1 |
/* |
2 |
* lsm.c |
3 |
* |
4 |
* Copyright (C) 2010-2015 Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> |
5 |
* |
6 |
* Version: 1.0.38 2018/04/01 |
7 |
*/ |
8 |
|
9 |
#include "internal.h" |
10 |
#include "probe.h" |
11 |
|
12 |
/* Prototype definition. */ |
13 |
static int __ccs_alloc_task_security(const struct task_struct *task); |
14 |
static void __ccs_free_task_security(const struct task_struct *task); |
15 |
|
16 |
/* Dummy security context for avoiding NULL pointer dereference. */ |
17 |
static struct ccs_security ccs_oom_security = { |
18 |
.ccs_domain_info = &ccs_kernel_domain |
19 |
}; |
20 |
|
21 |
/* Dummy security context for avoiding NULL pointer dereference. */ |
22 |
static struct ccs_security ccs_default_security = { |
23 |
.ccs_domain_info = &ccs_kernel_domain |
24 |
}; |
25 |
|
26 |
/* List of "struct ccs_security". */ |
27 |
struct list_head ccs_task_security_list[CCS_MAX_TASK_SECURITY_HASH]; |
28 |
/* Lock for protecting ccs_task_security_list[]. */ |
29 |
static DEFINE_SPINLOCK(ccs_task_security_list_lock); |
30 |
|
31 |
/* For exporting variables and functions. */ |
32 |
struct ccsecurity_exports ccsecurity_exports; |
33 |
/* Members are updated by loadable kernel module. */ |
34 |
struct ccsecurity_operations ccsecurity_ops; |
35 |
|
36 |
/* Original hooks. */ |
37 |
static union security_list_options original_cred_prepare; |
38 |
static union security_list_options original_task_alloc; |
39 |
static union security_list_options original_task_free; |
40 |
|
41 |
#ifdef CONFIG_AKARI_TRACE_EXECVE_COUNT |
42 |
|
43 |
/** |
44 |
* ccs_update_ee_counter - Update "struct ccs_execve" counter. |
45 |
* |
46 |
* @count: Count to increment or decrement. |
47 |
* |
48 |
* Returns updated counter. |
49 |
*/ |
50 |
static unsigned int ccs_update_ee_counter(int count) |
51 |
{ |
52 |
/* Debug counter for detecting "struct ccs_execve" memory leak. */ |
53 |
static atomic_t ccs_ee_counter = ATOMIC_INIT(0); |
54 |
return atomic_add_return(count, &ccs_ee_counter); |
55 |
} |
56 |
|
57 |
/** |
58 |
* ccs_audit_alloc_execve - Audit allocation of "struct ccs_execve". |
59 |
* |
60 |
* @ee: Pointer to "struct ccs_execve". |
61 |
* |
62 |
* Returns nothing. |
63 |
*/ |
64 |
void ccs_audit_alloc_execve(const struct ccs_execve * const ee) |
65 |
{ |
66 |
printk(KERN_INFO "AKARI: Allocated %p by pid=%u (count=%u)\n", ee, |
67 |
current->pid, ccs_update_ee_counter(1) - 1); |
68 |
} |
69 |
|
70 |
/** |
71 |
* ccs_audit_free_execve - Audit release of "struct ccs_execve". |
72 |
* |
73 |
* @ee: Pointer to "struct ccs_execve". |
74 |
* @task: True if released by current task, false otherwise. |
75 |
* |
76 |
* Returns nothing. |
77 |
*/ |
78 |
void ccs_audit_free_execve(const struct ccs_execve * const ee, |
79 |
const bool is_current) |
80 |
{ |
81 |
const unsigned int tmp = ccs_update_ee_counter(-1); |
82 |
if (is_current) |
83 |
printk(KERN_INFO "AKARI: Releasing %p by pid=%u (count=%u)\n", |
84 |
ee, current->pid, tmp); |
85 |
else |
86 |
printk(KERN_INFO "AKARI: Releasing %p by kernel (count=%u)\n", |
87 |
ee, tmp); |
88 |
} |
89 |
|
90 |
#endif |
91 |
|
92 |
#if !defined(CONFIG_AKARI_DEBUG) |
93 |
#define ccs_debug_trace(pos) do { } while (0) |
94 |
#else |
95 |
#define ccs_debug_trace(pos) \ |
96 |
do { \ |
97 |
static bool done; \ |
98 |
if (!done) { \ |
99 |
printk(KERN_INFO \ |
100 |
"AKARI: Debug trace: " pos " of 2\n"); \ |
101 |
done = true; \ |
102 |
} \ |
103 |
} while (0) |
104 |
#endif |
105 |
|
106 |
/** |
107 |
* ccs_clear_execve - Release memory used by do_execve(). |
108 |
* |
109 |
* @ret: 0 if do_execve() succeeded, negative value otherwise. |
110 |
* @security: Pointer to "struct ccs_security". |
111 |
* |
112 |
* Returns nothing. |
113 |
*/ |
114 |
static void ccs_clear_execve(int ret, struct ccs_security *security) |
115 |
{ |
116 |
struct ccs_execve *ee = security->ee; |
117 |
if (security == &ccs_default_security || security == &ccs_oom_security |
118 |
|| !ee) |
119 |
return; |
120 |
security->ee = NULL; |
121 |
ccs_finish_execve(ret, ee); |
122 |
} |
123 |
|
124 |
/** |
125 |
* ccs_task_alloc_security - Allocate memory for new tasks. |
126 |
* |
127 |
* @p: Pointer to "struct task_struct". |
128 |
* @clone_flags: Flags passed to clone(). |
129 |
* |
130 |
* Returns 0 on success, negative value otherwise. |
131 |
*/ |
132 |
static int ccs_task_alloc_security(struct task_struct *p, |
133 |
unsigned long clone_flags) |
134 |
{ |
135 |
int rc = __ccs_alloc_task_security(p); |
136 |
if (rc) |
137 |
return rc; |
138 |
if (original_task_alloc.task_alloc) { |
139 |
rc = original_task_alloc.task_alloc(p, clone_flags); |
140 |
if (rc) |
141 |
__ccs_free_task_security(p); |
142 |
} |
143 |
return rc; |
144 |
} |
145 |
|
146 |
/** |
147 |
* ccs_task_free_security - Release memory for "struct task_struct". |
148 |
* |
149 |
* @p: Pointer to "struct task_struct". |
150 |
* |
151 |
* Returns nothing. |
152 |
*/ |
153 |
static void ccs_task_free_security(struct task_struct *p) |
154 |
{ |
155 |
struct ccs_security *ptr = ccs_find_task_security(p); |
156 |
struct ccs_execve *ee = ptr->ee; |
157 |
if (original_task_free.task_free) |
158 |
original_task_free.task_free(p); |
159 |
/* |
160 |
* Since an LSM hook for reverting domain transition is missing, |
161 |
* ccs_finish_execve() is not called if exited immediately after |
162 |
* execve() failed. |
163 |
*/ |
164 |
if (ee) { |
165 |
ccs_debug_trace("2"); |
166 |
ccs_audit_free_execve(ee, false); |
167 |
kfree(ee->handler_path); |
168 |
kfree(ee); |
169 |
ptr->ee = NULL; |
170 |
} |
171 |
__ccs_free_task_security(p); |
172 |
} |
173 |
|
174 |
/** |
175 |
