| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Aug 2007 21:46:48 +0900
From: Kentaro Takeda <k.takeda26@...il.com>
To: linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, chrisw@...s-sol.org
Subject: [TOMOYO 03/15] Data structures and prototypes definition.
Data structures and prototype defitions for TOMOYO Linux.
Signed-off-by: Kentaro Takeda <takedakn@...data.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
---
security/tomoyo/include/realpath.h | 44 +++
security/tomoyo/include/tomoyo.h | 516 +++++++++++++++++++++++++++++++++++++
2 files changed, 560 insertions(+)
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6/security/tomoyo/include/realpath.h 2007-08-24 15:51:34.000000000 +0900
@@ -0,0 +1,44 @@
+/*
+ * security/tomoyo/include/realpath.h
+ *
+ * Get the canonicalized absolute pathnames.
+ * The basis for TOMOYO.
+ */
+
+#ifndef _TMY_REALPATH_H
+#define _TMY_REALPATH_H
+
+struct path_info;
+
+/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */
+int tmy_realpath_dentry2(struct dentry *dentry,
+ struct vfsmount *mnt,
+ char *newname,
+ int newname_len);
+
+/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */
+/* These functions use tmy_alloc(), so caller must tmy_free() */
+/* if these functions didn't return NULL. */
+char *tmy_realpath(const char *pathname);
+char *tmy_realpath_nofollow(const char *pathname);
+char *tmy_realpath_dentry(struct dentry *dentry, struct vfsmount *mnt);
+
+/* Allocate memory for structures. */
+/* The RAM is chunked, so NEVER try to kfree() the returned pointer. */
+void *tmy_alloc_element(const unsigned int size);
+
+/* Get used RAM size for tmy_alloc_elements(). */
+unsigned int tmy_get_memory_used_for_elements(void);
+
+/* Keep the given name on the RAM. */
+/* The RAM is shared, so NEVER try to modify or kfree() the returned name. */
+const struct path_info *tmy_save_name(const char *name);
+
+/* Get used RAM size for tmy_save_name(). */
+unsigned int tmy_get_memory_used_for_save_name(void);
+
+unsigned int tmy_get_memory_used_for_dynamic(void);
+char *sysctlpath_from_table(struct ctl_table *table);
+extern void tmy_realpath_init(void);
+
+#endif
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6/security/tomoyo/include/tomoyo.h 2007-08-24 15:51:34.000000000 +0900
@@ -0,0 +1,516 @@
+/*
+ * security/tomoyo/include/tomoyo.h
+ *
+ * Header for TOMOYO Linux.
+ */
+
+#ifndef _TOMOYO_H
+#define _TOMOYO_H
+
+#define TOMOYO_VERSION_CODE "2.1.0-rc3"
+
+#include <linux/string.h>
+#include <linux/mm.h>
+#include <linux/utime.h>
+#include <linux/file.h>
+#include <linux/smp_lock.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/slab.h>
+#include <linux/poll.h>
+#include <linux/uaccess.h>
+#include <stdarg.h>
+#include <linux/delay.h>
+
+extern struct semaphore domain_acl_lock;
+extern int sbin_init_started;
+
+struct tmy_security {
+ struct domain_info *domain;
+ struct domain_info *prev_domain;
+ u32 flags;
+};
+
+#define TMY_SECURITY ((struct tmy_security *) current->security)
+
+struct path_info {
+ const char *name;
+ u32 hash; /* = full_name_hash(name, strlen(name)) */
+ u16 total_len; /* = strlen(name) */
+ u16 const_len; /* = tmy_const_part_length(name) */
+ u8 is_dir; /* = tmy_strendswith(name, "/") */
+ u8 is_patterned; /* = PathContainsPattern(name) */
+ u16 depth; /* = tmy_path_depth(name) */
+};
+
+#define TMY_MAX_PATHNAME_LEN 4000
+
+struct group_member {
+ struct group_member *next;
+ const struct path_info *member_name;
+ int is_deleted;
+};
+
+struct group_entry {
+ struct group_entry *next;
+ const struct path_info *group_name;
+ struct group_member *first_member;
+};
+
+
+struct mini_stat {
+ uid_t uid;
+ gid_t gid;
+ ino_t ino;
+};
+struct dentry;
+struct vfsmount;
+struct obj_info {
+ u8 validate_done;
+ u8 path1_valid;
+ u8 path1_parent_valid;
+ u8 path2_parent_valid;
+ struct dentry *path1_dentry;
+ struct vfsmount *path1_vfsmnt;
+ struct dentry *path2_dentry;
+ struct vfsmount *path2_vfsmnt;
+ struct mini_stat path1_stat;
+ /* I don't handle path2_stat for rename operation. */
+ struct mini_stat path1_parent_stat;
+ struct mini_stat path2_parent_stat;
+};
+struct condition_list;
+
+/*
+ * TOMOYO uses the following structures.
