Eric Lee / smarc-fsl-linux-kernel

28 Mar, 2016

1 commit

12 Apr, 2015

2 commits

30 Apr, 2013

1 commit

12 Oct, 2012

1 commit

21 Sep, 2012

1 commit

15 May, 2012

1 commit

15 Mar, 2012

1 commit

  • 6041e8346   TOMOYO: Return appropriate value to poll(). ... Browse Code »

    "struct file_operations"->poll() expects "unsigned int" return value.
    All files in /sys/kernel/security/tomoyo/ directory other than
    /sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit should
    return POLLIN | POLLRDNORM | POLLOUT | POLLWRNORM rather than -ENOSYS.
    Also, /sys/kernel/security/tomoyo/query and /sys/kernel/security/tomoyo/audit
    should return POLLOUT | POLLWRNORM rather than 0 when there is no data to read.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     

11 Jan, 2012

1 commit

  • e7691a1ce   Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security ... Browse Code »

    * 'for-linus' of git://selinuxproject.org/~jmorris/linux-security: (32 commits)
    ima: fix invalid memory reference
    ima: free duplicate measurement memory
    security: update security_file_mmap() docs
    selinux: Casting (void *) value returned by kmalloc is useless
    apparmor: fix module parameter handling
    Security: tomoyo: add .gitignore file
    tomoyo: add missing rcu_dereference()
    apparmor: add missing rcu_dereference()
    evm: prevent racing during tfm allocation
    evm: key must be set once during initialization
    mpi/mpi-mpow: NULL dereference on allocation failure
    digsig: build dependency fix
    KEYS: Give key types their own lockdep class for key->sem
    TPM: fix transmit_cmd error logic
    TPM: NSC and TIS drivers X86 dependency fix
    TPM: Export wait_for_stat for other vendor specific drivers
    TPM: Use vendor specific function for status probe
    tpm_tis: add delay after aborting command
    tpm_tis: Check return code from getting timeouts/durations
    tpm: Introduce function to poll for result of self test
    ...

    Fix up trivial conflict in lib/Makefile due to addition of CONFIG_MPI
    and SIGSIG next to CONFIG_DQL addition.

    Linus Torvalds
     

04 Jan, 2012

1 commit

12 Dec, 2011

1 commit

26 Sep, 2011

3 commits

  • a427fd14d   TOMOYO: Remove tomoyo_policy_memory_lock spinlock. ... Browse Code »

    tomoyo_policy_lock mutex already protects it.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • f9732ea14   TOMOYO: Simplify garbage collector. ... Browse Code »

    When TOMOYO started using garbage collector at commit 847b173e "TOMOYO: Add
    garbage collector.", we waited for close() before kfree(). Thus, elements to be
    kfree()d were queued up using tomoyo_gc_list list.

    But it turned out that tomoyo_element_linked_by_gc() tends to choke garbage
    collector when certain pattern of entries are queued.

    Since garbage collector is no longer waiting for close() since commit 2e503bbb
    "TOMOYO: Fix lockdep warning.", we can remove tomoyo_gc_list list and
    tomoyo_element_linked_by_gc() by doing sequential processing.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • 778c4a4d6   TOMOYO: Fix make namespacecheck warnings. ... Browse Code »

    Commit efe836ab "TOMOYO: Add built-in policy support." introduced
    tomoyo_load_builtin_policy() but was by error called from nowhere.

    Commit b22b8b9f "TOMOYO: Rename meminfo to stat and show more statistics."
    introduced tomoyo_update_stat() but was by error not called from
    tomoyo_assign_domain().

    Also, mark tomoyo_io_printf() and tomoyo_path_permission() static functions,
    as reported by "make namespacecheck".

