TOMOYO: Add socket operation restriction support.

This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX socket's bind()/listen()/connect()/send() operations. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2011-09-10 02:23:54 -0400
committer: James Morris <jmorris@namei.org> 2011-09-13 18:27:05 -0400
commit: 059d84dbb3897d4ee494a9c842c5dda54316cb47 (patch)
tree: 483ca0cb613b1304184b92f075b3f5283d36c723 /security/tomoyo/util.c
parent: d58e0da854376841ac99defeb117a83f086715c6 (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index cb7d507b6312..a1c3d9ccebfa 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -42,6 +42,37 @@ const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX] = {
        [TOMOYO_MAC_FILE_MOUNT]      = TOMOYO_MAC_CATEGORY_FILE,
        [TOMOYO_MAC_FILE_UMOUNT]     = TOMOYO_MAC_CATEGORY_FILE,
        [TOMOYO_MAC_FILE_PIVOT_ROOT] = TOMOYO_MAC_CATEGORY_FILE,
+        /* CONFIG::network group */
+        [TOMOYO_MAC_NETWORK_INET_STREAM_BIND]       =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_INET_STREAM_LISTEN]     =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_INET_STREAM_CONNECT]    =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_INET_DGRAM_BIND]        =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_INET_DGRAM_SEND]        =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_INET_RAW_BIND]          =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_INET_RAW_SEND]          =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_UNIX_STREAM_BIND]       =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_UNIX_STREAM_LISTEN]     =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_UNIX_STREAM_CONNECT]    =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_UNIX_DGRAM_BIND]        =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_UNIX_DGRAM_SEND]        =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_BIND]    =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_LISTEN]  =
+        TOMOYO_MAC_CATEGORY_NETWORK,
+        [TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] =
+        TOMOYO_MAC_CATEGORY_NETWORK,
        /* CONFIG::misc group */
        [TOMOYO_MAC_ENVIRON]         = TOMOYO_MAC_CATEGORY_MISC,
 };
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2011-09-10 02:23:54 -0400
committer	James Morris <jmorris@namei.org>	2011-09-13 18:27:05 -0400
commit	059d84dbb3897d4ee494a9c842c5dda54316cb47 (patch)
tree	483ca0cb613b1304184b92f075b3f5283d36c723 /security/tomoyo/util.c
parent	d58e0da854376841ac99defeb117a83f086715c6 (diff)

diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index cb7d507b6312..a1c3d9ccebfa 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c
@@ -42,6 +42,37 @@ const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX] = {
42	[TOMOYO_MAC_FILE_MOUNT] = TOMOYO_MAC_CATEGORY_FILE,	42	[TOMOYO_MAC_FILE_MOUNT] = TOMOYO_MAC_CATEGORY_FILE,
43	[TOMOYO_MAC_FILE_UMOUNT] = TOMOYO_MAC_CATEGORY_FILE,	43	[TOMOYO_MAC_FILE_UMOUNT] = TOMOYO_MAC_CATEGORY_FILE,
44	[TOMOYO_MAC_FILE_PIVOT_ROOT] = TOMOYO_MAC_CATEGORY_FILE,	44	[TOMOYO_MAC_FILE_PIVOT_ROOT] = TOMOYO_MAC_CATEGORY_FILE,
		45	/* CONFIG::network group */
		46	[TOMOYO_MAC_NETWORK_INET_STREAM_BIND] =
		47	TOMOYO_MAC_CATEGORY_NETWORK,
		48	[TOMOYO_MAC_NETWORK_INET_STREAM_LISTEN] =
		49	TOMOYO_MAC_CATEGORY_NETWORK,
		50	[TOMOYO_MAC_NETWORK_INET_STREAM_CONNECT] =
		51	TOMOYO_MAC_CATEGORY_NETWORK,
		52	[TOMOYO_MAC_NETWORK_INET_DGRAM_BIND] =
		53	TOMOYO_MAC_CATEGORY_NETWORK,
		54	[TOMOYO_MAC_NETWORK_INET_DGRAM_SEND] =
		55	TOMOYO_MAC_CATEGORY_NETWORK,
		56	[TOMOYO_MAC_NETWORK_INET_RAW_BIND] =
		57	TOMOYO_MAC_CATEGORY_NETWORK,
		58	[TOMOYO_MAC_NETWORK_INET_RAW_SEND] =
		59	TOMOYO_MAC_CATEGORY_NETWORK,
		60	[TOMOYO_MAC_NETWORK_UNIX_STREAM_BIND] =
		61	TOMOYO_MAC_CATEGORY_NETWORK,
		62	[TOMOYO_MAC_NETWORK_UNIX_STREAM_LISTEN] =
		63	TOMOYO_MAC_CATEGORY_NETWORK,
		64	[TOMOYO_MAC_NETWORK_UNIX_STREAM_CONNECT] =
		65	TOMOYO_MAC_CATEGORY_NETWORK,
		66	[TOMOYO_MAC_NETWORK_UNIX_DGRAM_BIND] =
		67	TOMOYO_MAC_CATEGORY_NETWORK,
		68	[TOMOYO_MAC_NETWORK_UNIX_DGRAM_SEND] =
		69	TOMOYO_MAC_CATEGORY_NETWORK,
		70	[TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_BIND] =
		71	TOMOYO_MAC_CATEGORY_NETWORK,
		72	[TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_LISTEN] =
		73	TOMOYO_MAC_CATEGORY_NETWORK,
		74	[TOMOYO_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] =
		75	TOMOYO_MAC_CATEGORY_NETWORK,
45	/* CONFIG::misc group */	76	/* CONFIG::misc group */
46	[TOMOYO_MAC_ENVIRON] = TOMOYO_MAC_CATEGORY_MISC,	77	[TOMOYO_MAC_ENVIRON] = TOMOYO_MAC_CATEGORY_MISC,
47	};	78	};