00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011 #include <linux/types.h>
00012 #include <linux/version.h>
00013 #include <linux/fs.h>
00014 #include <linux/sched.h>
00015 #include <linux/quotaops.h>
00016 #include <linux/proc_fs.h>
00017 #include <linux/msdos_fs.h>
00018 #include <linux/iso_fs.h>
00019 #include <linux/nfs_fs.h>
00020 #include <linux/ext2_fs.h>
00021 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00022 #include <linux/coda.h>
00023 #include <linux/initrd.h>
00024 #include <linux/security.h>
00025
00026 #include <linux/syscalls.h>
00027 #endif
00028 #include <linux/coda_psdev.h>
00029 #include <linux/ncp_fs.h>
00030 #include <linux/smb.h>
00031 #include <linux/dnotify.h>
00032 #include <linux/mm.h>
00033 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00034 #include <linux/blkdev.h>
00035 #else
00036 #include <linux/blk.h>
00037 #endif
00038 #include <linux/init.h>
00039 #include <linux/config.h>
00040 #include <linux/module.h>
00041 #include <linux/netdevice.h>
00042 #include <linux/inetdevice.h>
00043 #include <asm/uaccess.h>
00044 #include <asm/atomic.h>
00045 #include <rsbac/types.h>
00046 #include <rsbac/aci.h>
00047 #include <rsbac/aci_data_structures.h>
00048 #include <rsbac/error.h>
00049 #include <rsbac/helpers.h>
00050 #include <rsbac/fs.h>
00051 #include <rsbac/getname.h>
00052 #include <rsbac/net_getname.h>
00053 #include <rsbac/adf.h>
00054 #include <rsbac/adf_main.h>
00055 #include <rsbac/reg.h>
00056 #include <rsbac/rkmem.h>
00057 #include <rsbac/gen_lists.h>
00058 #include <linux/string.h>
00059 #include <linux/kdev_t.h>
00060 #include <linux/smp_lock.h>
00061
00062 #ifdef CONFIG_RSBAC_MAC
00063 #include <rsbac/mac.h>
00064 #endif
00065
00066 #ifdef CONFIG_RSBAC_PM
00067 #include <rsbac/pm.h>
00068 #endif
00069
00070 #ifdef CONFIG_RSBAC_DAZ
00071 #include <rsbac/daz.h>
00072 #endif
00073
00074 #if defined(CONFIG_RSBAC_RC)
00075 #include <rsbac/rc.h>
00076 #endif
00077
00078 #if defined(CONFIG_RSBAC_AUTH)
00079 #include <rsbac/auth.h>
00080 #endif
00081
00082 #if defined(CONFIG_RSBAC_ACL)
00083 #include <rsbac/acl.h>
00084 #endif
00085
00086 #if defined(CONFIG_RSBAC_PAX) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
00087 #include <rsbac/pax.h>
00088 #endif
00089
00090 #ifdef CONFIG_RSBAC_UM
00091 #include <rsbac/um.h>
00092 #endif
00093
00094 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
00095 #include <linux/unistd.h>
00096 #include <linux/timer.h>
00097 static u_int auto_interval = CONFIG_RSBAC_AUTO_WRITE * HZ;
00098 #endif
00099
00100 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
00101 || defined(CONFIG_RSBAC_INIT_THREAD)
00102 static DECLARE_WAIT_QUEUE_HEAD(rsbacd_wait);
00103 static struct timer_list rsbac_timer;
00104 #endif
00105
00106 #if defined(CONFIG_RSBAC_NET_OBJ)
00107 #include <rsbac/network.h>
00108 #endif
00109
00110
00111
00112
00113
00114
00115
00116
00117
00118 static rsbac_boolean_t rsbac_initialized = FALSE;
00119
00120 static char compiled_modules[80];
00121
00122 kdev_t rsbac_root_dev;
00123 #if defined(CONFIG_RSBAC_REG)
00124 EXPORT_SYMBOL(rsbac_root_dev);
00125 #endif
00126 DECLARE_MUTEX(rsbac_write_sem);
00127
00128 static struct rsbac_device_list_head_t device_list_head;
00129 static struct rsbac_dev_handles_t dev_handles;
00130 static struct rsbac_dev_handles_t dev_major_handles;
00131 static struct rsbac_ipc_handles_t ipc_handles;
00132 static struct rsbac_user_handles_t user_handles;
00133 #ifdef CONFIG_RSBAC_RC_UM_PROT
00134 static struct rsbac_group_handles_t group_handles;
00135 #endif
00136 static struct rsbac_process_handles_t process_handles;
00137
00138 #ifdef CONFIG_RSBAC_NET_DEV
00139 static struct rsbac_netdev_handles_t netdev_handles;
00140 #endif
00141 #ifdef CONFIG_RSBAC_NET_OBJ
00142 static rsbac_list_handle_t net_temp_handle;
00143 static struct rsbac_nettemp_handles_t nettemp_handles;
00144 static struct rsbac_lnetobj_handles_t lnetobj_handles;
00145 static struct rsbac_rnetobj_handles_t rnetobj_handles;
00146 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
00147 static struct rsbac_gen_netobj_aci_t def_gen_netobj_aci = DEFAULT_GEN_NETOBJ_ACI;
00148 #endif
00149 #endif
00150
00151
00152
00153
00154 static struct rsbac_gen_fd_aci_t def_gen_root_dir_aci = DEFAULT_GEN_ROOT_DIR_ACI;
00155 static struct rsbac_gen_fd_aci_t def_gen_fd_aci = DEFAULT_GEN_FD_ACI;
00156
00157 #if defined(CONFIG_RSBAC_MAC)
00158 static struct rsbac_mac_fd_aci_t def_mac_root_dir_aci = DEFAULT_MAC_ROOT_DIR_ACI;
00159 static struct rsbac_mac_fd_aci_t def_mac_fd_aci = DEFAULT_MAC_FD_ACI;
00160 #endif
00161 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00162 static rsbac_time_t rsbac_daz_ttl = CONFIG_RSBAC_DAZ_TTL;
00163 #endif
00164 #if defined(CONFIG_RSBAC_PM)
00165 static struct rsbac_pm_fd_aci_t def_pm_fd_aci = DEFAULT_PM_FD_ACI;
00166 #endif
00167 #if defined(CONFIG_RSBAC_RC)
00168 static struct rsbac_rc_fd_aci_t def_rc_root_dir_aci = DEFAULT_RC_ROOT_DIR_ACI;
00169 static struct rsbac_rc_fd_aci_t def_rc_fd_aci = DEFAULT_RC_FD_ACI;
00170 #endif
00171 #if defined(CONFIG_RSBAC_RES)
00172 static struct rsbac_res_fd_aci_t def_res_fd_aci = DEFAULT_RES_FD_ACI;
00173 #endif
00174
00175 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00176 #include <rsbac/proc_fs.h>
00177
00178 #ifdef CONFIG_RSBAC_XSTATS
00179 static u_long get_attr_count[T_NONE] = {0,0,0,0,0,0,0};
00180 static u_long set_attr_count[T_NONE] = {0,0,0,0,0,0,0};
00181 static u_long remove_count[T_NONE] = {0,0,0,0,0,0,0};
00182 #endif
00183
00184 #if defined(CONFIG_RSBAC_REG)
00185 EXPORT_SYMBOL(proc_rsbac_root_p);
00186 #endif
00187 struct proc_dir_entry * proc_rsbac_root_p = NULL;
00188
00189 #if defined(CONFIG_RSBAC_REG)
00190 EXPORT_SYMBOL(proc_rsbac_backup_p);
00191 #endif
00192 struct proc_dir_entry * proc_rsbac_backup_p = NULL;
00193
00194 #endif
00195
00196 #ifdef CONFIG_DEVFS_MOUNT
00197 #include <linux/devfs_fs_kernel.h>
00198 static struct dentry * devfs_covered_p = NULL;
00199 static struct super_block * devfs_sb_p = NULL;
00200 #endif
00201
00202 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00203 static struct dentry * sysfs_covered_p = NULL;
00204 static struct super_block * sysfs_sb_p = NULL;
00205 #endif
00206
00207 #ifdef CONFIG_RSBAC_MAC
00208 static struct rsbac_mac_process_aci_t mac_init_p_aci = DEFAULT_MAC_P_INIT_ACI;
00209 #endif
00210 #ifdef CONFIG_RSBAC_RC
00211 static struct rsbac_rc_process_aci_t rc_kernel_p_aci = DEFAULT_RC_P_KERNEL_ACI;
00212 #endif
00213
00214
00215
00216
00217
00218 static struct rsbac_device_list_item_t * lookup_device(kdev_t);
00219
00220
00221
00222
00223
00224 static inline int gen_fd_hash(u_long inode)
00225 {
00226 return(inode % RSBAC_GEN_NR_FD_LISTS);
00227 }
00228 static inline int gen_p_hash(rsbac_pid_t pid)
00229 {
00230 return(pid % CONFIG_RSBAC_GEN_NR_P_LISTS);
00231 }
00232 #if defined(CONFIG_RSBAC_MAC)
00233 static inline int mac_fd_hash(u_long inode)
00234 {
00235 return(inode % RSBAC_MAC_NR_FD_LISTS);
00236 }
00237 static inline int mac_p_hash(rsbac_pid_t pid)
00238 {
00239 return(pid % CONFIG_RSBAC_MAC_NR_P_LISTS);
00240 }
00241 #endif
00242 #if defined(CONFIG_RSBAC_PM)
00243 static inline int pm_fd_hash(u_long inode)
00244 {
00245 return(inode % RSBAC_PM_NR_FD_LISTS);
00246 }
00247 #endif
00248 #if defined(CONFIG_RSBAC_DAZ)
00249 static inline int daz_fd_hash(u_long inode)
00250 {
00251 return(inode % RSBAC_DAZ_NR_FD_LISTS);
00252 }
00253 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00254 static inline int daz_scanned_fd_hash(u_long inode)
00255 {
00256 return(inode % RSBAC_DAZ_SCANNED_NR_FD_LISTS);
00257 }
00258 #endif
00259 #endif
00260 #if defined(CONFIG_RSBAC_FF)
00261 static inline int ff_fd_hash(u_long inode)
00262 {
00263 return(inode % RSBAC_FF_NR_FD_LISTS);
00264 }
00265 #endif
00266 #if defined(CONFIG_RSBAC_RC)
00267 static inline int rc_fd_hash(u_long inode)
00268 {
00269 return(inode % RSBAC_RC_NR_FD_LISTS);
00270 }
00271 static inline int rc_p_hash(rsbac_pid_t pid)
00272 {
00273 return(pid % CONFIG_RSBAC_RC_NR_P_LISTS);
00274 }
00275 #endif
00276 #if defined(CONFIG_RSBAC_AUTH)
00277 static inline int auth_fd_hash(u_long inode)
00278 {
00279 return(inode % RSBAC_AUTH_NR_FD_LISTS);
00280 }
00281 #endif
00282 #if defined(CONFIG_RSBAC_CAP)
00283 static inline int cap_fd_hash(u_long inode)
00284 {
00285 return(inode % RSBAC_CAP_NR_FD_LISTS);
00286 }
00287 #endif
00288 #if defined(CONFIG_RSBAC_JAIL)
00289 static inline int jail_p_hash(rsbac_pid_t pid)
00290 {
00291 return(pid % CONFIG_RSBAC_JAIL_NR_P_LISTS);
00292 }
00293 #endif
00294 #if defined(CONFIG_RSBAC_PAX)
00295 static inline int pax_fd_hash(u_long inode)
00296 {
00297 return(inode % RSBAC_PAX_NR_FD_LISTS);
00298 }
00299 #endif
00300 #if defined(CONFIG_RSBAC_RES)
00301 static inline int res_fd_hash(u_long inode)
00302 {
00303 return(inode % RSBAC_RES_NR_FD_LISTS);
00304 }
00305 #endif
00306
00307
00308
00309
00310
00311
00312
00313
00314
00315
00316 rsbac_boolean_t writable(struct super_block * sb_p)
00317 {
00318 #ifdef CONFIG_RSBAC_NO_WRITE
00319 return(FALSE);
00320 #else
00321 if (!sb_p || !sb_p->s_dev)
00322 return(FALSE);
00323 if (
00324 rsbac_debug_no_write ||
00325 (sb_p->s_flags & MS_RDONLY)
00326 || in_interrupt())
00327 return(FALSE);
00328 if ( !MAJOR(sb_p->s_dev)
00329 #ifndef CONFIG_RSBAC_MSDOS_WRITE
00330 || (sb_p->s_magic == MSDOS_SUPER_MAGIC)
00331 #endif
00332 || (sb_p->s_magic == SOCKFS_MAGIC)
00333 || (sb_p->s_magic == PIPEFS_MAGIC)
00334 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00335 || (sb_p->s_magic == SYSFS_MAGIC)
00336 #endif
00337 || (sb_p->s_magic == NFS_SUPER_MAGIC)
00338 || (sb_p->s_magic == CODA_SUPER_MAGIC)
00339 || (sb_p->s_magic == NCP_SUPER_MAGIC)
00340 || (sb_p->s_magic == SMB_SUPER_MAGIC)
00341 || (sb_p->s_magic == ISOFS_SUPER_MAGIC))
00342 return(FALSE);
00343 else
00344 return(TRUE);
00345 #endif
00346 }
00347
00348
00349
00350
00351
00352
00353 static int lookup_aci_path_dentry(struct super_block * sb_p,
00354 struct dentry ** dir_dentry_pp,
00355 rsbac_boolean_t create_dir,
00356 kdev_t kdev)
00357 {
00358 struct dentry * dir_dentry_p = NULL;
00359 struct dentry * root_dentry_p = NULL;
00360 int err=0;
00361 struct rsbac_device_list_item_t * device_p;
00362 u_long dflags;
00363
00364 if(!dir_dentry_pp)
00365 return(-RSBAC_EINVALIDPOINTER);
00366
00367 if(!sb_p)
00368 {
00369 sb_p = rsbac_get_super_block(kdev);
00370 if (!sb_p)
00371 {
00372 rsbac_printk(KERN_WARNING
00373 "lookup_aci_path_dentry(): invalid device %02u:%02u\n",
00374 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00375 return (-RSBAC_EINVALIDDEV);
00376 }
00377 }
00378
00379
00380 if( (sb_p->s_magic == PIPEFS_MAGIC)
00381 || (sb_p->s_magic == SOCKFS_MAGIC)
00382 )
00383 {
00384 return -RSBAC_ENOTFOUND;
00385 }
00386
00387 rsbac_read_lock(&device_list_head.lock, &dflags);
00388 device_p = lookup_device(kdev);
00389 if(!device_p)
00390 {
00391 rsbac_printk(KERN_WARNING
00392 "lookup_aci_path_dentry(): No entry for device %02u:%02u\n",
00393 MAJOR(kdev), MINOR(kdev));
00394 rsbac_read_unlock(&device_list_head.lock, &dflags);
00395 return(-RSBAC_EINVALIDDEV);
00396 }
00397
00398 if(device_p->rsbac_dir_dentry_p)
00399 {
00400 *dir_dentry_pp = device_p->rsbac_dir_dentry_p;
00401 #ifdef CONFIG_RSBAC_DEBUG
00402 if(rsbac_debug_ds)
00403 {
00404 rsbac_printk(KERN_DEBUG
00405 "lookup_aci_path_dentry(): device_p->rsbac_dir_dentry_p->d_count for device %02u:%02u is %i!\n",
00406 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00407 atomic_read(&device_p->rsbac_dir_dentry_p->d_count));
00408 }
00409 #endif
00410 rsbac_read_unlock(&device_list_head.lock, &dflags);
00411 return(0);
00412 }
00413
00414 rsbac_read_unlock(&device_list_head.lock, &dflags);
00415
00416 #ifdef CONFIG_RSBAC_DEBUG
00417 if(rsbac_debug_ds)
00418 {
00419 rsbac_printk(KERN_DEBUG
00420 "lookup_aci_path_dentry(): first time lookup for or non-existing %s on device %02u:%02u!\n",
00421 RSBAC_ACI_PATH,
00422 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00423 }
00424 #endif
00425 if (!sb_p->s_root)
00426 {
00427 rsbac_printk(KERN_WARNING
00428 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n",
00429 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00430 err = -RSBAC_EINVALIDDEV;
00431 goto out;
00432 }
00433
00434 if (!sb_p->s_root->d_inode)
00435 {
00436 rsbac_printk(KERN_WARNING
00437 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n",
00438 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00439 err = -RSBAC_EINVALIDDEV;
00440 goto out;
00441 }
00442
00443
00444 #ifdef CONFIG_RSBAC_DEBUG
00445 if(rsbac_debug_ds)
00446 {
00447 rsbac_printk(KERN_DEBUG
00448 "lookup_aci_path_dentry(): lookup rsbac path %s for device %02u:%02u, sb_p->s_root->d_count is %i!\n",
00449 RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00450 atomic_read(&sb_p->s_root->d_count));
00451 }
00452 #endif
00453 dir_dentry_p = rsbac_lookup_one_len(RSBAC_ACI_PATH, sb_p->s_root, strlen(RSBAC_ACI_PATH));
00454 if(IS_ERR(dir_dentry_p))
00455 switch(PTR_ERR(dir_dentry_p))
00456 {
00457 case -ENOENT:
00458 case -ENOTDIR:
00459 err = -RSBAC_ENOTFOUND;
00460 goto out;
00461 case -ENOMEM:
00462 rsbac_printk(KERN_WARNING
00463 "lookup_aci_path_dentry(): memory allocation error!\n");
00464 err = -RSBAC_ENOROOTDIR;
00465 goto out;
00466 case -ENAMETOOLONG:
00467 rsbac_printk(KERN_WARNING
00468 "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n");
00469 err = -RSBAC_EPATHTOOLONG;
00470 goto out;
00471 case -EACCES:
00472 rsbac_printk(KERN_WARNING
00473 "lookup_aci_path_dentry(): No access to ACI_PATH!\n");
00474 err = -RSBAC_EACCESS;
00475 goto out;
00476 default:
00477 rsbac_printk(KERN_WARNING
00478 "lookup_aci_path_dentry(): Error on root dir: %li!\n",
00479 PTR_ERR(dir_dentry_p));
00480 err = -RSBAC_ENOROOTDIR;
00481 goto out;
00482 }
00483
00484 if (!dir_dentry_p)
00485 {
00486 rsbac_printk(KERN_WARNING
00487 "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n");
00488 err = -RSBAC_EINVALIDPOINTER;
00489 goto out;
00490 }
00491 if (!dir_dentry_p->d_inode)
00492 {
00493
00494 if (!create_dir)
00495 {
00496 err = -RSBAC_ENOTFOUND;
00497 goto out_dir_dput;
00498 }
00499 #ifdef CONFIG_RSBAC_DEBUG
00500 if(rsbac_debug_ds)
00501 {
00502 rsbac_printk(KERN_DEBUG
00503 "lookup_aci_path_dentry(): try to create dir, first test writable!\n");
00504 }
00505 #endif
00506
00507 if (!writable(sb_p))
00508 {
00509 err = -RSBAC_ENOTWRITABLE;
00510 goto out_dir_dput;
00511 }
00512 root_dentry_p = lock_parent(dir_dentry_p);
00513 err = PTR_ERR(root_dentry_p);
00514 if ( IS_ERR(root_dentry_p))
00515 {
00516 err = -RSBAC_ECOULDNOTCREATEPATH;
00517 goto out_dir_dput;
00518 }
00519 if ( !root_dentry_p->d_inode
00520 || !root_dentry_p->d_inode->i_op
00521 || !root_dentry_p->d_inode->i_op->mkdir)
00522 {
00523 unlock_dir(root_dentry_p);
00524 err = -RSBAC_ECOULDNOTCREATEPATH;
00525 goto out_dir_dput;
00526 }
00527 DQUOT_INIT(root_dentry_p->d_inode);
00528 err = root_dentry_p->d_inode->i_op->mkdir(root_dentry_p->d_inode,
00529 dir_dentry_p,
00530 RSBAC_ACI_DIR_MODE);
00531 unlock_dir(root_dentry_p);
00532 if (err)
00533 {
00534 err = -RSBAC_ECOULDNOTCREATEPATH;
00535 goto out_dir_dput;
00536 }
00537 }
00538 else
00539 {
00540 if(!S_ISDIR(dir_dentry_p->d_inode->i_mode))
00541 {
00542 rsbac_printk(KERN_WARNING
00543 "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n",
00544 RSBAC_ACI_PATH,
00545 MAJOR(sb_p->s_dev),
00546 MINOR(sb_p->s_dev));
00547 err = -RSBAC_EACCESS;
00548 goto out_dir_dput;
00549 }
00550 }
00551 #ifdef CONFIG_RSBAC_DEBUG
00552 if(rsbac_debug_ds)
00553 {
00554 rsbac_printk(KERN_DEBUG
00555 "lookup_aci_path_dentry(): dir_dentry_p->d_count is %i!\n",
00556 atomic_read(&dir_dentry_p->d_count));
00557 rsbac_printk(KERN_DEBUG
00558 "lookup_aci_path_dentry(): sb_p->s_root->d_count is now %i!\n",
00559 atomic_read(&sb_p->s_root->d_count));
00560 }
00561 #endif
00562
00563
00564 *dir_dentry_pp = dir_dentry_p;
00565
00566
00567 rsbac_read_lock(&device_list_head.lock, &dflags);
00568 device_p = lookup_device(kdev);
00569 if(device_p && !device_p->rsbac_dir_dentry_p)
00570 {
00571 device_p->rsbac_dir_dentry_p = dir_dentry_p;
00572 device_p->rsbac_dir_inode = dir_dentry_p->d_inode->i_ino;
00573 }
00574 rsbac_read_unlock(&device_list_head.lock, &dflags);
00575
00576 out:
00577 return (err);
00578
00579 out_dir_dput:
00580 dput(dir_dentry_p);
00581 goto out;
00582 }
00583
00584
00585
00586
00587
00588
00589
00590
00591
00592
00593 static struct rsbac_device_list_item_t * lookup_device(kdev_t kdev)
00594 {
00595 struct rsbac_device_list_item_t * curr = device_list_head.curr;
00596
00597
00598 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00599 if(! (curr && (MAJOR(curr->id) == MAJOR(kdev)) && (MINOR(curr->id) == MINOR(kdev)) ) )
00600 #else
00601 if(! (curr && (curr->id == kdev) ) )
00602 #endif
00603 {
00604 curr = device_list_head.head;
00605 while ( curr
00606 && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00607 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00608 )
00609 )
00610 {
00611 curr = curr->next;
00612 }
00613 if (curr)
00614 device_list_head.curr=curr;
00615 }
00616
00617 return (curr);
00618 }
00619
00620 static int dev_compare(void * desc1, void * desc2)
00621 {
00622 int result;
00623 struct rsbac_dev_desc_t * i_desc1 = desc1;
00624 struct rsbac_dev_desc_t * i_desc2 = desc2;
00625
00626 result = memcmp(&i_desc1->type,
00627 &i_desc2->type,
00628 sizeof(i_desc1->type));
00629 if(result)
00630 return result;
00631 result = memcmp(&i_desc1->major,
00632 &i_desc2->major,
00633 sizeof(i_desc1->major));
00634 if(result)
00635 return result;
00636 return memcmp(&i_desc1->minor,
00637 &i_desc2->minor,
00638 sizeof(i_desc1->minor));
00639 }
00640
00641 static int dev_major_compare(void * desc1, void * desc2)
00642 {
00643 int result;
00644 struct rsbac_dev_desc_t * i_desc1 = desc1;
00645 struct rsbac_dev_desc_t * i_desc2 = desc2;
00646
00647 result = memcmp(&i_desc1->type,
00648 &i_desc2->type,
00649 sizeof(i_desc1->type));
00650 if(result)
00651 return result;
00652 return memcmp(&i_desc1->major,
00653 &i_desc2->major,
00654 sizeof(i_desc1->major));
00655 }
00656
00657 static int ipc_compare(void * desc1, void * desc2)
00658 {
00659 int result;
00660 struct rsbac_ipc_t * i_desc1 = desc1;
00661 struct rsbac_ipc_t * i_desc2 = desc2;
00662
00663 result = memcmp(&i_desc1->type,
00664 &i_desc2->type,
00665 sizeof(i_desc1->type));
00666 if(result)
00667 return result;
00668 else
00669 return memcmp(&i_desc1->id.id_nr,
00670 &i_desc2->id.id_nr,
00671 sizeof(i_desc1->id.id_nr));
00672 }
00673
00674 #ifdef CONFIG_RSBAC_NET_DEV
00675 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) || defined(CONFIG_RSBAC_RC)
00676 static int netdev_compare(void * desc1, void * desc2)
00677 {
00678 return strncmp(desc1,
00679 desc2,
00680 RSBAC_IFNAMSIZ);
00681 }
00682 #endif
00683 #endif
00684
00685
00686
00687
00688 static int gen_fd_conv(
00689 void * old_desc,
00690 void * old_data,
00691 void * new_desc,
00692 void * new_data)
00693 {
00694 struct rsbac_gen_fd_aci_t * new_aci = new_data;
00695 struct rsbac_gen_fd_old_aci_t * old_aci = old_data;
00696
00697 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00698 new_aci->log_array_low = old_aci->log_array_low;
00699 new_aci->log_array_high = old_aci->log_array_high;
00700 new_aci->log_program_based = old_aci->log_program_based;
00701 new_aci->symlink_add_remote_ip = 0;
00702 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00703 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00704 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00705 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00706 new_aci->fake_root_uid = old_aci->fake_root_uid;
00707 new_aci->auid_exempt = old_aci->auid_exempt;
00708 return 0;
00709 }
00710
00711 static int gen_fd_old_conv(
00712 void * old_desc,
00713 void * old_data,
00714 void * new_desc,
00715 void * new_data)
00716 {
00717 struct rsbac_gen_fd_aci_t * new_aci = new_data;
00718 struct rsbac_gen_fd_old_aci_t * old_aci = old_data;
00719
00720 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00721 new_aci->log_array_low = old_aci->log_array_low;
00722 new_aci->log_array_high = old_aci->log_array_high;
00723 new_aci->log_program_based = old_aci->log_program_based;
00724 new_aci->symlink_add_remote_ip = 0;
00725 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00726 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00727 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00728 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00729 new_aci->fake_root_uid = old_aci->fake_root_uid;
00730 new_aci->auid_exempt = RSBAC_NO_USER;
00731 return 0;
00732 }
00733
00734 static int gen_fd_old_old_conv(
00735 void * old_desc,
00736 void * old_data,
00737 void * new_desc,
00738 void * new_data)
00739 {
00740 struct rsbac_gen_fd_aci_t * new_aci = new_data;
00741 struct rsbac_gen_fd_old_old_aci_t * old_aci = old_data;
00742
00743 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00744 new_aci->log_array_low = old_aci->log_array_low;
00745 new_aci->log_array_high = old_aci->log_array_high;
00746 new_aci->log_program_based = old_aci->log_program_based;
00747 new_aci->symlink_add_remote_ip = 0;
00748 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00749 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00750 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00751 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00752 new_aci->fake_root_uid = FR_off;
00753 new_aci->auid_exempt = RSBAC_NO_USER;
00754 return 0;
00755 }
00756
00757 rsbac_list_conv_function_t * gen_fd_get_conv(rsbac_version_t old_version)
00758 {
00759 switch(old_version)
00760 {
00761 case RSBAC_GEN_FD_OLD_ACI_VERSION:
00762 return gen_fd_conv;
00763 case RSBAC_GEN_FD_OLD_OLD_ACI_VERSION:
00764 return gen_fd_old_conv;
00765 case RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION:
00766 return gen_fd_old_old_conv;
00767 default:
00768 return NULL;
00769 }
00770 }
00771
00772 static int gen_dev_conv(
00773 void * old_desc,
00774 void * old_data,
00775 void * new_desc,
00776 void * new_data)
00777 {
00778 struct rsbac_dev_desc_t * new = new_desc;
00779 struct rsbac_dev_t * old = old_desc;
00780
00781 memcpy(new_data, old_data, sizeof(struct rsbac_gen_dev_aci_t));
00782 new->type = old->type;
00783 new->major = RSBAC_MAJOR(old->id);
00784 new->minor = RSBAC_MINOR(old->id);
00785 return 0;
00786 }
00787
00788 rsbac_list_conv_function_t * gen_dev_get_conv(rsbac_version_t old_version)
00789 {
00790 switch(old_version)
00791 {
00792 case RSBAC_GEN_DEV_OLD_ACI_VERSION:
00793 return gen_dev_conv;
00794 default:
00795 return NULL;
00796 }
00797 }
00798
00799 #ifdef CONFIG_RSBAC_MAC
00800 static int mac_old_fd_conv(
00801 void * old_desc,
00802 void * old_data,
00803 void * new_desc,
00804 void * new_data)
00805 {
00806 struct rsbac_mac_fd_aci_t * new_aci = new_data;
00807 struct rsbac_mac_fd_old_aci_t * old_aci = old_data;
00808
00809 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00810 new_aci->sec_level = old_aci->sec_level;
00811 new_aci->mac_categories = old_aci->mac_categories;
00812 new_aci->mac_auto = old_aci->mac_auto;
00813 new_aci->mac_prop_trusted = old_aci->mac_prop_trusted;
00814 new_aci->mac_file_flags = old_aci->mac_file_flags;
00815 return 0;
00816 }
00817
00818 static int mac_old_old_fd_conv(
00819 void * old_desc,
00820 void * old_data,
00821 void * new_desc,
00822 void * new_data)
00823 {
00824 struct rsbac_mac_fd_aci_t * new_aci = new_data;
00825 struct rsbac_mac_fd_old_old_aci_t * old_aci = old_data;
00826
00827 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00828 new_aci->sec_level = old_aci->sec_level;
00829 new_aci->mac_categories = old_aci->mac_categories;
00830 new_aci->mac_auto = old_aci->mac_auto;
00831 new_aci->mac_prop_trusted = FALSE;
00832 if(old_aci->mac_shared)
00833 new_aci->mac_file_flags = MAC_write_up;
00834 else
00835 new_aci->mac_file_flags = 0;
00836 return 0;
00837 }
00838
00839 static int mac_old_old_old_fd_conv(
00840 void * old_desc,
00841 void * old_data,
00842 void * new_desc,
00843 void * new_data)
00844 {
00845 struct rsbac_mac_fd_aci_t * new_aci = new_data;
00846 struct rsbac_mac_fd_old_old_old_aci_t * old_aci = old_data;
00847
00848 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00849 new_aci->sec_level = old_aci->sec_level;
00850 new_aci->mac_categories = old_aci->mac_categories;
00851 new_aci->mac_auto = old_aci->mac_auto;
00852 new_aci->mac_prop_trusted = FALSE;
00853 new_aci->mac_file_flags = 0;
00854 return 0;
00855 }
00856
00857 rsbac_list_conv_function_t * mac_fd_get_conv(rsbac_version_t old_version)
00858 {
00859 switch(old_version)
00860 {
00861 case RSBAC_MAC_FD_OLD_ACI_VERSION:
00862 return mac_old_fd_conv;
00863 case RSBAC_MAC_FD_OLD_OLD_ACI_VERSION:
00864 return mac_old_old_fd_conv;
00865 case RSBAC_MAC_FD_OLD_OLD_OLD_ACI_VERSION:
00866 return mac_old_old_old_fd_conv;
00867 default:
00868 return NULL;
00869 }
00870 }
00871
00872 static int mac_dev_conv(
00873 void * old_desc,
00874 void * old_data,
00875 void * new_desc,
00876 void * new_data)
00877 {
00878 struct rsbac_dev_desc_t * new = new_desc;
00879 struct rsbac_dev_t * old = old_desc;
00880
00881 memcpy(new_data, old_data, sizeof(struct rsbac_mac_dev_aci_t));
00882 new->type = old->type;
00883 new->major = RSBAC_MAJOR(old->id);
00884 new->minor = RSBAC_MINOR(old->id);
00885 return 0;
00886 }
00887
00888 rsbac_list_conv_function_t * mac_dev_get_conv(rsbac_version_t old_version)
00889 {
00890 switch(old_version)
00891 {
00892 case RSBAC_MAC_DEV_OLD_ACI_VERSION:
00893 return mac_dev_conv;
00894 default:
00895 return NULL;
00896 }
00897 }
00898
00899 static int mac_old_user_conv(
00900 void * old_desc,
00901 void * old_data,
00902 void * new_desc,
00903 void * new_data)
00904 {
00905 struct rsbac_mac_user_aci_t * new_aci = new_data;
00906 struct rsbac_mac_user_old_aci_t * old_aci = old_data;
00907
00908 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00909 new_aci->security_level = old_aci->access_appr;
00910 new_aci->initial_security_level = old_aci->access_appr;
00911 new_aci->min_security_level = old_aci->min_access_appr;
00912 new_aci->mac_categories = old_aci->mac_categories;
00913 new_aci->mac_initial_categories = old_aci->mac_categories;
00914 new_aci->mac_min_categories = old_aci->mac_min_categories;
00915 new_aci->system_role = old_aci->system_role;
00916 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00917 if(old_aci->mac_allow_auto)
00918 new_aci->mac_user_flags |= MAC_allow_auto;
00919 return 0;
00920 }
00921
00922 static int mac_old_old_user_conv(
00923 void * old_desc,
00924 void * old_data,
00925 void * new_desc,
00926 void * new_data)
00927 {
00928 struct rsbac_mac_user_aci_t * new_aci = new_data;
00929 struct rsbac_mac_user_old_old_aci_t * old_aci = old_data;
00930
00931 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00932 new_aci->security_level = old_aci->access_appr;
00933 new_aci->initial_security_level = old_aci->access_appr;
00934 new_aci->min_security_level = old_aci->min_access_appr;
00935 new_aci->mac_categories = old_aci->mac_categories;
00936 new_aci->mac_initial_categories = old_aci->mac_categories;
00937 new_aci->mac_min_categories = old_aci->mac_min_categories;
00938 new_aci->system_role = old_aci->system_role;
00939 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00940 return 0;
00941 }
00942
00943 static int mac_old_old_old_user_conv(
00944 void * old_desc,
00945 void * old_data,
00946 void * new_desc,
00947 void * new_data)
00948 {
00949 struct rsbac_mac_user_aci_t * new_aci = new_data;
00950 struct rsbac_mac_user_old_old_old_aci_t * old_aci = old_data;
00951
00952 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00953 new_aci->security_level = old_aci->access_appr;
00954 new_aci->initial_security_level = old_aci->access_appr;
00955 new_aci->min_security_level = SL_unclassified;
00956 new_aci->mac_categories = old_aci->mac_categories;
00957 new_aci->mac_initial_categories = old_aci->mac_categories;
00958 new_aci->mac_min_categories = RSBAC_MAC_MIN_CAT_VECTOR;
00959 new_aci->system_role = old_aci->system_role;
00960 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00961 return 0;
00962 }
00963
00964 rsbac_list_conv_function_t * mac_user_get_conv(rsbac_version_t old_version)
00965 {
00966 switch(old_version)
00967 {
00968 case RSBAC_MAC_USER_OLD_ACI_VERSION:
00969 return mac_old_user_conv;
00970 case RSBAC_MAC_USER_OLD_OLD_ACI_VERSION:
00971 return mac_old_old_user_conv;
00972 case RSBAC_MAC_USER_OLD_OLD_OLD_ACI_VERSION:
00973 return mac_old_old_old_user_conv;
00974 default:
00975 return NULL;
00976 }
00977 }
00978 #endif
00979
00980 #ifdef CONFIG_RSBAC_PM
00981 static int pm_dev_conv(
00982 void * old_desc,
00983 void * old_data,
00984 void * new_desc,
00985 void * new_data)
00986 {
00987 struct rsbac_dev_desc_t * new = new_desc;
00988 struct rsbac_dev_t * old = old_desc;
00989
00990 memcpy(new_data, old_data, sizeof(struct rsbac_pm_dev_aci_t));
00991 new->type = old->type;
00992 new->major = RSBAC_MAJOR(old->id);
00993 new->minor = RSBAC_MINOR(old->id);
00994 return 0;
00995 }
00996
00997 rsbac_list_conv_function_t * pm_dev_get_conv(rsbac_version_t old_version)
00998 {
00999 switch(old_version)
01000 {
01001 case RSBAC_PM_DEV_OLD_ACI_VERSION:
01002 return pm_dev_conv;
01003 default:
01004 return NULL;
01005 }
01006 }
01007 #endif
01008
01009 #ifdef CONFIG_RSBAC_RC
01010 static int rc_dev_conv(
01011 void * old_desc,
01012 void * old_data,
01013 void * new_desc,
01014 void * new_data)
01015 {
01016 struct rsbac_dev_desc_t * new = new_desc;
01017 struct rsbac_dev_t * old = old_desc;
01018
01019 memcpy(new_data, old_data, sizeof(rsbac_rc_type_id_t));
01020 new->type = old->type;
01021 new->major = RSBAC_MAJOR(old->id);
01022 new->minor = RSBAC_MINOR(old->id);
01023 return 0;
01024 }
01025
01026 rsbac_list_conv_function_t * rc_dev_get_conv(rsbac_version_t old_version)
01027 {
01028 switch(old_version)
01029 {
01030 case RSBAC_RC_DEV_OLD_ACI_VERSION:
01031 return rc_dev_conv;
01032 default:
01033 return NULL;
01034 }
01035 }
01036
01037 static int rc_user_conv(
01038 void * old_desc,
01039 void * old_data,
01040 void * new_desc,
01041 void * new_data)
01042 {
01043 struct rsbac_rc_user_aci_t * new_aci = new_data;
01044 rsbac_rc_role_id_t * old_aci = old_data;
01045
01046 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
01047 new_aci->rc_role = *old_aci;
01048 new_aci->rc_type = RSBAC_RC_GENERAL_TYPE;
01049 return 0;
01050 }
01051
01052 rsbac_list_conv_function_t * rc_user_get_conv(rsbac_version_t old_version)
01053 {
01054 switch(old_version)
01055 {
01056 case RSBAC_RC_USER_OLD_ACI_VERSION:
01057 return rc_user_conv;
01058 default:
01059 return NULL;
01060 }
01061 }
01062 #endif
01063
01064 #ifdef CONFIG_RSBAC_AUTH
01065 static int auth_old_fd_conv(
01066 void * old_desc,
01067 void * old_data,
01068 void * new_desc,
01069 void * new_data)
01070 {
01071 struct rsbac_auth_fd_aci_t * new_aci = new_data;
01072 struct rsbac_auth_fd_old_aci_t * old_aci = old_data;
01073
01074 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01075 new_aci->auth_may_setuid = old_aci->auth_may_setuid;
01076 new_aci->auth_may_set_cap = old_aci->auth_may_set_cap;
01077 new_aci->auth_learn = FALSE;
01078 return 0;
01079 }
01080
01081 rsbac_list_conv_function_t * auth_fd_get_conv(rsbac_version_t old_version)
01082 {
01083 switch(old_version)
01084 {
01085 case RSBAC_AUTH_FD_OLD_ACI_VERSION:
01086 return auth_old_fd_conv;
01087 default:
01088 return NULL;
01089 }
01090 }
01091
01092 #endif
01093
01094
01095
01096
01097
01098
01099
01100
01101
01102
01103
01104
01105 static int register_fd_lists(struct rsbac_device_list_item_t * device_p,
01106 kdev_t kdev)
01107 {
01108 char * name;
01109 int err = 0;
01110 int tmperr;
01111 u_int file_no;
01112 struct rsbac_list_info_t * info_p;
01113 if(!device_p)
01114 return(-RSBAC_EINVALIDPOINTER);
01115 name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01116 if(!name)
01117 return -RSBAC_ENOMEM;
01118 info_p = rsbac_kmalloc(sizeof(*info_p));
01119 if(!info_p)
01120 {
01121 rsbac_kfree(name);
01122 return -RSBAC_ENOMEM;
01123 }
01124
01125
01126 {
01127 for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++)
01128 {
01129
01130 sprintf(name, "%s%u", RSBAC_GEN_FD_NAME, file_no);
01131 info_p->version = RSBAC_GEN_FD_ACI_VERSION;
01132 info_p->key = RSBAC_GEN_FD_ACI_KEY;
01133 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01134 info_p->data_size = sizeof(struct rsbac_gen_fd_aci_t);
01135 info_p->max_age = 0;
01136 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01137 &(device_p->handles.gen[file_no]),
01138 info_p,
01139 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01140 rsbac_list_compare_u32,
01141 gen_fd_get_conv,
01142 &def_gen_fd_aci,
01143 name,
01144 kdev);
01145 if(tmperr)
01146 {
01147 char * tmp;
01148
01149 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01150 if(tmp)
01151 {
01152 rsbac_printk(KERN_WARNING
01153 "register_fd_lists(): registering general list %u for device %02u:%02u failed with error %s!\n",
01154 file_no,
01155 RSBAC_MAJOR(kdev),
01156 RSBAC_MINOR(kdev),
01157 get_error_name(tmp, tmperr));
01158 rsbac_kfree(tmp);
01159 }
01160 err = tmperr;
01161 }
01162 }
01163 }
01164
01165 #if defined(CONFIG_RSBAC_MAC)
01166 {
01167
01168 for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++)
01169 {
01170
01171 sprintf(name, "%s%u", RSBAC_MAC_FD_NAME, file_no);
01172 info_p->version = RSBAC_MAC_FD_ACI_VERSION;
01173 info_p->key = RSBAC_MAC_FD_ACI_KEY;
01174 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01175 info_p->data_size = sizeof(struct rsbac_mac_fd_aci_t);
01176 info_p->max_age = 0;
01177 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01178 &(device_p->handles.mac[file_no]),
01179 info_p,
01180 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01181 rsbac_list_compare_u32,
01182 mac_fd_get_conv,
01183 &def_mac_fd_aci,
01184 name,
01185 kdev);
01186 if(tmperr)
01187 {
01188 char * tmp;
01189
01190 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01191 if(tmp)
01192 {
01193 rsbac_printk(KERN_WARNING
01194 "register_fd_lists(): registering MAC list %u for device %02u:%02u failed with error %s!\n",
01195 file_no,
01196 RSBAC_MAJOR(kdev),
01197 RSBAC_MINOR(kdev),
01198 get_error_name(tmp, tmperr));
01199 rsbac_kfree(tmp);
01200 }
01201 err = tmperr;
01202 }
01203 }
01204 }
01205 #endif
01206
01207 #if defined(CONFIG_RSBAC_PM)
01208 {
01209
01210 for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++)
01211 {
01212
01213 sprintf(name, "%s%u", RSBAC_PM_FD_NAME, file_no);
01214 info_p->version = RSBAC_PM_FD_ACI_VERSION;
01215 info_p->key = RSBAC_PM_FD_ACI_KEY;
01216 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01217 info_p->data_size = sizeof(struct rsbac_pm_fd_aci_t);
01218 info_p->max_age = 0;
01219 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01220 &(device_p->handles.pm[file_no]),
01221 info_p,
01222 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01223 rsbac_list_compare_u32,
01224 NULL,
01225 &def_pm_fd_aci,
01226 name,
01227 kdev);
01228 if(tmperr)
01229 {
01230 char * tmp;
01231
01232 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01233 if(tmp)
01234 {
01235 rsbac_printk(KERN_WARNING
01236 "register_fd_lists(): registering PM list %u for device %02u:%02u failed with error %s!\n",
01237 file_no,
01238 RSBAC_MAJOR(kdev),
01239 RSBAC_MINOR(kdev),
01240 get_error_name(tmp, tmperr));
01241 rsbac_kfree(tmp);
01242 }
01243 err = tmperr;
01244 }
01245 }
01246 }
01247 #endif
01248
01249 #if defined(CONFIG_RSBAC_DAZ)
01250 {
01251 struct rsbac_daz_fd_aci_t def_daz_fd_aci = DEFAULT_DAZ_FD_ACI;
01252
01253 for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++)
01254 {
01255
01256 sprintf(name, "%s%u", RSBAC_DAZ_FD_NAME, file_no);
01257 info_p->version = RSBAC_DAZ_FD_ACI_VERSION;
01258 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01259 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01260 info_p->data_size = sizeof(struct rsbac_daz_fd_aci_t);
01261 info_p->max_age = 0;
01262 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01263 &(device_p->handles.daz[file_no]),
01264 info_p,
01265 RSBAC_LIST_PERSIST |
01266 RSBAC_LIST_DEF_DATA,
01267 rsbac_list_compare_u32,
01268 NULL,
01269 &def_daz_fd_aci,
01270 name,
01271 kdev);
01272 if(tmperr)
01273 {
01274 char * tmp;
01275
01276 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01277 if(tmp)
01278 {
01279 rsbac_printk(KERN_WARNING
01280 "register_fd_lists(): registering DAZ list %u for device %02u:%02u failed with error %s!\n",
01281 file_no,
01282 RSBAC_MAJOR(kdev),
01283 RSBAC_MINOR(kdev),
01284 get_error_name(tmp, tmperr));
01285 rsbac_kfree(tmp);
01286 }
01287 err = tmperr;
01288 }
01289 }
01290 }
01291 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01292 {
01293 rsbac_daz_scanned_t def_daz_scanned_fd_aci = DEFAULT_DAZ_FD_SCANNED;
01294
01295
01296 for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++)
01297 {
01298
01299 sprintf(name, "%s%u", RSBAC_DAZ_SCANNED_FD_NAME, file_no);
01300 info_p->version = RSBAC_DAZ_SCANNED_FD_ACI_VERSION;
01301 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01302 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01303 info_p->data_size = sizeof(rsbac_daz_scanned_t);
01304 info_p->max_age = 0;
01305 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01306 &(device_p->handles.dazs[file_no]),
01307 info_p,
01308 #ifdef CONFIG_RSBAC_DAZ_PERSIST
01309 RSBAC_LIST_PERSIST |
01310 #endif
01311 RSBAC_LIST_DEF_DATA,
01312 rsbac_list_compare_u32,
01313 NULL,
01314 &def_daz_scanned_fd_aci,
01315 name,
01316 kdev);
01317 if(tmperr)
01318 {
01319 char * tmp;
01320
01321 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01322 if(tmp)
01323 {
01324 rsbac_printk(KERN_WARNING
01325 "register_fd_lists(): registering DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
01326 file_no,
01327 RSBAC_MAJOR(kdev),
01328 RSBAC_MINOR(kdev),
01329 get_error_name(tmp, tmperr));
01330 rsbac_kfree(tmp);
01331 }
01332 err = tmperr;
01333 }
01334 }
01335 }
01336 #endif
01337 #endif
01338
01339 #if defined(CONFIG_RSBAC_FF)
01340 {
01341 rsbac_ff_flags_t def_ff_fd_aci = RSBAC_FF_DEF;
01342
01343
01344 for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++)
01345 {
01346
01347 sprintf(name, "%s%u", RSBAC_FF_FD_NAME, file_no);
01348 info_p->version = RSBAC_FF_FD_ACI_VERSION;
01349 info_p->key = RSBAC_FF_FD_ACI_KEY;
01350 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01351 info_p->data_size = sizeof(rsbac_ff_flags_t);
01352 info_p->max_age = 0;
01353 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01354 &(device_p->handles.ff[file_no]),
01355 info_p,
01356 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01357 rsbac_list_compare_u32,
01358 NULL,
01359 &def_ff_fd_aci,
01360 name,
01361 kdev);
01362 if(tmperr)
01363 {
01364 char * tmp;
01365
01366 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01367 if(tmp)
01368 {
01369 rsbac_printk(KERN_WARNING
01370 "register_fd_lists(): registering FF list %u for device %02u:%02u failed with error %s!\n",
01371 file_no,
01372 RSBAC_MAJOR(kdev),
01373 RSBAC_MINOR(kdev),
01374 get_error_name(tmp, tmperr));
01375 rsbac_kfree(tmp);
01376 }
01377 err = tmperr;
01378 }
01379 }
01380 }
01381 #endif
01382
01383 #if defined(CONFIG_RSBAC_RC)
01384 {
01385
01386 for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++)
01387 {
01388
01389 sprintf(name, "%s%u", RSBAC_RC_FD_NAME, file_no);
01390 info_p->version = RSBAC_RC_FD_ACI_VERSION;
01391 info_p->key = RSBAC_RC_FD_ACI_KEY;
01392 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01393 info_p->data_size = sizeof(struct rsbac_rc_fd_aci_t);
01394 info_p->max_age = 0;
01395 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01396 &(device_p->handles.rc[file_no]),
01397 info_p,
01398 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01399 rsbac_list_compare_u32,
01400 NULL,
01401 &def_rc_fd_aci,
01402 name,
01403 kdev);
01404 if(tmperr)
01405 {
01406 char * tmp;
01407
01408 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01409 if(tmp)
01410 {
01411 rsbac_printk(KERN_WARNING
01412 "register_fd_lists(): registering RC list %u for device %02u:%02u failed with error %s!\n",
01413 file_no,
01414 RSBAC_MAJOR(kdev),
01415 RSBAC_MINOR(kdev),
01416 get_error_name(tmp, tmperr));
01417 rsbac_kfree(tmp);
01418 }
01419 err = tmperr;
01420 }
01421 }
01422 }
01423 #endif
01424
01425 #if defined(CONFIG_RSBAC_AUTH)
01426 {
01427 struct rsbac_auth_fd_aci_t def_auth_fd_aci = DEFAULT_AUTH_FD_ACI;
01428
01429
01430 for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++)
01431 {
01432
01433 sprintf(name, "%s%u", RSBAC_AUTH_FD_NAME, file_no);
01434 info_p->version = RSBAC_AUTH_FD_ACI_VERSION;
01435 info_p->key = RSBAC_AUTH_FD_ACI_KEY;
01436 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01437 info_p->data_size = sizeof(struct rsbac_auth_fd_aci_t);
01438 info_p->max_age = 0;
01439 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01440 &(device_p->handles.auth[file_no]),
01441 info_p,
01442 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01443 rsbac_list_compare_u32,
01444 auth_fd_get_conv,
01445 &def_auth_fd_aci,
01446 name,
01447 kdev);
01448 if(tmperr)
01449 {
01450 char * tmp;
01451
01452 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01453 if(tmp)
01454 {
01455 rsbac_printk(KERN_WARNING
01456 "register_fd_lists(): registering AUTH list %u for device %02u:%02u failed with error %s!\n",
01457 file_no,
01458 RSBAC_MAJOR(kdev),
01459 RSBAC_MINOR(kdev),
01460 get_error_name(tmp, tmperr));
01461 rsbac_kfree(tmp);
01462 }
01463 err = tmperr;
01464 }
01465 }
01466 }
01467 #endif
01468
01469 #if defined(CONFIG_RSBAC_CAP)
01470 {
01471 struct rsbac_cap_fd_aci_t def_cap_fd_aci = DEFAULT_CAP_FD_ACI;
01472
01473
01474 for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++)
01475 {
01476
01477 sprintf(name, "%s%u", RSBAC_CAP_FD_NAME, file_no);
01478 info_p->version = RSBAC_CAP_FD_ACI_VERSION;
01479 info_p->key = RSBAC_CAP_FD_ACI_KEY;
01480 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01481 info_p->data_size = sizeof(struct rsbac_cap_fd_aci_t);
01482 info_p->max_age = 0;
01483 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01484 &(device_p->handles.cap[file_no]),
01485 info_p,
01486 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01487 rsbac_list_compare_u32,
01488 NULL,
01489 &def_cap_fd_aci,
01490 name,
01491 kdev);
01492 if(tmperr)
01493 {
01494 char * tmp;
01495
01496 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01497 if(tmp)
01498 {
01499 rsbac_printk(KERN_WARNING
01500 "register_fd_lists(): registering CAP list %u for device %02u:%02u failed with error %s!\n",
01501 file_no,
01502 RSBAC_MAJOR(kdev),
01503 RSBAC_MINOR(kdev),
01504 get_error_name(tmp, tmperr));
01505 rsbac_kfree(tmp);
01506 }
01507 err = tmperr;
01508 }
01509 }
01510 }
01511 #endif
01512
01513 #if defined(CONFIG_RSBAC_PAX)
01514 {
01515 rsbac_pax_flags_t def_pax_fd_aci;
01516
01517 #ifdef CONFIG_RSBAC_PAX_DEFAULT
01518 def_pax_fd_aci = 0;
01519 #ifdef CONFIG_RSBAC_PAX_PAGEEXEC
01520 def_pax_fd_aci |= PF_PAX_PAGEEXEC;
01521 #endif
01522 #ifdef CONFIG_RSBAC_PAX_EMUTRAMP
01523 def_pax_fd_aci |= PF_PAX_EMUTRAMP;
01524 #endif
01525 #ifdef CONFIG_RSBAC_PAX_MPROTECT
01526 def_pax_fd_aci |= PF_PAX_MPROTECT;
01527 #endif
01528 #ifdef CONFIG_RSBAC_PAX_RANDMMAP
01529 def_pax_fd_aci |= PF_PAX_RANDMMAP;
01530 #endif
01531 #ifdef CONFIG_RSBAC_PAX_RANDEXEC
01532 def_pax_fd_aci |= PF_PAX_RANDEXEC;
01533 #endif
01534 #ifdef CONFIG_RSBAC_PAX_SEGMEXEC
01535 def_pax_fd_aci |= PF_PAX_SEGMEXEC;
01536 #endif
01537
01538 #else
01539 def_pax_fd_aci = RSBAC_PAX_DEF_FLAGS;
01540 #endif
01541
01542 info_p->version = RSBAC_PAX_FD_ACI_VERSION;
01543 info_p->key = RSBAC_PAX_FD_ACI_KEY;
01544 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01545 info_p->data_size = sizeof(rsbac_pax_flags_t);
01546 info_p->max_age = 0;
01547
01548 for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++)
01549 {
01550
01551 sprintf(name, "%s%u", RSBAC_PAX_FD_NAME, file_no);
01552 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01553 &(device_p->handles.pax[file_no]),
01554 info_p,
01555 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01556 rsbac_list_compare_u32,
01557 NULL,
01558 &def_pax_fd_aci,
01559 name,
01560 kdev);
01561 if(tmperr)
01562 {
01563 char * tmp;
01564
01565 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01566 if(tmp)
01567 {
01568 rsbac_printk(KERN_WARNING
01569 "register_fd_lists(): registering PAX list %u for device %02u:%02u failed with error %s!\n",
01570 file_no,
01571 RSBAC_MAJOR(kdev),
01572 RSBAC_MINOR(kdev),
01573 get_error_name(tmp, tmperr));
01574 rsbac_kfree(tmp);
01575 }
01576 err = tmperr;
01577 }
01578 }
01579 }
01580 #endif
01581
01582 #if defined(CONFIG_RSBAC_RES)
01583 {
01584
01585 for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++)
01586 {
01587
01588 sprintf(name, "%s%u", RSBAC_RES_FD_NAME, file_no);
01589 info_p->version = RSBAC_RES_FD_ACI_VERSION;
01590 info_p->key = RSBAC_RES_FD_ACI_KEY;
01591 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01592 info_p->data_size = sizeof(struct rsbac_res_fd_aci_t);
01593 info_p->max_age = 0;
01594 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01595 &(device_p->handles.res[file_no]),
01596 info_p,
01597 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01598 rsbac_list_compare_u32,
01599 NULL,
01600 &def_res_fd_aci,
01601 name,
01602 kdev);
01603 if(tmperr)
01604 {
01605 char * tmp;
01606
01607 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01608 if(tmp)
01609 {
01610 rsbac_printk(KERN_WARNING
01611 "register_fd_lists(): registering RES list %u for device %02u:%02u failed with error %s!\n",
01612 file_no,
01613 RSBAC_MAJOR(kdev),
01614 RSBAC_MINOR(kdev),
01615 get_error_name(tmp, tmperr));
01616 rsbac_kfree(tmp);
01617 }
01618 err = tmperr;
01619 }
01620 }
01621 }
01622 #endif
01623
01624 return err;
01625 }
01626
01627
01628
01629
01630 static int aci_detach_fd_lists(struct rsbac_device_list_item_t * device_p)
01631 {
01632 int err = 0;
01633 int tmperr;
01634 u_int file_no;
01635
01636 if(!device_p)
01637 return(-RSBAC_EINVALIDPOINTER);
01638
01639
01640 for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++)
01641 {
01642 tmperr = rsbac_list_detach(&device_p->handles.gen[file_no],
01643 RSBAC_GEN_FD_ACI_KEY);
01644 if(tmperr)
01645 {
01646 char * tmp;
01647
01648 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01649 if(tmp)
01650 {
01651 rsbac_printk(KERN_WARNING
01652 "detach_fd_lists(): detaching from general list %u for device %02u:%02u failed with error %s!\n",
01653 file_no,
01654 RSBAC_MAJOR(device_p->id),
01655 RSBAC_MINOR(device_p->id),
01656 get_error_name(tmp, tmperr));
01657 rsbac_kfree(tmp);
01658 }
01659 err = tmperr;
01660 }
01661 }
01662
01663 #if defined(CONFIG_RSBAC_MAC)
01664
01665 for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++)
01666 {
01667 tmperr = rsbac_list_detach(&device_p->handles.mac[file_no],
01668 RSBAC_MAC_FD_ACI_KEY);
01669 if(tmperr)
01670 {
01671 char * tmp;
01672
01673 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01674 if(tmp)
01675 {
01676 rsbac_printk(KERN_WARNING
01677 "detach_fd_lists(): detaching from MAC list %u for device %02u:%02u failed with error %s!\n",
01678 file_no,
01679 RSBAC_MAJOR(device_p->id),
01680 RSBAC_MINOR(device_p->id),
01681 get_error_name(tmp, tmperr));
01682 rsbac_kfree(tmp);
01683 }
01684 err = tmperr;
01685 }
01686 }
01687 #endif
01688
01689 #if defined(CONFIG_RSBAC_PM)
01690
01691 for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++)
01692 {
01693 tmperr = rsbac_list_detach(&device_p->handles.pm[file_no],
01694 RSBAC_PM_FD_ACI_KEY);
01695 if(tmperr)
01696 {
01697 char * tmp;
01698
01699 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01700 if(tmp)
01701 {
01702 rsbac_printk(KERN_WARNING
01703 "detach_fd_lists(): detaching from PM list %u for device %02u:%02u failed with error %s!\n",
01704 file_no,
01705 RSBAC_MAJOR(device_p->id),
01706 RSBAC_MINOR(device_p->id),
01707 get_error_name(tmp, tmperr));
01708 rsbac_kfree(tmp);
01709 }
01710 err = tmperr;
01711 }
01712 }
01713 #endif
01714
01715 #if defined(CONFIG_RSBAC_DAZ)
01716
01717 for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++)
01718 {
01719 tmperr = rsbac_list_detach(&device_p->handles.daz[file_no],
01720 RSBAC_DAZ_FD_ACI_KEY);
01721 if(tmperr)
01722 {
01723 char * tmp;
01724
01725 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01726 if(tmp)
01727 {
01728 rsbac_printk(KERN_WARNING
01729 "detach_fd_lists(): detaching from DAZ list %u for device %02u:%02u failed with error %s!\n",
01730 file_no,
01731 RSBAC_MAJOR(device_p->id),
01732 RSBAC_MINOR(device_p->id),
01733 get_error_name(tmp, tmperr));
01734 rsbac_kfree(tmp);
01735 }
01736 err = tmperr;
01737 }
01738 }
01739 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01740
01741 for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++)
01742 {
01743 tmperr = rsbac_list_detach(&device_p->handles.dazs[file_no],
01744 RSBAC_DAZ_FD_ACI_KEY);
01745 if(tmperr)
01746 {
01747 char * tmp;
01748
01749 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01750 if(tmp)
01751 {
01752 rsbac_printk(KERN_WARNING
01753 "detach_fd_lists(): detaching from DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
01754 file_no,
01755 RSBAC_MAJOR(device_p->id),
01756 RSBAC_MINOR(device_p->id),
01757 get_error_name(tmp, tmperr));
01758 rsbac_kfree(tmp);
01759 }
01760 err = tmperr;
01761 }
01762 }
01763 #endif
01764 #endif
01765
01766 #if defined(CONFIG_RSBAC_FF)
01767
01768 for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++)
01769 {
01770 tmperr = rsbac_list_detach(&device_p->handles.ff[file_no],
01771 RSBAC_FF_FD_ACI_KEY);
01772 if(tmperr)
01773 {
01774 char * tmp;
01775
01776 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01777 if(tmp)
01778 {
01779 rsbac_printk(KERN_WARNING
01780 "detach_fd_lists(): detaching from FF list %u for device %02u:%02u failed with error %s!\n",
01781 file_no,
01782 RSBAC_MAJOR(device_p->id),
01783 RSBAC_MINOR(device_p->id),
01784 get_error_name(tmp, tmperr));
01785 rsbac_kfree(tmp);
01786 }
01787 err = tmperr;
01788 }
01789 }
01790 #endif
01791
01792 #if defined(CONFIG_RSBAC_RC)
01793
01794 for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++)
01795 {
01796 tmperr = rsbac_list_detach(&device_p->handles.rc[file_no],
01797 RSBAC_RC_FD_ACI_KEY);
01798 if(tmperr)
01799 {
01800 char * tmp;
01801
01802 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01803 if(tmp)
01804 {
01805 rsbac_printk(KERN_WARNING
01806 "detach_fd_lists(): detaching from RC list %u for device %02u:%02u failed with error %s!\n",
01807 file_no,
01808 RSBAC_MAJOR(device_p->id),
01809 RSBAC_MINOR(device_p->id),
01810 get_error_name(tmp, tmperr));
01811 rsbac_kfree(tmp);
01812 }
01813 err = tmperr;
01814 }
01815 }
01816 #endif
01817
01818 #if defined(CONFIG_RSBAC_AUTH)
01819
01820 for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++)
01821 {
01822 tmperr = rsbac_list_detach(&device_p->handles.auth[file_no],
01823 RSBAC_AUTH_FD_ACI_KEY);
01824 if(tmperr)
01825 {
01826 char * tmp;
01827
01828 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01829 if(tmp)
