]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - security/tomoyo/tomoyo.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
UBUNTU: SAUCE: LSM stacking: LSM: manage credential security blobs
[mirror_ubuntu-artful-kernel.git] / security / tomoyo / tomoyo.c
1 /*
2 * security/tomoyo/tomoyo.c
3 *
4 * Copyright (C) 2005-2011 NTT DATA CORPORATION
5 */
6
7 #include <linux/lsm_hooks.h>
8 #include "common.h"
9
10 /**
11 * tomoyo_cred_alloc_blank - Target for security_cred_alloc_blank().
12 *
13 * @new: Pointer to "struct cred".
14 * @gfp: Memory allocation flags.
15 *
16 * Returns 0.
17 */
18 static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
19 {
20 struct tomoyo_domain_info **blob = tomoyo_cred(new);
21
22 *blob = NULL;
23 return 0;
24 }
25
26 /**
27 * tomoyo_cred_prepare - Target for security_prepare_creds().
28 *
29 * @new: Pointer to "struct cred".
30 * @old: Pointer to "struct cred".
31 * @gfp: Memory allocation flags.
32 *
33 * Returns 0.
34 */
35 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
36 gfp_t gfp)
37 {
38 struct tomoyo_domain_info **old_blob = tomoyo_cred(old);
39 struct tomoyo_domain_info **new_blob = tomoyo_cred(new);
40 struct tomoyo_domain_info *domain;
41
42 domain = *old_blob;
43 *new_blob = domain;
44
45 if (domain)
46 atomic_inc(&domain->users);
47 return 0;
48 }
49
50 /**
51 * tomoyo_cred_transfer - Target for security_transfer_creds().
52 *
53 * @new: Pointer to "struct cred".
54 * @old: Pointer to "struct cred".
55 */
56 static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
57 {
58 tomoyo_cred_prepare(new, old, 0);
59 }
60
61 /**
62 * tomoyo_cred_free - Target for security_cred_free().
63 *
64 * @cred: Pointer to "struct cred".
65 */
66 static void tomoyo_cred_free(struct cred *cred)
67 {
68 struct tomoyo_domain_info **blob = tomoyo_cred(cred);
69 struct tomoyo_domain_info *domain = *blob;
70
71 if (domain)
72 atomic_dec(&domain->users);
73 }
74
75 /**
76 * tomoyo_bprm_set_creds - Target for security_bprm_set_creds().
77 *
78 * @bprm: Pointer to "struct linux_binprm".
79 *
80 * Returns 0 on success, negative value otherwise.
81 */
82 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
83 {
84 struct tomoyo_domain_info **blob;
85 struct tomoyo_domain_info *domain;
86
87 /*
88 * Do only if this function is called for the first time of an execve
89 * operation.
90 */
91 if (bprm->cred_prepared)
92 return 0;
93 #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
94 /*
95 * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
96 * for the first time.
97 */
98 if (!tomoyo_policy_loaded)
99 tomoyo_load_policy(bprm->filename);
100 #endif
101 /*
102 * Release reference to "struct tomoyo_domain_info" stored inside
103 * "bprm->cred->security". New reference to "struct tomoyo_domain_info"
104 * stored inside "bprm->cred->security" will be acquired later inside
105 * tomoyo_find_next_domain().
106 */
107 blob = tomoyo_cred(bprm->cred);
108 domain = *blob;
109 atomic_dec(&domain->users);
110 /*
111 * Tell tomoyo_bprm_check_security() is called for the first time of an
112 * execve operation.
113 */
114 *blob = NULL;
115 return 0;
116 }
117
118 /**
119 * tomoyo_bprm_check_security - Target for security_bprm_check().
120 *
121 * @bprm: Pointer to "struct linux_binprm".
122 *
123 * Returns 0 on success, negative value otherwise.
124 */
125 static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
126 {
127 struct tomoyo_domain_info **blob;
128 struct tomoyo_domain_info *domain;
129
130 blob = tomoyo_cred(bprm->cred);
131 domain = *blob;
132 /*
133 * Execute permission is checked against pathname passed to do_execve()
134 * using current domain.
135 */
136 if (!domain) {
137 const int idx = tomoyo_read_lock();
138 const int err = tomoyo_find_next_domain(bprm);
139 tomoyo_read_unlock(idx);
140 return err;
141 }
142 /*
143 * Read permission is checked against interpreters using next domain.
