• Tetsuo Handa's avatar
    TOMOYO: Add environment variable name restriction support. · d58e0da8
    Tetsuo Handa authored
    This patch adds support for checking environment variable's names.
    Although TOMOYO already provides ability to check argv[]/envp[] passed to
    execve() requests,
    
      file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="bar"
    
    will reject execution of /bin/sh if environment variable LD_LIBRARY_PATH is not
    defined. To grant execution of /bin/sh if LD_LIBRARY_PATH is not defined,
    administrators have to specify like
    
      file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]="/system/lib"
      file execute /bin/sh exec.envp["LD_LIBRARY_PATH"]=NULL
    
    . Since there are many environment variables whereas conditional checks are
    applied as "&&", it is difficult to cover all combinations. Therefore, this
    patch supports conditional checks that are applied as "||", by specifying like
    
      file execute /bin/sh
      misc env LD_LIBRARY_PATH exec.envp["LD_LIBRARY_PATH"]="/system/lib"
    
    which means "grant execution of /bin/sh if environment variable is not defined
    or is defined and its value is /system/lib".
    Signed-off-by: 's avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Signed-off-by: 's avatarJames Morris <jmorris@namei.org>
    d58e0da8