示例#1
0
/**
 * secfs_policy_procguard_release - process access guard file close
 * @inode: node pointer
 * @file: file pointer
 * 
 * This function is process access guard file close.
 * SECFS_FILENAME_POLICY_PROCESSACCESSGUARD
 *
 * return infomation
 * int:result
 */
static int secfs_policy_procguard_release(
			struct inode *inode,
			struct file *file)
{
	int result = 0;
	int type;
    int idx;
	
	idx = secfunc_lock();
	
	type = secpolicy_getctlfsremove();
	if ((type & CONTROL_FILEREMOVE_TYPE_PROCESS) != 0) {
		g_entry_files[SECFS_KEY_POLICY_PROCESSACCESSGUARD].mExist
								= false;
		securityfs_remove(file->f_dentry);
		type &= ~CONTROL_FILEREMOVE_TYPE_PROCESS;
		secpolicy_setctlfsremove(type);
		if (secfs_count_using_files() == 0) {
			securityfs_remove(secfsdir);
			secfsdir = NULL;
		}
	}
	
	secfunc_unlock(idx);
	
	return result;
}
示例#2
0
/**
 * seccore_exectldata - control data execute.
 * @pData: control binary data pointer
 * @size: control binary data size
 * 
 * This function is control data execute.
 *
 * return infomation
 * true: execute success
 * false: execute failed
 */
bool seccore_exectldata(const char *pData, size_t size)
{
	struct Header *pHeader = (struct Header*)pData;
	while (!IS_NONDATA(pHeader->mType)) {
		int type = 0;
		int size = 0;
		struct Control *pControl;
		pControl = (struct Control*)pHeader;
		
		switch (pControl->mHeader.mType) {
		case CONTROL_DELETE:
			type = 0;
			if (pControl->mData.mDelete.mTarget &
			    CONTROL_DELETE_TARGET_CONTROL)
				/* delete control file */
				type |= CONTROL_FILEREMOVE_TYPE_CONTROL;
			
			if (pControl->mData.mDelete.mTarget &
			    CONTROL_DELETE_TARGET_PROCESSACCESS)
				/* delete process guard file */
				type |= CONTROL_FILEREMOVE_TYPE_PROCESS;
			
			if (pControl->mData.mDelete.mTarget &
			    CONTROL_DELETE_TARGET_FILEACCESS)
				/* delete file guard file */
				type |= CONTROL_FILEREMOVE_TYPE_FILE;
			
			secpolicy_setctlfsremove(type);
			size = sizeof(struct Header)
			     + sizeof(pControl->mData.mDelete.mTarget);
			break;
		case CONTROL_RESETDATA:
			if (pControl->mData.mResetData.mTarget &
			    CONTROL_RESETDATA_TARGET_FILEACCESSGUARD)
				/* reset file guard */
				secpolicy_resetfileguarddata();
			
			if (pControl->mData.mResetData.mTarget &
			    CONTROL_RESETDATA_TARGET_PROCESSACCESSGUARD)
				/* reset process guard */
				secpolicy_resetprocguarddata();
			
			size = sizeof(struct Header)
			     + sizeof(pControl->mData.mResetData.mTarget);
			break;
		default:
			SECERROR("Unknown Type=%08X",pControl->mHeader.mType);
			return false;
		}
		
		/* header shift */
		pHeader = seccore_nextheader(pHeader, size);
		while (IS_SEPARATE(pHeader->mType)) {
			pHeader = seccore_nextheader(pHeader,
						sizeof(struct Header));
		}
		
	}
	return true;
}