* ccs_bprm_committing_creds - A hook which is called when do_execve() succeeded. |
176 |
* |
177 |
* @bprm: Pointer to "struct linux_binprm". |
178 |
* |
179 |
* Returns nothing. |
180 |
*/ |
181 |
static void ccs_bprm_committing_creds(struct linux_binprm *bprm) |
182 |
{ |
183 |
ccs_clear_execve(0, ccs_current_security()); |
184 |
} |
185 |
|
186 |
/** |
187 |
* ccs_cred_prepare - Allocate memory for new credentials. |
188 |
* |
189 |
* @new: Pointer to "struct cred". |
190 |
* @old: Pointer to "struct cred". |
191 |
* @gfp: Memory allocation flags. |
192 |
* |
193 |
* Returns 0 on success, negative value otherwise. |
194 |
*/ |
195 |
static int ccs_cred_prepare(struct cred *new, const struct cred *old, |
196 |
gfp_t gfp) |
197 |
{ |
198 |
/* |
199 |
* For checking whether reverting domain transition is needed or not. |
200 |
* |
201 |
* See ccs_find_task_security() for reason. |
202 |
*/ |
203 |
if (gfp == GFP_KERNEL) |
204 |
ccs_find_task_security(current); |
205 |
if (original_cred_prepare.cred_prepare) |
206 |
return original_cred_prepare.cred_prepare(new, old, gfp); |
207 |
return 0; |
208 |
} |
209 |
|
210 |
/** |
211 |
* ccs_bprm_check_security - Check permission for execve(). |
212 |
* |
213 |
* @bprm: Pointer to "struct linux_binprm". |
214 |
* |
215 |
* Returns 0 on success, negative value otherwise. |
216 |
*/ |
217 |
static int ccs_bprm_check_security(struct linux_binprm *bprm) |
218 |
{ |
219 |
struct ccs_security *security = ccs_current_security(); |
220 |
if (security == &ccs_default_security || security == &ccs_oom_security) |
221 |
return -ENOMEM; |
222 |
if (security->ee) |
223 |
return 0; |
224 |
#ifndef CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER |
225 |
if (!ccs_policy_loaded) |
226 |
ccs_load_policy(bprm->filename); |
227 |
#endif |
228 |
return ccs_start_execve(bprm, &security->ee); |
229 |
} |
230 |
|
231 |
/** |
232 |
* ccs_file_open - Check permission for open(). |
233 |
* |
234 |
* @f: Pointer to "struct file". |
235 |
* @cred: Pointer to "struct cred". |
236 |
* |
237 |
* Returns 0 on success, negative value otherwise. |
238 |
*/ |
239 |
static int ccs_file_open(struct file *f, const struct cred *cred) |
240 |
{ |
241 |
return ccs_open_permission(f); |
242 |
} |
243 |
|
244 |
#ifdef CONFIG_SECURITY_PATH |
245 |
|
246 |
/** |
247 |
* ccs_path_chown - Check permission for chown()/chgrp(). |
248 |
* |
249 |
* @path: Pointer to "struct path". |
250 |
* @user: User ID. |
251 |
* @group: Group ID. |
252 |
* |
253 |
* Returns 0 on success, negative value otherwise. |
254 |
*/ |
255 |
static int ccs_path_chown(const struct path *path, kuid_t user, kgid_t group) |
256 |
{ |
257 |
return ccs_chown_permission(path->dentry, path->mnt, user, group); |
258 |
} |
259 |
|
260 |
/** |
261 |
* ccs_path_chmod - Check permission for chmod(). |
262 |
* |
263 |
* @path: Pointer to "struct path". |
264 |
* @mode: Mode. |
265 |
* |
266 |
* Returns 0 on success, negative value otherwise. |
267 |
*/ |
268 |
static int ccs_path_chmod(const struct path *path, umode_t mode) |
269 |
{ |
270 |
return ccs_chmod_permission(path->dentry, path->mnt, mode); |
271 |
} |
272 |
|
273 |
/** |
274 |
* ccs_path_chroot - Check permission for chroot(). |
275 |
* |
276 |
* @path: Pointer to "struct path". |
277 |
* |
278 |
* Returns 0 on success, negative value otherwise. |
279 |
*/ |
280 |
static int ccs_path_chroot(const struct path *path) |
281 |
{ |
282 |
return ccs_chroot_permission(path); |
283 |
} |
284 |
|
285 |
/** |
286 |
* ccs_path_truncate - Check permission for truncate(). |
287 |
* |
288 |
* @path: Pointer to "struct path". |
289 |
* |
290 |
* Returns 0 on success, negative value otherwise. |
291 |
*/ |
292 |
static int ccs_path_truncate(const struct path *path) |
293 |
{ |
294 |
return ccs_truncate_permission(path->dentry, path->mnt); |
295 |
} |
296 |
|
297 |
#else |
298 |
|
299 |
/** |
300 |
* ccs_inode_setattr - Check permission for chown()/chgrp()/chmod()/truncate(). |
301 |
* |
302 |
* @dentry: Pointer to "struct dentry". |
303 |
* @attr: Pointer to "struct iattr". |
304 |
* |
305 |
* Returns 0 on success, negative value otherwise. |
306 |
*/ |
307 |
static int ccs_inode_setattr(struct dentry *dentry, struct iattr *attr) |
308 |
{ |
309 |
const int rc1 = (attr->ia_valid & ATTR_UID) ? |
310 |
ccs_chown_permission(dentry, NULL, attr->ia_uid, INVALID_GID) : |
311 |
0; |
312 |
const int rc2 = (attr->ia_valid & ATTR_GID) ? |
313 |
ccs_chown_permission(dentry, NULL, INVALID_UID, attr->ia_gid) : |
314 |
0; |
315 |
const int rc3 = (attr->ia_valid & ATTR_MODE) ? |
316 |
ccs_chmod_permission(dentry, NULL, attr->ia_mode) : 0; |
317 |
const int rc4 = (attr->ia_valid & ATTR_SIZE) ? |
318 |
ccs_truncate_permission(dentry, NULL) : 0; |
319 |
if (rc4) |
320 |
return rc4; |
321 |
if (rc3) |
322 |
return rc3; |
323 |
if (rc2) |
324 |
return rc2; |
325 |
return rc1; |
326 |
} |
327 |
|
328 |
#endif |
329 |
|
330 |
/** |
331 |
* ccs_inode_getattr - Check permission for stat(). |
332 |
* |
333 |
* @path: Pointer to "struct path". |
334 |
* |
335 |
* Returns 0 on success, negative value otherwise. |
336 |
*/ |
337 |
static int ccs_inode_getattr(const struct path *path) |
338 |
{ |
339 |
return ccs_getattr_permission(path->mnt, path->dentry); |
340 |
} |
341 |
|
342 |
#ifdef CONFIG_SECURITY_PATH |
343 |
|
344 |
/** |
345 |
* ccs_path_mknod - Check permission for mknod(). |
346 |
* |
347 |
* @dir: Pointer to "struct path". |
348 |
* @dentry: Pointer to "struct dentry". |
349 |
* @mode: Create mode. |
350 |
* @dev: Device major/minor number. |
351 |
* |
352 |
* Returns 0 on success, negative value otherwise. |
353 |
*/ |
354 |
static int ccs_path_mknod(const struct path *dir, struct dentry *dentry, |
