941 |
/** |
/** |
942 |
* ccs_find_next_domain - Find a domain. |
* ccs_find_next_domain - Find a domain. |
943 |
* |
* |
944 |
* @ee: Pointer to "struct ccs_request_info". |
* @ee: Pointer to "struct ccs_execve_entry". |
945 |
* |
* |
946 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
947 |
*/ |
*/ |
952 |
struct domain_info *domain = NULL; |
struct domain_info *domain = NULL; |
953 |
const char *old_domain_name = r->domain->domainname->name; |
const char *old_domain_name = r->domain->domainname->name; |
954 |
struct linux_binprm *bprm = ee->bprm; |
struct linux_binprm *bprm = ee->bprm; |
|
const char *original_name = bprm->filename; |
|
955 |
const u8 mode = r->mode; |
const u8 mode = r->mode; |
956 |
const bool is_enforce = (mode == 3); |
const bool is_enforce = (mode == 3); |
957 |
const u32 tomoyo_flags = current->tomoyo_flags; |
const u32 tomoyo_flags = current->tomoyo_flags; |
981 |
retry: |
retry: |
982 |
current->tomoyo_flags = tomoyo_flags; |
current->tomoyo_flags = tomoyo_flags; |
983 |
r->cond = NULL; |
r->cond = NULL; |
984 |
/* Get ccs_realpath of program and symbolic link. */ |
/* Get realpath of program and symbolic link. */ |
985 |
retval = -ENOENT; /* I hope ccs_realpath() won't fail with -ENOMEM. */ |
retval = ccs_realpath_both(bprm->filename, ee); |
986 |
if (!ccs_realpath_both(original_name, ee)) |
if (retval < 0) |
987 |
goto out; |
goto out; |
988 |
|
|
989 |
rn.name = ee->program_path; |
rn.name = ee->program_path; |
1206 |
/** |
/** |
1207 |
* ccs_unescape - Unescape escaped string. |
* ccs_unescape - Unescape escaped string. |
1208 |
* |
* |
1209 |
* @dest: String to ccs_unescape. |
* @dest: String to unescape. |
1210 |
* |
* |
1211 |
* Returns nothing. |
* Returns nothing. |
1212 |
*/ |
*/ |
1386 |
/** |
/** |
1387 |
* ccs_try_alt_exec - Try to start execute handler. |
* ccs_try_alt_exec - Try to start execute handler. |
1388 |
* |
* |
1389 |
* @ee: Pointer to "struct ccs_execve_entry". |
* @ee: Pointer to "struct ccs_execve_entry". |
1390 |
* |
* |
1391 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
1392 |
*/ |
*/ |
1469 |
|
|
1470 |
/* Set argv[4] */ |
/* Set argv[4] */ |
1471 |
{ |
{ |
1472 |
retval = copy_strings_kernel(1, (char **) &bprm->filename, |
retval = copy_strings_kernel(1, &bprm->filename, bprm); |
|
bprm); |
|
1473 |
if (retval < 0) |
if (retval < 0) |
1474 |
goto out; |
goto out; |
1475 |
bprm->argc++; |
bprm->argc++; |
1564 |
retval = prepare_binprm(bprm); |
retval = prepare_binprm(bprm); |
1565 |
if (retval < 0) |
if (retval < 0) |
1566 |
goto out; |
goto out; |
1567 |
/* |
{ |
1568 |
* Backup ee->propgram_path for ccs_find_next_domain(). |
/* Backup ee->program_path for ccs_find_next_domain(). */ |
1569 |
* ee->program_path will be overwritten by ccs_find_next_domain(). |
const int len = strlen(ee->program_path) + 1; |
1570 |
* But ee->tmp won't be overwritten by ccs_find_next_domain() |
char *cp = kmalloc(len, GFP_KERNEL); |
1571 |
* because ee->handler != NULL. |
if (!cp) { |
1572 |
*/ |
retval = -ENOMEM; |
1573 |
strncpy(ee->tmp, ee->program_path, CCS_EXEC_TMPSIZE - 1); |
goto out; |
1574 |
task->tomoyo_flags |= CCS_DONT_SLEEP_ON_ENFORCE_ERROR; |
} |
1575 |
retval = ccs_find_next_domain(ee); |
memmove(cp, ee->program_path, len); |
1576 |
task->tomoyo_flags &= ~CCS_DONT_SLEEP_ON_ENFORCE_ERROR; |
task->tomoyo_flags |= CCS_DONT_SLEEP_ON_ENFORCE_ERROR; |
1577 |
/* |
retval = ccs_find_next_domain(ee); |
1578 |
* Restore ee->program_path for search_binary_handler(). |
task->tomoyo_flags &= ~CCS_DONT_SLEEP_ON_ENFORCE_ERROR; |
1579 |
*/ |
/* Restore ee->program_path for search_binary_handler(). */ |
1580 |
strncpy(ee->program_path, ee->tmp, CCS_MAX_PATHNAME_LEN - 1); |
memmove(ee->program_path, cp, len); |
1581 |
|
kfree(cp); |
1582 |
|
} |
1583 |
out: |
out: |
1584 |
return retval; |
return retval; |
1585 |
} |
} |
1590 |
* @ee: Pointer to "struct ccs_execve_entry". |
* @ee: Pointer to "struct ccs_execve_entry". |
1591 |
* @type: Type of execute handler. |
* @type: Type of execute handler. |
1592 |
* |
* |
1593 |
* Returns bool if found, false otherwise. |
* Returns true if found, false otherwise. |
1594 |
*/ |
*/ |
1595 |
static bool ccs_find_execute_handler(struct ccs_execve_entry *ee, |
static bool ccs_find_execute_handler(struct ccs_execve_entry *ee, |
1596 |
const u8 type) |
const u8 type) |