TOMOYO: Add environment variable name restriction support.
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Sat, 10 Sep 2011 06:22:48 +0000 (15:22 +0900)
committerJames Morris <jmorris@namei.org>
Tue, 13 Sep 2011 22:27:05 +0000 (08:27 +1000)
commitd58e0da854376841ac99defeb117a83f086715c6
treeb6e37d1030180680a7801ecb295d8d3990930375
parent5dbe3040c74eef18e66951347eda05b153e69328
TOMOYO: Add environment variable name restriction support.

This patch adds support for checking environment variable's names.
Although TOMOYO already provides ability to check argv[]/envp[] passed to
execve() requests,

  file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="bar"

will reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not
defined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,
administrators have to specify like

  file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="/system/lib"
  file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]=NULL

. Since there are many environment variables whereas conditional checks are
applied as "&&", it is difficult to cover all combinations. Therefore, this
patch supports conditional checks that are applied as "||", by specifying like

  file execute /bin/sh
  misc env LD_LIBRARY_PATH exec.envp["LD_LIBRARY_PATH"]="/system/lib"

which means "grant execution of /bin/sh if environment variable is not defined
or is defined and its value is /system/lib".

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
security/tomoyo/Makefile
security/tomoyo/common.c
security/tomoyo/common.h
security/tomoyo/domain.c
security/tomoyo/environ.c [new file with mode: 0644]
security/tomoyo/gc.c
security/tomoyo/util.c