aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-03-21 16:25:04 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-03-21 16:25:04 -0400
commit3556485f1595e3964ba539e39ea682acbb835cee (patch)
tree7f5ee254f425b1427ac0059b5f347a307f8538a1 /security/tomoyo
parentb8716614a7cc2fc15ea2a518edd04755fb08d922 (diff)
parent09f61cdbb32a9d812c618d3922db533542736bb0 (diff)
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates for 3.4 from James Morris: "The main addition here is the new Yama security module from Kees Cook, which was discussed at the Linux Security Summit last year. Its purpose is to collect miscellaneous DAC security enhancements in one place. This also marks a departure in policy for LSM modules, which were previously limited to being standalone access control systems. Chromium OS is using Yama, and I believe there are plans for Ubuntu, at least. This patchset also includes maintenance updates for AppArmor, TOMOYO and others." Fix trivial conflict in <net/sock.h> due to the jumo_label->static_key rename. * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (38 commits) AppArmor: Fix location of const qualifier on generated string tables TOMOYO: Return error if fails to delete a domain AppArmor: add const qualifiers to string arrays AppArmor: Add ability to load extended policy TOMOYO: Return appropriate value to poll(). AppArmor: Move path failure information into aa_get_name and rename AppArmor: Update dfa matching routines. AppArmor: Minor cleanup of d_namespace_path to consolidate error handling AppArmor: Retrieve the dentry_path for error reporting when path lookup fails AppArmor: Add const qualifiers to generated string tables AppArmor: Fix oops in policy unpack auditing AppArmor: Fix error returned when a path lookup is disconnected KEYS: testing wrong bit for KEY_FLAG_REVOKED TOMOYO: Fix mount flags checking order. security: fix ima kconfig warning AppArmor: Fix the error case for chroot relative path name lookup AppArmor: fix mapping of META_READ to audit and quiet flags AppArmor: Fix underflow in xindex calculation AppArmor: Fix dropping of allowed operations that are force audited AppArmor: Add mising end of structure test to caps unpacking ...
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/audit.c4
-rw-r--r--security/tomoyo/common.c63
-rw-r--r--security/tomoyo/common.h6
-rw-r--r--security/tomoyo/mount.c38
-rw-r--r--security/tomoyo/securityfs_if.c5
5 files changed, 51 insertions, 65 deletions
diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c
index 5ca47ea3049f..7ef9fa3e37e0 100644
--- a/security/tomoyo/audit.c
+++ b/security/tomoyo/audit.c
@@ -446,11 +446,11 @@ void tomoyo_read_log(struct tomoyo_io_buffer *head)
446 * tomoyo_poll_log - Wait for an audit log. 446 * tomoyo_poll_log - Wait for an audit log.
447 * 447 *
448 * @file: Pointer to "struct file". 448 * @file: Pointer to "struct file".
449 * @wait: Pointer to "poll_table". 449 * @wait: Pointer to "poll_table". Maybe NULL.
450 * 450 *
451 * Returns POLLIN | POLLRDNORM when ready to read an audit log. 451 * Returns POLLIN | POLLRDNORM when ready to read an audit log.
452 */ 452 */
453int tomoyo_poll_log(struct file *file, poll_table *wait) 453unsigned int tomoyo_poll_log(struct file *file, poll_table *wait)
454{ 454{
455 if (tomoyo_log_count) 455 if (tomoyo_log_count)
456 return POLLIN | POLLRDNORM; 456 return POLLIN | POLLRDNORM;
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index c47d3ce6c733..8656b16eef7b 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1069,7 +1069,7 @@ static int tomoyo_write_task(struct tomoyo_acl_param *param)
1069 * 1069 *
1070 * @domainname: The name of domain. 1070 * @domainname: The name of domain.
1071 * 1071 *
1072 * Returns 0. 1072 * Returns 0 on success, negative value otherwise.
1073 * 1073 *
1074 * Caller holds tomoyo_read_lock(). 1074 * Caller holds tomoyo_read_lock().
