34 |
const unsigned int max_value; |
const unsigned int max_value; |
35 |
} ccs_control_array[CCS_MAX_CONTROL_INDEX] = { |
} ccs_control_array[CCS_MAX_CONTROL_INDEX] = { |
36 |
[CCS_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, |
[CCS_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, |
37 |
|
[CCS_AUTOLEARN_EXEC_REALPATH] = { "AUTOLEARN_EXEC_REALPATH", 0, 1 }, |
38 |
|
[CCS_AUTOLEARN_EXEC_ARGV0] = { "AUTOLEARN_EXEC_ARGV0", 0, 1 }, |
39 |
[CCS_MAC_FOR_IOCTL] = { "MAC_FOR_IOCTL", 0, 3 }, |
[CCS_MAC_FOR_IOCTL] = { "MAC_FOR_IOCTL", 0, 3 }, |
40 |
[CCS_MAC_FOR_FILEATTR] = { "MAC_FOR_FILEATTR", 0, 3 }, |
[CCS_MAC_FOR_FILEATTR] = { "MAC_FOR_FILEATTR", 0, 3 }, |
|
[CCS_MAC_FOR_ARGV0] = { "MAC_FOR_ARGV0", 0, 3 }, |
|
41 |
[CCS_MAC_FOR_ENV] = { "MAC_FOR_ENV", 0, 3 }, |
[CCS_MAC_FOR_ENV] = { "MAC_FOR_ENV", 0, 3 }, |
42 |
[CCS_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 }, |
[CCS_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 }, |
43 |
[CCS_MAC_FOR_SIGNAL] = { "MAC_FOR_SIGNAL", 0, 3 }, |
[CCS_MAC_FOR_SIGNAL] = { "MAC_FOR_SIGNAL", 0, 3 }, |
211 |
int j; |
int j; |
212 |
const char **modes; |
const char **modes; |
213 |
switch (i) { |
switch (i) { |
214 |
|
case CCS_AUTOLEARN_EXEC_REALPATH: |
215 |
|
case CCS_AUTOLEARN_EXEC_ARGV0: |
216 |
case CCS_RESTRICT_AUTOBIND: |
case CCS_RESTRICT_AUTOBIND: |
217 |
case CCS_VERBOSE: |
case CCS_VERBOSE: |
218 |
modes = ccs_mode_2; |
modes = ccs_mode_2; |
620 |
error = ccs_write_network_policy(data, domain, cond, is_delete); |
error = ccs_write_network_policy(data, domain, cond, is_delete); |
621 |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_SIGNAL)) |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_SIGNAL)) |
622 |
error = ccs_write_signal_policy(data, domain, cond, is_delete); |
error = ccs_write_signal_policy(data, domain, cond, is_delete); |
|
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ARGV0)) |
|
|
error = ccs_write_argv0_policy(data, domain, cond, is_delete); |
|
623 |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV)) |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV)) |
624 |
error = ccs_write_env_policy(data, domain, cond, is_delete); |
error = ccs_write_env_policy(data, domain, cond, is_delete); |
625 |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_MOUNT)) |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_MOUNT)) |
841 |
} |
} |
842 |
|
|
843 |
/** |
/** |
|
* ccs_print_argv0_acl - Print an argv[0] ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to "struct ccs_argv0_acl_record". |
|
|
* @cond: Pointer to "struct ccs_condition". May be NULL. |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_argv0_acl(struct ccs_io_buffer *head, |
|
|
struct ccs_argv0_acl_record *ptr, |
|
|
const struct ccs_condition *cond) |
|
|
{ |
|
|
int pos = head->read_avail; |
|
|
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_ARGV0 "%s %s", |
|
|
ptr->filename->name, ptr->argv0->name)) |
|
|
goto out; |
|
|
if (!ccs_print_condition(head, cond)) |
|
|
goto out; |
|
|
return true; |
|
|
out: |
|
|
head->read_avail = pos; |
|
|
return false; |
|
|
} |
|
|
|
|
|
/** |
|
844 |
* ccs_print_env_acl - Print an evironment variable name's ACL entry. |
* ccs_print_env_acl - Print an evironment variable name's ACL entry. |
845 |
* |
* |
846 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
1173 |
head); |
head); |
1174 |
return ccs_print_path_number_acl(head, acl, cond); |
return ccs_print_path_number_acl(head, acl, cond); |
1175 |
} |
} |
|
if (acl_type == CCS_TYPE_ARGV0_ACL) { |
|
|
struct ccs_argv0_acl_record *acl |
|
|
= container_of(ptr, struct ccs_argv0_acl_record, head); |
|
|
return ccs_print_argv0_acl(head, acl, cond); |
|
|
} |
|
1176 |
if (acl_type == CCS_TYPE_ENV_ACL) { |
if (acl_type == CCS_TYPE_ENV_ACL) { |
1177 |
struct ccs_env_acl_record *acl |
struct ccs_env_acl_record *acl |
1178 |
= container_of(ptr, struct ccs_env_acl_record, head); |
= container_of(ptr, struct ccs_env_acl_record, head); |