Kyle Swenson | 8d8f654 | 2021-03-15 11:02:55 -0600 | [diff] [blame] | 1 | /* |
| 2 | * security/tomoyo/securityfs_if.c |
| 3 | * |
| 4 | * Copyright (C) 2005-2011 NTT DATA CORPORATION |
| 5 | */ |
| 6 | |
| 7 | #include <linux/security.h> |
| 8 | #include "common.h" |
| 9 | |
| 10 | /** |
| 11 | * tomoyo_check_task_acl - Check permission for task operation. |
| 12 | * |
| 13 | * @r: Pointer to "struct tomoyo_request_info". |
| 14 | * @ptr: Pointer to "struct tomoyo_acl_info". |
| 15 | * |
| 16 | * Returns true if granted, false otherwise. |
| 17 | */ |
| 18 | static bool tomoyo_check_task_acl(struct tomoyo_request_info *r, |
| 19 | const struct tomoyo_acl_info *ptr) |
| 20 | { |
| 21 | const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl), |
| 22 | head); |
| 23 | return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname); |
| 24 | } |
| 25 | |
| 26 | /** |
| 27 | * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface. |
| 28 | * |
| 29 | * @file: Pointer to "struct file". |
| 30 | * @buf: Domainname to transit to. |
| 31 | * @count: Size of @buf. |
| 32 | * @ppos: Unused. |
| 33 | * |
| 34 | * Returns @count on success, negative value otherwise. |
| 35 | * |
| 36 | * If domain transition was permitted but the domain transition failed, this |
| 37 | * function returns error rather than terminating current thread with SIGKILL. |
| 38 | */ |
| 39 | static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, |
| 40 | size_t count, loff_t *ppos) |
| 41 | { |
| 42 | char *data; |
| 43 | int error; |
| 44 | if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10) |
| 45 | return -ENOMEM; |
| 46 | data = kzalloc(count + 1, GFP_NOFS); |
| 47 | if (!data) |
| 48 | return -ENOMEM; |
| 49 | if (copy_from_user(data, buf, count)) { |
| 50 | error = -EFAULT; |
| 51 | goto out; |
| 52 | } |
| 53 | tomoyo_normalize_line(data); |
| 54 | if (tomoyo_correct_domain(data)) { |
| 55 | const int idx = tomoyo_read_lock(); |
| 56 | struct tomoyo_path_info name; |
| 57 | struct tomoyo_request_info r; |
| 58 | name.name = data; |
| 59 | tomoyo_fill_path_info(&name); |
| 60 | /* Check "task manual_domain_transition" permission. */ |
| 61 | tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); |
| 62 | r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL; |
| 63 | r.param.task.domainname = &name; |
| 64 | tomoyo_check_acl(&r, tomoyo_check_task_acl); |
| 65 | if (!r.granted) |
| 66 | error = -EPERM; |
| 67 | else { |
| 68 | struct tomoyo_domain_info *new_domain = |
| 69 | tomoyo_assign_domain(data, true); |
| 70 | if (!new_domain) { |
| 71 | error = -ENOENT; |
| 72 | } else { |
| 73 | struct cred *cred = prepare_creds(); |
| 74 | if (!cred) { |
| 75 | error = -ENOMEM; |
| 76 | } else { |
| 77 | struct tomoyo_domain_info *old_domain = |
| 78 | cred->security; |
| 79 | cred->security = new_domain; |
| 80 | atomic_inc(&new_domain->users); |
| 81 | atomic_dec(&old_domain->users); |
| 82 | commit_creds(cred); |
| 83 | error = 0; |
| 84 | } |
| 85 | } |
| 86 | } |
| 87 | tomoyo_read_unlock(idx); |
| 88 | } else |
| 89 | error = -EINVAL; |
| 90 | out: |
| 91 | kfree(data); |
| 92 | return error ? error : count; |
| 93 | } |
| 94 | |
| 95 | /** |
| 96 | * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface. |
| 97 | * |
| 98 | * @file: Pointer to "struct file". |
| 99 | * @buf: Domainname which current thread belongs to. |
| 100 | * @count: Size of @buf. |
| 101 | * @ppos: Bytes read by now. |
| 102 | * |
| 103 | * Returns read size on success, negative value otherwise. |
| 104 | */ |
| 105 | static ssize_t tomoyo_read_self(struct file *file, char __user *buf, |
| 106 | size_t count, loff_t *ppos) |
| 107 | { |
| 108 | const char *domain = tomoyo_domain()->domainname->name; |
| 109 | loff_t len = strlen(domain); |
| 110 | loff_t pos = *ppos; |
| 111 | if (pos >= len || !count) |
| 112 | return 0; |
| 113 | len -= pos; |
| 114 | if (count < len) |
| 115 | len = count; |
| 116 | if (copy_to_user(buf, domain + pos, len)) |
| 117 | return -EFAULT; |
| 118 | *ppos += len; |
| 119 | return len; |
| 120 | } |
| 121 | |
| 122 | /* Operations for /sys/kernel/security/tomoyo/self_domain interface. */ |
| 123 | static const struct file_operations tomoyo_self_operations = { |
| 124 | .write = tomoyo_write_self, |
| 125 | .read = tomoyo_read_self, |
| 126 | }; |
| 127 | |
| 128 | /** |
| 129 | * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. |
| 130 | * |
| 131 | * @inode: Pointer to "struct inode". |
| 132 | * @file: Pointer to "struct file". |
| 133 | * |
| 134 | * Returns 0 on success, negative value otherwise. |
| 135 | */ |
| 136 | static int tomoyo_open(struct inode *inode, struct file *file) |
| 137 | { |
| 138 | const int key = ((u8 *) file_inode(file)->i_private) |
