Diff of /trunk/1.7.x/ccs-patch/security/ccsecurity/policy_io.c

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/trunk/1.7.x/ccs-patch/security/ccsecurity/policy_io.c




Diff of /trunk/1.7.x/ccs-patch/security/ccsecurity/policy_io.c



 Parent Directory

|  Revision Log



|  Patch














revision 2892 by kumaneko,
Tue Aug 11 02:02:02 2009 UTC




revision 2893 by kumaneko,
Tue Aug 11 04:11:19 2009 UTC






#

Line 34 
 static struct {


Line 34 
 static struct {












34
         const unsigned int max_value;
         const unsigned int max_value;

















35
 } ccs_control_array[CCS_MAX_CONTROL_INDEX] = {
 } ccs_control_array[CCS_MAX_CONTROL_INDEX] = {

















36
         [CCS_MAC_FOR_FILE]        = { "MAC_FOR_FILE",        0, 3 },
         [CCS_MAC_FOR_FILE]        = { "MAC_FOR_FILE",        0, 3 },












37
 
         [CCS_AUTOLEARN_EXEC_REALPATH] = { "AUTOLEARN_EXEC_REALPATH", 0, 1 },







38
 
         [CCS_AUTOLEARN_EXEC_ARGV0] = { "AUTOLEARN_EXEC_ARGV0", 0, 1 },












39
         [CCS_MAC_FOR_IOCTL]       = { "MAC_FOR_IOCTL",       0, 3 },
         [CCS_MAC_FOR_IOCTL]       = { "MAC_FOR_IOCTL",       0, 3 },

















40
         [CCS_MAC_FOR_FILEATTR]    = { "MAC_FOR_FILEATTR",    0, 3 },
         [CCS_MAC_FOR_FILEATTR]    = { "MAC_FOR_FILEATTR",    0, 3 },














         [CCS_MAC_FOR_ARGV0]       = { "MAC_FOR_ARGV0",       0, 3 },
 













41
         [CCS_MAC_FOR_ENV]         = { "MAC_FOR_ENV",         0, 3 },
         [CCS_MAC_FOR_ENV]         = { "MAC_FOR_ENV",         0, 3 },

















42
         [CCS_MAC_FOR_NETWORK]     = { "MAC_FOR_NETWORK",     0, 3 },
         [CCS_MAC_FOR_NETWORK]     = { "MAC_FOR_NETWORK",     0, 3 },

















43
         [CCS_MAC_FOR_SIGNAL]      = { "MAC_FOR_SIGNAL",      0, 3 },
         [CCS_MAC_FOR_SIGNAL]      = { "MAC_FOR_SIGNAL",      0, 3 },











#

Line 210 
 static int ccs_write_profile(struct ccs_


Line 211 
 static int ccs_write_profile(struct ccs_












211
                         int j;
                         int j;

















212
                         const char **modes;
                         const char **modes;

















213
                         switch (i) {
                         switch (i) {












214
 
                         case CCS_AUTOLEARN_EXEC_REALPATH:







215
 
                         case CCS_AUTOLEARN_EXEC_ARGV0:












216
                         case CCS_RESTRICT_AUTOBIND:
                         case CCS_RESTRICT_AUTOBIND:

















217
                         case CCS_VERBOSE:
                         case CCS_VERBOSE:

















218
                                 modes = ccs_mode_2;
                                 modes = ccs_mode_2;











#

Line 617 
 static int ccs_write_domain_policy(struc


Line 620 
 static int ccs_write_domain_policy(struc












620
                 error = ccs_write_network_policy(data, domain, cond, is_delete);
                 error = ccs_write_network_policy(data, domain, cond, is_delete);

















621
         else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_SIGNAL))
         else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_SIGNAL))

















622
                 error = ccs_write_signal_policy(data, domain, cond, is_delete);
                 error = ccs_write_signal_policy(data, domain, cond, is_delete);














         else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ARGV0))
 










                 error = ccs_write_argv0_policy(data, domain, cond, is_delete);
 













623
         else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV))
         else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV))

















624
                 error = ccs_write_env_policy(data, domain, cond, is_delete);
                 error = ccs_write_env_policy(data, domain, cond, is_delete);

















625
         else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_MOUNT))
         else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_MOUNT))











#

Line 840 
 static bool ccs_print_path_number_acl(st


Line 841 
 static bool ccs_print_path_number_acl(st












841
 }
 }

















842
 
 

















843
 /**
 /**














  * ccs_print_argv0_acl - Print an argv[0] ACL entry.
 










  *
 










  * @head: Pointer to "struct ccs_io_buffer".
 










  * @ptr:  Pointer to "struct ccs_argv0_acl_record".
 










  * @cond: Pointer to "struct ccs_condition". May be NULL.
 










  *
 










  * Returns true on success, false otherwise.
 










  */
 










 static bool ccs_print_argv0_acl(struct ccs_io_buffer *head,
 










                                 struct ccs_argv0_acl_record *ptr,
 










                                 const struct ccs_condition *cond)
 










 {
 










         int pos = head->read_avail;
 










         if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_ARGV0 "%s %s",
 










                            ptr->filename->name, ptr->argv0->name))
 










                 goto out;
 










         if (!ccs_print_condition(head, cond))
 










                 goto out;
 










         return true;
 










  out:
 










         head->read_avail = pos;
 










         return false;
 










 }
 










 
 










 /**
 













844
  * ccs_print_env_acl - Print an evironment variable name's ACL entry.
  * ccs_print_env_acl - Print an evironment variable name's ACL entry.

















845
  *
  *

















846
  * @head: Pointer to "struct ccs_io_buffer".
  * @head: Pointer to "struct ccs_io_buffer".











#

Line 1197 
 static bool ccs_print_entry(struct ccs_i


Line 1173 
 static bool ccs_print_entry(struct ccs_i












1173
                                        head);
                                        head);

















1174
                 return ccs_print_path_number_acl(head, acl, cond);
                 return ccs_print_path_number_acl(head, acl, cond);

















1175
         }
         }














         if (acl_type == CCS_TYPE_ARGV0_ACL) {
 










                 struct ccs_argv0_acl_record *acl
 










                         = container_of(ptr, struct ccs_argv0_acl_record, head);
 










                 return ccs_print_argv0_acl(head, acl, cond);
 










         }
 













1176
         if (acl_type == CCS_TYPE_ENV_ACL) {
         if (acl_type == CCS_TYPE_ENV_ACL) {

















1177
                 struct ccs_env_acl_record *acl
                 struct ccs_env_acl_record *acl

















1178
                         = container_of(ptr, struct ccs_env_acl_record, head);
                         = container_of(ptr, struct ccs_env_acl_record, head);





























Legend:



Removed from v.2892
 


changed lines


 
Added in v.2893













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/trunk/1.7.x/ccs-patch/security/ccsecurity/policy_io.c
-revision 2892 by kumaneko,
Tue Aug 11 02:02:02 2009 UTC
+revision 2893 by kumaneko,
Tue Aug 11 04:11:19 2009 UTC
 Line 34 
 static struct {
          const unsigned int max_value;
  } ccs_control_array[CCS_MAX_CONTROL_INDEX] = {
          [CCS_MAC_FOR_FILE]        = { "MAC_FOR_FILE",        0, 3 },
+         [CCS_AUTOLEARN_EXEC_REALPATH] = { "AUTOLEARN_EXEC_REALPATH", 0, 1 },
+         [CCS_AUTOLEARN_EXEC_ARGV0] = { "AUTOLEARN_EXEC_ARGV0", 0, 1 },
          [CCS_MAC_FOR_IOCTL]       = { "MAC_FOR_IOCTL",       0, 3 },
          [CCS_MAC_FOR_FILEATTR]    = { "MAC_FOR_FILEATTR",    0, 3 },
-         [CCS_MAC_FOR_ARGV0]       = { "MAC_FOR_ARGV0",       0, 3 },
          [CCS_MAC_FOR_ENV]         = { "MAC_FOR_ENV",         0, 3 },
          [CCS_MAC_FOR_NETWORK]     = { "MAC_FOR_NETWORK",     0, 3 },
          [CCS_MAC_FOR_SIGNAL]      = { "MAC_FOR_SIGNAL",      0, 3 },
-Line 210 
 static int ccs_write_profile(struct ccs_
+Line 211 
 static int ccs_write_profile(struct ccs_
                          int j;
                          const char **modes;
                          switch (i) {
+                         case CCS_AUTOLEARN_EXEC_REALPATH:
+                         case CCS_AUTOLEARN_EXEC_ARGV0:
                          case CCS_RESTRICT_AUTOBIND:
                          case CCS_VERBOSE:
                                  modes = ccs_mode_2;
-Line 617 
 static int ccs_write_domain_policy(struc
+Line 620 
 static int ccs_write_domain_policy(struc
                  error = ccs_write_network_policy(data, domain, cond, is_delete);
          else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_SIGNAL))
                  error = ccs_write_signal_policy(data, domain, cond, is_delete);
-         else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ARGV0))
-                 error = ccs_write_argv0_policy(data, domain, cond, is_delete);
          else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV))
                  error = ccs_write_env_policy(data, domain, cond, is_delete);
          else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_MOUNT))
-Line 840 
 static bool ccs_print_path_number_acl(st
+Line 841 
 static bool ccs_print_path_number_acl(st
  }
  /**
-  * ccs_print_argv0_acl - Print an argv[0] ACL entry.
-  *
-  * @head: Pointer to "struct ccs_io_buffer".
-  * @ptr:  Pointer to "struct ccs_argv0_acl_record".
-  * @cond: Pointer to "struct ccs_condition". May be NULL.
-  *
-  * Returns true on success, false otherwise.
-  */
- static bool ccs_print_argv0_acl(struct ccs_io_buffer *head,
-                                 struct ccs_argv0_acl_record *ptr,
-                                 const struct ccs_condition *cond)
- {
-         int pos = head->read_avail;
-         if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_ARGV0 "%s %s",
-                            ptr->filename->name, ptr->argv0->name))
-                 goto out;
-         if (!ccs_print_condition(head, cond))
-                 goto out;
-         return true;
-  out:
-         head->read_avail = pos;
-         return false;
- }
- /**
   * ccs_print_env_acl - Print an evironment variable name's ACL entry.
   *
   * @head: Pointer to "struct ccs_io_buffer".
-Line 1197 
 static bool ccs_print_entry(struct ccs_i
+Line 1173 
 static bool ccs_print_entry(struct ccs_i
                                         head);
                  return ccs_print_path_number_acl(head, acl, cond);
          }
-         if (acl_type == CCS_TYPE_ARGV0_ACL) {
-                 struct ccs_argv0_acl_record *acl
-                         = container_of(ptr, struct ccs_argv0_acl_record, head);
-                 return ccs_print_argv0_acl(head, acl, cond);
-         }
          if (acl_type == CCS_TYPE_ENV_ACL) {
                  struct ccs_env_acl_record *acl
                          = container_of(ptr, struct ccs_env_acl_record, head);
 Legend:



Removed from v.2892
 


changed lines


 
Added in v.2893
 Legend:



Removed from v.2892
 


changed lines


 
Added in v.2893
-Removed from v.2892
+Added in v.2893
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照