18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * security/tomoyo/domain.c 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * Copyright (C) 2005-2011 NTT DATA CORPORATION 68c2ecf20Sopenharmony_ci */ 78c2ecf20Sopenharmony_ci 88c2ecf20Sopenharmony_ci#include "common.h" 98c2ecf20Sopenharmony_ci 108c2ecf20Sopenharmony_ci#include <linux/binfmts.h> 118c2ecf20Sopenharmony_ci#include <linux/slab.h> 128c2ecf20Sopenharmony_ci#include <linux/rculist.h> 138c2ecf20Sopenharmony_ci 148c2ecf20Sopenharmony_ci/* Variables definitions.*/ 158c2ecf20Sopenharmony_ci 168c2ecf20Sopenharmony_ci/* The initial domain. */ 178c2ecf20Sopenharmony_cistruct tomoyo_domain_info tomoyo_kernel_domain; 188c2ecf20Sopenharmony_ci 198c2ecf20Sopenharmony_ci/** 208c2ecf20Sopenharmony_ci * tomoyo_update_policy - Update an entry for exception policy. 218c2ecf20Sopenharmony_ci * 228c2ecf20Sopenharmony_ci * @new_entry: Pointer to "struct tomoyo_acl_info". 238c2ecf20Sopenharmony_ci * @size: Size of @new_entry in bytes. 248c2ecf20Sopenharmony_ci * @param: Pointer to "struct tomoyo_acl_param". 258c2ecf20Sopenharmony_ci * @check_duplicate: Callback function to find duplicated entry. 268c2ecf20Sopenharmony_ci * 278c2ecf20Sopenharmony_ci * Returns 0 on success, negative value otherwise. 288c2ecf20Sopenharmony_ci * 298c2ecf20Sopenharmony_ci * Caller holds tomoyo_read_lock(). 308c2ecf20Sopenharmony_ci */ 318c2ecf20Sopenharmony_ciint tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, 328c2ecf20Sopenharmony_ci struct tomoyo_acl_param *param, 338c2ecf20Sopenharmony_ci bool (*check_duplicate)(const struct tomoyo_acl_head 348c2ecf20Sopenharmony_ci *, 358c2ecf20Sopenharmony_ci const struct tomoyo_acl_head 368c2ecf20Sopenharmony_ci *)) 378c2ecf20Sopenharmony_ci{ 388c2ecf20Sopenharmony_ci int error = param->is_delete ? -ENOENT : -ENOMEM; 398c2ecf20Sopenharmony_ci struct tomoyo_acl_head *entry; 408c2ecf20Sopenharmony_ci struct list_head *list = param->list; 418c2ecf20Sopenharmony_ci 428c2ecf20Sopenharmony_ci if (mutex_lock_interruptible(&tomoyo_policy_lock)) 438c2ecf20Sopenharmony_ci return -ENOMEM; 448c2ecf20Sopenharmony_ci list_for_each_entry_rcu(entry, list, list, 458c2ecf20Sopenharmony_ci srcu_read_lock_held(&tomoyo_ss)) { 468c2ecf20Sopenharmony_ci if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS) 478c2ecf20Sopenharmony_ci continue; 488c2ecf20Sopenharmony_ci if (!check_duplicate(entry, new_entry)) 498c2ecf20Sopenharmony_ci continue; 508c2ecf20Sopenharmony_ci entry->is_deleted = param->is_delete; 518c2ecf20Sopenharmony_ci error = 0; 528c2ecf20Sopenharmony_ci break; 538c2ecf20Sopenharmony_ci } 548c2ecf20Sopenharmony_ci if (error && !param->is_delete) { 558c2ecf20Sopenharmony_ci entry = tomoyo_commit_ok(new_entry, size); 568c2ecf20Sopenharmony_ci if (entry) { 578c2ecf20Sopenharmony_ci list_add_tail_rcu(&entry->list, list); 588c2ecf20Sopenharmony_ci error = 0; 598c2ecf20Sopenharmony_ci } 608c2ecf20Sopenharmony_ci } 618c2ecf20Sopenharmony_ci mutex_unlock(&tomoyo_policy_lock); 628c2ecf20Sopenharmony_ci return error; 638c2ecf20Sopenharmony_ci} 648c2ecf20Sopenharmony_ci 658c2ecf20Sopenharmony_ci/** 668c2ecf20Sopenharmony_ci * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry. 678c2ecf20Sopenharmony_ci * 688c2ecf20Sopenharmony_ci * @a: Pointer to "struct tomoyo_acl_info". 698c2ecf20Sopenharmony_ci * @b: Pointer to "struct tomoyo_acl_info". 708c2ecf20Sopenharmony_ci * 718c2ecf20Sopenharmony_ci * Returns true if @a == @b, false otherwise. 728c2ecf20Sopenharmony_ci */ 738c2ecf20Sopenharmony_cistatic inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a, 748c2ecf20Sopenharmony_ci const struct tomoyo_acl_info *b) 758c2ecf20Sopenharmony_ci{ 768c2ecf20Sopenharmony_ci return a->type == b->type && a->cond == b->cond; 778c2ecf20Sopenharmony_ci} 788c2ecf20Sopenharmony_ci 798c2ecf20Sopenharmony_ci/** 808c2ecf20Sopenharmony_ci * tomoyo_update_domain - Update an entry for domain policy. 818c2ecf20Sopenharmony_ci * 828c2ecf20Sopenharmony_ci * @new_entry: Pointer to "struct tomoyo_acl_info". 838c2ecf20Sopenharmony_ci * @size: Size of @new_entry in bytes. 848c2ecf20Sopenharmony_ci * @param: Pointer to "struct tomoyo_acl_param". 858c2ecf20Sopenharmony_ci * @check_duplicate: Callback function to find duplicated entry. 868c2ecf20Sopenharmony_ci * @merge_duplicate: Callback function to merge duplicated entry. 878c2ecf20Sopenharmony_ci * 888c2ecf20Sopenharmony_ci * Returns 0 on success, negative value otherwise. 898c2ecf20Sopenharmony_ci * 908c2ecf20Sopenharmony_ci * Caller holds tomoyo_read_lock(). 918c2ecf20Sopenharmony_ci */ 928c2ecf20Sopenharmony_ciint tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, 938c2ecf20Sopenharmony_ci struct tomoyo_acl_param *param, 948c2ecf20Sopenharmony_ci bool (*check_duplicate)(const struct tomoyo_acl_info 958c2ecf20Sopenharmony_ci *, 968c2ecf20Sopenharmony_ci const struct tomoyo_acl_info 978c2ecf20Sopenharmony_ci *), 988c2ecf20Sopenharmony_ci bool (*merge_duplicate)(struct tomoyo_acl_info *, 998c2ecf20Sopenharmony_ci struct tomoyo_acl_info *, 1008c2ecf20Sopenharmony_ci const bool)) 1018c2ecf20Sopenharmony_ci{ 1028c2ecf20Sopenharmony_ci const bool is_delete = param->is_delete; 1038c2ecf20Sopenharmony_ci int error = is_delete ? -ENOENT : -ENOMEM; 1048c2ecf20Sopenharmony_ci struct tomoyo_acl_info *entry; 1058c2ecf20Sopenharmony_ci struct list_head * const list = param->list; 1068c2ecf20Sopenharmony_ci 1078c2ecf20Sopenharmony_ci if (param->data[0]) { 1088c2ecf20Sopenharmony_ci new_entry->cond = tomoyo_get_condition(param); 1098c2ecf20Sopenharmony_ci if (!new_entry->cond) 1108c2ecf20Sopenharmony_ci return -EINVAL; 1118c2ecf20Sopenharmony_ci /* 1128c2ecf20Sopenharmony_ci * Domain transition preference is allowed for only 1138c2ecf20Sopenharmony_ci * "file execute" entries. 1148c2ecf20Sopenharmony_ci */ 1158c2ecf20Sopenharmony_ci if (new_entry->cond->transit && 1168c2ecf20Sopenharmony_ci !(new_entry->type == TOMOYO_TYPE_PATH_ACL && 1178c2ecf20Sopenharmony_ci container_of(new_entry, struct tomoyo_path_acl, head) 1188c2ecf20Sopenharmony_ci ->perm == 1 << TOMOYO_TYPE_EXECUTE)) 1198c2ecf20Sopenharmony_ci goto out; 1208c2ecf20Sopenharmony_ci } 1218c2ecf20Sopenharmony_ci if (mutex_lock_interruptible(&tomoyo_policy_lock)) 1228c2ecf20Sopenharmony_ci goto out; 1238c2ecf20Sopenharmony_ci list_for_each_entry_rcu(entry, list, list, 1248c2ecf20Sopenharmony_ci srcu_read_lock_held(&tomoyo_ss)) { 1258c2ecf20Sopenharmony_ci if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS) 1268c2ecf20Sopenharmony_ci continue; 1278c2ecf20Sopenharmony_ci if (!tomoyo_same_acl_head(entry, new_entry) || 1288c2ecf20Sopenharmony_ci !check_duplicate(entry, new_entry)) 1298c2ecf20Sopenharmony_ci continue; 1308c2ecf20Sopenharmony_ci if (merge_duplicate) 1318c2ecf20Sopenharmony_ci entry->is_deleted = merge_duplicate(entry, new_entry, 1328c2ecf20Sopenharmony_ci is_delete); 1338c2ecf20Sopenharmony_ci else 1348c2ecf20Sopenharmony_ci entry->is_deleted = is_delete; 1358c2ecf20Sopenharmony_ci error = 0; 1368c2ecf20Sopenharmony_ci break; 1378c2ecf20Sopenharmony_ci } 1388c2ecf20Sopenharmony_ci if (error && !is_delete) { 1398c2ecf20Sopenharmony_ci entry = tomoyo_commit_ok(new_entry, size); 1408c2ecf20Sopenharmony_ci if (entry) { 1418c2ecf20Sopenharmony_ci list_add_tail_rcu(&entry->list, list); 1428c2ecf20Sopenharmony_ci error = 0; 1438c2ecf20Sopenharmony_ci } 1448c2ecf20Sopenharmony_ci } 1458c2ecf20Sopenharmony_ci mutex_unlock(&tomoyo_policy_lock); 1468c2ecf20Sopenharmony_ciout: 1478c2ecf20Sopenharmony_ci tomoyo_put_condition(new_entry->cond); 1488c2ecf20Sopenharmony_ci return error; 1498c2ecf20Sopenharmony_ci} 1508c2ecf20Sopenharmony_ci 1518c2ecf20Sopenharmony_ci/** 1528c2ecf20Sopenharmony_ci * tomoyo_check_acl - Do permission check. 1538c2ecf20Sopenharmony_ci * 1548c2ecf20Sopenharmony_ci * @r: Pointer to "struct tomoyo_request_info". 1558c2ecf20Sopenharmony_ci * @check_entry: Callback function to check type specific parameters. 1568c2ecf20Sopenharmony_ci * 1578c2ecf20Sopenharmony_ci * Returns 0 on success, negative value otherwise. 1588c2ecf20Sopenharmony_ci * 1598c2ecf20Sopenharmony_ci * Caller holds tomoyo_read_lock(). 1608c2ecf20Sopenharmony_ci */ 1618c2ecf20Sopenharmony_civoid tomoyo_check_acl(struct tomoyo_request_info *r, 1628c2ecf20Sopenharmony_ci bool (*check_entry)(struct tomoyo_request_info *, 1638c2ecf20Sopenharmony_ci const struct tomoyo_acl_info *)) 1648c2ecf20Sopenharmony_ci{ 1658c2ecf20Sopenharmony_ci const struct tomoyo_domain_info *domain = r->domain; 1668c2ecf20Sopenharmony_ci struct tomoyo_acl_info *ptr; 1678c2ecf20Sopenharmony_ci const struct list_head *list = &domain->acl_info_list; 1688c2ecf20Sopenharmony_ci u16 i = 0; 1698c2ecf20Sopenharmony_ci 1708c2ecf20Sopenharmony_ciretry: 1718c2ecf20Sopenharmony_ci list_for_each_entry_rcu(ptr, list, list, 1728c2ecf20Sopenharmony_ci srcu_read_lock_held(&tomoyo_ss)) { 1738c2ecf20Sopenharmony_ci if (ptr->is_deleted || ptr->type != r->param_type) 1748c2ecf20Sopenharmony_ci continue; 1758c2ecf20Sopenharmony_ci if (!check_entry(r, ptr)) 1768c2ecf20Sopenharmony_ci continue; 1778c2ecf20Sopenharmony_ci if (!tomoyo_condition(r, ptr->cond)) 1788c2ecf20Sopenharmony_ci continue; 1798c2ecf20Sopenharmony_ci r->matched_acl = ptr; 1808c2ecf20Sopenharmony_ci r->granted = true; 1818c2ecf20Sopenharmony_ci return; 1828c2ecf20Sopenharmony_ci } 1838c2ecf20Sopenharmony_ci for (; i < TOMOYO_MAX_ACL_GROUPS; i++) { 1848c2ecf20Sopenharmony_ci if (!test_bit(i, domain->group)) 1858c2ecf20Sopenharmony_ci continue; 1868c2ecf20Sopenharmony_ci list = &domain->ns->acl_group[i++]; 1878c2ecf20Sopenharmony_ci goto retry; 1888c2ecf20Sopenharmony_ci } 1898c2ecf20Sopenharmony_ci r->granted = false; 1908c2ecf20Sopenharmony_ci} 1918c2ecf20Sopenharmony_ci 1928c2ecf20Sopenharmony_ci/* The list for "struct tomoyo_domain_info". */ 1938c2ecf20Sopenharmony_ciLIST_HEAD(tomoyo_domain_list); 1948c2ecf20Sopenharmony_ci 1958c2ecf20Sopenharmony_ci/** 1968c2ecf20Sopenharmony_ci * tomoyo_last_word - Get last component of a domainname. 1978c2ecf20Sopenharmony_ci * 1988c2ecf20Sopenharmony_ci * @name: Domainname to check. 1998c2ecf20Sopenharmony_ci * 2008c2ecf20Sopenharmony_ci * Returns the last word of @domainname. 2018c2ecf20Sopenharmony_ci */ 2028c2ecf20Sopenharmony_cistatic const char *tomoyo_last_word(const char *name) 2038c2ecf20Sopenharmony_ci{ 2048c2ecf20Sopenharmony_ci const char *cp = strrchr(name, ' '); 2058c2ecf20Sopenharmony_ci 2068c2ecf20Sopenharmony_ci if (cp) 2078c2ecf20Sopenharmony_ci return cp + 1; 2088c2ecf20Sopenharmony_ci return name; 2098c2ecf20Sopenharmony_ci} 2108c2ecf20Sopenharmony_ci 2118c2ecf20Sopenharmony_ci/** 2128c2ecf20Sopenharmony_ci * tomoyo_same_transition_control - Check for duplicated "struct tomoyo_transition_control" entry. 2138c2ecf20Sopenharmony_ci * 2148c2ecf20Sopenharmony_ci * @a: Pointer to "struct tomoyo_acl_head". 2158c2ecf20Sopenharmony_ci * @b: Pointer to "struct tomoyo_acl_head". 2168c2ecf20Sopenharmony_ci * 2178c2ecf20Sopenharmony_ci * Returns true if @a == @b, false otherwise. 2188c2ecf20Sopenharmony_ci */ 2198c2ecf20Sopenharmony_cistatic bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a, 2208c2ecf20Sopenharmony_ci const struct tomoyo_acl_head *b) 2218c2ecf20Sopenharmony_ci{ 2228c2ecf20Sopenharmony_ci const struct tomoyo_transition_control *p1 = container_of(a, 2238c2ecf20Sopenharmony_ci typeof(*p1), 2248c2ecf20Sopenharmony_ci head); 2258c2ecf20Sopenharmony_ci const struct tomoyo_transition_control *p2 = container_of(b, 2268c2ecf20Sopenharmony_ci typeof(*p2), 2278c2ecf20Sopenharmony_ci head); 2288c2ecf20Sopenharmony_ci 2298c2ecf20Sopenharmony_ci return p1->type == p2->type && p1->is_last_name == p2->is_last_name 2308c2ecf20Sopenharmony_ci && p1->domainname == p2->domainname 2318c2ecf20Sopenharmony_ci && p1->program == p2->program; 2328c2ecf20Sopenharmony_ci} 2338c2ecf20Sopenharmony_ci 2348c2ecf20Sopenharmony_ci/** 2358c2ecf20Sopenharmony_ci * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list. 2368c2ecf20Sopenharmony_ci * 2378c2ecf20Sopenharmony_ci * @param: Pointer to "struct tomoyo_acl_param". 2388c2ecf20Sopenharmony_ci * @type: Type of this entry. 2398c2ecf20Sopenharmony_ci * 2408c2ecf20Sopenharmony_ci * Returns 0 on success, negative value otherwise. 2418c2ecf20Sopenharmony_ci */ 2428c2ecf20Sopenharmony_ciint tomoyo_write_transition_control(struct tomoyo_acl_param *param, 2438c2ecf20Sopenharmony_ci const u8 type) 2448c2ecf20Sopenharmony_ci{ 2458c2ecf20Sopenharmony_ci struct tomoyo_transition_control e = { .type = type }; 2468c2ecf20Sopenharmony_ci int error = param->is_delete ? -ENOENT : -ENOMEM; 2478c2ecf20Sopenharmony_ci char *program = param->data; 2488c2ecf20Sopenharmony_ci char *domainname = strstr(program, " from "); 2498c2ecf20Sopenharmony_ci 2508c2ecf20Sopenharmony_ci if (domainname) { 2518c2ecf20Sopenharmony_ci *domainname = '\0'; 2528c2ecf20Sopenharmony_ci domainname += 6; 2538c2ecf20Sopenharmony_ci } else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP || 2548c2ecf20Sopenharmony_ci type == TOMOYO_TRANSITION_CONTROL_KEEP) { 2558c2ecf20Sopenharmony_ci domainname = program; 2568c2ecf20Sopenharmony_ci program = NULL; 2578c2ecf20Sopenharmony_ci } 2588c2ecf20Sopenharmony_ci if (program && strcmp(program, "any")) { 2598c2ecf20Sopenharmony_ci if (!tomoyo_correct_path(program)) 2608c2ecf20Sopenharmony_ci return -EINVAL; 2618c2ecf20Sopenharmony_ci e.program = tomoyo_get_name(program); 2628c2ecf20Sopenharmony_ci if (!e.program) 2638c2ecf20Sopenharmony_ci goto out; 2648c2ecf20Sopenharmony_ci } 2658c2ecf20Sopenharmony_ci if (domainname && strcmp(domainname, "any")) { 2668c2ecf20Sopenharmony_ci if (!tomoyo_correct_domain(domainname)) { 2678c2ecf20Sopenharmony_ci if (!tomoyo_correct_path(domainname)) 2688c2ecf20Sopenharmony_ci goto out; 2698c2ecf20Sopenharmony_ci e.is_last_name = true; 2708c2ecf20Sopenharmony_ci } 2718c2ecf20Sopenharmony_ci e.domainname = tomoyo_get_name(domainname); 2728c2ecf20Sopenharmony_ci if (!e.domainname) 2738c2ecf20Sopenharmony_ci goto out; 2748c2ecf20Sopenharmony_ci } 2758c2ecf20Sopenharmony_ci param->list = ¶m->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; 2768c2ecf20Sopenharmony_ci error = tomoyo_update_policy(&e.head, sizeof(e), param, 2778c2ecf20Sopenharmony_ci tomoyo_same_transition_control); 2788c2ecf20Sopenharmony_ciout: 2798c2ecf20Sopenharmony_ci tomoyo_put_name(e.domainname); 2808c2ecf20Sopenharmony_ci tomoyo_put_name(e.program); 2818c2ecf20Sopenharmony_ci return error; 2828c2ecf20Sopenharmony_ci} 2838c2ecf20Sopenharmony_ci 2848c2ecf20Sopenharmony_ci/** 2858c2ecf20Sopenharmony_ci * tomoyo_scan_transition - Try to find specific domain transition type. 2868c2ecf20Sopenharmony_ci * 2878c2ecf20Sopenharmony_ci * @list: Pointer to "struct list_head". 2888c2ecf20Sopenharmony_ci * @domainname: The name of current domain. 2898c2ecf20Sopenharmony_ci * @program: The name of requested program. 2908c2ecf20Sopenharmony_ci * @last_name: The last component of @domainname. 2918c2ecf20Sopenharmony_ci * @type: One of values in "enum tomoyo_transition_type". 2928c2ecf20Sopenharmony_ci * 2938c2ecf20Sopenharmony_ci * Returns true if found one, false otherwise. 2948c2ecf20Sopenharmony_ci * 2958c2ecf20Sopenharmony_ci * Caller holds tomoyo_read_lock(). 2968c2ecf20Sopenharmony_ci */ 2978c2ecf20Sopenharmony_cistatic inline bool tomoyo_scan_transition 2988c2ecf20Sopenharmony_ci(const struct list_head *list, const struct tomoyo_path_info *domainname, 2998c2ecf20Sopenharmony_ci const struct tomoyo_path_info *program, const char *last_name, 3008c2ecf20Sopenharmony_ci const enum tomoyo_transition_type type) 3018c2ecf20Sopenharmony_ci{ 3028c2ecf20Sopenharmony_ci const struct tomoyo_transition_control *ptr; 3038c2ecf20Sopenharmony_ci 3048c2ecf20Sopenharmony_ci list_for_each_entry_rcu(ptr, list, head.list, 3058c2ecf20Sopenharmony_ci srcu_read_lock_held(&tomoyo_ss)) { 3068c2ecf20Sopenharmony_ci if (ptr->head.is_deleted || ptr->type != type) 3078c2ecf20Sopenharmony_ci continue; 3088c2ecf20Sopenharmony_ci if (ptr->domainname) { 3098c2ecf20Sopenharmony_ci if (!ptr->is_last_name) { 3108c2ecf20Sopenharmony_ci if (ptr->domainname != domainname) 3118c2ecf20Sopenharmony_ci continue; 3128c2ecf20Sopenharmony_ci } else { 3138c2ecf20Sopenharmony_ci /* 3148c2ecf20Sopenharmony_ci * Use direct strcmp() since this is 3158c2ecf20Sopenharmony_ci * unlikely used. 3168c2ecf20Sopenharmony_ci */ 3178c2ecf20Sopenharmony_ci if (strcmp(ptr->domainname->name, last_name)) 3188c2ecf20Sopenharmony_ci continue; 3198c2ecf20Sopenharmony_ci } 3208c2ecf20Sopenharmony_ci } 3218c2ecf20Sopenharmony_ci if (ptr->program && tomoyo_pathcmp(ptr->program, program)) 3228c2ecf20Sopenharmony_ci continue; 3238c2ecf20Sopenharmony_ci return true; 3248c2ecf20Sopenharmony_ci } 3258c2ecf20Sopenharmony_ci return false; 3268c2ecf20Sopenharmony_ci} 3278c2ecf20Sopenharmony_ci 3288c2ecf20Sopenharmony_ci/** 3298c2ecf20Sopenharmony_ci * tomoyo_transition_type - Get domain transition type. 3308c2ecf20Sopenharmony_ci * 3318c2ecf20Sopenharmony_ci * @ns: Pointer to "struct tomoyo_policy_namespace". 3328c2ecf20Sopenharmony_ci * @domainname: The name of current domain. 3338c2ecf20Sopenharmony_ci * @program: The name of requested program. 3348c2ecf20Sopenharmony_ci * 3358c2ecf20Sopenharmony_ci * Returns TOMOYO_TRANSITION_CONTROL_TRANSIT if executing @program causes 3368c2ecf20Sopenharmony_ci * domain transition across namespaces, TOMOYO_TRANSITION_CONTROL_INITIALIZE if 3378c2ecf20Sopenharmony_ci * executing @program reinitializes domain transition within that namespace, 3388c2ecf20Sopenharmony_ci * TOMOYO_TRANSITION_CONTROL_KEEP if executing @program stays at @domainname , 3398c2ecf20Sopenharmony_ci * others otherwise. 3408c2ecf20Sopenharmony_ci * 3418c2ecf20Sopenharmony_ci * Caller holds tomoyo_read_lock(). 3428c2ecf20Sopenharmony_ci */ 3438c2ecf20Sopenharmony_cistatic enum tomoyo_transition_type tomoyo_transition_type 3448c2ecf20Sopenharmony_ci(const struct tomoyo_policy_namespace *ns, 3458c2ecf20Sopenharmony_ci const struct tomoyo_path_info *domainname, 3468c2ecf20Sopenharmony_ci const struct tomoyo_path_info *program) 3478c2ecf20Sopenharmony_ci{ 3488c2ecf20Sopenharmony_ci const char *last_name = tomoyo_last_word(domainname->name); 3498c2ecf20Sopenharmony_ci enum tomoyo_transition_type type = TOMOYO_TRANSITION_CONTROL_NO_RESET; 3508c2ecf20Sopenharmony_ci 3518c2ecf20Sopenharmony_ci while (type < TOMOYO_MAX_TRANSITION_TYPE) { 3528c2ecf20Sopenharmony_ci const struct list_head * const list = 3538c2ecf20Sopenharmony_ci &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL]; 3548c2ecf20Sopenharmony_ci 3558c2ecf20Sopenharmony_ci if (!tomoyo_scan_transition(list, domainname, program, 3568c2ecf20Sopenharmony_ci last_name, type)) { 3578c2ecf20Sopenharmony_ci type++; 3588c2ecf20Sopenharmony_ci continue; 3598c2ecf20Sopenharmony_ci } 3608c2ecf20Sopenharmony_ci if (type != TOMOYO_TRANSITION_CONTROL_NO_RESET && 3618c2ecf20Sopenharmony_ci type != TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) 3628c2ecf20Sopenharmony_ci break; 3638c2ecf20Sopenharmony_ci /* 3648c2ecf20Sopenharmony_ci * Do not check for reset_domain if no_reset_domain matched. 