Re: [TOMOYO 14/15] Conditional permission support.

Pavel Machek Sat, 25 Aug 2007 04:57:16 -0700

Hi!

> This patch allows administrators use conditional permission.
> TOMOYO Linux supports conditional permission based on
> process's UID,GID etc. and/or requested pathname's UID/GID.
> 
> Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]>
> Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]>


> + * Since the trailing spaces are removed by tmy_normalize_line(),
> + * the last "\040if\040" sequence corresponds to condition part.
> + */
> +char *tmy_find_condition_part(char *data)
> +{
> +     char *cp = strstr(data, " if ");
> +     if (cp) {
> +             char *cp2;
> +             while ((cp2 = strstr(cp + 3, " if ")) != NULL)
> +                     cp = cp2;
> +             *cp++ = '\0';
> +     }
> +     return cp;
> +}
...

> +     unsigned long left_min = 0;
> +     unsigned long left_max = 0;
> +     unsigned long right_min = 0;
> +     unsigned long right_max = 0;
> +     if (strncmp(condition, "if ", 3))
> +             return NULL;
> +     condition += 3;
> +     start = condition;
> +     while (*condition) {
> +             if (*condition == ' ')
> +                     condition++;
> +             for (left = 0; left < MAX_KEYWORD; left++) {
> +                     if (strncmp(condition, cc_keyword[left].keyword,
> +                                 cc_keyword[left].keyword_len))
> +                             continue;
> +                     condition += cc_keyword[left].keyword_len;
> +                     break;
> +             }
> +             if (left == MAX_KEYWORD) {
> +                     if (!tmy_parse_ulong(&left_min, &condition))
> +                             goto out;
> +                     counter++; /* body */
> +                     if (*condition != '-')
> +                             goto not_range1;
> +                     condition++;
> +                     if (!tmy_parse_ulong(&left_max, &condition)
> +                         || left_min > left_max)
> +                             goto out;
> +                     counter++; /* body */
> +not_range1: ;
> +             }
> +             if (strncmp(condition, "!=", 2) == 0)
> +                     condition += 2;
> +             else if (*condition == '=')
> +                     condition++;
> +             else
> +                     goto out;
> +             counter++; /* header */
> +             for (right = 0; right < MAX_KEYWORD; right++) {
> +                     if (strncmp(condition, cc_keyword[right].keyword,
> +                                 cc_keyword[right].keyword_len))
> +                             continue;
> +                     condition += cc_keyword[right].keyword_len;
> +                     break;
> +             }

What is that? Language parser in kernel?

                                                        Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) 
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [TOMOYO 14/15] Conditional permission support.

Reply via email to