Re: [TOMOYO 14/15] Conditional permission support.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

2007/8/25, Pavel Machek <[email protected]>:
> Hi!
>
> > This patch allows administrators use conditional permission.
> > TOMOYO Linux supports conditional permission based on
> > process's UID,GID etc. and/or requested pathname's UID/GID.
> >
> > Signed-off-by: Kentaro Takeda <[email protected]>
> > Signed-off-by: Tetsuo Handa <[email protected]>
>
> > + * Since the trailing spaces are removed by tmy_normalize_line(),
> > + * the last "\040if\040" sequence corresponds to condition part.
> > + */
> > +char *tmy_find_condition_part(char *data)
> > +{
> > +     char *cp = strstr(data, " if ");
> > +     if (cp) {
> > +             char *cp2;
> > +             while ((cp2 = strstr(cp + 3, " if ")) != NULL)
> > +                     cp = cp2;
> > +             *cp++ = '\0';
> > +     }
> > +     return cp;
> > +}
> ...
>
> > +     unsigned long left_min = 0;
> > +     unsigned long left_max = 0;
> > +     unsigned long right_min = 0;
> > +     unsigned long right_max = 0;
> > +     if (strncmp(condition, "if ", 3))
> > +             return NULL;
> > +     condition += 3;
> > +     start = condition;
> > +     while (*condition) {
> > +             if (*condition == ' ')
> > +                     condition++;
> > +             for (left = 0; left < MAX_KEYWORD; left++) {
> > +                     if (strncmp(condition, cc_keyword[left].keyword,
> > +                                 cc_keyword[left].keyword_len))
> > +                             continue;
> > +                     condition += cc_keyword[left].keyword_len;
> > +                     break;
> > +             }
> > +             if (left == MAX_KEYWORD) {
> > +                     if (!tmy_parse_ulong(&left_min, &condition))
> > +                             goto out;
> > +                     counter++; /* body */
> > +                     if (*condition != '-')
> > +                             goto not_range1;
> > +                     condition++;
> > +                     if (!tmy_parse_ulong(&left_max, &condition)
> > +                         || left_min > left_max)
> > +                             goto out;
> > +                     counter++; /* body */
> > +not_range1: ;
> > +             }
> > +             if (strncmp(condition, "!=", 2) == 0)
> > +                     condition += 2;
> > +             else if (*condition == '=')
> > +                     condition++;
> > +             else
> > +                     goto out;
> > +             counter++; /* header */
> > +             for (right = 0; right < MAX_KEYWORD; right++) {
> > +                     if (strncmp(condition, cc_keyword[right].keyword,
> > +                                 cc_keyword[right].keyword_len))
> > +                             continue;
> > +                     condition += cc_keyword[right].keyword_len;
> > +                     break;
> > +             }
>
> What is that? Language parser in kernel?
>
>                                                         Pavel

Key idea of TOMOYO Linux is to let each process to remember the program
(path) name. Names are stored in task struct and "appended" to the list when
execve is called.

An example of /usr/lib/cups/backend/lpd.
(picked up from
http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/centos4.4/domain_policy.txt?v=policy-sample)

/etc/rc.d/init.d/cups (fork&exec)
 /sbin/initlog (fork&exec)
   /usr/sbin/cupsd (fork&exec)
     /bin/bash (fork&exec)
       /usr/lib/cups/backend/lpd (current process)

SELinux and other DTE implementations need domain definitions to  work.
It is administrators task to design domains and name each domains.
TOMOYO Linux can be used as DTE MAC, but administrators don't
have to define and name domains. Because TOMOYO Linux
automatically defines domains and name them (from booting to
shutdown).

I wrote "TOMOYO Linux can be used as MAC", because
users can just view the domain transitions and analyze systems
with TOMOYO Linux. Or they can use TOMOYO Linux to
get logs with process invocation histories instead of a simple
program name.

TOMOYO Linux policy consists of path names and they are currently
handled as strings.

Thanks.

--
Toshiharu Harada
NTT DATA CORPORATION
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux