1
2
3
4
5
6
7#include <linux/security.h>
8#include "common.h"
9
10
11
12
13
14
15
16
17
18static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
19{
20 new->security = NULL;
21 return 0;
22}
23
24
25
26
27
28
29
30
31
32
33static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
34 gfp_t gfp)
35{
36 struct tomoyo_domain_info *domain = old->security;
37 new->security = domain;
38 if (domain)
39 atomic_inc(&domain->users);
40 return 0;
41}
42
43
44
45
46
47
48
49static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
50{
51 tomoyo_cred_prepare(new, old, 0);
52}
53
54
55
56
57
58
59static void tomoyo_cred_free(struct cred *cred)
60{
61 struct tomoyo_domain_info *domain = cred->security;
62 if (domain)
63 atomic_dec(&domain->users);
64}
65
66
67
68
69
70
71
72
73static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
74{
75 int rc;
76
77 rc = cap_bprm_set_creds(bprm);
78 if (rc)
79 return rc;
80
81
82
83
84
85 if (bprm->cred_prepared)
86 return 0;
87#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
88
89
90
91
92 if (!tomoyo_policy_loaded)
93 tomoyo_load_policy(bprm->filename);
94#endif
95
96
97
98
99
100
101 atomic_dec(&((struct tomoyo_domain_info *)
102 bprm->cred->security)->users);
103
104
105
106
107 bprm->cred->security = NULL;
108 return 0;
109}
110
111
112
113
114
115
116
117
118static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
119{
120 struct tomoyo_domain_info *domain = bprm->cred->security;
121
122
123
124
125
126 if (!domain) {
127 const int idx = tomoyo_read_lock();
128 const int err = tomoyo_find_next_domain(bprm);
129 tomoyo_read_unlock(idx);
130 return err;
131 }
132
133
134
135 return tomoyo_check_open_permission(domain, &bprm->file->f_path,
136 O_RDONLY);
137}
138
139
140
141
142
143
144
145
146
147static int tomoyo_inode_getattr(const struct path *path)
148{
149 return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL);
150}
151
152
153
154
155
156
157
158
159static int tomoyo_path_truncate(struct path *path)
160{
161 return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
162}
163
164
165
166
167
168
169
170
171
172static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
173{
174 struct path path = { parent->mnt, dentry };
175 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
176}
177
178
179
180
181
182
183
184
185
186
187static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
188 umode_t mode)
189{
190 struct path path = { parent->mnt, dentry };
191 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
192 mode & S_IALLUGO);
193}
194
195
196
197
198
199
200
201
202
203static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
204{
205 struct path path = { parent->mnt, dentry };
206 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
207}
208
209
210
211
212
213
214
215
216
217
218static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
219 const char *old_name)
220{
221 struct path path = { parent->mnt, dentry };
222 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
223}
224
225
226
227
228
229
230
231
232
233
234
235static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
236 umode_t mode, unsigned int dev)
237{
238 struct path path = { parent->mnt, dentry };
239 int type = TOMOYO_TYPE_CREATE;
240 const unsigned int perm = mode & S_IALLUGO;
241
242 switch (mode & S_IFMT) {
243 case S_IFCHR:
244 type = TOMOYO_TYPE_MKCHAR;
245 break;
246 case S_IFBLK:
247 type = TOMOYO_TYPE_MKBLOCK;
248 break;
249 default:
250 goto no_dev;
251 }
252 return tomoyo_mkdev_perm(type, &path, perm, dev);
253 no_dev:
254 switch (mode & S_IFMT) {
255 case S_IFIFO:
256 type = TOMOYO_TYPE_MKFIFO;
257 break;
258 case S_IFSOCK:
259 type = TOMOYO_TYPE_MKSOCK;
260 break;
261 }
262 return tomoyo_path_number_perm(type, &path, perm);
263}
264
265
266
267
268
269
270
271
272
273
274static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
275 struct dentry *new_dentry)
276{
277 struct path path1 = { new_dir->mnt, old_dentry };
278 struct path path2 = { new_dir->mnt, new_dentry };
279 return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
280}
281
282
283
284
285
286
287
288
289
290
291
292static int tomoyo_path_rename(struct path *old_parent,
293 struct dentry *old_dentry,
294 struct path *new_parent,
295 struct dentry *new_dentry)
296{
297 struct path path1 = { old_parent->mnt, old_dentry };
298 struct path path2 = { new_parent->mnt, new_dentry };
299 return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
300}
301
302
303
304
305
306
307
308
309
310
311static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
