1 |
/* |
2 |
* include/linux/ccs_common.h |
3 |
* |
4 |
* Common functions for SAKURA and TOMOYO. |
5 |
* |
6 |
* Copyright (C) 2005-2007 NTT DATA CORPORATION |
7 |
* |
8 |
* Version: 1.3.3 2007/04/01 |
9 |
* |
10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
11 |
* See README.ccs for ChangeLog. |
12 |
* |
13 |
*/ |
14 |
|
15 |
#ifndef _LINUX_CCS_COMMON_H |
16 |
#define _LINUX_CCS_COMMON_H |
17 |
|
18 |
#include <linux/string.h> |
19 |
#include <linux/mm.h> |
20 |
#include <linux/utime.h> |
21 |
#include <linux/file.h> |
22 |
#include <linux/smp_lock.h> |
23 |
#include <linux/module.h> |
24 |
#include <linux/init.h> |
25 |
#include <linux/slab.h> |
26 |
#include <linux/poll.h> |
27 |
#include <asm/uaccess.h> |
28 |
#include <stdarg.h> |
29 |
#include <linux/delay.h> |
30 |
#include <linux/version.h> |
31 |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0) |
32 |
#include <linux/kmod.h> |
33 |
#endif |
34 |
|
35 |
#ifndef __user |
36 |
#define __user |
37 |
#endif |
38 |
|
39 |
struct mini_stat { |
40 |
uid_t uid; |
41 |
gid_t gid; |
42 |
ino_t ino; |
43 |
}; |
44 |
struct dentry; |
45 |
struct vfsmount; |
46 |
struct obj_info { |
47 |
u8 validate_done; |
48 |
u8 path1_valid; |
49 |
u8 path1_parent_valid; |
50 |
u8 path2_parent_valid; |
51 |
struct dentry *path1_dentry; |
52 |
struct vfsmount *path1_vfsmnt; |
53 |
struct dentry *path2_dentry; |
54 |
struct vfsmount *path2_vfsmnt; |
55 |
struct mini_stat path1_stat; |
56 |
/* I don't handle path2_stat for rename operation. */ |
57 |
struct mini_stat path1_parent_stat; |
58 |
struct mini_stat path2_parent_stat; |
59 |
}; |
60 |
|
61 |
struct path_info { |
62 |
const char *name; |
63 |
u32 hash; /* = full_name_hash(name, strlen(name)) */ |
64 |
u16 total_len; /* = strlen(name) */ |
65 |
u16 const_len; /* = const_part_length(name) */ |
66 |
u8 is_dir; /* = strendswith(name, "/") */ |
67 |
u8 is_patterned; /* = PathContainsPattern(name) */ |
68 |
u16 depth; /* = PathDepth(name) */ |
69 |
}; |
70 |
|
71 |
#define CCS_MAX_PATHNAME_LEN 4000 |
72 |
|
73 |
typedef struct group_member { |
74 |
struct group_member *next; |
75 |
const struct path_info *member_name; |
76 |
int is_deleted; |
77 |
} GROUP_MEMBER; |
78 |
|
79 |
typedef struct group_entry { |
80 |
struct group_entry *next; |
81 |
const struct path_info *group_name; |
82 |
GROUP_MEMBER *first_member; |
83 |
} GROUP_ENTRY; |
84 |
|
85 |
typedef struct address_group_member { |
86 |
struct address_group_member *next; |
87 |
union { |
88 |
u32 ipv4; /* Host byte order */ |
89 |
u16 ipv6[8]; /* Network byte order */ |
90 |
} min, max; |
91 |
u8 is_deleted; |
92 |
u8 is_ipv6; |
93 |
} ADDRESS_GROUP_MEMBER; |
94 |
|
95 |
typedef struct address_group_entry { |
96 |
struct address_group_entry *next; |
97 |
const struct path_info *group_name; |
98 |
ADDRESS_GROUP_MEMBER *first_member; |
99 |
} ADDRESS_GROUP_ENTRY; |
100 |
|
101 |
/* |
102 |
* TOMOYO uses the following structures. |
103 |
* Memory allocated for these structures are never kfree()ed. |
104 |
* Since no locks are used for reading, assignment must be performed atomically. |
105 |
*/ |
106 |
|
107 |
/************************* The structure for domains. *************************/ |
108 |
|
109 |
struct condition_list; |
110 |
|
111 |
struct acl_info { |
112 |
struct acl_info *next; |
113 |
const struct condition_list *cond; |
114 |
u8 type; |
115 |
u8 is_deleted; |
116 |
union { |
117 |
u16 w; |
118 |
u8 b[2]; |
119 |
} u; |
120 |
}; |
121 |
|
122 |
struct domain_info { |
123 |
struct domain_info *next; /* Pointer to next record. NULL if none. */ |
124 |
struct acl_info *first_acl_ptr; /* Pointer to first acl. NULL if none. */ |
125 |
const struct path_info *domainname; /* Name of this domain. Never NULL. */ |
126 |
u8 profile; /* Profile to use. */ |
127 |
u8 is_deleted; /* Delete flag. */ |
128 |
u8 quota_warned; /* Quota warnning done flag. */ |
129 |
}; |
130 |
|
131 |
#define MAX_PROFILES 256 |
132 |
|
133 |
typedef struct { |
134 |
struct acl_info head; /* type = TYPE_FILE_ACL, b[0] = perm, b[1] = u_is_group */ |
135 |
union { |
136 |
const struct path_info *filename; /* Pointer to single pathname. */ |
137 |
const struct group_entry *group; /* Pointer to pathname group. */ |
138 |
} u; |
139 |
} FILE_ACL_RECORD; |
140 |
|
141 |
typedef struct { |
142 |
struct acl_info head; /* type = TYPE_ARGV0_ACL */ |
143 |
const struct path_info *filename; /* Pointer to single pathname. */ |
144 |
const struct path_info *argv0; /* strrchr(argv[0], '/') + 1 */ |
145 |
} ARGV0_ACL_RECORD; |
146 |
|
147 |
typedef struct { |
148 |
struct acl_info head; /* type = TYPE_CAPABILITY_ACL, w = capability index. */ |
149 |
} CAPABILITY_ACL_RECORD; |
150 |
|
151 |
typedef struct { |
152 |
struct acl_info head; /* type = TYPE_SIGNAL_ACL, w = signal_number. */ |
153 |
const struct path_info *domainname; /* Pointer to destination pattern. */ |
154 |
} SIGNAL_ACL_RECORD; |
155 |
|
156 |
typedef struct { |
157 |
struct acl_info head; /* type = TYPE_CONNECT_ACL or TYPE_BIND_ACL, w = is_tcp */ |
158 |
u16 min_port; /* Start of port number range. */ |
159 |
u16 max_port; /* End of port number range. */ |
160 |
} PORT_ACL_RECORD; |
161 |
|
162 |
typedef struct { |
163 |
struct acl_info head; /* type = TYPE_*, w = u_is_group */ |
164 |
union { |
165 |
const struct path_info *filename; /* Pointer to single pathname. */ |
166 |
const struct group_entry *group; /* Pointer to pathname group. */ |
167 |
} u; |
168 |
} SINGLE_ACL_RECORD; |
169 |
|
170 |
typedef struct { |
171 |
struct acl_info head; /* type = TYPE_RENAME_ACL or TYPE_LINK_ACL, b[0] = u1_is_group, b[1] = u2_is_group */ |
172 |
union { |
173 |
const struct path_info *filename1; /* Pointer to single pathname. */ |
174 |
const struct group_entry *group1; /* Pointer to pathname group. */ |
175 |
} u1; |
176 |
union { |
177 |
const struct path_info *filename2; /* Pointer to single pathname. */ |
178 |
const struct group_entry *group2; /* Pointer to pathname group. */ |
179 |
} u2; |
180 |
} DOUBLE_ACL_RECORD; |
181 |
|
182 |
#define IP_RECORD_TYPE_ADDRESS_GROUP 0 |
183 |
#define IP_RECORD_TYPE_IPv4 1 |
184 |
#define IP_RECORD_TYPE_IPv6 2 |
185 |
|
186 |
typedef struct { |
187 |
struct acl_info head; /* type = TYPE_IP_NETWORK_ACL, b[0] = socket_type, b[1] = IP_RECORD_TYPE_* */ |
188 |
union { |
189 |
struct { |
190 |
u32 min; /* Start of IPv4 address range. Host endian. */ |
191 |
u32 max; /* End of IPv4 address range. Host endian. */ |
192 |
} ipv4; |
193 |
struct { |
194 |
u16 min[8]; /* Start of IPv6 address range. Big endian. */ |
195 |
u16 max[8]; /* End of IPv6 address range. Big endian. */ |
196 |
} ipv6; |
197 |
const struct address_group_entry *group; /* Pointer to address group. */ |
198 |
} u; |
199 |
u16 min_port; /* Start of port number range. */ |
200 |
u16 max_port; /* End of port number range. */ |
201 |
} IP_NETWORK_ACL_RECORD; |
202 |
|
203 |
/************************* Keywords for ACLs. *************************/ |
204 |
|
205 |
#define KEYWORD_ADDRESS_GROUP "address_group " |
206 |
#define KEYWORD_ADDRESS_GROUP_LEN (sizeof(KEYWORD_ADDRESS_GROUP) - 1) |
207 |
#define KEYWORD_AGGREGATOR "aggregator " |
208 |
#define KEYWORD_AGGREGATOR_LEN (sizeof(KEYWORD_AGGREGATOR) - 1) |
209 |
#define KEYWORD_ALIAS "alias " |
210 |
#define KEYWORD_ALIAS_LEN (sizeof(KEYWORD_ALIAS) - 1) |
211 |
#define KEYWORD_ALLOW_ARGV0 "allow_argv0 " |
212 |
#define KEYWORD_ALLOW_ARGV0_LEN (sizeof(KEYWORD_ALLOW_ARGV0) - 1) |
213 |
#define KEYWORD_ALLOW_BIND "allow_bind " |
214 |
#define KEYWORD_ALLOW_BIND_LEN (sizeof(KEYWORD_ALLOW_BIND) - 1) |
215 |
#define KEYWORD_ALLOW_CAPABILITY "allow_capability " |
216 |
#define KEYWORD_ALLOW_CAPABILITY_LEN (sizeof(KEYWORD_ALLOW_CAPABILITY) - 1) |
217 |
#define KEYWORD_ALLOW_CHROOT "allow_chroot " |
218 |
#define KEYWORD_ALLOW_CHROOT_LEN (sizeof(KEYWORD_ALLOW_CHROOT) - 1) |
219 |
#define KEYWORD_ALLOW_CONNECT "allow_connect " |
220 |
#define KEYWORD_ALLOW_CONNECT_LEN (sizeof(KEYWORD_ALLOW_CONNECT) - 1) |
221 |
#define KEYWORD_ALLOW_MOUNT "allow_mount " |
222 |
#define KEYWORD_ALLOW_MOUNT_LEN (sizeof(KEYWORD_ALLOW_MOUNT) - 1) |
223 |
#define KEYWORD_ALLOW_NETWORK "allow_network " |
224 |
#define KEYWORD_ALLOW_NETWORK_LEN (sizeof(KEYWORD_ALLOW_NETWORK) - 1) |
225 |
#define KEYWORD_ALLOW_PIVOT_ROOT "allow_pivot_root " |
226 |
#define KEYWORD_ALLOW_PIVOT_ROOT_LEN (sizeof(KEYWORD_ALLOW_PIVOT_ROOT) - 1) |
227 |
#define KEYWORD_ALLOW_READ "allow_read " |
228 |
#define KEYWORD_ALLOW_READ_LEN (sizeof(KEYWORD_ALLOW_READ) - 1) |
229 |
#define KEYWORD_ALLOW_SIGNAL "allow_signal " |
230 |
#define KEYWORD_ALLOW_SIGNAL_LEN (sizeof(KEYWORD_ALLOW_SIGNAL) - 1) |
231 |
#define KEYWORD_DELETE "delete " |
232 |
#define KEYWORD_DELETE_LEN (sizeof(KEYWORD_DELETE) - 1) |
233 |
#define KEYWORD_DENY_AUTOBIND "deny_autobind " |
234 |
#define KEYWORD_DENY_AUTOBIND_LEN (sizeof(KEYWORD_DENY_AUTOBIND) - 1) |
235 |
#define KEYWORD_DENY_REWRITE "deny_rewrite " |
236 |
#define KEYWORD_DENY_REWRITE_LEN (sizeof(KEYWORD_DENY_REWRITE) - 1) |
237 |
#define KEYWORD_DENY_UNMOUNT "deny_unmount " |
238 |
#define KEYWORD_DENY_UNMOUNT_LEN (sizeof(KEYWORD_DENY_UNMOUNT) - 1) |
239 |
#define KEYWORD_FILE_PATTERN "file_pattern " |
240 |
#define KEYWORD_FILE_PATTERN_LEN (sizeof(KEYWORD_FILE_PATTERN) - 1) |
241 |
#define KEYWORD_INITIALIZER "initializer " |
242 |
#define KEYWORD_INITIALIZER_LEN (sizeof(KEYWORD_INITIALIZER) - 1) |
243 |
#define KEYWORD_INITIALIZE_DOMAIN "initialize_domain " |
244 |
#define KEYWORD_INITIALIZE_DOMAIN_LEN (sizeof(KEYWORD_INITIALIZE_DOMAIN) - 1) |
245 |
#define KEYWORD_KEEP_DOMAIN "keep_domain " |
