xref: /openbmc/linux/security/tomoyo/environ.c (revision f3539c12) 
1 /*
2  * security/tomoyo/environ.c
3  *
4  * Copyright (C) 2005-2011  NTT DATA CORPORATION
5  */
6 
7 #include "common.h"
8 
9 /**
10  * tomoyo_check_env_acl - Check permission for environment variable's name.
11  *
12  * @r:   Pointer to "struct tomoyo_request_info".
13  * @ptr: Pointer to "struct tomoyo_acl_info".
14  *
15  * Returns true if granted, false otherwise.
16  */
17 static bool tomoyo_check_env_acl(struct tomoyo_request_info *r,
18 				 const struct tomoyo_acl_info *ptr)
19 {
20 	const struct tomoyo_env_acl *acl =
21 		container_of(ptr, typeof(*acl), head);
22 
23 	return tomoyo_path_matches_pattern(r->param.environ.name, acl->env);
24 }
25 
26 /**
27  * tomoyo_audit_env_log - Audit environment variable name log.
28  *
29  * @r: Pointer to "struct tomoyo_request_info".
30  *
31  * Returns 0 on success, negative value otherwise.
32  */
33 static int tomoyo_audit_env_log(struct tomoyo_request_info *r)
34 {
35 	return tomoyo_supervisor(r, "misc env %s\n",
36 				 r->param.environ.name->name);
37 }
38 
39 /**
40  * tomoyo_env_perm - Check permission for environment variable's name.
41  *
42  * @r:   Pointer to "struct tomoyo_request_info".
43  * @env: The name of environment variable.
44  *
45  * Returns 0 on success, negative value otherwise.
46  *
47  * Caller holds tomoyo_read_lock().
48  */
49 int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env)
50 {
51 	struct tomoyo_path_info environ;
52 	int error;
53 
54 	if (!env || !*env)
55 		return 0;
56 	environ.name = env;
57 	tomoyo_fill_path_info(&environ);
58 	r->param_type = TOMOYO_TYPE_ENV_ACL;
59 	r->param.environ.name = &environ;
60 	do {
61 		tomoyo_check_acl(r, tomoyo_check_env_acl);
62 		error = tomoyo_audit_env_log(r);
63 	} while (error == TOMOYO_RETRY_REQUEST);
64 	return error;
65 }
66 
67 /**
68  * tomoyo_same_env_acl - Check for duplicated "struct tomoyo_env_acl" entry.
69  *
70  * @a: Pointer to "struct tomoyo_acl_info".
71  * @b: Pointer to "struct tomoyo_acl_info".
72  *
73  * Returns true if @a == @b, false otherwise.
74  */
75 static bool tomoyo_same_env_acl(const struct tomoyo_acl_info *a,
76 				const struct tomoyo_acl_info *b)
77 {
78 	const struct tomoyo_env_acl *p1 = container_of(a, typeof(*p1), head);
79 	const struct tomoyo_env_acl *p2 = container_of(b, typeof(*p2), head);
80 
81 	return p1->env == p2->env;
82 }
83 
84 /**
85  * tomoyo_write_env - Write "struct tomoyo_env_acl" list.
86  *
87  * @param: Pointer to "struct tomoyo_acl_param".
88  *
89  * Returns 0 on success, negative value otherwise.
90  *
91  * Caller holds tomoyo_read_lock().
92  */
93 static int tomoyo_write_env(struct tomoyo_acl_param *param)
94 {
95 	struct tomoyo_env_acl e = { .head.type = TOMOYO_TYPE_ENV_ACL };
96 	int error = -ENOMEM;
97 	const char *data = tomoyo_read_token(param);
98 
99 	if (!tomoyo_correct_word(data) || strchr(data, '='))
100 		return -EINVAL;
101 	e.env = tomoyo_get_name(data);
102 	if (!e.env)
103 		return error;
104 	error = tomoyo_update_domain(&e.head, sizeof(e), param,
105 				  tomoyo_same_env_acl, NULL);
106 	tomoyo_put_name(e.env);
107 	return error;
108 }
109 
110 /**
111  * tomoyo_write_misc - Update environment variable list.
112  *
113  * @param: Pointer to "struct tomoyo_acl_param".
114  *
115  * Returns 0 on success, negative value otherwise.
116  */
117 int tomoyo_write_misc(struct tomoyo_acl_param *param)
118 {
119 	if (tomoyo_str_starts(&param->data, "env "))
120 		return tomoyo_write_env(param);
121 	return -EINVAL;
122 }
123