TOMOYO

Fork

[tomoyo-dev-en 311] "file execute" directive with optional "destination domain" argument.

Tetsuo Handa from-****@I-lov*****
Fri Aug 26 21:06:21 JST 2011

• Previous message: [tomoyo-dev-en 310] Re: Documentation
• Next message: [tomoyo-dev-en 312] Re: "file execute" directive with optional "destination domain" argument.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I got an opinion that it is difficult to use exception policy's domain
transition control directives because they need to match the pathname specified
to "file execute" directives when selectively pick up. For example, if
"file execute /bin/\*\-ls\-cat" is given, corresponding domain transition
control directive needs to be like "no_keep_domain /bin/\*\-ls\-cat from any".
As a currently available solution, I suggested to map such pathnames to
something else using "aggregator" directive.



But, if we can specify like below, it will become more convenient.

  file execute /bin/ls keep exec.realpath="/bin/ls" exec.argv[0]="ls"
  file execute /bin/cat keep exec.realpath="/bin/cat" exec.argv[0]="cat"
  file execute /bin/\*\-ls\-cat child
  file execute /usr/sbin/httpd <apache> exec.realpath="/usr/sbin/httpd" exec.argv[0]="/usr/sbin/httpd"

In above examples, "keep" works as if keep_domain is specified, "child" works
as if "no_reset_domain" and "no_initialize_domain" and "no_keep_domain" are
specified, "<apache>" causes domain transition to <apache> domain upon
successful execve() operation.



For compatibility, this argument is omissible. If omitted, destination domain
is calculated based on exception policy's domain transition control directives.

  file execute /bin/ls exec.realpath="/bin/ls" exec.argv[0]="ls"



In order to avoid conflicts with conditional keywords, keyword for this
argument can be one of below

   keep       (for keeping current domain.)
   initialize (for initializing domain transition.)
   reset      (for resetting domain transition.)
   $domainname (for jumping to specified domain. $domainname can be for example
                "<apache> /app1 /section1" because TOMOYO 1.8 can parse
                "ipc signal $signum $domainname $conditions"
                "task auto_domain_transition $domainname $conditions"
                "task manual_domain_transition $domainname $conditions" lines
                without problems because of domainname constraints.)

and below keywords might be useful in addition to above.

   child      (for jumping to current domain's child domain.)
   parent     (for jumping to current domain's parent domain.)
   default    (for calculating destination domain using exception policy's
               domain transition control directives.)



If this argument was specified, execve() will fail if domain transition has
failed, for I think this argument should be manually specified with
destination domains explicitly defined.



What do you think?

• Previous message: [tomoyo-dev-en 310] Re: Documentation
• Next message: [tomoyo-dev-en 312] Re: "file execute" directive with optional "destination domain" argument.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]