66 |
[CCS_TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, |
[CCS_TOMOYO_MAC_FOR_FILE] = { "MAC_FOR_FILE", 0, 3 }, |
67 |
[CCS_TOMOYO_MAC_FOR_ARGV0] = { "MAC_FOR_ARGV0", 0, 3 }, |
[CCS_TOMOYO_MAC_FOR_ARGV0] = { "MAC_FOR_ARGV0", 0, 3 }, |
68 |
[CCS_TOMOYO_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 }, |
[CCS_TOMOYO_MAC_FOR_NETWORK] = { "MAC_FOR_NETWORK", 0, 3 }, |
|
[CCS_TOMOYO_MAC_FOR_BINDPORT] = { "MAC_FOR_BINDPORT", 0, 3 }, |
|
|
[CCS_TOMOYO_MAC_FOR_CONNECTPORT] = { "MAC_FOR_CONNECTPORT", 0, 3 }, |
|
69 |
[CCS_TOMOYO_MAC_FOR_SIGNAL] = { "MAC_FOR_SIGNAL", 0, 3 }, |
[CCS_TOMOYO_MAC_FOR_SIGNAL] = { "MAC_FOR_SIGNAL", 0, 3 }, |
70 |
[CCS_SAKURA_DENY_CONCEAL_MOUNT] = { "DENY_CONCEAL_MOUNT", 0, 3 }, |
[CCS_SAKURA_DENY_CONCEAL_MOUNT] = { "DENY_CONCEAL_MOUNT", 0, 3 }, |
71 |
[CCS_SAKURA_RESTRICT_CHROOT] = { "RESTRICT_CHROOT", 0, 3 }, |
[CCS_SAKURA_RESTRICT_CHROOT] = { "RESTRICT_CHROOT", 0, 3 }, |
72 |
[CCS_SAKURA_RESTRICT_MOUNT] = { "RESTRICT_MOUNT", 0, 3 }, |
[CCS_SAKURA_RESTRICT_MOUNT] = { "RESTRICT_MOUNT", 0, 3 }, |
73 |
[CCS_SAKURA_RESTRICT_UNMOUNT] = { "RESTRICT_UNMOUNT", 0, 3 }, |
[CCS_SAKURA_RESTRICT_UNMOUNT] = { "RESTRICT_UNMOUNT", 0, 3 }, |
74 |
[CCS_SAKURA_DENY_PIVOT_ROOT] = { "DENY_PIVOT_ROOT", 0, 3 }, |
[CCS_SAKURA_DENY_PIVOT_ROOT] = { "DENY_PIVOT_ROOT", 0, 3 }, |
|
[CCS_SAKURA_TRACE_READONLY] = { "TRACE_READONLY", 0, 1 }, |
|
75 |
[CCS_SAKURA_RESTRICT_AUTOBIND] = { "RESTRICT_AUTOBIND", 0, 1 }, |
[CCS_SAKURA_RESTRICT_AUTOBIND] = { "RESTRICT_AUTOBIND", 0, 1 }, |
76 |
[CCS_TOMOYO_MAX_ACCEPT_FILES] = { "MAX_ACCEPT_FILES", MAX_ACCEPT_FILES, INT_MAX }, |
[CCS_TOMOYO_MAX_ACCEPT_FILES] = { "MAX_ACCEPT_FILES", MAX_ACCEPT_FILES, INT_MAX }, |
77 |
[CCS_TOMOYO_MAX_GRANT_LOG] = { "MAX_GRANT_LOG", MAX_GRANT_LOG, INT_MAX }, |
[CCS_TOMOYO_MAX_GRANT_LOG] = { "MAX_GRANT_LOG", MAX_GRANT_LOG, INT_MAX }, |
553 |
#ifndef CONFIG_TOMOYO_MAC_FOR_ARGV0 |
#ifndef CONFIG_TOMOYO_MAC_FOR_ARGV0 |
554 |
case CCS_TOMOYO_MAC_FOR_ARGV0: |
case CCS_TOMOYO_MAC_FOR_ARGV0: |
555 |
#endif |
#endif |
|
#ifndef CONFIG_TOMOYO_MAC_FOR_NETWORKPORT |
|
|
case CCS_TOMOYO_MAC_FOR_BINDPORT: |
|
|
case CCS_TOMOYO_MAC_FOR_CONNECTPORT: |
|
|
#endif |
|
556 |
#ifndef CONFIG_TOMOYO_MAC_FOR_NETWORK |
#ifndef CONFIG_TOMOYO_MAC_FOR_NETWORK |
557 |
case CCS_TOMOYO_MAC_FOR_NETWORK: |
case CCS_TOMOYO_MAC_FOR_NETWORK: |
558 |
#endif |
#endif |
574 |
#ifndef CONFIG_SAKURA_DENY_PIVOT_ROOT |
#ifndef CONFIG_SAKURA_DENY_PIVOT_ROOT |
575 |
case CCS_SAKURA_DENY_PIVOT_ROOT: |
case CCS_SAKURA_DENY_PIVOT_ROOT: |
576 |
#endif |
#endif |
|
#ifndef CONFIG_SAKURA_TRACE_READONLY |
|
|
case CCS_SAKURA_TRACE_READONLY: |
|
|
#endif |
|
577 |
#ifndef CONFIG_SAKURA_RESTRICT_AUTOBIND |
#ifndef CONFIG_SAKURA_RESTRICT_AUTOBIND |
578 |
case CCS_SAKURA_RESTRICT_AUTOBIND: |
case CCS_SAKURA_RESTRICT_AUTOBIND: |
579 |
#endif |
#endif |
757 |
} else if (strncmp(data, KEYWORD_ALLOW_CAPABILITY, KEYWORD_ALLOW_CAPABILITY_LEN) == 0) { |
} else if (strncmp(data, KEYWORD_ALLOW_CAPABILITY, KEYWORD_ALLOW_CAPABILITY_LEN) == 0) { |
758 |
return AddCapabilityPolicy(data + KEYWORD_ALLOW_CAPABILITY_LEN, domain, is_delete); |
return AddCapabilityPolicy(data + KEYWORD_ALLOW_CAPABILITY_LEN, domain, is_delete); |
759 |
#endif |
#endif |
|
#ifdef CONFIG_TOMOYO_MAC_FOR_NETWORKPORT |
|
|
} else if (strncmp(data, KEYWORD_ALLOW_BIND, KEYWORD_ALLOW_BIND_LEN) == 0 || |
|
|
strncmp(data, KEYWORD_ALLOW_CONNECT, KEYWORD_ALLOW_CONNECT_LEN) == 0) { |
|
|
return AddPortPolicy(data, domain, is_delete); |
|
|
#endif |
|
760 |
#ifdef CONFIG_TOMOYO_MAC_FOR_NETWORK |
#ifdef CONFIG_TOMOYO_MAC_FOR_NETWORK |
761 |
} else if (strncmp(data, KEYWORD_ALLOW_NETWORK, KEYWORD_ALLOW_NETWORK_LEN) == 0) { |
} else if (strncmp(data, KEYWORD_ALLOW_NETWORK, KEYWORD_ALLOW_NETWORK_LEN) == 0) { |
762 |
return AddNetworkPolicy(data + KEYWORD_ALLOW_NETWORK_LEN, domain, is_delete); |
return AddNetworkPolicy(data + KEYWORD_ALLOW_NETWORK_LEN, domain, is_delete); |
826 |
head->read_avail = pos; break; |
head->read_avail = pos; break; |
827 |
} |
} |
828 |
#endif |
#endif |
|
#ifdef CONFIG_TOMOYO_MAC_FOR_NETWORKPORT |
|
|
} else if (acl_type == TYPE_BIND_ACL || acl_type == TYPE_CONNECT_ACL) { |
|
|
const int is_stream = ptr->u.w; |
|
|
const u16 min_port = ((PORT_ACL_RECORD *) ptr)->min_port, max_port = ((PORT_ACL_RECORD *) ptr)->max_port; |
|
|
if (min_port != max_port) { |
|
|
if (io_printf(head, "%s%s/%u-%u", acl_type == TYPE_CONNECT_ACL ? KEYWORD_ALLOW_CONNECT : KEYWORD_ALLOW_BIND, is_stream ? "TCP" : "UDP", min_port, max_port) || |
|
|
DumpCondition(head, ptr->cond)) { |
|
|
head->read_avail = pos; break; |
|
|
} |
|
|
} else { |
|
|
if (io_printf(head, "%s%s/%u", acl_type == TYPE_CONNECT_ACL ? KEYWORD_ALLOW_CONNECT : KEYWORD_ALLOW_BIND, is_stream ? "TCP" : "UDP", min_port) || |
|
|
DumpCondition(head, ptr->cond)) { |
|
|
head->read_avail = pos; break; |
|
|
} |
|
|
} |
|
|
#endif |
|
829 |
#ifdef CONFIG_TOMOYO_MAC_FOR_NETWORK |
#ifdef CONFIG_TOMOYO_MAC_FOR_NETWORK |
830 |
} else if (acl_type == TYPE_IP_NETWORK_ACL) { |
} else if (acl_type == TYPE_IP_NETWORK_ACL) { |
831 |
if (io_printf(head, KEYWORD_ALLOW_NETWORK "%s ", network2keyword(ptr->u.b[0]))) break; |
if (io_printf(head, KEYWORD_ALLOW_NETWORK "%s ", network2keyword(ptr->u.b[0]))) break; |
1174 |
} |
} |
1175 |
|
|
1176 |
#ifdef CONFIG_SAKURA |
#ifdef CONFIG_SAKURA |
1177 |
printk("SAKURA: 1.3.3-pre1 2007/02/28\n"); |
printk("SAKURA: 1.3.3-pre2 2007/03/03\n"); |
1178 |
#endif |
#endif |
1179 |
#ifdef CONFIG_TOMOYO |
#ifdef CONFIG_TOMOYO |
1180 |
printk("TOMOYO: 1.3.3-pre1 2007/02/28\n"); |
printk("TOMOYO: 1.3.3-pre2 2007/03/03\n"); |
1181 |
#endif |
#endif |
1182 |
if (!profile_loaded) panic("No profiles loaded. Run policy loader using 'init=' option.\n"); |
if (!profile_loaded) panic("No profiles loaded. Run policy loader using 'init=' option.\n"); |
1183 |
printk("Mandatory Access Control activated.\n"); |
printk("Mandatory Access Control activated.\n"); |