[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9d732d950708251546t6a441c4pd3ce78c46ce27617@mail.gmail.com>
Date: Sun, 26 Aug 2007 07:46:37 +0900
From: "Toshiharu Harada" <haradats@...il.com>
To: "Pavel Machek" <pavel@....cz>
Cc: "Kentaro Takeda" <k.takeda26@...il.com>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, chrisw@...s-sol.org
Subject: Re: [TOMOYO 14/15] Conditional permission support.
Hi,
2007/8/25, Pavel Machek <pavel@....cz>:
> Hi!
>
> > This patch allows administrators use conditional permission.
> > TOMOYO Linux supports conditional permission based on
> > process's UID,GID etc. and/or requested pathname's UID/GID.
> >
> > Signed-off-by: Kentaro Takeda <takedakn@...data.co.jp>
> > Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
>
> > + * Since the trailing spaces are removed by tmy_normalize_line(),
> > + * the last "\040if\040" sequence corresponds to condition part.
> > + */
> > +char *tmy_find_condition_part(char *data)
> > +{
> > + char *cp = strstr(data, " if ");
> > + if (cp) {
> > + char *cp2;
> > + while ((cp2 = strstr(cp + 3, " if ")) != NULL)
> > + cp = cp2;
> > + *cp++ = '\0';
> > + }
> > + return cp;
> > +}
> ...
>
> > + unsigned long left_min = 0;
> > + unsigned long left_max = 0;
> > + unsigned long right_min = 0;
> > + unsigned long right_max = 0;
> > + if (strncmp(condition, "if ", 3))
> > + return NULL;
> > + condition += 3;
> > + start = condition;
> > + while (*condition) {
> > + if (*condition == ' ')
> > + condition++;
> > + for (left = 0; left < MAX_KEYWORD; left++) {
> > + if (strncmp(condition, cc_keyword[left].keyword,
> > + cc_keyword[left].keyword_len))
> > + continue;
> > + condition += cc_keyword[left].keyword_len;
> > + break;
> > + }
> > + if (left == MAX_KEYWORD) {
> > + if (!tmy_parse_ulong(&left_min, &condition))
> > + goto out;
> > + counter++; /* body */
> > + if (*condition != '-')
> > + goto not_range1;
> > + condition++;
> > + if (!tmy_parse_ulong(&left_max, &condition)
> > + || left_min > left_max)
> > + goto out;
> > + counter++; /* body */
> > +not_range1: ;
> > + }
> > + if (strncmp(condition, "!=", 2) == 0)
> > + condition += 2;
> > + else if (*condition == '=')
> > + condition++;
> > + else
> > + goto out;
> > + counter++; /* header */
> > + for (right = 0; right < MAX_KEYWORD; right++) {
> > + if (strncmp(condition, cc_keyword[right].keyword,
> > + cc_keyword[right].keyword_len))
> > + continue;
> > + condition += cc_keyword[right].keyword_len;
> > + break;
> > + }
>
> What is that? Language parser in kernel?
>
> Pavel
Key idea of TOMOYO Linux is to let each process to remember the program
(path) name. Names are stored in task struct and "appended" to the list when
execve is called.
An example of /usr/lib/cups/backend/lpd.
(picked up from
http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/centos4.4/domain_policy.txt?v=policy-sample)
/etc/rc.d/init.d/cups (fork&exec)
/sbin/initlog (fork&exec)
/usr/sbin/cupsd (fork&exec)
/bin/bash (fork&exec)
/usr/lib/cups/backend/lpd (current process)
SELinux and other DTE implementations need domain definitions to work.
It is administrators task to design domains and name each domains.
TOMOYO Linux can be used as DTE MAC, but administrators don't
have to define and name domains. Because TOMOYO Linux
automatically defines domains and name them (from booting to
shutdown).
I wrote "TOMOYO Linux can be used as MAC", because
users can just view the domain transitions and analyze systems
with TOMOYO Linux. Or they can use TOMOYO Linux to
get logs with process invocation histories instead of a simple
program name.
TOMOYO Linux policy consists of path names and they are currently
handled as strings.
Thanks.
--
Toshiharu Harada
NTT DATA CORPORATION
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists