Diff of /branches/ccs-patch/fs/tomoyo_network.c

TOMOYO

 Subversion リポジトリの参照



/[tomoyo]/branches/ccs-patch/fs/tomoyo_network.c




Diff of /branches/ccs-patch/fs/tomoyo_network.c



 Parent Directory

|  Revision Log



|  Patch














revision 2280 by kumaneko,
Wed Mar 18 09:18:09 2009 UTC




revision 2282 by kumaneko,
Thu Mar 19 04:46:42 2009 UTC






#

Line 472 
 const char *ccs_net2keyword(const u8 ope


Line 472 
 const char *ccs_net2keyword(const u8 ope












472
  * @max_address: End of IPv4 or IPv6 address range.
  * @max_address: End of IPv4 or IPv6 address range.

















473
  * @min_port:    Start of port number range.
  * @min_port:    Start of port number range.

















474
  * @max_port:    End of port number range.
  * @max_port:    End of port number range.















475


  * @domain:      Pointer to "struct domain_info".


  * @domain:      Pointer to "struct ccs_domain_info".















476
  * @condition:   Pointer to "struct ccs_condition_list". May be NULL.
  * @condition:   Pointer to "struct ccs_condition_list". May be NULL.

















477
  * @is_delete:   True if it is a delete request.
  * @is_delete:   True if it is a delete request.

















478
  *
  *











#

Line 483 
 static int ccs_update_network_entry(cons


Line 483 
 static int ccs_update_network_entry(cons












483
                                     const u32 *min_address,
                                     const u32 *min_address,

















484
                                     const u32 *max_address,
                                     const u32 *max_address,

















485
                                     const u16 min_port, const u16 max_port,
                                     const u16 min_port, const u16 max_port,















486


                                     struct domain_info *domain,


                                     struct ccs_domain_info *domain,















487
                                     const struct ccs_condition_list *condition,
                                     const struct ccs_condition_list *condition,

















488
                                     const bool is_delete)
                                     const bool is_delete)

















489
 {
 {











#

Line 609 
 static int ccs_check_network_entry(const


Line 609 
 static int ccs_check_network_entry(const












609
         char buf[64];
         char buf[64];

















610
         if (!ccs_can_sleep())
         if (!ccs_can_sleep())

















611
                 return 0;
                 return 0;















612


         ccs_init_request_info(&r, NULL, CCS_TOMOYO_MAC_FOR_NETWORK);


         ccs_init_request_info(&r, NULL, CCS_MAC_FOR_NETWORK);















613
         is_enforce = (r.mode == 3);
         is_enforce = (r.mode == 3);

















614
         if (!r.mode)
         if (!r.mode)

















615
                 return 0;
                 return 0;











#

Line 674 
 static int ccs_check_network_entry(const


Line 674 
 static int ccs_check_network_entry(const












674
  * ccs_write_network_policy - Write "struct ccs_ip_network_acl_record" list.
  * ccs_write_network_policy - Write "struct ccs_ip_network_acl_record" list.

















675
  *
  *

















676
  * @data:      String to parse.
  * @data:      String to parse.















677


  * @domain:    Pointer to "struct domain_info".


  * @domain:    Pointer to "struct ccs_domain_info".















678
  * @condition: Pointer to "struct ccs_condition_list". May be NULL.
  * @condition: Pointer to "struct ccs_condition_list". May be NULL.

















679
  * @is_delete: True if it is a delete request.
  * @is_delete: True if it is a delete request.

















680
  *
  *

















681
  * Returns 0 on success, negative value otherwise.
  * Returns 0 on success, negative value otherwise.

















682
  */
  */















683


 int ccs_write_network_policy(char *data, struct domain_info *domain,


 int ccs_write_network_policy(char *data, struct ccs_domain_info *domain,















684
                              const struct ccs_condition_list *condition,
                              const struct ccs_condition_list *condition,

















685
                              const bool is_delete)
                              const bool is_delete)

















686
 {
 {











#

Line 863 
 static inline int ccs_check_network_acce


Line 863 
 static inline int ccs_check_network_acce












863
                                                const u16 port)
                                                const u16 port)

















864
 {
 {

















865
         int retval;
         int retval;















866


         current->tomoyo_flags |= CCS_DONT_SLEEP_ON_ENFORCE_ERROR;


         current->ccs_flags |= CCS_DONT_SLEEP_ON_ENFORCE_ERROR;















867
         retval = ccs_check_network_entry(is_ipv6, NETWORK_ACL_TCP_ACCEPT,
         retval = ccs_check_network_entry(is_ipv6, NETWORK_ACL_TCP_ACCEPT,

















868
                                          (const u32 *) address, ntohs(port));
                                          (const u32 *) address, ntohs(port));















869


         current->tomoyo_flags &= ~CCS_DONT_SLEEP_ON_ENFORCE_ERROR;


         current->ccs_flags &= ~CCS_DONT_SLEEP_ON_ENFORCE_ERROR;















870
         return retval;
         return retval;

















871
 }
 }

















872
 
 











#

Line 913 
 static inline int ccs_check_network_recv


Line 913 
 static inline int ccs_check_network_recv












913
         const u8 operation
         const u8 operation

















914
                 = (sock_type == SOCK_DGRAM) ?
                 = (sock_type == SOCK_DGRAM) ?

















915
                 NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT;
                 NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT;















916


         current->tomoyo_flags |= CCS_DONT_SLEEP_ON_ENFORCE_ERROR;


         current->ccs_flags |= CCS_DONT_SLEEP_ON_ENFORCE_ERROR;















917
         retval = ccs_check_network_entry(is_ipv6, operation,
         retval = ccs_check_network_entry(is_ipv6, operation,

















918
                                          (const u32 *) address, ntohs(port));
                                          (const u32 *) address, ntohs(port));















919


         current->tomoyo_flags &= ~CCS_DONT_SLEEP_ON_ENFORCE_ERROR;


         current->ccs_flags &= ~CCS_DONT_SLEEP_ON_ENFORCE_ERROR;















920
         return retval;
         return retval;

















921
 }
 }

















922
 
 











#

Line 929 
 int ccs_socket_create_permission(int fam


Line 929 
 int ccs_socket_create_permission(int fam












929
         /* Nothing to do if I am a kernel service. */
         /* Nothing to do if I am a kernel service. */

















930
         if (segment_eq(get_fs(), KERNEL_DS))
         if (segment_eq(get_fs(), KERNEL_DS))

















931
                 return 0;
                 return 0;















932


         if (family == PF_PACKET && !ccs_capable(TOMOYO_USE_PACKET_SOCKET))


         if (family == PF_PACKET && !ccs_capable(CCS_USE_PACKET_SOCKET))















933
                 return -EPERM;
                 return -EPERM;















934


         if (family == PF_ROUTE && !ccs_capable(TOMOYO_USE_ROUTE_SOCKET))


         if (family == PF_ROUTE && !ccs_capable(CCS_USE_ROUTE_SOCKET))















935
                 return -EPERM;
                 return -EPERM;

















936
         if (family != PF_INET && family != PF_INET6)
         if (family != PF_INET && family != PF_INET6)

















937
                 return 0;
                 return 0;

















938
         switch (type) {
         switch (type) {

















939
         case SOCK_STREAM:
         case SOCK_STREAM:















940


                 if (!ccs_capable(TOMOYO_INET_STREAM_SOCKET_CREATE))


                 if (!ccs_capable(CCS_INET_STREAM_SOCKET_CREATE))















941
                         error = -EPERM;
                         error = -EPERM;

















942
                 break;
                 break;

















943
         case SOCK_DGRAM:
         case SOCK_DGRAM:















944


                 if (!ccs_capable(TOMOYO_USE_INET_DGRAM_SOCKET))


                 if (!ccs_capable(CCS_USE_INET_DGRAM_SOCKET))















945
                         error = -EPERM;
                         error = -EPERM;

















946
                 break;
                 break;

















947
         case SOCK_RAW:
         case SOCK_RAW:















948


                 if (!ccs_capable(TOMOYO_USE_INET_RAW_SOCKET))


                 if (!ccs_capable(CCS_USE_INET_RAW_SOCKET))















