File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
/*
|
|
|
|
* security/tomoyo/file.c
|
|
|
|
*
|
2011-07-14 09:46:51 +04:00
|
|
|
* Copyright (C) 2005-2011 NTT DATA CORPORATION
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "common.h"
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 11:04:11 +03:00
|
|
|
#include <linux/slab.h>
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/*
|
|
|
|
* Mapping table from "enum tomoyo_path_acl_index" to "enum tomoyo_mac_index".
|
|
|
|
*/
|
2010-06-03 15:38:44 +04:00
|
|
|
static const u8 tomoyo_p2mac[TOMOYO_MAX_PATH_OPERATION] = {
|
|
|
|
[TOMOYO_TYPE_EXECUTE] = TOMOYO_MAC_FILE_EXECUTE,
|
|
|
|
[TOMOYO_TYPE_READ] = TOMOYO_MAC_FILE_OPEN,
|
|
|
|
[TOMOYO_TYPE_WRITE] = TOMOYO_MAC_FILE_OPEN,
|
2011-06-26 18:15:31 +04:00
|
|
|
[TOMOYO_TYPE_APPEND] = TOMOYO_MAC_FILE_OPEN,
|
2010-06-03 15:38:44 +04:00
|
|
|
[TOMOYO_TYPE_UNLINK] = TOMOYO_MAC_FILE_UNLINK,
|
2011-06-26 18:15:31 +04:00
|
|
|
[TOMOYO_TYPE_GETATTR] = TOMOYO_MAC_FILE_GETATTR,
|
2010-06-03 15:38:44 +04:00
|
|
|
[TOMOYO_TYPE_RMDIR] = TOMOYO_MAC_FILE_RMDIR,
|
|
|
|
[TOMOYO_TYPE_TRUNCATE] = TOMOYO_MAC_FILE_TRUNCATE,
|
|
|
|
[TOMOYO_TYPE_SYMLINK] = TOMOYO_MAC_FILE_SYMLINK,
|
|
|
|
[TOMOYO_TYPE_CHROOT] = TOMOYO_MAC_FILE_CHROOT,
|
|
|
|
[TOMOYO_TYPE_UMOUNT] = TOMOYO_MAC_FILE_UMOUNT,
|
|
|
|
};
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/*
|
|
|
|
* Mapping table from "enum tomoyo_mkdev_acl_index" to "enum tomoyo_mac_index".
|
|
|
|
*/
|
2011-06-26 18:17:46 +04:00
|
|
|
const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = {
|
2010-06-03 15:38:44 +04:00
|
|
|
[TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK,
|
|
|
|
[TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR,
|
|
|
|
};
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/*
|
|
|
|
* Mapping table from "enum tomoyo_path2_acl_index" to "enum tomoyo_mac_index".
|
|
|
|
*/
|
2011-06-26 18:17:46 +04:00
|
|
|
const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION] = {
|
2010-06-03 15:38:44 +04:00
|
|
|
[TOMOYO_TYPE_LINK] = TOMOYO_MAC_FILE_LINK,
|
|
|
|
[TOMOYO_TYPE_RENAME] = TOMOYO_MAC_FILE_RENAME,
|
|
|
|
[TOMOYO_TYPE_PIVOT_ROOT] = TOMOYO_MAC_FILE_PIVOT_ROOT,
|
|
|
|
};
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/*
|
|
|
|
* Mapping table from "enum tomoyo_path_number_acl_index" to
|
|
|
|
* "enum tomoyo_mac_index".
|
|
|
|
*/
|
2011-06-26 18:17:46 +04:00
|
|
|
const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION] = {
|
2010-06-03 15:38:44 +04:00
|
|
|
[TOMOYO_TYPE_CREATE] = TOMOYO_MAC_FILE_CREATE,
|
|
|
|
[TOMOYO_TYPE_MKDIR] = TOMOYO_MAC_FILE_MKDIR,
|
|
|
|
[TOMOYO_TYPE_MKFIFO] = TOMOYO_MAC_FILE_MKFIFO,
|
|
|
|
[TOMOYO_TYPE_MKSOCK] = TOMOYO_MAC_FILE_MKSOCK,
|
|
|
|
[TOMOYO_TYPE_IOCTL] = TOMOYO_MAC_FILE_IOCTL,
|
|
|
|
[TOMOYO_TYPE_CHMOD] = TOMOYO_MAC_FILE_CHMOD,
|
|
|
|
[TOMOYO_TYPE_CHOWN] = TOMOYO_MAC_FILE_CHOWN,
|
|
|
|
[TOMOYO_TYPE_CHGRP] = TOMOYO_MAC_FILE_CHGRP,
|
|
|
|
};
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_put_name_union - Drop reference on "struct tomoyo_name_union".
|
|
|
|
*
|
|
|
|
* @ptr: Pointer to "struct tomoyo_name_union".
|
|
|
|
*
|
|
|
|
* Returns nothing.
|
|
|
|
*/
|
2010-05-10 12:30:26 +04:00
|
|
|
void tomoyo_put_name_union(struct tomoyo_name_union *ptr)
|
|
|
|
{
|
2011-06-26 18:16:36 +04:00
|
|
|
tomoyo_put_group(ptr->group);
|
|
|
|
tomoyo_put_name(ptr->filename);
|
2010-05-10 12:30:26 +04:00
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_compare_name_union - Check whether a name matches "struct tomoyo_name_union" or not.
|
|
|
|
*
|
|
|
|
* @name: Pointer to "struct tomoyo_path_info".
|
|
|
|
* @ptr: Pointer to "struct tomoyo_name_union".
|
|
|
|
*
|
|
|
|
* Returns "struct tomoyo_path_info" if @name matches @ptr, NULL otherwise.
|
|
|
|
*/
|
2010-07-29 09:29:55 +04:00
|
|
|
const struct tomoyo_path_info *
|
|
|
|
tomoyo_compare_name_union(const struct tomoyo_path_info *name,
|
|
|
|
const struct tomoyo_name_union *ptr)
|
2010-05-10 12:30:26 +04:00
|
|
|
{
|
2011-06-26 18:16:36 +04:00
|
|
|
if (ptr->group)
|
2010-06-03 15:37:26 +04:00
|
|
|
return tomoyo_path_matches_group(name, ptr->group);
|
2010-07-29 09:29:55 +04:00
|
|
|
if (tomoyo_path_matches_pattern(name, ptr->filename))
|
|
|
|
return ptr->filename;
|
|
|
|
return NULL;
|
2010-05-10 12:30:26 +04:00
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_put_number_union - Drop reference on "struct tomoyo_number_union".
|
|
|
|
*
|
|
|
|
* @ptr: Pointer to "struct tomoyo_number_union".
|
|
|
|
*
|
|
|
|
* Returns nothing.
|
|
|
|
*/
|
2010-05-17 05:06:58 +04:00
|
|
|
void tomoyo_put_number_union(struct tomoyo_number_union *ptr)
|
|
|
|
{
|
2011-06-26 18:16:36 +04:00
|
|
|
tomoyo_put_group(ptr->group);
|
2010-05-17 05:06:58 +04:00
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_compare_number_union - Check whether a value matches "struct tomoyo_number_union" or not.
|
|
|
|
*
|
|
|
|
* @value: Number to check.
|
|
|
|
* @ptr: Pointer to "struct tomoyo_number_union".
|
|
|
|
*
|
|
|
|
* Returns true if @value matches @ptr, false otherwise.
|
|
|
|
*/
|
2010-05-17 05:06:58 +04:00
|
|
|
bool tomoyo_compare_number_union(const unsigned long value,
|
|
|
|
const struct tomoyo_number_union *ptr)
|
|
|
|
{
|
2011-06-26 18:16:36 +04:00
|
|
|
if (ptr->group)
|
2010-05-17 05:06:58 +04:00
|
|
|
return tomoyo_number_matches_group(value, value, ptr->group);
|
|
|
|
return value >= ptr->values[0] && value <= ptr->values[1];
|
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_add_slash - Add trailing '/' if needed.
