From 5cdb35557d022f8dc51b532b5cd1a8e9ed7bcdb7 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Fri, 3 Apr 2009 05:08:03 -0700 Subject: sysctl security/keys: Remove dead binary sysctl support Now that sys_sysctl is a generic wrapper around /proc/sys .ctl_name and .strategy members of sysctl tables are dead code. Remove them. Cc: David Howells Signed-off-by: Eric W. Biederman --- security/keys/sysctl.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'security') diff --git a/security/keys/sysctl.c b/security/keys/sysctl.c index 5e05dc09e2d..3565e2fc10c 100644 --- a/security/keys/sysctl.c +++ b/security/keys/sysctl.c @@ -17,7 +17,6 @@ static const int zero, one = 1, max = INT_MAX; ctl_table key_sysctls[] = { { - .ctl_name = CTL_UNNUMBERED, .procname = "maxkeys", .data = &key_quota_maxkeys, .maxlen = sizeof(unsigned), @@ -27,7 +26,6 @@ ctl_table key_sysctls[] = { .extra2 = (void *) &max, }, { - .ctl_name = CTL_UNNUMBERED, .procname = "maxbytes", .data = &key_quota_maxbytes, .maxlen = sizeof(unsigned), @@ -37,7 +35,6 @@ ctl_table key_sysctls[] = { .extra2 = (void *) &max, }, { - .ctl_name = CTL_UNNUMBERED, .procname = "root_maxkeys", .data = &key_quota_root_maxkeys, .maxlen = sizeof(unsigned), @@ -47,7 +44,6 @@ ctl_table key_sysctls[] = { .extra2 = (void *) &max, }, { - .ctl_name = CTL_UNNUMBERED, .procname = "root_maxbytes", .data = &key_quota_root_maxbytes, .maxlen = sizeof(unsigned), @@ -57,7 +53,6 @@ ctl_table key_sysctls[] = { .extra2 = (void *) &max, }, { - .ctl_name = CTL_UNNUMBERED, .procname = "gc_delay", .data = &key_gc_delay, .maxlen = sizeof(unsigned), @@ -66,5 +61,5 @@ ctl_table key_sysctls[] = { .extra1 = (void *) &zero, .extra2 = (void *) &max, }, - { .ctl_name = 0 } + { } }; -- cgit v1.2.3 From 86b1bc68e2f4244e4ea5db5458df9d19259fbb30 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Mon, 9 Nov 2009 09:12:15 +0900 Subject: sysctl security/tomoyo: Don't look at ctl_name ctl_name field was removed. Always use procname field. Signed-off-by: Tetsuo Handa Signed-off-by: Eric W. Biederman --- security/tomoyo/tomoyo.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'security') diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 9548a0984cc..3f93bb91768 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -122,15 +122,7 @@ static char *tomoyo_sysctl_path(struct ctl_table *table) *--end = '\0'; buflen--; while (table) { - char num[32]; - const char *sp = table->procname; - - if (!sp) { - memset(num, 0, sizeof(num)); - snprintf(num, sizeof(num) - 1, "=%d=", table->ctl_name); - sp = num; - } - if (tomoyo_prepend(&end, &buflen, sp) || + if (tomoyo_prepend(&end, &buflen, table->procname) || tomoyo_prepend(&end, &buflen, "/")) goto out; table = table->parent; -- cgit v1.2.3 From 6d4561110a3e9fa742aeec6717248a491dfb1878 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 16 Nov 2009 03:11:48 -0800 Subject: sysctl: Drop & in front of every proc_handler. For consistency drop & in front of every proc_handler. Explicity taking the address is unnecessary and it prevents optimizations like stubbing the proc_handlers to NULL. Cc: Alexey Dobriyan Cc: Ingo Molnar Cc: Joe Perches Signed-off-by: Eric W. Biederman --- security/keys/sysctl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/keys/sysctl.c b/security/keys/sysctl.c index 3565e2fc10c..ee32d181764 100644 --- a/security/keys/sysctl.c +++ b/security/keys/sysctl.c @@ -21,7 +21,7 @@ ctl_table key_sysctls[] = { .data = &key_quota_maxkeys, .maxlen = sizeof(unsigned), .mode = 0644, - .proc_handler = &proc_dointvec_minmax, + .proc_handler = proc_dointvec_minmax, .extra1 = (void *) &one, .extra2 = (void *) &max, }, @@ -30,7 +30,7 @@ ctl_table key_sysctls[] = { .data = &key_quota_maxbytes, .maxlen = sizeof(unsigned), .mode = 0644, - .proc_handler = &proc_dointvec_minmax, + .proc_handler = proc_dointvec_minmax, .extra1 = (void *) &one, .extra2 = (void *) &max, }, @@ -39,7 +39,7 @@ ctl_table key_sysctls[] = { .data = &key_quota_root_maxkeys, .maxlen = sizeof(unsigned), .mode = 0644, - .proc_handler = &proc_dointvec_minmax, + .proc_handler = proc_dointvec_minmax, .extra1 = (void *) &one, .extra2 = (void *) &max, }, @@ -48,7 +48,7 @@ ctl_table key_sysctls[] = { .data = &key_quota_root_maxbytes, .maxlen = sizeof(unsigned), .mode = 0644, - .proc_handler = &proc_dointvec_minmax, + .proc_handler = proc_dointvec_minmax, .extra1 = (void *) &one, .extra2 = (void *) &max, }, @@ -57,7 +57,7 @@ ctl_table key_sysctls[] = { .data = &key_gc_delay, .maxlen = sizeof(unsigned), .mode = 0644, - .proc_handler = &proc_dointvec_minmax, + .proc_handler = proc_dointvec_minmax, .extra1 = (void *) &zero, .extra2 = (void *) &max, }, -- cgit v1.2.3 From a4054b6b20e9c2cca63715a319759bf8d37d82fc Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Fri, 20 Nov 2009 09:12:22 -0800 Subject: security/tomoyo: Add a special case to handle accesses through the internal proc mount. With the change of sys_sysctl going through the internal proc mount we no longer need to handle security_sysctl in tomoyo as we have valid pathnames for all sysctl accesses. There is one slight caveat to that in that all of the paths from the internal mount look like "/sys/net/ipv4/ip_local_port_range" instead of "/proc/sys/net/ipv4/ip_local_port_range" so tomoyo needs to add the "/proc" portion manually when resolving to full path names to get what it expects. This change teaches tomoyo perform that modification. Acked-by: Tetsuo Handa Acked-by: John Johansen Signed-off-by: Eric W. Biederman --- security/tomoyo/realpath.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'security') diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 5f2e3326337..0b55faab3b3 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -108,6 +108,15 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname, spin_unlock(&dcache_lock); path_put(&root); path_put(&ns_root); + /* Prepend "/proc" prefix if using internal proc vfs mount. */ + if (!IS_ERR(sp) && (path->mnt->mnt_parent == path->mnt) && + (strcmp(path->mnt->mnt_sb->s_type->name, "proc") == 0)) { + sp -= 5; + if (sp >= newname) + memcpy(sp, "/proc", 5); + else + sp = ERR_PTR(-ENOMEM); + } } if (IS_ERR(sp)) error = PTR_ERR(sp); -- cgit v1.2.3 From c656ae95d1c5c8ed5763356263ace2d03087efec Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Fri, 20 Nov 2009 09:24:19 -0800 Subject: security/tomoyo: Remove now unnecessary handling of security_sysctl. Now that sys_sysctl is an emulation on top of proc sys all sysctl operations look like normal filesystem operations and we don't need to use the special sysctl hook to authenticate them. Acked-by: Tetsuo Handa Signed-off-by: Eric W. Biederman --- security/tomoyo/file.c | 21 -------------- security/tomoyo/tomoyo.c | 72 ------------------------------------------------ security/tomoyo/tomoyo.h | 2 -- 3 files changed, 95 deletions(-) (limited to 'security') diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 5ae3a571559..8346938809b 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -1095,27 +1095,6 @@ static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info * return error; } -/** - * tomoyo_check_file_perm - Check permission for sysctl()'s "read" and "write". - * - * @domain: Pointer to "struct tomoyo_domain_info". - * @filename: Filename to check. - * @perm: Mode ("read" or "write" or "read/write"). - * Returns 0 on success, negative value otherwise. - */ -int tomoyo_check_file_perm(struct tomoyo_domain_info *domain, - const char *filename, const u8 perm) -{ - struct tomoyo_path_info name; - const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE); - - if (!mode) - return 0; - name.name = filename; - tomoyo_fill_path_info(&name); - return tomoyo_check_file_perm2(domain, &name, perm, "sysctl", mode); -} - /** * tomoyo_check_exec_perm - Check permission for "execute". * diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 3f93bb91768..8a00ade8516 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -85,75 +85,6 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1); } -#ifdef CONFIG_SYSCTL - -static int tomoyo_prepend(char **buffer, int *buflen, const char *str) -{ - int namelen = strlen(str); - - if (*buflen < namelen) - return -ENOMEM; - *buflen -= namelen; - *buffer -= namelen; - memcpy(*buffer, str, namelen); - return 0; -} - -/** - * tomoyo_sysctl_path - return the realpath of a ctl_table. - * @table: pointer to "struct ctl_table". - * - * Returns realpath(3) of the @table on success. - * Returns NULL on failure. - * - * This function uses tomoyo_alloc(), so the caller must call tomoyo_free() - * if this function didn't return NULL. - */ -static char *tomoyo_sysctl_path(struct ctl_table *table) -{ - int buflen = TOMOYO_MAX_PATHNAME_LEN; - char *buf = tomoyo_alloc(buflen); - char *end = buf + buflen; - int error = -ENOMEM; - - if (!buf) - return NULL; - - *--end = '\0'; - buflen--; - while (table) { - if (tomoyo_prepend(&end, &buflen, table->procname) || - tomoyo_prepend(&end, &buflen, "/")) - goto out; - table = table->parent; - } - if (tomoyo_prepend(&end, &buflen, "/proc/sys")) - goto out; - error = tomoyo_encode(buf, end - buf, end); - out: - if (!error) - return buf; - tomoyo_free(buf); - return NULL; -} - -static int tomoyo_sysctl(struct ctl_table *table, int op) -{ - int error; - char *name; - - op &= MAY_READ | MAY_WRITE; - if (!op) - return 0; - name = tomoyo_sysctl_path(table); - if (!name) - return -ENOMEM; - error = tomoyo_check_file_perm(tomoyo_domain(), name, op); - tomoyo_free(name); - return error; -} -#endif - static int tomoyo_path_truncate(struct path *path, loff_t length, unsigned int time_attrs) { @@ -274,9 +205,6 @@ static struct security_operations tomoyo_security_ops = { .cred_transfer = tomoyo_cred_transfer, .bprm_set_creds = tomoyo_bprm_set_creds, .bprm_check_security = tomoyo_bprm_check_security, -#ifdef CONFIG_SYSCTL - .sysctl = tomoyo_sysctl, -#endif .file_fcntl = tomoyo_file_fcntl, .dentry_open = tomoyo_dentry_open, .path_truncate = tomoyo_path_truncate, diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h index cd6ba0bf706..ed758325b1a 100644 --- a/security/tomoyo/tomoyo.h +++ b/security/tomoyo/tomoyo.h @@ -18,8 +18,6 @@ struct inode; struct linux_binprm; struct pt_regs; -int tomoyo_check_file_perm(struct tomoyo_domain_info *domain, - const char *filename, const u8 perm); int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, const struct tomoyo_path_info *filename); int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, -- cgit v1.2.3