オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/policy_io.c

Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/policy_io.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 3109 by kumaneko, Fri Oct 16 05:02:23 2009 UTC revision 3158 by kumaneko, Mon Nov 9 02:21:20 2009 UTC
# Line 3  Line 3 
3   *   *
4   * Copyright (C) 2005-2009  NTT DATA CORPORATION   * Copyright (C) 2005-2009  NTT DATA CORPORATION
5   *   *
6   * Version: 1.7.1-pre   2009/10/16   * Version: 1.7.1-pre   2009/11/03
7   *   *
8   * This file is applicable to both 2.4.30 and 2.6.11 and later.   * This file is applicable to both 2.4.30 and 2.6.11 and later.
9   * See README.ccs for ChangeLog.   * See README.ccs for ChangeLog.
# Line 33  static struct ccs_profile ccs_default_pr Line 33  static struct ccs_profile ccs_default_pr
33          .preference.permissive_verbose = true          .preference.permissive_verbose = true
34  };  };
35    
36    /* Profile version. Currently only 20090903 is defined. */
37    static unsigned int ccs_profile_version;
38    
39  /* Profile table. Memory is allocated as needed. */  /* Profile table. Memory is allocated as needed. */
40  static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES];  static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES];
41    
 /* Lock for protecting "struct ccs_profile"->comment  */  
 static DEFINE_SPINLOCK(ccs_profile_comment_lock);  
   
42  /* String table for functionality that takes 4 modes. */  /* String table for functionality that takes 4 modes. */
43  static const char *ccs_mode_4[4] = {  static const char *ccs_mode_4[4] = {
44          "disabled", "learning", "permissive", "enforcing"          "disabled", "learning", "permissive", "enforcing"
# Line 296  void ccs_check_profile(void) Line 296  void ccs_check_profile(void)
296                  panic("Profile %u (used by '%s') not defined.\n",                  panic("Profile %u (used by '%s') not defined.\n",
297                        profile, domain->domainname->name);                        profile, domain->domainname->name);
298          }          }
299            if (ccs_profile_version != 20090903)
300                    panic("Profile version %u is not supported.\n",
301                          ccs_profile_version);
302  }  }
303    
304  /**  /**
# Line 331  static int ccs_write_profile(struct ccs_ Line 334  static int ccs_write_profile(struct ccs_
334          bool use_default = false;          bool use_default = false;
335          char *cp;          char *cp;
336          struct ccs_profile *profile;          struct ccs_profile *profile;
337            if (sscanf(data, "PROFILE_VERSION=%u", &ccs_profile_version) == 1)
338                    return 0;
339          i = simple_strtoul(data, &cp, 10);          i = simple_strtoul(data, &cp, 10);
340          if (data == cp) {          if (data == cp) {
341                  profile = &ccs_default_profile;                  profile = &ccs_default_profile;
# Line 438  static int ccs_write_profile(struct ccs_ Line 443  static int ccs_write_profile(struct ccs_
443          if (profile == &ccs_default_profile)          if (profile == &ccs_default_profile)
444                  return -EINVAL;                  return -EINVAL;
445          if (!strcmp(data, "COMMENT")) {          if (!strcmp(data, "COMMENT")) {
446                  const struct ccs_path_info *new_comment = ccs_get_name(cp);                  const struct ccs_path_info *old_comment = profile->comment;
447                  const struct ccs_path_info *old_comment;                  profile->comment = ccs_get_name(cp);
                 /* Protect reader from ccs_put_name(). */  
                 spin_lock(&ccs_profile_comment_lock);  
                 old_comment = profile->comment;  
                 profile->comment = new_comment;  
                 spin_unlock(&ccs_profile_comment_lock);  
448                  ccs_put_name(old_comment);                  ccs_put_name(old_comment);
449                  return 0;                  return 0;
450          }          }
# Line 551  static void ccs_read_profile(struct ccs_ Line 551  static void ccs_read_profile(struct ccs_
551                  int i;                  int i;
552                  int pos;                  int pos;
553                  const struct ccs_profile *profile = ccs_profile_ptr[index];                  const struct ccs_profile *profile = ccs_profile_ptr[index];
554                    const struct ccs_path_info *comment;
555                  head->read_step = index;                  head->read_step = index;
556                  if (!profile)                  if (!profile)
557                          continue;                          continue;
558                  pos = head->read_avail;                  pos = head->read_avail;
559                  spin_lock(&ccs_profile_comment_lock);                  comment = profile->comment;
560                  done = ccs_io_printf(head, "%u-COMMENT=%s\n", index,                  done = ccs_io_printf(head, "%u-COMMENT=%s\n", index,
561                                       profile->comment ? profile->comment->name                                       comment ? comment->name : "");
                                      : "");  
                 spin_unlock(&ccs_profile_comment_lock);  
562                  if (!done)                  if (!done)
563                          goto out;                          goto out;
564                  config = profile->default_config;                  config = profile->default_config;
# Line 1796  static void ccs_read_pid(struct ccs_io_b Line 1795  static void ccs_read_pid(struct ccs_io_b
1795          struct ccs_domain_info *domain = NULL;          struct ccs_domain_info *domain = NULL;
1796          u32 ccs_flags = 0;          u32 ccs_flags = 0;
1797          /* Accessing write_buf is safe because head->io_sem is held. */          /* Accessing write_buf is safe because head->io_sem is held. */
1798          if (!buf)          if (!buf) {
1799                    head->read_eof = true;
1800                  return; /* Do nothing if open(O_RDONLY). */                  return; /* Do nothing if open(O_RDONLY). */
1801            }
1802          if (head->read_avail || head->read_eof)          if (head->read_avail || head->read_eof)
1803                  return;                  return;
1804          head->read_eof = true;          head->read_eof = true;
Legend:
Removed from v.3109  
changed lines
  Added in v.3158
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