| 18 |
/* Profile table. Memory is allocated as needed. */ |
/* Profile table. Memory is allocated as needed. */ |
| 19 |
static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES]; |
static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES]; |
| 20 |
|
|
| 21 |
/* String table for functionality that takes 4 modes. */ |
/* String table for operation mode. */ |
| 22 |
const char * const ccs_mode[CCS_CONFIG_MAX_MODE] = { |
const char * const ccs_mode[CCS_CONFIG_MAX_MODE] = { |
| 23 |
[CCS_CONFIG_DISABLED] = "disabled", |
[CCS_CONFIG_DISABLED] = "disabled", |
| 24 |
[CCS_CONFIG_LEARNING] = "learning", |
[CCS_CONFIG_LEARNING] = "learning", |
| 26 |
[CCS_CONFIG_ENFORCING] = "enforcing" |
[CCS_CONFIG_ENFORCING] = "enforcing" |
| 27 |
}; |
}; |
| 28 |
|
|
| 29 |
/* String table for /proc/ccs/profile */ |
/* String table for /proc/ccs/profile interface. */ |
| 30 |
const char * const ccs_mac_keywords[CCS_MAX_MAC_INDEX |
const char * const ccs_mac_keywords[CCS_MAX_MAC_INDEX |
| 31 |
+ CCS_MAX_MAC_CATEGORY_INDEX] = { |
+ CCS_MAX_MAC_CATEGORY_INDEX] = { |
| 32 |
|
/* CONFIG::file group */ |
| 33 |
[CCS_MAC_FILE_EXECUTE] = "execute", |
[CCS_MAC_FILE_EXECUTE] = "execute", |
| 34 |
[CCS_MAC_FILE_OPEN] = "open", |
[CCS_MAC_FILE_OPEN] = "open", |
| 35 |
[CCS_MAC_FILE_CREATE] = "create", |
[CCS_MAC_FILE_CREATE] = "create", |
| 52 |
[CCS_MAC_FILE_MOUNT] = "mount", |
[CCS_MAC_FILE_MOUNT] = "mount", |
| 53 |
[CCS_MAC_FILE_UMOUNT] = "unmount", |
[CCS_MAC_FILE_UMOUNT] = "unmount", |
| 54 |
[CCS_MAC_FILE_PIVOT_ROOT] = "pivot_root", |
[CCS_MAC_FILE_PIVOT_ROOT] = "pivot_root", |
| 55 |
|
/* CONFIG::misc group */ |
| 56 |
[CCS_MAC_ENVIRON] = "env", |
[CCS_MAC_ENVIRON] = "env", |
| 57 |
|
/* CONFIG::network group */ |
| 58 |
[CCS_MAC_NETWORK_INET_STREAM_BIND] = "inet_stream_bind", |
[CCS_MAC_NETWORK_INET_STREAM_BIND] = "inet_stream_bind", |
| 59 |
[CCS_MAC_NETWORK_INET_STREAM_LISTEN] = "inet_stream_listen", |
[CCS_MAC_NETWORK_INET_STREAM_LISTEN] = "inet_stream_listen", |
| 60 |
[CCS_MAC_NETWORK_INET_STREAM_CONNECT] = "inet_stream_connect", |
[CCS_MAC_NETWORK_INET_STREAM_CONNECT] = "inet_stream_connect", |
| 76 |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_LISTEN] = "unix_seqpacket_listen", |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_LISTEN] = "unix_seqpacket_listen", |
| 77 |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] = "unix_seqpacket_connect", |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] = "unix_seqpacket_connect", |
| 78 |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_ACCEPT] = "unix_seqpacket_accept", |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_ACCEPT] = "unix_seqpacket_accept", |
| 79 |
|
/* CONFIG::ipc group */ |
| 80 |
[CCS_MAC_SIGNAL] = "signal", |
[CCS_MAC_SIGNAL] = "signal", |
| 81 |
|
/* CONFIG::capability group */ |
| 82 |
[CCS_MAC_CAPABILITY_USE_ROUTE_SOCKET] = "use_route", |
[CCS_MAC_CAPABILITY_USE_ROUTE_SOCKET] = "use_route", |
| 83 |
[CCS_MAC_CAPABILITY_USE_PACKET_SOCKET] = "use_packet", |
[CCS_MAC_CAPABILITY_USE_PACKET_SOCKET] = "use_packet", |
| 84 |
[CCS_MAC_CAPABILITY_SYS_REBOOT] = "SYS_REBOOT", |
[CCS_MAC_CAPABILITY_SYS_REBOOT] = "SYS_REBOOT", |
| 89 |
[CCS_MAC_CAPABILITY_USE_KERNEL_MODULE] = "use_kernel_module", |
[CCS_MAC_CAPABILITY_USE_KERNEL_MODULE] = "use_kernel_module", |
| 90 |
[CCS_MAC_CAPABILITY_SYS_KEXEC_LOAD] = "SYS_KEXEC_LOAD", |
