[thirdparty/kernel/stable.git] / security / tomoyo / tomoyo.c

// SPDX-License-Identifier: GPL-2.0
/*
 * security/tomoyo/tomoyo.c
 *
 * Copyright (C) 2005-2011  NTT DATA CORPORATION
 */

#include <linux/lsm_hooks.h>
#include "common.h"

/**
 * tomoyo_domain - Get "struct tomoyo_domain_info" for current thread.
 *
 * Returns pointer to "struct tomoyo_domain_info" for current thread.
 */
struct tomoyo_domain_info *tomoyo_domain(void)
{
	struct tomoyo_task *s = tomoyo_task(current);

	if (s->old_domain_info && !current->in_execve) {
		atomic_dec(&s->old_domain_info->users);
		s->old_domain_info = NULL;
	}
	return s->domain_info;
}

/**
 * tomoyo_cred_prepare - Target for security_prepare_creds().
 *
 * @new: Pointer to "struct cred".
 * @old: Pointer to "struct cred".
 * @gfp: Memory allocation flags.
 *
 * Returns 0.
 */
static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
			       gfp_t gfp)
{
	/* Restore old_domain_info saved by previous execve() request. */
	struct tomoyo_task *s = tomoyo_task(current);

	if (s->old_domain_info && !current->in_execve) {
		atomic_dec(&s->domain_info->users);
		s->domain_info = s->old_domain_info;
		s->old_domain_info = NULL;
	}
	return 0;
}

/**
 * tomoyo_bprm_committed_creds - Target for security_bprm_committed_creds().
 *
 * @bprm: Pointer to "struct linux_binprm".
 */
static void tomoyo_bprm_committed_creds(struct linux_binprm *bprm)
{
	/* Clear old_domain_info saved by execve() request. */
	struct tomoyo_task *s = tomoyo_task(current);

	atomic_dec(&s->old_domain_info->users);
	s->old_domain_info = NULL;
}

#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
/**
 * tomoyo_bprm_set_creds - Target for security_bprm_set_creds().
 *
 * @bprm: Pointer to "struct linux_binprm".
 *
 * Returns 0.
 */
static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
{
	/*
	 * Do only if this function is called for the first time of an execve
	 * operation.
	 */
	if (bprm->called_set_creds)
		return 0;
	/*
	 * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
	 * for the first time.
	 */
	if (!tomoyo_policy_loaded)
		tomoyo_load_policy(bprm->filename);
	return 0;
}
#endif

/**
 * tomoyo_bprm_check_security - Target for security_bprm_check().
 *
 * @bprm: Pointer to "struct linux_binprm".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
{
	struct tomoyo_task *s = tomoyo_task(current);

	/*
	 * Execute permission is checked against pathname passed to do_execve()
	 * using current domain.
	 */
	if (!s->old_domain_info) {
		const int idx = tomoyo_read_lock();
		const int err = tomoyo_find_next_domain(bprm);

		tomoyo_read_unlock(idx);
		return err;
	}
	/*
	 * Read permission is checked against interpreters using next domain.
	 */
	return tomoyo_check_open_permission(s->domain_info,
					    &bprm->file->f_path, O_RDONLY);
}

/**
 * tomoyo_inode_getattr - Target for security_inode_getattr().
 *
 * @mnt:    Pointer to "struct vfsmount".
 * @dentry: Pointer to "struct dentry".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_inode_getattr(const struct path *path)
{
	return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL);
}

/**
 * tomoyo_path_truncate - Target for security_path_truncate().
 *
 * @path: Pointer to "struct path".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_truncate(const struct path *path)
{
	return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
}

/**
 * tomoyo_path_unlink - Target for security_path_unlink().
 *
 * @parent: Pointer to "struct path".
 * @dentry: Pointer to "struct dentry".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry)
{
	struct path path = { .mnt = parent->mnt, .dentry = dentry };

	return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
}

/**
 * tomoyo_path_mkdir - Target for security_path_mkdir().
 *
 * @parent: Pointer to "struct path".
 * @dentry: Pointer to "struct dentry".
 * @mode:   DAC permission mode.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry,
			     umode_t mode)
{
	struct path path = { .mnt = parent->mnt, .dentry = dentry };

	return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
				       mode & S_IALLUGO);
}

