| 3 |
* |
* |
| 4 |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
| 5 |
* |
* |
| 6 |
* Version: 1.7.0-pre 2009/08/08 |
* Version: 1.7.0-pre 2009/08/24 |
| 7 |
* |
* |
| 8 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
| 9 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
| 24 |
"disabled", "learning", "permissive", "enforcing" |
"disabled", "learning", "permissive", "enforcing" |
| 25 |
}; |
}; |
| 26 |
|
|
|
static bool ccs_mac_keywords_used[CCS_MAX_MAC_INDEX + |
|
|
CCS_MAX_CAPABILITY_INDEX]; |
|
|
|
|
| 27 |
static const char *ccs_mac_keywords[CCS_MAX_MAC_INDEX + |
static const char *ccs_mac_keywords[CCS_MAX_MAC_INDEX + |
| 28 |
CCS_MAX_CAPABILITY_INDEX] = { |
CCS_MAX_CAPABILITY_INDEX + |
| 29 |
[CCS_MAC_EXECUTE] = "execute", |
CCS_MAX_MAC_CATEGORY_INDEX] = { |
| 30 |
[CCS_MAC_OPEN] = "open", |
[CCS_MAC_FILE_EXECUTE] |
| 31 |
[CCS_MAC_CREATE] = "create", |
= "file::execute", |
| 32 |
[CCS_MAC_UNLINK] = "unlink", |
[CCS_MAC_FILE_OPEN] |
| 33 |
[CCS_MAC_MKDIR] = "mkdir", |
= "file::open", |
| 34 |
[CCS_MAC_RMDIR] = "rmdir", |
[CCS_MAC_FILE_CREATE] |
| 35 |
[CCS_MAC_MKFIFO] = "mkfifo", |
= "file::create", |
| 36 |
[CCS_MAC_MKSOCK] = "mksock", |
[CCS_MAC_FILE_UNLINK] |
| 37 |
[CCS_MAC_TRUNCATE] = "truncate", |
= "file::unlink", |
| 38 |
[CCS_MAC_SYMLINK] = "symlink", |
[CCS_MAC_FILE_MKDIR] |
| 39 |
[CCS_MAC_REWRITE] = "rewrite", |
= "file::mkdir", |
| 40 |
[CCS_MAC_MKBLOCK] = "mkblock", |
[CCS_MAC_FILE_RMDIR] |
| 41 |
[CCS_MAC_MKCHAR] = "mkchar", |
= "file::rmdir", |
| 42 |
[CCS_MAC_LINK] = "link", |
[CCS_MAC_FILE_MKFIFO] |
| 43 |
[CCS_MAC_RENAME] = "rename", |
= "file::mkfifo", |
| 44 |
[CCS_MAC_CHMOD] = "chmod", |
[CCS_MAC_FILE_MKSOCK] |
| 45 |
[CCS_MAC_CHOWN] = "chown", |
= "file::mksock", |
| 46 |
[CCS_MAC_CHGRP] = "chgrp", |
[CCS_MAC_FILE_TRUNCATE] |
| 47 |
[CCS_MAC_IOCTL] = "ioctl", |
= "file::truncate", |
| 48 |
[CCS_MAC_CHROOT] = "chroot", |
[CCS_MAC_FILE_SYMLINK] |
| 49 |
[CCS_MAC_MOUNT] = "mount", |
= "file::symlink", |
| 50 |
[CCS_MAC_UMOUNT] = "umount", |
[CCS_MAC_FILE_REWRITE] |
| 51 |
[CCS_MAC_PIVOT_ROOT] = "pivot_root", |
= "file::rewrite", |
| 52 |
[CCS_MAC_ENVIRON] = "env", |
[CCS_MAC_FILE_MKBLOCK] |
| 53 |
[CCS_MAC_NETWORK] = "network", |
= "file::mkblock", |
| 54 |
[CCS_MAC_SIGNAL] = "signal", |
[CCS_MAC_FILE_MKCHAR] |
| 55 |
|
= "file::mkchar", |
| 56 |
|
[CCS_MAC_FILE_LINK] |
| 57 |
|
= "file::link", |
| 58 |
|
[CCS_MAC_FILE_RENAME] |
| 59 |
|
= "file::rename", |
| 60 |
|
[CCS_MAC_FILE_CHMOD] |
| 61 |
|
= "file::chmod", |
| 62 |
|
[CCS_MAC_FILE_CHOWN] |
| 63 |
|
= "file::chown", |
| 64 |
|
[CCS_MAC_FILE_CHGRP] |
| 65 |
|
= "file::chgrp", |
| 66 |
|
[CCS_MAC_FILE_IOCTL] |
| 67 |
|
= "file::ioctl", |
| 68 |
|
[CCS_MAC_FILE_CHROOT] |
| 69 |
|
= "file::chroot", |
| 70 |
|
[CCS_MAC_FILE_MOUNT] |
| 71 |
|
= "file::mount", |
| 72 |
|
[CCS_MAC_FILE_UMOUNT] |
| 73 |
|
= "file::umount", |
| 74 |
|
[CCS_MAC_FILE_PIVOT_ROOT] |
| 75 |
|
= "file::pivot_root", |
| 76 |
|
[CCS_MAC_ENVIRON] |
| 77 |
|
= "misc::env", |
| 78 |
|
[CCS_MAC_NETWORK_UDP_BIND] |
| 79 |
|
= "network::inet_udp_bind", |
| 80 |
|
[CCS_MAC_NETWORK_UDP_CONNECT] |
| 81 |
|
= "network::inet_udp_connect", |
| 82 |
|
[CCS_MAC_NETWORK_TCP_BIND] |
| 83 |
|
= "network::inet_tcp_bind", |
| 84 |
|
[CCS_MAC_NETWORK_TCP_LISTEN] |
| 85 |
|
= "network::inet_tcp_listen", |
| 86 |
|
[CCS_MAC_NETWORK_TCP_CONNECT] |
| 87 |
|
= "network::inet_tcp_connect", |
| 88 |
|
[CCS_MAC_NETWORK_TCP_ACCEPT] |
| 89 |
|
= "network::inet_tcp_accept", |
| 90 |
|
[CCS_MAC_NETWORK_RAW_BIND] |
| 91 |
|
= "network::inet_raw_bind", |
| 92 |
|
[CCS_MAC_NETWORK_RAW_CONNECT] |
| 93 |
|
= "network::inet_raw_connect", |
| 94 |
|
[CCS_MAC_SIGNAL] |
| 95 |
|
= "ipc::signal", |
| 96 |
[CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_CREATE] |
[CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_CREATE] |
| 97 |
= "inet_tcp_create", |
= "capability::inet_tcp_create", |
| 98 |
[CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_LISTEN] |
[CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_LISTEN] |
| 99 |
= "inet_tcp_listen", |
= "capability::inet_tcp_listen", |
| 100 |
[CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_CONNECT] |
[CCS_MAX_MAC_INDEX + CCS_INET_STREAM_SOCKET_CONNECT] |
| 101 |
= "inet_tcp_connect", |
= "capability::inet_tcp_connect", |
| 102 |
[CCS_MAX_MAC_INDEX + CCS_USE_INET_DGRAM_SOCKET] = "use_inet_udp", |
[CCS_MAX_MAC_INDEX + CCS_USE_INET_DGRAM_SOCKET] |
| 103 |
[CCS_MAX_MAC_INDEX + CCS_USE_INET_RAW_SOCKET] = "use_inet_ip", |
= "capability::use_inet_udp", |
| 104 |
[CCS_MAX_MAC_INDEX + CCS_USE_ROUTE_SOCKET] = "use_route", |
[CCS_MAX_MAC_INDEX + CCS_USE_INET_RAW_SOCKET] |
| 105 |
[CCS_MAX_MAC_INDEX + CCS_USE_PACKET_SOCKET] = "use_packet", |
= "capability::use_inet_ip", |
| 106 |
[CCS_MAX_MAC_INDEX + CCS_SYS_MOUNT] = "SYS_MOUNT", |
[CCS_MAX_MAC_INDEX + CCS_USE_ROUTE_SOCKET] |
| 107 |
[CCS_MAX_MAC_INDEX + CCS_SYS_UMOUNT] = "SYS_UMOUNT", |
= "capability::use_route", |
| 108 |
[CCS_MAX_MAC_INDEX + CCS_SYS_REBOOT] = "SYS_REBOOT", |
[CCS_MAX_MAC_INDEX + CCS_USE_PACKET_SOCKET] |
| 109 |
[CCS_MAX_MAC_INDEX + CCS_SYS_CHROOT] = "SYS_CHROOT", |
= "capability::use_packet", |
| 110 |
[CCS_MAX_MAC_INDEX + CCS_SYS_KILL] = "SYS_KILL", |
[CCS_MAX_MAC_INDEX + CCS_SYS_MOUNT] |
| 111 |
[CCS_MAX_MAC_INDEX + CCS_SYS_VHANGUP] = "SYS_VHANGUP", |
= "capability::SYS_MOUNT", |
| 112 |
[CCS_MAX_MAC_INDEX + CCS_SYS_SETTIME] = "SYS_TIME", |
[CCS_MAX_MAC_INDEX + CCS_SYS_UMOUNT] |
| 113 |
[CCS_MAX_MAC_INDEX + CCS_SYS_NICE] = "SYS_NICE", |
= "capability::SYS_UMOUNT", |
| 114 |
[CCS_MAX_MAC_INDEX + CCS_SYS_SETHOSTNAME] = "SYS_SETHOSTNAME", |
[CCS_MAX_MAC_INDEX + CCS_SYS_REBOOT] |
| 115 |
[CCS_MAX_MAC_INDEX + CCS_USE_KERNEL_MODULE] = "use_kernel_module", |
= "capability::SYS_REBOOT", |
| 116 |
[CCS_MAX_MAC_INDEX + CCS_CREATE_FIFO] = "create_fifo", |
[CCS_MAX_MAC_INDEX + CCS_SYS_CHROOT] |
| 117 |
[CCS_MAX_MAC_INDEX + CCS_CREATE_BLOCK_DEV] = "create_block_dev", |
= "capability::SYS_CHROOT", |
| 118 |
[CCS_MAX_MAC_INDEX + CCS_CREATE_CHAR_DEV] = "create_char_dev", |
[CCS_MAX_MAC_INDEX + CCS_SYS_KILL] |
| 119 |
[CCS_MAX_MAC_INDEX + CCS_CREATE_UNIX_SOCKET] = "create_unix_socket", |
= "capability::SYS_KILL", |
| 120 |
[CCS_MAX_MAC_INDEX + CCS_SYS_LINK] = "SYS_LINK", |
[CCS_MAX_MAC_INDEX + CCS_SYS_VHANGUP] |
| 121 |
[CCS_MAX_MAC_INDEX + CCS_SYS_SYMLINK] = "SYS_SYMLINK", |
= "capability::SYS_VHANGUP", |
| 122 |
[CCS_MAX_MAC_INDEX + CCS_SYS_RENAME] = "SYS_RENAME", |
[CCS_MAX_MAC_INDEX + CCS_SYS_SETTIME] |
| 123 |
[CCS_MAX_MAC_INDEX + CCS_SYS_UNLINK] = "SYS_UNLINK", |
= "capability::SYS_TIME", |
| 124 |
[CCS_MAX_MAC_INDEX + CCS_SYS_CHMOD] = "SYS_CHMOD", |
[CCS_MAX_MAC_INDEX + CCS_SYS_NICE] |
| 125 |
[CCS_MAX_MAC_INDEX + CCS_SYS_CHOWN] = "SYS_CHOWN", |
= "capability::SYS_NICE", |
| 126 |
[CCS_MAX_MAC_INDEX + CCS_SYS_IOCTL] = "SYS_IOCTL", |
[CCS_MAX_MAC_INDEX + CCS_SYS_SETHOSTNAME] |
| 127 |
[CCS_MAX_MAC_INDEX + CCS_SYS_KEXEC_LOAD] = "SYS_KEXEC_LOAD", |
= "capability::SYS_SETHOSTNAME", |
| 128 |
[CCS_MAX_MAC_INDEX + CCS_SYS_PIVOT_ROOT] = "SYS_PIVOT_ROOT", |
[CCS_MAX_MAC_INDEX + CCS_USE_KERNEL_MODULE] |
| 129 |
[CCS_MAX_MAC_INDEX + CCS_SYS_PTRACE] = "SYS_PTRACE", |
= "capability::use_kernel_module", |
| 130 |
[CCS_MAX_MAC_INDEX + CCS_CONCEAL_MOUNT] = "conceal_mount" |
[CCS_MAX_MAC_INDEX + CCS_CREATE_FIFO] |
| 131 |
|
= "capability::create_fifo", |
| 132 |
|
[CCS_MAX_MAC_INDEX + CCS_CREATE_BLOCK_DEV] |
| 133 |
|
= "capability::create_block_dev", |
| 134 |
|
[CCS_MAX_MAC_INDEX + CCS_CREATE_CHAR_DEV] |
| 135 |
|
= "capability::create_char_dev", |
| 136 |
|
[CCS_MAX_MAC_INDEX + CCS_CREATE_UNIX_SOCKET] |
| 137 |
|
= "capability::create_unix_socket", |
| 138 |
|
[CCS_MAX_MAC_INDEX + CCS_SYS_LINK] |
| 139 |
|
= "capability::SYS_LINK", |
| 140 |
|
[CCS_MAX_MAC_INDEX + CCS_SYS_SYMLINK] |
| 141 |
|
= "capability::SYS_SYMLINK", |
| 142 |
|
[CCS_MAX_MAC_INDEX + CCS_SYS_RENAME] |
| 143 |
|
= "capability::SYS_RENAME", |
| 144 |
|
[CCS_MAX_MAC_INDEX + CCS_SYS_UNLINK] |
| 145 |
|
= "capability::SYS_UNLINK", |
| 146 |
|
[CCS_MAX_MAC_INDEX + CCS_SYS_CHMOD] |
| 147 |
|
= "capability::SYS_CHMOD", |
| 148 |
|
[CCS_MAX_MAC_INDEX + CCS_SYS_CHOWN] |
| 149 |
|
= "capability::SYS_CHOWN", |
| 150 |
|
[CCS_MAX_MAC_INDEX + CCS_SYS_IOCTL] |
| 151 |
|
= "capability::SYS_IOCTL", |
| 152 |
|
[CCS_MAX_MAC_INDEX + CCS_SYS_KEXEC_LOAD] |
| 153 |
|
= "capability::SYS_KEXEC_LOAD", |
| 154 |
|
[CCS_MAX_MAC_INDEX + CCS_SYS_PIVOT_ROOT] |
| 155 |
