Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 5448ec4f5062ef75ce74f8d7784d4cea9c46ad00 / . / security / tomoyo / domain.c
blob: 05450b17c57fa71fe14827ac2c2e11ed1229c772 [file] [log] [blame]
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]1/*
2 * security/tomoyo/domain.c
3 *
Tetsuo Handac3ef1502010-05-17 10:12:46 +0900[diff] [blame]4 * Domain transition functions for TOMOYO.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]5 *
Tetsuo Handac3ef1502010-05-17 10:12:46 +0900[diff] [blame]6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]7 */
8
9#include "common.h"
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]10#include <linux/binfmts.h>
Tejun Heo5a0e3ad2010-03-24 17:04:11 +0900[diff] [blame]11#include <linux/slab.h>
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]12
13/* Variables definitions.*/
14
15/* The initial domain. */
16struct tomoyo_domain_info tomoyo_kernel_domain;
17
Tetsuo Handa237ab452010-06-12 20:46:22 +0900[diff] [blame]18/**
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900[diff] [blame]19 * tomoyo_update_policy - Update an entry for exception policy.
20 *
21 * @new_entry: Pointer to "struct tomoyo_acl_info".
22 * @size: Size of @new_entry in bytes.
23 * @is_delete: True if it is a delete request.
24 * @list: Pointer to "struct list_head".
25 * @check_duplicate: Callback function to find duplicated entry.
26 *
27 * Returns 0 on success, negative value otherwise.
28 *
29 * Caller holds tomoyo_read_lock().
30 */
31int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
32 bool is_delete, struct list_head *list,
33 bool (*check_duplicate) (const struct tomoyo_acl_head
34 *,
35 const struct tomoyo_acl_head
36 *))
37{
38 int error = is_delete ? -ENOENT : -ENOMEM;
39 struct tomoyo_acl_head *entry;
40
41 if (mutex_lock_interruptible(&tomoyo_policy_lock))
42 return -ENOMEM;
43 list_for_each_entry_rcu(entry, list, list) {
44 if (!check_duplicate(entry, new_entry))
45 continue;
46 entry->is_deleted = is_delete;
47 error = 0;
48 break;
49 }
50 if (error && !is_delete) {
51 entry = tomoyo_commit_ok(new_entry, size);
52 if (entry) {
53 list_add_tail_rcu(&entry->list, list);
54 error = 0;
55 }
56 }
57 mutex_unlock(&tomoyo_policy_lock);
58 return error;
59}
60
61/**
Tetsuo Handa237ab452010-06-12 20:46:22 +0900[diff] [blame]62 * tomoyo_update_domain - Update an entry for domain policy.
63 *
64 * @new_entry: Pointer to "struct tomoyo_acl_info".
65 * @size: Size of @new_entry in bytes.
66 * @is_delete: True if it is a delete request.
67 * @domain: Pointer to "struct tomoyo_domain_info".
68 * @check_duplicate: Callback function to find duplicated entry.
69 * @merge_duplicate: Callback function to merge duplicated entry.
70 *
71 * Returns 0 on success, negative value otherwise.
72 *
73 * Caller holds tomoyo_read_lock().
