/** * secfs_Init - security file initialize * * This function is security file initialize. * * return infomation * int:result */ static int __init secfs_Init(void) { int i; int result = 0; struct secfs_entry_file *pef; secfunc_init(); /* create directory */ secfsdir = securityfs_create_dir(SECFS_FOLDERNAME, NULL); if (IS_ERR(secfsdir)) { result = PTR_ERR(secfsdir); } else { struct dentry* pEntry[ARRAY_SIZE(g_entry_files)]; pef = g_entry_files; for (i = 0; i < ARRAY_SIZE(g_entry_files); i++, pef++) { pEntry[i] = secfs_create_entry(secfsdir, pef); if (IS_ERR(pEntry[i])) { result = PTR_ERR(pEntry[i]); for (--i; i >= 0; i--) { securityfs_remove(pEntry[i]); } securityfs_remove(secfsdir); secfsdir = NULL; SECERROR("securityfs_remove"); break; } else { pef->mExist = true; } } } return result; }
/** * seccore_exectldata - control data execute. * @pData: control binary data pointer * @size: control binary data size * * This function is control data execute. * * return infomation * true: execute success * false: execute failed */ bool seccore_exectldata(const char *pData, size_t size) { struct Header *pHeader = (struct Header*)pData; while (!IS_NONDATA(pHeader->mType)) { int type = 0; int size = 0; struct Control *pControl; pControl = (struct Control*)pHeader; switch (pControl->mHeader.mType) { case CONTROL_DELETE: type = 0; if (pControl->mData.mDelete.mTarget & CONTROL_DELETE_TARGET_CONTROL) /* delete control file */ type |= CONTROL_FILEREMOVE_TYPE_CONTROL; if (pControl->mData.mDelete.mTarget & CONTROL_DELETE_TARGET_PROCESSACCESS) /* delete process guard file */ type |= CONTROL_FILEREMOVE_TYPE_PROCESS; if (pControl->mData.mDelete.mTarget & CONTROL_DELETE_TARGET_FILEACCESS) /* delete file guard file */ type |= CONTROL_FILEREMOVE_TYPE_FILE; secpolicy_setctlfsremove(type); size = sizeof(struct Header) + sizeof(pControl->mData.mDelete.mTarget); break; case CONTROL_RESETDATA: if (pControl->mData.mResetData.mTarget & CONTROL_RESETDATA_TARGET_FILEACCESSGUARD) /* reset file guard */ secpolicy_resetfileguarddata(); if (pControl->mData.mResetData.mTarget & CONTROL_RESETDATA_TARGET_PROCESSACCESSGUARD) /* reset process guard */ secpolicy_resetprocguarddata(); size = sizeof(struct Header) + sizeof(pControl->mData.mResetData.mTarget); break; default: SECERROR("Unknown Type=%08X",pControl->mHeader.mType); return false; } /* header shift */ pHeader = seccore_nextheader(pHeader, size); while (IS_SEPARATE(pHeader->mType)) { pHeader = seccore_nextheader(pHeader, sizeof(struct Header)); } } return true; }
/** * seccore_parsecaller - caller data prase. * @pAccessData: access data pointer * @pCaller: caller policy data pointer * * This function is caller policy prase. * * return infomation * int: update caller policy data size */ static int seccore_parsecaller(struct Caller *pAccessData, struct PolicyCaller *pCaller) { int size = 0; switch (pCaller->mHeader.mType) { case POLICY_CALLER_TYPE_COMMANDNAME: pAccessData->mCheckMask |= CALLER_CHECKMASK_COMMANDNAME; size = pCaller->mData.mCommandName.mSize; pAccessData->mCmdLength = pCaller->mData.mCommandName.mSize; pAccessData->mpCmdLine = secfunc_malloc(pAccessData->mCmdLength + 1); if (pAccessData->mpCmdLine != NULL) { secfunc_memset(pAccessData->mpCmdLine, 0, pAccessData->mCmdLength + 1); secfunc_memcpy(pAccessData->mpCmdLine, pCaller->mData.mCommandName.mName, pAccessData->mCmdLength); size = sizeof(struct Header) + sizeof(pCaller->mData.mCommandName.mSize) + pCaller->mData.mCommandName.mSize; } break; case POLICY_CALLER_TYPE_UID_ONE: pAccessData->mCheckMask |= CALLER_CHECKMASK_UID; pAccessData->mCallerUid.mCheckMask |= CALLER_CHECKMASK_UID_ONE; pAccessData->mCallerUid.mUid = pCaller->mData.mUidOne.mUid; size = sizeof(struct Header) + sizeof(pCaller->mData.mUidOne.mUid); break; case POLICY_CALLER_TYPE_UID_LESS: pAccessData->mCheckMask |= CALLER_CHECKMASK_UID; pAccessData->mCallerUid.mCheckMask |= CALLER_CHECKMASK_UID_LESS; pAccessData->mCallerUid.mUid_Less = pCaller->mData.mUidLess.mUid; size = sizeof(struct Header) + sizeof(pCaller->mData.mUidLess.mUid); break; case POLICY_CALLER_TYPE_UID_MORE: pAccessData->mCheckMask |= CALLER_CHECKMASK_UID; pAccessData->mCallerUid.mCheckMask |= CALLER_CHECKMASK_UID_MORE; pAccessData->mCallerUid.mUid_More = pCaller->mData.mUidMore.mUid; size = sizeof(struct Header) + sizeof(pCaller->mData.mUidMore.mUid); break; case POLICY_CALLER_TYPE_GID_ONE: pAccessData->mCheckMask |= CALLER_CHECKMASK_GID; pAccessData->mCallerGid.mCheckMask |= CALLER_CHECKMASK_GID_ONE; pAccessData->mCallerGid.mGid = pCaller->mData.mGidOne.mGid; size = sizeof(struct Header) + sizeof(pCaller->mData.mGidOne.mGid); break; case POLICY_CALLER_TYPE_GID_LESS: pAccessData->mCheckMask |= CALLER_CHECKMASK_GID; pAccessData->mCallerGid.mCheckMask |= CALLER_CHECKMASK_GID_LESS; pAccessData->mCallerGid.mGid_Less = pCaller->mData.mGidLess.mGid; size = sizeof(struct Header) + sizeof(pCaller->mData.mGidLess.mGid); break; case POLICY_CALLER_TYPE_GID_MORE: pAccessData->mCheckMask |= CALLER_CHECKMASK_GID; pAccessData->mCallerGid.mCheckMask |= CALLER_CHECKMASK_GID_MORE; pAccessData->mCallerGid.mGid_More = pCaller->mData.mGidMore.mGid; size = sizeof(struct Header) + sizeof(pCaller->mData.mGidMore.mGid); break; case POLICY_CALLER_TYPE_PID_ONE: pAccessData->mCheckMask |= CALLER_CHECKMASK_PID; pAccessData->mCallerPid.mCheckMask |= CALLER_CHECKMASK_PID_ONE; pAccessData->mCallerPid.mPid = pCaller->mData.mPidOne.mPid; size = sizeof(struct Header) + sizeof(pCaller->mData.mPidOne.mPid); break; case POLICY_CALLER_TYPE_PID_LESS: pAccessData->mCheckMask |= CALLER_CHECKMASK_PID; pAccessData->mCallerPid.mCheckMask |= CALLER_CHECKMASK_PID_LESS; pAccessData->mCallerPid.mPid_Less = pCaller->mData.mPidLess.mPid; size = sizeof(struct Header) + sizeof(pCaller->mData.mPidLess.mPid); break; case POLICY_CALLER_TYPE_PID_MORE: pAccessData->mCheckMask |= CALLER_CHECKMASK_PID; pAccessData->mCallerPid.mCheckMask |= CALLER_CHECKMASK_PID_MORE; pAccessData->mCallerPid.mPid_More = pCaller->mData.mPidMore.mPid; size = sizeof(struct Header) + sizeof(pCaller->mData.mPidMore.mPid); break; case POLICY_CALLER_TYPE_ALL_DENIAL: pAccessData->mCheckMask |= CALLER_CHECKMASK_ALL_DENIAL; size = sizeof(struct Header); break; default: SECERROR("Unknown Type=%08X", pCaller->mHeader.mType); break; } return size; }