| 3 |
* |
* |
| 4 |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
| 5 |
* |
* |
| 6 |
* Version: 1.7.0-pre 2009/08/24 |
* Version: 1.7.1-pre 2009/10/16 |
| 7 |
* |
* |
| 8 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
| 9 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
| 169 |
const u32 ip = ntohl(*address); |
const u32 ip = ntohl(*address); |
| 170 |
int error; |
int error; |
| 171 |
char buf[64]; |
char buf[64]; |
|
ccs_assert_read_lock(); |
|
| 172 |
if (ccs_init_request_info(&r, NULL, |
if (ccs_init_request_info(&r, NULL, |
| 173 |
CCS_MAC_NETWORK_UDP_BIND + operation) |
CCS_MAC_NETWORK_UDP_BIND + operation) |
| 174 |
== CCS_MAC_MODE_DISABLED) |
== CCS_CONFIG_DISABLED) |
| 175 |
return 0; |
return 0; |
| 176 |
memset(buf, 0, sizeof(buf)); |
memset(buf, 0, sizeof(buf)); |
| 177 |
if (is_ipv6) |
if (is_ipv6) |
| 225 |
error = ccs_supervisor(&r, CCS_KEYWORD_ALLOW_NETWORK |
error = ccs_supervisor(&r, CCS_KEYWORD_ALLOW_NETWORK |
| 226 |
"%s %s %u\n", keyword, buf, port); |
"%s %s %u\n", keyword, buf, port); |
| 227 |
} while (error == 1); |
} while (error == 1); |
| 228 |
if (r.mode != CCS_MAC_MODE_ENFORCING) |
if (r.mode != CCS_CONFIG_ENFORCING) |
| 229 |
error = 0; |
error = 0; |
| 230 |
return error; |
return error; |
| 231 |
} |
} |
| 244 |
const u32 *address, const u16 port) |
const u32 *address, const u16 port) |
| 245 |
{ |
{ |
| 246 |
const int idx = ccs_read_lock(); |
const int idx = ccs_read_lock(); |
| 247 |
const int error = ccs_network_entry2(is_ipv6, operation, |
const int error = ccs_network_entry2(is_ipv6, operation, address, |
| 248 |
address, port); |
port); |
| 249 |
ccs_read_unlock(idx); |
ccs_read_unlock(idx); |
| 250 |
return error; |
return error; |
| 251 |
} |
} |
| 394 |
* |
* |
| 395 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
| 396 |
*/ |
*/ |
| 397 |
static inline int ccs_network_listen_acl(const bool is_ipv6, |
static inline int ccs_network_listen_acl(const bool is_ipv6, const u8 *address, |
|
const u8 *address, |
|
| 398 |
const u16 port) |
const u16 port) |
| 399 |
{ |
{ |
| 400 |
return ccs_network_entry(is_ipv6, CCS_NETWORK_TCP_LISTEN, |
return ccs_network_entry(is_ipv6, CCS_NETWORK_TCP_LISTEN, |
| 413 |
*/ |
*/ |
| 414 |
static inline int ccs_network_connect_acl(const bool is_ipv6, |
static inline int ccs_network_connect_acl(const bool is_ipv6, |
| 415 |
const int sock_type, |
const int sock_type, |
| 416 |
const u8 *address, |
const u8 *address, const u16 port) |
|
const u16 port) |
|
| 417 |
{ |
{ |
| 418 |
u8 operation; |
u8 operation; |
| 419 |
switch (sock_type) { |
switch (sock_type) { |
| 467 |
* |
* |
| 468 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
| 469 |
*/ |
*/ |
| 470 |
static inline int ccs_network_accept_acl(const bool is_ipv6, |
static inline int ccs_network_accept_acl(const bool is_ipv6, const u8 *address, |
|
const u8 *address, |
|
| 471 |
const u16 port) |
const u16 port) |
| 472 |
{ |
{ |
| 473 |
int retval; |
int retval; |
| 490 |
*/ |
*/ |
| 491 |
static inline int ccs_network_sendmsg_acl(const bool is_ipv6, |
static inline int ccs_network_sendmsg_acl(const bool is_ipv6, |
| 492 |
const int sock_type, |
const int sock_type, |
| 493 |
const u8 *address, |
const u8 *address, const u16 port) |
|
const u16 port) |
|
| 494 |
{ |
{ |
| 495 |
u8 operation; |
u8 operation; |
| 496 |
if (sock_type == SOCK_DGRAM) |
if (sock_type == SOCK_DGRAM) |
| 513 |
*/ |
*/ |
| 514 |
static inline int ccs_network_recvmsg_acl(const bool is_ipv6, |
static inline int ccs_network_recvmsg_acl(const bool is_ipv6, |
| 515 |
const int sock_type, |
const int sock_type, |
| 516 |
const u8 *address, |
const u8 *address, const u16 port) |
|
const u16 port) |
|
| 517 |
{ |
{ |
| 518 |
int retval; |
int retval; |
| 519 |
const u8 operation |
const u8 operation |
| 748 |
} |
} |
| 749 |
|
|
| 750 |
/* Check permission for sending a datagram via a UDP or RAW socket. */ |
/* Check permission for sending a datagram via a UDP or RAW socket. */ |
| 751 |
int ccs_socket_sendmsg_permission(struct socket *sock, struct sockaddr *addr, |
int ccs_socket_sendmsg_permission(struct socket *sock, struct msghdr *msg, |
| 752 |
int addr_len) |
int size) |
| 753 |
{ |
{ |
| 754 |
|
struct sockaddr *addr = (struct sockaddr *) msg->msg_name; |
| 755 |
|
const int addr_len = msg->msg_namelen; |
| 756 |
int error = 0; |
int error = 0; |
| 757 |
const int type = sock->type; |
const int type = sock->type; |
| 758 |
/* Nothing to do if I am a kernel service. */ |
/* Nothing to do if I am a kernel service. */ |
| 785 |
else |
else |
| 786 |
port = htons(sock->sk->sk_protocol); |
port = htons(sock->sk->sk_protocol); |
| 787 |
error = ccs_network_sendmsg_acl(false, type, |
error = ccs_network_sendmsg_acl(false, type, |
| 788 |
(u8 *) &addr4->sin_addr, |
(u8 *) &addr4->sin_addr, port); |
|
port); |
|
| 789 |
break; |
break; |
| 790 |
} |
} |
| 791 |
return error; |
return error; |
| 793 |
|
|
| 794 |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 22) |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 22) |
| 795 |
#if !defined(RHEL_MAJOR) || RHEL_MAJOR != 5 |
#if !defined(RHEL_MAJOR) || RHEL_MAJOR != 5 |
| 796 |
|
#if !defined(AX_MAJOR) || AX_MAJOR != 3 || !defined(AX_MINOR) || AX_MINOR < 2 |
| 797 |
|
|
| 798 |
static inline struct iphdr *ip_hdr(const struct sk_buff *skb) |
static inline struct iphdr *ip_hdr(const struct sk_buff *skb) |
| 799 |
{ |
{ |
| 812 |
|
|
| 813 |
#endif |
#endif |
| 814 |
#endif |
#endif |
| 815 |
|
#endif |
| 816 |
|
|
| 817 |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 12) |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 12) |
| 818 |
static void skb_kill_datagram(struct sock *sk, struct sk_buff *skb, |
static void skb_kill_datagram(struct sock *sk, struct sk_buff *skb, |
TOMOYO
Parent Directory
Revision Log
Patch