update

934744b6 · zchang8 · 559998c0 · 934744b6
Commit 934744b6 authored 5 years ago by zchang8
--- a/mp4-LSM/mp4.c
+++ b/mp4-LSM/mp4.c
@@ -33,30 +33,37 @@ static int get_inode_sid(struct inode *inode)
 	int xattr_cred;
 	if(!inode){
-		pr_alert("input inode structure is nullptr at get_inode_sid\n");
+		if(printk_ratelimit()){
+			pr_alert("input inode structure is nullptr at get_inode_sid\n");
+		}
 		return -1;
 	}
-	if(!inode->i_op->getxattr){
+	if(!(inode->i_op->getxattr)){
 		// not impletment handler
-		pr_alert("input inode structure does not impletment getxattr\n");
+		if(printk_ratelimit()){
+			pr_alert("input inode structure does not impletment getxattr\n");
+		}
 		return MP4_NO_ACCESS;
 	}
 	dentry = d_find_alias(inode);
 	if(!dentry){
-		pr_alert("cannot find dentry for inode at get_inode_sid\n");
+		if(printk_ratelimit()){
-		dput(dentry);
+			pr_alert("cannot find dentry for inode at get_inode_sid\n");
+		}
 		return -1;
 	}
 	buf = kmalloc(XATTR_LEN, GFP_KERNEL);
 	if(!buf){
-		pr_alert("fail to allocate memory for xattr buf entry at get_inode_sid");
+		if(printk_ratelimit()){
+			pr_alert("fail to allocate memory for xattr buf entry at get_inode_sid");
+		}
 		dput(dentry);
 		return -ENOMEM;
 	}
-	buf[XATTR_LEN] = '\0';
+	buf[XATTR_LEN - 1] = '\0';
 	rc = inode->i_op->getxattr(dentry, XATTR_NAME_MP4, buf, XATTR_LEN);
 	dput(dentry);
@@ -89,17 +96,23 @@ static int mp4_bprm_set_creds(struct linux_binprm *bprm)
 	int sec_flags;
 	if(!bprm){
-		pr_alert("input bprm is null at mp4_bprm_set_creds\n");
+		if(printk_ratelimit()){
+			pr_alert("input bprm is null at mp4_bprm_set_creds\n");
+		}
 		return -EINVAL;
 	}
 	if(!bprm->cred){
-		pr_alert("input bprm's cred field is null at mp4_bprm_set_creds\n");
+		if(printk_ratelimit()){
+			pr_alert("input bprm's cred field is null at mp4_bprm_set_creds\n");
+		}
 		return -EINVAL;
 	}
 	sec = bprm->cred->security;
 	if(!sec){
-		pr_debug("input bprm's security field is null, create blank one at mp4_bprm_set_creds\n");
+		if(printk_ratelimit()){
+			pr_debug("input bprm's security field is null, create blank one at mp4_bprm_set_creds\n");
+		}
 		mp4_cred_alloc_blank(bprm->cred, GFP_KERNEL);
 		sec = bprm->cred->security;
 	}
@@ -128,7 +141,9 @@ static int mp4_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 	//Sanitizing input
 	if(!cred){
-		pr_alert("input cred structure is nullptr\n");
+		if(printk_ratelimit()){
+			pr_alert("input cred structure is nullptr\n");
+		}
 		return -EINVAL;
 	}
@@ -290,13 +305,17 @@ static int mp4_has_permission(int ssid, int osid, int mask)
 	{
 	case MP4_NO_ACCESS:
 		{
-			pr_info("with labeled object: illegal request to MP4_NO_ACCESS but with mask 0x%x\n", mask);
+			if(printk_ratelimit()){
+				pr_info("with labeled object: illegal request to MP4_NO_ACCESS but with mask 0x%x\n", mask);
+			}
 			return -1;
 		}
 	case MP4_WRITE_OBJ:
 		{
 			if(mask & (MAY_READ | MAY_EXEC)){
-				pr_info("with labeled object: illegal request to MP4_WRITE_OBJ but with mask 0x%x\n", mask);
+				if(printk_ratelimit()){
+					pr_info("with labeled object: illegal request to MP4_WRITE_OBJ but with mask 0x%x\n", mask);
+				}
 				return -1;
 			}
 		}
@@ -304,7 +323,9 @@ static int mp4_has_permission(int ssid, int osid, int mask)
 	case MP4_READ_OBJ:
 		{
 			if(mask & (MAY_APPEND | MAY_WRITE | MAY_EXEC)){
-				pr_info("with labeled object: illegal request to MP4_READ_OBJ but with mask 0x%x\n", mask);
+				if(printk_ratelimit()){
+					pr_info("with labeled object: illegal request to MP4_READ_OBJ but with mask 0x%x\n", mask);
+				}
 				return -1;
 			}
 		}
@@ -312,15 +333,20 @@ static int mp4_has_permission(int ssid, int osid, int mask)
