-15

security/tomoyo/Kconfig

reviewed

··· 13 13 found at <https://tomoyo.sourceforge.net/>. 14 14 If you are unsure how to answer this question, answer N. 15 15 16 16 - config SECURITY_TOMOYO_LKM 17 17 - bool "Cut out most of TOMOYO's code to a loadable kernel module" 18 18 - default n 19 19 - depends on SECURITY_TOMOYO 20 20 - depends on MODULES 21 21 - help 22 22 - Say Y here if you want to include TOMOYO without bloating 23 23 - vmlinux file. If you say Y, most of TOMOYO code is cut out to 24 24 - a loadable kernel module named tomoyo.ko . This option will be 25 25 - useful for kernels built by Linux distributors where TOMOYO is 26 26 - included but TOMOYO is not enabled by default. Please be sure 27 27 - to explicitly load tomoyo.ko if you want to activate TOMOYO 28 28 - without calling userspace policy loader, for tomoyo.ko is 29 29 - loaded immediately before calling userspace policy loader. 30 30 - 31 16 config SECURITY_TOMOYO_MAX_ACCEPT_ENTRY 32 17 int "Default maximal count for learning mode" 33 18 default 2048

+1 -7

security/tomoyo/Makefile

reviewed

··· 1 1 # SPDX-License-Identifier: GPL-2.0 2 2 - tomoyo-objs := audit.o common.o condition.o domain.o environ.o file.o gc.o group.o memory.o mount.o network.o proxy.o realpath.o securityfs_if.o util.o 3 3 - obj-y += init.o load_policy.o 4 4 - ifdef CONFIG_SECURITY_TOMOYO_LKM 5 5 - obj-m += tomoyo.o 6 6 - else 7 7 - obj-y += tomoyo.o 8 8 - endif 2 2 + obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o 9 3 10 4 targets += builtin-policy.h 11 5

+2 -12

security/tomoyo/common.c

reviewed

··· 998 998 p = find_task_by_pid_ns(pid, &init_pid_ns); 999 999 else 1000 1000 p = find_task_by_vpid(pid); 1001 1001 - if (p) { 1001 1001 + if (p) 1002 1002 domain = tomoyo_task(p)->domain_info; 1003 1003 - #ifdef CONFIG_SECURITY_TOMOYO_LKM 1004 1004 - if (!domain) 1005 1005 - domain = &tomoyo_kernel_domain; 1006 1006 - #endif 1007 1007 - } 1008 1003 rcu_read_unlock(); 1009 1004 } else if (!strncmp(data, "domain=", 7)) { 1010 1005 if (tomoyo_domain_def(data + 7)) ··· 1710 1715 p = find_task_by_pid_ns(pid, &init_pid_ns); 1711 1716 else 1712 1717 p = find_task_by_vpid(pid); 1713 1713 - if (p) { 1718 1718 + if (p) 1714 1719 domain = tomoyo_task(p)->domain_info; 1715 1715 - #ifdef CONFIG_SECURITY_TOMOYO_LKM 1716 1716 - if (!domain) 1717 1717 - domain = &tomoyo_kernel_domain; 1718 1718 - #endif 1719 1719 - } 1720 1720 rcu_read_unlock(); 1721 1721 if (!domain) 1722 1722 return;

