162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * security/tomoyo/tomoyo.c 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (C) 2005-2011 NTT DATA CORPORATION 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#include <linux/lsm_hooks.h> 962306a36Sopenharmony_ci#include "common.h" 1062306a36Sopenharmony_ci 1162306a36Sopenharmony_ci/** 1262306a36Sopenharmony_ci * tomoyo_domain - Get "struct tomoyo_domain_info" for current thread. 1362306a36Sopenharmony_ci * 1462306a36Sopenharmony_ci * Returns pointer to "struct tomoyo_domain_info" for current thread. 1562306a36Sopenharmony_ci */ 1662306a36Sopenharmony_cistruct tomoyo_domain_info *tomoyo_domain(void) 1762306a36Sopenharmony_ci{ 1862306a36Sopenharmony_ci struct tomoyo_task *s = tomoyo_task(current); 1962306a36Sopenharmony_ci 2062306a36Sopenharmony_ci if (s->old_domain_info && !current->in_execve) { 2162306a36Sopenharmony_ci atomic_dec(&s->old_domain_info->users); 2262306a36Sopenharmony_ci s->old_domain_info = NULL; 2362306a36Sopenharmony_ci } 2462306a36Sopenharmony_ci return s->domain_info; 2562306a36Sopenharmony_ci} 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_ci/** 2862306a36Sopenharmony_ci * tomoyo_cred_prepare - Target for security_prepare_creds(). 2962306a36Sopenharmony_ci * 3062306a36Sopenharmony_ci * @new: Pointer to "struct cred". 3162306a36Sopenharmony_ci * @old: Pointer to "struct cred". 3262306a36Sopenharmony_ci * @gfp: Memory allocation flags. 3362306a36Sopenharmony_ci * 3462306a36Sopenharmony_ci * Returns 0. 3562306a36Sopenharmony_ci */ 3662306a36Sopenharmony_cistatic int tomoyo_cred_prepare(struct cred *new, const struct cred *old, 3762306a36Sopenharmony_ci gfp_t gfp) 3862306a36Sopenharmony_ci{ 3962306a36Sopenharmony_ci /* Restore old_domain_info saved by previous execve() request. */ 4062306a36Sopenharmony_ci struct tomoyo_task *s = tomoyo_task(current); 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_ci if (s->old_domain_info && !current->in_execve) { 4362306a36Sopenharmony_ci atomic_dec(&s->domain_info->users); 4462306a36Sopenharmony_ci s->domain_info = s->old_domain_info; 4562306a36Sopenharmony_ci s->old_domain_info = NULL; 4662306a36Sopenharmony_ci } 4762306a36Sopenharmony_ci return 0; 4862306a36Sopenharmony_ci} 4962306a36Sopenharmony_ci 5062306a36Sopenharmony_ci/** 5162306a36Sopenharmony_ci * tomoyo_bprm_committed_creds - Target for security_bprm_committed_creds(). 5262306a36Sopenharmony_ci * 5362306a36Sopenharmony_ci * @bprm: Pointer to "struct linux_binprm". 5462306a36Sopenharmony_ci */ 5562306a36Sopenharmony_cistatic void tomoyo_bprm_committed_creds(struct linux_binprm *bprm) 5662306a36Sopenharmony_ci{ 5762306a36Sopenharmony_ci /* Clear old_domain_info saved by execve() request. */ 5862306a36Sopenharmony_ci struct tomoyo_task *s = tomoyo_task(current); 5962306a36Sopenharmony_ci 6062306a36Sopenharmony_ci atomic_dec(&s->old_domain_info->users); 6162306a36Sopenharmony_ci s->old_domain_info = NULL; 6262306a36Sopenharmony_ci} 6362306a36Sopenharmony_ci 6462306a36Sopenharmony_ci#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 6562306a36Sopenharmony_ci/** 6662306a36Sopenharmony_ci * tomoyo_bprm_creds_for_exec - Target for security_bprm_creds_for_exec(). 6762306a36Sopenharmony_ci * 6862306a36Sopenharmony_ci * @bprm: Pointer to "struct linux_binprm". 6962306a36Sopenharmony_ci * 7062306a36Sopenharmony_ci * Returns 0. 7162306a36Sopenharmony_ci */ 7262306a36Sopenharmony_cistatic int tomoyo_bprm_creds_for_exec(struct linux_binprm *bprm) 7362306a36Sopenharmony_ci{ 7462306a36Sopenharmony_ci /* 7562306a36Sopenharmony_ci * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested 7662306a36Sopenharmony_ci * for the first time. 7762306a36Sopenharmony_ci */ 7862306a36Sopenharmony_ci if (!tomoyo_policy_loaded) 7962306a36Sopenharmony_ci tomoyo_load_policy(bprm->filename); 8062306a36Sopenharmony_ci return 0; 8162306a36Sopenharmony_ci} 8262306a36Sopenharmony_ci#endif 8362306a36Sopenharmony_ci 8462306a36Sopenharmony_ci/** 8562306a36Sopenharmony_ci * tomoyo_bprm_check_security - Target for security_bprm_check(). 