diff options
| author |   Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-09-10 15:23:54 +0900 |
|---|---|---|
| committer |   James Morris <jmorris@namei.org> | 2011-09-14 08:27:05 +1000 |
| commit | 059d84dbb3897d4ee494a9c842c5dda54316cb47 (patch) | |
| tree | 483ca0cb613b1304184b92f075b3f5283d36c723 /security/tomoyo/gc.c | |
| parent | TOMOYO: Add environment variable name restriction support. (diff) | |
| download | linux-dev-059d84dbb3897d4ee494a9c842c5dda54316cb47.tar.xz linux-dev-059d84dbb3897d4ee494a9c842c5dda54316cb47.zip | |
TOMOYO: Add socket operation restriction support.
This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX
socket's bind()/listen()/connect()/send() operations.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/gc.c')
| -rw-r--r-- | security/tomoyo/gc.c | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index 818b07998111..7747ceb9a221 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -16,6 +16,7 @@ static DEFINE_SPINLOCK(tomoyo_io_buffer_list_lock); /* Size of an element. */ static const u8 tomoyo_element_size[TOMOYO_MAX_POLICY] = { [TOMOYO_ID_GROUP] = sizeof(struct tomoyo_group), + [TOMOYO_ID_ADDRESS_GROUP] = sizeof(struct tomoyo_address_group), [TOMOYO_ID_PATH_GROUP] = sizeof(struct tomoyo_path_group), [TOMOYO_ID_NUMBER_GROUP] = sizeof(struct tomoyo_number_group), [TOMOYO_ID_AGGREGATOR] = sizeof(struct tomoyo_aggregator), @@ -36,6 +37,8 @@ static const u8 tomoyo_acl_size[] = { [TOMOYO_TYPE_PATH_NUMBER_ACL] = sizeof(struct tomoyo_path_number_acl), [TOMOYO_TYPE_MKDEV_ACL] = sizeof(struct tomoyo_mkdev_acl), [TOMOYO_TYPE_MOUNT_ACL] = sizeof(struct tomoyo_mount_acl), + [TOMOYO_TYPE_INET_ACL] = sizeof(struct tomoyo_inet_acl), + [TOMOYO_TYPE_UNIX_ACL] = sizeof(struct tomoyo_unix_acl), [TOMOYO_TYPE_ENV_ACL] = sizeof(struct tomoyo_env_acl), }; @@ -302,6 +305,23 @@ static void tomoyo_del_acl(struct list_head *element) tomoyo_put_name(entry->env); } break; + case TOMOYO_TYPE_INET_ACL: + { + struct tomoyo_inet_acl *entry = + container_of(acl, typeof(*entry), head); + + tomoyo_put_group(entry->address.group); + tomoyo_put_number_union(&entry->port); + } + break; + case TOMOYO_TYPE_UNIX_ACL: + { + struct tomoyo_unix_acl *entry = + container_of(acl, typeof(*entry), head); + + tomoyo_put_name_union(&entry->name); + } + break; } } @@ -431,6 +451,18 @@ static void tomoyo_del_group(struct list_head *element) } /** + * tomoyo_del_address_group - Delete members in "struct tomoyo_address_group". + * + * @element: Pointer to "struct list_head". + * + * Returns nothing. + */ +static inline void tomoyo_del_address_group(struct list_head *element) +{ + /* Nothing to do. */ +} + +/** * tomoyo_del_number_group - Delete members in "struct tomoyo_number_group". * * @element: Pointer to "struct list_head". @@ -527,9 +559,12 @@ static void tomoyo_collect_entry(void) case 0: id = TOMOYO_ID_PATH_GROUP; break; - default: + case 1: id = TOMOYO_ID_NUMBER_GROUP; break; + default: + id = TOMOYO_ID_ADDRESS_GROUP; + break; } list_for_each_entry(group, list, head.list) { if (!tomoyo_collect_member @@ -634,6 +669,9 @@ static bool tomoyo_kfree_entry(void) case TOMOYO_ID_PATH_GROUP: tomoyo_del_path_group(element); break; + case TOMOYO_ID_ADDRESS_GROUP: + tomoyo_del_address_group(element); + break; case TOMOYO_ID_GROUP: tomoyo_del_group(element); break; |