Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1762456AbXHXMrP (ORCPT ); Fri, 24 Aug 2007 08:47:15 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1760562AbXHXMqz (ORCPT ); Fri, 24 Aug 2007 08:46:55 -0400 Received: from rv-out-0910.google.com ([209.85.198.186]:62532 "EHLO rv-out-0910.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1762078AbXHXMqx (ORCPT ); Fri, 24 Aug 2007 08:46:53 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=g91aMbxmhKapFcTGx1FkdZ5oy1YmW4w8uY4ywcScJDgEej3K9WS3Tvt5X2DyAoEebR4ihNNCi54suKvd/NGaYmqa/glsFs4j7pvr0X4OYwEyPCg2btqbL2fXF5UgFSvfdsEQkp0G6n/RSCQY7rRZRzOYPXB3ZnMQBXtwR8Y1oN8= Message-ID: <46CED338.7040101@gmail.com> Date: Fri, 24 Aug 2007 21:46:48 +0900 From: Kentaro Takeda User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, chrisw@sous-sol.org Subject: [TOMOYO 03/15] Data structures and prototypes definition. References: <46CED214.6050505@gmail.com> In-Reply-To: <46CED214.6050505@gmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 19990 Lines: 581 Data structures and prototype defitions for TOMOYO Linux. Signed-off-by: Kentaro Takeda Signed-off-by: Tetsuo Handa --- security/tomoyo/include/realpath.h | 44 +++ security/tomoyo/include/tomoyo.h | 516 +++++++++++++++++++++++++++++++++++++ 2 files changed, 560 insertions(+) --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ linux-2.6/security/tomoyo/include/realpath.h 2007-08-24 15:51:34.000000000 +0900 @@ -0,0 +1,44 @@ +/* + * security/tomoyo/include/realpath.h + * + * Get the canonicalized absolute pathnames. + * The basis for TOMOYO. + */ + +#ifndef _TMY_REALPATH_H +#define _TMY_REALPATH_H + +struct path_info; + +/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */ +int tmy_realpath_dentry2(struct dentry *dentry, + struct vfsmount *mnt, + char *newname, + int newname_len); + +/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */ +/* These functions use tmy_alloc(), so caller must tmy_free() */ +/* if these functions didn't return NULL. */ +char *tmy_realpath(const char *pathname); +char *tmy_realpath_nofollow(const char *pathname); +char *tmy_realpath_dentry(struct dentry *dentry, struct vfsmount *mnt); + +/* Allocate memory for structures. */ +/* The RAM is chunked, so NEVER try to kfree() the returned pointer. */ +void *tmy_alloc_element(const unsigned int size); + +/* Get used RAM size for tmy_alloc_elements(). */ +unsigned int tmy_get_memory_used_for_elements(void); + +/* Keep the given name on the RAM. */ +/* The RAM is shared, so NEVER try to modify or kfree() the returned name. */ +const struct path_info *tmy_save_name(const char *name); + +/* Get used RAM size for tmy_save_name(). */ +unsigned int tmy_get_memory_used_for_save_name(void); + +unsigned int tmy_get_memory_used_for_dynamic(void); +char *sysctlpath_from_table(struct ctl_table *table); +extern void tmy_realpath_init(void); + +#endif --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ linux-2.6/security/tomoyo/include/tomoyo.h 2007-08-24 15:51:34.000000000 +0900 @@ -0,0 +1,516 @@ +/* + * security/tomoyo/include/tomoyo.h + * + * Header for TOMOYO Linux. + */ + +#ifndef _TOMOYO_H +#define _TOMOYO_H + +#define TOMOYO_VERSION_CODE "2.1.0-rc3" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +extern struct semaphore domain_acl_lock; +extern int sbin_init_started; + +struct tmy_security { + struct domain_info *domain; + struct domain_info *prev_domain; + u32 flags; +}; + +#define TMY_SECURITY ((struct tmy_security *) current->security) + +struct path_info { + const char *name; + u32 hash; /* = full_name_hash(name, strlen(name)) */ + u16 total_len; /* = strlen(name) */ + u16 const_len; /* = tmy_const_part_length(name) */ + u8 is_dir; /* = tmy_strendswith(name, "/") */ + u8 is_patterned; /* = PathContainsPattern(name) */ + u16 depth; /* = tmy_path_depth(name) */ +}; + +#define TMY_MAX_PATHNAME_LEN 4000 + +struct group_member { + struct group_member *next; + const struct path_info *member_name; + int is_deleted; +}; + +struct group_entry { + struct group_entry *next; + const struct path_info *group_name; + struct group_member *first_member; +}; + + +struct mini_stat { + uid_t uid; + gid_t gid; + ino_t ino; +}; +struct dentry; +struct vfsmount; +struct obj_info { + u8 validate_done; + u8 path1_valid; + u8 path1_parent_valid; + u8 path2_parent_valid; + struct dentry *path1_dentry; + struct vfsmount *path1_vfsmnt; + struct dentry *path2_dentry; + struct vfsmount *path2_vfsmnt; + struct mini_stat path1_stat; + /* I don't handle path2_stat for rename operation. */ + struct mini_stat path1_parent_stat; + struct mini_stat path2_parent_stat; +}; +struct condition_list; + +/* + * TOMOYO uses the following structures. + * Memory allocated for these structures are never kfree()ed. + * Since no locks are used for reading, + * assignment must be performed atomically. + */ + +/************************ The structure for domains. ************************/ + +struct acl_info { + struct acl_info *next; + const struct condition_list *cond; + u8 type; + u8 is_deleted; +} __attribute__((__packed__)); + +struct domain_info { + struct domain_info *next; /* NULL if none. */ + struct acl_info *first_acl_ptr; /* NULL if none. */ + const struct path_info *domainname; /* Never NULL. */ + u8 profile; + u8 is_deleted; + u8 quota_warned; +}; + +#define TMY_MAX_PROFILES 256 + +struct file_acl { + /* type = TMY_TYPE_FILE_ACL */ + struct acl_info head; + u8 perm; + u8 u_is_group; + union { + const struct path_info *filename; + const struct group_entry *group; + } u; +}; + +struct argv0_acl { + /* type = TMY_TYPE_ARGV0_ACL */ + struct acl_info head; + const struct path_info *filename; /* Pointer to single pathname. */ + const struct path_info *argv0; /* strrchr(argv[0], '/') + 1 */ +}; + +struct single_acl { + /* type = TMY_TYPE_* */ + struct acl_info head; + u8 u_is_group; + union { + const struct path_info *filename; + const struct group_entry *group; + } u; +}; + +struct double_acl { + /* type = TMY_TYPE_RENAME_ACL or TMY_TYPE_LINK_ACL, */ + struct acl_info head; + u8 u1_is_group; + u8 u2_is_group; + union { + const struct path_info *filename1; + const struct group_entry *group1; + } u1; + union { + const struct path_info *filename2; + const struct group_entry *group2; + } u2; +}; + +struct addr_group_member { + struct addr_group_member *next; + union { + u32 ipv4; /* Host byte order */ + u16 ipv6[8]; /* Network byte order */ + } min, max; + u8 is_deleted; + u8 is_ipv6; +}; + +struct addr_group_entry { + struct addr_group_entry *next; + const struct path_info *group_name; + struct addr_group_member *first_member; +}; + +#define TMY_TYPE_ADDRESS_GROUP 0 +#define TMY_TYPE_IPv4 1 +#define TMY_TYPE_IPv6 2 + +struct net_acl { + /* type = TYPE_IP_NETWORK_ACL, */ + struct acl_info head; + u8 operation_type; + u8 record_type; + union { + struct { + u32 min; + u32 max; + } ipv4; + struct { + u16 min[8]; + u16 max[8]; + } ipv6; + const struct addr_group_entry *group; + } u; + u16 min_port; /* Start of port number range. */ + u16 max_port; /* End of port number range. */ +}; + +struct signal_acl { + /* type = TYPE_SIGNAL_ACL */ + struct acl_info head; + u16 sig; + /* Pointer to destination pattern. */ + const struct path_info *domainname; +}; + +/************************* Keywords for ACLs. *************************/ + +#define TMY_AGGREGATOR "aggregator " +#define TMY_AGGREGATOR_LEN (sizeof(TMY_AGGREGATOR) - 1) +#define TMY_ALIAS "alias " +#define TMY_ALIAS_LEN (sizeof(TMY_ALIAS) - 1) +#define TMY_ALLOW_READ "allow_read " +#define TMY_ALLOW_READ_LEN (sizeof(TMY_ALLOW_READ) - 1) +#define TMY_DELETE "delete " +#define TMY_DELETE_LEN (sizeof(TMY_DELETE) - 1) +#define TMY_DENY_REWRITE "deny_rewrite " +#define TMY_DENY_REWRITE_LEN (sizeof(TMY_DENY_REWRITE) - 1) +#define TMY_FILE_PATTERN "file_pattern " +#define TMY_FILE_PATTERN_LEN (sizeof(TMY_FILE_PATTERN) - 1) +#define TMY_INITIALIZE_DOMAIN "initialize_domain " +#define TMY_INITIALIZE_DOMAIN_LEN (sizeof(TMY_INITIALIZE_DOMAIN) - 1) +#define TMY_KEEP_DOMAIN "keep_domain " +#define TMY_KEEP_DOMAIN_LEN (sizeof(TMY_KEEP_DOMAIN) - 1) +#define TMY_NO_INITIALIZE_DOMAIN "no_initialize_domain " +#define TMY_NO_INITIALIZE_DOMAIN_LEN (sizeof(TMY_NO_INITIALIZE_DOMAIN) - 1) +#define TMY_NO_KEEP_DOMAIN "no_keep_domain " +#define TMY_NO_KEEP_DOMAIN_LEN (sizeof(TMY_NO_KEEP_DOMAIN) - 1) +#define TMY_PATH_GROUP "path_group " +#define TMY_PATH_GROUP_LEN (sizeof(TMY_PATH_GROUP) - 1) +#define TMY_SELECT "select " +#define TMY_SELECT_LEN (sizeof(TMY_SELECT) - 1) +#define TMY_UNDELETE "undelete " +#define TMY_UNDELETE_LEN (sizeof(TMY_UNDELETE) - 1) + +#define TMY_ALLOW_MOUNT "allow_mount " +#define TMY_ALLOW_MOUNT_LEN (sizeof(TMY_ALLOW_MOUNT) - 1) +#define TMY_DENY_UNMOUNT "deny_unmount " +#define TMY_DENY_UNMOUNT_LEN (sizeof(TMY_DENY_UNMOUNT) - 1) +#define TMY_ALLOW_PIVOT_ROOT "allow_pivot_root " +#define TMY_ALLOW_PIVOT_ROOT_LEN (sizeof(TMY_ALLOW_PIVOT_ROOT) - 1) + +#define TMY_USE_PROFILE "use_profile " + +#define TMY_ROOT_NAME "" +#define TMY_ROOT_NAME_LEN (sizeof(TMY_ROOT_NAME) - 1) + +#define TMY_ALLOW_ARGV0 "allow_argv0 " +#define TMY_ALLOW_ARGV0_LEN (sizeof(TMY_ALLOW_ARGV0) - 1) + +#define TMY_ADDRESS_GROUP "address_group " +#define TMY_ADDRESS_GROUP_LEN (sizeof(TMY_ADDRESS_GROUP) - 1) +#define TMY_ALLOW_NETWORK "allow_network " +#define TMY_ALLOW_NETWORK_LEN (sizeof(TMY_ALLOW_NETWORK) - 1) + +#define TMY_ALLOW_SIGNAL "allow_signal " +#define TMY_ALLOW_SIGNAL_LEN (sizeof(TMY_ALLOW_SIGNAL) - 1) + +/******************** Index numbers for Access Controls. ********************/ + +#define TMY_COMMENT 0 +#define TMY_MAC_FOR_FILE 1 +#define TMY_MAC_FOR_ARGV0 2 +#define TMY_MAC_FOR_NETWORK 3 +#define TMY_MAC_FOR_SIGNAL 4 +#define TMY_DENY_CONCEAL_MOUNT 5 +#define TMY_RESTRICT_MOUNT 6 +#define TMY_RESTRICT_UMOUNT 7 +#define TMY_RESTRICT_PIVOT_ROOT 8 +#define TMY_MAX_ACCEPT_ENTRY 9 +#define TMY_AUDIT_GRANT 10 +#define TMY_AUDIT_REJECT 11 +#define TMY_ALLOW_ENFORCE_GRACE 12 +#define TMY_MAX_CONTROL_INDEX 13 + +#define TMY_NETWORK_ACL_UDP_BIND 0 +#define TMY_NETWORK_ACL_UDP_CONNECT 1 +#define TMY_NETWORK_ACL_TCP_BIND 2 +#define TMY_NETWORK_ACL_TCP_LISTEN 3 +#define TMY_NETWORK_ACL_TCP_CONNECT 4 +#define TMY_NETWORK_ACL_TCP_ACCEPT 5 +#define TMY_NETWORK_ACL_RAW_BIND 6 +#define TMY_NETWORK_ACL_RAW_CONNECT 7 + +/******************** Index numbers for updates counter. ********************/ + +#define TMY_UPDATE_DOMAINPOLICY 0 +#define TMY_UPDATE_SYSTEMPOLICY 1 +#define TMY_UPDATE_EXCEPTIONPOLICY 2 +#define TMY_UPDATE_PROFILE 3 +#define TMY_UPDATE_QUERY 4 +#define TMY_UPDATE_MANAGER 5 +#define TMY_MAX_UPDATES_COUNTER 6 + +/*********************** Indexes for /proc interfaces. **********************/ + +#define TMY_POLICY_DOMAINPOLICY 0 +#define TMY_POLICY_SYSTEMPOLICY 1 +#define TMY_POLICY_EXCEPTIONPOLICY 2 +#define TMY_POLICY_DOMAIN_STATUS 3 +#define TMY_INFO_PROCESS_STATUS 4 +#define TMY_INFO_MEMINFO 5 +#define TMY_INFO_SELFDOMAIN 6 +#define TMY_PROFILE 7 +#define TMY_POLICY_QUERY 8 +#define TMY_POLICY_MANAGER 9 +#define TMY_INFO_UPDATESCOUNTER 10 +#define TMY_VERSION 11 + +/******************** The structure for /proc interfaces. *******************/ + +struct io_buffer { + int (*read) (struct io_buffer *); + struct semaphore read_sem; + int (*write) (struct io_buffer *); + struct semaphore write_sem; + int (*poll) (struct file *file, poll_table *wait); + void *read_var1; /* The position currently reading from. */ + void *read_var2; /* Extra variables for reading. */ + struct domain_info *write_var1; /* The position currently writing to.*/ + int read_step; /* The step for reading. */ + char *read_buf; /* Buffer for reading. */ + int read_eof; /* EOF flag for reading. */ + int read_avail; /* Bytes available for reading. */ + int readbuf_size; /* Size of read buffer. */ + char *write_buf; /* Buffer for writing. */ + int write_avail; /* Bytes available for writing. */ + int writebuf_size; /* Size of write buffer. */ +}; + +/************************* PROTOTYPES *************************/ + +char *tmy_find_condition_part(char *data); +const struct condition_list *tmy_assign_condition(const char *condition); +int tmy_check_condition(const struct condition_list *ptr, + struct obj_info *obj); +int tmy_dump_condition(struct io_buffer *head, + const struct condition_list *ptr); +const char *tmy_get_exe(void); +const char *tmy_acltype2keyword(const unsigned int acl_type); + +int tmy_mount_perm(char *dev_name, + char *dir_name, + char *type, + unsigned long flags); +int tmy_conceal_mount(struct nameidata *nd); +int tmy_umount_perm(struct vfsmount *mnt); +int tmy_add_mount_policy(char *data, const int is_delete); +int tmy_read_mount_policy(struct io_buffer *head); +int tmy_add_no_umount_policy(char *data, const int is_delete); +int tmy_read_no_umount_policy(struct io_buffer *head); +int tmy_pivot_root_perm(struct nameidata *old_nd, + struct nameidata *new_nd); +int tmy_add_pivot_root_policy(char *data, const int is_delete); +int tmy_read_pivot_root_policy(struct io_buffer *head); + +int tmy_add_aggregator_policy(char *data, const int is_delete); +int tmy_add_addr_group_policy(char *data, const int is_delete); +int tmy_add_alias_policy(char *data, const int is_delete); +int tmy_add_argv0_policy(char *data, + struct domain_info *domain, + const struct condition_list *cond, + const int is_delete); +int tmy_add_acl(struct acl_info *ptr, + struct domain_info *domain, + struct acl_info *new_ptr); +int tmy_add_domain_initializer_policy(char *data, + const int is_not, + const int is_delete); +int tmy_add_domain_keeper_policy(char *data, + const int is_not, + const int is_delete); +int tmy_file_perm(const char *filename0, const u8 perm, const char *operation); +int tmy_add_file_policy(char *data, + struct domain_info *domain, + const struct condition_list *cond, + const int is_delete); +int tmy_add_globally_readable_policy(char *data, const int is_delete); +int tmy_add_group_policy(char *data, const int is_delete); +int tmy_add_network_policy(char *data, + struct domain_info *domain, + const struct condition_list *cond, + const int is_delete); +int tmy_add_no_rewrite_policy(char *pattern, const int is_delete); +int tmy_add_pattern_policy(char *data, const int is_delete); +int tmy_supervisor(const char *fmt, ...) + __attribute__((format(printf, 1, 2))); + +int tmy_del_acl(struct acl_info *ptr); +int tmy_delete_domain(char *data); +int tmy_is_correct_domain(const unsigned char *domainname, + const char *function); +int tmy_correct_path(const char *filename, + const int start_type, + const int pattern_type, + const int end_type, + const char *function); +int tmy_is_domain_def(const unsigned char *buffer); +int tmy_path_match(const struct path_info *pathname0, + const struct path_info *pattern0); +int tmy_read_aggregator_policy(struct io_buffer *head); +int tmy_read_alias_policy(struct io_buffer *head); +int tmy_read_domain_initializer_policy(struct io_buffer *head); +int tmy_read_domain_keeper_policy(struct io_buffer *head); +int tmy_read_globally_readable_policy(struct io_buffer *head); +int tmy_read_group_policy(struct io_buffer *head); +int tmy_read_no_rewrite_policy(struct io_buffer *head); +int tmy_read_pattern_policy(struct io_buffer *head); +int tmy_read_addr_group_policy(struct io_buffer *head); +int tmy_argv0_perm(const struct path_info *filename, const char *argv0); +int tmy_network_listen_acl(const int is_ipv6, + const u8 *address, + const u16 port); +int tmy_network_connect_acl(const int is_ipv6, + const int sock_type, + const u8 *address, + const u16 port); +int tmy_network_bind_acl(const int is_ipv6, + const int sock_type, + const u8 *address, + const u16 port); +int tmy_network_sendmsg_acl(const int is_ipv6, + const int sock_type, + const u8 *address, + const u16 port); +int tmy_network_accept_acl(const int is_ipv6, + const u8 *address, + const u16 port); +int tmy_network_recvmsg_acl(const int is_ipv6, + const int sock_type, + const u8 *address, + const u16 port); + +int tmy_signal_acl(int sig, int pid); +int tmy_add_signal_policy(char *data, + struct domain_info *domain, + const struct condition_list *cond, + const int is_delete); + +char *tmy_init_audit_log(int *len); +int tmy_write_audit_log(char *log, const int is_granted, const int is_enforce); +int tmy_acltype2paths(const unsigned int acl_type); +int tmy_io_printf(struct io_buffer *head, const char *fmt, ...) + __attribute__((format(printf, 2, 3))); +struct domain_info *tmy_find_domain(const char *domainname); +struct domain_info *tmy_new_domain(const char *domainname, const u8 profile); +struct domain_info *tmy_undelete_domain(const char *domainname0); +unsigned int tmy_accept(const unsigned int index); +unsigned int tmy_enforce(const unsigned int index); +unsigned int tmy_flags(const unsigned int index); +unsigned int tmy_audit_grant(void); +unsigned int tmy_audit_reject(void); +void tmy_update_counter(const unsigned char index); +void *tmy_alloc(const size_t size); +void tmy_free(const void *p); +void tmy_fill_path_info(struct path_info *ptr); + +static inline int tmy_pathcmp(const struct path_info *a, + const struct path_info *b) +{ + return a->hash != b->hash || strcmp(a->name, b->name); +} + +extern struct domain_info KERNEL_DOMAIN; +void tmy_load_policy(const char *filename); +int tmy_find_next_domain(struct linux_binprm *, + struct domain_info **); +void tmy_proc_init(void); + +struct path_info; + +int tmy_exec_perm(const struct path_info *filename, struct file *filp); +/* Check whether the given dentry is allowed to read/write/execute. */ +int tmy_open_perm(struct dentry *dentry, struct vfsmount *mnt, const int flag); +/* Check whether the given dentry is allowed to write. */ +int tmy_single_write_perm(const unsigned int operation, + struct dentry *dentry, + struct vfsmount *mnt); +int tmy_double_write_perm(const unsigned int operation, + struct dentry *dentry1, + struct vfsmount *mnt1, + struct dentry *dentry2, + struct vfsmount *mnt2); +int tmy_rewrite_perm(struct file *filp); + +struct inode; + +/******************** Index numbers for Access Controls. ********************/ + +#define TMY_TYPE_CREATE_ACL 0 +#define TMY_TYPE_UNLINK_ACL 1 +#define TMY_TYPE_MKDIR_ACL 2 +#define TMY_TYPE_RMDIR_ACL 3 +#define TMY_TYPE_MKFIFO_ACL 4 +#define TMY_TYPE_MKSOCK_ACL 5 +#define TMY_TYPE_MKBLOCK_ACL 6 +#define TMY_TYPE_MKCHAR_ACL 7 +#define TMY_TYPE_TRUNCATE_ACL 8 +#define TMY_TYPE_SYMLINK_ACL 9 +#define TMY_TYPE_LINK_ACL 10 +#define TMY_TYPE_RENAME_ACL 11 +#define TMY_TYPE_REWRITE_ACL 12 + +#define TMY_TYPE_FILE_ACL 100 +#define TMY_TYPE_ARGV0_ACL 101 +#define TMY_TYPE_IP_NETWORK_ACL 103 +#define TMY_TYPE_SIGNAL_ACL 104 + +struct linux_binprm; +struct pt_regs; + +#define TMY_CHECK_READ_FOR_OPEN_EXEC 1 + +int tmy_too_many_acl(struct domain_info * const domain); +char *tmy_print_ipv6(char *buffer, const int buffer_len, const u16 *ip); +const char *tmy_network2keyword(const unsigned int operation); + +/* to check "if task.parent.pid" condition. */ +extern asmlinkage long sys_getppid(void); + +#endif - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/