projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
TOMOYO: Remove /sys/kernel/security/tomoyo/.domain_status interface.
[linux-block.git] / security / tomoyo / domain.c
CommitLineData
26a2a1c9
KT		 1/*
2 * security/tomoyo/domain.c
3 *
c3ef1500 4 * Domain transition functions for TOMOYO.
26a2a1c9 5 *
c3ef1500 6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
26a2a1c9
KT		 7 */
8
9#include "common.h"
26a2a1c9 10#include <linux/binfmts.h>
5a0e3ad6 11#include <linux/slab.h>
26a2a1c9
KT		 12
13/* Variables definitions.*/
14
15/* The initial domain. */
16struct tomoyo_domain_info tomoyo_kernel_domain;
17
36f5e1ff
TH		 18/**
19 * tomoyo_update_policy - Update an entry for exception policy.
20 *
21 * @new_entry: Pointer to "struct tomoyo_acl_info".
22 * @size: Size of @new_entry in bytes.
a238cf5b 23 * @param: Pointer to "struct tomoyo_acl_param".
36f5e1ff
TH		 24 * @check_duplicate: Callback function to find duplicated entry.
25 *
26 * Returns 0 on success, negative value otherwise.
27 *
28 * Caller holds tomoyo_read_lock().
29 */
30int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
a238cf5b 31 struct tomoyo_acl_param *param,
36f5e1ff
TH		 32 bool (*check_duplicate) (const struct tomoyo_acl_head
33 *,
34 const struct tomoyo_acl_head
35 *))
36{
a238cf5b 37 int error = param->is_delete ? -ENOENT : -ENOMEM;
36f5e1ff 38 struct tomoyo_acl_head *entry;
a238cf5b 39 struct list_head *list = param->list;
36f5e1ff
TH		 40
41 if (mutex_lock_interruptible(&tomoyo_policy_lock))
42 return -ENOMEM;
43 list_for_each_entry_rcu(entry, list, list) {
44 if (!check_duplicate(entry, new_entry))
45 continue;
a238cf5b 46 entry->is_deleted = param->is_delete;
36f5e1ff
TH		 47 error = 0;
48 break;
49 }
a238cf5b 50 if (error && !param->is_delete) {
36f5e1ff
TH		 51 entry = tomoyo_commit_ok(new_entry, size);
52 if (entry) {
53 list_add_tail_rcu(&entry->list, list);
54 error = 0;
55 }
56 }
57 mutex_unlock(&tomoyo_policy_lock);
58 return error;
59}
60
0df7e8b8
TH		 61/**
62 * tomoyo_same_acl_head - Check for duplicated "struct tomoyo_acl_info" entry.
63 *
64 * @a: Pointer to "struct tomoyo_acl_info".
65 * @b: Pointer to "struct tomoyo_acl_info".
66 *
67 * Returns true if @a == @b, false otherwise.
68 */
69static inline bool tomoyo_same_acl_head(const struct tomoyo_acl_info *a,
70 const struct tomoyo_acl_info *b)
71{
72 return a->type == b->type;
73}
74
237ab459
TH		 75/**
76 * tomoyo_update_domain - Update an entry for domain policy.
77 *
78 * @new_entry: Pointer to "struct tomoyo_acl_info".
79 * @size: Size of @new_entry in bytes.
a238cf5b 80 * @param: Pointer to "struct tomoyo_acl_param".
237ab459
TH		 81 * @check_duplicate: Callback function to find duplicated entry.
82 * @merge_duplicate: Callback function to merge duplicated entry.
83 *
84 * Returns 0 on success, negative value otherwise.
85 *
86 * Caller holds tomoyo_read_lock().
87 */
88int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
a238cf5b 89 struct tomoyo_acl_param *param,
237ab459
TH		 90 bool (*check_duplicate) (const struct tomoyo_acl_info
91 *,
92 const struct tomoyo_acl_info
93 *),
94 bool (*merge_duplicate) (struct tomoyo_acl_info *,
95 struct tomoyo_acl_info *,
96 const bool))
97{
a238cf5b 98 const bool is_delete = param->is_delete;
237ab459
TH		 99 int error = is_delete ? -ENOENT : -ENOMEM;
100 struct tomoyo_acl_info *entry;
a238cf5b 101 struct list_head * const list = param->list;
237ab459
TH		 102
103 if (mutex_lock_interruptible(&tomoyo_policy_lock))
104 return error;
a238cf5b 105 list_for_each_entry_rcu(entry, list, list) {
0df7e8b8
TH		 106 if (!tomoyo_same_acl_head(entry, new_entry) ||
107 !check_duplicate(entry, new_entry))
237ab459
TH		 108 continue;
109 if (merge_duplicate)
110 entry->is_deleted = merge_duplicate(entry, new_entry,
111 is_delete);
112 else
113 entry->is_deleted = is_delete;
114 error = 0;
115 break;
116 }
117 if (error && !is_delete) {
118 entry = tomoyo_commit_ok(new_entry, size);
119 if (entry) {
a238cf5b 120 list_add_tail_rcu(&entry->list, list);
237ab459
TH		 121 error = 0;
122 }
123 }
124 mutex_unlock(&tomoyo_policy_lock);
125 return error;
126}
127
32997144
TH		 128/**
129 * tomoyo_check_acl - Do permission check.
130 *
131 * @r: Pointer to "struct tomoyo_request_info".
132 * @check_entry: Callback function to check type specific parameters.
133 *
134 * Returns 0 on success, negative value otherwise.
135 *
136 * Caller holds tomoyo_read_lock().
137 */
99a85259 138void tomoyo_check_acl(struct tomoyo_request_info *r,
484ca79c 139 bool (*check_entry) (struct tomoyo_request_info *,
99a85259
TH		 140 const struct tomoyo_acl_info *))
141{
142 const struct tomoyo_domain_info *domain = r->domain;
143 struct tomoyo_acl_info *ptr;
32997144
TH		 144 bool retried = false;
145 const struct list_head *list = &domain->acl_info_list;
99a85259 146
32997144
TH		 147retry:
148 list_for_each_entry_rcu(ptr, list, list) {
99a85259
TH		 149 if (ptr->is_deleted || ptr->type != r->param_type)
150 continue;
151 if (check_entry(r, ptr)) {
152 r->granted = true;
153 return;
154 }
155 }
32997144
TH		 156 if (!retried) {
157 retried = true;
bd03a3e4 158 list = &domain->ns->acl_group[domain->group];
32997144
TH		 159 goto retry;
160 }
99a85259
TH		 161 r->granted = false;
162}
163
a230f9e7 164/* The list for "struct tomoyo_domain_info". */
26a2a1c9 165LIST_HEAD(tomoyo_domain_list);
26a2a1c9 166
26a2a1c9 167/**
e2bf6907 168 * tomoyo_last_word - Get last component of a domainname.
26a2a1c9 169 *
bd03a3e4 170 * @name: Domainname to check.
26a2a1c9 171 *
e2bf6907 172 * Returns the last word of @domainname.
26a2a1c9 173 */
e2bf6907 174static const char *tomoyo_last_word(const char *name)
26a2a1c9 175{
e2bf6907
TH		 176 const char *cp = strrchr(name, ' ');
177 if (cp)
178 return cp + 1;
179 return name;
26a2a1c9
KT		 180}
181
a238cf5b
TH		 182/**
183 * tomoyo_same_transition_control - Check for duplicated "struct tomoyo_transition_control" entry.
184 *
185 * @a: Pointer to "struct tomoyo_acl_head".
186 * @b: Pointer to "struct tomoyo_acl_head".
187 *
188 * Returns true if @a == @b, false otherwise.
189 */
e2bf6907
TH		 190static bool tomoyo_same_transition_control(const struct tomoyo_acl_head *a,
191 const struct tomoyo_acl_head *b)
36f5e1ff 192{
5448ec4f
TH		 193 const struct tomoyo_transition_control *p1 = container_of(a,
194 typeof(*p1),
195 head);
196 const struct tomoyo_transition_control *p2 = container_of(b,
197 typeof(*p2),
198 head);
199 return p1->type == p2->type && p1->is_last_name == p2->is_last_name
36f5e1ff
TH		 200 && p1->domainname == p2->domainname
201 && p1->program == p2->program;
202}
203
26a2a1c9 204/**
a238cf5b 205 * tomoyo_write_transition_control - Write "struct tomoyo_transition_control" list.
26a2a1c9 206 *
a238cf5b
TH		 207 * @param: Pointer to "struct tomoyo_acl_param".
208 * @type: Type of this entry.
26a2a1c9
KT		 209 *
210 * Returns 0 on success, negative value otherwise.
211 */
a238cf5b
TH		 212int tomoyo_write_transition_control(struct tomoyo_acl_param *param,
213 const u8 type)
26a2a1c9 214{
5448ec4f 215 struct tomoyo_transition_control e = { .type = type };
a238cf5b
TH		 216 int error = param->is_delete ? -ENOENT : -ENOMEM;
217 char *program = param->data;
218 char *domainname = strstr(program, " from ");
219 if (domainname) {
220 *domainname = '\0';
221 domainname += 6;
222 } else if (type == TOMOYO_TRANSITION_CONTROL_NO_KEEP ||
223 type == TOMOYO_TRANSITION_CONTROL_KEEP) {
224 domainname = program;
225 program = NULL;
226 }
0d2171d7 227 if (program && strcmp(program, "any")) {
5448ec4f
TH		 228 if (!tomoyo_correct_path(program))
229 return -EINVAL;
230 e.program = tomoyo_get_name(program);
231 if (!e.program)
232 goto out;
233 }
0d2171d7 234 if (domainname && strcmp(domainname, "any")) {
5448ec4f
TH		 235 if (!tomoyo_correct_domain(domainname)) {
236 if (!tomoyo_correct_path(domainname))
237 goto out;
9e4b50e9 238 e.is_last_name = true;
5448ec4f 239 }
9e4b50e9
TH		 240 e.domainname = tomoyo_get_name(domainname);
241 if (!e.domainname)
ca0b7df3 242 goto out;
26a2a1c9 243 }
bd03a3e4 244 param->list = &param->ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];
a238cf5b 245 error = tomoyo_update_policy(&e.head, sizeof(e), param,
e2bf6907 246 tomoyo_same_transition_control);
a238cf5b 247out:
9e4b50e9
TH		 248 tomoyo_put_name(e.domainname);
249 tomoyo_put_name(e.program);
26a2a1c9
KT		 250 return error;
251}
252
26a2a1c9 253/**
bd03a3e4 254 * tomoyo_scan_transition - Try to find specific domain transition type.
26a2a1c9 255 *
bd03a3e4
TH		 256 * @list: Pointer to "struct list_head".
257 * @domainname: The name of current domain.
258 * @program: The name of requested program.
259 * @last_name: The last component of @domainname.
260 * @type: One of values in "enum tomoyo_transition_type".
26a2a1c9 261 *
bd03a3e4 262 * Returns true if found one, false otherwise.
fdb8ebb7
TH		 263 *
264 * Caller holds tomoyo_read_lock().
26a2a1c9 265 */
bd03a3e4
TH		 266static inline bool tomoyo_scan_transition
267(const struct list_head *list, const struct tomoyo_path_info *domainname,
268 const struct tomoyo_path_info *program, const char *last_name,
269 const enum tomoyo_transition_type type)
26a2a1c9 270{
5448ec4f 271 const struct tomoyo_transition_control *ptr;
bd03a3e4
TH		 272 list_for_each_entry_rcu(ptr, list, head.list) {
273 if (ptr->head.is_deleted || ptr->type != type)
274 continue;
275 if (ptr->domainname) {
276 if (!ptr->is_last_name) {
277 if (ptr->domainname != domainname)
278 continue;
279 } else {
5448ec4f 280 /*
bd03a3e4
TH		 281 * Use direct strcmp() since this is
282 * unlikely used.
5448ec4f 283 */
bd03a3e4
TH		 284 if (strcmp(ptr->domainname->name, last_name))
285 continue;
5448ec4f 286 }
26a2a1c9 287 }
bd03a3e4
TH		 288 if (ptr->program && tomoyo_pathcmp(ptr->program, program))
289 continue;
290 return true;
291 }
292 return false;
293}
294
295/**
296 * tomoyo_transition_type - Get domain transition type.
297 *
298 * @ns: Pointer to "struct tomoyo_policy_namespace".
299 * @domainname: The name of current domain.
300 * @program: The name of requested program.
301 *
302 * Returns TOMOYO_TRANSITION_CONTROL_TRANSIT if executing @program causes
303 * domain transition across namespaces, TOMOYO_TRANSITION_CONTROL_INITIALIZE if
304 * executing @program reinitializes domain transition within that namespace,
305 * TOMOYO_TRANSITION_CONTROL_KEEP if executing @program stays at @domainname ,
306 * others otherwise.
307 *
308 * Caller holds tomoyo_read_lock().
309 */
310static enum tomoyo_transition_type tomoyo_transition_type
311(const struct tomoyo_policy_namespace *ns,
312 const struct tomoyo_path_info *domainname,
313 const struct tomoyo_path_info *program)
314{
315 const char *last_name = tomoyo_last_word(domainname->name);
316 enum tomoyo_transition_type type = TOMOYO_TRANSITION_CONTROL_NO_RESET;
317 while (type < TOMOYO_MAX_TRANSITION_TYPE) {
318 const struct list_head * const list =
319 &ns->policy_list[TOMOYO_ID_TRANSITION_CONTROL];
320 if (!tomoyo_scan_transition(list, domainname, program,
321 last_name, type)) {
322 type++;
323 continue;
324 }
325 if (type != TOMOYO_TRANSITION_CONTROL_NO_RESET &&
326 type != TOMOYO_TRANSITION_CONTROL_NO_INITIALIZE)
327 break;
328 /*
329 * Do not check for reset_domain if no_reset_domain matched.
330 * Do not check for initialize_domain if no_initialize_domain
331 * matched.
332 */
333 type++;
334 type++;
26a2a1c9 335 }
5448ec4f 336 return type;
26a2a1c9
KT		 337}
338
a238cf5b
TH		 339/**
340 * tomoyo_same_aggregator - Check for duplicated "struct tomoyo_aggregator" entry.
341 *
342 * @a: Pointer to "struct tomoyo_acl_head".
343 * @b: Pointer to "struct tomoyo_acl_head".
344 *
345 * Returns true if @a == @b, false otherwise.
346 */
e2bf6907
TH		 347static bool tomoyo_same_aggregator(const struct tomoyo_acl_head *a,
348 const struct tomoyo_acl_head *b)
36f5e1ff 349{
a238cf5b
TH		 350 const struct tomoyo_aggregator *p1 = container_of(a, typeof(*p1),
351 head);
352 const struct tomoyo_aggregator *p2 = container_of(b, typeof(*p2),
353 head);
36f5e1ff
TH		 354 return p1->original_name == p2->original_name &&
355 p1->aggregated_name == p2->aggregated_name;
356}
357
1084307c 358/**
a238cf5b 359 * tomoyo_write_aggregator - Write "struct tomoyo_aggregator" list.
1084307c 360 *
a238cf5b 361 * @param: Pointer to "struct tomoyo_acl_param".
1084307c
TH		 362 *
363 * Returns 0 on success, negative value otherwise.
364 *
365 * Caller holds tomoyo_read_lock().
366 */
a238cf5b 367int tomoyo_write_aggregator(struct tomoyo_acl_param *param)
1084307c 368{
e2bf6907 369 struct tomoyo_aggregator e = { };
a238cf5b
TH		 370 int error = param->is_delete ? -ENOENT : -ENOMEM;
371 const char *original_name = tomoyo_read_token(param);
372 const char *aggregated_name = tomoyo_read_token(param);
373 if (!tomoyo_correct_word(original_name) ||
75093152 374 !tomoyo_correct_path(aggregated_name))
1084307c
TH		 375 return -EINVAL;
376 e.original_name = tomoyo_get_name(original_name);
377 e.aggregated_name = tomoyo_get_name(aggregated_name);
378 if (!e.original_name || !e.aggregated_name ||
379 e.aggregated_name->is_patterned) /* No patterns allowed. */
380 goto out;
bd03a3e4 381 param->list = &param->ns->policy_list[TOMOYO_ID_AGGREGATOR];
a238cf5b 382 error = tomoyo_update_policy(&e.head, sizeof(e), param,
e2bf6907 383 tomoyo_same_aggregator);
a238cf5b 384out:
1084307c
TH		 385 tomoyo_put_name(e.original_name);
386 tomoyo_put_name(e.aggregated_name);
387 return error;
388}
389
26a2a1c9 390/**
bd03a3e4 391 * tomoyo_find_namespace - Find specified namespace.
