1003 |
|
|
1004 |
static const char *ccs_dif[CCS_MAX_DOMAIN_INFO_FLAGS] = { |
static const char *ccs_dif[CCS_MAX_DOMAIN_INFO_FLAGS] = { |
1005 |
[CCS_DIF_QUOTA_WARNED] = CCS_KEYWORD_QUOTA_EXCEEDED "\n", |
[CCS_DIF_QUOTA_WARNED] = CCS_KEYWORD_QUOTA_EXCEEDED "\n", |
|
[CCS_DIF_IGNORE_GLOBAL] = CCS_KEYWORD_IGNORE_GLOBAL "\n", |
|
1006 |
[CCS_DIF_TRANSITION_FAILED] = CCS_KEYWORD_TRANSITION_FAILED "\n" |
[CCS_DIF_TRANSITION_FAILED] = CCS_KEYWORD_TRANSITION_FAILED "\n" |
1007 |
}; |
}; |
1008 |
|
|
1036 |
else if (is_select) |
else if (is_select) |
1037 |
domain = ccs_find_domain(data); |
domain = ccs_find_domain(data); |
1038 |
else |
else |
1039 |
domain = ccs_assign_domain(data, 0); |
domain = ccs_assign_domain(data, 0, 0); |
1040 |
head->w.domain = domain; |
head->w.domain = domain; |
1041 |
return 0; |
return 0; |
1042 |
} |
} |
1049 |
domain->profile = (u8) profile; |
domain->profile = (u8) profile; |
1050 |
return 0; |
return 0; |
1051 |
} |
} |
1052 |
|
if (sscanf(data, CCS_KEYWORD_USE_GROUP "%u", &profile) == 1 |
1053 |
|
&& profile < CCS_MAX_ACL_GROUPS) { |
1054 |
|
domain->group = (u8) profile; |
1055 |
|
return 0; |
1056 |
|
} |
1057 |
for (profile = 0; profile < CCS_MAX_DOMAIN_INFO_FLAGS; profile++) { |
for (profile = 0; profile < CCS_MAX_DOMAIN_INFO_FLAGS; profile++) { |
1058 |
const char *cp = ccs_dif[profile]; |
const char *cp = ccs_dif[profile]; |
1059 |
if (strncmp(data, cp, strlen(cp) - 1)) |
if (strncmp(data, cp, strlen(cp) - 1)) |
1298 |
return bit; |
return bit; |
1299 |
} |
} |
1300 |
|
|
1301 |
|
static void ccs_set_group(struct ccs_io_buffer *head) |
1302 |
|
{ |
1303 |
|
if (head->type == CCS_EXCEPTIONPOLICY) |
1304 |
|
ccs_io_printf(head, "acl_group %u ", head->r.group_index); |
1305 |
|
} |
1306 |
|
|
1307 |
/** |
/** |
1308 |
* ccs_print_entry - Print an ACL entry. |
* ccs_print_entry - Print an ACL entry. |
1309 |
* |
* |
1339 |
} |
} |
1340 |
if (bit >= CCS_MAX_PATH_OPERATION) |
if (bit >= CCS_MAX_PATH_OPERATION) |
1341 |
goto done; |
goto done; |
1342 |
|
ccs_set_group(head); |
1343 |
ccs_set_string(head, "file "); |
ccs_set_string(head, "file "); |
1344 |
ccs_set_string(head, ccs_path_keyword[bit]); |
ccs_set_string(head, ccs_path_keyword[bit]); |
1345 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
1347 |
acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) { |
acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) { |
1348 |
struct ccs_execute_handler *ptr |
struct ccs_execute_handler *ptr |
1349 |
= container_of(acl, typeof(*ptr), head); |
= container_of(acl, typeof(*ptr), head); |
1350 |
|
ccs_set_group(head); |
1351 |
ccs_io_printf(head, "%s ", |
ccs_io_printf(head, "%s ", |
1352 |
acl_type == CCS_TYPE_EXECUTE_HANDLER ? |
acl_type == CCS_TYPE_EXECUTE_HANDLER ? |
1353 |
CCS_KEYWORD_EXECUTE_HANDLER : |
CCS_KEYWORD_EXECUTE_HANDLER : |
1361 |
bit = ccs_fns(ptr->perm, bit); |
bit = ccs_fns(ptr->perm, bit); |
1362 |
if (bit >= CCS_MAX_MKDEV_OPERATION) |
