dazuko_rsbac.c File Reference

#include "dazuko_rsbac.h"
#include "dazuko_xp.h"
#include "dazukoio.h"
#include <linux/init.h>
#include <linux/unistd.h>
#include <linux/fs.h>
#include <linux/slab.h>
#include <linux/random.h>
#include <linux/string.h>
#include <linux/module.h>
#include <linux/types.h>
#include <linux/version.h>
#include <asm/uaccess.h>
#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/adf.h>
#include <rsbac/adf_main.h>
#include <rsbac/debug.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/getname.h>
#include <rsbac/net_getname.h>
#include <rsbac/rkmem.h>
#include <rsbac/proc_fs.h>

Go to the source code of this file.

Functions
ssize_t	linux_dazuko_device_read (struct file *file, char *buffer, size_t length, loff_t *pos)
ssize_t	linux_dazuko_device_write (struct file *file, const char *buffer, size_t length, loff_t *pos)
int	linux_dazuko_device_ioctl (struct inode *inode, struct file *file, unsigned int cmd, unsigned long param)
int	linux_dazuko_device_open (struct inode *inode, struct file *file)
int	linux_dazuko_device_release (struct inode *inode, struct file *file)
static int	reset_scanned (struct rsbac_fs_file_t file)
int	xp_init_mutex (struct xp_mutex *mutex)
int	xp_down (struct xp_mutex *mutex)
int	xp_up (struct xp_mutex *mutex)
int	xp_destroy_mutex (struct xp_mutex *mutex)
int	xp_init_rwlock (struct xp_rwlock *rwlock)
int	xp_write_lock (struct xp_rwlock *rwlock)
int	xp_write_unlock (struct xp_rwlock *rwlock)
int	xp_read_lock (struct xp_rwlock *rlock)
int	xp_read_unlock (struct xp_rwlock *rlock)
int	xp_destroy_rwlock (struct xp_rwlock *rwlock)
int	xp_init_queue (struct xp_queue *queue)
int	xp_wait_until_condition (struct xp_queue *queue, int(*cfunction)(void *), void *cparam, int allow_interrupt)
int	xp_notify (struct xp_queue *queue)
int	xp_destroy_queue (struct xp_queue *queue)
void *	xp_malloc (size_t size)
int	xp_free (void *ptr)
int	xp_copyin (const void *user_src, void *kernel_dest, size_t size)
int	xp_copyout (const void *kernel_src, void *user_dest, size_t size)
int	xp_verify_user_writable (const void *user_ptr, size_t size)
int	xp_verify_user_readable (const void *user_ptr, size_t size)
int	xp_is_absolute_path (const char *path)
int	xp_atomic_set (struct xp_atomic *atomic, int value)
int	xp_atomic_inc (struct xp_atomic *atomic)
int	xp_atomic_dec (struct xp_atomic *atomic)
int	xp_atomic_read (struct xp_atomic *atomic)
int	xp_copy_file (struct xp_file *dest, struct xp_file *src)
int	xp_compare_file (struct xp_file *file1, struct xp_file *file2)
int	xp_fill_file_struct (struct dazuko_file_struct *dfs)
static int	dazuko_file_struct_cleanup (struct dazuko_file_struct **dfs)
int	xp_id_compare (struct xp_daemon_id *id1, struct xp_daemon_id *id2)
int	xp_id_free (struct xp_daemon_id *id)
xp_daemon_id *	xp_id_copy (struct xp_daemon_id *id)
int	xp_sys_hook ()
int	xp_sys_unhook ()
int	xp_print (const char *fmt,...)
int __init	rsbac_init_daz (void)
enum rsbac_adf_req_ret_t	rsbac_adf_request_daz (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner)
int	rsbac_adf_set_attr_daz (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t new_target, union rsbac_target_id_t new_tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner)
Variables
xp_atomic	active
static int	dev_major = -1
static struct file_operations	fops

---

Function Documentation

static int dazuko_file_struct_cleanup (  struct dazuko_file_struct **  dfs  )  [static]

Definition at line 393 of file dazuko_rsbac.c. References NULL, and xp_free(). { if (dfs == NULL) return 0; if (*dfs == NULL) return 0; if ((*dfs)->extra_data != NULL) { if ((*dfs)->extra_data->free_full_filename) xp_free((*dfs)->extra_data->full_filename); xp_free((*dfs)->extra_data); } xp_free(*dfs); *dfs = NULL; return 0; }

int linux_dazuko_device_ioctl (  struct inode *  inode, struct file *  file, unsigned int  cmd, unsigned long  param )

int linux_dazuko_device_open (  struct inode *  inode, struct file *  file )

ssize_t linux_dazuko_device_read (  struct file *  file, char *  buffer, size_t  length, loff_t *  pos )

int linux_dazuko_device_release (  struct inode *  inode, struct file *  file )

ssize_t linux_dazuko_device_write (  struct file *  file, const char *  buffer, size_t  length, loff_t *  pos )

static int reset_scanned (  struct rsbac_fs_file_t  file  )  [inline, static]

Definition at line 127 of file dazuko_rsbac.c. { return 0; }

enum rsbac_adf_req_ret_t rsbac_adf_request_daz (  enum rsbac_adf_request_t  request, rsbac_pid_t  caller_pid, enum rsbac_target_t  target, union rsbac_target_id_t  tid, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t  attr_val, rsbac_uid_t  owner )

