projects
/
platform
/
adaptation
/
renesas_rcar
/
renesas_kernel.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
TOMOYO: Enable conditional ACL.
[platform/adaptation/renesas_rcar/renesas_kernel.git]
/
security
/
tomoyo
/
tomoyo.c
diff --git
a/security/tomoyo/tomoyo.c
b/security/tomoyo/tomoyo.c
index
95d3f95
..
a536cb1
100644
(file)
--- a/
security/tomoyo/tomoyo.c
+++ b/
security/tomoyo/tomoyo.c
@@
-51,12
+51,14
@@
static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
*/
if (bprm->cred_prepared)
return 0;
*/
if (bprm->cred_prepared)
return 0;
+#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
/*
* Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
* for the first time.
*/
if (!tomoyo_policy_loaded)
tomoyo_load_policy(bprm->filename);
/*
* Load policy if /sbin/tomoyo-init exists and /sbin/init is requested
* for the first time.
*/
if (!tomoyo_policy_loaded)
tomoyo_load_policy(bprm->filename);
+#endif
/*
* Release reference to "struct tomoyo_domain_info" stored inside
* "bprm->cred->security". New reference to "struct tomoyo_domain_info"
/*
* Release reference to "struct tomoyo_domain_info" stored inside
* "bprm->cred->security". New reference to "struct tomoyo_domain_info"
@@
-93,15
+95,21
@@
static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY);
}
return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY);
}
+static int tomoyo_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
+{
+ struct path path = { mnt, dentry };
+ return tomoyo_path_perm(TOMOYO_TYPE_GETATTR, &path, NULL);
+}
+
static int tomoyo_path_truncate(struct path *path)
{
static int tomoyo_path_truncate(struct path *path)
{
- return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path);
+ return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path
, NULL
);
}
static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
{
struct path path = { parent->mnt, dentry };
}
static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
{
struct path path = { parent->mnt, dentry };
- return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path);
+ return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path
, NULL
);
}
static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
}
static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
@@
-115,14
+123,14
@@
static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
{
struct path path = { parent->mnt, dentry };
static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
{
struct path path = { parent->mnt, dentry };
- return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path);
+ return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path
, NULL
);
}
static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
const char *old_name)
{
struct path path = { parent->mnt, dentry };
}
static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
const char *old_name)
{
struct path path = { parent->mnt, dentry };
- return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path);
+ return tomoyo_path_perm(TOMOYO_TYPE_SYMLINK, &path
, old_name
);
}
static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
}
static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
@@
-176,9
+184,10
@@
static int tomoyo_path_rename(struct path *old_parent,
static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
unsigned long arg)
{
static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,
unsigned long arg)
{
- if (cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND))
- return tomoyo_path_perm(TOMOYO_TYPE_REWRITE, &file->f_path);
- return 0;
+ if (!(cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND)))
+ return 0;
+ return tomoyo_check_open_permission(tomoyo_domain(), &file->f_path,
+ O_WRONLY | (arg & O_APPEND));
}
static int tomoyo_dentry_open(struct file *f, const struct cred *cred)
}
static int tomoyo_dentry_open(struct file *f, const struct cred *cred)
@@
-216,7
+225,7
@@
static int tomoyo_path_chown(struct path *path, uid_t uid, gid_t gid)
static int tomoyo_path_chroot(struct path *path)
{
static int tomoyo_path_chroot(struct path *path)
{
- return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path);
+ return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path
, NULL
);
}
static int tomoyo_sb_mount(char *dev_name, struct path *path,
}
static int tomoyo_sb_mount(char *dev_name, struct path *path,
@@
-228,7
+237,7
@@
static int tomoyo_sb_mount(char *dev_name, struct path *path,
static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
{
struct path path = { mnt, mnt->mnt_root };
static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
{
struct path path = { mnt, mnt->mnt_root };
- return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path);
+ return tomoyo_path_perm(TOMOYO_TYPE_UMOUNT, &path
, NULL
);
}
static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
}
static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
@@
-258,6
+267,7
@@
static struct security_operations tomoyo_security_ops = {
.path_mknod = tomoyo_path_mknod,
.path_link = tomoyo_path_link,
.path_rename = tomoyo_path_rename,
.path_mknod = tomoyo_path_mknod,
.path_link = tomoyo_path_link,
.path_rename = tomoyo_path_rename,
+ .inode_getattr = tomoyo_inode_getattr,
.file_ioctl = tomoyo_file_ioctl,
.path_chmod = tomoyo_path_chmod,
.path_chown = tomoyo_path_chown,
.file_ioctl = tomoyo_file_ioctl,
.path_chmod = tomoyo_path_chmod,
.path_chown = tomoyo_path_chown,