TOMOYO: Allow domain transition without execve().

To be able to split permissions for Apache's CGI programs which are executed
without execve(), add special domain transition which is performed by writing
a TOMOYO's domainname to /sys/kernel/security/tomoyo/self_domain interface.

This is an API for TOMOYO-aware userland applications. However, since I expect
TOMOYO and other LSM modules to run in parallel, this patch does not use
/proc/self/attr/ interface in order to avoid conflicts with other LSM modules
when it became possible to run multiple LSM modules in parallel.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 25 insertions, 0 deletions

diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index a1c3d9ccebfa..50e9b4c73ceb 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -159,6 +159,31 @@ char *tomoyo_read_token(struct tomoyo_acl_param *param)
 }
 
 /**
+ * tomoyo_get_domainname - Read a domainname from a line.
+ *
+ * @param: Pointer to "struct tomoyo_acl_param".
+ *
+ * Returns a domainname on success, NULL otherwise.
+ */
+const struct tomoyo_path_info *tomoyo_get_domainname
+(struct tomoyo_acl_param *param)
+{
+        char *start = param->data;
+        char *pos = start;
+        while (*pos) {
+                if (*pos++ != ' ' || *pos++ == '/')
+                        continue;
+                pos -= 2;
+                *pos++ = '\0';
+                break;
+        }
+        param->data = pos;
+        if (tomoyo_correct_domain(start))
+                return tomoyo_get_name(start);
+        return NULL;
+}
+
+/**
  * tomoyo_parse_ulong - Parse an "unsigned long" value.
  *
  * @result: Pointer to "unsigned long".