2 * security/tomoyo/domain.c
4 * Domain transition functions for TOMOYO.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
10 #include <linux/binfmts.h>
11 #include <linux/slab.h>
13 /* Variables definitions.*/
15 /* The initial domain. */
16 struct tomoyo_domain_info tomoyo_kernel_domain;
19 * tomoyo_update_policy - Update an entry for exception policy.
21 * @new_entry: Pointer to "struct tomoyo_acl_info".
22 * @size: Size of @new_entry in bytes.
23 * @is_delete: True if it is a delete request.
24 * @list: Pointer to "struct list_head".
25 * @check_duplicate: Callback function to find duplicated entry.
27 * Returns 0 on success, negative value otherwise.
29 * Caller holds tomoyo_read_lock().
31 int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
32 bool is_delete, struct list_head *list,
33 bool (*check_duplicate) (const struct tomoyo_acl_head
35 const struct tomoyo_acl_head
38 int error = is_delete ? -ENOENT : -ENOMEM;
39 struct tomoyo_acl_head *entry;
41 if (mutex_lock_interruptible(&tomoyo_policy_lock))
43 list_for_each_entry_rcu(entry, list, list) {
44 if (!check_duplicate(entry, new_entry))
46 entry->is_deleted = is_delete;
50 if (error && !is_delete) {
51 entry = tomoyo_commit_ok(new_entry, size);
53 list_add_tail_rcu(&entry->list, list);
57 mutex_unlock(&tomoyo_policy_lock);
62 * tomoyo_update_domain - Update an entry for domain policy.
64 * @new_entry: Pointer to "struct tomoyo_acl_info".
65 * @size: Size of @new_entry in bytes.
66 * @is_delete: True if it is a delete request.
67 * @domain: Pointer to "struct tomoyo_domain_info".
68 * @check_duplicate: Callback function to find duplicated entry.
69 * @merge_duplicate: Callback function to merge duplicated entry.
71 * Returns 0 on success, negative value otherwise.
73 * Caller holds tomoyo_read_lock().
75 int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
76 bool is_delete, struct tomoyo_domain_info *domain,
77 bool (*check_duplicate) (const struct tomoyo_acl_info
79 const struct tomoyo_acl_info
81 bool (*merge_duplicate) (struct tomoyo_acl_info *,
82 struct tomoyo_acl_info *,
85 int error = is_delete ? -ENOENT : -ENOMEM;
86 struct tomoyo_acl_info *entry;
88 if (mutex_lock_interruptible(&tomoyo_policy_lock))
90 list_for_each_entry_rcu(entry, &domain->acl_info_list, list) {
91 if (!check_duplicate(entry, new_entry))
94 entry->is_deleted = merge_duplicate(entry, new_entry,
97 entry->is_deleted = is_delete;
101 if (error && !is_delete) {
102 entry = tomoyo_commit_ok(new_entry, size);
104 list_add_tail_rcu(&entry->list, &domain->acl_info_list);
108 mutex_unlock(&tomoyo_policy_lock);
113 * tomoyo_domain_list is used for holding list of domains.
114 * The ->acl_info_list of "struct tomoyo_domain_info" is used for holding
115 * permissions (e.g. "allow_read /lib/libc-2.5.so") given to each domain.
117 * An entry is added by
119 * # ( echo "<kernel>"; echo "allow_execute /sbin/init" ) > \
120 * /sys/kernel/security/tomoyo/domain_policy
124 * # ( echo "<kernel>"; echo "delete allow_execute /sbin/init" ) > \
125 * /sys/kernel/security/tomoyo/domain_policy
127 * and all entries are retrieved by
129 * # cat /sys/kernel/security/tomoyo/domain_policy
131 * A domain is added by
133 * # echo "<kernel>" > /sys/kernel/security/tomoyo/domain_policy
137 * # echo "delete <kernel>" > /sys/kernel/security/tomoyo/domain_policy
139 * and all domains are retrieved by
141 * # grep '^<kernel>' /sys/kernel/security/tomoyo/domain_policy
143 * Normally, a domainname is monotonically getting longer because a domainname
144 * which the process will belong to if an execve() operation succeeds is
145 * defined as a concatenation of "current domainname" + "pathname passed to
147 * See tomoyo_domain_initializer_list and tomoyo_domain_keeper_list for
150 LIST_HEAD(tomoyo_domain_list);
153 * tomoyo_get_last_name - Get last component of a domainname.
