Linux/security/ccsecurity/lsm2ccsecurity.c

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 /* 2 * security/ccsecurity/lsm2ccsecurity.c 3 * 4 * Copyright (C) 2005-2012 NTT DATA CORPORATION 5 * 6 * Version: 1.8.11 2024/07/15 7 */ 8 9 #include <linux/path.h> 10 #include <linux/security.h> 11 #include <linux/ccsecurity.h> 12 #include "check_security_file_ioctl_compat.h" 13 14 int ccs_sb_umount(struct vfsmount *mnt, int flags) 15 { 16 return ccs_umount_permission(mnt, flags); 17 } 18 19 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 1, 0) 20 int ccs_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) 21 { 22 return ccs_getattr_permission(mnt, dentry); 23 } 24 #else 25 int ccs_inode_getattr(const struct path *path) 26 { 27 return ccs_getattr_permission(path->mnt, path->dentry); 28 } 29 #endif 30 31 int ccs_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 32 { 33 return ccs_ioctl_permission(file, cmd, arg); 34 } 35 36 int ccs_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) 37 { 38 return ccs_fcntl_permission(file, cmd, arg); 39 } 40 41 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0) || (defined(RHEL_MAJOR) && RHEL_MAJOR == 8) 42 int ccs_file_open(struct file *file) 43 { 44 return ccs_open_permission(file); 45 } 46 #else 47 int ccs_file_open(struct file *file, const struct cred *cred) 48 { 49 return ccs_open_permission(file); 50 } 51 #endif 52 53 int ccs_socket_create(int family, int type, int protocol, int kern) 54 { 55 return ccs_socket_create_permission(family, type, protocol); 56 } 57 58 int ccs_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) 59 { 60 return ccs_socket_bind_permission(sock, address, addrlen); 61 } 62 63 int ccs_socket_connect(struct socket *sock, struct sockaddr *address, 64 int addrlen) 65 { 66 return ccs_socket_connect_permission(sock, address, addrlen); 67 } 68 69 int ccs_socket_listen(struct socket *sock, int backlog) 70 { 71 return ccs_socket_listen_permission(sock); 72 } 73 74 int ccs_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) 75 { 76 return ccs_socket_sendmsg_permission(sock, msg, size); 77 } 78 79 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 7, 0) 80 81 int ccs_settime(const struct timespec64 *ts, const struct timezone *tz) 82 { 83 return ccs_capable(CCS_SYS_SETTIME) ? 0 : -EPERM; 84 } 85 86 int ccs_sb_mount(const char *dev_name, const struct path *path, 87 const char *type, unsigned long flags, void *data) 88 { 89 return ccs_mount_permission(dev_name, path, type, flags, data); 90 } 91 92 int ccs_sb_pivotroot(const struct path *old_path, const struct path *new_path) 93 { 94 return ccs_pivot_root_permission(old_path, new_path); 95 } 96 97 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) 98 int ccs_move_mount(const struct path *from_path, const struct path *to_path); 99 int ccs_move_mount(const struct path *from_path, const struct path *to_path) 100 { 101 return ccs_move_mount_permission(from_path, to_path); 102 } 103 #endif 104 105 int ccs_path_unlink(const struct path *dir, struct dentry *dentry) 106 { 107 return ccs_unlink_permission(dentry, dir->mnt); 108 } 109 110 int ccs_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) 111 { 112 return ccs_mkdir_permission(dentry, dir->mnt, mode); 113 } 114 115 int ccs_path_rmdir(const struct path *dir, struct dentry *dentry) 116 { 117 return ccs_rmdir_permission(dentry, dir->mnt); 118 } 119 120 int ccs_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, 121 unsigned