1162 |
return false; |
return false; |
1163 |
} |
} |
1164 |
|
|
1165 |
|
/** |
1166 |
|
* ccs_fns - Find next set bit. |
1167 |
|
* |
1168 |
|
* @perm: 8 bits value. |
1169 |
|
* @bit: First bit to find. |
1170 |
|
* |
1171 |
|
* Returns next set bit on success, 8 otherwise. |
1172 |
|
*/ |
1173 |
|
static u8 ccs_fns(const u8 perm, u8 bit) |
1174 |
|
{ |
1175 |
|
for ( ; bit < 8; bit++) |
1176 |
|
if (perm & (1 << bit)) |
1177 |
|
break; |
1178 |
|
return bit; |
1179 |
|
} |
1180 |
|
|
1181 |
static void ccs_set_group(struct ccs_io_buffer *head) |
static void ccs_set_group(struct ccs_io_buffer *head) |
1182 |
{ |
{ |
1183 |
if (head->type == CCS_EXCEPTIONPOLICY) |
if (head->type == CCS_EXCEPTIONPOLICY) |
1184 |
ccs_io_printf(head, "acl_group %u ", head->r.group_index); |
ccs_io_printf(head, "acl_group %u ", head->r.group_index); |
1185 |
} |
} |
1186 |
|
|
|
static void ccs_print_bits(struct ccs_io_buffer *head, const u16 perm, |
|
|
const char *keywords[]) { |
|
|
u8 bit; |
|
|
bool first = true; |
|
|
for (bit = 0; bit < 16; bit++) { |
|
|
if (!(perm & (1 << bit))) |
|
|
continue; |
|
|
if (!first) |
|
|
ccs_set_string(head, "/"); |
|
|
first = false; |
|
|
ccs_set_string(head, keywords[bit]); |
|
|
} |
|
|
} |
|
|
|
|
|
static bool ccs_print_file_bits(struct ccs_io_buffer *head, const u16 perm, |
|
|
const char *keywords[]) { |
|
|
if (!perm) |
|
|
return false; |
|
|
ccs_set_group(head); |
|
|
ccs_set_string(head, "file "); |
|
|
ccs_print_bits(head, perm, keywords); |
|
|
return true; |
|
|
} |
|
|
|
|
|
static bool ccs_print_network_bits(struct ccs_io_buffer *head, |
|
|
const char *protocol, const u8 perm) { |
|
|
if (!perm) |
|
|
return false; |
|
|
ccs_set_group(head); |
|
|
ccs_set_string(head, "network "); |
|
|
ccs_set_string(head, protocol); |
|
|
ccs_set_space(head); |
|
|
ccs_print_bits(head, perm, ccs_net_keyword); |
|
|
return true; |
|
|
} |
|
|
|
|
1187 |
/** |
/** |
1188 |
* ccs_print_entry - Print an ACL entry. |
* ccs_print_entry - Print an ACL entry. |
1189 |
* |
* |
1196 |
const struct ccs_acl_info *acl) |
const struct ccs_acl_info *acl) |
1197 |
{ |
{ |
1198 |
const u8 acl_type = acl->type; |
const u8 acl_type = acl->type; |
1199 |
|
u8 bit; |
1200 |
if (head->r.print_cond_part) |
if (head->r.print_cond_part) |
1201 |
goto print_cond_part; |
goto print_cond_part; |
1202 |
if (acl->is_deleted) |
if (acl->is_deleted) |
1203 |
return true; |
return true; |
1204 |
|
next: |
1205 |
|
bit = head->r.bit; |
1206 |
if (!ccs_flush(head)) |
if (!ccs_flush(head)) |
1207 |
return false; |
return false; |
1208 |
else if (acl_type == CCS_TYPE_PATH_ACL) { |
else if (acl_type == CCS_TYPE_PATH_ACL) { |
1209 |
struct ccs_path_acl *ptr |
struct ccs_path_acl *ptr |
1210 |
= container_of(acl, typeof(*ptr), head); |
= container_of(acl, typeof(*ptr), head); |
1211 |
u16 perm = ptr->perm; |
const u16 perm = ptr->perm; |
1212 |
if (head->r.print_execute_only) |
for ( ; bit < CCS_MAX_PATH_OPERATION; bit++) { |
1213 |
perm &= (1 << CCS_TYPE_EXECUTE) | |
if (!(perm & (1 << bit))) |
1214 |
(1 << CCS_TYPE_TRANSIT); |
continue; |
1215 |
if (!ccs_print_file_bits(head, perm, ccs_path_keyword)) |
if (head->r.print_execute_only && |
1216 |
|
bit != CCS_TYPE_EXECUTE && bit != CCS_TYPE_TRANSIT) |
1217 |
|
continue; |
1218 |
|
break; |
1219 |
|
} |
1220 |
|
if (bit >= CCS_MAX_PATH_OPERATION) |
1221 |
goto done; |
goto done; |
1222 |
|
ccs_set_group(head); |
1223 |
|
ccs_set_string(head, "file "); |
1224 |
|
ccs_set_string(head, ccs_path_keyword[bit]); |
1225 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
1226 |
} else if (acl_type == CCS_TYPE_EXECUTE_HANDLER || |
} else if (acl_type == CCS_TYPE_EXECUTE_HANDLER || |
1227 |
acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) { |
acl_type == CCS_TYPE_DENIED_EXECUTE_HANDLER) { |
1238 |
} else if (acl_type == CCS_TYPE_MKDEV_ACL) { |
} else if (acl_type == CCS_TYPE_MKDEV_ACL) { |
1239 |
struct ccs_mkdev_acl *ptr = |
struct ccs_mkdev_acl *ptr = |
1240 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
1241 |
if (!ccs_print_file_bits(head, ptr->perm, ccs_mkdev_keyword)) |
bit = ccs_fns(ptr->perm, bit); |
1242 |
|
if (bit >= CCS_MAX_MKDEV_OPERATION) |
1243 |
goto done; |
goto done; |
1244 |
|
ccs_set_group(head); |
1245 |
|
ccs_set_string(head, "file "); |
1246 |
|
ccs_set_string(head, ccs_mkdev_keyword[bit]); |
1247 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
1248 |
ccs_print_number_union(head, &ptr->mode); |
ccs_print_number_union(head, &ptr->mode); |
1249 |
ccs_print_number_union(head, &ptr->major); |
ccs_print_number_union(head, &ptr->major); |
1251 |
} else if (acl_type == CCS_TYPE_PATH2_ACL) { |
} else if (acl_type == CCS_TYPE_PATH2_ACL) { |
1252 |
struct ccs_path2_acl *ptr = |
struct ccs_path2_acl *ptr = |
1253 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
1254 |
if (!ccs_print_file_bits(head, ptr->perm, ccs_path2_keyword)) |
bit = ccs_fns(ptr->perm, bit); |
1255 |
|
if (bit >= CCS_MAX_PATH2_OPERATION) |
1256 |
goto done; |
goto done; |
1257 |
|
ccs_set_group(head); |
1258 |
|
ccs_set_string(head, "file "); |
1259 |
|
ccs_set_string(head, ccs_path2_keyword[bit]); |
1260 |
ccs_print_name_union(head, &ptr->name1); |
ccs_print_name_union(head, &ptr->name1); |
1261 |
ccs_print_name_union(head, &ptr->name2); |
ccs_print_name_union(head, &ptr->name2); |
1262 |
} else if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) { |
} else if (acl_type == CCS_TYPE_PATH_NUMBER_ACL) { |
1263 |
struct ccs_path_number_acl *ptr = |
struct ccs_path_number_acl *ptr = |
1264 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
1265 |
if (!ccs_print_file_bits(head, ptr->perm, |
bit = ccs_fns(ptr->perm, bit); |
1266 |
ccs_path_number_keyword)) |
if (bit >= CCS_MAX_PATH_NUMBER_OPERATION) |
1267 |
goto done; |
goto done; |
1268 |
|
ccs_set_group(head); |
1269 |
|
ccs_set_string(head, "file "); |
1270 |
|
ccs_set_string(head, ccs_path_number_keyword[bit]); |
1271 |
ccs_print_name_union(head, &ptr->name); |
ccs_print_name_union(head, &ptr->name); |
1272 |
ccs_print_number_union(head, &ptr->number); |
ccs_print_number_union(head, &ptr->number); |
1273 |
} else if (acl_type == CCS_TYPE_ENV_ACL) { |
} else if (acl_type == CCS_TYPE_ENV_ACL) { |
1285 |
} else if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
} else if (acl_type == CCS_TYPE_IP_NETWORK_ACL) { |
1286 |
struct ccs_ip_network_acl *ptr = |
struct ccs_ip_network_acl *ptr = |
1287 |
container_of(acl, typeof(*ptr), head); |
container_of(acl, typeof(*ptr), head); |
1288 |
if (!ccs_print_network_bits(head, |
bit = ccs_fns(ptr->perm, bit); |
1289 |
ccs_net_protocol_keyword |
if (bit >= CCS_MAX_NETWORK_OPERATION) |
|
[ptr->protocol], ptr->perm)) |
|
1290 |
goto done; |
goto done; |
1291 |
|
ccs_set_group(head); |
1292 |
|
ccs_set_string(head, "network "); |
1293 |
|
ccs_set_string(head, ccs_net_protocol_keyword[ptr->protocol]); |
1294 |
|
ccs_set_space(head); |
1295 |
|
ccs_set_string(head, ccs_net_keyword[bit]); |
1296 |
ccs_set_space(head); |
ccs_set_space(head); |
1297 |
switch (ptr->address_type) { |
switch (ptr->address_type) { |
1298 |
char buf[128]; |
char buf[128]; |
1330 |
ccs_print_name_union(head, &ptr->fs_type); |
ccs_print_name_union(head, &ptr->fs_type); |
1331 |
ccs_print_number_union(head, &ptr->flags); |
ccs_print_number_union(head, &ptr->flags); |
1332 |
} |
} |
1333 |
|
head->r.bit = bit + 1; |
1334 |
if (acl->cond) { |
if (acl->cond) { |
1335 |
head->r.print_cond_part = true; |
head->r.print_cond_part = true; |
1336 |
head->r.cond_step = 0; |
head->r.cond_step = 0; |
1343 |
} else { |
} else { |
1344 |
ccs_set_lf(head); |
ccs_set_lf(head); |
1345 |
} |
} |
1346 |
|
switch (acl_type) { |
1347 |
|
case CCS_TYPE_PATH_ACL: |
1348 |
|
case CCS_TYPE_MKDEV_ACL: |
1349 |
|
case CCS_TYPE_PATH2_ACL: |
1350 |
|
case CCS_TYPE_PATH_NUMBER_ACL: |
1351 |
|
case CCS_TYPE_IP_NETWORK_ACL: |
1352 |
|
goto next; |
1353 |
|
} |
1354 |
done: |
done: |
1355 |
|
head->r.bit = 0; |
1356 |
return true; |
return true; |
1357 |
} |
} |
1358 |
|
|