355 |
umode_t mode, unsigned int dev) |
356 |
{ |
357 |
return ccs_mknod_permission(dentry, dir->mnt, mode, dev); |
358 |
} |
359 |
|
360 |
/** |
361 |
* ccs_path_mkdir - Check permission for mkdir(). |
362 |
* |
363 |
* @dir: Pointer to "struct path". |
364 |
* @dentry: Pointer to "struct dentry". |
365 |
* @mode: Create mode. |
366 |
* |
367 |
* Returns 0 on success, negative value otherwise. |
368 |
*/ |
369 |
static int ccs_path_mkdir(const struct path *dir, struct dentry *dentry, |
370 |
umode_t mode) |
371 |
{ |
372 |
return ccs_mkdir_permission(dentry, dir->mnt, mode); |
373 |
} |
374 |
|
375 |
/** |
376 |
* ccs_path_rmdir - Check permission for rmdir(). |
377 |
* |
378 |
* @dir: Pointer to "struct path". |
379 |
* @dentry: Pointer to "struct dentry". |
380 |
* |
381 |
* Returns 0 on success, negative value otherwise. |
382 |
*/ |
383 |
static int ccs_path_rmdir(const struct path *dir, struct dentry *dentry) |
384 |
{ |
385 |
return ccs_rmdir_permission(dentry, dir->mnt); |
386 |
} |
387 |
|
388 |
/** |
389 |
* ccs_path_unlink - Check permission for unlink(). |
390 |
* |
391 |
* @dir: Pointer to "struct path". |
392 |
* @dentry: Pointer to "struct dentry". |
393 |
* |
394 |
* Returns 0 on success, negative value otherwise. |
395 |
*/ |
396 |
static int ccs_path_unlink(const struct path *dir, struct dentry *dentry) |
397 |
{ |
398 |
return ccs_unlink_permission(dentry, dir->mnt); |
399 |
} |
400 |
|
401 |
/** |
402 |
* ccs_path_symlink - Check permission for symlink(). |
403 |
* |
404 |
* @dir: Pointer to "struct path". |
405 |
* @dentry: Pointer to "struct dentry". |
406 |
* @old_name: Content of symbolic link. |
407 |
* |
408 |
* Returns 0 on success, negative value otherwise. |
409 |
*/ |
410 |
static int ccs_path_symlink(const struct path *dir, struct dentry *dentry, |
411 |
const char *old_name) |
412 |
{ |
413 |
return ccs_symlink_permission(dentry, dir->mnt, old_name); |
414 |
} |
415 |
|
416 |
/** |
417 |
* ccs_path_rename - Check permission for rename(). |
418 |
* |
419 |
* @old_dir: Pointer to "struct path". |
420 |
* @old_dentry: Pointer to "struct dentry". |
421 |
* @new_dir: Pointer to "struct path". |
422 |
* @new_dentry: Pointer to "struct dentry". |
423 |
* |
424 |
* Returns 0 on success, negative value otherwise. |
425 |
*/ |
426 |
static int ccs_path_rename(const struct path *old_dir, |
427 |
struct dentry *old_dentry, |
428 |
const struct path *new_dir, |
429 |
struct dentry *new_dentry) |
430 |
{ |
431 |
return ccs_rename_permission(old_dentry, new_dentry, old_dir->mnt); |
432 |
} |
433 |
|
434 |
/** |
435 |
* ccs_path_link - Check permission for link(). |
436 |
* |
437 |
* @old_dentry: Pointer to "struct dentry". |
438 |
* @new_dir: Pointer to "struct path". |
439 |
* @new_dentry: Pointer to "struct dentry". |
440 |
* |
441 |
* Returns 0 on success, negative value otherwise. |
442 |
*/ |
443 |
static int ccs_path_link(struct dentry *old_dentry, const struct path *new_dir, |
444 |
struct dentry *new_dentry) |
445 |
{ |
446 |
return ccs_link_permission(old_dentry, new_dentry, new_dir->mnt); |
447 |
} |
448 |
|
449 |
#else |
450 |
|
451 |
/** |
452 |
* ccs_inode_mknod - Check permission for mknod(). |
453 |
* |
454 |
* @dir: Pointer to "struct inode". |
455 |
* @dentry: Pointer to "struct dentry". |
456 |
* @mode: Create mode. |
457 |
* @dev: Device major/minor number. |
458 |
* |
459 |
* Returns 0 on success, negative value otherwise. |
460 |
*/ |
461 |
static int ccs_inode_mknod(struct inode *dir, struct dentry *dentry, |
462 |
umode_t mode, dev_t dev) |
463 |
{ |
464 |
return ccs_mknod_permission(dentry, NULL, mode, dev); |
465 |
} |
466 |
|
467 |
/** |
468 |
* ccs_inode_mkdir - Check permission for mkdir(). |
469 |
* |
470 |
* @dir: Pointer to "struct inode". |
471 |
* @dentry: Pointer to "struct dentry". |
472 |
* @mode: Create mode. |
473 |
* |
474 |
* Returns 0 on success, negative value otherwise. |
475 |
*/ |
476 |
static int ccs_inode_mkdir(struct inode *dir, struct dentry *dentry, |
477 |
umode_t mode) |
478 |
{ |
479 |
return ccs_mkdir_permission(dentry, NULL, mode); |
480 |
} |
481 |
|
482 |
/** |
483 |
* ccs_inode_rmdir - Check permission for rmdir(). |
484 |
* |
485 |
* @dir: Pointer to "struct inode". |
486 |
* @dentry: Pointer to "struct dentry". |
487 |
* |
488 |
* Returns 0 on success, negative value otherwise. |
489 |
*/ |
490 |
static int ccs_inode_rmdir(struct inode *dir, struct dentry *dentry) |
491 |
{ |
492 |
return ccs_rmdir_permission(dentry, NULL); |
493 |
} |
494 |
|
495 |
/** |
496 |
* ccs_inode_unlink - Check permission for unlink(). |
497 |
* |
498 |
* @dir: Pointer to "struct inode". |
499 |
* @dentry: Pointer to "struct dentry". |
500 |
* |
501 |
* Returns 0 on success, negative value otherwise. |
502 |
*/ |
503 |
static int ccs_inode_unlink(struct inode *dir, struct dentry *dentry) |
504 |
{ |
505 |
return ccs_unlink_permission(dentry, NULL); |
506 |
} |
507 |
|
508 |
/** |
509 |
* ccs_inode_symlink - Check permission for symlink(). |
510 |
* |
511 |
* @dir: Pointer to "struct inode". |
512 |
* @dentry: Pointer to "struct dentry". |
513 |
* @old_name: Content of symbolic link. |
514 |
* |
515 |
* Returns 0 on success, negative value otherwise. |
516 |
*/ |
517 |
static int ccs_inode_symlink(struct inode *dir, struct dentry *dentry, |
518 |
const char *old_name) |
519 |
{ |
520 |
return ccs_symlink_permission(dentry, NULL, old_name); |
521 |
} |
522 |
|
523 |
/** |
524 |
* ccs_inode_rename - Check permission for rename(). |
525 |
* |
526 |
* @old_dir: Pointer to "struct inode". |
527 |
* @old_dentry: Pointer to "struct dentry". |
528 |
* @new_dir: Pointer to "struct inode". |
529 |
* @new_dentry: Pointer to "struct dentry". |
530 |
* |
531 |
* Returns 0 on success, negative value otherwise. |
532 |
*/ |
533 |
static int ccs_inode_rename(struct inode *old_dir, struct dentry *old_dentry, |
534 |
struct inode *new_dir, struct dentry *new_dentry) |
535 |
{ |
536 |
return ccs_rename_permission(old_dentry, new_dentry, NULL); |
537 |
} |
538 |
|
539 |
/** |
540 |
* ccs_inode_link - Check permission for link(). |
541 |
* |
542 |
* @old_dentry: Pointer to "struct dentry". |
543 |
* @dir: Pointer to "struct inode". |
544 |
* @new_dentry: Pointer to "struct dentry". |
545 |
* |
546 |
* Returns 0 on success, negative value otherwise. |
547 |
*/ |
548 |
static int ccs_inode_link(struct dentry *old_dentry, struct inode *dir, |
549 |
struct dentry *new_dentry) |
550 |
{ |
551 |
return ccs_link_permission(old_dentry, new_dentry, NULL); |
552 |
} |
553 |
|
554 |
/** |
555 |
* ccs_inode_create - Check permission for creat(). |
556 |
* |
557 |
* @dir: Pointer to "struct inode". |
558 |
* @dentry: Pointer to "struct dentry". |
559 |
* @mode: Create mode. |
560 |
* |
561 |
* Returns 0 on success, negative value otherwise. |
562 |
*/ |
563 |
static int ccs_inode_create(struct inode *dir, struct dentry *dentry, |
564 |
umode_t mode) |
565 |
{ |
566 |
return ccs_mknod_permission(dentry, NULL, mode, 0); |
567 |
} |
568 |
|
569 |
#endif |
570 |
|
571 |
#ifdef CONFIG_SECURITY_NETWORK |
572 |
|
573 |
#include <net/sock.h> |
574 |
|
575 |
/* Structure for remembering an accept()ed socket's status. */ |
576 |
struct ccs_socket_tag { |
577 |
struct list_head list; |
578 |
struct inode *inode; |
579 |
int status; |
580 |
struct rcu_head rcu; |
581 |
}; |
582 |
|
583 |
/* |
584 |
* List for managing accept()ed sockets. |
585 |
* Since we don't need to keep an accept()ed socket into this list after |
586 |
* once the permission was granted, the number of entries in this list is |
587 |
* likely small. Therefore, we don't use hash tables. |
588 |
*/ |
589 |
static LIST_HEAD(ccs_accepted_socket_list); |
590 |
/* Lock for protecting ccs_accepted_socket_list . */ |
591 |
static DEFINE_SPINLOCK(ccs_accepted_socket_list_lock); |
592 |
|
593 |
/** |
594 |
* ccs_update_socket_tag - Update tag associated with accept()ed sockets. |
595 |
* |
596 |
* @inode: Pointer to "struct inode". |
597 |
* @status: New status. |
598 |
* |
599 |
* Returns nothing. |
600 |
* |
601 |
* If @status == 0, memory for that socket will be released after RCU grace |
602 |
* period. |
603 |
*/ |
604 |
static void ccs_update_socket_tag(struct inode *inode, int status) |
605 |
{ |
606 |
struct ccs_socket_tag *ptr; |
607 |
/* |
608 |
* Protect whole section because multiple threads may call this |
609 |
* function with same "sock" via ccs_validate_socket(). |
610 |
*/ |
611 |
spin_lock(&ccs_accepted_socket_list_lock); |
612 |
rcu_read_lock(); |
613 |
list_for_each_entry_rcu(ptr, &ccs_accepted_socket_list, list) { |
614 |
if (ptr->inode != inode) |
615 |
continue; |
616 |
ptr->status = status; |
617 |
if (status) |
618 |
break; |
619 |
list_del_rcu(&ptr->list); |
620 |
kfree_rcu(ptr, rcu); |
621 |
break; |
622 |
} |
623 |
rcu_read_unlock(); |
624 |
spin_unlock(&ccs_accepted_socket_list_lock); |
625 |
} |
626 |
|
627 |
/** |
628 |
* ccs_validate_socket - Check post accept() permission if needed. |
629 |
* |
630 |
* @sock: Pointer to "struct socket". |
631 |
* |
632 |
* Returns 0 on success, negative value otherwise. |
633 |
*/ |
634 |
static int ccs_validate_socket(struct socket *sock) |
635 |
{ |
636 |
struct inode *inode = SOCK_INODE(sock); |
637 |
struct ccs_socket_tag *ptr; |
638 |
int ret = 0; |
639 |
rcu_read_lock(); |
640 |
list_for_each_entry_rcu(ptr, &ccs_accepted_socket_list, list) { |
641 |
if (ptr->inode != inode) |
642 |
continue; |
643 |
ret = ptr->status; |
644 |
break; |
645 |
} |
646 |
rcu_read_unlock(); |
647 |
if (ret <= 0) |
648 |
/* |
649 |
* This socket is not an accept()ed socket or this socket is |
650 |
* an accept()ed socket and post accept() permission is done. |
651 |
*/ |
652 |
return ret; |
653 |
/* |
654 |
* Check post accept() permission now. |
655 |
* |
656 |
* Strictly speaking, we need to pass both listen()ing socket and |
657 |
* accept()ed socket to __ccs_socket_post_accept_permission(). |
658 |
* But since socket's family and type are same for both sockets, |
659 |
* passing the accept()ed socket in place for the listen()ing socket |
660 |
* will work. |
661 |
*/ |
662 |
ret = ccs_socket_post_accept_permission(sock, sock); |
663 |
/* |
664 |
* If permission was granted, we forget that this is an accept()ed |
665 |
* socket. Otherwise, we remember that this socket needs to return |
666 |
* error for subsequent socketcalls. |
667 |
*/ |
668 |
ccs_update_socket_tag(inode, ret); |
669 |
return ret; |
670 |
} |
671 |
|
672 |
/** |
673 |
* ccs_socket_accept - Check permission for accept(). |
674 |
* |
675 |
* @sock: Pointer to "struct socket". |
676 |
* @newsock: Pointer to "struct socket". |
677 |
* |
678 |
* Returns 0 on success, negative value otherwise. |
679 |
* |
680 |
* This hook is used for setting up environment for doing post accept() |
681 |
* permission check. If dereferencing sock->ops->something() were ordered by |
682 |
* rcu_dereference(), we could replace sock->ops with "a copy of original |
683 |
* sock->ops with modified sock->ops->accept()" using rcu_assign_pointer() |
684 |
* in order to do post accept() permission check before returning to userspace. |
685 |
* If we make the copy in security_socket_post_create(), it would be possible |
686 |
* to safely replace sock->ops here, but we don't do so because we don't want |
