2 * security/tomoyo/file.c
4 * Implementation of the Domain-Based Mandatory Access Control.
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
8 * Version: 2.2.0 2009/04/01
15 #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE])
17 /* Structure for "allow_read" keyword. */
18 struct tomoyo_globally_readable_file_entry {
19 struct list_head list;
20 const struct tomoyo_path_info *filename;
24 /* Structure for "file_pattern" keyword. */
25 struct tomoyo_pattern_entry {
26 struct list_head list;
27 const struct tomoyo_path_info *pattern;
31 /* Structure for "deny_rewrite" keyword. */
32 struct tomoyo_no_rewrite_entry {
33 struct list_head list;
34 const struct tomoyo_path_info *pattern;
38 /* Keyword array for single path operations. */
39 static const char *tomoyo_sp_keyword[TOMOYO_MAX_SINGLE_PATH_OPERATION] = {
40 [TOMOYO_TYPE_READ_WRITE_ACL] = "read/write",
41 [TOMOYO_TYPE_EXECUTE_ACL] = "execute",
42 [TOMOYO_TYPE_READ_ACL] = "read",
43 [TOMOYO_TYPE_WRITE_ACL] = "write",
44 [TOMOYO_TYPE_CREATE_ACL] = "create",
45 [TOMOYO_TYPE_UNLINK_ACL] = "unlink",
46 [TOMOYO_TYPE_MKDIR_ACL] = "mkdir",
47 [TOMOYO_TYPE_RMDIR_ACL] = "rmdir",
48 [TOMOYO_TYPE_MKFIFO_ACL] = "mkfifo",
49 [TOMOYO_TYPE_MKSOCK_ACL] = "mksock",
50 [TOMOYO_TYPE_MKBLOCK_ACL] = "mkblock",
51 [TOMOYO_TYPE_MKCHAR_ACL] = "mkchar",
52 [TOMOYO_TYPE_TRUNCATE_ACL] = "truncate",
53 [TOMOYO_TYPE_SYMLINK_ACL] = "symlink",
54 [TOMOYO_TYPE_REWRITE_ACL] = "rewrite",
57 /* Keyword array for double path operations. */
58 static const char *tomoyo_dp_keyword[TOMOYO_MAX_DOUBLE_PATH_OPERATION] = {
59 [TOMOYO_TYPE_LINK_ACL] = "link",
60 [TOMOYO_TYPE_RENAME_ACL] = "rename",
64 * tomoyo_sp2keyword - Get the name of single path operation.
66 * @operation: Type of operation.
68 * Returns the name of single path operation.
70 const char *tomoyo_sp2keyword(const u8 operation)
72 return (operation < TOMOYO_MAX_SINGLE_PATH_OPERATION)
73 ? tomoyo_sp_keyword[operation] : NULL;
77 * tomoyo_dp2keyword - Get the name of double path operation.
79 * @operation: Type of operation.
81 * Returns the name of double path operation.
83 const char *tomoyo_dp2keyword(const u8 operation)
85 return (operation < TOMOYO_MAX_DOUBLE_PATH_OPERATION)
86 ? tomoyo_dp_keyword[operation] : NULL;
90 * tomoyo_strendswith - Check whether the token ends with the given token.
92 * @name: The token to check.
93 * @tail: The token to find.
95 * Returns true if @name ends with @tail, false otherwise.
97 static bool tomoyo_strendswith(const char *name, const char *tail)
103 len = strlen(name) - strlen(tail);
104 return len >= 0 && !strcmp(name + len, tail);
108 * tomoyo_get_path - Get realpath.
110 * @path: Pointer to "struct path".
112 * Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise.
114 static struct tomoyo_path_info *tomoyo_get_path(struct path *path)
117 struct tomoyo_path_info_with_data *buf = tomoyo_alloc(sizeof(*buf));
121 /* Reserve one byte for appending "/". */
122 error = tomoyo_realpath_from_path2(path, buf->body,
123 sizeof(buf->body) - 2);
125 buf->head.name = buf->body;
126 tomoyo_fill_path_info(&buf->head);
133 /* Lock for domain->acl_info_list. */
134 DECLARE_RWSEM(tomoyo_domain_acl_info_list_lock);
136 static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
137 const char *filename2,
138 struct tomoyo_domain_info *
139 const domain, const bool is_delete);
140 static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
141 struct tomoyo_domain_info *
142 const domain, const bool is_delete);
144 /* The list for "struct tomoyo_globally_readable_file_entry". */
145 static LIST_HEAD(tomoyo_globally_readable_list);
146 static DECLARE_RWSEM(tomoyo_globally_readable_list_lock);
149 * tomoyo_update_globally_readable_entry - Update "struct tomoyo_globally_readable_file_entry" list.
151 * @filename: Filename unconditionally permitted to open() for reading.
152 * @is_delete: True if it is a delete request.
154 * Returns 0 on success, negative value otherwise.
156 static int tomoyo_update_globally_readable_entry(const char *filename,
157 const bool is_delete)
159 struct tomoyo_globally_readable_file_entry *new_entry;
160 struct tomoyo_globally_readable_file_entry *ptr;
161 const struct tomoyo_path_info *saved_filename;
164 if (!tomoyo_is_correct_path(filename, 1, 0, -1, __func__))
166 saved_filename = tomoyo_save_name(filename);
169 down_write(&tomoyo_globally_readable_list_lock);
170 list_for_each_entry(ptr, &tomoyo_globally_readable_list, list) {
171 if (ptr->filename != saved_filename)
173 ptr->is_deleted = is_delete;
181 new_entry = tomoyo_alloc_element(sizeof(*new_entry));
184 new_entry->filename = saved_filename;
185 list_add_tail(&new_entry->list, &tomoyo_globally_readable_list);
188 up_write(&tomoyo_globally_readable_list_lock);
193 * tomoyo_is_globally_readable_file - Check if the file is unconditionnaly permitted to be open()ed for reading.
195 * @filename: The filename to check.
197 * Returns true if any domain can open @filename for reading, false otherwise.
199 static bool tomoyo_is_globally_readable_file(const struct tomoyo_path_info *
202 struct tomoyo_globally_readable_file_entry *ptr;
204 down_read(&tomoyo_globally_readable_list_lock);
205 list_for_each_entry(ptr, &tomoyo_globally_readable_list, list) {
206 if (!ptr->is_deleted &&
207 tomoyo_path_matches_pattern(filename, ptr->filename)) {
212 up_read(&tomoyo_globally_readable_list_lock);
217 * tomoyo_write_globally_readable_policy - Write "struct tomoyo_globally_readable_file_entry" list.
219 * @data: String to parse.
220 * @is_delete: True if it is a delete request.
222 * Returns 0 on success, negative value otherwise.
224 int tomoyo_write_globally_readable_policy(char *data, const bool is_delete)
226 return tomoyo_update_globally_readable_entry(data, is_delete);
230 * tomoyo_read_globally_readable_policy - Read "struct tomoyo_globally_readable_file_entry" list.
232 * @head: Pointer to "struct tomoyo_io_buffer".
234 * Returns true on success, false otherwise.
236 bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
238 struct list_head *pos;
241 down_read(&tomoyo_globally_readable_list_lock);
242 list_for_each_cookie(pos, head->read_var2,
243 &tomoyo_globally_readable_list) {
244 struct tomoyo_globally_readable_file_entry *ptr;
245 ptr = list_entry(pos,
246 struct tomoyo_globally_readable_file_entry,
250 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALLOW_READ "%s\n",
251 ptr->filename->name);
255 up_read(&tomoyo_globally_readable_list_lock);
259 /* The list for "struct tomoyo_pattern_entry". */
260 static LIST_HEAD(tomoyo_pattern_list);
261 static DECLARE_RWSEM(tomoyo_pattern_list_lock);
264 * tomoyo_update_file_pattern_entry - Update "struct tomoyo_pattern_entry" list.
266 * @pattern: Pathname pattern.
267 * @is_delete: True if it is a delete request.
269 * Returns 0 on success, negative value otherwise.
271 static int tomoyo_update_file_pattern_entry(const char *pattern,
272 const bool is_delete)
274 struct tomoyo_pattern_entry *new_entry;
275 struct tomoyo_pattern_entry *ptr;
276 const struct tomoyo_path_info *saved_pattern;
279 if (!tomoyo_is_correct_path(pattern, 0, 1, 0, __func__))
281 saved_pattern = tomoyo_save_name(pattern);
284 down_write(&tomoyo_pattern_list_lock);
285 list_for_each_entry(ptr, &tomoyo_pattern_list, list) {
286 if (saved_pattern != ptr->pattern)
288 ptr->is_deleted = is_delete;
296 new_entry = tomoyo_alloc_element(sizeof(*new_entry));
299 new_entry->pattern = saved_pattern;
300 list_add_tail(&new_entry->list, &tomoyo_pattern_list);
303 up_write(&tomoyo_pattern_list_lock);
308 * tomoyo_get_file_pattern - Get patterned pathname.
310 * @filename: The filename to find patterned pathname.
312 * Returns pointer to pathname pattern if matched, @filename otherwise.
314 static const struct tomoyo_path_info *
315 tomoyo_get_file_pattern(const struct tomoyo_path_info *filename)
317 struct tomoyo_pattern_entry *ptr;
318 const struct tomoyo_path_info *pattern = NULL;
320 down_read(&tomoyo_pattern_list_lock);
321 list_for_each_entry(ptr, &tomoyo_pattern_list, list) {
324 if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
326 pattern = ptr->pattern;
327 if (tomoyo_strendswith(pattern->name, "/\\*")) {
328 /* Do nothing. Try to find the better match. */
330 /* This would be the better match. Use this. */
334 up_read(&tomoyo_pattern_list_lock);
341 * tomoyo_write_pattern_policy - Write "struct tomoyo_pattern_entry" list.
343 * @data: String to parse.
344 * @is_delete: True if it is a delete request.
346 * Returns 0 on success, negative value otherwise.
348 int tomoyo_write_pattern_policy(char *data, const bool is_delete)
350 return tomoyo_update_file_pattern_entry(data, is_delete);
354 * tomoyo_read_file_pattern - Read "struct tomoyo_pattern_entry" list.
356 * @head: Pointer to "struct tomoyo_io_buffer".
358 * Returns true on success, false otherwise.
360 bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
362 struct list_head *pos;
365 down_read(&tomoyo_pattern_list_lock);
366 list_for_each_cookie(pos, head->read_var2, &tomoyo_pattern_list) {
367 struct tomoyo_pattern_entry *ptr;
368 ptr = list_entry(pos, struct tomoyo_pattern_entry, list);
371 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_FILE_PATTERN
372 "%s\n", ptr->pattern->name);
376 up_read(&tomoyo_pattern_list_lock);
380 /* The list for "struct tomoyo_no_rewrite_entry". */
381 static LIST_HEAD(tomoyo_no_rewrite_list);
382 static DECLARE_RWSEM(tomoyo_no_rewrite_list_lock);
385 * tomoyo_update_no_rewrite_entry - Update "struct tomoyo_no_rewrite_entry" list.
387 * @pattern: Pathname pattern that are not rewritable by default.
388 * @is_delete: True if it is a delete request.
390 * Returns 0 on success, negative value otherwise.
392 static int tomoyo_update_no_rewrite_entry(const char *pattern,
393 const bool is_delete)
395 struct tomoyo_no_rewrite_entry *new_entry, *ptr;
396 const struct tomoyo_path_info *saved_pattern;
399 if (!tomoyo_is_correct_path(pattern, 0, 0, 0, __func__))
401 saved_pattern = tomoyo_save_name(pattern);
404 down_write(&tomoyo_no_rewrite_list_lock);
405 list_for_each_entry(ptr, &tomoyo_no_rewrite_list, list) {
406 if (ptr->pattern != saved_pattern)
408 ptr->is_deleted = is_delete;
416 new_entry = tomoyo_alloc_element(sizeof(*new_entry));
419 new_entry->pattern = saved_pattern;
420 list_add_tail(&new_entry->list, &tomoyo_no_rewrite_list);
423 up_write(&tomoyo_no_rewrite_list_lock);
428 * tomoyo_is_no_rewrite_file - Check if the given pathname is not permitted to be rewrited.
430 * @filename: Filename to check.
432 * Returns true if @filename is specified by "deny_rewrite" directive,
435 static bool tomoyo_is_no_rewrite_file(const struct tomoyo_path_info *filename)
437 struct tomoyo_no_rewrite_entry *ptr;
440 down_read(&tomoyo_no_rewrite_list_lock);
441 list_for_each_entry(ptr, &tomoyo_no_rewrite_list, list) {
444 if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
449 up_read(&tomoyo_no_rewrite_list_lock);
454 * tomoyo_write_no_rewrite_policy - Write "struct tomoyo_no_rewrite_entry" list.
456 * @data: String to parse.
457 * @is_delete: True if it is a delete request.
459 * Returns 0 on success, negative value otherwise.
461 int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete)
463 return tomoyo_update_no_rewrite_entry(data, is_delete);
467 * tomoyo_read_no_rewrite_policy - Read "struct tomoyo_no_rewrite_entry" list.
469 * @head: Pointer to "struct tomoyo_io_buffer".
471 * Returns true on success, false otherwise.
473 bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
475 struct list_head *pos;
478 down_read(&tomoyo_no_rewrite_list_lock);
479 list_for_each_cookie(pos, head->read_var2, &tomoyo_no_rewrite_list) {
480 struct tomoyo_no_rewrite_entry *ptr;
481 ptr = list_entry(pos, struct tomoyo_no_rewrite_entry, list);
484 done = tomoyo_io_printf(head, TOMOYO_KEYWORD_DENY_REWRITE
485 "%s\n", ptr->pattern->name);
489 up_read(&tomoyo_no_rewrite_list_lock);
494 * tomoyo_update_file_acl - Update file's read/write/execute ACL.
496 * @filename: Filename.
497 * @perm: Permission (between 1 to 7).
498 * @domain: Pointer to "struct tomoyo_domain_info".
499 * @is_delete: True if it is a delete request.
501 * Returns 0 on success, negative value otherwise.
503 * This is legacy support interface for older policy syntax.
504 * Current policy syntax uses "allow_read/write" instead of "6",
505 * "allow_read" instead of "4", "allow_write" instead of "2",
506 * "allow_execute" instead of "1".
508 static int tomoyo_update_file_acl(const char *filename, u8 perm,
509 struct tomoyo_domain_info * const domain,
510 const bool is_delete)
512 if (perm > 7 || !perm) {
513 printk(KERN_DEBUG "%s: Invalid permission '%d %s'\n",
514 __func__, perm, filename);
517 if (filename[0] != '@' && tomoyo_strendswith(filename, "/"))
519 * Only 'allow_mkdir' and 'allow_rmdir' are valid for
520 * directory permissions.
524 tomoyo_update_single_path_acl(TOMOYO_TYPE_READ_ACL, filename,
527 tomoyo_update_single_path_acl(TOMOYO_TYPE_WRITE_ACL, filename,
530 tomoyo_update_single_path_acl(TOMOYO_TYPE_EXECUTE_ACL,
531 filename, domain, is_delete);
536 * tomoyo_check_single_path_acl2 - Check permission for single path operation.
538 * @domain: Pointer to "struct tomoyo_domain_info".
539 * @filename: Filename to check.
541 * @may_use_pattern: True if patterned ACL is permitted.
543 * Returns 0 on success, -EPERM otherwise.
545 static int tomoyo_check_single_path_acl2(const struct tomoyo_domain_info *
547 const struct tomoyo_path_info *
550 const bool may_use_pattern)
552 struct tomoyo_acl_info *ptr;
555 down_read(&tomoyo_domain_acl_info_list_lock);
556 list_for_each_entry(ptr, &domain->acl_info_list, list) {
557 struct tomoyo_single_path_acl_record *acl;
558 if (tomoyo_acl_type2(ptr) != TOMOYO_TYPE_SINGLE_PATH_ACL)
560 acl = container_of(ptr, struct tomoyo_single_path_acl_record,
562 if (!(acl->perm & perm))
564 if (may_use_pattern || !acl->filename->is_patterned) {
565 if (!tomoyo_path_matches_pattern(filename,
574 up_read(&tomoyo_domain_acl_info_list_lock);
579 * tomoyo_check_file_acl - Check permission for opening files.
581 * @domain: Pointer to "struct tomoyo_domain_info".
582 * @filename: Filename to check.
583 * @operation: Mode ("read" or "write" or "read/write" or "execute").
585 * Returns 0 on success, -EPERM otherwise.
587 static int tomoyo_check_file_acl(const struct tomoyo_domain_info *domain,
588 const struct tomoyo_path_info *filename,
593 if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE))
596 perm = 1 << TOMOYO_TYPE_READ_WRITE_ACL;
597 else if (operation == 4)
598 perm = 1 << TOMOYO_TYPE_READ_ACL;
599 else if (operation == 2)
600 perm = 1 << TOMOYO_TYPE_WRITE_ACL;
601 else if (operation == 1)
602 perm = 1 << TOMOYO_TYPE_EXECUTE_ACL;
605 return tomoyo_check_single_path_acl2(domain, filename, perm,
610 * tomoyo_check_file_perm2 - Check permission for opening files.
612 * @domain: Pointer to "struct tomoyo_domain_info".
613 * @filename: Filename to check.
614 * @perm: Mode ("read" or "write" or "read/write" or "execute").
615 * @operation: Operation name passed used for verbose mode.
616 * @mode: Access control mode.
618 * Returns 0 on success, negative value otherwise.
620 static int tomoyo_check_file_perm2(struct tomoyo_domain_info * const domain,
621 const struct tomoyo_path_info *filename,
622 const u8 perm, const char *operation,
625 const bool is_enforce = (mode == 3);
626 const char *msg = "<unknown>";
631 error = tomoyo_check_file_acl(domain, filename, perm);
632 if (error && perm == 4 &&
633 (domain->flags & TOMOYO_DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_READ) == 0
634 && tomoyo_is_globally_readable_file(filename))
637 msg = tomoyo_sp2keyword(TOMOYO_TYPE_READ_WRITE_ACL);
639 msg = tomoyo_sp2keyword(TOMOYO_TYPE_READ_ACL);
641 msg = tomoyo_sp2keyword(TOMOYO_TYPE_WRITE_ACL);
643 msg = tomoyo_sp2keyword(TOMOYO_TYPE_EXECUTE_ACL);
648 if (tomoyo_verbose_mode(domain))
649 printk(KERN_WARNING "TOMOYO-%s: Access '%s(%s) %s' denied "
650 "for %s\n", tomoyo_get_msg(is_enforce), msg, operation,
651 filename->name, tomoyo_get_last_name(domain));
654 if (mode == 1 && tomoyo_domain_quota_is_ok(domain)) {
655 /* Don't use patterns for execute permission. */
656 const struct tomoyo_path_info *patterned_file = (perm != 1) ?
657 tomoyo_get_file_pattern(filename) : filename;
658 tomoyo_update_file_acl(patterned_file->name, perm,
665 * tomoyo_write_file_policy - Update file related list.
667 * @data: String to parse.
668 * @domain: Pointer to "struct tomoyo_domain_info".
669 * @is_delete: True if it is a delete request.
671 * Returns 0 on success, negative value otherwise.
673 int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain,
674 const bool is_delete)
676 char *filename = strchr(data, ' ');
684 if (sscanf(data, "%u", &perm) == 1)
685 return tomoyo_update_file_acl(filename, (u8) perm, domain,
687 if (strncmp(data, "allow_", 6))
690 for (type = 0; type < TOMOYO_MAX_SINGLE_PATH_OPERATION; type++) {
691 if (strcmp(data, tomoyo_sp_keyword[type]))
693 return tomoyo_update_single_path_acl(type, filename,
696 filename2 = strchr(filename, ' ');
700 for (type = 0; type < TOMOYO_MAX_DOUBLE_PATH_OPERATION; type++) {
701 if (strcmp(data, tomoyo_dp_keyword[type]))
703 return tomoyo_update_double_path_acl(type, filename, filename2,
711 * tomoyo_update_single_path_acl - Update "struct tomoyo_single_path_acl_record" list.
713 * @type: Type of operation.
714 * @filename: Filename.
715 * @domain: Pointer to "struct tomoyo_domain_info".
716 * @is_delete: True if it is a delete request.
718 * Returns 0 on success, negative value otherwise.
720 static int tomoyo_update_single_path_acl(const u8 type, const char *filename,
721 struct tomoyo_domain_info *
722 const domain, const bool is_delete)
724 static const u16 rw_mask =
725 (1 << TOMOYO_TYPE_READ_ACL) | (1 << TOMOYO_TYPE_WRITE_ACL);
726 const struct tomoyo_path_info *saved_filename;
727 struct tomoyo_acl_info *ptr;
728 struct tomoyo_single_path_acl_record *acl;
730 const u16 perm = 1 << type;
734 if (!tomoyo_is_correct_path(filename, 0, 0, 0, __func__))
736 saved_filename = tomoyo_save_name(filename);
739 down_write(&tomoyo_domain_acl_info_list_lock);
742 list_for_each_entry(ptr, &domain->acl_info_list, list) {
743 if (tomoyo_acl_type1(ptr) != TOMOYO_TYPE_SINGLE_PATH_ACL)
745 acl = container_of(ptr, struct tomoyo_single_path_acl_record,
747 if (acl->filename != saved_filename)
749 /* Special case. Clear all bits if marked as deleted. */
750 if (ptr->type & TOMOYO_ACL_DELETED)
753 if ((acl->perm & rw_mask) == rw_mask)
754 acl->perm |= 1 << TOMOYO_TYPE_READ_WRITE_ACL;
755 else if (acl->perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL))
756 acl->perm |= rw_mask;
757 ptr->type &= ~TOMOYO_ACL_DELETED;
761 /* Not found. Append it to the tail. */
762 acl = tomoyo_alloc_acl_element(TOMOYO_TYPE_SINGLE_PATH_ACL);
766 if (perm == (1 << TOMOYO_TYPE_READ_WRITE_ACL))
767 acl->perm |= rw_mask;
768 acl->filename = saved_filename;
769 list_add_tail(&acl->head.list, &domain->acl_info_list);
774 list_for_each_entry(ptr, &domain->acl_info_list, list) {
775 if (tomoyo_acl_type2(ptr) != TOMOYO_TYPE_SINGLE_PATH_ACL)
777 acl = container_of(ptr, struct tomoyo_single_path_acl_record,
779 if (acl->filename != saved_filename)
782 if ((acl->perm & rw_mask) != rw_mask)
783 acl->perm &= ~(1 << TOMOYO_TYPE_READ_WRITE_ACL);
784 else if (!(acl->perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL)))
785 acl->perm &= ~rw_mask;
787 ptr->type |= TOMOYO_ACL_DELETED;
792 up_write(&tomoyo_domain_acl_info_list_lock);
797 * tomoyo_update_double_path_acl - Update "struct tomoyo_double_path_acl_record" list.
799 * @type: Type of operation.
800 * @filename1: First filename.
801 * @filename2: Second filename.
802 * @domain: Pointer to "struct tomoyo_domain_info".
803 * @is_delete: True if it is a delete request.
805 * Returns 0 on success, negative value otherwise.
807 static int tomoyo_update_double_path_acl(const u8 type, const char *filename1,
808 const char *filename2,
809 struct tomoyo_domain_info *
810 const domain, const bool is_delete)
812 const struct tomoyo_path_info *saved_filename1;
813 const struct tomoyo_path_info *saved_filename2;
814 struct tomoyo_acl_info *ptr;
815 struct tomoyo_double_path_acl_record *acl;
817 const u8 perm = 1 << type;
821 if (!tomoyo_is_correct_path(filename1, 0, 0, 0, __func__) ||
822 !tomoyo_is_correct_path(filename2, 0, 0, 0, __func__))
824 saved_filename1 = tomoyo_save_name(filename1);
825 saved_filename2 = tomoyo_save_name(filename2);
826 if (!saved_filename1 || !saved_filename2)
828 down_write(&tomoyo_domain_acl_info_list_lock);
831 list_for_each_entry(ptr, &domain->acl_info_list, list) {
832 if (tomoyo_acl_type1(ptr) != TOMOYO_TYPE_DOUBLE_PATH_ACL)
834 acl = container_of(ptr, struct tomoyo_double_path_acl_record,
836 if (acl->filename1 != saved_filename1 ||
837 acl->filename2 != saved_filename2)
839 /* Special case. Clear all bits if marked as deleted. */
840 if (ptr->type & TOMOYO_ACL_DELETED)
843 ptr->type &= ~TOMOYO_ACL_DELETED;
847 /* Not found. Append it to the tail. */
848 acl = tomoyo_alloc_acl_element(TOMOYO_TYPE_DOUBLE_PATH_ACL);
852 acl->filename1 = saved_filename1;
853 acl->filename2 = saved_filename2;
854 list_add_tail(&acl->head.list, &domain->acl_info_list);
859 list_for_each_entry(ptr, &domain->acl_info_list, list) {
860 if (tomoyo_acl_type2(ptr) != TOMOYO_TYPE_DOUBLE_PATH_ACL)
862 acl = container_of(ptr, struct tomoyo_double_path_acl_record,
864 if (acl->filename1 != saved_filename1 ||
865 acl->filename2 != saved_filename2)
869 ptr->type |= TOMOYO_ACL_DELETED;
874 up_write(&tomoyo_domain_acl_info_list_lock);
879 * tomoyo_check_single_path_acl - Check permission for single path operation.
881 * @domain: Pointer to "struct tomoyo_domain_info".
882 * @type: Type of operation.
883 * @filename: Filename to check.
885 * Returns 0 on success, negative value otherwise.
887 static int tomoyo_check_single_path_acl(struct tomoyo_domain_info *domain,
889 const struct tomoyo_path_info *filename)
891 if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE))
893 return tomoyo_check_single_path_acl2(domain, filename, 1 << type, 1);
897 * tomoyo_check_double_path_acl - Check permission for double path operation.
899 * @domain: Pointer to "struct tomoyo_domain_info".
900 * @type: Type of operation.
901 * @filename1: First filename to check.
902 * @filename2: Second filename to check.
904 * Returns 0 on success, -EPERM otherwise.
