aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-06-20 20:58:53 -0400
committerJames Morris <jmorris@namei.org>2010-08-02 01:34:42 -0400
commit0617c7ff34dc9b1d641640c3953274bb2dbe21a6 (patch)
tree6be51af32ad65380aff9b7fa385f65ef15b3d53b /security/tomoyo
parent7c2ea22e3c5463627ca98924cd65cb9e480dc29c (diff)
TOMOYO: Remove alias keyword.
Some programs behave differently depending on argv[0] passed to execve(). TOMOYO has "alias" keyword in order to allow administrators to define different domains if requested pathname passed to execve() is a symlink. But "alias" keyword is incomplete because this keyword assumes that requested pathname and argv[0] are identical. Thus, remove "alias" keyword (by this patch) and add syntax for checking argv[0] (by future patches). Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/common.c12
-rw-r--r--security/tomoyo/common.h30
-rw-r--r--security/tomoyo/domain.c100
-rw-r--r--security/tomoyo/gc.c11
-rw-r--r--security/tomoyo/realpath.c19
5 files changed, 8 insertions, 164 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 183fe651340..0e6b1b598b8 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1177,8 +1177,6 @@ static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
1177 is_delete); 1177 is_delete);
1178 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR)) 1178 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_AGGREGATOR))
1179 return tomoyo_write_aggregator_policy(data, is_delete); 1179 return tomoyo_write_aggregator_policy(data, is_delete);
1180 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALIAS))
1181 return tomoyo_write_alias_policy(data, is_delete);
1182 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ)) 1180 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_ALLOW_READ))
1183 return tomoyo_write_globally_readable_policy(data, is_delete); 1181 return tomoyo_write_globally_readable_policy(data, is_delete);
1184 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN)) 1182 if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_FILE_PATTERN))
@@ -1334,16 +1332,6 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1334 w[1] = ptr->filename->name; 1332 w[1] = ptr->filename->name;
1335 } 1333 }
1336 break; 1334 break;
1337 case TOMOYO_ID_ALIAS:
1338 {
1339 struct tomoyo_alias_entry *ptr =
1340 container_of(acl, typeof(*ptr), head);
1341 w[0] = TOMOYO_KEYWORD_ALIAS;
1342 w[1] = ptr->original_name->name;
1343 w[2] = " ";
1344 w[3] = ptr->aliased_name->name;
1345 }
1346 break;
1347 case TOMOYO_ID_AGGREGATOR: 1335 case TOMOYO_ID_AGGREGATOR:
1348 { 1336 {
1349 struct tomoyo_aggregator_entry *ptr = 1337 struct tomoyo_aggregator_entry *ptr =
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index ec3ed488ee3..12b0c5c46c8 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -53,7 +53,6 @@ enum tomoyo_policy_id {
53 TOMOYO_ID_DOMAIN_INITIALIZER, 53 TOMOYO_ID_DOMAIN_INITIALIZER,
54 TOMOYO_ID_DOMAIN_KEEPER, 54 TOMOYO_ID_DOMAIN_KEEPER,
55 TOMOYO_ID_AGGREGATOR, 55 TOMOYO_ID_AGGREGATOR,
56 TOMOYO_ID_ALIAS,
57 TOMOYO_ID_GLOBALLY_READABLE, 56 TOMOYO_ID_GLOBALLY_READABLE,
58 TOMOYO_ID_PATTERN, 57 TOMOYO_ID_PATTERN,
59 TOMOYO_ID_NO_REWRITE, 58 TOMOYO_ID_NO_REWRITE,
@@ -72,7 +71,6 @@ enum tomoyo_group_id {
72 71
73/* Keywords for ACLs. */ 72/* Keywords for ACLs. */
74#define TOMOYO_KEYWORD_AGGREGATOR "aggregator " 73#define TOMOYO_KEYWORD_AGGREGATOR "aggregator "
75#define TOMOYO_KEYWORD_ALIAS "alias "
76#define TOMOYO_KEYWORD_ALLOW_MOUNT "allow_mount " 74#define TOMOYO_KEYWORD_ALLOW_MOUNT "allow_mount "
77#define TOMOYO_KEYWORD_ALLOW_READ "allow_read " 75#define TOMOYO_KEYWORD_ALLOW_READ "allow_read "
78#define TOMOYO_KEYWORD_DELETE "delete " 76#define TOMOYO_KEYWORD_DELETE "delete "
@@ -683,20 +681,6 @@ struct tomoyo_aggregator_entry {
683}; 681};
684 682
685/* 683/*
686 * tomoyo_alias_entry is a structure which is used for holding "alias" entries.
