diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-06-21 09:58:53 +0900 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-08-02 15:34:42 +1000 |
commit | 0617c7ff34dc9b1d641640c3953274bb2dbe21a6 (patch) | |
tree | 6be51af32ad65380aff9b7fa385f65ef15b3d53b /security/tomoyo/domain.c | |
parent | 7c2ea22e3c5463627ca98924cd65cb9e480dc29c (diff) | |
download | linux-rt-0617c7ff34dc9b1d641640c3953274bb2dbe21a6.tar.gz |
TOMOYO: Remove alias keyword.
Some programs behave differently depending on argv[0] passed to execve().
TOMOYO has "alias" keyword in order to allow administrators to define different
domains if requested pathname passed to execve() is a symlink. But "alias"
keyword is incomplete because this keyword assumes that requested pathname and
argv[0] are identical. Thus, remove "alias" keyword (by this patch) and add
syntax for checking argv[0] (by future patches).
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/domain.c')
-rw-r--r-- | security/tomoyo/domain.c | 100 |
1 files changed, 3 insertions, 97 deletions
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 038071a8a3d3..273e670acf0c 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -467,72 +467,6 @@ int tomoyo_write_aggregator_policy(char *data, const bool is_delete) return tomoyo_update_aggregator_entry(data, cp, is_delete); } -static bool tomoyo_same_alias_entry(const struct tomoyo_acl_head *a, - const struct tomoyo_acl_head *b) -{ - const struct tomoyo_alias_entry *p1 = container_of(a, typeof(*p1), - head); - const struct tomoyo_alias_entry *p2 = container_of(b, typeof(*p2), - head); - return p1->original_name == p2->original_name && - p1->aliased_name == p2->aliased_name; -} - -/** - * tomoyo_update_alias_entry - Update "struct tomoyo_alias_entry" list. - * - * @original_name: The original program's real name. - * @aliased_name: The symbolic program's symbolic link's name. - * @is_delete: True if it is a delete request. - * - * Returns 0 on success, negative value otherwise. - * - * Caller holds tomoyo_read_lock(). - */ -static int tomoyo_update_alias_entry(const char *original_name, - const char *aliased_name, - const bool is_delete) -{ - struct tomoyo_alias_entry e = { }; - int error = is_delete ? -ENOENT : -ENOMEM; - - if (!tomoyo_correct_path(original_name) || - !tomoyo_correct_path(aliased_name)) - return -EINVAL; - e.original_name = tomoyo_get_name(original_name); - e.aliased_name = tomoyo_get_name(aliased_name); - if (!e.original_name || !e.aliased_name || - e.original_name->is_patterned || e.aliased_name->is_patterned) - goto out; /* No patterns allowed. */ - error = tomoyo_update_policy(&e.head, sizeof(e), is_delete, - &tomoyo_policy_list[TOMOYO_ID_ALIAS], - tomoyo_same_alias_entry); - out: - tomoyo_put_name(e.original_name); - tomoyo_put_name(e.aliased_name); - return error; -} - -/** - * tomoyo_write_alias_policy - Write "struct tomoyo_alias_entry" list. - * - * @data: String to parse. - * @is_delete: True if it is a delete request. - * - * Returns 0 on success, negative value otherwise. - * - * Caller holds tomoyo_read_lock(). - */ -int tomoyo_write_alias_policy(char *data, const bool is_delete) -{ - char *cp = strchr(data, ' '); - - if (!cp) - return -EINVAL; - *cp++ = '\0'; - return tomoyo_update_alias_entry(data, cp, is_delete); -} - /** * tomoyo_find_or_assign_new_domain - Create a domain. * @@ -606,7 +540,6 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) int retval = -ENOMEM; bool need_kfree = false; struct tomoyo_path_info rn = { }; /* real name */ - struct tomoyo_path_info sn = { }; /* symlink name */ struct tomoyo_path_info ln; /* last name */ ln.name = tomoyo_get_last_name(old_domain); @@ -621,39 +554,14 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) kfree(rn.name); need_kfree = false; } - /* Get tomoyo_realpath of program. */ + /* Get symlink's pathname of program. */ retval = -ENOENT; - rn.name = tomoyo_realpath(original_name); + rn.name = tomoyo_realpath_nofollow(original_name); if (!rn.name) goto out; tomoyo_fill_path_info(&rn); need_kfree = true; - /* Get tomoyo_realpath of symbolic link. */ - sn.name = tomoyo_realpath_nofollow(original_name); - if (!sn.name) - goto out; - tomoyo_fill_path_info(&sn); - - /* Check 'alias' directive. */ - if (tomoyo_pathcmp(&rn, &sn)) { - struct tomoyo_alias_entry *ptr; - /* Is this program allowed to be called via symbolic links? */ - list_for_each_entry_rcu(ptr, - &tomoyo_policy_list[TOMOYO_ID_ALIAS], - head.list) { - if (ptr->head.is_deleted || - tomoyo_pathcmp(&rn, ptr->original_name) || - tomoyo_pathcmp(&sn, ptr->aliased_name)) - continue; - kfree(rn.name); - need_kfree = false; - /* This is OK because it is read only. */ - rn = *ptr->aliased_name; - break; - } - } - /* Check 'aggregator' directive. */ { struct tomoyo_aggregator_entry *ptr; @@ -663,8 +571,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) !tomoyo_path_matches_pattern(&rn, ptr->original_name)) continue; - if (need_kfree) - kfree(rn.name); + kfree(rn.name); need_kfree = false; /* This is OK because it is read only. */ rn = *ptr->aggregated_name; @@ -729,7 +636,6 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) bprm->cred->security = domain; if (need_kfree) kfree(rn.name); - kfree(sn.name); kfree(tmp); return retval; } |