123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269 |
- // SPDX-License-Identifier: GPL-2.0
- /*
- * security/tomoyo/securityfs_if.c
- *
- * Copyright (C) 2005-2011 NTT DATA CORPORATION
- */
- #include <linux/security.h>
- #include "common.h"
- /**
- * tomoyo_check_task_acl - Check permission for task operation.
- *
- * @r: Pointer to "struct tomoyo_request_info".
- * @ptr: Pointer to "struct tomoyo_acl_info".
- *
- * Returns true if granted, false otherwise.
- */
- static bool tomoyo_check_task_acl(struct tomoyo_request_info *r,
- const struct tomoyo_acl_info *ptr)
- {
- const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl),
- head);
- return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname);
- }
- /**
- * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface.
- *
- * @file: Pointer to "struct file".
- * @buf: Domainname to transit to.
- * @count: Size of @buf.
- * @ppos: Unused.
- *
- * Returns @count on success, negative value otherwise.
- *
- * If domain transition was permitted but the domain transition failed, this
- * function returns error rather than terminating current thread with SIGKILL.
- */
- static ssize_t tomoyo_write_self(struct file *file, const char __user *buf,
- size_t count, loff_t *ppos)
- {
- char *data;
- int error;
- if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10)
- return -ENOMEM;
- data = memdup_user_nul(buf, count);
- if (IS_ERR(data))
- return PTR_ERR(data);
- tomoyo_normalize_line(data);
- if (tomoyo_correct_domain(data)) {
- const int idx = tomoyo_read_lock();
- struct tomoyo_path_info name;
- struct tomoyo_request_info r;
- name.name = data;
- tomoyo_fill_path_info(&name);
- /* Check "task manual_domain_transition" permission. */
- tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
- r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL;
- r.param.task.domainname = &name;
- tomoyo_check_acl(&r, tomoyo_check_task_acl);
- if (!r.granted)
- error = -EPERM;
- else {
- struct tomoyo_domain_info *new_domain =
- tomoyo_assign_domain(data, true);
- if (!new_domain) {
- error = -ENOENT;
- } else {
- struct cred *cred = prepare_creds();
- if (!cred) {
- error = -ENOMEM;
- } else {
- struct tomoyo_domain_info *old_domain =
- cred->security;
- cred->security = new_domain;
- atomic_inc(&new_domain->users);
- atomic_dec(&old_domain->users);
- commit_creds(cred);
- error = 0;
- }
- }
- }
- tomoyo_read_unlock(idx);
- } else
- error = -EINVAL;
- kfree(data);
- return error ? error : count;
- }
- /**
- * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface.
- *
- * @file: Pointer to "struct file".
- * @buf: Domainname which current thread belongs to.
- * @count: Size of @buf.
- * @ppos: Bytes read by now.
- *
- * Returns read size on success, negative value otherwise.
- */
- static ssize_t tomoyo_read_self(struct file *file, char __user *buf,
- size_t count, loff_t *ppos)
- {
- const char *domain = tomoyo_domain()->domainname->name;
- loff_t len = strlen(domain);
- loff_t pos = *ppos;
- if (pos >= len || !count)
- return 0;
- len -= pos;
- if (count < len)
- len = count;
- if (copy_to_user(buf, domain + pos, len))
- return -EFAULT;
- *ppos += len;
- return len;
- }
- /* Operations for /sys/kernel/security/tomoyo/self_domain interface. */
- static const struct file_operations tomoyo_self_operations = {
- .write = tomoyo_write_self,
- .read = tomoyo_read_self,
- };
- /**
- * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface.
- *
- * @inode: Pointer to "struct inode".
- * @file: Pointer to "struct file".
- *
- * Returns 0 on success, negative value otherwise.
- */
- static int tomoyo_open(struct inode *inode, struct file *file)
- {
- const int key = ((u8 *) file_inode(file)->i_private)
- - ((u8 *) NULL);
- return tomoyo_open_control(key, file);
- }
- /**
- * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface.