8662306a36Sopenharmony_ci * 8762306a36Sopenharmony_ci * @bprm: Pointer to "struct linux_binprm". 8862306a36Sopenharmony_ci * 8962306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 9062306a36Sopenharmony_ci */ 9162306a36Sopenharmony_cistatic int tomoyo_bprm_check_security(struct linux_binprm *bprm) 9262306a36Sopenharmony_ci{ 9362306a36Sopenharmony_ci struct tomoyo_task *s = tomoyo_task(current); 9462306a36Sopenharmony_ci 9562306a36Sopenharmony_ci /* 9662306a36Sopenharmony_ci * Execute permission is checked against pathname passed to execve() 9762306a36Sopenharmony_ci * using current domain. 9862306a36Sopenharmony_ci */ 9962306a36Sopenharmony_ci if (!s->old_domain_info) { 10062306a36Sopenharmony_ci const int idx = tomoyo_read_lock(); 10162306a36Sopenharmony_ci const int err = tomoyo_find_next_domain(bprm); 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_ci tomoyo_read_unlock(idx); 10462306a36Sopenharmony_ci return err; 10562306a36Sopenharmony_ci } 10662306a36Sopenharmony_ci /* 10762306a36Sopenharmony_ci * Read permission is checked against interpreters using next domain. 10862306a36Sopenharmony_ci */ 10962306a36Sopenharmony_ci return tomoyo_check_open_permission(s->domain_info, 11062306a36Sopenharmony_ci &bprm->file->f_path, O_RDONLY); 11162306a36Sopenharmony_ci} 11262306a36Sopenharmony_ci 11362306a36Sopenharmony_ci/** 11462306a36Sopenharmony_ci * tomoyo_inode_getattr - Target for security_inode_getattr(). 11562306a36Sopenharmony_ci * 11662306a36Sopenharmony_ci * @path: Pointer to "struct path". 11762306a36Sopenharmony_ci * 11862306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 11962306a36Sopenharmony_ci */ 12062306a36Sopenharmony_cistatic int tomoyo_inode_getattr(const struct path *path) 12162306a36Sopenharmony_ci{ 12262306a36Sopenharmony_ci return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL); 12362306a36Sopenharmony_ci} 12462306a36Sopenharmony_ci 12562306a36Sopenharmony_ci/** 12662306a36Sopenharmony_ci * tomoyo_path_truncate - Target for security_path_truncate(). 12762306a36Sopenharmony_ci * 12862306a36Sopenharmony_ci * @path: Pointer to "struct path". 12962306a36Sopenharmony_ci * 13062306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 13162306a36Sopenharmony_ci */ 13262306a36Sopenharmony_cistatic int tomoyo_path_truncate(const struct path *path) 13362306a36Sopenharmony_ci{ 13462306a36Sopenharmony_ci return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL); 13562306a36Sopenharmony_ci} 13662306a36Sopenharmony_ci 13762306a36Sopenharmony_ci/** 13862306a36Sopenharmony_ci * tomoyo_file_truncate - Target for security_file_truncate(). 13962306a36Sopenharmony_ci * 14062306a36Sopenharmony_ci * @file: Pointer to "struct file". 14162306a36Sopenharmony_ci * 14262306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 14362306a36Sopenharmony_ci */ 14462306a36Sopenharmony_cistatic int tomoyo_file_truncate(struct file *file) 14562306a36Sopenharmony_ci{ 14662306a36Sopenharmony_ci return tomoyo_path_truncate(&file->f_path); 14762306a36Sopenharmony_ci} 14862306a36Sopenharmony_ci 14962306a36Sopenharmony_ci/** 15062306a36Sopenharmony_ci * tomoyo_path_unlink - Target for security_path_unlink(). 15162306a36Sopenharmony_ci * 15262306a36Sopenharmony_ci * @parent: Pointer to "struct path". 15362306a36Sopenharmony_ci * @dentry: Pointer to "struct dentry". 15462306a36Sopenharmony_ci * 15562306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 15662306a36Sopenharmony_ci */ 15762306a36Sopenharmony_cistatic int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) 15862306a36Sopenharmony_ci{ 15962306a36Sopenharmony_ci struct path path = { .mnt = parent->mnt, .dentry = dentry }; 16062306a36Sopenharmony_ci 16162306a36Sopenharmony_ci return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); 16262306a36Sopenharmony_ci} 16362306a36Sopenharmony_ci 16462306a36Sopenharmony_ci/** 16562306a36Sopenharmony_ci * tomoyo_path_mkdir - Target for security_path_mkdir(). 16662306a36Sopenharmony_ci * 16762306a36Sopenharmony_ci * @parent: Pointer to "struct path". 16862306a36Sopenharmony_ci * @dentry: Pointer to "struct dentry". 16962306a36Sopenharmony_ci * @mode: DAC permission mode. 17062306a36Sopenharmony_ci * 17162306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 17262306a36Sopenharmony_ci */ 17362306a36Sopenharmony_cistatic int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, 17462306a36Sopenharmony_ci umode_t mode) 17562306a36Sopenharmony_ci{ 17662306a36Sopenharmony_ci struct path path = { .mnt = parent->mnt, .dentry = dentry }; 17762306a36Sopenharmony_ci 17862306a36Sopenharmony_ci return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, 17962306a36Sopenharmony_ci mode & S_IALLUGO); 18062306a36Sopenharmony_ci} 18162306a36Sopenharmony_ci 18262306a36Sopenharmony_ci/** 18362306a36Sopenharmony_ci * tomoyo_path_rmdir - Target for security_path_rmdir(). 18462306a36Sopenharmony_ci * 18562306a36Sopenharmony_ci * @parent: Pointer to "struct path". 18662306a36Sopenharmony_ci * @dentry: Pointer to "struct dentry". 18762306a36Sopenharmony_ci * 18862306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 18962306a36Sopenharmony_ci */ 19062306a36Sopenharmony_cistatic int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) 19162306a36Sopenharmony_ci{ 19262306a36Sopenharmony_ci struct path path = { .mnt = parent->mnt, .dentry = dentry }; 19362306a36Sopenharmony_ci 19462306a36Sopenharmony_ci return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); 19562306a36Sopenharmony_ci} 19662306a36Sopenharmony_ci 19762306a36Sopenharmony_ci/** 19862306a36Sopenharmony_ci * tomoyo_path_symlink - Target for security_path_symlink(). 19962306a36Sopenharmony_ci * 20062306a36Sopenharmony_ci * @parent: Pointer to "struct path". 20162306a36Sopenharmony_ci * @dentry: Pointer to "struct dentry". 20262306a36Sopenharmony_ci * @old_name: Symlink's content. 20362306a36Sopenharmony_ci * 20462306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 20562306a36Sopenharmony_ci */ 20662306a36Sopenharmony_cistatic int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, 20762306a36Sopenharmony_ci const char *old_name) 20862306a36Sopenharmony_ci{ 20962306a36Sopenharmony_ci struct path path = { .mnt = parent->mnt, .dentry = dentry }; 21062306a36Sopenharmony_ci 21162306a36Sopenharmony_ci return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); 21262306a36Sopenharmony_ci} 21362306a36Sopenharmony_ci 21462306a36Sopenharmony_ci/** 21562306a36Sopenharmony_ci * tomoyo_path_mknod - Target for security_path_mknod(). 21662306a36Sopenharmony_ci * 21762306a36Sopenharmony_ci * @parent: Pointer to "struct path". 21862306a36Sopenharmony_ci * @dentry: Pointer to "struct dentry". 21962306a36Sopenharmony_ci * @mode: DAC permission mode. 22062306a36Sopenharmony_ci * @dev: Device attributes. 22162306a36Sopenharmony_ci * 22262306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 22362306a36Sopenharmony_ci */ 22462306a36Sopenharmony_cistatic int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, 22562306a36Sopenharmony_ci umode_t mode, unsigned int dev) 22662306a36Sopenharmony_ci{ 22762306a36Sopenharmony_ci struct path path = { .mnt = parent->mnt, .dentry = dentry }; 22862306a36Sopenharmony_ci int type = TOMOYO_TYPE_CREATE; 22962306a36Sopenharmony_ci const unsigned int perm = mode & S_IALLUGO; 23062306a36Sopenharmony_ci 23162306a36Sopenharmony_ci switch (mode & S_IFMT) { 23262306a36Sopenharmony_ci case S_IFCHR: 23362306a36Sopenharmony_ci type = TOMOYO_TYPE_MKCHAR; 23462306a36Sopenharmony_ci break; 23562306a36Sopenharmony_ci case S_IFBLK: 23662306a36Sopenharmony_ci type = TOMOYO_TYPE_MKBLOCK; 23762306a36Sopenharmony_ci break; 23862306a36Sopenharmony_ci default: 23962306a36Sopenharmony_ci goto no_dev; 24062306a36Sopenharmony_ci } 24162306a36Sopenharmony_ci return tomoyo_mkdev_perm(type, &path, perm, dev); 