[CCS_MAC_CAPABILITY_SYS_KEXEC_LOAD] = "SYS_KEXEC_LOAD", |
| 91 |
[CCS_MAC_CAPABILITY_SYS_PTRACE] = "SYS_PTRACE", |
[CCS_MAC_CAPABILITY_SYS_PTRACE] = "SYS_PTRACE", |
| 92 |
|
/* CONFIG group */ |
| 93 |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_FILE] = "file", |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_FILE] = "file", |
| 94 |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_NETWORK] = "network", |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_NETWORK] = "network", |
| 95 |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_MISC] = "misc", |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_MISC] = "misc", |
| 97 |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_CAPABILITY] = "capability", |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_CAPABILITY] = "capability", |
| 98 |
}; |
}; |
| 99 |
|
|
| 100 |
|
/* String table for path operation. */ |
| 101 |
const char * const ccs_path_keyword[CCS_MAX_PATH_OPERATION] = { |
const char * const ccs_path_keyword[CCS_MAX_PATH_OPERATION] = { |
| 102 |
[CCS_TYPE_EXECUTE] = "execute", |
[CCS_TYPE_EXECUTE] = "execute", |
| 103 |
[CCS_TYPE_READ] = "read", |
[CCS_TYPE_READ] = "read", |
| 111 |
[CCS_TYPE_UMOUNT] = "unmount", |
[CCS_TYPE_UMOUNT] = "unmount", |
| 112 |
}; |
}; |
| 113 |
|
|
| 114 |
|
/* String table for categories. */ |
| 115 |
static const char * const ccs_category_keywords[CCS_MAX_MAC_CATEGORY_INDEX] = { |
static const char * const ccs_category_keywords[CCS_MAX_MAC_CATEGORY_INDEX] = { |
| 116 |
[CCS_MAC_CATEGORY_FILE] = "file", |
[CCS_MAC_CATEGORY_FILE] = "file", |
| 117 |
[CCS_MAC_CATEGORY_NETWORK] = "network", |
[CCS_MAC_CATEGORY_NETWORK] = "network", |
| 120 |
[CCS_MAC_CATEGORY_CAPABILITY] = "capability", |
[CCS_MAC_CATEGORY_CAPABILITY] = "capability", |
| 121 |
}; |
}; |
| 122 |
|
|
| 123 |
|
/* String table for conditions. */ |
| 124 |
const char * const ccs_condition_keyword[CCS_MAX_CONDITION_KEYWORD] = { |
const char * const ccs_condition_keyword[CCS_MAX_CONDITION_KEYWORD] = { |
| 125 |
[CCS_TASK_UID] = "task.uid", |
[CCS_TASK_UID] = "task.uid", |
| 126 |
[CCS_TASK_EUID] = "task.euid", |
[CCS_TASK_EUID] = "task.euid", |
| 185 |
[CCS_PATH2_PARENT_PERM] = "path2.parent.perm", |
[CCS_PATH2_PARENT_PERM] = "path2.parent.perm", |
| 186 |
}; |
}; |
| 187 |
|
|
| 188 |
|
/* String table for PREFERENCE keyword. */ |
| 189 |
static const char * const ccs_pref_keywords[CCS_MAX_PREF] = { |
static const char * const ccs_pref_keywords[CCS_MAX_PREF] = { |
| 190 |
[CCS_PREF_MAX_GRANT_LOG] = "max_grant_log", |
[CCS_PREF_MAX_GRANT_LOG] = "max_grant_log", |
| 191 |
[CCS_PREF_MAX_REJECT_LOG] = "max_reject_log", |
[CCS_PREF_MAX_REJECT_LOG] = "max_reject_log", |
| 200 |
* ccs_yesno - Return "yes" or "no". |
* ccs_yesno - Return "yes" or "no". |
| 201 |
* |
* |
| 202 |
* @value: Bool value. |
* @value: Bool value. |
| 203 |
|
* |
| 204 |
|
* Returns "yes" if @value is not 0, "no" otherwise. |
| 205 |
*/ |
*/ |
| 206 |
static const char *ccs_yesno(const unsigned int value) |
static const char *ccs_yesno(const unsigned int value) |
| 207 |
{ |
{ |
| 208 |
return value ? "yes" : "no"; |
return value ? "yes" : "no"; |
| 209 |
} |
} |
| 210 |
|
|
| 211 |
|
/* Prototype fpr ccs_addprintf(). */ |
| 212 |
static void ccs_addprintf(char *buffer, int len, const char *fmt, ...) |
