2 * security/tomoyo/mount.c
4 * Copyright (C) 2005-2010 NTT DATA CORPORATION
7 #include <linux/slab.h>
10 /* Keywords for mount restrictions. */
12 /* Allow to call 'mount --bind /source_dir /dest_dir' */
13 #define TOMOYO_MOUNT_BIND_KEYWORD "--bind"
14 /* Allow to call 'mount --move /old_dir /new_dir ' */
15 #define TOMOYO_MOUNT_MOVE_KEYWORD "--move"
16 /* Allow to call 'mount -o remount /dir ' */
17 #define TOMOYO_MOUNT_REMOUNT_KEYWORD "--remount"
18 /* Allow to call 'mount --make-unbindable /dir' */
19 #define TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD "--make-unbindable"
20 /* Allow to call 'mount --make-private /dir' */
21 #define TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD "--make-private"
22 /* Allow to call 'mount --make-slave /dir' */
23 #define TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD "--make-slave"
24 /* Allow to call 'mount --make-shared /dir' */
25 #define TOMOYO_MOUNT_MAKE_SHARED_KEYWORD "--make-shared"
28 * tomoyo_mount_acl2 - Check permission for mount() operation.
30 * @r: Pointer to "struct tomoyo_request_info".
31 * @dev_name: Name of device file.
32 * @dir: Pointer to "struct path".
33 * @type: Name of filesystem type.
34 * @flags: Mount options.
36 * Returns 0 on success, negative value otherwise.
38 * Caller holds tomoyo_read_lock().
40 static int tomoyo_mount_acl2(struct tomoyo_request_info
*r
, char *dev_name
,
41 struct path
*dir
, char *type
, unsigned long flags
)
44 struct tomoyo_acl_info
*ptr
;
45 struct file_system_type
*fstype
= NULL
;
46 const char *requested_type
= NULL
;
47 const char *requested_dir_name
= NULL
;
48 const char *requested_dev_name
= NULL
;
49 struct tomoyo_path_info rtype
;
50 struct tomoyo_path_info rdev
;
51 struct tomoyo_path_info rdir
;
56 requested_type
= tomoyo_encode(type
);
59 rtype
.name
= requested_type
;
60 tomoyo_fill_path_info(&rtype
);
62 /* Get mount point. */
63 requested_dir_name
= tomoyo_realpath_from_path(dir
);
64 if (!requested_dir_name
) {
68 rdir
.name
= requested_dir_name
;
69 tomoyo_fill_path_info(&rdir
);
71 /* Compare fs name. */
72 if (!strcmp(type
, TOMOYO_MOUNT_REMOUNT_KEYWORD
)) {
73 /* dev_name is ignored. */
74 } else if (!strcmp(type
, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD
) ||
75 !strcmp(type
, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD
) ||
76 !strcmp(type
, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD
) ||
77 !strcmp(type
, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD
)) {
78 /* dev_name is ignored. */
79 } else if (!strcmp(type
, TOMOYO_MOUNT_BIND_KEYWORD
) ||
80 !strcmp(type
, TOMOYO_MOUNT_MOVE_KEYWORD
)) {
81 need_dev
= -1; /* dev_name is a directory */
83 fstype
= get_fs_type(type
);
88 if (fstype
->fs_flags
& FS_REQUIRES_DEV
)
89 /* dev_name is a block device file. */
93 /* Get mount point or device file. */
94 if (kern_path(dev_name
, LOOKUP_FOLLOW
, &path
)) {
98 requested_dev_name
= tomoyo_realpath_from_path(&path
);
99 if (!requested_dev_name
) {
104 /* Map dev_name to "<NULL>" if no dev_name given. */
107 requested_dev_name
= tomoyo_encode(dev_name
);
108 if (!requested_dev_name
) {
113 rdev
.name
= requested_dev_name
;
114 tomoyo_fill_path_info(&rdev
);
115 list_for_each_entry_rcu(ptr
, &r
->domain
->acl_info_list
, list
) {
116 struct tomoyo_mount_acl
*acl
;
117 if (ptr
->is_deleted
|| ptr
->type
!= TOMOYO_TYPE_MOUNT_ACL
)
119 acl
= container_of(ptr
, struct tomoyo_mount_acl
, head
);
120 if (!tomoyo_compare_number_union(flags
, &acl
->flags
) ||
121 !tomoyo_compare_name_union(&rtype
, &acl
->fs_type
) ||
122 !tomoyo_compare_name_union(&rdir
, &acl
->dir_name
) ||
124 !tomoyo_compare_name_union(&rdev
, &acl
->dev_name
)))
130 error
= tomoyo_supervisor(r
, TOMOYO_KEYWORD_ALLOW_MOUNT
132 tomoyo_file_pattern(&rdev
),
133 tomoyo_file_pattern(&rdir
),
134 requested_type
, flags
);
136 kfree(requested_dev_name
);
137 kfree(requested_dir_name
);
139 put_filesystem(fstype
);
140 kfree(requested_type
);
145 * tomoyo_mount_acl - Check permission for mount() operation.
147 * @r: Pointer to "struct tomoyo_request_info".
148 * @dev_name: Name of device file.
149 * @dir: Pointer to "struct path".
150 * @type: Name of filesystem type.
151 * @flags: Mount options.
153 * Returns 0 on success, negative value otherwise.
155 * Caller holds tomoyo_read_lock().
