Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c




Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c



 Parent Directory

|  Revision Log



|  Patch














revision 3441 by kumaneko,
Sun Feb 14 04:31:38 2010 UTC




revision 3484 by kumaneko,
Tue Mar  2 01:22:31 2010 UTC






#

Line 3 



Line 3 













3
  *
  *

















4
  * Copyright (C) 2005-2010  NTT DATA CORPORATION
  * Copyright (C) 2005-2010  NTT DATA CORPORATION

















5
  *
  *















6


  * Version: 1.7.1+   2010/02/14


  * Version: 1.7.2-pre   2010/03/02















7
  *
  *

















8
  * This file is applicable to both 2.4.30 and 2.6.11 and later.
  * This file is applicable to both 2.4.30 and 2.6.11 and later.

















9
  * See README.ccs for ChangeLog.
  * See README.ccs for ChangeLog.











#

Line 1272 
 void ccs_finish_execve(int retval, struc


Line 1272 
 void ccs_finish_execve(int retval, struc












1272
         kfree(ee->dump.data);
         kfree(ee->dump.data);

















1273
         kfree(ee);
         kfree(ee);

















1274
 }
 }












1275
 
 







1276
 
 /**







1277
 
  * ccs_may_transit - Check permission and do domain transition without execve().







1278
 
  *







1279
 
  * @domainname: Domainname to transit to.







1280
 
  * @pathname: Pathname to check.







1281
 
  *







1282
 
  * Returns 0 on success, negative value otherwise.







1283
 
  *







1284
 
  * Caller holds ccs_read_lock().







1285
 
  */







1286
 
 int ccs_may_transit(const char *domainname, const char *pathname) {







1287
 
         struct ccs_path_info name;







1288
 
         struct ccs_request_info r;







1289
 
         struct ccs_domain_info *domain;







1290
 
         int error;







1291
 
         name.name = pathname;







1292
 
         ccs_fill_path_info(&name);







1293
 
         /* Check allow_transit permission. */







1294
 
         ccs_init_request_info(&r, NULL, CCS_MAC_FILE_TRANSIT);







1295
 
         error = ccs_path_permission(&r, CCS_TYPE_TRANSIT, &name);







1296
 
         if (error)







1297
 
                 return error;







1298
 
         /* Check destination domain. */







1299
 
         domain = ccs_find_domain(domainname);







1300
 
         if (!domain && r.mode != CCS_CONFIG_ENFORCING &&







1301
 
             strlen(domainname) < CCS_EXEC_TMPSIZE - 10) {







1302
 
                 domain = ccs_find_or_assign_new_domain(domainname, r.profile);







1303
 
                 if (domain)







1304
 
                         ccs_audit_domain_creation_log(domain);







1305
 
         }







1306
 
         if (domain) {







1307
 
                 error = 0;







1308
 
                 current->ccs_domain_info = domain;







1309
 
         } else {







1310
 
                 error = -ENOENT;







1311
 
         }







1312
 
         return error;







1313
 
 }
























Legend:



Removed from v.3441
 


changed lines


 
Added in v.3484













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c
-revision 3441 by kumaneko,
Sun Feb 14 04:31:38 2010 UTC
+revision 3484 by kumaneko,
Tue Mar  2 01:22:31 2010 UTC
 Line 3
   *
   * Copyright (C) 2005-2010  NTT DATA CORPORATION
   *
-  * Version: 1.7.1+   2010/02/14
+  * Version: 1.7.2-pre   2010/03/02
   *
   * This file is applicable to both 2.4.30 and 2.6.11 and later.
   * See README.ccs for ChangeLog.
 Line 1272 
 void ccs_finish_execve(int retval, struc
          kfree(ee->dump.data);
          kfree(ee);
  }
+ /**
+  * ccs_may_transit - Check permission and do domain transition without execve().
+  *
+  * @domainname: Domainname to transit to.
+  * @pathname: Pathname to check.
+  *
+  * Returns 0 on success, negative value otherwise.
+  *
+  * Caller holds ccs_read_lock().
+  */
+ int ccs_may_transit(const char *domainname, const char *pathname) {
+         struct ccs_path_info name;
+         struct ccs_request_info r;
+         struct ccs_domain_info *domain;
+         int error;
+         name.name = pathname;
+         ccs_fill_path_info(&name);
+         /* Check allow_transit permission. */
+         ccs_init_request_info(&r, NULL, CCS_MAC_FILE_TRANSIT);
+         error = ccs_path_permission(&r, CCS_TYPE_TRANSIT, &name);
+         if (error)
+                 return error;
+         /* Check destination domain. */
+         domain = ccs_find_domain(domainname);
+         if (!domain && r.mode != CCS_CONFIG_ENFORCING &&
+             strlen(domainname) < CCS_EXEC_TMPSIZE - 10) {
+                 domain = ccs_find_or_assign_new_domain(domainname, r.profile);
+                 if (domain)
+                         ccs_audit_domain_creation_log(domain);
+         }
+         if (domain) {
+                 error = 0;
+                 current->ccs_domain_info = domain;
+         } else {
+                 error = -ENOENT;
+         }
+         return error;
+ }
 Legend:



Removed from v.3441
 


changed lines


 
Added in v.3484
 Legend:



Removed from v.3441
 


changed lines


 
Added in v.3484
-Removed from v.3441
+Added in v.3484
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照