| 5 |
* |
* |
| 6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
| 7 |
* |
* |
| 8 |
* Version: 1.6.2-rc 2008/06/12 |
* Version: 1.6.2-rc 2008/06/22 |
| 9 |
* |
* |
| 10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
| 11 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
| 1381 |
* |
* |
| 1382 |
* @bprm: Pointer to "struct linux_binprm". |
* @bprm: Pointer to "struct linux_binprm". |
| 1383 |
* @filename: The name of requested program. |
* @filename: The name of requested program. |
| 1384 |
* @work: Pointer to pointer to the name of execute handler. |
* @eh_path: Pointer to pointer to the name of execute handler. |
| 1385 |
* @next_domain: Pointer to pointer to "struct domain_info". |
* @next_domain: Pointer to pointer to "struct domain_info". |
| 1386 |
* @tmp: Buffer for temporal use. |
* @tmp: Buffer for temporal use. |
| 1387 |
* |
* |
| 1388 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
| 1389 |
*/ |
*/ |
| 1390 |
static int try_alt_exec(struct linux_binprm *bprm, |
static int try_alt_exec(struct linux_binprm *bprm, |
| 1391 |
const struct path_info *filename, char **work, |
const struct path_info *filename, char **eh_path, |
| 1392 |
struct domain_info **next_domain, |
struct domain_info **next_domain, |
| 1393 |
struct ccs_page_buffer *tmp) |
struct ccs_page_buffer *tmp) |
| 1394 |
{ |
{ |
| 1436 |
char *buffer = tmp->buffer; |
char *buffer = tmp->buffer; |
| 1437 |
/* Allocate memory for execute handler's pathname. */ |
/* Allocate memory for execute handler's pathname. */ |
| 1438 |
char *execute_handler = ccs_alloc(sizeof(struct ccs_page_buffer)); |
char *execute_handler = ccs_alloc(sizeof(struct ccs_page_buffer)); |
| 1439 |
*work = execute_handler; |
*eh_path = execute_handler; |
| 1440 |
if (!execute_handler) |
if (!execute_handler) |
| 1441 |
return -ENOMEM; |
return -ENOMEM; |
| 1442 |
strncpy(execute_handler, filename->name, |
strncpy(execute_handler, filename->name, |
| 1617 |
const struct path_info *handler; |
const struct path_info *handler; |
| 1618 |
int retval; |
int retval; |
| 1619 |
/* |
/* |
| 1620 |
* "work" holds path to program. |
* "eh_path" holds path to execute handler program. |
| 1621 |
* Thus, keep valid until search_binary_handler() finishes. |
* Thus, keep valid until search_binary_handler() finishes. |
| 1622 |
*/ |
*/ |
| 1623 |
char *work = NULL; |
char *eh_path = NULL; |
| 1624 |
struct ccs_page_buffer *buf = ccs_alloc(sizeof(struct ccs_page_buffer)); |
struct ccs_page_buffer *tmp = ccs_alloc(sizeof(struct ccs_page_buffer)); |
| 1625 |
ccs_load_policy(bprm->filename); |
ccs_load_policy(bprm->filename); |
| 1626 |
if (!buf) |
if (!tmp) |
| 1627 |
return -ENOMEM; |
return -ENOMEM; |
| 1628 |
/* printk(KERN_DEBUG "rootdepth=%d\n", get_root_depth()); */ |
/* printk(KERN_DEBUG "rootdepth=%d\n", get_root_depth()); */ |
| 1629 |
handler = find_execute_handler(TYPE_EXECUTE_HANDLER); |
handler = find_execute_handler(TYPE_EXECUTE_HANDLER); |
| 1630 |
if (handler) { |
if (handler) { |
| 1631 |
retval = try_alt_exec(bprm, handler, &work, &next_domain, buf); |
retval = try_alt_exec(bprm, handler, &eh_path, &next_domain, |
| 1632 |
|
tmp); |
| 1633 |
if (!retval) |
if (!retval) |
| 1634 |
audit_execute_handler_log(true, work, bprm); |
audit_execute_handler_log(true, eh_path, bprm); |
| 1635 |
goto ok; |
goto ok; |
| 1636 |
} |
} |
| 1637 |
retval = find_next_domain(bprm, &next_domain, NULL, buf); |
retval = find_next_domain(bprm, &next_domain, NULL, tmp); |
| 1638 |
if (retval != -EPERM) |
if (retval != -EPERM) |
| 1639 |
goto ok; |
goto ok; |
| 1640 |
handler = find_execute_handler(TYPE_DENIED_EXECUTE_HANDLER); |
handler = find_execute_handler(TYPE_DENIED_EXECUTE_HANDLER); |
| 1641 |
if (handler) { |
if (handler) { |
| 1642 |
retval = try_alt_exec(bprm, handler, &work, &next_domain, buf); |
retval = try_alt_exec(bprm, handler, &eh_path, &next_domain, |
| 1643 |
|
tmp); |
| 1644 |
if (!retval) |
if (!retval) |
| 1645 |
audit_execute_handler_log(false, work, bprm); |
audit_execute_handler_log(false, eh_path, bprm); |
| 1646 |
} |
} |
| 1647 |
ok: |
ok: |
| 1648 |
if (retval) |
if (retval) |
| 1649 |
goto out; |
goto out; |
| 1650 |
task->domain_info = next_domain; |
task->domain_info = next_domain; |
| 1651 |
retval = check_environ(bprm, buf); |
retval = check_environ(bprm, tmp); |
| 1652 |
if (retval) |
if (retval) |
| 1653 |
goto out; |
goto out; |
| 1654 |
task->tomoyo_flags |= TOMOYO_CHECK_READ_FOR_OPEN_EXEC; |
task->tomoyo_flags |= TOMOYO_CHECK_READ_FOR_OPEN_EXEC; |
| 1664 |
/* Mark the current process as normal process. */ |
/* Mark the current process as normal process. */ |
| 1665 |
else |
else |
| 1666 |
task->tomoyo_flags &= ~TOMOYO_TASK_IS_EXECUTE_HANDLER; |
task->tomoyo_flags &= ~TOMOYO_TASK_IS_EXECUTE_HANDLER; |
| 1667 |
ccs_free(work); |
ccs_free(eh_path); |
| 1668 |
ccs_free(buf); |
ccs_free(tmp); |
| 1669 |
return retval; |
return retval; |
| 1670 |
} |
} |
| 1671 |
|
|
TOMOYO
Parent Directory
Revision Log
Patch