search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
TOMOYO: Use callback for updating entries.
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / security / tomoyo / mount.c
blobc170b41c3833304064ecabda1aee45b4c01c7fbd
1 /*
2 * security/tomoyo/mount.c
3 *
4 * Copyright (C) 2005-2010 NTT DATA CORPORATION
5 */
6
7 #include <linux/slab.h>
8 #include "common.h"
9
10 /* Keywords for mount restrictions. */
11
12 /* Allow to call 'mount --bind /source_dir /dest_dir' */
13 #define TOMOYO_MOUNT_BIND_KEYWORD "--bind"
14 /* Allow to call 'mount --move /old_dir /new_dir ' */
15 #define TOMOYO_MOUNT_MOVE_KEYWORD "--move"
16 /* Allow to call 'mount -o remount /dir ' */
17 #define TOMOYO_MOUNT_REMOUNT_KEYWORD "--remount"
18 /* Allow to call 'mount --make-unbindable /dir' */
19 #define TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD "--make-unbindable"
20 /* Allow to call 'mount --make-private /dir' */
21 #define TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD "--make-private"
22 /* Allow to call 'mount --make-slave /dir' */
23 #define TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD "--make-slave"
24 /* Allow to call 'mount --make-shared /dir' */
25 #define TOMOYO_MOUNT_MAKE_SHARED_KEYWORD "--make-shared"
26
27 /**
28 * tomoyo_mount_acl2 - Check permission for mount() operation.
29 *
30 * @r: Pointer to "struct tomoyo_request_info".
31 * @dev_name: Name of device file.
32 * @dir: Pointer to "struct path".
33 * @type: Name of filesystem type.
34 * @flags: Mount options.
35 *
36 * Returns 0 on success, negative value otherwise.
37 *
38 * Caller holds tomoyo_read_lock().
39 */
40 static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name,
41 struct path *dir, char *type, unsigned long flags)
42 {
43 struct path path;
44 struct tomoyo_acl_info *ptr;
45 struct file_system_type *fstype = NULL;
46 const char *requested_type = NULL;
47 const char *requested_dir_name = NULL;
48 const char *requested_dev_name = NULL;
49 struct tomoyo_path_info rtype;
50 struct tomoyo_path_info rdev;
51 struct tomoyo_path_info rdir;
52 int need_dev = 0;
53 int error = -ENOMEM;
54
55 /* Get fstype. */
56 requested_type = tomoyo_encode(type);
57 if (!requested_type)
58 goto out;
59 rtype.name = requested_type;
60 tomoyo_fill_path_info(&rtype);
61
62 /* Get mount point. */
63 requested_dir_name = tomoyo_realpath_from_path(dir);
64 if (!requested_dir_name) {
65 error = -ENOMEM;
66 goto out;
67 }
68 rdir.name = requested_dir_name;
69 tomoyo_fill_path_info(&rdir);
70
71 /* Compare fs name. */
72 if (!strcmp(type, TOMOYO_MOUNT_REMOUNT_KEYWORD)) {
73 /* dev_name is ignored. */
74 } else if (!strcmp(type, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD) ||
75 !strcmp(type, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD) ||
76 !strcmp(type, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD) ||
77 !strcmp(type, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD)) {
78 /* dev_name is ignored. */
79 } else if (!strcmp(type, TOMOYO_MOUNT_BIND_KEYWORD) ||
80 !strcmp(type, TOMOYO_MOUNT_MOVE_KEYWORD)) {
81 need_dev = -1; /* dev_name is a directory */
82 } else {
83 fstype = get_fs_type(type);
84 if (!fstype) {
85 error = -ENODEV;
86 goto out;
87 }
88 if (fstype->fs_flags & FS_REQUIRES_DEV)
89 /* dev_name is a block device file. */
90 need_dev = 1;
91 }
92 if (need_dev) {
93 /* Get mount point or device file. */
94 if (kern_path(dev_name, LOOKUP_FOLLOW, &path)) {
95 error = -ENOENT;
96 goto out;
97 }
98 requested_dev_name = tomoyo_realpath_from_path(&path);
99 if (!requested_dev_name) {
100 error = -ENOENT;
101 goto out;
102 }
103 } else {
104 /* Map dev_name to "<NULL>" if no dev_name given. */
105 if (!dev_name)
106 dev_name = "<NULL>";
107 requested_dev_name = tomoyo_encode(dev_name);
108 if (!requested_dev_name) {
109 error = -ENOMEM;
110 goto out;
