Commit | Line | Data |
---|---|---|
c3ef1500 | 1 | /* |
0f2a55d5 | 2 | * security/tomoyo/securityfs_if.c |
c3ef1500 | 3 | * |
0f2a55d5 | 4 | * Copyright (C) 2005-2011 NTT DATA CORPORATION |
c3ef1500 TH |
5 | */ |
6 | ||
7 | #include <linux/security.h> | |
8 | #include "common.h" | |
9 | ||
731d37aa TH |
10 | /** |
11 | * tomoyo_check_task_acl - Check permission for task operation. | |
12 | * | |
13 | * @r: Pointer to "struct tomoyo_request_info". | |
14 | * @ptr: Pointer to "struct tomoyo_acl_info". | |
15 | * | |
16 | * Returns true if granted, false otherwise. | |
17 | */ | |
18 | static bool tomoyo_check_task_acl(struct tomoyo_request_info *r, | |
19 | const struct tomoyo_acl_info *ptr) | |
20 | { | |
21 | const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl), | |
22 | head); | |
23 | return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname); | |
24 | } | |
25 | ||
26 | /** | |
27 | * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface. | |
28 | * | |
29 | * @file: Pointer to "struct file". | |
30 | * @buf: Domainname to transit to. | |
31 | * @count: Size of @buf. | |
32 | * @ppos: Unused. | |
33 | * | |
34 | * Returns @count on success, negative value otherwise. | |
35 | * | |
36 | * If domain transition was permitted but the domain transition failed, this | |
37 | * function returns error rather than terminating current thread with SIGKILL. | |
38 | */ | |
39 | static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, | |
40 | size_t count, loff_t *ppos) | |
41 | { | |
42 | char *data; | |
43 | int error; | |
44 | if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10) | |
45 | return -ENOMEM; | |
46 | data = kzalloc(count + 1, GFP_NOFS); | |
47 | if (!data) | |
48 | return -ENOMEM; | |
49 | if (copy_from_user(data, buf, count)) { | |
50 | error = -EFAULT; | |
51 | goto out; | |
52 | } | |
53 | tomoyo_normalize_line(data); | |
54 | if (tomoyo_correct_domain(data)) { | |
55 | const int idx = tomoyo_read_lock(); | |
56 | struct tomoyo_path_info name; | |
57 | struct tomoyo_request_info r; | |
58 | name.name = data; | |
59 | tomoyo_fill_path_info(&name); | |
60 | /* Check "task manual_domain_transition" permission. */ | |
61 | tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); | |
62 | r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL; | |
63 | r.param.task.domainname = &name; | |
64 | tomoyo_check_acl(&r, tomoyo_check_task_acl); | |
65 | if (!r.granted) | |
66 | error = -EPERM; | |
67 | else { | |
68 | struct tomoyo_domain_info *new_domain = | |
69 | tomoyo_assign_domain(data, true); | |
70 | if (!new_domain) { | |
71 | error = -ENOENT; | |
72 | } else { | |
73 | struct cred *cred = prepare_creds(); | |
74 | if (!cred) { | |
75 | error = -ENOMEM; | |
76 | } else { | |
77 | struct tomoyo_domain_info *old_domain = | |
78 | cred->security; | |
79 | cred->security = new_domain; | |
80 | atomic_inc(&new_domain->users); | |
81 | atomic_dec(&old_domain->users); | |
82 | commit_creds(cred); | |
83 | error = 0; | |
84 | } | |
85 | } | |
86 | } | |
87 | tomoyo_read_unlock(idx); | |
88 | } else | |
89 | error = -EINVAL; | |
90 | out: | |
91 | kfree(data); | |
92 | return error ? error : count; | |
93 | } | |
94 | ||
95 | /** | |
96 | * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface. | |
97 | * | |
98 | * @file: Pointer to "struct file". | |
99 | * @buf: Domainname which current thread belongs to. | |
100 | * @count: Size of @buf. | |
101 | * @ppos: Bytes read by now. | |
102 | * | |
103 | * Returns read size on success, negative value otherwise. | |
104 | */ | |
105 | static ssize_t tomoyo_read_self(struct file *file, char __user *buf, | |
106 | size_t count, loff_t *ppos) | |
107 | { | |
108 | const char *domain = tomoyo_domain()->domainname->name; | |
109 | loff_t len = strlen(domain); | |
110 | loff_t pos = *ppos; | |
111 | if (pos >= len || !count) | |
112 | return 0; | |
113 | len -= pos; | |
114 | if (count < len) | |
115 | len = count; | |
116 | if (copy_to_user(buf, domain + pos, len)) | |
117 | return -EFAULT; | |
118 | *ppos += len; | |
119 | return len; | |
120 | } | |
121 | ||
122 | /* Operations for /sys/kernel/security/tomoyo/self_domain interface. */ | |
123 | static const struct file_operations tomoyo_self_operations = { | |
124 | .write = tomoyo_write_self, | |
125 | .read = tomoyo_read_self, | |
126 | }; | |
127 | ||
c3ef1500 TH |
128 | /** |
129 | * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. | |
130 | * | |
131 | * @inode: Pointer to "struct inode". | |
132 | * @file: Pointer to "struct file". | |
133 | * | |
134 | * Returns 0 on success, negative value otherwise. | |
135 | */ | |
136 | static int tomoyo_open(struct inode *inode, struct file *file) | |
137 | { | |
496ad9aa | 138 | const int key = ((u8 *) file_inode(file)->i_private) |
c3ef1500 TH |
139 | - ((u8 *) NULL); |
140 | return tomoyo_open_control(key, file); | |
141 | } | |
142 | ||
143 | /** | |
144 | * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. | |
145 | * | |
c3ef1500 TH |
146 | * @file: Pointer to "struct file". |
147 | * | |
c3ef1500 TH |
148 | */ |
149 | static int tomoyo_release(struct inode *inode, struct file *file) | |
150 | { | |
e53cfda5 AV |
151 | tomoyo_close_control(file->private_data); |
152 | return 0; | |
c3ef1500 TH |
153 | } |
154 | ||
0849e3ba | 155 | /** |
b5bc60b4 | 156 | * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface. |
0849e3ba TH |
157 | * |
158 | * @file: Pointer to "struct file". | |
6041e834 | 159 | * @wait: Pointer to "poll_table". Maybe NULL. |
0849e3ba | 160 | * |
6041e834 TH |
161 | * Returns POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM if ready to read/write, |
162 | * POLLOUT | POLLWRNORM otherwise. | |
0849e3ba TH |
163 | */ |
164 | static unsigned int tomoyo_poll(struct file *file, poll_table *wait) | |
165 | { | |
166 | return tomoyo_poll_control(file, wait); | |
167 | } | |
168 | ||
c3ef1500 TH |
169 | /** |
170 | * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. | |
171 | * | |
172 | * @file: Pointer to "struct file". | |
173 | * @buf: Pointer to buffer. | |
174 | * @count: Size of @buf. | |
175 | * @ppos: Unused. | |
176 | * | |
177 | * Returns bytes read on success, negative value otherwise. | |
178 | */ | |
179 | static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, | |
180 | loff_t *ppos) | |
181 | { | |
0df7e8b8 | 182 | return tomoyo_read_control(file->private_data, buf, count); |
c3ef1500 TH |
183 | } |
184 | ||
185 | /** | |
186 | * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. | |
187 | * | |
188 | * @file: Pointer to "struct file". | |
189 | * @buf: Pointer to buffer. | |
190 | * @count: Size of @buf. | |
191 | * @ppos: Unused. | |
192 | * | |
193 | * Returns @count on success, negative value otherwise. | |
194 | */ | |
195 | static ssize_t tomoyo_write(struct file *file, const char __user *buf, | |
196 | size_t count, loff_t *ppos) | |
197 | { | |
0df7e8b8 | 198 | return tomoyo_write_control(file->private_data, buf, count); |
c3ef1500 TH |
199 | } |
200 | ||
201 | /* | |
202 | * tomoyo_operations is a "struct file_operations" which is used for handling | |
203 | * /sys/kernel/security/tomoyo/ interface. | |
204 | * | |
205 | * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR). | |
206 | * See tomoyo_io_buffer for internals. | |
207 | */ | |
208 | static const struct file_operations tomoyo_operations = { | |
209 | .open = tomoyo_open, | |
210 | .release = tomoyo_release, | |
0849e3ba | 211 | .poll = tomoyo_poll, |
c3ef1500 TH |
212 | .read = tomoyo_read, |
213 | .write = tomoyo_write, | |
7e2deb7c | 214 | .llseek = noop_llseek, |
c3ef1500 TH |
215 | }; |
216 | ||
217 | /** | |
218 | * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory. | |
219 | * | |
220 | * @name: The name of the interface file. | |
221 | * @mode: The permission of the interface file. | |
222 | * @parent: The parent directory. | |
223 | * @key: Type of interface. | |
224 | * | |
225 | * Returns nothing. | |
226 | */ | |
52ef0c04 | 227 | static void __init tomoyo_create_entry(const char *name, const umode_t mode, |
c3ef1500 TH |
228 | struct dentry *parent, const u8 key) |
229 | { | |
230 | securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, | |
231 | &tomoyo_operations); | |
232 | } | |
233 | ||
234 | /** | |
235 | * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. | |
236 | * | |
237 | * Returns 0. | |
238 | */ | |
239 | static int __init tomoyo_initerface_init(void) | |
240 | { | |
241 | struct dentry *tomoyo_dir; | |
242 | ||
243 | /* Don't create securityfs entries unless registered. */ | |
244 | if (current_cred()->security != &tomoyo_kernel_domain) | |
245 | return 0; | |
246 | ||
247 | tomoyo_dir = securityfs_create_dir("tomoyo", NULL); | |
248 | tomoyo_create_entry("query", 0600, tomoyo_dir, | |
249 | TOMOYO_QUERY); | |
250 | tomoyo_create_entry("domain_policy", 0600, tomoyo_dir, | |
251 | TOMOYO_DOMAINPOLICY); | |
252 | tomoyo_create_entry("exception_policy", 0600, tomoyo_dir, | |
253 | TOMOYO_EXCEPTIONPOLICY); | |
eadd99cc TH |
254 | tomoyo_create_entry("audit", 0400, tomoyo_dir, |
255 | TOMOYO_AUDIT); | |
c3ef1500 TH |
256 | tomoyo_create_entry(".process_status", 0600, tomoyo_dir, |
257 | TOMOYO_PROCESS_STATUS); | |
b22b8b9f TH |
258 | tomoyo_create_entry("stat", 0644, tomoyo_dir, |
259 | TOMOYO_STAT); | |
c3ef1500 TH |
260 | tomoyo_create_entry("profile", 0600, tomoyo_dir, |
261 | TOMOYO_PROFILE); | |
262 | tomoyo_create_entry("manager", 0600, tomoyo_dir, | |
263 | TOMOYO_MANAGER); | |
264 | tomoyo_create_entry("version", 0400, tomoyo_dir, | |
265 | TOMOYO_VERSION); | |
731d37aa TH |
266 | securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL, |
267 | &tomoyo_self_operations); | |
778c4a4d | 268 | tomoyo_load_builtin_policy(); |
c3ef1500 TH |
269 | return 0; |
270 | } | |
271 | ||
272 | fs_initcall(tomoyo_initerface_init); |