1. 13 Sep, 2011 2 commits
    • Tetsuo Handa's avatar
      TOMOYO: Add socket operation restriction support. · 059d84db
      Tetsuo Handa authored
      
      
      This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX
      socket's bind()/listen()/connect()/send() operations.
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      059d84db
    • Tetsuo Handa's avatar
      TOMOYO: Add environment variable name restriction support. · d58e0da8
      Tetsuo Handa authored
      
      
      This patch adds support for checking environment variable's names.
      Although TOMOYO already provides ability to check argv[]/envp[] passed to
      execve() requests,
      
        file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="bar"
      
      will reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not
      defined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,
      administrators have to specify like
      
        file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="/system/lib"
        file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]=NULL
      
      . Since there are many environment variables whereas conditional checks are
      applied as "&&", it is difficult to cover all combinations. Therefore, this
      patch supports conditional checks that are applied as "||", by specifying like
      
        file execute /bin/sh
        misc env LD_LIBRARY_PATH exec.envp["LD_LIBRARY_PATH"]="/system/lib"
      
      which means "grant execution of /bin/sh if environment variable is not defined
      or is defined and its value is /system/lib".
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      d58e0da8
  2. 09 Sep, 2011 1 commit
  3. 16 Aug, 2011 1 commit
  4. 20 Jul, 2011 1 commit
  5. 14 Jul, 2011 1 commit
  6. 11 Jul, 2011 5 commits
  7. 07 Jul, 2011 1 commit
  8. 30 Jun, 2011 3 commits
  9. 28 Jun, 2011 15 commits
  10. 14 Jun, 2011 1 commit
  11. 12 May, 2011 1 commit
  12. 20 Apr, 2011 1 commit
  13. 18 Apr, 2011 3 commits
  14. 31 Mar, 2011 1 commit
  15. 30 Mar, 2011 1 commit
  16. 02 Mar, 2011 1 commit
  17. 07 Jan, 2011 1 commit