| 201 |
* |
* |
| 202 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
| 203 |
* |
* |
| 204 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 205 |
*/ |
*/ |
| 206 |
bool ccs_read_domain_initializer_policy(struct ccs_io_buffer *head) |
bool ccs_read_domain_initializer_policy(struct ccs_io_buffer *head) |
| 207 |
{ |
{ |
| 208 |
struct list_head *pos; |
struct list_head *pos; |
| 209 |
bool done = true; |
bool done = true; |
| 210 |
|
ccs_check_read_lock(); |
| 211 |
list_for_each_cookie(pos, head->read_var2, |
list_for_each_cookie(pos, head->read_var2, |
| 212 |
&ccs_domain_initializer_list) { |
&ccs_domain_initializer_list) { |
| 213 |
const char *no; |
const char *no; |
| 264 |
* Returns true if executing @program reinitializes domain transition, |
* Returns true if executing @program reinitializes domain transition, |
| 265 |
* false otherwise. |
* false otherwise. |
| 266 |
* |
* |
| 267 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 268 |
*/ |
*/ |
| 269 |
static bool ccs_is_domain_initializer(const struct ccs_path_info *domainname, |
static bool ccs_is_domain_initializer(const struct ccs_path_info *domainname, |
| 270 |
const struct ccs_path_info *program, |
const struct ccs_path_info *program, |
| 272 |
{ |
{ |
| 273 |
struct ccs_domain_initializer_entry *ptr; |
struct ccs_domain_initializer_entry *ptr; |
| 274 |
bool flag = false; |
bool flag = false; |
| 275 |
|
ccs_check_read_lock(); |
| 276 |
list_for_each_entry_rcu(ptr, &ccs_domain_initializer_list, list) { |
list_for_each_entry_rcu(ptr, &ccs_domain_initializer_list, list) { |
| 277 |
if (ptr->is_deleted) |
if (ptr->is_deleted) |
| 278 |
continue; |
continue; |
| 394 |
* |
* |
| 395 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
| 396 |
* |
* |
| 397 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 398 |
*/ |
*/ |
| 399 |
bool ccs_read_domain_keeper_policy(struct ccs_io_buffer *head) |
bool ccs_read_domain_keeper_policy(struct ccs_io_buffer *head) |
| 400 |
{ |
{ |
| 401 |
struct list_head *pos; |
struct list_head *pos; |
| 402 |
bool done = true; |
bool done = true; |
| 403 |
|
ccs_check_read_lock(); |
| 404 |
list_for_each_cookie(pos, head->read_var2, |
list_for_each_cookie(pos, head->read_var2, |
| 405 |
&ccs_domain_keeper_list) { |
&ccs_domain_keeper_list) { |
| 406 |
struct ccs_domain_keeper_entry *ptr; |
struct ccs_domain_keeper_entry *ptr; |
| 434 |
* Returns true if executing @program supresses domain transition, |
* Returns true if executing @program supresses domain transition, |
| 435 |
* false otherwise. |
* false otherwise. |
| 436 |
* |
* |
| 437 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 438 |
*/ |
*/ |
| 439 |
static bool ccs_is_domain_keeper(const struct ccs_path_info *domainname, |
static bool ccs_is_domain_keeper(const struct ccs_path_info *domainname, |
| 440 |
const struct ccs_path_info *program, |
const struct ccs_path_info *program, |
| 442 |
{ |
{ |
| 443 |
struct ccs_domain_keeper_entry *ptr; |
struct ccs_domain_keeper_entry *ptr; |
| 444 |
bool flag = false; |
bool flag = false; |
| 445 |
|
ccs_check_read_lock(); |
| 446 |
list_for_each_entry_rcu(ptr, &ccs_domain_keeper_list, list) { |
list_for_each_entry_rcu(ptr, &ccs_domain_keeper_list, list) { |
| 447 |
if (ptr->is_deleted) |
if (ptr->is_deleted) |
| 448 |
continue; |
continue; |
| 529 |
* |
* |
| 530 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
| 531 |
* |
* |
| 532 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 533 |
*/ |
*/ |
| 534 |
bool ccs_read_aggregator_policy(struct ccs_io_buffer *head) |
bool ccs_read_aggregator_policy(struct ccs_io_buffer *head) |
| 535 |
{ |
{ |
| 536 |
struct list_head *pos; |
struct list_head *pos; |
| 537 |
bool done = true; |
bool done = true; |
| 538 |
|
ccs_check_read_lock(); |
| 539 |
list_for_each_cookie(pos, head->read_var2, &ccs_aggregator_list) { |
list_for_each_cookie(pos, head->read_var2, &ccs_aggregator_list) { |
| 540 |
struct ccs_aggregator_entry *ptr; |
struct ccs_aggregator_entry *ptr; |
| 541 |
ptr = list_entry(pos, struct ccs_aggregator_entry, list); |
ptr = list_entry(pos, struct ccs_aggregator_entry, list); |
| 705 |
* |
* |
| 706 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
| 707 |
* |
* |
| 708 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 709 |
*/ |
*/ |
| 710 |
static int ccs_find_next_domain(struct ccs_execve_entry *ee) |
static int ccs_find_next_domain(struct ccs_execve_entry *ee) |
| 711 |
{ |
{ |
| 721 |
struct ccs_path_info rn; /* real name */ |
struct ccs_path_info rn; /* real name */ |
| 722 |
struct ccs_path_info ln; /* last name */ |
struct ccs_path_info ln; /* last name */ |
| 723 |
int retval; |
int retval; |
| 724 |
|
ccs_check_read_lock(); |
| 725 |
retry: |
retry: |
| 726 |
current->ccs_flags = ccs_flags; |
current->ccs_flags = ccs_flags; |
| 727 |
r->cond = NULL; |
r->cond = NULL; |
| 1053 |
kfree(ee); |
kfree(ee); |
| 1054 |
return NULL; |
return NULL; |
| 1055 |
} |
} |
| 1056 |
ee->srcu_idx = srcu_read_lock(&ccs_ss); |
ee->reader_idx = ccs_read_lock(); |
| 1057 |
/* ee->dump->data is allocated by ccs_dump_page(). */ |
/* ee->dump->data is allocated by ccs_dump_page(). */ |
| 1058 |
ee->task = current; |
ee->task = current; |
| 1059 |
/***** CRITICAL SECTION START *****/ |
/***** CRITICAL SECTION START *****/ |
| 1104 |
kfree(ee->program_path); |
kfree(ee->program_path); |
| 1105 |
kfree(ee->tmp); |
kfree(ee->tmp); |
| 1106 |
kfree(ee->dump.data); |
kfree(ee->dump.data); |
| 1107 |
srcu_read_unlock(&ccs_ss, ee->srcu_idx); |
ccs_read_unlock(ee->reader_idx); |
| 1108 |
kfree(ee); |
kfree(ee); |
| 1109 |
} |
} |
| 1110 |
|
|
| 1328 |
* |
* |
| 1329 |
* Returns true if found, false otherwise. |
* Returns true if found, false otherwise. |
| 1330 |
* |
* |
| 1331 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 1332 |
*/ |
*/ |
| 1333 |
static bool ccs_find_execute_handler(struct ccs_execve_entry *ee, |
static bool ccs_find_execute_handler(struct ccs_execve_entry *ee, |
| 1334 |
const u8 type) |
const u8 type) |
| 1337 |
const struct ccs_domain_info *domain = ccs_current_domain(); |
const struct ccs_domain_info *domain = ccs_current_domain(); |
| 1338 |
struct ccs_acl_info *ptr; |
struct ccs_acl_info *ptr; |
| 1339 |
bool found = false; |
bool found = false; |
| 1340 |
|
ccs_check_read_lock(); |
| 1341 |
/* |
/* |
| 1342 |
* Don't use execute handler if the current process is |
* Don't use execute handler if the current process is |
| 1343 |
* marked as execute handler to avoid infinite execute handler loop. |
* marked as execute handler to avoid infinite execute handler loop. |
| 1482 |
* |
* |
| 1483 |
* @retval: Return code of an execve() operation. |
* @retval: Return code of an execve() operation. |
| 1484 |
* |
* |
| 1485 |
* Caller holds srcu_read_lock(&ccs_ss). |
* Caller holds ccs_read_lock(). |
| 1486 |
*/ |
*/ |
| 1487 |
void ccs_finish_execve(int retval) |
void ccs_finish_execve(int retval) |
| 1488 |
{ |
{ |
| 1489 |
struct task_struct *task = current; |
struct task_struct *task = current; |
| 1490 |
struct ccs_execve_entry *ee = ccs_find_execve_entry(); |
struct ccs_execve_entry *ee = ccs_find_execve_entry(); |
| 1491 |
|
ccs_check_read_lock(); |
| 1492 |
task->ccs_flags &= ~CCS_CHECK_READ_FOR_OPEN_EXEC; |
task->ccs_flags &= ~CCS_CHECK_READ_FOR_OPEN_EXEC; |
| 1493 |
if (!ee) |
if (!ee) |
| 1494 |
return; |
return; |
TOMOYO
Parent Directory
Revision Log
Patch