Definition at line 701 of file dazuko_rsbac.c. References A_daz_role, A_daz_scanned, A_daz_scanner, A_none, A_system_role, D_char, DAZ, DAZ_clean, DAZ_infected, rsbac_attribute_value_t::daz_scanned, rsbac_attribute_value_t::daz_scanner, dazuko_bzero(), dazuko_file_struct_cleanup(), DAZUKO_ON_CLOSE, DAZUKO_ON_EXEC, DAZUKO_ON_OPEN, DAZUKO_ON_RMDIR, DAZUKO_ON_UNLINK, dazuko_sys_check(), dazuko_sys_pre(), rsbac_target_id_t::dev, DO_NOT_CARE, xp_daemon_id::file, FREEZE, GRANTED, NOT_GRANTED, NULL, xp_daemon_id::pid, rsbac_target_id_t::process, R_APPEND_OPEN, R_CLOSE, R_DELETE, R_EXECUTE, R_MODIFY_ATTRIBUTE, R_READ_ATTRIBUTE, R_READ_OPEN, R_READ_WRITE_OPEN, R_SWITCH_MODULE, R_WRITE_OPEN, RSBAC_EREADFAILED, rsbac_get_attr, rsbac_printk(), rsbac_set_attr, SOFTMODE, SR_security_officer, rsbac_attribute_value_t::system_role, T_DEV, T_DIR, T_FILE, T_NONE, T_PROCESS, T_USER, TRUE, rsbac_dev_desc_t::type, UNDEFINED, rsbac_target_id_t::user, xp_free(), and xp_malloc(). { struct dazuko_file_struct *dfs = NULL; struct xp_daemon_id xp_id; int error = 0; int check_error = 0; struct event_properties event_p; int event; int daemon_allowed; union rsbac_target_id_t i_tid; union rsbac_attribute_value_t i_attr_val1; switch (request) { case R_DELETE: if (target == T_FILE) { event = DAZUKO_ON_UNLINK; daemon_allowed = 1; } else if (target == T_DIR) { event = DAZUKO_ON_RMDIR; daemon_allowed = 1; } else { return DO_NOT_CARE; } break; case R_CLOSE: if (target == T_FILE) { event = DAZUKO_ON_CLOSE; daemon_allowed = 1; } else { return DO_NOT_CARE; } break; case R_EXECUTE: if (target == T_FILE) { event = DAZUKO_ON_EXEC; daemon_allowed = 0; } else { return DO_NOT_CARE; } break; case R_APPEND_OPEN: case R_READ_WRITE_OPEN: case R_READ_OPEN: case R_WRITE_OPEN: if (target == T_FILE) { event = DAZUKO_ON_OPEN; daemon_allowed = 1; } else if (target == T_DEV) { if( (tid.dev.type == D_char) && (MAJOR(tid.dev.id) == CONFIG_RSBAC_DAZ_DEV_MAJOR) ) { i_tid.process = caller_pid; if (rsbac_get_attr(DAZ, T_PROCESS, i_tid, A_daz_scanner, &i_attr_val1, TRUE)) { rsbac_printk(KERN_WARNING "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n"); return(NOT_GRANTED); } /* if scanner, then grant */ if (i_attr_val1.daz_scanner) return(GRANTED); else return(NOT_GRANTED); } else return DO_NOT_CARE; } else { return DO_NOT_CARE; } break; case R_MODIFY_ATTRIBUTE: switch(attr) { case A_daz_scanned: case A_daz_scanner: case A_system_role: case A_daz_role: /* All attributes (remove target!) */ case A_none: /* Security Officer? */ i_tid.user = owner; if (rsbac_get_attr(DAZ, T_USER, i_tid, A_daz_role, &i_attr_val1, TRUE)) { rsbac_printk(KERN_WARNING "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n"); return(NOT_GRANTED); } /* if sec_officer, then grant */ if (i_attr_val1.system_role == SR_security_officer) return(GRANTED); else return(NOT_GRANTED); default: return(DO_NOT_CARE); } case R_READ_ATTRIBUTE: switch(attr) { /* every user may see scan status of files */ case A_daz_scanned: return(GRANTED); /* ...but only security officers may see other attributes */ case A_system_role: case A_daz_role: case A_daz_scanner: /* Security Officer? */ i_tid.user = owner; if (rsbac_get_attr(DAZ, T_USER, i_tid, A_daz_role, &i_attr_val1, TRUE)) { rsbac_printk(KERN_WARNING "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n"); return(NOT_GRANTED); } /* if sec_officer, then grant */ if (i_attr_val1.system_role == SR_security_officer) return(GRANTED); else return(NOT_GRANTED); default: return(DO_NOT_CARE); } case R_SWITCH_MODULE: switch(target) { case T_NONE: /* we need the switch_target */ if(attr != A_switch_target) return(UNDEFINED); /* do not care for other modules */ if( (attr_val.switch_target != DAZ) #ifdef CONFIG_RSBAC_SOFTMODE && (attr_val.switch_target != SOFTMODE) #endif #ifdef CONFIG_RSBAC_FREEZE && (attr_val.switch_target != FREEZE) #endif ) return(DO_NOT_CARE); /* test owner's daz_role */ i_tid.user = owner; if (rsbac_get_attr(DAZ, T_USER, i_tid, A_daz_role, &i_attr_val1, TRUE)) { rsbac_printk(KERN_WARNING "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n"); return(NOT_GRANTED); } /* security officer? -> grant */ if (i_attr_val1.system_role == SR_security_officer) return(GRANTED); else return(NOT_GRANTED); /* all other cases are undefined */ default: return(DO_NOT_CARE); } /*********************/ default: return DO_NOT_CARE; } #if defined(CONFIG_RSBAC_DAZ_CACHE) /* get daz_scanned for file */ if (rsbac_get_attr(DAZ, T_FILE, tid, A_daz_scanned, &i_attr_val1, TRUE)) { rsbac_printk(KERN_WARNING "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n"); return(-RSBAC_EREADFAILED); } if(i_attr_val1.daz_scanned == DAZ_clean) return GRANTED; #endif xp_id.pid = current->pid; xp_id.file = NULL; check_error = dazuko_sys_check(event, daemon_allowed, &xp_id); if (!check_error) { dazuko_bzero(&event_p, sizeof(event_p)); /* event_p.flags = flags; event_p.set_flags = 1; event_p.mode = mode; event_p.set_mode = 1; */ event_p.pid = current->pid; event_p.set_pid = 1; event_p.uid = current->uid; event_p.set_uid = 1; dfs = (struct dazuko_file_struct *)xp_malloc(sizeof(struct dazuko_file_struct)); if (dfs != NULL) { dazuko_bzero(dfs, sizeof(struct dazuko_file_struct)); dfs->extra_data = (struct xp_file_struct *)xp_malloc(sizeof(struct xp_file_struct)); if (dfs->extra_data != NULL) { dazuko_bzero(dfs->extra_data, sizeof(struct xp_file_struct)); dfs->extra_data->dentry = tid.file.dentry_p; error = dazuko_sys_pre(event, dfs, NULL, &event_p); #if defined(CONFIG_RSBAC_DAZ_CACHE) if(!error) i_attr_val1.daz_scanned = DAZ_clean; else i_attr_val1.daz_scanned = DAZ_infected; if (rsbac_set_attr(DAZ, target, tid, A_daz_scanned, i_attr_val1)) { rsbac_printk(KERN_WARNING "rsbac_adf_request_daz(): rsbac_set_attr() returned error!\n"); return NOT_GRANTED; } #endif } else { xp_free(dfs); dfs = NULL; } dazuko_file_struct_cleanup(&dfs); } } if(!error) return GRANTED; else return NOT_GRANTED; }; /* end of rsbac_adf_request_daz() */

int rsbac_adf_set_attr_daz (  enum rsbac_adf_request_t  request, rsbac_pid_t  caller_pid, enum rsbac_target_t  target, union rsbac_target_id_t  tid, enum rsbac_target_t  new_target, union rsbac_target_id_t  new_tid, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t  attr_val, rsbac_uid_t  owner )

Definition at line 1008 of file dazuko_rsbac.c. References A_daz_scanned, A_daz_scanner, DAZ, DAZ_clean, rsbac_attribute_value_t::daz_scanned, rsbac_attribute_value_t::daz_scanner, dazuko_bzero(), dazuko_file_struct_cleanup(), DAZUKO_ON_CLOSE, DAZUKO_ON_EXEC, DAZUKO_ON_OPEN, DAZUKO_ON_RMDIR, DAZUKO_ON_UNLINK, dazuko_sys_check(), dazuko_sys_post(), FALSE, xp_daemon_id::file, NULL, xp_daemon_id::pid, rsbac_target_id_t::process, R_APPEND_OPEN, R_CLONE, R_CLOSE, R_DELETE, R_EXECUTE, R_READ_OPEN, R_READ_WRITE_OPEN, R_WRITE_OPEN, reset_scanned(), RSBAC_EREADFAILED, RSBAC_EWRITEFAILED, rsbac_get_attr, rsbac_printk(), rsbac_set_attr, T_DIR, T_FILE, T_PROCESS, TRUE, xp_free(), and xp_malloc(). { struct dazuko_file_struct *dfs = NULL; struct xp_daemon_id xp_id; int check_error = 0; struct event_properties event_p; int event; int daemon_allowed; union rsbac_target_id_t i_tid; union rsbac_attribute_value_t i_attr_val1; union rsbac_attribute_value_t i_attr_val2; switch (request) { case R_DELETE: if (target == T_FILE) { reset_scanned(tid.file); event = DAZUKO_ON_UNLINK; daemon_allowed = 1; } else if (target == T_DIR) { event = DAZUKO_ON_RMDIR; daemon_allowed = 1; } else { return(0); } break; case R_CLOSE: if (target == T_FILE) { event = DAZUKO_ON_CLOSE; daemon_allowed = 1; } else { return(0); } break; case R_EXECUTE: if (target == T_FILE) { /* get daz_scanner for file */ if (rsbac_get_attr(DAZ, T_FILE, tid, A_daz_scanner, &i_attr_val1, TRUE)) { rsbac_printk(KERN_WARNING "rsbac_adf_set_attr_daz(): rsbac_get_attr() returned error!\n"); return(-RSBAC_EREADFAILED); } /* get for process */ i_tid.process = caller_pid; if (rsbac_get_attr(DAZ, T_PROCESS, i_tid, A_daz_scanner, &i_attr_val2, FALSE)) { rsbac_printk(KERN_WARNING "rsbac_adf_set_attr_daz(): rsbac_get_attr() returned error!\n"); return(-RSBAC_EREADFAILED); } /* and set for process, if different */ if(i_attr_val1.daz_scanner != i_attr_val2.daz_scanner) if (rsbac_set_attr(DAZ, T_PROCESS, i_tid, A_daz_scanner, i_attr_val1)) { rsbac_printk(KERN_WARNING "rsbac_adf_set_attr_daz(): rsbac_set_attr() returned error!\n"); return(-RSBAC_EWRITEFAILED); } event = DAZUKO_ON_EXEC; daemon_allowed = 0; } else { return(0); } break; case R_APPEND_OPEN: case R_READ_WRITE_OPEN: case R_WRITE_OPEN: if (target == T_FILE) { reset_scanned(tid.file); event = DAZUKO_ON_OPEN; daemon_allowed = 1; } else { return(0); } break; case R_READ_OPEN: if (target == T_FILE) { event = DAZUKO_ON_OPEN; daemon_allowed = 1; } else { return(0); } break; case R_CLONE: if (target == T_PROCESS) { /* Get daz_scanner from first process */ if (rsbac_get_attr(DAZ, T_PROCESS, tid, A_daz_scanner, &i_attr_val1, FALSE)) { rsbac_printk(KERN_WARNING "rsbac_adf_set_attr_daz(): rsbac_get_attr() returned error!\n"); return(-RSBAC_EREADFAILED); } /* Set daz_scanner for new process, if set for first */ if ( i_attr_val1.daz_scanner && (rsbac_set_attr(DAZ, T_PROCESS, new_tid, A_daz_scanner, i_attr_val1)) ) { rsbac_printk(KERN_WARNING "rsbac_adf_set_attr_daz(): rsbac_set_attr() returned error!\n"); return(-RSBAC_EWRITEFAILED); } return(0); } else return(0); /*********************/ default: return(0); } #if defined(CONFIG_RSBAC_DAZ_CACHE) /* get daz_scanned for file */ if (rsbac_get_attr(DAZ, T_FILE, tid, A_daz_scanned, &i_attr_val1, TRUE)) { rsbac_printk(KERN_WARNING "rsbac_adf_set_attr_daz(): rsbac_get_attr() returned error!\n"); return(-RSBAC_EREADFAILED); } if(i_attr_val1.daz_scanned == DAZ_clean) return 0; #endif xp_id.pid = current->pid; xp_id.file = NULL; check_error = dazuko_sys_check(event, daemon_allowed, &xp_id); if (!check_error) { dazuko_bzero(&event_p, sizeof(event_p)); /* event_p.flags = flags; event_p.set_flags = 1; event_p.mode = mode; event_p.set_mode = 1; */ event_p.pid = current->pid; event_p.set_pid = 1; event_p.uid = current->uid; event_p.set_uid = 1; dfs = (struct dazuko_file_struct *)xp_malloc(sizeof(struct dazuko_file_struct)); if (dfs != NULL) { dazuko_bzero(dfs, sizeof(struct dazuko_file_struct)); dfs->extra_data = (struct xp_file_struct *)xp_malloc(sizeof(struct xp_file_struct)); if (dfs->extra_data != NULL) { dazuko_bzero(dfs->extra_data, sizeof(struct xp_file_struct)); dfs->extra_data->dentry = tid.file.dentry_p; dazuko_sys_post(event, dfs, NULL, &event_p); } else { xp_free(dfs); dfs = NULL; } dazuko_file_struct_cleanup(&dfs); } } return(0); }; /* end of rsbac_adf_set_attr_daz() */

int __init rsbac_init_daz (  void   )

Definition at line 684 of file dazuko_rsbac.c. References dazuko_init(), RSBAC_EREINIT, rsbac_is_initialized(), and rsbac_printk(). { if (rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_init_daz(): RSBAC already initialized\n"); return(-RSBAC_EREINIT); } /* init data structures */ rsbac_printk(KERN_INFO "rsbac_init_daz(): Initializing RSBAC: DAZuko subsystem\n"); return dazuko_init(); }

int xp_atomic_dec (  struct xp_atomic *  atomic  )  [inline]

Definition at line 302 of file dazuko_rsbac.c. References xp_atomic::atomic. { #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) #ifdef MODULE if (atomic == &active) MOD_DEC_USE_COUNT; #endif #endif atomic_dec(&(atomic->atomic)); return 0; }

int xp_atomic_inc (  struct xp_atomic *  atomic  )  [inline]

Definition at line 289 of file dazuko_rsbac.c. References xp_atomic::atomic. { #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) #ifdef MODULE if (atomic == &active) MOD_INC_USE_COUNT; #endif #endif atomic_inc(&(atomic->atomic)); return 0; }

int xp_atomic_read (  struct xp_atomic *  atomic  )  [inline]

Definition at line 315 of file dazuko_rsbac.c. References xp_atomic::atomic. { return atomic_read(&(atomic->atomic)); }

int xp_atomic_set (  struct xp_atomic *  atomic, int  value )  [inline]

Definition at line 283 of file dazuko_rsbac.c. References xp_atomic::atomic. { atomic_set(&(atomic->atomic), value); return 0; }

int xp_compare_file (  struct xp_file *  file1, struct xp_file *  file2 )  [inline]

Definition at line 328 of file dazuko_rsbac.c. { return 0; }

int xp_copy_file (  struct xp_file *  dest, struct xp_file *  src )  [inline]

Definition at line 323 of file dazuko_rsbac.c. { return 0; }

int xp_copyin (  const void *  user_src, void *  kernel_dest, size_t  size )  [inline]

Definition at line 252 of file dazuko_rsbac.c. { return copy_from_user(kernel_dest, user_src, size); }

int xp_copyout (  const void *  kernel_src, void *  user_dest, size_t  size )  [inline]

Definition at line 257 of file dazuko_rsbac.c. { return copy_to_user(user_dest, kernel_src, size); }

int xp_destroy_mutex (  struct xp_mutex *  mutex  )  [inline]

Definition at line 159 of file dazuko_rsbac.c. { return 0; }

int xp_destroy_queue (  struct xp_queue *  queue  )  [inline]

Definition at line 233 of file dazuko_rsbac.c. { return 0; }

int xp_destroy_rwlock (  struct xp_rwlock *  rwlock  )  [inline]

Definition at line 197 of file dazuko_rsbac.c. { return 0; }

int xp_down (  struct xp_mutex *  mutex  )  [inline]

Definition at line 147 of file dazuko_rsbac.c. References xp_mutex::mutex. { down(&(mutex->mutex)); return 0; }

int xp_fill_file_struct (  struct dazuko_file_struct *  dfs  )  [inline]

Definition at line 333 of file dazuko_rsbac.c. References dazuko_get_filename_length(), xp_file_struct::dentry, file_properties::device_type, dazuko_file_struct::extra_data, dazuko_file_struct::file_p, dazuko_file_struct::filename, dazuko_file_struct::filename_length, xp_file_struct::free_full_filename, xp_file_struct::full_filename, xp_file_struct::full_filename_length, file_properties::gid, file_properties::mode, NULL, rsbac_get_full_path(), rsbac_get_full_path_length(), file_properties::set_device_type, file_properties::set_gid, file_properties::set_mode, file_properties::set_size, file_properties::set_uid, file_properties::size, file_properties::uid, and xp_malloc(). { int length; /* make sure we have access to everything */ if (dfs == NULL) return -1; if (dfs->extra_data == NULL) return -1; if (dfs->extra_data->dentry == NULL) return -1; if (dfs->extra_data->dentry->d_inode == NULL) return -1; /* ok, we have everything we need */ length = rsbac_get_full_path_length(dfs->extra_data->dentry); if (length < 1) return -1; dfs->extra_data->full_filename = xp_malloc(length + 1); if (dfs->extra_data->full_filename == NULL) return -1; /* the full_filename will need to be deleted later */ dfs->extra_data->free_full_filename = 1; if (rsbac_get_full_path(dfs->extra_data->dentry, dfs->extra_data->full_filename, length + 1) < 1) return -1; /* find the actual value of the length */ dfs->extra_data->full_filename_length = dazuko_get_filename_length(dfs->extra_data->full_filename); /* reference copy of full path */ dfs->filename = dfs->extra_data->full_filename; dfs->filename_length = dfs->extra_data->full_filename_length; dfs->file_p.size = dfs->extra_data->dentry->d_inode->i_size; dfs->file_p.set_size = 1; dfs->file_p.uid = dfs->extra_data->dentry->d_inode->i_uid; dfs->file_p.set_uid = 1; dfs->file_p.gid = dfs->extra_data->dentry->d_inode->i_gid; dfs->file_p.set_gid = 1; dfs->file_p.mode = dfs->extra_data->dentry->d_inode->i_mode; dfs->file_p.set_mode = 1; #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) dfs->file_p.device_type = dfs->extra_data->dentry->d_inode->i_dev; #else dfs->file_p.device_type = dfs->extra_data->dentry->d_inode->i_rdev; #endif dfs->file_p.set_device_type = 1; return 0; }

int xp_free (  void *  ptr  )  [inline]

Definition at line 246 of file dazuko_rsbac.c. { kfree(ptr); return 0; }

int xp_id_compare (  struct xp_daemon_id *  id1, struct xp_daemon_id *  id2 )

Definition at line 419 of file dazuko_rsbac.c. References xp_daemon_id::file, NULL, and xp_daemon_id::pid. { if (id1 == NULL || id2 == NULL) return -1; /* if file's are available and they match, * then we say that the id's match */ if (id1->file != NULL && id1->file == id2->file) return 0; if (id1->pid == id2->pid) return 0; return 1; }

struct xp_daemon_id* xp_id_copy (  struct xp_daemon_id *  id  )

Definition at line 442 of file dazuko_rsbac.c. References xp_daemon_id::file, NULL, xp_daemon_id::pid, and xp_malloc(). { struct xp_daemon_id *ptr; if (id == NULL) return NULL; ptr = (struct xp_daemon_id *)xp_malloc(sizeof(struct xp_daemon_id)); if (ptr != NULL) { ptr->pid = id->pid; ptr->file = id->file; } return ptr; }

int xp_id_free (  struct xp_daemon_id *  id  )

Definition at line 435 of file dazuko_rsbac.c. References xp_free(). { xp_free(id); return 0; }

int xp_init_mutex (  struct xp_mutex *  mutex  )  [inline]

Definition at line 136 of file dazuko_rsbac.c. References xp_mutex::mutex. { #ifdef init_MUTEX init_MUTEX(&(mutex->mutex)); #else sema_init(&(mutex->mutex), 1); #endif return 0; }

int xp_init_queue (  struct xp_queue *  queue  )  [inline]

Definition at line 205 of file dazuko_rsbac.c. References xp_queue::queue. { init_waitqueue_head(&(queue->queue)); return 0; }

int xp_init_rwlock (  struct xp_rwlock *  rwlock  )  [inline]

Definition at line 167 of file dazuko_rsbac.c. References xp_rwlock::rwlock. { rwlock_init(&(rwlock->rwlock)); return 0; }

int xp_is_absolute_path (  const char *  path  )  [inline]

Definition at line 275 of file dazuko_rsbac.c. { return (path[0] == '/'); }

void* xp_malloc (  size_t  size  )  [inline]

Definition at line 241 of file dazuko_rsbac.c. References rsbac_kmalloc(). { return rsbac_kmalloc(size); }

int xp_notify (  struct xp_queue *  queue  )  [inline]

Definition at line 227 of file dazuko_rsbac.c. References xp_queue::queue. { wake_up(&(queue->queue)); return 0; }

int xp_print (  const char *  fmt,   ... )

Definition at line 522 of file dazuko_rsbac.c. References dazuko_vsnprintf(), rsbac_printk(), xp_free(), and xp_malloc(). { va_list args; char *p; size_t size = 1024; p = (char *)xp_malloc(size); if (!p) return -1; va_start(args, fmt); dazuko_vsnprintf(p, size-1, fmt, args); va_end(args); p[size-1] = 0; rsbac_printk(p); xp_free(p); return 0; }

int xp_read_lock (  struct xp_rwlock *  rlock  )  [inline]

Definition at line 185 of file dazuko_rsbac.c. References xp_rwlock::rwlock. { read_lock(&(rlock->rwlock)); return 0; }

int xp_read_unlock (  struct xp_rwlock *  rlock  )  [inline]

