]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - security/tomoyo/tomoyo.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
EVM: Add support for portable signature format
[mirror_ubuntu-bionic-kernel.git] / security / tomoyo / tomoyo.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * security/tomoyo/tomoyo.c
4 *
5 * Copyright (C) 2005-2011 NTT DATA CORPORATION
6 */
7
8 #include <linux/lsm_hooks.h>
9 #include "common.h"
10
11 /**
12 * tomoyo_cred_alloc_blank - Target for security_cred_alloc_blank().
13 *
14 * @new: Pointer to "struct cred".
15 * @gfp: Memory allocation flags.
16 *
17 * Returns 0.
18 */
19 static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
20 {
21 struct tomoyo_domain_info **blob = tomoyo_cred(new);
22
23 *blob = NULL;
24 return 0;
25 }
26
27 /**
28 * tomoyo_cred_prepare - Target for security_prepare_creds().
29 *
30 * @new: Pointer to "struct cred".
31 * @old: Pointer to "struct cred".
32 * @gfp: Memory allocation flags.
33 *
34 * Returns 0.
35 */
36 static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
37 gfp_t gfp)
38 {
39 struct tomoyo_domain_info **old_blob = tomoyo_cred(old);
40 struct tomoyo_domain_info **new_blob = tomoyo_cred(new);
41 struct tomoyo_domain_info *domain;
42
43 domain = *old_blob;
44 *new_blob = domain;
45
46 if (domain)
47 atomic_inc(&domain->users);
48 return 0;
49 }
50
51 /**
52 * tomoyo_cred_transfer - Target for security_transfer_creds().
53 *
54 * @new: Pointer to "struct cred".
55 * @old: Pointer to "struct cred".
56 */
57 static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
58 {
59 tomoyo_cred_prepare(new, old, 0);
60 }
61
62 /**
63 * tomoyo_cred_free - Target for security_cred_free().
64 *
65 * @cred: Pointer to "struct cred".
66 */
67 static void tomoyo_cred_free(struct cred *cred)
68 {
69 struct tomoyo_domain_info **blob = tomoyo_cred(cred);
70 struct tomoyo_domain_info *domain = *blob;
71
72 if (domain)
73 atomic_dec(&domain->users);
74 }
75
76 /**
77 * tomoyo_bprm_set_creds - Target for security_bprm_set_creds().
78 *
79 * @bprm: Pointer to "struct linux_binprm".
80 *
81 * Returns 0 on success, negative value otherwise.
82 */
83 static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
84 {
85 struct tomoyo_domain_info **blob;
86 struct tomoyo_domain_info *domain;
87
88 /*
89 * Do only if this function is called for the first time of an execve
90 * operation.
91 */
92 if (bprm->called_set_creds)
93 return 0;
94 #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
95 /*
96 * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
97 * for the first time.
98 */
99 if (!tomoyo_policy_loaded)
100 tomoyo_load_policy(bprm->filename);
101 #endif
102 /*
103 * Release reference to "struct tomoyo_domain_info" stored inside
104 * "bprm->cred->security". New reference to "struct tomoyo_domain_info"
105 * stored inside "bprm->cred->security" will be acquired later inside
106 * tomoyo_find_next_domain().
107 */
108 blob = tomoyo_cred(bprm->cred);
109 domain = *blob;
110 atomic_dec(&domain->users);
111 /*
112 * Tell tomoyo_bprm_check_security() is called for the first time of an
113 * execve operation.
114 */
115 *blob = NULL;
116 return 0;
117 }
118
119 /**
120 * tomoyo_bprm_check_security - Target for security_bprm_check().
121 *
122 * @bprm: Pointer to "struct linux_binprm".
123 *
124 * Returns 0 on success, negative value otherwise.
125 */
126 static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
127 {
128 struct tomoyo_domain_info **blob;
129 struct tomoyo_domain_info *domain;
130
131 blob = tomoyo_cred(bprm->cred);
132 domain = *blob;
133 /*
134 * Execute permission is checked against pathname passed to do_execve()
135 * using current domain.
136 */
137 if (!domain) {
138 const int idx = tomoyo_read_lock();
139 const int err = tomoyo_find_next_domain(bprm);
140 tomoyo_read_unlock(idx);
141 return err;
142 }
143 /*
144 * Read permission is checked against interpreters using next domain.
