43 |
|
|
44 |
/************************* SIGNAL ACL HANDLER *************************/ |
/************************* SIGNAL ACL HANDLER *************************/ |
45 |
|
|
46 |
static int AddSignalEntry(const int sig, const char *dest_pattern, struct domain_info *domain, const int is_delete, const struct condition_list *condition) |
static int AddSignalEntry(const int sig, const char *dest_pattern, struct domain_info *domain, const u8 is_add, const struct condition_list *condition) |
47 |
{ |
{ |
48 |
struct acl_info *ptr; |
struct acl_info *ptr; |
49 |
const struct path_info *saved_dest_pattern; |
const struct path_info *saved_dest_pattern; |
53 |
if (!dest_pattern || !IsCorrectDomain(dest_pattern, __FUNCTION__)) return -EINVAL; |
if (!dest_pattern || !IsCorrectDomain(dest_pattern, __FUNCTION__)) return -EINVAL; |
54 |
if ((saved_dest_pattern = SaveName(dest_pattern)) == NULL) return -ENOMEM; |
if ((saved_dest_pattern = SaveName(dest_pattern)) == NULL) return -ENOMEM; |
55 |
down(&domain_acl_lock); |
down(&domain_acl_lock); |
56 |
if (!is_delete) { |
if (is_add) { |
57 |
if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry; |
if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry; |
58 |
while (1) { |
while (1) { |
59 |
SIGNAL_ACL_RECORD *new_ptr; |
SIGNAL_ACL_RECORD *new_ptr; |
70 |
continue; |
continue; |
71 |
} |
} |
72 |
first_entry: ; |
first_entry: ; |
73 |
|
if (is_add == 1 && TooManyDomainACL(domain)) break; |
74 |
/* Not found. Append it to the tail. */ |
/* Not found. Append it to the tail. */ |
75 |
if ((new_ptr = (SIGNAL_ACL_RECORD *) alloc_element(sizeof(SIGNAL_ACL_RECORD))) == NULL) break; |
if ((new_ptr = (SIGNAL_ACL_RECORD *) alloc_element(sizeof(SIGNAL_ACL_RECORD))) == NULL) break; |
76 |
new_ptr->head.type = TYPE_SIGNAL_ACL; |
new_ptr->head.type = TYPE_SIGNAL_ACL; |
138 |
} |
} |
139 |
AuditSignalLog(sig, dest->domainname, 0); |
AuditSignalLog(sig, dest->domainname, 0); |
140 |
if (is_enforce) return CheckSupervisor("%s\n" KEYWORD_ALLOW_SIGNAL "%d %s\n", domain->domainname->name, sig, dest_pattern); |
if (is_enforce) return CheckSupervisor("%s\n" KEYWORD_ALLOW_SIGNAL "%d %s\n", domain->domainname->name, sig, dest_pattern); |
141 |
if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_SIGNAL)) AddSignalEntry(sig, dest_pattern, domain, 0, NULL); |
if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_SIGNAL)) AddSignalEntry(sig, dest_pattern, domain, 1, NULL); |
142 |
return 0; |
return 0; |
143 |
} |
} |
144 |
|
|
151 |
const struct condition_list *condition = NULL; |
const struct condition_list *condition = NULL; |
152 |
const char *cp = FindConditionPart(domainname + 1); |
const char *cp = FindConditionPart(domainname + 1); |
153 |
if (cp && (condition = FindOrAssignNewCondition(cp)) == NULL) return -EINVAL; |
if (cp && (condition = FindOrAssignNewCondition(cp)) == NULL) return -EINVAL; |
154 |
return AddSignalEntry(sig, domainname + 1, domain, is_delete, condition); |
return AddSignalEntry(sig, domainname + 1, domain, is_delete ? 0 : -1, condition); |
155 |
} |
} |
156 |
return -EINVAL; |
return -EINVAL; |
157 |
} |
} |