1 |
/* |
2 |
* ccstools.h |
3 |
* |
4 |
* TOMOYO Linux's utilities. |
5 |
* |
6 |
* Copyright (C) 2005-2007 NTT DATA CORPORATION |
7 |
* |
8 |
* Version: 1.5.0 2007/09/20 |
9 |
* |
10 |
*/ |
11 |
|
12 |
/***** CONSTANTS DEFINITION START *****/ |
13 |
|
14 |
#define _FILE_OFFSET_BITS 64 |
15 |
#define _LARGEFILE_SOURCE |
16 |
#define _LARGEFILE64_SOURCE |
17 |
#define u8 __u8 |
18 |
#define u16 __u16 |
19 |
#define u32 __u32 |
20 |
#define _GNU_SOURCE |
21 |
#include <arpa/inet.h> |
22 |
#include <asm/types.h> |
23 |
#include <curses.h> |
24 |
#include <dirent.h> |
25 |
#include <errno.h> |
26 |
#include <fcntl.h> |
27 |
#include <limits.h> |
28 |
#include <stdio.h> |
29 |
#include <stdlib.h> |
30 |
#include <string.h> |
31 |
#include <sys/file.h> |
32 |
#include <sys/mount.h> |
33 |
#include <sys/socket.h> |
34 |
#include <sys/stat.h> |
35 |
#include <sys/types.h> |
36 |
#include <sys/un.h> |
37 |
#include <syslog.h> |
38 |
#include <time.h> |
39 |
#include <unistd.h> |
40 |
|
41 |
#define SYSTEM_POLICY_FILE "system_policy" |
42 |
#define EXCEPTION_POLICY_FILE "exception_policy" |
43 |
#define DOMAIN_POLICY_FILE "domain_policy" |
44 |
|
45 |
#define SCREEN_SYSTEM_LIST 0 |
46 |
#define SCREEN_EXCEPTION_LIST 1 |
47 |
#define SCREEN_DOMAIN_LIST 2 |
48 |
#define SCREEN_ACL_LIST 3 |
49 |
#define MAXSCREEN 4 |
50 |
|
51 |
#define POLICY_TYPE_UNKNOWN 0 |
52 |
#define POLICY_TYPE_DOMAIN_POLICY 1 |
53 |
#define POLICY_TYPE_EXCEPTION_POLICY 2 |
54 |
#define POLICY_TYPE_SYSTEM_POLICY 3 |
55 |
|
56 |
#define VALUE_TYPE_DECIMAL 1 |
57 |
#define VALUE_TYPE_OCTAL 2 |
58 |
#define VALUE_TYPE_HEXADECIMAL 3 |
59 |
|
60 |
#define NETWORK_ACL_UDP_BIND 0 |
61 |
#define NETWORK_ACL_UDP_CONNECT 1 |
62 |
#define NETWORK_ACL_TCP_BIND 2 |
63 |
#define NETWORK_ACL_TCP_LISTEN 3 |
64 |
#define NETWORK_ACL_TCP_CONNECT 4 |
65 |
#define NETWORK_ACL_TCP_ACCEPT 5 |
66 |
#define NETWORK_ACL_RAW_BIND 6 |
67 |
#define NETWORK_ACL_RAW_CONNECT 7 |
68 |
|
69 |
#define KEYWORD_AGGREGATOR "aggregator " |
70 |
#define KEYWORD_AGGREGATOR_LEN (sizeof(KEYWORD_AGGREGATOR) - 1) |
71 |
#define KEYWORD_ALIAS "alias " |
72 |
#define KEYWORD_ALIAS_LEN (sizeof(KEYWORD_ALIAS) - 1) |
73 |
#define KEYWORD_ALLOW_ARGV0 "allow_argv0 " |
74 |
#define KEYWORD_ALLOW_ARGV0_LEN (sizeof(KEYWORD_ALLOW_ARGV0) - 1) |
75 |
#define KEYWORD_ALLOW_CAPABILITY "allow_capability " |
76 |
#define KEYWORD_ALLOW_CAPABILITY_LEN (sizeof(KEYWORD_ALLOW_CAPABILITY) - 1) |
77 |
#define KEYWORD_ALLOW_CHROOT "allow_chroot " |
78 |
#define KEYWORD_ALLOW_CHROOT_LEN (sizeof(KEYWORD_ALLOW_CHROOT) - 1) |
79 |
#define KEYWORD_ALLOW_MOUNT "allow_mount " |
80 |
#define KEYWORD_ALLOW_MOUNT_LEN (sizeof(KEYWORD_ALLOW_MOUNT) - 1) |
81 |
#define KEYWORD_ALLOW_NETWORK "allow_network " |
82 |
#define KEYWORD_ALLOW_NETWORK_LEN (sizeof(KEYWORD_ALLOW_NETWORK) - 1) |
83 |
#define KEYWORD_ALLOW_PIVOT_ROOT "allow_pivot_root " |
84 |
#define KEYWORD_ALLOW_PIVOT_ROOT_LEN (sizeof(KEYWORD_ALLOW_PIVOT_ROOT) - 1) |
85 |
#define KEYWORD_ALLOW_READ "allow_read " |
86 |
#define KEYWORD_ALLOW_READ_LEN (sizeof(KEYWORD_ALLOW_READ) - 1) |
87 |
#define KEYWORD_ALLOW_SIGNAL "allow_signal " |
88 |
#define KEYWORD_ALLOW_SIGNAL_LEN (sizeof(KEYWORD_ALLOW_SIGNAL) - 1) |
89 |
#define KEYWORD_DELETE "delete " |
90 |
#define KEYWORD_DELETE_LEN (sizeof(KEYWORD_DELETE) - 1) |
91 |
#define KEYWORD_DENY_AUTOBIND "deny_autobind " |
