24 |
|
|
25 |
/************************* AUDIT FUNCTIONS *************************/ |
/************************* AUDIT FUNCTIONS *************************/ |
26 |
|
|
27 |
static int AuditNetworkLog(const u8 is_ipv6, const char *operation, const u32 *address, const u16 port, const u8 is_granted) |
static int AuditNetworkLog(const bool is_ipv6, const char *operation, const u32 *address, const u16 port, const bool is_granted) |
28 |
{ |
{ |
29 |
char *buf; |
char *buf; |
30 |
int len = 256; |
int len = 256; |
45 |
|
|
46 |
static struct address_group_entry *group_list = NULL; |
static struct address_group_entry *group_list = NULL; |
47 |
|
|
48 |
static int AddAddressGroupEntry(const char *group_name, const u8 is_ipv6, const u16 *min_address, const u16 *max_address, const u8 is_delete) |
static int AddAddressGroupEntry(const char *group_name, const bool is_ipv6, const u16 *min_address, const u16 *max_address, const bool is_delete) |
49 |
{ |
{ |
50 |
static DECLARE_MUTEX(lock); |
static DECLARE_MUTEX(lock); |
51 |
struct address_group_entry *new_group, *group; |
struct address_group_entry *new_group, *group; |
106 |
return error; |
return error; |
107 |
} |
} |
108 |
|
|
109 |
int AddAddressGroupPolicy(char *data, const u8 is_delete) |
int AddAddressGroupPolicy(char *data, const bool is_delete) |
110 |
{ |
{ |
111 |
int count, is_ipv6; |
int count, is_ipv6; |
112 |
u16 min_address[8], max_address[8]; |
u16 min_address[8], max_address[8]; |
156 |
return NULL; |
return NULL; |
157 |
} |
} |
158 |
|
|
159 |
static int AddressMatchesToGroup(const u8 is_ipv6, const u32 *address, const struct address_group_entry *group) |
static int AddressMatchesToGroup(const bool is_ipv6, const u32 *address, const struct address_group_entry *group) |
160 |
{ |
{ |
161 |
struct address_group_member *member; |
struct address_group_member *member; |
162 |
const u32 ip = ntohl(*address); |
const u32 ip = ntohl(*address); |
252 |
return keyword; |
return keyword; |
253 |
} |
} |
254 |
|
|
255 |
static int AddNetworkEntry(const u8 operation, const u8 record_type, const struct address_group_entry *group, const u32 *min_address, const u32 *max_address, const u16 min_port, const u16 max_port, struct domain_info *domain, const struct condition_list *condition, const u8 is_delete) |
static int AddNetworkEntry(const u8 operation, const u8 record_type, const struct address_group_entry *group, const u32 *min_address, const u32 *max_address, const u16 min_port, const u16 max_port, struct domain_info *domain, const struct condition_list *condition, const bool is_delete) |
256 |
{ |
{ |
257 |
struct acl_info *ptr; |
struct acl_info *ptr; |
258 |
int error = -ENOMEM; |
int error = -ENOMEM; |
332 |
return error; |
return error; |
333 |
} |
} |
334 |
|
|
335 |
static int CheckNetworkEntry(const u8 is_ipv6, const int operation, const u32 *address, const u16 port) |
static int CheckNetworkEntry(const bool is_ipv6, const int operation, const u32 *address, const u16 port) |
336 |
{ |
{ |
337 |
struct domain_info * const domain = current->domain_info; |
struct domain_info * const domain = current->domain_info; |
338 |
struct acl_info *ptr; |
struct acl_info *ptr; |
339 |
const char *keyword = network2keyword(operation); |
const char *keyword = network2keyword(operation); |
340 |
const u8 is_enforce = CheckCCSEnforce(CCS_TOMOYO_MAC_FOR_NETWORK); |
const bool is_enforce = CheckCCSEnforce(CCS_TOMOYO_MAC_FOR_NETWORK); |
341 |
const u32 ip = ntohl(*address); /* using host byte order to allow u32 comparison than memcmp().*/ |
const u32 ip = ntohl(*address); /* using host byte order to allow u32 comparison than memcmp().*/ |
342 |
if (!CheckCCSFlags(CCS_TOMOYO_MAC_FOR_NETWORK)) return 0; |
if (!CheckCCSFlags(CCS_TOMOYO_MAC_FOR_NETWORK)) return 0; |
343 |
for (ptr = domain->first_acl_ptr; ptr; ptr = ptr->next) { |
for (ptr = domain->first_acl_ptr; ptr; ptr = ptr->next) { |
377 |
return 0; |
return 0; |
378 |
} |
} |
379 |
|
|
380 |
int AddNetworkPolicy(char *data, struct domain_info *domain, const struct condition_list *condition, const u8 is_delete) |
int AddNetworkPolicy(char *data, struct domain_info *domain, const struct condition_list *condition, const bool is_delete) |
381 |
{ |
{ |
382 |
u8 sock_type, operation, record_type; |
u8 sock_type, operation, record_type; |
383 |
u16 min_address[8], max_address[8]; |
u16 min_address[8], max_address[8]; |