18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * security/tomoyo/condition.c 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * Copyright (C) 2005-2011 NTT DATA CORPORATION 68c2ecf20Sopenharmony_ci */ 78c2ecf20Sopenharmony_ci 88c2ecf20Sopenharmony_ci#include "common.h" 98c2ecf20Sopenharmony_ci#include <linux/slab.h> 108c2ecf20Sopenharmony_ci 118c2ecf20Sopenharmony_ci/* List of "struct tomoyo_condition". */ 128c2ecf20Sopenharmony_ciLIST_HEAD(tomoyo_condition_list); 138c2ecf20Sopenharmony_ci 148c2ecf20Sopenharmony_ci/** 158c2ecf20Sopenharmony_ci * tomoyo_argv - Check argv[] in "struct linux_binbrm". 168c2ecf20Sopenharmony_ci * 178c2ecf20Sopenharmony_ci * @index: Index number of @arg_ptr. 188c2ecf20Sopenharmony_ci * @arg_ptr: Contents of argv[@index]. 198c2ecf20Sopenharmony_ci * @argc: Length of @argv. 208c2ecf20Sopenharmony_ci * @argv: Pointer to "struct tomoyo_argv". 218c2ecf20Sopenharmony_ci * @checked: Set to true if @argv[@index] was found. 228c2ecf20Sopenharmony_ci * 238c2ecf20Sopenharmony_ci * Returns true on success, false otherwise. 248c2ecf20Sopenharmony_ci */ 258c2ecf20Sopenharmony_cistatic bool tomoyo_argv(const unsigned int index, const char *arg_ptr, 268c2ecf20Sopenharmony_ci const int argc, const struct tomoyo_argv *argv, 278c2ecf20Sopenharmony_ci u8 *checked) 288c2ecf20Sopenharmony_ci{ 298c2ecf20Sopenharmony_ci int i; 308c2ecf20Sopenharmony_ci struct tomoyo_path_info arg; 318c2ecf20Sopenharmony_ci 328c2ecf20Sopenharmony_ci arg.name = arg_ptr; 338c2ecf20Sopenharmony_ci for (i = 0; i < argc; argv++, checked++, i++) { 348c2ecf20Sopenharmony_ci bool result; 358c2ecf20Sopenharmony_ci 368c2ecf20Sopenharmony_ci if (index != argv->index) 378c2ecf20Sopenharmony_ci continue; 388c2ecf20Sopenharmony_ci *checked = 1; 398c2ecf20Sopenharmony_ci tomoyo_fill_path_info(&arg); 408c2ecf20Sopenharmony_ci result = tomoyo_path_matches_pattern(&arg, argv->value); 418c2ecf20Sopenharmony_ci if (argv->is_not) 428c2ecf20Sopenharmony_ci result = !result; 438c2ecf20Sopenharmony_ci if (!result) 448c2ecf20Sopenharmony_ci return false; 458c2ecf20Sopenharmony_ci } 468c2ecf20Sopenharmony_ci return true; 478c2ecf20Sopenharmony_ci} 488c2ecf20Sopenharmony_ci 498c2ecf20Sopenharmony_ci/** 508c2ecf20Sopenharmony_ci * tomoyo_envp - Check envp[] in "struct linux_binbrm". 518c2ecf20Sopenharmony_ci * 528c2ecf20Sopenharmony_ci * @env_name: The name of environment variable. 538c2ecf20Sopenharmony_ci * @env_value: The value of environment variable. 548c2ecf20Sopenharmony_ci * @envc: Length of @envp. 558c2ecf20Sopenharmony_ci * @envp: Pointer to "struct tomoyo_envp". 568c2ecf20Sopenharmony_ci * @checked: Set to true if @envp[@env_name] was found. 578c2ecf20Sopenharmony_ci * 588c2ecf20Sopenharmony_ci * Returns true on success, false otherwise. 598c2ecf20Sopenharmony_ci */ 608c2ecf20Sopenharmony_cistatic bool tomoyo_envp(const char *env_name, const char *env_value, 618c2ecf20Sopenharmony_ci const int envc, const struct tomoyo_envp *envp, 628c2ecf20Sopenharmony_ci u8 *checked) 638c2ecf20Sopenharmony_ci{ 648c2ecf20Sopenharmony_ci int i; 658c2ecf20Sopenharmony_ci struct tomoyo_path_info name; 668c2ecf20Sopenharmony_ci struct tomoyo_path_info value; 678c2ecf20Sopenharmony_ci 688c2ecf20Sopenharmony_ci name.name = env_name; 698c2ecf20Sopenharmony_ci tomoyo_fill_path_info(&name); 708c2ecf20Sopenharmony_ci value.name = env_value; 718c2ecf20Sopenharmony_ci tomoyo_fill_path_info(&value); 728c2ecf20Sopenharmony_ci for (i = 0; i < envc; envp++, checked++, i++) { 738c2ecf20Sopenharmony_ci bool result; 748c2ecf20Sopenharmony_ci 758c2ecf20Sopenharmony_ci if (!tomoyo_path_matches_pattern(&name, envp->name)) 768c2ecf20Sopenharmony_ci continue; 778c2ecf20Sopenharmony_ci *checked = 1; 788c2ecf20Sopenharmony_ci if (envp->value) { 798c2ecf20Sopenharmony_ci result = tomoyo_path_matches_pattern(&value, 808c2ecf20Sopenharmony_ci envp->value); 818c2ecf20Sopenharmony_ci if (envp->is_not) 828c2ecf20Sopenharmony_ci result = !result; 838c2ecf20Sopenharmony_ci } else { 848c2ecf20Sopenharmony_ci result = true; 858c2ecf20Sopenharmony_ci if (!envp->is_not) 868c2ecf20Sopenharmony_ci result = !result; 878c2ecf20Sopenharmony_ci } 888c2ecf20Sopenharmony_ci if (!result) 898c2ecf20Sopenharmony_ci return false; 908c2ecf20Sopenharmony_ci } 918c2ecf20Sopenharmony_ci return true; 928c2ecf20Sopenharmony_ci} 938c2ecf20Sopenharmony_ci 948c2ecf20Sopenharmony_ci/** 958c2ecf20Sopenharmony_ci * tomoyo_scan_bprm - Scan "struct linux_binprm". 968c2ecf20Sopenharmony_ci * 978c2ecf20Sopenharmony_ci * @ee: Pointer to "struct tomoyo_execve". 988c2ecf20Sopenharmony_ci * @argc: Length of @argc. 998c2ecf20Sopenharmony_ci * @argv: Pointer to "struct tomoyo_argv". 1008c2ecf20Sopenharmony_ci * @envc: Length of @envp. 1018c2ecf20Sopenharmony_ci * @envp: Poiner to "struct tomoyo_envp". 1028c2ecf20Sopenharmony_ci * 1038c2ecf20Sopenharmony_ci * Returns true on success, false otherwise. 1048c2ecf20Sopenharmony_ci */ 1058c2ecf20Sopenharmony_cistatic bool tomoyo_scan_bprm(struct tomoyo_execve *ee, 1068c2ecf20Sopenharmony_ci const u16 argc, const struct tomoyo_argv *argv, 1078c2ecf20Sopenharmony_ci const u16 envc, const struct tomoyo_envp *envp) 1088c2ecf20Sopenharmony_ci{ 1098c2ecf20Sopenharmony_ci struct linux_binprm *bprm = ee->bprm; 1108c2ecf20Sopenharmony_ci struct tomoyo_page_dump *dump = &ee->dump; 1118c2ecf20Sopenharmony_ci char *arg_ptr = ee->tmp; 1128c2ecf20Sopenharmony_ci int arg_len = 0; 1138c2ecf20Sopenharmony_ci unsigned long pos = bprm->p; 1148c2ecf20Sopenharmony_ci int offset = pos % PAGE_SIZE; 1158c2ecf20Sopenharmony_ci int argv_count = bprm->argc; 1168c2ecf20Sopenharmony_ci int envp_count = bprm->envc; 1178c2ecf20Sopenharmony_ci bool result = true; 1188c2ecf20Sopenharmony_ci u8 local_checked[32]; 1198c2ecf20Sopenharmony_ci u8 *checked; 1208c2ecf20Sopenharmony_ci 1218c2ecf20Sopenharmony_ci if (argc + envc <= sizeof(local_checked)) { 1228c2ecf20Sopenharmony_ci checked = local_checked; 1238c2ecf20Sopenharmony_ci memset(local_checked, 0, sizeof(local_checked)); 1248c2ecf20Sopenharmony_ci } else { 1258c2ecf20Sopenharmony_ci checked = kzalloc(argc + envc, GFP_NOFS); 1268c2ecf20Sopenharmony_ci if (!checked) 1278c2ecf20Sopenharmony_ci return false; 1288c2ecf20Sopenharmony_ci } 1298c2ecf20Sopenharmony_ci while (argv_count || envp_count) { 1308c2ecf20Sopenharmony_ci if (!tomoyo_dump_page(bprm, pos, dump)) { 1318c2ecf20Sopenharmony_ci result = false; 1328c2ecf20Sopenharmony_ci goto out; 1338c2ecf20Sopenharmony_ci } 1348c2ecf20Sopenharmony_ci pos += PAGE_SIZE - offset; 1358c2ecf20Sopenharmony_ci while (offset < PAGE_SIZE) { 1368c2ecf20Sopenharmony_ci /* Read. */ 1378c2ecf20Sopenharmony_ci const char *kaddr = dump->data; 1388c2ecf20Sopenharmony_ci const unsigned char c = kaddr[offset++]; 1398c2ecf20Sopenharmony_ci 1408c2ecf20Sopenharmony_ci if (c && arg_len < TOMOYO_EXEC_TMPSIZE - 10) { 1418c2ecf20Sopenharmony_ci if (c == '\\') { 1428c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = '\\'; 