18 |
/* Profile table. Memory is allocated as needed. */ |
/* Profile table. Memory is allocated as needed. */ |
19 |
static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES]; |
static struct ccs_profile *ccs_profile_ptr[CCS_MAX_PROFILES]; |
20 |
|
|
21 |
/* String table for functionality that takes 4 modes. */ |
/* String table for operation mode. */ |
22 |
const char * const ccs_mode[CCS_CONFIG_MAX_MODE] = { |
const char * const ccs_mode[CCS_CONFIG_MAX_MODE] = { |
23 |
[CCS_CONFIG_DISABLED] = "disabled", |
[CCS_CONFIG_DISABLED] = "disabled", |
24 |
[CCS_CONFIG_LEARNING] = "learning", |
[CCS_CONFIG_LEARNING] = "learning", |
26 |
[CCS_CONFIG_ENFORCING] = "enforcing" |
[CCS_CONFIG_ENFORCING] = "enforcing" |
27 |
}; |
}; |
28 |
|
|
29 |
/* String table for /proc/ccs/profile */ |
/* String table for /proc/ccs/profile interface. */ |
30 |
const char * const ccs_mac_keywords[CCS_MAX_MAC_INDEX |
const char * const ccs_mac_keywords[CCS_MAX_MAC_INDEX |
31 |
+ CCS_MAX_MAC_CATEGORY_INDEX] = { |
+ CCS_MAX_MAC_CATEGORY_INDEX] = { |
32 |
|
/* CONFIG::file group */ |
33 |
[CCS_MAC_FILE_EXECUTE] = "execute", |
[CCS_MAC_FILE_EXECUTE] = "execute", |
34 |
[CCS_MAC_FILE_OPEN] = "open", |
[CCS_MAC_FILE_OPEN] = "open", |
35 |
[CCS_MAC_FILE_CREATE] = "create", |
[CCS_MAC_FILE_CREATE] = "create", |
52 |
[CCS_MAC_FILE_MOUNT] = "mount", |
[CCS_MAC_FILE_MOUNT] = "mount", |
53 |
[CCS_MAC_FILE_UMOUNT] = "unmount", |
[CCS_MAC_FILE_UMOUNT] = "unmount", |
54 |
[CCS_MAC_FILE_PIVOT_ROOT] = "pivot_root", |
[CCS_MAC_FILE_PIVOT_ROOT] = "pivot_root", |
55 |
|
/* CONFIG::misc group */ |
56 |
[CCS_MAC_ENVIRON] = "env", |
[CCS_MAC_ENVIRON] = "env", |
57 |
|
/* CONFIG::network group */ |
58 |
[CCS_MAC_NETWORK_INET_STREAM_BIND] = "inet_stream_bind", |
[CCS_MAC_NETWORK_INET_STREAM_BIND] = "inet_stream_bind", |
59 |
[CCS_MAC_NETWORK_INET_STREAM_LISTEN] = "inet_stream_listen", |
[CCS_MAC_NETWORK_INET_STREAM_LISTEN] = "inet_stream_listen", |
60 |
[CCS_MAC_NETWORK_INET_STREAM_CONNECT] = "inet_stream_connect", |
[CCS_MAC_NETWORK_INET_STREAM_CONNECT] = "inet_stream_connect", |
76 |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_LISTEN] = "unix_seqpacket_listen", |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_LISTEN] = "unix_seqpacket_listen", |
77 |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] = "unix_seqpacket_connect", |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_CONNECT] = "unix_seqpacket_connect", |
78 |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_ACCEPT] = "unix_seqpacket_accept", |
[CCS_MAC_NETWORK_UNIX_SEQPACKET_ACCEPT] = "unix_seqpacket_accept", |
79 |
|
/* CONFIG::ipc group */ |
80 |
[CCS_MAC_SIGNAL] = "signal", |
[CCS_MAC_SIGNAL] = "signal", |
81 |
|
/* CONFIG::capability group */ |
82 |
[CCS_MAC_CAPABILITY_USE_ROUTE_SOCKET] = "use_route", |
[CCS_MAC_CAPABILITY_USE_ROUTE_SOCKET] = "use_route", |
83 |
[CCS_MAC_CAPABILITY_USE_PACKET_SOCKET] = "use_packet", |
[CCS_MAC_CAPABILITY_USE_PACKET_SOCKET] = "use_packet", |
84 |
[CCS_MAC_CAPABILITY_SYS_REBOOT] = "SYS_REBOOT", |
[CCS_MAC_CAPABILITY_SYS_REBOOT] = "SYS_REBOOT", |
89 |
[CCS_MAC_CAPABILITY_USE_KERNEL_MODULE] = "use_kernel_module", |
[CCS_MAC_CAPABILITY_USE_KERNEL_MODULE] = "use_kernel_module", |
90 |
[CCS_MAC_CAPABILITY_SYS_KEXEC_LOAD] = "SYS_KEXEC_LOAD", |
[CCS_MAC_CAPABILITY_SYS_KEXEC_LOAD] = "SYS_KEXEC_LOAD", |
91 |
[CCS_MAC_CAPABILITY_SYS_PTRACE] = "SYS_PTRACE", |
[CCS_MAC_CAPABILITY_SYS_PTRACE] = "SYS_PTRACE", |
92 |
|
/* CONFIG group */ |
93 |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_FILE] = "file", |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_FILE] = "file", |
94 |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_NETWORK] = "network", |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_NETWORK] = "network", |
95 |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_MISC] = "misc", |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_MISC] = "misc", |
97 |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_CAPABILITY] = "capability", |
[CCS_MAX_MAC_INDEX + CCS_MAC_CATEGORY_CAPABILITY] = "capability", |
98 |
}; |
}; |
99 |
|
|
100 |
|
/* String table for path operation. */ |
101 |
const char * const ccs_path_keyword[CCS_MAX_PATH_OPERATION] = { |
const char * const ccs_path_keyword[CCS_MAX_PATH_OPERATION] = { |
102 |
[CCS_TYPE_EXECUTE] = "execute", |
[CCS_TYPE_EXECUTE] = "execute", |
103 |
[CCS_TYPE_READ] = "read", |
[CCS_TYPE_READ] = "read", |
111 |
[CCS_TYPE_UMOUNT] = "unmount", |
[CCS_TYPE_UMOUNT] = "unmount", |
112 |
}; |
}; |
113 |
|
|
114 |
|
/* String table for categories. */ |
115 |
static const char * const ccs_category_keywords[CCS_MAX_MAC_CATEGORY_INDEX] = { |
static const char * const ccs_category_keywords[CCS_MAX_MAC_CATEGORY_INDEX] = { |
116 |
[CCS_MAC_CATEGORY_FILE] = "file", |
[CCS_MAC_CATEGORY_FILE] = "file", |
117 |
[CCS_MAC_CATEGORY_NETWORK] = "network", |
[CCS_MAC_CATEGORY_NETWORK] = "network", |
120 |
[CCS_MAC_CATEGORY_CAPABILITY] = "capability", |
[CCS_MAC_CATEGORY_CAPABILITY] = "capability", |
121 |
}; |
}; |
122 |
|
|
123 |
|
/* String table for conditions. */ |
124 |
const char * const ccs_condition_keyword[CCS_MAX_CONDITION_KEYWORD] = { |
const char * const ccs_condition_keyword[CCS_MAX_CONDITION_KEYWORD] = { |
125 |
[CCS_TASK_UID] = "task.uid", |
[CCS_TASK_UID] = "task.uid", |
126 |
[CCS_TASK_EUID] = "task.euid", |
[CCS_TASK_EUID] = "task.euid", |
185 |
[CCS_PATH2_PARENT_PERM] = "path2.parent.perm", |
[CCS_PATH2_PARENT_PERM] = "path2.parent.perm", |
186 |
}; |
}; |
187 |
|
|
188 |
|
/* String table for PREFERENCE keyword. */ |
189 |
static const char * const ccs_pref_keywords[CCS_MAX_PREF] = { |
static const char * const ccs_pref_keywords[CCS_MAX_PREF] = { |
190 |
[CCS_PREF_MAX_GRANT_LOG] = "max_grant_log", |
[CCS_PREF_MAX_GRANT_LOG] = "max_grant_log", |
191 |
[CCS_PREF_MAX_REJECT_LOG] = "max_reject_log", |
[CCS_PREF_MAX_REJECT_LOG] = "max_reject_log", |
200 |
* ccs_yesno - Return "yes" or "no". |
* ccs_yesno - Return "yes" or "no". |
201 |
* |
* |
202 |
* @value: Bool value. |
* @value: Bool value. |
203 |
|
* |
204 |
|
* Returns "yes" if @value is not 0, "no" otherwise. |
205 |
*/ |
*/ |
206 |
static const char *ccs_yesno(const unsigned int value) |
static const char *ccs_yesno(const unsigned int value) |
207 |
{ |
{ |
208 |
return value ? "yes" : "no"; |
return value ? "yes" : "no"; |
209 |
} |
} |
210 |
|
|
211 |
|
/* Prototype fpr ccs_addprintf(). */ |
212 |
static void ccs_addprintf(char *buffer, int len, const char *fmt, ...) |
