2 * Copyright (C) 2013-2015 Kay Sievers
3 * Copyright (C) 2013-2015 Greg Kroah-Hartman <gregkh@linuxfoundation.org>
4 * Copyright (C) 2013-2015 Daniel Mack <daniel@zonque.org>
5 * Copyright (C) 2013-2015 David Herrmann <dh.herrmann@gmail.com>
6 * Copyright (C) 2013-2015 Linux Foundation
7 * Copyright (C) 2014-2015 Djalal Harouni
9 * kdbus is free software; you can redistribute it and/or modify it under
10 * the terms of the GNU Lesser General Public License as published by the
11 * Free Software Foundation; either version 2.1 of the License, or (at
12 * your option) any later version.
15 #include <linux/dcache.h>
17 #include <linux/init.h>
18 #include <linux/mutex.h>
19 #include <linux/sched.h>
20 #include <linux/sizes.h>
21 #include <linux/slab.h>
22 #include <linux/uaccess.h>
25 #include "connection.h"
31 #define KDBUS_POLICY_HASH_SIZE 64
34 * struct kdbus_policy_db_entry_access - a database entry access item
35 * @type: One of KDBUS_POLICY_ACCESS_* types
36 * @access: Access to grant. One of KDBUS_POLICY_*
37 * @uid: For KDBUS_POLICY_ACCESS_USER, the global uid
38 * @gid: For KDBUS_POLICY_ACCESS_GROUP, the global gid
39 * @list: List entry item for the entry's list
41 * This is the internal version of struct kdbus_policy_db_access.
43 struct kdbus_policy_db_entry_access {
44 u8 type; /* USER, GROUP, WORLD */
45 u8 access; /* OWN, TALK, SEE */
47 kuid_t uid; /* global uid */
48 kgid_t gid; /* global gid */
50 struct list_head list;
54 * struct kdbus_policy_db_entry - a policy database entry
55 * @name: The name to match the policy entry against
56 * @hentry: The hash entry for the database's entries_hash
57 * @access_list: List head for keeping tracks of the entry's
59 * @owner: The owner of this entry. Can be a kdbus_conn or
61 * @wildcard: The name is a wildcard, such as ending on '.*'
63 struct kdbus_policy_db_entry {
65 struct hlist_node hentry;
66 struct list_head access_list;
71 static void kdbus_policy_entry_free(struct kdbus_policy_db_entry *e)
73 struct kdbus_policy_db_entry_access *a, *tmp;
75 list_for_each_entry_safe(a, tmp, &e->access_list, list) {
84 static unsigned int kdbus_strnhash(const char *str, size_t len)
86 unsigned long hash = init_name_hash();
89 hash = partial_name_hash(*str++, hash);
91 return end_name_hash(hash);
94 static const struct kdbus_policy_db_entry *
95 kdbus_policy_lookup(struct kdbus_policy_db *db, const char *name, u32 hash)
97 struct kdbus_policy_db_entry *e;
101 /* find exact match */
102 hash_for_each_possible(db->entries_hash, e, hentry, hash)
103 if (strcmp(e->name, name) == 0 && !e->wildcard)
106 /* find wildcard match */
108 dot = strrchr(name, '.');
113 hash = kdbus_strnhash(name, len);
115 hash_for_each_possible(db->entries_hash, e, hentry, hash)
116 if (e->wildcard && !strncmp(e->name, name, len) &&
124 * kdbus_policy_db_clear - release all memory from a policy db
125 * @db: The policy database
127 void kdbus_policy_db_clear(struct kdbus_policy_db *db)
129 struct kdbus_policy_db_entry *e;
130 struct hlist_node *tmp;
134 down_write(&db->entries_rwlock);
135 hash_for_each_safe(db->entries_hash, i, tmp, e, hentry) {
136 hash_del(&e->hentry);
137 kdbus_policy_entry_free(e);
139 up_write(&db->entries_rwlock);
143 * kdbus_policy_db_init() - initialize a new policy database
144 * @db: The location of the database
146 * This initializes a new policy-db. The underlying memory must have been
147 * cleared to zero by the caller.
149 void kdbus_policy_db_init(struct kdbus_policy_db *db)
151 hash_init(db->entries_hash);
152 init_rwsem(&db->entries_rwlock);
156 * kdbus_policy_query_unlocked() - Query the policy database
157 * @db: Policy database
158 * @cred: Credentials to test against
159 * @name: Name to query
160 * @hash: Hash value of @name
162 * Same as kdbus_policy_query() but requires the caller to lock the policy
163 * database against concurrent writes.
165 * Return: The highest KDBUS_POLICY_* access type found, or -EPERM if none.
167 int kdbus_policy_query_unlocked(struct kdbus_policy_db *db,
168 const struct cred *cred, const char *name,
171 struct kdbus_policy_db_entry_access *a;
172 const struct kdbus_policy_db_entry *e;
173 int i, highest = -EPERM;
175 e = kdbus_policy_lookup(db, name, hash);
179 list_for_each_entry(a, &e->access_list, list) {
180 if ((int)a->access <= highest)
184 case KDBUS_POLICY_ACCESS_USER:
185 if (uid_eq(cred->euid, a->uid))
188 case KDBUS_POLICY_ACCESS_GROUP:
189 if (gid_eq(cred->egid, a->gid)) {
194 for (i = 0; i < cred->group_info->ngroups; i++) {
195 kgid_t gid = GROUP_AT(cred->group_info, i);
197 if (gid_eq(gid, a->gid)) {
204 case KDBUS_POLICY_ACCESS_WORLD:
209 /* OWN is the highest possible policy */
210 if (highest >= KDBUS_POLICY_OWN)
218 * kdbus_policy_query() - Query the policy database
219 * @db: Policy database
220 * @cred: Credentials to test against
221 * @name: Name to query
222 * @hash: Hash value of @name
224 * Query the policy database @db for the access rights of @cred to the name
225 * @name. The access rights of @cred are returned, or -EPERM if no access is
228 * This call effectively searches for the highest access-right granted to
229 * @cred. The caller should really cache those as policy lookups are rather
232 * Return: The highest KDBUS_POLICY_* access type found, or -EPERM if none.
234 int kdbus_policy_query(struct kdbus_policy_db *db, const struct cred *cred,
235 const char *name, unsigned int hash)
239 down_read(&db->entries_rwlock);
240 ret = kdbus_policy_query_unlocked(db, cred, name, hash);
241 up_read(&db->entries_rwlock);
246 static void __kdbus_policy_remove_owner(struct kdbus_policy_db *db,
249 struct kdbus_policy_db_entry *e;
250 struct hlist_node *tmp;
253 hash_for_each_safe(db->entries_hash, i, tmp, e, hentry)
254 if (e->owner == owner) {
255 hash_del(&e->hentry);
256 kdbus_policy_entry_free(e);
261 * kdbus_policy_remove_owner() - remove all entries related to a connection
262 * @db: The policy database
263 * @owner: The connection which items to remove
265 void kdbus_policy_remove_owner(struct kdbus_policy_db *db,
268 down_write(&db->entries_rwlock);
269 __kdbus_policy_remove_owner(db, owner);
270 up_write(&db->entries_rwlock);
274 * Convert user provided policy access to internal kdbus policy
277 static struct kdbus_policy_db_entry_access *
278 kdbus_policy_make_access(const struct kdbus_policy_access *uaccess)
281 struct kdbus_policy_db_entry_access *a;
283 a = kzalloc(sizeof(*a), GFP_KERNEL);
285 return ERR_PTR(-ENOMEM);
288 switch (uaccess->access) {
289 case KDBUS_POLICY_SEE:
290 case KDBUS_POLICY_TALK:
291 case KDBUS_POLICY_OWN:
292 a->access = uaccess->access;
298 switch (uaccess->type) {
299 case KDBUS_POLICY_ACCESS_USER:
300 a->uid = make_kuid(current_user_ns(), uaccess->id);
301 if (!uid_valid(a->uid))
305 case KDBUS_POLICY_ACCESS_GROUP:
306 a->gid = make_kgid(current_user_ns(), uaccess->id);
307 if (!gid_valid(a->gid))
311 case KDBUS_POLICY_ACCESS_WORLD:
317 a->type = uaccess->type;
327 * kdbus_policy_set() - set a connection's policy rules
328 * @db: The policy database
329 * @items: A list of kdbus_item elements that contain both
330 * names and access rules to set.
