| 39 |
struct vfsmount; |
struct vfsmount; |
| 40 |
struct inode; |
struct inode; |
| 41 |
|
|
|
#ifdef CONFIG_TOMOYO_MAC_FOR_FILE |
|
| 42 |
/* Check whether the given filename is allowed to read/write/execute. */ |
/* Check whether the given filename is allowed to read/write/execute. */ |
| 43 |
int CheckFilePerm(const char *filename, const u8 perm, const char *operation); |
int CheckFilePerm(const char *filename, const u8 perm, const char *operation); |
| 44 |
int CheckExecPerm(const struct path_info *filename, struct file *filp); |
int CheckExecPerm(const struct path_info *filename, struct file *filp); |
| 48 |
int CheckSingleWritePermission(const unsigned int operation, struct dentry *dentry, struct vfsmount *mnt); |
int CheckSingleWritePermission(const unsigned int operation, struct dentry *dentry, struct vfsmount *mnt); |
| 49 |
int CheckDoubleWritePermission(const unsigned int operation, struct dentry *dentry1, struct vfsmount *mnt1, struct dentry *dentry2, struct vfsmount *mnt2); |
int CheckDoubleWritePermission(const unsigned int operation, struct dentry *dentry1, struct vfsmount *mnt1, struct dentry *dentry2, struct vfsmount *mnt2); |
| 50 |
int CheckReWritePermission(struct file *filp); |
int CheckReWritePermission(struct file *filp); |
|
#else |
|
|
static inline int CheckFilePerm(const char *filename, const u8 perm, const char *operation) { return 0; } |
|
|
static inline int CheckExecPerm(const struct path_info *filename, struct file *filp) { return 0; } |
|
|
static inline int CheckOpenPermission(struct dentry *dentry, struct vfsmount *mnt, const int flag) { return 0; } |
|
|
static inline int CheckSingleWritePermission(const unsigned int operation, struct dentry *dentry, struct vfsmount *mnt) { return 0; } |
|
|
static inline int CheckDoubleWritePermission(const unsigned int operation, struct dentry *dentry1, struct vfsmount *mnt1, struct dentry *dentry2, struct vfsmount *mnt2) { return 0; } |
|
|
static inline int CheckReWritePermission(struct file *filp) { return 0; } |
|
|
#endif |
|
| 51 |
|
|
|
#ifdef CONFIG_TOMOYO_MAC_FOR_ARGV0 |
|
| 52 |
/* Check whether the basename of program and argv0 is allowed to differ. */ |
/* Check whether the basename of program and argv0 is allowed to differ. */ |
| 53 |
int CheckArgv0Perm(const struct path_info *filename, const char *argv0); |
int CheckArgv0Perm(const struct path_info *filename, const char *argv0); |
|
#else |
|
|
static inline int CheckArgv0Perm(const struct path_info *filename, const char *argv0) { return 0; } |
|
|
#endif |
|
| 54 |
|
|
| 55 |
/* Check whether the given IP address and port number are allowed to use. */ |
/* Check whether the given IP address and port number are allowed to use. */ |
|
#ifdef CONFIG_TOMOYO_MAC_FOR_NETWORK |
|
| 56 |
int CheckNetworkListenACL(const int is_ipv6, const u8 *address, const u16 port); |
int CheckNetworkListenACL(const int is_ipv6, const u8 *address, const u16 port); |
| 57 |
int CheckNetworkConnectACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
int CheckNetworkConnectACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
| 58 |
int CheckNetworkBindACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
int CheckNetworkBindACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
| 59 |
int CheckNetworkAcceptACL(const int is_ipv6, const u8 *address, const u16 port); |
int CheckNetworkAcceptACL(const int is_ipv6, const u8 *address, const u16 port); |
| 60 |
int CheckNetworkSendMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
int CheckNetworkSendMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
| 61 |
int CheckNetworkRecvMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
int CheckNetworkRecvMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
|
#else |
|
|
static inline int CheckNetworkListenACL(const int is_ipv6, const u8 *address, const u16 port) { return 0; } |
|
|
static inline int CheckNetworkConnectACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port) { return 0; } |
|
|
static inline int CheckNetworkBindACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port) { return 0; } |
|
|
static inline int CheckNetworkAcceptACL(const int is_ipv6, const u8 *address, const u16 port) { return 0; } |
|
|
static inline int CheckNetworkSendMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port) { return 0; } |
|
|
static inline int CheckNetworkRecvMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port) { return 0; } |
|
|
#endif |
|
| 62 |
|
|
| 63 |
/* Check whether the given signal is allowed to use. */ |
/* Check whether the given signal is allowed to use. */ |
|
#ifdef CONFIG_TOMOYO_MAC_FOR_SIGNAL |
|
| 64 |
int CheckSignalACL(const int sig, const int pid); |
int CheckSignalACL(const int sig, const int pid); |
|
#else |
|
|
static inline int CheckSignalACL(const int sig, const int pid) { return 0; } |
|
|
#endif |
|
| 65 |
|
|
| 66 |
/* Check whether the given capability is allowed to use. */ |
/* Check whether the given capability is allowed to use. */ |
|
#ifdef CONFIG_TOMOYO_MAC_FOR_CAPABILITY |
|
| 67 |
int CheckCapabilityACL(const unsigned int capability); |
int CheckCapabilityACL(const unsigned int capability); |
|
#else |
|
|
static inline int CheckCapabilityACL(const unsigned int capability) { return 0; } |
|
|
#endif |
|
| 68 |
|
|
| 69 |
#include <linux/version.h> |
#include <linux/version.h> |
| 70 |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0) |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0) |
TOMOYO
Parent Directory
Revision Log
Patch