security/tomoyo/tomoyo.c

   1 /*
   2  * security/tomoyo/tomoyo.c
   3  *
   4  * Copyright (C) 2005-2011  NTT DATA CORPORATION
   5  */
   6
   7 #include <linux/security.h>
   8 #include "common.h"
   9
  10 /**
  11  * tomoyo_cred_alloc_blank - Target for security_cred_alloc_blank().
  12  *
  13  * @new: Pointer to "struct cred".
  14  * @gfp: Memory allocation flags.
  15  *
  16  * Returns 0.
  17  */
  18 static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
  19 {
  20         new->security = NULL;
  21         return 0;
  22 }
  23
  24 /**
  25  * tomoyo_cred_prepare - Target for security_prepare_creds().
  26  *
  27  * @new: Pointer to "struct cred".
  28  * @old: Pointer to "struct cred".
  29  * @gfp: Memory allocation flags.
  30  *
  31  * Returns 0.
  32  */
  33 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
  34                                gfp_t gfp)
  35 {
  36         struct tomoyo_domain_info *domain = old->security;
  37         new->security = domain;
  38         if (domain)
  39                 atomic_inc(&domain->users);
  40         return 0;
  41 }
  42
  43 /**
  44  * tomoyo_cred_transfer - Target for security_transfer_creds().
  45  *
  46  * @new: Pointer to "struct cred".
  47  * @old: Pointer to "struct cred".
  48  */
  49 static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
  50 {
  51         tomoyo_cred_prepare(new, old, 0);
  52 }
  53
  54 /**
  55  * tomoyo_cred_free - Target for security_cred_free().
  56  *
  57  * @cred: Pointer to "struct cred".
  58  */
  59 static void tomoyo_cred_free(struct cred *cred)
  60 {
  61         struct tomoyo_domain_info *domain = cred->security;
  62         if (domain)
  63                 atomic_dec(&domain->users);
  64 }
  65
  66 /**
  67  * tomoyo_bprm_set_creds - Target for security_bprm_set_creds().
  68  *
  69  * @bprm: Pointer to "struct linux_binprm".
  70  *
  71  * Returns 0 on success, negative value otherwise.
  72  */
  73 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
  74 {
  75         int rc;
  76
  77         rc = cap_bprm_set_creds(bprm);
  78         if (rc)
  79                 return rc;
  80
  81         /*
  82          * Do only if this function is called for the first time of an execve
  83          * operation.
  84          */
  85         if (bprm->cred_prepared)
  86                 return 0;
  87 #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
  88         /*
  89          * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
  90          * for the first time.
  91          */
  92         if (!tomoyo_policy_loaded)
  93                 tomoyo_load_policy(bprm->filename);
  94 #endif
  95         /*
  96          * Release reference to "struct tomoyo_domain_info" stored inside
  97          * "bprm->cred->security". New reference to "struct tomoyo_domain_info"
  98          * stored inside "bprm->cred->security" will be acquired later inside
  99          * tomoyo_find_next_domain().
 100          */
 101         atomic_dec(&((struct tomoyo_domain_info *)
 102                      bprm->cred->security)->users);
 103         /*
 104          * Tell tomoyo_bprm_check_security() is called for the first time of an
 105          * execve operation.
 106          */
 107         bprm->cred->security = NULL;
 108         return 0;
 109 }
 110
 111 /**
 112  * tomoyo_bprm_check_security - Target for security_bprm_check().
 113  *
 114  * @bprm: Pointer to "struct linux_binprm".
 115  *
 116  * Returns 0 on success, negative value otherwise.
 117  */
 118 static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
 119 {
 120         struct tomoyo_domain_info *domain = bprm->cred->security;
 121
 122         /*
 123          * Execute permission is checked against pathname passed to do_execve()
 124          * using current domain.
 125          */
 126         if (!domain) {
 127                 const int idx = tomoyo_read_lock();
 128                 const int err = tomoyo_find_next_domain(bprm);
 129                 tomoyo_read_unlock(idx);
 130                 return err;
 131         }
 132         /*
 133          * Read permission is checked against interpreters using next domain.
 134          */
 135         return tomoyo_check_open_permission(domain, &bprm->file->f_path,
 136                                             O_RDONLY);
 137 }
 138
 139 /**
 140  * tomoyo_inode_getattr - Target for security_inode_getattr().
 141  *
 142  * @mnt:    Pointer to "struct vfsmount".
 143  * @dentry: Pointer to "struct dentry".
 144  *
 145  * Returns 0 on success, negative value otherwise.
 146  */
 147 static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
 148 {
 149         struct path path = { mnt, dentry };
 150         return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL);
 151 }
 152
 153 /**
 154  * tomoyo_path_truncate - Target for security_path_truncate().
 155  *
 156  * @path: Pointer to "struct path".
 157  *
 158  * Returns 0 on success, negative value otherwise.
 159  */
 160 static int tomoyo_path_truncate(struct path *path)
 161 {
 162         return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
 163 }
 164
 165 /**
 166  * tomoyo_path_unlink - Target for security_path_unlink().
 167  *
 168  * @parent: Pointer to "struct path".
 169  * @dentry: Pointer to "struct dentry".
 170  *
 171  * Returns 0 on success, negative value otherwise.
 172  */
 173 static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
 174 {
 175         struct path path = { parent->mnt, dentry };
 176         return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
 177 }
 178
 179 /**
 180  * tomoyo_path_mkdir - Target for security_path_mkdir().
 181  *
 182  * @parent: Pointer to "struct path".
 183  * @dentry: Pointer to "struct dentry".
 184  * @mode:   DAC permission mode.
 185  *
 186  * Returns 0 on success, negative value otherwise.
 187  */
 188 static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
 189                              int mode)
 190 {
 191         struct path path = { parent->mnt, dentry };
 192         return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
 193                                        mode & S_IALLUGO);
 194 }
 195
 196 /**
 197  * tomoyo_path_rmdir - Target for security_path_rmdir().
 198  *
 199  * @parent: Pointer to "struct path".
 200  * @dentry: Pointer to "struct dentry".
 201  *
 202  * Returns 0 on success, negative value otherwise.
 203  */
 204 static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
 205 {
 206         struct path path = { parent->mnt, dentry };
 207         return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
 208 }
 209
 210 /**
 211  * tomoyo_path_symlink - Target for security_path_symlink().
 212  *
 213  * @parent:   Pointer to "struct path".
 214  * @dentry:   Pointer to "struct dentry".
 215  * @old_name: Symlink's content.
 216  *
 217  * Returns 0 on success, negative value otherwise.
 218  */
 219 static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
 220                                const char *old_name)
 221 {
 222         struct path path = { parent->mnt, dentry };
 223         return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
 224 }
 225
 226 /**
 227  * tomoyo_path_mknod - Target for security_path_mknod().
 228  *
 229  * @parent: Pointer to "struct path".
 230  * @dentry: Pointer to "struct dentry".
 231  * @mode:   DAC permission mode.
 232  * @dev:    Device attributes.
 233  *
 234  * Returns 0 on success, negative value otherwise.
 235  */
 236 static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
 237                              int mode, unsigned int dev)
 238 {
 239         struct path path = { parent->mnt, dentry };
 240         int type = TOMOYO_TYPE_CREATE;
 241         const unsigned int perm = mode & S_IALLUGO;
 242
 243         switch (mode & S_IFMT) {
 244         case S_IFCHR:
 245                 type = TOMOYO_TYPE_MKCHAR;
 246                 break;
 247         case S_IFBLK:
 248                 type = TOMOYO_TYPE_MKBLOCK;
 249                 break;
 250         default:
 251                 goto no_dev;
 252         }
 253         return tomoyo_mkdev_perm(type, &path, perm, dev);
 254  no_dev:
 255         switch (mode & S_IFMT) {
 256         case S_IFIFO:
 257                 type = TOMOYO_TYPE_MKFIFO;
 258                 break;
 259         case S_IFSOCK:
 260                 type = TOMOYO_TYPE_MKSOCK;
 261                 break;
 262         }
 263         return tomoyo_path_number_perm(type, &path, perm);
 264 }
 265
 266 /**
 267  * tomoyo_path_link - Target for security_path_link().
 268  *
 269  * @old_dentry: Pointer to "struct dentry".
 270  * @new_dir:    Pointer to "struct path".
 271  * @new_dentry: Pointer to "struct dentry".
 272  *
 273  * Returns 0 on success, negative value otherwise.
 274  */
 275 static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
 276                             struct dentry *new_dentry)
 277 {
 278         struct path path1 = { new_dir->mnt, old_dentry };
 279         struct path path2 = { new_dir->mnt, new_dentry };
 280         return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
 281 }
 282
 283 /**
 284  * tomoyo_path_rename - Target for security_path_rename().
 285  *
 286  * @old_parent: Pointer to "struct path".
 287  * @old_dentry: Pointer to "struct dentry".
 288  * @new_parent: Pointer to "struct path".
 289  * @new_dentry: Pointer to "struct dentry".
 290  *
 291  * Returns 0 on success, negative value otherwise.
 292  */
 293 static int tomoyo_path_rename(struct path *old_parent,
 294                               struct dentry *old_dentry,
 295                               struct path *new_parent,
 296                               struct dentry *new_dentry)
 297 {
 298         struct path path1 = { old_parent->mnt, old_dentry };
 299         struct path path2 = { new_parent->mnt, new_dentry };
 300         return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
 301 }
 302
 303 /**
 304  * tomoyo_file_fcntl - Target for security_file_fcntl().
 305  *
 306  * @file: Pointer to "struct file".
 307  * @cmd:  Command for fcntl().
 308  * @arg:  Argument for @cmd.
 309  *
 310  * Returns 0 on success, negative value otherwise.
 311  */
 312 static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
 313                              unsigned long arg)
 314 {
 315         if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
 316                 return 0;
 317         return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
 318                                             O_WRONLY | (arg & O_APPEND));
 319 }
 320
 321 /**
 322  * tomoyo_dentry_open - Target for security_dentry_open().
 323  *
 324  * @f:    Pointer to "struct file".
 325  * @cred: Pointer to "struct cred".
 326  *
 327  * Returns 0 on success, negative value otherwise.
 328  */
 329 static int tomoyo_dentry_open(struct file *f, const struct cred *cred)
 330 {
 331         int flags = f->f_flags;
 332         /* Don't check read permission here if called from do_execve(). */
 333         if (current->in_execve)
 334                 return 0;
 335         return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
 336 }
 337
 338 /**
 339  * tomoyo_file_ioctl - Target for security_file_ioctl().
 340  *
 341  * @file: Pointer to "struct file".
 342  * @cmd:  Command for ioctl().
 343  * @arg:  Argument for @cmd.
 344  *
 345  * Returns 0 on success, negative value otherwise.
 346  */
 347 static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
 348                              unsigned long arg)
 349 {
 350         return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
 351 }
 352
 353 /**
 354  * tomoyo_path_chmod - Target for security_path_chmod().
 355  *
 356  * @dentry: Pointer to "struct dentry".
 357  * @mnt:    Pointer to "struct vfsmount".
 358  * @mode:   DAC permission mode.
 359  *
 360  * Returns 0 on success, negative value otherwise.
 361  */
 362 static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
 363                              mode_t mode)
 364 {
 365         struct path path = { mnt, dentry };
 366         return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, &path,
 367                                        mode & S_IALLUGO);
 368 }
 369
 370 /**
 371  * tomoyo_path_chown - Target for security_path_chown().
 372  *
 373  * @path: Pointer to "struct path".
 374  * @uid:  Owner ID.
 375  * @gid:  Group ID.
 376  *
 377  * Returns 0 on success, negative value otherwise.
 378  */
 379 static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
 380 {
 381         int error = 0;
 382         if (uid != (uid_t) -1)
 383                 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, uid);
 384         if (!error && gid != (gid_t) -1)
 385                 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, gid);
 386         return error;
 387 }
 388
 389 /**
 390  * tomoyo_path_chroot - Target for security_path_chroot().
 391  *
 392  * @path: Pointer to "struct path".
 393  *
 394  * Returns 0 on success, negative value otherwise.
 395  */
 396 static int tomoyo_path_chroot(struct path *path)
 397 {
 398         return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
 399 }
 400
 401 /**
 402  * tomoyo_sb_mount - Target for security_sb_mount().
 403  *
 404  * @dev_name: Name of device file. Maybe NULL.
 405  * @path:     Pointer to "struct path".
 406  * @type:     Name of filesystem type. Maybe NULL.
 407  * @flags:    Mount options.
 408  * @data:     Optional data. Maybe NULL.
 409  *
 410  * Returns 0 on success, negative value otherwise.
 411  */
 412 static int tomoyo_sb_mount(char *dev_name, struct path *path,
 413                            char *type, unsigned long flags, void *data)
 414 {
 415         return tomoyo_mount_permission(dev_name, path, type, flags, data);
 416 }
 417
 418 /**
 419  * tomoyo_sb_umount - Target for security_sb_umount().
 420  *
 421  * @mnt:   Pointer to "struct vfsmount".
 422  * @flags: Unmount options.
 423  *
 424  * Returns 0 on success, negative value otherwise.
 425  */
 426 static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
 427 {
 428         struct path path = { mnt, mnt->mnt_root };
 429         return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
 430 }
 431
 432 /**
 433  * tomoyo_sb_pivotroot - Target for security_sb_pivotroot().
 434  *
 435  * @old_path: Pointer to "struct path".
 436  * @new_path: Pointer to "struct path".
 437  *
 438  * Returns 0 on success, negative value otherwise.
 439  */
 440 static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
 441 {
 442         return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
 443 }
 444
 445 /**
 446  * tomoyo_socket_listen - Check permission for listen().
 447  *
 448  * @sock:    Pointer to "struct socket".
 449  * @backlog: Backlog parameter.
 450  *
 451  * Returns 0 on success, negative value otherwise.
 452  */
 453 static int tomoyo_socket_listen(struct socket *sock, int backlog)
 454 {
 455         return tomoyo_socket_listen_permission(sock);
 456 }
 457
 458 /**
 459  * tomoyo_socket_connect - Check permission for connect().
 460  *
 461  * @sock:     Pointer to "struct socket".
 462  * @addr:     Pointer to "struct sockaddr".
 463  * @addr_len: Size of @addr.
 464  *
 465  * Returns 0 on success, negative value otherwise.
 466  */
 467 static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr,
 468                                  int addr_len)
 469 {
 470         return tomoyo_socket_connect_permission(sock, addr, addr_len);
 471 }
 472
 473 /**
 474  * tomoyo_socket_bind - Check permission for bind().
 475  *
 476  * @sock:     Pointer to "struct socket".
 477  * @addr:     Pointer to "struct sockaddr".
 478  * @addr_len: Size of @addr.
 479  *
 480  * Returns 0 on success, negative value otherwise.
 481  */
 482 static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr,
 483                               int addr_len)
 484 {
 485         return tomoyo_socket_bind_permission(sock, addr, addr_len);
 486 }
 487
 488 /**
 489  * tomoyo_socket_sendmsg - Check permission for sendmsg().
 490  *
 491  * @sock: Pointer to "struct socket".
 492  * @msg:  Pointer to "struct msghdr".
 493  * @size: Size of message.
 494  *
 495  * Returns 0 on success, negative value otherwise.
 496  */
 497 static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
 498                                  int size)
 499 {
 500         return tomoyo_socket_sendmsg_permission(sock, msg, size);
 501 }
 502
 503 /*
 504  * tomoyo_security_ops is a "struct security_operations" which is used for
 505  * registering TOMOYO.
 506  */
 507 static struct security_operations tomoyo_security_ops = {
 508         .name                = "tomoyo",
 509         .cred_alloc_blank    = tomoyo_cred_alloc_blank,
 510         .cred_prepare        = tomoyo_cred_prepare,
 511         .cred_transfer       = tomoyo_cred_transfer,
 512         .cred_free           = tomoyo_cred_free,
 513         .bprm_set_creds      = tomoyo_bprm_set_creds,
 514         .bprm_check_security = tomoyo_bprm_check_security,
 515         .file_fcntl          = tomoyo_file_fcntl,
 516         .dentry_open         = tomoyo_dentry_open,
 517         .path_truncate       = tomoyo_path_truncate,
 518         .path_unlink         = tomoyo_path_unlink,
 519         .path_mkdir          = tomoyo_path_mkdir,
 520         .path_rmdir          = tomoyo_path_rmdir,
 521         .path_symlink        = tomoyo_path_symlink,
 522         .path_mknod          = tomoyo_path_mknod,
 523         .path_link           = tomoyo_path_link,
 524         .path_rename         = tomoyo_path_rename,
 525         .inode_getattr       = tomoyo_inode_getattr,
 526         .file_ioctl          = tomoyo_file_ioctl,
 527         .path_chmod          = tomoyo_path_chmod,
 528         .path_chown          = tomoyo_path_chown,
 529         .path_chroot         = tomoyo_path_chroot,
 530         .sb_mount            = tomoyo_sb_mount,
 531         .sb_umount           = tomoyo_sb_umount,
 532         .sb_pivotroot        = tomoyo_sb_pivotroot,
 533         .socket_bind         = tomoyo_socket_bind,
 534         .socket_connect      = tomoyo_socket_connect,
 535         .socket_listen       = tomoyo_socket_listen,
 536         .socket_sendmsg      = tomoyo_socket_sendmsg,
 537 };
 538
 539 /* Lock for GC. */
 540 struct srcu_struct tomoyo_ss;
 541
 542 /**
 543  * tomoyo_init - Register TOMOYO Linux as a LSM module.
 544  *
 545  * Returns 0.
 546  */
 547 static int __init tomoyo_init(void)
 548 {
 549         struct cred *cred = (struct cred *) current_cred();
 550
 551         if (!security_module_enable(&tomoyo_security_ops))
 552                 return 0;
 553         /* register ourselves with the security framework */
 554         if (register_security(&tomoyo_security_ops) ||
 555             init_srcu_struct(&tomoyo_ss))
 556                 panic("Failure registering TOMOYO Linux");
 557         printk(KERN_INFO "TOMOYO Linux initialized\n");
 558         cred->security = &tomoyo_kernel_domain;
 559         tomoyo_mm_init();
 560         return 0;
 561 }
 562
 563 security_initcall(tomoyo_init);