34 |
#ifdef CONFIG_TOMOYO |
#ifdef CONFIG_TOMOYO |
35 |
|
|
36 |
/* Lock for appending domain's ACL. */ |
/* Lock for appending domain's ACL. */ |
37 |
DECLARE_MUTEX(domain_acl_lock); |
DEFINE_MUTEX(domain_acl_lock); |
38 |
|
|
39 |
/************************* UTILITY FUNCTIONS *************************/ |
/************************* UTILITY FUNCTIONS *************************/ |
40 |
|
|
81 |
/************************* VARIABLES *************************/ |
/************************* VARIABLES *************************/ |
82 |
|
|
83 |
/* Domain creation lock. */ |
/* Domain creation lock. */ |
84 |
static DECLARE_MUTEX(new_domain_assign_lock); |
static DEFINE_MUTEX(new_domain_assign_lock); |
85 |
|
|
86 |
/************************* UTILITY FUNCTIONS *************************/ |
/************************* UTILITY FUNCTIONS *************************/ |
87 |
|
|
115 |
static int AddDomainInitializerEntry(const char *domainname, const char *program, const bool is_not, const bool is_delete) |
static int AddDomainInitializerEntry(const char *domainname, const char *program, const bool is_not, const bool is_delete) |
116 |
{ |
{ |
117 |
struct domain_initializer_entry *new_entry, *ptr; |
struct domain_initializer_entry *new_entry, *ptr; |
118 |
static DECLARE_MUTEX(lock); |
static DEFINE_MUTEX(lock); |
119 |
const struct path_info *saved_program, *saved_domainname = NULL; |
const struct path_info *saved_program, *saved_domainname = NULL; |
120 |
int error = -ENOMEM; |
int error = -ENOMEM; |
121 |
bool is_last_name = 0; |
bool is_last_name = 0; |
129 |
if ((saved_domainname = SaveName(domainname)) == NULL) return -ENOMEM; |
if ((saved_domainname = SaveName(domainname)) == NULL) return -ENOMEM; |
130 |
} |
} |
131 |
if ((saved_program = SaveName(program)) == NULL) return -ENOMEM; |
if ((saved_program = SaveName(program)) == NULL) return -ENOMEM; |
132 |
down(&lock); |
mutex_lock(&lock); |
133 |
for (ptr = domain_initializer_list; ptr; ptr = ptr->next) { |
for (ptr = domain_initializer_list; ptr; ptr = ptr->next) { |
134 |
if (ptr->is_not == is_not && ptr->domainname == saved_domainname && ptr->program == saved_program) { |
if (ptr->is_not == is_not && ptr->domainname == saved_domainname && ptr->program == saved_program) { |
135 |
ptr->is_deleted = is_delete; |
ptr->is_deleted = is_delete; |
154 |
} |
} |
155 |
error = 0; |
error = 0; |
156 |
out: |
out: |
157 |
up(&lock); |
mutex_unlock(&lock); |
158 |
return error; |
return error; |
159 |
} |
} |
160 |
|
|
215 |
{ |
{ |
216 |
struct domain_keeper_entry *new_entry, *ptr; |
struct domain_keeper_entry *new_entry, *ptr; |
217 |
const struct path_info *saved_domainname, *saved_program = NULL; |
const struct path_info *saved_domainname, *saved_program = NULL; |
218 |
static DECLARE_MUTEX(lock); |
static DEFINE_MUTEX(lock); |
219 |
int error = -ENOMEM; |
int error = -ENOMEM; |
220 |
bool is_last_name = 0; |
bool is_last_name = 0; |
221 |
if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) { |
if (!IsDomainDef(domainname) && IsCorrectPath(domainname, 1, -1, -1, __FUNCTION__)) { |
228 |
if ((saved_program = SaveName(program)) == NULL) return -ENOMEM; |
if ((saved_program = SaveName(program)) == NULL) return -ENOMEM; |
229 |
} |
} |
230 |
if ((saved_domainname = SaveName(domainname)) == NULL) return -ENOMEM; |
if ((saved_domainname = SaveName(domainname)) == NULL) return -ENOMEM; |
231 |
down(&lock); |
mutex_lock(&lock); |
232 |
for (ptr = domain_keeper_list; ptr; ptr = ptr->next) { |
for (ptr = domain_keeper_list; ptr; ptr = ptr->next) { |
233 |
if (ptr->is_not == is_not && ptr->domainname == saved_domainname && ptr->program == saved_program) { |
if (ptr->is_not == is_not && ptr->domainname == saved_domainname && ptr->program == saved_program) { |
234 |
ptr->is_deleted = is_delete; |
ptr->is_deleted = is_delete; |
253 |
} |
} |
254 |
error = 0; |
error = 0; |
255 |
out: |
out: |
256 |
up(&lock); |
mutex_unlock(&lock); |
257 |
return error; |
return error; |
258 |
} |
} |
259 |
|
|
311 |
static int AddAliasEntry(const char *original_name, const char *aliased_name, const bool is_delete) |
static int AddAliasEntry(const char *original_name, const char *aliased_name, const bool is_delete) |
312 |
{ |
{ |
313 |
struct alias_entry *new_entry, *ptr; |
struct alias_entry *new_entry, *ptr; |
314 |
static DECLARE_MUTEX(lock); |
static DEFINE_MUTEX(lock); |
315 |
const struct path_info *saved_original_name, *saved_aliased_name; |
const struct path_info *saved_original_name, *saved_aliased_name; |
316 |
int error = -ENOMEM; |
int error = -ENOMEM; |
317 |
if (!IsCorrectPath(original_name, 1, -1, -1, __FUNCTION__) || !IsCorrectPath(aliased_name, 1, -1, -1, __FUNCTION__)) return -EINVAL; /* No patterns allowed. */ |
if (!IsCorrectPath(original_name, 1, -1, -1, __FUNCTION__) || !IsCorrectPath(aliased_name, 1, -1, -1, __FUNCTION__)) return -EINVAL; /* No patterns allowed. */ |
318 |
if ((saved_original_name = SaveName(original_name)) == NULL || (saved_aliased_name = SaveName(aliased_name)) == NULL) return -ENOMEM; |
if ((saved_original_name = SaveName(original_name)) == NULL || (saved_aliased_name = SaveName(aliased_name)) == NULL) return -ENOMEM; |
319 |
down(&lock); |
mutex_lock(&lock); |
320 |
for (ptr = alias_list; ptr; ptr = ptr->next) { |
for (ptr = alias_list; ptr; ptr = ptr->next) { |
321 |
if (ptr->original_name == saved_original_name && ptr->aliased_name == saved_aliased_name) { |
if (ptr->original_name == saved_original_name && ptr->aliased_name == saved_aliased_name) { |
322 |
ptr->is_deleted = is_delete; |
ptr->is_deleted = is_delete; |
339 |
} |
} |
340 |
error = 0; |
error = 0; |
341 |
out: |
out: |
342 |
up(&lock); |
mutex_unlock(&lock); |
343 |
return error; |
return error; |
344 |
} |
} |
345 |
|
|
370 |
static int AddAggregatorEntry(const char *original_name, const char *aggregated_name, const bool is_delete) |
static int AddAggregatorEntry(const char *original_name, const char *aggregated_name, const bool is_delete) |
371 |
{ |
{ |
372 |
struct aggregator_entry *new_entry, *ptr; |
struct aggregator_entry *new_entry, *ptr; |
373 |
static DECLARE_MUTEX(lock); |
static DEFINE_MUTEX(lock); |
374 |
const struct path_info *saved_original_name, *saved_aggregated_name; |
const struct path_info *saved_original_name, *saved_aggregated_name; |
375 |
int error = -ENOMEM; |
int error = -ENOMEM; |
376 |
if (!IsCorrectPath(original_name, 1, 0, -1, __FUNCTION__) || !IsCorrectPath(aggregated_name, 1, -1, -1, __FUNCTION__)) return -EINVAL; |
if (!IsCorrectPath(original_name, 1, 0, -1, __FUNCTION__) || !IsCorrectPath(aggregated_name, 1, -1, -1, __FUNCTION__)) return -EINVAL; |
377 |
if ((saved_original_name = SaveName(original_name)) == NULL || (saved_aggregated_name = SaveName(aggregated_name)) == NULL) return -ENOMEM; |
if ((saved_original_name = SaveName(original_name)) == NULL || (saved_aggregated_name = SaveName(aggregated_name)) == NULL) return -ENOMEM; |
378 |
down(&lock); |
mutex_lock(&lock); |
379 |
for (ptr = aggregator_list; ptr; ptr = ptr->next) { |
for (ptr = aggregator_list; ptr; ptr = ptr->next) { |
380 |
if (ptr->original_name == saved_original_name && ptr->aggregated_name == saved_aggregated_name) { |
if (ptr->original_name == saved_original_name && ptr->aggregated_name == saved_aggregated_name) { |
381 |
ptr->is_deleted = is_delete; |
ptr->is_deleted = is_delete; |
398 |
} |
} |
399 |
error = 0; |
error = 0; |
400 |
out: |
out: |
401 |
up(&lock); |
mutex_unlock(&lock); |
402 |
return error; |
return error; |
403 |
} |
} |
404 |
|
|
432 |
struct path_info domainname; |
struct path_info domainname; |
433 |
domainname.name = domainname0; |
domainname.name = domainname0; |
434 |
fill_path_info(&domainname); |
fill_path_info(&domainname); |
435 |
down(&new_domain_assign_lock); |
mutex_lock(&new_domain_assign_lock); |
436 |
#ifdef DEBUG_DOMAIN_UNDELETE |
#ifdef DEBUG_DOMAIN_UNDELETE |
437 |
printk("DeleteDomain %s\n", domainname0); |
printk("DeleteDomain %s\n", domainname0); |
438 |
for (domain = KERNEL_DOMAIN.next; domain; domain = domain->next) { |
for (domain = KERNEL_DOMAIN.next; domain; domain = domain->next) { |
461 |
printk("Marked %p as undeletable\n", domain); |
printk("Marked %p as undeletable\n", domain); |
462 |
#endif |
#endif |
463 |
} |
} |
464 |
up(&new_domain_assign_lock); |
mutex_unlock(&new_domain_assign_lock); |
465 |
return 0; |
return 0; |
466 |
} |
} |
467 |
|
|
471 |
struct path_info domainname; |
struct path_info domainname; |
472 |
domainname.name = domainname0; |
domainname.name = domainname0; |
473 |
fill_path_info(&domainname); |
fill_path_info(&domainname); |
474 |
down(&new_domain_assign_lock); |
mutex_lock(&new_domain_assign_lock); |
475 |
#ifdef DEBUG_DOMAIN_UNDELETE |
#ifdef DEBUG_DOMAIN_UNDELETE |
476 |
printk("UndeleteDomain %s\n", domainname0); |
printk("UndeleteDomain %s\n", domainname0); |
477 |
for (domain = KERNEL_DOMAIN.next; domain; domain = domain->next) { |
for (domain = KERNEL_DOMAIN.next; domain; domain = domain->next) { |
498 |
printk("%p was undeleted.\n", candidate_domain); |
printk("%p was undeleted.\n", candidate_domain); |
499 |
#endif |
#endif |
500 |
} |
} |
501 |
up(&new_domain_assign_lock); |
mutex_unlock(&new_domain_assign_lock); |
502 |
return candidate_domain; |
return candidate_domain; |
503 |
} |
} |
504 |
|
|
508 |
{ |
{ |
509 |
struct domain_info *domain = NULL; |
struct domain_info *domain = NULL; |
510 |
const struct path_info *saved_domainname; |
const struct path_info *saved_domainname; |
511 |
down(&new_domain_assign_lock); |
mutex_lock(&new_domain_assign_lock); |
512 |
if ((domain = FindDomain(domainname)) != NULL) goto out; |
if ((domain = FindDomain(domainname)) != NULL) goto out; |
513 |
if (!IsCorrectDomain(domainname, __FUNCTION__)) goto out; |
if (!IsCorrectDomain(domainname, __FUNCTION__)) goto out; |
514 |
if ((saved_domainname = SaveName(domainname)) == NULL) goto out; |
if ((saved_domainname = SaveName(domainname)) == NULL) goto out; |
546 |
while (ptr->next) ptr = ptr->next; ptr->next = domain; |
while (ptr->next) ptr = ptr->next; ptr->next = domain; |
547 |
} |
} |
548 |
out: ; |
out: ; |
549 |
up(&new_domain_assign_lock); |
mutex_unlock(&new_domain_assign_lock); |
550 |
return domain; |
return domain; |
551 |
} |
} |
552 |
|
|
794 |
if (argv_count) goto unmap_page; |
if (argv_count) goto unmap_page; |
795 |
while (offset < PAGE_SIZE) { |
while (offset < PAGE_SIZE) { |
796 |
const unsigned char c = kaddr[offset++]; |
const unsigned char c = kaddr[offset++]; |
797 |
if (arg_len < CCS_MAX_PATHNAME_LEN - 10) { |
if (c && arg_len < CCS_MAX_PATHNAME_LEN - 10) { |
798 |
if (c == '=') { |
if (c == '=') { |
799 |
arg_ptr[arg_len++] = '\0'; |
arg_ptr[arg_len++] = '\0'; |
800 |
} else if (c == '\\') { |
} else if (c == '\\') { |