1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * security/tomoyo/securityfs_if.c 4 * 5 * Copyright (C) 2005-2011 NTT DATA CORPORATION 6 */ 7 8 #include <linux/security.h> 9 #include "common.h" 10 11 /** 12 * tomoyo_check_task_acl - Check permission for task operation. 13 * 14 * @r: Pointer to "struct tomoyo_request_info". 15 * @ptr: Pointer to "struct tomoyo_acl_info". 16 * 17 * Returns true if granted, false otherwise. 18 */ 19 static bool tomoyo_check_task_acl(struct tomoyo_request_info *r, 20 const struct tomoyo_acl_info *ptr) 21 { 22 const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl), 23 head); 24 25 return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname); 26 } 27 28 /** 29 * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface. 30 * 31 * @file: Pointer to "struct file". 32 * @buf: Domainname to transit to. 33 * @count: Size of @buf. 34 * @ppos: Unused. 35 * 36 * Returns @count on success, negative value otherwise. 37 * 38 * If domain transition was permitted but the domain transition failed, this 39 * function returns error rather than terminating current thread with SIGKILL. 40 */ 41 static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, 42 size_t count, loff_t *ppos) 43 { 44 char *data; 45 int error; 46 47 if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10) 48 return -ENOMEM; 49 data = memdup_user_nul(buf, count); 50 if (IS_ERR(data)) 51 return PTR_ERR(data); 52 tomoyo_normalize_line(data); 53 if (tomoyo_correct_domain(data)) { 54 const int idx = tomoyo_read_lock(); 55 struct tomoyo_path_info name; 56 struct tomoyo_request_info r; 57 58 name.name = data; 59 tomoyo_fill_path_info(&name); 60 /* Check "task manual_domain_transition" permission. */ 61 tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); 62 r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL; 63 r.param.task.domainname = &name; 64 tomoyo_check_acl(&r, tomoyo_check_task_acl); 65 if (!r.granted) 66 error = -EPERM; 67 else { 68 struct tomoyo_domain_info *new_domain = 69 tomoyo_assign_domain(data, true); 70 if (!new_domain) { 71 error = -ENOENT; 72 } else { 73 struct tomoyo_task *s = tomoyo_task(current); 74 struct tomoyo_domain_info *old_domain = 75 s->domain_info; 76 77 s->domain_info = new_domain; 78 atomic_inc(&new_domain->users); 79 atomic_dec(&old_domain->users); 80 error = 0; 81 } 82 } 83 tomoyo_read_unlock(idx); 84 } else 85 error = -EINVAL; 86 kfree(data); 87 return error ? error : count; 88 } 89 90 /** 91 * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface. 92 * 93 * @file: Pointer to "struct file". 94 * @buf: Domainname which current thread belongs to. 95 * @count: Size of @buf. 96 * @ppos: Bytes read by now. 97 * 98 * Returns read size on success, negative value otherwise. 99 */ 100 static ssize_t tomoyo_read_self(struct file *file, char __user *buf, 101 size_t count, loff_t *ppos) 102 { 103 const char *domain = tomoyo_domain()->domainname->name; 104 loff_t len = strlen(domain); 105 loff_t pos = *ppos; 106 107 if (pos >= len || !count) 108 return 0; 109 len -= pos; 110 if (count < len) 111 len = count; 112 if (copy_to_user(buf, domain + pos, len)) 113 return -EFAULT; 114 *ppos += len; 115 return len; 116 } 117 118 /* Operations for /sys/kernel/security/tomoyo/self_domain interface. */ 119 static const struct file_operations tomoyo_self_operations = { 120 .write = tomoyo_write_self, 121 .read = tomoyo_read_self, 122 }; 123 124 /** 125 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. 126 * 127 * @inode: Pointer to "struct inode". 128 * @file: Pointer to "struct file". 129 * 130 * Returns 0 on success, negative value otherwise. 131 */ 132 static int tomoyo_open(struct inode *inode, struct file *file) 133 { 134 const u8 key = (uintptr_t) file_inode(file)->i_private; 135 136 return tomoyo_open_control(key, file); 137 } 138 139 /** 140 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. 