TOMOYO: Add environment variable name restriction support.

obj-y = audit.o common.o condition.o domain.o file.o gc.o group.o load_policy.o memory.o mount.o realpath.o securityfs_if.o tomoyo.o util.o

obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o realpath.o securityfs_if.o tomoyo.o util.o

$(obj)/policy/profile.conf:

	@mkdir -p $(obj)/policy/

/* String table for /sys/kernel/security/tomoyo/profile */

const char * const tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX

				       + TOMOYO_MAX_MAC_CATEGORY_INDEX] = {

	/* CONFIG::file group */

	[TOMOYO_MAC_FILE_EXECUTE]    = "execute",

	[TOMOYO_MAC_FILE_OPEN]       = "open",

	[TOMOYO_MAC_FILE_CREATE]     = "create",

	[TOMOYO_MAC_FILE_MOUNT]      = "mount",

	[TOMOYO_MAC_FILE_UMOUNT]     = "unmount",

	[TOMOYO_MAC_FILE_PIVOT_ROOT] = "pivot_root",

	/* CONFIG::misc group */

	[TOMOYO_MAC_ENVIRON] = "env",

	/* CONFIG group */

	[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file",

	[TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_MISC] = "misc",

};

/* String table for conditions. */

static const char * const tomoyo_category_keywords

[TOMOYO_MAX_MAC_CATEGORY_INDEX] = {

	[TOMOYO_MAC_CATEGORY_FILE] = "file",

	[TOMOYO_MAC_CATEGORY_MISC] = "misc",

};

/* Permit policy management by non-root user? */

	static const struct {

		const char *keyword;

		int (*write) (struct tomoyo_acl_param *);

	} tomoyo_callback[1] = {

	} tomoyo_callback[2] = {

		{ "file ", tomoyo_write_file },

		{ "misc ", tomoyo_write_misc },

	};

	u8 i;

	for (i = 0; i < 1; i++) {

	for (i = 0; i < ARRAY_SIZE(tomoyo_callback); i++) {

		if (!tomoyo_str_starts(&param.data,

				       tomoyo_callback[i].keyword))

			continue;

		tomoyo_print_name_union(head, &ptr->dir_name);

		tomoyo_print_name_union(head, &ptr->fs_type);

		tomoyo_print_number_union(head, &ptr->flags);

	} else if (acl_type == TOMOYO_TYPE_ENV_ACL) {

		struct tomoyo_env_acl *ptr =

			container_of(acl, typeof(*ptr), head);

		tomoyo_set_group(head, "misc env ");

		tomoyo_set_string(head, ptr->env->name);

	}

	if (acl->cond) {

		head->r.print_cond_part = true;

	TOMOYO_TYPE_PATH_NUMBER_ACL,

	TOMOYO_TYPE_MKDEV_ACL,

	TOMOYO_TYPE_MOUNT_ACL,

	TOMOYO_TYPE_ENV_ACL,

};

/* Index numbers for access controls with one pathname. */

	TOMOYO_MAC_FILE_MOUNT,

	TOMOYO_MAC_FILE_UMOUNT,

	TOMOYO_MAC_FILE_PIVOT_ROOT,

	TOMOYO_MAC_ENVIRON,

	TOMOYO_MAX_MAC_INDEX

};

/* Index numbers for category of functionality. */

enum tomoyo_mac_category_index {

	TOMOYO_MAC_CATEGORY_FILE,

	TOMOYO_MAC_CATEGORY_MISC,

	TOMOYO_MAX_MAC_CATEGORY_INDEX

};

			 */

			u8 operation;

		} path_number;

		struct {

			const struct tomoyo_path_info *name;

		} environ;

		struct {

			const struct tomoyo_path_info *type;

			const struct tomoyo_path_info *dir;

	struct tomoyo_number_union flags;

};

/* Structure for "misc env" directive in domain policy. */

struct tomoyo_env_acl {

	struct tomoyo_acl_info head;        /* type = TOMOYO_TYPE_ENV_ACL  */

	const struct tomoyo_path_info *env; /* environment variable */

};

/* Structure for holding a line from /sys/kernel/security/tomoyo/ interface. */

struct tomoyo_acl_param {

	char *data;

int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,

				 struct path *path, const int flag);

int tomoyo_close_control(struct tomoyo_io_buffer *head);

int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env);

int tomoyo_find_next_domain(struct linux_binprm *bprm);

int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,

		    const u8 index);

int tomoyo_write_aggregator(struct tomoyo_acl_param *param);

int tomoyo_write_file(struct tomoyo_acl_param *param);

int tomoyo_write_group(struct tomoyo_acl_param *param, const u8 type);

int tomoyo_write_misc(struct tomoyo_acl_param *param);

int tomoyo_write_transition_control(struct tomoyo_acl_param *param,

				    const u8 type);

ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,

	return entry;

}

/**

 * tomoyo_environ - Check permission for environment variable names.

 *

 * @ee: Pointer to "struct tomoyo_execve".

 *

 * Returns 0 on success, negative value otherwise.

 */

static int tomoyo_environ(struct tomoyo_execve *ee)

{

	struct tomoyo_request_info *r = &ee->r;

	struct linux_binprm *bprm = ee->bprm;

	/* env_page.data is allocated by tomoyo_dump_page(). */

	struct tomoyo_page_dump env_page = { };

	char *arg_ptr; /* Size is TOMOYO_EXEC_TMPSIZE bytes */

	int arg_len = 0;

	unsigned long pos = bprm->p;

	int offset = pos % PAGE_SIZE;

	int argv_count = bprm->argc;

	int envp_count = bprm->envc;

	int error = -ENOMEM;

	ee->r.type = TOMOYO_MAC_ENVIRON;

	ee->r.profile = r->domain->profile;

	ee->r.mode = tomoyo_get_mode(r->domain->ns, ee->r.profile,

				     TOMOYO_MAC_ENVIRON);

	if (!r->mode || !envp_count)

		return 0;

	arg_ptr = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);

	if (!arg_ptr)

		goto out;

	while (error == -ENOMEM) {

		if (!tomoyo_dump_page(bprm, pos, &env_page))

			goto out;

		pos += PAGE_SIZE - offset;

		/* Read. */

		while (argv_count && offset < PAGE_SIZE) {

			if (!env_page.data[offset++])

				argv_count--;

		}

		if (argv_count) {

			offset = 0;

			continue;

		}

		while (offset < PAGE_SIZE) {

			const unsigned char c = env_page.data[offset++];

			if (c && arg_len < TOMOYO_EXEC_TMPSIZE - 10) {

				if (c == '=') {

					arg_ptr[arg_len++] = '\0';

				} else if (c == '\\') {

					arg_ptr[arg_len++] = '\\';

					arg_ptr[arg_len++] = '\\';

				} else if (c > ' ' && c < 127) {

					arg_ptr[arg_len++] = c;

				} else {

					arg_ptr[arg_len++] = '\\';

					arg_ptr[arg_len++] = (c >> 6) + '0';

					arg_ptr[arg_len++]

						= ((c >> 3) & 7) + '0';

					arg_ptr[arg_len++] = (c & 7) + '0';

				}

			} else {

				arg_ptr[arg_len] = '\0';

			}

			if (c)

				continue;

			if (tomoyo_env_perm(r, arg_ptr)) {

				error = -EPERM;

				break;

			}

			if (!--envp_count) {

				error = 0;

				break;

			}

			arg_len = 0;

		}

		offset = 0;

	}

out:

	if (r->mode != TOMOYO_CONFIG_ENFORCING)

		error = 0;

	kfree(env_page.data);

	kfree(arg_ptr);

	return error;

}

/**

 * tomoyo_find_next_domain - Find a domain.

 *

	bool reject_on_transition_failure = false;

	struct tomoyo_path_info rn = { }; /* real name */

	struct tomoyo_execve *ee = kzalloc(sizeof(*ee), GFP_NOFS);

	if (!ee)

		return -ENOMEM;

	ee->tmp = kzalloc(TOMOYO_EXEC_TMPSIZE, GFP_NOFS);

	bprm->cred->security = domain;

	if (need_kfree)

		kfree(rn.name);

	if (!retval) {

		ee->r.domain = domain;

		retval = tomoyo_environ(ee);

	}

	kfree(ee->tmp);

	kfree(ee->dump.data);

	kfree(ee);

		      struct tomoyo_page_dump *dump)

{

	struct page *page;

	/* dump->data is released by tomoyo_finish_execve(). */

	/* dump->data is released by tomoyo_find_next_domain(). */

	if (!dump->data) {

		dump->data = kzalloc(PAGE_SIZE, GFP_NOFS);

		if (!dump->data)

		 * So do I.

