- 02 Aug, 2010 40 commits
-
-
Mimi Zohar authored
Make the security extended attributes names global. Updated to move the remaining Smack xattrs. Signed-off-by:
Mimi Zohar <zohar@us.ibm.com> Acked-by:
Serge Hallyn <serue@us.ibm.com> Signed-off-by:
James Morris <jmorris@namei.org>
-
Justin P. Mattock authored
In commit bb952bb9 there was the accidental deletion of a statement from call_sbin_request_key() to render the process keyring ID to a text string so that it can be passed to /sbin/request-key. With gcc 4.6.0 this causes the following warning: CC security/keys/request_key.o security/keys/request_key.c: In function 'call_sbin_request_key': security/keys/request_key.c:102:15: warning: variable 'prkey' set but not used This patch reinstates that statement. Without this statement, /sbin/request-key will get some random rubbish from the stack as that parameter. Signed-off-by:
Justin P. Mattock <justinmattock@gmail.com> Signed-off-by:
David Howells <dhowells@redhat.com> Signed-off-by:
-
David Howells authored
keyctl_describe_key() turns the key reference it gets into a usable key pointer and assigns that to a variable called 'key', which it then ignores in favour of recomputing the key pointer each time it needs it. Make it use the precomputed pointer instead. Without this patch, gcc 4.6 reports that the variable key is set but not used: building with gcc 4.6 I'm getting a warning message: CC security/keys/keyctl.o security/keys/keyctl.c: In function 'keyctl_describe_key': security/keys/keyctl.c:472:14: warning: variable 'key' set but not used Reported-by:
-
Tetsuo Handa authored
Commit 1dae08c "TOMOYO: Add interactive enforcing mode." forgot to register poll() hook. As a result, /usr/sbin/tomoyo-queryd was doing busy loop. Signed-off-by:
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by:
-
Tetsuo Handa authored
Use shorter name in order to make it easier to fit 80 columns limit. Signed-off-by:
-
Tetsuo Handa authored
Split tomoyo_write_profile() into several functions. Signed-off-by:
-
Tetsuo Handa authored
When userspace program reads policy from /sys/kernel/security/tomoyo/ interface, TOMOYO uses line buffered mode. A line has at least one word. Commit 006dacc "TOMOYO: Support longer pathname." changed a word's max length from 4000 bytes to max kmalloc()able bytes. By that commit, a line's max length changed from 8192 bytes to more than max kmalloc()able bytes. Max number of words in a line remains finite. This patch changes the way of buffering so that all words in a line are firstly directly copied to userspace buffer as much as possible and are secondly queued for next read request. Words queued are guaranteed to be valid until /sys/kernel/security/tomoyo/ interface is close()d. Signed-off-by:
-
Tetsuo Handa authored
tomoyo_print_..._acl() are similar. Merge them. Signed-off-by:
-
Tetsuo Handa authored
Policy editor needs to know allow_execute entries in order to build domain transition tree. Reading all entries is slow. Thus, allow reading only allow_execute entries. Signed-off-by:
-
Tetsuo Handa authored
Change list_for_each_cookie to (1) start from current position rather than next position (2) remove temporary cursor (3) check that srcu_read_lock() is held Signed-off-by:
-
Tetsuo Handa authored
Use common code for "initialize_domain"/"no_initialize_domain"/"keep_domain"/ "no_keep_domain" keywords. Signed-off-by:
-
Tetsuo Handa authored
Some programs behave differently depending on argv[0] passed to execve(). TOMOYO has "alias" keyword in order to allow administrators to define different domains if requested pathname passed to execve() is a symlink. But "alias" keyword is incomplete because this keyword assumes that requested pathname and argv[0] are identical. Thus, remove "alias" keyword (by this patch) and add syntax for checking argv[0] (by future patches). Signed-off-by:
-
Tetsuo Handa authored
Use common code for "path_group" and "number_group". Signed-off-by:
-
Tetsuo Handa authored
Now lists are accessible via array index. Aggregate reader functions using index. Signed-off-by:
-
Tetsuo Handa authored
Assign list id and make the lists as array of "struct list_head". Signed-off-by:
-
Tetsuo Handa authored
"struct tomoyo_path_group" and "struct tomoyo_number_group" are identical. Rename tomoyo_path_group/tomoyo_number_group to tomoyo_group and tomoyo_path_group_member to tomoyo_path_group and tomoyo_number_group_member to tomoyo_unmber_group. Signed-off-by:
-
Paul Moore authored
There were a number of places using the following code pattern: struct cred *cred = current_cred(); struct task_security_struct *tsec = cred->security; ... which were simplified to the following: struct task_security_struct *tsec = current_security(); Signed-off-by:
Paul Moore <paul.moore@hp.com> Acked-by:
Eric Paris <eparis@redhat.com> Signed-off-by:
-
Paul Moore authored
At present, the socket related access controls use a mix of inode and socket labels; while there should be no practical difference (they _should_ always be the same), it makes the code more confusing. This patch attempts to convert all of the socket related access control points (with the exception of some of the inode/fd based controls) to use the socket's own label. In the process, I also converted the socket_has_perm() function to take a 'sock' argument instead of a 'socket' since that was adding a bit more overhead in some cases. Signed-off-by:
-
Paul Moore authored
The sk_alloc_security() and sk_free_security() functions were only being called by the selinux_sk_alloc_security() and selinux_sk_free_security() functions so we just move the guts of the alloc/free routines to the callers and eliminate a layer of indirection. Signed-off-by:
-
Paul Moore authored
Consolidate the basic sockcreate_sid logic into a single helper function which allows us to do some cleanups in the related code. Signed-off-by:
-
Paul Moore authored
Correct a problem where we weren't setting the peer label correctly on the client end of a pair of connected UNIX sockets. Signed-off-by:
-
Tetsuo Handa authored
Pass "struct list_head" to tomoyo_add_to_gc() and bring list_del_rcu() to tomoyo_add_to_gc(). Signed-off-by:
-
Tetsuo Handa authored
Read functions do not fail. Make them from int to void. Signed-off-by:
-
Tetsuo Handa authored
Embed tomoyo_path_number_perm2() into tomoyo_path_number_perm(). Signed-off-by:
-
Tetsuo Handa authored
Keyword strings are read-only. We can directly access them to reduce code size. Signed-off-by:
-
Tetsuo Handa authored
If invalid combination of mount flags are given, it will be rejected later. Thus, no need for TOMOYO to reject invalid combination of mount flags. Signed-off-by:
-
Tetsuo Handa authored
Use shorter name in order to make it easier to fix 80 columns limit. Signed-off-by:
-
Tetsuo Handa authored
We can use callback function since parameters are passed via "const struct tomoyo_request_info". Signed-off-by:
-
Tetsuo Handa authored
To make it possible to use callback function, pass parameters via "struct tomoyo_request_info". Signed-off-by:
-
Tetsuo Handa authored
tomoyo_file_perm() and tomoyo_path_permission() are similar. We can embed tomoyo_file_perm() into tomoyo_path_permission(). Signed-off-by:
-
Eric Paris authored
Move the range transition rule to a separate function, range_read(), rather than doing it all in policydb_read() Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by:
-
Tetsuo Handa authored
Use common code for elements using "struct list_head" + "bool" structure. Signed-off-by:
-
Tetsuo Handa authored
Use common code for elements using "struct list_head" + "bool" structure. Signed-off-by:
-
Tetsuo Handa authored
Use common "struct list_head" + "bool" structure. Signed-off-by:
-
Tetsuo Handa authored
Use common "struct list_head" + "bool" + "u8" structure and use common code for elements using that structure. Signed-off-by:
-
David Howells authored
Make /proc/keys check to see if the calling process possesses each key before performing the security check. The possession check can be skipped if the key doesn't have the possessor-view permission bit set. This causes the keys a process possesses to show up in /proc/keys, even if they don't have matching user/group/other view permissions. Signed-off-by:
-
David Howells authored
Authorise a process to perform keyctl_set_timeout() on an uninstantiated key if that process has the authorisation key for it. This allows the instantiator to set the timeout on a key it is instantiating - provided it does it before instantiating the key. For instance, the test upcall script provided with the keyutils package could be modified to set the expiry to an hour hence before instantiating the key: [/usr/share/keyutils/request-key-debug.sh] if [ "$3" != "neg" ] then + keyctl timeout $1 3600 keyctl instantiate $1 "Debug $3" $4 || exit 1 else Signed-off-by:
-
Tetsuo Handa authored
This patch allows users to change access control mode for per-operation basis. This feature comes from non LSM version of TOMOYO which is designed for permitting users to use SELinux and TOMOYO at the same time. SELinux does not care filename in a directory whereas TOMOYO does. Change of filename can change how the file is used. For example, renaming index.txt to .htaccess will change how the file is used. Thus, letting SELinux to enforce read()/write()/mmap() etc. restriction and letting TOMOYO to enforce rename() restriction is an example usage of this feature. What is unfortunate for me is that currently LSM does not allow users to use SELinux and LSM version of TOMOYO at the same time... Signed-off-by:
-
Tetsuo Handa authored
This patch allows users to aggregate programs which provide similar functionality (e.g. /usr/bin/vi and /usr/bin/emacs ). Signed-off-by:
-
Tetsuo Handa authored
Some applications create and execute programs dynamically. We need to accept wildcard for execute permission because such programs contain random suffix in their filenames. This patch loosens up regulation of string parameters. Signed-off-by:
-
