1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * security/tomoyo/tomoyo.c 4 * 5 * Copyright (C) 2005-2011 NTT DATA CORPORATION 6 */ 7 8 #include <linux/lsm_hooks.h> 9 #include "common.h" 10 11 /** 12 * tomoyo_domain - Get "struct tomoyo_domain_info" for current thread. 13 * 14 * Returns pointer to "struct tomoyo_domain_info" for current thread. 15 */ 16 struct tomoyo_domain_info *tomoyo_domain(void) 17 { 18 struct tomoyo_task *s = tomoyo_task(current); 19 20 if (s->old_domain_info && !current->in_execve) { 21 atomic_dec(&s->old_domain_info->users); 22 s->old_domain_info = NULL; 23 } 24 return s->domain_info; 25 } 26 27 /** 28 * tomoyo_cred_prepare - Target for security_prepare_creds(). 29 * 30 * @new: Pointer to "struct cred". 31 * @old: Pointer to "struct cred". 32 * @gfp: Memory allocation flags. 33 * 34 * Returns 0. 35 */ 36 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, 37 gfp_t gfp) 38 { 39 /* Restore old_domain_info saved by previous execve() request. */ 40 struct tomoyo_task *s = tomoyo_task(current); 41 42 if (s->old_domain_info && !current->in_execve) { 43 atomic_dec(&s->domain_info->users); 44 s->domain_info = s->old_domain_info; 45 s->old_domain_info = NULL; 46 } 47 return 0; 48 } 49 50 /** 51 * tomoyo_bprm_committed_creds - Target for security_bprm_committed_creds(). 52 * 53 * @bprm: Pointer to "struct linux_binprm". 54 */ 55 static void tomoyo_bprm_committed_creds(struct linux_binprm *bprm) 56 { 57 /* Clear old_domain_info saved by execve() request. */ 58 struct tomoyo_task *s = tomoyo_task(current); 59 60 atomic_dec(&s->old_domain_info->users); 61 s->old_domain_info = NULL; 62 } 63 64 #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 65 /** 66 * tomoyo_bprm_set_creds - Target for security_bprm_set_creds(). 67 * 68 * @bprm: Pointer to "struct linux_binprm". 69 * 70 * Returns 0. 71 */ 72 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) 73 { 74 /* 75 * Do only if this function is called for the first time of an execve 76 * operation. 77 */ 78 if (bprm->called_set_creds) 79 return 0; 80 /* 81 * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested 82 * for the first time. 83 */ 84 if (!tomoyo_policy_loaded) 85 tomoyo_load_policy(bprm->filename); 86 return 0; 87 } 88 #endif 89 90 /** 91 * tomoyo_bprm_check_security - Target for security_bprm_check(). 92 * 93 * @bprm: Pointer to "struct linux_binprm". 94 * 95 * Returns 0 on success, negative value otherwise. 96 */ 97 static int tomoyo_bprm_check_security(struct linux_binprm *bprm) 98 { 99 struct tomoyo_task *s = tomoyo_task(current); 100 101 /* 102 * Execute permission is checked against pathname passed to do_execve() 103 * using current domain. 104 */ 105 if (!s->old_domain_info) { 106 const int idx = tomoyo_read_lock(); 107 const int err = tomoyo_find_next_domain(bprm); 108 109 tomoyo_read_unlock(idx); 110 return err; 111 } 112 /* 113 * Read permission is checked against interpreters using next domain. 114 */ 115 return tomoyo_check_open_permission(s->domain_info, 116 &bprm->file->f_path, O_RDONLY); 117 } 118 119 /** 120 * tomoyo_inode_getattr - Target for security_inode_getattr(). 121 * 122 * @mnt: Pointer to "struct vfsmount". 123 * @dentry: Pointer to "struct dentry". 124 * 125 * Returns 0 on success, negative value otherwise. 126 */ 127 static int tomoyo_inode_getattr(const struct path *path) 128 { 129 return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL); 130 } 131 132 /** 133 * tomoyo_path_truncate - Target for security_path_truncate(). 134 * 135 * @path: Pointer to "struct path". 136 * 137 * Returns 0 on success, negative value otherwise. 138 */ 139 static int tomoyo_path_truncate(const struct path *path) 140 { 141 return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL); 142 } 143 144 /** 145 * tomoyo_path_unlink - Target for security_path_unlink(). 146 * 147 * @parent: Pointer to "struct path". 148 * @dentry: Pointer to "struct dentry". 149 * 150 * Returns 0 on success, negative value otherwise. 151 */ 152 static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) 153 { 154 struct path path = { .mnt = parent->mnt, .dentry = dentry }; 155 156 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); 157 } 158 159 /** 160 * tomoyo_path_mkdir - Target for security_path_mkdir(). 161 * 162 * @parent: Pointer to "struct path". 163 * @dentry: Pointer to "struct dentry". 