1432 |
} |
} |
1433 |
|
|
1434 |
/** |
/** |
1435 |
|
* is_select_one - Parse select command. |
1436 |
|
* |
1437 |
|
* @head: Pointer to "struct ccs_io_buffer". |
1438 |
|
* @data: String to parse. |
1439 |
|
* |
1440 |
|
* Returns true on success, false otherwise. |
1441 |
|
*/ |
1442 |
|
static bool is_select_one(struct ccs_io_buffer *head, const char *data) |
1443 |
|
{ |
1444 |
|
unsigned int pid; |
1445 |
|
struct domain_info *domain = NULL; |
1446 |
|
if (sscanf(data, "pid=%u", &pid) == 1) { |
1447 |
|
struct task_struct *p; |
1448 |
|
/***** CRITICAL SECTION START *****/ |
1449 |
|
read_lock(&tasklist_lock); |
1450 |
|
p = find_task_by_pid(pid); |
1451 |
|
if (p) |
1452 |
|
domain = p->domain_info; |
1453 |
|
read_unlock(&tasklist_lock); |
1454 |
|
/***** CRITICAL SECTION END *****/ |
1455 |
|
} else if (!strncmp(data, "domain=", 7)) { |
1456 |
|
if (ccs_is_domain_def(data + 7)) |
1457 |
|
domain = ccs_find_domain(data + 7); |
1458 |
|
} else |
1459 |
|
return false; |
1460 |
|
head->read_avail = 0; |
1461 |
|
ccs_io_printf(head, "# select %s\n", data); |
1462 |
|
head->read_single_domain = true; |
1463 |
|
head->read_eof = !domain; |
1464 |
|
if (domain) { |
1465 |
|
struct domain_info *d; |
1466 |
|
head->read_var1 = NULL; |
1467 |
|
list1_for_each_entry(d, &domain_list, list) { |
1468 |
|
if (d == domain) |
1469 |
|
break; |
1470 |
|
head->read_var1 = &d->list; |
1471 |
|
} |
1472 |
|
head->read_var2 = NULL; |
1473 |
|
head->read_bit = 0; |
1474 |
|
head->read_step = 0; |
1475 |
|
if (domain->is_deleted) |
1476 |
|
ccs_io_printf(head, "# This is a deleted domain.\n"); |
1477 |
|
} |
1478 |
|
head->write_var1 = domain; |
1479 |
|
return true; |
1480 |
|
} |
1481 |
|
|
1482 |
|
/** |
1483 |
* write_domain_policy - Write domain policy. |
* write_domain_policy - Write domain policy. |
1484 |
* |
* |
1485 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
1502 |
is_select = true; |
is_select = true; |
1503 |
else if (str_starts(&data, KEYWORD_UNDELETE)) |
else if (str_starts(&data, KEYWORD_UNDELETE)) |
1504 |
is_undelete = true; |
is_undelete = true; |
1505 |
if (is_select) { |
if (is_select && is_select_one(head, data)) |
1506 |
/* Read or update specified PID's domain ACL? */ |
return 0; |
|
unsigned int pid; |
|
|
if (sscanf(data, "%u", &pid) == 1) { |
|
|
struct task_struct *p; |
|
|
struct domain_info *domain = NULL; |
|
|
/***** CRITICAL SECTION START *****/ |
|
|
read_lock(&tasklist_lock); |
|
|
p = find_task_by_pid(pid); |
|
|
if (p) |
|
|
domain = p->domain_info; |
|
|
read_unlock(&tasklist_lock); |
|
|
/***** CRITICAL SECTION END *****/ |
|
|
head->read_avail = 0; |
|
|
head->read_single_domain = true; |
|
|
head->read_eof = !domain; |
|
|
if (domain) { |
|
|
struct domain_info *d; |
|
|
head->read_var1 = NULL; |
|
|
list1_for_each_entry(d, &domain_list, list) { |
|
|
if (d == domain) |
|
|
break; |
|
|
head->read_var1 = &d->list; |
|
|
} |
|
|
head->read_var2 = NULL; |
|
|
head->read_bit = 0; |
|
|
head->read_step = 0; |
|
|
} |
|
|
head->write_var1 = domain; |
|
|
return 0; |
|
|
} |
|
|
} |
|
1507 |
/* Don't allow updating policies by non manager programs. */ |
/* Don't allow updating policies by non manager programs. */ |
1508 |
if (!is_policy_manager()) |
if (!is_policy_manager()) |
1509 |
return -EPERM; |
return -EPERM; |
1969 |
head->read_step = 1; |
head->read_step = 1; |
1970 |
list1_for_each_cookie(dpos, head->read_var1, &domain_list) { |
list1_for_each_cookie(dpos, head->read_var1, &domain_list) { |
1971 |
struct domain_info *domain; |
struct domain_info *domain; |
|
const char *domain_status = ""; |
|
1972 |
const char *quota_exceeded = ""; |
const char *quota_exceeded = ""; |
1973 |
const char *transition_failed = ""; |
const char *transition_failed = ""; |
1974 |
const char *ignore_global_allow_read = ""; |
const char *ignore_global_allow_read = ""; |
1976 |
domain = list1_entry(dpos, struct domain_info, list); |
domain = list1_entry(dpos, struct domain_info, list); |
1977 |
if (head->read_step != 1) |
if (head->read_step != 1) |
1978 |
goto acl_loop; |
goto acl_loop; |
1979 |
if (head->read_single_domain) { |
if (domain->is_deleted && !head->read_single_domain) |
1980 |
if (domain->is_deleted) |
continue; |
|
domain_status = "# This is a deleted domain.\n"; |
|
|
else |
|
|
domain_status = "#\n"; |
|
|
} else { |
|
|
if (domain->is_deleted) |
|
|
continue; |
|
|
} |
|
1981 |
/* Print domainname and flags. */ |
/* Print domainname and flags. */ |
1982 |
if (domain->quota_warned) |
if (domain->quota_warned) |
1983 |
quota_exceeded = "quota_exceeded\n"; |
quota_exceeded = "quota_exceeded\n"; |
1989 |
if (domain->flags & DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_ENV) |
if (domain->flags & DOMAIN_FLAGS_IGNORE_GLOBAL_ALLOW_ENV) |
1990 |
ignore_global_allow_env |
ignore_global_allow_env |
1991 |
= KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "\n"; |
= KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "\n"; |
1992 |
if (!ccs_io_printf(head, "%s%s\n" KEYWORD_USE_PROFILE "%u\n" |
if (!ccs_io_printf(head, "%s\n" KEYWORD_USE_PROFILE "%u\n" |
1993 |
"%s%s%s%s\n", domain_status, |
"%s%s%s%s\n", domain->domainname->name, |
1994 |
domain->domainname->name, domain->profile, |
domain->profile, quota_exceeded, |
1995 |
quota_exceeded, transition_failed, |
transition_failed, |
1996 |
ignore_global_allow_read, |
ignore_global_allow_read, |
1997 |
ignore_global_allow_env)) |
ignore_global_allow_env)) |
1998 |
return 0; |
return 0; |