linux open_namei,刚学Linux 想问问这个程序写的什么 有大佬帮帮吗

该楼层疑似违规已被系统折叠 隐藏此楼查看此楼

#include

#include "common.h"

#include "tomoyo.h"

#include "realpath.h"

static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)

{

new->security = NULL;

return 0;

}

static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,

gfp_t gfp)

{

/*

* Since "struct tomoyo_domain_info *" is a sharable pointer,

* we don't need to duplicate.

*/

new->security = old->security;

return 0;

}

static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)

{

/*

* Since "struct tomoyo_domain_info *" is a sharable pointer,

* we don't need to duplicate.

*/

new->security = old->security;

}

static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)

{

int rc;

rc = cap_bprm_set_creds(bprm);

if (rc)

return rc;

/*

* Do only if this function is called for the first time of an execve

* operation.

*/

if (bprm->cred_prepared)

return 0;

/*

* Load policy if /sbin/tomoyo-init exists and /sbin/init is requested

* for the first time.

*/

if (!tomoyo_policy_loaded)

tomoyo_load_policy(bprm->filename);

/*

* Tell tomoyo_bprm_check_security() is called for the first time of an

* execve operation.

*/

bprm->cred->security = NULL;

return 0;

}

static int tomoyo_bprm_check_security(struct linux_binprm *bprm)

{

struct tomoyo_domain_info *domain = bprm->cred->security;

/*

* Execute permission is checked against pathname passed to do_execve()

* using current domain.

*/

if (!domain)

return tomoyo_find_next_domain(bprm);

/*

* Read permission is checked against interpreters using next domain.

* '1' is the result of open_to_namei_flags(O_RDONLY).

*/

return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1);

}

#ifdef CONFIG_SYSCTL

static int tomoyo_prepend(char **buffer, int *buflen, const char *str)

{

int namelen = strlen(str);

if (*buflen < namelen)

return -ENOMEM;

*buflen -= namelen;

*buffer -= namelen;

memcpy(*buffer, str, namelen);

return 0;

}

/**

* tomoyo_sysctl_path - return the realpath of a ctl_table.

* @table: pointer to "struct ctl_table".

*

* Returns realpath(3) of the @table on success.

* Returns NULL on failure.

*

* This function uses tomoyo_alloc(), so the caller must call tomoyo_free()

* if this function didn't return NULL.

*/

static char *tomoyo_sysctl_path(struct ctl_table *table)

{

int buflen = TOMOYO_MAX_PATHNAME_LEN;

char *buf = tomoyo_alloc(buflen);

char *end = buf + buflen;

int error = -ENOMEM;

if (!buf)

return NULL;

*--end = '\0';

buflen--;

while (table) {

char num[32];

const char *sp = table->procname;

if (!sp) {

memset(num, 0, sizeof(num));

snprintf(num, sizeof(num) - 1, "=%d=", table->ctl_name);

sp = num;

}

if (tomoyo_prepend(&end, &buflen, sp) ||

tomoyo_prepend(&end, &buflen, "/"))

goto out;

table = table->parent;

}

if (tomoyo_prepend(&end, &buflen, "/proc/sys"))

goto out;

error = tomoyo_encode(buf, end - buf, end);

out:

if (!error)

return buf;

tomoyo_free(buf);

return NULL;

}

static int tomoyo_sysctl(struct ctl_table *table, int op)

{

int error;

char *name;

op &= MAY_READ | MAY_WRITE;

if (!op)

return 0;

name = tomoyo_sysctl_path(table);

if (!name)

return -ENOMEM;

error = tomoyo_check_file_perm(tomoyo_domain(), name, op);

tomoyo_free(name);

return error;

}

#endif

static int tomoyo_path_truncate(struct path *path, loff_t length,

unsigned int time_attrs)

{

return tomoyo_check_1path_perm(tomoyo_domain(),

TOMOYO_TYPE_TRUNCATE_ACL,

path);

}

static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)

{

struct path path = { parent->mnt, dentry };

return tomoyo_check_1path_perm(tomoyo_domain(),

TOMOYO_TYPE_UNLINK_ACL,

&path);

}

static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,

int mode)

{

struct path path = { parent->mnt, dentry };

return tomoyo_check_1path_perm(tomoyo_domain(),

TOMOYO_TYPE_MKDIR_ACL,

&path);

}

static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)

{

struct path path = { parent->mnt, dentry };

return tomoyo_check_1path_perm(tomoyo_domain(),

TOMOYO_TYPE_RMDIR_ACL,

&path);

}

static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,

const char *old_name)

{

struct path path = { parent->mnt, dentry };

return tomoyo_check_1path_perm(tomoyo_domain(),

TOMOYO_TYPE_SYMLINK_ACL,

&path);

}

static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,

int mode, unsigned int dev)

{

struct path path = { parent->mnt, dentry };

int type = TOMOYO_TYPE_CREATE_ACL;

switch (mode & S_IFMT) {

case S_IFCHR:

type = TOMOYO_TYPE_MKCHAR_ACL;

break;

case S_IFBLK:

type = TOMOYO_TYPE_MKBLOCK_ACL;

break;

case S_IFIFO:

type = TOMOYO_TYPE_MKFIFO_ACL;

break;

case S_IFSOCK:

type = TOMOYO_TYPE_MKSOCK_ACL;

break;

}

return tomoyo_check_1path_perm(tomoyo_domain(),

type, &path);

}

static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,

struct dentry *new_dentry)

{

struct path path1 = { new_dir->mnt, old_dentry };

struct path path2 = { new_dir->mnt, new_dentry };

return tomoyo_check_2path_perm(tomoyo_domain(),

TOMOYO_TYPE_LINK_ACL,

&path1, &path2);

}

static int tomoyo_path_rename(struct path *old_parent,

struct dentry *old_dentry,

struct path *new_parent,

struct dentry *new_dentry)

{

struct path path1 = { old_parent->mnt, old_dentry };

struct path path2 = { new_parent->mnt, new_dentry };

return tomoyo_check_2path_perm(tomoyo_domain(),

TOMOYO_TYPE_RENAME_ACL,

&path1, &path2);

}

static int tomoyo_file_fcntl(struct file *file, unsigned int cmd,

unsigned long arg)

{

if (cmd == F_SETFL && ((arg ^ file->f_flags) & O_APPEND))

return tomoyo_check_rewrite_permission(tomoyo_domain(), file);

return 0;

}