static void ccs_addprintf(char *buffer, int len, const char *fmt, ...) |
| 213 |
__attribute__ ((format(printf, 3, 4))); |
__attribute__ ((format(printf, 3, 4))); |
| 214 |
|
|
| 215 |
|
/** |
| 216 |
|
* ccs_addprintf - snprint()-like-strncat(). |
| 217 |
|
* |
| 218 |
|
* @buffer: Buffer to write to. Must be '\0'-terminated. |
| 219 |
|
* @len: Size of @buffer. |
| 220 |
|
* @fmt: The printf()'s format string, followed by parameters. |
| 221 |
|
* |
| 222 |
|
* Returns nothing. |
| 223 |
|
*/ |
| 224 |
static void ccs_addprintf(char *buffer, int len, const char *fmt, ...) |
static void ccs_addprintf(char *buffer, int len, const char *fmt, ...) |
| 225 |
{ |
{ |
| 226 |
va_list args; |
va_list args; |
| 233 |
/** |
/** |
| 234 |
* ccs_flush - Flush queued string to userspace's buffer. |
* ccs_flush - Flush queued string to userspace's buffer. |
| 235 |
* |
* |
| 236 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 237 |
* |
* |
| 238 |
* Returns true if all data was flushed, false otherwise. |
* Returns true if all data was flushed, false otherwise. |
| 239 |
*/ |
*/ |
| 282 |
* Note that @string has to be kept valid until @head is kfree()d. |
* Note that @string has to be kept valid until @head is kfree()d. |
| 283 |
* This means that char[] allocated on stack memory cannot be passed to |
* This means that char[] allocated on stack memory cannot be passed to |
| 284 |
* this function. Use ccs_io_printf() for char[] allocated on stack memory. |
* this function. Use ccs_io_printf() for char[] allocated on stack memory. |
| 285 |
|
* |
| 286 |
|
* Returns nothing. |
| 287 |
*/ |
*/ |
| 288 |
static void ccs_set_string(struct ccs_io_buffer *head, const char *string) |
static void ccs_set_string(struct ccs_io_buffer *head, const char *string) |
| 289 |
{ |
{ |
| 299 |
* |
* |
| 300 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 301 |
* @fmt: The printf()'s format string, followed by parameters. |
* @fmt: The printf()'s format string, followed by parameters. |
| 302 |
|
* |
| 303 |
|
* Returns nothing. |
| 304 |
*/ |
*/ |
| 305 |
void ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...) |
void ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...) |
| 306 |
{ |
{ |
| 321 |
ccs_set_string(head, head->read_buf + pos); |
ccs_set_string(head, head->read_buf + pos); |
| 322 |
} |
} |
| 323 |
|
|
| 324 |
|
/** |
| 325 |
|
* ccs_set_space - Put a space to "struct ccs_io_buffer" structure. |
| 326 |
|
* |
| 327 |
|
* @head: Pointer to "struct ccs_io_buffer". |
| 328 |
|
* |
| 329 |
|
* Returns nothing. |
| 330 |
|
*/ |
| 331 |
static void ccs_set_space(struct ccs_io_buffer *head) |
static void ccs_set_space(struct ccs_io_buffer *head) |
| 332 |
{ |
{ |
| 333 |
ccs_set_string(head, " "); |
ccs_set_string(head, " "); |
| 334 |
} |
} |
| 335 |
|
|
| 336 |
|
/** |
| 337 |
|
* ccs_set_lf - Put a line feed to "struct ccs_io_buffer" structure. |
| 338 |
|
* |
| 339 |
|
* @head: Pointer to "struct ccs_io_buffer". |
| 340 |
|
* |
| 341 |
|
* Returns nothing. |
| 342 |
|
*/ |
| 343 |
static bool ccs_set_lf(struct ccs_io_buffer *head) |
static bool ccs_set_lf(struct ccs_io_buffer *head) |
| 344 |
{ |
{ |
| 345 |
ccs_set_string(head, "\n"); |
ccs_set_string(head, "\n"); |
| 390 |
|
|
| 391 |
/** |
/** |
| 392 |
* ccs_check_profile - Check all profiles currently assigned to domains are defined. |
