オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.7.x/ccs-patch/security/ccsecurity/internal.h

Contents of /trunk/1.7.x/ccs-patch/security/ccsecurity/internal.h

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3519 - (show annotations) (download) (as text)
Sun Mar 21 08:31:39 2010 UTC (14 years, 1 month ago) by kumaneko
File MIME type: text/x-chdr
File size: 38237 byte(s) 
Improve garbage collector.
1 /*
2 * security/ccsecurity/internal.h
3 *
4 * Copyright (C) 2005-2010 NTT DATA CORPORATION
5 *
6 * Version: 1.7.2-pre 2010/03/21
7 *
8 * This file is applicable to both 2.4.30 and 2.6.11 and later.
9 * See README.ccs for ChangeLog.
10 *
11 */
12
13 #ifndef _SECURITY_CCSECURITY_INTERNAL_H
14 #define _SECURITY_CCSECURITY_INTERNAL_H
15
16 #include <linux/string.h>
17 #include <linux/mm.h>
18 #include <linux/utime.h>
19 #include <linux/file.h>
20 #include <linux/smp_lock.h>
21 #include <linux/module.h>
22 #include <linux/init.h>
23 #include <linux/slab.h>
24 #include <linux/poll.h>
25 #include <linux/binfmts.h>
26 #include <asm/uaccess.h>
27 #include <stdarg.h>
28 #include <linux/delay.h>
29 #include <linux/sched.h>
30 #include <linux/version.h>
31 #include <linux/in6.h>
32 #include <linux/ccsecurity.h>
33 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 5, 0)
34 #include <linux/fs.h>
35 #endif
36 #include "compat.h"
37
38 /* Prototype definition for "struct ccsecurity_operations". */
39
40 void __init ccs_policy_io_init(void);
41 void __init ccs_mm_init(void);
42 void __init ccs_domain_init(void);
43 void __init ccs_file_init(void);
44 void __init ccs_network_init(void);
45 void __init ccs_signal_init(void);
46 void __init ccs_capability_init(void);
47 void __init ccs_mount_init(void);
48 void __init ccs_maymount_init(void);
49 void __init ccs_autobind_init(void);
50 void __init ccs_gc_init(void);
51
52 /* Index numbers for Access Controls. */
53 enum ccs_acl_entry_type_index {
54 CCS_TYPE_PATH_ACL,
55 CCS_TYPE_PATH2_ACL,
56 CCS_TYPE_PATH_NUMBER_ACL,
57 CCS_TYPE_PATH_NUMBER3_ACL,
58 CCS_TYPE_ENV_ACL,
59 CCS_TYPE_CAPABILITY_ACL,
60 CCS_TYPE_IP_NETWORK_ACL,
61 CCS_TYPE_SIGNAL_ACL,
62 CCS_TYPE_MOUNT_ACL,
63 CCS_TYPE_EXECUTE_HANDLER,
64 CCS_TYPE_DENIED_EXECUTE_HANDLER
65 };
66
67 /*
68 * CCS_TYPE_READ_WRITE is special. CCS_TYPE_READ_WRITE is automatically set if
69 * both CCS_TYPE_READ and CCS_TYPE_WRITE are set. Both CCS_TYPE_READ and
70 * CCS_TYPE_WRITE are automatically set if CCS_TYPE_READ_WRITE is set.
71 * CCS_TYPE_READ_WRITE is automatically cleared if either CCS_TYPE_READ or
72 * CCS_TYPE_WRITE is cleared. Both CCS_TYPE_READ and CCS_TYPE_WRITE are
73 * automatically cleared if CCS_TYPE_READ_WRITE is cleared.
74 */
75
76 enum ccs_path_acl_index {
77 CCS_TYPE_READ_WRITE,
78 CCS_TYPE_EXECUTE,
79 CCS_TYPE_READ,
80 CCS_TYPE_WRITE,
81 CCS_TYPE_UNLINK,
82 CCS_TYPE_RMDIR,
83 CCS_TYPE_TRUNCATE,
84 CCS_TYPE_SYMLINK,
85 CCS_TYPE_REWRITE,
86 CCS_TYPE_CHROOT,
87 CCS_TYPE_UMOUNT,
88 CCS_TYPE_TRANSIT,
89 CCS_MAX_PATH_OPERATION
90 };
91
92 enum ccs_path_number3_acl_index {
93 CCS_TYPE_MKBLOCK,
94 CCS_TYPE_MKCHAR,
95 CCS_MAX_PATH_NUMBER3_OPERATION
96 };
97
98 enum ccs_path2_acl_index {
99 CCS_TYPE_LINK,
100 CCS_TYPE_RENAME,
101 CCS_TYPE_PIVOT_ROOT,
102 CCS_MAX_PATH2_OPERATION
103 };
104
105 enum ccs_path_number_acl_index {
106 CCS_TYPE_CREATE,
107 CCS_TYPE_MKDIR,
108 CCS_TYPE_MKFIFO,
109 CCS_TYPE_MKSOCK,
110 CCS_TYPE_IOCTL,
111 CCS_TYPE_CHMOD,
112 CCS_TYPE_CHOWN,
113 CCS_TYPE_CHGRP,
114 CCS_MAX_PATH_NUMBER_OPERATION
115 };
116
117 enum ccs_network_acl_index {
118 CCS_NETWORK_UDP_BIND, /* UDP's bind() operation. */
119 CCS_NETWORK_UDP_CONNECT, /* UDP's connect()/send()/recv() operation. */
120 CCS_NETWORK_TCP_BIND, /* TCP's bind() operation. */
121 CCS_NETWORK_TCP_LISTEN, /* TCP's listen() operation. */
