1 |
/* |
/* |
2 |
* security/ccsecurity/network.c |
* security/ccsecurity/network.c |
3 |
* |
* |
4 |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
* Copyright (C) 2005-2010 NTT DATA CORPORATION |
5 |
* |
* |
6 |
* Version: 1.7.1 2009/11/11 |
* Version: 1.7.2-pre 2010/03/08 |
7 |
* |
* |
8 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
9 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
528 |
#define MAX_SOCK_ADDR 128 /* net/socket.c */ |
#define MAX_SOCK_ADDR 128 /* net/socket.c */ |
529 |
|
|
530 |
/* Check permission for creating a socket. */ |
/* Check permission for creating a socket. */ |
531 |
int ccs_socket_create_permission(int family, int type, int protocol) |
static int __ccs_socket_create_permission(int family, int type, int protocol) |
532 |
{ |
{ |
533 |
int error = 0; |
int error = 0; |
534 |
/* Nothing to do if I am a kernel service. */ |
/* Nothing to do if I am a kernel service. */ |
558 |
} |
} |
559 |
|
|
560 |
/* Check permission for listening a TCP socket. */ |
/* Check permission for listening a TCP socket. */ |
561 |
int ccs_socket_listen_permission(struct socket *sock) |
static int __ccs_socket_listen_permission(struct socket *sock) |
562 |
{ |
{ |
563 |
int error = 0; |
int error = 0; |
564 |
char addr[MAX_SOCK_ADDR]; |
char addr[MAX_SOCK_ADDR]; |
599 |
} |
} |
600 |
|
|
601 |
/* Check permission for setting the remote IP address/port pair of a socket. */ |
/* Check permission for setting the remote IP address/port pair of a socket. */ |
602 |
int ccs_socket_connect_permission(struct socket *sock, struct sockaddr *addr, |
static int __ccs_socket_connect_permission(struct socket *sock, |
603 |
int addr_len) |
struct sockaddr *addr, int addr_len) |
604 |
{ |
{ |
605 |
int error = 0; |
int error = 0; |
606 |
const unsigned int type = sock->type; |
const unsigned int type = sock->type; |
657 |
} |
} |
658 |
|
|
659 |
/* Check permission for setting the local IP address/port pair of a socket. */ |
/* Check permission for setting the local IP address/port pair of a socket. */ |
660 |
int ccs_socket_bind_permission(struct socket *sock, struct sockaddr *addr, |
static int __ccs_socket_bind_permission(struct socket *sock, |
661 |
int addr_len) |
struct sockaddr *addr, int addr_len) |
662 |
{ |
{ |
663 |
int error = 0; |
int error = 0; |
664 |
const unsigned int type = sock->type; |
const unsigned int type = sock->type; |
710 |
* |
* |
711 |
* Currently, the LSM hook for this purpose is not provided. |
* Currently, the LSM hook for this purpose is not provided. |
712 |
*/ |
*/ |
713 |
int ccs_socket_accept_permission(struct socket *sock, struct sockaddr *addr) |
static int __ccs_socket_accept_permission(struct socket *sock, |
714 |
|
struct sockaddr *addr) |
715 |
{ |
{ |
716 |
int error = 0; |
int error = 0; |
717 |
int addr_len; |
int addr_len; |
748 |
} |
} |
749 |
|
|
750 |
/* Check permission for sending a datagram via a UDP or RAW socket. */ |
/* Check permission for sending a datagram via a UDP or RAW socket. */ |
751 |
int ccs_socket_sendmsg_permission(struct socket *sock, struct msghdr *msg, |
static int __ccs_socket_sendmsg_permission(struct socket *sock, |
752 |
int size) |
struct msghdr *msg, int size) |
753 |
{ |
{ |
754 |
struct sockaddr *addr = (struct sockaddr *) msg->msg_name; |
struct sockaddr *addr = (struct sockaddr *) msg->msg_name; |
755 |
const int addr_len = msg->msg_namelen; |
const int addr_len = msg->msg_namelen; |
857 |
* |
* |
858 |
* Currently, the LSM hook for this purpose is not provided. |
* Currently, the LSM hook for this purpose is not provided. |
859 |
*/ |
*/ |
860 |
int ccs_socket_recvmsg_permission(struct sock *sk, struct sk_buff *skb, |
static int __ccs_socket_recvmsg_permission(struct sock *sk, |
861 |
const unsigned int flags) |
struct sk_buff *skb, |
862 |
|
const unsigned int flags) |
863 |
{ |
{ |
864 |
int error = 0; |
int error = 0; |
865 |
const unsigned int type = sk->sk_type; |
const unsigned int type = sk->sk_type; |
921 |
/* Hope less harmful than -EPERM. */ |
/* Hope less harmful than -EPERM. */ |
922 |
return -ENOMEM; |
return -ENOMEM; |
923 |
} |
} |
924 |
EXPORT_SYMBOL(ccs_socket_recvmsg_permission); |
|
925 |
|
void __init ccs_network_init(void) |
926 |
|
{ |
927 |
|
ccsecurity_ops.socket_create_permission = |
928 |
|
__ccs_socket_create_permission; |
929 |
|
ccsecurity_ops.socket_listen_permission = |
930 |
|
__ccs_socket_listen_permission; |
931 |
|
ccsecurity_ops.socket_connect_permission = |
932 |
|
__ccs_socket_connect_permission; |
933 |
|
ccsecurity_ops.socket_bind_permission = __ccs_socket_bind_permission; |
934 |
|
ccsecurity_ops.socket_accept_permission = |
935 |
|
__ccs_socket_accept_permission; |
936 |
|
ccsecurity_ops.socket_sendmsg_permission = |
937 |
|
__ccs_socket_sendmsg_permission; |
938 |
|
ccsecurity_ops.socket_recvmsg_permission = |
939 |
|
__ccs_socket_recvmsg_permission; |
940 |
|
} |