157 static int tomoyo_mount_acl(struct tomoyo_request_info
*r
, char *dev_name
,
158 struct path
*dir
, char *type
, unsigned long flags
)
162 if ((flags
& MS_MGC_MSK
) == MS_MGC_VAL
)
163 flags
&= ~MS_MGC_MSK
;
164 switch (flags
& (MS_REMOUNT
| MS_MOVE
| MS_BIND
)) {
171 printk(KERN_WARNING
"ERROR: "
172 "%s%s%sare given for single mount operation.\n",
173 flags
& MS_REMOUNT
? "'remount' " : "",
174 flags
& MS_MOVE
? "'move' " : "",
175 flags
& MS_BIND
? "'bind' " : "");
178 switch (flags
& (MS_UNBINDABLE
| MS_PRIVATE
| MS_SLAVE
| MS_SHARED
)) {
186 printk(KERN_WARNING
"ERROR: "
187 "%s%s%s%sare given for single mount operation.\n",
188 flags
& MS_UNBINDABLE
? "'unbindable' " : "",
189 flags
& MS_PRIVATE
? "'private' " : "",
190 flags
& MS_SLAVE
? "'slave' " : "",
191 flags
& MS_SHARED
? "'shared' " : "");
194 if (flags
& MS_REMOUNT
)
195 error
= tomoyo_mount_acl(r
, dev_name
, dir
,
196 TOMOYO_MOUNT_REMOUNT_KEYWORD
,
197 flags
& ~MS_REMOUNT
);
198 else if (flags
& MS_MOVE
)
199 error
= tomoyo_mount_acl(r
, dev_name
, dir
,
200 TOMOYO_MOUNT_MOVE_KEYWORD
,
202 else if (flags
& MS_BIND
)
203 error
= tomoyo_mount_acl(r
, dev_name
, dir
,
204 TOMOYO_MOUNT_BIND_KEYWORD
,
206 else if (flags
& MS_UNBINDABLE
)
207 error
= tomoyo_mount_acl(r
, dev_name
, dir
,
208 TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD
,
209 flags
& ~MS_UNBINDABLE
);
210 else if (flags
& MS_PRIVATE
)
211 error
= tomoyo_mount_acl(r
, dev_name
, dir
,
212 TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD
,
213 flags
& ~MS_PRIVATE
);
214 else if (flags
& MS_SLAVE
)
215 error
= tomoyo_mount_acl(r
, dev_name
, dir
,
216 TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD
,
218 else if (flags
& MS_SHARED
)
219 error
= tomoyo_mount_acl(r
, dev_name
, dir
,
220 TOMOYO_MOUNT_MAKE_SHARED_KEYWORD
,
224 error
= tomoyo_mount_acl2(r
, dev_name
, dir
, type
,
226 } while (error
== TOMOYO_RETRY_REQUEST
);
227 if (r
->mode
!= TOMOYO_CONFIG_ENFORCING
)
233 * tomoyo_mount_permission - Check permission for mount() operation.
235 * @dev_name: Name of device file.
236 * @path: Pointer to "struct path".
237 * @type: Name of filesystem type. May be NULL.
238 * @flags: Mount options.
239 * @data_page: Optional data. May be NULL.
241 * Returns 0 on success, negative value otherwise.
243 int tomoyo_mount_permission(char *dev_name
, struct path
*path
, char *type
,
244 unsigned long flags
, void *data_page
)
246 struct tomoyo_request_info r
;
250 if (tomoyo_init_request_info(&r
, NULL
, TOMOYO_MAC_FILE_MOUNT
)
251 == TOMOYO_CONFIG_DISABLED
)
255 idx
= tomoyo_read_lock();
256 error
= tomoyo_mount_acl(&r
, dev_name
, path
, type
, flags
);
257 tomoyo_read_unlock(idx
);
261 static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info
*a
,
262 const struct tomoyo_acl_info
*b
)
264 const struct tomoyo_mount_acl
*p1
= container_of(a
, typeof(*p1
), head
);
265 const struct tomoyo_mount_acl
*p2
= container_of(b
, typeof(*p2
), head
);
266 return tomoyo_is_same_acl_head(&p1
->head
, &p2
->head
) &&
267 tomoyo_is_same_name_union(&p1
->dev_name
, &p2
->dev_name
) &&
268 tomoyo_is_same_name_union(&p1
->dir_name
, &p2
->dir_name
) &&
269 tomoyo_is_same_name_union(&p1
->fs_type
, &p2
->fs_type
) &&
270 tomoyo_is_same_number_union(&p1
->flags
, &p2
->flags
);
274 * tomoyo_write_mount_policy - Write "struct tomoyo_mount_acl" list.
276 * @data: String to parse.
277 * @domain: Pointer to "struct tomoyo_domain_info".
278 * @is_delete: True if it is a delete request.
280 * Returns 0 on success, negative value otherwise.
282 * Caller holds tomoyo_read_lock().
284 int tomoyo_write_mount_policy(char *data
, struct tomoyo_domain_info
*domain
,
285 const bool is_delete
)
287 struct tomoyo_mount_acl e
= { .head
.type
= TOMOYO_TYPE_MOUNT_ACL
};
288 int error
= is_delete
? -ENOENT
: -ENOMEM
;
290 if (!tomoyo_tokenize(data
, w
, sizeof(w
)) || !w
[3][0])
292 if (!tomoyo_parse_name_union(w
[0], &e
.dev_name
) ||
293 !tomoyo_parse_name_union(w
[1], &e
.dir_name
) ||
294 !tomoyo_parse_name_union(w
[2], &e
.fs_type
) ||
295 !tomoyo_parse_number_union(w
[3], &e
.flags
))
297 error
= tomoyo_update_domain(&e
.head
, sizeof(e
), is_delete
, domain
,
298 tomoyo_same_mount_acl
, NULL
);
300 tomoyo_put_name_union(&e
.dev_name
);
301 tomoyo_put_name_union(&e
.dir_name
);
302 tomoyo_put_name_union(&e
.fs_type
);
303 tomoyo_put_number_union(&e
.flags
);