if (bit >= CCS_MAX_MKDEV_OPERATION) |
1363 |
goto done; |
goto done; |
1364 |
|
ccs_set_group(head); |
1365 |
ccs_set_string(head, "file "); |
ccs_set_string(head, "file "); |
1366 |
ccs_set_string(head, ccs_mkdev_keyword[bit]); |
ccs_set_string(head, ccs_mkdev_keyword[bit]); |
1367 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
1374 |
bit = ccs_fns(ptr->perm, bit); |
bit = ccs_fns(ptr->perm, bit); |
1375 |
if (bit >= CCS_MAX_PATH2_OPERATION) |
if (bit >= CCS_MAX_PATH2_OPERATION) |
1376 |
goto done; |
goto done; |
1377 |
|
ccs_set_group(head); |
1378 |
ccs_set_string(head, "file "); |
ccs_set_string(head, "file "); |
1379 |
ccs_set_string(head, ccs_path2_keyword[bit]); |
ccs_set_string(head, ccs_path2_keyword[bit]); |
1380 |
ccs_print_name_union(head, &ptr->name1); |
ccs_print_name_union(head, &ptr->name1); |
1385 |
bit = ccs_fns(ptr->perm, bit); |
bit = ccs_fns(ptr->perm, bit); |
1386 |
if (bit >= CCS_MAX_PATH_NUMBER_OPERATION) |
if (bit >= CCS_MAX_PATH_NUMBER_OPERATION) |
1387 |
goto done; |
goto done; |
1388 |
|
ccs_set_group(head); |
1389 |
ccs_set_string(head, "file "); |
ccs_set_string(head, "file "); |
1390 |
ccs_set_string(head, ccs_path_number_keyword[bit]); |
ccs_set_string(head, ccs_path_number_keyword[bit]); |
1391 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
1393 |
} else if (acl_type == CCS_TYPE_ENV_ACL) { |
} else if (acl_type == CCS_TYPE_ENV_ACL) { |
1394 |
struct ccs_env_acl *ptr = |
struct ccs_env_acl *ptr = |
1395 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
1396 |
|
ccs_set_group(head); |
1397 |
ccs_set_string(head, "misc env "); |
ccs_set_string(head, "misc env "); |
1398 |
ccs_set_string(head, ptr->env->name); |
ccs_set_string(head, ptr->env->name); |
1399 |
} else if (acl_type == CCS_TYPE_CAPABILITY_ACL) { |
} else if (acl_type == CCS_TYPE_CAPABILITY_ACL) { |
1400 |
struct ccs_capability_acl *ptr = |
struct ccs_capability_acl *ptr = |
1401 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
1402 |
|
ccs_set_group(head); |
1403 |
ccs_set_string(head, "capability "); |
ccs_set_string(head, "capability "); |
1404 |
ccs_set_string(head, ccs_cap2keyword(ptr->operation)); |
ccs_set_string(head, ccs_cap2keyword(ptr->operation)); |
1405 |
} else if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
} else if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
1408 |
bit = ccs_fns(ptr->perm, bit); |
bit = ccs_fns(ptr->perm, bit); |
1409 |
if (bit >= CCS_MAX_NETWORK_OPERATION) |
if (bit >= CCS_MAX_NETWORK_OPERATION) |
1410 |
goto done; |
goto done; |
1411 |
|
ccs_set_group(head); |
1412 |
ccs_set_string(head, "network "); |
ccs_set_string(head, "network "); |
1413 |
ccs_set_string(head, ccs_net_keyword[bit]); |
ccs_set_string(head, ccs_net_keyword[bit]); |
1414 |
ccs_set_space(head); |
ccs_set_space(head); |
1434 |
} else if (acl_type == CCS_TYPE_SIGNAL_ACL) { |
} else if (acl_type == CCS_TYPE_SIGNAL_ACL) { |
1435 |
struct ccs_signal_acl *ptr = |
struct ccs_signal_acl *ptr = |
1436 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
1437 |
|
ccs_set_group(head); |
1438 |
ccs_set_string(head, "ipc signal "); |
ccs_set_string(head, "ipc signal "); |
1439 |
ccs_io_printf(head, "%u ", ptr->sig); |
ccs_io_printf(head, "%u ", ptr->sig); |
1440 |
ccs_set_string(head, ptr->domainname->name); |
ccs_set_string(head, ptr->domainname->name); |
1441 |
} else if (acl_type == CCS_TYPE_MOUNT_ACL) { |
} else if (acl_type == CCS_TYPE_MOUNT_ACL) { |
1442 |
struct ccs_mount_acl *ptr = |
struct ccs_mount_acl *ptr = |
1443 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
1444 |
|
ccs_set_group(head); |
1445 |
ccs_io_printf(head, "file mount"); |
ccs_io_printf(head, "file mount"); |
1446 |
ccs_print_name_union(head, &ptr->dev_name); |
ccs_print_name_union(head, &ptr->dev_name); |
1447 |
ccs_print_name_union(head, &ptr->dir_name); |
ccs_print_name_union(head, &ptr->dir_name); |
1522 |
ccs_set_lf(head); |
ccs_set_lf(head); |
1523 |
ccs_io_printf(head, CCS_KEYWORD_USE_PROFILE "%u\n", |
ccs_io_printf(head, CCS_KEYWORD_USE_PROFILE "%u\n", |
1524 |
domain->profile); |
domain->profile); |
1525 |
|
ccs_io_printf(head, CCS_KEYWORD_USE_GROUP "%u\n", |
1526 |
|
domain->group); |
1527 |
for (i = 0; i < CCS_MAX_DOMAIN_INFO_FLAGS; i++) |
for (i = 0; i < CCS_MAX_DOMAIN_INFO_FLAGS; i++) |
1528 |
if (domain->flags[i]) |
if (domain->flags[i]) |
1529 |
ccs_set_string(head, ccs_dif[i]); |
ccs_set_string(head, ccs_dif[i]); |
1733 |
for (i = 0; i < CCS_MAX_GROUP; i++) |
for (i = 0; i < CCS_MAX_GROUP; i++) |
1734 |
if (ccs_str_starts(&data, ccs_group_name[i])) |
if (ccs_str_starts(&data, ccs_group_name[i])) |
1735 |
return ccs_write_group(data, is_delete, i); |
return ccs_write_group(data, is_delete, i); |
1736 |
return ccs_write_domain2(data, &ccs_global_domain, is_delete); |
if (ccs_str_starts(&data, "acl_group ")) { |
1737 |
|
unsigned int group; |
1738 |
|
if (sscanf(data, "%u", &group) == 1 && |
1739 |
|
group < CCS_MAX_ACL_GROUPS) { |
1740 |
|
data = strchr(data, ' '); |
1741 |
|
if (data) |
1742 |
|
return ccs_write_domain2(data + 1, |
1743 |
|
&ccs_acl_group[group], |
1744 |
|
is_delete); |
1745 |
|
} |
1746 |
|
} |
1747 |
|
return -EINVAL; |
1748 |
} |
} |
1749 |
|
|
1750 |
/** |
/** |
1898 |
head->r.step++; |
head->r.step++; |
1899 |
if (head->r.step < CCS_MAX_POLICY + CCS_MAX_GROUP) |
if (head->r.step < CCS_MAX_POLICY + CCS_MAX_GROUP) |
1900 |
return; |
return; |
1901 |
head->r.eof = ccs_read_domain2(head, &ccs_global_domain); |
while (head->r.step < CCS_MAX_POLICY + CCS_MAX_GROUP |
1902 |
|
+ CCS_MAX_ACL_GROUPS) { |
1903 |
|
head->r.group_index = head->r.step - CCS_MAX_POLICY |
1904 |
|
- CCS_MAX_GROUP; |
1905 |
|
if (!ccs_read_domain2(head, |
1906 |
|
&ccs_acl_group[head->r.group_index])) |
1907 |
|
return; |
1908 |
|
head->r.step++; |
1909 |
|
} |
1910 |
|
head->r.eof = true; |
1911 |
} |
} |
1912 |
|
|
1913 |
/* Wait queue for ccs_query_list. */ |
/* Wait queue for ccs_query_list. */ |