• R/O
  • SSH
  • HTTPS

akari: Commit


Commit MetaInfo

Revisión654 (tree)
Tiempo2020-09-18 00:34:13
Autorkumaneko

Log Message

(empty log message)

Cambiar Resumen

Diferencia incremental

--- trunk/akari/load_policy.c (revision 653)
+++ trunk/akari/load_policy.c (revision 654)
@@ -246,7 +246,7 @@
246246
247247 #if 0
248248 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
249-
249+
250250 /**
251251 * ccs_start_execve - Load policy before calling search_binary_handler().
252252 *
--- trunk/akari/permission.c (revision 653)
+++ trunk/akari/permission.c (revision 654)
@@ -1533,9 +1533,13 @@
15331533 int ccs_start_execve(struct linux_binprm *bprm, struct ccs_execve **eep)
15341534 {
15351535 int retval;
1536- struct ccs_security *task = ccs_current_security();
1536+ struct ccs_security *task;
15371537 struct ccs_execve *ee;
15381538 int idx;
1539+#ifndef CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER
1540+ if (!ccs_policy_loaded)
1541+ ccsecurity_exports.load_policy(bprm->filename);
1542+#endif
15391543 *eep = NULL;
15401544 ee = kzalloc(sizeof(*ee), CCS_GFP_FLAGS);
15411545 if (!ee)
@@ -1546,6 +1550,7 @@
15461550 return -ENOMEM;
15471551 }
15481552 ccs_audit_alloc_execve(ee);
1553+ task = ccs_current_security();
15491554 idx = ccs_read_lock();
15501555 /* ee->dump->data is allocated by ccs_dump_page(). */
15511556 ee->previous_domain = task->ccs_domain_info;
@@ -1652,12 +1657,7 @@
16521657 struct pt_regs *regs)
16531658 {
16541659 struct ccs_execve *ee;
1655- int retval;
1656-#ifndef CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER
1657- if (!ccs_policy_loaded)
1658- ccsecurity_exports.load_policy(bprm->filename);
1659-#endif
1660- retval = ccs_start_execve(bprm, &ee);
1660+ int retval = ccs_start_execve(bprm, &ee);
16611661 if (!retval)
16621662 retval = search_binary_handler(bprm, regs);
16631663 ccs_finish_execve(retval, ee);
@@ -1684,12 +1684,7 @@
16841684 static int __ccs_search_binary_handler(struct linux_binprm *bprm)
16851685 {
16861686 struct ccs_execve *ee;
1687- int retval;
1688-#ifndef CONFIG_CCSECURITY_OMIT_USERSPACE_LOADER
1689- if (!ccs_policy_loaded)
1690- ccsecurity_exports.load_policy(bprm->filename);
1691-#endif
1692- retval = ccs_start_execve(bprm, &ee);
1687+ int retval = ccs_start_execve(bprm, &ee);
16931688 if (!retval)
16941689 retval = search_binary_handler(bprm);
16951690 ccs_finish_execve(retval, ee);
--- trunk/akari/policy_io.c (revision 653)
+++ trunk/akari/policy_io.c (revision 654)
@@ -2025,7 +2025,7 @@
20252025 * ccs_get_condition - Parse condition part.
20262026 *
20272027 * @param: Pointer to "struct ccs_acl_param".
2028- * @pref: Can include domain transition preference?
2028+ * @pref: Can include domain transition preference?
20292029 *
20302030 * Returns pointer to "struct ccs_condition" on success, NULL otherwise.
20312031 */
Show on old repository browser