3 |
* |
* |
4 |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
5 |
* |
* |
6 |
* Version: 1.7.0-rc 2009/09/01 |
* Version: 1.7.1-pre 2009/10/16 |
7 |
* |
* |
8 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
9 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
16 |
.learning = &ccs_default_profile.preference, |
.learning = &ccs_default_profile.preference, |
17 |
.permissive = &ccs_default_profile.preference, |
.permissive = &ccs_default_profile.preference, |
18 |
.enforcing = &ccs_default_profile.preference, |
.enforcing = &ccs_default_profile.preference, |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
|
19 |
.audit = &ccs_default_profile.preference, |
.audit = &ccs_default_profile.preference, |
20 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
21 |
.preference.audit_max_grant_log = CONFIG_CCSECURITY_MAX_GRANT_LOG, |
.preference.audit_max_grant_log = CONFIG_CCSECURITY_MAX_GRANT_LOG, |
22 |
.preference.audit_max_reject_log = CONFIG_CCSECURITY_MAX_REJECT_LOG, |
.preference.audit_max_reject_log = CONFIG_CCSECURITY_MAX_REJECT_LOG, |
23 |
#endif |
#endif |
24 |
|
.preference.audit_task_info = true, |
25 |
|
.preference.audit_path_info = true, |
26 |
.preference.enforcing_penalty = 0, |
.preference.enforcing_penalty = 0, |
27 |
.preference.enforcing_verbose = true, |
.preference.enforcing_verbose = true, |
28 |
.preference.learning_max_entry = CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY, |
.preference.learning_max_entry = CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY, |
265 |
ptr = ccs_profile_ptr[profile]; |
ptr = ccs_profile_ptr[profile]; |
266 |
if (!ptr && ccs_memory_ok(entry, sizeof(*entry))) { |
if (!ptr && ccs_memory_ok(entry, sizeof(*entry))) { |
267 |
ptr = entry; |
ptr = entry; |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
|
268 |
ptr->audit = &ccs_default_profile.preference; |
ptr->audit = &ccs_default_profile.preference; |
|
#endif |
|
269 |
ptr->learning = &ccs_default_profile.preference; |
ptr->learning = &ccs_default_profile.preference; |
270 |
ptr->permissive = &ccs_default_profile.preference; |
ptr->permissive = &ccs_default_profile.preference; |
271 |
ptr->enforcing = &ccs_default_profile.preference; |
ptr->enforcing = &ccs_default_profile.preference; |
283 |
} |
} |
284 |
|
|
285 |
/** |
/** |
286 |
|
* ccs_check_profile - Check all profiles currently assigned to domains are defined. |
287 |
|
*/ |
288 |
|
void ccs_check_profile(void) |
289 |
|
{ |
290 |
|
struct ccs_domain_info *domain; |
291 |
|
ccs_policy_loaded = true; |
292 |
|
list_for_each_entry_rcu(domain, &ccs_domain_list, list) { |
293 |
|
const u8 profile = domain->profile; |
294 |
|
if (ccs_profile_ptr[profile]) |
295 |
|
continue; |
296 |
|
panic("Profile %u (used by '%s') not defined.\n", |
297 |
|
profile, domain->domainname->name); |
298 |
|
} |
299 |
|
} |
300 |
|
|
301 |
|
/** |
302 |
* ccs_profile - Find a profile. |
* ccs_profile - Find a profile. |
303 |
* |
* |
304 |
* @profile: Profile number to find. |
* @profile: Profile number to find. |
305 |
* |
* |
306 |
* Returns pointer to "struct ccs_profile" on success, NULL otherwise. |
* Returns pointer to "struct ccs_profile". |
307 |
*/ |
*/ |
308 |
struct ccs_profile *ccs_profile(const u8 profile) |
struct ccs_profile *ccs_profile(const u8 profile) |
309 |
{ |
{ |
354 |
value = 0; |
value = 0; |
355 |
else |
else |
356 |
value = -1; |
value = -1; |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
|
357 |
if (!strcmp(data, "PREFERENCE::audit")) { |
if (!strcmp(data, "PREFERENCE::audit")) { |
358 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
359 |
char *cp2; |
char *cp2; |
360 |
|
#endif |
361 |
if (use_default) { |
if (use_default) { |
362 |
profile->audit = &ccs_default_profile.preference; |
profile->audit = &ccs_default_profile.preference; |
363 |
return 0; |
return 0; |
364 |
} |
} |
365 |
profile->audit = &profile->preference; |
profile->audit = &profile->preference; |
366 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
367 |
cp2 = strstr(cp, "max_grant_log="); |
cp2 = strstr(cp, "max_grant_log="); |
368 |
if (cp2) |
if (cp2) |
369 |
sscanf(cp2 + 14, "%u", |
sscanf(cp2 + 14, "%u", |
372 |
if (cp2) |
if (cp2) |
373 |
sscanf(cp2 + 15, "%u", |
sscanf(cp2 + 15, "%u", |
374 |
&profile->preference.audit_max_reject_log); |
&profile->preference.audit_max_reject_log); |
375 |
|
#endif |
376 |
|
if (strstr(cp, "task_info=yes")) |
377 |
|
profile->preference.audit_task_info = true; |
378 |
|
else if (strstr(cp, "task_info=no")) |
379 |
|
profile->preference.audit_task_info = false; |
380 |
|
if (strstr(cp, "path_info=yes")) |
381 |
|
profile->preference.audit_path_info = true; |
382 |
|
else if (strstr(cp, "path_info=no")) |
383 |
|
profile->preference.audit_path_info = false; |
384 |
return 0; |
return 0; |
385 |
} |
} |
|
#endif |
|
386 |
if (!strcmp(data, "PREFERENCE::enforcing")) { |
if (!strcmp(data, "PREFERENCE::enforcing")) { |
387 |
char *cp2; |
char *cp2; |
388 |
if (use_default) { |
if (use_default) { |
510 |
return; |
return; |
511 |
if (head->read_bit) |
if (head->read_bit) |
512 |
goto body; |
goto body; |
513 |
ccs_io_printf(head, "PROFILE_VERSION=%s\n", "20090827"); |
ccs_io_printf(head, "PROFILE_VERSION=%s\n", "20090903"); |
514 |
|
ccs_io_printf(head, "PREFERENCE::audit={ " |
515 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
516 |
|
"max_grant_log=%u max_reject_log=%u " |
517 |
|
#endif |
518 |
|
"task_info=%s path_info=%s }\n", |
519 |
#ifdef CONFIG_CCSECURITY_AUDIT |
#ifdef CONFIG_CCSECURITY_AUDIT |
|
ccs_io_printf(head, "PREFERENCE::audit={ max_grant_log=%u " |
|
|
"max_reject_log=%u }\n", |
|
520 |
ccs_default_profile.preference.audit_max_grant_log, |
ccs_default_profile.preference.audit_max_grant_log, |
521 |
ccs_default_profile.preference.audit_max_reject_log); |
ccs_default_profile.preference.audit_max_reject_log, |
522 |
#endif |
#endif |
523 |
|
ccs_yesno(ccs_default_profile.preference. |
524 |
|
audit_task_info), |
525 |
|
ccs_yesno(ccs_default_profile.preference. |
526 |
|
audit_path_info)); |
527 |
ccs_io_printf(head, "PREFERENCE::learning={ verbose=%s max_entry=%u " |
ccs_io_printf(head, "PREFERENCE::learning={ verbose=%s max_entry=%u " |
528 |
"exec.realpath=%s exec.argv0=%s symlink.target=%s }\n", |
"exec.realpath=%s exec.argv0=%s symlink.target=%s }\n", |
529 |
ccs_yesno(ccs_default_profile.preference. |
ccs_yesno(ccs_default_profile.preference. |
601 |
goto out; |
goto out; |
602 |
#endif |
#endif |
603 |
} |
} |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
|
604 |
