static int rootfctrl_dentry_open(struct file *file, const struct cred *cred) { pid_t pid; char tcomm[sizeof(current->comm)], name_buf[MAX_NAME_BUF_LEN]; char *full_path = get_full_path(&file->f_path, NULL, name_buf); if (is_felica_RWP_file(full_path) || is_nfc_file(full_path)) { pid = task_tgid_vnr(current); get_task_comm(tcomm, current); RTFCTL_MSG("########## %s (felica/nfc) ##########\n", __FUNCTION__); RTFCTL_MSG("pid: %d (%s)\n", pid, tcomm); RTFCTL_MSG("uid: %d\n", current_uid()); RTFCTL_MSG("euid: %d, suid: %d\n", current_euid(), current_suid()); #if (RTFCTL_RUN_MODE != RTFCTL_TRACKING_MODE) if (is_non_felica_root(current_uid(), pid) || (current_uid() != current_euid())) { printk("[RTFCTL] RType-1-1 <%s-%s (%d, %d, %d, %d)>\n", full_path, tcomm, pid, current_uid(), current_euid(), current_suid()); return -EACCES; } #endif } else if (is_felica_WP_file(full_path)) { pid = task_tgid_vnr(current); get_task_comm(tcomm, current); RTFCTL_MSG("########## %s (WP) ##########\n", __FUNCTION__); RTFCTL_MSG("pid: %d (%s)\n", pid, tcomm); #if (RTFCTL_RUN_MODE != RTFCTL_TRACKING_MODE) if (pid == adbd_pid) { printk("[RTFCTL] RType-1-2 <%s-%s (%d)>\n", full_path, tcomm, pid); return -EACCES; } #endif } return 0; }
static long dek_ioctl_kek(struct file *file, unsigned int cmd, unsigned long arg) { unsigned int minor; if(!is_container_app() && !is_root()) { DEK_LOGE("Current process can't access kek device\n"); DEK_LOGE("Current process info :: " "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u " "fsuid=%u fsgid=%u\n", current_uid(), current_gid(), current_euid(), current_egid(), current_suid(), current_sgid(), current_fsuid(), current_fsgid()); dek_add_to_log(000, "Access denied to kek device"); return -EACCES; } minor = iminor(file->f_path.dentry->d_inode); return dek_do_ioctl_kek(minor, cmd, arg); }
/** * tomoyo_print_header - Get header line of audit log. * * @r: Pointer to "struct tomoyo_request_info". * * Returns string representation. * * This function uses kmalloc(), so caller must kfree() if this function * didn't return NULL. */ static char *tomoyo_print_header(struct tomoyo_request_info *r) { struct tomoyo_time stamp; const pid_t gpid = task_pid_nr(current); struct tomoyo_obj_info *obj = r->obj; static const int tomoyo_buffer_len = 4096; char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS); int pos; u8 i; if (!buffer) return NULL; { struct timeval tv; do_gettimeofday(&tv); tomoyo_convert_time(tv.tv_sec, &stamp); } pos = snprintf(buffer, tomoyo_buffer_len - 1, "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s " "granted=%s (global-pid=%u) task={ pid=%u ppid=%u " "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u " "fsuid=%u fsgid=%u }", stamp.year, stamp.month, stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid, tomoyo_sys_getpid(), tomoyo_sys_getppid(), current_uid(), current_gid(), current_euid(), current_egid(), current_suid(), current_sgid(), current_fsuid(), current_fsgid()); if (!obj) goto no_obj_info; if (!obj->validate_done) { tomoyo_get_attributes(obj); obj->validate_done = true; } for (i = 0; i < TOMOYO_MAX_PATH_STAT; i++) { struct tomoyo_mini_stat *stat; unsigned int dev; umode_t mode; if (!obj->stat_valid[i]) continue; stat = &obj->stat[i]; dev = stat->dev; mode = stat->mode; if (i & 1) { pos += snprintf(buffer + pos, tomoyo_buffer_len - 1 - pos, " path%u.parent={ uid=%u gid=%u " "ino=%lu perm=0%o }", (i >> 1) + 1, stat->uid, stat->gid, (unsigned long) stat->ino, stat->mode & S_IALLUGO); continue; } pos += snprintf(buffer + pos, tomoyo_buffer_len - 1 - pos, " path%u={ uid=%u gid=%u ino=%lu major=%u" " minor=%u perm=0%o type=%s", (i >> 1) + 1, stat->uid, stat->gid, (unsigned long) stat->ino, MAJOR(dev), MINOR(dev), mode & S_IALLUGO, tomoyo_filetype(mode)); if (S_ISCHR(mode) || S_ISBLK(mode)) { dev = stat->rdev; pos += snprintf(buffer + pos, tomoyo_buffer_len - 1 - pos, " dev_major=%u dev_minor=%u", MAJOR(dev), MINOR(dev)); } pos += snprintf(buffer + pos, tomoyo_buffer_len - 1 - pos, " }"); }