01830 {
01831 rsbac_printk(KERN_WARNING
01832 "detach_fd_lists(): detaching from AUTH list %u for device %02u:%02u failed with error %s!\n",
01833 file_no,
01834 RSBAC_MAJOR(device_p->id),
01835 RSBAC_MINOR(device_p->id),
01836 get_error_name(tmp, tmperr));
01837 rsbac_kfree(tmp);
01838 }
01839 err = tmperr;
01840 }
01841 }
01842 #endif
01843
01844 #if defined(CONFIG_RSBAC_CAP)
01845
01846 for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++)
01847 {
01848 tmperr = rsbac_list_detach(&device_p->handles.cap[file_no],
01849 RSBAC_CAP_FD_ACI_KEY);
01850 if(tmperr)
01851 {
01852 char * tmp;
01853
01854 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01855 if(tmp)
01856 {
01857 rsbac_printk(KERN_WARNING
01858 "detach_fd_lists(): detaching from CAP list %u for device %02u:%02u failed with error %s!\n",
01859 file_no,
01860 RSBAC_MAJOR(device_p->id),
01861 RSBAC_MINOR(device_p->id),
01862 get_error_name(tmp, tmperr));
01863 rsbac_kfree(tmp);
01864 }
01865 err = tmperr;
01866 }
01867 }
01868 #endif
01869
01870 #if defined(CONFIG_RSBAC_PAX)
01871
01872 for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++)
01873 {
01874 tmperr = rsbac_list_detach(&device_p->handles.pax[file_no],
01875 RSBAC_PAX_FD_ACI_KEY);
01876 if(tmperr)
01877 {
01878 char * tmp;
01879
01880 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01881 if(tmp)
01882 {
01883 rsbac_printk(KERN_WARNING
01884 "detach_fd_lists(): detaching from PAX list %u for device %02u:%02u failed with error %s!\n",
01885 file_no,
01886 RSBAC_MAJOR(device_p->id),
01887 RSBAC_MINOR(device_p->id),
01888 get_error_name(tmp, tmperr));
01889 rsbac_kfree(tmp);
01890 }
01891 err = tmperr;
01892 }
01893 }
01894 #endif
01895
01896 #if defined(CONFIG_RSBAC_RES)
01897
01898 for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++)
01899 {
01900 tmperr = rsbac_list_detach(&device_p->handles.res[file_no],
01901 RSBAC_RES_FD_ACI_KEY);
01902 if(tmperr)
01903 {
01904 char * tmp;
01905
01906 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01907 if(tmp)
01908 {
01909 rsbac_printk(KERN_WARNING
01910 "detach_fd_lists(): detaching from RES list %u for device %02u:%02u failed with error %s!\n",
01911 file_no,
01912 RSBAC_MAJOR(device_p->id),
01913 RSBAC_MINOR(device_p->id),
01914 get_error_name(tmp, tmperr));
01915 rsbac_kfree(tmp);
01916 }
01917 err = tmperr;
01918 }
01919 }
01920 #endif
01921
01922 return err;
01923 }
01924
01925
01926
01927 static struct rsbac_device_list_item_t
01928 * create_device_item(struct super_block * sb_p, struct dentry * d_covers)
01929 {
01930 struct rsbac_device_list_item_t * new_item_p;
01931
01932 if(!sb_p)
01933 return NULL;
01934
01935 if ( !(new_item_p = (struct rsbac_device_list_item_t *)
01936 rsbac_kmalloc(sizeof(*new_item_p)) ) )
01937 return(NULL);
01938
01939 memset(new_item_p, 0, sizeof(*new_item_p));
01940 new_item_p->id = sb_p->s_dev;
01941 new_item_p->sb_p = sb_p;
01942 new_item_p->d_covers = d_covers;
01943 new_item_p->mount_count = 1;
01944
01945 return(new_item_p);
01946 }
01947
01948
01949 static struct rsbac_device_list_item_t
01950 * add_device_item(struct rsbac_device_list_item_t * device_p)
01951 {
01952 if (!device_p)
01953 return(NULL);
01954
01955
01956 if (!device_list_head.head)
01957 {
01958 device_list_head.head=device_p;
01959 device_list_head.tail=device_p;
01960 device_list_head.curr=device_p;
01961 device_list_head.count=1;
01962 device_p->prev=NULL;
01963 device_p->next=NULL;
01964 }
01965 else
01966 {
01967 device_p->prev=device_list_head.tail;
01968 device_p->next=NULL;
01969 device_list_head.tail->next=device_p;
01970 device_list_head.tail=device_p;
01971 device_list_head.curr=device_p;
01972 device_list_head.count++;
01973 }
01974 return(device_p);
01975 }
01976
01977
01978
01979
01980
01981
01982
01983
01984 static void clear_device_item(struct rsbac_device_list_item_t * item_p)
01985 {
01986 if(!item_p)
01987 return;
01988
01989
01990 if(item_p->rsbac_dir_dentry_p)
01991 dput(item_p->rsbac_dir_dentry_p);
01992
01993 rsbac_kfree(item_p);
01994 }
01995
01996 static void remove_device_item(kdev_t kdev)
01997 {
01998 struct rsbac_device_list_item_t * item_p;
01999
02000
02001 if ( (item_p = lookup_device(kdev)) )
02002 {
02003 if (device_list_head.head == item_p)
02004 {
02005 if (device_list_head.tail == item_p)
02006 {
02007 device_list_head.head = NULL;
02008 device_list_head.tail = NULL;
02009 }
02010 else
02011 {
02012 item_p->next->prev = NULL;
02013 device_list_head.head = item_p->next;
02014 }
02015 }
02016 else
02017 {
02018 if (device_list_head.tail == item_p)
02019 {
02020 item_p->prev->next = NULL;
02021 device_list_head.tail = item_p->prev;
02022 }
02023 else
02024 {
02025 item_p->prev->next = item_p->next;
02026 item_p->next->prev = item_p->prev;
02027 }
02028 }
02029
02030
02031 device_list_head.curr=NULL;
02032
02033 device_list_head.count--;
02034
02035
02036 aci_detach_fd_lists(item_p);
02037
02038
02039 clear_device_item(item_p);
02040 }
02041
02042 }
02043
02044
02045
02046
02047
02048
02049 static int rsbac_clear_file(struct dentry *dentry)
02050 {
02051 struct inode *inode = dentry->d_inode;
02052 int error;
02053 struct iattr newattrs;
02054
02055 down(&inode->i_sem);
02056 newattrs.ia_size = 0;
02057 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
02058 error = notify_change(dentry, &newattrs);
02059 up(&inode->i_sem);
02060 return error;
02061 }
02062
02063 static void wakeup_auto(u_long dummy)
02064 {
02065 wake_up((void *) dummy);
02066 }
02067
02068 #if defined(CONFIG_RSBAC_REG)
02069 EXPORT_SYMBOL(rsbac_get_super_block);
02070 #endif
02071 struct super_block * rsbac_get_super_block(kdev_t kdev)
02072 {
02073 struct rsbac_device_list_item_t * device_p;
02074 u_long dflags;
02075 struct super_block * sb_p;
02076
02077 if(RSBAC_IS_AUTO_DEV(kdev))
02078 return NULL;
02079
02080
02081 rsbac_read_lock(&device_list_head.lock, &dflags);
02082 device_p = lookup_device(kdev);
02083 if (!device_p)
02084 {
02085 rsbac_read_unlock(&device_list_head.lock, &dflags);
02086 down(&rsbac_write_sem);
02087 up(&rsbac_write_sem);
02088 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02089 sb_p = user_get_super(kdev);
02090 #else
02091 sb_p = get_super(kdev);
02092 #endif
02093 if(!sb_p)
02094 {
02095 DECLARE_WAIT_QUEUE_HEAD(auto_wait);
02096 struct timer_list auto_timer;
02097
02098 rsbac_printk(KERN_INFO
02099 "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n",
02100 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02101 init_timer(&auto_timer);
02102 auto_timer.function = wakeup_auto;
02103 auto_timer.data = (u_long) &auto_wait;
02104 auto_timer.expires = jiffies + HZ;
02105 add_timer(&auto_timer);
02106 interruptible_sleep_on(&auto_wait);
02107
02108 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02109 sb_p = user_get_super(kdev);
02110 #else
02111 sb_p = get_super(kdev);
02112 #endif
02113 }
02114 if(sb_p)
02115 {
02116 device_p = lookup_device(kdev);
02117 if (!device_p)
02118 {
02119 rsbac_printk(KERN_INFO
02120 "rsbac_get_super_block(): auto-mounting device %02u:%02u\n",
02121 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02122 rsbac_mount(sb_p, NULL);
02123 }
02124
02125 drop_super(sb_p);
02126 rsbac_read_lock(&device_list_head.lock, &dflags);
02127 device_p = lookup_device(kdev);
02128 if (!device_p)
02129 {
02130 rsbac_printk(KERN_WARNING
02131 "rsbac_get_super_block(): unknown device %02u:%02u\n",
02132 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02133 rsbac_read_unlock(&device_list_head.lock, &dflags);
02134 return NULL;
02135 }
02136 }
02137 else
02138 {
02139 return NULL;
02140 }
02141 }
02142 sb_p = device_p->sb_p;
02143 rsbac_read_unlock(&device_list_head.lock, &dflags);
02144 return sb_p;
02145 }
02146
02147 #if defined(CONFIG_RSBAC_REG)
02148 EXPORT_SYMBOL(rsbac_read_open);
02149 #endif
02150 int rsbac_read_open(char * name,
02151 struct file * file_p,
02152 kdev_t kdev)
02153 {
02154 struct dentry * dir_dentry_p;
02155 struct dentry * file_dentry_p;
02156 int tmperr, err;
02157
02158 if(!name || !file_p)
02159 {
02160 #ifdef CONFIG_RSBAC_DEBUG
02161 if (rsbac_debug_ds)
02162 {
02163 rsbac_printk(KERN_DEBUG "rsbac_read_open(): called with NULL pointer!");
02164 }
02165 #endif
02166 return(-RSBAC_EINVALIDPOINTER);
02167 }
02168
02169
02170 if ((err=lookup_aci_path_dentry(NULL, &dir_dentry_p, FALSE, kdev)))
02171 {
02172 return(err);
02173 }
02174
02175
02176
02177 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02178 if (!file_dentry_p || IS_ERR (file_dentry_p))
02179 {
02180 return(-RSBAC_EREADFAILED);
02181 }
02182 if (!file_dentry_p->d_inode)
02183 {
02184 char * bname;
02185 int name_len = strlen(name);
02186
02187 dput(file_dentry_p);
02188 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02189 if(!bname)
02190 {
02191 return -RSBAC_ENOMEM;
02192 }
02193
02194 strcpy(bname,name);
02195 bname[name_len] = 'b';
02196 name_len++;
02197 bname[name_len] = (char) 0;
02198 #ifdef CONFIG_RSBAC_DEBUG
02199 if (rsbac_debug_ds)
02200 {
02201 rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup file %s, trying backup %s\n",
02202 name,bname);
02203 }
02204 #endif
02205 file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname));
02206 rsbac_kfree(bname);
02207 if (!file_dentry_p || IS_ERR (file_dentry_p))
02208 {
02209 return(-RSBAC_EREADFAILED);
02210 }
02211 if (!file_dentry_p->d_inode)
02212 {
02213 #ifdef CONFIG_RSBAC_DEBUG
02214 if (rsbac_debug_ds)
02215 {
02216 rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup backup file %sb\n",
02217 name);
02218 }
02219 #endif
02220 dput(file_dentry_p);
02221 return(-RSBAC_ENOTFOUND);
02222 }
02223 }
02224 if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) )
02225 {
02226 rsbac_printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n");
02227 dput(file_dentry_p);
02228 return(-RSBAC_EREADFAILED);
02229 }
02230
02231
02232
02233 if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY)))
02234 {
02235 dput(file_dentry_p);
02236 rsbac_printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n", name);
02237 return -RSBAC_EREADFAILED;
02238 }
02239
02240
02241 if ((!file_p->f_op) || (!file_p->f_op->read))
02242 {
02243 if (!file_p->f_op)
02244 {
02245 rsbac_printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n", name);
02246 }
02247 else
02248 {
02249 rsbac_printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n", name);
02250 if (file_p->f_op->release)
02251 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02252 }
02253 dput(file_dentry_p);
02254 return -RSBAC_EREADFAILED;
02255 }
02256 return 0;
02257 }
02258
02259
02260 #ifndef check_parent
02261 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02262 #define check_parent(dir, dentry) \
02263 ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket))
02264 #else
02265 #define check_parent(dir, dentry) \
02266 ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_hash))
02267 #endif
02268 #endif
02269
02270 #if defined(CONFIG_RSBAC_REG)
02271 EXPORT_SYMBOL(rsbac_write_open);
02272 #endif
02273 int rsbac_write_open(char * name,
02274 struct file * file_p,
02275 kdev_t kdev)
02276 {
02277 struct dentry * dir_dentry_p = NULL;
02278 struct dentry * ldir_dentry_p = NULL;
02279 struct dentry * file_dentry_p = NULL;
02280 int err = 0;
02281 int tmperr = 0;
02282 struct super_block * sb_p;
02283
02284 if(!file_p || !name)
02285 {
02286 #ifdef CONFIG_RSBAC_DEBUG
02287 if (rsbac_debug_write)
02288 {
02289 rsbac_printk(KERN_DEBUG "rsbac_write_open(): called with NULL pointer!\n");
02290 }
02291 #endif
02292 return(-RSBAC_EINVALIDPOINTER);
02293 }
02294
02295
02296 sb_p = rsbac_get_super_block(kdev);
02297 if (!sb_p)
02298 {
02299 rsbac_printk(KERN_WARNING
02300 "rsbac_write_open(): invalid device %02u:%02u\n",
02301 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02302 return (-RSBAC_EINVALIDDEV);
02303 }
02304 if(!writable(sb_p))
02305 {
02306 #ifdef CONFIG_RSBAC_DEBUG
02307 if (rsbac_debug_write)
02308 {
02309 rsbac_printk(KERN_DEBUG
02310 "rsbac_write_open(): called for non-writable device\n");
02311 }
02312 #endif
02313 err = -RSBAC_ENOTWRITABLE;
02314 goto out;
02315 }
02316
02317
02318
02319 if ((tmperr = lookup_aci_path_dentry(sb_p, &dir_dentry_p, TRUE,
02320 kdev)))
02321 {
02322 err = tmperr;
02323 goto out;
02324 }
02325
02326
02327
02328 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02329 if (!file_dentry_p || IS_ERR(file_dentry_p))
02330 {
02331 #ifdef CONFIG_RSBAC_DEBUG
02332 if (rsbac_debug_write)
02333 {
02334 rsbac_printk(KERN_DEBUG
02335 "rsbac_write_open(): lookup of %s returned error %li\n",
02336 name, PTR_ERR(file_dentry_p));
02337 }
02338 #endif
02339 err = -RSBAC_EWRITEFAILED;
02340 goto out;
02341 }
02342
02343 #if 1
02344 if (file_dentry_p->d_inode)
02345 {
02346 if ( !dir_dentry_p->d_inode->i_op
02347 || !dir_dentry_p->d_inode->i_op->rename)
02348 {
02349 rsbac_printk(KERN_WARNING
02350 "rsbac_write_open(): File system supports no rename - no backup of %s made!",
02351 name);
02352 }
02353 else
02354 {
02355 char * bname;
02356 int name_len = strlen(name);
02357 struct dentry * new_file_dentry_p = NULL;
02358 struct dentry * old_dir_p, * new_dir_p;
02359
02360 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02361 if(!bname)
02362 {
02363 err = -RSBAC_ENOMEM;
02364 goto out_dput;
02365 }
02366 strcpy(bname,name);
02367 bname[name_len] = 'b';
02368 bname[name_len+1] = (char) 0;
02369 new_file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname));
02370 if(new_file_dentry_p && !IS_ERR(new_file_dentry_p))
02371 {
02372
02373 old_dir_p = dget(file_dentry_p->d_parent);
02374 new_dir_p = dget(new_file_dentry_p->d_parent);
02375 double_lock(new_dir_p, old_dir_p);
02376
02377 DQUOT_INIT(old_dir_p->d_inode);
02378 DQUOT_INIT(new_dir_p->d_inode);
02379
02380
02381
02382
02383 err = dir_dentry_p->d_inode->i_op->rename(old_dir_p->d_inode,
02384 file_dentry_p,
02385 new_dir_p->d_inode,
02386 new_file_dentry_p);
02387
02388 double_unlock(new_dir_p, old_dir_p);
02389 if(err)
02390 {
02391 rsbac_printk(KERN_WARNING
02392 "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n",
02393 name,bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
02394 }
02395 else
02396 {
02397
02398 if (!(sb_p->s_type->fs_flags & FS_ODD_RENAME))
02399 d_move(file_dentry_p, new_file_dentry_p);
02400 inode_dir_notify(old_dir_p->d_inode, DN_RENAME);
02401 }
02402 dput(new_file_dentry_p);
02403 dput(file_dentry_p);
02404
02405 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02406 if (!file_dentry_p || IS_ERR (file_dentry_p))
02407 {
02408 #ifdef CONFIG_RSBAC_DEBUG
02409 if (rsbac_debug_write)
02410 {
02411 rsbac_printk(KERN_DEBUG
02412 "rsbac_write_open(): relookup of %s returned error %li\n",
02413 name, PTR_ERR(file_dentry_p));
02414 }
02415 #endif
02416 err = -RSBAC_EWRITEFAILED;
02417 goto out;
02418 }
02419 if (file_dentry_p->d_inode)
02420 {
02421 rsbac_printk(KERN_WARNING
02422 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n",
02423 name, file_dentry_p->d_inode->i_ino);
02424
02425 if ( !dir_dentry_p->d_inode->i_op
02426 || !dir_dentry_p->d_inode->i_op->unlink)
02427 {
02428 rsbac_printk(KERN_WARNING
02429 "rsbac_write_open(): File system supports no unlink - %s not deleted!",
02430 name);
02431 rsbac_kfree(bname);
02432 err = -RSBAC_EWRITEFAILED;
02433 goto out_dput;
02434 }
02435 else
02436 {
02437 old_dir_p = lock_parent(file_dentry_p);
02438
02439 DQUOT_INIT(old_dir_p->d_inode);
02440 err = -ENOENT;
02441 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02442 if (check_parent(old_dir_p, file_dentry_p))
02443 {
02444 #endif
02445 err = dir_dentry_p->d_inode->i_op->unlink(old_dir_p->d_inode,
02446 file_dentry_p);
02447 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02448 }
02449 else
02450 {
02451 rsbac_printk(KERN_WARNING
02452 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n",
02453 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
02454 }
02455 #endif
02456
02457 unlock_dir(old_dir_p);
02458
02459 dput(file_dentry_p);
02460 if(err)
02461 {
02462 rsbac_printk(KERN_WARNING
02463 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n",
02464 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
02465 }
02466
02467 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02468 if (!file_dentry_p || IS_ERR (file_dentry_p))
02469 {
02470 #ifdef CONFIG_RSBAC_DEBUG
02471 if (rsbac_debug_write)
02472 {
02473 rsbac_printk(KERN_DEBUG
02474 "rsbac_write_open(): relookup of %s returned error %li\n",
02475 name, PTR_ERR(file_dentry_p));
02476 }
02477 #endif
02478 rsbac_kfree(bname);
02479 err = -RSBAC_EWRITEFAILED;
02480 goto out;
02481 }
02482 if (file_dentry_p->d_inode)
02483 {
02484 rsbac_printk(KERN_WARNING
02485 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n",
02486 name, file_dentry_p->d_inode->i_ino);
02487 rsbac_kfree(bname);
02488 err = -RSBAC_EWRITEFAILED;
02489 goto out_dput;
02490 }
02491 }
02492 }
02493 }
02494 else
02495 {
02496 rsbac_printk(KERN_WARNING
02497 "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n",
02498 bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), PTR_ERR(new_file_dentry_p));
02499 }
02500 rsbac_kfree(bname);
02501 }
02502 }
02503 #endif
02504
02505 if(!file_dentry_p->d_inode)
02506 {
02507
02508 if ( !dir_dentry_p->d_inode->i_op
02509 || !dir_dentry_p->d_inode->i_op->create)
02510 {
02511 rsbac_printk(KERN_WARNING "%s\n",
02512 "rsbac_write_open(): File system supports no create!");
02513 err = -RSBAC_EWRITEFAILED;
02514 goto out_dput;
02515 }
02516
02517
02518 ldir_dentry_p = lock_parent(file_dentry_p);
02519 if(IS_ERR(ldir_dentry_p))
02520 {
02521 #ifdef CONFIG_RSBAC_DEBUG
02522 if (rsbac_debug_write)
02523 {
02524 rsbac_printk(KERN_DEBUG
02525 "rsbac_write_open(): lock_parent of %s returned error %li\n",
02526 name, PTR_ERR(ldir_dentry_p));
02527 }
02528 #endif
02529 err = -RSBAC_EWRITEFAILED;
02530 goto out_dput;
02531 }
02532 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02533 if (!check_parent(ldir_dentry_p, file_dentry_p))
02534 {
02535 #ifdef CONFIG_RSBAC_DEBUG
02536 if (rsbac_debug_write)
02537 {
02538 rsbac_printk(KERN_DEBUG
02539 "rsbac_write_open(): check_parent of %s returned error\n",
02540 name);
02541 }
02542 #endif
02543 unlock_dir(ldir_dentry_p);
02544 err = -RSBAC_EWRITEFAILED;
02545 goto out_dput;
02546 }
02547 #endif
02548
02549
02550
02551
02552
02553 DQUOT_INIT(ldir_dentry_p->d_inode);
02554 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02555 err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode,
02556 file_dentry_p,
02557 RSBAC_ACI_FILE_MODE,
02558 NULL);
02559 #else
02560 err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode,
02561 file_dentry_p,
02562 RSBAC_ACI_FILE_MODE);
02563 #endif
02564 unlock_dir(ldir_dentry_p);
02565
02566 if (err)
02567 {
02568 goto out_dput;
02569 }
02570
02571 }
02572
02573 if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) )
02574 {
02575 rsbac_printk(KERN_WARNING
02576 "rsbac_write_open(): expected file is not a file, mode is %o!\n",
02577 file_dentry_p->d_inode->i_mode);
02578 err = -RSBAC_EWRITEFAILED;
02579 goto out_dput;
02580 }
02581
02582
02583 if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY)))
02584 {
02585 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not init file!\n");
02586 err = -RSBAC_EWRITEFAILED;
02587 goto out_dput;
02588 }
02589
02590
02591 if ((!file_p->f_op) || (!file_p->f_op->write))
02592 {
02593 rsbac_printk(KERN_WARNING
02594 "rsbac_write_open(): file write function missing!\n");
02595 if(file_p->f_op && file_p->f_op->release)
02596 {
02597 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02598 }
02599 err = -RSBAC_EWRITEFAILED;
02600 goto out_dput;
02601 }
02602
02603
02604
02605
02606
02607 if (get_write_access(file_dentry_p->d_inode))
02608 {
02609 rsbac_printk(KERN_WARNING
02610 "rsbac_write_open(): could not get write access!\n");
02611 if (file_p->f_op->release)
02612 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02613 err = -RSBAC_EWRITEFAILED;
02614 goto out_dput;
02615 }
02616
02617 if(rsbac_clear_file(file_dentry_p))
02618 {
02619 if (file_p->f_op->release)
02620 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02621 put_write_access(file_dentry_p->d_inode);
02622 rsbac_printk(KERN_WARNING
02623 "rsbac_write_open(): could not truncate!\n");
02624 err = -RSBAC_EWRITEFAILED;
02625 goto out_dput;
02626 }
02627
02628 file_p->f_flags |= O_SYNC;
02629
02630 out:
02631 return err;
02632
02633 out_dput:
02634 dput(file_dentry_p);
02635 goto out;
02636 }
02637
02638
02639 #if defined(CONFIG_RSBAC_REG)
02640 EXPORT_SYMBOL(rsbac_read_close);
02641 #endif
02642 void rsbac_read_close(struct file * file_p)
02643 {
02644
02645 struct dentry * dentry = file_p->f_dentry;
02646 struct inode * inode = dentry->d_inode;
02647
02648 if (file_p->f_op && file_p->f_op->release)
02649 file_p->f_op->release(inode, file_p);
02650 file_p->f_dentry = NULL;
02651 if (file_p->f_mode & FMODE_WRITE)
02652 put_write_access(inode);
02653 dput(dentry);
02654 }
02655
02656 #if defined(CONFIG_RSBAC_REG)
02657 EXPORT_SYMBOL(rsbac_write_close);
02658 #endif
02659 void rsbac_write_close(struct file * file_p)
02660 {
02661 rsbac_read_close(file_p);
02662 }
02663
02664 #if defined(CONFIG_RSBAC_REG)
02665 EXPORT_SYMBOL(rsbac_get_full_path);
02666 #endif
02667 int rsbac_get_full_path(struct dentry * dentry_p, char path[], int maxlen)
02668 {
02669 int len=0;
02670 char * i_path;
02671 int tmplen=0;
02672 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02673 union rsbac_target_id_t i_tid;
02674 union rsbac_attribute_value_t i_attr_val;
02675 #endif
02676
02677 if(!dentry_p || !path)
02678 return -RSBAC_EINVALIDPOINTER;
02679 if(maxlen <= 0)
02680 return -RSBAC_EINVALIDVALUE;
02681 i_path = rsbac_kmalloc(maxlen + RSBAC_MAXNAMELEN);
02682 if(!i_path)
02683 return -RSBAC_ENOMEM;
02684
02685 path[0] = 0;
02686
02687 while(dentry_p && (len<maxlen) && dentry_p->d_name.len && dentry_p->d_name.name)
02688 {
02689 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02690 if( dentry_p->d_inode
02691 && dentry_p->d_parent
02692 && dentry_p->d_parent->d_inode
02693 && (i_tid.user = dentry_p->d_inode->i_uid)
02694 && (dentry_p->d_inode->i_uid != dentry_p->d_parent->d_inode->i_uid)
02695 && !rsbac_get_attr(GEN,T_USER,i_tid,A_pseudo,&i_attr_val,FALSE)
02696 && i_attr_val.pseudo
02697 )
02698 {
02699 if((maxlen-len) < 12)
02700 {
02701 rsbac_kfree(i_path);
02702 return(len);
02703 }
02704 tmplen = snprintf(i_path, 11, "%u", i_attr_val.pseudo);
02705 }
02706 else
02707 #endif
02708 {
02709 tmplen = dentry_p->d_name.len;
02710 if((tmplen+1) > (maxlen-len))
02711 {
02712 rsbac_kfree(i_path);
02713 return(len);
02714 }
02715 strncpy(i_path, dentry_p->d_name.name, tmplen);
02716 }
02717 if(len && (i_path[tmplen-1] != '/'))
02718 {
02719 i_path[tmplen] = '/';
02720 tmplen++;
02721 }
02722 i_path[tmplen]=0;
02723 strcat(i_path, path);
02724 strcpy(path, i_path);
02725 len += tmplen;
02726 if( dentry_p->d_parent
02727 && (dentry_p->d_parent != dentry_p)
02728 && (dentry_p->d_sb->s_root != dentry_p)
02729 )
02730 dentry_p = dentry_p->d_parent;
02731 else
02732 {
02733 struct rsbac_device_list_item_t * device_p;
02734
02735 device_p = lookup_device(dentry_p->d_sb->s_dev);
02736 if( device_p
02737 && device_p->d_covers
02738 )
02739 dentry_p = device_p->d_covers;
02740 else
02741 break;
02742 }
02743 }
02744 rsbac_kfree(i_path);
02745 return(len);
02746 }
02747
02748 #if defined(CONFIG_RSBAC_REG)
02749 EXPORT_SYMBOL(rsbac_get_full_path_length);
02750 #endif
02751 int rsbac_get_full_path_length(struct dentry * dentry_p)
02752 {
02753 int len=0;
02754 int tmplen=0;
02755
02756 if(!dentry_p)
02757 return -RSBAC_EINVALIDPOINTER;
02758
02759 while(dentry_p && dentry_p->d_name.len && dentry_p->d_name.name)
02760 {
02761 tmplen = dentry_p->d_name.len;
02762 if(len && (dentry_p->d_name.name[tmplen-1] != '/'))
02763 {
02764 tmplen++;
02765 }
02766 len += tmplen;
02767 if( dentry_p->d_parent
02768 && (dentry_p->d_parent != dentry_p)
02769 && (dentry_p->d_sb->s_root != dentry_p)
02770 )
02771 dentry_p = dentry_p->d_parent;
02772 else
02773 {
02774 struct rsbac_device_list_item_t * device_p;
02775
02776 device_p = lookup_device(dentry_p->d_sb->s_dev);
02777 if( device_p
02778 && device_p->d_covers
02779 )
02780 dentry_p = device_p->d_covers;
02781 else
02782 break;
02783 }
02784 }
02785 return(len);
02786 }
02787
02788
02789
02790
02791
02792 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
02793 static int
02794 devices_proc_info(char *buffer, char **start, off_t offset, int length)
02795 {
02796 int len = 0;
02797 off_t pos = 0;
02798 off_t begin = 0;
02799 struct rsbac_device_list_item_t * device_p;
02800 u_long dflags;
02801
02802 if (!rsbac_initialized) return (-ENOSYS);
02803
02804 len += sprintf(buffer, "%u RSBAC Devices\n---------------\n",
02805 device_list_head.count);
02806
02807
02808 rsbac_read_lock(&device_list_head.lock, &dflags);
02809
02810 for (device_p = device_list_head.head; device_p; device_p = device_p->next)
02811 {
02812 if(device_p->sb_p && device_p->sb_p->s_type && device_p->sb_p->s_type->name)
02813 len += sprintf(buffer + len, "%02u:%02u with mount_count = %u, d_covers = %p, fs_type = %s\n",
02814 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
02815 device_p->mount_count,
02816 device_p->d_covers,
02817 device_p->sb_p->s_type->name);
02818 else
02819 len += sprintf(buffer + len, "%02u:%02u with mount_count = %u, d_covers = %p\n",
02820 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
02821 device_p->mount_count,
02822 device_p->d_covers);
02823 pos = begin + len;
02824 if (pos < offset)
02825 {
02826 len = 0;
02827 begin = pos;
02828 }
02829 if (pos > offset+length) break;
02830 }
02831
02832
02833 rsbac_read_unlock(&device_list_head.lock, &dflags);
02834
02835 *start = buffer + (offset - begin);
02836 len -= (offset - begin);
02837
02838 if (len > length)
02839 len = length;
02840 return len;
02841 }
02842
02843 static int
02844 stats_proc_info(char *buffer, char **start, off_t offset, int length)
02845 {
02846 u_int len = 0;
02847 off_t pos = 0;
02848 off_t begin = 0;
02849 struct rsbac_device_list_item_t * device_p;
02850 int i;
02851 u_long fd_count, fd_dev_count, fd_sum = 0;
02852 u_long sum = 0;
02853 u_long total_sum = 0;
02854 long tmp_count;
02855 u_long dflags;
02856
02857 union rsbac_target_id_t rsbac_target_id;
02858 union rsbac_attribute_value_t rsbac_attribute_value;
02859
02860 if (!rsbac_initialized) return (-ENOSYS);
02861
02862 #ifdef CONFIG_RSBAC_DEBUG
02863 if (rsbac_debug_aef)
02864 {
02865 rsbac_printk(KERN_DEBUG "stats_proc_info(): calling ADF\n");
02866 }
02867 #endif
02868 rsbac_target_id.scd = ST_rsbac;
02869 rsbac_attribute_value.dummy = 0;
02870 if (!rsbac_adf_request(R_GET_STATUS_DATA,
02871 current->pid,
02872 T_SCD,
02873 rsbac_target_id,
02874 A_none,
02875 rsbac_attribute_value))
02876 {
02877 return -EPERM;
02878 }
02879
02880 #ifdef CONFIG_RSBAC_MAINT
02881 len = sprintf(buffer, "RSBAC Status\n------------\nRSBAC Version: %s (Maintenance Mode)\nSupported Modules:%s\n",
02882 RSBAC_VERSION, compiled_modules);
02883 #else
02884 len = sprintf(buffer, "RSBAC Status\n------------\nRSBAC Version: %s\nCompiled Modules:%s\n",
02885 RSBAC_VERSION, compiled_modules);
02886 #endif
02887 pos = begin + len;
02888 if (pos < offset)
02889 {
02890 len = 0;
02891 begin = pos;
02892 }
02893 if (pos > offset+length)
02894 goto out;
02895
02896 #ifdef CONFIG_RSBAC_SWITCH
02897 {
02898 char * active_modules;
02899
02900 active_modules = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02901 if(active_modules)
02902 {
02903 active_modules[0] = (char) 0;
02904 #ifdef CONFIG_RSBAC_REG
02905 strcat(active_modules, " REG");
02906 #endif
02907 #ifdef CONFIG_RSBAC_MAC
02908 #ifdef CONFIG_RSBAC_SWITCH_MAC
02909 if(rsbac_switch_mac)
02910 #endif
02911 #ifdef CONFIG_RSBAC_MAC_LIGHT
02912 strcat(active_modules, " MAC-L");
02913 #else
02914 strcat(active_modules, " MAC");
02915 #endif
02916 #endif
02917 #ifdef CONFIG_RSBAC_PM
02918 #ifdef CONFIG_RSBAC_SWITCH_PM
02919 if(rsbac_switch_pm)
02920 #endif
02921 strcat(active_modules, " PM");
02922 #endif
02923 #ifdef CONFIG_RSBAC_DAZ
02924 #ifdef CONFIG_RSBAC_SWITCH_DAZ
02925 if(rsbac_switch_daz)
02926 #endif
02927 strcat(active_modules, " DAZ");
02928 #endif
02929 #ifdef CONFIG_RSBAC_FF
02930 #ifdef CONFIG_RSBAC_SWITCH_FF
02931 if(rsbac_switch_ff)
02932 #endif
02933 strcat(active_modules, " FF");
02934 #endif
02935 #ifdef CONFIG_RSBAC_RC
02936 #ifdef CONFIG_RSBAC_SWITCH_RC
02937 if(rsbac_switch_rc)
02938 #endif
02939 strcat(active_modules, " RC");
02940 #endif
02941 #ifdef CONFIG_RSBAC_AUTH
02942 #ifdef CONFIG_RSBAC_SWITCH_AUTH
02943 if(rsbac_switch_auth)
02944 #endif
02945 strcat(active_modules, " AUTH");
02946 #endif
02947 #ifdef CONFIG_RSBAC_ACL
02948 #ifdef CONFIG_RSBAC_SWITCH_ACL
02949 if(rsbac_switch_acl)
02950 #endif
02951 strcat(active_modules, " ACL");
02952 #endif
02953 #ifdef CONFIG_RSBAC_CAP
02954 #ifdef CONFIG_RSBAC_SWITCH_CAP
02955 if(rsbac_switch_cap)
02956 #endif
02957 strcat(active_modules, " CAP");
02958 #endif
02959 #ifdef CONFIG_RSBAC_JAIL
02960 #ifdef CONFIG_RSBAC_SWITCH_JAIL
02961 if(rsbac_switch_jail)
02962 #endif
02963 strcat(active_modules, " JAIL");
02964 #endif
02965 #ifdef CONFIG_RSBAC_RES
02966 #ifdef CONFIG_RSBAC_SWITCH_RES
02967 if(rsbac_switch_res)
02968 #endif
02969 strcat(active_modules, " RES");
02970 #endif
02971 #ifdef CONFIG_RSBAC_PAX
02972 #ifdef CONFIG_RSBAC_SWITCH_PAX
02973 if(rsbac_switch_pax)
02974 #endif
02975 strcat(active_modules, " PAX");
02976 #endif
02977 len += sprintf(buffer+len, "Active Modules: %s\n",
02978 active_modules);
02979 rsbac_kfree(active_modules);
02980 pos = begin + len;
02981 if (pos < offset)
02982 {
02983 len = 0;
02984 begin = pos;
02985 }
02986 if (pos > offset+length)
02987 goto out;
02988 }
02989 }
02990 #else
02991 len += sprintf(buffer+len, "All modules active (no switching)\n");
02992 pos = begin + len;
02993 if (pos < offset)
02994 {
02995 len = 0;
02996 begin = pos;
02997 }
02998 if (pos > offset+length)
02999 goto out;
03000 #endif
03001
03002 #ifdef CONFIG_RSBAC_SOFTMODE
03003 if(rsbac_softmode)
03004 {
03005 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03006 len += sprintf(buffer+len, "Global softmode is enabled\n");
03007 #else
03008 len += sprintf(buffer+len, "Softmode is enabled\n");
03009 #endif
03010 pos = begin + len;
03011 if (pos < offset)
03012 {
03013 len = 0;
03014 begin = pos;
03015 }
03016 if (pos > offset+length)
03017 goto out;
03018 }
03019 else
03020 {
03021 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03022 len += sprintf(buffer+len, "Global softmode is disabled\n");
03023 #else
03024 len += sprintf(buffer+len, "Softmode is disabled\n");
03025 #endif
03026 pos = begin + len;
03027 if (pos < offset)
03028 {
03029 len = 0;
03030 begin = pos;
03031 }
03032 if (pos > offset+length)
03033 goto out;
03034 }
03035 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03036 {
03037 char * tmp;
03038
03039 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
03040 if(tmp)
03041 {
03042 len += sprintf(buffer+len, "Individual softmode enabled for:");
03043 for(i=0; i<=RSBAC_MAX_MOD; i++)
03044 if(rsbac_ind_softmode[i])
03045 len += sprintf(buffer+len, " %s", get_switch_target_name(tmp, i));
03046 rsbac_kfree(tmp);
03047 len += sprintf(buffer+len, "\n");
03048 pos = begin + len;
03049 if (pos < offset)
03050 {
03051 len = 0;
03052 begin = pos;
03053 }
03054 if (pos > offset+length)
03055 goto out;
03056 }
03057 }
03058 #endif
03059 #endif
03060
03061 len += sprintf(buffer+len, "\n");
03062
03063
03064 rsbac_read_lock(&device_list_head.lock, &dflags);
03065
03066 device_p = device_list_head.head;
03067 if(device_p)
03068 len += sprintf(buffer + len, "FD items:\n");
03069 while (device_p)
03070 {
03071 fd_dev_count = 0;
03072
03073 fd_count = 0;
03074 for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++)
03075 {
03076 tmp_count = rsbac_list_count(device_p->handles.gen[i]);
03077 if(tmp_count > 0)
03078 fd_count+=tmp_count;
03079 }
03080 len += sprintf(buffer + len, "Dev %02u:%02u: %lu GEN",
03081 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count);
03082 fd_dev_count += fd_count;
03083
03084 #if defined(CONFIG_RSBAC_MAC)
03085 fd_count = 0;
03086 for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++)
03087 {
03088 tmp_count = rsbac_list_count(device_p->handles.mac[i]);
03089 if(tmp_count > 0)
03090 fd_count+=tmp_count;
03091 }
03092 len += sprintf(buffer + len, ", %lu MAC",
03093 fd_count);
03094 fd_dev_count += fd_count;
03095 #endif
03096
03097 #if defined(CONFIG_RSBAC_PM)
03098 fd_count = 0;
03099 for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++)
03100 {
03101 tmp_count = rsbac_list_count(device_p->handles.pm[i]);
03102 if(tmp_count > 0)
03103 fd_count+=tmp_count;
03104 }
03105 len += sprintf(buffer + len, ", %lu PM",
03106 fd_count);
03107 fd_dev_count += fd_count;
03108 #endif
03109
03110 #if defined(CONFIG_RSBAC_DAZ)
03111 fd_count = 0;
03112 for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++)
03113 {
03114 tmp_count = rsbac_list_count(device_p->handles.daz[i]);
03115 if(tmp_count > 0)
03116 fd_count+=tmp_count;
03117 }
03118 len += sprintf(buffer + len, ", %lu DAZ",
03119 fd_count);
03120 fd_dev_count += fd_count;
03121 #if defined(CONFIG_RSBAC_DAZ_CACHE)
03122 fd_count = 0;
03123 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
03124 {
03125 tmp_count = rsbac_list_count(device_p->handles.dazs[i]);
03126 if(tmp_count > 0)
03127 fd_count+=tmp_count;
03128 }
03129 len += sprintf(buffer + len, ", %lu DAZ_SCANNED",
03130 fd_count);
03131 fd_dev_count += fd_count;
03132 #endif
03133 #endif
03134
03135 #if defined(CONFIG_RSBAC_FF)
03136 fd_count = 0;
03137 for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++)
03138 {
03139 tmp_count = rsbac_list_count(device_p->handles.ff[i]);
03140 if(tmp_count > 0)
03141 fd_count+=tmp_count;
03142 }
03143 len += sprintf(buffer + len, ", %lu FF",
03144 fd_count);
03145 fd_dev_count += fd_count;
03146 #endif
03147
03148 #if defined(CONFIG_RSBAC_RC)
03149 fd_count = 0;
03150 for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++)
03151 {
03152 tmp_count = rsbac_list_count(device_p->handles.rc[i]);
03153 if(tmp_count > 0)
03154 fd_count+=tmp_count;
03155 }
03156 len += sprintf(buffer + len, ", %lu RC",
03157 fd_count);
03158 fd_dev_count += fd_count;
03159 #endif
03160
03161 #if defined(CONFIG_RSBAC_AUTH)
03162 fd_count = 0;
03163 for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++)
03164 {
03165 tmp_count = rsbac_list_count(device_p->handles.auth[i]);
03166 if(tmp_count > 0)
03167 fd_count+=tmp_count;
03168 }
03169 len += sprintf(buffer + len, ", %lu AUTH",
03170 fd_count);
03171 fd_dev_count += fd_count;
03172 #endif
03173
03174 #if defined(CONFIG_RSBAC_CAP)
03175 fd_count = 0;
03176 for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++)
03177 {
03178 tmp_count = rsbac_list_count(device_p->handles.cap[i]);
03179 if(tmp_count > 0)
03180 fd_count+=tmp_count;
03181 }
03182 len += sprintf(buffer + len, ", %lu CAP",
03183 fd_count);
03184 fd_dev_count += fd_count;
03185 #endif
03186
03187 #if defined(CONFIG_RSBAC_RES)
03188 fd_count = 0;
03189 for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++)
03190 {
03191 tmp_count = rsbac_list_count(device_p->handles.res[i]);
03192 if(tmp_count > 0)
03193 fd_count+=tmp_count;
03194 }
03195 len += sprintf(buffer + len, ", %lu RES",
03196 fd_count);
03197 fd_dev_count += fd_count;
03198 #endif
03199
03200 #if defined(CONFIG_RSBAC_PAX)
03201 fd_count = 0;
03202 for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++)
03203 {
03204 tmp_count = rsbac_list_count(device_p->handles.pax[i]);
03205 if(tmp_count > 0)
03206 fd_count+=tmp_count;
03207 }
03208 len += sprintf(buffer + len, ", %lu PAX",
03209 fd_count);
03210 fd_dev_count += fd_count;
03211 #endif
03212
03213 len += sprintf(buffer + len, ", %lu total\n",
03214 fd_dev_count);
03215 pos = begin + len;
03216 if (pos < offset)
03217 {
03218 len = 0;
03219 begin = pos;
03220 }
03221 if (pos > offset+length)
03222 {
03223
03224 rsbac_read_unlock(&device_list_head.lock, &dflags);
03225 goto out;
03226 }
03227 fd_sum += fd_dev_count;
03228 device_p = device_p->next;
03229 }
03230 len += sprintf(buffer + len, "Sum of %u Devices with %lu fd-items\n\n",
03231 device_list_head.count, fd_sum);
03232 total_sum += fd_sum;
03233
03234 rsbac_read_unlock(&device_list_head.lock, &dflags);
03235 pos = begin + len;
03236 if (pos < offset)
03237 {
03238 len = 0;
03239 begin = pos;
03240 }
03241 if (pos > offset+length)
03242 goto out;
03243
03244
03245 sum = 0;
03246 tmp_count = rsbac_list_count(dev_handles.gen);
03247 len += sprintf(buffer + len, "DEV: %lu GEN",
03248 tmp_count);
03249 sum += tmp_count;
03250 #if defined(CONFIG_RSBAC_MAC)
03251 tmp_count = rsbac_list_count(dev_handles.mac);
03252 len += sprintf(buffer + len, ", %lu MAC",
03253 tmp_count);
03254 sum += tmp_count;
03255 #endif
03256 #if defined(CONFIG_RSBAC_PM)
03257 tmp_count = rsbac_list_count(dev_handles.pm);
03258 len += sprintf(buffer + len, ", %lu PM",
03259 tmp_count);
03260 sum += tmp_count;
03261 #endif
03262 #if defined(CONFIG_RSBAC_RC)
03263 tmp_count = rsbac_list_count(dev_major_handles.rc);
03264 len += sprintf(buffer + len, ", %lu major RC",
03265 tmp_count);
03266 sum += tmp_count;
03267 tmp_count = rsbac_list_count(dev_handles.rc);
03268 len += sprintf(buffer + len, ", %lu RC",
03269 tmp_count);
03270 sum += tmp_count;
03271 #endif
03272 len += sprintf(buffer + len, ", %lu total\n",
03273 sum);
03274 total_sum += sum;
03275 pos = begin + len;
03276 if (pos < offset)
03277 {
03278 len = 0;
03279 begin = pos;
03280 }
03281 if (pos > offset+length)
03282 goto out;
03283
03284
03285 sum = 0;
03286 len += sprintf(buffer + len, "IPC: 0 GEN");
03287 #if defined(CONFIG_RSBAC_MAC)
03288 tmp_count = rsbac_list_count(ipc_handles.mac);
03289 len += sprintf(buffer + len, ", %lu MAC",
03290 tmp_count);
03291 sum += tmp_count;
03292 #endif
03293 #if defined(CONFIG_RSBAC_PM)
03294 tmp_count = rsbac_list_count(ipc_handles.pm);
03295 len += sprintf(buffer + len, ", %lu PM",
03296 tmp_count);
03297 sum += tmp_count;
03298 #endif
03299 #if defined(CONFIG_RSBAC_RC)
03300 tmp_count = rsbac_list_count(ipc_handles.rc);
03301 len += sprintf(buffer + len, ", %lu RC",
03302 tmp_count);
03303 sum += tmp_count;
03304 #endif
03305 #if defined(CONFIG_RSBAC_JAIL)
03306 tmp_count = rsbac_list_count(ipc_handles.jail);
03307 len += sprintf(buffer + len, ", %lu JAIL",
03308 tmp_count);
03309 sum += tmp_count;
03310 #endif
03311 len += sprintf(buffer + len, ", %lu total\n",
03312 sum);
03313 total_sum += sum;
03314 pos = begin + len;
03315 if (pos < offset)
03316 {
03317 len = 0;
03318 begin = pos;
03319 }
03320 if (pos > offset+length)
03321 goto out;
03322
03323
03324 sum = 0;
03325 tmp_count = rsbac_list_count(user_handles.gen);
03326 len += sprintf(buffer + len, "USER: %lu GEN",
03327 tmp_count);
03328 sum += tmp_count;
03329 #if defined(CONFIG_RSBAC_MAC)
03330 tmp_count = rsbac_list_count(user_handles.mac);
03331 len += sprintf(buffer + len, ", %lu MAC",
03332 tmp_count);
03333 sum += tmp_count;
03334 #endif
03335 #if defined(CONFIG_RSBAC_PM)
03336 tmp_count = rsbac_list_count(user_handles.pm);
03337 len += sprintf(buffer + len, ", %lu PM",
03338 tmp_count);
03339 sum += tmp_count;
03340 #endif
03341 #if defined(CONFIG_RSBAC_DAZ)
03342 tmp_count = rsbac_list_count(user_handles.daz);
03343 len += sprintf(buffer + len, ", %lu DAZ",
03344 tmp_count);
03345 sum += tmp_count;
03346 #endif
03347 #if defined(CONFIG_RSBAC_FF)
03348 tmp_count = rsbac_list_count(user_handles.ff);
03349 len += sprintf(buffer + len, ", %lu FF",
03350 tmp_count);
03351 sum += tmp_count;
03352 #endif
03353 #if defined(CONFIG_RSBAC_RC)
03354 tmp_count = rsbac_list_count(user_handles.rc);
03355 len += sprintf(buffer + len, ", %lu RC",
03356 tmp_count);
03357 sum += tmp_count;
03358 #endif
03359 #if defined(CONFIG_RSBAC_AUTH)
03360 tmp_count = rsbac_list_count(user_handles.auth);
03361 len += sprintf(buffer + len, ", %lu AUTH",
03362 tmp_count);
03363 sum += tmp_count;
03364 #endif
03365 #if defined(CONFIG_RSBAC_CAP)
03366 tmp_count = rsbac_list_count(user_handles.cap);
03367 len += sprintf(buffer + len, ", %lu CAP",
03368 tmp_count);
03369 sum += tmp_count;
03370 #endif
03371 #if defined(CONFIG_RSBAC_JAIL)
03372 tmp_count = rsbac_list_count(user_handles.jail);
03373 len += sprintf(buffer + len, ", %lu JAIL",
03374 tmp_count);
03375 sum += tmp_count;
03376 #endif
03377 #if defined(CONFIG_RSBAC_RES)
03378 tmp_count = rsbac_list_count(user_handles.res);
03379 len += sprintf(buffer + len, ", %lu RES",
03380 tmp_count);
03381 sum += tmp_count;
03382 #endif
03383 #if defined(CONFIG_RSBAC_PAX)
03384 tmp_count = rsbac_list_count(user_handles.pax);
03385 len += sprintf(buffer + len, ", %lu PAX",
03386 tmp_count);
03387 sum += tmp_count;
03388 #endif
03389 len += sprintf(buffer + len, ", %lu total\n",
03390 sum);
03391 total_sum += sum;
03392 pos = begin + len;
03393 if (pos < offset)
03394 {
03395 len = 0;
03396 begin = pos;
03397 }
03398 if (pos > offset+length)
03399 goto out;
03400
03401
03402 sum = 0;
03403 tmp_count = 0;
03404 for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++)
03405 tmp_count += rsbac_list_count(process_handles.gen[i]);
03406 len += sprintf(buffer + len, "PROCESS: %lu GEN",
03407 tmp_count);
03408 sum += tmp_count;
03409 #if defined(CONFIG_RSBAC_MAC)
03410 tmp_count = 0;
03411 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
03412 tmp_count += rsbac_list_count(process_handles.mac[i]);
03413 len += sprintf(buffer + len, ", %lu MAC",
03414 tmp_count);
03415 sum += tmp_count;
03416 #endif
03417 #if defined(CONFIG_RSBAC_PM)
03418 tmp_count = rsbac_list_count(process_handles.pm);
03419 len += sprintf(buffer + len, ", %lu PM",
03420 tmp_count);
03421 sum += tmp_count;
03422 #endif
03423 #if defined(CONFIG_RSBAC_DAZ)
03424 tmp_count = rsbac_list_count(process_handles.daz);
03425 len += sprintf(buffer + len, ", %lu DAZ",
03426 tmp_count);
03427 sum += tmp_count;
03428 #endif
03429 #if defined(CONFIG_RSBAC_RC)
03430 tmp_count = 0;
03431 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
03432 tmp_count += rsbac_list_count(process_handles.rc[i]);
03433 len += sprintf(buffer + len, ", %lu RC",
03434 tmp_count);
03435 sum += tmp_count;
03436 #endif
03437 #if defined(CONFIG_RSBAC_AUTH)
03438 tmp_count = rsbac_list_count(process_handles.auth);
03439 len += sprintf(buffer + len, ", %lu AUTH",
03440 tmp_count);
03441 sum += tmp_count;
03442 #endif
03443 #if defined(CONFIG_RSBAC_CAP)
03444 tmp_count = rsbac_list_count(process_handles.cap);
03445 len += sprintf(buffer + len, ", %lu CAP",
03446 tmp_count);
03447 sum += tmp_count;
03448 #endif
03449 #if defined(CONFIG_RSBAC_JAIL)
03450 tmp_count = 0;
03451 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
03452 tmp_count += rsbac_list_count(process_handles.jail[i]);
03453 len += sprintf(buffer + len, ", %lu JAIL",
03454 tmp_count);
03455 sum += tmp_count;
03456 #endif
03457 len += sprintf(buffer + len, ", %lu total\n",
03458 sum);
03459 total_sum += sum;
03460 pos = begin + len;
03461 if (pos < offset)
03462 {
03463 len = 0;
03464 begin = pos;
03465 }
03466 if (pos > offset+length)
03467 goto out;
03468
03469 #if defined(CONFIG_RSBAC_UM)
03470
03471 sum = 0;
03472 len += sprintf(buffer + len, "GROUP:");
03473 #if defined(CONFIG_RSBAC_RC_UM_PROT)
03474 tmp_count = rsbac_list_count(group_handles.rc);
03475 len += sprintf(buffer + len, " %lu RC,",
03476 tmp_count);
03477 sum += tmp_count;
03478 #endif
03479 len += sprintf(buffer + len, " %lu total\n",
03480 sum);
03481 total_sum += sum;
03482 pos = begin + len;
03483 if (pos < offset)
03484 {
03485 len = 0;
03486 begin = pos;
03487 }
03488 if (pos > offset+length)
03489 goto out;
03490 #endif
03491
03492 #if defined(CONFIG_RSBAC_NET_DEV)
03493
03494 sum = 0;
03495 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
03496 tmp_count = rsbac_list_count(netdev_handles.gen);
03497 len += sprintf(buffer + len, "NETDEV: %lu GEN, ",
03498 tmp_count);
03499 sum += tmp_count;
03500 #else
03501 len += sprintf(buffer + len, "NETDEV: ");
03502 #endif
03503 #if defined(CONFIG_RSBAC_RC)
03504 tmp_count = rsbac_list_count(netdev_handles.rc);
03505 len += sprintf(buffer + len, "%lu RC, ",
03506 tmp_count);
03507 sum += tmp_count;
03508 #endif
03509 len += sprintf(buffer + len, "%lu total\n",
03510 sum);
03511 total_sum += sum;
03512 pos = begin + len;
03513 if (pos < offset)
03514 {
03515 len = 0;
03516 begin = pos;
03517 }
03518 if (pos > offset+length)
03519 goto out;
03520
03521 #endif
03522
03523 #if defined(CONFIG_RSBAC_NET_OBJ)
03524
03525 tmp_count = rsbac_list_count(net_temp_handle);
03526 len += sprintf(buffer + len, "%lu Network Templates\n",
03527 tmp_count);
03528
03529
03530 sum = 0;
03531 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
03532 tmp_count = rsbac_list_count(nettemp_handles.gen);
03533 len += sprintf(buffer + len, "NETTEMP: %lu GEN, ",
03534 tmp_count);
03535 sum += tmp_count;
03536 #else
03537 len += sprintf(buffer + len, "NETTEMP: ");
03538 #endif
03539 #if defined(CONFIG_RSBAC_MAC)
03540 tmp_count = rsbac_list_count(nettemp_handles.mac);
03541 len += sprintf(buffer + len, "%lu MAC, ",
03542 tmp_count);
03543 sum += tmp_count;
03544 #endif
03545 #if defined(CONFIG_RSBAC_PM)
03546 tmp_count = rsbac_list_count(nettemp_handles.pm);
03547 len += sprintf(buffer + len, "%lu PM, ",
03548 tmp_count);
03549 sum += tmp_count;
03550 #endif
03551 #if defined(CONFIG_RSBAC_RC)
03552 tmp_count = rsbac_list_count(nettemp_handles.rc);
03553 len += sprintf(buffer + len, "%lu RC, ",
03554 tmp_count);
03555 sum += tmp_count;
03556 #endif
03557 len += sprintf(buffer + len, "%lu total\n",
03558 sum);
03559 total_sum += sum;
03560 pos = begin + len;
03561 if (pos < offset)
03562 {
03563 len = 0;
03564 begin = pos;
03565 }
03566 if (pos > offset+length)
03567 goto out;
03568
03569
03570 sum = 0;
03571 len += sprintf(buffer + len, "LNETOBJ: ");
03572 #if defined(CONFIG_RSBAC_MAC)
03573 tmp_count = rsbac_list_count(lnetobj_handles.mac);
03574 len += sprintf(buffer + len, "%lu MAC, ",
03575 tmp_count);
03576 sum += tmp_count;
03577 #endif
03578 #if defined(CONFIG_RSBAC_PM)
03579 tmp_count = rsbac_list_count(lnetobj_handles.pm);
03580 len += sprintf(buffer + len, "%lu PM, ",
03581 tmp_count);
03582 sum += tmp_count;
03583 #endif
03584 #if defined(CONFIG_RSBAC_RC)
03585 tmp_count = rsbac_list_count(lnetobj_handles.rc);
03586 len += sprintf(buffer + len, "%lu RC, ",
03587 tmp_count);
03588 sum += tmp_count;
03589 #endif
03590 len += sprintf(buffer + len, "%lu total\n",
03591 sum);
03592 total_sum += sum;
03593 pos = begin + len;
03594 if (pos < offset)
03595 {
03596 len = 0;
03597 begin = pos;
03598 }
03599 if (pos > offset+length)
03600 goto out;
03601
03602
03603 sum = 0;
03604 len += sprintf(buffer + len, "RNETOBJ: ");
03605 #if defined(CONFIG_RSBAC_MAC)
03606 tmp_count = rsbac_list_count(rnetobj_handles.mac);
03607 len += sprintf(buffer + len, "%lu MAC, ",
03608 tmp_count);
03609 sum += tmp_count;
03610 #endif
03611 #if defined(CONFIG_RSBAC_PM)
03612 tmp_count = rsbac_list_count(rnetobj_handles.pm);
03613 len += sprintf(buffer + len, "%lu PM, ",
03614 tmp_count);
03615 sum += tmp_count;
03616 #endif
03617 #if defined(CONFIG_RSBAC_RC)
03618 tmp_count = rsbac_list_count(rnetobj_handles.rc);
03619 len += sprintf(buffer + len, "%lu RC, ",
03620 tmp_count);
03621 sum += tmp_count;
03622 #endif
03623 len += sprintf(buffer + len, "%lu total\n",
03624 sum);
03625 total_sum += sum;
03626 pos = begin + len;
03627 if (pos < offset)
03628 {
03629 len = 0;
03630 begin = pos;
03631 }
03632 if (pos > offset+length)
03633 goto out;
03634
03635 #endif
03636
03637 len += sprintf(buffer + len,
03638 "Total sum of %lu registered rsbac-items\n",
03639 total_sum);
03640 pos = begin + len;
03641 if (pos < offset)
03642 {
03643 len = 0;
03644 begin = pos;
03645 }
03646 if (pos > offset+length)
03647 goto out;
03648
03649 len += sprintf(buffer + len,
03650 "\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
03651 rsbac_adf_request_count[T_FILE],
03652 rsbac_adf_request_count[T_DIR],
03653 rsbac_adf_request_count[T_FIFO],
03654 rsbac_adf_request_count[T_SYMLINK],
03655 rsbac_adf_request_count[T_DEV],
03656 rsbac_adf_request_count[T_IPC],
03657 rsbac_adf_request_count[T_SCD],
03658 rsbac_adf_request_count[T_USER],
03659 rsbac_adf_request_count[T_PROCESS],
03660 rsbac_adf_request_count[T_NETDEV],
03661 rsbac_adf_request_count[T_NETTEMP],
03662 rsbac_adf_request_count[T_NETOBJ]);
03663 pos = begin + len;
03664 if (pos < offset)
03665 {
03666 len = 0;
03667 begin = pos;
03668 }
03669 if (pos > offset+length)
03670 goto out;
03671
03672 len += sprintf(buffer + len,
03673 "adf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
03674 rsbac_adf_set_attr_count[T_FILE],
03675 rsbac_adf_set_attr_count[T_DIR],
03676 rsbac_adf_set_attr_count[T_FIFO],
03677 rsbac_adf_set_attr_count[T_SYMLINK],
03678 rsbac_adf_set_attr_count[T_DEV],
03679 rsbac_adf_set_attr_count[T_IPC],
03680 rsbac_adf_set_attr_count[T_SCD],
03681 rsbac_adf_set_attr_count[T_USER],
03682 rsbac_adf_set_attr_count[T_PROCESS],
03683 rsbac_adf_set_attr_count[T_NETDEV],
03684 rsbac_adf_set_attr_count[T_NETTEMP],
03685 rsbac_adf_set_attr_count[T_NETOBJ]);
03686 pos = begin + len;
03687 if (pos < offset)
03688 {
03689 len = 0;
03690 begin = pos;
03691 }
03692
03693 out:
03694 *start = buffer + (offset - begin);
03695 len -= (offset - begin);
03696
03697 if (len > length)
03698 len = length;
03699 return len;
03700 }
03701
03702 static int
03703 active_proc_info(char *buffer, char **start, off_t offset, int length)
03704 {
03705 u_int len = 0;
03706 off_t pos = 0;
03707 off_t begin = 0;
03708
03709 union rsbac_target_id_t rsbac_target_id;
03710 union rsbac_attribute_value_t rsbac_attribute_value;
03711
03712 if (!rsbac_initialized) return (-ENOSYS);
03713
03714 #ifdef CONFIG_RSBAC_DEBUG
03715 if (rsbac_debug_aef)
03716 {
03717 rsbac_printk(KERN_DEBUG "stats_proc_info(): calling ADF\n");
03718 }
03719 #endif
03720 rsbac_target_id.scd = ST_rsbac;
03721 rsbac_attribute_value.dummy = 0;
03722 if (!rsbac_adf_request(R_GET_STATUS_DATA,
03723 current->pid,
03724 T_SCD,
03725 rsbac_target_id,
03726 A_none,
03727 rsbac_attribute_value))
03728 {
03729 return -EPERM;
03730 }
03731
03732 len = sprintf(buffer, "Version: %s\n",
03733 RSBAC_VERSION);
03734 #ifdef CONFIG_RSBAC_MAINT
03735 len += sprintf(buffer+len, "Mode: Maintenance\n");
03736 len += sprintf(buffer+len, "Softmode: unavailable\n");
03737 #else
03738 #ifdef CONFIG_RSBAC_SOFTMODE
03739 if(rsbac_softmode)
03740 len += sprintf(buffer+len, "Mode: SOFTMODE\n");
03741 else
03742 #endif
03743 len += sprintf(buffer+len, "Mode: Secure\n");
03744 #ifdef CONFIG_RSBAC_SOFTMODE
03745 len += sprintf(buffer+len, "Softmode: available\n");
03746 #else
03747 len += sprintf(buffer+len, "Softmode: unavailable\n");
03748 #endif
03749 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03750 len += sprintf(buffer+len, "Ind-Soft: available\n");
03751 #else
03752 len += sprintf(buffer+len, "Ind-Soft: unavailable\n");
03753 #endif
03754 #ifdef CONFIG_RSBAC_SWITCH
03755 len += sprintf(buffer+len, "Switching: available for");
03756 #ifdef CONFIG_RSBAC_SWITCH_MAC
03757 #ifndef CONFIG_RSBAC_SWITCH_ON
03758 if(rsbac_switch_mac)
03759 #endif
03760 len += sprintf(buffer+len, " MAC");
03761 #endif
03762 #ifdef CONFIG_RSBAC_SWITCH_PM
03763 #ifndef CONFIG_RSBAC_SWITCH_ON
03764 if(rsbac_switch_pm)
03765 #endif
03766 len += sprintf(buffer+len, " PM");
03767 #endif
03768 #ifdef CONFIG_RSBAC_SWITCH_DAZ
03769 len += sprintf(buffer+len, " DAZ");
03770 #endif
03771 #ifdef CONFIG_RSBAC_SWITCH_FF
03772 len += sprintf(buffer+len, " FF");
03773 #endif
03774 #ifdef CONFIG_RSBAC_SWITCH_RC
03775 #ifndef CONFIG_RSBAC_SWITCH_ON
03776 if(rsbac_switch_rc)
03777 #endif
03778 len += sprintf(buffer+len, " RC");
03779 #endif
03780 #ifdef CONFIG_RSBAC_SWITCH_AUTH
03781 len += sprintf(buffer+len, " AUTH");
03782 #endif
03783 #ifdef CONFIG_RSBAC_SWITCH_ACL
03784 len += sprintf(buffer+len, " ACL");
03785 #endif
03786 #ifdef CONFIG_RSBAC_SWITCH_CAP
03787 len += sprintf(buffer+len, " CAP");
03788 #endif
03789 #ifdef CONFIG_RSBAC_SWITCH_JAIL
03790 len += sprintf(buffer+len, " JAIL");
03791 #endif
03792 #ifdef CONFIG_RSBAC_SWITCH_RES
03793 len += sprintf(buffer+len, " RES");
03794 #endif
03795 #ifdef CONFIG_RSBAC_SWITCH_PAX
03796 len += sprintf(buffer+len, " PAX");
03797 #endif
03798 len += sprintf(buffer+len, "\n");
03799 #else
03800 len += sprintf(buffer+len, "Switching: unavailable\n");
03801 #endif
03802 #endif
03803 pos = begin + len;
03804 if (pos < offset)
03805 {
03806 len = 0;
03807 begin = pos;
03808 }
03809 if (pos > offset+length)
03810 goto out;
03811
03812 #ifdef CONFIG_RSBAC_REG
03813 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03814 if(rsbac_ind_softmode[REG])
03815 len += sprintf(buffer+len, "Module: REG SOFTMODE\n");
03816 else
03817 #endif
03818 len += sprintf(buffer+len, "Module: REG on\n");
03819 #endif
03820
03821 #ifdef CONFIG_RSBAC_MAC
03822 #ifdef CONFIG_RSBAC_SWITCH_MAC
03823 if(!rsbac_switch_mac)
03824 len += sprintf(buffer+len, "Module: MAC OFF\n");
03825 else
03826 #endif
03827 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03828 if(rsbac_ind_softmode[MAC])
03829 len += sprintf(buffer+len, "Module: MAC SOFTMODE\n");
03830 else
03831 #endif
03832 len += sprintf(buffer+len, "Module: MAC on\n");
03833 #endif
03834
03835 #ifdef CONFIG_RSBAC_PM
03836 #ifdef CONFIG_RSBAC_SWITCH_PM
03837 if(!rsbac_switch_pm)
03838 len += sprintf(buffer+len, "Module: PM OFF\n");
03839 else
03840 #endif
03841 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03842 if(rsbac_ind_softmode[PM])
03843 len += sprintf(buffer+len, "Module: PM SOFTMODE\n");
03844 else
03845 #endif
03846 len += sprintf(buffer+len, "Module: PM on\n");
03847 #endif
03848
03849 #ifdef CONFIG_RSBAC_DAZ
03850 #ifdef CONFIG_RSBAC_SWITCH_DAZ
03851 if(!rsbac_switch_daz)
03852 len += sprintf(buffer+len, "Module: DAZ OFF\n");
03853 else
03854 #endif
03855 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03856 if(rsbac_ind_softmode[DAZ])
03857 len += sprintf(buffer+len, "Module: DAZ SOFTMODE\n");
03858 else
03859 #endif
03860 len += sprintf(buffer+len, "Module: DAZ on\n");
03861 #endif
03862
03863 #ifdef CONFIG_RSBAC_FF
03864 #ifdef CONFIG_RSBAC_SWITCH_FF
03865 if(!rsbac_switch_ff)
03866 len += sprintf(buffer+len, "Module: FF OFF\n");
03867 else
03868 #endif
03869 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03870 if(rsbac_ind_softmode[FF])
03871 len += sprintf(buffer+len, "Module: FF SOFTMODE\n");
03872 else
03873 #endif
03874 len += sprintf(buffer+len, "Module: FF on\n");
03875 #endif
03876
03877 #ifdef CONFIG_RSBAC_RC
03878 #ifdef CONFIG_RSBAC_SWITCH_RC
03879 if(!rsbac_switch_rc)
03880 len += sprintf(buffer+len, "Module: RC OFF\n");
03881 else
03882 #endif
03883 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03884 if(rsbac_ind_softmode[RC])
03885 len += sprintf(buffer+len, "Module: RC SOFTMODE\n");
03886 else
03887 #endif
03888 len += sprintf(buffer+len, "Module: RC on\n");
03889 #endif
03890
03891 #ifdef CONFIG_RSBAC_AUTH
03892 #ifdef CONFIG_RSBAC_SWITCH_AUTH
03893 if(!rsbac_switch_auth)
03894 len += sprintf(buffer+len, "Module: AUTH OFF\n");
03895 else
03896 #endif
03897 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03898 if(rsbac_ind_softmode[AUTH])
03899 len += sprintf(buffer+len, "Module: AUTH SOFTMODE\n");
03900 else
03901 #endif
03902 len += sprintf(buffer+len, "Module: AUTH on\n");
03903 #endif
03904
03905 #ifdef CONFIG_RSBAC_ACL
03906 #ifdef CONFIG_RSBAC_SWITCH_ACL
03907 if(!rsbac_switch_acl)
03908 len += sprintf(buffer+len, "Module: ACL OFF\n");
03909 else
03910 #endif
03911 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03912 if(rsbac_ind_softmode[ACL])
03913 len += sprintf(buffer+len, "Module: ACL SOFTMODE\n");
03914 else
03915 #endif
03916 len += sprintf(buffer+len, "Module: ACL on\n");
03917 #endif
03918
03919 #ifdef CONFIG_RSBAC_CAP
03920 #ifdef CONFIG_RSBAC_SWITCH_CAP
03921 if(!rsbac_switch_cap)
03922 len += sprintf(buffer+len, "Module: CAP OFF\n");
03923 else
03924 #endif
03925 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03926 if(rsbac_ind_softmode[CAP])
03927 len += sprintf(buffer+len, "Module: CAP SOFTMODE\n");
03928 else
03929 #endif
03930 len += sprintf(buffer+len, "Module: CAP on\n");
03931 #endif
03932
03933 #ifdef CONFIG_RSBAC_JAIL
03934 #ifdef CONFIG_RSBAC_SWITCH_JAIL
03935 if(!rsbac_switch_jail)
03936 len += sprintf(buffer+len, "Module: JAIL OFF\n");
03937 else
03938 #endif
03939 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03940 if(rsbac_ind_softmode[JAIL])
03941 len += sprintf(buffer+len, "Module: JAIL SOFTMODE\n");
03942 else
03943 #endif
03944 len += sprintf(buffer+len, "Module: JAIL on\n");
03945 #endif
03946
03947 #ifdef CONFIG_RSBAC_RES
03948 #ifdef CONFIG_RSBAC_SWITCH_RES
03949 if(!rsbac_switch_res)
03950 len += sprintf(buffer+len, "Module: RES OFF\n");
03951 else
03952 #endif
03953 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03954 if(rsbac_ind_softmode[RES])
03955 len += sprintf(buffer+len, "Module: RES SOFTMODE\n");
03956 else
03957 #endif
03958 len += sprintf(buffer+len, "Module: RES on\n");
03959 #endif
03960
03961 #ifdef CONFIG_RSBAC_PAX
03962 #ifdef CONFIG_RSBAC_SWITCH_PAX
03963 if(!rsbac_switch_pax)
03964 len += sprintf(buffer+len, "Module: PAX OFF\n");
03965 else
03966 #endif
03967 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03968 if(rsbac_ind_softmode[PAX])
03969 len += sprintf(buffer+len, "Module: PAX SOFTMODE\n");
03970 else
03971 #endif
03972 len += sprintf(buffer+len, "Module: PAX on\n");
03973 #endif
03974
03975 pos = begin + len;
03976 if (pos < offset)
03977 {
03978 len = 0;
03979 begin = pos;
03980 }
03981
03982 out:
03983 *start = buffer + (offset - begin);
03984 len -= (offset - begin);
03985
03986 if (len > length)
03987 len = length;
03988 return len;
03989 }
03990
03991 #ifdef CONFIG_RSBAC_XSTATS
03992 static int
03993 xstats_proc_info(char *buffer, char **start, off_t offset, int length)
03994 {
03995 u_int len = 0;
03996 off_t pos = 0;
03997 off_t begin = 0;
03998 int i,j;
03999 char name[80];
04000 union rsbac_target_id_t rsbac_target_id;
04001 union rsbac_attribute_value_t rsbac_attribute_value;
04002
04003 if (!rsbac_initialized) return (-ENOSYS);
04004
04005 #ifdef CONFIG_RSBAC_DEBUG
04006 if (rsbac_debug_aef)
04007 {
04008 rsbac_printk(KERN_DEBUG "xstats_proc_info(): calling ADF\n");
04009 }
04010 #endif
04011 rsbac_target_id.scd = ST_rsbac;
04012 rsbac_attribute_value.dummy = 0;
04013 if (!rsbac_adf_request(R_GET_STATUS_DATA,
04014 current->pid,
04015 T_SCD,
04016 rsbac_target_id,
04017 A_none,
04018 rsbac_attribute_value))
04019 {
04020 return -EPERM;
04021 }
04022
04023 len += sprintf(buffer,
04024 "RSBAC ADF call Statistics\n-------------------------\nadf_request table:\n");
04025 pos = begin + len;
04026 if (pos < offset)
04027 {
04028 len = 0;
04029 begin = pos;
04030 }
04031 if (pos > offset+length)
04032 goto out;
04033
04034 len += sprintf(buffer + len, "Request /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tNONE");
04035 pos = begin + len;
04036 if (pos < offset)
04037 {
04038 len = 0;
04039 begin = pos;
04040 }
04041 if (pos > offset+length)
04042 goto out;
04043
04044 for(i=0;i<R_NONE;i++)
04045 {
04046 get_request_name(name, i);
04047 name[15]=0;
04048 len += sprintf(buffer + len, "\n%-14s\t",name);
04049 pos = begin + len;
04050 if (pos < offset)
04051 {
04052 len = 0;
04053 begin = pos;
04054 }
04055 if (pos > offset+length)
04056 goto out;
04057 for(j=0;j<=T_NONE;j++)
04058 {
04059 if( (j == T_NETTEMP_NT)
04060 || (j == T_FD)
04061 )
04062 continue;
04063 len += sprintf(buffer + len, "%lu\t",
04064 rsbac_adf_request_xcount[j][i]);
04065 pos = begin + len;
04066 if (pos < offset)
04067 {
04068 len = 0;
04069 begin = pos;
04070 }
04071 if (pos > offset+length)
04072 goto out;
04073 }
04074 }
04075
04076 len += sprintf(buffer + len,
04077 "\n\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, none: %lu\n",
04078 rsbac_adf_request_count[T_FILE],
04079 rsbac_adf_request_count[T_DIR],
04080 rsbac_adf_request_count[T_FIFO],
04081 rsbac_adf_request_count[T_SYMLINK],
04082 rsbac_adf_request_count[T_DEV],
04083 rsbac_adf_request_count[T_IPC],
04084 rsbac_adf_request_count[T_SCD],
04085 rsbac_adf_request_count[T_USER],
04086 rsbac_adf_request_count[T_PROCESS],
04087 rsbac_adf_request_count[T_NETDEV],
04088 rsbac_adf_request_count[T_NETTEMP],
04089 rsbac_adf_request_count[T_NETOBJ],
04090 rsbac_adf_request_count[T_NONE]);
04091 pos = begin + len;
04092 if (pos < offset)
04093 {
04094 len = 0;
04095 begin = pos;
04096 }
04097 if (pos > offset+length)
04098 goto out;
04099
04100 len += sprintf(buffer+len,
04101 "\n\nadf_set_attr table:\nRequest /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tNONE");
04102 pos = begin + len;
04103 if (pos < offset)
04104 {
04105 len = 0;
04106 begin = pos;
04107 }
04108 if (pos > offset+length)
04109 goto out;
04110
04111 for(i=0;i<R_NONE;i++)
04112 {
04113 get_request_name(name, i);
04114 name[15]=0;
04115 len += sprintf(buffer + len, "\n%-14s\t",name);
04116 pos = begin + len;
04117 if (pos < offset)
04118 {
04119 len = 0;
04120 begin = pos;
04121 }
04122 if (pos > offset+length)
04123 goto out;
04124 for(j=0;j<=T_NONE;j++)
04125 {
04126 if( (j == T_NETTEMP_NT)
04127 || (j == T_FD)
04128 )
04129 continue;
04130 len += sprintf(buffer + len, "%lu\t",
04131 rsbac_adf_set_attr_xcount[j][i]);
04132 pos = begin + len;
04133 if (pos < offset)
04134 {
04135 len = 0;
04136 begin = pos;
04137 }
04138 if (pos > offset+length)
04139 goto out;
04140 }
04141 }
04142
04143 len += sprintf(buffer + len,
04144 "\n\nadf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, none: %lu\n",
04145 rsbac_adf_set_attr_count[T_FILE],
04146 rsbac_adf_set_attr_count[T_DIR],
04147 rsbac_adf_set_attr_count[T_FIFO],
04148 rsbac_adf_set_attr_count[T_SYMLINK],
04149 rsbac_adf_set_attr_count[T_DEV],
04150 rsbac_adf_set_attr_count[T_IPC],
04151 rsbac_adf_set_attr_count[T_SCD],
04152 rsbac_adf_set_attr_count[T_USER],
04153 rsbac_adf_set_attr_count[T_PROCESS],
04154 rsbac_adf_set_attr_count[T_NETDEV],
04155 rsbac_adf_set_attr_count[T_NETTEMP],
04156 rsbac_adf_set_attr_count[T_NETOBJ],
04157 rsbac_adf_set_attr_count[T_NONE]);
04158 pos = begin + len;
04159 if (pos < offset)
04160 {
04161 len = 0;
04162 begin = pos;
04163 }
04164 if (pos > offset+length)
04165 goto out;
04166
04167 len += sprintf(buffer + len,
04168 "\n\nData Structures:\nrsbac_get_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
04169 get_attr_count[T_FILE],
04170 get_attr_count[T_DIR],
04171 get_attr_count[T_FIFO],
04172 get_attr_count[T_SYMLINK],
04173 get_attr_count[T_DEV],
04174 get_attr_count[T_IPC],
04175 get_attr_count[T_SCD],
04176 get_attr_count[T_USER],
04177 get_attr_count[T_PROCESS],
04178 get_attr_count[T_NETDEV],
04179 get_attr_count[T_NETTEMP],
04180 get_attr_count[T_NETOBJ]);
04181 pos = begin + len;
04182 if (pos < offset)
04183 {
04184 len = 0;
04185 begin = pos;
04186 }
04187 if (pos > offset+length)
04188 goto out;
04189
04190 len += sprintf(buffer + len,
04191 "\nrsbac_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
04192 set_attr_count[T_FILE],
04193 set_attr_count[T_DIR],
04194 set_attr_count[T_FIFO],
04195 set_attr_count[T_SYMLINK],
04196 set_attr_count[T_DEV],
04197 set_attr_count[T_IPC],
04198 set_attr_count[T_SCD],
04199 set_attr_count[T_USER],
04200 set_attr_count[T_PROCESS],
04201 set_attr_count[T_NETDEV],
04202 set_attr_count[T_NETTEMP],
04203 set_attr_count[T_NETOBJ]);
04204 pos = begin + len;
04205 if (pos < offset)
04206 {
04207 len = 0;
04208 begin = pos;
04209 }
04210 if (pos > offset+length)
04211 goto out;
04212
04213 len += sprintf(buffer + len,
04214 "\nrsbac_remove_target calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
04215 remove_count[T_FILE],
04216 remove_count[T_DIR],
04217 remove_count[T_FIFO],
04218 remove_count[T_SYMLINK],
04219 remove_count[T_DEV],
04220 remove_count[T_IPC],
04221 remove_count[T_SCD],
04222 remove_count[T_USER],
04223 remove_count[T_PROCESS],
04224 remove_count[T_NETDEV],
04225 remove_count[T_NETTEMP],
04226 remove_count[T_NETOBJ]);
04227 pos = begin + len;
04228 if (pos < offset)
04229 {
04230 len = 0;
04231 begin = pos;
04232 }
04233
04234 out:
04235 *start = buffer + (offset - begin);
04236 len -= (offset - begin);
04237
04238 if (len > length)
04239 len = length;
04240 return len;
04241 }
04242 #endif
04243
04244 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
04245 static int
04246 auto_write_proc_info(char *buffer, char **start, off_t offset, int length)
04247 {
04248 int len = 0;
04249 off_t pos = 0;
04250 off_t begin = 0;
04251
04252 union rsbac_target_id_t rsbac_target_id;
04253 union rsbac_attribute_value_t rsbac_attribute_value;
04254
04255 if (!rsbac_initialized) return (-ENOSYS);
04256
04257 #ifdef CONFIG_RSBAC_DEBUG
04258 if (rsbac_debug_aef)
04259 {
04260 rsbac_printk(KERN_DEBUG "auto_write_proc_info(): calling ADF\n");
04261 }
04262 #endif
04263 rsbac_target_id.scd = ST_rsbac;
04264 rsbac_attribute_value.dummy = 0;
04265 if (!rsbac_adf_request(R_GET_STATUS_DATA,
04266 current->pid,
04267 T_SCD,
04268 rsbac_target_id,
04269 A_none,
04270 rsbac_attribute_value))
04271 {
04272 return -EPERM;
04273 }
04274
04275 len = sprintf(buffer, "RSBAC auto write settings\n-------------------------\n");
04276 pos = begin + len;
04277 if (pos < offset)
04278 {
04279 len = 0;
04280 begin = pos;
04281 }
04282 if (pos > offset+length)
04283 goto out;
04284
04285 len += sprintf(buffer + len, "auto interval %u jiffies (%i jiffies = 1 second)\n",
04286 auto_interval, HZ);
04287 pos = begin + len;
04288 if (pos < offset)
04289 {
04290 len = 0;
04291 begin = pos;
04292 }
04293 if (pos > offset+length)
04294 goto out;
04295
04296 #ifdef CONFIG_RSBAC_DEBUG
04297 len += sprintf(buffer + len, "debug level is %i\n",
04298 rsbac_debug_auto);
04299 pos = begin + len;
04300 if (pos < offset)
04301 {
04302 len = 0;
04303 begin = pos;
04304 }
04305 #endif
04306
04307 out:
04308 *start = buffer + (offset - begin);
04309 len -= (offset - begin);
04310
04311 if (len > length)
04312 len = length;
04313 return len;
04314 }
04315
04316 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
04317 static int auto_write_proc_write(struct file * file, const char * buf,
04318 u_long count, void *ppos)
04319 #else
04320 static int auto_write_proc_write(struct file * file, const char __user * buf,
04321 u_long count, void *data)
04322 #endif
04323 {
04324 ssize_t err;
04325 char * k_buf;
04326 char * p;
04327
04328 union rsbac_target_id_t rsbac_target_id;
04329 union rsbac_attribute_value_t rsbac_attribute_value;
04330
04331 if(count > PROC_BLOCK_SIZE) {
04332 return(-EOVERFLOW);
04333 }
04334
04335 if (!(k_buf = (char *) __get_free_page(GFP_KERNEL)))
04336 return(-ENOMEM);
04337 err = copy_from_user(k_buf, buf, count);
04338 if(err < 0)
04339 return err;
04340
04341 err = count;
04342 if(count < 13 || strncmp("auto", k_buf, 4))
04343 {
04344 goto out;
04345 }
04346 if (!rsbac_initialized)
04347 {
04348 err=-ENOSYS;
04349 goto out;
04350 }
04351
04352 #ifdef CONFIG_RSBAC_DEBUG
04353 if (rsbac_debug_aef)
04354 rsbac_printk(KERN_DEBUG "auto_write_proc_write(): calling ADF\n");
04355 #endif
04356 rsbac_target_id.scd = ST_rsbac;
04357 rsbac_attribute_value.dummy = 0;
04358 if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
04359 current->pid,
04360 T_SCD,
04361 rsbac_target_id,
04362 A_none,
04363 rsbac_attribute_value))
04364 {
04365 err = -EPERM;
04366 goto out;
04367 }
04368
04369
04370
04371
04372
04373 if(!strncmp("interval", k_buf + 5, 8))
04374 {
04375 unsigned int interval;
04376
04377 p = k_buf + 5 + 9;
04378
04379 if( *p == '\0' )
04380 goto out;
04381
04382 interval = simple_strtoul(p, NULL, 0);
04383
04384 if(interval >= HZ)
04385 {
04386 rsbac_printk(KERN_INFO
04387 "auto_write_proc_write(): setting auto write interval to %u\n",
04388 interval);
04389 auto_interval = interval;
04390 err = count;
04391 goto out;
04392 }
04393 else
04394 {
04395 rsbac_printk(KERN_INFO
04396 "auto_write_proc_write(): rejecting too short auto write interval %u (min. %i)\n",
04397 interval, HZ);
04398 goto out;
04399 }
04400 }
04401
04402 #ifdef CONFIG_RSBAC_DEBUG
04403
04404
04405
04406
04407 if(!strncmp("debug", k_buf + 5, 5))
04408 {
04409 unsigned int debug_level;
04410
04411 p = k_buf + 5 + 6;
04412
04413 if( *p == '\0' )
04414 goto out;
04415
04416 debug_level = simple_strtoul(p, NULL, 0);
04417
04418 if(!debug_level || (debug_level == 1))
04419 {
04420 rsbac_printk(KERN_INFO
04421 "auto_write_proc_write(): setting rsbac_debug_auto to %u\n",
04422 debug_level);
04423 rsbac_debug_auto = debug_level;
04424 err = count;
04425 }
04426 else
04427 {
04428 rsbac_printk(KERN_INFO
04429 "auto_write_proc_write(): rejecting invalid debug level (should be 0 or 1)\n");
04430 }
04431 }
04432 #endif
04433
04434 out:
04435 free_page((ulong) k_buf);
04436 return(err);
04437 }
04438 #endif
04439
04440 static int
04441 versions_proc_info(char *buffer, char **start, off_t offset, int length)
04442 {
04443 int len = 0;
04444 off_t pos = 0;
04445 off_t begin = 0;
04446
04447 union rsbac_target_id_t rsbac_target_id;
04448 union rsbac_attribute_value_t rsbac_attribute_value;
04449
04450 if (!rsbac_initialized) return (-ENOSYS);
04451
04452 #ifdef CONFIG_RSBAC_DEBUG
04453 if (rsbac_debug_aef)
04454 {
04455 rsbac_printk(KERN_DEBUG "versions_proc_info(): calling ADF\n");
04456 }
04457 #endif
04458 rsbac_target_id.scd = ST_rsbac;
04459 rsbac_attribute_value.dummy = 0;
04460 if (!rsbac_adf_request(R_GET_STATUS_DATA,
04461 current->pid,
04462 T_SCD,
04463 rsbac_target_id,
04464 A_none,
04465 rsbac_attribute_value))
04466 {
04467 return -EPERM;
04468 }
04469
04470 len = sprintf(buffer,
04471 "RSBAC version settings (%s)\n----------------------\n",
04472 RSBAC_VERSION);
04473 pos = begin + len;
04474 if (pos < offset)
04475 {
04476 len = 0;
04477 begin = pos;
04478 }
04479 if (pos > offset+length)
04480 goto out;
04481
04482 len += sprintf(buffer + len, "FD lists:\nGEN aci version is %u, aci entry size is %Zd, %u lists per device\n",
04483 RSBAC_GEN_FD_ACI_VERSION, sizeof(struct rsbac_gen_fd_aci_t), RSBAC_GEN_NR_FD_LISTS);
04484 pos = begin + len;
04485 if (pos < offset)
04486 {
04487 len = 0;
04488 begin = pos;
04489 }
04490 if (pos > offset+length)
04491 goto out;
04492 #if defined(CONFIG_RSBAC_MAC)
04493 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd, %u lists per device\n",
04494 RSBAC_MAC_FD_ACI_VERSION, sizeof(struct rsbac_mac_fd_aci_t), RSBAC_MAC_NR_FD_LISTS);
04495 pos = begin + len;
04496 if (pos < offset)
04497 {
04498 len = 0;
04499 begin = pos;
04500 }
04501 if (pos > offset+length)
04502 goto out;
04503 #endif
04504 #if defined(CONFIG_RSBAC_PM)
04505 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd, %u lists per device\n",
04506 RSBAC_PM_FD_ACI_VERSION, sizeof(struct rsbac_pm_fd_aci_t), RSBAC_PM_NR_FD_LISTS);
04507 pos = begin + len;
04508 if (pos < offset)
04509 {
04510 len = 0;
04511 begin = pos;
04512 }
04513 if (pos > offset+length)
04514 goto out;
04515 #endif
04516 #if defined(CONFIG_RSBAC_DAZ)
04517 len += sprintf(buffer + len, "DAZ aci version is %u, aci entry size is %Zd, %u lists per device\n",
04518 RSBAC_DAZ_FD_ACI_VERSION, sizeof(struct rsbac_daz_fd_aci_t), RSBAC_DAZ_NR_FD_LISTS);
04519 pos = begin + len;
04520 if (pos < offset)
04521 {
04522 len = 0;
04523 begin = pos;
04524 }
04525 if (pos > offset+length)
04526 goto out;
04527 #if defined(CONFIG_RSBAC_DAZ_CACHE)
04528 len += sprintf(buffer + len, "DAZS aci version is %u, aci entry size is %Zd, %u lists per device\n",
04529 RSBAC_DAZ_SCANNED_FD_ACI_VERSION,
04530 sizeof(rsbac_daz_scanned_t),
04531 RSBAC_DAZ_SCANNED_NR_FD_LISTS);
04532 pos = begin + len;
04533 if (pos < offset)
04534 {
04535 len = 0;
04536 begin = pos;
04537 }
04538 if (pos > offset+length)
04539 goto out;
04540 #endif
04541 #endif
04542 #if defined(CONFIG_RSBAC_FF)
04543 len += sprintf(buffer + len, "FF aci version is %u, aci entry size is %Zd, %u lists per device\n",
04544 RSBAC_FF_FD_ACI_VERSION, sizeof(rsbac_ff_flags_t), RSBAC_FF_NR_FD_LISTS);
04545 pos = begin + len;
04546 if (pos < offset)
04547 {
04548 len = 0;
04549 begin = pos;
04550 }
04551 if (pos > offset+length)
04552 goto out;
04553 #endif
04554 #if defined(CONFIG_RSBAC_RC)
04555 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd, %u lists per device\n",
04556 RSBAC_RC_FD_ACI_VERSION, sizeof(struct rsbac_rc_fd_aci_t), RSBAC_RC_NR_FD_LISTS);
04557 pos = begin + len;
04558 if (pos < offset)
04559 {
04560 len = 0;
04561 begin = pos;
04562 }
04563 if (pos > offset+length)
04564 goto out;
04565 #endif
04566 #if defined(CONFIG_RSBAC_AUTH)
04567 len += sprintf(buffer + len, "AUTH aci version is %u, aci entry size is %Zd, %u lists per device\n",
04568 RSBAC_AUTH_FD_ACI_VERSION, sizeof(struct rsbac_auth_fd_aci_t), RSBAC_AUTH_NR_FD_LISTS);
04569 pos = begin + len;
04570 if (pos < offset)
04571 {
04572 len = 0;
04573 begin = pos;
04574 }
04575 if (pos > offset+length)
04576 goto out;
04577 #endif
04578 #if defined(CONFIG_RSBAC_CAP)
04579 len += sprintf(buffer + len, "CAP aci version is %u, aci entry size is %Zd, %u lists per device\n",
04580 RSBAC_CAP_FD_ACI_VERSION, sizeof(struct rsbac_cap_fd_aci_t), RSBAC_CAP_NR_FD_LISTS);
04581 pos = begin + len;
04582 if (pos < offset)
04583 {
04584 len = 0;
04585 begin = pos;
04586 }
04587 if (pos > offset+length)
04588 goto out;
04589 #endif
04590 #if defined(CONFIG_RSBAC_PAX)
04591 len += sprintf(buffer + len, "PAX aci version is %u, aci entry size is %Zd, %u lists per device\n",
04592 RSBAC_PAX_FD_ACI_VERSION, sizeof(rsbac_pax_flags_t), RSBAC_PAX_NR_FD_LISTS);
04593 pos = begin + len;
04594 if (pos < offset)
04595 {
04596 len = 0;
04597 begin = pos;
04598 }
04599 if (pos > offset+length)
04600 goto out;
04601 #endif
04602 #if defined(CONFIG_RSBAC_RES)
04603 len += sprintf(buffer + len, "RES aci version is %u, aci entry size is %Zd, %u lists per device\n",
04604 RSBAC_RES_FD_ACI_VERSION, sizeof(struct rsbac_res_fd_aci_t), RSBAC_RES_NR_FD_LISTS);
04605 pos = begin + len;
04606 if (pos < offset)
04607 {
04608 len = 0;
04609 begin = pos;
04610 }
04611 if (pos > offset+length)
04612 goto out;
04613 #endif
04614
04615
04616 len += sprintf(buffer + len, "\nDEV lists:\nGEN aci version is %u, aci entry size is %Zd\n",
04617 RSBAC_GEN_DEV_ACI_VERSION, sizeof(struct rsbac_gen_dev_aci_t));
04618 pos = begin + len;
04619 if (pos < offset)
04620 {
04621 len = 0;
04622 begin = pos;
04623 }
04624 if (pos > offset+length)
04625 goto out;
04626 #if defined(CONFIG_RSBAC_MAC)
04627 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd\n",
04628 RSBAC_MAC_DEV_ACI_VERSION, sizeof(struct rsbac_mac_dev_aci_t));
04629 pos = begin + len;
04630 if (pos < offset)
04631 {
04632 len = 0;
04633 begin = pos;
04634 }
04635 if (pos > offset+length)
04636 goto out;
04637 #endif
04638 #if defined(CONFIG_RSBAC_PM)
04639 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd\n",
04640 RSBAC_PM_DEV_ACI_VERSION, sizeof(struct rsbac_pm_dev_aci_t));
04641 pos = begin + len;
04642 if (pos < offset)
04643 {
04644 len = 0;
04645 begin = pos;
04646 }
04647 if (pos > offset+length)
04648 goto out;
04649 #endif
04650 #if defined(CONFIG_RSBAC_RC)
04651 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd\n",
04652 RSBAC_RC_DEV_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
04653 pos = begin + len;
04654 if (pos < offset)
04655 {
04656 len = 0;
04657 begin = pos;
04658 }
04659 if (pos > offset+length)
04660 goto out;
04661 #endif
04662
04663
04664 len += sprintf(buffer + len, "\nIPC lists:\n");
04665 pos = begin + len;
04666 if (pos < offset)
04667 {
04668 len = 0;
04669 begin = pos;
04670 }
04671 if (pos > offset+length)
04672 goto out;
04673 #if defined(CONFIG_RSBAC_MAC)
04674 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd\n",
04675 RSBAC_MAC_IPC_ACI_VERSION, sizeof(struct rsbac_mac_ipc_aci_t));
04676 pos = begin + len;
04677 if (pos < offset)
04678 {
04679 len = 0;
04680 begin = pos;
04681 }
04682 if (pos > offset+length)
04683 goto out;
04684 #endif
04685 #if defined(CONFIG_RSBAC_PM)
04686 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd\n",
04687 RSBAC_PM_IPC_ACI_VERSION, sizeof(struct rsbac_pm_ipc_aci_t));
04688 pos = begin + len;
04689 if (pos < offset)
04690 {
04691 len = 0;
04692 begin = pos;
04693 }
04694 if (pos > offset+length)
04695 goto out;
04696 #endif
04697 #if defined(CONFIG_RSBAC_RC)
04698 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd\n",
04699 RSBAC_RC_IPC_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
04700 pos = begin + len;
04701 if (pos < offset)
04702 {
04703 len = 0;
04704 begin = pos;
04705 }
04706 if (pos > offset+length)
04707 goto out;
04708 #endif
04709 #if defined(CONFIG_RSBAC_JAIL)
04710 len += sprintf(buffer + len, "JAIL aci version is %u, aci entry size is %Zd\n",
04711 RSBAC_JAIL_IPC_ACI_VERSION, sizeof(rsbac_jail_id_t));
04712 pos = begin + len;
04713 if (pos < offset)
04714 {
04715 len = 0;
04716 begin = pos;
04717 }
04718 if (pos > offset+length)
04719 goto out;
04720 #endif
04721
04722
04723 len += sprintf(buffer + len, "\nUSER lists:\nGEN aci version is %u, aci entry size is %Zd\n",
04724 RSBAC_GEN_USER_ACI_VERSION, sizeof(struct rsbac_gen_user_aci_t));
04725 pos = begin + len;
04726 if (pos < offset)
04727 {
04728 len = 0;
04729 begin = pos;
04730 }
04731 if (pos > offset+length)
04732 goto out;
04733 #if defined(CONFIG_RSBAC_MAC)
04734 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd\n",
04735 RSBAC_MAC_USER_ACI_VERSION, sizeof(struct rsbac_mac_user_aci_t));
04736 pos = begin + len;
04737 if (pos < offset)
04738 {
04739 len = 0;
04740 begin = pos;
04741 }
04742 if (pos > offset+length)
04743 goto out;
04744 #endif
04745 #if defined(CONFIG_RSBAC_PM)
04746 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd\n",
04747 RSBAC_PM_USER_ACI_VERSION, sizeof(struct rsbac_pm_user_aci_t));
04748 pos = begin + len;
04749 if (pos < offset)
04750 {
04751 len = 0;
04752 begin = pos;
04753 }
04754 if (pos > offset+length)
04755 goto out;
04756 #endif
04757 #if defined(CONFIG_RSBAC_DAZ)
04758 len += sprintf(buffer + len, "DAZ aci version is %u, aci entry size is %Zd\n",
04759 RSBAC_DAZ_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
04760 pos = begin + len;
04761 if (pos < offset)
04762 {
04763 len = 0;
04764 begin = pos;
04765 }
04766 if (pos > offset+length)
04767 goto out;
04768 #endif
04769 #if defined(CONFIG_RSBAC_RC)
04770 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd\n",
04771 RSBAC_RC_USER_ACI_VERSION, sizeof(rsbac_rc_role_id_t));
04772 pos = begin + len;
04773 if (pos < offset)
04774 {
04775 len = 0;
04776 begin = pos;
04777 }
04778 if (pos > offset+length)
04779 goto out;
04780 #endif
04781 #if defined(CONFIG_RSBAC_AUTH)
04782 len += sprintf(buffer + len, "AUTH aci version is %u, aci entry size is %Zd\n",
04783 RSBAC_AUTH_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
04784 pos = begin + len;
04785 if (pos < offset)
04786 {
04787 len = 0;
04788 begin = pos;
04789 }
04790 if (pos > offset+length)
04791 goto out;
04792 #endif
04793 #if defined(CONFIG_RSBAC_CAP)
04794 len += sprintf(buffer + len, "CAP aci version is %u, aci entry size is %Zd\n",
04795 RSBAC_CAP_USER_ACI_VERSION, sizeof(struct rsbac_cap_user_aci_t));
04796 pos = begin + len;
04797 if (pos < offset)
04798 {
04799 len = 0;
04800 begin = pos;
04801 }
04802 if (pos > offset+length)
04803 goto out;
04804 #endif
04805 #if defined(CONFIG_RSBAC_JAIL)
04806 len += sprintf(buffer + len, "JAIL aci version is %u, aci entry size is %Zd\n",
04807 RSBAC_JAIL_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
04808 pos = begin + len;
04809 if (pos < offset)
04810 {
04811 len = 0;
04812 begin = pos;
04813 }
04814 if (pos > offset+length)
04815 goto out;
04816 #endif
04817 #if defined(CONFIG_RSBAC_PAX)
04818 len += sprintf(buffer + len, "PAX aci version is %u, aci entry size is %Zd\n",
04819 RSBAC_PAX_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
04820 pos = begin + len;
04821 if (pos < offset)
04822 {
04823 len = 0;
04824 begin = pos;
04825 }
04826 if (pos > offset+length)
04827 goto out;
04828 #endif
04829 #if defined(CONFIG_RSBAC_RES)
04830 len += sprintf(buffer + len, "RES aci version is %u, aci entry size is %Zd\n",
04831 RSBAC_RES_USER_ACI_VERSION, sizeof(struct rsbac_res_user_aci_t));
04832 pos = begin + len;
04833 if (pos < offset)
04834 {
04835 len = 0;
04836 begin = pos;
04837 }
04838 if (pos > offset+length)
04839 goto out;
04840 #endif
04841
04842
04843 len += sprintf(buffer + len, "\nPROCESS lists:\nGEN aci version is %i, aci entry size is %Zd, number of lists is %u\n",
04844 RSBAC_GEN_PROCESS_ACI_VERSION,
04845 sizeof(rsbac_request_vector_t),
04846 CONFIG_RSBAC_GEN_NR_P_LISTS);
04847 pos = begin + len;
04848 if (pos < offset)
04849 {
04850 len = 0;
04851 begin = pos;
04852 }
04853 if (pos > offset+length)
04854 goto out;
04855 #if defined(CONFIG_RSBAC_MAC)
04856 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04857 RSBAC_MAC_PROCESS_ACI_VERSION,
04858 sizeof(struct rsbac_mac_process_aci_t),
04859 CONFIG_RSBAC_MAC_NR_P_LISTS);
04860 pos = begin + len;
04861 if (pos < offset)
04862 {
04863 len = 0;
04864 begin = pos;
04865 }
04866 if (pos > offset+length)
04867 goto out;
04868 #endif
04869 #if defined(CONFIG_RSBAC_PM)
04870 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd\n",
04871 RSBAC_PM_PROCESS_ACI_VERSION, sizeof(struct rsbac_pm_process_aci_t));
04872 pos = begin + len;
04873 if (pos < offset)
04874 {
04875 len = 0;
04876 begin = pos;
04877 }
04878 if (pos > offset+length)
04879 goto out;
04880 #endif
04881 #if defined(CONFIG_RSBAC_RC)
04882 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04883 RSBAC_RC_PROCESS_ACI_VERSION,
04884 sizeof(struct rsbac_rc_process_aci_t),
04885 CONFIG_RSBAC_RC_NR_P_LISTS);
04886 pos = begin + len;
04887 if (pos < offset)
04888 {
04889 len = 0;
04890 begin = pos;
04891 }
04892 if (pos > offset+length)
04893 goto out;
04894 #endif
04895 #if defined(CONFIG_RSBAC_AUTH)
04896 len += sprintf(buffer + len, "AUTH aci version is %u, aci entry size is %Zd\n",
04897 RSBAC_AUTH_PROCESS_ACI_VERSION, sizeof(struct rsbac_auth_process_aci_t));
04898 pos = begin + len;
04899 if (pos < offset)
04900 {
04901 len = 0;
04902 begin = pos;
04903 }
04904 if (pos > offset+length)
04905 goto out;
04906 #endif
04907 #if defined(CONFIG_RSBAC_CAP)
04908 len += sprintf(buffer + len, "CAP aci version is %u, aci entry size is %Zd\n",
04909 RSBAC_CAP_PROCESS_ACI_VERSION, sizeof(struct rsbac_cap_process_aci_t));
04910 pos = begin + len;
04911 if (pos < offset)
04912 {
04913 len = 0;
04914 begin = pos;
04915 }
04916 if (pos > offset+length)
04917 goto out;
04918 #endif
04919 #if defined(CONFIG_RSBAC_JAIL)
04920 len += sprintf(buffer + len, "JAIL aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04921 RSBAC_JAIL_PROCESS_ACI_VERSION,
04922 sizeof(struct rsbac_jail_process_aci_t),
04923 CONFIG_RSBAC_JAIL_NR_P_LISTS);
04924 pos = begin + len;
04925 if (pos < offset)
04926 {
04927 len = 0;
04928 begin = pos;
04929 }
04930 if (pos > offset+length)
04931 goto out;
04932 #endif
04933
04934 #if defined(CONFIG_RSBAC_NET_DEV)
04935 len += sprintf(buffer + len, "\nNETDEV lists:\n");
04936 pos = begin + len;
04937 if (pos < offset)
04938 {
04939 len = 0;
04940 begin = pos;
04941 }
04942 if (pos > offset+length)
04943 goto out;
04944 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
04945 len += sprintf(buffer + len, "GEN aci version is %u, aci entry size is %Zd\n",
04946 RSBAC_GEN_NETDEV_ACI_VERSION, sizeof(struct rsbac_gen_netdev_aci_t));
04947 pos = begin + len;
04948 if (pos < offset)
04949 {
04950 len = 0;
04951 begin = pos;
04952 }
04953 if (pos > offset+length)
04954 goto out;
04955 #endif
04956 #if defined(CONFIG_RSBAC_RC)
04957 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd\n",
04958 RSBAC_RC_NETDEV_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
04959 pos = begin + len;
04960 if (pos < offset)
04961 {
04962 len = 0;
04963 begin = pos;
04964 }
04965 if (pos > offset+length)
04966 goto out;
04967 #endif
04968 #endif
04969
04970 #if defined(CONFIG_RSBAC_NET_OBJ)
04971 len += sprintf(buffer + len, "\nNetwork Template list: version is %u, data size is %Zd\n",
04972 RSBAC_NET_TEMP_VERSION, sizeof(struct rsbac_net_temp_data_t));
04973 pos = begin + len;
04974 if (pos < offset)
04975 {
04976 len = 0;
04977 begin = pos;
04978 }
04979 if (pos > offset+length)
04980 goto out;
04981 len += sprintf(buffer + len, "\nNETOBJ lists:\nGEN aci version is %u, aci entry size is %Zd\n",
04982 RSBAC_GEN_NETOBJ_ACI_VERSION, sizeof(struct rsbac_gen_netobj_aci_t));
04983 pos = begin + len;
04984 if (pos < offset)
04985 {
04986 len = 0;
04987 begin = pos;
04988 }
04989 if (pos > offset+length)
04990 goto out;
04991 #if defined(CONFIG_RSBAC_MAC)
04992 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd\n",
04993 RSBAC_MAC_NETOBJ_ACI_VERSION, sizeof(struct rsbac_mac_netobj_aci_t));
04994 pos = begin + len;
04995 if (pos < offset)
04996 {
04997 len = 0;
04998 begin = pos;
04999 }
05000 if (pos > offset+length)
05001 goto out;
05002 #endif
05003 #if defined(CONFIG_RSBAC_PM)
05004 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd\n",
05005 RSBAC_PM_NETOBJ_ACI_VERSION, sizeof(struct rsbac_pm_netobj_aci_t));
05006 pos = begin + len;
05007 if (pos < offset)
05008 {
05009 len = 0;
05010 begin = pos;
05011 }
05012 if (pos > offset+length)
05013 goto out;
05014 #endif
05015 #if defined(CONFIG_RSBAC_RC)
05016 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd\n",
05017 RSBAC_RC_NETOBJ_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
05018 pos = begin + len;
05019 if (pos < offset)
05020 {
05021 len = 0;
05022 begin = pos;
05023 }
05024 if (pos > offset+length)
05025 goto out;
05026 #endif
05027 #endif
05028
05029 len += sprintf(buffer + len, "\nlog_levels array: version is %u, array size is %Zd\n",
05030 RSBAC_LOG_LEVEL_VERSION, R_NONE * (T_NONE+1) * sizeof(rsbac_enum_t));
05031 pos = begin + len;
05032 if (pos < offset)
05033 {
05034 len = 0;
05035 begin = pos;
05036 }
05037
05038 out:
05039 *start = buffer + (offset - begin);
05040 len -= (offset - begin);
05041
05042 if (len > length)
05043 len = length;
05044 return len;
05045 }
05046
05047 #ifdef CONFIG_RSBAC_NET_OBJ
05048 static int
05049 net_temp_proc_info(char *buffer, char **start, off_t offset, int length)
05050 {
05051 u_int len = 0;
05052 off_t pos = 0;
05053 off_t begin = 0;
05054 rsbac_net_temp_id_t * temp_array;
05055 long count;
05056
05057 union rsbac_target_id_t rsbac_target_id;
05058 union rsbac_attribute_value_t rsbac_attribute_value;
05059
05060 if (!rsbac_initialized) return (-ENOSYS);
05061
05062 #ifdef CONFIG_RSBAC_DEBUG
05063 if (rsbac_debug_aef)
05064 {
05065 rsbac_printk(KERN_DEBUG "net_temp_proc_info(): calling ADF\n");
05066 }
05067 #endif
05068 rsbac_target_id.scd = ST_rsbac;
05069 rsbac_attribute_value.dummy = 0;
05070 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05071 current->pid,
05072 T_SCD,
05073 rsbac_target_id,
05074 A_none,
05075 rsbac_attribute_value))
05076 {
05077 return -EPERM;
05078 }
05079
05080 len = sprintf(buffer, "Network Templates\n-----------------\n");
05081 pos = begin + len;
05082 if (pos < offset)
05083 {
05084 len = 0;
05085 begin = pos;
05086 }
05087 if (pos > offset+length)
05088 goto out;
05089
05090 count = rsbac_list_get_all_desc(net_temp_handle, (void **) &temp_array);
05091 if(count > 0)
05092 {
05093 __u32 i;
05094 struct rsbac_net_temp_data_t data;
05095
05096 for(i=0; i < count; i++)
05097 {
05098 if(!rsbac_list_get_data(net_temp_handle, &temp_array[i], &data))
05099 {
05100 len += sprintf(buffer + len, "%10u %s\n",
05101 temp_array[i], data.name);
05102 pos = begin + len;
05103 if (pos < offset)
05104 {
05105 len = 0;
05106 begin = pos;
05107 }
05108 if (pos > offset+length)
05109 {
05110 rsbac_vfree(temp_array);
05111 goto out;
05112 }
05113 }
05114 }
05115 rsbac_vfree(temp_array);
05116 }
05117 len += sprintf(buffer + len, "%lu templates\n",
05118 count);
05119 pos = begin + len;
05120 if (pos < offset)
05121 {
05122 len = 0;
05123 begin = pos;
05124 }
05125
05126 out:
05127 *start = buffer + (offset - begin);
05128 len -= (offset - begin);
05129
05130 if (len > length)
05131 len = length;
05132 return len;
05133 }
05134 #endif
05135
05136 #ifdef CONFIG_RSBAC_JAIL
05137 static int
05138 jail_proc_info(char *buffer, char **start, off_t offset, int length)
05139 {
05140 u_int len = 0;
05141 off_t pos = 0;
05142 off_t begin = 0;
05143 rsbac_pid_t * pid_array;
05144 struct rsbac_ipc_t * ipc_array;
05145 u_long count = 0;
05146 u_int i;
05147 u_int j;
05148 long subcount;
05149 struct rsbac_jail_process_aci_t data;
05150 union rsbac_target_id_t rsbac_target_id;
05151 union rsbac_attribute_value_t rsbac_attribute_value;
05152
05153 if (!rsbac_initialized) return (-ENOSYS);
05154
05155 #ifdef CONFIG_RSBAC_DEBUG
05156 if (rsbac_debug_aef)
05157 {
05158 rsbac_printk(KERN_DEBUG "jail_proc_info(): calling ADF\n");
05159 }
05160 #endif
05161 rsbac_target_id.scd = ST_rsbac;
05162 rsbac_attribute_value.dummy = 0;
05163 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05164 current->pid,
05165 T_SCD,
05166 rsbac_target_id,
05167 A_none,
05168 rsbac_attribute_value))
05169 {
05170 return -EPERM;
05171 }
05172
05173 len = sprintf(buffer, "JAILed Processes\n----------------\nPID Jail-ID Flags Max Caps SCD get SCD modify IP\n");
05174 pos = begin + len;
05175 if (pos < offset)
05176 {
05177 len = 0;
05178 begin = pos;
05179 }
05180 if (pos > offset+length)
05181 goto out;
05182
05183 for(j=0; j<CONFIG_RSBAC_JAIL_NR_P_LISTS; j++)
05184 {
05185 subcount = rsbac_list_get_all_desc(process_handles.jail[j], (void **) &pid_array);
05186 if(subcount > 0)
05187 {
05188 for(i=0; i < subcount; i++)
05189 {
05190 if(!rsbac_list_get_data(process_handles.jail[j], &pid_array[i], &data))
05191 {
05192 len += sprintf(buffer + len, "%-5u %-10u %-7u %-10i %-10u %-10u %u.%u.%u.%u\n",
05193 pid_array[i],
05194 data.id,
05195 data.flags,
05196 data.max_caps,
05197 data.scd_get,
05198 data.scd_modify,
05199 NIPQUAD(data.ip));
05200 pos = begin + len;
05201 if (pos < offset)
05202 {
05203 len = 0;
05204 begin = pos;
05205 }
05206 if (pos > offset+length)
05207 {
05208 rsbac_vfree(pid_array);
05209 goto out;
05210 }
05211 }
05212 }
05213 count += subcount;
05214 }
05215 rsbac_vfree(pid_array);
05216 }
05217 len += sprintf(buffer + len, "%lu jailed processes\n",
05218 count);
05219 pos = begin + len;
05220 if (pos < offset)
05221 {
05222 len = 0;
05223 begin = pos;
05224 }
05225 if (pos > offset+length)
05226 goto out;
05227
05228 len += sprintf(buffer + len, "\nJAIL IPCs\n---------\nType IPC-ID Jail-ID\n");
05229 pos = begin + len;
05230 if (pos < offset)
05231 {
05232 len = 0;
05233 begin = pos;
05234 }
05235 if (pos > offset+length)
05236 goto out;
05237
05238 count = rsbac_list_get_all_desc(ipc_handles.jail, (void **) &ipc_array);
05239 if(count > 0)
05240 {
05241 __u32 i;
05242 rsbac_jail_id_t data;
05243 char tmp[RSBAC_MAXNAMELEN];
05244
05245 for(i=0; i < count; i++)
05246 {
05247 if(!rsbac_list_get_data(ipc_handles.jail, &ipc_array[i], &data))
05248 {
05249 len += sprintf(buffer + len, "%-10s %-10lu %-10u\n",
05250 get_ipc_target_name(tmp, ipc_array[i].type),
05251 ipc_array[i].id.id_nr,
05252 data);
05253 pos = begin + len;
05254 if (pos < offset)
05255 {
05256 len = 0;
05257 begin = pos;
05258 }
05259 if (pos > offset+length)
05260 {
05261 rsbac_vfree(ipc_array);
05262 goto out;
05263 }
05264 }
05265 }
05266 rsbac_vfree(ipc_array);
05267 }
05268 len += sprintf(buffer + len, "%lu JAIL IPCs\n",
05269 count);
05270 pos = begin + len;
05271 if (pos < offset)
05272 {
05273 len = 0;
05274 begin = pos;
05275 }
05276 if (pos > offset+length)
05277 goto out;
05278 out:
05279 *start = buffer + (offset - begin);
05280 len -= (offset - begin);
05281
05282 if (len > length)
05283 len = length;
05284 return len;
05285 }
05286 #endif
05287
05288 #ifdef CONFIG_RSBAC_PAX
05289 static int
05290 pax_proc_info(char *buffer, char **start, off_t offset, int length)
05291 {
05292 int len = 0;
05293 off_t pos = 0;
05294 off_t begin = 0;
05295
05296 union rsbac_target_id_t rsbac_target_id;
05297 union rsbac_attribute_value_t rsbac_attribute_value;
05298
05299 if (!rsbac_initialized)
05300 return (-ENOSYS);
05301
05302 rsbac_target_id.scd = ST_rsbac;
05303 rsbac_attribute_value.dummy = 0;
05304 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05305 current->pid,
05306 T_SCD,
05307 rsbac_target_id,
05308 A_none,
05309 rsbac_attribute_value))
05310 {
05311 return -EPERM;
05312 }
05313 len += sprintf(buffer, "RSBAC PaX module\n----------------\n");
05314 pos = begin + len;
05315 if (pos < offset)
05316 {
05317 len = 0;
05318 begin = pos;
05319 }
05320 if (pos > offset+length)
05321 goto out;
05322
05323 len += sprintf(buffer + len, "%li user list items.\n",
05324 rsbac_list_count(user_handles.pax));
05325 pos = begin + len;
05326 if (pos < offset)
05327 {
05328 len = 0;
05329 begin = pos;
05330 }
05331 if (pos > offset+length)
05332 goto out;
05333
05334 out:
05335 *start = buffer + (offset - begin);
05336 len -= (offset - begin);
05337
05338 if (len > length)
05339 len = length;
05340 return len;
05341 }
05342 #endif
05343
05344 static int register_all_rsbac_proc(void)
05345 {
05346 struct proc_dir_entry * tmp_entry_p;
05347
05348 proc_rsbac_root_p = create_proc_entry("rsbac-info",
05349 S_IFDIR | S_IRUGO | S_IXUGO,
05350 &proc_root);
05351 if(!proc_rsbac_root_p)
05352 return -RSBAC_ECOULDNOTADDITEM;
05353
05354 proc_rsbac_backup_p = create_proc_entry("backup",
05355 S_IFDIR | S_IRUGO | S_IXUGO,
05356 proc_rsbac_root_p);
05357 if(!proc_rsbac_root_p)
05358 return -RSBAC_ECOULDNOTADDITEM;
05359
05360 tmp_entry_p = create_proc_entry("devices",
05361 S_IFREG | S_IRUGO,
05362 proc_rsbac_root_p);
05363 if(!tmp_entry_p)
05364 return -RSBAC_ECOULDNOTADDITEM;
05365 tmp_entry_p->get_info = devices_proc_info;
05366
05367 tmp_entry_p = create_proc_entry("stats",
05368 S_IFREG | S_IRUGO,
05369 proc_rsbac_root_p);
05370 if(!tmp_entry_p)
05371 return -RSBAC_ECOULDNOTADDITEM;
05372 tmp_entry_p->get_info = stats_proc_info;
05373
05374 tmp_entry_p = create_proc_entry("active",
05375 S_IFREG | S_IRUGO,
05376 proc_rsbac_root_p);
05377 if(!tmp_entry_p)
05378 return -RSBAC_ECOULDNOTADDITEM;
05379 tmp_entry_p->get_info = active_proc_info;
05380
05381 #ifdef CONFIG_RSBAC_XSTATS
05382 tmp_entry_p = create_proc_entry("xstats",
05383 S_IFREG | S_IRUGO,
05384 proc_rsbac_root_p);
05385 if(!tmp_entry_p)
05386 return -RSBAC_ECOULDNOTADDITEM;
05387 tmp_entry_p->get_info = xstats_proc_info;
05388 #endif
05389 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
05390 tmp_entry_p = create_proc_entry("auto_write",
05391 S_IFREG | S_IRUGO | S_IWUGO,
05392 proc_rsbac_root_p);
05393 if(!tmp_entry_p)
05394 return -RSBAC_ECOULDNOTADDITEM;
05395 tmp_entry_p->get_info = auto_write_proc_info;
05396 tmp_entry_p->write_proc = auto_write_proc_write;
05397 #endif
05398 tmp_entry_p = create_proc_entry("versions",
05399 S_IFREG | S_IRUGO,
05400 proc_rsbac_root_p);
05401 if(!tmp_entry_p)
05402 return -RSBAC_ECOULDNOTADDITEM;
05403 tmp_entry_p->get_info = versions_proc_info;
05404
05405 #ifdef CONFIG_RSBAC_NET_OBJ
05406 tmp_entry_p = create_proc_entry("net_temp",
05407 S_IFREG | S_IRUGO,
05408 proc_rsbac_root_p);
05409 if(!tmp_entry_p)
05410 return -RSBAC_ECOULDNOTADDITEM;
05411 tmp_entry_p->get_info = net_temp_proc_info;
05412 #endif
05413 #ifdef CONFIG_RSBAC_JAIL
05414 tmp_entry_p = create_proc_entry("jails",
05415 S_IFREG | S_IRUGO,
05416 proc_rsbac_root_p);
05417 if(!tmp_entry_p)
05418 return -RSBAC_ECOULDNOTADDITEM;
05419 tmp_entry_p->get_info = jail_proc_info;
05420 #endif
05421 #ifdef CONFIG_RSBAC_PAX
05422 tmp_entry_p = create_proc_entry("pax",
05423 S_IFREG | S_IRUGO,
05424 proc_rsbac_root_p);
05425 if(!tmp_entry_p)
05426 return -RSBAC_ECOULDNOTADDITEM;
05427 tmp_entry_p->get_info = pax_proc_info;
05428 #endif
05429
05430 return(0);
05431 }
05432
05433
05434
05435
05436
05437
05438
05439
05440
05441
05442
05443
05444
05445
05446
05447
05448
05449
05450
05451
05452
05453
05454
05455 #endif
05456
05457
05458
05459
05460
05461
05462
05463
05464
05465
05466
05467
05468
05469
05470
05471 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
05472 #ifdef CONFIG_RSBAC_INIT_DELAY
05473 int rsbac_init_daz(void);
05474 #else
05475 int __init rsbac_init_daz(void);
05476 #endif
05477 #endif
05478
05479 #ifdef CONFIG_RSBAC_INIT_DELAY
05480 static void registration_error(int err, char * listname)
05481 #else
05482 static void __init registration_error(int err, char * listname)
05483 #endif
05484 {
05485 if(err < 0)
05486 {
05487 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05488
05489 if(tmp)
05490 {
05491 rsbac_printk(KERN_WARNING
05492 "rsbac_do_init(): Registering %s list failed with error %s\n",
05493 listname,
05494 get_error_name(tmp, err));
05495 rsbac_kfree(tmp);
05496 }
05497 }
05498 }
05499
05500 #ifdef CONFIG_RSBAC_INIT_DELAY
05501 static int register_dev_lists(void)
05502 #else
05503 static int __init register_dev_lists(void)
05504 #endif
05505 {
05506 int err = 0;
05507 struct rsbac_list_info_t * list_info_p;
05508
05509 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05510 if(!list_info_p)
05511 {
05512 return -ENOMEM;
05513 }
05514
05515 #ifdef CONFIG_RSBAC_DEBUG
05516 if (rsbac_debug_ds)
05517 {
05518 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering DEV lists\n");
05519 }
05520 #endif
05521 {
05522 struct rsbac_gen_dev_aci_t def_aci = DEFAULT_GEN_DEV_ACI;
05523
05524 list_info_p->version = RSBAC_GEN_DEV_ACI_VERSION;
05525 list_info_p->key = RSBAC_GEN_DEV_ACI_KEY;
05526 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05527 list_info_p->data_size = sizeof(struct rsbac_gen_dev_aci_t);
05528 list_info_p->max_age = 0;
05529 err = rsbac_list_register(RSBAC_LIST_VERSION,
05530 &dev_handles.gen,
05531 list_info_p,
05532 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05533 RSBAC_LIST_BACKUP |
05534 #endif
05535 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05536 dev_compare,
05537 gen_dev_get_conv,
05538 &def_aci,
05539 RSBAC_GEN_ACI_DEV_NAME,
05540 RSBAC_AUTO_DEV);
05541 if(err)
05542 {
05543 registration_error(err, "DEV General");
05544 }
05545 }
05546 #if defined(CONFIG_RSBAC_MAC)
05547 {
05548 struct rsbac_mac_dev_aci_t def_aci = DEFAULT_MAC_DEV_ACI;
05549
05550 list_info_p->version = RSBAC_MAC_DEV_ACI_VERSION;
05551 list_info_p->key = RSBAC_MAC_DEV_ACI_KEY;
05552 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05553 list_info_p->data_size = sizeof(struct rsbac_mac_dev_aci_t);
05554 list_info_p->max_age = 0;
05555 err = rsbac_list_register(RSBAC_LIST_VERSION,
05556 &dev_handles.mac,
05557 list_info_p,
05558 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05559 RSBAC_LIST_BACKUP |
05560 #endif
05561 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05562 dev_compare,
05563 mac_dev_get_conv,
05564 &def_aci,
05565 RSBAC_MAC_ACI_DEV_NAME,
05566 RSBAC_AUTO_DEV);
05567 if(err)
05568 {
05569 registration_error(err, "DEV MAC");
05570 }
05571 }
05572 #endif
05573 #if defined(CONFIG_RSBAC_PM)
05574 {
05575 struct rsbac_pm_dev_aci_t def_aci = DEFAULT_PM_DEV_ACI;
05576
05577 list_info_p->version = RSBAC_PM_DEV_ACI_VERSION;
05578 list_info_p->key = RSBAC_PM_DEV_ACI_KEY;
05579 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05580 list_info_p->data_size = sizeof(struct rsbac_pm_dev_aci_t);
05581 list_info_p->max_age = 0;
05582 err = rsbac_list_register(RSBAC_LIST_VERSION,
05583 &dev_handles.pm,
05584 list_info_p,
05585 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05586 RSBAC_LIST_BACKUP |
05587 #endif
05588 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05589 dev_compare,
05590 pm_dev_get_conv,
05591 &def_aci,
05592 RSBAC_PM_ACI_DEV_NAME,
05593 RSBAC_AUTO_DEV);
05594 if(err)
05595 {
05596 registration_error(err, "DEV PM");
05597 }
05598 }
05599 #endif
05600 #if defined(CONFIG_RSBAC_RC)
05601 {
05602 rsbac_rc_type_id_t def_major_aci = RSBAC_RC_GENERAL_TYPE;
05603 rsbac_rc_type_id_t def_aci = RC_type_inherit_parent;
05604
05605 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05606 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05607 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05608 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05609 list_info_p->max_age = 0;
05610 err = rsbac_list_register(RSBAC_LIST_VERSION,
05611 &dev_major_handles.rc,
05612 list_info_p,
05613 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05614 RSBAC_LIST_BACKUP |
05615 #endif
05616 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05617 dev_major_compare,
05618 rc_dev_get_conv,
05619 &def_major_aci,
05620 RSBAC_RC_ACI_DEV_MAJOR_NAME,
05621 RSBAC_AUTO_DEV);
05622 if(err)
05623 {
05624 registration_error(err, "DEV major RC");
05625 }
05626 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05627 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05628 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05629 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05630 list_info_p->max_age = 0;
05631 err = rsbac_list_register(RSBAC_LIST_VERSION,
05632 &dev_handles.rc,
05633 list_info_p,
05634 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05635 RSBAC_LIST_BACKUP |
05636 #endif
05637 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05638 dev_compare,
05639 rc_dev_get_conv,
05640 &def_aci,
05641 RSBAC_RC_ACI_DEV_NAME,
05642 RSBAC_AUTO_DEV);
05643 if(err)
05644 {
05645 registration_error(err, "DEV RC");
05646 }
05647 }
05648 #endif
05649
05650 return err;
05651 }
05652
05653 #ifdef CONFIG_RSBAC_INIT_DELAY
05654 static int register_ipc_lists(void)
05655 #else
05656 static int __init register_ipc_lists(void)
05657 #endif
05658 {
05659 int err = 0;
05660 struct rsbac_list_info_t * list_info_p;
05661
05662 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05663 if(!list_info_p)
05664 {
05665 return -ENOMEM;
05666 }
05667
05668 #ifdef CONFIG_RSBAC_DEBUG
05669 if (rsbac_debug_ds)
05670 {
05671 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering IPC lists\n");
05672 }
05673 #endif
05674 #if defined(CONFIG_RSBAC_MAC)
05675 {
05676 struct rsbac_mac_ipc_aci_t def_aci = DEFAULT_MAC_IPC_ACI;
05677
05678 list_info_p->version = RSBAC_MAC_IPC_ACI_VERSION;
05679 list_info_p->key = RSBAC_MAC_IPC_ACI_KEY;