111 }
112 }
113 rdev.name = requested_dev_name;
114 tomoyo_fill_path_info(&rdev);
115 list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) {
116 struct tomoyo_mount_acl *acl;
117 if (ptr->is_deleted || ptr->type != TOMOYO_TYPE_MOUNT_ACL)
118 continue;
119 acl = container_of(ptr, struct tomoyo_mount_acl, head);
120 if (!tomoyo_compare_number_union(flags, &acl->flags) ||
121 !tomoyo_compare_name_union(&rtype, &acl->fs_type) ||
122 !tomoyo_compare_name_union(&rdir, &acl->dir_name) ||
123 (need_dev &&
124 !tomoyo_compare_name_union(&rdev, &acl->dev_name)))
125 continue;
126 error = 0;
127 break;
128 }
129 if (error)
130 error = tomoyo_supervisor(r, TOMOYO_KEYWORD_ALLOW_MOUNT
131 "%s %s %s 0x%lX\n",
132 tomoyo_file_pattern(&rdev),
133 tomoyo_file_pattern(&rdir),
134 requested_type, flags);
135 out:
136 kfree(requested_dev_name);
137 kfree(requested_dir_name);
138 if (fstype)
139 put_filesystem(fstype);
140 kfree(requested_type);
141 return error;
142 }
143
144 /**
145 * tomoyo_mount_acl - Check permission for mount() operation.
146 *
147 * @r: Pointer to "struct tomoyo_request_info".
148 * @dev_name: Name of device file.
149 * @dir: Pointer to "struct path".
150 * @type: Name of filesystem type.
151 * @flags: Mount options.
152 *
153 * Returns 0 on success, negative value otherwise.
154 *
155 * Caller holds tomoyo_read_lock().
156 */
157 static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
158 struct path *dir, char *type, unsigned long flags)
159 {
160 int error;
161 error = -EPERM;
162 if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
163 flags &= ~MS_MGC_MSK;
164 switch (flags & (MS_REMOUNT | MS_MOVE | MS_BIND)) {
165 case MS_REMOUNT:
166 case MS_MOVE:
167 case MS_BIND:
168 case 0:
169 break;
170 default:
171 printk(KERN_WARNING "ERROR: "
172 "%s%s%sare given for single mount operation.\n",
173 flags & MS_REMOUNT ? "'remount' " : "",
174 flags & MS_MOVE ? "'move' " : "",
175 flags & MS_BIND ? "'bind' " : "");
176 return -EINVAL;
177 }
178 switch (flags & (MS_UNBINDABLE | MS_PRIVATE | MS_SLAVE | MS_SHARED)) {
179 case MS_UNBINDABLE:
180 case MS_PRIVATE:
181 case MS_SLAVE:
182 case MS_SHARED:
183 case 0:
184 break;
185 default:
186 printk(KERN_WARNING "ERROR: "
187 "%s%s%s%sare given for single mount operation.\n",
188 flags & MS_UNBINDABLE ? "'unbindable' " : "",
189 flags & MS_PRIVATE ? "'private' " : "",
190 flags & MS_SLAVE ? "'slave' " : "",
191 flags & MS_SHARED ? "'shared' " : "");
192 return -EINVAL;
193 }
194 if (flags & MS_REMOUNT)
195 error = tomoyo_mount_acl(r, dev_name, dir,
196 TOMOYO_MOUNT_REMOUNT_KEYWORD,
197 flags & ~MS_REMOUNT);
198 else if (flags & MS_MOVE)
199 error = tomoyo_mount_acl(r, dev_name, dir,
200 TOMOYO_MOUNT_MOVE_KEYWORD,
201 flags & ~MS_MOVE);
202 else if (flags & MS_BIND)
203 error = tomoyo_mount_acl(r, dev_name, dir,
204 TOMOYO_MOUNT_BIND_KEYWORD,
205 flags & ~MS_BIND);
206 else if (flags & MS_UNBINDABLE)
207 error = tomoyo_mount_acl(r, dev_name, dir,
208 TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD,
209 flags & ~MS_UNBINDABLE);
210 else if (flags & MS_PRIVATE)
211 error = tomoyo_mount_acl(r, dev_name, dir,
212 TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD,
213 flags & ~MS_PRIVATE);
214 else if (flags & MS_SLAVE)
215 error = tomoyo_mount_acl(r, dev_name, dir,
216 TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD,
217 flags & ~MS_SLAVE);
218 else if (flags & MS_SHARED)
219 error = tomoyo_mount_acl(r, dev_name, dir,
220 TOMOYO_MOUNT_MAKE_SHARED_KEYWORD,
221 flags & ~MS_SHARED);
222 else
223 do {
224 error = tomoyo_mount_acl2(r, dev_name, dir, type,
225 flags);
226 } while (error == TOMOYO_RETRY_REQUEST);
227 if (r->mode != TOMOYO_CONFIG_ENFORCING)
228 error = 0;
229 return error;
230 }
231
232 /**
233 * tomoyo_mount_permission - Check permission for mount() operation.
