オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/branches/ccs-patch/security/ccsecurity/domain.c

Diff of /branches/ccs-patch/security/ccsecurity/domain.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1031 by kumaneko, Tue Mar 11 04:38:56 2008 UTC revision 1032 by kumaneko, Tue Mar 11 08:25:41 2008 UTC
# Line 658  static int FindNextDomain(struct linux_b Line 658  static int FindNextDomain(struct linux_b
658                          break;                          break;
659                  }                  }
660          }          }
661            
662          /* Compare basename of real_program_name and argv[0] */          /* Compare basename of real_program_name and argv[0] */
663          if (bprm->argc > 0 && CheckCCSFlags(CCS_TOMOYO_MAC_FOR_ARGV0)) {          if (bprm->argc > 0 && CheckCCSFlags(CCS_TOMOYO_MAC_FOR_ARGV0)) {
664                  char *base_argv0 = tmp->buffer;                  char *base_argv0 = tmp->buffer;
# Line 671  static int FindNextDomain(struct linux_b Line 671  static int FindNextDomain(struct linux_b
671                          if (retval) goto out;                          if (retval) goto out;
672                  }                  }
673          }          }
674            
675          /* Check 'aggregator' directive. */          /* Check 'aggregator' directive. */
676          {          {
677                  struct aggregator_entry *ptr;                  struct aggregator_entry *ptr;
# Line 844  static int GetRootDepth(void) Line 844  static int GetRootDepth(void)
844          struct vfsmount *vfsmnt;          struct vfsmount *vfsmnt;
845  #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)  #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
846          struct path root;          struct path root;
847    #else
848            struct dentry *dentry0;
849            struct vfsmount *vfsmnt0;
850  #endif  #endif
851          read_lock(&current->fs->lock);          read_lock(&current->fs->lock);
852  #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)  #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
853          root = current->fs->root;          root = current->fs->root;
854          path_get(&current->fs->root);          path_get(&current->fs->root);
855          dentry = root.dentry;          dentry = root.dentry;
856          vfsmnt = root.mnt;          vfsmnt = root.mnt;
857  #else  #else
858          dentry = dget(current->fs->root);          dentry0 = dentry = dget(current->fs->root);
859          vfsmnt = mntget(current->fs->rootmnt);          vfsmnt0 = vfsmnt = mntget(current->fs->rootmnt);
860  #endif  #endif
861          read_unlock(&current->fs->lock);          read_unlock(&current->fs->lock);
862          /***** CRITICAL SECTION START *****/          /***** CRITICAL SECTION START *****/
# Line 880  static int GetRootDepth(void) Line 883  static int GetRootDepth(void)
883  #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)  #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,25)
884          path_put(&root);          path_put(&root);
885  #else  #else
886          dput(dentry);          dput(dentry0);
887          mntput(vfsmnt);          mntput(vfsmnt0);
888  #endif  #endif
889          return depth;          return depth;
890  }  }
# Line 929  static int try_alt_exec(struct linux_bin Line 932  static int try_alt_exec(struct linux_bin
932          const int original_argc = bprm->argc;          const int original_argc = bprm->argc;
933          const int original_envc = bprm->envc;          const int original_envc = bprm->envc;
934          struct task_struct *task = current;          struct task_struct *task = current;
935          char *buffer = tmp->buffer;          char *buffer = tmp->buffer;
936          /* Allocate memory for execute handler's pathname. */          /* Allocate memory for execute handler's pathname. */
937          char *execute_handler = ccs_alloc(sizeof(struct ccs_page_buffer));          char *execute_handler = ccs_alloc(sizeof(struct ccs_page_buffer));
938          *work = execute_handler;          *work = execute_handler;
939          if (!execute_handler) return -ENOMEM;          if (!execute_handler) return -ENOMEM;
940          strncpy(execute_handler, filename->name, sizeof(struct ccs_page_buffer) - 1);          strncpy(execute_handler, filename->name, sizeof(struct ccs_page_buffer) - 1);
941          UnEscape(execute_handler);          UnEscape(execute_handler);
942            
943          /* Close the requested program's dentry. */          /* Close the requested program's dentry. */
944          allow_write_access(bprm->file);          allow_write_access(bprm->file);
945          fput(bprm->file);          fput(bprm->file);
# Line 1061  int search_binary_handler_with_transitio Line 1064  int search_binary_handler_with_transitio
1064          struct task_struct *task = current;          struct task_struct *task = current;
1065          struct domain_info *next_domain = NULL, *prev_domain = task->domain_info;          struct domain_info *next_domain = NULL, *prev_domain = task->domain_info;
1066          const struct path_info *handler;          const struct path_info *handler;
1067          int retval;          int retval;
1068          char *work = NULL; /* Keep valid until search_binary_handler() finishes. */          char *work = NULL; /* Keep valid until search_binary_handler() finishes. */
1069          struct ccs_page_buffer *buf = ccs_alloc(sizeof(struct ccs_page_buffer));          struct ccs_page_buffer *buf = ccs_alloc(sizeof(struct ccs_page_buffer));
1070          CCS_LoadPolicy(bprm->filename);          CCS_LoadPolicy(bprm->filename);
Legend:
Removed from v.1031  
changed lines
  Added in v.1032
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