 	case MP4_READ_WRITE:
 		{
 			if(mask & MAY_EXEC){
-				pr_info("with labeled object: illegal request to MP4_READ_WRITE but with mask 0x%x\n", mask);
+				if(printk_ratelimit()){
+					pr_info("with labeled object: illegal request to MP4_READ_WRITE but with mask 0x%x\n", mask);
+				}
 				return -1;
 			}
 		}
 		break;
 	case MP4_EXEC_OBJ:
 		{
 			if(mask & (MAY_APPEND | MAY_WRITE)){
-				pr_info("with labeled object: illegal request to MP4_EXEC_OBJ but with mask 0x%x\n", mask);
+				if(printk_ratelimit()){
+					pr_info("with labeled object: illegal request to MP4_EXEC_OBJ but with mask 0x%x\n", mask);
+				}
 				return -1;
 			}
 		}
@@ -328,7 +354,9 @@ static int mp4_has_permission(int ssid, int osid, int mask)
 	case MP4_READ_DIR:
 		{
 			if(mask & (MAY_APPEND | MAY_WRITE)){
-				pr_info("with labeled object: illegal request to MP4_READ_DIR but with mask 0x%x\n", mask);
+				if(printk_ratelimit()){
+					pr_info("with labeled object: illegal request to MP4_READ_DIR but with mask 0x%x\n", mask);
+				}
 				return -1;
 			}	
 		}
@@ -352,7 +380,9 @@ static int mp4_has_permission(int ssid, int osid, int mask)
 		case MP4_WRITE_OBJ:
 			{
 				if(mask & (MAY_APPEND | MAY_WRITE | MAY_EXEC)){
-					pr_info("without labeled object: illegal request to MP4_WRITE_OBJ but with mask 0x%x\n", mask);
+					if(printk_ratelimit()){
+						pr_info("without labeled object: illegal request to MP4_WRITE_OBJ but with mask 0x%x\n", mask);
+					}
 					return -1;
 				}
 			}
@@ -360,7 +390,9 @@ static int mp4_has_permission(int ssid, int osid, int mask)
 		case MP4_READ_OBJ:
 			{
 				if(mask & (MAY_APPEND | MAY_WRITE | MAY_EXEC)){
-					pr_info("without labeled object: illegal request to MP4_READ_OBJ but with mask 0x%x\n", mask);
+					if(printk_ratelimit()){
+						pr_info("without labeled object: illegal request to MP4_READ_OBJ but with mask 0x%x\n", mask);
+					}
 					return -1;
 				}
 			}
@@ -368,7 +400,9 @@ static int mp4_has_permission(int ssid, int osid, int mask)
 		case MP4_READ_WRITE:
 			{
 				if(mask & (MAY_APPEND | MAY_WRITE | MAY_EXEC)){
-					pr_info("without labeled object: illegal request to MP4_READ_WRITE but with mask 0x%x\n", mask);
+					if(printk_ratelimit()){
+						pr_info("without labeled object: illegal request to MP4_READ_WRITE but with mask 0x%x\n", mask);
+					}
 					return -1;
 				}
 			}
@@ -376,7 +410,9 @@ static int mp4_has_permission(int ssid, int osid, int mask)
 		case MP4_EXEC_OBJ:
 			{
 				if(mask & (MAY_APPEND | MAY_WRITE)){
-					pr_info("without labeled object: illegal request to MP4_EXEC_OBJ but with mask 0x%x\n", mask);
+					if(printk_ratelimit()){
+						pr_info("without labeled object: illegal request to MP4_EXEC_OBJ but with mask 0x%x\n", mask);
+					}
 					return -1;
 				}
 			}
@@ -440,17 +476,23 @@ static int mp4_inode_permission(struct inode *inode, int mask)
 	// If the current task credential or its security context is NULL
 	if (!current_cred()) {
-		pr_alert("current_cred is null at mp4_inode_init_security\n");
+		if(printk_ratelimit()){
+			pr_alert("current_cred is null at mp4_inode_init_security\n");
+		}
 	    return -EACCES;
 	}
 	if (!current_cred()->security) {
-		pr_alert("current_cred-> security is null at mp4_inode_init_security\n");
+		if(printk_ratelimit()){
+			pr_alert("current_cred-> security is null at mp4_inode_init_security\n");
+		}
 	    return -EACCES;
 	}
 	cur_sec = current_cred()->security;
 	if(!cur_sec){
-		pr_alert("current sec is null at mp4_inode_init_security\n");
+		if(printk_ratelimit()){
+			pr_alert("current sec is null at mp4_inode_init_security\n");
+		}
 		return 0;
 	}