if (profile->audit != &ccs_default_profile.preference && |
if (profile->audit != &ccs_default_profile.preference && |
605 |
!ccs_io_printf(head, "%u-PREFERENCE::audit={ " |
!ccs_io_printf(head, "%u-PREFERENCE::audit={ " |
606 |
"max_grant_log=%u max_reject_log=%u }\n", |
#ifdef CONFIG_CCSECURITY_AUDIT |
607 |
index, |
"max_grant_log=%u max_reject_log=%u " |
608 |
|
#endif |
609 |
|
"task_info=%s path_info=%s }\n", index, |
610 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
611 |
profile->preference.audit_max_grant_log, |
profile->preference.audit_max_grant_log, |
612 |
profile->preference.audit_max_reject_log)) |
profile->preference.audit_max_reject_log, |
|
goto out; |
|
613 |
#endif |
#endif |
614 |
|
ccs_yesno(profile->preference. |
615 |
|
audit_task_info), |
616 |
|
ccs_yesno(profile->preference. |
617 |
|
audit_path_info))) |
618 |
|
goto out; |
619 |
if (profile->learning != &ccs_default_profile.preference && |
if (profile->learning != &ccs_default_profile.preference && |
620 |
!ccs_io_printf(head, "%u-PREFERENCE::learning={ " |
!ccs_io_printf(head, "%u-PREFERENCE::learning={ " |
621 |
"verbose=%s max_entry=%u exec.realpath=%s " |
"verbose=%s max_entry=%u exec.realpath=%s " |
904 |
return ccs_write_env_policy(data, domain, cond, is_delete); |
return ccs_write_env_policy(data, domain, cond, is_delete); |
905 |
if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_MOUNT)) |
if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_MOUNT)) |
906 |
return ccs_write_mount_policy(data, domain, cond, is_delete); |
return ccs_write_mount_policy(data, domain, cond, is_delete); |
|
if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_UNMOUNT)) |
|
|
return ccs_write_umount_policy(data, domain, cond, is_delete); |
|
|
if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_CHROOT)) |
|
|
return ccs_write_chroot_policy(data, domain, cond, is_delete); |
|
|
if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_PIVOT_ROOT)) |
|
|
return ccs_write_pivot_root_policy(data, domain, cond, |
|
|
is_delete); |
|
907 |
return ccs_write_file_policy(data, domain, cond, is_delete); |
return ccs_write_file_policy(data, domain, cond, is_delete); |
908 |
} |
} |
909 |
|
|
949 |
|
|
950 |
if (sscanf(data, CCS_KEYWORD_USE_PROFILE "%u", &profile) == 1 |
if (sscanf(data, CCS_KEYWORD_USE_PROFILE "%u", &profile) == 1 |
951 |
&& profile < CCS_MAX_PROFILES) { |
&& profile < CCS_MAX_PROFILES) { |
952 |
if (ccs_profile(profile)) |
if (!ccs_policy_loaded || ccs_profile_ptr[(u8) profile]) |
953 |
domain->profile = (u8) profile; |
domain->profile = (u8) profile; |
954 |
return 0; |
return 0; |
955 |
} |
} |
1202 |
} |
} |
1203 |
|
|
1204 |
/** |
/** |
1205 |
* ccs_print_path_acl - Print a single path ACL entry. |
* ccs_print_path_acl - Print a path ACL entry. |
1206 |
* |
* |
1207 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
1208 |
* @ptr: Pointer to "struct ccs_path_acl". |
* @ptr: Pointer to "struct ccs_path_acl". |
1553 |
} |
} |
1554 |
|
|
1555 |
/** |
/** |
|
* ccs_print_umount_acl - Print a mount ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to "struct ccs_umount_acl". |
|
|
* @cond: Pointer to "struct ccs_condition". May be NULL. |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_umount_acl(struct ccs_io_buffer *head, |
|
|
struct ccs_umount_acl *ptr, |
|
|
const struct ccs_condition *cond) |
|
|
{ |
|
|
const int pos = head->read_avail; |
|
|
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_UNMOUNT) || |
|
|
!ccs_print_name_union(head, &ptr->dir) || |
|
|
!ccs_print_condition(head, cond)) { |
|
|
head->read_avail = pos; |
|
|
return false; |
|
|
} |
|
|
return true; |
|
|
} |
|
|
|
|
|
/** |
|
|
* ccs_print_chroot_acl - Print a chroot ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to "struct ccs_chroot_acl". |
|
|
* @cond: Pointer to "struct ccs_condition". May be NULL. |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_chroot_acl(struct ccs_io_buffer *head, |
|
|
struct ccs_chroot_acl *ptr, |
|
|
const struct ccs_condition *cond) |
|
|
{ |
|
|
const int pos = head->read_avail; |
|
|
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_CHROOT) || |
|
|
!ccs_print_name_union(head, &ptr->dir) || |
|
|
!ccs_print_condition(head, cond)) { |
|
|
head->read_avail = pos; |
|
|
return false; |
|
|
} |
|
|
return true; |
|
|
} |
|
|
|
|
|
/** |
|
|
* ccs_print_pivot_root_acl - Print a pivot_root ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to "struct ccs_pivot_root_acl". |
|
|
* @cond: Pointer to "struct ccs_condition". May be NULL. |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_pivot_root_acl(struct ccs_io_buffer *head, |
|
|
struct ccs_pivot_root_acl *ptr, |
|
|
const struct ccs_condition *cond) |
|
|
{ |
|
|
const int pos = head->read_avail; |
|
|
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_PIVOT_ROOT) || |
|
|
!ccs_print_name_union(head, &ptr->new_root) || |
|
|
!ccs_print_name_union(head, &ptr->old_root) || |
|
|
!ccs_print_condition(head, cond)) { |
|
|
head->read_avail = pos; |
|
|
return false; |
|
|
} |
|
|
return true; |
|
|
} |
|
|
|
|
|
/** |
|
1556 |
* ccs_print_entry - Print an ACL entry. |
* ccs_print_entry - Print an ACL entry. |
1557 |
* |
* |
1558 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
1569 |
return true; |
return true; |
1570 |
if (acl_type == CCS_TYPE_PATH_ACL) { |
if (acl_type == CCS_TYPE_PATH_ACL) { |
1571 |
struct ccs_path_acl *acl |
struct ccs_path_acl *acl |
1572 |
= container_of(ptr, struct ccs_path_acl, |
= container_of(ptr, struct ccs_path_acl, head); |
|
head); |
|
1573 |
return ccs_print_path_acl(head, acl, cond); |
return ccs_print_path_acl(head, acl, cond); |
1574 |
} |
} |
1575 |
if (acl_type == CCS_TYPE_EXECUTE_HANDLER) { |
if (acl_type == CCS_TYPE_EXECUTE_HANDLER) { |
1595 |
} |
} |
1596 |
if (acl_type == CCS_TYPE_PATH2_ACL) { |
if (acl_type == CCS_TYPE_PATH2_ACL) { |
1597 |
struct ccs_path2_acl *acl |
struct ccs_path2_acl *acl |
1598 |
= container_of(ptr, struct ccs_path2_acl, |
= container_of(ptr, struct ccs_path2_acl, head); |
|
head); |
|
1599 |
return ccs_print_path2_acl(head, acl, cond); |
return ccs_print_path2_acl(head, acl, cond); |
1600 |
} |
} |
1601 |
if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) { |
if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) { |
1602 |
struct ccs_path_number_acl *acl |
struct ccs_path_number_acl *acl |
1603 |
= container_of(ptr, struct ccs_path_number_acl, |
= container_of(ptr, struct ccs_path_number_acl, head); |
|
head); |
|
1604 |
return ccs_print_path_number_acl(head, acl, cond); |
