diff options
Diffstat (limited to 'security/tomoyo/util.c')
| -rw-r--r-- | security/tomoyo/util.c | 58 |
1 files changed, 26 insertions, 32 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index bc71528ff440..fda15c1fc1c0 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c | |||
| @@ -416,26 +416,21 @@ bool tomoyo_correct_path(const char *filename) | |||
| 416 | */ | 416 | */ |
| 417 | bool tomoyo_correct_domain(const unsigned char *domainname) | 417 | bool tomoyo_correct_domain(const unsigned char *domainname) |
| 418 | { | 418 | { |
| 419 | if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, | 419 | if (!domainname || !tomoyo_domain_def(domainname)) |
| 420 | TOMOYO_ROOT_NAME_LEN)) | 420 | return false; |
| 421 | goto out; | 421 | domainname = strchr(domainname, ' '); |
| 422 | domainname += TOMOYO_ROOT_NAME_LEN; | 422 | if (!domainname++) |
| 423 | if (!*domainname) | ||
| 424 | return true; | 423 | return true; |
| 425 | if (*domainname++ != ' ') | ||
| 426 | goto out; | ||
| 427 | while (1) { | 424 | while (1) { |
| 428 | const unsigned char *cp = strchr(domainname, ' '); | 425 | const unsigned char *cp = strchr(domainname, ' '); |
| 429 | if (!cp) | 426 | if (!cp) |
| 430 | break; | 427 | break; |
| 431 | if (*domainname != '/' || | 428 | if (*domainname != '/' || |
| 432 | !tomoyo_correct_word2(domainname, cp - domainname)) | 429 | !tomoyo_correct_word2(domainname, cp - domainname)) |
| 433 | goto out; | 430 | return false; |
| 434 | domainname = cp + 1; | 431 | domainname = cp + 1; |
| 435 | } | 432 | } |
| 436 | return tomoyo_correct_path(domainname); | 433 | return tomoyo_correct_path(domainname); |
| 437 | out: | ||
| 438 | return false; | ||
| 439 | } | 434 | } |
| 440 | 435 | ||
| 441 | /** | 436 | /** |
| @@ -447,7 +442,19 @@ bool tomoyo_correct_domain(const unsigned char *domainname) | |||
| 447 | */ | 442 | */ |
| 448 | bool tomoyo_domain_def(const unsigned char *buffer) | 443 | bool tomoyo_domain_def(const unsigned char *buffer) |
| 449 | { | 444 | { |
| 450 | return !strncmp(buffer, TOMOYO_ROOT_NAME, TOMOYO_ROOT_NAME_LEN); | 445 | const unsigned char *cp; |
| 446 | int len; | ||
| 447 | if (*buffer != '<') | ||
| 448 | return false; | ||
| 449 | cp = strchr(buffer, ' '); | ||
| 450 | if (!cp) | ||
| 451 | len = strlen(buffer); | ||
| 452 | else | ||
| 453 | len = cp - buffer; | ||
| 454 | if (buffer[len - 1] != '>' || | ||
| 455 | !tomoyo_correct_word2(buffer + 1, len - 2)) | ||
| 456 | return false; | ||
| 457 | return true; | ||
| 451 | } | 458 | } |
| 452 | 459 | ||
| 453 | /** | 460 | /** |
| @@ -833,22 +840,24 @@ const char *tomoyo_get_exe(void) | |||
| 833 | /** | 840 | /** |
| 834 | * tomoyo_get_mode - Get MAC mode. | 841 | * tomoyo_get_mode - Get MAC mode. |
| 835 | * | 842 | * |
| 843 | * @ns: Pointer to "struct tomoyo_policy_namespace". | ||
| 836 | * @profile: Profile number. | 844 | * @profile: Profile number. |
| 837 | * @index: Index number of functionality. | 845 | * @index: Index number of functionality. |
| 838 | * | 846 | * |
| 839 | * Returns mode. | 847 | * Returns mode. |
| 840 | */ | 848 | */ |
| 841 | int tomoyo_get_mode(const u8 profile, const u8 index) | 849 | int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, |
| 850 | const u8 index) | ||
| 842 | { | 851 | { |
| 843 | u8 mode; | 852 | u8 mode; |
| 844 | const u8 category = TOMOYO_MAC_CATEGORY_FILE; | 853 | const u8 category = TOMOYO_MAC_CATEGORY_FILE; |
| 845 | if (!tomoyo_policy_loaded) | 854 | if (!tomoyo_policy_loaded) |
| 846 | return TOMOYO_CONFIG_DISABLED; | 855 | return TOMOYO_CONFIG_DISABLED; |
| 847 | mode = tomoyo_profile(profile)->config[index]; | 856 | mode = tomoyo_profile(ns, profile)->config[index]; |
| 848 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) | 857 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) |
| 849 | mode = tomoyo_profile(profile)->config[category]; | 858 | mode = tomoyo_profile(ns, profile)->config[category]; |
| 850 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) | 859 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) |
| 851 | mode = tomoyo_profile(profile)->default_config; | 860 | mode = tomoyo_profile(ns, profile)->default_config; |
| 852 | return mode & 3; | 861 | return mode & 3; |
| 853 | } | 862 | } |
| 854 | 863 | ||
| @@ -872,26 +881,11 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r, | |||
| 872 | profile = domain->profile; | 881 | profile = domain->profile; |
| 873 | r->profile = profile; | 882 | r->profile = profile; |
| 874 | r->type = index; | 883 | r->type = index; |
| 875 | r->mode = tomoyo_get_mode(profile, index); | 884 | r->mode = tomoyo_get_mode(domain->ns, profile, index); |
| 876 | return r->mode; | 885 | return r->mode; |
| 877 | } | 886 | } |
| 878 | 887 | ||
| 879 | /** | 888 | /** |
| 880 | * tomoyo_last_word - Get last component of a line. | ||
| 881 | * | ||
| 882 | * @line: A line. | ||
| 883 | * | ||
| 884 | * Returns the last word of a line. | ||
| 885 | */ | ||
| 886 | const char *tomoyo_last_word(const char *name) | ||
| 887 | { | ||
| 888 | const char *cp = strrchr(name, ' '); | ||
| 889 | if (cp) | ||
| 890 | return cp + 1; | ||
| 891 | return name; | ||
| 892 | } | ||
| 893 | |||
| 894 | /** | ||
| 895 | * tomoyo_domain_quota_is_ok - Check for domain's quota. | 889 | * tomoyo_domain_quota_is_ok - Check for domain's quota. |
| 896 | * | 890 | * |
| 897 | * @r: Pointer to "struct tomoyo_request_info". | 891 | * @r: Pointer to "struct tomoyo_request_info". |
| @@ -939,7 +933,7 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) | |||
| 939 | if (perm & (1 << i)) | 933 | if (perm & (1 << i)) |
| 940 | count++; | 934 | count++; |
| 941 | } | 935 | } |
| 942 | if (count < tomoyo_profile(domain->profile)-> | 936 | if (count < tomoyo_profile(domain->ns, domain->profile)-> |
| 943 | pref[TOMOYO_PREF_MAX_LEARNING_ENTRY]) | 937 | pref[TOMOYO_PREF_MAX_LEARNING_ENTRY]) |
| 944 | return true; | 938 | return true; |
| 945 | if (!domain->quota_warned) { | 939 | if (!domain->quota_warned) { |