117 |
*/ |
*/ |
118 |
static int ccs_audit_domain_creation_log(struct ccs_domain_info *domain) |
static int ccs_audit_domain_creation_log(struct ccs_domain_info *domain) |
119 |
{ |
{ |
120 |
|
int error; |
121 |
struct ccs_request_info r; |
struct ccs_request_info r; |
122 |
ccs_init_request_info(&r, domain, CCS_MAC_FOR_FILE); |
ccs_init_request_info(&r, domain, CCS_MAC_FOR_FILE); |
123 |
return ccs_write_audit_log(false, &r, "use_profile %u\n", r.profile); |
error = ccs_write_audit_log(false, &r, "use_profile %u\n", r.profile); |
124 |
|
ccs_exit_request_info(&r); |
125 |
|
return error; |
126 |
} |
} |
127 |
|
|
128 |
/* The list for "struct ccs_domain_initializer_entry". */ |
/* The list for "struct ccs_domain_initializer_entry". */ |
736 |
bool ccs_find_or_assign_new_domain(const char *domainname, const u8 profile, |
bool ccs_find_or_assign_new_domain(const char *domainname, const u8 profile, |
737 |
struct ccs_cookie *cookie) |
struct ccs_cookie *cookie) |
738 |
{ |
{ |
739 |
struct ccs_domain_info *domain = kzalloc(sizeof(*domain), GFP_KERNEL); |
struct ccs_domain_info *entry; |
740 |
const struct ccs_path_info *saved_domainname = ccs_get_name(domainname); |
struct ccs_domain_info *domain; |
741 |
if (!domain || !saved_domainname) |
const struct ccs_path_info *saved_domainname; |
742 |
goto out; |
cookie->u.domain = NULL; |
743 |
|
if (!ccs_is_correct_domain(domainname, __func__)) |
744 |
|
return false; |
745 |
|
saved_domainname = ccs_get_name(domainname); |
746 |
|
if (!saved_domainname) |
747 |
|
return false; |
748 |
|
entry = kzalloc(sizeof(*domain), GFP_KERNEL); |
749 |
/***** WRITER SECTION START *****/ |
/***** WRITER SECTION START *****/ |
750 |
down_write(&ccs_policy_lock); |
down_write(&ccs_policy_lock); |
751 |
if (!ccs_find_domain(domainname, cookie) && |
list_for_each_entry(domain, &ccs_domain_list, list) { |
752 |
ccs_is_correct_domain(domainname, __func__) && |
if (domain->is_deleted || |
753 |
ccs_memory_ok(domain)) { |
ccs_pathcmp(saved_domainname, domain->domainname)) |
754 |
INIT_LIST_HEAD(&domain->acl_info_list); |
continue; |
|
domain->domainname = saved_domainname; |
|
|
saved_domainname = NULL; |
|
|
domain->profile = profile; |
|
|
list_add_tail(&domain->list, &ccs_domain_list); |
|
755 |
cookie->u.domain = domain; |
cookie->u.domain = domain; |
756 |
domain = NULL; |
break; |
757 |
|
} |
758 |
|
if (!cookie->u.domain && ccs_memory_ok(entry)) { |
759 |
|
INIT_LIST_HEAD(&entry->acl_info_list); |
760 |
|
entry->domainname = saved_domainname; |
761 |
|
saved_domainname = NULL; |
762 |
|
entry->profile = profile; |
763 |
|
list_add_tail(&entry->list, &ccs_domain_list); |
764 |
|
cookie->u.domain = entry; |
765 |
|
entry = NULL; |
766 |
} |
} |
|
out: |
|
767 |
up_write(&ccs_policy_lock); |
up_write(&ccs_policy_lock); |
768 |
/***** WRITER SECTION END *****/ |
/***** WRITER SECTION END *****/ |
769 |
ccs_put_name(saved_domainname); |
ccs_put_name(saved_domainname); |
851 |
bool found = false; |
bool found = false; |
852 |
retry: |
retry: |
853 |
current->ccs_flags = ccs_flags; |
current->ccs_flags = ccs_flags; |
854 |
r->cond = NULL; |
r->condition_cookie.u.cond = NULL; |
855 |
/* Get realpath of program and symbolic link. */ |
/* Get realpath of program and symbolic link. */ |
856 |
retval = ccs_realpath_both(bprm->filename, ee); |
retval = ccs_realpath_both(bprm->filename, ee); |
857 |
if (retval < 0) |
if (retval < 0) |
973 |
} |
} |
974 |
if (found || strlen(new_domain_name) >= CCS_MAX_PATHNAME_LEN) |
if (found || strlen(new_domain_name) >= CCS_MAX_PATHNAME_LEN) |
975 |
goto done; |
goto done; |
|
/***** READER SECTION START *****/ |
|
|
down_read(&ccs_policy_lock); |
|
976 |
found = ccs_find_domain(new_domain_name, &r->cookie); |
found = ccs_find_domain(new_domain_name, &r->cookie); |
|
up_read(&ccs_policy_lock); |
|
|
/***** READER SECTION END *****/ |
|
977 |
if (found) |
if (found) |
978 |
goto done; |
goto done; |
979 |
if (is_enforce) { |
if (is_enforce) { |
1661 |
else |
else |
1662 |
task->ccs_flags &= ~CCS_TASK_IS_EXECUTE_HANDLER; |
task->ccs_flags &= ~CCS_TASK_IS_EXECUTE_HANDLER; |
1663 |
out: |
out: |
1664 |
|
ccs_exit_request_info(&ee->r); |
1665 |
ccs_free_execve_entry(ee); |
ccs_free_execve_entry(ee); |
1666 |
} |
} |
1667 |
|
|