234 *
235 * @dev_name: Name of device file.
236 * @path: Pointer to "struct path".
237 * @type: Name of filesystem type. May be NULL.
238 * @flags: Mount options.
239 * @data_page: Optional data. May be NULL.
240 *
241 * Returns 0 on success, negative value otherwise.
242 */
243 int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
244 unsigned long flags, void *data_page)
245 {
246 struct tomoyo_request_info r;
247 int error;
248 int idx;
249
250 if (tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_MOUNT)
251 == TOMOYO_CONFIG_DISABLED)
252 return 0;
253 if (!type)
254 type = "<NULL>";
255 idx = tomoyo_read_lock();
256 error = tomoyo_mount_acl(&r, dev_name, path, type, flags);
257 tomoyo_read_unlock(idx);
258 return error;
259 }
260
261 static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a,
262 const struct tomoyo_acl_info *b)
263 {
264 const struct tomoyo_mount_acl *p1 = container_of(a, typeof(*p1), head);
265 const struct tomoyo_mount_acl *p2 = container_of(b, typeof(*p2), head);
266 return tomoyo_is_same_acl_head(&p1->head, &p2->head) &&
267 tomoyo_is_same_name_union(&p1->dev_name, &p2->dev_name) &&
268 tomoyo_is_same_name_union(&p1->dir_name, &p2->dir_name) &&
269 tomoyo_is_same_name_union(&p1->fs_type, &p2->fs_type) &&
270 tomoyo_is_same_number_union(&p1->flags, &p2->flags);
271 }
272
273 /**
274 * tomoyo_write_mount_policy - Write "struct tomoyo_mount_acl" list.
275 *
276 * @data: String to parse.
277 * @domain: Pointer to "struct tomoyo_domain_info".
278 * @is_delete: True if it is a delete request.
279 *
280 * Returns 0 on success, negative value otherwise.
281 *
282 * Caller holds tomoyo_read_lock().
283 */
284 int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain,
285 const bool is_delete)
286 {
287 struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL };
288 int error = is_delete ? -ENOENT : -ENOMEM;
289 char *w[4];
290 if (!tomoyo_tokenize(data, w, sizeof(w)) || !w[3][0])
291 return -EINVAL;
292 if (!tomoyo_parse_name_union(w[0], &e.dev_name) ||
293 !tomoyo_parse_name_union(w[1], &e.dir_name) ||
294 !tomoyo_parse_name_union(w[2], &e.fs_type) ||
295 !tomoyo_parse_number_union(w[3], &e.flags))
296 goto out;
297 error = tomoyo_update_domain(&e.head, sizeof(e), is_delete, domain,
298 tomoyo_same_mount_acl, NULL);
299 out:
300 tomoyo_put_name_union(&e.dev_name);
301 tomoyo_put_name_union(&e.dir_name);
302 tomoyo_put_name_union(&e.fs_type);
303 tomoyo_put_number_union(&e.flags);
304 return error;
305 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree