diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-06-26 10:19:52 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-06-28 19:31:21 -0400 |
| commit | bd03a3e4c9a9df0c6b007045fa7fc8889111a478 (patch) | |
| tree | 9d78290c878e6466fe3e0bda7ee5989c0dc39e40 /security/tomoyo/util.c | |
| parent | 32997144fd9925fc4d506a16990a0c405f766526 (diff) | |
TOMOYO: Add policy namespace support.
Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments,
for TOMOYO cannot distinguish between environments outside the container and
environments inside the container since LXC environments are created using
pivot_root(). To address this problem, this patch introduces policy namespace.
Each policy namespace has its own set of domain policy, exception policy and
profiles, which are all independent of other namespaces. This independency
allows users to develop policy without worrying interference among namespaces.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/util.c')
| -rw-r--r-- | security/tomoyo/util.c | 58 |
1 files changed, 26 insertions, 32 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index bc71528ff440..fda15c1fc1c0 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c | |||
| @@ -416,26 +416,21 @@ bool tomoyo_correct_path(const char *filename) | |||
| 416 | */ | 416 | */ |
| 417 | bool tomoyo_correct_domain(const unsigned char *domainname) | 417 | bool tomoyo_correct_domain(const unsigned char *domainname) |
| 418 | { | 418 | { |
| 419 | if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, | 419 | if (!domainname || !tomoyo_domain_def(domainname)) |
| 420 | TOMOYO_ROOT_NAME_LEN)) | 420 | return false; |
| 421 | goto out; | 421 | domainname = strchr(domainname, ' '); |
| 422 | domainname += TOMOYO_ROOT_NAME_LEN; | 422 | if (!domainname++) |
| 423 | if (!*domainname) | ||
| 424 | return true; | 423 | return true; |
| 425 | if (*domainname++ != ' ') | ||
| 426 | goto out; | ||
| 427 | while (1) { | 424 | while (1) { |
| 428 | const unsigned char *cp = strchr(domainname, ' '); | 425 | const unsigned char *cp = strchr(domainname, ' '); |
| 429 | if (!cp) | 426 | if (!cp) |
| 430 | break; | 427 | break; |
| 431 | if (*domainname != '/' || | 428 | if (*domainname != '/' || |
| 432 | !tomoyo_correct_word2(domainname, cp - domainname)) | 429 | !tomoyo_correct_word2(domainname, cp - domainname)) |
| 433 | goto out; | 430 | return false; |
| 434 | domainname = cp + 1; | 431 | domainname = cp + 1; |
| 435 | } | 432 | } |
| 436 | return tomoyo_correct_path(domainname); | 433 | return tomoyo_correct_path(domainname); |
| 437 | out: | ||
| 438 | return false; | ||
| 439 | } | 434 | } |
| 440 | 435 | ||
| 441 | /** | 436 | /** |
| @@ -447,7 +442,19 @@ bool tomoyo_correct_domain(const unsigned char *domainname) | |||
| 447 | */ | 442 | */ |
| 448 | bool tomoyo_domain_def(const unsigned char *buffer) | 443 | bool tomoyo_domain_def(const unsigned char *buffer) |
| 449 | { | 444 | { |
| 450 | return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); | 445 | const unsigned char *cp; |
| 446 | int len; | ||
| 447 | if (*buffer != '<') | ||
| 448 | return false; | ||
| 449 | cp = strchr(buffer, ' '); | ||
| 450 | if (!cp) | ||
| 451 | len = strlen(buffer); | ||
| 452 | else | ||
| 453 | len = cp - buffer; | ||
| 454 | if (buffer[len - 1] != '>' || | ||
| 455 | !tomoyo_correct_word2(buffer + 1, len - 2)) | ||
| 456 | return false; | ||
| 457 | return true; | ||
| 451 | } | 458 | } |
| 452 | 459 | ||
| 453 | /** | 460 | /** |
| @@ -833,22 +840,24 @@ const char *tomoyo_get_exe(void) | |||
| 833 | /** | 840 | /** |
| 834 | * tomoyo_get_mode - Get MAC mode. | 841 | * tomoyo_get_mode - Get MAC mode. |
| 835 | * | 842 | * |
| 843 | * @ns: Pointer to "struct tomoyo_policy_namespace". | ||
| 836 | * @profile: Profile number. | 844 | * @profile: Profile number. |
| 837 | * @index: Index number of functionality. | 845 | * @index: Index number of functionality. |
| 838 | * | 846 | * |
| 839 | * Returns mode. | 847 | * Returns mode. |
| 840 | */ | 848 | */ |
| 841 | int tomoyo_get_mode(const u8 profile, const u8 index) | 849 | int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, |
| 850 | const u8 index) | ||
| 842 | { | 851 | { |
| 843 | u8 mode; | 852 | u8 mode; |
| 844 | const u8 category = TOMOYO_MAC_CATEGORY_FILE; | 853 | const u8 category = TOMOYO_MAC_CATEGORY_FILE; |
| 845 | if (!tomoyo_policy_loaded) | 854 | if (!tomoyo_policy_loaded) |
| 846 | return TOMOYO_CONFIG_DISABLED; | 855 | return TOMOYO_CONFIG_DISABLED; |
| 847 | mode = tomoyo_profile(profile)->config[index]; | 856 | mode = tomoyo_profile(ns, profile)->config[index]; |
| 848 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) | 857 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) |
| 849 | mode = tomoyo_profile(profile)->config[category]; | 858 | mode = tomoyo_profile(ns, profile)->config[category]; |
| 850 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) | 859 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) |
| 851 | mode = tomoyo_profile(profile)->default_config; | 860 | mode = tomoyo_profile(ns, profile)->default_config; |
| 852 | return mode & 3; | 861 | return mode & 3; |
| 853 | } | 862 | } |
| 854 | 863 | ||
| @@ -872,26 +881,11 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r, | |||
| 872 | profile = domain->profile; | 881 | profile = domain->profile; |
| 873 | r->profile = profile; | 882 | r->profile = profile; |
| 874 | r->type = index; | 883 | r->type = index; |
| 875 | r->mode = tomoyo_get_mode(profile, index); | 884 | r->mode = tomoyo_get_mode(domain->ns, profile, index); |
| 876 | return r->mode; | 885 | return r->mode; |
| 877 | } | 886 | } |
| 878 | 887 | ||
| 879 | /** | 888 | /** |
| 880 | * tomoyo_last_word - Get last component of a line. | ||
| 881 | * | ||
| 882 | * @line: A line. | ||
| 883 | * | ||
| 884 | * Returns the last word of a line. | ||
| 885 | */ | ||
| 886 | const char *tomoyo_last_word(const char *name) | ||
| 887 | { | ||
| 888 | const char *cp = strrchr(name, ' '); | ||
| 889 | if (cp) | ||
| 890 | return cp + 1; | ||
| 891 | return name; | ||
| 892 | } | ||
| 893 | |||
| 894 | /** | ||
| 895 | * tomoyo_domain_quota_is_ok - Check for domain's quota. | 889 | * tomoyo_domain_quota_is_ok - Check for domain's quota. |
| 896 | * | 890 | * |
| 897 | * @r: Pointer to "struct tomoyo_request_info". | 891 | * @r: Pointer to "struct tomoyo_request_info". |
| @@ -939,7 +933,7 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) | |||
| 939 | if (perm & (1 << i)) | 933 | if (perm & (1 << i)) |
| 940 | count++; | 934 | count++; |
| 941 | } | 935 | } |
| 942 | if (count < tomoyo_profile(domain->profile)-> | 936 | if (count < tomoyo_profile(domain->ns, domain->profile)-> |
| 943 | pref[TOMOYO_PREF_MAX_LEARNING_ENTRY]) | 937 | pref[TOMOYO_PREF_MAX_LEARNING_ENTRY]) |
| 944 | return true; | 938 | return true; |
| 945 | if (!domain->quota_warned) { | 939 | if (!domain->quota_warned) { |