155 * @domain: Pointer to "struct tomoyo_domain_info".
157 * Returns the last component of the domainname.
159 const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain)
161 const char *cp0 = domain->domainname->name;
162 const char *cp1 = strrchr(cp0, ' ');
170 * tomoyo_domain_initializer_list is used for holding list of programs which
171 * triggers reinitialization of domainname. Normally, a domainname is
172 * monotonically getting longer. But sometimes, we restart daemon programs.
173 * It would be convenient for us that "a daemon started upon system boot" and
174 * "the daemon restarted from console" belong to the same domain. Thus, TOMOYO
175 * provides a way to shorten domainnames.
177 * An entry is added by
179 * # echo 'initialize_domain /usr/sbin/httpd' > \
180 * /sys/kernel/security/tomoyo/exception_policy
184 * # echo 'delete initialize_domain /usr/sbin/httpd' > \
185 * /sys/kernel/security/tomoyo/exception_policy
187 * and all entries are retrieved by
189 * # grep ^initialize_domain /sys/kernel/security/tomoyo/exception_policy
191 * In the example above, /usr/sbin/httpd will belong to
192 * "<kernel> /usr/sbin/httpd" domain.
194 * You may specify a domainname using "from" keyword.
195 * "initialize_domain /usr/sbin/httpd from <kernel> /etc/rc.d/init.d/httpd"
196 * will cause "/usr/sbin/httpd" executed from "<kernel> /etc/rc.d/init.d/httpd"
197 * domain to belong to "<kernel> /usr/sbin/httpd" domain.
199 * You may add "no_" prefix to "initialize_domain".
200 * "initialize_domain /usr/sbin/httpd" and
201 * "no_initialize_domain /usr/sbin/httpd from <kernel> /etc/rc.d/init.d/httpd"
202 * will cause "/usr/sbin/httpd" to belong to "<kernel> /usr/sbin/httpd" domain
203 * unless executed from "<kernel> /etc/rc.d/init.d/httpd" domain.
205 LIST_HEAD(tomoyo_domain_initializer_list);
207 static bool tomoyo_same_domain_initializer_entry(const struct tomoyo_acl_head *
209 const struct tomoyo_acl_head *
212 const struct tomoyo_domain_initializer_entry *p1 =
213 container_of(a, typeof(*p1), head);
214 const struct tomoyo_domain_initializer_entry *p2 =
215 container_of(b, typeof(*p2), head);
216 return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name
217 && p1->domainname == p2->domainname
218 && p1->program == p2->program;
222 * tomoyo_update_domain_initializer_entry - Update "struct tomoyo_domain_initializer_entry" list.
224 * @domainname: The name of domain. May be NULL.
225 * @program: The name of program.
226 * @is_not: True if it is "no_initialize_domain" entry.
227 * @is_delete: True if it is a delete request.
229 * Returns 0 on success, negative value otherwise.
231 * Caller holds tomoyo_read_lock().
233 static int tomoyo_update_domain_initializer_entry(const char *domainname,
236 const bool is_delete)
238 struct tomoyo_domain_initializer_entry e = { .is_not = is_not };
239 int error = is_delete ? -ENOENT : -ENOMEM;
241 if (!tomoyo_is_correct_path(program))
244 if (!tomoyo_is_domain_def(domainname) &&
245 tomoyo_is_correct_path(domainname))
246 e.is_last_name = true;
247 else if (!tomoyo_is_correct_domain(domainname))
249 e.domainname = tomoyo_get_name(domainname);
253 e.program = tomoyo_get_name(program);
256 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
257 &tomoyo_domain_initializer_list,
258 tomoyo_same_domain_initializer_entry);
260 tomoyo_put_name(e.domainname);
261 tomoyo_put_name(e.program);
266 * tomoyo_read_domain_initializer_policy - Read "struct tomoyo_domain_initializer_entry" list.
268 * @head: Pointer to "struct tomoyo_io_buffer".
270 * Returns true on success, false otherwise.
272 * Caller holds tomoyo_read_lock().
