66 |
struct aggregator_entry *next; |
struct aggregator_entry *next; |
67 |
const struct path_info *original_name; |
const struct path_info *original_name; |
68 |
const struct path_info *aggregated_name; |
const struct path_info *aggregated_name; |
69 |
int is_deleted; |
u8 is_deleted; |
70 |
}; |
}; |
71 |
|
|
72 |
/***** The structure for program files that should be aliased. *****/ |
/***** The structure for program files that should be aliased. *****/ |
75 |
struct alias_entry *next; |
struct alias_entry *next; |
76 |
const struct path_info *original_name; |
const struct path_info *original_name; |
77 |
const struct path_info *aliased_name; |
const struct path_info *aliased_name; |
78 |
int is_deleted; |
u8 is_deleted; |
79 |
}; |
}; |
80 |
|
|
81 |
/************************* VARIABLES *************************/ |
/************************* VARIABLES *************************/ |
108 |
return 0; |
return 0; |
109 |
} |
} |
110 |
|
|
|
int TooManyDomainACL(struct domain_info * const domain) { |
|
|
unsigned int count = 0; |
|
|
struct acl_info *ptr; |
|
|
for (ptr = domain->first_acl_ptr; ptr; ptr = ptr->next) { |
|
|
if (!ptr->is_deleted) count++; |
|
|
} |
|
|
/* If there are so many entries, don't append if learning mode. */ |
|
|
if (count < CheckCCSFlags(CCS_TOMOYO_MAX_ACCEPT_ENTRY)) return 0; |
|
|
if (!domain->quota_warned) { |
|
|
printk("TOMOYO-WARNING: Domain '%s' has so many ACLs to hold. Stopped learning mode.\n", domain->domainname->name); |
|
|
domain->quota_warned = 1; |
|
|
} |
|
|
return 1; |
|
|
} |
|
|
|
|
|
|
|
111 |
/************************* DOMAIN INITIALIZER HANDLER *************************/ |
/************************* DOMAIN INITIALIZER HANDLER *************************/ |
112 |
|
|
113 |
static struct domain_initializer_entry *domain_initializer_list = NULL; |
static struct domain_initializer_entry *domain_initializer_list = NULL; |
114 |
|
|
115 |
static int AddDomainInitializerEntry(const char *domainname, const char *program, const int is_not, const int is_delete) |
static int AddDomainInitializerEntry(const char *domainname, const char *program, const u8 is_not, const u8 is_delete) |
116 |
{ |
{ |
117 |
struct domain_initializer_entry *new_entry, *ptr; |
struct domain_initializer_entry *new_entry, *ptr; |
118 |
static DECLARE_MUTEX(lock); |
static DECLARE_MUTEX(lock); |
119 |
const struct path_info *saved_program, *saved_domainname = NULL; |
const struct path_info *saved_program, *saved_domainname = NULL; |
120 |
int error = -ENOMEM; |
int error = -ENOMEM; |
121 |
int is_last_name = 0; |
u8 is_last_name = 0; |
122 |
if (!IsCorrectPath(program, 1, -1, -1, __FUNCTION__)) return -EINVAL; /* No patterns allowed. */ |
if (!IsCorrectPath(program, 1, -1, -1, __FUNCTION__)) return -EINVAL; /* No patterns allowed. */ |
123 |
if (domainname) { |
if (domainname) { |
124 |
if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) { |
if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) { |
176 |
return ptr ? -ENOMEM : 0; |
return ptr ? -ENOMEM : 0; |
177 |
} |
} |
178 |
|
|
179 |
int AddDomainInitializerPolicy(char *data, const int is_not, const int is_delete) |
int AddDomainInitializerPolicy(char *data, const u8 is_not, const u8 is_delete) |
180 |
{ |
{ |
181 |
char *cp = strstr(data, " from "); |
char *cp = strstr(data, " from "); |
182 |
if (cp) { |
if (cp) { |
211 |
|
|
212 |
static struct domain_keeper_entry *domain_keeper_list = NULL; |
static struct domain_keeper_entry *domain_keeper_list = NULL; |
213 |
|
|
214 |
static int AddDomainKeeperEntry(const char *domainname, const char *program, const int is_not, const int is_delete) |
static int AddDomainKeeperEntry(const char *domainname, const char *program, const u8 is_not, const u8 is_delete) |
215 |
{ |
{ |
216 |
struct domain_keeper_entry *new_entry, *ptr; |
struct domain_keeper_entry *new_entry, *ptr; |
217 |
const struct path_info *saved_domainname, *saved_program = NULL; |
const struct path_info *saved_domainname, *saved_program = NULL; |
218 |
static DECLARE_MUTEX(lock); |
static DECLARE_MUTEX(lock); |
219 |
int error = -ENOMEM; |
int error = -ENOMEM; |
220 |
int is_last_name = 0; |
u8 is_last_name = 0; |
221 |
if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) { |
if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) { |
222 |
is_last_name = 1; |
is_last_name = 1; |
223 |
} else if (!IsCorrectDomain(domainname, __FUNCTION__)) { |
} else if (!IsCorrectDomain(domainname, __FUNCTION__)) { |
257 |
return error; |
return error; |
258 |
} |
} |
259 |
|
|
260 |
int AddDomainKeeperPolicy(char *data, const int is_not, const int is_delete) |
int AddDomainKeeperPolicy(char *data, const u8 is_not, const u8 is_delete) |
261 |
{ |
{ |
262 |
char *cp = strstr(data, " from "); |
char *cp = strstr(data, " from "); |
263 |
if (cp) { |
if (cp) { |
308 |
|
|
309 |
static struct alias_entry *alias_list = NULL; |
static struct alias_entry *alias_list = NULL; |
310 |
|
|
311 |
static int AddAliasEntry(const char *original_name, const char *aliased_name, const int is_delete) |
static int AddAliasEntry(const char *original_name, const char *aliased_name, const u8 is_delete) |
312 |
{ |
{ |
313 |
struct alias_entry *new_entry, *ptr; |
struct alias_entry *new_entry, *ptr; |
314 |
static DECLARE_MUTEX(lock); |
static DECLARE_MUTEX(lock); |
355 |
return ptr ? -ENOMEM : 0; |
return ptr ? -ENOMEM : 0; |
356 |
} |
} |
357 |
|
|
358 |
int AddAliasPolicy(char *data, const int is_delete) |
int AddAliasPolicy(char *data, const u8 is_delete) |
359 |
{ |
{ |
360 |
char *cp = strchr(data, ' '); |
char *cp = strchr(data, ' '); |
361 |
if (!cp) return -EINVAL; |
if (!cp) return -EINVAL; |
367 |
|
|
368 |
static struct aggregator_entry *aggregator_list = NULL; |
static struct aggregator_entry *aggregator_list = NULL; |
369 |
|
|
370 |
static int AddAggregatorEntry(const char *original_name, const char *aggregated_name, const int is_delete) |
static int AddAggregatorEntry(const char *original_name, const char *aggregated_name, const u8 is_delete) |
371 |
{ |
{ |
372 |
struct aggregator_entry *new_entry, *ptr; |
struct aggregator_entry *new_entry, *ptr; |
373 |
static DECLARE_MUTEX(lock); |
static DECLARE_MUTEX(lock); |
414 |
return ptr ? -ENOMEM : 0; |
return ptr ? -ENOMEM : 0; |
415 |
} |
} |
416 |
|
|
417 |
int AddAggregatorPolicy(char *data, const int is_delete) |
int AddAggregatorPolicy(char *data, const u8 is_delete) |
418 |
{ |
{ |
419 |
char *cp = strchr(data, ' '); |
char *cp = strchr(data, ' '); |
420 |
if (!cp) return -EINVAL; |
if (!cp) return -EINVAL; |
635 |
struct file *filp = bprm->file; |
struct file *filp = bprm->file; |
636 |
char *new_domain_name = NULL; |
char *new_domain_name = NULL; |
637 |
char *real_program_name = NULL, *symlink_program_name = NULL; |
char *real_program_name = NULL, *symlink_program_name = NULL; |
638 |
const int is_enforce = CheckCCSEnforce(CCS_TOMOYO_MAC_FOR_FILE); |
const u8 is_enforce = CheckCCSEnforce(CCS_TOMOYO_MAC_FOR_FILE); |
639 |
int retval; |
int retval; |
640 |
struct path_info r, s, l; |
struct path_info r, s, l; |
641 |
|
|