159 |
* |
* |
160 |
* @operation: Type of operation. |
* @operation: Type of operation. |
161 |
* |
* |
162 |
* Returns 0 on success, negative value otherwise. |
* Returns true on success, false otherwise. |
163 |
*/ |
*/ |
164 |
int ccs_capable(const u8 operation) |
bool ccs_capable(const u8 operation) |
165 |
{ |
{ |
166 |
struct domain_info * const domain = current->domain_info; |
struct domain_info * const domain = current->domain_info; |
167 |
struct acl_info *ptr; |
struct acl_info *ptr; |
170 |
const bool is_enforce = (mode == 3); |
const bool is_enforce = (mode == 3); |
171 |
bool found = false; |
bool found = false; |
172 |
if (!mode) |
if (!mode) |
173 |
return 0; |
return true; |
174 |
list1_for_each_entry(ptr, &domain->acl_info_list, list) { |
list1_for_each_entry(ptr, &domain->acl_info_list, list) { |
175 |
struct capability_acl_record *acl; |
struct capability_acl_record *acl; |
176 |
if ((ptr->type & ~ACL_WITH_CONDITION) != TYPE_CAPABILITY_ACL) |
if ((ptr->type & ~ACL_WITH_CONDITION) != TYPE_CAPABILITY_ACL) |
185 |
} |
} |
186 |
audit_capability_log(operation, found, profile, mode); |
audit_capability_log(operation, found, profile, mode); |
187 |
if (found) |
if (found) |
188 |
return 0; |
return true; |
189 |
if (ccs_verbose_mode()) |
if (ccs_verbose_mode()) |
190 |
printk(KERN_WARNING "TOMOYO-%s: %s denied for %s\n", |
printk(KERN_WARNING "TOMOYO-%s: %s denied for %s\n", |
191 |
ccs_get_msg(is_enforce), cap_operation2name(operation), |
ccs_get_msg(is_enforce), cap_operation2name(operation), |
192 |
ccs_get_last_name(domain)); |
ccs_get_last_name(domain)); |
193 |
if (is_enforce) |
if (is_enforce) |
194 |
return ccs_check_supervisor("%s\n" |
return !ccs_check_supervisor("%s\n" |
195 |
KEYWORD_ALLOW_CAPABILITY "%s\n", |
KEYWORD_ALLOW_CAPABILITY "%s\n", |
196 |
domain->domainname->name, |
domain->domainname->name, |
197 |
ccs_cap2keyword(operation)); |
ccs_cap2keyword(operation)); |
198 |
else if (mode == 1 && ccs_check_domain_quota(domain)) |
else if (mode == 1 && ccs_check_domain_quota(domain)) |
199 |
update_capability_acl(operation, domain, NULL, false); |
update_capability_acl(operation, domain, NULL, false); |
200 |
return 0; |
return true; |
201 |
} |
} |
202 |
/* I need to export this for net/unix/af_unix.c */ |
/* I need to export this for net/unix/af_unix.c */ |
203 |
EXPORT_SYMBOL(ccs_capable); |
EXPORT_SYMBOL(ccs_capable); |