949
                         error = -EPERM;
                         error = -EPERM;

















950
                 break;
                 break;

















951
         }
         }











#

Line 970 
 int ccs_socket_listen_permission(struct


Line 970 
 int ccs_socket_listen_permission(struct












970
         default:
         default:

















971
                 return 0;
                 return 0;

















972
         }
         }















973


         if (!ccs_capable(TOMOYO_INET_STREAM_SOCKET_LISTEN))


         if (!ccs_capable(CCS_INET_STREAM_SOCKET_LISTEN))















974
                 return -EPERM;
                 return -EPERM;

















975
         if (sock->ops->getname(sock, (struct sockaddr *) addr, &addr_len, 0))
         if (sock->ops->getname(sock, (struct sockaddr *) addr, &addr_len, 0))

















976
                 return -EPERM;
                 return -EPERM;











#

Line 1044 
 int ccs_socket_connect_permission(struct


Line 1044 
 int ccs_socket_connect_permission(struct












1044
         switch (sock->sk->sk_family) {
         switch (sock->sk->sk_family) {

















1045
         case PF_INET:
         case PF_INET:

















1046
         case PF_INET6:
         case PF_INET6:















1047


                 if (!ccs_capable(TOMOYO_INET_STREAM_SOCKET_CONNECT))


                 if (!ccs_capable(CCS_INET_STREAM_SOCKET_CONNECT))















1048
                         error = -EPERM;
                         error = -EPERM;

















1049
                 break;
                 break;

















1050
         }
         }





























Legend:



Removed from v.2280
 


changed lines


 
Added in v.2282













Back to OSDN">Back to OSDN
ViewVC Help


Powered by ViewVC 1.1.26
 /[tomoyo]/branches/ccs-patch/fs/tomoyo_network.c
-revision 2280 by kumaneko,
Wed Mar 18 09:18:09 2009 UTC
+revision 2282 by kumaneko,
Thu Mar 19 04:46:42 2009 UTC
 Line 472 
 const char *ccs_net2keyword(const u8 ope
   * @max_address: End of IPv4 or IPv6 address range.
   * @min_port:    Start of port number range.
   * @max_port:    End of port number range.
-  * @domain:      Pointer to "struct domain_info".
+  * @domain:      Pointer to "struct ccs_domain_info".
   * @condition:   Pointer to "struct ccs_condition_list". May be NULL.
   * @is_delete:   True if it is a delete request.
   *
 Line 483 
 static int ccs_update_network_entry(cons
                                      const u32 *min_address,
                                      const u32 *max_address,
                                      const u16 min_port, const u16 max_port,
-                                     struct domain_info *domain,
+                                     struct ccs_domain_info *domain,
                                      const struct ccs_condition_list *condition,
                                      const bool is_delete)
  {
 Line 609 
 static int ccs_check_network_entry(const
          char buf[64];
          if (!ccs_can_sleep())
                  return 0;
-         ccs_init_request_info(&r, NULL, CCS_TOMOYO_MAC_FOR_NETWORK);
+         ccs_init_request_info(&r, NULL, CCS_MAC_FOR_NETWORK);
          is_enforce = (r.mode == 3);
          if (!r.mode)
                  return 0;
 Line 674 
 static int ccs_check_network_entry(const
   * ccs_write_network_policy - Write "struct ccs_ip_network_acl_record" list.
   *
   * @data:      String to parse.
-  * @domain:    Pointer to "struct domain_info".
+  * @domain:    Pointer to "struct ccs_domain_info".
   * @condition: Pointer to "struct ccs_condition_list". May be NULL.
   * @is_delete: True if it is a delete request.
   *
   * Returns 0 on success, negative value otherwise.
   */
- int ccs_write_network_policy(char *data, struct domain_info *domain,
+ int ccs_write_network_policy(char *data, struct ccs_domain_info *domain,
                               const struct ccs_condition_list *condition,
                               const bool is_delete)
  {
 Line 863 
 static inline int ccs_check_network_acce
                                                 const u16 port)
  {
          int retval;
-         current->tomoyo_flags |= CCS_DONT_SLEEP_ON_ENFORCE_ERROR;
+         current->ccs_flags |= CCS_DONT_SLEEP_ON_ENFORCE_ERROR;
          retval = ccs_check_network_entry(is_ipv6, NETWORK_ACL_TCP_ACCEPT,
                                           (const u32 *) address, ntohs(port));
-         current->tomoyo_flags &= ~CCS_DONT_SLEEP_ON_ENFORCE_ERROR;
+         current->ccs_flags &= ~CCS_DONT_SLEEP_ON_ENFORCE_ERROR;
          return retval;
  }
 Line 913 
 static inline int ccs_check_network_recv
          const u8 operation
                  = (sock_type == SOCK_DGRAM) ?
                  NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT;
-         current->tomoyo_flags |= CCS_DONT_SLEEP_ON_ENFORCE_ERROR;
+         current->ccs_flags |= CCS_DONT_SLEEP_ON_ENFORCE_ERROR;
          retval = ccs_check_network_entry(is_ipv6, operation,
                                           (const u32 *) address, ntohs(port));
-         current->tomoyo_flags &= ~CCS_DONT_SLEEP_ON_ENFORCE_ERROR;
+         current->ccs_flags &= ~CCS_DONT_SLEEP_ON_ENFORCE_ERROR;
          return retval;
  }
 Line 929 
 int ccs_socket_create_permission(int fam
          /* Nothing to do if I am a kernel service. */
          if (segment_eq(get_fs(), KERNEL_DS))
                  return 0;
-         if (family == PF_PACKET && !ccs_capable(TOMOYO_USE_PACKET_SOCKET))
+         if (family == PF_PACKET && !ccs_capable(CCS_USE_PACKET_SOCKET))
                  return -EPERM;
-         if (family == PF_ROUTE && !ccs_capable(TOMOYO_USE_ROUTE_SOCKET))
+         if (family == PF_ROUTE && !ccs_capable(CCS_USE_ROUTE_SOCKET))
                  return -EPERM;
          if (family != PF_INET && family != PF_INET6)
                  return 0;
          switch (type) {
          case SOCK_STREAM:
-                 if (!ccs_capable(TOMOYO_INET_STREAM_SOCKET_CREATE))
+                 if (!ccs_capable(CCS_INET_STREAM_SOCKET_CREATE))
                          error = -EPERM;
                  break;
          case SOCK_DGRAM:
-                 if (!ccs_capable(TOMOYO_USE_INET_DGRAM_SOCKET))
+                 if (!ccs_capable(CCS_USE_INET_DGRAM_SOCKET))
                          error = -EPERM;
                  break;
          case SOCK_RAW:
-                 if (!ccs_capable(TOMOYO_USE_INET_RAW_SOCKET))
+                 if (!ccs_capable(CCS_USE_INET_RAW_SOCKET))
                          error = -EPERM;
                  break;
          }
 Line 970 
 int ccs_socket_listen_permission(struct
          default:
                  return 0;
          }
-         if (!ccs_capable(TOMOYO_INET_STREAM_SOCKET_LISTEN))
+         if (!ccs_capable(CCS_INET_STREAM_SOCKET_LISTEN))
                  return -EPERM;
          if (sock->ops->getname(sock, (struct sockaddr *) addr, &addr_len, 0))
                  return -EPERM;
 Line 1044 
 int ccs_socket_connect_permission(struct
          switch (sock->sk->sk_family) {
          case PF_INET:
          case PF_INET6:
-                 if (!ccs_capable(TOMOYO_INET_STREAM_SOCKET_CONNECT))
+                 if (!ccs_capable(CCS_INET_STREAM_SOCKET_CONNECT))
                          error = -EPERM;
                  break;
          }
 Legend:



Removed from v.2280
 


changed lines


 
Added in v.2282
 Legend:



Removed from v.2280
 


changed lines


 
Added in v.2282
-Removed from v.2280
+Added in v.2282
-Back to OSDN">Back to OSDN
+ViewVC Help
 Powered by ViewVC 1.1.26

オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照