92 |
#define KEYWORD_DENY_AUTOBIND_LEN (sizeof(KEYWORD_DENY_AUTOBIND) - 1) |
93 |
#define KEYWORD_DENY_REWRITE "deny_rewrite " |
94 |
#define KEYWORD_DENY_REWRITE_LEN (sizeof(KEYWORD_DENY_REWRITE) - 1) |
95 |
#define KEYWORD_DENY_UNMOUNT "deny_unmount " |
96 |
#define KEYWORD_DENY_UNMOUNT_LEN (sizeof(KEYWORD_DENY_UNMOUNT) - 1) |
97 |
#define KEYWORD_FILE_PATTERN "file_pattern " |
98 |
#define KEYWORD_FILE_PATTERN_LEN (sizeof(KEYWORD_FILE_PATTERN) - 1) |
99 |
#define KEYWORD_MAC_FOR_CAPABILITY "MAC_FOR_CAPABILITY::" |
100 |
#define KEYWORD_MAC_FOR_CAPABILITY_LEN (sizeof(KEYWORD_MAC_FOR_CAPABILITY) - 1) |
101 |
#define KEYWORD_SELECT "select " |
102 |
#define KEYWORD_SELECT_LEN (sizeof(KEYWORD_SELECT) - 1) |
103 |
#define KEYWORD_UNDELETE "undelete " |
104 |
#define KEYWORD_UNDELETE_LEN (sizeof(KEYWORD_UNDELETE) - 1) |
105 |
#define KEYWORD_USE_PROFILE "use_profile " |
106 |
#define KEYWORD_USE_PROFILE_LEN (sizeof(KEYWORD_USE_PROFILE) - 1) |
107 |
#define KEYWORD_INITIALIZE_DOMAIN "initialize_domain " |
108 |
#define KEYWORD_INITIALIZE_DOMAIN_LEN (sizeof(KEYWORD_INITIALIZE_DOMAIN) - 1) |
109 |
#define KEYWORD_KEEP_DOMAIN "keep_domain " |
110 |
#define KEYWORD_KEEP_DOMAIN_LEN (sizeof(KEYWORD_KEEP_DOMAIN) - 1) |
111 |
#define KEYWORD_PATH_GROUP "path_group " |
112 |
#define KEYWORD_PATH_GROUP_LEN (sizeof(KEYWORD_PATH_GROUP) - 1) |
113 |
#define KEYWORD_ADDRESS_GROUP "address_group " |
114 |
#define KEYWORD_ADDRESS_GROUP_LEN (sizeof(KEYWORD_ADDRESS_GROUP) - 1) |
115 |
#define KEYWORD_NO_INITIALIZE_DOMAIN "no_" KEYWORD_INITIALIZE_DOMAIN |
116 |
#define KEYWORD_NO_INITIALIZE_DOMAIN_LEN (sizeof(KEYWORD_NO_INITIALIZE_DOMAIN) - 1) |
117 |
#define KEYWORD_NO_KEEP_DOMAIN "no_" KEYWORD_KEEP_DOMAIN |
118 |
#define KEYWORD_NO_KEEP_DOMAIN_LEN (sizeof(KEYWORD_NO_KEEP_DOMAIN) - 1) |
119 |
|
120 |
#define CCS_AUDITD_MAX_FILES 2 |
121 |
#define SAVENAME_MAX_HASH 256 |
122 |
#define PAGE_SIZE 4096 |
123 |
#define CCS_MAX_PATHNAME_LEN 4000 |
124 |
#define ROOT_NAME "<kernel>" |
125 |
#define ROOT_NAME_LEN (sizeof(ROOT_NAME) - 1) |
126 |
|
127 |
#define shared_buffer_len 8192 |
128 |
|
129 |
/***** CONSTANTS DEFINITION END *****/ |
130 |
|
131 |
/***** STRUCTURES DEFINITION START *****/ |
132 |
|
133 |
struct path_info { |
134 |
const char *name; |
135 |
u32 hash; /* = full_name_hash(name, strlen(name)) */ |
136 |
u16 total_len; /* = strlen(name) */ |
137 |
u16 const_len; /* = const_part_length(name) */ |
138 |
u8 is_dir; /* = strendswith(name, "/") */ |
139 |
u8 is_patterned; /* = PathContainsPattern(name) */ |
140 |
u16 depth; /* = PathDepth(name) */ |
141 |
}; |
142 |
|
143 |
struct path_group_entry { |
144 |
const struct path_info *group_name; |
145 |
const struct path_info **member_name; |
146 |
int member_name_len; |
147 |
}; |
148 |
|
149 |
struct ip_address_entry { |
150 |
u8 min[16]; |
151 |
u8 max[16]; |
152 |
u8 is_ipv6; |
153 |
}; |
154 |
|
155 |
struct address_group_entry { |
156 |
const struct path_info *group_name; |
157 |
struct ip_address_entry *member_name; |
158 |
int member_name_len; |
159 |
}; |
160 |
|
161 |
struct savename_entry { |
162 |
struct savename_entry *next; |
163 |
struct path_info entry; |
164 |
}; |
165 |
|
166 |
struct free_memory_block_list { |
167 |
struct free_memory_block_list *next; |
168 |
char *ptr; |
169 |
int len; |
170 |
}; |
171 |
|
172 |
struct dll_pathname_entry { |
173 |
char *pathname; |
174 |
char *real_pathname; |
175 |
}; |
176 |
|
177 |
struct domain_initializer_entry { |
178 |
const struct path_info *domainname; /* This may be NULL */ |
179 |
const struct path_info *program; |
180 |
unsigned char is_not:1; |
181 |
unsigned char is_last_name:1; |
182 |
}; |
183 |
|
184 |
struct domain_keeper_entry { |
185 |
const struct path_info *domainname; |
186 |
const struct path_info *program; /* This may be NULL */ |
187 |
unsigned char is_not:1; |
188 |
unsigned char is_last_name:1; |
189 |
}; |
190 |
|
191 |
struct domain_info { |
192 |
const struct path_info *domainname; |
193 |
const struct domain_initializer_entry *domain_initializer; /* This may be NULL */ |
194 |
const struct domain_keeper_entry *domain_keeper; /* This may be NULL */ |
195 |
const struct path_info **string_ptr; |
196 |
int string_count; |
197 |
int number; /* domain number (-1 if is_domain_initializer_source or is_domain_deleted) */ |
198 |
u8 profile; |
199 |
unsigned char is_domain_initializer_source:1; |
200 |
unsigned char is_domain_initializer_target:1; |
201 |
unsigned char is_domain_keeper:1; |
202 |
unsigned char is_domain_unreachable:1; |
203 |
unsigned char is_domain_deleted:1; |
204 |
}; |
205 |
|
206 |
struct task_entry { |
207 |
pid_t pid; |
208 |
pid_t ppid; |
209 |
u8 done; |
210 |
}; |
211 |
|
212 |
/***** STRUCTURES DEFINITION END *****/ |
213 |
|
214 |
/***** PROTOTYPES DEFINITION START *****/ |
215 |
|
216 |
void OutOfMemory(void); |
217 |
void NormalizeLine(unsigned char *line); |
218 |
int IsDomainDef(const unsigned char *domainname); |
219 |
int IsCorrectDomain(const unsigned char *domainname); |
220 |
void fprintf_encoded(FILE *fp, const char *pathname); |
221 |
void RemoveHeader(char *line, const int len); |
222 |
int IsCorrectPath(const char *filename, const int start_type, const int pattern_type, const int end_type); |
223 |
int FileMatchesToPattern(const char *filename, const char *filename_end, const char *pattern, const char *pattern_end); |
224 |
int string_compare(const void *a, const void *b); |
225 |
int pathcmp(const struct path_info *a, const struct path_info *b); |
226 |
void fill_path_info(struct path_info *ptr); |
227 |
const struct path_info *SaveName(const char *name); |
228 |
|
229 |
extern char *shared_buffer; |
230 |
void get(void); |
231 |
void put(void); |
232 |
int freadline(FILE *fp); |
233 |
|
234 |
char *simple_readline(const int start_y, const int start_x, const char *prompt, const char *history[], const int history_count, const int max_length, const int scroll_width); |
235 |
int simple_add_history(const char *buffer, const char **history, const int history_count, const int max_history); |
236 |
int getch2(void); |
237 |
|
238 |
extern const char *proc_policy_dir, |
239 |
*disk_policy_dir, |
240 |
*proc_policy_domain_policy, |
241 |
*disk_policy_domain_policy, |
242 |
*proc_policy_exception_policy, |
243 |
*disk_policy_exception_policy, |
244 |
*proc_policy_system_policy, |
245 |
*disk_policy_system_policy, |
246 |
*proc_policy_profile, |
247 |
*disk_policy_profile, |
248 |
*proc_policy_manager, |
249 |
*disk_policy_manager, |
250 |
*proc_policy_query, |
251 |
*proc_policy_grant_log, |
252 |
*proc_policy_reject_log, |
253 |
*proc_policy_domain_status, |
254 |
*proc_policy_process_status; |
255 |
|
256 |
/***** PROTOTYPES DEFINITION END *****/ |