diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2009-12-02 07:09:48 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-12-07 22:58:05 -0500 |
commit | 937bf6133b21b16965f75223085f4314ae32b8eb (patch) | |
tree | 4a042bc9298ffddfaf4017a5796cae46e9594d2c /security/tomoyo/tomoyo.c | |
parent | 5d0901a3a0c39c97ca504f73d24030f63cfc9fa2 (diff) |
TOMOYO: Add rest of file operation restrictions.
LSM hooks for chmod()/chown()/chroot() are now ready.
This patch utilizes these hooks.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/tomoyo.c')
-rw-r--r-- | security/tomoyo/tomoyo.c | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 9548a0984cc4..3fb5f6ea4fc9 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c | |||
@@ -271,6 +271,60 @@ static int tomoyo_dentry_open(struct file *f, const struct cred *cred) | |||
271 | return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags); | 271 | return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags); |
272 | } | 272 | } |
273 | 273 | ||
274 | static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, | ||
275 | unsigned long arg) | ||
276 | { | ||
277 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_IOCTL_ACL, | ||
278 | &file->f_path); | ||
279 | } | ||
280 | |||
281 | static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, | ||
282 | mode_t mode) | ||
283 | { | ||
284 | struct path path = { mnt, dentry }; | ||
285 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHMOD_ACL, | ||
286 | &path); | ||
287 | } | ||
288 | |||
289 | static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid) | ||
290 | { | ||
291 | int error = 0; | ||
292 | if (uid != (uid_t) -1) | ||
293 | error = tomoyo_check_1path_perm(tomoyo_domain(), | ||
294 | TOMOYO_TYPE_CHOWN_ACL, path); | ||
295 | if (!error && gid != (gid_t) -1) | ||
296 | error = tomoyo_check_1path_perm(tomoyo_domain(), | ||
297 | TOMOYO_TYPE_CHGRP_ACL, path); | ||
298 | return error; | ||
299 | } | ||
300 | |||
301 | static int tomoyo_path_chroot(struct path *path) | ||
302 | { | ||
303 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHROOT_ACL, | ||
304 | path); | ||
305 | } | ||
306 | |||
307 | static int tomoyo_sb_mount(char *dev_name, struct path *path, | ||
308 | char *type, unsigned long flags, void *data) | ||
309 | { | ||
310 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_MOUNT_ACL, | ||
311 | path); | ||
312 | } | ||
313 | |||
314 | static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) | ||
315 | { | ||
316 | struct path path = { mnt, mnt->mnt_root }; | ||
317 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_UMOUNT_ACL, | ||
318 | &path); | ||
319 | } | ||
320 | |||
321 | static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) | ||
322 | { | ||
323 | return tomoyo_check_2path_perm(tomoyo_domain(), | ||
324 | TOMOYO_TYPE_PIVOT_ROOT_ACL, | ||
325 | new_path, old_path); | ||
326 | } | ||
327 | |||
274 | /* | 328 | /* |
275 | * tomoyo_security_ops is a "struct security_operations" which is used for | 329 | * tomoyo_security_ops is a "struct security_operations" which is used for |
276 | * registering TOMOYO. | 330 | * registering TOMOYO. |
@@ -295,6 +349,13 @@ static struct security_operations tomoyo_security_ops = { | |||
295 | .path_mknod = tomoyo_path_mknod, | 349 | .path_mknod = tomoyo_path_mknod, |
296 | .path_link = tomoyo_path_link, | 350 | .path_link = tomoyo_path_link, |
297 | .path_rename = tomoyo_path_rename, | 351 | .path_rename = tomoyo_path_rename, |
352 | .file_ioctl = tomoyo_file_ioctl, | ||
353 | .path_chmod = tomoyo_path_chmod, | ||
354 | .path_chown = tomoyo_path_chown, | ||
355 | .path_chroot = tomoyo_path_chroot, | ||
356 | .sb_mount = tomoyo_sb_mount, | ||
357 | .sb_umount = tomoyo_sb_umount, | ||
358 | .sb_pivotroot = tomoyo_sb_pivotroot, | ||
298 | }; | 359 | }; |
299 | 360 | ||
300 | static int __init tomoyo_init(void) | 361 | static int __init tomoyo_init(void) |