1 // SPDX-License-Identifier: GPL-2.0-only 1
2 /*
3 * inode.c - securityfs
4 *
5 * Copyright (C) 2005 Greg Kroah-Hartman <gre
6 *
7 * Based on fs/debugfs/inode.c which had the
8 * Copyright (C) 2004 Greg Kroah-Hartman <g
9 * Copyright (C) 2004 IBM Inc.
10 */
11
12 /* #define DEBUG */
13 #include <linux/sysfs.h>
14 #include <linux/kobject.h>
15 #include <linux/fs.h>
16 #include <linux/fs_context.h>
17 #include <linux/mount.h>
18 #include <linux/pagemap.h>
19 #include <linux/init.h>
20 #include <linux/namei.h>
21 #include <linux/security.h>
22 #include <linux/lsm_hooks.h>
23 #include <linux/magic.h>
24
25 static struct vfsmount *mount;
26 static int mount_count;
27
28 static void securityfs_free_inode(struct inode
29 {
30 if (S_ISLNK(inode->i_mode))
31 kfree(inode->i_link);
32 free_inode_nonrcu(inode);
33 }
34
35 static const struct super_operations securityf
36 .statfs = simple_statfs,
37 .free_inode = securityfs_free_inod
38 };
39
40 static int securityfs_fill_super(struct super_
41 {
42 static const struct tree_descr files[]
43 int error;
44
45 error = simple_fill_super(sb, SECURITY
46 if (error)
47 return error;
48
49 sb->s_op = &securityfs_super_operation
50
51 return 0;
52 }
53
54 static int securityfs_get_tree(struct fs_conte
55 {
56 return get_tree_single(fc, securityfs_
57 }
58
59 static const struct fs_context_operations secu
60 .get_tree = securityfs_get_tree,
61 };
62
63 static int securityfs_init_fs_context(struct f
64 {
65 fc->ops = &securityfs_context_ops;
66 return 0;
67 }
68
69 static struct file_system_type fs_type = {
70 .owner = THIS_MODULE,
71 .name = "securityfs",
72 .init_fs_context = securityfs_init_fs_
73 .kill_sb = kill_litter_super,
74 };
75
76 /**
77 * securityfs_create_dentry - create a dentry
78 *
79 * @name: a pointer to a string containing the
80 * @mode: the permission that the file should
81 * @parent: a pointer to the parent dentry for
82 * directory dentry if set. If this
83 * file will be created in the root o
84 * @data: a pointer to something that the call
85 * on. The inode.i_private pointer wil
86 * the open() call.
87 * @fops: a pointer to a struct file_operation
88 * this file.
89 * @iops: a point to a struct of inode_operati
90 * this file/dir
91 *
92 * This is the basic "create a file/dir/symlin
93 * securityfs. It allows for a wide range of
94 * a file, or a directory (if you want to crea
95 * securityfs_create_dir() function is recomme
96 * instead).
97 *
98 * This function returns a pointer to a dentry
99 * pointer must be passed to the securityfs_re
100 * file is to be removed (no automatic cleanup
101 * is unloaded, you are responsible here). If
102 * function will return the error value (via E
103 *
104 * If securityfs is not enabled in the kernel,
105 * returned.
106 */
107 static struct dentry *securityfs_create_dentry
108 struct
109 const
110 const
111 {
112 struct dentry *dentry;
113 struct inode *dir, *inode;
114 int error;
115
116 if (!(mode & S_IFMT))
117 mode = (mode & S_IALLUGO) | S_
118
119 pr_debug("securityfs: creating file '%
120
121 error = simple_pin_fs(&fs_type, &mount
122 if (error)
123 return ERR_PTR(error);
124
125 if (!parent)
126 parent = mount->mnt_root;
127
128 dir = d_inode(parent);
129
130 inode_lock(dir);
131 dentry = lookup_one_len(name, parent,
132 if (IS_ERR(dentry))
133 goto out;
134
135 if (d_really_is_positive(dentry)) {
136 error = -EEXIST;
137 goto out1;
138 }
139
140 inode = new_inode(dir->i_sb);
141 if (!inode) {
142 error = -ENOMEM;
143 goto out1;
144 }
145
146 inode->i_ino = get_next_ino();
147 inode->i_mode = mode;
148 simple_inode_init_ts(inode);
149 inode->i_private = data;
150 if (S_ISDIR(mode)) {
151 inode->i_op = &simple_dir_inod
152 inode->i_fop = &simple_dir_ope
153 inc_nlink(inode);
154 inc_nlink(dir);
155 } else if (S_ISLNK(mode)) {
156 inode->i_op = iops ? iops : &s
157 inode->i_link = data;
158 } else {
159 inode->i_fop = fops;
160 }
161 d_instantiate(dentry, inode);
162 dget(dentry);
163 inode_unlock(dir);
164 return dentry;
165
166 out1:
167 dput(dentry);
168 dentry = ERR_PTR(error);
169 out:
170 inode_unlock(dir);
171 simple_release_fs(&mount, &mount_count
172 return dentry;
173 }
174
175 /**
176 * securityfs_create_file - create a file in t
177 *
178 * @name: a pointer to a string containing the
179 * @mode: the permission that the file should
180 * @parent: a pointer to the parent dentry for
181 * directory dentry if set. If this
182 * file will be created in the root o
183 * @data: a pointer to something that the call
184 * on. The inode.i_private pointer wil
185 * the open() call.
186 * @fops: a pointer to a struct file_operation
187 * this file.
188 *
189 * This function creates a file in securityfs
190 *
191 * This function returns a pointer to a dentry
192 * pointer must be passed to the securityfs_re
193 * to be removed (no automatic cleanup happens
194 * you are responsible here). If an error occ
195 * the error value (via ERR_PTR).
196 *
197 * If securityfs is not enabled in the kernel,
198 * returned.
199 */
200 struct dentry *securityfs_create_file(const ch
201 struct d
202 const st
203 {
204 return securityfs_create_dentry(name,
205 }
206 EXPORT_SYMBOL_GPL(securityfs_create_file);
207
208 /**
209 * securityfs_create_dir - create a directory
210 *
211 * @name: a pointer to a string containing the
212 * create.
213 * @parent: a pointer to the parent dentry for
214 * directory dentry if set. If this
215 * directory will be created in the r
216 *
217 * This function creates a directory in securi
218 *
219 * This function returns a pointer to a dentry
220 * pointer must be passed to the securityfs_re
221 * to be removed (no automatic cleanup happens
222 * you are responsible here). If an error occ
223 * the error value (via ERR_PTR).
224 *
225 * If securityfs is not enabled in the kernel,
226 * returned.
227 */
228 struct dentry *securityfs_create_dir(const cha
229 {
230 return securityfs_create_file(name, S_
231 }
232 EXPORT_SYMBOL_GPL(securityfs_create_dir);
233
234 /**
235 * securityfs_create_symlink - create a symlin
236 *
237 * @name: a pointer to a string containing the
238 * create.
239 * @parent: a pointer to the parent dentry for
240 * directory dentry if set. If this
241 * directory will be created in the r
242 * @target: a pointer to a string containing t
243 * If this parameter is %NULL, then t
244 * setup to handle .readlink and .get
245 * @iops: a pointer to the struct inode_operat
246 * this parameter is %NULL, then the de
247 * operations will be used.
248 *
249 * This function creates a symlink in security
250 *
251 * This function returns a pointer to a dentry
252 * pointer must be passed to the securityfs_re
253 * to be removed (no automatic cleanup happens
254 * you are responsible here). If an error occ
255 * the error value (via ERR_PTR).
256 *
257 * If securityfs is not enabled in the kernel,
258 * returned.
259 */
260 struct dentry *securityfs_create_symlink(const
261 struc
262 const
263 const
264 {
265 struct dentry *dent;
266 char *link = NULL;
267
268 if (target) {
269 link = kstrdup(target, GFP_KER
270 if (!link)
271 return ERR_PTR(-ENOMEM
272 }
273 dent = securityfs_create_dentry(name,
274 link,
275 if (IS_ERR(dent))
276 kfree(link);
277
278 return dent;
279 }
280 EXPORT_SYMBOL_GPL(securityfs_create_symlink);
281
282 /**
283 * securityfs_remove - removes a file or direc
284 *
285 * @dentry: a pointer to a the dentry of the f
286 *
287 * This function removes a file or directory i
288 * created with a call to another securityfs f
289 * securityfs_create_file() or variants thereo
290 *
291 * This function is required to be called in o
292 * removed. No automatic cleanup of files will
293 * removed; you are responsible here.
294 */
295 void securityfs_remove(struct dentry *dentry)
296 {
297 struct inode *dir;
298
299 if (IS_ERR_OR_NULL(dentry))
300 return;
301
302 dir = d_inode(dentry->d_parent);
303 inode_lock(dir);
304 if (simple_positive(dentry)) {
305 if (d_is_dir(dentry))
306 simple_rmdir(dir, dent
307 else
308 simple_unlink(dir, den
309 dput(dentry);
310 }
311 inode_unlock(dir);
312 simple_release_fs(&mount, &mount_count
313 }
314 EXPORT_SYMBOL_GPL(securityfs_remove);
315
316 static void remove_one(struct dentry *victim)
317 {
318 simple_release_fs(&mount, &mount_count
319 }
320
321 /**
322 * securityfs_recursive_remove - recursively r
323 *
324 * @dentry: a pointer to a the dentry of the f
325 *
326 * This function recursively removes a file or
327 * previously created with a call to another s
328 * securityfs_create_file() or variants thereo
329 */
330 void securityfs_recursive_remove(struct dentry
331 {
332 if (IS_ERR_OR_NULL(dentry))
333 return;
334
335 simple_pin_fs(&fs_type, &mount, &mount
336 simple_recursive_removal(dentry, remov
337 simple_release_fs(&mount, &mount_count
338 }
339 EXPORT_SYMBOL_GPL(securityfs_recursive_remove)
340
341 #ifdef CONFIG_SECURITY
342 static struct dentry *lsm_dentry;
343 static ssize_t lsm_read(struct file *filp, cha
344 loff_t *ppos)
345 {
346 return simple_read_from_buffer(buf, co
347 strlen(lsm_names));
348 }
349
350 static const struct file_operations lsm_ops =
351 .read = lsm_read,
352 .llseek = generic_file_llseek,
353 };
354 #endif
355
356 static int __init securityfs_init(void)
357 {
358 int retval;
359
360 retval = sysfs_create_mount_point(kern
361 if (retval)
362 return retval;
363
364 retval = register_filesystem(&fs_type)
365 if (retval) {
366 sysfs_remove_mount_point(kerne
367 return retval;
368 }
369 #ifdef CONFIG_SECURITY
370 lsm_dentry = securityfs_create_file("l
371
372 #endif
373 return 0;
374 }
375 core_initcall(securityfs_init);
376
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.