05680 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05681 list_info_p->data_size = sizeof(struct rsbac_mac_ipc_aci_t);
05682 list_info_p->max_age = 0;
05683 err = rsbac_list_register(RSBAC_LIST_VERSION,
05684 &ipc_handles.mac,
05685 list_info_p,
05686 RSBAC_LIST_DEF_DATA,
05687 ipc_compare,
05688 NULL,
05689 &def_aci,
05690 RSBAC_MAC_ACI_IPC_NAME,
05691 RSBAC_AUTO_DEV);
05692 if(err)
05693 {
05694 registration_error(err, "IPC MAC");
05695 }
05696 }
05697 #endif
05698 #if defined(CONFIG_RSBAC_PM)
05699 {
05700 struct rsbac_pm_ipc_aci_t def_aci = DEFAULT_PM_IPC_ACI;
05701
05702 list_info_p->version = RSBAC_PM_IPC_ACI_VERSION;
05703 list_info_p->key = RSBAC_PM_IPC_ACI_KEY;
05704 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05705 list_info_p->data_size = sizeof(struct rsbac_pm_ipc_aci_t);
05706 list_info_p->max_age = 0;
05707 err = rsbac_list_register(RSBAC_LIST_VERSION,
05708 &ipc_handles.pm,
05709 list_info_p,
05710 RSBAC_LIST_DEF_DATA,
05711 ipc_compare,
05712 NULL,
05713 &def_aci,
05714 RSBAC_PM_ACI_IPC_NAME,
05715 RSBAC_AUTO_DEV);
05716 if(err)
05717 {
05718 registration_error(err, "IPC PM");
05719 }
05720 }
05721 #endif
05722 #if defined(CONFIG_RSBAC_RC)
05723 {
05724 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
05725
05726 list_info_p->version = RSBAC_RC_IPC_ACI_VERSION;
05727 list_info_p->key = RSBAC_RC_IPC_ACI_KEY;
05728 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05729 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05730 list_info_p->max_age = 0;
05731 err = rsbac_list_register(RSBAC_LIST_VERSION,
05732 &ipc_handles.rc,
05733 list_info_p,
05734 RSBAC_LIST_DEF_DATA,
05735 ipc_compare,
05736 NULL,
05737 &def_aci,
05738 RSBAC_RC_ACI_IPC_NAME,
05739 RSBAC_AUTO_DEV);
05740 if(err)
05741 {
05742 registration_error(err, "IPC RC");
05743 }
05744 }
05745 #endif
05746 #if defined(CONFIG_RSBAC_JAIL)
05747 {
05748 rsbac_jail_id_t def_aci = RSBAC_JAIL_DEF_ID;
05749
05750 list_info_p->version = RSBAC_JAIL_IPC_ACI_VERSION;
05751 list_info_p->key = RSBAC_JAIL_IPC_ACI_KEY;
05752 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05753 list_info_p->data_size = sizeof(rsbac_jail_id_t);
05754 list_info_p->max_age = 0;
05755 err = rsbac_list_register(RSBAC_LIST_VERSION,
05756 &ipc_handles.jail,
05757 list_info_p,
05758 RSBAC_LIST_DEF_DATA,
05759 ipc_compare,
05760 NULL,
05761 &def_aci,
05762 RSBAC_JAIL_ACI_IPC_NAME,
05763 RSBAC_AUTO_DEV);
05764 if(err)
05765 {
05766 registration_error(err, "IPC JAIL");
05767 }
05768 }
05769 #endif
05770
05771 return err;
05772 }
05773
05774 #ifdef CONFIG_RSBAC_INIT_DELAY
05775 static int register_user_lists(void)
05776 #else
05777 static int __init register_user_lists(void)
05778 #endif
05779 {
05780 int err = 0;
05781 struct rsbac_list_info_t * list_info_p;
05782
05783 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05784 if(!list_info_p)
05785 {
05786 return -ENOMEM;
05787 }
05788
05789 #ifdef CONFIG_RSBAC_DEBUG
05790 if (rsbac_debug_ds)
05791 {
05792 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering USER lists\n");
05793 }
05794 #endif
05795
05796 {
05797 struct rsbac_gen_user_aci_t def_aci = DEFAULT_GEN_U_ACI;
05798
05799 list_info_p->version = RSBAC_GEN_USER_ACI_VERSION;
05800 list_info_p->key = RSBAC_GEN_USER_ACI_KEY;
05801 list_info_p->desc_size = sizeof(rsbac_uid_t);
05802 list_info_p->data_size = sizeof(struct rsbac_gen_user_aci_t);
05803 list_info_p->max_age = 0;
05804 err = rsbac_list_register(RSBAC_LIST_VERSION,
05805 &user_handles.gen,
05806 list_info_p,
05807 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05808 RSBAC_LIST_BACKUP |
05809 #endif
05810 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05811 rsbac_list_compare_u32,
05812 NULL,
05813 &def_aci,
05814 RSBAC_GEN_ACI_USER_NAME,
05815 RSBAC_AUTO_DEV);
05816 if(err)
05817 {
05818 registration_error(err, "USER General");
05819 }
05820 }
05821 #if defined(CONFIG_RSBAC_MAC)
05822 {
05823 struct rsbac_mac_user_aci_t def_aci = DEFAULT_MAC_U_ACI;
05824
05825 list_info_p->version = RSBAC_MAC_USER_ACI_VERSION;
05826 list_info_p->key = RSBAC_MAC_USER_ACI_KEY;
05827 list_info_p->desc_size = sizeof(rsbac_uid_t);
05828 list_info_p->data_size = sizeof(struct rsbac_mac_user_aci_t);
05829 list_info_p->max_age = 0;
05830 err = rsbac_list_register(RSBAC_LIST_VERSION,
05831 &user_handles.mac,
05832 list_info_p,
05833 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05834 RSBAC_LIST_BACKUP |
05835 #endif
05836 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05837 rsbac_list_compare_u32,
05838 mac_user_get_conv,
05839 &def_aci,
05840 RSBAC_MAC_ACI_USER_NAME,
05841 RSBAC_AUTO_DEV);
05842 if(err)
05843 {
05844 registration_error(err, "USER MAC");
05845 }
05846 else
05847 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.mac))
05848 {
05849 struct rsbac_mac_user_aci_t sysadm_aci = DEFAULT_MAC_U_SYSADM_ACI;
05850 struct rsbac_mac_user_aci_t secoff_aci = DEFAULT_MAC_U_SECOFF_ACI;
05851 struct rsbac_mac_user_aci_t auditor_aci = DEFAULT_MAC_U_AUDITOR_ACI;
05852 rsbac_uid_t user;
05853
05854 rsbac_printk(KERN_WARNING
05855 "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n");
05856 user = RSBAC_SYSADM_UID;
05857 if(rsbac_list_add(user_handles.mac, &user, &sysadm_aci))
05858 rsbac_printk(KERN_WARNING
05859 "rsbac_do_init(): SYSADM USER MAC entry could not be added!\n");
05860 user = RSBAC_SECOFF_UID;
05861 if(rsbac_list_add(user_handles.mac, &user, &secoff_aci))
05862 rsbac_printk(KERN_WARNING
05863 "rsbac_do_init(): SECOFF USER MAC entry could not be added!\n");
05864 user = RSBAC_AUDITOR_UID;
05865 if(rsbac_list_add(user_handles.mac, &user, &auditor_aci))
05866 rsbac_printk(KERN_WARNING
05867 "rsbac_do_init(): AUDITOR USER MAC entry could not be added!\n");
05868 }
05869 }
05870 #endif
05871 #if defined(CONFIG_RSBAC_PM)
05872 {
05873 struct rsbac_pm_user_aci_t def_aci = DEFAULT_PM_U_ACI;
05874
05875 list_info_p->version = RSBAC_PM_USER_ACI_VERSION;
05876 list_info_p->key = RSBAC_PM_USER_ACI_KEY;
05877 list_info_p->desc_size = sizeof(rsbac_uid_t);
05878 list_info_p->data_size = sizeof(struct rsbac_pm_user_aci_t);
05879 list_info_p->max_age = 0;
05880 err = rsbac_list_register(RSBAC_LIST_VERSION,
05881 &user_handles.pm,
05882 list_info_p,
05883 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05884 RSBAC_LIST_BACKUP |
05885 #endif
05886 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05887 rsbac_list_compare_u32,
05888 NULL,
05889 &def_aci,
05890 RSBAC_PM_ACI_USER_NAME,
05891 RSBAC_AUTO_DEV);
05892 if(err)
05893 {
05894 registration_error(err, "USER PM");
05895 }
05896 else
05897 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pm))
05898 {
05899 struct rsbac_pm_user_aci_t sysadm_aci = DEFAULT_PM_U_SYSADM_ACI;
05900 struct rsbac_pm_user_aci_t secoff_aci = DEFAULT_PM_U_SECOFF_ACI;
05901 struct rsbac_pm_user_aci_t dataprot_aci = DEFAULT_PM_U_DATAPROT_ACI;
05902 struct rsbac_pm_user_aci_t tpman_aci = DEFAULT_PM_U_TPMAN_ACI;
05903 rsbac_uid_t user;
05904
05905 rsbac_printk(KERN_WARNING
05906 "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n");
05907 user = RSBAC_SYSADM_UID;
05908 if(rsbac_list_add(user_handles.pm, &user, &sysadm_aci))
05909 rsbac_printk(KERN_WARNING
05910 "rsbac_do_init(): SYSADM USER PM entry could not be added!\n");
05911 user = RSBAC_SECOFF_UID;
05912 if(rsbac_list_add(user_handles.pm, &user, &secoff_aci))
05913 rsbac_printk(KERN_WARNING
05914 "rsbac_do_init(): SECOFF USER PM entry could not be added!\n");
05915 user = RSBAC_DATAPROT_UID;
05916 if(rsbac_list_add(user_handles.pm, &user, &dataprot_aci))
05917 rsbac_printk(KERN_WARNING
05918 "rsbac_do_init(): DATAPROT USER PM entry could not be added!\n");
05919 user = RSBAC_TPMAN_UID;
05920 if(rsbac_list_add(user_handles.pm, &user, &tpman_aci))
05921 rsbac_printk(KERN_WARNING
05922 "rsbac_do_init(): TPMAN USER PM entry could not be added!\n");
05923 }
05924 }
05925 #endif
05926 #if defined(CONFIG_RSBAC_DAZ)
05927 {
05928 rsbac_system_role_int_t def_aci = SR_user;
05929
05930 list_info_p->version = RSBAC_DAZ_USER_ACI_VERSION;
05931 list_info_p->key = RSBAC_DAZ_USER_ACI_KEY;
05932 list_info_p->desc_size = sizeof(rsbac_uid_t);
05933 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
05934 list_info_p->max_age = 0;
05935 err = rsbac_list_register(RSBAC_LIST_VERSION,
05936 &user_handles.daz,
05937 list_info_p,
05938 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05939 RSBAC_LIST_BACKUP |
05940 #endif
05941 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05942 rsbac_list_compare_u32,
05943 NULL,
05944 &def_aci,
05945 RSBAC_DAZ_ACI_USER_NAME,
05946 RSBAC_AUTO_DEV);
05947 if(err)
05948 {
05949 registration_error(err, "USER DAZ");
05950 }
05951 else
05952 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.daz))
05953 {
05954 rsbac_uid_t user;
05955 rsbac_system_role_int_t role;
05956
05957 rsbac_printk(KERN_WARNING
05958 "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n");
05959 user = RSBAC_SYSADM_UID;
05960 role = SR_administrator;
05961 if(rsbac_list_add(user_handles.daz, &user, &role))
05962 rsbac_printk(KERN_WARNING
05963 "rsbac_do_init(): SYSADM USER DAZ entry could not be added!\n");
05964 user = RSBAC_SECOFF_UID;
05965 role = SR_security_officer;
05966 if(rsbac_list_add(user_handles.daz, &user, &role))
05967 rsbac_printk(KERN_WARNING
05968 "rsbac_do_init(): SECOFF USER DAZ entry could not be added!\n");
05969 }
05970 }
05971 #endif
05972 #if defined(CONFIG_RSBAC_FF)
05973 {
05974 rsbac_system_role_int_t def_aci = SR_user;
05975
05976 list_info_p->version = RSBAC_FF_USER_ACI_VERSION;
05977 list_info_p->key = RSBAC_FF_USER_ACI_KEY;
05978 list_info_p->desc_size = sizeof(rsbac_uid_t);
05979 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
05980 list_info_p->max_age = 0;
05981 err = rsbac_list_register(RSBAC_LIST_VERSION,
05982 &user_handles.ff,
05983 list_info_p,
05984 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05985 RSBAC_LIST_BACKUP |
05986 #endif
05987 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05988 rsbac_list_compare_u32,
05989 NULL,
05990 &def_aci,
05991 RSBAC_FF_ACI_USER_NAME,
05992 RSBAC_AUTO_DEV);
05993 if(err)
05994 {
05995 registration_error(err, "USER FF");
05996 }
05997 else
05998 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.ff))
05999 {
06000 rsbac_uid_t user;
06001 rsbac_system_role_int_t role;
06002
06003 rsbac_printk(KERN_WARNING
06004 "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n");
06005 user = RSBAC_SYSADM_UID;
06006 role = SR_administrator;
06007 if(rsbac_list_add(user_handles.ff, &user, &role))
06008 rsbac_printk(KERN_WARNING
06009 "rsbac_do_init(): SYSADM USER FF entry could not be added!\n");
06010 user = RSBAC_SECOFF_UID;
06011 role = SR_security_officer;
06012 if(rsbac_list_add(user_handles.ff, &user, &role))
06013 rsbac_printk(KERN_WARNING
06014 "rsbac_do_init(): SECOFF USER FF entry could not be added!\n");
06015 user = RSBAC_AUDITOR_UID;
06016 role = SR_auditor;
06017 if(rsbac_list_add(user_handles.ff, &user, &role))
06018 rsbac_printk(KERN_WARNING
06019 "rsbac_do_init(): AUDITOR USER FF entry could not be added!\n");
06020 }
06021 }
06022 #endif
06023 #if defined(CONFIG_RSBAC_RC)
06024 {
06025 struct rsbac_rc_user_aci_t def_aci = DEFAULT_RC_U_ACI;
06026
06027 list_info_p->version = RSBAC_RC_USER_ACI_VERSION;
06028 list_info_p->key = RSBAC_RC_USER_ACI_KEY;
06029 list_info_p->desc_size = sizeof(rsbac_uid_t);
06030 list_info_p->data_size = sizeof(struct rsbac_rc_user_aci_t);
06031 list_info_p->max_age = 0;
06032 err = rsbac_list_register(RSBAC_LIST_VERSION,
06033 &user_handles.rc,
06034 list_info_p,
06035 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06036 RSBAC_LIST_BACKUP |
06037 #endif
06038 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06039 rsbac_list_compare_u32,
06040 rc_user_get_conv,
06041 &def_aci,
06042 RSBAC_RC_ACI_USER_NAME,
06043 RSBAC_AUTO_DEV);
06044 if(err)
06045 {
06046 registration_error(err, "USER RC");
06047 }
06048 else
06049 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.rc))
06050 {
06051 rsbac_uid_t user;
06052 struct rsbac_rc_user_aci_t sysadm_aci = DEFAULT_RC_U_SYSADM_ACI;
06053 struct rsbac_rc_user_aci_t secoff_aci = DEFAULT_RC_U_SECOFF_ACI;
06054 struct rsbac_rc_user_aci_t auditor_aci = DEFAULT_RC_U_AUDITOR_ACI;
06055
06056 rsbac_printk(KERN_WARNING
06057 "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n");
06058 user = RSBAC_SYSADM_UID;
06059 if(rsbac_list_add(user_handles.rc, &user, &sysadm_aci))
06060 rsbac_printk(KERN_WARNING
06061 "rsbac_do_init(): SYSADM USER RC entry could not be added!\n");
06062 user = RSBAC_SECOFF_UID;
06063 if(rsbac_list_add(user_handles.rc, &user, &secoff_aci))
06064 rsbac_printk(KERN_WARNING
06065 "rsbac_do_init(): SECOFF USER RC entry could not be added!\n");
06066 user = RSBAC_AUDITOR_UID;
06067 if(rsbac_list_add(user_handles.rc, &user, &auditor_aci))
06068 rsbac_printk(KERN_WARNING
06069 "rsbac_do_init(): AUDITOR USER RC entry could not be added!\n");
06070 }
06071 }
06072 #endif
06073 #if defined(CONFIG_RSBAC_AUTH)
06074 {
06075 rsbac_system_role_int_t def_aci = SR_user;
06076
06077 list_info_p->version = RSBAC_AUTH_USER_ACI_VERSION;
06078 list_info_p->key = RSBAC_AUTH_USER_ACI_KEY;
06079 list_info_p->desc_size = sizeof(rsbac_uid_t);
06080 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06081 list_info_p->max_age = 0;
06082 err = rsbac_list_register(RSBAC_LIST_VERSION,
06083 &user_handles.auth,
06084 list_info_p,
06085 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06086 RSBAC_LIST_BACKUP |
06087 #endif
06088 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06089 rsbac_list_compare_u32,
06090 NULL,
06091 &def_aci,
06092 RSBAC_AUTH_ACI_USER_NAME,
06093 RSBAC_AUTO_DEV);
06094 if(err)
06095 {
06096 registration_error(err, "USER AUTH");
06097 }
06098 else
06099 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.auth))
06100 {
06101 rsbac_uid_t user;
06102 rsbac_system_role_int_t role;
06103
06104 rsbac_printk(KERN_WARNING
06105 "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n");
06106 user = RSBAC_SYSADM_UID;
06107 role = SR_administrator;
06108 if(rsbac_list_add(user_handles.auth, &user, &role))
06109 rsbac_printk(KERN_WARNING
06110 "rsbac_do_init(): SYSADM USER AUTH entry could not be added!\n");
06111 user = RSBAC_SECOFF_UID;
06112 role = SR_security_officer;
06113 if(rsbac_list_add(user_handles.auth, &user, &role))
06114 rsbac_printk(KERN_WARNING
06115 "rsbac_do_init(): SECOFF USER AUTH entry could not be added!\n");
06116 user = RSBAC_AUDITOR_UID;
06117 role = SR_auditor;
06118 if(rsbac_list_add(user_handles.auth, &user, &role))
06119 rsbac_printk(KERN_WARNING
06120 "rsbac_do_init(): AUDITOR USER AUTH entry could not be added!\n");
06121 }
06122 }
06123 #endif
06124 #if defined(CONFIG_RSBAC_CAP)
06125 {
06126 struct rsbac_cap_user_aci_t def_aci = DEFAULT_CAP_U_ACI;
06127
06128 list_info_p->version = RSBAC_CAP_USER_ACI_VERSION;
06129 list_info_p->key = RSBAC_CAP_USER_ACI_KEY;
06130 list_info_p->desc_size = sizeof(rsbac_uid_t);
06131 list_info_p->data_size = sizeof(struct rsbac_cap_user_aci_t);
06132 list_info_p->max_age = 0;
06133 err = rsbac_list_register(RSBAC_LIST_VERSION,
06134 &user_handles.cap,
06135 list_info_p,
06136 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06137 RSBAC_LIST_BACKUP |
06138 #endif
06139 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06140 rsbac_list_compare_u32,
06141 NULL,
06142 &def_aci,
06143 RSBAC_CAP_ACI_USER_NAME,
06144 RSBAC_AUTO_DEV);
06145 if(err)
06146 {
06147 registration_error(err, "USER CAP");
06148 }
06149 else
06150 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.cap))
06151 {
06152 struct rsbac_cap_user_aci_t sysadm_aci = DEFAULT_CAP_U_SYSADM_ACI;
06153 struct rsbac_cap_user_aci_t secoff_aci = DEFAULT_CAP_U_SECOFF_ACI;
06154 struct rsbac_cap_user_aci_t auditor_aci = DEFAULT_CAP_U_AUDITOR_ACI;
06155 rsbac_uid_t user;
06156
06157 rsbac_printk(KERN_WARNING
06158 "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06159 rsbac_printk(KERN_WARNING
06160 "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06161 user = RSBAC_SYSADM_UID;
06162 if(rsbac_list_add(user_handles.cap, &user, &sysadm_aci))
06163 rsbac_printk(KERN_WARNING
06164 "rsbac_do_init(): SYSADM USER CAP entry could not be added!\n");
06165 user = RSBAC_SECOFF_UID;
06166 if(rsbac_list_add(user_handles.cap, &user, &secoff_aci))
06167 rsbac_printk(KERN_WARNING
06168 "rsbac_do_init(): SECOFF USER CAP entry could not be added!\n");
06169 user = RSBAC_AUDITOR_UID;
06170 if(rsbac_list_add(user_handles.cap, &user, &auditor_aci))
06171 rsbac_printk(KERN_WARNING
06172 "rsbac_do_init(): AUDITOR USER CAP entry could not be added!\n");
06173 }
06174 }
06175 #endif
06176 #if defined(CONFIG_RSBAC_JAIL)
06177 {
06178 rsbac_system_role_int_t def_aci = SR_user;
06179
06180 list_info_p->version = RSBAC_JAIL_USER_ACI_VERSION;
06181 list_info_p->key = RSBAC_JAIL_USER_ACI_KEY;
06182 list_info_p->desc_size = sizeof(rsbac_uid_t);
06183 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06184 list_info_p->max_age = 0;
06185 err = rsbac_list_register(RSBAC_LIST_VERSION,
06186 &user_handles.jail,
06187 list_info_p,
06188 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06189 RSBAC_LIST_BACKUP |
06190 #endif
06191 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06192 rsbac_list_compare_u32,
06193 NULL,
06194 &def_aci,
06195 RSBAC_JAIL_ACI_USER_NAME,
06196 RSBAC_AUTO_DEV);
06197 if(err)
06198 {
06199 registration_error(err, "USER JAIL");
06200 }
06201 else
06202 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.jail))
06203 {
06204 rsbac_uid_t user;
06205 rsbac_system_role_int_t role;
06206
06207 rsbac_printk(KERN_WARNING
06208 "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n");
06209 user = RSBAC_SYSADM_UID;
06210 role = SR_administrator;
06211 if(rsbac_list_add(user_handles.jail, &user, &role))
06212 rsbac_printk(KERN_WARNING
06213 "rsbac_do_init(): SYSADM USER JAIL entry could not be added!\n");
06214 user = RSBAC_SECOFF_UID;
06215 role = SR_security_officer;
06216 if(rsbac_list_add(user_handles.jail, &user, &role))
06217 rsbac_printk(KERN_WARNING
06218 "rsbac_do_init(): SECOFF USER JAIL entry could not be added!\n");
06219 }
06220 }
06221 #endif
06222 #if defined(CONFIG_RSBAC_RES)
06223 {
06224 list_info_p->version = RSBAC_RES_USER_ACI_VERSION;
06225 list_info_p->key = RSBAC_RES_USER_ACI_KEY;
06226 list_info_p->desc_size = sizeof(rsbac_uid_t);
06227 list_info_p->data_size = sizeof(struct rsbac_res_user_aci_t);
06228 list_info_p->max_age = 0;
06229 err = rsbac_list_register(RSBAC_LIST_VERSION,
06230 &user_handles.res,
06231 list_info_p,
06232 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06233 RSBAC_LIST_BACKUP |
06234 #endif
06235 RSBAC_LIST_PERSIST,
06236 rsbac_list_compare_u32,
06237 NULL,
06238 NULL,
06239 RSBAC_RES_ACI_USER_NAME,
06240 RSBAC_AUTO_DEV);
06241 if(err)
06242 {
06243 registration_error(err, "USER RES");
06244 }
06245 else
06246 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.res))
06247 {
06248 struct rsbac_res_user_aci_t sysadm_aci = DEFAULT_RES_U_SYSADM_ACI;
06249 struct rsbac_res_user_aci_t secoff_aci = DEFAULT_RES_U_SECOFF_ACI;
06250 rsbac_uid_t user;
06251
06252 rsbac_printk(KERN_WARNING
06253 "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06254 rsbac_printk(KERN_WARNING
06255 "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06256 user = RSBAC_SYSADM_UID;
06257 if(rsbac_list_add(user_handles.res, &user, &sysadm_aci))
06258 rsbac_printk(KERN_WARNING
06259 "rsbac_do_init(): SYSADM USER RES entry could not be added!\n");
06260 user = RSBAC_SECOFF_UID;
06261 if(rsbac_list_add(user_handles.res, &user, &secoff_aci))
06262 rsbac_printk(KERN_WARNING
06263 "rsbac_do_init(): SECOFF USER RES entry could not be added!\n");
06264 }
06265 }
06266 #endif
06267 #if defined(CONFIG_RSBAC_PAX)
06268 {
06269 rsbac_system_role_int_t def_aci = SR_user;
06270
06271 list_info_p->version = RSBAC_PAX_USER_ACI_VERSION;
06272 list_info_p->key = RSBAC_PAX_USER_ACI_KEY;
06273 list_info_p->desc_size = sizeof(rsbac_uid_t);
06274 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06275 list_info_p->max_age = 0;
06276 err = rsbac_list_register(RSBAC_LIST_VERSION,
06277 &user_handles.pax,
06278 list_info_p,
06279 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06280 RSBAC_LIST_BACKUP |
06281 #endif
06282 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06283 rsbac_list_compare_u32,
06284 NULL,
06285 &def_aci,
06286 RSBAC_PAX_ACI_USER_NAME,
06287 RSBAC_AUTO_DEV);
06288 if(err)
06289 {
06290 registration_error(err, "USER PAX");
06291 }
06292 else
06293 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pax))
06294 {
06295 rsbac_uid_t user;
06296 rsbac_system_role_int_t role;
06297
06298 rsbac_printk(KERN_WARNING
06299 "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n");
06300 user = RSBAC_SYSADM_UID;
06301 role = SR_administrator;
06302 if(rsbac_list_add(user_handles.pax, &user, &role))
06303 rsbac_printk(KERN_WARNING
06304 "rsbac_do_init(): SYSADM USER PAX entry could not be added!\n");
06305 user = RSBAC_SECOFF_UID;
06306 role = SR_security_officer;
06307 if(rsbac_list_add(user_handles.pax, &user, &role))
06308 rsbac_printk(KERN_WARNING
06309 "rsbac_do_init(): SECOFF USER PAX entry could not be added!\n");
06310 }
06311 }
06312 #endif
06313
06314 return err;
06315 }
06316
06317 #ifdef CONFIG_RSBAC_INIT_DELAY
06318 static int register_process_lists(void)
06319 #else
06320 static int __init register_process_lists(void)
06321 #endif
06322 {
06323 int err = 0;
06324 struct rsbac_list_info_t * list_info_p;
06325
06326 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06327 if(!list_info_p)
06328 {
06329 return -ENOMEM;
06330 }
06331
06332 #ifdef CONFIG_RSBAC_DEBUG
06333 if (rsbac_debug_ds)
06334 {
06335 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering PROCESS lists\n");
06336 }
06337 #endif
06338 {
06339 struct rsbac_gen_process_aci_t def_aci = DEFAULT_GEN_P_ACI;
06340 char name[RSBAC_MAXNAMELEN];
06341 int i;
06342
06343 list_info_p->version = RSBAC_GEN_PROCESS_ACI_VERSION;
06344 list_info_p->key = RSBAC_GEN_PROCESS_ACI_KEY;
06345 list_info_p->desc_size = sizeof(rsbac_pid_t);
06346 list_info_p->data_size = sizeof(struct rsbac_gen_process_aci_t);
06347 list_info_p->max_age = 0;
06348 for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++)
06349 {
06350 sprintf(name, "%s%u", RSBAC_GEN_ACI_PROCESS_NAME, i);
06351 err = rsbac_list_register(RSBAC_LIST_VERSION,
06352 &process_handles.gen[i],
06353 list_info_p,
06354 RSBAC_LIST_DEF_DATA,
06355 rsbac_list_compare_u32,
06356 NULL,
06357 &def_aci,
06358 name,
06359 RSBAC_AUTO_DEV);
06360 if(err)
06361 {
06362 registration_error(err, "PROCESS GEN");
06363 }
06364 }
06365 }
06366 #if defined(CONFIG_RSBAC_MAC)
06367 {
06368 struct rsbac_mac_process_aci_t def_aci = DEFAULT_MAC_P_ACI;
06369 char name[RSBAC_MAXNAMELEN];
06370 int i;
06371
06372 list_info_p->version = RSBAC_MAC_PROCESS_ACI_VERSION;
06373 list_info_p->key = RSBAC_MAC_PROCESS_ACI_KEY;
06374 list_info_p->desc_size = sizeof(rsbac_pid_t);
06375 list_info_p->data_size = sizeof(struct rsbac_mac_process_aci_t);
06376 list_info_p->max_age = 0;
06377 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
06378 {
06379 sprintf(name, "%s%u", RSBAC_MAC_ACI_PROCESS_NAME, i);
06380
06381 err = rsbac_list_register(RSBAC_LIST_VERSION,
06382 &process_handles.mac[i],
06383 list_info_p,
06384 RSBAC_LIST_DEF_DATA,
06385 rsbac_list_compare_u32,
06386 NULL,
06387 &def_aci,
06388 name,
06389 RSBAC_AUTO_DEV);
06390 if(err)
06391 {
06392 registration_error(err, "PROCESS MAC");
06393 }
06394 }
06395 }
06396 #endif
06397 #if defined(CONFIG_RSBAC_PM)
06398 {
06399 struct rsbac_pm_process_aci_t def_aci = DEFAULT_PM_P_ACI;
06400
06401 list_info_p->version = RSBAC_PM_PROCESS_ACI_VERSION;
06402 list_info_p->key = RSBAC_PM_PROCESS_ACI_KEY;
06403 list_info_p->desc_size = sizeof(rsbac_pid_t);
06404 list_info_p->data_size = sizeof(struct rsbac_pm_process_aci_t);
06405 list_info_p->max_age = 0;
06406 err = rsbac_list_register(RSBAC_LIST_VERSION,
06407 &process_handles.pm,
06408 list_info_p,
06409 RSBAC_LIST_DEF_DATA,
06410 rsbac_list_compare_u32,
06411 NULL,
06412 &def_aci,
06413 RSBAC_PM_ACI_PROCESS_NAME,
06414 RSBAC_AUTO_DEV);
06415 if(err)
06416 {
06417 registration_error(err, "PROCESS PM");
06418 }
06419 }
06420 #endif
06421 #if defined(CONFIG_RSBAC_DAZ)
06422 {
06423 struct rsbac_daz_process_aci_t def_aci = DEFAULT_DAZ_P_ACI;
06424
06425 list_info_p->version = RSBAC_DAZ_PROCESS_ACI_VERSION;
06426 list_info_p->key = RSBAC_DAZ_PROCESS_ACI_KEY;
06427 list_info_p->desc_size = sizeof(rsbac_pid_t);
06428 list_info_p->data_size = sizeof(struct rsbac_daz_process_aci_t);
06429 list_info_p->max_age = 0;
06430 err = rsbac_list_register(RSBAC_LIST_VERSION,
06431 &process_handles.daz,
06432 list_info_p,
06433 RSBAC_LIST_DEF_DATA,
06434 rsbac_list_compare_u32,
06435 NULL,
06436 &def_aci,
06437 RSBAC_DAZ_ACI_PROCESS_NAME,
06438 RSBAC_AUTO_DEV);
06439 if(err)
06440 {
06441 registration_error(err, "PROCESS DAZ");
06442 }
06443 }
06444 #endif
06445 #if defined(CONFIG_RSBAC_RC)
06446 {
06447 struct rsbac_rc_process_aci_t def_aci = DEFAULT_RC_P_ACI;
06448 char name[RSBAC_MAXNAMELEN];
06449 int i;
06450
06451 list_info_p->version = RSBAC_RC_PROCESS_ACI_VERSION;
06452 list_info_p->key = RSBAC_RC_PROCESS_ACI_KEY;
06453 list_info_p->desc_size = sizeof(rsbac_pid_t);
06454 list_info_p->data_size = sizeof(struct rsbac_rc_process_aci_t);
06455 list_info_p->max_age = 0;
06456 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
06457 {
06458 sprintf(name, "%s%u", RSBAC_RC_ACI_PROCESS_NAME, i);
06459 err = rsbac_list_register(RSBAC_LIST_VERSION,
06460 &process_handles.rc[i],
06461 list_info_p,
06462 RSBAC_LIST_DEF_DATA,
06463 rsbac_list_compare_u32,
06464 NULL,
06465 &def_aci,
06466 name,
06467 RSBAC_AUTO_DEV);
06468 if(err)
06469 {
06470 registration_error(err, "PROCESS RC");
06471 }
06472 }
06473 }
06474 #endif
06475 #if defined(CONFIG_RSBAC_AUTH)
06476 {
06477 struct rsbac_auth_process_aci_t def_aci = DEFAULT_AUTH_P_ACI;
06478
06479 list_info_p->version = RSBAC_AUTH_PROCESS_ACI_VERSION;
06480 list_info_p->key = RSBAC_AUTH_PROCESS_ACI_KEY;
06481 list_info_p->desc_size = sizeof(rsbac_pid_t);
06482 list_info_p->data_size = sizeof(struct rsbac_auth_process_aci_t);
06483 list_info_p->max_age = 0;
06484 err = rsbac_list_register(RSBAC_LIST_VERSION,
06485 &process_handles.auth,
06486 list_info_p,
06487 RSBAC_LIST_DEF_DATA,
06488 rsbac_list_compare_u32,
06489 NULL,
06490 &def_aci,
06491 RSBAC_AUTH_ACI_PROCESS_NAME,
06492 RSBAC_AUTO_DEV);
06493 if(err)
06494 {
06495 registration_error(err, "PROCESS AUTH");
06496 }
06497 }
06498 #endif
06499 #if defined(CONFIG_RSBAC_CAP)
06500 {
06501 struct rsbac_cap_process_aci_t def_aci = DEFAULT_CAP_P_ACI;
06502
06503 #if defined(CONFIG_RSBAC_CAP_PROC_HIDE)
06504 if(rsbac_cap_process_hiding)
06505 def_aci.cap_process_hiding = PH_from_other_users;
06506 #endif
06507 list_info_p->version = RSBAC_CAP_PROCESS_ACI_VERSION;
06508 list_info_p->key = RSBAC_CAP_PROCESS_ACI_KEY;
06509 list_info_p->desc_size = sizeof(rsbac_pid_t);
06510 list_info_p->data_size = sizeof(struct rsbac_cap_process_aci_t);
06511 list_info_p->max_age = 0;
06512 err = rsbac_list_register(RSBAC_LIST_VERSION,
06513 &process_handles.cap,
06514 list_info_p,
06515 RSBAC_LIST_DEF_DATA,
06516 rsbac_list_compare_u32,
06517 NULL,
06518 &def_aci,
06519 RSBAC_CAP_ACI_PROCESS_NAME,
06520 RSBAC_AUTO_DEV);
06521 if(err)
06522 {
06523 registration_error(err, "PROCESS CAP");
06524 }
06525 }
06526 #endif
06527 #if defined(CONFIG_RSBAC_JAIL)
06528 {
06529 struct rsbac_jail_process_aci_t def_aci = DEFAULT_JAIL_P_ACI;
06530 char name[RSBAC_MAXNAMELEN];
06531 int i;
06532
06533 list_info_p->version = RSBAC_JAIL_PROCESS_ACI_VERSION;
06534 list_info_p->key = RSBAC_JAIL_PROCESS_ACI_KEY;
06535 list_info_p->desc_size = sizeof(rsbac_pid_t);
06536 list_info_p->data_size = sizeof(struct rsbac_jail_process_aci_t);
06537 list_info_p->max_age = 0;
06538 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
06539 {
06540 sprintf(name, "%s%u", RSBAC_JAIL_ACI_PROCESS_NAME, i);
06541 err = rsbac_list_register(RSBAC_LIST_VERSION,
06542 &process_handles.jail[i],
06543 list_info_p,
06544 RSBAC_LIST_DEF_DATA,
06545 rsbac_list_compare_u32,
06546 NULL,
06547 &def_aci,
06548 name,
06549 RSBAC_AUTO_DEV);
06550 if(err)
06551 {
06552 registration_error(err, "PROCESS JAIL");
06553 }
06554 }
06555 }
06556 #endif
06557
06558 return err;
06559 }
06560
06561 #ifdef CONFIG_RSBAC_UM
06562 #ifdef CONFIG_RSBAC_INIT_DELAY
06563 static int register_group_lists(void)
06564 #else
06565 static int __init register_group_lists(void)
06566 #endif
06567 {
06568 int err = 0;
06569 struct rsbac_list_info_t * list_info_p;
06570
06571 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06572 if(!list_info_p)
06573 {
06574 return -ENOMEM;
06575 }
06576
06577 #ifdef CONFIG_RSBAC_DEBUG
06578 if (rsbac_debug_ds)
06579 {
06580 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering GROUP lists\n");
06581 }
06582 #endif
06583 #if defined(CONFIG_RSBAC_RC_UM_PROT)
06584 {
06585 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
06586
06587 list_info_p->version = RSBAC_RC_GROUP_ACI_VERSION;
06588 list_info_p->key = RSBAC_RC_GROUP_ACI_KEY;
06589 list_info_p->desc_size = sizeof(rsbac_gid_t);
06590 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
06591 list_info_p->max_age = 0;
06592 err = rsbac_list_register(RSBAC_LIST_VERSION,
06593 &group_handles.rc,
06594 list_info_p,
06595 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06596 RSBAC_LIST_BACKUP |
06597 #endif
06598 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06599 NULL,
06600 NULL,
06601 &def_aci,
06602 RSBAC_RC_ACI_GROUP_NAME,
06603 RSBAC_AUTO_DEV);
06604 if(err)
06605 {
06606 registration_error(err, "GROUP RC");
06607 }
06608 }
06609 #endif
06610
06611 return err;
06612 }
06613 #endif
06614
06615 #ifdef CONFIG_RSBAC_NET_DEV
06616 #ifdef CONFIG_RSBAC_INIT_DELAY
06617 static int register_netdev_lists(void)
06618 #else
06619 static int __init register_netdev_lists(void)
06620 #endif
06621 {
06622 int err = 0;
06623 struct rsbac_list_info_t * list_info_p;
06624
06625 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06626 if(!list_info_p)
06627 {
06628 return -ENOMEM;
06629 }
06630
06631 #ifdef CONFIG_RSBAC_DEBUG
06632 if (rsbac_debug_ds)
06633 {
06634 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering NETDEV lists\n");
06635 }
06636 #endif
06637 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
06638 {
06639 struct rsbac_gen_netdev_aci_t def_aci = DEFAULT_GEN_NETDEV_ACI;
06640
06641 list_info_p->version = RSBAC_GEN_NETDEV_ACI_VERSION;
06642 list_info_p->key = RSBAC_GEN_NETDEV_ACI_KEY;
06643 list_info_p->desc_size = sizeof(rsbac_netdev_id_t);
06644 list_info_p->data_size = sizeof(struct rsbac_gen_netdev_aci_t);
06645 list_info_p->max_age = 0;
06646 err = rsbac_list_register(RSBAC_LIST_VERSION,
06647 &netdev_handles.gen,
06648 list_info_p,
06649 RSBAC_LIST_BACKUP |
06650 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06651 netdev_compare,
06652 NULL,
06653 &def_aci,
06654 RSBAC_GEN_ACI_NETDEV_NAME,
06655 RSBAC_AUTO_DEV);
06656 if(err)
06657 {
06658 registration_error(err, "NETDEV General");
06659 }
06660 }
06661 #endif
06662 #if defined(CONFIG_RSBAC_RC)
06663 {
06664 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
06665
06666 list_info_p->version = RSBAC_RC_NETDEV_ACI_VERSION;
06667 list_info_p->key = RSBAC_RC_NETDEV_ACI_KEY;
06668 list_info_p->desc_size = sizeof(rsbac_netdev_id_t);
06669 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
06670 list_info_p->max_age = 0;
06671 err = rsbac_list_register(RSBAC_LIST_VERSION,
06672 &netdev_handles.rc,
06673 list_info_p,
06674 RSBAC_LIST_BACKUP |
06675 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06676 netdev_compare,
06677 NULL,
06678 &def_aci,
06679 RSBAC_RC_ACI_NETDEV_NAME,
06680 RSBAC_AUTO_DEV);
06681 if(err)
06682 {
06683 registration_error(err, "NETDEV RC");
06684 }
06685 }
06686 #endif
06687
06688 return err;
06689 }
06690 #endif
06691
06692 #ifdef CONFIG_RSBAC_NET_OBJ
06693 #ifdef CONFIG_RSBAC_INIT_DELAY
06694 static void fill_default_nettemp_1(void)
06695 #else
06696 static void __init fill_default_nettemp_1(void)
06697 #endif
06698 {
06699 rsbac_net_temp_id_t id;
06700 struct rsbac_net_temp_data_t unix_data = RSBAC_NET_TEMP_UNIX_DATA;
06701 struct rsbac_net_temp_data_t lnet_data = RSBAC_NET_TEMP_LNET_DATA;
06702 struct rsbac_net_temp_data_t lan_data = RSBAC_NET_TEMP_LAN_DATA;
06703
06704 id = RSBAC_NET_TEMP_UNIX_ID;
06705 rsbac_list_add(net_temp_handle, &id, &unix_data);
06706 id = RSBAC_NET_TEMP_LNET_ID;
06707 rsbac_net_str_to_inet(RSBAC_NET_TEMP_LNET_ADDRESS, (__u32 *) lnet_data.address);
06708 rsbac_list_add(net_temp_handle, &id, &lnet_data);
06709 id = RSBAC_NET_TEMP_LAN_ID;
06710 rsbac_net_str_to_inet(RSBAC_NET_TEMP_LAN_ADDRESS, (__u32 *) lan_data.address);
06711 rsbac_list_add(net_temp_handle, &id, &lan_data);
06712 }
06713 #ifdef CONFIG_RSBAC_INIT_DELAY
06714 static void fill_default_nettemp_2(void)
06715 #else
06716 static void __init fill_default_nettemp_2(void)
06717 #endif
06718 {
06719 rsbac_net_temp_id_t id;
06720 struct rsbac_net_temp_data_t auto_data = RSBAC_NET_TEMP_AUTO_DATA;
06721 struct rsbac_net_temp_data_t inet_data = RSBAC_NET_TEMP_INET_DATA;
06722 struct rsbac_net_temp_data_t all_data = RSBAC_NET_TEMP_ALL_DATA;
06723
06724 id = RSBAC_NET_TEMP_AUTO_ID;
06725 rsbac_net_str_to_inet(RSBAC_NET_TEMP_AUTO_ADDRESS, (__u32 *) auto_data.address);
06726 rsbac_list_add(net_temp_handle, &id, &auto_data);
06727 id = RSBAC_NET_TEMP_INET_ID;
06728 rsbac_list_add(net_temp_handle, &id, &inet_data);
06729 id = RSBAC_NET_TEMP_ALL_ID;
06730 rsbac_list_add(net_temp_handle, &id, &all_data);
06731 }
06732
06733 #ifdef CONFIG_RSBAC_INIT_DELAY
06734 static int register_nettemp_list(void)
06735 #else
06736 static int __init register_nettemp_list(void)
06737 #endif
06738 {
06739 int err = 0;
06740 struct rsbac_list_info_t * list_info_p;
06741
06742 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06743 if(!list_info_p)
06744 {
06745 return -ENOMEM;
06746 }
06747
06748 #ifdef CONFIG_RSBAC_DEBUG
06749 if (rsbac_debug_ds)
06750 {
06751 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering network template list\n");
06752 }
06753 #endif
06754 list_info_p->version = RSBAC_NET_TEMP_VERSION;
06755 list_info_p->key = RSBAC_NET_TEMP_KEY;
06756 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06757 list_info_p->data_size = sizeof(struct rsbac_net_temp_data_t);
06758 list_info_p->max_age = 0;
06759 err = rsbac_list_register(RSBAC_LIST_VERSION,
06760 &net_temp_handle,
06761 list_info_p,
06762 RSBAC_LIST_BACKUP |
06763 RSBAC_LIST_PERSIST,
06764 rsbac_list_compare_u32,
06765 NULL,
06766 NULL,
06767 RSBAC_NET_TEMP_NAME,
06768 RSBAC_AUTO_DEV);
06769 if(err)
06770 {
06771 registration_error(err, "Network Template");
06772 }
06773 else
06774 if(!rsbac_no_defaults && !rsbac_list_count(net_temp_handle))
06775 {
06776 rsbac_printk(KERN_WARNING
06777 "rsbac_do_init(): Network Templates could not be read - generating standard entries!\n");
06778 fill_default_nettemp_1();
06779 fill_default_nettemp_2();
06780 }
06781 return err;
06782 }
06783
06784 #ifdef CONFIG_RSBAC_INIT_DELAY
06785 static int register_nettemp_aci_lists(void)
06786 #else
06787 static int __init register_nettemp_aci_lists(void)
06788 #endif
06789 {
06790 int err = 0;
06791 struct rsbac_list_info_t * list_info_p;
06792
06793 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06794 if(!list_info_p)
06795 {
06796 return -ENOMEM;
06797 }
06798
06799 #ifdef CONFIG_RSBAC_DEBUG
06800 if (rsbac_debug_ds)
06801 {
06802 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering NETTEMP lists\n");
06803 }
06804 #endif
06805
06806 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
06807 {
06808 list_info_p->version = RSBAC_GEN_NETOBJ_ACI_VERSION;
06809 list_info_p->key = RSBAC_GEN_NETOBJ_ACI_KEY;
06810 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06811 list_info_p->data_size = sizeof(struct rsbac_gen_netobj_aci_t);
06812 list_info_p->max_age = 0;
06813 err = rsbac_list_register(RSBAC_LIST_VERSION,
06814 &nettemp_handles.gen,
06815 list_info_p,
06816 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06817 rsbac_list_compare_u32,
06818 NULL,
06819 &def_gen_netobj_aci,
06820 RSBAC_GEN_ACI_NETTEMP_NAME,
06821 RSBAC_AUTO_DEV);
06822 if(err)
06823 {
06824 registration_error(err, "NETTEMP GEN");
06825 }
06826 }
06827 #endif
06828 #if defined(CONFIG_RSBAC_MAC)
06829 {
06830 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
06831
06832 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
06833 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
06834 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06835 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t);
06836 list_info_p->max_age = 0;
06837 err = rsbac_list_register(RSBAC_LIST_VERSION,
06838 &nettemp_handles.mac,
06839 list_info_p,
06840 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06841 rsbac_list_compare_u32,
06842 NULL,
06843 &def_aci,
06844 RSBAC_MAC_ACI_NETTEMP_NAME,
06845 RSBAC_AUTO_DEV);
06846 if(err)
06847 {
06848 registration_error(err, "NETTEMP MAC");
06849 }
06850 }
06851 #endif
06852 #if defined(CONFIG_RSBAC_PM)
06853 {
06854 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
06855
06856 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
06857 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
06858 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06859 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t);
06860 list_info_p->max_age = 0;
06861 err = rsbac_list_register(RSBAC_LIST_VERSION,
06862 &nettemp_handles.pm,
06863 list_info_p,
06864 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06865 rsbac_list_compare_u32,
06866 NULL,
06867 &def_aci,
06868 RSBAC_PM_ACI_NETTEMP_NAME,
06869 RSBAC_AUTO_DEV);
06870 if(err)
06871 {
06872 registration_error(err, "NETTEMP PM");
06873 }
06874 }
06875 #endif
06876 #if defined(CONFIG_RSBAC_RC)
06877 {
06878 struct rsbac_rc_nettemp_aci_t def_aci = DEFAULT_RC_NETTEMP_ACI;
06879
06880 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
06881 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
06882 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06883 list_info_p->data_size = sizeof(struct rsbac_rc_nettemp_aci_t);
06884 list_info_p->max_age = 0;
06885 err = rsbac_list_register(RSBAC_LIST_VERSION,
06886 &nettemp_handles.rc,
06887 list_info_p,
06888 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06889 rsbac_list_compare_u32,
06890 NULL,
06891 &def_aci,
06892 RSBAC_RC_ACI_NETTEMP_NAME,
06893 RSBAC_AUTO_DEV);
06894 if(err)
06895 {
06896 registration_error(err, "NETTEMP RC");
06897 }
06898 }
06899 #endif
06900
06901 return err;
06902 }
06903
06904 #ifdef CONFIG_RSBAC_INIT_DELAY
06905 static int register_netobj_lists(void)
06906 #else
06907 static int __init register_netobj_lists(void)
06908 #endif
06909 {
06910 int err = 0;
06911 struct rsbac_list_info_t * list_info_p;
06912
06913 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06914 if(!list_info_p)
06915 {
06916 return -ENOMEM;
06917 }
06918
06919 #ifdef CONFIG_RSBAC_DEBUG
06920 if (rsbac_debug_ds)
06921 {
06922 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering local NETOBJ lists\n");
06923 }
06924 #endif
06925 #if defined(CONFIG_RSBAC_MAC)
06926 {
06927 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
06928
06929 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
06930 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
06931 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
06932 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t);
06933 list_info_p->max_age = 0;
06934 err = rsbac_list_register(RSBAC_LIST_VERSION,
06935 &lnetobj_handles.mac,
06936 list_info_p,
06937 0,
06938 rsbac_list_compare_u32,
06939 NULL,
06940 &def_aci,
06941 RSBAC_MAC_ACI_LNETOBJ_NAME,
06942 RSBAC_AUTO_DEV);
06943 if(err)
06944 {
06945 registration_error(err, "LNETOBJ MAC");
06946 }
06947 }
06948 #endif
06949 #if defined(CONFIG_RSBAC_PM)
06950 {
06951 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
06952
06953 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
06954 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
06955 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
06956 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t);
06957 list_info_p->max_age = 0;
06958 err = rsbac_list_register(RSBAC_LIST_VERSION,
06959 &lnetobj_handles.pm,
06960 list_info_p,
06961 0,
06962 rsbac_list_compare_u32,
06963 NULL,
06964 &def_aci,
06965 RSBAC_PM_ACI_LNETOBJ_NAME,
06966 RSBAC_AUTO_DEV);
06967 if(err)
06968 {
06969 registration_error(err, "LNETOBJ PM");
06970 }
06971 }
06972 #endif
06973 #if defined(CONFIG_RSBAC_RC)
06974 {
06975 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
06976
06977 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
06978 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
06979 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
06980 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
06981 list_info_p->max_age = 0;
06982 err = rsbac_list_register(RSBAC_LIST_VERSION,
06983 &lnetobj_handles.rc,
06984 list_info_p,
06985 0,
06986 rsbac_list_compare_u32,
06987 NULL,
06988 &def_aci,
06989 RSBAC_RC_ACI_LNETOBJ_NAME,
06990 RSBAC_AUTO_DEV);
06991 if(err)
06992 {
06993 registration_error(err, "LNETOBJ RC");
06994 }
06995 }
06996 #endif
06997
06998 #ifdef CONFIG_RSBAC_DEBUG
06999 if (rsbac_debug_ds)
07000 {
07001 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering remote NETOBJ lists\n");
07002 }
07003 #endif
07004 #if defined(CONFIG_RSBAC_MAC)
07005 {
07006 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
07007
07008 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
07009 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
07010 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07011 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t);
07012 list_info_p->max_age = 0;
07013 err = rsbac_list_register(RSBAC_LIST_VERSION,
07014 &rnetobj_handles.mac,
07015 list_info_p,
07016 0,
07017 rsbac_list_compare_u32,
07018 NULL,
07019 &def_aci,
07020 RSBAC_MAC_ACI_RNETOBJ_NAME,
07021 RSBAC_AUTO_DEV);
07022 if(err)
07023 {
07024 registration_error(err, "RNETOBJ MAC");
07025 }
07026 }
07027 #endif
07028 #if defined(CONFIG_RSBAC_PM)
07029 {
07030 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
07031
07032 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
07033 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
07034 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07035 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t);
07036 list_info_p->max_age = 0;
07037 err = rsbac_list_register(RSBAC_LIST_VERSION,
07038 &rnetobj_handles.pm,
07039 list_info_p,
07040 0,
07041 rsbac_list_compare_u32,
07042 NULL,
07043 &def_aci,
07044 RSBAC_PM_ACI_RNETOBJ_NAME,
07045 RSBAC_AUTO_DEV);
07046 if(err)
07047 {
07048 registration_error(err, "RNETOBJ PM");
07049 }
07050 }
07051 #endif
07052 #if defined(CONFIG_RSBAC_RC)
07053 {
07054 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
07055
07056 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
07057 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
07058 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07059 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
07060 list_info_p->max_age = 0;
07061 err = rsbac_list_register(RSBAC_LIST_VERSION,
07062 &rnetobj_handles.rc,
07063 list_info_p,
07064 0,
07065 rsbac_list_compare_u32,
07066 NULL,
07067 &def_aci,
07068 RSBAC_RC_ACI_RNETOBJ_NAME,
07069 RSBAC_AUTO_DEV);
07070 if(err)
07071 {
07072 registration_error(err, "RNETOBJ RC");
07073 }
07074 }
07075 #endif
07076
07077 return err;
07078 }
07079 #endif
07080
07081 #ifdef CONFIG_RSBAC_INIT_DELAY
07082 static int rsbac_do_init(void)
07083 #else
07084 static int __init rsbac_do_init(void)
07085 #endif
07086 {
07087 int err = 0;
07088 struct rsbac_device_list_item_t * device_p;
07089 struct rsbac_device_list_item_t * new_device_p;
07090 u_long flags;
07091 struct rsbac_list_info_t * list_info_p;
07092 struct super_block * sb_p;
07093
07094 #ifdef CONFIG_RSBAC_DEBUG
07095 if(rsbac_debug_stack)
07096 {
07097 unsigned long * n;
07098
07099 n = (unsigned long *) (current+1);
07100 while (!*n)
07101 n++;
07102 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack: %lu\n",
07103 (unsigned long) n - (unsigned long)(current+1));
07104 }
07105 #endif
07106 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
07107 if(!list_info_p)
07108 {
07109 return -ENOMEM;
07110 }
07111 compiled_modules[0] = (char) 0;
07112 #ifdef CONFIG_RSBAC_REG
07113 strcat(compiled_modules, " REG");
07114 #endif
07115 #ifdef CONFIG_RSBAC_MAC
07116 #ifdef CONFIG_RSBAC_MAC_LIGHT
07117 strcat(compiled_modules, " MAC-L");
07118 #else
07119 strcat(compiled_modules, " MAC");
07120 #endif
07121 #endif
07122 #ifdef CONFIG_RSBAC_PM
07123 strcat(compiled_modules, " PM");
07124 #endif
07125 #ifdef CONFIG_RSBAC_DAZ
07126 strcat(compiled_modules, " DAZ");
07127 #endif
07128 #ifdef CONFIG_RSBAC_FF
07129 strcat(compiled_modules, " FF");
07130 #endif
07131 #ifdef CONFIG_RSBAC_RC
07132 strcat(compiled_modules, " RC");
07133 #endif
07134 #ifdef CONFIG_RSBAC_AUTH
07135 strcat(compiled_modules, " AUTH");
07136 #endif
07137 #ifdef CONFIG_RSBAC_ACL
07138 strcat(compiled_modules, " ACL");
07139 #endif
07140 #ifdef CONFIG_RSBAC_CAP
07141 strcat(compiled_modules, " CAP");
07142 #endif
07143 #ifdef CONFIG_RSBAC_JAIL
07144 strcat(compiled_modules, " JAIL");
07145 #endif
07146 #ifdef CONFIG_RSBAC_RES
07147 strcat(compiled_modules, " RES");
07148 #endif
07149 #ifdef CONFIG_RSBAC_PAX
07150 strcat(compiled_modules, " PAX");
07151 #endif
07152 #ifdef CONFIG_RSBAC_MAINT
07153 rsbac_printk(KERN_INFO
07154 "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
07155 RSBAC_VERSION);
07156
07157 printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n", RSBAC_VERSION);
07158
07159 rsbac_printk(KERN_INFO
07160 "rsbac_do_init(): Supported module data structures:%s\n",
07161 compiled_modules);
07162 #else
07163 rsbac_printk(KERN_INFO
07164 "rsbac_do_init(): Initializing RSBAC %s\n",
07165 RSBAC_VERSION);
07166
07167 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07168 if (rsbac_nosyslog)
07169 #endif
07170 printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s\n", RSBAC_VERSION);
07171
07172 rsbac_printk(KERN_INFO
07173 "rsbac_do_init(): compiled modules:%s\n",
07174 compiled_modules);
07175 #endif
07176
07177
07178 rsbac_printk(KERN_INFO
07179 "rsbac_do_init(): Initializing memory slabs\n");
07180 rsbac_kmem_cache_sizes_init();
07181
07182
07183 device_list_head.lock = RW_LOCK_UNLOCKED;
07184 device_list_head.head = NULL;
07185 device_list_head.tail = NULL;
07186 device_list_head.curr = NULL;
07187 device_list_head.count = 0;
07188
07189 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
07190 #ifdef CONFIG_RSBAC_DEBUG
07191 if(rsbac_debug_stack)
07192 {
07193 unsigned long * n = (unsigned long *) (current+1);
07194
07195 while (!*n)
07196 n++;
07197 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering proc dir: %lu\n",
07198 (unsigned long) n - (unsigned long)(current+1));
07199 }
07200 #endif
07201 rsbac_printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n");
07202 register_all_rsbac_proc();
07203 #endif
07204
07205 #ifdef CONFIG_RSBAC_DEBUG
07206 if(rsbac_debug_stack)
07207 {
07208 unsigned long * n = (unsigned long *) (current+1);
07209
07210 while (!*n)
07211 n++;
07212 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before get_super: %lu\n",
07213 (unsigned long) n - (unsigned long)(current+1));
07214 }
07215 #endif
07216 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07217 sb_p = user_get_super(rsbac_root_dev);
07218 #else
07219 sb_p = get_super(rsbac_root_dev);
07220 #endif
07221 if(!sb_p)
07222 {
07223 kfree(list_info_p);
07224 return -RSBAC_ENOROOTDEV;
07225 }
07226
07227 #ifdef CONFIG_RSBAC_DEBUG
07228 if (rsbac_debug_ds)
07229 {
07230 rsbac_printk(KERN_DEBUG
07231 "rsbac_do_init(): reading aci from device number %02u:%02u\n",
07232 RSBAC_MAJOR(rsbac_root_dev),
07233 RSBAC_MINOR(rsbac_root_dev));
07234 }
07235 #endif
07236
07237 new_device_p = create_device_item(sb_p, NULL);
07238 if (!new_device_p)
07239 {
07240 rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not alloc device item!\n");
07241 err = -RSBAC_ECOULDNOTADDDEVICE;
07242 goto out_free;
07243 }
07244
07245
07246 rsbac_write_lock(&device_list_head.lock, &flags);
07247
07248 device_p = add_device_item(new_device_p);
07249
07250 rsbac_write_unlock(&device_list_head.lock, &flags);
07251 if (!device_p)
07252 {
07253 rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not add device!\n");
07254 clear_device_item(new_device_p);
07255 err = -RSBAC_ECOULDNOTADDDEVICE;
07256 goto out_free;
07257 }
07258
07259
07260 rsbac_printk(KERN_INFO
07261 "rsbac_do_init(): Initializing generic lists\n");
07262 rsbac_list_init();
07263
07264 #ifdef CONFIG_RSBAC_DEBUG
07265 if(rsbac_debug_stack)
07266 {
07267 unsigned long * n = (unsigned long *) (current+1);
07268
07269 while (!*n)
07270 n++;
07271 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_debug: %lu\n",
07272 (unsigned long) n - (unsigned long)(current+1));
07273 }
07274 #endif
07275 rsbac_init_debug();
07276
07277 rsbac_printk(KERN_INFO
07278 "rsbac_do_init(): reading FD attributes from root dev\n");
07279
07280 #ifdef CONFIG_RSBAC_DEBUG
07281 if(rsbac_debug_stack)
07282 {
07283 unsigned long * n = (unsigned long *) (current+1);
07284
07285 while (!*n)
07286 n++;
07287 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before reading FD lists: %lu\n",
07288 (unsigned long) n - (unsigned long)(current+1));
07289 }
07290 #endif
07291
07292 if((err = register_fd_lists(device_p,rsbac_root_dev)))
07293 {
07294 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
07295
07296 if(tmp)
07297 {
07298 rsbac_printk(KERN_WARNING
07299 "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n",
07300 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err));
07301 rsbac_kfree(tmp);
07302 }
07303 }
07304
07305 #ifdef CONFIG_RSBAC_DEBUG
07306 if(rsbac_debug_stack)
07307 {
07308 unsigned long * n = (unsigned long *) (current+1);
07309
07310 while (!*n)
07311 n++;
07312 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before DEV lists registration: %lu\n",
07313 (unsigned long) n - (unsigned long)(current+1));
07314 }
07315 #endif
07316 register_dev_lists();
07317
07318 #ifdef CONFIG_RSBAC_DEBUG
07319 if(rsbac_debug_stack)
07320 {
07321 unsigned long * n = (unsigned long *) (current+1);
07322
07323 while (!*n)
07324 n++;
07325 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering IPC lists: %lu\n",
07326 (unsigned long) n - (unsigned long)(current+1));
07327 }
07328 #endif
07329
07330 register_ipc_lists();
07331
07332 #ifdef CONFIG_RSBAC_DEBUG
07333 if(rsbac_debug_stack)
07334 {
07335 unsigned long * n = (unsigned long *) (current+1);
07336
07337 while (!*n)
07338 n++;
07339 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering USER lists: %lu\n",
07340 (unsigned long) n - (unsigned long)(current+1));
07341 }
07342 #endif
07343 register_user_lists();
07344
07345 #ifdef CONFIG_RSBAC_DEBUG
07346 if(rsbac_debug_stack)
07347 {
