Blame view
security/tomoyo/load_policy.c
2.54 KB
c3ef1500e TOMOYO: Split fil... |
1 2 3 |
/* * security/tomoyo/load_policy.c * |
0f2a55d5b TOMOYO: Update ke... |
4 |
* Copyright (C) 2005-2011 NTT DATA CORPORATION |
c3ef1500e TOMOYO: Split fil... |
5 6 7 |
*/ #include "common.h" |
0e4ae0e0d TOMOYO: Make seve... |
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER /* * Path to the policy loader. (default = CONFIG_SECURITY_TOMOYO_POLICY_LOADER) */ static const char *tomoyo_loader; /** * tomoyo_loader_setup - Set policy loader. * * @str: Program to use as a policy loader (e.g. /sbin/tomoyo-init ). * * Returns 0. */ static int __init tomoyo_loader_setup(char *str) { tomoyo_loader = str; return 0; } __setup("TOMOYO_loader=", tomoyo_loader_setup); |
c3ef1500e TOMOYO: Split fil... |
29 30 31 32 33 34 35 36 |
/** * tomoyo_policy_loader_exists - Check whether /sbin/tomoyo-init exists. * * Returns true if /sbin/tomoyo-init exists, false otherwise. */ static bool tomoyo_policy_loader_exists(void) { |
c3ef1500e TOMOYO: Split fil... |
37 |
struct path path; |
0e4ae0e0d TOMOYO: Make seve... |
38 39 |
if (!tomoyo_loader) tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER; |
c3ef1500e TOMOYO: Split fil... |
40 |
if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) { |
0e4ae0e0d TOMOYO: Make seve... |
41 42 43 |
printk(KERN_INFO "Not activating Mandatory Access Control " "as %s does not exist. ", tomoyo_loader); |
c3ef1500e TOMOYO: Split fil... |
44 45 46 47 48 |
return false; } path_put(&path); return true; } |
0e4ae0e0d TOMOYO: Make seve... |
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
/* * Path to the trigger. (default = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER) */ static const char *tomoyo_trigger; /** * tomoyo_trigger_setup - Set trigger for activation. * * @str: Program to use as an activation trigger (e.g. /sbin/init ). * * Returns 0. */ static int __init tomoyo_trigger_setup(char *str) { tomoyo_trigger = str; return 0; } __setup("TOMOYO_trigger=", tomoyo_trigger_setup); |
c3ef1500e TOMOYO: Split fil... |
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
/** * tomoyo_load_policy - Run external policy loader to load policy. * * @filename: The program about to start. * * This function checks whether @filename is /sbin/init , and if so * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init * and then continues invocation of /sbin/init. * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and * writes to /sys/kernel/security/tomoyo/ interfaces. * * Returns nothing. */ void tomoyo_load_policy(const char *filename) { |
0e4ae0e0d TOMOYO: Make seve... |
83 |
static bool done; |
c3ef1500e TOMOYO: Split fil... |
84 85 |
char *argv[2]; char *envp[3]; |
0e4ae0e0d TOMOYO: Make seve... |
86 |
if (tomoyo_policy_loaded || done) |
c3ef1500e TOMOYO: Split fil... |
87 |
return; |
0e4ae0e0d TOMOYO: Make seve... |
88 89 90 |
if (!tomoyo_trigger) tomoyo_trigger = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER; if (strcmp(filename, tomoyo_trigger)) |
c3ef1500e TOMOYO: Split fil... |
91 92 93 |
return; if (!tomoyo_policy_loader_exists()) return; |
0e4ae0e0d TOMOYO: Make seve... |
94 |
done = true; |
c3ef1500e TOMOYO: Split fil... |
95 96 97 98 99 100 101 102 103 104 105 |
printk(KERN_INFO "Calling %s to load policy. Please wait. ", tomoyo_loader); argv[0] = (char *) tomoyo_loader; argv[1] = NULL; envp[0] = "HOME=/"; envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; envp[2] = NULL; call_usermodehelper(argv[0], argv, envp, 1); tomoyo_check_profile(); } |
0e4ae0e0d TOMOYO: Make seve... |
106 107 |
#endif |