24262306a36Sopenharmony_ci no_dev: 24362306a36Sopenharmony_ci switch (mode & S_IFMT) { 24462306a36Sopenharmony_ci case S_IFIFO: 24562306a36Sopenharmony_ci type = TOMOYO_TYPE_MKFIFO; 24662306a36Sopenharmony_ci break; 24762306a36Sopenharmony_ci case S_IFSOCK: 24862306a36Sopenharmony_ci type = TOMOYO_TYPE_MKSOCK; 24962306a36Sopenharmony_ci break; 25062306a36Sopenharmony_ci } 25162306a36Sopenharmony_ci return tomoyo_path_number_perm(type, &path, perm); 25262306a36Sopenharmony_ci} 25362306a36Sopenharmony_ci 25462306a36Sopenharmony_ci/** 25562306a36Sopenharmony_ci * tomoyo_path_link - Target for security_path_link(). 25662306a36Sopenharmony_ci * 25762306a36Sopenharmony_ci * @old_dentry: Pointer to "struct dentry". 25862306a36Sopenharmony_ci * @new_dir: Pointer to "struct path". 25962306a36Sopenharmony_ci * @new_dentry: Pointer to "struct dentry". 26062306a36Sopenharmony_ci * 26162306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 26262306a36Sopenharmony_ci */ 26362306a36Sopenharmony_cistatic int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir, 26462306a36Sopenharmony_ci struct dentry *new_dentry) 26562306a36Sopenharmony_ci{ 26662306a36Sopenharmony_ci struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry }; 26762306a36Sopenharmony_ci struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry }; 26862306a36Sopenharmony_ci 26962306a36Sopenharmony_ci return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); 27062306a36Sopenharmony_ci} 27162306a36Sopenharmony_ci 27262306a36Sopenharmony_ci/** 27362306a36Sopenharmony_ci * tomoyo_path_rename - Target for security_path_rename(). 27462306a36Sopenharmony_ci * 27562306a36Sopenharmony_ci * @old_parent: Pointer to "struct path". 27662306a36Sopenharmony_ci * @old_dentry: Pointer to "struct dentry". 27762306a36Sopenharmony_ci * @new_parent: Pointer to "struct path". 27862306a36Sopenharmony_ci * @new_dentry: Pointer to "struct dentry". 27962306a36Sopenharmony_ci * @flags: Rename options. 28062306a36Sopenharmony_ci * 28162306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 28262306a36Sopenharmony_ci */ 28362306a36Sopenharmony_cistatic int tomoyo_path_rename(const struct path *old_parent, 28462306a36Sopenharmony_ci struct dentry *old_dentry, 28562306a36Sopenharmony_ci const struct path *new_parent, 28662306a36Sopenharmony_ci struct dentry *new_dentry, 28762306a36Sopenharmony_ci const unsigned int flags) 28862306a36Sopenharmony_ci{ 28962306a36Sopenharmony_ci struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry }; 29062306a36Sopenharmony_ci struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry }; 29162306a36Sopenharmony_ci 29262306a36Sopenharmony_ci if (flags & RENAME_EXCHANGE) { 29362306a36Sopenharmony_ci const int err = tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path2, 29462306a36Sopenharmony_ci &path1); 29562306a36Sopenharmony_ci 29662306a36Sopenharmony_ci if (err) 29762306a36Sopenharmony_ci return err; 29862306a36Sopenharmony_ci } 29962306a36Sopenharmony_ci return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); 30062306a36Sopenharmony_ci} 30162306a36Sopenharmony_ci 30262306a36Sopenharmony_ci/** 30362306a36Sopenharmony_ci * tomoyo_file_fcntl - Target for security_file_fcntl(). 30462306a36Sopenharmony_ci * 30562306a36Sopenharmony_ci * @file: Pointer to "struct file". 30662306a36Sopenharmony_ci * @cmd: Command for fcntl(). 30762306a36Sopenharmony_ci * @arg: Argument for @cmd. 30862306a36Sopenharmony_ci * 30962306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 31062306a36Sopenharmony_ci */ 31162306a36Sopenharmony_cistatic int tomoyo_file_fcntl(struct file *file, unsigned int cmd, 31262306a36Sopenharmony_ci unsigned long arg) 31362306a36Sopenharmony_ci{ 31462306a36Sopenharmony_ci if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND))) 31562306a36Sopenharmony_ci return 0; 31662306a36Sopenharmony_ci return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path, 31762306a36Sopenharmony_ci O_WRONLY | (arg & O_APPEND)); 31862306a36Sopenharmony_ci} 31962306a36Sopenharmony_ci 32062306a36Sopenharmony_ci/** 32162306a36Sopenharmony_ci * tomoyo_file_open - Target for security_file_open(). 