オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.6.x/ccs-patch/include/linux/ccs_common.h

Annotation of /trunk/1.6.x/ccs-patch/include/linux/ccs_common.h

Parent Directory Parent Directory | Revision Log Revision Log

Revision 850 - (hide annotations) (download) (as text)
Wed Jan 2 03:47:54 2008 UTC (16 years, 4 months ago) by kumaneko
Original Path: trunk/1.5.x/ccs-patch/include/linux/ccs_common.h
File MIME type: text/x-chdr
File size: 21792 byte(s) 
Change keywords: 4/2/1 -> allow_read/allow_write/allow_execute
1 kumaneko 111 /*
2     * include/linux/ccs_common.h
3     *
4     * Common functions for SAKURA and TOMOYO.
5     *
6 kumaneko 849 * Copyright (C) 2005-2008 NTT DATA CORPORATION
7 kumaneko 111 *
8 kumaneko 849 * Version: 1.5.3-pre 2008/01/02
9 kumaneko 111 *
10     * This file is applicable to both 2.4.30 and 2.6.11 and later.
11     * See README.ccs for ChangeLog.
12     *
13     */
14    
15     #ifndef _LINUX_CCS_COMMON_H
16     #define _LINUX_CCS_COMMON_H
17    
18     #include <linux/string.h>
19     #include <linux/mm.h>
20     #include <linux/utime.h>
21     #include <linux/file.h>
22     #include <linux/smp_lock.h>
23     #include <linux/module.h>
24     #include <linux/init.h>
25     #include <linux/slab.h>
26     #include <linux/poll.h>
27     #include <asm/uaccess.h>
28     #include <stdarg.h>
29     #include <linux/delay.h>
30     #include <linux/version.h>
31     #if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0)
32     #include <linux/kmod.h>
33     #endif
34    
35     #ifndef __user
36     #define __user
37     #endif
38    
39 kumaneko 621 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
40     typedef _Bool bool;
41     #endif
42    
43 kumaneko 652 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 16)
44     #define mutex semaphore
45     #define mutex_init(mutex) init_MUTEX(mutex)
46     #define mutex_lock(mutex) down(mutex)
47     #define mutex_unlock(mutex) up(mutex)
48     #define mutex_lock_interruptible(mutex) down_interruptible(mutex)
49     #define DEFINE_MUTEX(mutexname) DECLARE_MUTEX(mutexname)
50     #endif
51    
52 kumaneko 732 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0)
53     #define container_of(ptr, type, member) ({ \
54     const typeof( ((type *)0)->member ) *__mptr = (ptr); \
55     (type *)( (char *)__mptr - offsetof(type,member) );})
56     #endif
57    
58 kumaneko 722 #if 0
59    
60     #define list1_head list_head
61     #define LIST1_HEAD_INIT LIST_HEAD_INIT
62     #define LIST1_HEAD LIST_HEAD
63     #define INIT_LIST1_HEAD INIT_LIST_HEAD
64     #define list1_entry list_entry
65     #define list1_for_each list_for_each
66     #define list1_for_each_entry list_for_each_entry
67     #define list1_for_each_cookie(pos, cookie, head) \
68     for ((cookie) || ((cookie) = (head)), pos = (cookie)->next; \
69     prefetch(pos->next), pos != (head) || ((cookie) = NULL); \
70     (cookie) = pos, pos = pos->next)
71     static inline void list1_add_tail_mb(struct list1_head *new,
72     struct list1_head *head)
73     {
74     struct list_head *prev = head->prev;
75     struct list_head *next = head;
76     new->next = next;
77     new->prev = prev;
78     mb(); /* Avoid out-of-order execution. */
79     next->prev = new;
80     prev->next = new;
81     }
82    
83     #else /////////////////////////////////////////////////////////////////////////
84    
85     struct list1_head {
86     struct list1_head *next;
87     };
88    
89     #define LIST1_HEAD_INIT(name) { &(name) }
90     #define LIST1_HEAD(name) struct list1_head name = LIST1_HEAD_INIT(name)
91    
92     static inline void INIT_LIST1_HEAD(struct list1_head *list)
93     {
94     list->next = list;
95     }
96    
97 kumaneko 708 /**
98 kumaneko 722 * list1_entry - get the struct for this entry
99     * @ptr: the &struct list1_head pointer.
100     * @type: the type of the struct this is embedded in.
101     * @member: the name of the list1_struct within the struct.
102     */
103     #define list1_entry(ptr, type, member) container_of(ptr, type, member)
104    
105     /**
106     * list1_for_each - iterate over a list
107     * @pos: the &struct list1_head to use as a loop cursor.
108 kumaneko 708 * @head: the head for your list.
109 kumaneko 722 */
110     #define list1_for_each(pos, head) \
111     for (pos = (head)->next; prefetch(pos->next), pos != (head); \
112     pos = pos->next)
113    
114     /**
115     * list1_for_each_entry - iterate over list of given type
116     * @pos: the type * to use as a loop cursor.
117     * @head: the head for your list.
118     * @member: the name of the list1_struct within the struct.
119     */
120     #define list1_for_each_entry(pos, head, member) \
121     for (pos = list1_entry((head)->next, typeof(*pos), member); \
122     prefetch(pos->member.next), &pos->member != (head); \
123     pos = list1_entry(pos->member.next, typeof(*pos), member))
124    
125     /**
126     * list1_for_each_cookie - iterate over a list with cookie.
127     * @pos: the &struct list1_head to use as a loop cursor.
128     * @cookie: the &struct list1_head to use as a cookie.
129     * @head: the head for your list.
130 kumaneko 708 *
131     * Same with list_for_each except that this primitive uses cookie
132     * so that we can continue iteration.
133     */
134 kumaneko 722 #define list1_for_each_cookie(pos, cookie, head) \
135 kumaneko 708 for ((cookie) || ((cookie) = (head)), pos = (cookie)->next; \
136 kumaneko 722 prefetch(pos->next), pos != (head) || ((cookie) = NULL); \
137     (cookie) = pos, pos = pos->next)
138 kumaneko 708
139     /**
140     * list_add_tail_mb - add a new entry with memory barrier.
141     * @new: new entry to be added.
142     * @head: list head to add it before.
143     *
144     * Same with list_add_tail_rcu() except that this primitive uses mb()
145     * so that we can traverse forwards using list_for_each() and
146     * list_for_each_cookie().
147     */
148 kumaneko 722 static inline void list1_add_tail_mb(struct list1_head *new,
149     struct list1_head *head)
150 kumaneko 708 {
151 kumaneko 722 struct list1_head *pos = head;
152     new->next = head;
153 kumaneko 708 mb(); /* Avoid out-of-order execution. */
154 kumaneko 722 while (pos->next != head)
155     pos = pos->next;
156     pos->next = new;
157 kumaneko 708 }
158    
159 kumaneko 722 #endif
160    
161 kumaneko 111 struct mini_stat {
162     uid_t uid;
163     gid_t gid;
164     ino_t ino;
165     };
166     struct dentry;
167     struct vfsmount;
168     struct obj_info {
169 kumaneko 621 bool validate_done;
170     bool path1_valid;
171     bool path1_parent_valid;
172     bool path2_parent_valid;
173 kumaneko 111 struct dentry *path1_dentry;
174     struct vfsmount *path1_vfsmnt;
175     struct dentry *path2_dentry;
176     struct vfsmount *path2_vfsmnt;
177     struct mini_stat path1_stat;
178     /* I don't handle path2_stat for rename operation. */
179     struct mini_stat path1_parent_stat;
180     struct mini_stat path2_parent_stat;
181     };
182    
183     struct path_info {
184     const char *name;
185     u32 hash; /* = full_name_hash(name, strlen(name)) */
186     u16 total_len; /* = strlen(name) */
187     u16 const_len; /* = const_part_length(name) */
188 kumaneko 621 bool is_dir; /* = strendswith(name, "/") */
189     bool is_patterned; /* = PathContainsPattern(name) */
190 kumaneko 111 u16 depth; /* = PathDepth(name) */
191     };
192    
193     #define CCS_MAX_PATHNAME_LEN 4000
194    
195 kumaneko 708 struct path_group_member {
196 kumaneko 722 struct list1_head list;
197 kumaneko 111 const struct path_info *member_name;
198 kumaneko 621 bool is_deleted;
199 kumaneko 214 };
200 kumaneko 111
201 kumaneko 708 struct path_group_entry {
202 kumaneko 722 struct list1_head list;
203 kumaneko 111 const struct path_info *group_name;
204 kumaneko 722 struct list1_head path_group_member_list;
205 kumaneko 214 };
206 kumaneko 111
207 kumaneko 719 struct in6_addr;
208 kumaneko 214 struct address_group_member {
209 kumaneko 722 struct list1_head list;
210 kumaneko 111 union {
211 kumaneko 719 u32 ipv4; /* Host byte order */
212     const struct in6_addr *ipv6; /* Network byte order */
213 kumaneko 111 } min, max;
214 kumaneko 621 bool is_deleted;
215     bool is_ipv6;
216 kumaneko 214 };
217 kumaneko 111
218 kumaneko 214 struct address_group_entry {
219 kumaneko 722 struct list1_head list;
220 kumaneko 111 const struct path_info *group_name;
221 kumaneko 722 struct list1_head address_group_member_list;
222 kumaneko 214 };
223 kumaneko 111
224     /*
225     * TOMOYO uses the following structures.
