2012년 10월 25일 목요일

공부한 나날들 2

New Document Libcore SE Android support

hooks.c
<!-- HTML generated using hilite.me 
android/libcore/dalvik/src/main/java/dalvik/system/Zygote.java#2
Before public static int forkAndSpecialize(int uid, int gid, int[] gids, int debugFlags, int[][] rlimits) {
After.....(int uid, int gid, int[] gids, int debugFlags, int[][] rlimits, String seInfo, String niceName) {

Kernel OMAP4 SE Adnroid support

android/kernel/OMAP4/drivers/staging/android/binder.c#2android/kernel/OMAP4/include/linux/security.h#2android/kernel/OMAP4/kernel/audit.c#2android/kernel/OMAP4/security/capability.c#2android/kernel/OMAP4/security/security.c#2android/kernel/OMAP4/security/selinux/hooks.c#2android/kernel/OMAP4/security/selinux/include/classmap.h#2

classmap.h
{ "binder", { "impersonate", "call", "set_context_mgr", "transfer", "receive", NULL } }, added

static int selinux_binder_set_context_mgr(struct task_struct *mgr)
{
 u32 mysid = current_sid();
 u32 mgrsid = task_sid(mgr);

 return avc_has_perm(mysid, mgrsid, SECCLASS_BINDER, BINDER__SET_CONTEXT_MGR, NULL);
}

static int selinux_binder_transaction(struct task_struct *from, struct task_struct *to)
{
 u32 mysid = current_sid();
 u32 fromsid = task_sid(from);
 u32 tosid = task_sid(to);
 int rc;

 if (mysid != fromsid) {
  rc = avc_has_perm(mysid, fromsid, SECCLASS_BINDER, BINDER__IMPERSONATE, NULL);
  if (rc)
   return rc;
 }

 return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__CALL, NULL);
}

static int selinux_binder_transfer_binder(struct task_struct *from, struct task_struct *to, struct task_struct *owner)
{
 u32 fromsid = task_sid(from);
 u32 tosid = task_sid(to);
 u32 ownersid = task_sid(owner);
 int rc;

 rc = avc_has_perm(fromsid, ownersid, SECCLASS_BINDER, BINDER__TRANSFER, NULL);
 if (rc)
  return rc;

 return avc_has_perm(tosid, ownersid, SECCLASS_BINDER, BINDER__RECEIVE, NULL);
}

static int selinux_binder_transfer_file(struct task_struct *from, struct task_struct *to, struct file *file)
{
 u32 sid = task_sid(to);
 struct file_security_struct *fsec = file->f_security;
 struct inode *inode = file->f_path.dentry->d_inode;
 struct inode_security_struct *isec = inode->i_security;
 struct common_audit_data ad;
 int rc;

 COMMON_AUDIT_DATA_INIT(&ad, PATH);
 ad.u.path = file->f_path;

 if (sid != fsec->sid) {
  rc = avc_has_perm(sid, fsec->sid,
      SECCLASS_FD,
      FD__USE,
      &ad);
  if (rc)
   return rc;
 }

 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
       &ad);
}


hooks.c
static int selinux_binder_set_context_mgr(struct task_struct *mgr)
{
 u32 mysid = current_sid();
 u32 mgrsid = task_sid(mgr);

 return avc_has_perm(mysid, mgrsid, SECCLASS_BINDER, BINDER__SET_CONTEXT_MGR, NULL);
}

static int selinux_binder_transaction(struct task_struct *from, struct task_struct *to)
{
 u32 mysid = current_sid();
 u32 fromsid = task_sid(from);
 u32 tosid = task_sid(to);
 int rc;

 if (mysid != fromsid) {
  rc = avc_has_perm(mysid, fromsid, SECCLASS_BINDER, BINDER__IMPERSONATE, NULL);
  if (rc)
   return rc;
 }

 return avc_has_perm(fromsid, tosid, SECCLASS_BINDER, BINDER__CALL, NULL);
}

static int selinux_binder_transfer_binder(struct task_struct *from, struct task_struct *to, struct task_struct *owner)
{
 u32 fromsid = task_sid(from);
 u32 tosid = task_sid(to);
 u32 ownersid = task_sid(owner);
 int rc;

 rc = avc_has_perm(fromsid, ownersid, SECCLASS_BINDER, BINDER__TRANSFER, NULL);
 if (rc)
  return rc;

 return avc_has_perm(tosid, ownersid, SECCLASS_BINDER, BINDER__RECEIVE, NULL);
}

static int selinux_binder_transfer_file(struct task_struct *from, struct task_struct *to, struct file *file)
{
 u32 sid = task_sid(to);
 struct file_security_struct *fsec = file->f_security;
 struct inode *inode = file->f_path.dentry->d_inode;
 struct inode_security_struct *isec = inode->i_security;
 struct common_audit_data ad;
 int rc;

 COMMON_AUDIT_DATA_INIT(&ad, PATH);
 ad.u.path = file->f_path;

 if (sid != fsec->sid) {
  rc = avc_has_perm(sid, fsec->sid,
      SECCLASS_FD,
      FD__USE,
      &ad);
  if (rc)
   return rc;
 }

 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
       &ad);
}




static int cap_binder_set_context_mgr(struct task_struct *mgr)
{
 return 0;
}

static int cap_binder_transaction(struct task_struct *from, struct task_struct *to)
{
 return 0;
}

static int cap_binder_transfer_binder(struct task_struct *from, struct task_struct *to, struct task_struct *owner)
{
 return 0;
}

static int cap_binder_transfer_file(struct task_struct *from, struct task_struct *to, struct file *file)
{
 return 0;
}
-->
By -

댓글 없음:

댓글 쓰기

국정원의 댓글 공작을 지탄합니다.

피드 구독하기: 댓글 (Atom)

UPBIT is a South Korean company, and people died of suicide cause of coin investment.

 UPBIT is a South Korean company, and people died of suicide cause of coin. The company helps the people who control the market price manipu...

  • 산책 중...
    연휴 마지막날 아침... 산책을 하다 한장 찍어보았다. 인생도 마찬가지로 길의 끝을 모른체 선택을 해야하는 경우가 발생한다. 나중에 그 기준이 바뀔수도 있지만. 지금 기준은 많은 사람이 함께 갈 수 있는 길을 선택하고 싶다.
  • Native/transient/synchronized/volatile modifier
    □  native modifier 는 자바가 아닌 다른 언어로 작성된 코드를 자바에서 사용하기 위한 것 □  transient modifier 는 객체가 직렬 화되는 과정에서 해당 필드가 저장되지 않아야 한다는 것을 알리기 위해 사용 ...
  • Kosen
    제로보드 세팅.  sudo apt-get install apache2 mysql-server libapache2-mod-php5 phpmyadmin ssh 패키지를 이용한 소프트웨어 설치 - APM세팅 및 ssh 설치 ...