32262306a36Sopenharmony_ci * 32362306a36Sopenharmony_ci * @f: Pointer to "struct file". 32462306a36Sopenharmony_ci * 32562306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 32662306a36Sopenharmony_ci */ 32762306a36Sopenharmony_cistatic int tomoyo_file_open(struct file *f) 32862306a36Sopenharmony_ci{ 32962306a36Sopenharmony_ci /* Don't check read permission here if called from execve(). */ 33062306a36Sopenharmony_ci if (current->in_execve) 33162306a36Sopenharmony_ci return 0; 33262306a36Sopenharmony_ci return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, 33362306a36Sopenharmony_ci f->f_flags); 33462306a36Sopenharmony_ci} 33562306a36Sopenharmony_ci 33662306a36Sopenharmony_ci/** 33762306a36Sopenharmony_ci * tomoyo_file_ioctl - Target for security_file_ioctl(). 33862306a36Sopenharmony_ci * 33962306a36Sopenharmony_ci * @file: Pointer to "struct file". 34062306a36Sopenharmony_ci * @cmd: Command for ioctl(). 34162306a36Sopenharmony_ci * @arg: Argument for @cmd. 34262306a36Sopenharmony_ci * 34362306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 34462306a36Sopenharmony_ci */ 34562306a36Sopenharmony_cistatic int tomoyo_file_ioctl(struct file *file, unsigned int cmd, 34662306a36Sopenharmony_ci unsigned long arg) 34762306a36Sopenharmony_ci{ 34862306a36Sopenharmony_ci return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd); 34962306a36Sopenharmony_ci} 35062306a36Sopenharmony_ci 35162306a36Sopenharmony_ci/** 35262306a36Sopenharmony_ci * tomoyo_path_chmod - Target for security_path_chmod(). 35362306a36Sopenharmony_ci * 35462306a36Sopenharmony_ci * @path: Pointer to "struct path". 35562306a36Sopenharmony_ci * @mode: DAC permission mode. 35662306a36Sopenharmony_ci * 35762306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 35862306a36Sopenharmony_ci */ 35962306a36Sopenharmony_cistatic int tomoyo_path_chmod(const struct path *path, umode_t mode) 36062306a36Sopenharmony_ci{ 36162306a36Sopenharmony_ci return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path, 36262306a36Sopenharmony_ci mode & S_IALLUGO); 36362306a36Sopenharmony_ci} 36462306a36Sopenharmony_ci 36562306a36Sopenharmony_ci/** 36662306a36Sopenharmony_ci * tomoyo_path_chown - Target for security_path_chown(). 36762306a36Sopenharmony_ci * 36862306a36Sopenharmony_ci * @path: Pointer to "struct path". 36962306a36Sopenharmony_ci * @uid: Owner ID. 37062306a36Sopenharmony_ci * @gid: Group ID. 37162306a36Sopenharmony_ci * 37262306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 37362306a36Sopenharmony_ci */ 37462306a36Sopenharmony_cistatic int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 37562306a36Sopenharmony_ci{ 37662306a36Sopenharmony_ci int error = 0; 37762306a36Sopenharmony_ci 37862306a36Sopenharmony_ci if (uid_valid(uid)) 37962306a36Sopenharmony_ci error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, 38062306a36Sopenharmony_ci from_kuid(&init_user_ns, uid)); 38162306a36Sopenharmony_ci if (!error && gid_valid(gid)) 38262306a36Sopenharmony_ci error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, 38362306a36Sopenharmony_ci from_kgid(&init_user_ns, gid)); 38462306a36Sopenharmony_ci return error; 38562306a36Sopenharmony_ci} 38662306a36Sopenharmony_ci 38762306a36Sopenharmony_ci/** 38862306a36Sopenharmony_ci * tomoyo_path_chroot - Target for security_path_chroot(). 38962306a36Sopenharmony_ci * 39062306a36Sopenharmony_ci * @path: Pointer to "struct path". 39162306a36Sopenharmony_ci * 39262306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 39362306a36Sopenharmony_ci */ 39462306a36Sopenharmony_cistatic int tomoyo_path_chroot(const struct path *path) 39562306a36Sopenharmony_ci{ 39662306a36Sopenharmony_ci return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL); 39762306a36Sopenharmony_ci} 39862306a36Sopenharmony_ci 39962306a36Sopenharmony_ci/** 40062306a36Sopenharmony_ci * tomoyo_sb_mount - Target for security_sb_mount(). 