aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-02-10 19:42:40 -0500
committerJames Morris <jmorris@namei.org>2010-02-14 17:00:18 -0500
commit76bb0895d038be7bcdb6ccfcd2dd7deb30371d6b (patch)
tree5948c68b08561deb20d155853faed475a15a4235 /security
parentbf24fb016c861b7f52be0c36c4cedd3e89afa2e2 (diff)
TOMOYO: Merge headers.
Gather structures and constants scattered around security/tomoyo/ directory. This is for preparation for adding garbage collector since garbage collector needs to know structures and constants which TOMOYO uses. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/tomoyo/common.c23
-rw-r--r--security/tomoyo/common.h411
-rw-r--r--security/tomoyo/domain.c72
-rw-r--r--security/tomoyo/file.c52
-rw-r--r--security/tomoyo/realpath.c10
-rw-r--r--security/tomoyo/realpath.h76
-rw-r--r--security/tomoyo/tomoyo.c2
-rw-r--r--security/tomoyo/tomoyo.h102
8 files changed, 351 insertions, 397 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 0c7ea51e7a45..634f7449e8ba 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -13,8 +13,6 @@
13#include <linux/security.h> 13#include <linux/security.h>
14#include <linux/hardirq.h> 14#include <linux/hardirq.h>
15#include "common.h" 15#include "common.h"
16#include "realpath.h"
17#include "tomoyo.h"
18 16
19/* Lock for protecting policy. */ 17/* Lock for protecting policy. */
20DEFINE_MUTEX(tomoyo_policy_lock); 18DEFINE_MUTEX(tomoyo_policy_lock);
@@ -1040,27 +1038,6 @@ static int tomoyo_read_profile(struct tomoyo_io_buffer *head)
1040} 1038}
1041 1039
1042/* 1040/*
1043 * tomoyo_policy_manager_entry is a structure which is used for holding list of
1044 * domainnames or programs which are permitted to modify configuration via
1045 * /sys/kernel/security/tomoyo/ interface.
1046 * It has following fields.
1047 *
1048 * (1) "list" which is linked to tomoyo_policy_manager_list .
1049 * (2) "manager" is a domainname or a program's pathname.
1050 * (3) "is_domain" is a bool which is true if "manager" is a domainname, false
1051 * otherwise.
1052 * (4) "is_deleted" is a bool which is true if marked as deleted, false
1053 * otherwise.
1054 */
1055struct tomoyo_policy_manager_entry {
1056 struct list_head list;
1057 /* A path to program or a domainname. */
1058 const struct tomoyo_path_info *manager;
1059 bool is_domain; /* True if manager is a domainname. */
1060 bool is_deleted; /* True if this entry is deleted. */
1061};
1062
1063/*
1064 * tomoyo_policy_manager_list is used for holding list of domainnames or 1041 * tomoyo_policy_manager_list is used for holding list of domainnames or
1065 * programs which are permitted to modify configuration via 1042 * programs which are permitted to modify configuration via
1066 * /sys/kernel/security/tomoyo/ interface. 1043 * /sys/kernel/security/tomoyo/ interface.
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 509ced9ce698..f6aff59b0885 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -1,12 +1,9 @@
1/* 1/*
2 * security/tomoyo/common.h 2 * security/tomoyo/common.h
3 * 3 *
4 * Common functions for TOMOYO. 4 * Header file for TOMOYO.
5 *
6 * Copyright (C) 2005-2009 NTT DATA CORPORATION
7 *
8 * Version: 2.2.0 2009/04/01
9 * 5 *
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
10 */ 7 */
11 8
12#ifndef _SECURITY_TOMOYO_COMMON_H 9#ifndef _SECURITY_TOMOYO_COMMON_H
@@ -22,9 +19,110 @@
22#include <linux/namei.h> 19#include <linux/namei.h>
23#include <linux/mount.h> 20#include <linux/mount.h>
24#include <linux/list.h> 21#include <linux/list.h>
22#include <linux/cred.h>
23struct linux_binprm;
24
25/********** Constants definitions. **********/
26
27/*
28 * TOMOYO uses this hash only when appending a string into the string
29 * table. Frequency of appending strings is very low. So we don't need
30 * large (e.g. 64k) hash size. 256 will be sufficient.
31 */
32#define TOMOYO_HASH_BITS 8
33#define TOMOYO_MAX_HASH (1u<<TOMOYO_HASH_BITS)
34
35/*
36 * This is the max length of a token.
37 *
38 * A token consists of only ASCII printable characters.
39 * Non printable characters in a token is represented in \ooo style
40 * octal string. Thus, \ itself is represented as \\.
41 */
42#define TOMOYO_MAX_PATHNAME_LEN 4000
43
44/* Profile number is an integer between 0 and 255. */
45#define TOMOYO_MAX_PROFILES 256
46
47/* Keywords for ACLs. */
48#define TOMOYO_KEYWORD_ALIAS "alias "
49#define TOMOYO_KEYWORD_ALLOW_READ "allow_read "
50#define TOMOYO_KEYWORD_DELETE "delete "
51#define TOMOYO_KEYWORD_DENY_REWRITE "deny_rewrite "
52#define TOMOYO_KEYWORD_FILE_PATTERN "file_pattern "
53#define TOMOYO_KEYWORD_INITIALIZE_DOMAIN "initialize_domain "
54#define TOMOYO_KEYWORD_KEEP_DOMAIN "keep_domain "
55#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain "
56#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain "
57#define TOMOYO_KEYWORD_SELECT "select "
58#define TOMOYO_KEYWORD_USE_PROFILE "use_profile "
59#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read"
60/* A domain definition starts with <kernel>. */
61#define TOMOYO_ROOT_NAME "<kernel>"
62#define TOMOYO_ROOT_NAME_LEN (sizeof(TOMOYO_ROOT_NAME) - 1)
63
64/* Index numbers for Access Controls. */
65#define TOMOYO_MAC_FOR_FILE 0 /* domain_policy.conf */
66#define TOMOYO_MAX_ACCEPT_ENTRY 1
67#define TOMOYO_VERBOSE 2
68#define TOMOYO_MAX_CONTROL_INDEX 3
69
70/* Index numbers for Access Controls. */
71
72#define TOMOYO_TYPE_SINGLE_PATH_ACL 0
73#define TOMOYO_TYPE_DOUBLE_PATH_ACL 1
74
75/* Index numbers for File Controls. */
76
77/*
78 * TYPE_READ_WRITE_ACL is special. TYPE_READ_WRITE_ACL is automatically set
79 * if both TYPE_READ_ACL and TYPE_WRITE_ACL are set. Both TYPE_READ_ACL and
80 * TYPE_WRITE_ACL are automatically set if TYPE_READ_WRITE_ACL is set.
81 * TYPE_READ_WRITE_ACL is automatically cleared if either TYPE_READ_ACL or
82 * TYPE_WRITE_ACL is cleared. Both TYPE_READ_ACL and TYPE_WRITE_ACL are
83 * automatically cleared if TYPE_READ_WRITE_ACL is cleared.
84 */
85
86#define TOMOYO_TYPE_READ_WRITE_ACL 0
87#define TOMOYO_TYPE_EXECUTE_ACL 1
88#define TOMOYO_TYPE_READ_ACL 2
89#define TOMOYO_TYPE_WRITE_ACL 3
90#define TOMOYO_TYPE_CREATE_ACL 4
91#define TOMOYO_TYPE_UNLINK_ACL 5
92#define TOMOYO_TYPE_MKDIR_ACL 6
93#define TOMOYO_TYPE_RMDIR_ACL 7
94#define TOMOYO_TYPE_MKFIFO_ACL 8
95#define TOMOYO_TYPE_MKSOCK_ACL 9
96#define TOMOYO_TYPE_MKBLOCK_ACL 10
97#define TOMOYO_TYPE_MKCHAR_ACL 11
98#define TOMOYO_TYPE_TRUNCATE_ACL 12
99#define TOMOYO_TYPE_SYMLINK_ACL 13
100#define TOMOYO_TYPE_REWRITE_ACL 14
101#define TOMOYO_TYPE_IOCTL_ACL 15
102#define TOMOYO_TYPE_CHMOD_ACL 16
103#define TOMOYO_TYPE_CHOWN_ACL 17
104#define TOMOYO_TYPE_CHGRP_ACL 18
105#define TOMOYO_TYPE_CHROOT_ACL 19
106#define TOMOYO_TYPE_MOUNT_ACL 20
107#define TOMOYO_TYPE_UMOUNT_ACL 21
108#define TOMOYO_MAX_SINGLE_PATH_OPERATION 22
109
110#define TOMOYO_TYPE_LINK_ACL 0
111#define TOMOYO_TYPE_RENAME_ACL 1
112#define TOMOYO_TYPE_PIVOT_ROOT_ACL 2
113#define TOMOYO_MAX_DOUBLE_PATH_OPERATION 3
114
115#define TOMOYO_DOMAINPOLICY 0
116#define TOMOYO_EXCEPTIONPOLICY 1
117#define TOMOYO_DOMAIN_STATUS 2
118#define TOMOYO_PROCESS_STATUS 3
119#define TOMOYO_MEMINFO 4
120#define TOMOYO_SELFDOMAIN 5
121#define TOMOYO_VERSION 6
122#define TOMOYO_PROFILE 7
123#define TOMOYO_MANAGER 8
25 124
26struct dentry; 125/********** Structure definitions. **********/
27struct vfsmount;
28 126
29/* 127/*
30 * tomoyo_page_buffer is a structure which is used for holding a pathname 128 * tomoyo_page_buffer is a structure which is used for holding a pathname
@@ -66,13 +164,14 @@ struct tomoyo_path_info {
66}; 164};
67 165
68/* 166/*
69 * This is the max length of a token. 167 * tomoyo_name_entry is a structure which is used for linking
70 * 168