-72

security/tomoyo/common.h

reviewed

··· 978 978 int tomoyo_init_request_info(struct tomoyo_request_info *r, 979 979 struct tomoyo_domain_info *domain, 980 980 const u8 index); 981 981 - int __init tomoyo_interface_init(void); 982 981 int tomoyo_mkdev_perm(const u8 operation, const struct path *path, 983 982 const unsigned int mode, unsigned int dev); 984 983 int tomoyo_mount_permission(const char *dev_name, const struct path *path, ··· 1214 1215 * 1215 1216 * Returns pointer to "struct tomoyo_task" for specified thread. 1216 1217 */ 1217 1217 - #ifdef CONFIG_SECURITY_TOMOYO_LKM 1218 1218 - extern struct tomoyo_task *tomoyo_task(struct task_struct *task); 1219 1219 - #else 1220 1218 static inline struct tomoyo_task *tomoyo_task(struct task_struct *task) 1221 1219 { 1222 1220 return task->security + tomoyo_blob_sizes.lbs_task; 1223 1221 } 1224 1224 - #endif 1225 1222 1226 1223 /** 1227 1224 * tomoyo_same_name_union - Check for duplicated "struct tomoyo_name_union" entry. ··· 1283 1288 if (!pos) \ 1284 1289 pos = srcu_dereference((head)->next, &tomoyo_ss); \ 1285 1290 for ( ; pos != (head); pos = srcu_dereference(pos->next, &tomoyo_ss)) 1286 1286 - 1287 1287 - #ifdef CONFIG_SECURITY_TOMOYO_LKM 1288 1288 - 1289 1289 - #define LSM_HOOK(RET, DEFAULT, NAME, ...) typedef RET (NAME##_t)(__VA_ARGS__); 1290 1290 - #include <linux/lsm_hook_defs.h> 1291 1291 - #undef LSM_HOOK 1292 1292 - 1293 1293 - struct tomoyo_hooks { 1294 1294 - cred_prepare_t *cred_prepare; 1295 1295 - bprm_committed_creds_t *bprm_committed_creds; 1296 1296 - task_alloc_t *task_alloc; 1297 1297 - task_free_t *task_free; 1298 1298 - bprm_check_security_t *bprm_check_security; 1299 1299 - file_fcntl_t *file_fcntl; 1300 1300 - file_open_t *file_open; 1301 1301 - file_truncate_t *file_truncate; 1302 1302 - path_truncate_t *path_truncate; 1303 1303 - path_unlink_t *path_unlink; 1304 1304 - path_mkdir_t *path_mkdir; 1305 1305 - path_rmdir_t *path_rmdir; 1306 1306 - path_symlink_t *path_symlink; 1307 1307 - path_mknod_t *path_mknod; 1308 1308 - path_link_t *path_link; 1309 1309 - path_rename_t *path_rename; 1310 1310 - inode_getattr_t *inode_getattr; 1311 1311 - file_ioctl_t *file_ioctl; 1312 1312 - file_ioctl_compat_t *file_ioctl_compat; 1313 1313 - path_chmod_t *path_chmod; 1314 1314 - path_chown_t *path_chown; 1315 1315 - path_chroot_t *path_chroot; 1316 1316 - sb_mount_t *sb_mount; 1317 1317 - sb_umount_t *sb_umount; 1318 1318 - sb_pivotroot_t *sb_pivotroot; 1319 1319 - socket_bind_t *socket_bind; 1320 1320 - socket_connect_t *socket_connect; 1321 1321 - socket_listen_t *socket_listen; 1322 1322 - socket_sendmsg_t *socket_sendmsg; 1323 1323 - }; 1324 1324 - 1325 1325 - extern void tomoyo_register_hooks(const struct tomoyo_hooks *tomoyo_hooks); 1326 1326 - 1327 1327 - struct tomoyo_operations { 1328 1328 - void (*check_profile)(void); 1329 1329 - int enabled; 1330 1330 - }; 1331 1331 - 1332 1332 - extern struct tomoyo_operations tomoyo_ops; 1333 1333 - 1334 1334 - /* 1335 1335 - * Temporary hack: functions needed by tomoyo.ko . This will be removed 1336 1336 - * after all functions are marked as EXPORT_STMBOL_GPL(). 1337 1337 - */ 1338 1338 - struct tomoyo_tmp_exports { 1339 1339 - struct task_struct * (*find_task_by_vpid)(pid_t nr); 1340 1340 - struct task_struct * (*find_task_by_pid_ns)(pid_t nr, struct pid_namespace *ns); 1341 1341 - void (*put_filesystem)(struct file_system_type *fs); 1342 1342 - struct file * (*get_mm_exe_file)(struct mm_struct *mm); 1343 1343 - char * (*d_absolute_path)(const struct path *path, char *buf, int buflen); 1344 1344 - }; 1345 1345 - extern const struct tomoyo_tmp_exports tomoyo_tmp_exports; 1346 1346 - #define find_task_by_vpid tomoyo_tmp_exports.find_task_by_vpid 1347 1347 - #define find_task_by_pid_ns tomoyo_tmp_exports.find_task_by_pid_ns 1348 1348 - #define put_filesystem tomoyo_tmp_exports.put_filesystem 1349 1349 - #define get_mm_exe_file tomoyo_tmp_exports.get_mm_exe_file 1350 1350 - #define d_absolute_path tomoyo_tmp_exports.d_absolute_path 1351 1351 - 1352 1352 - #endif /* defined(CONFIG_SECURITY_TOMOYO_LKM) */ 1353 1291 1354 1292 #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */

-3

security/tomoyo/gc.c

reviewed

··· 9 9 #include <linux/kthread.h> 10 10 #include <linux/slab.h> 11 11 12 12 - /* Lock for GC. */ 13 13 - DEFINE_SRCU(tomoyo_ss); 14 14 - 15 12 /** 16 13 * tomoyo_memory_free - Free memory for elements. 17 14 *

+109 -1

security/tomoyo/hooks.h security/tomoyo/tomoyo.c

reviewed

··· 1 1 // SPDX-License-Identifier: GPL-2.0 2 2 /* 3 3 - * security/tomoyo/hooks.h 3 3 + * security/tomoyo/tomoyo.c 4 4 * 5 5 * Copyright (C) 2005-2011 NTT DATA CORPORATION 6 6 */ 7 7 8 8 + #include <linux/lsm_hooks.h> 9 9 + #include <uapi/linux/lsm.h> 8 10 #include "common.h" 9 11 10 12 /** ··· 18 16 { 19 17 struct tomoyo_task *s = tomoyo_task(current); 20 18 19 19 + if (s->old_domain_info && !current->in_execve) { 20 20 + atomic_dec(&s->old_domain_info->users); 21 21 + s->old_domain_info = NULL; 22 22 + } 21 23 return s->domain_info; 22 24 } 23 25 ··· 61 55 atomic_dec(&s->old_domain_info->users); 62 56 s->old_domain_info = NULL; 63 57 } 58 58 + 59 59 + #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 60 60 + /** 61 61 + * tomoyo_bprm_creds_for_exec - Target for security_bprm_creds_for_exec(). 62 62 + * 63 63 + * @bprm: Pointer to "struct linux_binprm". 64 64 + * 65 65 + * Returns 0. 66 66 + */ 67 67 + static int tomoyo_bprm_creds_for_exec(struct linux_binprm *bprm) 68 68 + { 69 69 + /* 70 70 + * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested 71 71 + * for the first time. 72 72 + */ 73 73 + if (!tomoyo_policy_loaded) 74 74 + tomoyo_load_policy(bprm->filename); 75 75 + return 0; 76 76 + } 77 77 + #endif 64 78 65 79 /** 66 80 * tomoyo_bprm_check_security - Target for security_bprm_check(). ··· 501 475 return tomoyo_socket_sendmsg_permission(sock, msg, size); 502 476 } 503 477 478 478 + struct lsm_blob_sizes tomoyo_blob_sizes __ro_after_init = { 479 479 + .lbs_task = sizeof(struct tomoyo_task), 480 480 + }; 481 481 + 504 482 /** 505 483 * tomoyo_task_alloc - Target for security_task_alloc(). 506 484 * ··· 543 513 s->old_domain_info = NULL; 544 514 } 545 515 } 516 516 + 517 517 + static const struct lsm_id tomoyo_lsmid = { 518 518 + .name = "tomoyo", 519 519 + .id = LSM_ID_TOMOYO, 520 520 + }; 521 521 + 522 522 + /* 523 523 + * tomoyo_security_ops is a "struct security_operations" which is used for 524 524 + * registering TOMOYO. 525 525 + */ 526 526 + static struct security_hook_list tomoyo_hooks[] __ro_after_init = { 527 527 + LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare), 528 528 + LSM_HOOK_INIT(bprm_committed_creds, tomoyo_bprm_committed_creds), 529 529 + LSM_HOOK_INIT(task_alloc, tomoyo_task_alloc), 530 530 + LSM_HOOK_INIT(task_free, tomoyo_task_free), 531 531 + #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 532 532 + LSM_HOOK_INIT(bprm_creds_for_exec, tomoyo_bprm_creds_for_exec), 533 533 + #endif 534 534 + LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security), 535 535 + LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl), 536 536 + LSM_HOOK_INIT(file_open, tomoyo_file_open), 537 537 + LSM_HOOK_INIT(file_truncate, tomoyo_file_truncate), 538 538 + LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate), 539 539 + LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink), 540 540 + LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir), 541 541 + LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir), 542 542 + LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink), 543 543 + LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod), 544 544 + LSM_HOOK_INIT(path_link, tomoyo_path_link), 545 545 + LSM_HOOK_INIT(path_rename, tomoyo_path_rename), 546 546 + LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr), 547 547 + LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl), 548 548 + LSM_HOOK_INIT(file_ioctl_compat, tomoyo_file_ioctl), 549 549 + LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod), 550 550 + LSM_HOOK_INIT(path_chown, tomoyo_path_chown), 551 551 + LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot), 552 552 + LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount), 553 553 + LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount), 554 554 + LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot), 555 555 + LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind), 556 556 + LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect), 557 557 + LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen), 558 558 + LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg), 559 559 + }; 560 560 + 561 561 + /* Lock for GC. */ 562 562 + DEFINE_SRCU(tomoyo_ss); 563 563 + 564 564 + int tomoyo_enabled __ro_after_init = 1; 565 565 + 566 566 + /** 567 567 + * tomoyo_init - Register TOMOYO Linux as a LSM module. 568 568 + * 569 569 + * Returns 0. 570 570 + */ 571 571 + static int __init tomoyo_init(void) 572 572 + { 573 573 + struct tomoyo_task *s = tomoyo_task(current); 574 574 + 575 575 + /* register ourselves with the security framework */ 576 576 + security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), 577 577 + &tomoyo_lsmid); 578 578 + pr_info("TOMOYO Linux initialized\n"); 579 579 + s->domain_info = &tomoyo_kernel_domain; 580 580 + atomic_inc(&tomoyo_kernel_domain.users); 581 581 + s->old_domain_info = NULL; 582 582 + tomoyo_mm_init(); 583 583 + 584 584 + return 0; 585 585 + } 586 586 + 587 587 + DEFINE_LSM(tomoyo) = { 588 588 + .name = "tomoyo", 589 589 + .enabled = &tomoyo_enabled, 590 590 + .flags = LSM_FLAG_LEGACY_MAJOR, 591 591 + .blobs = &tomoyo_blob_sizes, 592 592 + .init = tomoyo_init, 593 593 + };

-366

security/tomoyo/init.c

reviewed

··· 1 1 - // SPDX-License-Identifier: GPL-2.0 2 2 - /* 3 3 - * security/tomoyo/init.c 4 4 - * 5 5 - * Copyright (C) 2005-2011 NTT DATA CORPORATION 6 6 - */ 7 7 - 8 8 - #include <linux/lsm_hooks.h> 9 9 - #include <uapi/linux/lsm.h> 10 10 - #include "common.h" 11 11 - 12 12 - #ifndef CONFIG_SECURITY_TOMOYO_LKM 13 13 - 14 14 - #include "hooks.h" 15 15 - 16 16 - #else 17 17 - 18 18 - #define DEFINE_STATIC_CALL_PROXY(NAME) \ 19 19 - static NAME##_t tomoyo_##NAME; \ 20 20 - DEFINE_STATIC_CALL_RET0(tomoyo_##NAME, tomoyo_##NAME); 21 21 - DEFINE_STATIC_CALL_PROXY(cred_prepare) 22 22 - DEFINE_STATIC_CALL_PROXY(bprm_committed_creds) 23 23 - DEFINE_STATIC_CALL_PROXY(bprm_check_security) 24 24 - DEFINE_STATIC_CALL_PROXY(inode_getattr) 25 25 - DEFINE_STATIC_CALL_PROXY(path_truncate) 26 26 - DEFINE_STATIC_CALL_PROXY(file_truncate) 27 27 - DEFINE_STATIC_CALL_PROXY(path_unlink) 28 28 - DEFINE_STATIC_CALL_PROXY(path_mkdir) 29 29 - DEFINE_STATIC_CALL_PROXY(path_rmdir) 30 30 - DEFINE_STATIC_CALL_PROXY(path_symlink) 31 31 - DEFINE_STATIC_CALL_PROXY(path_mknod) 32 32 - DEFINE_STATIC_CALL_PROXY(path_link) 33 33 - DEFINE_STATIC_CALL_PROXY(path_rename) 34 34 - DEFINE_STATIC_CALL_PROXY(file_fcntl) 35 35 - DEFINE_STATIC_CALL_PROXY(file_open) 36 36 - DEFINE_STATIC_CALL_PROXY(file_ioctl) 37 37 - DEFINE_STATIC_CALL_PROXY(path_chmod) 38 38 - DEFINE_STATIC_CALL_PROXY(path_chown) 39 39 - DEFINE_STATIC_CALL_PROXY(path_chroot) 40 40 - DEFINE_STATIC_CALL_PROXY(sb_mount) 41 41 - DEFINE_STATIC_CALL_PROXY(sb_umount) 42 42 - DEFINE_STATIC_CALL_PROXY(sb_pivotroot) 43 43 - DEFINE_STATIC_CALL_PROXY(socket_listen) 44 44 - DEFINE_STATIC_CALL_PROXY(socket_connect) 45 45 - DEFINE_STATIC_CALL_PROXY(socket_bind) 46 46 - DEFINE_STATIC_CALL_PROXY(socket_sendmsg) 47 47 - DEFINE_STATIC_CALL_PROXY(task_alloc) 48 48 - DEFINE_STATIC_CALL_PROXY(task_free) 49 49 - #undef DEFINE_STATIC_CALL_PROXY 50 50 - 51 51 - static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) 52 52 - { 53 53 - return static_call(tomoyo_cred_prepare)(new, old, gfp); 54 54 - } 55 55 - 56 56 - static void tomoyo_bprm_committed_creds(const struct linux_binprm *bprm) 57 57 - { 58 58 - static_call(tomoyo_bprm_committed_creds)(bprm); 59 59 - } 60 60 - 61 61 - static int tomoyo_bprm_check_security(struct linux_binprm *bprm) 62 62 - { 63 63 - return static_call(tomoyo_bprm_check_security)(bprm); 64 64 - } 65 65 - 66 66 - static int tomoyo_inode_getattr(const struct path *path) 67 67 - { 68 68 - return static_call(tomoyo_inode_getattr)(path); 69 69 - } 70 70 - 71 71 - static int tomoyo_path_truncate(const struct path *path) 72 72 - { 73 73 - return static_call(tomoyo_path_truncate)(path); 74 74 - } 75 75 - 76 76 - static int tomoyo_file_truncate(struct file *file) 77 77 - { 78 78 - return static_call(tomoyo_file_truncate)(file); 79 79 - } 80 80 - 81 81 - static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) 82 82 - { 83 83 - return static_call(tomoyo_path_unlink)(parent, dentry); 84 84 - } 85 85 - 86 86 - static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, umode_t mode) 87 87 - { 88 88 - return static_call(tomoyo_path_mkdir)(parent, dentry, mode); 89 89 - } 90 90 - 91 91 - static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) 92 92 - { 93 93 - return static_call(tomoyo_path_rmdir)(parent, dentry); 94 94 - } 95 95 - 96 96 - static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, 97 97 - const char *old_name) 98 98 - { 99 99 - return static_call(tomoyo_path_symlink)(parent, dentry, old_name); 100 100 - } 101 101 - 102 102 - static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, 103 103 - umode_t mode, unsigned int dev) 104 104 - { 105 105 - return static_call(tomoyo_path_mknod)(parent, dentry, mode, dev); 