		 */

		char *kaddr = kmap_atomic(page, KM_USER0);

		dump->page = page;

		memcpy(dump->data + offset, kaddr + offset,

		       PAGE_SIZE - offset);

/*

 * security/tomoyo/environ.c

 *

 * Copyright (C) 2005-2011  NTT DATA CORPORATION

 */

#include "common.h"

/**

 * tomoyo_check_env_acl - Check permission for environment variable's name.

 *

 * @r:   Pointer to "struct tomoyo_request_info".

 * @ptr: Pointer to "struct tomoyo_acl_info".

 *

 * Returns true if granted, false otherwise.

 */

static bool tomoyo_check_env_acl(struct tomoyo_request_info *r,

				 const struct tomoyo_acl_info *ptr)

{

	const struct tomoyo_env_acl *acl =

		container_of(ptr, typeof(*acl), head);

	return tomoyo_path_matches_pattern(r->param.environ.name, acl->env);

}

/**

 * tomoyo_audit_env_log - Audit environment variable name log.

 *

 * @r: Pointer to "struct tomoyo_request_info".

 *

 * Returns 0 on success, negative value otherwise.

 */

static int tomoyo_audit_env_log(struct tomoyo_request_info *r)

{

	return tomoyo_supervisor(r, "misc env %s\n",

				 r->param.environ.name->name);

}

/**

 * tomoyo_env_perm - Check permission for environment variable's name.

 *

 * @r:   Pointer to "struct tomoyo_request_info".

 * @env: The name of environment variable.

 *

 * Returns 0 on success, negative value otherwise.

 *

 * Caller holds tomoyo_read_lock().

 */

int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env)

{

	struct tomoyo_path_info environ;

	int error;

	if (!env || !*env)

		return 0;

	environ.name = env;

	tomoyo_fill_path_info(&environ);

	r->param_type = TOMOYO_TYPE_ENV_ACL;

	r->param.environ.name = &environ;

	do {

		tomoyo_check_acl(r, tomoyo_check_env_acl);

		error = tomoyo_audit_env_log(r);

	} while (error == TOMOYO_RETRY_REQUEST);

	return error;

}

/**

 * tomoyo_same_env_acl - Check for duplicated "struct tomoyo_env_acl" entry.

 *

 * @a: Pointer to "struct tomoyo_acl_info".

 * @b: Pointer to "struct tomoyo_acl_info".

 *

 * Returns true if @a == @b, false otherwise.

 */

static bool tomoyo_same_env_acl(const struct tomoyo_acl_info *a,

				const struct tomoyo_acl_info *b)

{

	const struct tomoyo_env_acl *p1 = container_of(a, typeof(*p1), head);

	const struct tomoyo_env_acl *p2 = container_of(b, typeof(*p2), head);

	return p1->env == p2->env;

}

/**

 * tomoyo_write_env - Write "struct tomoyo_env_acl" list.

 *

 * @param: Pointer to "struct tomoyo_acl_param".

 *

 * Returns 0 on success, negative value otherwise.

 *

 * Caller holds tomoyo_read_lock().

 */

static int tomoyo_write_env(struct tomoyo_acl_param *param)

{

	struct tomoyo_env_acl e = { .head.type = TOMOYO_TYPE_ENV_ACL };

	int error = -ENOMEM;

	const char *data = tomoyo_read_token(param);

	if (!tomoyo_correct_word(data) || strchr(data, '='))

		return -EINVAL;

	e.env = tomoyo_get_name(data);

	if (!e.env)

		return error;

	error = tomoyo_update_domain(&e.head, sizeof(e), param,

				  tomoyo_same_env_acl, NULL);

	tomoyo_put_name(e.env);

	return error;

}

/**

 * tomoyo_write_misc - Update environment variable list.

 *

 * @param: Pointer to "struct tomoyo_acl_param".

 *

 * Returns 0 on success, negative value otherwise.

 */

int tomoyo_write_misc(struct tomoyo_acl_param *param)

{

	if (tomoyo_str_starts(&param->data, "env "))

		return tomoyo_write_env(param);

	return -EINVAL;

}