2 * security/tomoyo/domain.c
4 * Domain transition functions for TOMOYO.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
10 #include <linux/binfmts.h>
11 #include <linux/slab.h>
13 /* Variables definitions.*/
15 /* The initial domain. */
16 struct tomoyo_domain_info tomoyo_kernel_domain;
19 * tomoyo_update_policy - Update an entry for exception policy.
21 * @new_entry: Pointer to "struct tomoyo_acl_info".
22 * @size: Size of @new_entry in bytes.
23 * @param: Pointer to "struct tomoyo_acl_param".
24 * @check_duplicate: Callback function to find duplicated entry.
26 * Returns 0 on success, negative value otherwise.
28 * Caller holds tomoyo_read_lock().
30 int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
31 struct tomoyo_acl_param *param,
32 bool (*check_duplicate) (const struct tomoyo_acl_head
34 const struct tomoyo_acl_head
37 int error = param->is_delete ? -ENOENT : -ENOMEM;
38 struct tomoyo_acl_head *entry;
39 struct list_head *list = param->list;
41 if (mutex_lock_interruptible(&tomoyo_policy_lock))
43 list_for_each_entry_rcu(entry, list, list) {
44 if (!check_duplicate(entry, new_entry))
46 entry->is_deleted = param->is_delete;
50 if (error && !param->is_delete) {
51 entry = tomoyo_commit_ok(new_entry, size);
53 list_add_tail_rcu(&entry->list, list);
57 mutex_unlock(&tomoyo_policy_lock);
62 * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
64 * @a: Pointer to "struct tomoyo_acl_info".
65 * @b: Pointer to "struct tomoyo_acl_info".
67 * Returns true if @a == @b, false otherwise.
69 static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,
70 const struct tomoyo_acl_info *b)
72 return a->type == b->type;
76 * tomoyo_update_domain - Update an entry for domain policy.
78 * @new_entry: Pointer to "struct tomoyo_acl_info".
79 * @size: Size of @new_entry in bytes.
80 * @param: Pointer to "struct tomoyo_acl_param".
81 * @check_duplicate: Callback function to find duplicated entry.
82 * @merge_duplicate: Callback function to merge duplicated entry.
84 * Returns 0 on success, negative value otherwise.
86 * Caller holds tomoyo_read_lock().
88 int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
89 struct tomoyo_acl_param *param,
90 bool (*check_duplicate) (const struct tomoyo_acl_info
92 const struct tomoyo_acl_info
94 bool (*merge_duplicate) (struct tomoyo_acl_info *,
95 struct tomoyo_acl_info *,
98 const bool is_delete = param->is_delete;
99 int error = is_delete ? -ENOENT : -ENOMEM;
100 struct tomoyo_acl_info *entry;
101 struct list_head * const list = param->list;
103 if (mutex_lock_interruptible(&tomoyo_policy_lock))
105 list_for_each_entry_rcu(entry, list, list) {
106 if (!tomoyo_same_acl_head(entry, new_entry) ||
107 !check_duplicate(entry, new_entry))
110 entry->is_deleted = merge_duplicate(entry, new_entry,
113 entry->is_deleted = is_delete;
117 if (error && !is_delete) {
118 entry = tomoyo_commit_ok(new_entry, size);
120 list_add_tail_rcu(&entry->list, list);
124 mutex_unlock(&tomoyo_policy_lock);
128 void tomoyo_check_acl(struct tomoyo_request_info *r,
129 bool (*check_entry) (struct tomoyo_request_info *,
130 const struct tomoyo_acl_info *))
132 const struct tomoyo_domain_info *domain = r->domain;
133 struct tomoyo_acl_info *ptr;
135 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
136 if (ptr->is_deleted || ptr->type != r->param_type)
138 if (check_entry(r, ptr)) {
146 /* The list for "struct tomoyo_domain_info". */
147 LIST_HEAD(tomoyo_domain_list);
149 struct list_head tomoyo_policy_list[TOMOYO_MAX_POLICY];
150 struct list_head tomoyo_group_list[TOMOYO_MAX_GROUP];
153 * tomoyo_last_word - Get last component of a domainname.
155 * @domainname: Domainname to check.
157 * Returns the last word of @domainname.
159 static const char *tomoyo_last_word(const char *name)
161 const char *cp = strrchr(name, ' ');
168 * tomoyo_same_transition_control - Check for duplicated "struct tomoyo_transition_control" entry.
170 * @a: Pointer to "struct tomoyo_acl_head".
171 * @b: Pointer to "struct tomoyo_acl_head".
173 * Returns true if @a == @b, false otherwise.
175 static bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a,
176 const struct tomoyo_acl_head *b)
178 const struct tomoyo_transition_control *p1 = container_of(a,
181 const struct tomoyo_transition_control *p2 = container_of(b,
184 return p1->type == p2->type && p1->is_last_name == p2->is_last_name
185 && p1->domainname == p2->domainname
186 && p1->program == p2->program;
190 * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
192 * @param: Pointer to "struct tomoyo_acl_param".
193 * @type: Type of this entry.
195 * Returns 0 on success, negative value otherwise.
197 int tomoyo_write_transition_control(struct tomoyo_acl_param *param,
200 struct tomoyo_transition_control e = { .type = type };
201 int error = param->is_delete ? -ENOENT : -ENOMEM;
202 char *program = param->data;
203 char *domainname = strstr(program, " from ");
207 } else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP ||
208 type == TOMOYO_TRANSITION_CONTROL_KEEP) {
209 domainname = program;
213 if (!tomoyo_correct_path(program))
215 e.program = tomoyo_get_name(program);
220 if (!tomoyo_correct_domain(domainname)) {
221 if (!tomoyo_correct_path(domainname))
223 e.is_last_name = true;
225 e.domainname = tomoyo_get_name(domainname);
229 param->list = &tomoyo_policy_list[TOMOYO_ID_TRANSITION_CONTROL];
230 error = tomoyo_update_policy(&e.head, sizeof(e), param,
231 tomoyo_same_transition_control);
233 tomoyo_put_name(e.domainname);
234 tomoyo_put_name(e.program);
239 * tomoyo_transition_type - Get domain transition type.
241 * @domainname: The name of domain.
242 * @program: The name of program.
244 * Returns TOMOYO_TRANSITION_CONTROL_INITIALIZE if executing @program
245 * reinitializes domain transition, TOMOYO_TRANSITION_CONTROL_KEEP if executing
246 * @program suppresses domain transition, others otherwise.
248 * Caller holds tomoyo_read_lock().
250 static u8 tomoyo_transition_type(const struct tomoyo_path_info *domainname,
251 const struct tomoyo_path_info *program)
253 const struct tomoyo_transition_control *ptr;
254 const char *last_name = tomoyo_last_word(domainname->name);
256 for (type = 0; type < TOMOYO_MAX_TRANSITION_TYPE; type++) {
258 list_for_each_entry_rcu(ptr, &tomoyo_policy_list
259 [TOMOYO_ID_TRANSITION_CONTROL],
261 if (ptr->head.is_deleted || ptr->type != type)
263 if (ptr->domainname) {
264 if (!ptr->is_last_name) {
265 if (ptr->domainname != domainname)
269 * Use direct strcmp() since this is
272 if (strcmp(ptr->domainname->name,
278 tomoyo_pathcmp(ptr->program, program))
280 if (type == TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE) {
282 * Do not check for initialize_domain if
283 * no_initialize_domain matched.
285 type = TOMOYO_TRANSITION_CONTROL_NO_KEEP;
296 * tomoyo_same_aggregator - Check for duplicated "struct tomoyo_aggregator" entry.
298 * @a: Pointer to "struct tomoyo_acl_head".
299 * @b: Pointer to "struct tomoyo_acl_head".
301 * Returns true if @a == @b, false otherwise.
303 static bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a,
304 const struct tomoyo_acl_head *b)
306 const struct tomoyo_aggregator *p1 = container_of(a, typeof(*p1),
308 const struct tomoyo_aggregator *p2 = container_of(b, typeof(*p2),
310 return p1->original_name == p2->original_name &&
311 p1->aggregated_name == p2->aggregated_name;
315 * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
317 * @param: Pointer to "struct tomoyo_acl_param".
319 * Returns 0 on success, negative value otherwise.
321 * Caller holds tomoyo_read_lock().
323 int tomoyo_write_aggregator(struct tomoyo_acl_param *param)
325 struct tomoyo_aggregator e = { };
326 int error = param->is_delete ? -ENOENT : -ENOMEM;
327 const char *original_name = tomoyo_read_token(param);
328 const char *aggregated_name = tomoyo_read_token(param);
329 if (!tomoyo_correct_word(original_name) ||
330 !tomoyo_correct_path(aggregated_name))
332 e.original_name = tomoyo_get_name(original_name);
333 e.aggregated_name = tomoyo_get_name(aggregated_name);
334 if (!e.original_name || !e.aggregated_name ||
335 e.aggregated_name->is_patterned) /* No patterns allowed. */
337 param->list = &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR];
338 error = tomoyo_update_policy(&e.head, sizeof(e), param,
339 tomoyo_same_aggregator);
341 tomoyo_put_name(e.original_name);
342 tomoyo_put_name(e.aggregated_name);
347 * tomoyo_assign_domain - Create a domain.
