1 /* 2 * security/tomoyo/securityfs_if.c 3 * 4 * Copyright (C) 2005-2011 NTT DATA CORPORATION 5 */ 6 7 #include <linux/security.h> 8 #include "common.h" 9 10 /** 11 * tomoyo_check_task_acl - Check permission for task operation. 12 * 13 * @r: Pointer to "struct tomoyo_request_info". 14 * @ptr: Pointer to "struct tomoyo_acl_info". 15 * 16 * Returns true if granted, false otherwise. 17 */ 18 static bool tomoyo_check_task_acl(struct tomoyo_request_info *r, 19 const struct tomoyo_acl_info *ptr) 20 { 21 const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl), 22 head); 23 return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname); 24 } 25 26 /** 27 * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface. 28 * 29 * @file: Pointer to "struct file". 30 * @buf: Domainname to transit to. 31 * @count: Size of @buf. 32 * @ppos: Unused. 33 * 34 * Returns @count on success, negative value otherwise. 35 * 36 * If domain transition was permitted but the domain transition failed, this 37 * function returns error rather than terminating current thread with SIGKILL. 38 */ 39 static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, 40 size_t count, loff_t *ppos) 41 { 42 char *data; 43 int error; 44 if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10) 45 return -ENOMEM; 46 data = memdup_user_nul(buf, count); 47 if (IS_ERR(data)) 48 return PTR_ERR(data); 49 tomoyo_normalize_line(data); 50 if (tomoyo_correct_domain(data)) { 51 const int idx = tomoyo_read_lock(); 52 struct tomoyo_path_info name; 53 struct tomoyo_request_info r; 54 name.name = data; 55 tomoyo_fill_path_info(&name); 56 /* Check "task manual_domain_transition" permission. */ 57 tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); 58 r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL; 59 r.param.task.domainname = &name; 60 tomoyo_check_acl(&r, tomoyo_check_task_acl); 61 if (!r.granted) 62 error = -EPERM; 63 else { 64 struct tomoyo_domain_info *new_domain = 65 tomoyo_assign_domain(data, true); 66 if (!new_domain) { 67 error = -ENOENT; 68 } else { 69 struct cred *cred = prepare_creds(); 70 if (!cred) { 71 error = -ENOMEM; 72 } else { 73 struct tomoyo_domain_info *old_domain = 74 cred->security; 75 cred->security = new_domain; 76 atomic_inc(&new_domain->users); 77 atomic_dec(&old_domain->users); 78 commit_creds(cred); 79 error = 0; 80 } 81 } 82 } 83 tomoyo_read_unlock(idx); 84 } else 85 error = -EINVAL; 86 kfree(data); 87 return error ? error : count; 88 } 89 90 /** 91 * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface. 92 * 93 * @file: Pointer to "struct file". 94 * @buf: Domainname which current thread belongs to. 95 * @count: Size of @buf. 96 * @ppos: Bytes read by now. 97 * 98 * Returns read size on success, negative value otherwise. 99 */ 100 static ssize_t tomoyo_read_self(struct file *file, char __user *buf, 101 size_t count, loff_t *ppos) 102 { 103 const char *domain = tomoyo_domain()->domainname->name; 104 loff_t len = strlen(domain); 105 loff_t pos = *ppos; 106 if (pos >= len || !count) 107 return 0; 108 len -= pos; 109 if (count < len) 110 len = count; 111 if (copy_to_user(buf, domain + pos, len)) 112 return -EFAULT; 113 *ppos += len; 114 return len; 115 } 116 117 /* Operations for /sys/kernel/security/tomoyo/self_domain interface. */ 118 static const struct file_operations tomoyo_self_operations = { 119 .write = tomoyo_write_self, 120 .read = tomoyo_read_self, 121 }; 122 123 /** 124 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. 125 * 126 * @inode: Pointer to "struct inode". 127 * @file: Pointer to "struct file". 128 * 129 * Returns 0 on success, negative value otherwise. 130 */ 131 static int tomoyo_open(struct inode *inode, struct file *file) 132 { 133 const int key = ((u8 *) file_inode(file)->i_private) 134 - ((u8 *) NULL); 135 return tomoyo_open_control(key, file); 136 } 137 138 /** 139 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. 