687 * It has following fields.
688 *
689 * (1) "head" is "struct tomoyo_acl_head".
690 * (2) "original_name" which is a dereferenced pathname.
691 * (3) "aliased_name" which is a symlink's pathname.
692 */
693struct tomoyo_alias_entry {
694 struct tomoyo_acl_head head;
695 const struct tomoyo_path_info *original_name;
696 const struct tomoyo_path_info *aliased_name;
697};
698
699/*
700 * tomoyo_policy_manager_entry is a structure which is used for holding list of 684 * tomoyo_policy_manager_entry is a structure which is used for holding list of
701 * domainnames or programs which are permitted to modify configuration via 685 * domainnames or programs which are permitted to modify configuration via
702 * /sys/kernel/security/tomoyo/ interface. 686 * /sys/kernel/security/tomoyo/ interface.
@@ -809,8 +793,6 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
809 unsigned long flags, void *data_page); 793 unsigned long flags, void *data_page);
810/* Create "aggregator" entry in exception policy. */ 794/* Create "aggregator" entry in exception policy. */
811int tomoyo_write_aggregator_policy(char *data, const bool is_delete); 795int tomoyo_write_aggregator_policy(char *data, const bool is_delete);
812/* Create "alias" entry in exception policy. */
813int tomoyo_write_alias_policy(char *data, const bool is_delete);
814/* 796/*
815 * Create "initialize_domain" and "no_initialize_domain" entry 797 * Create "initialize_domain" and "no_initialize_domain" entry
816 * in exception policy. 798 * in exception policy.
@@ -868,16 +850,14 @@ void tomoyo_put_number_union(struct tomoyo_number_union *ptr);
868char *tomoyo_encode(const char *str); 850char *tomoyo_encode(const char *str);
869 851
870/* 852/*
871 * Returns realpath(3) of the given pathname but ignores chroot'ed root. 853 * Returns realpath(3) of the given pathname except that
872 * These functions use kzalloc(), so the caller must call kfree() 854 * ignores chroot'ed root and does not follow the final symlink.
873 * if these functions didn't return NULL.
874 */ 855 */
875char *tomoyo_realpath(const char *pathname); 856char *tomoyo_realpath_nofollow(const char *pathname);
876/* 857/*
877 * Same with tomoyo_realpath() except that it doesn't follow the final symlink. 858 * Returns realpath(3) of the given pathname except that
859 * ignores chroot'ed root and the pathname is already solved.
878 */ 860 */
879char *tomoyo_realpath_nofollow(const char *pathname);
880/* Same with tomoyo_realpath() except that the pathname is already solved. */
881char *tomoyo_realpath_from_path(struct path *path); 861char *tomoyo_realpath_from_path(struct path *path);
882/* Get patterned pathname. */ 862/* Get patterned pathname. */
883const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename); 863const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename);
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 038071a8a3d..273e670acf0 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -467,72 +467,6 @@ int tomoyo_write_aggregator_policy(char *data, const bool is_delete)
467 return tomoyo_update_aggregator_entry(data, cp, is_delete); 467 return tomoyo_update_aggregator_entry(data, cp, is_delete);
468} 468}
469 469
470static bool tomoyo_same_alias_entry(const struct tomoyo_acl_head *a,
471 const struct tomoyo_acl_head *b)
472{
473 const struct tomoyo_alias_entry *p1 = container_of(a, typeof(*p1),
474 head);
475 const struct tomoyo_alias_entry *p2 = container_of(b, typeof(*p2),
476 head);
477 return p1->original_name == p2->original_name &&
478 p1->aliased_name == p2->aliased_name;
479}
480
481/**
482 * tomoyo_update_alias_entry - Update "struct tomoyo_alias_entry" list.
483 *
484 * @original_name: The original program's real name.
485 * @aliased_name: The symbolic program's symbolic link's name.
486 * @is_delete: True if it is a delete request.
487 *
488 * Returns 0 on success, negative value otherwise.
489 *
490 * Caller holds tomoyo_read_lock().
491 */
492static int tomoyo_update_alias_entry(const char *original_name,
493 const char *aliased_name,
494 const bool is_delete)
495{
496 struct tomoyo_alias_entry e = { };
497 int error = is_delete ? -ENOENT : -ENOMEM;
498
499 if (!tomoyo_correct_path(original_name) ||
500 !tomoyo_correct_path(aliased_name))
501 return -EINVAL;
502 e.original_name = tomoyo_get_name(original_name);
503 e.aliased_name = tomoyo_get_name(aliased_name);
504 if (!e.original_name || !e.aliased_name ||
505 e.original_name->is_patterned || e.aliased_name->is_patterned)
506 goto out; /* No patterns allowed. */
507 error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
508 &tomoyo_policy_list[TOMOYO_ID_ALIAS],
509 tomoyo_same_alias_entry);
510 out:
511 tomoyo_put_name(e.original_name);
512 tomoyo_put_name(e.aliased_name);
513 return error;
514}
515
516/**
517 * tomoyo_write_alias_policy - Write "struct tomoyo_alias_entry" list.
518 *
519 * @data: String to parse.
520 * @is_delete: True if it is a delete request.
521 *
522 * Returns 0 on success, negative value otherwise.
523 *
524 * Caller holds tomoyo_read_lock().
525 */
526int tomoyo_write_alias_policy(char *data, const bool is_delete)
527{
528 char *cp = strchr(data, ' ');
529
530 if (!cp)
531 return -EINVAL;
532 *cp++ = '\0';
533 return tomoyo_update_alias_entry(data, cp, is_delete);
534}
535
536/** 470/**
537 * tomoyo_find_or_assign_new_domain - Create a domain. 471 * tomoyo_find_or_assign_new_domain - Create a domain.
538 * 472 *
@@ -606,7 +540,6 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
606 int retval = -ENOMEM; 540 int retval = -ENOMEM;
607 bool need_kfree = false; 541 bool need_kfree = false;
608 struct tomoyo_path_info rn = { }; /* real name */ 542 struct tomoyo_path_info rn = { }; /* real name */
609 struct tomoyo_path_info sn = { }; /* symlink name */
610 struct tomoyo_path_info ln; /* last name */ 543 struct tomoyo_path_info ln; /* last name */
611 544
612 ln.name = tomoyo_get_last_name(old_domain); 545 ln.name = tomoyo_get_last_name(old_domain);
@@ -621,39 +554,14 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
621 kfree(rn.name); 554 kfree(rn.name);
622 need_kfree = false; 555 need_kfree = false;
623 } 556 }
624 /* Get tomoyo_realpath of program. */ 557 /* Get symlink's pathname of program. */
625 retval = -ENOENT; 558 retval = -ENOENT;
626 rn.name = tomoyo_realpath(original_name); 559 rn.name = tomoyo_realpath_nofollow(original_name);
627 if (!rn.name) 560 if (!rn.name)
628 goto out; 561 goto out;
629 tomoyo_fill_path_info(&rn); 562 tomoyo_fill_path_info(&rn);
630 need_kfree = true; 563 need_kfree = true;
631 564
632 /* Get tomoyo_realpath of symbolic link. */
633 sn.name = tomoyo_realpath_nofollow(original_name);
634 if (!sn.name)
635 goto out;
636 tomoyo_fill_path_info(&sn);
637
638 /* Check 'alias' directive. */
639 if (tomoyo_pathcmp(&rn, &sn)) {
640 struct tomoyo_alias_entry *ptr;
641 /* Is this program allowed to be called via symbolic links? */
642 list_for_each_entry_rcu(ptr,
643 &tomoyo_policy_list[TOMOYO_ID_ALIAS],
644 head.list) {
645 if (ptr->head.is_deleted ||
