5 |
* |
* |
6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
7 |
* |
* |
8 |
* Version: 1.6.2-rc 2008/06/12 |
* Version: 1.6.2-rc 2008/06/22 |
9 |
* |
* |
10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
11 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
1381 |
* |
* |
1382 |
* @bprm: Pointer to "struct linux_binprm". |
* @bprm: Pointer to "struct linux_binprm". |
1383 |
* @filename: The name of requested program. |
* @filename: The name of requested program. |
1384 |
* @work: Pointer to pointer to the name of execute handler. |
* @eh_path: Pointer to pointer to the name of execute handler. |
1385 |
* @next_domain: Pointer to pointer to "struct domain_info". |
* @next_domain: Pointer to pointer to "struct domain_info". |
1386 |
* @tmp: Buffer for temporal use. |
* @tmp: Buffer for temporal use. |
1387 |
* |
* |
1388 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
1389 |
*/ |
*/ |
1390 |
static int try_alt_exec(struct linux_binprm *bprm, |
static int try_alt_exec(struct linux_binprm *bprm, |
1391 |
const struct path_info *filename, char **work, |
const struct path_info *filename, char **eh_path, |
1392 |
struct domain_info **next_domain, |
struct domain_info **next_domain, |
1393 |
struct ccs_page_buffer *tmp) |
struct ccs_page_buffer *tmp) |
1394 |
{ |
{ |
1436 |
char *buffer = tmp->buffer; |
char *buffer = tmp->buffer; |
1437 |
/* Allocate memory for execute handler's pathname. */ |
/* Allocate memory for execute handler's pathname. */ |
1438 |
char *execute_handler = ccs_alloc(sizeof(struct ccs_page_buffer)); |
char *execute_handler = ccs_alloc(sizeof(struct ccs_page_buffer)); |
1439 |
*work = execute_handler; |
*eh_path = execute_handler; |
1440 |
if (!execute_handler) |
if (!execute_handler) |
1441 |
return -ENOMEM; |
return -ENOMEM; |
1442 |
strncpy(execute_handler, filename->name, |
strncpy(execute_handler, filename->name, |
1617 |
const struct path_info *handler; |
const struct path_info *handler; |
1618 |
int retval; |
int retval; |
1619 |
/* |
/* |
1620 |
* "work" holds path to program. |
* "eh_path" holds path to execute handler program. |
1621 |
* Thus, keep valid until search_binary_handler() finishes. |
* Thus, keep valid until search_binary_handler() finishes. |
1622 |
*/ |
*/ |
1623 |
char *work = NULL; |
char *eh_path = NULL; |
1624 |
struct ccs_page_buffer *buf = ccs_alloc(sizeof(struct ccs_page_buffer)); |
struct ccs_page_buffer *tmp = ccs_alloc(sizeof(struct ccs_page_buffer)); |
1625 |
ccs_load_policy(bprm->filename); |
ccs_load_policy(bprm->filename); |
1626 |
if (!buf) |
if (!tmp) |
1627 |
return -ENOMEM; |
return -ENOMEM; |
1628 |
/* printk(KERN_DEBUG "rootdepth=%d\n", get_root_depth()); */ |
/* printk(KERN_DEBUG "rootdepth=%d\n", get_root_depth()); */ |
1629 |
handler = find_execute_handler(TYPE_EXECUTE_HANDLER); |
handler = find_execute_handler(TYPE_EXECUTE_HANDLER); |
1630 |
if (handler) { |
if (handler) { |
1631 |
retval = try_alt_exec(bprm, handler, &work, &next_domain, buf); |
retval = try_alt_exec(bprm, handler, &eh_path, &next_domain, |
1632 |
|
tmp); |
1633 |
if (!retval) |
if (!retval) |
1634 |
audit_execute_handler_log(true, work, bprm); |
audit_execute_handler_log(true, eh_path, bprm); |
1635 |
goto ok; |
goto ok; |
1636 |
} |
} |
1637 |
retval = find_next_domain(bprm, &next_domain, NULL, buf); |
retval = find_next_domain(bprm, &next_domain, NULL, tmp); |
1638 |
if (retval != -EPERM) |
if (retval != -EPERM) |
1639 |
goto ok; |
goto ok; |
1640 |
handler = find_execute_handler(TYPE_DENIED_EXECUTE_HANDLER); |
handler = find_execute_handler(TYPE_DENIED_EXECUTE_HANDLER); |
1641 |
if (handler) { |
if (handler) { |
1642 |
retval = try_alt_exec(bprm, handler, &work, &next_domain, buf); |
retval = try_alt_exec(bprm, handler, &eh_path, &next_domain, |
1643 |
|
tmp); |
1644 |
if (!retval) |
if (!retval) |
1645 |
audit_execute_handler_log(false, work, bprm); |
audit_execute_handler_log(false, eh_path, bprm); |
1646 |
} |
} |
1647 |
ok: |
ok: |
1648 |
if (retval) |
if (retval) |
1649 |
goto out; |
goto out; |
1650 |
task->domain_info = next_domain; |
task->domain_info = next_domain; |
1651 |
retval = check_environ(bprm, buf); |
retval = check_environ(bprm, tmp); |
1652 |
if (retval) |
if (retval) |
1653 |
goto out; |
goto out; |
1654 |
task->tomoyo_flags |= TOMOYO_CHECK_READ_FOR_OPEN_EXEC; |
task->tomoyo_flags |= TOMOYO_CHECK_READ_FOR_OPEN_EXEC; |
1664 |
/* Mark the current process as normal process. */ |
/* Mark the current process as normal process. */ |
1665 |
else |
else |
1666 |
task->tomoyo_flags &= ~TOMOYO_TASK_IS_EXECUTE_HANDLER; |
task->tomoyo_flags &= ~TOMOYO_TASK_IS_EXECUTE_HANDLER; |
1667 |
ccs_free(work); |
ccs_free(eh_path); |
1668 |
ccs_free(buf); |
ccs_free(tmp); |
1669 |
return retval; |
return retval; |
1670 |
} |
} |
1671 |
|
|