linux/security
Tetsuo Handa 6bce98edc3 TOMOYO: Allow specifying domain transition preference.
I got an opinion that it is difficult to use exception policy's domain
transition control directives because they need to match the pathname specified
to "file execute" directives. For example, if "file execute /bin/\*\-ls\-cat"
is given, corresponding domain transition control directive needs to be like
"no_keep_domain /bin/\*\-ls\-cat from any".

If we can specify like below, it will become more convenient.

  file execute /bin/ls keep exec.realpath="/bin/ls" exec.argv[0]="ls"
  file execute /bin/cat keep exec.realpath="/bin/cat" exec.argv[0]="cat"
  file execute /bin/\*\-ls\-cat child
  file execute /usr/sbin/httpd <apache> exec.realpath="/usr/sbin/httpd" exec.argv[0]="/usr/sbin/httpd"

In above examples, "keep" works as if keep_domain is specified, "child" works
as if "no_reset_domain" and "no_initialize_domain" and "no_keep_domain" are
specified, "<apache>" causes domain transition to <apache> domain upon
successful execve() operation.

Moreover, we can also allow transition to different domains based on conditions
like below example.

  <kernel> /usr/sbin/sshd
  file execute /bin/bash <kernel> /usr/sbin/sshd //batch-session exec.argc=2 exec.argv[1]="-c"
  file execute /bin/bash <kernel> /usr/sbin/sshd //root-session task.uid=0
  file execute /bin/bash <kernel> /usr/sbin/sshd //nonroot-session task.uid!=0

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
2011-09-19 10:09:59 +10:00
..
apparmor apparmor: sparse fix: include procattr.h in procattr.c 2011-09-09 16:56:29 -07:00
integrity evm: clean verification status 2011-09-14 15:24:52 -04:00
keys encrypted-keys: IS_ERR need include/err.h 2011-09-15 17:37:24 -04:00
selinux selinux: sparse fix: fix several warnings in the security server code 2011-09-09 16:56:32 -07:00
smack doc: Update the email address for Paul Moore in various source files 2011-08-01 17:58:33 -07:00
tomoyo TOMOYO: Allow specifying domain transition preference. 2011-09-19 10:09:59 +10:00
capability.c ->permission() sanitizing: don't pass flags to ->inode_permission() 2011-07-20 01:43:26 -04:00
commoncap.c capabilities: initialize has_cap 2011-08-16 09:20:45 +10:00
device_cgroup.c security,rcu: Convert call_rcu(whitelist_item_free) to kfree_rcu() 2011-07-20 11:05:30 -07:00
inode.c
Kconfig encrypted-keys: remove trusted-keys dependency 2011-09-14 15:23:49 -04:00
lsm_audit.c
Makefile integrity: move ima inode integrity data management 2011-07-18 12:29:38 -04:00
min_addr.c
security.c evm: fix security/security_old_init_security return code 2011-09-14 15:24:50 -04:00