1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * security/tomoyo/file.c 4 * 5 * Copyright (C) 2005-2011 NTT DATA CORPORATION 6 */ 7 8 #include "common.h" 9 #include <linux/slab.h> 10 11 /* 12 * Mapping table from "enum tomoyo_path_acl_index" to "enum tomoyo_mac_index". 13 */ 14 static const u8 tomoyo_p2mac[TOMOYO_MAX_PATH_OPERATION] = { 15 [TOMOYO_TYPE_EXECUTE] = TOMOYO_MAC_FILE_EXECUTE, 16 [TOMOYO_TYPE_READ] = TOMOYO_MAC_FILE_OPEN, 17 [TOMOYO_TYPE_WRITE] = TOMOYO_MAC_FILE_OPEN, 18 [TOMOYO_TYPE_APPEND] = TOMOYO_MAC_FILE_OPEN, 19 [TOMOYO_TYPE_UNLINK] = TOMOYO_MAC_FILE_UNLINK, 20 [TOMOYO_TYPE_GETATTR] = TOMOYO_MAC_FILE_GETATTR, 21 [TOMOYO_TYPE_RMDIR] = TOMOYO_MAC_FILE_RMDIR, 22 [TOMOYO_TYPE_TRUNCATE] = TOMOYO_MAC_FILE_TRUNCATE, 23 [TOMOYO_TYPE_SYMLINK] = TOMOYO_MAC_FILE_SYMLINK, 24 [TOMOYO_TYPE_CHROOT] = TOMOYO_MAC_FILE_CHROOT, 25 [TOMOYO_TYPE_UMOUNT] = TOMOYO_MAC_FILE_UMOUNT, 26 }; 27 28 /* 29 * Mapping table from "enum tomoyo_mkdev_acl_index" to "enum tomoyo_mac_index". 30 */ 31 const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = { 32 [TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK, 33 [TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR, 34 }; 35 36 /* 37 * Mapping table from "enum tomoyo_path2_acl_index" to "enum tomoyo_mac_index". 38 */ 39 const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION] = { 40 [TOMOYO_TYPE_LINK] = TOMOYO_MAC_FILE_LINK, 41 [TOMOYO_TYPE_RENAME] = TOMOYO_MAC_FILE_RENAME, 42 [TOMOYO_TYPE_PIVOT_ROOT] = TOMOYO_MAC_FILE_PIVOT_ROOT, 43 }; 44 45 /* 46 * Mapping table from "enum tomoyo_path_number_acl_index" to 47 * "enum tomoyo_mac_index". 48 */ 49 const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION] = { 50 [TOMOYO_TYPE_CREATE] = TOMOYO_MAC_FILE_CREATE, 51 [TOMOYO_TYPE_MKDIR] = TOMOYO_MAC_FILE_MKDIR, 52 [TOMOYO_TYPE_MKFIFO] = TOMOYO_MAC_FILE_MKFIFO, 53 [TOMOYO_TYPE_MKSOCK] = TOMOYO_MAC_FILE_MKSOCK, 54 [TOMOYO_TYPE_IOCTL] = TOMOYO_MAC_FILE_IOCTL, 55 [TOMOYO_TYPE_CHMOD] = TOMOYO_MAC_FILE_CHMOD, 56 [TOMOYO_TYPE_CHOWN] = TOMOYO_MAC_FILE_CHOWN, 57 [TOMOYO_TYPE_CHGRP] = TOMOYO_MAC_FILE_CHGRP, 58 }; 59 60 /** 61 * tomoyo_put_name_union - Drop reference on "struct tomoyo_name_union". 62 * 63 * @ptr: Pointer to "struct tomoyo_name_union". 64 * 65 * Returns nothing. 66 */ 67 void tomoyo_put_name_union(struct tomoyo_name_union *ptr) 68 { 69 tomoyo_put_group(ptr->group); 70 tomoyo_put_name(ptr->filename); 71 } 72 73 /** 74 * tomoyo_compare_name_union - Check whether a name matches "struct tomoyo_name_union" or not. 75 * 76 * @name: Pointer to "struct tomoyo_path_info". 77 * @ptr: Pointer to "struct tomoyo_name_union". 78 * 79 * Returns "struct tomoyo_path_info" if @name matches @ptr, NULL otherwise. 80 */ 81 const struct tomoyo_path_info * 82 tomoyo_compare_name_union(const struct tomoyo_path_info *name, 83 const struct tomoyo_name_union *ptr) 84 { 85 if (ptr->group) 86 return tomoyo_path_matches_group(name, ptr->group); 87 if (tomoyo_path_matches_pattern(name, ptr->filename)) 88 return ptr->filename; 89 return NULL; 90 } 91 92 /** 93 * tomoyo_put_number_union - Drop reference on "struct tomoyo_number_union". 94 * 95 * @ptr: Pointer to "struct tomoyo_number_union". 96 * 97 * Returns nothing. 98 */ 99 void tomoyo_put_number_union(struct tomoyo_number_union *ptr) 100 { 101 tomoyo_put_group(ptr->group); 102 } 103 104 /** 105 * tomoyo_compare_number_union - Check whether a value matches "struct tomoyo_number_union" or not. 106 * 107 * @value: Number to check. 108 * @ptr: Pointer to "struct tomoyo_number_union". 109 * 110 * Returns true if @value matches @ptr, false otherwise. 111 */ 112 bool tomoyo_compare_number_union(const unsigned long value, 113 const struct tomoyo_number_union *ptr) 114 { 115 if (ptr->group) 116 return tomoyo_number_matches_group(value, value, ptr->group); 117 return value >= ptr->values[0] && value <= ptr->values[1]; 118 } 119 120 /** 121 * tomoyo_add_slash - Add trailing '/' if needed. 122 * 123 * @buf: Pointer to "struct tomoyo_path_info". 