40162306a36Sopenharmony_ci * 40262306a36Sopenharmony_ci * @dev_name: Name of device file. Maybe NULL. 40362306a36Sopenharmony_ci * @path: Pointer to "struct path". 40462306a36Sopenharmony_ci * @type: Name of filesystem type. Maybe NULL. 40562306a36Sopenharmony_ci * @flags: Mount options. 40662306a36Sopenharmony_ci * @data: Optional data. Maybe NULL. 40762306a36Sopenharmony_ci * 40862306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 40962306a36Sopenharmony_ci */ 41062306a36Sopenharmony_cistatic int tomoyo_sb_mount(const char *dev_name, const struct path *path, 41162306a36Sopenharmony_ci const char *type, unsigned long flags, void *data) 41262306a36Sopenharmony_ci{ 41362306a36Sopenharmony_ci return tomoyo_mount_permission(dev_name, path, type, flags, data); 41462306a36Sopenharmony_ci} 41562306a36Sopenharmony_ci 41662306a36Sopenharmony_ci/** 41762306a36Sopenharmony_ci * tomoyo_sb_umount - Target for security_sb_umount(). 41862306a36Sopenharmony_ci * 41962306a36Sopenharmony_ci * @mnt: Pointer to "struct vfsmount". 42062306a36Sopenharmony_ci * @flags: Unmount options. 42162306a36Sopenharmony_ci * 42262306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 42362306a36Sopenharmony_ci */ 42462306a36Sopenharmony_cistatic int tomoyo_sb_umount(struct vfsmount *mnt, int flags) 42562306a36Sopenharmony_ci{ 42662306a36Sopenharmony_ci struct path path = { .mnt = mnt, .dentry = mnt->mnt_root }; 42762306a36Sopenharmony_ci 42862306a36Sopenharmony_ci return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); 42962306a36Sopenharmony_ci} 43062306a36Sopenharmony_ci 43162306a36Sopenharmony_ci/** 43262306a36Sopenharmony_ci * tomoyo_sb_pivotroot - Target for security_sb_pivotroot(). 43362306a36Sopenharmony_ci * 43462306a36Sopenharmony_ci * @old_path: Pointer to "struct path". 43562306a36Sopenharmony_ci * @new_path: Pointer to "struct path". 43662306a36Sopenharmony_ci * 43762306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 43862306a36Sopenharmony_ci */ 43962306a36Sopenharmony_cistatic int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path) 44062306a36Sopenharmony_ci{ 44162306a36Sopenharmony_ci return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); 44262306a36Sopenharmony_ci} 44362306a36Sopenharmony_ci 44462306a36Sopenharmony_ci/** 44562306a36Sopenharmony_ci * tomoyo_socket_listen - Check permission for listen(). 44662306a36Sopenharmony_ci * 44762306a36Sopenharmony_ci * @sock: Pointer to "struct socket". 44862306a36Sopenharmony_ci * @backlog: Backlog parameter. 44962306a36Sopenharmony_ci * 45062306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 45162306a36Sopenharmony_ci */ 45262306a36Sopenharmony_cistatic int tomoyo_socket_listen(struct socket *sock, int backlog) 45362306a36Sopenharmony_ci{ 45462306a36Sopenharmony_ci return tomoyo_socket_listen_permission(sock); 45562306a36Sopenharmony_ci} 45662306a36Sopenharmony_ci 45762306a36Sopenharmony_ci/** 45862306a36Sopenharmony_ci * tomoyo_socket_connect - Check permission for connect(). 45962306a36Sopenharmony_ci * 46062306a36Sopenharmony_ci * @sock: Pointer to "struct socket". 46162306a36Sopenharmony_ci * @addr: Pointer to "struct sockaddr". 46262306a36Sopenharmony_ci * @addr_len: Size of @addr. 46362306a36Sopenharmony_ci * 46462306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 46562306a36Sopenharmony_ci */ 46662306a36Sopenharmony_cistatic int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr, 46762306a36Sopenharmony_ci int addr_len) 46862306a36Sopenharmony_ci{ 46962306a36Sopenharmony_ci return tomoyo_socket_connect_permission(sock, addr, addr_len); 47062306a36Sopenharmony_ci} 47162306a36Sopenharmony_ci 47262306a36Sopenharmony_ci/** 47362306a36Sopenharmony_ci * tomoyo_socket_bind - Check permission for bind(). 47462306a36Sopenharmony_ci * 47562306a36Sopenharmony_ci * @sock: Pointer to "struct socket". 