164 * @mode: DAC permission mode. 165 * 166 * Returns 0 on success, negative value otherwise. 167 */ 168 static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, 169 umode_t mode) 170 { 171 struct path path = { .mnt = parent->mnt, .dentry = dentry }; 172 173 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, 174 mode & S_IALLUGO); 175 } 176 177 /** 178 * tomoyo_path_rmdir - Target for security_path_rmdir(). 179 * 180 * @parent: Pointer to "struct path". 181 * @dentry: Pointer to "struct dentry". 182 * 183 * Returns 0 on success, negative value otherwise. 184 */ 185 static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) 186 { 187 struct path path = { .mnt = parent->mnt, .dentry = dentry }; 188 189 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); 190 } 191 192 /** 193 * tomoyo_path_symlink - Target for security_path_symlink(). 194 * 195 * @parent: Pointer to "struct path". 196 * @dentry: Pointer to "struct dentry". 197 * @old_name: Symlink's content. 198 * 199 * Returns 0 on success, negative value otherwise. 200 */ 201 static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, 202 const char *old_name) 203 { 204 struct path path = { .mnt = parent->mnt, .dentry = dentry }; 205 206 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); 207 } 208 209 /** 210 * tomoyo_path_mknod - Target for security_path_mknod(). 211 * 212 * @parent: Pointer to "struct path". 213 * @dentry: Pointer to "struct dentry". 214 * @mode: DAC permission mode. 215 * @dev: Device attributes. 216 * 217 * Returns 0 on success, negative value otherwise. 218 */ 219 static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, 220 umode_t mode, unsigned int dev) 221 { 222 struct path path = { .mnt = parent->mnt, .dentry = dentry }; 223 int type = TOMOYO_TYPE_CREATE; 224 const unsigned int perm = mode & S_IALLUGO; 225 226 switch (mode & S_IFMT) { 227 case S_IFCHR: 228 type = TOMOYO_TYPE_MKCHAR; 229 break; 230 case S_IFBLK: 231 type = TOMOYO_TYPE_MKBLOCK; 232 break; 233 default: 234 goto no_dev; 235 } 236 return tomoyo_mkdev_perm(type, &path, perm, dev); 237 no_dev: 238 switch (mode & S_IFMT) { 239 case S_IFIFO: 240 type = TOMOYO_TYPE_MKFIFO; 241 break; 242 case S_IFSOCK: 243 type = TOMOYO_TYPE_MKSOCK; 244 break; 245 } 246 return tomoyo_path_number_perm(type, &path, perm); 247 } 248 249 /** 250 * tomoyo_path_link - Target for security_path_link(). 251 * 252 * @old_dentry: Pointer to "struct dentry". 253 * @new_dir: Pointer to "struct path". 254 * @new_dentry: Pointer to "struct dentry". 255 * 256 * Returns 0 on success, negative value otherwise. 257 */ 258 static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir, 259 struct dentry *new_dentry) 260 { 261 struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry }; 262 struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry }; 263 264 return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); 265 } 266 267 /** 268 * tomoyo_path_rename - Target for security_path_rename(). 269 * 270 * @old_parent: Pointer to "struct path". 271 * @old_dentry: Pointer to "struct dentry". 272 * @new_parent: Pointer to "struct path". 273 * @new_dentry: Pointer to "struct dentry". 274 * 275 * Returns 0 on success, negative value otherwise. 276 */ 277 static int tomoyo_path_rename(const struct path *old_parent, 278 struct dentry *old_dentry, 279 const struct path *new_parent, 280 struct dentry *new_dentry) 281 { 282 struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry }; 283 struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry }; 284 285 return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); 286 } 287 288 /** 289 * tomoyo_file_fcntl - Target for security_file_fcntl(). 290 * 291 * @file: Pointer to "struct file". 292 * @cmd: Command for fcntl(). 293 * @arg: Argument for @cmd. 294 * 295 * Returns 0 on success, negative value otherwise. 296 */ 297 static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, 298 unsigned long arg) 299 { 300 if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND))) 301 return 0; 302 return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path, 303 O_WRONLY | (arg & O_APPEND)); 304 } 305 306 /** 307 * tomoyo_file_open - Target for security_file_open(). 308 * 309 * @f: Pointer to "struct file". 310 * @cred: Pointer to "struct cred". 311 * 312 * Returns 0 on success, negative value otherwise. 