Commit e80b1859 authored by Tetsuo Handa's avatar Tetsuo Handa Committed by James Morris
Browse files

tomoyo: Add a kernel config option for fuzzing testing. 

syzbot is reporting kernel panic triggered by memory allocation fault
injection before loading TOMOYO's policy [1]. To make the fuzzing tests
useful, we need to assign a profile other than "disabled" (no-op) mode.
Therefore, let's allow syzbot to load TOMOYO's built-in policy for
"learning" mode using a kernel config option. This option must not be
enabled for kernels built for production system, for this option also
disables domain/program checks when modifying policy configuration via
/sys/kernel/security/tomoyo/ interface.

[1] https://syzkaller.appspot.com/bug?extid=29569ed06425fcf67a95



Reported-by: default avatarsyzbot <syzbot+e1b8084e532b6ee7afab@syzkaller.appspotmail.com>
Reported-by: default avatarsyzbot <syzbot+29569ed06425fcf67a95@syzkaller.appspotmail.com>
Reported-by: default avatarsyzbot <syzbot+2ee3f8974c2e7dc69feb@syzkaller.appspotmail.com>
Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: default avatarJames Morris <jamorris@linux.microsoft.com>
parent 1fb3b526

security/tomoyo/Kconfig

+10 −0
Original line number Diff line number Diff line
@@ -74,3 +74,13 @@ config SECURITY_TOMOYO_ACTIVATION_TRIGGER 
	  You can override this setting via TOMOYO_trigger= kernel command line

	  option. For example, if you pass init=/bin/systemd option, you may

	  want to also pass TOMOYO_trigger=/bin/systemd option.



config SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING

	bool "Use insecure built-in settings for fuzzing tests."

	default n

	depends on SECURITY_TOMOYO

	select SECURITY_TOMOYO_OMIT_USERSPACE_LOADER

	help

	  Enabling this option forces minimal built-in policy and disables

	  domain/program checks for run-time policy modifications. Please enable

	  this option only if this kernel is built for doing fuzzing tests.

security/tomoyo/common.c

+12 −1
Original line number Diff line number Diff line
@@ -940,7 +940,7 @@ static bool tomoyo_manager(void) 
	const char *exe;

	const struct task_struct *task = current;

	const struct tomoyo_path_info *domainname = tomoyo_domain()->domainname;

	bool found = false;

	bool found = IS_ENABLED(CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING);



	if (!tomoyo_policy_loaded)

		return true;
@@ -2810,6 +2810,16 @@ void tomoyo_check_profile(void) 
 */

void __init tomoyo_load_builtin_policy(void)

{

#ifdef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING

	static char tomoyo_builtin_profile[] __initdata =

		"PROFILE_VERSION=20150505\n"

		"0-CONFIG={ mode=learning grant_log=no reject_log=yes }\n";

	static char tomoyo_builtin_exception_policy[] __initdata =

		"aggregator proc:/self/exe /proc/self/exe\n";

	static char tomoyo_builtin_domain_policy[] __initdata = "";

	static char tomoyo_builtin_manager[] __initdata = "";

	static char tomoyo_builtin_stat[] __initdata = "";

#else

	/*

	 * This include file is manually created and contains built-in policy

	 * named "tomoyo_builtin_profile", "tomoyo_builtin_exception_policy",
@@ -2817,6 +2827,7 @@ void __init tomoyo_load_builtin_policy(void) 
	 * "tomoyo_builtin_stat" in the form of "static char [] __initdata".

	 */

#include "builtin-policy.h"

#endif

	u8 i;

	const int idx = tomoyo_read_lock();

CRA Git | Maintained and supported by SUSTech CRA and CCSE