26a2a1c9 392 *
bd03a3e4
TH		 393 * @name: Name of namespace to find.
394 * @len: Length of @name.
26a2a1c9 395 *
bd03a3e4
TH		 396 * Returns pointer to "struct tomoyo_policy_namespace" if found,
397 * NULL otherwise.
fdb8ebb7
TH		 398 *
399 * Caller holds tomoyo_read_lock().
26a2a1c9 400 */
bd03a3e4
TH		 401static struct tomoyo_policy_namespace *tomoyo_find_namespace
402(const char *name, const unsigned int len)
26a2a1c9 403{
bd03a3e4
TH		 404 struct tomoyo_policy_namespace *ns;
405 list_for_each_entry(ns, &tomoyo_namespace_list, namespace_list) {
406 if (strncmp(name, ns->name, len) ||
407 (name[len] && name[len] != ' '))
408 continue;
409 return ns;
410 }
411 return NULL;
412}
26a2a1c9 413
bd03a3e4
TH		 414/**
415 * tomoyo_assign_namespace - Create a new namespace.
416 *
417 * @domainname: Name of namespace to create.
418 *
419 * Returns pointer to "struct tomoyo_policy_namespace" on success,
420 * NULL otherwise.
421 *
422 * Caller holds tomoyo_read_lock().
423 */
424struct tomoyo_policy_namespace *tomoyo_assign_namespace(const char *domainname)
425{
426 struct tomoyo_policy_namespace *ptr;
427 struct tomoyo_policy_namespace *entry;
428 const char *cp = domainname;
429 unsigned int len = 0;
430 while (*cp && *cp++ != ' ')
431 len++;
432 ptr = tomoyo_find_namespace(domainname, len);
433 if (ptr)
434 return ptr;
435 if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname))
ca0b7df3 436 return NULL;
bd03a3e4
TH		 437 entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS);
438 if (!entry)
ca0b7df3 439 return NULL;
29282381
TH		 440 if (mutex_lock_interruptible(&tomoyo_policy_lock))
441 goto out;
bd03a3e4
TH		 442 ptr = tomoyo_find_namespace(domainname, len);
443 if (!ptr && tomoyo_memory_ok(entry)) {
444 char *name = (char *) (entry + 1);
445 ptr = entry;
446 memmove(name, domainname, len);
447 name[len] = '\0';
448 entry->name = name;
449 tomoyo_init_policy_namespace(entry);
ca0b7df3 450 entry = NULL;
26a2a1c9 451 }
f737d95d 452 mutex_unlock(&tomoyo_policy_lock);
bd03a3e4 453out:
ca0b7df3 454 kfree(entry);
bd03a3e4
TH		 455 return ptr;
456}
457
458/**
459 * tomoyo_namespace_jump - Check for namespace jump.
460 *
461 * @domainname: Name of domain.
462 *
463 * Returns true if namespace differs, false otherwise.
464 */
465static bool tomoyo_namespace_jump(const char *domainname)
466{
467 const char *namespace = tomoyo_current_namespace()->name;
468 const int len = strlen(namespace);
469 return strncmp(domainname, namespace, len) ||
470 (domainname[len] && domainname[len] != ' ');
471}
472
473/**
474 * tomoyo_assign_domain - Create a domain or a namespace.
475 *
476 * @domainname: The name of domain.
477 * @transit: True if transit to domain found or created.
478 *
479 * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
480 *
481 * Caller holds tomoyo_read_lock().
482 */
483struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
484 const bool transit)
485{
486 struct tomoyo_domain_info e = { };
487 struct tomoyo_domain_info *entry = tomoyo_find_domain(domainname);
488 bool created = false;
489 if (entry) {
490 if (transit) {
491 /*
492 * Since namespace is created at runtime, profiles may
493 * not be created by the moment the process transits to
494 * that domain. Do not perform domain transition if
495 * profile for that domain is not yet created.
