aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/common.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/common.c')
-rw-r--r--security/tomoyo/common.c60
1 files changed, 4 insertions, 56 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index a0d09e56874b..0776173b7d2b 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -39,13 +39,13 @@ static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX
39 [TOMOYO_MAC_FILE_OPEN] = "file::open", 39 [TOMOYO_MAC_FILE_OPEN] = "file::open",
40 [TOMOYO_MAC_FILE_CREATE] = "file::create", 40 [TOMOYO_MAC_FILE_CREATE] = "file::create",
41 [TOMOYO_MAC_FILE_UNLINK] = "file::unlink", 41 [TOMOYO_MAC_FILE_UNLINK] = "file::unlink",
42 [TOMOYO_MAC_FILE_GETATTR] = "file::getattr",
42 [TOMOYO_MAC_FILE_MKDIR] = "file::mkdir", 43 [TOMOYO_MAC_FILE_MKDIR] = "file::mkdir",
43 [TOMOYO_MAC_FILE_RMDIR] = "file::rmdir", 44 [TOMOYO_MAC_FILE_RMDIR] = "file::rmdir",
44 [TOMOYO_MAC_FILE_MKFIFO] = "file::mkfifo", 45 [TOMOYO_MAC_FILE_MKFIFO] = "file::mkfifo",
45 [TOMOYO_MAC_FILE_MKSOCK] = "file::mksock", 46 [TOMOYO_MAC_FILE_MKSOCK] = "file::mksock",
46 [TOMOYO_MAC_FILE_TRUNCATE] = "file::truncate", 47 [TOMOYO_MAC_FILE_TRUNCATE] = "file::truncate",
47 [TOMOYO_MAC_FILE_SYMLINK] = "file::symlink", 48 [TOMOYO_MAC_FILE_SYMLINK] = "file::symlink",
48 [TOMOYO_MAC_FILE_REWRITE] = "file::rewrite",
49 [TOMOYO_MAC_FILE_MKBLOCK] = "file::mkblock", 49 [TOMOYO_MAC_FILE_MKBLOCK] = "file::mkblock",
50 [TOMOYO_MAC_FILE_MKCHAR] = "file::mkchar", 50 [TOMOYO_MAC_FILE_MKCHAR] = "file::mkchar",
51 [TOMOYO_MAC_FILE_LINK] = "file::link", 51 [TOMOYO_MAC_FILE_LINK] = "file::link",
@@ -881,10 +881,6 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
881 domain->profile = (u8) profile; 881 domain->profile = (u8) profile;
882 return 0; 882 return 0;
883 } 883 }
884 if (!strcmp(data, TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) {
885 domain->ignore_global_allow_read = !is_delete;
886 return 0;
887 }
888 if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) { 884 if (!strcmp(data, TOMOYO_KEYWORD_QUOTA_EXCEEDED)) {
889 domain->quota_warned = !is_delete; 885 domain->quota_warned = !is_delete;
890 return 0; 886 return 0;
@@ -942,11 +938,6 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
942 if (head->r.print_execute_only && 938 if (head->r.print_execute_only &&
943 bit != TOMOYO_TYPE_EXECUTE) 939 bit != TOMOYO_TYPE_EXECUTE)
944 continue; 940 continue;
945 /* Print "read/write" instead of "read" and "write". */
946 if ((bit == TOMOYO_TYPE_READ ||
947 bit == TOMOYO_TYPE_WRITE)
948 && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
949 continue;
950 break; 941 break;
951 } 942 }
952 if (bit >= TOMOYO_MAX_PATH_OPERATION) 943 if (bit >= TOMOYO_MAX_PATH_OPERATION)
@@ -1055,10 +1046,6 @@ static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1055 tomoyo_set_string(head, "quota_exceeded\n"); 1046 tomoyo_set_string(head, "quota_exceeded\n");
1056 if (domain->transition_failed) 1047 if (domain->transition_failed)
1057 tomoyo_set_string(head, "transition_failed\n"); 1048 tomoyo_set_string(head, "transition_failed\n");
1058 if (domain->ignore_global_allow_read)
1059 tomoyo_set_string(head,
1060 TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ
1061 "\n");
1062 head->r.step++; 1049 head->r.step++;
1063 tomoyo_set_lf(head); 1050 tomoyo_set_lf(head);
1064 /* fall through */ 1051 /* fall through */
@@ -1235,18 +1222,15 @@ static int tomoyo_write_exception(struct tomoyo_io_buffer *head)
1235 static const struct { 1222 static const struct {
1236 const char *keyword; 1223 const char *keyword;
1237 int (*write) (char *, const bool); 1224 int (*write) (char *, const bool);
1238 } tomoyo_callback[4] = { 1225 } tomoyo_callback[1] = {
1239 { TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator }, 1226 { TOMOYO_KEYWORD_AGGREGATOR, tomoyo_write_aggregator },
1240 { TOMOYO_KEYWORD_FILE_PATTERN, tomoyo_write_pattern },
1241 { TOMOYO_KEYWORD_DENY_REWRITE, tomoyo_write_no_rewrite },
1242 { TOMOYO_KEYWORD_ALLOW_READ, tomoyo_write_globally_readable },
1243 }; 1227 };
1244 1228
1245 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++) 1229 for (i = 0; i < TOMOYO_MAX_TRANSITION_TYPE; i++)
1246 if (tomoyo_str_starts(&data, tomoyo_transition_type[i])) 1230 if (tomoyo_str_starts(&data, tomoyo_transition_type[i]))
1247 return tomoyo_write_transition_control(data, is_delete, 1231 return tomoyo_write_transition_control(data, is_delete,
1248 i); 1232 i);
1249 for (i = 0; i < 4; i++) 1233 for (i = 0; i < 1; i++)
1250 if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword)) 1234 if (tomoyo_str_starts(&data, tomoyo_callback[i].keyword))
1251 return tomoyo_callback[i].write(data, is_delete); 1235 return tomoyo_callback[i].write(data, is_delete);
1252 for (i = 0; i < TOMOYO_MAX_GROUP; i++) 1236 for (i = 0; i < TOMOYO_MAX_GROUP; i++)
@@ -1336,15 +1320,6 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1336 name); 1320 name);
1337 } 1321 }
1338 break; 1322 break;
1339 case TOMOYO_ID_GLOBALLY_READABLE:
1340 {
1341 struct tomoyo_readable_file *ptr =
1342 container_of(acl, typeof(*ptr), head);
1343 tomoyo_set_string(head,
1344 TOMOYO_KEYWORD_ALLOW_READ);
1345 tomoyo_set_string(head, ptr->filename->name);
1346 }
1347 break;
1348 case TOMOYO_ID_AGGREGATOR: 1323 case TOMOYO_ID_AGGREGATOR:
1349 { 1324 {
1350 struct tomoyo_aggregator *ptr = 1325 struct tomoyo_aggregator *ptr =
@@ -1358,24 +1333,6 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
1358 ptr->aggregated_name->name); 1333 ptr->aggregated_name->name);
1359 } 1334 }
1360 break; 1335 break;
1361 case TOMOYO_ID_PATTERN:
1362 {
1363 struct tomoyo_no_pattern *ptr =
1364 container_of(acl, typeof(*ptr), head);
1365 tomoyo_set_string(head,
1366 TOMOYO_KEYWORD_FILE_PATTERN);
1367 tomoyo_set_string(head, ptr->pattern->name);
1368 }
1369 break;
1370 case TOMOYO_ID_NO_REWRITE:
1371 {
1372 struct tomoyo_no_rewrite *ptr =
1373 container_of(acl, typeof(*ptr), head);
1374 tomoyo_set_string(head,
1375 TOMOYO_KEYWORD_DENY_REWRITE);
1376 tomoyo_set_string(head, ptr->pattern->name);
1377 }
1378 break;
1379 default: 1336 default:
1380 continue; 1337 continue;
1381 } 1338 }
@@ -1891,21 +1848,12 @@ int tomoyo_open_control(const u8 type, struct file *file)
1891 head->reader_idx = tomoyo_read_lock(); 1848 head->reader_idx = tomoyo_read_lock();
1892 file->private_data = head; 1849 file->private_data = head;
1893 /* 1850 /*
1894 * Call the handler now if the file is
1895 * /sys/kernel/security/tomoyo/self_domain
1896 * so that the user can use
1897 * cat < /sys/kernel/security/tomoyo/self_domain"
1898 * to know the current process's domainname.
1899 */
1900 if (type == TOMOYO_SELFDOMAIN)
1901 tomoyo_read_control(file, NULL, 0);
1902 /*
1903 * If the file is /sys/kernel/security/tomoyo/query , increment the 1851 * If the file is /sys/kernel/security/tomoyo/query , increment the
1904 * observer counter. 1852 * observer counter.
1905 * The obserber counter is used by tomoyo_supervisor() to see if 1853 * The obserber counter is used by tomoyo_supervisor() to see if
1906 * there is some process monitoring /sys/kernel/security/tomoyo/query. 1854 * there is some process monitoring /sys/kernel/security/tomoyo/query.
1907 */ 1855 */
1908 else if (type == TOMOYO_QUERY) 1856 if (type == TOMOYO_QUERY)
1909 atomic_inc(&tomoyo_query_observers); 1857 atomic_inc(&tomoyo_query_observers);
1910 return 0; 1858 return 0;
1911} 1859}
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-11 03:19:38 -0500