1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * security/tomoyo/file.c 4 * 5 * Copyright (C) 2005-2011 NTT DATA CORPORATION 6 */ 7 8 #include "common.h" 9 #include <linux/slab.h> 10 11 /* 12 * Mapping table from "enum tomoyo_path_acl_index" to "enum tomoyo_mac_index". 13 */ 14 static const u8 tomoyo_p2mac[TOMOYO_MAX_PATH_OPERATION] = { 15 [TOMOYO_TYPE_EXECUTE] = TOMOYO_MAC_FILE_EXECUTE, 16 [TOMOYO_TYPE_READ] = TOMOYO_MAC_FILE_OPEN, 17 [TOMOYO_TYPE_WRITE] = TOMOYO_MAC_FILE_OPEN, 18 [TOMOYO_TYPE_APPEND] = TOMOYO_MAC_FILE_OPEN, 19 [TOMOYO_TYPE_UNLINK] = TOMOYO_MAC_FILE_UNLINK, 20 [TOMOYO_TYPE_GETATTR] = TOMOYO_MAC_FILE_GETATTR, 21 [TOMOYO_TYPE_RMDIR] = TOMOYO_MAC_FILE_RMDIR, 22 [TOMOYO_TYPE_TRUNCATE] = TOMOYO_MAC_FILE_TRUNCATE, 23 [TOMOYO_TYPE_SYMLINK] = TOMOYO_MAC_FILE_SYMLINK, 24 [TOMOYO_TYPE_CHROOT] = TOMOYO_MAC_FILE_CHROOT, 25 [TOMOYO_TYPE_UMOUNT] = TOMOYO_MAC_FILE_UMOUNT, 26 }; 27 28 /* 29 * Mapping table from "enum tomoyo_mkdev_acl_index" to "enum tomoyo_mac_index". 30 */ 31 const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = { 32 [TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK, 33 [TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR, 34 }; 35 36 /* 37 * Mapping table from "enum tomoyo_path2_acl_index" to "enum tomoyo_mac_index". 38 */ 39 const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION] = { 40 [TOMOYO_TYPE_LINK] = TOMOYO_MAC_FILE_LINK, 41 [TOMOYO_TYPE_RENAME] = TOMOYO_MAC_FILE_RENAME, 42 [TOMOYO_TYPE_PIVOT_ROOT] = TOMOYO_MAC_FILE_PIVOT_ROOT, 43 }; 44 45 /* 46 * Mapping table from "enum tomoyo_path_number_acl_index" to 47 * "enum tomoyo_mac_index". 48 */ 49 const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION] = { 50 [TOMOYO_TYPE_CREATE] = TOMOYO_MAC_FILE_CREATE, 51 [TOMOYO_TYPE_MKDIR] = TOMOYO_MAC_FILE_MKDIR, 52 [TOMOYO_TYPE_MKFIFO] = TOMOYO_MAC_FILE_MKFIFO, 53 [TOMOYO_TYPE_MKSOCK] = TOMOYO_MAC_FILE_MKSOCK, 54 [TOMOYO_TYPE_IOCTL] = TOMOYO_MAC_FILE_IOCTL, 55 [TOMOYO_TYPE_CHMOD] = TOMOYO_MAC_FILE_CHMOD, 56 [TOMOYO_TYPE_CHOWN] = TOMOYO_MAC_FILE_CHOWN, 57 [TOMOYO_TYPE_CHGRP] = TOMOYO_MAC_FILE_CHGRP, 58 }; 59 60 /** 61 * tomoyo_put_name_union - Drop reference on "struct tomoyo_name_union". 62 * 63 * @ptr: Pointer to "struct tomoyo_name_union". 64 * 65 * Returns nothing. 66 */ 67 void tomoyo_put_name_union(struct tomoyo_name_union *ptr) 68 { 69 tomoyo_put_group(ptr->group); 70 tomoyo_put_name(ptr->filename); 71 } 72 73 /** 74 * tomoyo_compare_name_union - Check whether a name matches "struct tomoyo_name_union" or not. 75 * 76 * @name: Pointer to "struct tomoyo_path_info". 77 * @ptr: Pointer to "struct tomoyo_name_union". 78 * 79 * Returns "struct tomoyo_path_info" if @name matches @ptr, NULL otherwise. 80 */ 81 const struct tomoyo_path_info * 82 tomoyo_compare_name_union(const struct tomoyo_path_info *name, 83 const struct tomoyo_name_union *ptr) 84 { 85 if (ptr->group) 86 return tomoyo_path_matches_group(name, ptr->group); 87 if (tomoyo_path_matches_pattern(name, ptr->filename)) 88 return ptr->filename; 89 return NULL; 90 } 91 92 /** 93 * tomoyo_put_number_union - Drop reference on "struct tomoyo_number_union". 94 * 95 * @ptr: Pointer to "struct tomoyo_number_union". 96 * 97 * Returns nothing. 98 */ 99 void tomoyo_put_number_union(struct tomoyo_number_union *ptr) 100 { 101 tomoyo_put_group(ptr->group); 102 } 103 104 /** 105 * tomoyo_compare_number_union - Check whether a value matches "struct tomoyo_number_union" or not. 106 * 107 * @value: Number to check. 108 * @ptr: Pointer to "struct tomoyo_number_union". 109 * 110 * Returns true if @value matches @ptr, false otherwise. 111 */ 112 bool tomoyo_compare_number_union(const unsigned long value, 113 const struct tomoyo_number_union *ptr) 114 { 115 if (ptr->group) 116 return tomoyo_number_matches_group(value, value, ptr->group); 117 return value >= ptr->values[0] && value <= ptr->values[1]; 118 } 119 120 /** 121 * tomoyo_add_slash - Add trailing '/' if needed. 122 * 123 * @buf: Pointer to "struct tomoyo_path_info". 124 * 125 * Returns nothing. 126 * 127 * @buf must be generated by tomoyo_encode() because this function does not 128 * allocate memory for adding '/'. 129 */ 130 static void tomoyo_add_slash(struct tomoyo_path_info *buf) 131 { 132 if (buf->is_dir) 133 return; 134 /* 135 * This is OK because tomoyo_encode() reserves space for appending "/". 136 */ 137 strcat((char *) buf->name, "/"); 138 tomoyo_fill_path_info(buf); 139 } 140 141 /** 142 * tomoyo_get_realpath - Get realpath. 143 * 144 * @buf: Pointer to "struct tomoyo_path_info". 145 * @path: Pointer to "struct path". 146 * 147 * Returns true on success, false otherwise. 148 */ 149 static bool tomoyo_get_realpath(struct tomoyo_path_info *buf, const struct path *path) 150 { 151 buf->name = tomoyo_realpath_from_path(path); 152 if (buf->name) { 153 tomoyo_fill_path_info(buf); 154 return true; 155 } 156 return false; 157 } 158 159 /** 160 * tomoyo_audit_path_log - Audit path request log. 161 * 162 * @r: Pointer to "struct tomoyo_request_info". 163 * 164 * Returns 0 on success, negative value otherwise. 165 */ 166 static int tomoyo_audit_path_log(struct tomoyo_request_info *r) 167 { 168 return tomoyo_supervisor(r, "file %s %s\n", tomoyo_path_keyword 169 [r->param.path.operation], 170 r->param.path.filename->name); 171 } 172 173 /** 174 * tomoyo_audit_path2_log - Audit path/path request log. 175 * 176 * @r: Pointer to "struct tomoyo_request_info". 177 * 178 * Returns 0 on success, negative value otherwise. 179 */ 180 static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) 181 { 182 return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_mac_keywords 183 [tomoyo_pp2mac[r->param.path2.operation]], 184 r->param.path2.filename1->name, 185 r->param.path2.filename2->name); 186 } 187 188 /** 189 * tomoyo_audit_mkdev_log - Audit path/number/number/number request log. 190 * 191 * @r: Pointer to "struct tomoyo_request_info". 192 * 193 * Returns 0 on success, negative value otherwise. 194 */ 195 static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) 196 { 197 return tomoyo_supervisor(r, "file %s %s 0%o %u %u\n", 198 tomoyo_mac_keywords 199 [tomoyo_pnnn2mac[r->param.mkdev.operation]], 200 r->param.mkdev.filename->name, 201 r->param.mkdev.mode, r->param.mkdev.major, 202 r->param.mkdev.minor); 203 } 204 205 /** 206 * tomoyo_audit_path_number_log - Audit path/number request log. 207 * 208 * @r: Pointer to "struct tomoyo_request_info". 209 * 210 * Returns 0 on success, negative value otherwise. 211 */ 212 static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r) 213 { 214 const u8 type = r->param.path_number.operation; 215 u8 radix; 216 char buffer[64]; 217 218 switch (type) { 219 case TOMOYO_TYPE_CREATE: 220 case TOMOYO_TYPE_MKDIR: 221 case TOMOYO_TYPE_MKFIFO: 222 case TOMOYO_TYPE_MKSOCK: 223 case TOMOYO_TYPE_CHMOD: 224 radix = TOMOYO_VALUE_TYPE_OCTAL; 225 break; 226 case TOMOYO_TYPE_IOCTL: 227 radix = TOMOYO_VALUE_TYPE_HEXADECIMAL; 228 break; 229 default: 230 radix = TOMOYO_VALUE_TYPE_DECIMAL; 231 break; 232 } 233 tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number, 234 radix); 235 return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_mac_keywords 236 [tomoyo_pn2mac[type]], 237 r->param.path_number.filename->name, buffer); 238 } 239 240 /** 241 * tomoyo_check_path_acl - Check permission for path operation. 242 * 243 * @r: Pointer to "struct tomoyo_request_info". 244 * @ptr: Pointer to "struct tomoyo_acl_info". 245 * 246 * Returns true if granted, false otherwise. 247 * 248 * To be able to use wildcard for domain transition, this function sets 249 * matching entry on success. Since the caller holds tomoyo_read_lock(), 250 * it is safe to set matching entry. 251 */ 252 static bool tomoyo_check_path_acl(struct tomoyo_request_info *r, 253 const struct tomoyo_acl_info *ptr) 254 { 255 const struct tomoyo_path_acl *acl = container_of(ptr, typeof(*acl), 256 head); 257 258 if (acl->perm & (1 << r->param.path.operation)) { 259 r->param.path.matched_path = 260 tomoyo_compare_name_union(r->param.path.filename, 261 &acl->name); 262 return r->param.path.matched_path != NULL; 263 } 264 return false; 265 } 266 267 /** 268 * tomoyo_check_path_number_acl - Check permission for path number operation. 269 * 270 * @r: Pointer to "struct tomoyo_request_info". 271 * @ptr: Pointer to "struct tomoyo_acl_info". 272 * 273 * Returns true if granted, false otherwise. 274 */ 275 static bool tomoyo_check_path_number_acl(struct tomoyo_request_info *r, 276 const struct tomoyo_acl_info *ptr) 277 { 278 const struct tomoyo_path_number_acl *acl = 279 container_of(ptr, typeof(*acl), head); 280 281 return (acl->perm & (1 << r->param.path_number.operation)) && 282 tomoyo_compare_number_union(r->param.path_number.number, 283 &acl->number) && 284 tomoyo_compare_name_union(r->param.path_number.filename, 285 &acl->name); 286 } 287 288 /** 289 * tomoyo_check_path2_acl - Check permission for path path operation. 290 * 291 * @r: Pointer to "struct tomoyo_request_info". 292 * @ptr: Pointer to "struct tomoyo_acl_info". 293 * 294 * Returns true if granted, false otherwise. 295 */ 296 static bool tomoyo_check_path2_acl(struct tomoyo_request_info *r, 297 const struct tomoyo_acl_info *ptr) 298 { 299 const struct tomoyo_path2_acl *acl = 300 container_of(ptr, typeof(*acl), head); 301 302 return (acl->perm & (1 << r->param.path2.operation)) && 303 tomoyo_compare_name_union(r->param.path2.filename1, &acl->name1) 304 && tomoyo_compare_name_union(r->param.path2.filename2, 305 &acl->name2); 306 } 307 308 /** 309 * tomoyo_check_mkdev_acl - Check permission for path number number number operation. 310 * 311 * @r: Pointer to "struct tomoyo_request_info". 312 * @ptr: Pointer to "struct tomoyo_acl_info". 313 * 314 * Returns true if granted, false otherwise. 315 */ 316 static bool tomoyo_check_mkdev_acl(struct tomoyo_request_info *r, 317 const struct tomoyo_acl_info *ptr) 318 { 319 const struct tomoyo_mkdev_acl *acl = 320 container_of(ptr, typeof(*acl), head); 321 322 return (acl->perm & (1 << r->param.mkdev.operation)) && 323 tomoyo_compare_number_union(r->param.mkdev.mode, 324 &acl->mode) && 325 tomoyo_compare_number_union(r->param.mkdev.major, 326 &acl->major) && 327 tomoyo_compare_number_union(r->param.mkdev.minor, 328 &acl->minor) && 329 tomoyo_compare_name_union(r->param.mkdev.filename, 330 &acl->name); 331 } 332 333 /** 334 * tomoyo_same_path_acl - Check for duplicated "struct tomoyo_path_acl" entry. 335 * 336 * @a: Pointer to "struct tomoyo_acl_info". 337 * @b: Pointer to "struct tomoyo_acl_info". 338 * 339 * Returns true if @a == @b except permission bits, false otherwise. 340 */ 341 static bool tomoyo_same_path_acl(const struct tomoyo_acl_info *a, 342 const struct tomoyo_acl_info *b) 343 { 344 const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head); 345 const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head); 346 347 return tomoyo_same_name_union(&p1->name, &p2->name); 348 } 349 350 /** 351 * tomoyo_merge_path_acl - Merge duplicated "struct tomoyo_path_acl" entry. 352 * 353 * @a: Pointer to "struct tomoyo_acl_info". 354 * @b: Pointer to "struct tomoyo_acl_info". 355 * @is_delete: True for @a &= ~@b, false for @a |= @b. 356 * 357 * Returns true if @a is empty, false otherwise. 358 */ 359 static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a, 360 struct tomoyo_acl_info *b, 361 const bool is_delete) 362 { 363 u16 * const a_perm = &container_of(a, struct tomoyo_path_acl, head) 364 ->perm; 365 u16 perm = READ_ONCE(*a_perm); 366 const u16 b_perm = container_of(b, struct tomoyo_path_acl, head)->perm; 367 368 if (is_delete) 369 perm &= ~b_perm; 370 else 371 perm |= b_perm; 372 WRITE_ONCE(*a_perm, perm); 373 return !perm; 374 } 375 376 /** 377 * tomoyo_update_path_acl - Update "struct tomoyo_path_acl" list. 378 * 379 * @perm: Permission. 380 * @param: Pointer to "struct tomoyo_acl_param". 381 * 382 * Returns 0 on success, negative value otherwise. 383 * 384 * Caller holds tomoyo_read_lock(). 