(empty log message)
@@ -951,7 +951,7 @@ | ||
951 | 951 | /* Which profile number does <kernel> domain use? */ |
952 | 952 | static unsigned char default_profile = 0; |
953 | 953 | /* Which ACL group does <kernel> domain use? */ |
954 | -static unsigned char default_group = 0; | |
954 | +static _Bool use_group[256] = { }; | |
955 | 955 | |
956 | 956 | /** |
957 | 957 | * make_domain_policy - Make /etc/tomoyo/policy/current/domain_policy.conf . |
@@ -961,6 +961,7 @@ | ||
961 | 961 | static void make_domain_policy(void) |
962 | 962 | { |
963 | 963 | FILE *fp; |
964 | + int i; | |
964 | 965 | if (!chdir_policy()) |
965 | 966 | return; |
966 | 967 | if (!access("domain_policy.conf", R_OK)) |
@@ -971,8 +972,10 @@ | ||
971 | 972 | return; |
972 | 973 | } |
973 | 974 | fprintf(stderr, "Creating domain policy... "); |
974 | - fprintf(fp, "<kernel>\nuse_profile %u\nuse_group %u\n", | |
975 | - default_profile, default_group); | |
975 | + fprintf(fp, "<kernel>\nuse_profile %u\n", default_profile); | |
976 | + for (i = 0; i < 256; i++) | |
977 | + if (use_group[i]) | |
978 | + fprintf(fp, "use_group %u\n", i); | |
976 | 979 | close_file(fp, 1, "domain_policy.tmp", "domain_policy.conf"); |
977 | 980 | } |
978 | 981 |
@@ -1644,7 +1647,7 @@ | ||
1644 | 1647 | } else if (!strncmp(arg, "use_profile=", 12)) { |
1645 | 1648 | default_profile = atoi(arg + 12); |
1646 | 1649 | } else if (!strncmp(arg, "use_group=", 10)) { |
1647 | - default_group = atoi(arg + 10); | |
1650 | + use_group[(unsigned char) atoi(arg + 10)] = 1; | |
1648 | 1651 | } else if (!strncmp(arg, "grant_log=", 10)) { |
1649 | 1652 | grant_log = arg + 10; |
1650 | 1653 | } else if (!strncmp(arg, "reject_log=", 11)) { |
@@ -1658,6 +1661,11 @@ | ||
1658 | 1661 | } |
1659 | 1662 | if (!dir) |
1660 | 1663 | dir = "/etc/tomoyo"; |
1664 | + for (i = 0; i < 256; i++) | |
1665 | + if (use_group[i]) | |
1666 | + break; | |
1667 | + if (i == 256) | |
1668 | + use_group[0] = 1; | |
1661 | 1669 | policy_dir = strdup(dir); |
1662 | 1670 | memset(path, 0, sizeof(path)); |
1663 | 1671 | make_policy_dir(); |
@@ -712,7 +712,8 @@ | ||
712 | 712 | struct list_head acl_info_list; |
713 | 713 | /* Name of this domain. Never NULL. */ |
714 | 714 | const struct ccs_path_info *domainname; |
715 | - u8 group; /* Group number to use. */ | |
715 | + /* Group numbers to use. */ | |
716 | + bool group[CCS_MAX_ACL_GROUPS]; | |
716 | 717 | u8 profile; /* Profile number to use. */ |
717 | 718 | bool is_deleted; /* Delete flag. */ |
718 | 719 | bool flags[CCS_MAX_DOMAIN_INFO_FLAGS]; |
@@ -3637,8 +3638,7 @@ | ||
3637 | 3638 | } |
3638 | 3639 | if (sscanf(data, "use_group %u\n", &idx) == 1 && |
3639 | 3640 | idx < CCS_MAX_ACL_GROUPS) { |
3640 | - if (!is_delete) | |
3641 | - domain->group = (u8) idx; | |
3641 | + domain->group[idx] = !is_delete; | |
3642 | 3642 | return 0; |
3643 | 3643 | } |
3644 | 3644 | for (idx = 0; idx < CCS_MAX_DOMAIN_INFO_FLAGS; idx++) { |
@@ -4024,7 +4024,7 @@ | ||
4024 | 4024 | if (domain->flags[i]) |
4025 | 4025 | cprintf("%s", ccs_dif[i]); |
4026 | 4026 | for (i = 0; i < CCS_MAX_ACL_GROUPS; i++) |
4027 | - if (domain->group == i) | |
4027 | + if (domain->group[i]) | |
4028 | 4028 | cprintf("use_group %u\n", i); |
4029 | 4029 | cprintf("\n"); |
4030 | 4030 | ccs_read_domain2(&domain->acl_info_list); |