3 |
* |
* |
4 |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
5 |
* |
* |
6 |
* Version: 1.7.0 2009/10/01 |
* Version: 1.7.1 2009/11/11 |
7 |
* |
* |
8 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
9 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
33 |
.preference.permissive_verbose = true |
.preference.permissive_verbose = true |
34 |
}; |
}; |
35 |
|
|
36 |
|
/* Profile version. Currently only 20090903 is defined. */ |
37 |
|
static unsigned int ccs_profile_version; |
38 |
|
|
39 |
/* Profile table. Memory is allocated as needed. */ |
/* Profile table. Memory is allocated as needed. */ |
40 |
static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES]; |
static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES]; |
41 |
|
|
|
/* Lock for protecting "struct ccs_profile"->comment */ |
|
|
static DEFINE_SPINLOCK(ccs_profile_comment_lock); |
|
|
|
|
42 |
/* String table for functionality that takes 4 modes. */ |
/* String table for functionality that takes 4 modes. */ |
43 |
static const char *ccs_mode_4[4] = { |
static const char *ccs_mode_4[4] = { |
44 |
"disabled", "learning", "permissive", "enforcing" |
"disabled", "learning", "permissive", "enforcing" |
296 |
panic("Profile %u (used by '%s') not defined.\n", |
panic("Profile %u (used by '%s') not defined.\n", |
297 |
profile, domain->domainname->name); |
profile, domain->domainname->name); |
298 |
} |
} |
299 |
|
if (ccs_profile_version != 20090903) |
300 |
|
panic("Profile version %u is not supported.\n", |
301 |
|
ccs_profile_version); |
302 |
} |
} |
303 |
|
|
304 |
/** |
/** |
334 |
bool use_default = false; |
bool use_default = false; |
335 |
char *cp; |
char *cp; |
336 |
struct ccs_profile *profile; |
struct ccs_profile *profile; |
337 |
|
if (sscanf(data, "PROFILE_VERSION=%u", &ccs_profile_version) == 1) |
338 |
|
return 0; |
339 |
i = simple_strtoul(data, &cp, 10); |
i = simple_strtoul(data, &cp, 10); |
340 |
if (data == cp) { |
if (data == cp) { |
341 |
profile = &ccs_default_profile; |
profile = &ccs_default_profile; |
443 |
if (profile == &ccs_default_profile) |
if (profile == &ccs_default_profile) |
444 |
return -EINVAL; |
return -EINVAL; |
445 |
if (!strcmp(data, "COMMENT")) { |
if (!strcmp(data, "COMMENT")) { |
446 |
const struct ccs_path_info *new_comment = ccs_get_name(cp); |
const struct ccs_path_info *old_comment = profile->comment; |
447 |
const struct ccs_path_info *old_comment; |
profile->comment = ccs_get_name(cp); |
|
/* Protect reader from ccs_put_name(). */ |
|
|
spin_lock(&ccs_profile_comment_lock); |
|
|
old_comment = profile->comment; |
|
|
profile->comment = new_comment; |
|
|
spin_unlock(&ccs_profile_comment_lock); |
|
448 |
ccs_put_name(old_comment); |
ccs_put_name(old_comment); |
449 |
return 0; |
return 0; |
450 |
} |
} |
551 |
int i; |
int i; |
552 |
int pos; |
int pos; |
553 |
const struct ccs_profile *profile = ccs_profile_ptr[index]; |
const struct ccs_profile *profile = ccs_profile_ptr[index]; |
554 |
|
const struct ccs_path_info *comment; |
555 |
head->read_step = index; |
head->read_step = index; |
556 |
if (!profile) |
if (!profile) |
557 |
continue; |
continue; |
558 |
pos = head->read_avail; |
pos = head->read_avail; |
559 |
spin_lock(&ccs_profile_comment_lock); |
comment = profile->comment; |
560 |
done = ccs_io_printf(head, "%u-COMMENT=%s\n", index, |
done = ccs_io_printf(head, "%u-COMMENT=%s\n", index, |
561 |
profile->comment ? profile->comment->name |
comment ? comment->name : ""); |
|
: ""); |
|
|
spin_unlock(&ccs_profile_comment_lock); |
|
562 |
if (!done) |
if (!done) |
563 |
goto out; |
goto out; |
564 |
config = profile->default_config; |
config = profile->default_config; |
846 |
if (sscanf(data, "pid=%u", &pid) == 1 || |
if (sscanf(data, "pid=%u", &pid) == 1 || |
847 |
(global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { |
(global_pid = true, sscanf(data, "global-pid=%u", &pid) == 1)) { |
848 |
struct task_struct *p; |
struct task_struct *p; |
849 |
read_lock(&tasklist_lock); |
ccs_tasklist_lock(); |
850 |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24) |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24) |
851 |
if (global_pid) |
if (global_pid) |
852 |
p = find_task_by_pid_ns(pid, &init_pid_ns); |
p = find_task_by_pid_ns(pid, &init_pid_ns); |
857 |
#endif |
#endif |
858 |
if (p) |
if (p) |
