TOMOYO: Add mount restriction.
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Mon, 17 May 2010 01:10:31 +0000 (10:10 +0900)
committerJames Morris <jmorris@namei.org>
Mon, 2 Aug 2010 05:33:37 +0000 (15:33 +1000)
mount(2) has three string and one numeric parameters.
Split mount restriction code from security/tomoyo/file.c .

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
security/tomoyo/Makefile
security/tomoyo/common.c
security/tomoyo/common.h
security/tomoyo/file.c
security/tomoyo/gc.c
security/tomoyo/mount.c [new file with mode: 0644]
security/tomoyo/tomoyo.c

index 4d1b5af4f1f7a5615d28976cc422ef0e18753183..d7befab40eff2a8feec1cf1738bbca79ef0f0552 100644 (file)
@@ -1 +1 @@
-obj-y = common.o realpath.o tomoyo.o domain.o file.o gc.o path_group.o number_group.o
+obj-y = common.o realpath.o tomoyo.o domain.o file.o gc.o path_group.o number_group.o mount.o
index 0706b175fdb1795e22dbf95de683368b7d7ad636..0c6f9a5c37a52a6d95e95a7b8950cd284c9c8b1e 100644 (file)
@@ -1075,6 +1075,10 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
                                if (perm & (1 << i))
                                        count++;
                        break;
+               case TOMOYO_TYPE_MOUNT_ACL:
+                       if (!container_of(ptr, struct tomoyo_mount_acl, head)->
+                           is_deleted)
+                               count++;
                }
        }
        if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY))
@@ -1576,6 +1580,8 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
                domain->ignore_global_allow_read = !is_delete;
                return 0;
        }
+        if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_MOUNT))
+                return tomoyo_write_mount_policy(data, domain, is_delete);
        return tomoyo_write_file_policy(data, domain, is_delete);
 }
 
@@ -1720,6 +1726,30 @@ static bool tomoyo_print_path_number3_acl(struct tomoyo_io_buffer *head,
        return false;
 }
 
+/**
+ * tomoyo_print_mount_acl - Print a mount ACL entry.
+ *
+ * @head: Pointer to "struct tomoyo_io_buffer".
+ * @ptr:  Pointer to "struct tomoyo_mount_acl".
+ *
+ * Returns true on success, false otherwise.
+ */
+static bool tomoyo_print_mount_acl(struct tomoyo_io_buffer *head,
+                                  struct tomoyo_mount_acl *ptr)
+{
+       const int pos = head->read_avail;
+       if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_ALLOW_MOUNT) ||
+           !tomoyo_print_name_union(head, &ptr->dev_name) ||
+           !tomoyo_print_name_union(head, &ptr->dir_name) ||
+           !tomoyo_print_name_union(head, &ptr->fs_type) ||
+           !tomoyo_print_number_union(head, &ptr->flags) ||
+           !tomoyo_io_printf(head, "\n")) {
+               head->read_avail = pos;
+               return false;
+       }
+       return true;
+}
+
 /**
  * tomoyo_print_entry - Print an ACL entry.
  *
@@ -1755,6 +1785,11 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
                                       head);
                return tomoyo_print_path_number3_acl(head, acl);
        }
+       if (acl_type == TOMOYO_TYPE_MOUNT_ACL) {
+               struct tomoyo_mount_acl *acl
+                       = container_of(ptr, struct tomoyo_mount_acl, head);
+               return tomoyo_print_mount_acl(head, acl);
+       }
        BUG(); /* This must not happen. */
        return false;
 }
index 565a1c11da53d729756cd34cb6565a7857f2cd29..3d819b1391654798d7d5fc1c9d6b778d79cbbf5f 100644 (file)
@@ -53,6 +53,7 @@ enum tomoyo_mode_index {
 
 /* Keywords for ACLs. */
 #define TOMOYO_KEYWORD_ALIAS                     "alias "
+#define TOMOYO_KEYWORD_ALLOW_MOUNT               "allow_mount "
 #define TOMOYO_KEYWORD_ALLOW_READ                "allow_read "
 #define TOMOYO_KEYWORD_DELETE                    "delete "
 #define TOMOYO_KEYWORD_DENY_REWRITE              "deny_rewrite "
@@ -90,6 +91,7 @@ enum tomoyo_acl_entry_type_index {
        TOMOYO_TYPE_PATH2_ACL,
        TOMOYO_TYPE_PATH_NUMBER_ACL,
        TOMOYO_TYPE_PATH_NUMBER3_ACL,
+       TOMOYO_TYPE_MOUNT_ACL,
 };
 
