Lines Matching +full:c +full:- +full:family +full:- +full:name
1 // SPDX-License-Identifier: GPL-2.0
3 * security/tomoyo/network.c
5 * Copyright (C) 2005-2011 NTT DATA CORPORATION
43 * tomoyo_parse_ipaddr_union - Parse an IP address.
53 u8 * const min = ptr->ip[0].in6_u.u6_addr8; in tomoyo_parse_ipaddr_union()
54 u8 * const max = ptr->ip[1].in6_u.u6_addr8; in tomoyo_parse_ipaddr_union()
59 in4_pton(address, -1, min, '-', &end) > 0) { in tomoyo_parse_ipaddr_union()
60 ptr->is_ipv6 = false; in tomoyo_parse_ipaddr_union()
62 ptr->ip[1].s6_addr32[0] = ptr->ip[0].s6_addr32[0]; in tomoyo_parse_ipaddr_union()
63 else if (*end++ != '-' || in tomoyo_parse_ipaddr_union()
64 in4_pton(end, -1, max, '\0', &end) <= 0 || *end) in tomoyo_parse_ipaddr_union()
68 if (in6_pton(address, -1, min, '-', &end) > 0) { in tomoyo_parse_ipaddr_union()
69 ptr->is_ipv6 = true; in tomoyo_parse_ipaddr_union()
72 else if (*end++ != '-' || in tomoyo_parse_ipaddr_union()
73 in6_pton(end, -1, max, '\0', &end) <= 0 || *end) in tomoyo_parse_ipaddr_union()
81 * tomoyo_print_ipv4 - Print an IPv4 address.
93 snprintf(buffer, buffer_len, "%pI4%c%pI4", min_ip, in tomoyo_print_ipv4()
94 *min_ip == *max_ip ? '\0' : '-', max_ip); in tomoyo_print_ipv4()
98 * tomoyo_print_ipv6 - Print an IPv6 address.
111 snprintf(buffer, buffer_len, "%pI6c%c%pI6c", min_ip, in tomoyo_print_ipv6()
112 !memcmp(min_ip, max_ip, 16) ? '\0' : '-', max_ip); in tomoyo_print_ipv6()
116 * tomoyo_print_ip - Print an IP address.
127 if (ptr->is_ipv6) in tomoyo_print_ip()
128 tomoyo_print_ipv6(buf, size, &ptr->ip[0], &ptr->ip[1]); in tomoyo_print_ip()
130 tomoyo_print_ipv4(buf, size, &ptr->ip[0].s6_addr32[0], in tomoyo_print_ip()
131 &ptr->ip[1].s6_addr32[0]); in tomoyo_print_ip()
185 * tomoyo_same_inet_acl - Check for duplicated "struct tomoyo_inet_acl" entry.
198 return p1->protocol == p2->protocol && in tomoyo_same_inet_acl()
199 tomoyo_same_ipaddr_union(&p1->address, &p2->address) && in tomoyo_same_inet_acl()
200 tomoyo_same_number_union(&p1->port, &p2->port); in tomoyo_same_inet_acl()
204 * tomoyo_same_unix_acl - Check for duplicated "struct tomoyo_unix_acl" entry.
217 return p1->protocol == p2->protocol && in tomoyo_same_unix_acl()
218 tomoyo_same_name_union(&p1->name, &p2->name); in tomoyo_same_unix_acl()
222 * tomoyo_merge_inet_acl - Merge duplicated "struct tomoyo_inet_acl" entry.
235 &container_of(a, struct tomoyo_inet_acl, head)->perm; in tomoyo_merge_inet_acl()
237 const u8 b_perm = container_of(b, struct tomoyo_inet_acl, head)->perm; in tomoyo_merge_inet_acl()
248 * tomoyo_merge_unix_acl - Merge duplicated "struct tomoyo_unix_acl" entry.
261 &container_of(a, struct tomoyo_unix_acl, head)->perm; in tomoyo_merge_unix_acl()
263 const u8 b_perm = container_of(b, struct tomoyo_unix_acl, head)->perm; in tomoyo_merge_unix_acl()
274 * tomoyo_write_inet_network - Write "struct tomoyo_inet_acl" list.
285 int error = -EINVAL; in tomoyo_write_inet_network()
297 return -EINVAL; in tomoyo_write_inet_network()
298 if (param->data[0] == '@') { in tomoyo_write_inet_network()
299 param->data++; in tomoyo_write_inet_network()
303 return -ENOMEM; in tomoyo_write_inet_network()
321 * tomoyo_write_unix_network - Write "struct tomoyo_unix_acl" list.
342 return -EINVAL; in tomoyo_write_unix_network()
343 if (!tomoyo_parse_name_union(param, &e.name)) in tomoyo_write_unix_network()
344 return -EINVAL; in tomoyo_write_unix_network()
348 tomoyo_put_name_union(&e.name); in tomoyo_write_unix_network()
353 * tomoyo_audit_net_log - Audit network log.
356 * @family: Name of socket family ("inet" or "unix").
357 * @protocol: Name of protocol in @family.
358 * @operation: Name of socket operation.
359 * @address: Name of address.
364 const char *family, const u8 protocol, in tomoyo_audit_net_log() argument
367 return tomoyo_supervisor(r, "network %s %s %s %s\n", family, in tomoyo_audit_net_log()
373 * tomoyo_audit_inet_log - Audit INET network log.
383 const __be32 *address = r->param.inet_network.address; in tomoyo_audit_inet_log()
385 if (r->param.inet_network.is_ipv6) in tomoyo_audit_inet_log()
391 snprintf(buf + len, sizeof(buf) - len, " %u", in tomoyo_audit_inet_log()
392 r->param.inet_network.port); in tomoyo_audit_inet_log()
393 return tomoyo_audit_net_log(r, "inet", r->param.inet_network.protocol, in tomoyo_audit_inet_log()
394 r->param.inet_network.operation, buf); in tomoyo_audit_inet_log()
398 * tomoyo_audit_unix_log - Audit UNIX network log.
406 return tomoyo_audit_net_log(r, "unix", r->param.unix_network.protocol, in tomoyo_audit_unix_log()
407 r->param.unix_network.operation, in tomoyo_audit_unix_log()
408 r->param.unix_network.address->name); in tomoyo_audit_unix_log()
412 * tomoyo_check_inet_acl - Check permission for inet domain socket operation.
424 const u8 size = r->param.inet_network.is_ipv6 ? 16 : 4; in tomoyo_check_inet_acl()
426 if (!(acl->perm & (1 << r->param.inet_network.operation)) || in tomoyo_check_inet_acl()
427 !tomoyo_compare_number_union(r->param.inet_network.port, in tomoyo_check_inet_acl()
428 &acl->port)) in tomoyo_check_inet_acl()
430 if (acl->address.group) in tomoyo_check_inet_acl()
432 (r->param.inet_network.is_ipv6, in tomoyo_check_inet_acl()
433 r->param.inet_network.address, acl->address.group); in tomoyo_check_inet_acl()
434 return acl->address.is_ipv6 == r->param.inet_network.is_ipv6 && in tomoyo_check_inet_acl()
435 memcmp(&acl->address.ip[0], in tomoyo_check_inet_acl()
436 r->param.inet_network.address, size) <= 0 && in tomoyo_check_inet_acl()
437 memcmp(r->param.inet_network.address, in tomoyo_check_inet_acl()
438 &acl->address.ip[1], size) <= 0; in tomoyo_check_inet_acl()
442 * tomoyo_check_unix_acl - Check permission for unix domain socket operation.
455 return (acl->perm & (1 << r->param.unix_network.operation)) && in tomoyo_check_unix_acl()
456 tomoyo_compare_name_union(r->param.unix_network.address, in tomoyo_check_unix_acl()
457 &acl->name); in tomoyo_check_unix_acl()
461 * tomoyo_inet_entry - Check permission for INET network operation.
472 const u8 type = tomoyo_inet2mac[address->protocol][address->operation]; in tomoyo_inet_entry()
477 r.param.inet_network.protocol = address->protocol; in tomoyo_inet_entry()
478 r.param.inet_network.operation = address->operation; in tomoyo_inet_entry()
479 r.param.inet_network.is_ipv6 = address->inet.is_ipv6; in tomoyo_inet_entry()
480 r.param.inet_network.address = address->inet.address; in tomoyo_inet_entry()
481 r.param.inet_network.port = ntohs(address->inet.port); in tomoyo_inet_entry()
492 * tomoyo_check_inet_address - Check permission for inet domain socket's operation.
