2 * security/tomoyo/tomoyo.c
4 * Copyright (C) 2005-2011 NTT DATA CORPORATION
7 #include <linux/lsm_hooks.h>
11 * tomoyo_cred_alloc_blank - Target for security_cred_alloc_blank().
13 * @new: Pointer to "struct cred".
14 * @gfp: Memory allocation flags.
18 static int tomoyo_cred_alloc_blank(struct cred
*new, gfp_t gfp
)
20 struct tomoyo_domain_info
**blob
= tomoyo_cred(new);
27 * tomoyo_cred_prepare - Target for security_prepare_creds().
29 * @new: Pointer to "struct cred".
30 * @old: Pointer to "struct cred".
31 * @gfp: Memory allocation flags.
35 static int tomoyo_cred_prepare(struct cred
*new, const struct cred
*old
,
38 struct tomoyo_domain_info
**old_blob
= tomoyo_cred(old
);
39 struct tomoyo_domain_info
**new_blob
= tomoyo_cred(new);
40 struct tomoyo_domain_info
*domain
;
46 atomic_inc(&domain
->users
);
51 * tomoyo_cred_transfer - Target for security_transfer_creds().
53 * @new: Pointer to "struct cred".
54 * @old: Pointer to "struct cred".
56 static void tomoyo_cred_transfer(struct cred
*new, const struct cred
*old
)
58 tomoyo_cred_prepare(new, old
, 0);
62 * tomoyo_cred_free - Target for security_cred_free().
64 * @cred: Pointer to "struct cred".
66 static void tomoyo_cred_free(struct cred
*cred
)
68 struct tomoyo_domain_info
**blob
= tomoyo_cred(cred
);
69 struct tomoyo_domain_info
*domain
= *blob
;
72 atomic_dec(&domain
->users
);
76 * tomoyo_bprm_set_creds - Target for security_bprm_set_creds().
78 * @bprm: Pointer to "struct linux_binprm".
80 * Returns 0 on success, negative value otherwise.
82 static int tomoyo_bprm_set_creds(struct linux_binprm
*bprm
)
84 struct tomoyo_domain_info
**blob
;
85 struct tomoyo_domain_info
*domain
;
88 * Do only if this function is called for the first time of an execve
91 if (bprm
->cred_prepared
)
93 #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
95 * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
98 if (!tomoyo_policy_loaded
)
99 tomoyo_load_policy(bprm
->filename
);
102 * Release reference to "struct tomoyo_domain_info" stored inside
103 * "bprm->cred->security". New reference to "struct tomoyo_domain_info"
104 * stored inside "bprm->cred->security" will be acquired later inside
105 * tomoyo_find_next_domain().
107 blob
= tomoyo_cred(bprm
->cred
);
109 atomic_dec(&domain
->users
);
111 * Tell tomoyo_bprm_check_security() is called for the first time of an
119 * tomoyo_bprm_check_security - Target for security_bprm_check().
121 * @bprm: Pointer to "struct linux_binprm".
123 * Returns 0 on success, negative value otherwise.
125 static int tomoyo_bprm_check_security(struct linux_binprm
*bprm
)
127 struct tomoyo_domain_info
**blob
;
128 struct tomoyo_domain_info
*domain
;
130 blob
= tomoyo_cred(bprm
->cred
);
133 * Execute permission is checked against pathname passed to do_execve()
134 * using current domain.
137 const int idx
= tomoyo_read_lock();
138 const int err
= tomoyo_find_next_domain(bprm
);
139 tomoyo_read_unlock(idx
);
143 * Read permission is checked against interpreters using next domain.
145 return tomoyo_check_open_permission(domain
, &bprm
->file
->f_path
,
150 * tomoyo_inode_getattr - Target for security_inode_getattr().
152 * @mnt: Pointer to "struct vfsmount".
153 * @dentry: Pointer to "struct dentry".
155 * Returns 0 on success, negative value otherwise.
157 static int tomoyo_inode_getattr(const struct path
*path
)
159 return tomoyo_path_perm(TOMOYO_TYPE_GETATTR
, path
, NULL
);
163 * tomoyo_path_truncate - Target for security_path_truncate().
165 * @path: Pointer to "struct path".
167 * Returns 0 on success, negative value otherwise.
169 static int tomoyo_path_truncate(const struct path
*path
)
171 return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE
, path
, NULL
);
175 * tomoyo_path_unlink - Target for security_path_unlink().
177 * @parent: Pointer to "struct path".
178 * @dentry: Pointer to "struct dentry".
180 * Returns 0 on success, negative value otherwise.