+ * Memory allocated for these structures are never kfree()ed.
+ * Since no locks are used for reading,
+ * assignment must be performed atomically.
+ */
+
+/************************ The structure for domains. ************************/
+
+struct acl_info {
+ struct acl_info *next;
+ const struct condition_list *cond;
+ u8 type;
+ u8 is_deleted;
+} __attribute__((__packed__));
+
+struct domain_info {
+ struct domain_info *next; /* NULL if none. */
+ struct acl_info *first_acl_ptr; /* NULL if none. */
+ const struct path_info *domainname; /* Never NULL. */
+ u8 profile;
+ u8 is_deleted;
+ u8 quota_warned;
+};
+
+#define TMY_MAX_PROFILES 256
+
+struct file_acl {
+ /* type = TMY_TYPE_FILE_ACL */
+ struct acl_info head;
+ u8 perm;
+ u8 u_is_group;
+ union {
+ const struct path_info *filename;
+ const struct group_entry *group;
+ } u;
+};
+
+struct argv0_acl {
+ /* type = TMY_TYPE_ARGV0_ACL */
+ struct acl_info head;
+ const struct path_info *filename; /* Pointer to single pathname. */
+ const struct path_info *argv0; /* strrchr(argv[0], '/') + 1 */
+};
+
+struct single_acl {
+ /* type = TMY_TYPE_* */
+ struct acl_info head;
+ u8 u_is_group;
+ union {
+ const struct path_info *filename;
+ const struct group_entry *group;
+ } u;
+};
+
+struct double_acl {
+ /* type = TMY_TYPE_RENAME_ACL or TMY_TYPE_LINK_ACL, */
+ struct acl_info head;
+ u8 u1_is_group;
+ u8 u2_is_group;
+ union {
+ const struct path_info *filename1;
+ const struct group_entry *group1;
+ } u1;
+ union {
+ const struct path_info *filename2;
+ const struct group_entry *group2;
+ } u2;
+};
+
+struct addr_group_member {
+ struct addr_group_member *next;
+ union {
+ u32 ipv4; /* Host byte order */
+ u16 ipv6[8]; /* Network byte order */
+ } min, max;
+ u8 is_deleted;
+ u8 is_ipv6;
+};
+
+struct addr_group_entry {
+ struct addr_group_entry *next;
+ const struct path_info *group_name;
+ struct addr_group_member *first_member;
+};
+
+#define TMY_TYPE_ADDRESS_GROUP 0
+#define TMY_TYPE_IPv4 1
+#define TMY_TYPE_IPv6 2
+
+struct net_acl {
+ /* type = TYPE_IP_NETWORK_ACL, */
+ struct acl_info head;
+ u8 operation_type;
+ u8 record_type;
+ union {
+ struct {
+ u32 min;
+ u32 max;
+ } ipv4;
+ struct {
+ u16 min[8];
+ u16 max[8];
+ } ipv6;
+ const struct addr_group_entry *group;
+ } u;
+ u16 min_port; /* Start of port number range. */
+ u16 max_port; /* End of port number range. */
+};
+
+struct signal_acl {
+ /* type = TYPE_SIGNAL_ACL */
+ struct acl_info head;
+ u16 sig;
+ /* Pointer to destination pattern. */
+ const struct path_info *domainname;
+};
+
+/************************* Keywords for ACLs. *************************/
+
+#define TMY_AGGREGATOR "aggregator "
+#define TMY_AGGREGATOR_LEN (sizeof(TMY_AGGREGATOR) - 1)
+#define TMY_ALIAS "alias "
+#define TMY_ALIAS_LEN (sizeof(TMY_ALIAS) - 1)
+#define TMY_ALLOW_READ "allow_read "
+#define TMY_ALLOW_READ_LEN (sizeof(TMY_ALLOW_READ) - 1)
+#define TMY_DELETE "delete "
+#define TMY_DELETE_LEN (sizeof(TMY_DELETE) - 1)
+#define TMY_DENY_REWRITE "deny_rewrite "
+#define TMY_DENY_REWRITE_LEN (sizeof(TMY_DENY_REWRITE) - 1)
+#define TMY_FILE_PATTERN "file_pattern "
+#define TMY_FILE_PATTERN_LEN (sizeof(TMY_FILE_PATTERN) - 1)
+#define TMY_INITIALIZE_DOMAIN "initialize_domain "
+#define TMY_INITIALIZE_DOMAIN_LEN (sizeof(TMY_INITIALIZE_DOMAIN) - 1)
+#define TMY_KEEP_DOMAIN "keep_domain "
+#define TMY_KEEP_DOMAIN_LEN (sizeof(TMY_KEEP_DOMAIN) - 1)
+#define TMY_NO_INITIALIZE_DOMAIN "no_initialize_domain "
+#define TMY_NO_INITIALIZE_DOMAIN_LEN (sizeof(TMY_NO_INITIALIZE_DOMAIN) - 1)
+#define TMY_NO_KEEP_DOMAIN "no_keep_domain "
+#define TMY_NO_KEEP_DOMAIN_LEN (sizeof(TMY_NO_KEEP_DOMAIN) - 1)
+#define TMY_PATH_GROUP "path_group "
+#define TMY_PATH_GROUP_LEN (sizeof(TMY_PATH_GROUP) - 1)
+#define TMY_SELECT "select "
+#define TMY_SELECT_LEN (sizeof(TMY_SELECT) - 1)
+#define TMY_UNDELETE "undelete "
+#define TMY_UNDELETE_LEN (sizeof(TMY_UNDELETE) - 1)
+
+#define TMY_ALLOW_MOUNT "allow_mount "
+#define TMY_ALLOW_MOUNT_LEN (sizeof(TMY_ALLOW_MOUNT) - 1)
+#define TMY_DENY_UNMOUNT "deny_unmount "
+#define TMY_DENY_UNMOUNT_LEN (sizeof(TMY_DENY_UNMOUNT) - 1)
+#define TMY_ALLOW_PIVOT_ROOT "allow_pivot_root "
+#define TMY_ALLOW_PIVOT_ROOT_LEN (sizeof(TMY_ALLOW_PIVOT_ROOT) - 1)
+
+#define TMY_USE_PROFILE "use_profile "
+
+#define TMY_ROOT_NAME "<kernel>"
+#define TMY_ROOT_NAME_LEN (sizeof(TMY_ROOT_NAME) - 1)
+
+#define TMY_ALLOW_ARGV0 "allow_argv0 "
+#define TMY_ALLOW_ARGV0_LEN (sizeof(TMY_ALLOW_ARGV0) - 1)
+
+#define TMY_ADDRESS_GROUP "address_group "
+#define TMY_ADDRESS_GROUP_LEN (sizeof(TMY_ADDRESS_GROUP) - 1)
+#define TMY_ALLOW_NETWORK "allow_network "
+#define TMY_ALLOW_NETWORK_LEN (sizeof(TMY_ALLOW_NETWORK) - 1)
+
+#define TMY_ALLOW_SIGNAL "allow_signal "
+#define TMY_ALLOW_SIGNAL_LEN (sizeof(TMY_ALLOW_SIGNAL) - 1)
+
+/******************** Index numbers for Access Controls. ********************/
+
+#define TMY_COMMENT 0
+#define TMY_MAC_FOR_FILE 1
+#define TMY_MAC_FOR_ARGV0 2
+#define TMY_MAC_FOR_NETWORK 3
+#define TMY_MAC_FOR_SIGNAL 4
+#define TMY_DENY_CONCEAL_MOUNT 5
+#define TMY_RESTRICT_MOUNT 6
+#define TMY_RESTRICT_UMOUNT 7
+#define TMY_RESTRICT_PIVOT_ROOT 8
+#define TMY_MAX_ACCEPT_ENTRY 9
+#define TMY_AUDIT_GRANT 10
+#define TMY_AUDIT_REJECT 11
+#define TMY_ALLOW_ENFORCE_GRACE 12
+#define TMY_MAX_CONTROL_INDEX 13
+
+#define TMY_NETWORK_ACL_UDP_BIND 0
+#define TMY_NETWORK_ACL_UDP_CONNECT 1
+#define TMY_NETWORK_ACL_TCP_BIND 2
+#define TMY_NETWORK_ACL_TCP_LISTEN 3
+#define TMY_NETWORK_ACL_TCP_CONNECT 4
+#define TMY_NETWORK_ACL_TCP_ACCEPT 5
+#define TMY_NETWORK_ACL_RAW_BIND 6
+#define TMY_NETWORK_ACL_RAW_CONNECT 7
+
+/******************** Index numbers for updates counter. ********************/
+
+#define TMY_UPDATE_DOMAINPOLICY 0
+#define TMY_UPDATE_SYSTEMPOLICY 1
+#define TMY_UPDATE_EXCEPTIONPOLICY 2
+#define TMY_UPDATE_PROFILE 3
+#define TMY_UPDATE_QUERY 4
+#define TMY_UPDATE_MANAGER 5
+#define TMY_MAX_UPDATES_COUNTER 6
+
+/*********************** Indexes for /proc interfaces. **********************/
+
+#define TMY_POLICY_DOMAINPOLICY 0
+#define TMY_POLICY_SYSTEMPOLICY 1
+#define TMY_POLICY_EXCEPTIONPOLICY 2
+#define TMY_POLICY_DOMAIN_STATUS 3
+#define TMY_INFO_PROCESS_STATUS 4
+#define TMY_INFO_MEMINFO 5
+#define TMY_INFO_SELFDOMAIN 6
+#define TMY_PROFILE 7
+#define TMY_POLICY_QUERY 8
+#define TMY_POLICY_MANAGER 9
+#define TMY_INFO_UPDATESCOUNTER 10
+#define TMY_VERSION 11
+
+/******************** The structure for /proc interfaces. *******************/
+
+struct io_buffer {
+ int (*read) (struct io_buffer *);
+ struct semaphore read_sem;
+ int (*write) (struct io_buffer *);
+ struct semaphore write_sem;
+ int (*poll) (struct file *file, poll_table *wait);
+ void *read_var1; /* The position currently reading from. */
+ void *read_var2; /* Extra variables for reading. */
+ struct domain_info *write_var1; /* The position currently writing to.*/
+ int read_step; /* The step for reading. */
+ char *read_buf; /* Buffer for reading. */
+ int read_eof; /* EOF flag for reading. */
+ int read_avail; /* Bytes available for reading. */
+ int readbuf_size; /* Size of read buffer. */
+ char *write_buf; /* Buffer for writing. */
+ int write_avail; /* Bytes available for writing. */
+ int writebuf_size; /* Size of write buffer. */
+};
+
+/************************* PROTOTYPES *************************/
+
+char *tmy_find_condition_part(char *data);
+const struct condition_list *tmy_assign_condition(const char *condition);
+int tmy_check_condition(const struct condition_list *ptr,
+ struct obj_info *obj);
+int tmy_dump_condition(struct io_buffer *head,
+ const struct condition_list *ptr);
+const char *tmy_get_exe(void);
+const char *tmy_acltype2keyword(const unsigned int acl_type);
+
+int tmy_mount_perm(char *dev_name,
+ char *dir_name,
+ char *type,
+ unsigned long flags);
+int tmy_conceal_mount(struct nameidata *nd);
+int tmy_umount_perm(struct vfsmount *mnt);
+int tmy_add_mount_policy(char *data, const int is_delete);
+int tmy_read_mount_policy(struct io_buffer *head);
+int tmy_add_no_umount_policy(char *data, const int is_delete);
+int tmy_read_no_umount_policy(struct io_buffer *head);
+int tmy_pivot_root_perm(struct nameidata *old_nd,
+ struct nameidata *new_nd);
+int tmy_add_pivot_root_policy(char *data, const int is_delete);
+int tmy_read_pivot_root_policy(struct io_buffer *head);
+
+int tmy_add_aggregator_policy(char *data, const int is_delete);
+int tmy_add_addr_group_policy(char *data, const int is_delete);
+int tmy_add_alias_policy(char *data, const int is_delete);
+int tmy_add_argv0_policy(char *data,
+ struct domain_info *domain,
+ const struct condition_list *cond,
+ const int is_delete);
+int tmy_add_acl(struct acl_info *ptr,
+ struct domain_info *domain,
+ struct acl_info *new_ptr);
+int tmy_add_domain_initializer_policy(char *data,
+ const int is_not,
+ const int is_delete);
+int tmy_add_domain_keeper_policy(char *data,
+ const int is_not,
+ const int is_delete);
+int tmy_file_perm(const char *filename0, const u8 perm, const char *operation);
+int tmy_add_file_policy(char *data,
+ struct domain_info *domain,
+ const struct condition_list *cond,
+ const int is_delete);
+int tmy_add_globally_readable_policy(char *data, const int is_delete);
+int tmy_add_group_policy(char *data, const int is_delete);
+int tmy_add_network_policy(char *data,
+ struct domain_info *domain,
+ const struct condition_list *cond,
+ const int is_delete);
+int tmy_add_no_rewrite_policy(char *pattern, const int is_delete);
+int tmy_add_pattern_policy(char *data, const int is_delete);
+int tmy_supervisor(const char *fmt, ...)
+ __attribute__((format(printf, 1, 2)));
+
+int tmy_del_acl(struct acl_info *ptr);
+int tmy_delete_domain(char *data);
+int tmy_is_correct_domain(const unsigned char *domainname,
+ const char *function);
+int tmy_correct_path(const char *filename,
+ const int start_type,
+ const int pattern_type,
+ const int end_type,
+ const char *function);
+int tmy_is_domain_def(const unsigned char *buffer);
+int tmy_path_match(const struct path_info *pathname0,
+ const struct path_info *pattern0);
+int tmy_read_aggregator_policy(struct io_buffer *head);
+int tmy_read_alias_policy(struct io_buffer *head);
+int tmy_read_domain_initializer_policy(struct io_buffer *head);
+int tmy_read_domain_keeper_policy(struct io_buffer *head);
+int tmy_read_globally_readable_policy(struct io_buffer *head);
+int tmy_read_group_policy(struct io_buffer *head);
+int tmy_read_no_rewrite_policy(struct io_buffer *head);
+int tmy_read_pattern_policy(struct io_buffer *head);
+int tmy_read_addr_group_policy(struct io_buffer *head);
+int tmy_argv0_perm(const struct path_info *filename, const char *argv0);
+int tmy_network_listen_acl(const int is_ipv6,
+ const u8 *address,
+ const u16 port);
+int tmy_network_connect_acl(const int is_ipv6,
+ const int sock_type,
+ const u8 *address,
+ const u16 port);
+int tmy_network_bind_acl(const int is_ipv6,
+ const int sock_type,
+ const u8 *address,
+ const u16 port);
+int tmy_network_sendmsg_acl(const int is_ipv6,
+ const int sock_type,
+ const u8 *address,
+ const u16 port);
+int tmy_network_accept_acl(const int is_ipv6,
+ const u8 *address,
+ const u16 port);
+int tmy_network_recvmsg_acl(const int is_ipv6,
+ const int sock_type,
+ const u8 *address,
+ const u16 port);
+
+int tmy_signal_acl(int sig, int pid);
+int tmy_add_signal_policy(char *data,
+ struct domain_info *domain,
+ const struct condition_list *cond,
+ const int is_delete);
+
+char *tmy_init_audit_log(int *len);
+int tmy_write_audit_log(char *log, const int is_granted, const int is_enforce);
+int tmy_acltype2paths(const unsigned int acl_type);
+int tmy_io_printf(struct io_buffer *head, const char *fmt, ...)
+ __attribute__((format(printf, 2, 3)));
+struct domain_info *tmy_find_domain(const char *domainname);
+struct domain_info *tmy_new_domain(const char *domainname, const u8 profile);
+struct domain_info *tmy_undelete_domain(const char *domainname0);
+unsigned int tmy_accept(const unsigned int index);
+unsigned int tmy_enforce(const unsigned int index);
+unsigned int tmy_flags(const unsigned int index);
+unsigned int tmy_audit_grant(void);
+unsigned int tmy_audit_reject(void);
+void tmy_update_counter(const unsigned char index);
+void *tmy_alloc(const size_t size);
+void tmy_free(const void *p);
+void tmy_fill_path_info(struct path_info *ptr);
+
+static inline int tmy_pathcmp(const struct path_info *a,
+ const struct path_info *b)
+{
+ return a->hash != b->hash || strcmp(a->name, b->name);
+}
+
+extern struct domain_info KERNEL_DOMAIN;
+void tmy_load_policy(const char *filename);
+int tmy_find_next_domain(struct linux_binprm *,
+ struct domain_info **);
+void tmy_proc_init(void);
+
+struct path_info;
+
+int tmy_exec_perm(const struct path_info *filename, struct file *filp);
+/* Check whether the given dentry is allowed to read/write/execute. */
+int tmy_open_perm(struct dentry *dentry, struct vfsmount *mnt, const int flag);
+/* Check whether the given dentry is allowed to write. */
+int tmy_single_write_perm(const unsigned int operation,
+ struct dentry *dentry,
+ struct vfsmount *mnt);
+int tmy_double_write_perm(const unsigned int operation,
+ struct dentry *dentry1,
+ struct vfsmount *mnt1,
+ struct dentry *dentry2,
+ struct vfsmount *mnt2);
+int tmy_rewrite_perm(struct file *filp);
+
+struct inode;
+
+/******************** Index numbers for Access Controls. ********************/
+
+#define TMY_TYPE_CREATE_ACL 0
+#define TMY_TYPE_UNLINK_ACL 1
+#define TMY_TYPE_MKDIR_ACL 2
+#define TMY_TYPE_RMDIR_ACL 3
+#define TMY_TYPE_MKFIFO_ACL 4
+#define TMY_TYPE_MKSOCK_ACL 5
+#define TMY_TYPE_MKBLOCK_ACL 6
+#define TMY_TYPE_MKCHAR_ACL 7
+#define TMY_TYPE_TRUNCATE_ACL 8
+#define TMY_TYPE_SYMLINK_ACL 9
+#define TMY_TYPE_LINK_ACL 10
+#define TMY_TYPE_RENAME_ACL 11
+#define TMY_TYPE_REWRITE_ACL 12
+
+#define TMY_TYPE_FILE_ACL 100
+#define TMY_TYPE_ARGV0_ACL 101
+#define TMY_TYPE_IP_NETWORK_ACL 103
+#define TMY_TYPE_SIGNAL_ACL 104
+
+struct linux_binprm;
+struct pt_regs;
+
+#define TMY_CHECK_READ_FOR_OPEN_EXEC 1
+
+int tmy_too_many_acl(struct domain_info * const domain);
+char *tmy_print_ipv6(char *buffer, const int buffer_len, const u16 *ip);
+const char *tmy_network2keyword(const unsigned int operation);
+
+/* to check "if task.parent.pid" condition. */
+extern asmlinkage long sys_getppid(void);
+
+#endif
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists