3 |
* |
* |
4 |
* Copyright (C) 2005-2011 NTT DATA CORPORATION |
* Copyright (C) 2005-2011 NTT DATA CORPORATION |
5 |
* |
* |
6 |
* Version: 1.8.2 2011/06/20 |
* Version: 1.8.3 2011/09/29 |
7 |
*/ |
*/ |
8 |
|
|
9 |
#include "internal.h" |
#include "internal.h" |
528 |
struct ccs_domain_info *domain; |
struct ccs_domain_info *domain; |
529 |
const int idx = ccs_read_lock(); |
const int idx = ccs_read_lock(); |
530 |
ccs_policy_loaded = true; |
ccs_policy_loaded = true; |
531 |
printk(KERN_INFO "CCSecurity: 1.8.2 2011/06/20\n"); |
printk(KERN_INFO "CCSecurity: 1.8.3 2011/09/29\n"); |
532 |
list_for_each_entry_srcu(domain, &ccs_domain_list, list, &ccs_ss) { |
list_for_each_entry_srcu(domain, &ccs_domain_list, list, &ccs_ss) { |
533 |
const u8 profile = domain->profile; |
const u8 profile = domain->profile; |
534 |
const struct ccs_policy_namespace *ns = domain->ns; |
const struct ccs_policy_namespace *ns = domain->ns; |
1167 |
{ "task ", ccs_write_task }, |
{ "task ", ccs_write_task }, |
1168 |
}; |
}; |
1169 |
u8 i; |
u8 i; |
1170 |
for (i = 0; i < 7; i++) { |
for (i = 0; i < ARRAY_SIZE(ccs_callback); i++) { |
1171 |
if (!ccs_str_starts(¶m.data, ccs_callback[i].keyword)) |
if (!ccs_str_starts(¶m.data, ccs_callback[i].keyword)) |
1172 |
continue; |
continue; |
1173 |
return ccs_callback[i].write(¶m); |
return ccs_callback[i].write(¶m); |
1383 |
case 0: |
case 0: |
1384 |
head->r.cond_index = 0; |
head->r.cond_index = 0; |
1385 |
head->r.cond_step++; |
head->r.cond_step++; |
1386 |
|
if (cond->transit && cond->exec_transit) { |
1387 |
|
ccs_set_space(head); |
1388 |
|
ccs_set_string(head, cond->transit->name); |
1389 |
|
} |
1390 |
/* fall through */ |
/* fall through */ |
1391 |
case 1: |
case 1: |
1392 |
{ |
{ |
1500 |
ccs_io_printf(head, " grant_log=%s", |
ccs_io_printf(head, " grant_log=%s", |
1501 |
ccs_yesno(cond->grant_log == |
ccs_yesno(cond->grant_log == |
1502 |
CCS_GRANTLOG_YES)); |
CCS_GRANTLOG_YES)); |
1503 |
if (cond->transit) { |
if (cond->transit && !cond->exec_transit) { |
1504 |
const char *name = cond->transit->name; |
const char *name = cond->transit->name; |
1505 |
ccs_set_string(head, " auto_domain_transition=\""); |
ccs_set_string(head, " auto_domain_transition=\""); |
1506 |
ccs_set_string(head, name); |
ccs_set_string(head, name); |
1823 |
} |
} |
1824 |
|
|
1825 |
/** |
/** |
|
* ccs_write_domain_profile - Assign profile for specified domain. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* |
|
|
* Returns 0 on success, -EINVAL otherwise. |
|
|
* |
|
|
* This is equivalent to doing |
|
|
* |
|
|
* ( echo "select " $domainname; echo "use_profile " $profile ) | |
|
|
* /usr/sbin/ccs-loadpolicy -d |
|
|
* |
|
|
* Caller holds ccs_read_lock(). |
|
|
*/ |
|
|
static int ccs_write_domain_profile(struct ccs_io_buffer *head) |
|
|
{ |
|
|
char *data = head->write_buf; |
|
|
char *cp = strchr(data, ' '); |
|
|
struct ccs_domain_info *domain; |
|
|
unsigned int profile; |
|
|
if (!cp) |
|
|
return -EINVAL; |
|
|
*cp = '\0'; |
|
|
profile = simple_strtoul(data, NULL, 10); |
|
|
if (profile >= CCS_MAX_PROFILES) |
|
|
return -EINVAL; |
|
|
domain = ccs_find_domain(cp + 1); |
|
|
if (domain && (!ccs_policy_loaded || |
|
|
head->w.ns->profile_ptr[(u8) profile])) |
|
|
domain->profile = (u8) profile; |
|
|
return 0; |