int dev) 122 { 123 return ccs_mknod_permission(dentry, dir->mnt, mode, dev); 124 } 125 126 int ccs_file_truncate(struct file *file); 127 int ccs_file_truncate(struct file *file) 128 { 129 return ccs_path_truncate(&file->f_path); 130 } 131 132 int ccs_path_truncate(const struct path *path) 133 { 134 return ccs_truncate_permission(path->dentry, path->mnt); 135 } 136 137 int ccs_path_symlink(const struct path *dir, struct dentry *dentry, 138 const char *old_name) 139 { 140 return ccs_symlink_permission(dentry, dir->mnt, old_name); 141 } 142 143 int ccs_path_link(struct dentry *old_dentry, const struct path *new_dir, 144 struct dentry *new_dentry) 145 { 146 return ccs_link_permission(old_dentry, new_dentry, new_dir->mnt); 147 } 148 149 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 19, 0) 150 int ccs_path_rename(const struct path *old_dir, struct dentry *old_dentry, 151 const struct path *new_dir, struct dentry *new_dentry, 152 const unsigned int flags) 153 { 154 return ccs_rename_permission(old_dentry, new_dentry, new_dir->mnt, 155 flags); 156 } 157 #else 158 int ccs_path_rename(const struct path *old_dir, struct dentry *old_dentry, 159 const struct path *new_dir, struct dentry *new_dentry) 160 { 161 return ccs_rename_permission(old_dentry, new_dentry, new_dir->mnt); 162 } 163 #endif 164 165 int ccs_path_chmod(const struct path *path, umode_t mode) 166 { 167 return ccs_chmod_permission(path->dentry, path->mnt, mode); 168 } 169 170 int ccs_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 171 { 172 return ccs_chown_permission(path->dentry, path->mnt, uid, gid); 173 } 174 175 int ccs_path_chroot(const struct path *path) 176 { 177 return ccs_chroot_permission(path); 178 } 179 180 #else 181 182 int ccs_settime(const struct timespec *ts, const struct timezone *tz) 183 { 184 return ccs_capable(CCS_SYS_SETTIME) ? 0 : -EPERM; 185 } 186 187 int ccs_sb_mount(const char *dev_name, struct path *path, const char *type, 188 unsigned long flags, void *data) 189 { 190 return ccs_mount_permission(dev_name, path, type, flags, data); 191 } 192 193 int ccs_sb_pivotroot(struct path *old_path, struct path *new_path) 194 { 195 return ccs_pivot_root_permission(old_path, new_path); 196 } 197 198 int ccs_path_unlink(struct path *dir, struct dentry *dentry) 199 { 200 return ccs_unlink_permission(dentry, dir->mnt); 201 } 202 203 int ccs_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) 204 { 205 return ccs_mkdir_permission(dentry, dir->mnt, mode); 206 } 207 208 int ccs_path_rmdir(struct path *dir, struct dentry *dentry) 209 { 210 return ccs_rmdir_permission(dentry, dir->mnt); 211 } 212 213 int ccs_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, 214 unsigned int dev) 215 { 216 return ccs_mknod_permission(dentry, dir->mnt, mode, dev); 217 } 218 219 int ccs_path_truncate(struct path *path) 220 { 221 return ccs_truncate_permission(path->dentry, path->mnt); 222 } 223 224 int ccs_path_symlink(struct path *dir, struct dentry *dentry, 225 const char *old_name) 226 { 227 return ccs_symlink_permission(dentry, dir->mnt, old_name); 228 } 229 230 int ccs_path_link(struct dentry *old_dentry, struct path *new_dir, 231 struct dentry *new_dentry) 232 { 233 return ccs_link_permission(old_dentry, new_dentry, new_dir->mnt); 234 } 235 236 int ccs_path_rename(struct path *old_dir, struct dentry *old_dentry, 237 struct path *new_dir, struct dentry *new_dentry) 238 { 239 return ccs_rename_permission(old_dentry, new_dentry, new_dir->mnt); 240 } 241 242 int ccs_path_chmod(struct path *path, umode_t mode) 243 { 244 return ccs_chmod_permission(path->dentry, path->mnt, mode); 245 } 246 247 int ccs_path_chown(struct path *path, kuid_t uid, kgid_t gid) 248 { 249 return ccs_chown_permission(path->dentry, path->mnt, uid, gid); 250 } 251 252 int ccs_path_chroot(struct path *path) 253 { 254 return ccs_chroot_permission(path); 255 } 256 257 #endif 258 259 #if !defined(CONFIG_SECURITY_PATH) 260 EXPORT_SYMBOL(ccs_path_mkdir); 261 EXPORT_SYMBOL(ccs_path_mknod); 262 EXPORT_SYMBOL(ccs_path_unlink); 263 EXPORT_SYMBOL(ccs_path_rename); 264 #endif 265 266 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) && defined(CONFIG_SECURITY) 267 268 #include <linux/lsm_hooks.h> 269 270 static struct security_hook_list ccsecurity_hooks[] = { 271 LSM_HOOK_INIT(settime, ccs_settime), 272 LSM_HOOK_INIT(sb_mount, ccs_sb_mount), 273 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) 274 LSM_HOOK_INIT(move_mount, ccs_move_mount), 275 #endif 276 LSM_HOOK_INIT(sb_umount, ccs_sb_umount), 277 LSM_HOOK_INIT(sb_pivotroot, ccs_sb_pivotroot), 278 LSM_HOOK_INIT(inode_getattr, ccs_inode_getattr), 279 LSM_HOOK_INIT(file_ioctl, ccs_file_ioctl), 280 #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) || defined(HAVE_SECURITY_FILE_IOCTL_COMPAT) 281 LSM_HOOK_INIT(file_ioctl_compat, ccs_file_ioctl), 282 #endif 283 LSM_HOOK_INIT(file_fcntl, ccs_file_fcntl), 284 LSM_HOOK_INIT(file_open, ccs_file_open), 285 #if defined(CONFIG_SECURITY_NETWORK) 286 LSM_HOOK_INIT(socket_create, ccs_socket_create), 287 LSM_HOOK_INIT(socket_bind, ccs_socket_bind), 288 LSM_HOOK_INIT(socket_connect, ccs_socket_connect), 289 LSM_HOOK_INIT(socket_listen, ccs_socket_listen), 290 LSM_HOOK_INIT(socket_sendmsg, ccs_socket_sendmsg), 291 #endif 292 #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 2, 0) 293 LSM_HOOK_INIT(file_truncate, ccs_file_truncate), 294 #endif 295 #if defined(CONFIG_SECURITY_PATH) 296 LSM_HOOK_INIT(path_unlink, ccs_path_unlink), 297 LSM_HOOK_INIT(path_mkdir, ccs_path_mkdir), 298 LSM_HOOK_INIT(path_rmdir, ccs_path_rmdir), 299 LSM_HOOK_INIT(path_mknod, ccs_path_mknod), 300 LSM_HOOK_INIT(path_truncate, ccs_path_truncate), 301 LSM_HOOK_INIT(path_symlink, ccs_path_symlink), 302 LSM_HOOK_INIT(path_link, ccs_path_link), 303 LSM_HOOK_INIT(path_rename, ccs_path_rename), 304 LSM_HOOK_INIT(path_chmod, ccs_path_chmod), 305 LSM_HOOK_INIT(path_chown, ccs_path_chown), 306 LSM_HOOK_INIT(path_chroot, ccs_path_chroot), 307 #endif 308 }; 309 310 static int __init ccs_add_hooks(void) 311 { 312 #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) 313 int i; 314 #endif 315 if (ccsecurity_ops.disabled) 316 return 0; 317 #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) 318 for (i = 0; i < ARRAY_SIZE(ccsecurity_hooks); i++) { 319 ccsecurity_hooks[i].lsmid = LSM_ID_UNDEF; 320 hlist_add_tail_rcu(&ccsecurity_hooks[i].list, ccsecurity_hooks[i].head); 321 } 322 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0) 323 security_add_hooks(ccsecurity_hooks, ARRAY_SIZE(ccsecurity_hooks), 324 "ccsecurity"); 325 #else 326 security_add_hooks(ccsecurity_hooks, ARRAY_SIZE(ccsecurity_hooks)); 327 #endif 328 return 0; 329 } 330 late_initcall(ccs_add_hooks); 331 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) && defined(CONFIG_SECURITY) */ 332

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/security/ccsecurity/lsm2ccsecurity.c

TOMOYO Linux Cross Reference
Linux/security/ccsecurity/lsm2ccsecurity.c