331 * @items_size: The total size of the items.
332 * @max_policies: The maximum number of policy entries to allow.
333 * Pass 0 for no limit.
334 * @allow_wildcards: Boolean value whether wildcard entries (such
335 * ending on '.*') should be allowed.
336 * @owner: The owner of the new policy items.
338 * This function sets a new set of policies for a given owner. The names and
339 * access rules are gathered by walking the list of items passed in as
340 * argument. An item of type KDBUS_ITEM_NAME is expected before any number of
341 * KDBUS_ITEM_POLICY_ACCESS items. If there are more repetitions of this
342 * pattern than denoted in @max_policies, -EINVAL is returned.
344 * In order to allow atomic replacement of rules, the function first removes
345 * all entries that have been created for the given owner previously.
347 * Callers to this function must make sure that the owner is a custom
348 * endpoint, or if the endpoint is a default endpoint, then it must be
349 * either a policy holder or an activator.
351 * Return: 0 on success, negative errno on failure.
353 int kdbus_policy_set(struct kdbus_policy_db *db,
354 const struct kdbus_item *items,
357 bool allow_wildcards,
360 struct kdbus_policy_db_entry_access *a;
361 struct kdbus_policy_db_entry *e, *p;
362 const struct kdbus_item *item;
363 struct hlist_node *tmp;
370 /* Walk the list of items and look for new policies */
372 KDBUS_ITEMS_FOREACH(item, items, items_size) {
373 switch (item->type) {
374 case KDBUS_ITEM_NAME: {
377 if (max_policies && ++count > max_policies) {
382 if (!kdbus_name_is_valid(item->str, true)) {
387 e = kzalloc(sizeof(*e), GFP_KERNEL);
393 INIT_LIST_HEAD(&e->access_list);
395 hlist_add_head(&e->hentry, &entries);
397 e->name = kstrdup(item->str, GFP_KERNEL);
404 * If a supplied name ends with an '.*', cut off that
405 * part, only store anything before it, and mark the
408 len = strlen(e->name);
410 e->name[len - 3] == '.' &&
411 e->name[len - 2] == '*') {
412 if (!allow_wildcards) {
417 e->name[len - 3] = '\0';
424 case KDBUS_ITEM_POLICY_ACCESS:
430 a = kdbus_policy_make_access(&item->policy_access);
436 list_add_tail(&a->list, &e->access_list);
441 down_write(&db->entries_rwlock);
443 /* remember previous entries to restore in case of failure */
444 hash_for_each_safe(db->entries_hash, i, tmp, e, hentry)
445 if (e->owner == owner) {
446 hash_del(&e->hentry);
447 hlist_add_head(&e->hentry, &restore);
450 hlist_for_each_entry_safe(e, tmp, &entries, hentry) {
451 /* prevent duplicates */
452 hash = kdbus_strhash(e->name);
453 hash_for_each_possible(db->entries_hash, p, hentry, hash)
454 if (strcmp(e->name, p->name) == 0 &&
455 e->wildcard == p->wildcard) {
460 hlist_del(&e->hentry);
461 hash_add(db->entries_hash, &e->hentry, hash);
465 /* if we failed, flush all entries we added so far */
467 __kdbus_policy_remove_owner(db, owner);
469 /* if we failed, restore entries, otherwise release them */
470 hlist_for_each_entry_safe(e, tmp, &restore, hentry) {
471 hlist_del(&e->hentry);
473 hash = kdbus_strhash(e->name);
474 hash_add(db->entries_hash, &e->hentry, hash);
476 kdbus_policy_entry_free(e);
480 up_write(&db->entries_rwlock);
483 hlist_for_each_entry_safe(e, tmp, &entries, hentry) {
484 hlist_del(&e->hentry);
485 kdbus_policy_entry_free(e);