blob: 71acebc747c38bf3a0779e8270b6ae3cfe7fa22d [file] [log] [blame]
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +09001/*
2 * security/tomoyo/domain.c
3 *
Tetsuo Handac3ef1502010-05-17 10:12:46 +09004 * Domain transition functions for TOMOYO.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +09005 *
Tetsuo Handac3ef1502010-05-17 10:12:46 +09006 * Copyright (C) 2005-2010 NTT DATA CORPORATION
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +09007 */
8
9#include "common.h"
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +090010#include <linux/binfmts.h>
Tejun Heo5a0e3ad2010-03-24 17:04:11 +090011#include <linux/slab.h>
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +090012
13/* Variables definitions.*/
14
15/* The initial domain. */
16struct tomoyo_domain_info tomoyo_kernel_domain;
17
Tetsuo Handa237ab452010-06-12 20:46:22 +090018/**
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090019 * tomoyo_update_policy - Update an entry for exception policy.
20 *
21 * @new_entry: Pointer to "struct tomoyo_acl_info".
22 * @size: Size of @new_entry in bytes.
Tetsuo Handaa238cf52011-06-26 23:17:10 +090023 * @param: Pointer to "struct tomoyo_acl_param".
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090024 * @check_duplicate: Callback function to find duplicated entry.
25 *
26 * Returns 0 on success, negative value otherwise.
27 *
28 * Caller holds tomoyo_read_lock().
29 */
30int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
Tetsuo Handaa238cf52011-06-26 23:17:10 +090031 struct tomoyo_acl_param *param,
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090032 bool (*check_duplicate) (const struct tomoyo_acl_head
33 *,
34 const struct tomoyo_acl_head
35 *))
36{
Tetsuo Handaa238cf52011-06-26 23:17:10 +090037 int error = param->is_delete ? -ENOENT : -ENOMEM;
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090038 struct tomoyo_acl_head *entry;
Tetsuo Handaa238cf52011-06-26 23:17:10 +090039 struct list_head *list = param->list;
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090040
41 if (mutex_lock_interruptible(&tomoyo_policy_lock))
42 return -ENOMEM;
43 list_for_each_entry_rcu(entry, list, list) {
44 if (!check_duplicate(entry, new_entry))
45 continue;
Tetsuo Handaa238cf52011-06-26 23:17:10 +090046 entry->is_deleted = param->is_delete;
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090047 error = 0;
48 break;
49 }
Tetsuo Handaa238cf52011-06-26 23:17:10 +090050 if (error && !param->is_delete) {
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +090051 entry = tomoyo_commit_ok(new_entry, size);
52 if (entry) {
53 list_add_tail_rcu(&entry->list, list);
54 error = 0;
55 }
56 }
57 mutex_unlock(&tomoyo_policy_lock);
58 return error;
59}
60
61/**
Tetsuo Handa0df7e8b2011-06-26 23:16:36 +090062 * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
63 *
64 * @a: Pointer to "struct tomoyo_acl_info".
65 * @b: Pointer to "struct tomoyo_acl_info".
66 *
67 * Returns true if @a == @b, false otherwise.
68 */
69static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,
70 const struct tomoyo_acl_info *b)
71{
72 return a->type == b->type;
73}
74
75/**
Tetsuo Handa237ab452010-06-12 20:46:22 +090076 * tomoyo_update_domain - Update an entry for domain policy.
77 *
78 * @new_entry: Pointer to "struct tomoyo_acl_info".
79 * @size: Size of @new_entry in bytes.
Tetsuo Handaa238cf52011-06-26 23:17:10 +090080 * @param: Pointer to "struct tomoyo_acl_param".
Tetsuo Handa237ab452010-06-12 20:46:22 +090081 * @check_duplicate: Callback function to find duplicated entry.
82 * @merge_duplicate: Callback function to merge duplicated entry.
83 *
84 * Returns 0 on success, negative value otherwise.
85 *
86 * Caller holds tomoyo_read_lock().
87 */
88int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
Tetsuo Handaa238cf52011-06-26 23:17:10 +090089 struct tomoyo_acl_param *param,
Tetsuo Handa237ab452010-06-12 20:46:22 +090090 bool (*check_duplicate) (const struct tomoyo_acl_info
91 *,
92 const struct tomoyo_acl_info
93 *),
94 bool (*merge_duplicate) (struct tomoyo_acl_info *,
95 struct tomoyo_acl_info *,
96 const bool))
97{
Tetsuo Handaa238cf52011-06-26 23:17:10 +090098 const bool is_delete = param->is_delete;
Tetsuo Handa237ab452010-06-12 20:46:22 +090099 int error = is_delete ? -ENOENT : -ENOMEM;
100 struct tomoyo_acl_info *entry;
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900101 struct list_head * const list = param->list;
Tetsuo Handa237ab452010-06-12 20:46:22 +0900102
103 if (mutex_lock_interruptible(&tomoyo_policy_lock))
104 return error;
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900105 list_for_each_entry_rcu(entry, list, list) {
Tetsuo Handa0df7e8b2011-06-26 23:16:36 +0900106 if (!tomoyo_same_acl_head(entry, new_entry) ||
107 !check_duplicate(entry, new_entry))
Tetsuo Handa237ab452010-06-12 20:46:22 +0900108 continue;
109 if (merge_duplicate)
110 entry->is_deleted = merge_duplicate(entry, new_entry,
111 is_delete);
112 else
113 entry->is_deleted = is_delete;
114 error = 0;
115 break;
116 }
117 if (error && !is_delete) {
118 entry = tomoyo_commit_ok(new_entry, size);
119 if (entry) {
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900120 list_add_tail_rcu(&entry->list, list);
Tetsuo Handa237ab452010-06-12 20:46:22 +0900121 error = 0;
122 }
123 }
124 mutex_unlock(&tomoyo_policy_lock);
125 return error;
126}
127
Tetsuo Handa32997142011-06-26 23:19:28 +0900128/**
129 * tomoyo_check_acl - Do permission check.
130 *
131 * @r: Pointer to "struct tomoyo_request_info".
132 * @check_entry: Callback function to check type specific parameters.
133 *
134 * Returns 0 on success, negative value otherwise.
135 *
136 * Caller holds tomoyo_read_lock().
137 */
Tetsuo Handa99a85252010-06-16 16:22:51 +0900138void tomoyo_check_acl(struct tomoyo_request_info *r,
Tetsuo Handa484ca792010-07-29 14:29:55 +0900139 bool (*check_entry) (struct tomoyo_request_info *,
Tetsuo Handa99a85252010-06-16 16:22:51 +0900140 const struct tomoyo_acl_info *))
141{
142 const struct tomoyo_domain_info *domain = r->domain;
143 struct tomoyo_acl_info *ptr;
Tetsuo Handa32997142011-06-26 23:19:28 +0900144 bool retried = false;
145 const struct list_head *list = &domain->acl_info_list;
Tetsuo Handa99a85252010-06-16 16:22:51 +0900146
Tetsuo Handa32997142011-06-26 23:19:28 +0900147retry:
148 list_for_each_entry_rcu(ptr, list, list) {
Tetsuo Handa99a85252010-06-16 16:22:51 +0900149 if (ptr->is_deleted || ptr->type != r->param_type)
150 continue;
151 if (check_entry(r, ptr)) {
152 r->granted = true;
153 return;
154 }
155 }
Tetsuo Handa32997142011-06-26 23:19:28 +0900156 if (!retried) {
157 retried = true;
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900158 list = &domain->ns->acl_group[domain->group];
Tetsuo Handa32997142011-06-26 23:19:28 +0900159 goto retry;
160 }
Tetsuo Handa99a85252010-06-16 16:22:51 +0900161 r->granted = false;
162}
163
Tetsuo Handaa230f9e2010-06-17 16:53:24 +0900164/* The list for "struct tomoyo_domain_info". */
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900165LIST_HEAD(tomoyo_domain_list);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900166
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900167/**
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900168 * tomoyo_last_word - Get last component of a domainname.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900169 *
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900170 * @name: Domainname to check.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900171 *
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900172 * Returns the last word of @domainname.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900173 */
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900174static const char *tomoyo_last_word(const char *name)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900175{
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900176 const char *cp = strrchr(name, ' ');
177 if (cp)
178 return cp + 1;
179 return name;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900180}
181
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900182/**
183 * tomoyo_same_transition_control - Check for duplicated "struct tomoyo_transition_control" entry.
