| 1003 |
|
|
| 1004 |
static const char *ccs_dif[CCS_MAX_DOMAIN_INFO_FLAGS] = { |
static const char *ccs_dif[CCS_MAX_DOMAIN_INFO_FLAGS] = { |
| 1005 |
[CCS_DIF_QUOTA_WARNED] = CCS_KEYWORD_QUOTA_EXCEEDED "\n", |
[CCS_DIF_QUOTA_WARNED] = CCS_KEYWORD_QUOTA_EXCEEDED "\n", |
|
[CCS_DIF_IGNORE_GLOBAL] = CCS_KEYWORD_IGNORE_GLOBAL "\n", |
|
| 1006 |
[CCS_DIF_TRANSITION_FAILED] = CCS_KEYWORD_TRANSITION_FAILED "\n" |
[CCS_DIF_TRANSITION_FAILED] = CCS_KEYWORD_TRANSITION_FAILED "\n" |
| 1007 |
}; |
}; |
| 1008 |
|
|
| 1036 |
else if (is_select) |
else if (is_select) |
| 1037 |
domain = ccs_find_domain(data); |
domain = ccs_find_domain(data); |
| 1038 |
else |
else |
| 1039 |
domain = ccs_assign_domain(data, 0); |
domain = ccs_assign_domain(data, 0, 0); |
| 1040 |
head->w.domain = domain; |
head->w.domain = domain; |
| 1041 |
return 0; |
return 0; |
| 1042 |
} |
} |
| 1049 |
domain->profile = (u8) profile; |
domain->profile = (u8) profile; |
| 1050 |
return 0; |
return 0; |
| 1051 |
} |
} |
| 1052 |
|
if (sscanf(data, CCS_KEYWORD_USE_GROUP "%u", &profile) == 1 |
| 1053 |
|
&& profile < CCS_MAX_ACL_GROUPS) { |
| 1054 |
|
domain->group = (u8) profile; |
| 1055 |
|
return 0; |
| 1056 |
|
} |
| 1057 |
for (profile = 0; profile < CCS_MAX_DOMAIN_INFO_FLAGS; profile++) { |
for (profile = 0; profile < CCS_MAX_DOMAIN_INFO_FLAGS; profile++) { |
| 1058 |
const char *cp = ccs_dif[profile]; |
const char *cp = ccs_dif[profile]; |
| 1059 |
if (strncmp(data, cp, strlen(cp) - 1)) |
if (strncmp(data, cp, strlen(cp) - 1)) |
| 1298 |
return bit; |
return bit; |
| 1299 |
} |
} |
| 1300 |
|
|
| 1301 |
|
static void ccs_set_group(struct ccs_io_buffer *head) |
| 1302 |
|
{ |
| 1303 |
|
if (head->type == CCS_EXCEPTIONPOLICY) |
| 1304 |
|
ccs_io_printf(head, "acl_group %u ", head->r.group_index); |
| 1305 |
|
} |
| 1306 |
|
|
| 1307 |
/** |
/** |
| 1308 |
* ccs_print_entry - Print an ACL entry. |
* ccs_print_entry - Print an ACL entry. |
| 1309 |
* |
* |
| 1339 |
} |
} |
| 1340 |
if (bit >= CCS_MAX_PATH_OPERATION) |
if (bit >= CCS_MAX_PATH_OPERATION) |
| 1341 |
goto done; |
goto done; |
| 1342 |
|
ccs_set_group(head); |
| 1343 |
ccs_set_string(head, "file "); |
ccs_set_string(head, "file "); |
| 1344 |
ccs_set_string(head, ccs_path_keyword[bit]); |
ccs_set_string(head, ccs_path_keyword[bit]); |
| 1345 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
| 1347 |
acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) { |
acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) { |
| 1348 |
struct ccs_execute_handler *ptr |
struct ccs_execute_handler *ptr |
| 1349 |
= container_of(acl, typeof(*ptr), head); |
= container_of(acl, typeof(*ptr), head); |
| 1350 |
|
ccs_set_group(head); |
| 1351 |
ccs_io_printf(head, "%s ", |
ccs_io_printf(head, "%s ", |
| 1352 |
acl_type == CCS_TYPE_EXECUTE_HANDLER ? |
acl_type == CCS_TYPE_EXECUTE_HANDLER ? |
| 1353 |
CCS_KEYWORD_EXECUTE_HANDLER : |
CCS_KEYWORD_EXECUTE_HANDLER : |
| 1361 |
bit = ccs_fns(ptr->perm, bit); |
bit = ccs_fns(ptr->perm, bit); |
| 1362 |
if (bit >= CCS_MAX_MKDEV_OPERATION) |
if (bit >= CCS_MAX_MKDEV_OPERATION) |
| 1363 |
goto done; |
goto done; |
| 1364 |
|
ccs_set_group(head); |
| 1365 |
ccs_set_string(head, "file "); |
ccs_set_string(head, "file "); |
| 1366 |
ccs_set_string(head, ccs_mkdev_keyword[bit]); |
ccs_set_string(head, ccs_mkdev_keyword[bit]); |
| 1367 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
| 1374 |
bit = ccs_fns(ptr->perm, bit); |
bit = ccs_fns(ptr->perm, bit); |
| 1375 |
if (bit >= CCS_MAX_PATH2_OPERATION) |
if (bit >= CCS_MAX_PATH2_OPERATION) |
| 1376 |
goto done; |
goto done; |
| 1377 |
|
ccs_set_group(head); |
| 1378 |
ccs_set_string(head, "file "); |
ccs_set_string(head, "file "); |
| 1379 |
ccs_set_string(head, ccs_path2_keyword[bit]); |
ccs_set_string(head, ccs_path2_keyword[bit]); |
| 1380 |
ccs_print_name_union(head, &ptr->name1); |
ccs_print_name_union(head, &ptr->name1); |
| 1385 |
bit = ccs_fns(ptr->perm, bit); |
bit = ccs_fns(ptr->perm, bit); |
| 1386 |
if (bit >= CCS_MAX_PATH_NUMBER_OPERATION) |
if (bit >= CCS_MAX_PATH_NUMBER_OPERATION) |
| 1387 |
goto done; |
goto done; |
| 1388 |
|
ccs_set_group(head); |
| 1389 |
ccs_set_string(head, "file "); |
ccs_set_string(head, "file "); |
| 1390 |
ccs_set_string(head, ccs_path_number_keyword[bit]); |
ccs_set_string(head, ccs_path_number_keyword[bit]); |
| 1391 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
| 1393 |
} else if (acl_type == CCS_TYPE_ENV_ACL) { |
} else if (acl_type == CCS_TYPE_ENV_ACL) { |
| 1394 |
struct ccs_env_acl *ptr = |
struct ccs_env_acl *ptr = |
| 1395 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
| 1396 |
|
ccs_set_group(head); |
| 1397 |
ccs_set_string(head, "misc env "); |
ccs_set_string(head, "misc env "); |
| 1398 |
ccs_set_string(head, ptr->env->name); |
ccs_set_string(head, ptr->env->name); |
| 1399 |
} else if (acl_type == CCS_TYPE_CAPABILITY_ACL) { |
} else if (acl_type == CCS_TYPE_CAPABILITY_ACL) { |
| 1400 |
struct ccs_capability_acl *ptr = |
struct ccs_capability_acl *ptr = |
| 1401 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
| 1402 |
|
ccs_set_group(head); |
| 1403 |
ccs_set_string(head, "capability "); |
ccs_set_string(head, "capability "); |
| 1404 |
ccs_set_string(head, ccs_cap2keyword(ptr->operation)); |
ccs_set_string(head, ccs_cap2keyword(ptr->operation)); |
| 1405 |
} else if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
} else if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
| 1408 |
bit = ccs_fns(ptr->perm, bit); |
bit = ccs_fns(ptr->perm, bit); |
| 1409 |
if (bit >= CCS_MAX_NETWORK_OPERATION) |
if (bit >= CCS_MAX_NETWORK_OPERATION) |
| 1410 |
goto done; |
goto done; |
| 1411 |
|
ccs_set_group(head); |
| 1412 |
ccs_set_string(head, "network "); |
ccs_set_string(head, "network "); |
| 1413 |
ccs_set_string(head, ccs_net_keyword[bit]); |
ccs_set_string(head, ccs_net_keyword[bit]); |
| 1414 |
ccs_set_space(head); |
ccs_set_space(head); |
| 1434 |
} else if (acl_type == CCS_TYPE_SIGNAL_ACL) { |
} else if (acl_type == CCS_TYPE_SIGNAL_ACL) { |
| 1435 |
struct ccs_signal_acl *ptr = |
struct ccs_signal_acl *ptr = |
| 1436 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
| 1437 |
|
ccs_set_group(head); |
| 1438 |
ccs_set_string(head, "ipc signal "); |
ccs_set_string(head, "ipc signal "); |
| 1439 |
ccs_io_printf(head, "%u ", ptr->sig); |
ccs_io_printf(head, "%u ", ptr->sig); |
| 1440 |
ccs_set_string(head, ptr->domainname->name); |
ccs_set_string(head, ptr->domainname->name); |
| 1441 |
} else if (acl_type == CCS_TYPE_MOUNT_ACL) { |
} else if (acl_type == CCS_TYPE_MOUNT_ACL) { |
| 1442 |
struct ccs_mount_acl *ptr = |
struct ccs_mount_acl *ptr = |
| 1443 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
| 1444 |
|
ccs_set_group(head); |
| 1445 |
ccs_io_printf(head, "file mount"); |
ccs_io_printf(head, "file mount"); |
| 1446 |
ccs_print_name_union(head, &ptr->dev_name); |
ccs_print_name_union(head, &ptr->dev_name); |
| 1447 |
ccs_print_name_union(head, &ptr->dir_name); |
ccs_print_name_union(head, &ptr->dir_name); |
| 1522 |
ccs_set_lf(head); |
ccs_set_lf(head); |
| 1523 |
ccs_io_printf(head, CCS_KEYWORD_USE_PROFILE "%u\n", |
ccs_io_printf(head, CCS_KEYWORD_USE_PROFILE "%u\n", |
| 1524 |
domain->profile); |
domain->profile); |
| 1525 |
|
ccs_io_printf(head, CCS_KEYWORD_USE_GROUP "%u\n", |
| 1526 |
|
domain->group); |
| 1527 |
for (i = 0; i < CCS_MAX_DOMAIN_INFO_FLAGS; i++) |
for (i = 0; i < CCS_MAX_DOMAIN_INFO_FLAGS; i++) |
| 1528 |
if (domain->flags[i]) |
if (domain->flags[i]) |
| 1529 |
ccs_set_string(head, ccs_dif[i]); |
ccs_set_string(head, ccs_dif[i]); |
| 1733 |
for (i = 0; i < CCS_MAX_GROUP; i++) |
for (i = 0; i < CCS_MAX_GROUP; i++) |
| 1734 |
if (ccs_str_starts(&data, ccs_group_name[i])) |
if (ccs_str_starts(&data, ccs_group_name[i])) |
| 1735 |
return ccs_write_group(data, is_delete, i); |
return ccs_write_group(data, is_delete, i); |
| 1736 |
return ccs_write_domain2(data, &ccs_global_domain, is_delete); |
if (ccs_str_starts(&data, "acl_group ")) { |
| 1737 |
|
unsigned int group; |
| 1738 |
|
if (sscanf(data, "%u", &group) == 1 && |
| 1739 |
|
group < CCS_MAX_ACL_GROUPS) { |
| 1740 |
|
data = strchr(data, ' '); |
| 1741 |
|
if (data) |
| 1742 |
|
return ccs_write_domain2(data + 1, |
| 1743 |
|
&ccs_acl_group[group], |
| 1744 |
|
is_delete); |
| 1745 |
|
} |
| 1746 |
|
} |
| 1747 |
|
return -EINVAL; |
| 1748 |
} |
} |
| 1749 |
|
|
| 1750 |
/** |
/** |
| 1898 |
head->r.step++; |
head->r.step++; |
| 1899 |
if (head->r.step < CCS_MAX_POLICY + CCS_MAX_GROUP) |
if (head->r.step < CCS_MAX_POLICY + CCS_MAX_GROUP) |
| 1900 |
return; |
return; |
| 1901 |
head->r.eof = ccs_read_domain2(head, &ccs_global_domain); |
while (head->r.step < CCS_MAX_POLICY + CCS_MAX_GROUP |
| 1902 |
|
+ CCS_MAX_ACL_GROUPS) { |
| 1903 |
|
head->r.group_index = head->r.step - CCS_MAX_POLICY |
| 1904 |
|
- CCS_MAX_GROUP; |
| 1905 |
|
if (!ccs_read_domain2(head, |
| 1906 |
|
&ccs_acl_group[head->r.group_index])) |
| 1907 |
|
return; |
| 1908 |
|
head->r.step++; |
| 1909 |
|
} |
| 1910 |
|
head->r.eof = true; |
| 1911 |
} |
} |
| 1912 |
|
|
| 1913 |
/* Wait queue for ccs_query_list. */ |
/* Wait queue for ccs_query_list. */ |
TOMOYO
Parent Directory
Revision Log
Patch