Merge branch 'next-tomoyo2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull tomoyo updates from James Morris:
 "Fixes to enable fuzz testing, and a fix for calculating whether a
  filesystem is user-modifiable"

* 'next-tomoyo2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  tomoyo: Don't emit WARNING: string while fuzzing testing.
  tomoyo: Change pathname calculation for read-only filesystems.
  tomoyo: Check address length before reading address family
  tomoyo: Add a kernel config option for fuzzing testing.
This commit is contained in:
Linus Torvalds 2019-05-11 10:38:59 -04:00
commit c367dc8d0d
5 changed files with 30 additions and 2 deletions

View File

@ -74,3 +74,13 @@ config SECURITY_TOMOYO_ACTIVATION_TRIGGER
You can override this setting via TOMOYO_trigger= kernel command line
option. For example, if you pass init=/bin/systemd option, you may
want to also pass TOMOYO_trigger=/bin/systemd option.
config SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
bool "Use insecure built-in settings for fuzzing tests."
default n
depends on SECURITY_TOMOYO
select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
help
Enabling this option forces minimal built-in policy and disables
domain/program checks for run-time policy modifications. Please enable
this option only if this kernel is built for doing fuzzing tests.

View File

@ -940,7 +940,7 @@ static bool tomoyo_manager(void)
const char *exe;
const struct task_struct *task = current;
const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
bool found = false;
bool found = IS_ENABLED(CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING);
if (!tomoyo_policy_loaded)
return true;
@ -2810,6 +2810,16 @@ void tomoyo_check_profile(void)
*/
void __init tomoyo_load_builtin_policy(void)
{
#ifdef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
static char tomoyo_builtin_profile[] __initdata =
"PROFILE_VERSION=20150505\n"
"0-CONFIG={ mode=learning grant_log=no reject_log=yes }\n";
static char tomoyo_builtin_exception_policy[] __initdata =
"aggregator proc:/self/exe /proc/self/exe\n";
static char tomoyo_builtin_domain_policy[] __initdata = "";
static char tomoyo_builtin_manager[] __initdata = "";
static char tomoyo_builtin_stat[] __initdata = "";
#else
/*
* This include file is manually created and contains built-in policy
* named "tomoyo_builtin_profile", "tomoyo_builtin_exception_policy",
@ -2817,6 +2827,7 @@ void __init tomoyo_load_builtin_policy(void)
* "tomoyo_builtin_stat" in the form of "static char [] __initdata".
*/
#include "builtin-policy.h"
#endif
u8 i;
const int idx = tomoyo_read_lock();

View File

@ -505,6 +505,8 @@ static int tomoyo_check_inet_address(const struct sockaddr *addr,
{
struct tomoyo_inet_addr_info *i = &address->inet;
if (addr_len < offsetofend(struct sockaddr, sa_family))
return 0;
switch (addr->sa_family) {
case AF_INET6:
if (addr_len < SIN6_LEN_RFC2133)
@ -594,6 +596,8 @@ static int tomoyo_check_unix_address(struct sockaddr *addr,
{
struct tomoyo_unix_addr_info *u = &address->unix0;
if (addr_len < offsetofend(struct sockaddr, sa_family))
return 0;
if (addr->sa_family != AF_UNIX)
return 0;
u->addr = ((struct sockaddr_un *) addr)->sun_path;

View File

@ -295,7 +295,8 @@ char *tomoyo_realpath_from_path(const struct path *path)
* or dentry without vfsmount.
*/
if (!path->mnt ||
(!inode->i_op->rename))
(!inode->i_op->rename &&
!(sb->s_type->fs_flags & FS_REQUIRES_DEV)))
pos = tomoyo_get_local_path(path->dentry, buf,
buf_len - 1);
/* Get absolute name for the rest. */

View File

@ -1076,8 +1076,10 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true;
/* r->granted = false; */
tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
#ifndef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n",
domain->domainname->name);
#endif
}
return false;
}