312 unsigned long arg)
313{
314 if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
315 return 0;
316 return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
317 O_WRONLY | (arg & O_APPEND));
318}
319
320
321
322
323
324
325
326
327
328static int tomoyo_file_open(struct file *f, const struct cred *cred)
329{
330 int flags = f->f_flags;
331
332 if (current->in_execve)
333 return 0;
334 return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
335}
336
337
338
339
340
341
342
343
344
345
346static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
347 unsigned long arg)
348{
349 return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
350}
351
352
353
354
355
356
357
358
359
360static int tomoyo_path_chmod(struct path *path, umode_t mode)
361{
362 return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
363 mode & S_IALLUGO);
364}
365
366
367
368
369
370
371
372
373
374
375static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid)
376{
377 int error = 0;
378 if (uid_valid(uid))
379 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path,
380 from_kuid(&init_user_ns, uid));
381 if (!error && gid_valid(gid))
382 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path,
383 from_kgid(&init_user_ns, gid));
384 return error;
385}
386
387
388
389
390
391
392
393
394static int tomoyo_path_chroot(struct path *path)
395{
396 return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
397}
398
399
400
401
402
403
404
405
406
407
408
409
410static int tomoyo_sb_mount(const char *dev_name, struct path *path,
411 const char *type, unsigned long flags, void *data)
412{
413 return tomoyo_mount_permission(dev_name, path, type, flags, data);
414}
415
416
417
418
419
420
421
422
423
424static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
425{
426 struct path path = { mnt, mnt->mnt_root };
427 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
428}
429
430
431
432
433
434
435
436
437
438static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
439{
440 return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
441}
442
443
444
445
446
447
448
449
450
451static int tomoyo_socket_listen(struct socket *sock, int backlog)
452{
453 return tomoyo_socket_listen_permission(sock);
454}
455
456
457
458
459
460
461
462
463
464
465static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr,
466 int addr_len)
467{
468 return tomoyo_socket_connect_permission(sock, addr, addr_len);
469}
470
471
472
473
474
475
476
477
478
479
480static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr,
481 int addr_len)
482{
483 return tomoyo_socket_bind_permission(sock, addr, addr_len);
484}
485
486
487
488
489
490
491
492
493
494
495static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
496 int size)
497{
498 return tomoyo_socket_sendmsg_permission(sock, msg, size);
499}
500
501
502
503
504
505static struct security_operations tomoyo_security_ops = {
506 .name = "tomoyo",
507 .cred_alloc_blank = tomoyo_cred_alloc_blank,
508 .cred_prepare = tomoyo_cred_prepare,
509 .cred_transfer = tomoyo_cred_transfer,
510 .cred_free = tomoyo_cred_free,
511 .bprm_set_creds = tomoyo_bprm_set_creds,
512 .bprm_check_security = tomoyo_bprm_check_security,
513 .file_fcntl = tomoyo_file_fcntl,
514 .file_open = tomoyo_file_open,
515 .path_truncate = tomoyo_path_truncate,
516 .path_unlink = tomoyo_path_unlink,
517 .path_mkdir = tomoyo_path_mkdir,
518 .path_rmdir = tomoyo_path_rmdir,
519 .path_symlink = tomoyo_path_symlink,
520 .path_mknod = tomoyo_path_mknod,
521 .path_link = tomoyo_path_link,
522 .path_rename = tomoyo_path_rename,
523 .inode_getattr = tomoyo_inode_getattr,
524 .file_ioctl = tomoyo_file_ioctl,
525 .path_chmod = tomoyo_path_chmod,
526 .path_chown = tomoyo_path_chown,
527 .path_chroot = tomoyo_path_chroot,
528 .sb_mount = tomoyo_sb_mount,
529 .sb_umount = tomoyo_sb_umount,
530 .sb_pivotroot = tomoyo_sb_pivotroot,
531 .socket_bind = tomoyo_socket_bind,
532 .socket_connect = tomoyo_socket_connect,
533 .socket_listen = tomoyo_socket_listen,
534 .socket_sendmsg = tomoyo_socket_sendmsg,
535};
536
537
538DEFINE_SRCU(tomoyo_ss);
539
540
541
542
543
544
545static int __init tomoyo_init(void)
546{
547 struct cred *cred = (struct cred *) current_cred();
548
549 if (!security_module_enable(&tomoyo_security_ops))
550 return 0;
551
552 if (register_security(&tomoyo_security_ops))
553 panic("Failure registering TOMOYO Linux");
554 printk(KERN_INFO "TOMOYO Linux initialized\n");
555 cred->security = &tomoyo_kernel_domain;
556 tomoyo_mm_init();
557 return 0;
558}
559
560security_initcall(tomoyo_init);
561