5 |
* |
* |
6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
7 |
* |
* |
8 |
* Version: 1.6.5-pre 2008/10/07 |
* Version: 1.6.5-pre 2008/10/20 |
9 |
* |
* |
10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
11 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
1056 |
static struct profile *ccs_find_or_assign_new_profile(const unsigned int |
static struct profile *ccs_find_or_assign_new_profile(const unsigned int |
1057 |
profile) |
profile) |
1058 |
{ |
{ |
1059 |
static DEFINE_MUTEX(profile_lock); |
static DEFINE_MUTEX(lock); |
1060 |
struct profile *ptr = NULL; |
struct profile *ptr = NULL; |
1061 |
mutex_lock(&profile_lock); |
mutex_lock(&lock); |
1062 |
if (profile < MAX_PROFILES) { |
if (profile < MAX_PROFILES) { |
1063 |
ptr = profile_ptr[profile]; |
ptr = profile_ptr[profile]; |
1064 |
if (ptr) |
if (ptr) |
1078 |
} |
} |
1079 |
} |
} |
1080 |
ok: |
ok: |
1081 |
mutex_unlock(&profile_lock); |
mutex_unlock(&lock); |
1082 |
return ptr; |
return ptr; |
1083 |
} |
} |
1084 |
|
|
2114 |
*/ |
*/ |
2115 |
static int write_pid(struct ccs_io_buffer *head) |
static int write_pid(struct ccs_io_buffer *head) |
2116 |
{ |
{ |
|
head->read_step = (int) simple_strtoul(head->write_buf, NULL, 10); |
|
2117 |
head->read_eof = false; |
head->read_eof = false; |
2118 |
return 0; |
return 0; |
2119 |
} |
} |
2120 |
|
|
2121 |
/** |
/** |
2122 |
* read_pid - Get domainname of the specified PID. |
* read_pid - Read information of a process. |
2123 |
* |
* |
2124 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
2125 |
* |
* |
2126 |
* Returns the domainname which the specified PID is in on success, |
* Returns the domainname which the specified PID is in or |
2127 |
|
* process information of the specified PID on success, |
2128 |
* empty string otherwise. |
* empty string otherwise. |
|
* The PID is specified by write_pid() so that the user can obtain |
|
|
* using read()/write() interface rather than sysctl() interface. |
|
2129 |
*/ |
*/ |
2130 |
static int read_pid(struct ccs_io_buffer *head) |
static int read_pid(struct ccs_io_buffer *head) |
2131 |
{ |
{ |
2132 |
if (head->read_avail == 0 && !head->read_eof) { |
/* Accessing write_buf is safe because head->io_sem is held. */ |
2133 |
const int pid = head->read_step; |
char *buf = head->write_buf; |
2134 |
struct task_struct *p; |
bool task_info = false; |
2135 |
struct domain_info *domain = NULL; |
unsigned int pid; |
2136 |
/***** CRITICAL SECTION START *****/ |
struct task_struct *p; |
2137 |
read_lock(&tasklist_lock); |
struct domain_info *domain = NULL; |
2138 |
p = find_task_by_pid(pid); |
u32 tomoyo_flags = 0; |
2139 |
if (p) |
if (head->read_avail || head->read_eof) |
2140 |
domain = p->domain_info; |
goto done; |
2141 |
read_unlock(&tasklist_lock); |
head->read_eof = true; |
2142 |
/***** CRITICAL SECTION END *****/ |
if (str_starts(&buf, "info ")) |
2143 |
if (domain) |
task_info = true; |
2144 |
ccs_io_printf(head, "%d %u %s", pid, domain->profile, |
pid = (unsigned int) simple_strtoul(buf, NULL, 10); |
2145 |
domain->domainname->name); |
/***** CRITICAL SECTION START *****/ |
2146 |
head->read_eof = true; |
read_lock(&tasklist_lock); |
2147 |
|
p = find_task_by_pid(pid); |
2148 |
|
if (p) { |
2149 |
|
domain = p->domain_info; |
2150 |
|
tomoyo_flags = p->tomoyo_flags; |
2151 |
} |
} |
2152 |
|
read_unlock(&tasklist_lock); |
2153 |
|
/***** CRITICAL SECTION END *****/ |
2154 |
|
if (!domain) |
2155 |
|
goto done; |
2156 |
|
if (!task_info) |
2157 |
|
ccs_io_printf(head, "%u %u %s", pid, domain->profile, |
2158 |
|
domain->domainname->name); |
2159 |
|
else |
2160 |
|
ccs_io_printf(head, "%u manager=%s execute_handler=%s " |
2161 |
|
"state[0]=%u state[1]=%u state[2]=%u", pid, |
2162 |
|
tomoyo_flags & CCS_TASK_IS_POLICY_MANAGER ? |
2163 |
|
"yes" : "no", |
2164 |
|
tomoyo_flags & TOMOYO_TASK_IS_EXECUTE_HANDLER ? |
2165 |
|
"yes" : "no", |
2166 |
|
(u8) (tomoyo_flags >> 24), |
2167 |
|
(u8) (tomoyo_flags >> 16), |
2168 |
|
(u8) (tomoyo_flags >> 8)); |
2169 |
|
done: |
2170 |
return 0; |
return 0; |
2171 |
} |
} |
2172 |
|
|
2514 |
} |
} |
2515 |
#endif |
#endif |
2516 |
#ifdef CONFIG_SAKURA |
#ifdef CONFIG_SAKURA |
2517 |
printk(KERN_INFO "SAKURA: 1.6.5-pre 2008/10/07\n"); |
printk(KERN_INFO "SAKURA: 1.6.5-pre 2008/10/20\n"); |
2518 |
#endif |
#endif |
2519 |
#ifdef CONFIG_TOMOYO |
#ifdef CONFIG_TOMOYO |
2520 |
printk(KERN_INFO "TOMOYO: 1.6.5-pre 2008/10/07\n"); |
printk(KERN_INFO "TOMOYO: 1.6.5-pre 2008/10/20\n"); |
2521 |
#endif |
#endif |
2522 |
printk(KERN_INFO "Mandatory Access Control activated.\n"); |
printk(KERN_INFO "Mandatory Access Control activated.\n"); |
2523 |
sbin_init_started = true; |
sbin_init_started = true; |
2537 |
/* Wait queue for query_list. */ |
/* Wait queue for query_list. */ |
2538 |
static DECLARE_WAIT_QUEUE_HEAD(query_wait); |
static DECLARE_WAIT_QUEUE_HEAD(query_wait); |
2539 |
|
|
2540 |
/* Lock for manipurating query_list. */ |
/* Lock for manipulating query_list. */ |
2541 |
static DEFINE_SPINLOCK(query_lock); |
static DEFINE_SPINLOCK(query_list_lock); |
2542 |
|
|
2543 |
/* Structure for query. */ |
/* Structure for query. */ |
2544 |
struct query_entry { |
struct query_entry { |
2607 |
goto out; |
goto out; |
2608 |
INIT_LIST_HEAD(&query_entry->list); |
INIT_LIST_HEAD(&query_entry->list); |
2609 |
/***** CRITICAL SECTION START *****/ |
/***** CRITICAL SECTION START *****/ |
2610 |
spin_lock(&query_lock); |
spin_lock(&query_list_lock); |
2611 |
query_entry->serial = serial++; |
query_entry->serial = serial++; |
2612 |
spin_unlock(&query_lock); |
spin_unlock(&query_list_lock); |
2613 |
/***** CRITICAL SECTION END *****/ |
/***** CRITICAL SECTION END *****/ |
2614 |
pos = snprintf(query_entry->query, len - 1, "Q%u-%hu\n%s", |
pos = snprintf(query_entry->query, len - 1, "Q%u-%hu\n%s", |
2615 |
query_entry->serial, r->retry, header); |
query_entry->serial, r->retry, header); |
2620 |
query_entry->query_len = strlen(query_entry->query) + 1; |
query_entry->query_len = strlen(query_entry->query) + 1; |
2621 |
va_end(args); |
va_end(args); |
2622 |
/***** CRITICAL SECTION START *****/ |
/***** CRITICAL SECTION START *****/ |
2623 |
spin_lock(&query_lock); |
spin_lock(&query_list_lock); |
2624 |
list_add_tail(&query_entry->list, &query_list); |
list_add_tail(&query_entry->list, &query_list); |
2625 |
spin_unlock(&query_lock); |
spin_unlock(&query_list_lock); |
2626 |
/***** CRITICAL SECTION END *****/ |
/***** CRITICAL SECTION END *****/ |
2627 |
ccs_update_counter(CCS_UPDATES_COUNTER_QUERY); |
ccs_update_counter(CCS_UPDATES_COUNTER_QUERY); |
2628 |
/* Give 10 seconds for supervisor's opinion. */ |
/* Give 10 seconds for supervisor's opinion. */ |
2636 |
} |
} |
2637 |
ccs_update_counter(CCS_UPDATES_COUNTER_QUERY); |
ccs_update_counter(CCS_UPDATES_COUNTER_QUERY); |
2638 |
/***** CRITICAL SECTION START *****/ |
/***** CRITICAL SECTION START *****/ |
2639 |
spin_lock(&query_lock); |
spin_lock(&query_list_lock); |
2640 |
list_del(&query_entry->list); |
list_del(&query_entry->list); |
2641 |
spin_unlock(&query_lock); |
spin_unlock(&query_list_lock); |
2642 |
/***** CRITICAL SECTION END *****/ |
/***** CRITICAL SECTION END *****/ |
2643 |
switch (query_entry->answer) { |
switch (query_entry->answer) { |
2644 |
case 3: /* Asked to retry by administrator. */ |
case 3: /* Asked to retry by administrator. */ |
2680 |
u8 i; |
u8 i; |
2681 |
for (i = 0; i < 2; i++) { |
for (i = 0; i < 2; i++) { |
2682 |
/***** CRITICAL SECTION START *****/ |
/***** CRITICAL SECTION START *****/ |
2683 |
spin_lock(&query_lock); |
spin_lock(&query_list_lock); |
2684 |
list_for_each(tmp, &query_list) { |
list_for_each(tmp, &query_list) { |
2685 |
struct query_entry *ptr |
struct query_entry *ptr |
2686 |
= list_entry(tmp, struct query_entry, list); |
= list_entry(tmp, struct query_entry, list); |
2689 |
found = true; |
found = true; |
2690 |
break; |
break; |
2691 |
} |
} |
2692 |
spin_unlock(&query_lock); |
spin_unlock(&query_list_lock); |
2693 |
/***** CRITICAL SECTION END *****/ |
/***** CRITICAL SECTION END *****/ |
2694 |
if (found) |
if (found) |
2695 |
return POLLIN | POLLRDNORM; |
return POLLIN | POLLRDNORM; |
2721 |
head->readbuf_size = 0; |
head->readbuf_size = 0; |
2722 |
} |
} |
2723 |
/***** CRITICAL SECTION START *****/ |
/***** CRITICAL SECTION START *****/ |
2724 |
spin_lock(&query_lock); |
spin_lock(&query_list_lock); |
2725 |
list_for_each(tmp, &query_list) { |
list_for_each(tmp, &query_list) { |
2726 |
struct query_entry *ptr |
struct query_entry *ptr |
2727 |
= list_entry(tmp, struct query_entry, list); |
= list_entry(tmp, struct query_entry, list); |
2732 |
len = ptr->query_len; |
len = ptr->query_len; |
2733 |
break; |
break; |
2734 |
} |
} |
2735 |
spin_unlock(&query_lock); |
spin_unlock(&query_list_lock); |
2736 |
/***** CRITICAL SECTION END *****/ |
/***** CRITICAL SECTION END *****/ |
2737 |
if (!len) { |
if (!len) { |
2738 |
head->read_step = 0; |
head->read_step = 0; |
2743 |
return 0; |
return 0; |
2744 |
pos = 0; |
pos = 0; |
2745 |
/***** CRITICAL SECTION START *****/ |
/***** CRITICAL SECTION START *****/ |
2746 |
spin_lock(&query_lock); |
spin_lock(&query_list_lock); |
2747 |
list_for_each(tmp, &query_list) { |
list_for_each(tmp, &query_list) { |
2748 |
struct query_entry *ptr |
struct query_entry *ptr |
2749 |
= list_entry(tmp, struct query_entry, list); |
= list_entry(tmp, struct query_entry, list); |
2759 |
memmove(buf, ptr->query, len); |
memmove(buf, ptr->query, len); |
2760 |
break; |
break; |
2761 |
} |
} |
2762 |
spin_unlock(&query_lock); |
spin_unlock(&query_list_lock); |
2763 |
/***** CRITICAL SECTION END *****/ |
/***** CRITICAL SECTION END *****/ |
2764 |
if (buf[0]) { |
if (buf[0]) { |
2765 |
head->read_avail = len; |
head->read_avail = len; |
2786 |
unsigned int serial; |
unsigned int serial; |
2787 |
unsigned int answer; |
unsigned int answer; |
2788 |
/***** CRITICAL SECTION START *****/ |
/***** CRITICAL SECTION START *****/ |
2789 |
spin_lock(&query_lock); |
spin_lock(&query_list_lock); |
2790 |
list_for_each(tmp, &query_list) { |
list_for_each(tmp, &query_list) { |
2791 |
struct query_entry *ptr |
struct query_entry *ptr |
2792 |
= list_entry(tmp, struct query_entry, list); |
= list_entry(tmp, struct query_entry, list); |
2793 |
ptr->timer = 0; |
ptr->timer = 0; |
2794 |
} |
} |
2795 |
spin_unlock(&query_lock); |
spin_unlock(&query_list_lock); |
2796 |
/***** CRITICAL SECTION END *****/ |
/***** CRITICAL SECTION END *****/ |
2797 |
if (sscanf(data, "A%u=%u", &serial, &answer) != 2) |
if (sscanf(data, "A%u=%u", &serial, &answer) != 2) |
2798 |
return -EINVAL; |
return -EINVAL; |
2799 |
/***** CRITICAL SECTION START *****/ |
/***** CRITICAL SECTION START *****/ |
2800 |
spin_lock(&query_lock); |
spin_lock(&query_list_lock); |
2801 |
list_for_each(tmp, &query_list) { |
list_for_each(tmp, &query_list) { |
2802 |
struct query_entry *ptr |
struct query_entry *ptr |
2803 |
= list_entry(tmp, struct query_entry, list); |
= list_entry(tmp, struct query_entry, list); |
2807 |
ptr->answer = answer; |
ptr->answer = answer; |
2808 |
break; |
break; |
2809 |
} |
} |
2810 |
spin_unlock(&query_lock); |
spin_unlock(&query_list_lock); |
2811 |
/***** CRITICAL SECTION END *****/ |
/***** CRITICAL SECTION END *****/ |
2812 |
return 0; |
return 0; |
2813 |
} |
} |
2884 |
static int read_version(struct ccs_io_buffer *head) |
static int read_version(struct ccs_io_buffer *head) |
2885 |
{ |
{ |
2886 |
if (!head->read_eof) { |
if (!head->read_eof) { |
2887 |
ccs_io_printf(head, "1.6.4"); |
ccs_io_printf(head, "1.6.5-pre"); |
2888 |
head->read_eof = true; |
head->read_eof = true; |
2889 |
} |
} |
2890 |
return 0; |
return 0; |