56 |
#endif |
#endif |
57 |
|
|
58 |
/* Has /sbin/init started? */ |
/* Has /sbin/init started? */ |
59 |
bool ccs_sbin_init_started; |
bool ccs_policy_loaded; |
60 |
|
|
61 |
/* Log level for SAKURA's printk(). */ |
/* Log level for SAKURA's printk(). */ |
62 |
const char *ccs_log_level = KERN_DEBUG; |
const char *ccs_log_level = KERN_DEBUG; |
707 |
if (*pattern++ != '\\' || *pattern++ != '-') |
if (*pattern++ != '\\' || *pattern++ != '-') |
708 |
continue; |
continue; |
709 |
result = ccs_file_matches_pattern2(filename, filename_end, |
result = ccs_file_matches_pattern2(filename, filename_end, |
710 |
pattern_start, |
pattern_start, pattern - 2); |
|
pattern - 2); |
|
711 |
if (first) |
if (first) |
712 |
result = !result; |
result = !result; |
713 |
if (result) |
if (result) |
770 |
f_delimiter = f + strlen(f); |
f_delimiter = f + strlen(f); |
771 |
if (!p_delimiter) |
if (!p_delimiter) |
772 |
p_delimiter = p + strlen(p); |
p_delimiter = p + strlen(p); |
773 |
if (!ccs_file_matches_pattern(f, f_delimiter, |
if (!ccs_file_matches_pattern(f, f_delimiter, p, p_delimiter)) |
|
p, p_delimiter)) |
|
774 |
return false; |
return false; |
775 |
f = f_delimiter; |
f = f_delimiter; |
776 |
if (*f) |
if (*f) |
895 |
if (!domain) |
if (!domain) |
896 |
domain = current->domain_info; |
domain = current->domain_info; |
897 |
profile = domain->profile; |
profile = domain->profile; |
898 |
return ccs_sbin_init_started && index < CCS_MAX_CONTROL_INDEX |
return ccs_policy_loaded && index < CCS_MAX_CONTROL_INDEX |
899 |
#if MAX_PROFILES != 256 |
#if MAX_PROFILES != 256 |
900 |
&& profile < MAX_PROFILES |
&& profile < MAX_PROFILES |
901 |
#endif |
#endif |
917 |
{ |
{ |
918 |
const u8 profile = domain ? domain->profile : |
const u8 profile = domain ? domain->profile : |
919 |
current->domain_info->profile; |
current->domain_info->profile; |
920 |
return ccs_sbin_init_started && index < TOMOYO_MAX_CAPABILITY_INDEX |
return ccs_policy_loaded && index < TOMOYO_MAX_CAPABILITY_INDEX |
921 |
#if MAX_PROFILES != 256 |
#if MAX_PROFILES != 256 |
922 |
&& profile < MAX_PROFILES |
&& profile < MAX_PROFILES |
923 |
#endif |
#endif |
1399 |
struct task_struct *task = current; |
struct task_struct *task = current; |
1400 |
const struct ccs_path_info *domainname = task->domain_info->domainname; |
const struct ccs_path_info *domainname = task->domain_info->domainname; |
1401 |
bool found = false; |
bool found = false; |
1402 |
if (!ccs_sbin_init_started) |
if (!ccs_policy_loaded) |
1403 |
return true; |
return true; |
1404 |
if (task->tomoyo_flags & CCS_TASK_IS_POLICY_MANAGER) |
if (task->tomoyo_flags & CCS_TASK_IS_POLICY_MANAGER) |
1405 |
return true; |
return true; |
1569 |
|
|
1570 |
if (sscanf(data, KEYWORD_USE_PROFILE "%u", &profile) == 1 |
if (sscanf(data, KEYWORD_USE_PROFILE "%u", &profile) == 1 |
1571 |
&& profile < MAX_PROFILES) { |
&& profile < MAX_PROFILES) { |
1572 |
if (ccs_profile_ptr[profile] || !ccs_sbin_init_started) |
if (ccs_profile_ptr[profile] || !ccs_policy_loaded) |
1573 |
domain->profile = (u8) profile; |
domain->profile = (u8) profile; |
1574 |
return 0; |
return 0; |
1575 |
} |
} |
2097 |
domain = ccs_find_domain(cp + 1); |
domain = ccs_find_domain(cp + 1); |
2098 |
profile = simple_strtoul(data, NULL, 10); |
profile = simple_strtoul(data, NULL, 10); |
2099 |
if (domain && profile < MAX_PROFILES |
if (domain && profile < MAX_PROFILES |
2100 |
&& (ccs_profile_ptr[profile] || !ccs_sbin_init_started)) |
&& (ccs_profile_ptr[profile] || !ccs_policy_loaded)) |
2101 |
domain->profile = (u8) profile; |
domain->profile = (u8) profile; |
2102 |
ccs_update_counter(CCS_UPDATES_COUNTER_DOMAIN_POLICY); |
ccs_update_counter(CCS_UPDATES_COUNTER_DOMAIN_POLICY); |
2103 |
return 0; |
return 0; |
2480 |
*/ |
*/ |
2481 |
void ccs_load_policy(const char *filename) |
void ccs_load_policy(const char *filename) |
2482 |
{ |
{ |
2483 |
if (ccs_sbin_init_started) |
if (ccs_policy_loaded) |
2484 |
return; |
return; |
2485 |
/* |
/* |
2486 |
* Check filename is /sbin/init or /sbin/ccs-start. |
* Check filename is /sbin/init or /sbin/ccs-start. |
2552 |
printk(KERN_INFO "TOMOYO: 1.6.6-pre 2009/01/05\n"); |
printk(KERN_INFO "TOMOYO: 1.6.6-pre 2009/01/05\n"); |
2553 |
#endif |
#endif |
2554 |
printk(KERN_INFO "Mandatory Access Control activated.\n"); |
printk(KERN_INFO "Mandatory Access Control activated.\n"); |
2555 |
ccs_sbin_init_started = true; |
ccs_policy_loaded = true; |
2556 |
ccs_log_level = KERN_WARNING; |
ccs_log_level = KERN_WARNING; |
2557 |
{ /* Check all profiles currently assigned to domains are defined. */ |
{ /* Check all profiles currently assigned to domains are defined. */ |
2558 |
struct domain_info *domain; |
struct domain_info *domain; |