1
2
3
4
5
6
7
8#include <linux/lsm_hooks.h>
9#include "common.h"
10
11
12
13
14
15
16struct tomoyo_domain_info *tomoyo_domain(void)
17{
18 struct tomoyo_task *s = tomoyo_task(current);
19
20 if (s->old_domain_info && !current->in_execve) {
21 atomic_dec(&s->old_domain_info->users);
22 s->old_domain_info = NULL;
23 }
24 return s->domain_info;
25}
26
27
28
29
30
31
32
33
34
35
36static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
37 gfp_t gfp)
38{
39
40 struct tomoyo_task *s = tomoyo_task(current);
41
42 if (s->old_domain_info && !current->in_execve) {
43 atomic_dec(&s->domain_info->users);
44 s->domain_info = s->old_domain_info;
45 s->old_domain_info = NULL;
46 }
47 return 0;
48}
49
50
51
52
53
54
55static void tomoyo_bprm_committed_creds(struct linux_binprm *bprm)
56{
57
58 struct tomoyo_task *s = tomoyo_task(current);
59
60 atomic_dec(&s->old_domain_info->users);
61 s->old_domain_info = NULL;
62}
63
64#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
65
66
67
68
69
70
71
72static int tomoyo_bprm_creds_for_exec(struct linux_binprm *bprm)
73{
74
75
76
77
78 if (!tomoyo_policy_loaded)
79 tomoyo_load_policy(bprm->filename);
80 return 0;
81}
82#endif
83
84
85
86
87
88
89
90
91static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
92{
93 struct tomoyo_task *s = tomoyo_task(current);
94
95
96
97
98
99 if (!s->old_domain_info) {
100 const int idx = tomoyo_read_lock();
101 const int err = tomoyo_find_next_domain(bprm);
102
103 tomoyo_read_unlock(idx);
104 return err;
105 }
106
107
108
109 return tomoyo_check_open_permission(s->domain_info,
110 &bprm->file->f_path, O_RDONLY);
111}
112
113
114
115
116
117
118
119
120static int tomoyo_inode_getattr(const struct path *path)
121{
122 return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL);
123}
124
125
126
127
128
129
130
131
132static int tomoyo_path_truncate(const struct path *path)
133{
134 return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
135}
136
137
138
139
140
141
142
143
144
145static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry)
146{
147 struct path path = { .mnt = parent->mnt, .dentry = dentry };
148
149 return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
150}
151
152
153
154
155
156
157
158
159
160
161static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry,
162 umode_t mode)
163{
164 struct path path = { .mnt = parent->mnt, .dentry = dentry };
165
166 return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
167 mode & S_IALLUGO);
168}
169
170
171
172
173
174
175
176
177
178static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry)
179{
180 struct path path = { .mnt = parent->mnt, .dentry = dentry };
181
182 return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
183}
184
185
186
187
188
189
190
191
192
193
194static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry,
195 const char *old_name)
196{
197 struct path path = { .mnt = parent->mnt, .dentry = dentry };
198
199 return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
200}
201
202
203
204
205
206
207
208
209
210
211
212static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry,
213 umode_t mode, unsigned int dev)
214{
215 struct path path = { .mnt = parent->mnt, .dentry = dentry };
216 int type = TOMOYO_TYPE_CREATE;
217 const unsigned int perm = mode & S_IALLUGO;
218
219 switch (mode & S_IFMT) {
220 case S_IFCHR:
221 type = TOMOYO_TYPE_MKCHAR;
222 break;
223 case S_IFBLK:
224 type = TOMOYO_TYPE_MKBLOCK;
225 break;
226 default:
227 goto no_dev;
228 }
229 return tomoyo_mkdev_perm(type, &path, perm, dev);
230 no_dev:
231 switch (mode & S_IFMT) {
232 case S_IFIFO:
233 type = TOMOYO_TYPE_MKFIFO;
234 break;
235 case S_IFSOCK:
236 type = TOMOYO_TYPE_MKSOCK;
237 break;
238 }
239 return tomoyo_path_number_perm(type, &path, perm);
240}
241
242
243
244
245
246
247
248
249
250
251static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir,
252 struct dentry *new_dentry)
253{
254 struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
255 struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };
256
257 return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
258}
259
260
261
262
263
264
265
266
267
268
269
270static int tomoyo_path_rename(const struct path *old_parent,
271 struct dentry *old_dentry,
272 const struct path *new_parent,
273 struct dentry *new_dentry)
274{
275 struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
276 struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };
277
278 return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
279}
280
281
282
283
284
285
286
287
288
289
290static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
291 unsigned long arg)
292{
293 if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
294 return 0;
295 return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
296 O_WRONLY | (arg & O_APPEND));
297}
298
299
300
301
302
303
304
305
306static int tomoyo_file_open(struct file *f)
307{
308
309 if (current->in_execve)
310 return 0;
311 return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path,
312 f->f_flags);
313}
314
315
316
317
318
319
320
321
322
323
324static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
325 unsigned long arg)
326{
327 return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
328}
329
330
331
332
333
334
335
336
337
338static int tomoyo_path_chmod(const struct path *path, umode_t mode)
339{
340 return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
341 mode & S_IALLUGO);
342}
343
344
345
346
347
348
349
350
351
352
353static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
354{
355 int error = 0;
356
357 if (uid_valid(uid))
358 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path,
359 from_kuid(&init_user_ns, uid));
360 if (!error && gid_valid(gid))
361 error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path,
362 from_kgid(&init_user_ns, gid));
363 return error;
364}
365
366
367
368
369
370
371
372
373static int tomoyo_path_chroot(const struct path *path)
374{
375 return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
376}
377
378
379
380
381
382
383
384
385
386
387
388
389static int tomoyo_sb_mount(const char *dev_name, const struct path *path,
390 const char *type, unsigned long flags, void *data)
391{
392 return tomoyo_mount_permission(dev_name, path, type, flags, data);
393}
394
395
396
397
398
399
400
401
402
403static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
404{
405 struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
406
407 return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
408}
409
410
411
412
413
414
415
416
417
418static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path)
419{
420 return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
421}
422
423
424
425
426
427
428
429
430
431static int tomoyo_socket_listen(struct socket *sock, int backlog)
432{
433 return tomoyo_socket_listen_permission(sock);
434}
435
436
437
438
439
440
441
442
443
444
445static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr,
446 int addr_len)
447{
448 return tomoyo_socket_connect_permission(sock, addr, addr_len);
449}
450
451
452
453
454
455
456
457
458
459
460static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr,
461 int addr_len)
462{
463 return tomoyo_socket_bind_permission(sock, addr, addr_len);
464}
465
466
467
468
469
470
471
472
473
474
475static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
476 int size)
477{
478 return tomoyo_socket_sendmsg_permission(sock, msg, size);
479}
480
481struct lsm_blob_sizes tomoyo_blob_sizes __lsm_ro_after_init = {
482 .lbs_task = sizeof(struct tomoyo_task),
483};
484
485
486
487
488
489
490
491
492
493static int tomoyo_task_alloc(struct task_struct *task,
494 unsigned long clone_flags)
495{
496 struct tomoyo_task *old = tomoyo_task(current);
497 struct tomoyo_task *new = tomoyo_task(task);
498
499 new->domain_info = old->domain_info;
500 atomic_inc(&new->domain_info->users);
501 new->old_domain_info = NULL;
502 return 0;
503}
504
505
506
507
508
509
510static void tomoyo_task_free(struct task_struct *task)
511{
512 struct tomoyo_task *s = tomoyo_task(task);
513
514 if (s->domain_info) {
515 atomic_dec(&s->domain_info->users);
516 s->domain_info = NULL;
517 }
518 if (s->old_domain_info) {
519 atomic_dec(&s->old_domain_info->users);
520 s->old_domain_info = NULL;
521 }
522}
523
524
525
526
527
528static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
529 LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare),
530 LSM_HOOK_INIT(bprm_committed_creds, tomoyo_bprm_committed_creds),
531 LSM_HOOK_INIT(task_alloc, tomoyo_task_alloc),
532 LSM_HOOK_INIT(task_free, tomoyo_task_free),
533#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
534 LSM_HOOK_INIT(bprm_creds_for_exec, tomoyo_bprm_creds_for_exec),
535#endif
536 LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security),
537 LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl),
538 LSM_HOOK_INIT(file_open, tomoyo_file_open),
539 LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate),
540 LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink),
541 LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir),
542 LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir),
543 LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink),
544 LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod),
545 LSM_HOOK_INIT(path_link, tomoyo_path_link),
546 LSM_HOOK_INIT(path_rename, tomoyo_path_rename),
547 LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr),
548 LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl),
549 LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod),
550 LSM_HOOK_INIT(path_chown, tomoyo_path_chown),
551 LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot),
552 LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount),
553 LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount),
554 LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot),
555 LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind),
556 LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect),
557 LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen),
558 LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg),
559};
560
561
562DEFINE_SRCU(tomoyo_ss);
563
564int tomoyo_enabled __lsm_ro_after_init = 1;
565
566
567
568
569
570
571static int __init tomoyo_init(void)
572{
573 struct tomoyo_task *s = tomoyo_task(current);
574
575
576 security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
577 pr_info("TOMOYO Linux initialized\n");
578 s->domain_info = &tomoyo_kernel_domain;
579 atomic_inc(&tomoyo_kernel_domain.users);
580 s->old_domain_info = NULL;
581 tomoyo_mm_init();
582
583 return 0;
584}
585
586DEFINE_LSM(tomoyo) = {
587 .name = "tomoyo",
588 .enabled = &tomoyo_enabled,
589 .flags = LSM_FLAG_LEGACY_MAJOR,
590 .blobs = &tomoyo_blob_sizes,
591 .init = tomoyo_init,
592};
593