Definition at line 191 of file dazuko_rsbac.c. References xp_rwlock::rwlock. { read_unlock(&(rlock->rwlock)); return 0; }

int xp_sys_hook (  void   )  [inline]

Definition at line 463 of file dazuko_rsbac.c. References dev_major, DEVICE_NAME, fops, NULL, and xp_print(). { /* Called insmod when inserting the module. */ /* register the dazuko device */ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) dev_major = register_chrdev(CONFIG_RSBAC_DAZ_DEV_MAJOR, DEVICE_NAME, &fops); devfs_mk_cdev(MKDEV(dev_major, CONFIG_RSBAC_DAZ_DEV_MAJOR), S_IFCHR | S_IRUSR | S_IWUSR, DEVICE_NAME); #else #ifdef CONFIG_DEVFS_FS dev_major = devfs_register_chrdev(CONFIG_RSBAC_DAZ_DEV_MAJOR, DEVICE_NAME, &fops); devfs_register(NULL, DEVICE_NAME, DEVFS_FL_DEFAULT, dev_major, 0, S_IFCHR | S_IRUSR | S_IWUSR, &fops, NULL); #else dev_major = register_chrdev(CONFIG_RSBAC_DAZ_DEV_MAJOR, DEVICE_NAME, &fops); #endif #endif if (dev_major < 0) { xp_print("dazuko: unable to register device chrdev, err=%d\n", dev_major); return dev_major; } /* initialization complete */ return 0; }

int xp_sys_unhook (  void   )  [inline]

Definition at line 493 of file dazuko_rsbac.c. References dev_major, DEVICE_NAME, NULL, and xp_print(). { /* Called by rmmod when removing the module. */ int error; #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) error = unregister_chrdev(dev_major, DEVICE_NAME); devfs_remove(DEVICE_NAME); #else #ifdef CONFIG_DEVFS_FS error = devfs_unregister_chrdev(dev_major, DEVICE_NAME); devfs_unregister(devfs_find_handle(NULL, DEVICE_NAME, dev_major, 0, DEVFS_SPECIAL_CHR, 0)); #else error = unregister_chrdev(dev_major, DEVICE_NAME); #endif #endif if (error < 0) { xp_print("dazuko: error unregistering chrdev, err=%d\n", error); } return 0; }

int xp_up (  struct xp_mutex *  mutex  )  [inline]

Definition at line 153 of file dazuko_rsbac.c. References xp_mutex::mutex. { up(&(mutex->mutex)); return 0; }

int xp_verify_user_readable (  const void *  user_ptr, size_t  size )  [inline]

Definition at line 267 of file dazuko_rsbac.c. { return 0; }

int xp_verify_user_writable (  const void *  user_ptr, size_t  size )  [inline]

Definition at line 262 of file dazuko_rsbac.c. { return 0; }

int xp_wait_until_condition (  struct xp_queue *  queue, int(*)(void *)  cfunction, void *  cparam, int  allow_interrupt )  [inline]

Definition at line 211 of file dazuko_rsbac.c. References xp_queue::queue. { /* wait until cfunction(cparam) != 0 (condition is true) */ if (allow_interrupt) { return wait_event_interruptible(queue->queue, cfunction(cparam) != 0); } else { wait_event(queue->queue, cfunction(cparam) != 0); } return 0; }

int xp_write_lock (  struct xp_rwlock *  rwlock  )  [inline]

Definition at line 173 of file dazuko_rsbac.c. References xp_rwlock::rwlock. { write_lock(&(rwlock->rwlock)); return 0; }

int xp_write_unlock (  struct xp_rwlock *  rwlock  )  [inline]

Definition at line 179 of file dazuko_rsbac.c. References xp_rwlock::rwlock. { write_unlock(&(rwlock->rwlock)); return 0; }

---

Variable Documentation

struct xp_atomic active

int dev_major = -1 [static]

Definition at line 81 of file dazuko_rsbac.c.

struct file_operations fops [static]

Initial value: { read: linux_dazuko_device_read, write: linux_dazuko_device_write, ioctl: linux_dazuko_device_ioctl, open: linux_dazuko_device_open, release: linux_dazuko_device_release, } Definition at line 83 of file dazuko_rsbac.c.

---