1 |
Notes for AKARI project |
2 |
|
3 |
AKARI is Access Keeping And Regulating Instrument for Linux 2.6 and later |
4 |
kernels. |
5 |
|
6 |
You can use AKARI for analyzing your system's behavior (i.e. reports which |
7 |
application accesses which resources like strace command does) and optionally |
8 |
restricting your system's behavior (i.e. controls which application can |
9 |
access which resources like TOMOYO/AppArmor does). |
10 |
|
11 |
AKARI is forked from TOMOYO 1.8 and made as a LKM (loadable kernel module) |
12 |
so that you don't need to replace your kernels installed in your system. |
13 |
|
14 |
This patch is released under the GPLv2. |
15 |
|
16 |
Project URL: https://akari.osdn.jp/ |
17 |
|
18 |
ChangeLog: |
19 |
|
20 |
Version 1.0 2010/10/10 First release. |
21 |
|
22 |
Version 1.0.1 2010/10/18 Minor update release. |
23 |
|
24 |
Synchronize with TOMOYO revision 4069. |
25 |
|
26 |
Fix off-by-two in ccs_check_unix_address(). |
27 |
|
28 |
Implement post accept() LSM hook. |
29 |
|
30 |
Version 1.0.2 2010/10/25 Minor update release. |
31 |
|
32 |
Synchronize with TOMOYO revision 4090. |
33 |
|
34 |
Add getattr() and readdir() checks. |
35 |
|
36 |
Use "YYYY/MM/DD hh:mm:ss" format for /proc/ccs/ interface. |
37 |
|
38 |
Do not automatically add / for umount(). |
39 |
|
40 |
Version 1.0.3 2010/11/01 Minor update release. |
41 |
|
42 |
Synchronize with TOMOYO revision 4104. |
43 |
|
44 |
Fix pathname handling in ccs_unix_entry(). |
45 |
|
46 |
Version 1.0.4 2010/11/11 Minor update release. |
47 |
|
48 |
Synchronize with TOMOYO 1.8.0 release. |
49 |
|
50 |
Add sysctl() check for 2.6.21 to 2.6.32 kernels. |
51 |
|
52 |
Fix double new_decode_dev() bug for mknod(). |
53 |
|
54 |
Fix keyword typo. |
55 |
|
56 |
Fix build failure on some kernels. |
57 |
|
58 |
Changed pathname prefix priority. |
59 |
|
60 |
Use hash table for faster scan. |
61 |
|
62 |
Updated function comments. |
63 |
|
64 |
Version 1.0.5 2010/11/22 Minor update release. |
65 |
|
66 |
Make ccs_domain_info/ccs_flags inheritable for 2.6.29 and later kernels. |
67 |
|
68 |
Version 1.0.6 2010/12/31 Minor update release. |
69 |
|
70 |
Synchronize with TOMOYO revision 4280. |
71 |
|
72 |
Use same interface for audit logs. |
73 |
|
74 |
Split ccs_null_security into ccs_default_security and ccs_oom_security. |
75 |
|
76 |
Version 1.0.7 2011/01/21 Minor update release. |
77 |
|
78 |
Synchronize with TOMOYO revision 4400. |
79 |
|
80 |
Use filesystem name for unnamed devices when vfsmount is missing. |
81 |
|
82 |
Version 1.0.8 2011/02/07 Minor update release. |
83 |
|
84 |
Synchronize with TOMOYO revision 4545. |
85 |
|
86 |
Fix infinite loop bug when reading /proc/ccs/audit or /proc/ccs/query . |
87 |
|
88 |
Version 1.0.9 2011/02/14 Minor update release. |
89 |
|
90 |
Fix missing permission check for interpreters in 2.6.30 and later kernels. |
91 |
|
92 |
Version 1.0.10 2011/02/15 Minor update release. |
93 |
|
94 |
Fix missing permission check for interpreters in 2.6.23 and earlier kernels. |
95 |
|
96 |
Fix wrong execute permission check and domain transition in 2.6.28 and earlier kernels. |
97 |
|
98 |
Version 1.0.11 2010/04/01 Minor update release. |
99 |
|
100 |
Synchronize with TOMOYO 1.8.1 release. |
101 |
|
102 |
Run garbage collector without waiting for /proc/ccs/ users. |