122 CCS_NETWORK_TCP_CONNECT, /* TCP's connect() operation. */
123 CCS_NETWORK_TCP_ACCEPT, /* TCP's accept() operation. */
124 CCS_NETWORK_RAW_BIND, /* IP's bind() operation. */
125 CCS_NETWORK_RAW_CONNECT, /* IP's connect()/send()/recv() operation. */
126 CCS_MAX_NETWORK_OPERATION
127 };
128
129 enum ccs_ip_address_type {
130 CCS_IP_ADDRESS_TYPE_ADDRESS_GROUP,
131 CCS_IP_ADDRESS_TYPE_IPv4,
132 CCS_IP_ADDRESS_TYPE_IPv6
133 };
134
135 /* Indexes for /proc/ccs/ interfaces. */
136 enum ccs_proc_interface_index {
137 CCS_DOMAINPOLICY,
138 CCS_EXCEPTIONPOLICY,
139 CCS_DOMAIN_STATUS,
140 CCS_PROCESS_STATUS,
141 CCS_MEMINFO,
142 CCS_GRANTLOG,
143 CCS_REJECTLOG,
144 CCS_SELFDOMAIN,
145 CCS_VERSION,
146 CCS_PROFILE,
147 CCS_QUERY,
148 CCS_MANAGER,
149 CCS_EXECUTE_HANDLER
150 };
151
152 enum ccs_mac_index {
153 CCS_MAC_FILE_EXECUTE,
154 CCS_MAC_FILE_OPEN,
155 CCS_MAC_FILE_CREATE,
156 CCS_MAC_FILE_UNLINK,
157 CCS_MAC_FILE_MKDIR,
158 CCS_MAC_FILE_RMDIR,
159 CCS_MAC_FILE_MKFIFO,
160 CCS_MAC_FILE_MKSOCK,
161 CCS_MAC_FILE_TRUNCATE,
162 CCS_MAC_FILE_SYMLINK,
163 CCS_MAC_FILE_REWRITE,
164 CCS_MAC_FILE_MKBLOCK,
165 CCS_MAC_FILE_MKCHAR,
166 CCS_MAC_FILE_LINK,
167 CCS_MAC_FILE_RENAME,
168 CCS_MAC_FILE_CHMOD,
169 CCS_MAC_FILE_CHOWN,
170 CCS_MAC_FILE_CHGRP,
171 CCS_MAC_FILE_IOCTL,
172 CCS_MAC_FILE_CHROOT,
173 CCS_MAC_FILE_MOUNT,
174 CCS_MAC_FILE_UMOUNT,
175 CCS_MAC_FILE_PIVOT_ROOT,
176 CCS_MAC_FILE_TRANSIT,
177 CCS_MAC_NETWORK_UDP_BIND,
178 CCS_MAC_NETWORK_UDP_CONNECT,
179 CCS_MAC_NETWORK_TCP_BIND,
180 CCS_MAC_NETWORK_TCP_LISTEN,
181 CCS_MAC_NETWORK_TCP_CONNECT,
182 CCS_MAC_NETWORK_TCP_ACCEPT,
183 CCS_MAC_NETWORK_RAW_BIND,
184 CCS_MAC_NETWORK_RAW_CONNECT,
185 CCS_MAC_ENVIRON,
186 CCS_MAC_SIGNAL,
187 CCS_MAX_MAC_INDEX
188 };
189
190 enum ccs_mac_category_index {
191 CCS_MAC_CATEGORY_FILE,
192 CCS_MAC_CATEGORY_NETWORK,
193 CCS_MAC_CATEGORY_MISC,
194 CCS_MAC_CATEGORY_IPC,
195 CCS_MAC_CATEGORY_CAPABILITY,
196 CCS_MAX_MAC_CATEGORY_INDEX
197 };
198
199 enum ccs_conditions_index {
200 CCS_TASK_UID, /* current_uid() */
201 CCS_TASK_EUID, /* current_euid() */
202 CCS_TASK_SUID, /* current_suid() */
203 CCS_TASK_FSUID, /* current_fsuid() */
204 CCS_TASK_GID, /* current_gid() */
205 CCS_TASK_EGID, /* current_egid() */
206 CCS_TASK_SGID, /* current_sgid() */
207 CCS_TASK_FSGID, /* current_fsgid() */
208 CCS_TASK_PID, /* sys_getpid() */
209 CCS_TASK_PPID, /* sys_getppid() */
210 CCS_EXEC_ARGC, /* "struct linux_binprm *"->argc */
211 CCS_EXEC_ENVC, /* "struct linux_binprm *"->envc */
212 CCS_TASK_STATE_0, /* (u8) (current->ccs_flags >> 24) */
213 CCS_TASK_STATE_1, /* (u8) (current->ccs_flags >> 16) */
214 CCS_TASK_STATE_2, /* (u8) (task->ccs_flags >> 8) */
215 CCS_TYPE_IS_SOCKET, /* S_IFSOCK */
216 CCS_TYPE_IS_SYMLINK, /* S_IFLNK */
217 CCS_TYPE_IS_FILE, /* S_IFREG */
218 CCS_TYPE_IS_BLOCK_DEV, /* S_IFBLK */
219 CCS_TYPE_IS_DIRECTORY, /* S_IFDIR */
220 CCS_TYPE_IS_CHAR_DEV, /* S_IFCHR */
221 CCS_TYPE_IS_FIFO, /* S_IFIFO */
222 CCS_MODE_SETUID, /* S_ISUID */
223 CCS_MODE_SETGID, /* S_ISGID */
224 CCS_MODE_STICKY, /* S_ISVTX */
225 CCS_MODE_OWNER_READ, /* S_IRUSR */
226 CCS_MODE_OWNER_WRITE, /* S_IWUSR */
227 CCS_MODE_OWNER_EXECUTE, /* S_IXUSR */
228 CCS_MODE_GROUP_READ, /* S_IRGRP */
229 CCS_MODE_GROUP_WRITE, /* S_IWGRP */
230 CCS_MODE_GROUP_EXECUTE, /* S_IXGRP */
231 CCS_MODE_OTHERS_READ, /* S_IROTH */
232 CCS_MODE_OTHERS_WRITE, /* S_IWOTH */
233 CCS_MODE_OTHERS_EXECUTE, /* S_IXOTH */
234 CCS_TASK_TYPE, /* ((u8) task->ccs_flags) &
235 CCS_TASK_IS_EXECUTE_HANDLER */
236 CCS_TASK_EXECUTE_HANDLER, /* CCS_TASK_IS_EXECUTE_HANDLER */
237 CCS_EXEC_REALPATH,
238 CCS_SYMLINK_TARGET,
239 CCS_PATH1_UID,
240 CCS_PATH1_GID,
241 CCS_PATH1_INO,
242 CCS_PATH1_MAJOR,
243 CCS_PATH1_MINOR,
244 CCS_PATH1_PERM,
245 CCS_PATH1_TYPE,
246 CCS_PATH1_DEV_MAJOR,
247 CCS_PATH1_DEV_MINOR,
248 CCS_PATH2_UID,
249 CCS_PATH2_GID,
250 CCS_PATH2_INO,
251 CCS_PATH2_MAJOR,
252 CCS_PATH2_MINOR,
253 CCS_PATH2_PERM,
254 CCS_PATH2_TYPE,
255 CCS_PATH2_DEV_MAJOR,
256 CCS_PATH2_DEV_MINOR,
257 CCS_PATH1_PARENT_UID,
258 CCS_PATH1_PARENT_GID,
259 CCS_PATH1_PARENT_INO,
260 CCS_PATH1_PARENT_PERM,
261 CCS_PATH2_PARENT_UID,
262 CCS_PATH2_PARENT_GID,
263 CCS_PATH2_PARENT_INO,
264 CCS_PATH2_PARENT_PERM,
265 CCS_MAX_CONDITION_KEYWORD,
266 CCS_NUMBER_UNION,
267 CCS_NAME_UNION,
268 CCS_ARGV_ENTRY,
269 CCS_ENVP_ENTRY
270 };
271
272 /* Keywords for ACLs. */
273 #define CCS_KEYWORD_ADDRESS_GROUP "address_group "
274 #define CCS_KEYWORD_AGGREGATOR "aggregator "
275 #define CCS_KEYWORD_ALLOW_CAPABILITY "allow_capability "
276 #define CCS_KEYWORD_ALLOW_ENV "allow_env "
277 #define CCS_KEYWORD_ALLOW_IOCTL "allow_ioctl "
278 #define CCS_KEYWORD_ALLOW_CHMOD "allow_chmod "
279 #define CCS_KEYWORD_ALLOW_CHOWN "allow_chown "
280 #define CCS_KEYWORD_ALLOW_CHGRP "allow_chgrp "
281 #define CCS_KEYWORD_ALLOW_MOUNT "allow_mount "
282 #define CCS_KEYWORD_ALLOW_NETWORK "allow_network "
283 #define CCS_KEYWORD_ALLOW_READ "allow_read "
284 #define CCS_KEYWORD_ALLOW_SIGNAL "allow_signal "
285 #define CCS_KEYWORD_DELETE "delete "
286 #define CCS_KEYWORD_DENY_AUTOBIND "deny_autobind "
287 #define CCS_KEYWORD_DENY_REWRITE "deny_rewrite "
288 #define CCS_KEYWORD_FILE_PATTERN "file_pattern "
289 #define CCS_KEYWORD_INITIALIZE_DOMAIN "initialize_domain "
290 #define CCS_KEYWORD_KEEP_DOMAIN "keep_domain "
291 #define CCS_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain "
292 #define CCS_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain "
293 #define CCS_KEYWORD_PATH_GROUP "path_group "
294 #define CCS_KEYWORD_NUMBER_GROUP "number_group "
295 #define CCS_KEYWORD_SELECT "select "
296 #define CCS_KEYWORD_USE_PROFILE "use_profile "
297 #define CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read"
298 #define CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "ignore_global_allow_env"
299 #define CCS_KEYWORD_QUOTA_EXCEEDED "quota_exceeded"
300 #define CCS_KEYWORD_TRANSITION_FAILED "transition_failed"
301 #define CCS_KEYWORD_EXECUTE_HANDLER "execute_handler"
302 #define CCS_KEYWORD_DENIED_EXECUTE_HANDLER "denied_execute_handler"
303
304 /* A domain definition starts with <kernel>. */
305 #define ROOT_NAME "<kernel>"
306 #define ROOT_NAME_LEN (sizeof(ROOT_NAME) - 1)
307
308 /* Value type definition. */
309 enum ccs_value_type {
310 CCS_VALUE_TYPE_INVALID,
311 CCS_VALUE_TYPE_DECIMAL,
312 CCS_VALUE_TYPE_OCTAL,
313 CCS_VALUE_TYPE_HEXADECIMAL
314 };
315
316 #define CCS_EXEC_TMPSIZE 4096
317
318 /* Profile number is an integer between 0 and 255. */
319 #define CCS_MAX_PROFILES 256
320
321 enum ccs_mode_value {
322 CCS_CONFIG_DISABLED,
323 CCS_CONFIG_LEARNING,
324 CCS_CONFIG_PERMISSIVE,
325 CCS_CONFIG_ENFORCING,
326 CCS_CONFIG_WANT_REJECT_LOG = 64,
327 CCS_CONFIG_WANT_GRANT_LOG = 128,
328 CCS_CONFIG_USE_DEFAULT = 255
329 };
330
331 #define CCS_OPEN_FOR_READ_TRUNCATE 4
332 #define CCS_OPEN_FOR_IOCTL_ONLY 8
333 #define CCS_TASK_IS_IN_EXECVE 16
334 #define CCS_DONT_SLEEP_ON_ENFORCE_ERROR 32
335 #define CCS_TASK_IS_EXECUTE_HANDLER 64
336 #define CCS_TASK_IS_POLICY_MANAGER 128
337 /* Highest 24 bits are reserved for task.state[] conditions. */
338
339 struct dentry;
340 struct vfsmount;
341 struct in6_addr;
342
343 /**
344 * list_for_each_cookie - iterate over a list with cookie.
345 * @pos: the &struct list_head to use as a loop cursor.
346 * @cookie: the &struct list_head to use as a cookie.
347 * @head: the head for your list.
348 *
349 * Same with list_for_each_rcu() except that this primitive uses @cookie
350 * so that we can continue iteration.
351 * @cookie must be NULL when iteration starts, and @cookie will become
352 * NULL when iteration finishes.
353 */
354 #define list_for_each_cookie(pos, cookie, head) \
355 for (({ if (!cookie) \
356 cookie = head; }), \
357 pos = rcu_dereference((cookie)->next); \
358 prefetch(pos->next), pos != (head) || ((cookie) = NULL); \
359 (cookie) = pos, pos = rcu_dereference(pos->next))
360
361 struct ccs_name_union {
362 const struct ccs_path_info *filename;
363 struct ccs_path_group *group;
364 u8 is_group;
365 };
366
367 struct ccs_number_union {
368 unsigned long values[2];
369 struct ccs_number_group *group;
370 u8 min_type;
371 u8 max_type;
372 u8 is_group;
373 };
374
375 /* Structure for "path_group" directive. */
376 struct ccs_path_group {
377 struct list_head list;
378 const struct ccs_path_info *group_name;
379 struct list_head member_list;
380 atomic_t users;
381 };
382
383 /* Structure for "number_group" directive. */
384 struct ccs_number_group {
385 struct list_head list;
386 const struct ccs_path_info *group_name;
387 struct list_head member_list;
388 atomic_t users;
389 };
390
391 /* Structure for "address_group" directive. */
392 struct ccs_address_group {
393 struct list_head list;
394 const struct ccs_path_info *group_name;
395 struct list_head member_list;
396 atomic_t users;
397 };
398
399 /* Structure for "path_group" directive. */
400 struct ccs_path_group_member {
401 struct list_head list;
402 bool is_deleted;
403 const struct ccs_path_info *member_name;
404 };
405
406 /* Structure for "number_group" directive. */
407 struct ccs_number_group_member {
408 struct list_head list;
409 bool is_deleted;
410 struct ccs_number_union number;
411 };
412
413 /* Structure for "address_group" directive. */
414 struct ccs_address_group_member {
415 struct list_head list;
416 bool is_deleted;
417 bool is_ipv6;
418 union {
419 u32 ipv4; /* Host byte order */
420 const struct in6_addr *ipv6; /* Network byte order */
421 } min, max;
422 };
423
424
425 /* Subset of "struct stat". */
426 struct ccs_mini_stat {
427 uid_t uid;
428 gid_t gid;
429 ino_t ino;
430 mode_t mode;
431 dev_t dev;
432 dev_t rdev;
433 };
434
435 /* Structure for dumping argv[] and envp[] of "struct linux_binprm". */
436 struct ccs_page_dump {
437 struct page *page; /* Previously dumped page. */
438 char *data; /* Contents of "page". Size is PAGE_SIZE. */
439 };
440
441 /* Structure for attribute checks in addition to pathname checks. */
442 struct ccs_obj_info {
443 bool validate_done;
444 bool path1_valid;
445 bool path1_parent_valid;
446 bool path2_valid;
447 bool path2_parent_valid;
448 struct path path1;
449 struct path path2;
450 struct ccs_mini_stat path1_stat;
451 /* I don't handle path2_stat for rename operation. */
452 struct ccs_mini_stat path2_stat;
453 struct ccs_mini_stat path1_parent_stat;
454 struct ccs_mini_stat path2_parent_stat;
455 struct ccs_path_info *symlink_target;
456 unsigned int dev;
457 };
458
459 struct ccs_condition_element {
460 /*
461 * Left hand operand. A "struct ccs_argv_entry" for CCS_ARGV_ENTRY, a
462 * "struct ccs_envp_entry" for CCS_ENVP_ENTRY is attached to the tail
463 * of the array of this struct.
464 */
465 u8 left;
466 /*
467 * Right hand operand. A "struct ccs_number_union" for
468 * CCS_NUMBER_UNION, a "struct ccs_name_union" for CCS_NAME_UNION is
469 * attached to the tail of the array of this struct.
470 */
471 u8 right;
472 /* Equation operator. true if equals or overlaps, false otherwise. */
473 bool equals;
474 };
475
476 /* Structure for " if " and "; set" part. */
477 struct ccs_condition {
478 struct list_head list;
479 atomic_t users;
480 u32 size;
481 u16 condc;
482 u16 numbers_count;
483 u16 names_count;
484 u16 argc;
485 u16 envc;
486 u8 post_state[4];
487 /*
488 * struct ccs_condition_element condition[condc];
489 * struct ccs_number_union values[numbers_count];
490 * struct ccs_name_union names[names_count];
491 * struct ccs_argv_entry argv[argc];
492 * struct ccs_envp_entry envp[envc];
493 */
494 };
495
496 struct ccs_execve_entry;
497
498 #define CCS_RETRY_REQUEST 1 /* Retry this request. */
499
500 /* Structure for request info. */
501 struct ccs_request_info {
502 struct ccs_domain_info *domain;
503 struct ccs_obj_info *obj;
504 struct ccs_execve_entry *ee;
505 struct ccs_condition *cond;
506 u8 retry;
507 u8 profile;
508 u8 mode;
509 u8 type;
510 };
511
512 /* Structure for holding a token. */
513 struct ccs_path_info {
514 const char *name;
515 u32 hash; /* = full_name_hash(name, strlen(name)) */
516 u16 total_len; /* = strlen(name) */
517 u16 const_len; /* = ccs_const_part_length(name) */
518 bool is_dir; /* = ccs_strendswith(name, "/") */
519 bool is_patterned; /* = const_len < total_len */
520 };
521
522 /* Structure for execve() operation. */
523 struct ccs_execve_entry {
524 struct ccs_request_info r;
525 struct ccs_obj_info obj;
526 struct linux_binprm *bprm;
527 struct ccs_domain_info *previous_domain;
528 int reader_idx;
529 /* For execute_handler */
530 const struct ccs_path_info *handler;
531 char *handler_path; /* = kstrdup(handler->name, CCS_GFP_FLAGS) */
532 /* For dumping argv[] and envp[]. */
533 struct ccs_page_dump dump;
534 /* For temporary use. */
535 char *tmp; /* Size is CCS_EXEC_TMPSIZE bytes */
536 };
537
538 /* Common header for holding ACL entries. */
539 struct ccs_acl_info {
540 struct list_head list;
541 struct ccs_condition *cond;
542 bool is_deleted;
543 u8 type; /* = one of values in "enum ccs_acl_entry_type_index" */
544 } __attribute__((__packed__));
545
546 /* Structure for domain information. */
547 struct ccs_domain_info {
548 struct list_head list;
549 struct list_head acl_info_list;
550 /* Name of this domain. Never NULL. */
551 const struct ccs_path_info *domainname;
552 u8 profile; /* Profile number to use. */
553 bool is_deleted; /* Delete flag. */
554 bool quota_warned; /* Quota warnning flag. */
555 /* Ignore "allow_read" directive in exception policy. */
556 bool ignore_global_allow_read;
557 /* Ignore "allow_env" directive in exception policy. */
558 bool ignore_global_allow_env;
559 /*
560 * This domain was unable to create a new domain at
561 * ccs_find_next_domain() because the name of the domain to be created
562 * was too long or it could not allocate memory.
563 * More than one process continued execve() without domain transition.
564 */
565 bool domain_transition_failed;
566 };
567
568 /* Structure for "allow_read" keyword. */
569 struct ccs_globally_readable_file_entry {
570 struct list_head list;
571 bool is_deleted;
572 const struct ccs_path_info *filename;
573 };
574
575 /* Structure for "file_pattern" keyword. */
576 struct ccs_pattern_entry {
577 struct list_head list;
578 bool is_deleted;
579 const struct ccs_path_info *pattern;
580 };
581
582 /* Structure for "deny_rewrite" keyword. */
583 struct ccs_no_rewrite_entry {
584 struct list_head list;
585 bool is_deleted;
586 const struct ccs_path_info *pattern;
587 };
588
589 /* Structure for "allow_env" keyword. */
590 struct ccs_globally_usable_env_entry {
591 struct list_head list;
592 bool is_deleted;
593 const struct ccs_path_info *env;
594 };
595
596 /* Structure for "initialize_domain" and "no_initialize_domain" keyword. */
597 struct ccs_domain_initializer_entry {
598 struct list_head list;
599 bool is_deleted;
600 bool is_not; /* True if this entry is "no_initialize_domain". */
601 bool is_last_name; /* True if the domainname is ccs_last_word(). */
602 const struct ccs_path_info *domainname; /* This may be NULL */
603 const struct ccs_path_info *program;
604 };
605
606 /* Structure for "keep_domain" and "no_keep_domain" keyword. */
607 struct ccs_domain_keeper_entry {
608 struct list_head list;
609 bool is_deleted;
610 bool is_not; /* True if this entry is "no_keep_domain". */
611 bool is_last_name; /* True if the domainname is ccs_last_word(). */
612 const struct ccs_path_info *domainname;
613 const struct ccs_path_info *program; /* This may be NULL */
614 };
615
616 /* Structure for "aggregator" keyword. */
617 struct ccs_aggregator_entry {
618 struct list_head list;
619 bool is_deleted;
620 const struct ccs_path_info *original_name;
621 const struct ccs_path_info *aggregated_name;
622 };
623
624 /* Structure for "allow_mount" keyword. */
625 struct ccs_mount_acl {
626 struct ccs_acl_info head; /* type = CCS_TYPE_MOUNT_ACL */
627 struct ccs_name_union dev_name;
628 struct ccs_name_union dir_name;
629 struct ccs_name_union fs_type;
630 struct ccs_number_union flags;
631 };
632
633 /* Structure for "deny_autobind" keyword. */
634 struct ccs_reserved_entry {
635 struct list_head list;
636 bool is_deleted; /* Delete flag. */
637 u16 min_port; /* Start of port number range. */
638 u16 max_port; /* End of port number range. */
639 };
640
641 /* Structure for policy manager. */
642 struct ccs_policy_manager_entry {
643 struct list_head list;
644 bool is_deleted; /* True if this entry is deleted. */
645 bool is_domain; /* True if manager is a domainname. */
646 /* A path to program or a domainname. */
647 const struct ccs_path_info *manager;
648 };
649
650 /* Structure for argv[]. */
651 struct ccs_argv_entry {
652 unsigned int index;
653 const struct ccs_path_info *value;
654 bool is_not;
655 };
656
657 /* Structure for envp[]. */
658 struct ccs_envp_entry {
659 const struct ccs_path_info *name;
660 const struct ccs_path_info *value;
661 bool is_not;
662 };
663
664 /*
665 * Structure for "execute_handler" and "denied_execute_handler" directive.
666 * These directives can exist only one entry in a domain.
667 *
668 * If "execute_handler" directive exists and the current process is not
669 * an execute handler, all execve() requests are replaced by execve() requests
670 * of a program specified by "execute_handler" directive.
671 * If the current process is an execute handler,
672 * "execute_handler" and "denied_execute_handler" directives are ignored.
673 * The program specified by "execute_handler" validates execve() parameters
674 * and executes the original execve() requests if appropriate.
675 *
676 * "denied_execute_handler" directive is used only when execve() request was
677 * rejected in enforcing mode (i.e. CONFIG::file::execute={ mode=enforcing }).
678 * The program specified by "denied_execute_handler" does whatever it wants
679 * to do (e.g. silently terminate, change firewall settings,
680 * redirect the user to honey pot etc.).
681 */
682 struct ccs_execute_handler_record {
683 struct ccs_acl_info head; /* type = CCS_TYPE_*EXECUTE_HANDLER */
684 const struct ccs_path_info *handler; /* Pointer to single pathname. */
685 };
686
687 /*
688 * Structure for "allow_read/write", "allow_execute", "allow_read",
689 * "allow_write", "allow_unlink", "allow_rmdir", "allow_truncate",
690 * "allow_symlink", "allow_rewrite", "allow_chroot" and "allow_unmount"
691 * directive.
692 */
693 struct ccs_path_acl {
694 struct ccs_acl_info head; /* type = CCS_TYPE_PATH_ACL */
695 u16 perm;
696 struct ccs_name_union name;
697 };
698
699 /* Structure for "allow_mkblock" and "allow_mkchar" directive. */
700 struct ccs_path_number3_acl {
701 struct ccs_acl_info head; /* type = CCS_TYPE_PATH_NUMBER3_ACL */
702 u8 perm;
703 struct ccs_name_union name;
704 struct ccs_number_union mode;
705 struct ccs_number_union major;
706 struct ccs_number_union minor;
707 };
708
709 /*
710 * Structure for "allow_rename", "allow_link" and "allow_pivot_root" directive.
711 */
712 struct ccs_path2_acl {
713 struct ccs_acl_info head; /* type = CCS_TYPE_PATH2_ACL */
714 u8 perm;
715 struct ccs_name_union name1;
716 struct ccs_name_union name2;
717 };
718
719 /*
720 * Structure for "allow_create", "allow_mkdir", "allow_mkfifo", "allow_mksock",
721 * "allow_ioctl", "allow_chmod", "allow_chown" and "allow_chgrp" directive.
722 */
723 struct ccs_path_number_acl {
724 struct ccs_acl_info head; /* type = CCS_TYPE_PATH_NUMBER_ACL */
725 u8 perm;
726 struct ccs_name_union name;
727 struct ccs_number_union number;
728 };
729
730 /* Structure for "allow_env" directive in domain policy. */
731 struct ccs_env_acl {
732 struct ccs_acl_info head; /* type = CCS_TYPE_ENV_ACL */
733 const struct ccs_path_info *env; /* environment variable */
734 };
735
736 /* Structure for "allow_capability" directive. */
737 struct ccs_capability_acl {
738 struct ccs_acl_info head; /* type = CCS_TYPE_CAPABILITY_ACL */
739 u8 operation;
740 };
741
742 /* Structure for "allow_signal" directive. */
743 struct ccs_signal_acl {
744 struct ccs_acl_info head; /* type = CCS_TYPE_SIGNAL_ACL */
745 u16 sig;
746 /* Pointer to destination pattern. */
747 const struct ccs_path_info *domainname;
748 };
749
750 struct ccs_ipv6addr_entry {
751 struct list_head list;
752 atomic_t users;
753 struct in6_addr addr;
754 };
755
756 /* Structure for "allow_network" directive. */
757 struct ccs_ip_network_acl {
758 struct ccs_acl_info head; /* type = CCS_TYPE_IP_NETWORK_ACL */
759 u16 perm;
760 /*
761 * address_type takes one of the following constants.
762 * CCS_IP_ADDRESS_TYPE_ADDRESS_GROUP
763 * if address points to "address_group" directive.
764 * CCS_IP_ADDRESS_TYPE_IPv4
765 * if address points to an IPv4 address.
