1 |
/* |
2 |
* include/linux/tomoyo.h |
3 |
* |
4 |
* Implementation of the Domain-Based Mandatory Access Control. |
5 |
* |
6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
7 |
* |
8 |
* Version: 1.6.2-rc 2008/06/12 |
9 |
* |
10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
11 |
* See README.ccs for ChangeLog. |
12 |
* |
13 |
*/ |
14 |
/* |
15 |
* A brief description about TOMOYO: |
16 |
* |
17 |
* TOMOYO stands for "Task Oriented Management Obviates Your Onus". |
18 |
* TOMOYO is intended to provide the Domain-Based MAC utilizing task_struct. |
19 |
* |
20 |
* The biggest feature of TOMOYO is that TOMOYO has "learning mode". |
21 |
* The learning mode can automatically generate policy definition, |
22 |
* and dramatically reduces the policy definition labors. |
23 |
* |
24 |
* TOMOYO is applicable to figuring out the system's behavior, for |
25 |
* TOMOYO uses the canonicalized absolute pathnames and |
26 |
* TreeView style domain transitions. |
27 |
*/ |
28 |
|
29 |
#ifndef _LINUX_TOMOYO_H |
30 |
#define _LINUX_TOMOYO_H |
31 |
|
32 |
#include <linux/version.h> |
33 |
|
34 |
#ifndef __user |
35 |
#define __user |
36 |
#endif |
37 |
|
38 |
struct path_info; |
39 |
struct dentry; |
40 |
struct vfsmount; |
41 |
struct inode; |
42 |
struct linux_binprm; |
43 |
struct pt_regs; |
44 |
struct ccs_page_buffer; |
45 |
|
46 |
#if defined(CONFIG_TOMOYO) |
47 |
|
48 |
int ccs_check_file_perm(const char *filename, const u8 perm, |
49 |
const char *operation); |
50 |
int ccs_check_exec_perm(const struct path_info *filename, |
51 |
struct linux_binprm *bprm, |
52 |
struct ccs_page_buffer *buf); |
53 |
int ccs_check_open_permission(struct dentry *dentry, struct vfsmount *mnt, |
54 |
const int flag); |
55 |
int ccs_check_1path_perm(const u8 operation, |
56 |
struct dentry *dentry, |
57 |
struct vfsmount *mnt); |
58 |
int ccs_check_2path_perm(const u8 operation, |
59 |
struct dentry *dentry1, |
60 |
struct vfsmount *mnt1, |
61 |
struct dentry *dentry2, |
62 |
struct vfsmount *mnt2); |
63 |
int ccs_check_rewrite_permission(struct file *filp); |
64 |
|
65 |
/* Check whether the basename of program and argv0 is allowed to differ. */ |
66 |
int ccs_check_argv0_perm(const struct path_info *filename, const char *argv0); |
67 |
|
68 |
/* Check whether the given environment is allowed to be received. */ |
69 |
int ccs_check_env_perm(const char *env, const u8 profile, const u8 mode); |
70 |
|
71 |
/* Check whether the given IP address and port number are allowed to use. */ |
72 |
int ccs_check_network_listen_acl(const _Bool is_ipv6, const u8 *address, |
73 |
const u16 port); |
74 |
int ccs_check_network_connect_acl(const _Bool is_ipv6, const int sock_type, |
75 |
const u8 *address, const u16 port); |
76 |
int ccs_check_network_bind_acl(const _Bool is_ipv6, const int sock_type, |
77 |
const u8 *address, const u16 port); |
78 |
int ccs_check_network_accept_acl(const _Bool is_ipv6, const u8 *address, |
79 |