226     * Memory allocated for these structures are never kfree()ed.
227     * Since no locks are used for reading, assignment must be performed atomically.
228     */
229    
230     /************************* The structure for domains. *************************/
231    
232     struct condition_list;
233    
234     struct acl_info {
235 kumaneko 722 struct list1_head list;
236 kumaneko 111 const struct condition_list *cond;
237     u8 type;
238 kumaneko 621 bool is_deleted;
239 kumaneko 328 } __attribute__((__packed__));
240 kumaneko 111
241     struct domain_info {
242 kumaneko 722 struct list1_head list;
243     struct list1_head acl_info_list;
244 kumaneko 111 const struct path_info *domainname; /* Name of this domain. Never NULL. */
245     u8 profile; /* Profile to use. */
246     u8 is_deleted; /* Delete flag. */
247 kumaneko 621 bool quota_warned; /* Quota warnning done flag. */
248 kumaneko 111 };
249    
250     #define MAX_PROFILES 256
251    
252 kumaneko 214 struct argv0_acl_record {
253 kumaneko 111 struct acl_info head; /* type = TYPE_ARGV0_ACL */
254     const struct path_info *filename; /* Pointer to single pathname. */
255     const struct path_info *argv0; /* strrchr(argv[0], '/') + 1 */
256 kumaneko 214 };
257 kumaneko 111
258 kumaneko 581 struct env_acl_record {
259     struct acl_info head; /* type = TYPE_ENV_ACL */
260     const struct path_info *env; /* environment variable */
261     };
262    
263 kumaneko 214 struct capability_acl_record {
264 kumaneko 328 struct acl_info head; /* type = TYPE_CAPABILITY_ACL */
265 kumaneko 849 u32 capability;
266 kumaneko 214 };
267 kumaneko 111
268 kumaneko 214 struct signal_acl_record {
269 kumaneko 328 struct acl_info head; /* type = TYPE_SIGNAL_ACL */
270     u16 sig;
271     const struct path_info *domainname; /* Pointer to destination pattern. */
272 kumaneko 214 };
273 kumaneko 111
274 kumaneko 214 struct single_acl_record {
275 kumaneko 849 struct acl_info head; /* type = TYPE_SINGLE_PATH_ACL */
276 kumaneko 621 bool u_is_group;
277 kumaneko 111 union {
278 kumaneko 708 const struct path_info *filename; /* Pointer to single pathname. */
279     const struct path_group_entry *group; /* Pointer to pathname group. */
280 kumaneko 111 } u;
281 kumaneko 849 u16 perm;
282 kumaneko 214 };
283 kumaneko 111
284 kumaneko 214 struct double_acl_record {
285 kumaneko 849 struct acl_info head; /* type = TYPE_DOUBLE_PATH_ACL */
286 kumaneko 621 bool u1_is_group;
287     bool u2_is_group;
288 kumaneko 111 union {
289 kumaneko 708 const struct path_info *filename1; /* Pointer to single pathname. */
290     const struct path_group_entry *group1; /* Pointer to pathname group. */
291 kumaneko 111 } u1;
292     union {
293 kumaneko 708 const struct path_info *filename2; /* Pointer to single pathname. */
294     const struct path_group_entry *group2; /* Pointer to pathname group. */
295 kumaneko 111 } u2;
296 kumaneko 849 u8 perm;
297 kumaneko 214 };
298 kumaneko 111
299     #define IP_RECORD_TYPE_ADDRESS_GROUP 0
300     #define IP_RECORD_TYPE_IPv4 1
301     #define IP_RECORD_TYPE_IPv6 2
302    
303 kumaneko 214 struct ip_network_acl_record {
304 kumaneko 328 struct acl_info head; /* type = TYPE_IP_NETWORK_ACL */
305     u8 operation_type;
306     u8 record_type; /* IP_RECORD_TYPE_* */
307 kumaneko 111 union {
308     struct {
309     u32 min; /* Start of IPv4 address range. Host endian. */
310     u32 max; /* End of IPv4 address range. Host endian. */
