1 |
/* |
2 |
* include.h |
3 |
* |
4 |
* Common functions for testing TOMOYO Linux's kernel. |
5 |
* |
6 |
* Copyright (C) 2005-2007 NTT DATA CORPORATION |
7 |
* |
8 |
* Version: 1.5.0 2007/09/20 |
9 |
* |
10 |
*/ |
11 |
#include <errno.h> |
12 |
#include <fcntl.h> |
13 |
#include <linux/kdev_t.h> |
14 |
struct module; |
15 |
#include <linux/reboot.h> |
16 |
#include <linux/unistd.h> |
17 |
#include <netinet/in.h> |
18 |
#include <pty.h> |
19 |
#include <signal.h> |
20 |
#include <stdio.h> |
21 |
#include <stdlib.h> |
22 |
#include <string.h> |
23 |
#include <sys/mount.h> |
24 |
#include <sys/socket.h> |
25 |
#include <sys/stat.h> |
26 |
#include <sys/syscall.h> |
27 |
#include <sys/sysctl.h> |
28 |
#include <sys/time.h> |
29 |
#include <sys/timex.h> |
30 |
#include <sys/types.h> |
31 |
#include <sys/un.h> |
32 |
#include <sys/wait.h> |
33 |
#include <time.h> |
34 |
#include <unistd.h> |
35 |
#include <utime.h> |
36 |
#include <arpa/inet.h> |
37 |
#include <linux/ip.h> |
38 |
#include <sched.h> |
39 |
|
40 |
#ifndef __NR_sys_kexec_load |
41 |
#ifdef __NR_kexec_load |
42 |
#define __NR_sys_kexec_load __NR_kexec_load |
43 |
#endif |
44 |
#endif |
45 |
|
46 |
static pid_t gettid(void) { return syscall(__NR_gettid); } |
47 |
static int uselib(const char *library) { return syscall(__NR_uselib, library); } |
48 |
static caddr_t create_module(const char *name, size_t size) { return (caddr_t) syscall(__NR_create_module, name, size); } |
49 |
static int pivot_root(const char *new_root, const char *put_old) { return syscall(__NR_pivot_root, new_root, put_old); } |
50 |
static int tkill(int tid, int sig) { return syscall(__NR_tkill, tid, sig); } |
51 |
#ifdef __NR_tgkill |
52 |
static int tgkill(int tgid, int tid, int sig) { return syscall(__NR_tgkill, tgid, tid, sig); } |
53 |
#endif |
54 |
#ifdef __NR_sys_kexec_load |
55 |
struct kexec_segment; |
56 |
static long sys_kexec_load(unsigned long entry, unsigned long nr_segments, struct kexec_segment *segments, unsigned long flags) { return (long) syscall(__NR_sys_kexec_load, entry, nr_segments, segments, flags); } |
57 |
#endif |
58 |
int reboot(int magic, int magic2, int flag, void *arg); |
59 |
int init_module(const char *name, struct module *image); |
60 |
int delete_module(const char *name); |
61 |
|
62 |
static const char *proc_policy_dir = "/proc/ccs/", |
63 |
*proc_policy_domain_policy = "/proc/ccs/domain_policy", |
64 |
*proc_policy_exception_policy = "/proc/ccs/exception_policy", |
65 |
*proc_policy_system_policy = "/proc/ccs/system_policy", |
66 |
*proc_policy_profile = "/proc/ccs/profile", |
67 |
*proc_policy_manager = "/proc/ccs/manager", |
68 |
*proc_policy_query = "/proc/ccs/query", |
69 |
*proc_policy_grant_log = "/proc/ccs/grant_log", |
70 |
*proc_policy_reject_log = "/proc/ccs/reject_log", |
71 |
*proc_policy_domain_status = "/proc/ccs/.domain_status", |
72 |
*proc_policy_process_status = "/proc/ccs/.process_status", |
73 |
*proc_policy_self_domain = "/proc/ccs/self_domain"; |
74 |
|
75 |
static void PreInit(void) { |
76 |
if (access("/sys/kernel/security/tomoyo/", F_OK) == 0) { |
77 |
proc_policy_dir = "/sys/kernel/security/tomoyo/"; |
78 |
proc_policy_domain_policy = "/sys/kernel/security/tomoyo/domain_policy"; |
79 |
proc_policy_exception_policy = "/sys/kernel/security/tomoyo/exception_policy"; |
80 |
proc_policy_system_policy = "/sys/kernel/security/tomoyo/system_policy"; |
81 |
proc_policy_profile = "/sys/kernel/security/tomoyo/profile"; |
82 |
proc_policy_manager = "/sys/kernel/security/tomoyo/manager"; |
83 |
proc_policy_query = "/sys/kernel/security/tomoyo/query"; |
84 |
proc_policy_grant_log = "/sys/kernel/security/tomoyo/grant_log"; |