1438c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = '\\'; 1448c2ecf20Sopenharmony_ci } else if (c > ' ' && c < 127) { 1458c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = c; 1468c2ecf20Sopenharmony_ci } else { 1478c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = '\\'; 1488c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = (c >> 6) + '0'; 1498c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = 1508c2ecf20Sopenharmony_ci ((c >> 3) & 7) + '0'; 1518c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = (c & 7) + '0'; 1528c2ecf20Sopenharmony_ci } 1538c2ecf20Sopenharmony_ci } else { 1548c2ecf20Sopenharmony_ci arg_ptr[arg_len] = '\0'; 1558c2ecf20Sopenharmony_ci } 1568c2ecf20Sopenharmony_ci if (c) 1578c2ecf20Sopenharmony_ci continue; 1588c2ecf20Sopenharmony_ci /* Check. */ 1598c2ecf20Sopenharmony_ci if (argv_count) { 1608c2ecf20Sopenharmony_ci if (!tomoyo_argv(bprm->argc - argv_count, 1618c2ecf20Sopenharmony_ci arg_ptr, argc, argv, 1628c2ecf20Sopenharmony_ci checked)) { 1638c2ecf20Sopenharmony_ci result = false; 1648c2ecf20Sopenharmony_ci break; 1658c2ecf20Sopenharmony_ci } 1668c2ecf20Sopenharmony_ci argv_count--; 1678c2ecf20Sopenharmony_ci } else if (envp_count) { 1688c2ecf20Sopenharmony_ci char *cp = strchr(arg_ptr, '='); 1698c2ecf20Sopenharmony_ci 1708c2ecf20Sopenharmony_ci if (cp) { 1718c2ecf20Sopenharmony_ci *cp = '\0'; 1728c2ecf20Sopenharmony_ci if (!tomoyo_envp(arg_ptr, cp + 1, 1738c2ecf20Sopenharmony_ci envc, envp, 1748c2ecf20Sopenharmony_ci checked + argc)) { 1758c2ecf20Sopenharmony_ci result = false; 1768c2ecf20Sopenharmony_ci break; 1778c2ecf20Sopenharmony_ci } 1788c2ecf20Sopenharmony_ci } 1798c2ecf20Sopenharmony_ci envp_count--; 1808c2ecf20Sopenharmony_ci } else { 1818c2ecf20Sopenharmony_ci break; 1828c2ecf20Sopenharmony_ci } 1838c2ecf20Sopenharmony_ci arg_len = 0; 1848c2ecf20Sopenharmony_ci } 1858c2ecf20Sopenharmony_ci offset = 0; 1868c2ecf20Sopenharmony_ci if (!result) 1878c2ecf20Sopenharmony_ci break; 1888c2ecf20Sopenharmony_ci } 1898c2ecf20Sopenharmony_ciout: 1908c2ecf20Sopenharmony_ci if (result) { 1918c2ecf20Sopenharmony_ci int i; 1928c2ecf20Sopenharmony_ci 1938c2ecf20Sopenharmony_ci /* Check not-yet-checked entries. */ 1948c2ecf20Sopenharmony_ci for (i = 0; i < argc; i++) { 1958c2ecf20Sopenharmony_ci if (checked[i]) 1968c2ecf20Sopenharmony_ci continue; 1978c2ecf20Sopenharmony_ci /* 1988c2ecf20Sopenharmony_ci * Return true only if all unchecked indexes in 1998c2ecf20Sopenharmony_ci * bprm->argv[] are not matched. 2008c2ecf20Sopenharmony_ci */ 2018c2ecf20Sopenharmony_ci if (argv[i].is_not) 2028c2ecf20Sopenharmony_ci continue; 2038c2ecf20Sopenharmony_ci result = false; 2048c2ecf20Sopenharmony_ci break; 2058c2ecf20Sopenharmony_ci } 2068c2ecf20Sopenharmony_ci for (i = 0; i < envc; envp++, i++) { 2078c2ecf20Sopenharmony_ci if (checked[argc + i]) 2088c2ecf20Sopenharmony_ci continue; 2098c2ecf20Sopenharmony_ci /* 2108c2ecf20Sopenharmony_ci * Return true only if all unchecked environ variables 2118c2ecf20Sopenharmony_ci * in bprm->envp[] are either undefined or not matched. 2128c2ecf20Sopenharmony_ci */ 2138c2ecf20Sopenharmony_ci if ((!envp->value && !envp->is_not) || 2148c2ecf20Sopenharmony_ci (envp->value && envp->is_not)) 2158c2ecf20Sopenharmony_ci continue; 2168c2ecf20Sopenharmony_ci result = false; 2178c2ecf20Sopenharmony_ci break; 2188c2ecf20Sopenharmony_ci } 2198c2ecf20Sopenharmony_ci } 2208c2ecf20Sopenharmony_ci if (checked != local_checked) 2218c2ecf20Sopenharmony_ci kfree(checked); 2228c2ecf20Sopenharmony_ci return result; 2238c2ecf20Sopenharmony_ci} 2248c2ecf20Sopenharmony_ci 2258c2ecf20Sopenharmony_ci/** 2268c2ecf20Sopenharmony_ci * tomoyo_scan_exec_realpath - Check "exec.realpath" parameter of "struct tomoyo_condition". 2278c2ecf20Sopenharmony_ci * 2288c2ecf20Sopenharmony_ci * @file: Pointer to "struct file". 2298c2ecf20Sopenharmony_ci * @ptr: Pointer to "struct tomoyo_name_union". 2308c2ecf20Sopenharmony_ci * @match: True if "exec.realpath=", false if "exec.realpath!=". 2318c2ecf20Sopenharmony_ci * 2328c2ecf20Sopenharmony_ci * Returns true on success, false otherwise. 2338c2ecf20Sopenharmony_ci */ 2348c2ecf20Sopenharmony_cistatic bool tomoyo_scan_exec_realpath(struct file *file, 2358c2ecf20Sopenharmony_ci const struct tomoyo_name_union *ptr, 2368c2ecf20Sopenharmony_ci const bool match) 2378c2ecf20Sopenharmony_ci{ 2388c2ecf20Sopenharmony_ci bool result; 2398c2ecf20Sopenharmony_ci struct tomoyo_path_info exe; 2408c2ecf20Sopenharmony_ci 2418c2ecf20Sopenharmony_ci if (!file) 2428c2ecf20Sopenharmony_ci return false; 2438c2ecf20Sopenharmony_ci exe.name = tomoyo_realpath_from_path(&file->f_path); 2448c2ecf20Sopenharmony_ci if (!exe.name) 2458c2ecf20Sopenharmony_ci return false; 2468c2ecf20Sopenharmony_ci tomoyo_fill_path_info(&exe); 2478c2ecf20Sopenharmony_ci result = tomoyo_compare_name_union(&exe, ptr); 2488c2ecf20Sopenharmony_ci kfree(exe.name); 2498c2ecf20Sopenharmony_ci return result == match; 2508c2ecf20Sopenharmony_ci} 2518c2ecf20Sopenharmony_ci 2528c2ecf20Sopenharmony_ci/** 2538c2ecf20Sopenharmony_ci * tomoyo_get_dqword - tomoyo_get_name() for a quoted string. 2548c2ecf20Sopenharmony_ci * 2558c2ecf20Sopenharmony_ci * @start: String to save. 2568c2ecf20Sopenharmony_ci * 2578c2ecf20Sopenharmony_ci * Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise. 2588c2ecf20Sopenharmony_ci */ 2598c2ecf20Sopenharmony_cistatic const struct tomoyo_path_info *tomoyo_get_dqword(char *start) 2608c2ecf20Sopenharmony_ci{ 2618c2ecf20Sopenharmony_ci char *cp = start + strlen(start) - 1; 2628c2ecf20Sopenharmony_ci 2638c2ecf20Sopenharmony_ci if (cp == start || *start++ != '"' || *cp != '"') 2648c2ecf20Sopenharmony_ci return NULL; 2658c2ecf20Sopenharmony_ci *cp = '\0'; 2668c2ecf20Sopenharmony_ci if (*start && !tomoyo_correct_word(start)) 2678c2ecf20Sopenharmony_ci return NULL; 2688c2ecf20Sopenharmony_ci return tomoyo_get_name(start); 2698c2ecf20Sopenharmony_ci} 2708c2ecf20Sopenharmony_ci 2718c2ecf20Sopenharmony_ci/** 2728c2ecf20Sopenharmony_ci * tomoyo_parse_name_union_quoted - Parse a quoted word. 2738c2ecf20Sopenharmony_ci * 2748c2ecf20Sopenharmony_ci * @param: Pointer to "struct tomoyo_acl_param". 2758c2ecf20Sopenharmony_ci * @ptr: Pointer to "struct tomoyo_name_union". 2768c2ecf20Sopenharmony_ci * 2778c2ecf20Sopenharmony_ci * Returns true on success, false otherwise. 2788c2ecf20Sopenharmony_ci */ 2798c2ecf20Sopenharmony_cistatic bool tomoyo_parse_name_union_quoted(struct tomoyo_acl_param *param, 2808c2ecf20Sopenharmony_ci struct tomoyo_name_union *ptr) 2818c2ecf20Sopenharmony_ci{ 2828c2ecf20Sopenharmony_ci char *filename = param->data; 2838c2ecf20Sopenharmony_ci 2848c2ecf20Sopenharmony_ci if (*filename == '@') 2858c2ecf20Sopenharmony_ci return tomoyo_parse_name_union(param, ptr); 2868c2ecf20Sopenharmony_ci ptr->filename = tomoyo_get_dqword(filename); 2878c2ecf20Sopenharmony_ci return ptr->filename != NULL; 2888c2ecf20Sopenharmony_ci} 2898c2ecf20Sopenharmony_ci 2908c2ecf20Sopenharmony_ci/** 2918c2ecf20Sopenharmony_ci * tomoyo_parse_argv - Parse an argv[] condition part. 2928c2ecf20Sopenharmony_ci * 2938c2ecf20Sopenharmony_ci * @left: Lefthand value. 