[mirror_ubuntu-artful-kernel.git] / security / tomoyo / tomoyo.c

/*
 * security/tomoyo/tomoyo.c
 *
 * Copyright (C) 2005-2011  NTT DATA CORPORATION
 */

#include <linux/lsm_hooks.h>
#include "common.h"

/**
 * tomoyo_cred_alloc_blank - Target for security_cred_alloc_blank().
 *
 * @new: Pointer to "struct cred".
 * @gfp: Memory allocation flags.
 *
 * Returns 0.
 */
static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
{
	struct tomoyo_domain_info **blob = tomoyo_cred(new);

	*blob = NULL;
	return 0;
}

/**
 * tomoyo_cred_prepare - Target for security_prepare_creds().
 *
 * @new: Pointer to "struct cred".
 * @old: Pointer to "struct cred".
 * @gfp: Memory allocation flags.
 *
 * Returns 0.
 */
static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
			       gfp_t gfp)
{
	struct tomoyo_domain_info **old_blob = tomoyo_cred(old);
	struct tomoyo_domain_info **new_blob = tomoyo_cred(new);
	struct tomoyo_domain_info *domain;

	domain = *old_blob;
	*new_blob = domain;

	if (domain)
		atomic_inc(&domain->users);
	return 0;
}

/**
 * tomoyo_cred_transfer - Target for security_transfer_creds().
 *
 * @new: Pointer to "struct cred".
 * @old: Pointer to "struct cred".
 */
static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
{
	tomoyo_cred_prepare(new, old, 0);
}

/**
 * tomoyo_cred_free - Target for security_cred_free().
 *
 * @cred: Pointer to "struct cred".
 */
static void tomoyo_cred_free(struct cred *cred)
{
	struct tomoyo_domain_info **blob = tomoyo_cred(cred);
	struct tomoyo_domain_info *domain = *blob;

	if (domain)
		atomic_dec(&domain->users);
}

/**
 * tomoyo_bprm_set_creds - Target for security_bprm_set_creds().
 *
 * @bprm: Pointer to "struct linux_binprm".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
{
	struct tomoyo_domain_info **blob;
	struct tomoyo_domain_info *domain;

	/*
	 * Do only if this function is called for the first time of an execve
	 * operation.
	 */
	if (bprm->cred_prepared)
		return 0;
#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
	/*
	 * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
	 * for the first time.
	 */
	if (!tomoyo_policy_loaded)
		tomoyo_load_policy(bprm->filename);
#endif
	/*
	 * Release reference to "struct tomoyo_domain_info" stored inside
	 * "bprm->cred->security". New reference to "struct tomoyo_domain_info"
	 * stored inside "bprm->cred->security" will be acquired later inside
	 * tomoyo_find_next_domain().
	 */
	blob = tomoyo_cred(bprm->cred);
	domain = *blob;
	atomic_dec(&domain->users);
	/*
	 * Tell tomoyo_bprm_check_security() is called for the first time of an
	 * execve operation.
	 */
	*blob = NULL;
	return 0;
}

/**
 * tomoyo_bprm_check_security - Target for security_bprm_check().
 *
 * @bprm: Pointer to "struct linux_binprm".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
{
	struct tomoyo_domain_info **blob;
	struct tomoyo_domain_info *domain;

	blob = tomoyo_cred(bprm->cred);
	domain = *blob;
	/*
	 * Execute permission is checked against pathname passed to do_execve()
	 * using current domain.
	 */
	if (!domain) {
		const int idx = tomoyo_read_lock();
		const int err = tomoyo_find_next_domain(bprm);
		tomoyo_read_unlock(idx);
		return err;
	}
	/*
	 * Read permission is checked against interpreters using next domain.
	 */
	return tomoyo_check_open_permission(domain, &bprm->file->f_path,
					    O_RDONLY);
}

/**
 * tomoyo_inode_getattr - Target for security_inode_getattr().
 *
 * @mnt:    Pointer to "struct vfsmount".
 * @dentry: Pointer to "struct dentry".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_inode_getattr(const struct path *path)
{
	return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL);
}

/**
 * tomoyo_path_truncate - Target for security_path_truncate().
 *
 * @path: Pointer to "struct path".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_truncate(const struct path *path)
{
	return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
}

/**
 * tomoyo_path_unlink - Target for security_path_unlink().
 *
 * @parent: Pointer to "struct path".
 * @dentry: Pointer to "struct dentry".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry)
{
	struct path path = { .mnt = parent->mnt, .dentry = dentry };
	return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
}