return ccs_print_path_number_acl(head, acl, cond); |
1605 |
} |
} |
1606 |
if (acl_type == CCS_TYPE_ENV_ACL) { |
if (acl_type == CCS_TYPE_ENV_ACL) { |
1610 |
} |
} |
1611 |
if (acl_type == CCS_TYPE_CAPABILITY_ACL) { |
if (acl_type == CCS_TYPE_CAPABILITY_ACL) { |
1612 |
struct ccs_capability_acl *acl |
struct ccs_capability_acl *acl |
1613 |
= container_of(ptr, struct ccs_capability_acl, |
= container_of(ptr, struct ccs_capability_acl, head); |
|
head); |
|
1614 |
return ccs_print_capability_acl(head, acl, cond); |
return ccs_print_capability_acl(head, acl, cond); |
1615 |
} |
} |
1616 |
if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
1617 |
struct ccs_ip_network_acl *acl |
struct ccs_ip_network_acl *acl |
1618 |
= container_of(ptr, struct ccs_ip_network_acl, |
= container_of(ptr, struct ccs_ip_network_acl, head); |
|
head); |
|
1619 |
return ccs_print_network_acl(head, acl, cond); |
return ccs_print_network_acl(head, acl, cond); |
1620 |
} |
} |
1621 |
if (acl_type == CCS_TYPE_SIGNAL_ACL) { |
if (acl_type == CCS_TYPE_SIGNAL_ACL) { |
1628 |
= container_of(ptr, struct ccs_mount_acl, head); |
= container_of(ptr, struct ccs_mount_acl, head); |
1629 |
return ccs_print_mount_acl(head, acl, cond); |
return ccs_print_mount_acl(head, acl, cond); |
1630 |
} |
} |
|
if (acl_type == CCS_TYPE_UMOUNT_ACL) { |
|
|
struct ccs_umount_acl *acl |
|
|
= container_of(ptr, struct ccs_umount_acl, head); |
|
|
return ccs_print_umount_acl(head, acl, cond); |
|
|
} |
|
|
if (acl_type == CCS_TYPE_CHROOT_ACL) { |
|
|
struct ccs_chroot_acl *acl |
|
|
= container_of(ptr, struct ccs_chroot_acl, head); |
|
|
return ccs_print_chroot_acl(head, acl, cond); |
|
|
} |
|
|
if (acl_type == CCS_TYPE_PIVOT_ROOT_ACL) { |
|
|
struct ccs_pivot_root_acl *acl |
|
|
= container_of(ptr, struct ccs_pivot_root_acl, |
|
|
head); |
|
|
return ccs_print_pivot_root_acl(head, acl, cond); |
|
|
} |
|
1631 |
BUG(); /* This must not happen. */ |
BUG(); /* This must not happen. */ |
1632 |
return false; |
return false; |
1633 |
} |
} |
1726 |
if (profile >= CCS_MAX_PROFILES) |
if (profile >= CCS_MAX_PROFILES) |
1727 |
return -EINVAL; |
return -EINVAL; |
1728 |
domain = ccs_find_domain(cp + 1); |
domain = ccs_find_domain(cp + 1); |
1729 |
if (domain && ccs_profile(profile)) |
if (domain && (!ccs_policy_loaded || ccs_profile_ptr[(u8) profile])) |
1730 |
domain->profile = (u8) profile; |
domain->profile = (u8) profile; |
1731 |
return 0; |
return 0; |
1732 |
} |
} |
2411 |
{ |
{ |
2412 |
if (head->read_eof) |
if (head->read_eof) |
2413 |
return; |
return; |
2414 |
ccs_io_printf(head, "1.7.0-rc"); |
ccs_io_printf(head, "1.7.1-pre"); |
2415 |
head->read_eof = true; |
head->read_eof = true; |
2416 |
} |
} |
2417 |
|
|
2569 |
* Waits for read readiness. |
* Waits for read readiness. |
2570 |
* /proc/ccs/query is handled by /usr/sbin/ccs-queryd and |
* /proc/ccs/query is handled by /usr/sbin/ccs-queryd and |
2571 |
* /proc/ccs/grant_log and /proc/ccs/reject_log are handled by |
* /proc/ccs/grant_log and /proc/ccs/reject_log are handled by |
2572 |
* /usr/sbin/ccs-auditd. |
* /usr/sbin/ccs-auditd . |
2573 |
*/ |
*/ |
2574 |
int ccs_poll_control(struct file *file, poll_table *wait) |
int ccs_poll_control(struct file *file, poll_table *wait) |
2575 |
{ |
{ |