Linux Kernel
3.7.1
|
#include <linux/types.h>
#include <linux/slab.h>
#include <linux/fs.h>
#include <linux/sched.h>
#include "smack.h"
Go to the source code of this file.
Functions | |
LIST_HEAD (smack_known_list) | |
int | smk_access_entry (char *subject_label, char *object_label, struct list_head *rule_list) |
int | smk_access (char *subject_label, char *object_label, int request, struct smk_audit_info *a) |
int | smk_curacc (char *obj_label, u32 mode, struct smk_audit_info *a) |
void | smack_log (char *subject_label, char *object_label, int request, int result, struct smk_audit_info *ad) |
DEFINE_MUTEX (smack_known_lock) | |
struct smack_known * | smk_find_entry (const char *string) |
char * | smk_parse_smack (const char *string, int len) |
int | smk_netlbl_mls (int level, char *catset, struct netlbl_lsm_secattr *sap, int len) |
struct smack_known * | smk_import_entry (const char *string, int len) |
char * | smk_import (const char *string, int len) |
char * | smack_from_secid (const u32 secid) |
u32 | smack_to_secid (const char *smack) |
DEFINE_MUTEX | ( | smack_known_lock | ) |
LIST_HEAD | ( | smack_known_list | ) |
void smack_log | ( | char * | subject_label, |
char * | object_label, | ||
int | request, | ||
int | result, | ||
struct smk_audit_info * | ad | ||
) |
Definition at line 317 of file smack_access.c.
smack_to_secid - find the secid associated with a Smack label : the Smack label
Returns the appropriate secid if there is one, otherwise 0
Definition at line 544 of file smack_access.c.
int smk_access | ( | char * | subject_label, |
char * | object_label, | ||
int | request, | ||
struct smk_audit_info * | a | ||
) |
smk_access - determine if a subject has a specific access to an object : a pointer to the subject's Smack label : a pointer to the object's Smack label : the access requested, in "MAY" format : a pointer to the audit data
This function looks up the subject/object pair in the access rule list and returns 0 if the access is permitted, non zero otherwise.
Smack labels are shared on smack_list
Definition at line 118 of file smack_access.c.
smk_access_entry - look up matching access rule : a pointer to the subject's Smack label : a pointer to the object's Smack label : the list of rules to search
This function looks up the subject/object pair in the access rule list and returns the access mode. If no entry is found returns -ENOENT.
NOTE:
Earlier versions of this function allowed for labels that were not on the label list. This was done to allow for labels to come over the network that had never been seen before on this host. Unless the receiving socket has the star label this will always result in a failure check. The star labeled socket case is now handled in the networking hooks so there is no case where the label is not on the label list. Checking to see if the address of two labels is the same is now a reliable test.
Do the object check first because that is more likely to differ.
Definition at line 88 of file smack_access.c.
int smk_curacc | ( | char * | obj_label, |
u32 | mode, | ||
struct smk_audit_info * | a | ||
) |
smk_curacc - determine if current has a specific access to an object : a pointer to the object's Smack label : the access requested, in "MAY" format : common audit data
This function checks the current subject label/object label pair in the access rule list and returns 0 if the access is permitted, non zero otherwise. It allows that current may have the capability to override the rules.
Definition at line 198 of file smack_access.c.
|
read |
|
read |
smk_import_entry - import a label, return the list entry : a text string that might be a Smack label : the maximum size, or zero if it is NULL terminated.
Returns a pointer to the entry in the label list that matches the passed string, adding it if necessary.
Definition at line 428 of file smack_access.c.
smk_netlbl_mls - convert a catset to netlabel mls categories : the Smack categories : where to put the netlabel categories
Allocates and fills attr.mls Returns 0 on success, error code on failure.
Definition at line 391 of file smack_access.c.
smk_parse_smack - parse smack label from a text string : a text string that might contain a Smack label : the maximum size, or zero if it is NULL terminated.
Returns a pointer to the clean label, or NULL
Definition at line 351 of file smack_access.c.
int log_policy = SMACK_AUDIT_DENIED |
Definition at line 61 of file smack_access.c.
struct smack_known smack_known_floor |
Definition at line 34 of file smack_access.c.
struct smack_known smack_known_hat |
Definition at line 24 of file smack_access.c.
struct smack_known smack_known_huh |
Definition at line 19 of file smack_access.c.
struct smack_known smack_known_invalid |
Definition at line 39 of file smack_access.c.
struct smack_known smack_known_star |
Definition at line 29 of file smack_access.c.
struct smack_known smack_known_web |
Definition at line 44 of file smack_access.c.