| 5 |
* |
* |
| 6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
| 7 |
* |
* |
| 8 |
* Version: 1.6.5-pre 2008/09/19 |
* Version: 1.6.5-pre 2008/10/01 |
| 9 |
* |
* |
| 10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
| 11 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
| 2473 |
} |
} |
| 2474 |
#endif |
#endif |
| 2475 |
#ifdef CONFIG_SAKURA |
#ifdef CONFIG_SAKURA |
| 2476 |
printk(KERN_INFO "SAKURA: 1.6.5-pre 2008/09/09\n"); |
printk(KERN_INFO "SAKURA: 1.6.5-pre 2008/10/01\n"); |
| 2477 |
#endif |
#endif |
| 2478 |
#ifdef CONFIG_TOMOYO |
#ifdef CONFIG_TOMOYO |
| 2479 |
printk(KERN_INFO "TOMOYO: 1.6.5-pre 2008/09/19\n"); |
printk(KERN_INFO "TOMOYO: 1.6.5-pre 2008/10/01\n"); |
| 2480 |
#endif |
#endif |
| 2481 |
printk(KERN_INFO "Mandatory Access Control activated.\n"); |
printk(KERN_INFO "Mandatory Access Control activated.\n"); |
| 2482 |
sbin_init_started = true; |
sbin_init_started = true; |
| 2518 |
/** |
/** |
| 2519 |
* ccs_check_supervisor - Ask for the supervisor's decision. |
* ccs_check_supervisor - Ask for the supervisor's decision. |
| 2520 |
* |
* |
| 2521 |
* @bprm: Pointer to "struct linux_binprm". May be NULL. |
* @retries: How many retries are made for this request. |
| 2522 |
* @fmt: The printf()'s format string, followed by parameters. |
* @bprm: Pointer to "struct linux_binprm". May be NULL. |
| 2523 |
|
* @fmt: The printf()'s format string, followed by parameters. |
| 2524 |
* |
* |
| 2525 |
* Returns 0 if the supervisor decided to permit the access request which |
* Returns 0 if the supervisor decided to permit the access request which |
| 2526 |
* violated the policy in enforcing mode, 1 if the supervisor decided to |
* violated the policy in enforcing mode, 1 if the supervisor decided to |
| 2527 |
* retry the access request which violated the policy in enforcing mode, |
* retry the access request which violated the policy in enforcing mode, |
| 2528 |
* -EPERM otherwise. |
* -EPERM otherwise. |
| 2529 |
*/ |
*/ |
| 2530 |
int ccs_check_supervisor(struct linux_binprm *bprm, const char *fmt, ...) |
int ccs_check_supervisor(const unsigned short int retries, |
| 2531 |
|
struct linux_binprm *bprm, const char *fmt, ...) |
| 2532 |
{ |
{ |
| 2533 |
va_list args; |
va_list args; |
| 2534 |
int error = -EPERM; |
int error = -EPERM; |
| 2570 |
query_entry->serial = serial++; |
query_entry->serial = serial++; |
| 2571 |
spin_unlock(&query_lock); |
spin_unlock(&query_lock); |
| 2572 |
/***** CRITICAL SECTION END *****/ |
/***** CRITICAL SECTION END *****/ |
| 2573 |
pos = snprintf(query_entry->query, len - 1, "Q%u\n%s", |
pos = snprintf(query_entry->query, len - 1, "Q%u-%hu\n%s", |
| 2574 |
query_entry->serial, header); |
query_entry->serial, retries, header); |
| 2575 |
ccs_free(header); |
ccs_free(header); |
| 2576 |
header = NULL; |
header = NULL; |
| 2577 |
va_start(args, fmt); |
va_start(args, fmt); |
| 3075 |
if (!access_ok(VERIFY_READ, buffer, buffer_len)) |
if (!access_ok(VERIFY_READ, buffer, buffer_len)) |
| 3076 |
return -EFAULT; |
return -EFAULT; |
| 3077 |
/* Don't allow updating policies by non manager programs. */ |
/* Don't allow updating policies by non manager programs. */ |
| 3078 |
if (head->write != write_pid && head->write != write_domain_policy && |
if (head->write != write_pid && |
| 3079 |
|
#ifdef CONFIG_TOMOYO |
| 3080 |
|
head->write != write_domain_policy && |
| 3081 |
|
#endif |
| 3082 |
!is_policy_manager()) |
!is_policy_manager()) |
| 3083 |
return -EPERM; |
return -EPERM; |
| 3084 |
if (mutex_lock_interruptible(&head->io_sem)) |
if (mutex_lock_interruptible(&head->io_sem)) |
TOMOYO
Parent Directory
Revision Log
Patch