aci_data_structures.c File Reference

#include <linux/types.h>
#include <linux/version.h>
#include <linux/fs.h>
#include <linux/sched.h>
#include <linux/quotaops.h>
#include <linux/proc_fs.h>
#include <linux/msdos_fs.h>
#include <linux/iso_fs.h>
#include <linux/nfs_fs.h>
#include <linux/ext2_fs.h>
#include <linux/coda.h>
#include <linux/initrd.h>
#include <linux/security.h>
#include <linux/syscalls.h>
#include <linux/coda_psdev.h>
#include <linux/ncp_fs.h>
#include <linux/smb.h>
#include <linux/dnotify.h>
#include <linux/mm.h>
#include <linux/blkdev.h>
#include <linux/init.h>
#include <linux/config.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <linux/inetdevice.h>
#include <asm/uaccess.h>
#include <asm/atomic.h>
#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/aci_data_structures.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/fs.h>
#include <rsbac/getname.h>
#include <rsbac/net_getname.h>
#include <rsbac/adf.h>
#include <rsbac/adf_main.h>
#include <rsbac/reg.h>
#include <rsbac/rkmem.h>
#include <rsbac/gen_lists.h>
#include <linux/string.h>
#include <linux/kdev_t.h>
#include <linux/smp_lock.h>

Go to the source code of this file.

Defines
#define	check_parent(dir, dentry)   ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket))
Functions
	DECLARE_MUTEX (rsbac_write_sem)
static struct rsbac_device_list_item_t *	lookup_device (kdev_t)
static int	gen_fd_hash (u_long inode)
static int	gen_p_hash (rsbac_pid_t pid)
rsbac_boolean_t	writable (struct super_block *sb_p)
static int	lookup_aci_path_dentry (struct super_block *sb_p, struct dentry **dir_dentry_pp, rsbac_boolean_t create_dir, kdev_t kdev)
static int	dev_compare (void *desc1, void *desc2)
static int	dev_major_compare (void *desc1, void *desc2)
static int	ipc_compare (void *desc1, void *desc2)
static int	gen_fd_conv (void *old_desc, void *old_data, void *new_desc, void *new_data)
static int	gen_fd_old_conv (void *old_desc, void *old_data, void *new_desc, void *new_data)
static int	gen_fd_old_old_conv (void *old_desc, void *old_data, void *new_desc, void *new_data)
rsbac_list_conv_function_t *	gen_fd_get_conv (rsbac_version_t old_version)
static int	gen_dev_conv (void *old_desc, void *old_data, void *new_desc, void *new_data)
rsbac_list_conv_function_t *	gen_dev_get_conv (rsbac_version_t old_version)
static int	register_fd_lists (struct rsbac_device_list_item_t *device_p, kdev_t kdev)
static int	aci_detach_fd_lists (struct rsbac_device_list_item_t *device_p)
static struct rsbac_device_list_item_t *	create_device_item (struct super_block *sb_p, struct dentry *d_covers)
static struct rsbac_device_list_item_t *	add_device_item (struct rsbac_device_list_item_t *device_p)
static void	clear_device_item (struct rsbac_device_list_item_t *item_p)
static void	remove_device_item (kdev_t kdev)
static int	rsbac_clear_file (struct dentry *dentry)
static void	wakeup_auto (u_long dummy)
super_block *	rsbac_get_super_block (kdev_t kdev)
int	rsbac_read_open (char *name, struct file *file_p, kdev_t kdev)
int	rsbac_write_open (char *name, struct file *file_p, kdev_t kdev)
void	rsbac_read_close (struct file *file_p)
void	rsbac_write_close (struct file *file_p)
int	rsbac_get_full_path (struct dentry *dentry_p, char path[], int maxlen)
int	rsbac_get_full_path_length (struct dentry *dentry_p)
static void __init	registration_error (int err, char *listname)
static int __init	register_dev_lists (void)
static int __init	register_ipc_lists (void)
static int __init	register_user_lists (void)
static int __init	register_process_lists (void)
static int __init	rsbac_do_init (void)
int __init	rsbac_init (kdev_t root_dev)
rsbac_boolean_t	rsbac_is_initialized (void)
int	rsbac_kthread_notify (rsbac_pid_t pid)
int	rsbac_mount (struct super_block *sb_p, struct dentry *d_covers)
int	rsbac_umount (struct super_block *sb_p, struct dentry *d_covers)
int	rsbac_free_dat_dentries (void)
int	rsbac_stats (void)
int	rsbac_check_inode (struct super_block *sb_p, rsbac_inode_nr_t inode)
int	rsbac_get_parent (enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t *parent_target_p, union rsbac_target_id_t *parent_tid_p)
static int	get_attr_fd (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
static int	get_attr_dev (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, struct rsbac_dev_desc_t dev, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
static int	get_attr_ipc (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
static int	get_attr_user (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
static int	get_attr_process (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
int	rsbac_ta_get_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit)
static int	set_attr_fd (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p)
static int	set_attr_dev (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, struct rsbac_dev_desc_t dev, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p)
static int	set_attr_ipc (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p)
static int	set_attr_user (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p)
static int	set_attr_process (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p)
int	rsbac_ta_set_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value)
int	rsbac_ta_remove_target (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t tid)
int	rsbac_ta_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t **id_pp)
static int	copy_new_uids (rsbac_list_handle_t list, rsbac_list_ta_number_t ta_number, int *count_p, int *i_count_p, rsbac_uid_t *res_id_p)
int	rsbac_ta_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t **id_pp)
int	rsbac_ta_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t **id_pp)
Variables
static rsbac_boolean_t	rsbac_initialized = FALSE
static char	compiled_modules [80]
kdev_t	rsbac_root_dev
static struct rsbac_device_list_head_t	device_list_head
static struct rsbac_dev_handles_t	dev_handles
static struct rsbac_dev_handles_t	dev_major_handles
static struct rsbac_ipc_handles_t	ipc_handles
static struct rsbac_user_handles_t	user_handles
static struct rsbac_process_handles_t	process_handles
static struct rsbac_gen_fd_aci_t	def_gen_root_dir_aci = DEFAULT_GEN_ROOT_DIR_ACI
static struct rsbac_gen_fd_aci_t	def_gen_fd_aci = DEFAULT_GEN_FD_ACI
static struct dentry *	sysfs_covered_p = NULL
static struct super_block *	sysfs_sb_p = NULL