07348 unsigned long * n = (unsigned long *) (current+1);
07349
07350 while (!*n)
07351 n++;
07352 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering PROCESS aci: %lu\n",
07353 (unsigned long) n - (unsigned long)(current+1));
07354 }
07355 #endif
07356 register_process_lists();
07357
07358
07359 #ifdef CONFIG_RSBAC_UM
07360 #ifdef CONFIG_RSBAC_DEBUG
07361 if(rsbac_debug_stack)
07362 {
07363 unsigned long * n = (unsigned long *) (current+1);
07364
07365 while (!*n)
07366 n++;
07367 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before GROUP lists registration: %lu\n",
07368 (unsigned long) n - (unsigned long)(current+1));
07369 }
07370 #endif
07371 register_group_lists();
07372 #endif
07373
07374 #ifdef CONFIG_RSBAC_NET_DEV
07375 register_netdev_lists();
07376 #endif
07377
07378 #ifdef CONFIG_RSBAC_NET_OBJ
07379 register_nettemp_list();
07380 register_nettemp_aci_lists();
07381 register_netobj_lists();
07382 #endif
07383
07384
07385 #if defined(CONFIG_RSBAC_MAC)
07386 #ifdef CONFIG_RSBAC_DEBUG
07387 if(rsbac_debug_stack)
07388 {
07389 unsigned long * n = (unsigned long *) (current+1);
07390
07391 while (!*n)
07392 n++;
07393 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_mac: %lu\n",
07394 (unsigned long) n - (unsigned long)(current+1));
07395 }
07396 #endif
07397 rsbac_init_mac();
07398 #endif
07399
07400 #ifdef CONFIG_RSBAC_PM
07401 #ifdef CONFIG_RSBAC_DEBUG
07402 if(rsbac_debug_stack)
07403 {
07404 unsigned long * n = (unsigned long *) (current+1);
07405
07406 while (!*n)
07407 n++;
07408 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_pm: %lu\n",
07409 (unsigned long) n - (unsigned long)(current+1));
07410 }
07411 #endif
07412 rsbac_init_pm();
07413 #endif
07414
07415 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
07416 #ifdef CONFIG_RSBAC_DEBUG
07417 if(rsbac_debug_stack)
07418 {
07419 unsigned long * n = (unsigned long *) (current+1);
07420
07421 while (!*n)
07422 n++;
07423 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_daz: %lu\n",
07424 (unsigned long) n - (unsigned long)(current+1));
07425 }
07426 #endif
07427 rsbac_init_daz();
07428 #endif
07429
07430 #if defined(CONFIG_RSBAC_RC)
07431 #ifdef CONFIG_RSBAC_DEBUG
07432 if(rsbac_debug_stack)
07433 {
07434 unsigned long * n = (unsigned long *) (current+1);
07435
07436 while (!*n)
07437 n++;
07438 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_rc: %lu\n",
07439 (unsigned long) n - (unsigned long)(current+1));
07440 }
07441 #endif
07442 rsbac_init_rc();
07443 #endif
07444
07445 #if defined(CONFIG_RSBAC_AUTH)
07446 #ifdef CONFIG_RSBAC_DEBUG
07447 if(rsbac_debug_stack)
07448 {
07449 unsigned long * n = (unsigned long *) (current+1);
07450
07451 while (!*n)
07452 n++;
07453 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_auth: %lu\n",
07454 (unsigned long) n - (unsigned long)(current+1));
07455 }
07456 #endif
07457 rsbac_init_auth();
07458 if (rsbac_auth_enable_login)
07459 {
07460 struct dentry * t_dentry;
07461 struct dentry * dir_dentry = NULL;
07462 struct rsbac_auth_fd_aci_t auth_fd_aci = DEFAULT_AUTH_FD_ACI;
07463 int list_no;
07464
07465 rsbac_printk(KERN_WARNING
07466 "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n",
07467 RSBAC_AUTH_LOGIN_PATH);
07468
07469
07470 if(sb_p)
07471 {
07472 dir_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_DIR,
07473 sb_p->s_root,
07474 strlen(RSBAC_AUTH_LOGIN_PATH_DIR));
07475 }
07476 if (!dir_dentry)
07477 {
07478 err = -RSBAC_ENOTFOUND;
07479 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07480 RSBAC_AUTH_LOGIN_PATH_DIR);
07481 goto auth_out;
07482 }
07483 if (IS_ERR(dir_dentry))
07484 {
07485 err = PTR_ERR(dir_dentry);
07486 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n",
07487 RSBAC_AUTH_LOGIN_PATH_DIR,
07488 err);
07489 goto auth_out;
07490 }
07491 if (!dir_dentry->d_inode)
07492 {
07493 err = -RSBAC_ENOTFOUND;
07494 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07495 RSBAC_AUTH_LOGIN_PATH_DIR);
07496 dput(dir_dentry);
07497 goto auth_out;
07498 }
07499 t_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_FILE,
07500 dir_dentry,
07501 strlen(RSBAC_AUTH_LOGIN_PATH_FILE));
07502 if (!t_dentry)
07503 {
07504 err = -RSBAC_ENOTFOUND;
07505 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07506 RSBAC_AUTH_LOGIN_PATH_DIR,
07507 RSBAC_AUTH_LOGIN_PATH_FILE);
07508 goto auth_out;
07509 }
07510 if (IS_ERR(t_dentry))
07511 {
07512 err = PTR_ERR(t_dentry);
07513 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n",
07514 RSBAC_AUTH_LOGIN_PATH_DIR,
07515 RSBAC_AUTH_LOGIN_PATH_FILE,
07516 err);
07517 goto auth_out;
07518 }
07519 if (!t_dentry->d_inode)
07520 {
07521 err = -RSBAC_ENOTFOUND;
07522 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07523 RSBAC_AUTH_LOGIN_PATH_DIR,
07524 RSBAC_AUTH_LOGIN_PATH_FILE);
07525 dput(t_dentry);
07526 goto auth_out;
07527 }
07528
07529 if (!t_dentry->d_inode)
07530 {
07531 rsbac_printk(KERN_WARNING "rsbac_do_init(): file %s not found\n",
07532 RSBAC_AUTH_LOGIN_PATH);
07533 err = -RSBAC_EINVALIDTARGET;
07534 goto auth_out_dput;
07535 }
07536
07537 if (!S_ISREG(t_dentry->d_inode->i_mode))
07538 {
07539 rsbac_printk(KERN_WARNING "rsbac_do_init(): %s is no file\n", RSBAC_AUTH_LOGIN_PATH);
07540 err = -RSBAC_EINVALIDTARGET;
07541 goto auth_out_dput;
07542 }
07543 list_no = auth_fd_hash(t_dentry->d_inode->i_ino);
07544 rsbac_list_get_data(device_p->handles.auth[list_no],
07545 &t_dentry->d_inode->i_ino,
07546 &auth_fd_aci);
07547 auth_fd_aci.auth_may_setuid = TRUE;
07548 if(rsbac_list_add(device_p->handles.auth[list_no],
07549 &t_dentry->d_inode->i_ino,
07550 &auth_fd_aci))
07551 {
07552 rsbac_printk(KERN_WARNING
07553 "rsbac_do_init(): Could not add AUTH file/dir item!\n");
07554 err = -RSBAC_ECOULDNOTADDITEM;
07555 }
07556
07557 auth_out_dput:
07558 auth_out:
07559 { }
07560 }
07561 #endif
07562
07563 #if defined(CONFIG_RSBAC_ACL)
07564 #ifdef CONFIG_RSBAC_DEBUG
07565 if(rsbac_debug_stack)
07566 {
07567 unsigned long * n = (unsigned long *) (current+1);
07568
07569 while (!*n)
07570 n++;
07571 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_acl: %lu\n",
07572 (unsigned long) n - (unsigned long)(current+1));
07573 }
07574 #endif
07575 rsbac_init_acl();
07576 #endif
07577
07578 #if defined(CONFIG_RSBAC_UM)
07579 #ifdef CONFIG_RSBAC_DEBUG
07580 if(rsbac_debug_stack)
07581 {
07582 unsigned long * n = (unsigned long *) (current+1);
07583
07584 while (!*n)
07585 n++;
07586 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_um: %lu\n",
07587 (unsigned long) n - (unsigned long)(current+1));
07588 }
07589 #endif
07590 rsbac_init_um();
07591 #endif
07592
07593
07594 #ifdef CONFIG_RSBAC_DEBUG
07595 if(rsbac_debug_stack)
07596 {
07597 unsigned long * n = (unsigned long *) (current+1);
07598
07599 while (!*n)
07600 n++;
07601 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_adf: %lu\n",
07602 (unsigned long) n - (unsigned long)(current+1));
07603 }
07604 #endif
07605 rsbac_init_adf();
07606
07607
07608 drop_super(sb_p);
07609
07610 #if defined(CONFIG_RSBAC_PAX) && defined(CONFIG_PAX_HOOK_ACL_FLAGS)
07611 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
07612 pax_set_initial_flags_func = rsbac_pax_set_flags_func;
07613 #else
07614 pax_set_flags_func = rsbac_pax_set_flags_func;
07615 #endif
07616 #endif
07617
07618
07619 rsbac_initialized = TRUE;
07620
07621
07622 #ifdef CONFIG_BLK_DEV_INITRD
07623 if(initrd_start)
07624 {
07625 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07626 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,0));
07627 #else
07628 sb_p = get_super(MKDEV(RAMDISK_MAJOR,0));
07629 #endif
07630 if(sb_p)
07631 {
07632 rsbac_mount(sb_p, NULL);
07633 drop_super(sb_p);
07634 }
07635 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07636 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR));
07637 #else
07638 sb_p = get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR));
07639 #endif
07640 if(sb_p)
07641 {
07642 rsbac_mount(sb_p, NULL);
07643 drop_super(sb_p);
07644 }
07645 }
07646 #endif
07647
07648 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07649
07650 if( sysfs_covered_p
07651 && sysfs_sb_p
07652 )
07653 {
07654 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n",
07655 MAJOR(sysfs_sb_p->s_dev), MINOR(sysfs_sb_p->s_dev));
07656 rsbac_mount(sysfs_sb_p, sysfs_covered_p);
07657 }
07658 #endif
07659
07660
07661 #ifdef CONFIG_DEVFS_MOUNT
07662 if( devfs_covered_p
07663 && devfs_sb_p
07664 )
07665 {
07666 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n",
07667 MAJOR(devfs_sb_p->s_dev), MINOR(devfs_sb_p->s_dev));
07668 rsbac_mount(devfs_sb_p, devfs_covered_p);
07669 }
07670 #endif
07671
07672
07673 #ifdef CONFIG_RSBAC_INIT_CHECK
07674 #ifdef CONFIG_RSBAC_DEBUG
07675 if(rsbac_debug_stack)
07676 {
07677 unsigned long * n = (unsigned long *) (current+1);
07678
07679 while (!*n)
07680 n++;
07681 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before rsbac_check: %lu\n",
07682 (unsigned long) n - (unsigned long)(current+1));
07683 }
07684 #endif
07685 rsbac_printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n");
07686 rsbac_check_lists(1);
07687 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07688 rsbac_check(1,0);
07689
07690 #if defined(CONFIG_RSBAC_AUTH)
07691 rsbac_check_auth(1,0);
07692 #endif
07693 #endif
07694 #if defined(CONFIG_RSBAC_ACL)
07695 rsbac_check_acl(1,0);
07696 #endif
07697 #endif
07698
07699 if (!current->fs)
07700 {
07701 rsbac_printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n");
07702 err = -RSBAC_EINVALIDPOINTER;
07703 }
07704 out:
07705
07706 rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n");
07707
07708 rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n");
07709
07710 kfree(list_info_p);
07711 return err;
07712
07713 out_free:
07714
07715 drop_super(sb_p);
07716 goto out;
07717 }
07718
07719
07720 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07721 || defined(CONFIG_RSBAC_INIT_THREAD)
07722
07723 void wakeup_rsbacd(u_long dummy)
07724 {
07725 wake_up(&rsbacd_wait);
07726 }
07727 #endif
07728
07729 #ifdef CONFIG_RSBAC_INIT_THREAD
07730
07731 static int rsbac_initd(void * dummy)
07732 {
07733 rsbac_printk(KERN_INFO "rsbac_initd(): Initializing.\n");
07734 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07735 daemonize("rsbac_initd");
07736 #else
07737 current->session = 1;
07738 current->pgrp = 1;
07739 strcpy(current->comm, "rsbac_initd");
07740 #endif
07741
07742
07743
07744
07745 #ifdef CONFIG_RSBAC_DEBUG
07746 if(rsbac_debug_stack)
07747 {
07748 unsigned long * n = (unsigned long *) (current+1);
07749
07750 while (!*n)
07751 n++;
07752 rsbac_printk(KERN_DEBUG "rsbac_initd: free stack before rsbac_do_init(): %lu\n",
07753 (unsigned long) n - (unsigned long)(current+1));
07754 }
07755 #endif
07756
07757 rsbac_do_init();
07758
07759 #ifdef CONFIG_RSBAC_DEBUG
07760 if(rsbac_debug_stack)
07761 {
07762 unsigned long * n = (unsigned long *) (current+1);
07763
07764 while (!*n)
07765 n++;
07766 rsbac_printk(KERN_DEBUG "rsbac_initd: free stack after rsbac_do_init(): %lu\n",
07767 (unsigned long) n - (unsigned long)(current+1));
07768 }
07769 #endif
07770
07771 wake_up(&rsbacd_wait);
07772
07773 rsbac_printk(KERN_INFO "rsbac_initd(): Exiting.\n");
07774 do_exit(0);
07775 return 0;
07776 }
07777 #endif
07778
07779 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
07780
07781 static int rsbacd(void * dummy)
07782 {
07783 struct task_struct *tsk = current;
07784 char * name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
07785
07786 rsbac_printk(KERN_INFO "rsbacd(): Initializing.\n");
07787 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07788 daemonize("rsbacd");
07789 #else
07790 tsk->session = 1;
07791 tsk->pgrp = 1;
07792 strcpy(tsk->comm, "rsbacd");
07793 #endif
07794
07795
07796
07797 sys_close(0);
07798 sys_close(1);
07799 sys_close(2);
07800 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07801 reparent_to_init();
07802 #endif
07803
07804 #ifdef CONFIG_RSBAC_DEBUG
07805 if(rsbac_debug_auto)
07806 {
07807 rsbac_printk(KERN_DEBUG "rsbacd(): Setting auto timer.\n");
07808 }
07809 #endif
07810
07811 #ifndef CONFIG_RSBAC_INIT_THREAD
07812 init_timer(&rsbac_timer);
07813 rsbac_timer.function = wakeup_rsbacd;
07814 rsbac_timer.data = 0;
07815 rsbac_timer.expires = jiffies + auto_interval;
07816 add_timer(&rsbac_timer);
07817 #endif
07818
07819 #ifdef CONFIG_RSBAC_DEBUG
07820 if(rsbac_debug_stack)
07821 {
07822 unsigned long * n = (unsigned long *) (current+1);
07823
07824 while (!*n)
07825 n++;
07826 rsbac_printk(KERN_DEBUG "rsbacd: free stack: %lu\n",
07827 (unsigned long) n - (unsigned long)(current+1));
07828 }
07829 #endif
07830 for(;;)
07831 {
07832
07833 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07834
07835 flush_signals(tsk);
07836 spin_lock_irq(&tsk->sighand->siglock);
07837 flush_signal_handlers(tsk, 1);
07838 sigemptyset(&tsk->blocked);
07839 recalc_sigpending();
07840 spin_unlock_irq(&tsk->sighand->siglock);
07841 #else
07842 spin_lock_irq(&tsk->sigmask_lock);
07843 flush_signals(tsk);
07844 sigfillset(&tsk->blocked);
07845 recalc_sigpending(tsk);
07846 spin_unlock_irq(&tsk->sigmask_lock);
07847 #endif
07848
07849 mod_timer(&rsbac_timer, jiffies + auto_interval);
07850 interruptible_sleep_on(&rsbacd_wait);
07851
07852
07853
07854 #if 0
07855
07856 #if defined(CONFIG_RSBAC_DAZ_CACHE)
07857 if(jiffies >= daz_cleanup_time)
07858 {
07859 daz_cleanup_time = jiffies + HZ * RSBAC_DAZ_CACHE_CLEANUP_INTERVAL;
07860 #ifdef CONFIG_RSBAC_DEBUG
07861 if (rsbac_debug_auto)
07862 {
07863 rsbac_printk(KERN_DEBUG
07864 "rsbacd(): cleaning up DAZ scanned lists\n");
07865 }
07866 #endif
07867
07868 rsbac_read_lock(&device_list_head.lock, &dflags);
07869
07870 device_p = device_list_head.head;
07871 while (device_p)
07872 {
07873 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
07874 {
07875 rsbac_list_check(device_p->handles.dazs[i], TRUE);
07876 }
07877 device_p = device_p->next;
07878 }
07879 rsbac_read_unlock(&device_list_head.lock, &dflags);
07880 }
07881 #endif
07882 #endif
07883
07884
07885 if(rsbac_initialized && !rsbac_debug_no_write)
07886 {
07887 int err=0;
07888
07889
07890
07891
07892
07893
07894
07895
07896 down(&rsbac_write_sem);
07897 if(!rsbac_debug_no_write)
07898 {
07899 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07900 err = rsbac_write(FALSE);
07901 #else
07902 err = rsbac_write(TRUE);
07903 #endif
07904 }
07905 up(&rsbac_write_sem);
07906 if(err < 0)
07907 {
07908 if(name)
07909 rsbac_printk(KERN_WARNING
07910 "rsbacd(): rsbac_write returned error %s!\n",
07911 get_error_name(name,err));
07912 else
07913 rsbac_printk(KERN_WARNING
07914 "rsbacd(): rsbac_write returned error %i!\n",
07915 err);
07916 }
07917 #ifdef CONFIG_RSBAC_DEBUG
07918 else
07919 if (rsbac_debug_auto && (err > 0))
07920 {
07921 rsbac_printk(KERN_DEBUG
07922 "rsbacd(): rsbac_write() wrote %i lists\n", err);
07923 }
07924 #endif
07925 }
07926 }
07927 }
07928 #endif
07929
07930
07931
07932
07933
07934
07935
07936
07937 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07938
07939 extern long sys_kill(int pid, int sig);
07940 #endif
07941
07942 #ifdef CONFIG_RSBAC_INIT_DELAY
07943 int rsbac_init(kdev_t root_dev)
07944 #else
07945 int __init rsbac_init(kdev_t root_dev)
07946 #endif
07947 {
07948 int err = 0;
07949 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07950 || defined(CONFIG_RSBAC_INIT_THREAD)
07951 rsbac_pid_t rsbacd_pid;
07952 #endif
07953
07954 if (rsbac_initialized)
07955 {
07956 rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n");
07957 return(-RSBAC_EREINIT);
07958 }
07959 if (!current->fs)
07960 {
07961 rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n");
07962 return(-RSBAC_EINVALIDPOINTER);
07963 }
07964
07965 rsbac_root_dev = root_dev;
07966
07967 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07968 || defined(CONFIG_RSBAC_INIT_THREAD)
07969
07970 init_waitqueue_head(&rsbacd_wait);
07971 #endif
07972
07973 #ifdef CONFIG_RSBAC_INIT_THREAD
07974
07975 #ifdef CONFIG_RSBAC_MAX_INIT_TIME
07976 #endif
07977 rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n",
07978 RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ);
07979 init_timer(&rsbac_timer);
07980 rsbac_timer.function = wakeup_rsbacd;
07981 rsbac_timer.data = 0;
07982 rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ);
07983 add_timer(&rsbac_timer);
07984
07985
07986 rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0);
07987 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n",
07988 rsbacd_pid);
07989
07990 if(!rsbac_initialized)
07991 interruptible_sleep_on(&rsbacd_wait);
07992 if(!rsbac_initialized)
07993 {
07994 rsbac_printk(KERN_ERR
07995 "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n");
07996 rsbac_printk(KERN_ERR
07997 "rsbac_init(): *** Killing rsbac_initd! ***\n");
07998 sys_kill(rsbacd_pid, SIGKILL);
07999 rsbac_initialized = FALSE;
08000 }
08001 #else
08002 rsbac_do_init();
08003 #endif
08004
08005 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
08006 if(rsbac_initialized)
08007 {
08008
08009 rsbacd_pid = kernel_thread(rsbacd, NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
08010 if(rsbacd_pid < 0)
08011 {
08012 rsbac_printk(KERN_ERR
08013 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
08014 rsbacd_pid);
08015 }
08016 else
08017 {
08018 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n",
08019 rsbacd_pid);
08020 }
08021 }
08022 #endif
08023
08024
08025
08026 #ifdef CONFIG_RSBAC_INIT_THREAD
08027 sys_wait4(-1, NULL, WNOHANG, NULL);
08028 #endif
08029
08030
08031 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08032 {
08033 #ifdef CONFIG_RSBAC_MAC
08034 struct rsbac_mac_user_aci_t mac_u_aci;
08035 #endif
08036 #ifdef CONFIG_RSBAC_RC
08037 struct rsbac_rc_user_aci_t rc_u_aci;
08038 struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI;
08039 #endif
08040 rsbac_uid_t user = RSBAC_SYSADM_UID;
08041 rsbac_pid_t pid = 1;
08042 struct task_struct * p;
08043
08044 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n");
08045
08046 #ifdef CONFIG_RSBAC_MAC
08047 if(!rsbac_list_get_data(user_handles.mac, &user, &mac_u_aci))
08048 {
08049 mac_init_p_aci.owner_sec_level = mac_u_aci.security_level;
08050 mac_init_p_aci.owner_initial_sec_level = mac_u_aci.initial_security_level;
08051 mac_init_p_aci.current_sec_level = mac_u_aci.initial_security_level;
08052 mac_init_p_aci.owner_min_sec_level = mac_u_aci.min_security_level;
08053 mac_init_p_aci.mac_owner_categories = mac_u_aci.mac_categories;
08054 mac_init_p_aci.mac_owner_initial_categories = mac_u_aci.mac_initial_categories;
08055 mac_init_p_aci.mac_curr_categories = mac_u_aci.mac_initial_categories;
08056 mac_init_p_aci.mac_owner_min_categories = mac_u_aci.mac_min_categories;
08057 mac_init_p_aci.min_write_open = mac_u_aci.security_level;
08058 mac_init_p_aci.max_read_open = mac_u_aci.min_security_level;
08059 mac_init_p_aci.min_write_categories = mac_u_aci.mac_categories;
08060 mac_init_p_aci.max_read_categories = mac_u_aci.mac_min_categories;
08061 mac_init_p_aci.mac_process_flags
08062 = (mac_u_aci.mac_user_flags & RSBAC_MAC_P_FLAGS) | RSBAC_MAC_DEF_INIT_P_FLAGS;
08063 }
08064 #endif
08065
08066
08067 #ifdef CONFIG_RSBAC_MAC
08068 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08069 rsbac_printk(KERN_WARNING
08070 "rsbac_do_init(): MAC ACI for Init process 1 could not be added!");
08071 #endif
08072 #ifdef CONFIG_RSBAC_RC
08073
08074 if(rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role))
08075 {
08076 if(!rsbac_list_get_data(user_handles.rc, &user, &rc_u_aci))
08077 {
08078 rc_init_p_aci.rc_role = rc_u_aci.rc_role;
08079 }
08080 else
08081 {
08082 rsbac_ds_get_error("rsbac_do_init", A_rc_def_role);
08083 rc_init_p_aci.rc_role = RSBAC_RC_GENERAL_ROLE;
08084 }
08085 }
08086 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role;
08087 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_init_p_aci))
08088 rsbac_printk(KERN_WARNING
08089 "rsbac_do_init(): RC ACI for Init process 1 could not be added!");
08090 #endif
08091 read_lock(&tasklist_lock);
08092 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08093 for_each_task(p)
08094 #else
08095 for_each_process(p)
08096 #endif
08097 {
08098
08099 if(!p->pid || (p->pid == 1))
08100 continue;
08101 pid = p->pid;
08102 #ifdef CONFIG_RSBAC_DEBUG
08103 if (rsbac_debug_ds)
08104 {
08105 rsbac_printk(KERN_DEBUG "rsbac_do_init(): setting aci for process %u\n",
08106 pid);
08107 }
08108 #endif
08109 #ifdef CONFIG_RSBAC_MAC
08110 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08111 rsbac_printk(KERN_WARNING
08112 "rsbac_do_init(): MAC ACI for Init process %u could not be added!",
08113 pid);
08114 #endif
08115 #ifdef CONFIG_RSBAC_RC
08116 if(!p->mm)
08117 {
08118 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
08119 rsbac_printk(KERN_WARNING
08120 "rsbac_do_init(): RC ACI for Kernel process %u could not be added!",
08121 pid);
08122 }
08123 #endif
08124 }
08125 read_unlock(&tasklist_lock);
08126 }
08127 #endif
08128
08129 rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n");
08130 return(err);
08131 }
08132
08133
08134
08135 #if defined(CONFIG_RSBAC_REG)
08136 EXPORT_SYMBOL(rsbac_is_initialized);
08137 #endif
08138 rsbac_boolean_t rsbac_is_initialized(void)
08139 {
08140 return rsbac_initialized;
08141 }
08142
08143 int rsbac_kthread_notify(rsbac_pid_t pid)
08144 {
08145 if (!rsbac_initialized)
08146 return 0;
08147
08148 #ifdef CONFIG_RSBAC_MAC
08149 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08150 rsbac_printk(KERN_WARNING
08151 "rsbac_do_init(): MAC ACI for kernel process %u could not be added!",
08152 pid);
08153 #endif
08154 #ifdef CONFIG_RSBAC_RC
08155 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
08156 rsbac_printk(KERN_WARNING
08157 "rsbac_do_init(): RC ACI for kernel process %u could not be added!",
08158 pid);
08159 #endif
08160 return 0;
08161 }
08162
08163
08164
08165 int rsbac_mount(struct super_block * sb_p, struct dentry * d_covers)
08166 {
08167 int err = 0;
08168 struct rsbac_device_list_item_t * device_p;
08169 struct rsbac_device_list_item_t * new_device_p;
08170 u_long flags;
08171 rsbac_boolean_t old_no_write;
08172
08173 if(!sb_p)
08174 {
08175 rsbac_printk(KERN_WARNING
08176 "rsbac_mount(): called with NULL pointer\n");
08177 return -RSBAC_EINVALIDPOINTER;
08178 }
08179 if (!rsbac_initialized)
08180 {
08181 #ifdef CONFIG_RSBAC_INIT_DELAY
08182 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08183 if( !RSBAC_MAJOR(rsbac_delayed_root)
08184 && !RSBAC_MINOR(rsbac_delayed_root)
08185 && rsbac_delayed_root_str[0]
08186 )
08187 {
08188 char * p = rsbac_delayed_root_str;
08189 u_int major = 0;
08190 u_int minor = 0;
08191
08192 major = simple_strtoul(p, NULL, 0);
08193 while((*p != ':') && (*p != '\0'))
08194 p++;
08195 if(*p)
08196 {
08197 p++;
08198 minor = simple_strtoul(p, NULL, 0);
08199 }
08200 rsbac_delayed_root = RSBAC_MKDEV(major,minor);
08201 }
08202 #endif
08203 if( !rsbac_no_delay_init
08204 && ( ( !RSBAC_MAJOR(rsbac_delayed_root)
08205 && !RSBAC_MINOR(rsbac_delayed_root)
08206 && (MAJOR(sb_p->s_dev) > 1)
08207 )
08208 || ( ( RSBAC_MAJOR(rsbac_delayed_root)
08209 || RSBAC_MINOR(rsbac_delayed_root)
08210 )
08211 && ( (MAJOR(sb_p->s_dev) == RSBAC_MAJOR(rsbac_delayed_root))
08212 && ( !RSBAC_MINOR(rsbac_delayed_root)
08213 || (MINOR(sb_p->s_dev) == RSBAC_MINOR(rsbac_delayed_root))
08214 )
08215 )
08216 )
08217 )
08218 )
08219 {
08220 if(RSBAC_MAJOR(rsbac_delayed_root) || RSBAC_MINOR(rsbac_delayed_root))
08221 {
08222 rsbac_printk(KERN_INFO
08223 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
08224 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
08225 RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root));
08226 }
08227 else
08228 {
08229 rsbac_printk(KERN_INFO
08230 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
08231 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08232 }
08233 rsbac_init(sb_p->s_dev);
08234 return 0;
08235 }
08236 #endif
08237
08238 rsbac_printk(KERN_WARNING
08239 "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
08240 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08241
08242 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08243 if( (sb_p->s_magic == SYSFS_MAGIC)
08244 && !RSBAC_MAJOR(sb_p->s_dev)
08245 )
08246 {
08247 rsbac_printk(KERN_WARNING
08248 "rsbac_mount(): sysfs mount detected, keeping values for later use\n");
08249 sysfs_sb_p = sb_p;
08250 sysfs_covered_p = d_covers;
08251 }
08252 #endif
08253 #ifdef CONFIG_DEVFS_MOUNT
08254 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
08255 && !RSBAC_MAJOR(sb_p->s_dev)
08256 )
08257 {
08258 rsbac_printk(KERN_WARNING
08259 "rsbac_mount(): devfs mount detected, keeping values for later use\n");
08260 devfs_sb_p = sb_p;
08261 devfs_covered_p = d_covers;
08262 }
08263 #endif
08264 return(-RSBAC_ENOTINITIALIZED);
08265 }
08266 #ifdef CONFIG_RSBAC_DEBUG
08267 if (rsbac_debug_ds)
08268 {
08269 rsbac_printk(KERN_DEBUG "rsbac_mount(): mounting device %02u:%02u\n",
08270 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08271 }
08272 if(rsbac_debug_stack)
08273 {
08274 unsigned long * n = (unsigned long *) (current+1);
08275
08276 while (!*n)
08277 n++;
08278 rsbac_printk(KERN_DEBUG "rsbac_mount: free stack: %lu\n",
08279 (unsigned long) n - (unsigned long)(current+1));
08280 }
08281 #endif
08282 down(&rsbac_write_sem);
08283 old_no_write = rsbac_debug_no_write;
08284 rsbac_debug_no_write = TRUE;
08285 up(&rsbac_write_sem);
08286
08287 rsbac_read_lock(&device_list_head.lock, &flags);
08288 device_p = lookup_device(sb_p->s_dev);
08289
08290 if(device_p)
08291 {
08292 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n",
08293 device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08294 device_p->mount_count++;
08295 if( d_covers
08296 && !device_p->d_covers
08297 && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev))
08298 && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev))
08299 )
08300 {
08301 rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
08302 d_covers);
08303 device_p->d_covers = d_covers;
08304 }
08305 rsbac_read_unlock(&device_list_head.lock, &flags);
08306 }
08307 else
08308 {
08309 rsbac_read_unlock(&device_list_head.lock, &flags);
08310
08311 new_device_p = create_device_item(sb_p, d_covers);
08312 #ifdef CONFIG_RSBAC_DEBUG
08313 if(rsbac_debug_stack)
08314 {
08315 unsigned long * n = (unsigned long *) (current+1);
08316
08317 while (!*n)
08318 n++;
08319 rsbac_printk(KERN_DEBUG "rsbac_mount: after creating device item: free stack: %lu\n",
08320 (unsigned long) n - (unsigned long)(current+1));
08321 }
08322 #endif
08323 if(!new_device_p)
08324 {
08325 rsbac_debug_no_write = old_no_write;
08326 return -RSBAC_ECOULDNOTADDDEVICE;
08327 }
08328
08329 rsbac_read_lock(&device_list_head.lock, &flags);
08330
08331 device_p = lookup_device(sb_p->s_dev);
08332 if(device_p)
08333 {
08334 rsbac_printk(KERN_WARNING
08335 "rsbac_mount(): mount race for device %02u:%02u detected!\n",
08336 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08337 device_p->mount_count++;
08338 rsbac_read_unlock(&device_list_head.lock, &flags);
08339 clear_device_item(new_device_p);
08340 }
08341 else
08342 {
08343 rsbac_read_unlock(&device_list_head.lock, &flags);
08344 rsbac_write_lock(&device_list_head.lock, &flags);
08345 device_p = add_device_item(new_device_p);
08346 rsbac_write_unlock(&device_list_head.lock, &flags);
08347 if(!device_p)
08348 {
08349 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n",
08350 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08351 clear_device_item(new_device_p);
08352 rsbac_debug_no_write = old_no_write;
08353 return -RSBAC_ECOULDNOTADDDEVICE;
08354 }
08355 }
08356
08357
08358 rsbac_list_mount(sb_p->s_dev);
08359
08360
08361 if((err = register_fd_lists(new_device_p, sb_p->s_dev)))
08362 {
08363 char * tmp;
08364
08365 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
08366 if(tmp)
08367 {
08368 rsbac_printk(KERN_WARNING
08369 "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
08370 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), get_error_name(tmp,err));
08371 rsbac_kfree(tmp);
08372 }
08373 }
08374 #ifdef CONFIG_RSBAC_DEBUG
08375 if(rsbac_debug_stack)
08376 {
08377 unsigned long * n = (unsigned long *) (current+1);
08378
08379 while (!*n)
08380 n++;
08381 rsbac_printk(KERN_DEBUG "rsbac_mount: after registering fd lists: free stack: %lu\n",
08382 (unsigned long) n - (unsigned long)(current+1));
08383 }
08384 #endif
08385 }
08386
08387
08388
08389 #if defined(CONFIG_RSBAC_MAC)
08390 rsbac_mount_mac(sb_p->s_dev);
08391 #ifdef CONFIG_RSBAC_DEBUG
08392 if(rsbac_debug_stack)
08393 {
08394 unsigned long * n = (unsigned long *) (current+1);
08395
08396 while (!*n)
08397 n++;
08398 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_mac: free stack: %lu\n",
08399 (unsigned long) n - (unsigned long)(current+1));
08400 }
08401 #endif
08402 #endif
08403
08404 #if defined(CONFIG_RSBAC_AUTH)
08405 rsbac_mount_auth(sb_p->s_dev);
08406 #ifdef CONFIG_RSBAC_DEBUG
08407 if(rsbac_debug_stack)
08408 {
08409 unsigned long * n = (unsigned long *) (current+1);
08410
08411 while (!*n)
08412 n++;
08413 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_auth: free stack: %lu\n",
08414 (unsigned long) n - (unsigned long)(current+1));
08415 }
08416 #endif
08417 #endif
08418
08419 #if defined(CONFIG_RSBAC_ACL)
08420 rsbac_mount_acl(sb_p->s_dev);
08421 #ifdef CONFIG_RSBAC_DEBUG
08422 if(rsbac_debug_stack)
08423 {
08424 unsigned long * n = (unsigned long *) (current+1);
08425
08426 while (!*n)
08427 n++;
08428 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_acl: free stack: %lu\n",
08429 (unsigned long) n - (unsigned long)(current+1));
08430 }
08431 #endif
08432 #endif
08433
08434 #if defined(CONFIG_RSBAC_REG)
08435 rsbac_mount_reg(sb_p->s_dev);
08436 #ifdef CONFIG_RSBAC_DEBUG
08437 if(rsbac_debug_stack)
08438 {
08439 unsigned long * n = (unsigned long *) (current+1);
08440
08441 while (!*n)
08442 n++;
08443 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_reg: free stack: %lu\n",
08444 (unsigned long) n - (unsigned long)(current+1));
08445 }
08446 #endif
08447 #endif
08448
08449 rsbac_debug_no_write = old_no_write;
08450 return(err);
08451 }
08452
08453
08454
08455
08456 int rsbac_umount(struct super_block * sb_p, struct dentry * d_covers)
08457 {
08458 u_long flags;
08459 struct rsbac_device_list_item_t * device_p;
08460 kdev_t kdev;
08461
08462 if(!sb_p)
08463 {
08464 rsbac_printk(KERN_WARNING
08465 "rsbac_umount(): called with NULL pointer\n");
08466 return -RSBAC_EINVALIDPOINTER;
08467 }
08468 if (!rsbac_initialized)
08469 {
08470 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
08471
08472 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08473 if( (sb_p->s_magic == SYSFS_MAGIC)
08474 && !RSBAC_MAJOR(sb_p->s_dev)
08475 && sysfs_sb_p
08476 && sysfs_covered_p
08477 )
08478 {
08479 rsbac_printk(KERN_WARNING
08480 "rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
08481 sysfs_sb_p = NULL;
08482 sysfs_covered_p = NULL;
08483 }
08484 #endif
08485 #ifdef CONFIG_DEVFS_MOUNT
08486 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
08487 && !RSBAC_MAJOR(sb_p->s_dev)
08488 && devfs_sb_p
08489 && devfs_covered_p
08490 )
08491 {
08492 rsbac_printk(KERN_WARNING
08493 "rsbac_umount(): devfs umount detected, removing auto-mount values\n");
08494 devfs_sb_p = NULL;
08495 devfs_covered_p = NULL;
08496 }
08497 #endif
08498
08499 return(-RSBAC_ENOTINITIALIZED);
08500 }
08501
08502 #ifdef CONFIG_RSBAC_DEBUG
08503 if (rsbac_debug_ds)
08504 {
08505 rsbac_printk(KERN_DEBUG "rsbac_umount(): umounting device %02u:%02u\n",
08506 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08507 }
08508 #endif
08509
08510 kdev = sb_p->s_dev;
08511
08512
08513 #if defined(CONFIG_RSBAC_AUTO_WRITE)
08514 if(!rsbac_debug_no_write)
08515 {
08516 down(&rsbac_write_sem);
08517
08518 if(!rsbac_debug_no_write)
08519 {
08520 rsbac_write(TRUE);
08521 }
08522 up(&rsbac_write_sem);
08523 }
08524 #endif
08525
08526
08527 #if defined(CONFIG_RSBAC_MAC)
08528 rsbac_umount_mac(kdev);
08529 #endif
08530
08531 #if defined(CONFIG_RSBAC_AUTH)
08532 rsbac_umount_auth(kdev);
08533 #endif
08534
08535 #if defined(CONFIG_RSBAC_ACL)
08536 rsbac_umount_acl(kdev);
08537 #endif
08538
08539 #if defined(CONFIG_RSBAC_REG)
08540 rsbac_umount_reg(kdev);
08541 #endif
08542
08543
08544 rsbac_write_lock(&device_list_head.lock, &flags);
08545
08546 device_p = lookup_device(kdev);
08547 if(device_p)
08548 {
08549 if(device_p->mount_count == 1)
08550 {
08551
08552 rsbac_list_umount(kdev);
08553 remove_device_item(kdev);
08554 }
08555 else
08556 {
08557 if(device_p->mount_count > 1)
08558 {
08559 device_p->mount_count--;
08560 if(device_p->d_covers == d_covers)
08561 {
08562 rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
08563 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
08564 device_p->d_covers = NULL;
08565 }
08566 }
08567 else
08568 {
08569 rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n",
08570 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
08571 }
08572 }
08573 }
08574
08575 rsbac_write_unlock(&device_list_head.lock, &flags);
08576
08577 return(0);
08578 }
08579
08580
08581
08582
08583 int rsbac_free_dat_dentries(void)
08584 {
08585 u_long flags;
08586 struct rsbac_device_list_item_t * device_p;
08587
08588 if (!rsbac_initialized)
08589 {
08590 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n");
08591 return(-RSBAC_ENOTINITIALIZED);
08592 }
08593
08594 rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n");
08595
08596
08597 rsbac_write_lock_irq(&device_list_head.lock, &flags);
08598
08599 device_p = device_list_head.head;
08600 while(device_p)
08601 {
08602 if(device_p->rsbac_dir_dentry_p)
08603 {
08604 dput(device_p->rsbac_dir_dentry_p);
08605 device_p->rsbac_dir_dentry_p = NULL;
08606 }
08607 device_p = device_p->next;
08608 }
08609
08610 rsbac_write_unlock_irq(&device_list_head.lock, &flags);
08611
08612 return(0);
08613 }
08614
08615
08616
08617
08618 int rsbac_stats(void)
08619 {
08620 struct rsbac_device_list_item_t * device_p;
08621 int i;
08622 u_long fd_count = 0, fd_sum = 0;
08623 u_long dev_sum = 0;
08624 u_long ipc_sum = 0;
08625 u_long user_sum = 0;
08626 u_long process_sum = 0;
08627 #if defined(CONFIG_RSBAC_UM)
08628 u_long group_sum = 0;
08629 #endif
08630 #if defined(CONFIG_RSBAC_NET_OBJ)
08631 u_long nettemp_sum = 0;
08632 u_long lnetobj_sum = 0;
08633 u_long rnetobj_sum = 0;
08634 #endif
08635 u_long total_sum = 0;
08636 long tmp_count;
08637 u_long dflags;
08638
08639 if (!rsbac_initialized)
08640 {
08641 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n");
08642 return(-RSBAC_ENOTINITIALIZED);
08643 }
08644
08645 rsbac_read_lock(&device_list_head.lock, &dflags);
08646
08647
08648
08649 device_p = device_list_head.head;
08650 while (device_p)
08651 {
08652 fd_count = 0;
08653 for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++)
08654 {
08655 tmp_count = rsbac_list_count(device_p->handles.gen[i]);
08656 if(tmp_count > 0)
08657 fd_count+=tmp_count;
08658 }
08659 rsbac_printk(KERN_INFO "Device %02u:%02u fd_items: %lu GEN",
08660 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count);
08661 fd_sum += fd_count;
08662
08663 #if defined(CONFIG_RSBAC_MAC)
08664 fd_count = 0;
08665 for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++)
08666 {
08667 tmp_count = rsbac_list_count(device_p->handles.mac[i]);
08668 if(tmp_count > 0)
08669 fd_count+=tmp_count;
08670 }
08671 rsbac_printk(", %lu MAC",
08672 fd_count);
08673 fd_sum += fd_count;
08674 #endif
08675
08676 #if defined(CONFIG_RSBAC_PM)
08677 fd_count = 0;
08678 for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++)
08679 {
08680 tmp_count = rsbac_list_count(device_p->handles.pm[i]);
08681 if(tmp_count > 0)
08682 fd_count+=tmp_count;
08683 }
08684 rsbac_printk(", %lu PM",
08685 fd_count);
08686 fd_sum += fd_count;
08687 #endif
08688
08689 #if defined(CONFIG_RSBAC_DAZ)
08690 fd_count = 0;
08691 for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++)
08692 {
08693 tmp_count = rsbac_list_count(device_p->handles.daz[i]);
08694 if(tmp_count > 0)
08695 fd_count+=tmp_count;
08696 }
08697 rsbac_printk(", %lu DAZ",
08698 fd_count);
08699 fd_sum += fd_count;
08700 #if defined(CONFIG_RSBAC_DAZ_CACHE)
08701 fd_count = 0;
08702 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
08703 {
08704 tmp_count = rsbac_list_count(device_p->handles.dazs[i]);
08705 if(tmp_count > 0)
08706 fd_count+=tmp_count;
08707 }
08708 rsbac_printk(", %lu DAZ_SCANNED",
08709 fd_count);
08710 fd_sum += fd_count;
08711 #endif
08712 #endif
08713
08714 #if defined(CONFIG_RSBAC_FF)
08715 fd_count = 0;
08716 for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++)
08717 {
08718 tmp_count = rsbac_list_count(device_p->handles.ff[i]);
08719 if(tmp_count > 0)
08720 fd_count+=tmp_count;
08721 }
08722 rsbac_printk(", %lu FF",
08723 fd_count);
08724 fd_sum += fd_count;
08725 #endif
08726
08727 #if defined(CONFIG_RSBAC_RC)
08728 fd_count = 0;
08729 for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++)
08730 {
08731 tmp_count = rsbac_list_count(device_p->handles.rc[i]);
08732 if(tmp_count > 0)
08733 fd_count+=tmp_count;
08734 }
08735 rsbac_printk(", %lu RC",
08736 fd_count);
08737 fd_sum += fd_count;
08738 #endif
08739
08740 #if defined(CONFIG_RSBAC_AUTH)
08741 fd_count = 0;
08742 for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++)
08743 {
08744 tmp_count = rsbac_list_count(device_p->handles.auth[i]);
08745 if(tmp_count > 0)
08746 fd_count+=tmp_count;
08747 }
08748 rsbac_printk(", %lu AUTH",
08749 fd_count);
08750 fd_sum += fd_count;
08751 #endif
08752
08753 #if defined(CONFIG_RSBAC_CAP)
08754 fd_count = 0;
08755 for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++)
08756 {
08757 tmp_count = rsbac_list_count(device_p->handles.cap[i]);
08758 if(tmp_count > 0)
08759 fd_count+=tmp_count;
08760 }
08761 rsbac_printk(", %lu CAP",
08762 fd_count);
08763 fd_sum += fd_count;
08764 #endif
08765 #if defined(CONFIG_RSBAC_RES)
08766 fd_count = 0;
08767 for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++)
08768 {
08769 tmp_count = rsbac_list_count(device_p->handles.res[i]);
08770 if(tmp_count > 0)
08771 fd_count+=tmp_count;
08772 }
08773 rsbac_printk(", %lu RES",
08774 fd_count);
08775 fd_sum += fd_count;
08776 #endif
08777 #if defined(CONFIG_RSBAC_PAX)
08778 fd_count = 0;
08779 for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++)
08780 {
08781 tmp_count = rsbac_list_count(device_p->handles.pax[i]);
08782 if(tmp_count > 0)
08783 fd_count+=tmp_count;
08784 }
08785 rsbac_printk(", %lu PAX",
08786 fd_count);
08787 fd_sum += fd_count;
08788 #endif
08789
08790 rsbac_printk("\n");
08791 device_p = device_p->next;
08792 }
08793 rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
08794 device_list_head.count, fd_sum);
08795
08796 rsbac_read_unlock(&device_list_head.lock, &dflags);
08797 total_sum += fd_sum;
08798
08799
08800 tmp_count = rsbac_list_count(dev_handles.gen);
08801 rsbac_printk(KERN_INFO "DEV items: %lu GEN",
08802 tmp_count);
08803 dev_sum += tmp_count;
08804 #if defined(CONFIG_RSBAC_MAC)
08805 tmp_count = rsbac_list_count(dev_handles.mac);
08806 rsbac_printk(", %lu MAC",
08807 tmp_count);
08808 dev_sum += tmp_count;
08809 #endif
08810 #if defined(CONFIG_RSBAC_PM)
08811 tmp_count = rsbac_list_count(dev_handles.pm);
08812 rsbac_printk(", %lu PM",
08813 tmp_count);
08814 dev_sum += tmp_count;
08815 #endif
08816 #if defined(CONFIG_RSBAC_RC)
08817 tmp_count = rsbac_list_count(dev_major_handles.rc);
08818 rsbac_printk(", %lu major RC",
08819 tmp_count);
08820 dev_sum += tmp_count;
08821 tmp_count = rsbac_list_count(dev_handles.rc);
08822 rsbac_printk(", %lu RC",
08823 tmp_count);
08824 dev_sum += tmp_count;
08825 #endif
08826 rsbac_printk("\n");
08827 rsbac_printk(KERN_INFO "Sum of %lu DEV items\n",
08828 dev_sum);
08829 total_sum += dev_sum;
08830
08831
08832 rsbac_printk(KERN_INFO "IPC items: no GEN");
08833 #if defined(CONFIG_RSBAC_MAC)
08834 tmp_count = rsbac_list_count(ipc_handles.mac);
08835 rsbac_printk(", %lu MAC",
08836 tmp_count);
08837 ipc_sum += tmp_count;
08838 #endif
08839 #if defined(CONFIG_RSBAC_PM)
08840 tmp_count = rsbac_list_count(ipc_handles.pm);
08841 rsbac_printk(", %lu PM",
08842 tmp_count);
08843 ipc_sum += tmp_count;
08844 #endif
08845 #if defined(CONFIG_RSBAC_RC)
08846 tmp_count = rsbac_list_count(ipc_handles.rc);
08847 rsbac_printk(", %lu RC",
08848 tmp_count);
08849 ipc_sum += tmp_count;
08850 #endif
08851 #if defined(CONFIG_RSBAC_JAIL)
08852 tmp_count = rsbac_list_count(ipc_handles.jail);
08853 rsbac_printk(", %lu JAIL",
08854 tmp_count);
08855 ipc_sum += tmp_count;
08856 #endif
08857 rsbac_printk("\n");
08858 rsbac_printk(KERN_INFO "Sum of %lu IPC items\n",
08859 ipc_sum);
08860 total_sum += ipc_sum;
08861
08862
08863 tmp_count = rsbac_list_count(user_handles.gen);
08864 rsbac_printk(KERN_INFO "USER items: %lu GEN",
08865 tmp_count);
08866 user_sum += tmp_count;
08867 #if defined(CONFIG_RSBAC_MAC)
08868 tmp_count = rsbac_list_count(user_handles.mac);
08869 rsbac_printk(", %lu MAC",
08870 tmp_count);
08871 user_sum += tmp_count;
08872 #endif
08873 #if defined(CONFIG_RSBAC_PM)
08874 tmp_count = rsbac_list_count(user_handles.pm);
08875 rsbac_printk(", %lu PM",
08876 tmp_count);
08877 user_sum += tmp_count;
08878 #endif
08879 #if defined(CONFIG_RSBAC_DAZ)
08880 tmp_count = rsbac_list_count(user_handles.daz);
08881 rsbac_printk(", %lu DAZ",
08882 tmp_count);
08883 user_sum += tmp_count;
08884 #endif
08885 #if defined(CONFIG_RSBAC_RC)
08886 tmp_count = rsbac_list_count(user_handles.rc);
08887 rsbac_printk(", %lu RC",
08888 tmp_count);
08889 user_sum += tmp_count;
08890 #endif
08891 #if defined(CONFIG_RSBAC_AUTH)
08892 tmp_count = rsbac_list_count(user_handles.auth);
08893 rsbac_printk(", %lu AUTH",
08894 tmp_count);
08895 user_sum += tmp_count;
08896 #endif
08897 #if defined(CONFIG_RSBAC_CAP)
08898 tmp_count = rsbac_list_count(user_handles.cap);
08899 rsbac_printk(", %lu CAP",
08900 tmp_count);
08901 user_sum += tmp_count;
08902 #endif
08903 #if defined(CONFIG_RSBAC_JAIL)
08904 tmp_count = rsbac_list_count(user_handles.jail);
08905 rsbac_printk(", %lu JAIL",
08906 tmp_count);
08907 user_sum += tmp_count;
08908 #endif
08909 #if defined(CONFIG_RSBAC_RES)
08910 tmp_count = rsbac_list_count(user_handles.res);
08911 rsbac_printk(", %lu RES",
08912 tmp_count);
08913 user_sum += tmp_count;
08914 #endif
08915 #if defined(CONFIG_RSBAC_PAX)
08916 tmp_count = rsbac_list_count(user_handles.pax);
08917 rsbac_printk(", %lu PAX",
08918 tmp_count);
08919 user_sum += tmp_count;
08920 #endif
08921 rsbac_printk("\n");
08922 rsbac_printk(KERN_INFO "Sum of %lu USER items\n",
08923 user_sum);
08924 total_sum += user_sum;
08925
08926
08927 tmp_count = 0;
08928 for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++)
08929 tmp_count += rsbac_list_count(process_handles.gen[i]);
08930 rsbac_printk(KERN_INFO "PROCESS items: %lu GEN",
08931 tmp_count);
08932 process_sum += tmp_count;
08933 #if defined(CONFIG_RSBAC_MAC)
08934 tmp_count = 0;
08935 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
08936 tmp_count += rsbac_list_count(process_handles.mac[i]);
08937 rsbac_printk(", %lu MAC",
08938 tmp_count);
08939 process_sum += tmp_count;
08940 #endif
08941 #if defined(CONFIG_RSBAC_PM)
08942 tmp_count = rsbac_list_count(process_handles.pm);
08943 rsbac_printk(", %lu PM",
08944 tmp_count);
08945 process_sum += tmp_count;
08946 #endif
08947 #if defined(CONFIG_RSBAC_DAZ)
08948 tmp_count = rsbac_list_count(process_handles.daz);
08949 rsbac_printk(", %lu DAZ",
08950 tmp_count);
08951 process_sum += tmp_count;
08952 #endif
08953 #if defined(CONFIG_RSBAC_RC)
08954 tmp_count = 0;
08955 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
08956 tmp_count += rsbac_list_count(process_handles.rc[i]);
08957 rsbac_printk(", %lu RC",
08958 tmp_count);
08959 process_sum += tmp_count;
08960 #endif
08961 #if defined(CONFIG_RSBAC_AUTH)
08962 tmp_count = rsbac_list_count(process_handles.auth);
08963 rsbac_printk(", %lu AUTH",
08964 tmp_count);
08965 process_sum += tmp_count;
08966 #endif
08967 #if defined(CONFIG_RSBAC_CAP)
08968 tmp_count = rsbac_list_count(process_handles.cap);
08969 rsbac_printk(", %lu CAP",
08970 tmp_count);
08971 process_sum += tmp_count;
08972 #endif
08973 #if defined(CONFIG_RSBAC_JAIL)
08974 tmp_count = 0;
08975 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
08976 tmp_count += rsbac_list_count(process_handles.jail[i]);
08977 rsbac_printk(", %lu JAIL",
08978 tmp_count);
08979 process_sum += tmp_count;
08980 #endif
08981 rsbac_printk("\n");
08982 rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n",
08983 process_sum);
08984 total_sum += process_sum;
08985
08986 #if defined(CONFIG_RSBAC_UM)
08987
08988 rsbac_printk(KERN_INFO "GROUP items: ");
08989 #if defined(CONFIG_RSBAC_RC_UM_PROT)
08990 tmp_count = rsbac_list_count(group_handles.rc);
08991 rsbac_printk("%lu RC",
08992 tmp_count);
08993 user_sum += tmp_count;
08994 #endif
08995 rsbac_printk("\n");
08996 rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n",
08997 group_sum);
08998 total_sum += group_sum;
08999 #endif
09000
09001 #if defined(CONFIG_RSBAC_NET_OBJ)
09002
09003 rsbac_printk(KERN_INFO "NETTEMP items: ");
09004 #if defined(CONFIG_RSBAC_MAC)
09005 tmp_count = rsbac_list_count(nettemp_handles.mac);
09006 rsbac_printk("%lu MAC, ",
09007 tmp_count);
09008 nettemp_sum += tmp_count;
09009 #endif
09010 #if defined(CONFIG_RSBAC_PM)
09011 tmp_count = rsbac_list_count(nettemp_handles.pm);
09012 rsbac_printk("%lu PM, ",
09013 tmp_count);
09014 nettemp_sum += tmp_count;
09015 #endif
09016 #if defined(CONFIG_RSBAC_RC)
09017 tmp_count = rsbac_list_count(nettemp_handles.rc);
09018 rsbac_printk("%lu RC, ",
09019 tmp_count);
09020 nettemp_sum += tmp_count;
09021 #endif
09022 rsbac_printk("\n");
09023 rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n",
09024 nettemp_sum);
09025 total_sum += nettemp_sum;
09026
09027
09028 rsbac_printk(KERN_INFO "Local NETOBJ items:");
09029 #if defined(CONFIG_RSBAC_MAC)
09030 tmp_count = rsbac_list_count(lnetobj_handles.mac);
09031 rsbac_printk(" %lu MAC,",
09032 tmp_count);
09033 lnetobj_sum += tmp_count;
09034 #endif
09035 #if defined(CONFIG_RSBAC_PM)
09036 tmp_count = rsbac_list_count(lnetobj_handles.pm);
09037 rsbac_printk(" %lu PM,",
09038 tmp_count);
09039 lnetobj_sum += tmp_count;
09040 #endif
09041 #if defined(CONFIG_RSBAC_RC)
09042 tmp_count = rsbac_list_count(lnetobj_handles.rc);
09043 rsbac_printk(" %lu RC",
09044 tmp_count);
09045 lnetobj_sum += tmp_count;
09046 #endif
09047 rsbac_printk("\n");
09048 rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n",
09049 lnetobj_sum);
09050 total_sum += lnetobj_sum;
09051
09052
09053 rsbac_printk(KERN_INFO "Remote NETOBJ items:");
09054 #if defined(CONFIG_RSBAC_MAC)
09055 tmp_count = rsbac_list_count(rnetobj_handles.mac);
09056 rsbac_printk(" %lu MAC,",
09057 tmp_count);
09058 rnetobj_sum += tmp_count;
09059 #endif
09060 #if defined(CONFIG_RSBAC_PM)
09061 tmp_count = rsbac_list_count(rnetobj_handles.pm);
09062 rsbac_printk(" %lu PM,",
09063 tmp_count);
09064 rnetobj_sum += tmp_count;
09065 #endif
09066 #if defined(CONFIG_RSBAC_RC)
09067 tmp_count = rsbac_list_count(rnetobj_handles.rc);
09068 rsbac_printk(" %lu RC",
09069 tmp_count);
09070 rnetobj_sum += tmp_count;
09071 #endif
09072 rsbac_printk("\n");
09073 rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n",
09074 rnetobj_sum);
09075 total_sum += rnetobj_sum;
09076 #endif
09077
09078 rsbac_printk(KERN_INFO
09079 "Total of %lu registered rsbac-items\n",
09080 total_sum);
09081
09082 rsbac_printk(KERN_INFO
09083 "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
09084 rsbac_adf_request_count[T_FILE],
09085 rsbac_adf_request_count[T_DIR],
09086 rsbac_adf_request_count[T_FIFO],
09087 rsbac_adf_request_count[T_SYMLINK],
09088 rsbac_adf_request_count[T_DEV],
09089 rsbac_adf_request_count[T_IPC],
09090 rsbac_adf_request_count[T_SCD],
09091 rsbac_adf_request_count[T_USER],
09092 rsbac_adf_request_count[T_PROCESS],
09093 rsbac_adf_request_count[T_NETDEV],
09094 rsbac_adf_request_count[T_NETTEMP],
09095 rsbac_adf_request_count[T_NETOBJ]);
09096 rsbac_printk(KERN_INFO
09097 "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
09098 rsbac_adf_set_attr_count[T_FILE],
09099 rsbac_adf_set_attr_count[T_DIR],
09100 rsbac_adf_set_attr_count[T_FIFO],
09101 rsbac_adf_set_attr_count[T_SYMLINK],
09102 rsbac_adf_set_attr_count[T_DEV],
09103 rsbac_adf_set_attr_count[T_IPC],
09104 rsbac_adf_set_attr_count[T_SCD],
09105 rsbac_adf_set_attr_count[T_USER],
09106 rsbac_adf_set_attr_count[T_PROCESS],
09107 rsbac_adf_set_attr_count[T_NETDEV],
09108 rsbac_adf_set_attr_count[T_NETTEMP],
09109 rsbac_adf_set_attr_count[T_NETOBJ]);
09110
09111 #if defined(CONFIG_RSBAC_PM)
09112 rsbac_stats_pm();
09113 #endif
09114 #if defined(CONFIG_RSBAC_RC)
09115 rsbac_stats_rc();
09116 #endif
09117 #if defined(CONFIG_RSBAC_AUTH)
09118 rsbac_stats_auth();
09119 #endif
09120 #if defined(CONFIG_RSBAC_ACL)
09121 rsbac_stats_acl();
09122 #endif
09123 return(0);
09124 }
09125
09126
09127
09128 int rsbac_check_inode(struct super_block * sb_p, rsbac_inode_nr_t inode)
09129 {
09130 struct inode * inode_p;
09131 int err = 0;
09132
09133 if(!sb_p)
09134 return -RSBAC_EINVALIDPOINTER;
09135 if(!inode)
09136 return -RSBAC_EINVALIDVALUE;
09137 if(!MAJOR(sb_p->s_dev))
09138 return 0;
09139
09140 if(sb_p->s_magic != EXT2_SUPER_MAGIC)
09141 return 0;
09142
09143 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09144 if(sb_p->s_op && sb_p->s_op->read_inode2)
09145 return 0;
09146 #endif
09147 inode_p = iget(sb_p, inode);
09148 if(is_bad_inode(inode_p))
09149 {
09150 return -RSBAC_ENOTFOUND;
09151 }
09152 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09153
09154 if(sb_p->s_magic == EXT2_SUPER_MAGIC)
09155 {
09156 if(inode_p->u.ext2_i.i_dtime)
09157 {
09158 err = -RSBAC_ENOTFOUND;
09159 }
09160 else
09161 {
09162 if(inode_p->i_nlink <= 0)
09163 {
09164 rsbac_printk(KERN_WARNING
09165 "rsbac_check_inode(): inode %u with nlink <= 0 on device %02u:%02u detected!\n",
09166 inode, RSBAC_MAJOR(sb_p->s_dev), RSBAC_MINOR(sb_p->s_dev));
09167 err = -RSBAC_ENOTFOUND;
09168 }
09169 }
09170 }
09171 #endif
09172 iput(inode_p);
09173 return err;
09174 }
09175
09176
09177
09178
09179
09180 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09181 int rsbac_check(int correct, int check_inode)
09182 {
09183 struct rsbac_device_list_item_t * device_p;
09184 int i;
09185 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
09186 int list_no;
09187 long desc_count;
09188 u_long fd_count = 0, fd_sum = 0, tmp_count,
09189 b_count, def_count;
09190 u_long dflags;
09191 rsbac_inode_nr_t * fd_desc_p;
09192
09193 if (!rsbac_initialized)
09194 {
09195 rsbac_printk(KERN_WARNING "rsbac_check(): RSBAC not initialized\n");
09196 return(-RSBAC_ENOTINITIALIZED);
09197 }
09198 if (!tmp)
09199 {
09200 return(-RSBAC_ENOMEM);
09201 }
09202 {
09203
09204 rsbac_read_lock(&device_list_head.lock, &dflags);
09205
09206 device_p = device_list_head.head;
09207 while (device_p)
09208 {
09209 fd_count = 0;
09210 b_count = 0;
09211 def_count = 0;
09212 if(check_inode)
09213 {
09214 if(!device_p->sb_p)
09215 {
09216 rsbac_printk(KERN_WARNING "rsbac_check(): no super block for device %02u:%02u!\n",