/**
 * tomoyo_path_mkdir - Target for security_path_mkdir().
 *
 * @parent: Pointer to "struct path".
 * @dentry: Pointer to "struct dentry".
 * @mode:   DAC permission mode.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry,
			     umode_t mode)
{
	struct path path = { .mnt = parent->mnt, .dentry = dentry };
	return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
				       mode & S_IALLUGO);
}

/**
 * tomoyo_path_rmdir - Target for security_path_rmdir().
 *
 * @parent: Pointer to "struct path".
 * @dentry: Pointer to "struct dentry".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry)
{
	struct path path = { .mnt = parent->mnt, .dentry = dentry };
	return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
}

/**
 * tomoyo_path_symlink - Target for security_path_symlink().
 *
 * @parent:   Pointer to "struct path".
 * @dentry:   Pointer to "struct dentry".
 * @old_name: Symlink's content.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry,
			       const char *old_name)
{
	struct path path = { .mnt = parent->mnt, .dentry = dentry };
	return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
}

/**
 * tomoyo_path_mknod - Target for security_path_mknod().
 *
 * @parent: Pointer to "struct path".
 * @dentry: Pointer to "struct dentry".
 * @mode:   DAC permission mode.
 * @dev:    Device attributes.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry,
			     umode_t mode, unsigned int dev)
{
	struct path path = { .mnt = parent->mnt, .dentry = dentry };
	int type = TOMOYO_TYPE_CREATE;
	const unsigned int perm = mode & S_IALLUGO;

	switch (mode & S_IFMT) {
	case S_IFCHR:
		type = TOMOYO_TYPE_MKCHAR;
		break;
	case S_IFBLK:
		type = TOMOYO_TYPE_MKBLOCK;
		break;
	default:
		goto no_dev;
	}
	return tomoyo_mkdev_perm(type, &path, perm, dev);
 no_dev:
	switch (mode & S_IFMT) {
	case S_IFIFO:
		type = TOMOYO_TYPE_MKFIFO;
		break;
	case S_IFSOCK:
		type = TOMOYO_TYPE_MKSOCK;
		break;
	}
	return tomoyo_path_number_perm(type, &path, perm);
}

/**
 * tomoyo_path_link - Target for security_path_link().
 *
 * @old_dentry: Pointer to "struct dentry".
 * @new_dir:    Pointer to "struct path".
 * @new_dentry: Pointer to "struct dentry".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir,
			    struct dentry *new_dentry)
{
	struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
	struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };
	return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
}

/**
 * tomoyo_path_rename - Target for security_path_rename().
 *
 * @old_parent: Pointer to "struct path".
 * @old_dentry: Pointer to "struct dentry".
 * @new_parent: Pointer to "struct path".
 * @new_dentry: Pointer to "struct dentry".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_rename(const struct path *old_parent,
			      struct dentry *old_dentry,
			      const struct path *new_parent,
			      struct dentry *new_dentry)
{
	struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
	struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };
	return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
}

/**
 * tomoyo_file_fcntl - Target for security_file_fcntl().
 *
 * @file: Pointer to "struct file".
 * @cmd:  Command for fcntl().
 * @arg:  Argument for @cmd.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
			     unsigned long arg)
{
	if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
		return 0;
	return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
					    O_WRONLY | (arg & O_APPEND));
}

/**
 * tomoyo_file_open - Target for security_file_open().
 *
 * @f:    Pointer to "struct file".
 * @cred: Pointer to "struct cred".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_file_open(struct file *f, const struct cred *cred)
{
	int flags = f->f_flags;
	/* Don't check read permission here if called from do_execve(). */
	if (current->in_execve)
		return 0;
	return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
}

/**
 * tomoyo_file_ioctl - Target for security_file_ioctl().
 *
 * @file: Pointer to "struct file".
 * @cmd:  Command for ioctl().
 * @arg:  Argument for @cmd.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
			     unsigned long arg)
{
	return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
}

/**
 * tomoyo_path_chmod - Target for security_path_chmod().
 *
 * @path: Pointer to "struct path".
 * @mode: DAC permission mode.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_chmod(const struct path *path, umode_t mode)
{
	return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
				       mode & S_IALLUGO);
}

/**
 * tomoyo_path_chown - Target for security_path_chown().
 *
 * @path: Pointer to "struct path".
 * @uid:  Owner ID.
 * @gid:  Group ID.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
	int error = 0;
	if (uid_valid(uid))
		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path,
						from_kuid(&init_user_ns, uid));
	if (!error && gid_valid(gid))
		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path,
						from_kgid(&init_user_ns, gid));
	return error;
}

/**
 * tomoyo_path_chroot - Target for security_path_chroot().
 *
 * @path: Pointer to "struct path".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_chroot(const struct path *path)
{
	return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
}

/**
 * tomoyo_sb_mount - Target for security_sb_mount().
 *
 * @dev_name: Name of device file. Maybe NULL.
 * @path:     Pointer to "struct path".
 * @type:     Name of filesystem type. Maybe NULL.
 * @flags:    Mount options.
 * @data:     Optional data. Maybe NULL.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_sb_mount(const char *dev_name, const struct path *path,
			   const char *type, unsigned long flags, void *data)
{
	return tomoyo_mount_permission(dev_name, path, type, flags, data);
}

/**
 * tomoyo_sb_umount - Target for security_sb_umount().
 *
 * @mnt:   Pointer to "struct vfsmount".
 * @flags: Unmount options.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
{
	struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
	return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
}

/**
 * tomoyo_sb_pivotroot - Target for security_sb_pivotroot().
 *
 * @old_path: Pointer to "struct path".
 * @new_path: Pointer to "struct path".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path)
{
	return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
}

/**
 * tomoyo_socket_listen - Check permission for listen().
 *
 * @sock:    Pointer to "struct socket".
 * @backlog: Backlog parameter.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_socket_listen(struct socket *sock, int backlog)
{
	return tomoyo_socket_listen_permission(sock);
}

/**
 * tomoyo_socket_connect - Check permission for connect().
 *
 * @sock:     Pointer to "struct socket".
 * @addr:     Pointer to "struct sockaddr".
 * @addr_len: Size of @addr.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr,
				 int addr_len)
{
	return tomoyo_socket_connect_permission(sock, addr, addr_len);
}

/**
 * tomoyo_socket_bind - Check permission for bind().
 *
 * @sock:     Pointer to "struct socket".
 * @addr:     Pointer to "struct sockaddr".
 * @addr_len: Size of @addr.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr,
			      int addr_len)
{
	return tomoyo_socket_bind_permission(sock, addr, addr_len);
}

/**
 * tomoyo_socket_sendmsg - Check permission for sendmsg().
 *
 * @sock: Pointer to "struct socket".
 * @msg:  Pointer to "struct msghdr".
 * @size: Size of message.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
				 int size)
{
	return tomoyo_socket_sendmsg_permission(sock, msg, size);
}

struct lsm_blob_sizes tomoyo_blob_sizes = {
	.lbs_cred = sizeof(struct tomoyo_domain_info *),
};

/*
 * tomoyo_security_ops is a "struct security_operations" which is used for
 * registering TOMOYO.
 */
static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
	LSM_HOOK_INIT(cred_alloc_blank, tomoyo_cred_alloc_blank),
	LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare),
	LSM_HOOK_INIT(cred_transfer, tomoyo_cred_transfer),
	LSM_HOOK_INIT(cred_free, tomoyo_cred_free),
	LSM_HOOK_INIT(bprm_set_creds, tomoyo_bprm_set_creds),
	LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security),
	LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl),
	LSM_HOOK_INIT(file_open, tomoyo_file_open),
	LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate),
	LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink),
	LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir),
	LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir),
	LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink),
	LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod),
	LSM_HOOK_INIT(path_link, tomoyo_path_link),
	LSM_HOOK_INIT(path_rename, tomoyo_path_rename),
	LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr),
	LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl),
	LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod),
	LSM_HOOK_INIT(path_chown, tomoyo_path_chown),
	LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot),
	LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount),
	LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount),
	LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot),
	LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind),
	LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect),
	LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen),
	LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg),
};

/* Lock for GC. */
DEFINE_SRCU(tomoyo_ss);

/**
 * tomoyo_init - Register TOMOYO Linux as a LSM module.
 *
 * Returns 0.
 */
static int __init tomoyo_init(void)
{
	static int finish;
	struct cred *cred = (struct cred *) current_cred();
	struct tomoyo_domain_info **blob;

	if (!security_module_enable("tomoyo"))
		return 0;

	if (!finish) {
		security_add_blobs(&tomoyo_blob_sizes);
		finish = 1;
		return 0;
	}

	/* register ourselves with the security framework */
	security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
	printk(KERN_INFO "TOMOYO Linux initialized\n");
	lsm_early_cred(cred);
	blob = tomoyo_cred(cred);
	*blob = &tomoyo_kernel_domain;
	tomoyo_mm_init();
	return 0;
}

security_initcall(tomoyo_init);
Commit	Line	Data
f7433243 KT	1	/*
	2	* security/tomoyo/tomoyo.c
	3	*
0f2a55d5	4	* Copyright (C) 2005-2011 NTT DATA CORPORATION
f7433243 KT	5	*/
f7433243 KT	6
3c4ed7bd	7	#include <linux/lsm_hooks.h>
f7433243	8	#include "common.h"
f7433243	9
0f2a55d5 TH	10	/**
	11	* tomoyo_cred_alloc_blank - Target for security_cred_alloc_blank().
	12	*
	13	* @new: Pointer to "struct cred".
	14	* @gfp: Memory allocation flags.
	15	*
	16	* Returns 0.
	17	*/
ee18d64c DH	18	static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
ee18d64c DH	19	{
98738d70 CS	20	struct tomoyo_domain_info **blob = tomoyo_cred(new);
	21
	22	*blob = NULL;
ee18d64c DH	23	return 0;
	24	}
	25
0f2a55d5 TH	26	/**
	27	* tomoyo_cred_prepare - Target for security_prepare_creds().
	28	*
	29	* @new: Pointer to "struct cred".
	30	* @old: Pointer to "struct cred".
	31	* @gfp: Memory allocation flags.
	32	*
	33	* Returns 0.
	34	*/
f7433243 KT	35	static int tomoyo_cred_prepare(struct cred new, const struct cred old,
	36	gfp_t gfp)
	37	{
98738d70 CS	38	struct tomoyo_domain_info **old_blob = tomoyo_cred(old);
	39	struct tomoyo_domain_info **new_blob = tomoyo_cred(new);
	40	struct tomoyo_domain_info *domain;
	41
	42	domain = *old_blob;
	43	*new_blob = domain;
	44
ec8e6a4e TH	45	if (domain)
ec8e6a4e TH	46	atomic_inc(&domain->users);
f7433243 KT	47	return 0;
	48	}
	49
0f2a55d5 TH	50	/**
	51	* tomoyo_cred_transfer - Target for security_transfer_creds().
	52	*
	53	* @new: Pointer to "struct cred".
	54	* @old: Pointer to "struct cred".
	55	*/
ee18d64c DH	56	static void tomoyo_cred_transfer(struct cred new, const struct cred old)
ee18d64c DH	57	{
ec8e6a4e TH	58	tomoyo_cred_prepare(new, old, 0);
	59	}
	60
0f2a55d5 TH	61	/**
	62	* tomoyo_cred_free - Target for security_cred_free().
	63	*
	64	* @cred: Pointer to "struct cred".
	65	*/
ec8e6a4e TH	66	static void tomoyo_cred_free(struct cred *cred)
ec8e6a4e TH	67	{
98738d70 CS	68	struct tomoyo_domain_info **blob = tomoyo_cred(cred);
	69	struct tomoyo_domain_info domain = blob;
	70
ec8e6a4e TH	71	if (domain)
ec8e6a4e TH	72	atomic_dec(&domain->users);
ee18d64c DH	73	}
ee18d64c DH	74
0f2a55d5 TH	75	/**
	76	* tomoyo_bprm_set_creds - Target for security_bprm_set_creds().
	77	*
	78	* @bprm: Pointer to "struct linux_binprm".
	79	*
	80	* Returns 0 on success, negative value otherwise.
	81	*/
f7433243 KT	82	static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
f7433243 KT	83	{
98738d70 CS	84	struct tomoyo_domain_info **blob;
	85	struct tomoyo_domain_info *domain;
	86
f7433243 KT	87	/*
	88	* Do only if this function is called for the first time of an execve
	89	* operation.
	90	*/
	91	if (bprm->cred_prepared)
	92	return 0;
7986cf28	93	#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
f7433243 KT	94	/*
	95	* Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
	96	* for the first time.
	97	*/
	98	if (!tomoyo_policy_loaded)
	99	tomoyo_load_policy(bprm->filename);
7986cf28	100	#endif
ec8e6a4e TH	101	/*
	102	* Release reference to "struct tomoyo_domain_info" stored inside
	103	* "bprm->cred->security". New reference to "struct tomoyo_domain_info"
	104	* stored inside "bprm->cred->security" will be acquired later inside
	105	* tomoyo_find_next_domain().
	106	*/
98738d70 CS	107	blob = tomoyo_cred(bprm->cred);
	108	domain = *blob;
	109	atomic_dec(&domain->users);
f7433243 KT	110	/*
	111	* Tell tomoyo_bprm_check_security() is called for the first time of an
	112	* execve operation.
	113	*/
98738d70	114	*blob = NULL;
f7433243 KT	115	return 0;
	116	}
	117
0f2a55d5 TH	118	/**
	119	* tomoyo_bprm_check_security - Target for security_bprm_check().
	120	*
	121	* @bprm: Pointer to "struct linux_binprm".
	122	*
	123	* Returns 0 on success, negative value otherwise.
	124	*/
f7433243 KT	125	static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
f7433243 KT	126	{
98738d70 CS	127	struct tomoyo_domain_info **blob;
98738d70 CS	128	struct tomoyo_domain_info *domain;
f7433243	129
98738d70 CS	130	blob = tomoyo_cred(bprm->cred);
98738d70 CS	131	domain = *blob;
f7433243 KT	132	/*
	133	* Execute permission is checked against pathname passed to do_execve()
	134	* using current domain.
	135	*/
fdb8ebb7	136	if (!domain) {
fdb8ebb7 TH	137	const int idx = tomoyo_read_lock();
	138	const int err = tomoyo_find_next_domain(bprm);
	139	tomoyo_read_unlock(idx);
	140	return err;
	141	}
f7433243 KT	142	/*
f7433243 KT	143	* Read permission is checked against interpreters using next domain.
f7433243	144	*/
0f2a55d5 TH	145	return tomoyo_check_open_permission(domain, &bprm->file->f_path,
0f2a55d5 TH	146	O_RDONLY);
f7433243 KT	147	}
f7433243 KT	148
0f2a55d5 TH	149	/**
	150	* tomoyo_inode_getattr - Target for security_inode_getattr().
	151	*
	152	* @mnt: Pointer to "struct vfsmount".
	153	* @dentry: Pointer to "struct dentry".
	154	*
	155	* Returns 0 on success, negative value otherwise.
	156	*/
3f7036a0	157	static int tomoyo_inode_getattr(const struct path *path)
7c75964f	158	{
3f7036a0	159	return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL);
7c75964f TH	160	}
7c75964f TH	161
0f2a55d5 TH	162	/**
	163	* tomoyo_path_truncate - Target for security_path_truncate().
	164	*
	165	* @path: Pointer to "struct path".
	166	*
	167	* Returns 0 on success, negative value otherwise.
	168	*/
81f4c506	169	static int tomoyo_path_truncate(const struct path *path)
f7433243	170	{
97fb35e4	171	return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
f7433243 KT	172	}
f7433243 KT	173
0f2a55d5 TH	174	/**
	175	* tomoyo_path_unlink - Target for security_path_unlink().
	176	*
	177	* @parent: Pointer to "struct path".
	178	* @dentry: Pointer to "struct dentry".
	179	*
	180	* Returns 0 on success, negative value otherwise.
	181	*/
989f74e0	182	static int tomoyo_path_unlink(const struct path parent, struct dentry dentry)
f7433243	183	{
8291798d	184	struct path path = { .mnt = parent->mnt, .dentry = dentry };
97fb35e4	185	return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
f7433243 KT	186	}
f7433243 KT	187
0f2a55d5 TH	188	/**
	189	* tomoyo_path_mkdir - Target for security_path_mkdir().
	190	*
	191	* @parent: Pointer to "struct path".
	192	* @dentry: Pointer to "struct dentry".
	193	* @mode: DAC permission mode.
	194	*
	195	* Returns 0 on success, negative value otherwise.
	196	*/
d3607752	197	static int tomoyo_path_mkdir(const struct path parent, struct dentry dentry,
4572befe	198	umode_t mode)
f7433243	199	{
8291798d	200	struct path path = { .mnt = parent->mnt, .dentry = dentry };
a1f9bb6a TH	201	return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
a1f9bb6a TH	202	mode & S_IALLUGO);
f7433243 KT	203	}
f7433243 KT	204
0f2a55d5 TH	205	/**
	206	* tomoyo_path_rmdir - Target for security_path_rmdir().
	207	*
	208	* @parent: Pointer to "struct path".
	209	* @dentry: Pointer to "struct dentry".
	210	*
	211	* Returns 0 on success, negative value otherwise.
	212	*/
989f74e0	213	static int tomoyo_path_rmdir(const struct path parent, struct dentry dentry)
f7433243	214	{
8291798d	215	struct path path = { .mnt = parent->mnt, .dentry = dentry };
97fb35e4	216	return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
f7433243 KT	217	}
f7433243 KT	218
0f2a55d5 TH	219	/**
	220	* tomoyo_path_symlink - Target for security_path_symlink().
	221	*
	222	* @parent: Pointer to "struct path".
	223	* @dentry: Pointer to "struct dentry".
	224	* @old_name: Symlink's content.
	225	*
	226	* Returns 0 on success, negative value otherwise.
	227	*/
d3607752	228	static int tomoyo_path_symlink(const struct path parent, struct dentry dentry,
f7433243 KT	229	const char *old_name)
f7433243 KT	230	{
8291798d	231	struct path path = { .mnt = parent->mnt, .dentry = dentry };
97fb35e4	232	return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
f7433243 KT	233	}
f7433243 KT	234
0f2a55d5 TH	235	/**
	236	* tomoyo_path_mknod - Target for security_path_mknod().
	237	*
	238	* @parent: Pointer to "struct path".
	239	* @dentry: Pointer to "struct dentry".
	240	* @mode: DAC permission mode.
	241	* @dev: Device attributes.
	242	*
	243	* Returns 0 on success, negative value otherwise.
	244	*/
d3607752	245	static int tomoyo_path_mknod(const struct path parent, struct dentry dentry,
04fc66e7	246	umode_t mode, unsigned int dev)
f7433243	247	{
8291798d	248	struct path path = { .mnt = parent->mnt, .dentry = dentry };
7ef61233	249	int type = TOMOYO_TYPE_CREATE;
a1f9bb6a	250	const unsigned int perm = mode & S_IALLUGO;
f7433243 KT	251
	252	switch (mode & S_IFMT) {
	253	case S_IFCHR:
7ef61233	254	type = TOMOYO_TYPE_MKCHAR;
f7433243 KT	255	break;
f7433243 KT	256	case S_IFBLK:
7ef61233	257	type = TOMOYO_TYPE_MKBLOCK;
f7433243	258	break;
a1f9bb6a TH	259	default:
	260	goto no_dev;
	261	}
75093152	262	return tomoyo_mkdev_perm(type, &path, perm, dev);
a1f9bb6a TH	263	no_dev:
a1f9bb6a TH	264	switch (mode & S_IFMT) {
f7433243	265	case S_IFIFO:
7ef61233	266	type = TOMOYO_TYPE_MKFIFO;
f7433243 KT	267	break;
f7433243 KT	268	case S_IFSOCK:
7ef61233	269	type = TOMOYO_TYPE_MKSOCK;
f7433243 KT	270	break;
f7433243 KT	271	}
a1f9bb6a	272	return tomoyo_path_number_perm(type, &path, perm);
f7433243 KT	273	}
f7433243 KT	274
0f2a55d5 TH	275	/**
	276	* tomoyo_path_link - Target for security_path_link().
	277	*
	278	* @old_dentry: Pointer to "struct dentry".
	279	* @new_dir: Pointer to "struct path".
	280	* @new_dentry: Pointer to "struct dentry".
	281	*
	282	* Returns 0 on success, negative value otherwise.
	283	*/
3ccee46a	284	static int tomoyo_path_link(struct dentry old_dentry, const struct path new_dir,
f7433243 KT	285	struct dentry *new_dentry)
f7433243 KT	286	{
8291798d KC	287	struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
8291798d KC	288	struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };
97d6931e	289	return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
f7433243 KT	290	}
f7433243 KT	291
0f2a55d5 TH	292	/**
	293	* tomoyo_path_rename - Target for security_path_rename().
	294	*
	295	* @old_parent: Pointer to "struct path".
	296	* @old_dentry: Pointer to "struct dentry".
	297	* @new_parent: Pointer to "struct path".
	298	* @new_dentry: Pointer to "struct dentry".
	299	*
	300	* Returns 0 on success, negative value otherwise.
	301	*/
3ccee46a	302	static int tomoyo_path_rename(const struct path *old_parent,
f7433243	303	struct dentry *old_dentry,
3ccee46a	304	const struct path *new_parent,
f7433243 KT	305	struct dentry *new_dentry)
f7433243 KT	306	{
8291798d KC	307	struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
8291798d KC	308	struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };
97d6931e	309	return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
f7433243 KT	310	}
f7433243 KT	311
0f2a55d5 TH	312	/**
	313	* tomoyo_file_fcntl - Target for security_file_fcntl().
	314	*
	315	* @file: Pointer to "struct file".
	316	* @cmd: Command for fcntl().
	317	* @arg: Argument for @cmd.
	318	*
	319	* Returns 0 on success, negative value otherwise.
	320	*/
f7433243 KT	321	static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
	322	unsigned long arg)
	323	{
7c75964f TH	324	if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
	325	return 0;
	326	return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
	327	O_WRONLY \| (arg & O_APPEND));
f7433243 KT	328	}
f7433243 KT	329
0f2a55d5	330	/**
83d49856	331	* tomoyo_file_open - Target for security_file_open().
0f2a55d5 TH	332	*
	333	* @f: Pointer to "struct file".
	334	* @cred: Pointer to "struct cred".
	335	*
	336	* Returns 0 on success, negative value otherwise.
	337	*/
83d49856	338	static int tomoyo_file_open(struct file f, const struct cred cred)
f7433243 KT	339	{
f7433243 KT	340	int flags = f->f_flags;
f7433243 KT	341	/* Don't check read permission here if called from do_execve(). */
	342	if (current->in_execve)
	343	return 0;
	344	return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
	345	}
	346
0f2a55d5 TH	347	/**
	348	* tomoyo_file_ioctl - Target for security_file_ioctl().
	349	*
	350	* @file: Pointer to "struct file".
	351	* @cmd: Command for ioctl().
	352	* @arg: Argument for @cmd.
	353	*
	354	* Returns 0 on success, negative value otherwise.
	355	*/
937bf613 TH	356	static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
	357	unsigned long arg)
	358	{
a1f9bb6a	359	return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
937bf613 TH	360	}
937bf613 TH	361
0f2a55d5 TH	362	/**
	363	* tomoyo_path_chmod - Target for security_path_chmod().
	364	*
cdcf116d AV	365	* @path: Pointer to "struct path".
cdcf116d AV	366	* @mode: DAC permission mode.
0f2a55d5 TH	367	*
	368	* Returns 0 on success, negative value otherwise.
	369	*/
be01f9f2	370	static int tomoyo_path_chmod(const struct path *path, umode_t mode)
937bf613	371	{
cdcf116d	372	return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
a1f9bb6a	373	mode & S_IALLUGO);
937bf613 TH	374	}
937bf613 TH	375
0f2a55d5 TH	376	/**
	377	* tomoyo_path_chown - Target for security_path_chown().
	378	*
	379	* @path: Pointer to "struct path".
	380	* @uid: Owner ID.
	381	* @gid: Group ID.
	382	*
	383	* Returns 0 on success, negative value otherwise.
	384	*/
7fd25dac	385	static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
937bf613 TH	386	{
937bf613 TH	387	int error = 0;
d2b31ca6 EB	388	if (uid_valid(uid))
	389	error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path,
	390	from_kuid(&init_user_ns, uid));
	391	if (!error && gid_valid(gid))
	392	error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path,
	393	from_kgid(&init_user_ns, gid));
937bf613 TH	394	return error;
	395	}
	396
0f2a55d5 TH	397	/**
	398	* tomoyo_path_chroot - Target for security_path_chroot().
	399	*
	400	* @path: Pointer to "struct path".
	401	*
	402	* Returns 0 on success, negative value otherwise.
	403	*/
77b286c0	404	static int tomoyo_path_chroot(const struct path *path)
937bf613	405	{
97fb35e4	406	return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
937bf613 TH	407	}
937bf613 TH	408
0f2a55d5 TH	409	/**
	410	* tomoyo_sb_mount - Target for security_sb_mount().
	411	*
	412	* @dev_name: Name of device file. Maybe NULL.
	413	* @path: Pointer to "struct path".
	414	* @type: Name of filesystem type. Maybe NULL.
	415	* @flags: Mount options.
	416	* @data: Optional data. Maybe NULL.
	417	*
	418	* Returns 0 on success, negative value otherwise.
	419	*/
8a04c43b	420	static int tomoyo_sb_mount(const char dev_name, const struct path path,
808d4e3c	421	const char type, unsigned long flags, void data)
937bf613	422	{
2106ccd9	423	return tomoyo_mount_permission(dev_name, path, type, flags, data);
937bf613 TH	424	}
937bf613 TH	425
0f2a55d5 TH	426	/**
	427	* tomoyo_sb_umount - Target for security_sb_umount().
	428	*
	429	* @mnt: Pointer to "struct vfsmount".
	430	* @flags: Unmount options.
	431	*
	432	* Returns 0 on success, negative value otherwise.
	433	*/
937bf613 TH	434	static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
937bf613 TH	435	{
8291798d	436	struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
97fb35e4	437	return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
937bf613 TH	438	}
937bf613 TH	439
0f2a55d5 TH	440	/**
	441	* tomoyo_sb_pivotroot - Target for security_sb_pivotroot().
	442	*
	443	* @old_path: Pointer to "struct path".
	444	* @new_path: Pointer to "struct path".
	445	*
	446	* Returns 0 on success, negative value otherwise.
	447	*/
3b73b68c	448	static int tomoyo_sb_pivotroot(const struct path old_path, const struct path new_path)
937bf613	449	{
97d6931e	450	return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
937bf613 TH	451	}
937bf613 TH	452
059d84db TH	453	/**
	454	* tomoyo_socket_listen - Check permission for listen().
	455	*
	456	* @sock: Pointer to "struct socket".
	457	* @backlog: Backlog parameter.
	458	*
	459	* Returns 0 on success, negative value otherwise.
	460	*/
	461	static int tomoyo_socket_listen(struct socket *sock, int backlog)
	462	{
	463	return tomoyo_socket_listen_permission(sock);
	464	}
	465
	466	/**
	467	* tomoyo_socket_connect - Check permission for connect().
	468	*
	469	* @sock: Pointer to "struct socket".
	470	* @addr: Pointer to "struct sockaddr".
	471	* @addr_len: Size of @addr.
	472	*
	473	* Returns 0 on success, negative value otherwise.
	474	*/
	475	static int tomoyo_socket_connect(struct socket sock, struct sockaddr addr,
	476	int addr_len)
	477	{
	478	return tomoyo_socket_connect_permission(sock, addr, addr_len);
	479	}
	480
	481	/**
	482	* tomoyo_socket_bind - Check permission for bind().
	483	*
	484	* @sock: Pointer to "struct socket".
	485	* @addr: Pointer to "struct sockaddr".
	486	* @addr_len: Size of @addr.
	487	*
	488	* Returns 0 on success, negative value otherwise.
	489	*/
	490	static int tomoyo_socket_bind(struct socket sock, struct sockaddr addr,
	491	int addr_len)
	492	{
	493	return tomoyo_socket_bind_permission(sock, addr, addr_len);
	494	}
	495
	496	/**
	497	* tomoyo_socket_sendmsg - Check permission for sendmsg().
	498	*
	499	* @sock: Pointer to "struct socket".
	500	* @msg: Pointer to "struct msghdr".
	501	* @size: Size of message.
	502	*
	503	* Returns 0 on success, negative value otherwise.
	504	*/
	505	static int tomoyo_socket_sendmsg(struct socket sock, struct msghdr msg,
	506	int size)
	507	{
	508	return tomoyo_socket_sendmsg_permission(sock, msg, size);
	509	}
	510
98738d70 CS	511	struct lsm_blob_sizes tomoyo_blob_sizes = {
	512	.lbs_cred = sizeof(struct tomoyo_domain_info *),
	513	};
	514
c3fa109a TH	515	/*
	516	* tomoyo_security_ops is a "struct security_operations" which is used for
	517	* registering TOMOYO.
	518	*/
ca97d939	519	static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
e20b043a CS	520	LSM_HOOK_INIT(cred_alloc_blank, tomoyo_cred_alloc_blank),
	521	LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare),
	522	LSM_HOOK_INIT(cred_transfer, tomoyo_cred_transfer),
	523	LSM_HOOK_INIT(cred_free, tomoyo_cred_free),
	524	LSM_HOOK_INIT(bprm_set_creds, tomoyo_bprm_set_creds),
	525	LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security),
	526	LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl),
	527	LSM_HOOK_INIT(file_open, tomoyo_file_open),
	528	LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate),
	529	LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink),
	530	LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir),
	531	LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir),
	532	LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink),
	533	LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod),
	534	LSM_HOOK_INIT(path_link, tomoyo_path_link),
	535	LSM_HOOK_INIT(path_rename, tomoyo_path_rename),
	536	LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr),
	537	LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl),
	538	LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod),
	539	LSM_HOOK_INIT(path_chown, tomoyo_path_chown),
	540	LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot),
	541	LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount),
	542	LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount),
	543	LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot),
	544	LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind),
	545	LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect),
	546	LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen),
	547	LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg),
f7433243 KT	548	};
f7433243 KT	549
fdb8ebb7	550	/* Lock for GC. */
505f14f7	551	DEFINE_SRCU(tomoyo_ss);
fdb8ebb7	552
0f2a55d5 TH	553	/**
	554	* tomoyo_init - Register TOMOYO Linux as a LSM module.
	555	*
	556	* Returns 0.
	557	*/
f7433243 KT	558	static int __init tomoyo_init(void)
f7433243 KT	559	{
98738d70	560	static int finish;
f7433243	561	struct cred cred = (struct cred ) current_cred();
98738d70	562	struct tomoyo_domain_info **blob;
f7433243	563
b1d9e6b0	564	if (!security_module_enable("tomoyo"))
f7433243	565	return 0;
98738d70 CS	566
	567	if (!finish) {
	568	security_add_blobs(&tomoyo_blob_sizes);
	569	finish = 1;
	570	return 0;
	571	}
	572
f7433243	573	/* register ourselves with the security framework */
d69dece5	574	security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
f7433243	575	printk(KERN_INFO "TOMOYO Linux initialized\n");
98738d70 CS	576	lsm_early_cred(cred);
	577	blob = tomoyo_cred(cred);
	578	*blob = &tomoyo_kernel_domain;
c3ef1500	579	tomoyo_mm_init();
f7433243 KT	580	return 0;
	581	}
	582
	583	security_initcall(tomoyo_init);