1 /* 2 * security/tomoyo/tomoyo.c 3 * 4 * LSM hooks for TOMOYO Linux. 5 * 6 * Copyright (C) 2005-2010 NTT DATA CORPORATION 7 */ 8 9 #include <linux/security.h> 10 #include "common.h" 11 12 static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) 13 { 14 new->security = NULL; 15 return 0; 16 } 17 18 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, 19 gfp_t gfp) 20 { 21 struct tomoyo_domain_info *domain = old->security; 22 new->security = domain; 23 if (domain) 24 atomic_inc(&domain->users); 25 return 0; 26 } 27 28 static void tomoyo_cred_transfer(struct cred *new, const struct cred *old) 29 { 30 tomoyo_cred_prepare(new, old, 0); 31 } 32 33 static void tomoyo_cred_free(struct cred *cred) 34 { 35 struct tomoyo_domain_info *domain = cred->security; 36 if (domain) 37 atomic_dec(&domain->users); 38 } 39 40 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) 41 { 42 int rc; 43 44 rc = cap_bprm_set_creds(bprm); 45 if (rc) 46 return rc; 47 48 /* 49 * Do only if this function is called for the first time of an execve 50 * operation. 51 */ 52 if (bprm->cred_prepared) 53 return 0; 54 /* 55 * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested 56 * for the first time. 57 */ 58 if (!tomoyo_policy_loaded) 59 tomoyo_load_policy(bprm->filename); 60 /* 61 * Release reference to "struct tomoyo_domain_info" stored inside 62 * "bprm->cred->security". New reference to "struct tomoyo_domain_info" 63 * stored inside "bprm->cred->security" will be acquired later inside 64 * tomoyo_find_next_domain(). 65 */ 66 atomic_dec(&((struct tomoyo_domain_info *) 67 bprm->cred->security)->users); 68 /* 69 * Tell tomoyo_bprm_check_security() is called for the first time of an 70 * execve operation. 71 */ 72 bprm->cred->security = NULL; 73 return 0; 74 } 75 76 static int tomoyo_bprm_check_security(struct linux_binprm *bprm) 77 { 78 struct tomoyo_domain_info *domain = bprm->cred->security; 79 80 /* 81 * Execute permission is checked against pathname passed to do_execve() 82 * using current domain. 83 */ 84 if (!domain) { 85 const int idx = tomoyo_read_lock(); 86 const int err = tomoyo_find_next_domain(bprm); 87 tomoyo_read_unlock(idx); 88 return err; 89 } 90 /* 91 * Read permission is checked against interpreters using next domain. 92 */ 93 return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY); 94 } 95 96 static int tomoyo_path_truncate(struct path *path) 97 { 98 return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path); 99 } 100 101 static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) 102 { 103 struct path path = { parent->mnt, dentry }; 104 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path); 105 } 106 107 static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, 108 int mode) 109 { 110 struct path path = { parent->mnt, dentry }; 111 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, 112 mode & S_IALLUGO); 113 } 114 115 static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) 116 { 117 struct path path = { parent->mnt, dentry }; 118 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path); 119 } 120 121 static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, 122 const char *old_name) 123 { 124 struct path path = { parent->mnt, dentry }; 125 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path); 126 } 127 128 static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, 129 int mode, unsigned int dev) 130 { 131 struct path path = { parent->mnt, dentry }; 132 int type = TOMOYO_TYPE_CREATE; 133 const unsigned int perm = mode & S_IALLUGO; 134 135 switch (mode & S_IFMT) { 136 case S_IFCHR: 137 type = TOMOYO_TYPE_MKCHAR; 138 break; 139 case S_IFBLK: 140 type = TOMOYO_TYPE_MKBLOCK; 141 break; 142 default: 143 goto no_dev; 144 } 145 return tomoyo_mkdev_perm(type, &path, perm, dev); 146 no_dev: 147 switch (mode & S_IFMT) { 148 case S_IFIFO: 149 type = TOMOYO_TYPE_MKFIFO; 150 break; 151 case S_IFSOCK: 152 type = TOMOYO_TYPE_MKSOCK; 153 break; 154 } 155 return tomoyo_path_number_perm(type, &path, perm); 156 } 157 158 static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, 159 struct dentry *new_dentry) 160 { 161 struct path path1 = { new_dir->mnt, old_dentry }; 162 struct path path2 = { new_dir->mnt, new_dentry }; 163 return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); 164 } 165 166 static int tomoyo_path_rename(struct path *old_parent, 167 struct dentry *old_dentry, 168 struct path *new_parent, 169 struct dentry *new_dentry) 170 { 171 struct path path1 = { old_parent->mnt, old_dentry }; 172 struct path path2 = { new_parent->mnt, new_dentry }; 173 return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); 174 } 175 176 static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, 177 unsigned long arg) 178 { 179 if (cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)) 180 return tomoyo_path_perm(TOMOYO_TYPE_REWRITE, &file->f_path); 181 return 0; 182 } 183 184 static int tomoyo_dentry_open(struct file *f, const struct cred *cred) 185 { 186 int flags = f->f_flags; 187 /* Don't check read permission here if called from do_execve(). */ 188 if (current->in_execve) 189 return 0; 190 return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags); 191 } 192 193 static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, 194 unsigned long arg) 195 { 196 return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd); 197 } 198 199 static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, 200 mode_t mode) 201 { 202 struct path path = { mnt, dentry }; 203 return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path, 204 mode & S_IALLUGO); 205 } 206 207 static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid) 208 { 209 int error = 0; 210 if (uid != (uid_t) -1) 211 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, uid); 212 if (!error && gid != (gid_t) -1) 213 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, gid); 214 return error; 215 } 216 217 static int tomoyo_path_chroot(struct path *path) 218 { 219 return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path); 220 } 221 222 static int tomoyo_sb_mount(char *dev_name, struct path *path, 223 char *type, unsigned long flags, void *data) 224 { 225 return tomoyo_mount_permission(dev_name, path, type, flags, data); 226 } 227 228 static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) 229 { 230 struct path path = { mnt, mnt->mnt_root }; 231 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path); 232 } 233 234 static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) 235 { 236 return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); 237 } 238 239 /* 240 * tomoyo_security_ops is a "struct security_operations" which is used for 241 * registering TOMOYO. 242 */ 243 static struct security_operations tomoyo_security_ops = { 244 .name = "tomoyo", 245 .cred_alloc_blank = tomoyo_cred_alloc_blank, 246 .cred_prepare = tomoyo_cred_prepare, 247 .cred_transfer = tomoyo_cred_transfer, 248 .cred_free = tomoyo_cred_free, 249 .bprm_set_creds = tomoyo_bprm_set_creds, 250 .bprm_check_security = tomoyo_bprm_check_security, 251 .file_fcntl = tomoyo_file_fcntl, 252 .dentry_open = tomoyo_dentry_open, 253 .path_truncate = tomoyo_path_truncate, 254 .path_unlink = tomoyo_path_unlink, 255 .path_mkdir = tomoyo_path_mkdir, 256 .path_rmdir = tomoyo_path_rmdir, 257 .path_symlink = tomoyo_path_symlink, 258 .path_mknod = tomoyo_path_mknod, 259 .path_link = tomoyo_path_link, 260 .path_rename = tomoyo_path_rename, 261 .file_ioctl = tomoyo_file_ioctl, 262 .path_chmod = tomoyo_path_chmod, 263 .path_chown = tomoyo_path_chown, 264 .path_chroot = tomoyo_path_chroot, 265 .sb_mount = tomoyo_sb_mount, 266 .sb_umount = tomoyo_sb_umount, 267 .sb_pivotroot = tomoyo_sb_pivotroot, 268 }; 269 270 /* Lock for GC. */ 271 struct srcu_struct tomoyo_ss; 272 273 static int __init tomoyo_init(void) 274 { 275 struct cred *cred = (struct cred *) current_cred(); 276 277 if (!security_module_enable(&tomoyo_security_ops)) 278 return 0; 279 /* register ourselves with the security framework */ 280 if (register_security(&tomoyo_security_ops) || 281 init_srcu_struct(&tomoyo_ss)) 282 panic("Failure registering TOMOYO Linux"); 283 printk(KERN_INFO "TOMOYO Linux initialized\n"); 284 cred->security = &tomoyo_kernel_domain; 285 tomoyo_mm_init(); 286 return 0; 287 } 288 289 security_initcall(tomoyo_init); 290