| 66 |
struct aggregator_entry *next; |
struct aggregator_entry *next; |
| 67 |
const struct path_info *original_name; |
const struct path_info *original_name; |
| 68 |
const struct path_info *aggregated_name; |
const struct path_info *aggregated_name; |
| 69 |
int is_deleted; |
u8 is_deleted; |
| 70 |
}; |
}; |
| 71 |
|
|
| 72 |
/***** The structure for program files that should be aliased. *****/ |
/***** The structure for program files that should be aliased. *****/ |
| 75 |
struct alias_entry *next; |
struct alias_entry *next; |
| 76 |
const struct path_info *original_name; |
const struct path_info *original_name; |
| 77 |
const struct path_info *aliased_name; |
const struct path_info *aliased_name; |
| 78 |
int is_deleted; |
u8 is_deleted; |
| 79 |
}; |
}; |
| 80 |
|
|
| 81 |
/************************* VARIABLES *************************/ |
/************************* VARIABLES *************************/ |
| 108 |
return 0; |
return 0; |
| 109 |
} |
} |
| 110 |
|
|
|
int TooManyDomainACL(struct domain_info * const domain) { |
|
|
unsigned int count = 0; |
|
|
struct acl_info *ptr; |
|
|
for (ptr = domain->first_acl_ptr; ptr; ptr = ptr->next) { |
|
|
if (!ptr->is_deleted) count++; |
|
|
} |
|
|
/* If there are so many entries, don't append if learning mode. */ |
|
|
if (count < CheckCCSFlags(CCS_TOMOYO_MAX_ACCEPT_ENTRY)) return 0; |
|
|
if (!domain->quota_warned) { |
|
|
printk("TOMOYO-WARNING: Domain '%s' has so many ACLs to hold. Stopped learning mode.\n", domain->domainname->name); |
|
|
domain->quota_warned = 1; |
|
|
} |
|
|
return 1; |
|
|
} |
|
|
|
|
|
|
|
| 111 |
/************************* DOMAIN INITIALIZER HANDLER *************************/ |
/************************* DOMAIN INITIALIZER HANDLER *************************/ |
| 112 |
|
|
| 113 |
static struct domain_initializer_entry *domain_initializer_list = NULL; |
static struct domain_initializer_entry *domain_initializer_list = NULL; |
| 114 |
|
|
| 115 |
static int AddDomainInitializerEntry(const char *domainname, const char *program, const int is_not, const int is_delete) |
static int AddDomainInitializerEntry(const char *domainname, const char *program, const u8 is_not, const u8 is_delete) |
| 116 |
{ |
{ |
| 117 |
struct domain_initializer_entry *new_entry, *ptr; |
struct domain_initializer_entry *new_entry, *ptr; |
| 118 |
static DECLARE_MUTEX(lock); |
static DECLARE_MUTEX(lock); |
| 119 |
const struct path_info *saved_program, *saved_domainname = NULL; |
const struct path_info *saved_program, *saved_domainname = NULL; |
| 120 |
int error = -ENOMEM; |
int error = -ENOMEM; |
| 121 |
int is_last_name = 0; |
u8 is_last_name = 0; |
| 122 |
if (!IsCorrectPath(program, 1, -1, -1, __FUNCTION__)) return -EINVAL; /* No patterns allowed. */ |
if (!IsCorrectPath(program, 1, -1, -1, __FUNCTION__)) return -EINVAL; /* No patterns allowed. */ |
| 123 |
if (domainname) { |
if (domainname) { |
| 124 |
if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) { |
if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) { |
| 176 |
return ptr ? -ENOMEM : 0; |
return ptr ? -ENOMEM : 0; |
| 177 |
} |
} |
| 178 |
|
|
| 179 |
int AddDomainInitializerPolicy(char *data, const int is_not, const int is_delete) |
int AddDomainInitializerPolicy(char *data, const u8 is_not, const u8 is_delete) |
| 180 |
{ |
{ |
| 181 |
char *cp = strstr(data, " from "); |
char *cp = strstr(data, " from "); |
| 182 |
if (cp) { |
if (cp) { |
| 211 |
|
|
| 212 |
static struct domain_keeper_entry *domain_keeper_list = NULL; |
static struct domain_keeper_entry *domain_keeper_list = NULL; |
| 213 |
|
|
| 214 |
static int AddDomainKeeperEntry(const char *domainname, const char *program, const int is_not, const int is_delete) |
static int AddDomainKeeperEntry(const char *domainname, const char *program, const u8 is_not, const u8 is_delete) |
| 215 |
{ |
{ |
| 216 |
struct domain_keeper_entry *new_entry, *ptr; |
struct domain_keeper_entry *new_entry, *ptr; |
| 217 |
const struct path_info *saved_domainname, *saved_program = NULL; |
const struct path_info *saved_domainname, *saved_program = NULL; |
| 218 |
static DECLARE_MUTEX(lock); |
static DECLARE_MUTEX(lock); |
| 219 |
int error = -ENOMEM; |
int error = -ENOMEM; |
| 220 |
int is_last_name = 0; |
u8 is_last_name = 0; |
| 221 |
if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) { |
if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) { |
| 222 |
is_last_name = 1; |
is_last_name = 1; |
| 223 |
} else if (!IsCorrectDomain(domainname, __FUNCTION__)) { |
} else if (!IsCorrectDomain(domainname, __FUNCTION__)) { |
| 257 |
return error; |
return error; |
| 258 |
} |
} |
| 259 |
|
|
| 260 |
int AddDomainKeeperPolicy(char *data, const int is_not, const int is_delete) |
int AddDomainKeeperPolicy(char *data, const u8 is_not, const u8 is_delete) |
| 261 |
{ |
{ |
| 262 |
char *cp = strstr(data, " from "); |
char *cp = strstr(data, " from "); |
| 263 |
if (cp) { |
if (cp) { |
| 308 |
|
|
| 309 |
static struct alias_entry *alias_list = NULL; |
static struct alias_entry *alias_list = NULL; |
| 310 |
|
|
| 311 |
static int AddAliasEntry(const char *original_name, const char *aliased_name, const int is_delete) |
static int AddAliasEntry(const char *original_name, const char *aliased_name, const u8 is_delete) |
| 312 |
{ |
{ |
| 313 |
struct alias_entry *new_entry, *ptr; |
struct alias_entry *new_entry, *ptr; |
| 314 |
static DECLARE_MUTEX(lock); |
static DECLARE_MUTEX(lock); |
| 355 |
return ptr ? -ENOMEM : 0; |
return ptr ? -ENOMEM : 0; |
| 356 |
} |
} |
| 357 |
|
|
| 358 |
int AddAliasPolicy(char *data, const int is_delete) |
int AddAliasPolicy(char *data, const u8 is_delete) |
| 359 |
{ |
{ |
| 360 |
char *cp = strchr(data, ' '); |
char *cp = strchr(data, ' '); |
| 361 |
if (!cp) return -EINVAL; |
if (!cp) return -EINVAL; |
| 367 |
|
|
| 368 |
static struct aggregator_entry *aggregator_list = NULL; |
static struct aggregator_entry *aggregator_list = NULL; |
| 369 |
|
|
| 370 |
static int AddAggregatorEntry(const char *original_name, const char *aggregated_name, const int is_delete) |
static int AddAggregatorEntry(const char *original_name, const char *aggregated_name, const u8 is_delete) |
| 371 |
{ |
{ |
| 372 |
struct aggregator_entry *new_entry, *ptr; |
struct aggregator_entry *new_entry, *ptr; |
| 373 |
static DECLARE_MUTEX(lock); |
static DECLARE_MUTEX(lock); |
| 414 |
return ptr ? -ENOMEM : 0; |
return ptr ? -ENOMEM : 0; |
| 415 |
} |
} |
| 416 |
|
|
| 417 |
int AddAggregatorPolicy(char *data, const int is_delete) |
int AddAggregatorPolicy(char *data, const u8 is_delete) |
| 418 |
{ |
{ |
| 419 |
char *cp = strchr(data, ' '); |
char *cp = strchr(data, ' '); |
| 420 |
if (!cp) return -EINVAL; |
if (!cp) return -EINVAL; |
| 635 |
struct file *filp = bprm->file; |
struct file *filp = bprm->file; |
| 636 |
char *new_domain_name = NULL; |
char *new_domain_name = NULL; |
| 637 |
char *real_program_name = NULL, *symlink_program_name = NULL; |
char *real_program_name = NULL, *symlink_program_name = NULL; |
| 638 |
const int is_enforce = CheckCCSEnforce(CCS_TOMOYO_MAC_FOR_FILE); |
const u8 is_enforce = CheckCCSEnforce(CCS_TOMOYO_MAC_FOR_FILE); |
| 639 |
int retval; |
int retval; |
| 640 |
struct path_info r, s, l; |
struct path_info r, s, l; |
| 641 |
|
|
TOMOYO
Parent Directory
Revision Log
Patch