aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/tomoyo/common.c18
-rw-r--r--security/tomoyo/common.h6
-rw-r--r--security/tomoyo/domain.c18
-rw-r--r--security/tomoyo/file.c10
4 files changed, 20 insertions, 32 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index ffcf02450560..30dd1c68a647 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -179,14 +179,12 @@ static void tomoyo_normalize_line(unsigned char *buffer)
179 * 1 = must / -1 = must not / 0 = don't care 179 * 1 = must / -1 = must not / 0 = don't care
180 * @end_type: Should the pathname end with '/'? 180 * @end_type: Should the pathname end with '/'?
181 * 1 = must / -1 = must not / 0 = don't care 181 * 1 = must / -1 = must not / 0 = don't care
182 * @function: The name of function calling me.
183 * 182 *
184 * Check whether the given filename follows the naming rules. 183 * Check whether the given filename follows the naming rules.
185 * Returns true if @filename follows the naming rules, false otherwise. 184 * Returns true if @filename follows the naming rules, false otherwise.
186 */ 185 */
187bool tomoyo_is_correct_path(const char *filename, const s8 start_type, 186bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
188 const s8 pattern_type, const s8 end_type, 187 const s8 pattern_type, const s8 end_type)
189 const char *function)
190{ 188{
191 const char *const start = filename; 189 const char *const start = filename;
192 bool in_repetition = false; 190 bool in_repetition = false;
@@ -194,7 +192,6 @@ bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
194 unsigned char c; 192 unsigned char c;
195 unsigned char d; 193 unsigned char d;
196 unsigned char e; 194 unsigned char e;
197 const char *original_filename = filename;
198 195
199 if (!filename) 196 if (!filename)
200 goto out; 197 goto out;
@@ -283,25 +280,20 @@ bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
283 goto out; 280 goto out;
284 return true; 281 return true;
285 out: 282 out:
286 printk(KERN_DEBUG "%s: Invalid pathname '%s'\n", function,
287 original_filename);
288 return false; 283 return false;
289} 284}
290 285
291/** 286/**
292 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules. 287 * tomoyo_is_correct_domain - Check whether the given domainname follows the naming rules.
293 * @domainname: The domainname to check. 288 * @domainname: The domainname to check.
294 * @function: The name of function calling me.
295 * 289 *
296 * Returns true if @domainname follows the naming rules, false otherwise. 290 * Returns true if @domainname follows the naming rules, false otherwise.
297 */ 291 */
298bool tomoyo_is_correct_domain(const unsigned char *domainname, 292bool tomoyo_is_correct_domain(const unsigned char *domainname)
299 const char *function)
300{ 293{
301 unsigned char c; 294 unsigned char c;
302 unsigned char d; 295 unsigned char d;
303 unsigned char e; 296 unsigned char e;
304 const char *org_domainname = domainname;
305 297
306 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME, 298 if (!domainname || strncmp(domainname, TOMOYO_ROOT_NAME,
307 TOMOYO_ROOT_NAME_LEN)) 299 TOMOYO_ROOT_NAME_LEN))
@@ -344,8 +336,6 @@ bool tomoyo_is_correct_domain(const unsigned char *domainname,
344 } while (*domainname); 336 } while (*domainname);
345 return true; 337 return true;
346 out: 338 out:
347 printk(KERN_DEBUG "%s: Invalid domainname '%s'\n", function,
348 org_domainname);
349 return false; 339 return false;
350} 340}
351 341
@@ -1086,11 +1076,11 @@ static int tomoyo_update_manager_entry(const char *manager,
1086 bool is_domain = false; 1076 bool is_domain = false;
1087 1077
1088 if (tomoyo_is_domain_def(manager)) { 1078 if (tomoyo_is_domain_def(manager)) {
1089 if (!tomoyo_is_correct_domain(manager, __func__)) 1079 if (!tomoyo_is_correct_domain(manager))
1090 return -EINVAL; 1080 return -EINVAL;
1091 is_domain = true; 1081 is_domain = true;
1092 } else { 1082 } else {
1093 if (!tomoyo_is_correct_path(manager, 1, -1, -1, __func__)) 1083 if (!tomoyo_is_correct_path(manager, 1, -1, -1))
1094 return -EINVAL; 1084 return -EINVAL;
1095 } 1085 }
1096 saved_manager = tomoyo_get_name(manager); 1086 saved_manager = tomoyo_get_name(manager);
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 17ed365521b1..67bd22dd3e68 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -520,12 +520,10 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain);
520bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) 520bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
521 __attribute__ ((format(printf, 2, 3))); 521 __attribute__ ((format(printf, 2, 3)));
522/* Check whether the domainname is correct. */ 522/* Check whether the domainname is correct. */
523bool tomoyo_is_correct_domain(const unsigned char *domainname, 523bool tomoyo_is_correct_domain(const unsigned char *domainname);
524 const char *function);
525/* Check whether the token is correct. */ 524/* Check whether the token is correct. */
526bool tomoyo_is_correct_path(const char *filename, const s8 start_type, 525bool tomoyo_is_correct_path(const char *filename, const s8 start_type,
527 const s8 pattern_type, const s8 end_type, 526 const s8 pattern_type, const s8 end_type);
528 const char *function);
529/* Check whether the token can be a domainname. */ 527/* Check whether the token can be a domainname. */
530bool tomoyo_is_domain_def(const unsigned char *buffer); 528bool tomoyo_is_domain_def(const unsigned char *buffer);
531/* Check whether the given filename matches the given pattern. */ 529/* Check whether the given filename matches the given pattern. */
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 74cd0f52e3a8..66caaa1b842a 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -136,13 +136,13 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
136 int error = is_delete ? -ENOENT : -ENOMEM; 136 int error = is_delete ? -ENOENT : -ENOMEM;
137 bool is_last_name = false; 137 bool is_last_name = false;
138 138
139 if (!tomoyo_is_correct_path(program, 1, -1, -1, __func__)) 139 if (!tomoyo_is_correct_path(program, 1, -1, -1))
140 return -EINVAL; /* No patterns allowed. */ 140 return -EINVAL; /* No patterns allowed. */
141 if (domainname) { 141 if (domainname) {
142 if (!tomoyo_is_domain_def(domainname) && 142 if (!tomoyo_is_domain_def(domainname) &&
143 tomoyo_is_correct_path(domainname, 1, -1, -1, __func__)) 143 tomoyo_is_correct_path(domainname, 1, -1, -1))
144 is_last_name = true; 144 is_last_name = true;
145 else if (!tomoyo_is_correct_domain(domainname, __func__)) 145 else if (!tomoyo_is_correct_domain(domainname))
146 return -EINVAL; 146 return -EINVAL;
147 saved_domainname = tomoyo_get_name(domainname); 147 saved_domainname = tomoyo_get_name(domainname);
148 if (!saved_domainname) 148 if (!saved_domainname)
@@ -357,12 +357,12 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
357 bool is_last_name = false; 357 bool is_last_name = false;
358 358
359 if (!tomoyo_is_domain_def(domainname) && 359 if (!tomoyo_is_domain_def(domainname) &&
360 tomoyo_is_correct_path(domainname, 1, -1, -1, __func__)) 360 tomoyo_is_correct_path(domainname, 1, -1, -1))
361 is_last_name = true; 361 is_last_name = true;
362 else if (!tomoyo_is_correct_domain(domainname, __func__)) 362 else if (!tomoyo_is_correct_domain(domainname))
363 return -EINVAL; 363 return -EINVAL;
364 if (program) { 364 if (program) {
365 if (!tomoyo_is_correct_path(program, 1, -1, -1, __func__)) 365 if (!tomoyo_is_correct_path(program, 1, -1, -1))
366 return -EINVAL; 366 return -EINVAL;
367 saved_program = tomoyo_get_name(program); 367 saved_program = tomoyo_get_name(program);
