#include <rsbac/types.h>#include <linux/init.h>Go to the source code of this file.
Defines | |
| #define | rsbac_get_attr(module, target, tid, attr, value, inherit) rsbac_ta_get_attr(0, module, target, tid, attr, value, inherit) |
| #define | rsbac_set_attr(module, target, tid, attr, value) rsbac_ta_set_attr(0, module, target, tid, attr, value) |
| #define | rsbac_remove_target(target, tid) rsbac_ta_remove_target(0, target, tid) |
Functions | |
| int | rsbac_init (kdev_t root_dev) __init |
| int | rsbac_kthread_notify (rsbac_pid_t pid) |
| void | rsbac_off (void) |
| rsbac_boolean_t | rsbac_is_initialized (void) |
| int | rsbac_mount (struct super_block *sb_p, struct dentry *d_covers) |
| int | rsbac_umount (struct super_block *sb_p, struct dentry *d_covers) |
| int | rsbac_free_dat_dentries (void) |
| int | rsbac_stats (void) |
| int | rsbac_check (int correct, int check_inode) |
| int | rsbac_get_parent (enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t *parent_target_p, union rsbac_target_id_t *parent_tid_p) |
| int | rsbac_ta_get_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
| int | rsbac_ta_set_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value) |
| int | rsbac_ta_remove_target (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t tid) |
| int | rsbac_ta_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t **id_pp) |
| int | rsbac_ta_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t **id_pp) |
| int | rsbac_ta_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t **id_pp) |
|
|
|
Definition at line 112 of file aci.h. Referenced by rsbac_adf_request_int(), rsbac_adf_set_attr(), and rsbac_aef_shm_free_security(). |
|
|
||||||||||||
|
Referenced by rsbac_do_init(), and sys_rsbac_check(). |
|
|
Definition at line 8583 of file aci_data_structures.c. References device_list_head, NULL, RSBAC_ENOTINITIALIZED, rsbac_initialized, and rsbac_printk(). 08584 {
08585 u_long flags;
08586 struct rsbac_device_list_item_t * device_p;
08587
08588 if (!rsbac_initialized)
08589 {
08590 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n");
08591 return(-RSBAC_ENOTINITIALIZED);
08592 }
08593
08594 rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n");
08595
08596 /* wait for write access to device_list_head */
08597 rsbac_write_lock_irq(&device_list_head.lock, &flags);
08598 /* OK, nobody else is working on it... */
08599 device_p = device_list_head.head;
08600 while(device_p)
08601 {
08602 if(device_p->rsbac_dir_dentry_p)
08603 {
08604 dput(device_p->rsbac_dir_dentry_p);
08605 device_p->rsbac_dir_dentry_p = NULL;
08606 }
08607 device_p = device_p->next;
08608 }
08609 /* allow access */
08610 rsbac_write_unlock_irq(&device_list_head.lock, &flags);
08611
08612 return(0);
08613 }
|
|
||||||||||||||||||||
|
Definition at line 9805 of file aci_data_structures.c. References device_list_head, lookup_device(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTFOUND, rsbac_printk(), T_DIR, T_FIFO, T_FILE, and T_SYMLINK. Referenced by copy_fp_cap_set_item(), copy_fp_tru_set_item(), get_attr_fd(), rsbac_acl_get_rights(), and rsbac_acl_get_single_right(). 09809 {
09810 if(!parent_target_p || !parent_tid_p)
09811 return -RSBAC_EINVALIDPOINTER;
09812 /*
09813 #ifdef CONFIG_RSBAC_DEBUG
09814 if (rsbac_debug_ds)
09815 {
09816 rsbac_printk(KERN_DEBUG
09817 "rsbac_get_parent(): Getting file/dir/fifo/symlink parent for device %02u:%02u, inode %lu, dentry_p %p\n",
09818 RSBAC_MAJOR(tid.file.device),RSBAC_MINOR(tid.file.device), (u_long) tid.file.inode, tid.file.dentry_p);
09819 }
09820 #endif
09821 */
09822 switch(target)
09823 {
09824 case T_FILE:
09825 case T_DIR:
09826 case T_FIFO:
09827 case T_SYMLINK:
09828 break;
09829 default:
09830 return -RSBAC_EINVALIDTARGET;
09831 }
09832
09833 if(!tid.file.dentry_p)
09834 return -RSBAC_ENOTFOUND;
09835
09836 *parent_target_p = T_DIR;
09837 /* Is this dentry root of a mounted device? */
09838 if( tid.file.dentry_p->d_sb
09839 && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p)
09840 )
09841 {
09842 struct rsbac_device_list_item_t * device_p;
09843 u_long dflags;
09844
09845 /* wait for read access to device_list_head */
09846 rsbac_read_lock(&device_list_head.lock, &dflags);
09847
09848 device_p = lookup_device(tid.file.device);
09849 if( !device_p
09850 || !device_p->d_covers
09851 || !device_p->d_covers->d_parent
09852 || !device_p->d_covers->d_parent->d_inode
09853 )
09854 {
09855 /* free access to device_list_head */
09856 rsbac_read_unlock(&device_list_head.lock, &dflags);
09857 return -RSBAC_ENOTFOUND;
09858 }
09859 parent_tid_p->dir.device = device_p->d_covers->d_parent->d_sb->s_dev;
09860 parent_tid_p->dir.inode = device_p->d_covers->d_parent->d_inode->i_ino;
09861 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent;
09862 /* free access to device_list_head */
09863 rsbac_read_unlock(&device_list_head.lock, &dflags);
09864 }
09865 else
09866 { /* no root of filesystem -> use d_parent, dev keeps unchanged */
09867 if(!tid.file.dentry_p->d_parent)
09868 {
09869 rsbac_printk(KERN_WARNING
09870 "rsbac_get_parent(): oops - d_parent is NULL!\n");
09871 return -RSBAC_ENOTFOUND;
09872 }
09873 if(tid.file.dentry_p == tid.file.dentry_p->d_parent)
09874 {
09875 rsbac_printk(KERN_WARNING
09876 "rsbac_get_parent(): oops - d_parent == dentry_p!\n");
09877 return -RSBAC_ENOTFOUND;
09878 }
09879 if(!tid.file.dentry_p->d_parent->d_inode)
09880 {
09881 rsbac_printk(KERN_WARNING
09882 "rsbac_get_parent(): oops - d_parent has no d_inode!\n");
09883 return -RSBAC_ENOTFOUND;
09884 }
09885 parent_tid_p->dir.device = tid.file.device;
09886 parent_tid_p->dir.inode = tid.file.dentry_p->d_parent->d_inode->i_ino;
09887 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent;
09888 }
09889 return 0;
09890 }
|
|
|
Definition at line 7945 of file aci_data_structures.c. References A_rc_def_role, FALSE, NULL, process_handles, rsbac_do_init(), RSBAC_EINVALIDPOINTER, RSBAC_EREINIT, rsbac_initialized, rsbac_list_add(), rsbac_list_get_data(), RSBAC_MAC_DEF_INIT_P_FLAGS, RSBAC_MAC_P_FLAGS, rsbac_printk(), RSBAC_RC_GENERAL_ROLE, rsbac_rc_get_boot_role(), rsbac_root_dev, RSBAC_SYSADM_UID, user_handles, and wakeup_rsbacd(). 07947 {
07948 int err = 0;
07949 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07950 || defined(CONFIG_RSBAC_INIT_THREAD)
07951 rsbac_pid_t rsbacd_pid;
07952 #endif
07953
07954 if (rsbac_initialized)
07955 {
07956 rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n");
07957 return(-RSBAC_EREINIT);
07958 }
07959 if (!current->fs)
07960 {
07961 rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n");
07962 return(-RSBAC_EINVALIDPOINTER);
07963 }
07964
07965 rsbac_root_dev = root_dev;
07966
07967 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07968 || defined(CONFIG_RSBAC_INIT_THREAD)
07969 /* init the rsbacd wait queue head */
07970 init_waitqueue_head(&rsbacd_wait);
07971 #endif
07972
07973 #ifdef CONFIG_RSBAC_INIT_THREAD
07974 /* trigger dependency */
07975 #ifdef CONFIG_RSBAC_MAX_INIT_TIME
07976 #endif
07977 rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n",
07978 RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ);
07979 init_timer(&rsbac_timer);
07980 rsbac_timer.function = wakeup_rsbacd;
07981 rsbac_timer.data = 0;
07982 rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ);
07983 add_timer(&rsbac_timer);
07984
07985 /* Start rsbac thread for init */
07986 rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0);
07987 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n",
07988 rsbacd_pid);
07989
07990 if(!rsbac_initialized)
07991 interruptible_sleep_on(&rsbacd_wait);
07992 if(!rsbac_initialized)
07993 {
07994 rsbac_printk(KERN_ERR
07995 "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n");
07996 rsbac_printk(KERN_ERR
07997 "rsbac_init(): *** Killing rsbac_initd! ***\n");
07998 sys_kill(rsbacd_pid, SIGKILL);
07999 rsbac_initialized = FALSE;
08000 }
08001 #else
08002 rsbac_do_init();
08003 #endif
08004
08005 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
08006 if(rsbac_initialized)
08007 {
08008 /* Start rsbacd thread for auto write */
08009 rsbacd_pid = kernel_thread(rsbacd, NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
08010 if(rsbacd_pid < 0)
08011 {
08012 rsbac_printk(KERN_ERR
08013 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
08014 rsbacd_pid);
08015 }
08016 else
08017 {
08018 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n",
08019 rsbacd_pid);
08020 }
08021 }
08022 #endif
08023
08024 /* Ready. */
08025 /* schedule(); */
08026 #ifdef CONFIG_RSBAC_INIT_THREAD
08027 sys_wait4(-1, NULL, WNOHANG, NULL);
08028 #endif
08029
08030 /* Add all processes to list of processes as init processes */
08031 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08032 {