144 */
145 return tomoyo_check_open_permission(domain, &bprm->file->f_path,
146 O_RDONLY);
147 }
148
149 /**
150 * tomoyo_inode_getattr - Target for security_inode_getattr().
151 *
152 * @mnt: Pointer to "struct vfsmount".
153 * @dentry: Pointer to "struct dentry".
154 *
155 * Returns 0 on success, negative value otherwise.
156 */
157 static int tomoyo_inode_getattr(const struct path *path)
158 {
159 return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL);
160 }
161
162 /**
163 * tomoyo_path_truncate - Target for security_path_truncate().
164 *
165 * @path: Pointer to "struct path".
166 *
167 * Returns 0 on success, negative value otherwise.
168 */
169 static int tomoyo_path_truncate(const struct path *path)
170 {
171 return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
172 }
173
174 /**
175 * tomoyo_path_unlink - Target for security_path_unlink().
176 *
177 * @parent: Pointer to "struct path".
178 * @dentry: Pointer to "struct dentry".
179 *
180 * Returns 0 on success, negative value otherwise.
181 */
182 static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry)
183 {
184 struct path path = { .mnt = parent->mnt, .dentry = dentry };
185 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
186 }
187
188 /**
189 * tomoyo_path_mkdir - Target for security_path_mkdir().
190 *
191 * @parent: Pointer to "struct path".
192 * @dentry: Pointer to "struct dentry".
193 * @mode: DAC permission mode.
194 *
195 * Returns 0 on success, negative value otherwise.
196 */
197 static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry,
198 umode_t mode)
199 {
200 struct path path = { .mnt = parent->mnt, .dentry = dentry };
201 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
202 mode & S_IALLUGO);
203 }
204
205 /**
206 * tomoyo_path_rmdir - Target for security_path_rmdir().
207 *
208 * @parent: Pointer to "struct path".
209 * @dentry: Pointer to "struct dentry".
210 *
211 * Returns 0 on success, negative value otherwise.
212 */
213 static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry)
214 {
215 struct path path = { .mnt = parent->mnt, .dentry = dentry };
216 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
217 }
218
219 /**
220 * tomoyo_path_symlink - Target for security_path_symlink().
221 *
222 * @parent: Pointer to "struct path".
223 * @dentry: Pointer to "struct dentry".
224 * @old_name: Symlink's content.
225 *
226 * Returns 0 on success, negative value otherwise.
227 */
228 static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry,
229 const char *old_name)
230 {
231 struct path path = { .mnt = parent->mnt, .dentry = dentry };
232 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
233 }
234
235 /**
236 * tomoyo_path_mknod - Target for security_path_mknod().
237 *
238 * @parent: Pointer to "struct path".
239 * @dentry: Pointer to "struct dentry".
240 * @mode: DAC permission mode.
241 * @dev: Device attributes.
242 *
243 * Returns 0 on success, negative value otherwise.
244 */
245 static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry,
246 umode_t mode, unsigned int dev)
247 {
248 struct path path = { .mnt = parent->mnt, .dentry = dentry };
249 int type = TOMOYO_TYPE_CREATE;
250 const unsigned int perm = mode & S_IALLUGO;
251
252 switch (mode & S_IFMT) {
253 case S_IFCHR:
254 type = TOMOYO_TYPE_MKCHAR;
255 break;
256 case S_IFBLK:
257 type = TOMOYO_TYPE_MKBLOCK;
258 break;
259 default:
260 goto no_dev;
261 }
262 return tomoyo_mkdev_perm(type, &path, perm, dev);
263 no_dev:
264 switch (mode & S_IFMT) {
265 case S_IFIFO:
266 type = TOMOYO_TYPE_MKFIFO;
267 break;
268 case S_IFSOCK:
269 type = TOMOYO_TYPE_MKSOCK;
270 break;
271 }
272 return tomoyo_path_number_perm(type, &path, perm);
273 }
274
275 /**
276 * tomoyo_path_link - Target for security_path_link().
277 *
278 * @old_dentry: Pointer to "struct dentry".
279 * @new_dir: Pointer to "struct path".
280 * @new_dentry: Pointer to "struct dentry".
281 *
282 * Returns 0 on success, negative value otherwise.
283 */
284 static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir,
285 struct dentry *new_dentry)
286 {
287 struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
288 struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };
289 return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
290 }
291
292 /**
293 * tomoyo_path_rename - Target for security_path_rename().
294 *
295 * @old_parent: Pointer to "struct path".
296 * @old_dentry: Pointer to "struct dentry".
297 * @new_parent: Pointer to "struct path".
298 * @new_dentry: Pointer to "struct dentry".
299 *
300 * Returns 0 on success, negative value otherwise.
301 */
302 static int tomoyo_path_rename(const struct path *old_parent,
303 struct dentry *old_dentry,
304 const struct path *new_parent,
305 struct dentry *new_dentry)
306 {
307 struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
308 struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };
309 return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
310 }
311
312 /**
313 * tomoyo_file_fcntl - Target for security_file_fcntl().
314 *
315 * @file: Pointer to "struct file".
316 * @cmd: Command for fcntl().
317 * @arg: Argument for @cmd.
318 *
319 * Returns 0 on success, negative value otherwise.
320 */
321 static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
322 unsigned long arg)
323 {
324 if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
325 return 0;
326 return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
327 O_WRONLY | (arg & O_APPEND));
328 }
329
330 /**
331 * tomoyo_file_open - Target for security_file_open().
332 *
333 * @f: Pointer to "struct file".
334 * @cred: Pointer to "struct cred".
335 *
336 * Returns 0 on success, negative value otherwise.
337 */
338 static int tomoyo_file_open(struct file *f, const struct cred *cred)
339 {
340 int flags = f->f_flags;
341 /* Don't check read permission here if called from do_execve(). */
342 if (current->in_execve)
343 return 0;
344 return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
345 }
346
347 /**
348 * tomoyo_file_ioctl - Target for security_file_ioctl().
349 *
350 * @file: Pointer to "struct file".
351 * @cmd: Command for ioctl().
352 * @arg: Argument for @cmd.
353 *
354 * Returns 0 on success, negative value otherwise.
355 */
356 static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
357 unsigned long arg)
358 {
359 return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
360 }
361
362 /**
363 * tomoyo_path_chmod - Target for security_path_chmod().
364 *
365 * @path: Pointer to "struct path".
366 * @mode: DAC permission mode.
367 *
368 * Returns 0 on success, negative value otherwise.
369 */
370 static int tomoyo_path_chmod(const struct path *path, umode_t mode)
371 {
372 return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
373 mode & S_IALLUGO);
374 }
375
376 /**
377 * tomoyo_path_chown - Target for security_path_chown().
378 *
379 * @path: Pointer to "struct path".
380 * @uid: Owner ID.
381 * @gid: Group ID.
382 *
383 * Returns 0 on success, negative value otherwise.
384 */
385 static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
386 {
387 int error = 0;
388 if (uid_valid(uid))
389 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path,
390 from_kuid(&init_user_ns, uid));
391 if (!error && gid_valid(gid))
392 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path,
393 from_kgid(&init_user_ns, gid));
394 return error;
395 }
396
397 /**
398 * tomoyo_path_chroot - Target for security_path_chroot().
399 *
400 * @path: Pointer to "struct path".
401 *
402 * Returns 0 on success, negative value otherwise.
403 */
404 static int tomoyo_path_chroot(const struct path *path)
405 {
406 return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
407 }
408
409 /**
410 * tomoyo_sb_mount - Target for security_sb_mount().
411 *
412 * @dev_name: Name of device file. Maybe NULL.
413 * @path: Pointer to "struct path".
414 * @type: Name of filesystem type. Maybe NULL.
415 * @flags: Mount options.
416 * @data: Optional data. Maybe NULL.
417 *
418 * Returns 0 on success, negative value otherwise.
419 */
420 static int tomoyo_sb_mount(const char *dev_name, const struct path *path,
421 const char *type, unsigned long flags, void *data)
422 {
423 return tomoyo_mount_permission(dev_name, path, type, flags, data);
424 }
425
426 /**
427 * tomoyo_sb_umount - Target for security_sb_umount().
428 *
429 * @mnt: Pointer to "struct vfsmount".
430 * @flags: Unmount options.
431 *
432 * Returns 0 on success, negative value otherwise.
433 */
434 static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
435 {
436 struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
437 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
438 }
439
440 /**
441 * tomoyo_sb_pivotroot - Target for security_sb_pivotroot().
442 *
443 * @old_path: Pointer to "struct path".
444 * @new_path: Pointer to "struct path".
445 *
446 * Returns 0 on success, negative value otherwise.
447 */
448 static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path)
449 {
450 return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
451 }
452
453 /**
454 * tomoyo_socket_listen - Check permission for listen().
455 *
456 * @sock: Pointer to "struct socket".
457 * @backlog: Backlog parameter.
458 *
459 * Returns 0 on success, negative value otherwise.
460 */
461 static int tomoyo_socket_listen(struct socket *sock, int backlog)
462 {
463 return tomoyo_socket_listen_permission(sock);
464 }
465
466 /**
467 * tomoyo_socket_connect - Check permission for connect().
468 *
469 * @sock: Pointer to "struct socket".
470 * @addr: Pointer to "struct sockaddr".
471 * @addr_len: Size of @addr.
472 *
473 * Returns 0 on success, negative value otherwise.
474 */
475 static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr,
476 int addr_len)
477 {
478 return tomoyo_socket_connect_permission(sock, addr, addr_len);
479 }
480
481 /**
482 * tomoyo_socket_bind - Check permission for bind().
483 *
484 * @sock: Pointer to "struct socket".
485 * @addr: Pointer to "struct sockaddr".
486 * @addr_len: Size of @addr.
487 *
488 * Returns 0 on success, negative value otherwise.
489 */
490 static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr,
491 int addr_len)
492 {
493 return tomoyo_socket_bind_permission(sock, addr, addr_len);
494 }
495
496 /**
497 * tomoyo_socket_sendmsg - Check permission for sendmsg().
498 *
499 * @sock: Pointer to "struct socket".
500 * @msg: Pointer to "struct msghdr".
501 * @size: Size of message.
502 *
503 * Returns 0 on success, negative value otherwise.
504 */
505 static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
506 int size)
507 {
508 return tomoyo_socket_sendmsg_permission(sock, msg, size);
509 }
510
511 struct lsm_blob_sizes tomoyo_blob_sizes = {
512 .lbs_cred = sizeof(struct tomoyo_domain_info *),
513 };
514
515 /*
516 * tomoyo_security_ops is a "struct security_operations" which is used for
517 * registering TOMOYO.
518 */
519 static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
520 LSM_HOOK_INIT(cred_alloc_blank, tomoyo_cred_alloc_blank),
521 LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare),
522 LSM_HOOK_INIT(cred_transfer, tomoyo_cred_transfer),
523 LSM_HOOK_INIT(cred_free, tomoyo_cred_free),
524 LSM_HOOK_INIT(bprm_set_creds, tomoyo_bprm_set_creds),
525 LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security),
526 LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl),
527 LSM_HOOK_INIT(file_open, tomoyo_file_open),
528 LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate),
529 LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink),
530 LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir),
531 LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir),
532 LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink),
533 LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod),
534 LSM_HOOK_INIT(path_link, tomoyo_path_link),
535 LSM_HOOK_INIT(path_rename, tomoyo_path_rename),
536 LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr),
537 LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl),
538 LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod),
539 LSM_HOOK_INIT(path_chown, tomoyo_path_chown),
540 LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot),
541 LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount),
542 LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount),
543 LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot),
544 LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind),
545 LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect),
546 LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen),
547 LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg),
548 };
549
550 /* Lock for GC. */
551 DEFINE_SRCU(tomoyo_ss);
552
553 /**
554 * tomoyo_init - Register TOMOYO Linux as a LSM module.
555 *
556 * Returns 0.
557 */
558 static int __init tomoyo_init(void)
559 {
560 static int finish;
561 struct cred *cred = (struct cred *) current_cred();
562 struct tomoyo_domain_info **blob;
563
564 if (!security_module_enable("tomoyo"))
565 return 0;
566
567 if (!finish) {
568 security_add_blobs(&tomoyo_blob_sizes);
569 finish = 1;
570 return 0;
571 }
572
573 /* register ourselves with the security framework */
574 security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
575 printk(KERN_INFO "TOMOYO Linux initialized\n");
576 lsm_early_cred(cred);
577 blob = tomoyo_cred(cred);
578 *blob = &tomoyo_kernel_domain;
579 tomoyo_mm_init();
580 return 0;
581 }
582
583 security_initcall(tomoyo_init);
Ubuntu Artful kernel mirror