📄 flask_op.c
字号:
int new_value; if ( count < 0 || count >= PAGE_SIZE ) return -ENOMEM; page = (char *)xmalloc_bytes(PAGE_SIZE); if ( !page ) return -ENOMEM; memset(page, 0, PAGE_SIZE); length = -EFAULT; if ( copy_from_user(page, buf, count) ) goto out; length = -EINVAL; if ( sscanf(page, "%d", &new_value) != 1 ) goto out; if ( new_value ) { length = flask_disable(); if ( length < 0 ) goto out; } length = count;out: xfree(page); return length;}static int flask_security_setavc_threshold(char *buf, int count){ char *page = NULL; int ret; int new_value; if ( count < 0 || count >= PAGE_SIZE ) { ret = -ENOMEM; goto out; } page = (char*)xmalloc_bytes(PAGE_SIZE); if (!page) return -ENOMEM; memset(page, 0, PAGE_SIZE); if ( copy_from_user(page, buf, count) ) { ret = -EFAULT; goto out_free; } if ( sscanf(page, "%u", &new_value) != 1 ) { ret = -EINVAL; goto out_free; } if ( new_value != avc_cache_threshold ) { ret = domain_has_security(current->domain, SECURITY__SETSECPARAM); if ( ret ) goto out_free; avc_cache_threshold = new_value; } ret = count;out_free: xfree(page);out: return ret;}static int flask_security_set_bool(char *buf, int count){ char *page = NULL; int length = -EFAULT; int i, new_value; spin_lock(&sel_sem); length = domain_has_security(current->domain, SECURITY__SETBOOL); if ( length ) goto out; if ( count < 0 || count >= PAGE_SIZE ) { length = -ENOMEM; goto out; } page = (char *)xmalloc_bytes(PAGE_SIZE); if ( !page ) { length = -ENOMEM; goto out; } memset(page, 0, PAGE_SIZE); if ( copy_from_user(page, buf, count) ) goto out; length = -EINVAL; if ( sscanf(page, "%d %d", &i, &new_value) != 2 ) goto out; if ( new_value ) { new_value = 1; } bool_pending_values[i] = new_value; length = count;out: spin_unlock(&sel_sem); if ( page ) xfree(page); return length;}static int flask_security_commit_bools(char *buf, int count){ char *page = NULL; int length = -EFAULT; int new_value; spin_lock(&sel_sem); length = domain_has_security(current->domain, SECURITY__SETBOOL); if ( length ) goto out; if ( count < 0 || count >= PAGE_SIZE ) { length = -ENOMEM; goto out; } page = (char *)xmalloc_bytes(PAGE_SIZE); if ( !page ) { length = -ENOMEM; goto out; } memset(page, 0, PAGE_SIZE); if ( copy_from_user(page, buf, count) ) goto out; length = -EINVAL; if ( sscanf(page, "%d", &new_value) != 1 ) goto out; if ( new_value ) security_set_bools(bool_num, bool_pending_values); length = count;out: spin_unlock(&sel_sem); if ( page ) xfree(page); return length;}static int flask_security_get_bool(char *buf, int count){ char *page = NULL; int length; int i, cur_enforcing; spin_lock(&sel_sem); length = -EFAULT; if ( count < 0 || count > PAGE_SIZE ) { length = -EINVAL; goto out; } page = (char *)xmalloc_bytes(PAGE_SIZE); if ( !page ) { length = -ENOMEM; goto out; } memset(page, 0, PAGE_SIZE); if ( copy_from_user(page, buf, count) ) goto out; length = -EINVAL; if ( sscanf(page, "%d", &i) != 1 ) goto out; cur_enforcing = security_get_bool_value(i); if ( cur_enforcing < 0 ) { length = cur_enforcing; goto out; } length = snprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, bool_pending_values[i]); if ( length < 0 ) goto out; if ( copy_to_user(buf, page, length) ) length = -EFAULT;out: spin_unlock(&sel_sem); if ( page ) xfree(page); return length;}static int flask_security_make_bools(void){ int i, ret = 0; char **names = NULL; int num; int *values = NULL; xfree(bool_pending_values); ret = security_get_bools(&num, &names, &values); if ( ret != 0 ) goto out; bool_num = num; bool_pending_values = values;out: if ( names ) { for ( i = 0; i < num; i++ ) xfree(names[i]); xfree(names); } return ret;}#ifdef FLASK_AVC_STATSstatic int flask_security_avc_cachestats(char *buf, int count){ char *page = NULL; int len = 0; int length = 0; long long idx = 0; int cpu; struct avc_cache_stats *st; page = (char *)xmalloc_bytes(PAGE_SIZE); if ( !page ) return -ENOMEM; memset(page, 0, PAGE_SIZE); len = snprintf(page, PAGE_SIZE, "lookups hits misses allocations reclaims " "frees\n"); memcpy(buf, page, len); buf += len; length += len; for ( cpu = idx; cpu < NR_CPUS; ++cpu ) { if ( !cpu_possible(cpu) ) continue; idx = cpu + 1; st = &per_cpu(avc_cache_stats, cpu); len = snprintf(page, PAGE_SIZE, "%u %u %u %u %u %u\n", st->lookups, st->hits, st->misses, st->allocations, st->reclaims, st->frees); memcpy(buf, page, len); buf += len; length += len; } xfree(page); return length;}#endifstatic int flask_security_load(char *buf, int count){ int ret; int length; void *data = NULL; spin_lock(&sel_sem); length = domain_has_security(current->domain, SECURITY__LOAD_POLICY); if ( length ) goto out; if ( (count < 0) || (count > 64 * 1024 * 1024) || (data = xmalloc_array(char, count)) == NULL ) { length = -ENOMEM; goto out; } length = -EFAULT; if ( copy_from_user(data, buf, count) != 0 ) goto out; length = security_load_policy(data, count); if ( length ) goto out; ret = flask_security_make_bools(); if ( ret ) length = ret; else length = count;out: spin_unlock(&sel_sem); xfree(data); return length;}long do_flask_op(XEN_GUEST_HANDLE(xsm_op_t) u_flask_op){ flask_op_t curop, *op = &curop; int rc = 0; int length = 0; char *page = NULL; if ( copy_from_guest(op, u_flask_op, 1) ) return -EFAULT; switch ( op->cmd ) { case FLASK_LOAD: { length = flask_security_load(op->buf, op->size); } break; case FLASK_GETENFORCE: { page = (char *)xmalloc_bytes(PAGE_SIZE); if ( !page ) return -ENOMEM; memset(page, 0, PAGE_SIZE); length = snprintf(page, PAGE_SIZE, "%d", flask_enforcing); if ( copy_to_user(op->buf, page, length) ) { rc = -EFAULT; goto out; } } break; case FLASK_SETENFORCE: { length = flask_security_setenforce(op->buf, op->size); } break; case FLASK_CONTEXT_TO_SID: { length = flask_security_context(op->buf, op->size); } break; case FLASK_SID_TO_CONTEXT: { length = flask_security_sid(op->buf, op->size); } break; case FLASK_ACCESS: { length = flask_security_access(op->buf, op->size); } break; case FLASK_CREATE: { length = flask_security_create(op->buf, op->size); } break; case FLASK_RELABEL: { length = flask_security_relabel(op->buf, op->size); } break; case FLASK_USER: { length = flask_security_user(op->buf, op->size); } break; case FLASK_POLICYVERS: { page = (char *)xmalloc_bytes(PAGE_SIZE); if ( !page ) return -ENOMEM; memset(page, 0, PAGE_SIZE); length = snprintf(page, PAGE_SIZE, "%d", POLICYDB_VERSION_MAX); if ( copy_to_user(op->buf, page, length) ) { rc = -EFAULT; goto out; } } break; case FLASK_GETBOOL: { length = flask_security_get_bool(op->buf, op->size); } break; case FLASK_SETBOOL: { length = flask_security_set_bool(op->buf, op->size); } break; case FLASK_COMMITBOOLS: { length = flask_security_commit_bools(op->buf, op->size); } break; case FLASK_MLS: { page = (char *)xmalloc_bytes(PAGE_SIZE); if ( !page ) return -ENOMEM; memset(page, 0, PAGE_SIZE); length = snprintf(page, PAGE_SIZE, "%d", flask_mls_enabled); if ( copy_to_user(op->buf, page, length) ) { rc = -EFAULT; goto out; } } break; case FLASK_DISABLE: { length = flask_security_disable(op->buf, op->size); } break; case FLASK_GETAVC_THRESHOLD: { page = (char *)xmalloc_bytes(PAGE_SIZE); if ( !page ) return -ENOMEM; memset(page, 0, PAGE_SIZE); length = snprintf(page, PAGE_SIZE, "%d", avc_cache_threshold); if ( copy_to_user(op->buf, page, length) ) { rc = -EFAULT; goto out; } } break; case FLASK_SETAVC_THRESHOLD: { length = flask_security_setavc_threshold(op->buf, op->size); } break; case FLASK_AVC_HASHSTATS: { page = (char *)xmalloc_bytes(PAGE_SIZE); if ( !page ) return -ENOMEM; memset(page, 0, PAGE_SIZE); length = avc_get_hash_stats(page); if ( copy_to_user(op->buf, page, length) ) { rc = -EFAULT; goto out; } } break;#ifdef FLASK_AVC_STATS case FLASK_AVC_CACHESTATS: { length = flask_security_avc_cachestats(op->buf, op->size); } break;#endif case FLASK_MEMBER: { length = flask_security_member(op->buf, op->size); } break; default: length = -ENOSYS; break; } if ( length < 0 ) { rc = length; goto out; } op->size = length; if ( copy_to_guest(u_flask_op, op, 1) ) rc = -EFAULT;out: if ( page ) xfree(page); return rc;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -