Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=fwlive.git;a=commitdiff;h=d707ff5e8c8046e4c6cf0f5ea11c7566a2bf27fd
commit d707ff5e8c8046e4c6cf0f5ea11c7566a2bf27fd
Author: janny <[EMAIL PROTECTED]>
Date: Tue Mar 4 18:29:04 2008 +0100
dazuko-fwlive-2.3.4-10-i686
* add missed patchs
diff --git
a/source/apps-extra/dazuko-fwlive/0001-add-xp_set_path-function-necessary-for-RedirFS-su.patch
b/source/apps-extra/dazuko-fwlive/0001-add-xp_set_path-function-necessary-for-RedirFS-su.patch
new file mode 100644
index 0000000..3408b10
--- /dev/null
+++
b/source/apps-extra/dazuko-fwlive/0001-add-xp_set_path-function-necessary-for-RedirFS-su.patch
@@ -0,0 +1,196 @@
+From 8c31801270d4085bdf0704d572a0c3fbe8cf6a8f Mon Sep 17 00:00:00 2001
+From: ogman <ogman>
+Date: Wed, 12 Dec 2007 16:08:39 +0000
+Subject: [PATCH] add xp_set_path() function (necessary for RedirFS support)
+
+---
+ dazuko_call.h | 14 ++++++++++++++
+ dazuko_core.c | 10 ++++++++++
+ dazuko_core.h | 3 +++
+ dazuko_dummyos.c | 8 ++++++++
+ dazuko_freebsd.c | 8 ++++++++
+ dazuko_freebsd5.c | 8 ++++++++
+ dazuko_linux.c | 8 ++++++++
+ dazuko_linux26.c | 8 ++++++++
+ dazuko_rsbac.c | 8 ++++++++
+ 9 files changed, 75 insertions(+), 0 deletions(-)
+
+diff --git a/dazuko_call.h b/dazuko_call.h
+index ad0e8e8..68bd929 100644
+--- a/dazuko_call.h
++++ b/dazuko_call.h
+@@ -484,4 +484,18 @@ static int call_xp_init_cache(unsigned long ttl)
+ return xp_init_cache(ttl);
+ }
+
++
++/* include/exclude paths */
++
++static int call_xp_set_path(const char *path, int type)
++{
++ if (path == NULL)
++ {
++ xp_print("dazuko: warning: call_xp_set_path(path=NULL)\n");
++ return -1;
++ }
++
++ return xp_set_path(path, type);
++}
++
+ #endif
+diff --git a/dazuko_core.c b/dazuko_core.c
+index 7585166..fa8ca8f 100644
+--- a/dazuko_core.c
++++ b/dazuko_core.c
+@@ -1607,10 +1607,20 @@ static int dazuko_set_option(struct daemon_id *did,
int opt, void *param, int le
+
+ case ADD_INCLUDE_PATH:
+ error = dazuko_insert_path_fs(&(sl->incl_paths),
&(sl->lock_lists), (char *)param, len);
++ if (!error)
++ {
++ if (call_xp_set_path((char *)param,
ADD_INCLUDE_PATH) != 0)
++ error = XP_ERROR_INVALID;
++ }
+ break;
+
+ case ADD_EXCLUDE_PATH:
+ error = dazuko_insert_path_fs(&(sl->excl_paths),
&(sl->lock_lists), (char *)param, len);
++ if (!error)
++ {
++ if (call_xp_set_path((char *)param,
ADD_EXCLUDE_PATH) != 0)
++ error = XP_ERROR_INVALID;
++ }
+ break;
+
+ case REMOVE_ALL_PATHS:
+diff --git a/dazuko_core.h b/dazuko_core.h
+index 935ca63..e64bf3e 100644
+--- a/dazuko_core.h
++++ b/dazuko_core.h
+@@ -178,6 +178,9 @@ int xp_set_event_properties(struct event_properties
*event_p, struct xp_daemon_i
+ /* cache settings */
+ int xp_init_cache(unsigned long ttl);
+
++/* include/exclude paths */
++int xp_set_path(const char *path, int type);
++
+ /* output */
+ int xp_print(const char *fmt, ...);
+
+diff --git a/dazuko_dummyos.c b/dazuko_dummyos.c
+index d092581..6bdcf70 100644
+--- a/dazuko_dummyos.c
++++ b/dazuko_dummyos.c
+@@ -350,6 +350,14 @@ int xp_init_cache(unsigned long ttl)
+ }
+
+
++/* include/exclude paths */
++
++int xp_set_path(const char *path, int type)
++{
++ return 0;
++}
++
++
+ /* system calls */
+
+ static void dummy_dazuko_setid(const char *id)
+diff --git a/dazuko_freebsd.c b/dazuko_freebsd.c
+index f4cb535..c16412c 100644
+--- a/dazuko_freebsd.c
++++ b/dazuko_freebsd.c
+@@ -825,6 +825,14 @@ int xp_init_cache(unsigned long ttl)
+ }
+
+
++/* include/exclude paths */
++
++int xp_set_path(const char *path, int type)
++{
++ return 0;
++}
++
++
+ /* system calls */
+
+ static inline int check_fd(struct proc *p, int fd)
+diff --git a/dazuko_freebsd5.c b/dazuko_freebsd5.c
+index ff0994f..d26f030 100644
+--- a/dazuko_freebsd5.c
++++ b/dazuko_freebsd5.c
+@@ -877,6 +877,14 @@ int xp_init_cache(unsigned long ttl)
+ }
+
+
++/* include/exclude paths */
++
++int xp_set_path(const char *path, int type)
++{
++ return 0;
++}
++
++
+ /* system calls */
+
+ static inline int check_fd(struct proc *p, int fd)
+diff --git a/dazuko_linux.c b/dazuko_linux.c
+index f8bd860..d83bded 100644
