| 42 |
[CCS_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 }, |
[CCS_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 }, |
| 43 |
[CCS_MAC_FOR_SIGNAL] = { "MAC_FOR_SIGNAL", 0, 3 }, |
[CCS_MAC_FOR_SIGNAL] = { "MAC_FOR_SIGNAL", 0, 3 }, |
| 44 |
[CCS_MAC_FOR_NAMESPACE] = { "MAC_FOR_NAMESPACE", 0, 3 }, |
[CCS_MAC_FOR_NAMESPACE] = { "MAC_FOR_NAMESPACE", 0, 3 }, |
| 45 |
|
[CCS_MAC_FOR_CAPABILITY] = { "MAC_FOR_CAPABILITY", 0, 3 }, |
| 46 |
[CCS_RESTRICT_AUTOBIND] = { "RESTRICT_AUTOBIND", 0, 1 }, |
[CCS_RESTRICT_AUTOBIND] = { "RESTRICT_AUTOBIND", 0, 1 }, |
| 47 |
[CCS_MAX_ACCEPT_ENTRY] |
[CCS_MAX_ACCEPT_ENTRY] |
| 48 |
= { "MAX_ACCEPT_ENTRY", CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY, INT_MAX }, |
= { "MAX_ACCEPT_ENTRY", CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY, INT_MAX }, |
| 182 |
ccs_profile_entry_used[0] = true; |
ccs_profile_entry_used[0] = true; |
| 183 |
return 0; |
return 0; |
| 184 |
} |
} |
| 185 |
if (ccs_str_starts(&data, CCS_KEYWORD_MAC_FOR_CAPABILITY)) { |
if (!strcmp(data, CCS_KEYWORD_CAPABILITIES)) { |
| 186 |
if (sscanf(cp + 1, "%u", &value) != 1) { |
unsigned char capabilities[CCS_MAX_CAPABILITY_INDEX]; |
| 187 |
for (i = 0; i < 4; i++) { |
memset(capabilities, 0, sizeof(capabilities)); |
| 188 |
if (strcmp(cp + 1, ccs_mode_4[i])) |
cp++; |
| 189 |
|
while (1) { |
| 190 |
|
char *cp2 = strchr(cp, ' '); |
| 191 |
|
if (cp2) |
| 192 |
|
*cp2 = '\0'; |
| 193 |
|
for (i = 0; i < CCS_MAX_CAPABILITY_INDEX; i++) { |
| 194 |
|
if (strcmp(cp, ccs_capability_list[i])) |
| 195 |
continue; |
continue; |
| 196 |
value = i; |
capabilities[i] = 1; |
|
break; |
|
| 197 |
} |
} |
| 198 |
if (i == 4) |
if (!cp2) |
| 199 |
return -EINVAL; |
break; |
| 200 |
} |
cp = cp2 + 1; |
|
if (value > 3) |
|
|
value = 3; |
|
|
for (i = 0; i < CCS_MAX_CAPABILITY_INDEX; i++) { |
|
|
if (strcmp(data, ccs_capability_control_keyword[i])) |
|
|
continue; |
|
|
ccs_profile->capability_value[i] = value; |
|
|
ccs_profile_entry_used[i + 1 + CCS_MAX_CONTROL_INDEX] |
|
|
= true; |
|
|
return 0; |
|
| 201 |
} |
} |
| 202 |
return -EINVAL; |
for (i = 0; i < CCS_MAX_CAPABILITY_INDEX; i++) |
| 203 |
|
ccs_profile->enabled_capabilities[i] = capabilities[i]; |
| 204 |
|
return 0; |
| 205 |
} |
} |
| 206 |
for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++) { |
for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++) { |
| 207 |
if (strcmp(data, ccs_control_array[i].keyword)) |
if (strcmp(data, ccs_control_array[i].keyword)) |
| 238 |
return -EINVAL; |
return -EINVAL; |
| 239 |
} |
} |
| 240 |
|
|
| 241 |
|
static bool ccs_print_capability_list(struct ccs_io_buffer *head, u8 index) |
| 242 |
|
{ |
| 243 |
|
const int pos = head->read_avail; |
| 244 |
|
int i; |
| 245 |
|
const struct ccs_profile *ccs_profile = ccs_profile_ptr[index]; |
| 246 |
|
if (!ccs_io_printf(head, "%u-" CCS_KEYWORD_CAPABILITIES "={", index)) |
| 247 |
|
return false; |
| 248 |
|
for (i = 0; i < CCS_MAX_CAPABILITY_INDEX; i++) { |
| 249 |
|
if (!ccs_profile->enabled_capabilities[i]) |
| 250 |
|
continue; |
| 251 |
|
if (!ccs_io_printf(head, " %s", ccs_capability_list[i])) |
| 252 |
|
goto out; |
| 253 |
|
} |
| 254 |
|
if (!ccs_io_printf(head, " }\n")) |
| 255 |
|
goto out; |
| 256 |
|
return true; |
| 257 |
|
out: |
| 258 |
|
head->read_avail = pos; |
| 259 |
|
return false; |
| 260 |
|
} |
| 261 |
|
|
| 262 |
/** |
/** |
| 263 |
* ccs_read_profile - Read profile table. |
* ccs_read_profile - Read profile table. |
| 264 |
* |
* |
| 268 |
*/ |
*/ |
| 269 |
static int ccs_read_profile(struct ccs_io_buffer *head) |
static int ccs_read_profile(struct ccs_io_buffer *head) |
| 270 |
{ |
{ |
| 271 |
static const int ccs_total |
static const int ccs_total = CCS_MAX_CONTROL_INDEX + 2; |
|
= CCS_MAX_CONTROL_INDEX + CCS_MAX_CAPABILITY_INDEX + 1; |
|
| 272 |
int step; |
int step; |
| 273 |
if (head->read_eof) |
if (head->read_eof) |
| 274 |
return 0; |
return 0; |
| 295 |
break; |
break; |
| 296 |
continue; |
continue; |
| 297 |
} |
} |
| 298 |
type--; |
if (type == 1) { |
| 299 |
if (type >= CCS_MAX_CONTROL_INDEX) { |
if (!ccs_print_capability_list(head, index)) |
|
const int i = type - CCS_MAX_CONTROL_INDEX; |
|
|
const u8 value = ccs_profile->capability_value[i]; |
|
|
if (!ccs_io_printf(head, |
|
|
"%u-" CCS_KEYWORD_MAC_FOR_CAPABILITY |
|
|
"%s=%s\n", index, |
|
|
ccs_capability_control_keyword[i], |
|
|
ccs_mode_4[value])) |
|
| 300 |
break; |
break; |
| 301 |
} else { |
continue; |
| 302 |
|
} |
| 303 |
|
type -= 2; |
| 304 |
|
{ |
| 305 |
const unsigned int value = ccs_profile->value[type]; |
const unsigned int value = ccs_profile->value[type]; |
| 306 |
const char **modes = NULL; |
const char **modes = NULL; |
| 307 |
const char *keyword = ccs_control_array[type].keyword; |
const char *keyword = ccs_control_array[type].keyword; |
TOMOYO
Parent Directory
Revision Log
Patch