1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * security/tomoyo/condition.c
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * Copyright (C) 2005-2011 NTT DATA CORPORATION
6*4882a593Smuzhiyun */
7*4882a593Smuzhiyun
8*4882a593Smuzhiyun #include "common.h"
9*4882a593Smuzhiyun #include <linux/slab.h>
10*4882a593Smuzhiyun
11*4882a593Smuzhiyun /* List of "struct tomoyo_condition". */
12*4882a593Smuzhiyun LIST_HEAD(tomoyo_condition_list);
13*4882a593Smuzhiyun
14*4882a593Smuzhiyun /**
15*4882a593Smuzhiyun * tomoyo_argv - Check argv[] in "struct linux_binbrm".
16*4882a593Smuzhiyun *
17*4882a593Smuzhiyun * @index: Index number of @arg_ptr.
18*4882a593Smuzhiyun * @arg_ptr: Contents of argv[@index].
19*4882a593Smuzhiyun * @argc: Length of @argv.
20*4882a593Smuzhiyun * @argv: Pointer to "struct tomoyo_argv".
21*4882a593Smuzhiyun * @checked: Set to true if @argv[@index] was found.
22*4882a593Smuzhiyun *
23*4882a593Smuzhiyun * Returns true on success, false otherwise.
24*4882a593Smuzhiyun */
tomoyo_argv(const unsigned int index,const char * arg_ptr,const int argc,const struct tomoyo_argv * argv,u8 * checked)25*4882a593Smuzhiyun static bool tomoyo_argv(const unsigned int index, const char *arg_ptr,
26*4882a593Smuzhiyun const int argc, const struct tomoyo_argv *argv,
27*4882a593Smuzhiyun u8 *checked)
28*4882a593Smuzhiyun {
29*4882a593Smuzhiyun int i;
30*4882a593Smuzhiyun struct tomoyo_path_info arg;
31*4882a593Smuzhiyun
32*4882a593Smuzhiyun arg.name = arg_ptr;
33*4882a593Smuzhiyun for (i = 0; i < argc; argv++, checked++, i++) {
34*4882a593Smuzhiyun bool result;
35*4882a593Smuzhiyun
36*4882a593Smuzhiyun if (index != argv->index)
37*4882a593Smuzhiyun continue;
38*4882a593Smuzhiyun *checked = 1;
39*4882a593Smuzhiyun tomoyo_fill_path_info(&arg);
40*4882a593Smuzhiyun result = tomoyo_path_matches_pattern(&arg, argv->value);
41*4882a593Smuzhiyun if (argv->is_not)
42*4882a593Smuzhiyun result = !result;
43*4882a593Smuzhiyun if (!result)
44*4882a593Smuzhiyun return false;
45*4882a593Smuzhiyun }
46*4882a593Smuzhiyun return true;
47*4882a593Smuzhiyun }
48*4882a593Smuzhiyun
49*4882a593Smuzhiyun /**
50*4882a593Smuzhiyun * tomoyo_envp - Check envp[] in "struct linux_binbrm".
51*4882a593Smuzhiyun *
52*4882a593Smuzhiyun * @env_name: The name of environment variable.
53*4882a593Smuzhiyun * @env_value: The value of environment variable.
54*4882a593Smuzhiyun * @envc: Length of @envp.
55*4882a593Smuzhiyun * @envp: Pointer to "struct tomoyo_envp".
56*4882a593Smuzhiyun * @checked: Set to true if @envp[@env_name] was found.
57*4882a593Smuzhiyun *
58*4882a593Smuzhiyun * Returns true on success, false otherwise.
59*4882a593Smuzhiyun */
tomoyo_envp(const char * env_name,const char * env_value,const int envc,const struct tomoyo_envp * envp,u8 * checked)60*4882a593Smuzhiyun static bool tomoyo_envp(const char *env_name, const char *env_value,
61*4882a593Smuzhiyun const int envc, const struct tomoyo_envp *envp,
62*4882a593Smuzhiyun u8 *checked)
63*4882a593Smuzhiyun {
64*4882a593Smuzhiyun int i;
65*4882a593Smuzhiyun struct tomoyo_path_info name;
66*4882a593Smuzhiyun struct tomoyo_path_info value;
67*4882a593Smuzhiyun
68*4882a593Smuzhiyun name.name = env_name;
69*4882a593Smuzhiyun tomoyo_fill_path_info(&name);
70*4882a593Smuzhiyun value.name = env_value;
71*4882a593Smuzhiyun tomoyo_fill_path_info(&value);
72*4882a593Smuzhiyun for (i = 0; i < envc; envp++, checked++, i++) {
73*4882a593Smuzhiyun bool result;
74*4882a593Smuzhiyun
75*4882a593Smuzhiyun if (!tomoyo_path_matches_pattern(&name, envp->name))
76*4882a593Smuzhiyun continue;
77*4882a593Smuzhiyun *checked = 1;
78*4882a593Smuzhiyun if (envp->value) {
79*4882a593Smuzhiyun result = tomoyo_path_matches_pattern(&value,
80*4882a593Smuzhiyun envp->value);
81*4882a593Smuzhiyun if (envp->is_not)
82*4882a593Smuzhiyun result = !result;
83*4882a593Smuzhiyun } else {
84*4882a593Smuzhiyun result = true;
85*4882a593Smuzhiyun if (!envp->is_not)
86*4882a593Smuzhiyun result = !result;
87*4882a593Smuzhiyun }
88*4882a593Smuzhiyun if (!result)
89*4882a593Smuzhiyun return false;
90*4882a593Smuzhiyun }
91*4882a593Smuzhiyun return true;
92*4882a593Smuzhiyun }
93*4882a593Smuzhiyun
94*4882a593Smuzhiyun /**
95*4882a593Smuzhiyun * tomoyo_scan_bprm - Scan "struct linux_binprm".
96*4882a593Smuzhiyun *
97*4882a593Smuzhiyun * @ee: Pointer to "struct tomoyo_execve".
98*4882a593Smuzhiyun * @argc: Length of @argc.
99*4882a593Smuzhiyun * @argv: Pointer to "struct tomoyo_argv".
100*4882a593Smuzhiyun * @envc: Length of @envp.
101*4882a593Smuzhiyun * @envp: Poiner to "struct tomoyo_envp".
102*4882a593Smuzhiyun *
103*4882a593Smuzhiyun * Returns true on success, false otherwise.
104*4882a593Smuzhiyun */
tomoyo_scan_bprm(struct tomoyo_execve * ee,const u16 argc,const struct tomoyo_argv * argv,const u16 envc,const struct tomoyo_envp * envp)105*4882a593Smuzhiyun static bool tomoyo_scan_bprm(struct tomoyo_execve *ee,
106*4882a593Smuzhiyun const u16 argc, const struct tomoyo_argv *argv,
107*4882a593Smuzhiyun const u16 envc, const struct tomoyo_envp *envp)
108*4882a593Smuzhiyun {
109*4882a593Smuzhiyun struct linux_binprm *bprm = ee->bprm;
110*4882a593Smuzhiyun struct tomoyo_page_dump *dump = &ee->dump;
111*4882a593Smuzhiyun char *arg_ptr = ee->tmp;
112*4882a593Smuzhiyun int arg_len = 0;
113*4882a593Smuzhiyun unsigned long pos = bprm->p;
114*4882a593Smuzhiyun int offset = pos % PAGE_SIZE;
115*4882a593Smuzhiyun int argv_count = bprm->argc;
116*4882a593Smuzhiyun int envp_count = bprm->envc;
117*4882a593Smuzhiyun bool result = true;
118*4882a593Smuzhiyun u8 local_checked[32];
119*4882a593Smuzhiyun u8 *checked;
120*4882a593Smuzhiyun
121*4882a593Smuzhiyun if (argc + envc <= sizeof(local_checked)) {
122*4882a593Smuzhiyun checked = local_checked;
123*4882a593Smuzhiyun memset(local_checked, 0, sizeof(local_checked));
124*4882a593Smuzhiyun } else {
125*4882a593Smuzhiyun checked = kzalloc(argc + envc, GFP_NOFS);
126*4882a593Smuzhiyun if (!checked)
127*4882a593Smuzhiyun return false;
128*4882a593Smuzhiyun }
129*4882a593Smuzhiyun while (argv_count || envp_count) {
130*4882a593Smuzhiyun if (!tomoyo_dump_page(bprm, pos, dump)) {
131*4882a593Smuzhiyun result = false;
132*4882a593Smuzhiyun goto out;
133*4882a593Smuzhiyun }
134*4882a593Smuzhiyun pos += PAGE_SIZE - offset;
135*4882a593Smuzhiyun while (offset < PAGE_SIZE) {
136*4882a593Smuzhiyun /* Read. */
137*4882a593Smuzhiyun const char *kaddr = dump->data;
138*4882a593Smuzhiyun const unsigned char c = kaddr[offset++];
139*4882a593Smuzhiyun
140*4882a593Smuzhiyun if (c && arg_len < TOMOYO_EXEC_TMPSIZE - 10) {
141*4882a593Smuzhiyun if (c == '\\') {