274 bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head)
276 struct list_head *pos;
279 list_for_each_cookie(pos, head->read_var2,
280 &tomoyo_domain_initializer_list) {
282 const char *from = "";
283 const char *domain = "";
284 struct tomoyo_domain_initializer_entry *ptr;
285 ptr = list_entry(pos, struct tomoyo_domain_initializer_entry,
287 if (ptr->head.is_deleted)
289 no = ptr->is_not ? "no_" : "";
290 if (ptr->domainname) {
292 domain = ptr->domainname->name;
294 done = tomoyo_io_printf(head,
295 "%s" TOMOYO_KEYWORD_INITIALIZE_DOMAIN
296 "%s%s%s\n", no, ptr->program->name,
305 * tomoyo_write_domain_initializer_policy - Write "struct tomoyo_domain_initializer_entry" list.
307 * @data: String to parse.
308 * @is_not: True if it is "no_initialize_domain" entry.
309 * @is_delete: True if it is a delete request.
311 * Returns 0 on success, negative value otherwise.
313 * Caller holds tomoyo_read_lock().
315 int tomoyo_write_domain_initializer_policy(char *data, const bool is_not,
316 const bool is_delete)
318 char *cp = strstr(data, " from ");
322 return tomoyo_update_domain_initializer_entry(cp + 6, data,
326 return tomoyo_update_domain_initializer_entry(NULL, data, is_not,
331 * tomoyo_is_domain_initializer - Check whether the given program causes domainname reinitialization.
333 * @domainname: The name of domain.
334 * @program: The name of program.
335 * @last_name: The last component of @domainname.
337 * Returns true if executing @program reinitializes domain transition,
340 * Caller holds tomoyo_read_lock().
342 static bool tomoyo_is_domain_initializer(const struct tomoyo_path_info *
344 const struct tomoyo_path_info *program,
345 const struct tomoyo_path_info *
348 struct tomoyo_domain_initializer_entry *ptr;
351 list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list,
353 if (ptr->head.is_deleted)
355 if (ptr->domainname) {
356 if (!ptr->is_last_name) {
357 if (ptr->domainname != domainname)
360 if (tomoyo_pathcmp(ptr->domainname, last_name))
364 if (tomoyo_pathcmp(ptr->program, program))
376 * tomoyo_domain_keeper_list is used for holding list of domainnames which
377 * suppresses domain transition. Normally, a domainname is monotonically
378 * getting longer. But sometimes, we want to suppress domain transition.
379 * It would be convenient for us that programs executed from a login session
380 * belong to the same domain. Thus, TOMOYO provides a way to suppress domain
383 * An entry is added by
385 * # echo 'keep_domain <kernel> /usr/sbin/sshd /bin/bash' > \
386 * /sys/kernel/security/tomoyo/exception_policy
390 * # echo 'delete keep_domain <kernel> /usr/sbin/sshd /bin/bash' > \
391 * /sys/kernel/security/tomoyo/exception_policy
393 * and all entries are retrieved by
395 * # grep ^keep_domain /sys/kernel/security/tomoyo/exception_policy
397 * In the example above, any process which belongs to
398 * "<kernel> /usr/sbin/sshd /bin/bash" domain will remain in that domain,
399 * unless explicitly specified by "initialize_domain" or "no_keep_domain".
401 * You may specify a program using "from" keyword.
402 * "keep_domain /bin/pwd from <kernel> /usr/sbin/sshd /bin/bash"
403 * will cause "/bin/pwd" executed from "<kernel> /usr/sbin/sshd /bin/bash"
404 * domain to remain in "<kernel> /usr/sbin/sshd /bin/bash" domain.
406 * You may add "no_" prefix to "keep_domain".
407 * "keep_domain <kernel> /usr/sbin/sshd /bin/bash" and
408 * "no_keep_domain /usr/bin/passwd from <kernel> /usr/sbin/sshd /bin/bash" will
409 * cause "/usr/bin/passwd" to belong to
410 * "<kernel> /usr/sbin/sshd /bin/bash /usr/bin/passwd" domain, unless
411 * explicitly specified by "initialize_domain".
413 LIST_HEAD(tomoyo_domain_keeper_list);
415 static bool tomoyo_same_domain_keeper_entry(const struct tomoyo_acl_head *a,
416 const struct tomoyo_acl_head *b)
418 const struct tomoyo_domain_keeper_entry *p1 =
419 container_of(a, typeof(*p1), head);
420 const struct tomoyo_domain_keeper_entry *p2 =
421 container_of(b, typeof(*p2), head);
422 return p1->is_not == p2->is_not && p1->is_last_name == p2->is_last_name
423 && p1->domainname == p2->domainname
424 && p1->program == p2->program;
428 * tomoyo_update_domain_keeper_entry - Update "struct tomoyo_domain_keeper_entry" list.
430 * @domainname: The name of domain.
431 * @program: The name of program. May be NULL.
432 * @is_not: True if it is "no_keep_domain" entry.
433 * @is_delete: True if it is a delete request.
435 * Returns 0 on success, negative value otherwise.
437 * Caller holds tomoyo_read_lock().
439 static int tomoyo_update_domain_keeper_entry(const char *domainname,
442 const bool is_delete)
444 struct tomoyo_domain_keeper_entry e = { .is_not = is_not };
445 int error = is_delete ? -ENOENT : -ENOMEM;
447 if (!tomoyo_is_domain_def(domainname) &&
448 tomoyo_is_correct_path(domainname))
449 e.is_last_name = true;
450 else if (!tomoyo_is_correct_domain(domainname))
453 if (!tomoyo_is_correct_path(program))
455 e.program = tomoyo_get_name(program);
459 e.domainname = tomoyo_get_name(domainname);
462 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
463 &tomoyo_domain_keeper_list,
464 tomoyo_same_domain_keeper_entry);
466 tomoyo_put_name(e.domainname);
467 tomoyo_put_name(e.program);
472 * tomoyo_write_domain_keeper_policy - Write "struct tomoyo_domain_keeper_entry" list.
474 * @data: String to parse.
475 * @is_not: True if it is "no_keep_domain" entry.
476 * @is_delete: True if it is a delete request.
478 * Caller holds tomoyo_read_lock().
480 int tomoyo_write_domain_keeper_policy(char *data, const bool is_not,
481 const bool is_delete)
483 char *cp = strstr(data, " from ");
487 return tomoyo_update_domain_keeper_entry(cp + 6, data, is_not,
490 return tomoyo_update_domain_keeper_entry(data, NULL, is_not, is_delete);
494 * tomoyo_read_domain_keeper_policy - Read "struct tomoyo_domain_keeper_entry" list.
496 * @head: Pointer to "struct tomoyo_io_buffer".
498 * Returns true on success, false otherwise.
500 * Caller holds tomoyo_read_lock().
502 bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
504 struct list_head *pos;
507 list_for_each_cookie(pos, head->read_var2,
508 &tomoyo_domain_keeper_list) {
509 struct tomoyo_domain_keeper_entry *ptr;
511 const char *from = "";
512 const char *program = "";
514 ptr = list_entry(pos, struct tomoyo_domain_keeper_entry,
516 if (ptr->head.is_deleted)
518 no = ptr->is_not ? "no_" : "";
521 program = ptr->program->name;
523 done = tomoyo_io_printf(head,
524 "%s" TOMOYO_KEYWORD_KEEP_DOMAIN
525 "%s%s%s\n", no, program, from,
526 ptr->domainname->name);
534 * tomoyo_is_domain_keeper - Check whether the given program causes domain transition suppression.
536 * @domainname: The name of domain.
537 * @program: The name of program.
538 * @last_name: The last component of @domainname.
540 * Returns true if executing @program supresses domain transition,
543 * Caller holds tomoyo_read_lock().
545 static bool tomoyo_is_domain_keeper(const struct tomoyo_path_info *domainname,
546 const struct tomoyo_path_info *program,
547 const struct tomoyo_path_info *last_name)
549 struct tomoyo_domain_keeper_entry *ptr;
552 list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, head.list) {
553 if (ptr->head.is_deleted)
555 if (!ptr->is_last_name) {
556 if (ptr->domainname != domainname)
559 if (tomoyo_pathcmp(ptr->domainname, last_name))
562 if (ptr->program && tomoyo_pathcmp(ptr->program, program))
574 * tomoyo_aggregator_list is used for holding list of rewrite table for
575 * execve() request. Some programs provides similar functionality. This keyword
576 * allows users to aggregate such programs.
578 * Entries are added by
580 * # echo 'aggregator /usr/bin/vi /./editor' > \
581 * /sys/kernel/security/tomoyo/exception_policy
582 * # echo 'aggregator /usr/bin/emacs /./editor' > \
583 * /sys/kernel/security/tomoyo/exception_policy
587 * # echo 'delete aggregator /usr/bin/vi /./editor' > \
588 * /sys/kernel/security/tomoyo/exception_policy
589 * # echo 'delete aggregator /usr/bin/emacs /./editor' > \
590 * /sys/kernel/security/tomoyo/exception_policy
592 * and all entries are retrieved by
594 * # grep ^aggregator /sys/kernel/security/tomoyo/exception_policy
596 * In the example above, if /usr/bin/vi or /usr/bin/emacs are executed,
597 * permission is checked for /./editor and domainname which the current process
598 * will belong to after execve() succeeds is calculated using /./editor .
600 LIST_HEAD(tomoyo_aggregator_list);
602 static bool tomoyo_same_aggregator_entry(const struct tomoyo_acl_head *a,
603 const struct tomoyo_acl_head *b)
605 const struct tomoyo_aggregator_entry *p1 = container_of(a, typeof(*p1),
607 const struct tomoyo_aggregator_entry *p2 = container_of(b, typeof(*p2),
609 return p1->original_name == p2->original_name &&
610 p1->aggregated_name == p2->aggregated_name;
614 * tomoyo_update_aggregator_entry - Update "struct tomoyo_aggregator_entry" list.
616 * @original_name: The original program's name.
617 * @aggregated_name: The program name to use.
618 * @is_delete: True if it is a delete request.
620 * Returns 0 on success, negative value otherwise.
622 * Caller holds tomoyo_read_lock().
624 static int tomoyo_update_aggregator_entry(const char *original_name,
625 const char *aggregated_name,
626 const bool is_delete)
628 struct tomoyo_aggregator_entry e = { };
629 int error = is_delete ? -ENOENT : -ENOMEM;
631 if (!tomoyo_is_correct_path(original_name) ||
632 !tomoyo_is_correct_path(aggregated_name))
634 e.original_name = tomoyo_get_name(original_name);
635 e.aggregated_name = tomoyo_get_name(aggregated_name);
636 if (!e.original_name || !e.aggregated_name ||
637 e.aggregated_name->is_patterned) /* No patterns allowed. */
639 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
640 &tomoyo_aggregator_list,
641 tomoyo_same_aggregator_entry);
643 tomoyo_put_name(e.original_name);
644 tomoyo_put_name(e.aggregated_name);
649 * tomoyo_read_aggregator_policy - Read "struct tomoyo_aggregator_entry" list.
651 * @head: Pointer to "struct tomoyo_io_buffer".
653 * Returns true on success, false otherwise.
655 * Caller holds tomoyo_read_lock().
657 bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head)
659 struct list_head *pos;
662 list_for_each_cookie(pos, head->read_var2, &tomoyo_aggregator_list) {
663 struct tomoyo_aggregator_entry *ptr;
665 ptr = list_entry(pos, struct tomoyo_aggregator_entry,
667 if (ptr->head.is_deleted)
669 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_AGGREGATOR
670 "%s %s\n", ptr->original_name->name,
671 ptr->aggregated_name->name);
679 * tomoyo_write_aggregator_policy - Write "struct tomoyo_aggregator_entry" list.
681 * @data: String to parse.
682 * @is_delete: True if it is a delete request.
684 * Returns 0 on success, negative value otherwise.
686 * Caller holds tomoyo_read_lock().
688 int tomoyo_write_aggregator_policy(char *data, const bool is_delete)
690 char *cp = strchr(data, ' ');
695 return tomoyo_update_aggregator_entry(data, cp, is_delete);
699 * tomoyo_alias_list is used for holding list of symlink's pathnames which are
700 * allowed to be passed to an execve() request. Normally, the domainname which
701 * the current process will belong to after execve() succeeds is calculated
702 * using dereferenced pathnames. But some programs behave differently depending
703 * on the name passed to argv[0]. For busybox, calculating domainname using
704 * dereferenced pathnames will cause all programs in the busybox to belong to
705 * the same domain. Thus, TOMOYO provides a way to allow use of symlink's
706 * pathname for checking execve()'s permission and calculating domainname which
707 * the current process will belong to after execve() succeeds.