313 */ 314 static int tomoyo_file_open(struct file *f) 315 { 316 /* Don't check read permission here if called from do_execve(). */ 317 if (current->in_execve) 318 return 0; 319 return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, 320 f->f_flags); 321 } 322 323 /** 324 * tomoyo_file_ioctl - Target for security_file_ioctl(). 325 * 326 * @file: Pointer to "struct file". 327 * @cmd: Command for ioctl(). 328 * @arg: Argument for @cmd. 329 * 330 * Returns 0 on success, negative value otherwise. 331 */ 332 static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, 333 unsigned long arg) 334 { 335 return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd); 336 } 337 338 /** 339 * tomoyo_path_chmod - Target for security_path_chmod(). 340 * 341 * @path: Pointer to "struct path". 342 * @mode: DAC permission mode. 343 * 344 * Returns 0 on success, negative value otherwise. 345 */ 346 static int tomoyo_path_chmod(const struct path *path, umode_t mode) 347 { 348 return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path, 349 mode & S_IALLUGO); 350 } 351 352 /** 353 * tomoyo_path_chown - Target for security_path_chown(). 354 * 355 * @path: Pointer to "struct path". 356 * @uid: Owner ID. 357 * @gid: Group ID. 358 * 359 * Returns 0 on success, negative value otherwise. 360 */ 361 static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 362 { 363 int error = 0; 364 365 if (uid_valid(uid)) 366 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, 367 from_kuid(&init_user_ns, uid)); 368 if (!error && gid_valid(gid)) 369 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, 370 from_kgid(&init_user_ns, gid)); 371 return error; 372 } 373 374 /** 375 * tomoyo_path_chroot - Target for security_path_chroot(). 376 * 377 * @path: Pointer to "struct path". 378 * 379 * Returns 0 on success, negative value otherwise. 380 */ 381 static int tomoyo_path_chroot(const struct path *path) 382 { 383 return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL); 384 } 385 386 /** 387 * tomoyo_sb_mount - Target for security_sb_mount(). 388 * 389 * @dev_name: Name of device file. Maybe NULL. 390 * @path: Pointer to "struct path". 391 * @type: Name of filesystem type. Maybe NULL. 392 * @flags: Mount options. 393 * @data: Optional data. Maybe NULL. 394 * 395 * Returns 0 on success, negative value otherwise. 396 */ 397 static int tomoyo_sb_mount(const char *dev_name, const struct path *path, 398 const char *type, unsigned long flags, void *data) 399 { 400 return tomoyo_mount_permission(dev_name, path, type, flags, data); 401 } 402 403 /** 404 * tomoyo_sb_umount - Target for security_sb_umount(). 405 * 406 * @mnt: Pointer to "struct vfsmount". 407 * @flags: Unmount options. 408 * 409 * Returns 0 on success, negative value otherwise. 410 */ 411 static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) 412 { 413 struct path path = { .mnt = mnt, .dentry = mnt->mnt_root }; 414 415 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); 416 } 417 418 /** 419 * tomoyo_sb_pivotroot - Target for security_sb_pivotroot(). 420 * 421 * @old_path: Pointer to "struct path". 422 * @new_path: Pointer to "struct path". 423 * 424 * Returns 0 on success, negative value otherwise. 425 */ 426 static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path) 427 { 428 return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); 429 } 430 431 /** 432 * tomoyo_socket_listen - Check permission for listen(). 433 * 434 * @sock: Pointer to "struct socket". 435 * @backlog: Backlog parameter. 436 * 437 * Returns 0 on success, negative value otherwise. 438 */ 439 static int tomoyo_socket_listen(struct socket *sock, int backlog) 440 { 441 return tomoyo_socket_listen_permission(sock); 442 } 443 444 /** 445 * tomoyo_socket_connect - Check permission for connect(). 446 * 447 * @sock: Pointer to "struct socket". 448 * @addr: Pointer to "struct sockaddr". 449 * @addr_len: Size of @addr. 450 * 451 * Returns 0 on success, negative value otherwise. 452 */ 453 static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr, 454 int addr_len) 455 { 456 return tomoyo_socket_connect_permission(sock, addr, addr_len); 457 } 458 459 /** 460 * tomoyo_socket_bind - Check permission for bind(). 461 * 462 * @sock: Pointer to "struct socket". 463 * @addr: Pointer to "struct sockaddr". 464 * @addr_len: Size of @addr. 465 * 466 * Returns 0 on success, negative value otherwise. 