368 if (!saved_program) 368 if (!saved_program)
@@ -556,8 +556,8 @@ static int tomoyo_update_alias_entry(const char *original_name,
556 const struct tomoyo_path_info *saved_aliased_name; 556 const struct tomoyo_path_info *saved_aliased_name;
557 int error = is_delete ? -ENOENT : -ENOMEM; 557 int error = is_delete ? -ENOENT : -ENOMEM;
558 558
559 if (!tomoyo_is_correct_path(original_name, 1, -1, -1, __func__) || 559 if (!tomoyo_is_correct_path(original_name, 1, -1, -1) ||
560 !tomoyo_is_correct_path(aliased_name, 1, -1, -1, __func__)) 560 !tomoyo_is_correct_path(aliased_name, 1, -1, -1))
561 return -EINVAL; /* No patterns allowed. */ 561 return -EINVAL; /* No patterns allowed. */
562 saved_original_name = tomoyo_get_name(original_name); 562 saved_original_name = tomoyo_get_name(original_name);
563 saved_aliased_name = tomoyo_get_name(aliased_name); 563 saved_aliased_name = tomoyo_get_name(aliased_name);
@@ -659,7 +659,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
659 const struct tomoyo_path_info *saved_domainname; 659 const struct tomoyo_path_info *saved_domainname;
660 bool found = false; 660 bool found = false;
661 661
662 if (!tomoyo_is_correct_domain(domainname, __func__)) 662 if (!tomoyo_is_correct_domain(domainname))
663 return NULL; 663 return NULL;
664 saved_domainname = tomoyo_get_name(domainname); 664 saved_domainname = tomoyo_get_name(domainname);
665 if (!saved_domainname) 665 if (!saved_domainname)
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index db342ef87af7..1b24304edb7d 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -168,7 +168,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
168 const struct tomoyo_path_info *saved_filename; 168 const struct tomoyo_path_info *saved_filename;
169 int error = is_delete ? -ENOENT : -ENOMEM; 169 int error = is_delete ? -ENOENT : -ENOMEM;
170 170
171 if (!tomoyo_is_correct_path(filename, 1, 0, -1, __func__)) 171 if (!tomoyo_is_correct_path(filename, 1, 0, -1))
172 return -EINVAL; 172 return -EINVAL;
173 saved_filename = tomoyo_get_name(filename); 173 saved_filename = tomoyo_get_name(filename);
174 if (!saved_filename) 174 if (!saved_filename)
@@ -468,7 +468,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
468 const struct tomoyo_path_info *saved_pattern; 468 const struct tomoyo_path_info *saved_pattern;
469 int error = is_delete ? -ENOENT : -ENOMEM; 469 int error = is_delete ? -ENOENT : -ENOMEM;
470 470
471 if (!tomoyo_is_correct_path(pattern, 0, 0, 0, __func__)) 471 if (!tomoyo_is_correct_path(pattern, 0, 0, 0))
472 return -EINVAL; 472 return -EINVAL;
473 saved_pattern = tomoyo_get_name(pattern); 473 saved_pattern = tomoyo_get_name(pattern);
474 if (!saved_pattern) 474 if (!saved_pattern)
@@ -814,7 +814,7 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename,
814 814
815 if (!domain) 815 if (!domain)
816 return -EINVAL; 816 return -EINVAL;
817 if (!tomoyo_is_correct_path(filename, 0, 0, 0, __func__)) 817 if (!tomoyo_is_correct_path(filename, 0, 0, 0))
818 return -EINVAL; 818 return -EINVAL;
819 saved_filename = tomoyo_get_name(filename); 819 saved_filename = tomoyo_get_name(filename);
820 if (!saved_filename) 820 if (!saved_filename)
@@ -898,8 +898,8 @@ static int tomoyo_update_path2_acl(const u8 type, const char *filename1,
898 898
899 if (!domain) 899 if (!domain)
900 return -EINVAL; 900 return -EINVAL;
901 if (!tomoyo_is_correct_path(filename1, 0, 0, 0, __func__) || 901 if (!tomoyo_is_correct_path(filename1, 0, 0, 0) ||
902 !tomoyo_is_correct_path(filename2, 0, 0, 0, __func__)) 902 !tomoyo_is_correct_path(filename2, 0, 0, 0))
903 return -EINVAL; 903 return -EINVAL;
904 saved_filename1 = tomoyo_get_name(filename1); 904 saved_filename1 = tomoyo_get_name(filename1);
905 saved_filename2 = tomoyo_get_name(filename2); 905 saved_filename2 = tomoyo_get_name(filename2);