 /* Index numbers for File Controls. */
@@ -116,7 +118,6 @@ enum tomoyo_path_acl_index {
        TOMOYO_TYPE_SYMLINK,
        TOMOYO_TYPE_REWRITE,
        TOMOYO_TYPE_CHROOT,
-       TOMOYO_TYPE_MOUNT,
        TOMOYO_TYPE_UMOUNT,
        TOMOYO_MAX_PATH_OPERATION
 };
@@ -360,8 +361,8 @@ struct tomoyo_domain_info {
  *
  * Directives held by this structure are "allow_read/write", "allow_execute",
  * "allow_read", "allow_write", "allow_unlink", "allow_rmdir",
- * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_chroot",
- * "allow_mount" and "allow_unmount".
+ * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_chroot" and
+ * "allow_unmount".
  */
 struct tomoyo_path_acl {
        struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */
@@ -434,6 +435,29 @@ struct tomoyo_path2_acl {
        struct tomoyo_name_union name2;
 };
 
+/*
+ * tomoyo_mount_acl is a structure which is used for holding an
+ * entry for mount operation.
+ * It has following fields.
+ *
+ *  (1) "head" which is a "struct tomoyo_acl_info".
+ *  (2) "is_deleted" is boolean.
+ *  (3) "dev_name" is the device name.
+ *  (4) "dir_name" is the mount point.
+ *  (5) "flags" is the mount flags.
+ *
+ * Directives held by this structure are "allow_rename", "allow_link" and
+ * "allow_pivot_root".
+ */
+struct tomoyo_mount_acl {
+       struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MOUNT_ACL */
+       bool is_deleted;
+       struct tomoyo_name_union dev_name;
+       struct tomoyo_name_union dir_name;
+       struct tomoyo_name_union fs_type;
+       struct tomoyo_number_union flags;
+};
+
 /*
  * tomoyo_io_buffer is a structure which is used for reading and modifying
  * configuration via /sys/kernel/security/tomoyo/ interface.
@@ -638,6 +662,9 @@ struct tomoyo_policy_manager_entry {
 /* Check whether the given name matches the given name_union. */
 bool tomoyo_compare_name_union(const struct tomoyo_path_info *name,
                               const struct tomoyo_name_union *ptr);
+/* Check whether the given number matches the given number_union. */
+bool tomoyo_compare_number_union(const unsigned long value,
+                                const struct tomoyo_number_union *ptr);
 /* Check whether the domain has too many ACL entries to hold. */
 bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
 /* Transactional sprintf() for policy dump. */
@@ -699,6 +726,12 @@ const char *tomoyo_path_number32keyword(const u8 operation);
 const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);
 /* Convert single path operation to operation name. */
 const char *tomoyo_path2keyword(const u8 operation);
+/* Fill "struct tomoyo_request_info". */
+int tomoyo_init_request_info(struct tomoyo_request_info *r,
+                            struct tomoyo_domain_info *domain);
+/* Check permission for mount operation. */
+int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
+                           unsigned long flags, void *data_page);
 /* Create "alias" entry in exception policy. */
 int tomoyo_write_alias_policy(char *data, const bool is_delete);
 /*
@@ -721,6 +754,9 @@ int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain,
                             const bool is_delete);
 /* Create "allow_read" entry in exception policy. */
 int tomoyo_write_globally_readable_policy(char *data, const bool is_delete);
+/* Create "allow_mount" entry in domain policy. */
+int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain,
+                             const bool is_delete);
 /* Create "deny_rewrite" entry in exception policy. */
 int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete);
 /* Create "file_pattern" entry in exception policy. */
@@ -735,7 +771,9 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
 struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                                                            domainname,
                                                            const u8 profile);
-
+/* Get patterned pathname. */
+const struct tomoyo_path_info *
+tomoyo_get_file_pattern(const struct tomoyo_path_info *filename);
 /* Allocate memory for "struct tomoyo_path_group". */
 struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name);
 struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name);
@@ -972,6 +1010,16 @@ static inline bool tomoyo_is_same_path_number_acl
                && tomoyo_is_same_number_union(&p1->number, &p2->number);
 }
 
+static inline bool tomoyo_is_same_mount_acl(const struct tomoyo_mount_acl *p1,
+                                           const struct tomoyo_mount_acl *p2)
+{
+       return tomoyo_is_same_acl_head(&p1->head, &p2->head) &&
+               tomoyo_is_same_name_union(&p1->dev_name, &p2->dev_name) &&
+               tomoyo_is_same_name_union(&p1->dir_name, &p2->dir_name) &&
+               tomoyo_is_same_name_union(&p1->fs_type, &p2->fs_type) &&
+               tomoyo_is_same_number_union(&p1->flags, &p2->flags);
+}
+
 static inline bool tomoyo_is_same_domain_initializer_entry
 (const struct tomoyo_domain_initializer_entry *p1,
  const struct tomoyo_domain_initializer_entry *p2)
index 727cc723f87d5d2897279ae4fa18800663fd6755..ae32cab8ec7ec7f30da6f385c34c659e77531708 100644 (file)
@@ -24,7 +24,6 @@ static const char *tomoyo_path_keyword[TOMOYO_MAX_PATH_OPERATION] = {
        [TOMOYO_TYPE_SYMLINK]    = "symlink",
        [TOMOYO_TYPE_REWRITE]    = "rewrite",
        [TOMOYO_TYPE_CHROOT]     = "chroot",
-       [TOMOYO_TYPE_MOUNT]      = "mount",
        [TOMOYO_TYPE_UMOUNT]     = "unmount",
 };
 
@@ -108,8 +107,8 @@ bool tomoyo_compare_number_union(const unsigned long value,
  *
  * Returns mode.
  */
-static int tomoyo_init_request_info(struct tomoyo_request_info *r,
-                                   struct tomoyo_domain_info *domain)
+int tomoyo_init_request_info(struct tomoyo_request_info *r,
+                            struct tomoyo_domain_info *domain)
 {
        memset(r, 0, sizeof(*r));
        if (!domain)
@@ -487,7 +486,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
  *
  * Caller holds tomoyo_read_lock().
  */
-static const struct tomoyo_path_info *
+const struct tomoyo_path_info *
 tomoyo_get_file_pattern(const struct tomoyo_path_info *filename)
 {
        struct tomoyo_pattern_entry *ptr;
@@ -1418,7 +1417,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
 }
 
 /**
- * tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "rewrite", "chroot", "mount" and "unmount".
+ * tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "rewrite", "chroot" and "unmount".
  *
  * @operation: Type of operation.
  * @path:      Pointer to "struct path".
index 78100180d23d2ff4c7bbcbe4190a55a3c03c21c5..be2d3b935533bc06cb7a08f4bdae5ec64890b8bb 100644 (file)
@@ -124,6 +124,16 @@ static void tomoyo_del_acl(struct tomoyo_acl_info *acl)
                        tomoyo_put_number_union(&entry->minor);
                }
                break;
+       case TOMOYO_TYPE_MOUNT_ACL:
+               {
+                       struct tomoyo_mount_acl *entry
+                               = container_of(acl, typeof(*entry), head);
+                       tomoyo_put_name_union(&entry->dev_name);
+                       tomoyo_put_name_union(&entry->dir_name);
+                       tomoyo_put_name_union(&entry->fs_type);
+                       tomoyo_put_number_union(&entry->flags);
+               }
+               break;
        default:
                printk(KERN_WARNING "Unknown type\n");
                break;
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
new file mode 100644 (file)
index 0000000..507be09
--- /dev/null
@@ -0,0 +1,366 @@
+/*
+ * security/tomoyo/mount.c
+ *
+ * Copyright (C) 2005-2010  NTT DATA CORPORATION
+ */
+
+#include <linux/slab.h>
+#include "common.h"
+
+/* Keywords for mount restrictions. */
+
+/* Allow to call 'mount --bind /source_dir /dest_dir' */
+#define TOMOYO_MOUNT_BIND_KEYWORD                        "--bind"
+/* Allow to call 'mount --move /old_dir    /new_dir ' */
+#define TOMOYO_MOUNT_MOVE_KEYWORD                        "--move"
+/* Allow to call 'mount -o remount /dir             ' */
+#define TOMOYO_MOUNT_REMOUNT_KEYWORD                     "--remount"
+/* Allow to call 'mount --make-unbindable /dir'       */
+#define TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD             "--make-unbindable"
+/* Allow to call 'mount --make-private /dir'          */
+#define TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD                "--make-private"
+/* Allow to call 'mount --make-slave /dir'            */
+#define TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD                  "--make-slave"
+/* Allow to call 'mount --make-shared /dir'           */
+#define TOMOYO_MOUNT_MAKE_SHARED_KEYWORD                 "--make-shared"
+
+/**
+ * tomoyo_encode2: Encode binary string to ascii string.
+ *
+ * @str: String in binary format.
+ *
+ * Returns pointer to @str in ascii format on success, NULL otherwise.
+ *
+ * This function uses kzalloc(), so caller must kfree() if this function
+ * didn't return NULL.
+ */
+static char *tomoyo_encode2(const char *str)
+{
+       int len = 0;
+       const char *p = str;
+       char *cp;
+       char *cp0;
+       if (!p)
+               return NULL;
+       while (*p) {
+               const unsigned char c = *p++;
+               if (c == '\\')
+                       len += 2;
+               else if (c > ' ' && c < 127)
+                       len++;
+               else
+                       len += 4;
+       }
+       len++;
+       /* Reserve space for appending "/". */
+       cp = kzalloc(len + 10, GFP_NOFS);
+       if (!cp)
+               return NULL;
+       cp0 = cp;
+       p = str;
+       while (*p) {
+               const unsigned char c = *p++;
+               if (c == '\\') {
+                       *cp++ = '\\';
+                       *cp++ = '\\';
+               } else if (c > ' ' && c < 127) {
+                       *cp++ = c;
+               } else {
+                       *cp++ = '\\';
+                       *cp++ = (c >> 6) + '0';
+                       *cp++ = ((c >> 3) & 7) + '0';
+                       *cp++ = (c & 7) + '0';
+               }
+       }
+       return cp0;
+}
+
+/**
+ * tomoyo_mount_acl2 - Check permission for mount() operation.
+ *
+ * @r:        Pointer to "struct tomoyo_request_info".
+ * @dev_name: Name of device file.
+ * @dir:      Pointer to "struct path".
+ * @type:     Name of filesystem type.
+ * @flags:    Mount options.
+ *
+ * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
+ */
+static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name,
+                            struct path *dir, char *type, unsigned long flags)
+{
+       struct path path;
+       struct tomoyo_acl_info *ptr;
+       struct file_system_type *fstype = NULL;
+       const char *requested_type = NULL;
+       const char *requested_dir_name = NULL;
+       const char *requested_dev_name = NULL;
+       struct tomoyo_path_info rtype;
+       struct tomoyo_path_info rdev;
+       struct tomoyo_path_info rdir;
+       int need_dev = 0;
+       int error = -ENOMEM;
+
+       /* Get fstype. */
+       requested_type = tomoyo_encode2(type);
+       if (!requested_type)
+               goto out;
+       rtype.name = requested_type;
+       tomoyo_fill_path_info(&rtype);
+
+       /* Get mount point. */
+       requested_dir_name = tomoyo_realpath_from_path(dir);
+       if (!requested_dir_name) {
+               error = -ENOMEM;
+               goto out;
+       }
+       rdir.name = requested_dir_name;
+       tomoyo_fill_path_info(&rdir);