124 * 125 * Returns nothing. 126 * 127 * @buf must be generated by tomoyo_encode() because this function does not 128 * allocate memory for adding '/'. 129 */ 130 static void tomoyo_add_slash(struct tomoyo_path_info *buf) 131 { 132 if (buf->is_dir) 133 return; 134 /* 135 * This is OK because tomoyo_encode() reserves space for appending "/". 136 */ 137 strcat((char *) buf->name, "/"); 138 tomoyo_fill_path_info(buf); 139 } 140 141 /** 142 * tomoyo_get_realpath - Get realpath. 143 * 144 * @buf: Pointer to "struct tomoyo_path_info". 145 * @path: Pointer to "struct path". 146 * 147 * Returns true on success, false otherwise. 148 */ 149 static bool tomoyo_get_realpath(struct tomoyo_path_info *buf, const struct path *path) 150 { 151 buf->name = tomoyo_realpath_from_path(path); 152 if (buf->name) { 153 tomoyo_fill_path_info(buf); 154 return true; 155 } 156 return false; 157 } 158 159 /** 160 * tomoyo_audit_path_log - Audit path request log. 161 * 162 * @r: Pointer to "struct tomoyo_request_info". 163 * 164 * Returns 0 on success, negative value otherwise. 165 */ 166 static int tomoyo_audit_path_log(struct tomoyo_request_info *r) 167 { 168 return tomoyo_supervisor(r, "file %s %s\n", tomoyo_path_keyword 169 [r->param.path.operation], 170 r->param.path.filename->name); 171 } 172 173 /** 174 * tomoyo_audit_path2_log - Audit path/path request log. 175 * 176 * @r: Pointer to "struct tomoyo_request_info". 177 * 178 * Returns 0 on success, negative value otherwise. 179 */ 180 static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) 181 { 182 return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_mac_keywords 183 [tomoyo_pp2mac[r->param.path2.operation]], 184 r->param.path2.filename1->name, 185 r->param.path2.filename2->name); 186 } 187 188 /** 189 * tomoyo_audit_mkdev_log - Audit path/number/number/number request log. 190 * 191 * @r: Pointer to "struct tomoyo_request_info". 192 * 193 * Returns 0 on success, negative value otherwise. 194 */ 195 static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) 196 { 197 return tomoyo_supervisor(r, "file %s %s 0%o %u %u\n", 198 tomoyo_mac_keywords 199 [tomoyo_pnnn2mac[r->param.mkdev.operation]], 200 r->param.mkdev.filename->name, 201 r->param.mkdev.mode, r->param.mkdev.major, 202 r->param.mkdev.minor); 203 } 204 205 /** 206 * tomoyo_audit_path_number_log - Audit path/number request log. 207 * 208 * @r: Pointer to "struct tomoyo_request_info". 209 * 210 * Returns 0 on success, negative value otherwise. 211 */ 212 static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r) 213 { 214 const u8 type = r->param.path_number.operation; 215 u8 radix; 216 char buffer[64]; 217 switch (type) { 218 case TOMOYO_TYPE_CREATE: 219 case TOMOYO_TYPE_MKDIR: 220 case TOMOYO_TYPE_MKFIFO: 221 case TOMOYO_TYPE_MKSOCK: 222 case TOMOYO_TYPE_CHMOD: 223 radix = TOMOYO_VALUE_TYPE_OCTAL; 224 break; 225 case TOMOYO_TYPE_IOCTL: 226 radix = TOMOYO_VALUE_TYPE_HEXADECIMAL; 227 break; 228 default: 229 radix = TOMOYO_VALUE_TYPE_DECIMAL; 230 break; 231 } 232 tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number, 233 radix); 234 return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_mac_keywords 235 [tomoyo_pn2mac[type]], 236 r->param.path_number.filename->name, buffer); 237 } 238 239 /** 240 * tomoyo_check_path_acl - Check permission for path operation. 241 * 242 * @r: Pointer to "struct tomoyo_request_info". 243 * @ptr: Pointer to "struct tomoyo_acl_info". 244 * 245 * Returns true if granted, false otherwise. 246 * 247 * To be able to use wildcard for domain transition, this function sets 248 * matching entry on success. Since the caller holds tomoyo_read_lock(), 249 * it is safe to set matching entry. 250 */ 251 static bool tomoyo_check_path_acl(struct tomoyo_request_info *r, 252 const struct tomoyo_acl_info *ptr) 253 { 254 const struct tomoyo_path_acl *acl = container_of(ptr, typeof(*acl), 255 head); 256 if (acl->perm & (1 << r->param.path.operation)) { 257 r->param.path.matched_path = 258 tomoyo_compare_name_union(r->param.path.filename, 259 &acl->name); 260 return r->param.path.matched_path != NULL; 261 } 262 return false; 263 } 264 265 /** 266 * tomoyo_check_path_number_acl - Check permission for path number operation. 