1. 07 Apr, 2015 3 commits
  2. 14 Sep, 2011 1 commit
  3. 13 Sep, 2011 2 commits
    • Tetsuo Handa's avatar
      TOMOYO: Add socket operation restriction support. · 059d84db
      Tetsuo Handa authored
      This patch adds support for permission checks for PF_INET/PF_INET6/PF_UNIX
      socket's bind()/listen()/connect()/send() operations.
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      059d84db
    • Tetsuo Handa's avatar
      TOMOYO: Add environment variable name restriction support. · d58e0da8
      Tetsuo Handa authored
      This patch adds support for checking environment variable's names.
      Although TOMOYO already provides ability to check argv[]/envp[] passed to
      execve() requests,
      
        file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="bar"
      
      will reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not
      defined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,
      administrators have to specify like
      
        file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="/system/lib"
        file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]=NULL
      
      . Since there are many environment variables whereas conditional checks are
      applied as "&&", it is difficult to cover all combinations. Therefore, this
      patch supports conditional checks that are applied as "||", by specifying like
      
        file execute /bin/sh
        misc env LD_LIBRARY_PATH exec.envp["LD_LIBRARY_PATH"]="/system/lib"
      
      which means "grant execution of /bin/sh if environment variable is not defined
      or is defined and its value is /system/lib".
      Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      d58e0da8
  4. 11 Jul, 2011 1 commit
  5. 28 Jun, 2011 2 commits
  6. 02 Aug, 2010 4 commits
  7. 16 May, 2010 1 commit
  8. 14 Feb, 2010 1 commit
  9. 12 Feb, 2009 1 commit