| 1 |
/* |
/* |
| 2 |
* security/ccsecurity/network.c |
* security/ccsecurity/network.c |
| 3 |
* |
* |
| 4 |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
* Copyright (C) 2005-2010 NTT DATA CORPORATION |
| 5 |
* |
* |
| 6 |
* Version: 1.7.1 2009/11/11 |
* Version: 1.7.2-pre 2010/03/08 |
| 7 |
* |
* |
| 8 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
| 9 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
| 528 |
#define MAX_SOCK_ADDR 128 /* net/socket.c */ |
#define MAX_SOCK_ADDR 128 /* net/socket.c */ |
| 529 |
|
|
| 530 |
/* Check permission for creating a socket. */ |
/* Check permission for creating a socket. */ |
| 531 |
int ccs_socket_create_permission(int family, int type, int protocol) |
static int __ccs_socket_create_permission(int family, int type, int protocol) |
| 532 |
{ |
{ |
| 533 |
int error = 0; |
int error = 0; |
| 534 |
/* Nothing to do if I am a kernel service. */ |
/* Nothing to do if I am a kernel service. */ |
| 558 |
} |
} |
| 559 |
|
|
| 560 |
/* Check permission for listening a TCP socket. */ |
/* Check permission for listening a TCP socket. */ |
| 561 |
int ccs_socket_listen_permission(struct socket *sock) |
static int __ccs_socket_listen_permission(struct socket *sock) |
| 562 |
{ |
{ |
| 563 |
int error = 0; |
int error = 0; |
| 564 |
char addr[MAX_SOCK_ADDR]; |
char addr[MAX_SOCK_ADDR]; |
| 599 |
} |
} |
| 600 |
|
|
| 601 |
/* Check permission for setting the remote IP address/port pair of a socket. */ |
/* Check permission for setting the remote IP address/port pair of a socket. */ |
| 602 |
int ccs_socket_connect_permission(struct socket *sock, struct sockaddr *addr, |
static int __ccs_socket_connect_permission(struct socket *sock, |
| 603 |
int addr_len) |
struct sockaddr *addr, int addr_len) |
| 604 |
{ |
{ |
| 605 |
int error = 0; |
int error = 0; |
| 606 |
const unsigned int type = sock->type; |
const unsigned int type = sock->type; |
| 657 |
} |
} |
| 658 |
|
|
| 659 |
/* Check permission for setting the local IP address/port pair of a socket. */ |
/* Check permission for setting the local IP address/port pair of a socket. */ |
| 660 |
int ccs_socket_bind_permission(struct socket *sock, struct sockaddr *addr, |
static int __ccs_socket_bind_permission(struct socket *sock, |
| 661 |
int addr_len) |
struct sockaddr *addr, int addr_len) |
| 662 |
{ |
{ |
| 663 |
int error = 0; |
int error = 0; |
| 664 |
const unsigned int type = sock->type; |
const unsigned int type = sock->type; |
| 710 |
* |
* |
| 711 |
* Currently, the LSM hook for this purpose is not provided. |
* Currently, the LSM hook for this purpose is not provided. |
| 712 |
*/ |
*/ |
| 713 |
int ccs_socket_accept_permission(struct socket *sock, struct sockaddr *addr) |
static int __ccs_socket_accept_permission(struct socket *sock, |
| 714 |
|
struct sockaddr *addr) |
| 715 |
{ |
{ |
| 716 |
int error = 0; |
int error = 0; |
| 717 |
int addr_len; |
int addr_len; |
| 748 |
} |
} |
| 749 |
|
|
| 750 |
/* Check permission for sending a datagram via a UDP or RAW socket. */ |
/* Check permission for sending a datagram via a UDP or RAW socket. */ |
| 751 |
int ccs_socket_sendmsg_permission(struct socket *sock, struct msghdr *msg, |
static int __ccs_socket_sendmsg_permission(struct socket *sock, |
| 752 |
int size) |
struct msghdr *msg, int size) |
| 753 |
{ |
{ |
| 754 |
struct sockaddr *addr = (struct sockaddr *) msg->msg_name; |
struct sockaddr *addr = (struct sockaddr *) msg->msg_name; |
| 755 |
const int addr_len = msg->msg_namelen; |
const int addr_len = msg->msg_namelen; |
| 857 |
* |
* |
| 858 |
* Currently, the LSM hook for this purpose is not provided. |
* Currently, the LSM hook for this purpose is not provided. |
| 859 |
*/ |
*/ |
| 860 |
int ccs_socket_recvmsg_permission(struct sock *sk, struct sk_buff *skb, |
static int __ccs_socket_recvmsg_permission(struct sock *sk, |
| 861 |
const unsigned int flags) |
struct sk_buff *skb, |
| 862 |
|
const unsigned int flags) |
| 863 |
{ |
{ |
| 864 |
int error = 0; |
int error = 0; |
| 865 |
const unsigned int type = sk->sk_type; |
const unsigned int type = sk->sk_type; |
| 921 |
/* Hope less harmful than -EPERM. */ |
/* Hope less harmful than -EPERM. */ |
| 922 |
return -ENOMEM; |
return -ENOMEM; |
| 923 |
} |
} |
| 924 |
EXPORT_SYMBOL(ccs_socket_recvmsg_permission); |
|
| 925 |
|
void __init ccs_network_init(void) |
| 926 |
|
{ |
| 927 |
|
ccsecurity_ops.socket_create_permission = |
| 928 |
|
__ccs_socket_create_permission; |
| 929 |
|
ccsecurity_ops.socket_listen_permission = |
| 930 |
|
__ccs_socket_listen_permission; |
| 931 |
|
ccsecurity_ops.socket_connect_permission = |
| 932 |
|
__ccs_socket_connect_permission; |
| 933 |
|
ccsecurity_ops.socket_bind_permission = __ccs_socket_bind_permission; |
| 934 |
|
ccsecurity_ops.socket_accept_permission = |
| 935 |
|
__ccs_socket_accept_permission; |
| 936 |
|
ccsecurity_ops.socket_sendmsg_permission = |
| 937 |
|
__ccs_socket_sendmsg_permission; |
| 938 |
|
ccsecurity_ops.socket_recvmsg_permission = |
| 939 |
|
__ccs_socket_recvmsg_permission; |
| 940 |
|
} |
TOMOYO
Parent Directory
Revision Log
Patch