5 |
* |
* |
6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
7 |
* |
* |
8 |
* Version: 1.6.5-pre 2008/10/11 |
* Version: 1.6.5-rc 2008/11/07 |
9 |
* |
* |
10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
11 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
38 |
#ifdef CONFIG_TOMOYO |
#ifdef CONFIG_TOMOYO |
39 |
|
|
40 |
/* Domain creation lock. */ |
/* Domain creation lock. */ |
41 |
static DEFINE_MUTEX(new_domain_assign_lock); |
static DEFINE_MUTEX(domain_list_lock); |
42 |
|
|
43 |
/* Structure for "initialize_domain" and "no_initialize_domain" keyword. */ |
/* Structure for "initialize_domain" and "no_initialize_domain" keyword. */ |
44 |
struct domain_initializer_entry { |
struct domain_initializer_entry { |
88 |
void ccs_set_domain_flag(struct domain_info *domain, const bool is_delete, |
void ccs_set_domain_flag(struct domain_info *domain, const bool is_delete, |
89 |
const u8 flags) |
const u8 flags) |
90 |
{ |
{ |
91 |
mutex_lock(&new_domain_assign_lock); |
/* We need to serialize because this is bitfield operation. */ |
92 |
|
static DEFINE_SPINLOCK(lock); |
93 |
|
/***** CRITICAL SECTION START *****/ |
94 |
|
spin_lock(&lock); |
95 |
if (!is_delete) |
if (!is_delete) |
96 |
domain->flags |= flags; |
domain->flags |= flags; |
97 |
else |
else |
98 |
domain->flags &= ~flags; |
domain->flags &= ~flags; |
99 |
mutex_unlock(&new_domain_assign_lock); |
spin_unlock(&lock); |
100 |
|
/***** CRITICAL SECTION END *****/ |
101 |
} |
} |
102 |
|
|
103 |
/** |
/** |
333 |
{ |
{ |
334 |
struct domain_initializer_entry *ptr; |
struct domain_initializer_entry *ptr; |
335 |
bool flag = false; |
bool flag = false; |
336 |
list1_for_each_entry(ptr, &domain_initializer_list, list) { |
list1_for_each_entry(ptr, &domain_initializer_list, list) { |
337 |
if (ptr->is_deleted) |
if (ptr->is_deleted) |
338 |
continue; |
continue; |
339 |
if (ptr->domainname) { |
if (ptr->domainname) { |
721 |
struct path_info name; |
struct path_info name; |
722 |
name.name = domainname; |
name.name = domainname; |
723 |
ccs_fill_path_info(&name); |
ccs_fill_path_info(&name); |
724 |
mutex_lock(&new_domain_assign_lock); |
mutex_lock(&domain_list_lock); |
725 |
#ifdef DEBUG_DOMAIN_UNDELETE |
#ifdef DEBUG_DOMAIN_UNDELETE |
726 |
printk(KERN_DEBUG "ccs_delete_domain %s\n", domainname); |
printk(KERN_DEBUG "ccs_delete_domain %s\n", domainname); |
727 |
list1_for_each_entry(domain, &domain_list, list) { |
list1_for_each_entry(domain, &domain_list, list) { |
759 |
#endif |
#endif |
760 |
break; |
break; |
761 |
} |
} |
762 |
mutex_unlock(&new_domain_assign_lock); |
mutex_unlock(&domain_list_lock); |
763 |
return 0; |
return 0; |
764 |
} |
} |
765 |
|
|
777 |
struct path_info name; |
struct path_info name; |
778 |
name.name = domainname; |
name.name = domainname; |
779 |
ccs_fill_path_info(&name); |
ccs_fill_path_info(&name); |
780 |
mutex_lock(&new_domain_assign_lock); |
mutex_lock(&domain_list_lock); |
781 |
#ifdef DEBUG_DOMAIN_UNDELETE |
#ifdef DEBUG_DOMAIN_UNDELETE |
782 |
printk(KERN_DEBUG "ccs_undelete_domain %s\n", domainname); |
printk(KERN_DEBUG "ccs_undelete_domain %s\n", domainname); |
783 |
list1_for_each_entry(domain, &domain_list, list) { |
list1_for_each_entry(domain, &domain_list, list) { |
808 |
printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain); |
printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain); |
809 |
#endif |
#endif |
810 |
} |
} |
811 |
mutex_unlock(&new_domain_assign_lock); |
mutex_unlock(&domain_list_lock); |
812 |
return candidate_domain; |
return candidate_domain; |
813 |
} |
} |
814 |
|
|
825 |
{ |
{ |
826 |
struct domain_info *domain = NULL; |
struct domain_info *domain = NULL; |
827 |
const struct path_info *saved_domainname; |
const struct path_info *saved_domainname; |
828 |
mutex_lock(&new_domain_assign_lock); |
mutex_lock(&domain_list_lock); |
829 |
domain = ccs_find_domain(domainname); |
domain = ccs_find_domain(domainname); |
830 |
if (domain) |
if (domain) |
831 |
goto out; |
goto out; |
862 |
list1_for_each_entry(ptr, &domain->acl_info_list, list) { |
list1_for_each_entry(ptr, &domain->acl_info_list, list) { |
863 |
ptr->type |= ACL_DELETED; |
ptr->type |= ACL_DELETED; |
864 |
} |
} |
865 |
/* |
ccs_set_domain_flag(domain, true, domain->flags); |
|
* Don't use ccs_set_domain_flag() because |
|
|
* new_domain_assign_lock is held. |
|
|
*/ |
|
|
domain->flags = 0; |
|
866 |
domain->profile = profile; |
domain->profile = profile; |
867 |
domain->quota_warned = false; |
domain->quota_warned = false; |
868 |
mb(); /* Avoid out-of-order execution. */ |
mb(); /* Avoid out-of-order execution. */ |
878 |
list1_add_tail_mb(&domain->list, &domain_list); |
list1_add_tail_mb(&domain->list, &domain_list); |
879 |
} |
} |
880 |
out: |
out: |
881 |
mutex_unlock(&new_domain_assign_lock); |
mutex_unlock(&domain_list_lock); |
882 |
return domain; |
return domain; |
883 |
} |
} |
884 |
|
|
886 |
* get_argv0 - Get argv[0]. |
* get_argv0 - Get argv[0]. |
887 |
* |
* |
888 |
* @bprm: Pointer to "struct linux_binprm". |
* @bprm: Pointer to "struct linux_binprm". |
889 |
* @tmp: Buffer for temporal use. |
* @tmp: Buffer for temporary use. |
890 |
* |
* |
891 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
892 |
*/ |
*/ |
980 |
const char *original_name = bprm->filename; |
const char *original_name = bprm->filename; |
981 |
const u8 mode = r->mode; |
const u8 mode = r->mode; |
982 |
const bool is_enforce = (mode == 3); |
const bool is_enforce = (mode == 3); |
983 |
const u32 tomoyo_flags = r->tomoyo_flags; |
const u32 tomoyo_flags = current->tomoyo_flags; |
984 |
char *new_domain_name = NULL; |
char *new_domain_name = NULL; |
985 |
char *real_program_name = NULL; |
char *real_program_name = NULL; |
986 |
char *symlink_program_name = NULL; |
char *symlink_program_name = NULL; |
1006 |
|
|
1007 |
retry: |
retry: |
1008 |
current->tomoyo_flags = tomoyo_flags; |
current->tomoyo_flags = tomoyo_flags; |
1009 |
r->tomoyo_flags = tomoyo_flags; |
r->cond = NULL; |
1010 |
/* Get ccs_realpath of program. */ |
/* Get ccs_realpath of program. */ |
1011 |
retval = -ENOENT; /* I hope ccs_realpath() won't fail with -ENOMEM. */ |
retval = -ENOENT; /* I hope ccs_realpath() won't fail with -ENOMEM. */ |
1012 |
ccs_free(real_program_name); |
ccs_free(real_program_name); |
1072 |
base_filename++; |
base_filename++; |
1073 |
if (strcmp(base_argv0, base_filename)) { |
if (strcmp(base_argv0, base_filename)) { |
1074 |
retval = ccs_check_argv0_perm(r, &rn, base_argv0); |
retval = ccs_check_argv0_perm(r, &rn, base_argv0); |
1075 |
if (retval == 1) { |
if (retval == 1) |
|
r->retry++; |
|
1076 |
goto retry; |
goto retry; |
|
} |
|
|
r->retry = 0; |
|
|
r->tomoyo_flags = current->tomoyo_flags; |
|
1077 |
if (retval < 0) |
if (retval < 0) |
1078 |
goto out; |
goto out; |
1079 |
} |
} |
1098 |
/* Check execute permission. */ |
/* Check execute permission. */ |
1099 |
r->mode = mode; |
r->mode = mode; |
1100 |
retval = ccs_check_exec_perm(r, &rn); |
retval = ccs_check_exec_perm(r, &rn); |
1101 |
if (retval == 1) { |
if (retval == 1) |
|
r->retry++; |
|
1102 |
goto retry; |
goto retry; |
|
} |
|
|
r->retry = 0; |
|
|
r->tomoyo_flags = current->tomoyo_flags; |
|
1103 |
if (retval < 0) |
if (retval < 0) |
1104 |
goto out; |
goto out; |
1105 |
|
|
1133 |
int error = ccs_check_supervisor(r, |
int error = ccs_check_supervisor(r, |
1134 |
"# wants to create domain\n" |
"# wants to create domain\n" |
1135 |
"%s\n", new_domain_name); |
"%s\n", new_domain_name); |
1136 |
if (error == 1) { |
if (error == 1) |
|
r->retry++; |
|
1137 |
goto retry; |
goto retry; |
|
} |
|
|
r->retry = 0; |
|
1138 |
if (error < 0) |
if (error < 0) |
1139 |
goto done; |
goto done; |
1140 |
} |
} |
1271 |
unsigned char c; |
unsigned char c; |
1272 |
unsigned char d; |
unsigned char d; |
1273 |
unsigned char e; |
unsigned char e; |
1274 |
while ((c = *src++) != '\0') { |
while (1) { |
1275 |
|
c = *src++; |
1276 |
|
if (!c) |
1277 |
|
break; |
1278 |
if (c != '\\') { |
if (c != '\\') { |
1279 |
*dest++ = c; |
*dest++ = c; |
1280 |
continue; |
continue; |
1485 |
"pid=%d uid=%d gid=%d euid=%d egid=%d suid=%d " |
"pid=%d uid=%d gid=%d euid=%d egid=%d suid=%d " |
1486 |
"sgid=%d fsuid=%d fsgid=%d state[0]=%u " |
"sgid=%d fsuid=%d fsgid=%d state[0]=%u " |
1487 |
"state[1]=%u state[2]=%u", |
"state[1]=%u state[2]=%u", |
1488 |
task->pid, task->uid, task->gid, task->euid, |
(pid_t) sys_getpid(), task->uid, task->gid, task->euid, |
1489 |
task->egid, task->suid, task->sgid, task->fsuid, |
task->egid, task->suid, task->sgid, task->fsuid, |
1490 |
task->fsgid, (u8) (tomoyo_flags >> 24), |
task->fsgid, (u8) (tomoyo_flags >> 24), |
1491 |
(u8) (tomoyo_flags >> 16), (u8) (tomoyo_flags >> 8)); |
(u8) (tomoyo_flags >> 16), (u8) (tomoyo_flags >> 8)); |