1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
/*
* editpolicy_keyword.c
*
* TOMOYO Linux's utilities.
*
* Copyright (C) 2005-2010 NTT DATA CORPORATION
*
* Version: 1.7.2 2010/04/01
*
*/
#include "ccstools.h"
/* Variables */
struct editpolicy_directive directives[MAX_DIRECTIVE_INDEX] = {
[DIRECTIVE_NONE] = { "", NULL, 0, 0 },
[DIRECTIVE_ALLOW_EXECUTE] = { "allow_execute", NULL, 0, 0 },
[DIRECTIVE_ALLOW_READ] = { "allow_read", NULL, 0, 0 },
[DIRECTIVE_ALLOW_WRITE] = { "allow_write", NULL, 0, 0 },
[DIRECTIVE_ALLOW_READ_WRITE] = { "allow_read/write", NULL, 0, 0 },
[DIRECTIVE_ALLOW_CREATE] = { "allow_create", NULL, 0, 0 },
[DIRECTIVE_ALLOW_UNLINK] = { "allow_unlink", NULL, 0, 0 },
[DIRECTIVE_ALLOW_MKDIR] = { "allow_mkdir", NULL, 0, 0 },
[DIRECTIVE_ALLOW_RMDIR] = { "allow_rmdir", NULL, 0, 0 },
[DIRECTIVE_ALLOW_MKFIFO] = { "allow_mkfifo", NULL, 0, 0 },
[DIRECTIVE_ALLOW_MKSOCK] = { "allow_mksock", NULL, 0, 0 },
[DIRECTIVE_ALLOW_MKBLOCK] = { "allow_mkblock", NULL, 0, 0 },
[DIRECTIVE_ALLOW_MKCHAR] = { "allow_mkchar", NULL, 0, 0 },
[DIRECTIVE_ALLOW_TRUNCATE] = { "allow_truncate", NULL, 0, 0 },
[DIRECTIVE_ALLOW_SYMLINK] = { "allow_symlink", NULL, 0, 0 },
[DIRECTIVE_ALLOW_LINK] = { "allow_link", NULL, 0, 0 },
[DIRECTIVE_ALLOW_RENAME] = { "allow_rename", NULL, 0, 0 },
[DIRECTIVE_ALLOW_REWRITE] = { "allow_rewrite", NULL, 0, 0 },
[DIRECTIVE_ALLOW_TRANSIT] = { "allow_transit", NULL, 0, 0 },
[DIRECTIVE_ALLOW_IOCTL] = { "allow_ioctl", NULL, 0, 0 },
[DIRECTIVE_ALLOW_SIGNAL] = { "allow_signal", NULL, 0, 0 },
[DIRECTIVE_ALLOW_NETWORK] = { "allow_network", NULL, 0, 0 },
[DIRECTIVE_ALLOW_ENV] = { "allow_env", NULL, 0, 0 },
[DIRECTIVE_ADDRESS_GROUP] = { "address_group", NULL, 0, 0 },
[DIRECTIVE_AGGREGATOR] = { "aggregator", NULL, 0, 0 },
[DIRECTIVE_ALLOW_CAPABILITY] = { "allow_capability", NULL, 0, 0 },
[DIRECTIVE_ALLOW_CHROOT] = { "allow_chroot", NULL, 0, 0 },
[DIRECTIVE_ALLOW_MOUNT] = { "allow_mount", NULL, 0, 0 },
[DIRECTIVE_ALLOW_PIVOT_ROOT] = { "allow_pivot_root", NULL, 0, 0 },
[DIRECTIVE_DENY_AUTOBIND] = { "deny_autobind", NULL, 0, 0 },
[DIRECTIVE_DENY_REWRITE] = { "deny_rewrite", NULL, 0, 0 },
[DIRECTIVE_ALLOW_UNMOUNT] = { "allow_unmount", NULL, 0, 0 },
[DIRECTIVE_ALLOW_CHMOD] = { "allow_chmod", NULL, 0, 0 },
[DIRECTIVE_ALLOW_CHOWN] = { "allow_chown", NULL, 0, 0 },
[DIRECTIVE_ALLOW_CHGRP] = { "allow_chgrp", NULL, 0, 0 },
[DIRECTIVE_FILE_PATTERN] = { "file_pattern", NULL, 0, 0 },
