| 5 |
* |
* |
| 6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
| 7 |
* |
* |
| 8 |
* Version: 1.6.5-pre 2008/10/11 |
* Version: 1.6.5-rc 2008/11/07 |
| 9 |
* |
* |
| 10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
| 11 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
| 38 |
#ifdef CONFIG_TOMOYO |
#ifdef CONFIG_TOMOYO |
| 39 |
|
|
| 40 |
/* Domain creation lock. */ |
/* Domain creation lock. */ |
| 41 |
static DEFINE_MUTEX(new_domain_assign_lock); |
static DEFINE_MUTEX(domain_list_lock); |
| 42 |
|
|
| 43 |
/* Structure for "initialize_domain" and "no_initialize_domain" keyword. */ |
/* Structure for "initialize_domain" and "no_initialize_domain" keyword. */ |
| 44 |
struct domain_initializer_entry { |
struct domain_initializer_entry { |
| 88 |
void ccs_set_domain_flag(struct domain_info *domain, const bool is_delete, |
void ccs_set_domain_flag(struct domain_info *domain, const bool is_delete, |
| 89 |
const u8 flags) |
const u8 flags) |
| 90 |
{ |
{ |
| 91 |
mutex_lock(&new_domain_assign_lock); |
/* We need to serialize because this is bitfield operation. */ |
| 92 |
|
static DEFINE_SPINLOCK(lock); |
| 93 |
|
/***** CRITICAL SECTION START *****/ |
| 94 |
|
spin_lock(&lock); |
| 95 |
if (!is_delete) |
if (!is_delete) |
| 96 |
domain->flags |= flags; |
domain->flags |= flags; |
| 97 |
else |
else |
| 98 |
domain->flags &= ~flags; |
domain->flags &= ~flags; |
| 99 |
mutex_unlock(&new_domain_assign_lock); |
spin_unlock(&lock); |
| 100 |
|
/***** CRITICAL SECTION END *****/ |
| 101 |
} |
} |
| 102 |
|
|
| 103 |
/** |
/** |
| 333 |
{ |
{ |
| 334 |
struct domain_initializer_entry *ptr; |
struct domain_initializer_entry *ptr; |
| 335 |
bool flag = false; |
bool flag = false; |
| 336 |
list1_for_each_entry(ptr, &domain_initializer_list, list) { |
list1_for_each_entry(ptr, &domain_initializer_list, list) { |
| 337 |
if (ptr->is_deleted) |
if (ptr->is_deleted) |
| 338 |
continue; |
continue; |
| 339 |
if (ptr->domainname) { |
if (ptr->domainname) { |
| 721 |
struct path_info name; |
struct path_info name; |
| 722 |
name.name = domainname; |
name.name = domainname; |
| 723 |
ccs_fill_path_info(&name); |
ccs_fill_path_info(&name); |
| 724 |
mutex_lock(&new_domain_assign_lock); |
mutex_lock(&domain_list_lock); |
| 725 |
#ifdef DEBUG_DOMAIN_UNDELETE |
#ifdef DEBUG_DOMAIN_UNDELETE |
| 726 |
printk(KERN_DEBUG "ccs_delete_domain %s\n", domainname); |
printk(KERN_DEBUG "ccs_delete_domain %s\n", domainname); |
| 727 |
list1_for_each_entry(domain, &domain_list, list) { |
list1_for_each_entry(domain, &domain_list, list) { |
| 759 |
#endif |
#endif |
| 760 |
break; |
break; |
| 761 |
} |
} |
| 762 |
mutex_unlock(&new_domain_assign_lock); |
mutex_unlock(&domain_list_lock); |
| 763 |
return 0; |
return 0; |
| 764 |
} |
} |
| 765 |
|
|
| 777 |
struct path_info name; |
struct path_info name; |
| 778 |
name.name = domainname; |
name.name = domainname; |
| 779 |
ccs_fill_path_info(&name); |
ccs_fill_path_info(&name); |
| 780 |
mutex_lock(&new_domain_assign_lock); |
mutex_lock(&domain_list_lock); |
| 781 |
#ifdef DEBUG_DOMAIN_UNDELETE |
#ifdef DEBUG_DOMAIN_UNDELETE |
| 782 |
printk(KERN_DEBUG "ccs_undelete_domain %s\n", domainname); |
printk(KERN_DEBUG "ccs_undelete_domain %s\n", domainname); |
| 783 |
list1_for_each_entry(domain, &domain_list, list) { |
list1_for_each_entry(domain, &domain_list, list) { |
| 808 |
printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain); |
printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain); |
| 809 |
#endif |
#endif |
| 810 |
} |
} |
| 811 |
mutex_unlock(&new_domain_assign_lock); |
mutex_unlock(&domain_list_lock); |
| 812 |
return candidate_domain; |
return candidate_domain; |
| 813 |
} |
} |
| 814 |
|
|
| 825 |
{ |
{ |
| 826 |
struct domain_info *domain = NULL; |
struct domain_info *domain = NULL; |
| 827 |
const struct path_info *saved_domainname; |
const struct path_info *saved_domainname; |
| 828 |
mutex_lock(&new_domain_assign_lock); |
mutex_lock(&domain_list_lock); |
| 829 |
domain = ccs_find_domain(domainname); |
domain = ccs_find_domain(domainname); |
| 830 |
if (domain) |
if (domain) |
| 831 |
goto out; |
goto out; |
| 862 |
list1_for_each_entry(ptr, &domain->acl_info_list, list) { |
list1_for_each_entry(ptr, &domain->acl_info_list, list) { |
| 863 |
ptr->type |= ACL_DELETED; |
ptr->type |= ACL_DELETED; |
| 864 |
} |
} |
| 865 |
/* |
ccs_set_domain_flag(domain, true, domain->flags); |
|
* Don't use ccs_set_domain_flag() because |
|
|
* new_domain_assign_lock is held. |
|
|
*/ |
|
|
domain->flags = 0; |
|
| 866 |
domain->profile = profile; |
domain->profile = profile; |
| 867 |
domain->quota_warned = false; |
domain->quota_warned = false; |
| 868 |
mb(); /* Avoid out-of-order execution. */ |
mb(); /* Avoid out-of-order execution. */ |
| 878 |
list1_add_tail_mb(&domain->list, &domain_list); |
list1_add_tail_mb(&domain->list, &domain_list); |
| 879 |
} |
} |
| 880 |
out: |
out: |
| 881 |
mutex_unlock(&new_domain_assign_lock); |
mutex_unlock(&domain_list_lock); |
| 882 |
return domain; |
return domain; |
| 883 |
} |
} |
| 884 |
|
|
| 886 |
* get_argv0 - Get argv[0]. |
* get_argv0 - Get argv[0]. |
| 887 |
* |
* |
| 888 |
* @bprm: Pointer to "struct linux_binprm". |
* @bprm: Pointer to "struct linux_binprm". |
| 889 |
* @tmp: Buffer for temporal use. |
* @tmp: Buffer for temporary use. |
| 890 |
* |
* |
| 891 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
| 892 |
*/ |
*/ |
| 980 |
const char *original_name = bprm->filename; |
const char *original_name = bprm->filename; |
| 981 |
const u8 mode = r->mode; |
const u8 mode = r->mode; |
| 982 |
const bool is_enforce = (mode == 3); |
const bool is_enforce = (mode == 3); |
| 983 |
const u32 tomoyo_flags = r->tomoyo_flags; |
const u32 tomoyo_flags = current->tomoyo_flags; |
| 984 |
char *new_domain_name = NULL; |
char *new_domain_name = NULL; |
| 985 |
char *real_program_name = NULL; |
char *real_program_name = NULL; |
| 986 |
char *symlink_program_name = NULL; |
char *symlink_program_name = NULL; |
| 1006 |
|
|
| 1007 |
retry: |
retry: |
| 1008 |
current->tomoyo_flags = tomoyo_flags; |
current->tomoyo_flags = tomoyo_flags; |
| 1009 |
r->tomoyo_flags = tomoyo_flags; |
r->cond = NULL; |
| 1010 |
/* Get ccs_realpath of program. */ |
/* Get ccs_realpath of program. */ |
| 1011 |
retval = -ENOENT; /* I hope ccs_realpath() won't fail with -ENOMEM. */ |
retval = -ENOENT; /* I hope ccs_realpath() won't fail with -ENOMEM. */ |
| 1012 |
ccs_free(real_program_name); |
ccs_free(real_program_name); |
| 1072 |
base_filename++; |
base_filename++; |
| 1073 |
if (strcmp(base_argv0, base_filename)) { |
if (strcmp(base_argv0, base_filename)) { |
| 1074 |
retval = ccs_check_argv0_perm(r, &rn, base_argv0); |
retval = ccs_check_argv0_perm(r, &rn, base_argv0); |
| 1075 |
if (retval == 1) { |
if (retval == 1) |
|
r->retry++; |
|
| 1076 |
goto retry; |
goto retry; |
|
} |
|
|
r->retry = 0; |
|
|
r->tomoyo_flags = current->tomoyo_flags; |
|
| 1077 |
if (retval < 0) |
if (retval < 0) |
| 1078 |
goto out; |
goto out; |
| 1079 |
} |
} |
| 1098 |
/* Check execute permission. */ |
/* Check execute permission. */ |
| 1099 |
r->mode = mode; |
r->mode = mode; |
| 1100 |
retval = ccs_check_exec_perm(r, &rn); |
retval = ccs_check_exec_perm(r, &rn); |
| 1101 |
if (retval == 1) { |
if (retval == 1) |
|
r->retry++; |
|
| 1102 |
goto retry; |
goto retry; |
|
} |
|
|
r->retry = 0; |
|
|
r->tomoyo_flags = current->tomoyo_flags; |
|
| 1103 |
if (retval < 0) |
if (retval < 0) |
| 1104 |
goto out; |
goto out; |
| 1105 |
|
|
| 1133 |
int error = ccs_check_supervisor(r, |
int error = ccs_check_supervisor(r, |
| 1134 |
"# wants to create domain\n" |
"# wants to create domain\n" |
| 1135 |
"%s\n", new_domain_name); |
"%s\n", new_domain_name); |
| 1136 |
if (error == 1) { |
if (error == 1) |
|
r->retry++; |
|
| 1137 |
goto retry; |
goto retry; |
|
} |
|
|
r->retry = 0; |
|
| 1138 |
if (error < 0) |
if (error < 0) |
| 1139 |
goto done; |
goto done; |
| 1140 |
} |
} |
| 1271 |
unsigned char c; |
unsigned char c; |
| 1272 |
unsigned char d; |
unsigned char d; |
| 1273 |
unsigned char e; |
unsigned char e; |
| 1274 |
while ((c = *src++) != '\0') { |
while (1) { |
| 1275 |
|
c = *src++; |
| 1276 |
|
if (!c) |
| 1277 |
|
break; |
| 1278 |
if (c != '\\') { |
if (c != '\\') { |
| 1279 |
*dest++ = c; |
*dest++ = c; |
| 1280 |
continue; |
continue; |
| 1485 |
"pid=%d uid=%d gid=%d euid=%d egid=%d suid=%d " |
"pid=%d uid=%d gid=%d euid=%d egid=%d suid=%d " |
| 1486 |
"sgid=%d fsuid=%d fsgid=%d state[0]=%u " |
"sgid=%d fsuid=%d fsgid=%d state[0]=%u " |
| 1487 |
"state[1]=%u state[2]=%u", |
"state[1]=%u state[2]=%u", |
| 1488 |
task->pid, task->uid, task->gid, task->euid, |
(pid_t) sys_getpid(), task->uid, task->gid, task->euid, |
| 1489 |
task->egid, task->suid, task->sgid, task->fsuid, |
task->egid, task->suid, task->sgid, task->fsuid, |
| 1490 |
task->fsgid, (u8) (tomoyo_flags >> 24), |
task->fsgid, (u8) (tomoyo_flags >> 24), |
| 1491 |
(u8) (tomoyo_flags >> 16), (u8) (tomoyo_flags >> 8)); |
(u8) (tomoyo_flags >> 16), (u8) (tomoyo_flags >> 8)); |
TOMOYO
Parent Directory
Revision Log
Patch