687 |
* to allocate memory for sockets which do not call sock->ops->accept(). |
688 |
* Therefore, we do post accept() permission check upon next socket syscalls |
689 |
* rather than between sock->ops->accept() and returning to userspace. |
690 |
* This means that if a socket was close()d before calling some socket |
691 |
* syscalls, post accept() permission check will not be done. |
692 |
*/ |
693 |
static int ccs_socket_accept(struct socket *sock, struct socket *newsock) |
694 |
{ |
695 |
struct ccs_socket_tag *ptr; |
696 |
const int rc = ccs_validate_socket(sock); |
697 |
if (rc < 0) |
698 |
return rc; |
699 |
ptr = kzalloc(sizeof(*ptr), GFP_KERNEL); |
700 |
if (!ptr) |
701 |
return -ENOMEM; |
702 |
/* |
703 |
* Subsequent LSM hooks will receive "newsock". Therefore, I mark |
704 |
* "newsock" as "an accept()ed socket but post accept() permission |
705 |
* check is not done yet" by allocating memory using inode of the |
706 |
* "newsock" as a search key. |
707 |
*/ |
708 |
ptr->inode = SOCK_INODE(newsock); |
709 |
ptr->status = 1; /* Check post accept() permission later. */ |
710 |
spin_lock(&ccs_accepted_socket_list_lock); |
711 |
list_add_tail_rcu(&ptr->list, &ccs_accepted_socket_list); |
712 |
spin_unlock(&ccs_accepted_socket_list_lock); |
713 |
return 0; |
714 |
} |
715 |
|
716 |
/** |
717 |
* ccs_socket_listen - Check permission for listen(). |
718 |
* |
719 |
* @sock: Pointer to "struct socket". |
720 |
* @backlog: Backlog parameter. |
721 |
* |
722 |
* Returns 0 on success, negative value otherwise. |
723 |
*/ |
724 |
static int ccs_socket_listen(struct socket *sock, int backlog) |
725 |
{ |
726 |
const int rc = ccs_validate_socket(sock); |
727 |
if (rc < 0) |
728 |
return rc; |
729 |
return ccs_socket_listen_permission(sock); |
730 |
} |
731 |
|
732 |
/** |
733 |
* ccs_socket_connect - Check permission for connect(). |
734 |
* |
735 |
* @sock: Pointer to "struct socket". |
736 |
* @addr: Pointer to "struct sockaddr". |
737 |
* @addr_len: Size of @addr. |
738 |
* |
739 |
* Returns 0 on success, negative value otherwise. |
740 |
*/ |
741 |
static int ccs_socket_connect(struct socket *sock, struct sockaddr *addr, |
742 |
int addr_len) |
743 |
{ |
744 |
const int rc = ccs_validate_socket(sock); |
745 |
if (rc < 0) |
746 |
return rc; |
747 |
return ccs_socket_connect_permission(sock, addr, addr_len); |
748 |
} |
749 |
|
750 |
/** |
751 |
* ccs_socket_bind - Check permission for bind(). |
752 |
* |
753 |
* @sock: Pointer to "struct socket". |
754 |
* @addr: Pointer to "struct sockaddr". |
755 |
* @addr_len: Size of @addr. |
756 |
* |
757 |
* Returns 0 on success, negative value otherwise. |
758 |
*/ |
759 |
static int ccs_socket_bind(struct socket *sock, struct sockaddr *addr, |
760 |
int addr_len) |
761 |
{ |
762 |
const int rc = ccs_validate_socket(sock); |
763 |
if (rc < 0) |
764 |
return rc; |
765 |
return ccs_socket_bind_permission(sock, addr, addr_len); |
766 |
} |
767 |
|
768 |
/** |
769 |
* ccs_socket_sendmsg - Check permission for sendmsg(). |
770 |
* |
771 |
* @sock: Pointer to "struct socket". |
772 |
* @msg: Pointer to "struct msghdr". |
773 |
* @size: Size of message. |
774 |
* |
775 |
* Returns 0 on success, negative value otherwise. |
776 |
*/ |
777 |
static int ccs_socket_sendmsg(struct socket *sock, struct msghdr *msg, |
778 |
int size) |
779 |
{ |
780 |
const int rc = ccs_validate_socket(sock); |
781 |
if (rc < 0) |
782 |
return rc; |
783 |
return ccs_socket_sendmsg_permission(sock, msg, size); |
784 |
} |
785 |
|
786 |
/** |
787 |
* ccs_socket_recvmsg - Check permission for recvmsg(). |
788 |
* |
789 |
* @sock: Pointer to "struct socket". |
790 |
* @msg: Pointer to "struct msghdr". |
791 |
* @size: Size of message. |
792 |
* @flags: Flags. |
793 |
* |
794 |
* Returns 0 on success, negative value otherwise. |
795 |
*/ |
796 |
static int ccs_socket_recvmsg(struct socket *sock, struct msghdr *msg, |
797 |
int size, int flags) |
798 |
{ |
799 |
return ccs_validate_socket(sock); |
800 |
} |
801 |
|
802 |
/** |
803 |
* ccs_socket_getsockname - Check permission for getsockname(). |
804 |
* |
805 |
* @sock: Pointer to "struct socket". |
806 |
* |
807 |
* Returns 0 on success, negative value otherwise. |
808 |
*/ |
809 |
static int ccs_socket_getsockname(struct socket *sock) |
810 |
{ |
811 |
return ccs_validate_socket(sock); |
812 |
} |
813 |
|
814 |
/** |
815 |
* ccs_socket_getpeername - Check permission for getpeername(). |
816 |
* |
817 |
* @sock: Pointer to "struct socket". |
818 |
* |
819 |
* Returns 0 on success, negative value otherwise. |
820 |
*/ |
821 |
static int ccs_socket_getpeername(struct socket *sock) |
822 |
{ |
823 |
return ccs_validate_socket(sock); |
824 |
} |
825 |
|
826 |
/** |
827 |
* ccs_socket_getsockopt - Check permission for getsockopt(). |
828 |
* |
829 |
* @sock: Pointer to "struct socket". |
830 |
* @level: Level. |
831 |
* @optname: Option's name, |
832 |
* |
833 |
* Returns 0 on success, negative value otherwise. |
834 |
*/ |
835 |
static int ccs_socket_getsockopt(struct socket *sock, int level, int optname) |
836 |
{ |
837 |
return ccs_validate_socket(sock); |
838 |
} |
839 |
|
840 |
/** |
841 |
* ccs_socket_setsockopt - Check permission for setsockopt(). |
842 |
* |
843 |
* @sock: Pointer to "struct socket". |
844 |
* @level: Level. |
845 |
* @optname: Option's name, |
846 |
* |
847 |
* Returns 0 on success, negative value otherwise. |
848 |
*/ |
849 |
static int ccs_socket_setsockopt(struct socket *sock, int level, int optname) |
850 |
{ |
851 |
return ccs_validate_socket(sock); |
852 |
} |
853 |
|
854 |
/** |
855 |
* ccs_socket_shutdown - Check permission for shutdown(). |
856 |
* |
857 |
* @sock: Pointer to "struct socket". |
858 |
* @how: Shutdown mode. |
859 |
* |
860 |
* Returns 0 on success, negative value otherwise. |
861 |
*/ |
862 |
static int ccs_socket_shutdown(struct socket *sock, int how) |
863 |
{ |
864 |
return ccs_validate_socket(sock); |
865 |
} |
866 |
|
867 |
#define SOCKFS_MAGIC 0x534F434B |
868 |
|
869 |
/** |
870 |
* ccs_inode_free_security - Release memory associated with an inode. |
871 |
* |
872 |
* @inode: Pointer to "struct inode". |
873 |
* |
874 |
* Returns nothing. |
875 |
* |
876 |
* We use this hook for releasing memory associated with an accept()ed socket. |
877 |
*/ |
878 |
static void ccs_inode_free_security(struct inode *inode) |
879 |
{ |
880 |
if (inode->i_sb && inode->i_sb->s_magic == SOCKFS_MAGIC) |
881 |
ccs_update_socket_tag(inode, 0); |
882 |
} |
883 |
|
884 |
#endif |
885 |
|
886 |
/** |
887 |
* ccs_sb_pivotroot - Check permission for pivot_root(). |
888 |
* |
889 |
* @old_path: Pointer to "struct path". |
890 |
* @new_path: Pointer to "struct path". |
891 |
* |
892 |
* Returns 0 on success, negative value otherwise. |
893 |
*/ |
894 |
static int ccs_sb_pivotroot(const struct path *old_path, |
895 |
const struct path *new_path) |
896 |
{ |
897 |
return ccs_pivot_root_permission(old_path, new_path); |
898 |
} |
899 |
|
900 |
/** |
901 |
* ccs_sb_mount - Check permission for mount(). |
902 |
* |
903 |
* @dev_name: Name of device file. |
904 |
* @path: Pointer to "struct path". |
905 |
* @type: Name of filesystem type. Maybe NULL. |
906 |
* @flags: Mount options. |
907 |
* @data_page: Optional data. Maybe NULL. |
908 |
* |
909 |
* Returns 0 on success, negative value otherwise. |
910 |
*/ |
911 |
static int ccs_sb_mount(const char *dev_name, const struct path *path, |
912 |
const char *type, unsigned long flags, void *data_page) |
913 |
{ |
914 |
return ccs_mount_permission(dev_name, path, type, flags, data_page); |
915 |
} |
916 |
|
917 |
/** |
918 |
* ccs_sb_umount - Check permission for umount(). |
919 |
* |
920 |
* @mnt: Pointer to "struct vfsmount". |
921 |
* @flags: Unmount flags. |
922 |
* |
923 |
* Returns 0 on success, negative value otherwise. |
924 |
*/ |
925 |
static int ccs_sb_umount(struct vfsmount *mnt, int flags) |
926 |
{ |
927 |
return ccs_umount_permission(mnt, flags); |
928 |
} |
929 |
|
930 |
/** |
931 |
* ccs_file_fcntl - Check permission for fcntl(). |
932 |
* |
933 |
* @file: Pointer to "struct file". |
934 |
* @cmd: Command number. |
935 |
* @arg: Value for @cmd. |
936 |
* |
937 |
* Returns 0 on success, negative value otherwise. |
938 |
*/ |
939 |
static int ccs_file_fcntl(struct file *file, unsigned int cmd, |
940 |
unsigned long arg) |
941 |
{ |
942 |
return ccs_fcntl_permission(file, cmd, arg); |
943 |
} |
944 |
|
945 |
/** |
946 |
* ccs_file_ioctl - Check permission for ioctl(). |
947 |
* |
948 |
* @filp: Pointer to "struct file". |
949 |
* @cmd: Command number. |
950 |
* @arg: Value for @cmd. |
951 |
* |
952 |
* Returns 0 on success, negative value otherwise. |
953 |
*/ |
954 |
static int ccs_file_ioctl(struct file *filp, unsigned int cmd, |
955 |
unsigned long arg) |
956 |
{ |
957 |
return ccs_ioctl_permission(filp, cmd, arg); |
958 |
} |
959 |
|
960 |
#define MY_HOOK_INIT(HEAD, HOOK) \ |
961 |
{ .head = &probe_dummy_security_hook_heads.HEAD, \ |
962 |
.hook = { .HEAD = HOOK } } |
963 |
|
964 |
static struct security_hook_list akari_hooks[] = { |
965 |
/* Security context allocator. */ |
966 |
MY_HOOK_INIT(task_free, ccs_task_free_security), |
967 |
MY_HOOK_INIT(cred_prepare, ccs_cred_prepare), |
968 |
MY_HOOK_INIT(task_alloc, ccs_task_alloc_security), |
969 |
/* Security context updater for successful execve(). */ |
970 |
MY_HOOK_INIT(bprm_check_security, ccs_bprm_check_security), |
971 |
MY_HOOK_INIT(bprm_committing_creds, ccs_bprm_committing_creds), |
972 |
/* Various permission checker. */ |
973 |
MY_HOOK_INIT(file_open, ccs_file_open), |
974 |
MY_HOOK_INIT(file_fcntl, ccs_file_fcntl), |
975 |
MY_HOOK_INIT(file_ioctl, ccs_file_ioctl), |
976 |
MY_HOOK_INIT(sb_pivotroot, ccs_sb_pivotroot), |
977 |
MY_HOOK_INIT(sb_mount, ccs_sb_mount), |
978 |
MY_HOOK_INIT(sb_umount, ccs_sb_umount), |
979 |
#ifdef CONFIG_SECURITY_PATH |
980 |
MY_HOOK_INIT(path_mknod, ccs_path_mknod), |
981 |
MY_HOOK_INIT(path_mkdir, ccs_path_mkdir), |
982 |
MY_HOOK_INIT(path_rmdir, ccs_path_rmdir), |
983 |
MY_HOOK_INIT(path_unlink, ccs_path_unlink), |
984 |
MY_HOOK_INIT(path_symlink, ccs_path_symlink), |
985 |
MY_HOOK_INIT(path_rename, ccs_path_rename), |
986 |
MY_HOOK_INIT(path_link, ccs_path_link), |
987 |
MY_HOOK_INIT(path_truncate, ccs_path_truncate), |
988 |
MY_HOOK_INIT(path_chmod, ccs_path_chmod), |
989 |
MY_HOOK_INIT(path_chown, ccs_path_chown), |
990 |
MY_HOOK_INIT(path_chroot, ccs_path_chroot), |
991 |
#else |
992 |
MY_HOOK_INIT(inode_mknod, ccs_inode_mknod), |
993 |
MY_HOOK_INIT(inode_mkdir, ccs_inode_mkdir), |
994 |
MY_HOOK_INIT(inode_rmdir, ccs_inode_rmdir), |
995 |
MY_HOOK_INIT(inode_unlink, ccs_inode_unlink), |
996 |
MY_HOOK_INIT(inode_symlink, ccs_inode_symlink), |
997 |
MY_HOOK_INIT(inode_rename, ccs_inode_rename), |
998 |
MY_HOOK_INIT(inode_link, ccs_inode_link), |
999 |
MY_HOOK_INIT(inode_create, ccs_inode_create), |
1000 |
MY_HOOK_INIT(inode_setattr, ccs_inode_setattr), |
1001 |
#endif |
1002 |
MY_HOOK_INIT(inode_getattr, ccs_inode_getattr), |
1003 |
#ifdef CONFIG_SECURITY_NETWORK |
1004 |
MY_HOOK_INIT(socket_bind, ccs_socket_bind), |
1005 |
MY_HOOK_INIT(socket_connect, ccs_socket_connect), |
1006 |
MY_HOOK_INIT(socket_listen, ccs_socket_listen), |
1007 |
MY_HOOK_INIT(socket_sendmsg, ccs_socket_sendmsg), |
1008 |
MY_HOOK_INIT(socket_recvmsg, ccs_socket_recvmsg), |
1009 |
MY_HOOK_INIT(socket_getsockname, ccs_socket_getsockname), |
1010 |
MY_HOOK_INIT(socket_getpeername, ccs_socket_getpeername), |
1011 |
MY_HOOK_INIT(socket_getsockopt, ccs_socket_getsockopt), |
1012 |
MY_HOOK_INIT(socket_setsockopt, ccs_socket_setsockopt), |
1013 |
MY_HOOK_INIT(socket_shutdown, ccs_socket_shutdown), |
1014 |
MY_HOOK_INIT(socket_accept, ccs_socket_accept), |
1015 |
MY_HOOK_INIT(inode_free_security, ccs_inode_free_security), |
1016 |
#endif |
1017 |
}; |
1018 |
|
1019 |
static inline void add_hook(struct security_hook_list *hook) |
1020 |
{ |
1021 |
list_add_tail_rcu(&hook->list, hook->head); |
1022 |
} |
1023 |
|
1024 |
static void __init swap_hook(struct security_hook_list *hook, |
1025 |
union security_list_options *original) |
1026 |
{ |
1027 |
struct list_head *list = hook->head; |
1028 |
if (list_empty(list)) { |
1029 |
add_hook(hook); |
1030 |
} else { |
1031 |
struct security_hook_list *shp = |
1032 |
list_last_entry(list, struct security_hook_list, list); |
1033 |
*original = shp->hook; |
1034 |
smp_wmb(); |
1035 |
shp->hook = hook->hook; |
1036 |
} |
1037 |
} |
1038 |
|
1039 |
#if defined(CONFIG_STRICT_KERNEL_RWX) && !defined(SECURITY_WRITABLE_HOOKS) |
1040 |
#include <linux/uaccess.h> /* probe_kernel_write() */ |
1041 |
#define NEED_TO_CHECK_HOOKS_ARE_WRITABLE |
1042 |
|
1043 |
#if defined(CONFIG_X86) |
1044 |
#define MAX_RO_PAGES 1024 |
1045 |
static struct page *ro_pages[MAX_RO_PAGES] __initdata; |
1046 |
static unsigned int ro_pages_len __initdata; |
1047 |
|
1048 |
static bool __init lsm_test_page_ro(void *addr) |
1049 |
{ |
1050 |
unsigned int i; |
1051 |
int unused; |
1052 |
struct page *page; |
1053 |
|
1054 |
page = (struct page *) lookup_address((unsigned long) addr, &unused); |
1055 |
if (!page) |
1056 |
return false; |
1057 |
if (test_bit(_PAGE_BIT_RW, &(page->flags))) |
1058 |
return true; |
1059 |
for (i = 0; i < ro_pages_len; i++) |
1060 |
if (page == ro_pages[i]) |
1061 |
return true; |
1062 |
if (ro_pages_len == MAX_RO_PAGES) |
1063 |
return false; |
1064 |
ro_pages[ro_pages_len++] = page; |
1065 |
return true; |
1066 |
} |
1067 |
|
1068 |
static bool __init check_ro_pages(struct security_hook_heads *hooks) |
1069 |
{ |
1070 |
int i; |
1071 |
struct list_head *list = &hooks->capable; |
1072 |
|
1073 |
if (!probe_kernel_write(list, list, sizeof(void *))) |
1074 |
return true; |
1075 |
for (i = 0; i < ARRAY_SIZE(akari_hooks); i++) { |
1076 |
struct list_head *head = akari_hooks[i].head; |
1077 |
struct security_hook_list *shp; |
1078 |
|
1079 |
if (!lsm_test_page_ro(&head->next) || |
1080 |
!lsm_test_page_ro(&head->prev)) |
1081 |
return false; |
1082 |
list_for_each_entry(shp, head, list) |
1083 |
if (!lsm_test_page_ro(&shp->list.next) || |
1084 |
!lsm_test_page_ro(&shp->list.prev)) |
1085 |
return false; |
1086 |
} |
1087 |
return true; |
1088 |
} |
1089 |
#else |
1090 |
static bool __init check_ro_pages(struct security_hook_heads *hooks) |
1091 |
{ |
1092 |
struct list_head *list = &hooks->capable; |
1093 |
|
1094 |
return !probe_kernel_write(list, list, sizeof(void *)); |
1095 |
} |
1096 |
#endif |
1097 |
#endif |
1098 |
|
1099 |
/** |
1100 |
* ccs_init - Initialize this module. |
1101 |
* |
1102 |
* Returns 0 on success, negative value otherwise. |
1103 |
*/ |
1104 |
static int __init ccs_init(void) |
1105 |
{ |
1106 |
int idx; |
1107 |
struct security_hook_heads *hooks = probe_security_hook_heads(); |
1108 |
if (!hooks) |
1109 |
goto out; |
1110 |
for (idx = 0; idx < ARRAY_SIZE(akari_hooks); idx++) |
1111 |
akari_hooks[idx].head = ((void *) hooks) |
1112 |
+ ((unsigned long) akari_hooks[idx].head) |
1113 |
- ((unsigned long) &probe_dummy_security_hook_heads); |
1114 |
#if defined(NEED_TO_CHECK_HOOKS_ARE_WRITABLE) |
1115 |
if (!check_ro_pages(hooks)) { |
1116 |
printk(KERN_INFO "Can't update security_hook_heads due to write protected. Retry with rodata=0 kernel command line option added.\n"); |
1117 |
return -EINVAL; |
1118 |
} |
1119 |
#endif |
1120 |
ccsecurity_exports.find_task_by_vpid = probe_find_task_by_vpid(); |
1121 |
if (!ccsecurity_exports.find_task_by_vpid) |
1122 |
goto out; |
1123 |
ccsecurity_exports.find_task_by_pid_ns = probe_find_task_by_pid_ns(); |
1124 |
if (!ccsecurity_exports.find_task_by_pid_ns) |
1125 |
goto out; |
1126 |
ccsecurity_exports.d_absolute_path = probe_d_absolute_path(); |
1127 |
if (!ccsecurity_exports.d_absolute_path) |
1128 |
goto out; |
1129 |
for (idx = 0; idx < CCS_MAX_TASK_SECURITY_HASH; idx++) |
1130 |
INIT_LIST_HEAD(&ccs_task_security_list[idx]); |
1131 |
ccs_main_init(); |
1132 |
#if defined(NEED_TO_CHECK_HOOKS_ARE_WRITABLE) && defined(CONFIG_X86) |
1133 |
for (idx = 0; idx < ro_pages_len; idx++) |
1134 |
set_bit(_PAGE_BIT_RW, &(ro_pages[idx]->flags)); |
1135 |
#endif |
1136 |
swap_hook(&akari_hooks[0], &original_task_free); |
1137 |
swap_hook(&akari_hooks[1], &original_cred_prepare); |
1138 |
swap_hook(&akari_hooks[2], &original_task_alloc); |
1139 |
for (idx = 3; idx < ARRAY_SIZE(akari_hooks); idx++) |
1140 |
add_hook(&akari_hooks[idx]); |
1141 |
#if defined(NEED_TO_CHECK_HOOKS_ARE_WRITABLE) && defined(CONFIG_X86) |
1142 |
for (idx = 0; idx < ro_pages_len; idx++) |
1143 |
clear_bit(_PAGE_BIT_RW, &(ro_pages[idx]->flags)); |
1144 |
#endif |
1145 |
printk(KERN_INFO "AKARI: 1.0.38 2018/04/01\n"); |
1146 |
printk(KERN_INFO |
1147 |
"Access Keeping And Regulating Instrument registered.\n"); |
1148 |
return 0; |
1149 |
out: |
1150 |
return -EINVAL; |
1151 |
} |
1152 |
|
1153 |
module_init(ccs_init); |
1154 |
MODULE_LICENSE("GPL"); |
1155 |
|
1156 |
/** |
1157 |
* ccs_used_by_cred - Check whether the given domain is in use or not. |
1158 |
* |
1159 |
* @domain: Pointer to "struct ccs_domain_info". |
1160 |
* |
1161 |
* Returns true if @domain is in use, false otherwise. |
1162 |
* |
1163 |
* Caller holds rcu_read_lock(). |
1164 |
*/ |
1165 |
bool ccs_used_by_cred(const struct ccs_domain_info *domain) |
1166 |
{ |
1167 |
return false; |
1168 |
} |
1169 |
|
1170 |
/** |
1171 |
* ccs_add_task_security - Add "struct ccs_security" to list. |
1172 |
* |
1173 |
* @ptr: Pointer to "struct ccs_security". |
1174 |
* @list: Pointer to "struct list_head". |
1175 |
* |
1176 |
* Returns nothing. |
1177 |
*/ |
1178 |
static void ccs_add_task_security(struct ccs_security *ptr, |
1179 |
struct list_head *list) |
1180 |
{ |
1181 |
unsigned long flags; |
1182 |
spin_lock_irqsave(&ccs_task_security_list_lock, flags); |
1183 |
list_add_rcu(&ptr->list, list); |
1184 |
spin_unlock_irqrestore(&ccs_task_security_list_lock, flags); |
1185 |
} |
1186 |
|
1187 |
/** |
1188 |
* __ccs_alloc_task_security - Allocate memory for new tasks. |
1189 |
* |
1190 |
* @task: Pointer to "struct task_struct". |
1191 |
* |
1192 |
* Returns 0 on success, negative value otherwise. |
1193 |
*/ |
1194 |
static int __ccs_alloc_task_security(const struct task_struct *task) |
1195 |
{ |
1196 |
struct ccs_security *old_security = ccs_current_security(); |
1197 |
struct ccs_security *new_security = kzalloc(sizeof(*new_security), |
1198 |
GFP_KERNEL); |
1199 |
struct list_head *list = &ccs_task_security_list |
1200 |
[hash_ptr((void *) task, CCS_TASK_SECURITY_HASH_BITS)]; |
1201 |
if (!new_security) |
1202 |
return -ENOMEM; |
1203 |
new_security->task = task; |
1204 |
new_security->ccs_domain_info = old_security->ccs_domain_info; |
1205 |
new_security->ccs_flags = old_security->ccs_flags; |
1206 |
ccs_add_task_security(new_security, list); |
1207 |
return 0; |
1208 |
} |
1209 |
|
1210 |
/** |
1211 |
* ccs_find_task_security - Find "struct ccs_security" for given task. |
1212 |
* |
1213 |
* @task: Pointer to "struct task_struct". |
1214 |
* |
1215 |
* Returns pointer to "struct ccs_security" on success, &ccs_oom_security on |
1216 |
* out of memory, &ccs_default_security otherwise. |
1217 |
* |
1218 |
* If @task is current thread and "struct ccs_security" for current thread was |
1219 |
* not found, I try to allocate it. But if allocation failed, current thread |
1220 |
* will be killed by SIGKILL. Note that if current->pid == 1, sending SIGKILL |
1221 |
* won't work. |
1222 |
*/ |
1223 |
struct ccs_security *ccs_find_task_security(const struct task_struct *task) |
1224 |
{ |
1225 |
struct ccs_security *ptr; |
1226 |
struct list_head *list = &ccs_task_security_list |
1227 |
[hash_ptr((void *) task, CCS_TASK_SECURITY_HASH_BITS)]; |
1228 |
/* Make sure INIT_LIST_HEAD() in ccs_mm_init() takes effect. */ |
1229 |
while (!list->next) |
1230 |
smp_rmb(); |
1231 |
rcu_read_lock(); |
1232 |
list_for_each_entry_rcu(ptr, list, list) { |
1233 |
if (ptr->task != task) |
1234 |
continue; |
1235 |
rcu_read_unlock(); |
1236 |
/* |
1237 |
* Current thread needs to transit from old domain to new |
1238 |
* domain before do_execve() succeeds in order to check |
1239 |
* permission for interpreters and environment variables using |
1240 |
* new domain's ACL rules. The domain transition has to be |
1241 |
* visible from other CPU in order to allow interactive |
1242 |
* enforcing mode. Also, the domain transition has to be |
1243 |
* reverted if do_execve() failed. However, an LSM hook for |
1244 |
* reverting domain transition is missing. |
1245 |
* |
1246 |
* security_prepare_creds() is called from prepare_creds() from |
1247 |
* prepare_bprm_creds() from do_execve() before setting |
1248 |
* current->in_execve flag, and current->in_execve flag is |
1249 |
* cleared by the time next do_execve() request starts. |
1250 |
* This means that we can emulate the missing LSM hook for |
1251 |
* reverting domain transition, by calling this function from |
1252 |
* security_prepare_creds(). |
1253 |
* |
1254 |
* If current->in_execve is not set but ptr->ccs_flags has |
1255 |
* CCS_TASK_IS_IN_EXECVE set, it indicates that do_execve() |
1256 |
* has failed and reverting domain transition is needed. |
1257 |
*/ |
1258 |
if (task == current && |
1259 |
(ptr->ccs_flags & CCS_TASK_IS_IN_EXECVE) && |
1260 |
!current->in_execve) { |
1261 |
ccs_debug_trace("1"); |
1262 |
ccs_clear_execve(-1, ptr); |
1263 |
} |
1264 |
return ptr; |
1265 |
} |
1266 |
rcu_read_unlock(); |
1267 |
if (task != current) |
1268 |
return &ccs_default_security; |
1269 |
/* Use GFP_ATOMIC because caller may have called rcu_read_lock(). */ |
1270 |
ptr = kzalloc(sizeof(*ptr), GFP_ATOMIC); |
1271 |
if (!ptr) { |
1272 |
printk(KERN_WARNING "Unable to allocate memory for pid=%u\n", |
1273 |
task->pid); |
1274 |
send_sig(SIGKILL, current, 0); |
1275 |
return &ccs_oom_security; |
1276 |
} |
1277 |
*ptr = ccs_default_security; |
1278 |
ptr->task = task; |
1279 |
ccs_add_task_security(ptr, list); |
1280 |
return ptr; |
1281 |
} |
1282 |
|
1283 |
/** |
1284 |
* __ccs_free_task_security - Release memory associated with "struct task_struct". |
1285 |
* |
1286 |
* @task: Pointer to "struct task_struct". |
1287 |
* |
1288 |
* Returns nothing. |
1289 |
*/ |
1290 |
static void __ccs_free_task_security(const struct task_struct *task) |
1291 |
{ |
1292 |
unsigned long flags; |
1293 |
struct ccs_security *ptr = ccs_find_task_security(task); |
1294 |
if (ptr == &ccs_default_security || ptr == &ccs_oom_security) |
1295 |
return; |
1296 |
spin_lock_irqsave(&ccs_task_security_list_lock, flags); |
1297 |
list_del_rcu(&ptr->list); |
1298 |
spin_unlock_irqrestore(&ccs_task_security_list_lock, flags); |
1299 |
kfree_rcu(ptr, rcu); |
1300 |
} |