5 |
* |
* |
6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
7 |
* |
* |
8 |
* Version: 1.6.4 2008/09/03 |
* Version: 1.6.5-pre 2008/09/09 |
9 |
* |
* |
10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
11 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
1014 |
struct path_info r; /* real name */ |
struct path_info r; /* real name */ |
1015 |
struct path_info s; /* symlink name */ |
struct path_info s; /* symlink name */ |
1016 |
struct path_info l; /* last name */ |
struct path_info l; /* last name */ |
1017 |
|
const u32 tomoyo_flags = current->tomoyo_flags; |
1018 |
|
|
1019 |
{ |
{ |
1020 |
/* |
/* |
1031 |
} |
} |
1032 |
} |
} |
1033 |
|
|
1034 |
|
retry: |
1035 |
|
current->tomoyo_flags = tomoyo_flags; |
1036 |
/* Get ccs_realpath of program. */ |
/* Get ccs_realpath of program. */ |
1037 |
retval = -ENOENT; /* I hope ccs_realpath() won't fail with -ENOMEM. */ |
retval = -ENOENT; /* I hope ccs_realpath() won't fail with -ENOMEM. */ |
1038 |
|
ccs_free(real_program_name); |
1039 |
real_program_name = ccs_realpath(original_name); |
real_program_name = ccs_realpath(original_name); |
1040 |
if (!real_program_name) |
if (!real_program_name) |
1041 |
goto out; |
goto out; |
1042 |
/* Get ccs_realpath of symbolic link. */ |
/* Get ccs_realpath of symbolic link. */ |
1043 |
|
ccs_free(symlink_program_name); |
1044 |
symlink_program_name = ccs_realpath_nofollow(original_name); |
symlink_program_name = ccs_realpath_nofollow(original_name); |
1045 |
if (!symlink_program_name) |
if (!symlink_program_name) |
1046 |
goto out; |
goto out; |
1097 |
base_filename++; |
base_filename++; |
1098 |
if (strcmp(base_argv0, base_filename)) { |
if (strcmp(base_argv0, base_filename)) { |
1099 |
retval = ccs_check_argv0_perm(&r, base_argv0); |
retval = ccs_check_argv0_perm(&r, base_argv0); |
1100 |
if (retval) |
if (retval == 1) |
1101 |
|
goto retry; |
1102 |
|
if (retval < 0) |
1103 |
goto out; |
goto out; |
1104 |
} |
} |
1105 |
} |
} |
1122 |
|
|
1123 |
/* Check execute permission. */ |
/* Check execute permission. */ |
1124 |
retval = ccs_check_exec_perm(&r, bprm, tmp); |
retval = ccs_check_exec_perm(&r, bprm, tmp); |
1125 |
|
if (retval == 1) |
1126 |
|
goto retry; |
1127 |
if (retval < 0) |
if (retval < 0) |
1128 |
goto out; |
goto out; |
1129 |
|
|
1153 |
domain = ccs_find_domain(new_domain_name); |
domain = ccs_find_domain(new_domain_name); |
1154 |
if (domain) |
if (domain) |
1155 |
goto done; |
goto done; |
1156 |
if (is_enforce && ccs_check_supervisor(NULL, |
if (is_enforce) { |
1157 |
"# wants to create domain\n%s\n", |
int error = ccs_check_supervisor(NULL, |
1158 |
new_domain_name)) |
"# wants to create domain\n" |
1159 |
|
"%s\n", new_domain_name); |
1160 |
|
if (error == 1) |
1161 |
|
goto retry; |
1162 |
|
if (error < 0) |
1163 |
goto done; |
goto done; |
1164 |
|
} |
1165 |
domain = ccs_find_or_assign_new_domain(new_domain_name, |
domain = ccs_find_or_assign_new_domain(new_domain_name, |
1166 |
old_domain->profile); |
old_domain->profile); |
1167 |
if (domain) |
if (domain) |
1173 |
new_domain_name); |
new_domain_name); |
1174 |
if (is_enforce) |
if (is_enforce) |
1175 |
retval = -EPERM; |
retval = -EPERM; |
1176 |
else |
else { |
1177 |
|
retval = 0; |
1178 |
ccs_set_domain_flag(old_domain, false, |
ccs_set_domain_flag(old_domain, false, |
1179 |
DOMAIN_FLAGS_TRANSITION_FAILED); |
DOMAIN_FLAGS_TRANSITION_FAILED); |
1180 |
|
} |
1181 |
} else { |
} else { |
1182 |
retval = 0; |
retval = 0; |
1183 |
} |
} |
1655 |
audit_execute_handler_log(false, handler->name, bprm); |
audit_execute_handler_log(false, handler->name, bprm); |
1656 |
} |
} |
1657 |
ok: |
ok: |
1658 |
if (retval) |
if (retval < 0) |
1659 |
goto out; |
goto out; |
1660 |
task->domain_info = next_domain; |
task->domain_info = next_domain; |
1661 |
retval = check_environ(bprm, tmp); |
retval = check_environ(bprm, tmp); |
1662 |
if (retval) |
if (retval < 0) |
1663 |
goto out; |
goto out; |
1664 |
task->tomoyo_flags |= TOMOYO_CHECK_READ_FOR_OPEN_EXEC; |
task->tomoyo_flags |= TOMOYO_CHECK_READ_FOR_OPEN_EXEC; |
1665 |
retval = search_binary_handler(bprm, regs); |
retval = search_binary_handler(bprm, regs); |