292 |
static void ccs_check_profile(void) |
static void ccs_check_profile(void) |
293 |
{ |
{ |
294 |
struct ccs_domain_info *domain; |
struct ccs_domain_info *domain; |
295 |
|
const int idx = ccs_read_lock(); |
296 |
ccs_policy_loaded = true; |
ccs_policy_loaded = true; |
297 |
list_for_each_entry_rcu(domain, &ccs_domain_list, list) { |
list_for_each_entry_rcu(domain, &ccs_domain_list, list) { |
298 |
const u8 profile = domain->profile; |
const u8 profile = domain->profile; |
301 |
panic("Profile %u (used by '%s') not defined.\n", |
panic("Profile %u (used by '%s') not defined.\n", |
302 |
profile, domain->domainname->name); |
profile, domain->domainname->name); |
303 |
} |
} |
304 |
|
ccs_read_unlock(idx); |
305 |
if (ccs_profile_version != 20090903) |
if (ccs_profile_version != 20090903) |
306 |
panic("Profile version %u is not supported.\n", |
panic("Profile version %u is not supported.\n", |
307 |
ccs_profile_version); |
ccs_profile_version); |
2679 |
return -ENOSYS; |
return -ENOSYS; |
2680 |
if (!access_ok(VERIFY_READ, buffer, buffer_len)) |
if (!access_ok(VERIFY_READ, buffer, buffer_len)) |
2681 |
return -EFAULT; |
return -EFAULT; |
2682 |
|
if (mutex_lock_interruptible(&head->io_sem)) |
2683 |
|
return -EINTR; |
2684 |
|
idx = ccs_read_lock(); |
2685 |
/* Don't allow updating policies by non manager programs. */ |
/* Don't allow updating policies by non manager programs. */ |
2686 |
if (head->write != ccs_write_pid && |
if (head->write != ccs_write_pid && |
2687 |
head->write != ccs_write_domain_policy && |
head->write != ccs_write_domain_policy && |
2688 |
!ccs_is_policy_manager()) |
!ccs_is_policy_manager()) { |
2689 |
|
ccs_read_unlock(idx); |
2690 |
return -EPERM; |
return -EPERM; |
2691 |
if (mutex_lock_interruptible(&head->io_sem)) |
} |
|
return -EINTR; |
|
|
idx = ccs_read_lock(); |
|
2692 |
/* Read a line and dispatch it to the policy handler. */ |
/* Read a line and dispatch it to the policy handler. */ |
2693 |
while (avail_len > 0) { |
while (avail_len > 0) { |
2694 |
char c; |
char c; |