static void ccs_addprintf(char *buffer, int len, const char *fmt, ...) |
213 |
__attribute__ ((format(printf, 3, 4))); |
__attribute__ ((format(printf, 3, 4))); |
214 |
|
|
215 |
|
/** |
216 |
|
* ccs_addprintf - snprint()-like-strncat(). |
217 |
|
* |
218 |
|
* @buffer: Buffer to write to. Must be '\0'-terminated. |
219 |
|
* @len: Size of @buffer. |
220 |
|
* @fmt: The printf()'s format string, followed by parameters. |
221 |
|
* |
222 |
|
* Returns nothing. |
223 |
|
*/ |
224 |
static void ccs_addprintf(char *buffer, int len, const char *fmt, ...) |
static void ccs_addprintf(char *buffer, int len, const char *fmt, ...) |
225 |
{ |
{ |
226 |
va_list args; |
va_list args; |
233 |
/** |
/** |
234 |
* ccs_flush - Flush queued string to userspace's buffer. |
* ccs_flush - Flush queued string to userspace's buffer. |
235 |
* |
* |
236 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
237 |
* |
* |
238 |
* Returns true if all data was flushed, false otherwise. |
* Returns true if all data was flushed, false otherwise. |
239 |
*/ |
*/ |
282 |
* Note that @string has to be kept valid until @head is kfree()d. |
* Note that @string has to be kept valid until @head is kfree()d. |
283 |
* This means that char[] allocated on stack memory cannot be passed to |
* This means that char[] allocated on stack memory cannot be passed to |
284 |
* this function. Use ccs_io_printf() for char[] allocated on stack memory. |
* this function. Use ccs_io_printf() for char[] allocated on stack memory. |
285 |
|
* |
286 |
|
* Returns nothing. |
287 |
*/ |
*/ |
288 |
static void ccs_set_string(struct ccs_io_buffer *head, const char *string) |
static void ccs_set_string(struct ccs_io_buffer *head, const char *string) |
289 |
{ |
{ |
299 |
* |
* |
300 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
301 |
* @fmt: The printf()'s format string, followed by parameters. |
* @fmt: The printf()'s format string, followed by parameters. |
302 |
|
* |
303 |
|
* Returns nothing. |
304 |
*/ |
*/ |
305 |
void ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...) |
void ccs_io_printf(struct ccs_io_buffer *head, const char *fmt, ...) |
306 |
{ |
{ |
321 |
ccs_set_string(head, head->read_buf + pos); |
ccs_set_string(head, head->read_buf + pos); |
322 |
} |
} |
323 |
|
|
324 |
|
/** |
325 |
|
* ccs_set_space - Put a space to "struct ccs_io_buffer" structure. |
326 |
|
* |
327 |
|
* @head: Pointer to "struct ccs_io_buffer". |
328 |
|
* |
329 |
|
* Returns nothing. |
330 |
|
*/ |
331 |
static void ccs_set_space(struct ccs_io_buffer *head) |
static void ccs_set_space(struct ccs_io_buffer *head) |
332 |
{ |
{ |
333 |
ccs_set_string(head, " "); |
ccs_set_string(head, " "); |
334 |
} |
} |
335 |
|
|
336 |
|
/** |
337 |
|
* ccs_set_lf - Put a line feed to "struct ccs_io_buffer" structure. |
338 |
|
* |
339 |
|
* @head: Pointer to "struct ccs_io_buffer". |
340 |
|
* |
341 |
|
* Returns nothing. |
342 |
|
*/ |
343 |
static bool ccs_set_lf(struct ccs_io_buffer *head) |
static bool ccs_set_lf(struct ccs_io_buffer *head) |
344 |
{ |
{ |
345 |
ccs_set_string(head, "\n"); |
ccs_set_string(head, "\n"); |
390 |
|
|
391 |
/** |
/** |
392 |
* ccs_check_profile - Check all profiles currently assigned to domains are defined. |