103 |
|
104 |
Support built-in policy configuration. |
105 |
|
106 |
Remove /proc/ccs/meminfo interface. |
107 |
|
108 |
Pack policy when printing via /proc/ccs/ interface. |
109 |
|
110 |
Fix conditional policy parsing. |
111 |
|
112 |
Serialize updating profile's comment line. |
113 |
|
114 |
Version 1.0.12 2011/04/11 Minor update release. |
115 |
|
116 |
Synchronize with TOMOYO revision 4874. |
117 |
|
118 |
Fix fcntl(F_SETFL, O_APPEND) handling. |
119 |
|
120 |
Version 1.0.13 2011/05/05 Minor update release. |
121 |
|
122 |
Synchronize with TOMOYO revision 4963. |
123 |
|
124 |
Fix wrong profile number in audit logs for "misc env" permission. |
125 |
|
126 |
Version 1.0.14 2011/05/11 Minor update release. |
127 |
|
128 |
Synchronize with TOMOYO revision 4978. |
129 |
|
130 |
Fix wrong domainname validation. |
131 |
|
132 |
Version 1.0.15 2011/06/20 Minor update release. |
133 |
|
134 |
Synchronize with TOMOYO 1.8.2 release. |
135 |
|
136 |
Add policy namespace support. |
137 |
|
138 |
Version 1.0.16 2011/07/07 Minor update release. |
139 |
|
140 |
Synchronize with TOMOYO revision 5235. |
141 |
|
142 |
Remove /proc/ccs/.domain_status interface. |
143 |
|
144 |
Version 1.0.17 2011/07/13 Minor update release. |
145 |
|
146 |
Synchronize with TOMOYO revision 5266. |
147 |
|
148 |
Fix /proc/ccs/stat parser. |
149 |
|
150 |
Accept "::" notation for IPv6 address. |
151 |
|
152 |
Version 1.0.18 2011/09/03 Minor update release. |
153 |
|
154 |
Synchronize with TOMOYO revision 5401. |
155 |
|
156 |
Avoid race when retrying "file execute" permission check. |
157 |
|
158 |
Remove unneeded daemonize(). |
159 |
|
160 |
Fix load failure with !CONFIG_SMP && !CONFIG_DEBUG_SPINLOCK kernels. |
161 |
|
162 |
Version 1.0.19 2011/09/15 Minor update release. |
163 |
|
164 |
Use akari/config.h for choosing build options. |
165 |
|
166 |
Fix build error on CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER=y case. |
167 |
|
168 |
Use lookup_mnt() rather than __put_namespace(). (2.6.0 to 2.6.2 kernels) |
169 |
|
170 |
Fix unbalanced spin_lock()/spin_unlock() pair in lsm_pin(). |
171 |
(2.6.15 to 2.6.35 kernels) |
172 |
|
173 |
Fix "struct task_struct" leaks of tasks created before loading akari.ko . |
174 |
(2.6.28 and earlier kernels) |
175 |
|
176 |
Use "struct task_struct"->pids[PIDTYPE_PID].pid instead of |
177 |
"struct task_struct" for associating with per "struct task_struct" variables |
178 |
(i.e. "struct ccs_security") in order to reduce amount of dead memory |
179 |
waiting for garbage collection. (2.6.29 and later kernels) |
180 |
|
181 |
Add akari_test.ko for checking whether akari.ko seems to work or not. |
182 |
|
183 |
Add SH and ARM architectures support. (Needs more testing.) |
184 |
|
185 |
Version 1.0.20 2011/09/29 Minor update release. |
186 |
|
187 |
Synchronize with TOMOYO 1.8.3 release. |
188 |
|
189 |
Allow specifying domain transition preference. |
190 |
|
191 |
Simplify garbage collector. |
192 |
|
193 |
Version 1.0.21 2011/10/25 Minor update release. |
194 |
|
195 |
Synchronize with TOMOYO revision 5569. |
196 |
|
197 |
Fix incomplete read after seek. |
198 |
|
199 |
Use query id for reaching target process's domain policy. |
200 |
|
201 |
Fix quota counting. |
202 |
|
203 |
Version 1.0.22 2011/11/11 Minor update release. |
204 |
|
205 |
Synchronize with TOMOYO revision 5625. |
206 |
|
207 |
Optimize for object's size. |
208 |
|
209 |
Version 1.0.23 2011/11/18 Minor update release. |
210 |
|
211 |
Synchronize with TOMOYO revision 5646. |
212 |
|
213 |
Fix kernel config mapping error. |
214 |
|
215 |
Version 1.0.24 2011/12/13 Minor update release. |
216 |
|
217 |
Synchronize with TOMOYO revision 5711. |
218 |
|
219 |
Follow __d_path() behavior change. (Only 2.6.36 and later) |
220 |
|
221 |
Version 1.0.25 2012/02/29 Minor update release. |
222 |
|
223 |
Synchronize with TOMOYO revision 5893. |
224 |
|
225 |
Follow UMH_WAIT_PROC constant renumbering. |
226 |
|
227 |
Fix mount flags checking order. |
228 |
|
229 |
Version 1.0.26 2012/04/01 Minor update release. |
230 |
|
231 |
Synchronize with TOMOYO revision 5973. |
232 |
|
233 |
Return appropriate value to poll(). |
234 |
|
235 |
Version 1.0.27 2012/05/05 Minor update release. |
236 |
|
237 |
Synchronize with TOMOYO revision 6035. |
238 |
|
239 |
Readd RHEL_MINOR/AX_MINOR checks. |
240 |
|
241 |
Accept manager programs which do not start with / . |
242 |
|
243 |
Version 1.0.28 2012/10/20 Security update release. |
244 |
|
245 |
Fix kernel panic caused by double kfree() bug when "struct ccs_execve" |
246 |
pointer was by error duplicated at __ccs_alloc_task_security(). |
247 |
This bug affects only 2.6.28 and earlier kernels. |
248 |
|
249 |
Version 1.0.29 2012/11/04 Minor update release. |
250 |
|
251 |
Use dummy pointer as needed in order to make sure that security_bprm_free() |
252 |
(which is used for making the caller of do_execve() return to previous |
253 |
domain when do_execve() failed after domain transition) is always called. |
254 |
Without this fix, domain transition history on 2.6.28 and earlier kernels |
255 |
becomes inaccurate. |
256 |
|
257 |
Version 1.0.30 2013/02/14 Minor update release. |
258 |
|
259 |
Commit a2a8474c "exec: do not sleep in TASK_TRACED under ->cred_guard_mutex" |
260 |
moved "current->in_execve = 1;" from before prepare_bprm_creds() to after |
261 |
prepare_bprm_creds(). It turned out that, as an unexpected bonus, we can use |
262 |
security_prepare_creds() as a hook for emulating security_bprm_free() hook. |
263 |
|
264 |
I updated the logic for security_bprm_free() emulation, and now AKARI should |
265 |
be able to coexist with other AKARI-like LKM-based LSM implementations (e.g. |
266 |
CaitSith) on all kernel versions other than 2.6.29 and 2.6.30. |
267 |
|
268 |
Version 1.0.31 2015/01/12 Minor update release. |
269 |
|
270 |
Synchronize with TOMOYO revision 6373. |
271 |
|
272 |
Fix missing chmod(-1) check in Linux 3.1 and later kernels. |
273 |
|
274 |
Fix potentially using bogus attributes when stat() fails. |
275 |
|
276 |
Version 1.0.32 2015/04/08 Minor update release. |
277 |
|
278 |
Synchronize with TOMOYO revision 6388. |
279 |
|
280 |
Fix incorrect readdir() permission check. |
281 |
|
282 |
Version 1.0.33 2015/04/21 Minor update release. |
283 |
|
284 |
Synchronize with TOMOYO revision 6407. |
285 |
|
286 |
Fix incorrect retry request check. |
287 |
|
288 |
Version 1.0.34 2015/05/05 Minor update release. |
289 |
|
290 |
Synchronize with TOMOYO 1.8.4 release. |
291 |
|
292 |
Support multiple use_group entries. |
293 |
|
294 |
Version 1.0.35 2015/11/11 Minor update release. |
295 |
