aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/tomoyo.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2009-12-02 07:09:48 -0500
committerJames Morris <jmorris@namei.org>2009-12-07 22:58:05 -0500
commit937bf6133b21b16965f75223085f4314ae32b8eb (patch)
tree4a042bc9298ffddfaf4017a5796cae46e9594d2c /security/tomoyo/tomoyo.c
parent5d0901a3a0c39c97ca504f73d24030f63cfc9fa2 (diff)
TOMOYO: Add rest of file operation restrictions.
LSM hooks for chmod()/chown()/chroot() are now ready. This patch utilizes these hooks. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/tomoyo.c')
-rw-r--r--security/tomoyo/tomoyo.c61
1 files changed, 61 insertions, 0 deletions
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 9548a0984cc4..3fb5f6ea4fc9 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -271,6 +271,60 @@ static int tomoyo_dentry_open(struct file *f, const struct cred *cred)
271 return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags); 271 return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags);
272} 272}
273 273
274static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
275 unsigned long arg)
276{
277 return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_IOCTL_ACL,
278 &file->f_path);
279}
280
281static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt,
282 mode_t mode)
283{
284 struct path path = { mnt, dentry };
285 return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHMOD_ACL,
286 &path);
287}
288
289static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
290{
291 int error = 0;
292 if (uid != (uid_t) -1)
293 error = tomoyo_check_1path_perm(tomoyo_domain(),
294 TOMOYO_TYPE_CHOWN_ACL, path);
295 if (!error && gid != (gid_t) -1)
296 error = tomoyo_check_1path_perm(tomoyo_domain(),
297 TOMOYO_TYPE_CHGRP_ACL, path);
298 return error;
299}
300
301static int tomoyo_path_chroot(struct path *path)
302{
303 return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHROOT_ACL,
304 path);
305}
306
307static int tomoyo_sb_mount(char *dev_name, struct path *path,
308 char *type, unsigned long flags, void *data)
309{
310 return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_MOUNT_ACL,
311 path);
312}
313
314static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
315{
316 struct path path = { mnt, mnt->mnt_root };
317 return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_UMOUNT_ACL,
318 &path);
319}
320
321static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
322{
323 return tomoyo_check_2path_perm(tomoyo_domain(),
324 TOMOYO_TYPE_PIVOT_ROOT_ACL,
325 new_path, old_path);
326}
327
274/* 328/*
275 * tomoyo_security_ops is a "struct security_operations" which is used for 329 * tomoyo_security_ops is a "struct security_operations" which is used for
276 * registering TOMOYO. 330 * registering TOMOYO.
@@ -295,6 +349,13 @@ static struct security_operations tomoyo_security_ops = {
295 .path_mknod = tomoyo_path_mknod, 349 .path_mknod = tomoyo_path_mknod,
296 .path_link = tomoyo_path_link, 350 .path_link = tomoyo_path_link,
297 .path_rename = tomoyo_path_rename, 351 .path_rename = tomoyo_path_rename,
352 .file_ioctl = tomoyo_file_ioctl,
353 .path_chmod = tomoyo_path_chmod,
354 .path_chown = tomoyo_path_chown,
355 .path_chroot = tomoyo_path_chroot,
356 .sb_mount = tomoyo_sb_mount,
357 .sb_umount = tomoyo_sb_umount,
358 .sb_pivotroot = tomoyo_sb_pivotroot,
298}; 359};
299 360
300static int __init tomoyo_init(void) 361static int __init tomoyo_init(void)