* ccs_check_profile - Check all profiles currently assigned to domains are defined. |
393 |
|
* |
394 |
|
* Returns nothing. |
395 |
*/ |
*/ |
396 |
static void ccs_check_profile(void) |
static void ccs_check_profile(void) |
397 |
{ |
{ |
438 |
return ptr; |
return ptr; |
439 |
} |
} |
440 |
|
|
441 |
|
/** |
442 |
|
* ccs_find_yesno - Find values for specified keyword. |
443 |
|
* |
444 |
|
* @string: String to check. |
445 |
|
* @find: Name of keyword. |
446 |
|
* |
447 |
|
* Returns 1 if "@find=yes" was found, 0 if "@find=no" was found, -1 otherwise. |
448 |
|
*/ |
449 |
static s8 ccs_find_yesno(const char *string, const char *find) |
static s8 ccs_find_yesno(const char *string, const char *find) |
450 |
{ |
{ |
451 |
const char *cp = strstr(string, find); |
const char *cp = strstr(string, find); |
459 |
return -1; |
return -1; |
460 |
} |
} |
461 |
|
|
462 |
|
/** |
463 |
|
* ccs_set_uint - Set value for specified preference. |
464 |
|
* |
465 |
|
* @i: Pointer to "unsigned int". |
466 |
|
* @string: String to check. |
467 |
|
* @find: Name of keyword. |
468 |
|
* |
469 |
|
* Returns nothing. |
470 |
|
*/ |
471 |
static void ccs_set_uint(unsigned int *i, const char *string, const char *find) |
static void ccs_set_uint(unsigned int *i, const char *string, const char *find) |
472 |
{ |
{ |
473 |
const char *cp = strstr(string, find); |
const char *cp = strstr(string, find); |
475 |
sscanf(cp + strlen(find), "=%u", i); |
sscanf(cp + strlen(find), "=%u", i); |
476 |
} |
} |
477 |
|
|
478 |
|
/** |
479 |
|
* ccs_set_mode - Set mode for specified profile. |
480 |
|
* |
481 |
|
* @name: Name of functionality. |
482 |
|
* @value: Mode for @name. |
483 |
|
* @profile: Pointer to "struct ccs_profile". |
484 |
|
* |
485 |
|
* Returns 0 on success, negative value otherwise. |
486 |
|
*/ |
487 |
static int ccs_set_mode(char *name, const char *value, |
static int ccs_set_mode(char *name, const char *value, |
488 |
struct ccs_profile *profile) |
struct ccs_profile *profile) |
489 |
{ |
{ |
594 |
return ccs_set_mode(data, cp, profile); |
return ccs_set_mode(data, cp, profile); |
595 |
} |
} |
596 |
|
|
597 |
|
/** |
598 |
|
* ccs_print_config - Print mode for specified functionality. |
599 |
|
* |
600 |
|
* @head: Pointer to "struct ccs_io_buffer". |
601 |
|
* @config: Mode for that functionality. |
602 |
|
* |
603 |
|
* Returns nothing. |
604 |
|
* |
605 |
|
* Caller prints functionality's name. |
606 |
|
*/ |
607 |
static void ccs_print_config(struct ccs_io_buffer *head, const u8 config) |
static void ccs_print_config(struct ccs_io_buffer *head, const u8 config) |
608 |
{ |
{ |
609 |
ccs_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n", |
ccs_io_printf(head, "={ mode=%s grant_log=%s reject_log=%s }\n", |
970 |
return error; |
return error; |
971 |
} |
} |
972 |
|
|
973 |
|
/** |
974 |
|
* ccs_write_domain2 - Write domain policy. |
975 |
|
* |
976 |
|
* @data: Policy to be interpreted. |
977 |
|
* @domain: Pointer to "struct ccs_domain_info". |
978 |
|
* @is_delete: True if it is a delete request. |
979 |
|
* |
980 |
|
* Returns 0 on success, negative value otherwise. |
981 |
|
*/ |
982 |
static int ccs_write_domain2(char *data, struct ccs_domain_info *domain, |