2948c2ecf20Sopenharmony_ci * @right: Righthand value. 2958c2ecf20Sopenharmony_ci * @argv: Pointer to "struct tomoyo_argv". 2968c2ecf20Sopenharmony_ci * 2978c2ecf20Sopenharmony_ci * Returns true on success, false otherwise. 2988c2ecf20Sopenharmony_ci */ 2998c2ecf20Sopenharmony_cistatic bool tomoyo_parse_argv(char *left, char *right, 3008c2ecf20Sopenharmony_ci struct tomoyo_argv *argv) 3018c2ecf20Sopenharmony_ci{ 3028c2ecf20Sopenharmony_ci if (tomoyo_parse_ulong(&argv->index, &left) != 3038c2ecf20Sopenharmony_ci TOMOYO_VALUE_TYPE_DECIMAL || *left++ != ']' || *left) 3048c2ecf20Sopenharmony_ci return false; 3058c2ecf20Sopenharmony_ci argv->value = tomoyo_get_dqword(right); 3068c2ecf20Sopenharmony_ci return argv->value != NULL; 3078c2ecf20Sopenharmony_ci} 3088c2ecf20Sopenharmony_ci 3098c2ecf20Sopenharmony_ci/** 3108c2ecf20Sopenharmony_ci * tomoyo_parse_envp - Parse an envp[] condition part. 3118c2ecf20Sopenharmony_ci * 3128c2ecf20Sopenharmony_ci * @left: Lefthand value. 3138c2ecf20Sopenharmony_ci * @right: Righthand value. 3148c2ecf20Sopenharmony_ci * @envp: Pointer to "struct tomoyo_envp". 3158c2ecf20Sopenharmony_ci * 3168c2ecf20Sopenharmony_ci * Returns true on success, false otherwise. 3178c2ecf20Sopenharmony_ci */ 3188c2ecf20Sopenharmony_cistatic bool tomoyo_parse_envp(char *left, char *right, 3198c2ecf20Sopenharmony_ci struct tomoyo_envp *envp) 3208c2ecf20Sopenharmony_ci{ 3218c2ecf20Sopenharmony_ci const struct tomoyo_path_info *name; 3228c2ecf20Sopenharmony_ci const struct tomoyo_path_info *value; 3238c2ecf20Sopenharmony_ci char *cp = left + strlen(left) - 1; 3248c2ecf20Sopenharmony_ci 3258c2ecf20Sopenharmony_ci if (*cp-- != ']' || *cp != '"') 3268c2ecf20Sopenharmony_ci goto out; 3278c2ecf20Sopenharmony_ci *cp = '\0'; 3288c2ecf20Sopenharmony_ci if (!tomoyo_correct_word(left)) 3298c2ecf20Sopenharmony_ci goto out; 3308c2ecf20Sopenharmony_ci name = tomoyo_get_name(left); 3318c2ecf20Sopenharmony_ci if (!name) 3328c2ecf20Sopenharmony_ci goto out; 3338c2ecf20Sopenharmony_ci if (!strcmp(right, "NULL")) { 3348c2ecf20Sopenharmony_ci value = NULL; 3358c2ecf20Sopenharmony_ci } else { 3368c2ecf20Sopenharmony_ci value = tomoyo_get_dqword(right); 3378c2ecf20Sopenharmony_ci if (!value) { 3388c2ecf20Sopenharmony_ci tomoyo_put_name(name); 3398c2ecf20Sopenharmony_ci goto out; 3408c2ecf20Sopenharmony_ci } 3418c2ecf20Sopenharmony_ci } 3428c2ecf20Sopenharmony_ci envp->name = name; 3438c2ecf20Sopenharmony_ci envp->value = value; 3448c2ecf20Sopenharmony_ci return true; 3458c2ecf20Sopenharmony_ciout: 3468c2ecf20Sopenharmony_ci return false; 3478c2ecf20Sopenharmony_ci} 3488c2ecf20Sopenharmony_ci 3498c2ecf20Sopenharmony_ci/** 3508c2ecf20Sopenharmony_ci * tomoyo_same_condition - Check for duplicated "struct tomoyo_condition" entry. 3518c2ecf20Sopenharmony_ci * 3528c2ecf20Sopenharmony_ci * @a: Pointer to "struct tomoyo_condition". 3538c2ecf20Sopenharmony_ci * @b: Pointer to "struct tomoyo_condition". 3548c2ecf20Sopenharmony_ci * 3558c2ecf20Sopenharmony_ci * Returns true if @a == @b, false otherwise. 3568c2ecf20Sopenharmony_ci */ 3578c2ecf20Sopenharmony_cistatic inline bool tomoyo_same_condition(const struct tomoyo_condition *a, 3588c2ecf20Sopenharmony_ci const struct tomoyo_condition *b) 3598c2ecf20Sopenharmony_ci{ 3608c2ecf20Sopenharmony_ci return a->size == b->size && a->condc == b->condc && 3618c2ecf20Sopenharmony_ci a->numbers_count == b->numbers_count && 3628c2ecf20Sopenharmony_ci a->names_count == b->names_count && 3638c2ecf20Sopenharmony_ci a->argc == b->argc && a->envc == b->envc && 3648c2ecf20Sopenharmony_ci a->grant_log == b->grant_log && a->transit == b->transit && 3658c2ecf20Sopenharmony_ci !memcmp(a + 1, b + 1, a->size - sizeof(*a)); 3668c2ecf20Sopenharmony_ci} 3678c2ecf20Sopenharmony_ci 3688c2ecf20Sopenharmony_ci/** 3698c2ecf20Sopenharmony_ci * tomoyo_condition_type - Get condition type. 3708c2ecf20Sopenharmony_ci * 3718c2ecf20Sopenharmony_ci * @word: Keyword string. 3728c2ecf20Sopenharmony_ci * 3738c2ecf20Sopenharmony_ci * Returns one of values in "enum tomoyo_conditions_index" on success, 3748c2ecf20Sopenharmony_ci * TOMOYO_MAX_CONDITION_KEYWORD otherwise. 3758c2ecf20Sopenharmony_ci */ 3768c2ecf20Sopenharmony_cistatic u8 tomoyo_condition_type(const char *word) 3778c2ecf20Sopenharmony_ci{ 3788c2ecf20Sopenharmony_ci u8 i; 3798c2ecf20Sopenharmony_ci 3808c2ecf20Sopenharmony_ci for (i = 0; i < TOMOYO_MAX_CONDITION_KEYWORD; i++) { 3818c2ecf20Sopenharmony_ci if (!strcmp(word, tomoyo_condition_keyword[i])) 3828c2ecf20Sopenharmony_ci break; 3838c2ecf20Sopenharmony_ci } 3848c2ecf20Sopenharmony_ci return i; 3858c2ecf20Sopenharmony_ci} 3868c2ecf20Sopenharmony_ci 3878c2ecf20Sopenharmony_ci/* Define this to enable debug mode. */ 3888c2ecf20Sopenharmony_ci/* #define DEBUG_CONDITION */ 3898c2ecf20Sopenharmony_ci 3908c2ecf20Sopenharmony_ci#ifdef DEBUG_CONDITION 3918c2ecf20Sopenharmony_ci#define dprintk printk 3928c2ecf20Sopenharmony_ci#else 3938c2ecf20Sopenharmony_ci#define dprintk(...) do { } while (0) 3948c2ecf20Sopenharmony_ci#endif 3958c2ecf20Sopenharmony_ci 3968c2ecf20Sopenharmony_ci/** 3978c2ecf20Sopenharmony_ci * tomoyo_commit_condition - Commit "struct tomoyo_condition". 3988c2ecf20Sopenharmony_ci * 3998c2ecf20Sopenharmony_ci * @entry: Pointer to "struct tomoyo_condition". 4008c2ecf20Sopenharmony_ci * 4018c2ecf20Sopenharmony_ci * Returns pointer to "struct tomoyo_condition" on success, NULL otherwise. 4028c2ecf20Sopenharmony_ci * 4038c2ecf20Sopenharmony_ci * This function merges duplicated entries. This function returns NULL if 4048c2ecf20Sopenharmony_ci * @entry is not duplicated but memory quota for policy has exceeded. 4058c2ecf20Sopenharmony_ci */ 4068c2ecf20Sopenharmony_cistatic struct tomoyo_condition *tomoyo_commit_condition 4078c2ecf20Sopenharmony_ci(struct tomoyo_condition *entry) 4088c2ecf20Sopenharmony_ci{ 4098c2ecf20Sopenharmony_ci struct tomoyo_condition *ptr; 4108c2ecf20Sopenharmony_ci bool found = false; 4118c2ecf20Sopenharmony_ci 4128c2ecf20Sopenharmony_ci if (mutex_lock_interruptible(&tomoyo_policy_lock)) { 4138c2ecf20Sopenharmony_ci dprintk(KERN_WARNING "%u: %s failed\n", __LINE__, __func__); 4148c2ecf20Sopenharmony_ci ptr = NULL; 4158c2ecf20Sopenharmony_ci found = true; 4168c2ecf20Sopenharmony_ci goto out; 4178c2ecf20Sopenharmony_ci } 4188c2ecf20Sopenharmony_ci list_for_each_entry(ptr, &tomoyo_condition_list, head.list) { 4198c2ecf20Sopenharmony_ci if (!tomoyo_same_condition(ptr, entry) || 4208c2ecf20Sopenharmony_ci atomic_read(&ptr->head.users) == TOMOYO_GC_IN_PROGRESS) 4218c2ecf20Sopenharmony_ci continue; 4228c2ecf20Sopenharmony_ci /* Same entry found. Share this entry. */ 4238c2ecf20Sopenharmony_ci atomic_inc(&ptr->head.users); 4248c2ecf20Sopenharmony_ci found = true; 4258c2ecf20Sopenharmony_ci break; 4268c2ecf20Sopenharmony_ci } 4278c2ecf20Sopenharmony_ci if (!found) { 4288c2ecf20Sopenharmony_ci if (tomoyo_memory_ok(entry)) { 4298c2ecf20Sopenharmony_ci atomic_set(&entry->head.users, 1); 4308c2ecf20Sopenharmony_ci list_add(&entry->head.list, &tomoyo_condition_list); 4318c2ecf20Sopenharmony_ci } else { 4328c2ecf20Sopenharmony_ci found = true; 4338c2ecf20Sopenharmony_ci ptr = NULL; 4348c2ecf20Sopenharmony_ci } 4358c2ecf20Sopenharmony_ci } 4368c2ecf20Sopenharmony_ci mutex_unlock(&tomoyo_policy_lock); 4378c2ecf20Sopenharmony_ciout: 4388c2ecf20Sopenharmony_ci if (found) { 4398c2ecf20Sopenharmony_ci tomoyo_del_condition(&entry->head.list); 4408c2ecf20Sopenharmony_ci kfree(entry); 4418c2ecf20Sopenharmony_ci entry = ptr; 4428c2ecf20Sopenharmony_ci } 4438c2ecf20Sopenharmony_ci return entry; 4448c2ecf20Sopenharmony_ci} 4458c2ecf20Sopenharmony_ci 4468c2ecf20Sopenharmony_ci/** 4478c2ecf20Sopenharmony_ci * tomoyo_get_transit_preference - Parse domain transition preference for execve(). 