162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * security/tomoyo/realpath.c 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (C) 2005-2011 NTT DATA CORPORATION 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#include "common.h" 962306a36Sopenharmony_ci#include <linux/magic.h> 1062306a36Sopenharmony_ci#include <linux/proc_fs.h> 1162306a36Sopenharmony_ci 1262306a36Sopenharmony_ci/** 1362306a36Sopenharmony_ci * tomoyo_encode2 - Encode binary string to ascii string. 1462306a36Sopenharmony_ci * 1562306a36Sopenharmony_ci * @str: String in binary format. 1662306a36Sopenharmony_ci * @str_len: Size of @str in byte. 1762306a36Sopenharmony_ci * 1862306a36Sopenharmony_ci * Returns pointer to @str in ascii format on success, NULL otherwise. 1962306a36Sopenharmony_ci * 2062306a36Sopenharmony_ci * This function uses kzalloc(), so caller must kfree() if this function 2162306a36Sopenharmony_ci * didn't return NULL. 2262306a36Sopenharmony_ci */ 2362306a36Sopenharmony_cichar *tomoyo_encode2(const char *str, int str_len) 2462306a36Sopenharmony_ci{ 2562306a36Sopenharmony_ci int i; 2662306a36Sopenharmony_ci int len = 0; 2762306a36Sopenharmony_ci const char *p = str; 2862306a36Sopenharmony_ci char *cp; 2962306a36Sopenharmony_ci char *cp0; 3062306a36Sopenharmony_ci 3162306a36Sopenharmony_ci if (!p) 3262306a36Sopenharmony_ci return NULL; 3362306a36Sopenharmony_ci for (i = 0; i < str_len; i++) { 3462306a36Sopenharmony_ci const unsigned char c = p[i]; 3562306a36Sopenharmony_ci 3662306a36Sopenharmony_ci if (c == '\\') 3762306a36Sopenharmony_ci len += 2; 3862306a36Sopenharmony_ci else if (c > ' ' && c < 127) 3962306a36Sopenharmony_ci len++; 4062306a36Sopenharmony_ci else 4162306a36Sopenharmony_ci len += 4; 4262306a36Sopenharmony_ci } 4362306a36Sopenharmony_ci len++; 4462306a36Sopenharmony_ci /* Reserve space for appending "/". */ 4562306a36Sopenharmony_ci cp = kzalloc(len + 10, GFP_NOFS); 4662306a36Sopenharmony_ci if (!cp) 4762306a36Sopenharmony_ci return NULL; 4862306a36Sopenharmony_ci cp0 = cp; 4962306a36Sopenharmony_ci p = str; 5062306a36Sopenharmony_ci for (i = 0; i < str_len; i++) { 5162306a36Sopenharmony_ci const unsigned char c = p[i]; 5262306a36Sopenharmony_ci 5362306a36Sopenharmony_ci if (c == '\\') { 5462306a36Sopenharmony_ci *cp++ = '\\'; 5562306a36Sopenharmony_ci *cp++ = '\\'; 5662306a36Sopenharmony_ci } else if (c > ' ' && c < 127) { 5762306a36Sopenharmony_ci *cp++ = c; 5862306a36Sopenharmony_ci } else { 5962306a36Sopenharmony_ci *cp++ = '\\'; 6062306a36Sopenharmony_ci *cp++ = (c >> 6) + '0'; 6162306a36Sopenharmony_ci *cp++ = ((c >> 3) & 7) + '0'; 6262306a36Sopenharmony_ci *cp++ = (c & 7) + '0'; 6362306a36Sopenharmony_ci } 6462306a36Sopenharmony_ci } 6562306a36Sopenharmony_ci return cp0; 6662306a36Sopenharmony_ci} 6762306a36Sopenharmony_ci 6862306a36Sopenharmony_ci/** 6962306a36Sopenharmony_ci * tomoyo_encode - Encode binary string to ascii string. 7062306a36Sopenharmony_ci * 7162306a36Sopenharmony_ci * @str: String in binary format. 7262306a36Sopenharmony_ci * 7362306a36Sopenharmony_ci * Returns pointer to @str in ascii format on success, NULL otherwise. 7462306a36Sopenharmony_ci * 7562306a36Sopenharmony_ci * This function uses kzalloc(), so caller must kfree() if this function 7662306a36Sopenharmony_ci * didn't return NULL. 7762306a36Sopenharmony_ci */ 7862306a36Sopenharmony_cichar *tomoyo_encode(const char *str) 7962306a36Sopenharmony_ci{ 8062306a36Sopenharmony_ci return str ? tomoyo_encode2(str, strlen(str)) : NULL; 8162306a36Sopenharmony_ci} 8262306a36Sopenharmony_ci 8362306a36Sopenharmony_ci/** 8462306a36Sopenharmony_ci * tomoyo_get_absolute_path - Get the path of a dentry but ignores chroot'ed root. 8562306a36Sopenharmony_ci * 8662306a36Sopenharmony_ci * @path: Pointer to "struct path". 8762306a36Sopenharmony_ci * @buffer: Pointer to buffer to return value in. 8862306a36Sopenharmony_ci * @buflen: Sizeof @buffer. 8962306a36Sopenharmony_ci * 9062306a36Sopenharmony_ci * Returns the buffer on success, an error code otherwise. 9162306a36Sopenharmony_ci * 9262306a36Sopenharmony_ci * If dentry is a directory, trailing '/' is appended. 9362306a36Sopenharmony_ci */ 9462306a36Sopenharmony_cistatic char *tomoyo_get_absolute_path(const struct path *path, char * const buffer, 9562306a36Sopenharmony_ci const int buflen) 9662306a36Sopenharmony_ci{ 9762306a36Sopenharmony_ci char *pos = ERR_PTR(-ENOMEM); 9862306a36Sopenharmony_ci 9962306a36Sopenharmony_ci if (buflen >= 256) { 10062306a36Sopenharmony_ci /* go to whatever namespace root we are under */ 10162306a36Sopenharmony_ci pos = d_absolute_path(path, buffer, buflen - 1); 10262306a36Sopenharmony_ci if (!IS_ERR(pos) && *pos == '/' && pos[1]) { 10362306a36Sopenharmony_ci struct inode *inode = d_backing_inode(path->dentry); 10462306a36Sopenharmony_ci 10562306a36Sopenharmony_ci if (inode && S_ISDIR(inode->i_mode)) { 10662306a36Sopenharmony_ci buffer[buflen - 2] = '/'; 10762306a36Sopenharmony_ci buffer[buflen - 1] = '\0'; 10862306a36Sopenharmony_ci } 10962306a36Sopenharmony_ci } 11062306a36Sopenharmony_ci } 11162306a36Sopenharmony_ci return pos; 11262306a36Sopenharmony_ci} 11362306a36Sopenharmony_ci 11462306a36Sopenharmony_ci/** 11562306a36Sopenharmony_ci * tomoyo_get_dentry_path - Get the path of a dentry. 11662306a36Sopenharmony_ci * 11762306a36Sopenharmony_ci * @dentry: Pointer to "struct dentry". 11862306a36Sopenharmony_ci * @buffer: Pointer to buffer to return value in. 11962306a36Sopenharmony_ci * @buflen: Sizeof @buffer. 12062306a36Sopenharmony_ci * 12162306a36Sopenharmony_ci * Returns the buffer on success, an error code otherwise. 12262306a36Sopenharmony_ci * 12362306a36Sopenharmony_ci * If dentry is a directory, trailing '/' is appended. 12462306a36Sopenharmony_ci */ 12562306a36Sopenharmony_cistatic char *tomoyo_get_dentry_path(struct dentry *dentry, char * const buffer, 12662306a36Sopenharmony_ci const int buflen) 12762306a36Sopenharmony_ci{ 12862306a36Sopenharmony_ci char *pos = ERR_PTR(-ENOMEM); 12962306a36Sopenharmony_ci 13062306a36Sopenharmony_ci if (buflen >= 256) { 13162306a36Sopenharmony_ci pos = dentry_path_raw(dentry, buffer, buflen - 1); 13262306a36Sopenharmony_ci if (!IS_ERR(pos) && *pos == '/' && pos[1]) { 13362306a36Sopenharmony_ci struct inode *inode = d_backing_inode(dentry); 13462306a36Sopenharmony_ci 13562306a36Sopenharmony_ci if (inode && S_ISDIR(inode->i_mode)) { 13662306a36Sopenharmony_ci buffer[buflen - 2] = '/'; 13762306a36Sopenharmony_ci buffer[buflen - 1] = '\0'; 13862306a36Sopenharmony_ci } 13962306a36Sopenharmony_ci } 14062306a36Sopenharmony_ci } 14162306a36Sopenharmony_ci return pos; 14262306a36Sopenharmony_ci} 14362306a36Sopenharmony_ci 14462306a36Sopenharmony_ci/** 14562306a36Sopenharmony_ci * tomoyo_get_local_path - Get the path of a dentry. 14662306a36Sopenharmony_ci * 14762306a36Sopenharmony_ci * @dentry: Pointer to "struct dentry". 14862306a36Sopenharmony_ci * @buffer: Pointer to buffer to return value in. 14962306a36Sopenharmony_ci * @buflen: Sizeof @buffer. 15062306a36Sopenharmony_ci * 15162306a36Sopenharmony_ci * Returns the buffer on success, an error code otherwise. 15262306a36Sopenharmony_ci */ 15362306a36Sopenharmony_cistatic char *tomoyo_get_local_path(struct dentry *dentry, char * const buffer, 15462306a36Sopenharmony_ci const int buflen) 15562306a36Sopenharmony_ci{ 15662306a36Sopenharmony_ci struct super_block *sb = dentry->d_sb; 15762306a36Sopenharmony_ci char *pos = tomoyo_get_dentry_path(dentry, buffer, buflen); 15862306a36Sopenharmony_ci 15962306a36Sopenharmony_ci if (IS_ERR(pos)) 16062306a36Sopenharmony_ci return pos; 16162306a36Sopenharmony_ci /* Convert from $PID to self if $PID is current thread. */ 16262306a36Sopenharmony_ci if (sb->s_magic == PROC_SUPER_MAGIC && *pos == '/') { 16362306a36Sopenharmony_ci char *ep; 16462306a36Sopenharmony_ci const pid_t pid = (pid_t) simple_strtoul(pos + 1, &ep, 10); 16562306a36Sopenharmony_ci struct pid_namespace *proc_pidns = proc_pid_ns(sb); 16662306a36Sopenharmony_ci 16762306a36Sopenharmony_ci if (*ep == '/' && pid && pid == 16862306a36Sopenharmony_ci task_tgid_nr_ns(current, proc_pidns)) { 16962306a36Sopenharmony_ci pos = ep - 5; 17062306a36Sopenharmony_ci if (pos < buffer) 17162306a36Sopenharmony_ci goto out; 17262306a36Sopenharmony_ci memmove(pos, "/self", 5); 17362306a36Sopenharmony_ci } 17462306a36Sopenharmony_ci goto prepend_filesystem_name; 17562306a36Sopenharmony_ci } 17662306a36Sopenharmony_ci /* Use filesystem name for unnamed devices. */ 17762306a36Sopenharmony_ci if (!MAJOR(sb->s_dev)) 17862306a36Sopenharmony_ci goto prepend_filesystem_name; 17962306a36Sopenharmony_ci { 18062306a36Sopenharmony_ci struct inode *inode = d_backing_inode(sb->s_root); 18162306a36Sopenharmony_ci 18262306a36Sopenharmony_ci /* 18362306a36Sopenharmony_ci * Use filesystem name if filesystem does not support rename() 18462306a36Sopenharmony_ci * operation. 18562306a36Sopenharmony_ci */ 18662306a36Sopenharmony_ci if (!inode->i_op->rename) 18762306a36Sopenharmony_ci goto prepend_filesystem_name; 18862306a36Sopenharmony_ci } 18962306a36Sopenharmony_ci /* Prepend device name. */ 19062306a36Sopenharmony_ci { 19162306a36Sopenharmony_ci char name[64]; 19262306a36Sopenharmony_ci int name_len; 19362306a36Sopenharmony_ci const dev_t dev = sb->s_dev; 19462306a36Sopenharmony_ci 19562306a36Sopenharmony_ci name[sizeof(name) - 1] = '\0'; 19662306a36Sopenharmony_ci snprintf(name, sizeof(name) - 1, "dev(%u,%u):", MAJOR(dev), 19762306a36Sopenharmony_ci MINOR(dev)); 19862306a36Sopenharmony_ci name_len = strlen(name); 19962306a36Sopenharmony_ci pos -= name_len; 20062306a36Sopenharmony_ci if (pos < buffer) 20162306a36Sopenharmony_ci goto out; 20262306a36Sopenharmony_ci memmove(pos, name, name_len); 20362306a36Sopenharmony_ci return pos; 20462306a36Sopenharmony_ci } 20562306a36Sopenharmony_ci /* Prepend filesystem name. */ 20662306a36Sopenharmony_ciprepend_filesystem_name: 20762306a36Sopenharmony_ci { 20862306a36Sopenharmony_ci const char *name = sb->s_type->name; 20962306a36Sopenharmony_ci const int name_len = strlen(name); 21062306a36Sopenharmony_ci 21162306a36Sopenharmony_ci pos -= name_len + 1; 21262306a36Sopenharmony_ci if (pos < buffer) 21362306a36Sopenharmony_ci goto out; 21462306a36Sopenharmony_ci memmove(pos, name, name_len); 21562306a36Sopenharmony_ci pos[name_len] = ':'; 21662306a36Sopenharmony_ci } 21762306a36Sopenharmony_ci return pos; 21862306a36Sopenharmony_ciout: 21962306a36Sopenharmony_ci return ERR_PTR(-ENOMEM); 22062306a36Sopenharmony_ci} 22162306a36Sopenharmony_ci 22262306a36Sopenharmony_ci/** 22362306a36Sopenharmony_ci * tomoyo_realpath_from_path - Returns realpath(3) of the given pathname but ignores chroot'ed root. 22462306a36Sopenharmony_ci * 22562306a36Sopenharmony_ci * @path: Pointer to "struct path". 22662306a36Sopenharmony_ci * 22762306a36Sopenharmony_ci * Returns the realpath of the given @path on success, NULL otherwise. 22862306a36Sopenharmony_ci * 22962306a36Sopenharmony_ci * If dentry is a directory, trailing '/' is appended. 23062306a36Sopenharmony_ci * Characters out of 0x20 < c < 0x7F range are converted to 23162306a36Sopenharmony_ci * \ooo style octal string. 23262306a36Sopenharmony_ci * Character \ is converted to \\ string. 23362306a36Sopenharmony_ci * 23462306a36Sopenharmony_ci * These functions use kzalloc(), so the caller must call kfree() 23562306a36Sopenharmony_ci * if these functions didn't return NULL. 23662306a36Sopenharmony_ci */ 23762306a36Sopenharmony_cichar *tomoyo_realpath_from_path(const struct path *path) 23862306a36Sopenharmony_ci{ 23962306a36Sopenharmony_ci char *buf = NULL; 24062306a36Sopenharmony_ci char *name = NULL; 24162306a36Sopenharmony_ci unsigned int buf_len = PAGE_SIZE / 2; 24262306a36Sopenharmony_ci struct dentry *dentry = path->dentry; 24362306a36Sopenharmony_ci struct super_block *sb = dentry->d_sb; 24462306a36Sopenharmony_ci 24562306a36Sopenharmony_ci while (1) { 24662306a36Sopenharmony_ci char *pos; 24762306a36Sopenharmony_ci struct inode *inode; 24862306a36Sopenharmony_ci 