145 */
146 return tomoyo_check_open_permission(domain, &bprm->file->f_path,
147 O_RDONLY);
148 }
149
150 /**
151 * tomoyo_inode_getattr - Target for security_inode_getattr().
152 *
153 * @mnt: Pointer to "struct vfsmount".
154 * @dentry: Pointer to "struct dentry".
155 *
156 * Returns 0 on success, negative value otherwise.
157 */
158 static int tomoyo_inode_getattr(const struct path *path)
159 {
160 return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL);
161 }
162
163 /**
164 * tomoyo_path_truncate - Target for security_path_truncate().
165 *
166 * @path: Pointer to "struct path".
167 *
168 * Returns 0 on success, negative value otherwise.
169 */
170 static int tomoyo_path_truncate(const struct path *path)
171 {
172 return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
173 }
174
175 /**
176 * tomoyo_path_unlink - Target for security_path_unlink().
177 *
178 * @parent: Pointer to "struct path".
179 * @dentry: Pointer to "struct dentry".
180 *
181 * Returns 0 on success, negative value otherwise.
182 */
183 static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry)
184 {
185 struct path path = { .mnt = parent->mnt, .dentry = dentry };
186 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
187 }
188
189 /**
190 * tomoyo_path_mkdir - Target for security_path_mkdir().
191 *
192 * @parent: Pointer to "struct path".
193 * @dentry: Pointer to "struct dentry".
194 * @mode: DAC permission mode.
195 *
196 * Returns 0 on success, negative value otherwise.
197 */
198 static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry,
199 umode_t mode)
200 {
201 struct path path = { .mnt = parent->mnt, .dentry = dentry };
202 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
203 mode & S_IALLUGO);
204 }
205
206 /**
207 * tomoyo_path_rmdir - Target for security_path_rmdir().
208 *
209 * @parent: Pointer to "struct path".
210 * @dentry: Pointer to "struct dentry".
211 *
212 * Returns 0 on success, negative value otherwise.
213 */
214 static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry)
215 {
216 struct path path = { .mnt = parent->mnt, .dentry = dentry };
217 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
218 }
219
220 /**
221 * tomoyo_path_symlink - Target for security_path_symlink().
222 *
223 * @parent: Pointer to "struct path".
224 * @dentry: Pointer to "struct dentry".
225 * @old_name: Symlink's content.
226 *
227 * Returns 0 on success, negative value otherwise.
228 */
229 static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry,
230 const char *old_name)
231 {
232 struct path path = { .mnt = parent->mnt, .dentry = dentry };
233 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
234 }
235
236 /**
237 * tomoyo_path_mknod - Target for security_path_mknod().
238 *
239 * @parent: Pointer to "struct path".
240 * @dentry: Pointer to "struct dentry".
241 * @mode: DAC permission mode.
242 * @dev: Device attributes.
243 *
244 * Returns 0 on success, negative value otherwise.
245 */
246 static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry,
247 umode_t mode, unsigned int dev)
248 {
249 struct path path = { .mnt = parent->mnt, .dentry = dentry };
250 int type = TOMOYO_TYPE_CREATE;
251 const unsigned int perm = mode & S_IALLUGO;
252
253 switch (mode & S_IFMT) {
254 case S_IFCHR:
255 type = TOMOYO_TYPE_MKCHAR;
256 break;
257 case S_IFBLK:
258 type = TOMOYO_TYPE_MKBLOCK;
259 break;
260 default:
261 goto no_dev;
262 }
263 return tomoyo_mkdev_perm(type, &path, perm, dev);
264 no_dev:
265 switch (mode & S_IFMT) {
266 case S_IFIFO:
267 type = TOMOYO_TYPE_MKFIFO;
268 break;
269 case S_IFSOCK:
270 type = TOMOYO_TYPE_MKSOCK;
271 break;
272 }
273 return tomoyo_path_number_perm(type, &path, perm);
274 }
275
276 /**
277 * tomoyo_path_link - Target for security_path_link().
278 *
279 * @old_dentry: Pointer to "struct dentry".
280 * @new_dir: Pointer to "struct path".
281 * @new_dentry: Pointer to "struct dentry".
282 *
283 * Returns 0 on success, negative value otherwise.
284 */
285 static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir,
286 struct dentry *new_dentry)
287 {
288 struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
289 struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };
290 return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
291 }
292
293 /**
294 * tomoyo_path_rename - Target for security_path_rename().
