52 |
/************************* VARIABLES *************************/ |
/************************* VARIABLES *************************/ |
53 |
|
|
54 |
/* /sbin/init started? */ |
/* /sbin/init started? */ |
55 |
int sbin_init_started = 0; |
bool sbin_init_started = 0; |
56 |
|
|
57 |
const char *ccs_log_level = KERN_DEBUG; |
const char *ccs_log_level = KERN_DEBUG; |
58 |
|
|
131 |
* Check whether the given filename follows the naming rules. |
* Check whether the given filename follows the naming rules. |
132 |
* Returns nonzero if follows, zero otherwise. |
* Returns nonzero if follows, zero otherwise. |
133 |
*/ |
*/ |
134 |
bool IsCorrectPath(const char *filename, const int start_type, const int pattern_type, const int end_type, const char *function) |
bool IsCorrectPath(const char *filename, const s8 start_type, const s8 pattern_type, const s8 end_type, const char *function) |
135 |
{ |
{ |
136 |
int contains_pattern = 0; |
int contains_pattern = 0; |
137 |
char c, d, e; |
char c, d, e; |
503 |
/************************* DOMAIN POLICY HANDLER *************************/ |
/************************* DOMAIN POLICY HANDLER *************************/ |
504 |
|
|
505 |
/* Check whether the given access control is enabled. */ |
/* Check whether the given access control is enabled. */ |
506 |
unsigned int CheckCCSFlags(const unsigned int index) |
unsigned int CheckCCSFlags(const u8 index) |
507 |
{ |
{ |
508 |
const u8 profile = current->domain_info->profile; |
const u8 profile = current->domain_info->profile; |
509 |
return sbin_init_started && index < CCS_MAX_CONTROL_INDEX |
return sbin_init_started && index < CCS_MAX_CONTROL_INDEX |
919 |
while (bit < TOMOYO_MAX_CAPABILITY_INDEX) { |
while (bit < TOMOYO_MAX_CAPABILITY_INDEX) { |
920 |
if (capability & (1 << bit)) { |
if (capability & (1 << bit)) { |
921 |
pos = head->read_avail; |
pos = head->read_avail; |
922 |
if (io_printf(head, KEYWORD_ALLOW_CAPABILITY "%s", capability2keyword(bit)) || |
if (io_printf(head, KEYWORD_ALLOW_CAPABILITY "%s", cap_operation2keyword(bit)) || |
923 |
DumpCondition(head, ptr->cond)) { |
DumpCondition(head, ptr->cond)) { |
924 |
head->read_bit = bit; |
head->read_bit = bit; |
925 |
head->read_avail = pos; |
head->read_avail = pos; |
931 |
head->read_bit = 0; |
head->read_bit = 0; |
932 |
} else if (acl_type == TYPE_IP_NETWORK_ACL) { |
} else if (acl_type == TYPE_IP_NETWORK_ACL) { |
933 |
struct ip_network_acl_record *ptr2 = container_of(ptr, struct ip_network_acl_record, head); |
struct ip_network_acl_record *ptr2 = container_of(ptr, struct ip_network_acl_record, head); |
934 |
if (io_printf(head, KEYWORD_ALLOW_NETWORK "%s ", network2keyword(ptr2->operation_type))) goto print_acl_rollback; |
if (io_printf(head, KEYWORD_ALLOW_NETWORK "%s ", net_operation2keyword(ptr2->operation_type))) goto print_acl_rollback; |
935 |
switch (ptr2->record_type) { |
switch (ptr2->record_type) { |
936 |
case IP_RECORD_TYPE_ADDRESS_GROUP: |
case IP_RECORD_TYPE_ADDRESS_GROUP: |
937 |
if (io_printf(head, "@%s", ptr2->u.group->group_name->name)) goto print_acl_rollback; |
if (io_printf(head, "@%s", ptr2->u.group->group_name->name)) goto print_acl_rollback; |
1071 |
} else if (strncmp(data, KEYWORD_ALLOW_ENV, KEYWORD_ALLOW_ENV_LEN) == 0) { |
} else if (strncmp(data, KEYWORD_ALLOW_ENV, KEYWORD_ALLOW_ENV_LEN) == 0) { |
1072 |
return AddGloballyUsableEnvPolicy(data + KEYWORD_ALLOW_ENV_LEN, is_delete); |
return AddGloballyUsableEnvPolicy(data + KEYWORD_ALLOW_ENV_LEN, is_delete); |
1073 |
} else if (strncmp(data, KEYWORD_FILE_PATTERN, KEYWORD_FILE_PATTERN_LEN) == 0) { |
} else if (strncmp(data, KEYWORD_FILE_PATTERN, KEYWORD_FILE_PATTERN_LEN) == 0) { |
1074 |
return AddPatternPolicy(data + KEYWORD_FILE_PATTERN_LEN, is_delete); |
return AddFilePatternPolicy(data + KEYWORD_FILE_PATTERN_LEN, is_delete); |
1075 |
} else if (strncmp(data, KEYWORD_PATH_GROUP, KEYWORD_PATH_GROUP_LEN) == 0) { |
} else if (strncmp(data, KEYWORD_PATH_GROUP, KEYWORD_PATH_GROUP_LEN) == 0) { |
1076 |
return AddPathGroupPolicy(data + KEYWORD_PATH_GROUP_LEN, is_delete); |
return AddPathGroupPolicy(data + KEYWORD_PATH_GROUP_LEN, is_delete); |
1077 |
} else if (strncmp(data, KEYWORD_DENY_REWRITE, KEYWORD_DENY_REWRITE_LEN) == 0) { |
} else if (strncmp(data, KEYWORD_DENY_REWRITE, KEYWORD_DENY_REWRITE_LEN) == 0) { |
1108 |
if (ReadAggregatorPolicy(head)) break; |
if (ReadAggregatorPolicy(head)) break; |
1109 |
head->read_var2 = NULL; head->read_step = 7; |
head->read_var2 = NULL; head->read_step = 7; |
1110 |
case 7: |
case 7: |
1111 |
if (ReadPatternPolicy(head)) break; |
if (ReadFilePatternPolicy(head)) break; |
1112 |
head->read_var2 = NULL; head->read_step = 8; |
head->read_var2 = NULL; head->read_step = 8; |
1113 |
case 8: |
case 8: |
1114 |
if (ReadNoRewritePolicy(head)) break; |
if (ReadNoRewritePolicy(head)) break; |
1246 |
} |
} |
1247 |
} |
} |
1248 |
#ifdef CONFIG_SAKURA |
#ifdef CONFIG_SAKURA |
1249 |
printk("SAKURA: 1.5.3-pre 2007/12/18\n"); |
printk("SAKURA: 1.5.3-pre 2008/01/02\n"); |
1250 |
#endif |
#endif |
1251 |
#ifdef CONFIG_TOMOYO |
#ifdef CONFIG_TOMOYO |
1252 |
printk("TOMOYO: 1.5.3-pre 2008/01/02\n"); |
printk("TOMOYO: 1.5.3-pre 2008/01/02\n"); |
1524 |
return 0; |
return 0; |
1525 |
} |
} |
1526 |
|
|
1527 |
int CCS_OpenControl(const int type, struct file *file) |
int CCS_OpenControl(const u8 type, struct file *file) |
1528 |
{ |
{ |
1529 |
struct io_buffer *head = ccs_alloc(sizeof(*head)); |
struct io_buffer *head = ccs_alloc(sizeof(*head)); |
1530 |
if (!head) return -ENOMEM; |
if (!head) return -ENOMEM; |