4488c2ecf20Sopenharmony_ci * 4498c2ecf20Sopenharmony_ci * @param: Pointer to "struct tomoyo_acl_param". 4508c2ecf20Sopenharmony_ci * @e: Pointer to "struct tomoyo_condition". 4518c2ecf20Sopenharmony_ci * 4528c2ecf20Sopenharmony_ci * Returns the condition string part. 4538c2ecf20Sopenharmony_ci */ 4548c2ecf20Sopenharmony_cistatic char *tomoyo_get_transit_preference(struct tomoyo_acl_param *param, 4558c2ecf20Sopenharmony_ci struct tomoyo_condition *e) 4568c2ecf20Sopenharmony_ci{ 4578c2ecf20Sopenharmony_ci char * const pos = param->data; 4588c2ecf20Sopenharmony_ci bool flag; 4598c2ecf20Sopenharmony_ci 4608c2ecf20Sopenharmony_ci if (*pos == '<') { 4618c2ecf20Sopenharmony_ci e->transit = tomoyo_get_domainname(param); 4628c2ecf20Sopenharmony_ci goto done; 4638c2ecf20Sopenharmony_ci } 4648c2ecf20Sopenharmony_ci { 4658c2ecf20Sopenharmony_ci char *cp = strchr(pos, ' '); 4668c2ecf20Sopenharmony_ci 4678c2ecf20Sopenharmony_ci if (cp) 4688c2ecf20Sopenharmony_ci *cp = '\0'; 4698c2ecf20Sopenharmony_ci flag = tomoyo_correct_path(pos) || !strcmp(pos, "keep") || 4708c2ecf20Sopenharmony_ci !strcmp(pos, "initialize") || !strcmp(pos, "reset") || 4718c2ecf20Sopenharmony_ci !strcmp(pos, "child") || !strcmp(pos, "parent"); 4728c2ecf20Sopenharmony_ci if (cp) 4738c2ecf20Sopenharmony_ci *cp = ' '; 4748c2ecf20Sopenharmony_ci } 4758c2ecf20Sopenharmony_ci if (!flag) 4768c2ecf20Sopenharmony_ci return pos; 4778c2ecf20Sopenharmony_ci e->transit = tomoyo_get_name(tomoyo_read_token(param)); 4788c2ecf20Sopenharmony_cidone: 4798c2ecf20Sopenharmony_ci if (e->transit) 4808c2ecf20Sopenharmony_ci return param->data; 4818c2ecf20Sopenharmony_ci /* 4828c2ecf20Sopenharmony_ci * Return a bad read-only condition string that will let 4838c2ecf20Sopenharmony_ci * tomoyo_get_condition() return NULL. 4848c2ecf20Sopenharmony_ci */ 4858c2ecf20Sopenharmony_ci return "/"; 4868c2ecf20Sopenharmony_ci} 4878c2ecf20Sopenharmony_ci 4888c2ecf20Sopenharmony_ci/** 4898c2ecf20Sopenharmony_ci * tomoyo_get_condition - Parse condition part. 4908c2ecf20Sopenharmony_ci * 4918c2ecf20Sopenharmony_ci * @param: Pointer to "struct tomoyo_acl_param". 4928c2ecf20Sopenharmony_ci * 4938c2ecf20Sopenharmony_ci * Returns pointer to "struct tomoyo_condition" on success, NULL otherwise. 4948c2ecf20Sopenharmony_ci */ 4958c2ecf20Sopenharmony_cistruct tomoyo_condition *tomoyo_get_condition(struct tomoyo_acl_param *param) 4968c2ecf20Sopenharmony_ci{ 4978c2ecf20Sopenharmony_ci struct tomoyo_condition *entry = NULL; 4988c2ecf20Sopenharmony_ci struct tomoyo_condition_element *condp = NULL; 4998c2ecf20Sopenharmony_ci struct tomoyo_number_union *numbers_p = NULL; 5008c2ecf20Sopenharmony_ci struct tomoyo_name_union *names_p = NULL; 5018c2ecf20Sopenharmony_ci struct tomoyo_argv *argv = NULL; 5028c2ecf20Sopenharmony_ci struct tomoyo_envp *envp = NULL; 5038c2ecf20Sopenharmony_ci struct tomoyo_condition e = { }; 5048c2ecf20Sopenharmony_ci char * const start_of_string = 5058c2ecf20Sopenharmony_ci tomoyo_get_transit_preference(param, &e); 5068c2ecf20Sopenharmony_ci char * const end_of_string = start_of_string + strlen(start_of_string); 5078c2ecf20Sopenharmony_ci char *pos; 5088c2ecf20Sopenharmony_ci 5098c2ecf20Sopenharmony_cirerun: 5108c2ecf20Sopenharmony_ci pos = start_of_string; 5118c2ecf20Sopenharmony_ci while (1) { 5128c2ecf20Sopenharmony_ci u8 left = -1; 5138c2ecf20Sopenharmony_ci u8 right = -1; 5148c2ecf20Sopenharmony_ci char *left_word = pos; 5158c2ecf20Sopenharmony_ci char *cp; 5168c2ecf20Sopenharmony_ci char *right_word; 5178c2ecf20Sopenharmony_ci bool is_not; 5188c2ecf20Sopenharmony_ci 5198c2ecf20Sopenharmony_ci if (!*left_word) 5208c2ecf20Sopenharmony_ci break; 5218c2ecf20Sopenharmony_ci /* 5228c2ecf20Sopenharmony_ci * Since left-hand condition does not allow use of "path_group" 5238c2ecf20Sopenharmony_ci * or "number_group" and environment variable's names do not 5248c2ecf20Sopenharmony_ci * accept '=', it is guaranteed that the original line consists 5258c2ecf20Sopenharmony_ci * of one or more repetition of $left$operator$right blocks 5268c2ecf20Sopenharmony_ci * where "$left is free from '=' and ' '" and "$operator is 5278c2ecf20Sopenharmony_ci * either '=' or '!='" and "$right is free from ' '". 5288c2ecf20Sopenharmony_ci * Therefore, we can reconstruct the original line at the end 5298c2ecf20Sopenharmony_ci * of dry run even if we overwrite $operator with '\0'. 5308c2ecf20Sopenharmony_ci */ 5318c2ecf20Sopenharmony_ci cp = strchr(pos, ' '); 5328c2ecf20Sopenharmony_ci if (cp) { 5338c2ecf20Sopenharmony_ci *cp = '\0'; /* Will restore later. */ 5348c2ecf20Sopenharmony_ci pos = cp + 1; 5358c2ecf20Sopenharmony_ci } else { 5368c2ecf20Sopenharmony_ci pos = ""; 5378c2ecf20Sopenharmony_ci } 5388c2ecf20Sopenharmony_ci right_word = strchr(left_word, '='); 5398c2ecf20Sopenharmony_ci if (!right_word || right_word == left_word) 5408c2ecf20Sopenharmony_ci goto out; 5418c2ecf20Sopenharmony_ci is_not = *(right_word - 1) == '!'; 5428c2ecf20Sopenharmony_ci if (is_not) 5438c2ecf20Sopenharmony_ci *(right_word++ - 1) = '\0'; /* Will restore later. */ 5448c2ecf20Sopenharmony_ci else if (*(right_word + 1) != '=') 5458c2ecf20Sopenharmony_ci *right_word++ = '\0'; /* Will restore later. */ 5468c2ecf20Sopenharmony_ci else 5478c2ecf20Sopenharmony_ci goto out; 5488c2ecf20Sopenharmony_ci dprintk(KERN_WARNING "%u: <%s>%s=<%s>\n", __LINE__, left_word, 5498c2ecf20Sopenharmony_ci is_not ? "!" : "", right_word); 5508c2ecf20Sopenharmony_ci if (!strcmp(left_word, "grant_log")) { 5518c2ecf20Sopenharmony_ci if (entry) { 5528c2ecf20Sopenharmony_ci if (is_not || 5538c2ecf20Sopenharmony_ci entry->grant_log != TOMOYO_GRANTLOG_AUTO) 5548c2ecf20Sopenharmony_ci goto out; 5558c2ecf20Sopenharmony_ci else if (!strcmp(right_word, "yes")) 5568c2ecf20Sopenharmony_ci entry->grant_log = TOMOYO_GRANTLOG_YES; 5578c2ecf20Sopenharmony_ci else if (!strcmp(right_word, "no")) 5588c2ecf20Sopenharmony_ci entry->grant_log = TOMOYO_GRANTLOG_NO; 5598c2ecf20Sopenharmony_ci else 5608c2ecf20Sopenharmony_ci goto out; 5618c2ecf20Sopenharmony_ci } 5628c2ecf20Sopenharmony_ci continue; 5638c2ecf20Sopenharmony_ci } 5648c2ecf20Sopenharmony_ci if (!strncmp(left_word, "exec.argv[", 10)) { 5658c2ecf20Sopenharmony_ci if (!argv) { 5668c2ecf20Sopenharmony_ci e.argc++; 5678c2ecf20Sopenharmony_ci e.condc++; 5688c2ecf20Sopenharmony_ci } else { 5698c2ecf20Sopenharmony_ci e.argc--; 5708c2ecf20Sopenharmony_ci e.condc--; 5718c2ecf20Sopenharmony_ci left = TOMOYO_ARGV_ENTRY; 5728c2ecf20Sopenharmony_ci argv->is_not = is_not; 5738c2ecf20Sopenharmony_ci if (!tomoyo_parse_argv(left_word + 10, 5748c2ecf20Sopenharmony_ci right_word, argv++)) 5758c2ecf20Sopenharmony_ci goto out; 5768c2ecf20Sopenharmony_ci } 5778c2ecf20Sopenharmony_ci goto store_value; 5788c2ecf20Sopenharmony_ci } 5798c2ecf20Sopenharmony_ci if (!strncmp(left_word, "exec.envp[\"", 11)) { 5808c2ecf20Sopenharmony_ci if (!envp) { 5818c2ecf20Sopenharmony_ci e.envc++; 5828c2ecf20Sopenharmony_ci e.condc++; 5838c2ecf20Sopenharmony_ci } else { 5848c2ecf20Sopenharmony_ci e.envc--; 5858c2ecf20Sopenharmony_ci e.condc--; 5868c2ecf20Sopenharmony_ci left = TOMOYO_ENVP_ENTRY; 5878c2ecf20Sopenharmony_ci envp->is_not = is_not; 5888c2ecf20Sopenharmony_ci if (!tomoyo_parse_envp(left_word + 11, 5898c2ecf20Sopenharmony_ci right_word, envp++)) 5908c2ecf20Sopenharmony_ci goto out; 5918c2ecf20Sopenharmony_ci } 5928c2ecf20Sopenharmony_ci goto store_value; 5938c2ecf20Sopenharmony_ci } 5948c2ecf20Sopenharmony_ci left = tomoyo_condition_type(left_word); 5958c2ecf20Sopenharmony_ci dprintk(KERN_WARNING "%u: <%s> left=%u\n", __LINE__, left_word, 5968c2ecf20Sopenharmony_ci left); 5978c2ecf20Sopenharmony_ci if (left == TOMOYO_MAX_CONDITION_KEYWORD) { 5988c2ecf20Sopenharmony_ci if (!numbers_p) { 5998c2ecf20Sopenharmony_ci e.numbers_count++; 6008c2ecf20Sopenharmony_ci } else { 6018c2ecf20Sopenharmony_ci e.numbers_count--; 6028c2ecf20Sopenharmony_ci left = TOMOYO_NUMBER_UNION; 6038c2ecf20Sopenharmony_ci param->data = left_word; 6048c2ecf20Sopenharmony_ci if (*left_word == '@' || 6058c2ecf20Sopenharmony_ci !tomoyo_parse_number_union(param, 6068c2ecf20Sopenharmony_ci numbers_p++)) 6078c2ecf20Sopenharmony_ci goto out; 6088c2ecf20Sopenharmony_ci } 6098c2ecf20Sopenharmony_ci } 6108c2ecf20Sopenharmony_ci if (!condp) 6118c2ecf20Sopenharmony_ci e.condc++; 6128c2ecf20Sopenharmony_ci else 6138c2ecf20Sopenharmony_ci e.condc--; 6148c2ecf20Sopenharmony_ci if (left == TOMOYO_EXEC_REALPATH || 6158c2ecf20Sopenharmony_ci left == TOMOYO_SYMLINK_TARGET) { 6168c2ecf20Sopenharmony_ci if (!names_p) { 6178c2ecf20Sopenharmony_ci e.names_count++; 6188c2ecf20Sopenharmony_ci } else { 6198c2ecf20Sopenharmony_ci e.names_count--; 6208c2ecf20Sopenharmony_ci right = TOMOYO_NAME_UNION; 6218c2ecf20Sopenharmony_ci param->data = right_word; 6228c2ecf20Sopenharmony_ci if (!tomoyo_parse_name_union_quoted(param, 6238c2ecf20Sopenharmony_ci names_p++)) 6248c2ecf20Sopenharmony_ci goto out; 6258c2ecf20Sopenharmony_ci } 6268c2ecf20Sopenharmony_ci goto store_value; 6278c2ecf20Sopenharmony_ci } 6288c2ecf20Sopenharmony_ci right = tomoyo_condition_type(right_word); 6298c2ecf20Sopenharmony_ci if (right == TOMOYO_MAX_CONDITION_KEYWORD) { 6308c2ecf20Sopenharmony_ci if (!numbers_p) { 6318c2ecf20Sopenharmony_ci e.numbers_count++; 6328c2ecf20Sopenharmony_ci } else { 6338c2ecf20Sopenharmony_ci e.numbers_count--; 6348c2ecf20Sopenharmony_ci right = TOMOYO_NUMBER_UNION; 6358c2ecf20Sopenharmony_ci param->data = right_word; 6368c2ecf20Sopenharmony_ci if (!tomoyo_parse_number_union(param, 6378c2ecf20Sopenharmony_ci numbers_p++)) 6388c2ecf20Sopenharmony_ci goto out; 6398c2ecf20Sopenharmony_ci } 6408c2ecf20Sopenharmony_ci } 6418c2ecf20Sopenharmony_cistore_value: 6428c2ecf20Sopenharmony_ci if (!condp) { 6438c2ecf20Sopenharmony_ci dprintk(KERN_WARNING "%u: dry_run left=%u right=%u match=%u\n", 6448c2ecf20Sopenharmony_ci __LINE__, left, right, !is_not); 6458c2ecf20Sopenharmony_ci continue; 6468c2ecf20Sopenharmony_ci } 6478c2ecf20Sopenharmony_ci condp->left = left; 6488c2ecf20Sopenharmony_ci condp->right = right; 6498c2ecf20Sopenharmony_ci condp->equals = !is_not; 6508c2ecf20Sopenharmony_ci dprintk(KERN_WARNING "%u: left=%u right=%u match=%u\n", 6518c2ecf20Sopenharmony_ci __LINE__, condp->left, condp->right, 6528c2ecf20Sopenharmony_ci condp->equals); 6538c2ecf20Sopenharmony_ci condp++; 6548c2ecf20Sopenharmony_ci } 6558c2ecf20Sopenharmony_ci dprintk(KERN_INFO "%u: cond=%u numbers=%u names=%u ac=%u ec=%u\n", 6568c2ecf20Sopenharmony_ci __LINE__, e.condc, e.numbers_count, e.names_count, e.argc, 6578c2ecf20Sopenharmony_ci e.envc); 6588c2ecf20Sopenharmony_ci if (entry) { 6598c2ecf20Sopenharmony_ci BUG_ON(e.names_count | e.numbers_count | e.argc | e.envc | 6608c2ecf20Sopenharmony_ci e.condc); 6618c2ecf20Sopenharmony_ci return tomoyo_commit_condition(entry); 6628c2ecf20Sopenharmony_ci } 6638c2ecf20Sopenharmony_ci e.size = sizeof(*entry) 6648c2ecf20Sopenharmony_ci + e.condc * sizeof(struct tomoyo_condition_element) 6658c2ecf20Sopenharmony_ci + e.numbers_count * sizeof(struct tomoyo_number_union) 6668c2ecf20Sopenharmony_ci + e.names_count * sizeof(struct tomoyo_name_union) 6678c2ecf20Sopenharmony_ci + e.argc * sizeof(struct tomoyo_argv) 6688c2ecf20Sopenharmony_ci + e.envc * sizeof(struct tomoyo_envp); 6698c2ecf20Sopenharmony_ci entry = kzalloc(e.size, GFP_NOFS); 6708c2ecf20Sopenharmony_ci if (!entry) 6718c2ecf20Sopenharmony_ci goto out2; 6728c2ecf20Sopenharmony_ci *entry = e; 6738c2ecf20Sopenharmony_ci e.transit = NULL; 6748c2ecf20Sopenharmony_ci condp = (struct tomoyo_condition_element *) (entry + 1); 6758c2ecf20Sopenharmony_ci numbers_p = (struct tomoyo_number_union *) (condp + e.condc); 6768c2ecf20Sopenharmony_ci names_p = (struct tomoyo_name_union *) (numbers_p + e.numbers_count); 6778c2ecf20Sopenharmony_ci argv = (struct tomoyo_argv *) (names_p + e.names_count); 6788c2ecf20Sopenharmony_ci envp = (struct tomoyo_envp *) (argv + e.argc); 6798c2ecf20Sopenharmony_ci { 6808c2ecf20Sopenharmony_ci bool flag = false; 6818c2ecf20Sopenharmony_ci 6828c2ecf20Sopenharmony_ci for (pos = start_of_string; pos < end_of_string; pos++) { 6838c2ecf20Sopenharmony_ci if (*pos) 6848c2ecf20Sopenharmony_ci continue; 6858c2ecf20Sopenharmony_ci if (flag) /* Restore " ". */ 6868c2ecf20Sopenharmony_ci *pos = ' '; 6878c2ecf20Sopenharmony_ci else if (*(pos + 1) == '=') /* Restore "!=". */ 6888c2ecf20Sopenharmony_ci *pos = '!'; 6898c2ecf20Sopenharmony_ci else /* Restore "=". */ 6908c2ecf20Sopenharmony_ci *pos = '='; 6918c2ecf20Sopenharmony_ci flag = !flag; 6928c2ecf20Sopenharmony_ci } 6938c2ecf20Sopenharmony_ci } 6948c2ecf20Sopenharmony_ci goto rerun; 6958c2ecf20Sopenharmony_ciout: 6968c2ecf20Sopenharmony_ci dprintk(KERN_WARNING "%u: %s failed\n", __LINE__, __func__); 6978c2ecf20Sopenharmony_ci if (entry) { 6988c2ecf20Sopenharmony_ci tomoyo_del_condition(&entry->head.list); 6998c2ecf20Sopenharmony_ci kfree(entry); 7008c2ecf20Sopenharmony_ci } 7018c2ecf20Sopenharmony_ciout2: 7028c2ecf20Sopenharmony_ci tomoyo_put_name(e.transit); 7038c2ecf20Sopenharmony_ci return NULL; 7048c2ecf20Sopenharmony_ci} 7058c2ecf20Sopenharmony_ci 7068c2ecf20Sopenharmony_ci/** 7078c2ecf20Sopenharmony_ci * tomoyo_get_attributes - Revalidate "struct inode". 