オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/branches/ccs-patch/security/ccsecurity/policy_io.c

Diff of /branches/ccs-patch/security/ccsecurity/policy_io.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 2946 by kumaneko, Mon Aug 24 07:39:07 2009 UTC revision 2948 by kumaneko, Mon Aug 24 11:59:18 2009 UTC
# Line 20  static const char *ccs_mode_2[2] = { Line 20  static const char *ccs_mode_2[2] = {
20          "disabled", "enabled"          "disabled", "enabled"
21  };  };
22    
23    /* String table for functionality that takes 4 modes. */
24  static const char *ccs_mode_4[4] = {  static const char *ccs_mode_4[4] = {
25          "disabled", "learning", "permissive", "enforcing"          "disabled", "learning", "permissive", "enforcing"
26  };  };
27    
28    /* String table for /proc/ccs/profile */
29  static const char *ccs_mac_keywords[CCS_MAX_MAC_INDEX +  static const char *ccs_mac_keywords[CCS_MAX_MAC_INDEX +
30                                      CCS_MAX_CAPABILITY_INDEX +                                      CCS_MAX_CAPABILITY_INDEX +
31                                      CCS_MAX_MAC_CATEGORY_INDEX] = {                                      CCS_MAX_MAC_CATEGORY_INDEX] = {
# Line 170  static const char *ccs_mac_keywords[CCS_ Line 172  static const char *ccs_mac_keywords[CCS_
172  };  };
173    
174  /* Table for profile. */  /* Table for profile. */
175  static struct {  static const struct {
176          const char *keyword;          const char *keyword;
177          unsigned int current_value;          unsigned int current_value;
178          const unsigned int max_value;          const unsigned int max_value;
# Line 192  static struct { Line 194  static struct {
194  /* Permit policy management by non-root user? */  /* Permit policy management by non-root user? */
195  static bool ccs_manage_by_non_root;  static bool ccs_manage_by_non_root;
196    
197    /* Disable VERBOSE mode by default? */
198    static bool ccs_no_verbose;
199    
200  /**  /**
201   * ccs_cap2keyword - Convert capability operation to capability name.   * ccs_cap2keyword - Convert capability operation to capability name.
202   *   *
# Line 214  const char *ccs_cap2keyword(const u8 ope Line 219  const char *ccs_cap2keyword(const u8 ope
219   */   */
220  static int __init ccs_quiet_setup(char *str)  static int __init ccs_quiet_setup(char *str)
221  {  {
222          ccs_control_array[CCS_VERBOSE].current_value = 0;          ccs_no_verbose = true;
223          return 0;          return 0;
224  }  }
225    
# Line 272  static struct ccs_profile *ccs_find_or_a Line 277  static struct ccs_profile *ccs_find_or_a
277                  ptr = entry;                  ptr = entry;
278                  for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++)                  for (i = 0; i < CCS_MAX_CONTROL_INDEX; i++)
279                          ptr->value[i] = ccs_control_array[i].current_value;                          ptr->value[i] = ccs_control_array[i].current_value;
280                    ptr->value[CCS_VERBOSE] = !ccs_no_verbose;
281                  ptr->default_config = CCS_MAC_MODE_DISABLED;                  ptr->default_config = CCS_MAC_MODE_DISABLED;
282                  memset(ptr->config, CCS_MAC_MODE_USE_DEFAULT,                  memset(ptr->config, CCS_MAC_MODE_USE_DEFAULT,
283                         sizeof(ptr->config));                         sizeof(ptr->config));
# Line 779  static int ccs_write_domain_policy(struc Line 785  static int ccs_write_domain_policy(struc
785          return error;          return error;
786  }  }
787    
788    /**
789     * ccs_print_name_union - Print a ccs_name_union.
790     *
791     * @head: Pointer to "struct ccs_io_buffer".
792     * @ptr:  Pointer to "struct ccs_name_union".
793     *
794     * Returns true on success, false otherwise.
795     */
796  static bool ccs_print_name_union(struct ccs_io_buffer *head,  static bool ccs_print_name_union(struct ccs_io_buffer *head,
797                                   const struct ccs_name_union *ptr)                                   const struct ccs_name_union *ptr)
798  {  {
# Line 791  static bool ccs_print_name_union(struct Line 805  static bool ccs_print_name_union(struct
805          return ccs_io_printf(head, " %s", ptr->filename->name);          return ccs_io_printf(head, " %s", ptr->filename->name);
806  }  }
807    
808    /**
809     * ccs_print_name_union_quoted - Print a ccs_name_union with double quotes.
810     *
811     * @head: Pointer to "struct ccs_io_buffer".
812     * @ptr:  Pointer to "struct ccs_name_union".
813     *
814     * Returns true on success, false otherwise.
815     */
816  static bool ccs_print_name_union_quoted(struct ccs_io_buffer *head,  static bool ccs_print_name_union_quoted(struct ccs_io_buffer *head,
817                                          const struct ccs_name_union *ptr)                                          const struct ccs_name_union *ptr)
818  {  {
# Line 800  static bool ccs_print_name_union_quoted( Line 822  static bool ccs_print_name_union_quoted(
822          return ccs_io_printf(head, "\"%s\"", ptr->filename->name);          return ccs_io_printf(head, "\"%s\"", ptr->filename->name);
823  }  }
824    
825    /**
826     * ccs_print_number_union_common - Print a ccs_number_union.
827     *
828     * @head:       Pointer to "struct ccs_io_buffer".
829     * @ptr:        Pointer to "struct ccs_number_union".
830     * @need_space: True if a space character is needed.
831     *
832     * Returns true on success, false otherwise.
833     */
834  static bool ccs_print_number_union_common(struct ccs_io_buffer *head,  static bool ccs_print_number_union_common(struct ccs_io_buffer *head,
835                                            const struct ccs_number_union *ptr,                                            const struct ccs_number_union *ptr,
836                                            const bool need_space)                                            const bool need_space)
# Line 843  static bool ccs_print_number_union_commo Line 874  static bool ccs_print_number_union_commo
874          }          }
875  }  }
876    
877    /**
878     * ccs_print_number_union - Print a ccs_number_union.
879     *
880     * @head:       Pointer to "struct ccs_io_buffer".
881     * @ptr:        Pointer to "struct ccs_number_union".
882     *
883     * Returns true on success, false otherwise.
884     */
885  bool ccs_print_number_union(struct ccs_io_buffer *head,  bool ccs_print_number_union(struct ccs_io_buffer *head,
886                              const struct ccs_number_union *ptr)                              const struct ccs_number_union *ptr)
887  {  {
888          return ccs_print_number_union_common(head, ptr, true);          return ccs_print_number_union_common(head, ptr, true);
889  }  }
890    
891    /**
892     * ccs_print_number_union_nospace - Print a ccs_number_union without a space character.
893     *
894     * @head:       Pointer to "struct ccs_io_buffer".
895     * @ptr:        Pointer to "struct ccs_number_union".
896     *
897     * Returns true on success, false otherwise.
898     */
899  static bool ccs_print_number_union_nospace(struct ccs_io_buffer *head,  static bool ccs_print_number_union_nospace(struct ccs_io_buffer *head,
900                                             const struct ccs_number_union *ptr)                                             const struct ccs_number_union *ptr)
901  {  {
# Line 1042  static bool ccs_print_path_number3_acl(s Line 1089  static bool ccs_print_path_number3_acl(s
1089  }  }
1090    
1091  /**  /**
1092   * ccs_print_path2_acl - Print a double path ACL entry.   * ccs_print_path2_acl - Print a path2 ACL entry.
1093   *   *
1094   * @head: Pointer to "struct ccs_io_buffer".   * @head: Pointer to "struct ccs_io_buffer".
1095   * @ptr:  Pointer to "struct ccs_path2_acl".   * @ptr:  Pointer to "struct ccs_path2_acl".
# Line 1076  static bool ccs_print_path2_acl(struct c Line 1123  static bool ccs_print_path2_acl(struct c
1123  }  }
1124    
1125  /**  /**
1126   * ccs_print_path_number_acl - Print an ioctl/chmod/chown/chgrp ACL entry.   * ccs_print_path_number_acl - Print a path_number ACL entry.
1127   *   *
1128   * @head: Pointer to "struct ccs_io_buffer".   * @head: Pointer to "struct ccs_io_buffer".
1129   * @ptr:  Pointer to "struct ccs_path_number_acl".   * @ptr:  Pointer to "struct ccs_path_number_acl".
# Line 1566  static void ccs_read_domain_policy(struc Line 1613  static void ccs_read_domain_policy(struc
1613   * This is equivalent to doing   * This is equivalent to doing
1614   *   *
1615   *     ( echo "select " $domainname; echo "use_profile " $profile ) |   *     ( echo "select " $domainname; echo "use_profile " $profile ) |
1616   *     /usr/lib/ccs/loadpolicy -d   *     /usr/sbin/ccs-loadpolicy -d
1617   *   *
1618   * Caller holds ccs_read_lock().   * Caller holds ccs_read_lock().
1619   */   */
# Line 1859  static bool ccs_get_argv0(struct ccs_exe Line 1906  static bool ccs_get_argv0(struct ccs_exe
1906          return false;          return false;
1907  }  }
1908    
1909    /**
1910     * ccs_get_execute_condition - Get condition part for execute requests.
1911     *
1912     * @ee: Pointer to "struct ccs_execve_entry".
1913     *
1914     * Returns pointer to "struct ccs_condition" on success, NULL otherwise.
1915     */
1916  static struct ccs_condition *ccs_get_execute_condition(struct ccs_execve_entry  static struct ccs_condition *ccs_get_execute_condition(struct ccs_execve_entry
1917                                                         *ee)                                                         *ee)
1918  {  {
# Line 1878  static struct ccs_condition *ccs_get_exe Line 1932  static struct ccs_condition *ccs_get_exe
1932                  if (realpath)                  if (realpath)
1933                          len += strlen(realpath) + 17;                          len += strlen(realpath) + 17;
1934          }          }
1935          if (ccs_flags(NULL, CCS_AUTOLEARN_EXEC_REALPATH)) {          if (ccs_flags(NULL, CCS_AUTOLEARN_EXEC_ARGV0)) {
1936                  if (ccs_get_argv0(ee)) {                  if (ccs_get_argv0(ee)) {
1937                          argv0 = ee->tmp;                          argv0 = ee->tmp;
1938                          len += strlen(argv0) + 16;                          len += strlen(argv0) + 16;
# Line 2370  int ccs_open_control(const u8 type, stru Line 2424  int ccs_open_control(const u8 type, stru
2424   * @wait: Pointer to "poll_table".   * @wait: Pointer to "poll_table".
2425   *   *
2426   * Waits for read readiness.   * Waits for read readiness.
2427   * /proc/ccs/query is handled by /usr/lib/ccs/ccs-queryd and   * /proc/ccs/query is handled by /usr/sbin/ccs-queryd and
2428   * /proc/ccs/grant_log and /proc/ccs/reject_log are handled by   * /proc/ccs/grant_log and /proc/ccs/reject_log are handled by
2429   * /usr/lib/ccs/ccs-auditd.   * /usr/sbin/ccs-auditd.
2430   */   */
2431  int ccs_poll_control(struct file *file, poll_table *wait)  int ccs_poll_control(struct file *file, poll_table *wait)
2432  {  {
Legend:
Removed from v.2946  
changed lines
  Added in v.2948
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