2 * security/tomoyo/domain.c
4 * Domain transition functions for TOMOYO.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
10 #include <linux/binfmts.h>
11 #include <linux/slab.h>
13 /* Variables definitions.*/
15 /* The initial domain. */
16 struct tomoyo_domain_info tomoyo_kernel_domain
;
19 * tomoyo_update_policy - Update an entry for exception policy.
21 * @new_entry: Pointer to "struct tomoyo_acl_info".
22 * @size: Size of @new_entry in bytes.
23 * @is_delete: True if it is a delete request.
24 * @list: Pointer to "struct list_head".
25 * @check_duplicate: Callback function to find duplicated entry.
27 * Returns 0 on success, negative value otherwise.
29 * Caller holds tomoyo_read_lock().
31 int tomoyo_update_policy(struct tomoyo_acl_head
*new_entry
, const int size
,
32 bool is_delete
, struct list_head
*list
,
33 bool (*check_duplicate
) (const struct tomoyo_acl_head
35 const struct tomoyo_acl_head
38 int error
= is_delete
? -ENOENT
: -ENOMEM
;
39 struct tomoyo_acl_head
*entry
;
41 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
43 list_for_each_entry_rcu(entry
, list
, list
) {
44 if (!check_duplicate(entry
, new_entry
))
46 entry
->is_deleted
= is_delete
;
50 if (error
&& !is_delete
) {
51 entry
= tomoyo_commit_ok(new_entry
, size
);
53 list_add_tail_rcu(&entry
->list
, list
);
57 mutex_unlock(&tomoyo_policy_lock
);
62 * tomoyo_update_domain - Update an entry for domain policy.
64 * @new_entry: Pointer to "struct tomoyo_acl_info".
65 * @size: Size of @new_entry in bytes.
66 * @is_delete: True if it is a delete request.
67 * @domain: Pointer to "struct tomoyo_domain_info".
68 * @check_duplicate: Callback function to find duplicated entry.
69 * @merge_duplicate: Callback function to merge duplicated entry.
71 * Returns 0 on success, negative value otherwise.
73 * Caller holds tomoyo_read_lock().
75 int tomoyo_update_domain(struct tomoyo_acl_info
*new_entry
, const int size
,
76 bool is_delete
, struct tomoyo_domain_info
*domain
,
77 bool (*check_duplicate
) (const struct tomoyo_acl_info
79 const struct tomoyo_acl_info
81 bool (*merge_duplicate
) (struct tomoyo_acl_info
*,
82 struct tomoyo_acl_info
*,
85 int error
= is_delete
? -ENOENT
: -ENOMEM
;
86 struct tomoyo_acl_info
*entry
;
88 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
90 list_for_each_entry_rcu(entry
, &domain
->acl_info_list
, list
) {
91 if (!check_duplicate(entry
, new_entry
))
94 entry
->is_deleted
= merge_duplicate(entry
, new_entry
,
97 entry
->is_deleted
= is_delete
;
101 if (error
&& !is_delete
) {
102 entry
= tomoyo_commit_ok(new_entry
, size
);
104 list_add_tail_rcu(&entry
->list
, &domain
->acl_info_list
);
108 mutex_unlock(&tomoyo_policy_lock
);
112 void tomoyo_check_acl(struct tomoyo_request_info
*r
,
113 bool (*check_entry
) (const struct tomoyo_request_info
*,
114 const struct tomoyo_acl_info
*))
116 const struct tomoyo_domain_info
*domain
= r
->domain
;
117 struct tomoyo_acl_info
*ptr
;
119 list_for_each_entry_rcu(ptr
, &domain
->acl_info_list
, list
) {
120 if (ptr
->is_deleted
|| ptr
->type
!= r
->param_type
)
122 if (check_entry(r
, ptr
)) {
130 /* The list for "struct tomoyo_domain_info". */
131 LIST_HEAD(tomoyo_domain_list
);
133 struct list_head tomoyo_policy_list
[TOMOYO_MAX_POLICY
];
134 struct list_head tomoyo_group_list
[TOMOYO_MAX_GROUP
];
137 * tomoyo_get_last_name - Get last component of a domainname.
