TOMOYO: Enable conditional ACL.

Enable conditional ACL by passing object's pointers.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Tetsuo Handa 2011-07-08 13:25:53 +09:00 committed by James Morris
parent 5b636857fe
commit 97fb35e413
5 changed files with 80 additions and 33 deletions

View File

@ -836,7 +836,8 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
struct path *path2); struct path *path2);
int tomoyo_path_number_perm(const u8 operation, struct path *path, int tomoyo_path_number_perm(const u8 operation, struct path *path,
unsigned long number); unsigned long number);
int tomoyo_path_perm(const u8 operation, struct path *path); int tomoyo_path_perm(const u8 operation, struct path *path,
const char *target);
int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation, int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
const struct tomoyo_path_info *filename); const struct tomoyo_path_info *filename);
int tomoyo_poll_control(struct file *file, poll_table *wait); int tomoyo_poll_control(struct file *file, poll_table *wait);

View File

@ -575,23 +575,27 @@ struct tomoyo_domain_info *tomoyo_assign_domain(const char *domainname,
*/ */
int tomoyo_find_next_domain(struct linux_binprm *bprm) int tomoyo_find_next_domain(struct linux_binprm *bprm)
{ {
struct tomoyo_request_info r;
char *tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
struct tomoyo_domain_info *old_domain = tomoyo_domain(); struct tomoyo_domain_info *old_domain = tomoyo_domain();
struct tomoyo_domain_info *domain = NULL; struct tomoyo_domain_info *domain = NULL;
const char *original_name = bprm->filename; const char *original_name = bprm->filename;
u8 mode;
bool is_enforce;
int retval = -ENOMEM; int retval = -ENOMEM;
bool need_kfree = false; bool need_kfree = false;
bool reject_on_transition_failure = false; bool reject_on_transition_failure = false;
struct tomoyo_path_info rn = { }; /* real name */ struct tomoyo_path_info rn = { }; /* real name */
struct tomoyo_execve *ee = kzalloc(sizeof(*ee), GFP_NOFS);
mode = tomoyo_init_request_info(&r, NULL, TOMOYO_MAC_FILE_EXECUTE); if (!ee)
is_enforce = (mode == TOMOYO_CONFIG_ENFORCING); return -ENOMEM;
if (!tmp) ee->tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);
goto out; if (!ee->tmp) {
kfree(ee);
return -ENOMEM;
}
/* ee->dump->data is allocated by tomoyo_dump_page(). */
tomoyo_init_request_info(&ee->r, NULL, TOMOYO_MAC_FILE_EXECUTE);
ee->r.ee = ee;
ee->bprm = bprm;
ee->r.obj = &ee->obj;
ee->obj.path1 = bprm->file->f_path;
retry: retry:
if (need_kfree) { if (need_kfree) {
kfree(rn.name); kfree(rn.name);
@ -625,7 +629,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
} }
/* Check execute permission. */ /* Check execute permission. */
retval = tomoyo_path_permission(&r, TOMOYO_TYPE_EXECUTE, &rn); retval = tomoyo_path_permission(&ee->r, TOMOYO_TYPE_EXECUTE, &rn);
if (retval == TOMOYO_RETRY_REQUEST) if (retval == TOMOYO_RETRY_REQUEST)
goto retry; goto retry;
if (retval < 0) if (retval < 0)
@ -636,12 +640,12 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
* wildcard) rather than the pathname passed to execve() * wildcard) rather than the pathname passed to execve()
* (which never contains wildcard). * (which never contains wildcard).
*/ */
if (r.param.path.matched_path) { if (ee->r.param.path.matched_path) {
if (need_kfree) if (need_kfree)
kfree(rn.name); kfree(rn.name);
need_kfree = false; need_kfree = false;
/* This is OK because it is read only. */ /* This is OK because it is read only. */
rn = *r.param.path.matched_path; rn = *ee->r.param.path.matched_path;
} }
/* Calculate domain to transit to. */ /* Calculate domain to transit to. */
@ -649,7 +653,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
&rn)) { &rn)) {
case TOMOYO_TRANSITION_CONTROL_RESET: case TOMOYO_TRANSITION_CONTROL_RESET:
/* Transit to the root of specified namespace. */ /* Transit to the root of specified namespace. */
snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name); snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "<%s>", rn.name);
/* /*
* Make do_execve() fail if domain transition across namespaces * Make do_execve() fail if domain transition across namespaces
* has failed. * has failed.
@ -658,7 +662,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
break; break;
case TOMOYO_TRANSITION_CONTROL_INITIALIZE: case TOMOYO_TRANSITION_CONTROL_INITIALIZE:
/* Transit to the child of current namespace's root. */ /* Transit to the child of current namespace's root. */
snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
old_domain->ns->name, rn.name); old_domain->ns->name, rn.name);
break; break;
case TOMOYO_TRANSITION_CONTROL_KEEP: case TOMOYO_TRANSITION_CONTROL_KEEP:
@ -677,29 +681,30 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
domain = old_domain; domain = old_domain;
} else { } else {
/* Normal domain transition. */ /* Normal domain transition. */
snprintf(tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s", snprintf(ee->tmp, TOMOYO_EXEC_TMPSIZE - 1, "%s %s",
old_domain->domainname->name, rn.name); old_domain->domainname->name, rn.name);
} }
break; break;
} }
if (!domain) if (!domain)
domain = tomoyo_assign_domain(tmp, true); domain = tomoyo_assign_domain(ee->tmp, true);
if (domain) if (domain)
retval = 0; retval = 0;
else if (reject_on_transition_failure) { else if (reject_on_transition_failure) {
printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n", tmp); printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n",
ee->tmp);
retval = -ENOMEM; retval = -ENOMEM;
} else if (r.mode == TOMOYO_CONFIG_ENFORCING) } else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING)
retval = -ENOMEM; retval = -ENOMEM;
else { else {
retval = 0; retval = 0;
if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) { if (!old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED]) {
old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true; old_domain->flags[TOMOYO_DIF_TRANSITION_FAILED] = true;
r.granted = false; ee->r.granted = false;
tomoyo_write_log(&r, "%s", tomoyo_dif tomoyo_write_log(&ee->r, "%s", tomoyo_dif
[TOMOYO_DIF_TRANSITION_FAILED]); [TOMOYO_DIF_TRANSITION_FAILED]);
printk(KERN_WARNING printk(KERN_WARNING
"ERROR: Domain '%s' not defined.\n", tmp); "ERROR: Domain '%s' not defined.\n", ee->tmp);
} }
} }
out: out:
@ -710,7 +715,9 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
bprm->cred->security = domain; bprm->cred->security = domain;
if (need_kfree) if (need_kfree)
kfree(rn.name); kfree(rn.name);
kfree(tmp); kfree(ee->tmp);
kfree(ee->dump.data);
kfree(ee);
return retval; return retval;
} }

