/** * secfs_policy_procguard_release - process access guard file close * @inode: node pointer * @file: file pointer * * This function is process access guard file close. * SECFS_FILENAME_POLICY_PROCESSACCESSGUARD * * return infomation * int:result */ static int secfs_policy_procguard_release( struct inode *inode, struct file *file) { int result = 0; int type; int idx; idx = secfunc_lock(); type = secpolicy_getctlfsremove(); if ((type & CONTROL_FILEREMOVE_TYPE_PROCESS) != 0) { g_entry_files[SECFS_KEY_POLICY_PROCESSACCESSGUARD].mExist = false; securityfs_remove(file->f_dentry); type &= ~CONTROL_FILEREMOVE_TYPE_PROCESS; secpolicy_setctlfsremove(type); if (secfs_count_using_files() == 0) { securityfs_remove(secfsdir); secfsdir = NULL; } } secfunc_unlock(idx); return result; }
/** * seccore_exectldata - control data execute. * @pData: control binary data pointer * @size: control binary data size * * This function is control data execute. * * return infomation * true: execute success * false: execute failed */ bool seccore_exectldata(const char *pData, size_t size) { struct Header *pHeader = (struct Header*)pData; while (!IS_NONDATA(pHeader->mType)) { int type = 0; int size = 0; struct Control *pControl; pControl = (struct Control*)pHeader; switch (pControl->mHeader.mType) { case CONTROL_DELETE: type = 0; if (pControl->mData.mDelete.mTarget & CONTROL_DELETE_TARGET_CONTROL) /* delete control file */ type |= CONTROL_FILEREMOVE_TYPE_CONTROL; if (pControl->mData.mDelete.mTarget & CONTROL_DELETE_TARGET_PROCESSACCESS) /* delete process guard file */ type |= CONTROL_FILEREMOVE_TYPE_PROCESS; if (pControl->mData.mDelete.mTarget & CONTROL_DELETE_TARGET_FILEACCESS) /* delete file guard file */ type |= CONTROL_FILEREMOVE_TYPE_FILE; secpolicy_setctlfsremove(type); size = sizeof(struct Header) + sizeof(pControl->mData.mDelete.mTarget); break; case CONTROL_RESETDATA: if (pControl->mData.mResetData.mTarget & CONTROL_RESETDATA_TARGET_FILEACCESSGUARD) /* reset file guard */ secpolicy_resetfileguarddata(); if (pControl->mData.mResetData.mTarget & CONTROL_RESETDATA_TARGET_PROCESSACCESSGUARD) /* reset process guard */ secpolicy_resetprocguarddata(); size = sizeof(struct Header) + sizeof(pControl->mData.mResetData.mTarget); break; default: SECERROR("Unknown Type=%08X",pControl->mHeader.mType); return false; } /* header shift */ pHeader = seccore_nextheader(pHeader, size); while (IS_SEPARATE(pHeader->mType)) { pHeader = seccore_nextheader(pHeader, sizeof(struct Header)); } } return true; }