| 1 |
/* |
| 2 |
* include.h |
| 3 |
* |
| 4 |
* Common functions for testing TOMOYO Linux's kernel. |
| 5 |
* |
| 6 |
* Copyright (C) 2005-2007 NTT DATA CORPORATION |
| 7 |
* |
| 8 |
* Version: 1.5.0 2007/09/20 |
| 9 |
* |
| 10 |
*/ |
| 11 |
#include <errno.h> |
| 12 |
#include <fcntl.h> |
| 13 |
#include <linux/kdev_t.h> |
| 14 |
struct module; |
| 15 |
#include <linux/reboot.h> |
| 16 |
#include <linux/unistd.h> |
| 17 |
#include <netinet/in.h> |
| 18 |
#include <pty.h> |
| 19 |
#include <signal.h> |
| 20 |
#include <stdio.h> |
| 21 |
#include <stdlib.h> |
| 22 |
#include <string.h> |
| 23 |
#include <sys/mount.h> |
| 24 |
#include <sys/socket.h> |
| 25 |
#include <sys/stat.h> |
| 26 |
#include <sys/syscall.h> |
| 27 |
#include <sys/sysctl.h> |
| 28 |
#include <sys/time.h> |
| 29 |
#include <sys/timex.h> |
| 30 |
#include <sys/types.h> |
| 31 |
#include <sys/un.h> |
| 32 |
#include <sys/wait.h> |
| 33 |
#include <time.h> |
| 34 |
#include <unistd.h> |
| 35 |
#include <utime.h> |
| 36 |
#include <arpa/inet.h> |
| 37 |
#include <linux/ip.h> |
| 38 |
#include <sched.h> |
| 39 |
|
| 40 |
#ifndef __NR_sys_kexec_load |
| 41 |
#ifdef __NR_kexec_load |
| 42 |
#define __NR_sys_kexec_load __NR_kexec_load |
| 43 |
#endif |
| 44 |
#endif |
| 45 |
|
| 46 |
static pid_t gettid(void) { return syscall(__NR_gettid); } |
| 47 |
static int uselib(const char *library) { return syscall(__NR_uselib, library); } |
| 48 |
static caddr_t create_module(const char *name, size_t size) { return (caddr_t) syscall(__NR_create_module, name, size); } |
| 49 |
static int pivot_root(const char *new_root, const char *put_old) { return syscall(__NR_pivot_root, new_root, put_old); } |
| 50 |
static int tkill(int tid, int sig) { return syscall(__NR_tkill, tid, sig); } |
| 51 |
#ifdef __NR_tgkill |
| 52 |
static int tgkill(int tgid, int tid, int sig) { return syscall(__NR_tgkill, tgid, tid, sig); } |
| 53 |
#endif |
| 54 |
#ifdef __NR_sys_kexec_load |
| 55 |
struct kexec_segment; |
| 56 |
static long sys_kexec_load(unsigned long entry, unsigned long nr_segments, struct kexec_segment *segments, unsigned long flags) { return (long) syscall(__NR_sys_kexec_load, entry, nr_segments, segments, flags); } |
| 57 |
#endif |
| 58 |
int reboot(int magic, int magic2, int flag, void *arg); |
| 59 |
int init_module(const char *name, struct module *image); |
| 60 |
int delete_module(const char *name); |
| 61 |
|
| 62 |
static const char *proc_policy_dir = "/proc/ccs/", |
| 63 |
*proc_policy_domain_policy = "/proc/ccs/domain_policy", |
| 64 |
*proc_policy_exception_policy = "/proc/ccs/exception_policy", |
| 65 |
*proc_policy_system_policy = "/proc/ccs/system_policy", |
| 66 |
*proc_policy_profile = "/proc/ccs/profile", |
| 67 |
*proc_policy_manager = "/proc/ccs/manager", |
| 68 |
*proc_policy_query = "/proc/ccs/query", |
| 69 |
*proc_policy_grant_log = "/proc/ccs/grant_log", |
| 70 |
*proc_policy_reject_log = "/proc/ccs/reject_log", |
| 71 |
*proc_policy_domain_status = "/proc/ccs/.domain_status", |
| 72 |
*proc_policy_process_status = "/proc/ccs/.process_status", |
| 73 |
*proc_policy_self_domain = "/proc/ccs/self_domain"; |
| 74 |
|
| 75 |
static void PreInit(void) { |
| 76 |
if (access("/sys/kernel/security/tomoyo/", F_OK) == 0) { |
| 77 |
proc_policy_dir = "/sys/kernel/security/tomoyo/"; |
| 78 |
proc_policy_domain_policy = "/sys/kernel/security/tomoyo/domain_policy"; |
| 79 |
proc_policy_exception_policy = "/sys/kernel/security/tomoyo/exception_policy"; |
| 80 |
proc_policy_system_policy = "/sys/kernel/security/tomoyo/system_policy"; |
| 81 |
proc_policy_profile = "/sys/kernel/security/tomoyo/profile"; |
| 82 |
proc_policy_manager = "/sys/kernel/security/tomoyo/manager"; |
| 83 |
proc_policy_query = "/sys/kernel/security/tomoyo/query"; |
| 84 |
proc_policy_grant_log = "/sys/kernel/security/tomoyo/grant_log"; |
| 85 |
proc_policy_reject_log = "/sys/kernel/security/tomoyo/reject_log"; |
| 86 |
proc_policy_domain_status = "/sys/kernel/security/tomoyo/.domain_status"; |
| 87 |
proc_policy_process_status = "/sys/kernel/security/tomoyo/.process_status"; |
| 88 |
proc_policy_self_domain = "/sys/kernel/security/tomoyo/self_domain"; |
| 89 |
} else if (access("/proc/tomoyo/", F_OK) == 0) { |
| 90 |
proc_policy_dir = "/proc/tomoyo/"; |
| 91 |
proc_policy_domain_policy = "/proc/tomoyo/domain_policy"; |
| 92 |
proc_policy_exception_policy = "/proc/tomoyo/exception_policy"; |
| 93 |
proc_policy_system_policy = "/proc/tomoyo/system_policy"; |
| 94 |
proc_policy_profile = "/proc/tomoyo/profile"; |
| 95 |
proc_policy_manager = "/proc/tomoyo/manager"; |
| 96 |
proc_policy_query = "/proc/tomoyo/query"; |
| 97 |
proc_policy_grant_log = "/proc/tomoyo/grant_log"; |
| 98 |
proc_policy_reject_log = "/proc/tomoyo/reject_log"; |
| 99 |
proc_policy_domain_status = "/proc/tomoyo/.domain_status"; |
| 100 |
proc_policy_process_status = "/proc/tomoyo/.process_status"; |
| 101 |
proc_policy_self_domain = "/proc/tomoyo/self_domain"; |
| 102 |
} |
| 103 |
} |
| 104 |
|
| 105 |
static int status_fd = EOF; |
| 106 |
static int is_kernel26 = 0; |
| 107 |
static pid_t pid = 0; |
| 108 |
|
| 109 |
static void WriteStatus(const char *cp) { |
| 110 |
write(status_fd, "255-", 4); write(status_fd, cp, strlen(cp)); |
| 111 |
} |
| 112 |
|
| 113 |
static void ClearStatus(void) { |
| 114 |
FILE *fp = fopen(proc_policy_profile, "r"); |
| 115 |
static char buffer[4096]; |
| 116 |
if (!fp) { |
| 117 |
fprintf(stderr, "Can't open %s\n", proc_policy_profile); |
| 118 |
exit(1); |
| 119 |
} |
| 120 |
while (memset(buffer, 0, sizeof(buffer)), fgets(buffer, sizeof(buffer) - 10, fp)) { |
| 121 |
char *cp = strchr(buffer, '='); |
| 122 |
if (!cp) continue; *cp = '\0'; |
| 123 |
cp = strchr(buffer, '-'); |
| 124 |
if (!cp) continue; *cp++ = '\0'; |
| 125 |
if (strcmp(buffer, "0")) continue; |
| 126 |
//if (strcmp(cp, "TOMOYO_VERBOSE") == 0) continue; |
| 127 |
write(status_fd, "255-", 4); |
| 128 |
write(status_fd, cp, strlen(cp)); |
| 129 |
if (strcmp(cp, "COMMENT") == 0) { |
| 130 |
const char *cmd = "=Profile for kernel test\n"; |
| 131 |
write(status_fd, cmd, strlen(cmd)); continue; |
| 132 |
} |
| 133 |
write(status_fd, "=0\n", 3); |
| 134 |
} |
| 135 |
fclose(fp); |
| 136 |
} |
| 137 |
|
| 138 |
static void Init(void) { |
| 139 |
PreInit(); |
| 140 |
pid = getpid(); |
| 141 |
if (access(proc_policy_dir, F_OK)) { |
| 142 |
fprintf(stderr, "You can't use this program for this kernel.\n"); |
| 143 |
exit(1); |
| 144 |
} |
| 145 |
if ((status_fd = open(proc_policy_profile, O_WRONLY)) == EOF) { |
| 146 |
fprintf(stderr, "Can't open %s .\n", proc_policy_profile); |
| 147 |
exit(1); |
| 148 |
} |
| 149 |
if (write(status_fd, "", 0) != 0) { |
| 150 |
fprintf(stderr, "You need to register this program to %s to run this program.\n", proc_policy_manager); |
| 151 |
exit(1); |
| 152 |
} |
| 153 |
ClearStatus(); |
| 154 |
{ |
| 155 |
FILE *fp = fopen("/proc/sys/kernel/osrelease", "r"); |
| 156 |
int version = 0; |
| 157 |
if (!fp || fscanf(fp, "2.%d.", &version) != 1) { |
| 158 |
fprintf(stderr, "Can't read /proc/sys/kernel/osrelease\n"); |
| 159 |
exit(1); |
| 160 |
} |
| 161 |
fclose(fp); |
| 162 |
if (version == 6) is_kernel26 = 1; |
| 163 |
} |
| 164 |
{ |
| 165 |
char buffer[4096]; |
| 166 |
FILE *fp = fopen(proc_policy_self_domain, "r"); |
| 167 |
memset(buffer, 0, sizeof(buffer)); |
| 168 |
if (fp) { |
| 169 |
fgets(buffer, sizeof(buffer) - 1, fp); |
| 170 |
fclose(fp); |
| 171 |
} else exit(1); |
| 172 |
fp = fopen(proc_policy_domain_status, "w"); |
| 173 |
if (fp) { |
| 174 |
fprintf(fp, "255 %s\n", buffer); |
| 175 |
fclose(fp); |
| 176 |
} else exit(1); |
| 177 |
} |
| 178 |
} |
TOMOYO
Parent Directory
Revision Log