1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * security/tomoyo/securityfs_if.c 4 * 5 * Copyright (C) 2005-2011 NTT DATA CORPORATION 6 */ 7 8 #include <linux/security.h> 9 #include "common.h" 10 11 /** 12 * tomoyo_check_task_acl - Check permission for task operation. 13 * 14 * @r: Pointer to "struct tomoyo_request_info". 15 * @ptr: Pointer to "struct tomoyo_acl_info". 16 * 17 * Returns true if granted, false otherwise. 18 */ 19 static bool tomoyo_check_task_acl(struct tomoyo_request_info *r, 20 const struct tomoyo_acl_info *ptr) 21 { 22 const struct tomoyo_task_acl *acl = container_of(ptr, typeof(*acl), 23 head); 24 return !tomoyo_pathcmp(r->param.task.domainname, acl->domainname); 25 } 26 27 /** 28 * tomoyo_write_self - write() for /sys/kernel/security/tomoyo/self_domain interface. 29 * 30 * @file: Pointer to "struct file". 31 * @buf: Domainname to transit to. 32 * @count: Size of @buf. 33 * @ppos: Unused. 34 * 35 * Returns @count on success, negative value otherwise. 36 * 37 * If domain transition was permitted but the domain transition failed, this 38 * function returns error rather than terminating current thread with SIGKILL. 39 */ 40 static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, 41 size_t count, loff_t *ppos) 42 { 43 char *data; 44 int error; 45 if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10) 46 return -ENOMEM; 47 data = memdup_user_nul(buf, count); 48 if (IS_ERR(data)) 49 return PTR_ERR(data); 50 tomoyo_normalize_line(data); 51 if (tomoyo_correct_domain(data)) { 52 const int idx = tomoyo_read_lock(); 53 struct tomoyo_path_info name; 54 struct tomoyo_request_info r; 55 name.name = data; 56 tomoyo_fill_path_info(&name); 57 /* Check "task manual_domain_transition" permission. */ 58 tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); 59 r.param_type = TOMOYO_TYPE_MANUAL_TASK_ACL; 60 r.param.task.domainname = &name; 61 tomoyo_check_acl(&r, tomoyo_check_task_acl); 62 if (!r.granted) 63 error = -EPERM; 64 else { 65 struct tomoyo_domain_info *new_domain = 66 tomoyo_assign_domain(data, true); 67 if (!new_domain) { 68 error = -ENOENT; 69 } else { 70 struct cred *cred = prepare_creds(); 71 if (!cred) { 72 error = -ENOMEM; 73 } else { 74 struct tomoyo_domain_info **blob; 75 struct tomoyo_domain_info *old_domain; 76 77 blob = tomoyo_cred(cred); 78 old_domain = *blob; 79 *blob = new_domain; 80 atomic_inc(&new_domain->users); 81 atomic_dec(&old_domain->users); 82 commit_creds(cred); 83 error = 0; 84 } 85 } 86 } 87 tomoyo_read_unlock(idx); 88 } else 89 error = -EINVAL; 90 kfree(data); 91 return error ? error : count; 92 } 93 94 /** 95 * tomoyo_read_self - read() for /sys/kernel/security/tomoyo/self_domain interface. 96 * 97 * @file: Pointer to "struct file". 98 * @buf: Domainname which current thread belongs to. 99 * @count: Size of @buf. 100 * @ppos: Bytes read by now. 101 * 102 * Returns read size on success, negative value otherwise. 103 */ 104 static ssize_t tomoyo_read_self(struct file *file, char __user *buf, 105 size_t count, loff_t *ppos) 106 { 107 const char *domain = tomoyo_domain()->domainname->name; 108 loff_t len = strlen(domain); 109 loff_t pos = *ppos; 110 if (pos >= len || !count) 111 return 0; 112 len -= pos; 113 if (count < len) 114 len = count; 115 if (copy_to_user(buf, domain + pos, len)) 116 return -EFAULT; 117 *ppos += len; 118 return len; 119 } 120 121 /* Operations for /sys/kernel/security/tomoyo/self_domain interface. */ 122 static const struct file_operations tomoyo_self_operations = { 123 .write = tomoyo_write_self, 124 .read = tomoyo_read_self, 125 }; 126 127 /** 128 * tomoyo_open - open() for /sys/kernel/security/tomoyo/ interface. 129 * 130 * @inode: Pointer to "struct inode". 131 * @file: Pointer to "struct file". 132 * 133 * Returns 0 on success, negative value otherwise. 134 */ 135 static int tomoyo_open(struct inode *inode, struct file *file) 136 { 137 const int key = ((u8 *) file_inode(file)->i_private) 138 - ((u8 *) NULL); 139 return tomoyo_open_control(key, file); 140 } 141 142 /** 143 * tomoyo_release - close() for /sys/kernel/security/tomoyo/ interface. 