| 43 |
|
|
| 44 |
/************************* SIGNAL ACL HANDLER *************************/ |
/************************* SIGNAL ACL HANDLER *************************/ |
| 45 |
|
|
| 46 |
static int AddSignalEntry(const int sig, const char *dest_pattern, struct domain_info *domain, const int is_delete, const struct condition_list *condition) |
static int AddSignalEntry(const int sig, const char *dest_pattern, struct domain_info *domain, const u8 is_add, const struct condition_list *condition) |
| 47 |
{ |
{ |
| 48 |
struct acl_info *ptr; |
struct acl_info *ptr; |
| 49 |
const struct path_info *saved_dest_pattern; |
const struct path_info *saved_dest_pattern; |
| 53 |
if (!dest_pattern || !IsCorrectDomain(dest_pattern, __FUNCTION__)) return -EINVAL; |
if (!dest_pattern || !IsCorrectDomain(dest_pattern, __FUNCTION__)) return -EINVAL; |
| 54 |
if ((saved_dest_pattern = SaveName(dest_pattern)) == NULL) return -ENOMEM; |
if ((saved_dest_pattern = SaveName(dest_pattern)) == NULL) return -ENOMEM; |
| 55 |
down(&domain_acl_lock); |
down(&domain_acl_lock); |
| 56 |
if (!is_delete) { |
if (is_add) { |
| 57 |
if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry; |
if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry; |
| 58 |
while (1) { |
while (1) { |
| 59 |
SIGNAL_ACL_RECORD *new_ptr; |
SIGNAL_ACL_RECORD *new_ptr; |
| 70 |
continue; |
continue; |
| 71 |
} |
} |
| 72 |
first_entry: ; |
first_entry: ; |
| 73 |
|
if (is_add == 1 && TooManyDomainACL(domain)) break; |
| 74 |
/* Not found. Append it to the tail. */ |
/* Not found. Append it to the tail. */ |
| 75 |
if ((new_ptr = (SIGNAL_ACL_RECORD *) alloc_element(sizeof(SIGNAL_ACL_RECORD))) == NULL) break; |
if ((new_ptr = (SIGNAL_ACL_RECORD *) alloc_element(sizeof(SIGNAL_ACL_RECORD))) == NULL) break; |
| 76 |
new_ptr->head.type = TYPE_SIGNAL_ACL; |
new_ptr->head.type = TYPE_SIGNAL_ACL; |
| 138 |
} |
} |
| 139 |
AuditSignalLog(sig, dest->domainname, 0); |
AuditSignalLog(sig, dest->domainname, 0); |
| 140 |
if (is_enforce) return CheckSupervisor("%s\n" KEYWORD_ALLOW_SIGNAL "%d %s\n", domain->domainname->name, sig, dest_pattern); |
if (is_enforce) return CheckSupervisor("%s\n" KEYWORD_ALLOW_SIGNAL "%d %s\n", domain->domainname->name, sig, dest_pattern); |
| 141 |
if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_SIGNAL)) AddSignalEntry(sig, dest_pattern, domain, 0, NULL); |
if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_SIGNAL)) AddSignalEntry(sig, dest_pattern, domain, 1, NULL); |
| 142 |
return 0; |
return 0; |
| 143 |
} |
} |
| 144 |
|
|
| 151 |
const struct condition_list *condition = NULL; |
const struct condition_list *condition = NULL; |
| 152 |
const char *cp = FindConditionPart(domainname + 1); |
const char *cp = FindConditionPart(domainname + 1); |
| 153 |
if (cp && (condition = FindOrAssignNewCondition(cp)) == NULL) return -EINVAL; |
if (cp && (condition = FindOrAssignNewCondition(cp)) == NULL) return -EINVAL; |
| 154 |
return AddSignalEntry(sig, domainname + 1, domain, is_delete, condition); |
return AddSignalEntry(sig, domainname + 1, domain, is_delete ? 0 : -1, condition); |
| 155 |
} |
} |
| 156 |
return -EINVAL; |
return -EINVAL; |
| 157 |
} |
} |
TOMOYO
Parent Directory
Revision Log
Patch