182 static int tomoyo_path_unlink(const struct path
*parent
, struct dentry
*dentry
)
184 struct path path
= { .mnt
= parent
->mnt
, .dentry
= dentry
};
185 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK
, &path
, NULL
);
189 * tomoyo_path_mkdir - Target for security_path_mkdir().
191 * @parent: Pointer to "struct path".
192 * @dentry: Pointer to "struct dentry".
193 * @mode: DAC permission mode.
195 * Returns 0 on success, negative value otherwise.
197 static int tomoyo_path_mkdir(const struct path
*parent
, struct dentry
*dentry
,
200 struct path path
= { .mnt
= parent
->mnt
, .dentry
= dentry
};
201 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR
, &path
,
206 * tomoyo_path_rmdir - Target for security_path_rmdir().
208 * @parent: Pointer to "struct path".
209 * @dentry: Pointer to "struct dentry".
211 * Returns 0 on success, negative value otherwise.
213 static int tomoyo_path_rmdir(const struct path
*parent
, struct dentry
*dentry
)
215 struct path path
= { .mnt
= parent
->mnt
, .dentry
= dentry
};
216 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR
, &path
, NULL
);
220 * tomoyo_path_symlink - Target for security_path_symlink().
222 * @parent: Pointer to "struct path".
223 * @dentry: Pointer to "struct dentry".
224 * @old_name: Symlink's content.
226 * Returns 0 on success, negative value otherwise.
228 static int tomoyo_path_symlink(const struct path
*parent
, struct dentry
*dentry
,
229 const char *old_name
)
231 struct path path
= { .mnt
= parent
->mnt
, .dentry
= dentry
};
232 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK
, &path
, old_name
);
236 * tomoyo_path_mknod - Target for security_path_mknod().
238 * @parent: Pointer to "struct path".
239 * @dentry: Pointer to "struct dentry".
240 * @mode: DAC permission mode.
241 * @dev: Device attributes.
243 * Returns 0 on success, negative value otherwise.
245 static int tomoyo_path_mknod(const struct path
*parent
, struct dentry
*dentry
,
246 umode_t mode
, unsigned int dev
)
248 struct path path
= { .mnt
= parent
->mnt
, .dentry
= dentry
};
249 int type
= TOMOYO_TYPE_CREATE
;
250 const unsigned int perm
= mode
& S_IALLUGO
;
252 switch (mode
& S_IFMT
) {
254 type
= TOMOYO_TYPE_MKCHAR
;
257 type
= TOMOYO_TYPE_MKBLOCK
;
262 return tomoyo_mkdev_perm(type
, &path
, perm
, dev
);
264 switch (mode
& S_IFMT
) {
266 type
= TOMOYO_TYPE_MKFIFO
;
269 type
= TOMOYO_TYPE_MKSOCK
;
272 return tomoyo_path_number_perm(type
, &path
, perm
);
276 * tomoyo_path_link - Target for security_path_link().
278 * @old_dentry: Pointer to "struct dentry".
279 * @new_dir: Pointer to "struct path".
280 * @new_dentry: Pointer to "struct dentry".
282 * Returns 0 on success, negative value otherwise.
284 static int tomoyo_path_link(struct dentry
*old_dentry
, const struct path
*new_dir
,
285 struct dentry
*new_dentry
)
287 struct path path1
= { .mnt
= new_dir
->mnt
, .dentry
= old_dentry
};
288 struct path path2
= { .mnt
= new_dir
->mnt
, .dentry
= new_dentry
};
289 return tomoyo_path2_perm(TOMOYO_TYPE_LINK
, &path1
, &path2
);
293 * tomoyo_path_rename - Target for security_path_rename().
295 * @old_parent: Pointer to "struct path".
296 * @old_dentry: Pointer to "struct dentry".
297 * @new_parent: Pointer to "struct path".
298 * @new_dentry: Pointer to "struct dentry".
300 * Returns 0 on success, negative value otherwise.
302 static int tomoyo_path_rename(const struct path
*old_parent
,
303 struct dentry
*old_dentry
,
304 const struct path
*new_parent
,
305 struct dentry
*new_dentry
)
307 struct path path1
= { .mnt
= old_parent
->mnt
, .dentry
= old_dentry
};
308 struct path path2
= { .mnt
= new_parent
->mnt
, .dentry
= new_dentry
};
309 return tomoyo_path2_perm(TOMOYO_TYPE_RENAME
, &path1
, &path2
);
313 * tomoyo_file_fcntl - Target for security_file_fcntl().
315 * @file: Pointer to "struct file".
316 * @cmd: Command for fcntl().
317 * @arg: Argument for @cmd.
319 * Returns 0 on success, negative value otherwise.
