Re: [TOMOYO 14/15] Conditional permission support.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Pavel Machek <pavel@...>

Cc: Kentaro Takeda <k.takeda26@...>, <linux-kernel@...>, <linux-security-module@...>, <chrisw@...>

Subject: Re: [TOMOYO 14/15] Conditional permission support.

Date: Saturday, August 25, 2007 - 6:46 pm

Hi,

2007/8/25, Pavel Machek <pavel@ucw.cz>:
quoted text> Hi!
>
> > This patch allows administrators use conditional permission.
> > TOMOYO Linux supports conditional permission based on
> > process's UID,GID etc. and/or requested pathname's UID/GID.
> >
> > Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
> > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
>
> > + * Since the trailing spaces are removed by tmy_normalize_line(),
> > + * the last "0if0" sequence corresponds to condition part.
> > + */
> > +char *tmy_find_condition_part(char *data)
> > +{
> > +     char *cp = strstr(data, " if ");
> > +     if (cp) {
> > +             char *cp2;
> > +             while ((cp2 = strstr(cp + 3, " if ")) != NULL)
> > +                     cp = cp2;
> > +             *cp++ = '__PLACEHOLDER__0_';
> > +     }
> > +     return cp;
> > +}
> ...
>
> > +     unsigned long left_min = 0;
> > +     unsigned long left_max = 0;
> > +     unsigned long right_min = 0;
> > +     unsigned long right_max = 0;
> > +     if (strncmp(condition, "if ", 3))
> > +             return NULL;
> > +     condition += 3;
> > +     start = condition;
> > +     while (*condition) {
> > +             if (*condition == ' ')
> > +                     condition++;
> > +             for (left = 0; left < MAX_KEYWORD; left++) {
> > +                     if (strncmp(condition, cc_keyword[left].keyword,
> > +                                 cc_keyword[left].keyword_len))
> > +                             continue;
> > +                     condition += cc_keyword[left].keyword_len;
> > +                     break;
> > +             }
> > +             if (left == MAX_KEYWORD) {
> > +                     if (!tmy_parse_ulong(&left_min, &condition))
> > +                             goto out;
> > +                     counter++; /* body */
> > +                     if (*condition != '-')
> > +                             goto not_range1;
> > +                     condition++;
> > +                     if (!tmy_parse_ulong(&left_max, &condition)
> > +                         || left_min > left_max)
> > +                             goto out;
> > +                     counter++; /* body */
> > +not_range1: ;
> > +             }
> > +             if (strncmp(condition, "!=", 2) == 0)
> > +                     condition += 2;
> > +             else if (*condition == '=')
> > +                     condition++;
> > +             else
> > +                     goto out;
> > +             counter++; /* header */
> > +             for (right = 0; right < MAX_KEYWORD; right++) {
> > +                     if (strncmp(condition, cc_keyword[right].keyword,
> > +                                 cc_keyword[right].keyword_len))
> > +                             continue;
> > +                     condition += cc_keyword[right].keyword_len;
> > +                     break;
> > +             }
>
> What is that? Language parser in kernel?
>
>                                                         Pavel

Key idea of TOMOYO Linux is to let each process to remember the program
(path) name. Names are stored in task struct and "appended" to the list when
execve is called.

An example of /usr/lib/cups/backend/lpd.
(picked up from
http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/centos4.4/domain_policy.txt?v=policy-s...)

/etc/rc.d/init.d/cups (fork&exec)
 /sbin/initlog (fork&exec)
   /usr/sbin/cupsd (fork&exec)
     /bin/bash (fork&exec)
       /usr/lib/cups/backend/lpd (current process)

SELinux and other DTE implementations need domain definitions to  work.
It is administrators task to design domains and name each domains.
TOMOYO Linux can be used as DTE MAC, but administrators don't
have to define and name domains. Because TOMOYO Linux
automatically defines domains and name them (from booting to
shutdown).

I wrote "TOMOYO Linux can be used as MAC", because
users can just view the domain transitions and analyze systems
with TOMOYO Linux. Or they can use TOMOYO Linux to
get logs with process invocation histories instead of a simple
program name.

TOMOYO Linux policy consists of path names and they are currently
handled as strings.

Thanks.

--
Toshiharu Harada
NTT DATA CORPORATION
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[TOMOYO 00/15] TOMOYO Linux - MAC based on process invocatio..., Kentaro Takeda, (Fri Aug 24, 8:41 am)

[TOMOYO 15/15] LSM expansion for TOMOYO Linux., Kentaro Takeda, (Fri Aug 24, 8:58 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Mon Aug 27, 10:49 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Tue Aug 28, 6:39 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Tue Aug 28, 9:21 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Mon Sep 3, 9:15 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Tue Sep 4, 7:53 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Tue Sep 4, 10:02 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Wed Sep 5, 10:06 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Thu Sep 6, 9:04 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Thu Sep 6, 11:25 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Kyle Moffett, (Tue Sep 4, 10:13 am)

[TOMOYO 14/15] Conditional permission support., Kentaro Takeda, (Fri Aug 24, 8:57 am)

Re: [TOMOYO 14/15] Conditional permission support., Pavel Machek, (Sat Aug 25, 7:08 am)

Re: [TOMOYO 14/15] Conditional permission support., Tetsuo Handa, (Sat Aug 25, 10:13 pm)

Re: [TOMOYO 14/15] Conditional permission support., Kyle Moffett, (Mon Aug 27, 8:11 am)

Re: [TOMOYO 14/15] Conditional permission support., Tetsuo Handa, (Tue Aug 28, 9:00 am)

Re: [TOMOYO 14/15] Conditional permission support., Toshiharu Harada, (Sat Aug 25, 6:46 pm)

[TOMOYO 13/15] LSM adapter for TOMOYO., Kentaro Takeda, (Fri Aug 24, 8:56 am)

[TOMOYO 12/15] Signal transmission control functions., Kentaro Takeda, (Fri Aug 24, 8:56 am)

[TOMOYO 11/15] Namespace manipulation control functions., Kentaro Takeda, (Fri Aug 24, 8:55 am)

[TOMOYO 10/15] Networking access control functions., Kentaro Takeda, (Fri Aug 24, 8:54 am)

[TOMOYO 09/15] Argv[0] access control functions., Kentaro Takeda, (Fri Aug 24, 8:53 am)

[TOMOYO 08/15] File access control functions., Kentaro Takeda, (Fri Aug 24, 8:53 am)

[TOMOYO 07/15] Auditing interface., Kentaro Takeda, (Fri Aug 24, 8:52 am)

[TOMOYO 06/15] Domain transition handler functions., Kentaro Takeda, (Fri Aug 24, 8:50 am)

[TOMOYO 05/15] Utility functions and /proc interface for pol..., Kentaro Takeda, (Fri Aug 24, 8:49 am)

[TOMOYO 04/15] Memory and pathname management functions., Kentaro Takeda, (Fri Aug 24, 8:48 am)

[TOMOYO 03/15] Data structures and prototypes definition., Kentaro Takeda, (Fri Aug 24, 8:46 am)

[TOMOYO 02/15] Kconfig and Makefile for TOMOYO Linux., Kentaro Takeda, (Fri Aug 24, 8:45 am)

Re: [TOMOYO 02/15] Kconfig and Makefile for TOMOYO Linux., Jiri Kosina, (Fri Aug 24, 8:50 am)

[TOMOYO 01/15] Allow use of namespace_sem from LSM module., Kentaro Takeda, (Fri Aug 24, 8:44 am)


linux-kernel:
Justin C. Sherrill	Re: pkgsrc bulk build and tiff
Linus Torvalds	Linux 2.6.27-rc5
Ingo Molnar	[crash, bisected] Kernel BUG at ffffffff8079afb1 (__netif_schedule())
Greg KH	[GIT PATCH] driver core patches against 2.6.24
git:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	[GIT]: Networking
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Evgeniy Polyakov	Re: tbench wrt. loopback TSO
openbsd-misc:

Re: [TOMOYO 14/15] Conditional permission support.

Online users