1 files changed, 61 insertions, 0 deletions
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 8a00ade8516..ad9555fc376 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -194,6 +194,60 @@ static int tomoyo_dentry_open(struct file *f, const struct cred *cred)
        return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
 }
+static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
+                             unsigned long arg)
+{
+        return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_IOCTL_ACL,
+                                       &file->f_path);
+}
+static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
+                             mode_t mode)
+{
+        struct path path = { mnt, dentry };
+        return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHMOD_ACL,
+                                       &path);
+}
+static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
+{
+        int error = 0;
+        if (uid != (uid_t) -1)
+                error = tomoyo_check_1path_perm(tomoyo_domain(),
+                                                TOMOYO_TYPE_CHOWN_ACL, path);
+        if (!error && gid != (gid_t) -1)
+                error = tomoyo_check_1path_perm(tomoyo_domain(),
+                                                TOMOYO_TYPE_CHGRP_ACL, path);
+        return error;
+}
+static int tomoyo_path_chroot(struct path *path)
+{
+        return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHROOT_ACL,
+                                       path);
+}
+static int tomoyo_sb_mount(char *dev_name, struct path *path,
+                           char *type, unsigned long flags, void *data)
+{
+        return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_MOUNT_ACL,
+                                       path);
+}
+static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
+{
+        struct path path = { mnt, mnt->mnt_root };
+        return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_UMOUNT_ACL,
+                                       &path);
+}
+static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
+{
+        return tomoyo_check_2path_perm(tomoyo_domain(),
+                                       TOMOYO_TYPE_PIVOT_ROOT_ACL,
+                                       new_path, old_path);
+}
 /*
 * tomoyo_security_ops is a "struct security_operations" which is used for
 * registering TOMOYO.
@@ -215,6 +269,13 @@ static struct security_operations tomoyo_security_ops = {
        .path_mknod          = tomoyo_path_mknod,
        .path_link           = tomoyo_path_link,
        .path_rename         = tomoyo_path_rename,
+        .file_ioctl          = tomoyo_file_ioctl,
+        .path_chmod          = tomoyo_path_chmod,
+        .path_chown          = tomoyo_path_chown,
+        .path_chroot         = tomoyo_path_chroot,
+        .sb_mount            = tomoyo_sb_mount,
+        .sb_umount           = tomoyo_sb_umount,
+        .sb_pivotroot        = tomoyo_sb_pivotroot,
 };
 static int __init tomoyo_init(void)

diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 8a00ade8516..ad9555fc376 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c
@@ -194,6 +194,60 @@ static int tomoyo_dentry_open(struct file f, const struct cred cred)
194	return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);	194	return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
195	}	195	}
196		196
		197	static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
		198	unsigned long arg)
		199	{
		200	return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_IOCTL_ACL,
		201	&file->f_path);
		202	}
		203
		204	static int tomoyo_path_chmod(struct dentry dentry, struct vfsmount mnt,
		205	mode_t mode)
		206	{
		207	struct path path = { mnt, dentry };
		208	return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHMOD_ACL,
		209	&path);
		210	}
		211
		212	static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
		213	{
		214	int error = 0;
		215	if (uid != (uid_t) -1)
		216	error = tomoyo_check_1path_perm(tomoyo_domain(),
		217	TOMOYO_TYPE_CHOWN_ACL, path);
		218	if (!error && gid != (gid_t) -1)
		219	error = tomoyo_check_1path_perm(tomoyo_domain(),
		220	TOMOYO_TYPE_CHGRP_ACL, path);
		221	return error;
		222	}
		223
		224	static int tomoyo_path_chroot(struct path *path)
		225	{
		226	return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHROOT_ACL,
		227	path);
		228	}
		229
		230	static int tomoyo_sb_mount(char dev_name, struct path path,
		231	char type, unsigned long flags, void data)
		232	{
		233	return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_MOUNT_ACL,
		234	path);
		235	}
		236
		237	static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
		238	{
		239	struct path path = { mnt, mnt->mnt_root };
		240	return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_UMOUNT_ACL,
		241	&path);
		242	}
		243
		244	static int tomoyo_sb_pivotroot(struct path old_path, struct path new_path)
		245	{
		246	return tomoyo_check_2path_perm(tomoyo_domain(),
		247	TOMOYO_TYPE_PIVOT_ROOT_ACL,
		248	new_path, old_path);
		249	}
		250
197	/*	251	/*
198	* tomoyo_security_ops is a "struct security_operations" which is used for	252	* tomoyo_security_ops is a "struct security_operations" which is used for
199	* registering TOMOYO.	253	* registering TOMOYO.
@@ -215,6 +269,13 @@ static struct security_operations tomoyo_security_ops = {
215	.path_mknod = tomoyo_path_mknod,	269	.path_mknod = tomoyo_path_mknod,
216	.path_link = tomoyo_path_link,	270	.path_link = tomoyo_path_link,
217	.path_rename = tomoyo_path_rename,	271	.path_rename = tomoyo_path_rename,
		272	.file_ioctl = tomoyo_file_ioctl,
		273	.path_chmod = tomoyo_path_chmod,
		274	.path_chown = tomoyo_path_chown,
		275	.path_chroot = tomoyo_path_chroot,
		276	.sb_mount = tomoyo_sb_mount,
		277	.sb_umount = tomoyo_sb_umount,
		278	.sb_pivotroot = tomoyo_sb_pivotroot,
218	};	279	};
219		280
220	static int __init tomoyo_init(void)	281	static int __init tomoyo_init(void)