View File

@ -667,6 +667,9 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
unsigned long number) unsigned long number)
{ {
struct tomoyo_request_info r; struct tomoyo_request_info r;
struct tomoyo_obj_info obj = {
.path1 = *path,
};
int error = -ENOMEM; int error = -ENOMEM;
struct tomoyo_path_info buf; struct tomoyo_path_info buf;
int idx; int idx;
@ -677,6 +680,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
idx = tomoyo_read_lock(); idx = tomoyo_read_lock();
if (!tomoyo_get_realpath(&buf, path)) if (!tomoyo_get_realpath(&buf, path))
goto out; goto out;
r.obj = &obj;
if (type == TOMOYO_TYPE_MKDIR) if (type == TOMOYO_TYPE_MKDIR)
tomoyo_add_slash(&buf); tomoyo_add_slash(&buf);
r.param_type = TOMOYO_TYPE_PATH_NUMBER_ACL; r.param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;
@ -711,6 +715,9 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
int error = 0; int error = 0;
struct tomoyo_path_info buf; struct tomoyo_path_info buf;
struct tomoyo_request_info r; struct tomoyo_request_info r;
struct tomoyo_obj_info obj = {
.path1 = *path,
};
int idx; int idx;
buf.name = NULL; buf.name = NULL;
@ -723,6 +730,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
error = -ENOMEM; error = -ENOMEM;
goto out; goto out;
} }
r.obj = &obj;
if (acc_mode & MAY_READ) if (acc_mode & MAY_READ)
error = tomoyo_path_permission(&r, TOMOYO_TYPE_READ, error = tomoyo_path_permission(&r, TOMOYO_TYPE_READ,
&buf); &buf);
@ -745,15 +753,21 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
* *
* @operation: Type of operation. * @operation: Type of operation.
* @path: Pointer to "struct path". * @path: Pointer to "struct path".
* @target: Symlink's target if @operation is TOMOYO_TYPE_SYMLINK,
* NULL otherwise.
* *
* Returns 0 on success, negative value otherwise. * Returns 0 on success, negative value otherwise.
*/ */
int tomoyo_path_perm(const u8 operation, struct path *path) int tomoyo_path_perm(const u8 operation, struct path *path, const char *target)
{ {
struct tomoyo_request_info r; struct tomoyo_request_info r;
struct tomoyo_obj_info obj = {
.path1 = *path,
};
int error; int error;
struct tomoyo_path_info buf; struct tomoyo_path_info buf;
bool is_enforce; bool is_enforce;
struct tomoyo_path_info symlink_target;
int idx; int idx;
if (tomoyo_init_request_info(&r, NULL, tomoyo_p2mac[operation]) if (tomoyo_init_request_info(&r, NULL, tomoyo_p2mac[operation])
@ -765,13 +779,23 @@ int tomoyo_path_perm(const u8 operation, struct path *path)
idx = tomoyo_read_lock(); idx = tomoyo_read_lock();
if (!tomoyo_get_realpath(&buf, path)) if (!tomoyo_get_realpath(&buf, path))
goto out; goto out;
r.obj = &obj;
switch (operation) { switch (operation) {
case TOMOYO_TYPE_RMDIR: case TOMOYO_TYPE_RMDIR:
case TOMOYO_TYPE_CHROOT: case TOMOYO_TYPE_CHROOT:
tomoyo_add_slash(&buf); tomoyo_add_slash(&buf);
break; break;
case TOMOYO_TYPE_SYMLINK:
symlink_target.name = tomoyo_encode(target);
if (!symlink_target.name)
goto out;
tomoyo_fill_path_info(&symlink_target);
obj.symlink_target = &symlink_target;
break;
} }
error = tomoyo_path_permission(&r, operation, &buf); error = tomoyo_path_permission(&r, operation, &buf);
if (operation == TOMOYO_TYPE_SYMLINK)
kfree(symlink_target.name);
out: out:
kfree(buf.name); kfree(buf.name);
tomoyo_read_unlock(idx); tomoyo_read_unlock(idx);
@ -794,6 +818,9 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
const unsigned int mode, unsigned int dev) const unsigned int mode, unsigned int dev)
{ {
struct tomoyo_request_info r; struct tomoyo_request_info r;
struct tomoyo_obj_info obj = {
.path1 = *path,
};
int error = -ENOMEM; int error = -ENOMEM;
struct tomoyo_path_info buf; struct tomoyo_path_info buf;
int idx; int idx;
@ -804,6 +831,7 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
idx = tomoyo_read_lock(); idx = tomoyo_read_lock();
error = -ENOMEM; error = -ENOMEM;
if (tomoyo_get_realpath(&buf, path)) { if (tomoyo_get_realpath(&buf, path)) {
r.obj = &obj;
dev = new_decode_dev(dev); dev = new_decode_dev(dev);
r.param_type = TOMOYO_TYPE_MKDEV_ACL; r.param_type = TOMOYO_TYPE_MKDEV_ACL;
r.param.mkdev.filename = &buf; r.param.mkdev.filename = &buf;
@ -837,6 +865,10 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
struct tomoyo_path_info buf1; struct tomoyo_path_info buf1;
struct tomoyo_path_info buf2; struct tomoyo_path_info buf2;
struct tomoyo_request_info r; struct tomoyo_request_info r;
struct tomoyo_obj_info obj = {
.path1 = *path1,
.path2 = *path2,
};
int idx; int idx;
if (tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation]) if (tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation])
@ -861,6 +893,7 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
tomoyo_add_slash(&buf2); tomoyo_add_slash(&buf2);
break; break;
} }
r.obj = &obj;
r.param_type = TOMOYO_TYPE_PATH2_ACL; r.param_type = TOMOYO_TYPE_PATH2_ACL;
r.param.path2.operation = operation; r.param.path2.operation = operation;
r.param.path2.filename1 = &buf1; r.param.path2.filename1 = &buf1;

View File

@ -75,6 +75,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
struct path *dir, const char *type, struct path *dir, const char *type,
unsigned long flags) unsigned long flags)
{ {
struct tomoyo_obj_info obj = { };
struct path path; struct path path;
struct file_system_type *fstype = NULL; struct file_system_type *fstype = NULL;
const char *requested_type = NULL; const char *requested_type = NULL;
@ -85,6 +86,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
struct tomoyo_path_info rdir; struct tomoyo_path_info rdir;
int need_dev = 0; int need_dev = 0;
int error = -ENOMEM; int error = -ENOMEM;
r->obj = &obj;
/* Get fstype. */ /* Get fstype. */
requested_type = tomoyo_encode(type); requested_type = tomoyo_encode(type);
@ -94,6 +96,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
tomoyo_fill_path_info(&rtype); tomoyo_fill_path_info(&rtype);
/* Get mount point. */ /* Get mount point. */
obj.path2 = *dir;
requested_dir_name = tomoyo_realpath_from_path(dir); requested_dir_name = tomoyo_realpath_from_path(dir);
if (!requested_dir_name) { if (!requested_dir_name) {
error = -ENOMEM; error = -ENOMEM;
@ -129,8 +132,8 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
error = -ENOENT; error = -ENOENT;
goto out; goto out;
} }
obj.path1 = path;
requested_dev_name = tomoyo_realpath_from_path(&path); requested_dev_name = tomoyo_realpath_from_path(&path);
path_put(&path);
if (!requested_dev_name) { if (!requested_dev_name) {
error = -ENOENT; error = -ENOENT;
goto out; goto out;
@ -163,6 +166,9 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, char *dev_name,
if (fstype) if (fstype)
put_filesystem(fstype); put_filesystem(fstype);
kfree(requested_type); kfree(requested_type);
/* Drop refcount obtained by kern_path(). */
if (obj.path1.dentry)
path_put(&obj.path1);
return error; return error;
} }

View File

@ -98,18 +98,18 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
{ {
struct path path = { mnt, dentry }; struct path path = { mnt, dentry };
return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path); return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL);
} }
static int tomoyo_path_truncate(struct path *path) static int tomoyo_path_truncate(struct path *path)
{ {
return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path); return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
} }
static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
{ {
struct path path = { parent->mnt, dentry }; struct path path = { parent->mnt, dentry };
return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path); return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
} }
static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
@ -123,14 +123,14 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
{ {
struct path path = { parent->mnt, dentry }; struct path path = { parent->mnt, dentry };
return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path); return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
} }
static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
const char *old_name) const char *old_name)
{ {
struct path path = { parent->mnt, dentry }; struct path path = { parent->mnt, dentry };
return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path); return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name);
} }
static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
@ -225,7 +225,7 @@ static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
static int tomoyo_path_chroot(struct path *path) static int tomoyo_path_chroot(struct path *path)
{ {
return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path); return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
} }
static int tomoyo_sb_mount(char *dev_name, struct path *path, static int tomoyo_sb_mount(char *dev_name, struct path *path,
@ -237,7 +237,7 @@ static int tomoyo_sb_mount(char *dev_name, struct path *path,
static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
{ {
struct path path = { mnt, mnt->mnt_root }; struct path path = { mnt, mnt->mnt_root };
return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path); return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL);
} }
static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)