+
+       /* Compare fs name. */
+       if (!strcmp(type, TOMOYO_MOUNT_REMOUNT_KEYWORD)) {
+               /* dev_name is ignored. */
+       } else if (!strcmp(type, TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD) ||
+                  !strcmp(type, TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD) ||
+                  !strcmp(type, TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD) ||
+                  !strcmp(type, TOMOYO_MOUNT_MAKE_SHARED_KEYWORD)) {
+               /* dev_name is ignored. */
+       } else if (!strcmp(type, TOMOYO_MOUNT_BIND_KEYWORD) ||
+                  !strcmp(type, TOMOYO_MOUNT_MOVE_KEYWORD)) {
+               need_dev = -1; /* dev_name is a directory */
+       } else {
+               fstype = get_fs_type(type);
+               if (!fstype) {
+                       error = -ENODEV;
+                       goto out;
+               }
+               if (fstype->fs_flags & FS_REQUIRES_DEV)
+                       /* dev_name is a block device file. */
+                       need_dev = 1;
+       }
+       if (need_dev) {
+               /* Get mount point or device file. */
+               if (kern_path(dev_name, LOOKUP_FOLLOW, &path)) {
+                       error = -ENOENT;
+                       goto out;
+               }
+               requested_dev_name = tomoyo_realpath_from_path(&path);
+               if (!requested_dev_name) {
+                       error = -ENOENT;
+                       goto out;
+               }
+       } else {
+               /* Map dev_name to "<NULL>" if no dev_name given. */
+               if (!dev_name)
+                       dev_name = "<NULL>";
+               requested_dev_name = tomoyo_encode2(dev_name);
+               if (!requested_dev_name) {
+                       error = -ENOMEM;
+                       goto out;
+               }
+       }
+       rdev.name = requested_dev_name;
+       tomoyo_fill_path_info(&rdev);
+       list_for_each_entry_rcu(ptr, &r->domain->acl_info_list, list) {
+               struct tomoyo_mount_acl *acl;
+               if (ptr->type != TOMOYO_TYPE_MOUNT_ACL)
+                       continue;
+               acl = container_of(ptr, struct tomoyo_mount_acl, head);
+               if (acl->is_deleted ||
+                   !tomoyo_compare_number_union(flags, &acl->flags) ||
+                   !tomoyo_compare_name_union(&rtype, &acl->fs_type) ||
+                   !tomoyo_compare_name_union(&rdir, &acl->dir_name) ||
+                   (need_dev &&
+                    !tomoyo_compare_name_union(&rdev, &acl->dev_name)))
+                       continue;
+               error = 0;
+               break;
+       }
+       if (error) {
+               const char *dev = tomoyo_get_file_pattern(&rdev)->name;
+               const char *dir = tomoyo_get_file_pattern(&rdir)->name;
+               int len = strlen(dev) + strlen(dir) + strlen(requested_type)
+                       + 64;
+               char *buf = kzalloc(len, GFP_NOFS);
+               if (buf) {
+                       snprintf(buf, len - 1, "%s %s %s 0x%lX",
+                                dev, dir, requested_type, flags);
+                       tomoyo_write_mount_policy(buf, r->domain, false);
+                       kfree(buf);
+               }
+       }
+ out:
+       kfree(requested_dev_name);
+       kfree(requested_dir_name);
+       if (fstype)
+               put_filesystem(fstype);
+       kfree(requested_type);
+       return error;
+}
+
+/**
+ * tomoyo_mount_acl - Check permission for mount() operation.
+ *
+ * @r:        Pointer to "struct tomoyo_request_info".
+ * @dev_name: Name of device file.
+ * @dir:      Pointer to "struct path".
+ * @type:     Name of filesystem type.
+ * @flags:    Mount options.
+ *
+ * Returns 0 on success, negative value otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
+ */
+static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
+                           struct path *dir, char *type, unsigned long flags)
+{
+       int error;
+       error = -EPERM;
+       if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
+               flags &= ~MS_MGC_MSK;
+       switch (flags & (MS_REMOUNT | MS_MOVE | MS_BIND)) {
+       case MS_REMOUNT:
+       case MS_MOVE:
+       case MS_BIND:
+       case 0:
+               break;
+       default:
+               printk(KERN_WARNING "ERROR: "
+                      "%s%s%sare given for single mount operation.\n",
+                      flags & MS_REMOUNT ? "'remount' " : "",
+                      flags & MS_MOVE    ? "'move' " : "",
+                      flags & MS_BIND    ? "'bind' " : "");
+               return -EINVAL;
+       }
+       switch (flags & (MS_UNBINDABLE | MS_PRIVATE | MS_SLAVE | MS_SHARED)) {
+       case MS_UNBINDABLE:
+       case MS_PRIVATE:
+       case MS_SLAVE:
+       case MS_SHARED:
+       case 0:
+               break;
+       default:
+               printk(KERN_WARNING "ERROR: "
+                      "%s%s%s%sare given for single mount operation.\n",
+                      flags & MS_UNBINDABLE ? "'unbindable' " : "",
+                      flags & MS_PRIVATE    ? "'private' " : "",
+                      flags & MS_SLAVE      ? "'slave' " : "",
+                      flags & MS_SHARED     ? "'shared' " : "");
+               return -EINVAL;
+       }
+       if (flags & MS_REMOUNT)
+               error = tomoyo_mount_acl(r, dev_name, dir,
+                                     TOMOYO_MOUNT_REMOUNT_KEYWORD,
+                                     flags & ~MS_REMOUNT);
+       else if (flags & MS_MOVE)
+               error = tomoyo_mount_acl(r, dev_name, dir,
+                                     TOMOYO_MOUNT_MOVE_KEYWORD,
+                                     flags & ~MS_MOVE);
+       else if (flags & MS_BIND)
+               error = tomoyo_mount_acl(r, dev_name, dir,
+                                     TOMOYO_MOUNT_BIND_KEYWORD,
+                                     flags & ~MS_BIND);
+       else if (flags & MS_UNBINDABLE)
+               error = tomoyo_mount_acl(r, dev_name, dir,
+                                     TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD,
+                                     flags & ~MS_UNBINDABLE);
+       else if (flags & MS_PRIVATE)
+               error = tomoyo_mount_acl(r, dev_name, dir,
+                                     TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD,
+                                     flags & ~MS_PRIVATE);
+       else if (flags & MS_SLAVE)
+               error = tomoyo_mount_acl(r, dev_name, dir,
+                                     TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD,
+                                     flags & ~MS_SLAVE);
+       else if (flags & MS_SHARED)
+               error = tomoyo_mount_acl(r, dev_name, dir,
+                                     TOMOYO_MOUNT_MAKE_SHARED_KEYWORD,
+                                     flags & ~MS_SHARED);
+       else
+               error = tomoyo_mount_acl2(r, dev_name, dir, type, flags);
+       if (r->mode != TOMOYO_CONFIG_ENFORCING)
+               error = 0;
+       return error;
+}
+
+/**
+ * tomoyo_mount_permission - Check permission for mount() operation.
+ *
+ * @dev_name:  Name of device file.
+ * @path:      Pointer to "struct path".
+ * @type:      Name of filesystem type. May be NULL.
+ * @flags:     Mount options.
+ * @data_page: Optional data. May be NULL.
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
+int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
+                           unsigned long flags, void *data_page)
+{
+       struct tomoyo_request_info r;
+       int error;
+       int idx;
+
+       if (tomoyo_init_request_info(&r, NULL) == TOMOYO_CONFIG_DISABLED)
+               return 0;
+       if (!type)
+               type = "<NULL>";
+       idx = tomoyo_read_lock();
+       error = tomoyo_mount_acl(&r, dev_name, path, type, flags);
+       tomoyo_read_unlock(idx);
+       return error;
+}
+
+/**
+ * tomoyo_write_mount_policy - Write "struct tomoyo_mount_acl" list.
+ *
+ * @data:      String to parse.
+ * @domain:    Pointer to "struct tomoyo_domain_info".
+ * @is_delete: True if it is a delete request.
+ *
+ * Returns 0 on success, negative value otherwise.
+ */
+int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain,
+                             const bool is_delete)
+{
+       struct tomoyo_acl_info *ptr;
+       struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL };
+       int error = is_delete ? -ENOENT : -ENOMEM;
+       char *w[4];
+       if (!tomoyo_tokenize(data, w, sizeof(w)) || !w[3][0])
+               return -EINVAL;
+       if (!tomoyo_parse_name_union(w[0], &e.dev_name) ||
+           !tomoyo_parse_name_union(w[1], &e.dir_name) ||
+           !tomoyo_parse_name_union(w[2], &e.fs_type) ||
+           !tomoyo_parse_number_union(w[3], &e.flags))
+               goto out;
+       if (mutex_lock_interruptible(&tomoyo_policy_lock))
+               goto out;
+       list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
+               struct tomoyo_mount_acl *acl =
+                       container_of(ptr, struct tomoyo_mount_acl, head);
+               if (!tomoyo_is_same_mount_acl(acl, &e))
+                       continue;
+               acl->is_deleted = is_delete;
+               error = 0;
+               break;
+       }
+       if (!is_delete && error) {
+               struct tomoyo_mount_acl *entry =
+                       tomoyo_commit_ok(&e, sizeof(e));
+               if (entry) {
+                       list_add_tail_rcu(&entry->head.list,
+                                         &domain->acl_info_list);
+                       error = 0;
+               }
+       }
+       mutex_unlock(&tomoyo_policy_lock);
+ out:
+       tomoyo_put_name_union(&e.dev_name);
+       tomoyo_put_name_union(&e.dir_name);
+       tomoyo_put_name_union(&e.fs_type);
+       tomoyo_put_number_union(&e.flags);
+       return error;
+}
index bbe00429b3f51c6a3302cbc59d1b51113bd49ffe..5d64d409b1129df134f9983b24f8d4307319c47b 100644 (file)
@@ -226,7 +226,7 @@ static int tomoyo_path_chroot(struct path *path)
 static int tomoyo_sb_mount(char *dev_name, struct path *path,
                           char *type, unsigned long flags, void *data)
 {
-       return tomoyo_path_perm(TOMOYO_TYPE_MOUNT, path);
+       return tomoyo_mount_permission(dev_name, path, type, flags, data);
 }
 
 static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)