Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c




Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c



 Parent Directory

|  Revision Log



|  Patch














revision 1507 by kumaneko,
Tue Sep  2 06:45:13 2008 UTC




revision 1561 by kumaneko,
Tue Sep  9 04:29:07 2008 UTC






#

Line 5 



Line 5 













5
  *
  *

















6
  * Copyright (C) 2005-2008  NTT DATA CORPORATION
  * Copyright (C) 2005-2008  NTT DATA CORPORATION

















7
  *
  *















8


  * Version: 1.6.4   2008/09/03


  * Version: 1.6.5-pre   2008/09/09















9
  *
  *

















10
  * This file is applicable to both 2.4.30 and 2.6.11 and later.
  * This file is applicable to both 2.4.30 and 2.6.11 and later.

















11
  * See README.ccs for ChangeLog.
  * See README.ccs for ChangeLog.











#

Line 1014 
 static int find_next_domain(struct linux


Line 1014 
 static int find_next_domain(struct linux












1014
         struct path_info r; /* real name */
         struct path_info r; /* real name */

















1015
         struct path_info s; /* symlink name */
         struct path_info s; /* symlink name */

















1016
         struct path_info l; /* last name */
         struct path_info l; /* last name */












1017
 
         const u32 tomoyo_flags = current->tomoyo_flags;












1018
 
 

















1019
         {
         {

















1020
                 /*
                 /*











#

Line 1030 
 static int find_next_domain(struct linux


Line 1031 
 static int find_next_domain(struct linux












1031
                 }
                 }

















1032
         }
         }

















1033
 
 












1034
 
  retry:







1035
 
         current->tomoyo_flags = tomoyo_flags;












1036
         /* Get ccs_realpath of program. */
         /* Get ccs_realpath of program. */

















1037
         retval = -ENOENT; /* I hope ccs_realpath() won't fail with -ENOMEM. */
         retval = -ENOENT; /* I hope ccs_realpath() won't fail with -ENOMEM. */












1038
 
         ccs_free(real_program_name);












1039
         real_program_name = ccs_realpath(original_name);
         real_program_name = ccs_realpath(original_name);

















1040
         if (!real_program_name)
         if (!real_program_name)

















1041
                 goto out;
                 goto out;

















1042
         /* Get ccs_realpath of symbolic link. */
         /* Get ccs_realpath of symbolic link. */












1043
 
         ccs_free(symlink_program_name);












1044
         symlink_program_name = ccs_realpath_nofollow(original_name);
         symlink_program_name = ccs_realpath_nofollow(original_name);

















1045
         if (!symlink_program_name)
         if (!symlink_program_name)

















1046
                 goto out;
                 goto out;











#

Line 1092 
 static int find_next_domain(struct linux


Line 1097 
 static int find_next_domain(struct linux












1097
                         base_filename++;
                         base_filename++;

















1098
                 if (strcmp(base_argv0, base_filename)) {
                 if (strcmp(base_argv0, base_filename)) {

















1099
                         retval = ccs_check_argv0_perm(&r, base_argv0);
                         retval = ccs_check_argv0_perm(&r, base_argv0);















1100


                         if (retval)


                         if (retval == 1)













1101


 


                                 goto retry;













1102


 


                         if (retval < 0)















1103
                                 goto out;
                                 goto out;

















1104
                 }
                 }

















1105
         }
         }











#

Line 1115 
 static int find_next_domain(struct linux


Line 1122 
 static int find_next_domain(struct linux












1122
 
 

















1123
         /* Check execute permission. */
         /* Check execute permission. */

















1124
         retval = ccs_check_exec_perm(&r, bprm, tmp);
         retval = ccs_check_exec_perm(&r, bprm, tmp);












1125
 
         if (retval == 1)







1126
 
                 goto retry;












1127
         if (retval < 0)
         if (retval < 0)

















1128
                 goto out;
                 goto out;

















1129
 
 











#

Line 1144 
 static int find_next_domain(struct linux


Line 1153 
 static int find_next_domain(struct linux












1153
         domain = ccs_find_domain(new_domain_name);
         domain = ccs_find_domain(new_domain_name);

















1154
         if (domain)
         if (domain)

















1155
                 goto done;
                 goto done;















1156


         if (is_enforce && ccs_check_supervisor(NULL,


         if (is_enforce) {













1157


                                                "# wants to create domain\n%s\n",


                 int error = ccs_check_supervisor(NULL,













1158


                                                new_domain_name))


                                                  "# wants to create domain\n"













1159


 


                                                  "%s\n", new_domain_name);













1160


 


                 if (error == 1)













1161


 


                         goto retry;













1162


 


                 if (error < 0)















1163
                         goto done;
                         goto done;












1164
 
         }












1165
         domain = ccs_find_or_assign_new_domain(new_domain_name,
         domain = ccs_find_or_assign_new_domain(new_domain_name,

















1166
                                                old_domain->profile);
                                                old_domain->profile);

















1167
         if (domain)
         if (domain)











#

Line 1159 
 static int find_next_domain(struct linux


Line 1173 
 static int find_next_domain(struct linux












1173
                        new_domain_name);
                        new_domain_name);

















1174
                 if (is_enforce)
                 if (is_enforce)

















1175
                         retval = -EPERM;
                         retval = -EPERM;















1176


                 else


                 else {













1177


 


                         retval = 0;















1178
                         ccs_set_domain_flag(old_domain, false,
                         ccs_set_domain_flag(old_domain, false,

















1179
                                             DOMAIN_FLAGS_TRANSITION_FAILED);
                                             DOMAIN_FLAGS_TRANSITION_FAILED);












1180
 
                 }












1181
         } else {
         } else {

















1182
                 retval = 0;
                 retval = 0;

















1183
         }
         }











#

Line 1639 
 int search_binary_handler_with_transitio


Line 1655 
 int search_binary_handler_with_transitio












1655
                         audit_execute_handler_log(false, handler->name, bprm);
                         audit_execute_handler_log(false, handler->name, bprm);

















1656
         }
         }

















1657
  ok:
  ok:















1658


         if (retval)


         if (retval < 0)















1659
                 goto out;
                 goto out;

















1660
         task->domain_info = next_domain;
         task->domain_info = next_domain;

















1661
         retval = check_environ(bprm, tmp);
         retval = check_environ(bprm, tmp);















1662


         if (retval)


         if (retval < 0)















1663
                 goto out;
                 goto out;

















1664
         task->tomoyo_flags |= TOMOYO_CHECK_READ_FOR_OPEN_EXEC;
         task->tomoyo_flags |= TOMOYO_CHECK_READ_FOR_OPEN_EXEC;

















1665
         retval = search_binary_handler(bprm, regs);
         retval = search_binary_handler(bprm, regs);





























Legend:



Removed from v.1507
 


changed lines


 
Added in v.1561













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c
-revision 1507 by kumaneko,
Tue Sep  2 06:45:13 2008 UTC
+revision 1561 by kumaneko,
Tue Sep  9 04:29:07 2008 UTC
 Line 5
   *
   * Copyright (C) 2005-2008  NTT DATA CORPORATION
   *
-  * Version: 1.6.4   2008/09/03
+  * Version: 1.6.5-pre   2008/09/09
   *
   * This file is applicable to both 2.4.30 and 2.6.11 and later.
   * See README.ccs for ChangeLog.
 Line 1014 
 static int find_next_domain(struct linux
          struct path_info r; /* real name */
          struct path_info s; /* symlink name */
          struct path_info l; /* last name */
+         const u32 tomoyo_flags = current->tomoyo_flags;
          {
                  /*
-Line 1030 
 static int find_next_domain(struct linux
+Line 1031 
 static int find_next_domain(struct linux
                  }
          }
+  retry:
+         current->tomoyo_flags = tomoyo_flags;
          /* Get ccs_realpath of program. */
          retval = -ENOENT; /* I hope ccs_realpath() won't fail with -ENOMEM. */
+         ccs_free(real_program_name);
          real_program_name = ccs_realpath(original_name);
          if (!real_program_name)
                  goto out;
          /* Get ccs_realpath of symbolic link. */
+         ccs_free(symlink_program_name);
          symlink_program_name = ccs_realpath_nofollow(original_name);
          if (!symlink_program_name)
                  goto out;
-Line 1092 
 static int find_next_domain(struct linux
+Line 1097 
 static int find_next_domain(struct linux
                          base_filename++;
                  if (strcmp(base_argv0, base_filename)) {
                          retval = ccs_check_argv0_perm(&r, base_argv0);
-                         if (retval)
+                         if (retval == 1)
+                                 goto retry;
+                         if (retval < 0)
                                  goto out;
                  }
          }
-Line 1115 
 static int find_next_domain(struct linux
+Line 1122 
 static int find_next_domain(struct linux
          /* Check execute permission. */
          retval = ccs_check_exec_perm(&r, bprm, tmp);
+         if (retval == 1)
+                 goto retry;
          if (retval < 0)
                  goto out;
-Line 1144 
 static int find_next_domain(struct linux
+Line 1153 
 static int find_next_domain(struct linux
          domain = ccs_find_domain(new_domain_name);
          if (domain)
                  goto done;
-         if (is_enforce && ccs_check_supervisor(NULL,
+         if (is_enforce) {
-                                                "# wants to create domain\n%s\n",
+                 int error = ccs_check_supervisor(NULL,
-                                                new_domain_name))
+                                                  "# wants to create domain\n"
+                                                  "%s\n", new_domain_name);
+                 if (error == 1)
+                         goto retry;
+                 if (error < 0)
                          goto done;
+         }
          domain = ccs_find_or_assign_new_domain(new_domain_name,
                                                 old_domain->profile);
          if (domain)
-Line 1159 
 static int find_next_domain(struct linux
+Line 1173 
 static int find_next_domain(struct linux
                         new_domain_name);
                  if (is_enforce)
                          retval = -EPERM;
-                 else
+                 else {
+                         retval = 0;
                          ccs_set_domain_flag(old_domain, false,
                                              DOMAIN_FLAGS_TRANSITION_FAILED);
+                 }
          } else {
                  retval = 0;
          }
-Line 1639 
 int search_binary_handler_with_transitio
+Line 1655 
 int search_binary_handler_with_transitio
                          audit_execute_handler_log(false, handler->name, bprm);
          }
   ok:
-         if (retval)
+         if (retval < 0)
                  goto out;
          task->domain_info = next_domain;
          retval = check_environ(bprm, tmp);
-         if (retval)
+         if (retval < 0)
                  goto out;
          task->tomoyo_flags |= TOMOYO_CHECK_READ_FOR_OPEN_EXEC;
          retval = search_binary_handler(bprm, regs);
 Legend:



Removed from v.1507
 


changed lines


 
Added in v.1561
 Legend:



Removed from v.1507
 


changed lines


 
Added in v.1561
-Removed from v.1507
+Added in v.1561
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照