267 * 268 * @r: Pointer to "struct tomoyo_request_info". 269 * @ptr: Pointer to "struct tomoyo_acl_info". 270 * 271 * Returns true if granted, false otherwise. 272 */ 273 static bool tomoyo_check_path_number_acl(struct tomoyo_request_info *r, 274 const struct tomoyo_acl_info *ptr) 275 { 276 const struct tomoyo_path_number_acl *acl = 277 container_of(ptr, typeof(*acl), head); 278 return (acl->perm & (1 << r->param.path_number.operation)) && 279 tomoyo_compare_number_union(r->param.path_number.number, 280 &acl->number) && 281 tomoyo_compare_name_union(r->param.path_number.filename, 282 &acl->name); 283 } 284 285 /** 286 * tomoyo_check_path2_acl - Check permission for path path operation. 287 * 288 * @r: Pointer to "struct tomoyo_request_info". 289 * @ptr: Pointer to "struct tomoyo_acl_info". 290 * 291 * Returns true if granted, false otherwise. 292 */ 293 static bool tomoyo_check_path2_acl(struct tomoyo_request_info *r, 294 const struct tomoyo_acl_info *ptr) 295 { 296 const struct tomoyo_path2_acl *acl = 297 container_of(ptr, typeof(*acl), head); 298 return (acl->perm & (1 << r->param.path2.operation)) && 299 tomoyo_compare_name_union(r->param.path2.filename1, &acl->name1) 300 && tomoyo_compare_name_union(r->param.path2.filename2, 301 &acl->name2); 302 } 303 304 /** 305 * tomoyo_check_mkdev_acl - Check permission for path number number number operation. 306 * 307 * @r: Pointer to "struct tomoyo_request_info". 308 * @ptr: Pointer to "struct tomoyo_acl_info". 309 * 310 * Returns true if granted, false otherwise. 311 */ 312 static bool tomoyo_check_mkdev_acl(struct tomoyo_request_info *r, 313 const struct tomoyo_acl_info *ptr) 314 { 315 const struct tomoyo_mkdev_acl *acl = 316 container_of(ptr, typeof(*acl), head); 317 return (acl->perm & (1 << r->param.mkdev.operation)) && 318 tomoyo_compare_number_union(r->param.mkdev.mode, 319 &acl->mode) && 320 tomoyo_compare_number_union(r->param.mkdev.major, 321 &acl->major) && 322 tomoyo_compare_number_union(r->param.mkdev.minor, 323 &acl->minor) && 324 tomoyo_compare_name_union(r->param.mkdev.filename, 325 &acl->name); 326 } 327 328 /** 329 * tomoyo_same_path_acl - Check for duplicated "struct tomoyo_path_acl" entry. 330 * 331 * @a: Pointer to "struct tomoyo_acl_info". 332 * @b: Pointer to "struct tomoyo_acl_info". 333 * 334 * Returns true if @a == @b except permission bits, false otherwise. 335 */ 336 static bool tomoyo_same_path_acl(const struct tomoyo_acl_info *a, 337 const struct tomoyo_acl_info *b) 338 { 339 const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head); 340 const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head); 341 return tomoyo_same_name_union(&p1->name, &p2->name); 342 } 343 344 /** 345 * tomoyo_merge_path_acl - Merge duplicated "struct tomoyo_path_acl" entry. 346 * 347 * @a: Pointer to "struct tomoyo_acl_info". 348 * @b: Pointer to "struct tomoyo_acl_info". 349 * @is_delete: True for @a &= ~@b, false for @a |= @b. 350 * 351 * Returns true if @a is empty, false otherwise. 352 */ 353 static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a, 354 struct tomoyo_acl_info *b, 355 const bool is_delete) 356 { 357 u16 * const a_perm = &container_of(a, struct tomoyo_path_acl, head) 358 ->perm; 359 u16 perm = *a_perm; 360 const u16 b_perm = container_of(b, struct tomoyo_path_acl, head)->perm; 361 if (is_delete) 362 perm &= ~b_perm; 363 else 364 perm |= b_perm; 365 *a_perm = perm; 366 return !perm; 367 } 368 369 /** 370 * tomoyo_update_path_acl - Update "struct tomoyo_path_acl" list. 371 * 372 * @perm: Permission. 373 * @param: Pointer to "struct tomoyo_acl_param". 374 * 375 * Returns 0 on success, negative value otherwise. 376 * 377 * Caller holds tomoyo_read_lock(). 