TOMOYO: Add mount restriction.

mount(2) has three string and one numeric parameters. Split mount restriction code from security/tomoyo/file.c . Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2010-05-16 21:10:31 -0400
committer: James Morris <jmorris@namei.org> 2010-08-02 01:33:37 -0400
commit: 2106ccd972dcd9fda7df9b181505fac1741b3508 (patch)
tree: 4361f9498c303cabc20abc85c1b5ee0afa677b0f /security/tomoyo/common.h
parent: a1f9bb6a375a8dbf7797ffbd6739c46b338a77f7 (diff)
1 files changed, 52 insertions, 4 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 565a1c11da53..3d819b139165 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -53,6 +53,7 @@ enum tomoyo_mode_index {
 /* Keywords for ACLs. */
 #define TOMOYO_KEYWORD_ALIAS                     "alias "
+#define TOMOYO_KEYWORD_ALLOW_MOUNT               "allow_mount "
 #define TOMOYO_KEYWORD_ALLOW_READ                "allow_read "
 #define TOMOYO_KEYWORD_DELETE                    "delete "
 #define TOMOYO_KEYWORD_DENY_REWRITE              "deny_rewrite "
@@ -90,6 +91,7 @@ enum tomoyo_acl_entry_type_index {
        TOMOYO_TYPE_PATH2_ACL,
        TOMOYO_TYPE_PATH_NUMBER_ACL,
        TOMOYO_TYPE_PATH_NUMBER3_ACL,
+        TOMOYO_TYPE_MOUNT_ACL,
 };
 /* Index numbers for File Controls. */
@@ -116,7 +118,6 @@ enum tomoyo_path_acl_index {
        TOMOYO_TYPE_SYMLINK,
        TOMOYO_TYPE_REWRITE,
        TOMOYO_TYPE_CHROOT,
-        TOMOYO_TYPE_MOUNT,
        TOMOYO_TYPE_UMOUNT,
        TOMOYO_MAX_PATH_OPERATION
 };
@@ -360,8 +361,8 @@ struct tomoyo_domain_info {
 *
 * Directives held by this structure are "allow_read/write", "allow_execute",
 * "allow_read", "allow_write", "allow_unlink", "allow_rmdir",
- * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_chroot",
+ * "allow_truncate", "allow_symlink", "allow_rewrite", "allow_chroot" and
- * "allow_mount" and "allow_unmount".
+ * "allow_unmount".
 */
 struct tomoyo_path_acl {
        struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */
@@ -435,6 +436,29 @@ struct tomoyo_path2_acl {
 };
 /*
+ * tomoyo_mount_acl is a structure which is used for holding an
+ * entry for mount operation.
+ * It has following fields.
+ *
+ *  (1) "head" which is a "struct tomoyo_acl_info".
+ *  (2) "is_deleted" is boolean.
+ *  (3) "dev_name" is the device name.
+ *  (4) "dir_name" is the mount point.
+ *  (5) "flags" is the mount flags.
+ *
+ * Directives held by this structure are "allow_rename", "allow_link" and
+ * "allow_pivot_root".
+ */
+struct tomoyo_mount_acl {
+        struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MOUNT_ACL */
+        bool is_deleted;
+        struct tomoyo_name_union dev_name;
+        struct tomoyo_name_union dir_name;
+        struct tomoyo_name_union fs_type;
+        struct tomoyo_number_union flags;
+};
+/*
 * tomoyo_io_buffer is a structure which is used for reading and modifying
 * configuration via /sys/kernel/security/tomoyo/ interface.
 * It has many fields. ->read_var1 , ->read_var2 , ->write_var1 are used as
@@ -638,6 +662,9 @@ struct tomoyo_policy_manager_entry {
 /* Check whether the given name matches the given name_union. */
 bool tomoyo_compare_name_union(const struct tomoyo_path_info *name,
                               const struct tomoyo_name_union *ptr);
+/* Check whether the given number matches the given number_union. */
+bool tomoyo_compare_number_union(const unsigned long value,
+                                 const struct tomoyo_number_union *ptr);
 /* Check whether the domain has too many ACL entries to hold. */
 bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
 /* Transactional sprintf() for policy dump. */
@@ -699,6 +726,12 @@ const char *tomoyo_path_number32keyword(const u8 operation);
 const char *tomoyo_get_last_name(const struct tomoyo_domain_info *domain);
 /* Convert single path operation to operation name. */
 const char *tomoyo_path2keyword(const u8 operation);
+/* Fill "struct tomoyo_request_info". */
+int tomoyo_init_request_info(struct tomoyo_request_info *r,
+                             struct tomoyo_domain_info *domain);
+/* Check permission for mount operation. */
+int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
+                            unsigned long flags, void *data_page);
 /* Create "alias" entry in exception policy. */
 int tomoyo_write_alias_policy(char *data, const bool is_delete);
 /*
@@ -721,6 +754,9 @@ int tomoyo_write_file_policy(char *data, struct tomoyo_domain_info *domain,
                             const bool is_delete);
 /* Create "allow_read" entry in exception policy. */
 int tomoyo_write_globally_readable_policy(char *data, const bool is_delete);
+/* Create "allow_mount" entry in domain policy. */
+int tomoyo_write_mount_policy(char *data, struct tomoyo_domain_info *domain,
+                              const bool is_delete);
 /* Create "deny_rewrite" entry in exception policy. */
 int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete);
 /* Create "file_pattern" entry in exception policy. */
@@ -735,7 +771,9 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
 struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                                                            domainname,
                                                            const u8 profile);
+/* Get patterned pathname. */
+const struct tomoyo_path_info *
+tomoyo_get_file_pattern(const struct tomoyo_path_info *filename);
 /* Allocate memory for "struct tomoyo_path_group". */
 struct tomoyo_path_group *tomoyo_get_path_group(const char *group_name);
 struct tomoyo_number_group *tomoyo_get_number_group(const char *group_name);
@@ -972,6 +1010,16 @@ static inline bool tomoyo_is_same_path_number_acl
                && tomoyo_is_same_number_union(&p1->number, &p2->number);
 }
+static inline bool tomoyo_is_same_mount_acl(const struct tomoyo_mount_acl *p1,
+                                            const struct tomoyo_mount_acl *p2)
+{
+        return tomoyo_is_same_acl_head(&p1->head, &p2->head) &&
+                tomoyo_is_same_name_union(&p1->dev_name, &p2->dev_name) &&
+                tomoyo_is_same_name_union(&p1->dir_name, &p2->dir_name) &&
+                tomoyo_is_same_name_union(&p1->fs_type, &p2->fs_type) &&
+                tomoyo_is_same_number_union(&p1->flags, &p2->flags);
+}
 static inline bool tomoyo_is_same_domain_initializer_entry
 (const struct tomoyo_domain_initializer_entry *p1,
 const struct tomoyo_domain_initializer_entry *p2)
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2010-05-16 21:10:31 -0400
committer	James Morris <jmorris@namei.org>	2010-08-02 01:33:37 -0400
commit	2106ccd972dcd9fda7df9b181505fac1741b3508 (patch)
tree	4361f9498c303cabc20abc85c1b5ee0afa677b0f /security/tomoyo/common.h
parent	a1f9bb6a375a8dbf7797ffbd6739c46b338a77f7 (diff)

diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 565a1c11da53..3d819b139165 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h
@@ -53,6 +53,7 @@ enum tomoyo_mode_index {
53		53
54	/* Keywords for ACLs. */	54	/* Keywords for ACLs. */
55	#define TOMOYO_KEYWORD_ALIAS "alias "	55	#define TOMOYO_KEYWORD_ALIAS "alias "
		56	#define TOMOYO_KEYWORD_ALLOW_MOUNT "allow_mount "
56	#define TOMOYO_KEYWORD_ALLOW_READ "allow_read "	57	#define TOMOYO_KEYWORD_ALLOW_READ "allow_read "
57	#define TOMOYO_KEYWORD_DELETE "delete "	58	#define TOMOYO_KEYWORD_DELETE "delete "
58	#define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite "	59	#define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite "
@@ -90,6 +91,7 @@ enum tomoyo_acl_entry_type_index {
90	TOMOYO_TYPE_PATH2_ACL,	91	TOMOYO_TYPE_PATH2_ACL,
91	TOMOYO_TYPE_PATH_NUMBER_ACL,	92	TOMOYO_TYPE_PATH_NUMBER_ACL,
92	TOMOYO_TYPE_PATH_NUMBER3_ACL,	93	TOMOYO_TYPE_PATH_NUMBER3_ACL,
		94	TOMOYO_TYPE_MOUNT_ACL,
93	};	95	};
94		96
95	/* Index numbers for File Controls. */	97	/* Index numbers for File Controls. */
@@ -116,7 +118,6 @@ enum tomoyo_path_acl_index {
116	TOMOYO_TYPE_SYMLINK,	118	TOMOYO_TYPE_SYMLINK,
117	TOMOYO_TYPE_REWRITE,	119	TOMOYO_TYPE_REWRITE,
118	TOMOYO_TYPE_CHROOT,	120	TOMOYO_TYPE_CHROOT,
119	TOMOYO_TYPE_MOUNT,
120	TOMOYO_TYPE_UMOUNT,	121	TOMOYO_TYPE_UMOUNT,
121	TOMOYO_MAX_PATH_OPERATION	122	TOMOYO_MAX_PATH_OPERATION
122	};	123	};
@@ -360,8 +361,8 @@ struct tomoyo_domain_info {
360	*	361	*
361	* Directives held by this structure are "allow_read/write", "allow_execute",	362	* Directives held by this structure are "allow_read/write", "allow_execute",
362	* "allow_read", "allow_write", "allow_unlink", "allow_rmdir",	363	* "allow_read", "allow_write", "allow_unlink", "allow_rmdir",
363	* "allow_truncate", "allow_symlink", "allow_rewrite", "allow_chroot",	364	* "allow_truncate", "allow_symlink", "allow_rewrite", "allow_chroot" and
364	* "allow_mount" and "allow_unmount".	365	* "allow_unmount".
365	*/	366	*/
366	struct tomoyo_path_acl {	367	struct tomoyo_path_acl {
367	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */	368	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_PATH_ACL */
@@ -435,6 +436,29 @@ struct tomoyo_path2_acl {
435	};	436	};
436		437
437	/*	438	/*
		439	* tomoyo_mount_acl is a structure which is used for holding an
		440	* entry for mount operation.
		441	* It has following fields.
		442	*
		443	* (1) "head" which is a "struct tomoyo_acl_info".
		444	* (2) "is_deleted" is boolean.
		445	* (3) "dev_name" is the device name.
		446	* (4) "dir_name" is the mount point.
		447	* (5) "flags" is the mount flags.
		448	*
		449	* Directives held by this structure are "allow_rename", "allow_link" and
		450	* "allow_pivot_root".
		451	*/
		452	struct tomoyo_mount_acl {
		453	struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_MOUNT_ACL */
		454	bool is_deleted;
		455	struct tomoyo_name_union dev_name;
		456	struct tomoyo_name_union dir_name;
		457	struct tomoyo_name_union fs_type;
		458	struct tomoyo_number_union flags;
		459	};
		460
		461	/*
438	* tomoyo_io_buffer is a structure which is used for reading and modifying	462	* tomoyo_io_buffer is a structure which is used for reading and modifying
439	* configuration via /sys/kernel/security/tomoyo/ interface.	463	* configuration via /sys/kernel/security/tomoyo/ interface.
440	* It has many fields. ->read_var1 , ->read_var2 , ->write_var1 are used as	464	* It has many fields. ->read_var1 , ->read_var2 , ->write_var1 are used as
@@ -638,6 +662,9 @@ struct tomoyo_policy_manager_entry {
638	/* Check whether the given name matches the given name_union. */	662	/* Check whether the given name matches the given name_union. */
639	bool tomoyo_compare_name_union(const struct tomoyo_path_info *name,	663	bool tomoyo_compare_name_union(const struct tomoyo_path_info *name,
640	const struct tomoyo_name_union *ptr);	664	const struct tomoyo_name_union *ptr);
		665	/* Check whether the given number matches the given number_union. */
		666	bool tomoyo_compare_number_union(const unsigned long value,
		667	const struct tomoyo_number_union *ptr);
641	/* Check whether the domain has too many ACL entries to hold. */	668	/* Check whether the domain has too many ACL entries to hold. */
642	bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);	669	bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r);
643	/* Transactional sprintf() for policy dump. */	670	/* Transactional sprintf() for policy dump. */
@@ -699,6 +726,12 @@ const char *tomoyo_path_number32keyword(const u8 operation);
699	const char tomoyo_get_last_name(const struct tomoyo_domain_info domain);	726	const char tomoyo_get_last_name(const struct tomoyo_domain_info domain);
700	/* Convert single path operation to operation name. */	727	/* Convert single path operation to operation name. */
701	const char *tomoyo_path2keyword(const u8 operation);	728	const char *tomoyo_path2keyword(const u8 operation);
		729	/* Fill "struct tomoyo_request_info". */
		730	int tomoyo_init_request_info(struct tomoyo_request_info *r,
		731	struct tomoyo_domain_info *domain);
		732	/* Check permission for mount operation. */
		733	int tomoyo_mount_permission(char dev_name, struct path path, char *type,
		734	unsigned long flags, void *data_page);
702	/* Create "alias" entry in exception policy. */	735	/* Create "alias" entry in exception policy. */
703	int tomoyo_write_alias_policy(char *data, const bool is_delete);	736	int tomoyo_write_alias_policy(char *data, const bool is_delete);
704	/*	737	/*
@@ -721,6 +754,9 @@ int tomoyo_write_file_policy(char data, struct tomoyo_domain_info domain,
721	const bool is_delete);	754	const bool is_delete);
722	/* Create "allow_read" entry in exception policy. */	755	/* Create "allow_read" entry in exception policy. */
723	int tomoyo_write_globally_readable_policy(char *data, const bool is_delete);	756	int tomoyo_write_globally_readable_policy(char *data, const bool is_delete);
		757	/* Create "allow_mount" entry in domain policy. */
		758	int tomoyo_write_mount_policy(char data, struct tomoyo_domain_info domain,
		759	const bool is_delete);
724	/* Create "deny_rewrite" entry in exception policy. */	760	/* Create "deny_rewrite" entry in exception policy. */
725	int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete);	761	int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete);
726	/* Create "file_pattern" entry in exception policy. */	762	/* Create "file_pattern" entry in exception policy. */
@@ -735,7 +771,9 @@ struct tomoyo_domain_info tomoyo_find_domain(const char domainname);
735	struct tomoyo_domain_info tomoyo_find_or_assign_new_domain(const char	771	struct tomoyo_domain_info tomoyo_find_or_assign_new_domain(const char
736	domainname,	772	domainname,
737	const u8 profile);	773	const u8 profile);
738		774	/* Get patterned pathname. */
		775	const struct tomoyo_path_info *
		776	tomoyo_get_file_pattern(const struct tomoyo_path_info *filename);
739	/* Allocate memory for "struct tomoyo_path_group". */	777	/* Allocate memory for "struct tomoyo_path_group". */
740	struct tomoyo_path_group tomoyo_get_path_group(const char group_name);	778	struct tomoyo_path_group tomoyo_get_path_group(const char group_name);
741	struct tomoyo_number_group tomoyo_get_number_group(const char group_name);	779	struct tomoyo_number_group tomoyo_get_number_group(const char group_name);
@@ -972,6 +1010,16 @@ static inline bool tomoyo_is_same_path_number_acl
972	&& tomoyo_is_same_number_union(&p1->number, &p2->number);	1010	&& tomoyo_is_same_number_union(&p1->number, &p2->number);
973	}	1011	}
974		1012
		1013	static inline bool tomoyo_is_same_mount_acl(const struct tomoyo_mount_acl *p1,
		1014	const struct tomoyo_mount_acl *p2)
		1015	{
		1016	return tomoyo_is_same_acl_head(&p1->head, &p2->head) &&
		1017	tomoyo_is_same_name_union(&p1->dev_name, &p2->dev_name) &&
		1018	tomoyo_is_same_name_union(&p1->dir_name, &p2->dir_name) &&
		1019	tomoyo_is_same_name_union(&p1->fs_type, &p2->fs_type) &&
		1020	tomoyo_is_same_number_union(&p1->flags, &p2->flags);
		1021	}
		1022
975	static inline bool tomoyo_is_same_domain_initializer_entry	1023	static inline bool tomoyo_is_same_domain_initializer_entry
976	(const struct tomoyo_domain_initializer_entry *p1,	1024	(const struct tomoyo_domain_initializer_entry *p1,
977	const struct tomoyo_domain_initializer_entry *p2)	1025	const struct tomoyo_domain_initializer_entry *p2)