311     } ipv4;
312     struct {
313 kumaneko 719 const struct in6_addr *min; /* Start of IPv6 address range. Big endian. */
314     const struct in6_addr *max; /* End of IPv6 address range. Big endian. */
315 kumaneko 111 } ipv6;
316     const struct address_group_entry *group; /* Pointer to address group. */
317     } u;
318     u16 min_port; /* Start of port number range. */
319     u16 max_port; /* End of port number range. */
320 kumaneko 214 };
321 kumaneko 111
322     /************************* Keywords for ACLs. *************************/
323    
324     #define KEYWORD_ADDRESS_GROUP "address_group "
325     #define KEYWORD_ADDRESS_GROUP_LEN (sizeof(KEYWORD_ADDRESS_GROUP) - 1)
326     #define KEYWORD_AGGREGATOR "aggregator "
327     #define KEYWORD_AGGREGATOR_LEN (sizeof(KEYWORD_AGGREGATOR) - 1)
328     #define KEYWORD_ALIAS "alias "
329     #define KEYWORD_ALIAS_LEN (sizeof(KEYWORD_ALIAS) - 1)
330     #define KEYWORD_ALLOW_ARGV0 "allow_argv0 "
331     #define KEYWORD_ALLOW_ARGV0_LEN (sizeof(KEYWORD_ALLOW_ARGV0) - 1)
332     #define KEYWORD_ALLOW_CAPABILITY "allow_capability "
333     #define KEYWORD_ALLOW_CAPABILITY_LEN (sizeof(KEYWORD_ALLOW_CAPABILITY) - 1)
334     #define KEYWORD_ALLOW_CHROOT "allow_chroot "
335     #define KEYWORD_ALLOW_CHROOT_LEN (sizeof(KEYWORD_ALLOW_CHROOT) - 1)
336 kumaneko 581 #define KEYWORD_ALLOW_ENV "allow_env "
337     #define KEYWORD_ALLOW_ENV_LEN (sizeof(KEYWORD_ALLOW_ENV) - 1)
338 kumaneko 111 #define KEYWORD_ALLOW_MOUNT "allow_mount "
339     #define KEYWORD_ALLOW_MOUNT_LEN (sizeof(KEYWORD_ALLOW_MOUNT) - 1)
340     #define KEYWORD_ALLOW_NETWORK "allow_network "
341     #define KEYWORD_ALLOW_NETWORK_LEN (sizeof(KEYWORD_ALLOW_NETWORK) - 1)
342 kumaneko 141 #define KEYWORD_ALLOW_PIVOT_ROOT "allow_pivot_root "
343     #define KEYWORD_ALLOW_PIVOT_ROOT_LEN (sizeof(KEYWORD_ALLOW_PIVOT_ROOT) - 1)
344 kumaneko 111 #define KEYWORD_ALLOW_READ "allow_read "
345     #define KEYWORD_ALLOW_READ_LEN (sizeof(KEYWORD_ALLOW_READ) - 1)
346     #define KEYWORD_ALLOW_SIGNAL "allow_signal "
347     #define KEYWORD_ALLOW_SIGNAL_LEN (sizeof(KEYWORD_ALLOW_SIGNAL) - 1)
348     #define KEYWORD_DELETE "delete "
349     #define KEYWORD_DELETE_LEN (sizeof(KEYWORD_DELETE) - 1)
350     #define KEYWORD_DENY_AUTOBIND "deny_autobind "
351     #define KEYWORD_DENY_AUTOBIND_LEN (sizeof(KEYWORD_DENY_AUTOBIND) - 1)
352     #define KEYWORD_DENY_REWRITE "deny_rewrite "
353     #define KEYWORD_DENY_REWRITE_LEN (sizeof(KEYWORD_DENY_REWRITE) - 1)
354     #define KEYWORD_DENY_UNMOUNT "deny_unmount "
355     #define KEYWORD_DENY_UNMOUNT_LEN (sizeof(KEYWORD_DENY_UNMOUNT) - 1)
356     #define KEYWORD_FILE_PATTERN "file_pattern "
357     #define KEYWORD_FILE_PATTERN_LEN (sizeof(KEYWORD_FILE_PATTERN) - 1)
358     #define KEYWORD_INITIALIZE_DOMAIN "initialize_domain "
359     #define KEYWORD_INITIALIZE_DOMAIN_LEN (sizeof(KEYWORD_INITIALIZE_DOMAIN) - 1)
360     #define KEYWORD_KEEP_DOMAIN "keep_domain "
361     #define KEYWORD_KEEP_DOMAIN_LEN (sizeof(KEYWORD_KEEP_DOMAIN) - 1)
362     #define KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain "
363     #define KEYWORD_NO_INITIALIZE_DOMAIN_LEN (sizeof(KEYWORD_NO_INITIALIZE_DOMAIN) - 1)
364     #define KEYWORD_NO_KEEP_DOMAIN "no_keep_domain "
365     #define KEYWORD_NO_KEEP_DOMAIN_LEN (sizeof(KEYWORD_NO_KEEP_DOMAIN) - 1)
366     #define KEYWORD_PATH_GROUP "path_group "
367     #define KEYWORD_PATH_GROUP_LEN (sizeof(KEYWORD_PATH_GROUP) - 1)
368     #define KEYWORD_SELECT "select "
369     #define KEYWORD_SELECT_LEN (sizeof(KEYWORD_SELECT) - 1)
370     #define KEYWORD_UNDELETE "undelete "
371     #define KEYWORD_UNDELETE_LEN (sizeof(KEYWORD_UNDELETE) - 1)
372    
373     #define KEYWORD_USE_PROFILE "use_profile "
374    
375     #define KEYWORD_MAC_FOR_CAPABILITY "MAC_FOR_CAPABILITY::"
376     #define KEYWORD_MAC_FOR_CAPABILITY_LEN (sizeof(KEYWORD_MAC_FOR_CAPABILITY) - 1)
377    
378     #define ROOT_NAME "<kernel>" /* A domain definition starts with <kernel> . */
379     #define ROOT_NAME_LEN (sizeof(ROOT_NAME) - 1)
380    
381     /************************* Index numbers for Access Controls. *************************/
382    
383 kumaneko 418 #define CCS_PROFILE_COMMENT 0 /* profile.conf */
384     #define CCS_TOMOYO_MAC_FOR_FILE 1 /* domain_policy.conf */
385     #define CCS_TOMOYO_MAC_FOR_ARGV0 2 /* domain_policy.conf */
386 kumaneko 581 #define CCS_TOMOYO_MAC_FOR_ENV 3 /* domain_policy.conf */
387     #define CCS_TOMOYO_MAC_FOR_NETWORK 4 /* domain_policy.conf */
388     #define CCS_TOMOYO_MAC_FOR_SIGNAL 5 /* domain_policy.conf */
389     #define CCS_SAKURA_DENY_CONCEAL_MOUNT 6
390     #define CCS_SAKURA_RESTRICT_CHROOT 7 /* system_policy.conf */
391     #define CCS_SAKURA_RESTRICT_MOUNT 8 /* system_policy.conf */
392     #define CCS_SAKURA_RESTRICT_UNMOUNT 9 /* system_policy.conf */
393     #define CCS_SAKURA_RESTRICT_PIVOT_ROOT 10 /* system_policy.conf */
394     #define CCS_SAKURA_RESTRICT_AUTOBIND 11 /* system_policy.conf */
395     #define CCS_TOMOYO_MAX_ACCEPT_ENTRY 12
396     #define CCS_TOMOYO_MAX_GRANT_LOG 13
397     #define CCS_TOMOYO_MAX_REJECT_LOG 14
398     #define CCS_TOMOYO_VERBOSE 15
399     #define CCS_ALLOW_ENFORCE_GRACE 16
400 kumaneko 708 #define CCS_SLEEP_PERIOD 17 /* profile.conf */
401     #define CCS_TOMOYO_ALT_EXEC 18 /* profile.conf */
402     #define CCS_MAX_CONTROL_INDEX 19
403 kumaneko 111
404     /************************* Index numbers for updates counter. *************************/
405    
406     #define CCS_UPDATES_COUNTER_SYSTEM_POLICY 0
407     #define CCS_UPDATES_COUNTER_DOMAIN_POLICY 1
408     #define CCS_UPDATES_COUNTER_EXCEPTION_POLICY 2
409 kumaneko 418 #define CCS_UPDATES_COUNTER_PROFILE 3
410 kumaneko 111 #define CCS_UPDATES_COUNTER_QUERY 4
411     #define CCS_UPDATES_COUNTER_MANAGER 5
412     #define CCS_UPDATES_COUNTER_GRANT_LOG 6
413     #define CCS_UPDATES_COUNTER_REJECT_LOG 7
414     #define MAX_CCS_UPDATES_COUNTER 8
415    
416     /************************* The structure for /proc interfaces. *************************/
417    
418 kumaneko 214 struct io_buffer {
419 kumaneko 111 int (*read) (struct io_buffer *);
420 kumaneko 652 struct mutex read_sem;
421 kumaneko 111 int (*write) (struct io_buffer *);
422 kumaneko 652 struct mutex write_sem;
423 kumaneko 111 int (*poll) (struct file *file, poll_table *wait);
424 kumaneko 722 struct list1_head *read_var1; /* The position currently reading from. */
425     struct list1_head *read_var2; /* Extra variables for reading. */
426 kumaneko 111 struct domain_info *write_var1; /* The position currently writing to. */
427     int read_step; /* The step for reading. */
428     char *read_buf; /* Buffer for reading. */
429 kumaneko 849 bool read_eof; /* EOF flag for reading. */
430     u8 read_bit; /* Extra variable for reading. */
431 kumaneko 111 int read_avail; /* Bytes available for reading. */
432     int readbuf_size; /* Size of read buffer. */
433     char *write_buf; /* Buffer for writing. */
434     int write_avail; /* Bytes available for writing. */
435     int writebuf_size; /* Size of write buffer. */
436 kumaneko 214 };
437 kumaneko 111
438     /************************* PROTOTYPES *************************/
439    
440 kumaneko 815 char *InitAuditLog(int *len, const u8 profile, const unsigned int mode);
441 kumaneko 214 void *ccs_alloc(const size_t size);
442 kumaneko 719 char *print_ipv6(char *buffer, const int buffer_len, const struct in6_addr *ip);
443 kumaneko 708 const char *GetAltExec(void);
444 kumaneko 111 const char *GetEXE(void);
445     const char *GetLastName(const struct domain_info *domain);
446 kumaneko 621 const char *GetMSG(const bool is_enforce);
447 kumaneko 111 const char *capability2keyword(const unsigned int capability);
448 kumaneko 849 const char *dp_operation2keyword(const unsigned int operation);
449     const char *sp_operation2keyword(const unsigned int operation);
450 kumaneko 111 const char *network2keyword(const unsigned int operation);
451     const struct condition_list *FindOrAssignNewCondition(const char *condition);
452 kumaneko 621 int AddAddressGroupPolicy(char *data, const bool is_delete);
453     int AddAggregatorPolicy(char *data, const bool is_delete);
454     int AddAliasPolicy(char *data, const bool is_delete);
455     int AddArgv0Policy(char *data, struct domain_info *domain, const struct condition_list *condition, const bool is_delete);
456     int AddCapabilityPolicy(char *data, struct domain_info *domain, const struct condition_list *condition, const bool is_delete);
457     int AddChrootPolicy(char *data, const bool is_delete);
458 kumaneko 708 int AddDomainACL(struct domain_info *domain, struct acl_info *acl);
459 kumaneko 621 int AddDomainInitializerPolicy(char *data, const bool is_not, const bool is_delete);
460     int AddDomainKeeperPolicy(char *data, const bool is_not, const bool is_delete);
461     int AddEnvPolicy(char *data, struct domain_info *domain, const struct condition_list *condition, const bool is_delete);
462     int AddFilePolicy(char *data, struct domain_info *domain, const struct condition_list *condition, const bool is_delete);
463     int AddGloballyReadablePolicy(char *data, const bool is_delete);
464     int AddGloballyUsableEnvPolicy(char *env, const bool is_delete);
465     int AddMountPolicy(char *data, const bool is_delete);
466     int AddNetworkPolicy(char *data, struct domain_info *domain, const struct condition_list *condition, const bool is_delete);
467     int AddNoRewritePolicy(char *pattern, const bool is_delete);
468     int AddNoUmountPolicy(char *data, const bool is_delete);
469 kumaneko 708 int AddPathGroupPolicy(char *data, const bool is_delete);
470 kumaneko 621 int AddPatternPolicy(char *data, const bool is_delete);
471     int AddPivotRootPolicy(char *data, const bool is_delete);
472     int AddReservedPortPolicy(char *data, const bool is_delete);
473     int AddSignalPolicy(char *data, struct domain_info *domain, const struct condition_list *condition, const bool is_delete);
474 kumaneko 111 int CCS_CloseControl(struct file *file);
475     int CCS_OpenControl(const int type, struct file *file);
476     int CCS_PollControl(struct file *file, poll_table *wait);
477     int CCS_ReadControl(struct file *file, char __user *buffer, const int buffer_len);
478     int CCS_WriteControl(struct file *file, const char __user *buffer, const int buffer_len);
479 kumaneko 621 int CanSaveAuditLog(const bool is_granted);
480 kumaneko 111 int CheckCondition(const struct condition_list *condition, struct obj_info *obj_info);
481     int CheckSupervisor(const char *fmt, ...) __attribute__ ((format(printf, 1, 2)));
482     int DelDomainACL(struct acl_info *ptr);
483     int DeleteDomain(char *data);
484 kumaneko 214 int DumpCondition(struct io_buffer *head, const struct condition_list *ptr);
485 kumaneko 621 bool IsCorrectDomain(const unsigned char *domainname, const char *function);
486     bool IsCorrectPath(const char *filename, const int start_type, const int pattern_type, const int end_type, const char *function);
487     bool IsDomainDef(const unsigned char *buffer);
488 kumaneko 111 int PathMatchesToPattern(const struct path_info *pathname0, const struct path_info *pattern0);
489     int PollGrantLog(struct file *file, poll_table *wait);
490     int PollRejectLog(struct file *file, poll_table *wait);
491 kumaneko 214 int ReadAddressGroupPolicy(struct io_buffer *head);
492     int ReadAggregatorPolicy(struct io_buffer *head);
493     int ReadAliasPolicy(struct io_buffer *head);
494     int ReadCapabilityStatus(struct io_buffer *head);
495     int ReadChrootPolicy(struct io_buffer *head);
496     int ReadDomainInitializerPolicy(struct io_buffer *head);
497     int ReadDomainKeeperPolicy(struct io_buffer *head);
498     int ReadGloballyReadablePolicy(struct io_buffer *head);
499 kumaneko 581 int ReadGloballyUsableEnvPolicy(struct io_buffer *head);
500 kumaneko 214 int ReadGrantLog(struct io_buffer *head);
501     int ReadMountPolicy(struct io_buffer *head);
502     int ReadNoRewritePolicy(struct io_buffer *head);
503     int ReadNoUmountPolicy(struct io_buffer *head);
504 kumaneko 708 int ReadPathGroupPolicy(struct io_buffer *head);
505 kumaneko 214 int ReadPatternPolicy(struct io_buffer *head);
506     int ReadPivotRootPolicy(struct io_buffer *head);
507     int ReadRejectLog(struct io_buffer *head);
508     int ReadReservedPortPolicy(struct io_buffer *head);
509 kumaneko 111 int SetCapabilityStatus(const char *data, unsigned int value, const unsigned int profile);
510 kumaneko 621 int WriteAuditLog(char *log, const bool is_granted);
511 kumaneko 214 int io_printf(struct io_buffer *head, const char *fmt, ...) __attribute__ ((format(printf, 2, 3)));
512 kumaneko 111 struct domain_info *FindDomain(const char *domainname);
513     struct domain_info *FindOrAssignNewDomain(const char *domainname, const u8 profile);
514     struct domain_info *UndeleteDomain(const char *domainname0);
515 kumaneko 815 bool CheckCCSQuota(struct domain_info * const domain);
516 kumaneko 111 unsigned int CheckCCSFlags(const unsigned int index);
517 kumaneko 621 bool CheckDomainQuota(struct domain_info * const domain);
518     bool TomoyoVerboseMode(void);
519 kumaneko 111 void UpdateCounter(const unsigned char index);
520     void ccs_free(const void *p);
521     void fill_path_info(struct path_info *ptr);
522    
523 kumaneko 621 static inline bool pathcmp(const struct path_info *a, const struct path_info *b)
524 kumaneko 111 {
525     return a->hash != b->hash || strcmp(a->name, b->name);
526     }
527 kumaneko 708
528 kumaneko 722 extern struct list1_head domain_list;
529 kumaneko 708
530 kumaneko 111 #endif
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