| 880 |
if (!head->read_buf) |
if (!head->read_buf) |
| 881 |
return true; /* Do nothing if open(O_WRONLY). */ |
return true; /* Do nothing if open(O_WRONLY). */ |
| 882 |
head->read_avail = 0; |
head->read_avail = 0; |
| 883 |
|
head->read_cond = false; |
| 884 |
ccs_io_printf(head, "# select %s\n", data); |
ccs_io_printf(head, "# select %s\n", data); |
| 885 |
head->read_single_domain = true; |
head->read_single_domain = true; |
| 886 |
head->read_eof = !domain; |
head->read_eof = !domain; |
| 887 |
if (domain) { |
head->read_var1 = &domain->list; |
| 888 |
struct ccs_domain_info *d; |
head->read_var2 = NULL; |
| 889 |
head->read_var1 = NULL; |
head->read_bit = 0; |
| 890 |
list_for_each_entry_rcu(d, &ccs_domain_list, list) { |
head->read_step = 0; |
| 891 |
if (d == domain) |
if (domain && domain->is_deleted) |
| 892 |
break; |
ccs_io_printf(head, "# This is a deleted domain.\n"); |
|
head->read_var1 = &d->list; |
|
|
} |
|
|
head->read_var2 = NULL; |
|
|
head->read_bit = 0; |
|
|
head->read_step = 0; |
|
|
if (domain->is_deleted) |
|
|
ccs_io_printf(head, "# This is a deleted domain.\n"); |
|
|
} |
|
| 893 |
return true; |
return true; |
| 894 |
} |
} |
| 895 |
|
|
| 1232 |
} |
} |
| 1233 |
|
|
| 1234 |
/** |
/** |
| 1235 |
* ccs_print_path_acl - Print a path ACL entry. |
* ccs_print_entry - Print an ACL entry. |
| 1236 |
* |
* |
| 1237 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 1238 |
* @ptr: Pointer to "struct ccs_path_acl". |
* @ptr: Pointer to an ACL entry. |
| 1239 |
* |
* |
| 1240 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
| 1241 |
*/ |
*/ |
| 1242 |
static bool ccs_print_path_acl(struct ccs_io_buffer *head, |
static bool ccs_print_entry(struct ccs_io_buffer *head, |
| 1243 |
const struct ccs_path_acl *ptr) |
const struct ccs_acl_info *acl) |
| 1244 |
{ |
{ |
| 1245 |
int pos; |
int pos; |
| 1246 |
u8 bit; |
const u8 acl_type = acl->type; |
| 1247 |
const u16 perm = ptr->perm; |
u8 bit = head->read_bit; |
| 1248 |
for (bit = head->read_bit; bit < CCS_MAX_PATH_OPERATION; bit++) { |
if (head->read_cond) |
| 1249 |
if (!(perm & (1 << bit))) |
goto print_cond; |
| 1250 |
continue; |
if (acl->is_deleted) |
| 1251 |
if (head->read_execute_only && bit != CCS_TYPE_EXECUTE |
return true; |
| 1252 |
&& bit != CCS_TYPE_TRANSIT) |
next: |
| 1253 |
continue; |
pos = head->read_avail; |
| 1254 |
/* Print "read/write" instead of "read" and "write". */ |
if (acl_type == CCS_TYPE_PATH_ACL) { |
| 1255 |
if ((bit == CCS_TYPE_READ || bit == CCS_TYPE_WRITE) |
struct ccs_path_acl *ptr |
| 1256 |
&& (perm & (1 << CCS_TYPE_READ_WRITE))) |
= container_of(acl, typeof(*ptr), head); |
| 1257 |
continue; |
const u16 perm = ptr->perm; |
| 1258 |
pos = head->read_avail; |
for ( ; bit < CCS_MAX_PATH_OPERATION; bit++) { |
| 1259 |
|
if (!(perm & (1 << bit))) |
| 1260 |
|
continue; |
| 1261 |
|
if (head->read_execute_only && bit != CCS_TYPE_EXECUTE |
| 1262 |
|
&& bit != CCS_TYPE_TRANSIT) |
| 1263 |
|
continue; |
| 1264 |
|
/* Print "read/write" instead of "read" and "write". */ |
| 1265 |
|
if ((bit == CCS_TYPE_READ || bit == CCS_TYPE_WRITE) |
| 1266 |
|
&& (perm & (1 << CCS_TYPE_READ_WRITE))) |
| 1267 |
|
continue; |
| 1268 |
|
break; |
| 1269 |
|
} |
| 1270 |
|
if (bit == CCS_MAX_PATH_OPERATION) |
| 1271 |
|
goto done; |
| 1272 |
if (!ccs_io_printf(head, "allow_%s", ccs_path_keyword[bit]) || |
if (!ccs_io_printf(head, "allow_%s", ccs_path_keyword[bit]) || |
| 1273 |
!ccs_print_name_union(head, &ptr->name) || |
!ccs_print_name_union(head, &ptr->name)) |
| 1274 |
!ccs_print_condition(head, ptr->head.cond)) { |
goto fail; |
| 1275 |
head->read_bit = bit; |
} else if (acl_type == CCS_TYPE_EXECUTE_HANDLER || |
| 1276 |
head->read_avail = pos; |
acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) { |
| 1277 |
return false; |
struct ccs_execute_handler *ptr |
| 1278 |
|
= container_of(acl, typeof(*ptr), head); |
| 1279 |
|
if (!ccs_io_printf(head, "%s %s", |
| 1280 |
|
acl_type == CCS_TYPE_EXECUTE_HANDLER ? |
| 1281 |
|
CCS_KEYWORD_EXECUTE_HANDLER : |
| 1282 |
|
CCS_KEYWORD_DENIED_EXECUTE_HANDLER, |
| 1283 |
|
ptr->handler->name)) |
| 1284 |
|
goto fail; |
| 1285 |
|
} if (head->read_execute_only) { |
| 1286 |
|
return true; |
| 1287 |
|
} else if (acl_type == CCS_TYPE_MKDEV_ACL) { |
| 1288 |
|
struct ccs_mkdev_acl *ptr |
| 1289 |
|
= container_of(acl, typeof(*ptr), head); |
| 1290 |
|
const u8 perm = ptr->perm; |
| 1291 |
|
for ( ; bit < CCS_MAX_MKDEV_OPERATION; bit++) { |
| 1292 |
|
if (!(perm & (1 << bit))) |
| 1293 |
|
continue; |
| 1294 |
|
break; |
| 1295 |
} |
} |
| 1296 |
} |
if (bit == CCS_MAX_MKDEV_OPERATION) |
| 1297 |
head->read_bit = 0; |
goto done; |
|
return true; |
|
|
} |
|
|
|
|
|
/** |
|
|
* ccs_print_mkdev_acl - Print a mkdev ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to "struct ccs_mkdev_acl". |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_mkdev_acl(struct ccs_io_buffer *head, |
|
|
const struct ccs_mkdev_acl *ptr) |
|
|
{ |
|
|
int pos; |
|
|
u8 bit; |
|
|
const u16 perm = ptr->perm; |
|
|
for (bit = head->read_bit; bit < CCS_MAX_MKDEV_OPERATION; |
|
|
bit++) { |
|
|
if (!(perm & (1 << bit))) |
|
|
continue; |
|
|
pos = head->read_avail; |
|
| 1298 |
if (!ccs_io_printf(head, "allow_%s", ccs_mkdev_keyword[bit]) || |
if (!ccs_io_printf(head, "allow_%s", ccs_mkdev_keyword[bit]) || |
| 1299 |
!ccs_print_name_union(head, &ptr->name) || |
!ccs_print_name_union(head, &ptr->name) || |
| 1300 |
!ccs_print_number_union(head, &ptr->mode) || |
!ccs_print_number_union(head, &ptr->mode) || |
| 1301 |
!ccs_print_number_union(head, &ptr->major) || |
!ccs_print_number_union(head, &ptr->major) || |
| 1302 |
!ccs_print_number_union(head, &ptr->minor) || |
!ccs_print_number_union(head, &ptr->minor)) |
| 1303 |
!ccs_print_condition(head, ptr->head.cond)) { |
goto fail; |
| 1304 |
head->read_bit = bit; |
} else if (acl_type == CCS_TYPE_PATH2_ACL) { |
| 1305 |
head->read_avail = pos; |
struct ccs_path2_acl *ptr |
| 1306 |
return false; |
= container_of(acl, typeof(*ptr), head); |
| 1307 |
|
const u8 perm = ptr->perm; |
| 1308 |
|
for ( ; bit < CCS_MAX_PATH2_OPERATION; bit++) { |
| 1309 |
|
if (!(perm & (1 << bit))) |
| 1310 |
|
continue; |
| 1311 |
|
break; |
| 1312 |
} |
} |