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     

19 Sep, 2011

1 commit

  • 6bce98edc   TOMOYO: Allow specifying domain transition preference. ... Browse Code »

    I got an opinion that it is difficult to use exception policy's domain
    transition control directives because they need to match the pathname specified
    to "file execute" directives. For example, if "file execute /bin/\*\-ls\-cat"
    is given, corresponding domain transition control directive needs to be like
    "no_keep_domain /bin/\*\-ls\-cat from any".

    If we can specify like below, it will become more convenient.

    file execute /bin/ls keep exec.realpath="/bin/ls" exec.argv[0]="ls"
    file execute /bin/cat keep exec.realpath="/bin/cat" exec.argv[0]="cat"
    file execute /bin/\*\-ls\-cat child
    file execute /usr/sbin/httpd exec.realpath="/usr/sbin/httpd" exec.argv[0]="/usr/sbin/httpd"

    In above examples, "keep" works as if keep_domain is specified, "child" works
    as if "no_reset_domain" and "no_initialize_domain" and "no_keep_domain" are
    specified, "" causes domain transition to domain upon
    successful execve() operation.

    Moreover, we can also allow transition to different domains based on conditions
    like below example.

    /usr/sbin/sshd
    file execute /bin/bash /usr/sbin/sshd //batch-session exec.argc=2 exec.argv[1]="-c"
    file execute /bin/bash /usr/sbin/sshd //root-session task.uid=0
    file execute /bin/bash /usr/sbin/sshd //nonroot-session task.uid!=0

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     

15 Sep, 2011

1 commit

14 Sep, 2011

4 commits

  • 731d37aa7   TOMOYO: Allow domain transition without execve(). ... Browse Code »

    To be able to split permissions for Apache's CGI programs which are executed
    without execve(), add special domain transition which is performed by writing
    a TOMOYO's domainname to /sys/kernel/security/tomoyo/self_domain interface.

    This is an API for TOMOYO-aware userland applications. However, since I expect
    TOMOYO and other LSM modules to run in parallel, this patch does not use
    /proc/self/attr/ interface in order to avoid conflicts with other LSM modules
    when it became possible to run multiple LSM modules in parallel.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • 1f067a682   TOMOYO: Allow controlling generation of access granted logs for per an entry basis. ... Browse Code »

    Add per-entry flag which controls generation of grant logs because Xen and KVM
    issues ioctl requests so frequently. For example,

    file ioctl /dev/null 0x5401 grant_log=no

    will suppress /sys/kernel/security/tomoyo/audit even if preference says
    grant_log=yes .

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • 059d84dbb   TOMOYO: Add socket operation restriction support. ... Browse Code »

    This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX
    socket's bind()/listen()/connect()/send() operations.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • d58e0da85   TOMOYO: Add environment variable name restriction support. ... Browse Code »

    This patch adds support for checking environment variable's names.
    Although TOMOYO already provides ability to check argv[]/envp[] passed to
    execve() requests,

    file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="bar"

    will reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not
    defined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,
    administrators have to specify like

    file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="/system/lib"
    file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]=NULL

    . Since there are many environment variables whereas conditional checks are
    applied as "&&", it is difficult to cover all combinations. Therefore, this
    patch supports conditional checks that are applied as "||", by specifying like

    file execute /bin/sh
    misc env LD_LIBRARY_PATH exec.envp["LD_LIBRARY_PATH"]="/system/lib"

    which means "grant execution of /bin/sh if environment variable is not defined
    or is defined and its value is /system/lib".

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     

11 Jul, 2011

5 commits

08 Jul, 2011

1 commit

30 Jun, 2011

1 commit

29 Jun, 2011

13 commits

  • efe836ab2   TOMOYO: Add built-in policy support. ... Browse Code »

    To be able to start using enforcing mode from the early stage of boot sequence,
    this patch adds support for built-in policy configuration (and next patch adds
    support for activating access control without calling external policy loader
    program).

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • b22b8b9fd   TOMOYO: Rename meminfo to stat and show more statistics. ... Browse Code »

    Show statistics such as last policy update time and last policy violation time
    in addition to memory usage.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • 2c47ab935   TOMOYO: Cleanup part 4. ... Browse Code »

    Gather string constants to one file in order to make the object size smaller.
    Use unsigned type where appropriate.
    read()/write() returns ssize_t.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • 2e503bbb4   TOMOYO: Fix lockdep warning. ... Browse Code »

    Currently TOMOYO holds SRCU lock upon open() and releases it upon close()
    because list elements stored in the "struct tomoyo_io_buffer" instances are
    accessed until close() is called. However, such SRCU usage causes lockdep to
    complain about leaving the kernel with SRCU lock held.

    This patch solves the warning by holding/releasing SRCU upon each
    read()/write(). This patch is doing something similar to calling kfree()
    without calling synchronize_srcu(), by selectively deferring kfree() by keeping
    track of the "struct tomoyo_io_buffer" instances.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • bd03a3e4c   TOMOYO: Add policy namespace support. ... Browse Code »

    Mauras Olivier reported that it is difficult to use TOMOYO in LXC environments,
    for TOMOYO cannot distinguish between environments outside the container and
    environments inside the container since LXC environments are created using
    pivot_root(). To address this problem, this patch introduces policy namespace.

    Each policy namespace has its own set of domain policy, exception policy and
    profiles, which are all independent of other namespaces. This independency
    allows users to develop policy without worrying interference among namespaces.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • 32997144f   TOMOYO: Add ACL group support. ... Browse Code »

    ACL group allows administrator to globally grant not only "file read"
    permission but also other permissions.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • eadd99cc8   TOMOYO: Add auditing interface. ... Browse Code »

    Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit
    logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse
    audit logs for appending to /sys/kernel/security/tomoyo/domain_policy
    interface.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • d5ca1725a   TOMOYO: Simplify profile structure. ... Browse Code »

    Remove global preference from profile structure in order to make code simpler.

    Due to this structure change, printk() warnings upon policy violation are
    temporarily disabled. They will be replaced by
    /sys/kernel/security/tomoyo/audit by next patch.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • 0d2171d71   TOMOYO: Rename directives. ... Browse Code »

    Convert "allow_..." style directives to "file ..." style directives.
    By converting to the latter style, we can pack policy like
    "file read/write/execute /path/to/file".

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • a238cf5b8   TOMOYO: Use struct for passing ACL line. ... Browse Code »

    Use structure for passing ACL line, in preparation for supporting policy
    namespace and conditional parameters.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • 0df7e8b8f   TOMOYO: Cleanup part 3. ... Browse Code »

    Use common structure for ACL with "struct list_head" + "atomic_t".
    Use array/struct where possible.
    Remove is_group from "struct tomoyo_name_union"/"struct tomoyo_number_union".
    Pass "struct file"->private_data rather than "struct file".
    Update some of comments.
    Bring tomoyo_same_acl_head() from common.h to domain.c .
    Bring tomoyo_invalid()/tomoyo_valid() from common.h to util.c .

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • b5bc60b4c   TOMOYO: Cleanup part 2. ... Browse Code »

    Update (or temporarily remove) comments.
    Remove or replace some of #define lines.

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa
     
  • 7c75964f4   TOMOYO: Cleanup part 1. ... Browse Code »

    In order to synchronize with TOMOYO 1.8's syntax,

    (1) Remove special handling for allow_read/write permission.
    (2) Replace deny_rewrite/allow_rewrite permission with allow_append permission.
    (3) Remove file_pattern keyword.
    (4) Remove allow_read permission from exception policy.
    (5) Allow creating domains in enforcing mode without calling supervisor.
    (6) Add permission check for opening directory for reading.
    (7) Add permission check for stat() operation.
    (8) Make "cat < /sys/kernel/security/tomoyo/self_domain" behave as if
    "cat /sys/kernel/security/tomoyo/self_domain".

    Signed-off-by: Tetsuo Handa
    Signed-off-by: James Morris

    Tetsuo Handa