859 |
domain = ccs_task_domain(p); |
domain = ccs_task_domain(p); |
860 |
read_unlock(&tasklist_lock); |
ccs_tasklist_unlock(); |
861 |
} else if (!strncmp(data, "domain=", 7)) { |
} else if (!strncmp(data, "domain=", 7)) { |
862 |
if (ccs_is_domain_def(data + 7)) |
if (ccs_is_domain_def(data + 7)) |
863 |
domain = ccs_find_domain(data + 7); |
domain = ccs_find_domain(data + 7); |
1201 |
} |
} |
1202 |
|
|
1203 |
/** |
/** |
1204 |
* ccs_print_path_acl - Print a single path ACL entry. |
* ccs_print_path_acl - Print a path ACL entry. |
1205 |
* |
* |
1206 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
1207 |
* @ptr: Pointer to "struct ccs_path_acl". |
* @ptr: Pointer to "struct ccs_path_acl". |
1594 |
} |
} |
1595 |
if (acl_type == CCS_TYPE_PATH2_ACL) { |
if (acl_type == CCS_TYPE_PATH2_ACL) { |
1596 |
struct ccs_path2_acl *acl |
struct ccs_path2_acl *acl |
1597 |
= container_of(ptr, struct ccs_path2_acl, |
= container_of(ptr, struct ccs_path2_acl, head); |
|
head); |
|
1598 |
return ccs_print_path2_acl(head, acl, cond); |
return ccs_print_path2_acl(head, acl, cond); |
1599 |
} |
} |
1600 |
if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) { |
if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) { |
1601 |
struct ccs_path_number_acl *acl |
struct ccs_path_number_acl *acl |
1602 |
= container_of(ptr, struct ccs_path_number_acl, |
= container_of(ptr, struct ccs_path_number_acl, head); |
|
head); |
|
1603 |
return ccs_print_path_number_acl(head, acl, cond); |
return ccs_print_path_number_acl(head, acl, cond); |
1604 |
} |
} |
1605 |
if (acl_type == CCS_TYPE_ENV_ACL) { |
if (acl_type == CCS_TYPE_ENV_ACL) { |
1609 |
} |
} |
1610 |
if (acl_type == CCS_TYPE_CAPABILITY_ACL) { |
if (acl_type == CCS_TYPE_CAPABILITY_ACL) { |
1611 |
struct ccs_capability_acl *acl |
struct ccs_capability_acl *acl |
1612 |
= container_of(ptr, struct ccs_capability_acl, |
= container_of(ptr, struct ccs_capability_acl, head); |
|
head); |
|
1613 |
return ccs_print_capability_acl(head, acl, cond); |
return ccs_print_capability_acl(head, acl, cond); |
1614 |
} |
} |
1615 |
if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
1616 |
struct ccs_ip_network_acl *acl |
struct ccs_ip_network_acl *acl |
1617 |
= container_of(ptr, struct ccs_ip_network_acl, |
= container_of(ptr, struct ccs_ip_network_acl, head); |
|
head); |
|
1618 |
return ccs_print_network_acl(head, acl, cond); |
return ccs_print_network_acl(head, acl, cond); |
1619 |
} |
} |
1620 |
if (acl_type == CCS_TYPE_SIGNAL_ACL) { |
if (acl_type == CCS_TYPE_SIGNAL_ACL) { |
1795 |
struct ccs_domain_info *domain = NULL; |
struct ccs_domain_info *domain = NULL; |
1796 |
u32 ccs_flags = 0; |
u32 ccs_flags = 0; |
1797 |
/* Accessing write_buf is safe because head->io_sem is held. */ |
/* Accessing write_buf is safe because head->io_sem is held. */ |
1798 |
if (!buf) |
if (!buf) { |
1799 |
|
head->read_eof = true; |
1800 |
return; /* Do nothing if open(O_RDONLY). */ |
return; /* Do nothing if open(O_RDONLY). */ |
1801 |
|
} |
1802 |
if (head->read_avail || head->read_eof) |
if (head->read_avail || head->read_eof) |
1803 |
return; |
return; |
1804 |
head->read_eof = true; |
head->read_eof = true; |
1807 |
if (ccs_str_starts(&buf, "global-pid ")) |
if (ccs_str_starts(&buf, "global-pid ")) |
1808 |
global_pid = true; |
global_pid = true; |
1809 |
pid = (unsigned int) simple_strtoul(buf, NULL, 10); |
pid = (unsigned int) simple_strtoul(buf, NULL, 10); |
1810 |
read_lock(&tasklist_lock); |
ccs_tasklist_lock(); |
1811 |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24) |
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24) |
1812 |
if (global_pid) |
if (global_pid) |
1813 |
p = find_task_by_pid_ns(pid, &init_pid_ns); |
p = find_task_by_pid_ns(pid, &init_pid_ns); |
1820 |
domain = ccs_task_domain(p); |
domain = ccs_task_domain(p); |
1821 |
ccs_flags = p->ccs_flags; |
ccs_flags = p->ccs_flags; |
1822 |
} |
} |
1823 |
read_unlock(&tasklist_lock); |
ccs_tasklist_unlock(); |
1824 |
if (!domain) |
if (!domain) |
1825 |
return; |
return; |
1826 |
if (!task_info) |
if (!task_info) |
2412 |
{ |
{ |
2413 |
if (head->read_eof) |
if (head->read_eof) |
2414 |
return; |
return; |
2415 |
ccs_io_printf(head, "1.7.0"); |
ccs_io_printf(head, "1.7.1"); |
2416 |
head->read_eof = true; |
head->read_eof = true; |
2417 |
} |
} |
2418 |
|
|