184 *
185 * @a: Pointer to "struct tomoyo_acl_head".
186 * @b: Pointer to "struct tomoyo_acl_head".
187 *
188 * Returns true if @a == @b, false otherwise.
189 */
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900190static bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a,
191 const struct tomoyo_acl_head *b)
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900192{
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900193 const struct tomoyo_transition_control *p1 = container_of(a,
194 typeof(*p1),
195 head);
196 const struct tomoyo_transition_control *p2 = container_of(b,
197 typeof(*p2),
198 head);
199 return p1->type == p2->type && p1->is_last_name == p2->is_last_name
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900200 && p1->domainname == p2->domainname
201 && p1->program == p2->program;
202}
203
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900204/**
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900205 * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900206 *
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900207 * @param: Pointer to "struct tomoyo_acl_param".
208 * @type: Type of this entry.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900209 *
210 * Returns 0 on success, negative value otherwise.
211 */
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900212int tomoyo_write_transition_control(struct tomoyo_acl_param *param,
213 const u8 type)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900214{
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900215 struct tomoyo_transition_control e = { .type = type };
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900216 int error = param->is_delete ? -ENOENT : -ENOMEM;
217 char *program = param->data;
218 char *domainname = strstr(program, " from ");
219 if (domainname) {
220 *domainname = '\0';
221 domainname += 6;
222 } else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP ||
223 type == TOMOYO_TRANSITION_CONTROL_KEEP) {
224 domainname = program;
225 program = NULL;
226 }
Tetsuo Handa0d2171d2011-06-26 23:17:46 +0900227 if (program && strcmp(program, "any")) {
Tetsuo Handa75093152010-06-16 16:23:55 +0900228 if (!tomoyo_correct_path(program))
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900229 return -EINVAL;
Tetsuo Handa9e4b50e2010-05-06 12:40:02 +0900230 e.program = tomoyo_get_name(program);
231 if (!e.program)
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900232 goto out;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900233 }
Tetsuo Handa0d2171d2011-06-26 23:17:46 +0900234 if (domainname && strcmp(domainname, "any")) {
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900235 if (!tomoyo_correct_domain(domainname)) {
236 if (!tomoyo_correct_path(domainname))
237 goto out;
238 e.is_last_name = true;
239 }
240 e.domainname = tomoyo_get_name(domainname);
241 if (!e.domainname)
242 goto out;
243 }
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900244 param->list = &param->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900245 error = tomoyo_update_policy(&e.head, sizeof(e), param,
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900246 tomoyo_same_transition_control);
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900247out:
Tetsuo Handa9e4b50e2010-05-06 12:40:02 +0900248 tomoyo_put_name(e.domainname);
249 tomoyo_put_name(e.program);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900250 return error;
251}
252
253/**
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900254 * tomoyo_scan_transition - Try to find specific domain transition type.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900255 *
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900256 * @list: Pointer to "struct list_head".
257 * @domainname: The name of current domain.
258 * @program: The name of requested program.
259 * @last_name: The last component of @domainname.
260 * @type: One of values in "enum tomoyo_transition_type".
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900261 *
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900262 * Returns true if found one, false otherwise.
Tetsuo Handafdb8ebb2009-12-08 09:34:43 +0900263 *
264 * Caller holds tomoyo_read_lock().
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900265 */
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900266static inline bool tomoyo_scan_transition
267(const struct list_head *list, const struct tomoyo_path_info *domainname,
268 const struct tomoyo_path_info *program, const char *last_name,
269 const enum tomoyo_transition_type type)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900270{
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900271 const struct tomoyo_transition_control *ptr;
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900272 list_for_each_entry_rcu(ptr, list, head.list) {
273 if (ptr->head.is_deleted || ptr->type != type)
274 continue;
275 if (ptr->domainname) {
276 if (!ptr->is_last_name) {
277 if (ptr->domainname != domainname)
278 continue;
279 } else {
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900280 /*
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900281 * Use direct strcmp() since this is
282 * unlikely used.
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900283 */
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900284 if (strcmp(ptr->domainname->name, last_name))
285 continue;
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900286 }
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900287 }
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900288 if (ptr->program && tomoyo_pathcmp(ptr->program, program))
289 continue;
290 return true;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900291 }
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900292 return false;
293}
294
295/**
296 * tomoyo_transition_type - Get domain transition type.
297 *
298 * @ns: Pointer to "struct tomoyo_policy_namespace".
299 * @domainname: The name of current domain.
300 * @program: The name of requested program.
301 *
302 * Returns TOMOYO_TRANSITION_CONTROL_TRANSIT if executing @program causes
303 * domain transition across namespaces, TOMOYO_TRANSITION_CONTROL_INITIALIZE if
304 * executing @program reinitializes domain transition within that namespace,
305 * TOMOYO_TRANSITION_CONTROL_KEEP if executing @program stays at @domainname ,
306 * others otherwise.
307 *
308 * Caller holds tomoyo_read_lock().
309 */
310static enum tomoyo_transition_type tomoyo_transition_type
311(const struct tomoyo_policy_namespace *ns,
312 const struct tomoyo_path_info *domainname,
313 const struct tomoyo_path_info *program)
314{
315 const char *last_name = tomoyo_last_word(domainname->name);
316 enum tomoyo_transition_type type = TOMOYO_TRANSITION_CONTROL_NO_RESET;
317 while (type < TOMOYO_MAX_TRANSITION_TYPE) {
318 const struct list_head * const list =
319 &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];
320 if (!tomoyo_scan_transition(list, domainname, program,
321 last_name, type)) {
322 type++;
323 continue;
324 }
325 if (type != TOMOYO_TRANSITION_CONTROL_NO_RESET &&
326 type != TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE)
327 break;
328 /*
329 * Do not check for reset_domain if no_reset_domain matched.
330 * Do not check for initialize_domain if no_initialize_domain
331 * matched.
332 */
333 type++;
334 type++;
335 }
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900336 return type;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900337}
338
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900339/**
340 * tomoyo_same_aggregator - Check for duplicated "struct tomoyo_aggregator" entry.
341 *
342 * @a: Pointer to "struct tomoyo_acl_head".
343 * @b: Pointer to "struct tomoyo_acl_head".
344 *
345 * Returns true if @a == @b, false otherwise.
346 */
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900347static bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a,
348 const struct tomoyo_acl_head *b)
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900349{
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900350 const struct tomoyo_aggregator *p1 = container_of(a, typeof(*p1),
351 head);
352 const struct tomoyo_aggregator *p2 = container_of(b, typeof(*p2),
353 head);
Tetsuo Handa36f5e1f2010-06-15 09:23:26 +0900354 return p1->original_name == p2->original_name &&
355 p1->aggregated_name == p2->aggregated_name;
356}
357
Tetsuo Handa10843072010-06-03 20:38:03 +0900358/**
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900359 * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
Tetsuo Handa10843072010-06-03 20:38:03 +0900360 *
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900361 * @param: Pointer to "struct tomoyo_acl_param".
Tetsuo Handa10843072010-06-03 20:38:03 +0900362 *
363 * Returns 0 on success, negative value otherwise.
364 *
365 * Caller holds tomoyo_read_lock().
366 */
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900367int tomoyo_write_aggregator(struct tomoyo_acl_param *param)
Tetsuo Handa10843072010-06-03 20:38:03 +0900368{
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900369 struct tomoyo_aggregator e = { };
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900370 int error = param->is_delete ? -ENOENT : -ENOMEM;
371 const char *original_name = tomoyo_read_token(param);
372 const char *aggregated_name = tomoyo_read_token(param);
373 if (!tomoyo_correct_word(original_name) ||
Tetsuo Handa75093152010-06-16 16:23:55 +0900374 !tomoyo_correct_path(aggregated_name))
Tetsuo Handa10843072010-06-03 20:38:03 +0900375 return -EINVAL;
376 e.original_name = tomoyo_get_name(original_name);
377 e.aggregated_name = tomoyo_get_name(aggregated_name);
378 if (!e.original_name || !e.aggregated_name ||
379 e.aggregated_name->is_patterned) /* No patterns allowed. */
380 goto out;
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900381 param->list = &param->ns->policy_list[TOMOYO_ID_AGGREGATOR];
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900382 error = tomoyo_update_policy(&e.head, sizeof(e), param,
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900383 tomoyo_same_aggregator);
Tetsuo Handaa238cf52011-06-26 23:17:10 +0900384out:
Tetsuo Handa10843072010-06-03 20:38:03 +0900385 tomoyo_put_name(e.original_name);
386 tomoyo_put_name(e.aggregated_name);
387 return error;
388}
389
390/**
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900391 * tomoyo_find_namespace - Find specified namespace.
392 *
393 * @name: Name of namespace to find.
394 * @len: Length of @name.
395 *
396 * Returns pointer to "struct tomoyo_policy_namespace" if found,
397 * NULL otherwise.
398 *
399 * Caller holds tomoyo_read_lock().
400 */
401static struct tomoyo_policy_namespace *tomoyo_find_namespace
402(const char *name, const unsigned int len)
403{
404 struct tomoyo_policy_namespace *ns;
405 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
406 if (strncmp(name, ns->name, len) ||
407 (name[len] && name[len] != ' '))
408 continue;
409 return ns;
410 }
411 return NULL;
412}
413
414/**
415 * tomoyo_assign_namespace - Create a new namespace.
416 *
417 * @domainname: Name of namespace to create.
418 *
419 * Returns pointer to "struct tomoyo_policy_namespace" on success,
420 * NULL otherwise.
421 *
422 * Caller holds tomoyo_read_lock().
423 */
424struct tomoyo_policy_namespace *tomoyo_assign_namespace(const char *domainname)
425{
426 struct tomoyo_policy_namespace *ptr;
427 struct tomoyo_policy_namespace *entry;
428 const char *cp = domainname;
429 unsigned int len = 0;
430 while (*cp && *cp++ != ' ')
431 len++;
432 ptr = tomoyo_find_namespace(domainname, len);
433 if (ptr)
434 return ptr;
435 if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname))
436 return NULL;
437 entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS);
438 if (!entry)
439 return NULL;
440 if (mutex_lock_interruptible(&tomoyo_policy_lock))
441 goto out;
442 ptr = tomoyo_find_namespace(domainname, len);
443 if (!ptr && tomoyo_memory_ok(entry)) {
444 char *name = (char *) (entry + 1);
445 ptr = entry;
446 memmove(name, domainname, len);
447 name[len] = '\0';
448 entry->name = name;
449 tomoyo_init_policy_namespace(entry);
450 entry = NULL;
451 }
452 mutex_unlock(&tomoyo_policy_lock);
453out:
454 kfree(entry);
455 return ptr;
456}
457
458/**
459 * tomoyo_namespace_jump - Check for namespace jump.
460 *
461 * @domainname: Name of domain.
462 *
463 * Returns true if namespace differs, false otherwise.
464 */
465static bool tomoyo_namespace_jump(const char *domainname)
466{
467 const char *namespace = tomoyo_current_namespace()->name;
468 const int len = strlen(namespace);
469 return strncmp(domainname, namespace, len) ||
470 (domainname[len] && domainname[len] != ' ');
471}
472
473/**
474 * tomoyo_assign_domain - Create a domain or a namespace.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900475 *
476 * @domainname: The name of domain.
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900477 * @transit: True if transit to domain found or created.
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900478 *
479 * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
Tetsuo Handafdb8ebb2009-12-08 09:34:43 +0900480 *
481 * Caller holds tomoyo_read_lock().
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900482 */
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900483struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900484 const bool transit)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900485{
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900486 struct tomoyo_domain_info e = { };
487 struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname);
488 bool created = false;
489 if (entry) {
490 if (transit) {
491 /*
492 * Since namespace is created at runtime, profiles may
493 * not be created by the moment the process transits to
494 * that domain. Do not perform domain transition if
495 * profile for that domain is not yet created.
496 */
497 if (!entry->ns->profile_ptr[entry->profile])
498 return NULL;
499 }
500 return entry;
501 }
502 /* Requested domain does not exist. */
503 /* Don't create requested domain if domainname is invalid. */
504 if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 ||
505 !tomoyo_correct_domain(domainname))
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900506 return NULL;
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900507 /*
508 * Since definition of profiles and acl_groups may differ across
509 * namespaces, do not inherit "use_profile" and "use_group" settings
510 * by automatically creating requested domain upon domain transition.
