tomoyo.c revision a1f9bb6a375a8dbf7797ffbd6739c46b338a77f7
1/* 2 * security/tomoyo/tomoyo.c 3 * 4 * LSM hooks for TOMOYO Linux. 5 * 6 * Copyright (C) 2005-2009 NTT DATA CORPORATION 7 * 8 * Version: 2.2.0 2009/04/01 9 * 10 */ 11 12#include <linux/security.h> 13#include "common.h" 14 15static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) 16{ 17 new->security = NULL; 18 return 0; 19} 20 21static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, 22 gfp_t gfp) 23{ 24 struct tomoyo_domain_info *domain = old->security; 25 new->security = domain; 26 if (domain) 27 atomic_inc(&domain->users); 28 return 0; 29} 30 31static void tomoyo_cred_transfer(struct cred *new, const struct cred *old) 32{ 33 tomoyo_cred_prepare(new, old, 0); 34} 35 36static void tomoyo_cred_free(struct cred *cred) 37{ 38 struct tomoyo_domain_info *domain = cred->security; 39 if (domain) 40 atomic_dec(&domain->users); 41} 42 43static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) 44{ 45 int rc; 46 47 rc = cap_bprm_set_creds(bprm); 48 if (rc) 49 return rc; 50 51 /* 52 * Do only if this function is called for the first time of an execve 53 * operation. 54 */ 55 if (bprm->cred_prepared) 56 return 0; 57 /* 58 * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested 59 * for the first time. 60 */ 61 if (!tomoyo_policy_loaded) 62 tomoyo_load_policy(bprm->filename); 63 /* 64 * Release reference to "struct tomoyo_domain_info" stored inside 65 * "bprm->cred->security". New reference to "struct tomoyo_domain_info" 66 * stored inside "bprm->cred->security" will be acquired later inside 67 * tomoyo_find_next_domain(). 68 */ 69 atomic_dec(&((struct tomoyo_domain_info *) 70 bprm->cred->security)->users); 71 /* 72 * Tell tomoyo_bprm_check_security() is called for the first time of an 73 * execve operation. 74 */ 75 bprm->cred->security = NULL; 76 return 0; 77} 78 79static int tomoyo_bprm_check_security(struct linux_binprm *bprm) 80{ 81 struct tomoyo_domain_info *domain = bprm->cred->security; 82 83 /* 84 * Execute permission is checked against pathname passed to do_execve() 85 * using current domain. 86 */ 87 if (!domain) { 88 const int idx = tomoyo_read_lock(); 89 const int err = tomoyo_find_next_domain(bprm); 90 tomoyo_read_unlock(idx); 91 return err; 92 } 93 /* 94 * Read permission is checked against interpreters using next domain. 95 */ 96 return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY); 97} 98 99static int tomoyo_path_truncate(struct path *path, loff_t length, 100 unsigned int time_attrs) 101{ 102 return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path); 103} 104 105static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) 106{ 107 struct path path = { parent->mnt, dentry }; 108 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path); 109} 110 111static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, 112 int mode) 113{ 114 struct path path = { parent->mnt, dentry }; 115 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, 116 mode & S_IALLUGO); 117} 118 119static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) 120{ 121 struct path path = { parent->mnt, dentry }; 122 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path); 123} 124 125static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, 126 const char *old_name) 127{ 128 struct path path = { parent->mnt, dentry }; 129 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path); 130} 131 132static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, 133 int mode, unsigned int dev) 134{ 135 struct path path = { parent->mnt, dentry }; 136 int type = TOMOYO_TYPE_CREATE; 137 const unsigned int perm = mode & S_IALLUGO; 138 139 switch (mode & S_IFMT) { 140 case S_IFCHR: 141 type = TOMOYO_TYPE_MKCHAR; 142 break; 143 case S_IFBLK: 144 type = TOMOYO_TYPE_MKBLOCK; 145 break; 146 default: 147 goto no_dev; 148 } 149 return tomoyo_path_number3_perm(type, &path, perm, dev); 150 no_dev: 151 switch (mode & S_IFMT) { 152 case S_IFIFO: 153 type = TOMOYO_TYPE_MKFIFO; 154 break; 155 case S_IFSOCK: 156 type = TOMOYO_TYPE_MKSOCK; 157 break; 158 } 159 return tomoyo_path_number_perm(type, &path, perm); 160} 161 162static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, 