85 |
proc_policy_reject_log = "/sys/kernel/security/tomoyo/reject_log"; |
86 |
proc_policy_domain_status = "/sys/kernel/security/tomoyo/.domain_status"; |
87 |
proc_policy_process_status = "/sys/kernel/security/tomoyo/.process_status"; |
88 |
proc_policy_self_domain = "/sys/kernel/security/tomoyo/self_domain"; |
89 |
} else if (access("/proc/tomoyo/", F_OK) == 0) { |
90 |
proc_policy_dir = "/proc/tomoyo/"; |
91 |
proc_policy_domain_policy = "/proc/tomoyo/domain_policy"; |
92 |
proc_policy_exception_policy = "/proc/tomoyo/exception_policy"; |
93 |
proc_policy_system_policy = "/proc/tomoyo/system_policy"; |
94 |
proc_policy_profile = "/proc/tomoyo/profile"; |
95 |
proc_policy_manager = "/proc/tomoyo/manager"; |
96 |
proc_policy_query = "/proc/tomoyo/query"; |
97 |
proc_policy_grant_log = "/proc/tomoyo/grant_log"; |
98 |
proc_policy_reject_log = "/proc/tomoyo/reject_log"; |
99 |
proc_policy_domain_status = "/proc/tomoyo/.domain_status"; |
100 |
proc_policy_process_status = "/proc/tomoyo/.process_status"; |
101 |
proc_policy_self_domain = "/proc/tomoyo/self_domain"; |
102 |
} |
103 |
} |
104 |
|
105 |
static int status_fd = EOF; |
106 |
static int is_kernel26 = 0; |
107 |
static pid_t pid = 0; |
108 |
|
109 |
static void WriteStatus(const char *cp) { |
110 |
write(status_fd, "255-", 4); write(status_fd, cp, strlen(cp)); |
111 |
} |
112 |
|
113 |
static void ClearStatus(void) { |
114 |
FILE *fp = fopen(proc_policy_profile, "r"); |
115 |
static char buffer[4096]; |
116 |
if (!fp) { |
117 |
fprintf(stderr, "Can't open %s\n", proc_policy_profile); |
118 |
exit(1); |
119 |
} |
120 |
while (memset(buffer, 0, sizeof(buffer)), fgets(buffer, sizeof(buffer) - 10, fp)) { |
121 |
char *cp = strchr(buffer, '='); |
122 |
if (!cp) continue; *cp = '\0'; |
123 |
cp = strchr(buffer, '-'); |
124 |
if (!cp) continue; *cp++ = '\0'; |
125 |
if (strcmp(buffer, "0")) continue; |
126 |
//if (strcmp(cp, "TOMOYO_VERBOSE") == 0) continue; |
127 |
write(status_fd, "255-", 4); |
128 |
write(status_fd, cp, strlen(cp)); |
129 |
if (strcmp(cp, "COMMENT") == 0) { |
130 |
const char *cmd = "=Profile for kernel test\n"; |
131 |
write(status_fd, cmd, strlen(cmd)); continue; |
132 |
} |
133 |
write(status_fd, "=0\n", 3); |
134 |
} |
135 |
fclose(fp); |
136 |
} |
137 |
|
138 |
static void Init(void) { |
139 |
PreInit(); |
140 |
pid = getpid(); |
141 |
if (access(proc_policy_dir, F_OK)) { |
142 |
fprintf(stderr, "You can't use this program for this kernel.\n"); |
143 |
exit(1); |
144 |
} |
145 |
if ((status_fd = open(proc_policy_profile, O_WRONLY)) == EOF) { |
146 |
fprintf(stderr, "Can't open %s .\n", proc_policy_profile); |
147 |
exit(1); |
148 |
} |
149 |
if (write(status_fd, "", 0) != 0) { |
150 |
fprintf(stderr, "You need to register this program to %s to run this program.\n", proc_policy_manager); |
151 |
exit(1); |
152 |
} |
153 |
ClearStatus(); |
154 |
{ |
155 |
FILE *fp = fopen("/proc/sys/kernel/osrelease", "r"); |
156 |
int version = 0; |
157 |
if (!fp || fscanf(fp, "2.%d.", &version) != 1) { |
158 |
fprintf(stderr, "Can't read /proc/sys/kernel/osrelease\n"); |
159 |
exit(1); |
160 |
} |
161 |
fclose(fp); |
162 |
if (version == 6) is_kernel26 = 1; |
163 |
} |
164 |
{ |
165 |
char buffer[4096]; |
166 |
FILE *fp = fopen(proc_policy_self_domain, "r"); |
167 |
memset(buffer, 0, sizeof(buffer)); |
168 |
if (fp) { |
169 |
fgets(buffer, sizeof(buffer) - 1, fp); |
170 |
fclose(fp); |
171 |
} else exit(1); |
172 |
fp = fopen(proc_policy_domain_status, "w"); |
173 |
if (fp) { |
174 |
fprintf(fp, "255 %s\n", buffer); |
175 |
fclose(fp); |
176 |
} else exit(1); |
177 |
} |
178 |
} |