246 |
#define KEYWORD_KEEP_DOMAIN_LEN (sizeof(KEYWORD_KEEP_DOMAIN) - 1) |
247 |
#define KEYWORD_NO_INITIALIZER "no_initializer " |
248 |
#define KEYWORD_NO_INITIALIZER_LEN (sizeof(KEYWORD_NO_INITIALIZER) - 1) |
249 |
#define KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain " |
250 |
#define KEYWORD_NO_INITIALIZE_DOMAIN_LEN (sizeof(KEYWORD_NO_INITIALIZE_DOMAIN) - 1) |
251 |
#define KEYWORD_NO_KEEP_DOMAIN "no_keep_domain " |
252 |
#define KEYWORD_NO_KEEP_DOMAIN_LEN (sizeof(KEYWORD_NO_KEEP_DOMAIN) - 1) |
253 |
#define KEYWORD_PATH_GROUP "path_group " |
254 |
#define KEYWORD_PATH_GROUP_LEN (sizeof(KEYWORD_PATH_GROUP) - 1) |
255 |
#define KEYWORD_SELECT "select " |
256 |
#define KEYWORD_SELECT_LEN (sizeof(KEYWORD_SELECT) - 1) |
257 |
#define KEYWORD_UNDELETE "undelete " |
258 |
#define KEYWORD_UNDELETE_LEN (sizeof(KEYWORD_UNDELETE) - 1) |
259 |
|
260 |
#define KEYWORD_USE_PROFILE "use_profile " |
261 |
|
262 |
#define KEYWORD_MAC_FOR_CAPABILITY "MAC_FOR_CAPABILITY::" |
263 |
#define KEYWORD_MAC_FOR_CAPABILITY_LEN (sizeof(KEYWORD_MAC_FOR_CAPABILITY) - 1) |
264 |
|
265 |
#define ROOT_NAME "<kernel>" /* A domain definition starts with <kernel> . */ |
266 |
#define ROOT_NAME_LEN (sizeof(ROOT_NAME) - 1) |
267 |
|
268 |
/************************* Index numbers for Access Controls. *************************/ |
269 |
|
270 |
#define CCS_PROFILE_COMMENT 0 /* status.txt */ |
271 |
#define CCS_TOMOYO_MAC_FOR_FILE 1 /* domain_policy.txt */ |
272 |
#define CCS_TOMOYO_MAC_FOR_ARGV0 2 /* domain_policy.txt */ |
273 |
#define CCS_TOMOYO_MAC_FOR_NETWORK 3 /* domain_policy.txt */ |
274 |
#define CCS_TOMOYO_MAC_FOR_SIGNAL 4 /* domain_policy.txt */ |
275 |
#define CCS_SAKURA_DENY_CONCEAL_MOUNT 5 |
276 |
#define CCS_SAKURA_RESTRICT_CHROOT 6 /* system_policy.txt */ |
277 |
#define CCS_SAKURA_RESTRICT_MOUNT 7 /* system_policy.txt */ |
278 |
#define CCS_SAKURA_RESTRICT_UNMOUNT 8 /* system_policy.txt */ |
279 |
#define CCS_SAKURA_RESTRICT_PIVOT_ROOT 9 /* system_policy.txt */ |
280 |
#define CCS_SAKURA_RESTRICT_AUTOBIND 10 /* system_policy.txt */ |
281 |
#define CCS_TOMOYO_MAX_ACCEPT_ENTRY 11 |
282 |
#define CCS_TOMOYO_MAX_GRANT_LOG 12 |
283 |
#define CCS_TOMOYO_MAX_REJECT_LOG 13 |
284 |
#define CCS_TOMOYO_VERBOSE 14 |
285 |
#define CCS_ALLOW_ENFORCE_GRACE 15 |
286 |
#define CCS_MAX_CONTROL_INDEX 16 |
287 |
|
288 |
/************************* Index numbers for updates counter. *************************/ |
289 |
|
290 |
#define CCS_UPDATES_COUNTER_SYSTEM_POLICY 0 |
291 |
#define CCS_UPDATES_COUNTER_DOMAIN_POLICY 1 |
292 |
#define CCS_UPDATES_COUNTER_EXCEPTION_POLICY 2 |
293 |
#define CCS_UPDATES_COUNTER_STATUS 3 |
294 |
#define CCS_UPDATES_COUNTER_QUERY 4 |
295 |
#define CCS_UPDATES_COUNTER_MANAGER 5 |
296 |
#define CCS_UPDATES_COUNTER_GRANT_LOG 6 |
297 |
#define CCS_UPDATES_COUNTER_REJECT_LOG 7 |
298 |
#define MAX_CCS_UPDATES_COUNTER 8 |
299 |
|
300 |
/************************* The structure for /proc interfaces. *************************/ |
301 |
|
302 |
typedef struct io_buffer { |
303 |
int (*read) (struct io_buffer *); |
304 |
struct semaphore read_sem; |
305 |
int (*write) (struct io_buffer *); |
306 |
struct semaphore write_sem; |
307 |
int (*poll) (struct file *file, poll_table *wait); |
308 |
struct domain_info *read_var1; /* The position currently reading from. */ |
309 |
void *read_var2; /* Extra variables for reading. */ |
310 |
struct domain_info *write_var1; /* The position currently writing to. */ |
311 |
int read_step; /* The step for reading. */ |
312 |
char *read_buf; /* Buffer for reading. */ |
313 |
int read_eof; /* EOF flag for reading. */ |
314 |
int read_avail; /* Bytes available for reading. */ |
315 |
int readbuf_size; /* Size of read buffer. */ |
316 |
char *write_buf; /* Buffer for writing. */ |
317 |
int write_avail; /* Bytes available for writing. */ |
318 |
int writebuf_size; /* Size of write buffer. */ |
319 |
} IO_BUFFER; |
320 |
|
321 |
/************************* PROTOTYPES *************************/ |
322 |
|
323 |
char *FindConditionPart(char *data); |
324 |
char *InitAuditLog(int *len); |
325 |
char *ccs_alloc(const size_t size); |
326 |
char *print_ipv6(char *buffer, const int buffer_len, const u16 *ip); |
327 |
const char *GetEXE(void); |
328 |
const char *GetLastName(const struct domain_info *domain); |
329 |
const char *GetMSG(const int is_enforce); |
330 |
const char *acltype2keyword(const unsigned int acl_type); |
331 |
const char *capability2keyword(const unsigned int capability); |
332 |
const char *network2keyword(const unsigned int operation); |
333 |
const struct condition_list *FindOrAssignNewCondition(const char *condition); |
334 |
int AddAddressGroupPolicy(char *data, const int is_delete); |
335 |
int AddAggregatorPolicy(char *data, const int is_delete); |
336 |
int AddAliasPolicy(char *data, const int is_delete); |
337 |
int AddArgv0Policy(char *data, struct domain_info *domain, const int is_delete); |
338 |
int AddCapabilityPolicy(char *data, struct domain_info *domain, const int is_delete); |
339 |
int AddChrootPolicy(char *data, const int is_delete); |
340 |
int AddDomainACL(struct acl_info *ptr, struct domain_info *domain, struct acl_info *new_ptr); |
341 |
int AddDomainInitializerPolicy(char *data, const int is_not, const int is_delete, const int is_oldstyle); |
342 |
int AddDomainKeeperPolicy(char *data, const int is_not, const int is_delete); |
343 |
int AddFilePolicy(char *data, struct domain_info *domain, const int is_delete); |
344 |
int AddGloballyReadablePolicy(char *data, const int is_delete); |
345 |
int AddGroupPolicy(char *data, const int is_delete); |
346 |
int AddMountPolicy(char *data, const int is_delete); |
347 |
int AddNetworkPolicy(char *data, struct domain_info *domain, const int is_delete); |
348 |
int AddNoRewritePolicy(char *pattern, const int is_delete); |
349 |
int AddNoUmountPolicy(char *data, const int is_delete); |
350 |
int AddPatternPolicy(char *data, const int is_delete); |
351 |
int AddPivotRootPolicy(char *data, const int is_delete); |
352 |
int AddReservedPortPolicy(char *data, const int is_delete); |
353 |
int AddSignalPolicy(char *data, struct domain_info *domain, const int is_delete); |
354 |
int CCS_CloseControl(struct file *file); |
355 |
int CCS_OpenControl(const int type, struct file *file); |
356 |
int CCS_PollControl(struct file *file, poll_table *wait); |
357 |
int CCS_ReadControl(struct file *file, char __user *buffer, const int buffer_len); |
358 |
int CCS_WriteControl(struct file *file, const char __user *buffer, const int buffer_len); |
359 |
int CanSaveAuditLog(const int is_granted); |
360 |
int CheckCondition(const struct condition_list *condition, struct obj_info *obj_info); |
361 |
int CheckSupervisor(const char *fmt, ...) __attribute__ ((format(printf, 1, 2))); |
362 |
int DelDomainACL(struct acl_info *ptr); |
363 |
int DeleteDomain(char *data); |
364 |
int DumpCondition(IO_BUFFER *head, const struct condition_list *ptr); |
365 |
int IsCorrectDomain(const unsigned char *domainname, const char *function); |
366 |
int IsCorrectPath(const char *filename, const int start_type, const int pattern_type, const int end_type, const char *function); |
367 |
int IsDomainDef(const unsigned char *buffer); |
368 |
int PathMatchesToPattern(const struct path_info *pathname0, const struct path_info *pattern0); |
369 |
int PollGrantLog(struct file *file, poll_table *wait); |
370 |
int PollRejectLog(struct file *file, poll_table *wait); |
371 |
int ReadAddressGroupPolicy(IO_BUFFER *head); |
372 |
int ReadAggregatorPolicy(IO_BUFFER *head); |
373 |
int ReadAliasPolicy(IO_BUFFER *head); |
374 |
int ReadCapabilityStatus(IO_BUFFER *head); |
375 |
int ReadChrootPolicy(IO_BUFFER *head); |
376 |
int ReadDomainInitializerPolicy(IO_BUFFER *head); |
377 |
int ReadDomainKeeperPolicy(IO_BUFFER *head); |
378 |
int ReadGloballyReadablePolicy(IO_BUFFER *head); |
379 |
int ReadGrantLog(IO_BUFFER *head); |
380 |
int ReadGroupPolicy(IO_BUFFER *head); |
381 |
int ReadMountPolicy(IO_BUFFER *head); |
382 |
int ReadNoRewritePolicy(IO_BUFFER *head); |
383 |
int ReadNoUmountPolicy(IO_BUFFER *head); |
384 |
int ReadPatternPolicy(IO_BUFFER *head); |
385 |
int ReadPivotRootPolicy(IO_BUFFER *head); |
386 |
int ReadPermissionMapping(IO_BUFFER *head); |
387 |
int ReadRejectLog(IO_BUFFER *head); |
388 |
int ReadReservedPortPolicy(IO_BUFFER *head); |
389 |
int ReadSelfDomain(IO_BUFFER *head); |
390 |
int SetCapabilityStatus(const char *data, unsigned int value, const unsigned int profile); |
391 |
int SetPermissionMapping(IO_BUFFER *head); |
392 |
int WriteAuditLog(char *log, const int is_granted); |
393 |
int acltype2paths(const unsigned int acl_type); |
394 |
int io_printf(IO_BUFFER *head, const char *fmt, ...) __attribute__ ((format(printf, 2, 3))); |
395 |
struct domain_info *FindDomain(const char *domainname); |
396 |
struct domain_info *FindOrAssignNewDomain(const char *domainname, const u8 profile); |
397 |
struct domain_info *UndeleteDomain(const char *domainname0); |
398 |
unsigned int CheckCCSAccept(const unsigned int index); |
399 |
unsigned int CheckCCSEnforce(const unsigned int index); |
400 |
unsigned int CheckCCSFlags(const unsigned int index); |
401 |
unsigned int TomoyoVerboseMode(void); |
402 |
void UpdateCounter(const unsigned char index); |
403 |
void ccs_free(const void *p); |
404 |
void fill_path_info(struct path_info *ptr); |
405 |
|
406 |
static inline int pathcmp(const struct path_info *a, const struct path_info *b) |
407 |
{ |
408 |
return a->hash != b->hash || strcmp(a->name, b->name); |
409 |
} |
410 |
#endif |