securityfs_if.c 7.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * security/tomoyo/securityfs_if.c
  4. *
  5. * Copyright (C) 2005-2011 NTT DATA CORPORATION
  6. */
  7. #include <linux/security.h>
  8. #include "common.h"
  9. /**
  10. * tomoyo_check_task_acl - Check permission for task operation.
  11. *
  12. * @r: Pointer to "struct tomoyo_request_info".
  13. * @ptr: Pointer to "struct tomoyo_acl_info".
  14. *
  15. * Returns true if granted, false otherwise.
  16. */
  17. static bool tomoyo_check_task_acl(struct tomoyo_request_info *r,
  18. const struct tomoyo_acl_info *ptr)
  19. {
  20. const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl),
  21. head);
  22. return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname);
  23. }
  24. /**
  25. * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface.
  26. *
  27. * @file: Pointer to "struct file".
  28. * @buf: Domainname to transit to.
  29. * @count: Size of @buf.
  30. * @ppos: Unused.
  31. *
  32. * Returns @count on success, negative value otherwise.
  33. *
  34. * If domain transition was permitted but the domain transition failed, this
  35. * function returns error rather than terminating current thread with SIGKILL.
  36. */
  37. static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
  38. size_t count, loff_t *ppos)
  39. {
  40. char *data;
  41. int error;
  42. if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10)
  43. return -ENOMEM;
  44. data = memdup_user_nul(buf, count);
  45. if (IS_ERR(data))
  46. return PTR_ERR(data);
  47. tomoyo_normalize_line(data);
  48. if (tomoyo_correct_domain(data)) {
  49. const int idx = tomoyo_read_lock();
  50. struct tomoyo_path_info name;
  51. struct tomoyo_request_info r;
  52. name.name = data;
  53. tomoyo_fill_path_info(&name);
  54. /* Check "task manual_domain_transition" permission. */
  55. tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
  56. r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL;
  57. r.param.task.domainname = &name;
  58. tomoyo_check_acl(&r, tomoyo_check_task_acl);
  59. if (!r.granted)
  60. error = -EPERM;
  61. else {
  62. struct tomoyo_domain_info *new_domain =
  63. tomoyo_assign_domain(data, true);
  64. if (!new_domain) {
  65. error = -ENOENT;
  66. } else {
  67. struct cred *cred = prepare_creds();
  68. if (!cred) {
  69. error = -ENOMEM;
  70. } else {
  71. struct tomoyo_domain_info *old_domain =
  72. cred->security;
  73. cred->security = new_domain;
  74. atomic_inc(&new_domain->users);
  75. atomic_dec(&old_domain->users);
  76. commit_creds(cred);
  77. error = 0;
  78. }
  79. }
  80. }
  81. tomoyo_read_unlock(idx);
  82. } else
  83. error = -EINVAL;
  84. kfree(data);
  85. return error ? error : count;
  86. }
  87. /**
  88. * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface.
  89. *
  90. * @file: Pointer to "struct file".
  91. * @buf: Domainname which current thread belongs to.
  92. * @count: Size of @buf.
  93. * @ppos: Bytes read by now.
  94. *
  95. * Returns read size on success, negative value otherwise.
  96. */
  97. static ssize_t tomoyo_read_self(struct file *file, char __user *buf,
  98. size_t count, loff_t *ppos)
  99. {
  100. const char *domain = tomoyo_domain()->domainname->name;
  101. loff_t len = strlen(domain);
  102. loff_t pos = *ppos;
  103. if (pos >= len || !count)
  104. return 0;
  105. len -= pos;
  106. if (count < len)
  107. len = count;
  108. if (copy_to_user(buf, domain + pos, len))
  109. return -EFAULT;
  110. *ppos += len;
  111. return len;
  112. }
  113. /* Operations for /sys/kernel/security/tomoyo/self_domain interface. */
  114. static const struct file_operations tomoyo_self_operations = {
  115. .write = tomoyo_write_self,
  116. .read = tomoyo_read_self,
  117. };
  118. /**
  119. * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
  120. *
  121. * @inode: Pointer to "struct inode".
  122. * @file: Pointer to "struct file".
  123. *
  124. * Returns 0 on success, negative value otherwise.