709 * An entry is added by
711 * # echo 'alias /bin/busybox /bin/cat' > \
712 * /sys/kernel/security/tomoyo/exception_policy
716 * # echo 'delete alias /bin/busybox /bin/cat' > \
717 * /sys/kernel/security/tomoyo/exception_policy
719 * and all entries are retrieved by
721 * # grep ^alias /sys/kernel/security/tomoyo/exception_policy
723 * In the example above, if /bin/cat is a symlink to /bin/busybox and execution
724 * of /bin/cat is requested, permission is checked for /bin/cat rather than
725 * /bin/busybox and domainname which the current process will belong to after
726 * execve() succeeds is calculated using /bin/cat rather than /bin/busybox .
728 LIST_HEAD(tomoyo_alias_list);
730 static bool tomoyo_same_alias_entry(const struct tomoyo_acl_head *a,
731 const struct tomoyo_acl_head *b)
733 const struct tomoyo_alias_entry *p1 = container_of(a, typeof(*p1),
735 const struct tomoyo_alias_entry *p2 = container_of(b, typeof(*p2),
737 return p1->original_name == p2->original_name &&
738 p1->aliased_name == p2->aliased_name;
742 * tomoyo_update_alias_entry - Update "struct tomoyo_alias_entry" list.
744 * @original_name: The original program's real name.
745 * @aliased_name: The symbolic program's symbolic link's name.
746 * @is_delete: True if it is a delete request.
748 * Returns 0 on success, negative value otherwise.
750 * Caller holds tomoyo_read_lock().
752 static int tomoyo_update_alias_entry(const char *original_name,
753 const char *aliased_name,
754 const bool is_delete)
756 struct tomoyo_alias_entry e = { };
757 int error = is_delete ? -ENOENT : -ENOMEM;
759 if (!tomoyo_is_correct_path(original_name) ||
760 !tomoyo_is_correct_path(aliased_name))
762 e.original_name = tomoyo_get_name(original_name);
763 e.aliased_name = tomoyo_get_name(aliased_name);
764 if (!e.original_name || !e.aliased_name ||
765 e.original_name->is_patterned || e.aliased_name->is_patterned)
766 goto out; /* No patterns allowed. */
767 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
769 tomoyo_same_alias_entry);
771 tomoyo_put_name(e.original_name);
772 tomoyo_put_name(e.aliased_name);
777 * tomoyo_read_alias_policy - Read "struct tomoyo_alias_entry" list.
779 * @head: Pointer to "struct tomoyo_io_buffer".
781 * Returns true on success, false otherwise.
783 * Caller holds tomoyo_read_lock().
785 bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head)
787 struct list_head *pos;
790 list_for_each_cookie(pos, head->read_var2, &tomoyo_alias_list) {
791 struct tomoyo_alias_entry *ptr;
793 ptr = list_entry(pos, struct tomoyo_alias_entry, head.list);
794 if (ptr->head.is_deleted)
796 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALIAS "%s %s\n",
797 ptr->original_name->name,
798 ptr->aliased_name->name);
806 * tomoyo_write_alias_policy - Write "struct tomoyo_alias_entry" list.
808 * @data: String to parse.
809 * @is_delete: True if it is a delete request.
811 * Returns 0 on success, negative value otherwise.
813 * Caller holds tomoyo_read_lock().
815 int tomoyo_write_alias_policy(char *data, const bool is_delete)
817 char *cp = strchr(data, ' ');
822 return tomoyo_update_alias_entry(data, cp, is_delete);
826 * tomoyo_find_or_assign_new_domain - Create a domain.
828 * @domainname: The name of domain.
829 * @profile: Profile number to assign if the domain was newly created.
831 * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
833 * Caller holds tomoyo_read_lock().
835 struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
839 struct tomoyo_domain_info *entry;
840 struct tomoyo_domain_info *domain = NULL;
841 const struct tomoyo_path_info *saved_domainname;
844 if (!tomoyo_is_correct_domain(domainname))
846 saved_domainname = tomoyo_get_name(domainname);
847 if (!saved_domainname)
849 entry = kzalloc(sizeof(*entry), GFP_NOFS);
850 if (mutex_lock_interruptible(&tomoyo_policy_lock))
852 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
853 if (domain->is_deleted ||
854 tomoyo_pathcmp(saved_domainname, domain->domainname))
859 if (!found && tomoyo_memory_ok(entry)) {
860 INIT_LIST_HEAD(&entry->acl_info_list);
861 entry->domainname = saved_domainname;
862 saved_domainname = NULL;
863 entry->profile = profile;
864 list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
869 mutex_unlock(&tomoyo_policy_lock);
871 tomoyo_put_name(saved_domainname);
873 return found ? domain : NULL;
877 * tomoyo_find_next_domain - Find a domain.
879 * @bprm: Pointer to "struct linux_binprm".
881 * Returns 0 on success, negative value otherwise.
883 * Caller holds tomoyo_read_lock().
885 int tomoyo_find_next_domain(struct linux_binprm *bprm)
887 struct tomoyo_request_info r;
888 char *tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
889 struct tomoyo_domain_info *old_domain = tomoyo_domain();
890 struct tomoyo_domain_info *domain = NULL;
891 const char *old_domain_name = old_domain->domainname->name;
892 const char *original_name = bprm->filename;
895 int retval = -ENOMEM;
896 bool need_kfree = false;
897 struct tomoyo_path_info rn = { }; /* real name */
898 struct tomoyo_path_info sn = { }; /* symlink name */
899 struct tomoyo_path_info ln; /* last name */
901 ln.name = tomoyo_get_last_name(old_domain);
902 tomoyo_fill_path_info(&ln);
903 mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
904 is_enforce = (mode == TOMOYO_CONFIG_ENFORCING);
913 /* Get tomoyo_realpath of program. */
915 rn.name = tomoyo_realpath(original_name);
918 tomoyo_fill_path_info(&rn);
921 /* Get tomoyo_realpath of symbolic link. */
922 sn.name = tomoyo_realpath_nofollow(original_name);
925 tomoyo_fill_path_info(&sn);
927 /* Check 'alias' directive. */
928 if (tomoyo_pathcmp(&rn, &sn)) {
929 struct tomoyo_alias_entry *ptr;
930 /* Is this program allowed to be called via symbolic links? */
931 list_for_each_entry_rcu(ptr, &tomoyo_alias_list, head.list) {
932 if (ptr->head.is_deleted ||
933 tomoyo_pathcmp(&rn, ptr->original_name) ||
934 tomoyo_pathcmp(&sn, ptr->aliased_name))
938 /* This is OK because it is read only. */
939 rn = *ptr->aliased_name;
944 /* Check 'aggregator' directive. */
946 struct tomoyo_aggregator_entry *ptr;
947 list_for_each_entry_rcu(ptr, &tomoyo_aggregator_list,
949 if (ptr->head.is_deleted ||
950 !tomoyo_path_matches_pattern(&rn,
956 /* This is OK because it is read only. */
957 rn = *ptr->aggregated_name;
962 /* Check execute permission. */
963 retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn);
964 if (retval == TOMOYO_RETRY_REQUEST)
969 if (tomoyo_is_domain_initializer(old_domain->domainname, &rn, &ln)) {
970 /* Transit to the child of tomoyo_kernel_domain domain. */
971 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1,
972 TOMOYO_ROOT_NAME " " "%s", rn.name);
973 } else if (old_domain == &tomoyo_kernel_domain &&
974 !tomoyo_policy_loaded) {
976 * Needn't to transit from kernel domain before starting
977 * /sbin/init. But transit from kernel domain if executing
978 * initializers because they might start before /sbin/init.
981 } else if (tomoyo_is_domain_keeper(old_domain->domainname, &rn, &ln)) {
982 /* Keep current domain. */
985 /* Normal domain transition. */
986 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1,
987 "%s %s", old_domain_name, rn.name);
989 if (domain || strlen(tmp) >= TOMOYO_EXEC_TMPSIZE - 10)
991 domain = tomoyo_find_domain(tmp);
995 int error = tomoyo_supervisor(&r, "# wants to create domain\n"
997 if (error == TOMOYO_RETRY_REQUEST)
1002 domain = tomoyo_find_or_assign_new_domain(tmp, old_domain->profile);
1006 printk(KERN_WARNING "TOMOYO-ERROR: Domain '%s' not defined.\n", tmp);
1010 old_domain->transition_failed = true;
1013 domain = old_domain;
1014 /* Update reference count on "struct tomoyo_domain_info". */
1015 atomic_inc(&domain->users);
1016 bprm->cred->security = domain;
projects / firefly-linux-kernel-4.4.55.git / blob