467 */ 468 static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr, 469 int addr_len) 470 { 471 return tomoyo_socket_bind_permission(sock, addr, addr_len); 472 } 473 474 /** 475 * tomoyo_socket_sendmsg - Check permission for sendmsg(). 476 * 477 * @sock: Pointer to "struct socket". 478 * @msg: Pointer to "struct msghdr". 479 * @size: Size of message. 480 * 481 * Returns 0 on success, negative value otherwise. 482 */ 483 static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, 484 int size) 485 { 486 return tomoyo_socket_sendmsg_permission(sock, msg, size); 487 } 488 489 struct lsm_blob_sizes tomoyo_blob_sizes __lsm_ro_after_init = { 490 .lbs_task = sizeof(struct tomoyo_task), 491 }; 492 493 /** 494 * tomoyo_task_alloc - Target for security_task_alloc(). 495 * 496 * @task: Pointer to "struct task_struct". 497 * @flags: clone() flags. 498 * 499 * Returns 0. 500 */ 501 static int tomoyo_task_alloc(struct task_struct *task, 502 unsigned long clone_flags) 503 { 504 struct tomoyo_task *old = tomoyo_task(current); 505 struct tomoyo_task *new = tomoyo_task(task); 506 507 new->domain_info = old->domain_info; 508 atomic_inc(&new->domain_info->users); 509 new->old_domain_info = NULL; 510 return 0; 511 } 512 513 /** 514 * tomoyo_task_free - Target for security_task_free(). 515 * 516 * @task: Pointer to "struct task_struct". 517 */ 518 static void tomoyo_task_free(struct task_struct *task) 519 { 520 struct tomoyo_task *s = tomoyo_task(task); 521 522 if (s->domain_info) { 523 atomic_dec(&s->domain_info->users); 524 s->domain_info = NULL; 525 } 526 if (s->old_domain_info) { 527 atomic_dec(&s->old_domain_info->users); 528 s->old_domain_info = NULL; 529 } 530 } 531 532 /* 533 * tomoyo_security_ops is a "struct security_operations" which is used for 534 * registering TOMOYO. 535 */ 536 static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = { 537 LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare), 538 LSM_HOOK_INIT(bprm_committed_creds, tomoyo_bprm_committed_creds), 539 LSM_HOOK_INIT(task_alloc, tomoyo_task_alloc), 540 LSM_HOOK_INIT(task_free, tomoyo_task_free), 541 #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 542 LSM_HOOK_INIT(bprm_set_creds, tomoyo_bprm_set_creds), 543 #endif 544 LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security), 545 LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl), 546 LSM_HOOK_INIT(file_open, tomoyo_file_open), 547 LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate), 548 LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink), 549 LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir), 550 LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir), 551 LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink), 552 LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod), 553 LSM_HOOK_INIT(path_link, tomoyo_path_link), 554 LSM_HOOK_INIT(path_rename, tomoyo_path_rename), 555 LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr), 556 LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl), 557 LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod), 558 LSM_HOOK_INIT(path_chown, tomoyo_path_chown), 559 LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot), 560 LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount), 561 LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount), 562 LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot), 563 LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind), 564 LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect), 565 LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen), 566 LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg), 567 }; 568 569 /* Lock for GC. */ 570 DEFINE_SRCU(tomoyo_ss); 571 572 int tomoyo_enabled __lsm_ro_after_init = 1; 573 574 /** 575 * tomoyo_init - Register TOMOYO Linux as a LSM module. 576 * 577 * Returns 0. 578 */ 579 static int __init tomoyo_init(void) 580 { 581 struct tomoyo_task *s = tomoyo_task(current); 582 583 /* register ourselves with the security framework */ 584 security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); 585 pr_info("TOMOYO Linux initialized\n"); 586 s->domain_info = &tomoyo_kernel_domain; 587 atomic_inc(&tomoyo_kernel_domain.users); 588 s->old_domain_info = NULL; 589 tomoyo_mm_init(); 590 591 return 0; 592 } 593 594 DEFINE_LSM(tomoyo) = { 595 .name = "tomoyo", 596 .enabled = &tomoyo_enabled, 597 .flags = LSM_FLAG_LEGACY_MAJOR, 598 .blobs = &tomoyo_blob_sizes, 599 .init = tomoyo_init, 600 }; 601