09217 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
09218 }
09219 }
09220
09221
09222 for(list_no = 0; list_no < RSBAC_GEN_NR_FD_LISTS; list_no++)
09223 {
09224
09225
09226 tmp_count = 0;
09227 desc_count = rsbac_list_get_all_desc(device_p->handles.gen[list_no], (void **) &fd_desc_p);
09228 if(desc_count > 0)
09229 {
09230 for(i=0; i<desc_count; i++)
09231 {
09232
09233 if(check_inode && device_p->sb_p)
09234 {
09235 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]) == -RSBAC_ENOTFOUND)
09236 {
09237 b_count++;
09238 if(correct)
09239 {
09240 rsbac_printk(KERN_INFO
09241 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09242 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09243 rsbac_list_remove(device_p->handles.gen[list_no], &fd_desc_p[i]);
09244 continue;
09245 }
09246 else
09247 {
09248 rsbac_printk(KERN_INFO
09249 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09250 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09251 }
09252 }
09253 }
09254 }
09255
09256 tmp_count++;
09257 rsbac_vfree(fd_desc_p);
09258 fd_count += desc_count;
09259 }
09260 }
09261
09262 #if defined(CONFIG_RSBAC_MAC)
09263
09264 for(list_no = 0; list_no < RSBAC_MAC_NR_FD_LISTS; list_no++)
09265 {
09266
09267
09268 tmp_count = 0;
09269 desc_count = rsbac_list_get_all_desc(device_p->handles.mac[list_no], (void **) &fd_desc_p);
09270 if(desc_count > 0)
09271 {
09272 for(i=0; i<desc_count; i++)
09273 {
09274
09275 if(check_inode && device_p->sb_p)
09276 {
09277 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]) == -RSBAC_ENOTFOUND)
09278 {
09279 b_count++;
09280 if(correct)
09281 {
09282 rsbac_printk(KERN_INFO
09283 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09284 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09285 rsbac_list_remove(device_p->handles.mac[list_no], &fd_desc_p[i]);
09286 continue;
09287 }
09288 else
09289 {
09290 rsbac_printk(KERN_INFO
09291 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09292 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09293 }
09294 }
09295 }
09296 }
09297 tmp_count++;
09298 rsbac_vfree(fd_desc_p);
09299 fd_count += desc_count;
09300 }
09301 }
09302 #endif
09303
09304 #if defined(CONFIG_RSBAC_PM)
09305
09306 for(list_no = 0; list_no < RSBAC_PM_NR_FD_LISTS; list_no++)
09307 {
09308
09309
09310 tmp_count = 0;
09311 desc_count = rsbac_list_get_all_desc(device_p->handles.pm[list_no], (void **) &fd_desc_p);
09312 if(desc_count > 0)
09313 {
09314 for(i=0; i<desc_count; i++)
09315 {
09316
09317 if(check_inode && device_p->sb_p)
09318 {
09319 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09320 {
09321 b_count++;
09322 if(correct)
09323 {
09324 rsbac_printk(KERN_INFO
09325 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09326 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09327 rsbac_list_remove(device_p->handles.pm[list_no], &fd_desc_p[i]);
09328 continue;
09329 }
09330 else
09331 {
09332 rsbac_printk(KERN_INFO
09333 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09334 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09335 }
09336 }
09337 }
09338 }
09339 tmp_count++;
09340 rsbac_vfree(fd_desc_p);
09341 fd_count += desc_count;
09342 }
09343 }
09344 #endif
09345
09346 #if defined(CONFIG_RSBAC_DAZ)
09347
09348 for(list_no = 0; list_no < RSBAC_DAZ_NR_FD_LISTS; list_no++)
09349 {
09350
09351
09352 tmp_count = 0;
09353 desc_count = rsbac_list_get_all_desc(device_p->handles.daz[list_no], (void **) &fd_desc_p);
09354 if(desc_count > 0)
09355 {
09356 for(i=0; i<desc_count; i++)
09357 {
09358
09359 if(check_inode && device_p->sb_p)
09360 {
09361 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09362 {
09363 b_count++;
09364 if(correct)
09365 {
09366 rsbac_printk(KERN_INFO
09367 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09368 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09369 rsbac_list_remove(device_p->handles.daz[list_no], &fd_desc_p[i]);
09370 continue;
09371 }
09372 else
09373 {
09374 rsbac_printk(KERN_INFO
09375 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09376 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09377 }
09378 }
09379 }
09380 }
09381 tmp_count++;
09382 rsbac_vfree(fd_desc_p);
09383 fd_count += desc_count;
09384 }
09385 }
09386 #if defined(CONFIG_RSBAC_DAZ_CACHE)
09387
09388 for(list_no = 0; list_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; list_no++)
09389 {
09390
09391
09392 tmp_count = 0;
09393 desc_count = rsbac_list_get_all_desc(device_p->handles.dazs[list_no], (void **) &fd_desc_p);
09394 if(desc_count > 0)
09395 {
09396 for(i=0; i<desc_count; i++)
09397 {
09398
09399 if(check_inode && device_p->sb_p)
09400 {
09401 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09402 {
09403 b_count++;
09404 if(correct)
09405 {
09406 rsbac_printk(KERN_INFO
09407 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09408 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09409 rsbac_list_remove(device_p->handles.daz[list_no], &fd_desc_p[i]);
09410 continue;
09411 }
09412 else
09413 {
09414 rsbac_printk(KERN_INFO
09415 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09416 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09417 }
09418 }
09419 }
09420 }
09421 tmp_count++;
09422 rsbac_vfree(fd_desc_p);
09423 fd_count += desc_count;
09424 }
09425 }
09426 #endif
09427 #endif
09428
09429 #if defined(CONFIG_RSBAC_FF)
09430
09431 for(list_no = 0; list_no < RSBAC_FF_NR_FD_LISTS; list_no++)
09432 {
09433
09434
09435 tmp_count = 0;
09436 desc_count = rsbac_list_get_all_desc(device_p->handles.ff[list_no], (void **) &fd_desc_p);
09437 if(desc_count > 0)
09438 {
09439 for(i=0; i<desc_count; i++)
09440 {
09441
09442 if(check_inode && device_p->sb_p)
09443 {
09444 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09445 {
09446 b_count++;
09447 if(correct)
09448 {
09449 rsbac_printk(KERN_INFO
09450 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09451 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09452 rsbac_list_remove(device_p->handles.ff[list_no], &fd_desc_p[i]);
09453 continue;
09454 }
09455 else
09456 {
09457 rsbac_printk(KERN_INFO
09458 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09459 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09460 }
09461 }
09462 }
09463 }
09464 tmp_count++;
09465 rsbac_vfree(fd_desc_p);
09466 fd_count += desc_count;
09467 }
09468 }
09469 #endif
09470
09471 #if defined(CONFIG_RSBAC_RC)
09472
09473 for(list_no = 0; list_no < RSBAC_RC_NR_FD_LISTS; list_no++)
09474 {
09475
09476
09477 tmp_count = 0;
09478 desc_count = rsbac_list_get_all_desc(device_p->handles.rc[list_no], (void **) &fd_desc_p);
09479 if(desc_count > 0)
09480 {
09481 for(i=0; i<desc_count; i++)
09482 {
09483
09484 if(check_inode && device_p->sb_p)
09485 {
09486 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09487 {
09488 b_count++;
09489 if(correct)
09490 {
09491 rsbac_printk(KERN_INFO
09492 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09493 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09494 rsbac_list_remove(device_p->handles.rc[list_no], &fd_desc_p[i]);
09495 continue;
09496 }
09497 else
09498 {
09499 rsbac_printk(KERN_INFO
09500 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09501 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09502 }
09503 }
09504 }
09505 }
09506 tmp_count++;
09507 rsbac_vfree(fd_desc_p);
09508 fd_count += desc_count;
09509 }
09510 }
09511 #endif
09512
09513 #if defined(CONFIG_RSBAC_AUTH)
09514
09515 for(list_no = 0; list_no < RSBAC_AUTH_NR_FD_LISTS; list_no++)
09516 {
09517
09518
09519 tmp_count = 0;
09520 desc_count = rsbac_list_get_all_desc(device_p->handles.auth[list_no], (void **) &fd_desc_p);
09521 if(desc_count > 0)
09522 {
09523 for(i=0; i<desc_count; i++)
09524 {
09525
09526 if(check_inode && device_p->sb_p)
09527 {
09528 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09529 {
09530 b_count++;
09531 if(correct)
09532 {
09533 rsbac_printk(KERN_INFO
09534 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09535 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09536 rsbac_list_remove(device_p->handles.auth[list_no], &fd_desc_p[i]);
09537 continue;
09538 }
09539 else
09540 {
09541 rsbac_printk(KERN_INFO
09542 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09543 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09544 }
09545 }
09546 }
09547 }
09548 tmp_count++;
09549 rsbac_vfree(fd_desc_p);
09550 fd_count += desc_count;
09551 }
09552 }
09553 #endif
09554
09555 #if defined(CONFIG_RSBAC_CAP)
09556
09557 for(list_no = 0; list_no < RSBAC_CAP_NR_FD_LISTS; list_no++)
09558 {
09559
09560
09561 tmp_count = 0;
09562 desc_count = rsbac_list_get_all_desc(device_p->handles.cap[list_no], (void **) &fd_desc_p);
09563 if(desc_count > 0)
09564 {
09565 for(i=0; i<desc_count; i++)
09566 {
09567
09568 if(check_inode && device_p->sb_p)
09569 {
09570 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09571 {
09572 b_count++;
09573 if(correct)
09574 {
09575 rsbac_printk(KERN_INFO
09576 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09577 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09578 rsbac_list_remove(device_p->handles.cap[list_no], &fd_desc_p[i]);
09579 continue;
09580 }
09581 else
09582 {
09583 rsbac_printk(KERN_INFO
09584 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09585 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09586 }
09587 }
09588 }
09589 }
09590 tmp_count++;
09591 rsbac_vfree(fd_desc_p);
09592 fd_count += desc_count;
09593 }
09594 }
09595 #endif
09596 #if defined(CONFIG_RSBAC_RES)
09597
09598 for(list_no = 0; list_no < RSBAC_RES_NR_FD_LISTS; list_no++)
09599 {
09600
09601
09602 tmp_count = 0;
09603 desc_count = rsbac_list_get_all_desc(device_p->handles.res[list_no], (void **) &fd_desc_p);
09604 if(desc_count > 0)
09605 {
09606 for(i=0; i<desc_count; i++)
09607 {
09608
09609 if(check_inode && device_p->sb_p)
09610 {
09611 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09612 {
09613 b_count++;
09614 if(correct)
09615 {
09616 rsbac_printk(KERN_INFO
09617 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09618 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09619 rsbac_list_remove(device_p->handles.res[list_no], &fd_desc_p[i]);
09620 continue;
09621 }
09622 else
09623 {
09624 rsbac_printk(KERN_INFO
09625 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09626 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09627 }
09628 }
09629 }
09630 }
09631 tmp_count++;
09632 rsbac_vfree(fd_desc_p);
09633 fd_count += desc_count;
09634 }
09635 }
09636 #endif
09637 #if defined(CONFIG_RSBAC_PAX)
09638
09639 for(list_no = 0; list_no < RSBAC_PAX_NR_FD_LISTS; list_no++)
09640 {
09641
09642
09643 tmp_count = 0;
09644 desc_count = rsbac_list_get_all_desc(device_p->handles.pax[list_no], (void **) &fd_desc_p);
09645 if(desc_count > 0)
09646 {
09647 for(i=0; i<desc_count; i++)
09648 {
09649
09650 if(check_inode && device_p->sb_p)
09651 {
09652 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09653 {
09654 b_count++;
09655 if(correct)
09656 {
09657 rsbac_printk(KERN_INFO
09658 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09659 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09660 rsbac_list_remove(device_p->handles.pax[list_no], &fd_desc_p[i]);
09661 continue;
09662 }
09663 else
09664 {
09665 rsbac_printk(KERN_INFO
09666 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09667 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09668 }
09669 }
09670 }
09671 }
09672 tmp_count++;
09673 rsbac_vfree(fd_desc_p);
09674 fd_count += desc_count;
09675 }
09676 }
09677 #endif
09678
09679 switch(correct)
09680 {
09681 case 2:
09682 rsbac_printk(KERN_INFO
09683 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
09684 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
09685 b_count);
09686 break;
09687 case 1:
09688 rsbac_printk(KERN_INFO
09689 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
09690 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
09691 b_count);
09692 break;
09693 default:
09694 rsbac_printk(KERN_INFO
09695 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu with bad inodes)\n",
09696 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
09697 b_count);
09698 }
09699 fd_sum += fd_count;
09700
09701 device_p = device_p->next;
09702 }
09703 rsbac_printk(KERN_INFO "rsbac_check(): Sum of %u Devices with %lu fd-items\n",
09704 device_list_head.count, fd_sum);
09705
09706 rsbac_read_unlock(&device_list_head.lock, &dflags);
09707 }
09708 rsbac_kfree(tmp);
09709 return(0);
09710 }
09711 #endif
09712
09713
09714
09715
09716
09717
09718 #if defined(CONFIG_RSBAC_AUTO_WRITE)
09719 int rsbac_write(rsbac_boolean_t need_lock)
09720 {
09721 int err=0;
09722 u_int count = 0;
09723 int subcount;
09724
09725 if (!rsbac_initialized)
09726 {
09727 rsbac_printk(KERN_WARNING "rsbac_write(): RSBAC not initialized\n");
09728 return(-RSBAC_ENOTINITIALIZED);
09729 }
09730 if(rsbac_debug_no_write)
09731 return 0;
09732
09733 subcount = rsbac_write_lists(need_lock);
09734 if(subcount > 0)
09735 {
09736 count += subcount;
09737 }
09738 else
09739 if(subcount < 0)
09740 {
09741 err = subcount;
09742 if(err != -RSBAC_ENOTWRITABLE)
09743 {
09744 rsbac_printk(KERN_WARNING
09745 "rsbac_write(): rsbac_write_lists() returned error %i\n",
09746 err);
09747 }
09748 }
09749
09750
09751 #if defined(CONFIG_RSBAC_REG)
09752 subcount = rsbac_write_reg(need_lock);
09753 if(subcount > 0)
09754 {
09755 count += subcount;
09756 }
09757 else
09758 if(subcount < 0)
09759 {
09760 err = subcount;
09761 if(err != -RSBAC_ENOTWRITABLE)
09762 {
09763 rsbac_printk(KERN_WARNING
09764 "rsbac_write(): rsbac_write_reg() returned error %i\n",
09765 err);
09766 }
09767 }
09768 #endif
09769
09770 #ifdef CONFIG_RSBAC_DEBUG
09771 if(rsbac_debug_write && count > 0)
09772 {
09773 rsbac_printk(KERN_DEBUG "rsbac_write(): total of %u lists written\n",
09774 count);
09775 }
09776 #endif
09777 return(count);
09778 }
09779 #endif
09780
09781
09782
09783
09784
09785
09786
09787
09788
09789
09790
09791
09792
09793
09794
09795
09796
09797
09798
09799
09800
09801
09802 #if defined(CONFIG_RSBAC_REG)
09803 EXPORT_SYMBOL(rsbac_get_parent);
09804 #endif
09805 int rsbac_get_parent(enum rsbac_target_t target,
09806 union rsbac_target_id_t tid,
09807 enum rsbac_target_t * parent_target_p,
09808 union rsbac_target_id_t * parent_tid_p)
09809 {
09810 if(!parent_target_p || !parent_tid_p)
09811 return -RSBAC_EINVALIDPOINTER;
09812
09813
09814
09815
09816
09817
09818
09819
09820
09821
09822 switch(target)
09823 {
09824 case T_FILE:
09825 case T_DIR:
09826 case T_FIFO:
09827 case T_SYMLINK:
09828 break;
09829 default:
09830 return -RSBAC_EINVALIDTARGET;
09831 }
09832
09833 if(!tid.file.dentry_p)
09834 return -RSBAC_ENOTFOUND;
09835
09836 *parent_target_p = T_DIR;
09837
09838 if( tid.file.dentry_p->d_sb
09839 && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p)
09840 )
09841 {
09842 struct rsbac_device_list_item_t * device_p;
09843 u_long dflags;
09844
09845
09846 rsbac_read_lock(&device_list_head.lock, &dflags);
09847
09848 device_p = lookup_device(tid.file.device);
09849 if( !device_p
09850 || !device_p->d_covers
09851 || !device_p->d_covers->d_parent
09852 || !device_p->d_covers->d_parent->d_inode
09853 )
09854 {
09855
09856 rsbac_read_unlock(&device_list_head.lock, &dflags);
09857 return -RSBAC_ENOTFOUND;
09858 }
09859 parent_tid_p->dir.device = device_p->d_covers->d_parent->d_sb->s_dev;
09860 parent_tid_p->dir.inode = device_p->d_covers->d_parent->d_inode->i_ino;
09861 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent;
09862
09863 rsbac_read_unlock(&device_list_head.lock, &dflags);
09864 }
09865 else
09866 {
09867 if(!tid.file.dentry_p->d_parent)
09868 {
09869 rsbac_printk(KERN_WARNING
09870 "rsbac_get_parent(): oops - d_parent is NULL!\n");
09871 return -RSBAC_ENOTFOUND;
09872 }
09873 if(tid.file.dentry_p == tid.file.dentry_p->d_parent)
09874 {
09875 rsbac_printk(KERN_WARNING
09876 "rsbac_get_parent(): oops - d_parent == dentry_p!\n");
09877 return -RSBAC_ENOTFOUND;
09878 }
09879 if(!tid.file.dentry_p->d_parent->d_inode)
09880 {
09881 rsbac_printk(KERN_WARNING
09882 "rsbac_get_parent(): oops - d_parent has no d_inode!\n");
09883 return -RSBAC_ENOTFOUND;
09884 }
09885 parent_tid_p->dir.device = tid.file.device;
09886 parent_tid_p->dir.inode = tid.file.dentry_p->d_parent->d_inode->i_ino;
09887 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent;
09888 }
09889 return 0;
09890 }
09891
09892 static int get_attr_fd(
09893 rsbac_list_ta_number_t ta_number,
09894 enum rsbac_switch_target_t module,
09895 enum rsbac_target_t target,
09896 union rsbac_target_id_t * tid_p,
09897 enum rsbac_attribute_t attr,
09898 union rsbac_attribute_value_t * value,
09899 rsbac_boolean_t inherit)
09900 {
09901 int err = 0;
09902 struct rsbac_device_list_item_t * device_p;
09903 u_long dflags;
09904 #if defined(CONFIG_RSBAC_FF)
09905 rsbac_ff_flags_t ff_flags = 0;
09906 rsbac_ff_flags_t ff_tmp_flags;
09907 rsbac_ff_flags_t ff_mask = -1;
09908 #endif
09909
09910 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09911 if( !RSBAC_MAJOR(tid_p->file.device)
09912 && !RSBAC_MINOR(tid_p->file.device)
09913 )
09914 return -RSBAC_EINVALIDDEV;
09915 #endif
09916
09917 for(;;)
09918 {
09919
09920
09921
09922
09923
09924
09925
09926
09927 rsbac_read_lock(&device_list_head.lock, &dflags);
09928
09929
09930
09931
09932
09933
09934
09935
09936
09937
09938 device_p = lookup_device(tid_p->file.device);
09939 if (!device_p)
09940 {
09941 struct super_block * sb_p;
09942
09943 rsbac_read_unlock(&device_list_head.lock, &dflags);
09944 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
09945 sb_p = user_get_super(tid_p->file.device);
09946 #else
09947 sb_p = get_super(tid_p->file.device);
09948 #endif
09949 if(sb_p)
09950 {
09951 rsbac_printk(KERN_INFO
09952 "rsbac_get_attr(): auto-mounting device %02u:%02u\n",
09953 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
09954 rsbac_mount(sb_p, NULL);
09955
09956 drop_super(sb_p);
09957 rsbac_read_lock(&device_list_head.lock, &dflags);
09958 device_p = lookup_device(tid_p->file.device);
09959 if (!device_p)
09960 {
09961 rsbac_printk(KERN_WARNING
09962 "rsbac_get_attr(): unknown device %02u:%02u\n",
09963 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
09964 rsbac_read_unlock(&device_list_head.lock, &dflags);
09965 return -RSBAC_EINVALIDDEV;
09966 }
09967 }
09968 else
09969 return -RSBAC_EINVALIDDEV;
09970 }
09971 switch(module)
09972 {
09973 case GEN:
09974 {
09975 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI;
09976
09977 if(attr == A_internal)
09978 {
09979 if(!device_p->rsbac_dir_inode || !tid_p->file.inode)
09980 value->internal = FALSE;
09981 else
09982 if(device_p->rsbac_dir_inode == tid_p->file.inode)
09983 value->internal = TRUE;
09984 else
09985 if(inherit)
09986 {
09987 enum rsbac_target_t parent_target;
09988 union rsbac_target_id_t parent_tid;
09989
09990
09991 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
09992 {
09993 if(device_p->rsbac_dir_inode == parent_tid.file.inode)
09994 value->internal = TRUE;
09995 else
09996 value->internal = FALSE;
09997 }
09998 else
09999 {
10000 value->internal = FALSE;
10001 }
10002 }
10003 else
10004 {
10005 value->internal = FALSE;
10006 }
10007
10008
10009 rsbac_read_unlock(&device_list_head.lock, &dflags);
10010 return 0;
10011 }
10012 rsbac_ta_list_get_data_ttl(ta_number,
10013 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
10014 NULL,
10015 &tid_p->file.inode,
10016 &aci);
10017 switch (attr)
10018 {
10019 case A_log_array_low:
10020 value->log_array_low = aci.log_array_low;
10021 break;
10022 case A_log_array_high:
10023 value->log_array_high = aci.log_array_high;
10024 break;
10025 case A_log_program_based:
10026 value->log_program_based = aci.log_program_based;
10027 break;
10028 case A_symlink_add_remote_ip:
10029 value->symlink_add_remote_ip = aci.symlink_add_remote_ip;
10030 break;
10031 case A_symlink_add_uid:
10032 value->symlink_add_uid = aci.symlink_add_uid;
10033 break;
10034 case A_symlink_add_mac_level:
10035 value->symlink_add_mac_level = aci.symlink_add_mac_level;
10036 break;
10037 case A_symlink_add_rc_role:
10038 value->symlink_add_rc_role = aci.symlink_add_rc_role;
10039 break;
10040 case A_linux_dac_disable:
10041 value->linux_dac_disable = aci.linux_dac_disable;
10042 if((value->linux_dac_disable == LDD_inherit) && inherit)
10043 {
10044 enum rsbac_target_t parent_target;
10045 union rsbac_target_id_t parent_tid;
10046
10047
10048 rsbac_read_unlock(&device_list_head.lock, &dflags);
10049
10050
10051 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10052 {
10053 target = parent_target;
10054 *tid_p = parent_tid;
10055 continue;
10056 }
10057 else
10058 {
10059 value->linux_dac_disable
10060 = def_gen_root_dir_aci.linux_dac_disable;
10061 return 0;
10062 }
10063 }
10064 break;
10065 case A_fake_root_uid:
10066 value->fake_root_uid = aci.fake_root_uid;
10067 break;
10068 case A_auid_exempt:
10069 value->auid_exempt = aci.auid_exempt;
10070 break;
10071 default:
10072 err = -RSBAC_EINVALIDATTR;
10073 }
10074 }
10075 break;
10076
10077 #if defined(CONFIG_RSBAC_MAC)
10078 case MAC:
10079 {
10080 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
10081
10082 rsbac_ta_list_get_data_ttl(ta_number,
10083 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
10084 NULL,
10085 &tid_p->file.inode,
10086 &aci);
10087 switch (attr)
10088 {
10089 case A_security_level:
10090 value->security_level = aci.sec_level;
10091 if((value->security_level == SL_inherit) && inherit)
10092 {
10093 enum rsbac_target_t parent_target;
10094 union rsbac_target_id_t parent_tid;
10095
10096
10097 rsbac_read_unlock(&device_list_head.lock, &dflags);
10098
10099
10100 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10101 {
10102 target = parent_target;
10103 *tid_p = parent_tid;
10104 continue;
10105 }
10106 else
10107 {
10108 value->security_level
10109 = def_mac_root_dir_aci.sec_level;
10110 return 0;
10111 }
10112 }
10113 break;
10114 case A_mac_categories:
10115 value->mac_categories = aci.mac_categories;
10116 if( (value->mac_categories == RSBAC_MAC_INHERIT_CAT_VECTOR)
10117 && inherit
10118 )
10119 {
10120 enum rsbac_target_t parent_target;
10121 union rsbac_target_id_t parent_tid;
10122
10123
10124 rsbac_read_unlock(&device_list_head.lock, &dflags);
10125
10126
10127 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10128 {
10129 target = parent_target;
10130 *tid_p = parent_tid;
10131 continue;
10132 }
10133 else
10134 {
10135 value->mac_categories
10136 = def_mac_root_dir_aci.mac_categories;
10137 return 0;
10138 }
10139 }
10140 break;
10141 case A_mac_auto:
10142 value->mac_auto = aci.mac_auto;
10143 if( (value->mac_auto == MA_inherit)
10144 && inherit
10145 )
10146 {
10147 enum rsbac_target_t parent_target;
10148 union rsbac_target_id_t parent_tid;
10149
10150
10151 rsbac_read_unlock(&device_list_head.lock, &dflags);
10152
10153
10154 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10155 {
10156 target = parent_target;
10157 *tid_p = parent_tid;
10158 continue;
10159 }
10160 else
10161 {
10162 value->mac_auto
10163 = def_mac_root_dir_aci.mac_auto;
10164 return 0;
10165 }
10166 }
10167 break;
10168 case A_mac_prop_trusted:
10169 value->mac_prop_trusted = aci.mac_prop_trusted;
10170 break;
10171 case A_mac_file_flags:
10172 value->mac_file_flags = aci.mac_file_flags;
10173 break;
10174
10175 default:
10176 err = -RSBAC_EINVALIDATTR;
10177 }
10178 }
10179 break;
10180 #endif
10181
10182 #if defined(CONFIG_RSBAC_PM)
10183 case PM:
10184 {
10185 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
10186
10187 rsbac_ta_list_get_data_ttl(ta_number,
10188 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
10189 NULL,
10190 &tid_p->file.inode,
10191 &aci);
10192 switch (attr)
10193 {
10194 case A_pm_object_class:
10195 value->pm_object_class = aci.pm_object_class;
10196 break;
10197 case A_pm_tp:
10198 value->pm_tp = aci.pm_tp;
10199 break;
10200 case A_pm_object_type:
10201 value->pm_object_type = aci.pm_object_type;
10202 break;
10203 default:
10204 err = -RSBAC_EINVALIDATTR;
10205 }
10206 }
10207 break;
10208 #endif
10209
10210 #if defined(CONFIG_RSBAC_DAZ)
10211 case DAZ:
10212 {
10213 #if defined(CONFIG_RSBAC_DAZ_CACHE)
10214 if(attr == A_daz_scanned)
10215 {
10216 err = rsbac_ta_list_get_data_ttl(ta_number,
10217 device_p->handles.dazs[daz_scanned_fd_hash(tid_p->file.inode)],
10218 NULL,
10219 &tid_p->file.inode,
10220 &value->daz_scanned);
10221 }
10222 else
10223 #endif
10224 {
10225 struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI;
10226
10227 rsbac_ta_list_get_data_ttl(ta_number,
10228 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
10229 NULL,
10230 &tid_p->file.inode,
10231 &aci);
10232 switch (attr)
10233 {
10234 case A_daz_scanner:
10235 value->daz_scanner = aci.daz_scanner;
10236 break;
10237 default:
10238 err = -RSBAC_EINVALIDATTR;
10239 }
10240 }
10241 }
10242 break;
10243 #endif
10244
10245 #if defined(CONFIG_RSBAC_FF)
10246 case FF:
10247 {
10248 switch (attr)
10249 {
10250 case A_ff_flags:
10251 ff_tmp_flags = RSBAC_FF_DEF;
10252 rsbac_ta_list_get_data_ttl(ta_number,
10253 device_p->handles.ff[ff_fd_hash(tid_p->file.inode)],
10254 NULL,
10255 &tid_p->file.inode,
10256 &ff_tmp_flags);
10257 ff_flags |= ff_tmp_flags & ff_mask;
10258 value->ff_flags = ff_flags;
10259 if((ff_tmp_flags & FF_add_inherited) && inherit)
10260 {
10261
10262 if(!rsbac_get_parent(target, *tid_p, &target, tid_p))
10263 {
10264
10265 rsbac_read_unlock(&device_list_head.lock, &dflags);
10266
10267 ff_mask &= ~(FF_no_delete_or_rename | FF_add_inherited);
10268 ff_flags &= ~(FF_add_inherited);
10269 continue;
10270 }
10271 else
10272 value->ff_flags &= ~(FF_add_inherited);
10273 }
10274 break;
10275
10276 default:
10277 err = -RSBAC_EINVALIDATTR;
10278 }
10279 }
10280 break;
10281 #endif
10282
10283 #if defined(CONFIG_RSBAC_RC)
10284 case RC:
10285 {
10286 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
10287
10288 rsbac_ta_list_get_data_ttl(ta_number,
10289 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
10290 NULL,
10291 &tid_p->file.inode,
10292 &aci);
10293 switch (attr)
10294 {
10295 case A_rc_type_fd:
10296 value->rc_type_fd = aci.rc_type_fd;
10297 if(value->rc_type_fd == RC_type_inherit_parent && inherit)
10298 {
10299 enum rsbac_target_t parent_target;
10300 union rsbac_target_id_t parent_tid;
10301
10302
10303 rsbac_read_unlock(&device_list_head.lock, &dflags);
10304
10305
10306 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10307 {
10308 target = parent_target;
10309 *tid_p = parent_tid;
10310 continue;
10311 }
10312 else
10313 {
10314 value->rc_type_fd
10315 = def_rc_root_dir_aci.rc_type_fd;
10316 return 0;
10317 }
10318 }
10319 break;
10320 case A_rc_force_role:
10321 value->rc_force_role = aci.rc_force_role;
10322 if(value->rc_force_role == RC_role_inherit_parent && inherit)
10323 {
10324 enum rsbac_target_t parent_target;
10325 union rsbac_target_id_t parent_tid;
10326
10327
10328 rsbac_read_unlock(&device_list_head.lock, &dflags);
10329
10330
10331 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10332 {
10333 target = parent_target;
10334 *tid_p = parent_tid;
10335 continue;
10336 }
10337 else
10338 {
10339 value->rc_force_role
10340 = def_rc_root_dir_aci.rc_force_role;
10341 return 0;
10342 }
10343 }
10344 break;
10345 case A_rc_initial_role:
10346 value->rc_initial_role = aci.rc_initial_role;
10347 if(value->rc_initial_role == RC_role_inherit_parent && inherit)
10348 {
10349 enum rsbac_target_t parent_target;
10350 union rsbac_target_id_t parent_tid;
10351
10352
10353 rsbac_read_unlock(&device_list_head.lock, &dflags);
10354
10355
10356 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10357 {
10358 target = parent_target;
10359 *tid_p = parent_tid;
10360 continue;
10361 }
10362 else
10363 {
10364 value->rc_initial_role
10365 = def_rc_root_dir_aci.rc_initial_role;
10366 return 0;
10367 }
10368 }
10369 break;
10370
10371 default:
10372 err = -RSBAC_EINVALIDATTR;
10373 }
10374 }
10375 break;
10376 #endif
10377
10378 #if defined(CONFIG_RSBAC_AUTH)
10379 case AUTH:
10380 {
10381 struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI;
10382
10383 rsbac_ta_list_get_data_ttl(ta_number,
10384 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
10385 NULL,
10386 &tid_p->file.inode,
10387 &aci);
10388 switch (attr)
10389 {
10390 case A_auth_may_setuid:
10391 value->auth_may_setuid = aci.auth_may_setuid;
10392 break;
10393 case A_auth_may_set_cap:
10394 value->auth_may_set_cap = aci.auth_may_set_cap;
10395 break;
10396 case A_auth_learn:
10397 value->auth_learn = aci.auth_learn;
10398 break;
10399 default:
10400 err = -RSBAC_EINVALIDATTR;
10401 }
10402 }
10403 break;
10404 #endif
10405
10406 #if defined(CONFIG_RSBAC_CAP)
10407 case CAP:
10408 {
10409 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
10410
10411 rsbac_ta_list_get_data_ttl(ta_number,
10412 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
10413 NULL,
10414 &tid_p->file.inode,
10415 &aci);
10416 switch (attr)
10417 {
10418 case A_min_caps:
10419 value->min_caps = aci.min_caps;
10420 break;
10421 case A_max_caps:
10422 value->max_caps = aci.max_caps;
10423 break;
10424 default:
10425 err = -RSBAC_EINVALIDATTR;
10426 }
10427 }
10428 break;
10429 #endif
10430
10431 #if defined(CONFIG_RSBAC_RES)
10432 case RES:
10433 {
10434 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
10435
10436 rsbac_ta_list_get_data_ttl(ta_number,
10437 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
10438 NULL,
10439 &tid_p->file.inode,
10440 &aci);
10441 switch (attr)
10442 {
10443 case A_res_min:
10444 memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min));
10445 break;
10446 case A_res_max:
10447 memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max));
10448 break;
10449 default:
10450 err = -RSBAC_EINVALIDATTR;
10451 }
10452 }
10453 break;
10454 #endif
10455
10456 #if defined(CONFIG_RSBAC_PAX)
10457 case PAX:
10458 {
10459 switch (attr)
10460 {
10461 case A_pax_flags:
10462 value->pax_flags = RSBAC_PAX_DEF_FLAGS;
10463 rsbac_ta_list_get_data_ttl(ta_number,
10464 device_p->handles.pax[pax_fd_hash(tid_p->file.inode)],
10465 NULL,
10466 &tid_p->file.inode,
10467 &value->pax_flags);
10468 break;
10469
10470 default:
10471 err = -RSBAC_EINVALIDATTR;
10472 }
10473 }
10474 break;
10475 #endif
10476
10477 default:
10478 err = -RSBAC_EINVALIDMODULE;
10479 }
10480
10481 rsbac_read_unlock(&device_list_head.lock, &dflags);
10482
10483 return err;
10484 }
10485 }
10486
10487 static int get_attr_dev(
10488 rsbac_list_ta_number_t ta_number,
10489 enum rsbac_switch_target_t module,
10490 enum rsbac_target_t target,
10491 struct rsbac_dev_desc_t dev,
10492 enum rsbac_attribute_t attr,
10493 union rsbac_attribute_value_t * value,
10494 rsbac_boolean_t inherit)
10495 {
10496 int err = 0;
10497
10498
10499
10500
10501
10502
10503
10504 switch(module)
10505 {
10506 case GEN:
10507 {
10508 struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI;
10509
10510 rsbac_ta_list_get_data_ttl(ta_number,
10511 dev_handles.gen,
10512 NULL,
10513 &dev,
10514 &aci);
10515 switch (attr)
10516 {
10517 case A_log_array_low:
10518 value->log_array_low = aci.log_array_low;
10519 break;
10520 case A_log_array_high:
10521 value->log_array_high = aci.log_array_high;
10522 break;
10523 default:
10524 err = -RSBAC_EINVALIDATTR;
10525 }
10526 }
10527 break;
10528
10529 #if defined(CONFIG_RSBAC_MAC)
10530 case MAC:
10531 {
10532 struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI;
10533
10534 rsbac_ta_list_get_data_ttl(ta_number,
10535 dev_handles.mac,
10536 NULL,
10537 &dev,
10538 &aci);
10539 switch (attr)
10540 {
10541 case A_security_level:
10542 value->security_level = aci.sec_level;
10543 break;
10544 case A_mac_categories:
10545 value->mac_categories = aci.mac_categories;
10546 break;
10547 case A_mac_check:
10548 value->mac_check = aci.mac_check;
10549 break;
10550
10551 default:
10552 err = -RSBAC_EINVALIDATTR;
10553 }
10554 }
10555 break;
10556 #endif
10557
10558 #if defined(CONFIG_RSBAC_PM)
10559 case PM:
10560 {
10561 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
10562
10563 rsbac_ta_list_get_data_ttl(ta_number,
10564 dev_handles.pm,
10565 NULL,
10566 &dev,
10567 &aci);
10568 switch (attr)
10569 {
10570 case A_pm_object_class:
10571 value->pm_object_class = aci.pm_object_class;
10572 break;
10573 case A_pm_object_type:
10574 value->pm_object_type = aci.pm_object_type;
10575 break;
10576 default:
10577 err = -RSBAC_EINVALIDATTR;
10578 }
10579 }
10580 break;
10581 #endif
10582
10583 #if defined(CONFIG_RSBAC_RC)
10584 case RC:
10585 {
10586 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10587
10588 switch(dev.type)
10589 {
10590 case D_char:
10591 case D_block:
10592 if(rsbac_ta_list_get_data_ttl(ta_number,
10593 dev_handles.rc,
10594 NULL,
10595 &dev,
10596 &type)
10597 || ( (type == RC_type_inherit_parent)
10598 && inherit
10599 )
10600 )
10601 rsbac_ta_list_get_data_ttl(ta_number,
10602 dev_major_handles.rc,
10603 NULL,
10604 &dev,
10605 &type);
10606 break;
10607 case D_char_major:
10608 case D_block_major:
10609 dev.type -= (D_block_major - D_block);
10610 rsbac_ta_list_get_data_ttl(ta_number,
10611 dev_major_handles.rc,
10612 NULL,
10613 &dev,
10614 &type);
10615 break;
10616 default:
10617 return -RSBAC_EINVALIDTARGET;
10618 }
10619 switch (attr)
10620 {
10621 case A_rc_type:
10622 value->rc_type = type;
10623 break;
10624
10625 default:
10626 err = -RSBAC_EINVALIDATTR;
10627 }
10628 }
10629 break;
10630 #endif
10631
10632 default:
10633 err = -RSBAC_EINVALIDMODULE;
10634 }
10635
10636 return err;
10637 }
10638
10639 static int get_attr_ipc(
10640 rsbac_list_ta_number_t ta_number,
10641 enum rsbac_switch_target_t module,
10642 enum rsbac_target_t target,
10643 union rsbac_target_id_t * tid_p,
10644 enum rsbac_attribute_t attr,
10645 union rsbac_attribute_value_t * value,
10646 rsbac_boolean_t inherit)
10647 {
10648 int err = 0;
10649
10650
10651
10652
10653
10654
10655
10656
10657 switch(module)
10658 {
10659 #if defined(CONFIG_RSBAC_MAC)
10660 case MAC:
10661 {
10662 struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI;
10663
10664 rsbac_ta_list_get_data_ttl(ta_number,
10665 ipc_handles.mac,
10666 NULL,
10667 &tid_p->ipc,
10668 &aci);
10669 switch (attr)
10670 {
10671 case A_security_level:
10672 value->security_level = aci.sec_level;
10673 break;
10674 case A_mac_categories:
10675 value->mac_categories = aci.mac_categories;
10676 break;
10677
10678 default:
10679 err = -RSBAC_EINVALIDATTR;
10680 }
10681 }
10682 break;
10683 #endif
10684
10685 #if defined(CONFIG_RSBAC_PM)
10686 case PM:
10687 {
10688 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
10689
10690 rsbac_ta_list_get_data_ttl(ta_number,
10691 ipc_handles.pm,
10692 NULL,
10693 &tid_p->ipc,
10694 &aci);
10695 switch (attr)
10696 {
10697 case A_pm_object_class:
10698 value->pm_object_class = aci.pm_object_class;
10699 break;
10700 case A_pm_ipc_purpose:
10701 value->pm_ipc_purpose = aci.pm_ipc_purpose;
10702 break;
10703 case A_pm_object_type:
10704 value->pm_object_type = aci.pm_object_type;
10705 break;
10706 default:
10707 err = -RSBAC_EINVALIDATTR;
10708 }
10709 }
10710 break;
10711 #endif
10712
10713 #if defined(CONFIG_RSBAC_RC)
10714 case RC:
10715 {
10716 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10717
10718 rsbac_ta_list_get_data_ttl(ta_number,
10719 ipc_handles.rc,
10720 NULL,
10721 &tid_p->ipc,
10722 &type);
10723 switch (attr)
10724 {
10725 case A_rc_type:
10726 value->rc_type = type;
10727 break;
10728
10729 default:
10730 err = -RSBAC_EINVALIDATTR;
10731 }
10732 }
10733 break;
10734 #endif
10735
10736 #if defined(CONFIG_RSBAC_JAIL)
10737 case JAIL:
10738 {
10739 rsbac_jail_id_t id = RSBAC_JAIL_DEF_ID;
10740
10741 rsbac_ta_list_get_data_ttl(ta_number,
10742 ipc_handles.jail,
10743 NULL,
10744 &tid_p->ipc,
10745 &id);
10746 switch (attr)
10747 {
10748 case A_jail_id:
10749 value->jail_id = id;
10750 break;
10751
10752 default:
10753 err = -RSBAC_EINVALIDATTR;
10754 }
10755 }
10756 break;
10757 #endif
10758
10759 default:
10760 err = -RSBAC_EINVALIDMODULE;
10761 }
10762
10763 return err;
10764 }
10765
10766 static int get_attr_user(
10767 rsbac_list_ta_number_t ta_number,
10768 enum rsbac_switch_target_t module,
10769 enum rsbac_target_t target,
10770 union rsbac_target_id_t * tid_p,
10771 enum rsbac_attribute_t attr,
10772 union rsbac_attribute_value_t * value,
10773 rsbac_boolean_t inherit)
10774 {
10775 int err = 0;
10776
10777
10778
10779
10780
10781
10782
10783 switch(module)
10784 {
10785 case GEN:
10786 {
10787 struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI;
10788
10789 rsbac_ta_list_get_data_ttl(ta_number,
10790 user_handles.gen,
10791 NULL,
10792 &tid_p->user,
10793 &aci);
10794 switch (attr)
10795 {
10796 case A_pseudo:
10797 value->pseudo = aci.pseudo;
10798 break;
10799 case A_log_user_based:
10800 value->log_user_based = aci.log_user_based;
10801 break;
10802 default:
10803 err = -RSBAC_EINVALIDATTR;
10804 }
10805 }
10806 break;
10807
10808 #if defined(CONFIG_RSBAC_MAC)
10809 case MAC:
10810 {
10811 struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI;
10812
10813 rsbac_ta_list_get_data_ttl(ta_number,
10814 user_handles.mac,
10815 NULL,
10816 &tid_p->user,
10817 &aci);
10818 switch (attr)
10819 {
10820 case A_security_level:
10821 value->security_level = aci.security_level;
10822 break;
10823 case A_initial_security_level:
10824 value->security_level = aci.initial_security_level;
10825 break;
10826 case A_min_security_level:
10827 value->security_level = aci.min_security_level;
10828 break;
10829 case A_mac_categories:
10830 value->mac_categories = aci.mac_categories;
10831 break;
10832 case A_mac_initial_categories:
10833 value->mac_categories = aci.mac_initial_categories;
10834 break;
10835 case A_mac_min_categories:
10836 value->mac_categories = aci.mac_min_categories;
10837 break;
10838 case A_system_role:
10839 case A_mac_role:
10840 value->system_role = aci.system_role;
10841 break;
10842 case A_mac_user_flags:
10843 value->mac_user_flags = aci.mac_user_flags;
10844 break;
10845
10846 default:
10847 err = -RSBAC_EINVALIDATTR;
10848 }
10849 }
10850 break;
10851 #endif
10852
10853 #if defined(CONFIG_RSBAC_PM)
10854 case PM:
10855 {
10856 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
10857
10858 rsbac_ta_list_get_data_ttl(ta_number,
10859 user_handles.pm,
10860 NULL,
10861 &tid_p->user,
10862 &aci);
10863 switch (attr)
10864 {
10865 case A_pm_task_set:
10866 value->pm_task_set = aci.pm_task_set;
10867 break;
10868 case A_pm_role:
10869 value->pm_role = aci.pm_role;
10870 break;
10871 default:
10872 err = -RSBAC_EINVALIDATTR;
10873 }
10874 }
10875 break;
10876 #endif
10877
10878 #if defined(CONFIG_RSBAC_DAZ)
10879 case DAZ:
10880 {
10881 rsbac_system_role_int_t role = SR_user;
10882
10883 rsbac_ta_list_get_data_ttl(ta_number,
10884 user_handles.daz,
10885 NULL,
10886 &tid_p->user,
10887 &role);
10888 switch (attr)
10889 {
10890 case A_system_role:
10891 case A_daz_role:
10892 value->system_role = role;
10893 break;
10894
10895 default:
10896 err = -RSBAC_EINVALIDATTR;
10897 }
10898 }
10899 break;
10900 #endif
10901
10902 #if defined(CONFIG_RSBAC_FF)
10903 case FF:
10904 {
10905 rsbac_system_role_int_t role = SR_user;
10906
10907 rsbac_ta_list_get_data_ttl(ta_number,
10908 user_handles.ff,
10909 NULL,
10910 &tid_p->user,
10911 &role);
10912 switch (attr)
10913 {
10914 case A_system_role:
10915 case A_ff_role:
10916 value->system_role = role;
10917 break;
10918
10919 default:
10920 err = -RSBAC_EINVALIDATTR;
10921 }
10922 }
10923 break;
10924 #endif
10925
10926 #if defined(CONFIG_RSBAC_RC)
10927 case RC:
10928 {
10929 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
10930
10931 rsbac_ta_list_get_data_ttl(ta_number,
10932 user_handles.rc,
10933 NULL,
10934 &tid_p->user,
10935 &aci);
10936 switch (attr)
10937 {
10938 case A_rc_def_role:
10939 value->rc_def_role = aci.rc_role;
10940 break;
10941 case A_rc_type:
10942 value->rc_type = aci.rc_type;
10943 break;
10944 default:
10945 err = -RSBAC_EINVALIDATTR;
10946 }
10947 }
10948 break;
10949 #endif
10950
10951 #if defined(CONFIG_RSBAC_AUTH)
10952 case AUTH:
10953 {
10954 rsbac_system_role_int_t role = SR_user;
10955
10956 rsbac_ta_list_get_data_ttl(ta_number,
10957 user_handles.auth,
10958 NULL,
10959 &tid_p->user,
10960 &role);
10961 switch (attr)
10962 {
10963 case A_system_role:
10964 case A_auth_role:
10965 value->system_role = role;
10966 break;
10967
10968 default:
10969 err = -RSBAC_EINVALIDATTR;
10970 }
10971 }
10972 break;
10973 #endif
10974
10975 #if defined(CONFIG_RSBAC_CAP)
10976 case CAP:
10977 {
10978 struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI;
10979
10980 rsbac_ta_list_get_data_ttl(ta_number,
10981 user_handles.cap,
10982 NULL,
10983 &tid_p->user,
10984 &aci);
10985 switch (attr)
10986 {
10987 case A_system_role:
10988 case A_cap_role:
10989 value->system_role = aci.cap_role;
10990 break;
10991 case A_min_caps:
10992 value->min_caps = aci.min_caps;
10993 break;
10994 case A_max_caps:
10995 value->max_caps = aci.max_caps;
10996 break;
10997 default:
10998 err = -RSBAC_EINVALIDATTR;
10999 }
11000 }
11001 break;
11002 #endif
11003
11004 #if defined(CONFIG_RSBAC_JAIL)
11005 case JAIL:
11006 {
11007 rsbac_system_role_int_t role = SR_user;
11008
11009 rsbac_ta_list_get_data_ttl(ta_number,
11010 user_handles.jail,
11011 NULL,
11012 &tid_p->user,
11013 &role);
11014 switch (attr)
11015 {
11016 case A_system_role:
11017 case A_jail_role:
11018 value->system_role = role;
11019 break;
11020
11021 default:
11022 err = -RSBAC_EINVALIDATTR;
11023 }
11024 }
11025 break;
11026 #endif
11027
11028 #if defined(CONFIG_RSBAC_RES)
11029 case RES:
11030 {
11031 struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI;
11032
11033 if( rsbac_ta_list_get_data_ttl(ta_number,
11034 user_handles.res,
11035 NULL,
11036 &tid_p->user,
11037 &aci)
11038 && (tid_p->user != RSBAC_ALL_USERS)
11039 )
11040 {
11041 tid_p->user = RSBAC_ALL_USERS;
11042 rsbac_ta_list_get_data_ttl(ta_number,
11043 user_handles.res,
11044 NULL,
11045 &tid_p->user,
11046 &aci);
11047 }
11048 switch (attr)
11049 {
11050 case A_system_role:
11051 case A_res_role:
11052 value->system_role = aci.res_role;
11053 break;
11054 case A_res_min:
11055 memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min));
11056 break;
11057 case A_res_max:
11058 memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max));
11059 break;
11060 default:
11061 err = -RSBAC_EINVALIDATTR;
11062 }
11063 }
11064 break;
11065 #endif
11066
11067 #if defined(CONFIG_RSBAC_PAX)
11068 case PAX:
11069 {
11070 rsbac_system_role_int_t role = SR_user;
11071
11072 rsbac_ta_list_get_data_ttl(ta_number,
11073 user_handles.pax,
11074 NULL,
11075 &tid_p->user,
11076 &role);
11077 switch (attr)
11078 {
11079 case A_system_role:
11080 case A_pax_role:
11081 value->system_role = role;
11082 break;
11083
11084 default:
11085 err = -RSBAC_EINVALIDATTR;
11086 }
11087 }
11088 break;
11089 #endif
11090
11091 default:
11092 err = -RSBAC_EINVALIDMODULE;
11093 }
11094
11095 return err;
11096 }
11097
11098 static int get_attr_process(
11099 rsbac_list_ta_number_t ta_number,
11100 enum rsbac_switch_target_t module,
11101 enum rsbac_target_t target,
11102 union rsbac_target_id_t * tid_p,
11103 enum rsbac_attribute_t attr,
11104 union rsbac_attribute_value_t * value,
11105 rsbac_boolean_t inherit)
11106 {
11107 int err = 0;
11108
11109
11110
11111
11112
11113
11114
11115 switch(module)
11116 {
11117 case GEN:
11118 {
11119 struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI;
11120
11121 rsbac_ta_list_get_data_ttl(ta_number,
11122 process_handles.gen[gen_p_hash(tid_p->process)],
11123 NULL,
11124 &tid_p->process,
11125 &aci);
11126 switch (attr)
11127 {
11128 case A_log_program_based:
11129 value->log_program_based = aci.log_program_based;
11130 break;
11131 case A_fake_root_uid:
11132 value->fake_root_uid = aci.fake_root_uid;
11133 break;
11134 case A_audit_uid:
11135 value->audit_uid = aci.audit_uid;
11136 break;
11137 case A_auid_exempt:
11138 value->auid_exempt = aci.auid_exempt;
11139 break;
11140 case A_remote_ip:
11141 value->remote_ip = aci.remote_ip;
11142 break;
11143 default:
11144 err = -RSBAC_EINVALIDATTR;
11145 }
11146 }
11147 break;
11148
11149 #if defined(CONFIG_RSBAC_MAC)
11150 case MAC:
11151 {
11152 struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI;
11153
11154 rsbac_ta_list_get_data_ttl(ta_number,
11155 process_handles.mac[mac_p_hash(tid_p->process)],
11156 NULL,
11157 &tid_p->process,
11158 &aci);
11159 switch (attr)
11160 {
11161 case A_security_level:
11162 value->security_level = aci.owner_sec_level;
11163 break;
11164 case A_initial_security_level:
11165 value->security_level = aci.owner_initial_sec_level;
11166 break;
11167 case A_min_security_level:
11168 value->security_level = aci.owner_min_sec_level;
11169 break;
11170 case A_mac_categories:
11171 value->mac_categories = aci.mac_owner_categories;
11172 break;
11173 case A_mac_initial_categories:
11174 value->mac_categories = aci.mac_owner_initial_categories;
11175 break;
11176 case A_mac_min_categories:
11177 value->mac_categories = aci.mac_owner_min_categories;
11178 break;
11179 case A_current_sec_level:
11180 value->current_sec_level = aci.current_sec_level;
11181 break;
11182 case A_mac_curr_categories:
11183 value->mac_categories = aci.mac_curr_categories;
11184 break;
11185 case A_min_write_open:
11186 value->min_write_open = aci.min_write_open;
11187 break;
11188 case A_min_write_categories:
11189 value->mac_categories = aci.min_write_categories;
11190 break;
11191 case A_max_read_open:
11192 value->max_read_open = aci.max_read_open;
11193 break;
11194 case A_max_read_categories:
11195 value->mac_categories = aci.max_read_categories;
11196 break;
11197 case A_mac_process_flags:
11198 value->mac_process_flags = aci.mac_process_flags;
11199 break;
11200 case A_mac_auto:
11201 if(aci.mac_process_flags & MAC_auto)
11202 value->mac_auto = TRUE;
11203 else
11204 value->mac_auto = FALSE;
11205 break;
11206
11207 default:
11208 err = -RSBAC_EINVALIDATTR;
11209 }
11210 }
11211 break;
11212 #endif
11213
11214 #if defined(CONFIG_RSBAC_PM)
11215 case PM:
11216 {
11217 struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI;
11218
11219 rsbac_ta_list_get_data_ttl(ta_number,
11220 process_handles.pm,
11221 NULL,
11222 &tid_p->process,
11223 &aci);
11224 switch (attr)
11225 {
11226 case A_pm_tp:
11227 value->pm_tp = aci.pm_tp;
11228 break;
11229 case A_pm_current_task:
11230 value->pm_current_task = aci.pm_current_task;
11231 break;
11232 case A_pm_process_type:
11233 value->pm_process_type = aci.pm_process_type;
11234 break;
11235 default:
11236 err = -RSBAC_EINVALIDATTR;
11237 }
11238 }
11239 break;
11240 #endif
11241
11242 #if defined(CONFIG_RSBAC_DAZ)
11243 case DAZ:
11244 {
11245 struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI;
11246
11247 rsbac_ta_list_get_data_ttl(ta_number,
11248 process_handles.daz,
11249 NULL,
11250 &tid_p->process,
11251 &aci);
11252 switch (attr)
11253 {
11254 case A_daz_scanner:
11255 value->daz_scanner = aci.daz_scanner;
11256 break;
11257 default:
11258 err = -RSBAC_EINVALIDATTR;
11259 }
11260 }
11261 break;
11262 #endif
11263
11264 #if defined(CONFIG_RSBAC_RC)
11265 case RC:
11266 {
11267 struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI;
11268
11269 rsbac_ta_list_get_data_ttl(ta_number,
11270 process_handles.rc[rc_p_hash(tid_p->process)],
11271 NULL,
11272 &tid_p->process,
11273 &aci);
11274 switch (attr)
11275 {
11276 case A_rc_role:
11277 value->rc_role = aci.rc_role;
11278 break;
11279 case A_rc_type:
11280 value->rc_type = aci.rc_type;
11281 break;
11282 case A_rc_force_role:
11283 value->rc_force_role = aci.rc_force_role;
11284 break;
11285 default:
11286 err = -RSBAC_EINVALIDATTR;
11287 }
11288 }
11289 break;
11290 #endif
11291
11292 #if defined(CONFIG_RSBAC_AUTH)
11293 case AUTH:
11294 {
11295 struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI;
11296
11297 rsbac_ta_list_get_data_ttl(ta_number,
11298 process_handles.auth,
11299 NULL,
11300 &tid_p->process,
11301 &aci);
11302 switch (attr)
11303 {
11304 case A_auth_may_setuid:
11305 value->auth_may_setuid = aci.auth_may_setuid;
11306 break;
11307 case A_auth_may_set_cap:
11308 value->auth_may_set_cap = aci.auth_may_set_cap;
11309 break;
11310 #if defined(CONFIG_RSBAC_AUTH_LEARN)
11311 case A_auth_program_file:
11312 value->auth_program_file = aci.auth_program_file;
11313 break;
11314 case A_auth_start_uid:
11315 value->auth_start_uid = aci.auth_start_uid;
11316 break;
11317 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
11318 case A_auth_start_euid:
11319 value->auth_start_euid = aci.auth_start_euid;
11320 break;
11321 #endif
11322 #ifdef CONFIG_RSBAC_AUTH_GROUP
11323 case A_auth_start_gid:
11324 value->auth_start_gid = aci.auth_start_gid;
11325 break;
11326 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
11327 case A_auth_start_egid:
11328 value->auth_start_egid = aci.auth_start_egid;
11329 break;
11330 #endif
11331 #endif
11332 case A_auth_learn:
11333 value->auth_learn = aci.auth_learn;
11334 break;
11335 #else
11336 case A_auth_learn:
11337 value->auth_learn = FALSE;
11338 break;
11339 #endif
11340 case A_auth_last_auth:
11341 value->auth_last_auth = aci.auth_last_auth;
11342 break;
11343 default:
11344 err = -RSBAC_EINVALIDATTR;
11345 }
11346 }
11347 break;
11348 #endif
11349
11350 #if defined(CONFIG_RSBAC_CAP)
11351 case CAP:
11352 {
11353 struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI;
11354
11355 rsbac_ta_list_get_data_ttl(ta_number,
11356 process_handles.cap,
11357 NULL,
11358 &tid_p->process,
11359 &aci);
11360 switch (attr)
11361 {
11362 case A_cap_process_hiding:
11363 value->cap_process_hiding = aci.cap_process_hiding;
11364 break;
11365 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
11366 case A_max_caps_user:
11367 value->max_caps_user = aci.max_caps_user;
11368 break;
11369 case A_max_caps_program:
11370 value->max_caps_program = aci.max_caps_program;
11371 break;
11372 #endif
11373 default:
11374 err = -RSBAC_EINVALIDATTR;
11375 }
11376 }
11377 break;
11378 #endif
11379
11380 #if defined(CONFIG_RSBAC_JAIL)
11381 case JAIL:
11382 {
11383 struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI;
11384
11385 rsbac_ta_list_get_data_ttl(ta_number,
11386 process_handles.jail[jail_p_hash(tid_p->process)],
11387 NULL,
11388 &tid_p->process,
11389 &aci);
11390 switch (attr)
11391 {
11392 case A_jail_id:
11393 value->jail_id = aci.id;
11394 break;
11395 case A_jail_ip:
11396 value->jail_ip = aci.ip;
11397 break;
11398 case A_jail_flags:
11399 value->jail_flags = aci.flags;
11400 break;
11401 case A_jail_max_caps:
11402 value->jail_max_caps = aci.max_caps;
11403 break;
11404 case A_jail_scd_get:
11405 value->jail_scd_get = aci.scd_get;
11406 break;
11407 case A_jail_scd_modify:
11408 value->jail_scd_modify = aci.scd_modify;
11409 break;
11410 default:
11411 err = -RSBAC_EINVALIDATTR;
11412 }
11413 }
11414 break;
11415 #endif
11416
11417 #if defined(CONFIG_RSBAC_PAX)
11418 case PAX:
11419 {
11420 struct task_struct * task_p;
11421
11422 switch (attr)
11423 {
11424 case A_pax_flags:
