Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
Kernel
提交
c45ed235
K
Kernel
项目概览
openeuler
/
Kernel
1 年多 前同步成功
通知
8
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
K
Kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
提交
c45ed235
编写于
10月 22, 2011
作者:
J
James Morris
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'master' of
git://gitorious.org/smack-next/kernel
into next
上级
e0b057b4
0e94ae17
变更
3
显示空白变更内容
内联
并排
Showing
3 changed file
with
51 addition
and
24 deletion
+51
-24
security/smack/smack.h
security/smack/smack.h
+1
-0
security/smack/smack_access.c
security/smack/smack_access.c
+19
-8
security/smack/smackfs.c
security/smack/smackfs.c
+31
-16
未找到文件。
security/smack/smack.h
浏览文件 @
c45ed235
...
...
@@ -208,6 +208,7 @@ int smk_curacc(char *, u32, struct smk_audit_info *);
int
smack_to_cipso
(
const
char
*
,
struct
smack_cipso
*
);
char
*
smack_from_cipso
(
u32
,
char
*
);
char
*
smack_from_secid
(
const
u32
);
void
smk_parse_smack
(
const
char
*
string
,
int
len
,
char
*
smack
);
char
*
smk_import
(
const
char
*
,
int
);
struct
smack_known
*
smk_import_entry
(
const
char
*
,
int
);
struct
smack_known
*
smk_find_entry
(
const
char
*
);
...
...
security/smack/smack_access.c
浏览文件 @
c45ed235
...
...
@@ -353,17 +353,13 @@ struct smack_known *smk_find_entry(const char *string)
}
/**
* smk_
import_entry - import a label, return the list entry
* @string: a text string that might
be
a Smack label
* smk_
parse_smack - parse smack label from a text string
* @string: a text string that might
contain
a Smack label
* @len: the maximum size, or zero if it is NULL terminated.
*
* Returns a pointer to the entry in the label list that
* matches the passed string, adding it if necessary.
* @smack: parsed smack label, or NULL if parse error
*/
struct
smack_known
*
smk_import_entry
(
const
char
*
string
,
int
len
)
void
smk_parse_smack
(
const
char
*
string
,
int
len
,
char
*
smack
)
{
struct
smack_known
*
skp
;
char
smack
[
SMK_LABELLEN
];
int
found
;
int
i
;
...
...
@@ -381,7 +377,22 @@ struct smack_known *smk_import_entry(const char *string, int len)
}
else
smack
[
i
]
=
string
[
i
];
}
}
/**
* smk_import_entry - import a label, return the list entry
* @string: a text string that might be a Smack label
* @len: the maximum size, or zero if it is NULL terminated.
*
* Returns a pointer to the entry in the label list that
* matches the passed string, adding it if necessary.
*/
struct
smack_known
*
smk_import_entry
(
const
char
*
string
,
int
len
)
{
struct
smack_known
*
skp
;
char
smack
[
SMK_LABELLEN
];
smk_parse_smack
(
string
,
len
,
smack
);
if
(
smack
[
0
]
==
'\0'
)
return
NULL
;
...
...
security/smack/smackfs.c
浏览文件 @
c45ed235
...
...
@@ -191,12 +191,17 @@ static int smk_set_access(struct smack_rule *srp, struct list_head *rule_list,
}
/**
* smk_parse_rule - parse
subject, object and access type
* smk_parse_rule - parse
Smack rule from load string
* @data: string to be parsed whose size is SMK_LOADLEN
* @rule: parsed entities are stored in here
* @rule: Smack rule
* @import: if non-zero, import labels
*/
static
int
smk_parse_rule
(
const
char
*
data
,
struct
smack_rule
*
rule
)
static
int
smk_parse_rule
(
const
char
*
data
,
struct
smack_rule
*
rule
,
int
import
)
{
char
smack
[
SMK_LABELLEN
];
struct
smack_known
*
skp
;
if
(
import
)
{
rule
->
smk_subject
=
smk_import
(
data
,
0
);
if
(
rule
->
smk_subject
==
NULL
)
return
-
1
;
...
...
@@ -204,6 +209,19 @@ static int smk_parse_rule(const char *data, struct smack_rule *rule)
rule
->
smk_object
=
smk_import
(
data
+
SMK_LABELLEN
,
0
);
if
(
rule
->
smk_object
==
NULL
)
return
-
1
;
}
else
{
smk_parse_smack
(
data
,
0
,
smack
);
skp
=
smk_find_entry
(
smack
);
if
(
skp
==
NULL
)
return
-
1
;
rule
->
smk_subject
=
skp
->
smk_known
;
smk_parse_smack
(
data
+
SMK_LABELLEN
,
0
,
smack
);
skp
=
smk_find_entry
(
smack
);
if
(
skp
==
NULL
)
return
-
1
;
rule
->
smk_object
=
skp
->
smk_known
;
}
rule
->
smk_access
=
0
;
...
...
@@ -327,7 +345,7 @@ static ssize_t smk_write_load_list(struct file *file, const char __user *buf,
goto
out
;
}
if
(
smk_parse_rule
(
data
,
rule
))
if
(
smk_parse_rule
(
data
,
rule
,
1
))
goto
out_free_rule
;
if
(
rule_list
==
NULL
)
{
...
...
@@ -1499,14 +1517,11 @@ static ssize_t smk_write_access(struct file *file, const char __user *buf,
char
*
data
;
int
res
;
if
(
!
capable
(
CAP_MAC_ADMIN
))
return
-
EPERM
;
data
=
simple_transaction_get
(
file
,
buf
,
count
);
if
(
IS_ERR
(
data
))
return
PTR_ERR
(
data
);
if
(
count
<
SMK_LOADLEN
||
smk_parse_rule
(
data
,
&
rule
))
if
(
count
<
SMK_LOADLEN
||
smk_parse_rule
(
data
,
&
rule
,
0
))
return
-
EINVAL
;
res
=
smk_access
(
rule
.
smk_subject
,
rule
.
smk_object
,
rule
.
smk_access
,
...
...
@@ -1514,7 +1529,7 @@ static ssize_t smk_write_access(struct file *file, const char __user *buf,
data
[
0
]
=
res
==
0
?
'1'
:
'0'
;
data
[
1
]
=
'\0'
;
simple_transaction_set
(
file
,
1
);
simple_transaction_set
(
file
,
2
);
return
SMK_LOADLEN
;
}
...
...
@@ -1560,7 +1575,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
[
SMK_LOAD_SELF
]
=
{
"load-self"
,
&
smk_load_self_ops
,
S_IRUGO
|
S_IWUGO
},
[
SMK_ACCESSES
]
=
{
"access"
,
&
smk_access_ops
,
S_IRUGO
|
S_IWU
SR
},
"access"
,
&
smk_access_ops
,
S_IRUGO
|
S_IWU
GO
},
/* last one */
{
""
}
};
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录