| 3 |
* |
* |
| 4 |
* Copyright (C) 2005-2011 NTT DATA CORPORATION |
* Copyright (C) 2005-2011 NTT DATA CORPORATION |
| 5 |
* |
* |
| 6 |
* Version: 1.8.2-rc 2011/06/14 |
* Version: 1.8.3 2011/09/29 |
| 7 |
*/ |
*/ |
| 8 |
|
|
| 9 |
#include "internal.h" |
#include "internal.h" |
| 528 |
struct ccs_domain_info *domain; |
struct ccs_domain_info *domain; |
| 529 |
const int idx = ccs_read_lock(); |
const int idx = ccs_read_lock(); |
| 530 |
ccs_policy_loaded = true; |
ccs_policy_loaded = true; |
| 531 |
printk(KERN_INFO "CCSecurity: 1.8.2-rc 2011/06/14\n"); |
printk(KERN_INFO "CCSecurity: 1.8.3 2011/09/29\n"); |
| 532 |
list_for_each_entry_srcu(domain, &ccs_domain_list, list, &ccs_ss) { |
list_for_each_entry_srcu(domain, &ccs_domain_list, list, &ccs_ss) { |
| 533 |
const u8 profile = domain->profile; |
const u8 profile = domain->profile; |
| 534 |
const struct ccs_policy_namespace *ns = domain->ns; |
const struct ccs_policy_namespace *ns = domain->ns; |
| 773 |
switch (head->r.step) { |
switch (head->r.step) { |
| 774 |
case 0: |
case 0: |
| 775 |
ccs_print_namespace(head); |
ccs_print_namespace(head); |
| 776 |
ccs_io_printf(head, "PROFILE_VERSION=%u\n", 20100903); |
ccs_io_printf(head, "PROFILE_VERSION=%u\n", |
| 777 |
|
ns->profile_version); |
| 778 |
head->r.step++; |
head->r.step++; |
| 779 |
break; |
break; |
| 780 |
case 1: |
case 1: |
| 1167 |
{ "task ", ccs_write_task }, |
{ "task ", ccs_write_task }, |
| 1168 |
}; |
}; |
| 1169 |
u8 i; |
u8 i; |
| 1170 |
for (i = 0; i < 7; i++) { |
for (i = 0; i < ARRAY_SIZE(ccs_callback); i++) { |
| 1171 |
if (!ccs_str_starts(¶m.data, ccs_callback[i].keyword)) |
if (!ccs_str_starts(¶m.data, ccs_callback[i].keyword)) |
| 1172 |
continue; |
continue; |
| 1173 |
return ccs_callback[i].write(¶m); |
return ccs_callback[i].write(¶m); |
| 1383 |
case 0: |
case 0: |
| 1384 |
head->r.cond_index = 0; |
head->r.cond_index = 0; |
| 1385 |
head->r.cond_step++; |
head->r.cond_step++; |
| 1386 |
|
if (cond->transit && cond->exec_transit) { |
| 1387 |
|
ccs_set_space(head); |
| 1388 |
|
ccs_set_string(head, cond->transit->name); |
| 1389 |
|
} |
| 1390 |
/* fall through */ |
/* fall through */ |
| 1391 |
case 1: |
case 1: |
| 1392 |
{ |
{ |
| 1500 |
ccs_io_printf(head, " grant_log=%s", |
ccs_io_printf(head, " grant_log=%s", |
| 1501 |
ccs_yesno(cond->grant_log == |
ccs_yesno(cond->grant_log == |
| 1502 |
CCS_GRANTLOG_YES)); |
CCS_GRANTLOG_YES)); |
| 1503 |
if (cond->transit) { |
if (cond->transit && !cond->exec_transit) { |
| 1504 |
const char *name = cond->transit->name; |
const char *name = cond->transit->name; |
| 1505 |
ccs_set_string(head, " auto_domain_transition=\""); |
ccs_set_string(head, " auto_domain_transition=\""); |
| 1506 |
ccs_set_string(head, name); |
ccs_set_string(head, name); |
| 1809 |
if (!ccs_read_domain2(head, &domain->acl_info_list)) |
if (!ccs_read_domain2(head, &domain->acl_info_list)) |
| 1810 |
return; |
return; |
| 1811 |
head->r.step++; |
head->r.step++; |
|
/* fall through */ |
|
|
case 2: |
|
| 1812 |
if (!ccs_set_lf(head)) |
if (!ccs_set_lf(head)) |
| 1813 |
return; |
return; |
| 1814 |
|
/* fall through */ |
| 1815 |
|
case 2: |
| 1816 |
head->r.step = 0; |
head->r.step = 0; |
| 1817 |
if (head->r.print_this_domain_only) |
if (head->r.print_this_domain_only) |
| 1818 |
goto done; |
goto done; |
| 1823 |
} |
} |
| 1824 |
|
|
| 1825 |
/** |
/** |
|
* ccs_write_domain_profile - Assign profile for specified domain. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* |
|
|
* Returns 0 on success, -EINVAL otherwise. |
|
|
* |
|
|
* This is equivalent to doing |
|
|
* |
|
|
* ( echo "select " $domainname; echo "use_profile " $profile ) | |
|
|
* /usr/sbin/ccs-loadpolicy -d |
|
|
* |
|
|
* Caller holds ccs_read_lock(). |
|
|
*/ |
|
|
static int ccs_write_domain_profile(struct ccs_io_buffer *head) |
|
|
{ |
|
|
char *data = head->write_buf; |
