3 |
* |
* |
4 |
* Implementation of the Domain-Based Mandatory Access Control. |
* Implementation of the Domain-Based Mandatory Access Control. |
5 |
* |
* |
6 |
* Copyright (C) 2005-2007 NTT DATA CORPORATION |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
7 |
* |
* |
8 |
* Version: 1.5.3-pre 2007/12/18 |
* Version: 1.5.3-pre 2008/01/02 |
9 |
* |
* |
10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
11 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
24 |
|
|
25 |
/************************* AUDIT FUNCTIONS *************************/ |
/************************* AUDIT FUNCTIONS *************************/ |
26 |
|
|
27 |
static int AuditNetworkLog(const bool is_ipv6, const char *operation, const u32 *address, const u16 port, const bool is_granted, const u8 profile, const unsigned int mode) |
static int AuditNetworkLog(const bool is_ipv6, const char *operation, const u32 *address, const u16 port, const bool is_granted, const u8 profile, const u8 mode) |
28 |
{ |
{ |
29 |
char *buf; |
char *buf; |
30 |
int len = 256; |
int len = 256; |
260 |
return buffer; |
return buffer; |
261 |
} |
} |
262 |
|
|
263 |
const char *network2keyword(const unsigned int operation) |
const char *net_operation2keyword(const u8 operation) |
264 |
{ |
{ |
265 |
const char *keyword = "unknown"; |
const char *keyword = "unknown"; |
266 |
switch (operation) { |
switch (operation) { |
372 |
return error; |
return error; |
373 |
} |
} |
374 |
|
|
375 |
static int CheckNetworkEntry(const bool is_ipv6, const int operation, const u32 *address, const u16 port) |
static int CheckNetworkEntry(const bool is_ipv6, const u8 operation, const u32 *address, const u16 port) |
376 |
{ |
{ |
377 |
struct domain_info * const domain = current->domain_info; |
struct domain_info * const domain = current->domain_info; |
378 |
struct acl_info *ptr; |
struct acl_info *ptr; |
379 |
const char *keyword = network2keyword(operation); |
const char *keyword = net_operation2keyword(operation); |
380 |
const u8 profile = current->domain_info->profile; |
const u8 profile = current->domain_info->profile; |
381 |
const unsigned int mode = CheckCCSFlags(CCS_TOMOYO_MAC_FOR_NETWORK); |
const u8 mode = CheckCCSFlags(CCS_TOMOYO_MAC_FOR_NETWORK); |
382 |
const bool is_enforce = (mode == 3); |
const bool is_enforce = (mode == 3); |
383 |
const u32 ip = ntohl(*address); /* using host byte order to allow u32 comparison than memcmp().*/ |
const u32 ip = ntohl(*address); /* using host byte order to allow u32 comparison than memcmp().*/ |
384 |
bool found = 0; |
bool found = 0; |