/** * __ccs_search_binary_handler - Load policy before calling search_binary_handler(). * * @bprm: Pointer to "struct linux_binprm". * @regs: Pointer to "struct pt_regs". * * Returns 0 on success, negative value otherwise. */ static int __ccs_search_binary_handler(struct linux_binprm *bprm, struct pt_regs *regs) { ccs_load_policy(bprm->filename); /* * ccs_load_policy() executes /sbin/ccs-init if bprm->filename is * /sbin/init . /sbin/ccs-init executes /etc/ccs/ccs-load-module to * load loadable kernel module. The loadable kernel module modifies * "struct ccsecurity_ops". Thus, we need to transfer control to * __ccs_search_binary_handler() in security/ccsecurity/domain.c * if "struct ccsecurity_ops" was modified. */ if (ccsecurity_ops.search_binary_handler != __ccs_search_binary_handler) return ccsecurity_ops.search_binary_handler(bprm, regs); return search_binary_handler(bprm, regs); }
/** * __ccs_search_binary_handler - Load policy before calling search_binary_handler(). * * @bprm: Pointer to "struct linux_binprm". * * Returns 0 on success, negative value otherwise. */ static int __ccs_search_binary_handler(struct linux_binprm *bprm) { #ifndef CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER ccs_load_policy(bprm->filename); #endif /* * ccs_load_policy() executes /sbin/ccs-init if bprm->filename is * /sbin/init. /sbin/ccs-init executes /etc/ccs/ccs-load-module to * load loadable kernel module. The loadable kernel module modifies * "struct ccsecurity_ops". Thus, we need to transfer control to * __ccs_search_binary_handler() in security/ccsecurity/permission.c * if "struct ccsecurity_ops" was modified. */ if (ccsecurity_ops.search_binary_handler != __ccs_search_binary_handler) return ccsecurity_ops.search_binary_handler(bprm); return search_binary_handler(bprm); }