|
|
char *cp = strchr(data, ' '); |
|
|
struct ccs_domain_info *domain; |
|
|
unsigned int profile; |
|
|
if (!cp) |
|
|
return -EINVAL; |
|
|
*cp = '\0'; |
|
|
profile = simple_strtoul(data, NULL, 10); |
|
|
if (profile >= CCS_MAX_PROFILES) |
|
|
return -EINVAL; |
|
|
domain = ccs_find_domain(cp + 1); |
|
|
if (domain && (!ccs_policy_loaded || |
|
|
head->w.ns->profile_ptr[(u8) profile])) |
|
|
domain->profile = (u8) profile; |
|
|
return 0; |
|
|
} |
|
|
|
|
|
/** |
|
|
* ccs_read_domain_profile - Read only domainname and profile. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* |
|
|
* Returns nothing. |
|
|
* |
|
|
* This is equivalent to doing |
|
|
* |
|
|
* grep -A 1 '^<kernel>' /proc/ccs/domain_policy | |
|
|
* awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" ) |
|
|
* domainname = $0; } else if ( $1 == "use_profile" ) { |
|
|
* print $2 " " domainname; domainname = ""; } } ; ' |
|
|
* |
|
|
* Caller holds ccs_read_lock(). |
|
|
*/ |
|
|
static void ccs_read_domain_profile(struct ccs_io_buffer *head) |
|
|
{ |
|
|
if (head->r.eof) |
|
|
return; |
|
|
list_for_each_cookie(head->r.domain, &ccs_domain_list) { |
|
|
struct ccs_domain_info *domain = |
|
|
list_entry(head->r.domain, typeof(*domain), list); |
|
|
if (domain->is_deleted) |
|
|
continue; |
|
|
if (!ccs_flush(head)) |
|
|
return; |
|
|
ccs_io_printf(head, "%u ", domain->profile); |
|
|
ccs_set_string(head, domain->domainname->name); |
|
|
ccs_set_lf(head); |
|
|
} |
|
|
head->r.eof = true; |
|
|
} |
|
|
|
|
|
/** |
|
| 1826 |
* ccs_write_pid - Specify PID to obtain domainname. |
* ccs_write_pid - Specify PID to obtain domainname. |
| 1827 |
* |
* |
| 1828 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 2475 |
{ |
{ |
| 2476 |
if (head->r.eof) |
if (head->r.eof) |
| 2477 |
return; |
return; |
| 2478 |
ccs_set_string(head, "1.8.2-rc"); |
ccs_set_string(head, "1.8.3"); |
| 2479 |
head->r.eof = true; |
head->r.eof = true; |
| 2480 |
} |
} |
| 2481 |
|
|
| 2571 |
u8 i; |
u8 i; |
| 2572 |
if (ccs_str_starts(&data, "Memory used by ")) |
if (ccs_str_starts(&data, "Memory used by ")) |
| 2573 |
for (i = 0; i < CCS_MAX_MEMORY_STAT; i++) |
for (i = 0; i < CCS_MAX_MEMORY_STAT; i++) |
| 2574 |
if (ccs_str_starts(&data, ccs_memory_headers[i])) |
if (ccs_str_starts(&data, ccs_memory_headers[i])) { |
| 2575 |
|
if (*data == ' ') |
| 2576 |
|
data++; |
| 2577 |
ccs_memory_quota[i] = |
ccs_memory_quota[i] = |
| 2578 |
simple_strtoul(data, NULL, 10); |
simple_strtoul(data, NULL, 10); |
| 2579 |
|
} |
| 2580 |
return 0; |
return 0; |
| 2581 |
} |
} |
| 2582 |
|
|
| 2731 |
case CCS_AUDIT: |
case CCS_AUDIT: |
| 2732 |
ccs_read_log(head); |
ccs_read_log(head); |
| 2733 |
break; |
break; |
|
case CCS_DOMAIN_STATUS: |
|
|
ccs_read_domain_profile(head); |
|
|
break; |
|
| 2734 |
case CCS_EXECUTE_HANDLER: |
case CCS_EXECUTE_HANDLER: |
| 2735 |
case CCS_PROCESS_STATUS: |
case CCS_PROCESS_STATUS: |
| 2736 |
ccs_read_pid(head); |
ccs_read_pid(head); |
| 2796 |
return ccs_write_domain(head); |
return ccs_write_domain(head); |
| 2797 |
case CCS_EXCEPTIONPOLICY: |
case CCS_EXCEPTIONPOLICY: |
| 2798 |
return ccs_write_exception(head); |
return ccs_write_exception(head); |
|
case CCS_DOMAIN_STATUS: |
|
|
return ccs_write_domain_profile(head); |
|
| 2799 |
case CCS_EXECUTE_HANDLER: |
case CCS_EXECUTE_HANDLER: |
| 2800 |
case CCS_PROCESS_STATUS: |
case CCS_PROCESS_STATUS: |
| 2801 |
return ccs_write_pid(head); |
return ccs_write_pid(head); |
| 2897 |
switch (head->type) { |
switch (head->type) { |
| 2898 |
case CCS_DOMAINPOLICY: |
case CCS_DOMAINPOLICY: |
| 2899 |
case CCS_EXCEPTIONPOLICY: |
case CCS_EXCEPTIONPOLICY: |
|
case CCS_DOMAIN_STATUS: |
|
| 2900 |
case CCS_STAT: |
case CCS_STAT: |
| 2901 |
case CCS_PROFILE: |
case CCS_PROFILE: |
| 2902 |
case CCS_MANAGER: |
case CCS_MANAGER: |
TOMOYO
Parent Directory
Revision Log
Patch