3658c2ecf20Sopenharmony_ci * Do not check for initialize_domain if no_initialize_domain 3668c2ecf20Sopenharmony_ci * matched. 3678c2ecf20Sopenharmony_ci */ 3688c2ecf20Sopenharmony_ci type++; 3698c2ecf20Sopenharmony_ci type++; 3708c2ecf20Sopenharmony_ci } 3718c2ecf20Sopenharmony_ci return type; 3728c2ecf20Sopenharmony_ci} 3738c2ecf20Sopenharmony_ci 3748c2ecf20Sopenharmony_ci/** 3758c2ecf20Sopenharmony_ci * tomoyo_same_aggregator - Check for duplicated "struct tomoyo_aggregator" entry. 3768c2ecf20Sopenharmony_ci * 3778c2ecf20Sopenharmony_ci * @a: Pointer to "struct tomoyo_acl_head". 3788c2ecf20Sopenharmony_ci * @b: Pointer to "struct tomoyo_acl_head". 3798c2ecf20Sopenharmony_ci * 3808c2ecf20Sopenharmony_ci * Returns true if @a == @b, false otherwise. 3818c2ecf20Sopenharmony_ci */ 3828c2ecf20Sopenharmony_cistatic bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a, 3838c2ecf20Sopenharmony_ci const struct tomoyo_acl_head *b) 3848c2ecf20Sopenharmony_ci{ 3858c2ecf20Sopenharmony_ci const struct tomoyo_aggregator *p1 = container_of(a, typeof(*p1), 3868c2ecf20Sopenharmony_ci head); 3878c2ecf20Sopenharmony_ci const struct tomoyo_aggregator *p2 = container_of(b, typeof(*p2), 3888c2ecf20Sopenharmony_ci head); 3898c2ecf20Sopenharmony_ci 3908c2ecf20Sopenharmony_ci return p1->original_name == p2->original_name && 3918c2ecf20Sopenharmony_ci p1->aggregated_name == p2->aggregated_name; 3928c2ecf20Sopenharmony_ci} 3938c2ecf20Sopenharmony_ci 3948c2ecf20Sopenharmony_ci/** 3958c2ecf20Sopenharmony_ci * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list. 3968c2ecf20Sopenharmony_ci * 3978c2ecf20Sopenharmony_ci * @param: Pointer to "struct tomoyo_acl_param". 3988c2ecf20Sopenharmony_ci * 3998c2ecf20Sopenharmony_ci * Returns 0 on success, negative value otherwise. 4008c2ecf20Sopenharmony_ci * 4018c2ecf20Sopenharmony_ci * Caller holds tomoyo_read_lock(). 4028c2ecf20Sopenharmony_ci */ 4038c2ecf20Sopenharmony_ciint tomoyo_write_aggregator(struct tomoyo_acl_param *param) 4048c2ecf20Sopenharmony_ci{ 4058c2ecf20Sopenharmony_ci struct tomoyo_aggregator e = { }; 4068c2ecf20Sopenharmony_ci int error = param->is_delete ? -ENOENT : -ENOMEM; 4078c2ecf20Sopenharmony_ci const char *original_name = tomoyo_read_token(param); 4088c2ecf20Sopenharmony_ci const char *aggregated_name = tomoyo_read_token(param); 4098c2ecf20Sopenharmony_ci 4108c2ecf20Sopenharmony_ci if (!tomoyo_correct_word(original_name) || 4118c2ecf20Sopenharmony_ci !tomoyo_correct_path(aggregated_name)) 4128c2ecf20Sopenharmony_ci return -EINVAL; 4138c2ecf20Sopenharmony_ci e.original_name = tomoyo_get_name(original_name); 4148c2ecf20Sopenharmony_ci e.aggregated_name = tomoyo_get_name(aggregated_name); 4158c2ecf20Sopenharmony_ci if (!e.original_name || !e.aggregated_name || 4168c2ecf20Sopenharmony_ci e.aggregated_name->is_patterned) /* No patterns allowed. */ 4178c2ecf20Sopenharmony_ci goto out; 4188c2ecf20Sopenharmony_ci param->list = ¶m->ns->policy_list[TOMOYO_ID_AGGREGATOR]; 4198c2ecf20Sopenharmony_ci error = tomoyo_update_policy(&e.head, sizeof(e), param, 4208c2ecf20Sopenharmony_ci tomoyo_same_aggregator); 4218c2ecf20Sopenharmony_ciout: 4228c2ecf20Sopenharmony_ci tomoyo_put_name(e.original_name); 4238c2ecf20Sopenharmony_ci tomoyo_put_name(e.aggregated_name); 4248c2ecf20Sopenharmony_ci return error; 4258c2ecf20Sopenharmony_ci} 4268c2ecf20Sopenharmony_ci 4278c2ecf20Sopenharmony_ci/** 4288c2ecf20Sopenharmony_ci * tomoyo_find_namespace - Find specified namespace. 4298c2ecf20Sopenharmony_ci * 4308c2ecf20Sopenharmony_ci * @name: Name of namespace to find. 4318c2ecf20Sopenharmony_ci * @len: Length of @name. 4328c2ecf20Sopenharmony_ci * 4338c2ecf20Sopenharmony_ci * Returns pointer to "struct tomoyo_policy_namespace" if found, 4348c2ecf20Sopenharmony_ci * NULL otherwise. 4358c2ecf20Sopenharmony_ci * 4368c2ecf20Sopenharmony_ci * Caller holds tomoyo_read_lock(). 4378c2ecf20Sopenharmony_ci */ 4388c2ecf20Sopenharmony_cistatic struct tomoyo_policy_namespace *tomoyo_find_namespace 4398c2ecf20Sopenharmony_ci(const char *name, const unsigned int len) 4408c2ecf20Sopenharmony_ci{ 4418c2ecf20Sopenharmony_ci struct tomoyo_policy_namespace *ns; 4428c2ecf20Sopenharmony_ci 4438c2ecf20Sopenharmony_ci list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) { 4448c2ecf20Sopenharmony_ci if (strncmp(name, ns->name, len) || 4458c2ecf20Sopenharmony_ci (name[len] && name[len] != ' ')) 4468c2ecf20Sopenharmony_ci continue; 4478c2ecf20Sopenharmony_ci return ns; 4488c2ecf20Sopenharmony_ci } 4498c2ecf20Sopenharmony_ci return NULL; 4508c2ecf20Sopenharmony_ci} 4518c2ecf20Sopenharmony_ci 4528c2ecf20Sopenharmony_ci/** 4538c2ecf20Sopenharmony_ci * tomoyo_assign_namespace - Create a new namespace. 4548c2ecf20Sopenharmony_ci * 4558c2ecf20Sopenharmony_ci * @domainname: Name of namespace to create. 4568c2ecf20Sopenharmony_ci * 4578c2ecf20Sopenharmony_ci * Returns pointer to "struct tomoyo_policy_namespace" on success, 4588c2ecf20Sopenharmony_ci * NULL otherwise. 4598c2ecf20Sopenharmony_ci * 4608c2ecf20Sopenharmony_ci * Caller holds tomoyo_read_lock(). 4618c2ecf20Sopenharmony_ci */ 4628c2ecf20Sopenharmony_cistruct tomoyo_policy_namespace *tomoyo_assign_namespace(const char *domainname) 4638c2ecf20Sopenharmony_ci{ 4648c2ecf20Sopenharmony_ci struct tomoyo_policy_namespace *ptr; 4658c2ecf20Sopenharmony_ci struct tomoyo_policy_namespace *entry; 4668c2ecf20Sopenharmony_ci const char *cp = domainname; 4678c2ecf20Sopenharmony_ci unsigned int len = 0; 4688c2ecf20Sopenharmony_ci 4698c2ecf20Sopenharmony_ci while (*cp && *cp++ != ' ') 4708c2ecf20Sopenharmony_ci len++; 4718c2ecf20Sopenharmony_ci ptr = tomoyo_find_namespace(domainname, len); 4728c2ecf20Sopenharmony_ci if (ptr) 4738c2ecf20Sopenharmony_ci return ptr; 4748c2ecf20Sopenharmony_ci if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname)) 4758c2ecf20Sopenharmony_ci return NULL; 4768c2ecf20Sopenharmony_ci entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS); 4778c2ecf20Sopenharmony_ci if (!entry) 4788c2ecf20Sopenharmony_ci return NULL; 4798c2ecf20Sopenharmony_ci if (mutex_lock_interruptible(&tomoyo_policy_lock)) 4808c2ecf20Sopenharmony_ci goto out; 4818c2ecf20Sopenharmony_ci ptr = tomoyo_find_namespace(domainname, len); 4828c2ecf20Sopenharmony_ci if (!ptr && tomoyo_memory_ok(entry)) { 4838c2ecf20Sopenharmony_ci char *name = (char *) (entry + 1); 4848c2ecf20Sopenharmony_ci 4858c2ecf20Sopenharmony_ci ptr = entry; 4868c2ecf20Sopenharmony_ci memmove(name, domainname, len); 4878c2ecf20Sopenharmony_ci name[len] = '\0'; 4888c2ecf20Sopenharmony_ci entry->name = name; 4898c2ecf20Sopenharmony_ci tomoyo_init_policy_namespace(entry); 4908c2ecf20Sopenharmony_ci entry = NULL; 4918c2ecf20Sopenharmony_ci } 4928c2ecf20Sopenharmony_ci mutex_unlock(&tomoyo_policy_lock); 4938c2ecf20Sopenharmony_ciout: 4948c2ecf20Sopenharmony_ci kfree(entry); 4958c2ecf20Sopenharmony_ci return ptr; 4968c2ecf20Sopenharmony_ci} 4978c2ecf20Sopenharmony_ci 4988c2ecf20Sopenharmony_ci/** 4998c2ecf20Sopenharmony_ci * tomoyo_namespace_jump - Check for namespace jump. 5008c2ecf20Sopenharmony_ci * 5018c2ecf20Sopenharmony_ci * @domainname: Name of domain. 5028c2ecf20Sopenharmony_ci * 5038c2ecf20Sopenharmony_ci * Returns true if namespace differs, false otherwise. 5048c2ecf20Sopenharmony_ci */ 5058c2ecf20Sopenharmony_cistatic bool tomoyo_namespace_jump(const char *domainname) 5068c2ecf20Sopenharmony_ci{ 5078c2ecf20Sopenharmony_ci const char *namespace = tomoyo_current_namespace()->name; 5088c2ecf20Sopenharmony_ci const int len = strlen(namespace); 5098c2ecf20Sopenharmony_ci 5108c2ecf20Sopenharmony_ci return strncmp(domainname, namespace, len) || 5118c2ecf20Sopenharmony_ci (domainname[len] && domainname[len] != ' '); 5128c2ecf20Sopenharmony_ci} 5138c2ecf20Sopenharmony_ci 5148c2ecf20Sopenharmony_ci/** 5158c2ecf20Sopenharmony_ci * tomoyo_assign_domain - Create a domain or a namespace. 5168c2ecf20Sopenharmony_ci * 5178c2ecf20Sopenharmony_ci * @domainname: The name of domain. 5188c2ecf20Sopenharmony_ci * @transit: True if transit to domain found or created. 5198c2ecf20Sopenharmony_ci * 5208c2ecf20Sopenharmony_ci * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise. 5218c2ecf20Sopenharmony_ci * 5228c2ecf20Sopenharmony_ci * Caller holds tomoyo_read_lock(). 5238c2ecf20Sopenharmony_ci */ 5248c2ecf20Sopenharmony_cistruct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname, 5258c2ecf20Sopenharmony_ci const bool transit) 5268c2ecf20Sopenharmony_ci{ 5278c2ecf20Sopenharmony_ci struct tomoyo_domain_info e = { }; 5288c2ecf20Sopenharmony_ci struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname); 5298c2ecf20Sopenharmony_ci bool created = false; 5308c2ecf20Sopenharmony_ci 5318c2ecf20Sopenharmony_ci if (entry) { 5328c2ecf20Sopenharmony_ci if (transit) { 5338c2ecf20Sopenharmony_ci /* 5348c2ecf20Sopenharmony_ci * Since namespace is created at runtime, profiles may 5358c2ecf20Sopenharmony_ci * not be created by the moment the process transits to 5368c2ecf20Sopenharmony_ci * that domain. Do not perform domain transition if 5378c2ecf20Sopenharmony_ci * profile for that domain is not yet created. 5388c2ecf20Sopenharmony_ci */ 5398c2ecf20Sopenharmony_ci if (tomoyo_policy_loaded && 5408c2ecf20Sopenharmony_ci !entry->ns->profile_ptr[entry->profile]) 5418c2ecf20Sopenharmony_ci return NULL; 5428c2ecf20Sopenharmony_ci } 5438c2ecf20Sopenharmony_ci return entry; 5448c2ecf20Sopenharmony_ci } 5458c2ecf20Sopenharmony_ci /* Requested domain does not exist. */ 5468c2ecf20Sopenharmony_ci /* Don't create requested domain if domainname is invalid. */ 5478c2ecf20Sopenharmony_ci if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 || 5488c2ecf20Sopenharmony_ci !tomoyo_correct_domain(domainname)) 5498c2ecf20Sopenharmony_ci return NULL; 5508c2ecf20Sopenharmony_ci /* 5518c2ecf20Sopenharmony_ci * Since definition of profiles and acl_groups may differ across 5528c2ecf20Sopenharmony_ci * namespaces, do not inherit "use_profile" and "use_group" settings 5538c2ecf20Sopenharmony_ci * by automatically creating requested domain upon domain transition. 5548c2ecf20Sopenharmony_ci */ 5558c2ecf20Sopenharmony_ci if (transit && tomoyo_namespace_jump(domainname)) 5568c2ecf20Sopenharmony_ci return NULL; 5578c2ecf20Sopenharmony_ci e.ns = tomoyo_assign_namespace(domainname); 5588c2ecf20Sopenharmony_ci if (!e.ns) 5598c2ecf20Sopenharmony_ci return NULL; 5608c2ecf20Sopenharmony_ci /* 5618c2ecf20Sopenharmony_ci * "use_profile" and "use_group" settings for automatically created 5628c2ecf20Sopenharmony_ci * domains are inherited from current domain. These are 0 for manually 5638c2ecf20Sopenharmony_ci * created domains. 5648c2ecf20Sopenharmony_ci */ 5658c2ecf20Sopenharmony_ci if (transit) { 5668c2ecf20Sopenharmony_ci const struct tomoyo_domain_info *domain = tomoyo_domain(); 5678c2ecf20Sopenharmony_ci 5688c2ecf20Sopenharmony_ci e.profile = domain->profile; 5698c2ecf20Sopenharmony_ci memcpy(e.group, domain->group, sizeof(e.group)); 5708c2ecf20Sopenharmony_ci } 5718c2ecf20Sopenharmony_ci e.domainname = tomoyo_get_name(domainname); 5728c2ecf20Sopenharmony_ci if (!e.domainname) 5738c2ecf20Sopenharmony_ci return NULL; 5748c2ecf20Sopenharmony_ci if (mutex_lock_interruptible(&tomoyo_policy_lock)) 5758c2ecf20Sopenharmony_ci goto out; 5768c2ecf20Sopenharmony_ci entry = tomoyo_find_domain(domainname); 5778c2ecf20Sopenharmony_ci if (!entry) { 5788c2ecf20Sopenharmony_ci entry = tomoyo_commit_ok(&e, sizeof(e)); 5798c2ecf20Sopenharmony_ci if (entry) { 5808c2ecf20Sopenharmony_ci INIT_LIST_HEAD(&entry->acl_info_list); 5818c2ecf20Sopenharmony_ci list_add_tail_rcu(&entry->list, &tomoyo_domain_list); 5828c2ecf20Sopenharmony_ci created = true; 5838c2ecf20Sopenharmony_ci } 5848c2ecf20Sopenharmony_ci } 5858c2ecf20Sopenharmony_ci mutex_unlock(&tomoyo_policy_lock); 5868c2ecf20Sopenharmony_ciout: 5878c2ecf20Sopenharmony_ci