Skip to content

Commit

Permalink
tomoyo: Add a kernel config option for fuzzing testing.
Browse files Browse the repository at this point in the history
syzbot is reporting kernel panic triggered by memory allocation fault
injection before loading TOMOYO's policy [1]. To make the fuzzing tests
useful, we need to assign a profile other than "disabled" (no-op) mode.
Therefore, let's allow syzbot to load TOMOYO's built-in policy for
"learning" mode using a kernel config option. This option must not be
enabled for kernels built for production system, for this option also
disables domain/program checks when modifying policy configuration via
/sys/kernel/security/tomoyo/ interface.

[1] https://syzkaller.appspot.com/bug?extid=29569ed06425fcf67a95

Reported-by: syzbot <[email protected]>
Reported-by: syzbot <[email protected]>
Reported-by: syzbot <[email protected]>
Signed-off-by: Tetsuo Handa <[email protected]>
Signed-off-by: James Morris <[email protected]>
  • Loading branch information
Tetsuo Handa authored and James Morris committed May 10, 2019
1 parent 1fb3b52 commit e80b185
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 1 deletion.
10 changes: 10 additions & 0 deletions security/tomoyo/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -74,3 +74,13 @@ config SECURITY_TOMOYO_ACTIVATION_TRIGGER
You can override this setting via TOMOYO_trigger= kernel command line
option. For example, if you pass init=/bin/systemd option, you may
want to also pass TOMOYO_trigger=/bin/systemd option.

config SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
bool "Use insecure built-in settings for fuzzing tests."
default n
depends on SECURITY_TOMOYO
select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
help
Enabling this option forces minimal built-in policy and disables
domain/program checks for run-time policy modifications. Please enable
this option only if this kernel is built for doing fuzzing tests.
13 changes: 12 additions & 1 deletion security/tomoyo/common.c
Original file line number Diff line number Diff line change
Expand Up @@ -940,7 +940,7 @@ static bool tomoyo_manager(void)
const char *exe;
const struct task_struct *task = current;
const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;
bool found = false;
bool found = IS_ENABLED(CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING);

if (!tomoyo_policy_loaded)
return true;
Expand Down Expand Up @@ -2810,13 +2810,24 @@ void tomoyo_check_profile(void)
*/
void __init tomoyo_load_builtin_policy(void)
{
#ifdef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
static char tomoyo_builtin_profile[] __initdata =
"PROFILE_VERSION=20150505\n"
"0-CONFIG={ mode=learning grant_log=no reject_log=yes }\n";
static char tomoyo_builtin_exception_policy[] __initdata =
"aggregator proc:/self/exe /proc/self/exe\n";
static char tomoyo_builtin_domain_policy[] __initdata = "";
static char tomoyo_builtin_manager[] __initdata = "";
static char tomoyo_builtin_stat[] __initdata = "";
#else
/*
* This include file is manually created and contains built-in policy
* named "tomoyo_builtin_profile", "tomoyo_builtin_exception_policy",
* "tomoyo_builtin_domain_policy", "tomoyo_builtin_manager",
* "tomoyo_builtin_stat" in the form of "static char [] __initdata".
*/
#include "builtin-policy.h"
#endif
u8 i;
const int idx = tomoyo_read_lock();

Expand Down

0 comments on commit e80b185

Please sign in to comment.