1 /* 2 * security/tomoyo/securityfs_if.c 3 * 4 * Copyright (C) 2005-2011 NTT DATA CORPORATION 5 */ 6 7 #include <linux/security.h> 8 #include "common.h" 9 10 /** 11 * tomoyo_check_task_acl - Check permission for task operation. 12 * 13 * @r: Pointer to "struct tomoyo_request_info". 14 * @ptr: Pointer to "struct tomoyo_acl_info". 15 * 16 * Returns true if granted, false otherwise. 17 */ 18 static bool tomoyo_check_task_acl(struct tomoyo_request_info *r, 19 const struct tomoyo_acl_info *ptr) 20 { 21 const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl), 22 head); 23 return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname); 24 } 25 26 /** 27 * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface. 28 * 29 * @file: Pointer to "struct file". 30 * @buf: Domainname to transit to. 31 * @count: Size of @buf. 32 * @ppos: Unused. 33 * 34 * Returns @count on success, negative value otherwise. 35 * 36 * If domain transition was permitted but the domain transition failed, this 37 * function returns error rather than terminating current thread with SIGKILL. 38 */ 39 static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, 40 size_t count, loff_t *ppos) 41 { 42 char *data; 43 int error; 44 if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10) 45 return -ENOMEM; 46 data = kzalloc(count + 1, GFP_NOFS); 47 if (!data) 48 return -ENOMEM; 49 if (copy_from_user(data, buf, count)) { 50 error = -EFAULT; 51 goto out; 52 } 53 tomoyo_normalize_line(data); 54 if (tomoyo_correct_domain(data)) { 55 const int idx = tomoyo_read_lock(); 56 struct tomoyo_path_info name; 57 struct tomoyo_request_info r; 58 name.name = data; 59 tomoyo_fill_path_info(&name); 60 /* Check "task manual_domain_transition" permission. */ 61 tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); 62 r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL; 63 r.param.task.domainname = &name; 64 tomoyo_check_acl(&r, tomoyo_check_task_acl); 65 if (!r.granted) 66 error = -EPERM; 67 else { 68 struct tomoyo_domain_info *new_domain = 69 tomoyo_assign_domain(data, true); 70 if (!new_domain) { 71 error = -ENOENT; 72 } else { 73 struct cred *cred = prepare_creds(); 74 if (!cred) { 75 error = -ENOMEM; 76 } else { 77 struct tomoyo_domain_info *old_domain = 78 cred->security; 79 cred->security = new_domain; 80 atomic_inc(&new_domain->users); 81 atomic_dec(&old_domain->users); 82 commit_creds(cred); 83 error = 0; 84 } 85 } 86 } 87 tomoyo_read_unlock(idx); 88 } else 89 error = -EINVAL; 90 out: 91 kfree(data); 92 return error ? error : count; 93 } 94 95 /** 96 * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface. 97 * 98 * @file: Pointer to "struct file". 99 * @buf: Domainname which current thread belongs to. 100 * @count: Size of @buf. 101 * @ppos: Bytes read by now. 102 * 103 * Returns read size on success, negative value otherwise. 104 */ 105 static ssize_t tomoyo_read_self(struct file *file, char __user *buf, 106 size_t count, loff_t *ppos) 107 { 108 const char *domain = tomoyo_domain()->domainname->name; 109 loff_t len = strlen(domain); 110 loff_t pos = *ppos; 111 if (pos >= len || !count) 112 return 0; 113 len -= pos; 114 if (count < len) 115 len = count; 116 if (copy_to_user(buf, domain + pos, len)) 117 return -EFAULT; 118 *ppos += len; 119 return len; 120 } 121 122 /* Operations for /sys/kernel/security/tomoyo/self_domain interface. */ 123 static const struct file_operations tomoyo_self_operations = { 124 .write = tomoyo_write_self, 125 .read = tomoyo_read_self, 126 }; 127 128 /** 129 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. 130 * 131 * @inode: Pointer to "struct inode". 132 * @file: Pointer to "struct file". 133 * 134 * Returns 0 on success, negative value otherwise. 135 */ 136 static int tomoyo_open(struct inode *inode, struct file *file) 137 { 138 const int key = ((u8 *) file_inode(file)->i_private) 139 - ((u8 *) NULL); 140 return tomoyo_open_control(key, file); 141 } 142 143 /** 144 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. 