47662306a36Sopenharmony_ci * @addr: Pointer to "struct sockaddr". 47762306a36Sopenharmony_ci * @addr_len: Size of @addr. 47862306a36Sopenharmony_ci * 47962306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 48062306a36Sopenharmony_ci */ 48162306a36Sopenharmony_cistatic int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr, 48262306a36Sopenharmony_ci int addr_len) 48362306a36Sopenharmony_ci{ 48462306a36Sopenharmony_ci return tomoyo_socket_bind_permission(sock, addr, addr_len); 48562306a36Sopenharmony_ci} 48662306a36Sopenharmony_ci 48762306a36Sopenharmony_ci/** 48862306a36Sopenharmony_ci * tomoyo_socket_sendmsg - Check permission for sendmsg(). 48962306a36Sopenharmony_ci * 49062306a36Sopenharmony_ci * @sock: Pointer to "struct socket". 49162306a36Sopenharmony_ci * @msg: Pointer to "struct msghdr". 49262306a36Sopenharmony_ci * @size: Size of message. 49362306a36Sopenharmony_ci * 49462306a36Sopenharmony_ci * Returns 0 on success, negative value otherwise. 49562306a36Sopenharmony_ci */ 49662306a36Sopenharmony_cistatic int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, 49762306a36Sopenharmony_ci int size) 49862306a36Sopenharmony_ci{ 49962306a36Sopenharmony_ci return tomoyo_socket_sendmsg_permission(sock, msg, size); 50062306a36Sopenharmony_ci} 50162306a36Sopenharmony_ci 50262306a36Sopenharmony_cistruct lsm_blob_sizes tomoyo_blob_sizes __ro_after_init = { 50362306a36Sopenharmony_ci .lbs_task = sizeof(struct tomoyo_task), 50462306a36Sopenharmony_ci}; 50562306a36Sopenharmony_ci 50662306a36Sopenharmony_ci/** 50762306a36Sopenharmony_ci * tomoyo_task_alloc - Target for security_task_alloc(). 50862306a36Sopenharmony_ci * 50962306a36Sopenharmony_ci * @task: Pointer to "struct task_struct". 51062306a36Sopenharmony_ci * @clone_flags: clone() flags. 51162306a36Sopenharmony_ci * 51262306a36Sopenharmony_ci * Returns 0. 51362306a36Sopenharmony_ci */ 51462306a36Sopenharmony_cistatic int tomoyo_task_alloc(struct task_struct *task, 51562306a36Sopenharmony_ci unsigned long clone_flags) 51662306a36Sopenharmony_ci{ 51762306a36Sopenharmony_ci struct tomoyo_task *old = tomoyo_task(current); 51862306a36Sopenharmony_ci struct tomoyo_task *new = tomoyo_task(task); 51962306a36Sopenharmony_ci 52062306a36Sopenharmony_ci new->domain_info = old->domain_info; 52162306a36Sopenharmony_ci atomic_inc(&new->domain_info->users); 52262306a36Sopenharmony_ci new->old_domain_info = NULL; 52362306a36Sopenharmony_ci return 0; 52462306a36Sopenharmony_ci} 52562306a36Sopenharmony_ci 52662306a36Sopenharmony_ci/** 52762306a36Sopenharmony_ci * tomoyo_task_free - Target for security_task_free(). 52862306a36Sopenharmony_ci * 52962306a36Sopenharmony_ci * @task: Pointer to "struct task_struct". 53062306a36Sopenharmony_ci */ 53162306a36Sopenharmony_cistatic void tomoyo_task_free(struct task_struct *task) 53262306a36Sopenharmony_ci{ 53362306a36Sopenharmony_ci struct tomoyo_task *s = tomoyo_task(task); 53462306a36Sopenharmony_ci 53562306a36Sopenharmony_ci if (s->domain_info) { 53662306a36Sopenharmony_ci atomic_dec(&s->domain_info->users); 53762306a36Sopenharmony_ci s->domain_info = NULL; 53862306a36Sopenharmony_ci } 53962306a36Sopenharmony_ci if (s->old_domain_info) { 54062306a36Sopenharmony_ci atomic_dec(&s->old_domain_info->users); 54162306a36Sopenharmony_ci s->old_domain_info = NULL; 54262306a36Sopenharmony_ci } 54362306a36Sopenharmony_ci} 54462306a36Sopenharmony_ci 54562306a36Sopenharmony_ci/* 54662306a36Sopenharmony_ci * tomoyo_security_ops is a "struct security_operations" which is used for 54762306a36Sopenharmony_ci * registering TOMOYO. 