906 static int tomoyo_check_double_path_acl(const struct tomoyo_domain_info *domain,
908 const struct tomoyo_path_info *
910 const struct tomoyo_path_info *
913 struct tomoyo_acl_info *ptr;
914 const u8 perm = 1 << type;
917 if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE))
919 down_read(&tomoyo_domain_acl_info_list_lock);
920 list_for_each_entry(ptr, &domain->acl_info_list, list) {
921 struct tomoyo_double_path_acl_record *acl;
922 if (tomoyo_acl_type2(ptr) != TOMOYO_TYPE_DOUBLE_PATH_ACL)
924 acl = container_of(ptr, struct tomoyo_double_path_acl_record,
926 if (!(acl->perm & perm))
928 if (!tomoyo_path_matches_pattern(filename1, acl->filename1))
930 if (!tomoyo_path_matches_pattern(filename2, acl->filename2))
935 up_read(&tomoyo_domain_acl_info_list_lock);
940 * tomoyo_check_single_path_permission2 - Check permission for single path operation.
942 * @domain: Pointer to "struct tomoyo_domain_info".
943 * @operation: Type of operation.
944 * @filename: Filename to check.
945 * @mode: Access control mode.
947 * Returns 0 on success, negative value otherwise.
949 static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info *
950 const domain, u8 operation,
951 const struct tomoyo_path_info *
952 filename, const u8 mode)
956 const bool is_enforce = (mode == 3);
961 error = tomoyo_check_single_path_acl(domain, operation, filename);
962 msg = tomoyo_sp2keyword(operation);
965 if (tomoyo_verbose_mode(domain))
966 printk(KERN_WARNING "TOMOYO-%s: Access '%s %s' denied for %s\n",
967 tomoyo_get_msg(is_enforce), msg, filename->name,
968 tomoyo_get_last_name(domain));
969 if (mode == 1 && tomoyo_domain_quota_is_ok(domain)) {
970 const char *name = tomoyo_get_file_pattern(filename)->name;
971 tomoyo_update_single_path_acl(operation, name, domain, false);
977 * Since "allow_truncate" doesn't imply "allow_rewrite" permission,
978 * we need to check "allow_rewrite" permission if the filename is
979 * specified by "deny_rewrite" keyword.
981 if (!error && operation == TOMOYO_TYPE_TRUNCATE_ACL &&
982 tomoyo_is_no_rewrite_file(filename)) {
983 operation = TOMOYO_TYPE_REWRITE_ACL;
990 * tomoyo_check_file_perm - Check permission for sysctl()'s "read" and "write".
992 * @domain: Pointer to "struct tomoyo_domain_info".
993 * @filename: Filename to check.
994 * @perm: Mode ("read" or "write" or "read/write").
995 * Returns 0 on success, negative value otherwise.
997 int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
998 const char *filename, const u8 perm)
1000 struct tomoyo_path_info name;
1001 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1005 name.name = filename;
1006 tomoyo_fill_path_info(&name);
1007 return tomoyo_check_file_perm2(domain, &name, perm, "sysctl", mode);
1011 * tomoyo_check_exec_perm - Check permission for "execute".
1013 * @domain: Pointer to "struct tomoyo_domain_info".
1014 * @filename: Check permission for "execute".
1015 * @tmp: Buffer for temporary use.
1017 * Returns 0 on success, negativevalue otherwise.
1019 int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
1020 const struct tomoyo_path_info *filename,
1021 struct tomoyo_page_buffer *tmp)
1023 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1027 return tomoyo_check_file_perm2(domain, filename, 1, "do_execve", mode);
1031 * tomoyo_check_open_permission - Check permission for "read" and "write".
1033 * @domain: Pointer to "struct tomoyo_domain_info".
1034 * @path: Pointer to "struct path".
1035 * @flag: Flags for open().
1037 * Returns 0 on success, negative value otherwise.
1039 int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
1040 struct path *path, const int flag)
1042 const u8 acc_mode = ACC_MODE(flag);
1043 int error = -ENOMEM;
1044 struct tomoyo_path_info *buf;
1045 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1046 const bool is_enforce = (mode == 3);
1048 if (!mode || !path->mnt)
1052 if (path->dentry->d_inode && S_ISDIR(path->dentry->d_inode->i_mode))
1054 * I don't check directories here because mkdir() and rmdir()
1058 buf = tomoyo_get_path(path);
1063 * If the filename is specified by "deny_rewrite" keyword,
1064 * we need to check "allow_rewrite" permission when the filename is not
1065 * opened for append mode or the filename is truncated at open time.