08033 #ifdef CONFIG_RSBAC_MAC
08034 struct rsbac_mac_user_aci_t mac_u_aci;
08035 #endif
08036 #ifdef CONFIG_RSBAC_RC
08037 struct rsbac_rc_user_aci_t rc_u_aci;
08038 struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI;
08039 #endif
08040 rsbac_uid_t user = RSBAC_SYSADM_UID;
08041 rsbac_pid_t pid = 1;
08042 struct task_struct * p;
08043
08044 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n");
08045 /* Prepare entries: change standard values to root's values */
08046 #ifdef CONFIG_RSBAC_MAC
08047 if(!rsbac_list_get_data(user_handles.mac, &user, &mac_u_aci))
08048 {
08049 mac_init_p_aci.owner_sec_level = mac_u_aci.security_level;
08050 mac_init_p_aci.owner_initial_sec_level = mac_u_aci.initial_security_level;
08051 mac_init_p_aci.current_sec_level = mac_u_aci.initial_security_level;
08052 mac_init_p_aci.owner_min_sec_level = mac_u_aci.min_security_level;
08053 mac_init_p_aci.mac_owner_categories = mac_u_aci.mac_categories;
08054 mac_init_p_aci.mac_owner_initial_categories = mac_u_aci.mac_initial_categories;
08055 mac_init_p_aci.mac_curr_categories = mac_u_aci.mac_initial_categories;
08056 mac_init_p_aci.mac_owner_min_categories = mac_u_aci.mac_min_categories;
08057 mac_init_p_aci.min_write_open = mac_u_aci.security_level;
08058 mac_init_p_aci.max_read_open = mac_u_aci.min_security_level;
08059 mac_init_p_aci.min_write_categories = mac_u_aci.mac_categories;
08060 mac_init_p_aci.max_read_categories = mac_u_aci.mac_min_categories;
08061 mac_init_p_aci.mac_process_flags
08062 = (mac_u_aci.mac_user_flags & RSBAC_MAC_P_FLAGS) | RSBAC_MAC_DEF_INIT_P_FLAGS;
08063 }
08064 #endif
08065
08066 /* Set process aci - first init */
08067 #ifdef CONFIG_RSBAC_MAC
08068 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08069 rsbac_printk(KERN_WARNING
08070 "rsbac_do_init(): MAC ACI for Init process 1 could not be added!");
08071 #endif
08072 #ifdef CONFIG_RSBAC_RC
08073 /* Get boot role */
08074 if(rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role))
08075 { /* none: use root's role */
08076 if(!rsbac_list_get_data(user_handles.rc, &user, &rc_u_aci))
08077 {
08078 rc_init_p_aci.rc_role = rc_u_aci.rc_role;
08079 }
08080 else
08081 { /* last resort: general role */
08082 rsbac_ds_get_error("rsbac_do_init", A_rc_def_role);
08083 rc_init_p_aci.rc_role = RSBAC_RC_GENERAL_ROLE;
08084 }
08085 }
08086 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role;
08087 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_init_p_aci))
08088 rsbac_printk(KERN_WARNING
08089 "rsbac_do_init(): RC ACI for Init process 1 could not be added!");
08090 #endif
08091 read_lock(&tasklist_lock);
08092 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08093 for_each_task(p)
08094 #else
08095 for_each_process(p)
08096 #endif
08097 {
08098 /* not for kernel and init though... */
08099 if(!p->pid || (p->pid == 1))
08100 continue;
08101 pid = p->pid;
08102 #ifdef CONFIG_RSBAC_DEBUG
08103 if (rsbac_debug_ds)
08104 {
08105 rsbac_printk(KERN_DEBUG "rsbac_do_init(): setting aci for process %u\n",
08106 pid);
08107 }
08108 #endif
08109 #ifdef CONFIG_RSBAC_MAC
08110 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08111 rsbac_printk(KERN_WARNING
08112 "rsbac_do_init(): MAC ACI for Init process %u could not be added!",
08113 pid);
08114 #endif
08115 #ifdef CONFIG_RSBAC_RC
08116 if(!p->mm)
08117 {
08118 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
08119 rsbac_printk(KERN_WARNING
08120 "rsbac_do_init(): RC ACI for Kernel process %u could not be added!",
08121 pid);
08122 }
08123 #endif
08124 }
08125 read_unlock(&tasklist_lock);
08126 }
08127 #endif /* MAC or RC */
08128
08129 rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n");
08130 return(err);
08131 }
|
|
|
|
Definition at line 8143 of file aci_data_structures.c. References process_handles, rsbac_initialized, rsbac_list_add(), and rsbac_printk(). 08144 {
08145 if (!rsbac_initialized)
08146 return 0;
08147 /* Set process aci */
08148 #ifdef CONFIG_RSBAC_MAC
08149 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08150 rsbac_printk(KERN_WARNING
08151 "rsbac_do_init(): MAC ACI for kernel process %u could not be added!",
08152 pid);
08153 #endif
08154 #ifdef CONFIG_RSBAC_RC
08155 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
08156 rsbac_printk(KERN_WARNING
08157 "rsbac_do_init(): RC ACI for kernel process %u could not be added!",
08158 pid);
08159 #endif
08160 return 0;
08161 }
|
|
||||||||||||
|
Definition at line 8165 of file aci_data_structures.c. References add_device_item(), clear_device_item(), create_device_item(), device_list_head, get_error_name(), lookup_device(), NULL, register_fd_lists(), rsbac_debug_no_write, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_init(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_mount(), RSBAC_MAXNAMELEN, rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_mount_reg(), rsbac_printk(), rsbac_root_dev, rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE. Referenced by get_attr_fd(), rsbac_aef_sb_post_addmount(), rsbac_aef_sb_umount_busy(), rsbac_do_init(), rsbac_get_super_block(), rsbac_ta_remove_target(), and set_attr_fd(). 08166 {
08167 int err = 0;
08168 struct rsbac_device_list_item_t * device_p;
08169 struct rsbac_device_list_item_t * new_device_p;
08170 u_long flags;
08171 rsbac_boolean_t old_no_write;
08172
08173 if(!sb_p)
08174 {
08175 rsbac_printk(KERN_WARNING
08176 "rsbac_mount(): called with NULL pointer\n");
08177 return -RSBAC_EINVALIDPOINTER;
08178 }
08179 if (!rsbac_initialized)
08180 {
08181 #ifdef CONFIG_RSBAC_INIT_DELAY
08182 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08183 if( !RSBAC_MAJOR(rsbac_delayed_root)
08184 && !RSBAC_MINOR(rsbac_delayed_root)
08185 && rsbac_delayed_root_str[0]
08186 )
08187 { /* translate string to kdev_t */
08188 char * p = rsbac_delayed_root_str;
08189 u_int major = 0;
08190 u_int minor = 0;
08191
08192 major = simple_strtoul(p, NULL, 0);
08193 while((*p != ':') && (*p != '\0'))
08194 p++;
08195 if(*p)
08196 {
08197 p++;
08198 minor = simple_strtoul(p, NULL, 0);
08199 }
08200 rsbac_delayed_root = RSBAC_MKDEV(major,minor);
08201 }
08202 #endif
08203 if( !rsbac_no_delay_init
08204 && ( ( !RSBAC_MAJOR(rsbac_delayed_root)
08205 && !RSBAC_MINOR(rsbac_delayed_root)
08206 && (MAJOR(sb_p->s_dev) > 1)
08207 )
08208 || ( ( RSBAC_MAJOR(rsbac_delayed_root)
08209 || RSBAC_MINOR(rsbac_delayed_root)
08210 )
08211 && ( (MAJOR(sb_p->s_dev) == RSBAC_MAJOR(rsbac_delayed_root))
08212 && ( !RSBAC_MINOR(rsbac_delayed_root)
08213 || (MINOR(sb_p->s_dev) == RSBAC_MINOR(rsbac_delayed_root))
08214 )
08215 )
08216 )
08217 )
08218 )
08219 {
08220 if(RSBAC_MAJOR(rsbac_delayed_root) || RSBAC_MINOR(rsbac_delayed_root))
08221 {
08222 rsbac_printk(KERN_INFO
08223 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
08224 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
08225 RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root));
08226 }
08227 else
08228 {
08229 rsbac_printk(KERN_INFO
08230 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
08231 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08232 }
08233 rsbac_init(sb_p->s_dev);
08234 return 0;
08235 }
08236 #endif
08237
08238 rsbac_printk(KERN_WARNING
08239 "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
08240 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08241
08242 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08243 if( (sb_p->s_magic == SYSFS_MAGIC)
08244 && !RSBAC_MAJOR(sb_p->s_dev)
08245 )
08246 {
08247 rsbac_printk(KERN_WARNING
08248 "rsbac_mount(): sysfs mount detected, keeping values for later use\n");
08249 sysfs_sb_p = sb_p;
08250 sysfs_covered_p = d_covers;
08251 }
08252 #endif
08253 #ifdef CONFIG_DEVFS_MOUNT
08254 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
08255 && !RSBAC_MAJOR(sb_p->s_dev)
08256 )
08257 {
08258 rsbac_printk(KERN_WARNING
08259 "rsbac_mount(): devfs mount detected, keeping values for later use\n");
08260 devfs_sb_p = sb_p;
08261 devfs_covered_p = d_covers;
08262 }
08263 #endif
08264 return(-RSBAC_ENOTINITIALIZED);
08265 }
08266 #ifdef CONFIG_RSBAC_DEBUG
08267 if (rsbac_debug_ds)
08268 {
08269 rsbac_printk(KERN_DEBUG "rsbac_mount(): mounting device %02u:%02u\n",
08270 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08271 }
08272 if(rsbac_debug_stack)
08273 {
08274 unsigned long * n = (unsigned long *) (current+1);
08275
08276 while (!*n)
08277 n++;
08278 rsbac_printk(KERN_DEBUG "rsbac_mount: free stack: %lu\n",
08279 (unsigned long) n - (unsigned long)(current+1));
08280 }
08281 #endif
08282 down(&rsbac_write_sem);
08283 old_no_write = rsbac_debug_no_write;
08284 rsbac_debug_no_write = TRUE;
08285 up(&rsbac_write_sem);
08286 /* wait for read access to device_list_head */