| 1313 |
} |
if (bit == CCS_MAX_PATH2_OPERATION) |
| 1314 |
head->read_bit = 0; |
goto done; |
|
return true; |
|
|
} |
|
|
|
|
|
/** |
|
|
* ccs_print_path2_acl - Print a path2 ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to "struct ccs_path2_acl". |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_path2_acl(struct ccs_io_buffer *head, |
|
|
const struct ccs_path2_acl *ptr) |
|
|
{ |
|
|
int pos; |
|
|
u8 bit; |
|
|
const u8 perm = ptr->perm; |
|
|
for (bit = head->read_bit; bit < CCS_MAX_PATH2_OPERATION; bit++) { |
|
|
if (!(perm & (1 << bit))) |
|
|
continue; |
|
|
pos = head->read_avail; |
|
| 1315 |
if (!ccs_io_printf(head, "allow_%s", ccs_path2_keyword[bit]) || |
if (!ccs_io_printf(head, "allow_%s", ccs_path2_keyword[bit]) || |
| 1316 |
!ccs_print_name_union(head, &ptr->name1) || |
!ccs_print_name_union(head, &ptr->name1) || |
| 1317 |
!ccs_print_name_union(head, &ptr->name2) || |
!ccs_print_name_union(head, &ptr->name2)) |
| 1318 |
!ccs_print_condition(head, ptr->head.cond)) { |
goto fail; |
| 1319 |
head->read_bit = bit; |
} else if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) { |
| 1320 |
head->read_avail = pos; |
struct ccs_path_number_acl *ptr |
| 1321 |
return false; |
= container_of(acl, typeof(*ptr), head); |
| 1322 |
|
const u8 perm = ptr->perm; |
| 1323 |
|
for ( ; bit < CCS_MAX_PATH_NUMBER_OPERATION; bit++) { |
| 1324 |
|
if (!(perm & (1 << bit))) |
| 1325 |
|
continue; |
| 1326 |
|
break; |
| 1327 |
} |
} |
| 1328 |
} |
if (bit == CCS_MAX_PATH_NUMBER_OPERATION) |
| 1329 |
head->read_bit = 0; |
goto done; |
|
return true; |
|
|
} |
|
|
|
|
|
/** |
|
|
* ccs_print_path_number_acl - Print a path_number ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to "struct ccs_path_number_acl". |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_path_number_acl(struct ccs_io_buffer *head, |
|
|
const struct ccs_path_number_acl *ptr) |
|
|
{ |
|
|
int pos; |
|
|
u8 bit; |
|
|
const u8 perm = ptr->perm; |
|
|
for (bit = head->read_bit; bit < CCS_MAX_PATH_NUMBER_OPERATION; |
|
|
bit++) { |
|
|
if (!(perm & (1 << bit))) |
|
|
continue; |
|
|
pos = head->read_avail; |
|
| 1330 |
if (!ccs_io_printf(head, "allow_%s", |
if (!ccs_io_printf(head, "allow_%s", |
| 1331 |
ccs_path_number_keyword[bit]) || |
ccs_path_number_keyword[bit]) || |
| 1332 |
!ccs_print_name_union(head, &ptr->name) || |
!ccs_print_name_union(head, &ptr->name) || |
| 1333 |
!ccs_print_number_union(head, &ptr->number) || |
!ccs_print_number_union(head, &ptr->number)) |
| 1334 |
!ccs_print_condition(head, ptr->head.cond)) { |
goto fail; |
| 1335 |
head->read_bit = bit; |
} else if (acl_type == CCS_TYPE_ENV_ACL) { |
| 1336 |
head->read_avail = pos; |
struct ccs_env_acl *ptr |
| 1337 |
return false; |
= container_of(acl, typeof(*ptr), head); |
| 1338 |
} |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_ENV "%s", |
| 1339 |
} |
ptr->env->name)) |
| 1340 |
head->read_bit = 0; |
goto fail; |
| 1341 |
return true; |
} else if (acl_type == CCS_TYPE_CAPABILITY_ACL) { |
| 1342 |
} |
struct ccs_capability_acl *ptr |
| 1343 |
|
= container_of(acl, typeof(*ptr), head); |
| 1344 |
/** |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_CAPABILITY "%s", |
| 1345 |
* ccs_print_env_acl - Print an evironment variable name's ACL entry. |
ccs_cap2keyword(ptr->operation))) |
| 1346 |
* |
goto fail; |
| 1347 |
* @head: Pointer to "struct ccs_io_buffer". |
} else if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
| 1348 |
* @ptr: Pointer to "struct ccs_env_acl". |
struct ccs_ip_network_acl *ptr |
| 1349 |
* |
= container_of(acl, typeof(*ptr), head); |
| 1350 |
* Returns true on success, false otherwise. |
char buf[128]; |
|
*/ |
|
|
static bool ccs_print_env_acl(struct ccs_io_buffer *head, |
|
|
const struct ccs_env_acl *ptr) |
|
|
{ |
|
|
const int pos = head->read_avail; |
|
|
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_ENV "%s", ptr->env->name) || |
|
|
!ccs_print_condition(head, ptr->head.cond)) { |
|
|
head->read_avail = pos; |
|
|
return false; |
|
|
} |
|
|
return true; |
|
|
} |
|
|
|
|
|
/** |
|
|
* ccs_print_capability_acl - Print a capability ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to "struct ccs_capability_acl". |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_capability_acl(struct ccs_io_buffer *head, |
|
|
const struct ccs_capability_acl *ptr) |
|
|
{ |
|
|
const int pos = head->read_avail; |
|
|
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_CAPABILITY "%s", |
|
|
ccs_cap2keyword(ptr->operation)) || |
|
|
!ccs_print_condition(head, ptr->head.cond)) { |
|
|
head->read_avail = pos; |
|
|
return false; |
|
|
} |
|
|
return true; |
|
|
} |
|
|
|
|
|
/** |
|
|
* ccs_print_network_acl - Print a network ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to "struct ccs_ip_network_acl". |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_network_acl(struct ccs_io_buffer *head, |
|
|
const struct ccs_ip_network_acl *ptr) |
|
|
{ |
|
|
int pos; |
|
|
u8 bit; |
|
|
const u8 perm = ptr->perm; |
|
|
char buf[128]; |
|
|
for (bit = head->read_bit; bit < CCS_MAX_NETWORK_OPERATION; bit++) { |
|
| 1351 |
const char *w[2] = { buf, "" }; |
const char *w[2] = { buf, "" }; |
| 1352 |
if (!(perm & (1 << bit))) |
const u8 perm = ptr->perm; |
| 1353 |
continue; |
for ( ; bit < CCS_MAX_NETWORK_OPERATION; bit++) { |
| 1354 |
pos = head->read_avail; |
if (!(perm & (1 << bit))) |
| 1355 |
|
continue; |
| 1356 |
|
break; |
| 1357 |
|
} |
| 1358 |
|
if (bit == CCS_MAX_NETWORK_OPERATION) |
| 1359 |
|
goto done; |
| 1360 |
switch (ptr->address_type) { |
switch (ptr->address_type) { |
| 1361 |
case CCS_IP_ADDRESS_TYPE_ADDRESS_GROUP: |
case CCS_IP_ADDRESS_TYPE_ADDRESS_GROUP: |
| 1362 |
w[0] = "@"; |
w[0] = "@"; |
| 1373 |
} |
} |
| 1374 |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_NETWORK "%s %s%s", |
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_NETWORK "%s %s%s", |
| 1375 |
ccs_net_keyword[bit], w[0], w[1]) || |
ccs_net_keyword[bit], w[0], w[1]) || |
| 1376 |
!ccs_print_number_union(head, &ptr->port) || |
!ccs_print_number_union(head, &ptr->port)) |
| 1377 |
!ccs_print_condition(head, ptr->head.cond)) |
goto fail; |
| 1378 |
goto out; |
} else if (acl_type == CCS_TYPE_SIGNAL_ACL) { |
| 1379 |
|
struct ccs_signal_acl *ptr |
| 1380 |
|
= container_of(acl, typeof(*ptr), head); |
| 1381 |
|
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_SIGNAL "%u %s", |
| 1382 |
|
ptr->sig, ptr->domainname->name)) |
| 1383 |
|
goto fail; |
| 1384 |
|
} else if (acl_type == CCS_TYPE_MOUNT_ACL) { |
| 1385 |
|
struct ccs_mount_acl *ptr |
| 1386 |
|
= container_of(acl, typeof(*ptr), head); |
| 1387 |
|
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_MOUNT) || |
| 1388 |
|
!ccs_print_name_union(head, &ptr->dev_name) || |
| 1389 |
|
!ccs_print_name_union(head, &ptr->dir_name) || |
| 1390 |
|
!ccs_print_name_union(head, &ptr->fs_type) || |
| 1391 |
|
!ccs_print_number_union(head, &ptr->flags)) |
| 1392 |
|
goto fail; |
| 1393 |
} |
} |
|
head->read_bit = 0; |
|
|
return true; |
|
|
out: |
|
| 1394 |
head->read_bit = bit; |
head->read_bit = bit; |
| 1395 |
head->read_avail = pos; |
head->read_cond = true; |
| 1396 |
return false; |
print_cond: |
| 1397 |
} |
pos = head->read_avail; |
| 1398 |
|
if (!ccs_print_condition(head, acl->cond)) { |
|
/** |
|
|
* ccs_print_signal_acl - Print a signal ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to "struct signale_acl". |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_signal_acl(struct ccs_io_buffer *head, |
|
|
const struct ccs_signal_acl *ptr) |
|
|
{ |
|
|
const int pos = head->read_avail; |
|
|
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_SIGNAL "%u %s", |
|
|
ptr->sig, ptr->domainname->name) || |
|
|
!ccs_print_condition(head, ptr->head.cond)) { |
|
|
head->read_avail = pos; |
|
|
return false; |
|
|
} |
|
|
return true; |
|
|
} |
|
|
|
|
|
/** |
|
|
* ccs_print_execute_handler - Print an execute handler ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @keyword: Name of the keyword. |
|
|
* @ptr: Pointer to "struct ccs_execute_handler". |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_execute_handler(struct ccs_io_buffer *head, |
|
|
const char *keyword, |
|
|
const struct ccs_execute_handler *ptr) |
|
|
{ |
|
|
const int pos = head->read_avail; |
|
|
if (!ccs_io_printf(head, "%s %s", keyword, ptr->handler->name) || |
|
|
!ccs_print_condition(head, ptr->head.cond)) { |
|
| 1399 |
head->read_avail = pos; |
head->read_avail = pos; |
| 1400 |
return false; |
return false; |
| 1401 |
} |
} |
| 1402 |
return true; |
head->read_cond = false; |
| 1403 |
} |
switch (acl_type) { |
| 1404 |
|
case CCS_TYPE_PATH_ACL: |
| 1405 |
/** |
case CCS_TYPE_MKDEV_ACL: |
| 1406 |
* ccs_print_mount_acl - Print a mount ACL entry. |
case CCS_TYPE_PATH2_ACL: |
| 1407 |
* |
case CCS_TYPE_PATH_NUMBER_ACL: |
| 1408 |
* @head: Pointer to "struct ccs_io_buffer". |
case CCS_TYPE_IP_NETWORK_ACL: |
| 1409 |
* @ptr: Pointer to "struct ccs_mount_acl". |
bit++; |
| 1410 |
* |
goto next; |
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_mount_acl(struct ccs_io_buffer *head, |
|
|
const struct ccs_mount_acl *ptr) |
|
|
{ |
|
|
const int pos = head->read_avail; |
|
|
if (!ccs_io_printf(head, CCS_KEYWORD_ALLOW_MOUNT) || |
|
|
!ccs_print_name_union(head, &ptr->dev_name) || |
|
|