const u16 port); |
80 |
int ccs_check_network_sendmsg_acl(const _Bool is_ipv6, const int sock_type, |
81 |
const u8 *address, const u16 port); |
82 |
int ccs_check_network_recvmsg_acl(const _Bool is_ipv6, const int sock_type, |
83 |
const u8 *address, const u16 port); |
84 |
|
85 |
/* Check whether the given signal is allowed to use. */ |
86 |
int ccs_check_signal_acl(const int sig, const int pid); |
87 |
|
88 |
/* Check whether the given capability is allowed to use. */ |
89 |
_Bool ccs_capable(const u8 operation); |
90 |
|
91 |
#else |
92 |
|
93 |
static inline int ccs_check_file_perm(const char *filename, const u8 perm, |
94 |
const char *operation) |
95 |
{ |
96 |
return 0; |
97 |
} |
98 |
static inline int ccs_check_exec_perm(const struct path_info *filename, |
99 |
struct linux_binprm *bprm, |
100 |
struct ccs_page_buffer *buf) |
101 |
{ |
102 |
return 0; |
103 |
} |
104 |
static inline int ccs_check_open_permission(struct dentry *dentry, |
105 |
struct vfsmount *mnt, |
106 |
const int flag) |
107 |
{ |
108 |
return 0; |
109 |
} |
110 |
static inline int ccs_check_1path_perm(const u8 operation, |
111 |
struct dentry *dentry, |
112 |
struct vfsmount *mnt) |
113 |
{ |
114 |
return 0; |
115 |
} |
116 |
static inline int ccs_check_2path_perm(const u8 operation, |
117 |
struct dentry *dentry1, |
118 |
struct vfsmount *mnt1, |
119 |
struct dentry *dentry2, |
120 |
struct vfsmount *mnt2) |
121 |
{ |
122 |
return 0; |
123 |
} |
124 |
static inline int ccs_check_rewrite_permission(struct file *filp) |
125 |
{ |
126 |
return 0; |
127 |
} |
128 |
static inline int ccs_check_argv0_perm(const struct path_info *filename, |
129 |
const char *argv0) |
130 |
{ |
131 |
return 0; |
132 |
} |
133 |
static inline int ccs_check_env_perm(const char *env, const u8 profile, |
134 |
const u8 mode) |
135 |
{ |
136 |
return 0; |
137 |
} |
138 |
static inline int ccs_check_network_listen_acl(const _Bool is_ipv6, |
139 |
const u8 *address, |
140 |
const u16 port) |
141 |
{ |
142 |
return 0; |
143 |
} |
144 |
static inline int ccs_check_network_connect_acl(const _Bool is_ipv6, |
145 |
const int sock_type, |
146 |
const u8 *address, |
147 |
const u16 port) |
148 |
{ |
149 |
return 0; |
150 |
} |
151 |
static inline int ccs_check_network_bind_acl(const _Bool is_ipv6, |
152 |
const int sock_type, |
153 |
const u8 *address, const u16 port) |
154 |
{ |
155 |
return 0; |
156 |
} |
157 |
static inline int ccs_check_network_accept_acl(const _Bool is_ipv6, |
158 |
const u8 *address, |
159 |
const u16 port) |
160 |
{ |
161 |
return 0; |
162 |
} |
163 |
static inline int ccs_check_network_sendmsg_acl(const _Bool is_ipv6, |
164 |
const int sock_type, |
165 |
const u8 *address, |
166 |
const u16 port) |
167 |
{ |
168 |
return 0; |
169 |
} |
170 |
static inline int ccs_check_network_recvmsg_acl(const _Bool is_ipv6, |
171 |
const int sock_type, |
172 |
const u8 *address, |
173 |
const u16 port) |
174 |
{ |
175 |
return 0; |
176 |
} |
177 |