378 */ 379 static int tomoyo_update_path_acl(const u16 perm, 380 struct tomoyo_acl_param *param) 381 { 382 struct tomoyo_path_acl e = { 383 .head.type = TOMOYO_TYPE_PATH_ACL, 384 .perm = perm 385 }; 386 int error; 387 if (!tomoyo_parse_name_union(param, &e.name)) 388 error = -EINVAL; 389 else 390 error = tomoyo_update_domain(&e.head, sizeof(e), param, 391 tomoyo_same_path_acl, 392 tomoyo_merge_path_acl); 393 tomoyo_put_name_union(&e.name); 394 return error; 395 } 396 397 /** 398 * tomoyo_same_mkdev_acl - Check for duplicated "struct tomoyo_mkdev_acl" entry. 399 * 400 * @a: Pointer to "struct tomoyo_acl_info". 401 * @b: Pointer to "struct tomoyo_acl_info". 402 * 403 * Returns true if @a == @b except permission bits, false otherwise. 404 */ 405 static bool tomoyo_same_mkdev_acl(const struct tomoyo_acl_info *a, 406 const struct tomoyo_acl_info *b) 407 { 408 const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1), head); 409 const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2), head); 410 return tomoyo_same_name_union(&p1->name, &p2->name) && 411 tomoyo_same_number_union(&p1->mode, &p2->mode) && 412 tomoyo_same_number_union(&p1->major, &p2->major) && 413 tomoyo_same_number_union(&p1->minor, &p2->minor); 414 } 415 416 /** 417 * tomoyo_merge_mkdev_acl - Merge duplicated "struct tomoyo_mkdev_acl" entry. 418 * 419 * @a: Pointer to "struct tomoyo_acl_info". 420 * @b: Pointer to "struct tomoyo_acl_info". 421 * @is_delete: True for @a &= ~@b, false for @a |= @b. 422 * 423 * Returns true if @a is empty, false otherwise. 424 */ 425 static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a, 426 struct tomoyo_acl_info *b, 427 const bool is_delete) 428 { 429 u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl, 430 head)->perm; 431 u8 perm = *a_perm; 432 const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head) 433 ->perm; 434 if (is_delete) 435 perm &= ~b_perm; 436 else 437 perm |= b_perm; 438 *a_perm = perm; 439 return !perm; 440 } 441 442 /** 443 * tomoyo_update_mkdev_acl - Update "struct tomoyo_mkdev_acl" list. 444 * 445 * @perm: Permission. 446 * @param: Pointer to "struct tomoyo_acl_param". 447 * 448 * Returns 0 on success, negative value otherwise. 449 * 450 * Caller holds tomoyo_read_lock(). 451 */ 452 static int tomoyo_update_mkdev_acl(const u8 perm, 453 struct tomoyo_acl_param *param) 454 { 455 struct tomoyo_mkdev_acl e = { 456 .head.type = TOMOYO_TYPE_MKDEV_ACL, 457 .perm = perm 458 }; 459 int error; 460 if (!tomoyo_parse_name_union(param, &e.name) || 461 !tomoyo_parse_number_union(param, &e.mode) || 462 !tomoyo_parse_number_union(param, &e.major) || 463 !tomoyo_parse_number_union(param, &e.minor)) 464 error = -EINVAL; 465 else 466 error = tomoyo_update_domain(&e.head, sizeof(e), param, 467 tomoyo_same_mkdev_acl, 468 tomoyo_merge_mkdev_acl); 469 tomoyo_put_name_union(&e.name); 470 tomoyo_put_number_union(&e.mode); 471 tomoyo_put_number_union(&e.major); 472 tomoyo_put_number_union(&e.minor); 473 return error; 474 } 475 476 /** 477 * tomoyo_same_path2_acl - Check for duplicated "struct tomoyo_path2_acl" entry. 478 * 479 * @a: Pointer to "struct tomoyo_acl_info". 480 * @b: Pointer to "struct tomoyo_acl_info". 481 * 482 * Returns true if @a == @b except permission bits, false otherwise. 483 */ 484 static bool tomoyo_same_path2_acl(const struct tomoyo_acl_info *a, 485 const struct tomoyo_acl_info *b) 486 { 487 const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head); 488 const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head); 489 return tomoyo_same_name_union(&p1->name1, &p2->name1) && 490 tomoyo_same_name_union(&p1->name2, &p2->name2); 491 } 492 493 /** 494 * tomoyo_merge_path2_acl - Merge duplicated "struct tomoyo_path2_acl" entry. 495 * 496 * @a: Pointer to "struct tomoyo_acl_info". 497 * @b: Pointer to "struct tomoyo_acl_info". 498 * @is_delete: True for @a &= ~@b, false for @a |= @b. 499 * 500 * Returns true if @a is empty, false otherwise. 501 */ 502 static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a, 503 struct tomoyo_acl_info *b, 504 const bool is_delete) 505 { 506 u8 * const a_perm = &container_of(a, struct tomoyo_path2_acl, head) 507 ->perm; 508 u8 perm = *a_perm; 509 const u8 b_perm = container_of(b, struct tomoyo_path2_acl, head)->perm; 510 if (is_delete) 511 perm &= ~b_perm; 512 else 513 perm |= b_perm; 514 *a_perm = perm; 515 return !perm; 516 } 517 518 /** 519 * tomoyo_update_path2_acl - Update "struct tomoyo_path2_acl" list. 520 * 521 * @perm: Permission. 522 * @param: Pointer to "struct tomoyo_acl_param". 523 * 524 * Returns 0 on success, negative value otherwise. 525 * 526 * Caller holds tomoyo_read_lock(). 527 */ 528 static int tomoyo_update_path2_acl(const u8 perm, 529 struct tomoyo_acl_param *param) 530 { 531 struct tomoyo_path2_acl e = { 532 .head.type = TOMOYO_TYPE_PATH2_ACL, 533 .perm = perm 534 }; 535 int error; 536 if (!tomoyo_parse_name_union(param, &e.name1) || 537 !tomoyo_parse_name_union(param, &e.name2)) 538 error = -EINVAL; 539 else 540 error = tomoyo_update_domain(&e.head, sizeof(e), param, 541 tomoyo_same_path2_acl, 542 tomoyo_merge_path2_acl); 543 tomoyo_put_name_union(&e.name1); 544 tomoyo_put_name_union(&e.name2); 545 return error; 546 } 547 548 /** 549 * tomoyo_path_permission - Check permission for single path operation. 550 * 551 * @r: Pointer to "struct tomoyo_request_info". 552 * @operation: Type of operation. 553 * @filename: Filename to check. 554 * 555 * Returns 0 on success, negative value otherwise. 556 * 557 * Caller holds tomoyo_read_lock(). 558 */ 559 static int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, 560 const struct tomoyo_path_info *filename) 561 { 562 int error; 563 564 r->type = tomoyo_p2mac[operation]; 565 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); 566 if (r->mode == TOMOYO_CONFIG_DISABLED) 567 return 0; 568 r->param_type = TOMOYO_TYPE_PATH_ACL; 569 r->param.path.filename = filename; 570 r->param.path.operation = operation; 571 do { 572 tomoyo_check_acl(r, tomoyo_check_path_acl); 573 error = tomoyo_audit_path_log(r); 574 } while (error == TOMOYO_RETRY_REQUEST); 575 return error; 576 } 577 578 /** 579 * tomoyo_execute_permission - Check permission for execute operation. 580 * 581 * @r: Pointer to "struct tomoyo_request_info". 582 * @filename: Filename to check. 583 * 584 * Returns 0 on success, negative value otherwise. 585 * 586 * Caller holds tomoyo_read_lock(). 587 */ 588 int tomoyo_execute_permission(struct tomoyo_request_info *r, 589 const struct tomoyo_path_info *filename) 590 { 591 /* 592 * Unlike other permission checks, this check is done regardless of 593 * profile mode settings in order to check for domain transition 594 * preference. 595 */ 596 r->type = TOMOYO_MAC_FILE_EXECUTE; 597 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); 598 r->param_type = TOMOYO_TYPE_PATH_ACL; 599 r->param.path.filename = filename; 600 r->param.path.operation = TOMOYO_TYPE_EXECUTE; 601 tomoyo_check_acl(r, tomoyo_check_path_acl); 602 r->ee->transition = r->matched_acl && r->matched_acl->cond ? 603 r->matched_acl->cond->transit : NULL; 604 if (r->mode != TOMOYO_CONFIG_DISABLED) 605 return tomoyo_audit_path_log(r); 606 return 0; 607 } 608 609 /** 610 * tomoyo_same_path_number_acl - Check for duplicated "struct tomoyo_path_number_acl" entry. 611 * 612 * @a: Pointer to "struct tomoyo_acl_info". 613 * @b: Pointer to "struct tomoyo_acl_info". 614 * 615 * Returns true if @a == @b except permission bits, false otherwise. 616 */ 617 static bool tomoyo_same_path_number_acl(const struct tomoyo_acl_info *a, 618 const struct tomoyo_acl_info *b) 619 { 620 const struct tomoyo_path_number_acl *p1 = container_of(a, typeof(*p1), 621 head); 622 const struct tomoyo_path_number_acl *p2 = container_of(b, typeof(*p2), 623 head); 624 return tomoyo_same_name_union(&p1->name, &p2->name) && 625 tomoyo_same_number_union(&p1->number, &p2->number); 626 } 627 628 /** 629 * tomoyo_merge_path_number_acl - Merge duplicated "struct tomoyo_path_number_acl" entry. 630 * 631 * @a: Pointer to "struct tomoyo_acl_info". 632 * @b: Pointer to "struct tomoyo_acl_info". 633 * @is_delete: True for @a &= ~@b, false for @a |= @b. 634 * 635 * Returns true if @a is empty, false otherwise. 636 */ 637 static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a, 638 struct tomoyo_acl_info *b, 639 const bool is_delete) 640 { 641 u8 * const a_perm = &container_of(a, struct tomoyo_path_number_acl, 642 head)->perm; 643 u8 perm = *a_perm; 644 const u8 b_perm = container_of(b, struct tomoyo_path_number_acl, head) 645 ->perm; 646 if (is_delete) 647 perm &= ~b_perm; 648 else 649 perm |= b_perm; 650 *a_perm = perm; 651 return !perm; 652 } 653 654 /** 655 * tomoyo_update_path_number_acl - Update ioctl/chmod/chown/chgrp ACL. 656 * 657 * @perm: Permission. 658 * @param: Pointer to "struct tomoyo_acl_param". 659 * 660 * Returns 0 on success, negative value otherwise. 661 */ 662 static int tomoyo_update_path_number_acl(const u8 perm, 663 struct tomoyo_acl_param *param) 664 { 665 struct tomoyo_path_number_acl e = { 666 .head.type = TOMOYO_TYPE_PATH_NUMBER_ACL, 667 .perm = perm 668 }; 669 int error; 670 if (!tomoyo_parse_name_union(param, &e.name) || 671 !tomoyo_parse_number_union(param, &e.number)) 672 error = -EINVAL; 673 else 674 error = tomoyo_update_domain(&e.head, sizeof(e), param, 675 tomoyo_same_path_number_acl, 676 tomoyo_merge_path_number_acl); 677 tomoyo_put_name_union(&e.name); 678 tomoyo_put_number_union(&e.number); 679 return error; 680 } 681 682 /** 683 * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp". 684 * 685 * @type: Type of operation. 686 * @path: Pointer to "struct path". 687 * @number: Number. 688 * 689 * Returns 0 on success, negative value otherwise. 690 */ 691 int tomoyo_path_number_perm(const u8 type, const struct path *path, 692 unsigned long number) 693 { 694 struct tomoyo_request_info r; 695 struct tomoyo_obj_info obj = { 696 .path1 = { .mnt = path->mnt, .dentry = path->dentry }, 697 }; 698 int error = -ENOMEM; 699 struct tomoyo_path_info buf; 700 int idx; 701 702 if (tomoyo_init_request_info(&r, NULL, tomoyo_pn2mac[type]) 703 == TOMOYO_CONFIG_DISABLED || !path->dentry) 704 return 0; 705 idx = tomoyo_read_lock(); 706 if (!tomoyo_get_realpath(&buf, path)) 707 goto out; 708 r.obj = &obj; 709 if (type == TOMOYO_TYPE_MKDIR) 710 tomoyo_add_slash(&buf); 711 r.param_type = TOMOYO_TYPE_PATH_NUMBER_ACL; 712 r.param.path_number.operation = type; 713 r.param.path_number.filename = &buf; 714 r.param.path_number.number = number; 715 do { 716 tomoyo_check_acl(&r, tomoyo_check_path_number_acl); 717 error = tomoyo_audit_path_number_log(&r); 718 } while (error == TOMOYO_RETRY_REQUEST); 719 kfree(buf.name); 720 out: 721 tomoyo_read_unlock(idx); 722 if (r.mode != TOMOYO_CONFIG_ENFORCING) 723 error = 0; 724 return error; 725 } 726 727 /** 728 * tomoyo_check_open_permission - Check permission for "read" and "write". 729 * 730 * @domain: Pointer to "struct tomoyo_domain_info". 731 * @path: Pointer to "struct path". 732 * @flag: Flags for open(). 733 * 734 * Returns 0 on success, negative value otherwise. 735 */ 736 int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, 737 const struct path *path, const int flag) 738 { 739 const u8 acc_mode = ACC_MODE(flag); 740 int error = 0; 741 struct tomoyo_path_info buf; 742 struct tomoyo_request_info r; 743 struct tomoyo_obj_info obj = { 744 .path1 = { .mnt = path->mnt, .dentry = path->dentry }, 745 }; 746 int idx; 747 748 buf.name = NULL; 749 r.mode = TOMOYO_CONFIG_DISABLED; 750 idx = tomoyo_read_lock(); 751 if (acc_mode && 752 tomoyo_init_request_info(&r, domain, TOMOYO_MAC_FILE_OPEN) 753 != TOMOYO_CONFIG_DISABLED) { 754 if (!tomoyo_get_realpath(&buf, path)) { 755 error = -ENOMEM; 756 goto out; 757 } 758 r.obj = &obj; 759 if (acc_mode & MAY_READ) 760 error = tomoyo_path_permission(&r, TOMOYO_TYPE_READ, 761 &buf); 762 if (!error && (acc_mode & MAY_WRITE)) 763 error = tomoyo_path_permission(&r, (flag & O_APPEND) ? 