|
= "capability::SYS_PIVOT_ROOT", |
| 156 |
|
[CCS_MAX_MAC_INDEX + CCS_SYS_PTRACE] |
| 157 |
|
= "capability::SYS_PTRACE", |
| 158 |
|
[CCS_MAX_MAC_INDEX + CCS_CONCEAL_MOUNT] |
| 159 |
|
= "capability::conceal_mount", |
| 160 |
|
[CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX |
| 161 |
|
+ CCS_MAC_CATEGORY_FILE] = "file", |
| 162 |
|
[CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX |
| 163 |
|
+ CCS_MAC_CATEGORY_NETWORK] = "network", |
| 164 |
|
[CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX |
| 165 |
|
+ CCS_MAC_CATEGORY_MISC] = "misc", |
| 166 |
|
[CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX |
| 167 |
|
+ CCS_MAC_CATEGORY_IPC] = "ipc", |
| 168 |
|
[CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX |
| 169 |
|
+ CCS_MAC_CATEGORY_CAPABILITY] = "capability", |
| 170 |
}; |
}; |
| 171 |
|
|
| 172 |
/* Table for profile. */ |
/* Table for profile. */ |
| 202 |
const char *ccs_cap2keyword(const u8 operation) |
const char *ccs_cap2keyword(const u8 operation) |
| 203 |
{ |
{ |
| 204 |
return operation < CCS_MAX_CAPABILITY_INDEX |
return operation < CCS_MAX_CAPABILITY_INDEX |
| 205 |
? ccs_mac_keywords[CCS_MAX_MAC_INDEX + operation] : NULL; |
? ccs_mac_keywords[CCS_MAX_MAC_INDEX + operation] + 12 : NULL; |
| 206 |
} |
} |
| 207 |
|
|
| 208 |
/** |
/** |
| 272 |
ptr = entry; |
ptr = entry; |
| 273 |
for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++) |
for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++) |
| 274 |
ptr->value[i] = ccs_control_array[i].current_value; |
ptr->value[i] = ccs_control_array[i].current_value; |
| 275 |
|
ptr->default_config = CCS_MAC_MODE_DISABLED; |
| 276 |
|
memset(ptr->config, CCS_MAC_MODE_USE_DEFAULT, |
| 277 |
|
sizeof(ptr->config)); |
| 278 |
mb(); /* Avoid out-of-order execution. */ |
mb(); /* Avoid out-of-order execution. */ |
| 279 |
ccs_profile_ptr[profile] = ptr; |
ccs_profile_ptr[profile] = ptr; |
| 280 |
entry = NULL; |
entry = NULL; |
| 296 |
char *data = head->write_buf; |
char *data = head->write_buf; |
| 297 |
unsigned int i; |
unsigned int i; |
| 298 |
unsigned int value; |
unsigned int value; |
|
int index = -1; |
|
| 299 |
int mode; |
int mode; |
| 300 |
|
u8 config; |
| 301 |
char *cp; |
char *cp; |
| 302 |
struct ccs_profile *ccs_profile; |
struct ccs_profile *ccs_profile; |
| 303 |
i = simple_strtoul(data, &cp, 10); |
i = simple_strtoul(data, &cp, 10); |
| 324 |
ccs_put_name(old_comment); |
ccs_put_name(old_comment); |
| 325 |
return 0; |
return 0; |
| 326 |
} |
} |
|
if (!ccs_str_starts(&data, "MAC::")) |
|
|
goto not_mac; |
|
|
if (ccs_str_starts(&data, CCS_KEYWORD_CAPABILITY)) |
|
|
for (i = 0; i < CCS_MAX_CAPABILITY_INDEX; i++) { |
|
|
if (strcmp(data, |
|
|
ccs_mac_keywords[CCS_MAX_MAC_INDEX + i])) |
|
|
continue; |
|
|
index = CCS_MAX_MAC_INDEX + i; |
|
|
break; |
|
|
} |
|
|
else |
|
|
for (i = 0; i < CCS_MAX_MAC_INDEX; i++) { |
|
|
if (strcmp(data, ccs_mac_keywords[i])) |
|
|
continue; |
|
|
index = i; |
|
|
break; |
|
|
} |
|
|
if (index < 0) |
|
|
return -EINVAL; |
|
|
ccs_mac_keywords_used[index] = 1; |
|
|
ccs_profile->no_grant_log[index] = !!strstr(cp, "no_grant_log"); |
|
|
ccs_profile->no_reject_log[index] = !!strstr(cp, "no_reject_log"); |
|
|
for (mode = 0; mode < 4; mode++) |
|
|
if (strstr(cp, ccs_mode_4[mode])) |
|
|
ccs_profile->mac_mode[index] = mode; |
|
|
return 0; |
|
|
not_mac: |
|
| 327 |
for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++) { |
for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++) { |
| 328 |
if (strcmp(data, ccs_control_array[i].keyword)) |
if (strcmp(data, ccs_control_array[i].keyword)) |
| 329 |
continue; |
continue; |
| 343 |
ccs_profile->value[i] = value; |
ccs_profile->value[i] = value; |
| 344 |
return 0; |
return 0; |
| 345 |
} |
} |
| 346 |
return -EINVAL; |
config = 0; |
| 347 |
|
if (strstr(cp, "no_grant_log")) |
| 348 |
|
config |= CCS_MAC_MODE_NO_GRANT_LOG; |
| 349 |
|
if (strstr(cp, "no_reject_log")) |
| 350 |
|
config |= CCS_MAC_MODE_NO_REJECT_LOG; |
| 351 |
|
for (mode = 3; mode >= 0; mode--) |
| 352 |
|
if (strstr(cp, ccs_mode_4[mode])) |
| 353 |
|
break; |
| 354 |
|
if (mode < 0) |
| 355 |
|
sscanf(cp, "%u", &mode); |
| 356 |
|
if (mode < 0 || mode > 3) |
| 357 |
|
return -EINVAL; |
| 358 |
|
config |= mode; |
| 359 |
|
if (!strcmp(data, "MAC")) |
| 360 |
|
ccs_profile->default_config = config; |
| 361 |
|
else if (ccs_str_starts(&data, "MAC::")) |
| 362 |
|
for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX |
| 363 |
|
+ CCS_MAX_MAC_CATEGORY_INDEX; i++) { |
| 364 |
|
if (strcmp(data, ccs_mac_keywords[i])) |
| 365 |
|
continue; |
| 366 |
|
ccs_profile->config[i] = config; |
| 367 |
|
break; |
| 368 |
|
} |
| 369 |
|
return 0; |
| 370 |
} |
} |
| 371 |
|
|
| 372 |
static bool ccs_print_mac_mode(struct ccs_io_buffer *head, u8 index) |
static bool ccs_print_mac_mode(struct ccs_io_buffer *head, u8 index) |
| 374 |
const int pos = head->read_avail; |
const int pos = head->read_avail; |
| 375 |
int i; |
int i; |
| 376 |
const struct ccs_profile *ccs_profile = ccs_profile_ptr[index]; |
const struct ccs_profile *ccs_profile = ccs_profile_ptr[index]; |
| 377 |
for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX; i++) { |
u8 config = ccs_profile->default_config; |
| 378 |
if (!ccs_mac_keywords_used[i]) |
if (!ccs_io_printf(head, "%u-MAC=%s %s %s\n", index, |
| 379 |
|
ccs_mode_4[config & 3], |
| 380 |
|
config & CCS_MAC_MODE_NO_GRANT_LOG ? |
| 381 |
|
"no_grant_log" : "", |
| 382 |
|
config & CCS_MAC_MODE_NO_REJECT_LOG ? |
| 383 |
|
"no_reject_log" : "")) |
| 384 |
|
goto out; |
| 385 |
|
for (i = 0; i < CCS_MAX_MAC_INDEX + CCS_MAX_CAPABILITY_INDEX |
| 386 |
|
+ CCS_MAX_MAC_CATEGORY_INDEX; i++) { |
| 387 |
|
config = ccs_profile->config[i]; |
| 388 |
|
if (config == CCS_MAC_MODE_USE_DEFAULT) |
| 389 |
continue; |
continue; |
| 390 |
if (!ccs_io_printf(head, "%u-MAC::%s%s=%s %s %s\n", index, |
if (!ccs_io_printf(head, "%u-MAC::%s=%s %s %s\n", index, |
|
i >= CCS_MAX_MAC_INDEX ? |
|
|
CCS_KEYWORD_CAPABILITY : "", |
|
| 391 |
ccs_mac_keywords[i], |
ccs_mac_keywords[i], |
| 392 |
ccs_mode_4[ccs_profile->mac_mode[i]], |
ccs_mode_4[config & 3], |
| 393 |
ccs_profile->no_grant_log[i] ? |
config & CCS_MAC_MODE_NO_GRANT_LOG ? |
| 394 |
"no_grant_log" : "", |
"no_grant_log" : "", |
| 395 |
ccs_profile->no_reject_log[i] ? |
config & CCS_MAC_MODE_NO_REJECT_LOG ? |
| 396 |
"no_reject_log" : "")) |
"no_reject_log" : "")) |
| 397 |
goto out; |
goto out; |
| 398 |
} |
} |
| 406 |
* ccs_read_profile - Read profile table. |
* ccs_read_profile - Read profile table. |
| 407 |
* |
* |
| 408 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
|
* |
|
|
* Returns 0. |
|
| 409 |
*/ |
*/ |
| 410 |
static int ccs_read_profile(struct ccs_io_buffer *head) |
static void ccs_read_profile(struct ccs_io_buffer *head) |
| 411 |
{ |
{ |
| 412 |
static const int ccs_total = CCS_MAX_CONTROL_INDEX + 2; |
static const int ccs_total = CCS_MAX_CONTROL_INDEX + 2; |
| 413 |
int step; |
int step; |
| 414 |
if (head->read_eof) |
if (head->read_eof) |
| 415 |
return 0; |
return; |
| 416 |
for (step = head->read_step; step < CCS_MAX_PROFILES * ccs_total; |
for (step = head->read_step; step < CCS_MAX_PROFILES * ccs_total; |
| 417 |
step++) { |
step++) { |
| 418 |
const u8 index = step / ccs_total; |
const u8 index = step / ccs_total; |
| 453 |
} |
} |
| 454 |
if (step == CCS_MAX_PROFILES * ccs_total) |
if (step == CCS_MAX_PROFILES * ccs_total) |
| 455 |
head->read_eof = true; |
head->read_eof = true; |
|
return 0; |
|
| 456 |
} |
} |
| 457 |
|
|
| 458 |
/* The list for "struct ccs_policy_manager_entry". */ |
/* The list for "struct ccs_policy_manager_entry". */ |
| 527 |
* |
* |
| 528 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 529 |
* |
* |
|
* Returns 0. |
|
|
* |
|
| 530 |
* Caller holds ccs_read_lock(). |
* Caller holds ccs_read_lock(). |
| 531 |
*/ |
*/ |
| 532 |
static int ccs_read_manager_policy(struct ccs_io_buffer *head) |
static void ccs_read_manager_policy(struct ccs_io_buffer *head) |
| 533 |
{ |
{ |
| 534 |
struct list_head *pos; |
struct list_head *pos; |
| 535 |
ccs_assert_read_lock(); |
ccs_assert_read_lock(); |
| 536 |
if (head->read_eof) |
if (head->read_eof) |
| 537 |
return 0; |
return; |
| 538 |
list_for_each_cookie(pos, head->read_var2, &ccs_policy_manager_list) { |
list_for_each_cookie(pos, head->read_var2, &ccs_policy_manager_list) { |
| 539 |
struct ccs_policy_manager_entry *ptr; |
struct ccs_policy_manager_entry *ptr; |
| 540 |
ptr = list_entry(pos, struct ccs_policy_manager_entry, list); |
ptr = list_entry(pos, struct ccs_policy_manager_entry, list); |
| 541 |
if (ptr->is_deleted) |
if (ptr->is_deleted) |
| 542 |
continue; |
continue; |
| 543 |
if (!ccs_io_printf(head, "%s\n", ptr->manager->name)) |
if (!ccs_io_printf(head, "%s\n", ptr->manager->name)) |
| 544 |
return 0; |
return; |
| 545 |
} |
} |
| 546 |
head->read_eof = true; |
head->read_eof = true; |
|
return 0; |
|
| 547 |
} |
} |
| 548 |
|
|
| 549 |
/** |
/** |
| 973 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
| 974 |
*/ |
*/ |
| 975 |
static bool ccs_print_path_acl(struct ccs_io_buffer *head, |
static bool ccs_print_path_acl(struct ccs_io_buffer *head, |
| 976 |
struct ccs_path_acl *ptr, |
struct ccs_path_acl *ptr, |
| 977 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
| 978 |
{ |
{ |
| 979 |
int pos; |
int pos; |
| 980 |
u8 bit; |
u8 bit; |
| 1011 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
| 1012 |
*/ |
*/ |
| 1013 |
static bool ccs_print_path_number3_acl(struct ccs_io_buffer *head, |
static bool ccs_print_path_number3_acl(struct ccs_io_buffer *head, |
| 1014 |
struct ccs_path_number3_acl *ptr, |
struct ccs_path_number3_acl *ptr, |
| 1015 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
| 1016 |
{ |
{ |
| 1017 |
int pos; |
int pos; |
| 1018 |
u8 bit; |
u8 bit; |
| 1048 |
* Returns true on success, false otherwise. |
* Returns true on success, false otherwise. |
| 1049 |
*/ |
*/ |
| 1050 |
static bool ccs_print_path2_acl(struct ccs_io_buffer *head, |
static bool ccs_print_path2_acl(struct ccs_io_buffer *head, |
| 1051 |
struct ccs_path2_acl *ptr, |
struct ccs_path2_acl *ptr, |
| 1052 |
const struct ccs_condition *cond) |
const struct ccs_condition *cond) |
| 1053 |
{ |
{ |
| 1054 |
int pos; |
int pos; |
| 1055 |
u8 bit; |
u8 bit; |
| 1490 |
* |
* |
| 1491 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 1492 |
* |
* |
|
* Returns 0. |
|
|
* |
|
| 1493 |
* Caller holds ccs_read_lock(). |
* Caller holds ccs_read_lock(). |
| 1494 |
*/ |
*/ |
| 1495 |
static int ccs_read_domain_policy(struct ccs_io_buffer *head) |
static void ccs_read_domain_policy(struct ccs_io_buffer *head) |
| 1496 |
{ |
{ |
| 1497 |
struct list_head *dpos; |
struct list_head *dpos; |
| 1498 |
struct list_head *apos; |
struct list_head *apos; |
| 1499 |
ccs_assert_read_lock(); |
ccs_assert_read_lock(); |
| 1500 |
if (head->read_eof) |
if (head->read_eof) |
| 1501 |
return 0; |
return; |
| 1502 |
if (head->read_step == 0) |
if (head->read_step == 0) |
| 1503 |
head->read_step = 1; |
head->read_step = 1; |
| 1504 |
list_for_each_cookie(dpos, head->read_var1, &ccs_domain_list) { |
list_for_each_cookie(dpos, head->read_var1, &ccs_domain_list) { |
| 1529 |
transition_failed, |
transition_failed, |
| 1530 |
ignore_global_allow_read, |
ignore_global_allow_read, |
| 1531 |
ignore_global_allow_env)) |
ignore_global_allow_env)) |
| 1532 |
return 0; |
return; |
| 1533 |
head->read_step = 2; |
head->read_step = 2; |
| 1534 |
acl_loop: |
acl_loop: |
| 1535 |
if (head->read_step == 3) |
if (head->read_step == 3) |
| 1540 |
struct ccs_acl_info *ptr |
struct ccs_acl_info *ptr |
| 1541 |
= list_entry(apos, struct ccs_acl_info, list); |
= list_entry(apos, struct ccs_acl_info, list); |
| 1542 |
if (!ccs_print_entry(head, ptr)) |
if (!ccs_print_entry(head, ptr)) |
| 1543 |
return 0; |
return; |
| 1544 |
} |
} |
| 1545 |
head->read_step = 3; |
head->read_step = 3; |
| 1546 |
tail_mark: |
tail_mark: |
| 1547 |
if (!ccs_io_printf(head, "\n")) |
if (!ccs_io_printf(head, "\n")) |
| 1548 |
return 0; |
return; |
| 1549 |
head->read_step = 1; |
head->read_step = 1; |
| 1550 |
if (head->read_single_domain) |
if (head->read_single_domain) |
| 1551 |
break; |
break; |
| 1552 |
} |
} |
| 1553 |
head->read_eof = true; |
head->read_eof = true; |
|
return 0; |
|
| 1554 |
} |
} |
| 1555 |
|
|
| 1556 |
/** |
/** |
| 1591 |
* |
* |
| 1592 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 1593 |
* |
* |
|
* Returns list of profile number and domainname pairs. |
|
|
* |
|
| 1594 |
* This is equivalent to doing |
* This is equivalent to doing |
| 1595 |
* |
* |
| 1596 |
* grep -A 1 '^<kernel>' /proc/ccs/domain_policy | |
* grep -A 1 '^<kernel>' /proc/ccs/domain_policy | |
| 1600 |
* |
* |
| 1601 |
* Caller holds ccs_read_lock(). |
* Caller holds ccs_read_lock(). |
| 1602 |
*/ |
*/ |
| 1603 |
static int ccs_read_domain_profile(struct ccs_io_buffer *head) |
static void ccs_read_domain_profile(struct ccs_io_buffer *head) |
| 1604 |
{ |
{ |
| 1605 |
struct list_head *pos; |
struct list_head *pos; |
| 1606 |
ccs_assert_read_lock(); |
ccs_assert_read_lock(); |
| 1607 |
if (head->read_eof) |
if (head->read_eof) |
| 1608 |
return 0; |
return; |
| 1609 |
list_for_each_cookie(pos, head->read_var1, &ccs_domain_list) { |
list_for_each_cookie(pos, head->read_var1, &ccs_domain_list) { |
| 1610 |
struct ccs_domain_info *domain; |
struct ccs_domain_info *domain; |
| 1611 |
domain = list_entry(pos, struct ccs_domain_info, list); |
domain = list_entry(pos, struct ccs_domain_info, list); |
| 1613 |
continue; |
continue; |
| 1614 |
if (!ccs_io_printf(head, "%u %s\n", domain->profile, |
if (!ccs_io_printf(head, "%u %s\n", domain->profile, |
| 1615 |
domain->domainname->name)) |
domain->domainname->name)) |
| 1616 |
return 0; |
return; |
| 1617 |
} |
} |
| 1618 |
head->read_eof = true; |
head->read_eof = true; |
|
return 0; |
|
| 1619 |
} |
} |
| 1620 |
|
|
| 1621 |
/** |
/** |
| 1642 |
* |
* |
| 1643 |
* Caller holds ccs_read_lock(). |
* Caller holds ccs_read_lock(). |
| 1644 |
*/ |
*/ |
| 1645 |
static int ccs_read_pid(struct ccs_io_buffer *head) |
static void ccs_read_pid(struct ccs_io_buffer *head) |
| 1646 |
{ |
{ |
| 1647 |
char *buf = head->write_buf; |
char *buf = head->write_buf; |
| 1648 |
bool task_info = false; |
bool task_info = false; |
| 1653 |
ccs_assert_read_lock(); |
ccs_assert_read_lock(); |
| 1654 |
/* Accessing write_buf is safe because head->io_sem is held. */ |
/* Accessing write_buf is safe because head->io_sem is held. */ |
| 1655 |
if (!buf) |
if (!buf) |
| 1656 |
goto done; /* Do nothing if open(O_RDONLY). */ |
return; /* Do nothing if open(O_RDONLY). */ |
| 1657 |
if (head->read_avail || head->read_eof) |
if (head->read_avail || head->read_eof) |
| 1658 |
goto done; |
return; |
| 1659 |
head->read_eof = true; |
head->read_eof = true; |
| 1660 |
if (ccs_str_starts(&buf, "info ")) |
if (ccs_str_starts(&buf, "info ")) |
| 1661 |
task_info = true; |
task_info = true; |
| 1668 |
} |
} |
| 1669 |
read_unlock(&tasklist_lock); |
read_unlock(&tasklist_lock); |
| 1670 |
if (!domain) |
if (!domain) |
| 1671 |
goto done; |
return; |
| 1672 |
if (!task_info) |
if (!task_info) |
| 1673 |
ccs_io_printf(head, "%u %u %s", pid, domain->profile, |
ccs_io_printf(head, "%u %u %s", pid, domain->profile, |
| 1674 |
domain->domainname->name); |
domain->domainname->name); |
| 1682 |
(u8) (ccs_flags >> 24), |
(u8) (ccs_flags >> 24), |
| 1683 |
(u8) (ccs_flags >> 16), |
(u8) (ccs_flags >> 16), |
| 1684 |
(u8) (ccs_flags >> 8)); |
(u8) (ccs_flags >> 8)); |
|
done: |
|
|
return 0; |
|
| 1685 |
} |
} |
| 1686 |
|
|
| 1687 |
/** |
/** |
| 1731 |
* |
* |
| 1732 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
| 1733 |
* |
* |
|
* Returns 0 on success, -EINVAL otherwise. |
|
|
* |
|
| 1734 |
* Caller holds ccs_read_lock(). |
* Caller holds ccs_read_lock(). |
| 1735 |
*/ |
*/ |
| 1736 |
static int ccs_read_exception_policy(struct ccs_io_buffer *head) |
static void ccs_read_exception_policy(struct ccs_io_buffer *head) |
| 1737 |
{ |
{ |
| 1738 |
ccs_assert_read_lock(); |
ccs_assert_read_lock(); |
| 1739 |
if (!head->read_eof) { |
if (head->read_eof) |
| 1740 |
switch (head->read_step) { |
return; |
| 1741 |
case 0: |
switch (head->read_step) { |
| 1742 |
head->read_var2 = NULL; |
case 0: |
| 1743 |
head->read_step = 1; |
head->read_var2 = NULL; |
| 1744 |
case 1: |
head->read_step = 1; |
| 1745 |
if (!ccs_read_domain_keeper_policy(head)) |
case 1: |
| 1746 |
break; |
if (!ccs_read_domain_keeper_policy(head)) |
|
head->read_var2 = NULL; |
|
|
head->read_step = 2; |
|
|
case 2: |
|
|
if (!ccs_read_globally_readable_policy(head)) |
|
|
break; |
|
|
head->read_var2 = NULL; |
|
|
head->read_step = 3; |
|
|
case 3: |
|
|
if (!ccs_read_globally_usable_env_policy(head)) |
|
|
break; |
|
|
head->read_var2 = NULL; |
|
|
head->read_step = 4; |
|
|
case 4: |
|
|
if (!ccs_read_domain_initializer_policy(head)) |
|
|
break; |
|
|
head->read_var2 = NULL; |
|
|
head->read_step = 6; |
|
|
case 6: |
|
|
if (!ccs_read_aggregator_policy(head)) |
|
|
break; |
|
|
head->read_var2 = NULL; |
|
|
head->read_step = 7; |
|
|
case 7: |
|
|
if (!ccs_read_file_pattern(head)) |
|
|
break; |
|
|
head->read_var2 = NULL; |
|
|
head->read_step = 8; |
|
|
case 8: |
|
|
if (!ccs_read_no_rewrite_policy(head)) |
|
|
break; |
|
|
head->read_var2 = NULL; |
|
|
head->read_step = 9; |
|
|
case 9: |
|
|
if (!ccs_read_path_group_policy(head)) |
|
|
break; |
|
|
head->read_var1 = NULL; |
|
|
head->read_var2 = NULL; |
|
|
head->read_step = 10; |
|
|
case 10: |
|
|
if (!ccs_read_number_group_policy(head)) |
|
|
break; |
|
|
head->read_var1 = NULL; |
|
|
head->read_var2 = NULL; |
|
|
head->read_step = 11; |
|
|
case 11: |
|
|
if (!ccs_read_address_group_policy(head)) |
|
|
break; |
|
|
head->read_var2 = NULL; |
|
|
head->read_step = 12; |
|
|
case 12: |
|
|
if (!ccs_read_reserved_port_policy(head)) |
|
|
break; |
|
|
head->read_eof = true; |
|
| 1747 |
break; |
break; |
| 1748 |
default: |
head->read_var2 = NULL; |
| 1749 |
return -EINVAL; |
head->read_step = 2; |
| 1750 |
} |
case 2: |
| 1751 |
|
if (!ccs_read_globally_readable_policy(head)) |
| 1752 |
|
break; |
| 1753 |
|
head->read_var2 = NULL; |
| 1754 |
|
head->read_step = 3; |
| 1755 |
|
case 3: |
| 1756 |
|
if (!ccs_read_globally_usable_env_policy(head)) |
| 1757 |
|
break; |
| 1758 |
|
head->read_var2 = NULL; |
| 1759 |
|
head->read_step = 4; |
| 1760 |
|
case 4: |
| 1761 |
|
if (!ccs_read_domain_initializer_policy(head)) |
| 1762 |
|
break; |
| 1763 |
|
head->read_var2 = NULL; |
| 1764 |
|
head->read_step = 6; |
| 1765 |
|
case 6: |
| 1766 |
|
if (!ccs_read_aggregator_policy(head)) |
| 1767 |
|
break; |
| 1768 |
|
head->read_var2 = NULL; |
| 1769 |
|
head->read_step = 7; |
| 1770 |
|
case 7: |
| 1771 |
|
if (!ccs_read_file_pattern(head)) |
| 1772 |
|
break; |
| 1773 |
|
head->read_var2 = NULL; |
| 1774 |
|
head->read_step = 8; |
| 1775 |
|
case 8: |
| 1776 |
|
if (!ccs_read_no_rewrite_policy(head)) |
| 1777 |
|
break; |
| 1778 |
|
head->read_var2 = NULL; |
| 1779 |
|
head->read_step = 9; |
| 1780 |
|
case 9: |
| 1781 |
|
if (!ccs_read_path_group_policy(head)) |
| 1782 |
|
break; |
| 1783 |
|
head->read_var1 = NULL; |
| 1784 |
|
head->read_var2 = NULL; |
| 1785 |
|
head->read_step = 10; |
| 1786 |
|
case 10: |
| 1787 |
|
if (!ccs_read_number_group_policy(head)) |
| 1788 |
|
break; |
| 1789 |
|
head->read_var1 = NULL; |
| 1790 |
|
head->read_var2 = NULL; |
| 1791 |
|
head->read_step = 11; |
| 1792 |
|
case 11: |
| 1793 |
|
if (!ccs_read_address_group_policy(head)) |
| 1794 |
|
break; |
| 1795 |
|
head->read_var2 = NULL; |
| 1796 |
|
head->read_step = 12; |
| 1797 |
|
case 12: |
| 1798 |
|
if (!ccs_read_reserved_port_policy(head)) |
| 1799 |
|
break; |
| 1800 |
|
head->read_eof = true; |
| 1801 |
} |
} |
|
return 0; |
|
| 1802 |
} |
} |
| 1803 |
|
|
| 1804 |
/** |
/** |
| 1954 |
switch (r->mode) { |
switch (r->mode) { |
| 1955 |
char *buffer; |
char *buffer; |
| 1956 |
struct ccs_condition *cond; |
struct ccs_condition *cond; |
| 1957 |
case 1: |
case CCS_MAC_MODE_LEARNING: |
| 1958 |
if (!ccs_domain_quota_ok(r)) |
if (!ccs_domain_quota_ok(r)) |
| 1959 |
return 0; |
return 0; |
| 1960 |
va_start(args, fmt); |
va_start(args, fmt); |
| 1978 |
ccs_put_condition(cond); |
ccs_put_condition(cond); |
| 1979 |
kfree(buffer); |
kfree(buffer); |
| 1980 |
/* fall through */ |
/* fall through */ |
| 1981 |
case 2: |
case CCS_MAC_MODE_PERMISSIVE: |
| 1982 |
return 0; |
return 0; |
| 1983 |
} |
} |
| 1984 |
if (!atomic_read(&ccs_query_observers)) { |
if (!atomic_read(&ccs_query_observers)) { |
| 2105 |
* ccs_read_query - Read access requests which violated policy in enforcing mode. |
* ccs_read_query - Read access requests which violated policy in enforcing mode. |
| 2106 |
* |
* |
| 2107 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
|
* |
|
|
* Returns 0. |
|
| 2108 |
*/ |
*/ |
| 2109 |
static int ccs_read_query(struct ccs_io_buffer *head) |
static void ccs_read_query(struct ccs_io_buffer *head) |
| 2110 |
{ |
{ |
| 2111 |
struct list_head *tmp; |
struct list_head *tmp; |
| 2112 |
int pos = 0; |
int pos = 0; |
| 2113 |
int len = 0; |
int len = 0; |
| 2114 |
char *buf; |
char *buf; |
| 2115 |
if (head->read_avail) |
if (head->read_avail) |
| 2116 |
return 0; |
return; |
| 2117 |
if (head->read_buf) { |
if (head->read_buf) { |
| 2118 |
kfree(head->read_buf); |
kfree(head->read_buf); |
| 2119 |
head->read_buf = NULL; |
head->read_buf = NULL; |
| 2133 |
spin_unlock(&ccs_query_list_lock); |
spin_unlock(&ccs_query_list_lock); |
| 2134 |
if (!len) { |
if (!len) { |
| 2135 |
head->read_step = 0; |
head->read_step = 0; |
| 2136 |
return 0; |
return; |
| 2137 |
} |
} |
| 2138 |
buf = kzalloc(len, GFP_KERNEL); |
buf = kzalloc(len, GFP_KERNEL); |
| 2139 |
if (!buf) |
if (!buf) |
| 2140 |
return 0; |
return; |
| 2141 |
pos = 0; |
pos = 0; |
| 2142 |
spin_lock(&ccs_query_list_lock); |
spin_lock(&ccs_query_list_lock); |
| 2143 |
list_for_each(tmp, &ccs_query_list) { |
list_for_each(tmp, &ccs_query_list) { |
| 2164 |
} else { |
} else { |
| 2165 |
kfree(buf); |
kfree(buf); |
| 2166 |
} |
} |
|
return 0; |
|
| 2167 |
} |
} |
| 2168 |
|
|
| 2169 |
/** |
/** |
| 2206 |
* ccs_read_version: Get version. |
* ccs_read_version: Get version. |
| 2207 |
* |
* |
| 2208 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
|
* |
|
|
* Returns version information. |
|
| 2209 |
*/ |
*/ |
| 2210 |
static int ccs_read_version(struct ccs_io_buffer *head) |
static void ccs_read_version(struct ccs_io_buffer *head) |
| 2211 |
{ |
{ |
| 2212 |
if (!head->read_eof) { |
if (head->read_eof) |
| 2213 |
ccs_io_printf(head, "1.7.0-pre"); |
return; |
| 2214 |
head->read_eof = true; |
ccs_io_printf(head, "1.7.0-pre"); |
| 2215 |
} |
head->read_eof = true; |
|
return 0; |
|
| 2216 |
} |
} |
| 2217 |
|
|
| 2218 |
/** |
/** |
| 2219 |
* ccs_read_self_domain - Get the current process's domainname. |
* ccs_read_self_domain - Get the current process's domainname. |
| 2220 |
* |
* |
| 2221 |
* @head: Pointer to "struct ccs_io_buffer". |
* @head: Pointer to "struct ccs_io_buffer". |
|
* |
|
|
* Returns the current process's domainname. |
|
| 2222 |
*/ |
*/ |
| 2223 |
static int ccs_read_self_domain(struct ccs_io_buffer *head) |
static void ccs_read_self_domain(struct ccs_io_buffer *head) |
| 2224 |
{ |
{ |
| 2225 |
if (!head->read_eof) { |
if (head->read_eof) |
| 2226 |
/* |
return; |
| 2227 |
* ccs_current_domain()->domainname != NULL |
/* |
| 2228 |
* because every process belongs to a domain and |
* ccs_current_domain()->domainname != NULL because every process |
| 2229 |
* the domain's name cannot be NULL. |
* belongs to a domain and the domain's name cannot be NULL. |
| 2230 |
*/ |
*/ |
| 2231 |
ccs_io_printf(head, "%s", |
ccs_io_printf(head, "%s", ccs_current_domain()->domainname->name); |
| 2232 |
ccs_current_domain()->domainname->name); |
head->read_eof = true; |
|
head->read_eof = true; |
|
|
} |
|
|
return 0; |
|
| 2233 |
} |
} |
| 2234 |
|
|
| 2235 |
/** |
/** |
| 2400 |
return -EFAULT; |
return -EFAULT; |
| 2401 |
if (mutex_lock_interruptible(&head->io_sem)) |
if (mutex_lock_interruptible(&head->io_sem)) |
| 2402 |
return -EINTR; |
return -EINTR; |
| 2403 |
retry: |
while (1) { |
| 2404 |
/* Call the policy handler. */ |
/* Call the policy handler. */ |
| 2405 |
len = head->read(head); |
head->read(head); |
| 2406 |
if (len < 0) |
/* Write to buffer. */ |
| 2407 |
goto out; |
len = head->read_avail; |
| 2408 |
/* Write to buffer. */ |
if (len || head->poll || head->read_eof) |
| 2409 |
len = head->read_avail; |
break; |
| 2410 |
if (!len && !head->poll && !head->read_eof) { |
len = head->readbuf_size * 2; |
|
const int len = head->readbuf_size * 2; |
|
| 2411 |
cp = kzalloc(len, GFP_KERNEL); |
cp = kzalloc(len, GFP_KERNEL); |
| 2412 |
if (cp) { |
if (!cp) { |
| 2413 |
kfree(head->read_buf); |
len = -ENOMEM; |
| 2414 |
head->read_buf = cp; |
goto out; |
|
head->readbuf_size = len; |
|
|
goto retry; |
|
| 2415 |
} |
} |
| 2416 |
|
kfree(head->read_buf); |
| 2417 |
|
head->read_buf = cp; |
| 2418 |
|
head->readbuf_size = len; |
| 2419 |
} |
} |
| 2420 |
if (len > buffer_len) |
if (len > buffer_len) |
| 2421 |
len = buffer_len; |
len = buffer_len; |
TOMOYO
Parent Directory
Revision Log
Patch