* ccs_check_profile - Check all profiles currently assigned to domains are defined. |
| 393 |
|
* |
| 394 |
|
* Returns nothing. |
| 395 |
*/ |
*/ |
| 396 |
static void ccs_check_profile(void) |
static void ccs_check_profile(void) |
| 397 |
{ |
{ |
| 438 |
return ptr; |
return ptr; |
| 439 |
} |
} |
| 440 |
|
|
| 441 |
|
/** |
| 442 |
|
* ccs_find_yesno - Find values for specified keyword. |
| 443 |
|
* |
| 444 |
|
* @string: String to check. |
| 445 |
|
* @find: Name of keyword. |
| 446 |
|
* |
| 447 |
|
* Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise. |
| 448 |
|
*/ |
| 449 |
static s8 ccs_find_yesno(const char *string, const char *find) |
static s8 ccs_find_yesno(const char *string, const char *find) |
| 450 |
{ |
{ |
| 451 |
const char *cp = strstr(string, find); |
const char *cp = strstr(string, find); |
| 459 |
return -1; |
return -1; |
| 460 |
} |
} |
| 461 |
|
|
| 462 |
|
/** |
| 463 |
|
* ccs_set_uint - Set value for specified preference. |
| 464 |
|
* |
| 465 |
|
* @i: Pointer to "unsigned int". |
| 466 |
|
* @string: String to check. |
| 467 |
|
* @find: Name of keyword. |
| 468 |
|
* |
| 469 |
|
* Returns nothing. |
| 470 |
|
*/ |
| 471 |
static void ccs_set_uint(unsigned int *i, const char *string, const char *find) |
static void ccs_set_uint(unsigned int *i, const char *string, const char *find) |
| 472 |
{ |
{ |
| 473 |
const char *cp = strstr(string, find); |
const char *cp = strstr(string, find); |
| 475 |
sscanf(cp + strlen(find), "=%u", i); |
sscanf(cp + strlen(find), "=%u", i); |
| 476 |
} |
} |
| 477 |
|
|
| 478 |
|
/** |
| 479 |
|
* ccs_set_mode - Set mode for specified profile. |
| 480 |
|
* |
| 481 |
|
* @name: Name of functionality. |
| 482 |
|
* @value: Mode for @name. |
| 483 |
|
* @profile: Pointer to "struct ccs_profile". |
| 484 |
|
* |
| 485 |
|
* Returns 0 on success, negative value otherwise. |
| 486 |
|
*/ |
| 487 |
static int ccs_set_mode(char *name, const char *value, |
static int ccs_set_mode(char *name, const char *value, |
| 488 |
struct ccs_profile *profile) |
struct ccs_profile *profile) |
| 489 |
{ |
{ |
| 594 |
return ccs_set_mode(data, cp, profile); |
return ccs_set_mode(data, cp, profile); |
| 595 |
} |
} |
| 596 |
|
|
| 597 |
|
/** |
| 598 |
|
* ccs_print_config - Print mode for specified functionality. |
| 599 |
|
* |
| 600 |
|
* @head: Pointer to "struct ccs_io_buffer". |
| 601 |
|
* @config: Mode for that functionality. |
| 602 |
|
* |
| 603 |
|
* Returns nothing. |
| 604 |
|
* |
| 605 |
|
* Caller prints functionality's name. |
| 606 |
|
*/ |
| 607 |
static void ccs_print_config(struct ccs_io_buffer *head, const u8 config) |
static void ccs_print_config(struct ccs_io_buffer *head, const u8 config) |
| 608 |
{ |
{ |
| 609 |
ccs_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n", |
ccs_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n", |
| 970 |
return error; |
return error; |
| 971 |
} |
} |
| 972 |
|
|
| 973 |
|
/** |
| 974 |
|
* ccs_write_domain2 - Write domain policy. |
| 975 |
|
* |
| 976 |
|
* @data: Policy to be interpreted. |
| 977 |
|
* @domain: Pointer to "struct ccs_domain_info". |
| 978 |
|
* @is_delete: True if it is a delete request. |
| 979 |
|
* |
| 980 |
|
* Returns 0 on success, negative value otherwise. |
| 981 |
|
*/ |
| 982 |
static int ccs_write_domain2(char *data, struct ccs_domain_info *domain, |