511 */
512 if (transit && tomoyo_namespace_jump(domainname))
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900513 return NULL;
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900514 e.ns = tomoyo_assign_namespace(domainname);
515 if (!e.ns)
516 return NULL;
517 /*
518 * "use_profile" and "use_group" settings for automatically created
519 * domains are inherited from current domain. These are 0 for manually
520 * created domains.
521 */
522 if (transit) {
523 const struct tomoyo_domain_info *domain = tomoyo_domain();
524 e.profile = domain->profile;
525 e.group = domain->group;
526 }
527 e.domainname = tomoyo_get_name(domainname);
528 if (!e.domainname)
529 return NULL;
Tetsuo Handa29282382010-05-06 00:18:15 +0900530 if (mutex_lock_interruptible(&tomoyo_policy_lock))
531 goto out;
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900532 entry = tomoyo_find_domain(domainname);
533 if (!entry) {
534 entry = tomoyo_commit_ok(&e, sizeof(e));
535 if (entry) {
536 INIT_LIST_HEAD(&entry->acl_info_list);
537 list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
538 created = true;
539 }
Tetsuo Handaca0b7df2010-02-07 20:23:59 +0900540 }
Tetsuo Handaf737d952010-01-03 21:16:32 +0900541 mutex_unlock(&tomoyo_policy_lock);
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900542out:
543 tomoyo_put_name(e.domainname);
544 if (entry && transit) {
545 if (created) {
546 struct tomoyo_request_info r;
547 tomoyo_init_request_info(&r, entry,
548 TOMOYO_MAC_FILE_EXECUTE);
549 r.granted = false;
550 tomoyo_write_log(&r, "use_profile %u\n",
551 entry->profile);
552 tomoyo_write_log(&r, "use_group %u\n", entry->group);
553 }
554 }
555 return entry;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900556}
557
558/**
559 * tomoyo_find_next_domain - Find a domain.
560 *
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900561 * @bprm: Pointer to "struct linux_binprm".
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900562 *
563 * Returns 0 on success, negative value otherwise.
Tetsuo Handafdb8ebb2009-12-08 09:34:43 +0900564 *
565 * Caller holds tomoyo_read_lock().
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900566 */
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900567int tomoyo_find_next_domain(struct linux_binprm *bprm)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900568{
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900569 struct tomoyo_request_info r;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900570 char *tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900571 struct tomoyo_domain_info *old_domain = tomoyo_domain();
572 struct tomoyo_domain_info *domain = NULL;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900573 const char *original_name = bprm->filename;
Tetsuo Handa57c25902010-06-03 20:38:44 +0900574 u8 mode;
575 bool is_enforce;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900576 int retval = -ENOMEM;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900577 bool need_kfree = false;
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900578 bool reject_on_transition_failure = false;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900579 struct tomoyo_path_info rn = { }; /* real name */
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900580
Tetsuo Handa57c25902010-06-03 20:38:44 +0900581 mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
582 is_enforce = (mode == TOMOYO_CONFIG_ENFORCING);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900583 if (!tmp)
584 goto out;
585
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900586 retry:
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900587 if (need_kfree) {
588 kfree(rn.name);
589 need_kfree = false;
590 }
Tetsuo Handa0617c7f2010-06-21 09:58:53 +0900591 /* Get symlink's pathname of program. */
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900592 retval = -ENOENT;
Tetsuo Handa0617c7f2010-06-21 09:58:53 +0900593 rn.name = tomoyo_realpath_nofollow(original_name);
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900594 if (!rn.name)
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900595 goto out;
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900596 tomoyo_fill_path_info(&rn);
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900597 need_kfree = true;
598
Tetsuo Handa10843072010-06-03 20:38:03 +0900599 /* Check 'aggregator' directive. */
600 {
Tetsuo Handae2bf6902010-06-25 11:16:00 +0900601 struct tomoyo_aggregator *ptr;
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900602 struct list_head *list =
603 &old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR];
604 /* Check 'aggregator' directive. */
605 list_for_each_entry_rcu(ptr, list, head.list) {
Tetsuo Handa82e0f002010-06-15 09:22:42 +0900606 if (ptr->head.is_deleted ||
Tetsuo Handa10843072010-06-03 20:38:03 +0900607 !tomoyo_path_matches_pattern(&rn,
608 ptr->original_name))
609 continue;
Tetsuo Handa0617c7f2010-06-21 09:58:53 +0900610 kfree(rn.name);
Tetsuo Handa10843072010-06-03 20:38:03 +0900611 need_kfree = false;
612 /* This is OK because it is read only. */
613 rn = *ptr->aggregated_name;
614 break;
615 }
616 }
617
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900618 /* Check execute permission. */
Tetsuo Handa05336de2010-06-16 16:20:24 +0900619 retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn);
Tetsuo Handa17fcfbd2010-05-17 10:11:36 +0900620 if (retval == TOMOYO_RETRY_REQUEST)
621 goto retry;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900622 if (retval < 0)
623 goto out;
Tetsuo Handa484ca792010-07-29 14:29:55 +0900624 /*
625 * To be able to specify domainnames with wildcards, use the
626 * pathname specified in the policy (which may contain
627 * wildcard) rather than the pathname passed to execve()
628 * (which never contains wildcard).