139 * @domain: Pointer to "struct tomoyo_domain_info".
141 * Returns the last component of the domainname.
143 const char *tomoyo_get_last_name(const struct tomoyo_domain_info
*domain
)
145 const char *cp0
= domain
->domainname
->name
;
146 const char *cp1
= strrchr(cp0
, ' ');
153 static bool tomoyo_same_transition_control_entry(const struct tomoyo_acl_head
*
155 const struct tomoyo_acl_head
*
158 const struct tomoyo_transition_control
*p1
= container_of(a
,
161 const struct tomoyo_transition_control
*p2
= container_of(b
,
164 return p1
->type
== p2
->type
&& p1
->is_last_name
== p2
->is_last_name
165 && p1
->domainname
== p2
->domainname
166 && p1
->program
== p2
->program
;
170 * tomoyo_update_transition_control_entry - Update "struct tomoyo_transition_control" list.
172 * @domainname: The name of domain. Maybe NULL.
173 * @program: The name of program. Maybe NULL.
174 * @type: Type of transition.
175 * @is_delete: True if it is a delete request.
177 * Returns 0 on success, negative value otherwise.
179 static int tomoyo_update_transition_control_entry(const char *domainname
,
182 const bool is_delete
)
184 struct tomoyo_transition_control e
= { .type
= type
};
185 int error
= is_delete
? -ENOENT
: -ENOMEM
;
187 if (!tomoyo_correct_path(program
))
189 e
.program
= tomoyo_get_name(program
);
194 if (!tomoyo_correct_domain(domainname
)) {
195 if (!tomoyo_correct_path(domainname
))
197 e
.is_last_name
= true;
199 e
.domainname
= tomoyo_get_name(domainname
);
203 error
= tomoyo_update_policy(&e
.head
, sizeof(e
), is_delete
,
205 [TOMOYO_ID_TRANSITION_CONTROL
],
206 tomoyo_same_transition_control_entry
);
208 tomoyo_put_name(e
.domainname
);
209 tomoyo_put_name(e
.program
);
214 * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
216 * @data: String to parse.
217 * @is_delete: True if it is a delete request.
218 * @type: Type of this entry.
220 * Returns 0 on success, negative value otherwise.
222 int tomoyo_write_transition_control(char *data
, const bool is_delete
,
225 char *domainname
= strstr(data
, " from ");
229 } else if (type
== TOMOYO_TRANSITION_CONTROL_NO_KEEP
||
230 type
== TOMOYO_TRANSITION_CONTROL_KEEP
) {
234 return tomoyo_update_transition_control_entry(domainname
, data
, type
,
239 * tomoyo_transition_type - Get domain transition type.
241 * @domainname: The name of domain.
242 * @program: The name of program.
244 * Returns TOMOYO_TRANSITION_CONTROL_INITIALIZE if executing @program
245 * reinitializes domain transition, TOMOYO_TRANSITION_CONTROL_KEEP if executing
246 * @program suppresses domain transition, others otherwise.
248 * Caller holds tomoyo_read_lock().
250 static u8
tomoyo_transition_type(const struct tomoyo_path_info
*domainname
,
251 const struct tomoyo_path_info
*program
)
253 const struct tomoyo_transition_control
*ptr
;
254 const char *last_name
= tomoyo_last_word(domainname
->name
);
256 for (type
= 0; type
< TOMOYO_MAX_TRANSITION_TYPE
; type
++) {
258 list_for_each_entry_rcu(ptr
, &tomoyo_policy_list
259 [TOMOYO_ID_TRANSITION_CONTROL
],
261 if (ptr
->head
.is_deleted
|| ptr
->type
!= type
)
263 if (ptr
->domainname
) {
264 if (!ptr
->is_last_name
) {
265 if (ptr
->domainname
!= domainname
)
269 * Use direct strcmp() since this is
272 if (strcmp(ptr
->domainname
->name
,
278 tomoyo_pathcmp(ptr
->program
, program
))
280 if (type
== TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE
) {
282 * Do not check for initialize_domain if
283 * no_initialize_domain matched.
