18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later
28c2ecf20Sopenharmony_ci/* CacheFiles security management
38c2ecf20Sopenharmony_ci *
48c2ecf20Sopenharmony_ci * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
58c2ecf20Sopenharmony_ci * Written by David Howells (dhowells@redhat.com)
68c2ecf20Sopenharmony_ci */
78c2ecf20Sopenharmony_ci
88c2ecf20Sopenharmony_ci#include <linux/fs.h>
98c2ecf20Sopenharmony_ci#include <linux/cred.h>
108c2ecf20Sopenharmony_ci#include "internal.h"
118c2ecf20Sopenharmony_ci
128c2ecf20Sopenharmony_ci/*
138c2ecf20Sopenharmony_ci * determine the security context within which we access the cache from within
148c2ecf20Sopenharmony_ci * the kernel
158c2ecf20Sopenharmony_ci */
168c2ecf20Sopenharmony_ciint cachefiles_get_security_ID(struct cachefiles_cache *cache)
178c2ecf20Sopenharmony_ci{
188c2ecf20Sopenharmony_ci	struct cred *new;
198c2ecf20Sopenharmony_ci	int ret;
208c2ecf20Sopenharmony_ci
218c2ecf20Sopenharmony_ci	_enter("{%s}", cache->secctx);
228c2ecf20Sopenharmony_ci
238c2ecf20Sopenharmony_ci	new = prepare_kernel_cred(current);
248c2ecf20Sopenharmony_ci	if (!new) {
258c2ecf20Sopenharmony_ci		ret = -ENOMEM;
268c2ecf20Sopenharmony_ci		goto error;
278c2ecf20Sopenharmony_ci	}
288c2ecf20Sopenharmony_ci
298c2ecf20Sopenharmony_ci	if (cache->secctx) {
308c2ecf20Sopenharmony_ci		ret = set_security_override_from_ctx(new, cache->secctx);
318c2ecf20Sopenharmony_ci		if (ret < 0) {
328c2ecf20Sopenharmony_ci			put_cred(new);
338c2ecf20Sopenharmony_ci			pr_err("Security denies permission to nominate security context: error %d\n",
348c2ecf20Sopenharmony_ci			       ret);
358c2ecf20Sopenharmony_ci			goto error;
368c2ecf20Sopenharmony_ci		}
378c2ecf20Sopenharmony_ci	}
388c2ecf20Sopenharmony_ci
398c2ecf20Sopenharmony_ci	cache->cache_cred = new;
408c2ecf20Sopenharmony_ci	ret = 0;
418c2ecf20Sopenharmony_cierror:
428c2ecf20Sopenharmony_ci	_leave(" = %d", ret);
438c2ecf20Sopenharmony_ci	return ret;
448c2ecf20Sopenharmony_ci}
458c2ecf20Sopenharmony_ci
468c2ecf20Sopenharmony_ci/*
478c2ecf20Sopenharmony_ci * see if mkdir and create can be performed in the root directory
488c2ecf20Sopenharmony_ci */
498c2ecf20Sopenharmony_cistatic int cachefiles_check_cache_dir(struct cachefiles_cache *cache,
508c2ecf20Sopenharmony_ci				      struct dentry *root)
518c2ecf20Sopenharmony_ci{
528c2ecf20Sopenharmony_ci	int ret;
538c2ecf20Sopenharmony_ci
548c2ecf20Sopenharmony_ci	ret = security_inode_mkdir(d_backing_inode(root), root, 0);
558c2ecf20Sopenharmony_ci	if (ret < 0) {
568c2ecf20Sopenharmony_ci		pr_err("Security denies permission to make dirs: error %d",
578c2ecf20Sopenharmony_ci		       ret);
588c2ecf20Sopenharmony_ci		return ret;
598c2ecf20Sopenharmony_ci	}
608c2ecf20Sopenharmony_ci
618c2ecf20Sopenharmony_ci	ret = security_inode_create(d_backing_inode(root), root, 0);
628c2ecf20Sopenharmony_ci	if (ret < 0)
638c2ecf20Sopenharmony_ci		pr_err("Security denies permission to create files: error %d",
648c2ecf20Sopenharmony_ci		       ret);
658c2ecf20Sopenharmony_ci
668c2ecf20Sopenharmony_ci	return ret;
678c2ecf20Sopenharmony_ci}
688c2ecf20Sopenharmony_ci
698c2ecf20Sopenharmony_ci/*
708c2ecf20Sopenharmony_ci * check the security details of the on-disk cache
718c2ecf20Sopenharmony_ci * - must be called with security override in force
728c2ecf20Sopenharmony_ci * - must return with a security override in force - even in the case of an
738c2ecf20Sopenharmony_ci *   error
748c2ecf20Sopenharmony_ci */
758c2ecf20Sopenharmony_ciint cachefiles_determine_cache_security(struct cachefiles_cache *cache,
768c2ecf20Sopenharmony_ci					struct dentry *root,
778c2ecf20Sopenharmony_ci					const struct cred **_saved_cred)
788c2ecf20Sopenharmony_ci{
798c2ecf20Sopenharmony_ci	struct cred *new;
808c2ecf20Sopenharmony_ci	int ret;
818c2ecf20Sopenharmony_ci
828c2ecf20Sopenharmony_ci	_enter("");
838c2ecf20Sopenharmony_ci
848c2ecf20Sopenharmony_ci	/* duplicate the cache creds for COW (the override is currently in
858c2ecf20Sopenharmony_ci	 * force, so we can use prepare_creds() to do this) */
868c2ecf20Sopenharmony_ci	new = prepare_creds();
878c2ecf20Sopenharmony_ci	if (!new)
888c2ecf20Sopenharmony_ci		return -ENOMEM;
898c2ecf20Sopenharmony_ci
908c2ecf20Sopenharmony_ci	cachefiles_end_secure(cache, *_saved_cred);
918c2ecf20Sopenharmony_ci
928c2ecf20Sopenharmony_ci	/* use the cache root dir's security context as the basis with
938c2ecf20Sopenharmony_ci	 * which create files */
948c2ecf20Sopenharmony_ci	ret = set_create_files_as(new, d_backing_inode(root));
958c2ecf20Sopenharmony_ci	if (ret < 0) {
968c2ecf20Sopenharmony_ci		abort_creds(new);
978c2ecf20Sopenharmony_ci		cachefiles_begin_secure(cache, _saved_cred);
988c2ecf20Sopenharmony_ci		_leave(" = %d [cfa]", ret);
998c2ecf20Sopenharmony_ci		return ret;
1008c2ecf20Sopenharmony_ci	}
1018c2ecf20Sopenharmony_ci
1028c2ecf20Sopenharmony_ci	put_cred(cache->cache_cred);
1038c2ecf20Sopenharmony_ci	cache->cache_cred = new;
1048c2ecf20Sopenharmony_ci
1058c2ecf20Sopenharmony_ci	cachefiles_begin_secure(cache, _saved_cred);
1068c2ecf20Sopenharmony_ci	ret = cachefiles_check_cache_dir(cache, root);
1078c2ecf20Sopenharmony_ci
1088c2ecf20Sopenharmony_ci	if (ret == -EOPNOTSUPP)
1098c2ecf20Sopenharmony_ci		ret = 0;
1108c2ecf20Sopenharmony_ci	_leave(" = %d", ret);
1118c2ecf20Sopenharmony_ci	return ret;
1128c2ecf20Sopenharmony_ci}
113