7088c2ecf20Sopenharmony_ci * 7098c2ecf20Sopenharmony_ci * @obj: Pointer to "struct tomoyo_obj_info". 7108c2ecf20Sopenharmony_ci * 7118c2ecf20Sopenharmony_ci * Returns nothing. 7128c2ecf20Sopenharmony_ci */ 7138c2ecf20Sopenharmony_civoid tomoyo_get_attributes(struct tomoyo_obj_info *obj) 7148c2ecf20Sopenharmony_ci{ 7158c2ecf20Sopenharmony_ci u8 i; 7168c2ecf20Sopenharmony_ci struct dentry *dentry = NULL; 7178c2ecf20Sopenharmony_ci 7188c2ecf20Sopenharmony_ci for (i = 0; i < TOMOYO_MAX_PATH_STAT; i++) { 7198c2ecf20Sopenharmony_ci struct inode *inode; 7208c2ecf20Sopenharmony_ci 7218c2ecf20Sopenharmony_ci switch (i) { 7228c2ecf20Sopenharmony_ci case TOMOYO_PATH1: 7238c2ecf20Sopenharmony_ci dentry = obj->path1.dentry; 7248c2ecf20Sopenharmony_ci if (!dentry) 7258c2ecf20Sopenharmony_ci continue; 7268c2ecf20Sopenharmony_ci break; 7278c2ecf20Sopenharmony_ci case TOMOYO_PATH2: 7288c2ecf20Sopenharmony_ci dentry = obj->path2.dentry; 7298c2ecf20Sopenharmony_ci if (!dentry) 7308c2ecf20Sopenharmony_ci continue; 7318c2ecf20Sopenharmony_ci break; 7328c2ecf20Sopenharmony_ci default: 7338c2ecf20Sopenharmony_ci if (!dentry) 7348c2ecf20Sopenharmony_ci continue; 7358c2ecf20Sopenharmony_ci dentry = dget_parent(dentry); 7368c2ecf20Sopenharmony_ci break; 7378c2ecf20Sopenharmony_ci } 7388c2ecf20Sopenharmony_ci inode = d_backing_inode(dentry); 7398c2ecf20Sopenharmony_ci if (inode) { 7408c2ecf20Sopenharmony_ci struct tomoyo_mini_stat *stat = &obj->stat[i]; 7418c2ecf20Sopenharmony_ci 7428c2ecf20Sopenharmony_ci stat->uid = inode->i_uid; 7438c2ecf20Sopenharmony_ci stat->gid = inode->i_gid; 7448c2ecf20Sopenharmony_ci stat->ino = inode->i_ino; 7458c2ecf20Sopenharmony_ci stat->mode = inode->i_mode; 7468c2ecf20Sopenharmony_ci stat->dev = inode->i_sb->s_dev; 7478c2ecf20Sopenharmony_ci stat->rdev = inode->i_rdev; 7488c2ecf20Sopenharmony_ci obj->stat_valid[i] = true; 7498c2ecf20Sopenharmony_ci } 7508c2ecf20Sopenharmony_ci if (i & 1) /* TOMOYO_PATH1_PARENT or TOMOYO_PATH2_PARENT */ 7518c2ecf20Sopenharmony_ci dput(dentry); 7528c2ecf20Sopenharmony_ci } 7538c2ecf20Sopenharmony_ci} 7548c2ecf20Sopenharmony_ci 7558c2ecf20Sopenharmony_ci/** 7568c2ecf20Sopenharmony_ci * tomoyo_condition - Check condition part. 7578c2ecf20Sopenharmony_ci * 7588c2ecf20Sopenharmony_ci * @r: Pointer to "struct tomoyo_request_info". 7598c2ecf20Sopenharmony_ci * @cond: Pointer to "struct tomoyo_condition". Maybe NULL. 7608c2ecf20Sopenharmony_ci * 7618c2ecf20Sopenharmony_ci * Returns true on success, false otherwise. 7628c2ecf20Sopenharmony_ci * 7638c2ecf20Sopenharmony_ci * Caller holds tomoyo_read_lock(). 7648c2ecf20Sopenharmony_ci */ 7658c2ecf20Sopenharmony_cibool tomoyo_condition(struct tomoyo_request_info *r, 7668c2ecf20Sopenharmony_ci const struct tomoyo_condition *cond) 7678c2ecf20Sopenharmony_ci{ 7688c2ecf20Sopenharmony_ci u32 i; 7698c2ecf20Sopenharmony_ci unsigned long min_v[2] = { 0, 0 }; 7708c2ecf20Sopenharmony_ci unsigned long max_v[2] = { 0, 0 }; 7718c2ecf20Sopenharmony_ci const struct tomoyo_condition_element *condp; 7728c2ecf20Sopenharmony_ci const struct tomoyo_number_union *numbers_p; 7738c2ecf20Sopenharmony_ci const struct tomoyo_name_union *names_p; 7748c2ecf20Sopenharmony_ci const struct tomoyo_argv *argv; 7758c2ecf20Sopenharmony_ci const struct tomoyo_envp *envp; 7768c2ecf20Sopenharmony_ci struct tomoyo_obj_info *obj; 7778c2ecf20Sopenharmony_ci u16 condc; 7788c2ecf20Sopenharmony_ci u16 argc; 7798c2ecf20Sopenharmony_ci u16 envc; 7808c2ecf20Sopenharmony_ci struct linux_binprm *bprm = NULL; 7818c2ecf20Sopenharmony_ci 7828c2ecf20Sopenharmony_ci if (!cond) 7838c2ecf20Sopenharmony_ci return true; 7848c2ecf20Sopenharmony_ci condc = cond->condc; 7858c2ecf20Sopenharmony_ci argc = cond->argc; 7868c2ecf20Sopenharmony_ci envc = cond->envc; 7878c2ecf20Sopenharmony_ci obj = r->obj; 7888c2ecf20Sopenharmony_ci if (r->ee) 7898c2ecf20Sopenharmony_ci bprm = r->ee->bprm; 7908c2ecf20Sopenharmony_ci if (!bprm && (argc || envc)) 7918c2ecf20Sopenharmony_ci return false; 7928c2ecf20Sopenharmony_ci condp = (struct tomoyo_condition_element *) (cond + 1); 7938c2ecf20Sopenharmony_ci numbers_p = (const struct tomoyo_number_union *) (condp + condc); 7948c2ecf20Sopenharmony_ci names_p = (const struct tomoyo_name_union *) 7958c2ecf20Sopenharmony_ci (numbers_p + cond->numbers_count); 7968c2ecf20Sopenharmony_ci argv = (const struct tomoyo_argv *) (names_p + cond->names_count); 7978c2ecf20Sopenharmony_ci envp = (const struct tomoyo_envp *) (argv + argc); 7988c2ecf20Sopenharmony_ci for (i = 0; i < condc; i++) { 7998c2ecf20Sopenharmony_ci const bool match = condp->equals; 8008c2ecf20Sopenharmony_ci const u8 left = condp->left; 8018c2ecf20Sopenharmony_ci const u8 right = condp->right; 8028c2ecf20Sopenharmony_ci bool is_bitop[2] = { false, false }; 8038c2ecf20Sopenharmony_ci u8 j; 8048c2ecf20Sopenharmony_ci 8058c2ecf20Sopenharmony_ci condp++; 8068c2ecf20Sopenharmony_ci /* Check argv[] and envp[] later. */ 8078c2ecf20Sopenharmony_ci if (left == TOMOYO_ARGV_ENTRY || left == TOMOYO_ENVP_ENTRY) 8088c2ecf20Sopenharmony_ci continue; 8098c2ecf20Sopenharmony_ci /* Check string expressions. */ 8108c2ecf20Sopenharmony_ci if (right == TOMOYO_NAME_UNION) { 8118c2ecf20Sopenharmony_ci const struct tomoyo_name_union *ptr = names_p++; 8128c2ecf20Sopenharmony_ci struct tomoyo_path_info *symlink; 8138c2ecf20Sopenharmony_ci struct tomoyo_execve *ee; 8148c2ecf20Sopenharmony_ci struct file *file; 8158c2ecf20Sopenharmony_ci 8168c2ecf20Sopenharmony_ci switch (left) { 8178c2ecf20Sopenharmony_ci case TOMOYO_SYMLINK_TARGET: 8188c2ecf20Sopenharmony_ci symlink = obj ? obj->symlink_target : NULL; 8198c2ecf20Sopenharmony_ci if (!symlink || 8208c2ecf20Sopenharmony_ci !tomoyo_compare_name_union(symlink, ptr) 8218c2ecf20Sopenharmony_ci == match) 8228c2ecf20Sopenharmony_ci goto out; 8238c2ecf20Sopenharmony_ci break; 8248c2ecf20Sopenharmony_ci case TOMOYO_EXEC_REALPATH: 8258c2ecf20Sopenharmony_ci ee = r->ee; 8268c2ecf20Sopenharmony_ci file = ee ? ee->bprm->file : NULL; 8278c2ecf20Sopenharmony_ci if (!tomoyo_scan_exec_realpath(file, ptr, 8288c2ecf20Sopenharmony_ci match)) 8298c2ecf20Sopenharmony_ci goto out; 8308c2ecf20Sopenharmony_ci break; 8318c2ecf20Sopenharmony_ci } 8328c2ecf20Sopenharmony_ci continue; 8338c2ecf20Sopenharmony_ci } 8348c2ecf20Sopenharmony_ci /* Check numeric or bit-op expressions. */ 8358c2ecf20Sopenharmony_ci for (j = 0; j < 2; j++) { 8368c2ecf20Sopenharmony_ci const u8 index = j ? right : left; 8378c2ecf20Sopenharmony_ci unsigned long value = 0; 8388c2ecf20Sopenharmony_ci 8398c2ecf20Sopenharmony_ci switch (index) { 8408c2ecf20Sopenharmony_ci case TOMOYO_TASK_UID: 8418c2ecf20Sopenharmony_ci value = from_kuid(&init_user_ns, current_uid()); 