766 * CCS_IP_ADDRESS_TYPE_IPv6
767 * if address points to an IPv6 address.
768 */
769 u8 address_type;
770 union {
771 struct {
772 /* Start of IPv4 address range. Host endian. */
773 u32 min;
774 /* End of IPv4 address range. Host endian. */
775 u32 max;
776 } ipv4;
777 struct {
778 /* Start of IPv6 address range. Big endian. */
779 const struct in6_addr *min;
780 /* End of IPv6 address range. Big endian. */
781 const struct in6_addr *max;
782 } ipv6;
783 /* Pointer to address group. */
784 struct ccs_address_group *group;
785 } address;
786 struct ccs_number_union port;
787 };
788
789 /* Structure for string data. */
790 struct ccs_name_entry {
791 struct list_head list;
792 atomic_t users;
793 int size;
794 struct ccs_path_info entry;
795 };
796
797 /* Structure for reading/writing policy via /proc interfaces. */
798 struct ccs_io_buffer {
799 void (*read) (struct ccs_io_buffer *);
800 int (*write) (struct ccs_io_buffer *);
801 int (*poll) (struct file *file, poll_table *wait);
802 /* Exclusive lock for this structure. */
803 struct mutex io_sem;
804 /* List head for allowing GC to scan. */
805 struct list_head list;
806 /* The position currently reading from. */
807 struct list_head *read_var1;
808 /* Extra variables for reading. */
809 struct list_head *read_var2;
810 /* The position currently writing to. */
811 struct ccs_domain_info *write_var1;
812 /* The step for reading. */
813 int read_step;
814 /* Buffer for reading. */
815 char *read_buf;
816 /* EOF flag for reading. */
817 bool read_eof;
818 /* Read domain ACL of specified PID? */
819 bool read_single_domain;
820 /* Read allow_execute entry only? */
821 bool read_execute_only;
822 /* Extra variable for reading. */
823 u8 read_bit;
824 /* Bytes available for reading. */
825 int read_avail;
826 /* Size of read buffer. */
827 int readbuf_size;
828 /* Buffer for writing. */
829 char *write_buf;
830 /* Bytes available for writing. */
831 int write_avail;
832 /* Size of write buffer. */
833 int writebuf_size;
834 /* Type of this interface. */
835 u8 type;
836 };
837
838 struct ccs_preference {
839 #ifdef CONFIG_CCSECURITY_AUDIT
840 unsigned int audit_max_grant_log;
841 unsigned int audit_max_reject_log;
842 #endif
843 unsigned int learning_max_entry;
844 unsigned int enforcing_penalty;
845 bool audit_task_info;
846 bool audit_path_info;
847 bool enforcing_verbose;
848 bool learning_verbose;
849 bool learning_exec_realpath;
850 bool learning_exec_argv0;
851 bool learning_symlink_target;
852 bool permissive_verbose;
853 };
854
855 struct ccs_profile {
856 const struct ccs_path_info *comment;
857 struct ccs_preference *audit;
858 struct ccs_preference *learning;
859 struct ccs_preference *permissive;
860 struct ccs_preference *enforcing;
861 struct ccs_preference preference;
862 u8 default_config;
863 u8 config[CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX
864 + CCS_MAX_MAC_CATEGORY_INDEX];
865 };
866
867 /* Prototype definition for internal use. */
868
869 bool ccs_address_matches_group(const bool is_ipv6, const u32 *address,
870 const struct ccs_address_group *group);
871 bool ccs_compare_name_union(const struct ccs_path_info *name,
872 const struct ccs_name_union *ptr);
873 bool ccs_compare_number_union(const unsigned long value,
874 const struct ccs_number_union *ptr);
875 bool ccs_condition(struct ccs_request_info *r, const struct ccs_acl_info *acl);
876 bool ccs_domain_quota_ok(struct ccs_request_info *r);
877 bool ccs_dump_page(struct linux_binprm *bprm, unsigned long pos,
878 struct ccs_page_dump *dump);
879 bool ccs_get_audit(const u8 profile, const u8 index, const bool is_granted);
880 bool ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...)
881 __attribute__ ((format(printf, 2, 3)));
882 bool ccs_is_correct_domain(const unsigned char *domainname);
883 bool ccs_is_correct_path(const char *filename, const s8 start_type,
884 const s8 pattern_type, const s8 end_type);
885 bool ccs_is_domain_def(const unsigned char *buffer);
886 bool ccs_memory_ok(const void *ptr, const unsigned int size);
887 bool ccs_number_matches_group(const unsigned long min, const unsigned long max,
888 const struct ccs_number_group *group);
889 bool ccs_parse_name_union(const char *filename, struct ccs_name_union *ptr);
890 bool ccs_parse_number_union(char *data, struct ccs_number_union *num);
891 bool ccs_path_matches_group(const struct ccs_path_info *pathname,
892 const struct ccs_path_group *group,
893 const bool may_use_pattern);
894 bool ccs_path_matches_pattern(const struct ccs_path_info *filename,
895 const struct ccs_path_info *pattern);
896 bool ccs_print_number_union(struct ccs_io_buffer *head,
897 const struct ccs_number_union *ptr);
898 bool ccs_read_address_group_policy(struct ccs_io_buffer *head);
899 bool ccs_read_aggregator_policy(struct ccs_io_buffer *head);
900 bool ccs_read_domain_initializer_policy(struct ccs_io_buffer *head);
901 bool ccs_read_domain_keeper_policy(struct ccs_io_buffer *head);
902 bool ccs_read_file_pattern(struct ccs_io_buffer *head);
903 bool ccs_read_globally_readable_policy(struct ccs_io_buffer *head);
904 bool ccs_read_globally_usable_env_policy(struct ccs_io_buffer *head);
905 bool ccs_read_no_rewrite_policy(struct ccs_io_buffer *head);
906 bool ccs_read_number_group_policy(struct ccs_io_buffer *head);
907 bool ccs_read_path_group_policy(struct ccs_io_buffer *head);
908 bool ccs_read_reserved_port_policy(struct ccs_io_buffer *head);
909 bool ccs_str_starts(char **src, const char *find);
910 bool ccs_tokenize(char *buffer, char *w[], size_t size);
911 char *ccs_encode(const char *str);
912 char *ccs_init_audit_log(int *len, struct ccs_request_info *r);
913 char *ccs_realpath_from_path(struct path *path);
914 const char *ccs_cap2keyword(const u8 operation);
915 const char *ccs_file_pattern(const struct ccs_path_info *filename);
916 const char *ccs_get_exe(void);
917 const char *ccs_last_word(const char *name);
918 const char *ccs_net2keyword(const u8 operation);
919 const char *ccs_path22keyword(const u8 operation);
920 const char *ccs_path2keyword(const u8 operation);
921 const char *ccs_path_number2keyword(const u8 operation);
922 const char *ccs_path_number32keyword(const u8 operation);
923 const struct ccs_path_info *ccs_get_name(const char *name);
924 const struct in6_addr *ccs_get_ipv6_address(const struct in6_addr *addr);
925 int ccs_close_control(struct file *file);
926 int ccs_delete_domain(char *data);
927 int ccs_env_perm(struct ccs_request_info *r, const char *env);
928 int ccs_exec_perm(struct ccs_request_info *r,
929 const struct ccs_path_info *filename);
930 int ccs_get_mode(const u8 profile, const u8 index);
931 int ccs_get_path(const char *pathname, struct path *path);
932 int ccs_init_request_info(struct ccs_request_info *r,
933 struct ccs_domain_info *domain, const u8 index);
934 int ccs_may_transit(const char *domainname, const char *pathname);
935 int ccs_open_control(const u8 type, struct file *file);
936 int ccs_parse_ip_address(char *address, u16 *min, u16 *max);
937 int ccs_path_permission(struct ccs_request_info *r, u8 operation,
938 const struct ccs_path_info *filename);
939 int ccs_poll_control(struct file *file, poll_table *wait);
940 int ccs_poll_audit_log(struct file *file, poll_table *wait);
941 int ccs_read_control(struct file *file, char __user *buffer,
942 const int buffer_len);
943 int ccs_read_lock(void);
944 int ccs_supervisor(struct ccs_request_info *r, const char *fmt, ...)
945 __attribute__ ((format(printf, 2, 3)));
946 int ccs_symlink_path(const char *pathname, struct ccs_path_info *name);
947 int ccs_write_address_group_policy(char *data, const bool is_delete);
948 int ccs_write_aggregator_policy(char *data, const bool is_delete);
949 int ccs_write_audit_log(const bool is_granted, struct ccs_request_info *r,
950 const char *fmt, ...)
951 __attribute__ ((format(printf, 3, 4)));
952 int ccs_write_capability_policy(char *data, struct ccs_domain_info *domain,
953 struct ccs_condition *condition,
954 const bool is_delete);
955 int ccs_write_control(struct file *file, const char __user *buffer,
956 const int buffer_len);
957 int ccs_write_domain_initializer_policy(char *data, const bool is_not,
958 const bool is_delete);
959 int ccs_write_domain_keeper_policy(char *data, const bool is_not,
960 const bool is_delete);
961 int ccs_write_env_policy(char *data, struct ccs_domain_info *domain,
962 struct ccs_condition *condition,
963 const bool is_delete);
964 int ccs_write_file_policy(char *data, struct ccs_domain_info *domain,
965 struct ccs_condition *condition,
966 const bool is_delete);
967 int ccs_write_globally_readable_policy(char *data, const bool is_delete);
968 int ccs_write_globally_usable_env_policy(char *data, const bool is_delete);
969 int ccs_write_memory_quota(struct ccs_io_buffer *head);
970 int ccs_write_mount_policy(char *data, struct ccs_domain_info *domain,
971 struct ccs_condition *condition,
972 const bool is_delete);
973 int ccs_write_network_policy(char *data, struct ccs_domain_info *domain,
974 struct ccs_condition *condition,
975 const bool is_delete);
976 int ccs_write_no_rewrite_policy(char *data, const bool is_delete);
977 int ccs_write_number_group_policy(char *data, const bool is_delete);
978 int ccs_write_path_group_policy(char *data, const bool is_delete);
979 int ccs_write_pattern_policy(char *data, const bool is_delete);
980 int ccs_write_reserved_port_policy(char *data, const bool is_delete);
981 int ccs_write_signal_policy(char *data, struct ccs_domain_info *domain,
982 struct ccs_condition *condition,
983 const bool is_delete);
984 size_t ccs_del_condition(struct ccs_condition *cond);
985 struct ccs_address_group *ccs_get_address_group(const char *group_name);
986 struct ccs_condition *ccs_get_condition(char * const condition);
987 struct ccs_domain_info *ccs_find_domain(const char *domainname);
988 struct ccs_domain_info *ccs_find_or_assign_new_domain(const char *domainname,
989 const u8 profile);
990 struct ccs_number_group *ccs_get_number_group(const char *group_name);
991 struct ccs_path_group *ccs_get_path_group(const char *group_name);
992 struct ccs_profile *ccs_profile(const u8 profile);
993 u8 ccs_parse_ulong(unsigned long *result, char **str);
994 void ccs_fill_path_info(struct ccs_path_info *ptr);
995 void ccs_get_attributes(struct ccs_obj_info *obj);
996 void ccs_memory_free(const void *ptr, size_t size);
997 void ccs_normalize_line(unsigned char *buffer);
998 void ccs_print_ipv6(char *buffer, const int buffer_len,
999 const struct in6_addr *ip);
1000 void ccs_print_ulong(char *buffer, const int buffer_len,
1001 const unsigned long value, const u8 type);
1002 void ccs_put_name_union(struct ccs_name_union *ptr);
1003 void ccs_put_number_union(struct ccs_number_union *ptr);
1004 void ccs_read_audit_log(struct ccs_io_buffer *head);
1005 void ccs_read_memory_counter(struct ccs_io_buffer *head);
1006 void ccs_read_unlock(const int idx);
1007 void ccs_warn_log(struct ccs_request_info *r, const char *fmt, ...)