11425 read_lock(&tasklist_lock);
11426 task_p = find_task_by_pid(tid_p->process);
11427 if(task_p)
11428 {
11429 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
11430 #if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
11431 if(task_p->mm)
11432 value->pax_flags = task_p->mm->flags & RSBAC_PAX_ALL_FLAGS;
11433 else
11434 #endif
11435 value->pax_flags = 0;
11436 #else
11437 value->pax_flags = task_p->flags & RSBAC_PAX_ALL_FLAGS;
11438 #endif
11439 }
11440 else
11441 err = -RSBAC_EINVALIDTARGET;
11442 read_unlock(&tasklist_lock);
11443 break;
11444 default:
11445 err = -RSBAC_EINVALIDATTR;
11446 }
11447 }
11448 break;
11449 #endif
11450
11451 default:
11452 err = -RSBAC_EINVALIDMODULE;
11453 }
11454 return err;
11455 }
11456
11457 #ifdef CONFIG_RSBAC_UM
11458 static int get_attr_group(
11459 rsbac_list_ta_number_t ta_number,
11460 enum rsbac_switch_target_t module,
11461 enum rsbac_target_t target,
11462 union rsbac_target_id_t * tid_p,
11463 enum rsbac_attribute_t attr,
11464 union rsbac_attribute_value_t * value,
11465 rsbac_boolean_t inherit)
11466 {
11467 int err = 0;
11468
11469
11470
11471
11472
11473
11474
11475
11476 switch(module)
11477 {
11478 #if defined(CONFIG_RSBAC_RC_UM_PROT)
11479 case RC:
11480 {
11481 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
11482 rsbac_gid_t group_desc;
11483
11484 group_desc = tid_p->group;
11485 rsbac_ta_list_get_data_ttl(ta_number,
11486 group_handles.rc,
11487 NULL,
11488 &group_desc,
11489 &type);
11490 switch (attr)
11491 {
11492 case A_rc_type:
11493 value->rc_type = type;
11494 break;
11495
11496 default:
11497 err = -RSBAC_EINVALIDATTR;
11498 }
11499 }
11500 break;
11501 #endif
11502
11503 default:
11504 err = -RSBAC_EINVALIDMODULE;
11505 }
11506
11507 return err;
11508 }
11509 #endif
11510
11511 #ifdef CONFIG_RSBAC_NET_DEV
11512 static int get_attr_netdev(
11513 rsbac_list_ta_number_t ta_number,
11514 enum rsbac_switch_target_t module,
11515 enum rsbac_target_t target,
11516 union rsbac_target_id_t * tid_p,
11517 enum rsbac_attribute_t attr,
11518 union rsbac_attribute_value_t * value,
11519 rsbac_boolean_t inherit)
11520 {
11521 int err = 0;
11522
11523
11524
11525
11526
11527
11528
11529
11530 switch(module)
11531 {
11532 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
11533 case GEN:
11534 {
11535 struct rsbac_gen_netdev_aci_t aci = DEFAULT_GEN_NETDEV_ACI;
11536
11537 rsbac_ta_list_get_data_ttl(ta_number,
11538 netdev_handles.gen,
11539 NULL,
11540 &tid_p->netdev,
11541 &aci);
11542 switch (attr)
11543 {
11544 case A_log_array_low:
11545 value->log_array_low = aci.log_array_low;
11546 break;
11547 case A_log_array_high:
11548 value->log_array_high = aci.log_array_high;
11549 break;
11550 default:
11551 err = -RSBAC_EINVALIDATTR;
11552 }
11553 }
11554 break;
11555 #endif
11556 #if defined(CONFIG_RSBAC_RC)
11557 case RC:
11558 {
11559 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
11560
11561 rsbac_ta_list_get_data_ttl(ta_number,
11562 netdev_handles.rc,
11563 NULL,
11564 &tid_p->netdev,
11565 &type);
11566 switch (attr)
11567 {
11568 case A_rc_type:
11569 value->rc_type = type;
11570 break;
11571
11572 default:
11573 err = -RSBAC_EINVALIDATTR;
11574 }
11575 }
11576 break;
11577 #endif
11578
11579 default:
11580 err = -RSBAC_EINVALIDMODULE;
11581 }
11582
11583 return err;
11584 }
11585 #endif
11586
11587 #ifdef CONFIG_RSBAC_NET_OBJ
11588 static int get_attr_nettemp(
11589 rsbac_list_ta_number_t ta_number,
11590 enum rsbac_switch_target_t module,
11591 enum rsbac_target_t target,
11592 union rsbac_target_id_t * tid_p,
11593 enum rsbac_attribute_t attr,
11594 union rsbac_attribute_value_t * value,
11595 rsbac_boolean_t inherit)
11596 {
11597 int err = 0;
11598
11599
11600
11601
11602
11603
11604
11605 if( tid_p->nettemp
11606 && !rsbac_list_exist(net_temp_handle, &tid_p->nettemp)
11607 )
11608 return -RSBAC_EINVALIDTARGET;
11609 switch(module)
11610 {
11611 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
11612 case GEN:
11613 {
11614 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_NETOBJ_ACI;
11615
11616 if(tid_p->nettemp)
11617 rsbac_ta_list_get_data_ttl(ta_number,
11618 nettemp_handles.gen,
11619 NULL,
11620 &tid_p->nettemp,
11621 &aci);
11622 switch (attr)
11623 {
11624 case A_log_array_low:
11625 value->log_array_low = aci.log_array_low;
11626 break;
11627 case A_log_array_high:
11628 value->log_array_high = aci.log_array_high;
11629 break;
11630 default:
11631 err = -RSBAC_EINVALIDATTR;
11632 }
11633 }
11634 break;
11635 #endif
11636 #if defined(CONFIG_RSBAC_MAC)
11637 case MAC:
11638 {
11639 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
11640
11641 rsbac_ta_list_get_data_ttl(ta_number,
11642 nettemp_handles.mac,
11643 NULL,
11644 &tid_p->nettemp,
11645 &aci);
11646 switch (attr)
11647 {
11648 case A_security_level:
11649 value->security_level = aci.sec_level;
11650 break;
11651 case A_mac_categories:
11652 value->mac_categories = aci.mac_categories;
11653 break;
11654
11655 default:
11656 err = -RSBAC_EINVALIDATTR;
11657 }
11658 }
11659 break;
11660 #endif
11661
11662 #if defined(CONFIG_RSBAC_PM)
11663 case PM:
11664 {
11665 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
11666
11667 rsbac_ta_list_get_data_ttl(ta_number,
11668 nettemp_handles.pm,
11669 NULL,
11670 &tid_p->nettemp,
11671 &aci);
11672 switch (attr)
11673 {
11674 case A_pm_object_class:
11675 value->pm_object_class = aci.pm_object_class;
11676 break;
11677 case A_pm_ipc_purpose:
11678 value->pm_ipc_purpose = aci.pm_ipc_purpose;
11679 break;
11680 case A_pm_object_type:
11681 value->pm_object_type = aci.pm_object_type;
11682 break;
11683 default:
11684 err = -RSBAC_EINVALIDATTR;
11685 }
11686 }
11687 break;
11688 #endif
11689
11690 #if defined(CONFIG_RSBAC_RC)
11691 case RC:
11692 {
11693 struct rsbac_rc_nettemp_aci_t aci = DEFAULT_RC_NETTEMP_ACI;
11694
11695 rsbac_ta_list_get_data_ttl(ta_number,
11696 nettemp_handles.rc,
11697 NULL,
11698 &tid_p->nettemp,
11699 &aci);
11700 switch (attr)
11701 {
11702 case A_rc_type:
11703 value->rc_type = aci.netobj_type;
11704 break;
11705
11706 case A_rc_type_nt:
11707 value->rc_type = aci.nettemp_type;
11708 break;
11709
11710 default:
11711 err = -RSBAC_EINVALIDATTR;
11712 }
11713 }
11714 break;
11715 #endif
11716
11717 default:
11718 err = -RSBAC_EINVALIDMODULE;
11719 }
11720 return err;
11721 }
11722
11723 static int get_attr_netobj(
11724 rsbac_list_ta_number_t ta_number,
11725 enum rsbac_switch_target_t module,
11726 enum rsbac_target_t target,
11727 union rsbac_target_id_t * tid_p,
11728 enum rsbac_attribute_t attr,
11729 union rsbac_attribute_value_t * value,
11730 rsbac_boolean_t inherit)
11731 {
11732 int err = 0;
11733
11734
11735
11736
11737
11738
11739
11740 switch(module)
11741 {
11742 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
11743 case GEN:
11744 {
11745 struct rsbac_gen_netobj_aci_t aci = DEFAULT_GEN_NETOBJ_ACI;
11746 rsbac_net_temp_id_t temp = 0;
11747
11748 switch (attr)
11749 {
11750 case A_local_log_array_low:
11751 case A_local_log_array_high:
11752 rsbac_ta_net_lookup_templates(ta_number,
11753 &tid_p->netobj,
11754 &temp,
11755 NULL);
11756 break;
11757 case A_remote_log_array_low:
11758 case A_remote_log_array_high:
11759 rsbac_ta_net_lookup_templates(ta_number,
11760 &tid_p->netobj,
11761 NULL,
11762 &temp);
11763 break;
11764
11765 default:
11766 err = -RSBAC_EINVALIDATTR;
11767 }
11768 if(temp)
11769 rsbac_ta_list_get_data_ttl(ta_number,
11770 nettemp_handles.gen,
11771 NULL,
11772 &temp,
11773 &aci);
11774 switch (attr)
11775 {
11776 case A_local_log_array_low:
11777 case A_remote_log_array_low:
11778 value->log_array_low = aci.log_array_low;
11779 break;
11780 case A_local_log_array_high:
11781 case A_remote_log_array_high:
11782 value->log_array_high = aci.log_array_high;
11783 break;
11784
11785 default:
11786 err = -RSBAC_EINVALIDATTR;
11787 }
11788 }
11789 break;
11790 #endif
11791 #if defined(CONFIG_RSBAC_MAC)
11792 case MAC:
11793 {
11794 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
11795
11796 switch(attr)
11797 {
11798 case A_local_sec_level:
11799 case A_local_mac_categories:
11800 if(rsbac_ta_list_get_data_ttl(ta_number,
11801 lnetobj_handles.mac,
11802 NULL,
11803 &tid_p->netobj.sock_p,
11804 &aci))
11805 {
11806 rsbac_net_temp_id_t temp = 0;
11807
11808 rsbac_ta_net_lookup_templates(ta_number,
11809 &tid_p->netobj,
11810 &temp,
11811 NULL);
11812 if(temp)
11813 rsbac_ta_list_get_data_ttl(ta_number,
11814 nettemp_handles.mac,
11815 NULL,
11816 &temp,
11817 &aci);
11818 }
11819 break;
11820
11821 case A_remote_sec_level:
11822 case A_remote_mac_categories:
11823 if(rsbac_ta_list_get_data_ttl(ta_number,
11824 rnetobj_handles.mac,
11825 NULL,
11826 &tid_p->netobj.sock_p,
11827 &aci))
11828 {
11829 rsbac_net_temp_id_t temp = 0;
11830
11831 rsbac_ta_net_lookup_templates(ta_number,
11832 &tid_p->netobj,
11833 NULL,
11834 &temp);
11835 if(temp)
11836 rsbac_ta_list_get_data_ttl(ta_number,
11837 nettemp_handles.mac,
11838 NULL,
11839 &temp,
11840 &aci);
11841 }
11842 break;
11843
11844 default:
11845 err = -RSBAC_EINVALIDATTR;
11846 }
11847 if(err)
11848 break;
11849 switch (attr)
11850 {
11851 case A_local_sec_level:
11852 case A_remote_sec_level:
11853 value->security_level = aci.sec_level;
11854 break;
11855 case A_local_mac_categories:
11856 case A_remote_mac_categories:
11857 value->mac_categories = aci.mac_categories;
11858 break;
11859
11860 default:
11861 err = -RSBAC_EINVALIDATTR;
11862 }
11863 }
11864 break;
11865 #endif
11866
11867 #if defined(CONFIG_RSBAC_PM)
11868 case PM:
11869 {
11870 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
11871
11872 switch(attr)
11873 {
11874 case A_local_pm_object_class:
11875 case A_local_pm_ipc_purpose:
11876 case A_local_pm_object_type:
11877 if(rsbac_ta_list_get_data_ttl(ta_number,
11878 lnetobj_handles.pm,
11879 NULL,
11880 &tid_p->netobj.sock_p,
11881 &aci))
11882 {
11883 rsbac_net_temp_id_t temp = 0;
11884
11885 rsbac_ta_net_lookup_templates(ta_number,
11886 &tid_p->netobj,
11887 &temp,
11888 NULL);
11889 if(temp)
11890 rsbac_ta_list_get_data_ttl(ta_number,
11891 nettemp_handles.pm,
11892 NULL,
11893 &temp,
11894 &aci);
11895 }
11896 break;
11897
11898 case A_remote_pm_object_class:
11899 case A_remote_pm_ipc_purpose:
11900 case A_remote_pm_object_type:
11901 if(rsbac_ta_list_get_data_ttl(ta_number,
11902 rnetobj_handles.pm,
11903 NULL,
11904 &tid_p->netobj.sock_p,
11905 &aci))
11906 {
11907 rsbac_net_temp_id_t temp = 0;
11908
11909 rsbac_ta_net_lookup_templates(ta_number,
11910 &tid_p->netobj,
11911 NULL,
11912 &temp);
11913 if(temp)
11914 rsbac_ta_list_get_data_ttl(ta_number,
11915 nettemp_handles.pm,
11916 NULL,
11917 &temp,
11918 &aci);
11919 }
11920 break;
11921
11922 default:
11923 err = -RSBAC_EINVALIDATTR;
11924 }
11925 if(err)
11926 break;
11927 switch (attr)
11928 {
11929 case A_local_pm_object_class:
11930 case A_remote_pm_object_class:
11931 value->pm_object_class = aci.pm_object_class;
11932 break;
11933 case A_local_pm_ipc_purpose:
11934 case A_remote_pm_ipc_purpose:
11935 value->pm_ipc_purpose = aci.pm_ipc_purpose;
11936 break;
11937 case A_local_pm_object_type:
11938 case A_remote_pm_object_type:
11939 value->pm_object_type = aci.pm_object_type;
11940 break;
11941
11942 default:
11943 err = -RSBAC_EINVALIDATTR;
11944 }
11945 }
11946 break;
11947 #endif
11948
11949 #if defined(CONFIG_RSBAC_RC)
11950 case RC:
11951 {
11952 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
11953
11954 switch(attr)
11955 {
11956 case A_local_rc_type:
11957 if(rsbac_ta_list_get_data_ttl(ta_number,
11958 lnetobj_handles.rc,
11959 NULL,
11960 &tid_p->netobj.sock_p,
11961 &type))
11962 {
11963 rsbac_net_temp_id_t temp = 0;
11964 struct rsbac_rc_nettemp_aci_t aci;
11965
11966 rsbac_ta_net_lookup_templates(ta_number,
11967 &tid_p->netobj,
11968 &temp,
11969 NULL);
11970 if(temp)
11971 {
11972 if(!rsbac_ta_list_get_data_ttl(ta_number,
11973 nettemp_handles.rc,
11974 NULL,
11975 &temp,
11976 &aci))
11977 type = aci.netobj_type;
11978 }
11979 }
11980 break;
11981
11982 case A_remote_rc_type:
11983 if(rsbac_ta_list_get_data_ttl(ta_number,
11984 rnetobj_handles.rc,
11985 NULL,
11986 &tid_p->netobj.sock_p,
11987 &type))
11988 {
11989 rsbac_net_temp_id_t temp = 0;
11990 struct rsbac_rc_nettemp_aci_t aci;
11991
11992 rsbac_ta_net_lookup_templates(ta_number,
11993 &tid_p->netobj,
11994 NULL,
11995 &temp);
11996 if(temp)
11997 {
11998 if(!rsbac_ta_list_get_data_ttl(ta_number,
11999 nettemp_handles.rc,
12000 NULL,
12001 &temp,
12002 &aci))
12003 type = aci.netobj_type;
12004 }
12005 }
12006 break;
12007
12008 default:
12009 err = -RSBAC_EINVALIDATTR;
12010 }
12011 if(!err)
12012 value->rc_type = type;
12013 }
12014 break;
12015 #endif
12016
12017 default:
12018 err = -RSBAC_EINVALIDMODULE;
12019 }
12020 return err;
12021 }
12022 #endif
12023
12024
12025
12026
12027 int rsbac_ta_get_attr(
12028 rsbac_list_ta_number_t ta_number,
12029 enum rsbac_switch_target_t module,
12030 enum rsbac_target_t target,
12031 union rsbac_target_id_t tid,
12032 enum rsbac_attribute_t attr,
12033 union rsbac_attribute_value_t * value,
12034 rsbac_boolean_t inherit)
12035 {
12036 int err = 0;
12037
12038 if (!rsbac_initialized)
12039 {
12040 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n");
12041 return(-RSBAC_ENOTINITIALIZED);
12042 }
12043 if (!value)
12044 return(-RSBAC_EINVALIDPOINTER);
12045 if (in_interrupt())
12046 {
12047 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n");
12048 }
12049 #ifdef CONFIG_RSBAC_XSTATS
12050 get_attr_count[target]++;
12051 #endif
12052 switch (target)
12053 {
12054 case T_FILE:
12055 case T_DIR:
12056 case T_FIFO:
12057 case T_SYMLINK:
12058 return get_attr_fd(ta_number, module, target, &tid,
12059 attr, value, inherit);
12060
12061 case T_DEV:
12062 return get_attr_dev(ta_number, module, target, tid.dev,
12063 attr, value, inherit);
12064
12065 case T_IPC:
12066 return get_attr_ipc(ta_number, module, target, &tid,
12067 attr, value, inherit);
12068
12069 case T_USER:
12070 return get_attr_user(ta_number, module, target, &tid,
12071 attr, value, inherit);
12072
12073 case T_PROCESS:
12074 return get_attr_process(ta_number, module, target, &tid,
12075 attr, value, inherit);
12076
12077 #ifdef CONFIG_RSBAC_UM
12078 case T_GROUP:
12079 return get_attr_group(ta_number, module, target, &tid,
12080 attr, value, inherit);
12081 #endif
12082
12083 #ifdef CONFIG_RSBAC_NET_DEV
12084 case T_NETDEV:
12085 return get_attr_netdev(ta_number, module, target, &tid,
12086 attr, value, inherit);
12087 #endif
12088
12089 #ifdef CONFIG_RSBAC_NET_OBJ
12090 case T_NETTEMP:
12091 return get_attr_nettemp(ta_number, module, target, &tid,
12092 attr, value, inherit);
12093
12094 case T_NETOBJ:
12095 return get_attr_netobj(ta_number, module, target, &tid,
12096 attr, value, inherit);
12097 #endif
12098
12099
12100 default:
12101 return -RSBAC_EINVALIDTARGET;
12102 }
12103
12104 return err;
12105 }
12106
12107
12108
12109 static int set_attr_fd(
12110 rsbac_list_ta_number_t ta_number,
12111 enum rsbac_switch_target_t module,
12112 enum rsbac_target_t target,
12113 union rsbac_target_id_t * tid_p,
12114 enum rsbac_attribute_t attr,
12115 union rsbac_attribute_value_t * value_p)
12116 {
12117 int err = 0;
12118 struct rsbac_device_list_item_t * device_p;
12119 u_long dflags;
12120
12121
12122
12123
12124
12125
12126
12127
12128
12129 rsbac_read_lock(&device_list_head.lock, &dflags);
12130
12131
12132
12133
12134
12135
12136
12137
12138
12139
12140 device_p = lookup_device(tid_p->file.device);
12141 if (!device_p)
12142 {
12143 struct super_block * sb_p;
12144
12145 rsbac_read_unlock(&device_list_head.lock, &dflags);
12146 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
12147 sb_p = user_get_super(tid_p->file.device);
12148 #else
12149 sb_p = get_super(tid_p->file.device);
12150 #endif
12151 if(sb_p)
12152 {
12153 rsbac_printk(KERN_INFO
12154 "rsbac_set_attr(): auto-mounting device %02u:%02u\n",
12155 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
12156 rsbac_mount(sb_p, NULL);
12157
12158 drop_super(sb_p);
12159 rsbac_read_lock(&device_list_head.lock, &dflags);
12160 device_p = lookup_device(tid_p->file.device);
12161 if (!device_p)
12162 {
12163 rsbac_printk(KERN_WARNING
12164 "rsbac_set_attr(): unknown device %02u:%02u\n",
12165 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
12166 rsbac_read_unlock(&device_list_head.lock, &dflags);
12167 return -RSBAC_EINVALIDDEV;
12168 }
12169 }
12170 else
12171 return -RSBAC_EINVALIDDEV;
12172 }
12173 switch(module)
12174 {
12175 case GEN:
12176 {
12177 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI;
12178
12179 rsbac_ta_list_get_data_ttl(ta_number,
12180 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
12181 NULL,
12182 &tid_p->file.inode,
12183 &aci);
12184 switch (attr)
12185 {
12186 case A_log_array_low:
12187 aci.log_array_low = value_p->log_array_low;
12188 break;
12189 case A_log_array_high:
12190 aci.log_array_high = value_p->log_array_high;
12191 break;
12192 case A_log_program_based:
12193 aci.log_program_based = value_p->log_program_based;
12194 break;
12195 case A_symlink_add_remote_ip:
12196 aci.symlink_add_remote_ip = value_p->symlink_add_remote_ip;
12197 break;
12198 case A_symlink_add_uid:
12199 aci.symlink_add_uid = value_p->symlink_add_uid;
12200 break;
12201 case A_symlink_add_mac_level:
12202 aci.symlink_add_mac_level = value_p->symlink_add_mac_level;
12203 break;
12204 case A_symlink_add_rc_role:
12205 aci.symlink_add_rc_role = value_p->symlink_add_rc_role;
12206 break;
12207 case A_linux_dac_disable:
12208 aci.linux_dac_disable = value_p->linux_dac_disable;
12209 break;
12210 case A_fake_root_uid:
12211 aci.fake_root_uid = value_p->fake_root_uid;
12212 break;
12213 case A_auid_exempt:
12214 aci.auid_exempt = value_p->auid_exempt;
12215 break;
12216 default:
12217 err = -RSBAC_EINVALIDATTR;
12218 }
12219 if(!err)
12220 {
12221 err = rsbac_ta_list_add_ttl(ta_number,
12222 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
12223 0,
12224 &tid_p->file.inode,
12225 &aci);
12226 }
12227 }
12228 break;
12229
12230 #if defined(CONFIG_RSBAC_MAC)
12231 case MAC:
12232 {
12233 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
12234
12235 rsbac_ta_list_get_data_ttl(ta_number,
12236 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
12237 NULL,
12238 &tid_p->file.inode,
12239 &aci);
12240 switch (attr)
12241 {
12242 case A_security_level:
12243 aci.sec_level = value_p->security_level;
12244 break;
12245 case A_mac_categories:
12246 aci.mac_categories = value_p->mac_categories;
12247 break;
12248 case A_mac_auto:
12249 aci.mac_auto = value_p->mac_auto;
12250 break;
12251 case A_mac_prop_trusted:
12252 aci.mac_prop_trusted = value_p->mac_prop_trusted;
12253 break;
12254 case A_mac_file_flags:
12255 aci.mac_file_flags = value_p->mac_file_flags & RSBAC_MAC_F_FLAGS;
12256 break;
12257
12258 default:
12259 err = -RSBAC_EINVALIDATTR;
12260 }
12261 if(!err)
12262 {
12263 err = rsbac_ta_list_add_ttl(ta_number,
12264 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
12265 0,
12266 &tid_p->file.inode,
12267 &aci);
12268 }
12269 }
12270 break;
12271 #endif
12272
12273 #if defined(CONFIG_RSBAC_PM)
12274 case PM:
12275 {
12276 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
12277
12278 rsbac_ta_list_get_data_ttl(ta_number,
12279 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
12280 NULL,
12281 &tid_p->file.inode,
12282 &aci);
12283 switch (attr)
12284 {
12285 case A_pm_object_class:
12286 aci.pm_object_class = value_p->pm_object_class;
12287 break;
12288 case A_pm_tp:
12289 aci.pm_tp = value_p->pm_tp;
12290 break;
12291 case A_pm_object_type:
12292 aci.pm_object_type = value_p->pm_object_type;
12293 break;
12294 default:
12295 err = -RSBAC_EINVALIDATTR;
12296 }
12297 if(!err)
12298 {
12299 err = rsbac_ta_list_add_ttl(ta_number,
12300 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
12301 0,
12302 &tid_p->file.inode,
12303 &aci);
12304 }
12305 }
12306 break;
12307 #endif
12308
12309 #if defined(CONFIG_RSBAC_DAZ)
12310 case DAZ:
12311 {
12312 #if defined(CONFIG_RSBAC_DAZ_CACHE)
12313 if(attr == A_daz_scanned)
12314 {
12315 err = rsbac_list_add_ttl(device_p->handles.dazs[daz_scanned_fd_hash(tid_p->file.inode)],
12316 rsbac_daz_ttl,
12317 &tid_p->file.inode,
12318 &value_p->daz_scanned);
12319 }
12320 else
12321 #endif
12322 {
12323 struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI;
12324
12325 rsbac_ta_list_get_data_ttl(ta_number,
12326 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
12327 NULL,
12328 &tid_p->file.inode,
12329 &aci);
12330 switch (attr)
12331 {
12332 case A_daz_scanner:
12333 aci.daz_scanner = value_p->daz_scanner;
12334 break;
12335 default:
12336 err = -RSBAC_EINVALIDATTR;
12337 }
12338 if(!err)
12339 {
12340 err = rsbac_ta_list_add_ttl(ta_number,
12341 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
12342 0,
12343 &tid_p->file.inode,
12344 &aci);
12345 }
12346 }
12347 }
12348 break;
12349 #endif
12350
12351 #if defined(CONFIG_RSBAC_FF)
12352 case FF:
12353 {
12354 switch (attr)
12355 {
12356 case A_ff_flags:
12357 err = rsbac_ta_list_add_ttl(ta_number,
12358 device_p->handles.ff[ff_fd_hash(tid_p->file.inode)],
12359 0,
12360 &tid_p->file.inode,
12361 &value_p->ff_flags);
12362 break;
12363
12364 default:
12365 err = -RSBAC_EINVALIDATTR;
12366 }
12367 }
12368 break;
12369 #endif
12370
12371 #if defined(CONFIG_RSBAC_RC)
12372 case RC:
12373 {
12374 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
12375
12376 rsbac_ta_list_get_data_ttl(ta_number,
12377 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
12378 NULL,
12379 &tid_p->file.inode,
12380 &aci);
12381 switch (attr)
12382 {
12383 case A_rc_type_fd:
12384 aci.rc_type_fd = value_p->rc_type_fd;
12385 break;
12386 case A_rc_force_role:
12387 aci.rc_force_role = value_p->rc_force_role;
12388 break;
12389 case A_rc_initial_role:
12390 aci.rc_initial_role = value_p->rc_initial_role;
12391 break;
12392
12393 default:
12394 err = -RSBAC_EINVALIDATTR;
12395 }
12396 if(!err)
12397 {
12398 err = rsbac_ta_list_add_ttl(ta_number,
12399 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
12400 0,
12401 &tid_p->file.inode,
12402 &aci);
12403 }
12404 }
12405 break;
12406 #endif
12407
12408 #if defined(CONFIG_RSBAC_AUTH)
12409 case AUTH:
12410 {
12411 struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI;
12412
12413 rsbac_ta_list_get_data_ttl(ta_number,
12414 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
12415 NULL,
12416 &tid_p->file.inode,
12417 &aci);
12418 switch (attr)
12419 {
12420 case A_auth_may_setuid:
12421 aci.auth_may_setuid = value_p->auth_may_setuid;
12422 break;
12423 case A_auth_may_set_cap:
12424 aci.auth_may_set_cap = value_p->auth_may_set_cap;
12425 break;
12426 case A_auth_learn:
12427 aci.auth_learn = value_p->auth_learn;
12428 break;
12429 default:
12430 err = -RSBAC_EINVALIDATTR;
12431 }
12432 if(!err)
12433 {
12434 err = rsbac_ta_list_add_ttl(ta_number,
12435 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
12436 0,
12437 &tid_p->file.inode,
12438 &aci);
12439 }
12440 }
12441 break;
12442 #endif
12443
12444 #if defined(CONFIG_RSBAC_CAP)
12445 case CAP:
12446 {
12447 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
12448
12449 rsbac_ta_list_get_data_ttl(ta_number,
12450 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
12451 NULL,
12452 &tid_p->file.inode,
12453 &aci);
12454 switch (attr)
12455 {
12456 case A_min_caps:
12457 aci.min_caps = value_p->min_caps;
12458 break;
12459 case A_max_caps:
12460 aci.max_caps = value_p->max_caps;
12461 break;
12462 default:
12463 err = -RSBAC_EINVALIDATTR;
12464 }
12465 if(!err)
12466 {
12467 err = rsbac_ta_list_add_ttl(ta_number,
12468 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
12469 0,
12470 &tid_p->file.inode,
12471 &aci);
12472 }
12473 }
12474 break;
12475 #endif
12476
12477 #if defined(CONFIG_RSBAC_RES)
12478 case RES:
12479 {
12480 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
12481
12482 rsbac_ta_list_get_data_ttl(ta_number,
12483 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
12484 NULL,
12485 &tid_p->file.inode,
12486 &aci);
12487 switch (attr)
12488 {
12489 case A_res_min:
12490 memcpy(&aci.res_min, &value_p->res_array, sizeof(aci.res_min));
12491 break;
12492 case A_res_max:
12493 memcpy(&aci.res_max, &value_p->res_array, sizeof(aci.res_max));
12494 break;
12495 default:
12496 err = -RSBAC_EINVALIDATTR;
12497 }
12498 if(!err)
12499 {
12500 struct rsbac_res_fd_aci_t def_aci = DEFAULT_RES_FD_ACI;
12501
12502 if(memcmp(&aci, &def_aci, sizeof(aci)))
12503 err = rsbac_ta_list_add_ttl(ta_number,
12504 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
12505 0,
12506 &tid_p->file.inode,
12507 &aci);
12508 else
12509 err = rsbac_ta_list_remove(ta_number,
12510 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
12511 &tid_p->file.inode);
12512 }
12513 }
12514 break;
12515 #endif
12516
12517 #if defined(CONFIG_RSBAC_PAX)
12518 case PAX:
12519 {
12520 switch (attr)
12521 {
12522 case A_pax_flags:
12523 value_p->pax_flags &= RSBAC_PAX_ALL_FLAGS;
12524 err = rsbac_ta_list_add_ttl(ta_number,
12525 device_p->handles.pax[pax_fd_hash(tid_p->file.inode)],
12526 0,
12527 &tid_p->file.inode,
12528 &value_p->pax_flags);
12529 break;
12530
12531 default:
12532 err = -RSBAC_EINVALIDATTR;
12533 }
12534 }
12535 break;
12536 #endif
12537
12538 default:
12539 err = -RSBAC_EINVALIDMODULE;
12540 }
12541
12542 rsbac_read_unlock(&device_list_head.lock, &dflags);
12543
12544 return err;
12545 }
12546
12547 static int set_attr_dev(
12548 rsbac_list_ta_number_t ta_number,
12549 enum rsbac_switch_target_t module,
12550 enum rsbac_target_t target,
12551 struct rsbac_dev_desc_t dev,
12552 enum rsbac_attribute_t attr,
12553 union rsbac_attribute_value_t * value_p)
12554 {
12555 int err = 0;
12556
12557
12558
12559
12560
12561
12562
12563
12564 switch(module)
12565 {
12566 case GEN:
12567 {
12568 struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI;
12569
12570 if(dev.type > D_char)
12571 return -RSBAC_EINVALIDTARGET;
12572 rsbac_ta_list_get_data_ttl(ta_number,
12573 dev_handles.gen,
12574 NULL,
12575 &dev,
12576 &aci);
12577 switch (attr)
12578 {
12579 case A_log_array_low:
12580 aci.log_array_low = value_p->log_array_low;
12581 break;
12582 case A_log_array_high:
12583 aci.log_array_high = value_p->log_array_high;
12584 break;
12585 default:
12586 err = -RSBAC_EINVALIDATTR;
12587 }
12588 if(!err)
12589 {
12590 err = rsbac_ta_list_add_ttl(ta_number,
12591 dev_handles.gen,
12592 0,
12593 &dev,
12594 &aci);
12595 }
12596 }
12597 break;
12598
12599 #if defined(CONFIG_RSBAC_MAC)
12600 case MAC:
12601 {
12602 struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI;
12603
12604 if(dev.type > D_char)
12605 return -RSBAC_EINVALIDTARGET;
12606 rsbac_ta_list_get_data_ttl(ta_number,
12607 dev_handles.mac,
12608 NULL,
12609 &dev,
12610 &aci);
12611 switch (attr)
12612 {
12613 case A_security_level:
12614 aci.sec_level = value_p->security_level;
12615 break;
12616 case A_mac_categories:
12617 aci.mac_categories = value_p->mac_categories;
12618 break;
12619 case A_mac_check:
12620 aci.mac_check = value_p->mac_check;
12621 break;
12622 default:
12623 err = -RSBAC_EINVALIDATTR;
12624 }
12625 if(!err)
12626 {
12627 err = rsbac_ta_list_add_ttl(ta_number,
12628 dev_handles.mac,
12629 0,
12630 &dev,
12631 &aci);
12632 }
12633 }
12634 break;
12635 #endif
12636
12637 #if defined(CONFIG_RSBAC_PM)
12638 case PM:
12639 {
12640 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
12641
12642 if(dev.type > D_char)
12643 return -RSBAC_EINVALIDTARGET;
12644 rsbac_ta_list_get_data_ttl(ta_number,
12645 dev_handles.pm,
12646 NULL,
12647 &dev,
12648 &aci);
12649 switch (attr)
12650 {
12651 case A_pm_object_type:
12652 aci.pm_object_type = value_p->pm_object_type;
12653 break;
12654 case A_pm_object_class:
12655 aci.pm_object_class = value_p->pm_object_class;
12656 break;
12657 default:
12658 err = -RSBAC_EINVALIDATTR;
12659 }
12660 if(!err)
12661 {
12662 err = rsbac_ta_list_add_ttl(ta_number,
12663 dev_handles.pm,
12664 0,
12665 &dev,
12666 &aci);
12667 }
12668 }
12669 break;
12670 #endif
12671
12672 #if defined(CONFIG_RSBAC_RC)
12673 case RC:
12674 {
12675 rsbac_rc_type_id_t type = value_p->rc_type;
12676 struct rsbac_dev_desc_t dev_desc;
12677 rsbac_list_handle_t handle;
12678
12679 switch(dev.type)
12680 {
12681 case D_char:
12682 dev_desc.type = D_char;
12683 handle = dev_handles.rc;
12684 break;
12685 case D_block:
12686 dev_desc.type = D_block;
12687 handle = dev_handles.rc;
12688 break;
12689 case D_char_major:
12690 if(type > RC_type_max_value)
12691 return -RSBAC_EINVALIDVALUE;
12692 dev_desc.type = D_char;
12693 handle = dev_major_handles.rc;
12694 break;
12695 case D_block_major:
12696 if(type > RC_type_max_value)
12697 return -RSBAC_EINVALIDVALUE;
12698 dev_desc.type = D_block;
12699 handle = dev_major_handles.rc;
12700 break;
12701 default:
12702 return -RSBAC_EINVALIDTARGET;
12703 }
12704 dev_desc.major = dev.major;
12705 dev_desc.minor = dev.minor;
12706
12707 switch (attr)
12708 {
12709 case A_rc_type:
12710 err = rsbac_ta_list_add_ttl(ta_number,
12711 handle,
12712 0,
12713 &dev_desc,
12714 &type);
12715 break;
12716 default:
12717 err = -RSBAC_EINVALIDATTR;
12718 }
12719 }
12720 break;
12721 #endif
12722
12723 default:
12724 err = -RSBAC_EINVALIDMODULE;
12725 }
12726
12727 return err;
12728 }
12729
12730 static int set_attr_ipc(
12731 rsbac_list_ta_number_t ta_number,
12732 enum rsbac_switch_target_t module,
12733 enum rsbac_target_t target,
12734 union rsbac_target_id_t * tid_p,
12735 enum rsbac_attribute_t attr,
12736 union rsbac_attribute_value_t * value_p)
12737 {
12738 int err = 0;
12739
12740
12741
12742
12743
12744
12745
12746 switch(module)
12747 {
12748 #if defined(CONFIG_RSBAC_MAC)
12749 case MAC:
12750 {
12751 struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI;
12752
12753 rsbac_ta_list_get_data_ttl(ta_number,
12754 ipc_handles.mac,
12755 NULL,
12756 &tid_p->ipc,
12757 &aci);
12758 switch (attr)
12759 {
12760 case A_security_level:
12761 aci.sec_level = value_p->security_level;
12762 break;
12763 case A_mac_categories:
12764 aci.mac_categories = value_p->mac_categories;
12765 break;
12766 default:
12767 err = -RSBAC_EINVALIDATTR;
12768 }
12769 if(!err)
12770 {
12771 err = rsbac_ta_list_add_ttl(ta_number,
12772 ipc_handles.mac,
12773 0,
12774 &tid_p->ipc,
12775 &aci);
12776 }
12777 }
12778 break;
12779 #endif
12780
12781 #if defined(CONFIG_RSBAC_PM)
12782 case PM:
12783 {
12784 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
12785
12786 rsbac_ta_list_get_data_ttl(ta_number,
12787 ipc_handles.pm,
12788 NULL,
12789 &tid_p->ipc,
12790 &aci);
12791 switch (attr)
12792 {
12793 case A_pm_object_type:
12794 aci.pm_object_type = value_p->pm_object_type;
12795 break;
12796 case A_pm_ipc_purpose:
12797 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
12798 break;
12799 case A_pm_object_class:
12800 aci.pm_object_class = value_p->pm_object_class;
12801 break;
12802 default:
12803 err = -RSBAC_EINVALIDATTR;
12804 }
12805 if(!err)
12806 {
12807 err = rsbac_ta_list_add_ttl(ta_number,
12808 ipc_handles.pm,
12809 0,
12810 &tid_p->ipc,
12811 &aci);
12812 }
12813 }
12814 break;
12815 #endif
12816
12817 #if defined(CONFIG_RSBAC_RC)
12818 case RC:
12819 {
12820 rsbac_rc_type_id_t type = value_p->rc_type;
12821
12822 switch (attr)
12823 {
12824 case A_rc_type:
12825 err = rsbac_ta_list_add_ttl(ta_number,
12826 ipc_handles.rc,
12827 0,
12828 &tid_p->ipc,
12829 &type);
12830 break;
12831 default:
12832 err = -RSBAC_EINVALIDATTR;
12833 }
12834 }
12835 break;
12836 #endif
12837
12838 #if defined(CONFIG_RSBAC_JAIL)
12839 case JAIL:
12840 {
12841 rsbac_jail_id_t id = value_p->jail_id;
12842
12843 switch (attr)
12844 {
12845 case A_jail_id:
12846
12847
12848
12849
12850
12851
12852
12853
12854 err = rsbac_ta_list_add_ttl(ta_number,
12855 ipc_handles.jail,
12856 0,
12857 &tid_p->ipc,
12858 &id);
12859 break;
12860 default:
12861 err = -RSBAC_EINVALIDATTR;
12862 }
12863 }
12864 break;
12865 #endif
12866
12867 default:
12868 err = -RSBAC_EINVALIDMODULE;
12869 }
12870
12871 return err;
12872 }
12873
12874 static int set_attr_user(
12875 rsbac_list_ta_number_t ta_number,
12876 enum rsbac_switch_target_t module,
12877 enum rsbac_target_t target,
12878 union rsbac_target_id_t * tid_p,
12879 enum rsbac_attribute_t attr,
12880 union rsbac_attribute_value_t * value_p)
12881 {
12882 int err = 0;
12883
12884 #ifdef CONFIG_RSBAC_DEBUG
12885
12886
12887
12888
12889
12890
12891 #endif
12892 switch(module)
12893 {
12894 case GEN:
12895 {
12896 struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI;
12897
12898 rsbac_ta_list_get_data_ttl(ta_number,
12899 user_handles.gen,
12900 NULL,
12901 &tid_p->user,
12902 &aci);
12903 switch (attr)
12904 {
12905 case A_pseudo:
12906 aci.pseudo = value_p->pseudo;
12907 break;
12908 case A_log_user_based:
12909 aci.log_user_based = value_p->log_user_based;
12910 break;
12911 default:
12912 err = -RSBAC_EINVALIDATTR;
12913 }
12914 if(!err)
12915 {
12916 err = rsbac_ta_list_add_ttl(ta_number,
12917 user_handles.gen,
12918 0,
12919 &tid_p->user,
12920 &aci);
12921 }
12922 }
12923 break;
12924
12925 #if defined(CONFIG_RSBAC_MAC)
12926 case MAC:
12927 {
12928 struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI;
12929
12930 rsbac_ta_list_get_data_ttl(ta_number,
12931 user_handles.mac,
12932 NULL,
12933 &tid_p->user,
12934 &aci);
12935 switch (attr)
12936 {
12937 case A_security_level:
12938 if(value_p->security_level < aci.min_security_level)
12939 err = -RSBAC_EINVALIDVALUE;
12940 else
12941 aci.security_level = value_p->security_level;
12942 break;
12943 case A_initial_security_level:
12944 if( (value_p->security_level < aci.min_security_level)
12945 || (value_p->security_level > aci.security_level)
12946 )
12947 err = -RSBAC_EINVALIDVALUE;
12948 else
12949 aci.initial_security_level = value_p->security_level;
12950 break;
12951 case A_min_security_level:
12952 if(value_p->security_level > aci.security_level)
12953 err = -RSBAC_EINVALIDVALUE;
12954 else
12955 aci.min_security_level = value_p->security_level;
12956 break;
12957 case A_mac_categories:
12958 if((value_p->mac_categories & aci.mac_min_categories) != aci.mac_min_categories)
12959 err = -RSBAC_EINVALIDVALUE;
12960 else
12961 aci.mac_categories = value_p->mac_categories;
12962 break;
12963 case A_mac_initial_categories:
12964 if( ((value_p->mac_categories & aci.mac_min_categories) != aci.mac_min_categories)
12965 || ((value_p->mac_categories & aci.mac_categories) != value_p->mac_categories)
12966 )
12967 err = -RSBAC_EINVALIDVALUE;
12968 else
12969 aci.mac_initial_categories = value_p->mac_categories;
12970 break;
12971 case A_mac_min_categories:
12972 if((value_p->mac_categories & aci.mac_categories) != value_p->mac_categories)
12973 err = -RSBAC_EINVALIDVALUE;
12974 else
12975 aci.mac_min_categories = value_p->mac_categories;
12976 break;
12977 case A_system_role:
12978 case A_mac_role:
12979 aci.system_role = value_p->system_role;
12980 break;
12981 case A_mac_user_flags:
12982 aci.mac_user_flags = value_p->mac_user_flags & RSBAC_MAC_U_FLAGS;
12983 break;
12984 default:
12985 err = -RSBAC_EINVALIDATTR;
12986 }
12987 if(!err)
12988 {
12989 err = rsbac_ta_list_add_ttl(ta_number,
12990 user_handles.mac,
12991 0,
12992 &tid_p->user,
12993 &aci);
12994 }
12995 }
12996 break;
12997 #endif
12998
12999 #if defined(CONFIG_RSBAC_PM)
13000 case PM:
13001 {
13002 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
13003
13004 rsbac_ta_list_get_data_ttl(ta_number,
13005 user_handles.pm,
13006 NULL,
13007 &tid_p->user,
13008 &aci);
13009 switch (attr)
13010 {
13011 case A_pm_task_set:
13012 aci.pm_task_set = value_p->pm_task_set;
13013 break;
13014 case A_pm_role:
13015 aci.pm_role = value_p->pm_role;
13016 break;
13017 default:
13018 err = -RSBAC_EINVALIDATTR;
13019 }
13020 if(!err)
13021 {
13022 err = rsbac_ta_list_add_ttl(ta_number,
13023 user_handles.pm,
13024 0,
13025 &tid_p->user,
13026 &aci);
13027 }
13028 }
13029 break;
13030 #endif
13031
13032 #if defined(CONFIG_RSBAC_DAZ)
13033 case DAZ:
13034 {
13035 rsbac_system_role_int_t role = value_p->system_role;
13036
13037 switch (attr)
13038 {
13039 case A_system_role:
13040 case A_daz_role:
13041 err = rsbac_ta_list_add_ttl(ta_number,
13042 user_handles.daz,
13043 0,
13044 &tid_p->user,
13045 &role);
13046 break;
13047 default:
13048 err = -RSBAC_EINVALIDATTR;
13049 }
13050 }
13051 break;
13052 #endif
13053
13054 #if defined(CONFIG_RSBAC_FF)
13055 case FF:
13056 {
13057 rsbac_system_role_int_t role = value_p->system_role;
13058
13059 switch (attr)
13060 {
13061 case A_system_role:
13062 case A_ff_role:
13063 err = rsbac_ta_list_add_ttl(ta_number,
13064 user_handles.ff,
13065 0,
13066 &tid_p->user,
13067 &role);
13068 break;
13069 default:
13070 err = -RSBAC_EINVALIDATTR;
13071 }
13072 }
13073 break;
13074 #endif
13075
13076 #if defined(CONFIG_RSBAC_RC)
13077 case RC:
13078 {
13079 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
13080
13081 rsbac_ta_list_get_data_ttl(ta_number,
13082 user_handles.rc,
13083 NULL,
13084 &tid_p->user,
13085 &aci);
13086 switch (attr)
13087 {
13088 case A_rc_def_role:
13089 aci.rc_role = value_p->rc_def_role;
13090 break;
13091 case A_rc_type:
13092 aci.rc_type = value_p->rc_type;
13093 break;
13094 default:
13095 err = -RSBAC_EINVALIDATTR;
13096 }
13097 if(!err)
13098 {
13099 err = rsbac_ta_list_add_ttl(ta_number,
13100 user_handles.rc,
13101 0,
13102 &tid_p->user,
13103 &aci);
13104 }
13105 }
13106 break;
13107 #endif
13108
13109 #if defined(CONFIG_RSBAC_AUTH)
13110 case AUTH:
13111 {
13112 rsbac_system_role_int_t role = value_p->system_role;
13113
13114 switch (attr)
13115 {
13116 case A_system_role:
13117 case A_auth_role:
13118 err = rsbac_ta_list_add_ttl(ta_number,
13119 user_handles.auth,
13120 0,
13121 &tid_p->user,
13122 &role);
13123 break;
13124 default:
13125 err = -RSBAC_EINVALIDATTR;
13126 }
13127 }
13128 break;
13129 #endif
13130
13131 #if defined(CONFIG_RSBAC_CAP)
13132 case CAP:
13133 {
13134 struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI;
13135
13136 rsbac_ta_list_get_data_ttl(ta_number,
13137 user_handles.cap,
13138 NULL,
13139 &tid_p->user,
13140 &aci);
13141 switch (attr)
13142 {
13143 case A_system_role:
13144 case A_cap_role:
13145 aci.cap_role = value_p->system_role;
13146 break;
13147 case A_min_caps:
13148 aci.min_caps = value_p->min_caps;
13149 break;
13150 case A_max_caps:
13151 aci.max_caps = value_p->max_caps;
13152 break;
13153 default:
13154 err = -RSBAC_EINVALIDATTR;
13155 }
13156 if(!err)
13157 {
13158 err = rsbac_ta_list_add_ttl(ta_number,
13159 user_handles.cap,
13160 0,
13161 &tid_p->user,
13162 &aci);
13163 }
13164 }
13165 break;
13166 #endif
13167
13168 #if defined(CONFIG_RSBAC_JAIL)
13169 case JAIL:
13170 {
13171 rsbac_system_role_int_t role = value_p->system_role;
13172
13173 switch (attr)
13174 {
13175 case A_system_role:
13176 case A_jail_role:
13177 err = rsbac_ta_list_add_ttl(ta_number,
13178 user_handles.jail,
13179 0,
13180 &tid_p->user,
13181 &role);
13182 break;
13183 default:
13184 err = -RSBAC_EINVALIDATTR;
13185 }
13186 }
13187 break;
13188 #endif
13189
13190 #if defined(CONFIG_RSBAC_RES)
13191 case RES:
13192 {
13193 struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI;
13194
13195 rsbac_ta_list_get_data_ttl(ta_number,
13196 user_handles.res,
13197 NULL,
13198 &tid_p->user,
13199 &aci);
13200 switch (attr)
13201 {
13202 case A_system_role:
13203 case A_res_role:
13204 aci.res_role = value_p->system_role;
13205 break;
13206 case A_res_min:
13207 memcpy(&aci.res_min, &value_p->res_array, sizeof(aci.res_min));
13208 break;
13209 case A_res_max:
13210 memcpy(&aci.res_max, &value_p->res_array, sizeof(aci.res_max));
13211 break;
13212 default:
13213 err = -RSBAC_EINVALIDATTR;
13214 }
13215 if(!err)
13216 {
13217 struct rsbac_res_user_aci_t def_aci = DEFAULT_RES_U_ACI;
13218
13219 if(tid_p->user != RSBAC_ALL_USERS)
13220 {
13221 rsbac_uid_t all_users = RSBAC_ALL_USERS;
13222
13223 rsbac_ta_list_get_data_ttl(ta_number,
13224 user_handles.res,
13225 NULL,
13226 &all_users,
13227 &def_aci);
13228 }
13229 if(memcmp(&aci, &def_aci, sizeof(aci)))
13230 err = rsbac_ta_list_add_ttl(ta_number,
13231 user_handles.res,
13232 0,
13233 &tid_p->user,
13234 &aci);
13235 else
13236 err = rsbac_ta_list_remove(ta_number,
13237 user_handles.res,
13238 &tid_p->user);
13239 }
13240 }
13241 break;
13242 #endif
13243
13244 #if defined(CONFIG_RSBAC_PAX)
13245 case PAX:
13246 {
13247 rsbac_system_role_int_t role = value_p->system_role;
13248
13249 switch (attr)
13250 {
13251 case A_system_role:
13252 case A_pax_role:
13253 err = rsbac_ta_list_add_ttl(ta_number,
13254 user_handles.pax,
13255 0,
13256 &tid_p->user,
13257 &role);
13258 break;
13259 default:
13260 err = -RSBAC_EINVALIDATTR;
13261 }
13262 }
13263 break;
13264 #endif
13265
13266 default:
13267 err = -RSBAC_EINVALIDMODULE;
13268 }
13269
13270 return err;
13271 }
13272
13273 static int set_attr_process(
13274 rsbac_list_ta_number_t ta_number,
13275 enum rsbac_switch_target_t module,
13276 enum rsbac_target_t target,
13277 union rsbac_target_id_t * tid_p,
13278 enum rsbac_attribute_t attr,
13279 union rsbac_attribute_value_t * value_p)
13280 {
13281 int err = 0;
13282
13283
13284
13285
13286
13287
13288
13289
13290 if (!tid_p->process)
13291 {
13292 rsbac_printk(KERN_WARNING
13293 "rsbac_set_attr(): Trying to set attribute for process 0!\n");
13294 return -RSBAC_EINVALIDTARGET;
13295 }
13296 switch(module)
13297 {
13298 case GEN:
13299 {
13300 struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI;
13301
13302 rsbac_ta_list_get_data_ttl(ta_number,
13303 process_handles.gen[gen_p_hash(tid_p->process)],
13304 NULL,
13305 &tid_p->process,
13306 &aci);
13307 switch (attr)
13308 {
13309 case A_log_program_based:
13310 aci.log_program_based = value_p->log_program_based;
13311 break;
13312 case A_fake_root_uid:
13313 aci.fake_root_uid = value_p->fake_root_uid;
13314 break;
13315 case A_audit_uid:
13316 aci.audit_uid = value_p->audit_uid;
13317 break;
13318 case A_auid_exempt:
13319 aci.auid_exempt = value_p->auid_exempt;
13320 break;
13321 case A_remote_ip:
13322 aci.remote_ip = value_p->remote_ip;
13323 break;
13324 default:
13325 err = -RSBAC_EINVALIDATTR;
13326 }
13327 if(!err)
13328 {
13329 err = rsbac_ta_list_add_ttl(ta_number,
13330 process_handles.gen[gen_p_hash(tid_p->process)],
13331 0,
13332 &tid_p->process,
13333 &aci);
13334 }
13335 }
13336 break;
13337
13338 #if defined(CONFIG_RSBAC_MAC)
13339 case MAC:
13340 {
13341 struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI;
13342
13343 rsbac_ta_list_get_data_ttl(ta_number,
13344 process_handles.mac[mac_p_hash(tid_p->process)],
13345 NULL,
13346 &tid_p->process,
13347 &aci);
13348 switch (attr)
13349 {
13350 case A_security_level:
13351 aci.owner_sec_level = value_p->security_level;
13352 break;
13353 case A_initial_security_level:
13354 aci.owner_initial_sec_level = value_p->security_level;
13355 break;
13356 case A_min_security_level:
13357 aci.owner_min_sec_level = value_p->security_level;
13358 break;
13359 case A_mac_categories:
13360 aci.mac_owner_categories = value_p->mac_categories;
13361 break;
13362 case A_mac_initial_categories:
13363 aci.mac_owner_initial_categories = value_p->mac_categories;
13364 break;
13365 case A_mac_min_categories:
13366 aci.mac_owner_min_categories = value_p->mac_categories;
13367 break;
13368 case A_current_sec_level:
13369 aci.current_sec_level = value_p->current_sec_level;
13370 break;
13371 case A_mac_curr_categories:
13372 aci.mac_curr_categories = value_p->mac_categories;
13373 break;
13374 case A_min_write_open:
13375 aci.min_write_open = value_p->min_write_open;
13376 break;
13377 case A_min_write_categories:
13378 aci.min_write_categories = value_p->mac_categories;
13379 break;
13380 case A_max_read_open:
13381 aci.max_read_open = value_p->max_read_open;
13382 break;
13383 case A_max_read_categories:
13384 aci.max_read_categories = value_p->mac_categories;
13385 break;
13386 case A_mac_process_flags:
13387 aci.mac_process_flags = value_p->mac_process_flags & RSBAC_MAC_P_FLAGS;
13388 break;
13389 case A_mac_auto:
13390 if(value_p->mac_auto)
13391 aci.mac_process_flags |= MAC_auto;
13392 else
13393 aci.mac_process_flags &= ~MAC_auto;
13394 break;
13395 default:
13396 err = -RSBAC_EINVALIDATTR;
13397 }
13398 if(!err)
13399 {
13400 err = rsbac_ta_list_add_ttl(ta_number,
13401 process_handles.mac[mac_p_hash(tid_p->process)],
13402 0,
13403 &tid_p->process,
13404 &aci);
13405 }
13406 }
13407 break;
13408 #endif
13409
13410 #if defined(CONFIG_RSBAC_PM)
13411 case PM:
13412 {
13413 struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI;
13414
13415 rsbac_ta_list_get_data_ttl(ta_number,
13416 process_handles.pm,
13417 NULL,
13418 &tid_p->process,
13419 &aci);
13420 switch (attr)
13421 {
13422 case A_pm_tp:
13423 aci.pm_tp = value_p->pm_tp;
13424 break;
13425 case A_pm_current_task:
13426 aci.pm_current_task = value_p->pm_current_task;
13427 break;
13428 case A_pm_process_type:
13429 aci.pm_process_type = value_p->pm_process_type;
13430 break;
13431 default:
13432 err = -RSBAC_EINVALIDATTR;
13433 }
13434 if(!err)
13435 {
13436 err = rsbac_ta_list_add_ttl(ta_number,
13437 process_handles.pm,
13438 0,
13439 &tid_p->process,
13440 &aci);
13441 }
13442 }
13443 break;
13444 #endif
13445
13446 #if defined(CONFIG_RSBAC_DAZ)
13447 case DAZ:
13448 {
13449 struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI;
13450
13451 rsbac_ta_list_get_data_ttl(ta_number,
13452 process_handles.daz,
13453 NULL,
13454 &tid_p->process,
13455 &aci);
13456 switch (attr)
13457 {
13458 case A_daz_scanner:
13459 aci.daz_scanner = value_p->daz_scanner;
13460 break;
13461 default:
13462 err = -RSBAC_EINVALIDATTR;
13463 }
13464 if(!err)
13465 {
13466 err = rsbac_ta_list_add_ttl(ta_number,
13467 process_handles.daz,
13468 0,
13469 &tid_p->process,
13470 &aci);
13471 }
13472 }
13473 break;
13474 #endif
13475
13476 #if defined(CONFIG_RSBAC_RC)
13477 case RC:
13478 {
13479 struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI;
13480
13481 rsbac_ta_list_get_data_ttl(ta_number,
13482 process_handles.rc[rc_p_hash(tid_p->process)],
13483 NULL,
13484 &tid_p->process,
13485 &aci);
13486 switch (attr)
13487 {
13488 case A_rc_role:
13489 aci.rc_role = value_p->rc_role;
13490 break;
13491 case A_rc_type:
13492 aci.rc_type = value_p->rc_type;
13493 break;
13494 case A_rc_force_role:
13495 aci.rc_force_role = value_p->rc_force_role;
13496 break;
13497 default:
13498 err = -RSBAC_EINVALIDATTR;
13499 }
13500 if(!err)
13501 {
13502 err = rsbac_ta_list_add_ttl(ta_number,
13503 process_handles.rc[rc_p_hash(tid_p->process)],
13504 0,
13505 &tid_p->process,
13506 &aci);
13507 }
13508 }
13509 break;
13510 #endif
13511
13512 #if defined(CONFIG_RSBAC_AUTH)
13513 case AUTH:
13514 {
13515 struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI;
13516
13517 rsbac_ta_list_get_data_ttl(ta_number,
13518 process_handles.auth,
13519 NULL,
13520 &tid_p->process,
13521 &aci);
13522 switch (attr)
13523 {
13524 case A_auth_may_setuid:
13525 aci.auth_may_setuid = value_p->auth_may_setuid;
13526 break;
13527 case A_auth_may_set_cap:
13528 aci.auth_may_set_cap = value_p->auth_may_set_cap;
13529 break;
13530 #if defined(CONFIG_RSBAC_AUTH_LEARN)
13531 case A_auth_program_file:
13532 aci.auth_program_file = value_p->auth_program_file;
13533 break;
13534 case A_auth_start_uid:
13535 aci.auth_start_uid = value_p->auth_start_uid;
13536 break;
13537 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
13538 case A_auth_start_euid:
13539 aci.auth_start_euid = value_p->auth_start_euid;
13540 break;
13541 #endif
13542 #ifdef CONFIG_RSBAC_AUTH_GROUP
13543 case A_auth_start_gid:
13544 aci.auth_start_gid = value_p->auth_start_gid;
13545 break;
13546 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
13547 case A_auth_start_egid:
13548 aci.auth_start_egid = value_p->auth_start_egid;
13549 break;
13550 #endif
13551 #endif
13552 case A_auth_learn:
13553 aci.auth_learn = value_p->auth_learn;
13554 break;
13555 #endif
13556 case A_auth_last_auth:
13557 aci.auth_last_auth = value_p->auth_last_auth;
13558 break;
13559 default:
13560 err = -RSBAC_EINVALIDATTR;
13561 }
13562 if(!err)
13563 {
13564 err = rsbac_ta_list_add_ttl(ta_number,
13565 process_handles.auth,
13566 0,
13567 &tid_p->process,
13568 &aci);
13569 }
13570 }
13571 break;
13572 #endif
13573
13574 #if defined(CONFIG_RSBAC_CAP)
13575 case CAP:
13576 {
13577 struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI;
13578
13579 rsbac_ta_list_get_data_ttl(ta_number,
13580 process_handles.cap,
13581 NULL,
13582 &tid_p->process,
13583 &aci);
13584 switch (attr)
13585 {
13586 case A_cap_process_hiding:
13587 aci.cap_process_hiding = value_p->cap_process_hiding;
13588 break;
13589 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
13590 case A_max_caps_user:
13591 aci.max_caps_user = value_p->max_caps_user;
13592 break;
13593 case A_max_caps_program:
13594 aci.max_caps_program = value_p->max_caps_program;
13595 break;
13596 #endif
13597 default:
13598 err = -RSBAC_EINVALIDATTR;
13599 }
13600 if(!err)
13601 {
13602 err = rsbac_ta_list_add_ttl(ta_number,
13603 process_handles.cap,
13604 0,
13605 &tid_p->process,
13606 &aci);
13607 }
13608 }
13609 break;
13610 #endif
13611
13612 #if defined(CONFIG_RSBAC_JAIL)
13613 case JAIL:
13614 {
13615 struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI;
13616
13617 rsbac_ta_list_get_data_ttl(ta_number,
13618 process_handles.jail[jail_p_hash(tid_p->process)],
13619 NULL,
13620 &tid_p->process,
13621 &aci);
13622 switch (attr)
13623 {
13624 case A_jail_id:
13625 aci.id = value_p->jail_id;
13626 break;
13627 case A_jail_ip:
13628 aci.ip = value_p->jail_ip;
13629 break;
13630 case A_jail_flags:
13631 aci.flags = value_p->jail_flags;
13632 break;
13633 case A_jail_max_caps:
13634 aci.max_caps = value_p->jail_max_caps;
13635 break;
13636 case A_jail_scd_get:
13637 aci.scd_get = value_p->jail_scd_get;
13638 break;
13639 case A_jail_scd_modify:
13640 aci.scd_modify = value_p->jail_scd_modify;
13641 break;
13642 default:
13643 err = -RSBAC_EINVALIDATTR;
13644 }
13645 if(!err)
13646 {
13647 err = rsbac_ta_list_add_ttl(ta_number,
13648 process_handles.jail[jail_p_hash(tid_p->process)],
13649 0,
13650 &tid_p->process,
13651 &aci);
13652 }
13653 }
13654 break;
13655 #endif
13656
13657 default:
13658 err = -RSBAC_EINVALIDMODULE;
13659 }
13660
13661 return err;
13662 }
13663
13664 #ifdef CONFIG_RSBAC_UM
13665 static int set_attr_group(
13666 rsbac_list_ta_number_t ta_number,
13667 enum rsbac_switch_target_t module,
13668 enum rsbac_target_t target,
13669 union rsbac_target_id_t * tid_p,
13670 enum rsbac_attribute_t attr,
13671 union rsbac_attribute_value_t * value_p)
13672 {
13673 int err = 0;
13674
13675
13676
13677
13678
13679
13680
13681
13682 switch(module)
13683 {
13684 #if defined(CONFIG_RSBAC_RC_UM_PROT)
13685 case RC:
13686 {
13687 rsbac_rc_type_id_t type = value_p->rc_type;
13688 rsbac_gid_t group_desc;
13689
13690 group_desc = tid_p->group;
13691
13692 switch (attr)
13693 {
13694 case A_rc_type:
13695 err = rsbac_ta_list_add_ttl(ta_number,
13696 group_handles.rc,
13697 0,
13698 &group_desc,
13699 &type);
13700 break;
13701 default:
13702 err = -RSBAC_EINVALIDATTR;