---

Define Documentation

#define check_parent (  dir, dentry   )     ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket))

Definition at line 2262 of file aci_data_structures.c. Referenced by rsbac_write_open().

---

Function Documentation

static int aci_detach_fd_lists (  struct rsbac_device_list_item_t *  device_p  )  [static]

Definition at line 1630 of file aci_data_structures.c. References get_error_name(), RSBAC_EINVALIDPOINTER, RSBAC_GEN_FD_ACI_KEY, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_detach(), RSBAC_MAXNAMELEN, and rsbac_printk(). Referenced by remove_device_item(). { int err = 0; int tmperr; u_int file_no; if(!device_p) return(-RSBAC_EINVALIDPOINTER); /* detach all general lists */ for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++) { tmperr = rsbac_list_detach(&device_p->handles.gen[file_no], RSBAC_GEN_FD_ACI_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from general list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #if defined(CONFIG_RSBAC_MAC) /* detach all MAC lists */ for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++) { tmperr = rsbac_list_detach(&device_p->handles.mac[file_no], RSBAC_MAC_FD_ACI_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from MAC list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #if defined(CONFIG_RSBAC_PM) /* detach all PM lists */ for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++) { tmperr = rsbac_list_detach(&device_p->handles.pm[file_no], RSBAC_PM_FD_ACI_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from PM list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #if defined(CONFIG_RSBAC_DAZ) /* detach all DAZ lists */ for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++) { tmperr = rsbac_list_detach(&device_p->handles.daz[file_no], RSBAC_DAZ_FD_ACI_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from DAZ list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #if defined(CONFIG_RSBAC_DAZ_CACHE) /* detach all DAZ scanned lists */ for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++) { tmperr = rsbac_list_detach(&device_p->handles.dazs[file_no], RSBAC_DAZ_FD_ACI_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from DAZ scanned list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #endif #if defined(CONFIG_RSBAC_FF) /* detach all FF lists */ for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++) { tmperr = rsbac_list_detach(&device_p->handles.ff[file_no], RSBAC_FF_FD_ACI_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from FF list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #if defined(CONFIG_RSBAC_RC) /* detach all RC lists */ for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++) { tmperr = rsbac_list_detach(&device_p->handles.rc[file_no], RSBAC_RC_FD_ACI_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from RC list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #if defined(CONFIG_RSBAC_AUTH) /* detach all AUTH lists */ for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++) { tmperr = rsbac_list_detach(&device_p->handles.auth[file_no], RSBAC_AUTH_FD_ACI_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from AUTH list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #if defined(CONFIG_RSBAC_CAP) /* detach all CAP lists */ for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++) { tmperr = rsbac_list_detach(&device_p->handles.cap[file_no], RSBAC_CAP_FD_ACI_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from CAP list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #if defined(CONFIG_RSBAC_PAX) /* detach all PAX lists */ for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++) { tmperr = rsbac_list_detach(&device_p->handles.pax[file_no], RSBAC_PAX_FD_ACI_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from PAX list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #if defined(CONFIG_RSBAC_RES) /* detach all RES lists */ for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++) { tmperr = rsbac_list_detach(&device_p->handles.res[file_no], RSBAC_RES_FD_ACI_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "detach_fd_lists(): detaching from RES list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif return err; }

static struct rsbac_device_list_item_t* add_device_item (  struct rsbac_device_list_item_t *  device_p  )  [static]

Definition at line 1950 of file aci_data_structures.c. References device_list_head, and NULL. Referenced by rsbac_do_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac(). { if (!device_p) return(NULL); /* add new device to device list */ if (!device_list_head.head) { /* first device */ device_list_head.head=device_p; device_list_head.tail=device_p; device_list_head.curr=device_p; device_list_head.count=1; device_p->prev=NULL; device_p->next=NULL; } else { /* there is another device -> hang to tail */ device_p->prev=device_list_head.tail; device_p->next=NULL; device_list_head.tail->next=device_p; device_list_head.tail=device_p; device_list_head.curr=device_p; device_list_head.count++; } return(device_p); }

static void clear_device_item (  struct rsbac_device_list_item_t *  item_p  )  [static]

Definition at line 1984 of file aci_data_structures.c. References rsbac_kfree(). Referenced by remove_device_item(), rsbac_do_init(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac(). { if(!item_p) return; /* dput() rsbac_dir_dentry_p, if set */ if(item_p->rsbac_dir_dentry_p) dput(item_p->rsbac_dir_dentry_p); /* OK, lets remove the device item itself */ rsbac_kfree(item_p); } /* end of clear_device_item() */

static int copy_new_uids (  rsbac_list_handle_t  list, rsbac_list_ta_number_t  ta_number, int *  count_p, int *  i_count_p, rsbac_uid_t *  res_id_p )  [static]

Definition at line 14917 of file aci_data_structures.c. References FALSE, NULL, RSBAC_EINVALIDPOINTER, rsbac_ta_list_get_all_desc(), rsbac_vfree, and TRUE. Referenced by rsbac_ta_list_all_user(). { rsbac_uid_t * i_id_p = NULL; rsbac_boolean_t found; int tmp_count; int i; int j; if(!list || !count_p || !i_count_p || !res_id_p) return -RSBAC_EINVALIDPOINTER; if(!*i_count_p) return 0; // rsbac_printk(KERN_DEBUG "copy_new_uids: list %p, ta_number %u, count %u, i_count %u, res_id_p %p, res_id_p[0] %u\n", // list, ta_number, *count_p, *i_count_p, res_id_p, res_id_p[0]); tmp_count = rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p); if(tmp_count > 0) { if(tmp_count > *i_count_p) tmp_count = *i_count_p; for(i=0; i < tmp_count; i++) { found = FALSE; for(j=0; j < *count_p; j++) { if(res_id_p[j] == i_id_p[i]) { found = TRUE; break; } } if(found == FALSE) { res_id_p[*count_p] = i_id_p[i]; (*count_p)++; (*i_count_p)--; } } rsbac_vfree(i_id_p); } return 0; }

static struct rsbac_device_list_item_t* create_device_item (  struct super_block *  sb_p, struct dentry *  d_covers )  [static]

Definition at line 1928 of file aci_data_structures.c. References NULL, and rsbac_kmalloc(). Referenced by rsbac_do_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac(). { struct rsbac_device_list_item_t * new_item_p; if(!sb_p) return NULL; /* allocate memory for new device, return NULL, if failed */ if ( !(new_item_p = (struct rsbac_device_list_item_t *) rsbac_kmalloc(sizeof(*new_item_p)) ) ) return(NULL); memset(new_item_p, 0, sizeof(*new_item_p)); new_item_p->id = sb_p->s_dev; new_item_p->sb_p = sb_p; new_item_p->d_covers = d_covers; new_item_p->mount_count = 1; /* everything else is 0 by memset -> return */ return(new_item_p); }

DECLARE_MUTEX (  rsbac_write_sem   )

static int dev_compare (  void *  desc1, void *  desc2 )  [static]

Definition at line 620 of file aci_data_structures.c. References rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, and rsbac_dev_desc_t::type. Referenced by register_dev_lists(), and rsbac_init_acl(). { int result; struct rsbac_dev_desc_t * i_desc1 = desc1; struct rsbac_dev_desc_t * i_desc2 = desc2; result = memcmp(&i_desc1->type, &i_desc2->type, sizeof(i_desc1->type)); if(result) return result; result = memcmp(&i_desc1->major, &i_desc2->major, sizeof(i_desc1->major)); if(result) return result; return memcmp(&i_desc1->minor, &i_desc2->minor, sizeof(i_desc1->minor)); }

static int dev_major_compare (  void *  desc1, void *  desc2 )  [static]

Definition at line 641 of file aci_data_structures.c. References rsbac_dev_desc_t::major, and rsbac_dev_desc_t::type. Referenced by register_dev_lists(), and rsbac_init_acl(). { int result; struct rsbac_dev_desc_t * i_desc1 = desc1; struct rsbac_dev_desc_t * i_desc2 = desc2; result = memcmp(&i_desc1->type, &i_desc2->type, sizeof(i_desc1->type)); if(result) return result; return memcmp(&i_desc1->major, &i_desc2->major, sizeof(i_desc1->major)); }

static int gen_dev_conv (  void *  old_desc, void *  old_data, void *  new_desc, void *  new_data )  [static]

Definition at line 772 of file aci_data_structures.c. Referenced by gen_dev_get_conv(). { struct rsbac_dev_desc_t * new = new_desc; struct rsbac_dev_t * old = old_desc; memcpy(new_data, old_data, sizeof(struct rsbac_gen_dev_aci_t)); new->type = old->type; new->major = RSBAC_MAJOR(old->id); new->minor = RSBAC_MINOR(old->id); return 0; }

rsbac_list_conv_function_t* gen_dev_get_conv (  rsbac_version_t  old_version  )

Definition at line 788 of file aci_data_structures.c. References gen_dev_conv(), NULL, and RSBAC_GEN_DEV_OLD_ACI_VERSION. Referenced by register_dev_lists(). { switch(old_version) { case RSBAC_GEN_DEV_OLD_ACI_VERSION: return gen_dev_conv; default: return NULL; } }

static int gen_fd_conv (  void *  old_desc, void *  old_data, void *  new_desc, void *  new_data )  [static]

Definition at line 688 of file aci_data_structures.c. References rsbac_gen_fd_old_aci_t::auid_exempt, rsbac_gen_fd_aci_t::auid_exempt, rsbac_gen_fd_old_aci_t::fake_root_uid, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_gen_fd_old_aci_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_gen_fd_old_aci_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_gen_fd_old_aci_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_gen_fd_old_aci_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, rsbac_gen_fd_old_aci_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_gen_fd_old_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_gen_fd_old_aci_t::symlink_add_uid, and rsbac_gen_fd_aci_t::symlink_add_uid. Referenced by gen_fd_get_conv(). { struct rsbac_gen_fd_aci_t * new_aci = new_data; struct rsbac_gen_fd_old_aci_t * old_aci = old_data; memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); new_aci->log_array_low = old_aci->log_array_low; new_aci->log_array_high = old_aci->log_array_high; new_aci->log_program_based = old_aci->log_program_based; new_aci->symlink_add_remote_ip = 0; new_aci->symlink_add_uid = old_aci->symlink_add_uid; new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level; new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role; new_aci->linux_dac_disable = old_aci->linux_dac_disable; new_aci->fake_root_uid = old_aci->fake_root_uid; new_aci->auid_exempt = old_aci->auid_exempt; return 0; }

rsbac_list_conv_function_t* gen_fd_get_conv (  rsbac_version_t  old_version  )

Definition at line 757 of file aci_data_structures.c. References gen_fd_conv(), gen_fd_old_conv(), gen_fd_old_old_conv(), NULL, RSBAC_GEN_FD_OLD_ACI_VERSION, RSBAC_GEN_FD_OLD_OLD_ACI_VERSION, and RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION. Referenced by register_fd_lists(). { switch(old_version) { case RSBAC_GEN_FD_OLD_ACI_VERSION: return gen_fd_conv; case RSBAC_GEN_FD_OLD_OLD_ACI_VERSION: return gen_fd_old_conv; case RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION: return gen_fd_old_old_conv; default: return NULL; } }

static int gen_fd_hash (  u_long  inode  )  [inline, static]

Definition at line 224 of file aci_data_structures.c. Referenced by get_attr_fd(), rsbac_ta_remove_target(), and set_attr_fd(). { return(inode % RSBAC_GEN_NR_FD_LISTS); }

static int gen_fd_old_conv (  void *  old_desc, void *  old_data, void *  new_desc, void *  new_data )  [static]

Definition at line 711 of file aci_data_structures.c. References rsbac_gen_fd_aci_t::auid_exempt, rsbac_gen_fd_old_aci_t::fake_root_uid, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_gen_fd_old_aci_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_gen_fd_old_aci_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_gen_fd_old_aci_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_gen_fd_old_aci_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, RSBAC_NO_USER, rsbac_gen_fd_old_aci_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_gen_fd_old_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_gen_fd_old_aci_t::symlink_add_uid, and rsbac_gen_fd_aci_t::symlink_add_uid. Referenced by gen_fd_get_conv(). { struct rsbac_gen_fd_aci_t * new_aci = new_data; struct rsbac_gen_fd_old_aci_t * old_aci = old_data; memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); new_aci->log_array_low = old_aci->log_array_low; new_aci->log_array_high = old_aci->log_array_high; new_aci->log_program_based = old_aci->log_program_based; new_aci->symlink_add_remote_ip = 0; new_aci->symlink_add_uid = old_aci->symlink_add_uid; new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level; new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role; new_aci->linux_dac_disable = old_aci->linux_dac_disable; new_aci->fake_root_uid = old_aci->fake_root_uid; new_aci->auid_exempt = RSBAC_NO_USER; return 0; }

static int gen_fd_old_old_conv (  void *  old_desc, void *  old_data, void *  new_desc, void *  new_data )  [static]

