| 52 |
/************************* VARIABLES *************************/ |
/************************* VARIABLES *************************/ |
| 53 |
|
|
| 54 |
/* /sbin/init started? */ |
/* /sbin/init started? */ |
| 55 |
int sbin_init_started = 0; |
bool sbin_init_started = 0; |
| 56 |
|
|
| 57 |
const char *ccs_log_level = KERN_DEBUG; |
const char *ccs_log_level = KERN_DEBUG; |
| 58 |
|
|
| 131 |
* Check whether the given filename follows the naming rules. |
* Check whether the given filename follows the naming rules. |
| 132 |
* Returns nonzero if follows, zero otherwise. |
* Returns nonzero if follows, zero otherwise. |
| 133 |
*/ |
*/ |
| 134 |
bool IsCorrectPath(const char *filename, const int start_type, const int pattern_type, const int end_type, const char *function) |
bool IsCorrectPath(const char *filename, const s8 start_type, const s8 pattern_type, const s8 end_type, const char *function) |
| 135 |
{ |
{ |
| 136 |
int contains_pattern = 0; |
int contains_pattern = 0; |
| 137 |
char c, d, e; |
char c, d, e; |
| 503 |
/************************* DOMAIN POLICY HANDLER *************************/ |
/************************* DOMAIN POLICY HANDLER *************************/ |
| 504 |
|
|
| 505 |
/* Check whether the given access control is enabled. */ |
/* Check whether the given access control is enabled. */ |
| 506 |
unsigned int CheckCCSFlags(const unsigned int index) |
unsigned int CheckCCSFlags(const u8 index) |
| 507 |
{ |
{ |
| 508 |
const u8 profile = current->domain_info->profile; |
const u8 profile = current->domain_info->profile; |
| 509 |
return sbin_init_started && index < CCS_MAX_CONTROL_INDEX |
return sbin_init_started && index < CCS_MAX_CONTROL_INDEX |
| 919 |
while (bit < TOMOYO_MAX_CAPABILITY_INDEX) { |
while (bit < TOMOYO_MAX_CAPABILITY_INDEX) { |
| 920 |
if (capability & (1 << bit)) { |
if (capability & (1 << bit)) { |
| 921 |
pos = head->read_avail; |
pos = head->read_avail; |
| 922 |
if (io_printf(head, KEYWORD_ALLOW_CAPABILITY "%s", capability2keyword(bit)) || |
if (io_printf(head, KEYWORD_ALLOW_CAPABILITY "%s", cap_operation2keyword(bit)) || |
| 923 |
DumpCondition(head, ptr->cond)) { |
DumpCondition(head, ptr->cond)) { |
| 924 |
head->read_bit = bit; |
head->read_bit = bit; |
| 925 |
head->read_avail = pos; |
head->read_avail = pos; |
| 931 |
head->read_bit = 0; |
head->read_bit = 0; |
| 932 |
} else if (acl_type == TYPE_IP_NETWORK_ACL) { |
} else if (acl_type == TYPE_IP_NETWORK_ACL) { |
| 933 |
struct ip_network_acl_record *ptr2 = container_of(ptr, struct ip_network_acl_record, head); |
struct ip_network_acl_record *ptr2 = container_of(ptr, struct ip_network_acl_record, head); |
| 934 |
if (io_printf(head, KEYWORD_ALLOW_NETWORK "%s ", network2keyword(ptr2->operation_type))) goto print_acl_rollback; |
if (io_printf(head, KEYWORD_ALLOW_NETWORK "%s ", net_operation2keyword(ptr2->operation_type))) goto print_acl_rollback; |