tomoyo_put_name(e.domainname); 5888c2ecf20Sopenharmony_ci if (entry && transit) { 5898c2ecf20Sopenharmony_ci if (created) { 5908c2ecf20Sopenharmony_ci struct tomoyo_request_info r; 5918c2ecf20Sopenharmony_ci int i; 5928c2ecf20Sopenharmony_ci 5938c2ecf20Sopenharmony_ci tomoyo_init_request_info(&r, entry, 5948c2ecf20Sopenharmony_ci TOMOYO_MAC_FILE_EXECUTE); 5958c2ecf20Sopenharmony_ci r.granted = false; 5968c2ecf20Sopenharmony_ci tomoyo_write_log(&r, "use_profile %u\n", 5978c2ecf20Sopenharmony_ci entry->profile); 5988c2ecf20Sopenharmony_ci for (i = 0; i < TOMOYO_MAX_ACL_GROUPS; i++) 5998c2ecf20Sopenharmony_ci if (test_bit(i, entry->group)) 6008c2ecf20Sopenharmony_ci tomoyo_write_log(&r, "use_group %u\n", 6018c2ecf20Sopenharmony_ci i); 6028c2ecf20Sopenharmony_ci tomoyo_update_stat(TOMOYO_STAT_POLICY_UPDATES); 6038c2ecf20Sopenharmony_ci } 6048c2ecf20Sopenharmony_ci } 6058c2ecf20Sopenharmony_ci return entry; 6068c2ecf20Sopenharmony_ci} 6078c2ecf20Sopenharmony_ci 6088c2ecf20Sopenharmony_ci/** 6098c2ecf20Sopenharmony_ci * tomoyo_environ - Check permission for environment variable names. 6108c2ecf20Sopenharmony_ci * 6118c2ecf20Sopenharmony_ci * @ee: Pointer to "struct tomoyo_execve". 6128c2ecf20Sopenharmony_ci * 6138c2ecf20Sopenharmony_ci * Returns 0 on success, negative value otherwise. 6148c2ecf20Sopenharmony_ci */ 6158c2ecf20Sopenharmony_cistatic int tomoyo_environ(struct tomoyo_execve *ee) 6168c2ecf20Sopenharmony_ci{ 6178c2ecf20Sopenharmony_ci struct tomoyo_request_info *r = &ee->r; 6188c2ecf20Sopenharmony_ci struct linux_binprm *bprm = ee->bprm; 6198c2ecf20Sopenharmony_ci /* env_page.data is allocated by tomoyo_dump_page(). */ 6208c2ecf20Sopenharmony_ci struct tomoyo_page_dump env_page = { }; 6218c2ecf20Sopenharmony_ci char *arg_ptr; /* Size is TOMOYO_EXEC_TMPSIZE bytes */ 6228c2ecf20Sopenharmony_ci int arg_len = 0; 6238c2ecf20Sopenharmony_ci unsigned long pos = bprm->p; 6248c2ecf20Sopenharmony_ci int offset = pos % PAGE_SIZE; 6258c2ecf20Sopenharmony_ci int argv_count = bprm->argc; 6268c2ecf20Sopenharmony_ci int envp_count = bprm->envc; 6278c2ecf20Sopenharmony_ci int error = -ENOMEM; 6288c2ecf20Sopenharmony_ci 6298c2ecf20Sopenharmony_ci ee->r.type = TOMOYO_MAC_ENVIRON; 6308c2ecf20Sopenharmony_ci ee->r.profile = r->domain->profile; 6318c2ecf20Sopenharmony_ci ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile, 6328c2ecf20Sopenharmony_ci TOMOYO_MAC_ENVIRON); 6338c2ecf20Sopenharmony_ci if (!r->mode || !envp_count) 6348c2ecf20Sopenharmony_ci return 0; 6358c2ecf20Sopenharmony_ci arg_ptr = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS); 6368c2ecf20Sopenharmony_ci if (!arg_ptr) 6378c2ecf20Sopenharmony_ci goto out; 6388c2ecf20Sopenharmony_ci while (error == -ENOMEM) { 6398c2ecf20Sopenharmony_ci if (!tomoyo_dump_page(bprm, pos, &env_page)) 6408c2ecf20Sopenharmony_ci goto out; 6418c2ecf20Sopenharmony_ci pos += PAGE_SIZE - offset; 6428c2ecf20Sopenharmony_ci /* Read. */ 6438c2ecf20Sopenharmony_ci while (argv_count && offset < PAGE_SIZE) { 6448c2ecf20Sopenharmony_ci if (!env_page.data[offset++]) 6458c2ecf20Sopenharmony_ci argv_count--; 6468c2ecf20Sopenharmony_ci } 6478c2ecf20Sopenharmony_ci if (argv_count) { 6488c2ecf20Sopenharmony_ci offset = 0; 6498c2ecf20Sopenharmony_ci continue; 6508c2ecf20Sopenharmony_ci } 6518c2ecf20Sopenharmony_ci while (offset < PAGE_SIZE) { 6528c2ecf20Sopenharmony_ci const unsigned char c = env_page.data[offset++]; 6538c2ecf20Sopenharmony_ci 6548c2ecf20Sopenharmony_ci if (c && arg_len < TOMOYO_EXEC_TMPSIZE - 10) { 6558c2ecf20Sopenharmony_ci if (c == '=') { 6568c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = '\0'; 6578c2ecf20Sopenharmony_ci } else if (c == '\\') { 6588c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = '\\'; 6598c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = '\\'; 6608c2ecf20Sopenharmony_ci } else if (c > ' ' && c < 127) { 6618c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = c; 6628c2ecf20Sopenharmony_ci } else { 6638c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = '\\'; 6648c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = (c >> 6) + '0'; 6658c2ecf20Sopenharmony_ci arg_ptr[arg_len++] 6668c2ecf20Sopenharmony_ci = ((c >> 3) & 7) + '0'; 6678c2ecf20Sopenharmony_ci arg_ptr[arg_len++] = (c & 7) + '0'; 6688c2ecf20Sopenharmony_ci } 6698c2ecf20Sopenharmony_ci } else { 6708c2ecf20Sopenharmony_ci arg_ptr[arg_len] = '\0'; 6718c2ecf20Sopenharmony_ci } 6728c2ecf20Sopenharmony_ci if (c) 6738c2ecf20Sopenharmony_ci continue; 6748c2ecf20Sopenharmony_ci if (tomoyo_env_perm(r, arg_ptr)) { 6758c2ecf20Sopenharmony_ci error = -EPERM; 6768c2ecf20Sopenharmony_ci break; 6778c2ecf20Sopenharmony_ci } 6788c2ecf20Sopenharmony_ci if (!--envp_count) { 6798c2ecf20Sopenharmony_ci error = 0; 6808c2ecf20Sopenharmony_ci break; 6818c2ecf20Sopenharmony_ci } 6828c2ecf20Sopenharmony_ci arg_len = 0; 6838c2ecf20Sopenharmony_ci } 6848c2ecf20Sopenharmony_ci offset = 0; 6858c2ecf20Sopenharmony_ci } 6868c2ecf20Sopenharmony_ciout: 6878c2ecf20Sopenharmony_ci if (r->mode != TOMOYO_CONFIG_ENFORCING) 6888c2ecf20Sopenharmony_ci error = 0; 6898c2ecf20Sopenharmony_ci kfree(env_page.data); 6908c2ecf20Sopenharmony_ci kfree(arg_ptr); 6918c2ecf20Sopenharmony_ci return error; 6928c2ecf20Sopenharmony_ci} 6938c2ecf20Sopenharmony_ci 6948c2ecf20Sopenharmony_ci/** 6958c2ecf20Sopenharmony_ci * tomoyo_find_next_domain - Find a domain. 6968c2ecf20Sopenharmony_ci * 6978c2ecf20Sopenharmony_ci * @bprm: Pointer to "struct linux_binprm". 6988c2ecf20Sopenharmony_ci * 6998c2ecf20Sopenharmony_ci * Returns 0 on success, negative value otherwise. 7008c2ecf20Sopenharmony_ci * 7018c2ecf20Sopenharmony_ci * Caller holds tomoyo_read_lock(). 7028c2ecf20Sopenharmony_ci */ 7038c2ecf20Sopenharmony_ciint tomoyo_find_next_domain(struct linux_binprm *bprm) 7048c2ecf20Sopenharmony_ci{ 7058c2ecf20Sopenharmony_ci struct tomoyo_domain_info *old_domain = tomoyo_domain(); 7068c2ecf20Sopenharmony_ci struct tomoyo_domain_info *domain = NULL; 7078c2ecf20Sopenharmony_ci const char *original_name = bprm->filename; 7088c2ecf20Sopenharmony_ci int retval = -ENOMEM; 7098c2ecf20Sopenharmony_ci bool reject_on_transition_failure = false; 7108c2ecf20Sopenharmony_ci const struct tomoyo_path_info *candidate; 7118c2ecf20Sopenharmony_ci struct tomoyo_path_info exename; 7128c2ecf20Sopenharmony_ci struct tomoyo_execve *ee = kzalloc(sizeof(*ee), GFP_NOFS); 7138c2ecf20Sopenharmony_ci 7148c2ecf20Sopenharmony_ci if (!ee) 7158c2ecf20Sopenharmony_ci return -ENOMEM; 7168c2ecf20Sopenharmony_ci ee->tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS); 7178c2ecf20Sopenharmony_ci if (!ee->tmp) { 7188c2ecf20Sopenharmony_ci kfree(ee); 7198c2ecf20Sopenharmony_ci return -ENOMEM; 7208c2ecf20Sopenharmony_ci } 7218c2ecf20Sopenharmony_ci /* ee->dump->data is allocated by tomoyo_dump_page(). */ 7228c2ecf20Sopenharmony_ci tomoyo_init_request_info(&ee->r, NULL, TOMOYO_MAC_FILE_EXECUTE); 7238c2ecf20Sopenharmony_ci ee->r.ee = ee; 7248c2ecf20Sopenharmony_ci ee->bprm = bprm; 7258c2ecf20Sopenharmony_ci ee->r.obj = &ee->obj; 7268c2ecf20Sopenharmony_ci ee->obj.path1 = bprm->file->f_path; 7278c2ecf20Sopenharmony_ci /* Get symlink's pathname of program. */ 7288c2ecf20Sopenharmony_ci retval = -ENOENT; 7298c2ecf20Sopenharmony_ci exename.name = tomoyo_realpath_nofollow(original_name); 7308c2ecf20Sopenharmony_ci if (!exename.name) 7318c2ecf20Sopenharmony_ci goto out; 7328c2ecf20Sopenharmony_ci tomoyo_fill_path_info(&exename); 7338c2ecf20Sopenharmony_ciretry: 7348c2ecf20Sopenharmony_ci /* Check 'aggregator' directive. */ 7358c2ecf20Sopenharmony_ci { 7368c2ecf20Sopenharmony_ci struct tomoyo_aggregator *ptr; 7378c2ecf20Sopenharmony_ci struct list_head *list = 7388c2ecf20Sopenharmony_ci &old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR]; 7398c2ecf20Sopenharmony_ci 7408c2ecf20Sopenharmony_ci /* Check 'aggregator' directive. */ 7418c2ecf20Sopenharmony_ci candidate = &exename; 7428c2ecf20Sopenharmony_ci list_for_each_entry_rcu(ptr, list, head.list, 7438c2ecf20Sopenharmony_ci srcu_read_lock_held(&tomoyo_ss)) { 7448c2ecf20Sopenharmony_ci if (ptr->head.is_deleted || 7458c2ecf20Sopenharmony_ci !tomoyo_path_matches_pattern(&exename, 7468c2ecf20Sopenharmony_ci ptr->original_name)) 7478c2ecf20Sopenharmony_ci continue; 7488c2ecf20Sopenharmony_ci candidate = ptr->aggregated_name; 7498c2ecf20Sopenharmony_ci break; 7508c2ecf20Sopenharmony_ci } 7518c2ecf20Sopenharmony_ci } 7528c2ecf20Sopenharmony_ci 7538c2ecf20Sopenharmony_ci /* Check execute permission. */ 7548c2ecf20Sopenharmony_ci retval = tomoyo_execute_permission(&ee->r, candidate); 7558c2ecf20Sopenharmony_ci if (retval == TOMOYO_RETRY_REQUEST) 7568c2ecf20Sopenharmony_ci goto retry; 7578c2ecf20Sopenharmony_ci if (retval < 0) 7588c2ecf20Sopenharmony_ci goto out; 7598c2ecf20Sopenharmony_ci /* 7608c2ecf20Sopenharmony_ci * To be able to specify domainnames with wildcards, use the 7618c2ecf20Sopenharmony_ci * pathname specified in the policy (which may contain 7628c2ecf20Sopenharmony_ci * wildcard) rather than the pathname passed to execve() 7638c2ecf20Sopenharmony_ci * (which never contains wildcard). 7648c2ecf20Sopenharmony_ci */ 7658c2ecf20Sopenharmony_ci if (ee->r.param.path.matched_path) 7668c2ecf20Sopenharmony_ci candidate = ee->r.param.path.matched_path; 7678c2ecf20Sopenharmony_ci 7688c2ecf20Sopenharmony_ci /* 7698c2ecf20Sopenharmony_ci * Check for domain transition preference if "file execute" matched. 7708c2ecf20Sopenharmony_ci * If preference is given, make execve() fail if domain transition 7718c2ecf20Sopenharmony_ci * has failed, for domain transition preference should be used with 7728c2ecf20Sopenharmony_ci * destination domain defined. 7738c2ecf20Sopenharmony_ci */ 7748c2ecf20Sopenharmony_ci if (ee->transition) { 7758c2ecf20Sopenharmony_ci const char *domainname = ee->transition->name; 7768c2ecf20Sopenharmony_ci 7778c2ecf20Sopenharmony_ci reject_on_transition_failure = true; 7788c2ecf20Sopenharmony_ci if (!strcmp(domainname, "keep")) 7798c2ecf20Sopenharmony_ci goto force_keep_domain; 7808c2ecf20Sopenharmony_ci if (!strcmp(domainname, "child")) 7818c2ecf20Sopenharmony_ci goto force_child_domain; 7828c2ecf20Sopenharmony_ci if (!strcmp(domainname, "reset")) 7838c2ecf20Sopenharmony_ci goto force_reset_domain; 7848c2ecf20Sopenharmony_ci if (!strcmp(domainname, "initialize")) 7858c2ecf20Sopenharmony_ci goto force_initialize_domain; 7868c2ecf20Sopenharmony_ci if (!strcmp(domainname, "parent")) { 7878c2ecf20Sopenharmony_ci char *cp; 7888c2ecf20Sopenharmony_ci 7898c2ecf20Sopenharmony_ci strncpy(ee->tmp, old_domain->domainname->name, 7908c2ecf20Sopenharmony_ci TOMOYO_EXEC_TMPSIZE - 1); 7918c2ecf20Sopenharmony_ci cp = strrchr(ee->tmp, ' '); 7928c2ecf20Sopenharmony_ci if (cp) 7938c2ecf20Sopenharmony_ci *cp = '\0'; 7948c2ecf20Sopenharmony_ci } else if (*domainname == '<') 7958c2ecf20Sopenharmony_ci strncpy(ee->tmp, domainname, TOMOYO_EXEC_TMPSIZE - 1); 7968c2ecf20Sopenharmony_ci else 7978c2ecf20Sopenharmony_ci snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", 7988c2ecf20Sopenharmony_ci old_domain->domainname->name, domainname); 7998c2ecf20Sopenharmony_ci goto force_jump_domain; 8008c2ecf20Sopenharmony_ci } 8018c2ecf20Sopenharmony_ci /* 8028c2ecf20Sopenharmony_ci * No domain transition preference specified. 8038c2ecf20Sopenharmony_ci * Calculate domain to transit to. 8048c2ecf20Sopenharmony_ci */ 8058c2ecf20Sopenharmony_ci switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname, 8068c2ecf20Sopenharmony_ci candidate)) { 8078c2ecf20Sopenharmony_ci case TOMOYO_TRANSITION_CONTROL_RESET: 8088c2ecf20Sopenharmony_ciforce_reset_domain: 8098c2ecf20Sopenharmony_ci /* Transit to the root of specified namespace. */ 8108c2ecf20Sopenharmony_ci snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", 8118c2ecf20Sopenharmony_ci candidate->name); 8128c2ecf20Sopenharmony_ci /* 8138c2ecf20Sopenharmony_ci * Make execve() fail if domain transition across namespaces 8148c2ecf20Sopenharmony_ci * has failed. 8158c2ecf20Sopenharmony_ci */ 8168c2ecf20Sopenharmony_ci reject_on_transition_failure = true; 8178c2ecf20Sopenharmony_ci break; 8188c2ecf20Sopenharmony_ci case TOMOYO_TRANSITION_CONTROL_INITIALIZE: 8198c2ecf20Sopenharmony_ciforce_initialize_domain: 8208c2ecf20Sopenharmony_ci /* Transit to the child of current namespace's root. */ 8218c2ecf20Sopenharmony_ci snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", 8228c2ecf20Sopenharmony_ci old_domain->ns->name, candidate->name); 8238c2ecf20Sopenharmony_ci break; 8248c2ecf20Sopenharmony_ci case TOMOYO_TRANSITION_CONTROL_KEEP: 8258c2ecf20Sopenharmony_ciforce_keep_domain: 8268c2ecf20Sopenharmony_ci /* Keep current domain. */ 8278c2ecf20Sopenharmony_ci domain = old_domain; 8288c2ecf20Sopenharmony_ci break; 8298c2ecf20Sopenharmony_ci default: 8308c2ecf20Sopenharmony_ci if (old_domain == &tomoyo_kernel_domain && 8318c2ecf20Sopenharmony_ci !tomoyo_policy_loaded) { 8328c2ecf20Sopenharmony_ci /* 8338c2ecf20Sopenharmony_ci * Needn't to transit from kernel domain before 8348c2ecf20Sopenharmony_ci * starting /sbin/init. But transit from kernel domain 8358c2ecf20Sopenharmony_ci * if executing initializers because they might start 8368c2ecf20Sopenharmony_ci * before /sbin/init. 8378c2ecf20Sopenharmony_ci */ 8388c2ecf20Sopenharmony_ci domain = old_domain; 8398c2ecf20Sopenharmony_ci break; 8408c2ecf20Sopenharmony_ci } 8418c2ecf20Sopenharmony_ciforce_child_domain: 8428c2ecf20Sopenharmony_ci /* Normal domain transition. */ 8438c2ecf20Sopenharmony_ci snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", 8448c2ecf20Sopenharmony_ci old_domain->domainname->name, candidate->name); 8458c2ecf20Sopenharmony_ci break; 8468c2ecf20Sopenharmony_ci } 8478c2ecf20Sopenharmony_ciforce_jump_domain: 8488c2ecf20Sopenharmony_ci if (!domain) 8498c2ecf20Sopenharmony_ci domain = tomoyo_assign_domain(ee->tmp, true); 8508c2ecf20Sopenharmony_ci if (domain) 8518c2ecf20Sopenharmony_ci retval = 0; 8528c2ecf20Sopenharmony_ci else if (reject_on_transition_failure) { 8538c2ecf20Sopenharmony_ci pr_warn("ERROR: Domain '%s' not ready.\n", ee->tmp); 8548c2ecf20Sopenharmony_ci retval = -ENOMEM; 8558c2ecf20Sopenharmony_ci } else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING) 8568c2ecf20Sopenharmony_ci retval = -ENOMEM; 8578c2ecf20Sopenharmony_ci else { 8588c2ecf20Sopenharmony_ci retval = 0; 8598c2ecf20Sopenharmony_ci if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) { 8608c2ecf20Sopenharmony_ci old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true; 8618c2ecf20Sopenharmony_ci ee->r.granted = false; 8628c2ecf20Sopenharmony_ci tomoyo_write_log(&ee->r, "%s", tomoyo_dif 8638c2ecf20Sopenharmony_ci [TOMOYO_DIF_TRANSITION_FAILED]); 8648c2ecf20Sopenharmony_ci pr_warn("ERROR: Domain '%s' not defined.\n", ee->tmp); 8658c2ecf20Sopenharmony_ci } 8668c2ecf20Sopenharmony_ci } 8678c2ecf20Sopenharmony_ci out: 8688c2ecf20Sopenharmony_ci if (!domain) 8698c2ecf20Sopenharmony_ci domain = old_domain; 8708c2ecf20Sopenharmony_ci /* Update reference count on "struct tomoyo_domain_info". */ 8718c2ecf20Sopenharmony_ci { 8728c2ecf20Sopenharmony_ci struct tomoyo_task *s = tomoyo_task(current); 8738c2ecf20Sopenharmony_ci 8748c2ecf20Sopenharmony_ci s->old_domain_info = s->domain_info; 8758c2ecf20Sopenharmony_ci s->domain_info = domain; 8768c2ecf20Sopenharmony_ci atomic_inc(&domain->users); 8778c2ecf20Sopenharmony_ci } 8788c2ecf20Sopenharmony_ci kfree(exename.name); 8798c2ecf20Sopenharmony_ci if (!retval) { 8808c2ecf20Sopenharmony_ci ee->r.domain = domain; 8818c2ecf20Sopenharmony_ci retval = tomoyo_environ(ee); 8828c2ecf20Sopenharmony_ci } 8838c2ecf20Sopenharmony_ci kfree(ee->tmp); 8848c2ecf20Sopenharmony_ci kfree(ee->dump.data); 8858c2ecf20Sopenharmony_ci kfree(ee); 8868c2ecf20Sopenharmony_ci return retval; 8878c2ecf20Sopenharmony_ci} 8888c2ecf20Sopenharmony_ci 8898c2ecf20Sopenharmony_ci/** 8908c2ecf20Sopenharmony_ci * tomoyo_dump_page - Dump a page to buffer. 8918c2ecf20Sopenharmony_ci * 8928c2ecf20Sopenharmony_ci * @bprm: Pointer to "struct linux_binprm". 8938c2ecf20Sopenharmony_ci * @pos: Location to dump. 8948c2ecf20Sopenharmony_ci * @dump: Poiner to "struct tomoyo_page_dump". 8958c2ecf20Sopenharmony_ci * 8968c2ecf20Sopenharmony_ci * Returns true on success, false otherwise. 8978c2ecf20Sopenharmony_ci */ 8988c2ecf20Sopenharmony_cibool tomoyo_dump_page(struct linux_binprm *bprm, unsigned long pos, 8998c2ecf20Sopenharmony_ci struct tomoyo_page_dump *dump) 9008c2ecf20Sopenharmony_ci{ 9018c2ecf20Sopenharmony_ci struct page *page; 9028c2ecf20Sopenharmony_ci 9038c2ecf20Sopenharmony_ci /* dump->data is released by tomoyo_find_next_domain(). */ 9048c2ecf20Sopenharmony_ci if (!dump->data) { 9058c2ecf20Sopenharmony_ci dump->data = kzalloc(PAGE_SIZE, GFP_NOFS); 9068c2ecf20Sopenharmony_ci if (!dump->data) 9078c2ecf20Sopenharmony_ci return false; 9088c2ecf20Sopenharmony_ci } 9098c2ecf20Sopenharmony_ci /* Same with get_arg_page(bprm, pos, 0) in fs/exec.c */ 9108c2ecf20Sopenharmony_ci#ifdef CONFIG_MMU 9118c2ecf20Sopenharmony_ci /* 9128c2ecf20Sopenharmony_ci * This is called at execve() time in order to dig around 9138c2ecf20Sopenharmony_ci * in the argv/environment of the new proceess 9148c2ecf20Sopenharmony_ci * (represented by bprm). 'current' is the process doing 9158c2ecf20Sopenharmony_ci * the execve(). 9168c2ecf20Sopenharmony_ci */ 9178c2ecf20Sopenharmony_ci if (get_user_pages_remote(bprm->mm, pos, 1, 9188c2ecf20Sopenharmony_ci FOLL_FORCE, &page, NULL, NULL) <= 0) 9198c2ecf20Sopenharmony_ci return false; 9208c2ecf20Sopenharmony_ci#else 9218c2ecf20Sopenharmony_ci page = bprm->page[pos / PAGE_SIZE]; 9228c2ecf20Sopenharmony_ci#endif 9238c2ecf20Sopenharmony_ci if (page != dump->page) { 9248c2ecf20Sopenharmony_ci const unsigned int offset = pos % PAGE_SIZE; 9258c2ecf20Sopenharmony_ci /* 9268c2ecf20Sopenharmony_ci * Maybe kmap()/kunmap() should be used here. 9278c2ecf20Sopenharmony_ci * But remove_arg_zero() uses kmap_atomic()/kunmap_atomic(). 9288c2ecf20Sopenharmony_ci * So do I. 9298c2ecf20Sopenharmony_ci */ 9308c2ecf20Sopenharmony_ci char *kaddr = kmap_atomic(page); 9318c2ecf20Sopenharmony_ci 9328c2ecf20Sopenharmony_ci dump->page = page; 9338c2ecf20Sopenharmony_ci memcpy(dump->data + offset, kaddr + offset, 9348c2ecf20Sopenharmony_ci PAGE_SIZE - offset); 9358c2ecf20Sopenharmony_ci kunmap_atomic(kaddr); 9368c2ecf20Sopenharmony_ci } 9378c2ecf20Sopenharmony_ci /* Same with put_arg_page(page) in fs/exec.c */ 9388c2ecf20Sopenharmony_ci#ifdef CONFIG_MMU 9398c2ecf20Sopenharmony_ci put_page(page); 9408c2ecf20Sopenharmony_ci#endif 9418c2ecf20Sopenharmony_ci return true; 9428c2ecf20Sopenharmony_ci} 943