+--- a/dazuko_linux.c
++++ b/dazuko_linux.c
+@@ -1429,6 +1429,14 @@ int xp_init_cache(unsigned long ttl)
+ }
+
+
++/* include/exclude paths */
++
++int xp_set_path(const char *path, int type)
++{
++ return 0;
++}
++
++
+ /* system calls */
+
+ #if defined(ON_OPEN_SUPPORT)
+diff --git a/dazuko_linux26.c b/dazuko_linux26.c
+index cdf0d43..a1676be 100644
+--- a/dazuko_linux26.c
++++ b/dazuko_linux26.c
+@@ -579,6 +579,14 @@ int xp_init_cache(unsigned long ttl)
+ }
+
+
++/* include/exclude paths */
++
++int xp_set_path(const char *path, int type)
++{
++ return 0;
++}
++
++
+ /* system hooks */
+
+ #ifndef DAZUKO_FIST
+diff --git a/dazuko_rsbac.c b/dazuko_rsbac.c
+index 9fa701b..6023bae 100644
+--- a/dazuko_rsbac.c
++++ b/dazuko_rsbac.c
+@@ -518,6 +518,14 @@ int xp_init_cache(unsigned long ttl)
+ }
+
+
++/* include/exclude paths */
++
++int xp_set_path(const char *path, int type)
++{
++ return 0;
++}
++
++
+ /* system hook */
+
+ inline int xp_sys_hook()
+--
+1.5.4.rc4.25.g81cc-dirty
+
diff --git
a/source/apps-extra/dazuko-fwlive/0002-source-code-to-compile-Dazuko-as-an-RedirFS-filter.patch
b/source/apps-extra/dazuko-fwlive/0002-source-code-to-compile-Dazuko-as-an-RedirFS-filter.patch
new file mode 100644
index 0000000..742965d
--- /dev/null
+++
b/source/apps-extra/dazuko-fwlive/0002-source-code-to-compile-Dazuko-as-an-RedirFS-filter.patch
@@ -0,0 +1,1008 @@
+From 26176cf910f1c66979c74a5ca24e95efebc05310 Mon Sep 17 00:00:00 2001
+From: ogman <ogman>
+Date: Wed, 12 Dec 2007 16:14:20 +0000
+Subject: [PATCH] source code to compile Dazuko as an RedirFS filter
+
+---
+ dazuko_redirfs.c | 989 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 files changed, 989 insertions(+), 0 deletions(-)
+ create mode 100644 dazuko_redirfs.c
+
+diff --git a/dazuko_redirfs.c b/dazuko_redirfs.c
+new file mode 100644
+index 0000000..885242a
+--- /dev/null
++++ b/dazuko_redirfs.c
+@@ -0,0 +1,989 @@
++/* Dazuko RedirFS. Allow Linux 2.6 file access control for 3rd-party
applications.
++ Written by John Ogness <[EMAIL PROTECTED]>
++
++ Copyright (c) 2007 Avira GmbH
++ All rights reserved.
++
++ This program is free software; you can redistribute it and/or
++ modify it under the terms of the GNU General Public License
++ as published by the Free Software Foundation; either version 2
++ of the License, or (at your option) any later version.
++
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ GNU General Public License for more details.
++
++ You should have received a copy of the GNU General Public License
++ along with this program; if not, write to the Free Software
++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++*/
++
++#include "dazuko_linux26.h"
++#include "dazuko_core.h"
++#include "dazuko_linux26_device_def.h"
++
++#ifdef USE_CONFIG_H
++#include <linux/config.h>
++#endif
++#include <linux/module.h>
++#include <linux/kernel.h>
++#include <linux/init.h>
++#include <linux/vermagic.h>
++#include <linux/namei.h>
++#include <linux/dcache.h>
++#include <linux/mount.h>
++#include "../redirfs/redirfs.h"
++#ifdef DEVFS_SUPPORT
++#include <linux/devfs_fs_kernel.h>
++#endif
++#include <linux/device.h>
++#if !defined(USE_TRYTOFREEZEVOID)
++#include <linux/suspend.h>
++#endif
++#ifdef LINUX_USE_FREEZER_H
++#include <linux/freezer.h>
++#endif
++#include <asm/uaccess.h>
++
++
++#ifndef DAZUKO_DM
++#define DAZUKO_DM 0
++#endif
++
++
++ssize_t linux_dazuko_device_read(struct file *, char __user *, size_t, loff_t
*);
++ssize_t linux_dazuko_device_write(struct file *, const char __user *, size_t,
loff_t *);
++int linux_dazuko_device_open(struct inode *, struct file *);
++int linux_dazuko_device_ioctl(struct inode *inode, struct file *file,
unsigned int cmd, unsigned long param);
++int linux_dazuko_device_release(struct inode *, struct file *);
++
++#ifndef WITHOUT_UDEV
++#ifdef USE_CLASS
++static struct class *dazuko_class = NULL;
++#else
++static struct class_simple *dazuko_class = NULL;
++#endif
++#endif
++
++static int dev_major = -1;
++
++int dazukoflt_ctl(struct rfs_ctl *ctl);
++enum rfs_retv dazukoflt_permission(rfs_context context, struct rfs_args
*args);
++static rfs_filter dazukoflt;
++static struct rfs_filter_info flt_info = {"dazukoflt", 1000, 1,
dazukoflt_ctl};
++static struct rfs_op_info op_info[] = {
++ { RFS_REG_IOP_PERMISSION, dazukoflt_permission, NULL },
++ { RFS_OP_END, NULL, NULL }
++};
++
++static struct file_operations fops = {
++ .owner = THIS_MODULE,
++ .read = linux_dazuko_device_read,
++ .write = linux_dazuko_device_write,
++ .ioctl = linux_dazuko_device_ioctl,
++ .open = linux_dazuko_device_open,
++ .release = linux_dazuko_device_release,
++ };
++
++
++/* mutex */
++
++inline void xp_init_mutex(struct xp_mutex *mutex)
++{
++ init_MUTEX(&(mutex->mutex));
++}
++
++inline void xp_down(struct xp_mutex *mutex)
++{
++ down(&(mutex->mutex));
++}
++
++inline void xp_up(struct xp_mutex *mutex)
++{
++ up(&(mutex->mutex));
++}
++
++inline void xp_destroy_mutex(struct xp_mutex *mutex)
++{
++}
++
++
++/* read-write lock */
++
++inline void xp_init_rwlock(struct xp_rwlock *rwlock)
++{
++ rwlock_init(&(rwlock->rwlock));
++}
++
++inline void xp_write_lock(struct xp_rwlock *rwlock)
++{
++ write_lock(&(rwlock->rwlock));
++}
++
++inline void xp_write_unlock(struct xp_rwlock *rwlock)
++{
++ write_unlock(&(rwlock->rwlock));
++}
++
++inline void xp_read_lock(struct xp_rwlock *rlock)
++{
++ read_lock(&(rlock->rwlock));
++}
++
++inline void xp_read_unlock(struct xp_rwlock *rlock)
++{
++ read_unlock(&(rlock->rwlock));
++}
++
++inline void xp_destroy_rwlock(struct xp_rwlock *rwlock)
++{
++}
++
++
++/* wait-notify queue */
++
++inline int xp_init_queue(struct xp_queue *queue)
++{
++ init_waitqueue_head(&(queue->queue));
++ return 0;
++}
++
++inline int xp_wait_until_condition(struct xp_queue *queue, int
(*cfunction)(void *), void *cparam, int allow_interrupt)
++{
++ /* wait until cfunction(cparam) != 0 (condition is true) */
++ int ret = 0;
++
++ if (allow_interrupt)
++ {
++ while (1)
++ {
++ ret = wait_event_interruptible(queue->queue,
cfunction(cparam) != 0);
++
++#if defined (USE_TRYTOFREEZEVOID)
++ if (try_to_freeze() == 0)
++ break;
++#else
++ if (current->flags & PF_FREEZE)
++ {
++ refrigerator(PF_FREEZE);
++ }
++ else
++ {
++ break;
++ }
++#endif
++ }
++ }
++ else
++ {
++ wait_event(queue->queue, cfunction(cparam) != 0);
++ }
++
++ return ret;
++}
++
++inline int xp_notify(struct xp_queue *queue)
++{
++ wake_up(&(queue->queue));
++ return 0;
++}
++
++inline int xp_destroy_queue(struct xp_queue *queue)
++{
++ return 0;
++}
++
++
++/* memory */
++
++inline void* xp_malloc(size_t size)
++{
++ return kmalloc(size, GFP_ATOMIC);
++}
++
++inline int xp_free(void *ptr)
++{
++ kfree(ptr);
++ return 0;
++}
++
++inline int xp_copyin(const void *user_src, void *kernel_dest, size_t size)
++{
++ return copy_from_user(kernel_dest, user_src, size);
++}
++
++inline int xp_copyout(const void *kernel_src, void *user_dest, size_t size)
++{
++ return copy_to_user(user_dest, kernel_src, size);
++}
++
++inline int xp_verify_user_writable(const void *user_ptr, size_t size)
++{
++ return 0;
++}
++
++inline int xp_verify_user_readable(const void *user_ptr, size_t size)
++{
++ return 0;
++}
++
++
++/* path attribute */
++
++inline int xp_is_absolute_path(const char *path)
++{
++ if (path[0] == '/')
++ return 1;
++
++ return 0;
++}
++
++
++/* atomic */
++
++inline int xp_atomic_set(struct xp_atomic *atomic, int value)
++{
++ atomic_set(&(atomic->atomic), value);
++ return 0;
++}
++
++inline int xp_atomic_inc(struct xp_atomic *atomic)
++{
++ atomic_inc(&(atomic->atomic));
++ return 0;
++}
++
++inline int xp_atomic_dec(struct xp_atomic *atomic)
++{
++ atomic_dec(&(atomic->atomic));
++ return 0;
++}
++
++inline int xp_atomic_read(struct xp_atomic *atomic)
++{
++ return atomic_read(&(atomic->atomic));
++}
++
++
++/* file structure */
++
++static int dazuko_get_full_filename(struct xp_file_struct *xfs)
++{
++ char *temp;
++
++ if (xfs == NULL)
++ return 0;
++
++ if (xfs->inode == NULL)
++ return 0;
++
++ if (S_ISDIR(xfs->inode->i_mode))
++ return 0;
++
++ if (xfs->nd == NULL || xfs->free_full_filename)
++ return 0;
++
++ if (xfs->nd->mnt == NULL || xfs->nd->dentry == NULL)
