TOMOYO: Allow using UID/GID etc. of current thread as conditions.

This patch adds support for permission checks using current thread's UID/GID etc. in addition to pathnames. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2011-07-08 00:21:37 -0400
committer: James Morris <jmorris@namei.org> 2011-07-10 21:05:32 -0400
commit: 2066a36125fcbf5220990173b9d8e8bc49ad7538 (patch)
tree: c8ea3a6d92a8b4b68cda986601336e8e8f58553e /security/tomoyo/audit.c
parent: 5c4274f13819b40e726f6ee4ef13b4952cff5010 (diff)
1 files changed, 16 insertions, 16 deletions
diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c
index 967b5648dce3..9381d0e7f78f 100644
--- a/security/tomoyo/audit.c
+++ b/security/tomoyo/audit.c
@@ -25,7 +25,7 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r)
        const pid_t gpid = task_pid_nr(current);
        static const int tomoyo_buffer_len = 4096;
        char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS);
-        pid_t ppid;
+        int pos;
        if (!buffer)
                return NULL;
        {
@@ -33,21 +33,21 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r)
                do_gettimeofday(&tv);
                tomoyo_convert_time(tv.tv_sec, &stamp);
        }
-        rcu_read_lock();
+        pos = snprintf(buffer, tomoyo_buffer_len - 1,
-        ppid = task_tgid_vnr(current->real_parent);
+                       "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s "
-        rcu_read_unlock();
+                       "granted=%s (global-pid=%u) task={ pid=%u ppid=%u "
-        snprintf(buffer, tomoyo_buffer_len - 1,
+                       "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u "
-                 "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s "
+                       "fsuid=%u fsgid=%u }", stamp.year, stamp.month,
-                 "granted=%s (global-pid=%u) task={ pid=%u ppid=%u "
+                       stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile,
-                 "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u "
+                       tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid,
-                 "fsuid=%u fsgid=%u }",
+                       tomoyo_sys_getpid(), tomoyo_sys_getppid(),
-                 stamp.year, stamp.month, stamp.day, stamp.hour,
+                       current_uid(), current_gid(), current_euid(),
-                 stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode],
+                       current_egid(), current_suid(), current_sgid(),
-                 tomoyo_yesno(r->granted), gpid, task_tgid_vnr(current), ppid,
+                       current_fsuid(), current_fsgid());
-                 current_uid(), current_gid(), current_euid(), current_egid(),
+        if (pos < tomoyo_buffer_len - 1)
-                 current_suid(), current_sgid(), current_fsuid(),
+                return buffer;
-                 current_fsgid());
+        kfree(buffer);
-        return buffer;
+        return NULL;
 }
 /**
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2011-07-08 00:21:37 -0400
committer	James Morris <jmorris@namei.org>	2011-07-10 21:05:32 -0400
commit	2066a36125fcbf5220990173b9d8e8bc49ad7538 (patch)
tree	c8ea3a6d92a8b4b68cda986601336e8e8f58553e /security/tomoyo/audit.c
parent	5c4274f13819b40e726f6ee4ef13b4952cff5010 (diff)

diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c index 967b5648dce3..9381d0e7f78f 100644 --- a/security/tomoyo/audit.c +++ b/security/tomoyo/audit.c
@@ -25,7 +25,7 @@ static char tomoyo_print_header(struct tomoyo_request_info r)
25	const pid_t gpid = task_pid_nr(current);	25	const pid_t gpid = task_pid_nr(current);
26	static const int tomoyo_buffer_len = 4096;	26	static const int tomoyo_buffer_len = 4096;
27	char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS);	27	char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS);
28	pid_t ppid;	28	int pos;
29	if (!buffer)	29	if (!buffer)
30	return NULL;	30	return NULL;
31	{	31	{
@@ -33,21 +33,21 @@ static char tomoyo_print_header(struct tomoyo_request_info r)
33	do_gettimeofday(&tv);	33	do_gettimeofday(&tv);
34	tomoyo_convert_time(tv.tv_sec, &stamp);	34	tomoyo_convert_time(tv.tv_sec, &stamp);
35	}	35	}
36	rcu_read_lock();	36	pos = snprintf(buffer, tomoyo_buffer_len - 1,
37	ppid = task_tgid_vnr(current->real_parent);	37	"#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s "
38	rcu_read_unlock();	38	"granted=%s (global-pid=%u) task={ pid=%u ppid=%u "
39	snprintf(buffer, tomoyo_buffer_len - 1,	39	"uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u "
40	"#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s "	40	"fsuid=%u fsgid=%u }", stamp.year, stamp.month,
41	"granted=%s (global-pid=%u) task={ pid=%u ppid=%u "	41	stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile,
42	"uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u "	42	tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid,
43	"fsuid=%u fsgid=%u }",	43	tomoyo_sys_getpid(), tomoyo_sys_getppid(),
44	stamp.year, stamp.month, stamp.day, stamp.hour,	44	current_uid(), current_gid(), current_euid(),
45	stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode],	45	current_egid(), current_suid(), current_sgid(),
46	tomoyo_yesno(r->granted), gpid, task_tgid_vnr(current), ppid,	46	current_fsuid(), current_fsgid());
47	current_uid(), current_gid(), current_euid(), current_egid(),	47	if (pos < tomoyo_buffer_len - 1)
48	current_suid(), current_sgid(), current_fsuid(),	48	return buffer;
49	current_fsgid());	49	kfree(buffer);
50	return buffer;	50	return NULL;
51	}	51	}
52		52
53	/**	53	/**