!ccs_print_name_union(head, &ptr->dir_name) || |
|
|
!ccs_print_name_union(head, &ptr->fs_type) || |
|
|
!ccs_print_number_union(head, &ptr->flags) || |
|
|
!ccs_print_condition(head, ptr->head.cond)) { |
|
|
head->read_avail = pos; |
|
|
return false; |
|
| 1411 |
} |
} |
| 1412 |
|
done: |
| 1413 |
|
head->read_bit = 0; |
| 1414 |
return true; |
return true; |
| 1415 |
} |
fail: |
| 1416 |
|
head->read_bit = bit; |
| 1417 |
/** |
head->read_avail = pos; |
|
* ccs_print_entry - Print an ACL entry. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* @ptr: Pointer to an ACL entry. |
|
|
* |
|
|
* Returns true on success, false otherwise. |
|
|
*/ |
|
|
static bool ccs_print_entry(struct ccs_io_buffer *head, |
|
|
const struct ccs_acl_info *ptr) |
|
|
{ |
|
|
const u8 acl_type = ptr->type; |
|
|
if (ptr->is_deleted) |
|
|
return true; |
|
|
if (acl_type == CCS_TYPE_PATH_ACL) { |
|
|
struct ccs_path_acl *acl |
|
|
= container_of(ptr, typeof(*acl), head); |
|
|
return ccs_print_path_acl(head, acl); |
|
|
} |
|
|
if (acl_type == CCS_TYPE_EXECUTE_HANDLER || |
|
|
acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) { |
|
|
struct ccs_execute_handler *acl |
|
|
= container_of(ptr, typeof(*acl), head); |
|
|
const char *keyword = acl_type == CCS_TYPE_EXECUTE_HANDLER ? |
|
|
CCS_KEYWORD_EXECUTE_HANDLER : |
|
|
CCS_KEYWORD_DENIED_EXECUTE_HANDLER; |
|
|
return ccs_print_execute_handler(head, keyword, acl); |
|
|
} |
|
|
if (head->read_execute_only) |
|
|
return true; |
|
|
if (acl_type == CCS_TYPE_MKDEV_ACL) { |
|
|
struct ccs_mkdev_acl *acl |
|
|
= container_of(ptr, typeof(*acl), head); |
|
|
return ccs_print_mkdev_acl(head, acl); |
|
|
} |
|
|
if (acl_type == CCS_TYPE_PATH2_ACL) { |
|
|
struct ccs_path2_acl *acl |
|
|
= container_of(ptr, typeof(*acl), head); |
|
|
return ccs_print_path2_acl(head, acl); |
|
|
} |
|
|
if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) { |
|
|
struct ccs_path_number_acl *acl |
|
|
= container_of(ptr, typeof(*acl), head); |
|
|
return ccs_print_path_number_acl(head, acl); |
|
|
} |
|
|
if (acl_type == CCS_TYPE_ENV_ACL) { |
|
|
struct ccs_env_acl *acl |
|
|
= container_of(ptr, typeof(*acl), head); |
|
|
return ccs_print_env_acl(head, acl); |
|
|
} |
|
|
if (acl_type == CCS_TYPE_CAPABILITY_ACL) { |
|
|
struct ccs_capability_acl *acl |
|
|
= container_of(ptr, typeof(*acl), head); |
|
|
return ccs_print_capability_acl(head, acl); |
|
|
} |
|
|
if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
|
|
struct ccs_ip_network_acl *acl |
|
|
= container_of(ptr, typeof(*acl), head); |
|
|
return ccs_print_network_acl(head, acl); |
|
|
} |
|
|
if (acl_type == CCS_TYPE_SIGNAL_ACL) { |
|
|
struct ccs_signal_acl *acl |
|
|
= container_of(ptr, typeof(*acl), head); |
|
|
return ccs_print_signal_acl(head, acl); |
|
|
} |
|
|
if (acl_type == CCS_TYPE_MOUNT_ACL) { |
|
|
struct ccs_mount_acl *acl |
|
|
= container_of(ptr, typeof(*acl), head); |
|
|
return ccs_print_mount_acl(head, acl); |
|
|
} |
|
|
BUG(); /* This must not happen. */ |
|
| 1418 |
return false; |
return false; |
| 1419 |
} |
} |
| 1420 |
|
|
TOMOYO
Parent Directory
Revision Log
Patch