オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.6.x/ccs-patch/fs/tomoyo_network.c

Annotation of /trunk/1.6.x/ccs-patch/fs/tomoyo_network.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 581 - (hide annotations) (download) (as text)
Tue Oct 16 08:00:21 2007 UTC (16 years, 7 months ago) by kumaneko
Original Path: trunk/1.5.x/ccs-patch/fs/tomoyo_network.c
File MIME type: text/x-csrc
File size: 18788 byte(s) 
Add environment variable checking function
1 kumaneko 111 /*
2     * fs/tomoyo_network.c
3     *
4     * Implementation of the Domain-Based Mandatory Access Control.
5     *
6     * Copyright (C) 2005-2007 NTT DATA CORPORATION
7     *
8 kumaneko 581 * Version: 1.5.1-pre 2007/10/16
9 kumaneko 111 *
10     * This file is applicable to both 2.4.30 and 2.6.11 and later.
11     * See README.ccs for ChangeLog.
12     *
13     */
14     /***** TOMOYO Linux start. *****/
15    
16     #include <linux/ccs_common.h>
17     #include <linux/tomoyo.h>
18     #include <linux/realpath.h>
19     #include <net/ip.h>
20    
21     /************************* VARIABLES *************************/
22    
23     extern struct semaphore domain_acl_lock;
24    
25     /************************* AUDIT FUNCTIONS *************************/
26    
27 kumaneko 512 static int AuditNetworkLog(const u8 is_ipv6, const char *operation, const u32 *address, const u16 port, const u8 is_granted)
28 kumaneko 111 {
29     char *buf;
30     int len = 256;
31     if (CanSaveAuditLog(is_granted) < 0) return -ENOMEM;
32     if ((buf = InitAuditLog(&len)) == NULL) return -ENOMEM;
33     snprintf(buf + strlen(buf), len - strlen(buf) - 1, KEYWORD_ALLOW_NETWORK "%s ", operation);
34     if (is_ipv6) {
35     print_ipv6(buf + strlen(buf), len - strlen(buf), (const u16 *) address);
36     } else {
37     u32 ip = *address;
38     snprintf(buf + strlen(buf), len - strlen(buf) - 1, "%u.%u.%u.%u", NIPQUAD(ip));
39     }
40     snprintf(buf + strlen(buf), len - strlen(buf) - 1, " %u\n", port);
41     return WriteAuditLog(buf, is_granted);
42     }
43    
44     /************************* ADDRESS GROUP HANDLER *************************/
45    
46 kumaneko 214 static struct address_group_entry *group_list = NULL;
47 kumaneko 111
48 kumaneko 512 static int AddAddressGroupEntry(const char *group_name, const u8 is_ipv6, const u16 *min_address, const u16 *max_address, const u8 is_delete)
49 kumaneko 111 {
50     static DECLARE_MUTEX(lock);
51 kumaneko 214 struct address_group_entry *new_group, *group;
52     struct address_group_member *new_member, *member;
53 kumaneko 111 const struct path_info *saved_group_name;
54     int error = -ENOMEM;
55     if (!IsCorrectPath(group_name, 0, 0, 0, __FUNCTION__) || !group_name[0]) return -EINVAL;
56     if ((saved_group_name = SaveName(group_name)) == NULL) return -ENOMEM;
57     down(&lock);
58     for (group = group_list; group; group = group->next) {
59     if (saved_group_name != group->group_name) continue;
60     for (member = group->first_member; member; member = member->next) {
61     if (member->is_ipv6 != is_ipv6) continue;
62     if (is_ipv6) {
63     if (memcmp(member->min.ipv6, min_address, 16) || memcmp(member->max.ipv6, max_address, 16)) continue;
64     } else {
65     if (member->min.ipv4 != * (u32 *) min_address || member->max.ipv4 != * (u32 *) max_address) continue;
66     }
67     member->is_deleted = is_delete;
68     error = 0;
69     goto out;
70     }
71     break;
72     }
73     if (is_delete) {
74     error = -ENOENT;
75     goto out;
76     }
77     if (!group) {
78 kumaneko 214 if ((new_group = alloc_element(sizeof(*new_group))) == NULL) goto out;
79 kumaneko 111 new_group->group_name = saved_group_name;
80     mb(); /* Instead of using spinlock. */
81     if ((group = group_list) != NULL) {
82     while (group->next) group = group->next; group->next = new_group;
83     } else {
84     group_list= new_group;
85     }
86     group = new_group;
87     }
88 kumaneko 214 if ((new_member = alloc_element(sizeof(*new_member))) == NULL) goto out;
89 kumaneko 111 new_member->is_ipv6 = is_ipv6;
90     if (is_ipv6) {
91     memmove(new_member->min.ipv6, min_address, 16);
92     memmove(new_member->max.ipv6, max_address, 16);
93     } else {
94     new_member->min.ipv4 = * (u32 *) min_address;
95     new_member->max.ipv4 = * (u32 *) max_address;
96     }
97     mb(); /* Instead of using spinlock. */
98     if ((member = group->first_member) != NULL) {
99     while (member->next) member = member->next; member->next = new_member;
100     } else {
101     group->first_member = new_member;
102     }
103     error = 0;
104     out:
105     up(&lock);
106     return error;
107     }
108    
109 kumaneko 512 int AddAddressGroupPolicy(char *data, const u8 is_delete)
110 kumaneko 111 {
111     int count, is_ipv6;
112     u16 min_address[8], max_address[8];
113     char *cp = strchr(data, ' ');
114     if (!cp) return -EINVAL;
115     *cp++ = '\0';
116     if ((count = sscanf(cp, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx-%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx",
117     &min_address[0], &min_address[1], &min_address[2], &min_address[3],
118     &min_address[4], &min_address[5], &min_address[6], &min_address[7],
119     &max_address[0], &max_address[1], &max_address[2], &max_address[3],
120     &max_address[4], &max_address[5], &max_address[6], &max_address[7])) == 8 || count == 16) {
121     int i;
122     for (i = 0; i < 8; i++) {
123     min_address[i] = htons(min_address[i]);
124     max_address[i] = htons(max_address[i]);
125     }
126     if (count == 8) memmove(max_address, min_address, sizeof(min_address));
127     is_ipv6 = 1;
128     } else if ((count = sscanf(cp, "%hu.%hu.%hu.%hu-%hu.%hu.%hu.%hu",
129     &min_address[0], &min_address[1], &min_address[2], &min_address[3],
130     &max_address[0], &max_address[1], &max_address[2], &max_address[3])) == 4 || count == 8) {
131     u32 ip = ((((u8) min_address[0]) << 24) + (((u8) min_address[1]) << 16) + (((u8) min_address[2]) << 8) + (u8) min_address[3]);
132     * (u32 *) min_address = ip;
133     if (count == 8) ip = ((((u8) max_address[0]) << 24) + (((u8) max_address[1]) << 16) + (((u8) max_address[2]) << 8) + (u8) max_address[3]);
134     * (u32 *) max_address = ip;
135     is_ipv6 = 0;
136     } else {
137     return -EINVAL;
138     }
139     return AddAddressGroupEntry(data, is_ipv6, min_address, max_address, is_delete);
140     }
141    
142 kumaneko 214 static struct address_group_entry *FindOrAssignNewAddressGroup(const char *group_name)
143 kumaneko 111 {
144     int i;
145 kumaneko 214 struct address_group_entry *group;
146 kumaneko 111 for (i = 0; i <= 1; i++) {
147     for (group = group_list; group; group = group->next) {
148     if (strcmp(group_name, group->group_name->name) == 0) return group;
149     }
150     if (i == 0) {
151     const u16 dummy[2] = { 0, 0 };
152     AddAddressGroupEntry(group_name, 0, dummy, dummy, 0);
153     AddAddressGroupEntry(group_name, 0, dummy, dummy, 1);
154     }
155     }
156     return NULL;
157     }
158    
159 kumaneko 214 static int AddressMatchesToGroup(const u8 is_ipv6, const u32 *address, const struct address_group_entry *group)
160 kumaneko 111 {
161 kumaneko 214 struct address_group_member *member;
162 kumaneko 111 const u32 ip = ntohl(*address);
163     for (member = group->first_member; member; member = member->next) {
164     if (member->is_deleted) continue;
165     if (member->is_ipv6) {
166 kumaneko 141 if (is_ipv6 && memcmp(member->min.ipv6, address, 16) <= 0 && memcmp(address, member->max.ipv6, 16) <= 0) return 1;
167 kumaneko 111 } else {
168 kumaneko 141 if (!is_ipv6 && member->min.ipv4 <= ip && ip <= member->max.ipv4) return 1;
169 kumaneko 111 }
170     }
171     return 0;
172     }
173    
174 kumaneko 214 int ReadAddressGroupPolicy(struct io_buffer *head)
175 kumaneko 111 {
176 kumaneko 214 struct address_group_entry *group = head->read_var1;
177     struct address_group_member *member = head->read_var2;
178 kumaneko 111 if (!group) group = group_list;
179     while (group) {
180 kumaneko 214 head->read_var1 = group;
181 kumaneko 111 if (!member) member = group->first_member;
182     while (member) {
183 kumaneko 214 head->read_var2 = member;
184 kumaneko 111 if (!member->is_deleted) {
185     char buf[128];
186     if (member->is_ipv6) {
187     const u16 *min_address = member->min.ipv6, *max_address = member->max.ipv6;
188     print_ipv6(buf, sizeof(buf), min_address);
189     if (memcmp(min_address, max_address, 16)) {
190     char *cp = strchr(buf, '\0');
191     *cp++ = '-';
192     print_ipv6(cp, sizeof(buf) - strlen(buf), max_address);
193     }
194     } else {
195     const u32 min_address = member->min.ipv4, max_address = member->max.ipv4;
196     memset(buf, 0, sizeof(buf));
197     snprintf(buf, sizeof(buf) - 1, "%u.%u.%u.%u", HIPQUAD(min_address));
198     if (min_address != max_address) {
199     const int len = strlen(buf);
200     snprintf(buf + len, sizeof(buf) - 1 - len, "-%u.%u.%u.%u", HIPQUAD(max_address));
201     }
202     }
203     if (io_printf(head, KEYWORD_ADDRESS_GROUP "%s %s\n", group->group_name->name, buf)) break;
204     }
205     member = member->next;
206     }
207     if (member) break;
208     head->read_var2 = NULL;
209     group = group->next;
210     }
211     return group ? -ENOMEM : 0;
212     }
213    
214     /************************* NETWORK NETWORK ACL HANDLER *************************/
215    
216     char *print_ipv6(char *buffer, const int buffer_len, const u16 *ip)
217     {
218     memset(buffer, 0, buffer_len);
219     snprintf(buffer, buffer_len - 1, "%x:%x:%x:%x:%x:%x:%x:%x", ntohs(ip[0]), ntohs(ip[1]), ntohs(ip[2]), ntohs(ip[3]), ntohs(ip[4]), ntohs(ip[5]), ntohs(ip[6]), ntohs(ip[7]));
220     return buffer;
221     }
222    
223     const char *network2keyword(const unsigned int operation)
224     {
225     const char *keyword = "unknown";
226     switch (operation) {
227     case NETWORK_ACL_UDP_BIND:
228     keyword = "UDP bind";
229     break;
230     case NETWORK_ACL_UDP_CONNECT:
231     keyword = "UDP connect";
232     break;
233     case NETWORK_ACL_TCP_BIND:
234     keyword = "TCP bind";
235     break;
236     case NETWORK_ACL_TCP_LISTEN:
237     keyword = "TCP listen";
238     break;
239     case NETWORK_ACL_TCP_CONNECT:
240     keyword = "TCP connect";
241     break;
242     case NETWORK_ACL_TCP_ACCEPT:
243     keyword = "TCP accept";
244     break;
245     case NETWORK_ACL_RAW_BIND:
246     keyword = "RAW bind";
247     break;
248     case NETWORK_ACL_RAW_CONNECT:
249     keyword = "RAW connect";
250     break;
251     }
252     return keyword;
253     }
254    
255 kumaneko 514 static int AddNetworkEntry(const u8 operation, const u8 record_type, const struct address_group_entry *group, const u32 *min_address, const u32 *max_address, const u16 min_port, const u16 max_port, struct domain_info *domain, const struct condition_list *condition, const u8 is_delete)
256 kumaneko 111 {
257     struct acl_info *ptr;
258     int error = -ENOMEM;
259     const u32 min_ip = ntohl(*min_address), max_ip = ntohl(*max_address); /* using host byte order to allow u32 comparison than memcmp().*/
260     if (!domain) return -EINVAL;
261     down(&domain_acl_lock);
262 kumaneko 514 if (!is_delete) {
263 kumaneko 111 if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry;
264     while (1) {
