, 148 }; 149 150 static int create_by_name(const char *name, mode_t mode, 151 struct dentry *parent, 152 struct dentry **dentry) 153 { 154 int error = 0; 155 156 *dentry = NULL; 157 158 /* If the parent is not specified, we create it in the root. 159 * We need the root dentry to do this, which is in the super 160 * block. A pointer to that is in the struct vfsmount that we 161 * have around. 162 */ 163 if (!parent ) { 164 if (mount && mount->mnt_sb) { 165 parent = mount->mnt_sb->s_root; 166 } 167 } 168 if (!parent) { 169 pr_debug("securityfs: Ah! can not find a parent!\n"); 170 return -EFAULT; 171 } 172 173 mutex_lock(&parent->d_inode->i_mutex); 174 *dentry = lookup_one_len(name, parent, strlen(name)); 175 if (!IS_ERR(dentry)) { 176 if ((mode & S_IFMT) == S_IFDIR) 177 error = mkdir(parent->d_inode, *dentry, mode); 178 else 179 error = create(parent->d_inode, *dentry, mode); 180 } else 181 error = PTR_ERR(dentry); 182 mutex_unlock(&parent->d_inode->i_mutex); 183 184 return error; 185 } 186 187 /** 188 * securityfs_create_file - create a file in the securityfs filesystem 189 * 190 * @name: a pointer to a string containing the name of the file to create. 191 * @mode: the permission that the file should have 192 * @parent: a pointer to the parent dentry for this file. This should be a 193 * directory dentry if set. If this paramater is NULL, then the 194 * file will be created in the root of the securityfs filesystem. 195 * @data: a pointer to something that the caller will want to get to later 196 * on. The inode.i_private pointer will point to this value on 197 * the open() call. 198 * @fops: a pointer to a struct file_operations that should be used for 199 * this file. 200 * 201 * This is the basic "create a file" function for securityfs. It allows for a 202 * wide range of flexibility in createing a file, or a directory (if you 203 * want to create a directory, the securityfs_create_dir() function is 204 * recommended to be used instead.) 205 * 206 * This function will return a pointer to a dentry if it succeeds. This 207 * pointer must be passed to the securityfs_remove() function when the file is 208 * to be removed (no automatic cleanup happens if your module is unloaded, 209 * you are responsible here.) If an error occurs, NULL will be returned. 210 * 211 * If securityfs is not enabled in the kernel, the value -ENODEV will be 212 * returned. It is not wise to check for this value, but rather, check for 213 * NULL or !NULL instead as to eliminate the need for #ifdef in the calling 214 * code. 215 */ 216 struct dentry *securityfs_create_file(const char *name, mode_t mode, 217 struct dentry *parent, void *data, 218 const struct file_operations *fops) 219 { 220 struct dentry *dentry = NULL; 221 int error; 222 223 pr_debug("securityfs: creating file '%s'\n",name); 224 225 error = simple_pin_fs(&fs_type, &mount, &mount_count); 226 if (error) { 227 dentry = ERR_PTR(error); 228 goto exit; 229 } 230 231 error = create_by_name(name, mode, parent, &dentry); 232 if (error) { 233 dentry = ERR_PTR(error); 234 simple_release_fs(&mount, &mount_count); 235 goto exit; 236 } 237 238 if (dentry->d_inode) { 239 if (fops) 240 dentry->d_inode->i_fop = fops; 241 if (data) 242 dentry->d_inode->i_private = data; 243 } 244 exit: 245 return dentry; 246 } 247 EXPORT_SYMBOL_GPL(securityfs_create_file); 248 249 /** 250 * securityfs_create_dir - create a directory in the securityfs filesystem 251 * 252 * @name: a pointer to a string containing the name of the directory to 253 * create. 254 * @parent: a pointer to the parent dentry for this file. This should be a 255 * directory dentry if set. If this paramater is NULL, then the 256 * directory will be created in the root of the securityfs filesystem. 257 * 258 * This function creates a directory in securityfs with the given name. 259 * 260 * This function will return a pointer to a dentry if it succeeds. This 261 * pointer must be passed to the securityfs_remove() function when the file is 262 * to be removed (no automatic cleanup happens if your module is unloaded, 263 * you are responsible here.) If an error occurs, NULL will be returned. 264 * 265 * If securityfs is not enabled in the kernel, the value -ENODEV will be 266 * returned. It is not wise to check for this value, but rather, check for 267 * NULL or !NULL instead as to eliminate the need for #ifdef in the calling 268 * code. 269 */ 270 struct dentry *securityfs_create_dir(const char *name, struct dentry *parent) 271 { 272 return securityfs_create_file(name, 273 S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO, 274 parent, NULL, NULL); 275 } 276 EXPORT_SYMBOL_GPL(securityfs_create_dir); 277 278 /** 279 * securityfs_remove - removes a file or directory from the securityfs filesystem 280 * 281 * @dentry: a pointer to a the dentry of the file or directory to be 282 * removed. 283 * 284 * This function removes a file or directory in securityfs that was previously 285 * created with a call to another securityfs function (like 286 * securityfs_create_file() or variants thereof.) 287 * 288 * This function is required to be called in order for the file to be 289 * removed, no automatic cleanup of files will happen when a module is 290 * removed, you are responsible here. 291 */ 292 void securityfs_remove(struct dentry *dentry) 293 { 294 struct dentry *parent; 295 296 if (!dentry) 297 return; 298 299 parent = dentry->d_parent; 300 if (!parent || !parent->d_inode) 301 return; 302 303 mutex_lock(&parent->d_inode->i_mutex); 304 if (positive(dentry)) { 305 if (dentry->d_inode) { 306 if (S_ISDIR(dentry->d_inode->i_mode)) 307 simple_rmdir(parent->d_inode, dentry); 308 else 309 simple_unlink(parent->d_inode, dentry); 310 dput(dentry); 311 } 312 } 313 mutex_unlock(&parent->d_inode->i_mutex); 314 simple_release_fs(&mount, &mount_count); 315 } 316 EXPORT_SYMBOL_GPL(securityfs_remove); 317 318 static struct kobject *security_kobj; 319 320 static int __init securityfs_init(void) 321 { 322 int retval; 323 324 security_kobj = kobject_create_and_add("security", kernel_kobj); 325 if (!security_kobj) 326 return -EINVAL; 327 328 retval = register_filesystem(&fs_type); 329 if (retval) 330 kobject_put(security_kobj); 331 return retval; 332 } 333 334 core_initcall(securityfs_init); 335 MODULE_LICENSE("GPL"); 336 337