| 139 | - ((u8 *) NULL); |
| 140 | return tomoyo_open_control(key, file); |
| 141 | } |
| 142 | |
| 143 | /** |
| 144 | * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. |
| 145 | * |
| 146 | * @file: Pointer to "struct file". |
| 147 | * |
| 148 | */ |
| 149 | static int tomoyo_release(struct inode *inode, struct file *file) |
| 150 | { |
| 151 | tomoyo_close_control(file->private_data); |
| 152 | return 0; |
| 153 | } |
| 154 | |
| 155 | /** |
| 156 | * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface. |
| 157 | * |
| 158 | * @file: Pointer to "struct file". |
| 159 | * @wait: Pointer to "poll_table". Maybe NULL. |
| 160 | * |
| 161 | * Returns POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM if ready to read/write, |
| 162 | * POLLOUT | POLLWRNORM otherwise. |
| 163 | */ |
| 164 | static unsigned int tomoyo_poll(struct file *file, poll_table *wait) |
| 165 | { |
| 166 | return tomoyo_poll_control(file, wait); |
| 167 | } |
| 168 | |
| 169 | /** |
| 170 | * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. |
| 171 | * |
| 172 | * @file: Pointer to "struct file". |
| 173 | * @buf: Pointer to buffer. |
| 174 | * @count: Size of @buf. |
| 175 | * @ppos: Unused. |
| 176 | * |
| 177 | * Returns bytes read on success, negative value otherwise. |
| 178 | */ |
| 179 | static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, |
| 180 | loff_t *ppos) |
| 181 | { |
| 182 | return tomoyo_read_control(file->private_data, buf, count); |
| 183 | } |
| 184 | |
| 185 | /** |
| 186 | * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. |
| 187 | * |
| 188 | * @file: Pointer to "struct file". |
| 189 | * @buf: Pointer to buffer. |
| 190 | * @count: Size of @buf. |
| 191 | * @ppos: Unused. |
| 192 | * |
| 193 | * Returns @count on success, negative value otherwise. |
| 194 | */ |
| 195 | static ssize_t tomoyo_write(struct file *file, const char __user *buf, |
| 196 | size_t count, loff_t *ppos) |
| 197 | { |
| 198 | return tomoyo_write_control(file->private_data, buf, count); |
| 199 | } |
| 200 | |
| 201 | /* |
| 202 | * tomoyo_operations is a "struct file_operations" which is used for handling |
| 203 | * /sys/kernel/security/tomoyo/ interface. |
| 204 | * |
| 205 | * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR). |
| 206 | * See tomoyo_io_buffer for internals. |
| 207 | */ |
| 208 | static const struct file_operations tomoyo_operations = { |
| 209 | .open = tomoyo_open, |
| 210 | .release = tomoyo_release, |
| 211 | .poll = tomoyo_poll, |
| 212 | .read = tomoyo_read, |
| 213 | .write = tomoyo_write, |
| 214 | .llseek = noop_llseek, |
| 215 | }; |
| 216 | |
| 217 | /** |
| 218 | * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory. |
| 219 | * |
| 220 | * @name: The name of the interface file. |
| 221 | * @mode: The permission of the interface file. |
| 222 | * @parent: The parent directory. |
| 223 | * @key: Type of interface. |
| 224 | * |
| 225 | * Returns nothing. |
| 226 | */ |
| 227 | static void __init tomoyo_create_entry(const char *name, const umode_t mode, |
| 228 | struct dentry *parent, const u8 key) |
| 229 | { |
| 230 | securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, |
| 231 | &tomoyo_operations); |
| 232 | } |
| 233 | |
| 234 | /** |
| 235 | * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. |
| 236 | * |
| 237 | * Returns 0. |
| 238 | */ |
| 239 | static int __init tomoyo_initerface_init(void) |
| 240 | { |
| 241 | struct dentry *tomoyo_dir; |
| 242 | |
| 243 | /* Don't create securityfs entries unless registered. */ |
| 244 | if (current_cred()->security != &tomoyo_kernel_domain) |
| 245 | return 0; |
| 246 | |
| 247 | tomoyo_dir = securityfs_create_dir("tomoyo", NULL); |
| 248 | tomoyo_create_entry("query", 0600, tomoyo_dir, |
| 249 | TOMOYO_QUERY); |
| 250 | tomoyo_create_entry("domain_policy", 0600, tomoyo_dir, |
| 251 | TOMOYO_DOMAINPOLICY); |
| 252 | tomoyo_create_entry("exception_policy", 0600, tomoyo_dir, |
| 253 | TOMOYO_EXCEPTIONPOLICY); |
| 254 | tomoyo_create_entry("audit", 0400, tomoyo_dir, |
| 255 | TOMOYO_AUDIT); |
| 256 | tomoyo_create_entry(".process_status", 0600, tomoyo_dir, |
| 257 | TOMOYO_PROCESS_STATUS); |
| 258 | tomoyo_create_entry("stat", 0644, tomoyo_dir, |
| 259 | TOMOYO_STAT); |
| 260 | tomoyo_create_entry("profile", 0600, tomoyo_dir, |
| 261 | TOMOYO_PROFILE); |
| 262 | tomoyo_create_entry("manager", 0600, tomoyo_dir, |
| 263 | TOMOYO_MANAGER); |
| 264 | tomoyo_create_entry("version", 0400, tomoyo_dir, |
| 265 | TOMOYO_VERSION); |
| 266 | securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL, |
| 267 | &tomoyo_self_operations); |
| 268 | tomoyo_load_builtin_policy(); |
| 269 | return 0; |
| 270 | } |
| 271 | |
| 272 | fs_initcall(tomoyo_initerface_init); |