オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.6.x/ccs-patch/fs/tomoyo_network.c

Diff of /trunk/1.6.x/ccs-patch/fs/tomoyo_network.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 621 by kumaneko, Sat Oct 27 08:11:13 2007 UTC revision 652 by kumaneko, Mon Nov 5 07:48:31 2007 UTC
# Line 20  Line 20 
20    
21  /*************************  VARIABLES  *************************/  /*************************  VARIABLES  *************************/
22    
23  extern struct semaphore domain_acl_lock;  extern struct mutex domain_acl_lock;
24    
25  /*************************  AUDIT FUNCTIONS  *************************/  /*************************  AUDIT FUNCTIONS  *************************/
26    
# Line 47  static struct address_group_entry *group Line 47  static struct address_group_entry *group
47    
48  static int AddAddressGroupEntry(const char *group_name, const bool is_ipv6, const u16 *min_address, const u16 *max_address, const bool is_delete)  static int AddAddressGroupEntry(const char *group_name, const bool is_ipv6, const u16 *min_address, const u16 *max_address, const bool is_delete)
49  {  {
50          static DECLARE_MUTEX(lock);          static DEFINE_MUTEX(lock);
51          struct address_group_entry *new_group, *group;          struct address_group_entry *new_group, *group;
52          struct address_group_member *new_member, *member;          struct address_group_member *new_member, *member;
53          const struct path_info *saved_group_name;          const struct path_info *saved_group_name;
54          int error = -ENOMEM;          int error = -ENOMEM;
55          if (!IsCorrectPath(group_name, 0, 0, 0, __FUNCTION__) || !group_name[0]) return -EINVAL;          if (!IsCorrectPath(group_name, 0, 0, 0, __FUNCTION__) || !group_name[0]) return -EINVAL;
56          if ((saved_group_name = SaveName(group_name)) == NULL) return -ENOMEM;          if ((saved_group_name = SaveName(group_name)) == NULL) return -ENOMEM;
57          down(&lock);          mutex_lock(&lock);
58          for (group = group_list; group; group = group->next) {          for (group = group_list; group; group = group->next) {
59                  if (saved_group_name != group->group_name) continue;                  if (saved_group_name != group->group_name) continue;
60                  for (member = group->first_member; member; member = member->next) {                  for (member = group->first_member; member; member = member->next) {
# Line 102  static int AddAddressGroupEntry(const ch Line 102  static int AddAddressGroupEntry(const ch
102          }          }
103          error = 0;          error = 0;
104   out:   out:
105          up(&lock);          mutex_unlock(&lock);
106          return error;          return error;
107  }  }
108    
# Line 258  static int AddNetworkEntry(const u8 oper Line 258  static int AddNetworkEntry(const u8 oper
258          int error = -ENOMEM;          int error = -ENOMEM;
259          const u32 min_ip = ntohl(*min_address), max_ip = ntohl(*max_address); /* using host byte order to allow u32 comparison than memcmp().*/          const u32 min_ip = ntohl(*min_address), max_ip = ntohl(*max_address); /* using host byte order to allow u32 comparison than memcmp().*/
260          if (!domain) return -EINVAL;          if (!domain) return -EINVAL;
261          down(&domain_acl_lock);          mutex_lock(&domain_acl_lock);
262          if (!is_delete) {          if (!is_delete) {
263                  if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry;                  if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry;
264                  while (1) {                  while (1) {
# Line 328  static int AddNetworkEntry(const u8 oper Line 328  static int AddNetworkEntry(const u8 oper
328                          break;                          break;
329                  }                  }
330          }          }
331          up(&domain_acl_lock);          mutex_unlock(&domain_acl_lock);
332          return error;          return error;
333  }  }
334    
# Line 438  int AddNetworkPolicy(char *data, struct Line 438  int AddNetworkPolicy(char *data, struct
438          return -EINVAL;          return -EINVAL;
439  }  }
440    
441  int CheckNetworkListenACL(const u8 is_ipv6, const u8 *address, const u16 port)  int CheckNetworkListenACL(const _Bool is_ipv6, const u8 *address, const u16 port)
442  {  {
443          return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_LISTEN, (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_LISTEN, (const u32 *) address, ntohs(port));
444  }  }
445  EXPORT_SYMBOL(CheckNetworkListenACL);  EXPORT_SYMBOL(CheckNetworkListenACL);
446    
447  int CheckNetworkConnectACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port)  int CheckNetworkConnectACL(const _Bool is_ipv6, const int sock_type, const u8 *address, const u16 port)
448  {  {
449          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_CONNECT : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT), (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_CONNECT : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT), (const u32 *) address, ntohs(port));
450  }  }
451  EXPORT_SYMBOL(CheckNetworkConnectACL);  EXPORT_SYMBOL(CheckNetworkConnectACL);
452    
453  int CheckNetworkBindACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port)  int CheckNetworkBindACL(const _Bool is_ipv6, const int sock_type, const u8 *address, const u16 port)
454  {  {
455          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_BIND : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_BIND : NETWORK_ACL_RAW_BIND), (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_BIND : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_BIND : NETWORK_ACL_RAW_BIND), (const u32 *) address, ntohs(port));
456  }  }
457  EXPORT_SYMBOL(CheckNetworkBindACL);  EXPORT_SYMBOL(CheckNetworkBindACL);
458    
459  int CheckNetworkAcceptACL(const u8 is_ipv6, const u8 *address, const u16 port)  int CheckNetworkAcceptACL(const _Bool is_ipv6, const u8 *address, const u16 port)
460  {  {
461          return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_ACCEPT, (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_ACCEPT, (const u32 *) address, ntohs(port));
462  }  }
463  EXPORT_SYMBOL(CheckNetworkAcceptACL);  EXPORT_SYMBOL(CheckNetworkAcceptACL);
464    
465  int CheckNetworkSendMsgACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port)  int CheckNetworkSendMsgACL(const _Bool is_ipv6, const int sock_type, const u8 *address, const u16 port)
466  {  {
467          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port));
468  }  }
469  EXPORT_SYMBOL(CheckNetworkSendMsgACL);  EXPORT_SYMBOL(CheckNetworkSendMsgACL);
470    
471  int CheckNetworkRecvMsgACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port)  int CheckNetworkRecvMsgACL(const _Bool is_ipv6, const int sock_type, const u8 *address, const u16 port)
472  {  {
473          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port));          return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port));
474  }  }
Legend:
Removed from v.621  
changed lines
  Added in v.652
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