1 |
/* |
/* |
2 |
* fs/tomoyo_domain.c |
* fs/ccsecurity/domain.c |
|
* |
|
|
* Implementation of the Domain-Based Mandatory Access Control. |
|
3 |
* |
* |
4 |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
5 |
* |
* |
10 |
* |
* |
11 |
*/ |
*/ |
12 |
|
|
13 |
#include <linux/ccs_common.h> |
#include <linux/slab.h> |
|
#include <linux/tomoyo.h> |
|
|
#include <linux/realpath.h> |
|
14 |
#include <linux/highmem.h> |
#include <linux/highmem.h> |
15 |
|
#include <linux/version.h> |
16 |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 0) |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 0) |
17 |
#include <linux/namei.h> |
#include <linux/namei.h> |
18 |
#include <linux/mount.h> |
#include <linux/mount.h> |
20 |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 30) |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 30) |
21 |
#include <linux/fs_struct.h> |
#include <linux/fs_struct.h> |
22 |
#endif |
#endif |
23 |
|
#include "internal.h" |
24 |
|
#include <linux/ccsecurity.h> |
25 |
|
|
26 |
/* For compatibility with older kernels. */ |
/* For compatibility with older kernels. */ |
27 |
#ifndef for_each_process |
#ifndef for_each_process |
199 |
* |
* |
200 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
201 |
* |
* |
202 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
203 |
*/ |
*/ |
204 |
bool ccs_read_domain_initializer_policy(struct ccs_io_buffer *head) |
bool ccs_read_domain_initializer_policy(struct ccs_io_buffer *head) |
205 |
{ |
{ |
206 |
struct list_head *pos; |
struct list_head *pos; |
207 |
bool done = true; |
bool done = true; |
208 |
|
ccs_check_read_lock(); |
209 |
list_for_each_cookie(pos, head->read_var2, |
list_for_each_cookie(pos, head->read_var2, |
210 |
&ccs_domain_initializer_list) { |
&ccs_domain_initializer_list) { |
211 |
const char *no; |
const char *no; |
262 |
* Returns true if executing @program reinitializes domain transition, |
* Returns true if executing @program reinitializes domain transition, |
263 |
* false otherwise. |
* false otherwise. |
264 |
* |
* |
265 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
266 |
*/ |
*/ |
267 |
static bool ccs_is_domain_initializer(const struct ccs_path_info *domainname, |
static bool ccs_is_domain_initializer(const struct ccs_path_info *domainname, |
268 |
const struct ccs_path_info *program, |
const struct ccs_path_info *program, |
270 |
{ |
{ |
271 |
struct ccs_domain_initializer_entry *ptr; |
struct ccs_domain_initializer_entry *ptr; |
272 |
bool flag = false; |
bool flag = false; |
273 |
|
ccs_check_read_lock(); |
274 |
list_for_each_entry_rcu(ptr, &ccs_domain_initializer_list, list) { |
list_for_each_entry_rcu(ptr, &ccs_domain_initializer_list, list) { |
275 |
if (ptr->is_deleted) |
if (ptr->is_deleted) |
276 |
continue; |
continue; |
392 |
* |
* |
393 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
394 |
* |
* |
395 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
396 |
*/ |
*/ |
397 |
bool ccs_read_domain_keeper_policy(struct ccs_io_buffer *head) |
bool ccs_read_domain_keeper_policy(struct ccs_io_buffer *head) |
398 |
{ |
{ |
399 |
struct list_head *pos; |
struct list_head *pos; |
400 |
bool done = true; |
bool done = true; |
401 |
|
ccs_check_read_lock(); |
402 |
list_for_each_cookie(pos, head->read_var2, |
list_for_each_cookie(pos, head->read_var2, |
403 |
&ccs_domain_keeper_list) { |
&ccs_domain_keeper_list) { |
404 |
struct ccs_domain_keeper_entry *ptr; |
struct ccs_domain_keeper_entry *ptr; |
432 |
* Returns true if executing @program supresses domain transition, |
* Returns true if executing @program supresses domain transition, |
433 |
* false otherwise. |
* false otherwise. |
434 |
* |
* |
435 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
436 |
*/ |
*/ |
437 |
static bool ccs_is_domain_keeper(const struct ccs_path_info *domainname, |
static bool ccs_is_domain_keeper(const struct ccs_path_info *domainname, |
438 |
const struct ccs_path_info *program, |
const struct ccs_path_info *program, |
440 |
{ |
{ |
441 |
struct ccs_domain_keeper_entry *ptr; |
struct ccs_domain_keeper_entry *ptr; |
442 |
bool flag = false; |
bool flag = false; |
443 |
|
ccs_check_read_lock(); |
444 |
list_for_each_entry_rcu(ptr, &ccs_domain_keeper_list, list) { |
list_for_each_entry_rcu(ptr, &ccs_domain_keeper_list, list) { |
445 |
if (ptr->is_deleted) |
if (ptr->is_deleted) |
446 |
continue; |
continue; |
527 |
* |
* |