| 935 |
switch (ptr2->record_type) { |
switch (ptr2->record_type) { |
| 936 |
case IP_RECORD_TYPE_ADDRESS_GROUP: |
case IP_RECORD_TYPE_ADDRESS_GROUP: |
| 937 |
if (io_printf(head, "@%s", ptr2->u.group->group_name->name)) goto print_acl_rollback; |
if (io_printf(head, "@%s", ptr2->u.group->group_name->name)) goto print_acl_rollback; |
| 1071 |
} else if (strncmp(data, KEYWORD_ALLOW_ENV, KEYWORD_ALLOW_ENV_LEN) == 0) { |
} else if (strncmp(data, KEYWORD_ALLOW_ENV, KEYWORD_ALLOW_ENV_LEN) == 0) { |
| 1072 |
return AddGloballyUsableEnvPolicy(data + KEYWORD_ALLOW_ENV_LEN, is_delete); |
return AddGloballyUsableEnvPolicy(data + KEYWORD_ALLOW_ENV_LEN, is_delete); |
| 1073 |
} else if (strncmp(data, KEYWORD_FILE_PATTERN, KEYWORD_FILE_PATTERN_LEN) == 0) { |
} else if (strncmp(data, KEYWORD_FILE_PATTERN, KEYWORD_FILE_PATTERN_LEN) == 0) { |
| 1074 |
return AddPatternPolicy(data + KEYWORD_FILE_PATTERN_LEN, is_delete); |
return AddFilePatternPolicy(data + KEYWORD_FILE_PATTERN_LEN, is_delete); |
| 1075 |
} else if (strncmp(data, KEYWORD_PATH_GROUP, KEYWORD_PATH_GROUP_LEN) == 0) { |
} else if (strncmp(data, KEYWORD_PATH_GROUP, KEYWORD_PATH_GROUP_LEN) == 0) { |
| 1076 |
return AddPathGroupPolicy(data + KEYWORD_PATH_GROUP_LEN, is_delete); |
return AddPathGroupPolicy(data + KEYWORD_PATH_GROUP_LEN, is_delete); |
| 1077 |
} else if (strncmp(data, KEYWORD_DENY_REWRITE, KEYWORD_DENY_REWRITE_LEN) == 0) { |
} else if (strncmp(data, KEYWORD_DENY_REWRITE, KEYWORD_DENY_REWRITE_LEN) == 0) { |
| 1108 |
if (ReadAggregatorPolicy(head)) break; |
if (ReadAggregatorPolicy(head)) break; |
| 1109 |
head->read_var2 = NULL; head->read_step = 7; |
head->read_var2 = NULL; head->read_step = 7; |
| 1110 |
case 7: |
case 7: |
| 1111 |
if (ReadPatternPolicy(head)) break; |
if (ReadFilePatternPolicy(head)) break; |
| 1112 |
head->read_var2 = NULL; head->read_step = 8; |
head->read_var2 = NULL; head->read_step = 8; |
| 1113 |
case 8: |
case 8: |
| 1114 |
if (ReadNoRewritePolicy(head)) break; |
if (ReadNoRewritePolicy(head)) break; |
| 1246 |
} |
} |
| 1247 |
} |
} |
| 1248 |
#ifdef CONFIG_SAKURA |
#ifdef CONFIG_SAKURA |
| 1249 |
printk("SAKURA: 1.5.3-pre 2007/12/18\n"); |
printk("SAKURA: 1.5.3-pre 2008/01/02\n"); |
| 1250 |
#endif |
#endif |
| 1251 |
#ifdef CONFIG_TOMOYO |
#ifdef CONFIG_TOMOYO |
| 1252 |
printk("TOMOYO: 1.5.3-pre 2008/01/02\n"); |
printk("TOMOYO: 1.5.3-pre 2008/01/02\n"); |
| 1524 |
return 0; |
return 0; |
| 1525 |
} |
} |
| 1526 |
|
|
| 1527 |
int CCS_OpenControl(const int type, struct file *file) |
int CCS_OpenControl(const u8 type, struct file *file) |
| 1528 |
{ |
{ |
| 1529 |
struct io_buffer *head = ccs_alloc(sizeof(*head)); |
struct io_buffer *head = ccs_alloc(sizeof(*head)); |
| 1530 |
if (!head) return -ENOMEM; |
if (!head) return -ENOMEM; |
TOMOYO
Parent Directory
Revision Log
Patch