295 *
296 * @old_parent: Pointer to "struct path".
297 * @old_dentry: Pointer to "struct dentry".
298 * @new_parent: Pointer to "struct path".
299 * @new_dentry: Pointer to "struct dentry".
300 *
301 * Returns 0 on success, negative value otherwise.
302 */
303 static int tomoyo_path_rename(const struct path *old_parent,
304 struct dentry *old_dentry,
305 const struct path *new_parent,
306 struct dentry *new_dentry)
307 {
308 struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
309 struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };
310 return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
311 }
312
313 /**
314 * tomoyo_file_fcntl - Target for security_file_fcntl().
315 *
316 * @file: Pointer to "struct file".
317 * @cmd: Command for fcntl().
318 * @arg: Argument for @cmd.
319 *
320 * Returns 0 on success, negative value otherwise.
321 */
322 static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
323 unsigned long arg)
324 {
325 if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
326 return 0;
327 return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
328 O_WRONLY | (arg & O_APPEND));
329 }
330
331 /**
332 * tomoyo_file_open - Target for security_file_open().
333 *
334 * @f: Pointer to "struct file".
335 * @cred: Pointer to "struct cred".
336 *
337 * Returns 0 on success, negative value otherwise.
338 */
339 static int tomoyo_file_open(struct file *f, const struct cred *cred)
340 {
341 int flags = f->f_flags;
342 /* Don't check read permission here if called from do_execve(). */
343 if (current->in_execve)
344 return 0;
345 return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
346 }
347
348 /**
349 * tomoyo_file_ioctl - Target for security_file_ioctl().
350 *
351 * @file: Pointer to "struct file".
352 * @cmd: Command for ioctl().
353 * @arg: Argument for @cmd.
354 *
355 * Returns 0 on success, negative value otherwise.
356 */
357 static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
358 unsigned long arg)
359 {
360 return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
361 }
362
363 /**
364 * tomoyo_path_chmod - Target for security_path_chmod().
365 *
366 * @path: Pointer to "struct path".
367 * @mode: DAC permission mode.
368 *
369 * Returns 0 on success, negative value otherwise.
370 */
371 static int tomoyo_path_chmod(const struct path *path, umode_t mode)
372 {
373 return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
374 mode & S_IALLUGO);
375 }
376
377 /**
378 * tomoyo_path_chown - Target for security_path_chown().
379 *
380 * @path: Pointer to "struct path".
381 * @uid: Owner ID.
382 * @gid: Group ID.
383 *
384 * Returns 0 on success, negative value otherwise.
385 */
386 static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
387 {
388 int error = 0;
389 if (uid_valid(uid))
390 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path,
391 from_kuid(&init_user_ns, uid));
392 if (!error && gid_valid(gid))
393 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path,
394 from_kgid(&init_user_ns, gid));
395 return error;
396 }
397
398 /**
399 * tomoyo_path_chroot - Target for security_path_chroot().
400 *
401 * @path: Pointer to "struct path".
402 *
403 * Returns 0 on success, negative value otherwise.
404 */
405 static int tomoyo_path_chroot(const struct path *path)
406 {
407 return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
408 }
409
410 /**
411 * tomoyo_sb_mount - Target for security_sb_mount().
412 *
413 * @dev_name: Name of device file. Maybe NULL.
414 * @path: Pointer to "struct path".
415 * @type: Name of filesystem type. Maybe NULL.
416 * @flags: Mount options.
417 * @data: Optional data. Maybe NULL.
418 *
419 * Returns 0 on success, negative value otherwise.
420 */
421 static int tomoyo_sb_mount(const char *dev_name, const struct path *path,
422 const char *type, unsigned long flags, void *data)
423 {
424 return tomoyo_mount_permission(dev_name, path, type, flags, data);
425 }
426
427 /**
428 * tomoyo_sb_umount - Target for security_sb_umount().
429 *
430 * @mnt: Pointer to "struct vfsmount".
431 * @flags: Unmount options.
432 *
433 * Returns 0 on success, negative value otherwise.
434 */
435 static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
436 {
437 struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
438 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
439 }
440
441 /**
442 * tomoyo_sb_pivotroot - Target for security_sb_pivotroot().
443 *
444 * @old_path: Pointer to "struct path".
445 * @new_path: Pointer to "struct path".
446 *
447 * Returns 0 on success, negative value otherwise.