13703 }
13704 }
13705 break;
13706 #endif
13707
13708 default:
13709 err = -RSBAC_EINVALIDMODULE;
13710 }
13711
13712 return err;
13713 }
13714 #endif
13715
13716 #ifdef CONFIG_RSBAC_NET_DEV
13717 static int set_attr_netdev(
13718 rsbac_list_ta_number_t ta_number,
13719 enum rsbac_switch_target_t module,
13720 enum rsbac_target_t target,
13721 union rsbac_target_id_t * tid_p,
13722 enum rsbac_attribute_t attr,
13723 union rsbac_attribute_value_t * value_p)
13724 {
13725 int err = 0;
13726
13727
13728
13729
13730
13731
13732
13733
13734 switch(module)
13735 {
13736 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
13737 case GEN:
13738 {
13739 struct rsbac_gen_netdev_aci_t aci = DEFAULT_GEN_NETDEV_ACI;
13740
13741 rsbac_ta_list_get_data_ttl(ta_number,
13742 netdev_handles.gen,
13743 NULL,
13744 &tid_p->netdev,
13745 &aci);
13746 switch (attr)
13747 {
13748 case A_log_array_low:
13749 aci.log_array_low = value_p->log_array_low;
13750 break;
13751 case A_log_array_high:
13752 aci.log_array_high = value_p->log_array_high;
13753 break;
13754 default:
13755 err = -RSBAC_EINVALIDATTR;
13756 }
13757 if(!err)
13758 {
13759 err = rsbac_ta_list_add_ttl(ta_number,
13760 netdev_handles.gen,
13761 0,
13762 &tid_p->netdev,
13763 &aci);
13764 }
13765 }
13766 break;
13767 #endif
13768 #if defined(CONFIG_RSBAC_RC)
13769 case RC:
13770 {
13771 rsbac_rc_type_id_t type = value_p->rc_type;
13772
13773 switch (attr)
13774 {
13775 case A_rc_type:
13776 err = rsbac_ta_list_add_ttl(ta_number,
13777 netdev_handles.rc,
13778 0,
13779 &tid_p->netdev,
13780 &type);
13781 break;
13782 default:
13783 err = -RSBAC_EINVALIDATTR;
13784 }
13785 }
13786 break;
13787 #endif
13788
13789 default:
13790 err = -RSBAC_EINVALIDMODULE;
13791 }
13792
13793 return err;
13794 }
13795
13796 static int set_attr_nettemp(
13797 rsbac_list_ta_number_t ta_number,
13798 enum rsbac_switch_target_t module,
13799 enum rsbac_target_t target,
13800 union rsbac_target_id_t * tid_p,
13801 enum rsbac_attribute_t attr,
13802 union rsbac_attribute_value_t * value_p)
13803 {
13804 int err = 0;
13805
13806
13807
13808
13809
13810
13811
13812 if(!rsbac_list_exist(net_temp_handle, &tid_p->nettemp))
13813 return -RSBAC_EINVALIDTARGET;
13814 switch(module)
13815 {
13816 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
13817 case GEN:
13818 {
13819 struct rsbac_gen_netobj_aci_t aci = DEFAULT_GEN_NETOBJ_ACI;
13820
13821 rsbac_ta_list_get_data_ttl(ta_number,
13822 nettemp_handles.gen,
13823 NULL,
13824 &tid_p->nettemp,
13825 &aci);
13826 switch (attr)
13827 {
13828 case A_log_array_low:
13829 aci.log_array_low = value_p->log_array_low;
13830 break;
13831 case A_log_array_high:
13832 aci.log_array_high = value_p->log_array_high;
13833 break;
13834
13835 default:
13836 err = -RSBAC_EINVALIDATTR;
13837 }
13838 if(!err)
13839 {
13840 err = rsbac_ta_list_add_ttl(ta_number,
13841 nettemp_handles.gen,
13842 0,
13843 &tid_p->nettemp,
13844 &aci);
13845 }
13846 }
13847 break;
13848 #endif
13849 #if defined(CONFIG_RSBAC_MAC)
13850 case MAC:
13851 {
13852 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
13853
13854 rsbac_ta_list_get_data_ttl(ta_number,
13855 nettemp_handles.mac,
13856 NULL,
13857 &tid_p->nettemp,
13858 &aci);
13859 switch (attr)
13860 {
13861 case A_security_level:
13862 aci.sec_level = value_p->security_level;
13863 break;
13864 case A_mac_categories:
13865 aci.mac_categories = value_p->mac_categories;
13866 break;
13867
13868 default:
13869 err = -RSBAC_EINVALIDATTR;
13870 }
13871 if(!err)
13872 {
13873 err = rsbac_ta_list_add_ttl(ta_number,
13874 nettemp_handles.mac,
13875 0,
13876 &tid_p->nettemp,
13877 &aci);
13878 }
13879 }
13880 break;
13881 #endif
13882
13883 #if defined(CONFIG_RSBAC_PM)
13884 case PM:
13885 {
13886 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
13887
13888 rsbac_ta_list_get_data_ttl(ta_number,
13889 nettemp_handles.pm,
13890 NULL,
13891 &tid_p->nettemp,
13892 &aci);
13893 switch (attr)
13894 {
13895 case A_pm_object_class:
13896 aci.pm_object_class = value_p->pm_object_class;
13897 break;
13898 case A_pm_ipc_purpose:
13899 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
13900 break;
13901 case A_pm_object_type:
13902 aci.pm_object_type = value_p->pm_object_type;
13903 break;
13904 default:
13905 err = -RSBAC_EINVALIDATTR;
13906 }
13907 if(!err)
13908 {
13909 err = rsbac_ta_list_add_ttl(ta_number,
13910 nettemp_handles.pm,
13911 0,
13912 &tid_p->nettemp,
13913 &aci);
13914 }
13915 }
13916 break;
13917 #endif
13918
13919 #if defined(CONFIG_RSBAC_RC)
13920 case RC:
13921 {
13922 struct rsbac_rc_nettemp_aci_t aci = DEFAULT_RC_NETTEMP_ACI;
13923
13924 rsbac_ta_list_get_data_ttl(ta_number,
13925 nettemp_handles.rc,
13926 NULL,
13927 &tid_p->nettemp,
13928 &aci);
13929 switch (attr)
13930 {
13931 case A_rc_type:
13932 aci.netobj_type = value_p->rc_type;
13933 break;
13934 case A_rc_type_nt:
13935 aci.nettemp_type = value_p->rc_type;
13936 break;
13937
13938 default:
13939 err = -RSBAC_EINVALIDATTR;
13940 }
13941 if(!err)
13942 {
13943 err = rsbac_ta_list_add_ttl(ta_number,
13944 nettemp_handles.rc,
13945 0,
13946 &tid_p->nettemp,
13947 &aci);
13948 }
13949 }
13950 break;
13951 #endif
13952
13953 default:
13954 err = -RSBAC_EINVALIDMODULE;
13955 }
13956
13957 return err;
13958 }
13959
13960 static int set_attr_netobj(
13961 rsbac_list_ta_number_t ta_number,
13962 enum rsbac_switch_target_t module,
13963 enum rsbac_target_t target,
13964 union rsbac_target_id_t * tid_p,
13965 enum rsbac_attribute_t attr,
13966 union rsbac_attribute_value_t * value_p)
13967 {
13968 int err = 0;
13969
13970
13971
13972
13973
13974
13975
13976 switch(module)
13977 {
13978 #if defined(CONFIG_RSBAC_MAC)
13979 case MAC:
13980 {
13981 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
13982
13983 switch(attr)
13984 {
13985 case A_local_sec_level:
13986 case A_local_mac_categories:
13987 if(rsbac_ta_list_get_data_ttl(ta_number,
13988 lnetobj_handles.mac,
13989 NULL,
13990 &tid_p->netobj.sock_p,
13991 &aci))
13992 {
13993 rsbac_net_temp_id_t temp = 0;
13994
13995 rsbac_ta_net_lookup_templates(ta_number,
13996 &tid_p->netobj,
13997 &temp,
13998 NULL);
13999 if(temp)
14000 rsbac_ta_list_get_data_ttl(ta_number,
14001 nettemp_handles.mac,
14002 NULL,
14003 &temp,
14004 &aci);
14005 }
14006 break;
14007
14008 case A_remote_sec_level:
14009 case A_remote_mac_categories:
14010 if(rsbac_ta_list_get_data_ttl(ta_number,
14011 rnetobj_handles.mac,
14012 NULL,
14013 &tid_p->netobj.sock_p,
14014 &aci))
14015 {
14016 rsbac_net_temp_id_t temp = 0;
14017
14018 rsbac_ta_net_lookup_templates(ta_number,
14019 &tid_p->netobj,
14020 NULL,
14021 &temp);
14022 if(temp)
14023 rsbac_ta_list_get_data_ttl(ta_number,
14024 nettemp_handles.mac,
14025 NULL,
14026 &temp,
14027 &aci);
14028 }
14029 break;
14030
14031 default:
14032 err = -RSBAC_EINVALIDATTR;
14033 }
14034 if(err)
14035 break;
14036 {
14037 switch (attr)
14038 {
14039 case A_local_sec_level:
14040 aci.sec_level = value_p->security_level;
14041 err = rsbac_ta_list_add_ttl(ta_number,
14042 lnetobj_handles.mac,
14043 0,
14044 &tid_p->netobj.sock_p,
14045 &aci);
14046 break;
14047 case A_remote_sec_level:
14048 aci.sec_level = value_p->security_level;
14049 err = rsbac_ta_list_add_ttl(ta_number,
14050 rnetobj_handles.mac,
14051 0,
14052 &tid_p->netobj.sock_p,
14053 &aci);
14054 break;
14055 case A_local_mac_categories:
14056 aci.mac_categories = value_p->mac_categories;
14057 err = rsbac_ta_list_add_ttl(ta_number,
14058 lnetobj_handles.mac,
14059 0,
14060 &tid_p->netobj.sock_p,
14061 &aci);
14062 break;
14063 case A_remote_mac_categories:
14064 aci.mac_categories = value_p->mac_categories;
14065 err = rsbac_ta_list_add_ttl(ta_number,
14066 rnetobj_handles.mac,
14067 0,
14068 &tid_p->netobj.sock_p,
14069 &aci);
14070 break;
14071
14072 default:
14073 err = -RSBAC_EINVALIDATTR;
14074 }
14075 }
14076 }
14077 break;
14078 #endif
14079
14080 #if defined(CONFIG_RSBAC_PM)
14081 case PM:
14082 {
14083 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
14084
14085 switch(attr)
14086 {
14087 case A_local_pm_object_class:
14088 case A_local_pm_ipc_purpose:
14089 case A_local_pm_object_type:
14090 if(rsbac_ta_list_get_data_ttl(ta_number,
14091 lnetobj_handles.pm,
14092 NULL,
14093 &tid_p->netobj.sock_p,
14094 &aci))
14095 {
14096 rsbac_net_temp_id_t temp = 0;
14097
14098 rsbac_ta_net_lookup_templates(ta_number,
14099 &tid_p->netobj,
14100 &temp,
14101 NULL);
14102 if(temp)
14103 rsbac_ta_list_get_data_ttl(ta_number,
14104 nettemp_handles.pm,
14105 NULL,
14106 &temp,
14107 &aci);
14108 }
14109 break;
14110
14111 case A_remote_pm_object_class:
14112 case A_remote_pm_ipc_purpose:
14113 case A_remote_pm_object_type:
14114 if(rsbac_ta_list_get_data_ttl(ta_number,
14115 rnetobj_handles.pm,
14116 NULL,
14117 &tid_p->netobj.sock_p,
14118 &aci))
14119 {
14120 rsbac_net_temp_id_t temp = 0;
14121
14122 rsbac_ta_net_lookup_templates(ta_number,
14123 &tid_p->netobj,
14124 NULL,
14125 &temp);
14126 if(temp)
14127 rsbac_ta_list_get_data_ttl(ta_number,
14128 nettemp_handles.pm,
14129 NULL,
14130 &temp,
14131 &aci);
14132 }
14133 break;
14134
14135 default:
14136 err = -RSBAC_EINVALIDATTR;
14137 }
14138 if(err)
14139 break;
14140 {
14141 switch (attr)
14142 {
14143 case A_local_pm_object_class:
14144 aci.pm_object_class = value_p->pm_object_class;
14145 err = rsbac_ta_list_add_ttl(ta_number,
14146 lnetobj_handles.pm,
14147 0,
14148 &tid_p->netobj.sock_p,
14149 &aci);
14150 break;
14151 case A_remote_pm_object_class:
14152 aci.pm_object_class = value_p->pm_object_class;
14153 err = rsbac_ta_list_add_ttl(ta_number,
14154 rnetobj_handles.pm,
14155 0,
14156 &tid_p->netobj.sock_p,
14157 &aci);
14158 break;
14159 case A_local_pm_ipc_purpose:
14160 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
14161 err = rsbac_ta_list_add_ttl(ta_number,
14162 lnetobj_handles.pm,
14163 0,
14164 &tid_p->netobj.sock_p,
14165 &aci);
14166 break;
14167 case A_remote_pm_ipc_purpose:
14168 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
14169 err = rsbac_ta_list_add_ttl(ta_number,
14170 rnetobj_handles.pm,
14171 0,
14172 &tid_p->netobj.sock_p,
14173 &aci);
14174 break;
14175 case A_local_pm_object_type:
14176 aci.pm_object_type = value_p->pm_object_type;
14177 err = rsbac_ta_list_add_ttl(ta_number,
14178 lnetobj_handles.pm,
14179 0,
14180 &tid_p->netobj.sock_p,
14181 &aci);
14182 break;
14183 case A_remote_pm_object_type:
14184 aci.pm_object_type = value_p->pm_object_type;
14185 err = rsbac_ta_list_add_ttl(ta_number,
14186 rnetobj_handles.pm,
14187 0,
14188 &tid_p->netobj.sock_p,
14189 &aci);
14190 break;
14191
14192 default:
14193 err = -RSBAC_EINVALIDATTR;
14194 }
14195 }
14196 }
14197 break;
14198 #endif
14199
14200 #if defined(CONFIG_RSBAC_RC)
14201 case RC:
14202 {
14203 rsbac_rc_type_id_t type = value_p->rc_type;
14204
14205 switch(attr)
14206 {
14207 case A_local_rc_type:
14208 err = rsbac_ta_list_add_ttl(ta_number,
14209 lnetobj_handles.rc,
14210 0,
14211 &tid_p->netobj.sock_p,
14212 &type);
14213 break;
14214
14215 case A_remote_rc_type:
14216 err = rsbac_ta_list_add_ttl(ta_number,
14217 rnetobj_handles.rc,
14218 0,
14219 &tid_p->netobj.sock_p,
14220 &type);
14221 break;
14222
14223 default:
14224 err = -RSBAC_EINVALIDATTR;
14225 }
14226 }
14227 break;
14228 #endif
14229
14230 default:
14231 err = -RSBAC_EINVALIDMODULE;
14232 }
14233
14234 return err;
14235 }
14236 #endif
14237
14238
14239 int rsbac_ta_set_attr(
14240 rsbac_list_ta_number_t ta_number,
14241 enum rsbac_switch_target_t module,
14242 enum rsbac_target_t target,
14243 union rsbac_target_id_t tid,
14244 enum rsbac_attribute_t attr,
14245 union rsbac_attribute_value_t value)
14246 {
14247 int err = 0;
14248
14249
14250
14251
14252
14253 if (!rsbac_initialized)
14254 {
14255 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n");
14256 return(-RSBAC_ENOTINITIALIZED);
14257 }
14258 if (in_interrupt())
14259 {
14260 rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n");
14261 }
14262 switch (target)
14263 {
14264 case T_FILE:
14265 case T_DIR:
14266 case T_FIFO:
14267 case T_SYMLINK:
14268 err = set_attr_fd(ta_number, module, target, &tid, attr, &value);
14269 break;
14270
14271 case T_DEV:
14272 err = set_attr_dev(ta_number, module, target, tid.dev, attr, &value);
14273 break;
14274
14275 case T_IPC:
14276 err = set_attr_ipc(ta_number, module, target, &tid, attr, &value);
14277 break;
14278
14279 case T_USER:
14280 err = set_attr_user(ta_number, module, target, &tid, attr, &value);
14281 break;
14282
14283 case T_PROCESS:
14284 err = set_attr_process(ta_number, module, target, &tid, attr, &value);
14285 break;
14286
14287 #ifdef CONFIG_RSBAC_UM
14288 case T_GROUP:
14289 err = set_attr_group(ta_number, module, target, &tid, attr, &value);
14290 break;
14291 #endif
14292
14293 #ifdef CONFIG_RSBAC_NET_DEV
14294 case T_NETDEV:
14295 err = set_attr_netdev(ta_number, module, target, &tid, attr, &value);
14296 break;
14297 #endif
14298
14299 #ifdef CONFIG_RSBAC_NET_OBJ
14300 case T_NETTEMP:
14301 err = set_attr_nettemp(ta_number, module, target, &tid, attr, &value);
14302 break;
14303
14304 case T_NETOBJ:
14305 err = set_attr_netobj(ta_number, module, target, &tid, attr, &value);
14306 break;
14307 #endif
14308
14309
14310 default:
14311 return(-RSBAC_EINVALIDTARGET);
14312 }
14313 #ifdef CONFIG_RSBAC_XSTATS
14314 if(!err)
14315 set_attr_count[target]++;
14316 #endif
14317 return(err);
14318 }
14319
14320
14321
14322 int rsbac_ta_remove_target(
14323 rsbac_list_ta_number_t ta_number,
14324 enum rsbac_target_t target,
14325 union rsbac_target_id_t tid)
14326 {
14327 int error=0;
14328 struct rsbac_device_list_item_t * device_p;
14329 u_long dflags;
14330
14331 if (!rsbac_initialized)
14332 {
14333 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n");
14334 return(-RSBAC_ENOTINITIALIZED);
14335 }
14336 if (in_interrupt())
14337 {
14338 rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n");
14339 }
14340 switch (target)
14341 {
14342 case T_FILE:
14343 case T_DIR:
14344 case T_FIFO:
14345 case T_SYMLINK:
14346
14347
14348
14349
14350
14351
14352
14353 #if defined(CONFIG_RSBAC_MAC)
14354
14355 if( (target == T_FILE)
14356 || (target == T_DIR)
14357 )
14358 error = rsbac_mac_remove_f_trusets(tid.file);
14359 #endif
14360 #if defined(CONFIG_RSBAC_AUTH)
14361
14362 if( (target == T_FILE)
14363 || (target == T_DIR)
14364 )
14365 error = rsbac_auth_remove_f_capsets(tid.file);
14366 #endif
14367 #if defined(CONFIG_RSBAC_ACL)
14368
14369 error = rsbac_acl_remove_acl(ta_number, target, tid);
14370 #endif
14371
14372 rsbac_read_lock(&device_list_head.lock, &dflags);
14373
14374
14375
14376 device_p = lookup_device(tid.file.device);
14377 if (!device_p)
14378 {
14379 struct super_block * sb_p;
14380
14381 rsbac_read_unlock(&device_list_head.lock, &dflags);
14382 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14383 sb_p = user_get_super(tid.file.device);
14384 #else
14385 sb_p = get_super(tid.file.device);
14386 #endif
14387 if(sb_p)
14388 {
14389 rsbac_printk(KERN_INFO
14390 "rsbac_remove_target(): auto-mounting device %02u:%02u\n",
14391 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14392 rsbac_mount(sb_p, NULL);
14393
14394 drop_super(sb_p);
14395 rsbac_read_lock(&device_list_head.lock, &dflags);
14396 device_p = lookup_device(tid.file.device);
14397 if (!device_p)
14398 {
14399 rsbac_printk(KERN_WARNING
14400 "rsbac_remove_target(): unknown device %02u:%02u\n",
14401 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14402 rsbac_read_unlock(&device_list_head.lock, &dflags);
14403 return -RSBAC_EINVALIDDEV;
14404 }
14405 }
14406 else
14407 return -RSBAC_EINVALIDDEV;
14408 }
14409 rsbac_ta_list_remove(ta_number,
14410 device_p->handles.gen[gen_fd_hash(tid.file.inode)],
14411 &tid.file.inode);
14412 #if defined(CONFIG_RSBAC_MAC)
14413 rsbac_ta_list_remove(ta_number,
14414 device_p->handles.mac[mac_fd_hash(tid.file.inode)],
14415 &tid.file.inode);
14416 #endif
14417 #if defined(CONFIG_RSBAC_PM)
14418 rsbac_ta_list_remove(ta_number,
14419 device_p->handles.pm[pm_fd_hash(tid.file.inode)],
14420 &tid.file.inode);
14421 #endif
14422 #if defined(CONFIG_RSBAC_DAZ)
14423 rsbac_ta_list_remove(ta_number,
14424 device_p->handles.daz[daz_fd_hash(tid.file.inode)],
14425 &tid.file.inode);
14426 #if defined(CONFIG_RSBAC_DAZ_CACHE)
14427 rsbac_ta_list_remove(ta_number,
14428 device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)],
14429 &tid.file.inode);
14430 #endif
14431 #endif
14432 #if defined(CONFIG_RSBAC_FF)
14433 rsbac_ta_list_remove(ta_number,
14434 device_p->handles.ff[ff_fd_hash(tid.file.inode)],
14435 &tid.file.inode);
14436 #endif
14437 #if defined(CONFIG_RSBAC_RC)
14438 rsbac_ta_list_remove(ta_number,
14439 device_p->handles.rc[rc_fd_hash(tid.file.inode)],
14440 &tid.file.inode);
14441 #endif
14442 #if defined(CONFIG_RSBAC_AUTH)
14443 rsbac_ta_list_remove(ta_number,
14444 device_p->handles.auth[auth_fd_hash(tid.file.inode)],
14445 &tid.file.inode);
14446 #endif
14447 #if defined(CONFIG_RSBAC_CAP)
14448 rsbac_ta_list_remove(ta_number,
14449 device_p->handles.cap[cap_fd_hash(tid.file.inode)],
14450 &tid.file.inode);
14451 #endif
14452 #if defined(CONFIG_RSBAC_PAX)
14453 rsbac_ta_list_remove(ta_number,
14454 device_p->handles.pax[pax_fd_hash(tid.file.inode)],
14455 &tid.file.inode);
14456 #endif
14457 #if defined(CONFIG_RSBAC_RES)
14458 rsbac_ta_list_remove(ta_number,
14459 device_p->handles.res[res_fd_hash(tid.file.inode)],
14460 &tid.file.inode);
14461 #endif
14462
14463
14464 rsbac_read_unlock(&device_list_head.lock, &dflags);
14465 break;
14466
14467 case T_DEV:
14468 {
14469 if(tid.dev.type > D_char)
14470 return -RSBAC_EINVALIDTARGET;
14471
14472
14473
14474
14475
14476
14477 rsbac_ta_list_remove(ta_number,
14478 dev_handles.gen,
14479 &tid.dev);
14480 #if defined(CONFIG_RSBAC_MAC)
14481 rsbac_ta_list_remove(ta_number,
14482 dev_handles.mac,
14483 &tid.dev);
14484 #endif
14485 #if defined(CONFIG_RSBAC_PM)
14486 rsbac_ta_list_remove(ta_number,
14487 dev_handles.pm,
14488 &tid.dev);
14489 #endif
14490 #if defined(CONFIG_RSBAC_RC)
14491 rsbac_ta_list_remove(ta_number,
14492 dev_handles.rc,
14493 &tid.dev);
14494 #endif
14495 }
14496 break;
14497
14498 case T_IPC:
14499
14500
14501
14502
14503
14504
14505
14506 #if defined(CONFIG_RSBAC_MAC)
14507 rsbac_ta_list_remove(ta_number,
14508 ipc_handles.mac,
14509 &tid.ipc);
14510 #endif
14511 #if defined(CONFIG_RSBAC_PM)
14512 rsbac_ta_list_remove(ta_number,
14513 ipc_handles.pm,
14514 &tid.ipc);
14515 #endif
14516 #if defined(CONFIG_RSBAC_RC)
14517 rsbac_ta_list_remove(ta_number,
14518 ipc_handles.rc,
14519 &tid.ipc);
14520 #endif
14521 #if defined(CONFIG_RSBAC_JAIL)
14522 rsbac_ta_list_remove(ta_number,
14523 ipc_handles.jail,
14524 &tid.ipc);
14525 #endif
14526 break;
14527
14528 case T_USER:
14529
14530
14531
14532
14533
14534
14535 rsbac_ta_list_remove(ta_number,
14536 user_handles.gen,
14537 &tid.user);
14538 #if defined(CONFIG_RSBAC_MAC)
14539 rsbac_ta_list_remove(ta_number,
14540 user_handles.mac,
14541 &tid.user);
14542 #endif
14543 #if defined(CONFIG_RSBAC_PM)
14544 rsbac_ta_list_remove(ta_number,
14545 user_handles.pm,
14546 &tid.user);
14547 #endif
14548 #if defined(CONFIG_RSBAC_DAZ)
14549 rsbac_ta_list_remove(ta_number,
14550 user_handles.daz,
14551 &tid.user);
14552 #endif
14553 #if defined(CONFIG_RSBAC_FF)
14554 rsbac_ta_list_remove(ta_number,
14555 user_handles.ff,
14556 &tid.user);
14557 #endif
14558 #if defined(CONFIG_RSBAC_RC)
14559 rsbac_ta_list_remove(ta_number,
14560 user_handles.rc,
14561 &tid.user);
14562 #endif
14563 #if defined(CONFIG_RSBAC_AUTH)
14564 rsbac_ta_list_remove(ta_number,
14565 user_handles.auth,
14566 &tid.user);
14567 #endif
14568 #if defined(CONFIG_RSBAC_CAP)
14569 rsbac_ta_list_remove(ta_number,
14570 user_handles.cap,
14571 &tid.user);
14572 #endif
14573 #if defined(CONFIG_RSBAC_JAIL)
14574 rsbac_ta_list_remove(ta_number,
14575 user_handles.jail,
14576 &tid.user);
14577 #endif
14578 #if defined(CONFIG_RSBAC_PAX)
14579 rsbac_ta_list_remove(ta_number,
14580 user_handles.pax,
14581 &tid.user);
14582 #endif
14583 #if defined(CONFIG_RSBAC_RES)
14584 rsbac_ta_list_remove(ta_number,
14585 user_handles.res,
14586 &tid.user);
14587 #endif
14588 break;
14589
14590 case T_PROCESS:
14591
14592
14593
14594
14595
14596
14597
14598 #if defined(CONFIG_RSBAC_ACL)
14599
14600 error = rsbac_acl_remove_acl(ta_number, target, tid);
14601 #endif
14602 rsbac_ta_list_remove(ta_number,
14603 process_handles.gen[gen_p_hash(tid.process)],
14604 &tid.process);
14605 #if defined(CONFIG_RSBAC_MAC)
14606
14607 error = rsbac_mac_remove_p_trusets(tid.process);
14608 rsbac_ta_list_remove(ta_number,
14609 process_handles.mac[mac_p_hash(tid.process)],
14610 &tid.process);
14611 #endif
14612 #if defined(CONFIG_RSBAC_PM)
14613 rsbac_ta_list_remove(ta_number,
14614 process_handles.pm,
14615 &tid.process);
14616 #endif
14617 #if defined(CONFIG_RSBAC_DAZ)
14618 rsbac_ta_list_remove(ta_number,
14619 process_handles.daz,
14620 &tid.process);
14621 #endif
14622 #if defined(CONFIG_RSBAC_RC)
14623 rsbac_ta_list_remove(ta_number,
14624 process_handles.rc[rc_p_hash(tid.process)],
14625 &tid.process);
14626 #endif
14627 #if defined(CONFIG_RSBAC_AUTH)
14628
14629 error = rsbac_auth_remove_p_capsets(tid.process);
14630 rsbac_ta_list_remove(ta_number,
14631 process_handles.auth,
14632 &tid.process);
14633 #endif
14634 #if defined(CONFIG_RSBAC_CAP)
14635 rsbac_ta_list_remove(ta_number,
14636 process_handles.cap,
14637 &tid.process);
14638 #endif
14639 #if defined(CONFIG_RSBAC_JAIL)
14640 rsbac_ta_list_remove(ta_number,
14641 process_handles.jail[jail_p_hash(tid.process)],
14642 &tid.process);
14643 #endif
14644 break;
14645
14646 #ifdef CONFIG_RSBAC_UM
14647 case T_GROUP:
14648
14649
14650
14651
14652
14653
14654
14655 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14656 rsbac_ta_list_remove(ta_number,
14657 group_handles.rc,
14658 &tid.group);
14659 #endif
14660 break;
14661 #endif
14662
14663 #ifdef CONFIG_RSBAC_NET_DEV
14664 case T_NETDEV:
14665 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14666 rsbac_ta_list_remove(ta_number,
14667 netdev_handles.gen,
14668 &tid.netdev);
14669 #endif
14670 #if defined(CONFIG_RSBAC_RC)
14671 rsbac_ta_list_remove(ta_number,
14672 netdev_handles.rc,
14673 &tid.netdev);
14674 #endif
14675 break;
14676 #endif
14677
14678 #ifdef CONFIG_RSBAC_NET_OBJ
14679 case T_NETTEMP:
14680
14681
14682
14683
14684
14685
14686
14687 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14688 rsbac_ta_list_remove(ta_number,
14689 nettemp_handles.gen,
14690 &tid.nettemp);
14691 #endif
14692 #if defined(CONFIG_RSBAC_MAC)
14693 rsbac_ta_list_remove(ta_number,
14694 nettemp_handles.mac,
14695 &tid.nettemp);
14696 #endif
14697 #if defined(CONFIG_RSBAC_PM)
14698 rsbac_ta_list_remove(ta_number,
14699 nettemp_handles.pm,
14700 &tid.nettemp);
14701 #endif
14702 #if defined(CONFIG_RSBAC_RC)
14703 rsbac_ta_list_remove(ta_number,
14704 nettemp_handles.rc,
14705 &tid.nettemp);
14706 #endif
14707 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
14708 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid);
14709 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid);
14710 #endif
14711 break;
14712
14713 case T_NETOBJ:
14714
14715
14716
14717
14718
14719
14720
14721 #if defined(CONFIG_RSBAC_MAC)
14722 rsbac_ta_list_remove(ta_number,
14723 lnetobj_handles.mac,
14724 &tid.netobj.sock_p);
14725 rsbac_ta_list_remove(ta_number,
14726 rnetobj_handles.mac,
14727 &tid.netobj.sock_p);
14728 #endif
14729 #if defined(CONFIG_RSBAC_PM)
14730 rsbac_ta_list_remove(ta_number,
14731 lnetobj_handles.pm,
14732 &tid.netobj.sock_p);
14733 rsbac_ta_list_remove(ta_number,
14734 rnetobj_handles.pm,
14735 &tid.netobj.sock_p);
14736 #endif
14737 #if defined(CONFIG_RSBAC_RC)
14738 rsbac_ta_list_remove(ta_number,
14739 lnetobj_handles.rc,
14740 &tid.netobj.sock_p);
14741 rsbac_ta_list_remove(ta_number,
14742 rnetobj_handles.rc,
14743 &tid.netobj.sock_p);
14744 #endif
14745 break;
14746
14747 #endif
14748
14749 default:
14750 return(-RSBAC_EINVALIDTARGET);
14751 }
14752 #ifdef CONFIG_RSBAC_XSTATS
14753 remove_count[target]++;
14754 #endif
14755 return(error);
14756 }
14757
14758 int rsbac_ta_list_all_dev(rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t ** id_pp)
14759 {
14760 int count=0;
14761 int tmp_count;
14762
14763 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen);
14764 if(tmp_count > 0)
14765 count += tmp_count;
14766 #if defined(CONFIG_RSBAC_MAC)
14767 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac);
14768 if(tmp_count > 0)
14769 count += tmp_count;
14770 #endif
14771 #if defined(CONFIG_RSBAC_PM)
14772 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm);
14773 if(tmp_count > 0)
14774 count += tmp_count;
14775 #endif
14776 #if defined(CONFIG_RSBAC_RC)
14777 tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc);
14778 if(tmp_count > 0)
14779 count += tmp_count;
14780 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc);
14781 if(tmp_count > 0)
14782 count += tmp_count;
14783 #endif
14784 if(id_pp)
14785 {
14786 struct rsbac_dev_desc_t * i_id_p = NULL;
14787 char * pos = NULL;
14788 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC)
14789 u_int i;
14790 #endif
14791
14792 if(count > 0)
14793 {
14794 int i_count = 0;
14795
14796 i_count = count + 20;
14797 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14798 if(!*id_pp)
14799 return -RSBAC_ENOMEM;
14800 pos = (char *) *id_pp;
14801 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14802 dev_handles.gen,
14803 (void **) &i_id_p);
14804 if(tmp_count > 0)
14805 {
14806 if(tmp_count > i_count)
14807 tmp_count = i_count;
14808 memcpy(pos, i_id_p, tmp_count * sizeof(*i_id_p));
14809 rsbac_vfree(i_id_p);
14810 count = tmp_count;
14811 i_count -= tmp_count;
14812 pos += tmp_count * sizeof(*i_id_p);
14813 }
14814 else
14815 count = 0;
14816 #if defined(CONFIG_RSBAC_MAC)
14817 if(i_count)
14818 {
14819 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.mac, (void **) &i_id_p);
14820 if(tmp_count > 0)
14821 {
14822 if(tmp_count > i_count)
14823 tmp_count = i_count;
14824 for(i=0; i< tmp_count; i++)
14825 {
14826 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14827 {
14828 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14829 pos += sizeof(*i_id_p);
14830 count++;
14831 i_count--;
14832 }
14833 }
14834 rsbac_vfree(i_id_p);
14835 }
14836 }
14837 #endif
14838 #if defined(CONFIG_RSBAC_PM)
14839 if(i_count)
14840 {
14841 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.mac, (void **) &i_id_p);
14842 if(tmp_count > 0)
14843 {
14844 if(tmp_count > i_count)
14845 tmp_count = i_count;
14846 for(i=0; i< tmp_count; i++)
14847 {
14848 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14849 #if defined(CONFIG_RSBAC_MAC)
14850 if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14851 #endif
14852 {
14853 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14854 pos += sizeof(*i_id_p);
14855 count++;
14856 i_count--;
14857 }
14858 }
14859 rsbac_vfree(i_id_p);
14860 }
14861 }
14862 #endif
14863 #if defined(CONFIG_RSBAC_RC)
14864 if(i_count)
14865 {
14866 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_major_handles.rc, (void **) &i_id_p);
14867 if(tmp_count > 0)
14868 {
14869 if(tmp_count > i_count)
14870 tmp_count = i_count;
14871 for(i=0; i< tmp_count; i++)
14872 {
14873 i_id_p[i].type += (D_block_major - D_block);
14874 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14875 pos += sizeof(*i_id_p);
14876 count++;
14877 i_count--;
14878 }
14879 rsbac_vfree(i_id_p);
14880 }
14881 }
14882 if(i_count)
14883 {
14884 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.rc, (void **) &i_id_p);
14885 if(tmp_count > 0)
14886 {
14887 if(tmp_count > i_count)
14888 tmp_count = i_count;
14889 for(i=0; i< tmp_count; i++)
14890 {
14891 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14892 #if defined(CONFIG_RSBAC_MAC)
14893 if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14894 #endif
14895 #if defined(CONFIG_RSBAC_PM)
14896 if(!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i]))
14897 #endif
14898 {
14899 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14900 pos += sizeof(*i_id_p);
14901 count++;
14902 i_count--;
14903 }
14904 }
14905 rsbac_vfree(i_id_p);
14906 }
14907 }
14908 #endif
14909 if(!count)
14910 rsbac_vfree(*id_pp);
14911 }
14912 }
14913 return count;
14914 }
14915
14916
14917 static int copy_new_uids(rsbac_list_handle_t list,
14918 rsbac_list_ta_number_t ta_number,
14919 int * count_p,
14920 int * i_count_p,
14921 rsbac_uid_t * res_id_p)
14922 {
14923 rsbac_uid_t * i_id_p = NULL;
14924 rsbac_boolean_t found;
14925 int tmp_count;
14926 int i;
14927 int j;
14928
14929 if(!list || !count_p || !i_count_p || !res_id_p)
14930 return -RSBAC_EINVALIDPOINTER;
14931 if(!*i_count_p)
14932 return 0;
14933
14934
14935 tmp_count = rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p);
14936 if(tmp_count > 0)
14937 {
14938 if(tmp_count > *i_count_p)
14939 tmp_count = *i_count_p;
14940 for(i=0; i < tmp_count; i++)
14941 {
14942 found = FALSE;
14943 for(j=0; j < *count_p; j++)
14944 {
14945 if(res_id_p[j] == i_id_p[i])
14946 {
14947 found = TRUE;
14948 break;
14949 }
14950 }
14951 if(found == FALSE)
14952 {
14953 res_id_p[*count_p] = i_id_p[i];
14954 (*count_p)++;
14955 (*i_count_p)--;
14956 }
14957 }
14958 rsbac_vfree(i_id_p);
14959 }
14960 return 0;
14961 }
14962
14963 int rsbac_ta_list_all_user(rsbac_list_ta_number_t ta_number, rsbac_uid_t ** id_pp)
14964 {
14965 int count=0;
14966 int tmp_count;
14967
14968 tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen);
14969 if(tmp_count > 0)
14970 count += tmp_count;
14971 #if defined(CONFIG_RSBAC_MAC)
14972 tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac);
14973 if(tmp_count > 0)
14974 count += tmp_count;
14975 #endif
14976 #if defined(CONFIG_RSBAC_PM)
14977 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm);
14978 if(tmp_count > 0)
14979 count += tmp_count;
14980 #endif
14981 #if defined(CONFIG_RSBAC_DAZ)
14982 tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz);
14983 if(tmp_count > 0)
14984 count += tmp_count;
14985 #endif
14986 #if defined(CONFIG_RSBAC_FF)
14987 tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff);
14988 if(tmp_count > 0)
14989 count += tmp_count;
14990 #endif
14991 #if defined(CONFIG_RSBAC_RC)
14992 tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc);
14993 if(tmp_count > 0)
14994 count += tmp_count;
14995 #endif
14996 #if defined(CONFIG_RSBAC_AUTH)
14997 tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth);
14998 if(tmp_count > 0)
14999 count += tmp_count;
15000 #endif
15001 #if defined(CONFIG_RSBAC_CAP)
15002 tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap);
15003 if(tmp_count > 0)
15004 count += tmp_count;
15005 #endif
15006 #if defined(CONFIG_RSBAC_JAIL)
15007 tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail);
15008 if(tmp_count > 0)
15009 count += tmp_count;
15010 #endif
15011 #if defined(CONFIG_RSBAC_PAX)
15012 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax);
15013 if(tmp_count > 0)
15014 count += tmp_count;
15015 #endif
15016 #if defined(CONFIG_RSBAC_RES)
15017 tmp_count = rsbac_ta_list_count(ta_number, user_handles.res);
15018 if(tmp_count > 0)
15019 count += tmp_count;
15020 #endif
15021 if(id_pp)
15022 {
15023 if(count > 0)
15024 {
15025 int i_count;
15026 rsbac_uid_t * i_id_p = NULL;
15027
15028 i_count = count + 20;
15029 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15030 if(!*id_pp)
15031 return -RSBAC_ENOMEM;
15032 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15033 user_handles.gen,
15034 (void **) &i_id_p);
15035 if(tmp_count > 0)
15036 {
15037 if(tmp_count > i_count)
15038 tmp_count = i_count;
15039 memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p));
15040 rsbac_vfree(i_id_p);
15041 count = tmp_count;
15042 i_count -= tmp_count;
15043 }
15044 else
15045 count = 0;
15046 #if defined(CONFIG_RSBAC_MAC)
15047 copy_new_uids(user_handles.mac, ta_number, &count, &i_count, *id_pp);
15048 #endif
15049 #if defined(CONFIG_RSBAC_PM)
15050 copy_new_uids(user_handles.pm, ta_number, &count, &i_count, *id_pp);
15051 #endif
15052 #if defined(CONFIG_RSBAC_DAZ)
15053 copy_new_uids(user_handles.daz, ta_number, &count, &i_count, *id_pp);
15054 #endif
15055 #if defined(CONFIG_RSBAC_FF)
15056 copy_new_uids(user_handles.ff, ta_number, &count, &i_count, *id_pp);
15057 #endif
15058 #if defined(CONFIG_RSBAC_RC)
15059 copy_new_uids(user_handles.rc, ta_number, &count, &i_count, *id_pp);
15060 #endif
15061 #if defined(CONFIG_RSBAC_AUTH)
15062 copy_new_uids(user_handles.auth, ta_number, &count, &i_count, *id_pp);
15063 #endif
15064 #if defined(CONFIG_RSBAC_CAP)
15065 copy_new_uids(user_handles.cap, ta_number, &count, &i_count, *id_pp);
15066 #endif
15067 #if defined(CONFIG_RSBAC_JAIL)
15068 copy_new_uids(user_handles.jail, ta_number, &count, &i_count, *id_pp);
15069 #endif
15070 #if defined(CONFIG_RSBAC_PAX)
15071 copy_new_uids(user_handles.pax, ta_number, &count, &i_count, *id_pp);
15072 #endif
15073 #if defined(CONFIG_RSBAC_RES)
15074 copy_new_uids(user_handles.res, ta_number, &count, &i_count, *id_pp);
15075 #endif
15076 if(!count)
15077 rsbac_vfree(*id_pp);
15078 }
15079 }
15080 return count;
15081 }
15082
15083 int rsbac_ta_list_all_group(rsbac_list_ta_number_t ta_number, rsbac_gid_t ** id_pp)
15084 {
15085 #if defined(CONFIG_RSBAC_RC_UM_PROT)
15086 int count=0;
15087 int tmp_count;
15088
15089 tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc);
15090 if(tmp_count > 0)
15091 count += tmp_count;
15092 if(id_pp)
15093 {
15094 if(count > 0)
15095 {
15096 int i_count;
15097 rsbac_gid_t * i_id_p = NULL;
15098
15099 i_count = count + 20;
15100 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15101 if(!*id_pp)
15102 return -RSBAC_ENOMEM;
15103 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15104 group_handles.rc,
15105 (void **) &i_id_p);
15106 if(tmp_count > 0)
15107 {
15108 if(tmp_count > i_count)
15109 tmp_count = i_count;
15110 memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p));
15111 rsbac_vfree(i_id_p);
15112 count = tmp_count;
15113 i_count -= tmp_count;
15114 }
15115 else
15116 count = 0;
15117 if(!count)
15118 rsbac_vfree(*id_pp);
15119 }
15120 }
15121 return count;
15122 #else
15123 return 0;
15124 #endif
15125 }
15126
15127
15128 #ifdef CONFIG_RSBAC_NET_DEV
15129 int rsbac_ta_net_list_all_netdev(rsbac_list_ta_number_t ta_number, rsbac_netdev_id_t ** id_pp)
15130 {
15131 int count=0;
15132 int tmp_count;
15133
15134 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
15135 tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.gen);
15136 if(tmp_count > 0)
15137 count += tmp_count;
15138 #endif
15139 #if defined(CONFIG_RSBAC_RC)
15140 tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.rc);
15141 if(tmp_count > 0)
15142 count += tmp_count;
15143 #endif
15144 if(id_pp)
15145 {
15146 rsbac_netdev_id_t * i_id_p = NULL;
15147 char * pos = NULL;
15148 #if defined(CONFIG_RSBAC_RC)
15149 u_int i;
15150 #endif
15151
15152 if(count > 0)
15153 {
15154 int i_count = 0;
15155
15156 i_count = count + 20;
15157 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15158 if(!*id_pp)
15159 return -RSBAC_ENOMEM;
15160 pos = (char *) *id_pp;
15161 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
15162 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15163 netdev_handles.gen,
15164 (void **) &i_id_p);
15165 if(tmp_count > 0)
15166 {
15167 if(tmp_count > i_count)
15168 tmp_count = i_count;
15169 memcpy(pos, i_id_p, tmp_count * sizeof(*i_id_p));
15170 rsbac_vfree(i_id_p);
15171 count = tmp_count;
15172 i_count -= tmp_count;
15173 pos += tmp_count * sizeof(*i_id_p);
15174 }
15175 else
15176 count = 0;
15177 #endif
15178 #if defined(CONFIG_RSBAC_RC)
15179 if(i_count)
15180 {
15181 tmp_count = rsbac_ta_list_get_all_desc(ta_number, netdev_handles.rc, (void **) &i_id_p);
15182 if(tmp_count > 0)
15183 {
15184 if(tmp_count > i_count)
15185 tmp_count = i_count;
15186 for(i=0; i< tmp_count; i++)
15187 {
15188 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
15189 if(!rsbac_ta_list_exist(ta_number, netdev_handles.gen, &i_id_p[i]))
15190 #endif
15191 {
15192 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
15193 pos += sizeof(*i_id_p);
15194 count++;
15195 i_count--;
15196 }
15197 }
15198 rsbac_vfree(i_id_p);
15199 }
15200 }
15201 #endif
15202 if(!count)
15203 rsbac_vfree(*id_pp);
15204 }
15205 }
15206 return count;
15207 }
15208 #endif
15209
15210 #ifdef CONFIG_RSBAC_NET_OBJ
15211
15212 int rsbac_net_get_id(
15213 rsbac_list_ta_number_t ta_number,
15214 struct rsbac_net_description_t * desc_p,
15215 rsbac_net_temp_id_t * id_p)
15216 {
15217 if(!rsbac_initialized)
15218 return -RSBAC_ENOTINITIALIZED;
15219 if(!id_p || !desc_p)
15220 return -RSBAC_EINVALIDPOINTER;
15221 if(rsbac_ta_list_get_desc(ta_number,
15222 net_temp_handle,
15223 id_p,
15224 desc_p,
15225 rsbac_net_compare_data)
15226 )
15227 *id_p = RSBAC_NET_UNKNOWN;
15228 return 0;
15229 }
15230
15231
15232
15233 int rsbac_ta_net_lookup_templates(
15234 rsbac_list_ta_number_t ta_number,
15235 struct rsbac_net_obj_desc_t * netobj_p,
15236 rsbac_net_temp_id_t * local_temp_p,
15237 rsbac_net_temp_id_t * remote_temp_p)
15238 {
15239 struct rsbac_net_description_t * rsbac_net_desc_p;
15240 int err=0;
15241 struct net_device *dev;
15242
15243 if(!netobj_p || !netobj_p->sock_p || !netobj_p->sock_p->sk || !netobj_p->sock_p->ops)
15244 return -RSBAC_EINVALIDPOINTER;
15245 if(!local_temp_p && !remote_temp_p)
15246 return -RSBAC_EINVALIDVALUE;
15247
15248 rsbac_net_desc_p = rsbac_kmalloc(sizeof(*rsbac_net_desc_p));
15249 if(!rsbac_net_desc_p)
15250 return -RSBAC_ENOMEM;
15251
15252 rsbac_net_desc_p->address_family = netobj_p->sock_p->ops->family;
15253 rsbac_net_desc_p->type = netobj_p->sock_p->type;
15254 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15255 rsbac_net_desc_p->protocol = netobj_p->sock_p->sk->sk_protocol;
15256 if(netobj_p->sock_p->sk->sk_bound_dev_if)
15257 {
15258 dev = dev_get_by_index(netobj_p->sock_p->sk->sk_bound_dev_if);
15259 #else
15260 rsbac_net_desc_p->protocol = netobj_p->sock_p->sk->protocol;
15261 if(netobj_p->sock_p->sk->bound_dev_if)
15262 {
15263 dev = dev_get_by_index(netobj_p->sock_p->sk->bound_dev_if);
15264 #endif
15265 if(dev)
15266 {
15267 strcpy(rsbac_net_desc_p->netdev, dev->name);
15268 dev_put(dev);
15269 }
15270 else
15271 rsbac_net_desc_p->netdev[0] = RSBAC_NET_UNKNOWN;
15272 }
15273 else
15274 rsbac_net_desc_p->netdev[0] = RSBAC_NET_UNKNOWN;
15275 if(local_temp_p)
15276 {
15277 switch(rsbac_net_desc_p->address_family)
15278 {
15279 case AF_INET:
15280 if(netobj_p->local_addr)
15281 {
15282 struct sockaddr_in * addr = netobj_p->local_addr;
15283
15284 rsbac_net_desc_p->address = &addr->sin_addr.s_addr;
15285 rsbac_net_desc_p->address_len = sizeof(__u32);
15286 rsbac_net_desc_p->port = ntohs(addr->sin_port);
15287 }
15288 else
15289 {
15290 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15291 rsbac_net_desc_p->address = &inet_sk(netobj_p->sock_p->sk)->rcv_saddr;
15292 rsbac_net_desc_p->address_len = sizeof(__u32);
15293 rsbac_net_desc_p->port = inet_sk(netobj_p->sock_p->sk)->num;
15294 #else
15295 rsbac_net_desc_p->address = &netobj_p->sock_p->sk->rcv_saddr;
15296 rsbac_net_desc_p->address_len = sizeof(__u32);
15297 rsbac_net_desc_p->port = netobj_p->sock_p->sk->num;
15298 #endif
15299 }
15300 dev = ip_dev_find(*(__u32 *)rsbac_net_desc_p->address);
15301 if(dev)
15302 {
15303 strcpy(rsbac_net_desc_p->netdev, dev->name);
15304 dev_put(dev);
15305 }
15306 break;
15307 case AF_UNIX:
15308 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15309 if( unix_sk(netobj_p->sock_p->sk)->addr
15310 && unix_sk(netobj_p->sock_p->sk)->addr->name
15311 )
15312 {
15313 rsbac_net_desc_p->address = unix_sk(netobj_p->sock_p->sk)->addr->name[0].sun_path;
15314 rsbac_net_desc_p->address_len = unix_sk(netobj_p->sock_p->sk)->addr->len;
15315 }
15316 #else
15317 if(netobj_p->sock_p->sk->protinfo.af_unix.addr)
15318 {
15319 rsbac_net_desc_p->address = netobj_p->sock_p->sk->protinfo.af_unix.addr->name[0].sun_path;
15320 rsbac_net_desc_p->address_len = netobj_p->sock_p->sk->protinfo.af_unix.addr->len;
15321 }
15322 #endif
15323 else
15324 if(netobj_p->local_addr)
15325 {
15326 struct sockaddr_un * addr = netobj_p->local_addr;
15327
15328 if(addr->sun_path)
15329 {
15330 rsbac_net_desc_p->address = addr->sun_path;
15331 rsbac_net_desc_p->address_len = strlen(addr->sun_path);
15332 }
15333 else
15334 {
15335 rsbac_net_desc_p->address = NULL;
15336 rsbac_net_desc_p->address_len = 0;
15337 }
15338 }
15339 else
15340 {
15341 rsbac_net_desc_p->address = NULL;
15342 rsbac_net_desc_p->address_len = 0;
15343 }
15344 break;
15345
15346 default:
15347 rsbac_net_desc_p->address = NULL;
15348 rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
15349 }
15350 if((err = rsbac_net_get_id(ta_number, rsbac_net_desc_p, local_temp_p)))
15351 {
15352 *local_temp_p = 0;
15353 rsbac_printk(KERN_WARNING
15354 "rsbac_net_lookup_templates(): rsbac_net_get_id for local returned error %u\n",
15355 err);
15356 }
15357 #ifdef CONFIG_RSBAC_DEBUG
15358 if( rsbac_debug_ds_net
15359 && (rsbac_net_desc_p->address_family == AF_INET)
15360 )
15361 {
15362 rsbac_printk(KERN_DEBUG
15363 "rsbac_net_lookup_templates(): user %u temp id for local is %u\n",
15364 current->uid, *local_temp_p);
15365 }
15366 #endif
15367 }
15368 if(remote_temp_p)
15369 {
15370 switch(rsbac_net_desc_p->address_family)
15371 {
15372 case AF_INET:
15373 if(netobj_p->remote_addr)
15374 {
15375 struct sockaddr_in * addr = netobj_p->remote_addr;
15376
15377 rsbac_net_desc_p->address = &addr->sin_addr.s_addr;
15378 rsbac_net_desc_p->address_len = sizeof(__u32);
15379 rsbac_net_desc_p->port = ntohs(addr->sin_port);
15380 }
15381 else
15382 {
15383 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15384 rsbac_net_desc_p->address = &inet_sk(netobj_p->sock_p->sk)->daddr;
15385 rsbac_net_desc_p->address_len = sizeof(__u32);
15386 rsbac_net_desc_p->port = ntohs(inet_sk(netobj_p->sock_p->sk)->dport);
15387 #else
15388 rsbac_net_desc_p->address = &netobj_p->sock_p->sk->daddr;
15389 rsbac_net_desc_p->address_len = sizeof(__u32);
15390 rsbac_net_desc_p->port = ntohs(netobj_p->sock_p->sk->dport);
15391 #endif
15392 }
15393 dev = ip_dev_find(*(__u32 *)rsbac_net_desc_p->address);
15394 if(dev)
15395 {
15396 strcpy(rsbac_net_desc_p->netdev, dev->name);
15397 dev_put(dev);
15398 }
15399 break;
15400 case AF_UNIX:
15401 rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
15402 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15403 if( (unix_sk(netobj_p->sock_p->sk)->other)
15404 && (unix_sk(unix_sk(netobj_p->sock_p->sk)->other)->addr)
15405 )
15406 {
15407 rsbac_net_desc_p->address
15408 = unix_sk(unix_sk(netobj_p->sock_p->sk)->other)->addr->name;
15409 rsbac_net_desc_p->address_len
15410 = unix_sk(unix_sk(netobj_p->sock_p->sk)->other)->addr->len;
15411 }
15412 #else
15413 if( (netobj_p->sock_p->sk->protinfo.af_unix.other)
15414 && (netobj_p->sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr)
15415 )
15416 {
15417 rsbac_net_desc_p->address
15418 = netobj_p->sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr->name;
15419 rsbac_net_desc_p->address_len
15420 = netobj_p->sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr->len;
15421 }
15422 #endif
15423 else
15424 if(netobj_p->remote_addr)
15425 {
15426 struct sockaddr_un * addr = netobj_p->remote_addr;
15427
15428 if(addr->sun_path)
15429 {
15430 rsbac_net_desc_p->address = addr->sun_path;
15431 rsbac_net_desc_p->address_len = strlen(addr->sun_path);
15432 }
15433 else
15434 {
15435 rsbac_net_desc_p->address = NULL;
15436 rsbac_net_desc_p->address_len = 0;
15437 }
15438 }
15439 else
15440 {
15441 rsbac_net_desc_p->address = NULL;
15442 rsbac_net_desc_p->address_len = 0;
15443 }
15444 break;
15445
15446 default:
15447 rsbac_net_desc_p->address = NULL;
15448 rsbac_net_desc_p->address_len = 0;
15449 rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
15450 }
15451 if((err = rsbac_net_get_id(ta_number, rsbac_net_desc_p, remote_temp_p)))
15452 {
15453 *remote_temp_p = 0;
15454 rsbac_printk(KERN_WARNING
15455 "rsbac_net_lookup_templates(): rsbac_net_get_id for remote returned error %u\n",
15456 err);
15457 }
15458 #ifdef CONFIG_RSBAC_DEBUG
15459 if( rsbac_debug_ds_net
15460 && (rsbac_net_desc_p->address_family == AF_INET)
15461 )
15462 {
15463 rsbac_printk(KERN_DEBUG
15464 "rsbac_net_lookup_templates(): user %u temp id for remote is %u\n",
15465 current->uid, *remote_temp_p);
15466 }
15467 #endif
15468 }
15469 rsbac_kfree(rsbac_net_desc_p);
15470 return 0;
15471 }
15472
15473 void rsbac_net_obj_cleanup(rsbac_net_obj_id_t netobj)
15474 {
15475 union rsbac_target_id_t tid;
15476
15477 tid.netobj.sock_p = netobj;
15478 rsbac_remove_target(T_NETOBJ, tid);
15479 }
15480
15481 int rsbac_ta_net_template(
15482 rsbac_list_ta_number_t ta_number,
15483 enum rsbac_net_temp_syscall_t call,
15484 rsbac_net_temp_id_t id,
15485 union rsbac_net_temp_syscall_data_t * data_p)
15486 {
15487 struct rsbac_net_temp_data_t int_data = RSBAC_NET_TEMP_DEFAULT_DATA;
15488 int err;
15489
15490 switch(call)
15491 {
15492 case NTS_new_template:
15493 case NTS_check_id:
15494 break;
15495 case NTS_copy_template:
15496 err = rsbac_ta_list_get_data_ttl(ta_number,
15497 net_temp_handle,
15498 NULL,
15499 &data_p->id,
15500 &int_data);
15501 if(err)
15502 return err;
15503 break;
15504 default:
15505 err = rsbac_ta_list_get_data_ttl(ta_number,
15506 net_temp_handle,
15507 NULL,
15508 &id,
15509 &int_data);
15510 if(err)
15511 return err;
15512 }
15513
15514 switch(call)
15515 {
15516 case NTS_set_address:
15517 memcpy(&int_data.address, &data_p->address, sizeof(int_data.address));
15518 return rsbac_ta_list_add_ttl(ta_number,
15519 net_temp_handle,
15520 0,
15521 &id,
15522 &int_data);
15523 case NTS_set_address_family:
15524 int_data.address_family = data_p->address_family;
15525 return rsbac_ta_list_add_ttl(ta_number,
15526 net_temp_handle,
15527 0,
15528 &id,
15529 &int_data);
15530 case NTS_set_valid_len:
15531 int_data.valid_len = data_p->valid_len;
15532 return rsbac_ta_list_add_ttl(ta_number,
15533 net_temp_handle,
15534 0,
15535 &id,
15536 &int_data);
15537 case NTS_set_type:
15538 int_data.type = data_p->type;
15539 return rsbac_ta_list_add_ttl(ta_number,
15540 net_temp_handle,
15541 0,
15542 &id,
15543 &int_data);
15544 case NTS_set_protocol:
15545 int_data.protocol = data_p->protocol;
15546 return rsbac_ta_list_add_ttl(ta_number,
15547 net_temp_handle,
15548 0,
15549 &id,
15550 &int_data);
15551 case NTS_set_netdev:
15552 strncpy(int_data.netdev, data_p->netdev, RSBAC_IFNAMSIZ);
15553 int_data.netdev[RSBAC_IFNAMSIZ] = 0;
15554 return rsbac_ta_list_add_ttl(ta_number,
15555 net_temp_handle,
15556 0,
15557 &id,
15558 &int_data);
15559 case NTS_set_min_port:
15560 int_data.min_port = data_p->min_port;
15561 return rsbac_ta_list_add_ttl(ta_number,
15562 net_temp_handle,
15563 0,
15564 &id,
15565 &int_data);
15566 case NTS_set_max_port:
15567 int_data.max_port = data_p->max_port;
15568 return rsbac_ta_list_add_ttl(ta_number,
15569 net_temp_handle,
15570 0,
15571 &id,
15572 &int_data);
15573 case NTS_set_name:
15574 strncpy(int_data.name, data_p->name, RSBAC_NET_TEMP_NAMELEN - 1);
15575 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0;
15576 return rsbac_ta_list_add_ttl(ta_number,
15577 net_temp_handle,
15578 0,
15579 &id,
15580 &int_data);
15581 case NTS_new_template:
15582 if(rsbac_list_exist(net_temp_handle, &id))
15583 return -RSBAC_EEXISTS;
15584 strncpy(int_data.name, data_p->name, RSBAC_NET_TEMP_NAMELEN - 1);
15585 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0;
15586 return rsbac_ta_list_add_ttl(ta_number,
15587 net_temp_handle,
15588 0,
15589 &id,
15590 &int_data);
15591 case NTS_copy_template:
15592 if(rsbac_list_exist(net_temp_handle, &id))
15593 return -RSBAC_EEXISTS;
15594 return rsbac_ta_list_add_ttl(ta_number,
15595 net_temp_handle,
15596 0,
15597 &id,
15598 &int_data);
15599 case NTS_delete_template:
15600 return rsbac_ta_list_remove(ta_number, net_temp_handle, &id);
15601 case NTS_check_id:
15602 if(rsbac_ta_list_exist(ta_number, net_temp_handle, &id))
15603 {
15604 data_p->id = id;
15605 return 0;
15606 }
15607 else
15608 return -RSBAC_ENOTFOUND;
15609 case NTS_get_address:
15610 memcpy(&data_p->address, &int_data.address, sizeof(int_data.address));
15611 return 0;
15612 case NTS_get_address_family:
15613 data_p->address_family = int_data.address_family;
15614 return 0;
15615 case NTS_get_valid_len:
15616 data_p->valid_len = int_data.valid_len;
15617 return 0;
15618 case NTS_get_type:
15619 data_p->type = int_data.type;
15620 return 0;
15621 case NTS_get_protocol:
15622 data_p->protocol = int_data.protocol;
15623 return 0;
15624 case NTS_get_netdev:
15625 strncpy(data_p->netdev, int_data.netdev, RSBAC_IFNAMSIZ);
15626 return 0;
15627 case NTS_get_min_port:
15628 data_p->min_port = int_data.min_port;
15629 return 0;
15630 case NTS_get_max_port:
15631 data_p->max_port = int_data.max_port;
15632 return 0;
15633 case NTS_get_name:
15634 strcpy(data_p->name, int_data.name);
15635 return 0;
15636
15637 default:
15638 return -RSBAC_EINVALIDREQUEST;
15639 }
15640 }
15641
15642 int rsbac_ta_net_list_all_template(rsbac_list_ta_number_t ta_number, rsbac_net_temp_id_t ** id_pp)
15643 {
15644 if(id_pp)
15645 return rsbac_ta_list_get_all_desc(ta_number, net_temp_handle, (void **) id_pp);
15646 else
15647 return rsbac_ta_list_count(ta_number, net_temp_handle);
15648 }
15649
15650 int rsbac_ta_net_template_exist(rsbac_list_ta_number_t ta_number, rsbac_net_temp_id_t temp)
15651 {
15652 return rsbac_ta_list_exist(ta_number, net_temp_handle, &temp);
15653 }
15654
15655 int rsbac_net_remote_request(enum rsbac_adf_request_t request)
15656 {
15657 switch(request)
15658 {
15659 case R_ACCEPT:
15660 case R_CONNECT:
15661 case R_SEND:
15662 case R_RECEIVE:
15663 case R_READ:
15664 case R_WRITE:
15665 return TRUE;
15666
15667 default:
15668 return FALSE;
15669 }
15670 }
15671
15672 #endif
15673
15674 #if defined(CONFIG_RSBAC_DAZ)
15675 EXPORT_SYMBOL(rsbac_daz_get_ttl);
15676
15677 rsbac_time_t rsbac_daz_get_ttl(void)
15678 {
15679 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15680 return rsbac_daz_ttl;
15681 #else
15682 return 0;
15683 #endif
15684 }
15685
15686 EXPORT_SYMBOL(rsbac_daz_set_ttl);
15687 void rsbac_daz_set_ttl(rsbac_time_t ttl)
15688 {
15689 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15690 if(ttl)
15691 {
15692 if(ttl > RSBAC_LIST_MAX_AGE_LIMIT)
15693 ttl = RSBAC_LIST_MAX_AGE_LIMIT;
15694 rsbac_daz_ttl = ttl;
15695 }
15696 #endif
15697 }
15698
15699 EXPORT_SYMBOL(rsbac_daz_flush_cache);
15700 int rsbac_daz_flush_cache(void)
15701 {
15702 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15703 struct rsbac_device_list_item_t * device_p;
15704 long dflags;
15705 u_int i;
15706
15707
15708 rsbac_read_lock(&device_list_head.lock, &dflags);
15709 device_p = device_list_head.head;
15710 while(device_p)
15711 {
15712 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
15713 rsbac_list_remove_all(device_p->handles.dazs[i]);
15714 device_p = device_p->next;
15715 }
15716 rsbac_read_unlock(&device_list_head.lock, &dflags);
15717 #endif
15718 return 0;
15719 }
15720 #endif
15721
15722