144 * 145 * @file: Pointer to "struct file". 146 * 147 */ 148 static int tomoyo_release(struct inode *inode, struct file *file) 149 { 150 tomoyo_close_control(file->private_data); 151 return 0; 152 } 153 154 /** 155 * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface. 156 * 157 * @file: Pointer to "struct file". 158 * @wait: Pointer to "poll_table". Maybe NULL. 159 * 160 * Returns EPOLLIN | EPOLLRDNORM | EPOLLOUT | EPOLLWRNORM if ready to read/write, 161 * EPOLLOUT | EPOLLWRNORM otherwise. 162 */ 163 static __poll_t tomoyo_poll(struct file *file, poll_table *wait) 164 { 165 return tomoyo_poll_control(file, wait); 166 } 167 168 /** 169 * tomoyo_read - read() for /sys/kernel/security/tomoyo/ interface. 170 * 171 * @file: Pointer to "struct file". 172 * @buf: Pointer to buffer. 173 * @count: Size of @buf. 174 * @ppos: Unused. 175 * 176 * Returns bytes read on success, negative value otherwise. 177 */ 178 static ssize_t tomoyo_read(struct file *file, char __user *buf, size_t count, 179 loff_t *ppos) 180 { 181 return tomoyo_read_control(file->private_data, buf, count); 182 } 183 184 /** 185 * tomoyo_write - write() for /sys/kernel/security/tomoyo/ interface. 186 * 187 * @file: Pointer to "struct file". 188 * @buf: Pointer to buffer. 189 * @count: Size of @buf. 190 * @ppos: Unused. 191 * 192 * Returns @count on success, negative value otherwise. 193 */ 194 static ssize_t tomoyo_write(struct file *file, const char __user *buf, 195 size_t count, loff_t *ppos) 196 { 197 return tomoyo_write_control(file->private_data, buf, count); 198 } 199 200 /* 201 * tomoyo_operations is a "struct file_operations" which is used for handling 202 * /sys/kernel/security/tomoyo/ interface. 203 * 204 * Some files under /sys/kernel/security/tomoyo/ directory accept open(O_RDWR). 205 * See tomoyo_io_buffer for internals. 206 */ 207 static const struct file_operations tomoyo_operations = { 208 .open = tomoyo_open, 209 .release = tomoyo_release, 210 .poll = tomoyo_poll, 211 .read = tomoyo_read, 212 .write = tomoyo_write, 213 .llseek = noop_llseek, 214 }; 215 216 /** 217 * tomoyo_create_entry - Create interface files under /sys/kernel/security/tomoyo/ directory. 218 * 219 * @name: The name of the interface file. 220 * @mode: The permission of the interface file. 221 * @parent: The parent directory. 222 * @key: Type of interface. 223 * 224 * Returns nothing. 225 */ 226 static void __init tomoyo_create_entry(const char *name, const umode_t mode, 227 struct dentry *parent, const u8 key) 228 { 229 securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key, 230 &tomoyo_operations); 231 } 232 233 /** 234 * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. 235 * 236 * Returns 0. 237 */ 238 static int __init tomoyo_initerface_init(void) 239 { 240 struct tomoyo_domain_info *domain; 241 struct dentry *tomoyo_dir; 242 243 if (!tomoyo_enabled) 244 return 0; 245 domain = tomoyo_domain(); 246 /* Don't create securityfs entries unless registered. */ 247 if (domain != &tomoyo_kernel_domain) 248 return 0; 249 250 tomoyo_dir = securityfs_create_dir("tomoyo", NULL); 251 tomoyo_create_entry("query", 0600, tomoyo_dir, 252 TOMOYO_QUERY); 253 tomoyo_create_entry("domain_policy", 0600, tomoyo_dir, 254 TOMOYO_DOMAINPOLICY); 255 tomoyo_create_entry("exception_policy", 0600, tomoyo_dir, 256 TOMOYO_EXCEPTIONPOLICY); 257 tomoyo_create_entry("audit", 0400, tomoyo_dir, 258 TOMOYO_AUDIT); 259 tomoyo_create_entry(".process_status", 0600, tomoyo_dir, 260 TOMOYO_PROCESS_STATUS); 261 tomoyo_create_entry("stat", 0644, tomoyo_dir, 262 TOMOYO_STAT); 263 tomoyo_create_entry("profile", 0600, tomoyo_dir, 264 TOMOYO_PROFILE); 265 tomoyo_create_entry("manager", 0600, tomoyo_dir, 266 TOMOYO_MANAGER); 267 tomoyo_create_entry("version", 0400, tomoyo_dir, 268 TOMOYO_VERSION); 269 securityfs_create_file("self_domain", 0666, tomoyo_dir, NULL, 270 &tomoyo_self_operations); 271 tomoyo_load_builtin_policy(); 272 return 0; 273 } 274 275 fs_initcall(tomoyo_initerface_init); 276