54862306a36Sopenharmony_ci */ 54962306a36Sopenharmony_cistatic struct security_hook_list tomoyo_hooks[] __ro_after_init = { 55062306a36Sopenharmony_ci LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare), 55162306a36Sopenharmony_ci LSM_HOOK_INIT(bprm_committed_creds, tomoyo_bprm_committed_creds), 55262306a36Sopenharmony_ci LSM_HOOK_INIT(task_alloc, tomoyo_task_alloc), 55362306a36Sopenharmony_ci LSM_HOOK_INIT(task_free, tomoyo_task_free), 55462306a36Sopenharmony_ci#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 55562306a36Sopenharmony_ci LSM_HOOK_INIT(bprm_creds_for_exec, tomoyo_bprm_creds_for_exec), 55662306a36Sopenharmony_ci#endif 55762306a36Sopenharmony_ci LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security), 55862306a36Sopenharmony_ci LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl), 55962306a36Sopenharmony_ci LSM_HOOK_INIT(file_open, tomoyo_file_open), 56062306a36Sopenharmony_ci LSM_HOOK_INIT(file_truncate, tomoyo_file_truncate), 56162306a36Sopenharmony_ci LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate), 56262306a36Sopenharmony_ci LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink), 56362306a36Sopenharmony_ci LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir), 56462306a36Sopenharmony_ci LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir), 56562306a36Sopenharmony_ci LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink), 56662306a36Sopenharmony_ci LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod), 56762306a36Sopenharmony_ci LSM_HOOK_INIT(path_link, tomoyo_path_link), 56862306a36Sopenharmony_ci LSM_HOOK_INIT(path_rename, tomoyo_path_rename), 56962306a36Sopenharmony_ci LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr), 57062306a36Sopenharmony_ci LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl), 57162306a36Sopenharmony_ci LSM_HOOK_INIT(file_ioctl_compat, tomoyo_file_ioctl), 57262306a36Sopenharmony_ci LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod), 57362306a36Sopenharmony_ci LSM_HOOK_INIT(path_chown, tomoyo_path_chown), 57462306a36Sopenharmony_ci LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot), 57562306a36Sopenharmony_ci LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount), 57662306a36Sopenharmony_ci LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount), 57762306a36Sopenharmony_ci LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot), 57862306a36Sopenharmony_ci LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind), 57962306a36Sopenharmony_ci LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect), 58062306a36Sopenharmony_ci LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen), 58162306a36Sopenharmony_ci LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg), 58262306a36Sopenharmony_ci}; 58362306a36Sopenharmony_ci 58462306a36Sopenharmony_ci/* Lock for GC. */ 58562306a36Sopenharmony_ciDEFINE_SRCU(tomoyo_ss); 58662306a36Sopenharmony_ci 58762306a36Sopenharmony_ciint tomoyo_enabled __ro_after_init = 1; 58862306a36Sopenharmony_ci 58962306a36Sopenharmony_ci/** 59062306a36Sopenharmony_ci * tomoyo_init - Register TOMOYO Linux as a LSM module. 59162306a36Sopenharmony_ci * 59262306a36Sopenharmony_ci * Returns 0. 59362306a36Sopenharmony_ci */ 59462306a36Sopenharmony_cistatic int __init tomoyo_init(void) 59562306a36Sopenharmony_ci{ 59662306a36Sopenharmony_ci struct tomoyo_task *s = tomoyo_task(current); 59762306a36Sopenharmony_ci 59862306a36Sopenharmony_ci /* register ourselves with the security framework */ 59962306a36Sopenharmony_ci security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo"); 60062306a36Sopenharmony_ci pr_info("TOMOYO Linux initialized\n"); 60162306a36Sopenharmony_ci s->domain_info = &tomoyo_kernel_domain; 60262306a36Sopenharmony_ci atomic_inc(&tomoyo_kernel_domain.users); 60362306a36Sopenharmony_ci s->old_domain_info = NULL; 60462306a36Sopenharmony_ci tomoyo_mm_init(); 60562306a36Sopenharmony_ci 60662306a36Sopenharmony_ci return 0; 60762306a36Sopenharmony_ci} 60862306a36Sopenharmony_ci 60962306a36Sopenharmony_ciDEFINE_LSM(tomoyo) = { 61062306a36Sopenharmony_ci .name = "tomoyo", 61162306a36Sopenharmony_ci .enabled = &tomoyo_enabled, 61262306a36Sopenharmony_ci .flags = LSM_FLAG_LEGACY_MAJOR, 61362306a36Sopenharmony_ci .blobs = &tomoyo_blob_sizes, 61462306a36Sopenharmony_ci .init = tomoyo_init, 61562306a36Sopenharmony_ci}; 616