summaryrefslogtreecommitdiffstats
path: root/security/tomoyo/gc.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2011-09-10 15:23:54 +0900
committerJames Morris <jmorris@namei.org>2011-09-14 08:27:05 +1000
commit059d84dbb3897d4ee494a9c842c5dda54316cb47 (patch)
tree483ca0cb613b1304184b92f075b3f5283d36c723 /security/tomoyo/gc.c
parentd58e0da854376841ac99defeb117a83f086715c6 (diff)
downloadlinux-stable-059d84dbb3897d4ee494a9c842c5dda54316cb47.tar.gz
linux-stable-059d84dbb3897d4ee494a9c842c5dda54316cb47.tar.bz2
linux-stable-059d84dbb3897d4ee494a9c842c5dda54316cb47.zip
TOMOYO: Add socket operation restriction support.
This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX socket's bind()/listen()/connect()/send() operations. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/gc.c')
-rw-r--r--security/tomoyo/gc.c40
1 files changed, 39 insertions, 1 deletions
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index 818b07998111..7747ceb9a221 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -16,6 +16,7 @@ static DEFINE_SPINLOCK(tomoyo_io_buffer_list_lock);
/* Size of an element. */
static const u8 tomoyo_element_size[TOMOYO_MAX_POLICY] = {
[TOMOYO_ID_GROUP] = sizeof(struct tomoyo_group),
+ [TOMOYO_ID_ADDRESS_GROUP] = sizeof(struct tomoyo_address_group),
[TOMOYO_ID_PATH_GROUP] = sizeof(struct tomoyo_path_group),
[TOMOYO_ID_NUMBER_GROUP] = sizeof(struct tomoyo_number_group),
[TOMOYO_ID_AGGREGATOR] = sizeof(struct tomoyo_aggregator),
@@ -36,6 +37,8 @@ static const u8 tomoyo_acl_size[] = {
[TOMOYO_TYPE_PATH_NUMBER_ACL] = sizeof(struct tomoyo_path_number_acl),
[TOMOYO_TYPE_MKDEV_ACL] = sizeof(struct tomoyo_mkdev_acl),
[TOMOYO_TYPE_MOUNT_ACL] = sizeof(struct tomoyo_mount_acl),
+ [TOMOYO_TYPE_INET_ACL] = sizeof(struct tomoyo_inet_acl),
+ [TOMOYO_TYPE_UNIX_ACL] = sizeof(struct tomoyo_unix_acl),
[TOMOYO_TYPE_ENV_ACL] = sizeof(struct tomoyo_env_acl),
};
@@ -302,6 +305,23 @@ static void tomoyo_del_acl(struct list_head *element)
tomoyo_put_name(entry->env);
}
break;
+ case TOMOYO_TYPE_INET_ACL:
+ {
+ struct tomoyo_inet_acl *entry =
+ container_of(acl, typeof(*entry), head);
+
+ tomoyo_put_group(entry->address.group);
+ tomoyo_put_number_union(&entry->port);
+ }
+ break;
+ case TOMOYO_TYPE_UNIX_ACL:
+ {
+ struct tomoyo_unix_acl *entry =
+ container_of(acl, typeof(*entry), head);
+
+ tomoyo_put_name_union(&entry->name);
+ }
+ break;
}
}
@@ -431,6 +451,18 @@ static void tomoyo_del_group(struct list_head *element)
}
/**
+ * tomoyo_del_address_group - Delete members in "struct tomoyo_address_group".
+ *
+ * @element: Pointer to "struct list_head".
+ *
+ * Returns nothing.
+ */
+static inline void tomoyo_del_address_group(struct list_head *element)
+{
+ /* Nothing to do. */
+}
+
+/**
* tomoyo_del_number_group - Delete members in "struct tomoyo_number_group".
*
* @element: Pointer to "struct list_head".
@@ -527,9 +559,12 @@ static void tomoyo_collect_entry(void)
case 0:
id = TOMOYO_ID_PATH_GROUP;
break;
- default:
+ case 1:
id = TOMOYO_ID_NUMBER_GROUP;
break;
+ default:
+ id = TOMOYO_ID_ADDRESS_GROUP;
+ break;
}
list_for_each_entry(group, list, head.list) {
if (!tomoyo_collect_member
@@ -634,6 +669,9 @@ static bool tomoyo_kfree_entry(void)
case TOMOYO_ID_PATH_GROUP:
tomoyo_del_path_group(element);
break;
+ case TOMOYO_ID_ADDRESS_GROUP:
+ tomoyo_del_address_group(element);
+ break;
case TOMOYO_ID_GROUP:
tomoyo_del_group(element);
break;