141 * 142 * @inode: Pointer to "struct inode". 143 * @file: Pointer to "struct file". 144 * 145 */ 146 static int tomoyo_release(struct inode *inode, struct file *file) 147 { 148 tomoyo_close_control(file->private_data); 149 return 0; 150 } 151 152 /** 153 * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface. 154 * 155 * @file: Pointer to "struct file". 156 * @wait: Pointer to "poll_table". Maybe NULL. 157 * 158 * Returns EPOLLIN | EPOLLRDNORM | EPOLLOUT | EPOLLWRNORM if ready to read/write, 159 * EPOLLOUT | EPOLLWRNORM otherwise. 160 */ 161 static __poll_t tomoyo_poll(struct file *file, poll_table *wait) 162 { 163 return tomoyo_poll_control(file, wait); 164 } 165 166 /** 167 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. 168 * 169 * @file: Pointer to "struct file". 170 * @buf: Pointer to buffer. 171 * @count: Size of @buf. 172 * @ppos: Unused. 173 * 174 * Returns bytes read on success, negative value otherwise. 175 */ 176 static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, 177 loff_t *ppos) 178 { 179 return tomoyo_read_control(file->private_data, buf, count); 180 } 181 182 /** 183 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. 184 * 185 * @file: Pointer to "struct file". 186 * @buf: Pointer to buffer. 187 * @count: Size of @buf. 188 * @ppos: Unused. 189 * 190 * Returns @count on success, negative value otherwise. 191 */ 192 static ssize_t tomoyo_write(struct file *file, const char __user *buf, 193 size_t count, loff_t *ppos) 194 { 195 return tomoyo_write_control(file->private_data, buf, count); 196 } 197 198 /* 199 * tomoyo_operations is a "struct file_operations" which is used for handling 200 * /sys/kernel/security/tomoyo/ interface. 201 * 202 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR). 203 * See tomoyo_io_buffer for internals. 204 */ 205 static const struct file_operations tomoyo_operations = { 206 .open = tomoyo_open, 207 .release = tomoyo_release, 208 .poll = tomoyo_poll, 209 .read = tomoyo_read, 210 .write = tomoyo_write, 211 .llseek = noop_llseek, 212 }; 213 214 /** 215 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory. 216 * 217 * @name: The name of the interface file. 218 * @mode: The permission of the interface file. 219 * @parent: The parent directory. 220 * @key: Type of interface. 221 * 222 * Returns nothing. 223 */ 224 static void __init tomoyo_create_entry(const char *name, const umode_t mode, 225 struct dentry *parent, const u8 key) 226 { 227 securityfs_create_file(name, mode, parent, (void *) (uintptr_t) key, 228 &tomoyo_operations); 229 } 230 231 /** 232 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. 233 * 234 * Returns 0. 235 */ 236 static int __init tomoyo_initerface_init(void) 237 { 238 struct tomoyo_domain_info *domain; 239 struct dentry *tomoyo_dir; 240 241 if (!tomoyo_enabled) 242 return 0; 243 domain = tomoyo_domain(); 244 /* Don't create securityfs entries unless registered. */ 245 if (domain != &tomoyo_kernel_domain) 246 return 0; 247 248 tomoyo_dir = securityfs_create_dir("tomoyo", NULL); 249 tomoyo_create_entry("query", 0600, tomoyo_dir, 250 TOMOYO_QUERY); 251 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir, 252 TOMOYO_DOMAINPOLICY); 253 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir, 254 TOMOYO_EXCEPTIONPOLICY); 255 tomoyo_create_entry("audit", 0400, tomoyo_dir, 256 TOMOYO_AUDIT); 257 tomoyo_create_entry(".process_status", 0600, tomoyo_dir, 258 TOMOYO_PROCESS_STATUS); 259 tomoyo_create_entry("stat", 0644, tomoyo_dir, 260 TOMOYO_STAT); 261 tomoyo_create_entry("profile", 0600, tomoyo_dir, 262 TOMOYO_PROFILE); 263 tomoyo_create_entry("manager", 0600, tomoyo_dir, 264 TOMOYO_MANAGER); 265 tomoyo_create_entry("version", 0400, tomoyo_dir, 266 TOMOYO_VERSION); 267 securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL, 268 &tomoyo_self_operations); 269 tomoyo_load_builtin_policy(); 270 return 0; 271 } 272 273 fs_initcall(tomoyo_initerface_init); 274