1075 */ 1075 */
@@ -1081,7 +1081,7 @@ static int tomoyo_delete_domain(char *domainname)
1081 name.name = domainname; 1081 name.name = domainname;
1082 tomoyo_fill_path_info(&name); 1082 tomoyo_fill_path_info(&name);
1083 if (mutex_lock_interruptible(&tomoyo_policy_lock)) 1083 if (mutex_lock_interruptible(&tomoyo_policy_lock))
1084 return 0; 1084 return -EINTR;
1085 /* Is there an active domain? */ 1085 /* Is there an active domain? */
1086 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1086 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
1087 /* Never delete tomoyo_kernel_domain */ 1087 /* Never delete tomoyo_kernel_domain */
@@ -1164,15 +1164,16 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
1164 bool is_select = !is_delete && tomoyo_str_starts(&data, "select "); 1164 bool is_select = !is_delete && tomoyo_str_starts(&data, "select ");
1165 unsigned int profile; 1165 unsigned int profile;
1166 if (*data == '<') { 1166 if (*data == '<') {
1167 int ret = 0;
1167 domain = NULL; 1168 domain = NULL;
1168 if (is_delete) 1169 if (is_delete)
1169 tomoyo_delete_domain(data); 1170 ret = tomoyo_delete_domain(data);
1170 else if (is_select) 1171 else if (is_select)
1171 domain = tomoyo_find_domain(data); 1172 domain = tomoyo_find_domain(data);
1172 else 1173 else
1173 domain = tomoyo_assign_domain(data, false); 1174 domain = tomoyo_assign_domain(data, false);
1174 head->w.domain = domain; 1175 head->w.domain = domain;
1175 return 0; 1176 return ret;
1176 } 1177 }
1177 if (!domain) 1178 if (!domain)
1178 return -EINVAL; 1179 return -EINVAL;
@@ -2111,7 +2112,7 @@ static struct tomoyo_domain_info *tomoyo_find_domain_by_qid
2111 struct tomoyo_domain_info *domain = NULL; 2112 struct tomoyo_domain_info *domain = NULL;
2112 spin_lock(&tomoyo_query_list_lock); 2113 spin_lock(&tomoyo_query_list_lock);
2113 list_for_each_entry(ptr, &tomoyo_query_list, list) { 2114 list_for_each_entry(ptr, &tomoyo_query_list, list) {
2114 if (ptr->serial != serial || ptr->answer) 2115 if (ptr->serial != serial)
2115 continue; 2116 continue;
2116 domain = ptr->domain; 2117 domain = ptr->domain;
2117 break; 2118 break;
@@ -2130,28 +2131,13 @@ static struct tomoyo_domain_info *tomoyo_find_domain_by_qid
2130 * 2131 *
2131 * Waits for access requests which violated policy in enforcing mode. 2132 * Waits for access requests which violated policy in enforcing mode.
2132 */ 2133 */
2133static int tomoyo_poll_query(struct file *file, poll_table *wait) 2134static unsigned int tomoyo_poll_query(struct file *file, poll_table *wait)
2134{ 2135{
2135 struct list_head *tmp; 2136 if (!list_empty(&tomoyo_query_list))
2136 bool found = false; 2137 return POLLIN | POLLRDNORM;
2137 u8 i; 2138 poll_wait(file, &tomoyo_query_wait, wait);
2138 for (i = 0; i < 2; i++) { 2139 if (!list_empty(&tomoyo_query_list))
2139 spin_lock(&tomoyo_query_list_lock); 2140 return POLLIN | POLLRDNORM;
2140 list_for_each(tmp, &tomoyo_query_list) {
2141 struct tomoyo_query *ptr =
2142 list_entry(tmp, typeof(*ptr), list);
2143 if (ptr->answer)
2144 continue;
2145 found = true;
2146 break;
2147 }
2148 spin_unlock(&tomoyo_query_list_lock);
2149 if (found)
2150 return POLLIN | POLLRDNORM;
2151 if (i)
2152 break;
2153 poll_wait(file, &tomoyo_query_wait, wait);
2154 }
2155 return 0; 2141 return 0;
2156} 2142}
2157 2143
@@ -2175,8 +2161,6 @@ static void tomoyo_read_query(struct tomoyo_io_buffer *head)
2175 spin_lock(&tomoyo_query_list_lock); 2161 spin_lock(&tomoyo_query_list_lock);
2176 list_for_each(tmp, &tomoyo_query_list) { 2162 list_for_each(tmp, &tomoyo_query_list) {
2177 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2163 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
2178 if (ptr->answer)
2179 continue;
2180 if (pos++ != head->r.query_index) 2164 if (pos++ != head->r.query_index)
2181 continue; 2165 continue;
2182 len = ptr->query_len; 2166 len = ptr->query_len;
@@ -2194,8 +2178,6 @@ static void tomoyo_read_query(struct tomoyo_io_buffer *head)
2194 spin_lock(&tomoyo_query_list_lock); 2178 spin_lock(&tomoyo_query_list_lock);
2195 list_for_each(tmp, &tomoyo_query_list) { 2179 list_for_each(tmp, &tomoyo_query_list) {
2196 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2180 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
2197 if (ptr->answer)
2198 continue;
2199 if (pos++ != head->r.query_index) 2181 if (pos++ != head->r.query_index)
2200 continue; 2182 continue;
2201 /* 2183 /*
@@ -2243,8 +2225,10 @@ static int tomoyo_write_answer(struct tomoyo_io_buffer *head)
2243 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list); 2225 struct tomoyo_query *ptr = list_entry(tmp, typeof(*ptr), list);
2244 if (ptr->serial != serial) 2226 if (ptr->serial != serial)
2245 continue; 2227 continue;
2246 if (!ptr->answer) 2228 ptr->answer = answer;
2247 ptr->answer = answer; 2229 /* Remove from tomoyo_query_list. */
2230 if (ptr->answer)
2231 list_del_init(&ptr->list);
2248 break; 2232 break;
2249 } 2233 }
2250 spin_unlock(&tomoyo_query_list_lock); 2234 spin_unlock(&tomoyo_query_list_lock);
@@ -2477,18 +2461,17 @@ int tomoyo_open_control(const u8 type, struct file *file)
2477 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface. 2461 * tomoyo_poll_control - poll() for /sys/kernel/security/tomoyo/ interface.
2478 * 2462 *
2479 * @file: Pointer to "struct file". 2463 * @file: Pointer to "struct file".
2480 * @wait: Pointer to "poll_table". 2464 * @wait: Pointer to "poll_table". Maybe NULL.
2481 * 2465 *
2482 * Waits for read readiness. 2466 * Returns POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM if ready to read/write,
2483 * /sys/kernel/security/tomoyo/query is handled by /usr/sbin/tomoyo-queryd and 2467 * POLLOUT | POLLWRNORM otherwise.
2484 * /sys/kernel/security/tomoyo/audit is handled by /usr/sbin/tomoyo-auditd.
2485 */ 2468 */
2486int tomoyo_poll_control(struct file *file, poll_table *wait) 2469unsigned int tomoyo_poll_control(struct file *file, poll_table *wait)
2487{ 2470{
2488 struct tomoyo_io_buffer *head = file->private_data; 2471 struct tomoyo_io_buffer *head = file->private_data;
2489 if (!head->poll) 2472 if (head->poll)
2490 return -ENOSYS; 2473 return head->poll(file, wait) | POLLOUT | POLLWRNORM;
2491 return head->poll(file, wait); 2474 return POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM;
2492} 2475}
2493 2476
2494/** 2477/**
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 9512222d5581..30fd98369700 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -788,7 +788,7 @@ struct tomoyo_acl_param {
788struct tomoyo_io_buffer { 788struct tomoyo_io_buffer {
789 void (*read) (struct tomoyo_io_buffer *); 789 void (*read) (struct tomoyo_io_buffer *);
790 int (*write) (struct tomoyo_io_buffer *); 790 int (*write) (struct tomoyo_io_buffer *);
791 int (*poll) (struct file *file, poll_table *wait); 791 unsigned int (*poll) (struct file *file, poll_table *wait);
792 /* Exclusive lock for this structure. */ 792 /* Exclusive lock for this structure. */
793 struct mutex io_sem; 793 struct mutex io_sem;
794 char __user *read_user_buf; 794 char __user *read_user_buf;
@@ -981,8 +981,8 @@ int tomoyo_path_number_perm(const u8 operation, struct path *path,
981 unsigned long number); 981 unsigned long number);
982int tomoyo_path_perm(const u8 operation, struct path *path, 982int tomoyo_path_perm(const u8 operation, struct path *path,
983 const char *target); 983 const char *target);
984int tomoyo_poll_control(struct file *file, poll_table *wait); 984unsigned int tomoyo_poll_control(struct file *file, poll_table *wait);
985int tomoyo_poll_log(struct file *file, poll_table *wait); 985unsigned int tomoyo_poll_log(struct file *file, poll_table *wait);
986int tomoyo_socket_bind_permission(struct socket *sock, struct sockaddr *addr, 986int tomoyo_socket_bind_permission(struct socket *sock, struct sockaddr *addr,
987 int addr_len); 987 int addr_len);
988int tomoyo_socket_connect_permission(struct socket *sock, 988int tomoyo_socket_connect_permission(struct socket *sock,
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index bee09d062057..fe00cdfd0267 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -199,30 +199,32 @@ int tomoyo_mount_permission(char *dev_name, struct path *path,
199 if (flags & MS_REMOUNT) { 199 if (flags & MS_REMOUNT) {
200 type = tomoyo_mounts[TOMOYO_MOUNT_REMOUNT]; 200 type = tomoyo_mounts[TOMOYO_MOUNT_REMOUNT];
201 flags &= ~MS_REMOUNT; 201 flags &= ~MS_REMOUNT;
202 } 202 } else if (flags & MS_BIND) {
203 if (flags & MS_MOVE) {
204 type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];
205 flags &= ~MS_MOVE;
206 }
207 if (flags & MS_BIND) {
208 type = tomoyo_mounts[TOMOYO_MOUNT_BIND]; 203 type = tomoyo_mounts[TOMOYO_MOUNT_BIND];
209 flags &= ~MS_BIND; 204 flags &= ~MS_BIND;
210 } 205 } else if (flags & MS_SHARED) {
211 if (flags & MS_UNBINDABLE) { 206 if (flags & (MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
212 type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE]; 207 return -EINVAL;
213 flags &= ~MS_UNBINDABLE; 208 type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED];
214 } 209 flags &= ~MS_SHARED;
215 if (flags & MS_PRIVATE) { 210 } else if (flags & MS_PRIVATE) {
211 if (flags & (MS_SHARED | MS_SLAVE | MS_UNBINDABLE))
212 return -EINVAL;
216 type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE]; 213 type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE];
217 flags &= ~MS_PRIVATE; 214 flags &= ~MS_PRIVATE;
218 } 215 } else if (flags & MS_SLAVE) {
219 if (flags & MS_SLAVE) { 216 if (flags & (MS_SHARED | MS_PRIVATE | MS_UNBINDABLE))
217 return -EINVAL;
220 type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE]; 218 type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE];
221 flags &= ~MS_SLAVE; 219 flags &= ~MS_SLAVE;
222 } 220 } else if (flags & MS_UNBINDABLE) {
223 if (flags & MS_SHARED) { 221 if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE))
224 type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED]; 222 return -EINVAL;
225 flags &= ~MS_SHARED; 223 type = tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE];
224 flags &= ~MS_UNBINDABLE;
225 } else if (flags & MS_MOVE) {
226 type = tomoyo_mounts[TOMOYO_MOUNT_MOVE];
227 flags &= ~MS_MOVE;
226 } 228 }
227 if (!type) 229 if (!type)
228 type = "<NULL>"; 230 type = "<NULL>";
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index 482b2a5f48f0..8592f2fc6ebb 100644
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -157,9 +157,10 @@ static int tomoyo_release(struct inode *inode, struct file *file)
157 * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface. 157 * tomoyo_poll - poll() for /sys/kernel/security/tomoyo/ interface.
158 * 158 *
159 * @file: Pointer to "struct file". 159 * @file: Pointer to "struct file".
160 * @wait: Pointer to "poll_table". 160 * @wait: Pointer to "poll_table". Maybe NULL.
161 * 161 *
162 * Returns 0 on success, negative value otherwise. 162 * Returns POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM if ready to read/write,
163 * POLLOUT | POLLWRNORM otherwise.
163 */ 164 */
164static unsigned int tomoyo_poll(struct file *file, poll_table *wait) 165static unsigned int tomoyo_poll(struct file *file, poll_table *wait)
165{ 166{