28 Mar, 2016
9 commits
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
... as well as unix_mknod() and may_o_create()
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
12 May, 2015
3 commits
-
Instead of using a vector of security operations
with explicit, special case stacking of the capability
and yama hooks use lists of hooks with capability and
yama hooks included as appropriate.The security_operations structure is no longer required.
Instead, there is a union of the function pointers that
allows all the hooks lists to use a common mechanism for
list management while retaining typing. Each module
supplies an array describing the hooks it provides instead
of a sparsely populated security_operations structure.
The description includes the element that gets put on
the hook list, avoiding the issues surrounding individual
element allocation.The method for registering security modules is changed to
reflect the information available. The method for removing
a module, currently only used by SELinux, has also changed.
It should be generic now, however if there are potential
race conditions based on ordering of hook removal that needs
to be addressed by the calling module.The security hooks are called from the lists and the first
failure is returned.Signed-off-by: Casey Schaufler
Acked-by: John Johansen
Acked-by: Kees Cook
Acked-by: Paul Moore
Acked-by: Stephen Smalley
Acked-by: Tetsuo Handa
Signed-off-by: James Morris -
Add a list header for each security hook. They aren't used until
later in the patch series. They are grouped together in a structure
so that there doesn't need to be an external address for each.Macro-ize the initialization of the security_operations
for each security module in anticipation of changing out
the security_operations structure.Signed-off-by: Casey Schaufler
Acked-by: John Johansen
Acked-by: Kees Cook
Acked-by: Paul Moore
Acked-by: Stephen Smalley
Acked-by: Tetsuo Handa
Signed-off-by: James Morris -
The security.h header file serves two purposes,
interfaces for users of the security modules and
interfaces for security modules. Users of the
security modules don't need to know about what's
in the security_operations structure, so pull it
out into it's own header, lsm_hooks.hSigned-off-by: Casey Schaufler
Acked-by: John Johansen
Acked-by: Kees Cook
Acked-by: Paul Moore
Acked-by: Stephen Smalley
Acked-by: Tetsuo Handa
Signed-off-by: James Morris
12 Apr, 2015
1 commit
-
Signed-off-by: Al Viro
18 Mar, 2013
1 commit
-
DEFINE_STATIC_SRCU() defines srcu struct and do init at build time.
Signed-off-by: Lai Jiangshan
Acked-by: Tetsuo Handa
Signed-off-by: James Morris
12 Oct, 2012
1 commit
-
Signed-off-by: Al Viro
21 Sep, 2012
1 commit
-
Don't make the security modules deal with raw user space uid and
gids instead pass in a kuid_t and a kgid_t so that security modules
only have to deal with internal kernel uids and gids.Cc: Al Viro
Cc: James Morris
Cc: John Johansen
Cc: Kentaro Takeda
Cc: Tetsuo Handa
Acked-by: Serge Hallyn
Signed-off-by: Eric W. Biederman
10 Apr, 2012
1 commit
-
dentry_open takes a file, rename it to file_open
Signed-off-by: Eric Paris
07 Jan, 2012
1 commit
-
Signed-off-by: Al Viro
04 Jan, 2012
3 commits
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
-
Signed-off-by: Al Viro
14 Sep, 2011
1 commit
-
This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX
socket's bind()/listen()/connect()/send() operations.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
14 Jul, 2011
1 commit
-
Update comments for scripts/kernel-doc and fix some of errors reported by
scripts/checkpatch.pl .Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
11 Jul, 2011
1 commit
-
Enable conditional ACL by passing object's pointers.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
30 Jun, 2011
1 commit
-
I forgot to add #ifndef in commit 0e4ae0e0 "TOMOYO: Make several options
configurable.", resultingsecurity/built-in.o: In function `tomoyo_bprm_set_creds':
tomoyo.c:(.text+0x4698e): undefined reference to `tomoyo_load_policy'error.
Reported-by: Stephen Rothwell
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
29 Jun, 2011
1 commit
-
In order to synchronize with TOMOYO 1.8's syntax,
(1) Remove special handling for allow_read/write permission.
(2) Replace deny_rewrite/allow_rewrite permission with allow_append permission.
(3) Remove file_pattern keyword.
(4) Remove allow_read permission from exception policy.
(5) Allow creating domains in enforcing mode without calling supervisor.
(6) Add permission check for opening directory for reading.
(7) Add permission check for stat() operation.
(8) Make "cat < /sys/kernel/security/tomoyo/self_domain" behave as if
"cat /sys/kernel/security/tomoyo/self_domain".Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
02 Aug, 2010
6 commits
-
Use shorter name in order to make it easier to fix 80 columns limit.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
When commit be6d3e56a6b9b3a4ee44a0685e39e595073c6f0d "introduce new LSM hooks
where vfsmount is available." was proposed, regarding security_path_truncate(),
only "struct file *" argument (which AppArmor wanted to use) was removed.
But length and time_attrs arguments are not used by TOMOYO nor AppArmor.
Thus, let's remove these arguments.Signed-off-by: Tetsuo Handa
Acked-by: Nick Piggin
Signed-off-by: James Morris -
security/tomoyo/common.c became too large to read.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
mount(2) has three string and one numeric parameters.
Split mount restriction code from security/tomoyo/file.c .Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Check numeric parameters for operations that deal them
(e.g. chmod/chown/ioctl).Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Use "struct tomoyo_request_info" instead of passing individual arguments.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
01 Mar, 2010
1 commit
16 Feb, 2010
2 commits
-
tomoyo_path_perm() tomoyo_path2_perm() and tomoyo_check_rewrite_permission()
always receive tomoyo_domain(). We can move it from caller to callee.Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris -
Use shorter name to reduce newlines needed for 80 columns limit.
Signed-off-by: Tetsuo Handa
Signed-off-by: James Morris
15 Feb, 2010
2 commits
-
Add refcounter to "struct tomoyo_domain_info" since garbage collector needs to
determine whether this struct is referred by "struct cred"->security or not.Signed-off-by: Tetsuo Handa
Acked-by: Serge Hallyn
Signed-off-by: James Morris -
Gather structures and constants scattered around security/tomoyo/ directory.
This is for preparation for adding garbage collector since garbage collector
needs to know structures and constants which TOMOYO uses.Signed-off-by: Tetsuo Handa
Acked-by: Serge Hallyn
Signed-off-by: James Morris
14 Jan, 2010
1 commit
-
commit 5300990c0370e804e49d9a59d928c5d53fb73487 had stepped on a rather
nasty mess: definitions of ACC_MODE used to be different. Fixed the
resulting breakage, converting them to variant that takes O_... value;
all callers have that and it actually simplifies life (see tomoyo part
of changes).Signed-off-by: Al Viro
15 Dec, 2009
1 commit
-
Replace list operation with RCU primitives and replace
down_read()/up_read() with srcu_read_lock()/srcu_read_unlock().Signed-off-by: Tetsuo Handa
Acked-by: Serge Hallyn
Signed-off-by: James Morris
09 Dec, 2009
1 commit