08287 rsbac_read_lock(&device_list_head.lock, &flags);
08288 device_p = lookup_device(sb_p->s_dev);
08289 /* repeated mount? */
08290 if(device_p)
08291 {
08292 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n",
08293 device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08294 device_p->mount_count++;
08295 if( d_covers
08296 && !device_p->d_covers
08297 && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev))
08298 && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev))
08299 )
08300 {
08301 rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
08302 d_covers);
08303 device_p->d_covers = d_covers;
08304 }
08305 rsbac_read_unlock(&device_list_head.lock, &flags);
08306 }
08307 else
08308 {
08309 rsbac_read_unlock(&device_list_head.lock, &flags);
08310 /* OK, go on */
08311 new_device_p = create_device_item(sb_p, d_covers);
08312 #ifdef CONFIG_RSBAC_DEBUG
08313 if(rsbac_debug_stack)
08314 {
08315 unsigned long * n = (unsigned long *) (current+1);
08316
08317 while (!*n)
08318 n++;
08319 rsbac_printk(KERN_DEBUG "rsbac_mount: after creating device item: free stack: %lu\n",
08320 (unsigned long) n - (unsigned long)(current+1));
08321 }
08322 #endif
08323 if(!new_device_p)
08324 {
08325 rsbac_debug_no_write = old_no_write;
08326 return -RSBAC_ECOULDNOTADDDEVICE;
08327 }
08328
08329 rsbac_read_lock(&device_list_head.lock, &flags);
08330 /* make sure to only add, if this device item has not been added in the meantime */
08331 device_p = lookup_device(sb_p->s_dev);
08332 if(device_p)
08333 {
08334 rsbac_printk(KERN_WARNING
08335 "rsbac_mount(): mount race for device %02u:%02u detected!\n",
08336 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08337 device_p->mount_count++;
08338 rsbac_read_unlock(&device_list_head.lock, &flags);
08339 clear_device_item(new_device_p);
08340 }
08341 else
08342 {
08343 rsbac_read_unlock(&device_list_head.lock, &flags);
08344 rsbac_write_lock(&device_list_head.lock, &flags);
08345 device_p = add_device_item(new_device_p);
08346 rsbac_write_unlock(&device_list_head.lock, &flags);
08347 if(!device_p)
08348 {
08349 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n",
08350 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08351 clear_device_item(new_device_p);
08352 rsbac_debug_no_write = old_no_write;
08353 return -RSBAC_ECOULDNOTADDDEVICE;
08354 }
08355 }
08356
08357 /* Generic lists */
08358 rsbac_list_mount(sb_p->s_dev);
08359 /* we do not lock device head - we know the device_p and hope for the best... */
08360 /* also, we are within kernel mount sem */
08361 if((err = register_fd_lists(new_device_p, sb_p->s_dev)))
08362 {
08363 char * tmp;
08364
08365 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
08366 if(tmp)
08367 {
08368 rsbac_printk(KERN_WARNING
08369 "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
08370 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), get_error_name(tmp,err));
08371 rsbac_kfree(tmp);
08372 }
08373 }
08374 #ifdef CONFIG_RSBAC_DEBUG
08375 if(rsbac_debug_stack)
08376 {
08377 unsigned long * n = (unsigned long *) (current+1);
08378
08379 while (!*n)
08380 n++;
08381 rsbac_printk(KERN_DEBUG "rsbac_mount: after registering fd lists: free stack: %lu\n",
08382 (unsigned long) n - (unsigned long)(current+1));
08383 }
08384 #endif
08385 }
08386
08387 /* call other mount functions */
08388 /****** MAC *******/
08389 #if defined(CONFIG_RSBAC_MAC)
08390 rsbac_mount_mac(sb_p->s_dev);
08391 #ifdef CONFIG_RSBAC_DEBUG
08392 if(rsbac_debug_stack)
08393 {
08394 unsigned long * n = (unsigned long *) (current+1);
08395
08396 while (!*n)
08397 n++;
08398 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_mac: free stack: %lu\n",
08399 (unsigned long) n - (unsigned long)(current+1));
08400 }
08401 #endif
08402 #endif
08403 /****** AUTH *******/
08404 #if defined(CONFIG_RSBAC_AUTH)
08405 rsbac_mount_auth(sb_p->s_dev);
08406 #ifdef CONFIG_RSBAC_DEBUG
08407 if(rsbac_debug_stack)
08408 {
08409 unsigned long * n = (unsigned long *) (current+1);
08410
08411 while (!*n)
08412 n++;
08413 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_auth: free stack: %lu\n",
08414 (unsigned long) n - (unsigned long)(current+1));
08415 }
08416 #endif
08417 #endif
08418 /****** ACL *******/
08419 #if defined(CONFIG_RSBAC_ACL)
08420 rsbac_mount_acl(sb_p->s_dev);
08421 #ifdef CONFIG_RSBAC_DEBUG
08422 if(rsbac_debug_stack)
08423 {
08424 unsigned long * n = (unsigned long *) (current+1);
08425
08426 while (!*n)
08427 n++;
08428 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_acl: free stack: %lu\n",
08429 (unsigned long) n - (unsigned long)(current+1));
08430 }
08431 #endif
08432 #endif
08433 /****** REG *******/
08434 #if defined(CONFIG_RSBAC_REG)
08435 rsbac_mount_reg(sb_p->s_dev);
08436 #ifdef CONFIG_RSBAC_DEBUG
08437 if(rsbac_debug_stack)
08438 {
08439 unsigned long * n = (unsigned long *) (current+1);
08440
08441 while (!*n)
08442 n++;
08443 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_reg: free stack: %lu\n",
08444 (unsigned long) n - (unsigned long)(current+1));
08445 }
08446 #endif
08447 #endif /* REG */
08448
08449 rsbac_debug_no_write = old_no_write;
08450 return(err);
08451 }
|
|
|
|
|
|
Definition at line 8618 of file aci_data_structures.c. 08619 {
08620 struct rsbac_device_list_item_t * device_p;
08621 int i;
08622 u_long fd_count = 0, fd_sum = 0;
08623 u_long dev_sum = 0;
08624 u_long ipc_sum = 0;
08625 u_long user_sum = 0;
08626 u_long process_sum = 0;
08627 #if defined(CONFIG_RSBAC_UM)
08628 u_long group_sum = 0;
08629 #endif
08630 #if defined(CONFIG_RSBAC_NET_OBJ)
08631 u_long nettemp_sum = 0;
08632 u_long lnetobj_sum = 0;
08633 u_long rnetobj_sum = 0;
08634 #endif
08635 u_long total_sum = 0;
08636 long tmp_count;
08637 u_long dflags;
08638
08639 if (!rsbac_initialized)
08640 {
08641 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n");
08642 return(-RSBAC_ENOTINITIALIZED);
08643 }
08644 /* wait for read access to device_list_head */
08645 rsbac_read_lock(&device_list_head.lock, &dflags);
08646 /* OK, go on */
08647 /* rsbac_printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n",
08648 device_list_head.lock.lock); */
08649 device_p = device_list_head.head;
08650 while (device_p)
08651 { /* for all sublists */
08652 fd_count = 0;
08653 for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++)
08654 {
08655 tmp_count = rsbac_list_count(device_p->handles.gen[i]);
08656 if(tmp_count > 0)
08657 fd_count+=tmp_count;
08658 }
08659 rsbac_printk(KERN_INFO "Device %02u:%02u fd_items: %lu GEN",
08660 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count);
08661 fd_sum += fd_count;
08662
08663 #if defined(CONFIG_RSBAC_MAC)
08664 fd_count = 0;
08665 for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++)
08666 {
08667 tmp_count = rsbac_list_count(device_p->handles.mac[i]);
08668 if(tmp_count > 0)
08669 fd_count+=tmp_count;
08670 }
08671 rsbac_printk(", %lu MAC",
08672 fd_count);
08673 fd_sum += fd_count;
08674 #endif
08675
08676 #if defined(CONFIG_RSBAC_PM)
08677 fd_count = 0;
08678 for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++)
08679 {
08680 tmp_count = rsbac_list_count(device_p->handles.pm[i]);
08681 if(tmp_count > 0)
08682 fd_count+=tmp_count;
08683 }
08684 rsbac_printk(", %lu PM",
08685 fd_count);
08686 fd_sum += fd_count;
08687 #endif
08688
08689 #if defined(CONFIG_RSBAC_DAZ)
08690 fd_count = 0;
08691 for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++)
08692 {
08693 tmp_count = rsbac_list_count(device_p->handles.daz[i]);
08694 if(tmp_count > 0)
08695 fd_count+=tmp_count;
08696 }
08697 rsbac_printk(", %lu DAZ",
08698 fd_count);
08699 fd_sum += fd_count;
08700 #if defined(CONFIG_RSBAC_DAZ_CACHE)
08701 fd_count = 0;
08702 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
08703 {
08704 tmp_count = rsbac_list_count(device_p->handles.dazs[i]);
08705 if(tmp_count > 0)
08706 fd_count+=tmp_count;
08707 }
08708 rsbac_printk(", %lu DAZ_SCANNED",
08709 fd_count);
08710 fd_sum += fd_count;
08711 #endif
08712 #endif
08713
08714 #if defined(CONFIG_RSBAC_FF)
08715 fd_count = 0;
08716 for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++)
08717 {
08718 tmp_count = rsbac_list_count(device_p->handles.ff[i]);
08719 if(tmp_count > 0)
08720 fd_count+=tmp_count;
08721 }
08722 rsbac_printk(", %lu FF",
08723 fd_count);
08724 fd_sum += fd_count;
08725 #endif
08726
08727 #if defined(CONFIG_RSBAC_RC)
08728 fd_count = 0;
08729 for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++)
08730 {
08731 tmp_count = rsbac_list_count(device_p->handles.rc[i]);
08732 if(tmp_count > 0)
08733 fd_count+=tmp_count;
08734 }
08735 rsbac_printk(", %lu RC",
08736 fd_count);
08737 fd_sum += fd_count;
08738 #endif
08739
08740 #if defined(CONFIG_RSBAC_AUTH)
08741 fd_count = 0;
