Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c




Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c



 Parent Directory

|  Revision Log



|  Patch














revision 621 by kumaneko,
Sat Oct 27 08:11:13 2007 UTC




revision 652 by kumaneko,
Mon Nov  5 07:48:31 2007 UTC






#

Line 34 
 extern int sbin_init_started;


Line 34 
 extern int sbin_init_started;












34
 #ifdef CONFIG_TOMOYO
 #ifdef CONFIG_TOMOYO

















35
 
 

















36
 /* Lock for appending domain's ACL. */
 /* Lock for appending domain's ACL. */















37


 DECLARE_MUTEX(domain_acl_lock);


 DEFINE_MUTEX(domain_acl_lock);















38
 
 

















39
 /*************************  UTILITY FUNCTIONS  *************************/
 /*************************  UTILITY FUNCTIONS  *************************/

















40
 
 











#

Line 81 
 struct alias_entry {


Line 81 
 struct alias_entry {












81
 /*************************  VARIABLES  *************************/
 /*************************  VARIABLES  *************************/

















82
 
 

















83
 /* Domain creation lock. */
 /* Domain creation lock. */















84


 static DECLARE_MUTEX(new_domain_assign_lock);


 static DEFINE_MUTEX(new_domain_assign_lock);















85
 
 

















86
 /*************************  UTILITY FUNCTIONS  *************************/
 /*************************  UTILITY FUNCTIONS  *************************/

















87
 
 











#

Line 115 
 static struct domain_initializer_entry *


Line 115 
 static struct domain_initializer_entry *












115
 static int AddDomainInitializerEntry(const char *domainname, const char *program, const bool is_not, const bool is_delete)
 static int AddDomainInitializerEntry(const char *domainname, const char *program, const bool is_not, const bool is_delete)

















116
 {
 {

















117
         struct domain_initializer_entry *new_entry, *ptr;
         struct domain_initializer_entry *new_entry, *ptr;















118


         static DECLARE_MUTEX(lock);


         static DEFINE_MUTEX(lock);















119
         const struct path_info *saved_program, *saved_domainname = NULL;
         const struct path_info *saved_program, *saved_domainname = NULL;

















120
         int error = -ENOMEM;
         int error = -ENOMEM;

















121
         bool is_last_name = 0;
         bool is_last_name = 0;











#

Line 129 
 static int AddDomainInitializerEntry(con


Line 129 
 static int AddDomainInitializerEntry(con












129
                 if ((saved_domainname = SaveName(domainname)) == NULL) return -ENOMEM;
                 if ((saved_domainname = SaveName(domainname)) == NULL) return -ENOMEM;

















130
         }
         }

















131
         if ((saved_program = SaveName(program)) == NULL) return -ENOMEM;
         if ((saved_program = SaveName(program)) == NULL) return -ENOMEM;















132


         down(&lock);


         mutex_lock(&lock);















133
         for (ptr = domain_initializer_list; ptr; ptr = ptr->next) {
         for (ptr = domain_initializer_list; ptr; ptr = ptr->next) {

















134
                 if (ptr->is_not == is_not && ptr->domainname == saved_domainname && ptr->program == saved_program) {
                 if (ptr->is_not == is_not && ptr->domainname == saved_domainname && ptr->program == saved_program) {

















135
                         ptr->is_deleted = is_delete;
                         ptr->is_deleted = is_delete;











#

Line 154 
 static int AddDomainInitializerEntry(con


Line 154 
 static int AddDomainInitializerEntry(con












154
         }
         }

















155
         error = 0;
         error = 0;

















156
  out:
  out:















157


         up(&lock);


         mutex_unlock(&lock);















158
         return error;
         return error;

















159
 }
 }

















160
 
 











#

Line 215 
 static int AddDomainKeeperEntry(const ch


Line 215 
 static int AddDomainKeeperEntry(const ch












215
 {
 {

















216
         struct domain_keeper_entry *new_entry, *ptr;
         struct domain_keeper_entry *new_entry, *ptr;

















217
         const struct path_info *saved_domainname, *saved_program = NULL;
         const struct path_info *saved_domainname, *saved_program = NULL;