Definition at line 734 of file aci_data_structures.c. References rsbac_gen_fd_aci_t::auid_exempt, rsbac_gen_fd_aci_t::fake_root_uid, FR_off, rsbac_gen_fd_old_old_aci_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_gen_fd_old_old_aci_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_gen_fd_old_old_aci_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_gen_fd_old_old_aci_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, RSBAC_NO_USER, rsbac_gen_fd_old_old_aci_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_gen_fd_old_old_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_gen_fd_old_old_aci_t::symlink_add_uid, and rsbac_gen_fd_aci_t::symlink_add_uid. Referenced by gen_fd_get_conv(). { struct rsbac_gen_fd_aci_t * new_aci = new_data; struct rsbac_gen_fd_old_old_aci_t * old_aci = old_data; memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); new_aci->log_array_low = old_aci->log_array_low; new_aci->log_array_high = old_aci->log_array_high; new_aci->log_program_based = old_aci->log_program_based; new_aci->symlink_add_remote_ip = 0; new_aci->symlink_add_uid = old_aci->symlink_add_uid; new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level; new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role; new_aci->linux_dac_disable = old_aci->linux_dac_disable; new_aci->fake_root_uid = FR_off; new_aci->auid_exempt = RSBAC_NO_USER; return 0; }

static int gen_p_hash (  rsbac_pid_t  pid  )  [inline, static]

Definition at line 228 of file aci_data_structures.c. Referenced by get_attr_process(), rsbac_ta_remove_target(), and set_attr_process(). { return(pid % CONFIG_RSBAC_GEN_NR_P_LISTS); }

static int get_attr_dev (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, struct rsbac_dev_desc_t  dev, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t *  value, rsbac_boolean_t  inherit )  [static]

Definition at line 10487 of file aci_data_structures.c. References A_log_array_high, A_log_array_low, A_mac_categories, A_mac_check, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, D_block, D_block_major, D_char, D_char_major, DEFAULT_GEN_DEV_ACI, dev_handles, dev_major_handles, GEN, rsbac_gen_dev_aci_t::log_array_high, rsbac_attribute_value_t::log_array_high, rsbac_gen_dev_aci_t::log_array_low, rsbac_attribute_value_t::log_array_low, MAC, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_check, NULL, PM, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, RC, rsbac_attribute_value_t::rc_type, RC_type_inherit_parent, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_RC_GENERAL_TYPE, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, and rsbac_dev_desc_t::type. Referenced by rsbac_ta_get_attr(). { int err = 0; /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_get_attr(): Getting dev attribute\n"); #endif */ switch(module) { case GEN: { struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI; rsbac_ta_list_get_data_ttl(ta_number, dev_handles.gen, NULL, &dev, &aci); switch (attr) { case A_log_array_low: value->log_array_low = aci.log_array_low; break; case A_log_array_high: value->log_array_high = aci.log_array_high; break; default: err = -RSBAC_EINVALIDATTR; } } break; #if defined(CONFIG_RSBAC_MAC) case MAC: { struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI; rsbac_ta_list_get_data_ttl(ta_number, dev_handles.mac, NULL, &dev, &aci); switch (attr) { case A_security_level: value->security_level = aci.sec_level; break; case A_mac_categories: value->mac_categories = aci.mac_categories; break; case A_mac_check: value->mac_check = aci.mac_check; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* MAC */ #if defined(CONFIG_RSBAC_PM) case PM: { struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI; rsbac_ta_list_get_data_ttl(ta_number, dev_handles.pm, NULL, &dev, &aci); switch (attr) { case A_pm_object_class: value->pm_object_class = aci.pm_object_class; break; case A_pm_object_type: value->pm_object_type = aci.pm_object_type; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* PM */ #if defined(CONFIG_RSBAC_RC) case RC: { rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE; switch(dev.type) { case D_char: case D_block: if(rsbac_ta_list_get_data_ttl(ta_number, dev_handles.rc, NULL, &dev, &type) || ( (type == RC_type_inherit_parent) && inherit ) ) rsbac_ta_list_get_data_ttl(ta_number, dev_major_handles.rc, NULL, &dev, &type); break; case D_char_major: case D_block_major: dev.type -= (D_block_major - D_block); rsbac_ta_list_get_data_ttl(ta_number, dev_major_handles.rc, NULL, &dev, &type); break; default: return -RSBAC_EINVALIDTARGET; } switch (attr) { case A_rc_type: value->rc_type = type; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* RC */ default: err = -RSBAC_EINVALIDMODULE; } /* and return */ return err; }

static int get_attr_fd (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, union rsbac_target_id_t *  tid_p, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t *  value, rsbac_boolean_t  inherit )  [static]

