3 |
* |
* |
4 |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
5 |
* |
* |
6 |
* Version: 1.7.0-pre 2009/07/03 |
* Version: 1.7.0-pre 2009/08/08 |
7 |
* |
* |
8 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
9 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
34 |
const unsigned int max_value; |
const unsigned int max_value; |
35 |
} ccs_control_array[CCS_MAX_CONTROL_INDEX] = { |
} ccs_control_array[CCS_MAX_CONTROL_INDEX] = { |
36 |
[CCS_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, |
[CCS_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, |
37 |
|
[CCS_AUTOLEARN_EXEC_REALPATH] = { "AUTOLEARN_EXEC_REALPATH", 0, 1 }, |
38 |
|
[CCS_AUTOLEARN_EXEC_ARGV0] = { "AUTOLEARN_EXEC_ARGV0", 0, 1 }, |
39 |
[CCS_MAC_FOR_IOCTL] = { "MAC_FOR_IOCTL", 0, 3 }, |
[CCS_MAC_FOR_IOCTL] = { "MAC_FOR_IOCTL", 0, 3 }, |
40 |
[CCS_MAC_FOR_ARGV0] = { "MAC_FOR_ARGV0", 0, 3 }, |
[CCS_MAC_FOR_FILEATTR] = { "MAC_FOR_FILEATTR", 0, 3 }, |
41 |
[CCS_MAC_FOR_ENV] = { "MAC_FOR_ENV", 0, 3 }, |
[CCS_MAC_FOR_ENV] = { "MAC_FOR_ENV", 0, 3 }, |
42 |
[CCS_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 }, |
[CCS_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 }, |
43 |
[CCS_MAC_FOR_SIGNAL] = { "MAC_FOR_SIGNAL", 0, 3 }, |
[CCS_MAC_FOR_SIGNAL] = { "MAC_FOR_SIGNAL", 0, 3 }, |
108 |
* |
* |
109 |
* Returns pointer to "struct ccs_profile" on success, NULL otherwise. |
* Returns pointer to "struct ccs_profile" on success, NULL otherwise. |
110 |
*/ |
*/ |
111 |
struct ccs_profile *ccs_find_or_assign_new_profile(const unsigned int |
static struct ccs_profile *ccs_find_or_assign_new_profile(const unsigned int |
112 |
profile) |
profile) |
113 |
{ |
{ |
114 |
struct ccs_profile *ptr; |
struct ccs_profile *ptr; |
115 |
struct ccs_profile *entry; |
struct ccs_profile *entry; |
116 |
int i; |
int i; |
117 |
if (profile >= MAX_PROFILES) |
if (profile >= CCS_MAX_PROFILES) |
118 |
return NULL; |
return NULL; |
119 |
ptr = ccs_profile_ptr[profile]; |
ptr = ccs_profile_ptr[profile]; |
120 |
if (ptr) |
if (ptr) |
181 |
ccs_profile_entry_used[0] = true; |
ccs_profile_entry_used[0] = true; |
182 |
return 0; |
return 0; |
183 |
} |
} |
184 |
if (ccs_str_starts(&data, KEYWORD_MAC_FOR_CAPABILITY)) { |
if (ccs_str_starts(&data, CCS_KEYWORD_MAC_FOR_CAPABILITY)) { |
185 |
if (sscanf(cp + 1, "%u", &value) != 1) { |
if (sscanf(cp + 1, "%u", &value) != 1) { |
186 |
for (i = 0; i < 4; i++) { |
for (i = 0; i < 4; i++) { |
187 |
if (strcmp(cp + 1, ccs_mode_4[i])) |
if (strcmp(cp + 1, ccs_mode_4[i])) |
211 |
int j; |
int j; |
212 |
const char **modes; |
const char **modes; |
213 |
switch (i) { |
switch (i) { |
214 |
|
case CCS_AUTOLEARN_EXEC_REALPATH: |
215 |
|
case CCS_AUTOLEARN_EXEC_ARGV0: |
216 |
case CCS_RESTRICT_AUTOBIND: |
case CCS_RESTRICT_AUTOBIND: |
217 |
case CCS_VERBOSE: |
case CCS_VERBOSE: |
218 |
modes = ccs_mode_2; |
modes = ccs_mode_2; |
253 |
int step; |
int step; |
254 |
if (head->read_eof) |
if (head->read_eof) |
255 |
return 0; |
return 0; |
256 |
for (step = head->read_step; step < MAX_PROFILES * ccs_total; step++) { |
for (step = head->read_step; step < CCS_MAX_PROFILES * ccs_total; |
257 |
|
step++) { |
258 |
const u8 index = step / ccs_total; |
const u8 index = step / ccs_total; |
259 |
u8 type = step % ccs_total; |
u8 type = step % ccs_total; |
260 |
const struct ccs_profile *ccs_profile = ccs_profile_ptr[index]; |
const struct ccs_profile *ccs_profile = ccs_profile_ptr[index]; |
281 |
const int i = type - CCS_MAX_CONTROL_INDEX; |
const int i = type - CCS_MAX_CONTROL_INDEX; |
282 |
const u8 value = ccs_profile->capability_value[i]; |
const u8 value = ccs_profile->capability_value[i]; |
283 |
if (!ccs_io_printf(head, |
if (!ccs_io_printf(head, |
284 |
"%u-" KEYWORD_MAC_FOR_CAPABILITY |
"%u-" CCS_KEYWORD_MAC_FOR_CAPABILITY |
285 |
"%s=%s\n", index, |
"%s=%s\n", index, |
286 |
ccs_capability_control_keyword[i], |
ccs_capability_control_keyword[i], |
287 |
ccs_mode_4[value])) |
ccs_mode_4[value])) |
309 |
} |
} |
310 |
} |
} |
311 |
} |
} |
312 |
if (step == MAX_PROFILES * ccs_total) |
if (step == CCS_MAX_PROFILES * ccs_total) |
313 |
head->read_eof = true; |
head->read_eof = true; |
314 |
return 0; |
return 0; |
315 |
} |
} |
377 |
static int ccs_write_manager_policy(struct ccs_io_buffer *head) |
static int ccs_write_manager_policy(struct ccs_io_buffer *head) |
378 |
{ |
{ |
379 |
char *data = head->write_buf; |
char *data = head->write_buf; |
380 |
bool is_delete = ccs_str_starts(&data, KEYWORD_DELETE); |
bool is_delete = ccs_str_starts(&data, CCS_KEYWORD_DELETE); |
381 |
if (!strcmp(data, "manage_by_non_root")) { |
if (!strcmp(data, "manage_by_non_root")) { |
382 |
ccs_manage_by_non_root = !is_delete; |
ccs_manage_by_non_root = !is_delete; |
383 |
return 0; |
return 0; |
570 |
struct ccs_condition *cond = NULL; |
struct ccs_condition *cond = NULL; |
571 |
char *cp; |
char *cp; |
572 |
int error; |
int error; |
573 |
if (ccs_str_starts(&data, KEYWORD_DELETE)) |