static int ccs_write_domain2(char *data, struct ccs_domain_info *domain, |
| 983 |
const bool is_delete) |
const bool is_delete) |
| 984 |
{ |
{ |
| 1008 |
return -EINVAL; |
return -EINVAL; |
| 1009 |
} |
} |
| 1010 |
|
|
| 1011 |
|
/* String table for domain flags. */ |
| 1012 |
const char * const ccs_dif[CCS_MAX_DOMAIN_INFO_FLAGS] = { |
const char * const ccs_dif[CCS_MAX_DOMAIN_INFO_FLAGS] = { |
| 1013 |
[CCS_DIF_QUOTA_WARNED] = "quota_exceeded\n", |
[CCS_DIF_QUOTA_WARNED] = "quota_exceeded\n", |
| 1014 |
[CCS_DIF_TRANSITION_FAILED] = "transition_failed\n", |
[CCS_DIF_TRANSITION_FAILED] = "transition_failed\n", |
| 1077 |
* |
* |
| 1078 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 1079 |
* @ptr: Pointer to "struct ccs_name_union". |
* @ptr: Pointer to "struct ccs_name_union". |
| 1080 |
|
* |
| 1081 |
|
* Returns nothing. |
| 1082 |
*/ |
*/ |
| 1083 |
static void ccs_print_name_union(struct ccs_io_buffer *head, |
static void ccs_print_name_union(struct ccs_io_buffer *head, |
| 1084 |
const struct ccs_name_union *ptr) |
const struct ccs_name_union *ptr) |
| 1103 |
* |
* |
| 1104 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 1105 |
* @ptr: Pointer to "struct ccs_number_union". |
* @ptr: Pointer to "struct ccs_number_union". |
| 1106 |
|
* |
| 1107 |
|
* Returns nothing. |
| 1108 |
*/ |
*/ |
| 1109 |
static void ccs_print_number_union(struct ccs_io_buffer *head, |
static void ccs_print_number_union(struct ccs_io_buffer *head, |
| 1110 |
const struct ccs_number_union *ptr) |
const struct ccs_number_union *ptr) |
| 1301 |
return bit; |
return bit; |
| 1302 |
} |
} |
| 1303 |
|
|
| 1304 |
|
/** |
| 1305 |
|
* ccs_set_group - Print "acl_group " header keyword. |
| 1306 |
|
* |
| 1307 |
|
* @head: Pointer to "struct ccs_io_buffer". |
| 1308 |
|
* |
| 1309 |
|
* Returns nothing. |
| 1310 |
|
*/ |
| 1311 |
static void ccs_set_group(struct ccs_io_buffer *head) |
static void ccs_set_group(struct ccs_io_buffer *head) |
| 1312 |
{ |
{ |
| 1313 |
if (head->type == CCS_EXCEPTIONPOLICY) |
if (head->type == CCS_EXCEPTIONPOLICY) |
| 1728 |
} |
} |
| 1729 |
} |
} |
| 1730 |
|
|
| 1731 |
|
/* String table for domain transition control keywords. */ |
| 1732 |
static const char * const ccs_transition_type[CCS_MAX_TRANSITION_TYPE] = { |
static const char * const ccs_transition_type[CCS_MAX_TRANSITION_TYPE] = { |
| 1733 |
[CCS_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ", |
[CCS_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ", |
| 1734 |
[CCS_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ", |
[CCS_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ", |
| 1736 |
[CCS_TRANSITION_CONTROL_KEEP] = "keep_domain ", |
[CCS_TRANSITION_CONTROL_KEEP] = "keep_domain ", |
| 1737 |
}; |
}; |
| 1738 |
|
|
| 1739 |
|
/* String table for grouping keywords. */ |
| 1740 |
static const char * const ccs_group_name[CCS_MAX_GROUP] = { |
static const char * const ccs_group_name[CCS_MAX_GROUP] = { |
| 1741 |
[CCS_PATH_GROUP] = "path_group ", |
[CCS_PATH_GROUP] = "path_group ", |
| 1742 |
[CCS_NUMBER_GROUP] = "number_group ", |
[CCS_NUMBER_GROUP] = "number_group ", |
| 1941 |
head->r.eof = true; |
head->r.eof = true; |
| 1942 |
} |
} |
| 1943 |
|
|
| 1944 |
/* Wait queue for ccs_query_list. */ |
/* Wait queue for kernel -> userspace notification. */ |
| 1945 |
static DECLARE_WAIT_QUEUE_HEAD(ccs_query_wait); |
static DECLARE_WAIT_QUEUE_HEAD(ccs_query_wait); |
| 1946 |
|
/* Wait queue for userspace -> kernel notification. */ |
| 1947 |
static DECLARE_WAIT_QUEUE_HEAD(ccs_answer_wait); |
static DECLARE_WAIT_QUEUE_HEAD(ccs_answer_wait); |
| 1948 |
|
|
| 1949 |
/* Lock for manipulating ccs_query_list. */ |
/* Lock for manipulating ccs_query_list. */ |
| 1966 |
/* Number of "struct file" referring /proc/ccs/query interface. */ |
/* Number of "struct file" referring /proc/ccs/query interface. */ |
| 1967 |
static atomic_t ccs_query_observers = ATOMIC_INIT(0); |
static atomic_t ccs_query_observers = ATOMIC_INIT(0); |
| 1968 |
|
|
| 1969 |
|
/** |
| 1970 |
|
* ccs_truncate - Truncate a line. |
| 1971 |
|
* |
| 1972 |
|
* @str: String to truncate. |
| 1973 |
|
* |
| 1974 |
|
* Returns length of truncated @str. |
| 1975 |
|
*/ |
| 1976 |
static int ccs_truncate(char *str) |
static int ccs_truncate(char *str) |
| 1977 |
{ |
{ |
| 1978 |
char *start = str; |
char *start = str; |
| 1982 |
return strlen(start) + 1; |
return strlen(start) + 1; |
| 1983 |
} |
} |
| 1984 |
|
|
| 1985 |
|
/** |
| 1986 |
|
* ccs_add_entry - Add an ACL to current thread's domain. Used by learning mode. |
| 1987 |
|
* |
| 1988 |
|
* @header: Lines containing ACL. |
| 1989 |
|
* |
| 1990 |
|
* Returns nothing. |
| 1991 |
|
*/ |
| 1992 |
static void ccs_add_entry(char *header) |
static void ccs_add_entry(char *header) |
| 1993 |
{ |
{ |
| 1994 |
char *buffer; |
char *buffer; |
| 2195 |
* ccs_read_query - Read access requests which violated policy in enforcing mode. |
* ccs_read_query - Read access requests which violated policy in enforcing mode. |
| 2196 |
* |
* |
| 2197 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 2198 |
|
* |
| 2199 |
|
* Returns nothing. |
| 2200 |
*/ |
*/ |
| 2201 |
static void ccs_read_query(struct ccs_io_buffer *head) |
static void ccs_read_query(struct ccs_io_buffer *head) |
| 2202 |
{ |
{ |
| 2294 |
* ccs_read_version: Get version. |
* ccs_read_version: Get version. |
| 2295 |
* |
* |
| 2296 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 2297 |
|
* |
| 2298 |
|
* Returns nothing. |
| 2299 |
*/ |
*/ |
| 2300 |
static void ccs_read_version(struct ccs_io_buffer *head) |
static void ccs_read_version(struct ccs_io_buffer *head) |
| 2301 |
{ |
{ |
| 2423 |
* @file: Pointer to "struct file". |
* @file: Pointer to "struct file". |
| 2424 |
* @wait: Pointer to "poll_table". |
* @wait: Pointer to "poll_table". |
| 2425 |
* |
* |
| 2426 |
|
* Returns return value of poll(). |
| 2427 |
|
* |
| 2428 |
* Waits for read readiness. |
* Waits for read readiness. |
| 2429 |
* /proc/ccs/query is handled by /usr/sbin/ccs-queryd and |
* /proc/ccs/query is handled by /usr/sbin/ccs-queryd and |
| 2430 |
* /proc/ccs/grant_log and /proc/ccs/reject_log are handled by |
* /proc/ccs/grant_log and /proc/ccs/reject_log are handled by |
| 2581 |
return 0; |
return 0; |
| 2582 |
} |
} |
| 2583 |
|
|
| 2584 |
|
/** |
| 2585 |
|
* ccs_policy_io_init - Register hooks for policy I/O. |
| 2586 |
|
* |
| 2587 |
|
* Returns nothing. |
| 2588 |
|
*/ |
| 2589 |
void __init ccs_policy_io_init(void) |
void __init ccs_policy_io_init(void) |
| 2590 |
{ |
{ |
| 2591 |
ccsecurity_ops.check_profile = ccs_check_profile; |
ccsecurity_ops.check_profile = ccs_check_profile; |
TOMOYO
Parent Directory
Revision Log
Patch