|
|
|
|
*
|
|
|
|
* @buf: Pointer to "struct tomoyo_path_info".
|
|
|
|
*
|
|
|
|
* Returns nothing.
|
|
|
|
*
|
|
|
|
* @buf must be generated by tomoyo_encode() because this function does not
|
|
|
|
* allocate memory for adding '/'.
|
|
|
|
*/
|
2010-06-03 15:36:43 +04:00
|
|
|
static void tomoyo_add_slash(struct tomoyo_path_info *buf)
|
|
|
|
{
|
|
|
|
if (buf->is_dir)
|
|
|
|
return;
|
|
|
|
/*
|
|
|
|
* This is OK because tomoyo_encode() reserves space for appending "/".
|
|
|
|
*/
|
|
|
|
strcat((char *) buf->name, "/");
|
|
|
|
tomoyo_fill_path_info(buf);
|
|
|
|
}
|
|
|
|
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
/**
|
2010-06-03 15:36:43 +04:00
|
|
|
* tomoyo_get_realpath - Get realpath.
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*
|
2010-06-03 15:36:43 +04:00
|
|
|
* @buf: Pointer to "struct tomoyo_path_info".
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
* @path: Pointer to "struct path".
|
|
|
|
*
|
2010-06-03 15:36:43 +04:00
|
|
|
* Returns true on success, false otherwise.
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*/
|
2015-03-09 02:28:30 +03:00
|
|
|
static bool tomoyo_get_realpath(struct tomoyo_path_info *buf, const struct path *path)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
{
|
2010-06-03 15:36:43 +04:00
|
|
|
buf->name = tomoyo_realpath_from_path(path);
|
|
|
|
if (buf->name) {
|
|
|
|
tomoyo_fill_path_info(buf);
|
|
|
|
return true;
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
}
|
2011-07-14 09:46:51 +04:00
|
|
|
return false;
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
}
|
|
|
|
|
2010-06-16 11:22:51 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_audit_path_log - Audit path request log.
|
|
|
|
*
|
|
|
|
* @r: Pointer to "struct tomoyo_request_info".
|
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*/
|
|
|
|
static int tomoyo_audit_path_log(struct tomoyo_request_info *r)
|
|
|
|
{
|
2011-06-26 18:18:58 +04:00
|
|
|
return tomoyo_supervisor(r, "file %s %s\n", tomoyo_path_keyword
|
|
|
|
[r->param.path.operation],
|
|
|
|
r->param.path.filename->name);
|
2010-06-16 11:22:51 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* tomoyo_audit_path2_log - Audit path/path request log.
|
|
|
|
*
|
|
|
|
* @r: Pointer to "struct tomoyo_request_info".
|
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*/
|
|
|
|
static int tomoyo_audit_path2_log(struct tomoyo_request_info *r)
|
|
|
|
{
|
2011-06-26 18:21:19 +04:00
|
|
|
return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_mac_keywords
|
|
|
|
[tomoyo_pp2mac[r->param.path2.operation]],
|
2011-06-26 18:18:58 +04:00
|
|
|
r->param.path2.filename1->name,
|
|
|
|
r->param.path2.filename2->name);
|
2010-06-16 11:22:51 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* tomoyo_audit_mkdev_log - Audit path/number/number/number request log.
|
|
|
|
*
|
|
|
|
* @r: Pointer to "struct tomoyo_request_info".
|
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*/
|
|
|
|
static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r)
|
|
|
|
{
|
2011-06-26 18:18:58 +04:00
|
|
|
return tomoyo_supervisor(r, "file %s %s 0%o %u %u\n",
|
2011-06-26 18:21:19 +04:00
|
|
|
tomoyo_mac_keywords
|
|
|
|
[tomoyo_pnnn2mac[r->param.mkdev.operation]],
|
2011-06-26 18:18:58 +04:00
|
|
|
r->param.mkdev.filename->name,
|
|
|
|
r->param.mkdev.mode, r->param.mkdev.major,
|
|
|
|
r->param.mkdev.minor);
|
2010-06-16 11:22:51 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* tomoyo_audit_path_number_log - Audit path/number request log.
|
|
|
|
*
|
2011-06-26 18:16:03 +04:00
|
|
|
* @r: Pointer to "struct tomoyo_request_info".
|
2010-06-16 11:22:51 +04:00
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*/
|
|
|
|
static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r)
|
|
|
|
{
|
|
|
|
const u8 type = r->param.path_number.operation;
|
|
|
|
u8 radix;
|
|
|
|
char buffer[64];
|
|
|
|
switch (type) {
|
|
|
|
case TOMOYO_TYPE_CREATE:
|
|
|
|
case TOMOYO_TYPE_MKDIR:
|
|
|
|
case TOMOYO_TYPE_MKFIFO:
|
|
|
|
case TOMOYO_TYPE_MKSOCK:
|
|
|
|
case TOMOYO_TYPE_CHMOD:
|
|
|
|
radix = TOMOYO_VALUE_TYPE_OCTAL;
|
|
|
|
break;
|
|
|
|
case TOMOYO_TYPE_IOCTL:
|
|
|
|
radix = TOMOYO_VALUE_TYPE_HEXADECIMAL;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
radix = TOMOYO_VALUE_TYPE_DECIMAL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number,
|
|
|
|
radix);
|
2011-06-26 18:21:19 +04:00
|
|
|
return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_mac_keywords
|
|
|
|
[tomoyo_pn2mac[type]],
|
2011-06-26 18:18:58 +04:00
|
|
|
r->param.path_number.filename->name, buffer);
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_check_path_acl - Check permission for path operation.
|
|
|
|
*
|
|
|
|
* @r: Pointer to "struct tomoyo_request_info".
|
|
|
|
* @ptr: Pointer to "struct tomoyo_acl_info".
|
|
|
|
*
|
|
|
|
* Returns true if granted, false otherwise.
|
|
|
|
*
|
|
|
|
* To be able to use wildcard for domain transition, this function sets
|
|
|
|
* matching entry on success. Since the caller holds tomoyo_read_lock(),
|
|
|
|
* it is safe to set matching entry.
|
|
|
|
*/
|
2010-07-29 09:29:55 +04:00
|
|
|
static bool tomoyo_check_path_acl(struct tomoyo_request_info *r,
|
2010-06-16 11:22:51 +04:00
|
|
|
const struct tomoyo_acl_info *ptr)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
{
|
2010-06-16 11:22:51 +04:00
|
|
|
const struct tomoyo_path_acl *acl = container_of(ptr, typeof(*acl),
|
|
|
|
head);
|
2010-07-29 09:29:55 +04:00
|
|
|
if (acl->perm & (1 << r->param.path.operation)) {
|
|
|
|
r->param.path.matched_path =
|
|
|
|
tomoyo_compare_name_union(r->param.path.filename,
|
|
|
|
&acl->name);
|
|
|
|
return r->param.path.matched_path != NULL;
|
|
|
|
}
|
|
|
|
return false;
|
2010-06-16 11:22:51 +04:00
|
|
|
}
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_check_path_number_acl - Check permission for path number operation.
|
|
|
|
*
|
|
|
|
* @r: Pointer to "struct tomoyo_request_info".
|
|
|
|
* @ptr: Pointer to "struct tomoyo_acl_info".
|
|
|
|
*
|
|
|
|
* Returns true if granted, false otherwise.
|
|
|
|
*/
|
2010-07-29 09:29:55 +04:00
|
|
|
static bool tomoyo_check_path_number_acl(struct tomoyo_request_info *r,
|
2010-06-16 11:22:51 +04:00
|
|
|
const struct tomoyo_acl_info *ptr)
|
|
|
|
{
|
|
|
|
const struct tomoyo_path_number_acl *acl =
|
|
|
|
container_of(ptr, typeof(*acl), head);
|
|
|
|
return (acl->perm & (1 << r->param.path_number.operation)) &&
|
|
|
|
tomoyo_compare_number_union(r->param.path_number.number,
|
|
|
|
&acl->number) &&
|
|
|
|
tomoyo_compare_name_union(r->param.path_number.filename,
|
|
|
|
&acl->name);
|
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_check_path2_acl - Check permission for path path operation.
|
|
|
|
*
|
|
|
|
* @r: Pointer to "struct tomoyo_request_info".
|
|
|
|
* @ptr: Pointer to "struct tomoyo_acl_info".
|
|
|
|
*
|
|
|
|
* Returns true if granted, false otherwise.
|
|
|
|
*/
|
2010-07-29 09:29:55 +04:00
|
|
|
static bool tomoyo_check_path2_acl(struct tomoyo_request_info *r,
|
2010-06-16 11:22:51 +04:00
|
|
|
const struct tomoyo_acl_info *ptr)
|
|
|
|
{
|
|
|
|
const struct tomoyo_path2_acl *acl =
|
|
|
|
container_of(ptr, typeof(*acl), head);
|
|
|
|
return (acl->perm & (1 << r->param.path2.operation)) &&
|
|
|
|
tomoyo_compare_name_union(r->param.path2.filename1, &acl->name1)
|
|
|
|
&& tomoyo_compare_name_union(r->param.path2.filename2,
|
|
|
|
&acl->name2);
|
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_check_mkdev_acl - Check permission for path number number number operation.
|
|
|
|
*
|
|
|
|
* @r: Pointer to "struct tomoyo_request_info".
|
|
|
|
* @ptr: Pointer to "struct tomoyo_acl_info".
|
|
|
|
*
|
|
|
|
* Returns true if granted, false otherwise.
|
|
|
|
*/
|
2010-07-29 09:29:55 +04:00
|
|
|
static bool tomoyo_check_mkdev_acl(struct tomoyo_request_info *r,
|
2011-06-26 18:16:36 +04:00
|
|
|
const struct tomoyo_acl_info *ptr)
|
2010-06-16 11:22:51 +04:00
|
|
|
{
|
2010-06-16 11:23:55 +04:00
|
|
|
const struct tomoyo_mkdev_acl *acl =
|
2010-06-16 11:22:51 +04:00
|
|
|
container_of(ptr, typeof(*acl), head);
|
|
|
|
return (acl->perm & (1 << r->param.mkdev.operation)) &&
|
|
|
|
tomoyo_compare_number_union(r->param.mkdev.mode,
|
|
|
|
&acl->mode) &&
|
|
|
|
tomoyo_compare_number_union(r->param.mkdev.major,
|
|
|
|
&acl->major) &&
|
|
|
|
tomoyo_compare_number_union(r->param.mkdev.minor,
|
|
|
|
&acl->minor) &&
|
|
|
|
tomoyo_compare_name_union(r->param.mkdev.filename,
|
|
|
|
&acl->name);
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_same_path_acl - Check for duplicated "struct tomoyo_path_acl" entry.
|
|
|
|
*
|
|
|
|
* @a: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @b: Pointer to "struct tomoyo_acl_info".
|
|
|
|
*
|
|
|
|
* Returns true if @a == @b except permission bits, false otherwise.
|
|
|
|
*/
|
2010-06-12 15:46:22 +04:00
|
|
|
static bool tomoyo_same_path_acl(const struct tomoyo_acl_info *a,
|
|
|
|
const struct tomoyo_acl_info *b)
|
|
|
|
{
|
|
|
|
const struct tomoyo_path_acl *p1 = container_of(a, typeof(*p1), head);
|
|
|
|
const struct tomoyo_path_acl *p2 = container_of(b, typeof(*p2), head);
|
2011-06-26 18:16:36 +04:00
|
|
|
return tomoyo_same_name_union(&p1->name, &p2->name);
|
2010-06-12 15:46:22 +04:00
|
|
|
}
|
|
|
|
|
2011-06-26 18:15:31 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_merge_path_acl - Merge duplicated "struct tomoyo_path_acl" entry.
|
|
|
|
*
|
|
|
|
* @a: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @b: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @is_delete: True for @a &= ~@b, false for @a |= @b.
|
|
|
|
*
|
|
|
|
* Returns true if @a is empty, false otherwise.
|
|
|
|
*/
|
2010-06-12 15:46:22 +04:00
|
|
|
static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a,
|
|
|
|
struct tomoyo_acl_info *b,
|
|
|
|
const bool is_delete)
|
|
|
|
{
|
|
|
|
u16 * const a_perm = &container_of(a, struct tomoyo_path_acl, head)
|
|
|
|
->perm;
|
|
|
|
u16 perm = *a_perm;
|
|
|
|
const u16 b_perm = container_of(b, struct tomoyo_path_acl, head)->perm;
|
2011-06-26 18:15:31 +04:00
|
|
|
if (is_delete)
|
2010-06-12 15:46:22 +04:00
|
|
|
perm &= ~b_perm;
|
2011-06-26 18:15:31 +04:00
|
|
|
else
|
2010-06-12 15:46:22 +04:00
|
|
|
perm |= b_perm;
|
|
|
|
*a_perm = perm;
|
|
|
|
return !perm;
|
|
|
|
}
|
|
|
|
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
/**
|
2010-02-16 02:03:30 +03:00
|
|
|
* tomoyo_update_path_acl - Update "struct tomoyo_path_acl" list.
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*
|
2011-06-26 18:17:10 +04:00
|
|
|
* @perm: Permission.
|
|
|
|
* @param: Pointer to "struct tomoyo_acl_param".
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
2009-12-08 03:34:43 +03:00
|
|
|
*
|
|
|
|
* Caller holds tomoyo_read_lock().
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*/
|
2011-06-26 18:17:10 +04:00
|
|
|
static int tomoyo_update_path_acl(const u16 perm,
|
|
|
|
struct tomoyo_acl_param *param)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
{
|
2010-05-06 07:40:02 +04:00
|
|
|
struct tomoyo_path_acl e = {
|
|
|
|
.head.type = TOMOYO_TYPE_PATH_ACL,
|
2011-06-26 18:17:10 +04:00
|
|
|
.perm = perm
|
2010-05-06 07:40:02 +04:00
|
|
|
};
|
2010-06-12 15:46:22 +04:00
|
|
|
int error;
|
2011-06-26 18:17:10 +04:00
|
|
|
if (!tomoyo_parse_name_union(param, &e.name))
|
|
|
|
error = -EINVAL;
|
|
|
|
else
|
|
|
|
error = tomoyo_update_domain(&e.head, sizeof(e), param,
|
|
|
|
tomoyo_same_path_acl,
|
|
|
|
tomoyo_merge_path_acl);
|
2010-05-10 12:30:26 +04:00
|
|
|
tomoyo_put_name_union(&e.name);
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_same_mkdev_acl - Check for duplicated "struct tomoyo_mkdev_acl" entry.
|
|
|
|
*
|
|
|
|
* @a: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @b: Pointer to "struct tomoyo_acl_info".
|
|
|
|
*
|
|
|
|
* Returns true if @a == @b except permission bits, false otherwise.
|
|
|
|
*/
|
2010-06-16 11:23:55 +04:00
|
|
|
static bool tomoyo_same_mkdev_acl(const struct tomoyo_acl_info *a,
|
2010-06-12 15:46:22 +04:00
|
|
|
const struct tomoyo_acl_info *b)
|
|
|
|
{
|
2011-06-26 18:16:36 +04:00
|
|
|
const struct tomoyo_mkdev_acl *p1 = container_of(a, typeof(*p1), head);
|
|
|
|
const struct tomoyo_mkdev_acl *p2 = container_of(b, typeof(*p2), head);
|
|
|
|
return tomoyo_same_name_union(&p1->name, &p2->name) &&
|
|
|
|
tomoyo_same_number_union(&p1->mode, &p2->mode) &&
|
|
|
|
tomoyo_same_number_union(&p1->major, &p2->major) &&
|
|
|
|
tomoyo_same_number_union(&p1->minor, &p2->minor);
|
2010-06-12 15:46:22 +04:00
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_merge_mkdev_acl - Merge duplicated "struct tomoyo_mkdev_acl" entry.
|
|
|
|
*
|
|
|
|
* @a: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @b: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @is_delete: True for @a &= ~@b, false for @a |= @b.
|
|
|
|
*
|
|
|
|
* Returns true if @a is empty, false otherwise.
|
|
|
|
*/
|
2010-06-16 11:23:55 +04:00
|
|
|
static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a,
|
2011-06-26 18:16:36 +04:00
|
|
|
struct tomoyo_acl_info *b,
|
|
|
|
const bool is_delete)
|
2010-06-12 15:46:22 +04:00
|
|
|
{
|
2010-06-16 11:23:55 +04:00
|
|
|
u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl,
|
2010-06-12 15:46:22 +04:00
|
|
|
head)->perm;
|
|
|
|
u8 perm = *a_perm;
|
2010-06-16 11:23:55 +04:00
|
|
|
const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head)
|
2010-06-12 15:46:22 +04:00
|
|
|
->perm;
|
|
|
|
if (is_delete)
|
|
|
|
perm &= ~b_perm;
|
|
|
|
else
|
|
|
|
perm |= b_perm;
|
|
|
|
*a_perm = perm;
|
|
|
|
return !perm;
|
|
|
|
}
|
|
|
|
|
2010-05-17 05:09:15 +04:00
|
|
|
/**
|
2010-06-16 11:23:55 +04:00
|
|
|
* tomoyo_update_mkdev_acl - Update "struct tomoyo_mkdev_acl" list.
|
2010-05-17 05:09:15 +04:00
|
|
|
*
|
2011-06-26 18:17:10 +04:00
|
|
|
* @perm: Permission.
|
|
|
|
* @param: Pointer to "struct tomoyo_acl_param".
|
2010-05-17 05:09:15 +04:00
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
2010-06-12 15:46:22 +04:00
|
|
|
*
|
|
|
|
* Caller holds tomoyo_read_lock().
|
2010-05-17 05:09:15 +04:00
|
|
|
*/
|
2011-06-26 18:17:10 +04:00
|
|
|
static int tomoyo_update_mkdev_acl(const u8 perm,
|
|
|
|
struct tomoyo_acl_param *param)
|
2010-05-17 05:09:15 +04:00
|
|
|
{
|
2010-06-16 11:23:55 +04:00
|
|
|
struct tomoyo_mkdev_acl e = {
|
|
|
|
.head.type = TOMOYO_TYPE_MKDEV_ACL,
|
2011-06-26 18:17:10 +04:00
|
|
|
.perm = perm
|
2010-05-17 05:09:15 +04:00
|
|
|
};
|
2011-06-26 18:17:10 +04:00
|
|
|
int error;
|
|
|
|
if (!tomoyo_parse_name_union(param, &e.name) ||
|
|
|
|
!tomoyo_parse_number_union(param, &e.mode) ||
|
|
|
|
!tomoyo_parse_number_union(param, &e.major) ||
|
|
|
|
!tomoyo_parse_number_union(param, &e.minor))
|
|
|
|
error = -EINVAL;
|
|
|
|
else
|
|
|
|
error = tomoyo_update_domain(&e.head, sizeof(e), param,
|
|
|
|
tomoyo_same_mkdev_acl,
|
|
|
|
tomoyo_merge_mkdev_acl);
|
2010-05-17 05:09:15 +04:00
|
|
|
tomoyo_put_name_union(&e.name);
|
|
|
|
tomoyo_put_number_union(&e.mode);
|
|
|
|
tomoyo_put_number_union(&e.major);
|
|
|
|
tomoyo_put_number_union(&e.minor);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_same_path2_acl - Check for duplicated "struct tomoyo_path2_acl" entry.
|
|
|
|
*
|
|
|
|
* @a: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @b: Pointer to "struct tomoyo_acl_info".
|
|
|
|
*
|
|
|
|
* Returns true if @a == @b except permission bits, false otherwise.
|
|
|
|
*/
|
2010-06-12 15:46:22 +04:00
|
|
|
static bool tomoyo_same_path2_acl(const struct tomoyo_acl_info *a,
|
|
|
|
const struct tomoyo_acl_info *b)
|
|
|
|
{
|
|
|
|
const struct tomoyo_path2_acl *p1 = container_of(a, typeof(*p1), head);
|
|
|
|
const struct tomoyo_path2_acl *p2 = container_of(b, typeof(*p2), head);
|
2011-06-26 18:16:36 +04:00
|
|
|
return tomoyo_same_name_union(&p1->name1, &p2->name1) &&
|
|
|
|
tomoyo_same_name_union(&p1->name2, &p2->name2);
|
2010-06-12 15:46:22 +04:00
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_merge_path2_acl - Merge duplicated "struct tomoyo_path2_acl" entry.
|
|
|
|
*
|
|
|
|
* @a: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @b: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @is_delete: True for @a &= ~@b, false for @a |= @b.
|
|
|
|
*
|
|
|
|
* Returns true if @a is empty, false otherwise.
|
|
|
|
*/
|
2010-06-12 15:46:22 +04:00
|
|
|
static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a,
|
|
|
|
struct tomoyo_acl_info *b,
|
|
|
|
const bool is_delete)
|
|
|
|
{
|
|
|
|
u8 * const a_perm = &container_of(a, struct tomoyo_path2_acl, head)
|
|
|
|
->perm;
|
|
|
|
u8 perm = *a_perm;
|
|
|
|
const u8 b_perm = container_of(b, struct tomoyo_path2_acl, head)->perm;
|
|
|
|
if (is_delete)
|
|
|
|
perm &= ~b_perm;
|
|
|
|
else
|
|
|
|
perm |= b_perm;
|
|
|
|
*a_perm = perm;
|
|
|
|
return !perm;
|
|
|
|
}
|
|
|
|
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
/**
|
2010-02-16 02:03:30 +03:00
|
|
|
* tomoyo_update_path2_acl - Update "struct tomoyo_path2_acl" list.
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*
|
2011-06-26 18:17:10 +04:00
|
|
|
* @perm: Permission.
|
|
|
|
* @param: Pointer to "struct tomoyo_acl_param".
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
2009-12-08 03:34:43 +03:00
|
|
|
*
|
|
|
|
* Caller holds tomoyo_read_lock().
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*/
|
2011-06-26 18:17:10 +04:00
|
|
|
static int tomoyo_update_path2_acl(const u8 perm,
|
|
|
|
struct tomoyo_acl_param *param)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
{
|
2010-05-06 07:40:02 +04:00
|
|
|
struct tomoyo_path2_acl e = {
|
|
|
|
.head.type = TOMOYO_TYPE_PATH2_ACL,
|
2011-06-26 18:17:10 +04:00
|
|
|
.perm = perm
|
2010-05-06 07:40:02 +04:00
|
|
|
};
|
2011-06-26 18:17:10 +04:00
|
|
|
int error;
|
|
|
|
if (!tomoyo_parse_name_union(param, &e.name1) ||
|
|
|
|
!tomoyo_parse_name_union(param, &e.name2))
|
|
|
|
error = -EINVAL;
|
|
|
|
else
|
|
|
|
error = tomoyo_update_domain(&e.head, sizeof(e), param,
|
|
|
|
tomoyo_same_path2_acl,
|
|
|
|
tomoyo_merge_path2_acl);
|
2010-05-10 12:30:26 +04:00
|
|
|
tomoyo_put_name_union(&e.name1);
|
|
|
|
tomoyo_put_name_union(&e.name2);
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2010-05-17 05:08:05 +04:00
|
|
|
* tomoyo_path_permission - Check permission for single path operation.
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*
|
2010-05-17 05:08:05 +04:00
|
|
|
* @r: Pointer to "struct tomoyo_request_info".
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
* @operation: Type of operation.
|
|
|
|
* @filename: Filename to check.
|
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
2009-12-08 03:34:43 +03:00
|
|
|
*
|
|
|
|
* Caller holds tomoyo_read_lock().
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*/
|
2011-09-25 12:49:09 +04:00
|
|
|
static int tomoyo_path_permission(struct tomoyo_request_info *r, u8 operation,
|
|
|
|
const struct tomoyo_path_info *filename)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
{
|
|
|
|
int error;
|
|
|
|
|
2010-06-03 15:38:44 +04:00
|
|
|
r->type = tomoyo_p2mac[operation];
|
2011-06-26 18:19:52 +04:00
|
|
|
r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type);
|
2010-06-03 15:38:44 +04:00
|
|
|
if (r->mode == TOMOYO_CONFIG_DISABLED)
|
|
|
|
return 0;
|
2010-06-16 11:21:36 +04:00
|
|
|
r->param_type = TOMOYO_TYPE_PATH_ACL;
|
|
|
|
r->param.path.filename = filename;
|
|
|
|
r->param.path.operation = operation;
|
2010-05-17 05:11:36 +04:00
|
|
|
do {
|
2010-06-16 11:22:51 +04:00
|
|
|
tomoyo_check_acl(r, tomoyo_check_path_acl);
|
|
|
|
error = tomoyo_audit_path_log(r);
|
2011-09-16 17:54:25 +04:00
|
|
|
} while (error == TOMOYO_RETRY_REQUEST);
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2011-09-16 17:54:25 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_execute_permission - Check permission for execute operation.
|
|
|
|
*
|
|
|
|
* @r: Pointer to "struct tomoyo_request_info".
|
|
|
|
* @filename: Filename to check.
|
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*
|
|
|
|
* Caller holds tomoyo_read_lock().
|
|
|
|
*/
|
|
|
|
int tomoyo_execute_permission(struct tomoyo_request_info *r,
|
|
|
|
const struct tomoyo_path_info *filename)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Unlike other permission checks, this check is done regardless of
|
|
|
|
* profile mode settings in order to check for domain transition
|
|
|
|
* preference.
|
|
|
|
*/
|
|
|
|
r->type = TOMOYO_MAC_FILE_EXECUTE;
|
|
|
|
r->mode = tomoyo_get_mode(r->domain->ns, r->profile, r->type);
|
|
|
|
r->param_type = TOMOYO_TYPE_PATH_ACL;
|
|
|
|
r->param.path.filename = filename;
|
|
|
|
r->param.path.operation = TOMOYO_TYPE_EXECUTE;
|
|
|
|
tomoyo_check_acl(r, tomoyo_check_path_acl);
|
|
|
|
r->ee->transition = r->matched_acl && r->matched_acl->cond ?
|
|
|
|
r->matched_acl->cond->transit : NULL;
|
|
|
|
if (r->mode != TOMOYO_CONFIG_DISABLED)
|
|
|
|
return tomoyo_audit_path_log(r);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_same_path_number_acl - Check for duplicated "struct tomoyo_path_number_acl" entry.
|
|
|
|
*
|
|
|
|
* @a: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @b: Pointer to "struct tomoyo_acl_info".
|
|
|
|
*
|
|
|
|
* Returns true if @a == @b except permission bits, false otherwise.
|
|
|
|
*/
|
2010-06-12 15:46:22 +04:00
|
|
|
static bool tomoyo_same_path_number_acl(const struct tomoyo_acl_info *a,
|
|
|
|
const struct tomoyo_acl_info *b)
|
|
|
|
{
|
|
|
|
const struct tomoyo_path_number_acl *p1 = container_of(a, typeof(*p1),
|
|
|
|
head);
|
|
|
|
const struct tomoyo_path_number_acl *p2 = container_of(b, typeof(*p2),
|
|
|
|
head);
|
2011-06-26 18:16:36 +04:00
|
|
|
return tomoyo_same_name_union(&p1->name, &p2->name) &&
|
|
|
|
tomoyo_same_number_union(&p1->number, &p2->number);
|
2010-06-12 15:46:22 +04:00
|
|
|
}
|
|
|
|
|
2011-06-26 18:16:36 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_merge_path_number_acl - Merge duplicated "struct tomoyo_path_number_acl" entry.
|
|
|
|
*
|
|
|
|
* @a: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @b: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @is_delete: True for @a &= ~@b, false for @a |= @b.
|
|
|
|
*
|
|
|
|
* Returns true if @a is empty, false otherwise.
|
|
|
|
*/
|
2010-06-12 15:46:22 +04:00
|
|
|
static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a,
|
|
|
|
struct tomoyo_acl_info *b,
|
|
|
|
const bool is_delete)
|
|
|
|
{
|
|
|
|
u8 * const a_perm = &container_of(a, struct tomoyo_path_number_acl,
|
|
|
|
head)->perm;
|
|
|
|
u8 perm = *a_perm;
|
|
|
|
const u8 b_perm = container_of(b, struct tomoyo_path_number_acl, head)
|
|
|
|
->perm;
|
|
|
|
if (is_delete)
|
|
|
|
perm &= ~b_perm;
|
|
|
|
else
|
|
|
|
perm |= b_perm;
|
|
|
|
*a_perm = perm;
|
|
|
|
return !perm;
|
|
|
|
}
|
|
|
|
|
2010-05-17 05:09:15 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_update_path_number_acl - Update ioctl/chmod/chown/chgrp ACL.
|
|
|
|
*
|
2011-06-26 18:17:10 +04:00
|
|
|
* @perm: Permission.
|
|
|
|
* @param: Pointer to "struct tomoyo_acl_param".
|
2010-05-17 05:09:15 +04:00
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*/
|
2011-06-26 18:17:10 +04:00
|
|
|
static int tomoyo_update_path_number_acl(const u8 perm,
|
|
|
|
struct tomoyo_acl_param *param)
|
2010-05-17 05:09:15 +04:00
|
|
|
{
|
|
|
|
struct tomoyo_path_number_acl e = {
|
|
|
|
.head.type = TOMOYO_TYPE_PATH_NUMBER_ACL,
|
2011-06-26 18:17:10 +04:00
|
|
|
.perm = perm
|
2010-05-17 05:09:15 +04:00
|
|
|
};
|
2011-06-26 18:17:10 +04:00
|
|
|
int error;
|
|
|
|
if (!tomoyo_parse_name_union(param, &e.name) ||
|
|
|
|
!tomoyo_parse_number_union(param, &e.number))
|
|
|
|
error = -EINVAL;
|
|
|
|
else
|
|
|
|
error = tomoyo_update_domain(&e.head, sizeof(e), param,
|
|
|
|
tomoyo_same_path_number_acl,
|
|
|
|
tomoyo_merge_path_number_acl);
|
2010-05-17 05:09:15 +04:00
|
|
|
tomoyo_put_name_union(&e.name);
|
|
|
|
tomoyo_put_number_union(&e.number);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
|
|
|
|
*
|
|
|
|
* @type: Type of operation.
|
|
|
|
* @path: Pointer to "struct path".
|
|
|
|
* @number: Number.
|
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*/
|
|
|
|
int tomoyo_path_number_perm(const u8 type, struct path *path,
|
|
|
|
unsigned long number)
|
|
|
|
{
|
|
|
|
struct tomoyo_request_info r;
|
2011-07-08 08:25:53 +04:00
|
|
|
struct tomoyo_obj_info obj = {
|
|
|
|
.path1 = *path,
|
|
|
|
};
|
2010-05-17 05:09:15 +04:00
|
|
|
int error = -ENOMEM;
|
2010-06-03 15:36:43 +04:00
|
|
|
struct tomoyo_path_info buf;
|
2010-05-17 05:09:15 +04:00
|
|
|
int idx;
|
|
|
|
|
2010-06-03 15:38:44 +04:00
|
|
|
if (tomoyo_init_request_info(&r, NULL, tomoyo_pn2mac[type])
|
2011-06-26 18:20:23 +04:00
|
|
|
== TOMOYO_CONFIG_DISABLED || !path->dentry)
|
2010-05-17 05:09:15 +04:00
|
|
|
return 0;
|
|
|
|
idx = tomoyo_read_lock();
|
2010-06-03 15:36:43 +04:00
|
|
|
if (!tomoyo_get_realpath(&buf, path))
|
2010-05-17 05:09:15 +04:00
|
|
|
goto out;
|
2011-07-08 08:25:53 +04:00
|
|
|
r.obj = &obj;
|
2010-06-03 15:36:43 +04:00
|
|
|
if (type == TOMOYO_TYPE_MKDIR)
|
|
|
|
tomoyo_add_slash(&buf);
|
2010-06-16 11:28:21 +04:00
|
|
|
r.param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;
|
|
|
|
r.param.path_number.operation = type;
|
|
|
|
r.param.path_number.filename = &buf;
|
|
|
|
r.param.path_number.number = number;
|
|
|
|
do {
|
|
|
|
tomoyo_check_acl(&r, tomoyo_check_path_number_acl);
|
|
|
|
error = tomoyo_audit_path_number_log(&r);
|
|
|
|
} while (error == TOMOYO_RETRY_REQUEST);
|
2010-06-03 15:36:43 +04:00
|
|
|
kfree(buf.name);
|
2010-06-16 11:28:21 +04:00
|
|
|
out:
|
2010-05-17 05:09:15 +04:00
|
|
|
tomoyo_read_unlock(idx);
|
|
|
|
if (r.mode != TOMOYO_CONFIG_ENFORCING)
|
|
|
|
error = 0;
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
/**
|
|
|
|
* tomoyo_check_open_permission - Check permission for "read" and "write".
|
|
|
|
*
|
|
|
|
* @domain: Pointer to "struct tomoyo_domain_info".
|
|
|
|
* @path: Pointer to "struct path".
|
|
|
|
* @flag: Flags for open().
|
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*/
|
|
|
|
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
|
|
|
|
struct path *path, const int flag)
|
|
|
|
{
|
|
|
|
const u8 acc_mode = ACC_MODE(flag);
|
2011-03-02 10:54:24 +03:00
|
|
|
int error = 0;
|
2010-06-03 15:36:43 +04:00
|
|
|
struct tomoyo_path_info buf;
|
2010-05-17 05:08:05 +04:00
|
|
|
struct tomoyo_request_info r;
|
2011-07-08 08:25:53 +04:00
|
|
|
struct tomoyo_obj_info obj = {
|
|
|
|
.path1 = *path,
|
|
|
|
};
|
2009-12-08 03:34:43 +03:00
|
|
|
int idx;
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
|
2010-06-03 15:38:44 +04:00
|
|
|
buf.name = NULL;
|
|
|
|
r.mode = TOMOYO_CONFIG_DISABLED;
|
2009-12-08 03:34:43 +03:00
|
|
|
idx = tomoyo_read_lock();
|
2011-06-26 18:15:31 +04:00
|
|
|
if (acc_mode &&
|
|
|
|
tomoyo_init_request_info(&r, domain, TOMOYO_MAC_FILE_OPEN)
|
2010-06-03 15:38:44 +04:00
|
|
|
!= TOMOYO_CONFIG_DISABLED) {
|
|
|
|
if (!tomoyo_get_realpath(&buf, path)) {
|
|
|
|
error = -ENOMEM;
|
|
|
|
goto out;
|
|
|
|
}
|
2011-07-08 08:25:53 +04:00
|
|
|
r.obj = &obj;
|
2011-06-26 18:15:31 +04:00
|
|
|
if (acc_mode & MAY_READ)
|
|
|
|
error = tomoyo_path_permission(&r, TOMOYO_TYPE_READ,
|
|
|
|
&buf);
|
|
|
|
if (!error && (acc_mode & MAY_WRITE))
|
|
|
|
error = tomoyo_path_permission(&r, (flag & O_APPEND) ?
|
|
|
|
TOMOYO_TYPE_APPEND :
|
|
|
|
TOMOYO_TYPE_WRITE,
|
2010-06-03 15:38:44 +04:00
|
|
|
&buf);
|
|
|
|
}
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
out:
|
2010-06-03 15:36:43 +04:00
|
|
|
kfree(buf.name);
|
2009-12-08 03:34:43 +03:00
|
|
|
tomoyo_read_unlock(idx);
|
2010-05-17 05:08:05 +04:00
|
|
|
if (r.mode != TOMOYO_CONFIG_ENFORCING)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
error = 0;
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2011-06-26 18:15:31 +04:00
|
|
|
* tomoyo_path_perm - Check permission for "unlink", "rmdir", "truncate", "symlink", "append", "chroot" and "unmount".
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*
|
|
|
|
* @operation: Type of operation.
|
|
|
|
* @path: Pointer to "struct path".
|
2011-07-08 08:25:53 +04:00
|
|
|
* @target: Symlink's target if @operation is TOMOYO_TYPE_SYMLINK,
|
|
|
|
* NULL otherwise.
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*/
|
2015-03-09 02:28:30 +03:00
|
|
|
int tomoyo_path_perm(const u8 operation, const struct path *path, const char *target)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
{
|
2010-05-17 05:08:05 +04:00
|
|
|
struct tomoyo_request_info r;
|
2011-07-08 08:25:53 +04:00
|
|
|
struct tomoyo_obj_info obj = {
|
|
|
|
.path1 = *path,
|
|
|
|
};
|
2011-06-26 18:15:31 +04:00
|
|
|
int error;
|
|
|
|
struct tomoyo_path_info buf;
|
|
|
|
bool is_enforce;
|
2011-07-08 08:25:53 +04:00
|
|
|
struct tomoyo_path_info symlink_target;
|
2009-12-08 03:34:43 +03:00
|
|
|
int idx;
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
|
2010-06-03 15:38:44 +04:00
|
|
|
if (tomoyo_init_request_info(&r, NULL, tomoyo_p2mac[operation])
|
|
|
|
== TOMOYO_CONFIG_DISABLED)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
return 0;
|
2011-06-26 18:15:31 +04:00
|
|
|
is_enforce = (r.mode == TOMOYO_CONFIG_ENFORCING);
|
|
|
|
error = -ENOMEM;
|
2010-06-03 15:38:44 +04:00
|
|
|
buf.name = NULL;
|
2009-12-08 03:34:43 +03:00
|
|
|
idx = tomoyo_read_lock();
|
2010-06-03 15:36:43 +04:00
|
|
|
if (!tomoyo_get_realpath(&buf, path))
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
goto out;
|
2011-07-08 08:25:53 +04:00
|
|
|
r.obj = &obj;
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
switch (operation) {
|
2010-02-16 02:03:30 +03:00
|
|
|
case TOMOYO_TYPE_RMDIR:
|
|
|
|
case TOMOYO_TYPE_CHROOT:
|
2010-06-03 15:36:43 +04:00
|
|
|
tomoyo_add_slash(&buf);
|
|
|
|
break;
|
2011-07-08 08:25:53 +04:00
|
|
|
case TOMOYO_TYPE_SYMLINK:
|
|
|
|
symlink_target.name = tomoyo_encode(target);
|
|
|
|
if (!symlink_target.name)
|
|
|
|
goto out;
|
|
|
|
tomoyo_fill_path_info(&symlink_target);
|
|
|
|
obj.symlink_target = &symlink_target;
|
|
|
|
break;
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
}
|
2010-06-03 15:36:43 +04:00
|
|
|
error = tomoyo_path_permission(&r, operation, &buf);
|
2011-07-08 08:25:53 +04:00
|
|
|
if (operation == TOMOYO_TYPE_SYMLINK)
|
|
|
|
kfree(symlink_target.name);
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
out:
|
2010-06-03 15:36:43 +04:00
|
|
|
kfree(buf.name);
|
2009-12-08 03:34:43 +03:00
|
|
|
tomoyo_read_unlock(idx);
|
2011-06-26 18:15:31 +04:00
|
|
|
if (!is_enforce)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
error = 0;
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2010-05-17 05:09:15 +04:00
|
|
|
/**
|
2010-06-16 11:23:55 +04:00
|
|
|
* tomoyo_mkdev_perm - Check permission for "mkblock" and "mkchar".
|
2010-05-17 05:09:15 +04:00
|
|
|
*
|
|
|
|
* @operation: Type of operation. (TOMOYO_TYPE_MKCHAR or TOMOYO_TYPE_MKBLOCK)
|
|
|
|
* @path: Pointer to "struct path".
|
|
|
|
* @mode: Create mode.
|
|
|
|
* @dev: Device number.
|
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*/
|
2010-06-16 11:23:55 +04:00
|
|
|
int tomoyo_mkdev_perm(const u8 operation, struct path *path,
|
2011-06-26 18:16:36 +04:00
|
|
|
const unsigned int mode, unsigned int dev)
|
2010-05-17 05:09:15 +04:00
|
|
|
{
|
|
|
|
struct tomoyo_request_info r;
|
2011-07-08 08:25:53 +04:00
|
|
|
struct tomoyo_obj_info obj = {
|
|
|
|
.path1 = *path,
|
|
|
|
};
|
2010-05-17 05:09:15 +04:00
|
|
|
int error = -ENOMEM;
|
2010-06-03 15:36:43 +04:00
|
|
|
struct tomoyo_path_info buf;
|
2010-05-17 05:09:15 +04:00
|
|
|
int idx;
|
|
|
|
|
2011-06-26 18:20:23 +04:00
|
|
|
if (tomoyo_init_request_info(&r, NULL, tomoyo_pnnn2mac[operation])
|
2010-06-03 15:38:44 +04:00
|
|
|
== TOMOYO_CONFIG_DISABLED)
|
2010-05-17 05:09:15 +04:00
|
|
|
return 0;
|
|
|
|
idx = tomoyo_read_lock();
|
|
|
|
error = -ENOMEM;
|
2010-06-03 15:36:43 +04:00
|
|
|
if (tomoyo_get_realpath(&buf, path)) {
|
2011-07-08 08:25:53 +04:00
|
|
|
r.obj = &obj;
|
2010-06-16 11:21:36 +04:00
|
|
|
dev = new_decode_dev(dev);
|
2010-06-16 11:23:55 +04:00
|
|
|
r.param_type = TOMOYO_TYPE_MKDEV_ACL;
|
2010-06-16 11:21:36 +04:00
|
|
|
r.param.mkdev.filename = &buf;
|
|
|
|
r.param.mkdev.operation = operation;
|
|
|
|
r.param.mkdev.mode = mode;
|
|
|
|
r.param.mkdev.major = MAJOR(dev);
|
|
|
|
r.param.mkdev.minor = MINOR(dev);
|
2010-06-16 11:22:51 +04:00
|
|
|
tomoyo_check_acl(&r, tomoyo_check_mkdev_acl);
|
|
|
|
error = tomoyo_audit_mkdev_log(&r);
|
2010-06-03 15:36:43 +04:00
|
|
|
kfree(buf.name);
|
2010-05-17 05:09:15 +04:00
|
|
|
}
|
|
|
|
tomoyo_read_unlock(idx);
|
|
|
|
if (r.mode != TOMOYO_CONFIG_ENFORCING)
|
|
|
|
error = 0;
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
/**
|
2010-02-16 02:03:30 +03:00
|
|
|
* tomoyo_path2_perm - Check permission for "rename", "link" and "pivot_root".
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
*
|
|
|
|
* @operation: Type of operation.
|
|
|
|
* @path1: Pointer to "struct path".
|
|
|
|
* @path2: Pointer to "struct path".
|
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*/
|
2010-02-16 03:46:15 +03:00
|
|
|
int tomoyo_path2_perm(const u8 operation, struct path *path1,
|
2010-02-16 02:03:30 +03:00
|
|
|
struct path *path2)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
{
|
|
|
|
int error = -ENOMEM;
|
2010-06-03 15:36:43 +04:00
|
|
|
struct tomoyo_path_info buf1;
|
|
|
|
struct tomoyo_path_info buf2;
|
2010-05-17 05:08:05 +04:00
|
|
|
struct tomoyo_request_info r;
|
2011-07-08 08:25:53 +04:00
|
|
|
struct tomoyo_obj_info obj = {
|
|
|
|
.path1 = *path1,
|
|
|
|
.path2 = *path2,
|
|
|
|
};
|
2009-12-08 03:34:43 +03:00
|
|
|
int idx;
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
|
2011-06-26 18:20:23 +04:00
|
|
|
if (tomoyo_init_request_info(&r, NULL, tomoyo_pp2mac[operation])
|
2010-06-03 15:38:44 +04:00
|
|
|
== TOMOYO_CONFIG_DISABLED)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
return 0;
|
2010-06-03 15:36:43 +04:00
|
|
|
buf1.name = NULL;
|
|
|
|
buf2.name = NULL;
|
2009-12-08 03:34:43 +03:00
|
|
|
idx = tomoyo_read_lock();
|
2010-06-03 15:36:43 +04:00
|
|
|
if (!tomoyo_get_realpath(&buf1, path1) ||
|
|
|
|
!tomoyo_get_realpath(&buf2, path2))
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
goto out;
|
2010-06-03 15:38:44 +04:00
|
|
|
switch (operation) {
|
|
|
|
case TOMOYO_TYPE_RENAME:
|
2011-07-14 09:46:51 +04:00
|
|
|
case TOMOYO_TYPE_LINK:
|
2015-01-29 15:02:32 +03:00
|
|
|
if (!d_is_dir(path1->dentry))
|
2011-07-14 09:46:51 +04:00
|
|
|
break;
|
|
|
|
/* fall through */
|
|
|
|
case TOMOYO_TYPE_PIVOT_ROOT:
|
|
|
|
tomoyo_add_slash(&buf1);
|
|
|
|
tomoyo_add_slash(&buf2);
|
2010-06-03 15:38:44 +04:00
|
|
|
break;
|
2011-07-14 09:46:51 +04:00
|
|
|
}
|
2011-07-08 08:25:53 +04:00
|
|
|
r.obj = &obj;
|
2010-06-16 11:21:36 +04:00
|
|
|
r.param_type = TOMOYO_TYPE_PATH2_ACL;
|
|
|
|
r.param.path2.operation = operation;
|
|
|
|
r.param.path2.filename1 = &buf1;
|
|
|
|
r.param.path2.filename2 = &buf2;
|
2010-05-17 05:11:36 +04:00
|
|
|
do {
|
2010-06-16 11:22:51 +04:00
|
|
|
tomoyo_check_acl(&r, tomoyo_check_path2_acl);
|
|
|
|
error = tomoyo_audit_path2_log(&r);
|
|
|
|
} while (error == TOMOYO_RETRY_REQUEST);
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
out:
|
2010-06-03 15:36:43 +04:00
|
|
|
kfree(buf1.name);
|
|
|
|
kfree(buf2.name);
|
2009-12-08 03:34:43 +03:00
|
|
|
tomoyo_read_unlock(idx);
|
2010-05-17 05:08:05 +04:00
|
|
|
if (r.mode != TOMOYO_CONFIG_ENFORCING)
|
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
* tomoyo_check_file_perm
sysctl()'s "read" and "write".
* tomoyo_check_exec_perm
"execute".
* tomoyo_check_open_permission
open(2) for "read" and "write".
* tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
* tomoyo_check_2path_perm
"rename" and "unlink".
* tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
* tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
* tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
"mkblock", "mkchar", "truncate", "symlink" and "rewrite")
* tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
* "allow_read": specifies globally (for all domains) readable files.
* "path_group": specifies pathname macro.
* "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-05 11:18:14 +03:00
|
|
|
error = 0;
|
|
|
|
return error;
|
|
|
|
}
|
2010-05-17 05:09:15 +04:00
|
|
|
|
2011-06-26 18:17:10 +04:00
|
|
|
/**
|
|
|
|
* tomoyo_same_mount_acl - Check for duplicated "struct tomoyo_mount_acl" entry.
|
|
|
|
*
|
|
|
|
* @a: Pointer to "struct tomoyo_acl_info".
|
|
|
|
* @b: Pointer to "struct tomoyo_acl_info".
|
|
|
|
*
|
|
|
|
* Returns true if @a == @b, false otherwise.
|
|
|
|
*/
|
|
|
|
static bool tomoyo_same_mount_acl(const struct tomoyo_acl_info *a,
|
|
|
|
const struct tomoyo_acl_info *b)
|
|
|
|
{
|
|
|
|
const struct tomoyo_mount_acl *p1 = container_of(a, typeof(*p1), head);
|
|
|
|
const struct tomoyo_mount_acl *p2 = container_of(b, typeof(*p2), head);
|
|
|
|
return tomoyo_same_name_union(&p1->dev_name, &p2->dev_name) &&
|
|
|
|
tomoyo_same_name_union(&p1->dir_name, &p2->dir_name) &&
|
|
|
|
tomoyo_same_name_union(&p1->fs_type, &p2->fs_type) &&
|
|
|
|
tomoyo_same_number_union(&p1->flags, &p2->flags);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* tomoyo_update_mount_acl - Write "struct tomoyo_mount_acl" list.
|
|
|
|
*
|
|
|
|
* @param: Pointer to "struct tomoyo_acl_param".
|
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*
|
|
|
|
* Caller holds tomoyo_read_lock().
|
|
|
|
*/
|
|
|
|
static int tomoyo_update_mount_acl(struct tomoyo_acl_param *param)
|
|
|
|
{
|
|
|
|
struct tomoyo_mount_acl e = { .head.type = TOMOYO_TYPE_MOUNT_ACL };
|
|
|
|
int error;
|
|
|
|
if (!tomoyo_parse_name_union(param, &e.dev_name) ||
|
|
|
|
!tomoyo_parse_name_union(param, &e.dir_name) ||
|
|
|
|
!tomoyo_parse_name_union(param, &e.fs_type) ||
|
|
|
|
!tomoyo_parse_number_union(param, &e.flags))
|
|
|
|
error = -EINVAL;
|
|
|
|
else
|
|
|
|
error = tomoyo_update_domain(&e.head, sizeof(e), param,
|
|
|
|
tomoyo_same_mount_acl, NULL);
|
|
|
|
tomoyo_put_name_union(&e.dev_name);
|
|
|
|
tomoyo_put_name_union(&e.dir_name);
|
|
|
|
tomoyo_put_name_union(&e.fs_type);
|
|
|
|
tomoyo_put_number_union(&e.flags);
|
|
|
|
return error;
|
|
|
|
}
|
|
|
|
|
2010-05-17 05:09:15 +04:00
|
|
|
/**
|
2010-06-25 06:16:00 +04:00
|
|
|
* tomoyo_write_file - Update file related list.
|
2010-05-17 05:09:15 +04:00
|
|
|
*
|
2011-06-26 18:17:10 +04:00
|
|
|
* @param: Pointer to "struct tomoyo_acl_param".
|
2010-05-17 05:09:15 +04:00
|
|
|
*
|
|
|
|
* Returns 0 on success, negative value otherwise.
|
|
|
|
*
|
|
|
|
* Caller holds tomoyo_read_lock().
|
|
|
|
*/
|
2011-06-26 18:17:10 +04:00
|
|
|
int tomoyo_write_file(struct tomoyo_acl_param *param)
|
2010-05-17 05:09:15 +04:00
|
|
|
{
|
2011-06-26 18:17:10 +04:00
|
|
|
u16 perm = 0;
|
2010-05-17 05:09:15 +04:00
|
|
|
u8 type;
|
2011-06-26 18:17:10 +04:00
|
|
|
const char *operation = tomoyo_read_token(param);
|
|
|
|
for (type = 0; type < TOMOYO_MAX_PATH_OPERATION; type++)
|
|
|
|
if (tomoyo_permstr(operation, tomoyo_path_keyword[type]))
|
|
|
|
perm |= 1 << type;
|
|
|
|
if (perm)
|
|
|
|
return tomoyo_update_path_acl(perm, param);
|
|
|
|
for (type = 0; type < TOMOYO_MAX_PATH2_OPERATION; type++)
|
2011-06-26 18:21:19 +04:00
|
|
|
if (tomoyo_permstr(operation,
|
|
|
|
tomoyo_mac_keywords[tomoyo_pp2mac[type]]))
|
2011-06-26 18:17:10 +04:00
|
|
|
perm |= 1 << type;
|
|
|
|
if (perm)
|
|
|
|
return tomoyo_update_path2_acl(perm, param);
|
|
|
|
for (type = 0; type < TOMOYO_MAX_PATH_NUMBER_OPERATION; type++)
|
|
|
|
if (tomoyo_permstr(operation,
|
2011-06-26 18:21:19 +04:00
|
|
|
tomoyo_mac_keywords[tomoyo_pn2mac[type]]))
|
2011-06-26 18:17:10 +04:00
|
|
|
perm |= 1 << type;
|
|
|
|
if (perm)
|
|
|
|
return tomoyo_update_path_number_acl(perm, param);
|
|
|
|
for (type = 0; type < TOMOYO_MAX_MKDEV_OPERATION; type++)
|
2011-06-26 18:21:19 +04:00
|
|
|
if (tomoyo_permstr(operation,
|
|
|
|
tomoyo_mac_keywords[tomoyo_pnnn2mac[type]]))
|
2011-06-26 18:17:10 +04:00
|
|
|
perm |= 1 << type;
|
|
|
|
if (perm)
|
|
|
|
return tomoyo_update_mkdev_acl(perm, param);
|
2011-06-26 18:21:19 +04:00
|
|
|
if (tomoyo_permstr(operation,
|
|
|
|
tomoyo_mac_keywords[TOMOYO_MAC_FILE_MOUNT]))
|
2011-06-26 18:17:10 +04:00
|
|
|
return tomoyo_update_mount_acl(param);
|
2010-05-17 05:09:15 +04:00
|
|
|
return -EINVAL;
|
|
|
|
}
|