| 1162 |
return false; |
return false; |
| 1163 |
} |
} |
| 1164 |
|
|
| 1165 |
|
/** |
| 1166 |
|
* ccs_fns - Find next set bit. |
| 1167 |
|
* |
| 1168 |
|
* @perm: 8 bits value. |
| 1169 |
|
* @bit: First bit to find. |
| 1170 |
|
* |
| 1171 |
|
* Returns next set bit on success, 8 otherwise. |
| 1172 |
|
*/ |
| 1173 |
|
static u8 ccs_fns(const u8 perm, u8 bit) |
| 1174 |
|
{ |
| 1175 |
|
for ( ; bit < 8; bit++) |
| 1176 |
|
if (perm & (1 << bit)) |
| 1177 |
|
break; |
| 1178 |
|
return bit; |
| 1179 |
|
} |
| 1180 |
|
|
| 1181 |
static void ccs_set_group(struct ccs_io_buffer *head) |
static void ccs_set_group(struct ccs_io_buffer *head) |
| 1182 |
{ |
{ |
| 1183 |
if (head->type == CCS_EXCEPTIONPOLICY) |
if (head->type == CCS_EXCEPTIONPOLICY) |
| 1184 |
ccs_io_printf(head, "acl_group %u ", head->r.group_index); |
ccs_io_printf(head, "acl_group %u ", head->r.group_index); |
| 1185 |
} |
} |
| 1186 |
|
|
|
static void ccs_print_bits(struct ccs_io_buffer *head, const u16 perm, |
|
|
const char *keywords[]) { |
|
|
u8 bit; |
|
|
bool first = true; |
|
|
for (bit = 0; bit < 16; bit++) { |
|
|
if (!(perm & (1 << bit))) |
|
|
continue; |
|
|
if (!first) |
|
|
ccs_set_string(head, "/"); |
|
|
first = false; |
|
|
ccs_set_string(head, keywords[bit]); |
|
|
} |
|
|
} |
|
|
|
|
|
static bool ccs_print_file_bits(struct ccs_io_buffer *head, const u16 perm, |
|
|
const char *keywords[]) { |
|
|
if (!perm) |
|
|
return false; |
|
|
ccs_set_group(head); |
|
|
ccs_set_string(head, "file "); |
|
|
ccs_print_bits(head, perm, keywords); |
|
|
return true; |
|
|
} |
|
|
|
|
|
static bool ccs_print_network_bits(struct ccs_io_buffer *head, |
|
|
const char *protocol, const u8 perm) { |
|
|
if (!perm) |
|
|
return false; |
|
|
ccs_set_group(head); |
|
|
ccs_set_string(head, "network "); |
|
|
ccs_set_string(head, protocol); |
|
|
ccs_set_space(head); |
|
|
ccs_print_bits(head, perm, ccs_net_keyword); |
|
|
return true; |
|
|
} |
|
|
|
|
| 1187 |
/** |
/** |
| 1188 |
* ccs_print_entry - Print an ACL entry. |
* ccs_print_entry - Print an ACL entry. |
| 1189 |
* |
* |
| 1196 |
const struct ccs_acl_info *acl) |
const struct ccs_acl_info *acl) |
| 1197 |
{ |
{ |
| 1198 |
const u8 acl_type = acl->type; |
const u8 acl_type = acl->type; |
| 1199 |
|
u8 bit; |
| 1200 |
if (head->r.print_cond_part) |
if (head->r.print_cond_part) |
| 1201 |
goto print_cond_part; |
goto print_cond_part; |
| 1202 |
if (acl->is_deleted) |
if (acl->is_deleted) |
| 1203 |
return true; |
return true; |
| 1204 |
|
next: |
| 1205 |
|
bit = head->r.bit; |
| 1206 |
if (!ccs_flush(head)) |
if (!ccs_flush(head)) |
| 1207 |
return false; |
return false; |
| 1208 |
else if (acl_type == CCS_TYPE_PATH_ACL) { |
else if (acl_type == CCS_TYPE_PATH_ACL) { |
| 1209 |
struct ccs_path_acl *ptr |
struct ccs_path_acl *ptr |
| 1210 |
= container_of(acl, typeof(*ptr), head); |
= container_of(acl, typeof(*ptr), head); |
| 1211 |
u16 perm = ptr->perm; |
const u16 perm = ptr->perm; |
| 1212 |
if (head->r.print_execute_only) |
for ( ; bit < CCS_MAX_PATH_OPERATION; bit++) { |
| 1213 |
perm &= (1 << CCS_TYPE_EXECUTE) | |
if (!(perm & (1 << bit))) |
| 1214 |
(1 << CCS_TYPE_TRANSIT); |
continue; |
| 1215 |
if (!ccs_print_file_bits(head, perm, ccs_path_keyword)) |
if (head->r.print_execute_only && |
| 1216 |
|
bit != CCS_TYPE_EXECUTE && bit != CCS_TYPE_TRANSIT) |
| 1217 |
|
continue; |
| 1218 |
|
break; |
| 1219 |
|
} |
| 1220 |
|
if (bit >= CCS_MAX_PATH_OPERATION) |
| 1221 |
goto done; |
goto done; |
| 1222 |
|
ccs_set_group(head); |
| 1223 |
|
ccs_set_string(head, "file "); |
| 1224 |
|
ccs_set_string(head, ccs_path_keyword[bit]); |
| 1225 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
| 1226 |
} else if (acl_type == CCS_TYPE_EXECUTE_HANDLER || |
} else if (acl_type == CCS_TYPE_EXECUTE_HANDLER || |
| 1227 |
acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) { |
acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) { |
| 1238 |
} else if (acl_type == CCS_TYPE_MKDEV_ACL) { |
} else if (acl_type == CCS_TYPE_MKDEV_ACL) { |
| 1239 |
struct ccs_mkdev_acl *ptr = |
struct ccs_mkdev_acl *ptr = |
| 1240 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
| 1241 |
if (!ccs_print_file_bits(head, ptr->perm, ccs_mkdev_keyword)) |
bit = ccs_fns(ptr->perm, bit); |
| 1242 |
|
if (bit >= CCS_MAX_MKDEV_OPERATION) |
| 1243 |
goto done; |
goto done; |
| 1244 |
|
ccs_set_group(head); |
| 1245 |
|
ccs_set_string(head, "file "); |
| 1246 |
|
ccs_set_string(head, ccs_mkdev_keyword[bit]); |
| 1247 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
| 1248 |
ccs_print_number_union(head, &ptr->mode); |
ccs_print_number_union(head, &ptr->mode); |
| 1249 |
ccs_print_number_union(head, &ptr->major); |
ccs_print_number_union(head, &ptr->major); |
| 1251 |
} else if (acl_type == CCS_TYPE_PATH2_ACL) { |
} else if (acl_type == CCS_TYPE_PATH2_ACL) { |
| 1252 |
struct ccs_path2_acl *ptr = |
struct ccs_path2_acl *ptr = |
| 1253 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
| 1254 |
if (!ccs_print_file_bits(head, ptr->perm, ccs_path2_keyword)) |
bit = ccs_fns(ptr->perm, bit); |
| 1255 |
|
if (bit >= CCS_MAX_PATH2_OPERATION) |
| 1256 |
goto done; |
goto done; |
| 1257 |
|
ccs_set_group(head); |
| 1258 |
|
ccs_set_string(head, "file "); |
| 1259 |
|
ccs_set_string(head, ccs_path2_keyword[bit]); |
| 1260 |
ccs_print_name_union(head, &ptr->name1); |
ccs_print_name_union(head, &ptr->name1); |
| 1261 |
ccs_print_name_union(head, &ptr->name2); |
ccs_print_name_union(head, &ptr->name2); |
| 1262 |
} else if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) { |
} else if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) { |
| 1263 |
struct ccs_path_number_acl *ptr = |
struct ccs_path_number_acl *ptr = |
| 1264 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
| 1265 |
if (!ccs_print_file_bits(head, ptr->perm, |
bit = ccs_fns(ptr->perm, bit); |
| 1266 |
ccs_path_number_keyword)) |
if (bit >= CCS_MAX_PATH_NUMBER_OPERATION) |
| 1267 |
goto done; |
goto done; |
| 1268 |
|
ccs_set_group(head); |
| 1269 |
|
ccs_set_string(head, "file "); |
| 1270 |
|
ccs_set_string(head, ccs_path_number_keyword[bit]); |
| 1271 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
| 1272 |
ccs_print_number_union(head, &ptr->number); |
ccs_print_number_union(head, &ptr->number); |
| 1273 |
} else if (acl_type == CCS_TYPE_ENV_ACL) { |
} else if (acl_type == CCS_TYPE_ENV_ACL) { |
| 1285 |
} else if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
} else if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
| 1286 |
struct ccs_ip_network_acl *ptr = |
struct ccs_ip_network_acl *ptr = |
| 1287 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
| 1288 |
if (!ccs_print_network_bits(head, |
bit = ccs_fns(ptr->perm, bit); |
| 1289 |
ccs_net_protocol_keyword |
if (bit >= CCS_MAX_NETWORK_OPERATION) |
|
[ptr->protocol], ptr->perm)) |
|
| 1290 |
goto done; |
goto done; |
| 1291 |
|
ccs_set_group(head); |
| 1292 |
|
ccs_set_string(head, "network "); |
| 1293 |
|
ccs_set_string(head, ccs_net_protocol_keyword[ptr->protocol]); |
| 1294 |
|
ccs_set_space(head); |
| 1295 |
|
ccs_set_string(head, ccs_net_keyword[bit]); |
| 1296 |
ccs_set_space(head); |
ccs_set_space(head); |
| 1297 |
switch (ptr->address_type) { |
switch (ptr->address_type) { |
| 1298 |
char buf[128]; |
char buf[128]; |
| 1330 |
ccs_print_name_union(head, &ptr->fs_type); |
ccs_print_name_union(head, &ptr->fs_type); |
| 1331 |
ccs_print_number_union(head, &ptr->flags); |
ccs_print_number_union(head, &ptr->flags); |
| 1332 |
} |
} |
| 1333 |
|
head->r.bit = bit + 1; |
| 1334 |
if (acl->cond) { |
if (acl->cond) { |
| 1335 |
head->r.print_cond_part = true; |
head->r.print_cond_part = true; |
| 1336 |
head->r.cond_step = 0; |
head->r.cond_step = 0; |
| 1343 |
} else { |
} else { |
| 1344 |
ccs_set_lf(head); |
ccs_set_lf(head); |
| 1345 |
} |
} |
| 1346 |
|
switch (acl_type) { |
| 1347 |
|
case CCS_TYPE_PATH_ACL: |
| 1348 |
|
case CCS_TYPE_MKDEV_ACL: |
| 1349 |
|
case CCS_TYPE_PATH2_ACL: |
| 1350 |
|
case CCS_TYPE_PATH_NUMBER_ACL: |
| 1351 |
|
case CCS_TYPE_IP_NETWORK_ACL: |
| 1352 |
|
goto next; |
| 1353 |
|
} |
| 1354 |
done: |
done: |
| 1355 |
|
head->r.bit = 0; |
| 1356 |
return true; |
return true; |
| 1357 |
} |
} |
| 1358 |
|
|
TOMOYO
Parent Directory
Revision Log
Patch