646 tomoyo_pathcmp(&rn, ptr->original_name) ||
647 tomoyo_pathcmp(&sn, ptr->aliased_name))
648 continue;
649 kfree(rn.name);
650 need_kfree = false;
651 /* This is OK because it is read only. */
652 rn = *ptr->aliased_name;
653 break;
654 }
655 }
656
657 /* Check 'aggregator' directive. */ 565 /* Check 'aggregator' directive. */
658 { 566 {
659 struct tomoyo_aggregator_entry *ptr; 567 struct tomoyo_aggregator_entry *ptr;
@@ -663,8 +571,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
663 !tomoyo_path_matches_pattern(&rn, 571 !tomoyo_path_matches_pattern(&rn,
664 ptr->original_name)) 572 ptr->original_name))
665 continue; 573 continue;
666 if (need_kfree) 574 kfree(rn.name);
667 kfree(rn.name);
668 need_kfree = false; 575 need_kfree = false;
669 /* This is OK because it is read only. */ 576 /* This is OK because it is read only. */
670 rn = *ptr->aggregated_name; 577 rn = *ptr->aggregated_name;
@@ -729,7 +636,6 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
729 bprm->cred->security = domain; 636 bprm->cred->security = domain;
730 if (need_kfree) 637 if (need_kfree)
731 kfree(rn.name); 638 kfree(rn.name);
732 kfree(sn.name);
733 kfree(tmp); 639 kfree(tmp);
734 return retval; 640 return retval;
735} 641}
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index cf62a4ee79c..4d4ba84f874 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -77,14 +77,6 @@ static void tomoyo_del_aggregator(struct list_head *element)
77 tomoyo_put_name(ptr->aggregated_name); 77 tomoyo_put_name(ptr->aggregated_name);
78} 78}
79 79
80static void tomoyo_del_alias(struct list_head *element)
81{
82 struct tomoyo_alias_entry *ptr =
83 container_of(element, typeof(*ptr), head.list);
84 tomoyo_put_name(ptr->original_name);
85 tomoyo_put_name(ptr->aliased_name);
86}
87
88static void tomoyo_del_manager(struct list_head *element) 80static void tomoyo_del_manager(struct list_head *element)
89{ 81{
90 struct tomoyo_policy_manager_entry *ptr = 82 struct tomoyo_policy_manager_entry *ptr =
@@ -309,9 +301,6 @@ static void tomoyo_kfree_entry(void)
309 case TOMOYO_ID_AGGREGATOR: 301 case TOMOYO_ID_AGGREGATOR:
310 tomoyo_del_aggregator(element); 302 tomoyo_del_aggregator(element);
311 break; 303 break;
312 case TOMOYO_ID_ALIAS:
313 tomoyo_del_alias(element);
314 break;
315 case TOMOYO_ID_GLOBALLY_READABLE: 304 case TOMOYO_ID_GLOBALLY_READABLE:
316 tomoyo_del_allow_read(element); 305 tomoyo_del_allow_read(element);
317 break; 306 break;
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 153fa23a05c..ed8ccd68010 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -162,25 +162,6 @@ char *tomoyo_realpath_from_path(struct path *path)
162} 162}
163 163
164/** 164/**
165 * tomoyo_realpath - Get realpath of a pathname.
166 *
167 * @pathname: The pathname to solve.
168 *
169 * Returns the realpath of @pathname on success, NULL otherwise.
170 */
171char *tomoyo_realpath(const char *pathname)
172{
173 struct path path;
174
175 if (pathname && kern_path(pathname, LOOKUP_FOLLOW, &path) == 0) {
176 char *buf = tomoyo_realpath_from_path(&path);
177 path_put(&path);
178 return buf;
179 }
180 return NULL;
181}
182
183/**
184 * tomoyo_realpath_nofollow - Get realpath of a pathname. 165 * tomoyo_realpath_nofollow - Get realpath of a pathname.
185 * 166 *
186 * @pathname: The pathname to solve. 167 * @pathname: The pathname to solve.