24962306a36Sopenharmony_ci buf_len <<= 1; 25062306a36Sopenharmony_ci kfree(buf); 25162306a36Sopenharmony_ci buf = kmalloc(buf_len, GFP_NOFS); 25262306a36Sopenharmony_ci if (!buf) 25362306a36Sopenharmony_ci break; 25462306a36Sopenharmony_ci /* To make sure that pos is '\0' terminated. */ 25562306a36Sopenharmony_ci buf[buf_len - 1] = '\0'; 25662306a36Sopenharmony_ci /* For "pipe:[\$]" and "socket:[\$]". */ 25762306a36Sopenharmony_ci if (dentry->d_op && dentry->d_op->d_dname) { 25862306a36Sopenharmony_ci pos = dentry->d_op->d_dname(dentry, buf, buf_len - 1); 25962306a36Sopenharmony_ci goto encode; 26062306a36Sopenharmony_ci } 26162306a36Sopenharmony_ci inode = d_backing_inode(sb->s_root); 26262306a36Sopenharmony_ci /* 26362306a36Sopenharmony_ci * Get local name for filesystems without rename() operation 26462306a36Sopenharmony_ci */ 26562306a36Sopenharmony_ci if ((!inode->i_op->rename && 26662306a36Sopenharmony_ci !(sb->s_type->fs_flags & FS_REQUIRES_DEV))) 26762306a36Sopenharmony_ci pos = tomoyo_get_local_path(path->dentry, buf, 26862306a36Sopenharmony_ci buf_len - 1); 26962306a36Sopenharmony_ci /* Get absolute name for the rest. */ 27062306a36Sopenharmony_ci else { 27162306a36Sopenharmony_ci pos = tomoyo_get_absolute_path(path, buf, buf_len - 1); 27262306a36Sopenharmony_ci /* 27362306a36Sopenharmony_ci * Fall back to local name if absolute name is not 27462306a36Sopenharmony_ci * available. 27562306a36Sopenharmony_ci */ 27662306a36Sopenharmony_ci if (pos == ERR_PTR(-EINVAL)) 27762306a36Sopenharmony_ci pos = tomoyo_get_local_path(path->dentry, buf, 27862306a36Sopenharmony_ci buf_len - 1); 27962306a36Sopenharmony_ci } 28062306a36Sopenharmony_ciencode: 28162306a36Sopenharmony_ci if (IS_ERR(pos)) 28262306a36Sopenharmony_ci continue; 28362306a36Sopenharmony_ci name = tomoyo_encode(pos); 28462306a36Sopenharmony_ci break; 28562306a36Sopenharmony_ci } 28662306a36Sopenharmony_ci kfree(buf); 28762306a36Sopenharmony_ci if (!name) 28862306a36Sopenharmony_ci tomoyo_warn_oom(__func__); 28962306a36Sopenharmony_ci return name; 29062306a36Sopenharmony_ci} 29162306a36Sopenharmony_ci 29262306a36Sopenharmony_ci/** 29362306a36Sopenharmony_ci * tomoyo_realpath_nofollow - Get realpath of a pathname. 29462306a36Sopenharmony_ci * 29562306a36Sopenharmony_ci * @pathname: The pathname to solve. 29662306a36Sopenharmony_ci * 29762306a36Sopenharmony_ci * Returns the realpath of @pathname on success, NULL otherwise. 29862306a36Sopenharmony_ci */ 29962306a36Sopenharmony_cichar *tomoyo_realpath_nofollow(const char *pathname) 30062306a36Sopenharmony_ci{ 30162306a36Sopenharmony_ci struct path path; 30262306a36Sopenharmony_ci 30362306a36Sopenharmony_ci if (pathname && kern_path(pathname, 0, &path) == 0) { 30462306a36Sopenharmony_ci char *buf = tomoyo_realpath_from_path(&path); 30562306a36Sopenharmony_ci 30662306a36Sopenharmony_ci path_put(&path); 30762306a36Sopenharmony_ci return buf; 30862306a36Sopenharmony_ci } 30962306a36Sopenharmony_ci return NULL; 31062306a36Sopenharmony_ci} 311