|
296 |
Synchronize with TOMOYO 1.8.5 release. |
297 |
|
298 |
Use memory allocation flags used by TOMOYO 2.x. |
299 |
|
300 |
Limit wildcard recursion depth. |
301 |
|
302 |
Version 1.0.36 2017/02/20 Minor update release. |
303 |
|
304 |
Synchronize with TOMOYO revision 6553. |
305 |
|
306 |
The bug fixed in TOMOYO's GC does not affect AKARI because |
307 |
AKARI always uses CONFIG_CCSECURITY_USE_EXTERNAL_TASK_SECURITY. |
308 |
|
309 |
Version 1.0.37 2017/09/17 Minor update release. |
310 |
|
311 |
Use smp_rmb() when waiting for hook readiness. |
312 |
|
313 |
Version 1.0.38 2018/04/01 Minor update release. |
314 |
|
315 |
Synchronize with TOMOYO revision 6638. |
316 |
|
317 |
Due to incorrect probe_kernel_write() usage, previously registered LSM |
318 |
hook (if any) was by error overwritten by this hook. This bug affects |
319 |
only 4.12 and later kernels. |
320 |
|
321 |
Version 1.0.39 2019/08/20 Minor update release. |
322 |
|
323 |
Synchronize with TOMOYO 1.8.6 release. |
324 |
|
325 |
Change pathname calculation for read-only filesystems. |
326 |
|
327 |
Reject move_mount() system call for now. |
328 |
|
329 |
Don't check open/getattr permission on sockets. |
330 |
|
331 |
Version 1.0.40 2019/12/25 Minor update release. |
332 |
|
333 |
Synchronize with TOMOYO revision 6758. |
334 |
|
335 |
Don't use nifty names on sockets. |
336 |
|
337 |
Version 1.0.41 2020/04/13 Minor update release. |
338 |
|
339 |
Synchronize with TOMOYO revision 6785. |
340 |
|
341 |
Fix wrong put_page() usage in ccs_dump_page(). |
342 |
|
343 |
Version 1.0.42 2020/05/05 Minor update release. |
344 |
|
345 |
Synchronize with TOMOYO 1.8.7 release. |
346 |
|
347 |
Loosen domainname validation and pathname validation. |
348 |
|
349 |
Version 1.0.43 2020/08/08 Minor update release. |
350 |
|
351 |
Synchronize with TOMOYO revision 6816. |
352 |
|
353 |
Fix domain transition preference. |
354 |
|
355 |
Version 1.0.44 2020/08/20 Minor update release. |
356 |
|
357 |
Synchronize with TOMOYO revision 6821. |
358 |
|
359 |
Fix ccs_realpath() fallback. |
360 |
|
361 |
Fix wrong ccs_search_binary_handler() mapping. |
362 |
|
363 |
Version 1.0.45 2020/11/11 Minor update release. |
364 |
|
365 |
Synchronize with TOMOYO 1.8.8 release. |
366 |
|
367 |
Fix LSM hook detection on ARM64. |
368 |
|
369 |
Version 1.0.46 2020/11/12 Minor update release. |
370 |
|
371 |
Since ccsecurity_exports.load_policy is initialized to NULL in AKARI, |
372 |
calling ccsecurity_exports.load_policy() before ccs_permission_init() is |
373 |
called (changed in revision 654) caused kernel panic as soon as loading |
374 |
akari.ko module. Since AKARI directly calls ccs_load_policy(), there is |
375 |
no need to use ccsecurity_exports.load_policy(). |
376 |
|
377 |
Version 1.0.47 2021/04/01 Minor update release. |
378 |
|
379 |
Synchronize with TOMOYO 1.8.9 release. |
380 |
|
381 |
Skip permission checks for fileless execution requests. |
382 |
|
383 |
Fix ccs_kernel_service(). |
384 |
|
385 |
Version 1.0.48 2023/05/27 Security update release. |
386 |
|
387 |
When ccs_start_execve() failed before CCS_TASK_IS_IN_EXECVE is set, |
388 |
ccs_clear_execve(-1, ptr) was not called. As a result, retried execve() |
389 |
request did not check execute permission. This bug affects only 2.6.29 |
390 |
and later kernels. |