diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/tomoyo/common.c | 18 | ||||
-rw-r--r-- | security/tomoyo/common.h | 6 | ||||
-rw-r--r-- | security/tomoyo/domain.c | 18 | ||||
-rw-r--r-- | security/tomoyo/file.c | 10 |
4 files changed, 20 insertions, 32 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index ffcf02450560..30dd1c68a647 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
@@ -179,14 +179,12 @@ static void tomoyo_normalize_line(unsigned char *buffer) | |||
179 | * 1 = must / -1 = must not / 0 = don't care | 179 | * 1 = must / -1 = must not / 0 = don't care |
180 | * @end_type: Should the pathname end with '/'? | 180 | * @end_type: Should the pathname end with '/'? |
181 | * 1 = must / -1 = must not / 0 = don't care | 181 | * 1 = must / -1 = must not / 0 = don't care |
182 | * @function: The name of function calling me. | ||
183 | * | 182 | * |
184 | * Check whether the given filename follows the naming rules. | 183 | * Check whether the given filename follows the naming rules. |
185 | * Returns true if @filename follows the naming rules, false otherwise. | 184 | * Returns true if @filename follows the naming rules, false otherwise. |
186 | */ | 185 | */ |
187 | bool tomoyo_is_correct_path(const char *filename, const s8 start_type, | 186 | bool tomoyo_is_correct_path(const char *filename, const s8 start_type, |
188 | const s8 pattern_type, const s8 end_type, | 187 | const s8 pattern_type, const s8 end_type) |
189 | const char *function) | ||
190 | { | 188 | { |
191 | const char *const start = filename; | 189 | const char *const start = filename; |
192 | bool in_repetition = false; | 190 | bool in_repetition = false; |
@@ -194,7 +192,6 @@ bool tomoyo_is_correct_path(const char *filename, const s8 start_type, | |||
194 | unsigned char c; | 192 | unsigned char c; |
195 | unsigned char d; | 193 | unsigned char d; |
196 | unsigned char e; | 194 | unsigned char e; |
197 | const char *original_filename = filename; | ||
198 | 195 | ||
199 | if (!filename) | 196 | if (!filename) |
200 | goto out; | 197 | goto out; |
@@ -283,25 +280,20 @@ bool tomoyo_is_correct_path(const char *filename, const s8 start_type, | |||
283 | goto out; | 280 | goto out; |
284 | return true; | 281 | return true; |
285 | out: | 282 | out: |
286 | printk(KERN_DEBUG "%s: Invalid pathname '%s'\n", function, | ||
287 | original_filename); | ||
288 | return false; | 283 | return false; |
289 | } | 284 | } |
290 | 285 | ||
291 | /** | 286 | /** |
292 | * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules. | 287 | * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules. |
293 | * @domainname: The domainname to check. | 288 | * @domainname: The domainname to check. |
294 | * @function: The name of function calling me. | ||
295 | * | 289 | * |
296 | * Returns true if @domainname follows the naming rules, false otherwise. | 290 | * Returns true if @domainname follows the naming rules, false otherwise. |
297 | */ | 291 | */ |
298 | bool tomoyo_is_correct_domain(const unsigned char *domainname, | 292 | bool tomoyo_is_correct_domain(const unsigned char *domainname) |
299 | const char *function) | ||
300 | { | 293 | { |
301 | unsigned char c; | 294 | unsigned char c; |
302 | unsigned char d; | 295 | unsigned char d; |
303 | unsigned char e; | 296 | unsigned char e; |
304 | const char *org_domainname = domainname; | ||
305 | 297 | ||
306 | if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, | 298 | if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, |
307 | TOMOYO_ROOT_NAME_LEN)) | 299 | TOMOYO_ROOT_NAME_LEN)) |
@@ -344,8 +336,6 @@ bool tomoyo_is_correct_domain(const unsigned char *domainname, | |||
344 | } while (*domainname); | 336 | } while (*domainname); |
345 | return true; | 337 | return true; |
346 | out: | 338 | out: |
347 | printk(KERN_DEBUG "%s: Invalid domainname '%s'\n", function, | ||
348 | org_domainname); | ||
349 | return false; | 339 | return false; |
350 | } | 340 | } |
351 | 341 | ||
@@ -1086,11 +1076,11 @@ static int tomoyo_update_manager_entry(const char *manager, | |||
1086 | bool is_domain = false; | 1076 | bool is_domain = false; |
1087 | 1077 | ||
1088 | if (tomoyo_is_domain_def(manager)) { | 1078 | if (tomoyo_is_domain_def(manager)) { |
1089 | if (!tomoyo_is_correct_domain(manager, __func__)) | 1079 | if (!tomoyo_is_correct_domain(manager)) |
1090 | return -EINVAL; | 1080 | return -EINVAL; |
1091 | is_domain = true; | 1081 | is_domain = true; |
1092 | } else { | 1082 | } else { |
1093 | if (!tomoyo_is_correct_path(manager, 1, -1, -1, __func__)) | 1083 | if (!tomoyo_is_correct_path(manager, 1, -1, -1)) |
1094 | return -EINVAL; | 1084 | return -EINVAL; |
1095 | } | 1085 | } |
1096 | saved_manager = tomoyo_get_name(manager); | 1086 | saved_manager = tomoyo_get_name(manager); |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 17ed365521b1..67bd22dd3e68 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -520,12 +520,10 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain); | |||
520 | bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) | 520 | bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) |
521 | __attribute__ ((format(printf, 2, 3))); | 521 | __attribute__ ((format(printf, 2, 3))); |
522 | /* Check whether the domainname is correct. */ | 522 | /* Check whether the domainname is correct. */ |
523 | bool tomoyo_is_correct_domain(const unsigned char *domainname, | 523 | bool tomoyo_is_correct_domain(const unsigned char *domainname); |
524 | const char *function); | ||
525 | /* Check whether the token is correct. */ | 524 | /* Check whether the token is correct. */ |
526 | bool tomoyo_is_correct_path(const char *filename, const s8 start_type, | 525 | bool tomoyo_is_correct_path(const char *filename, const s8 start_type, |
527 | const s8 pattern_type, const s8 end_type, | 526 | const s8 pattern_type, const s8 end_type); |
528 | const char *function); | ||
529 | /* Check whether the token can be a domainname. */ | 527 | /* Check whether the token can be a domainname. */ |
530 | bool tomoyo_is_domain_def(const unsigned char *buffer); | 528 | bool tomoyo_is_domain_def(const unsigned char *buffer); |
531 | /* Check whether the given filename matches the given pattern. */ | 529 | /* Check whether the given filename matches the given pattern. */ |
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 74cd0f52e3a8..66caaa1b842a 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c | |||
@@ -136,13 +136,13 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname, | |||
136 | int error = is_delete ? -ENOENT : -ENOMEM; | 136 | int error = is_delete ? -ENOENT : -ENOMEM; |
137 | bool is_last_name = false; | 137 | bool is_last_name = false; |
138 | 138 | ||
139 | if (!tomoyo_is_correct_path(program, 1, -1, -1, __func__)) | 139 | if (!tomoyo_is_correct_path(program, 1, -1, -1)) |
140 | return -EINVAL; /* No patterns allowed. */ | 140 | return -EINVAL; /* No patterns allowed. */ |
141 | if (domainname) { | 141 | if (domainname) { |
142 | if (!tomoyo_is_domain_def(domainname) && | 142 | if (!tomoyo_is_domain_def(domainname) && |
143 | tomoyo_is_correct_path(domainname, 1, -1, -1, __func__)) | 143 | tomoyo_is_correct_path(domainname, 1, -1, -1)) |
144 | is_last_name = true; | 144 | is_last_name = true; |
145 | else if (!tomoyo_is_correct_domain(domainname, __func__)) | 145 | else if (!tomoyo_is_correct_domain(domainname)) |
146 | return -EINVAL; | 146 | return -EINVAL; |
147 | saved_domainname = tomoyo_get_name(domainname); | 147 | saved_domainname = tomoyo_get_name(domainname); |
148 | if (!saved_domainname) | 148 | if (!saved_domainname) |
@@ -357,12 +357,12 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname, | |||
357 | bool is_last_name = false; | 357 | bool is_last_name = false; |
358 | 358 | ||
359 | if (!tomoyo_is_domain_def(domainname) && | 359 | if (!tomoyo_is_domain_def(domainname) && |
360 | tomoyo_is_correct_path(domainname, 1, -1, -1, __func__)) | 360 | tomoyo_is_correct_path(domainname, 1, -1, -1)) |
361 | is_last_name = true; | 361 | is_last_name = true; |
362 | else if (!tomoyo_is_correct_domain(domainname, __func__)) | 362 | else if (!tomoyo_is_correct_domain(domainname)) |
363 | return -EINVAL; | 363 | return -EINVAL; |
364 | if (program) { | 364 | if (program) { |
365 | if (!tomoyo_is_correct_path(program, 1, -1, -1, __func__)) | 365 | if (!tomoyo_is_correct_path(program, 1, -1, -1)) |
366 | return -EINVAL; | 366 | return -EINVAL; |
367 | saved_program = tomoyo_get_name(program); | 367 | saved_program = tomoyo_get_name(program); |
368 | if (!saved_program) | 368 | if (!saved_program) |
@@ -556,8 +556,8 @@ static int tomoyo_update_alias_entry(const char *original_name, | |||
556 | const struct tomoyo_path_info *saved_aliased_name; | 556 | const struct tomoyo_path_info *saved_aliased_name; |
557 | int error = is_delete ? -ENOENT : -ENOMEM; | 557 | int error = is_delete ? -ENOENT : -ENOMEM; |
558 | 558 | ||
559 | if (!tomoyo_is_correct_path(original_name, 1, -1, -1, __func__) || | 559 | if (!tomoyo_is_correct_path(original_name, 1, -1, -1) || |
560 | !tomoyo_is_correct_path(aliased_name, 1, -1, -1, __func__)) | 560 | !tomoyo_is_correct_path(aliased_name, 1, -1, -1)) |
561 | return -EINVAL; /* No patterns allowed. */ | 561 | return -EINVAL; /* No patterns allowed. */ |
562 | saved_original_name = tomoyo_get_name(original_name); | 562 | saved_original_name = tomoyo_get_name(original_name); |
563 | saved_aliased_name = tomoyo_get_name(aliased_name); | 563 | saved_aliased_name = tomoyo_get_name(aliased_name); |
@@ -659,7 +659,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char * | |||
659 | const struct tomoyo_path_info *saved_domainname; | 659 | const struct tomoyo_path_info *saved_domainname; |
660 | bool found = false; | 660 | bool found = false; |
661 | 661 | ||
662 | if (!tomoyo_is_correct_domain(domainname, __func__)) | 662 | if (!tomoyo_is_correct_domain(domainname)) |
663 | return NULL; | 663 | return NULL; |
664 | saved_domainname = tomoyo_get_name(domainname); | 664 | saved_domainname = tomoyo_get_name(domainname); |
665 | if (!saved_domainname) | 665 | if (!saved_domainname) |
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index db342ef87af7..1b24304edb7d 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
@@ -168,7 +168,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename, | |||
168 | const struct tomoyo_path_info *saved_filename; | 168 | const struct tomoyo_path_info *saved_filename; |
169 | int error = is_delete ? -ENOENT : -ENOMEM; | 169 | int error = is_delete ? -ENOENT : -ENOMEM; |
170 | 170 | ||
171 | if (!tomoyo_is_correct_path(filename, 1, 0, -1, __func__)) | 171 | if (!tomoyo_is_correct_path(filename, 1, 0, -1)) |
172 | return -EINVAL; | 172 | return -EINVAL; |
173 | saved_filename = tomoyo_get_name(filename); | 173 | saved_filename = tomoyo_get_name(filename); |
174 | if (!saved_filename) | 174 | if (!saved_filename) |
@@ -468,7 +468,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern, | |||
468 | const struct tomoyo_path_info *saved_pattern; | 468 | const struct tomoyo_path_info *saved_pattern; |
469 | int error = is_delete ? -ENOENT : -ENOMEM; | 469 | int error = is_delete ? -ENOENT : -ENOMEM; |
470 | 470 | ||
471 | if (!tomoyo_is_correct_path(pattern, 0, 0, 0, __func__)) | 471 | if (!tomoyo_is_correct_path(pattern, 0, 0, 0)) |
472 | return -EINVAL; | 472 | return -EINVAL; |
473 | saved_pattern = tomoyo_get_name(pattern); | 473 | saved_pattern = tomoyo_get_name(pattern); |
474 | if (!saved_pattern) | 474 | if (!saved_pattern) |
@@ -814,7 +814,7 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename, | |||
814 | 814 | ||
815 | if (!domain) | 815 | if (!domain) |
816 | return -EINVAL; | 816 | return -EINVAL; |
817 | if (!tomoyo_is_correct_path(filename, 0, 0, 0, __func__)) | 817 | if (!tomoyo_is_correct_path(filename, 0, 0, 0)) |
818 | return -EINVAL; | 818 | return -EINVAL; |
819 | saved_filename = tomoyo_get_name(filename); | 819 | saved_filename = tomoyo_get_name(filename); |
820 | if (!saved_filename) | 820 | if (!saved_filename) |
@@ -898,8 +898,8 @@ static int tomoyo_update_path2_acl(const u8 type, const char *filename1, | |||
898 | 898 | ||
899 | if (!domain) | 899 | if (!domain) |
900 | return -EINVAL; | 900 | return -EINVAL; |
901 | if (!tomoyo_is_correct_path(filename1, 0, 0, 0, __func__) || | 901 | if (!tomoyo_is_correct_path(filename1, 0, 0, 0) || |
902 | !tomoyo_is_correct_path(filename2, 0, 0, 0, __func__)) | 902 | !tomoyo_is_correct_path(filename2, 0, 0, 0)) |
903 | return -EINVAL; | 903 | return -EINVAL; |
904 | saved_filename1 = tomoyo_get_name(filename1); | 904 | saved_filename1 = tomoyo_get_name(filename1); |
905 | saved_filename2 = tomoyo_get_name(filename2); | 905 | saved_filename2 = tomoyo_get_name(filename2); |