140 * 141 * @file: Pointer to "struct file". 142 * 143 */ 144 static int tomoyo_release(struct inode *inode, struct file *file) 145 { 146 tomoyo_close_control(file->private_data); 147 return 0; 148 } 149 150 /** 151 * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface. 152 * 153 * @file: Pointer to "struct file". 154 * @wait: Pointer to "poll_table". Maybe NULL. 155 * 156 * Returns POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM if ready to read/write, 157 * POLLOUT | POLLWRNORM otherwise. 158 */ 159 static unsigned int tomoyo_poll(struct file *file, poll_table *wait) 160 { 161 return tomoyo_poll_control(file, wait); 162 } 163 164 /** 165 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. 166 * 167 * @file: Pointer to "struct file". 168 * @buf: Pointer to buffer. 169 * @count: Size of @buf. 170 * @ppos: Unused. 171 * 172 * Returns bytes read on success, negative value otherwise. 173 */ 174 static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, 175 loff_t *ppos) 176 { 177 return tomoyo_read_control(file->private_data, buf, count); 178 } 179 180 /** 181 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. 182 * 183 * @file: Pointer to "struct file". 184 * @buf: Pointer to buffer. 185 * @count: Size of @buf. 186 * @ppos: Unused. 187 * 188 * Returns @count on success, negative value otherwise. 189 */ 190 static ssize_t tomoyo_write(struct file *file, const char __user *buf, 191 size_t count, loff_t *ppos) 192 { 193 return tomoyo_write_control(file->private_data, buf, count); 194 } 195 196 /* 197 * tomoyo_operations is a "struct file_operations" which is used for handling 198 * /sys/kernel/security/tomoyo/ interface. 199 * 200 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR). 201 * See tomoyo_io_buffer for internals. 202 */ 203 static const struct file_operations tomoyo_operations = { 204 .open = tomoyo_open, 205 .release = tomoyo_release, 206 .poll = tomoyo_poll, 207 .read = tomoyo_read, 208 .write = tomoyo_write, 209 .llseek = noop_llseek, 210 }; 211 212 /** 213 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory. 214 * 215 * @name: The name of the interface file. 216 * @mode: The permission of the interface file. 217 * @parent: The parent directory. 218 * @key: Type of interface. 219 * 220 * Returns nothing. 221 */ 222 static void __init tomoyo_create_entry(const char *name, const umode_t mode, 223 struct dentry *parent, const u8 key) 224 { 225 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, 226 &tomoyo_operations); 227 } 228 229 /** 230 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. 231 * 232 * Returns 0. 233 */ 234 static int __init tomoyo_initerface_init(void) 235 { 236 struct dentry *tomoyo_dir; 237 238 /* Don't create securityfs entries unless registered. */ 239 if (current_cred()->security != &tomoyo_kernel_domain) 240 return 0; 241 242 tomoyo_dir = securityfs_create_dir("tomoyo", NULL); 243 tomoyo_create_entry("query", 0600, tomoyo_dir, 244 TOMOYO_QUERY); 245 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir, 246 TOMOYO_DOMAINPOLICY); 247 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir, 248 TOMOYO_EXCEPTIONPOLICY); 249 tomoyo_create_entry("audit", 0400, tomoyo_dir, 250 TOMOYO_AUDIT); 251 tomoyo_create_entry(".process_status", 0600, tomoyo_dir, 252 TOMOYO_PROCESS_STATUS); 253 tomoyo_create_entry("stat", 0644, tomoyo_dir, 254 TOMOYO_STAT); 255 tomoyo_create_entry("profile", 0600, tomoyo_dir, 256 TOMOYO_PROFILE); 257 tomoyo_create_entry("manager", 0600, tomoyo_dir, 258 TOMOYO_MANAGER); 259 tomoyo_create_entry("version", 0400, tomoyo_dir, 260 TOMOYO_VERSION); 261 securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL, 262 &tomoyo_self_operations); 263 tomoyo_load_builtin_policy(); 264 return 0; 265 } 266 267 fs_initcall(tomoyo_initerface_init); 268