tomoyo.c revision a1f9bb6a375a8dbf7797ffbd6739c46b338a77f7 
1/*
2 * security/tomoyo/tomoyo.c
3 *
4 * LSM hooks for TOMOYO Linux.
5 *
6 * Copyright (C) 2005-2009  NTT DATA CORPORATION
7 *
8 * Version: 2.2.0   2009/04/01
9 *
10 */
11
12#include <linux/security.h>
13#include "common.h"
14
15static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
16{
17	new->security = NULL;
18	return 0;
19}
20
21static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
22			       gfp_t gfp)
23{
24	struct tomoyo_domain_info *domain = old->security;
25	new->security = domain;
26	if (domain)
27		atomic_inc(&domain->users);
28	return 0;
29}
30
31static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
32{
33	tomoyo_cred_prepare(new, old, 0);
34}
35
36static void tomoyo_cred_free(struct cred *cred)
37{
38	struct tomoyo_domain_info *domain = cred->security;
39	if (domain)
40		atomic_dec(&domain->users);
41}
42
43static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
44{
45	int rc;
46
47	rc = cap_bprm_set_creds(bprm);
48	if (rc)
49		return rc;
50
51	/*
52	 * Do only if this function is called for the first time of an execve
53	 * operation.
54	 */
55	if (bprm->cred_prepared)
56		return 0;
57	/*
58	 * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
59	 * for the first time.
60	 */
61	if (!tomoyo_policy_loaded)
62		tomoyo_load_policy(bprm->filename);
63	/*
64	 * Release reference to "struct tomoyo_domain_info" stored inside
65	 * "bprm->cred->security". New reference to "struct tomoyo_domain_info"
66	 * stored inside "bprm->cred->security" will be acquired later inside
67	 * tomoyo_find_next_domain().
68	 */
69	atomic_dec(&((struct tomoyo_domain_info *)
70		     bprm->cred->security)->users);
71	/*
72	 * Tell tomoyo_bprm_check_security() is called for the first time of an
73	 * execve operation.
74	 */
75	bprm->cred->security = NULL;
76	return 0;
77}
78
79static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
80{
81	struct tomoyo_domain_info *domain = bprm->cred->security;
82
83	/*
84	 * Execute permission is checked against pathname passed to do_execve()
85	 * using current domain.
86	 */
87	if (!domain) {
88		const int idx = tomoyo_read_lock();
89		const int err = tomoyo_find_next_domain(bprm);
90		tomoyo_read_unlock(idx);
91		return err;
92	}
93	/*
94	 * Read permission is checked against interpreters using next domain.
95	 */
96	return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY);
97}
98
99static int tomoyo_path_truncate(struct path *path, loff_t length,
100				unsigned int time_attrs)
101{
102	return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path);
103}
104
105static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
106{
107	struct path path = { parent->mnt, dentry };
108	return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path);
109}
110
111static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
112			     int mode)
113{
114	struct path path = { parent->mnt, dentry };
115	return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
116				       mode & S_IALLUGO);
117}
118
119static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
120{
121	struct path path = { parent->mnt, dentry };
122	return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path);
123}
124
125static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
126			       const char *old_name)
127{
128	struct path path = { parent->mnt, dentry };
129	return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path);
130}
131
132static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
133			     int mode, unsigned int dev)
134{
135	struct path path = { parent->mnt, dentry };
136	int type = TOMOYO_TYPE_CREATE;
137	const unsigned int perm = mode & S_IALLUGO;
138
139	switch (mode & S_IFMT) {
140	case S_IFCHR:
141		type = TOMOYO_TYPE_MKCHAR;
142		break;
143	case S_IFBLK:
144		type = TOMOYO_TYPE_MKBLOCK;
145		break;
146	default:
147		goto no_dev;
148	}
149	return tomoyo_path_number3_perm(type, &path, perm, dev);
150 no_dev:
151	switch (mode & S_IFMT) {
152	case S_IFIFO:
153		type = TOMOYO_TYPE_MKFIFO;
154		break;
155	case S_IFSOCK:
156		type = TOMOYO_TYPE_MKSOCK;
157		break;
158	}
159	return tomoyo_path_number_perm(type, &path, perm);
160}
161
162static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
163			    struct dentry *new_dentry)
164{
165	struct path path1 = { new_dir->mnt, old_dentry };
