diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-06-03 07:37:26 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-08-02 01:33:42 -0400 |
commit | 3f629636320dfa65804779a3fc333f3147f3b064 (patch) | |
tree | e44dc9f63ae8c6cd37d5471d014cd9b0449027e7 /security/tomoyo/file.c | |
parent | c8c57e842720d8cc92ac8607f2d1c16d92314573 (diff) |
TOMOYO: Allow wildcard for execute permission.
Some applications create and execute programs dynamically. We need to accept
wildcard for execute permission because such programs contain random suffix
in their filenames. This patch loosens up regulation of string parameters.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/file.c')
-rw-r--r-- | security/tomoyo/file.c | 37 |
1 files changed, 11 insertions, 26 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index cef685415df1..83fa17a1113a 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
@@ -65,23 +65,10 @@ bool tomoyo_compare_name_union(const struct tomoyo_path_info *name, | |||
65 | const struct tomoyo_name_union *ptr) | 65 | const struct tomoyo_name_union *ptr) |
66 | { | 66 | { |
67 | if (ptr->is_group) | 67 | if (ptr->is_group) |
68 | return tomoyo_path_matches_group(name, ptr->group, 1); | 68 | return tomoyo_path_matches_group(name, ptr->group); |
69 | return tomoyo_path_matches_pattern(name, ptr->filename); | 69 | return tomoyo_path_matches_pattern(name, ptr->filename); |
70 | } | 70 | } |
71 | 71 | ||
72 | static bool tomoyo_compare_name_union_pattern(const struct tomoyo_path_info | ||
73 | *name, | ||
74 | const struct tomoyo_name_union | ||
75 | *ptr, const bool may_use_pattern) | ||
76 | { | ||
77 | if (ptr->is_group) | ||
78 | return tomoyo_path_matches_group(name, ptr->group, | ||
79 | may_use_pattern); | ||
80 | if (may_use_pattern || !ptr->filename->is_patterned) | ||
81 | return tomoyo_path_matches_pattern(name, ptr->filename); | ||
82 | return false; | ||
83 | } | ||
84 | |||
85 | void tomoyo_put_number_union(struct tomoyo_number_union *ptr) | 72 | void tomoyo_put_number_union(struct tomoyo_number_union *ptr) |
86 | { | 73 | { |
87 | if (ptr && ptr->is_group) | 74 | if (ptr && ptr->is_group) |
@@ -247,7 +234,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename, | |||
247 | struct tomoyo_globally_readable_file_entry e = { }; | 234 | struct tomoyo_globally_readable_file_entry e = { }; |
248 | int error = is_delete ? -ENOENT : -ENOMEM; | 235 | int error = is_delete ? -ENOENT : -ENOMEM; |
249 | 236 | ||
250 | if (!tomoyo_is_correct_path(filename, 1, 0, -1)) | 237 | if (!tomoyo_is_correct_word(filename)) |
251 | return -EINVAL; | 238 | return -EINVAL; |
252 | e.filename = tomoyo_get_name(filename); | 239 | e.filename = tomoyo_get_name(filename); |
253 | if (!e.filename) | 240 | if (!e.filename) |
@@ -391,13 +378,14 @@ static int tomoyo_update_file_pattern_entry(const char *pattern, | |||
391 | const bool is_delete) | 378 | const bool is_delete) |
392 | { | 379 | { |
393 | struct tomoyo_pattern_entry *ptr; | 380 | struct tomoyo_pattern_entry *ptr; |
394 | struct tomoyo_pattern_entry e = { .pattern = tomoyo_get_name(pattern) }; | 381 | struct tomoyo_pattern_entry e = { }; |
395 | int error = is_delete ? -ENOENT : -ENOMEM; | 382 | int error = is_delete ? -ENOENT : -ENOMEM; |
396 | 383 | ||
384 | if (!tomoyo_is_correct_word(pattern)) | ||
385 | return -EINVAL; | ||
386 | e.pattern = tomoyo_get_name(pattern); | ||
397 | if (!e.pattern) | 387 | if (!e.pattern) |
398 | return error; | 388 | return error; |
399 | if (!e.pattern->is_patterned) | ||
400 | goto out; | ||
401 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) | 389 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
402 | goto out; | 390 | goto out; |
403 | list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) { | 391 | list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) { |
@@ -543,7 +531,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern, | |||
543 | struct tomoyo_no_rewrite_entry e = { }; | 531 | struct tomoyo_no_rewrite_entry e = { }; |
544 | int error = is_delete ? -ENOENT : -ENOMEM; | 532 | int error = is_delete ? -ENOENT : -ENOMEM; |
545 | 533 | ||
546 | if (!tomoyo_is_correct_path(pattern, 0, 0, 0)) | 534 | if (!tomoyo_is_correct_word(pattern)) |
547 | return -EINVAL; | 535 | return -EINVAL; |
548 | e.pattern = tomoyo_get_name(pattern); | 536 | e.pattern = tomoyo_get_name(pattern); |
549 | if (!e.pattern) | 537 | if (!e.pattern) |
@@ -690,7 +678,6 @@ static int tomoyo_update_file_acl(u8 perm, const char *filename, | |||
690 | * @r: Pointer to "struct tomoyo_request_info". | 678 | * @r: Pointer to "struct tomoyo_request_info". |
691 | * @filename: Filename to check. | 679 | * @filename: Filename to check. |
692 | * @perm: Permission. | 680 | * @perm: Permission. |
693 | * @may_use_pattern: True if patterned ACL is permitted. | ||
694 | * | 681 | * |
695 | * Returns 0 on success, -EPERM otherwise. | 682 | * Returns 0 on success, -EPERM otherwise. |
696 | * | 683 | * |
@@ -698,7 +685,7 @@ static int tomoyo_update_file_acl(u8 perm, const char *filename, | |||
698 | */ | 685 | */ |
699 | static int tomoyo_path_acl(const struct tomoyo_request_info *r, | 686 | static int tomoyo_path_acl(const struct tomoyo_request_info *r, |
700 | const struct tomoyo_path_info *filename, | 687 | const struct tomoyo_path_info *filename, |
701 | const u32 perm, const bool may_use_pattern) | 688 | const u32 perm) |
702 | { | 689 | { |
703 | struct tomoyo_domain_info *domain = r->domain; | 690 | struct tomoyo_domain_info *domain = r->domain; |
704 | struct tomoyo_acl_info *ptr; | 691 | struct tomoyo_acl_info *ptr; |
@@ -710,8 +697,7 @@ static int tomoyo_path_acl(const struct tomoyo_request_info *r, | |||
710 | continue; | 697 | continue; |
711 | acl = container_of(ptr, struct tomoyo_path_acl, head); | 698 | acl = container_of(ptr, struct tomoyo_path_acl, head); |
712 | if (!(acl->perm & perm) || | 699 | if (!(acl->perm & perm) || |
713 | !tomoyo_compare_name_union_pattern(filename, &acl->name, | 700 | !tomoyo_compare_name_union(filename, &acl->name)) |
714 | may_use_pattern)) | ||
715 | continue; | 701 | continue; |
716 | error = 0; | 702 | error = 0; |
717 | break; | 703 | break; |
@@ -756,7 +742,7 @@ static int tomoyo_file_perm(struct tomoyo_request_info *r, | |||
756 | } else | 742 | } else |
757 | BUG(); | 743 | BUG(); |
758 | do { | 744 | do { |
759 | error = tomoyo_path_acl(r, filename, perm, mode != 1); | 745 | error = tomoyo_path_acl(r, filename, perm); |
760 | if (error && mode == 4 && !r->domain->ignore_global_allow_read | 746 | if (error && mode == 4 && !r->domain->ignore_global_allow_read |
761 | && tomoyo_is_globally_readable_file(filename)) | 747 | && tomoyo_is_globally_readable_file(filename)) |
762 | error = 0; | 748 | error = 0; |
@@ -764,7 +750,6 @@ static int tomoyo_file_perm(struct tomoyo_request_info *r, | |||
764 | break; | 750 | break; |
765 | tomoyo_warn_log(r, "%s %s", msg, filename->name); | 751 | tomoyo_warn_log(r, "%s %s", msg, filename->name); |
766 | error = tomoyo_supervisor(r, "allow_%s %s\n", msg, | 752 | error = tomoyo_supervisor(r, "allow_%s %s\n", msg, |
767 | mode == 1 ? filename->name : | ||
768 | tomoyo_file_pattern(filename)); | 753 | tomoyo_file_pattern(filename)); |
769 | /* | 754 | /* |
770 | * Do not retry for execute request, for alias may have | 755 | * Do not retry for execute request, for alias may have |
@@ -1073,7 +1058,7 @@ static int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, | |||
1073 | 1058 | ||
1074 | next: | 1059 | next: |
1075 | do { | 1060 | do { |
1076 | error = tomoyo_path_acl(r, filename, 1 << operation, 1); | 1061 | error = tomoyo_path_acl(r, filename, 1 << operation); |
1077 | if (!error) | 1062 | if (!error) |
1078 | break; | 1063 | break; |
1079 | msg = tomoyo_path2keyword(operation); | 1064 | msg = tomoyo_path2keyword(operation); |