385 */ 386 static int tomoyo_update_path_acl(const u16 perm, 387 struct tomoyo_acl_param *param) 388 { 389 struct tomoyo_path_acl e = { 390 .head.type = TOMOYO_TYPE_PATH_ACL, 391 .perm = perm 392 }; 393 int error; 394 395 if (!tomoyo_parse_name_union(param, &e.name)) 396 error = -EINVAL; 397 else 398 error = tomoyo_update_domain(&e.head, sizeof(e), param, 399 tomoyo_same_path_acl, 400 tomoyo_merge_path_acl); 401 tomoyo_put_name_union(&e.name); 402 return error; 403 } 404 405 /** 406 * tomoyo_same_mkdev_acl - Check for duplicated "struct tomoyo_mkdev_acl" entry. 407 * 408 * @a: Pointer to "struct tomoyo_acl_info". 409 * @b: Pointer to "struct tomoyo_acl_info". 410 * 411 * Returns true if @a == @b except permission bits, false otherwise. 412 */ 413 static bool tomoyo_same_mkdev_acl(const struct tomoyo_acl_info *a, 414 const struct tomoyo_acl_info *b) 415 { 416 const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1), head); 417 const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2), head); 418 419 return tomoyo_same_name_union(&p1->name, &p2->name) && 420 tomoyo_same_number_union(&p1->mode, &p2->mode) && 421 tomoyo_same_number_union(&p1->major, &p2->major) && 422 tomoyo_same_number_union(&p1->minor, &p2->minor); 423 } 424 425 /** 426 * tomoyo_merge_mkdev_acl - Merge duplicated "struct tomoyo_mkdev_acl" entry. 427 * 428 * @a: Pointer to "struct tomoyo_acl_info". 429 * @b: Pointer to "struct tomoyo_acl_info". 430 * @is_delete: True for @a &= ~@b, false for @a |= @b. 431 * 432 * Returns true if @a is empty, false otherwise. 433 */ 434 static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a, 435 struct tomoyo_acl_info *b, 436 const bool is_delete) 437 { 438 u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl, 439 head)->perm; 440 u8 perm = READ_ONCE(*a_perm); 441 const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head) 442 ->perm; 443 444 if (is_delete) 445 perm &= ~b_perm; 446 else 447 perm |= b_perm; 448 WRITE_ONCE(*a_perm, perm); 449 return !perm; 450 } 451 452 /** 453 * tomoyo_update_mkdev_acl - Update "struct tomoyo_mkdev_acl" list. 454 * 455 * @perm: Permission. 456 * @param: Pointer to "struct tomoyo_acl_param". 457 * 458 * Returns 0 on success, negative value otherwise. 459 * 460 * Caller holds tomoyo_read_lock(). 461 */ 462 static int tomoyo_update_mkdev_acl(const u8 perm, 463 struct tomoyo_acl_param *param) 464 { 465 struct tomoyo_mkdev_acl e = { 466 .head.type = TOMOYO_TYPE_MKDEV_ACL, 467 .perm = perm 468 }; 469 int error; 470 471 if (!tomoyo_parse_name_union(param, &e.name) || 472 !tomoyo_parse_number_union(param, &e.mode) || 473 !tomoyo_parse_number_union(param, &e.major) || 474 !tomoyo_parse_number_union(param, &e.minor)) 475 error = -EINVAL; 476 else 477 error = tomoyo_update_domain(&e.head, sizeof(e), param, 478 tomoyo_same_mkdev_acl, 479 tomoyo_merge_mkdev_acl); 480 tomoyo_put_name_union(&e.name); 481 tomoyo_put_number_union(&e.mode); 482 tomoyo_put_number_union(&e.major); 483 tomoyo_put_number_union(&e.minor); 484 return error; 485 } 486 487 /** 488 * tomoyo_same_path2_acl - Check for duplicated "struct tomoyo_path2_acl" entry. 489 * 490 * @a: Pointer to "struct tomoyo_acl_info". 491 * @b: Pointer to "struct tomoyo_acl_info". 492 * 493 * Returns true if @a == @b except permission bits, false otherwise. 494 */ 495 static bool tomoyo_same_path2_acl(const struct tomoyo_acl_info *a, 496 const struct tomoyo_acl_info *b) 497 { 498 const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head); 499 const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head); 500 501 return tomoyo_same_name_union(&p1->name1, &p2->name1) && 502 tomoyo_same_name_union(&p1->name2, &p2->name2); 503 } 504 505 /** 506 * tomoyo_merge_path2_acl - Merge duplicated "struct tomoyo_path2_acl" entry. 507 * 508 * @a: Pointer to "struct tomoyo_acl_info". 509 * @b: Pointer to "struct tomoyo_acl_info". 510 * @is_delete: True for @a &= ~@b, false for @a |= @b. 511 * 512 * Returns true if @a is empty, false otherwise. 