1067 if ((acc_mode & MAY_WRITE) &&
1068 ((flag & O_TRUNC) || !(flag & O_APPEND)) &&
1069 (tomoyo_is_no_rewrite_file(buf))) {
1070 error = tomoyo_check_single_path_permission2(domain,
1071 TOMOYO_TYPE_REWRITE_ACL,
1075 error = tomoyo_check_file_perm2(domain, buf, acc_mode, "open",
1077 if (!error && (flag & O_TRUNC))
1078 error = tomoyo_check_single_path_permission2(domain,
1079 TOMOYO_TYPE_TRUNCATE_ACL,
1089 * tomoyo_check_1path_perm - Check permission for "create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock", "mkblock", "mkchar", "truncate" and "symlink".
1091 * @domain: Pointer to "struct tomoyo_domain_info".
1092 * @operation: Type of operation.
1093 * @path: Pointer to "struct path".
1095 * Returns 0 on success, negative value otherwise.
1097 int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
1098 const u8 operation, struct path *path)
1100 int error = -ENOMEM;
1101 struct tomoyo_path_info *buf;
1102 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1103 const bool is_enforce = (mode == 3);
1105 if (!mode || !path->mnt)
1107 buf = tomoyo_get_path(path);
1110 switch (operation) {
1111 case TOMOYO_TYPE_MKDIR_ACL:
1112 case TOMOYO_TYPE_RMDIR_ACL:
1115 * tomoyo_get_path() reserves space for appending "/."
1117 strcat((char *) buf->name, "/");
1118 tomoyo_fill_path_info(buf);
1121 error = tomoyo_check_single_path_permission2(domain, operation, buf,
1131 * tomoyo_check_rewrite_permission - Check permission for "rewrite".
1133 * @domain: Pointer to "struct tomoyo_domain_info".
1134 * @filp: Pointer to "struct file".
1136 * Returns 0 on success, negative value otherwise.
1138 int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
1141 int error = -ENOMEM;
1142 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1143 const bool is_enforce = (mode == 3);
1144 struct tomoyo_path_info *buf;
1146 if (!mode || !filp->f_path.mnt)
1148 buf = tomoyo_get_path(&filp->f_path);
1151 if (!tomoyo_is_no_rewrite_file(buf)) {
1155 error = tomoyo_check_single_path_permission2(domain,
1156 TOMOYO_TYPE_REWRITE_ACL,
1166 * tomoyo_check_2path_perm - Check permission for "rename" and "link".
1168 * @domain: Pointer to "struct tomoyo_domain_info".
1169 * @operation: Type of operation.
1170 * @path1: Pointer to "struct path".
1171 * @path2: Pointer to "struct path".
1173 * Returns 0 on success, negative value otherwise.
1175 int tomoyo_check_2path_perm(struct tomoyo_domain_info * const domain,
1176 const u8 operation, struct path *path1,
1179 int error = -ENOMEM;
1180 struct tomoyo_path_info *buf1, *buf2;
1181 const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1182 const bool is_enforce = (mode == 3);
1185 if (!mode || !path1->mnt || !path2->mnt)
1187 buf1 = tomoyo_get_path(path1);
1188 buf2 = tomoyo_get_path(path2);
1192 struct dentry *dentry = path1->dentry;
1193 if (dentry->d_inode && S_ISDIR(dentry->d_inode->i_mode)) {
1195 * tomoyo_get_path() reserves space for appending "/."
1197 if (!buf1->is_dir) {
1198 strcat((char *) buf1->name, "/");
1199 tomoyo_fill_path_info(buf1);
1201 if (!buf2->is_dir) {
1202 strcat((char *) buf2->name, "/");
1203 tomoyo_fill_path_info(buf2);
1207 error = tomoyo_check_double_path_acl(domain, operation, buf1, buf2);
1208 msg = tomoyo_dp2keyword(operation);
1211 if (tomoyo_verbose_mode(domain))
1212 printk(KERN_WARNING "TOMOYO-%s: Access '%s %s %s' "
1213 "denied for %s\n", tomoyo_get_msg(is_enforce),
1214 msg, buf1->name, buf2->name,
1215 tomoyo_get_last_name(domain));
1216 if (mode == 1 && tomoyo_domain_quota_is_ok(domain)) {
1217 const char *name1 = tomoyo_get_file_pattern(buf1)->name;
1218 const char *name2 = tomoyo_get_file_pattern(buf2)->name;
1219 tomoyo_update_double_path_acl(operation, name1, name2, domain,
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob