/**
* secfs_Init - security file initialize
*
* This function is security file initialize.
*
* return infomation
* int:result
*/
static int __init secfs_Init(void)
{
int i;
int result = 0;
struct secfs_entry_file *pef;
secfunc_init();
/* create directory */
secfsdir = securityfs_create_dir(SECFS_FOLDERNAME, NULL);
if (IS_ERR(secfsdir)) {
result = PTR_ERR(secfsdir);
} else {
struct dentry* pEntry[ARRAY_SIZE(g_entry_files)];
pef = g_entry_files;
for (i = 0; i < ARRAY_SIZE(g_entry_files); i++, pef++) {
pEntry[i] = secfs_create_entry(secfsdir, pef);
if (IS_ERR(pEntry[i])) {
result = PTR_ERR(pEntry[i]);
for (--i; i >= 0; i--) {
securityfs_remove(pEntry[i]);
}
securityfs_remove(secfsdir);
secfsdir = NULL;
SECERROR("securityfs_remove");
break;
} else {
pef->mExist = true;
}
}
}
return result;
}
/**
* seccore_exectldata - control data execute.
* @pData: control binary data pointer
* @size: control binary data size
*
* This function is control data execute.
*
* return infomation
* true: execute success
* false: execute failed
*/
bool seccore_exectldata(const char *pData, size_t size)
{
struct Header *pHeader = (struct Header*)pData;
while (!IS_NONDATA(pHeader->mType)) {
int type = 0;
int size = 0;
struct Control *pControl;
pControl = (struct Control*)pHeader;
switch (pControl->mHeader.mType) {
case CONTROL_DELETE:
type = 0;
if (pControl->mData.mDelete.mTarget &
CONTROL_DELETE_TARGET_CONTROL)
/* delete control file */
type |= CONTROL_FILEREMOVE_TYPE_CONTROL;
if (pControl->mData.mDelete.mTarget &
CONTROL_DELETE_TARGET_PROCESSACCESS)
/* delete process guard file */
type |= CONTROL_FILEREMOVE_TYPE_PROCESS;
if (pControl->mData.mDelete.mTarget &
CONTROL_DELETE_TARGET_FILEACCESS)
/* delete file guard file */
type |= CONTROL_FILEREMOVE_TYPE_FILE;
secpolicy_setctlfsremove(type);
size = sizeof(struct Header)
+ sizeof(pControl->mData.mDelete.mTarget);
break;
case CONTROL_RESETDATA:
if (pControl->mData.mResetData.mTarget &
CONTROL_RESETDATA_TARGET_FILEACCESSGUARD)
/* reset file guard */
secpolicy_resetfileguarddata();
if (pControl->mData.mResetData.mTarget &
CONTROL_RESETDATA_TARGET_PROCESSACCESSGUARD)
/* reset process guard */
secpolicy_resetprocguarddata();
size = sizeof(struct Header)
+ sizeof(pControl->mData.mResetData.mTarget);
break;
default:
SECERROR("Unknown Type=%08X",pControl->mHeader.mType);
return false;
}
/* header shift */
pHeader = seccore_nextheader(pHeader, size);
while (IS_SEPARATE(pHeader->mType)) {
pHeader = seccore_nextheader(pHeader,
sizeof(struct Header));
}
}
return true;
}
/**
* seccore_parsecaller - caller data prase.
* @pAccessData: access data pointer
* @pCaller: caller policy data pointer
*
* This function is caller policy prase.
*
* return infomation
* int: update caller policy data size
*/
static int seccore_parsecaller(struct Caller *pAccessData,
struct PolicyCaller *pCaller)
{
int size = 0;
switch (pCaller->mHeader.mType) {
case POLICY_CALLER_TYPE_COMMANDNAME:
pAccessData->mCheckMask |= CALLER_CHECKMASK_COMMANDNAME;
size = pCaller->mData.mCommandName.mSize;
pAccessData->mCmdLength = pCaller->mData.mCommandName.mSize;
pAccessData->mpCmdLine = secfunc_malloc(pAccessData->mCmdLength + 1);
if (pAccessData->mpCmdLine != NULL) {
secfunc_memset(pAccessData->mpCmdLine,
0,
pAccessData->mCmdLength + 1);
secfunc_memcpy(pAccessData->mpCmdLine,
pCaller->mData.mCommandName.mName,
pAccessData->mCmdLength);
size = sizeof(struct Header)
+ sizeof(pCaller->mData.mCommandName.mSize)
+ pCaller->mData.mCommandName.mSize;
}
break;
case POLICY_CALLER_TYPE_UID_ONE:
pAccessData->mCheckMask |= CALLER_CHECKMASK_UID;
pAccessData->mCallerUid.mCheckMask |= CALLER_CHECKMASK_UID_ONE;
pAccessData->mCallerUid.mUid = pCaller->mData.mUidOne.mUid;
size = sizeof(struct Header)
+ sizeof(pCaller->mData.mUidOne.mUid);
break;
case POLICY_CALLER_TYPE_UID_LESS:
pAccessData->mCheckMask |= CALLER_CHECKMASK_UID;
pAccessData->mCallerUid.mCheckMask |= CALLER_CHECKMASK_UID_LESS;
pAccessData->mCallerUid.mUid_Less = pCaller->mData.mUidLess.mUid;
size = sizeof(struct Header)
+ sizeof(pCaller->mData.mUidLess.mUid);
break;
case POLICY_CALLER_TYPE_UID_MORE:
pAccessData->mCheckMask |= CALLER_CHECKMASK_UID;
pAccessData->mCallerUid.mCheckMask |= CALLER_CHECKMASK_UID_MORE;
pAccessData->mCallerUid.mUid_More = pCaller->mData.mUidMore.mUid;
size = sizeof(struct Header)
+ sizeof(pCaller->mData.mUidMore.mUid);
break;
case POLICY_CALLER_TYPE_GID_ONE:
pAccessData->mCheckMask |= CALLER_CHECKMASK_GID;
pAccessData->mCallerGid.mCheckMask |= CALLER_CHECKMASK_GID_ONE;
pAccessData->mCallerGid.mGid = pCaller->mData.mGidOne.mGid;
size = sizeof(struct Header)
+ sizeof(pCaller->mData.mGidOne.mGid);
break;
case POLICY_CALLER_TYPE_GID_LESS:
pAccessData->mCheckMask |= CALLER_CHECKMASK_GID;
pAccessData->mCallerGid.mCheckMask |= CALLER_CHECKMASK_GID_LESS;
pAccessData->mCallerGid.mGid_Less = pCaller->mData.mGidLess.mGid;
size = sizeof(struct Header)
+ sizeof(pCaller->mData.mGidLess.mGid);
break;
case POLICY_CALLER_TYPE_GID_MORE:
pAccessData->mCheckMask |= CALLER_CHECKMASK_GID;
pAccessData->mCallerGid.mCheckMask |= CALLER_CHECKMASK_GID_MORE;
pAccessData->mCallerGid.mGid_More = pCaller->mData.mGidMore.mGid;
size = sizeof(struct Header)
+ sizeof(pCaller->mData.mGidMore.mGid);
break;
case POLICY_CALLER_TYPE_PID_ONE:
pAccessData->mCheckMask |= CALLER_CHECKMASK_PID;
pAccessData->mCallerPid.mCheckMask |= CALLER_CHECKMASK_PID_ONE;
pAccessData->mCallerPid.mPid = pCaller->mData.mPidOne.mPid;
size = sizeof(struct Header)
+ sizeof(pCaller->mData.mPidOne.mPid);
break;
case POLICY_CALLER_TYPE_PID_LESS:
pAccessData->mCheckMask |= CALLER_CHECKMASK_PID;
pAccessData->mCallerPid.mCheckMask |= CALLER_CHECKMASK_PID_LESS;
pAccessData->mCallerPid.mPid_Less = pCaller->mData.mPidLess.mPid;
size = sizeof(struct Header)
+ sizeof(pCaller->mData.mPidLess.mPid);
break;
case POLICY_CALLER_TYPE_PID_MORE:
pAccessData->mCheckMask |= CALLER_CHECKMASK_PID;
pAccessData->mCallerPid.mCheckMask |= CALLER_CHECKMASK_PID_MORE;
pAccessData->mCallerPid.mPid_More = pCaller->mData.mPidMore.mPid;
size = sizeof(struct Header)
+ sizeof(pCaller->mData.mPidMore.mPid);
break;
case POLICY_CALLER_TYPE_ALL_DENIAL:
pAccessData->mCheckMask |= CALLER_CHECKMASK_ALL_DENIAL;
size = sizeof(struct Header);
break;
default:
SECERROR("Unknown Type=%08X", pCaller->mHeader.mType);
break;
}
return size;
}