321 static int tomoyo_file_fcntl(struct file
*file
, unsigned int cmd
,
324 if (!(cmd
== F_SETFL
&& ((arg
^ file
->f_flags
) & O_APPEND
)))
326 return tomoyo_check_open_permission(tomoyo_domain(), &file
->f_path
,
327 O_WRONLY
| (arg
& O_APPEND
));
331 * tomoyo_file_open - Target for security_file_open().
333 * @f: Pointer to "struct file".
334 * @cred: Pointer to "struct cred".
336 * Returns 0 on success, negative value otherwise.
338 static int tomoyo_file_open(struct file
*f
, const struct cred
*cred
)
340 int flags
= f
->f_flags
;
341 /* Don't check read permission here if called from do_execve(). */
342 if (current
->in_execve
)
344 return tomoyo_check_open_permission(tomoyo_domain(), &f
->f_path
, flags
);
348 * tomoyo_file_ioctl - Target for security_file_ioctl().
350 * @file: Pointer to "struct file".
351 * @cmd: Command for ioctl().
352 * @arg: Argument for @cmd.
354 * Returns 0 on success, negative value otherwise.
356 static int tomoyo_file_ioctl(struct file
*file
, unsigned int cmd
,
359 return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL
, &file
->f_path
, cmd
);
363 * tomoyo_path_chmod - Target for security_path_chmod().
365 * @path: Pointer to "struct path".
366 * @mode: DAC permission mode.
368 * Returns 0 on success, negative value otherwise.
370 static int tomoyo_path_chmod(const struct path
*path
, umode_t mode
)
372 return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD
, path
,
377 * tomoyo_path_chown - Target for security_path_chown().
379 * @path: Pointer to "struct path".
383 * Returns 0 on success, negative value otherwise.
385 static int tomoyo_path_chown(const struct path
*path
, kuid_t uid
, kgid_t gid
)
389 error
= tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN
, path
,
390 from_kuid(&init_user_ns
, uid
));
391 if (!error
&& gid_valid(gid
))
392 error
= tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP
, path
,
393 from_kgid(&init_user_ns
, gid
));
398 * tomoyo_path_chroot - Target for security_path_chroot().
400 * @path: Pointer to "struct path".
402 * Returns 0 on success, negative value otherwise.
404 static int tomoyo_path_chroot(const struct path
*path
)
406 return tomoyo_path_perm(TOMOYO_TYPE_CHROOT
, path
, NULL
);
410 * tomoyo_sb_mount - Target for security_sb_mount().
412 * @dev_name: Name of device file. Maybe NULL.
413 * @path: Pointer to "struct path".
414 * @type: Name of filesystem type. Maybe NULL.
415 * @flags: Mount options.
416 * @data: Optional data. Maybe NULL.
418 * Returns 0 on success, negative value otherwise.
420 static int tomoyo_sb_mount(const char *dev_name
, const struct path
*path
,
421 const char *type
, unsigned long flags
, void *data
)
423 return tomoyo_mount_permission(dev_name
, path
, type
, flags
, data
);
427 * tomoyo_sb_umount - Target for security_sb_umount().
429 * @mnt: Pointer to "struct vfsmount".
430 * @flags: Unmount options.
432 * Returns 0 on success, negative value otherwise.
434 static int tomoyo_sb_umount(struct vfsmount
*mnt
, int flags
)
436 struct path path
= { .mnt
= mnt
, .dentry
= mnt
->mnt_root
};
437 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT
, &path
, NULL
);
441 * tomoyo_sb_pivotroot - Target for security_sb_pivotroot().
443 * @old_path: Pointer to "struct path".
444 * @new_path: Pointer to "struct path".
446 * Returns 0 on success, negative value otherwise.
448 static int tomoyo_sb_pivotroot(const struct path
*old_path
, const struct path
*new_path
)
450 return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT
, new_path
, old_path
);
454 * tomoyo_socket_listen - Check permission for listen().
456 * @sock: Pointer to "struct socket".
457 * @backlog: Backlog parameter.
459 * Returns 0 on success, negative value otherwise.
461 static int tomoyo_socket_listen(struct socket
*sock
, int backlog
)
463 return tomoyo_socket_listen_permission(sock
);
467 * tomoyo_socket_connect - Check permission for connect().
469 * @sock: Pointer to "struct socket".
470 * @addr: Pointer to "struct sockaddr".
471 * @addr_len: Size of @addr.
473 * Returns 0 on success, negative value otherwise.
475 static int tomoyo_socket_connect(struct socket
*sock
, struct sockaddr
*addr
,
478 return tomoyo_socket_connect_permission(sock
, addr
, addr_len
);
482 * tomoyo_socket_bind - Check permission for bind().
484 * @sock: Pointer to "struct socket".
485 * @addr: Pointer to "struct sockaddr".
486 * @addr_len: Size of @addr.
488 * Returns 0 on success, negative value otherwise.
490 static int tomoyo_socket_bind(struct socket
*sock
, struct sockaddr
*addr
,
493 return tomoyo_socket_bind_permission(sock
, addr
, addr_len
);
497 * tomoyo_socket_sendmsg - Check permission for sendmsg().
499 * @sock: Pointer to "struct socket".
500 * @msg: Pointer to "struct msghdr".
501 * @size: Size of message.
503 * Returns 0 on success, negative value otherwise.
505 static int tomoyo_socket_sendmsg(struct socket
*sock
, struct msghdr
*msg
,
508 return tomoyo_socket_sendmsg_permission(sock
, msg
, size
);
511 struct lsm_blob_sizes tomoyo_blob_sizes
= {
512 .lbs_cred
= sizeof(struct tomoyo_domain_info
*),
516 * tomoyo_security_ops is a "struct security_operations" which is used for
517 * registering TOMOYO.
519 static struct security_hook_list tomoyo_hooks
[] __lsm_ro_after_init
= {
520 LSM_HOOK_INIT(cred_alloc_blank
, tomoyo_cred_alloc_blank
),
521 LSM_HOOK_INIT(cred_prepare
, tomoyo_cred_prepare
),
522 LSM_HOOK_INIT(cred_transfer
, tomoyo_cred_transfer
),
523 LSM_HOOK_INIT(cred_free
, tomoyo_cred_free
),
524 LSM_HOOK_INIT(bprm_set_creds
, tomoyo_bprm_set_creds
),
525 LSM_HOOK_INIT(bprm_check_security
, tomoyo_bprm_check_security
),
526 LSM_HOOK_INIT(file_fcntl
, tomoyo_file_fcntl
),
527 LSM_HOOK_INIT(file_open
, tomoyo_file_open
),
528 LSM_HOOK_INIT(path_truncate
, tomoyo_path_truncate
),
529 LSM_HOOK_INIT(path_unlink
, tomoyo_path_unlink
),
530 LSM_HOOK_INIT(path_mkdir
, tomoyo_path_mkdir
),
531 LSM_HOOK_INIT(path_rmdir
, tomoyo_path_rmdir
),
532 LSM_HOOK_INIT(path_symlink
, tomoyo_path_symlink
),
533 LSM_HOOK_INIT(path_mknod
, tomoyo_path_mknod
),
534 LSM_HOOK_INIT(path_link
, tomoyo_path_link
),
535 LSM_HOOK_INIT(path_rename
, tomoyo_path_rename
),
536 LSM_HOOK_INIT(inode_getattr
, tomoyo_inode_getattr
),
537 LSM_HOOK_INIT(file_ioctl
, tomoyo_file_ioctl
),
538 LSM_HOOK_INIT(path_chmod
, tomoyo_path_chmod
),
539 LSM_HOOK_INIT(path_chown
, tomoyo_path_chown
),
540 LSM_HOOK_INIT(path_chroot
, tomoyo_path_chroot
),
541 LSM_HOOK_INIT(sb_mount
, tomoyo_sb_mount
),
542 LSM_HOOK_INIT(sb_umount
, tomoyo_sb_umount
),
543 LSM_HOOK_INIT(sb_pivotroot
, tomoyo_sb_pivotroot
),
544 LSM_HOOK_INIT(socket_bind
, tomoyo_socket_bind
),
545 LSM_HOOK_INIT(socket_connect
, tomoyo_socket_connect
),
546 LSM_HOOK_INIT(socket_listen
, tomoyo_socket_listen
),
547 LSM_HOOK_INIT(socket_sendmsg
, tomoyo_socket_sendmsg
),
551 DEFINE_SRCU(tomoyo_ss
);
554 * tomoyo_init - Register TOMOYO Linux as a LSM module.
558 static int __init
tomoyo_init(void)
561 struct cred
*cred
= (struct cred
*) current_cred();
562 struct tomoyo_domain_info
**blob
;
564 if (!security_module_enable("tomoyo"))
568 security_add_blobs(&tomoyo_blob_sizes
);
573 /* register ourselves with the security framework */
574 security_add_hooks(tomoyo_hooks
, ARRAY_SIZE(tomoyo_hooks
), "tomoyo");
575 printk(KERN_INFO
"TOMOYO Linux initialized\n");
576 lsm_early_cred(cred
);
577 blob
= tomoyo_cred(cred
);
578 *blob
= &tomoyo_kernel_domain
;
583 security_initcall(tomoyo_init
);