| 1432 |
} |
} |
| 1433 |
|
|
| 1434 |
/** |
/** |
| 1435 |
|
* is_select_one - Parse select command. |
| 1436 |
|
* |
| 1437 |
|
* @head: Pointer to "struct ccs_io_buffer". |
| 1438 |
|
* @data: String to parse. |
| 1439 |
|
* |
| 1440 |
|
* Returns true on success, false otherwise. |
| 1441 |
|
*/ |
| 1442 |
|
static bool is_select_one(struct ccs_io_buffer *head, const char *data) |
| 1443 |
|
{ |
| 1444 |
|
unsigned int pid; |
| 1445 |
|
struct domain_info *domain = NULL; |
| 1446 |
|
if (sscanf(data, "pid=%u", &pid) == 1) { |
| 1447 |
|
struct task_struct *p; |
| 1448 |
|
/***** CRITICAL SECTION START *****/ |
| 1449 |
|
read_lock(&tasklist_lock); |
| 1450 |
|
p = find_task_by_pid(pid); |
| 1451 |
|
if (p) |
| 1452 |
|
domain = p->domain_info; |
| 1453 |
|
read_unlock(&tasklist_lock); |
| 1454 |
|
/***** CRITICAL SECTION END *****/ |
| 1455 |
|
} else if (!strncmp(data, "domain=", 7)) { |
| 1456 |
|
if (ccs_is_domain_def(data + 7)) |
| 1457 |
|
domain = ccs_find_domain(data + 7); |
| 1458 |
|
} else |
| 1459 |
|
return false; |
| 1460 |
|
head->read_avail = 0; |
| 1461 |
|
ccs_io_printf(head, "# select %s\n", data); |
| 1462 |
|
head->read_single_domain = true; |
| 1463 |
|
head->read_eof = !domain; |
| 1464 |
|
if (domain) { |
| 1465 |
|
struct domain_info *d; |
| 1466 |
|
head->read_var1 = NULL; |
| 1467 |
|
list1_for_each_entry(d, &domain_list, list) { |
| 1468 |
|
if (d == domain) |
| 1469 |
|
break; |
| 1470 |
|
head->read_var1 = &d->list; |
| 1471 |
|
} |
| 1472 |
|
head->read_var2 = NULL; |
| 1473 |
|
head->read_bit = 0; |
| 1474 |
|
head->read_step = 0; |
| 1475 |
|
if (domain->is_deleted) |
| 1476 |
|
ccs_io_printf(head, "# This is a deleted domain.\n"); |
| 1477 |
|
} |
| 1478 |
|
head->write_var1 = domain; |
| 1479 |
|
return true; |
| 1480 |
|
} |
| 1481 |
|
|
| 1482 |
|
/** |
| 1483 |
* write_domain_policy - Write domain policy. |
* write_domain_policy - Write domain policy. |
| 1484 |
* |
* |
| 1485 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 1502 |
is_select = true; |
is_select = true; |
| 1503 |
else if (str_starts(&data, KEYWORD_UNDELETE)) |
else if (str_starts(&data, KEYWORD_UNDELETE)) |
| 1504 |
is_undelete = true; |
is_undelete = true; |
| 1505 |
if (is_select) { |
if (is_select && is_select_one(head, data)) |
| 1506 |
/* Read or update specified PID's domain ACL? */ |
return 0; |
|
unsigned int pid; |
|
|
if (sscanf(data, "%u", &pid) == 1) { |
|
|
struct task_struct *p; |
|
|
struct domain_info *domain = NULL; |
|
|
/***** CRITICAL SECTION START *****/ |
|
|
read_lock(&tasklist_lock); |
|
|
p = find_task_by_pid(pid); |
|
|
if (p) |
|
|
domain = p->domain_info; |
|
|
read_unlock(&tasklist_lock); |
|
|
/***** CRITICAL SECTION END *****/ |
|
|
head->read_avail = 0; |
|
|
head->read_single_domain = true; |
|
|
head->read_eof = !domain; |
|
|
if (domain) { |
|
|
struct domain_info *d; |
|
|
head->read_var1 = NULL; |
|
|
list1_for_each_entry(d, &domain_list, list) { |
|
|
if (d == domain) |
|
|
break; |
|
|
head->read_var1 = &d->list; |
|
|
} |
|
|
head->read_var2 = NULL; |
|
|
head->read_bit = 0; |
|
|
head->read_step = 0; |
|
|
} |
|
|
head->write_var1 = domain; |
|
|
return 0; |
|
|
} |
|
|
} |
|
| 1507 |
/* Don't allow updating policies by non manager programs. */ |
/* Don't allow updating policies by non manager programs. */ |
| 1508 |
if (!is_policy_manager()) |
if (!is_policy_manager()) |
| 1509 |
return -EPERM; |
return -EPERM; |
| 1969 |
head->read_step = 1; |
head->read_step = 1; |
| 1970 |
list1_for_each_cookie(dpos, head->read_var1, &domain_list) { |
list1_for_each_cookie(dpos, head->read_var1, &domain_list) { |
| 1971 |
struct domain_info *domain; |
struct domain_info *domain; |
|
const char *domain_status = ""; |
|
| 1972 |
const char *quota_exceeded = ""; |
const char *quota_exceeded = ""; |
| 1973 |
const char *transition_failed = ""; |
const char *transition_failed = ""; |
| 1974 |
const char *ignore_global_allow_read = ""; |
const char *ignore_global_allow_read = ""; |
| 1976 |
domain = list1_entry(dpos, struct domain_info, list); |
domain = list1_entry(dpos, struct domain_info, list); |
| 1977 |
if (head->read_step != 1) |
if (head->read_step != 1) |
| 1978 |
goto acl_loop; |
goto acl_loop; |
| 1979 |
if (head->read_single_domain) { |
if (domain->is_deleted && !head->read_single_domain) |
| 1980 |
if (domain->is_deleted) |
continue; |
|
domain_status = "# This is a deleted domain.\n"; |
|
|
else |
|
|
domain_status = "#\n"; |
|
|
} else { |
|
|
if (domain->is_deleted) |
|
|
continue; |
|
|
} |
|
| 1981 |
/* Print domainname and flags. */ |
/* Print domainname and flags. */ |
| 1982 |
if (domain->quota_warned) |
if (domain->quota_warned) |
| 1983 |
quota_exceeded = "quota_exceeded\n"; |
quota_exceeded = "quota_exceeded\n"; |
| 1989 |
if (domain->flags & DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_ENV) |
if (domain->flags & DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_ENV) |
| 1990 |
ignore_global_allow_env |
ignore_global_allow_env |
| 1991 |
= KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "\n"; |
= KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "\n"; |
| 1992 |
if (!ccs_io_printf(head, "%s%s\n" KEYWORD_USE_PROFILE "%u\n" |
if (!ccs_io_printf(head, "%s\n" KEYWORD_USE_PROFILE "%u\n" |
| 1993 |
"%s%s%s%s\n", domain_status, |
"%s%s%s%s\n", domain->domainname->name, |
| 1994 |
domain->domainname->name, domain->profile, |
domain->profile, quota_exceeded, |
| 1995 |
quota_exceeded, transition_failed, |
transition_failed, |
| 1996 |
ignore_global_allow_read, |
ignore_global_allow_read, |
| 1997 |
ignore_global_allow_env)) |
ignore_global_allow_env)) |
| 1998 |
return 0; |
return 0; |
TOMOYO
Parent Directory
Revision Log
Patch