496 */
497 if (!entry->ns->profile_ptr[entry->profile])
498 return NULL;
499 }
500 return entry;
501 }
502 /* Requested domain does not exist. */
503 /* Don't create requested domain if domainname is invalid. */
504 if (strlen(domainname) >= TOMOYO_EXEC_TMPSIZE - 10 ||
505 !tomoyo_correct_domain(domainname))
506 return NULL;
507 /*
508 * Since definition of profiles and acl_groups may differ across
509 * namespaces, do not inherit "use_profile" and "use_group" settings
510 * by automatically creating requested domain upon domain transition.
511 */
512 if (transit && tomoyo_namespace_jump(domainname))
513 return NULL;
514 e.ns = tomoyo_assign_namespace(domainname);
515 if (!e.ns)
516 return NULL;
517 /*
518 * "use_profile" and "use_group" settings for automatically created
519 * domains are inherited from current domain. These are 0 for manually
520 * created domains.
521 */
522 if (transit) {
523 const struct tomoyo_domain_info *domain = tomoyo_domain();
524 e.profile = domain->profile;
525 e.group = domain->group;
526 }
527 e.domainname = tomoyo_get_name(domainname);
528 if (!e.domainname)
529 return NULL;
530 if (mutex_lock_interruptible(&tomoyo_policy_lock))
531 goto out;
532 entry = tomoyo_find_domain(domainname);
533 if (!entry) {
534 entry = tomoyo_commit_ok(&e, sizeof(e));
535 if (entry) {
536 INIT_LIST_HEAD(&entry->acl_info_list);
537 list_add_tail_rcu(&entry->list, &tomoyo_domain_list);
538 created = true;
539 }
540 }
541 mutex_unlock(&tomoyo_policy_lock);
542out:
543 tomoyo_put_name(e.domainname);
544 if (entry && transit) {
545 if (created) {
546 struct tomoyo_request_info r;
547 tomoyo_init_request_info(&r, entry,
548 TOMOYO_MAC_FILE_EXECUTE);
549 r.granted = false;
550 tomoyo_write_log(&r, "use_profile %u\n",
551 entry->profile);
552 tomoyo_write_log(&r, "use_group %u\n", entry->group);
553 }
554 }
555 return entry;
26a2a1c9
KT		 556}
557
558/**
559 * tomoyo_find_next_domain - Find a domain.
560 *
56f8c9bc 561 * @bprm: Pointer to "struct linux_binprm".
26a2a1c9
KT		 562 *
563 * Returns 0 on success, negative value otherwise.
fdb8ebb7
TH		 564 *
565 * Caller holds tomoyo_read_lock().
26a2a1c9 566 */
56f8c9bc 567int tomoyo_find_next_domain(struct linux_binprm *bprm)
26a2a1c9 568{
17fcfbd9 569 struct tomoyo_request_info r;
c8c57e84 570 char *tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
26a2a1c9
KT		 571 struct tomoyo_domain_info *old_domain = tomoyo_domain();
572 struct tomoyo_domain_info *domain = NULL;
26a2a1c9 573 const char *original_name = bprm->filename;
57c2590f
TH		 574 u8 mode;
575 bool is_enforce;
26a2a1c9 576 int retval = -ENOMEM;
c8c57e84 577 bool need_kfree = false;
bd03a3e4 578 bool reject_on_transition_failure = false;
c8c57e84 579 struct tomoyo_path_info rn = { }; /* real name */
26a2a1c9 580
57c2590f
TH		 581 mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE);
582 is_enforce = (mode == TOMOYO_CONFIG_ENFORCING);
26a2a1c9
KT		 583 if (!tmp)
584 goto out;
585
17fcfbd9 586 retry:
c8c57e84
TH		 587 if (need_kfree) {
588 kfree(rn.name);
589 need_kfree = false;
590 }
0617c7ff 591 /* Get symlink's pathname of program. */
26a2a1c9 592 retval = -ENOENT;
0617c7ff 593 rn.name = tomoyo_realpath_nofollow(original_name);
c8c57e84 594 if (!rn.name)
26a2a1c9 595 goto out;
c8c57e84
TH		 596 tomoyo_fill_path_info(&rn);
597 need_kfree = true;
598
1084307c
TH		 599 /* Check 'aggregator' directive. */
600 {
e2bf6907 601 struct tomoyo_aggregator *ptr;
bd03a3e4
TH		 602 struct list_head *list =
603 &old_domain->ns->policy_list[TOMOYO_ID_AGGREGATOR];
604 /* Check 'aggregator' directive. */
605 list_for_each_entry_rcu(ptr, list, head.list) {
82e0f001 606 if (ptr->head.is_deleted ||
1084307c
TH		 607 !tomoyo_path_matches_pattern(&rn,
608 ptr->original_name))
609 continue;
0617c7ff 610 kfree(rn.name);
1084307c
TH		 611 need_kfree = false;
612 /* This is OK because it is read only. */
613 rn = *ptr->aggregated_name;
614 break;
615 }
616 }
617
26a2a1c9 618 /* Check execute permission. */
05336dee 619 retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn);
17fcfbd9
TH		 620 if (retval == TOMOYO_RETRY_REQUEST)
621 goto retry;
26a2a1c9
KT		 622 if (retval < 0)
623 goto out;
484ca79c
TH		 624 /*
625 * To be able to specify domainnames with wildcards, use the
626 * pathname specified in the policy (which may contain
627 * wildcard) rather than the pathname passed to execve()
628 * (which never contains wildcard).
629 */
630 if (r.param.path.matched_path) {
631 if (need_kfree)
632 kfree(rn.name);
633 need_kfree = false;
634 /* This is OK because it is read only. */
635 rn = *r.param.path.matched_path;
636 }
26a2a1c9 637
5448ec4f 638 /* Calculate domain to transit to. */
bd03a3e4
TH		 639 switch (tomoyo_transition_type(old_domain->ns, old_domain->domainname,
640 &rn)) {
641 case TOMOYO_TRANSITION_CONTROL_RESET:
642 /* Transit to the root of specified namespace. */
643 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name);
644 /*
645 * Make do_execve() fail if domain transition across namespaces
646 * has failed.
647 */
648 reject_on_transition_failure = true;
649 break;
5448ec4f 650 case TOMOYO_TRANSITION_CONTROL_INITIALIZE:
bd03a3e4
TH		 651 /* Transit to the child of current namespace's root. */
652 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
653 old_domain->ns->name, rn.name);
5448ec4f
TH		 654 break;
655 case TOMOYO_TRANSITION_CONTROL_KEEP:
26a2a1c9
KT		 656 /* Keep current domain. */
657 domain = old_domain;
5448ec4f
TH		 658 break;
659 default:
660 if (old_domain == &tomoyo_kernel_domain &&
661 !tomoyo_policy_loaded) {
662 /*
663 * Needn't to transit from kernel domain before
664 * starting /sbin/init. But transit from kernel domain
665 * if executing initializers because they might start
666 * before /sbin/init.
667 */
668 domain = old_domain;
669 } else {
670 /* Normal domain transition. */
671 snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
672 old_domain->domainname->name, rn.name);
673 }
674 break;
26a2a1c9 675 }
7c75964f 676 if (!domain)
bd03a3e4 677 domain = tomoyo_assign_domain(tmp, true);
26a2a1c9 678 if (domain)
bd03a3e4
TH		 679 retval = 0;
680 else if (reject_on_transition_failure) {
681 printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n", tmp);
682 retval = -ENOMEM;
683 } else if (r.mode == TOMOYO_CONFIG_ENFORCING)
684 retval = -ENOMEM;
685 else {
686 retval = 0;
2c47ab93
TH		 687 if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) {
688 old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true;
bd03a3e4 689 r.granted = false;
2c47ab93
TH		 690 tomoyo_write_log(&r, "%s", tomoyo_dif
691 [TOMOYO_DIF_TRANSITION_FAILED]);
bd03a3e4
TH		 692 printk(KERN_WARNING
693 "ERROR: Domain '%s' not defined.\n", tmp);
694 }
695 }
26a2a1c9 696 out:
56f8c9bc
TH		 697 if (!domain)
698 domain = old_domain;
ec8e6a4e
TH		 699 /* Update reference count on "struct tomoyo_domain_info". */
700 atomic_inc(&domain->users);
56f8c9bc 701 bprm->cred->security = domain;
c8c57e84
TH		 702 if (need_kfree)
703 kfree(rn.name);
8e2d39a1 704 kfree(tmp);
26a2a1c9
KT		 705 return retval;
706}
Linux 6.x block layer and io_uring tree(s)