diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-03-07 11:44:01 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-03-07 11:44:01 -0800 |
commit | ae5906ceee038ea29ff5162d1bcd18fb50af8b94 (patch) | |
tree | 841a11c6d3c3afcf7e4d57be370ebcf57aab214a /security/tomoyo/util.c | |
parent | 1fc1cd8399ab5541a488a7e47b2f21537dd76c2d (diff) | |
parent | 468e91cecb3218afd684b8c422490dfebe0691bb (diff) |
Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
- Extend LSM stacking to allow sharing of cred, file, ipc, inode, and
task blobs. This paves the way for more full-featured LSMs to be
merged, and is specifically aimed at LandLock and SARA LSMs. This
work is from Casey and Kees.
- There's a new LSM from Micah Morton: "SafeSetID gates the setid
family of syscalls to restrict UID/GID transitions from a given
UID/GID to only those approved by a system-wide whitelist." This
feature is currently shipping in ChromeOS.
* 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (62 commits)
keys: fix missing __user in KEYCTL_PKEY_QUERY
LSM: Update list of SECURITYFS users in Kconfig
LSM: Ignore "security=" when "lsm=" is specified
LSM: Update function documentation for cap_capable
security: mark expected switch fall-throughs and add a missing break
tomoyo: Bump version.
LSM: fix return value check in safesetid_init_securityfs()
LSM: SafeSetID: add selftest
LSM: SafeSetID: remove unused include
LSM: SafeSetID: 'depend' on CONFIG_SECURITY
LSM: Add 'name' field for SafeSetID in DEFINE_LSM
LSM: add SafeSetID module that gates setid calls
LSM: add SafeSetID module that gates setid calls
tomoyo: Allow multiple use_group lines.
tomoyo: Coding style fix.
tomoyo: Swicth from cred->security to task_struct->security.
security: keys: annotate implicit fall throughs
security: keys: annotate implicit fall throughs
security: keys: annotate implicit fall through
capabilities:: annotate implicit fall through
...
Diffstat (limited to 'security/tomoyo/util.c')
-rw-r--r-- | security/tomoyo/util.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index badffc8271c8..0517cbdd7275 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -91,6 +91,7 @@ const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX] = { void tomoyo_convert_time(time64_t time64, struct tomoyo_time *stamp) { struct tm tm; + time64_to_tm(time64, 0, &tm); stamp->sec = tm.tm_sec; stamp->min = tm.tm_min; @@ -113,6 +114,7 @@ void tomoyo_convert_time(time64_t time64, struct tomoyo_time *stamp) bool tomoyo_permstr(const char *string, const char *keyword) { const char *cp = strstr(string, keyword); + if (cp) return cp == string || *(cp - 1) == '/'; return false; @@ -132,6 +134,7 @@ char *tomoyo_read_token(struct tomoyo_acl_param *param) { char *pos = param->data; char *del = strchr(pos, ' '); + if (del) *del++ = '\0'; else @@ -152,6 +155,7 @@ const struct tomoyo_path_info *tomoyo_get_domainname { char *start = param->data; char *pos = start; + while (*pos) { if (*pos++ != ' ' || *pos++ == '/') continue; @@ -181,8 +185,10 @@ u8 tomoyo_parse_ulong(unsigned long *result, char **str) const char *cp = *str; char *ep; int base = 10; + if (*cp == '0') { char c = *(cp + 1); + if (c == 'x' || c == 'X') { base = 16; cp += 2; @@ -240,6 +246,7 @@ bool tomoyo_parse_name_union(struct tomoyo_acl_param *param, struct tomoyo_name_union *ptr) { char *filename; + if (param->data[0] == '@') { param->data++; ptr->group = tomoyo_get_group(param, TOMOYO_PATH_GROUP); @@ -266,6 +273,7 @@ bool tomoyo_parse_number_union(struct tomoyo_acl_param *param, char *data; u8 type; unsigned long v; + memset(ptr, 0, sizeof(*ptr)); if (param->data[0] == '@') { param->data++; @@ -429,6 +437,7 @@ static bool tomoyo_correct_word2(const char *string, size_t len) unsigned char c; unsigned char d; unsigned char e; + if (!len) goto out; while (len--) { @@ -533,6 +542,7 @@ bool tomoyo_correct_domain(const unsigned char *domainname) return true; while (1) { const unsigned char *cp = strchr(domainname, ' '); + if (!cp) break; if (*domainname != '/' || @@ -554,6 +564,7 @@ bool tomoyo_domain_def(const unsigned char *buffer) { const unsigned char *cp; int len; + if (*buffer != '<') return false; cp = strchr(buffer, ' '); @@ -668,6 +679,9 @@ static bool tomoyo_file_matches_pattern2(const char *filename, { while (filename < filename_end && pattern < pattern_end) { char c; + int i; + int j; + if (*pattern != '\\') { if (*filename++ != *pattern++) return false; @@ -676,8 +690,6 @@ static bool tomoyo_file_matches_pattern2(const char *filename, c = *filename; pattern++; switch (*pattern) { - int i; - int j; case '?': if (c == '/') { return false; @@ -985,6 +997,7 @@ int tomoyo_init_request_info(struct tomoyo_request_info *r, struct tomoyo_domain_info *domain, const u8 index) { u8 profile; + memset(r, 0, sizeof(*r)); if (!domain) domain = tomoyo_domain(); @@ -1018,6 +1031,7 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { u16 perm; u8 i; + if (ptr->is_deleted) continue; switch (ptr->type) { @@ -1062,9 +1076,8 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true; /* r->granted = false; */ tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]); - printk(KERN_WARNING "WARNING: " - "Domain '%s' has too many ACLs to hold. " - "Stopped learning mode.\n", domain->domainname->name); + pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n", + domain->domainname->name); } return false; } |