513 */ 514 static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a, 515 struct tomoyo_acl_info *b, 516 const bool is_delete) 517 { 518 u8 * const a_perm = &container_of(a, struct tomoyo_path2_acl, head) 519 ->perm; 520 u8 perm = READ_ONCE(*a_perm); 521 const u8 b_perm = container_of(b, struct tomoyo_path2_acl, head)->perm; 522 523 if (is_delete) 524 perm &= ~b_perm; 525 else 526 perm |= b_perm; 527 WRITE_ONCE(*a_perm, perm); 528 return !perm; 529 } 530 531 /** 532 * tomoyo_update_path2_acl - Update "struct tomoyo_path2_acl" list. 533 * 534 * @perm: Permission. 535 * @param: Pointer to "struct tomoyo_acl_param". 536 * 537 * Returns 0 on success, negative value otherwise. 538 * 539 * Caller holds tomoyo_read_lock(). 540 */ 541 static int tomoyo_update_path2_acl(const u8 perm, 542 struct tomoyo_acl_param *param) 543 { 544 struct tomoyo_path2_acl e = { 545 .head.type = TOMOYO_TYPE_PATH2_ACL, 546 .perm = perm 547 }; 548 int error; 549 550 if (!tomoyo_parse_name_union(param, &e.name1) || 551 !tomoyo_parse_name_union(param, &e.name2)) 552 error = -EINVAL; 553 else 554 error = tomoyo_update_domain(&e.head, sizeof(e), param, 555 tomoyo_same_path2_acl, 556 tomoyo_merge_path2_acl); 557 tomoyo_put_name_union(&e.name1); 558 tomoyo_put_name_union(&e.name2); 559 return error; 560 } 561 562 /** 563 * tomoyo_path_permission - Check permission for single path operation. 564 * 565 * @r: Pointer to "struct tomoyo_request_info". 566 * @operation: Type of operation. 567 * @filename: Filename to check. 568 * 569 * Returns 0 on success, negative value otherwise. 570 * 571 * Caller holds tomoyo_read_lock(). 572 */ 573 static int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, 574 const struct tomoyo_path_info *filename) 575 { 576 int error; 577 578 r->type = tomoyo_p2mac[operation]; 579 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); 580 if (r->mode == TOMOYO_CONFIG_DISABLED) 581 return 0; 582 r->param_type = TOMOYO_TYPE_PATH_ACL; 583 r->param.path.filename = filename; 584 r->param.path.operation = operation; 585 do { 586 tomoyo_check_acl(r, tomoyo_check_path_acl); 587 error = tomoyo_audit_path_log(r); 588 } while (error == TOMOYO_RETRY_REQUEST); 589 return error; 590 } 591 592 /** 593 * tomoyo_execute_permission - Check permission for execute operation. 594 * 595 * @r: Pointer to "struct tomoyo_request_info". 596 * @filename: Filename to check. 597 * 598 * Returns 0 on success, negative value otherwise. 599 * 600 * Caller holds tomoyo_read_lock(). 601 */ 602 int tomoyo_execute_permission(struct tomoyo_request_info *r, 603 const struct tomoyo_path_info *filename) 604 { 605 /* 606 * Unlike other permission checks, this check is done regardless of 607 * profile mode settings in order to check for domain transition 608 * preference. 609 */ 610 r->type = TOMOYO_MAC_FILE_EXECUTE; 611 r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type); 612 r->param_type = TOMOYO_TYPE_PATH_ACL; 613 r->param.path.filename = filename; 614 r->param.path.operation = TOMOYO_TYPE_EXECUTE; 615 tomoyo_check_acl(r, tomoyo_check_path_acl); 616 r->ee->transition = r->matched_acl && r->matched_acl->cond ? 617 r->matched_acl->cond->transit : NULL; 618 if (r->mode != TOMOYO_CONFIG_DISABLED) 619 return tomoyo_audit_path_log(r); 620 return 0; 621 } 622 623 /** 624 * tomoyo_same_path_number_acl - Check for duplicated "struct tomoyo_path_number_acl" entry. 625 * 626 * @a: Pointer to "struct tomoyo_acl_info". 627 * @b: Pointer to "struct tomoyo_acl_info". 628 * 629 * Returns true if @a == @b except permission bits, false otherwise. 630 */ 631 static bool tomoyo_same_path_number_acl(const struct tomoyo_acl_info *a, 632 const struct tomoyo_acl_info *b) 633 { 634 const struct tomoyo_path_number_acl *p1 = container_of(a, typeof(*p1), 635 head); 636 const struct tomoyo_path_number_acl *p2 = container_of(b, typeof(*p2), 637 head); 638 639 return tomoyo_same_name_union(&p1->name, &p2->name) && 640 tomoyo_same_number_union(&p1->number, &p2->number); 641 } 642 643 /** 644 * tomoyo_merge_path_number_acl - Merge duplicated "struct tomoyo_path_number_acl" entry. 645 * 646 * @a: Pointer to "struct tomoyo_acl_info". 647 * @b: Pointer to "struct tomoyo_acl_info". 648 * @is_delete: True for @a &= ~@b, false for @a |= @b. 649 * 650 * Returns true if @a is empty, false otherwise. 651 */ 652 static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a, 653 struct tomoyo_acl_info *b, 654 const bool is_delete) 655 { 656 u8 * const a_perm = &container_of(a, struct tomoyo_path_number_acl, 657 head)->perm; 658 u8 perm = READ_ONCE(*a_perm); 659 const u8 b_perm = container_of(b, struct tomoyo_path_number_acl, head) 660 ->perm; 661 662 if (is_delete) 663 perm &= ~b_perm; 664 else 665 perm |= b_perm; 666 WRITE_ONCE(*a_perm, perm); 667 return !perm; 668 } 669 670 /** 671 * tomoyo_update_path_number_acl - Update ioctl/chmod/chown/chgrp ACL. 672 * 673 * @perm: Permission. 674 * @param: Pointer to "struct tomoyo_acl_param". 675 * 676 * Returns 0 on success, negative value otherwise. 677 */ 678 static int tomoyo_update_path_number_acl(const u8 perm, 679 struct tomoyo_acl_param *param) 680 { 681 struct tomoyo_path_number_acl e = { 682 .head.type = TOMOYO_TYPE_PATH_NUMBER_ACL, 683 .perm = perm 684 }; 685 int error; 686 687 if (!tomoyo_parse_name_union(param, &e.name) || 688 !tomoyo_parse_number_union(param, &e.number)) 689 error = -EINVAL; 690 else 691 error = tomoyo_update_domain(&e.head, sizeof(e), param, 692 tomoyo_same_path_number_acl, 693 tomoyo_merge_path_number_acl); 694 tomoyo_put_name_union(&e.name); 695 tomoyo_put_number_union(&e.number); 696 return error; 697 } 698 699 /** 700 * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp". 701 * 702 * @type: Type of operation. 703 * @path: Pointer to "struct path". 704 * @number: Number. 705 * 706 * Returns 0 on success, negative value otherwise. 707 */ 708 int tomoyo_path_number_perm(const u8 type, const struct path *path, 709 unsigned long number) 710 { 711 struct tomoyo_request_info r; 712 struct tomoyo_obj_info obj = { 713 .path1 = { .mnt = path->mnt, .dentry = path->dentry }, 714 }; 715 int error = -ENOMEM; 716 struct tomoyo_path_info buf; 717 int idx; 718 719 if (tomoyo_init_request_info(&r, NULL, tomoyo_pn2mac[type]) 720 == TOMOYO_CONFIG_DISABLED) 721 return 0; 722 idx = tomoyo_read_lock(); 723 if (!tomoyo_get_realpath(&buf, path)) 724 goto out; 725 r.obj = &obj; 726 if (type == TOMOYO_TYPE_MKDIR) 727 tomoyo_add_slash(&buf); 728 r.param_type = TOMOYO_TYPE_PATH_NUMBER_ACL; 729 r.param.path_number.operation = type; 730 r.param.path_number.filename = &buf; 731 r.param.path_number.number = number; 732 do { 733 tomoyo_check_acl(&r, tomoyo_check_path_number_acl); 734 error = tomoyo_audit_path_number_log(&r); 735 } while (error == TOMOYO_RETRY_REQUEST); 736 kfree(buf.name); 737 out: 738 tomoyo_read_unlock(idx); 739 if (r.mode != TOMOYO_CONFIG_ENFORCING) 740 error = 0; 741 return error; 742 } 743 744 /** 745 * tomoyo_check_open_permission - Check permission for "read" and "write". 746 * 747 * @domain: Pointer to "struct tomoyo_domain_info". 748 * @path: Pointer to "struct path". 749 * @flag: Flags for open(). 750 * 751 * Returns 0 on success, negative value otherwise. 752 */ 753 int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, 754 const struct path *path, const int flag) 755 { 756 const u8 acc_mode = ACC_MODE(flag); 757 int error = 0; 758 struct tomoyo_path_info buf; 759 struct tomoyo_request_info r; 760 struct tomoyo_obj_info obj = { 761 .path1 = { .mnt = path->mnt, .dentry = path->dentry }, 762 }; 763 int idx; 764 765 buf.name = NULL; 766 r.mode = TOMOYO_CONFIG_DISABLED; 767 idx = tomoyo_read_lock(); 768 if (acc_mode && 769 tomoyo_init_request_info(&r, domain, TOMOYO_MAC_FILE_OPEN) 770 != TOMOYO_CONFIG_DISABLED) { 771 if (!tomoyo_get_realpath(&buf, path)) { 772 error = -ENOMEM; 773 goto out; 774 } 775 r.obj = &obj; 776 if (acc_mode & MAY_READ) 777 error = tomoyo_path_permission(&r, TOMOYO_TYPE_READ, 778 &buf); 779 if (!error && (acc_mode & MAY_WRITE)) 780 error = tomoyo_path_permission(&r, (flag & O_APPEND) ? 781 TOMOYO_TYPE_APPEND : 782 TOMOYO_TYPE_WRITE, 783 &buf); 784 } 785 out: 786 kfree(buf.name); 787 tomoyo_read_unlock(idx); 788 if (r.mode != TOMOYO_CONFIG_ENFORCING) 789 error = 0; 790 return error; 791 } 792 793 /** 794 * tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "append", "chroot" and "unmount". 795 * 796 * @operation: Type of operation. 797 * @path: Pointer to "struct path". 798 * @target: Symlink's target if @operation is TOMOYO_TYPE_SYMLINK, 799 * NULL otherwise. 800 * 801 * Returns 0 on success, negative value otherwise. 802 */ 803 int tomoyo_path_perm(const u8 operation, const struct path *path, const char *target) 804 { 805 struct tomoyo_request_info r; 806 struct tomoyo_obj_info obj = { 807 .path1 = { .mnt = path->mnt, .dentry = path->dentry }, 808 }; 809 int error; 810 struct tomoyo_path_info buf; 811 bool is_enforce; 812 struct tomoyo_path_info symlink_target; 813 int idx; 814 815 if (tomoyo_init_request_info(&r, NULL, tomoyo_p2mac[operation]) 816 == TOMOYO_CONFIG_DISABLED) 817 return 0; 818 is_enforce = (r.mode == TOMOYO_CONFIG_ENFORCING); 819 error = -ENOMEM; 820 buf.name = NULL; 821 idx = tomoyo_read_lock(); 822 if (!tomoyo_get_realpath(&buf, path)) 823 goto out; 824 r.obj = &obj; 825 switch (operation) { 826 case TOMOYO_TYPE_RMDIR: 827 case TOMOYO_TYPE_CHROOT: 828 tomoyo_add_slash(&buf); 829 break; 830 case TOMOYO_TYPE_SYMLINK: 831 symlink_target.name = tomoyo_encode(target); 832 if (!symlink_target.name) 833 goto out; 834 tomoyo_fill_path_info(&symlink_target); 835 obj.symlink_target = &symlink_target; 836 break; 837 } 838 error = tomoyo_path_permission(&r, operation, &buf); 839 if (operation == TOMOYO_TYPE_SYMLINK) 840 kfree(symlink_target.name); 841 out: 842 kfree(buf.name); 843 tomoyo_read_unlock(idx); 844 if (!is_enforce) 845 error = 0; 846 return error; 847 } 848 849 /** 850 * tomoyo_mkdev_perm - Check permission for "mkblock" and "mkchar". 851 * 852 * @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK) 853 * @path: Pointer to "struct path". 854 * @mode: Create mode. 855 * @dev: Device number. 856 * 857 * Returns 0 on success, negative value otherwise. 858 */ 859 int tomoyo_mkdev_perm(const u8 operation, const struct path *path, 860 const unsigned int mode, unsigned int dev) 861 { 862 struct tomoyo_request_info r; 863 struct tomoyo_obj_info obj = { 864 .path1 = { .mnt = path->mnt, .dentry = path->dentry }, 865 }; 866 int error = -ENOMEM; 867 struct tomoyo_path_info buf; 868 int idx; 869 870 if (tomoyo_init_request_info(&r, NULL, tomoyo_pnnn2mac[operation]) 871 == TOMOYO_CONFIG_DISABLED) 872 return 0; 873 idx = tomoyo_read_lock(); 874 error = -ENOMEM; 875 if (tomoyo_get_realpath(&buf, path)) { 876 r.obj = &obj; 877 dev = new_decode_dev(dev); 878 r.param_type = TOMOYO_TYPE_MKDEV_ACL; 879 r.param.mkdev.filename = &buf; 880 r.param.mkdev.operation = operation; 881 r.param.mkdev.mode = mode; 882 r.param.mkdev.major = MAJOR(dev); 883 r.param.mkdev.minor = MINOR(dev); 884 tomoyo_check_acl(&r, tomoyo_check_mkdev_acl); 885 error = tomoyo_audit_mkdev_log(&r); 886 kfree(buf.name); 887 } 888 tomoyo_read_unlock(idx); 889 if (r.mode != TOMOYO_CONFIG_ENFORCING) 890 error = 0; 891 return error; 892 } 893 894 /** 895 * tomoyo_path2_perm - Check permission for "rename", "link" and "pivot_root". 896 * 897 * @operation: Type of operation. 898 * @path1: Pointer to "struct path". 899 * @path2: Pointer to "struct path". 900 * 901 * Returns 0 on success, negative value otherwise. 902 */ 903 int tomoyo_path2_perm(const u8 operation, const struct path *path1, 904 const struct path *path2) 905 { 906 int error = -ENOMEM; 907 struct tomoyo_path_info buf1; 908 struct tomoyo_path_info buf2; 909 struct tomoyo_request_info r; 910 struct tomoyo_obj_info obj = { 911 .path1 = { .mnt = path1->mnt, .dentry = path1->dentry }, 912 .path2 = { .mnt = path2->mnt, .dentry = path2->dentry } 913 }; 914 int idx; 915 916 if (tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation]) 917 == TOMOYO_CONFIG_DISABLED) 918 return 0; 919 buf1.name = NULL; 920 buf2.name = NULL; 921 idx = tomoyo_read_lock(); 922 if (!tomoyo_get_realpath(&buf1, path1) || 923 !tomoyo_get_realpath(&buf2, path2)) 924 goto out; 925 switch (operation) { 926 case TOMOYO_TYPE_RENAME: 927 case TOMOYO_TYPE_LINK: 928 if (!d_is_dir(path1->dentry)) 929 break; 930 fallthrough; 931 case TOMOYO_TYPE_PIVOT_ROOT: 932 tomoyo_add_slash(&buf1); 933 tomoyo_add_slash(&buf2); 934 break; 935 } 936 r.obj = &obj; 937 r.param_type = TOMOYO_TYPE_PATH2_ACL; 938 r.param.path2.operation = operation; 939 r.param.path2.filename1 = &buf1; 940 r.param.path2.filename2 = &buf2; 941 do { 942 tomoyo_check_acl(&r, tomoyo_check_path2_acl); 943 error = tomoyo_audit_path2_log(&r); 944 } while (error == TOMOYO_RETRY_REQUEST); 945 out: 946 kfree(buf1.name); 947 kfree(buf2.name); 948 tomoyo_read_unlock(idx); 949 if (r.mode != TOMOYO_CONFIG_ENFORCING) 950 error = 0; 951 return error; 952 } 953 954 /** 955 * tomoyo_same_mount_acl - Check for duplicated "struct tomoyo_mount_acl" entry. 956 * 957 * @a: Pointer to "struct tomoyo_acl_info". 958 * @b: Pointer to "struct tomoyo_acl_info". 959 * 960 * Returns true if @a == @b, false otherwise. 961 */ 962 static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a, 963 const struct tomoyo_acl_info *b) 964 { 965 const struct tomoyo_mount_acl *p1 = container_of(a, typeof(*p1), head); 966 const struct tomoyo_mount_acl *p2 = container_of(b, typeof(*p2), head); 967 968 return tomoyo_same_name_union(&p1->dev_name, &p2->dev_name) && 969 tomoyo_same_name_union(&p1->dir_name, &p2->dir_name) && 970 tomoyo_same_name_union(&p1->fs_type, &p2->fs_type) && 971 tomoyo_same_number_union(&p1->flags, &p2->flags); 972 } 973 974 /** 975 * tomoyo_update_mount_acl - Write "struct tomoyo_mount_acl" list. 976 * 977 * @param: Pointer to "struct tomoyo_acl_param". 978 * 979 * Returns 0 on success, negative value otherwise. 980 * 981 * Caller holds tomoyo_read_lock(). 982 */ 983 static int tomoyo_update_mount_acl(struct tomoyo_acl_param *param) 984 { 985 struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL }; 986 int error; 987 988 if (!tomoyo_parse_name_union(param, &e.dev_name) || 989 !tomoyo_parse_name_union(param, &e.dir_name) || 990 !tomoyo_parse_name_union(param, &e.fs_type) || 991 !tomoyo_parse_number_union(param, &e.flags)) 992 error = -EINVAL; 993 else 994 error = tomoyo_update_domain(&e.head, sizeof(e), param, 995 tomoyo_same_mount_acl, NULL); 996 tomoyo_put_name_union(&e.dev_name); 997 tomoyo_put_name_union(&e.dir_name); 998 tomoyo_put_name_union(&e.fs_type); 999 tomoyo_put_number_union(&e.flags); 1000 return error; 1001 } 1002 1003 /** 1004 * tomoyo_write_file - Update file related list. 1005 * 1006 * @param: Pointer to "struct tomoyo_acl_param". 1007 * 1008 * Returns 0 on success, negative value otherwise. 1009 * 1010 * Caller holds tomoyo_read_lock(). 1011 */ 1012 int tomoyo_write_file(struct tomoyo_acl_param *param) 1013 { 1014 u16 perm = 0; 1015 u8 type; 1016 const char *operation = tomoyo_read_token(param); 1017 1018 for (type = 0; type < TOMOYO_MAX_PATH_OPERATION; type++) 1019 if (tomoyo_permstr(operation, tomoyo_path_keyword[type])) 1020 perm |= 1 << type; 1021 if (perm) 1022 return tomoyo_update_path_acl(perm, param); 1023 for (type = 0; type < TOMOYO_MAX_PATH2_OPERATION; type++) 1024 if (tomoyo_permstr(operation, 1025 tomoyo_mac_keywords[tomoyo_pp2mac[type]])) 1026 perm |= 1 << type; 1027 if (perm) 1028 return tomoyo_update_path2_acl(perm, param); 1029 for (type = 0; type < TOMOYO_MAX_PATH_NUMBER_OPERATION; type++) 1030 if (tomoyo_permstr(operation, 1031 tomoyo_mac_keywords[tomoyo_pn2mac[type]])) 1032 perm |= 1 << type; 1033 if (perm) 1034 return tomoyo_update_path_number_acl(perm, param); 1035 for (type = 0; type < TOMOYO_MAX_MKDEV_OPERATION; type++) 1036 if (tomoyo_permstr(operation, 1037 tomoyo_mac_keywords[tomoyo_pnnn2mac[type]])) 1038 perm |= 1 << type; 1039 if (perm) 1040 return tomoyo_update_mkdev_acl(perm, param); 1041 if (tomoyo_permstr(operation, 1042 tomoyo_mac_keywords[TOMOYO_MAC_FILE_MOUNT])) 1043 return tomoyo_update_mount_acl(param); 1044 return -EINVAL; 1045 } 1046
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.