166	struct path path2 = { new_dir->mnt, new_dentry };
167	return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
168}
169
170static int tomoyo_path_rename(struct path *old_parent,
171			      struct dentry *old_dentry,
172			      struct path *new_parent,
173			      struct dentry *new_dentry)
174{
175	struct path path1 = { old_parent->mnt, old_dentry };
176	struct path path2 = { new_parent->mnt, new_dentry };
177	return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
178}
179
180static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
181			     unsigned long arg)
182{
183	if (cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND))
184		return tomoyo_path_perm(TOMOYO_TYPE_REWRITE, &file->f_path);
185	return 0;
186}
187
188static int tomoyo_dentry_open(struct file *f, const struct cred *cred)
189{
190	int flags = f->f_flags;
191	/* Don't check read permission here if called from do_execve(). */
192	if (current->in_execve)
193		return 0;
194	return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
195}
196
197static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
198			     unsigned long arg)
199{
200	return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
201}
202
203static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
204			     mode_t mode)
205{
206	struct path path = { mnt, dentry };
207	return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path,
208				       mode & S_IALLUGO);
209}
210
211static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
212{
213	int error = 0;
214	if (uid != (uid_t) -1)
215		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, uid);
216	if (!error && gid != (gid_t) -1)
217		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, gid);
218	return error;
219}
220
221static int tomoyo_path_chroot(struct path *path)
222{
223	return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path);
224}
225
226static int tomoyo_sb_mount(char *dev_name, struct path *path,
227			   char *type, unsigned long flags, void *data)
228{
229	return tomoyo_path_perm(TOMOYO_TYPE_MOUNT, path);
230}
231
232static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
233{
234	struct path path = { mnt, mnt->mnt_root };
235	return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path);
236}
237
238static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
239{
240	return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
241}
242
243/*
244 * tomoyo_security_ops is a "struct security_operations" which is used for
245 * registering TOMOYO.
246 */
247static struct security_operations tomoyo_security_ops = {
248	.name                = "tomoyo",
249	.cred_alloc_blank    = tomoyo_cred_alloc_blank,
250	.cred_prepare        = tomoyo_cred_prepare,
251	.cred_transfer	     = tomoyo_cred_transfer,
252	.cred_free           = tomoyo_cred_free,
253	.bprm_set_creds      = tomoyo_bprm_set_creds,
254	.bprm_check_security = tomoyo_bprm_check_security,
255	.file_fcntl          = tomoyo_file_fcntl,
256	.dentry_open         = tomoyo_dentry_open,
257	.path_truncate       = tomoyo_path_truncate,
258	.path_unlink         = tomoyo_path_unlink,
259	.path_mkdir          = tomoyo_path_mkdir,
260	.path_rmdir          = tomoyo_path_rmdir,
261	.path_symlink        = tomoyo_path_symlink,
262	.path_mknod          = tomoyo_path_mknod,
263	.path_link           = tomoyo_path_link,
264	.path_rename         = tomoyo_path_rename,
265	.file_ioctl          = tomoyo_file_ioctl,
266	.path_chmod          = tomoyo_path_chmod,
267	.path_chown          = tomoyo_path_chown,
268	.path_chroot         = tomoyo_path_chroot,
269	.sb_mount            = tomoyo_sb_mount,
270	.sb_umount           = tomoyo_sb_umount,
271	.sb_pivotroot        = tomoyo_sb_pivotroot,
272};
273
274/* Lock for GC. */
275struct srcu_struct tomoyo_ss;
276
277static int __init tomoyo_init(void)
278{
279	struct cred *cred = (struct cred *) current_cred();
280
281	if (!security_module_enable(&tomoyo_security_ops))
282		return 0;
283	/* register ourselves with the security framework */
284	if (register_security(&tomoyo_security_ops) ||
285	    init_srcu_struct(&tomoyo_ss))
286		panic("Failure registering TOMOYO Linux");
287	printk(KERN_INFO "TOMOYO Linux initialized\n");
288	cred->security = &tomoyo_kernel_domain;
289	tomoyo_realpath_init();
290	return 0;
291}
292
293security_initcall(tomoyo_init);
294