1008 __attribute__ ((format(printf, 2, 3)));
1009 void ccs_warn_oom(const char *function);
1010 void *ccs_commit_ok(void *data, const unsigned int size);
1011
1012 /* strcmp() for "struct ccs_path_info" structure. */
1013 static inline bool ccs_pathcmp(const struct ccs_path_info *a,
1014 const struct ccs_path_info *b)
1015 {
1016 return a->hash != b->hash || strcmp(a->name, b->name);
1017 }
1018
1019 static inline int ccs_memcmp(void *a, void *b, const size_t offset,
1020 const size_t size)
1021 {
1022 return memcmp(((char *) a) + offset, ((char *) b) + offset,
1023 size - offset);
1024 }
1025
1026 #define CCS_HASH_BITS 8
1027 #define CCS_MAX_HASH (1 << CCS_HASH_BITS)
1028
1029 extern struct mutex ccs_policy_lock;
1030 extern spinlock_t ccs_io_buffer_list_lock;
1031 extern struct list_head ccs_domain_list;
1032 extern struct list_head ccs_address_group_list;
1033 extern struct list_head ccs_globally_readable_list;
1034 extern struct list_head ccs_path_group_list;
1035 extern struct list_head ccs_number_group_list;
1036 extern struct list_head ccs_pattern_list;
1037 extern struct list_head ccs_no_rewrite_list;
1038 extern struct list_head ccs_globally_usable_env_list;
1039 extern struct list_head ccs_domain_initializer_list;
1040 extern struct list_head ccs_domain_keeper_list;
1041 extern struct list_head ccs_aggregator_list;
1042 extern struct list_head ccs_reservedport_list;
1043 extern struct list_head ccs_policy_manager_list;
1044 extern struct list_head ccs_address_list;
1045 extern struct list_head ccs_condition_list;
1046 extern struct list_head ccs_name_list[CCS_MAX_HASH];
1047 extern struct list_head ccs_io_buffer_list;
1048 extern wait_queue_head_t ccs_gc_queue;
1049 extern bool ccs_policy_loaded;
1050 extern struct ccs_domain_info ccs_kernel_domain;
1051
1052 extern const char *ccs_condition_keyword[CCS_MAX_CONDITION_KEYWORD];
1053
1054 extern unsigned int ccs_audit_log_memory_size;
1055 extern unsigned int ccs_quota_for_audit_log;
1056 extern unsigned int ccs_query_memory_size;
1057 extern unsigned int ccs_quota_for_query;
1058
1059 #include <linux/dcache.h>
1060
1061 #ifdef D_PATH_DISCONNECT
1062
1063 static inline void ccs_realpath_lock(void)
1064 {
1065 spin_lock(ccsecurity_exports.vfsmount_lock);
1066 spin_lock(&dcache_lock);
1067 }
1068 static inline void ccs_realpath_unlock(void)
1069 {
1070 spin_unlock(&dcache_lock);
1071 spin_unlock(ccsecurity_exports.vfsmount_lock);
1072 }
1073
1074 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 0)
1075
1076 static inline void ccs_realpath_lock(void)
1077 {
1078 spin_lock(&dcache_lock);
1079 spin_lock(ccsecurity_exports.vfsmount_lock);
1080 }
1081 static inline void ccs_realpath_unlock(void)
1082 {
1083 spin_unlock(ccsecurity_exports.vfsmount_lock);
1084 spin_unlock(&dcache_lock);
1085 }
1086
1087 #else
1088
1089 static inline void ccs_realpath_lock(void)
1090 {
1091 spin_lock(&dcache_lock);
1092 }
1093 static inline void ccs_realpath_unlock(void)
1094 {
1095 spin_unlock(&dcache_lock);
1096 }
1097
1098 #endif
1099
1100 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 18)
1101
1102 static inline void ccs_tasklist_lock(void)
1103 {
1104 rcu_read_lock();
1105 }
1106 static inline void ccs_tasklist_unlock(void)
1107 {
1108 rcu_read_unlock();
1109 }
1110
1111 #else
1112
1113 static inline void ccs_tasklist_lock(void)
1114 {
1115 read_lock(&tasklist_lock);
1116 }
1117 static inline void ccs_tasklist_unlock(void)
1118 {
1119 read_unlock(&tasklist_lock);
1120 }
1121
1122 #endif
1123
1124 static inline struct ccs_domain_info *ccs_task_domain(struct task_struct *task)
1125 {
1126 struct ccs_domain_info *domain = task->ccs_domain_info;
1127 return domain ? domain : &ccs_kernel_domain;
1128 }
1129
1130 static inline struct ccs_domain_info *ccs_current_domain(void)
1131 {
1132 struct task_struct *task = current;
1133 if (!task->ccs_domain_info)
1134 task->ccs_domain_info = &ccs_kernel_domain;
1135 return task->ccs_domain_info;
1136 }
1137
1138 static inline void ccs_add_domain_acl(struct ccs_domain_info *domain,
1139 struct ccs_acl_info *acl)
1140 {
1141 if (acl->cond)
1142 atomic_inc(&acl->cond->users);
1143 list_add_tail_rcu(&acl->list, &domain->acl_info_list);
1144 }
1145
1146 #if defined(CONFIG_SLOB)
1147 static inline int ccs_round2(size_t size)
1148 {
1149 return size;
1150 }
1151 #else
1152 static inline int ccs_round2(size_t size)
1153 {
1154 #if PAGE_SIZE == 4096
1155 size_t bsize = 32;
1156 #else
1157 size_t bsize = 64;
1158 #endif
1159 if (!size)
1160 return 0;
1161 while (size > bsize)
1162 bsize <<= 1;
1163 return bsize;
1164 }
1165 #endif
1166
1167 static inline void ccs_put_path_group(struct ccs_path_group *group)
1168 {
1169 if (group)
1170 atomic_dec(&group->users);
1171 }
1172
1173 static inline void ccs_put_number_group(struct ccs_number_group *group)
1174 {
1175 if (group)
1176 atomic_dec(&group->users);
1177 }
1178
1179 static inline void ccs_put_address_group(struct ccs_address_group *group)
1180 {
1181 if (group)
1182 atomic_dec(&group->users);
1183 }
1184
1185 static inline void ccs_put_ipv6_address(const struct in6_addr *addr)
1186 {
1187 if (addr) {
1188 struct ccs_ipv6addr_entry *ptr =
1189 container_of(addr, struct ccs_ipv6addr_entry, addr);
1190 atomic_dec(&ptr->users);
1191 }
1192 }
1193
1194 static inline void ccs_put_condition(struct ccs_condition *cond)
1195 {
1196 if (cond)
1197 atomic_dec(&cond->users);
1198 }
1199
1200 static inline void ccs_put_name(const struct ccs_path_info *name)
1201 {
1202 if (name) {
1203 struct ccs_name_entry *ptr =
1204 container_of(name, struct ccs_name_entry, entry);
1205 atomic_dec(&ptr->users);
1206 }
1207 }
1208
1209 #ifndef __GFP_HIGHIO
1210 #define __GFP_HIGHIO 0
1211 #endif
1212 #ifndef __GFP_NOWARN
1213 #define __GFP_NOWARN 0
1214 #endif
1215 #ifndef __GFP_NORETRY
1216 #define __GFP_NORETRY 0
1217 #endif
1218 #ifndef __GFP_NOMEMALLOC
1219 #define __GFP_NOMEMALLOC 0
1220 #endif
1221
1222 #define CCS_GFP_FLAGS (__GFP_WAIT | __GFP_IO | __GFP_HIGHIO | __GFP_NOWARN | \
1223 __GFP_NORETRY | __GFP_NOMEMALLOC)
1224
1225 #endif
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