diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2009-12-02 07:09:48 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-12-07 22:58:05 -0500 |
commit | 937bf6133b21b16965f75223085f4314ae32b8eb (patch) | |
tree | 4a042bc9298ffddfaf4017a5796cae46e9594d2c /security/tomoyo | |
parent | 5d0901a3a0c39c97ca504f73d24030f63cfc9fa2 (diff) |
TOMOYO: Add rest of file operation restrictions.
LSM hooks for chmod()/chown()/chroot() are now ready.
This patch utilizes these hooks.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo')
-rw-r--r-- | security/tomoyo/common.c | 61 | ||||
-rw-r--r-- | security/tomoyo/common.h | 12 | ||||
-rw-r--r-- | security/tomoyo/file.c | 47 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.c | 61 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.h | 12 |
5 files changed, 132 insertions, 61 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index e0d0354008b7..6c6061682438 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
@@ -842,52 +842,27 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain) | |||
842 | if (ptr->type & TOMOYO_ACL_DELETED) | 842 | if (ptr->type & TOMOYO_ACL_DELETED) |
843 | continue; | 843 | continue; |
844 | switch (tomoyo_acl_type2(ptr)) { | 844 | switch (tomoyo_acl_type2(ptr)) { |
845 | struct tomoyo_single_path_acl_record *acl1; | 845 | struct tomoyo_single_path_acl_record *acl; |
846 | struct tomoyo_double_path_acl_record *acl2; | 846 | u32 perm; |
847 | u16 perm; | 847 | u8 i; |
848 | case TOMOYO_TYPE_SINGLE_PATH_ACL: | 848 | case TOMOYO_TYPE_SINGLE_PATH_ACL: |
849 | acl1 = container_of(ptr, | 849 | acl = container_of(ptr, |
850 | struct tomoyo_single_path_acl_record, | 850 | struct tomoyo_single_path_acl_record, |
851 | head); | 851 | head); |
852 | perm = acl1->perm; | 852 | perm = acl->perm | (((u32) acl->perm_high) << 16); |
853 | if (perm & (1 << TOMOYO_TYPE_EXECUTE_ACL)) | 853 | for (i = 0; i < TOMOYO_MAX_SINGLE_PATH_OPERATION; i++) |
854 | count++; | 854 | if (perm & (1 << i)) |
855 | if (perm & | 855 | count++; |
856 | ((1 << TOMOYO_TYPE_READ_ACL) | | 856 | if (perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL)) |
857 | (1 << TOMOYO_TYPE_WRITE_ACL))) | 857 | count -= 2; |
858 | count++; | ||
859 | if (perm & (1 << TOMOYO_TYPE_CREATE_ACL)) | ||
860 | count++; | ||
861 | if (perm & (1 << TOMOYO_TYPE_UNLINK_ACL)) | ||
862 | count++; | ||
863 | if (perm & (1 << TOMOYO_TYPE_MKDIR_ACL)) | ||
864 | count++; | ||
865 | if (perm & (1 << TOMOYO_TYPE_RMDIR_ACL)) | ||
866 | count++; | ||
867 | if (perm & (1 << TOMOYO_TYPE_MKFIFO_ACL)) | ||
868 | count++; | ||
869 | if (perm & (1 << TOMOYO_TYPE_MKSOCK_ACL)) | ||
870 | count++; | ||
871 | if (perm & (1 << TOMOYO_TYPE_MKBLOCK_ACL)) | ||
872 | count++; | ||
873 | if (perm & (1 << TOMOYO_TYPE_MKCHAR_ACL)) | ||
874 | count++; | ||
875 | if (perm & (1 << TOMOYO_TYPE_TRUNCATE_ACL)) | ||
876 | count++; | ||
877 | if (perm & (1 << TOMOYO_TYPE_SYMLINK_ACL)) | ||
878 | count++; | ||
879 | if (perm & (1 << TOMOYO_TYPE_REWRITE_ACL)) | ||
880 | count++; | ||
881 | break; | 858 | break; |
882 | case TOMOYO_TYPE_DOUBLE_PATH_ACL: | 859 | case TOMOYO_TYPE_DOUBLE_PATH_ACL: |
883 | acl2 = container_of(ptr, | 860 | perm = container_of(ptr, |
884 | struct tomoyo_double_path_acl_record, | 861 | struct tomoyo_double_path_acl_record, |
885 | head); | 862 | head)->perm; |
886 | perm = acl2->perm; | 863 | for (i = 0; i < TOMOYO_MAX_DOUBLE_PATH_OPERATION; i++) |
887 | if (perm & (1 << TOMOYO_TYPE_LINK_ACL)) | 864 | if (perm & (1 << i)) |
888 | count++; | 865 | count++; |
889 | if (perm & (1 << TOMOYO_TYPE_RENAME_ACL)) | ||
890 | count++; | ||
891 | break; | 866 | break; |
892 | } | 867 | } |
893 | } | 868 | } |
@@ -1426,7 +1401,7 @@ static bool tomoyo_print_single_path_acl(struct tomoyo_io_buffer *head, | |||
1426 | u8 bit; | 1401 | u8 bit; |
1427 | const char *atmark = ""; | 1402 | const char *atmark = ""; |
1428 | const char *filename; | 1403 | const char *filename; |
1429 | const u16 perm = ptr->perm; | 1404 | const u32 perm = ptr->perm | (((u32) ptr->perm_high) << 16); |
1430 | 1405 | ||
1431 | filename = ptr->filename->name; | 1406 | filename = ptr->filename->name; |
1432 | for (bit = head->read_bit; bit < TOMOYO_MAX_SINGLE_PATH_OPERATION; | 1407 | for (bit = head->read_bit; bit < TOMOYO_MAX_SINGLE_PATH_OPERATION; |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 92169d29b2db..bd10f9fa3511 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -108,7 +108,7 @@ struct tomoyo_path_info_with_data { | |||
108 | * (b) type & 0x80 : whether the entry is marked as "deleted". | 108 | * (b) type & 0x80 : whether the entry is marked as "deleted". |
109 | * | 109 | * |
110 | * Packing "struct tomoyo_acl_info" allows | 110 | * Packing "struct tomoyo_acl_info" allows |
111 | * "struct tomoyo_single_path_acl_record" to embed "u16" and | 111 | * "struct tomoyo_single_path_acl_record" to embed "u8" + "u16" and |
112 | * "struct tomoyo_double_path_acl_record" to embed "u8" | 112 | * "struct tomoyo_double_path_acl_record" to embed "u8" |
113 | * without enlarging their structure size. | 113 | * without enlarging their structure size. |
114 | */ | 114 | */ |
@@ -184,10 +184,13 @@ struct tomoyo_domain_info { | |||
184 | * Directives held by this structure are "allow_read/write", "allow_execute", | 184 | * Directives held by this structure are "allow_read/write", "allow_execute", |
185 | * "allow_read", "allow_write", "allow_create", "allow_unlink", "allow_mkdir", | 185 | * "allow_read", "allow_write", "allow_create", "allow_unlink", "allow_mkdir", |
186 | * "allow_rmdir", "allow_mkfifo", "allow_mksock", "allow_mkblock", | 186 | * "allow_rmdir", "allow_mkfifo", "allow_mksock", "allow_mkblock", |
187 | * "allow_mkchar", "allow_truncate", "allow_symlink" and "allow_rewrite". | 187 | * "allow_mkchar", "allow_truncate", "allow_symlink", "allow_rewrite", |
188 | * "allow_chmod", "allow_chown", "allow_chgrp", "allow_chroot", "allow_mount" | ||
189 | * and "allow_unmount". | ||
188 | */ | 190 | */ |
189 | struct tomoyo_single_path_acl_record { | 191 | struct tomoyo_single_path_acl_record { |
190 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_SINGLE_PATH_ACL */ | 192 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_SINGLE_PATH_ACL */ |
193 | u8 perm_high; | ||
191 | u16 perm; | 194 | u16 perm; |
192 | /* Pointer to single pathname. */ | 195 | /* Pointer to single pathname. */ |
193 | const struct tomoyo_path_info *filename; | 196 | const struct tomoyo_path_info *filename; |
@@ -195,7 +198,7 @@ struct tomoyo_single_path_acl_record { | |||
195 | 198 | ||
196 | /* | 199 | /* |
197 | * tomoyo_double_path_acl_record is a structure which is used for holding an | 200 | * tomoyo_double_path_acl_record is a structure which is used for holding an |
198 | * entry with two pathnames operation (i.e. link() and rename()). | 201 | * entry with two pathnames operation (i.e. link(), rename() and pivot_root()). |
199 | * It has following fields. | 202 | * It has following fields. |
200 | * | 203 | * |
201 | * (1) "head" which is a "struct tomoyo_acl_info". | 204 | * (1) "head" which is a "struct tomoyo_acl_info". |
@@ -203,7 +206,8 @@ struct tomoyo_single_path_acl_record { | |||
203 | * (3) "filename1" is the source/old pathname. | 206 | * (3) "filename1" is the source/old pathname. |
204 | * (4) "filename2" is the destination/new pathname. | 207 | * (4) "filename2" is the destination/new pathname. |
205 | * | 208 | * |
206 | * Directives held by this structure are "allow_rename" and "allow_link". | 209 | * Directives held by this structure are "allow_rename", "allow_link" and |
210 | * "allow_pivot_root". | ||
207 | */ | 211 | */ |
208 | struct tomoyo_double_path_acl_record { | 212 | struct tomoyo_double_path_acl_record { |
209 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_DOUBLE_PATH_ACL */ | 213 | struct tomoyo_acl_info head; /* type = TOMOYO_TYPE_DOUBLE_PATH_ACL */ |
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 5ae3a571559f..2d10f98fc551 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
@@ -81,12 +81,20 @@ static const char *tomoyo_sp_keyword[TOMOYO_MAX_SINGLE_PATH_OPERATION] = { | |||
81 | [TOMOYO_TYPE_TRUNCATE_ACL] = "truncate", | 81 | [TOMOYO_TYPE_TRUNCATE_ACL] = "truncate", |
82 | [TOMOYO_TYPE_SYMLINK_ACL] = "symlink", | 82 | [TOMOYO_TYPE_SYMLINK_ACL] = "symlink", |
83 | [TOMOYO_TYPE_REWRITE_ACL] = "rewrite", | 83 | [TOMOYO_TYPE_REWRITE_ACL] = "rewrite", |
84 | [TOMOYO_TYPE_IOCTL_ACL] = "ioctl", | ||
85 | [TOMOYO_TYPE_CHMOD_ACL] = "chmod", | ||
86 | [TOMOYO_TYPE_CHOWN_ACL] = "chown", | ||
87 | [TOMOYO_TYPE_CHGRP_ACL] = "chgrp", | ||
88 | [TOMOYO_TYPE_CHROOT_ACL] = "chroot", | ||
89 | [TOMOYO_TYPE_MOUNT_ACL] = "mount", | ||
90 | [TOMOYO_TYPE_UMOUNT_ACL] = "unmount", | ||
84 | }; | 91 | }; |
85 | 92 | ||
86 | /* Keyword array for double path operations. */ | 93 | /* Keyword array for double path operations. */ |
87 | static const char *tomoyo_dp_keyword[TOMOYO_MAX_DOUBLE_PATH_OPERATION] = { | 94 | static const char *tomoyo_dp_keyword[TOMOYO_MAX_DOUBLE_PATH_OPERATION] = { |
88 | [TOMOYO_TYPE_LINK_ACL] = "link", | 95 | [TOMOYO_TYPE_LINK_ACL] = "link", |
89 | [TOMOYO_TYPE_RENAME_ACL] = "rename", | 96 | [TOMOYO_TYPE_RENAME_ACL] = "rename", |
97 | [TOMOYO_TYPE_PIVOT_ROOT_ACL] = "pivot_root", | ||
90 | }; | 98 | }; |
91 | 99 | ||
92 | /** | 100 | /** |
@@ -655,7 +663,7 @@ static int tomoyo_check_single_path_acl2(const struct tomoyo_domain_info * | |||
655 | domain, | 663 | domain, |
656 | const struct tomoyo_path_info * | 664 | const struct tomoyo_path_info * |
657 | filename, | 665 | filename, |
658 | const u16 perm, | 666 | const u32 perm, |
659 | const bool may_use_pattern) | 667 | const bool may_use_pattern) |
660 | { | 668 | { |
661 | struct tomoyo_acl_info *ptr; | 669 | struct tomoyo_acl_info *ptr; |
@@ -668,8 +676,13 @@ static int tomoyo_check_single_path_acl2(const struct tomoyo_domain_info * | |||
668 | continue; | 676 | continue; |
669 | acl = container_of(ptr, struct tomoyo_single_path_acl_record, | 677 | acl = container_of(ptr, struct tomoyo_single_path_acl_record, |
670 | head); | 678 | head); |
671 | if (!(acl->perm & perm)) | 679 | if (perm <= 0xFFFF) { |
672 | continue; | 680 | if (!(acl->perm & perm)) |
681 | continue; | ||
682 | } else { | ||
683 | if (!(acl->perm_high & (perm >> 16))) | ||
684 | continue; | ||
685 | } | ||
673 | if (may_use_pattern || !acl->filename->is_patterned) { | 686 | if (may_use_pattern || !acl->filename->is_patterned) { |
674 | if (!tomoyo_path_matches_pattern(filename, | 687 | if (!tomoyo_path_matches_pattern(filename, |
675 | acl->filename)) | 688 | acl->filename)) |
@@ -697,7 +710,7 @@ static int tomoyo_check_file_acl(const struct tomoyo_domain_info *domain, | |||
697 | const struct tomoyo_path_info *filename, | 710 | const struct tomoyo_path_info *filename, |
698 | const u8 operation) | 711 | const u8 operation) |
699 | { | 712 | { |
700 | u16 perm = 0; | 713 | u32 perm = 0; |
701 | 714 | ||
702 | if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE)) | 715 | if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE)) |
703 | return 0; | 716 | return 0; |
@@ -830,13 +843,13 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename, | |||
830 | struct tomoyo_domain_info * | 843 | struct tomoyo_domain_info * |
831 | const domain, const bool is_delete) | 844 | const domain, const bool is_delete) |
832 | { | 845 | { |
833 | static const u16 rw_mask = | 846 | static const u32 rw_mask = |
834 | (1 << TOMOYO_TYPE_READ_ACL) | (1 << TOMOYO_TYPE_WRITE_ACL); | 847 | (1 << TOMOYO_TYPE_READ_ACL) | (1 << TOMOYO_TYPE_WRITE_ACL); |
835 | const struct tomoyo_path_info *saved_filename; | 848 | const struct tomoyo_path_info *saved_filename; |
836 | struct tomoyo_acl_info *ptr; | 849 | struct tomoyo_acl_info *ptr; |
837 | struct tomoyo_single_path_acl_record *acl; | 850 | struct tomoyo_single_path_acl_record *acl; |
838 | int error = -ENOMEM; | 851 | int error = -ENOMEM; |
839 | const u16 perm = 1 << type; | 852 | const u32 perm = 1 << type; |
840 | 853 | ||
841 | if (!domain) | 854 | if (!domain) |
842 | return -EINVAL; | 855 | return -EINVAL; |
@@ -858,7 +871,10 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename, | |||