++ return 0;
++
++ /* check if we need to allocate a buffer */
++ if (!xfs->free_page_buffer)
++ {
++ /* get pre-requisites for d_path function */
++ xfs->buffer = (char *)__get_free_page(GFP_USER);
++
++ /* make sure we got a page */
++ if (xfs->buffer == NULL)
++ return 0;
++
++ /* the buffer will need to be freed */
++ xfs->free_page_buffer = 1;
++ }
++
++ /* make sure we don't already have a vfsmount */
++ if (!xfs->mntput_vfsmount)
++ {
++ xfs->vfsmount = mntget(xfs->nd->mnt);
++
++ /* the vfsmount will need to be put back */
++ xfs->mntput_vfsmount = 1;
++ }
++
++ /* make sure we don't already have a dentry */
++ if (!xfs->dput_dentry)
++ {
++ xfs->dentry = dget(xfs->nd->dentry);
++
++ /* the dentry will need to be put back */
++ xfs->dput_dentry = 1;
++ }
++
++ temp = d_path(xfs->dentry, xfs->vfsmount, xfs->buffer, PAGE_SIZE);
++
++ /* make sure we really got a new filename */
++ if (temp == NULL)
++ return 0;
++
++ xfs->full_filename_length = dazuko_strlen(temp);
++
++ xfs->full_filename = (char *)xp_malloc(xfs->full_filename_length + 1);
++ if (xfs->full_filename == NULL)
++ return 0;
++
++ /* the char array will need to be freed */
++ xfs->free_full_filename = 1;
++
++ memcpy(xfs->full_filename, temp, xfs->full_filename_length + 1);
++
++ /* we have a filename with the full path */
++
++ return 1;
++}
++
++static int dazuko_fill_file_struct_cleanup(struct dazuko_file_struct *dfs)
++{
++ if (dfs == NULL)
++ return 0;
++
++ if (dfs->extra_data == NULL)
++ return 0;
++
++ if (dfs->extra_data->free_page_buffer)
++ {
++ free_page((unsigned long)dfs->extra_data->buffer);
++ dfs->extra_data->free_page_buffer = 0;
++ }
++
++ if (dfs->extra_data->dput_dentry)
++ {
++ dput(dfs->extra_data->dentry);
++ dfs->extra_data->dput_dentry = 0;
++ }
++
++ if (dfs->extra_data->mntput_vfsmount)
++ {
++ mntput(dfs->extra_data->vfsmount);
++ dfs->extra_data->mntput_vfsmount = 0;
++ }
++
++ return 0;
++}
++
++int xp_fill_file_struct(struct dazuko_file_struct *dfs)
++{
++ int error = -1;
++
++ if (dfs == NULL)
++ return error;
++
++ /* check if filename has already been filled in */
++ if (dfs->filename != NULL)
++ return 0;
++
++ /* make sure we can get the full path */
++ if (dazuko_get_full_filename(dfs->extra_data))
++ {
++ /* reference copy of full path */
++ dfs->filename = dfs->extra_data->full_filename;
++
++ dfs->filename_length = dfs->extra_data->full_filename_length;
++
++ dfs->file_p.size = dfs->extra_data->inode->i_size;
++ dfs->file_p.set_size = 1;
++ dfs->file_p.uid = dfs->extra_data->inode->i_uid;
++ dfs->file_p.set_uid = 1;
++ dfs->file_p.gid = dfs->extra_data->inode->i_gid;
++ dfs->file_p.set_gid = 1;
++ dfs->file_p.mode = dfs->extra_data->inode->i_mode;
++ dfs->file_p.set_mode = 1;
++ dfs->file_p.device_type = dfs->extra_data->inode->i_rdev;
++ dfs->file_p.set_device_type = 1;
++
++ error = 0;
++ }
++
++ dazuko_fill_file_struct_cleanup(dfs);
++
++ return error;
++}
++
++static int dazuko_file_struct_cleanup(struct dazuko_file_struct **dfs)
++{
++ if (dfs == NULL)
++ return 0;
++
++ if (*dfs == NULL)
++ return 0;
++
++ if ((*dfs)->extra_data)
++ {
++ if ((*dfs)->extra_data->free_full_filename)
++ xp_free((*dfs)->extra_data->full_filename);
++
++ xp_free((*dfs)->extra_data);
++ }
++
++ xp_free(*dfs);
++
++ *dfs = NULL;
++
++ return 0;
++}
++
++
++/* daemon id */
++
++static inline int check_parent(struct task_struct *parent, struct task_struct
*child)
++{
++ struct task_struct *ts = child;
++
++ if (parent == NULL || child == NULL)
++ return -1;
++
++ while (1)
++ {
++ if (ts == parent)
++ return 0;
++
++ if (ts->parent == NULL)
++ break;
++
++ if (ts == ts->parent)
++ break;
++
++ ts = ts->parent;
++ }
++
++ return -1;
++}
++
++inline int xp_id_compare(struct xp_daemon_id *id1, struct xp_daemon_id *id2,
int check_related)
++{
++ if (id1 == NULL || id2 == NULL)
++ return DAZUKO_DIFFERENT;
++
++ /* If file's are available we do a special
++ * check ("file"'s are only used by daemons).
++ * Here we allow threads to look like one
++ * instance, if they pass around the handle.
