1 /* 2 * inode.c - securityfs 3 * 4 * Copyright (C) 2005 Greg Kroah-Hartman <gregkh@suse.de> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License version 8 * 2 as published by the Free Software Foundation. 9 * 10 * Based on fs/debugfs/inode.c which had the following copyright notice: 11 * Copyright (C) 2004 Greg Kroah-Hartman <greg@kroah.com> 12 * Copyright (C) 2004 IBM Inc. 13 */ 14 15 /* #define DEBUG */ 16 #include <linux/module.h> 17 #include <linux/fs.h> 18 #include <linux/mount.h> 19 #include <linux/pagemap.h> 20 #include <linux/init.h> 21 #include <linux/namei.h> 22 #include <linux/security.h> 23 24 #define SECURITYFS_MAGIC 0x73636673 25 26 static struct vfsmount *mount; 27 static int mount_count; 28 29 /* 30 * TODO: 31 * I think I can get rid of these default_file_ops, but not quite sure... 32 */ 33 static ssize_t default_read_file(struct file *file, char __user *buf, 34 size_t count, loff_t *ppos) 35 { 36 return 0; 37 } 38 39 static ssize_t default_write_file(struct file *file, const char __user *buf, 40 size_t count, loff_t *ppos) 41 { 42 return count; 43 } 44 45 static int default_open(struct inode *inode, struct file *file) 46 { 47 if (inode->u.generic_ip) 48 file->private_data = inode->u.generic_ip; 49 50 return 0; 51 } 52 53 static struct file_operations default_file_ops = { 54 .read = default_read_file, 55 .write = default_write_file, 56 .open = default_open, 57 }; 58 59 static struct inode *get_inode(struct super_block *sb, int mode, dev_t dev) 60 { 61 struct inode *inode = new_inode(sb); 62 63 if (inode) { 64 inode->i_mode = mode; 65 inode->i_uid = 0; 66 inode->i_gid = 0; 67 inode->i_blksize = PAGE_CACHE_SIZE; 68 inode->i_blocks = 0; 69 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME; 70 switch (mode & S_IFMT) { 71 default: 72 init_special_inode(inode, mode, dev); 73 break; 74 case S_IFREG: 75 inode->i_fop = &default_file_ops; 76 break; 77 case S_IFDIR: 78 inode->i_op = &simple_dir_inode_operations; 79 inode->i_fop = &simple_dir_operations; 80 81 /* directory inodes start off with i_nlink == 2 (for "." entry) */ 82 inode->i_nlink++; 83 break; 84 } 85 } 86 return inode; 87 } 88 89 /* SMP-safe */ 90 static int mknod(struct inode *dir, struct dentry *dentry, 91 int mode, dev_t dev) 92 { 93 struct inode *inode; 94 int error = -EPERM; 95 96 if (dentry->d_inode) 97 return -EEXIST; 98 99 inode = get_inode(dir->i_sb, mode, dev); 100 if (inode) { 101 d_instantiate(dentry, inode); 102 dget(dentry); 103 error = 0; 104 } 105 return error; 106 } 107 108 static int mkdir(struct inode *dir, struct dentry *dentry, int mode) 109 { 110 int res; 111 112 mode = (mode & (S_IRWXUGO | S_ISVTX)) | S_IFDIR; 113 res = mknod(dir, dentry, mode, 0); 114 if (!res) 115 dir->i_nlink++; 116 return res; 117 } 118 119 static int create(struct inode *dir, struct dentry *dentry, int mode) 120 { 121 mode = (mode & S_IALLUGO) | S_IFREG; 122 return mknod(dir, dentry, mode, 0); 123 } 124 125 static inline int positive(struct dentry *dentry) 126 { 127 return dentry->d_inode && !d_unhashed(dentry); 128 } 129 130 static int fill_super(struct super_block *sb, void *data, int silent) 131 { 132 static struct tree_descr files[] = {{""}}; 133 134 return simple_fill_super(sb, SECURITYFS_MAGIC, files); 135 } 136 137 static int get_sb(struct file_system_type *fs_type, 138 int flags, const char *dev_name, 139 void *data, struct vfsmount *mnt) 140 { 141 return get_sb_single(fs_type, flags, data, fill_super, mnt); 142 } 143 144 static struct file_system_type fs_type = { 145 .owner = THIS_MODULE, 146 .name = "securityfs", 147 .get_sb = get_sb, 148 .kill_sb = kill_litter_super, 149 }; 150 151 static int create_by_name(const char *name, mode_t mode, 152 struct dentry *parent, 153 struct dentry **dentry) 154 { 155 int error = 0; 156 157 *dentry = NULL; 158 159 /* If the parent is not specified, we create it in the root. 160 * We need the root dentry to do this, which is in the super 161 * block. A pointer to that is in the struct vfsmount that we 162 * have around. 163 */ 164 if (!parent ) { 165 if (mount && mount->mnt_sb) { 166 parent = mount->mnt_sb->s_root; 167 } 168 } 169 if (!parent) { 170 pr_debug("securityfs: Ah! can not find a parent!\n"); 171 return -EFAULT; 172 } 173 174 mutex_lock(&parent->d_inode->i_mutex); 175 *dentry = lookup_one_len(name, parent, strlen(name)); 176 if (!IS_ERR(dentry)) { 177 if ((mode & S_IFMT) == S_IFDIR) 178 error = mkdir(parent->d_inode, *dentry, mode); 179 else 180 error = create(parent->d_inode, *dentry, mode); 181 } else 182 error = PTR_ERR(dentry); 183 mutex_unlock(&parent->d_inode->i_mutex); 184 185 return error; 186 } 187 188 /** 189 * securityfs_create_file - create a file in the securityfs filesystem 190 * 191 * @name: a pointer to a string containing the name of the file to create. 192 * @mode: the permission that the file should have 193 * @parent: a pointer to the parent dentry for this file. This should be a 194 * directory dentry if set. If this paramater is NULL, then the 195 * file will be created in the root of the securityfs filesystem. 196 * @data: a pointer to something that the caller will want to get to later 197 * on. The inode.u.generic_ip pointer will point to this value on 198 * the open() call. 199 * @fops: a pointer to a struct file_operations that should be used for 200 * this file. 201 * 202 * This is the basic "create a file" function for securityfs. It allows for a 203 * wide range of flexibility in createing a file, or a directory (if you 204 * want to create a directory, the securityfs_create_dir() function is 205 * recommended to be used instead.) 206 * 207 * This function will return a pointer to a dentry if it succeeds. This 208 * pointer must be passed to the securityfs_remove() function when the file is 209 * to be removed (no automatic cleanup happens if your module is unloaded, 210 * you are responsible here.) If an error occurs, NULL will be returned. 211 * 212 * If securityfs is not enabled in the kernel, the value -ENODEV will be 213 * returned. It is not wise to check for this value, but rather, check for 214 * NULL or !NULL instead as to eliminate the need for #ifdef in the calling 215 * code. 216 */ 217 struct dentry *securityfs_create_file(const char *name, mode_t mode, 218 struct dentry *parent, void *data, 219 struct file_operations *fops) 220 { 221 struct dentry *dentry = NULL; 222 int error; 223 224 pr_debug("securityfs: creating file '%s'\n",name); 225 226 error = simple_pin_fs(&fs_type, &mount, &mount_count); 227 if (error) { 228 dentry = ERR_PTR(error); 229 goto exit; 230 } 231 232 error = create_by_name(name, mode, parent, &dentry); 233 if (error) { 234 dentry = ERR_PTR(error); 235 simple_release_fs(&mount, &mount_count); 236 goto exit; 237 } 238 239 if (dentry->d_inode) { 240 if (fops) 241 dentry->d_inode->i_fop = fops; 242 if (data) 243 dentry->d_inode->u.generic_ip = data; 244 } 245 exit: 246 return dentry; 247 } 248 EXPORT_SYMBOL_GPL(securityfs_create_file); 249 250 /** 251 * securityfs_create_dir - create a directory in the securityfs filesystem 252 * 253 * @name: a pointer to a string containing the name of the directory to 254 * create. 255 * @parent: a pointer to the parent dentry for this file. This should be a 256 * directory dentry if set. If this paramater is NULL, then the 257 * directory will be created in the root of the securityfs filesystem. 258 * 259 * This function creates a directory in securityfs with the given name. 260 * 261 * This function will return a pointer to a dentry if it succeeds. This 262 * pointer must be passed to the securityfs_remove() function when the file is 263 * to be removed (no automatic cleanup happens if your module is unloaded, 264 * you are responsible here.) If an error occurs, NULL will be returned. 265 * 266 * If securityfs is not enabled in the kernel, the value -ENODEV will be 267 * returned. It is not wise to check for this value, but rather, check for 268 * NULL or !NULL instead as to eliminate the need for #ifdef in the calling 269 * code. 270 */ 271 struct dentry *securityfs_create_dir(const char *name, struct dentry *parent) 272 { 273 return securityfs_create_file(name, 274 S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO, 275 parent, NULL, NULL); 276 } 277 EXPORT_SYMBOL_GPL(securityfs_create_dir); 278 279 /** 280 * securityfs_remove - removes a file or directory from the securityfs filesystem 281 * 282 * @dentry: a pointer to a the dentry of the file or directory to be 283 * removed. 284 * 285 * This function removes a file or directory in securityfs that was previously 286 * created with a call to another securityfs function (like 287 * securityfs_create_file() or variants thereof.) 288 * 289 * This function is required to be called in order for the file to be 290 * removed, no automatic cleanup of files will happen when a module is 291 * removed, you are responsible here. 292 */ 293 void securityfs_remove(struct dentry *dentry) 294 { 295 struct dentry *parent; 296 297 if (!dentry) 298 return; 299 300 parent = dentry->d_parent; 301 if (!parent || !parent->d_inode) 302 return; 303 304 mutex_lock(&parent->d_inode->i_mutex); 305 if (positive(dentry)) { 306 if (dentry->d_inode) { 307 if (S_ISDIR(dentry->d_inode->i_mode)) 308 simple_rmdir(parent->d_inode, dentry); 309 else 310 simple_unlink(parent->d_inode, dentry); 311 dput(dentry); 312 } 313 } 314 mutex_unlock(&parent->d_inode->i_mutex); 315 simple_release_fs(&mount, &mount_count); 316 } 317 EXPORT_SYMBOL_GPL(securityfs_remove); 318 319 static decl_subsys(security, NULL, NULL); 320 321 static int __init securityfs_init(void) 322 { 323 int retval; 324 325 kset_set_kset_s(&security_subsys, kernel_subsys); 326 retval = subsystem_register(&security_subsys); 327 if (retval) 328 return retval; 329 330 retval = register_filesystem(&fs_type); 331 if (retval) 332 subsystem_unregister(&security_subsys); 333 return retval; 334 } 335 336 static void __exit securityfs_exit(void) 337 { 338 simple_release_fs(&mount, &mount_count); 339 unregister_filesystem(&fs_type); 340 subsystem_unregister(&security_subsys); 341 } 342 343 core_initcall(securityfs_init); 344 module_exit(securityfs_exit); 345 MODULE_LICENSE("GPL"); 346 347