  125. */
  126. static int tomoyo_open(struct inode *inode, struct file *file)
  127. {
  128. const int key = ((u8 *) file_inode(file)->i_private)
  129. - ((u8 *) NULL);
  130. return tomoyo_open_control(key, file);
  131. }
  132. /**
  133. * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
  134. *
  135. * @file: Pointer to "struct file".
  136. *
  137. */
  138. static int tomoyo_release(struct inode *inode, struct file *file)
  139. {
  140. tomoyo_close_control(file->private_data);
  141. return 0;
  142. }
  143. /**
  144. * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
  145. *
  146. * @file: Pointer to "struct file".
  147. * @wait: Pointer to "poll_table". Maybe NULL.
  148. *
  149. * Returns EPOLLIN | EPOLLRDNORM | EPOLLOUT | EPOLLWRNORM if ready to read/write,
  150. * EPOLLOUT | EPOLLWRNORM otherwise.
  151. */
  152. static __poll_t tomoyo_poll(struct file *file, poll_table *wait)
  153. {
  154. return tomoyo_poll_control(file, wait);
  155. }
  156. /**
  157. * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
  158. *
  159. * @file: Pointer to "struct file".
  160. * @buf: Pointer to buffer.
  161. * @count: Size of @buf.
  162. * @ppos: Unused.
  163. *
  164. * Returns bytes read on success, negative value otherwise.
  165. */
  166. static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
  167. loff_t *ppos)
  168. {
  169. return tomoyo_read_control(file->private_data, buf, count);
  170. }
  171. /**
  172. * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
  173. *
  174. * @file: Pointer to "struct file".
  175. * @buf: Pointer to buffer.
  176. * @count: Size of @buf.
  177. * @ppos: Unused.
  178. *
  179. * Returns @count on success, negative value otherwise.
  180. */
  181. static ssize_t tomoyo_write(struct file *file, const char __user *buf,
  182. size_t count, loff_t *ppos)
  183. {
  184. return tomoyo_write_control(file->private_data, buf, count);
  185. }
  186. /*
  187. * tomoyo_operations is a "struct file_operations" which is used for handling
  188. * /sys/kernel/security/tomoyo/ interface.
  189. *
  190. * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
  191. * See tomoyo_io_buffer for internals.
  192. */
  193. static const struct file_operations tomoyo_operations = {
  194. .open = tomoyo_open,
  195. .release = tomoyo_release,
  196. .poll = tomoyo_poll,
  197. .read = tomoyo_read,
  198. .write = tomoyo_write,
  199. .llseek = noop_llseek,
  200. };
  201. /**
  202. * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
  203. *
  204. * @name: The name of the interface file.
  205. * @mode: The permission of the interface file.
  206. * @parent: The parent directory.
  207. * @key: Type of interface.
  208. *
  209. * Returns nothing.
  210. */
  211. static void __init tomoyo_create_entry(const char *name, const umode_t mode,
  212. struct dentry *parent, const u8 key)
  213. {
  214. securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
  215. &tomoyo_operations);
  216. }
  217. /**
  218. * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
  219. *
  220. * Returns 0.
  221. */
  222. static int __init tomoyo_initerface_init(void)
  223. {
  224. struct dentry *tomoyo_dir;
  225. /* Don't create securityfs entries unless registered. */
  226. if (current_cred()->security != &tomoyo_kernel_domain)
  227. return 0;
  228. tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
  229. tomoyo_create_entry("query", 0600, tomoyo_dir,
  230. TOMOYO_QUERY);
  231. tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
  232. TOMOYO_DOMAINPOLICY);
  233. tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
  234. TOMOYO_EXCEPTIONPOLICY);
  235. tomoyo_create_entry("audit", 0400, tomoyo_dir,
  236. TOMOYO_AUDIT);
  237. tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
  238. TOMOYO_PROCESS_STATUS);
  239. tomoyo_create_entry("stat", 0644, tomoyo_dir,
  240. TOMOYO_STAT);
  241. tomoyo_create_entry("profile", 0600, tomoyo_dir,
  242. TOMOYO_PROFILE);
  243. tomoyo_create_entry("manager", 0600, tomoyo_dir,
  244. TOMOYO_MANAGER);
  245. tomoyo_create_entry("version", 0400, tomoyo_dir,
  246. TOMOYO_VERSION);
  247. securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL,
  248. &tomoyo_self_operations);
  249. tomoyo_load_builtin_policy();
  250. return 0;
  251. }
  252. fs_initcall(tomoyo_initerface_init);