285 type
= TOMOYO_TRANSITION_CONTROL_NO_KEEP
;
295 static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head
*a
,
296 const struct tomoyo_acl_head
*b
)
298 const struct tomoyo_aggregator_entry
*p1
= container_of(a
, typeof(*p1
),
300 const struct tomoyo_aggregator_entry
*p2
= container_of(b
, typeof(*p2
),
302 return p1
->original_name
== p2
->original_name
&&
303 p1
->aggregated_name
== p2
->aggregated_name
;
307 * tomoyo_update_aggregator_entry - Update "struct tomoyo_aggregator_entry" list.
309 * @original_name: The original program's name.
310 * @aggregated_name: The program name to use.
311 * @is_delete: True if it is a delete request.
313 * Returns 0 on success, negative value otherwise.
315 * Caller holds tomoyo_read_lock().
317 static int tomoyo_update_aggregator_entry(const char *original_name
,
318 const char *aggregated_name
,
319 const bool is_delete
)
321 struct tomoyo_aggregator_entry e
= { };
322 int error
= is_delete
? -ENOENT
: -ENOMEM
;
324 if (!tomoyo_correct_path(original_name
) ||
325 !tomoyo_correct_path(aggregated_name
))
327 e
.original_name
= tomoyo_get_name(original_name
);
328 e
.aggregated_name
= tomoyo_get_name(aggregated_name
);
329 if (!e
.original_name
|| !e
.aggregated_name
||
330 e
.aggregated_name
->is_patterned
) /* No patterns allowed. */
332 error
= tomoyo_update_policy(&e
.head
, sizeof(e
), is_delete
,
333 &tomoyo_policy_list
[TOMOYO_ID_AGGREGATOR
],
334 tomoyo_same_aggregator_entry
);
336 tomoyo_put_name(e
.original_name
);
337 tomoyo_put_name(e
.aggregated_name
);
342 * tomoyo_write_aggregator_policy - Write "struct tomoyo_aggregator_entry" list.
344 * @data: String to parse.
345 * @is_delete: True if it is a delete request.
347 * Returns 0 on success, negative value otherwise.
349 * Caller holds tomoyo_read_lock().
351 int tomoyo_write_aggregator_policy(char *data
, const bool is_delete
)
353 char *cp
= strchr(data
, ' ');
358 return tomoyo_update_aggregator_entry(data
, cp
, is_delete
);
362 * tomoyo_find_or_assign_new_domain - Create a domain.
364 * @domainname: The name of domain.
365 * @profile: Profile number to assign if the domain was newly created.
367 * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
369 * Caller holds tomoyo_read_lock().
371 struct tomoyo_domain_info
*tomoyo_find_or_assign_new_domain(const char *
375 struct tomoyo_domain_info
*entry
;
376 struct tomoyo_domain_info
*domain
= NULL
;
377 const struct tomoyo_path_info
*saved_domainname
;
380 if (!tomoyo_correct_domain(domainname
))
382 saved_domainname
= tomoyo_get_name(domainname
);
383 if (!saved_domainname
)
385 entry
= kzalloc(sizeof(*entry
), GFP_NOFS
);
386 if (mutex_lock_interruptible(&tomoyo_policy_lock
))
388 list_for_each_entry_rcu(domain
, &tomoyo_domain_list
, list
) {
389 if (domain
->is_deleted
||
390 tomoyo_pathcmp(saved_domainname
, domain
->domainname
))
395 if (!found
&& tomoyo_memory_ok(entry
)) {
396 INIT_LIST_HEAD(&entry
->acl_info_list
);
397 entry
->domainname
= saved_domainname
;
398 saved_domainname
= NULL
;
399 entry
->profile
= profile
;
400 list_add_tail_rcu(&entry
->list
, &tomoyo_domain_list
);
405 mutex_unlock(&tomoyo_policy_lock
);
407 tomoyo_put_name(saved_domainname
);
409 return found
? domain
: NULL
;
413 * tomoyo_find_next_domain - Find a domain.