349 * @domainname: The name of domain.
350 * @profile: Profile number to assign if the domain was newly created.
352 * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
354 * Caller holds tomoyo_read_lock().
356 struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
359 struct tomoyo_domain_info *entry;
360 struct tomoyo_domain_info *domain = NULL;
361 const struct tomoyo_path_info *saved_domainname;
364 if (!tomoyo_correct_domain(domainname))
366 saved_domainname = tomoyo_get_name(domainname);
367 if (!saved_domainname)
369 entry = kzalloc(sizeof(*entry), GFP_NOFS);
370 if (mutex_lock_interruptible(&tomoyo_policy_lock))
372 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
373 if (domain->is_deleted ||
374 tomoyo_pathcmp(saved_domainname, domain->domainname))
379 if (!found && tomoyo_memory_ok(entry)) {
380 INIT_LIST_HEAD(&entry->acl_info_list);
381 entry->domainname = saved_domainname;
382 saved_domainname = NULL;
383 entry->profile = profile;
384 list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
389 mutex_unlock(&tomoyo_policy_lock);
391 tomoyo_put_name(saved_domainname);
393 return found ? domain : NULL;
397 * tomoyo_find_next_domain - Find a domain.
399 * @bprm: Pointer to "struct linux_binprm".
401 * Returns 0 on success, negative value otherwise.
403 * Caller holds tomoyo_read_lock().
405 int tomoyo_find_next_domain(struct linux_binprm *bprm)
407 struct tomoyo_request_info r;
408 char *tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
409 struct tomoyo_domain_info *old_domain = tomoyo_domain();
410 struct tomoyo_domain_info *domain = NULL;
411 const char *original_name = bprm->filename;
414 int retval = -ENOMEM;
415 bool need_kfree = false;
416 struct tomoyo_path_info rn = { }; /* real name */
418 mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
419 is_enforce = (mode == TOMOYO_CONFIG_ENFORCING);
428 /* Get symlink's pathname of program. */
430 rn.name = tomoyo_realpath_nofollow(original_name);
433 tomoyo_fill_path_info(&rn);
436 /* Check 'aggregator' directive. */
438 struct tomoyo_aggregator *ptr;
439 list_for_each_entry_rcu(ptr, &tomoyo_policy_list
440 [TOMOYO_ID_AGGREGATOR], head.list) {
441 if (ptr->head.is_deleted ||
442 !tomoyo_path_matches_pattern(&rn,
447 /* This is OK because it is read only. */
448 rn = *ptr->aggregated_name;
453 /* Check execute permission. */
454 retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn);
455 if (retval == TOMOYO_RETRY_REQUEST)
460 * To be able to specify domainnames with wildcards, use the
461 * pathname specified in the policy (which may contain
462 * wildcard) rather than the pathname passed to execve()
463 * (which never contains wildcard).
465 if (r.param.path.matched_path) {
469 /* This is OK because it is read only. */
470 rn = *r.param.path.matched_path;
473 /* Calculate domain to transit to. */
474 switch (tomoyo_transition_type(old_domain->domainname, &rn)) {
475 case TOMOYO_TRANSITION_CONTROL_INITIALIZE:
476 /* Transit to the child of tomoyo_kernel_domain domain. */
477 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, TOMOYO_ROOT_NAME " "
480 case TOMOYO_TRANSITION_CONTROL_KEEP:
481 /* Keep current domain. */
485 if (old_domain == &tomoyo_kernel_domain &&
486 !tomoyo_policy_loaded) {
488 * Needn't to transit from kernel domain before
489 * starting /sbin/init. But transit from kernel domain
490 * if executing initializers because they might start
495 /* Normal domain transition. */
496 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
497 old_domain->domainname->name, rn.name);
501 if (domain || strlen(tmp) >= TOMOYO_EXEC_TMPSIZE - 10)
503 domain = tomoyo_find_domain(tmp);
505 domain = tomoyo_assign_domain(tmp, old_domain->profile);
509 printk(KERN_WARNING "TOMOYO-ERROR: Domain '%s' not defined.\n", tmp);
513 old_domain->transition_failed = true;
517 /* Update reference count on "struct tomoyo_domain_info". */
518 atomic_inc(&domain->users);
519 bprm->cred->security = domain;