if (ccs_str_starts(&data, CCS_KEYWORD_DELETE)) |
574 |
is_delete = true; |
is_delete = true; |
575 |
else if (ccs_str_starts(&data, KEYWORD_SELECT)) |
else if (ccs_str_starts(&data, CCS_KEYWORD_SELECT)) |
576 |
is_select = true; |
is_select = true; |
577 |
if (is_select && ccs_is_select_one(head, data)) |
if (is_select && ccs_is_select_one(head, data)) |
578 |
return 0; |
return 0; |
593 |
if (!domain) |
if (!domain) |
594 |
return -EINVAL; |
return -EINVAL; |
595 |
|
|
596 |
if (sscanf(data, KEYWORD_USE_PROFILE "%u", &profile) == 1 |
if (sscanf(data, CCS_KEYWORD_USE_PROFILE "%u", &profile) == 1 |
597 |
&& profile < MAX_PROFILES) { |
&& profile < CCS_MAX_PROFILES) { |
598 |
if (ccs_profile_ptr[profile] || !ccs_policy_loaded) |
if (ccs_profile_ptr[profile] || !ccs_policy_loaded) |
599 |
domain->profile = (u8) profile; |
domain->profile = (u8) profile; |
600 |
return 0; |
return 0; |
601 |
} |
} |
602 |
if (!strcmp(data, KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) { |
if (!strcmp(data, CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_READ)) { |
603 |
domain->ignore_global_allow_read = !is_delete; |
domain->ignore_global_allow_read = !is_delete; |
604 |
return 0; |
return 0; |
605 |
} |
} |
606 |
if (!strcmp(data, KEYWORD_IGNORE_GLOBAL_ALLOW_ENV)) { |
if (!strcmp(data, CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_ENV)) { |
607 |
domain->ignore_global_allow_env = !is_delete; |
domain->ignore_global_allow_env = !is_delete; |
608 |
return 0; |
return 0; |
609 |
} |
} |
613 |
if (!cond) |
if (!cond) |
614 |
return -EINVAL; |
return -EINVAL; |
615 |
} |
} |
616 |
if (ccs_str_starts(&data, KEYWORD_ALLOW_CAPABILITY)) |
if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_CAPABILITY)) |
617 |
error = ccs_write_capability_policy(data, domain, cond, |
error = ccs_write_capability_policy(data, domain, cond, |
618 |
is_delete); |
is_delete); |
619 |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_NETWORK)) |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_NETWORK)) |
620 |
error = ccs_write_network_policy(data, domain, cond, is_delete); |
error = ccs_write_network_policy(data, domain, cond, is_delete); |
621 |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_SIGNAL)) |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_SIGNAL)) |
622 |
error = ccs_write_signal_policy(data, domain, cond, is_delete); |
error = ccs_write_signal_policy(data, domain, cond, is_delete); |
623 |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_ARGV0)) |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV)) |
|
error = ccs_write_argv0_policy(data, domain, cond, is_delete); |
|
|
else if (ccs_str_starts(&data, KEYWORD_ALLOW_ENV)) |
|
624 |
error = ccs_write_env_policy(data, domain, cond, is_delete); |
error = ccs_write_env_policy(data, domain, cond, is_delete); |
625 |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_IOCTL)) |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_MOUNT)) |
|
error = ccs_write_ioctl_policy(data, domain, cond, is_delete); |
|
|
else if (ccs_str_starts(&data, KEYWORD_ALLOW_MOUNT)) |
|
626 |
error = ccs_write_mount_policy(data, domain, cond, is_delete); |
error = ccs_write_mount_policy(data, domain, cond, is_delete); |
627 |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_UNMOUNT)) |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_UNMOUNT)) |
628 |
error = ccs_write_umount_policy(data, domain, cond, is_delete); |
error = ccs_write_umount_policy(data, domain, cond, is_delete); |
629 |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_CHROOT)) |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_CHROOT)) |
630 |
error = ccs_write_chroot_policy(data, domain, cond, is_delete); |
error = ccs_write_chroot_policy(data, domain, cond, is_delete); |
631 |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_PIVOT_ROOT)) |
else if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_PIVOT_ROOT)) |
632 |
error = ccs_write_pivot_root_policy(data, domain, cond, |
error = ccs_write_pivot_root_policy(data, domain, cond, |
633 |
is_delete); |
is_delete); |
634 |
else |
else |
638 |
return error; |
return error; |
639 |
} |
} |
640 |
|
|
641 |
static bool ccs_print_name_union(struct ccs_io_buffer *head, bool is_group, |
static bool ccs_print_name_union(struct ccs_io_buffer *head, |
642 |
union ccs_name_union *group) |
const struct ccs_name_union *ptr) |
643 |
{ |
{ |
644 |
const int pos = head->read_avail; |
int pos = head->read_avail; |
645 |
if (pos && head->read_buf[pos - 1] == ' ') |
if (pos && head->read_buf[pos - 1] == ' ') |
646 |
head->read_avail--; |
head->read_avail--; |
647 |
if (is_group) |
if (ptr->is_group) |
648 |
return ccs_io_printf(head, " @%s", group->group->group_name->name); |
return ccs_io_printf(head, " @%s", |
649 |
return ccs_io_printf(head, " %s", group->filename->name); |
ptr->group->group_name->name); |
650 |
} |
return ccs_io_printf(head, " %s", ptr->filename->name); |
651 |
|
} |
652 |
static bool ccs_print_number_union(struct ccs_io_buffer *head, bool is_group, |
|
653 |
union ccs_number_union *group) |
static bool ccs_print_name_union_quoted(struct ccs_io_buffer *head, |
654 |
{ |
const struct ccs_name_union *ptr) |
655 |
unsigned int min; |
{ |
656 |
unsigned int max; |
if (ptr->is_group) |
657 |
if (is_group) |
return ccs_io_printf(head, "@%s", |
658 |
return ccs_io_printf(head, " @%s", group->group->group_name->name); |
ptr->group->group_name->name); |
659 |
min = group->value.min; |
return ccs_io_printf(head, "\"%s\"", ptr->filename->name); |
660 |
max = group->value.max; |
} |
661 |
if (min == max) |
|
662 |
return ccs_io_printf(head, " %u", min); |
static bool ccs_print_number_union_common(struct ccs_io_buffer *head, |
663 |
return ccs_io_printf(head, " %u-%u", min, max); |
const struct ccs_number_union *ptr, |
664 |
|
const bool need_space) |
665 |
|
{ |
666 |
|
unsigned long min; |
667 |
|
unsigned long max; |
668 |
|
u8 min_type; |
669 |
|
u8 max_type; |
670 |
|
if (need_space && !ccs_io_printf(head, " ")) |
671 |
|
return false; |
672 |
|
if (ptr->is_group) |
673 |
|
return ccs_io_printf(head, "@%s", |
674 |
|
ptr->group->group_name->name); |
675 |
|
min_type = ptr->min_type; |
676 |
|
max_type = ptr->max_type; |
677 |
|
min = ptr->values[0]; |
678 |
|
max = ptr->values[1]; |
679 |
|
switch (min_type) { |
680 |
|
case CCS_VALUE_TYPE_HEXADECIMAL: |
681 |
|
if (!ccs_io_printf(head, "0x%lX", min)) |
682 |
|
return false; |
683 |
|
break; |
684 |
|
case CCS_VALUE_TYPE_OCTAL: |
685 |
|
if (!ccs_io_printf(head, "0%lo", min)) |
686 |
|
return false; |
687 |
|
break; |
688 |
|
default: |
689 |
|
if (!ccs_io_printf(head, "%lu", min)) |
690 |
|
return false; |
691 |
|
break; |
692 |
|
} |
693 |
|
if (min == max && min_type == max_type) |
694 |
|
return true; |
695 |
|
switch (max_type) { |
696 |
|
case CCS_VALUE_TYPE_HEXADECIMAL: |
697 |
|
return ccs_io_printf(head, "-0x%lX", max); |
698 |
|
case CCS_VALUE_TYPE_OCTAL: |
699 |
|
return ccs_io_printf(head, "-0%lo", max); |
700 |
|
default: |
701 |
|
return ccs_io_printf(head, "-%lu", max); |
702 |
|
} |
703 |
|
} |
704 |
|
|
705 |
|
static bool ccs_print_number_union(struct ccs_io_buffer *head, |
706 |
|
const struct ccs_number_union *ptr) |
707 |
|
{ |
708 |
|
return ccs_print_number_union_common(head, ptr, true); |
709 |
|
} |
710 |
|
|
711 |
|
static bool ccs_print_number_union_nospace(struct ccs_io_buffer *head, |
712 |
|
const struct ccs_number_union *ptr) |
713 |
|
{ |
714 |
|
return ccs_print_number_union_common(head, ptr, false); |
715 |
|
} |
716 |
|
|
717 |
|
/** |
718 |
|
* ccs_print_condition - Print condition part. |
719 |
|
* |
720 |
|
* @head: Pointer to "struct ccs_io_buffer". |
721 |
|
* @cond: Pointer to "struct ccs_condition". May be NULL. |
722 |
|
* |
723 |
|
* Returns true on success, false otherwise. |
724 |
|
*/ |
725 |
|
static bool ccs_print_condition(struct ccs_io_buffer *head, |
726 |
|
const struct ccs_condition *cond) |
727 |
|
{ |
728 |
|
const struct ccs_condition_element *condp; |
729 |
|
const struct ccs_number_union *numbers_p; |
730 |
|
const struct ccs_name_union *names_p; |
731 |
|
const struct ccs_argv_entry *argv; |
732 |
|
const struct ccs_envp_entry *envp; |
733 |
|
u16 condc; |
734 |
|
u16 i; |
735 |
|
u16 j; |
736 |
|
char buffer[32]; |
737 |
|
if (!cond) |
738 |
|
goto no_condition; |
739 |
|
condc = cond->condc; |
740 |
|
condp = (const struct ccs_condition_element *) (cond + 1); |
741 |
|
numbers_p = (const struct ccs_number_union *) (condp + condc); |
742 |
|
names_p = (const struct ccs_name_union *) |
743 |
|
(numbers_p + cond->numbers_count); |
744 |
|
argv = (const struct ccs_argv_entry *) (names_p + cond->names_count); |
745 |
|
envp = (const struct ccs_envp_entry *) (argv + cond->argc); |
746 |
|
memset(buffer, 0, sizeof(buffer)); |
747 |
|
if (condc && !ccs_io_printf(head, "%s", " if")) |
748 |
|
goto out; |
749 |
|
for (i = 0; i < condc; i++) { |
750 |
|
const u8 match = condp->equals; |
751 |
|
const u8 left = condp->left; |
752 |
|
const u8 right = condp->right; |
753 |
|
condp++; |
754 |
|
switch (left) { |
755 |
|
case CCS_ARGV_ENTRY: |
756 |
|
if (!ccs_io_printf(head, " exec.argv[%u]%s\"%s\"", |
757 |
|
argv->index, argv->is_not ? |
758 |
|
"!=" : "=", argv->value->name)) |
759 |
|
goto out; |
760 |
|
argv++; |
761 |
|
continue; |
762 |
|
case CCS_ENVP_ENTRY: |
763 |
|
if (!ccs_io_printf(head, " exec.envp[\"%s\"]%s", |
764 |
|
envp->name->name, envp->is_not ? |
765 |
|
"!=" : "=")) |
766 |
|
goto out; |
767 |
|
if (envp->value) { |
768 |
|
if (!ccs_io_printf(head, "\"%s\"", |
769 |
|
envp->value->name)) |
770 |
|
goto out; |
771 |
|
} else { |
772 |
|
if (!ccs_io_printf(head, "NULL")) |
773 |
|
goto out; |
774 |
|
} |
775 |
|
envp++; |
776 |
|
continue; |
777 |
|
case CCS_NUMBER_UNION: |
778 |
|
if (!ccs_print_number_union(head, numbers_p++)) |
779 |
|
goto out; |