static int ccs_write_domain2(char *data, struct ccs_domain_info *domain, |
983 |
const bool is_delete) |
const bool is_delete) |
984 |
{ |
{ |
1008 |
return -EINVAL; |
return -EINVAL; |
1009 |
} |
} |
1010 |
|
|
1011 |
|
/* String table for domain flags. */ |
1012 |
const char * const ccs_dif[CCS_MAX_DOMAIN_INFO_FLAGS] = { |
const char * const ccs_dif[CCS_MAX_DOMAIN_INFO_FLAGS] = { |
1013 |
[CCS_DIF_QUOTA_WARNED] = "quota_exceeded\n", |
[CCS_DIF_QUOTA_WARNED] = "quota_exceeded\n", |
1014 |
[CCS_DIF_TRANSITION_FAILED] = "transition_failed\n", |
[CCS_DIF_TRANSITION_FAILED] = "transition_failed\n", |
1077 |
* |
* |
1078 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
1079 |
* @ptr: Pointer to "struct ccs_name_union". |
* @ptr: Pointer to "struct ccs_name_union". |
1080 |
|
* |
1081 |
|
* Returns nothing. |
1082 |
*/ |
*/ |
1083 |
static void ccs_print_name_union(struct ccs_io_buffer *head, |
static void ccs_print_name_union(struct ccs_io_buffer *head, |
1084 |
const struct ccs_name_union *ptr) |
const struct ccs_name_union *ptr) |
1103 |
* |
* |
1104 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
1105 |
* @ptr: Pointer to "struct ccs_number_union". |
* @ptr: Pointer to "struct ccs_number_union". |
1106 |
|
* |
1107 |
|
* Returns nothing. |
1108 |
*/ |
*/ |
1109 |
static void ccs_print_number_union(struct ccs_io_buffer *head, |
static void ccs_print_number_union(struct ccs_io_buffer *head, |
1110 |
const struct ccs_number_union *ptr) |
const struct ccs_number_union *ptr) |
1301 |
return bit; |
return bit; |
1302 |
} |
} |
1303 |
|
|
1304 |
|
/** |
1305 |
|
* ccs_set_group - Print "acl_group " header keyword. |
1306 |
|
* |
1307 |
|
* @head: Pointer to "struct ccs_io_buffer". |
1308 |
|
* |
1309 |
|
* Returns nothing. |
1310 |
|
*/ |
1311 |
static void ccs_set_group(struct ccs_io_buffer *head) |
static void ccs_set_group(struct ccs_io_buffer *head) |
1312 |
{ |
{ |
1313 |
if (head->type == CCS_EXCEPTIONPOLICY) |
if (head->type == CCS_EXCEPTIONPOLICY) |
1728 |
} |
} |
1729 |
} |
} |
1730 |
|
|
1731 |
|
/* String table for domain transition control keywords. */ |
1732 |
static const char * const ccs_transition_type[CCS_MAX_TRANSITION_TYPE] = { |
static const char * const ccs_transition_type[CCS_MAX_TRANSITION_TYPE] = { |
1733 |
[CCS_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ", |
[CCS_TRANSITION_CONTROL_NO_INITIALIZE] = "no_initialize_domain ", |
1734 |
[CCS_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ", |
[CCS_TRANSITION_CONTROL_INITIALIZE] = "initialize_domain ", |
1736 |
[CCS_TRANSITION_CONTROL_KEEP] = "keep_domain ", |
[CCS_TRANSITION_CONTROL_KEEP] = "keep_domain ", |
1737 |
}; |
}; |
1738 |
|
|
1739 |
|
/* String table for grouping keywords. */ |
1740 |
static const char * const ccs_group_name[CCS_MAX_GROUP] = { |
static const char * const ccs_group_name[CCS_MAX_GROUP] = { |
1741 |
[CCS_PATH_GROUP] = "path_group ", |
[CCS_PATH_GROUP] = "path_group ", |
1742 |
[CCS_NUMBER_GROUP] = "number_group ", |
[CCS_NUMBER_GROUP] = "number_group ", |
1941 |
head->r.eof = true; |
head->r.eof = true; |
1942 |
} |
} |
1943 |
|
|
1944 |
/* Wait queue for ccs_query_list. */ |
/* Wait queue for kernel -> userspace notification. */ |
1945 |
static DECLARE_WAIT_QUEUE_HEAD(ccs_query_wait); |
static DECLARE_WAIT_QUEUE_HEAD(ccs_query_wait); |
1946 |
|
/* Wait queue for userspace -> kernel notification. */ |
1947 |
static DECLARE_WAIT_QUEUE_HEAD(ccs_answer_wait); |
static DECLARE_WAIT_QUEUE_HEAD(ccs_answer_wait); |
1948 |
|
|
1949 |
/* Lock for manipulating ccs_query_list. */ |
/* Lock for manipulating ccs_query_list. */ |
1966 |
/* Number of "struct file" referring /proc/ccs/query interface. */ |
/* Number of "struct file" referring /proc/ccs/query interface. */ |
1967 |
static atomic_t ccs_query_observers = ATOMIC_INIT(0); |
static atomic_t ccs_query_observers = ATOMIC_INIT(0); |
1968 |
|
|
1969 |
|
/** |
1970 |
|
* ccs_truncate - Truncate a line. |
1971 |
|
* |
1972 |
|
* @str: String to truncate. |
1973 |
|
* |
1974 |
|
* Returns length of truncated @str. |
1975 |
|
*/ |
1976 |
static int ccs_truncate(char *str) |
static int ccs_truncate(char *str) |
1977 |
{ |
{ |
1978 |
char *start = str; |
char *start = str; |
1982 |
return strlen(start) + 1; |
return strlen(start) + 1; |
1983 |
} |
} |
1984 |
|
|
1985 |
|
/** |
1986 |
|
* ccs_add_entry - Add an ACL to current thread's domain. Used by learning mode. |
1987 |
|
* |
1988 |
|
* @header: Lines containing ACL. |
1989 |
|
* |
1990 |
|
* Returns nothing. |
1991 |
|
*/ |
1992 |
static void ccs_add_entry(char *header) |
static void ccs_add_entry(char *header) |
1993 |
{ |
{ |
1994 |
char *buffer; |
char *buffer; |
2195 |
* ccs_read_query - Read access requests which violated policy in enforcing mode. |
* ccs_read_query - Read access requests which violated policy in enforcing mode. |
2196 |
* |
* |
2197 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
2198 |
|
* |
2199 |
|
* Returns nothing. |
2200 |
*/ |
*/ |
2201 |
static void ccs_read_query(struct ccs_io_buffer *head) |
static void ccs_read_query(struct ccs_io_buffer *head) |
2202 |
{ |
{ |
2294 |
* ccs_read_version: Get version. |
* ccs_read_version: Get version. |
2295 |
* |
* |
2296 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
2297 |
|
* |
2298 |
|
* Returns nothing. |
2299 |
*/ |
*/ |
2300 |
static void ccs_read_version(struct ccs_io_buffer *head) |
static void ccs_read_version(struct ccs_io_buffer *head) |
2301 |
{ |
{ |
2423 |
* @file: Pointer to "struct file". |
* @file: Pointer to "struct file". |
2424 |
* @wait: Pointer to "poll_table". |
* @wait: Pointer to "poll_table". |
2425 |
* |
* |
2426 |
|
* Returns return value of poll(). |
2427 |
|
* |
2428 |
* Waits for read readiness. |
* Waits for read readiness. |
2429 |
* /proc/ccs/query is handled by /usr/sbin/ccs-queryd and |
* /proc/ccs/query is handled by /usr/sbin/ccs-queryd and |
2430 |
* /proc/ccs/grant_log and /proc/ccs/reject_log are handled by |
* /proc/ccs/grant_log and /proc/ccs/reject_log are handled by |
2581 |
return 0; |
return 0; |
2582 |
} |
} |
2583 |
|
|
2584 |
|
/** |
2585 |
|
* ccs_policy_io_init - Register hooks for policy I/O. |
2586 |
|
* |
2587 |
|
* Returns nothing. |
2588 |
|
*/ |
2589 |
void __init ccs_policy_io_init(void) |
void __init ccs_policy_io_init(void) |
2590 |
{ |
{ |
2591 |
ccsecurity_ops.check_profile = ccs_check_profile; |
ccsecurity_ops.check_profile = ccs_check_profile; |