629 */
630 if (r.param.path.matched_path) {
631 if (need_kfree)
632 kfree(rn.name);
633 need_kfree = false;
634 /* This is OK because it is read only. */
635 rn = *r.param.path.matched_path;
636 }
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900637
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900638 /* Calculate domain to transit to. */
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900639 switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname,
640 &rn)) {
641 case TOMOYO_TRANSITION_CONTROL_RESET:
642 /* Transit to the root of specified namespace. */
643 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name);
644 /*
645 * Make do_execve() fail if domain transition across namespaces
646 * has failed.
647 */
648 reject_on_transition_failure = true;
649 break;
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900650 case TOMOYO_TRANSITION_CONTROL_INITIALIZE:
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900651 /* Transit to the child of current namespace's root. */
652 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
653 old_domain->ns->name, rn.name);
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900654 break;
655 case TOMOYO_TRANSITION_CONTROL_KEEP:
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900656 /* Keep current domain. */
657 domain = old_domain;
Tetsuo Handa5448ec42010-06-21 11:14:39 +0900658 break;
659 default:
660 if (old_domain == &tomoyo_kernel_domain &&
661 !tomoyo_policy_loaded) {
662 /*
663 * Needn't to transit from kernel domain before
664 * starting /sbin/init. But transit from kernel domain
665 * if executing initializers because they might start
666 * before /sbin/init.
667 */
668 domain = old_domain;
669 } else {
670 /* Normal domain transition. */
671 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
672 old_domain->domainname->name, rn.name);
673 }
674 break;
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900675 }
Tetsuo Handa7c759642011-06-26 23:15:31 +0900676 if (!domain)
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900677 domain = tomoyo_assign_domain(tmp, true);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900678 if (domain)
Tetsuo Handabd03a3e2011-06-26 23:19:52 +0900679 retval = 0;
680 else if (reject_on_transition_failure) {
681 printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n", tmp);
682 retval = -ENOMEM;
683 } else if (r.mode == TOMOYO_CONFIG_ENFORCING)
684 retval = -ENOMEM;
685 else {
686 retval = 0;
687 if (!old_domain->transition_failed) {
688 old_domain->transition_failed = true;
689 r.granted = false;
690 tomoyo_write_log(&r, "%s", "transition_failed\n");
691 printk(KERN_WARNING
692 "ERROR: Domain '%s' not defined.\n", tmp);
693 }
694 }
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900695 out:
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900696 if (!domain)
697 domain = old_domain;
Tetsuo Handaec8e6a42010-02-11 09:43:20 +0900698 /* Update reference count on "struct tomoyo_domain_info". */
699 atomic_inc(&domain->users);
Tetsuo Handa56f8c9bc2009-06-19 14:13:27 +0900700 bprm->cred->security = domain;
Tetsuo Handac8c57e82010-06-03 20:36:43 +0900701 if (need_kfree)
702 kfree(rn.name);
Tetsuo Handa8e2d39a2010-01-26 20:45:27 +0900703 kfree(tmp);
Kentaro Takeda26a2a1c2009-02-05 17:18:15 +0900704 return retval;
705}