/**
 * tomoyo_path_rmdir - Target for security_path_rmdir().
 *
 * @parent: Pointer to "struct path".
 * @dentry: Pointer to "struct dentry".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry)
{
	struct path path = { .mnt = parent->mnt, .dentry = dentry };

	return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
}

/**
 * tomoyo_path_symlink - Target for security_path_symlink().
 *
 * @parent:   Pointer to "struct path".
 * @dentry:   Pointer to "struct dentry".
 * @old_name: Symlink's content.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry,
			       const char *old_name)
{
	struct path path = { .mnt = parent->mnt, .dentry = dentry };

	return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
}

/**
 * tomoyo_path_mknod - Target for security_path_mknod().
 *
 * @parent: Pointer to "struct path".
 * @dentry: Pointer to "struct dentry".
 * @mode:   DAC permission mode.
 * @dev:    Device attributes.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry,
			     umode_t mode, unsigned int dev)
{
	struct path path = { .mnt = parent->mnt, .dentry = dentry };
	int type = TOMOYO_TYPE_CREATE;
	const unsigned int perm = mode & S_IALLUGO;

	switch (mode & S_IFMT) {
	case S_IFCHR:
		type = TOMOYO_TYPE_MKCHAR;
		break;
	case S_IFBLK:
		type = TOMOYO_TYPE_MKBLOCK;
		break;
	default:
		goto no_dev;
	}
	return tomoyo_mkdev_perm(type, &path, perm, dev);
 no_dev:
	switch (mode & S_IFMT) {
	case S_IFIFO:
		type = TOMOYO_TYPE_MKFIFO;
		break;
	case S_IFSOCK:
		type = TOMOYO_TYPE_MKSOCK;
		break;
	}
	return tomoyo_path_number_perm(type, &path, perm);
}

/**
 * tomoyo_path_link - Target for security_path_link().
 *
 * @old_dentry: Pointer to "struct dentry".
 * @new_dir:    Pointer to "struct path".
 * @new_dentry: Pointer to "struct dentry".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir,
			    struct dentry *new_dentry)
{
	struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
	struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };

	return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
}

/**
 * tomoyo_path_rename - Target for security_path_rename().
 *
 * @old_parent: Pointer to "struct path".
 * @old_dentry: Pointer to "struct dentry".
 * @new_parent: Pointer to "struct path".
 * @new_dentry: Pointer to "struct dentry".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_rename(const struct path *old_parent,
			      struct dentry *old_dentry,
			      const struct path *new_parent,
			      struct dentry *new_dentry)
{
	struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
	struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };

	return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
}

/**
 * tomoyo_file_fcntl - Target for security_file_fcntl().
 *
 * @file: Pointer to "struct file".
 * @cmd:  Command for fcntl().
 * @arg:  Argument for @cmd.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
			     unsigned long arg)
{
	if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
		return 0;
	return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
					    O_WRONLY | (arg & O_APPEND));
}

/**
 * tomoyo_file_open - Target for security_file_open().
 *
 * @f:    Pointer to "struct file".
 * @cred: Pointer to "struct cred".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_file_open(struct file *f)
{
	/* Don't check read permission here if called from do_execve(). */
	if (current->in_execve)
		return 0;
	return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path,
					    f->f_flags);
}

/**
 * tomoyo_file_ioctl - Target for security_file_ioctl().
 *
 * @file: Pointer to "struct file".
 * @cmd:  Command for ioctl().
 * @arg:  Argument for @cmd.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
			     unsigned long arg)
{
	return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
}

/**
 * tomoyo_path_chmod - Target for security_path_chmod().
 *
 * @path: Pointer to "struct path".
 * @mode: DAC permission mode.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_chmod(const struct path *path, umode_t mode)
{
	return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
				       mode & S_IALLUGO);
}

/**
 * tomoyo_path_chown - Target for security_path_chown().
 *
 * @path: Pointer to "struct path".
 * @uid:  Owner ID.
 * @gid:  Group ID.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
	int error = 0;

	if (uid_valid(uid))
		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path,
						from_kuid(&init_user_ns, uid));
	if (!error && gid_valid(gid))
		error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path,
						from_kgid(&init_user_ns, gid));
	return error;
}

/**
 * tomoyo_path_chroot - Target for security_path_chroot().
 *
 * @path: Pointer to "struct path".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_path_chroot(const struct path *path)
{
	return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
}

/**
 * tomoyo_sb_mount - Target for security_sb_mount().
 *
 * @dev_name: Name of device file. Maybe NULL.
 * @path:     Pointer to "struct path".
 * @type:     Name of filesystem type. Maybe NULL.
 * @flags:    Mount options.
 * @data:     Optional data. Maybe NULL.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_sb_mount(const char *dev_name, const struct path *path,
			   const char *type, unsigned long flags, void *data)
{
	return tomoyo_mount_permission(dev_name, path, type, flags, data);
}

/**
 * tomoyo_sb_umount - Target for security_sb_umount().
 *
 * @mnt:   Pointer to "struct vfsmount".
 * @flags: Unmount options.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
{
	struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };

	return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
}

/**
 * tomoyo_sb_pivotroot - Target for security_sb_pivotroot().
 *
 * @old_path: Pointer to "struct path".
 * @new_path: Pointer to "struct path".
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path)
{
	return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
}

/**
 * tomoyo_socket_listen - Check permission for listen().
 *
 * @sock:    Pointer to "struct socket".
 * @backlog: Backlog parameter.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_socket_listen(struct socket *sock, int backlog)
{
	return tomoyo_socket_listen_permission(sock);
}

/**
 * tomoyo_socket_connect - Check permission for connect().
 *
 * @sock:     Pointer to "struct socket".
 * @addr:     Pointer to "struct sockaddr".
 * @addr_len: Size of @addr.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr,
				 int addr_len)
{
	return tomoyo_socket_connect_permission(sock, addr, addr_len);
}

/**
 * tomoyo_socket_bind - Check permission for bind().
 *
 * @sock:     Pointer to "struct socket".
 * @addr:     Pointer to "struct sockaddr".
 * @addr_len: Size of @addr.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr,
			      int addr_len)
{
	return tomoyo_socket_bind_permission(sock, addr, addr_len);
}

/**
 * tomoyo_socket_sendmsg - Check permission for sendmsg().
 *
 * @sock: Pointer to "struct socket".
 * @msg:  Pointer to "struct msghdr".
 * @size: Size of message.
 *
 * Returns 0 on success, negative value otherwise.
 */
static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
				 int size)
{
	return tomoyo_socket_sendmsg_permission(sock, msg, size);
}

struct lsm_blob_sizes tomoyo_blob_sizes __lsm_ro_after_init = {
	.lbs_task = sizeof(struct tomoyo_task),
};

/**
 * tomoyo_task_alloc - Target for security_task_alloc().
 *
 * @task:  Pointer to "struct task_struct".
 * @flags: clone() flags.
 *
 * Returns 0.
 */
static int tomoyo_task_alloc(struct task_struct *task,
			     unsigned long clone_flags)
{
	struct tomoyo_task *old = tomoyo_task(current);
	struct tomoyo_task *new = tomoyo_task(task);

	new->domain_info = old->domain_info;
	atomic_inc(&new->domain_info->users);
	new->old_domain_info = NULL;
	return 0;
}

/**
 * tomoyo_task_free - Target for security_task_free().
 *
 * @task: Pointer to "struct task_struct".
 */
static void tomoyo_task_free(struct task_struct *task)
{
	struct tomoyo_task *s = tomoyo_task(task);

	if (s->domain_info) {
		atomic_dec(&s->domain_info->users);
		s->domain_info = NULL;
	}
	if (s->old_domain_info) {
		atomic_dec(&s->old_domain_info->users);
		s->old_domain_info = NULL;
	}
}

/*
 * tomoyo_security_ops is a "struct security_operations" which is used for
 * registering TOMOYO.
 */
static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
	LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare),
	LSM_HOOK_INIT(bprm_committed_creds, tomoyo_bprm_committed_creds),
	LSM_HOOK_INIT(task_alloc, tomoyo_task_alloc),
	LSM_HOOK_INIT(task_free, tomoyo_task_free),
#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
	LSM_HOOK_INIT(bprm_set_creds, tomoyo_bprm_set_creds),
#endif
	LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security),
	LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl),
	LSM_HOOK_INIT(file_open, tomoyo_file_open),
	LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate),
	LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink),
	LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir),
	LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir),
	LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink),
	LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod),
	LSM_HOOK_INIT(path_link, tomoyo_path_link),
	LSM_HOOK_INIT(path_rename, tomoyo_path_rename),
	LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr),
	LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl),
	LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod),
	LSM_HOOK_INIT(path_chown, tomoyo_path_chown),
	LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot),
	LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount),
	LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount),
	LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot),
	LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind),
	LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect),
	LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen),
	LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg),
};

/* Lock for GC. */
DEFINE_SRCU(tomoyo_ss);

int tomoyo_enabled __lsm_ro_after_init = 1;

/**
 * tomoyo_init - Register TOMOYO Linux as a LSM module.
 *
 * Returns 0.
 */
static int __init tomoyo_init(void)
{
	struct tomoyo_task *s = tomoyo_task(current);

	/* register ourselves with the security framework */
	security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
	pr_info("TOMOYO Linux initialized\n");
	s->domain_info = &tomoyo_kernel_domain;
	atomic_inc(&tomoyo_kernel_domain.users);
	s->old_domain_info = NULL;
	tomoyo_mm_init();

	return 0;
}

DEFINE_LSM(tomoyo) = {
	.name = "tomoyo",
	.enabled = &tomoyo_enabled,
	.flags = LSM_FLAG_LEGACY_MAJOR,
	.blobs = &tomoyo_blob_sizes,
	.init = tomoyo_init,
};
Commit	Line	Data
b2441318	1	// SPDX-License-Identifier: GPL-2.0
f7433243 KT	2	/*
	3	* security/tomoyo/tomoyo.c
	4	*
0f2a55d5	5	* Copyright (C) 2005-2011 NTT DATA CORPORATION
f7433243 KT	6	*/
f7433243 KT	7
3c4ed7bd	8	#include <linux/lsm_hooks.h>
f7433243	9	#include "common.h"
f7433243	10
0f2a55d5	11	/**
8c6cb983	12	* tomoyo_domain - Get "struct tomoyo_domain_info" for current thread.
0f2a55d5	13	*
8c6cb983	14	* Returns pointer to "struct tomoyo_domain_info" for current thread.
0f2a55d5	15	*/
8c6cb983	16	struct tomoyo_domain_info *tomoyo_domain(void)
ee18d64c	17	{
8c6cb983	18	struct tomoyo_task *s = tomoyo_task(current);
43fc4609	19
8c6cb983 TH	20	if (s->old_domain_info && !current->in_execve) {
	21	atomic_dec(&s->old_domain_info->users);
	22	s->old_domain_info = NULL;
	23	}
	24	return s->domain_info;
ee18d64c DH	25	}
ee18d64c DH	26
0f2a55d5 TH	27	/**
	28	* tomoyo_cred_prepare - Target for security_prepare_creds().
	29	*
	30	* @new: Pointer to "struct cred".
	31	* @old: Pointer to "struct cred".
	32	* @gfp: Memory allocation flags.
	33	*
	34	* Returns 0.
	35	*/
f7433243 KT	36	static int tomoyo_cred_prepare(struct cred new, const struct cred old,
	37	gfp_t gfp)
	38	{
8c6cb983 TH	39	/* Restore old_domain_info saved by previous execve() request. */
8c6cb983 TH	40	struct tomoyo_task *s = tomoyo_task(current);
43fc4609	41
8c6cb983 TH	42	if (s->old_domain_info && !current->in_execve) {
	43	atomic_dec(&s->domain_info->users);
	44	s->domain_info = s->old_domain_info;
	45	s->old_domain_info = NULL;
	46	}
f7433243 KT	47	return 0;
	48	}
	49
0f2a55d5	50	/**
8c6cb983	51	* tomoyo_bprm_committed_creds - Target for security_bprm_committed_creds().
0f2a55d5	52	*
8c6cb983	53	* @bprm: Pointer to "struct linux_binprm".
0f2a55d5	54	*/
8c6cb983	55	static void tomoyo_bprm_committed_creds(struct linux_binprm *bprm)
ec8e6a4e	56	{
8c6cb983 TH	57	/* Clear old_domain_info saved by execve() request. */
8c6cb983 TH	58	struct tomoyo_task *s = tomoyo_task(current);
43fc4609	59
8c6cb983 TH	60	atomic_dec(&s->old_domain_info->users);
8c6cb983 TH	61	s->old_domain_info = NULL;
ee18d64c DH	62	}
ee18d64c DH	63
8c6cb983	64	#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
0f2a55d5 TH	65	/**
	66	* tomoyo_bprm_set_creds - Target for security_bprm_set_creds().
	67	*
	68	* @bprm: Pointer to "struct linux_binprm".
	69	*
8c6cb983	70	* Returns 0.
0f2a55d5	71	*/
f7433243 KT	72	static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
	73	{
	74	/*
	75	* Do only if this function is called for the first time of an execve
	76	* operation.
	77	*/
ddb4a144	78	if (bprm->called_set_creds)
f7433243 KT	79	return 0;
	80	/*
	81	* Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
	82	* for the first time.
	83	*/
	84	if (!tomoyo_policy_loaded)
	85	tomoyo_load_policy(bprm->filename);
f7433243 KT	86	return 0;
f7433243 KT	87	}
8c6cb983	88	#endif
f7433243	89
0f2a55d5 TH	90	/**
	91	* tomoyo_bprm_check_security - Target for security_bprm_check().
	92	*
	93	* @bprm: Pointer to "struct linux_binprm".
	94	*
	95	* Returns 0 on success, negative value otherwise.
	96	*/
f7433243 KT	97	static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
f7433243 KT	98	{
8c6cb983	99	struct tomoyo_task *s = tomoyo_task(current);
f7433243 KT	100
	101	/*
	102	* Execute permission is checked against pathname passed to do_execve()
	103	* using current domain.
	104	*/
8c6cb983	105	if (!s->old_domain_info) {
fdb8ebb7 TH	106	const int idx = tomoyo_read_lock();
fdb8ebb7 TH	107	const int err = tomoyo_find_next_domain(bprm);
cdcf6723	108
fdb8ebb7 TH	109	tomoyo_read_unlock(idx);
	110	return err;
	111	}
f7433243 KT	112	/*
f7433243 KT	113	* Read permission is checked against interpreters using next domain.
f7433243	114	*/
8c6cb983 TH	115	return tomoyo_check_open_permission(s->domain_info,
8c6cb983 TH	116	&bprm->file->f_path, O_RDONLY);
f7433243 KT	117	}
f7433243 KT	118
0f2a55d5 TH	119	/**
	120	* tomoyo_inode_getattr - Target for security_inode_getattr().
	121	*
	122	* @mnt: Pointer to "struct vfsmount".
	123	* @dentry: Pointer to "struct dentry".
	124	*
	125	* Returns 0 on success, negative value otherwise.
	126	*/
3f7036a0	127	static int tomoyo_inode_getattr(const struct path *path)
7c75964f	128	{
3f7036a0	129	return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL);
7c75964f TH	130	}
7c75964f TH	131
0f2a55d5 TH	132	/**
	133	* tomoyo_path_truncate - Target for security_path_truncate().
	134	*
	135	* @path: Pointer to "struct path".
	136	*
	137	* Returns 0 on success, negative value otherwise.
	138	*/
81f4c506	139	static int tomoyo_path_truncate(const struct path *path)
f7433243	140	{
97fb35e4	141	return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
f7433243 KT	142	}
f7433243 KT	143
0f2a55d5 TH	144	/**
	145	* tomoyo_path_unlink - Target for security_path_unlink().
	146	*
	147	* @parent: Pointer to "struct path".
	148	* @dentry: Pointer to "struct dentry".
	149	*
	150	* Returns 0 on success, negative value otherwise.
	151	*/
989f74e0	152	static int tomoyo_path_unlink(const struct path parent, struct dentry dentry)
f7433243	153	{
8291798d	154	struct path path = { .mnt = parent->mnt, .dentry = dentry };
cdcf6723	155
97fb35e4	156	return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
f7433243 KT	157	}
f7433243 KT	158
0f2a55d5 TH	159	/**
	160	* tomoyo_path_mkdir - Target for security_path_mkdir().
	161	*
	162	* @parent: Pointer to "struct path".
	163	* @dentry: Pointer to "struct dentry".
	164	* @mode: DAC permission mode.
	165	*
	166	* Returns 0 on success, negative value otherwise.
	167	*/
d3607752	168	static int tomoyo_path_mkdir(const struct path parent, struct dentry dentry,
4572befe	169	umode_t mode)
f7433243	170	{
8291798d	171	struct path path = { .mnt = parent->mnt, .dentry = dentry };
cdcf6723	172
a1f9bb6a TH	173	return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path,
a1f9bb6a TH	174	mode & S_IALLUGO);
f7433243 KT	175	}
f7433243 KT	176
0f2a55d5 TH	177	/**
	178	* tomoyo_path_rmdir - Target for security_path_rmdir().
	179	*
	180	* @parent: Pointer to "struct path".
	181	* @dentry: Pointer to "struct dentry".
	182	*
	183	* Returns 0 on success, negative value otherwise.
	184	*/
989f74e0	185	static int tomoyo_path_rmdir(const struct path parent, struct dentry dentry)
f7433243	186	{
8291798d	187	struct path path = { .mnt = parent->mnt, .dentry = dentry };
cdcf6723	188
97fb35e4	189	return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
f7433243 KT	190	}
f7433243 KT	191
0f2a55d5 TH	192	/**
	193	* tomoyo_path_symlink - Target for security_path_symlink().
	194	*
	195	* @parent: Pointer to "struct path".
	196	* @dentry: Pointer to "struct dentry".
	197	* @old_name: Symlink's content.
	198	*
	199	* Returns 0 on success, negative value otherwise.
	200	*/
d3607752	201	static int tomoyo_path_symlink(const struct path parent, struct dentry dentry,
f7433243 KT	202	const char *old_name)
f7433243 KT	203	{
8291798d	204	struct path path = { .mnt = parent->mnt, .dentry = dentry };
cdcf6723	205
97fb35e4	206	return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
f7433243 KT	207	}
f7433243 KT	208
0f2a55d5 TH	209	/**
	210	* tomoyo_path_mknod - Target for security_path_mknod().
	211	*
	212	* @parent: Pointer to "struct path".
	213	* @dentry: Pointer to "struct dentry".
	214	* @mode: DAC permission mode.
	215	* @dev: Device attributes.
	216	*
	217	* Returns 0 on success, negative value otherwise.
	218	*/
d3607752	219	static int tomoyo_path_mknod(const struct path parent, struct dentry dentry,
04fc66e7	220	umode_t mode, unsigned int dev)
f7433243	221	{
8291798d	222	struct path path = { .mnt = parent->mnt, .dentry = dentry };
7ef61233	223	int type = TOMOYO_TYPE_CREATE;
a1f9bb6a	224	const unsigned int perm = mode & S_IALLUGO;
f7433243 KT	225
	226	switch (mode & S_IFMT) {
	227	case S_IFCHR:
7ef61233	228	type = TOMOYO_TYPE_MKCHAR;
f7433243 KT	229	break;
f7433243 KT	230	case S_IFBLK:
7ef61233	231	type = TOMOYO_TYPE_MKBLOCK;
f7433243	232	break;
a1f9bb6a TH	233	default:
	234	goto no_dev;
	235	}
75093152	236	return tomoyo_mkdev_perm(type, &path, perm, dev);
a1f9bb6a TH	237	no_dev:
a1f9bb6a TH	238	switch (mode & S_IFMT) {
f7433243	239	case S_IFIFO:
7ef61233	240	type = TOMOYO_TYPE_MKFIFO;
f7433243 KT	241	break;
f7433243 KT	242	case S_IFSOCK:
7ef61233	243	type = TOMOYO_TYPE_MKSOCK;
f7433243 KT	244	break;