8428c2ecf20Sopenharmony_ci break; 8438c2ecf20Sopenharmony_ci case TOMOYO_TASK_EUID: 8448c2ecf20Sopenharmony_ci value = from_kuid(&init_user_ns, current_euid()); 8458c2ecf20Sopenharmony_ci break; 8468c2ecf20Sopenharmony_ci case TOMOYO_TASK_SUID: 8478c2ecf20Sopenharmony_ci value = from_kuid(&init_user_ns, current_suid()); 8488c2ecf20Sopenharmony_ci break; 8498c2ecf20Sopenharmony_ci case TOMOYO_TASK_FSUID: 8508c2ecf20Sopenharmony_ci value = from_kuid(&init_user_ns, current_fsuid()); 8518c2ecf20Sopenharmony_ci break; 8528c2ecf20Sopenharmony_ci case TOMOYO_TASK_GID: 8538c2ecf20Sopenharmony_ci value = from_kgid(&init_user_ns, current_gid()); 8548c2ecf20Sopenharmony_ci break; 8558c2ecf20Sopenharmony_ci case TOMOYO_TASK_EGID: 8568c2ecf20Sopenharmony_ci value = from_kgid(&init_user_ns, current_egid()); 8578c2ecf20Sopenharmony_ci break; 8588c2ecf20Sopenharmony_ci case TOMOYO_TASK_SGID: 8598c2ecf20Sopenharmony_ci value = from_kgid(&init_user_ns, current_sgid()); 8608c2ecf20Sopenharmony_ci break; 8618c2ecf20Sopenharmony_ci case TOMOYO_TASK_FSGID: 8628c2ecf20Sopenharmony_ci value = from_kgid(&init_user_ns, current_fsgid()); 8638c2ecf20Sopenharmony_ci break; 8648c2ecf20Sopenharmony_ci case TOMOYO_TASK_PID: 8658c2ecf20Sopenharmony_ci value = tomoyo_sys_getpid(); 8668c2ecf20Sopenharmony_ci break; 8678c2ecf20Sopenharmony_ci case TOMOYO_TASK_PPID: 8688c2ecf20Sopenharmony_ci value = tomoyo_sys_getppid(); 8698c2ecf20Sopenharmony_ci break; 8708c2ecf20Sopenharmony_ci case TOMOYO_TYPE_IS_SOCKET: 8718c2ecf20Sopenharmony_ci value = S_IFSOCK; 8728c2ecf20Sopenharmony_ci break; 8738c2ecf20Sopenharmony_ci case TOMOYO_TYPE_IS_SYMLINK: 8748c2ecf20Sopenharmony_ci value = S_IFLNK; 8758c2ecf20Sopenharmony_ci break; 8768c2ecf20Sopenharmony_ci case TOMOYO_TYPE_IS_FILE: 8778c2ecf20Sopenharmony_ci value = S_IFREG; 8788c2ecf20Sopenharmony_ci break; 8798c2ecf20Sopenharmony_ci case TOMOYO_TYPE_IS_BLOCK_DEV: 8808c2ecf20Sopenharmony_ci value = S_IFBLK; 8818c2ecf20Sopenharmony_ci break; 8828c2ecf20Sopenharmony_ci case TOMOYO_TYPE_IS_DIRECTORY: 8838c2ecf20Sopenharmony_ci value = S_IFDIR; 8848c2ecf20Sopenharmony_ci break; 8858c2ecf20Sopenharmony_ci case TOMOYO_TYPE_IS_CHAR_DEV: 8868c2ecf20Sopenharmony_ci value = S_IFCHR; 8878c2ecf20Sopenharmony_ci break; 8888c2ecf20Sopenharmony_ci case TOMOYO_TYPE_IS_FIFO: 8898c2ecf20Sopenharmony_ci value = S_IFIFO; 8908c2ecf20Sopenharmony_ci break; 8918c2ecf20Sopenharmony_ci case TOMOYO_MODE_SETUID: 8928c2ecf20Sopenharmony_ci value = S_ISUID; 8938c2ecf20Sopenharmony_ci break; 8948c2ecf20Sopenharmony_ci case TOMOYO_MODE_SETGID: 8958c2ecf20Sopenharmony_ci value = S_ISGID; 8968c2ecf20Sopenharmony_ci break; 8978c2ecf20Sopenharmony_ci case TOMOYO_MODE_STICKY: 8988c2ecf20Sopenharmony_ci value = S_ISVTX; 8998c2ecf20Sopenharmony_ci break; 9008c2ecf20Sopenharmony_ci case TOMOYO_MODE_OWNER_READ: 9018c2ecf20Sopenharmony_ci value = 0400; 9028c2ecf20Sopenharmony_ci break; 9038c2ecf20Sopenharmony_ci case TOMOYO_MODE_OWNER_WRITE: 9048c2ecf20Sopenharmony_ci value = 0200; 9058c2ecf20Sopenharmony_ci break; 9068c2ecf20Sopenharmony_ci case TOMOYO_MODE_OWNER_EXECUTE: 9078c2ecf20Sopenharmony_ci value = 0100; 9088c2ecf20Sopenharmony_ci break; 9098c2ecf20Sopenharmony_ci case TOMOYO_MODE_GROUP_READ: 9108c2ecf20Sopenharmony_ci value = 0040; 9118c2ecf20Sopenharmony_ci break; 9128c2ecf20Sopenharmony_ci case TOMOYO_MODE_GROUP_WRITE: 9138c2ecf20Sopenharmony_ci value = 0020; 9148c2ecf20Sopenharmony_ci break; 9158c2ecf20Sopenharmony_ci case TOMOYO_MODE_GROUP_EXECUTE: 9168c2ecf20Sopenharmony_ci value = 0010; 9178c2ecf20Sopenharmony_ci break; 9188c2ecf20Sopenharmony_ci case TOMOYO_MODE_OTHERS_READ: 9198c2ecf20Sopenharmony_ci value = 0004; 9208c2ecf20Sopenharmony_ci break; 9218c2ecf20Sopenharmony_ci case TOMOYO_MODE_OTHERS_WRITE: 9228c2ecf20Sopenharmony_ci value = 0002; 9238c2ecf20Sopenharmony_ci break; 9248c2ecf20Sopenharmony_ci case TOMOYO_MODE_OTHERS_EXECUTE: 9258c2ecf20Sopenharmony_ci value = 0001; 9268c2ecf20Sopenharmony_ci break; 9278c2ecf20Sopenharmony_ci case TOMOYO_EXEC_ARGC: 9288c2ecf20Sopenharmony_ci if (!bprm) 9298c2ecf20Sopenharmony_ci goto out; 9308c2ecf20Sopenharmony_ci value = bprm->argc; 9318c2ecf20Sopenharmony_ci break; 9328c2ecf20Sopenharmony_ci case TOMOYO_EXEC_ENVC: 9338c2ecf20Sopenharmony_ci if (!bprm) 9348c2ecf20Sopenharmony_ci goto out; 9358c2ecf20Sopenharmony_ci value = bprm->envc; 9368c2ecf20Sopenharmony_ci break; 9378c2ecf20Sopenharmony_ci case TOMOYO_NUMBER_UNION: 9388c2ecf20Sopenharmony_ci /* Fetch values later. */ 9398c2ecf20Sopenharmony_ci break; 9408c2ecf20Sopenharmony_ci default: 9418c2ecf20Sopenharmony_ci if (!obj) 9428c2ecf20Sopenharmony_ci goto out; 9438c2ecf20Sopenharmony_ci if (!obj->validate_done) { 9448c2ecf20Sopenharmony_ci tomoyo_get_attributes(obj); 9458c2ecf20Sopenharmony_ci obj->validate_done = true; 9468c2ecf20Sopenharmony_ci } 9478c2ecf20Sopenharmony_ci { 9488c2ecf20Sopenharmony_ci u8 stat_index; 9498c2ecf20Sopenharmony_ci struct tomoyo_mini_stat *stat; 9508c2ecf20Sopenharmony_ci 9518c2ecf20Sopenharmony_ci switch (index) { 9528c2ecf20Sopenharmony_ci case TOMOYO_PATH1_UID: 9538c2ecf20Sopenharmony_ci case TOMOYO_PATH1_GID: 9548c2ecf20Sopenharmony_ci case TOMOYO_PATH1_INO: 9558c2ecf20Sopenharmony_ci case TOMOYO_PATH1_MAJOR: 9568c2ecf20Sopenharmony_ci case TOMOYO_PATH1_MINOR: 9578c2ecf20Sopenharmony_ci case TOMOYO_PATH1_TYPE: 9588c2ecf20Sopenharmony_ci case TOMOYO_PATH1_DEV_MAJOR: 9598c2ecf20Sopenharmony_ci case TOMOYO_PATH1_DEV_MINOR: 9608c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PERM: 9618c2ecf20Sopenharmony_ci stat_index = TOMOYO_PATH1; 9628c2ecf20Sopenharmony_ci break; 9638c2ecf20Sopenharmony_ci case TOMOYO_PATH2_UID: 9648c2ecf20Sopenharmony_ci case TOMOYO_PATH2_GID: 9658c2ecf20Sopenharmony_ci case TOMOYO_PATH2_INO: 9668c2ecf20Sopenharmony_ci case TOMOYO_PATH2_MAJOR: 9678c2ecf20Sopenharmony_ci case TOMOYO_PATH2_MINOR: 9688c2ecf20Sopenharmony_ci case TOMOYO_PATH2_TYPE: 9698c2ecf20Sopenharmony_ci case TOMOYO_PATH2_DEV_MAJOR: 9708c2ecf20Sopenharmony_ci case TOMOYO_PATH2_DEV_MINOR: 9718c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PERM: 9728c2ecf20Sopenharmony_ci stat_index = TOMOYO_PATH2; 9738c2ecf20Sopenharmony_ci break; 9748c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PARENT_UID: 9758c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PARENT_GID: 9768c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PARENT_INO: 9778c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PARENT_PERM: 9788c2ecf20Sopenharmony_ci stat_index = 9798c2ecf20Sopenharmony_ci TOMOYO_PATH1_PARENT; 9808c2ecf20Sopenharmony_ci break; 9818c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PARENT_UID: 9828c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PARENT_GID: 9838c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PARENT_INO: 9848c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PARENT_PERM: 9858c2ecf20Sopenharmony_ci stat_index = 9868c2ecf20Sopenharmony_ci