764 TOMOYO_TYPE_APPEND : 765 TOMOYO_TYPE_WRITE, 766 &buf); 767 } 768 out: 769 kfree(buf.name); 770 tomoyo_read_unlock(idx); 771 if (r.mode != TOMOYO_CONFIG_ENFORCING) 772 error = 0; 773 return error; 774 } 775 776 /** 777 * tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "append", "chroot" and "unmount". 778 * 779 * @operation: Type of operation. 780 * @path: Pointer to "struct path". 781 * @target: Symlink's target if @operation is TOMOYO_TYPE_SYMLINK, 782 * NULL otherwise. 783 * 784 * Returns 0 on success, negative value otherwise. 785 */ 786 int tomoyo_path_perm(const u8 operation, const struct path *path, const char *target) 787 { 788 struct tomoyo_request_info r; 789 struct tomoyo_obj_info obj = { 790 .path1 = { .mnt = path->mnt, .dentry = path->dentry }, 791 }; 792 int error; 793 struct tomoyo_path_info buf; 794 bool is_enforce; 795 struct tomoyo_path_info symlink_target; 796 int idx; 797 798 if (tomoyo_init_request_info(&r, NULL, tomoyo_p2mac[operation]) 799 == TOMOYO_CONFIG_DISABLED) 800 return 0; 801 is_enforce = (r.mode == TOMOYO_CONFIG_ENFORCING); 802 error = -ENOMEM; 803 buf.name = NULL; 804 idx = tomoyo_read_lock(); 805 if (!tomoyo_get_realpath(&buf, path)) 806 goto out; 807 r.obj = &obj; 808 switch (operation) { 809 case TOMOYO_TYPE_RMDIR: 810 case TOMOYO_TYPE_CHROOT: 811 tomoyo_add_slash(&buf); 812 break; 813 case TOMOYO_TYPE_SYMLINK: 814 symlink_target.name = tomoyo_encode(target); 815 if (!symlink_target.name) 816 goto out; 817 tomoyo_fill_path_info(&symlink_target); 818 obj.symlink_target = &symlink_target; 819 break; 820 } 821 error = tomoyo_path_permission(&r, operation, &buf); 822 if (operation == TOMOYO_TYPE_SYMLINK) 823 kfree(symlink_target.name); 824 out: 825 kfree(buf.name); 826 tomoyo_read_unlock(idx); 827 if (!is_enforce) 828 error = 0; 829 return error; 830 } 831 832 /** 833 * tomoyo_mkdev_perm - Check permission for "mkblock" and "mkchar". 834 * 835 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK) 836 * @path: Pointer to "struct path". 837 * @mode: Create mode. 838 * @dev: Device number. 839 * 840 * Returns 0 on success, negative value otherwise. 841 */ 842 int tomoyo_mkdev_perm(const u8 operation, const struct path *path, 843 const unsigned int mode, unsigned int dev) 844 { 845 struct tomoyo_request_info r; 846 struct tomoyo_obj_info obj = { 847 .path1 = { .mnt = path->mnt, .dentry = path->dentry }, 848 }; 849 int error = -ENOMEM; 850 struct tomoyo_path_info buf; 851 int idx; 852 853 if (tomoyo_init_request_info(&r, NULL, tomoyo_pnnn2mac[operation]) 854 == TOMOYO_CONFIG_DISABLED) 855 return 0; 856 idx = tomoyo_read_lock(); 857 error = -ENOMEM; 858 if (tomoyo_get_realpath(&buf, path)) { 859 r.obj = &obj; 860 dev = new_decode_dev(dev); 861 r.param_type = TOMOYO_TYPE_MKDEV_ACL; 862 r.param.mkdev.filename = &buf; 863 r.param.mkdev.operation = operation; 864 r.param.mkdev.mode = mode; 865 r.param.mkdev.major = MAJOR(dev); 866 r.param.mkdev.minor = MINOR(dev); 867 tomoyo_check_acl(&r, tomoyo_check_mkdev_acl); 868 error = tomoyo_audit_mkdev_log(&r); 869 kfree(buf.name); 870 } 871 tomoyo_read_unlock(idx); 872 if (r.mode != TOMOYO_CONFIG_ENFORCING) 873 error = 0; 874 return error; 875 } 876 877 /** 878 * tomoyo_path2_perm - Check permission for "rename", "link" and "pivot_root". 879 * 880 * @operation: Type of operation. 881 * @path1: Pointer to "struct path". 882 * @path2: Pointer to "struct path". 883 * 884 * Returns 0 on success, negative value otherwise. 885 */ 886 int tomoyo_path2_perm(const u8 operation, const struct path *path1, 887 const struct path *path2) 888 { 889 int error = -ENOMEM; 890 struct tomoyo_path_info buf1; 891 struct tomoyo_path_info buf2; 892 struct tomoyo_request_info r; 893 struct tomoyo_obj_info obj = { 894 .path1 = { .mnt = path1->mnt, .dentry = path1->dentry }, 895 .path2 = { .mnt = path2->mnt, .dentry = path2->dentry } 896 }; 897 int idx; 898 899 if (tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation]) 900 == TOMOYO_CONFIG_DISABLED) 901 return 0; 902 buf1.name = NULL; 903 buf2.name = NULL; 904 idx = tomoyo_read_lock(); 905 if (!tomoyo_get_realpath(&buf1, path1) || 906 !tomoyo_get_realpath(&buf2, path2)) 907 goto out; 908 switch (operation) { 909 case TOMOYO_TYPE_RENAME: 910 case TOMOYO_TYPE_LINK: 911 if (!d_is_dir(path1->dentry)) 912 break; 913 /* fall through */ 914 case TOMOYO_TYPE_PIVOT_ROOT: 915 tomoyo_add_slash(&buf1); 916 tomoyo_add_slash(&buf2); 917 break; 918 } 919 r.obj = &obj; 920 r.param_type = TOMOYO_TYPE_PATH2_ACL; 921 r.param.path2.operation = operation; 922 r.param.path2.filename1 = &buf1; 923 r.param.path2.filename2 = &buf2; 924 do { 925 tomoyo_check_acl(&r, tomoyo_check_path2_acl); 926 error = tomoyo_audit_path2_log(&r); 927 } while (error == TOMOYO_RETRY_REQUEST); 928 out: 929 kfree(buf1.name); 930 kfree(buf2.name); 931 tomoyo_read_unlock(idx); 932 if (r.mode != TOMOYO_CONFIG_ENFORCING) 933 error = 0; 934 return error; 935 } 936 937 /** 938 * tomoyo_same_mount_acl - Check for duplicated "struct tomoyo_mount_acl" entry. 939 * 940 * @a: Pointer to "struct tomoyo_acl_info". 941 * @b: Pointer to "struct tomoyo_acl_info". 942 * 943 * Returns true if @a == @b, false otherwise. 944 */ 945 static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a, 946 const struct tomoyo_acl_info *b) 947 { 948 const struct tomoyo_mount_acl *p1 = container_of(a, typeof(*p1), head); 949 const struct tomoyo_mount_acl *p2 = container_of(b, typeof(*p2), head); 950 return tomoyo_same_name_union(&p1->dev_name, &p2->dev_name) && 951 tomoyo_same_name_union(&p1->dir_name, &p2->dir_name) && 952 tomoyo_same_name_union(&p1->fs_type, &p2->fs_type) && 953 tomoyo_same_number_union(&p1->flags, &p2->flags); 954 } 955 956 /** 957 * tomoyo_update_mount_acl - Write "struct tomoyo_mount_acl" list. 958 * 959 * @param: Pointer to "struct tomoyo_acl_param". 960 * 961 * Returns 0 on success, negative value otherwise. 962 * 963 * Caller holds tomoyo_read_lock(). 964 */ 965 static int tomoyo_update_mount_acl(struct tomoyo_acl_param *param) 966 { 967 struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL }; 968 int error; 969 if (!tomoyo_parse_name_union(param, &e.dev_name) || 970 !tomoyo_parse_name_union(param, &e.dir_name) || 971 !tomoyo_parse_name_union(param, &e.fs_type) || 972 !tomoyo_parse_number_union(param, &e.flags)) 973 error = -EINVAL; 974 else 975 error = tomoyo_update_domain(&e.head, sizeof(e), param, 976 tomoyo_same_mount_acl, NULL); 977 tomoyo_put_name_union(&e.dev_name); 978 tomoyo_put_name_union(&e.dir_name); 979 tomoyo_put_name_union(&e.fs_type); 980 tomoyo_put_number_union(&e.flags); 981 return error; 982 } 983 984 /** 985 * tomoyo_write_file - Update file related list. 986 * 987 * @param: Pointer to "struct tomoyo_acl_param". 988 * 989 * Returns 0 on success, negative value otherwise. 990 * 991 * Caller holds tomoyo_read_lock(). 992 */ 993 int tomoyo_write_file(struct tomoyo_acl_param *param) 994 { 995 u16 perm = 0; 996 u8 type; 997 const char *operation = tomoyo_read_token(param); 998 for (type = 0; type < TOMOYO_MAX_PATH_OPERATION; type++) 999 if (tomoyo_permstr(operation, tomoyo_path_keyword[type])) 1000 perm |= 1 << type; 1001 if (perm) 1002 return tomoyo_update_path_acl(perm, param); 1003 for (type = 0; type < TOMOYO_MAX_PATH2_OPERATION; type++) 1004 if (tomoyo_permstr(operation, 1005 tomoyo_mac_keywords[tomoyo_pp2mac[type]])) 1006 perm |= 1 << type; 1007 if (perm) 1008 return tomoyo_update_path2_acl(perm, param); 1009 for (type = 0; type < TOMOYO_MAX_PATH_NUMBER_OPERATION; type++) 1010 if (tomoyo_permstr(operation, 1011 tomoyo_mac_keywords[tomoyo_pn2mac[type]])) 1012 perm |= 1 << type; 1013 if (perm) 1014 return tomoyo_update_path_number_acl(perm, param); 1015 for (type = 0; type < TOMOYO_MAX_MKDEV_OPERATION; type++) 1016 if (tomoyo_permstr(operation, 1017 tomoyo_mac_keywords[tomoyo_pnnn2mac[type]])) 1018 perm |= 1 << type; 1019 if (perm) 1020 return tomoyo_update_mkdev_acl(perm, param); 1021 if (tomoyo_permstr(operation, 1022 tomoyo_mac_keywords[TOMOYO_MAC_FILE_MOUNT])) 1023 return tomoyo_update_mount_acl(param); 1024 return -EINVAL; 1025 } 1026