858 | /* Special case. Clear all bits if marked as deleted. */ | 871 | /* Special case. Clear all bits if marked as deleted. */ |
859 | if (ptr->type & TOMOYO_ACL_DELETED) | 872 | if (ptr->type & TOMOYO_ACL_DELETED) |
860 | acl->perm = 0; | 873 | acl->perm = 0; |
861 | acl->perm |= perm; | 874 | if (perm <= 0xFFFF) |
875 | acl->perm |= perm; | ||
876 | else | ||
877 | acl->perm_high |= (perm >> 16); | ||
862 | if ((acl->perm & rw_mask) == rw_mask) | 878 | if ((acl->perm & rw_mask) == rw_mask) |
863 | acl->perm |= 1 << TOMOYO_TYPE_READ_WRITE_ACL; | 879 | acl->perm |= 1 << TOMOYO_TYPE_READ_WRITE_ACL; |
864 | else if (acl->perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL)) | 880 | else if (acl->perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL)) |
@@ -871,7 +887,10 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename, | |||
871 | acl = tomoyo_alloc_acl_element(TOMOYO_TYPE_SINGLE_PATH_ACL); | 887 | acl = tomoyo_alloc_acl_element(TOMOYO_TYPE_SINGLE_PATH_ACL); |
872 | if (!acl) | 888 | if (!acl) |
873 | goto out; | 889 | goto out; |
874 | acl->perm = perm; | 890 | if (perm <= 0xFFFF) |
891 | acl->perm = perm; | ||
892 | else | ||
893 | acl->perm_high = (perm >> 16); | ||
875 | if (perm == (1 << TOMOYO_TYPE_READ_WRITE_ACL)) | 894 | if (perm == (1 << TOMOYO_TYPE_READ_WRITE_ACL)) |
876 | acl->perm |= rw_mask; | 895 | acl->perm |= rw_mask; |
877 | acl->filename = saved_filename; | 896 | acl->filename = saved_filename; |
@@ -887,12 +906,15 @@ static int tomoyo_update_single_path_acl(const u8 type, const char *filename, | |||
887 | head); | 906 | head); |
888 | if (acl->filename != saved_filename) | 907 | if (acl->filename != saved_filename) |
889 | continue; | 908 | continue; |
890 | acl->perm &= ~perm; | 909 | if (perm <= 0xFFFF) |
910 | acl->perm &= ~perm; | ||
911 | else | ||
912 | acl->perm_high &= ~(perm >> 16); | ||
891 | if ((acl->perm & rw_mask) != rw_mask) | 913 | if ((acl->perm & rw_mask) != rw_mask) |
892 | acl->perm &= ~(1 << TOMOYO_TYPE_READ_WRITE_ACL); | 914 | acl->perm &= ~(1 << TOMOYO_TYPE_READ_WRITE_ACL); |
893 | else if (!(acl->perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL))) | 915 | else if (!(acl->perm & (1 << TOMOYO_TYPE_READ_WRITE_ACL))) |
894 | acl->perm &= ~rw_mask; | 916 | acl->perm &= ~rw_mask; |
895 | if (!acl->perm) | 917 | if (!acl->perm && !acl->perm_high) |
896 | ptr->type |= TOMOYO_ACL_DELETED; | 918 | ptr->type |= TOMOYO_ACL_DELETED; |
897 | error = 0; | 919 | error = 0; |
898 | break; | 920 | break; |
@@ -1193,7 +1215,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | |||
1193 | } | 1215 | } |
1194 | 1216 | ||
1195 | /** | 1217 | /** |
1196 | * tomoyo_check_1path_perm - Check permission for "create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock", "mkblock", "mkchar", "truncate" and "symlink". | 1218 | * tomoyo_check_1path_perm - Check permission for "create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock", "mkblock", "mkchar", "truncate", "symlink", "ioctl", "chmod", "chown", "chgrp", "chroot", "mount" and "unmount". |
1197 | * | 1219 | * |
1198 | * @domain: Pointer to "struct tomoyo_domain_info". | 1220 | * @domain: Pointer to "struct tomoyo_domain_info". |
1199 | * @operation: Type of operation. | 1221 | * @operation: Type of operation. |
@@ -1217,6 +1239,7 @@ int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain, | |||
1217 | switch (operation) { | 1239 | switch (operation) { |
1218 | case TOMOYO_TYPE_MKDIR_ACL: | 1240 | case TOMOYO_TYPE_MKDIR_ACL: |
1219 | case TOMOYO_TYPE_RMDIR_ACL: | 1241 | case TOMOYO_TYPE_RMDIR_ACL: |
1242 | case TOMOYO_TYPE_CHROOT_ACL: | ||
1220 | if (!buf->is_dir) { | 1243 | if (!buf->is_dir) { |
1221 | /* | 1244 | /* |
1222 | * tomoyo_get_path() reserves space for appending "/." | 1245 | * tomoyo_get_path() reserves space for appending "/." |
@@ -1270,7 +1293,7 @@ int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain, | |||
1270 | } | 1293 | } |
1271 | 1294 | ||
1272 | /** | 1295 | /** |
1273 | * tomoyo_check_2path_perm - Check permission for "rename" and "link". | 1296 | * tomoyo_check_2path_perm - Check permission for "rename", "link" and "pivot_root". |
1274 | * | 1297 | * |
1275 | * @domain: Pointer to "struct tomoyo_domain_info". | 1298 | * @domain: Pointer to "struct tomoyo_domain_info". |
1276 | * @operation: Type of operation. | 1299 | * @operation: Type of operation. |
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 9548a0984cc4..3fb5f6ea4fc9 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c | |||
@@ -271,6 +271,60 @@ static int tomoyo_dentry_open(struct file *f, const struct cred *cred) | |||
271 | return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags); | 271 | return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags); |
272 | } | 272 | } |
273 | 273 | ||
274 | static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, | ||
275 | unsigned long arg) | ||
276 | { | ||
277 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_IOCTL_ACL, | ||
278 | &file->f_path); | ||
279 | } | ||
280 | |||
281 | static int tomoyo_path_chmod(struct dentry *dentry, struct vfsmount *mnt, | ||
282 | mode_t mode) | ||
283 | { | ||
284 | struct path path = { mnt, dentry }; | ||
285 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHMOD_ACL, | ||
286 | &path); | ||
287 | } | ||
288 | |||
289 | static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid) | ||
290 | { | ||
291 | int error = 0; | ||
292 | if (uid != (uid_t) -1) | ||
293 | error = tomoyo_check_1path_perm(tomoyo_domain(), | ||
294 | TOMOYO_TYPE_CHOWN_ACL, path); | ||
295 | if (!error && gid != (gid_t) -1) | ||
296 | error = tomoyo_check_1path_perm(tomoyo_domain(), | ||
297 | TOMOYO_TYPE_CHGRP_ACL, path); | ||
298 | return error; | ||
299 | } | ||
300 | |||
301 | static int tomoyo_path_chroot(struct path *path) | ||
302 | { | ||
303 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_CHROOT_ACL, | ||
304 | path); | ||
305 | } | ||
306 | |||
307 | static int tomoyo_sb_mount(char *dev_name, struct path *path, | ||
308 | char *type, unsigned long flags, void *data) | ||