265 kumaneko 328 struct ip_network_acl_record *new_ptr = (struct ip_network_acl_record *) ptr;
266     if (ptr->type == TYPE_IP_NETWORK_ACL && new_ptr->operation_type == operation && new_ptr->record_type == record_type && ptr->cond == condition && new_ptr->min_port == min_port && max_port == new_ptr->max_port) {
267 kumaneko 111 if (record_type == IP_RECORD_TYPE_ADDRESS_GROUP) {
268 kumaneko 328 if (new_ptr->u.group == group) {
269 kumaneko 111 ptr->is_deleted = 0;
270     /* Found. Nothing to do. */
271     error = 0;
272     break;
273     }
274     } else if (record_type == IP_RECORD_TYPE_IPv4) {
275 kumaneko 328 if (new_ptr->u.ipv4.min == min_ip && max_ip == new_ptr->u.ipv4.max) {
276 kumaneko 111 ptr->is_deleted = 0;
277     /* Found. Nothing to do. */
278     error = 0;
279     break;
280     }
281     } else if (record_type == IP_RECORD_TYPE_IPv6) {
282 kumaneko 328 if (memcmp(new_ptr->u.ipv6.min, min_address, 16) == 0 && memcmp(max_address, new_ptr->u.ipv6.max, 16) == 0) {
283 kumaneko 111 ptr->is_deleted = 0;
284     /* Found. Nothing to do. */
285     error = 0;
286     break;
287     }
288     }
289     }
290     if (ptr->next) {
291     ptr = ptr->next;
292     continue;
293     }
294     first_entry: ;
295     /* Not found. Append it to the tail. */
296 kumaneko 214 if ((new_ptr = alloc_element(sizeof(*new_ptr))) == NULL) break;
297 kumaneko 162 new_ptr->head.type = TYPE_IP_NETWORK_ACL;
298 kumaneko 328 new_ptr->operation_type = operation;
299     new_ptr->record_type = record_type;
300 kumaneko 111 new_ptr->head.cond = condition;
301     if (record_type == IP_RECORD_TYPE_ADDRESS_GROUP) {
302     new_ptr->u.group = group;
303     } else if (record_type == IP_RECORD_TYPE_IPv4) {
304     new_ptr->u.ipv4.min = min_ip;
305     new_ptr->u.ipv4.max = max_ip;
306 kumaneko 162 } else {
307 kumaneko 111 memmove(new_ptr->u.ipv6.min, min_address, 16);
308     memmove(new_ptr->u.ipv6.max, max_address, 16);
309     }
310     new_ptr->min_port = min_port;
311     new_ptr->max_port = max_port;
312     error = AddDomainACL(ptr, domain, (struct acl_info *) new_ptr);
313     break;
314     }
315     } else {
316     error = -ENOENT;
317     for (ptr = domain->first_acl_ptr; ptr; ptr = ptr->next) {
318 kumaneko 328 struct ip_network_acl_record *ptr2 = (struct ip_network_acl_record *) ptr;
319     if (ptr->type != TYPE_IP_NETWORK_ACL || ptr->is_deleted || ptr2->operation_type != operation || ptr2->record_type != record_type || ptr->cond != condition || ptr2->min_port != min_port || ptr2->max_port != max_port) continue;
320 kumaneko 111 if (record_type == IP_RECORD_TYPE_ADDRESS_GROUP) {
321 kumaneko 328 if (ptr2->u.group != group) continue;
322 kumaneko 111 } else if (record_type == IP_RECORD_TYPE_IPv4) {
323 kumaneko 328 if (ptr2->u.ipv4.min != min_ip || max_ip != ptr2->u.ipv4.max) continue;
324 kumaneko 111 } else if (record_type == IP_RECORD_TYPE_IPv6) {
325 kumaneko 328 if (memcmp(ptr2->u.ipv6.min, min_address, 16) || memcmp(max_address, ptr2->u.ipv6.max, 16)) continue;
326 kumaneko 111 }
327     error = DelDomainACL(ptr);
328     break;
329     }
330     }
331     up(&domain_acl_lock);
332     return error;
333     }
334    
335 kumaneko 512 static int CheckNetworkEntry(const u8 is_ipv6, const int operation, const u32 *address, const u16 port)
336 kumaneko 111 {
337     struct domain_info * const domain = current->domain_info;
338     struct acl_info *ptr;
339     const char *keyword = network2keyword(operation);
340 kumaneko 512 const u8 is_enforce = CheckCCSEnforce(CCS_TOMOYO_MAC_FOR_NETWORK);
341 kumaneko 111 const u32 ip = ntohl(*address); /* using host byte order to allow u32 comparison than memcmp().*/
342     if (!CheckCCSFlags(CCS_TOMOYO_MAC_FOR_NETWORK)) return 0;
343     for (ptr = domain->first_acl_ptr; ptr; ptr = ptr->next) {
