Data structures and prototype defitions for TOMOYO Linux.

Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>
---
 security/tomoyo/include/realpath.h |   44 +++
 security/tomoyo/include/tomoyo.h   |  516 +++++++++++++++++++++++++++++++++++++
 2 files changed, 560 insertions(+)

--- /dev/null   1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6/security/tomoyo/include/realpath.h        2007-08-24 
15:51:34.000000000 +0900
@@ -0,0 +1,44 @@
+/*
+ * security/tomoyo/include/realpath.h
+ *
+ * Get the canonicalized absolute pathnames.
+ * The basis for TOMOYO.
+ */
+
+#ifndef _TMY_REALPATH_H
+#define _TMY_REALPATH_H
+
+struct path_info;
+
+/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */
+int tmy_realpath_dentry2(struct dentry *dentry,
+                        struct vfsmount *mnt,
+                        char *newname,
+                        int newname_len);
+
+/* Returns realpath(3) of the given pathname but ignores chroot'ed root. */
+/* These functions use tmy_alloc(), so caller must tmy_free() */
+/* if these functions didn't return NULL. */
+char *tmy_realpath(const char *pathname);
+char *tmy_realpath_nofollow(const char *pathname);
+char *tmy_realpath_dentry(struct dentry *dentry, struct vfsmount *mnt);
+
+/* Allocate memory for structures. */
+/* The RAM is chunked, so NEVER try to kfree() the returned pointer. */
+void *tmy_alloc_element(const unsigned int size);
+
+/* Get used RAM size for tmy_alloc_elements(). */
+unsigned int tmy_get_memory_used_for_elements(void);
+
+/* Keep the given name on the RAM. */
+/* The RAM is shared, so NEVER try to modify or kfree() the returned name. */
+const struct path_info *tmy_save_name(const char *name);
+
+/* Get used RAM size for tmy_save_name(). */
+unsigned int tmy_get_memory_used_for_save_name(void);
+
+unsigned int tmy_get_memory_used_for_dynamic(void);
+char *sysctlpath_from_table(struct ctl_table *table);
+extern void tmy_realpath_init(void);
+
+#endif
--- /dev/null   1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6/security/tomoyo/include/tomoyo.h  2007-08-24 15:51:34.000000000 
+0900
@@ -0,0 +1,516 @@
+/*
+ * security/tomoyo/include/tomoyo.h
+ *
+ * Header for TOMOYO Linux.
+ */
+
+#ifndef _TOMOYO_H
+#define _TOMOYO_H
+
+#define TOMOYO_VERSION_CODE "2.1.0-rc3"
+
+#include <linux/string.h>
+#include <linux/mm.h>
+#include <linux/utime.h>
+#include <linux/file.h>
+#include <linux/smp_lock.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/slab.h>
+#include <linux/poll.h>
+#include <linux/uaccess.h>
+#include <stdarg.h>
+#include <linux/delay.h>
+
+extern struct semaphore domain_acl_lock;
+extern int sbin_init_started;
+
+struct tmy_security {
+       struct domain_info *domain;
+       struct domain_info *prev_domain;
+       u32 flags;
+};
+
+#define TMY_SECURITY ((struct tmy_security *) current->security)
+
+struct path_info {
+       const char *name;
+       u32 hash;        /* = full_name_hash(name, strlen(name)) */
+       u16 total_len;   /* = strlen(name)                       */
+       u16 const_len;   /* = tmy_const_part_length(name)        */
+       u8 is_dir;       /* = tmy_strendswith(name, "/")         */
+       u8 is_patterned; /* = PathContainsPattern(name)          */
+       u16 depth;       /* = tmy_path_depth(name)               */
+};
+
+#define TMY_MAX_PATHNAME_LEN 4000
+
+struct group_member {
+       struct group_member *next;
+       const struct path_info *member_name;
+       int is_deleted;
+};
+
+struct group_entry {
+       struct group_entry *next;
+       const struct path_info *group_name;
+       struct group_member *first_member;
+};
+
+
+struct mini_stat {
+       uid_t uid;
+       gid_t gid;
+       ino_t ino;
+};
+struct dentry;
+struct vfsmount;
+struct obj_info {
+       u8 validate_done;
+       u8 path1_valid;
+       u8 path1_parent_valid;
+       u8 path2_parent_valid;
+       struct dentry *path1_dentry;
+       struct vfsmount *path1_vfsmnt;
+       struct dentry *path2_dentry;
+       struct vfsmount *path2_vfsmnt;
+       struct mini_stat path1_stat;
+       /* I don't handle path2_stat for rename operation. */
+       struct mini_stat path1_parent_stat;
+       struct mini_stat path2_parent_stat;
+};
+struct condition_list;
+
+/*
+ *  TOMOYO uses the following structures.
+ *  Memory allocated for these structures are never kfree()ed.
+ *  Since no locks are used for reading,
+ *  assignment must be performed atomically.
+ */
+
+/************************  The structure for domains.  
************************/
+
+struct acl_info {
+       struct acl_info *next;
+       const struct condition_list *cond;
+       u8 type;
+       u8 is_deleted;
+} __attribute__((__packed__));
+
+struct domain_info {
+       struct domain_info *next;           /* NULL if none. */
+       struct acl_info *first_acl_ptr;     /* NULL if none. */
+       const struct path_info *domainname; /* Never NULL.   */
+       u8 profile;
+       u8 is_deleted;
+       u8 quota_warned;
+};
+
+#define TMY_MAX_PROFILES 256
+
+struct file_acl {
+       /* type = TMY_TYPE_FILE_ACL */
+       struct acl_info head;
+       u8 perm;
+       u8 u_is_group;
+       union {
+               const struct path_info *filename;
+               const struct group_entry *group;
+       } u;
+};
+
+struct argv0_acl {
+       /* type = TMY_TYPE_ARGV0_ACL */
+       struct acl_info head;
+       const struct path_info *filename; /* Pointer to single pathname. */
+       const struct path_info *argv0;    /* strrchr(argv[0], '/') + 1   */
+};
+
+struct single_acl {
+       /* type = TMY_TYPE_* */
+       struct acl_info head;
+       u8 u_is_group;
+       union {
+               const struct path_info *filename;
+               const struct group_entry *group;
+       } u;
+};
+
+struct double_acl {
+       /* type = TMY_TYPE_RENAME_ACL or TMY_TYPE_LINK_ACL, */
+       struct acl_info head;
+       u8 u1_is_group;
+       u8 u2_is_group;
+       union {
+               const struct path_info *filename1;
+               const struct group_entry *group1;
+       } u1;
+       union {
+               const struct path_info *filename2;
+               const struct group_entry *group2;
+       } u2;
+};
+
+struct addr_group_member {
+       struct addr_group_member *next;
+       union {
+               u32 ipv4;    /* Host byte order    */
+               u16 ipv6[8]; /* Network byte order */
+       } min, max;
+       u8 is_deleted;
+       u8 is_ipv6;
+};
+
+struct addr_group_entry {
+       struct addr_group_entry *next;
+       const struct path_info *group_name;
+       struct addr_group_member *first_member;
+};
+
+#define TMY_TYPE_ADDRESS_GROUP 0
+#define TMY_TYPE_IPv4          1
+#define TMY_TYPE_IPv6          2
+
+struct net_acl {
+       /* type = TYPE_IP_NETWORK_ACL, */
+       struct acl_info head;
+       u8 operation_type;
+       u8 record_type;
+       union {
+               struct {
+                       u32 min;
+                       u32 max;
+               } ipv4;
+               struct {
+                       u16 min[8];
+                       u16 max[8];
+               } ipv6;
+               const struct addr_group_entry *group;
+       } u;
+       u16 min_port;           /* Start of port number range. */
+       u16 max_port;           /* End of port number range.   */
+};
+
+struct signal_acl {
+       /* type = TYPE_SIGNAL_ACL */
+       struct acl_info head;
+       u16 sig;
+       /* Pointer to destination pattern.            */
+       const struct path_info *domainname;
+};
+
+/*************************  Keywords for ACLs.  *************************/
+
+#define TMY_AGGREGATOR                 "aggregator "
+#define TMY_AGGREGATOR_LEN             (sizeof(TMY_AGGREGATOR) - 1)
+#define TMY_ALIAS                      "alias "
+#define TMY_ALIAS_LEN                  (sizeof(TMY_ALIAS) - 1)
+#define TMY_ALLOW_READ                 "allow_read "
+#define TMY_ALLOW_READ_LEN             (sizeof(TMY_ALLOW_READ) - 1)
+#define TMY_DELETE                     "delete "
+#define TMY_DELETE_LEN                 (sizeof(TMY_DELETE) - 1)
+#define TMY_DENY_REWRITE               "deny_rewrite "
+#define TMY_DENY_REWRITE_LEN           (sizeof(TMY_DENY_REWRITE) - 1)
+#define TMY_FILE_PATTERN               "file_pattern "
+#define TMY_FILE_PATTERN_LEN           (sizeof(TMY_FILE_PATTERN) - 1)
+#define TMY_INITIALIZE_DOMAIN          "initialize_domain "
+#define TMY_INITIALIZE_DOMAIN_LEN      (sizeof(TMY_INITIALIZE_DOMAIN) - 1)
+#define TMY_KEEP_DOMAIN                "keep_domain "
+#define TMY_KEEP_DOMAIN_LEN            (sizeof(TMY_KEEP_DOMAIN) - 1)
+#define TMY_NO_INITIALIZE_DOMAIN       "no_initialize_domain "
+#define TMY_NO_INITIALIZE_DOMAIN_LEN   (sizeof(TMY_NO_INITIALIZE_DOMAIN) - 1)
+#define TMY_NO_KEEP_DOMAIN             "no_keep_domain "
+#define TMY_NO_KEEP_DOMAIN_LEN         (sizeof(TMY_NO_KEEP_DOMAIN) - 1)
+#define TMY_PATH_GROUP                 "path_group "
+#define TMY_PATH_GROUP_LEN             (sizeof(TMY_PATH_GROUP) - 1)
+#define TMY_SELECT                     "select "
+#define TMY_SELECT_LEN                 (sizeof(TMY_SELECT) - 1)
+#define TMY_UNDELETE                   "undelete "
+#define TMY_UNDELETE_LEN               (sizeof(TMY_UNDELETE) - 1)
+
+#define TMY_ALLOW_MOUNT                 "allow_mount "
+#define TMY_ALLOW_MOUNT_LEN             (sizeof(TMY_ALLOW_MOUNT) - 1)
+#define TMY_DENY_UNMOUNT                "deny_unmount "
+#define TMY_DENY_UNMOUNT_LEN            (sizeof(TMY_DENY_UNMOUNT) - 1)
+#define TMY_ALLOW_PIVOT_ROOT            "allow_pivot_root "
+#define TMY_ALLOW_PIVOT_ROOT_LEN        (sizeof(TMY_ALLOW_PIVOT_ROOT) - 1)
+
+#define TMY_USE_PROFILE "use_profile "
+
+#define TMY_ROOT_NAME          "<kernel>"
+#define TMY_ROOT_NAME_LEN      (sizeof(TMY_ROOT_NAME) - 1)
+
+#define TMY_ALLOW_ARGV0         "allow_argv0 "
+#define TMY_ALLOW_ARGV0_LEN     (sizeof(TMY_ALLOW_ARGV0) - 1)
+
+#define TMY_ADDRESS_GROUP       "address_group "
+#define TMY_ADDRESS_GROUP_LEN   (sizeof(TMY_ADDRESS_GROUP) - 1)
+#define TMY_ALLOW_NETWORK       "allow_network "
+#define TMY_ALLOW_NETWORK_LEN   (sizeof(TMY_ALLOW_NETWORK) - 1)
+
+#define TMY_ALLOW_SIGNAL        "allow_signal "
+#define TMY_ALLOW_SIGNAL_LEN    (sizeof(TMY_ALLOW_SIGNAL) - 1)
+
+/********************  Index numbers for Access Controls.  
********************/
+
+#define TMY_COMMENT              0
+#define TMY_MAC_FOR_FILE         1
+#define TMY_MAC_FOR_ARGV0        2
+#define TMY_MAC_FOR_NETWORK      3
+#define TMY_MAC_FOR_SIGNAL       4
+#define TMY_DENY_CONCEAL_MOUNT   5
+#define TMY_RESTRICT_MOUNT       6
+#define TMY_RESTRICT_UMOUNT      7
+#define TMY_RESTRICT_PIVOT_ROOT  8
+#define TMY_MAX_ACCEPT_ENTRY     9
+#define TMY_AUDIT_GRANT         10
+#define TMY_AUDIT_REJECT        11
+#define TMY_ALLOW_ENFORCE_GRACE 12
+#define TMY_MAX_CONTROL_INDEX   13
+
+#define TMY_NETWORK_ACL_UDP_BIND    0
+#define TMY_NETWORK_ACL_UDP_CONNECT 1
+#define TMY_NETWORK_ACL_TCP_BIND    2
+#define TMY_NETWORK_ACL_TCP_LISTEN  3
+#define TMY_NETWORK_ACL_TCP_CONNECT 4
+#define TMY_NETWORK_ACL_TCP_ACCEPT  5
+#define TMY_NETWORK_ACL_RAW_BIND    6
+#define TMY_NETWORK_ACL_RAW_CONNECT 7
+
+/********************  Index numbers for updates counter.  
********************/
+
+#define TMY_UPDATE_DOMAINPOLICY    0
+#define TMY_UPDATE_SYSTEMPOLICY    1
+#define TMY_UPDATE_EXCEPTIONPOLICY 2
+#define TMY_UPDATE_PROFILE         3
+#define TMY_UPDATE_QUERY           4
+#define TMY_UPDATE_MANAGER         5
+#define TMY_MAX_UPDATES_COUNTER    6
+
+/***********************  Indexes for /proc interfaces.  
**********************/
+
+#define TMY_POLICY_DOMAINPOLICY     0
+#define TMY_POLICY_SYSTEMPOLICY     1
+#define TMY_POLICY_EXCEPTIONPOLICY  2
+#define TMY_POLICY_DOMAIN_STATUS    3
+#define TMY_INFO_PROCESS_STATUS     4
+#define TMY_INFO_MEMINFO            5
+#define TMY_INFO_SELFDOMAIN         6
+#define TMY_PROFILE                 7
+#define TMY_POLICY_QUERY            8
+#define TMY_POLICY_MANAGER          9
+#define TMY_INFO_UPDATESCOUNTER    10
+#define TMY_VERSION                11
+
+/********************  The structure for /proc interfaces.  
*******************/
+
+struct io_buffer {
+       int (*read) (struct io_buffer *);
+       struct semaphore read_sem;
+       int (*write) (struct io_buffer *);
+       struct semaphore write_sem;
+       int (*poll) (struct file *file, poll_table *wait);
+       void *read_var1;              /* The position currently reading from. */
+       void *read_var2;              /* Extra variables for reading.         */
+       struct domain_info *write_var1;  /* The position currently writing to.*/
+       int read_step;                /* The step for reading.                */
+       char *read_buf;               /* Buffer for reading.                  */
+       int read_eof;                 /* EOF flag for reading.                */
+       int read_avail;               /* Bytes available for reading.         */
+       int readbuf_size;             /* Size of read buffer.                 */
+       char *write_buf;              /* Buffer for writing.                  */
+       int write_avail;              /* Bytes available for writing.         */
+       int writebuf_size;            /* Size of write buffer.                */
+};
+
+/*************************  PROTOTYPES  *************************/
+
+char *tmy_find_condition_part(char *data);
+const struct condition_list *tmy_assign_condition(const char *condition);
+int tmy_check_condition(const struct condition_list *ptr,
+       struct obj_info *obj);
+int tmy_dump_condition(struct io_buffer *head,
+       const struct condition_list *ptr);
+const char *tmy_get_exe(void);
+const char *tmy_acltype2keyword(const unsigned int acl_type);
+
+int tmy_mount_perm(char *dev_name,
+                  char *dir_name,
+                  char *type,
+                  unsigned long flags);
+int tmy_conceal_mount(struct nameidata *nd);
+int tmy_umount_perm(struct vfsmount *mnt);
+int tmy_add_mount_policy(char *data, const int is_delete);
+int tmy_read_mount_policy(struct io_buffer *head);
+int tmy_add_no_umount_policy(char *data, const int is_delete);
+int tmy_read_no_umount_policy(struct io_buffer *head);
+int tmy_pivot_root_perm(struct nameidata *old_nd,
+                       struct nameidata *new_nd);
+int tmy_add_pivot_root_policy(char *data, const int is_delete);
+int tmy_read_pivot_root_policy(struct io_buffer *head);
+
+int tmy_add_aggregator_policy(char *data, const int is_delete);
+int tmy_add_addr_group_policy(char *data, const int is_delete);
+int tmy_add_alias_policy(char *data, const int is_delete);
+int tmy_add_argv0_policy(char *data,
+                        struct domain_info *domain,
+                        const struct condition_list *cond,
+                        const int is_delete);
+int tmy_add_acl(struct acl_info *ptr,
+               struct domain_info *domain,
+               struct acl_info *new_ptr);
+int tmy_add_domain_initializer_policy(char *data,
+                                     const int is_not,
+                                     const int is_delete);
+int tmy_add_domain_keeper_policy(char *data,
+                                const int is_not,
+                                const int is_delete);
+int tmy_file_perm(const char *filename0, const u8 perm, const char *operation);
+int tmy_add_file_policy(char *data,
+                       struct domain_info *domain,
+                       const struct condition_list *cond,
+                       const int is_delete);
+int tmy_add_globally_readable_policy(char *data, const int is_delete);
+int tmy_add_group_policy(char *data, const int is_delete);
+int tmy_add_network_policy(char *data,
+                          struct domain_info *domain,
+                          const struct condition_list *cond,
+                          const int is_delete);
+int tmy_add_no_rewrite_policy(char *pattern, const int is_delete);
+int tmy_add_pattern_policy(char *data, const int is_delete);
+int tmy_supervisor(const char *fmt, ...)
+       __attribute__((format(printf, 1, 2)));
+
+int tmy_del_acl(struct acl_info *ptr);
+int tmy_delete_domain(char *data);
+int tmy_is_correct_domain(const unsigned char *domainname,
+                         const char *function);
+int tmy_correct_path(const char *filename,
+                    const int start_type,
+                    const int pattern_type,
+                    const int end_type,
+                    const char *function);
+int tmy_is_domain_def(const unsigned char *buffer);
+int tmy_path_match(const struct path_info *pathname0,
+                  const struct path_info *pattern0);
+int tmy_read_aggregator_policy(struct io_buffer *head);
+int tmy_read_alias_policy(struct io_buffer *head);
+int tmy_read_domain_initializer_policy(struct io_buffer *head);
+int tmy_read_domain_keeper_policy(struct io_buffer *head);
+int tmy_read_globally_readable_policy(struct io_buffer *head);
+int tmy_read_group_policy(struct io_buffer *head);
+int tmy_read_no_rewrite_policy(struct io_buffer *head);
+int tmy_read_pattern_policy(struct io_buffer *head);
+int tmy_read_addr_group_policy(struct io_buffer *head);
+int tmy_argv0_perm(const struct path_info *filename, const char *argv0);
+int tmy_network_listen_acl(const int is_ipv6,
+                          const u8 *address,
+                          const u16 port);
+int tmy_network_connect_acl(const int is_ipv6,
+                           const int sock_type,
+                           const u8 *address,
+                           const u16 port);
+int tmy_network_bind_acl(const int is_ipv6,
+                        const int sock_type,
+                        const u8 *address,
+                        const u16 port);
+int tmy_network_sendmsg_acl(const int is_ipv6,
+                           const int sock_type,
+                           const u8 *address,
+                           const u16 port);
+int tmy_network_accept_acl(const int is_ipv6,
+                          const u8 *address,
+                          const u16 port);
+int tmy_network_recvmsg_acl(const int is_ipv6,
+                           const int sock_type,
+                           const u8 *address,
+                           const u16 port);
+
+int tmy_signal_acl(int sig, int pid);
+int tmy_add_signal_policy(char *data,
+                         struct domain_info *domain,
+                         const struct condition_list *cond,
+                         const int is_delete);
+
+char *tmy_init_audit_log(int *len);
+int tmy_write_audit_log(char *log, const int is_granted, const int is_enforce);
+int tmy_acltype2paths(const unsigned int acl_type);
+int tmy_io_printf(struct io_buffer *head, const char *fmt, ...)
+       __attribute__((format(printf, 2, 3)));
+struct domain_info *tmy_find_domain(const char *domainname);
+struct domain_info *tmy_new_domain(const char *domainname, const u8 profile);
+struct domain_info *tmy_undelete_domain(const char *domainname0);
+unsigned int tmy_accept(const unsigned int index);
+unsigned int tmy_enforce(const unsigned int index);
+unsigned int tmy_flags(const unsigned int index);
+unsigned int tmy_audit_grant(void);
+unsigned int tmy_audit_reject(void);
+void tmy_update_counter(const unsigned char index);
+void *tmy_alloc(const size_t size);
+void tmy_free(const void *p);
+void tmy_fill_path_info(struct path_info *ptr);
+
+static inline int tmy_pathcmp(const struct path_info *a,
+                             const struct path_info *b)
+{
+       return a->hash != b->hash || strcmp(a->name, b->name);
+}
+
+extern struct domain_info KERNEL_DOMAIN;
+void tmy_load_policy(const char *filename);
+int tmy_find_next_domain(struct linux_binprm *,
+                        struct domain_info **);
+void tmy_proc_init(void);
+
+struct path_info;
+
+int tmy_exec_perm(const struct path_info *filename, struct file *filp);
+/* Check whether the given dentry is allowed to read/write/execute. */
+int tmy_open_perm(struct dentry *dentry, struct vfsmount *mnt, const int flag);
+/* Check whether the given dentry is allowed to write. */
+int tmy_single_write_perm(const unsigned int operation,
+                         struct dentry *dentry,
+                         struct vfsmount *mnt);
+int tmy_double_write_perm(const unsigned int operation,
+                         struct dentry *dentry1,
+                         struct vfsmount *mnt1,
+                         struct dentry *dentry2,
+                         struct vfsmount *mnt2);
+int tmy_rewrite_perm(struct file *filp);
+
+struct inode;
+
+/********************  Index numbers for Access Controls.  
********************/
+
+#define TMY_TYPE_CREATE_ACL       0
+#define TMY_TYPE_UNLINK_ACL       1
+#define TMY_TYPE_MKDIR_ACL        2
+#define TMY_TYPE_RMDIR_ACL        3
+#define TMY_TYPE_MKFIFO_ACL       4
+#define TMY_TYPE_MKSOCK_ACL       5
+#define TMY_TYPE_MKBLOCK_ACL      6
+#define TMY_TYPE_MKCHAR_ACL       7
+#define TMY_TYPE_TRUNCATE_ACL     8
+#define TMY_TYPE_SYMLINK_ACL      9
+#define TMY_TYPE_LINK_ACL        10
+#define TMY_TYPE_RENAME_ACL      11
+#define TMY_TYPE_REWRITE_ACL     12
+
+#define TMY_TYPE_FILE_ACL      100
+#define TMY_TYPE_ARGV0_ACL      101
+#define TMY_TYPE_IP_NETWORK_ACL 103
+#define TMY_TYPE_SIGNAL_ACL     104
+
+struct linux_binprm;
+struct pt_regs;
+
+#define TMY_CHECK_READ_FOR_OPEN_EXEC 1
+
+int tmy_too_many_acl(struct domain_info * const domain);
+char *tmy_print_ipv6(char *buffer, const int buffer_len, const u16 *ip);
+const char *tmy_network2keyword(const unsigned int operation);
+
+/* to check "if task.parent.pid" condition. */
+extern asmlinkage long sys_getppid(void);
+
+#endif

-
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to