static void *jpsd_mgmt_thrd(void * arg) { int err = 0; int i; int start = 1; jpsd_tdf_domain_init(); while (1) { mgmt_exiting = false; printf("mgmt connect: initialized\n"); if (start == 1) { err = jpsd_mgmt_init(1); bail_error(err); } else { while ((err = jpsd_mgmt_init(0)) != 0) { jpsd_deinit(); sleep(2); } } err = jpsd_mgmt_main_loop(); complain_error(err); err = jpsd_deinit(); complain_error(err); printf("mgmt connect: de-initialized\n"); start = 0; } bail: printf("jpsd_mgmt_thrd: exit\n"); return NULL; }
void * geodbd_mgmt_func(void * arg) { int err = 0; int start = 1; /* Connect/create GCL sessions, initialize mgmtd i/f */ while (1) { geodbd_exiting = false; printf("geodbd connect: initialized\n"); if (start == 1) { err = geodbd_mgmt_process(1); bail_error(err); } else { while ((err = geodbd_mgmt_process(0)) != 0) { geodbd_deinit(); sleep(2); } } err = main_loop(); complain_error(err); err = geodbd_deinit(); complain_error(err); printf("mgmt connect: de-initialized\n"); start = 0; } bail: printf("adnsd_mgmt_func: exit\n"); return NULL; }
int md_uf_delete_context(const char *uf_name) { int err = 0; uf_context_data_t *context = NULL; file_path_t uf_dir = {0}; bail_null(uf_name); err = md_uf_find_context(uf_name, &context); bail_error(err); bail_null(context); context->valid = 0; context->consumed = 0; context->cfg_updated = 0; bzero(context->uf_name, sizeof(context->uf_name)); safe_free(context->url); safe_free(context->crypto_key); safe_free(context->type); if (context->poll_event) { /* delete this timer */ err = lew_event_delete(md_lwc, &(context->poll_event)); complain_error(err); context->poll_event = NULL; } bail: snprintf(uf_dir, sizeof(uf_dir), "/nkn/tmp/uf/%s", uf_name); lf_remove_tree(uf_dir); return err; }
int md_uf_timer_callback(int fd, short event_type, void *data, lew_context *ctxt) { int err = 0; uf_context_data_t *context = (uf_context_data_t *) data; err = md_uf_refresh_file(NULL, NULL, context->uf_name, "0"); complain_error(err); /* add timer again even if error occured */ if (context->refresh_interval > 0) { context->next_refresh_time = lt_curr_time() + context->poll_frequency/1000; err = lew_event_reg_timer(md_lwc, &(context->poll_event), (context->callback), (void *) (context), (context->poll_frequency)); bail_error(err); } bail: return err; }
/** * aa_capable - test permission to use capability * @task: task doing capability test against (NOT NULL) * @profile: profile confining @task (NOT NULL) * @cap: capability to be tested * @audit: whether an audit record should be generated * * Look up capability in profile capability set. * * Returns: 0 on success, or else an error code. */ int aa_capable(struct task_struct *task, struct aa_profile *profile, int cap, int audit) { int error = profile_capable(profile, cap); if (!audit) { if (COMPLAIN_MODE(profile)) return complain_error(error); return error; } return audit_caps(profile, task, cap, error); }
int md_uf_update_timer(uf_context_data_t *context) { int err = 0; if (context->poll_event) { /* delete this timer */ err = lew_event_delete(md_lwc, &(context->poll_event)); complain_error(err); context->poll_event = NULL; } context->cfg_updated = 0; if (context->valid == 0) { goto bail; } /* refresh file force-fully now */ err = md_uf_refresh_file(NULL, NULL, context->uf_name, "1"); complain_error(err); /* adding timer with to trigger timer at scheduled */ if (context->refresh_interval > 0) { context->next_refresh_time = lt_curr_time() + context->poll_frequency/1000; err = lew_event_reg_timer(md_lwc, &(context->poll_event), (context->callback), (void *) (context), (context->poll_frequency)); bail_error(err); } bail: return err; }
/** * audit_caps - audit a capability * @profile: profile confining task (NOT NULL) * @task: task capability test was performed against (NOT NULL) * @cap: capability tested * @error: error code returned by test * * Do auditing of capability and handle, audit/complain/kill modes switching * and duplicate message elimination. * * Returns: 0 or sa->error on success, error code on failure */ static int audit_caps(struct aa_profile *profile, struct task_struct *task, int cap, int error) { struct audit_cache *ent; int type = AUDIT_APPARMOR_AUTO; struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; COMMON_AUDIT_DATA_INIT(&sa, CAP); sa.aad = &aad; sa.tsk = task; sa.u.cap = cap; sa.aad->op = OP_CAPABLE; sa.aad->error = error; if (likely(!error)) { /* test if auditing is being forced */ if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && !cap_raised(profile->caps.audit, cap))) return 0; type = AUDIT_APPARMOR_AUDIT; } else if (KILL_MODE(profile) || cap_raised(profile->caps.kill, cap)) { type = AUDIT_APPARMOR_KILL; } else if (cap_raised(profile->caps.quiet, cap) && AUDIT_MODE(profile) != AUDIT_NOQUIET && AUDIT_MODE(profile) != AUDIT_ALL) { /* quiet auditing */ return error; } /* Do simple duplicate message elimination */ ent = &get_cpu_var(audit_cache); if (profile == ent->profile && cap_raised(ent->caps, cap)) { put_cpu_var(audit_cache); if (COMPLAIN_MODE(profile)) return complain_error(error); return error; } else { aa_put_profile(ent->profile); ent->profile = aa_get_profile(profile); cap_raise(ent->caps, cap); } put_cpu_var(audit_cache); return aa_audit(type, profile, GFP_ATOMIC, &sa, audit_cb); }
/** * profile_capable - test if profile allows use of capability @cap * @profile: profile being enforced (NOT NULL, NOT unconfined) * @cap: capability to test if allowed * @sa: audit data (MAY BE NULL indicating no auditing) * * Returns: 0 if allowed else -EPERM */ static int profile_capable(struct aa_profile *profile, int cap, struct common_audit_data *sa) { int error; if (cap_raised(profile->caps.allow, cap) && !cap_raised(profile->caps.denied, cap)) error = 0; else error = -EPERM; if (!sa) { if (COMPLAIN_MODE(profile)) return complain_error(error); return error; } return audit_caps(sa, profile, cap, error); }
/** * audit_caps - audit a capability * @sa: audit data * @profile: profile being tested for confinement (NOT NULL) * @cap: capability tested * @error: error code returned by test * * Do auditing of capability and handle, audit/complain/kill modes switching * and duplicate message elimination. * * Returns: 0 or sa->error on success, error code on failure */ static int audit_caps(struct common_audit_data *sa, struct aa_profile *profile, int cap, int error) { struct audit_cache *ent; int type = AUDIT_APPARMOR_AUTO; aad(sa)->error = error; if (likely(!error)) { /* test if auditing is being forced */ if (likely((AUDIT_MODE(profile) != AUDIT_ALL) && !cap_raised(profile->caps.audit, cap))) return 0; type = AUDIT_APPARMOR_AUDIT; } else if (KILL_MODE(profile) || cap_raised(profile->caps.kill, cap)) { type = AUDIT_APPARMOR_KILL; } else if (cap_raised(profile->caps.quiet, cap) && AUDIT_MODE(profile) != AUDIT_NOQUIET && AUDIT_MODE(profile) != AUDIT_ALL) { /* quiet auditing */ return error; } /* Do simple duplicate message elimination */ ent = &get_cpu_var(audit_cache); if (profile == ent->profile && cap_raised(ent->caps, cap)) { put_cpu_var(audit_cache); if (COMPLAIN_MODE(profile)) return complain_error(error); return error; } else { aa_put_profile(ent->profile); ent->profile = aa_get_profile(profile); cap_raise(ent->caps, cap); } put_cpu_var(audit_cache); return aa_audit(type, profile, sa, audit_cb); }
/** * aa_audit - Log a profile based audit event to the audit subsystem * @type: audit type for the message * @profile: profile to check against (NOT NULL) * @gfp: allocation flags to use * @sa: audit event (NOT NULL) * @cb: optional callback fn for type specific fields (MAYBE NULL) * * Handle default message switching based off of audit mode flags * * Returns: error on failure */ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, struct common_audit_data *sa, void (*cb) (struct audit_buffer *, void *)) { BUG_ON(!profile); if (type == AUDIT_APPARMOR_AUTO) { if (likely(!sa->aad->error)) { if (AUDIT_MODE(profile) != AUDIT_ALL) return 0; type = AUDIT_APPARMOR_AUDIT; } else if (COMPLAIN_MODE(profile)) type = AUDIT_APPARMOR_ALLOWED; else type = AUDIT_APPARMOR_DENIED; } if (AUDIT_MODE(profile) == AUDIT_QUIET || (type == AUDIT_APPARMOR_DENIED && AUDIT_MODE(profile) == AUDIT_QUIET)) return sa->aad->error; if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED) type = AUDIT_APPARMOR_KILL; if (!unconfined(profile)) sa->aad->profile = profile; aa_audit_msg(type, sa, cb); if (sa->aad->type == AUDIT_APPARMOR_KILL) (void)send_sig_info(SIGKILL, NULL, sa->u.tsk ? sa->u.tsk : current); if (sa->aad->type == AUDIT_APPARMOR_ALLOWED) return complain_error(sa->aad->error); return sa->aad->error; }
/** * aa_audit - Log a profile based audit event to the audit subsystem * @type: audit type for the message * @profile: profile to check against (NOT NULL) * @sa: audit event (NOT NULL) * @cb: optional callback fn for type specific fields (MAYBE NULL) * * Handle default message switching based off of audit mode flags * * Returns: error on failure */ int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, void (*cb) (struct audit_buffer *, void *)) { BUG_ON(!profile); if (type == AUDIT_APPARMOR_AUTO) { if (likely(!aad(sa)->error)) { if (AUDIT_MODE(profile) != AUDIT_ALL) return 0; type = AUDIT_APPARMOR_AUDIT; } else if (COMPLAIN_MODE(profile)) type = AUDIT_APPARMOR_ALLOWED; else type = AUDIT_APPARMOR_DENIED; } if (AUDIT_MODE(profile) == AUDIT_QUIET || (type == AUDIT_APPARMOR_DENIED && AUDIT_MODE(profile) == AUDIT_QUIET)) return aad(sa)->error; if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED) type = AUDIT_APPARMOR_KILL; aad(sa)->label = &profile->label; aa_audit_msg(type, sa, cb); if (aad(sa)->type == AUDIT_APPARMOR_KILL) (void)send_sig_info(SIGKILL, NULL, sa->type == LSM_AUDIT_DATA_TASK && sa->u.tsk ? sa->u.tsk : current); if (aad(sa)->type == AUDIT_APPARMOR_ALLOWED) return complain_error(aad(sa)->error); return aad(sa)->error; }
int md_nkn_ethtool(const char *intf_name, nkn_ethtool_cmd_t cmd, uint32_t *data) { int err = 0; tstring *output = NULL; tstr_array *ret_params = NULL; const char *cmd_str = NULL; const char* oper = NULL; int32_t status = 0; struct ethtool_value edata; int need_change = 0; bail_null(intf_name); bail_null(data); if (cmd == NKN_ETHTOOL_GRO_SET) { oper = *data? "on":"off"; cmd_str = "gro"; err = lc_launch_quick_status(&status, &output, true, 5 ,"/usr/sbin/ethtool", "-K" ,intf_name, cmd_str, oper); bail_error(err); memset(&edata, 0, sizeof(struct ethtool_value)); edata.cmd = ETHTOOL_GFLAGS; if (!md_nkn_ethtool_ioctl(intf_name, &edata)) { if(*data && !(ETH_FLAG_LRO & edata.data)) { edata.data |= ETH_FLAG_LRO; need_change = 1; lc_log_basic(LOG_NOTICE, "Enabling RSC/LRO for intf '%s'\n", intf_name); } else if (!*data && (ETH_FLAG_LRO & edata.data)) { edata.data &= ~ETH_FLAG_LRO; need_change = 1; lc_log_basic(LOG_NOTICE, "Disabling RSC/LRO for intf '%s'\n", intf_name); } else { need_change = 0; } if (need_change) { edata.cmd = ETHTOOL_SFLAGS; md_nkn_ethtool_ioctl(intf_name, &edata); } } complain_error(status); } else if (cmd == NKN_ETHTOOL_GRO_GET) { uint32_t gro_idx = 0; const char *gro_status = NULL; str_value_t gro = {0}; err = lc_launch_quick_status(&status, &output, true,3, "/usr/sbin/ethtool", "-k", intf_name); bail_error(err); complain_error(status); err = ts_tokenize(output, '\n', '\\', '"', 0, &ret_params); bail_error(err); err = tstr_array_linear_search_prefix_str(ret_params, "generic-receive-offload:", false, true, 0, &gro_idx); bail_error(err); gro_status = tstr_array_get_str_quick(ret_params, gro_idx); bail_null(gro_status); sscanf(gro_status, "generic-receive-offload: %s", gro); *data = (!strcmp(gro, "on")) ? 1 : 0; } if (cmd == NKN_ETHTOOL_GSO_SET) { oper = *data? "on":"off"; cmd_str = "gso"; err = lc_launch_quick_status(&status, &output, true, 5 ,"/usr/sbin/ethtool", "-K" ,intf_name, cmd_str, oper); bail_error(err); memset(&edata, 0, sizeof(struct ethtool_value)); edata.cmd = ETHTOOL_GGSO; if (!md_nkn_ethtool_ioctl(intf_name, &edata)) { if(*data && !(NETIF_F_GSO & edata.data)) { edata.data |= NETIF_F_GSO; need_change = 1; lc_log_basic(LOG_NOTICE, "Enabling GSO for intf '%s'\n", intf_name); } else if (!*data && (NETIF_F_GSO & edata.data)) { edata.data &= ~NETIF_F_GSO; need_change = 1; lc_log_basic(LOG_NOTICE, "Disabling GSO for intf '%s'\n", intf_name); } else { need_change = 0; } if (need_change) { edata.cmd = ETHTOOL_SGSO; md_nkn_ethtool_ioctl(intf_name, &edata); } } complain_error(status); } else if (cmd == NKN_ETHTOOL_GSO_GET) { uint32_t gso_idx = 0; const char *gso_status = NULL; str_value_t gso = {0}; err = lc_launch_quick_status(&status, &output, true,3, "/usr/sbin/ethtool", "-k", intf_name); bail_error(err); complain_error(status); err = ts_tokenize(output, '\n', '\\', '"', 0, &ret_params); bail_error(err); err = tstr_array_linear_search_prefix_str(ret_params, "generic-segmentation-offload:", false, true, 0, &gso_idx); bail_error(err); gso_status = tstr_array_get_str_quick(ret_params, gso_idx); bail_null(gso_status); sscanf(gso_status, "generic-segmentation-offload: %s", gso); *data = (!strcmp(gso, "on")) ? 1 : 0; } if (cmd == NKN_ETHTOOL_TSO_SET) { oper = *data? "on":"off"; cmd_str = "tso"; err = lc_launch_quick_status(&status, &output, true, 5 ,"/usr/sbin/ethtool", "-K" ,intf_name, cmd_str, oper); bail_error(err); memset(&edata, 0, sizeof(struct ethtool_value)); edata.cmd = ETHTOOL_GTSO; if (!md_nkn_ethtool_ioctl(intf_name, &edata)) { if(*data && !(NETIF_F_TSO & edata.data)) { edata.data |= NETIF_F_TSO; need_change = 1; lc_log_basic(LOG_NOTICE, "Enabling TSO for intf '%s'\n", intf_name); } else if (!*data && (NETIF_F_TSO & edata.data)) { edata.data &= ~NETIF_F_TSO; need_change = 1; lc_log_basic(LOG_NOTICE, "Disabling TSO for intf '%s'\n", intf_name); } else { need_change = 0; } if (need_change) { edata.cmd = ETHTOOL_STSO; md_nkn_ethtool_ioctl(intf_name, &edata); } } complain_error(status); } else if (cmd == NKN_ETHTOOL_TSO_GET) { uint32_t tso_idx = 0; const char *tso_status = NULL; str_value_t tso = {0}; err = lc_launch_quick_status(&status, &output, true,3, "/usr/sbin/ethtool", "-k", intf_name); bail_error(err); complain_error(status); err = ts_tokenize(output, '\n', '\\', '"', 0, &ret_params); bail_error(err); err = tstr_array_linear_search_prefix_str(ret_params, "tcp-segmentation-offload:", false, true, 0, &tso_idx); bail_error(err); tso_status = tstr_array_get_str_quick(ret_params, tso_idx); bail_null(tso_status); sscanf(tso_status, "tcp-segmentation-offload: %s", tso); *data = (!strcmp(tso, "on")) ? 1 : 0; } bail: tstr_array_free(&ret_params); ts_free(&output); return err; }