74 */
75int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
76 bool is_delete, struct tomoyo_domain_info *domain,
77 bool (*check_duplicate) (const struct tomoyo_acl_info
78 *,
79 const struct tomoyo_acl_info
80 *),
81 bool (*merge_duplicate) (struct tomoyo_acl_info *,
82 struct tomoyo_acl_info *,
83 const bool))
84{
85 int error = is_delete ? -ENOENT : -ENOMEM;
86 struct tomoyo_acl_info *entry;
87
88 if (mutex_lock_interruptible(&tomoyo_policy_lock))
89 return error;
90 list_for_each_entry_rcu(entry, &domain->acl_info_list, list) {
91 if (!check_duplicate(entry, new_entry))
92 continue;
93 if (merge_duplicate)
94 entry->is_deleted = merge_duplicate(entry, new_entry,
95 is_delete);
96 else
97 entry->is_deleted = is_delete;
98 error = 0;
99 break;
100 }
101 if (error && !is_delete) {
102 entry = tomoyo_commit_ok(new_entry, size);
103 if (entry) {
104 list_add_tail_rcu(&entry->list, &domain->acl_info_list);
105 error = 0;
106 }
107 }
108 mutex_unlock(&tomoyo_policy_lock);
109 return error;
110}
111
Tetsuo Handa99a85252010-06-16 16:22:51 +0900[diff] [blame]112void tomoyo_check_acl(struct tomoyo_request_info *r,
113 bool (*check_entry) (const struct tomoyo_request_info *,
114 const struct tomoyo_acl_info *))
115{
116 const struct tomoyo_domain_info *domain = r->domain;
117 struct tomoyo_acl_info *ptr;
118
119 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
120 if (ptr->is_deleted || ptr->type != r->param_type)
121 continue;
122 if (check_entry(r, ptr)) {
123 r->granted = true;
124 return;
125 }
126 }
127 r->granted = false;
128}
129
Tetsuo Handaa230f9e2010-06-17 16:53:24 +0900[diff] [blame]130/* The list for "struct tomoyo_domain_info". */
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]131LIST_HEAD(tomoyo_domain_list);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]132
Tetsuo Handaa230f9e2010-06-17 16:53:24 +0900[diff] [blame]133struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
134struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
135
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]136/**
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]137 * tomoyo_get_last_name - Get last component of a domainname.
138 *
139 * @domain: Pointer to "struct tomoyo_domain_info".
140 *
141 * Returns the last component of the domainname.
142 */
143const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain)
144{
145 const char *cp0 = domain->domainname->name;
146 const char *cp1 = strrchr(cp0, ' ');
147
148 if (cp1)
149 return cp1 + 1;
150 return cp0;
151}
152
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]153static bool tomoyo_same_transition_control_entry(const struct tomoyo_acl_head *
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900[diff] [blame]154 a,
155 const struct tomoyo_acl_head *
156 b)
157{
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]158 const struct tomoyo_transition_control *p1 = container_of(a,
159 typeof(*p1),
160 head);
161 const struct tomoyo_transition_control *p2 = container_of(b,
162 typeof(*p2),
163 head);
164 return p1->type == p2->type && p1->is_last_name == p2->is_last_name
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900[diff] [blame]165 && p1->domainname == p2->domainname
166 && p1->program == p2->program;
167}
168
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]169/**
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]170 * tomoyo_update_transition_control_entry - Update "struct tomoyo_transition_control" list.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]171 *
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]172 * @domainname: The name of domain. Maybe NULL.
173 * @program: The name of program. Maybe NULL.
174 * @type: Type of transition.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]175 * @is_delete: True if it is a delete request.
176 *
177 * Returns 0 on success, negative value otherwise.
178 */
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]179static int tomoyo_update_transition_control_entry(const char *domainname,
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]180 const char *program,
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]181 const u8 type,
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]182 const bool is_delete)
183{
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]184 struct tomoyo_transition_control e = { .type = type };
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900[diff] [blame]185 int error = is_delete ? -ENOENT : -ENOMEM;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]186 if (program) {
Tetsuo Handa75093152010-06-16 16:23:55 +0900[diff] [blame]187 if (!tomoyo_correct_path(program))
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]188 return -EINVAL;
Tetsuo Handa9e4b50e2010-05-06 12:40:02 +0900[diff] [blame]189 e.program = tomoyo_get_name(program);
190 if (!e.program)
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900[diff] [blame]191 goto out;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]192 }
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]193 if (domainname) {
194 if (!tomoyo_correct_domain(domainname)) {
195 if (!tomoyo_correct_path(domainname))
196 goto out;
197 e.is_last_name = true;
198 }
199 e.domainname = tomoyo_get_name(domainname);
200 if (!e.domainname)
201 goto out;
202 }
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900[diff] [blame]203 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
Tetsuo Handaa230f9e2010-06-17 16:53:24 +0900[diff] [blame]204 &tomoyo_policy_list
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]205 [TOMOYO_ID_TRANSITION_CONTROL],
206 tomoyo_same_transition_control_entry);
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900[diff] [blame]207 out:
Tetsuo Handa9e4b50e2010-05-06 12:40:02 +0900[diff] [blame]208 tomoyo_put_name(e.domainname);
209 tomoyo_put_name(e.program);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]210 return error;
211}
212
213/**
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]214 * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]215 *
216 * @data: String to parse.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]217 * @is_delete: True if it is a delete request.
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]218 * @type: Type of this entry.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]219 *
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]220 * Returns 0 on success, negative value otherwise.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]221 */
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]222int tomoyo_write_transition_control(char *data, const bool is_delete,
223 const u8 type)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]224{
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]225 char *domainname = strstr(data, " from ");
226 if (domainname) {
227 *domainname = '\0';
228 domainname += 6;
229 } else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP ||
230 type == TOMOYO_TRANSITION_CONTROL_KEEP) {
231 domainname = data;
232 data = NULL;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]233 }
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]234 return tomoyo_update_transition_control_entry(domainname, data, type,
235 is_delete);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]236}
237
238/**
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]239 * tomoyo_transition_type - Get domain transition type.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]240 *
241 * @domainname: The name of domain.
242 * @program: The name of program.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]243 *
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]244 * Returns TOMOYO_TRANSITION_CONTROL_INITIALIZE if executing @program
245 * reinitializes domain transition, TOMOYO_TRANSITION_CONTROL_KEEP if executing
246 * @program suppresses domain transition, others otherwise.
Tetsuo Handafdb8ebb2009-12-08 09:34:43 +0900[diff] [blame]247 *
248 * Caller holds tomoyo_read_lock().
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]249 */
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]250static u8 tomoyo_transition_type(const struct tomoyo_path_info *domainname,
251 const struct tomoyo_path_info *program)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]252{
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]253 const struct tomoyo_transition_control *ptr;
254 const char *last_name = tomoyo_last_word(domainname->name);
255 u8 type;
256 for (type = 0; type < TOMOYO_MAX_TRANSITION_TYPE; type++) {
257 next:
258 list_for_each_entry_rcu(ptr, &tomoyo_policy_list
259 [TOMOYO_ID_TRANSITION_CONTROL],
260 head.list) {
261 if (ptr->head.is_deleted || ptr->type != type)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]262 continue;
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]263 if (ptr->domainname) {
264 if (!ptr->is_last_name) {
265 if (ptr->domainname != domainname)
266 continue;
267 } else {
268 /*
269 * Use direct strcmp() since this is
270 * unlikely used.
271 */
272 if (strcmp(ptr->domainname->name,
273 last_name))
274 continue;
275 }
276 }
277 if (ptr->program &&
278 tomoyo_pathcmp(ptr->program, program))
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]279 continue;
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]280 if (type == TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) {
281 /*
282 * Do not check for initialize_domain if
283 * no_initialize_domain matched.
284 */
285 type = TOMOYO_TRANSITION_CONTROL_NO_KEEP;
286 goto next;
287 }
288 goto done;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]289 }
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]290 }
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]291 done:
292 return type;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]293}
294
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900[diff] [blame]295static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a,
296 const struct tomoyo_acl_head *b)
297{
298 const struct tomoyo_aggregator_entry *p1 = container_of(a, typeof(*p1),
299 head);
300 const struct tomoyo_aggregator_entry *p2 = container_of(b, typeof(*p2),
301 head);
302 return p1->original_name == p2->original_name &&
303 p1->aggregated_name == p2->aggregated_name;
304}
305
Tetsuo Handa10843072010-06-03 20:38:03 +0900[diff] [blame]306/**
307 * tomoyo_update_aggregator_entry - Update "struct tomoyo_aggregator_entry" list.
308 *
309 * @original_name: The original program's name.
310 * @aggregated_name: The program name to use.
311 * @is_delete: True if it is a delete request.
312 *
313 * Returns 0 on success, negative value otherwise.
314 *
315 * Caller holds tomoyo_read_lock().
316 */
317static int tomoyo_update_aggregator_entry(const char *original_name,
318 const char *aggregated_name,
319 const bool is_delete)
320{
Tetsuo Handa10843072010-06-03 20:38:03 +0900[diff] [blame]321 struct tomoyo_aggregator_entry e = { };
322 int error = is_delete ? -ENOENT : -ENOMEM;
323
Tetsuo Handa75093152010-06-16 16:23:55 +0900[diff] [blame]324 if (!tomoyo_correct_path(original_name) ||
325 !tomoyo_correct_path(aggregated_name))
Tetsuo Handa10843072010-06-03 20:38:03 +0900[diff] [blame]326 return -EINVAL;
327 e.original_name = tomoyo_get_name(original_name);
328 e.aggregated_name = tomoyo_get_name(aggregated_name);
329 if (!e.original_name || !e.aggregated_name ||
330 e.aggregated_name->is_patterned) /* No patterns allowed. */
331 goto out;
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900[diff] [blame]332 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
Tetsuo Handaa230f9e2010-06-17 16:53:24 +0900[diff] [blame]333 &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR],
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900[diff] [blame]334 tomoyo_same_aggregator_entry);
Tetsuo Handa10843072010-06-03 20:38:03 +0900[diff] [blame]335 out:
336 tomoyo_put_name(e.original_name);
337 tomoyo_put_name(e.aggregated_name);
338 return error;
339}
340
341/**
Tetsuo Handa10843072010-06-03 20:38:03 +0900[diff] [blame]342 * tomoyo_write_aggregator_policy - Write "struct tomoyo_aggregator_entry" list.
343 *
344 * @data: String to parse.
345 * @is_delete: True if it is a delete request.
346 *
347 * Returns 0 on success, negative value otherwise.
348 *
349 * Caller holds tomoyo_read_lock().
350 */
351int tomoyo_write_aggregator_policy(char *data, const bool is_delete)
352{
353 char *cp = strchr(data, ' ');
354
355 if (!cp)
356 return -EINVAL;
357 *cp++ = '\0';
358 return tomoyo_update_aggregator_entry(data, cp, is_delete);
359}
360
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]361/**
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]362 * tomoyo_find_or_assign_new_domain - Create a domain.
363 *
364 * @domainname: The name of domain.
365 * @profile: Profile number to assign if the domain was newly created.
366 *
367 * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
Tetsuo Handafdb8ebb2009-12-08 09:34:43 +0900[diff] [blame]368 *
369 * Caller holds tomoyo_read_lock().
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]370 */
371struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
372 domainname,
373 const u8 profile)
374{
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900[diff] [blame]375 struct tomoyo_domain_info *entry;
Tetsuo Handa29282382010-05-06 00:18:15 +0900[diff] [blame]376 struct tomoyo_domain_info *domain = NULL;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]377 const struct tomoyo_path_info *saved_domainname;
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900[diff] [blame]378 bool found = false;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]379
Tetsuo Handa75093152010-06-16 16:23:55 +0900[diff] [blame]380 if (!tomoyo_correct_domain(domainname))
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900[diff] [blame]381 return NULL;
Tetsuo Handabf24fb02010-02-11 09:41:58 +0900[diff] [blame]382 saved_domainname = tomoyo_get_name(domainname);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]383 if (!saved_domainname)
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900[diff] [blame]384 return NULL;
Tetsuo Handa4e5d6f72010-04-28 14:17:42 +0900[diff] [blame]385 entry = kzalloc(sizeof(*entry), GFP_NOFS);
Tetsuo Handa29282382010-05-06 00:18:15 +0900[diff] [blame]386 if (mutex_lock_interruptible(&tomoyo_policy_lock))
387 goto out;
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900[diff] [blame]388 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
389 if (domain->is_deleted ||
390 tomoyo_pathcmp(saved_domainname, domain->domainname))
391 continue;
392 found = true;
393 break;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]394 }
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900[diff] [blame]395 if (!found && tomoyo_memory_ok(entry)) {
396 INIT_LIST_HEAD(&entry->acl_info_list);
397 entry->domainname = saved_domainname;
Tetsuo Handabf24fb02010-02-11 09:41:58 +0900[diff] [blame]398 saved_domainname = NULL;
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900[diff] [blame]399 entry->profile = profile;
400 list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
401 domain = entry;
402 entry = NULL;
403 found = true;
404 }
Tetsuo Handaf737d952010-01-03 21:16:32 +0900[diff] [blame]405 mutex_unlock(&tomoyo_policy_lock);
Tetsuo Handa29282382010-05-06 00:18:15 +0900[diff] [blame]406 out:
Tetsuo Handabf24fb02010-02-11 09:41:58 +0900[diff] [blame]407 tomoyo_put_name(saved_domainname);
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900[diff] [blame]408 kfree(entry);
409 return found ? domain : NULL;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]410}
411
412/**
413 * tomoyo_find_next_domain - Find a domain.
414 *
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900[diff] [blame]415 * @bprm: Pointer to "struct linux_binprm".
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]416 *
417 * Returns 0 on success, negative value otherwise.
Tetsuo Handafdb8ebb2009-12-08 09:34:43 +0900[diff] [blame]418 *
419 * Caller holds tomoyo_read_lock().
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]420 */
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900[diff] [blame]421int tomoyo_find_next_domain(struct linux_binprm *bprm)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]422{
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900[diff] [blame]423 struct tomoyo_request_info r;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]424 char *tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]425 struct tomoyo_domain_info *old_domain = tomoyo_domain();
426 struct tomoyo_domain_info *domain = NULL;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]427 const char *original_name = bprm->filename;
Tetsuo Handa57c25902010-06-03 20:38:44 +0900[diff] [blame]428 u8 mode;
429 bool is_enforce;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]430 int retval = -ENOMEM;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]431 bool need_kfree = false;
432 struct tomoyo_path_info rn = { }; /* real name */
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900[diff] [blame]433 struct tomoyo_path_info ln; /* last name */
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]434
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]435 ln.name = tomoyo_get_last_name(old_domain);
436 tomoyo_fill_path_info(&ln);
Tetsuo Handa57c25902010-06-03 20:38:44 +0900[diff] [blame]437 mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
438 is_enforce = (mode == TOMOYO_CONFIG_ENFORCING);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]439 if (!tmp)
440 goto out;
441
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900[diff] [blame]442 retry:
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]443 if (need_kfree) {
444 kfree(rn.name);
445 need_kfree = false;
446 }
Tetsuo Handa0617c7f2010-06-21 09:58:53 +0900[diff] [blame]447 /* Get symlink's pathname of program. */
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]448 retval = -ENOENT;
Tetsuo Handa0617c7f2010-06-21 09:58:53 +0900[diff] [blame]449 rn.name = tomoyo_realpath_nofollow(original_name);
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]450 if (!rn.name)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]451 goto out;
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900[diff] [blame]452 tomoyo_fill_path_info(&rn);
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]453 need_kfree = true;
454
Tetsuo Handa10843072010-06-03 20:38:03 +0900[diff] [blame]455 /* Check 'aggregator' directive. */
456 {
457 struct tomoyo_aggregator_entry *ptr;
Tetsuo Handaa230f9e2010-06-17 16:53:24 +0900[diff] [blame]458 list_for_each_entry_rcu(ptr, &tomoyo_policy_list
459 [TOMOYO_ID_AGGREGATOR], head.list) {
Tetsuo Handa82e0f002010-06-15 09:22:42 +0900[diff] [blame]460 if (ptr->head.is_deleted ||
Tetsuo Handa10843072010-06-03 20:38:03 +0900[diff] [blame]461 !tomoyo_path_matches_pattern(&rn,
462 ptr->original_name))
463 continue;
Tetsuo Handa0617c7f2010-06-21 09:58:53 +0900[diff] [blame]464 kfree(rn.name);
Tetsuo Handa10843072010-06-03 20:38:03 +0900[diff] [blame]465 need_kfree = false;
466 /* This is OK because it is read only. */
467 rn = *ptr->aggregated_name;
468 break;
469 }
470 }
471
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]472 /* Check execute permission. */
Tetsuo Handa05336de2010-06-16 16:20:24 +0900[diff] [blame]473 retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn);
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900[diff] [blame]474 if (retval == TOMOYO_RETRY_REQUEST)
475 goto retry;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]476 if (retval < 0)
477 goto out;
478
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]479 /* Calculate domain to transit to. */
480 switch (tomoyo_transition_type(old_domain->domainname, &rn)) {
481 case TOMOYO_TRANSITION_CONTROL_INITIALIZE:
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]482 /* Transit to the child of tomoyo_kernel_domain domain. */
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]483 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, TOMOYO_ROOT_NAME " "
484 "%s", rn.name);
485 break;
486 case TOMOYO_TRANSITION_CONTROL_KEEP:
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]487 /* Keep current domain. */
488 domain = old_domain;
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900[diff] [blame^]489 break;
490 default:
491 if (old_domain == &tomoyo_kernel_domain &&
492 !tomoyo_policy_loaded) {
493 /*
494 * Needn't to transit from kernel domain before
495 * starting /sbin/init. But transit from kernel domain
496 * if executing initializers because they might start
497 * before /sbin/init.
498 */
499 domain = old_domain;
500 } else {
501 /* Normal domain transition. */
502 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
503 old_domain->domainname->name, rn.name);
504 }
505 break;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]506 }
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]507 if (domain || strlen(tmp) >= TOMOYO_EXEC_TMPSIZE - 10)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]508 goto done;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]509 domain = tomoyo_find_domain(tmp);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]510 if (domain)
511 goto done;
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900[diff] [blame]512 if (is_enforce) {
513 int error = tomoyo_supervisor(&r, "# wants to create domain\n"
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]514 "%s\n", tmp);
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900[diff] [blame]515 if (error == TOMOYO_RETRY_REQUEST)
516 goto retry;
517 if (error < 0)
518 goto done;
519 }
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]520 domain = tomoyo_find_or_assign_new_domain(tmp, old_domain->profile);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]521 done:
522 if (domain)
523 goto out;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]524 printk(KERN_WARNING "TOMOYO-ERROR: Domain '%s' not defined.\n", tmp);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]525 if (is_enforce)
526 retval = -EPERM;
527 else
Tetsuo Handaea13ddb2010-02-03 06:43:06 +0900[diff] [blame]528 old_domain->transition_failed = true;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]529 out:
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900[diff] [blame]530 if (!domain)
531 domain = old_domain;
Tetsuo Handaec8e6a42010-02-11 09:43:20 +0900[diff] [blame]532 /* Update reference count on "struct tomoyo_domain_info". */
533 atomic_inc(&domain->users);
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900[diff] [blame]534 bprm->cred->security = domain;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900[diff] [blame]535 if (need_kfree)
536 kfree(rn.name);
Tetsuo Handa8e2d39a2010-01-26 20:45:27 +0900[diff] [blame]537 kfree(tmp);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900[diff] [blame]538 return retval;
539}