[DIRECTIVE_EXECUTE_HANDLER] = { "execute_handler", NULL, 0, 0 },
[DIRECTIVE_DENIED_EXECUTE_HANDLER] = {
"denied_execute_handler", NULL, 0, 0 },
[DIRECTIVE_IGNORE_GLOBAL_ALLOW_ENV] = {
"ignore_global_allow_env", NULL, 0, 0 },
[DIRECTIVE_IGNORE_GLOBAL_ALLOW_READ] = {
"ignore_global_allow_read", NULL, 0, 0 },
[DIRECTIVE_INITIALIZE_DOMAIN] = { "initialize_domain", NULL, 0, 0 },
[DIRECTIVE_KEEP_DOMAIN] = { "keep_domain", NULL, 0, 0 },
[DIRECTIVE_NO_INITIALIZE_DOMAIN] = {
"no_initialize_domain", NULL, 0, 0 },
[DIRECTIVE_NO_KEEP_DOMAIN] = { "no_keep_domain", NULL, 0, 0 },
[DIRECTIVE_PATH_GROUP] = { "path_group", NULL, 0, 0 },
[DIRECTIVE_NUMBER_GROUP] = { "number_group", NULL, 0, 0 },
[DIRECTIVE_QUOTA_EXCEEDED] = { "quota_exceeded", NULL, 0, 0 },
[DIRECTIVE_USE_PROFILE] = { "use_profile", NULL, 0, 0 },
[DIRECTIVE_TRANSITION_FAILED] = { "transition_failed", NULL, 0, 0 },
};
/* Main functions */
u8 find_directive(const _Bool forward, char *line)
{
u8 i;
for (i = 1; i < MAX_DIRECTIVE_INDEX; i++) {
if (forward) {
const int len = directives[i].original_len;
if (strncmp(line, directives[i].original, len) ||
(line[len] != ' ' && line[len]))
continue;
if (line[len])
memmove(line, line + len + 1,
strlen(line + len + 1) + 1);
else
line[0] = '\0';
return i;
} else {
const int len = directives[i].alias_len;
if (strncmp(line, directives[i].alias, len) ||
(line[len] != ' ' && line[len]))
continue;
if (line[len])
memmove(line, line + len + 1,
strlen(line + len + 1) + 1);
else
line[0] = '\0';
return i;
}
}
return DIRECTIVE_NONE;
}
void editpolicy_init_keyword_map(void)
{
FILE *fp = fopen(CCSTOOLS_CONFIG_FILE, "r");
int i;
if (!fp)
goto use_default;
get();
while (true) {
char *line = freadline(fp);
char *cp;
if (!line)
break;
if (!str_starts(line, "editpolicy.keyword_alias "))
continue;
cp = strchr(line, '=');
if (!cp)
continue;
*cp++ = '\0';
normalize_line(line);
normalize_line(cp);
if (!*line || !*cp)
continue;
for (i = 1; i < MAX_DIRECTIVE_INDEX; i++) {
if (strcmp(line, directives[i].original))
continue;
free((void *) directives[i].alias);
cp = strdup(cp);
if (!cp)
out_of_memory();
directives[i].alias = cp;
directives[i].alias_len = strlen(cp);
break;
}
}
put();
fclose(fp);
use_default:
for (i = 1; i < MAX_DIRECTIVE_INDEX; i++) {
if (!directives[i].alias)
directives[i].alias = directives[i].original;
directives[i].original_len = strlen(directives[i].original);
directives[i].alias_len = strlen(directives[i].alias);
}
}
|