780 |
|
break; |
781 |
|
default: |
782 |
|
if (left >= CCS_MAX_CONDITION_KEYWORD) |
783 |
|
goto out; |
784 |
|
if (!ccs_io_printf(head, " %s", |
785 |
|
ccs_condition_keyword[left])) |
786 |
|
goto out; |
787 |
|
break; |
788 |
|
} |
789 |
|
if (!ccs_io_printf(head, "%s", match ? "=" : "!=")) |
790 |
|
goto out; |
791 |
|
switch (right) { |
792 |
|
case CCS_NAME_UNION: |
793 |
|
if (!ccs_print_name_union_quoted(head, names_p++)) |
794 |
|
goto out; |
795 |
|
break; |
796 |
|
case CCS_NUMBER_UNION: |
797 |
|
if (!ccs_print_number_union_nospace(head, numbers_p++)) |
798 |
|
goto out; |
799 |
|
break; |
800 |
|
default: |
801 |
|
if (right >= CCS_MAX_CONDITION_KEYWORD) |
802 |
|
goto out; |
803 |
|
if (!ccs_io_printf(head, "%s", |
804 |
|
ccs_condition_keyword[right])) |
805 |
|
goto out; |
806 |
|
break; |
807 |
|
} |
808 |
|
} |
809 |
|
i = cond->post_state[3]; |
810 |
|
if (!i) |
811 |
|
goto no_condition; |
812 |
|
if (!ccs_io_printf(head, " ; set")) |
813 |
|
goto out; |
814 |
|
for (j = 0; j < 3; j++) { |
815 |
|
if (!(i & (1 << j))) |
816 |
|
continue; |
817 |
|
if (!ccs_io_printf(head, " task.state[%u]=%u", j, |
818 |
|
cond->post_state[j])) |
819 |
|
goto out; |
820 |
|
} |
821 |
|
no_condition: |
822 |
|
if (ccs_io_printf(head, "\n")) |
823 |
|
return true; |
824 |
|
out: |
825 |
|
return false; |
826 |
} |
} |
827 |
|
|
828 |
/** |
/** |
841 |
int pos; |
int pos; |
842 |
u8 bit; |
u8 bit; |
843 |
const u16 perm = ptr->perm; |
const u16 perm = ptr->perm; |
844 |
for (bit = head->read_bit; bit < MAX_SINGLE_PATH_OPERATION; bit++) { |
for (bit = head->read_bit; bit < CCS_MAX_SINGLE_PATH_OPERATION; bit++) { |
845 |
const char *msg; |
const char *msg; |
846 |
if (!(perm & (1 << bit))) |
if (!(perm & (1 << bit))) |
847 |
continue; |
continue; |
848 |
if (head->read_execute_only && bit != TYPE_EXECUTE_ACL) |
if (head->read_execute_only && bit != CCS_TYPE_EXECUTE_ACL) |
849 |
continue; |
continue; |
850 |
/* Print "read/write" instead of "read" and "write". */ |
/* Print "read/write" instead of "read" and "write". */ |
851 |
if ((bit == TYPE_READ_ACL || bit == TYPE_WRITE_ACL) |
if ((bit == CCS_TYPE_READ_ACL || bit == CCS_TYPE_WRITE_ACL) |
852 |
&& (perm & (1 << TYPE_READ_WRITE_ACL))) |
&& (perm & (1 << CCS_TYPE_READ_WRITE_ACL))) |
853 |
continue; |
continue; |
854 |
msg = ccs_sp2keyword(bit); |
msg = ccs_sp2keyword(bit); |
855 |
pos = head->read_avail; |
pos = head->read_avail; |
856 |
if (!ccs_io_printf(head, "allow_%s", msg) || |
if (!ccs_io_printf(head, "allow_%s", msg) || |
857 |
!ccs_print_name_union(head, ptr->name_is_group, |
!ccs_print_name_union(head, &ptr->name) || |
|
&ptr->name) || |
|
858 |
!ccs_print_condition(head, cond)) |
!ccs_print_condition(head, cond)) |
859 |
goto out; |
goto out; |
860 |
} |
} |
882 |
int pos; |
int pos; |
883 |
u8 bit; |
u8 bit; |
884 |
const u16 perm = ptr->perm; |
const u16 perm = ptr->perm; |
885 |
for (bit = head->read_bit; bit < MAX_MKDEV_OPERATION; bit++) { |
for (bit = head->read_bit; bit < CCS_MAX_MKDEV_OPERATION; bit++) { |
886 |
const char *msg; |
const char *msg; |
887 |
if (!(perm & (1 << bit))) |
if (!(perm & (1 << bit))) |
888 |
continue; |
continue; |
889 |
msg = ccs_mkdev2keyword(bit); |
msg = ccs_mkdev2keyword(bit); |
890 |
pos = head->read_avail; |
pos = head->read_avail; |
891 |
if (!ccs_io_printf(head, "allow_%s", msg) || |
if (!ccs_io_printf(head, "allow_%s", msg) || |
892 |
!ccs_print_name_union(head, ptr->name_is_group, |
!ccs_print_name_union(head, &ptr->name) || |
893 |
&ptr->name) || |
!ccs_print_number_union(head, &ptr->major) || |
894 |
!ccs_print_number_union(head, ptr->major_is_group, |
!ccs_print_number_union(head, &ptr->minor) || |
|
&ptr->major) || |
|
|
!ccs_print_number_union(head, ptr->minor_is_group, |
|
|
&ptr->minor) || |
|
895 |
!ccs_print_condition(head, cond)) |
!ccs_print_condition(head, cond)) |
896 |
goto out; |
goto out; |
897 |
} |
} |
919 |
int pos; |
int pos; |
920 |
u8 bit; |
u8 bit; |
921 |
const u8 perm = ptr->perm; |
const u8 perm = ptr->perm; |
922 |
for (bit = head->read_bit; bit < MAX_DOUBLE_PATH_OPERATION; bit++) { |
for (bit = head->read_bit; bit < CCS_MAX_DOUBLE_PATH_OPERATION; bit++) { |
923 |
const char *msg; |
const char *msg; |
924 |
if (!(perm & (1 << bit))) |
if (!(perm & (1 << bit))) |
925 |
continue; |
continue; |
926 |
msg = ccs_dp2keyword(bit); |
msg = ccs_dp2keyword(bit); |
927 |
pos = head->read_avail; |
pos = head->read_avail; |
928 |
if (!ccs_io_printf(head, "allow_%s", msg) || |
if (!ccs_io_printf(head, "allow_%s", msg) || |
929 |
!ccs_print_name_union(head, ptr->name1_is_group, |
!ccs_print_name_union(head, &ptr->name1) || |
930 |
&ptr->name1) || |
!ccs_print_name_union(head, &ptr->name2) || |
|
!ccs_print_name_union(head, ptr->name2_is_group, |
|
|
&ptr->name2) || |
|
931 |
!ccs_print_condition(head, cond)) |
!ccs_print_condition(head, cond)) |
932 |
goto out; |
goto out; |
933 |
} |
} |
940 |
} |
} |
941 |
|
|