f7433243 KT	245	}
a1f9bb6a	246	return tomoyo_path_number_perm(type, &path, perm);
f7433243 KT	247	}
f7433243 KT	248
0f2a55d5 TH	249	/**
	250	* tomoyo_path_link - Target for security_path_link().
	251	*
	252	* @old_dentry: Pointer to "struct dentry".
	253	* @new_dir: Pointer to "struct path".
	254	* @new_dentry: Pointer to "struct dentry".
	255	*
	256	* Returns 0 on success, negative value otherwise.
	257	*/
3ccee46a	258	static int tomoyo_path_link(struct dentry old_dentry, const struct path new_dir,
f7433243 KT	259	struct dentry *new_dentry)
f7433243 KT	260	{
8291798d KC	261	struct path path1 = { .mnt = new_dir->mnt, .dentry = old_dentry };
8291798d KC	262	struct path path2 = { .mnt = new_dir->mnt, .dentry = new_dentry };
cdcf6723	263
97d6931e	264	return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2);
f7433243 KT	265	}
f7433243 KT	266
0f2a55d5 TH	267	/**
	268	* tomoyo_path_rename - Target for security_path_rename().
	269	*
	270	* @old_parent: Pointer to "struct path".
	271	* @old_dentry: Pointer to "struct dentry".
	272	* @new_parent: Pointer to "struct path".
	273	* @new_dentry: Pointer to "struct dentry".
	274	*
	275	* Returns 0 on success, negative value otherwise.
	276	*/
3ccee46a	277	static int tomoyo_path_rename(const struct path *old_parent,
f7433243	278	struct dentry *old_dentry,
3ccee46a	279	const struct path *new_parent,
f7433243 KT	280	struct dentry *new_dentry)
f7433243 KT	281	{
8291798d KC	282	struct path path1 = { .mnt = old_parent->mnt, .dentry = old_dentry };
8291798d KC	283	struct path path2 = { .mnt = new_parent->mnt, .dentry = new_dentry };
cdcf6723	284
97d6931e	285	return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2);
f7433243 KT	286	}
f7433243 KT	287
0f2a55d5 TH	288	/**
	289	* tomoyo_file_fcntl - Target for security_file_fcntl().
	290	*
	291	* @file: Pointer to "struct file".
	292	* @cmd: Command for fcntl().
	293	* @arg: Argument for @cmd.
	294	*
	295	* Returns 0 on success, negative value otherwise.
	296	*/
f7433243 KT	297	static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
	298	unsigned long arg)
	299	{
7c75964f TH	300	if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
	301	return 0;
	302	return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
	303	O_WRONLY \| (arg & O_APPEND));
f7433243 KT	304	}
f7433243 KT	305
0f2a55d5	306	/**
83d49856	307	* tomoyo_file_open - Target for security_file_open().
0f2a55d5 TH	308	*
	309	* @f: Pointer to "struct file".
	310	* @cred: Pointer to "struct cred".
	311	*
	312	* Returns 0 on success, negative value otherwise.
	313	*/
94817692	314	static int tomoyo_file_open(struct file *f)
f7433243	315	{
f7433243 KT	316	/* Don't check read permission here if called from do_execve(). */
	317	if (current->in_execve)
	318	return 0;
cdcf6723 TH	319	return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path,
cdcf6723 TH	320	f->f_flags);
f7433243 KT	321	}
f7433243 KT	322
0f2a55d5 TH	323	/**
	324	* tomoyo_file_ioctl - Target for security_file_ioctl().
	325	*
	326	* @file: Pointer to "struct file".
	327	* @cmd: Command for ioctl().
	328	* @arg: Argument for @cmd.
	329	*
	330	* Returns 0 on success, negative value otherwise.
	331	*/
937bf613 TH	332	static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
	333	unsigned long arg)
	334	{
a1f9bb6a	335	return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd);
937bf613 TH	336	}
937bf613 TH	337
0f2a55d5 TH	338	/**
	339	* tomoyo_path_chmod - Target for security_path_chmod().
	340	*
cdcf116d AV	341	* @path: Pointer to "struct path".
cdcf116d AV	342	* @mode: DAC permission mode.
0f2a55d5 TH	343	*
	344	* Returns 0 on success, negative value otherwise.
	345	*/
be01f9f2	346	static int tomoyo_path_chmod(const struct path *path, umode_t mode)
937bf613	347	{
cdcf116d	348	return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
a1f9bb6a	349	mode & S_IALLUGO);
937bf613 TH	350	}
937bf613 TH	351
0f2a55d5 TH	352	/**
	353	* tomoyo_path_chown - Target for security_path_chown().
	354	*
	355	* @path: Pointer to "struct path".
	356	* @uid: Owner ID.
	357	* @gid: Group ID.
	358	*
	359	* Returns 0 on success, negative value otherwise.
	360	*/
7fd25dac	361	static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
937bf613 TH	362	{
937bf613 TH	363	int error = 0;
cdcf6723	364
d2b31ca6 EB	365	if (uid_valid(uid))
	366	error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path,
	367	from_kuid(&init_user_ns, uid));
	368	if (!error && gid_valid(gid))
	369	error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path,
	370	from_kgid(&init_user_ns, gid));
937bf613 TH	371	return error;
	372	}
	373
0f2a55d5 TH	374	/**
	375	* tomoyo_path_chroot - Target for security_path_chroot().
	376	*
	377	* @path: Pointer to "struct path".
	378	*
	379	* Returns 0 on success, negative value otherwise.
	380	*/
77b286c0	381	static int tomoyo_path_chroot(const struct path *path)
937bf613	382	{
97fb35e4	383	return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
937bf613 TH	384	}
937bf613 TH	385
0f2a55d5 TH	386	/**
	387	* tomoyo_sb_mount - Target for security_sb_mount().
	388	*
	389	* @dev_name: Name of device file. Maybe NULL.
	390	* @path: Pointer to "struct path".
	391	* @type: Name of filesystem type. Maybe NULL.
	392	* @flags: Mount options.
	393	* @data: Optional data. Maybe NULL.
	394	*
	395	* Returns 0 on success, negative value otherwise.
	396	*/
8a04c43b	397	static int tomoyo_sb_mount(const char dev_name, const struct path path,
808d4e3c	398	const char type, unsigned long flags, void data)
937bf613	399	{
2106ccd9	400	return tomoyo_mount_permission(dev_name, path, type, flags, data);
937bf613 TH	401	}
937bf613 TH	402
0f2a55d5 TH	403	/**
	404	* tomoyo_sb_umount - Target for security_sb_umount().
	405	*
	406	* @mnt: Pointer to "struct vfsmount".
	407	* @flags: Unmount options.
	408	*
	409	* Returns 0 on success, negative value otherwise.
	410	*/
937bf613 TH	411	static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
937bf613 TH	412	{
8291798d	413	struct path path = { .mnt = mnt, .dentry = mnt->mnt_root };
cdcf6723	414
97fb35e4	415	return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
937bf613 TH	416	}
937bf613 TH	417
0f2a55d5 TH	418	/**
	419	* tomoyo_sb_pivotroot - Target for security_sb_pivotroot().
	420	*
	421	* @old_path: Pointer to "struct path".
	422	* @new_path: Pointer to "struct path".
	423	*
	424	* Returns 0 on success, negative value otherwise.
	425	*/
3b73b68c	426	static int tomoyo_sb_pivotroot(const struct path old_path, const struct path new_path)
937bf613	427	{
97d6931e	428	return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
937bf613 TH	429	}
937bf613 TH	430
059d84db TH	431	/**
	432	* tomoyo_socket_listen - Check permission for listen().
	433	*
	434	* @sock: Pointer to "struct socket".
	435	* @backlog: Backlog parameter.
	436	*
	437	* Returns 0 on success, negative value otherwise.
	438	*/
	439	static int tomoyo_socket_listen(struct socket *sock, int backlog)
	440	{
	441	return tomoyo_socket_listen_permission(sock);
	442	}
	443
	444	/**
	445	* tomoyo_socket_connect - Check permission for connect().
	446	*
	447	* @sock: Pointer to "struct socket".
	448	* @addr: Pointer to "struct sockaddr".
	449	* @addr_len: Size of @addr.
	450	*
	451	* Returns 0 on success, negative value otherwise.
	452	*/
	453	static int tomoyo_socket_connect(struct socket sock, struct sockaddr addr,
	454	int addr_len)
	455	{
	456	return tomoyo_socket_connect_permission(sock, addr, addr_len);
	457	}
	458
	459	/**
	460	* tomoyo_socket_bind - Check permission for bind().
	461	*
	462	* @sock: Pointer to "struct socket".
	463	* @addr: Pointer to "struct sockaddr".
	464	* @addr_len: Size of @addr.
	465	*
	466	* Returns 0 on success, negative value otherwise.
	467	*/
	468	static int tomoyo_socket_bind(struct socket sock, struct sockaddr addr,
	469	int addr_len)
	470	{
	471	return tomoyo_socket_bind_permission(sock, addr, addr_len);
	472	}
	473
	474	/**
	475	* tomoyo_socket_sendmsg - Check permission for sendmsg().
	476	*
	477	* @sock: Pointer to "struct socket".
	478	* @msg: Pointer to "struct msghdr".
	479	* @size: Size of message.
	480	*
	481	* Returns 0 on success, negative value otherwise.
	482	*/
	483	static int tomoyo_socket_sendmsg(struct socket sock, struct msghdr msg,
	484	int size)
	485	{
	486	return tomoyo_socket_sendmsg_permission(sock, msg, size);
	487	}
	488
bbd3662a	489	struct lsm_blob_sizes tomoyo_blob_sizes __lsm_ro_after_init = {
8c6cb983	490	.lbs_task = sizeof(struct tomoyo_task),
bbd3662a CS	491	};
bbd3662a CS	492
8c6cb983 TH	493	/**
	494	* tomoyo_task_alloc - Target for security_task_alloc().
	495	*
	496	* @task: Pointer to "struct task_struct".
	497	* @flags: clone() flags.
	498	*
	499	* Returns 0.
	500	*/
	501	static int tomoyo_task_alloc(struct task_struct *task,
	502	unsigned long clone_flags)
	503	{
	504	struct tomoyo_task *old = tomoyo_task(current);
	505	struct tomoyo_task *new = tomoyo_task(task);
	506
	507	new->domain_info = old->domain_info;
	508	atomic_inc(&new->domain_info->users);
	509	new->old_domain_info = NULL;
	510	return 0;
	511	}
	512
	513	/**
	514	* tomoyo_task_free - Target for security_task_free().
	515	*
	516	* @task: Pointer to "struct task_struct".
	517	*/
	518	static void tomoyo_task_free(struct task_struct *task)
	519	{
	520	struct tomoyo_task *s = tomoyo_task(task);
	521
	522	if (s->domain_info) {
	523	atomic_dec(&s->domain_info->users);
	524	s->domain_info = NULL;
	525	}
	526	if (s->old_domain_info) {
	527	atomic_dec(&s->old_domain_info->users);
	528	s->old_domain_info = NULL;
	529	}
	530	}
	531
c3fa109a TH	532	/*
	533	* tomoyo_security_ops is a "struct security_operations" which is used for
	534	* registering TOMOYO.
	535	*/
ca97d939	536	static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
e20b043a	537	LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare),
8c6cb983 TH	538	LSM_HOOK_INIT(bprm_committed_creds, tomoyo_bprm_committed_creds),
	539	LSM_HOOK_INIT(task_alloc, tomoyo_task_alloc),
	540	LSM_HOOK_INIT(task_free, tomoyo_task_free),
	541	#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
e20b043a	542	LSM_HOOK_INIT(bprm_set_creds, tomoyo_bprm_set_creds),
8c6cb983	543	#endif
e20b043a CS	544	LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security),
	545	LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl),
	546	LSM_HOOK_INIT(file_open, tomoyo_file_open),
	547	LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate),
	548	LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink),
	549	LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir),
	550	LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir),
	551	LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink),
	552	LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod),
	553	LSM_HOOK_INIT(path_link, tomoyo_path_link),
	554	LSM_HOOK_INIT(path_rename, tomoyo_path_rename),
	555	LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr),
	556	LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl),
	557	LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod),
	558	LSM_HOOK_INIT(path_chown, tomoyo_path_chown),
	559	LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot),
	560	LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount),
	561	LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount),
	562	LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot),
	563	LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind),
	564	LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect),
	565	LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen),
	566	LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg),
f7433243 KT	567	};
f7433243 KT	568
fdb8ebb7	569	/* Lock for GC. */
505f14f7	570	DEFINE_SRCU(tomoyo_ss);
fdb8ebb7	571
43fc4609 CS	572	int tomoyo_enabled __lsm_ro_after_init = 1;
43fc4609 CS	573
0f2a55d5 TH	574	/**
	575	* tomoyo_init - Register TOMOYO Linux as a LSM module.
	576	*
	577	* Returns 0.
	578	*/
f7433243 KT	579	static int __init tomoyo_init(void)
f7433243 KT	580	{
8c6cb983	581	struct tomoyo_task *s = tomoyo_task(current);
f7433243	582
f7433243	583	/* register ourselves with the security framework */
d69dece5	584	security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), "tomoyo");
cdcf6723	585	pr_info("TOMOYO Linux initialized\n");
8c6cb983 TH	586	s->domain_info = &tomoyo_kernel_domain;
	587	atomic_inc(&tomoyo_kernel_domain.users);
	588	s->old_domain_info = NULL;
c3ef1500	589	tomoyo_mm_init();
43fc4609	590
f7433243 KT	591	return 0;
	592	}
	593
3d6e5f6d	594	DEFINE_LSM(tomoyo) = {
07aed2f2	595	.name = "tomoyo",
43fc4609	596	.enabled = &tomoyo_enabled,
a5e2fe7e	597	.flags = LSM_FLAG_LEGACY_MAJOR,
bbd3662a	598	.blobs = &tomoyo_blob_sizes,
3d6e5f6d KC	599	.init = tomoyo_init,
3d6e5f6d KC	600	};