aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-06-16 03:24:58 -0400
committerJames Morris <jmorris@namei.org>2010-08-02 01:34:34 -0400
commitd795ef9e751b72c94600c91e31bdaef55987a9f6 (patch)
treef845fcc73cfad0fc2e9bb27e6e1a6110d7461e28 /security
parent75093152a97ee0ec281895b4f6229ff3c481fd64 (diff)
TOMOYO: Loosen parameter check for mount operation.
If invalid combination of mount flags are given, it will be rejected later. Thus, no need for TOMOYO to reject invalid combination of mount flags. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/tomoyo/mount.c124
1 files changed, 33 insertions, 91 deletions
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 54015b9964dc..7872226f72ee 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(const struct tomoyo_request_info *r,
73} 73}
74 74
75/** 75/**
76 * tomoyo_mount_acl2 - Check permission for mount() operation. 76 * tomoyo_mount_acl - Check permission for mount() operation.
77 * 77 *
78 * @r: Pointer to "struct tomoyo_request_info". 78 * @r: Pointer to "struct tomoyo_request_info".
79 * @dev_name: Name of device file. 79 * @dev_name: Name of device file.
@@ -85,8 +85,8 @@ static bool tomoyo_check_mount_acl(const struct tomoyo_request_info *r,
85 * 85 *
86 * Caller holds tomoyo_read_lock(). 86 * Caller holds tomoyo_read_lock().
87 */ 87 */
88static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name, 88static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
89 struct path *dir, char *type, unsigned long flags) 89 struct path *dir, char *type, unsigned long flags)
90{ 90{
91 struct path path; 91 struct path path;
92 struct file_system_type *fstype = NULL; 92 struct file_system_type *fstype = NULL;
@@ -179,94 +179,6 @@ static int tomoyo_mount_acl2(struct tomoyo_request_info *r, char *dev_name,
179} 179}
180 180
181/** 181/**
182 * tomoyo_mount_acl - Check permission for mount() operation.
183 *
184 * @r: Pointer to "struct tomoyo_request_info".
185 * @dev_name: Name of device file.
186 * @dir: Pointer to "struct path".
187 * @type: Name of filesystem type.
188 * @flags: Mount options.
189 *
190 * Returns 0 on success, negative value otherwise.
191 *
192 * Caller holds tomoyo_read_lock().
193 */
194static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
195 struct path *dir, char *type, unsigned long flags)
196{
197 int error;
198 error = -EPERM;
199 if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
200 flags &= ~MS_MGC_MSK;
201 switch (flags & (MS_REMOUNT | MS_MOVE | MS_BIND)) {
202 case MS_REMOUNT:
203 case MS_MOVE:
204 case MS_BIND:
205 case 0:
206 break;
207 default:
208 printk(KERN_WARNING "ERROR: "
209 "%s%s%sare given for single mount operation.\n",
210 flags & MS_REMOUNT ? "'remount' " : "",
211 flags & MS_MOVE ? "'move' " : "",
212 flags & MS_BIND ? "'bind' " : "");
213 return -EINVAL;
214 }
215 switch (flags & (MS_UNBINDABLE | MS_PRIVATE | MS_SLAVE | MS_SHARED)) {
216 case MS_UNBINDABLE:
217 case MS_PRIVATE:
218 case MS_SLAVE:
219 case MS_SHARED:
220 case 0:
221 break;
222 default:
223 printk(KERN_WARNING "ERROR: "
224 "%s%s%s%sare given for single mount operation.\n",
225 flags & MS_UNBINDABLE ? "'unbindable' " : "",
226 flags & MS_PRIVATE ? "'private' " : "",
227 flags & MS_SLAVE ? "'slave' " : "",
228 flags & MS_SHARED ? "'shared' " : "");
229 return -EINVAL;
230 }
231 if (flags & MS_REMOUNT)
232 error = tomoyo_mount_acl(r, dev_name, dir,
233 TOMOYO_MOUNT_REMOUNT_KEYWORD,
234 flags & ~MS_REMOUNT);
235 else if (flags & MS_MOVE)
236 error = tomoyo_mount_acl(r, dev_name, dir,
237 TOMOYO_MOUNT_MOVE_KEYWORD,
238 flags & ~MS_MOVE);
239 else if (flags & MS_BIND)
240 error = tomoyo_mount_acl(r, dev_name, dir,
241 TOMOYO_MOUNT_BIND_KEYWORD,
242 flags & ~MS_BIND);
243 else if (flags & MS_UNBINDABLE)
244 error = tomoyo_mount_acl(r, dev_name, dir,
245 TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD,
246 flags & ~MS_UNBINDABLE);
247 else if (flags & MS_PRIVATE)
248 error = tomoyo_mount_acl(r, dev_name, dir,
249 TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD,
250 flags & ~MS_PRIVATE);
251 else if (flags & MS_SLAVE)
252 error = tomoyo_mount_acl(r, dev_name, dir,
253 TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD,
254 flags & ~MS_SLAVE);
255 else if (flags & MS_SHARED)
256 error = tomoyo_mount_acl(r, dev_name, dir,
257 TOMOYO_MOUNT_MAKE_SHARED_KEYWORD,
258 flags & ~MS_SHARED);
259 else
260 do {
261 error = tomoyo_mount_acl2(r, dev_name, dir, type,
262 flags);
263 } while (error == TOMOYO_RETRY_REQUEST);
264 if (r->mode != TOMOYO_CONFIG_ENFORCING)
265 error = 0;
266 return error;
267}
268
269/**
270 * tomoyo_mount_permission - Check permission for mount() operation. 182 * tomoyo_mount_permission - Check permission for mount() operation.
271 * 183 *
272 * @dev_name: Name of device file. 184 * @dev_name: Name of device file.
@@ -287,6 +199,36 @@ int tomoyo_mount_permission(char *dev_name, struct path *path, char *type,
287 if (tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_MOUNT) 199 if (tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_MOUNT)
288 == TOMOYO_CONFIG_DISABLED) 200 == TOMOYO_CONFIG_DISABLED)
289 return 0; 201 return 0;
202 if ((flags & MS_MGC_MSK) == MS_MGC_VAL)
203 flags &= ~MS_MGC_MSK;
204 if (flags & MS_REMOUNT) {
205 type = TOMOYO_MOUNT_REMOUNT_KEYWORD;
206 flags &= ~MS_REMOUNT;
207 }
208 if (flags & MS_MOVE) {
209 type = TOMOYO_MOUNT_MOVE_KEYWORD;
210 flags &= ~MS_MOVE;
211 }
212 if (flags & MS_BIND) {
213 type = TOMOYO_MOUNT_BIND_KEYWORD;
214 flags &= ~MS_BIND;
215 }
216 if (flags & MS_UNBINDABLE) {
217 type = TOMOYO_MOUNT_MAKE_UNBINDABLE_KEYWORD;
218 flags &= ~MS_UNBINDABLE;
219 }
220 if (flags & MS_PRIVATE) {
221 type = TOMOYO_MOUNT_MAKE_PRIVATE_KEYWORD;
222 flags &= ~MS_PRIVATE;
223 }
224 if (flags & MS_SLAVE) {
225 type = TOMOYO_MOUNT_MAKE_SLAVE_KEYWORD;
226 flags &= ~MS_SLAVE;
227 }
228 if (flags & MS_SHARED) {
229 type = TOMOYO_MOUNT_MAKE_SHARED_KEYWORD;
230 flags &= ~MS_SHARED;
231 }
290 if (!type) 232 if (!type)
291 type = "<NULL>"; 233 type = "<NULL>";
292 idx = tomoyo_read_lock(); 234 idx = tomoyo_read_lock();