942 |
/** |
/** |
943 |
* ccs_print_ioctl_acl - Print an ioctl ACL entry. |
* ccs_print_path_number_acl - Print an ioctl/chmod/chown/chgrp ACL entry. |
944 |
* |
* |
945 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
946 |
* @ptr: Pointer to "struct ccs_ioctl_acl_record". |
* @ptr: Pointer to "struct ccs_path_number_acl_record". |
947 |
* @cond: Pointer to "struct ccs_condition". May be NULL. |
* @cond: Pointer to "struct ccs_condition". May be NULL. |
948 |
* |
* |
949 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
950 |
*/ |
*/ |
951 |
static bool ccs_print_ioctl_acl(struct ccs_io_buffer *head, |
static bool ccs_print_path_number_acl(struct ccs_io_buffer *head, |
952 |
struct ccs_ioctl_acl_record *ptr, |
struct ccs_path_number_acl_record *ptr, |
953 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
|
{ |
|
|
int pos = head->read_avail; |
|
|
if (!ccs_io_printf(head, KEYWORD_ALLOW_IOCTL) || |
|
|
!ccs_print_name_union(head, ptr->name_is_group, &ptr->name) || |
|
|
!ccs_print_number_union(head, ptr->cmd_is_group, &ptr->cmd) || |
|
|
!ccs_print_condition(head, cond)) |
|
|
goto out; |
|
|
return true; |
|
|
out: |
|
|
head->read_avail = pos; |
|
|
return false; |
|
|
} |
|
|
|
|
|
/** |
|
|
* ccs_print_argv0_acl - Print an argv[0] ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to "struct ccs_argv0_acl_record". |
|
|
* @cond: Pointer to "struct ccs_condition". May be NULL. |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_argv0_acl(struct ccs_io_buffer *head, |
|
|
struct ccs_argv0_acl_record *ptr, |
|
|
const struct ccs_condition *cond) |
|
954 |
{ |
{ |
955 |
int pos = head->read_avail; |
int pos; |
956 |
if (!ccs_io_printf(head, KEYWORD_ALLOW_ARGV0 "%s %s", |
u8 bit; |
957 |
ptr->filename->name, ptr->argv0->name)) |
const u8 perm = ptr->perm; |
958 |
goto out; |
for (bit = head->read_bit; bit < CCS_MAX_PATH_NUMBER_OPERATION; bit++) { |
959 |
if (!ccs_print_condition(head, cond)) |
const char *msg; |
960 |
goto out; |
if (!(perm & (1 << bit))) |
961 |
|
continue; |
962 |
|
msg = ccs_path_number2keyword(bit); |
963 |
|
pos = head->read_avail; |
964 |
|
if (!ccs_io_printf(head, "allow_%s", msg) || |
965 |
|
!ccs_print_name_union(head, &ptr->name) || |
966 |
|
!ccs_print_number_union(head, &ptr->number) || |
967 |
|
!ccs_print_condition(head, cond)) |
968 |
|
goto out; |
969 |
|
} |
970 |
|
head->read_bit = 0; |
971 |
return true; |
return true; |
972 |
out: |
out: |
973 |
|
head->read_bit = bit; |
974 |
head->read_avail = pos; |
head->read_avail = pos; |
975 |
return false; |
return false; |
976 |
} |
} |
989 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
990 |
{ |
{ |
991 |
int pos = head->read_avail; |
int pos = head->read_avail; |
992 |
if (!ccs_io_printf(head, KEYWORD_ALLOW_ENV "%s", ptr->env->name)) |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_ENV "%s", ptr->env->name)) |
993 |
goto out; |
goto out; |
994 |
if (!ccs_print_condition(head, cond)) |
if (!ccs_print_condition(head, cond)) |
995 |
goto out; |
goto out; |
1013 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
1014 |
{ |
{ |
1015 |
int pos = head->read_avail; |
int pos = head->read_avail; |
1016 |
if (!ccs_io_printf(head, KEYWORD_ALLOW_CAPABILITY "%s", |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_CAPABILITY "%s", |
1017 |
ccs_cap2keyword(ptr->operation))) |
ccs_cap2keyword(ptr->operation))) |
1018 |
goto out; |
goto out; |
1019 |
if (!ccs_print_condition(head, cond)) |
if (!ccs_print_condition(head, cond)) |
1084 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
1085 |
{ |
{ |
1086 |
int pos = head->read_avail; |
int pos = head->read_avail; |
1087 |
if (!ccs_io_printf(head, KEYWORD_ALLOW_NETWORK "%s ", |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_NETWORK "%s ", |
1088 |
ccs_net2keyword(ptr->operation_type))) |
ccs_net2keyword(ptr->operation_type))) |
1089 |
goto out; |
goto out; |
1090 |
switch (ptr->record_type) { |
switch (ptr->record_type) { |
1091 |
case IP_RECORD_TYPE_ADDRESS_GROUP: |
case CCS_IP_RECORD_TYPE_ADDRESS_GROUP: |
1092 |
if (!ccs_io_printf(head, "@%s", |
if (!ccs_io_printf(head, "@%s", |
1093 |
ptr->address.group->group_name->name)) |
ptr->address.group->group_name->name)) |
1094 |
goto out; |
goto out; |
1095 |
break; |
break; |
1096 |
case IP_RECORD_TYPE_IPv4: |
case CCS_IP_RECORD_TYPE_IPv4: |
1097 |
if (!ccs_print_ipv4_entry(head, ptr)) |
if (!ccs_print_ipv4_entry(head, ptr)) |
1098 |
goto out; |
goto out; |
1099 |
break; |
break; |
1100 |
case IP_RECORD_TYPE_IPv6: |
case CCS_IP_RECORD_TYPE_IPv6: |
1101 |
if (!ccs_print_ipv6_entry(head, ptr)) |
if (!ccs_print_ipv6_entry(head, ptr)) |
1102 |
goto out; |
goto out; |
1103 |
break; |
break; |
1104 |
} |
} |
1105 |
if (!ccs_print_number_union(head, ptr->port_is_group, &ptr->port) || |
if (!ccs_print_number_union(head, &ptr->port) || |
1106 |
!ccs_print_condition(head, cond)) |
!ccs_print_condition(head, cond)) |
1107 |
goto out; |
goto out; |
1108 |
return true; |
return true; |
1125 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
1126 |
{ |
{ |
1127 |
int pos = head->read_avail; |
int pos = head->read_avail; |
1128 |
if (!ccs_io_printf(head, KEYWORD_ALLOW_SIGNAL "%u %s", |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_SIGNAL "%u %s", |
1129 |
ptr->sig, ptr->domainname->name)) |
ptr->sig, ptr->domainname->name)) |
1130 |
goto out; |
goto out; |
1131 |
if (!ccs_print_condition(head, cond)) |
if (!ccs_print_condition(head, cond)) |
1167 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
1168 |
{ |
{ |
1169 |
int pos = head->read_avail; |
int pos = head->read_avail; |
1170 |
if (!ccs_io_printf(head, KEYWORD_ALLOW_MOUNT "%s %s %s 0x%lX\n", |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_MOUNT "%s %s %s 0x%lX\n", |
1171 |
ptr->dev_name->name, ptr->dir_name->name, |
ptr->dev_name->name, ptr->dir_name->name, |
1172 |
ptr->fs_type->name, ptr->flags)) |
ptr->fs_type->name, ptr->flags)) |
1173 |
goto out; |
goto out; |
1193 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
1194 |
{ |
{ |
1195 |
int pos = head->read_avail; |
int pos = head->read_avail; |
1196 |
if (!ccs_io_printf(head, KEYWORD_ALLOW_UNMOUNT "%s\n", |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_UNMOUNT "%s\n", |
1197 |
ptr->dir->name)) |
ptr->dir->name)) |
1198 |
goto out; |
goto out; |
1199 |
if (!ccs_print_condition(head, cond)) |
if (!ccs_print_condition(head, cond)) |
1218 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
1219 |
{ |
{ |
1220 |
int pos = head->read_avail; |
int pos = head->read_avail; |
1221 |
if (!ccs_io_printf(head, KEYWORD_ALLOW_CHROOT "%s\n", |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_CHROOT "%s\n", |
1222 |
ptr->dir->name)) |
ptr->dir->name)) |
1223 |
goto out; |
goto out; |
1224 |
if (!ccs_print_condition(head, cond)) |
if (!ccs_print_condition(head, cond)) |
1243 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
1244 |
{ |
{ |
1245 |
int pos = head->read_avail; |
int pos = head->read_avail; |
1246 |
if (!ccs_io_printf(head, KEYWORD_ALLOW_PIVOT_ROOT "%s %s\n", |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_PIVOT_ROOT "%s %s\n", |
1247 |
ptr->new_root->name, ptr->old_root->name)) |
ptr->new_root->name, ptr->old_root->name)) |
1248 |
goto out; |
goto out; |
1249 |
if (!ccs_print_condition(head, cond)) |
if (!ccs_print_condition(head, cond)) |
1267 |
{ |
{ |
1268 |
const struct ccs_condition *cond = ptr->cond; |
const struct ccs_condition *cond = ptr->cond; |
1269 |
const u8 acl_type = ccs_acl_type2(ptr); |
const u8 acl_type = ccs_acl_type2(ptr); |
1270 |
if (acl_type & ACL_DELETED) |
if (acl_type & CCS_ACL_DELETED) |
1271 |
return true; |
return true; |
1272 |
if (acl_type == TYPE_SINGLE_PATH_ACL) { |
if (acl_type == CCS_TYPE_SINGLE_PATH_ACL) { |
1273 |
struct ccs_single_path_acl_record *acl |
struct ccs_single_path_acl_record *acl |
1274 |
= container_of(ptr, struct ccs_single_path_acl_record, |
= container_of(ptr, struct ccs_single_path_acl_record, |
1275 |
head); |
head); |
1276 |
return ccs_print_single_path_acl(head, acl, cond); |
return ccs_print_single_path_acl(head, acl, cond); |
1277 |
} |
} |
1278 |
if (acl_type == TYPE_EXECUTE_HANDLER) { |
if (acl_type == CCS_TYPE_EXECUTE_HANDLER) { |
1279 |
struct ccs_execute_handler_record *acl |
struct ccs_execute_handler_record *acl |
1280 |
= container_of(ptr, struct ccs_execute_handler_record, |
= container_of(ptr, struct ccs_execute_handler_record, |
1281 |
head); |
head); |
1282 |
const char *keyword = KEYWORD_EXECUTE_HANDLER; |
const char *keyword = CCS_KEYWORD_EXECUTE_HANDLER; |
1283 |
return ccs_print_execute_handler_record(head, keyword, acl); |
return ccs_print_execute_handler_record(head, keyword, acl); |
1284 |
} |
} |
1285 |
if (acl_type == TYPE_DENIED_EXECUTE_HANDLER) { |
if (acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) { |
1286 |
struct ccs_execute_handler_record *acl |
struct ccs_execute_handler_record *acl |
1287 |
= container_of(ptr, struct ccs_execute_handler_record, |
= container_of(ptr, struct ccs_execute_handler_record, |
1288 |
head); |
head); |
1289 |
const char *keyword = KEYWORD_DENIED_EXECUTE_HANDLER; |
const char *keyword = CCS_KEYWORD_DENIED_EXECUTE_HANDLER; |
1290 |
return ccs_print_execute_handler_record(head, keyword, acl); |
return ccs_print_execute_handler_record(head, keyword, acl); |
1291 |
} |
} |
1292 |
if (head->read_execute_only) |
if (head->read_execute_only) |
1293 |
return true; |
return true; |
1294 |
if (acl_type == TYPE_MKDEV_ACL) { |
if (acl_type == CCS_TYPE_MKDEV_ACL) { |
1295 |
struct ccs_mkdev_acl_record *acl |
struct ccs_mkdev_acl_record *acl |
1296 |
= container_of(ptr, struct ccs_mkdev_acl_record, head); |
= container_of(ptr, struct ccs_mkdev_acl_record, head); |
1297 |
return ccs_print_mkdev_acl(head, acl, cond); |
return ccs_print_mkdev_acl(head, acl, cond); |
1298 |
} |
} |
1299 |
if (acl_type == TYPE_DOUBLE_PATH_ACL) { |
