オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.7.x/ccs-patch/security/ccsecurity/util.c

Diff of /trunk/1.7.x/ccs-patch/security/ccsecurity/util.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 2039 by kumaneko, Wed Jan 7 04:42:05 2009 UTC revision 2040 by kumaneko, Wed Jan 7 04:54:30 2009 UTC
# Line 56  static const int ccs_lookup_flags = LOOK Line 56  static const int ccs_lookup_flags = LOOK
56  #endif  #endif
57    
58  /* Has /sbin/init started? */  /* Has /sbin/init started? */
59  bool ccs_sbin_init_started;  bool ccs_policy_loaded;
60    
61  /* Log level for SAKURA's printk(). */  /* Log level for SAKURA's printk(). */
62  const char *ccs_log_level = KERN_DEBUG;  const char *ccs_log_level = KERN_DEBUG;
# Line 707  static bool ccs_file_matches_pattern(con Line 707  static bool ccs_file_matches_pattern(con
707                  if (*pattern++ != '\\' || *pattern++ != '-')                  if (*pattern++ != '\\' || *pattern++ != '-')
708                          continue;                          continue;
709                  result = ccs_file_matches_pattern2(filename, filename_end,                  result = ccs_file_matches_pattern2(filename, filename_end,
710                                                     pattern_start,                                                     pattern_start, pattern - 2);
                                                    pattern - 2);  
711                  if (first)                  if (first)
712                          result = !result;                          result = !result;
713                  if (result)                  if (result)
# Line 771  bool ccs_path_matches_pattern(const stru Line 770  bool ccs_path_matches_pattern(const stru
770                          f_delimiter = f + strlen(f);                          f_delimiter = f + strlen(f);
771                  if (!p_delimiter)                  if (!p_delimiter)
772                          p_delimiter = p + strlen(p);                          p_delimiter = p + strlen(p);
773                  if (!ccs_file_matches_pattern(f, f_delimiter,                  if (!ccs_file_matches_pattern(f, f_delimiter, p, p_delimiter))
                                               p, p_delimiter))  
774                          return false;                          return false;
775                  f = f_delimiter;                  f = f_delimiter;
776                  if (*f)                  if (*f)
# Line 897  unsigned int ccs_check_flags(const struc Line 895  unsigned int ccs_check_flags(const struc
895          if (!domain)          if (!domain)
896                  domain = current->domain_info;                  domain = current->domain_info;
897          profile = domain->profile;          profile = domain->profile;
898          return ccs_sbin_init_started && index < CCS_MAX_CONTROL_INDEX          return ccs_policy_loaded && index < CCS_MAX_CONTROL_INDEX
899  #if MAX_PROFILES != 256  #if MAX_PROFILES != 256
900                  && profile < MAX_PROFILES                  && profile < MAX_PROFILES
901  #endif  #endif
# Line 919  static u8 ccs_check_capability_flags(con Line 917  static u8 ccs_check_capability_flags(con
917  {  {
918          const u8 profile = domain ? domain->profile :          const u8 profile = domain ? domain->profile :
919                  current->domain_info->profile;                  current->domain_info->profile;
920          return ccs_sbin_init_started && index < TOMOYO_MAX_CAPABILITY_INDEX          return ccs_policy_loaded && index < TOMOYO_MAX_CAPABILITY_INDEX
921  #if MAX_PROFILES != 256  #if MAX_PROFILES != 256
922                  && profile < MAX_PROFILES                  && profile < MAX_PROFILES
923  #endif  #endif
# Line 1401  static bool ccs_is_policy_manager(void) Line 1399  static bool ccs_is_policy_manager(void)
1399          struct task_struct *task = current;          struct task_struct *task = current;
1400          const struct ccs_path_info *domainname = task->domain_info->domainname;          const struct ccs_path_info *domainname = task->domain_info->domainname;
1401          bool found = false;          bool found = false;
1402          if (!ccs_sbin_init_started)          if (!ccs_policy_loaded)
1403                  return true;                  return true;
1404          if (task->tomoyo_flags & CCS_TASK_IS_POLICY_MANAGER)          if (task->tomoyo_flags & CCS_TASK_IS_POLICY_MANAGER)
1405                  return true;                  return true;
# Line 1571  static int ccs_write_domain_policy(struc Line 1569  static int ccs_write_domain_policy(struc
1569    
1570          if (sscanf(data, KEYWORD_USE_PROFILE "%u", &profile) == 1          if (sscanf(data, KEYWORD_USE_PROFILE "%u", &profile) == 1
1571              && profile < MAX_PROFILES) {              && profile < MAX_PROFILES) {
1572                  if (ccs_profile_ptr[profile] || !ccs_sbin_init_started)                  if (ccs_profile_ptr[profile] || !ccs_policy_loaded)
1573                          domain->profile = (u8) profile;                          domain->profile = (u8) profile;
1574                  return 0;                  return 0;
1575          }          }
# Line 2099  static int ccs_write_domain_profile(stru Line 2097  static int ccs_write_domain_profile(stru
2097          domain = ccs_find_domain(cp + 1);          domain = ccs_find_domain(cp + 1);
2098          profile = simple_strtoul(data, NULL, 10);          profile = simple_strtoul(data, NULL, 10);
2099          if (domain && profile < MAX_PROFILES          if (domain && profile < MAX_PROFILES
2100              && (ccs_profile_ptr[profile] || !ccs_sbin_init_started))              && (ccs_profile_ptr[profile] || !ccs_policy_loaded))
2101                  domain->profile = (u8) profile;                  domain->profile = (u8) profile;
2102          ccs_update_counter(CCS_UPDATES_COUNTER_DOMAIN_POLICY);          ccs_update_counter(CCS_UPDATES_COUNTER_DOMAIN_POLICY);
2103          return 0;          return 0;
# Line 2482  static int ccs_run_loader(void *unused) Line 2480  static int ccs_run_loader(void *unused)
2480   */   */
2481  void ccs_load_policy(const char *filename)  void ccs_load_policy(const char *filename)
2482  {  {
2483          if (ccs_sbin_init_started)          if (ccs_policy_loaded)
2484                  return;                  return;
2485          /*          /*
2486           * Check filename is /sbin/init or /sbin/ccs-start.           * Check filename is /sbin/init or /sbin/ccs-start.
# Line 2554  void ccs_load_policy(const char *filenam Line 2552  void ccs_load_policy(const char *filenam
2552          printk(KERN_INFO "TOMOYO: 1.6.6-pre   2009/01/05\n");          printk(KERN_INFO "TOMOYO: 1.6.6-pre   2009/01/05\n");
2553  #endif  #endif
2554          printk(KERN_INFO "Mandatory Access Control activated.\n");          printk(KERN_INFO "Mandatory Access Control activated.\n");
2555          ccs_sbin_init_started = true;          ccs_policy_loaded = true;
2556          ccs_log_level = KERN_WARNING;          ccs_log_level = KERN_WARNING;
2557          { /* Check all profiles currently assigned to domains are defined. */          { /* Check all profiles currently assigned to domains are defined. */
2558                  struct domain_info *domain;                  struct domain_info *domain;
Legend:
Removed from v.2039  
changed lines
  Added in v.2040
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