528 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
529 |
* |
* |
530 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
531 |
*/ |
*/ |
532 |
bool ccs_read_aggregator_policy(struct ccs_io_buffer *head) |
bool ccs_read_aggregator_policy(struct ccs_io_buffer *head) |
533 |
{ |
{ |
534 |
struct list_head *pos; |
struct list_head *pos; |
535 |
bool done = true; |
bool done = true; |
536 |
|
ccs_check_read_lock(); |
537 |
list_for_each_cookie(pos, head->read_var2, &ccs_aggregator_list) { |
list_for_each_cookie(pos, head->read_var2, &ccs_aggregator_list) { |
538 |
struct ccs_aggregator_entry *ptr; |
struct ccs_aggregator_entry *ptr; |
539 |
ptr = list_entry(pos, struct ccs_aggregator_entry, list); |
ptr = list_entry(pos, struct ccs_aggregator_entry, list); |
558 |
*/ |
*/ |
559 |
int ccs_write_aggregator_policy(char *data, const bool is_delete) |
int ccs_write_aggregator_policy(char *data, const bool is_delete) |
560 |
{ |
{ |
561 |
char *cp = strchr(data, ' '); |
char *w[2]; |
562 |
if (!cp) |
if (!ccs_tokenize(data, w, sizeof(w)) || !w[1][0]) |
563 |
return -EINVAL; |
return -EINVAL; |
564 |
*cp++ = '\0'; |
return ccs_update_aggregator_entry(w[0], w[1], is_delete); |
|
return ccs_update_aggregator_entry(data, cp, is_delete); |
|
565 |
} |
} |
566 |
|
|
567 |
/* Domain create/delete handler. */ |
/* Domain create/delete handler. */ |
703 |
* |
* |
704 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
705 |
* |
* |
706 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
707 |
*/ |
*/ |
708 |
static int ccs_find_next_domain(struct ccs_execve_entry *ee) |
static int ccs_find_next_domain(struct ccs_execve_entry *ee) |
709 |
{ |
{ |
719 |
struct ccs_path_info rn; /* real name */ |
struct ccs_path_info rn; /* real name */ |
720 |
struct ccs_path_info ln; /* last name */ |
struct ccs_path_info ln; /* last name */ |
721 |
int retval; |
int retval; |
722 |
|
ccs_check_read_lock(); |
723 |
retry: |
retry: |
724 |
current->ccs_flags = ccs_flags; |
current->ccs_flags = ccs_flags; |
725 |
r->cond = NULL; |
r->cond = NULL; |
1051 |
kfree(ee); |
kfree(ee); |
1052 |
return NULL; |
return NULL; |
1053 |
} |
} |
1054 |
ee->srcu_idx = srcu_read_lock(&ccs_ss); |
ee->reader_idx = ccs_read_lock(); |
1055 |
/* ee->dump->data is allocated by ccs_dump_page(). */ |
/* ee->dump->data is allocated by ccs_dump_page(). */ |
1056 |
ee->task = current; |
ee->task = current; |
1057 |
/***** CRITICAL SECTION START *****/ |
/***** CRITICAL SECTION START *****/ |
1102 |
kfree(ee->program_path); |
kfree(ee->program_path); |
1103 |
kfree(ee->tmp); |
kfree(ee->tmp); |
1104 |
kfree(ee->dump.data); |
kfree(ee->dump.data); |
1105 |
srcu_read_unlock(&ccs_ss, ee->srcu_idx); |
ccs_read_unlock(ee->reader_idx); |
1106 |
kfree(ee); |
kfree(ee); |
1107 |
} |
} |
1108 |
|
|
1326 |
* |
* |
1327 |
* Returns true if found, false otherwise. |
* Returns true if found, false otherwise. |
1328 |
* |
* |
1329 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
1330 |
*/ |
*/ |
1331 |
static bool ccs_find_execute_handler(struct ccs_execve_entry *ee, |
static bool ccs_find_execute_handler(struct ccs_execve_entry *ee, |
1332 |
const u8 type) |
const u8 type) |
1335 |
const struct ccs_domain_info *domain = ccs_current_domain(); |
const struct ccs_domain_info *domain = ccs_current_domain(); |
1336 |
struct ccs_acl_info *ptr; |
struct ccs_acl_info *ptr; |
1337 |
bool found = false; |
bool found = false; |
1338 |
|
ccs_check_read_lock(); |
1339 |
/* |
/* |
1340 |
* Don't use execute handler if the current process is |
* Don't use execute handler if the current process is |
1341 |
* marked as execute handler to avoid infinite execute handler loop. |
* marked as execute handler to avoid infinite execute handler loop. |
1480 |
* |
* |
1481 |
* @retval: Return code of an execve() operation. |
* @retval: Return code of an execve() operation. |
1482 |
* |
* |
1483 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
1484 |
*/ |
*/ |
1485 |
void ccs_finish_execve(int retval) |
void ccs_finish_execve(int retval) |
1486 |
{ |
{ |
1487 |
struct task_struct *task = current; |
struct task_struct *task = current; |
1488 |
struct ccs_execve_entry *ee = ccs_find_execve_entry(); |
struct ccs_execve_entry *ee = ccs_find_execve_entry(); |
1489 |
|
ccs_check_read_lock(); |
1490 |
task->ccs_flags &= ~CCS_CHECK_READ_FOR_OPEN_EXEC; |
task->ccs_flags &= ~CCS_CHECK_READ_FOR_OPEN_EXEC; |
1491 |
if (!ee) |
if (!ee) |
1492 |
return; |
return; |