506 struct tomoyo_inet_addr_info *i = &address->inet; in tomoyo_check_inet_address()
510 switch (addr->sa_family) { in tomoyo_check_inet_address()
514 i->is_ipv6 = true; in tomoyo_check_inet_address()
515 i->address = (__be32 *) in tomoyo_check_inet_address()
516 ((struct sockaddr_in6 *) addr)->sin6_addr.s6_addr; in tomoyo_check_inet_address()
517 i->port = ((struct sockaddr_in6 *) addr)->sin6_port; in tomoyo_check_inet_address()
522 i->is_ipv6 = false; in tomoyo_check_inet_address()
523 i->address = (__be32 *) in tomoyo_check_inet_address()
524 &((struct sockaddr_in *) addr)->sin_addr; in tomoyo_check_inet_address()
525 i->port = ((struct sockaddr_in *) addr)->sin_port; in tomoyo_check_inet_address()
530 if (address->protocol == SOCK_RAW) in tomoyo_check_inet_address()
531 i->port = htons(port); in tomoyo_check_inet_address()
538 * tomoyo_unix_entry - Check permission for UNIX network operation.
549 const u8 type = tomoyo_unix2mac[address->protocol][address->operation]; in tomoyo_unix_entry()
553 char *buf = address->unix0.addr; in tomoyo_unix_entry()
554 int len = address->unix0.addr_len - sizeof(sa_family_t); in tomoyo_unix_entry()
566 addr.name = buf; in tomoyo_unix_entry()
569 r.param.unix_network.protocol = address->protocol; in tomoyo_unix_entry()
570 r.param.unix_network.operation = address->operation; in tomoyo_unix_entry()
578 error = -ENOMEM; in tomoyo_unix_entry()
585 * tomoyo_check_unix_address - Check permission for unix domain socket's operation.
597 struct tomoyo_unix_addr_info *u = &address->unix0; in tomoyo_check_unix_address()
601 if (addr->sa_family != AF_UNIX) in tomoyo_check_unix_address()
603 u->addr = ((struct sockaddr_un *) addr)->sun_path; in tomoyo_check_unix_address()
604 u->addr_len = addr_len; in tomoyo_check_unix_address()
609 * tomoyo_kernel_service - Check whether I'm kernel service or not.
616 return current->flags & PF_KTHREAD; in tomoyo_kernel_service()
620 * tomoyo_sock_family - Get socket's family.
628 u8 family; in tomoyo_sock_family() local
632 family = sk->sk_family; in tomoyo_sock_family()
633 switch (family) { in tomoyo_sock_family()
637 return family; in tomoyo_sock_family()
644 * tomoyo_socket_listen_permission - Check permission for listening a socket.
653 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_listen_permission() local
654 const unsigned int type = sock->type; in tomoyo_socket_listen_permission()
658 if (!family || (type != SOCK_STREAM && type != SOCK_SEQPACKET)) in tomoyo_socket_listen_permission()
661 const int error = sock->ops->getname(sock, (struct sockaddr *) in tomoyo_socket_listen_permission()
670 if (family == PF_UNIX) in tomoyo_socket_listen_permission()
678 * tomoyo_socket_connect_permission - Check permission for setting the remote address of a socket.
690 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_connect_permission() local
691 const unsigned int type = sock->type; in tomoyo_socket_connect_permission()
693 if (!family) in tomoyo_socket_connect_permission()
708 if (family == PF_UNIX) in tomoyo_socket_connect_permission()
710 return tomoyo_check_inet_address(addr, addr_len, sock->sk->sk_protocol, in tomoyo_socket_connect_permission()
715 * tomoyo_socket_bind_permission - Check permission for setting the local address of a socket.
727 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_bind_permission() local
728 const unsigned int type = sock->type; in tomoyo_socket_bind_permission()
730 if (!family) in tomoyo_socket_bind_permission()
743 if (family == PF_UNIX) in tomoyo_socket_bind_permission()
745 return tomoyo_check_inet_address(addr, addr_len, sock->sk->sk_protocol, in tomoyo_socket_bind_permission()
750 * tomoyo_socket_sendmsg_permission - Check permission for sending a datagram.
762 const u8 family = tomoyo_sock_family(sock->sk); in tomoyo_socket_sendmsg_permission() local
763 const unsigned int type = sock->type; in tomoyo_socket_sendmsg_permission()
765 if (!msg->msg_name || !family || in tomoyo_socket_sendmsg_permission()
770 if (family == PF_UNIX) in tomoyo_socket_sendmsg_permission()
772 msg->msg_name, in tomoyo_socket_sendmsg_permission()
773 msg->msg_namelen, &address); in tomoyo_socket_sendmsg_permission()
774 return tomoyo_check_inet_address((struct sockaddr *) msg->msg_name, in tomoyo_socket_sendmsg_permission()
775 msg->msg_namelen, in tomoyo_socket_sendmsg_permission()
776 sock->sk->sk_protocol, &address); in tomoyo_socket_sendmsg_permission()