~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/akari/lsm-2.6.0-vfs.c

Version: ~ [ linux-5.4-rc7 ] ~ [ linux-5.3.11 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.84 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.154 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.201 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.201 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.77 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * lsm.c
  3  *
  4  * Copyright (C) 2010-2015  Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
  5  *
  6  * Version: 1.0.35   2015/11/11
  7  */
  8 
  9 #include "internal.h"
 10 #include "probe.h"
 11 
 12 /* Prototype definition. */
 13 
 14 /* Dummy security context for avoiding NULL pointer dereference. */
 15 extern struct ccs_security ccs_oom_security;
 16 /* Dummy security context for avoiding NULL pointer dereference. */
 17 extern struct ccs_security ccs_default_security;
 18 /* Dummy marker for calling security_bprm_free(). */
 19 static const unsigned long ccs_bprm_security;
 20 
 21 /* For exporting variables and functions. */
 22 struct ccsecurity_exports ccsecurity_exports;
 23 /* Members are updated by loadable kernel module. */
 24 struct ccsecurity_operations ccsecurity_ops;
 25 
 26 /* Function pointers originally registered by register_security(). */
 27 static struct security_operations original_security_ops /* = *security_ops; */;
 28 
 29 #ifdef CONFIG_AKARI_TRACE_EXECVE_COUNT
 30 
 31 /**
 32  * ccs_update_ee_counter - Update "struct ccs_execve" counter.
 33  *
 34  * @count: Count to increment or decrement.
 35  *
 36  * Returns updated counter.
 37  */
 38 static unsigned int ccs_update_ee_counter(int count)
 39 {
 40 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 10) || defined(atomic_add_return)
 41         /* Debug counter for detecting "struct ccs_execve" memory leak. */
 42         static atomic_t ccs_ee_counter = ATOMIC_INIT(0);
 43         return atomic_add_return(count, &ccs_ee_counter);
 44 #else
 45         static DEFINE_SPINLOCK(ccs_ee_lock);
 46         static unsigned int ccs_ee_counter;
 47         unsigned long flags;
 48         spin_lock_irqsave(&ccs_ee_lock, flags);
 49         ccs_ee_counter += count;
 50         count = ccs_ee_counter;
 51         spin_unlock_irqrestore(&ccs_ee_lock, flags);
 52         return count;
 53 #endif
 54 }
 55 
 56 /**
 57  * ccs_audit_alloc_execve - Audit allocation of "struct ccs_execve".
 58  *
 59  * @ee: Pointer to "struct ccs_execve".
 60  *
 61  * Returns nothing.
 62  */
 63 void ccs_audit_alloc_execve(const struct ccs_execve * const ee)
 64 {
 65         printk(KERN_INFO "AKARI: Allocated %p by pid=%u (count=%u)\n", ee,
 66                current->pid, ccs_update_ee_counter(1) - 1);
 67 }
 68 
 69 /**
 70  * ccs_audit_free_execve - Audit release of "struct ccs_execve".
 71  *
 72  * @ee:   Pointer to "struct ccs_execve".
 73  * @task: True if released by current task, false otherwise.
 74  *
 75  * Returns nothing.
 76  */
 77 void ccs_audit_free_execve(const struct ccs_execve * const ee,
 78                            const bool is_current)
 79 {
 80         const unsigned int tmp = ccs_update_ee_counter(-1);
 81         if (is_current)
 82                 printk(KERN_INFO "AKARI: Releasing %p by pid=%u (count=%u)\n",
 83                        ee, current->pid, tmp);
 84         else
 85                 printk(KERN_INFO "AKARI: Releasing %p by kernel (count=%u)\n",
 86                        ee, tmp);
 87 }
 88 
 89 #endif
 90 
 91 #if !defined(CONFIG_AKARI_DEBUG)
 92 #define ccs_debug_trace(pos) do { } while (0)
 93 #else
 94 #define ccs_debug_trace(pos)                                            \
 95         do {                                                            \
 96                 static bool done;                                       \
 97                 if (!done) {                                            \
 98                         printk(KERN_INFO                                \
 99                                "AKARI: Debug trace: " pos " of 4\n");   \
100                         done = true;                                    \
101                 }                                                       \
102         } while (0)                                              
103 #endif
104 
105 /**
106  * ccs_clear_execve - Release memory used by do_execve().
107  *
108  * @ret:      0 if do_execve() succeeded, negative value otherwise.
109  * @security: Pointer to "struct ccs_security".
110  *
111  * Returns nothing.
112  */
113 static void ccs_clear_execve(int ret, struct ccs_security *security)
114 {
115         struct ccs_execve *ee;
116         if (security == &ccs_default_security || security == &ccs_oom_security)
117                 return;
118         ee = security->ee;
119         security->ee = NULL;
120         if (!ee)
121                 return;
122         ccs_finish_execve(ret, ee);
123 }
124 
125 /**
126  * ccs_task_alloc_security - Allocate memory for new tasks.
127  *
128  * @p: Pointer to "struct task_struct".
129  *
130  * Returns 0 on success, negative value otherwise.
131  */
132 static int ccs_task_alloc_security(struct task_struct *p)
133 {
134         int rc = ccs_alloc_task_security(p);
135         if (rc)
136                 return rc;
137         while (!original_security_ops.task_alloc_security);
138         rc = original_security_ops.task_alloc_security(p);
139         if (rc)
140                 ccs_free_task_security(p);
141         return rc;
142 }
143 
144 /**
145  * ccs_task_free_security - Release memory for "struct task_struct".
146  *
147  * @p: Pointer to "struct task_struct".
148  *
149  * Returns nothing.
150  */
151 static void ccs_task_free_security(struct task_struct *p)
152 {
153         while (!original_security_ops.task_free_security);
154         original_security_ops.task_free_security(p);
155         ccs_free_task_security(p);
156 }
157 
158 /**
159  * ccs_bprm_alloc_security - Allocate memory for "struct linux_binprm".
160  *
161  * @bprm: Pointer to "struct linux_binprm".
162  *
163  * Returns 0 on success, negative value otherwise.
164  */
165 static int ccs_bprm_alloc_security(struct linux_binprm *bprm)
166 {
167         int rc;
168         while (!original_security_ops.bprm_alloc_security);
169         rc = original_security_ops.bprm_alloc_security(bprm);
170         if (bprm->security || rc)
171                 return rc;
172         /*
173          * Update bprm->security to &ccs_bprm_security so that
174          * security_bprm_free() is called even if do_execve() failed at
175          * search_binary_handler() without allocating memory at
176          * security_bprm_alloc(). This trick assumes that active LSM module
177          * does not access bprm->security if that module did not allocate
178          * memory at security_bprm_alloc().
179          */
180         bprm->security = (void *) &ccs_bprm_security;
181         return 0;
182 }
183 
184 /**
185  * ccs_bprm_free_security - Release memory for "struct linux_binprm".
186  *
187  * @bprm: Pointer to "struct linux_binprm".
188  *
189  * Returns nothing.
190  */
191 static void ccs_bprm_free_security(struct linux_binprm *bprm)
192 {
193         /*
194          * If do_execve() succeeded, bprm->security will be updated to NULL at
195          * security_bprm_compute_creds()/security_bprm_apply_creds() if
196          * bprm->security was set to &ccs_bprm_security at
197          * security_bprm_alloc().
198          *
199          * If do_execve() failed, bprm->security remains at &ccs_bprm_security
200          * if bprm->security was set to &ccs_bprm_security at
201          * security_bprm_alloc().
202          *
203          * And do_execve() does not call security_bprm_free() if do_execve()
204          * failed and bprm->security == NULL. Therefore, do not call
205          * original_security_ops.bprm_free_security() if bprm->security remains
206          * at &ccs_bprm_security .
207          */
208         if (bprm->security != &ccs_bprm_security) {
209                 while (!original_security_ops.bprm_free_security);
210                 original_security_ops.bprm_free_security(bprm);
211         }
212         /*
213          * If do_execve() succeeded,
214          * ccs_clear_execve(0, ccs_current_security());
215          * is called before calling below one.
216          * Thus, below call becomes no-op if do_execve() succeeded.
217          */
218         ccs_clear_execve(-1, ccs_current_security());
219 }
220 
221 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 6)
222 
223 /**
224  * ccs_bprm_compute_creds - A hook which is called when do_execve() succeeded.
225  *
226  * @bprm: Pointer to "struct linux_binprm".
227  *
228  * Returns nothing.
229  */
230 static void ccs_bprm_compute_creds(struct linux_binprm *bprm)
231 {
232         if (bprm->security == &ccs_bprm_security)
233                 bprm->security = NULL;
234         while (!original_security_ops.bprm_compute_creds);
235         original_security_ops.bprm_compute_creds(bprm);
236         ccs_clear_execve(0, ccs_current_security());
237 }
238 
239 #else
240 
241 /**
242  * ccs_bprm_apply_creds - A hook which is called when do_execve() succeeded.
243  *
244  * @bprm:   Pointer to "struct linux_binprm".
245  * @unsafe: Unsafe flag.
246  *
247  * Returns nothing.
248  */
249 static void ccs_bprm_apply_creds(struct linux_binprm *bprm, int unsafe)
250 {
251         if (bprm->security == &ccs_bprm_security)
252                 bprm->security = NULL;
253         while (!original_security_ops.bprm_apply_creds);
254         original_security_ops.bprm_apply_creds(bprm, unsafe);
255         ccs_clear_execve(0, ccs_current_security());
256 }
257 
258 #endif
259 
260 /**
261  * ccs_bprm_check_security - Check permission for execve().
262  *
263  * @bprm: Pointer to "struct linux_binprm".
264  *
265  * Returns 0 on success, negative value otherwise.
266  */
267 static int ccs_bprm_check_security(struct linux_binprm *bprm)
268 {
269         struct ccs_security *security = ccs_current_security();
270         if (security == &ccs_default_security || security == &ccs_oom_security)
271                 return -ENOMEM;
272         if (!security->ee) {
273                 int rc;
274 #ifndef CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER
275                 if (!ccs_policy_loaded)
276                         ccs_load_policy(bprm->filename);
277 #endif
278                 rc = ccs_start_execve(bprm, &security->ee);
279                 if (rc)
280                         return rc;
281         }
282         while (!original_security_ops.bprm_check_security);
283         return original_security_ops.bprm_check_security(bprm);
284 }
285 
286 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
287 
288 /**
289  * ccs_open - Check permission for open().
290  *
291  * @f: Pointer to "struct file".
292  *
293  * Returns 0 on success, negative value otherwise.
294  */
295 static int ccs_open(struct file *f)
296 {
297         return ccs_open_permission(f->f_path.dentry, f->f_path.mnt,
298                                    f->f_flags + 1);
299 }
300 
301 #endif
302 
303 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
304 
305 /**
306  * ccs_dentry_open - Check permission for open().
307  *
308  * @f: Pointer to "struct file".
309  *
310  * Returns 0 on success, negative value otherwise.
311  */
312 static int ccs_dentry_open(struct file *f)
313 {
314         int rc = ccs_open(f);
315         if (rc)
316                 return rc;
317         while (!original_security_ops.dentry_open);
318         return original_security_ops.dentry_open(f);
319 }
320 
321 #else
322 
323 /**
324  * ccs_open - Check permission for open().
325  *
326  * @inode: Pointer to "struct inode".
327  * @mask:  Open mode.
328  * @nd:    Pointer to "struct nameidata".
329  *
330  * Returns 0 on success, negative value otherwise.
331  */
332 static int ccs_open(struct inode *inode, int mask, struct nameidata *nd)
333 {
334         int flags;
335         if (!nd || !nd->dentry)
336                 return 0;
337         /* open_exec() passes MAY_EXEC . */
338         if (mask == MAY_EXEC && inode && S_ISREG(inode->i_mode) &&
339             (ccs_current_flags() & CCS_TASK_IS_IN_EXECVE))
340                 mask = MAY_READ;
341         /*
342          * This flags value is passed to ACC_MODE().
343          * ccs_open_permission() for older versions uses old ACC_MODE().
344          */
345         switch (mask & (MAY_READ | MAY_WRITE)) {
346         case MAY_READ:
347                 flags = 01;
348                 break;
349         case MAY_WRITE:
350                 flags = 02;
351                 break;
352         case MAY_READ | MAY_WRITE:
353                 flags = 03;
354                 break;
355         default:
356                 return 0;
357         }
358         return ccs_open_permission(nd->dentry, nd->mnt, flags);
359 }
360 
361 /**
362  * ccs_inode_permission - Check permission for open().
363  *
364  * @inode: Pointer to "struct inode".
365  * @mask:  Open mode.
366  * @nd:    Pointer to "struct nameidata".
367  *
368  * Returns 0 on success, negative value otherwise.
369  *
370  * Note that this hook is called from permission(), and may not be called for
371  * open(). Maybe it is better to use security_file_permission().
372  */
373 static int ccs_inode_permission(struct inode *inode, int mask,
374                                 struct nameidata *nd)
375 {
376         int rc = ccs_open(inode, mask, nd);
377         if (rc)
378                 return rc;
379         while (!original_security_ops.inode_permission);
380         return original_security_ops.inode_permission(inode, mask, nd);
381 }
382 
383 #endif
384 
385 /**
386  * ccs_inode_setattr - Check permission for chown()/chgrp()/chmod()/truncate().
387  *
388  * @dentry: Pointer to "struct dentry".
389  * @mnt:    Pointer to "struct vfsmount". Maybe NULL.
390  * @attr:   Pointer to "struct iattr".
391  *
392  * Returns 0 on success, negative value otherwise.
393  */
394 static int ccs_inode_setattr(struct dentry *dentry, struct vfsmount *mnt,
395                              struct iattr *attr)
396 {
397         int rc = 0;
398         if (attr->ia_valid & ATTR_UID)
399                 rc = ccs_chown_permission(dentry, mnt, attr->ia_uid, -1);
400         if (!rc && (attr->ia_valid & ATTR_GID))
401                 rc = ccs_chown_permission(dentry, mnt, -1, attr->ia_gid);
402         if (!rc && (attr->ia_valid & ATTR_MODE))
403                 rc = ccs_chmod_permission(dentry, mnt, attr->ia_mode);
404         if (!rc && (attr->ia_valid & ATTR_SIZE))
405                 rc = ccs_truncate_permission(dentry, mnt);
406         if (rc)
407                 return rc;
408         while (!original_security_ops.inode_setattr);
409         return original_security_ops.inode_setattr(dentry, mnt, attr);
410 }
411 
412 /**
413  * ccs_inode_getattr - Check permission for stat().
414  *
415  * @mnt:    Pointer to "struct vfsmount".
416  * @dentry: Pointer to "struct dentry".
417  *
418  * Returns 0 on success, negative value otherwise.
419  */
420 static int ccs_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
421 {
422         int rc = ccs_getattr_permission(mnt, dentry);
423         if (rc)
424                 return rc;
425         while (!original_security_ops.inode_getattr);
426         return original_security_ops.inode_getattr(mnt, dentry);
427 }
428 
429 /**
430  * ccs_inode_mknod - Check permission for mknod().
431  *
432  * @dir:    Pointer to "struct inode".
433  * @dentry: Pointer to "struct dentry".
434  * @mnt:    Pointer to "struct vfsmount". Maybe NULL.
435  * @mode:   Create mode.
436  * @dev:    Device major/minor number.
437  *
438  * Returns 0 on success, negative value otherwise.
439  */
440 static int ccs_inode_mknod(struct inode *dir, struct dentry *dentry,
441                            struct vfsmount *mnt, int mode, dev_t dev)
442 {
443         int rc = ccs_mknod_permission(dentry, mnt, mode, dev);
444         if (rc)
445                 return rc;
446         while (!original_security_ops.inode_mknod);
447         return original_security_ops.inode_mknod(dir, dentry, mnt, mode, dev);
448 }
449 
450 /**
451  * ccs_inode_mkdir - Check permission for mkdir().
452  *
453  * @dir:    Pointer to "struct inode".
454  * @dentry: Pointer to "struct dentry".
455  * @mnt:    Pointer to "struct vfsmount". Maybe NULL.
456  * @mode:   Create mode.
457  *
458  * Returns 0 on success, negative value otherwise.
459  */
460 static int ccs_inode_mkdir(struct inode *dir, struct dentry *dentry,
461                            struct vfsmount *mnt, int mode)
462 {
463         int rc = ccs_mkdir_permission(dentry, mnt, mode);
464         if (rc)
465                 return rc;
466         while (!original_security_ops.inode_mkdir);
467         return original_security_ops.inode_mkdir(dir, dentry, mnt, mode);
468 }
469 
470 /**
471  * ccs_inode_rmdir - Check permission for rmdir().
472  *
473  * @dir:    Pointer to "struct inode".
474  * @dentry: Pointer to "struct dentry".
475  * @mnt:    Pointer to "struct vfsmount". Maybe NULL.
476  *
477  * Returns 0 on success, negative value otherwise.
478  */
479 static int ccs_inode_rmdir(struct inode *dir, struct dentry *dentry,
480                            struct vfsmount *mnt)
481 {
482         int rc = ccs_rmdir_permission(dentry, mnt);
483         if (rc)
484                 return rc;
485         while (!original_security_ops.inode_rmdir);
486         return original_security_ops.inode_rmdir(dir, dentry, mnt);
487 }
488 
489 /**
490  * ccs_inode_unlink - Check permission for unlink().
491  *
492  * @dir:    Pointer to "struct inode".
493  * @dentry: Pointer to "struct dentry".
494  * @mnt:    Pointer to "struct vfsmount". Maybe NULL.
495  *
496  * Returns 0 on success, negative value otherwise.
497  */
498 static int ccs_inode_unlink(struct inode *dir, struct dentry *dentry,
499                             struct vfsmount *mnt)
500 {
501         int rc = ccs_unlink_permission(dentry, mnt);
502         if (rc)
503                 return rc;
504         while (!original_security_ops.inode_unlink);
505         return original_security_ops.inode_unlink(dir, dentry, mnt);
506 }
507 
508 /**
509  * ccs_inode_symlink - Check permission for symlink().
510  *
511  * @dir:      Pointer to "struct inode".
512  * @dentry:   Pointer to "struct dentry".
513  * @mnt:      Pointer to "struct vfsmount". Maybe NULL.
514  * @old_name: Content of symbolic link.
515  *
516  * Returns 0 on success, negative value otherwise.
517  */
518 static int ccs_inode_symlink(struct inode *dir, struct dentry *dentry,
519                              struct vfsmount *mnt, const char *old_name)
520 {
521         int rc = ccs_symlink_permission(dentry, mnt, old_name);
522         if (rc)
523                 return rc;
524         while (!original_security_ops.inode_symlink);
525         return original_security_ops.inode_symlink(dir, dentry, mnt, old_name);
526 }
527 
528 /**
529  * ccs_inode_rename - Check permission for rename().
530  *
531  * @old_dir:    Pointer to "struct inode".
532  * @old_dentry: Pointer to "struct dentry".
533  * @old_mnt:    Pointer to "struct vfsmount". Maybe NULL.
534  * @new_dir:    Pointer to "struct inode".
535  * @new_dentry: Pointer to "struct dentry".
536  * @new_mnt:    Pointer to "struct vfsmount". Maybe NULL.
537  *
538  * Returns 0 on success, negative value otherwise.
539  */
540 static int ccs_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
541                             struct vfsmount *old_mnt, struct inode *new_dir,
542                             struct dentry *new_dentry,
543                             struct vfsmount *new_mnt)
544 {
545         int rc = ccs_rename_permission(old_dentry, new_dentry, new_mnt);
546         if (rc)
547                 return rc;
548         while (!original_security_ops.inode_rename);
549         return original_security_ops.inode_rename(old_dir, old_dentry, old_mnt,
550                                                   new_dir, new_dentry,
551                                                   new_mnt);
552 }
553 
554 /**
555  * ccs_inode_link - Check permission for link().
556  *
557  * @old_dentry: Pointer to "struct dentry".
558  * @old_mnt:    Pointer to "struct vfsmount". Maybe NULL.
559  * @dir:        Pointer to "struct inode".
560  * @new_dentry: Pointer to "struct dentry".
561  * @new_mnt:    Pointer to "struct vfsmount". Maybe NULL.
562  *
563  * Returns 0 on success, negative value otherwise.
564  */
565 static int ccs_inode_link(struct dentry *old_dentry, struct vfsmount *old_mnt,
566                           struct inode *dir, struct dentry *new_dentry,
567                           struct vfsmount *new_mnt)
568 {
569         int rc = ccs_link_permission(old_dentry, new_dentry, new_mnt);
570         if (rc)
571                 return rc;
572         while (!original_security_ops.inode_link);
573         return original_security_ops.inode_link(old_dentry, old_mnt, dir,
574                                                 new_dentry, new_mnt);
575 }
576 
577 /**
578  * ccs_inode_create - Check permission for creat().
579  *
580  * @dir:    Pointer to "struct inode".
581  * @dentry: Pointer to "struct dentry".
582  * @mnt:    Pointer to "struct vfsmount". Maybe NULL.
583  * @mode:   Create mode.
584  *
585  * Returns 0 on success, negative value otherwise.
586  */
587 static int ccs_inode_create(struct inode *dir, struct dentry *dentry,
588                             struct vfsmount *mnt, int mode)
589 {
590         int rc = ccs_mknod_permission(dentry, mnt, mode, 0);
591         if (rc)
592                 return rc;
593         while (!original_security_ops.inode_create);
594         return original_security_ops.inode_create(dir, dentry, mnt, mode);
595 }
596 
597 #ifdef CONFIG_SECURITY_NETWORK
598 
599 #include <net/sock.h>
600 
601 /* Structure for remembering an accept()ed socket's status. */
602 struct ccs_socket_tag {
603         struct list_head list;
604         struct inode *inode;
605         int status;
606         struct rcu_head rcu;
607 };
608 
609 /*
610  * List for managing accept()ed sockets.
611  * Since we don't need to keep an accept()ed socket into this list after
612  * once the permission was granted, the number of entries in this list is
613  * likely small. Therefore, we don't use hash tables.
614  */
615 static LIST_HEAD(ccs_accepted_socket_list);
616 /* Lock for protecting ccs_accepted_socket_list . */
617 static DEFINE_SPINLOCK(ccs_accepted_socket_list_lock);
618 
619 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 8)
620 
621 /**
622  * ccs_socket_rcu_free - RCU callback for releasing "struct ccs_socket_tag".
623  *
624  * @rcu: Pointer to "struct rcu_head".
625  *
626  * Returns nothing.
627  */
628 static void ccs_socket_rcu_free(struct rcu_head *rcu)
629 {
630         struct ccs_socket_tag *ptr = container_of(rcu, typeof(*ptr), rcu);
631         kfree(ptr);
632 }
633 
634 #else
635 
636 /**
637  * ccs_socket_rcu_free - RCU callback for releasing "struct ccs_socket_tag".
638  *
639  * @arg: Pointer to "void".
640  *
641  * Returns nothing.
642  */
643 static void ccs_socket_rcu_free(void *arg)
644 {
645         struct ccs_socket_tag *ptr = arg;
646         kfree(ptr);
647 }
648 
649 #endif
650 
651 /**
652  * ccs_update_socket_tag - Update tag associated with accept()ed sockets.
653  *
654  * @inode:  Pointer to "struct inode".
655  * @status: New status.
656  *
657  * Returns nothing.
658  *
659  * If @status == 0, memory for that socket will be released after RCU grace
660  * period.
661  */
662 static void ccs_update_socket_tag(struct inode *inode, int status)
663 {
664         struct ccs_socket_tag *ptr;
665         /*
666          * Protect whole section because multiple threads may call this
667          * function with same "sock" via ccs_validate_socket().
668          */
669         spin_lock(&ccs_accepted_socket_list_lock);
670         rcu_read_lock();
671         list_for_each_entry_rcu(ptr, &ccs_accepted_socket_list, list) {
672                 if (ptr->inode != inode)
673                         continue;
674                 ptr->status = status;
675                 if (status)
676                         break;
677                 list_del_rcu(&ptr->list);
678 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 8)
679                 call_rcu(&ptr->rcu, ccs_socket_rcu_free);
680 #else
681                 call_rcu(&ptr->rcu, ccs_socket_rcu_free, ptr);
682 #endif
683                 break;
684         }
685         rcu_read_unlock();
686         spin_unlock(&ccs_accepted_socket_list_lock);
687 }
688 
689 /**
690  * ccs_validate_socket - Check post accept() permission if needed.
691  *
692  * @sock: Pointer to "struct socket".
693  *
694  * Returns 0 on success, negative value otherwise.
695  */
696 static int ccs_validate_socket(struct socket *sock)
697 {
698         struct inode *inode = SOCK_INODE(sock);
699         struct ccs_socket_tag *ptr;
700         int ret = 0;
701         rcu_read_lock();
702         list_for_each_entry_rcu(ptr, &ccs_accepted_socket_list, list) {
703                 if (ptr->inode != inode)
704                         continue;
705                 ret = ptr->status;
706                 break;
707         }
708         rcu_read_unlock();
709         if (ret <= 0)
710                 /*
711                  * This socket is not an accept()ed socket or this socket is
712                  * an accept()ed socket and post accept() permission is done.
713                  */
714                 return ret;
715         /*
716          * Check post accept() permission now.
717          *
718          * Strictly speaking, we need to pass both listen()ing socket and
719          * accept()ed socket to __ccs_socket_post_accept_permission().
720          * But since socket's family and type are same for both sockets,
721          * passing the accept()ed socket in place for the listen()ing socket
722          * will work.
723          */
724         ret = ccs_socket_post_accept_permission(sock, sock);
725         /*
726          * If permission was granted, we forget that this is an accept()ed
727          * socket. Otherwise, we remember that this socket needs to return
728          * error for subsequent socketcalls.
729          */
730         ccs_update_socket_tag(inode, ret);
731         return ret;
732 }
733 
734 /**
735  * ccs_socket_accept - Check permission for accept().
736  *
737  * @sock:    Pointer to "struct socket".
738  * @newsock: Pointer to "struct socket".
739  *
740  * Returns 0 on success, negative value otherwise.
741  *
742  * This hook is used for setting up environment for doing post accept()
743  * permission check. If dereferencing sock->ops->something() were ordered by
744  * rcu_dereference(), we could replace sock->ops with "a copy of original
745  * sock->ops with modified sock->ops->accept()" using rcu_assign_pointer()
746  * in order to do post accept() permission check before returning to userspace.
747  * If we make the copy in security_socket_post_create(), it would be possible
748  * to safely replace sock->ops here, but we don't do so because we don't want
749  * to allocate memory for sockets which do not call sock->ops->accept().
750  * Therefore, we do post accept() permission check upon next socket syscalls
751  * rather than between sock->ops->accept() and returning to userspace.
752  * This means that if a socket was close()d before calling some socket
753  * syscalls, post accept() permission check will not be done.
754  */
755 static int ccs_socket_accept(struct socket *sock, struct socket *newsock)
756 {
757         struct ccs_socket_tag *ptr;
758         int rc = ccs_validate_socket(sock);
759         if (rc < 0)
760                 return rc;
761         ptr = kzalloc(sizeof(*ptr), GFP_KERNEL);
762         if (!ptr)
763                 return -ENOMEM;
764         while (!original_security_ops.socket_accept);
765         rc = original_security_ops.socket_accept(sock, newsock);
766         if (rc) {
767                 kfree(ptr);
768                 return rc;
769         }
770         /*
771          * Subsequent LSM hooks will receive "newsock". Therefore, I mark
772          * "newsock" as "an accept()ed socket but post accept() permission
773          * check is not done yet" by allocating memory using inode of the
774          * "newsock" as a search key.
775          */
776         ptr->inode = SOCK_INODE(newsock);
777         ptr->status = 1; /* Check post accept() permission later. */
778         spin_lock(&ccs_accepted_socket_list_lock);
779         list_add_tail_rcu(&ptr->list, &ccs_accepted_socket_list);
780         spin_unlock(&ccs_accepted_socket_list_lock);
781         return 0;
782 }
783 
784 /**
785  * ccs_socket_listen - Check permission for listen().
786  *
787  * @sock:    Pointer to "struct socket".
788  * @backlog: Backlog parameter.
789  *
790  * Returns 0 on success, negative value otherwise.
791  */
792 static int ccs_socket_listen(struct socket *sock, int backlog)
793 {
794         int rc = ccs_validate_socket(sock);
795         if (rc < 0)
796                 return rc;
797         rc = ccs_socket_listen_permission(sock);
798         if (rc)
799                 return rc;
800         while (!original_security_ops.socket_listen);
801         return original_security_ops.socket_listen(sock, backlog);
802 }
803 
804 /**
805  * ccs_socket_connect - Check permission for connect().
806  *
807  * @sock:     Pointer to "struct socket".
808  * @addr:     Pointer to "struct sockaddr".
809  * @addr_len: Size of @addr.
810  *
811  * Returns 0 on success, negative value otherwise.
812  */
813 static int ccs_socket_connect(struct socket *sock, struct sockaddr *addr,
814                               int addr_len)
815 {
816         int rc = ccs_validate_socket(sock);
817         if (rc < 0)
818                 return rc;
819         rc = ccs_socket_connect_permission(sock, addr, addr_len);
820         if (rc)
821                 return rc;
822         while (!original_security_ops.socket_connect);
823         return original_security_ops.socket_connect(sock, addr, addr_len);
824 }
825 
826 /**
827  * ccs_socket_bind - Check permission for bind().
828  *
829  * @sock:     Pointer to "struct socket".
830  * @addr:     Pointer to "struct sockaddr".
831  * @addr_len: Size of @addr.
832  *
833  * Returns 0 on success, negative value otherwise.
834  */
835 static int ccs_socket_bind(struct socket *sock, struct sockaddr *addr,
836                            int addr_len)
837 {
838         int rc = ccs_validate_socket(sock);
839         if (rc < 0)
840                 return rc;
841         rc = ccs_socket_bind_permission(sock, addr, addr_len);
842         if (rc)
843                 return rc;
844         while (!original_security_ops.socket_bind);
845         return original_security_ops.socket_bind(sock, addr, addr_len);
846 }
847 
848 /**
849  * ccs_socket_sendmsg - Check permission for sendmsg().
850  *
851  * @sock: Pointer to "struct socket".
852  * @msg:  Pointer to "struct msghdr".
853  * @size: Size of message.
854  *
855  * Returns 0 on success, negative value otherwise.
856  */
857 static int ccs_socket_sendmsg(struct socket *sock, struct msghdr *msg,
858                               int size)
859 {
860         int rc = ccs_validate_socket(sock);
861         if (rc < 0)
862                 return rc;
863         rc = ccs_socket_sendmsg_permission(sock, msg, size);
864         if (rc)
865                 return rc;
866         while (!original_security_ops.socket_sendmsg);
867         return original_security_ops.socket_sendmsg(sock, msg, size);
868 }
869 
870 /**
871  * ccs_socket_recvmsg - Check permission for recvmsg().
872  *
873  * @sock:  Pointer to "struct socket".
874  * @msg:   Pointer to "struct msghdr".
875  * @size:  Size of message.
876  * @flags: Flags.
877  *
878  * Returns 0 on success, negative value otherwise.
879  */
880 static int ccs_socket_recvmsg(struct socket *sock, struct msghdr *msg,
881                               int size, int flags)
882 {
883         int rc = ccs_validate_socket(sock);
884         if (rc < 0)
885                 return rc;
886         while (!original_security_ops.socket_recvmsg);
887         return original_security_ops.socket_recvmsg(sock, msg, size, flags);
888 }
889 
890 /**
891  * ccs_socket_getsockname - Check permission for getsockname().
892  *
893  * @sock: Pointer to "struct socket".
894  *
895  * Returns 0 on success, negative value otherwise.
896  */
897 static int ccs_socket_getsockname(struct socket *sock)
898 {
899         int rc = ccs_validate_socket(sock);
900         if (rc < 0)
901                 return rc;
902         while (!original_security_ops.socket_getsockname);
903         return original_security_ops.socket_getsockname(sock);
904 }
905 
906 /**
907  * ccs_socket_getpeername - Check permission for getpeername().
908  *
909  * @sock: Pointer to "struct socket".
910  *
911  * Returns 0 on success, negative value otherwise.
912  */
913 static int ccs_socket_getpeername(struct socket *sock)
914 {
915         int rc = ccs_validate_socket(sock);
916         if (rc < 0)
917                 return rc;
918         while (!original_security_ops.socket_getpeername);
919         return original_security_ops.socket_getpeername(sock);
920 }
921 
922 /**
923  * ccs_socket_getsockopt - Check permission for getsockopt().
924  *
925  * @sock:    Pointer to "struct socket".
926  * @level:   Level.
927  * @optname: Option's name,
928  *
929  * Returns 0 on success, negative value otherwise.
930  */
931 static int ccs_socket_getsockopt(struct socket *sock, int level, int optname)
932 {
933         int rc = ccs_validate_socket(sock);
934         if (rc < 0)
935                 return rc;
936         while (!original_security_ops.socket_getsockopt);
937         return original_security_ops.socket_getsockopt(sock, level, optname);
938 }
939 
940 /**
941  * ccs_socket_setsockopt - Check permission for setsockopt().
942  *
943  * @sock:    Pointer to "struct socket".
944  * @level:   Level.
945  * @optname: Option's name,
946  *
947  * Returns 0 on success, negative value otherwise.
948  */
949 static int ccs_socket_setsockopt(struct socket *sock, int level, int optname)
950 {
951         int rc = ccs_validate_socket(sock);
952         if (rc < 0)
953                 return rc;
954         while (!original_security_ops.socket_setsockopt);
955         return original_security_ops.socket_setsockopt(sock, level, optname);
956 }
957 
958 /**
959  * ccs_socket_shutdown - Check permission for shutdown().
960  *
961  * @sock: Pointer to "struct socket".
962  * @how:  Shutdown mode.
963  *
964  * Returns 0 on success, negative value otherwise.
965  */
966 static int ccs_socket_shutdown(struct socket *sock, int how)
967 {
968         int rc = ccs_validate_socket(sock);
969         if (rc < 0)
970                 return rc;
971         while (!original_security_ops.socket_shutdown);
972         return original_security_ops.socket_shutdown(sock, how);
973 }
974 
975 #define SOCKFS_MAGIC 0x534F434B
976 
977 /**
978  * ccs_inode_free_security - Release memory associated with an inode.
979  *
980  * @inode: Pointer to "struct inode".
981  *
982  * Returns nothing.
983  *
984  * We use this hook for releasing memory associated with an accept()ed socket.
985  */
986 static void ccs_inode_free_security(struct inode *inode)
987 {
988         while (!original_security_ops.inode_free_security);
989         original_security_ops.inode_free_security(inode);
990         if (inode->i_sb && inode->i_sb->s_magic == SOCKFS_MAGIC)
991                 ccs_update_socket_tag(inode, 0);
992 }
993 
994 #endif
995 
996 #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 24)
997 
998 /**
999  * ccs_sb_pivotroot - Check permission for pivot_root().
1000  *
1001  * @old_nd: Pointer to "struct nameidata".
1002  * @new_nd: Pointer to "struct nameidata".
1003  *
1004  * Returns 0 on success, negative value otherwise.
1005  */
1006 static int ccs_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd)
1007 {
1008         int rc = ccs_pivot_root_permission(old_nd, new_nd);
1009         if (rc)
1010                 return rc;
1011         while (!original_security_ops.sb_pivotroot);
1012         return original_security_ops.sb_pivotroot(old_nd, new_nd);
1013 }
1014 
1015 /**
1016  * ccs_sb_mount - Check permission for mount().
1017  *
1018  * @dev_name:  Name of device file.
1019  * @nd:        Pointer to "struct nameidata".
1020  * @type:      Name of filesystem type. Maybe NULL.
1021  * @flags:     Mount options.
1022  * @data_page: Optional data. Maybe NULL.
1023  *
1024  * Returns 0 on success, negative value otherwise.
1025  */
1026 static int ccs_sb_mount(char *dev_name, struct nameidata *nd, char *type,
1027                         unsigned long flags, void *data_page)
1028 {
1029         int rc = ccs_mount_permission(dev_name, nd, type, flags, data_page);
1030         if (rc)
1031                 return rc;
1032         while (!original_security_ops.sb_mount);
1033         return original_security_ops.sb_mount(dev_name, nd, type, flags,
1034                                               data_page);
1035 }
1036 
1037 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 26)
1038 
1039 /**
1040  * ccs_sb_pivotroot - Check permission for pivot_root().
1041  *
1042  * @old_nd: Pointer to "struct nameidata".
1043  * @new_nd: Pointer to "struct nameidata".
1044  *
1045  * Returns 0 on success, negative value otherwise.
1046  */
1047 static int ccs_sb_pivotroot(struct nameidata *old_nd, struct nameidata *new_nd)
1048 {
1049         int rc = ccs_pivot_root_permission(&old_nd->path, &new_nd->path);
1050         if (rc)
1051                 return rc;
1052         while (!original_security_ops.sb_pivotroot);
1053         return original_security_ops.sb_pivotroot(old_nd, new_nd);
1054 }
1055 
1056 /**
1057  * ccs_sb_mount - Check permission for mount().
1058  *
1059  * @dev_name:  Name of device file.
1060  * @nd:        Pointer to "struct nameidata".
1061  * @type:      Name of filesystem type. Maybe NULL.
1062  * @flags:     Mount options.
1063  * @data_page: Optional data. Maybe NULL.
1064  *
1065  * Returns 0 on success, negative value otherwise.
1066  */
1067 static int ccs_sb_mount(char *dev_name, struct nameidata *nd, char *type,
1068                         unsigned long flags, void *data_page)
1069 {
1070         int rc = ccs_mount_permission(dev_name, &nd->path, type, flags,
1071                                       data_page);
1072         if (rc)
1073                 return rc;
1074         while (!original_security_ops.sb_mount);
1075         return original_security_ops.sb_mount(dev_name, nd, type, flags,
1076                                               data_page);
1077 }
1078 
1079 #else
1080 
1081 /**
1082  * ccs_sb_pivotroot - Check permission for pivot_root().
1083  *
1084  * @old_path: Pointer to "struct path".
1085  * @new_path: Pointer to "struct path".
1086  *
1087  * Returns 0 on success, negative value otherwise.
1088  */
1089 static int ccs_sb_pivotroot(struct path *old_path, struct path *new_path)
1090 {
1091         int rc = ccs_pivot_root_permission(old_path, new_path);
1092         if (rc)
1093                 return rc;
1094         while (!original_security_ops.sb_pivotroot);
1095         return original_security_ops.sb_pivotroot(old_path, new_path);
1096 }
1097 
1098 /**
1099  * ccs_sb_mount - Check permission for mount().
1100  *
1101  * @dev_name:  Name of device file.
1102  * @path:      Pointer to "struct path".
1103  * @type:      Name of filesystem type. Maybe NULL.
1104  * @flags:     Mount options.
1105  * @data_page: Optional data. Maybe NULL.
1106  *
1107  * Returns 0 on success, negative value otherwise.
1108  */
1109 static int ccs_sb_mount(char *dev_name, struct path *path, char *type,
1110                         unsigned long flags, void *data_page)
1111 {
1112         int rc = ccs_mount_permission(dev_name, path, type, flags, data_page);
1113         if (rc)
1114                 return rc;
1115         while (!original_security_ops.sb_mount);
1116         return original_security_ops.sb_mount(dev_name, path, type, flags,
1117                                               data_page);
1118 }
1119 
1120 #endif
1121 
1122 /**
1123  * ccs_sb_umount - Check permission for umount().
1124  *
1125  * @mnt:   Pointer to "struct vfsmount".
1126  * @flags: Unmount flags.
1127  *
1128  * Returns 0 on success, negative value otherwise.
1129  */
1130 static int ccs_sb_umount(struct vfsmount *mnt, int flags)
1131 {
1132         int rc = ccs_umount_permission(mnt, flags);
1133         if (rc)
1134                 return rc;
1135         while (!original_security_ops.sb_umount);
1136         return original_security_ops.sb_umount(mnt, flags);
1137 }
1138 
1139 /**
1140  * ccs_file_fcntl - Check permission for fcntl().
1141  *
1142  * @file: Pointer to "struct file".
1143  * @cmd:  Command number.
1144  * @arg:  Value for @cmd.
1145  *
1146  * Returns 0 on success, negative value otherwise.
1147  */
1148 static int ccs_file_fcntl(struct file *file, unsigned int cmd,
1149                           unsigned long arg)
1150 {
1151         int rc = ccs_fcntl_permission(file, cmd, arg);
1152         if (rc)
1153                 return rc;
1154         while (!original_security_ops.file_fcntl);
1155         return original_security_ops.file_fcntl(file, cmd, arg);
1156 }
1157 
1158 /**
1159  * ccs_file_ioctl - Check permission for ioctl().
1160  *
1161  * @filp: Pointer to "struct file".
1162  * @cmd:  Command number.
1163  * @arg:  Value for @cmd.
1164  *
1165  * Returns 0 on success, negative value otherwise.
1166  */
1167 static int ccs_file_ioctl(struct file *filp, unsigned int cmd,
1168                           unsigned long arg)
1169 {
1170         int rc = ccs_ioctl_permission(filp, cmd, arg);
1171         if (rc)
1172                 return rc;
1173         while (!original_security_ops.file_ioctl);
1174         return original_security_ops.file_ioctl(filp, cmd, arg);
1175 }
1176 
1177 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 21) && defined(CONFIG_SYSCTL_SYSCALL)
1178 int ccs_path_permission(struct ccs_request_info *r, u8 operation,
1179                         const struct ccs_path_info *filename);
1180 
1181 /**
1182  * ccs_prepend - Copy of prepend() in fs/dcache.c.
1183  *
1184  * @buffer: Pointer to "struct char *".
1185  * @buflen: Pointer to int which holds size of @buffer.
1186  * @str:    String to copy.
1187  *
1188  * Returns 0 on success, negative value otherwise.
1189  *
1190  * @buffer and @buflen are updated upon success.
1191  */
1192 static int ccs_prepend(char **buffer, int *buflen, const char *str)
1193 {
1194         int namelen = strlen(str);
1195         if (*buflen < namelen)
1196                 return -ENOMEM;
1197         *buflen -= namelen;
1198         *buffer -= namelen;
1199         memcpy(*buffer, str, namelen);
1200         return 0;
1201 }
1202 
1203 /**
1204  * ccs_sysctl_permission - Check permission for sysctl().
1205  *
1206  * @table: Pointer to "struct ctl_table".
1207  * @op:    Operation. (MAY_READ and/or MAY_WRITE)
1208  *
1209  * Returns 0 on success, negative value otherwise.
1210  */
1211 static int ccs_sysctl(struct ctl_table *table, int op)
1212 {
1213         int error;
1214         struct ccs_path_info buf;
1215         struct ccs_request_info r;
1216         int buflen;
1217         char *buffer;
1218         int idx;
1219         while (!original_security_ops.sysctl);
1220         error = original_security_ops.sysctl(table, op);
1221         if (error)
1222                 return error;
1223         op &= MAY_READ | MAY_WRITE;
1224         if (!op)
1225                 return 0;
1226         buffer = NULL;
1227         buf.name = NULL;
1228         idx = ccs_read_lock();
1229         if (ccs_init_request_info(&r, CCS_MAC_FILE_OPEN)
1230             == CCS_CONFIG_DISABLED)
1231                 goto out;
1232         error = -ENOMEM;
1233         buflen = 4096;
1234         buffer = kmalloc(buflen, CCS_GFP_FLAGS);
1235         if (buffer) {
1236                 char *end = buffer + buflen;
1237                 *--end = '\0';
1238                 buflen--;
1239                 while (table) {
1240                         char num[32];
1241                         const char *sp = table->procname;
1242                         if (!sp) {
1243                                 memset(num, 0, sizeof(num));
1244                                 snprintf(num, sizeof(num) - 1, "=%d=",
1245                                          table->ctl_name);
1246                                 sp = num;
1247                         }
1248                         if (ccs_prepend(&end, &buflen, sp) ||
1249                             ccs_prepend(&end, &buflen, "/"))
1250                                 goto out;
1251                         table = table->parent;
1252                 }
1253                 if (ccs_prepend(&end, &buflen, "proc:/sys"))
1254                         goto out;
1255                 buf.name = ccs_encode(end);
1256         }
1257         if (buf.name) {
1258                 ccs_fill_path_info(&buf);
1259                 if (op & MAY_READ)
1260                         error = ccs_path_permission(&r, CCS_TYPE_READ, &buf);
1261                 else
1262                         error = 0;
1263                 if (!error && (op & MAY_WRITE))
1264                         error = ccs_path_permission(&r, CCS_TYPE_WRITE, &buf);
1265         }
1266 out:
1267         ccs_read_unlock(idx);
1268         kfree(buf.name);
1269         kfree(buffer);
1270         return error;
1271 }
1272 
1273 #endif
1274 
1275 /*
1276  * Why not to copy all operations by "original_security_ops = *ops" ?
1277  * Because copying byte array is not atomic. Reader checks
1278  * original_security_ops.op != NULL before doing original_security_ops.op().
1279  * Thus, modifying original_security_ops.op has to be atomic.
1280  */
1281 #define swap_security_ops(op)                                           \
1282         original_security_ops.op = ops->op; smp_wmb(); ops->op = ccs_##op;
1283 
1284 /**
1285  * ccs_update_security_ops - Overwrite original "struct security_operations".
1286  *
1287  * @ops: Pointer to "struct security_operations".
1288  *
1289  * Returns nothing.
1290  */
1291 static void __init ccs_update_security_ops(struct security_operations *ops)
1292 {
1293         /* Security context allocator. */
1294         swap_security_ops(task_alloc_security);
1295         swap_security_ops(task_free_security);
1296         swap_security_ops(bprm_alloc_security);
1297         swap_security_ops(bprm_free_security);
1298         /* Security context updater for successful execve(). */
1299         swap_security_ops(bprm_check_security);
1300 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 6)
1301         swap_security_ops(bprm_compute_creds);
1302 #else
1303         swap_security_ops(bprm_apply_creds);
1304 #endif
1305         /* Various permission checker. */
1306 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
1307         swap_security_ops(dentry_open);
1308 #else
1309         swap_security_ops(inode_permission);
1310 #endif
1311         swap_security_ops(file_fcntl);
1312         swap_security_ops(file_ioctl);
1313 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 21) && defined(CONFIG_SYSCTL_SYSCALL)
1314         swap_security_ops(sysctl);
1315 #endif
1316         swap_security_ops(sb_pivotroot);
1317         swap_security_ops(sb_mount);
1318         swap_security_ops(sb_umount);
1319         swap_security_ops(inode_mknod);
1320         swap_security_ops(inode_mkdir);
1321         swap_security_ops(inode_rmdir);
1322         swap_security_ops(inode_unlink);
1323         swap_security_ops(inode_symlink);
1324         swap_security_ops(inode_rename);
1325         swap_security_ops(inode_link);
1326         swap_security_ops(inode_create);
1327         swap_security_ops(inode_setattr);
1328         swap_security_ops(inode_getattr);
1329 #ifdef CONFIG_SECURITY_NETWORK
1330         swap_security_ops(socket_bind);
1331         swap_security_ops(socket_connect);
1332         swap_security_ops(socket_listen);
1333         swap_security_ops(socket_sendmsg);
1334         swap_security_ops(socket_recvmsg);
1335         swap_security_ops(socket_getsockname);
1336         swap_security_ops(socket_getpeername);
1337         swap_security_ops(socket_getsockopt);
1338         swap_security_ops(socket_setsockopt);
1339         swap_security_ops(socket_shutdown);
1340         swap_security_ops(socket_accept);
1341         swap_security_ops(inode_free_security);
1342 #endif
1343 }
1344 
1345 #undef swap_security_ops
1346 
1347 /**
1348  * ccs_init - Initialize this module.
1349  *
1350  * Returns 0 on success, negative value otherwise.
1351  */
1352 static int __init ccs_init(void)
1353 {
1354         struct security_operations *ops = probe_security_ops();
1355         if (!ops)
1356                 goto out;
1357 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
1358         ccsecurity_exports.find_task_by_vpid = probe_find_task_by_vpid();
1359         if (!ccsecurity_exports.find_task_by_vpid)
1360                 goto out;
1361         ccsecurity_exports.find_task_by_pid_ns = probe_find_task_by_pid_ns();
1362         if (!ccsecurity_exports.find_task_by_pid_ns)
1363                 goto out;
1364 #endif
1365         ccsecurity_exports.vfsmount_lock = probe_vfsmount_lock();
1366         if (!ccsecurity_exports.vfsmount_lock)
1367                 goto out;
1368         ccs_main_init();
1369         ccs_update_security_ops(ops);
1370         printk(KERN_INFO "AKARI: 1.0.35   2015/11/11\n");
1371         printk(KERN_INFO
1372                "Access Keeping And Regulating Instrument registered.\n");
1373         return 0;
1374 out:
1375         return -EINVAL;
1376 }
1377 
1378 module_init(ccs_init);
1379 MODULE_LICENSE("GPL");
1380 
1381 /**
1382  * ccs_used_by_cred - Check whether the given domain is in use or not.
1383  *
1384  * @domain: Pointer to "struct ccs_domain_info".
1385  *
1386  * Returns true if @domain is in use, false otherwise.
1387  *
1388  * Caller holds rcu_read_lock().
1389  */
1390 bool ccs_used_by_cred(const struct ccs_domain_info *domain)
1391 {
1392         return false;
1393 }
1394 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp