~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/tomoyo/environ.c

Version: ~ [ linux-6.11-rc3 ] ~ [ linux-6.10.4 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.45 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.104 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.164 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.223 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.281 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.319 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 // SPDX-License-Identifier: GPL-2.0
  2 /*
  3  * security/tomoyo/environ.c
  4  *
  5  * Copyright (C) 2005-2011  NTT DATA CORPORATION
  6  */
  7 
  8 #include "common.h"
  9 
 10 /**
 11  * tomoyo_check_env_acl - Check permission for environment variable's name.
 12  *
 13  * @r:   Pointer to "struct tomoyo_request_info".
 14  * @ptr: Pointer to "struct tomoyo_acl_info".
 15  *
 16  * Returns true if granted, false otherwise.
 17  */
 18 static bool tomoyo_check_env_acl(struct tomoyo_request_info *r,
 19                                  const struct tomoyo_acl_info *ptr)
 20 {
 21         const struct tomoyo_env_acl *acl =
 22                 container_of(ptr, typeof(*acl), head);
 23 
 24         return tomoyo_path_matches_pattern(r->param.environ.name, acl->env);
 25 }
 26 
 27 /**
 28  * tomoyo_audit_env_log - Audit environment variable name log.
 29  *
 30  * @r: Pointer to "struct tomoyo_request_info".
 31  *
 32  * Returns 0 on success, negative value otherwise.
 33  */
 34 static int tomoyo_audit_env_log(struct tomoyo_request_info *r)
 35 {
 36         return tomoyo_supervisor(r, "misc env %s\n",
 37                                  r->param.environ.name->name);
 38 }
 39 
 40 /**
 41  * tomoyo_env_perm - Check permission for environment variable's name.
 42  *
 43  * @r:   Pointer to "struct tomoyo_request_info".
 44  * @env: The name of environment variable.
 45  *
 46  * Returns 0 on success, negative value otherwise.
 47  *
 48  * Caller holds tomoyo_read_lock().
 49  */
 50 int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env)
 51 {
 52         struct tomoyo_path_info environ;
 53         int error;
 54 
 55         if (!env || !*env)
 56                 return 0;
 57         environ.name = env;
 58         tomoyo_fill_path_info(&environ);
 59         r->param_type = TOMOYO_TYPE_ENV_ACL;
 60         r->param.environ.name = &environ;
 61         do {
 62                 tomoyo_check_acl(r, tomoyo_check_env_acl);
 63                 error = tomoyo_audit_env_log(r);
 64         } while (error == TOMOYO_RETRY_REQUEST);
 65         return error;
 66 }
 67 
 68 /**
 69  * tomoyo_same_env_acl - Check for duplicated "struct tomoyo_env_acl" entry.
 70  *
 71  * @a: Pointer to "struct tomoyo_acl_info".
 72  * @b: Pointer to "struct tomoyo_acl_info".
 73  *
 74  * Returns true if @a == @b, false otherwise.
 75  */
 76 static bool tomoyo_same_env_acl(const struct tomoyo_acl_info *a,
 77                                 const struct tomoyo_acl_info *b)
 78 {
 79         const struct tomoyo_env_acl *p1 = container_of(a, typeof(*p1), head);
 80         const struct tomoyo_env_acl *p2 = container_of(b, typeof(*p2), head);
 81 
 82         return p1->env == p2->env;
 83 }
 84 
 85 /**
 86  * tomoyo_write_env - Write "struct tomoyo_env_acl" list.
 87  *
 88  * @param: Pointer to "struct tomoyo_acl_param".
 89  *
 90  * Returns 0 on success, negative value otherwise.
 91  *
 92  * Caller holds tomoyo_read_lock().
 93  */
 94 static int tomoyo_write_env(struct tomoyo_acl_param *param)
 95 {
 96         struct tomoyo_env_acl e = { .head.type = TOMOYO_TYPE_ENV_ACL };
 97         int error = -ENOMEM;
 98         const char *data = tomoyo_read_token(param);
 99 
100         if (!tomoyo_correct_word(data) || strchr(data, '='))
101                 return -EINVAL;
102         e.env = tomoyo_get_name(data);
103         if (!e.env)
104                 return error;
105         error = tomoyo_update_domain(&e.head, sizeof(e), param,
106                                   tomoyo_same_env_acl, NULL);
107         tomoyo_put_name(e.env);
108         return error;
109 }
110 
111 /**
112  * tomoyo_write_misc - Update environment variable list.
113  *
114  * @param: Pointer to "struct tomoyo_acl_param".
115  *
116  * Returns 0 on success, negative value otherwise.
117  */
118 int tomoyo_write_misc(struct tomoyo_acl_param *param)
119 {
120         if (tomoyo_str_starts(&param->data, "env "))
121                 return tomoyo_write_env(param);
122         return -EINVAL;
123 }
124
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php