++ * Note: this is a Linux-only "hack" */
++ if (id1->file != NULL && id2->file != NULL)
++ {
++ if (id1->tgid == id2->tgid && id1->files == id2->files &&
id1->file == id2->file)
++ return DAZUKO_SAME;
++ }
++
++ if (id1->pid == id2->pid && id1->current_p == id2->current_p &&
id1->files == id2->files)
++ return DAZUKO_SAME;
++
++ if (check_related)
++ {
++ /* Same thread id and same file descriptors,
++ * looks like they could be the same process...
++ * We will treat two threads of the same process
++ * as the same (for relation checks). This is
++ * useful for the Trusted Application Framework,
++ * if we trust one thread, we can trust them all.*/
++ if (id1->tgid == id2->tgid && id1->files == id2->files)
++ {
++ /* Two different threads of the same process will have
different current pointers,
++ * but if process ids match, current pointers must too.
*/
++
++ if (id1->pid == id2->pid && id1->current_p ==
id2->current_p)
++ return DAZUKO_SAME;
++
++ if (id1->pid != id2->pid && id1->current_p !=
id2->current_p)
++ return DAZUKO_SAME;
++ }
++
++ if (check_parent(id1->current_p, id2->current_p) == 0)
++ {
++ return DAZUKO_CHILD;
++ }
++ else if (id1->pid == id2->pid || id1->current_p ==
id2->current_p || id1->files == id2->files)
++ {
++ return DAZUKO_SUSPICIOUS;
++ }
++ else if (id1->tgid == id2->tgid)
++ {
++ return DAZUKO_SUSPICIOUS;
++ }
++ }
++
++ return DAZUKO_DIFFERENT;
++}
++
++inline int xp_id_free(struct xp_daemon_id *id)
++{
++ xp_free(id);
++
++ return 0;
++}
++
++inline struct xp_daemon_id* xp_id_copy(struct xp_daemon_id *id)
++{
++ struct xp_daemon_id *ptr;
++
++ if (id == NULL)
++ return NULL;
++
++ ptr = (struct xp_daemon_id *)xp_malloc(sizeof(struct xp_daemon_id));
++
++ if (ptr != NULL)
++ {
++ ptr->pid = id->pid;
++ ptr->tgid = id->tgid;
++ ptr->file = id->file;
++ ptr->current_p = id->current_p;
++ ptr->files = id->files;
++ }
++
++ return ptr;
++}
++
++
++/* event */
++
++int xp_set_event_properties(struct event_properties *event_p, struct
xp_daemon_id *xp_id)
++{
++ event_p->pid = xp_id->pid;
++ event_p->set_pid = 1;
++
++ return 0;
++}
++
++
++/* cache settings */
++
++int xp_init_cache(unsigned long ttl)
++{
++ return -1;
++}
++
++
++/* include/exclude paths */
++
++int xp_set_path(const char *path, int type)
++{
++ int err;
++ struct rfs_path_info path_info;
++
++ switch (type)
++ {
++ case ADD_INCLUDE_PATH:
++ path_info.flags = RFS_PATH_INCLUDE | RFS_PATH_SUBTREE;
++ break;
++
++ case ADD_EXCLUDE_PATH:
++ path_info.flags = RFS_PATH_EXCLUDE | RFS_PATH_SUBTREE;
++ break;
++
++ default:
++ return -1;
++ }
++
++ path_info.path = dazuko_strdup(path, NULL);
++ err = rfs_set_path(dazukoflt, &path_info);
++ if (err)
++ {
++ xp_print("dazuko: failed to set RedirFS path, err=%d\n", err);
++ rfs_unregister_filter(dazukoflt);
++ return -1;
++ }
++
++ return 0;
++}
++
++
++/* system hooks */
++
++int dazuko_sys_generic(struct inode *inode, int mask, struct nameidata *nd)
++{
++ struct dazuko_file_struct *dfs = NULL;
++ int error = 0;
++ int check_error = 0;
++ struct event_properties event_p;
++ struct xp_daemon_id xp_id;
++ struct slot_list *sl = NULL;
++ int event = DAZUKO_ON_OPEN;
++ int daemon_is_allowed = 1;
++
++ if (nd == NULL || inode == NULL)
++ return 0;
++
++ dazuko_bzero(&event_p, sizeof(event_p));
++
++ if ((mask & MAY_EXEC) != 0)
++ {
++ event = DAZUKO_ON_EXEC;
++ daemon_is_allowed = 0;
++ }
++ else
++ {
++ /* mask == 0 is passed in when a file is created */
++ if (mask == 0 || (mask & (MAY_WRITE|MAY_APPEND)) != 0)
++ {
++ if ((mask & MAY_READ) != 0)
++ {
++ event_p.flags = O_RDWR;
++ }
++ else
++ {
++ event_p.flags = O_WRONLY;
++ }
++
++ event_p.set_flags = 1;
++ }
++ else if ((mask & MAY_READ) != 0)
++ {
++ event_p.flags = O_RDONLY;
++ event_p.set_flags = 1;
++ }
++ }
++
++ xp_id.pid = current->pid;
++ xp_id.tgid = current->tgid;
++ xp_id.file = NULL;
++ xp_id.current_p = current;
++ xp_id.files = current->files;
++
++ check_error = dazuko_check_access(event, daemon_is_allowed, &xp_id,
&sl);
++
++ if (!check_error)
++ {
++ event_p.mode = inode->i_mode;
++ event_p.set_mode = 1;
++ event_p.pid = current->pid;
++ event_p.set_pid = 1;
++ event_p.uid = current->uid;
++ event_p.set_uid = 1;
++
++ dfs = (struct dazuko_file_struct *)xp_malloc(sizeof(struct
dazuko_file_struct));
++ if (dfs != NULL)
++ {
++ dazuko_bzero(dfs, sizeof(struct dazuko_file_struct));
++
++ dfs->extra_data = (struct xp_file_struct
*)xp_malloc(sizeof(struct xp_file_struct));
++ if (dfs->extra_data != NULL)
++ {
++ dazuko_bzero(dfs->extra_data, sizeof(struct
xp_file_struct));
++
++ dfs->extra_data->nd = nd;
++ dfs->extra_data->inode = inode;
++
++ error = dazuko_process_access(event, dfs,
&event_p, sl);
++ }
++ else
++ {
++ xp_free(dfs);
++ dfs = NULL;
++ }
++
++ dazuko_file_struct_cleanup(&dfs);
++ }
++ }
++
++ if (error)
++ return XP_ERROR_PERMISSION;
++
++ return 0;
++}
++
++int dazukoflt_ctl(struct rfs_ctl *ctl)
++{
++ return 0;
++}
++
++enum rfs_retv dazukoflt_permission(rfs_context context, struct rfs_args *args)
++{
++ if (!args->args.i_permission.inode)
++ return RFS_CONTINUE;
++
++ if (!args->args.i_permission.mask)
++ return RFS_CONTINUE;
++
++ if (!args->args.i_permission.nd)
++ return RFS_CONTINUE;
++
++ if (dazuko_sys_generic(args->args.i_permission.inode,
args->args.i_permission.mask, args->args.i_permission.nd) != 0)
++ {
++ args->retv.rv_int = -EACCES;
++ return RFS_STOP;
++ }
++
++ return RFS_CONTINUE;
++}
++
++inline int xp_sys_hook()
++{
++ /* Make sure we have a valid task_struct. */
++
++ if (current == NULL)
++ {
++ xp_print("dazuko: panic (current == NULL)\n");
++ return -1;
++ }
++ if (current->fs == NULL)
++ {
++ xp_print("dazuko: panic (current->fs == NULL)\n");
++ return -1;
++ }
++
++ {
++ int err;
++
++ err = rfs_register_filter(&dazukoflt, &flt_info);
++ if (err)
++ {
++ xp_print("dazuko: unable to register with RedirFS,
err=%d\n", err);
++ return -1;
++ }
++
++ err = rfs_set_operations(dazukoflt, op_info);
++ if (err)
++ {
++ xp_print("dazuko: unable to set RedirFS options,
err=%d\n", err);
++ rfs_unregister_filter(dazukoflt);
++ return -1;
++ }
++ }
++
++ dev_major = register_chrdev(DAZUKO_DM, DEVICE_NAME, &fops);
++ if (dev_major < 0)
++ {
++ xp_print("dazuko: unable to register device, err=%d\n",
dev_major);
++ return dev_major;
++ }
++
++#ifdef DEVFS_SUPPORT
++ devfs_mk_cdev(MKDEV(dev_major, 0), S_IFCHR | S_IRUSR | S_IWUSR,
DEVICE_NAME);
++#endif
++
++#ifndef WITHOUT_UDEV
++#ifdef USE_CLASS
++ dazuko_class = class_create(THIS_MODULE, "dazuko");
++#ifdef CLASS_class_device_create_2_6_15
++ class_device_create(dazuko_class, NULL, MKDEV(dev_major, 0), NULL,
"dazuko");
++#else
++ class_device_create(dazuko_class, MKDEV(dev_major, 0), NULL, "dazuko");
++#endif
++#else
++ dazuko_class = class_simple_create(THIS_MODULE, "dazuko");
++ class_simple_device_add(dazuko_class, MKDEV(dev_major, 0), NULL,
"dazuko");
++#endif
++#endif
++
++ return 0;
++}
++
++inline int xp_sys_unhook()
++{
++ unregister_chrdev(dev_major, DEVICE_NAME);
++
++#ifdef DEVFS_SUPPORT
++ devfs_remove(DEVICE_NAME);
++#endif
++
++#ifndef WITHOUT_UDEV
++#ifdef USE_CLASS
++ class_device_destroy(dazuko_class, MKDEV(dev_major, 0));
++ class_destroy(dazuko_class);
++#else
++ class_simple_device_remove(MKDEV(dev_major, 0));
++ class_simple_destroy(dazuko_class);
++#endif
++#endif
++
++ {
++ int err;
++
++ err = rfs_unregister_filter(dazukoflt);
++ if (err)
++ {
++ xp_print("dazuko: failed to unregister from RedirFS,
err=%d\n", err);
++ }
++ }
++
++ return 0;
++}
++
++
++/* output */
++
++int xp_print(const char *fmt, ...)
++{
++ va_list args;
++ char *p;
++ size_t size = 1024;
++ int length;
++
++ p = (char *)xp_malloc(size);
++ if (p == NULL)
++ return -1;
++
++ length = dazuko_strlen(KERN_INFO);
++
++ memcpy(p, KERN_INFO, length);
++
++ va_start(args, fmt);
++ vsnprintf(p + length, size - length, fmt, args);
++ va_end(args);
++
++ p[size-1] = 0;
++
++ printk(p);
++
++ xp_free(p);
++
++ return 0;
++}
++
++
++/* ioctl's */
++
++int linux_dazuko_device_open(struct inode *inode, struct file *file)
++{
++ DPRINT(("dazuko: linux_dazuko_device_open() [%d]\n", current->pid));
++
++ return 0;
++}
++
++ssize_t linux_dazuko_device_read(struct file *file, char *buffer, size_t
length, loff_t *pos)
++{
++ /* Reading from the dazuko device simply
++ * returns the device number. This is to
++ * help out the daemon. */
++
++ char tmp[20];
++ size_t dev_major_len;
++
++ DPRINT(("dazuko: linux_dazuko_device_read() [%d]\n", current->pid));
++
++ if (*pos != 0)
++ return 0;
++
++ if (dev_major < 0)
++ return XP_ERROR_NODEVICE;
++
++ /* print dev_major to a string
++ * and get length (with terminator) */
++ dazuko_bzero(tmp, sizeof(tmp));
++
++ dev_major_len = dazuko_snprintf(tmp, sizeof(tmp), "%d", dev_major) + 1;
++
++ if (tmp[sizeof(tmp)-1] != 0)
++ {
++ xp_print("dazuko: failing device_read, device number overflow
for dameon %d (dev_major=%d)\n", current->pid, dev_major);
++ return XP_ERROR_FAULT;
++ }
++
++ if (length < dev_major_len)
++ return XP_ERROR_INVALID;
++
++ /* copy dev_major string to userspace */
++ if (xp_copyout(tmp, buffer, dev_major_len) != 0)
++ return XP_ERROR_FAULT;
++
++ *pos += dev_major_len;
++
++ return dev_major_len;
++}
++
++ssize_t linux_dazuko_device_write(struct file *file, const char *buffer,
size_t length, loff_t *pos)
++{
++ struct xp_daemon_id xp_id;
++ char tmpbuffer[32];
++ int size;
++
++ size = length;
++ if (length >= sizeof(tmpbuffer))
++ size = sizeof(tmpbuffer) -1;
++
++ /* copy request pointer string to kernelspace */
++ if (xp_copyin(buffer, tmpbuffer, size) != 0)
++ return XP_ERROR_FAULT;
++
++ tmpbuffer[size] = 0;
++
++ xp_id.pid = current->pid;
++ xp_id.tgid = current->tgid;
++ xp_id.file = file;
++ xp_id.current_p = current;
++ xp_id.files = current->files;
++
++ if (dazuko_handle_user_request(tmpbuffer, &xp_id) == 0)
++ return size;
++
++ return XP_ERROR_INTERRUPT;
++}
++
++int linux_dazuko_device_ioctl(struct inode *inode, struct file *file,
unsigned int cmd, unsigned long param)
++{
++ /* A daemon uses this function to interact with
++ * the kernel. A daemon can set scanning parameters,
++ * give scanning response, and get filenames to scan. */
++
++ struct xp_daemon_id xp_id;
++ int error = 0;
++
++ if (param == 0)
++ {
++ xp_print("dazuko: error: linux_dazuko_device_ioctl(..., 0)\n");
++ return XP_ERROR_INVALID;
++ }
++
++ xp_id.pid = current->pid;
++ xp_id.tgid = current->tgid;
++ xp_id.file = file;
++ xp_id.current_p = current;
++ xp_id.files = current->files;
++
++ error = dazuko_handle_user_request_compat1((void *)param, _IOC_NR(cmd),
&xp_id);
++
++ if (error != 0)
++ {
++ /* general error occurred */
++
++ return XP_ERROR_PERMISSION;
++ }
++
++ return error;
++}
++
++int linux_dazuko_device_release(struct inode *inode, struct file *file)
++{
++ struct xp_daemon_id xp_id;
++
++ DPRINT(("dazuko: dazuko_device_release() [%d]\n", current->pid));
++
++ xp_id.pid = current->pid;
++ xp_id.tgid = current->tgid;
++ xp_id.file = file;
++ xp_id.current_p = current;
++ xp_id.files = current->files;
++
++ return dazuko_unregister_daemon(&xp_id);
++}
++
++
++/* init/exit */
++
++static int __init linux_dazuko_init(void)
++{
++ return dazuko_init();
++}
++
++static void __exit linux_dazuko_exit(void)
++{
++ dazuko_exit();
++}
++
++
++MODULE_AUTHOR("Avira GmbH <[EMAIL PROTECTED]>");
++MODULE_DESCRIPTION("allow 3rd-party file access control");
++MODULE_LICENSE("GPL");
++MODULE_INFO(vermagic, VERMAGIC_STRING);
++
++module_init(linux_dazuko_init);
++module_exit(linux_dazuko_exit);
+--
+1.5.4.rc4.25.g81cc-dirty
+
diff --git
a/source/apps-extra/dazuko-fwlive/0003-add-enable-redirfs-to-build-Dazuko-as-a-RedirF.patch
b/source/apps-extra/dazuko-fwlive/0003-add-enable-redirfs-to-build-Dazuko-as-a-RedirF.patch
new file mode 100644
index 0000000..a2448e3
--- /dev/null
+++
b/source/apps-extra/dazuko-fwlive/0003-add-enable-redirfs-to-build-Dazuko-as-a-RedirF.patch
@@ -0,0 +1,127 @@
+From b39f2f1f24f1a508c30356b0ee64aaa68f54e8a1 Mon Sep 17 00:00:00 2001
+From: ogman <ogman>
+Date: Wed, 12 Dec 2007 17:07:11 +0000
+Subject: [PATCH] - add "--enable-redirfs" to build Dazuko as a RedirFS filter
+ - change "--without-dep" to be the default
+
+---
+ configure | 41 +++++++++++++++++++++++++++++++++--------
+ 1 files changed, 33 insertions(+), 8 deletions(-)
+
+diff --git a/configure b/configure
+index 17168f1..d300fce 100755
+--- a/configure
++++ b/configure
+@@ -74,6 +74,7 @@ print_help()
+ echo " --disable-compat1 disable 1.x compatibility
(IO/Linux only)"
+ echo " --enable-debug print extra debug information"
+ echo " --enable-syscalls hook syscalls, not LSM (Linux
2.6 only)"
++ echo " --enable-redirfs use RedirFS (Linux 2.6 only)"
+ echo ""
+ echo "optional packages"
+ echo " --with-PACKAGE use PACKAGE"
+@@ -81,7 +82,7 @@ print_help()
+ echo " --without-module do not build kernel module"
+ echo " --without-library do not build library"
+ echo " --without-example-c do not build C example"
+- echo " --without-dep do not build dependencies
(Linux only)"
++ echo " --with-dep build dependencies (Linux only)"
+ echo " --with-example-java build Java example"
+ echo " --with-example-perl build Perl example"
+ echo " --with-example-python build Python example"
+@@ -407,7 +408,18 @@ check_use_parent()
+
+ do_linux26()
+ {
+- if [ $LINUX26_USE_SYSCALLS -eq 0 ]
++ if [ $LINUX26_USE_SYSCALLS -eq 0 -a $LINUX26_USE_REDIRFS -eq 1 ]
++ then
++ echo -n "checking for RedirFS source code... "
++ if [ ! -f "../redirfs/redirfs.h" ]
++ then
++ echo "not found"
++ echo "error: please make sure the RedirFS code is
available as ../redirfs/"
++ exit 1
++ fi
++ echo "found (../redirfs)"
++
++ elif [ $LINUX26_USE_SYSCALLS -eq 0 -a $LINUX26_USE_REDIRFS -eq 0 ]
+ then
+ echo -n "checking if security module support is enabled... "
+ if [ $CONFIG_SECURITY -eq 0 ]
+@@ -690,25 +702,25 @@ do_linux26()
+
+ if [ $ON_CLOSE -ne 0 -a $LINUX26_USE_SYSCALLS -eq 0 ]
+ then
+- echo "disabling ON_CLOSE events (not available for Linux 2.6
LSM)"
++ echo "disabling ON_CLOSE events (not available for Linux 2.6
LSM/RedirFS)"
+ ON_CLOSE=0
+ fi
+
+ if [ ${ON_UNLINK} -ne 0 -a $LINUX26_USE_SYSCALLS -eq 0 ]
+ then
+- echo "disabling ON_UNLINK events (not available for Linux 2.6
LSM)"
++ echo "disabling ON_UNLINK events (not available for Linux 2.6
LSM/RedirFS)"
+ ON_UNLINK=0
+ fi
+
+ if [ ${ON_RMDIR} -ne 0 -a $LINUX26_USE_SYSCALLS -eq 0 ]
+ then
+- echo "disabling ON_RMDIR events (not available for Linux 2.6
LSM)"
++ echo "disabling ON_RMDIR events (not available for Linux 2.6
LSM/RedirFS)"
+ ON_RMDIR=0
+ fi
+
+ if [ ${ON_CLOSE_MODIFIED} -ne 0 -a $LINUX26_USE_SYSCALLS -eq 0 ]
+ then
+- echo "disabling ON_CLOSE_MODIFIED events (not available for
Linux 2.6 LSM)"
++ echo "disabling ON_CLOSE_MODIFIED events (not available for
Linux 2.6 LSM/RedirFS)"
+ ON_CLOSE_MODIFIED=0
+ fi
+
+@@ -716,7 +728,12 @@ do_linux26()
+
+ if [ ${LINUX26_USE_SYSCALLS} -eq 0 ]
+ then
+- LINUX26_OBJS="dazuko_linux26.o"
++ if [ ${LINUX26_USE_REDIRFS} -eq 0 ]
++ then
++ LINUX26_OBJS="dazuko_linux26.o"
++ else
++ LINUX26_OBJS="dazuko_redirfs.o"
++ fi
+ echo "EXTRA_CFLAGS += -Wall -DLINUX26_SUPPORT" > Makefile
+ else
+ LINUX26_OBJS="dazuko_linux.o"
+@@ -1460,12 +1477,13 @@ LINUX26_USE_SYSCALLS=0
+ PERFORM_SCT_CHECK=1
+ LINUX26_SYSCALLTABLE_READONLY=0
+ LINUX26_SYSCALL_CFLAGS=""
+-WITH_LINUX_DEP=1
++WITH_LINUX_DEP=0
+ NO_CAPABILITIES=0
+ SMP=0
+ HIDDEN_SCT=0
+ DUMMYOS=0
+ LSM_STACKING=1
++LINUX26_USE_REDIRFS=0
+ LOCAL_DPATH=2
+ LINUX_SRC=""
+ LINUX_OBJ=""
+@@ -1549,6 +1567,13 @@ do
+ --disable-syscalls)
+ LINUX26_USE_SYSCALLS=0
+ ;;
++ --enable-redirfs)
++ LINUX26_USE_REDIRFS=1
++ LSM_STACKING=0
++ ;;
++ --disable-redirfs)
++ LINUX26_USE_REDIRFS=0
++ ;;
+ --sct-nocheck)
+ PERFORM_SCT_CHECK=0
+ ;;
+--
+1.5.4.rc4.25.g81cc-dirty
+
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
