39 |
struct vfsmount; |
struct vfsmount; |
40 |
struct inode; |
struct inode; |
41 |
|
|
|
#ifdef CONFIG_TOMOYO_MAC_FOR_FILE |
|
42 |
/* Check whether the given filename is allowed to read/write/execute. */ |
/* Check whether the given filename is allowed to read/write/execute. */ |
43 |
int CheckFilePerm(const char *filename, const u8 perm, const char *operation); |
int CheckFilePerm(const char *filename, const u8 perm, const char *operation); |
44 |
int CheckExecPerm(const struct path_info *filename, struct file *filp); |
int CheckExecPerm(const struct path_info *filename, struct file *filp); |
48 |
int CheckSingleWritePermission(const unsigned int operation, struct dentry *dentry, struct vfsmount *mnt); |
int CheckSingleWritePermission(const unsigned int operation, struct dentry *dentry, struct vfsmount *mnt); |
49 |
int CheckDoubleWritePermission(const unsigned int operation, struct dentry *dentry1, struct vfsmount *mnt1, struct dentry *dentry2, struct vfsmount *mnt2); |
int CheckDoubleWritePermission(const unsigned int operation, struct dentry *dentry1, struct vfsmount *mnt1, struct dentry *dentry2, struct vfsmount *mnt2); |
50 |
int CheckReWritePermission(struct file *filp); |
int CheckReWritePermission(struct file *filp); |
|
#else |
|
|
static inline int CheckFilePerm(const char *filename, const u8 perm, const char *operation) { return 0; } |
|
|
static inline int CheckExecPerm(const struct path_info *filename, struct file *filp) { return 0; } |
|
|
static inline int CheckOpenPermission(struct dentry *dentry, struct vfsmount *mnt, const int flag) { return 0; } |
|
|
static inline int CheckSingleWritePermission(const unsigned int operation, struct dentry *dentry, struct vfsmount *mnt) { return 0; } |
|
|
static inline int CheckDoubleWritePermission(const unsigned int operation, struct dentry *dentry1, struct vfsmount *mnt1, struct dentry *dentry2, struct vfsmount *mnt2) { return 0; } |
|
|
static inline int CheckReWritePermission(struct file *filp) { return 0; } |
|
|
#endif |
|
51 |
|
|
|
#ifdef CONFIG_TOMOYO_MAC_FOR_ARGV0 |
|
52 |
/* Check whether the basename of program and argv0 is allowed to differ. */ |
/* Check whether the basename of program and argv0 is allowed to differ. */ |
53 |
int CheckArgv0Perm(const struct path_info *filename, const char *argv0); |
int CheckArgv0Perm(const struct path_info *filename, const char *argv0); |
|
#else |
|
|
static inline int CheckArgv0Perm(const struct path_info *filename, const char *argv0) { return 0; } |
|
|
#endif |
|
54 |
|
|
55 |
/* Check whether the given IP address and port number are allowed to use. */ |
/* Check whether the given IP address and port number are allowed to use. */ |
|
#ifdef CONFIG_TOMOYO_MAC_FOR_NETWORK |
|
56 |
int CheckNetworkListenACL(const int is_ipv6, const u8 *address, const u16 port); |
int CheckNetworkListenACL(const int is_ipv6, const u8 *address, const u16 port); |
57 |
int CheckNetworkConnectACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
int CheckNetworkConnectACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
58 |
int CheckNetworkBindACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
int CheckNetworkBindACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
59 |
int CheckNetworkAcceptACL(const int is_ipv6, const u8 *address, const u16 port); |
int CheckNetworkAcceptACL(const int is_ipv6, const u8 *address, const u16 port); |
60 |
int CheckNetworkSendMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
int CheckNetworkSendMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
61 |
int CheckNetworkRecvMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
int CheckNetworkRecvMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port); |
|
#else |
|
|
static inline int CheckNetworkListenACL(const int is_ipv6, const u8 *address, const u16 port) { return 0; } |
|
|
static inline int CheckNetworkConnectACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port) { return 0; } |
|
|
static inline int CheckNetworkBindACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port) { return 0; } |
|
|
static inline int CheckNetworkAcceptACL(const int is_ipv6, const u8 *address, const u16 port) { return 0; } |
|
|
static inline int CheckNetworkSendMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port) { return 0; } |
|
|
static inline int CheckNetworkRecvMsgACL(const int is_ipv6, const int sock_type, const u8 *address, const u16 port) { return 0; } |
|
|
#endif |
|
62 |
|
|
63 |
/* Check whether the given signal is allowed to use. */ |
/* Check whether the given signal is allowed to use. */ |
|
#ifdef CONFIG_TOMOYO_MAC_FOR_SIGNAL |
|
64 |
int CheckSignalACL(const int sig, const int pid); |
int CheckSignalACL(const int sig, const int pid); |
|
#else |
|
|
static inline int CheckSignalACL(const int sig, const int pid) { return 0; } |
|
|
#endif |
|
65 |
|
|
66 |
/* Check whether the given capability is allowed to use. */ |
/* Check whether the given capability is allowed to use. */ |
|
#ifdef CONFIG_TOMOYO_MAC_FOR_CAPABILITY |
|
67 |
int CheckCapabilityACL(const unsigned int capability); |
int CheckCapabilityACL(const unsigned int capability); |
|
#else |
|
|
static inline int CheckCapabilityACL(const unsigned int capability) { return 0; } |
|
|
#endif |
|
68 |
|
|
69 |
#include <linux/version.h> |
#include <linux/version.h> |
70 |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0) |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0) |