summaryrefslogtreecommitdiffstats
path: root/security/tomoyo/file.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/file.c')
-rw-r--r--security/tomoyo/file.c114
1 files changed, 15 insertions, 99 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 6c2ba69fc89..df3b203d7d4 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -265,33 +265,6 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r)
tomoyo_file_pattern(filename), buffer);
}
-/*
- * tomoyo_globally_readable_list is used for holding list of pathnames which
- * are by default allowed to be open()ed for reading by any process.
- *
- * An entry is added by
- *
- * # echo 'allow_read /lib/libc-2.5.so' > \
- * /sys/kernel/security/tomoyo/exception_policy
- *
- * and is deleted by
- *
- * # echo 'delete allow_read /lib/libc-2.5.so' > \
- * /sys/kernel/security/tomoyo/exception_policy
- *
- * and all entries are retrieved by
- *
- * # grep ^allow_read /sys/kernel/security/tomoyo/exception_policy
- *
- * In the example above, any process is allowed to
- * open("/lib/libc-2.5.so", O_RDONLY).
- * One exception is, if the domain which current process belongs to is marked
- * as "ignore_global_allow_read", current process can't do so unless explicitly
- * given "allow_read /lib/libc-2.5.so" to the domain which current process
- * belongs to.
- */
-LIST_HEAD(tomoyo_globally_readable_list);
-
static bool tomoyo_same_globally_readable(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b)
{
@@ -323,7 +296,8 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
if (!e.filename)
return -ENOMEM;
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
- &tomoyo_globally_readable_list,
+ &tomoyo_policy_list
+ [TOMOYO_ID_GLOBALLY_READABLE],
tomoyo_same_globally_readable);
tomoyo_put_name(e.filename);
return error;
@@ -344,8 +318,8 @@ static bool tomoyo_globally_readable_file(const struct tomoyo_path_info *
struct tomoyo_globally_readable_file_entry *ptr;
bool found = false;
- list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list,
- head.list) {
+ list_for_each_entry_rcu(ptr, &tomoyo_policy_list
+ [TOMOYO_ID_GLOBALLY_READABLE], head.list) {
if (!ptr->head.is_deleted &&
tomoyo_path_matches_pattern(filename, ptr->filename)) {
found = true;
@@ -385,7 +359,7 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
bool done = true;
list_for_each_cookie(pos, head->read_var2,
- &tomoyo_globally_readable_list) {
+ &tomoyo_policy_list[TOMOYO_ID_GLOBALLY_READABLE]) {
struct tomoyo_globally_readable_file_entry *ptr;
ptr = list_entry(pos,
struct tomoyo_globally_readable_file_entry,
@@ -400,37 +374,6 @@ bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
return done;
}
-/* tomoyo_pattern_list is used for holding list of pathnames which are used for
- * converting pathnames to pathname patterns during learning mode.
- *
- * An entry is added by
- *
- * # echo 'file_pattern /proc/\$/mounts' > \
- * /sys/kernel/security/tomoyo/exception_policy
- *
- * and is deleted by
- *
- * # echo 'delete file_pattern /proc/\$/mounts' > \
- * /sys/kernel/security/tomoyo/exception_policy
- *
- * and all entries are retrieved by
- *
- * # grep ^file_pattern /sys/kernel/security/tomoyo/exception_policy
- *
- * In the example above, if a process which belongs to a domain which is in
- * learning mode requested open("/proc/1/mounts", O_RDONLY),
- * "allow_read /proc/\$/mounts" is automatically added to the domain which that
- * process belongs to.
- *
- * It is not a desirable behavior that we have to use /proc/\$/ instead of
- * /proc/self/ when current process needs to access only current process's
- * information. As of now, LSM version of TOMOYO is using __d_path() for
- * calculating pathname. Non LSM version of TOMOYO is using its own function
- * which pretends as if /proc/self/ is not a symlink; so that we can forbid
- * current process from accessing other process's information.
- */
-LIST_HEAD(tomoyo_pattern_list);
-
static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b)
{
@@ -460,7 +403,7 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
if (!e.pattern)
return -ENOMEM;
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
- &tomoyo_pattern_list,
+ &tomoyo_policy_list[TOMOYO_ID_PATTERN],
tomoyo_same_pattern);
tomoyo_put_name(e.pattern);
return error;
@@ -480,7 +423,8 @@ const char *tomoyo_file_pattern(const struct tomoyo_path_info *filename)
struct tomoyo_pattern_entry *ptr;
const struct tomoyo_path_info *pattern = NULL;
- list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, head.list) {
+ list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_PATTERN],
+ head.list) {
if (ptr->head.is_deleted)
continue;
if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
@@ -527,7 +471,8 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
struct list_head *pos;
bool done = true;
- list_for_each_cookie(pos, head->read_var2, &tomoyo_pattern_list) {
+ list_for_each_cookie(pos, head->read_var2,
+ &tomoyo_policy_list[TOMOYO_ID_PATTERN]) {
struct tomoyo_pattern_entry *ptr;
ptr = list_entry(pos, struct tomoyo_pattern_entry, head.list);
if (ptr->head.is_deleted)
@@ -540,37 +485,6 @@ bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
return done;
}
-/*
- * tomoyo_no_rewrite_list is used for holding list of pathnames which are by
- * default forbidden to modify already written content of a file.
- *
- * An entry is added by
- *
- * # echo 'deny_rewrite /var/log/messages' > \
- * /sys/kernel/security/tomoyo/exception_policy
- *
- * and is deleted by
- *
- * # echo 'delete deny_rewrite /var/log/messages' > \
- * /sys/kernel/security/tomoyo/exception_policy
- *
- * and all entries are retrieved by
- *
- * # grep ^deny_rewrite /sys/kernel/security/tomoyo/exception_policy
- *
- * In the example above, if a process requested to rewrite /var/log/messages ,
- * the process can't rewrite unless the domain which that process belongs to
- * has "allow_rewrite /var/log/messages" entry.
- *
- * It is not a desirable behavior that we have to add "\040(deleted)" suffix
- * when we want to allow rewriting already unlink()ed file. As of now,
- * LSM version of TOMOYO is using __d_path() for calculating pathname.
- * Non LSM version of TOMOYO is using its own function which doesn't append
- * " (deleted)" suffix if the file is already unlink()ed; so that we don't
- * need to worry whether the file is already unlink()ed or not.
- */
-LIST_HEAD(tomoyo_no_rewrite_list);
-
static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b)
{
@@ -601,7 +515,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
if (!e.pattern)
return -ENOMEM;
error = tomoyo_update_policy(&e.head, sizeof(e), is_delete,
- &tomoyo_no_rewrite_list,
+ &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE],
tomoyo_same_no_rewrite);
tomoyo_put_name(e.pattern);
return error;
@@ -622,7 +536,8 @@ static bool tomoyo_no_rewrite_file(const struct tomoyo_path_info *filename)
struct tomoyo_no_rewrite_entry *ptr;
bool found = false;
- list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, head.list) {
+ list_for_each_entry_rcu(ptr, &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE],
+ head.list) {
if (ptr->head.is_deleted)
continue;
if (!tomoyo_path_matches_pattern(filename, ptr->pattern))
@@ -662,7 +577,8 @@ bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
struct list_head *pos;
bool done = true;
- list_for_each_cookie(pos, head->read_var2, &tomoyo_no_rewrite_list) {
+ list_for_each_cookie(pos, head->read_var2,
+ &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE]) {
struct tomoyo_no_rewrite_entry *ptr;
ptr = list_entry(pos, struct tomoyo_no_rewrite_entry,
head.list);