344 kumaneko 328 struct ip_network_acl_record *ptr2 = (struct ip_network_acl_record *) ptr;
345     if (ptr->type != TYPE_IP_NETWORK_ACL || ptr->is_deleted || ptr2->operation_type != operation || port < ptr2->min_port || ptr2->max_port < port || CheckCondition(ptr->cond, NULL)) continue;
346     if (ptr2->record_type == IP_RECORD_TYPE_ADDRESS_GROUP) {
347     if (AddressMatchesToGroup(is_ipv6, address, ptr2->u.group)) break;
348     } else if (ptr2->record_type == IP_RECORD_TYPE_IPv4) {
349     if (!is_ipv6 && ptr2->u.ipv4.min <= ip && ip <= ptr2->u.ipv4.max) break;
350 kumaneko 111 } else {
351 kumaneko 328 if (is_ipv6 && memcmp(ptr2->u.ipv6.min, address, 16) <= 0 && memcmp(address, ptr2->u.ipv6.max, 16) <= 0) break;
352 kumaneko 111 }
353     }
354     if (ptr) {
355     AuditNetworkLog(is_ipv6, keyword, address, port, 1);
356     return 0;
357     }
358     if (TomoyoVerboseMode()) {
359     if (is_ipv6) {
360     char buf[64];
361     print_ipv6(buf, sizeof(buf), (const u16 *) address);
362     printk("TOMOYO-%s: %s to %s %u denied for %s\n", GetMSG(is_enforce), keyword, buf, port, GetLastName(domain));
363     } else {
364     printk("TOMOYO-%s: %s to %u.%u.%u.%u %u denied for %s\n", GetMSG(is_enforce), keyword, HIPQUAD(ip), port, GetLastName(domain));
365     }
366     }
367     AuditNetworkLog(is_ipv6, keyword, address, port, 0);
368     if (is_enforce) {
369     if (is_ipv6) {
370     char buf[64];
371     print_ipv6(buf, sizeof(buf), (const u16 *) address);
372     return CheckSupervisor("%s\n" KEYWORD_ALLOW_NETWORK "%s %s %u\n", domain->domainname->name, keyword, buf, port);
373     }
374     return CheckSupervisor("%s\n" KEYWORD_ALLOW_NETWORK "%s %u.%u.%u.%u %u\n", domain->domainname->name, keyword, HIPQUAD(ip), port);
375     }
376 kumaneko 514 if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_NETWORK, domain)) AddNetworkEntry(operation, is_ipv6 ? IP_RECORD_TYPE_IPv6: IP_RECORD_TYPE_IPv4, NULL, address, address, port, port, domain, NULL, 0);
377 kumaneko 111 return 0;
378     }
379    
380 kumaneko 581 int AddNetworkPolicy(char *data, struct domain_info *domain, const struct condition_list *condition, const u8 is_delete)
381 kumaneko 111 {
382     u8 sock_type, operation, record_type;
383     u16 min_address[8], max_address[8];
384     struct address_group_entry *group = NULL;
385     u16 min_port, max_port;
386     int count;
387     char *cp1 = NULL, *cp2 = NULL;
388     if ((cp1 = strchr(data, ' ')) == NULL) goto out; cp1++;
389     if (strncmp(data, "TCP ", 4) == 0) sock_type = SOCK_STREAM;
390     else if (strncmp(data, "UDP ", 4) == 0) sock_type = SOCK_DGRAM;
391     else if (strncmp(data, "RAW ", 4) == 0) sock_type = SOCK_RAW;
392     else goto out;
393     if ((cp2 = strchr(cp1, ' ')) == NULL) goto out; cp2++;
394     if (strncmp(cp1, "bind ", 5) == 0) {
395     operation = (sock_type == SOCK_STREAM) ? NETWORK_ACL_TCP_BIND : (sock_type == SOCK_DGRAM) ? NETWORK_ACL_UDP_BIND : NETWORK_ACL_RAW_BIND;
396     } else if (strncmp(cp1, "connect ", 8) == 0) {
397     operation = (sock_type == SOCK_STREAM) ? NETWORK_ACL_TCP_CONNECT : (sock_type == SOCK_DGRAM) ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT;
398     } else if (sock_type == SOCK_STREAM && strncmp(cp1, "listen ", 7) == 0) {
399     operation = NETWORK_ACL_TCP_LISTEN;
400     } else if (sock_type == SOCK_STREAM && strncmp(cp1, "accept ", 7) == 0) {
401     operation = NETWORK_ACL_TCP_ACCEPT;
402     } else {
403     goto out;
404     }
405     if ((cp1 = strchr(cp2, ' ')) == NULL) goto out; *cp1++ = '\0';
406     if ((count = sscanf(cp2, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx-%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx",
407     &min_address[0], &min_address[1], &min_address[2], &min_address[3],
408     &min_address[4], &min_address[5], &min_address[6], &min_address[7],
409     &max_address[0], &max_address[1], &max_address[2], &max_address[3],
410     &max_address[4], &max_address[5], &max_address[6], &max_address[7])) == 8 || count == 16) {
411     int i;
412     for (i = 0; i < 8; i++) {
413     min_address[i] = htons(min_address[i]);
414     max_address[i] = htons(max_address[i]);
415     }
416     if (count == 8) memmove(max_address, min_address, sizeof(min_address));
417     record_type = IP_RECORD_TYPE_IPv6;
418     } else if ((count = sscanf(cp2, "%hu.%hu.%hu.%hu-%hu.%hu.%hu.%hu",
419     &min_address[0], &min_address[1], &min_address[2], &min_address[3],
420     &max_address[0], &max_address[1], &max_address[2], &max_address[3])) == 4 || count == 8) {
421     u32 ip = htonl((((u8) min_address[0]) << 24) + (((u8) min_address[1]) << 16) + (((u8) min_address[2]) << 8) + (u8) min_address[3]);
422     * (u32 *) min_address = ip;
423     if (count == 8) ip = htonl((((u8) max_address[0]) << 24) + (((u8) max_address[1]) << 16) + (((u8) max_address[2]) << 8) + (u8) max_address[3]);
424     * (u32 *) max_address = ip;
425     record_type = IP_RECORD_TYPE_IPv4;
426     } else if (*cp2 == '@') {
427     if ((group = FindOrAssignNewAddressGroup(cp2 + 1)) == NULL) return -ENOMEM;
428     record_type = IP_RECORD_TYPE_ADDRESS_GROUP;
429     } else {
430     goto out;
431     }
432     if (strchr(cp1, ' ')) goto out;
433     if ((count = sscanf(cp1, "%hu-%hu", &min_port, &max_port)) == 1 || count == 2) {
434     if (count == 1) max_port = min_port;
435 kumaneko 514 return AddNetworkEntry(operation, record_type, group, (u32 *) min_address, (u32 *) max_address, min_port, max_port, domain, condition, is_delete);
436 kumaneko 111 }
437     out: ;
438     return -EINVAL;
439     }
440    
441 kumaneko 512 int CheckNetworkListenACL(const u8 is_ipv6, const u8 *address, const u16 port)
442 kumaneko 111 {
443     return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_LISTEN, (const u32 *) address, ntohs(port));
444     }
445 kumaneko 223 EXPORT_SYMBOL(CheckNetworkListenACL);
446 kumaneko 111
447 kumaneko 512 int CheckNetworkConnectACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port)
448 kumaneko 111 {
449     return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_CONNECT : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT), (const u32 *) address, ntohs(port));
450     }
451 kumaneko 223 EXPORT_SYMBOL(CheckNetworkConnectACL);
452 kumaneko 111
453 kumaneko 512 int CheckNetworkBindACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port)
454 kumaneko 111 {
455     return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_BIND : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_BIND : NETWORK_ACL_RAW_BIND), (const u32 *) address, ntohs(port));
456     }
457 kumaneko 223 EXPORT_SYMBOL(CheckNetworkBindACL);
458 kumaneko 111
459 kumaneko 512 int CheckNetworkAcceptACL(const u8 is_ipv6, const u8 *address, const u16 port)
460 kumaneko 111 {
461     return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_ACCEPT, (const u32 *) address, ntohs(port));
462     }
463 kumaneko 223 EXPORT_SYMBOL(CheckNetworkAcceptACL);
464 kumaneko 111
465 kumaneko 512 int CheckNetworkSendMsgACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port)
466 kumaneko 111 {
467     return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port));
468     }
469 kumaneko 223 EXPORT_SYMBOL(CheckNetworkSendMsgACL);
470 kumaneko 111
471 kumaneko 512 int CheckNetworkRecvMsgACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port)
472 kumaneko 111 {
473     return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port));
474     }
475     EXPORT_SYMBOL(CheckNetworkRecvMsgACL);
476    
477     /***** TOMOYO Linux end. *****/
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