16 |
.learning = &ccs_default_profile.preference, |
.learning = &ccs_default_profile.preference, |
17 |
.permissive = &ccs_default_profile.preference, |
.permissive = &ccs_default_profile.preference, |
18 |
.enforcing = &ccs_default_profile.preference, |
.enforcing = &ccs_default_profile.preference, |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
|
19 |
.audit = &ccs_default_profile.preference, |
.audit = &ccs_default_profile.preference, |
20 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
21 |
.preference.audit_max_grant_log = CONFIG_CCSECURITY_MAX_GRANT_LOG, |
.preference.audit_max_grant_log = CONFIG_CCSECURITY_MAX_GRANT_LOG, |
22 |
.preference.audit_max_reject_log = CONFIG_CCSECURITY_MAX_REJECT_LOG, |
.preference.audit_max_reject_log = CONFIG_CCSECURITY_MAX_REJECT_LOG, |
23 |
#endif |
#endif |
265 |
ptr = ccs_profile_ptr[profile]; |
ptr = ccs_profile_ptr[profile]; |
266 |
if (!ptr && ccs_memory_ok(entry, sizeof(*entry))) { |
if (!ptr && ccs_memory_ok(entry, sizeof(*entry))) { |
267 |
ptr = entry; |
ptr = entry; |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
|
268 |
ptr->audit = &ccs_default_profile.preference; |
ptr->audit = &ccs_default_profile.preference; |
|
#endif |
|
269 |
ptr->learning = &ccs_default_profile.preference; |
ptr->learning = &ccs_default_profile.preference; |
270 |
ptr->permissive = &ccs_default_profile.preference; |
ptr->permissive = &ccs_default_profile.preference; |
271 |
ptr->enforcing = &ccs_default_profile.preference; |
ptr->enforcing = &ccs_default_profile.preference; |
354 |
value = 0; |
value = 0; |
355 |
else |
else |
356 |
value = -1; |
value = -1; |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
|
357 |
if (!strcmp(data, "PREFERENCE::audit")) { |
if (!strcmp(data, "PREFERENCE::audit")) { |
358 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
359 |
char *cp2; |
char *cp2; |
360 |
|
#endif |
361 |
if (use_default) { |
if (use_default) { |
362 |
profile->audit = &ccs_default_profile.preference; |
profile->audit = &ccs_default_profile.preference; |
363 |
return 0; |
return 0; |
364 |
} |
} |
365 |
profile->audit = &profile->preference; |
profile->audit = &profile->preference; |
366 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
367 |
cp2 = strstr(cp, "max_grant_log="); |
cp2 = strstr(cp, "max_grant_log="); |
368 |
if (cp2) |
if (cp2) |
369 |
sscanf(cp2 + 14, "%u", |
sscanf(cp2 + 14, "%u", |
372 |
if (cp2) |
if (cp2) |
373 |
sscanf(cp2 + 15, "%u", |
sscanf(cp2 + 15, "%u", |
374 |
&profile->preference.audit_max_reject_log); |
&profile->preference.audit_max_reject_log); |
375 |
|
#endif |
376 |
if (strstr(cp, "task_info=yes")) |
if (strstr(cp, "task_info=yes")) |
377 |
profile->preference.audit_task_info = true; |
profile->preference.audit_task_info = true; |
378 |
else if (strstr(cp, "task_info=no")) |
else if (strstr(cp, "task_info=no")) |
383 |
profile->preference.audit_path_info = false; |
profile->preference.audit_path_info = false; |
384 |
return 0; |
return 0; |
385 |
} |
} |
|
#endif |
|
386 |
if (!strcmp(data, "PREFERENCE::enforcing")) { |
if (!strcmp(data, "PREFERENCE::enforcing")) { |
387 |
char *cp2; |
char *cp2; |
388 |
if (use_default) { |
if (use_default) { |
511 |
if (head->read_bit) |
if (head->read_bit) |
512 |
goto body; |
goto body; |
513 |
ccs_io_printf(head, "PROFILE_VERSION=%s\n", "20090903"); |
ccs_io_printf(head, "PROFILE_VERSION=%s\n", "20090903"); |
514 |
|
ccs_io_printf(head, "PREFERENCE::audit={ " |
515 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
516 |
|
"max_grant_log=%u max_reject_log=%u " |
517 |
|
#endif |
518 |
|
"task_info=%s path_info=%s }\n", |
519 |
#ifdef CONFIG_CCSECURITY_AUDIT |
#ifdef CONFIG_CCSECURITY_AUDIT |
|
ccs_io_printf(head, "PREFERENCE::audit={ max_grant_log=%u " |
|
|
"max_reject_log=%u task_info=%s path_info=%s }\n", |
|
520 |
ccs_default_profile.preference.audit_max_grant_log, |
ccs_default_profile.preference.audit_max_grant_log, |
521 |
ccs_default_profile.preference.audit_max_reject_log, |
ccs_default_profile.preference.audit_max_reject_log, |
522 |
|
#endif |
523 |
ccs_yesno(ccs_default_profile.preference. |
ccs_yesno(ccs_default_profile.preference. |
524 |
audit_task_info), |
audit_task_info), |
525 |
ccs_yesno(ccs_default_profile.preference. |
ccs_yesno(ccs_default_profile.preference. |
526 |
audit_path_info)); |
audit_path_info)); |
|
#endif |
|
527 |
ccs_io_printf(head, "PREFERENCE::learning={ verbose=%s max_entry=%u " |
ccs_io_printf(head, "PREFERENCE::learning={ verbose=%s max_entry=%u " |
528 |
"exec.realpath=%s exec.argv0=%s symlink.target=%s }\n", |
"exec.realpath=%s exec.argv0=%s symlink.target=%s }\n", |
529 |
ccs_yesno(ccs_default_profile.preference. |
ccs_yesno(ccs_default_profile.preference. |
601 |
goto out; |
goto out; |
602 |
#endif |
#endif |
603 |
} |
} |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
|
604 |
if (profile->audit != &ccs_default_profile.preference && |
if (profile->audit != &ccs_default_profile.preference && |
605 |
!ccs_io_printf(head, "%u-PREFERENCE::audit={ " |
!ccs_io_printf(head, "%u-PREFERENCE::audit={ " |
606 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
607 |
"max_grant_log=%u max_reject_log=%u " |
"max_grant_log=%u max_reject_log=%u " |
608 |
|
#endif |
609 |
"task_info=%s path_info=%s }\n", index, |
"task_info=%s path_info=%s }\n", index, |
610 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
611 |
profile->preference.audit_max_grant_log, |
profile->preference.audit_max_grant_log, |
612 |
profile->preference.audit_max_reject_log, |
profile->preference.audit_max_reject_log, |
613 |
|
#endif |
614 |
ccs_yesno(profile->preference. |
ccs_yesno(profile->preference. |
615 |
audit_task_info), |
audit_task_info), |
616 |
ccs_yesno(profile->preference. |
ccs_yesno(profile->preference. |
617 |
audit_path_info))) |
audit_path_info))) |
618 |
goto out; |
goto out; |
|
#endif |
|
619 |
if (profile->learning != &ccs_default_profile.preference && |
if (profile->learning != &ccs_default_profile.preference && |
620 |
!ccs_io_printf(head, "%u-PREFERENCE::learning={ " |
!ccs_io_printf(head, "%u-PREFERENCE::learning={ " |
621 |
"verbose=%s max_entry=%u exec.realpath=%s " |
"verbose=%s max_entry=%u exec.realpath=%s " |