415 * @bprm: Pointer to "struct linux_binprm".
417 * Returns 0 on success, negative value otherwise.
419 * Caller holds tomoyo_read_lock().
421 int tomoyo_find_next_domain(struct linux_binprm
*bprm
)
423 struct tomoyo_request_info r
;
424 char *tmp
= kzalloc(TOMOYO_EXEC_TMPSIZE
, GFP_NOFS
);
425 struct tomoyo_domain_info
*old_domain
= tomoyo_domain();
426 struct tomoyo_domain_info
*domain
= NULL
;
427 const char *original_name
= bprm
->filename
;
430 int retval
= -ENOMEM
;
431 bool need_kfree
= false;
432 struct tomoyo_path_info rn
= { }; /* real name */
433 struct tomoyo_path_info ln
; /* last name */
435 ln
.name
= tomoyo_get_last_name(old_domain
);
436 tomoyo_fill_path_info(&ln
);
437 mode
= tomoyo_init_request_info(&r
, NULL
, TOMOYO_MAC_FILE_EXECUTE
);
438 is_enforce
= (mode
== TOMOYO_CONFIG_ENFORCING
);
447 /* Get symlink's pathname of program. */
449 rn
.name
= tomoyo_realpath_nofollow(original_name
);
452 tomoyo_fill_path_info(&rn
);
455 /* Check 'aggregator' directive. */
457 struct tomoyo_aggregator_entry
*ptr
;
458 list_for_each_entry_rcu(ptr
, &tomoyo_policy_list
459 [TOMOYO_ID_AGGREGATOR
], head
.list
) {
460 if (ptr
->head
.is_deleted
||
461 !tomoyo_path_matches_pattern(&rn
,
466 /* This is OK because it is read only. */
467 rn
= *ptr
->aggregated_name
;
472 /* Check execute permission. */
473 retval
= tomoyo_path_permission(&r
, TOMOYO_TYPE_EXECUTE
, &rn
);
474 if (retval
== TOMOYO_RETRY_REQUEST
)
479 /* Calculate domain to transit to. */
480 switch (tomoyo_transition_type(old_domain
->domainname
, &rn
)) {
481 case TOMOYO_TRANSITION_CONTROL_INITIALIZE
:
482 /* Transit to the child of tomoyo_kernel_domain domain. */
483 snprintf(tmp
, TOMOYO_EXEC_TMPSIZE
- 1, TOMOYO_ROOT_NAME
" "
486 case TOMOYO_TRANSITION_CONTROL_KEEP
:
487 /* Keep current domain. */
491 if (old_domain
== &tomoyo_kernel_domain
&&
492 !tomoyo_policy_loaded
) {
494 * Needn't to transit from kernel domain before
495 * starting /sbin/init. But transit from kernel domain
496 * if executing initializers because they might start
501 /* Normal domain transition. */
502 snprintf(tmp
, TOMOYO_EXEC_TMPSIZE
- 1, "%s %s",
503 old_domain
->domainname
->name
, rn
.name
);
507 if (domain
|| strlen(tmp
) >= TOMOYO_EXEC_TMPSIZE
- 10)
509 domain
= tomoyo_find_domain(tmp
);
513 int error
= tomoyo_supervisor(&r
, "# wants to create domain\n"
515 if (error
== TOMOYO_RETRY_REQUEST
)
520 domain
= tomoyo_find_or_assign_new_domain(tmp
, old_domain
->profile
);
524 printk(KERN_WARNING
"TOMOYO-ERROR: Domain '%s' not defined.\n", tmp
);
528 old_domain
->transition_failed
= true;
532 /* Update reference count on "struct tomoyo_domain_info". */
533 atomic_inc(&domain
->users
);
534 bprm
->cred
->security
= domain
;