145 * 146 * @file: Pointer to "struct file". 147 * 148 */ 149 static int tomoyo_release(struct inode *inode, struct file *file) 150 { 151 tomoyo_close_control(file->private_data); 152 return 0; 153 } 154 155 /** 156 * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface. 157 * 158 * @file: Pointer to "struct file". 159 * @wait: Pointer to "poll_table". Maybe NULL. 160 * 161 * Returns POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM if ready to read/write, 162 * POLLOUT | POLLWRNORM otherwise. 163 */ 164 static unsigned int tomoyo_poll(struct file *file, poll_table *wait) 165 { 166 return tomoyo_poll_control(file, wait); 167 } 168 169 /** 170 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. 171 * 172 * @file: Pointer to "struct file". 173 * @buf: Pointer to buffer. 174 * @count: Size of @buf. 175 * @ppos: Unused. 176 * 177 * Returns bytes read on success, negative value otherwise. 178 */ 179 static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, 180 loff_t *ppos) 181 { 182 return tomoyo_read_control(file->private_data, buf, count); 183 } 184 185 /** 186 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. 187 * 188 * @file: Pointer to "struct file". 189 * @buf: Pointer to buffer. 190 * @count: Size of @buf. 191 * @ppos: Unused. 192 * 193 * Returns @count on success, negative value otherwise. 194 */ 195 static ssize_t tomoyo_write(struct file *file, const char __user *buf, 196 size_t count, loff_t *ppos) 197 { 198 return tomoyo_write_control(file->private_data, buf, count); 199 } 200 201 /* 202 * tomoyo_operations is a "struct file_operations" which is used for handling 203 * /sys/kernel/security/tomoyo/ interface. 204 * 205 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR). 206 * See tomoyo_io_buffer for internals. 207 */ 208 static const struct file_operations tomoyo_operations = { 209 .open = tomoyo_open, 210 .release = tomoyo_release, 211 .poll = tomoyo_poll, 212 .read = tomoyo_read, 213 .write = tomoyo_write, 214 .llseek = noop_llseek, 215 }; 216 217 /** 218 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory. 219 * 220 * @name: The name of the interface file. 221 * @mode: The permission of the interface file. 222 * @parent: The parent directory. 223 * @key: Type of interface. 224 * 225 * Returns nothing. 226 */ 227 static void __init tomoyo_create_entry(const char *name, const umode_t mode, 228 struct dentry *parent, const u8 key) 229 { 230 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, 231 &tomoyo_operations); 232 } 233 234 /** 235 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. 236 * 237 * Returns 0. 238 */ 239 static int __init tomoyo_initerface_init(void) 240 { 241 struct dentry *tomoyo_dir; 242 243 /* Don't create securityfs entries unless registered. */ 244 if (current_cred()->security != &tomoyo_kernel_domain) 245 return 0; 246 247 tomoyo_dir = securityfs_create_dir("tomoyo", NULL); 248 tomoyo_create_entry("query", 0600, tomoyo_dir, 249 TOMOYO_QUERY); 250 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir, 251 TOMOYO_DOMAINPOLICY); 252 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir, 253 TOMOYO_EXCEPTIONPOLICY); 254 tomoyo_create_entry("audit", 0400, tomoyo_dir, 255 TOMOYO_AUDIT); 256 tomoyo_create_entry(".process_status", 0600, tomoyo_dir, 257 TOMOYO_PROCESS_STATUS); 258 tomoyo_create_entry("stat", 0644, tomoyo_dir, 259 TOMOYO_STAT); 260 tomoyo_create_entry("profile", 0600, tomoyo_dir, 261 TOMOYO_PROFILE); 262 tomoyo_create_entry("manager", 0600, tomoyo_dir, 263 TOMOYO_MANAGER); 264 tomoyo_create_entry("version", 0400, tomoyo_dir, 265 TOMOYO_VERSION); 266 securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL, 267 &tomoyo_self_operations); 268 tomoyo_load_builtin_policy(); 269 return 0; 270 } 271 272 fs_initcall(tomoyo_initerface_init); 273