TOMOYO_PATH2_PARENT; 9878c2ecf20Sopenharmony_ci break; 9888c2ecf20Sopenharmony_ci default: 9898c2ecf20Sopenharmony_ci goto out; 9908c2ecf20Sopenharmony_ci } 9918c2ecf20Sopenharmony_ci if (!obj->stat_valid[stat_index]) 9928c2ecf20Sopenharmony_ci goto out; 9938c2ecf20Sopenharmony_ci stat = &obj->stat[stat_index]; 9948c2ecf20Sopenharmony_ci switch (index) { 9958c2ecf20Sopenharmony_ci case TOMOYO_PATH1_UID: 9968c2ecf20Sopenharmony_ci case TOMOYO_PATH2_UID: 9978c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PARENT_UID: 9988c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PARENT_UID: 9998c2ecf20Sopenharmony_ci value = from_kuid(&init_user_ns, stat->uid); 10008c2ecf20Sopenharmony_ci break; 10018c2ecf20Sopenharmony_ci case TOMOYO_PATH1_GID: 10028c2ecf20Sopenharmony_ci case TOMOYO_PATH2_GID: 10038c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PARENT_GID: 10048c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PARENT_GID: 10058c2ecf20Sopenharmony_ci value = from_kgid(&init_user_ns, stat->gid); 10068c2ecf20Sopenharmony_ci break; 10078c2ecf20Sopenharmony_ci case TOMOYO_PATH1_INO: 10088c2ecf20Sopenharmony_ci case TOMOYO_PATH2_INO: 10098c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PARENT_INO: 10108c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PARENT_INO: 10118c2ecf20Sopenharmony_ci value = stat->ino; 10128c2ecf20Sopenharmony_ci break; 10138c2ecf20Sopenharmony_ci case TOMOYO_PATH1_MAJOR: 10148c2ecf20Sopenharmony_ci case TOMOYO_PATH2_MAJOR: 10158c2ecf20Sopenharmony_ci value = MAJOR(stat->dev); 10168c2ecf20Sopenharmony_ci break; 10178c2ecf20Sopenharmony_ci case TOMOYO_PATH1_MINOR: 10188c2ecf20Sopenharmony_ci case TOMOYO_PATH2_MINOR: 10198c2ecf20Sopenharmony_ci value = MINOR(stat->dev); 10208c2ecf20Sopenharmony_ci break; 10218c2ecf20Sopenharmony_ci case TOMOYO_PATH1_TYPE: 10228c2ecf20Sopenharmony_ci case TOMOYO_PATH2_TYPE: 10238c2ecf20Sopenharmony_ci value = stat->mode & S_IFMT; 10248c2ecf20Sopenharmony_ci break; 10258c2ecf20Sopenharmony_ci case TOMOYO_PATH1_DEV_MAJOR: 10268c2ecf20Sopenharmony_ci case TOMOYO_PATH2_DEV_MAJOR: 10278c2ecf20Sopenharmony_ci value = MAJOR(stat->rdev); 10288c2ecf20Sopenharmony_ci break; 10298c2ecf20Sopenharmony_ci case TOMOYO_PATH1_DEV_MINOR: 10308c2ecf20Sopenharmony_ci case TOMOYO_PATH2_DEV_MINOR: 10318c2ecf20Sopenharmony_ci value = MINOR(stat->rdev); 10328c2ecf20Sopenharmony_ci break; 10338c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PERM: 10348c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PERM: 10358c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PARENT_PERM: 10368c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PARENT_PERM: 10378c2ecf20Sopenharmony_ci value = stat->mode & S_IALLUGO; 10388c2ecf20Sopenharmony_ci break; 10398c2ecf20Sopenharmony_ci } 10408c2ecf20Sopenharmony_ci } 10418c2ecf20Sopenharmony_ci break; 10428c2ecf20Sopenharmony_ci } 10438c2ecf20Sopenharmony_ci max_v[j] = value; 10448c2ecf20Sopenharmony_ci min_v[j] = value; 10458c2ecf20Sopenharmony_ci switch (index) { 10468c2ecf20Sopenharmony_ci case TOMOYO_MODE_SETUID: 10478c2ecf20Sopenharmony_ci case TOMOYO_MODE_SETGID: 10488c2ecf20Sopenharmony_ci case TOMOYO_MODE_STICKY: 10498c2ecf20Sopenharmony_ci case TOMOYO_MODE_OWNER_READ: 10508c2ecf20Sopenharmony_ci case TOMOYO_MODE_OWNER_WRITE: 10518c2ecf20Sopenharmony_ci case TOMOYO_MODE_OWNER_EXECUTE: 10528c2ecf20Sopenharmony_ci case TOMOYO_MODE_GROUP_READ: 10538c2ecf20Sopenharmony_ci case TOMOYO_MODE_GROUP_WRITE: 10548c2ecf20Sopenharmony_ci case TOMOYO_MODE_GROUP_EXECUTE: 10558c2ecf20Sopenharmony_ci case TOMOYO_MODE_OTHERS_READ: 10568c2ecf20Sopenharmony_ci case TOMOYO_MODE_OTHERS_WRITE: 10578c2ecf20Sopenharmony_ci case TOMOYO_MODE_OTHERS_EXECUTE: 10588c2ecf20Sopenharmony_ci is_bitop[j] = true; 10598c2ecf20Sopenharmony_ci } 10608c2ecf20Sopenharmony_ci } 10618c2ecf20Sopenharmony_ci if (left == TOMOYO_NUMBER_UNION) { 10628c2ecf20Sopenharmony_ci /* Fetch values now. */ 10638c2ecf20Sopenharmony_ci const struct tomoyo_number_union *ptr = numbers_p++; 10648c2ecf20Sopenharmony_ci 10658c2ecf20Sopenharmony_ci min_v[0] = ptr->values[0]; 10668c2ecf20Sopenharmony_ci max_v[0] = ptr->values[1]; 10678c2ecf20Sopenharmony_ci } 10688c2ecf20Sopenharmony_ci if (right == TOMOYO_NUMBER_UNION) { 10698c2ecf20Sopenharmony_ci /* Fetch values now. */ 10708c2ecf20Sopenharmony_ci const struct tomoyo_number_union *ptr = numbers_p++; 10718c2ecf20Sopenharmony_ci 10728c2ecf20Sopenharmony_ci if (ptr->group) { 10738c2ecf20Sopenharmony_ci if (tomoyo_number_matches_group(min_v[0], 10748c2ecf20Sopenharmony_ci max_v[0], 10758c2ecf20Sopenharmony_ci ptr->group) 10768c2ecf20Sopenharmony_ci == match) 10778c2ecf20Sopenharmony_ci continue; 10788c2ecf20Sopenharmony_ci } else { 10798c2ecf20Sopenharmony_ci if ((min_v[0] <= ptr->values[1] && 10808c2ecf20Sopenharmony_ci max_v[0] >= ptr->values[0]) == match) 10818c2ecf20Sopenharmony_ci continue; 10828c2ecf20Sopenharmony_ci } 10838c2ecf20Sopenharmony_ci goto out; 10848c2ecf20Sopenharmony_ci } 10858c2ecf20Sopenharmony_ci /* 10868c2ecf20Sopenharmony_ci * Bit operation is valid only when counterpart value 10878c2ecf20Sopenharmony_ci * represents permission. 10888c2ecf20Sopenharmony_ci */ 10898c2ecf20Sopenharmony_ci if (is_bitop[0] && is_bitop[1]) { 10908c2ecf20Sopenharmony_ci goto out; 10918c2ecf20Sopenharmony_ci } else if (is_bitop[0]) { 10928c2ecf20Sopenharmony_ci switch (right) { 10938c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PERM: 10948c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PARENT_PERM: 10958c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PERM: 10968c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PARENT_PERM: 10978c2ecf20Sopenharmony_ci if (!(max_v[0] & max_v[1]) == !match) 10988c2ecf20Sopenharmony_ci continue; 10998c2ecf20Sopenharmony_ci } 11008c2ecf20Sopenharmony_ci goto out; 11018c2ecf20Sopenharmony_ci } else if (is_bitop[1]) { 11028c2ecf20Sopenharmony_ci switch (left) { 11038c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PERM: 11048c2ecf20Sopenharmony_ci case TOMOYO_PATH1_PARENT_PERM: 11058c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PERM: 11068c2ecf20Sopenharmony_ci case TOMOYO_PATH2_PARENT_PERM: 11078c2ecf20Sopenharmony_ci if (!(max_v[0] & max_v[1]) == !match) 11088c2ecf20Sopenharmony_ci continue; 11098c2ecf20Sopenharmony_ci } 11108c2ecf20Sopenharmony_ci goto out; 11118c2ecf20Sopenharmony_ci } 11128c2ecf20Sopenharmony_ci /* Normal value range comparison. */ 11138c2ecf20Sopenharmony_ci if ((min_v[0] <= max_v[1] && max_v[0] >= min_v[1]) == match) 11148c2ecf20Sopenharmony_ci continue; 11158c2ecf20Sopenharmony_ciout: 11168c2ecf20Sopenharmony_ci return false; 11178c2ecf20Sopenharmony_ci } 11188c2ecf20Sopenharmony_ci /* Check argv[] and envp[] now. */ 11198c2ecf20Sopenharmony_ci if (r->ee && (argc || envc)) 11208c2ecf20Sopenharmony_ci return tomoyo_scan_bprm(r->ee, argc, argv, envc, envp); 11218c2ecf20Sopenharmony_ci return true; 11228c2ecf20Sopenharmony_ci} 1123