hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

TOMOYO: Allow reading only execute permission. 

Policy editor needs to know allow_execute entries in order to build domain
transition tree. Reading all entries is slow. Thus, allow reading only
allow_execute entries.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Tetsuo Handa 2010-06-24 12:00:25 +09:00 committed by James Morris
parent 475e6fa3d3
commit 063821c816
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
security/tomoyo/common.c
View File

@ -594,6 +594,10 @@ static bool tomoyo_select_one(struct tomoyo_io_buffer *head, const char *data)
struct tomoyo_domain_info *domain = NULL; struct tomoyo_domain_info *domain = NULL;
bool global_pid = false; bool global_pid = false;
if (!strcmp(data, "allow_execute")) {
head->print_execute_only = true;
return true;
}
if (sscanf(data, "pid=%u", &pid) == 1 || if (sscanf(data, "pid=%u", &pid) == 1 ||
(global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { (global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) {
struct task_struct *p; struct task_struct *p;
@ -759,6 +763,8 @@ static bool tomoyo_print_path_acl(struct tomoyo_io_buffer *head,
for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { for (bit = head->read_bit; bit < TOMOYO_MAX_PATH_OPERATION; bit++) {
if (!(perm & (1 << bit))) if (!(perm & (1 << bit)))
continue; continue;
if (head->print_execute_only && bit != TOMOYO_TYPE_EXECUTE)
continue;
/* Print "read/write" instead of "read" and "write". */ /* Print "read/write" instead of "read" and "write". */
if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE) if ((bit == TOMOYO_TYPE_READ || bit == TOMOYO_TYPE_WRITE)
&& (perm & (1 << TOMOYO_TYPE_READ_WRITE))) && (perm & (1 << TOMOYO_TYPE_READ_WRITE)))
@ -926,6 +932,8 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head,
= container_of(ptr, struct tomoyo_path_acl, head); = container_of(ptr, struct tomoyo_path_acl, head);
return tomoyo_print_path_acl(head, acl); return tomoyo_print_path_acl(head, acl);
} }
if (head->print_execute_only)
return true;
if (acl_type == TOMOYO_TYPE_PATH2_ACL) { if (acl_type == TOMOYO_TYPE_PATH2_ACL) {
struct tomoyo_path2_acl *acl struct tomoyo_path2_acl *acl
= container_of(ptr, struct tomoyo_path2_acl, head); = container_of(ptr, struct tomoyo_path2_acl, head);

2
security/tomoyo/common.h
View File

@ -571,6 +571,8 @@ struct tomoyo_io_buffer {
bool read_single_domain; bool read_single_domain;
/* Extra variable for reading. */ /* Extra variable for reading. */
u8 read_bit; u8 read_bit;
/* Read only TOMOYO_TYPE_EXECUTE */
bool print_execute_only;
/* Bytes available for reading. */ /* Bytes available for reading. */
int read_avail; int read_avail;
/* Size of read buffer. */ /* Size of read buffer. */