142*4882a593Smuzhiyun arg_ptr[arg_len++] = '\\';
143*4882a593Smuzhiyun arg_ptr[arg_len++] = '\\';
144*4882a593Smuzhiyun } else if (c > ' ' && c < 127) {
145*4882a593Smuzhiyun arg_ptr[arg_len++] = c;
146*4882a593Smuzhiyun } else {
147*4882a593Smuzhiyun arg_ptr[arg_len++] = '\\';
148*4882a593Smuzhiyun arg_ptr[arg_len++] = (c >> 6) + '0';
149*4882a593Smuzhiyun arg_ptr[arg_len++] =
150*4882a593Smuzhiyun ((c >> 3) & 7) + '0';
151*4882a593Smuzhiyun arg_ptr[arg_len++] = (c & 7) + '0';
152*4882a593Smuzhiyun }
153*4882a593Smuzhiyun } else {
154*4882a593Smuzhiyun arg_ptr[arg_len] = '\0';
155*4882a593Smuzhiyun }
156*4882a593Smuzhiyun if (c)
157*4882a593Smuzhiyun continue;
158*4882a593Smuzhiyun /* Check. */
159*4882a593Smuzhiyun if (argv_count) {
160*4882a593Smuzhiyun if (!tomoyo_argv(bprm->argc - argv_count,
161*4882a593Smuzhiyun arg_ptr, argc, argv,
162*4882a593Smuzhiyun checked)) {
163*4882a593Smuzhiyun result = false;
164*4882a593Smuzhiyun break;
165*4882a593Smuzhiyun }
166*4882a593Smuzhiyun argv_count--;
167*4882a593Smuzhiyun } else if (envp_count) {
168*4882a593Smuzhiyun char *cp = strchr(arg_ptr, '=');
169*4882a593Smuzhiyun
170*4882a593Smuzhiyun if (cp) {
171*4882a593Smuzhiyun *cp = '\0';
172*4882a593Smuzhiyun if (!tomoyo_envp(arg_ptr, cp + 1,
173*4882a593Smuzhiyun envc, envp,
174*4882a593Smuzhiyun checked + argc)) {
175*4882a593Smuzhiyun result = false;
176*4882a593Smuzhiyun break;
177*4882a593Smuzhiyun }
178*4882a593Smuzhiyun }
179*4882a593Smuzhiyun envp_count--;
180*4882a593Smuzhiyun } else {
181*4882a593Smuzhiyun break;
182*4882a593Smuzhiyun }
183*4882a593Smuzhiyun arg_len = 0;
184*4882a593Smuzhiyun }
185*4882a593Smuzhiyun offset = 0;
186*4882a593Smuzhiyun if (!result)
187*4882a593Smuzhiyun break;
188*4882a593Smuzhiyun }
189*4882a593Smuzhiyun out:
190*4882a593Smuzhiyun if (result) {
191*4882a593Smuzhiyun int i;
192*4882a593Smuzhiyun
193*4882a593Smuzhiyun /* Check not-yet-checked entries. */
194*4882a593Smuzhiyun for (i = 0; i < argc; i++) {
195*4882a593Smuzhiyun if (checked[i])
196*4882a593Smuzhiyun continue;
197*4882a593Smuzhiyun /*
198*4882a593Smuzhiyun * Return true only if all unchecked indexes in
199*4882a593Smuzhiyun * bprm->argv[] are not matched.
200*4882a593Smuzhiyun */
201*4882a593Smuzhiyun if (argv[i].is_not)
202*4882a593Smuzhiyun continue;
203*4882a593Smuzhiyun result = false;
204*4882a593Smuzhiyun break;
205*4882a593Smuzhiyun }
206*4882a593Smuzhiyun for (i = 0; i < envc; envp++, i++) {
207*4882a593Smuzhiyun if (checked[argc + i])
208*4882a593Smuzhiyun continue;
209*4882a593Smuzhiyun /*
210*4882a593Smuzhiyun * Return true only if all unchecked environ variables
211*4882a593Smuzhiyun * in bprm->envp[] are either undefined or not matched.
212*4882a593Smuzhiyun */
213*4882a593Smuzhiyun if ((!envp->value && !envp->is_not) ||
214*4882a593Smuzhiyun (envp->value && envp->is_not))
215*4882a593Smuzhiyun continue;
216*4882a593Smuzhiyun result = false;
217*4882a593Smuzhiyun break;
218*4882a593Smuzhiyun }
219*4882a593Smuzhiyun }
220*4882a593Smuzhiyun if (checked != local_checked)
221*4882a593Smuzhiyun kfree(checked);
222*4882a593Smuzhiyun return result;
223*4882a593Smuzhiyun }
224*4882a593Smuzhiyun
225*4882a593Smuzhiyun /**
226*4882a593Smuzhiyun * tomoyo_scan_exec_realpath - Check "exec.realpath" parameter of "struct tomoyo_condition".
227*4882a593Smuzhiyun *
228*4882a593Smuzhiyun * @file: Pointer to "struct file".
229*4882a593Smuzhiyun * @ptr: Pointer to "struct tomoyo_name_union".
230*4882a593Smuzhiyun * @match: True if "exec.realpath=", false if "exec.realpath!=".
231*4882a593Smuzhiyun *
232*4882a593Smuzhiyun * Returns true on success, false otherwise.
233*4882a593Smuzhiyun */
tomoyo_scan_exec_realpath(struct file * file,const struct tomoyo_name_union * ptr,const bool match)234*4882a593Smuzhiyun static bool tomoyo_scan_exec_realpath(struct file *file,
235*4882a593Smuzhiyun const struct tomoyo_name_union *ptr,
236*4882a593Smuzhiyun const bool match)
237*4882a593Smuzhiyun {
238*4882a593Smuzhiyun bool result;
239*4882a593Smuzhiyun struct tomoyo_path_info exe;
240*4882a593Smuzhiyun
241*4882a593Smuzhiyun if (!file)
242*4882a593Smuzhiyun return false;
243*4882a593Smuzhiyun exe.name = tomoyo_realpath_from_path(&file->f_path);
244*4882a593Smuzhiyun if (!exe.name)
245*4882a593Smuzhiyun return false;
246*4882a593Smuzhiyun tomoyo_fill_path_info(&exe);
247*4882a593Smuzhiyun result = tomoyo_compare_name_union(&exe, ptr);
248*4882a593Smuzhiyun kfree(exe.name);
249*4882a593Smuzhiyun return result == match;
250*4882a593Smuzhiyun }
251*4882a593Smuzhiyun
252*4882a593Smuzhiyun /**
253*4882a593Smuzhiyun * tomoyo_get_dqword - tomoyo_get_name() for a quoted string.
254*4882a593Smuzhiyun *
255*4882a593Smuzhiyun * @start: String to save.
256*4882a593Smuzhiyun *
257*4882a593Smuzhiyun * Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise.
258*4882a593Smuzhiyun */
tomoyo_get_dqword(char * start)259*4882a593Smuzhiyun static const struct tomoyo_path_info *tomoyo_get_dqword(char *start)
260*4882a593Smuzhiyun {
261*4882a593Smuzhiyun char *cp = start + strlen(start) - 1;
262*4882a593Smuzhiyun
263*4882a593Smuzhiyun if (cp == start || *start++ != '"' || *cp != '"')
264*4882a593Smuzhiyun return NULL;
265*4882a593Smuzhiyun *cp = '\0';
266*4882a593Smuzhiyun if (*start && !tomoyo_correct_word(start))
267*4882a593Smuzhiyun return NULL;
268*4882a593Smuzhiyun return tomoyo_get_name(start);
269*4882a593Smuzhiyun }
270*4882a593Smuzhiyun
271*4882a593Smuzhiyun /**
272*4882a593Smuzhiyun * tomoyo_parse_name_union_quoted - Parse a quoted word.
273*4882a593Smuzhiyun *
274*4882a593Smuzhiyun * @param: Pointer to "struct tomoyo_acl_param".
275*4882a593Smuzhiyun * @ptr: Pointer to "struct tomoyo_name_union".
276*4882a593Smuzhiyun *
277*4882a593Smuzhiyun * Returns true on success, false otherwise.
278*4882a593Smuzhiyun */
tomoyo_parse_name_union_quoted(struct tomoyo_acl_param * param,struct tomoyo_name_union * ptr)279*4882a593Smuzhiyun static bool tomoyo_parse_name_union_quoted(struct tomoyo_acl_param *param,
280*4882a593Smuzhiyun struct tomoyo_name_union *ptr)
281*4882a593Smuzhiyun {
282*4882a593Smuzhiyun char *filename = param->data;
283*4882a593Smuzhiyun
284*4882a593Smuzhiyun if (*filename == '@')
285*4882a593Smuzhiyun return tomoyo_parse_name_union(param, ptr);
286*4882a593Smuzhiyun ptr->filename = tomoyo_get_dqword(filename);
287*4882a593Smuzhiyun return ptr->filename != NULL;
288*4882a593Smuzhiyun }
289*4882a593Smuzhiyun
290*4882a593Smuzhiyun /**
291*4882a593Smuzhiyun * tomoyo_parse_argv - Parse an argv[] condition part.
292*4882a593Smuzhiyun *
293*4882a593Smuzhiyun * @left: Lefthand value.
294*4882a593Smuzhiyun * @right: Righthand value.
295*4882a593Smuzhiyun * @argv: Pointer to "struct tomoyo_argv".
296*4882a593Smuzhiyun *
297*4882a593Smuzhiyun * Returns true on success, false otherwise.
298*4882a593Smuzhiyun */
tomoyo_parse_argv(char * left,char * right,struct tomoyo_argv * argv)299*4882a593Smuzhiyun static bool tomoyo_parse_argv(char *left, char *right,
300*4882a593Smuzhiyun struct tomoyo_argv *argv)
301*4882a593Smuzhiyun {
302*4882a593Smuzhiyun if (tomoyo_parse_ulong(&argv->index, &left) !=
303*4882a593Smuzhiyun TOMOYO_VALUE_TYPE_DECIMAL || *left++ != ']' || *left)
304*4882a593Smuzhiyun return false;
305*4882a593Smuzhiyun argv->value = tomoyo_get_dqword(right);
306*4882a593Smuzhiyun return argv->value != NULL;
307*4882a593Smuzhiyun }
308*4882a593Smuzhiyun
309*4882a593Smuzhiyun /**
310*4882a593Smuzhiyun * tomoyo_parse_envp - Parse an envp[] condition part.
311*4882a593Smuzhiyun *
312*4882a593Smuzhiyun * @left: Lefthand value.
313*4882a593Smuzhiyun * @right: Righthand value.
314*4882a593Smuzhiyun * @envp: Pointer to "struct tomoyo_envp".
315*4882a593Smuzhiyun *
316*4882a593Smuzhiyun * Returns true on success, false otherwise.
317*4882a593Smuzhiyun */
tomoyo_parse_envp(char * left,char * right,struct tomoyo_envp * envp)318*4882a593Smuzhiyun static bool tomoyo_parse_envp(char *left, char *right,
319*4882a593Smuzhiyun struct tomoyo_envp *envp)
320*4882a593Smuzhiyun {
321*4882a593Smuzhiyun const struct tomoyo_path_info *name;
322*4882a593Smuzhiyun const struct tomoyo_path_info *value;
323*4882a593Smuzhiyun char *cp = left + strlen(left) - 1;
324*4882a593Smuzhiyun
325*4882a593Smuzhiyun if (*cp-- != ']' || *cp != '"')
326*4882a593Smuzhiyun goto out;
327*4882a593Smuzhiyun *cp = '\0';
328*4882a593Smuzhiyun if (!tomoyo_correct_word(left))
329*4882a593Smuzhiyun goto out;
330*4882a593Smuzhiyun name = tomoyo_get_name(left);
331*4882a593Smuzhiyun if (!name)
332*4882a593Smuzhiyun goto out;
333*4882a593Smuzhiyun if (!strcmp(right, "NULL")) {
334*4882a593Smuzhiyun value = NULL;
335*4882a593Smuzhiyun } else {
336*4882a593Smuzhiyun value = tomoyo_get_dqword(right);
337*4882a593Smuzhiyun if (!value) {
338*4882a593Smuzhiyun tomoyo_put_name(name);
339*4882a593Smuzhiyun goto out;
340*4882a593Smuzhiyun }
341*4882a593Smuzhiyun }
342*4882a593Smuzhiyun envp->name = name;
343*4882a593Smuzhiyun envp->value = value;
344*4882a593Smuzhiyun return true;
345*4882a593Smuzhiyun out:
346*4882a593Smuzhiyun return false;
347*4882a593Smuzhiyun }
348*4882a593Smuzhiyun
349*4882a593Smuzhiyun /**
350*4882a593Smuzhiyun * tomoyo_same_condition - Check for duplicated "struct tomoyo_condition" entry.
351*4882a593Smuzhiyun *
352*4882a593Smuzhiyun * @a: Pointer to "struct tomoyo_condition".
353*4882a593Smuzhiyun * @b: Pointer to "struct tomoyo_condition".
354*4882a593Smuzhiyun *
355*4882a593Smuzhiyun * Returns true if @a == @b, false otherwise.
356*4882a593Smuzhiyun */
tomoyo_same_condition(const struct tomoyo_condition * a,const struct tomoyo_condition * b)357*4882a593Smuzhiyun static inline bool tomoyo_same_condition(const struct tomoyo_condition *a,
358*4882a593Smuzhiyun const struct tomoyo_condition *b)
359*4882a593Smuzhiyun {
360*4882a593Smuzhiyun return a->size == b->size && a->condc == b->condc &&
361*4882a593Smuzhiyun a->numbers_count == b->numbers_count &&
362*4882a593Smuzhiyun a->names_count == b->names_count &&
363*4882a593Smuzhiyun a->argc == b->argc && a->envc == b->envc &&
364*4882a593Smuzhiyun a->grant_log == b->grant_log && a->transit == b->transit &&
365*4882a593Smuzhiyun !memcmp(a + 1, b + 1, a->size - sizeof(*a));
366*4882a593Smuzhiyun }
367*4882a593Smuzhiyun
368*4882a593Smuzhiyun /**
369*4882a593Smuzhiyun * tomoyo_condition_type - Get condition type.
370*4882a593Smuzhiyun *
371*4882a593Smuzhiyun * @word: Keyword string.
372*4882a593Smuzhiyun *
373*4882a593Smuzhiyun * Returns one of values in "enum tomoyo_conditions_index" on success,
374*4882a593Smuzhiyun * TOMOYO_MAX_CONDITION_KEYWORD otherwise.
375*4882a593Smuzhiyun */
tomoyo_condition_type(const char * word)376*4882a593Smuzhiyun static u8 tomoyo_condition_type(const char *word)
377*4882a593Smuzhiyun {
378*4882a593Smuzhiyun u8 i;
379*4882a593Smuzhiyun
380*4882a593Smuzhiyun for (i = 0; i < TOMOYO_MAX_CONDITION_KEYWORD; i++) {
381*4882a593Smuzhiyun if (!strcmp(word, tomoyo_condition_keyword[i]))
382*4882a593Smuzhiyun break;
383*4882a593Smuzhiyun }
384*4882a593Smuzhiyun return i;
385*4882a593Smuzhiyun }
386*4882a593Smuzhiyun
387*4882a593Smuzhiyun /* Define this to enable debug mode. */
388*4882a593Smuzhiyun /* #define DEBUG_CONDITION */
389*4882a593Smuzhiyun
390*4882a593Smuzhiyun #ifdef DEBUG_CONDITION
391*4882a593Smuzhiyun #define dprintk printk
392*4882a593Smuzhiyun #else
393*4882a593Smuzhiyun #define dprintk(...) do { } while (0)
394*4882a593Smuzhiyun #endif
395*4882a593Smuzhiyun
396*4882a593Smuzhiyun /**
397*4882a593Smuzhiyun * tomoyo_commit_condition - Commit "struct tomoyo_condition".
398*4882a593Smuzhiyun *
399*4882a593Smuzhiyun * @entry: Pointer to "struct tomoyo_condition".
400*4882a593Smuzhiyun *
401*4882a593Smuzhiyun * Returns pointer to "struct tomoyo_condition" on success, NULL otherwise.
402*4882a593Smuzhiyun *
403*4882a593Smuzhiyun * This function merges duplicated entries. This function returns NULL if
404*4882a593Smuzhiyun * @entry is not duplicated but memory quota for policy has exceeded.
405*4882a593Smuzhiyun */
tomoyo_commit_condition(struct tomoyo_condition * entry)406*4882a593Smuzhiyun static struct tomoyo_condition *tomoyo_commit_condition
407*4882a593Smuzhiyun (struct tomoyo_condition *entry)
408*4882a593Smuzhiyun {
409*4882a593Smuzhiyun struct tomoyo_condition *ptr;
410*4882a593Smuzhiyun bool found = false;
411*4882a593Smuzhiyun
412*4882a593Smuzhiyun if (mutex_lock_interruptible(&tomoyo_policy_lock)) {
413*4882a593Smuzhiyun dprintk(KERN_WARNING "%u: %s failed\n", __LINE__, __func__);
414*4882a593Smuzhiyun ptr = NULL;
415*4882a593Smuzhiyun found = true;
416*4882a593Smuzhiyun goto out;
417*4882a593Smuzhiyun }
418*4882a593Smuzhiyun list_for_each_entry(ptr, &tomoyo_condition_list, head.list) {
419*4882a593Smuzhiyun if (!tomoyo_same_condition(ptr, entry) ||
420*4882a593Smuzhiyun atomic_read(&ptr->head.users) == TOMOYO_GC_IN_PROGRESS)
421*4882a593Smuzhiyun continue;
422*4882a593Smuzhiyun /* Same entry found. Share this entry. */
423*4882a593Smuzhiyun atomic_inc(&ptr->head.users);
424*4882a593Smuzhiyun found = true;
425*4882a593Smuzhiyun break;
426*4882a593Smuzhiyun }
427*4882a593Smuzhiyun if (!found) {
428*4882a593Smuzhiyun if (tomoyo_memory_ok(entry)) {
429*4882a593Smuzhiyun atomic_set(&entry->head.users, 1);
430*4882a593Smuzhiyun list_add(&entry->head.list, &tomoyo_condition_list);
431*4882a593Smuzhiyun } else {
432*4882a593Smuzhiyun found = true;
433*4882a593Smuzhiyun ptr = NULL;
434*4882a593Smuzhiyun }
435*4882a593Smuzhiyun }
436*4882a593Smuzhiyun mutex_unlock(&tomoyo_policy_lock);
437*4882a593Smuzhiyun out:
438*4882a593Smuzhiyun if (found) {
439*4882a593Smuzhiyun tomoyo_del_condition(&entry->head.list);
440*4882a593Smuzhiyun kfree(entry);
441*4882a593Smuzhiyun entry = ptr;
442*4882a593Smuzhiyun }
443*4882a593Smuzhiyun return entry;
444*4882a593Smuzhiyun }
445*4882a593Smuzhiyun
446*4882a593Smuzhiyun /**
447*4882a593Smuzhiyun * tomoyo_get_transit_preference - Parse domain transition preference for execve().
448*4882a593Smuzhiyun *
449*4882a593Smuzhiyun * @param: Pointer to "struct tomoyo_acl_param".
450*4882a593Smuzhiyun * @e: Pointer to "struct tomoyo_condition".
451*4882a593Smuzhiyun *
452*4882a593Smuzhiyun * Returns the condition string part.
453*4882a593Smuzhiyun */
tomoyo_get_transit_preference(struct tomoyo_acl_param * param,struct tomoyo_condition * e)454*4882a593Smuzhiyun static char *tomoyo_get_transit_preference(struct tomoyo_acl_param *param,
455*4882a593Smuzhiyun struct tomoyo_condition *e)
456*4882a593Smuzhiyun {
457*4882a593Smuzhiyun char * const pos = param->data;
458*4882a593Smuzhiyun bool flag;
459*4882a593Smuzhiyun
460*4882a593Smuzhiyun if (*pos == '<') {
461*4882a593Smuzhiyun e->transit = tomoyo_get_domainname(param);
462*4882a593Smuzhiyun goto done;
463*4882a593Smuzhiyun }
464*4882a593Smuzhiyun {
465*4882a593Smuzhiyun char *cp = strchr(pos, ' ');
466*4882a593Smuzhiyun
467*4882a593Smuzhiyun if (cp)
468*4882a593Smuzhiyun *cp = '\0';
469*4882a593Smuzhiyun flag = tomoyo_correct_path(pos) || !strcmp(pos, "keep") ||
470*4882a593Smuzhiyun !strcmp(pos, "initialize") || !strcmp(pos, "reset") ||
471*4882a593Smuzhiyun !strcmp(pos, "child") || !strcmp(pos, "parent");
472*4882a593Smuzhiyun if (cp)
473*4882a593Smuzhiyun *cp = ' ';
474*4882a593Smuzhiyun }
475*4882a593Smuzhiyun if (!flag)
476*4882a593Smuzhiyun return pos;
477*4882a593Smuzhiyun e->transit = tomoyo_get_name(tomoyo_read_token(param));
478*4882a593Smuzhiyun done:
479*4882a593Smuzhiyun if (e->transit)
480*4882a593Smuzhiyun return param->data;
481*4882a593Smuzhiyun /*
482*4882a593Smuzhiyun * Return a bad read-only condition string that will let
483*4882a593Smuzhiyun * tomoyo_get_condition() return NULL.
484*4882a593Smuzhiyun */
485*4882a593Smuzhiyun return "/";
486*4882a593Smuzhiyun }
487*4882a593Smuzhiyun
488*4882a593Smuzhiyun /**
489*4882a593Smuzhiyun * tomoyo_get_condition - Parse condition part.
490*4882a593Smuzhiyun *
491*4882a593Smuzhiyun * @param: Pointer to "struct tomoyo_acl_param".
492*4882a593Smuzhiyun *
493*4882a593Smuzhiyun * Returns pointer to "struct tomoyo_condition" on success, NULL otherwise.
494*4882a593Smuzhiyun */
tomoyo_get_condition(struct tomoyo_acl_param * param)495*4882a593Smuzhiyun struct tomoyo_condition *tomoyo_get_condition(struct tomoyo_acl_param *param)
496*4882a593Smuzhiyun {
497*4882a593Smuzhiyun struct tomoyo_condition *entry = NULL;
498*4882a593Smuzhiyun struct tomoyo_condition_element *condp = NULL;
499*4882a593Smuzhiyun struct tomoyo_number_union *numbers_p = NULL;
500*4882a593Smuzhiyun struct tomoyo_name_union *names_p = NULL;
501*4882a593Smuzhiyun struct tomoyo_argv *argv = NULL;
502*4882a593Smuzhiyun struct tomoyo_envp *envp = NULL;
503*4882a593Smuzhiyun struct tomoyo_condition e = { };
504*4882a593Smuzhiyun char * const start_of_string =
505*4882a593Smuzhiyun tomoyo_get_transit_preference(param, &e);
506*4882a593Smuzhiyun char * const end_of_string = start_of_string + strlen(start_of_string);
507*4882a593Smuzhiyun char *pos;
508*4882a593Smuzhiyun
509*4882a593Smuzhiyun rerun:
510*4882a593Smuzhiyun pos = start_of_string;
511*4882a593Smuzhiyun while (1) {
512*4882a593Smuzhiyun u8 left = -1;
513*4882a593Smuzhiyun u8 right = -1;
514*4882a593Smuzhiyun char *left_word = pos;
515*4882a593Smuzhiyun char *cp;
516*4882a593Smuzhiyun char *right_word;
517*4882a593Smuzhiyun bool is_not;
518*4882a593Smuzhiyun
519*4882a593Smuzhiyun if (!*left_word)
520*4882a593Smuzhiyun break;
521*4882a593Smuzhiyun /*
522*4882a593Smuzhiyun * Since left-hand condition does not allow use of "path_group"
523*4882a593Smuzhiyun * or "number_group" and environment variable's names do not
524*4882a593Smuzhiyun * accept '=', it is guaranteed that the original line consists
525*4882a593Smuzhiyun * of one or more repetition of $left$operator$right blocks
526*4882a593Smuzhiyun * where "$left is free from '=' and ' '" and "$operator is
527*4882a593Smuzhiyun * either '=' or '!='" and "$right is free from ' '".
528*4882a593Smuzhiyun * Therefore, we can reconstruct the original line at the end
529*4882a593Smuzhiyun * of dry run even if we overwrite $operator with '\0'.
530*4882a593Smuzhiyun */
531*4882a593Smuzhiyun cp = strchr(pos, ' ');
532*4882a593Smuzhiyun if (cp) {
533*4882a593Smuzhiyun *cp = '\0'; /* Will restore later. */
534*4882a593Smuzhiyun pos = cp + 1;
535*4882a593Smuzhiyun } else {
536*4882a593Smuzhiyun pos = "";
537*4882a593Smuzhiyun }
538*4882a593Smuzhiyun right_word = strchr(left_word, '=');
539*4882a593Smuzhiyun if (!right_word || right_word == left_word)
540*4882a593Smuzhiyun goto out;
541*4882a593Smuzhiyun is_not = *(right_word - 1) == '!';
542*4882a593Smuzhiyun if (is_not)
543*4882a593Smuzhiyun *(right_word++ - 1) = '\0'; /* Will restore later. */
544*4882a593Smuzhiyun else if (*(right_word + 1) != '=')
545*4882a593Smuzhiyun *right_word++ = '\0'; /* Will restore later. */
546*4882a593Smuzhiyun else
547*4882a593Smuzhiyun goto out;
548*4882a593Smuzhiyun dprintk(KERN_WARNING "%u: <%s>%s=<%s>\n", __LINE__, left_word,
549*4882a593Smuzhiyun is_not ? "!" : "", right_word);
550*4882a593Smuzhiyun if (!strcmp(left_word, "grant_log")) {
551*4882a593Smuzhiyun if (entry) {
552*4882a593Smuzhiyun if (is_not ||
553*4882a593Smuzhiyun entry->grant_log != TOMOYO_GRANTLOG_AUTO)
554*4882a593Smuzhiyun goto out;
555*4882a593Smuzhiyun else if (!strcmp(right_word, "yes"))
556*4882a593Smuzhiyun entry->grant_log = TOMOYO_GRANTLOG_YES;
557*4882a593Smuzhiyun else if (!strcmp(right_word, "no"))
558*4882a593Smuzhiyun entry->grant_log = TOMOYO_GRANTLOG_NO;
559*4882a593Smuzhiyun else
560*4882a593Smuzhiyun goto out;
561*4882a593Smuzhiyun }
562*4882a593Smuzhiyun continue;
563*4882a593Smuzhiyun }
564*4882a593Smuzhiyun if (!strncmp(left_word, "exec.argv[", 10)) {
565*4882a593Smuzhiyun if (!argv) {
566*4882a593Smuzhiyun e.argc++;
567*4882a593Smuzhiyun e.condc++;
568*4882a593Smuzhiyun } else {
569*4882a593Smuzhiyun e.argc--;
570*4882a593Smuzhiyun e.condc--;
571*4882a593Smuzhiyun left = TOMOYO_ARGV_ENTRY;
572*4882a593Smuzhiyun argv->is_not = is_not;
573*4882a593Smuzhiyun if (!tomoyo_parse_argv(left_word + 10,
574*4882a593Smuzhiyun right_word, argv++))
575*4882a593Smuzhiyun goto out;
576*4882a593Smuzhiyun }
577*4882a593Smuzhiyun goto store_value;
578*4882a593Smuzhiyun }
579*4882a593Smuzhiyun if (!strncmp(left_word, "exec.envp[\"", 11)) {
580*4882a593Smuzhiyun if (!envp) {
581*4882a593Smuzhiyun e.envc++;
582*4882a593Smuzhiyun e.condc++;
583*4882a593Smuzhiyun } else {
584*4882a593Smuzhiyun e.envc--;
585*4882a593Smuzhiyun e.condc--;
586*4882a593Smuzhiyun left = TOMOYO_ENVP_ENTRY;
587*4882a593Smuzhiyun envp->is_not = is_not;
588*4882a593Smuzhiyun if (!tomoyo_parse_envp(left_word + 11,
589*4882a593Smuzhiyun right_word, envp++))
590*4882a593Smuzhiyun goto out;
591*4882a593Smuzhiyun }
592*4882a593Smuzhiyun goto store_value;
593*4882a593Smuzhiyun }
594*4882a593Smuzhiyun left = tomoyo_condition_type(left_word);
595*4882a593Smuzhiyun dprintk(KERN_WARNING "%u: <%s> left=%u\n", __LINE__, left_word,
596*4882a593Smuzhiyun left);
597*4882a593Smuzhiyun if (left == TOMOYO_MAX_CONDITION_KEYWORD) {
598*4882a593Smuzhiyun if (!numbers_p) {
599*4882a593Smuzhiyun e.numbers_count++;
600*4882a593Smuzhiyun } else {
601*4882a593Smuzhiyun e.numbers_count--;
602*4882a593Smuzhiyun left = TOMOYO_NUMBER_UNION;
603*4882a593Smuzhiyun param->data = left_word;
604*4882a593Smuzhiyun if (*left_word == '@' ||
605*4882a593Smuzhiyun !tomoyo_parse_number_union(param,
606*4882a593Smuzhiyun numbers_p++))
607*4882a593Smuzhiyun goto out;
608*4882a593Smuzhiyun }
609*4882a593Smuzhiyun }
610*4882a593Smuzhiyun if (!condp)
611*4882a593Smuzhiyun e.condc++;
612*4882a593Smuzhiyun else
613*4882a593Smuzhiyun e.condc--;
614*4882a593Smuzhiyun if (left == TOMOYO_EXEC_REALPATH ||
615*4882a593Smuzhiyun left == TOMOYO_SYMLINK_TARGET) {
616*4882a593Smuzhiyun if (!names_p) {
617*4882a593Smuzhiyun e.names_count++;
618*4882a593Smuzhiyun } else {
619*4882a593Smuzhiyun e.names_count--;
620*4882a593Smuzhiyun right = TOMOYO_NAME_UNION;
621*4882a593Smuzhiyun param->data = right_word;
622*4882a593Smuzhiyun if (!tomoyo_parse_name_union_quoted(param,
623*4882a593Smuzhiyun names_p++))
624*4882a593Smuzhiyun goto out;
625*4882a593Smuzhiyun }
626*4882a593Smuzhiyun goto store_value;
627*4882a593Smuzhiyun }
628*4882a593Smuzhiyun right = tomoyo_condition_type(right_word);
629*4882a593Smuzhiyun if (right == TOMOYO_MAX_CONDITION_KEYWORD) {
630*4882a593Smuzhiyun if (!numbers_p) {
631*4882a593Smuzhiyun e.numbers_count++;
632*4882a593Smuzhiyun } else {
633*4882a593Smuzhiyun e.numbers_count--;
634*4882a593Smuzhiyun right = TOMOYO_NUMBER_UNION;
635*4882a593Smuzhiyun param->data = right_word;
636*4882a593Smuzhiyun if (!tomoyo_parse_number_union(param,
637*4882a593Smuzhiyun numbers_p++))
638*4882a593Smuzhiyun goto out;
639*4882a593Smuzhiyun }
640*4882a593Smuzhiyun }
641*4882a593Smuzhiyun store_value:
642*4882a593Smuzhiyun if (!condp) {
643*4882a593Smuzhiyun dprintk(KERN_WARNING "%u: dry_run left=%u right=%u match=%u\n",
644*4882a593Smuzhiyun __LINE__, left, right, !is_not);
645*4882a593Smuzhiyun continue;
646*4882a593Smuzhiyun }
647*4882a593Smuzhiyun condp->left = left;
648*4882a593Smuzhiyun condp->right = right;
649*4882a593Smuzhiyun condp->equals = !is_not;
650*4882a593Smuzhiyun dprintk(KERN_WARNING "%u: left=%u right=%u match=%u\n",
651*4882a593Smuzhiyun __LINE__, condp->left, condp->right,
652*4882a593Smuzhiyun condp->equals);
653*4882a593Smuzhiyun condp++;
654*4882a593Smuzhiyun }
655*4882a593Smuzhiyun dprintk(KERN_INFO "%u: cond=%u numbers=%u names=%u ac=%u ec=%u\n",
656*4882a593Smuzhiyun __LINE__, e.condc, e.numbers_count, e.names_count, e.argc,
657*4882a593Smuzhiyun e.envc);
658*4882a593Smuzhiyun if (entry) {
659*4882a593Smuzhiyun BUG_ON(e.names_count | e.numbers_count | e.argc | e.envc |
660*4882a593Smuzhiyun e.condc);
661*4882a593Smuzhiyun return tomoyo_commit_condition(entry);
662*4882a593Smuzhiyun }
663*4882a593Smuzhiyun e.size = sizeof(*entry)
664*4882a593Smuzhiyun + e.condc * sizeof(struct tomoyo_condition_element)
665*4882a593Smuzhiyun + e.numbers_count * sizeof(struct tomoyo_number_union)
666*4882a593Smuzhiyun + e.names_count * sizeof(struct tomoyo_name_union)
667*4882a593Smuzhiyun + e.argc * sizeof(struct tomoyo_argv)
668*4882a593Smuzhiyun + e.envc * sizeof(struct tomoyo_envp);
669*4882a593Smuzhiyun entry = kzalloc(e.size, GFP_NOFS);
670*4882a593Smuzhiyun if (!entry)
671*4882a593Smuzhiyun goto out2;
672*4882a593Smuzhiyun *entry = e;
673*4882a593Smuzhiyun e.transit = NULL;
674*4882a593Smuzhiyun condp = (struct tomoyo_condition_element *) (entry + 1);
675*4882a593Smuzhiyun numbers_p = (struct tomoyo_number_union *) (condp + e.condc);
676*4882a593Smuzhiyun names_p = (struct tomoyo_name_union *) (numbers_p + e.numbers_count);
677*4882a593Smuzhiyun argv = (struct tomoyo_argv *) (names_p + e.names_count);
678*4882a593Smuzhiyun envp = (struct tomoyo_envp *) (argv + e.argc);
679*4882a593Smuzhiyun {
680*4882a593Smuzhiyun bool flag = false;
681*4882a593Smuzhiyun
682*4882a593Smuzhiyun for (pos = start_of_string; pos < end_of_string; pos++) {
683*4882a593Smuzhiyun if (*pos)
684*4882a593Smuzhiyun continue;
685*4882a593Smuzhiyun if (flag) /* Restore " ". */
686*4882a593Smuzhiyun *pos = ' ';
687*4882a593Smuzhiyun else if (*(pos + 1) == '=') /* Restore "!=". */
688*4882a593Smuzhiyun *pos = '!';
689*4882a593Smuzhiyun else /* Restore "=". */
690*4882a593Smuzhiyun *pos = '=';
691*4882a593Smuzhiyun flag = !flag;
692*4882a593Smuzhiyun }
693*4882a593Smuzhiyun }
694*4882a593Smuzhiyun goto rerun;
695*4882a593Smuzhiyun out:
696*4882a593Smuzhiyun dprintk(KERN_WARNING "%u: %s failed\n", __LINE__, __func__);
697*4882a593Smuzhiyun if (entry) {
698*4882a593Smuzhiyun tomoyo_del_condition(&entry->head.list);
699*4882a593Smuzhiyun kfree(entry);
700*4882a593Smuzhiyun }
701*4882a593Smuzhiyun out2:
702*4882a593Smuzhiyun tomoyo_put_name(e.transit);
703*4882a593Smuzhiyun return NULL;
704*4882a593Smuzhiyun }
705*4882a593Smuzhiyun
706*4882a593Smuzhiyun /**
707*4882a593Smuzhiyun * tomoyo_get_attributes - Revalidate "struct inode".
708*4882a593Smuzhiyun *
709*4882a593Smuzhiyun * @obj: Pointer to "struct tomoyo_obj_info".
710*4882a593Smuzhiyun *
711*4882a593Smuzhiyun * Returns nothing.
712*4882a593Smuzhiyun */
tomoyo_get_attributes(struct tomoyo_obj_info * obj)713*4882a593Smuzhiyun void tomoyo_get_attributes(struct tomoyo_obj_info *obj)
714*4882a593Smuzhiyun {
715*4882a593Smuzhiyun u8 i;
716*4882a593Smuzhiyun struct dentry *dentry = NULL;
717*4882a593Smuzhiyun
718*4882a593Smuzhiyun for (i = 0; i < TOMOYO_MAX_PATH_STAT; i++) {
719*4882a593Smuzhiyun struct inode *inode;
720*4882a593Smuzhiyun
721*4882a593Smuzhiyun switch (i) {
722*4882a593Smuzhiyun case TOMOYO_PATH1:
723*4882a593Smuzhiyun dentry = obj->path1.dentry;
724*4882a593Smuzhiyun if (!dentry)
725*4882a593Smuzhiyun continue;
726*4882a593Smuzhiyun break;
727*4882a593Smuzhiyun case TOMOYO_PATH2:
728*4882a593Smuzhiyun dentry = obj->path2.dentry;
729*4882a593Smuzhiyun if (!dentry)
730*4882a593Smuzhiyun continue;
731*4882a593Smuzhiyun break;
732*4882a593Smuzhiyun default:
733*4882a593Smuzhiyun if (!dentry)
734*4882a593Smuzhiyun continue;
735*4882a593Smuzhiyun dentry = dget_parent(dentry);
736*4882a593Smuzhiyun break;
737*4882a593Smuzhiyun }
738*4882a593Smuzhiyun inode = d_backing_inode(dentry);
739*4882a593Smuzhiyun if (inode) {
740*4882a593Smuzhiyun struct tomoyo_mini_stat *stat = &obj->stat[i];
741*4882a593Smuzhiyun
742*4882a593Smuzhiyun stat->uid = inode->i_uid;
743*4882a593Smuzhiyun stat->gid = inode->i_gid;
744*4882a593Smuzhiyun stat->ino = inode->i_ino;
745*4882a593Smuzhiyun stat->mode = inode->i_mode;
746*4882a593Smuzhiyun stat->dev = inode->i_sb->s_dev;
747*4882a593Smuzhiyun stat->rdev = inode->i_rdev;
748*4882a593Smuzhiyun obj->stat_valid[i] = true;
749*4882a593Smuzhiyun }
750*4882a593Smuzhiyun if (i & 1) /* TOMOYO_PATH1_PARENT or TOMOYO_PATH2_PARENT */
751*4882a593Smuzhiyun dput(dentry);
752*4882a593Smuzhiyun }
753*4882a593Smuzhiyun }
754*4882a593Smuzhiyun
755*4882a593Smuzhiyun /**
756*4882a593Smuzhiyun * tomoyo_condition - Check condition part.
757*4882a593Smuzhiyun *
758*4882a593Smuzhiyun * @r: Pointer to "struct tomoyo_request_info".
759*4882a593Smuzhiyun * @cond: Pointer to "struct tomoyo_condition". Maybe NULL.
760*4882a593Smuzhiyun *
761*4882a593Smuzhiyun * Returns true on success, false otherwise.
762*4882a593Smuzhiyun *
763*4882a593Smuzhiyun * Caller holds tomoyo_read_lock().
764*4882a593Smuzhiyun */
tomoyo_condition(struct tomoyo_request_info * r,const struct tomoyo_condition * cond)765*4882a593Smuzhiyun bool tomoyo_condition(struct tomoyo_request_info *r,
766*4882a593Smuzhiyun const struct tomoyo_condition *cond)
767*4882a593Smuzhiyun {
768*4882a593Smuzhiyun u32 i;
769*4882a593Smuzhiyun unsigned long min_v[2] = { 0, 0 };
770*4882a593Smuzhiyun unsigned long max_v[2] = { 0, 0 };
771*4882a593Smuzhiyun const struct tomoyo_condition_element *condp;
772*4882a593Smuzhiyun const struct tomoyo_number_union *numbers_p;
773*4882a593Smuzhiyun const struct tomoyo_name_union *names_p;
774*4882a593Smuzhiyun const struct tomoyo_argv *argv;
775*4882a593Smuzhiyun const struct tomoyo_envp *envp;
776*4882a593Smuzhiyun struct tomoyo_obj_info *obj;
777*4882a593Smuzhiyun u16 condc;
778*4882a593Smuzhiyun u16 argc;
779*4882a593Smuzhiyun u16 envc;
780*4882a593Smuzhiyun struct linux_binprm *bprm = NULL;
781*4882a593Smuzhiyun
782*4882a593Smuzhiyun if (!cond)
783*4882a593Smuzhiyun return true;
784*4882a593Smuzhiyun condc = cond->condc;
785*4882a593Smuzhiyun argc = cond->argc;
786*4882a593Smuzhiyun envc = cond->envc;
787*4882a593Smuzhiyun obj = r->obj;
788*4882a593Smuzhiyun if (r->ee)
789*4882a593Smuzhiyun bprm = r->ee->bprm;
790*4882a593Smuzhiyun if (!bprm && (argc || envc))
791*4882a593Smuzhiyun return false;
792*4882a593Smuzhiyun condp = (struct tomoyo_condition_element *) (cond + 1);
793*4882a593Smuzhiyun numbers_p = (const struct tomoyo_number_union *) (condp + condc);
794*4882a593Smuzhiyun names_p = (const struct tomoyo_name_union *)
795*4882a593Smuzhiyun (numbers_p + cond->numbers_count);
796*4882a593Smuzhiyun argv = (const struct tomoyo_argv *) (names_p + cond->names_count);
797*4882a593Smuzhiyun envp = (const struct tomoyo_envp *) (argv + argc);
798*4882a593Smuzhiyun for (i = 0; i < condc; i++) {
799*4882a593Smuzhiyun const bool match = condp->equals;
800*4882a593Smuzhiyun const u8 left = condp->left;
801*4882a593Smuzhiyun const u8 right = condp->right;
802*4882a593Smuzhiyun bool is_bitop[2] = { false, false };
803*4882a593Smuzhiyun u8 j;
804*4882a593Smuzhiyun
805*4882a593Smuzhiyun condp++;
806*4882a593Smuzhiyun /* Check argv[] and envp[] later. */
807*4882a593Smuzhiyun if (left == TOMOYO_ARGV_ENTRY || left == TOMOYO_ENVP_ENTRY)
808*4882a593Smuzhiyun continue;
809*4882a593Smuzhiyun /* Check string expressions. */
810*4882a593Smuzhiyun if (right == TOMOYO_NAME_UNION) {
811*4882a593Smuzhiyun const struct tomoyo_name_union *ptr = names_p++;
812*4882a593Smuzhiyun struct tomoyo_path_info *symlink;
813*4882a593Smuzhiyun struct tomoyo_execve *ee;
814*4882a593Smuzhiyun struct file *file;
815*4882a593Smuzhiyun
816*4882a593Smuzhiyun switch (left) {
817*4882a593Smuzhiyun case TOMOYO_SYMLINK_TARGET:
818*4882a593Smuzhiyun symlink = obj ? obj->symlink_target : NULL;
819*4882a593Smuzhiyun if (!symlink ||
820*4882a593Smuzhiyun !tomoyo_compare_name_union(symlink, ptr)
821*4882a593Smuzhiyun == match)
822*4882a593Smuzhiyun goto out;
823*4882a593Smuzhiyun break;
824*4882a593Smuzhiyun case TOMOYO_EXEC_REALPATH:
825*4882a593Smuzhiyun ee = r->ee;
826*4882a593Smuzhiyun file = ee ? ee->bprm->file : NULL;
827*4882a593Smuzhiyun if (!tomoyo_scan_exec_realpath(file, ptr,
828*4882a593Smuzhiyun match))
829*4882a593Smuzhiyun goto out;
830*4882a593Smuzhiyun break;
831*4882a593Smuzhiyun }
832*4882a593Smuzhiyun continue;
833*4882a593Smuzhiyun }
834*4882a593Smuzhiyun /* Check numeric or bit-op expressions. */
835*4882a593Smuzhiyun for (j = 0; j < 2; j++) {
836*4882a593Smuzhiyun const u8 index = j ? right : left;
837*4882a593Smuzhiyun unsigned long value = 0;
838*4882a593Smuzhiyun
839*4882a593Smuzhiyun switch (index) {
840*4882a593Smuzhiyun case TOMOYO_TASK_UID:
841*4882a593Smuzhiyun value = from_kuid(&init_user_ns, current_uid());
842*4882a593Smuzhiyun break;
843*4882a593Smuzhiyun case TOMOYO_TASK_EUID:
844*4882a593Smuzhiyun value = from_kuid(&init_user_ns, current_euid());
845*4882a593Smuzhiyun break;
846*4882a593Smuzhiyun case TOMOYO_TASK_SUID:
847*4882a593Smuzhiyun value = from_kuid(&init_user_ns, current_suid());
848*4882a593Smuzhiyun break;
849*4882a593Smuzhiyun case TOMOYO_TASK_FSUID:
850*4882a593Smuzhiyun value = from_kuid(&init_user_ns, current_fsuid());
851*4882a593Smuzhiyun break;
852*4882a593Smuzhiyun case TOMOYO_TASK_GID:
853*4882a593Smuzhiyun value = from_kgid(&init_user_ns, current_gid());
854*4882a593Smuzhiyun break;
855*4882a593Smuzhiyun case TOMOYO_TASK_EGID:
856*4882a593Smuzhiyun value = from_kgid(&init_user_ns, current_egid());
857*4882a593Smuzhiyun break;
858*4882a593Smuzhiyun case TOMOYO_TASK_SGID:
859*4882a593Smuzhiyun value = from_kgid(&init_user_ns, current_sgid());
860*4882a593Smuzhiyun break;
861*4882a593Smuzhiyun case TOMOYO_TASK_FSGID:
862*4882a593Smuzhiyun value = from_kgid(&init_user_ns, current_fsgid());
863*4882a593Smuzhiyun break;
864*4882a593Smuzhiyun case TOMOYO_TASK_PID:
865*4882a593Smuzhiyun value = tomoyo_sys_getpid();
866*4882a593Smuzhiyun break;
867*4882a593Smuzhiyun case TOMOYO_TASK_PPID:
868*4882a593Smuzhiyun value = tomoyo_sys_getppid();
869*4882a593Smuzhiyun break;
870*4882a593Smuzhiyun case TOMOYO_TYPE_IS_SOCKET:
871*4882a593Smuzhiyun value = S_IFSOCK;
872*4882a593Smuzhiyun break;
873*4882a593Smuzhiyun case TOMOYO_TYPE_IS_SYMLINK:
874*4882a593Smuzhiyun value = S_IFLNK;
875*4882a593Smuzhiyun break;
876*4882a593Smuzhiyun case TOMOYO_TYPE_IS_FILE:
877*4882a593Smuzhiyun value = S_IFREG;
878*4882a593Smuzhiyun break;
879*4882a593Smuzhiyun case TOMOYO_TYPE_IS_BLOCK_DEV:
880*4882a593Smuzhiyun value = S_IFBLK;
881*4882a593Smuzhiyun break;
882*4882a593Smuzhiyun case TOMOYO_TYPE_IS_DIRECTORY:
883*4882a593Smuzhiyun value = S_IFDIR;
884*4882a593Smuzhiyun break;
885*4882a593Smuzhiyun case TOMOYO_TYPE_IS_CHAR_DEV:
886*4882a593Smuzhiyun value = S_IFCHR;
887*4882a593Smuzhiyun break;
888*4882a593Smuzhiyun case TOMOYO_TYPE_IS_FIFO:
889*4882a593Smuzhiyun value = S_IFIFO;
890*4882a593Smuzhiyun break;
891*4882a593Smuzhiyun case TOMOYO_MODE_SETUID:
892*4882a593Smuzhiyun value = S_ISUID;
893*4882a593Smuzhiyun break;
894*4882a593Smuzhiyun case TOMOYO_MODE_SETGID:
895*4882a593Smuzhiyun value = S_ISGID;
896*4882a593Smuzhiyun break;
897*4882a593Smuzhiyun case TOMOYO_MODE_STICKY:
898*4882a593Smuzhiyun value = S_ISVTX;
899*4882a593Smuzhiyun break;
900*4882a593Smuzhiyun case TOMOYO_MODE_OWNER_READ:
901*4882a593Smuzhiyun value = 0400;
902*4882a593Smuzhiyun break;
903*4882a593Smuzhiyun case TOMOYO_MODE_OWNER_WRITE:
904*4882a593Smuzhiyun value = 0200;
905*4882a593Smuzhiyun break;
906*4882a593Smuzhiyun case TOMOYO_MODE_OWNER_EXECUTE:
907*4882a593Smuzhiyun value = 0100;
908*4882a593Smuzhiyun break;
909*4882a593Smuzhiyun case TOMOYO_MODE_GROUP_READ:
910*4882a593Smuzhiyun value = 0040;
911*4882a593Smuzhiyun break;
912*4882a593Smuzhiyun case TOMOYO_MODE_GROUP_WRITE:
913*4882a593Smuzhiyun value = 0020;
914*4882a593Smuzhiyun break;
915*4882a593Smuzhiyun case TOMOYO_MODE_GROUP_EXECUTE:
916*4882a593Smuzhiyun value = 0010;
917*4882a593Smuzhiyun break;
918*4882a593Smuzhiyun case TOMOYO_MODE_OTHERS_READ:
919*4882a593Smuzhiyun value = 0004;
920*4882a593Smuzhiyun break;
921*4882a593Smuzhiyun case TOMOYO_MODE_OTHERS_WRITE:
922*4882a593Smuzhiyun value = 0002;
923*4882a593Smuzhiyun break;
924*4882a593Smuzhiyun case TOMOYO_MODE_OTHERS_EXECUTE:
925*4882a593Smuzhiyun value = 0001;
926*4882a593Smuzhiyun break;
927*4882a593Smuzhiyun case TOMOYO_EXEC_ARGC:
928*4882a593Smuzhiyun if (!bprm)
929*4882a593Smuzhiyun goto out;
930*4882a593Smuzhiyun value = bprm->argc;
931*4882a593Smuzhiyun break;
932*4882a593Smuzhiyun case TOMOYO_EXEC_ENVC:
933*4882a593Smuzhiyun if (!bprm)
934*4882a593Smuzhiyun goto out;
935*4882a593Smuzhiyun value = bprm->envc;
936*4882a593Smuzhiyun break;
937*4882a593Smuzhiyun case TOMOYO_NUMBER_UNION:
938*4882a593Smuzhiyun /* Fetch values later. */
939*4882a593Smuzhiyun break;
940*4882a593Smuzhiyun default:
941*4882a593Smuzhiyun if (!obj)
942*4882a593Smuzhiyun goto out;
943*4882a593Smuzhiyun if (!obj->validate_done) {
944*4882a593Smuzhiyun tomoyo_get_attributes(obj);
945*4882a593Smuzhiyun obj->validate_done = true;
946*4882a593Smuzhiyun }
947*4882a593Smuzhiyun {
948*4882a593Smuzhiyun u8 stat_index;
949*4882a593Smuzhiyun struct tomoyo_mini_stat *stat;
950*4882a593Smuzhiyun
951*4882a593Smuzhiyun switch (index) {
952*4882a593Smuzhiyun case TOMOYO_PATH1_UID:
953*4882a593Smuzhiyun case TOMOYO_PATH1_GID:
954*4882a593Smuzhiyun case TOMOYO_PATH1_INO:
955*4882a593Smuzhiyun case TOMOYO_PATH1_MAJOR:
956*4882a593Smuzhiyun case TOMOYO_PATH1_MINOR:
957*4882a593Smuzhiyun case TOMOYO_PATH1_TYPE:
958*4882a593Smuzhiyun case TOMOYO_PATH1_DEV_MAJOR:
959*4882a593Smuzhiyun case TOMOYO_PATH1_DEV_MINOR:
960*4882a593Smuzhiyun case TOMOYO_PATH1_PERM:
961*4882a593Smuzhiyun stat_index = TOMOYO_PATH1;
962*4882a593Smuzhiyun break;
963*4882a593Smuzhiyun case TOMOYO_PATH2_UID:
964*4882a593Smuzhiyun case TOMOYO_PATH2_GID:
965*4882a593Smuzhiyun case TOMOYO_PATH2_INO:
966*4882a593Smuzhiyun case TOMOYO_PATH2_MAJOR:
967*4882a593Smuzhiyun case TOMOYO_PATH2_MINOR:
968*4882a593Smuzhiyun case TOMOYO_PATH2_TYPE:
969*4882a593Smuzhiyun case TOMOYO_PATH2_DEV_MAJOR:
970*4882a593Smuzhiyun case TOMOYO_PATH2_DEV_MINOR:
971*4882a593Smuzhiyun case TOMOYO_PATH2_PERM:
972*4882a593Smuzhiyun stat_index = TOMOYO_PATH2;
973*4882a593Smuzhiyun break;
974*4882a593Smuzhiyun case TOMOYO_PATH1_PARENT_UID:
975*4882a593Smuzhiyun case TOMOYO_PATH1_PARENT_GID:
976*4882a593Smuzhiyun case TOMOYO_PATH1_PARENT_INO:
977*4882a593Smuzhiyun case TOMOYO_PATH1_PARENT_PERM:
978*4882a593Smuzhiyun stat_index =
979*4882a593Smuzhiyun TOMOYO_PATH1_PARENT;
980*4882a593Smuzhiyun break;
981*4882a593Smuzhiyun case TOMOYO_PATH2_PARENT_UID:
982*4882a593Smuzhiyun case TOMOYO_PATH2_PARENT_GID:
983*4882a593Smuzhiyun case TOMOYO_PATH2_PARENT_INO:
984*4882a593Smuzhiyun case TOMOYO_PATH2_PARENT_PERM:
985*4882a593Smuzhiyun stat_index =
986*4882a593Smuzhiyun TOMOYO_PATH2_PARENT;
987*4882a593Smuzhiyun break;
988*4882a593Smuzhiyun default:
989*4882a593Smuzhiyun goto out;
990*4882a593Smuzhiyun }
991*4882a593Smuzhiyun if (!obj->stat_valid[stat_index])
992*4882a593Smuzhiyun goto out;
993*4882a593Smuzhiyun stat = &obj->stat[stat_index];
994*4882a593Smuzhiyun switch (index) {
995*4882a593Smuzhiyun case TOMOYO_PATH1_UID:
996*4882a593Smuzhiyun case TOMOYO_PATH2_UID:
997*4882a593Smuzhiyun case TOMOYO_PATH1_PARENT_UID:
998*4882a593Smuzhiyun case TOMOYO_PATH2_PARENT_UID:
999*4882a593Smuzhiyun value = from_kuid(&init_user_ns, stat->uid);
1000*4882a593Smuzhiyun break;
1001*4882a593Smuzhiyun case TOMOYO_PATH1_GID:
1002*4882a593Smuzhiyun case TOMOYO_PATH2_GID:
1003*4882a593Smuzhiyun case TOMOYO_PATH1_PARENT_GID:
1004*4882a593Smuzhiyun case TOMOYO_PATH2_PARENT_GID:
1005*4882a593Smuzhiyun value = from_kgid(&init_user_ns, stat->gid);
1006*4882a593Smuzhiyun break;
1007*4882a593Smuzhiyun case TOMOYO_PATH1_INO:
1008*4882a593Smuzhiyun case TOMOYO_PATH2_INO:
1009*4882a593Smuzhiyun case TOMOYO_PATH1_PARENT_INO:
1010*4882a593Smuzhiyun case TOMOYO_PATH2_PARENT_INO:
1011*4882a593Smuzhiyun value = stat->ino;
1012*4882a593Smuzhiyun break;
1013*4882a593Smuzhiyun case TOMOYO_PATH1_MAJOR:
1014*4882a593Smuzhiyun case TOMOYO_PATH2_MAJOR:
1015*4882a593Smuzhiyun value = MAJOR(stat->dev);
1016*4882a593Smuzhiyun break;
1017*4882a593Smuzhiyun case TOMOYO_PATH1_MINOR:
1018*4882a593Smuzhiyun case TOMOYO_PATH2_MINOR:
1019*4882a593Smuzhiyun value = MINOR(stat->dev);
1020*4882a593Smuzhiyun break;
1021*4882a593Smuzhiyun case TOMOYO_PATH1_TYPE:
1022*4882a593Smuzhiyun case TOMOYO_PATH2_TYPE:
1023*4882a593Smuzhiyun value = stat->mode & S_IFMT;
1024*4882a593Smuzhiyun break;
1025*4882a593Smuzhiyun case TOMOYO_PATH1_DEV_MAJOR:
1026*4882a593Smuzhiyun case TOMOYO_PATH2_DEV_MAJOR:
1027*4882a593Smuzhiyun value = MAJOR(stat->rdev);
1028*4882a593Smuzhiyun break;
1029*4882a593Smuzhiyun case TOMOYO_PATH1_DEV_MINOR:
1030*4882a593Smuzhiyun case TOMOYO_PATH2_DEV_MINOR:
1031*4882a593Smuzhiyun value = MINOR(stat->rdev);
1032*4882a593Smuzhiyun break;
1033*4882a593Smuzhiyun case TOMOYO_PATH1_PERM:
1034*4882a593Smuzhiyun case TOMOYO_PATH2_PERM:
1035*4882a593Smuzhiyun case TOMOYO_PATH1_PARENT_PERM:
1036*4882a593Smuzhiyun case TOMOYO_PATH2_PARENT_PERM:
1037*4882a593Smuzhiyun value = stat->mode & S_IALLUGO;
1038*4882a593Smuzhiyun break;
1039*4882a593Smuzhiyun }
1040*4882a593Smuzhiyun }
1041*4882a593Smuzhiyun break;
1042*4882a593Smuzhiyun }
1043*4882a593Smuzhiyun max_v[j] = value;
1044*4882a593Smuzhiyun min_v[j] = value;
1045*4882a593Smuzhiyun switch (index) {
1046*4882a593Smuzhiyun case TOMOYO_MODE_SETUID:
1047*4882a593Smuzhiyun case TOMOYO_MODE_SETGID:
1048*4882a593Smuzhiyun case TOMOYO_MODE_STICKY:
1049*4882a593Smuzhiyun case TOMOYO_MODE_OWNER_READ:
1050*4882a593Smuzhiyun case TOMOYO_MODE_OWNER_WRITE:
1051*4882a593Smuzhiyun case TOMOYO_MODE_OWNER_EXECUTE:
1052*4882a593Smuzhiyun case TOMOYO_MODE_GROUP_READ:
1053*4882a593Smuzhiyun case TOMOYO_MODE_GROUP_WRITE:
1054*4882a593Smuzhiyun case TOMOYO_MODE_GROUP_EXECUTE:
1055*4882a593Smuzhiyun case TOMOYO_MODE_OTHERS_READ:
1056*4882a593Smuzhiyun case TOMOYO_MODE_OTHERS_WRITE:
1057*4882a593Smuzhiyun case TOMOYO_MODE_OTHERS_EXECUTE:
1058*4882a593Smuzhiyun is_bitop[j] = true;
1059*4882a593Smuzhiyun }
1060*4882a593Smuzhiyun }
1061*4882a593Smuzhiyun if (left == TOMOYO_NUMBER_UNION) {
1062*4882a593Smuzhiyun /* Fetch values now. */
1063*4882a593Smuzhiyun const struct tomoyo_number_union *ptr = numbers_p++;
1064*4882a593Smuzhiyun
1065*4882a593Smuzhiyun min_v[0] = ptr->values[0];
1066*4882a593Smuzhiyun max_v[0] = ptr->values[1];
1067*4882a593Smuzhiyun }
1068*4882a593Smuzhiyun if (right == TOMOYO_NUMBER_UNION) {
1069*4882a593Smuzhiyun /* Fetch values now. */
1070*4882a593Smuzhiyun const struct tomoyo_number_union *ptr = numbers_p++;
1071*4882a593Smuzhiyun
1072*4882a593Smuzhiyun if (ptr->group) {
1073*4882a593Smuzhiyun if (tomoyo_number_matches_group(min_v[0],
1074*4882a593Smuzhiyun max_v[0],
1075*4882a593Smuzhiyun ptr->group)
1076*4882a593Smuzhiyun == match)
1077*4882a593Smuzhiyun continue;
1078*4882a593Smuzhiyun } else {
1079*4882a593Smuzhiyun if ((min_v[0] <= ptr->values[1] &&
1080*4882a593Smuzhiyun max_v[0] >= ptr->values[0]) == match)
1081*4882a593Smuzhiyun continue;
1082*4882a593Smuzhiyun }
1083*4882a593Smuzhiyun goto out;
1084*4882a593Smuzhiyun }
1085*4882a593Smuzhiyun /*
1086*4882a593Smuzhiyun * Bit operation is valid only when counterpart value
1087*4882a593Smuzhiyun * represents permission.
1088*4882a593Smuzhiyun */
1089*4882a593Smuzhiyun if (is_bitop[0] && is_bitop[1]) {
1090*4882a593Smuzhiyun goto out;
1091*4882a593Smuzhiyun } else if (is_bitop[0]) {
1092*4882a593Smuzhiyun switch (right) {
1093*4882a593Smuzhiyun case TOMOYO_PATH1_PERM:
1094*4882a593Smuzhiyun case TOMOYO_PATH1_PARENT_PERM:
1095*4882a593Smuzhiyun case TOMOYO_PATH2_PERM:
1096*4882a593Smuzhiyun case TOMOYO_PATH2_PARENT_PERM:
1097*4882a593Smuzhiyun if (!(max_v[0] & max_v[1]) == !match)
1098*4882a593Smuzhiyun continue;
1099*4882a593Smuzhiyun }
1100*4882a593Smuzhiyun goto out;
1101*4882a593Smuzhiyun } else if (is_bitop[1]) {
1102*4882a593Smuzhiyun switch (left) {
1103*4882a593Smuzhiyun case TOMOYO_PATH1_PERM:
1104*4882a593Smuzhiyun case TOMOYO_PATH1_PARENT_PERM:
1105*4882a593Smuzhiyun case TOMOYO_PATH2_PERM:
1106*4882a593Smuzhiyun case TOMOYO_PATH2_PARENT_PERM:
1107*4882a593Smuzhiyun if (!(max_v[0] & max_v[1]) == !match)
1108*4882a593Smuzhiyun continue;
1109*4882a593Smuzhiyun }
1110*4882a593Smuzhiyun goto out;
1111*4882a593Smuzhiyun }
1112*4882a593Smuzhiyun /* Normal value range comparison. */
1113*4882a593Smuzhiyun if ((min_v[0] <= max_v[1] && max_v[0] >= min_v[1]) == match)
1114*4882a593Smuzhiyun continue;
1115*4882a593Smuzhiyun out:
1116*4882a593Smuzhiyun return false;
1117*4882a593Smuzhiyun }
1118*4882a593Smuzhiyun /* Check argv[] and envp[] now. */
1119*4882a593Smuzhiyun if (r->ee && (argc || envc))
1120*4882a593Smuzhiyun return tomoyo_scan_bprm(r->ee, argc, argv, envc, envp);
1121*4882a593Smuzhiyun return true;
1122*4882a593Smuzhiyun }
1123