3 |
* |
* |
4 |
* Copyright (C) 2005-2010 NTT DATA CORPORATION |
* Copyright (C) 2005-2010 NTT DATA CORPORATION |
5 |
* |
* |
6 |
* Version: 1.7.1+ 2010/02/14 |
* Version: 1.7.2-pre 2010/03/02 |
7 |
* |
* |
8 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
9 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
1272 |
kfree(ee->dump.data); |
kfree(ee->dump.data); |
1273 |
kfree(ee); |
kfree(ee); |
1274 |
} |
} |
1275 |
|
|
1276 |
|
/** |
1277 |
|
* ccs_may_transit - Check permission and do domain transition without execve(). |
1278 |
|
* |
1279 |
|
* @domainname: Domainname to transit to. |
1280 |
|
* @pathname: Pathname to check. |
1281 |
|
* |
1282 |
|
* Returns 0 on success, negative value otherwise. |
1283 |
|
* |
1284 |
|
* Caller holds ccs_read_lock(). |
1285 |
|
*/ |
1286 |
|
int ccs_may_transit(const char *domainname, const char *pathname) { |
1287 |
|
struct ccs_path_info name; |
1288 |
|
struct ccs_request_info r; |
1289 |
|
struct ccs_domain_info *domain; |
1290 |
|
int error; |
1291 |
|
name.name = pathname; |
1292 |
|
ccs_fill_path_info(&name); |
1293 |
|
/* Check allow_transit permission. */ |
1294 |
|
ccs_init_request_info(&r, NULL, CCS_MAC_FILE_TRANSIT); |
1295 |
|
error = ccs_path_permission(&r, CCS_TYPE_TRANSIT, &name); |
1296 |
|
if (error) |
1297 |
|
return error; |
1298 |
|
/* Check destination domain. */ |
1299 |
|
domain = ccs_find_domain(domainname); |
1300 |
|
if (!domain && r.mode != CCS_CONFIG_ENFORCING && |
1301 |
|
strlen(domainname) < CCS_EXEC_TMPSIZE - 10) { |
1302 |
|
domain = ccs_find_or_assign_new_domain(domainname, r.profile); |
1303 |
|
if (domain) |
1304 |
|
ccs_audit_domain_creation_log(domain); |
1305 |
|
} |
1306 |
|
if (domain) { |
1307 |
|
error = 0; |
1308 |
|
current->ccs_domain_info = domain; |
1309 |
|
} else { |
1310 |
|
error = -ENOENT; |
1311 |
|
} |
1312 |
|
return error; |
1313 |
|
} |