Blame view
security/tomoyo/tomoyo.c
14.6 KB
f74332437 LSM adapter funct... |
1 2 3 |
/* * security/tomoyo/tomoyo.c * |
0f2a55d5b TOMOYO: Update ke... |
4 |
* Copyright (C) 2005-2011 NTT DATA CORPORATION |
f74332437 LSM adapter funct... |
5 |
*/ |
3c4ed7bdf LSM: Split securi... |
6 |
#include <linux/lsm_hooks.h> |
f74332437 LSM adapter funct... |
7 |
#include "common.h" |
f74332437 LSM adapter funct... |
8 |
|
0f2a55d5b TOMOYO: Update ke... |
9 10 11 12 13 14 15 16 |
/** * tomoyo_cred_alloc_blank - Target for security_cred_alloc_blank(). * * @new: Pointer to "struct cred". * @gfp: Memory allocation flags. * * Returns 0. */ |
ee18d64c1 KEYS: Add a keyct... |
17 18 19 20 21 |
static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) { new->security = NULL; return 0; } |
0f2a55d5b TOMOYO: Update ke... |
22 23 24 25 26 27 28 29 30 |
/** * tomoyo_cred_prepare - Target for security_prepare_creds(). * * @new: Pointer to "struct cred". * @old: Pointer to "struct cred". * @gfp: Memory allocation flags. * * Returns 0. */ |
f74332437 LSM adapter funct... |
31 32 33 |
static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { |
ec8e6a4e0 TOMOYO: Add refco... |
34 35 36 37 |
struct tomoyo_domain_info *domain = old->security; new->security = domain; if (domain) atomic_inc(&domain->users); |
f74332437 LSM adapter funct... |
38 39 |
return 0; } |
0f2a55d5b TOMOYO: Update ke... |
40 41 42 43 44 45 |
/** * tomoyo_cred_transfer - Target for security_transfer_creds(). * * @new: Pointer to "struct cred". * @old: Pointer to "struct cred". */ |
ee18d64c1 KEYS: Add a keyct... |
46 47 |
static void tomoyo_cred_transfer(struct cred *new, const struct cred *old) { |
ec8e6a4e0 TOMOYO: Add refco... |
48 49 |
tomoyo_cred_prepare(new, old, 0); } |
0f2a55d5b TOMOYO: Update ke... |
50 51 52 53 54 |
/** * tomoyo_cred_free - Target for security_cred_free(). * * @cred: Pointer to "struct cred". */ |
ec8e6a4e0 TOMOYO: Add refco... |
55 56 57 58 59 |
static void tomoyo_cred_free(struct cred *cred) { struct tomoyo_domain_info *domain = cred->security; if (domain) atomic_dec(&domain->users); |
ee18d64c1 KEYS: Add a keyct... |
60 |
} |
0f2a55d5b TOMOYO: Update ke... |
61 62 63 64 65 66 67 |
/** * tomoyo_bprm_set_creds - Target for security_bprm_set_creds(). * * @bprm: Pointer to "struct linux_binprm". * * Returns 0 on success, negative value otherwise. */ |
f74332437 LSM adapter funct... |
68 69 70 71 72 73 74 75 |
static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) { /* * Do only if this function is called for the first time of an execve * operation. */ if (bprm->cred_prepared) return 0; |
7986cf28b TOMOYO: Fix build... |
76 |
#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
f74332437 LSM adapter funct... |
77 78 79 80 81 82 |
/* * Load policy if /sbin/tomoyo-init exists and /sbin/init is requested * for the first time. */ if (!tomoyo_policy_loaded) tomoyo_load_policy(bprm->filename); |
7986cf28b TOMOYO: Fix build... |
83 |
#endif |
f74332437 LSM adapter funct... |
84 |
/* |
ec8e6a4e0 TOMOYO: Add refco... |
85 86 87 88 89 90 91 92 |
* Release reference to "struct tomoyo_domain_info" stored inside * "bprm->cred->security". New reference to "struct tomoyo_domain_info" * stored inside "bprm->cred->security" will be acquired later inside * tomoyo_find_next_domain(). */ atomic_dec(&((struct tomoyo_domain_info *) bprm->cred->security)->users); /* |
f74332437 LSM adapter funct... |
93 94 95 96 97 98 |
* Tell tomoyo_bprm_check_security() is called for the first time of an * execve operation. */ bprm->cred->security = NULL; return 0; } |
0f2a55d5b TOMOYO: Update ke... |
99 100 101 102 103 104 105 |
/** * tomoyo_bprm_check_security - Target for security_bprm_check(). * * @bprm: Pointer to "struct linux_binprm". * * Returns 0 on success, negative value otherwise. */ |
f74332437 LSM adapter funct... |
106 107 108 109 110 111 112 113 |
static int tomoyo_bprm_check_security(struct linux_binprm *bprm) { struct tomoyo_domain_info *domain = bprm->cred->security; /* * Execute permission is checked against pathname passed to do_execve() * using current domain. */ |
fdb8ebb72 TOMOYO: Use RCU p... |
114 |
if (!domain) { |
fdb8ebb72 TOMOYO: Use RCU p... |
115 116 117 118 119 |
const int idx = tomoyo_read_lock(); const int err = tomoyo_find_next_domain(bprm); tomoyo_read_unlock(idx); return err; } |
f74332437 LSM adapter funct... |
120 121 |
/* * Read permission is checked against interpreters using next domain. |
f74332437 LSM adapter funct... |
122 |
*/ |
0f2a55d5b TOMOYO: Update ke... |
123 124 |
return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY); |
f74332437 LSM adapter funct... |
125 |
} |
0f2a55d5b TOMOYO: Update ke... |
126 127 128 129 130 131 132 133 |
/** * tomoyo_inode_getattr - Target for security_inode_getattr(). * * @mnt: Pointer to "struct vfsmount". * @dentry: Pointer to "struct dentry". * * Returns 0 on success, negative value otherwise. */ |
3f7036a07 switch security_i... |
134 |
static int tomoyo_inode_getattr(const struct path *path) |
7c75964f4 TOMOYO: Cleanup p... |
135 |
{ |
3f7036a07 switch security_i... |
136 |
return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, path, NULL); |
7c75964f4 TOMOYO: Cleanup p... |
137 |
} |
0f2a55d5b TOMOYO: Update ke... |
138 139 140 141 142 143 144 |
/** * tomoyo_path_truncate - Target for security_path_truncate(). * * @path: Pointer to "struct path". * * Returns 0 on success, negative value otherwise. */ |
81f4c5060 constify security... |
145 |
static int tomoyo_path_truncate(const struct path *path) |
f74332437 LSM adapter funct... |
146 |
{ |
97fb35e41 TOMOYO: Enable co... |
147 |
return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL); |
f74332437 LSM adapter funct... |
148 |
} |
0f2a55d5b TOMOYO: Update ke... |
149 150 151 152 153 154 155 156 |
/** * tomoyo_path_unlink - Target for security_path_unlink(). * * @parent: Pointer to "struct path". * @dentry: Pointer to "struct dentry". * * Returns 0 on success, negative value otherwise. */ |
989f74e05 constify security... |
157 |
static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) |
f74332437 LSM adapter funct... |
158 159 |
{ struct path path = { parent->mnt, dentry }; |
97fb35e41 TOMOYO: Enable co... |
160 |
return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); |
f74332437 LSM adapter funct... |
161 |
} |
0f2a55d5b TOMOYO: Update ke... |
162 163 164 165 166 167 168 169 170 |
/** * tomoyo_path_mkdir - Target for security_path_mkdir(). * * @parent: Pointer to "struct path". * @dentry: Pointer to "struct dentry". * @mode: DAC permission mode. * * Returns 0 on success, negative value otherwise. */ |
d36077521 constify security... |
171 |
static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, |
4572befe2 switch ->path_mkd... |
172 |
umode_t mode) |
f74332437 LSM adapter funct... |
173 174 |
{ struct path path = { parent->mnt, dentry }; |
a1f9bb6a3 TOMOYO: Split fil... |
175 176 |
return tomoyo_path_number_perm(TOMOYO_TYPE_MKDIR, &path, mode & S_IALLUGO); |
f74332437 LSM adapter funct... |
177 |
} |
0f2a55d5b TOMOYO: Update ke... |
178 179 180 181 182 183 184 185 |
/** * tomoyo_path_rmdir - Target for security_path_rmdir(). * * @parent: Pointer to "struct path". * @dentry: Pointer to "struct dentry". * * Returns 0 on success, negative value otherwise. */ |
989f74e05 constify security... |
186 |
static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) |
f74332437 LSM adapter funct... |
187 188 |
{ struct path path = { parent->mnt, dentry }; |
97fb35e41 TOMOYO: Enable co... |
189 |
return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); |
f74332437 LSM adapter funct... |
190 |
} |
0f2a55d5b TOMOYO: Update ke... |
191 192 193 194 195 196 197 198 199 |
/** * tomoyo_path_symlink - Target for security_path_symlink(). * * @parent: Pointer to "struct path". * @dentry: Pointer to "struct dentry". * @old_name: Symlink's content. * * Returns 0 on success, negative value otherwise. */ |
d36077521 constify security... |
200 |
static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, |
f74332437 LSM adapter funct... |
201 202 203 |
const char *old_name) { struct path path = { parent->mnt, dentry }; |
97fb35e41 TOMOYO: Enable co... |
204 |
return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path, old_name); |
f74332437 LSM adapter funct... |
205 |
} |
0f2a55d5b TOMOYO: Update ke... |
206 207 208 209 210 211 212 213 214 215 |
/** * tomoyo_path_mknod - Target for security_path_mknod(). * * @parent: Pointer to "struct path". * @dentry: Pointer to "struct dentry". * @mode: DAC permission mode. * @dev: Device attributes. * * Returns 0 on success, negative value otherwise. */ |
d36077521 constify security... |
216 |
static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, |
04fc66e78 switch ->path_mkn... |
217 |
umode_t mode, unsigned int dev) |
f74332437 LSM adapter funct... |
218 219 |
{ struct path path = { parent->mnt, dentry }; |
7ef612331 TOMOYO: Use short... |
220 |
int type = TOMOYO_TYPE_CREATE; |
a1f9bb6a3 TOMOYO: Split fil... |
221 |
const unsigned int perm = mode & S_IALLUGO; |
f74332437 LSM adapter funct... |
222 223 224 |
switch (mode & S_IFMT) { case S_IFCHR: |
7ef612331 TOMOYO: Use short... |
225 |
type = TOMOYO_TYPE_MKCHAR; |
f74332437 LSM adapter funct... |
226 227 |
break; case S_IFBLK: |
7ef612331 TOMOYO: Use short... |
228 |
type = TOMOYO_TYPE_MKBLOCK; |
f74332437 LSM adapter funct... |
229 |
break; |
a1f9bb6a3 TOMOYO: Split fil... |
230 231 232 |
default: goto no_dev; } |
75093152a TOMOYO: Rename sy... |
233 |
return tomoyo_mkdev_perm(type, &path, perm, dev); |
a1f9bb6a3 TOMOYO: Split fil... |
234 235 |
no_dev: switch (mode & S_IFMT) { |
f74332437 LSM adapter funct... |
236 |
case S_IFIFO: |
7ef612331 TOMOYO: Use short... |
237 |
type = TOMOYO_TYPE_MKFIFO; |
f74332437 LSM adapter funct... |
238 239 |
break; case S_IFSOCK: |
7ef612331 TOMOYO: Use short... |
240 |
type = TOMOYO_TYPE_MKSOCK; |
f74332437 LSM adapter funct... |
241 242 |
break; } |
a1f9bb6a3 TOMOYO: Split fil... |
243 |
return tomoyo_path_number_perm(type, &path, perm); |
f74332437 LSM adapter funct... |
244 |
} |
0f2a55d5b TOMOYO: Update ke... |
245 246 247 248 249 250 251 252 253 |
/** * tomoyo_path_link - Target for security_path_link(). * * @old_dentry: Pointer to "struct dentry". * @new_dir: Pointer to "struct path". * @new_dentry: Pointer to "struct dentry". * * Returns 0 on success, negative value otherwise. */ |
3ccee46ab constify security... |
254 |
static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir, |
f74332437 LSM adapter funct... |
255 256 257 258 |
struct dentry *new_dentry) { struct path path1 = { new_dir->mnt, old_dentry }; struct path path2 = { new_dir->mnt, new_dentry }; |
97d6931ea TOMOYO: Remove un... |
259 |
return tomoyo_path2_perm(TOMOYO_TYPE_LINK, &path1, &path2); |
f74332437 LSM adapter funct... |
260 |
} |
0f2a55d5b TOMOYO: Update ke... |
261 262 263 264 265 266 267 268 269 270 |
/** * tomoyo_path_rename - Target for security_path_rename(). * * @old_parent: Pointer to "struct path". * @old_dentry: Pointer to "struct dentry". * @new_parent: Pointer to "struct path". * @new_dentry: Pointer to "struct dentry". * * Returns 0 on success, negative value otherwise. */ |
3ccee46ab constify security... |
271 |
static int tomoyo_path_rename(const struct path *old_parent, |
f74332437 LSM adapter funct... |
272 |
struct dentry *old_dentry, |
3ccee46ab constify security... |
273 |
const struct path *new_parent, |
f74332437 LSM adapter funct... |
274 275 276 277 |
struct dentry *new_dentry) { struct path path1 = { old_parent->mnt, old_dentry }; struct path path2 = { new_parent->mnt, new_dentry }; |
97d6931ea TOMOYO: Remove un... |
278 |
return tomoyo_path2_perm(TOMOYO_TYPE_RENAME, &path1, &path2); |
f74332437 LSM adapter funct... |
279 |
} |
0f2a55d5b TOMOYO: Update ke... |
280 281 282 283 284 285 286 287 288 |
/** * tomoyo_file_fcntl - Target for security_file_fcntl(). * * @file: Pointer to "struct file". * @cmd: Command for fcntl(). * @arg: Argument for @cmd. * * Returns 0 on success, negative value otherwise. */ |
f74332437 LSM adapter funct... |
289 290 291 |
static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg) { |
7c75964f4 TOMOYO: Cleanup p... |
292 293 294 295 |
if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND))) return 0; return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path, O_WRONLY | (arg & O_APPEND)); |
f74332437 LSM adapter funct... |
296 |
} |
0f2a55d5b TOMOYO: Update ke... |
297 |
/** |
83d498569 SELinux: rename d... |
298 |
* tomoyo_file_open - Target for security_file_open(). |
0f2a55d5b TOMOYO: Update ke... |
299 300 301 302 303 304 |
* * @f: Pointer to "struct file". * @cred: Pointer to "struct cred". * * Returns 0 on success, negative value otherwise. */ |
83d498569 SELinux: rename d... |
305 |
static int tomoyo_file_open(struct file *f, const struct cred *cred) |
f74332437 LSM adapter funct... |
306 307 |
{ int flags = f->f_flags; |
f74332437 LSM adapter funct... |
308 309 310 311 312 |
/* Don't check read permission here if called from do_execve(). */ if (current->in_execve) return 0; return tomoyo_check_open_permission(tomoyo_domain(), &f->f_path, flags); } |
0f2a55d5b TOMOYO: Update ke... |
313 314 315 316 317 318 319 320 321 |
/** * tomoyo_file_ioctl - Target for security_file_ioctl(). * * @file: Pointer to "struct file". * @cmd: Command for ioctl(). * @arg: Argument for @cmd. * * Returns 0 on success, negative value otherwise. */ |
937bf6133 TOMOYO: Add rest ... |
322 323 324 |
static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) { |
a1f9bb6a3 TOMOYO: Split fil... |
325 |
return tomoyo_path_number_perm(TOMOYO_TYPE_IOCTL, &file->f_path, cmd); |
937bf6133 TOMOYO: Add rest ... |
326 |
} |
0f2a55d5b TOMOYO: Update ke... |
327 328 329 |
/** * tomoyo_path_chmod - Target for security_path_chmod(). * |
cdcf116d4 switch security_p... |
330 331 |
* @path: Pointer to "struct path". * @mode: DAC permission mode. |
0f2a55d5b TOMOYO: Update ke... |
332 333 334 |
* * Returns 0 on success, negative value otherwise. */ |
be01f9f28 constify chmod_co... |
335 |
static int tomoyo_path_chmod(const struct path *path, umode_t mode) |
937bf6133 TOMOYO: Add rest ... |
336 |
{ |
cdcf116d4 switch security_p... |
337 |
return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path, |
a1f9bb6a3 TOMOYO: Split fil... |
338 |
mode & S_IALLUGO); |
937bf6133 TOMOYO: Add rest ... |
339 |
} |
0f2a55d5b TOMOYO: Update ke... |
340 341 342 343 344 345 346 347 348 |
/** * tomoyo_path_chown - Target for security_path_chown(). * * @path: Pointer to "struct path". * @uid: Owner ID. * @gid: Group ID. * * Returns 0 on success, negative value otherwise. */ |
7fd25dac9 constify chown_co... |
349 |
static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid) |
937bf6133 TOMOYO: Add rest ... |
350 351 |
{ int error = 0; |
d2b31ca64 userns: Teach sec... |
352 353 354 355 356 357 |
if (uid_valid(uid)) error = tomoyo_path_number_perm(TOMOYO_TYPE_CHOWN, path, from_kuid(&init_user_ns, uid)); if (!error && gid_valid(gid)) error = tomoyo_path_number_perm(TOMOYO_TYPE_CHGRP, path, from_kgid(&init_user_ns, gid)); |
937bf6133 TOMOYO: Add rest ... |
358 359 |
return error; } |
0f2a55d5b TOMOYO: Update ke... |
360 361 362 363 364 365 366 |
/** * tomoyo_path_chroot - Target for security_path_chroot(). * * @path: Pointer to "struct path". * * Returns 0 on success, negative value otherwise. */ |
77b286c0d constify security... |
367 |
static int tomoyo_path_chroot(const struct path *path) |
937bf6133 TOMOYO: Add rest ... |
368 |
{ |
97fb35e41 TOMOYO: Enable co... |
369 |
return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL); |
937bf6133 TOMOYO: Add rest ... |
370 |
} |
0f2a55d5b TOMOYO: Update ke... |
371 372 373 374 375 376 377 378 379 380 381 |
/** * tomoyo_sb_mount - Target for security_sb_mount(). * * @dev_name: Name of device file. Maybe NULL. * @path: Pointer to "struct path". * @type: Name of filesystem type. Maybe NULL. * @flags: Mount options. * @data: Optional data. Maybe NULL. * * Returns 0 on success, negative value otherwise. */ |
8a04c43b8 constify security... |
382 |
static int tomoyo_sb_mount(const char *dev_name, const struct path *path, |
808d4e3cf consitify do_moun... |
383 |
const char *type, unsigned long flags, void *data) |
937bf6133 TOMOYO: Add rest ... |
384 |
{ |
2106ccd97 TOMOYO: Add mount... |
385 |
return tomoyo_mount_permission(dev_name, path, type, flags, data); |
937bf6133 TOMOYO: Add rest ... |
386 |
} |
0f2a55d5b TOMOYO: Update ke... |
387 388 389 390 391 392 393 394 |
/** * tomoyo_sb_umount - Target for security_sb_umount(). * * @mnt: Pointer to "struct vfsmount". * @flags: Unmount options. * * Returns 0 on success, negative value otherwise. */ |
937bf6133 TOMOYO: Add rest ... |
395 396 397 |
static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) { struct path path = { mnt, mnt->mnt_root }; |
97fb35e41 TOMOYO: Enable co... |
398 |
return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path, NULL); |
937bf6133 TOMOYO: Add rest ... |
399 |
} |
0f2a55d5b TOMOYO: Update ke... |
400 401 402 403 404 405 406 407 |
/** * tomoyo_sb_pivotroot - Target for security_sb_pivotroot(). * * @old_path: Pointer to "struct path". * @new_path: Pointer to "struct path". * * Returns 0 on success, negative value otherwise. */ |
3b73b68c0 constify security... |
408 |
static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path) |
937bf6133 TOMOYO: Add rest ... |
409 |
{ |
97d6931ea TOMOYO: Remove un... |
410 |
return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); |
937bf6133 TOMOYO: Add rest ... |
411 |
} |
059d84dbb TOMOYO: Add socke... |
412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 |
/** * tomoyo_socket_listen - Check permission for listen(). * * @sock: Pointer to "struct socket". * @backlog: Backlog parameter. * * Returns 0 on success, negative value otherwise. */ static int tomoyo_socket_listen(struct socket *sock, int backlog) { return tomoyo_socket_listen_permission(sock); } /** * tomoyo_socket_connect - Check permission for connect(). * * @sock: Pointer to "struct socket". * @addr: Pointer to "struct sockaddr". * @addr_len: Size of @addr. * * Returns 0 on success, negative value otherwise. */ static int tomoyo_socket_connect(struct socket *sock, struct sockaddr *addr, int addr_len) { return tomoyo_socket_connect_permission(sock, addr, addr_len); } /** * tomoyo_socket_bind - Check permission for bind(). * * @sock: Pointer to "struct socket". * @addr: Pointer to "struct sockaddr". * @addr_len: Size of @addr. * * Returns 0 on success, negative value otherwise. */ static int tomoyo_socket_bind(struct socket *sock, struct sockaddr *addr, int addr_len) { return tomoyo_socket_bind_permission(sock, addr, addr_len); } /** * tomoyo_socket_sendmsg - Check permission for sendmsg(). * * @sock: Pointer to "struct socket". * @msg: Pointer to "struct msghdr". * @size: Size of message. * * Returns 0 on success, negative value otherwise. */ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) { return tomoyo_socket_sendmsg_permission(sock, msg, size); } |
c3fa109a5 TOMOYO: Add descr... |
469 470 471 472 |
/* * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. */ |
b1d9e6b06 LSM: Switch to li... |
473 |
static struct security_hook_list tomoyo_hooks[] = { |
e20b043a6 LSM: Add security... |
474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 |
LSM_HOOK_INIT(cred_alloc_blank, tomoyo_cred_alloc_blank), LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare), LSM_HOOK_INIT(cred_transfer, tomoyo_cred_transfer), LSM_HOOK_INIT(cred_free, tomoyo_cred_free), LSM_HOOK_INIT(bprm_set_creds, tomoyo_bprm_set_creds), LSM_HOOK_INIT(bprm_check_security, tomoyo_bprm_check_security), LSM_HOOK_INIT(file_fcntl, tomoyo_file_fcntl), LSM_HOOK_INIT(file_open, tomoyo_file_open), LSM_HOOK_INIT(path_truncate, tomoyo_path_truncate), LSM_HOOK_INIT(path_unlink, tomoyo_path_unlink), LSM_HOOK_INIT(path_mkdir, tomoyo_path_mkdir), LSM_HOOK_INIT(path_rmdir, tomoyo_path_rmdir), LSM_HOOK_INIT(path_symlink, tomoyo_path_symlink), LSM_HOOK_INIT(path_mknod, tomoyo_path_mknod), LSM_HOOK_INIT(path_link, tomoyo_path_link), LSM_HOOK_INIT(path_rename, tomoyo_path_rename), LSM_HOOK_INIT(inode_getattr, tomoyo_inode_getattr), LSM_HOOK_INIT(file_ioctl, tomoyo_file_ioctl), LSM_HOOK_INIT(path_chmod, tomoyo_path_chmod), LSM_HOOK_INIT(path_chown, tomoyo_path_chown), LSM_HOOK_INIT(path_chroot, tomoyo_path_chroot), LSM_HOOK_INIT(sb_mount, tomoyo_sb_mount), LSM_HOOK_INIT(sb_umount, tomoyo_sb_umount), LSM_HOOK_INIT(sb_pivotroot, tomoyo_sb_pivotroot), LSM_HOOK_INIT(socket_bind, tomoyo_socket_bind), LSM_HOOK_INIT(socket_connect, tomoyo_socket_connect), LSM_HOOK_INIT(socket_listen, tomoyo_socket_listen), LSM_HOOK_INIT(socket_sendmsg, tomoyo_socket_sendmsg), |
f74332437 LSM adapter funct... |
502 |
}; |
fdb8ebb72 TOMOYO: Use RCU p... |
503 |
/* Lock for GC. */ |
505f14f7b tomoyo: use DEFIN... |
504 |
DEFINE_SRCU(tomoyo_ss); |
fdb8ebb72 TOMOYO: Use RCU p... |
505 |
|
0f2a55d5b TOMOYO: Update ke... |
506 507 508 509 510 |
/** * tomoyo_init - Register TOMOYO Linux as a LSM module. * * Returns 0. */ |
f74332437 LSM adapter funct... |
511 512 513 |
static int __init tomoyo_init(void) { struct cred *cred = (struct cred *) current_cred(); |
b1d9e6b06 LSM: Switch to li... |
514 |
if (!security_module_enable("tomoyo")) |
f74332437 LSM adapter funct... |
515 516 |
return 0; /* register ourselves with the security framework */ |
b1d9e6b06 LSM: Switch to li... |
517 |
security_add_hooks(tomoyo_hooks, ARRAY_SIZE(tomoyo_hooks)); |
f74332437 LSM adapter funct... |
518 519 520 |
printk(KERN_INFO "TOMOYO Linux initialized "); cred->security = &tomoyo_kernel_domain; |
c3ef1500e TOMOYO: Split fil... |
521 |
tomoyo_mm_init(); |
f74332437 LSM adapter funct... |
522 523 524 525 |
return 0; } security_initcall(tomoyo_init); |