Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/security/tomoyo/environ.c
26378 views
1
// SPDX-License-Identifier: GPL-2.0

2
/*

3
 * security/tomoyo/environ.c

4
 *

5
 * Copyright (C) 2005-2011  NTT DATA CORPORATION

6
 */

7


8
#include "common.h"

9


10
/**

11
 * tomoyo_check_env_acl - Check permission for environment variable's name.

12
 *

13
 * @r:   Pointer to "struct tomoyo_request_info".

14
 * @ptr: Pointer to "struct tomoyo_acl_info".

15
 *

16
 * Returns true if granted, false otherwise.

17
 */

18
static bool tomoyo_check_env_acl(struct tomoyo_request_info *r,

19
				 const struct tomoyo_acl_info *ptr)

20
{

21
	const struct tomoyo_env_acl *acl =

22
		container_of(ptr, typeof(*acl), head);

23


24
	return tomoyo_path_matches_pattern(r->param.environ.name, acl->env);

25
}

26


27
/**

28
 * tomoyo_audit_env_log - Audit environment variable name log.

29
 *

30
 * @r: Pointer to "struct tomoyo_request_info".

31
 *

32
 * Returns 0 on success, negative value otherwise.

33
 */

34
static int tomoyo_audit_env_log(struct tomoyo_request_info *r)

35
{

36
	return tomoyo_supervisor(r, "misc env %s\n",

37
				 r->param.environ.name->name);

38
}

39


40
/**

41
 * tomoyo_env_perm - Check permission for environment variable's name.

42
 *

43
 * @r:   Pointer to "struct tomoyo_request_info".

44
 * @env: The name of environment variable.

45
 *

46
 * Returns 0 on success, negative value otherwise.

47
 *

48
 * Caller holds tomoyo_read_lock().

49
 */

50
int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env)

51
{

52
	struct tomoyo_path_info environ;

53
	int error;

54


55
	if (!env || !*env)

56
		return 0;

57
	environ.name = env;

58
	tomoyo_fill_path_info(&environ);

59
	r->param_type = TOMOYO_TYPE_ENV_ACL;

60
	r->param.environ.name = &environ;

61
	do {

62
		tomoyo_check_acl(r, tomoyo_check_env_acl);

63
		error = tomoyo_audit_env_log(r);

64
	} while (error == TOMOYO_RETRY_REQUEST);

65
	return error;

66
}

67


68
/**

69
 * tomoyo_same_env_acl - Check for duplicated "struct tomoyo_env_acl" entry.

70
 *

71
 * @a: Pointer to "struct tomoyo_acl_info".

72
 * @b: Pointer to "struct tomoyo_acl_info".

73
 *

74
 * Returns true if @a == @b, false otherwise.

75
 */

76
static bool tomoyo_same_env_acl(const struct tomoyo_acl_info *a,

77
				const struct tomoyo_acl_info *b)

78
{

79
	const struct tomoyo_env_acl *p1 = container_of(a, typeof(*p1), head);

80
	const struct tomoyo_env_acl *p2 = container_of(b, typeof(*p2), head);

81


82
	return p1->env == p2->env;

83
}

84


85
/**

86
 * tomoyo_write_env - Write "struct tomoyo_env_acl" list.

87
 *

88
 * @param: Pointer to "struct tomoyo_acl_param".

89
 *

90
 * Returns 0 on success, negative value otherwise.

91
 *

92
 * Caller holds tomoyo_read_lock().

93
 */

94
static int tomoyo_write_env(struct tomoyo_acl_param *param)

95
{

96
	struct tomoyo_env_acl e = { .head.type = TOMOYO_TYPE_ENV_ACL };

97
	int error = -ENOMEM;

98
	const char *data = tomoyo_read_token(param);

99


100
	if (!tomoyo_correct_word(data) || strchr(data, '='))

101
		return -EINVAL;

102
	e.env = tomoyo_get_name(data);

103
	if (!e.env)

104
		return error;

105
	error = tomoyo_update_domain(&e.head, sizeof(e), param,

106
				  tomoyo_same_env_acl, NULL);

107
	tomoyo_put_name(e.env);

108
	return error;

109
}

110


111
/**

112
 * tomoyo_write_misc - Update environment variable list.

113
 *

114
 * @param: Pointer to "struct tomoyo_acl_param".

115
 *

116
 * Returns 0 on success, negative value otherwise.

117
 */

118
int tomoyo_write_misc(struct tomoyo_acl_param *param)

119
{

120
	if (tomoyo_str_starts(&param->data, "env "))

121
		return tomoyo_write_env(param);

122
	return -EINVAL;

123
}

124


125