08742 for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++)
08743 {
08744 tmp_count = rsbac_list_count(device_p->handles.auth[i]);
08745 if(tmp_count > 0)
08746 fd_count+=tmp_count;
08747 }
08748 rsbac_printk(", %lu AUTH",
08749 fd_count);
08750 fd_sum += fd_count;
08751 #endif
08752
08753 #if defined(CONFIG_RSBAC_CAP)
08754 fd_count = 0;
08755 for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++)
08756 {
08757 tmp_count = rsbac_list_count(device_p->handles.cap[i]);
08758 if(tmp_count > 0)
08759 fd_count+=tmp_count;
08760 }
08761 rsbac_printk(", %lu CAP",
08762 fd_count);
08763 fd_sum += fd_count;
08764 #endif
08765 #if defined(CONFIG_RSBAC_RES)
08766 fd_count = 0;
08767 for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++)
08768 {
08769 tmp_count = rsbac_list_count(device_p->handles.res[i]);
08770 if(tmp_count > 0)
08771 fd_count+=tmp_count;
08772 }
08773 rsbac_printk(", %lu RES",
08774 fd_count);
08775 fd_sum += fd_count;
08776 #endif
08777 #if defined(CONFIG_RSBAC_PAX)
08778 fd_count = 0;
08779 for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++)
08780 {
08781 tmp_count = rsbac_list_count(device_p->handles.pax[i]);
08782 if(tmp_count > 0)
08783 fd_count+=tmp_count;
08784 }
08785 rsbac_printk(", %lu PAX",
08786 fd_count);
08787 fd_sum += fd_count;
08788 #endif
08789
08790 rsbac_printk("\n");
08791 device_p = device_p->next;
08792 }
08793 rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
08794 device_list_head.count, fd_sum);
08795 /* free access to device_list_head */
08796 rsbac_read_unlock(&device_list_head.lock, &dflags);
08797 total_sum += fd_sum;
08798
08799 /* dev lists */
08800 tmp_count = rsbac_list_count(dev_handles.gen);
08801 rsbac_printk(KERN_INFO "DEV items: %lu GEN",
08802 tmp_count);
08803 dev_sum += tmp_count;
08804 #if defined(CONFIG_RSBAC_MAC)
08805 tmp_count = rsbac_list_count(dev_handles.mac);
08806 rsbac_printk(", %lu MAC",
08807 tmp_count);
08808 dev_sum += tmp_count;
08809 #endif
08810 #if defined(CONFIG_RSBAC_PM)
08811 tmp_count = rsbac_list_count(dev_handles.pm);
08812 rsbac_printk(", %lu PM",
08813 tmp_count);
08814 dev_sum += tmp_count;
08815 #endif
08816 #if defined(CONFIG_RSBAC_RC)
08817 tmp_count = rsbac_list_count(dev_major_handles.rc);
08818 rsbac_printk(", %lu major RC",
08819 tmp_count);
08820 dev_sum += tmp_count;
08821 tmp_count = rsbac_list_count(dev_handles.rc);
08822 rsbac_printk(", %lu RC",
08823 tmp_count);
08824 dev_sum += tmp_count;
08825 #endif
08826 rsbac_printk("\n");
08827 rsbac_printk(KERN_INFO "Sum of %lu DEV items\n",
08828 dev_sum);
08829 total_sum += dev_sum;
08830
08831 /* ipc lists */
08832 rsbac_printk(KERN_INFO "IPC items: no GEN");
08833 #if defined(CONFIG_RSBAC_MAC)
08834 tmp_count = rsbac_list_count(ipc_handles.mac);
08835 rsbac_printk(", %lu MAC",
08836 tmp_count);
08837 ipc_sum += tmp_count;
08838 #endif
08839 #if defined(CONFIG_RSBAC_PM)
08840 tmp_count = rsbac_list_count(ipc_handles.pm);
08841 rsbac_printk(", %lu PM",
08842 tmp_count);
08843 ipc_sum += tmp_count;
08844 #endif
08845 #if defined(CONFIG_RSBAC_RC)
08846 tmp_count = rsbac_list_count(ipc_handles.rc);
08847 rsbac_printk(", %lu RC",
08848 tmp_count);
08849 ipc_sum += tmp_count;
08850 #endif
08851 #if defined(CONFIG_RSBAC_JAIL)
08852 tmp_count = rsbac_list_count(ipc_handles.jail);
08853 rsbac_printk(", %lu JAIL",
08854 tmp_count);
08855 ipc_sum += tmp_count;
08856 #endif
08857 rsbac_printk("\n");
08858 rsbac_printk(KERN_INFO "Sum of %lu IPC items\n",
08859 ipc_sum);
08860 total_sum += ipc_sum;
08861
08862 /* user lists */
08863 tmp_count = rsbac_list_count(user_handles.gen);
08864 rsbac_printk(KERN_INFO "USER items: %lu GEN",
08865 tmp_count);
08866 user_sum += tmp_count;
08867 #if defined(CONFIG_RSBAC_MAC)
08868 tmp_count = rsbac_list_count(user_handles.mac);
08869 rsbac_printk(", %lu MAC",
08870 tmp_count);
08871 user_sum += tmp_count;
08872 #endif
08873 #if defined(CONFIG_RSBAC_PM)
08874 tmp_count = rsbac_list_count(user_handles.pm);
08875 rsbac_printk(", %lu PM",
08876 tmp_count);
08877 user_sum += tmp_count;
08878 #endif
08879 #if defined(CONFIG_RSBAC_DAZ)
08880 tmp_count = rsbac_list_count(user_handles.daz);
08881 rsbac_printk(", %lu DAZ",
08882 tmp_count);
08883 user_sum += tmp_count;
08884 #endif
08885 #if defined(CONFIG_RSBAC_RC)
08886 tmp_count = rsbac_list_count(user_handles.rc);
08887 rsbac_printk(", %lu RC",
08888 tmp_count);
08889 user_sum += tmp_count;
08890 #endif
08891 #if defined(CONFIG_RSBAC_AUTH)
08892 tmp_count = rsbac_list_count(user_handles.auth);
08893 rsbac_printk(", %lu AUTH",
08894 tmp_count);
08895 user_sum += tmp_count;
08896 #endif
08897 #if defined(CONFIG_RSBAC_CAP)
08898 tmp_count = rsbac_list_count(user_handles.cap);
08899 rsbac_printk(", %lu CAP",
08900 tmp_count);
08901 user_sum += tmp_count;
08902 #endif
08903 #if defined(CONFIG_RSBAC_JAIL)
08904 tmp_count = rsbac_list_count(user_handles.jail);
08905 rsbac_printk(", %lu JAIL",
08906 tmp_count);
08907 user_sum += tmp_count;
08908 #endif
08909 #if defined(CONFIG_RSBAC_RES)
08910 tmp_count = rsbac_list_count(user_handles.res);
08911 rsbac_printk(", %lu RES",
08912 tmp_count);
08913 user_sum += tmp_count;
08914 #endif
08915 #if defined(CONFIG_RSBAC_PAX)
08916 tmp_count = rsbac_list_count(user_handles.pax);
08917 rsbac_printk(", %lu PAX",
08918 tmp_count);
08919 user_sum += tmp_count;
08920 #endif
08921 rsbac_printk("\n");
08922 rsbac_printk(KERN_INFO "Sum of %lu USER items\n",
08923 user_sum);
08924 total_sum += user_sum;
08925
08926 /* process lists */
08927 tmp_count = 0;
08928 for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++)
08929 tmp_count += rsbac_list_count(process_handles.gen[i]);
08930 rsbac_printk(KERN_INFO "PROCESS items: %lu GEN",
08931 tmp_count);
08932 process_sum += tmp_count;
08933 #if defined(CONFIG_RSBAC_MAC)
08934 tmp_count = 0;
08935 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
08936 tmp_count += rsbac_list_count(process_handles.mac[i]);
08937 rsbac_printk(", %lu MAC",
08938 tmp_count);
08939 process_sum += tmp_count;
08940 #endif
08941 #if defined(CONFIG_RSBAC_PM)
08942 tmp_count = rsbac_list_count(process_handles.pm);
08943 rsbac_printk(", %lu PM",
08944 tmp_count);
08945 process_sum += tmp_count;
08946 #endif
08947 #if defined(CONFIG_RSBAC_DAZ)
08948 tmp_count = rsbac_list_count(process_handles.daz);
08949 rsbac_printk(", %lu DAZ",
08950 tmp_count);
08951 process_sum += tmp_count;
08952 #endif
08953 #if defined(CONFIG_RSBAC_RC)
08954 tmp_count = 0;
08955 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
08956 tmp_count += rsbac_list_count(process_handles.rc[i]);
08957 rsbac_printk(", %lu RC",
08958 tmp_count);
08959 process_sum += tmp_count;
08960 #endif
08961 #if defined(CONFIG_RSBAC_AUTH)
08962 tmp_count = rsbac_list_count(process_handles.auth);
08963 rsbac_printk(", %lu AUTH",
08964 tmp_count);
08965 process_sum += tmp_count;
08966 #endif
08967 #if defined(CONFIG_RSBAC_CAP)
08968 tmp_count = rsbac_list_count(process_handles.cap);
08969 rsbac_printk(", %lu CAP",
08970 tmp_count);
08971 process_sum += tmp_count;
08972 #endif
08973 #if defined(CONFIG_RSBAC_JAIL)
08974 tmp_count = 0;
08975 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
08976 tmp_count += rsbac_list_count(process_handles.jail[i]);
08977 rsbac_printk(", %lu JAIL",
08978 tmp_count);
08979 process_sum += tmp_count;
08980 #endif
08981 rsbac_printk("\n");
08982 rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n",
08983 process_sum);
08984 total_sum += process_sum;
08985
08986 #if defined(CONFIG_RSBAC_UM)
08987 /* group lists */
08988 rsbac_printk(KERN_INFO "GROUP items: ");
08989 #if defined(CONFIG_RSBAC_RC_UM_PROT)
08990 tmp_count = rsbac_list_count(group_handles.rc);
08991 rsbac_printk("%lu RC",
08992 tmp_count);
08993 user_sum += tmp_count;
08994 #endif
08995 rsbac_printk("\n");
08996 rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n",
08997 group_sum);
08998 total_sum += group_sum;
08999 #endif
09000
09001 #if defined(CONFIG_RSBAC_NET_OBJ)
09002 /* nettemp lists */
09003 rsbac_printk(KERN_INFO "NETTEMP items: ");
09004 #if defined(CONFIG_RSBAC_MAC)
09005 tmp_count = rsbac_list_count(nettemp_handles.mac);
09006 rsbac_printk("%lu MAC, ",
09007 tmp_count);
09008 nettemp_sum += tmp_count;
09009 #endif
09010 #if defined(CONFIG_RSBAC_PM)
09011 tmp_count = rsbac_list_count(nettemp_handles.pm);
09012 rsbac_printk("%lu PM, ",
09013 tmp_count);
09014 nettemp_sum += tmp_count;
09015 #endif
09016 #if defined(CONFIG_RSBAC_RC)
09017 tmp_count = rsbac_list_count(nettemp_handles.rc);
09018 rsbac_printk("%lu RC, ",
09019 tmp_count);
09020 nettemp_sum += tmp_count;
09021 #endif
09022 rsbac_printk("\n");
09023 rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n",
09024 nettemp_sum);
09025 total_sum += nettemp_sum;
09026
09027 /* local netobj lists */
09028 rsbac_printk(KERN_INFO "Local NETOBJ items:");
09029 #if defined(CONFIG_RSBAC_MAC)
09030 tmp_count = rsbac_list_count(lnetobj_handles.mac);
09031 rsbac_printk(" %lu MAC,",
09032 tmp_count);
09033 lnetobj_sum += tmp_count;
09034 #endif
09035 #if defined(CONFIG_RSBAC_PM)
09036 tmp_count = rsbac_list_count(lnetobj_handles.pm);
09037 rsbac_printk(" %lu PM,",
09038 tmp_count);
09039 lnetobj_sum += tmp_count;
09040 #endif
09041 #if defined(CONFIG_RSBAC_RC)
09042 tmp_count = rsbac_list_count(lnetobj_handles.rc);
09043 rsbac_printk(" %lu RC",
09044 tmp_count);
09045 lnetobj_sum += tmp_count;
09046 #endif
09047 rsbac_printk("\n");
09048 rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n",
09049 lnetobj_sum);
09050 total_sum += lnetobj_sum;
09051
09052 /* remote netobj lists */
09053 rsbac_printk(KERN_INFO "Remote NETOBJ items:");
09054 #if defined(CONFIG_RSBAC_MAC)
09055 tmp_count = rsbac_list_count(rnetobj_handles.mac);
09056 rsbac_printk(" %lu MAC,",
09057 tmp_count);
09058 rnetobj_sum += tmp_count;
09059 #endif
09060 #if defined(CONFIG_RSBAC_PM)
09061 tmp_count = rsbac_list_count(rnetobj_handles.pm);
09062 rsbac_printk(" %lu PM,",
09063 tmp_count);
09064 rnetobj_sum += tmp_count;
09065 #endif
09066 #if defined(CONFIG_RSBAC_RC)
09067 tmp_count = rsbac_list_count(rnetobj_handles.rc);
09068 rsbac_printk(" %lu RC",
09069 tmp_count);
09070 rnetobj_sum += tmp_count;
09071 #endif
09072 rsbac_printk("\n");
09073 rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n",
09074 rnetobj_sum);
09075 total_sum += rnetobj_sum;
09076 #endif /* NET_OBJ */
09077
09078 rsbac_printk(KERN_INFO
09079 "Total of %lu registered rsbac-items\n",
09080 total_sum);
09081
09082 rsbac_printk(KERN_INFO
09083 "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
09084 rsbac_adf_request_count[T_FILE],
09085 rsbac_adf_request_count[T_DIR],
09086 rsbac_adf_request_count[T_FIFO],
09087 rsbac_adf_request_count[T_SYMLINK],
09088 rsbac_adf_request_count[T_DEV],
09089 rsbac_adf_request_count[T_IPC],
09090 rsbac_adf_request_count[T_SCD],
09091 rsbac_adf_request_count[T_USER],
09092 rsbac_adf_request_count[T_PROCESS],
09093 rsbac_adf_request_count[T_NETDEV],
09094 rsbac_adf_request_count[T_NETTEMP],
09095 rsbac_adf_request_count[T_NETOBJ]);
09096 rsbac_printk(KERN_INFO
09097 "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
09098 rsbac_adf_set_attr_count[T_FILE],
09099 rsbac_adf_set_attr_count[T_DIR],
09100 rsbac_adf_set_attr_count[T_FIFO],
09101 rsbac_adf_set_attr_count[T_SYMLINK],
09102 rsbac_adf_set_attr_count[T_DEV],
09103 rsbac_adf_set_attr_count[T_IPC],
09104 rsbac_adf_set_attr_count[T_SCD],
09105 rsbac_adf_set_attr_count[T_USER],
09106 rsbac_adf_set_attr_count[T_PROCESS],
09107 rsbac_adf_set_attr_count[T_NETDEV],
09108 rsbac_adf_set_attr_count[T_NETTEMP],
09109 rsbac_adf_set_attr_count[T_NETOBJ]);
09110
09111 #if defined(CONFIG_RSBAC_PM)
09112 rsbac_stats_pm();
09113 #endif
09114 #if defined(CONFIG_RSBAC_RC)
09115 rsbac_stats_rc();
09116 #endif
09117 #if defined(CONFIG_RSBAC_AUTH)
09118 rsbac_stats_auth();
09119 #endif
09120 #if defined(CONFIG_RSBAC_ACL)
09121 rsbac_stats_acl();
09122 #endif
09123 return(0);
09124 }
|
|
||||||||||||||||||||||||||||||||
|
Definition at line 12027 of file aci_data_structures.c. References rsbac_target_id_t::dev, get_attr_dev(), get_attr_fd(), get_attr_ipc(), get_attr_process(), get_attr_user(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, and T_USER. Referenced by rsbac_pm(), sys_rsbac_get_attr(), and sys_rsbac_get_attr_n(). 12035 {
12036 int err = 0;
12037
12038 if (!rsbac_initialized)
12039 {
12040 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n");
12041 return(-RSBAC_ENOTINITIALIZED);
12042 }
12043 if (!value)
12044 return(-RSBAC_EINVALIDPOINTER);
12045 if (in_interrupt())
12046 {
12047 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n");
12048 }
12049 #ifdef CONFIG_RSBAC_XSTATS
12050 get_attr_count[target]++;
12051 #endif
12052 switch (target)
12053 {
12054 case T_FILE:
12055 case T_DIR:
12056 case T_FIFO:
12057 case T_SYMLINK:
12058 return get_attr_fd(ta_number, module, target, &tid,
12059 attr, value, inherit);
12060
12061 case T_DEV:
12062 return get_attr_dev(ta_number, module, target, tid.dev,
12063 attr, value, inherit);
12064
12065 case T_IPC:
12066 return get_attr_ipc(ta_number, module, target, &tid,
12067 attr, value, inherit);
12068
12069 case T_USER:
12070 return get_attr_user(ta_number, module, target, &tid,
12071 attr, value, inherit);
12072
12073 case T_PROCESS:
12074 return get_attr_process(ta_number, module, target, &tid,
12075 attr, value, inherit);
12076
12077 #ifdef CONFIG_RSBAC_UM
12078 case T_GROUP:
12079 return get_attr_group(ta_number, module, target, &tid,
12080 attr, value, inherit);
12081 #endif /* CONFIG_RSBAC_UM */
12082
12083 #ifdef CONFIG_RSBAC_NET_DEV
12084 case T_NETDEV:
12085 return get_attr_netdev(ta_number, module, target, &tid,
12086 attr, value, inherit);
12087 #endif
12088
12089 #ifdef CONFIG_RSBAC_NET_OBJ
12090 case T_NETTEMP:
12091 return get_attr_nettemp(ta_number, module, target, &tid,
12092 attr, value, inherit);
12093
12094 case T_NETOBJ:
12095 return get_attr_netobj(ta_number, module, target, &tid,
12096 attr, value, inherit);
12097 #endif /* NET_OBJ */
12098
12099 /* switch target: no valid target */
12100 default:
12101 return -RSBAC_EINVALIDTARGET;
12102 }
12103
12104 return err;
12105 } /* end of rsbac_get_attr() */
|
|
||||||||||||
|
Definition at line 14758 of file aci_data_structures.c. References D_block, D_block_major, dev_handles, dev_major_handles, NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_exist(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc. Referenced by sys_rsbac_list_all_dev(). 14759 {
14760 int count=0;
14761 int tmp_count;
14762
14763 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen);
14764 if(tmp_count > 0)
14765 count += tmp_count;
14766 #if defined(CONFIG_RSBAC_MAC)
14767 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac);
14768 if(tmp_count > 0)
14769 count += tmp_count;
14770 #endif
14771 #if defined(CONFIG_RSBAC_PM)
14772 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm);
14773 if(tmp_count > 0)
14774 count += tmp_count;
14775 #endif
14776 #if defined(CONFIG_RSBAC_RC)
14777 tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc);
14778 if(tmp_count > 0)
14779 count += tmp_count;
14780 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc);
14781 if(tmp_count > 0)
14782 count += tmp_count;
14783 #endif
14784 if(id_pp)
14785 {
14786 struct rsbac_dev_desc_t * i_id_p = NULL;
14787 char * pos = NULL;
14788 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC)
14789 u_int i;
14790 #endif
14791
14792 if(count > 0)
14793 {
14794 int i_count = 0;
14795
14796 i_count = count + 20; /* max value to expect */
14797 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14798 if(!*id_pp)
14799 return -RSBAC_ENOMEM;
14800 pos = (char *) *id_pp;
14801 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14802 dev_handles.gen,
14803 (void **) &i_id_p);
14804 if(tmp_count > 0)
14805 {
14806 if(tmp_count > i_count)
14807 tmp_count = i_count;
14808 memcpy(pos, i_id_p, tmp_count * sizeof(*i_id_p));
14809 rsbac_vfree(i_id_p);
14810 count = tmp_count;
14811 i_count -= tmp_count;
14812 pos += tmp_count * sizeof(*i_id_p);
14813 }
14814 else
14815 count = 0;
14816 #if defined(CONFIG_RSBAC_MAC)
14817 if(i_count)
14818 {
14819 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.mac, (void **) &i_id_p);
14820 if(tmp_count > 0)
14821 {
14822 if(tmp_count > i_count)
14823 tmp_count = i_count;
14824 for(i=0; i< tmp_count; i++)
14825 {
14826 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14827 {
14828 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14829 pos += sizeof(*i_id_p);
14830 count++;
14831 i_count--;
14832 }
14833 }
14834 rsbac_vfree(i_id_p);
14835 }
14836 }
14837 #endif
14838 #if defined(CONFIG_RSBAC_PM)
14839 if(i_count)
14840 {
14841 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.mac, (void **) &i_id_p);
14842 if(tmp_count > 0)
14843 {
14844 if(tmp_count > i_count)
14845 tmp_count = i_count;
14846 for(i=0; i< tmp_count; i++)
14847 {
14848 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14849 #if defined(CONFIG_RSBAC_MAC)
14850 if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14851 #endif
14852 {
14853 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14854 pos += sizeof(*i_id_p);
14855 count++;
14856 i_count--;
14857 }
14858 }
14859 rsbac_vfree(i_id_p);
14860 }
14861 }
14862 #endif
14863 #if defined(CONFIG_RSBAC_RC)
14864 if(i_count)
14865 {
14866 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_major_handles.rc, (void **) &i_id_p);
14867 if(tmp_count > 0)
14868 {
14869 if(tmp_count > i_count)
14870 tmp_count = i_count;
14871 for(i=0; i< tmp_count; i++)
14872 {
14873 i_id_p[i].type += (D_block_major - D_block);
14874 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14875 pos += sizeof(*i_id_p);
14876 count++;
14877 i_count--;
14878 }
14879 rsbac_vfree(i_id_p);
14880 }
14881 }
14882 if(i_count)
14883 {
14884 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.rc, (void **) &i_id_p);
14885 if(tmp_count > 0)
14886 {
14887 if(tmp_count > i_count)
14888 tmp_count = i_count;
14889 for(i=0; i< tmp_count; i++)
14890 {
14891 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14892 #if defined(CONFIG_RSBAC_MAC)
14893 if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14894 #endif
14895 #if defined(CONFIG_RSBAC_PM)
14896 if(!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i]))
14897 #endif
14898 {
14899 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14900 pos += sizeof(*i_id_p);
14901 count++;
14902 i_count--;
14903 }
14904 }
14905 rsbac_vfree(i_id_p);
14906 }
14907 }
14908 #endif
14909 if(!count)
14910 rsbac_vfree(*id_pp);
14911 }
14912 }
14913 return count;
14914 }
|
|
||||||||||||
|
Definition at line 15083 of file aci_data_structures.c. References NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc. Referenced by sys_rsbac_list_all_group(). 15084 {
15085 #if defined(CONFIG_RSBAC_RC_UM_PROT)
15086 int count=0;
15087 int tmp_count;
15088
15089 tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc);
15090 if(tmp_count > 0)
15091 count += tmp_count;
15092 if(id_pp)
15093 {
15094 if(count > 0)
15095 {
15096 int i_count;
15097 rsbac_gid_t * i_id_p = NULL;
15098
15099 i_count = count + 20; /* max value to expect */
15100 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15101 if(!*id_pp)
15102 return -RSBAC_ENOMEM;
15103 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15104 group_handles.rc,
15105 (void **) &i_id_p);
15106 if(tmp_count > 0)
15107 {
15108 if(tmp_count > i_count)
15109 tmp_count = i_count;
15110 memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p));
15111 rsbac_vfree(i_id_p);
15112 count = tmp_count;
15113 i_count -= tmp_count;
15114 }
15115 else
15116 count = 0;
15117 if(!count)
15118 rsbac_vfree(*id_pp);
15119 }
15120 }
15121 return count;
15122 #else
15123 return 0;
15124 #endif
15125 }
|
|
||||||||||||
|
Definition at line 14963 of file aci_data_structures.c. References copy_new_uids(), NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, rsbac_vmalloc, and user_handles. Referenced by sys_rsbac_list_all_user(). 14964 {
14965 int count=0;
14966 int tmp_count;
14967
14968 tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen);
14969 if(tmp_count > 0)
14970 count += tmp_count;
14971 #if defined(CONFIG_RSBAC_MAC)
14972 tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac);
14973 if(tmp_count > 0)
14974 count += tmp_count;
14975 #endif
14976 #if defined(CONFIG_RSBAC_PM)
14977 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm);
14978 if(tmp_count > 0)
14979 count += tmp_count;
14980 #endif
14981 #if defined(CONFIG_RSBAC_DAZ)
14982 tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz);
14983 if(tmp_count > 0)
14984 count += tmp_count;
14985 #endif
14986 #if defined(CONFIG_RSBAC_FF)
14987 tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff);
14988 if(tmp_count > 0)
14989 count += tmp_count;
14990 #endif
14991 #if defined(CONFIG_RSBAC_RC)
14992 tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc);
14993 if(tmp_count > 0)
14994 count += tmp_count;
14995 #endif
14996 #if defined(CONFIG_RSBAC_AUTH)
14997 tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth);
14998 if(tmp_count > 0)
14999 count += tmp_count;
15000 #endif
15001 #if defined(CONFIG_RSBAC_CAP)
15002 tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap);
15003 if(tmp_count > 0)
15004 count += tmp_count;
15005 #endif
15006 #if defined(CONFIG_RSBAC_JAIL)
15007 tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail);
15008 if(tmp_count > 0)
15009 count += tmp_count;
15010 #endif
15011 #if defined(CONFIG_RSBAC_PAX)
15012 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax);
15013 if(tmp_count > 0)
15014 count += tmp_count;
15015 #endif
15016 #if defined(CONFIG_RSBAC_RES)
15017 tmp_count = rsbac_ta_list_count(ta_number, user_handles.res);
15018 if(tmp_count > 0)
15019 count += tmp_count;
15020 #endif
15021 if(id_pp)
15022 {
15023 if(count > 0)
15024 {
15025 int i_count;
15026 rsbac_uid_t * i_id_p = NULL;
15027
15028 i_count = count + 20; /* max value to expect */
15029 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15030 if(!*id_pp)
15031 return -RSBAC_ENOMEM;
15032 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15033 user_handles.gen,
15034 (void **) &i_id_p);
15035 if(tmp_count > 0)
15036 {
15037 if(tmp_count > i_count)
15038 tmp_count = i_count;
15039 memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p));
15040 rsbac_vfree(i_id_p);
15041 count = tmp_count;
15042 i_count -= tmp_count;
15043 }
15044 else
15045 count = 0;
15046 #if defined(CONFIG_RSBAC_MAC)
15047 copy_new_uids(user_handles.mac, ta_number, &count, &i_count, *id_pp);
15048 #endif
15049 #if defined(CONFIG_RSBAC_PM)
15050 copy_new_uids(user_handles.pm, ta_number, &count, &i_count, *id_pp);
15051 #endif
15052 #if defined(CONFIG_RSBAC_DAZ)
15053 copy_new_uids(user_handles.daz, ta_number, &count, &i_count, *id_pp);
15054 #endif
15055 #if defined(CONFIG_RSBAC_FF)
15056 copy_new_uids(user_handles.ff, ta_number, &count, &i_count, *id_pp);
15057 #endif
15058 #if defined(CONFIG_RSBAC_RC)
15059 copy_new_uids(user_handles.rc, ta_number, &count, &i_count, *id_pp);
15060 #endif
15061 #if defined(CONFIG_RSBAC_AUTH)
15062 copy_new_uids(user_handles.auth, ta_number, &count, &i_count, *id_pp);
15063 #endif
15064 #if defined(CONFIG_RSBAC_CAP)
15065 copy_new_uids(user_handles.cap, ta_number, &count, &i_count, *id_pp);
15066 #endif
15067 #if defined(CONFIG_RSBAC_JAIL)
15068 copy_new_uids(user_handles.jail, ta_number, &count, &i_count, *id_pp);
15069 #endif
15070 #if defined(CONFIG_RSBAC_PAX)
15071 copy_new_uids(user_handles.pax, ta_number, &count, &i_count, *id_pp);
15072 #endif
15073 #if defined(CONFIG_RSBAC_RES)
15074 copy_new_uids(user_handles.res, ta_number, &count, &i_count, *id_pp);
15075 #endif
15076 if(!count)
15077 rsbac_vfree(*id_pp);
15078 }
15079 }
15080 return count;
15081 }
|
|
||||||||||||||||
|
Definition at line 14322 of file aci_data_structures.c. References D_char, rsbac_target_id_t::dev, dev_handles, device_list_head, gen_fd_hash(), gen_p_hash(), rsbac_target_id_t::group, rsbac_target_id_t::ipc, ipc_handles, lookup_device(), rsbac_target_id_t::netdev, rsbac_target_id_t::netobj, rsbac_target_id_t::nettemp, NULL, rsbac_target_id_t::process, process_handles, rsbac_acl_remove_acl(), rsbac_auth_remove_f_capsets(), rsbac_auth_remove_p_capsets(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_mac_remove_f_trusets(), rsbac_mac_remove_p_trusets(), rsbac_mount(), rsbac_printk(), rsbac_ta_list_remove(), rsbac_net_obj_desc_t::sock_p, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SYMLINK, T_USER, rsbac_dev_desc_t::type, rsbac_target_id_t::user, and user_handles. Referenced by rsbac_pm(), sys_rsbac_remove_target(), and sys_rsbac_remove_target_n(). 14326 {
14327 int error=0;
14328 struct rsbac_device_list_item_t * device_p;
14329 u_long dflags;
14330
14331 if (!rsbac_initialized)
14332 {
14333 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n");
14334 return(-RSBAC_ENOTINITIALIZED);
14335 }
14336 if (in_interrupt())
14337 {
14338 rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n");
14339 }
14340 switch (target)
14341 {
14342 case T_FILE:
14343 case T_DIR:
14344 case T_FIFO:
14345 case T_SYMLINK:
14346 /*
14347 #ifdef CONFIG_RSBAC_DEBUG
14348 if (rsbac_debug_ds)
14349 rsbac_printk(KERN_DEBUG "%s\n",
14350 "rsbac_remove_target(): Removing file/dir/fifo/symlink ACI");
14351 #endif
14352 */
14353 #if defined(CONFIG_RSBAC_MAC)
14354 /* file and dir items can also have mac_f_trusets -> remove first */
14355 if( (target == T_FILE)
14356 || (target == T_DIR)
14357 )
14358 error = rsbac_mac_remove_f_trusets(tid.file);
14359 #endif
14360 #if defined(CONFIG_RSBAC_AUTH)
14361 /* file and dir items can also have auth_f_capsets -> remove first */
14362 if( (target == T_FILE)
14363 || (target == T_DIR)
14364 )
14365 error = rsbac_auth_remove_f_capsets(tid.file);
14366 #endif
14367 #if defined(CONFIG_RSBAC_ACL)
14368 /* items can also have an acl_fd_item -> remove first */
14369 error = rsbac_acl_remove_acl(ta_number, target, tid);
14370 #endif
14371 /* wait for read access to device_list_head */
14372 rsbac_read_lock(&device_list_head.lock, &dflags);
14373 /* OK, go on */
14374
14375 /* lookup device */
14376 device_p = lookup_device(tid.file.device);
14377 if (!device_p)
14378 {
14379 struct super_block * sb_p;
14380
14381 rsbac_read_unlock(&device_list_head.lock, &dflags);
14382 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14383 sb_p = user_get_super(tid.file.device);
14384 #else
14385 sb_p = get_super(tid.file.device);
14386 #endif
14387 if(sb_p)
14388 {
14389 rsbac_printk(KERN_INFO
14390 "rsbac_remove_target(): auto-mounting device %02u:%02u\n",
14391 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14392 rsbac_mount(sb_p, NULL);
14393 /* free super_block pointer */
14394 drop_super(sb_p);
14395 rsbac_read_lock(&device_list_head.lock, &dflags);
14396 device_p = lookup_device(tid.file.device);
14397 if (!device_p)
14398 {
14399 rsbac_printk(KERN_WARNING
14400 "rsbac_remove_target(): unknown device %02u:%02u\n",
14401 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14402 rsbac_read_unlock(&device_list_head.lock, &dflags);
14403 return -RSBAC_EINVALIDDEV;
14404 }
14405 }
14406 else
14407 return -RSBAC_EINVALIDDEV;
14408 }
14409 rsbac_ta_list_remove(ta_number,
14410 device_p->handles.gen[gen_fd_hash(tid.file.inode)],
14411 &tid.file.inode);
14412 #if defined(CONFIG_RSBAC_MAC)
14413 rsbac_ta_list_remove(ta_number,
14414 device_p->handles.mac[mac_fd_hash(tid.file.inode)],
14415 &tid.file.inode);
14416 #endif
14417 #if defined(CONFIG_RSBAC_PM)
14418 rsbac_ta_list_remove(ta_number,
14419 device_p->handles.pm[pm_fd_hash(tid.file.inode)],
14420 &tid.file.inode);
14421 #endif
14422 #if defined(CONFIG_RSBAC_DAZ)
14423 rsbac_ta_list_remove(ta_number,
14424 device_p->handles.daz[daz_fd_hash(tid.file.inode)],
14425 &tid.file.inode);
14426 #if defined(CONFIG_RSBAC_DAZ_CACHE)
14427 rsbac_ta_list_remove(ta_number,
14428 device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)],
14429 &tid.file.inode);
14430 #endif
14431 #endif
14432 #if defined(CONFIG_RSBAC_FF)
14433 rsbac_ta_list_remove(ta_number,
14434 device_p->handles.ff[ff_fd_hash(tid.file.inode)],
14435 &tid.file.inode);
14436 #endif
14437 #if defined(CONFIG_RSBAC_RC)
14438 rsbac_ta_list_remove(ta_number,
14439 device_p->handles.rc[rc_fd_hash(tid.file.inode)],
14440 &tid.file.inode);
14441 #endif
14442 #if defined(CONFIG_RSBAC_AUTH)
14443 rsbac_ta_list_remove(ta_number,
14444 device_p->handles.auth[auth_fd_hash(tid.file.inode)],
14445 &tid.file.inode);
14446 #endif
14447 #if defined(CONFIG_RSBAC_CAP)
14448 rsbac_ta_list_remove(ta_number,
14449 device_p->handles.cap[cap_fd_hash(tid.file.inode)],
14450 &tid.file.inode);
14451 #endif
14452 #if defined(CONFIG_RSBAC_PAX)
14453 rsbac_ta_list_remove(ta_number,
14454 device_p->handles.pax[pax_fd_hash(tid.file.inode)],
14455 &tid.file.inode);
14456 #endif
14457 #if defined(CONFIG_RSBAC_RES)
14458 rsbac_ta_list_remove(ta_number,
14459 device_p->handles.res[res_fd_hash(tid.file.inode)],
14460 &tid.file.inode);
14461 #endif
14462
14463 /* free access to device_list_head */
14464 rsbac_read_unlock(&device_list_head.lock, &dflags);
14465 break;
14466
14467 case T_DEV:
14468 {
14469 if(tid.dev.type > D_char)
14470 return -RSBAC_EINVALIDTARGET;
14471 /*
14472 #ifdef CONFIG_RSBAC_DEBUG
14473 if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n",
14474 "rsbac_remove_target(): Removing dev ACI");
14475 #endif
14476 */
14477 rsbac_ta_list_remove(ta_number,
14478 dev_handles.gen,
14479 &tid.dev);
14480 #if defined(CONFIG_RSBAC_MAC)
14481 rsbac_ta_list_remove(ta_number,
14482 dev_handles.mac,
14483 &tid.dev);
14484 #endif
14485 #if defined(CONFIG_RSBAC_PM)
14486 rsbac_ta_list_remove(ta_number,
14487 dev_handles.pm,
14488 &tid.dev);
14489 #endif
14490 #if defined(CONFIG_RSBAC_RC)
14491 rsbac_ta_list_remove(ta_number,
14492 dev_handles.rc,
14493 &tid.dev);
14494 #endif
14495 }
14496 break;
14497
14498 case T_IPC:
14499 /*
14500 #ifdef CONFIG_RSBAC_DEBUG
14501 if (rsbac_debug_ds)
14502 rsbac_printk(KERN_DEBUG
14503 "rsbac_remove_target(): Removing ipc ACI\n");
14504 #endif
14505 */
14506 #if defined(CONFIG_RSBAC_MAC)
14507 rsbac_ta_list_remove(ta_number,
14508 ipc_handles.mac,
14509 &tid.ipc);
14510 #endif
14511 #if defined(CONFIG_RSBAC_PM)
14512 rsbac_ta_list_remove(ta_number,
14513 ipc_handles.pm,
14514 &tid.ipc);
14515 #endif
14516 #if defined(CONFIG_RSBAC_RC)
14517 rsbac_ta_list_remove(ta_number,
14518 ipc_handles.rc,
14519 &tid.ipc);
14520 #endif
14521 #if defined(CONFIG_RSBAC_JAIL)
14522 rsbac_ta_list_remove(ta_number,
14523 ipc_handles.jail,
14524 &tid.ipc);
14525 #endif
14526 break;
14527
14528 case T_USER:
14529 /*
14530 #ifdef CONFIG_RSBAC_DEBUG
14531 if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n",
14532 "rsbac_remove_target(): Removing user ACI");
14533 #endif
14534 */
14535 rsbac_ta_list_remove(ta_number,
14536 user_handles.gen,
14537 &tid.user);
14538 #if defined(CONFIG_RSBAC_MAC)
14539 rsbac_ta_list_remove(ta_number,
14540 user_handles.mac,
14541 &tid.user);
14542 #endif
14543 #if defined(CONFIG_RSBAC_PM)
14544 rsbac_ta_list_remove(ta_number,
14545 user_handles.pm,
14546 &tid.user);
14547 #endif
14548 #if defined(CONFIG_RSBAC_DAZ)
14549 rsbac_ta_list_remove(ta_number,
14550 user_handles.daz,
14551 &tid.user);
14552 #endif
14553 #if defined(CONFIG_RSBAC_FF)
14554 rsbac_ta_list_remove(ta_number,
14555 user_handles.ff,
14556 &tid.user);
14557 #endif
14558 #if defined(CONFIG_RSBAC_RC)
14559 rsbac_ta_list_remove(ta_number,
14560 user_handles.rc,
14561 &tid.user);
14562 #endif
14563 #if defined(CONFIG_RSBAC_AUTH)
14564 rsbac_ta_list_remove(ta_number,
14565 user_handles.auth,
14566 &tid.user);
14567 #endif
14568 #if defined(CONFIG_RSBAC_CAP)
14569 rsbac_ta_list_remove(ta_number,
14570 user_handles.cap,
14571 &tid.user);
14572 #endif
14573 #if defined(CONFIG_RSBAC_JAIL)
14574 rsbac_ta_list_remove(ta_number,
14575 user_handles.jail,
14576 &tid.user);
14577 #endif
14578 #if defined(CONFIG_RSBAC_PAX)
14579 rsbac_ta_list_remove(ta_number,
14580 user_handles.pax,
14581 &tid.user);
14582 #endif
14583 #if defined(CONFIG_RSBAC_RES)
14584 rsbac_ta_list_remove(ta_number,
14585 user_handles.res,
14586 &tid.user);
14587 #endif
14588 break;
14589
14590 case T_PROCESS:
14591 /* too noisy... kicked out.
14592 #ifdef CONFIG_RSBAC_DEBUG
14593 if (rsbac_debug_ds)
14594 rsbac_printk(KERN_DEBUG
14595 "rsbac_remove_target(): Removing process ACI\n");
14596 #endif
14597 */
14598 #if defined(CONFIG_RSBAC_ACL)
14599 /* process items can also have an acl_p_item -> remove first */
14600 error = rsbac_acl_remove_acl(ta_number, target, tid);
14601 #endif
14602 rsbac_ta_list_remove(ta_number,
14603 process_handles.gen[gen_p_hash(tid.process)],
14604 &tid.process);
14605 #if defined(CONFIG_RSBAC_MAC)
14606 /* process items can also have mac_p_trusets -> remove first */
14607 error = rsbac_mac_remove_p_trusets(tid.process);
14608 rsbac_ta_list_remove(ta_number,
14609 process_handles.mac[mac_p_hash(tid.process)],
14610 &tid.process);
14611 #endif
14612 #if defined(CONFIG_RSBAC_PM)
14613 rsbac_ta_list_remove(ta_number,
14614 process_handles.pm,
14615 &tid.process);
14616 #endif
14617 #if defined(CONFIG_RSBAC_DAZ)
14618 rsbac_ta_list_remove(ta_number,
14619 process_handles.daz,
14620 &tid.process);
14621 #endif
14622 #if defined(CONFIG_RSBAC_RC)
14623 rsbac_ta_list_remove(ta_number,
14624 process_handles.rc[rc_p_hash(tid.process)],
14625 &tid.process);
14626 #endif
14627 #if defined(CONFIG_RSBAC_AUTH)
14628 /* process items can also have auth_p_capsets -> remove first */
14629 error = rsbac_auth_remove_p_capsets(tid.process);
14630 rsbac_ta_list_remove(ta_number,
14631 process_handles.auth,
14632 &tid.process);
14633 #endif
14634 #if defined(CONFIG_RSBAC_CAP)
14635 rsbac_ta_list_remove(ta_number,
14636 process_handles.cap,
14637 &tid.process);
14638 #endif
14639 #if defined(CONFIG_RSBAC_JAIL)
14640 rsbac_ta_list_remove(ta_number,
14641 process_handles.jail[jail_p_hash(tid.process)],
14642 &tid.process);
14643 #endif
14644 break;
14645
14646 #ifdef CONFIG_RSBAC_UM
14647 case T_GROUP:
14648 /*
14649 #ifdef CONFIG_RSBAC_DEBUG
14650 if (rsbac_debug_ds)
14651 rsbac_printk(KERN_DEBUG
14652 "rsbac_remove_target(): Removing group ACI\n");
14653 #endif
14654 */
14655 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14656 rsbac_ta_list_remove(ta_number,
14657 group_handles.rc,
14658 &tid.group);
14659 #endif
14660 break;
14661 #endif /* CONFIG_RSBAC_UM */
14662
14663 #ifdef CONFIG_RSBAC_NET_DEV
14664 case T_NETDEV:
14665 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14666 rsbac_ta_list_remove(ta_number,
14667 netdev_handles.gen,
14668 &tid.netdev);
14669 #endif
14670 #if defined(CONFIG_RSBAC_RC)
14671 rsbac_ta_list_remove(ta_number,
14672 netdev_handles.rc,
14673 &tid.netdev);
14674 #endif
14675 break;
14676 #endif
14677
14678 #ifdef CONFIG_RSBAC_NET_OBJ
14679 case T_NETTEMP:
14680 /* too noisy... kicked out.
14681 #ifdef CONFIG_RSBAC_DEBUG
14682 if (rsbac_debug_ds)
14683 rsbac_printk(KERN_DEBUG
14684 "rsbac_remove_target(): Removing nettemp ACI\n");
14685 #endif
14686 */
14687 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14688 rsbac_ta_list_remove(ta_number,
14689 nettemp_handles.gen,
14690 &tid.nettemp);
14691 #endif
14692 #if defined(CONFIG_RSBAC_MAC)
14693 rsbac_ta_list_remove(ta_number,
14694 nettemp_handles.mac,
14695 &tid.nettemp);
14696 #endif
14697 #if defined(CONFIG_RSBAC_PM)
14698 rsbac_ta_list_remove(ta_number,
14699 nettemp_handles.pm,
14700 &tid.nettemp);
14701 #endif
14702 #if defined(CONFIG_RSBAC_RC)
14703 rsbac_ta_list_remove(ta_number,
14704 nettemp_handles.rc,
14705 &tid.nettemp);
14706 #endif
14707 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
14708 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid);
14709 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid);
14710 #endif
14711 break;
14712
14713 case T_NETOBJ:
14714 /* too noisy... kicked out.
14715 #ifdef CONFIG_RSBAC_DEBUG
14716 if (rsbac_debug_ds)
14717 rsbac_printk(KERN_DEBUG
14718 "rsbac_remove_target(): Removing netobj ACI\n");
14719 #endif
14720 */
14721 #if defined(CONFIG_RSBAC_MAC)
14722 rsbac_ta_list_remove(ta_number,
14723 lnetobj_handles.mac,
14724 &tid.netobj.sock_p);
14725 rsbac_ta_list_remove(ta_number,
14726 rnetobj_handles.mac,
14727 &tid.netobj.sock_p);
14728 #endif
14729 #if defined(CONFIG_RSBAC_PM)
14730 rsbac_ta_list_remove(ta_number,
14731 lnetobj_handles.pm,
14732 &tid.netobj.sock_p);
14733 rsbac_ta_list_remove(ta_number,
14734 rnetobj_handles.pm,
14735 &tid.netobj.sock_p);
14736 #endif
14737 #if defined(CONFIG_RSBAC_RC)
14738 rsbac_ta_list_remove(ta_number,
14739 lnetobj_handles.rc,
14740 &tid.netobj.sock_p);
14741 rsbac_ta_list_remove(ta_number,
14742 rnetobj_handles.rc,
14743 &tid.netobj.sock_p);
14744 #endif
14745 break;
14746
14747 #endif /* NET_OBJ */
14748
14749 default:
14750 return(-RSBAC_EINVALIDTARGET);
14751 }
14752 #ifdef CONFIG_RSBAC_XSTATS
14753 remove_count[target]++;
14754 #endif
14755 return(error);
14756 } /* end of rsbac_remove_target() */
|
|
||||||||||||||||||||||||||||
|
Definition at line 14239 of file aci_data_structures.c. References rsbac_target_id_t::dev, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), set_attr_dev(), set_attr_fd(), set_attr_ipc(), set_attr_process(), set_attr_user(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, and T_USER. Referenced by rsbac_pm(), sys_rsbac_set_attr(), and sys_rsbac_set_attr_n(). 14246 {
14247 int err = 0;
14248 /*
14249 #ifdef CONFIG_RSBAC_DEBUG
14250 char tmp[RSBAC_MAXNAMELEN];
14251 #endif
14252 */
14253 if (!rsbac_initialized)
14254 {
14255 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n");
14256 return(-RSBAC_ENOTINITIALIZED);
14257 }
14258 if (in_interrupt())
14259 {
14260 rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n");
14261 }
14262 switch (target)
14263 {
14264 case T_FILE:
14265 case T_DIR:
14266 case T_FIFO:
14267 case T_SYMLINK:
14268 err = set_attr_fd(ta_number, module, target, &tid, attr, &value);
14269 break;
14270
14271 case T_DEV:
14272 err = set_attr_dev(ta_number, module, target, tid.dev, attr, &value);
14273 break;
14274
14275 case T_IPC:
14276 err = set_attr_ipc(ta_number, module, target, &tid, attr, &value);
14277 break;
14278
14279 case T_USER:
14280 err = set_attr_user(ta_number, module, target, &tid, attr, &value);
14281 break;
14282
14283 case T_PROCESS:
14284 err = set_attr_process(ta_number, module, target, &tid, attr, &value);
14285 break;
14286
14287 #ifdef CONFIG_RSBAC_UM
14288 case T_GROUP:
14289 err = set_attr_group(ta_number, module, target, &tid, attr, &value);
14290 break;
14291 #endif /* CONFIG_RSBAC_UM */
14292
14293 #ifdef CONFIG_RSBAC_NET_DEV
14294 case T_NETDEV:
14295 err = set_attr_netdev(ta_number, module, target, &tid, attr, &value);
14296 break;
14297 #endif
14298
14299 #ifdef CONFIG_RSBAC_NET_OBJ
14300 case T_NETTEMP:
14301 err = set_attr_nettemp(ta_number, module, target, &tid, attr, &value);
14302 break;
14303
14304 case T_NETOBJ:
14305 err = set_attr_netobj(ta_number, module, target, &tid, attr, &value);
14306 break;
14307 #endif /* NET_OBJ */
14308
14309 /* switch(target): no valid target */
14310 default:
14311 return(-RSBAC_EINVALIDTARGET);
14312 }
14313 #ifdef CONFIG_RSBAC_XSTATS
14314 if(!err)
14315 set_attr_count[target]++;
14316 #endif
14317 return(err);
14318 } /* end of rsbac_set_attr() */
|
|
||||||||||||
|
Definition at line 8456 of file aci_data_structures.c. References device_list_head, lookup_device(), NULL, remove_device_item(), rsbac_debug_no_write, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_umount(), rsbac_printk(), rsbac_umount_acl(), rsbac_umount_auth(), rsbac_umount_mac(), rsbac_umount_reg(), rsbac_write(), rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE. Referenced by rsbac_aef_sb_umount(). 08457 {
08458 u_long flags;
08459 struct rsbac_device_list_item_t * device_p;
08460 kdev_t kdev;
08461
08462 if(!sb_p)
08463 {
08464 rsbac_printk(KERN_WARNING
08465 "rsbac_umount(): called with NULL pointer\n");
08466 return -RSBAC_EINVALIDPOINTER;
08467 }
08468 if (!rsbac_initialized)
08469 {
08470 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
08471
08472 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08473 if( (sb_p->s_magic == SYSFS_MAGIC)
08474 && !RSBAC_MAJOR(sb_p->s_dev)
08475 && sysfs_sb_p
08476 && sysfs_covered_p
08477 )
08478 {
08479 rsbac_printk(KERN_WARNING
08480 "rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
08481 sysfs_sb_p = NULL;
08482 sysfs_covered_p = NULL;
08483 }
08484 #endif
08485 #ifdef CONFIG_DEVFS_MOUNT
08486 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
08487 && !RSBAC_MAJOR(sb_p->s_dev)
08488 && devfs_sb_p
08489 && devfs_covered_p
08490 )
08491 {
08492 rsbac_printk(KERN_WARNING
08493 "rsbac_umount(): devfs umount detected, removing auto-mount values\n");
08494 devfs_sb_p = NULL;
08495 devfs_covered_p = NULL;
08496 }
08497 #endif
08498
08499 return(-RSBAC_ENOTINITIALIZED);
08500 }
08501
08502 #ifdef CONFIG_RSBAC_DEBUG
08503 if (rsbac_debug_ds)
08504 {
08505 rsbac_printk(KERN_DEBUG "rsbac_umount(): umounting device %02u:%02u\n",
08506 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08507 }
08508 #endif
08509
08510 kdev = sb_p->s_dev;
08511
08512 /* sync attribute lists */
08513 #if defined(CONFIG_RSBAC_AUTO_WRITE)
08514 if(!rsbac_debug_no_write)
08515 {
08516 down(&rsbac_write_sem);
08517 /* recheck no_write with lock - might have been set in between */
08518 if(!rsbac_debug_no_write)
08519 {
08520 rsbac_write(TRUE);
08521 }
08522 up(&rsbac_write_sem);
08523 }
08524 #endif /* CONFIG_RSBAC_AUTO_WRITE */
08525 /* call other umount functions */
08526 /****** MAC *******/
08527 #if defined(CONFIG_RSBAC_MAC)
08528 rsbac_umount_mac(kdev);
08529 #endif
08530 /****** AUTH *******/
08531 #if defined(CONFIG_RSBAC_AUTH)
08532 rsbac_umount_auth(kdev);
08533 #endif
08534 /****** ACL *******/
08535 #if defined(CONFIG_RSBAC_ACL)
08536 rsbac_umount_acl(kdev);
08537 #endif
08538 /****** REG *******/
08539 #if defined(CONFIG_RSBAC_REG)
08540 rsbac_umount_reg(kdev);
08541 #endif /* REG */
08542
08543 /* wait for write access to device_list_head */
08544 rsbac_write_lock(&device_list_head.lock, &flags);
08545 /* OK, nobody else is working on it... */
08546 device_p = lookup_device(kdev);
08547 if(device_p)
08548 {
08549 if(device_p->mount_count == 1)
08550 {
08551 /* Generic lists */
08552 rsbac_list_umount(kdev);
08553 remove_device_item(kdev);
08554 }
08555 else
08556 {
08557 if(device_p->mount_count > 1)
08558 {
08559 device_p->mount_count--;
08560 if(device_p->d_covers == d_covers)
08561 {
08562 rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
08563 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
08564 device_p->d_covers = NULL;
08565 }
08566 }
08567 else
08568 {
08569 rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n",
08570 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
08571 }
08572 }
08573 }
08574 /* allow access */
08575 rsbac_write_unlock(&device_list_head.lock, &flags);
08576
08577 return(0);
08578 }
|
1.4.2