244 |
ptr = ccs_profile_ptr[profile]; |
ptr = ccs_profile_ptr[profile]; |
245 |
if (!ptr && ccs_memory_ok(entry, sizeof(*entry))) { |
if (!ptr && ccs_memory_ok(entry, sizeof(*entry))) { |
246 |
ptr = entry; |
ptr = entry; |
247 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
248 |
ptr->audit_max_grant_log = CONFIG_CCSECURITY_MAX_GRANT_LOG; |
ptr->audit_max_grant_log = CONFIG_CCSECURITY_MAX_GRANT_LOG; |
249 |
ptr->audit_max_reject_log = CONFIG_CCSECURITY_MAX_REJECT_LOG; |
ptr->audit_max_reject_log = CONFIG_CCSECURITY_MAX_REJECT_LOG; |
250 |
|
#endif |
251 |
ptr->enforcing_penalty = 0; |
ptr->enforcing_penalty = 0; |
252 |
ptr->learning_max_entry = CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY; |
ptr->learning_max_entry = CONFIG_CCSECURITY_MAX_ACCEPT_ENTRY; |
253 |
ptr->enforcing_verbose = true; |
ptr->enforcing_verbose = true; |
324 |
ccs_put_name(old_comment); |
ccs_put_name(old_comment); |
325 |
return 0; |
return 0; |
326 |
} |
} |
327 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
328 |
if (!strcmp(data, "PREFERENCE::audit")) { |
if (!strcmp(data, "PREFERENCE::audit")) { |
329 |
char *cp2 = strstr(cp, "max_grant_log="); |
char *cp2 = strstr(cp, "max_grant_log="); |
330 |
if (cp2) |
if (cp2) |
334 |
sscanf(cp2 + 15, "%u", &profile->audit_max_reject_log); |
sscanf(cp2 + 15, "%u", &profile->audit_max_reject_log); |
335 |
return 0; |
return 0; |
336 |
} |
} |
337 |
|
#endif |
338 |
if (strstr(cp, "verbose=yes")) |
if (strstr(cp, "verbose=yes")) |
339 |
value = 1; |
value = 1; |
340 |
else if (strstr(cp, "verbose=no")) |
else if (strstr(cp, "verbose=no")) |
401 |
* 'config' from 'CCS_CONFIG_USE_DEAFULT'. |
* 'config' from 'CCS_CONFIG_USE_DEAFULT'. |
402 |
*/ |
*/ |
403 |
config = (config & ~7) | mode; |
config = (config & ~7) | mode; |
404 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
405 |
if (config != CCS_CONFIG_USE_DEFAULT) { |
if (config != CCS_CONFIG_USE_DEFAULT) { |
406 |
if (strstr(cp, "grant_log=yes")) |
if (strstr(cp, "grant_log=yes")) |
407 |
config |= CCS_CONFIG_WANT_GRANT_LOG; |
config |= CCS_CONFIG_WANT_GRANT_LOG; |
412 |
else if (strstr(cp, "reject_log=no")) |
else if (strstr(cp, "reject_log=no")) |
413 |
config &= ~CCS_CONFIG_WANT_REJECT_LOG; |
config &= ~CCS_CONFIG_WANT_REJECT_LOG; |
414 |
} |
} |
415 |
|
#endif |
416 |
} |
} |
417 |
if (i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX |
if (i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX |
418 |
+ CCS_MAX_MAC_CATEGORY_INDEX) |
+ CCS_MAX_MAC_CATEGORY_INDEX) |
449 |
if (!done) |
if (!done) |
450 |
goto out; |
goto out; |
451 |
config = profile->default_config; |
config = profile->default_config; |
452 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
453 |
if (!ccs_io_printf(head, "%u-CONFIG={ mode=%s grant_log=%s " |
if (!ccs_io_printf(head, "%u-CONFIG={ mode=%s grant_log=%s " |
454 |
"reject_log=%s }\n", index, |
"reject_log=%s }\n", index, |
455 |
ccs_mode_4[config & 3], |
ccs_mode_4[config & 3], |
458 |
ccs_yesno(config & |
ccs_yesno(config & |
459 |
CCS_CONFIG_WANT_REJECT_LOG))) |
CCS_CONFIG_WANT_REJECT_LOG))) |
460 |
goto out; |
goto out; |
461 |
|
#else |
462 |
|
if (!ccs_io_printf(head, "%u-CONFIG={ mode=%s }\n", index, |
463 |
|
ccs_mode_4[config & 3])) |
464 |
|
goto out; |
465 |
|
#endif |
466 |
for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX |
for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX |
467 |
+ CCS_MAX_MAC_CATEGORY_INDEX; i++) { |
+ CCS_MAX_MAC_CATEGORY_INDEX; i++) { |
468 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
469 |
const char *g; |
const char *g; |
470 |
const char *r; |
const char *r; |
471 |
|
#endif |
472 |
config = profile->config[i]; |
config = profile->config[i]; |
473 |
if (config == CCS_CONFIG_USE_DEFAULT) |
if (config == CCS_CONFIG_USE_DEFAULT) |
474 |
continue; |
continue; |
475 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
476 |
g = ccs_yesno(config & CCS_CONFIG_WANT_GRANT_LOG); |
g = ccs_yesno(config & CCS_CONFIG_WANT_GRANT_LOG); |
477 |
r = ccs_yesno(config & CCS_CONFIG_WANT_REJECT_LOG); |
r = ccs_yesno(config & CCS_CONFIG_WANT_REJECT_LOG); |
478 |
if (!ccs_io_printf(head, "%u-CONFIG::%s={ mode=%s " |
if (!ccs_io_printf(head, "%u-CONFIG::%s={ mode=%s " |
480 |
index, ccs_mac_keywords[i], |
index, ccs_mac_keywords[i], |
481 |
ccs_mode_4[config & 3], g, r)) |
ccs_mode_4[config & 3], g, r)) |
482 |
goto out; |
goto out; |
483 |
|
#else |
484 |
|
if (!ccs_io_printf(head, "%u-CONFIG::%s={ mode=%s }\n", |
485 |
|
index, ccs_mac_keywords[i], |
486 |
|
ccs_mode_4[config & 3])) |
487 |
|
goto out; |
488 |
|
#endif |
489 |
|
|
490 |
} |
} |
491 |
|
#ifdef CONFIG_CCSECURITY_AUDIT |
492 |
if (!ccs_io_printf(head, "%u-PREFERENCE::audit={ " |
if (!ccs_io_printf(head, "%u-PREFERENCE::audit={ " |
493 |
"max_grant_log=%u max_reject_log=%u }\n", |
"max_grant_log=%u max_reject_log=%u }\n", |
494 |
index, profile->audit_max_grant_log, |
index, profile->audit_max_grant_log, |
495 |
profile->audit_max_reject_log) || |
profile->audit_max_reject_log)) |
496 |
!ccs_io_printf(head, "%u-PREFERENCE::learning={ " |
goto out; |
497 |
|
#endif |
498 |
|
if (!ccs_io_printf(head, "%u-PREFERENCE::learning={ " |
499 |
"verbose=%s max_entry=%u exec.realpath=%s " |
"verbose=%s max_entry=%u exec.realpath=%s " |
500 |
"exec.argv0=%s }\n", index, |
"exec.argv0=%s }\n", index, |
501 |
ccs_yesno(profile->learning_verbose), |
ccs_yesno(profile->learning_verbose), |