5 |
* |
* |
6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
7 |
* |
* |
8 |
* Version: 1.6.5-pre 2008/09/19 |
* Version: 1.6.5-pre 2008/10/01 |
9 |
* |
* |
10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
11 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
2473 |
} |
} |
2474 |
#endif |
#endif |
2475 |
#ifdef CONFIG_SAKURA |
#ifdef CONFIG_SAKURA |
2476 |
printk(KERN_INFO "SAKURA: 1.6.5-pre 2008/09/09\n"); |
printk(KERN_INFO "SAKURA: 1.6.5-pre 2008/10/01\n"); |
2477 |
#endif |
#endif |
2478 |
#ifdef CONFIG_TOMOYO |
#ifdef CONFIG_TOMOYO |
2479 |
printk(KERN_INFO "TOMOYO: 1.6.5-pre 2008/09/19\n"); |
printk(KERN_INFO "TOMOYO: 1.6.5-pre 2008/10/01\n"); |
2480 |
#endif |
#endif |
2481 |
printk(KERN_INFO "Mandatory Access Control activated.\n"); |
printk(KERN_INFO "Mandatory Access Control activated.\n"); |
2482 |
sbin_init_started = true; |
sbin_init_started = true; |
2518 |
/** |
/** |
2519 |
* ccs_check_supervisor - Ask for the supervisor's decision. |
* ccs_check_supervisor - Ask for the supervisor's decision. |
2520 |
* |
* |
2521 |
* @bprm: Pointer to "struct linux_binprm". May be NULL. |
* @retries: How many retries are made for this request. |
2522 |
* @fmt: The printf()'s format string, followed by parameters. |
* @bprm: Pointer to "struct linux_binprm". May be NULL. |
2523 |
|
* @fmt: The printf()'s format string, followed by parameters. |
2524 |
* |
* |
2525 |
* Returns 0 if the supervisor decided to permit the access request which |
* Returns 0 if the supervisor decided to permit the access request which |
2526 |
* violated the policy in enforcing mode, 1 if the supervisor decided to |
* violated the policy in enforcing mode, 1 if the supervisor decided to |
2527 |
* retry the access request which violated the policy in enforcing mode, |
* retry the access request which violated the policy in enforcing mode, |
2528 |
* -EPERM otherwise. |
* -EPERM otherwise. |
2529 |
*/ |
*/ |
2530 |
int ccs_check_supervisor(struct linux_binprm *bprm, const char *fmt, ...) |
int ccs_check_supervisor(const unsigned short int retries, |
2531 |
|
struct linux_binprm *bprm, const char *fmt, ...) |
2532 |
{ |
{ |
2533 |
va_list args; |
va_list args; |
2534 |
int error = -EPERM; |
int error = -EPERM; |
2570 |
query_entry->serial = serial++; |
query_entry->serial = serial++; |
2571 |
spin_unlock(&query_lock); |
spin_unlock(&query_lock); |
2572 |
/***** CRITICAL SECTION END *****/ |
/***** CRITICAL SECTION END *****/ |
2573 |
pos = snprintf(query_entry->query, len - 1, "Q%u\n%s", |
pos = snprintf(query_entry->query, len - 1, "Q%u-%hu\n%s", |
2574 |
query_entry->serial, header); |
query_entry->serial, retries, header); |
2575 |
ccs_free(header); |
ccs_free(header); |
2576 |
header = NULL; |
header = NULL; |
2577 |
va_start(args, fmt); |
va_start(args, fmt); |
3075 |
if (!access_ok(VERIFY_READ, buffer, buffer_len)) |
if (!access_ok(VERIFY_READ, buffer, buffer_len)) |
3076 |
return -EFAULT; |
return -EFAULT; |
3077 |
/* Don't allow updating policies by non manager programs. */ |
/* Don't allow updating policies by non manager programs. */ |
3078 |
if (head->write != write_pid && head->write != write_domain_policy && |
if (head->write != write_pid && |
3079 |
|
#ifdef CONFIG_TOMOYO |
3080 |
|
head->write != write_domain_policy && |
3081 |
|
#endif |
3082 |
!is_policy_manager()) |
!is_policy_manager()) |
3083 |
return -EPERM; |
return -EPERM; |
3084 |
if (mutex_lock_interruptible(&head->io_sem)) |
if (mutex_lock_interruptible(&head->io_sem)) |