448 */
449 static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path)
450 {
451 return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
452 }
453
454 /**
455 * tomoyo_socket_listen - Check permission for listen().
456 *
457 * @sock: Pointer to "struct socket".
458 * @backlog: Backlog parameter.
459 *
460 * Returns 0 on success, negative value otherwise.
461 */
462 static int tomoyo_socket_listen(struct socket *sock, int backlog)
463 {
464 return tomoyo_socket_listen_permission(sock);
465 }
466
467 /**
468 * tomoyo_socket_connect - Check permission for connect().
469 *
470 * @sock: Pointer to "struct socket".
471 * @addr: Pointer to "struct sockaddr".
472 * @addr_len: Size of @addr.
473 *
474 * Returns 0 on success, negative value otherwise.
475 */
476 static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr,
477 int addr_len)
478 {
479 return tomoyo_socket_connect_permission(sock, addr, addr_len);
480 }
481
482 /**
483 * tomoyo_socket_bind - Check permission for bind().
484 *
485 * @sock: Pointer to "struct socket".
486 * @addr: Pointer to "struct sockaddr".
487 * @addr_len: Size of @addr.
488 *
489 * Returns 0 on success, negative value otherwise.
490 */
491 static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr,
492 int addr_len)
493 {
494 return tomoyo_socket_bind_permission(sock, addr, addr_len);
495 }
496
497 /**
498 * tomoyo_socket_sendmsg - Check permission for sendmsg().
499 *
500 * @sock: Pointer to "struct socket".
501 * @msg: Pointer to "struct msghdr".
502 * @size: Size of message.
503 *
504 * Returns 0 on success, negative value otherwise.
505 */
506 static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
507 int size)
508 {
509 return tomoyo_socket_sendmsg_permission(sock, msg, size);
510 }
511
512 struct lsm_blob_sizes tomoyo_blob_sizes = {
513 .lbs_cred = sizeof(struct tomoyo_domain_info *),
514 };
515
516 /*
517 * tomoyo_security_ops is a "struct security_operations" which is used for
518 * registering TOMOYO.
519 */
520 static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
521 LSM_HOOK_INIT(cred_alloc_blank, tomoyo_cred_alloc_blank),
522 LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare),
523 LSM_HOOK_INIT(cred_transfer, tomoyo_cred_transfer),
524 LSM_HOOK_INIT(cred_free, tomoyo_cred_free),
525 LSM_HOOK_INIT(bprm_set_creds, tomoyo_bprm_set_creds),
526 LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security),
527 LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl),
528 LSM_HOOK_INIT(file_open, tomoyo_file_open),
529 LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate),
530 LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink),
531 LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir),
532 LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir),
533 LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink),
534 LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod),
535 LSM_HOOK_INIT(path_link, tomoyo_path_link),
536 LSM_HOOK_INIT(path_rename, tomoyo_path_rename),
537 LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr),
538 LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl),
539 LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod),
540 LSM_HOOK_INIT(path_chown, tomoyo_path_chown),
541 LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot),
542 LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount),
543 LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount),
544 LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot),
545 LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind),
546 LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect),
547 LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen),
548 LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg),
549 };
550
551 /* Lock for GC. */
552 DEFINE_SRCU(tomoyo_ss);
553
554 bool tomoyo_enabled;
555
556 /**
557 * tomoyo_init - Register TOMOYO Linux as a LSM module.
558 *
559 * Returns 0.
560 */
561 static int __init tomoyo_init(void)
562 {
563 static int finish;
564 struct cred *cred = (struct cred *) current_cred();
565 struct tomoyo_domain_info **blob;
566
567 if (!security_module_enable("tomoyo",
568 IS_ENABLED(CONFIG_SECURITY_TOMOYO_STACKED))) {
569 tomoyo_enabled = false;
570 return 0;
571 }
572 tomoyo_enabled = true;
573
574 if (!finish) {
575 security_add_blobs(&tomoyo_blob_sizes);
576 finish = 1;
577 return 0;
578 }
579
580 /* register ourselves with the security framework */
581 security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
582 printk(KERN_INFO "TOMOYO Linux initialized\n");
583 lsm_early_cred(cred);
584 blob = tomoyo_cred(cred);
585 *blob = &tomoyo_kernel_domain;
586 tomoyo_mm_init();
587 return 0;
588 }
589
590 security_initcall(tomoyo_init);
ubuntu-bionic-kernel mirror