23 |
|
|
24 |
/************************* AUDIT FUNCTIONS *************************/ |
/************************* AUDIT FUNCTIONS *************************/ |
25 |
|
|
26 |
static int AuditArgv0Log(const struct path_info *filename, const char *argv0, const int is_granted) |
static int AuditArgv0Log(const struct path_info *filename, const char *argv0, const u8 is_granted) |
27 |
{ |
{ |
28 |
char *buf; |
char *buf; |
29 |
int len; |
int len; |
61 |
continue; |
continue; |
62 |
} |
} |
63 |
first_entry: ; |
first_entry: ; |
|
if (is_add == 1 && TooManyDomainACL(domain)) break; |
|
64 |
/* Not found. Append it to the tail. */ |
/* Not found. Append it to the tail. */ |
65 |
if ((new_ptr = alloc_element(sizeof(*new_ptr))) == NULL) break; |
if ((new_ptr = alloc_element(sizeof(*new_ptr))) == NULL) break; |
66 |
new_ptr->head.type = TYPE_ARGV0_ACL; |
new_ptr->head.type = TYPE_ARGV0_ACL; |
112 |
AuditArgv0Log(filename, argv0, !error); |
AuditArgv0Log(filename, argv0, !error); |
113 |
if (error) { |
if (error) { |
114 |
struct domain_info * const domain = current->domain_info; |
struct domain_info * const domain = current->domain_info; |
115 |
const int is_enforce = CheckCCSEnforce(CCS_TOMOYO_MAC_FOR_ARGV0); |
const u8 is_enforce = CheckCCSEnforce(CCS_TOMOYO_MAC_FOR_ARGV0); |
116 |
if (TomoyoVerboseMode()) { |
if (TomoyoVerboseMode()) { |
117 |
printk("TOMOYO-%s: Run %s as %s denied for %s\n", GetMSG(is_enforce), filename->name, argv0, GetLastName(domain)); |
printk("TOMOYO-%s: Run %s as %s denied for %s\n", GetMSG(is_enforce), filename->name, argv0, GetLastName(domain)); |
118 |
} |
} |
119 |
if (is_enforce) error = CheckSupervisor("%s\n" KEYWORD_ALLOW_ARGV0 "%s %s\n", domain->domainname->name, filename->name, argv0); |
if (is_enforce) error = CheckSupervisor("%s\n" KEYWORD_ALLOW_ARGV0 "%s %s\n", domain->domainname->name, filename->name, argv0); |
120 |
else if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_ARGV0)) AddArgv0Entry(filename->name, argv0, domain, 1, NULL); |
else if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_ARGV0, domain)) AddArgv0Entry(filename->name, argv0, domain, 1, NULL); |
121 |
if (!is_enforce) error = 0; |
if (!is_enforce) error = 0; |
122 |
} |
} |
123 |
return error; |
return error; |
124 |
} |
} |
125 |
EXPORT_SYMBOL(CheckArgv0Perm); |
EXPORT_SYMBOL(CheckArgv0Perm); |
126 |
|
|
127 |
int AddArgv0Policy(char *data, struct domain_info *domain, const int is_delete) |
int AddArgv0Policy(char *data, struct domain_info *domain, const u8 is_delete) |
128 |
{ |
{ |
129 |
char *argv0 = strchr(data, ' '); |
char *argv0 = strchr(data, ' '); |
130 |
char *cp; |
char *cp; |