| 1 |
/* |
/* |
| 2 |
* fs/tomoyo_domain.c |
* fs/ccsecurity/domain.c |
|
* |
|
|
* Implementation of the Domain-Based Mandatory Access Control. |
|
| 3 |
* |
* |
| 4 |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
| 5 |
* |
* |
| 10 |
* |
* |
| 11 |
*/ |
*/ |
| 12 |
|
|
| 13 |
#include <linux/ccs_common.h> |
#include <linux/slab.h> |
|
#include <linux/tomoyo.h> |
|
|
#include <linux/realpath.h> |
|
| 14 |
#include <linux/highmem.h> |
#include <linux/highmem.h> |
| 15 |
|
#include <linux/version.h> |
| 16 |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 0) |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 0) |
| 17 |
#include <linux/namei.h> |
#include <linux/namei.h> |
| 18 |
#include <linux/mount.h> |
#include <linux/mount.h> |
| 20 |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 30) |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 30) |
| 21 |
#include <linux/fs_struct.h> |
#include <linux/fs_struct.h> |
| 22 |
#endif |
#endif |
| 23 |
|
#include "internal.h" |
| 24 |
|
#include <linux/ccsecurity.h> |
| 25 |
|
|
| 26 |
/* For compatibility with older kernels. */ |
/* For compatibility with older kernels. */ |
| 27 |
#ifndef for_each_process |
#ifndef for_each_process |
| 199 |
* |
* |
| 200 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
| 201 |
* |
* |
| 202 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 203 |
*/ |
*/ |
| 204 |
bool ccs_read_domain_initializer_policy(struct ccs_io_buffer *head) |
bool ccs_read_domain_initializer_policy(struct ccs_io_buffer *head) |
| 205 |
{ |
{ |
| 206 |
struct list_head *pos; |
struct list_head *pos; |
| 207 |
bool done = true; |
bool done = true; |
| 208 |
|
ccs_check_read_lock(); |
| 209 |
list_for_each_cookie(pos, head->read_var2, |
list_for_each_cookie(pos, head->read_var2, |
| 210 |
&ccs_domain_initializer_list) { |
&ccs_domain_initializer_list) { |
| 211 |
const char *no; |
const char *no; |
| 262 |
* Returns true if executing @program reinitializes domain transition, |
* Returns true if executing @program reinitializes domain transition, |
| 263 |
* false otherwise. |
* false otherwise. |
| 264 |
* |
* |
| 265 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 266 |
*/ |
*/ |
| 267 |
static bool ccs_is_domain_initializer(const struct ccs_path_info *domainname, |
static bool ccs_is_domain_initializer(const struct ccs_path_info *domainname, |
| 268 |
const struct ccs_path_info *program, |
const struct ccs_path_info *program, |
| 270 |
{ |
{ |
| 271 |
struct ccs_domain_initializer_entry *ptr; |
struct ccs_domain_initializer_entry *ptr; |
| 272 |
bool flag = false; |
bool flag = false; |
| 273 |
|
ccs_check_read_lock(); |
| 274 |
list_for_each_entry_rcu(ptr, &ccs_domain_initializer_list, list) { |
list_for_each_entry_rcu(ptr, &ccs_domain_initializer_list, list) { |
| 275 |
if (ptr->is_deleted) |
if (ptr->is_deleted) |
| 276 |
continue; |
continue; |
| 392 |
* |
* |
| 393 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
| 394 |
* |
* |
| 395 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 396 |
*/ |
*/ |
| 397 |
bool ccs_read_domain_keeper_policy(struct ccs_io_buffer *head) |
bool ccs_read_domain_keeper_policy(struct ccs_io_buffer *head) |
| 398 |
{ |
{ |
| 399 |
struct list_head *pos; |
struct list_head *pos; |
| 400 |
bool done = true; |
bool done = true; |
| 401 |
|
ccs_check_read_lock(); |
| 402 |
list_for_each_cookie(pos, head->read_var2, |
list_for_each_cookie(pos, head->read_var2, |
| 403 |
&ccs_domain_keeper_list) { |
&ccs_domain_keeper_list) { |
| 404 |
struct ccs_domain_keeper_entry *ptr; |
struct ccs_domain_keeper_entry *ptr; |
| 432 |
* Returns true if executing @program supresses domain transition, |
* Returns true if executing @program supresses domain transition, |
| 433 |
* false otherwise. |
* false otherwise. |
| 434 |
* |
* |
| 435 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 436 |
*/ |
*/ |
| 437 |
static bool ccs_is_domain_keeper(const struct ccs_path_info *domainname, |
static bool ccs_is_domain_keeper(const struct ccs_path_info *domainname, |
| 438 |
const struct ccs_path_info *program, |
const struct ccs_path_info *program, |
| 440 |
{ |
{ |
| 441 |
struct ccs_domain_keeper_entry *ptr; |
struct ccs_domain_keeper_entry *ptr; |
| 442 |
bool flag = false; |
bool flag = false; |
| 443 |
|
ccs_check_read_lock(); |
| 444 |
list_for_each_entry_rcu(ptr, &ccs_domain_keeper_list, list) { |
list_for_each_entry_rcu(ptr, &ccs_domain_keeper_list, list) { |
| 445 |
if (ptr->is_deleted) |
if (ptr->is_deleted) |
| 446 |
continue; |
continue; |
| 527 |
* |
* |
| 528 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
| 529 |
* |
* |
| 530 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 531 |
*/ |
*/ |
| 532 |
bool ccs_read_aggregator_policy(struct ccs_io_buffer *head) |
bool ccs_read_aggregator_policy(struct ccs_io_buffer *head) |
| 533 |
{ |
{ |
| 534 |
struct list_head *pos; |
struct list_head *pos; |
| 535 |
bool done = true; |
bool done = true; |
| 536 |
|
ccs_check_read_lock(); |
| 537 |
list_for_each_cookie(pos, head->read_var2, &ccs_aggregator_list) { |
list_for_each_cookie(pos, head->read_var2, &ccs_aggregator_list) { |
| 538 |
struct ccs_aggregator_entry *ptr; |
struct ccs_aggregator_entry *ptr; |
| 539 |
ptr = list_entry(pos, struct ccs_aggregator_entry, list); |
ptr = list_entry(pos, struct ccs_aggregator_entry, list); |
| 558 |
*/ |
*/ |
| 559 |
int ccs_write_aggregator_policy(char *data, const bool is_delete) |
int ccs_write_aggregator_policy(char *data, const bool is_delete) |
| 560 |
{ |
{ |
| 561 |
char *cp = strchr(data, ' '); |
char *w[2]; |
| 562 |
if (!cp) |
if (!ccs_tokenize(data, w, sizeof(w)) || !w[1][0]) |
| 563 |
return -EINVAL; |
return -EINVAL; |
| 564 |
*cp++ = '\0'; |
return ccs_update_aggregator_entry(w[0], w[1], is_delete); |
|
return ccs_update_aggregator_entry(data, cp, is_delete); |
|
| 565 |
} |
} |
| 566 |
|
|
| 567 |
/* Domain create/delete handler. */ |
/* Domain create/delete handler. */ |
| 703 |
* |
* |
| 704 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
| 705 |
* |
* |
| 706 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 707 |
*/ |
*/ |
| 708 |
static int ccs_find_next_domain(struct ccs_execve_entry *ee) |
static int ccs_find_next_domain(struct ccs_execve_entry *ee) |
| 709 |
{ |
{ |
| 719 |
struct ccs_path_info rn; /* real name */ |
struct ccs_path_info rn; /* real name */ |
| 720 |
struct ccs_path_info ln; /* last name */ |
struct ccs_path_info ln; /* last name */ |
| 721 |
int retval; |
int retval; |
| 722 |
|
ccs_check_read_lock(); |
| 723 |
retry: |
retry: |
| 724 |
current->ccs_flags = ccs_flags; |
current->ccs_flags = ccs_flags; |
| 725 |
r->cond = NULL; |
r->cond = NULL; |
| 1051 |
kfree(ee); |
kfree(ee); |
| 1052 |
return NULL; |
return NULL; |
| 1053 |
} |
} |
| 1054 |
ee->srcu_idx = srcu_read_lock(&ccs_ss); |
ee->reader_idx = ccs_read_lock(); |
| 1055 |
/* ee->dump->data is allocated by ccs_dump_page(). */ |
/* ee->dump->data is allocated by ccs_dump_page(). */ |
| 1056 |
ee->task = current; |
ee->task = current; |
| 1057 |
/***** CRITICAL SECTION START *****/ |
/***** CRITICAL SECTION START *****/ |
| 1102 |
kfree(ee->program_path); |
kfree(ee->program_path); |
| 1103 |
kfree(ee->tmp); |
kfree(ee->tmp); |
| 1104 |
kfree(ee->dump.data); |
kfree(ee->dump.data); |
| 1105 |
srcu_read_unlock(&ccs_ss, ee->srcu_idx); |
ccs_read_unlock(ee->reader_idx); |
| 1106 |
kfree(ee); |
kfree(ee); |
| 1107 |
} |
} |
| 1108 |
|
|
| 1326 |
* |
* |
| 1327 |
* Returns true if found, false otherwise. |
* Returns true if found, false otherwise. |
| 1328 |
* |
* |
| 1329 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 1330 |
*/ |
*/ |
| 1331 |
static bool ccs_find_execute_handler(struct ccs_execve_entry *ee, |
static bool ccs_find_execute_handler(struct ccs_execve_entry *ee, |
| 1332 |
const u8 type) |
const u8 type) |
| 1335 |
const struct ccs_domain_info *domain = ccs_current_domain(); |
const struct ccs_domain_info *domain = ccs_current_domain(); |
| 1336 |
struct ccs_acl_info *ptr; |
struct ccs_acl_info *ptr; |
| 1337 |
bool found = false; |
bool found = false; |
| 1338 |
|
ccs_check_read_lock(); |
| 1339 |
/* |
/* |
| 1340 |
* Don't use execute handler if the current process is |
* Don't use execute handler if the current process is |
| 1341 |
* marked as execute handler to avoid infinite execute handler loop. |
* marked as execute handler to avoid infinite execute handler loop. |
| 1480 |
* |
* |
| 1481 |
* @retval: Return code of an execve() operation. |
* @retval: Return code of an execve() operation. |
| 1482 |
* |
* |
| 1483 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 1484 |
*/ |
*/ |
| 1485 |
void ccs_finish_execve(int retval) |
void ccs_finish_execve(int retval) |
| 1486 |
{ |
{ |
| 1487 |
struct task_struct *task = current; |
struct task_struct *task = current; |
| 1488 |
struct ccs_execve_entry *ee = ccs_find_execve_entry(); |
struct ccs_execve_entry *ee = ccs_find_execve_entry(); |
| 1489 |
|
ccs_check_read_lock(); |
| 1490 |
task->ccs_flags &= ~CCS_CHECK_READ_FOR_OPEN_EXEC; |
task->ccs_flags &= ~CCS_CHECK_READ_FOR_OPEN_EXEC; |
| 1491 |
if (!ee) |
if (!ee) |
| 1492 |
return; |
return; |
TOMOYO
Parent Directory
Revision Log
Patch