- *
- * @file: Pointer to "struct file".
- *
- */
- static int tomoyo_release(struct inode *inode, struct file *file)
- {
- tomoyo_close_control(file->private_data);
- return 0;
- }
- /**
- * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
- *
- * @file: Pointer to "struct file".
- * @wait: Pointer to "poll_table". Maybe NULL.
- *
- * Returns EPOLLIN | EPOLLRDNORM | EPOLLOUT | EPOLLWRNORM if ready to read/write,
- * EPOLLOUT | EPOLLWRNORM otherwise.
- */
- static __poll_t tomoyo_poll(struct file *file, poll_table *wait)
- {
- return tomoyo_poll_control(file, wait);
- }
- /**
- * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface.
- *
- * @file: Pointer to "struct file".
- * @buf: Pointer to buffer.
- * @count: Size of @buf.
- * @ppos: Unused.
- *
- * Returns bytes read on success, negative value otherwise.
- */
- static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count,
- loff_t *ppos)
- {
- return tomoyo_read_control(file->private_data, buf, count);
- }
- /**
- * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface.
- *
- * @file: Pointer to "struct file".
- * @buf: Pointer to buffer.
- * @count: Size of @buf.
- * @ppos: Unused.
- *
- * Returns @count on success, negative value otherwise.
- */
- static ssize_t tomoyo_write(struct file *file, const char __user *buf,
- size_t count, loff_t *ppos)
- {
- return tomoyo_write_control(file->private_data, buf, count);
- }
- /*
- * tomoyo_operations is a "struct file_operations" which is used for handling
- * /sys/kernel/security/tomoyo/ interface.
- *
- * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR).
- * See tomoyo_io_buffer for internals.
- */
- static const struct file_operations tomoyo_operations = {
- .open = tomoyo_open,
- .release = tomoyo_release,
- .poll = tomoyo_poll,
- .read = tomoyo_read,
- .write = tomoyo_write,
- .llseek = noop_llseek,
- };
- /**
- * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory.
- *
- * @name: The name of the interface file.
- * @mode: The permission of the interface file.
- * @parent: The parent directory.
- * @key: Type of interface.
- *
- * Returns nothing.
- */
- static void __init tomoyo_create_entry(const char *name, const umode_t mode,
- struct dentry *parent, const u8 key)
- {
- securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
- &tomoyo_operations);
- }
- /**
- * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface.
- *
- * Returns 0.
- */
- static int __init tomoyo_initerface_init(void)
- {
- struct dentry *tomoyo_dir;
- /* Don't create securityfs entries unless registered. */
- if (current_cred()->security != &tomoyo_kernel_domain)
- return 0;
- tomoyo_dir = securityfs_create_dir("tomoyo", NULL);
- tomoyo_create_entry("query", 0600, tomoyo_dir,
- TOMOYO_QUERY);
- tomoyo_create_entry("domain_policy", 0600, tomoyo_dir,
- TOMOYO_DOMAINPOLICY);
- tomoyo_create_entry("exception_policy", 0600, tomoyo_dir,
- TOMOYO_EXCEPTIONPOLICY);
- tomoyo_create_entry("audit", 0400, tomoyo_dir,
- TOMOYO_AUDIT);
- tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
- TOMOYO_PROCESS_STATUS);
- tomoyo_create_entry("stat", 0644, tomoyo_dir,
- TOMOYO_STAT);
- tomoyo_create_entry("profile", 0600, tomoyo_dir,
- TOMOYO_PROFILE);
- tomoyo_create_entry("manager", 0600, tomoyo_dir,
- TOMOYO_MANAGER);
- tomoyo_create_entry("version", 0400, tomoyo_dir,
- TOMOYO_VERSION);
- securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL,
- &tomoyo_self_operations);
- tomoyo_load_builtin_policy();
- return 0;
- }
- fs_initcall(tomoyo_initerface_init);
|