diff options
| author | Kentaro Takeda <takedakn@nttdata.co.jp> | 2009-02-05 17:18:14 +0900 | 
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-02-12 15:15:05 +1100 | 
| commit | b69a54ee582373d76e4b5560970db5b8c618b12a (patch) | |
| tree | 5889c074f7885187104906c921da0bab318bfe64 /lib/parser.c | |
| parent | 9590837b89aaa4523209ac91c52db5ea0d9142fd (diff) | |
File operation restriction part.
This file controls file related operations of TOMOYO Linux.
tomoyo/tomoyo.c calls the following six functions in this file.
Each function handles the following access types.
 * tomoyo_check_file_perm
sysctl()'s "read" and "write".
 * tomoyo_check_exec_perm
"execute".
 * tomoyo_check_open_permission
open(2) for "read" and "write".
 * tomoyo_check_1path_perm
"create", "unlink", "mkdir", "rmdir", "mkfifo",
"mksock", "mkblock", "mkchar", "truncate" and "symlink".
 * tomoyo_check_2path_perm
"rename" and "unlink".
 * tomoyo_check_rewrite_permission
"rewrite".
("rewrite" are operations which may lose already recorded data of a file,
i.e. open(!O_APPEND) || open(O_TRUNC) || truncate() || ftruncate())
The functions which actually checks ACLs are the following three functions.
Each function handles the following access types.
ACL directive is expressed by "allow_<access type>".
 * tomoyo_check_file_acl
Open() operation and execve() operation.
("read", "write", "read/write" and "execute")
 * tomoyo_check_single_write_acl
Directory modification operations with 1 pathname.
("create", "unlink", "mkdir", "rmdir", "mkfifo", "mksock",
 "mkblock", "mkchar", "truncate", "symlink" and "rewrite")
 * tomoyo_check_double_write_acl
Directory modification operations with 2 pathname.
("link" and "rename")
Also, this file contains handlers of some utility directives
for file related operations.
 * "allow_read":   specifies globally (for all domains) readable files.
 * "path_group":   specifies pathname macro.
 * "deny_rewrite": restricts rewrite operation.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'lib/parser.c')
0 files changed, 0 insertions, 0 deletions
