35 |
} ccs_control_array[CCS_MAX_CONTROL_INDEX] = { |
} ccs_control_array[CCS_MAX_CONTROL_INDEX] = { |
36 |
[CCS_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, |
[CCS_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, |
37 |
[CCS_MAC_FOR_IOCTL] = { "MAC_FOR_IOCTL", 0, 3 }, |
[CCS_MAC_FOR_IOCTL] = { "MAC_FOR_IOCTL", 0, 3 }, |
38 |
|
[CCS_MAC_FOR_FILEATTR] = { "MAC_FOR_FILEATTR", 0, 3 }, |
39 |
[CCS_MAC_FOR_ARGV0] = { "MAC_FOR_ARGV0", 0, 3 }, |
[CCS_MAC_FOR_ARGV0] = { "MAC_FOR_ARGV0", 0, 3 }, |
40 |
[CCS_MAC_FOR_ENV] = { "MAC_FOR_ENV", 0, 3 }, |
[CCS_MAC_FOR_ENV] = { "MAC_FOR_ENV", 0, 3 }, |
41 |
[CCS_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 }, |
[CCS_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 }, |
620 |
error = ccs_write_argv0_policy(data, domain, cond, is_delete); |
error = ccs_write_argv0_policy(data, domain, cond, is_delete); |
621 |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_ENV)) |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_ENV)) |
622 |
error = ccs_write_env_policy(data, domain, cond, is_delete); |
error = ccs_write_env_policy(data, domain, cond, is_delete); |
|
else if (ccs_str_starts(&data, KEYWORD_ALLOW_IOCTL)) |
|
|
error = ccs_write_ioctl_policy(data, domain, cond, is_delete); |
|
623 |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_MOUNT)) |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_MOUNT)) |
624 |
error = ccs_write_mount_policy(data, domain, cond, is_delete); |
error = ccs_write_mount_policy(data, domain, cond, is_delete); |
625 |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_UNMOUNT)) |
else if (ccs_str_starts(&data, KEYWORD_ALLOW_UNMOUNT)) |
784 |
} |
} |
785 |
|
|
786 |
/** |
/** |
787 |
* ccs_print_ioctl_acl - Print an ioctl ACL entry. |
* ccs_print_path_number_acl - Print an ioctl/chmod/chown/chgrp ACL entry. |
788 |
* |
* |
789 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
790 |
* @ptr: Pointer to "struct ccs_ioctl_acl_record". |
* @ptr: Pointer to "struct ccs_path_number_acl_record". |
791 |
* @cond: Pointer to "struct ccs_condition". May be NULL. |
* @cond: Pointer to "struct ccs_condition". May be NULL. |
792 |
* |
* |
793 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
794 |
*/ |
*/ |
795 |
static bool ccs_print_ioctl_acl(struct ccs_io_buffer *head, |
static bool ccs_print_path_number_acl(struct ccs_io_buffer *head, |
796 |
struct ccs_ioctl_acl_record *ptr, |
struct ccs_path_number_acl_record *ptr, |
797 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
798 |
{ |
{ |
799 |
int pos = head->read_avail; |
int pos; |
800 |
if (!ccs_io_printf(head, KEYWORD_ALLOW_IOCTL) || |
u8 bit; |
801 |
!ccs_print_name_union(head, ptr->name_is_group, &ptr->name) || |
const u8 perm = ptr->perm; |
802 |
!ccs_print_number_union(head, ptr->cmd_is_group, &ptr->cmd) || |
for (bit = head->read_bit; bit < MAX_PATH_NUMBER_OPERATION; bit++) { |
803 |
!ccs_print_condition(head, cond)) |
const char *msg; |
804 |
goto out; |
if (!(perm & (1 << bit))) |
805 |
|
continue; |
806 |
|
msg = ccs_path_number2keyword(bit); |
807 |
|
pos = head->read_avail; |
808 |
|
if (!ccs_io_printf(head, "allow_%s", msg) || |
809 |
|
!ccs_print_name_union(head, ptr->name_is_group, |
810 |
|
&ptr->name) || |
811 |
|
!ccs_print_number_union(head, ptr->number_is_group, |
812 |
|
&ptr->number) || |
813 |
|
!ccs_print_condition(head, cond)) |
814 |
|
goto out; |
815 |
|
} |
816 |
|
head->read_bit = 0; |
817 |
return true; |
return true; |
818 |
out: |
out: |
819 |
|
head->read_bit = bit; |
820 |
head->read_avail = pos; |
head->read_avail = pos; |
821 |
return false; |
return false; |
822 |
} |
} |
1173 |
head); |
head); |
1174 |
return ccs_print_double_path_acl(head, acl, cond); |
return ccs_print_double_path_acl(head, acl, cond); |
1175 |
} |
} |
1176 |
if (acl_type == TYPE_IOCTL_ACL) { |
if (acl_type == TYPE_PATH_NUMBER_ACL) { |
1177 |
struct ccs_ioctl_acl_record *acl |
struct ccs_path_number_acl_record *acl |
1178 |
= container_of(ptr, struct ccs_ioctl_acl_record, head); |
= container_of(ptr, struct ccs_path_number_acl_record, |
1179 |
return ccs_print_ioctl_acl(head, acl, cond); |
head); |
1180 |
|
return ccs_print_path_number_acl(head, acl, cond); |
1181 |
} |
} |
1182 |
if (acl_type == TYPE_ARGV0_ACL) { |
if (acl_type == TYPE_ARGV0_ACL) { |
1183 |
struct ccs_argv0_acl_record *acl |
struct ccs_argv0_acl_record *acl |