Re: [TOMOYO 14/15] Conditional permission support.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Kentaro Takeda <k.takeda26@...>

Cc: <linux-kernel@...>, <linux-security-module@...>, <chrisw@...>

Subject: Re: [TOMOYO 14/15] Conditional permission support.

Date: Saturday, August 25, 2007 - 7:08 am

Hi!

quoted text> This patch allows administrators use conditional permission.
> TOMOYO Linux supports conditional permission based on
> process's UID,GID etc. and/or requested pathname's UID/GID.
> 
> Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

quoted text> + * Since the trailing spaces are removed by tmy_normalize_line(),
> + * the last "0if0" sequence corresponds to condition part.
> + */
> +char *tmy_find_condition_part(char *data)
> +{
> +	char *cp = strstr(data, " if ");
> +	if (cp) {
> +		char *cp2;
> +		while ((cp2 = strstr(cp + 3, " if ")) != NULL)
> +			cp = cp2;
> +		*cp++ = '__PLACEHOLDER__1_';
> +	}
> +	return cp;
> +}
...

quoted text> +	unsigned long left_min = 0;
> +	unsigned long left_max = 0;
> +	unsigned long right_min = 0;
> +	unsigned long right_max = 0;
> +	if (strncmp(condition, "if ", 3))
> +		return NULL;
> +	condition += 3;
> +	start = condition;
> +	while (*condition) {
> +		if (*condition == ' ')
> +			condition++;
> +		for (left = 0; left < MAX_KEYWORD; left++) {
> +			if (strncmp(condition, cc_keyword[left].keyword,
> +				    cc_keyword[left].keyword_len))
> +				continue;
> +			condition += cc_keyword[left].keyword_len;
> +			break;
> +		}
> +		if (left == MAX_KEYWORD) {
> +			if (!tmy_parse_ulong(&left_min, &condition))
> +				goto out;
> +			counter++; /* body */
> +			if (*condition != '-')
> +				goto not_range1;
> +			condition++;
> +			if (!tmy_parse_ulong(&left_max, &condition)
> +			    || left_min > left_max)
> +				goto out;
> +			counter++; /* body */
> +not_range1: ;
> +		}
> +		if (strncmp(condition, "!=", 2) == 0)
> +			condition += 2;
> +		else if (*condition == '=')
> +			condition++;
> +		else
> +			goto out;
> +		counter++; /* header */
> +		for (right = 0; right < MAX_KEYWORD; right++) {
> +			if (strncmp(condition, cc_keyword[right].keyword,
> +				    cc_keyword[right].keyword_len))
> +				continue;
> +			condition += cc_keyword[right].keyword_len;
> +			break;
> +		}

What is that? Language parser in kernel?

							Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[TOMOYO 00/15] TOMOYO Linux - MAC based on process invocatio..., Kentaro Takeda, (Fri Aug 24, 8:41 am)

[TOMOYO 15/15] LSM expansion for TOMOYO Linux., Kentaro Takeda, (Fri Aug 24, 8:58 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Mon Aug 27, 10:49 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Tue Aug 28, 6:39 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Tue Aug 28, 9:21 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Mon Sep 3, 9:15 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Tue Sep 4, 7:53 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Tue Sep 4, 10:02 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Wed Sep 5, 10:06 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Tetsuo Handa, (Thu Sep 6, 9:04 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Paul Moore, (Thu Sep 6, 11:25 am)

Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux., Kyle Moffett, (Tue Sep 4, 10:13 am)

[TOMOYO 14/15] Conditional permission support., Kentaro Takeda, (Fri Aug 24, 8:57 am)

Re: [TOMOYO 14/15] Conditional permission support., Pavel Machek, (Sat Aug 25, 7:08 am)

Re: [TOMOYO 14/15] Conditional permission support., Tetsuo Handa, (Sat Aug 25, 10:13 pm)

Re: [TOMOYO 14/15] Conditional permission support., Kyle Moffett, (Mon Aug 27, 8:11 am)

Re: [TOMOYO 14/15] Conditional permission support., Tetsuo Handa, (Tue Aug 28, 9:00 am)

Re: [TOMOYO 14/15] Conditional permission support., Toshiharu Harada, (Sat Aug 25, 6:46 pm)

[TOMOYO 13/15] LSM adapter for TOMOYO., Kentaro Takeda, (Fri Aug 24, 8:56 am)

[TOMOYO 12/15] Signal transmission control functions., Kentaro Takeda, (Fri Aug 24, 8:56 am)

[TOMOYO 11/15] Namespace manipulation control functions., Kentaro Takeda, (Fri Aug 24, 8:55 am)

[TOMOYO 10/15] Networking access control functions., Kentaro Takeda, (Fri Aug 24, 8:54 am)

[TOMOYO 09/15] Argv[0] access control functions., Kentaro Takeda, (Fri Aug 24, 8:53 am)

[TOMOYO 08/15] File access control functions., Kentaro Takeda, (Fri Aug 24, 8:53 am)

[TOMOYO 07/15] Auditing interface., Kentaro Takeda, (Fri Aug 24, 8:52 am)

[TOMOYO 06/15] Domain transition handler functions., Kentaro Takeda, (Fri Aug 24, 8:50 am)

[TOMOYO 05/15] Utility functions and /proc interface for pol..., Kentaro Takeda, (Fri Aug 24, 8:49 am)

[TOMOYO 04/15] Memory and pathname management functions., Kentaro Takeda, (Fri Aug 24, 8:48 am)

[TOMOYO 03/15] Data structures and prototypes definition., Kentaro Takeda, (Fri Aug 24, 8:46 am)

[TOMOYO 02/15] Kconfig and Makefile for TOMOYO Linux., Kentaro Takeda, (Fri Aug 24, 8:45 am)

Re: [TOMOYO 02/15] Kconfig and Makefile for TOMOYO Linux., Jiri Kosina, (Fri Aug 24, 8:50 am)

[TOMOYO 01/15] Allow use of namespace_sem from LSM module., Kentaro Takeda, (Fri Aug 24, 8:44 am)


linux-kernel:

Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
James Bottomley	Re: Announce: Linux-next (Or Andrew's dream :-))
David Miller	[GIT]: Networking
linux-netdev:
Antonio Almeida	HTB accuracy for high speed
Ingo Molnar	iwlwifi: fix build bug in "iwlwifi: fix LED stall"
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Avi Kivity	Re: [RFC PATCH 14/17] kvm: add a reset capability
git:

openbsd-misc:

Re: [TOMOYO 14/15] Conditional permission support.

Online users