オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.6.x/ccs-patch/fs/ccs_common.c

Diff of /trunk/1.6.x/ccs-patch/fs/ccs_common.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 913 by kumaneko, Tue Jan 22 01:42:18 2008 UTC revision 921 by kumaneko, Wed Jan 23 08:37:42 2008 UTC
# Line 5  Line 5 
5   *   *
6   * Copyright (C) 2005-2008  NTT DATA CORPORATION   * Copyright (C) 2005-2008  NTT DATA CORPORATION
7   *   *
8   * Version: 1.6.0-pre   2008/01/22   * Version: 1.6.0-pre   2008/01/23
9   *   *
10   * This file is applicable to both 2.4.30 and 2.6.11 and later.   * This file is applicable to both 2.4.30 and 2.6.11 and later.
11   * See README.ccs for ChangeLog.   * See README.ccs for ChangeLog.
# Line 103  __setup("TOMOYO_QUIET", TOMOYO_Quiet_Set Line 103  __setup("TOMOYO_QUIET", TOMOYO_Quiet_Set
103  #endif  #endif
104    
105  /* Am I root? */  /* Am I root? */
106  static int isRoot(void)  static int isRoot(struct io_buffer *head)
107  {  {
108          return !current->uid && !current->euid;          const struct task_struct *task = current;
109            return (!task->uid && !task->euid) || task->uid == head->uid || task->gid == head->gid;
110  }  }
111    
112  /*  /*
# Line 579  static int SetProfile(struct io_buffer * Line 580  static int SetProfile(struct io_buffer *
580          unsigned int i, value;          unsigned int i, value;
581          char *cp;          char *cp;
582          struct profile *profile;          struct profile *profile;
583          if (!isRoot()) return -EPERM;          if (!isRoot(head)) return -EPERM;
584          i = simple_strtoul(data, &cp, 10);          i = simple_strtoul(data, &cp, 10);
585          if (data != cp) {          if (data != cp) {
586                  if (*cp != '-') return -EINVAL;                  if (*cp != '-') return -EINVAL;
# Line 623  static int SetProfile(struct io_buffer * Line 624  static int SetProfile(struct io_buffer *
624  static int ReadProfile(struct io_buffer *head)  static int ReadProfile(struct io_buffer *head)
625  {  {
626          if (!head->read_eof) {          if (!head->read_eof) {
627                  if (!isRoot()) return -EPERM;                  if (!isRoot(head)) return -EPERM;
628                  if (!head->read_var2) {                  if (!head->read_var2) {
629                          int step;                          int step;
630                          for (step = head->read_step; step < MAX_PROFILES * CCS_MAX_CONTROL_INDEX; step++) {                          for (step = head->read_step; step < MAX_PROFILES * CCS_MAX_CONTROL_INDEX; step++) {
# Line 700  static int AddManagerEntry(const char *m Line 701  static int AddManagerEntry(const char *m
701          const struct path_info *saved_manager;          const struct path_info *saved_manager;
702          int error = -ENOMEM;          int error = -ENOMEM;
703          bool is_domain = 0;          bool is_domain = 0;
         if (!isRoot()) return -EPERM;  
704          if (IsDomainDef(manager)) {          if (IsDomainDef(manager)) {
705                  if (!IsCorrectDomain(manager, __FUNCTION__)) return -EINVAL;                  if (!IsCorrectDomain(manager, __FUNCTION__)) return -EINVAL;
706                  is_domain = 1;                  is_domain = 1;
# Line 735  static int AddManagerPolicy(struct io_bu Line 735  static int AddManagerPolicy(struct io_bu
735  {  {
736          const char *data = head->write_buf;          const char *data = head->write_buf;
737          bool is_delete = 0;          bool is_delete = 0;
738          if (!isRoot()) return -EPERM;          if (!isRoot(head)) return -EPERM;
739          if (strncmp(data, KEYWORD_DELETE, KEYWORD_DELETE_LEN) == 0) {          if (strncmp(data, KEYWORD_DELETE, KEYWORD_DELETE_LEN) == 0) {
740                  data += KEYWORD_DELETE_LEN;                  data += KEYWORD_DELETE_LEN;
741                  is_delete = 1;                  is_delete = 1;
# Line 747  static int ReadManagerPolicy(struct io_b Line 747  static int ReadManagerPolicy(struct io_b
747  {  {
748          struct list1_head *pos;          struct list1_head *pos;
749          if (head->read_eof) return 0;          if (head->read_eof) return 0;
750          if (!isRoot()) return -EPERM;          if (!isRoot(head)) return -EPERM;
751          list1_for_each_cookie(pos, head->read_var2, &policy_manager_list) {          list1_for_each_cookie(pos, head->read_var2, &policy_manager_list) {
752                  struct policy_manager_entry *ptr;                  struct policy_manager_entry *ptr;
753                  ptr = list1_entry(pos, struct policy_manager_entry, list);                  ptr = list1_entry(pos, struct policy_manager_entry, list);
# Line 810  static int AddDomainPolicy(struct io_buf Line 810  static int AddDomainPolicy(struct io_buf
810          unsigned int profile;          unsigned int profile;
811          const struct condition_list *cond = NULL;          const struct condition_list *cond = NULL;
812          char *cp;          char *cp;
813          if (!isRoot()) return -EPERM;          if (!isRoot(head)) return -EPERM;
814          if (strncmp(data, KEYWORD_DELETE, KEYWORD_DELETE_LEN) == 0) {          if (strncmp(data, KEYWORD_DELETE, KEYWORD_DELETE_LEN) == 0) {
815                  data += KEYWORD_DELETE_LEN;                  data += KEYWORD_DELETE_LEN;
816                  is_delete = 1;                  is_delete = 1;
# Line 1002  static int ReadDomainPolicy(struct io_bu Line 1002  static int ReadDomainPolicy(struct io_bu
1002          struct list1_head *apos;          struct list1_head *apos;
1003          if (head->read_eof) return 0;          if (head->read_eof) return 0;
1004          if (head->read_step == 0) {          if (head->read_step == 0) {
1005                  if (!isRoot()) return -EPERM;                  if (!isRoot(head)) return -EPERM;
1006                  head->read_step = 1;                  head->read_step = 1;
1007          }          }
1008          list1_for_each_cookie(dpos, head->read_var1, &domain_list) {          list1_for_each_cookie(dpos, head->read_var1, &domain_list) {
# Line 1058  static int UpdateDomainProfile(struct io Line 1058  static int UpdateDomainProfile(struct io
1058          char *cp = strchr(data, ' ');          char *cp = strchr(data, ' ');
1059          struct domain_info *domain;          struct domain_info *domain;
1060          unsigned int profile;          unsigned int profile;
1061          if (!isRoot()) return -EPERM;          if (!isRoot(head)) return -EPERM;
1062          if (!cp) return -EINVAL;          if (!cp) return -EINVAL;
1063          *cp = '\0';          *cp = '\0';
1064          domain = FindDomain(cp + 1);          domain = FindDomain(cp + 1);
# Line 1072  static int ReadDomainProfile(struct io_b Line 1072  static int ReadDomainProfile(struct io_b
1072  {  {
1073          struct list1_head *pos;          struct list1_head *pos;
1074          if (head->read_eof) return 0;          if (head->read_eof) return 0;
1075          if (!isRoot()) return -EPERM;          if (!isRoot(head)) return -EPERM;
1076          list1_for_each_cookie(pos, head->read_var1, &domain_list) {          list1_for_each_cookie(pos, head->read_var1, &domain_list) {
1077                  struct domain_info *domain;                  struct domain_info *domain;
1078                  domain = list1_entry(pos, struct domain_info, list);                  domain = list1_entry(pos, struct domain_info, list);
# Line 1116  static int AddExceptionPolicy(struct io_ Line 1116  static int AddExceptionPolicy(struct io_
1116  {  {
1117          char *data = head->write_buf;          char *data = head->write_buf;
1118          bool is_delete = 0;          bool is_delete = 0;
1119          if (!isRoot()) return -EPERM;          if (!isRoot(head)) return -EPERM;
1120          UpdateCounter(CCS_UPDATES_COUNTER_EXCEPTION_POLICY);          UpdateCounter(CCS_UPDATES_COUNTER_EXCEPTION_POLICY);
1121          if (strncmp(data, KEYWORD_DELETE, KEYWORD_DELETE_LEN) == 0) {          if (strncmp(data, KEYWORD_DELETE, KEYWORD_DELETE_LEN) == 0) {
1122                  data += KEYWORD_DELETE_LEN;                  data += KEYWORD_DELETE_LEN;
# Line 1155  static int ReadExceptionPolicy(struct io Line 1155  static int ReadExceptionPolicy(struct io
1155          if (!head->read_eof) {          if (!head->read_eof) {
1156                  switch (head->read_step) {                  switch (head->read_step) {
1157                  case 0:                  case 0:
1158                          if (!isRoot()) return -EPERM;                          if (!isRoot(head)) return -EPERM;
1159                          head->read_var2 = NULL; head->read_step = 1;                          head->read_var2 = NULL; head->read_step = 1;
1160                  case 1:                  case 1:
1161                          if (ReadDomainKeeperPolicy(head)) break;                          if (ReadDomainKeeperPolicy(head)) break;
# Line 1205  static int AddSystemPolicy(struct io_buf Line 1205  static int AddSystemPolicy(struct io_buf
1205  {  {
1206          char *data = head->write_buf;          char *data = head->write_buf;
1207          bool is_delete = 0;          bool is_delete = 0;
1208          if (!isRoot()) return -EPERM;          if (!isRoot(head)) return -EPERM;
1209          UpdateCounter(CCS_UPDATES_COUNTER_SYSTEM_POLICY);          UpdateCounter(CCS_UPDATES_COUNTER_SYSTEM_POLICY);
1210          if (strncmp(data, KEYWORD_DELETE, KEYWORD_DELETE_LEN) == 0) {          if (strncmp(data, KEYWORD_DELETE, KEYWORD_DELETE_LEN) == 0) {
1211                  data += KEYWORD_DELETE_LEN;                  data += KEYWORD_DELETE_LEN;
# Line 1229  static int ReadSystemPolicy(struct io_bu Line 1229  static int ReadSystemPolicy(struct io_bu
1229          if (!head->read_eof) {          if (!head->read_eof) {
1230                  switch (head->read_step) {                  switch (head->read_step) {
1231                  case 0:                  case 0:
1232                          if (!isRoot()) return -EPERM;                          if (!isRoot(head)) return -EPERM;
1233                          head->read_var2 = NULL; head->read_step = 1;                          head->read_var2 = NULL; head->read_step = 1;
1234                  case 1:                  case 1:
1235                          if (ReadMountPolicy(head)) break;                          if (ReadMountPolicy(head)) break;
# Line 1314  void CCS_LoadPolicy(const char *filename Line 1314  void CCS_LoadPolicy(const char *filename
1314                  }                  }
1315          }          }
1316  #ifdef CONFIG_SAKURA  #ifdef CONFIG_SAKURA
1317          printk("SAKURA: 1.6.0-pre   2008/01/15\n");          printk("SAKURA: 1.6.0-pre   2008/01/23\n");
1318  #endif  #endif
1319  #ifdef CONFIG_TOMOYO  #ifdef CONFIG_TOMOYO
1320          printk("TOMOYO: 1.6.0-pre   2008/01/22\n");          printk("TOMOYO: 1.6.0-pre   2008/01/23\n");
1321  #endif  #endif
1322          printk("Mandatory Access Control activated.\n");          printk("Mandatory Access Control activated.\n");
1323          sbin_init_started = 1;          sbin_init_started = 1;
# Line 1673  int CCS_OpenControl(const u8 type, struc Line 1673  int CCS_OpenControl(const u8 type, struc
1673                          return -ENOMEM;                          return -ENOMEM;
1674                  }                  }
1675          }          }
1676            { /* Set owner of this entry. */
1677                    struct inode *inode = file->f_dentry->d_inode;
1678                    head->uid = inode ? inode->i_uid : 0;
1679                    head->gid = inode ? inode->i_gid : 0;
1680            }
1681          file->private_data = head;          file->private_data = head;
1682          if (type == CCS_SELFDOMAIN) CCS_ReadControl(file, NULL, 0);          if (type == CCS_SELFDOMAIN) CCS_ReadControl(file, NULL, 0);
1683          else if (head->write == WriteAnswer) atomic_inc(&queryd_watcher);          else if (head->write == WriteAnswer) atomic_inc(&queryd_watcher);
# Line 1720  int CCS_WriteControl(struct file *file, Line 1725  int CCS_WriteControl(struct file *file,
1725          char *cp0 = head->write_buf;          char *cp0 = head->write_buf;
1726          if (!head->write) return -ENOSYS;          if (!head->write) return -ENOSYS;
1727          if (!access_ok(VERIFY_READ, buffer, buffer_len)) return -EFAULT;          if (!access_ok(VERIFY_READ, buffer, buffer_len)) return -EFAULT;
1728          if (!isRoot()) return -EPERM;          if (!isRoot(head)) return -EPERM;
1729          if (head->write != WritePID && !IsPolicyManager()) {          if (head->write != WritePID && !IsPolicyManager()) {
1730                  return -EPERM; /* Forbid updating policies for non manager programs. */                  return -EPERM; /* Forbid updating policies for non manager programs. */
1731          }          }
Legend:
Removed from v.913  
changed lines
  Added in v.921
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