218


         static DECLARE_MUTEX(lock);


         static DEFINE_MUTEX(lock);















219
         int error = -ENOMEM;
         int error = -ENOMEM;

















220
         bool is_last_name = 0;
         bool is_last_name = 0;

















221
         if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) {
         if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) {











#

Line 228 
 static int AddDomainKeeperEntry(const ch


Line 228 
 static int AddDomainKeeperEntry(const ch












228
                 if ((saved_program = SaveName(program)) == NULL) return -ENOMEM;
                 if ((saved_program = SaveName(program)) == NULL) return -ENOMEM;

















229
         }
         }

















230
         if ((saved_domainname = SaveName(domainname)) == NULL) return -ENOMEM;
         if ((saved_domainname = SaveName(domainname)) == NULL) return -ENOMEM;















231


         down(&lock);


         mutex_lock(&lock);















232
         for (ptr = domain_keeper_list; ptr; ptr = ptr->next) {
         for (ptr = domain_keeper_list; ptr; ptr = ptr->next) {

















233
                 if (ptr->is_not == is_not && ptr->domainname == saved_domainname && ptr->program == saved_program) {
                 if (ptr->is_not == is_not && ptr->domainname == saved_domainname && ptr->program == saved_program) {

















234
                         ptr->is_deleted = is_delete;
                         ptr->is_deleted = is_delete;











#

Line 253 
 static int AddDomainKeeperEntry(const ch


Line 253 
 static int AddDomainKeeperEntry(const ch












253
         }
         }

















254
         error = 0;
         error = 0;

















255
  out:
  out:















256


         up(&lock);


         mutex_unlock(&lock);















257
         return error;
         return error;

















258
 }
 }

















259
 
 











#

Line 311 
 static struct alias_entry *alias_list =


Line 311 
 static struct alias_entry *alias_list =












311
 static int AddAliasEntry(const char *original_name, const char *aliased_name, const bool is_delete)
 static int AddAliasEntry(const char *original_name, const char *aliased_name, const bool is_delete)

















312
 {
 {

















313
         struct alias_entry *new_entry, *ptr;
         struct alias_entry *new_entry, *ptr;















314


         static DECLARE_MUTEX(lock);


         static DEFINE_MUTEX(lock);















315
         const struct path_info *saved_original_name, *saved_aliased_name;
         const struct path_info *saved_original_name, *saved_aliased_name;

















316
         int error = -ENOMEM;
         int error = -ENOMEM;

















317
         if (!IsCorrectPath(original_name, 1, -1, -1, __FUNCTION__) || !IsCorrectPath(aliased_name, 1, -1, -1, __FUNCTION__)) return -EINVAL; /* No patterns allowed. */
         if (!IsCorrectPath(original_name, 1, -1, -1, __FUNCTION__) || !IsCorrectPath(aliased_name, 1, -1, -1, __FUNCTION__)) return -EINVAL; /* No patterns allowed. */

















318
         if ((saved_original_name = SaveName(original_name)) == NULL || (saved_aliased_name = SaveName(aliased_name)) == NULL) return -ENOMEM;
         if ((saved_original_name = SaveName(original_name)) == NULL || (saved_aliased_name = SaveName(aliased_name)) == NULL) return -ENOMEM;















319


         down(&lock);


         mutex_lock(&lock);















320
         for (ptr = alias_list; ptr; ptr = ptr->next) {
         for (ptr = alias_list; ptr; ptr = ptr->next) {

















321
                 if (ptr->original_name == saved_original_name && ptr->aliased_name == saved_aliased_name) {
                 if (ptr->original_name == saved_original_name && ptr->aliased_name == saved_aliased_name) {

















322
                         ptr->is_deleted = is_delete;
                         ptr->is_deleted = is_delete;











#

Line 339 
 static int AddAliasEntry(const char *ori


Line 339 
 static int AddAliasEntry(const char *ori












339
         }
         }

















340
         error = 0;
         error = 0;

















341
  out:
  out:















342


         up(&lock);


         mutex_unlock(&lock);















343
         return error;
         return error;

















344
 }
 }

















345
 
 











#

Line 370 
 static struct aggregator_entry *aggregat


Line 370 
 static struct aggregator_entry *aggregat












370
 static int AddAggregatorEntry(const char *original_name, const char *aggregated_name, const bool is_delete)
 static int AddAggregatorEntry(const char *original_name, const char *aggregated_name, const bool is_delete)

















371
 {
 {

















372
         struct aggregator_entry *new_entry, *ptr;
         struct aggregator_entry *new_entry, *ptr;















373


         static DECLARE_MUTEX(lock);


         static DEFINE_MUTEX(lock);















374
         const struct path_info *saved_original_name, *saved_aggregated_name;
         const struct path_info *saved_original_name, *saved_aggregated_name;

















375
         int error = -ENOMEM;
         int error = -ENOMEM;

















376
         if (!IsCorrectPath(original_name, 1, 0, -1, __FUNCTION__) || !IsCorrectPath(aggregated_name, 1, -1, -1, __FUNCTION__)) return -EINVAL;
         if (!IsCorrectPath(original_name, 1, 0, -1, __FUNCTION__) || !IsCorrectPath(aggregated_name, 1, -1, -1, __FUNCTION__)) return -EINVAL;

















377
         if ((saved_original_name = SaveName(original_name)) == NULL || (saved_aggregated_name = SaveName(aggregated_name)) == NULL) return -ENOMEM;
         if ((saved_original_name = SaveName(original_name)) == NULL || (saved_aggregated_name = SaveName(aggregated_name)) == NULL) return -ENOMEM;















378


         down(&lock);


         mutex_lock(&lock);















379
         for (ptr = aggregator_list; ptr; ptr = ptr->next) {
         for (ptr = aggregator_list; ptr; ptr = ptr->next) {

















380
                 if (ptr->original_name == saved_original_name && ptr->aggregated_name == saved_aggregated_name) {
                 if (ptr->original_name == saved_original_name && ptr->aggregated_name == saved_aggregated_name) {

















381
                         ptr->is_deleted = is_delete;
                         ptr->is_deleted = is_delete;











#

Line 398 
 static int AddAggregatorEntry(const char


Line 398 
 static int AddAggregatorEntry(const char












398
         }
         }

















399
         error = 0;
         error = 0;

















400
  out:
  out:















401


         up(&lock);


         mutex_unlock(&lock);















402
         return error;
         return error;

















403
 }
 }

















404
 
 











#

Line 432 
 int DeleteDomain(char *domainname0)


Line 432 
 int DeleteDomain(char *domainname0)












432
         struct path_info domainname;
         struct path_info domainname;

















433
         domainname.name = domainname0;
         domainname.name = domainname0;

















434
         fill_path_info(&domainname);
         fill_path_info(&domainname);















435


         down(&new_domain_assign_lock);


         mutex_lock(&new_domain_assign_lock);















436
 #ifdef DEBUG_DOMAIN_UNDELETE
 #ifdef DEBUG_DOMAIN_UNDELETE

















437
         printk("DeleteDomain %s\n", domainname0);
         printk("DeleteDomain %s\n", domainname0);

















438
         for (domain = KERNEL_DOMAIN.next; domain; domain = domain->next) {
         for (domain = KERNEL_DOMAIN.next; domain; domain = domain->next) {











#

Line 461 
 int DeleteDomain(char *domainname0)


Line 461 
 int DeleteDomain(char *domainname0)












461
                 printk("Marked %p as undeletable\n", domain);
                 printk("Marked %p as undeletable\n", domain);

















462
 #endif
 #endif

















463
         }
         }















464


         up(&new_domain_assign_lock);


         mutex_unlock(&new_domain_assign_lock);















465
         return 0;
         return 0;

















466
 }
 }

















467
 
 











#

Line 471 
 struct domain_info *UndeleteDomain(const


Line 471 
 struct domain_info *UndeleteDomain(const












471
         struct path_info domainname;
         struct path_info domainname;

















472
         domainname.name = domainname0;
         domainname.name = domainname0;

















473
         fill_path_info(&domainname);
         fill_path_info(&domainname);















474


         down(&new_domain_assign_lock);


         mutex_lock(&new_domain_assign_lock);















475
 #ifdef DEBUG_DOMAIN_UNDELETE
 #ifdef DEBUG_DOMAIN_UNDELETE

















476
         printk("UndeleteDomain %s\n", domainname0);
         printk("UndeleteDomain %s\n", domainname0);

















477
         for (domain = KERNEL_DOMAIN.next; domain; domain = domain->next) {
         for (domain = KERNEL_DOMAIN.next; domain; domain = domain->next) {











#

Line 498 
 struct domain_info *UndeleteDomain(const


Line 498 
 struct domain_info *UndeleteDomain(const












498
                 printk("%p was undeleted.\n", candidate_domain);
                 printk("%p was undeleted.\n", candidate_domain);

















499
 #endif
 #endif

















500
         }
         }















501


         up(&new_domain_assign_lock);


         mutex_unlock(&new_domain_assign_lock);















502
         return candidate_domain;
         return candidate_domain;

















503
 }
 }

















504
 
 











#

Line 508 
 struct domain_info *FindOrAssignNewDomai


Line 508 
 struct domain_info *FindOrAssignNewDomai












508
 {
 {

















509
         struct domain_info *domain = NULL;
         struct domain_info *domain = NULL;

















510
         const struct path_info *saved_domainname;
         const struct path_info *saved_domainname;















511


         down(&new_domain_assign_lock);


         mutex_lock(&new_domain_assign_lock);















512
         if ((domain = FindDomain(domainname)) != NULL) goto out;
         if ((domain = FindDomain(domainname)) != NULL) goto out;

















513
         if (!IsCorrectDomain(domainname, __FUNCTION__)) goto out;
         if (!IsCorrectDomain(domainname, __FUNCTION__)) goto out;

















514
         if ((saved_domainname = SaveName(domainname)) == NULL) goto out;
         if ((saved_domainname = SaveName(domainname)) == NULL) goto out;











#

Line 546 
 struct domain_info *FindOrAssignNewDomai


Line 546 
 struct domain_info *FindOrAssignNewDomai












546
                 while (ptr->next) ptr = ptr->next; ptr->next = domain;
                 while (ptr->next) ptr = ptr->next; ptr->next = domain;

















547
         }
         }

















548
  out: ;
  out: ;















549


         up(&new_domain_assign_lock);


         mutex_unlock(&new_domain_assign_lock);















550
         return domain;
         return domain;

















551
 }
 }

















552
 
 











#

Line 794 
 static int CheckEnviron(struct linux_bin


Line 794 
 static int CheckEnviron(struct linux_bin












794
                 if (argv_count) goto unmap_page;
                 if (argv_count) goto unmap_page;

















795
                 while (offset < PAGE_SIZE) {
                 while (offset < PAGE_SIZE) {

















796
                         const unsigned char c = kaddr[offset++];
                         const unsigned char c = kaddr[offset++];















797


                         if (arg_len < CCS_MAX_PATHNAME_LEN - 10) {


                         if (c && arg_len < CCS_MAX_PATHNAME_LEN - 10) {















798
                                 if (c == '=') {
                                 if (c == '=') {

















799
                                         arg_ptr[arg_len++] = '\0';
                                         arg_ptr[arg_len++] = '\0';

















800
                                 } else if (c == '\\') {
                                 } else if (c == '\\') {





























Legend:



Removed from v.621
 


changed lines


 
Added in v.652













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/domain.c
-revision 621 by kumaneko,
Sat Oct 27 08:11:13 2007 UTC
+revision 652 by kumaneko,
Mon Nov  5 07:48:31 2007 UTC
 Line 34 
 extern int sbin_init_started;
  #ifdef CONFIG_TOMOYO
  /* Lock for appending domain's ACL. */
- DECLARE_MUTEX(domain_acl_lock);
+ DEFINE_MUTEX(domain_acl_lock);
  /*************************  UTILITY FUNCTIONS  *************************/
 Line 81 
 struct alias_entry {
  /*************************  VARIABLES  *************************/
  /* Domain creation lock. */
- static DECLARE_MUTEX(new_domain_assign_lock);
+ static DEFINE_MUTEX(new_domain_assign_lock);
  /*************************  UTILITY FUNCTIONS  *************************/
 Line 115 
 static struct domain_initializer_entry *
  static int AddDomainInitializerEntry(const char *domainname, const char *program, const bool is_not, const bool is_delete)
  {
          struct domain_initializer_entry *new_entry, *ptr;
-         static DECLARE_MUTEX(lock);
+         static DEFINE_MUTEX(lock);
          const struct path_info *saved_program, *saved_domainname = NULL;
          int error = -ENOMEM;
          bool is_last_name = 0;
 Line 129 
 static int AddDomainInitializerEntry(con
                  if ((saved_domainname = SaveName(domainname)) == NULL) return -ENOMEM;
          }
          if ((saved_program = SaveName(program)) == NULL) return -ENOMEM;
-         down(&lock);
+         mutex_lock(&lock);
          for (ptr = domain_initializer_list; ptr; ptr = ptr->next) {
                  if (ptr->is_not == is_not && ptr->domainname == saved_domainname && ptr->program == saved_program) {
                          ptr->is_deleted = is_delete;
 Line 154 
 static int AddDomainInitializerEntry(con
          }
          error = 0;
   out:
-         up(&lock);
+         mutex_unlock(&lock);
          return error;
  }
 Line 215 
 static int AddDomainKeeperEntry(const ch
  {
          struct domain_keeper_entry *new_entry, *ptr;
          const struct path_info *saved_domainname, *saved_program = NULL;
-         static DECLARE_MUTEX(lock);
+         static DEFINE_MUTEX(lock);
          int error = -ENOMEM;
          bool is_last_name = 0;
          if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) {
 Line 228 
 static int AddDomainKeeperEntry(const ch
                  if ((saved_program = SaveName(program)) == NULL) return -ENOMEM;
          }
          if ((saved_domainname = SaveName(domainname)) == NULL) return -ENOMEM;
-         down(&lock);
+         mutex_lock(&lock);
          for (ptr = domain_keeper_list; ptr; ptr = ptr->next) {
                  if (ptr->is_not == is_not && ptr->domainname == saved_domainname && ptr->program == saved_program) {
                          ptr->is_deleted = is_delete;
 Line 253 
 static int AddDomainKeeperEntry(const ch
          }
          error = 0;
   out:
-         up(&lock);
+         mutex_unlock(&lock);
          return error;
  }
 Line 311 
 static struct alias_entry *alias_list =
  static int AddAliasEntry(const char *original_name, const char *aliased_name, const bool is_delete)
  {
          struct alias_entry *new_entry, *ptr;
-         static DECLARE_MUTEX(lock);
+         static DEFINE_MUTEX(lock);
          const struct path_info *saved_original_name, *saved_aliased_name;
          int error = -ENOMEM;
          if (!IsCorrectPath(original_name, 1, -1, -1, __FUNCTION__) || !IsCorrectPath(aliased_name, 1, -1, -1, __FUNCTION__)) return -EINVAL; /* No patterns allowed. */
          if ((saved_original_name = SaveName(original_name)) == NULL || (saved_aliased_name = SaveName(aliased_name)) == NULL) return -ENOMEM;
-         down(&lock);
+         mutex_lock(&lock);
          for (ptr = alias_list; ptr; ptr = ptr->next) {
                  if (ptr->original_name == saved_original_name && ptr->aliased_name == saved_aliased_name) {
                          ptr->is_deleted = is_delete;
 Line 339 
 static int AddAliasEntry(const char *ori
          }
          error = 0;
   out:
-         up(&lock);
+         mutex_unlock(&lock);
          return error;
  }
 Line 370 
 static struct aggregator_entry *aggregat
  static int AddAggregatorEntry(const char *original_name, const char *aggregated_name, const bool is_delete)
  {
          struct aggregator_entry *new_entry, *ptr;
-         static DECLARE_MUTEX(lock);
+         static DEFINE_MUTEX(lock);
          const struct path_info *saved_original_name, *saved_aggregated_name;
          int error = -ENOMEM;
          if (!IsCorrectPath(original_name, 1, 0, -1, __FUNCTION__) || !IsCorrectPath(aggregated_name, 1, -1, -1, __FUNCTION__)) return -EINVAL;
          if ((saved_original_name = SaveName(original_name)) == NULL || (saved_aggregated_name = SaveName(aggregated_name)) == NULL) return -ENOMEM;
-         down(&lock);
+         mutex_lock(&lock);
          for (ptr = aggregator_list; ptr; ptr = ptr->next) {
                  if (ptr->original_name == saved_original_name && ptr->aggregated_name == saved_aggregated_name) {
                          ptr->is_deleted = is_delete;
 Line 398 
 static int AddAggregatorEntry(const char
          }
          error = 0;
   out:
-         up(&lock);
+         mutex_unlock(&lock);
          return error;
  }
 Line 432 
 int DeleteDomain(char *domainname0)
          struct path_info domainname;
          domainname.name = domainname0;
          fill_path_info(&domainname);
-         down(&new_domain_assign_lock);
+         mutex_lock(&new_domain_assign_lock);
  #ifdef DEBUG_DOMAIN_UNDELETE
          printk("DeleteDomain %s\n", domainname0);
          for (domain = KERNEL_DOMAIN.next; domain; domain = domain->next) {
 Line 461 
 int DeleteDomain(char *domainname0)
                  printk("Marked %p as undeletable\n", domain);
  #endif
          }
-         up(&new_domain_assign_lock);
+         mutex_unlock(&new_domain_assign_lock);
          return 0;
  }
 Line 471 
 struct domain_info *UndeleteDomain(const
          struct path_info domainname;
          domainname.name = domainname0;
          fill_path_info(&domainname);
-         down(&new_domain_assign_lock);
+         mutex_lock(&new_domain_assign_lock);
  #ifdef DEBUG_DOMAIN_UNDELETE
          printk("UndeleteDomain %s\n", domainname0);
          for (domain = KERNEL_DOMAIN.next; domain; domain = domain->next) {
 Line 498 
 struct domain_info *UndeleteDomain(const
                  printk("%p was undeleted.\n", candidate_domain);
  #endif
          }
-         up(&new_domain_assign_lock);
+         mutex_unlock(&new_domain_assign_lock);
          return candidate_domain;
  }
 Line 508 
 struct domain_info *FindOrAssignNewDomai
  {
          struct domain_info *domain = NULL;
          const struct path_info *saved_domainname;
-         down(&new_domain_assign_lock);
+         mutex_lock(&new_domain_assign_lock);
          if ((domain = FindDomain(domainname)) != NULL) goto out;
          if (!IsCorrectDomain(domainname, __FUNCTION__)) goto out;
          if ((saved_domainname = SaveName(domainname)) == NULL) goto out;
 Line 546 
 struct domain_info *FindOrAssignNewDomai
                  while (ptr->next) ptr = ptr->next; ptr->next = domain;
          }
   out: ;
-         up(&new_domain_assign_lock);
+         mutex_unlock(&new_domain_assign_lock);
          return domain;
  }
 Line 794 
 static int CheckEnviron(struct linux_bin
                  if (argv_count) goto unmap_page;
                  while (offset < PAGE_SIZE) {
                          const unsigned char c = kaddr[offset++];
-                         if (arg_len < CCS_MAX_PATHNAME_LEN - 10) {
+                         if (c && arg_len < CCS_MAX_PATHNAME_LEN - 10) {
                                  if (c == '=') {
                                          arg_ptr[arg_len++] = '\0';
                                  } else if (c == '\\') {
 Legend:



Removed from v.621
 


changed lines


 
Added in v.652
 Legend:



Removed from v.621
 


changed lines


 
Added in v.652
-Removed from v.621
+Added in v.652
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照