Re: [TOMOYO 14/15] Conditional permission support.

Hi!

> This patch allows administrators use conditional permission.
> TOMOYO Linux supports conditional permission based on
> process's UID,GID etc. and/or requested pathname's UID/GID.
> 
> Signed-off-by: Kentaro Takeda <[email protected]>
> Signed-off-by: Tetsuo Handa <[email protected]>

> + * Since the trailing spaces are removed by tmy_normalize_line(),
> + * the last "\040if\040" sequence corresponds to condition part.
> + */
> +char *tmy_find_condition_part(char *data)
> +{
> +	char *cp = strstr(data, " if ");
> +	if (cp) {
> +		char *cp2;
> +		while ((cp2 = strstr(cp + 3, " if ")) != NULL)
> +			cp = cp2;
> +		*cp++ = '\0';
> +	}
> +	return cp;
> +}
...

> +	unsigned long left_min = 0;
> +	unsigned long left_max = 0;
> +	unsigned long right_min = 0;
> +	unsigned long right_max = 0;
> +	if (strncmp(condition, "if ", 3))
> +		return NULL;
> +	condition += 3;
> +	start = condition;
> +	while (*condition) {
> +		if (*condition == ' ')
> +			condition++;
> +		for (left = 0; left < MAX_KEYWORD; left++) {
> +			if (strncmp(condition, cc_keyword[left].keyword,
> +				    cc_keyword[left].keyword_len))
> +				continue;
> +			condition += cc_keyword[left].keyword_len;
> +			break;
> +		}
> +		if (left == MAX_KEYWORD) {
> +			if (!tmy_parse_ulong(&left_min, &condition))
> +				goto out;
> +			counter++; /* body */
> +			if (*condition != '-')
> +				goto not_range1;
> +			condition++;
> +			if (!tmy_parse_ulong(&left_max, &condition)
> +			    || left_min > left_max)
> +				goto out;
> +			counter++; /* body */
> +not_range1: ;
> +		}
> +		if (strncmp(condition, "!=", 2) == 0)
> +			condition += 2;
> +		else if (*condition == '=')
> +			condition++;
> +		else
> +			goto out;
> +		counter++; /* header */
> +		for (right = 0; right < MAX_KEYWORD; right++) {
> +			if (strncmp(condition, cc_keyword[right].keyword,
> +				    cc_keyword[right].keyword_len))
> +				continue;
> +			condition += cc_keyword[right].keyword_len;
> +			break;
> +		}

What is that? Language parser in kernel?

							Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [TOMOYO 14/15] Conditional permission support.
    • From: Tetsuo Handa <[email protected]>
  • Re: [TOMOYO 14/15] Conditional permission support.
    • From: "Toshiharu Harada" <[email protected]>

• References:
  • [TOMOYO 00/15] TOMOYO Linux - MAC based on process invocation histroy
    • From: Kentaro Takeda <[email protected]>
  • [TOMOYO 14/15] Conditional permission support.
    • From: Kentaro Takeda <[email protected]>

• Prev by Date: Problem with CFS V20 and Suspend2/tuxonice
• Next by Date: Re: [PATCH] Fix preemptible lazy mode bug
• Previous by thread: [TOMOYO 14/15] Conditional permission support.
• Next by thread: Re: [TOMOYO 14/15] Conditional permission support.
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]