Patched in Tegra support.

author: Jonathan Herman <hermanjl@cs.unc.edu> 2013-01-17 16:15:55 -0500
committer: Jonathan Herman <hermanjl@cs.unc.edu> 2013-01-17 16:15:55 -0500
commit: 8dea78da5cee153b8af9c07a2745f6c55057fe12 (patch)
tree: a8f4d49d63b1ecc92f2fddceba0655b2472c5bd9 /security/tomoyo/util.c
parent: 406089d01562f1e2bf9f089fd7637009ebaad589 (diff)
1 files changed, 14 insertions, 81 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index 2952ba576fb..c36bd1107fc 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -42,39 +42,6 @@ const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX] = {
        [TOMOYO_MAC_FILE_MOUNT]      = TOMOYO_MAC_CATEGORY_FILE,
        [TOMOYO_MAC_FILE_UMOUNT]     = TOMOYO_MAC_CATEGORY_FILE,
        [TOMOYO_MAC_FILE_PIVOT_ROOT] = TOMOYO_MAC_CATEGORY_FILE,
-        /* CONFIG::network group */
-        [TOMOYO_MAC_NETWORK_INET_STREAM_BIND]       =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_INET_STREAM_LISTEN]     =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_INET_STREAM_CONNECT]    =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_INET_DGRAM_BIND]        =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_INET_DGRAM_SEND]        =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_INET_RAW_BIND]          =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_INET_RAW_SEND]          =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_UNIX_STREAM_BIND]       =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_UNIX_STREAM_LISTEN]     =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_UNIX_STREAM_CONNECT]    =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_UNIX_DGRAM_BIND]        =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_UNIX_DGRAM_SEND]        =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_BIND]    =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_LISTEN]  =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] =
-        TOMOYO_MAC_CATEGORY_NETWORK,
-        /* CONFIG::misc group */
-        [TOMOYO_MAC_ENVIRON]         = TOMOYO_MAC_CATEGORY_MISC,
 };
 /**
@@ -159,31 +126,6 @@ char *tomoyo_read_token(struct tomoyo_acl_param *param)
 }
 /**
- * tomoyo_get_domainname - Read a domainname from a line.
- *
- * @param: Pointer to "struct tomoyo_acl_param".
- *
- * Returns a domainname on success, NULL otherwise.
- */
-const struct tomoyo_path_info *tomoyo_get_domainname
-(struct tomoyo_acl_param *param)
-{
-        char *start = param->data;
-        char *pos = start;
-        while (*pos) {
-                if (*pos++ != ' ' || *pos++ == '/')
-                        continue;
-                pos -= 2;
-                *pos++ = '\0';
-                break;
-        }
-        param->data = pos;
-        if (tomoyo_correct_domain(start))
-                return tomoyo_get_name(start);
-        return NULL;
-}
-/**
 * tomoyo_parse_ulong - Parse an "unsigned long" value.
 *
 * @result: Pointer to "unsigned long".
@@ -492,13 +434,13 @@ static bool tomoyo_correct_word2(const char *string, size_t len)
                                if (d < '0' || d > '7' || e < '0' || e > '7')
                                        break;
                                c = tomoyo_make_byte(c, d, e);
-                                if (c <= ' ' || c >= 127)
+                                if (tomoyo_invalid(c))
-                                        continue;
+                                        continue; /* pattern is not \000 */
                        }
                        goto out;
                } else if (in_repetition && c == '/') {
                        goto out;
-                } else if (c <= ' ' || c >= 127) {
+                } else if (tomoyo_invalid(c)) {
                        goto out;
                }
        }
@@ -949,13 +891,18 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
 const char *tomoyo_get_exe(void)
 {
        struct mm_struct *mm = current->mm;
+        struct vm_area_struct *vma;
        const char *cp = NULL;
        if (!mm)
                return NULL;
        down_read(&mm->mmap_sem);
-        if (mm->exe_file)
+        for (vma = mm->mmap; vma; vma = vma->vm_next) {
-                cp = tomoyo_realpath_from_path(&mm->exe_file->f_path);
+                if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {
+                        cp = tomoyo_realpath_from_path(&vma->vm_file->f_path);
+                        break;
+                }
+        }
        up_read(&mm->mmap_sem);
        return cp;
 }
@@ -973,17 +920,14 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
                    const u8 index)
 {
        u8 mode;
-        struct tomoyo_profile *p;
+        const u8 category = TOMOYO_MAC_CATEGORY_FILE;
        if (!tomoyo_policy_loaded)
                return TOMOYO_CONFIG_DISABLED;
-        p = tomoyo_profile(ns, profile);
+        mode = tomoyo_profile(ns, profile)->config[index];
-        mode = p->config[index];
        if (mode == TOMOYO_CONFIG_USE_DEFAULT)
-                mode = p->config[tomoyo_index2category[index]
+                mode = tomoyo_profile(ns, profile)->config[category];
-                                 + TOMOYO_MAX_MAC_INDEX];
        if (mode == TOMOYO_CONFIG_USE_DEFAULT)
-                mode = p->default_config;
+                mode = tomoyo_profile(ns, profile)->default_config;
        return mode & 3;
 }
@@ -1052,17 +996,6 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
                        perm = container_of(ptr, struct tomoyo_mkdev_acl,
                                            head)->perm;
                        break;
-                case TOMOYO_TYPE_INET_ACL:
-                        perm = container_of(ptr, struct tomoyo_inet_acl,
-                                            head)->perm;
-                        break;
-                case TOMOYO_TYPE_UNIX_ACL:
-                        perm = container_of(ptr, struct tomoyo_unix_acl,
-                                            head)->perm;
-                        break;
-                case TOMOYO_TYPE_MANUAL_TASK_ACL:
-                        perm = 0;
-                        break;
                default:
                        perm = 1;
                }
author	Jonathan Herman <hermanjl@cs.unc.edu>	2013-01-17 16:15:55 -0500
committer	Jonathan Herman <hermanjl@cs.unc.edu>	2013-01-17 16:15:55 -0500
commit	8dea78da5cee153b8af9c07a2745f6c55057fe12 (patch)
tree	a8f4d49d63b1ecc92f2fddceba0655b2472c5bd9 /security/tomoyo/util.c
parent	406089d01562f1e2bf9f089fd7637009ebaad589 (diff)

diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 2952ba576fb..c36bd1107fc 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c
@@ -42,39 +42,6 @@ const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX] = {
42	[TOMOYO_MAC_FILE_MOUNT] = TOMOYO_MAC_CATEGORY_FILE,	42	[TOMOYO_MAC_FILE_MOUNT] = TOMOYO_MAC_CATEGORY_FILE,
43	[TOMOYO_MAC_FILE_UMOUNT] = TOMOYO_MAC_CATEGORY_FILE,	43	[TOMOYO_MAC_FILE_UMOUNT] = TOMOYO_MAC_CATEGORY_FILE,
44	[TOMOYO_MAC_FILE_PIVOT_ROOT] = TOMOYO_MAC_CATEGORY_FILE,	44	[TOMOYO_MAC_FILE_PIVOT_ROOT] = TOMOYO_MAC_CATEGORY_FILE,
45	/* CONFIG::network group */
46	[TOMOYO_MAC_NETWORK_INET_STREAM_BIND] =
47	TOMOYO_MAC_CATEGORY_NETWORK,
48	[TOMOYO_MAC_NETWORK_INET_STREAM_LISTEN] =
49	TOMOYO_MAC_CATEGORY_NETWORK,
50	[TOMOYO_MAC_NETWORK_INET_STREAM_CONNECT] =
51	TOMOYO_MAC_CATEGORY_NETWORK,
52	[TOMOYO_MAC_NETWORK_INET_DGRAM_BIND] =
53	TOMOYO_MAC_CATEGORY_NETWORK,
54	[TOMOYO_MAC_NETWORK_INET_DGRAM_SEND] =
55	TOMOYO_MAC_CATEGORY_NETWORK,
56	[TOMOYO_MAC_NETWORK_INET_RAW_BIND] =
57	TOMOYO_MAC_CATEGORY_NETWORK,
58	[TOMOYO_MAC_NETWORK_INET_RAW_SEND] =
59	TOMOYO_MAC_CATEGORY_NETWORK,
60	[TOMOYO_MAC_NETWORK_UNIX_STREAM_BIND] =
61	TOMOYO_MAC_CATEGORY_NETWORK,
62	[TOMOYO_MAC_NETWORK_UNIX_STREAM_LISTEN] =
63	TOMOYO_MAC_CATEGORY_NETWORK,
64	[TOMOYO_MAC_NETWORK_UNIX_STREAM_CONNECT] =
65	TOMOYO_MAC_CATEGORY_NETWORK,
66	[TOMOYO_MAC_NETWORK_UNIX_DGRAM_BIND] =
67	TOMOYO_MAC_CATEGORY_NETWORK,
68	[TOMOYO_MAC_NETWORK_UNIX_DGRAM_SEND] =
69	TOMOYO_MAC_CATEGORY_NETWORK,
70	[TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_BIND] =
71	TOMOYO_MAC_CATEGORY_NETWORK,
72	[TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_LISTEN] =
73	TOMOYO_MAC_CATEGORY_NETWORK,
74	[TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] =
75	TOMOYO_MAC_CATEGORY_NETWORK,
76	/* CONFIG::misc group */
77	[TOMOYO_MAC_ENVIRON] = TOMOYO_MAC_CATEGORY_MISC,
78	};	45	};
79		46
80	/**	47	/**
@@ -159,31 +126,6 @@ char tomoyo_read_token(struct tomoyo_acl_param param)
159	}	126	}
160		127
161	/**	128	/**
162	* tomoyo_get_domainname - Read a domainname from a line.
163	*
164	* @param: Pointer to "struct tomoyo_acl_param".
165	*
166	* Returns a domainname on success, NULL otherwise.
167	*/
168	const struct tomoyo_path_info *tomoyo_get_domainname
169	(struct tomoyo_acl_param *param)
170	{
171	char *start = param->data;
172	char *pos = start;
173	while (*pos) {
174	if (pos++ != ' ' \|\| pos++ == '/')
175	continue;
176	pos -= 2;
177	*pos++ = '\0';
178	break;
179	}
180	param->data = pos;
181	if (tomoyo_correct_domain(start))
182	return tomoyo_get_name(start);
183	return NULL;
184	}
185
186	/**
187	* tomoyo_parse_ulong - Parse an "unsigned long" value.	129	* tomoyo_parse_ulong - Parse an "unsigned long" value.
188	*	130	*
189	* @result: Pointer to "unsigned long".	131	* @result: Pointer to "unsigned long".
@@ -492,13 +434,13 @@ static bool tomoyo_correct_word2(const char *string, size_t len)
492	if (d < '0' \|\| d > '7' \|\| e < '0' \|\| e > '7')	434	if (d < '0' \|\| d > '7' \|\| e < '0' \|\| e > '7')
493	break;	435	break;
494	c = tomoyo_make_byte(c, d, e);	436	c = tomoyo_make_byte(c, d, e);
495	if (c <= ' ' \|\| c >= 127)	437	if (tomoyo_invalid(c))
496	continue;	438	continue; /* pattern is not \000 */
497	}	439	}
498	goto out;	440	goto out;
499	} else if (in_repetition && c == '/') {	441	} else if (in_repetition && c == '/') {
500	goto out;	442	goto out;
501	} else if (c <= ' ' \|\| c >= 127) {	443	} else if (tomoyo_invalid(c)) {
502	goto out;	444	goto out;
503	}	445	}
504	}	446	}
@@ -949,13 +891,18 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
949	const char *tomoyo_get_exe(void)	891	const char *tomoyo_get_exe(void)
950	{	892	{
951	struct mm_struct *mm = current->mm;	893	struct mm_struct *mm = current->mm;
		894	struct vm_area_struct *vma;
952	const char *cp = NULL;	895	const char *cp = NULL;
953		896
954	if (!mm)	897	if (!mm)
955	return NULL;	898	return NULL;
956	down_read(&mm->mmap_sem);	899	down_read(&mm->mmap_sem);
957	if (mm->exe_file)	900	for (vma = mm->mmap; vma; vma = vma->vm_next) {
958	cp = tomoyo_realpath_from_path(&mm->exe_file->f_path);	901	if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {
		902	cp = tomoyo_realpath_from_path(&vma->vm_file->f_path);
		903	break;
		904	}
		905	}
959	up_read(&mm->mmap_sem);	906	up_read(&mm->mmap_sem);
960	return cp;	907	return cp;
961	}	908	}
@@ -973,17 +920,14 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
973	const u8 index)	920	const u8 index)
974	{	921	{
975	u8 mode;	922	u8 mode;
976	struct tomoyo_profile *p;	923	const u8 category = TOMOYO_MAC_CATEGORY_FILE;
977
978	if (!tomoyo_policy_loaded)	924	if (!tomoyo_policy_loaded)
979	return TOMOYO_CONFIG_DISABLED;	925	return TOMOYO_CONFIG_DISABLED;
980	p = tomoyo_profile(ns, profile);	926	mode = tomoyo_profile(ns, profile)->config[index];
981	mode = p->config[index];
982	if (mode == TOMOYO_CONFIG_USE_DEFAULT)	927	if (mode == TOMOYO_CONFIG_USE_DEFAULT)
983	mode = p->config[tomoyo_index2category[index]	928	mode = tomoyo_profile(ns, profile)->config[category];
984	+ TOMOYO_MAX_MAC_INDEX];
985	if (mode == TOMOYO_CONFIG_USE_DEFAULT)	929	if (mode == TOMOYO_CONFIG_USE_DEFAULT)
986	mode = p->default_config;	930	mode = tomoyo_profile(ns, profile)->default_config;
987	return mode & 3;	931	return mode & 3;
988	}	932	}
989		933
@@ -1052,17 +996,6 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
1052	perm = container_of(ptr, struct tomoyo_mkdev_acl,	996	perm = container_of(ptr, struct tomoyo_mkdev_acl,
1053	head)->perm;	997	head)->perm;
1054	break;	998	break;
1055	case TOMOYO_TYPE_INET_ACL:
1056	perm = container_of(ptr, struct tomoyo_inet_acl,
1057	head)->perm;
1058	break;
1059	case TOMOYO_TYPE_UNIX_ACL:
1060	perm = container_of(ptr, struct tomoyo_unix_acl,
1061	head)->perm;
1062	break;
1063	case TOMOYO_TYPE_MANUAL_TASK_ACL:
1064	perm = 0;
1065	break;
1066	default:	999	default:
1067	perm = 1;	1000	perm = 1;
1068	}	1001	}