|
|
} |
|
|
|
|
|
/** |
|
|
* ccs_read_domain_profile - Read only domainname and profile. |
|
|
* |
|
|
* @head: Pointer to "struct ccs_io_buffer". |
|
|
* |
|
|
* Returns nothing. |
|
|
* |
|
|
* This is equivalent to doing |
|
|
* |
|
|
* grep -A 1 '^<kernel>' /proc/ccs/domain_policy | |
|
|
* awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" ) |
|
|
* domainname = $0; } else if ( $1 == "use_profile" ) { |
|
|
* print $2 " " domainname; domainname = ""; } } ; ' |
|
|
* |
|
|
* Caller holds ccs_read_lock(). |
|
|
*/ |
|
|
static void ccs_read_domain_profile(struct ccs_io_buffer *head) |
|
|
{ |
|
|
if (head->r.eof) |
|
|
return; |
|
|
list_for_each_cookie(head->r.domain, &ccs_domain_list) { |
|
|
struct ccs_domain_info *domain = |
|
|
list_entry(head->r.domain, typeof(*domain), list); |
|
|
if (domain->is_deleted) |
|
|
continue; |
|
|
if (!ccs_flush(head)) |
|
|
return; |
|
|
ccs_io_printf(head, "%u ", domain->profile); |
|
|
ccs_set_string(head, domain->domainname->name); |
|
|
ccs_set_lf(head); |
|
|
} |
|
|
head->r.eof = true; |
|
|
} |
|
|
|
|
|
/** |
|
1826 |
* ccs_write_pid - Specify PID to obtain domainname. |
* ccs_write_pid - Specify PID to obtain domainname. |
1827 |
* |
* |
1828 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
2475 |
{ |
{ |
2476 |
if (head->r.eof) |
if (head->r.eof) |
2477 |
return; |
return; |
2478 |
ccs_set_string(head, "1.8.2"); |
ccs_set_string(head, "1.8.3"); |
2479 |
head->r.eof = true; |
head->r.eof = true; |
2480 |
} |
} |
2481 |
|
|
2571 |
u8 i; |
u8 i; |
2572 |
if (ccs_str_starts(&data, "Memory used by ")) |
if (ccs_str_starts(&data, "Memory used by ")) |
2573 |
for (i = 0; i < CCS_MAX_MEMORY_STAT; i++) |
for (i = 0; i < CCS_MAX_MEMORY_STAT; i++) |
2574 |
if (ccs_str_starts(&data, ccs_memory_headers[i])) |
if (ccs_str_starts(&data, ccs_memory_headers[i])) { |
2575 |
|
if (*data == ' ') |
2576 |
|
data++; |
2577 |
ccs_memory_quota[i] = |
ccs_memory_quota[i] = |
2578 |
simple_strtoul(data, NULL, 10); |
simple_strtoul(data, NULL, 10); |
2579 |
|
} |
2580 |
return 0; |
return 0; |
2581 |
} |
} |
2582 |
|
|
2731 |
case CCS_AUDIT: |
case CCS_AUDIT: |
2732 |
ccs_read_log(head); |
ccs_read_log(head); |
2733 |
break; |
break; |
|
case CCS_DOMAIN_STATUS: |
|
|
ccs_read_domain_profile(head); |
|
|
break; |
|
2734 |
case CCS_EXECUTE_HANDLER: |
case CCS_EXECUTE_HANDLER: |
2735 |
case CCS_PROCESS_STATUS: |
case CCS_PROCESS_STATUS: |
2736 |
ccs_read_pid(head); |
ccs_read_pid(head); |
2796 |
return ccs_write_domain(head); |
return ccs_write_domain(head); |
2797 |
case CCS_EXCEPTIONPOLICY: |
case CCS_EXCEPTIONPOLICY: |
2798 |
return ccs_write_exception(head); |
return ccs_write_exception(head); |
|
case CCS_DOMAIN_STATUS: |
|
|
return ccs_write_domain_profile(head); |
|
2799 |
case CCS_EXECUTE_HANDLER: |
case CCS_EXECUTE_HANDLER: |
2800 |
case CCS_PROCESS_STATUS: |
case CCS_PROCESS_STATUS: |
2801 |
return ccs_write_pid(head); |
return ccs_write_pid(head); |
2897 |
switch (head->type) { |
switch (head->type) { |
2898 |
case CCS_DOMAINPOLICY: |
case CCS_DOMAINPOLICY: |
2899 |
case CCS_EXCEPTIONPOLICY: |
case CCS_EXCEPTIONPOLICY: |
|
case CCS_DOMAIN_STATUS: |
|
2900 |
case CCS_STAT: |
case CCS_STAT: |
2901 |
case CCS_PROFILE: |
case CCS_PROFILE: |
2902 |
case CCS_MANAGER: |
case CCS_MANAGER: |