106 106 - } 107 107 - 108 108 - static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir, 109 109 - struct dentry *new_dentry) 110 110 - { 111 111 - return static_call(tomoyo_path_link)(old_dentry, new_dir, new_dentry); 112 112 - } 113 113 - 114 114 - static int tomoyo_path_rename(const struct path *old_parent, struct dentry *old_dentry, 115 115 - const struct path *new_parent, struct dentry *new_dentry, 116 116 - const unsigned int flags) 117 117 - { 118 118 - return static_call(tomoyo_path_rename)(old_parent, old_dentry, new_parent, new_dentry, flags); 119 119 - } 120 120 - 121 121 - static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) 122 122 - { 123 123 - return static_call(tomoyo_file_fcntl)(file, cmd, arg); 124 124 - } 125 125 - 126 126 - static int tomoyo_file_open(struct file *f) 127 127 - { 128 128 - return static_call(tomoyo_file_open)(f); 129 129 - } 130 130 - 131 131 - static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 132 132 - { 133 133 - return static_call(tomoyo_file_ioctl)(file, cmd, arg); 134 134 - } 135 135 - 136 136 - static int tomoyo_path_chmod(const struct path *path, umode_t mode) 137 137 - { 138 138 - return static_call(tomoyo_path_chmod)(path, mode); 139 139 - } 140 140 - 141 141 - static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid) 142 142 - { 143 143 - return static_call(tomoyo_path_chown)(path, uid, gid); 144 144 - } 145 145 - 146 146 - static int tomoyo_path_chroot(const struct path *path) 147 147 - { 148 148 - return static_call(tomoyo_path_chroot)(path); 149 149 - } 150 150 - 151 151 - static int tomoyo_sb_mount(const char *dev_name, const struct path *path, 152 152 - const char *type, unsigned long flags, void *data) 153 153 - { 154 154 - return static_call(tomoyo_sb_mount)(dev_name, path, type, flags, data); 155 155 - } 156 156 - 157 157 - static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) 158 158 - { 159 159 - return static_call(tomoyo_sb_umount)(mnt, flags); 160 160 - } 161 161 - 162 162 - static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path) 163 163 - { 164 164 - return static_call(tomoyo_sb_pivotroot)(old_path, new_path); 165 165 - } 166 166 - 167 167 - static int tomoyo_socket_listen(struct socket *sock, int backlog) 168 168 - { 169 169 - return static_call(tomoyo_socket_listen)(sock, backlog); 170 170 - } 171 171 - 172 172 - static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr, int addr_len) 173 173 - { 174 174 - return static_call(tomoyo_socket_connect)(sock, addr, addr_len); 175 175 - } 176 176 - 177 177 - static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr, int addr_len) 178 178 - { 179 179 - return static_call(tomoyo_socket_bind)(sock, addr, addr_len); 180 180 - } 181 181 - 182 182 - static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) 183 183 - { 184 184 - return static_call(tomoyo_socket_sendmsg)(sock, msg, size); 185 185 - } 186 186 - 187 187 - static int tomoyo_task_alloc(struct task_struct *task, unsigned long clone_flags) 188 188 - { 189 189 - return static_call(tomoyo_task_alloc)(task, clone_flags); 190 190 - } 191 191 - 192 192 - static void tomoyo_task_free(struct task_struct *task) 193 193 - { 194 194 - static_call(tomoyo_task_free)(task); 195 195 - } 196 196 - 197 197 - void tomoyo_register_hooks(const struct tomoyo_hooks *tomoyo_hooks) 198 198 - { 199 199 - static void *registered; 200 200 - 201 201 - if (cmpxchg(&registered, NULL, &registered)) 202 202 - panic("%s was called twice!\n", __func__); 203 203 - static_call_update(tomoyo_task_free, tomoyo_hooks->task_free); 204 204 - static_call_update(tomoyo_task_alloc, tomoyo_hooks->task_alloc); 205 205 - static_call_update(tomoyo_cred_prepare, tomoyo_hooks->cred_prepare); 206 206 - static_call_update(tomoyo_bprm_committed_creds, tomoyo_hooks->bprm_committed_creds); 207 207 - static_call_update(tomoyo_bprm_check_security, tomoyo_hooks->bprm_check_security); 208 208 - static_call_update(tomoyo_inode_getattr, tomoyo_hooks->inode_getattr); 209 209 - static_call_update(tomoyo_path_truncate, tomoyo_hooks->path_truncate); 210 210 - static_call_update(tomoyo_file_truncate, tomoyo_hooks->file_truncate); 211 211 - static_call_update(tomoyo_path_unlink, tomoyo_hooks->path_unlink); 212 212 - static_call_update(tomoyo_path_mkdir, tomoyo_hooks->path_mkdir); 213 213 - static_call_update(tomoyo_path_rmdir, tomoyo_hooks->path_rmdir); 214 214 - static_call_update(tomoyo_path_symlink, tomoyo_hooks->path_symlink); 215 215 - static_call_update(tomoyo_path_mknod, tomoyo_hooks->path_mknod); 216 216 - static_call_update(tomoyo_path_link, tomoyo_hooks->path_link); 217 217 - static_call_update(tomoyo_path_rename, tomoyo_hooks->path_rename); 218 218 - static_call_update(tomoyo_file_fcntl, tomoyo_hooks->file_fcntl); 219 219 - static_call_update(tomoyo_file_open, tomoyo_hooks->file_open); 220 220 - static_call_update(tomoyo_file_ioctl, tomoyo_hooks->file_ioctl); 221 221 - static_call_update(tomoyo_path_chmod, tomoyo_hooks->path_chmod); 222 222 - static_call_update(tomoyo_path_chown, tomoyo_hooks->path_chown); 223 223 - static_call_update(tomoyo_path_chroot, tomoyo_hooks->path_chroot); 224 224 - static_call_update(tomoyo_sb_mount, tomoyo_hooks->sb_mount); 225 225 - static_call_update(tomoyo_sb_umount, tomoyo_hooks->sb_umount); 226 226 - static_call_update(tomoyo_sb_pivotroot, tomoyo_hooks->sb_pivotroot); 227 227 - static_call_update(tomoyo_socket_listen, tomoyo_hooks->socket_listen); 228 228 - static_call_update(tomoyo_socket_connect, tomoyo_hooks->socket_connect); 229 229 - static_call_update(tomoyo_socket_bind, tomoyo_hooks->socket_bind); 230 230 - static_call_update(tomoyo_socket_sendmsg, tomoyo_hooks->socket_sendmsg); 231 231 - } 232 232 - EXPORT_SYMBOL_GPL(tomoyo_register_hooks); 233 233 - 234 234 - /* 235 235 - * Temporary hack: functions needed by tomoyo.ko . This hack will be removed 236 236 - * after all functions are marked as EXPORT_STMBOL_GPL(). 237 237 - */ 238 238 - #undef find_task_by_vpid 239 239 - #undef find_task_by_pid_ns 240 240 - #undef put_filesystem 241 241 - #undef get_mm_exe_file 242 242 - #undef d_absolute_path 243 243 - const struct tomoyo_tmp_exports tomoyo_tmp_exports = { 244 244 - .find_task_by_vpid = find_task_by_vpid, 245 245 - .find_task_by_pid_ns = find_task_by_pid_ns, 246 246 - .put_filesystem = put_filesystem, 247 247 - .get_mm_exe_file = get_mm_exe_file, 248 248 - .d_absolute_path = d_absolute_path, 249 249 - }; 250 250 - EXPORT_SYMBOL_GPL(tomoyo_tmp_exports); 251 251 - 252 252 - #endif 253 253 - 254 254 - #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 255 255 - static int tomoyo_bprm_creds_for_exec(struct linux_binprm *bprm) 256 256 - { 257 257 - /* 258 258 - * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested 259 259 - * for the first time. 260 260 - */ 261 261 - if (!tomoyo_policy_loaded) 262 262 - tomoyo_load_policy(bprm->filename); 263 263 - return 0; 264 264 - } 265 265 - #endif 266 266 - 267 267 - struct lsm_blob_sizes tomoyo_blob_sizes __ro_after_init = { 268 268 - .lbs_task = sizeof(struct tomoyo_task), 269 269 - }; 270 270 - 271 271 - static const struct lsm_id tomoyo_lsmid = { 272 272 - .name = "tomoyo", 273 273 - .id = LSM_ID_TOMOYO, 274 274 - }; 275 275 - 276 276 - /* tomoyo_hooks is used for registering TOMOYO. */ 277 277 - static struct security_hook_list tomoyo_hooks[] __ro_after_init = { 278 278 - LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare), 279 279 - LSM_HOOK_INIT(bprm_committed_creds, tomoyo_bprm_committed_creds), 280 280 - LSM_HOOK_INIT(task_alloc, tomoyo_task_alloc), 281 281 - LSM_HOOK_INIT(task_free, tomoyo_task_free), 282 282 - #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER 283 283 - LSM_HOOK_INIT(bprm_creds_for_exec, tomoyo_bprm_creds_for_exec), 284 284 - #endif 285 285 - LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security), 286 286 - LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl), 287 287 - LSM_HOOK_INIT(file_open, tomoyo_file_open), 288 288 - LSM_HOOK_INIT(file_truncate, tomoyo_file_truncate), 289 289 - LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate), 290 290 - LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink), 291 291 - LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir), 292 292 - LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir), 293 293 - LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink), 294 294 - LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod), 295 295 - LSM_HOOK_INIT(path_link, tomoyo_path_link), 296 296 - LSM_HOOK_INIT(path_rename, tomoyo_path_rename), 297 297 - LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr), 298 298 - LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl), 299 299 - LSM_HOOK_INIT(file_ioctl_compat, tomoyo_file_ioctl), 300 300 - LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod), 301 301 - LSM_HOOK_INIT(path_chown, tomoyo_path_chown), 302 302 - LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot), 303 303 - LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount), 304 304 - LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount), 305 305 - LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot), 306 306 - LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind), 307 307 - LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect), 308 308 - LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen), 309 309 - LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg), 310 310 - }; 311 311 - 312 312 - int tomoyo_enabled __ro_after_init = 1; 313 313 - 314 314 - /* Has /sbin/init started? */ 315 315 - bool tomoyo_policy_loaded; 316 316 - 317 317 - #ifdef CONFIG_SECURITY_TOMOYO_LKM 318 318 - EXPORT_SYMBOL_GPL(tomoyo_blob_sizes); 319 319 - EXPORT_SYMBOL_GPL(tomoyo_policy_loaded); 320 320 - 321 321 - struct tomoyo_operations tomoyo_ops; 322 322 - EXPORT_SYMBOL_GPL(tomoyo_ops); 323 323 - 324 324 - /** 325 325 - * tomoyo_init - Reserve hooks for TOMOYO Linux. 326 326 - * 327 327 - * Returns 0. 328 328 - */ 329 329 - static int __init tomoyo_init(void) 330 330 - { 331 331 - /* register ourselves with the security framework */ 332 332 - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), &tomoyo_lsmid); 333 333 - tomoyo_ops.enabled = tomoyo_enabled; 334 334 - pr_info("Hooks for initializing TOMOYO Linux are ready\n"); 335 335 - return 0; 336 336 - } 337 337 - #else 338 338 - /** 339 339 - * tomoyo_init - Register TOMOYO Linux as a LSM module. 340 340 - * 341 341 - * Returns 0. 342 342 - */ 343 343 - static int __init tomoyo_init(void) 344 344 - { 345 345 - struct tomoyo_task *s = tomoyo_task(current); 346 346 - 347 347 - /* register ourselves with the security framework */ 348 348 - security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks), 349 349 - &tomoyo_lsmid); 350 350 - pr_info("TOMOYO Linux initialized\n"); 351 351 - s->domain_info = &tomoyo_kernel_domain; 352 352 - atomic_inc(&tomoyo_kernel_domain.users); 353 353 - s->old_domain_info = NULL; 354 354 - tomoyo_mm_init(); 355 355 - 356 356 - return 0; 357 357 - } 358 358 - #endif 359 359 - 360 360 - DEFINE_LSM(tomoyo) = { 361 361 - .name = "tomoyo", 362 362 - .enabled = &tomoyo_enabled, 363 363 - .flags = LSM_FLAG_LEGACY_MAJOR, 364 364 - .blobs = &tomoyo_blob_sizes, 365 365 - .init = tomoyo_init, 366 366 - };

-12

security/tomoyo/load_policy.c

reviewed

··· 97 97 if (!tomoyo_policy_loader_exists()) 98 98 return; 99 99 done = true; 100 100 - #ifdef CONFIG_SECURITY_TOMOYO_LKM 101 101 - /* Load tomoyo.ko if not yet loaded. */ 102 102 - if (!tomoyo_ops.check_profile) 103 103 - request_module("tomoyo"); 104 104 - /* Check if tomoyo.ko was successfully loaded. */ 105 105 - if (!tomoyo_ops.check_profile) 106 106 - panic("Failed to load tomoyo module."); 107 107 - #endif 108 100 pr_info("Calling %s to load policy. Please wait.\n", tomoyo_loader); 109 101 argv[0] = (char *) tomoyo_loader; 110 102 argv[1] = NULL; ··· 104 112 envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; 105 113 envp[2] = NULL; 106 114 call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC); 107 107 - #ifdef CONFIG_SECURITY_TOMOYO_LKM 108 108 - tomoyo_ops.check_profile(); 109 109 - #else 110 115 tomoyo_check_profile(); 111 111 - #endif 112 116 } 113 117 114 118 #endif

-82

security/tomoyo/proxy.c

reviewed

··· 1 1 - // SPDX-License-Identifier: GPL-2.0 2 2 - /* 3 3 - * security/tomoyo/proxy.c 4 4 - * 5 5 - * Copyright (C) 2005-2011 NTT DATA CORPORATION 6 6 - */ 7 7 - 8 8 - #include <linux/security.h> 9 9 - #include "common.h" 10 10 - 11 11 - #ifdef CONFIG_SECURITY_TOMOYO_LKM 12 12 - 13 13 - struct tomoyo_task *tomoyo_task(struct task_struct *task) 14 14 - { 15 15 - struct tomoyo_task *s = task->security + tomoyo_blob_sizes.lbs_task; 16 16 - 17 17 - if (unlikely(!s->domain_info)) { 18 18 - if (likely(task == current)) { 19 19 - s->domain_info = &tomoyo_kernel_domain; 20 20 - atomic_inc(&tomoyo_kernel_domain.users); 21 21 - } else { 22 22 - /* Caller handles s->domain_info == NULL case. */ 23 23 - } 24 24 - } 25 25 - return s; 26 26 - } 27 27 - 28 28 - #include "hooks.h" 29 29 - 30 30 - /** 31 31 - * tomoyo_runtime_init - Register TOMOYO Linux as a loadable LSM module. 32 32 - * 33 33 - * Returns 0 if TOMOYO is enabled, -EINVAL otherwise. 34 34 - */ 35 35 - static int __init tomoyo_runtime_init(void) 36 36 - { 37 37 - const struct tomoyo_hooks tomoyo_hooks = { 38 38 - .cred_prepare = tomoyo_cred_prepare, 39 39 - .bprm_committed_creds = tomoyo_bprm_committed_creds, 40 40 - .task_alloc = tomoyo_task_alloc, 41 41 - .task_free = tomoyo_task_free, 42 42 - .bprm_check_security = tomoyo_bprm_check_security, 43 43 - .file_fcntl = tomoyo_file_fcntl, 44 44 - .file_open = tomoyo_file_open, 45 45 - .file_truncate = tomoyo_file_truncate, 46 46 - .path_truncate = tomoyo_path_truncate, 47 47 - .path_unlink = tomoyo_path_unlink, 48 48 - .path_mkdir = tomoyo_path_mkdir, 49 49 - .path_rmdir = tomoyo_path_rmdir, 50 50 - .path_symlink = tomoyo_path_symlink, 51 51 - .path_mknod = tomoyo_path_mknod, 52 52 - .path_link = tomoyo_path_link, 53 53 - .path_rename = tomoyo_path_rename, 54 54 - .inode_getattr = tomoyo_inode_getattr, 55 55 - .file_ioctl = tomoyo_file_ioctl, 56 56 - .file_ioctl_compat = tomoyo_file_ioctl, 57 57 - .path_chmod = tomoyo_path_chmod, 58 58 - .path_chown = tomoyo_path_chown, 59 59 - .path_chroot = tomoyo_path_chroot, 60 60 - .sb_mount = tomoyo_sb_mount, 61 61 - .sb_umount = tomoyo_sb_umount, 62 62 - .sb_pivotroot = tomoyo_sb_pivotroot, 63 63 - .socket_bind = tomoyo_socket_bind, 64 64 - .socket_connect = tomoyo_socket_connect, 65 65 - .socket_listen = tomoyo_socket_listen, 66 66 - .socket_sendmsg = tomoyo_socket_sendmsg, 67 67 - }; 68 68 - 69 69 - if (!tomoyo_ops.enabled) 70 70 - return -EINVAL; 71 71 - tomoyo_ops.check_profile = tomoyo_check_profile; 72 72 - pr_info("TOMOYO Linux initialized\n"); 73 73 - tomoyo_task(current); 74 74 - tomoyo_mm_init(); 75 75 - tomoyo_interface_init(); 76 76 - tomoyo_register_hooks(&tomoyo_hooks); 77 77 - return 0; 78 78 - } 79 79 - module_init(tomoyo_runtime_init); 80 80 - MODULE_LICENSE("GPL"); 81 81 - 82 82 - #endif

+3 -7

security/tomoyo/securityfs_if.c

reviewed

··· 229 229 } 230 230 231 231 /** 232 232 - * tomoyo_interface_init - Initialize /sys/kernel/security/tomoyo/ interface. 232 232 + * tomoyo_initerface_init - Initialize /sys/kernel/security/tomoyo/ interface. 233 233 * 234 234 * Returns 0. 235 235 */ 236 236 - int __init tomoyo_interface_init(void) 236 236 + static int __init tomoyo_initerface_init(void) 237 237 { 238 238 struct tomoyo_domain_info *domain; 239 239 struct dentry *tomoyo_dir; 240 240 241 241 - #ifndef CONFIG_SECURITY_TOMOYO_LKM 242 241 if (!tomoyo_enabled) 243 242 return 0; 244 244 - #endif 245 243 domain = tomoyo_domain(); 246 244 /* Don't create securityfs entries unless registered. */ 247 245 if (domain != &tomoyo_kernel_domain) ··· 270 272 return 0; 271 273 } 272 274 273 273 - #ifndef CONFIG_SECURITY_TOMOYO_LKM 274 274 - fs_initcall(tomoyo_interface_init); 275 275 - #endif 275 275 + fs_initcall(tomoyo_initerface_init);

+3

security/tomoyo/util.c

reviewed

··· 13 13 /* Lock for protecting policy. */ 14 14 DEFINE_MUTEX(tomoyo_policy_lock); 15 15 16 16 + /* Has /sbin/init started? */ 17 17 + bool tomoyo_policy_loaded; 18 18 + 16 19 /* 17 20 * Mapping table from "enum tomoyo_mac_index" to 18 21 * "enum tomoyo_mac_category_index".