blob: d818717954f89ba28b6eedac1b07f2d5f98862ed [file] [log] [blame]
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +09001/*
2 * security/tomoyo/domain.c
3 *
Tetsuo Handac3ef1502010-05-17 10:12:46 +09004 * Domain transition functions for TOMOYO.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +09005 *
Tetsuo Handac3ef1502010-05-17 10:12:46 +09006 * Copyright (C) 2005-2010 NTT DATA CORPORATION
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +09007 */
8
9#include "common.h"
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +090010#include <linux/binfmts.h>
Tejun Heo5a0e3ad2010-03-24 17:04:11 +090011#include <linux/slab.h>
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +090012
13/* Variables definitions.*/
14
15/* The initial domain. */
16struct tomoyo_domain_info tomoyo_kernel_domain;
17
Tetsuo Handa237ab452010-06-12 20:46:22 +090018/**
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090019 * tomoyo_update_policy - Update an entry for exception policy.
20 *
21 * @new_entry: Pointer to "struct tomoyo_acl_info".
22 * @size: Size of @new_entry in bytes.
Tetsuo Handaa238cf52011-06-26 23:17:10 +090023 * @param: Pointer to "struct tomoyo_acl_param".
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090024 * @check_duplicate: Callback function to find duplicated entry.
25 *
26 * Returns 0 on success, negative value otherwise.
27 *
28 * Caller holds tomoyo_read_lock().
29 */
30int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
Tetsuo Handaa238cf52011-06-26 23:17:10 +090031 struct tomoyo_acl_param *param,
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090032 bool (*check_duplicate) (const struct tomoyo_acl_head
33 *,
34 const struct tomoyo_acl_head
35 *))
36{
Tetsuo Handaa238cf52011-06-26 23:17:10 +090037 int error = param->is_delete ? -ENOENT : -ENOMEM;
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090038 struct tomoyo_acl_head *entry;
Tetsuo Handaa238cf52011-06-26 23:17:10 +090039 struct list_head *list = param->list;
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090040
41 if (mutex_lock_interruptible(&tomoyo_policy_lock))
42 return -ENOMEM;
43 list_for_each_entry_rcu(entry, list, list) {
44 if (!check_duplicate(entry, new_entry))
45 continue;
Tetsuo Handaa238cf52011-06-26 23:17:10 +090046 entry->is_deleted = param->is_delete;
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090047 error = 0;
48 break;
49 }
Tetsuo Handaa238cf52011-06-26 23:17:10 +090050 if (error && !param->is_delete) {
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090051 entry = tomoyo_commit_ok(new_entry, size);
52 if (entry) {
53 list_add_tail_rcu(&entry->list, list);
54 error = 0;
55 }
56 }
57 mutex_unlock(&tomoyo_policy_lock);
58 return error;
59}
60
61/**
Tetsuo Handa0df7e8b2011-06-26 23:16:36 +090062 * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
63 *
64 * @a: Pointer to "struct tomoyo_acl_info".
65 * @b: Pointer to "struct tomoyo_acl_info".
66 *
67 * Returns true if @a == @b, false otherwise.
68 */
69static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,
70 const struct tomoyo_acl_info *b)
71{
72 return a->type == b->type;
73}
74
75/**
Tetsuo Handa237ab452010-06-12 20:46:22 +090076 * tomoyo_update_domain - Update an entry for domain policy.
77 *
78 * @new_entry: Pointer to "struct tomoyo_acl_info".
79 * @size: Size of @new_entry in bytes.
Tetsuo Handaa238cf52011-06-26 23:17:10 +090080 * @param: Pointer to "struct tomoyo_acl_param".
Tetsuo Handa237ab452010-06-12 20:46:22 +090081 * @check_duplicate: Callback function to find duplicated entry.
82 * @merge_duplicate: Callback function to merge duplicated entry.
83 *
84 * Returns 0 on success, negative value otherwise.
85 *
86 * Caller holds tomoyo_read_lock().
87 */
88int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
Tetsuo Handaa238cf52011-06-26 23:17:10 +090089 struct tomoyo_acl_param *param,
Tetsuo Handa237ab452010-06-12 20:46:22 +090090 bool (*check_duplicate) (const struct tomoyo_acl_info
91 *,
92 const struct tomoyo_acl_info
93 *),
94 bool (*merge_duplicate) (struct tomoyo_acl_info *,
95 struct tomoyo_acl_info *,
96 const bool))
97{
Tetsuo Handaa238cf52011-06-26 23:17:10 +090098 const bool is_delete = param->is_delete;
Tetsuo Handa237ab452010-06-12 20:46:22 +090099 int error = is_delete ? -ENOENT : -ENOMEM;
100 struct tomoyo_acl_info *entry;
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900101 struct list_head * const list = param->list;
Tetsuo Handa237ab452010-06-12 20:46:22 +0900102
103 if (mutex_lock_interruptible(&tomoyo_policy_lock))
104 return error;
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900105 list_for_each_entry_rcu(entry, list, list) {
Tetsuo Handa0df7e8b2011-06-26 23:16:36 +0900106 if (!tomoyo_same_acl_head(entry, new_entry) ||
107 !check_duplicate(entry, new_entry))
Tetsuo Handa237ab452010-06-12 20:46:22 +0900108 continue;
109 if (merge_duplicate)
110 entry->is_deleted = merge_duplicate(entry, new_entry,
111 is_delete);
112 else
113 entry->is_deleted = is_delete;
114 error = 0;
115 break;
116 }
117 if (error && !is_delete) {
118 entry = tomoyo_commit_ok(new_entry, size);
119 if (entry) {
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900120 list_add_tail_rcu(&entry->list, list);
Tetsuo Handa237ab452010-06-12 20:46:22 +0900121 error = 0;
122 }
123 }
124 mutex_unlock(&tomoyo_policy_lock);
125 return error;
126}
127
Tetsuo Handa99a85252010-06-16 16:22:51 +0900128void tomoyo_check_acl(struct tomoyo_request_info *r,
Tetsuo Handa484ca792010-07-29 14:29:55 +0900129 bool (*check_entry) (struct tomoyo_request_info *,
Tetsuo Handa99a85252010-06-16 16:22:51 +0900130 const struct tomoyo_acl_info *))
131{
132 const struct tomoyo_domain_info *domain = r->domain;
133 struct tomoyo_acl_info *ptr;
134
135 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
136 if (ptr->is_deleted || ptr->type != r->param_type)
137 continue;
138 if (check_entry(r, ptr)) {
139 r->granted = true;
140 return;
141 }
142 }
143 r->granted = false;
144}
145
Tetsuo Handaa230f9e2010-06-17 16:53:24 +0900146/* The list for "struct tomoyo_domain_info". */
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900147LIST_HEAD(tomoyo_domain_list);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900148
Tetsuo Handaa230f9e2010-06-17 16:53:24 +0900149struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
150struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
151
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900152/**
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900153 * tomoyo_last_word - Get last component of a domainname.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900154 *
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900155 * @domainname: Domainname to check.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900156 *
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900157 * Returns the last word of @domainname.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900158 */
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900159static const char *tomoyo_last_word(const char *name)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900160{
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900161 const char *cp = strrchr(name, ' ');
162 if (cp)
163 return cp + 1;
164 return name;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900165}
166
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900167/**
168 * tomoyo_same_transition_control - Check for duplicated "struct tomoyo_transition_control" entry.
169 *
170 * @a: Pointer to "struct tomoyo_acl_head".
171 * @b: Pointer to "struct tomoyo_acl_head".
172 *
173 * Returns true if @a == @b, false otherwise.
174 */
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900175static bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a,
176 const struct tomoyo_acl_head *b)
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900177{
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900178 const struct tomoyo_transition_control *p1 = container_of(a,
179 typeof(*p1),
180 head);
181 const struct tomoyo_transition_control *p2 = container_of(b,
182 typeof(*p2),
183 head);
184 return p1->type == p2->type && p1->is_last_name == p2->is_last_name
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900185 && p1->domainname == p2->domainname
186 && p1->program == p2->program;
187}
188
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900189/**
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900190 * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900191 *
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900192 * @param: Pointer to "struct tomoyo_acl_param".
193 * @type: Type of this entry.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900194 *
195 * Returns 0 on success, negative value otherwise.
196 */
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900197int tomoyo_write_transition_control(struct tomoyo_acl_param *param,
198 const u8 type)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900199{
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900200 struct tomoyo_transition_control e = { .type = type };
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900201 int error = param->is_delete ? -ENOENT : -ENOMEM;
202 char *program = param->data;
203 char *domainname = strstr(program, " from ");
204 if (domainname) {
205 *domainname = '\0';
206 domainname += 6;
207 } else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP ||
208 type == TOMOYO_TRANSITION_CONTROL_KEEP) {
209 domainname = program;
210 program = NULL;
211 }
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900212 if (program) {
Tetsuo Handa75093152010-06-16 16:23:55 +0900213 if (!tomoyo_correct_path(program))
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900214 return -EINVAL;
Tetsuo Handa9e4b50e2010-05-06 12:40:02 +0900215 e.program = tomoyo_get_name(program);
216 if (!e.program)
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900217 goto out;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900218 }
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900219 if (domainname) {
220 if (!tomoyo_correct_domain(domainname)) {
221 if (!tomoyo_correct_path(domainname))
222 goto out;
223 e.is_last_name = true;
224 }
225 e.domainname = tomoyo_get_name(domainname);
226 if (!e.domainname)
227 goto out;
228 }
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900229 param->list = &tomoyo_policy_list[TOMOYO_ID_TRANSITION_CONTROL];
230 error = tomoyo_update_policy(&e.head, sizeof(e), param,
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900231 tomoyo_same_transition_control);
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900232out:
Tetsuo Handa9e4b50e2010-05-06 12:40:02 +0900233 tomoyo_put_name(e.domainname);
234 tomoyo_put_name(e.program);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900235 return error;
236}
237
238/**
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900239 * tomoyo_transition_type - Get domain transition type.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900240 *
241 * @domainname: The name of domain.
242 * @program: The name of program.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900243 *
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900244 * Returns TOMOYO_TRANSITION_CONTROL_INITIALIZE if executing @program
245 * reinitializes domain transition, TOMOYO_TRANSITION_CONTROL_KEEP if executing
246 * @program suppresses domain transition, others otherwise.
Tetsuo Handafdb8ebb2009-12-08 09:34:43 +0900247 *
248 * Caller holds tomoyo_read_lock().
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900249 */
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900250static u8 tomoyo_transition_type(const struct tomoyo_path_info *domainname,
251 const struct tomoyo_path_info *program)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900252{
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900253 const struct tomoyo_transition_control *ptr;
254 const char *last_name = tomoyo_last_word(domainname->name);
255 u8 type;
256 for (type = 0; type < TOMOYO_MAX_TRANSITION_TYPE; type++) {
257 next:
258 list_for_each_entry_rcu(ptr, &tomoyo_policy_list
259 [TOMOYO_ID_TRANSITION_CONTROL],
260 head.list) {
261 if (ptr->head.is_deleted || ptr->type != type)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900262 continue;
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900263 if (ptr->domainname) {
264 if (!ptr->is_last_name) {
265 if (ptr->domainname != domainname)
266 continue;
267 } else {
268 /*
269 * Use direct strcmp() since this is
270 * unlikely used.
271 */
272 if (strcmp(ptr->domainname->name,
273 last_name))
274 continue;
275 }
276 }
277 if (ptr->program &&
278 tomoyo_pathcmp(ptr->program, program))
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900279 continue;
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900280 if (type == TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) {
281 /*
282 * Do not check for initialize_domain if
283 * no_initialize_domain matched.
284 */
285 type = TOMOYO_TRANSITION_CONTROL_NO_KEEP;
286 goto next;
287 }
288 goto done;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900289 }
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900290 }
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900291 done:
292 return type;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900293}
294
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900295/**
296 * tomoyo_same_aggregator - Check for duplicated "struct tomoyo_aggregator" entry.
297 *
298 * @a: Pointer to "struct tomoyo_acl_head".
299 * @b: Pointer to "struct tomoyo_acl_head".
300 *
301 * Returns true if @a == @b, false otherwise.
302 */
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900303static bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a,
304 const struct tomoyo_acl_head *b)
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900305{
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900306 const struct tomoyo_aggregator *p1 = container_of(a, typeof(*p1),
307 head);
308 const struct tomoyo_aggregator *p2 = container_of(b, typeof(*p2),
309 head);
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900310 return p1->original_name == p2->original_name &&
311 p1->aggregated_name == p2->aggregated_name;
312}
313
Tetsuo Handa10843072010-06-03 20:38:03 +0900314/**
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900315 * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
Tetsuo Handa10843072010-06-03 20:38:03 +0900316 *
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900317 * @param: Pointer to "struct tomoyo_acl_param".
Tetsuo Handa10843072010-06-03 20:38:03 +0900318 *
319 * Returns 0 on success, negative value otherwise.
320 *
321 * Caller holds tomoyo_read_lock().
322 */
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900323int tomoyo_write_aggregator(struct tomoyo_acl_param *param)
Tetsuo Handa10843072010-06-03 20:38:03 +0900324{
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900325 struct tomoyo_aggregator e = { };
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900326 int error = param->is_delete ? -ENOENT : -ENOMEM;
327 const char *original_name = tomoyo_read_token(param);
328 const char *aggregated_name = tomoyo_read_token(param);
329 if (!tomoyo_correct_word(original_name) ||
Tetsuo Handa75093152010-06-16 16:23:55 +0900330 !tomoyo_correct_path(aggregated_name))
Tetsuo Handa10843072010-06-03 20:38:03 +0900331 return -EINVAL;
332 e.original_name = tomoyo_get_name(original_name);
333 e.aggregated_name = tomoyo_get_name(aggregated_name);
334 if (!e.original_name || !e.aggregated_name ||
335 e.aggregated_name->is_patterned) /* No patterns allowed. */
336 goto out;
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900337 param->list = &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR];
338 error = tomoyo_update_policy(&e.head, sizeof(e), param,
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900339 tomoyo_same_aggregator);
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900340out:
Tetsuo Handa10843072010-06-03 20:38:03 +0900341 tomoyo_put_name(e.original_name);
342 tomoyo_put_name(e.aggregated_name);
343 return error;
344}
345
346/**
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900347 * tomoyo_assign_domain - Create a domain.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900348 *
349 * @domainname: The name of domain.
350 * @profile: Profile number to assign if the domain was newly created.
351 *
352 * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
Tetsuo Handafdb8ebb2009-12-08 09:34:43 +0900353 *
354 * Caller holds tomoyo_read_lock().
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900355 */
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900356struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
357 const u8 profile)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900358{
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900359 struct tomoyo_domain_info *entry;
Tetsuo Handa29282382010-05-06 00:18:15 +0900360 struct tomoyo_domain_info *domain = NULL;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900361 const struct tomoyo_path_info *saved_domainname;
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900362 bool found = false;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900363
Tetsuo Handa75093152010-06-16 16:23:55 +0900364 if (!tomoyo_correct_domain(domainname))
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900365 return NULL;
Tetsuo Handabf24fb02010-02-11 09:41:58 +0900366 saved_domainname = tomoyo_get_name(domainname);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900367 if (!saved_domainname)
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900368 return NULL;
Tetsuo Handa4e5d6f72010-04-28 14:17:42 +0900369 entry = kzalloc(sizeof(*entry), GFP_NOFS);
Tetsuo Handa29282382010-05-06 00:18:15 +0900370 if (mutex_lock_interruptible(&tomoyo_policy_lock))
371 goto out;
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900372 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
373 if (domain->is_deleted ||
374 tomoyo_pathcmp(saved_domainname, domain->domainname))
375 continue;
376 found = true;
377 break;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900378 }
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900379 if (!found && tomoyo_memory_ok(entry)) {
380 INIT_LIST_HEAD(&entry->acl_info_list);
381 entry->domainname = saved_domainname;
Tetsuo Handabf24fb02010-02-11 09:41:58 +0900382 saved_domainname = NULL;
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900383 entry->profile = profile;
384 list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
385 domain = entry;
386 entry = NULL;
387 found = true;
388 }
Tetsuo Handaf737d952010-01-03 21:16:32 +0900389 mutex_unlock(&tomoyo_policy_lock);
Tetsuo Handa29282382010-05-06 00:18:15 +0900390 out:
Tetsuo Handabf24fb02010-02-11 09:41:58 +0900391 tomoyo_put_name(saved_domainname);
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900392 kfree(entry);
393 return found ? domain : NULL;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900394}
395
396/**
397 * tomoyo_find_next_domain - Find a domain.
398 *
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900399 * @bprm: Pointer to "struct linux_binprm".
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900400 *
401 * Returns 0 on success, negative value otherwise.
Tetsuo Handafdb8ebb2009-12-08 09:34:43 +0900402 *
403 * Caller holds tomoyo_read_lock().
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900404 */
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900405int tomoyo_find_next_domain(struct linux_binprm *bprm)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900406{
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900407 struct tomoyo_request_info r;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900408 char *tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900409 struct tomoyo_domain_info *old_domain = tomoyo_domain();
410 struct tomoyo_domain_info *domain = NULL;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900411 const char *original_name = bprm->filename;
Tetsuo Handa57c25902010-06-03 20:38:44 +0900412 u8 mode;
413 bool is_enforce;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900414 int retval = -ENOMEM;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900415 bool need_kfree = false;
416 struct tomoyo_path_info rn = { }; /* real name */
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900417
Tetsuo Handa57c25902010-06-03 20:38:44 +0900418 mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
419 is_enforce = (mode == TOMOYO_CONFIG_ENFORCING);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900420 if (!tmp)
421 goto out;
422
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900423 retry:
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900424 if (need_kfree) {
425 kfree(rn.name);
426 need_kfree = false;
427 }
Tetsuo Handa0617c7f2010-06-21 09:58:53 +0900428 /* Get symlink's pathname of program. */
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900429 retval = -ENOENT;
Tetsuo Handa0617c7f2010-06-21 09:58:53 +0900430 rn.name = tomoyo_realpath_nofollow(original_name);
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900431 if (!rn.name)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900432 goto out;
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900433 tomoyo_fill_path_info(&rn);
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900434 need_kfree = true;
435
Tetsuo Handa10843072010-06-03 20:38:03 +0900436 /* Check 'aggregator' directive. */
437 {
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900438 struct tomoyo_aggregator *ptr;
Tetsuo Handaa230f9e2010-06-17 16:53:24 +0900439 list_for_each_entry_rcu(ptr, &tomoyo_policy_list
440 [TOMOYO_ID_AGGREGATOR], head.list) {
Tetsuo Handa82e0f002010-06-15 09:22:42 +0900441 if (ptr->head.is_deleted ||
Tetsuo Handa10843072010-06-03 20:38:03 +0900442 !tomoyo_path_matches_pattern(&rn,
443 ptr->original_name))
444 continue;
Tetsuo Handa0617c7f2010-06-21 09:58:53 +0900445 kfree(rn.name);
Tetsuo Handa10843072010-06-03 20:38:03 +0900446 need_kfree = false;
447 /* This is OK because it is read only. */
448 rn = *ptr->aggregated_name;
449 break;
450 }
451 }
452
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900453 /* Check execute permission. */
Tetsuo Handa05336de2010-06-16 16:20:24 +0900454 retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn);
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900455 if (retval == TOMOYO_RETRY_REQUEST)
456 goto retry;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900457 if (retval < 0)
458 goto out;
Tetsuo Handa484ca792010-07-29 14:29:55 +0900459 /*
460 * To be able to specify domainnames with wildcards, use the
461 * pathname specified in the policy (which may contain
462 * wildcard) rather than the pathname passed to execve()
463 * (which never contains wildcard).
464 */
465 if (r.param.path.matched_path) {
466 if (need_kfree)
467 kfree(rn.name);
468 need_kfree = false;
469 /* This is OK because it is read only. */
470 rn = *r.param.path.matched_path;
471 }
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900472
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900473 /* Calculate domain to transit to. */
474 switch (tomoyo_transition_type(old_domain->domainname, &rn)) {
475 case TOMOYO_TRANSITION_CONTROL_INITIALIZE:
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900476 /* Transit to the child of tomoyo_kernel_domain domain. */
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900477 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, TOMOYO_ROOT_NAME " "
478 "%s", rn.name);
479 break;
480 case TOMOYO_TRANSITION_CONTROL_KEEP:
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900481 /* Keep current domain. */
482 domain = old_domain;
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900483 break;
484 default:
485 if (old_domain == &tomoyo_kernel_domain &&
486 !tomoyo_policy_loaded) {
487 /*
488 * Needn't to transit from kernel domain before
489 * starting /sbin/init. But transit from kernel domain
490 * if executing initializers because they might start
491 * before /sbin/init.
492 */
493 domain = old_domain;
494 } else {
495 /* Normal domain transition. */
496 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
497 old_domain->domainname->name, rn.name);
498 }
499 break;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900500 }
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900501 if (domain || strlen(tmp) >= TOMOYO_EXEC_TMPSIZE - 10)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900502 goto done;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900503 domain = tomoyo_find_domain(tmp);
Tetsuo Handa7c759642011-06-26 23:15:31 +0900504 if (!domain)
505 domain = tomoyo_assign_domain(tmp, old_domain->profile);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900506 done:
507 if (domain)
508 goto out;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900509 printk(KERN_WARNING "TOMOYO-ERROR: Domain '%s' not defined.\n", tmp);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900510 if (is_enforce)
511 retval = -EPERM;
512 else
Tetsuo Handaea13ddb2010-02-03 06:43:06 +0900513 old_domain->transition_failed = true;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900514 out:
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900515 if (!domain)
516 domain = old_domain;
Tetsuo Handaec8e6a42010-02-11 09:43:20 +0900517 /* Update reference count on "struct tomoyo_domain_info". */
518 atomic_inc(&domain->users);
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900519 bprm->cred->security = domain;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900520 if (need_kfree)
521 kfree(rn.name);
Tetsuo Handa8e2d39a2010-01-26 20:45:27 +0900522 kfree(tmp);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900523 return retval;
524}