163 struct dentry *new_dentry) 164{ 165 struct path path1 = { new_dir->mnt, old_dentry }; 166 struct path path2 = { new_dir->mnt, new_dentry }; 167 return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); 168} 169 170static int tomoyo_path_rename(struct path *old_parent, 171 struct dentry *old_dentry, 172 struct path *new_parent, 173 struct dentry *new_dentry) 174{ 175 struct path path1 = { old_parent->mnt, old_dentry }; 176 struct path path2 = { new_parent->mnt, new_dentry }; 177 return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); 178} 179 180static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, 181 unsigned long arg) 182{ 183 if (cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)) 184 return tomoyo_path_perm(TOMOYO_TYPE_REWRITE, &file->f_path); 185 return 0; 186} 187 188static int tomoyo_dentry_open(struct file *f, const struct cred *cred) 189{ 190 int flags = f->f_flags; 191 /* Don't check read permission here if called from do_execve(). */ 192 if (current->in_execve) 193 return 0; 194 return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags); 195} 196 197static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, 198 unsigned long arg) 199{ 200 return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd); 201} 202 203static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, 204 mode_t mode) 205{ 206 struct path path = { mnt, dentry }; 207 return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path, 208 mode & S_IALLUGO); 209} 210 211static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid) 212{ 213 int error = 0; 214 if (uid != (uid_t) -1) 215 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, uid); 216 if (!error && gid != (gid_t) -1) 217 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, gid); 218 return error; 219} 220 221static int tomoyo_path_chroot(struct path *path) 222{ 223 return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path); 224} 225 226static int tomoyo_sb_mount(char *dev_name, struct path *path, 227 char *type, unsigned long flags, void *data) 228{ 229 return tomoyo_path_perm(TOMOYO_TYPE_MOUNT, path); 230} 231 232static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) 233{ 234 struct path path = { mnt, mnt->mnt_root }; 235 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path); 236} 237 238static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) 239{ 240 return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); 241} 242 243/* 244 * tomoyo_security_ops is a "struct security_operations" which is used for 245 * registering TOMOYO. 246 */ 247static struct security_operations tomoyo_security_ops = { 248 .name = "tomoyo", 249 .cred_alloc_blank = tomoyo_cred_alloc_blank, 250 .cred_prepare = tomoyo_cred_prepare, 251 .cred_transfer = tomoyo_cred_transfer, 252 .cred_free = tomoyo_cred_free, 253 .bprm_set_creds = tomoyo_bprm_set_creds, 254 .bprm_check_security = tomoyo_bprm_check_security, 255 .file_fcntl = tomoyo_file_fcntl, 256 .dentry_open = tomoyo_dentry_open, 257 .path_truncate = tomoyo_path_truncate, 258 .path_unlink = tomoyo_path_unlink, 259 .path_mkdir = tomoyo_path_mkdir, 260 .path_rmdir = tomoyo_path_rmdir, 261 .path_symlink = tomoyo_path_symlink, 262 .path_mknod = tomoyo_path_mknod, 263 .path_link = tomoyo_path_link, 264 .path_rename = tomoyo_path_rename, 265 .file_ioctl = tomoyo_file_ioctl, 266 .path_chmod = tomoyo_path_chmod, 267 .path_chown = tomoyo_path_chown, 268 .path_chroot = tomoyo_path_chroot, 269 .sb_mount = tomoyo_sb_mount, 270 .sb_umount = tomoyo_sb_umount, 271 .sb_pivotroot = tomoyo_sb_pivotroot, 272}; 273 274/* Lock for GC. */ 275struct srcu_struct tomoyo_ss; 276 277static int __init tomoyo_init(void) 278{ 279 struct cred *cred = (struct cred *) current_cred(); 280 281 if (!security_module_enable(&tomoyo_security_ops)) 282 return 0; 283 /* register ourselves with the security framework */ 284 if (register_security(&tomoyo_security_ops) || 285 init_srcu_struct(&tomoyo_ss)) 286 panic("Failure registering TOMOYO Linux"); 287 printk(KERN_INFO "TOMOYO Linux initialized\n"); 288 cred->security = &tomoyo_kernel_domain; 289 tomoyo_realpath_init(); 290 return 0; 291} 292 293security_initcall(tomoyo_init); 294