static inline int ccs_check_signal_acl(const int sig, const int pid) |
178 |
{ |
179 |
return 0; |
180 |
} |
181 |
static inline _Bool ccs_capable(const u8 operation) |
182 |
{ |
183 |
return true; |
184 |
} |
185 |
|
186 |
#endif |
187 |
|
188 |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 5, 0) |
189 |
int pre_vfs_mknod(struct inode *dir, struct dentry *dentry); |
190 |
#else |
191 |
int pre_vfs_mknod(struct inode *dir, struct dentry *dentry, int mode); |
192 |
#endif |
193 |
|
194 |
int search_binary_handler_with_transition(struct linux_binprm *bprm, |
195 |
struct pt_regs *regs); |
196 |
#define TOMOYO_CHECK_READ_FOR_OPEN_EXEC 1 |
197 |
#define CCS_DONT_SLEEP_ON_ENFORCE_ERROR 2 |
198 |
#define TOMOYO_TASK_IS_EXECUTE_HANDLER 4 |
199 |
|
200 |
/* Index numbers for Access Controls. */ |
201 |
|
202 |
#define TYPE_SINGLE_PATH_ACL 0 |
203 |
#define TYPE_DOUBLE_PATH_ACL 1 |
204 |
#define TYPE_ARGV0_ACL 2 |
205 |
#define TYPE_ENV_ACL 3 |
206 |
#define TYPE_CAPABILITY_ACL 4 |
207 |
#define TYPE_IP_NETWORK_ACL 5 |
208 |
#define TYPE_SIGNAL_ACL 6 |
209 |
#define TYPE_EXECUTE_HANDLER 7 |
210 |
#define TYPE_DENIED_EXECUTE_HANDLER 8 |
211 |
|
212 |
/* Index numbers for File Controls. */ |
213 |
|
214 |
/* |
215 |
* TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set |
216 |
* if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and |
217 |
* TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set. |
218 |
* TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or |
219 |
* TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are |
220 |
* automatically cleared if TYPE_READ_WRITE_ACL is cleared. |
221 |
*/ |
222 |
|
223 |
#define TYPE_READ_WRITE_ACL 0 |
224 |
#define TYPE_EXECUTE_ACL 1 |
225 |
#define TYPE_READ_ACL 2 |
226 |
#define TYPE_WRITE_ACL 3 |
227 |
#define TYPE_CREATE_ACL 4 |
228 |
#define TYPE_UNLINK_ACL 5 |
229 |
#define TYPE_MKDIR_ACL 6 |
230 |
#define TYPE_RMDIR_ACL 7 |
231 |
#define TYPE_MKFIFO_ACL 8 |
232 |
#define TYPE_MKSOCK_ACL 9 |
233 |
#define TYPE_MKBLOCK_ACL 10 |
234 |
#define TYPE_MKCHAR_ACL 11 |
235 |
#define TYPE_TRUNCATE_ACL 12 |
236 |
#define TYPE_SYMLINK_ACL 13 |
237 |
#define TYPE_REWRITE_ACL 14 |
238 |
#define MAX_SINGLE_PATH_OPERATION 15 |
239 |
|
240 |
#define TYPE_LINK_ACL 0 |
241 |
#define TYPE_RENAME_ACL 1 |
242 |
#define MAX_DOUBLE_PATH_OPERATION 2 |
243 |
|
244 |
/* Index numbers for Capability Controls. */ |
245 |
|
246 |
/* socket(PF_INET or PF_INET6, SOCK_STREAM, *) */ |
247 |
#define TOMOYO_INET_STREAM_SOCKET_CREATE 0 |
248 |
/* listen() for PF_INET or PF_INET6, SOCK_STREAM */ |
249 |
#define TOMOYO_INET_STREAM_SOCKET_LISTEN 1 |
250 |
/* connect() for PF_INET or PF_INET6, SOCK_STREAM */ |
251 |
#define TOMOYO_INET_STREAM_SOCKET_CONNECT 2 |
252 |
/* socket(PF_INET or PF_INET6, SOCK_DGRAM, *) */ |
253 |
#define TOMOYO_USE_INET_DGRAM_SOCKET 3 |
254 |
/* socket(PF_INET or PF_INET6, SOCK_RAW, *) */ |
255 |
#define TOMOYO_USE_INET_RAW_SOCKET 4 |
256 |
/* socket(PF_ROUTE, *, *) */ |
257 |
#define TOMOYO_USE_ROUTE_SOCKET 5 |
258 |
/* socket(PF_PACKET, *, *) */ |
259 |
#define TOMOYO_USE_PACKET_SOCKET 6 |
260 |
/* sys_mount() */ |
261 |
#define TOMOYO_SYS_MOUNT 7 |
262 |
/* sys_umount() */ |
263 |
#define TOMOYO_SYS_UMOUNT 8 |
264 |
/* sys_reboot() */ |
265 |
#define TOMOYO_SYS_REBOOT 9 |
266 |
/* sys_chroot() */ |
267 |
#define TOMOYO_SYS_CHROOT 10 |
268 |
/* sys_kill(), sys_tkill(), sys_tgkill() */ |
269 |
#define TOMOYO_SYS_KILL 11 |
270 |
/* sys_vhangup() */ |
271 |
#define TOMOYO_SYS_VHANGUP 12 |
272 |
/* do_settimeofday(), sys_adjtimex() */ |
273 |
#define TOMOYO_SYS_SETTIME 13 |
274 |
/* sys_nice(), sys_setpriority() */ |
275 |
#define TOMOYO_SYS_NICE 14 |
276 |
/* sys_sethostname(), sys_setdomainname() */ |
277 |
#define TOMOYO_SYS_SETHOSTNAME 15 |
278 |
/* sys_create_module(), sys_init_module(), sys_delete_module() */ |
279 |
#define TOMOYO_USE_KERNEL_MODULE 16 |
280 |
/* sys_mknod(S_IFIFO) */ |
281 |
#define TOMOYO_CREATE_FIFO 17 |
282 |
/* sys_mknod(S_IFBLK) */ |
283 |
#define TOMOYO_CREATE_BLOCK_DEV 18 |
284 |
/* sys_mknod(S_IFCHR) */ |
285 |
#define TOMOYO_CREATE_CHAR_DEV 19 |
286 |
/* sys_mknod(S_IFSOCK) */ |
287 |
#define TOMOYO_CREATE_UNIX_SOCKET 20 |
288 |
/* sys_link() */ |
289 |
#define TOMOYO_SYS_LINK 21 |
290 |
/* sys_symlink() */ |
291 |
#define TOMOYO_SYS_SYMLINK 22 |
292 |
/* sys_rename() */ |
293 |
#define TOMOYO_SYS_RENAME 23 |
294 |
/* sys_unlink() */ |
295 |
#define TOMOYO_SYS_UNLINK 24 |
296 |
/* sys_chmod(), sys_fchmod() */ |
297 |
#define TOMOYO_SYS_CHMOD 25 |
298 |
/* sys_chown(), sys_fchown(), sys_lchown() */ |
299 |
#define TOMOYO_SYS_CHOWN 26 |
300 |
/* sys_ioctl(), compat_sys_ioctl() */ |
301 |
#define TOMOYO_SYS_IOCTL 27 |
302 |
/* sys_kexec_load() */ |
303 |
#define TOMOYO_SYS_KEXEC_LOAD 28 |
304 |
/* sys_pivot_root() */ |
305 |
#define TOMOYO_SYS_PIVOT_ROOT 29 |
306 |
/* sys_ptrace() */ |
307 |
#define TOMOYO_SYS_PTRACE 30 |
308 |
#define TOMOYO_MAX_CAPABILITY_INDEX 31 |
309 |
|
310 |
/* Index numbers for Network Controls. */ |
311 |
|
312 |
#define NETWORK_ACL_UDP_BIND 0 |
313 |
#define NETWORK_ACL_UDP_CONNECT 1 |
314 |
#define NETWORK_ACL_TCP_BIND 2 |
315 |
#define NETWORK_ACL_TCP_LISTEN 3 |
316 |
#define NETWORK_ACL_TCP_CONNECT 4 |
317 |
#define NETWORK_ACL_TCP_ACCEPT 5 |
318 |
#define NETWORK_ACL_RAW_BIND 6 |
319 |
#define NETWORK_ACL_RAW_CONNECT 7 |
320 |
|
321 |
/* For compatibility with 1.4.x/1.5.x patches */ |
322 |
#define CheckSingleWritePermission ccs_check_1path_perm |
323 |
#define CheckDoubleWritePermission ccs_check_2path_perm |
324 |
static inline int CheckCapabilityACL(const int capability) |
325 |
{ |
326 |
return ccs_capable(capability) ? 0 : -EPERM; |
327 |
} |
328 |
#define CheckFilePerm ccs_check_file_perm |
329 |
#define CheckSignalACL ccs_check_signal_acl |
330 |
#define CheckOpenPermission ccs_check_open_permission |
331 |
#define CheckReWritePermission ccs_check_rewrite_permission |
332 |
|
333 |
#endif |