309 | { | ||
310 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_MOUNT_ACL, | ||
311 | path); | ||
312 | } | ||
313 | |||
314 | static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) | ||
315 | { | ||
316 | struct path path = { mnt, mnt->mnt_root }; | ||
317 | return tomoyo_check_1path_perm(tomoyo_domain(), TOMOYO_TYPE_UMOUNT_ACL, | ||
318 | &path); | ||
319 | } | ||
320 | |||
321 | static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) | ||
322 | { | ||
323 | return tomoyo_check_2path_perm(tomoyo_domain(), | ||
324 | TOMOYO_TYPE_PIVOT_ROOT_ACL, | ||
325 | new_path, old_path); | ||
326 | } | ||
327 | |||
274 | /* | 328 | /* |
275 | * tomoyo_security_ops is a "struct security_operations" which is used for | 329 | * tomoyo_security_ops is a "struct security_operations" which is used for |
276 | * registering TOMOYO. | 330 | * registering TOMOYO. |
@@ -295,6 +349,13 @@ static struct security_operations tomoyo_security_ops = { | |||
295 | .path_mknod = tomoyo_path_mknod, | 349 | .path_mknod = tomoyo_path_mknod, |
296 | .path_link = tomoyo_path_link, | 350 | .path_link = tomoyo_path_link, |
297 | .path_rename = tomoyo_path_rename, | 351 | .path_rename = tomoyo_path_rename, |
352 | .file_ioctl = tomoyo_file_ioctl, | ||
353 | .path_chmod = tomoyo_path_chmod, | ||
354 | .path_chown = tomoyo_path_chown, | ||
355 | .path_chroot = tomoyo_path_chroot, | ||
356 | .sb_mount = tomoyo_sb_mount, | ||
357 | .sb_umount = tomoyo_sb_umount, | ||
358 | .sb_pivotroot = tomoyo_sb_pivotroot, | ||
298 | }; | 359 | }; |
299 | 360 | ||
300 | static int __init tomoyo_init(void) | 361 | static int __init tomoyo_init(void) |
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h index cd6ba0bf7069..fac02655ea4b 100644 --- a/security/tomoyo/tomoyo.h +++ b/security/tomoyo/tomoyo.h | |||
@@ -64,11 +64,19 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm); | |||
64 | #define TOMOYO_TYPE_TRUNCATE_ACL 12 | 64 | #define TOMOYO_TYPE_TRUNCATE_ACL 12 |
65 | #define TOMOYO_TYPE_SYMLINK_ACL 13 | 65 | #define TOMOYO_TYPE_SYMLINK_ACL 13 |
66 | #define TOMOYO_TYPE_REWRITE_ACL 14 | 66 | #define TOMOYO_TYPE_REWRITE_ACL 14 |
67 | #define TOMOYO_MAX_SINGLE_PATH_OPERATION 15 | 67 | #define TOMOYO_TYPE_IOCTL_ACL 15 |
68 | #define TOMOYO_TYPE_CHMOD_ACL 16 | ||
69 | #define TOMOYO_TYPE_CHOWN_ACL 17 | ||
70 | #define TOMOYO_TYPE_CHGRP_ACL 18 | ||
71 | #define TOMOYO_TYPE_CHROOT_ACL 19 | ||
72 | #define TOMOYO_TYPE_MOUNT_ACL 20 | ||
73 | #define TOMOYO_TYPE_UMOUNT_ACL 21 | ||
74 | #define TOMOYO_MAX_SINGLE_PATH_OPERATION 22 | ||
68 | 75 | ||
69 | #define TOMOYO_TYPE_LINK_ACL 0 | 76 | #define TOMOYO_TYPE_LINK_ACL 0 |
70 | #define TOMOYO_TYPE_RENAME_ACL 1 | 77 | #define TOMOYO_TYPE_RENAME_ACL 1 |
71 | #define TOMOYO_MAX_DOUBLE_PATH_OPERATION 2 | 78 | #define TOMOYO_TYPE_PIVOT_ROOT_ACL 2 |
79 | #define TOMOYO_MAX_DOUBLE_PATH_OPERATION 3 | ||
72 | 80 | ||
73 | #define TOMOYO_DOMAINPOLICY 0 | 81 | #define TOMOYO_DOMAINPOLICY 0 |
74 | #define TOMOYO_EXCEPTIONPOLICY 1 | 82 | #define TOMOYO_EXCEPTIONPOLICY 1 |