if (acl_type == CCS_TYPE_DOUBLE_PATH_ACL) { |
1300 |
struct ccs_double_path_acl_record *acl |
struct ccs_double_path_acl_record *acl |
1301 |
= container_of(ptr, struct ccs_double_path_acl_record, |
= container_of(ptr, struct ccs_double_path_acl_record, |
1302 |
head); |
head); |
1303 |
return ccs_print_double_path_acl(head, acl, cond); |
return ccs_print_double_path_acl(head, acl, cond); |
1304 |
} |
} |
1305 |
if (acl_type == TYPE_IOCTL_ACL) { |
if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) { |
1306 |
struct ccs_ioctl_acl_record *acl |
struct ccs_path_number_acl_record *acl |
1307 |
= container_of(ptr, struct ccs_ioctl_acl_record, head); |
= container_of(ptr, struct ccs_path_number_acl_record, |
1308 |
return ccs_print_ioctl_acl(head, acl, cond); |
head); |
1309 |
} |
return ccs_print_path_number_acl(head, acl, cond); |
|
if (acl_type == TYPE_ARGV0_ACL) { |
|
|
struct ccs_argv0_acl_record *acl |
|
|
= container_of(ptr, struct ccs_argv0_acl_record, head); |
|
|
return ccs_print_argv0_acl(head, acl, cond); |
|
1310 |
} |
} |
1311 |
if (acl_type == TYPE_ENV_ACL) { |
if (acl_type == CCS_TYPE_ENV_ACL) { |
1312 |
struct ccs_env_acl_record *acl |
struct ccs_env_acl_record *acl |
1313 |
= container_of(ptr, struct ccs_env_acl_record, head); |
= container_of(ptr, struct ccs_env_acl_record, head); |
1314 |
return ccs_print_env_acl(head, acl, cond); |
return ccs_print_env_acl(head, acl, cond); |
1315 |
} |
} |
1316 |
if (acl_type == TYPE_CAPABILITY_ACL) { |
if (acl_type == CCS_TYPE_CAPABILITY_ACL) { |
1317 |
struct ccs_capability_acl_record *acl |
struct ccs_capability_acl_record *acl |
1318 |
= container_of(ptr, struct ccs_capability_acl_record, |
= container_of(ptr, struct ccs_capability_acl_record, |
1319 |
head); |
head); |
1320 |
return ccs_print_capability_acl(head, acl, cond); |
return ccs_print_capability_acl(head, acl, cond); |
1321 |
} |
} |
1322 |
if (acl_type == TYPE_IP_NETWORK_ACL) { |
if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
1323 |
struct ccs_ip_network_acl_record *acl |
struct ccs_ip_network_acl_record *acl |
1324 |
= container_of(ptr, struct ccs_ip_network_acl_record, |
= container_of(ptr, struct ccs_ip_network_acl_record, |
1325 |
head); |
head); |
1326 |
return ccs_print_network_acl(head, acl, cond); |
return ccs_print_network_acl(head, acl, cond); |
1327 |
} |
} |
1328 |
if (acl_type == TYPE_SIGNAL_ACL) { |
if (acl_type == CCS_TYPE_SIGNAL_ACL) { |
1329 |
struct ccs_signal_acl_record *acl |
struct ccs_signal_acl_record *acl |
1330 |
= container_of(ptr, struct ccs_signal_acl_record, head); |
= container_of(ptr, struct ccs_signal_acl_record, head); |
1331 |
return ccs_print_signal_acl(head, acl, cond); |
return ccs_print_signal_acl(head, acl, cond); |
1332 |
} |
} |
1333 |
if (acl_type == TYPE_MOUNT_ACL) { |
if (acl_type == CCS_TYPE_MOUNT_ACL) { |
1334 |
struct ccs_mount_acl_record *acl |
struct ccs_mount_acl_record *acl |
1335 |
= container_of(ptr, struct ccs_mount_acl_record, head); |
= container_of(ptr, struct ccs_mount_acl_record, head); |
1336 |
return ccs_print_mount_acl(head, acl, cond); |
return ccs_print_mount_acl(head, acl, cond); |
1337 |
} |
} |
1338 |
if (acl_type == TYPE_UMOUNT_ACL) { |
if (acl_type == CCS_TYPE_UMOUNT_ACL) { |
1339 |
struct ccs_umount_acl_record *acl |
struct ccs_umount_acl_record *acl |
1340 |
= container_of(ptr, struct ccs_umount_acl_record, head); |
= container_of(ptr, struct ccs_umount_acl_record, head); |
1341 |
return ccs_print_umount_acl(head, acl, cond); |
return ccs_print_umount_acl(head, acl, cond); |
1342 |
} |
} |
1343 |
if (acl_type == TYPE_CHROOT_ACL) { |
if (acl_type == CCS_TYPE_CHROOT_ACL) { |
1344 |
struct ccs_chroot_acl_record *acl |
struct ccs_chroot_acl_record *acl |
1345 |
= container_of(ptr, struct ccs_chroot_acl_record, head); |
= container_of(ptr, struct ccs_chroot_acl_record, head); |
1346 |
return ccs_print_chroot_acl(head, acl, cond); |
return ccs_print_chroot_acl(head, acl, cond); |
1347 |
} |
} |
1348 |
if (acl_type == TYPE_PIVOT_ROOT_ACL) { |
if (acl_type == CCS_TYPE_PIVOT_ROOT_ACL) { |
1349 |
struct ccs_pivot_root_acl_record *acl |
struct ccs_pivot_root_acl_record *acl |
1350 |
= container_of(ptr, struct ccs_pivot_root_acl_record, |
= container_of(ptr, struct ccs_pivot_root_acl_record, |
1351 |
head); |
head); |
1352 |
return ccs_print_pivot_root_acl(head, acl, cond); |
return ccs_print_pivot_root_acl(head, acl, cond); |
1353 |
} |
} |
1354 |
/* Workaround for gcc 3.2.2's inline bug. */ |
/* Workaround for gcc 3.2.2's inline bug. */ |
1355 |
if (acl_type & ACL_DELETED) |
if (acl_type & CCS_ACL_DELETED) |
1356 |
return true; |
return true; |
1357 |
BUG(); /* This must not happen. */ |
BUG(); /* This must not happen. */ |
1358 |
return false; |
return false; |
1394 |
transition_failed = "transition_failed\n"; |
transition_failed = "transition_failed\n"; |
1395 |
if (domain->ignore_global_allow_read) |
if (domain->ignore_global_allow_read) |
1396 |
ignore_global_allow_read |
ignore_global_allow_read |
1397 |
= KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n"; |
= CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "\n"; |
1398 |
if (domain->ignore_global_allow_env) |
if (domain->ignore_global_allow_env) |
1399 |
ignore_global_allow_env |
ignore_global_allow_env |
1400 |
= KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "\n"; |
= CCS_KEYWORD_IGNORE_GLOBAL_ALLOW_ENV "\n"; |
1401 |
if (!ccs_io_printf(head, "%s\n" KEYWORD_USE_PROFILE "%u\n" |
if (!ccs_io_printf(head, "%s\n" CCS_KEYWORD_USE_PROFILE "%u\n" |
1402 |
"%s%s%s%s\n", domain->domainname->name, |
"%s%s%s%s\n", domain->domainname->name, |
1403 |
domain->profile, quota_exceeded, |
domain->profile, quota_exceeded, |
1404 |
transition_failed, |
transition_failed, |
1454 |
return -EINVAL; |
return -EINVAL; |
1455 |
*cp = '\0'; |
*cp = '\0'; |
1456 |
profile = simple_strtoul(data, NULL, 10); |
profile = simple_strtoul(data, NULL, 10); |
1457 |
if (profile >= MAX_PROFILES) |
if (profile >= CCS_MAX_PROFILES) |
1458 |
return -EINVAL; |
return -EINVAL; |
1459 |
domain = ccs_find_domain(cp + 1); |
domain = ccs_find_domain(cp + 1); |
1460 |
if (domain && (ccs_profile_ptr[profile] || !ccs_policy_loaded)) |
if (domain && (ccs_profile_ptr[profile] || !ccs_policy_loaded)) |
1577 |
static int ccs_write_exception_policy(struct ccs_io_buffer *head) |
static int ccs_write_exception_policy(struct ccs_io_buffer *head) |
1578 |
{ |
{ |
1579 |
char *data = head->write_buf; |
char *data = head->write_buf; |
1580 |
bool is_delete = ccs_str_starts(&data, KEYWORD_DELETE); |
bool is_delete = ccs_str_starts(&data, CCS_KEYWORD_DELETE); |
1581 |
if (ccs_str_starts(&data, KEYWORD_KEEP_DOMAIN)) |
if (ccs_str_starts(&data, CCS_KEYWORD_KEEP_DOMAIN)) |
1582 |
return ccs_write_domain_keeper_policy(data, false, is_delete); |
return ccs_write_domain_keeper_policy(data, false, is_delete); |
1583 |
if (ccs_str_starts(&data, KEYWORD_NO_KEEP_DOMAIN)) |
if (ccs_str_starts(&data, CCS_KEYWORD_NO_KEEP_DOMAIN)) |
1584 |
return ccs_write_domain_keeper_policy(data, true, is_delete); |
return ccs_write_domain_keeper_policy(data, true, is_delete); |
1585 |
if (ccs_str_starts(&data, KEYWORD_INITIALIZE_DOMAIN)) |
if (ccs_str_starts(&data, CCS_KEYWORD_INITIALIZE_DOMAIN)) |
1586 |
return ccs_write_domain_initializer_policy(data, false, |
return ccs_write_domain_initializer_policy(data, false, |
1587 |
is_delete); |
is_delete); |
1588 |
if (ccs_str_starts(&data, KEYWORD_NO_INITIALIZE_DOMAIN)) |
if (ccs_str_starts(&data, CCS_KEYWORD_NO_INITIALIZE_DOMAIN)) |
1589 |
return ccs_write_domain_initializer_policy(data, true, |
return ccs_write_domain_initializer_policy(data, true, |
1590 |
is_delete); |
is_delete); |
1591 |
if (ccs_str_starts(&data, KEYWORD_AGGREGATOR)) |
if (ccs_str_starts(&data, CCS_KEYWORD_AGGREGATOR)) |
1592 |
return ccs_write_aggregator_policy(data, is_delete); |
return ccs_write_aggregator_policy(data, is_delete); |
1593 |
if (ccs_str_starts(&data, KEYWORD_ALLOW_READ)) |
if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_READ)) |
1594 |
return ccs_write_globally_readable_policy(data, is_delete); |
return ccs_write_globally_readable_policy(data, is_delete); |
1595 |
if (ccs_str_starts(&data, KEYWORD_ALLOW_ENV)) |
if (ccs_str_starts(&data, CCS_KEYWORD_ALLOW_ENV)) |
1596 |
return ccs_write_globally_usable_env_policy(data, is_delete); |
return ccs_write_globally_usable_env_policy(data, is_delete); |
1597 |
if (ccs_str_starts(&data, KEYWORD_FILE_PATTERN)) |
if (ccs_str_starts(&data, CCS_KEYWORD_FILE_PATTERN)) |
1598 |
return ccs_write_pattern_policy(data, is_delete); |
return ccs_write_pattern_policy(data, is_delete); |
1599 |
if (ccs_str_starts(&data, KEYWORD_PATH_GROUP)) |
if (ccs_str_starts(&data, CCS_KEYWORD_PATH_GROUP)) |
1600 |
return ccs_write_path_group_policy(data, is_delete); |
return ccs_write_path_group_policy(data, is_delete); |
1601 |
if (ccs_str_starts(&data, KEYWORD_NUMBER_GROUP)) |
if (ccs_str_starts(&data, CCS_KEYWORD_NUMBER_GROUP)) |
1602 |
return ccs_write_number_group_policy(data, is_delete); |
return ccs_write_number_group_policy(data, is_delete); |
1603 |
if (ccs_str_starts(&data, KEYWORD_DENY_REWRITE)) |
if (ccs_str_starts(&data, CCS_KEYWORD_DENY_REWRITE)) |
1604 |
return ccs_write_no_rewrite_policy(data, is_delete); |
return ccs_write_no_rewrite_policy(data, is_delete); |
1605 |
if (ccs_str_starts(&data, KEYWORD_ADDRESS_GROUP)) |
if (ccs_str_starts(&data, CCS_KEYWORD_ADDRESS_GROUP)) |
1606 |
return ccs_write_address_group_policy(data, is_delete); |
return ccs_write_address_group_policy(data, is_delete); |
1607 |
if (ccs_str_starts(&data, KEYWORD_DENY_AUTOBIND)) |
if (ccs_str_starts(&data, CCS_KEYWORD_DENY_AUTOBIND)) |
1608 |
return ccs_write_reserved_port_policy(data, is_delete); |
return ccs_write_reserved_port_policy(data, is_delete); |
1609 |
return -EINVAL; |
return -EINVAL; |
1610 |
} |
} |