オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c

Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 3731 by kumaneko, Fri Jun 4 01:42:54 2010 UTC revision 3741 by kumaneko, Mon Jun 7 08:23:51 2010 UTC
# Line 1119  static int ccs_try_alt_exec(struct ccs_e Line 1119  static int ccs_try_alt_exec(struct ccs_e
1119   */   */
1120  static bool ccs_find_execute_handler(struct ccs_execve *ee, const u8 type)  static bool ccs_find_execute_handler(struct ccs_execve *ee, const u8 type)
1121  {  {
1122          struct task_struct *task = current;          struct ccs_request_info *r = &ee->r;
1123          const struct ccs_domain_info * const domain = ccs_current_domain();          const struct ccs_domain_info *domain = ccs_current_domain();
1124          struct ccs_acl_info *ptr;          struct ccs_acl_info *ptr;
         bool found = false;  
1125          /*          /*
1126           * Don't use execute handler if the current process is           * Don't use execute handler if the current process is
1127           * marked as execute handler to avoid infinite execute handler loop.           * marked as execute handler to avoid infinite execute handler loop.
1128           */           */
1129          if (task->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER)          if (current->ccs_flags & CCS_TASK_IS_EXECUTE_HANDLER)
1130                  return false;                  return false;
1131     retry:
1132          list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {          list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
1133                  struct ccs_execute_handler *acl;                  struct ccs_execute_handler *acl;
1134                  if (ptr->type != type)                  if (ptr->type != type || !ccs_condition(r, ptr->cond))
1135                          continue;                          continue;
1136                  acl = container_of(ptr, struct ccs_execute_handler, head);                  acl = container_of(ptr, struct ccs_execute_handler, head);
1137                  ee->handler = acl->handler;                  ee->handler = acl->handler;
1138                  ee->handler_type = type;                  ee->handler_type = type;
1139                  found = true;                  r->cond = ptr->cond;
1140                  break;                  return true;
1141          }          }
1142          return found;          if (domain != &ccs_global_domain && !domain->ignore_global) {
1143                    domain = &ccs_global_domain;
1144                    goto retry;
1145            }
1146            return false;
1147  }  }
1148    
1149    #ifdef CONFIG_MMU
1150    #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23)
1151    #define CCS_BPRM_MMU
1152    #elif defined(RHEL_MAJOR) && RHEL_MAJOR == 5 && defined(RHEL_MINOR) && RHEL_MINOR >= 3
1153    #define CCS_BPRM_MMU
1154    #elif defined(AX_MAJOR) && AX_MAJOR == 3 && defined(AX_MINOR) && AX_MINOR >= 2
1155    #define CCS_BPRM_MMU
1156    #endif
1157    #endif
1158    
1159  /**  /**
1160   * ccs_dump_page - Dump a page to buffer.   * ccs_dump_page - Dump a page to buffer.
1161   *   *
# Line 1162  bool ccs_dump_page(struct linux_binprm * Line 1176  bool ccs_dump_page(struct linux_binprm *
1176                          return false;                          return false;
1177          }          }
1178          /* Same with get_arg_page(bprm, pos, 0) in fs/exec.c */          /* Same with get_arg_page(bprm, pos, 0) in fs/exec.c */
1179  #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23) && defined(CONFIG_MMU)  #ifdef CCS_BPRM_MMU
         if (get_user_pages(current, bprm->mm, pos, 1, 0, 1, &page, NULL) <= 0)  
                 return false;  
 #elif defined(RHEL_MAJOR) && RHEL_MAJOR == 5 && defined(RHEL_MINOR) && RHEL_MINOR >= 3 && defined(CONFIG_MMU)  
         if (get_user_pages(current, bprm->mm, pos, 1, 0, 1, &page, NULL) <= 0)  
                 return false;  
 #elif defined(AX_MAJOR) && AX_MAJOR == 3 && defined(AX_MINOR) && AX_MINOR >= 2 && defined(CONFIG_MMU)  
1180          if (get_user_pages(current, bprm->mm, pos, 1, 0, 1, &page, NULL) <= 0)          if (get_user_pages(current, bprm->mm, pos, 1, 0, 1, &page, NULL) <= 0)
1181                  return false;                  return false;
1182  #else  #else
# Line 1188  bool ccs_dump_page(struct linux_binprm * Line 1196  bool ccs_dump_page(struct linux_binprm *
1196                  kunmap_atomic(kaddr, KM_USER0);                  kunmap_atomic(kaddr, KM_USER0);
1197          }          }
1198          /* Same with put_arg_page(page) in fs/exec.c */          /* Same with put_arg_page(page) in fs/exec.c */
1199  #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23) && defined(CONFIG_MMU)  #ifdef CCS_BPRM_MMU
         put_page(page);  
 #elif defined(RHEL_MAJOR) && RHEL_MAJOR == 5 && defined(RHEL_MINOR) && RHEL_MINOR >= 3 && defined(CONFIG_MMU)  
         put_page(page);  
 #elif defined(AX_MAJOR) && AX_MAJOR == 3 && defined(AX_MINOR) && AX_MINOR >= 2 && defined(CONFIG_MMU)  
1200          put_page(page);          put_page(page);
1201  #endif  #endif
1202          return true;          return true;
Legend:
Removed from v.3731  
changed lines
  Added in v.3741
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