Definition at line 9892 of file aci_data_structures.c. References A_auid_exempt, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_daz_scanned, A_daz_scanner, A_fake_root_uid, A_ff_flags, A_linux_dac_disable, A_log_array_high, A_log_array_low, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_file_flags, A_mac_prop_trusted, A_max_caps, A_min_caps, A_pax_flags, A_pm_object_class, A_pm_object_type, A_pm_tp, A_rc_force_role, A_rc_initial_role, A_rc_type_fd, A_res_max, A_res_min, A_security_level, A_symlink_add_mac_level, A_symlink_add_rc_role, A_symlink_add_remote_ip, A_symlink_add_uid, rsbac_gen_fd_aci_t::auid_exempt, rsbac_attribute_value_t::auid_exempt, AUTH, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, CAP, DAZ, rsbac_attribute_value_t::daz_scanned, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_FD_ACI, device_list_head, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_attribute_value_t::fake_root_uid, FALSE, FF, FF_add_inherited, rsbac_attribute_value_t::ff_flags, FF_no_delete_or_rename, GEN, gen_fd_hash(), LDD_inherit, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_attribute_value_t::linux_dac_disable, rsbac_gen_fd_aci_t::log_array_high, rsbac_attribute_value_t::log_array_high, rsbac_gen_fd_aci_t::log_array_low, rsbac_attribute_value_t::log_array_low, rsbac_gen_fd_aci_t::log_program_based, rsbac_attribute_value_t::log_program_based, lookup_device(), MA_inherit, MAC, rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_file_flags, rsbac_attribute_value_t::mac_prop_trusted, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, PAX, rsbac_attribute_value_t::pax_flags, PM, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::pm_tp, RC, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_initial_role, RC_role_inherit_parent, rsbac_attribute_value_t::rc_type_fd, RC_type_inherit_parent, RES, rsbac_attribute_value_t::res_array, RSBAC_EINVALIDATTR, RSBAC_EINVALIDDEV, RSBAC_EINVALIDMODULE, RSBAC_FF_DEF, rsbac_get_parent(), RSBAC_MAC_INHERIT_CAT_VECTOR, rsbac_mount(), RSBAC_PAX_DEF_FLAGS, rsbac_printk(), rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SL_inherit, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_attribute_value_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_attribute_value_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_attribute_value_t::symlink_add_remote_ip, rsbac_gen_fd_aci_t::symlink_add_uid, rsbac_attribute_value_t::symlink_add_uid, and TRUE. Referenced by rsbac_ta_get_attr(). { int err = 0; struct rsbac_device_list_item_t * device_p; u_long dflags; #if defined(CONFIG_RSBAC_FF) rsbac_ff_flags_t ff_flags = 0; rsbac_ff_flags_t ff_tmp_flags; rsbac_ff_flags_t ff_mask = -1; #endif #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) if( !RSBAC_MAJOR(tid_p->file.device) && !RSBAC_MINOR(tid_p->file.device) ) return -RSBAC_EINVALIDDEV; #endif /* use loop for inheritance - used to be recursive calls */ for(;;) { /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_get_attr(): Getting file/dir/fifo/symlink attribute %u for device %02u:%02u, inode %lu, dentry_p %p\n", attr, RSBAC_MAJOR(tid_p->file.device),RSBAC_MINOR(tid_p->file.device), (u_long) tid_p->file.inode, tid_p->file.dentry_p); #endif */ /* wait for read access to device_list_head */ rsbac_read_lock(&device_list_head.lock, &dflags); /* OK, go on */ /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_get_attr(): passed device read lock\n"); #endif */ /* lookup device */ device_p = lookup_device(tid_p->file.device); if (!device_p) { struct super_block * sb_p; rsbac_read_unlock(&device_list_head.lock, &dflags); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) sb_p = user_get_super(tid_p->file.device); #else sb_p = get_super(tid_p->file.device); #endif if(sb_p) { rsbac_printk(KERN_INFO "rsbac_get_attr(): auto-mounting device %02u:%02u\n", RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device)); rsbac_mount(sb_p, NULL); /* free super_block pointer */ drop_super(sb_p); rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(tid_p->file.device); if (!device_p) { rsbac_printk(KERN_WARNING "rsbac_get_attr(): unknown device %02u:%02u\n", RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device)); rsbac_read_unlock(&device_list_head.lock, &dflags); return -RSBAC_EINVALIDDEV; } } else return -RSBAC_EINVALIDDEV; } switch(module) { case GEN: { struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI; if(attr == A_internal) { if(!device_p->rsbac_dir_inode || !tid_p->file.inode) value->internal = FALSE; else if(device_p->rsbac_dir_inode == tid_p->file.inode) value->internal = TRUE; else if(inherit) { enum rsbac_target_t parent_target; union rsbac_target_id_t parent_tid; /* inheritance possible? */ if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) { /* yes: inherit this single level */ if(device_p->rsbac_dir_inode == parent_tid.file.inode) value->internal = TRUE; else value->internal = FALSE; } else { value->internal = FALSE; } } else { value->internal = FALSE; } /* free access to device_list_head */ rsbac_read_unlock(&device_list_head.lock, &dflags); return 0; } rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.gen[gen_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_log_array_low: value->log_array_low = aci.log_array_low; break; case A_log_array_high: value->log_array_high = aci.log_array_high; break; case A_log_program_based: value->log_program_based = aci.log_program_based; break; case A_symlink_add_remote_ip: value->symlink_add_remote_ip = aci.symlink_add_remote_ip; break; case A_symlink_add_uid: value->symlink_add_uid = aci.symlink_add_uid; break; case A_symlink_add_mac_level: value->symlink_add_mac_level = aci.symlink_add_mac_level; break; case A_symlink_add_rc_role: value->symlink_add_rc_role = aci.symlink_add_rc_role; break; case A_linux_dac_disable: value->linux_dac_disable = aci.linux_dac_disable; if((value->linux_dac_disable == LDD_inherit) && inherit) { enum rsbac_target_t parent_target; union rsbac_target_id_t parent_tid; /* free access to device_list_head - see above */ rsbac_read_unlock(&device_list_head.lock, &dflags); /* inheritance possible? */ if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) { target = parent_target; *tid_p = parent_tid; continue; } else { value->linux_dac_disable = def_gen_root_dir_aci.linux_dac_disable; return 0; } } break; case A_fake_root_uid: value->fake_root_uid = aci.fake_root_uid; break; case A_auid_exempt: value->auid_exempt = aci.auid_exempt; break; default: err = -RSBAC_EINVALIDATTR; } } break; #if defined(CONFIG_RSBAC_MAC) case MAC: { struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.mac[mac_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_security_level: value->security_level = aci.sec_level; if((value->security_level == SL_inherit) && inherit) { enum rsbac_target_t parent_target; union rsbac_target_id_t parent_tid; /* free access to device_list_head - see above */ rsbac_read_unlock(&device_list_head.lock, &dflags); /* inheritance possible? */ if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) { target = parent_target; *tid_p = parent_tid; continue; } else { value->security_level = def_mac_root_dir_aci.sec_level; return 0; } } break; case A_mac_categories: value->mac_categories = aci.mac_categories; if( (value->mac_categories == RSBAC_MAC_INHERIT_CAT_VECTOR) && inherit ) { enum rsbac_target_t parent_target; union rsbac_target_id_t parent_tid; /* free access to device_list_head - see above */ rsbac_read_unlock(&device_list_head.lock, &dflags); /* inheritance possible? */ if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) { target = parent_target; *tid_p = parent_tid; continue; } else { value->mac_categories = def_mac_root_dir_aci.mac_categories; return 0; } } break; case A_mac_auto: value->mac_auto = aci.mac_auto; if( (value->mac_auto == MA_inherit) && inherit ) { enum rsbac_target_t parent_target; union rsbac_target_id_t parent_tid; /* free access to device_list_head - see above */ rsbac_read_unlock(&device_list_head.lock, &dflags); /* inheritance possible? */ if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) { target = parent_target; *tid_p = parent_tid; continue; } else { value->mac_auto = def_mac_root_dir_aci.mac_auto; return 0; } } break; case A_mac_prop_trusted: value->mac_prop_trusted = aci.mac_prop_trusted; break; case A_mac_file_flags: value->mac_file_flags = aci.mac_file_flags; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* MAC */ #if defined(CONFIG_RSBAC_PM) case PM: { struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.pm[pm_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_pm_object_class: value->pm_object_class = aci.pm_object_class; break; case A_pm_tp: value->pm_tp = aci.pm_tp; break; case A_pm_object_type: value->pm_object_type = aci.pm_object_type; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* PM */ #if defined(CONFIG_RSBAC_DAZ) case DAZ: { #if defined(CONFIG_RSBAC_DAZ_CACHE) if(attr == A_daz_scanned) { err = rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.dazs[daz_scanned_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &value->daz_scanned); } else #endif { struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.daz[daz_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_daz_scanner: value->daz_scanner = aci.daz_scanner; break; default: err = -RSBAC_EINVALIDATTR; } } } break; #endif /* DAZ */ #if defined(CONFIG_RSBAC_FF) case FF: { switch (attr) { case A_ff_flags: ff_tmp_flags = RSBAC_FF_DEF; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.ff[ff_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &ff_tmp_flags); ff_flags |= ff_tmp_flags & ff_mask; value->ff_flags = ff_flags; if((ff_tmp_flags & FF_add_inherited) && inherit) { /* inheritance possible? */ if(!rsbac_get_parent(target, *tid_p, &target, tid_p)) { /* free access to device_list_head - see above */ rsbac_read_unlock(&device_list_head.lock, &dflags); ff_mask &= ~(FF_no_delete_or_rename | FF_add_inherited); ff_flags &= ~(FF_add_inherited); continue; } else value->ff_flags &= ~(FF_add_inherited); } break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* FF */ #if defined(CONFIG_RSBAC_RC) case RC: { struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.rc[rc_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_rc_type_fd: value->rc_type_fd = aci.rc_type_fd; if(value->rc_type_fd == RC_type_inherit_parent && inherit) { enum rsbac_target_t parent_target; union rsbac_target_id_t parent_tid; /* free access to device_list_head - see above */ rsbac_read_unlock(&device_list_head.lock, &dflags); /* inheritance possible? */ if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) { target = parent_target; *tid_p = parent_tid; continue; } else { value->rc_type_fd = def_rc_root_dir_aci.rc_type_fd; return 0; } } break; case A_rc_force_role: value->rc_force_role = aci.rc_force_role; if(value->rc_force_role == RC_role_inherit_parent && inherit) { enum rsbac_target_t parent_target; union rsbac_target_id_t parent_tid; /* free access to device_list_head - see above */ rsbac_read_unlock(&device_list_head.lock, &dflags); /* inheritance possible? */ if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) { target = parent_target; *tid_p = parent_tid; continue; } else { value->rc_force_role = def_rc_root_dir_aci.rc_force_role; return 0; } } break; case A_rc_initial_role: value->rc_initial_role = aci.rc_initial_role; if(value->rc_initial_role == RC_role_inherit_parent && inherit) { enum rsbac_target_t parent_target; union rsbac_target_id_t parent_tid; /* free access to device_list_head - see above */ rsbac_read_unlock(&device_list_head.lock, &dflags); /* inheritance possible? */ if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid)) { target = parent_target; *tid_p = parent_tid; continue; } else { value->rc_initial_role = def_rc_root_dir_aci.rc_initial_role; return 0; } } break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* RC */ #if defined(CONFIG_RSBAC_AUTH) case AUTH: { struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.auth[auth_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_auth_may_setuid: value->auth_may_setuid = aci.auth_may_setuid; break; case A_auth_may_set_cap: value->auth_may_set_cap = aci.auth_may_set_cap; break; case A_auth_learn: value->auth_learn = aci.auth_learn; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* AUTH */ #if defined(CONFIG_RSBAC_CAP) case CAP: { struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.cap[cap_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_min_caps: value->min_caps = aci.min_caps; break; case A_max_caps: value->max_caps = aci.max_caps; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* CAP */ #if defined(CONFIG_RSBAC_RES) case RES: { struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.res[res_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_res_min: memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min)); break; case A_res_max: memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max)); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* RES */ #if defined(CONFIG_RSBAC_PAX) case PAX: { switch (attr) { case A_pax_flags: value->pax_flags = RSBAC_PAX_DEF_FLAGS; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.pax[pax_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &value->pax_flags); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* PAX */ default: err = -RSBAC_EINVALIDMODULE; } /* free access to device_list_head */ rsbac_read_unlock(&device_list_head.lock, &dflags); /* and return */ return err; } /* end of for(;;) loop for inheritance */ }

static int get_attr_ipc (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, union rsbac_target_id_t *  tid_p, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t *  value, rsbac_boolean_t  inherit )  [static]

Definition at line 10639 of file aci_data_structures.c. References A_jail_id, A_mac_categories, A_pm_ipc_purpose, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, rsbac_target_id_t::ipc, ipc_handles, JAIL, rsbac_attribute_value_t::jail_id, MAC, rsbac_attribute_value_t::mac_categories, NULL, PM, rsbac_attribute_value_t::pm_ipc_purpose, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, RC, rsbac_attribute_value_t::rc_type, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_JAIL_DEF_ID, RSBAC_RC_GENERAL_TYPE, rsbac_ta_list_get_data_ttl(), and rsbac_attribute_value_t::security_level. Referenced by rsbac_ta_get_attr(). { int err = 0; /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_get_attr(): Getting ipc attribute\n"); #endif */ /* lookup only, if not sock or (sock-id != NULL), OK with NULL fifo */ switch(module) { #if defined(CONFIG_RSBAC_MAC) case MAC: { struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI; rsbac_ta_list_get_data_ttl(ta_number, ipc_handles.mac, NULL, &tid_p->ipc, &aci); switch (attr) { case A_security_level: value->security_level = aci.sec_level; break; case A_mac_categories: value->mac_categories = aci.mac_categories; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* MAC */ #if defined(CONFIG_RSBAC_PM) case PM: { struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI; rsbac_ta_list_get_data_ttl(ta_number, ipc_handles.pm, NULL, &tid_p->ipc, &aci); switch (attr) { case A_pm_object_class: value->pm_object_class = aci.pm_object_class; break; case A_pm_ipc_purpose: value->pm_ipc_purpose = aci.pm_ipc_purpose; break; case A_pm_object_type: value->pm_object_type = aci.pm_object_type; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* PM */ #if defined(CONFIG_RSBAC_RC) case RC: { rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE; rsbac_ta_list_get_data_ttl(ta_number, ipc_handles.rc, NULL, &tid_p->ipc, &type); switch (attr) { case A_rc_type: value->rc_type = type; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* RC */ #if defined(CONFIG_RSBAC_JAIL) case JAIL: { rsbac_jail_id_t id = RSBAC_JAIL_DEF_ID; rsbac_ta_list_get_data_ttl(ta_number, ipc_handles.jail, NULL, &tid_p->ipc, &id); switch (attr) { case A_jail_id: value->jail_id = id; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* JAIL */ default: err = -RSBAC_EINVALIDMODULE; } /* and return */ return err; }

static int get_attr_process (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, union rsbac_target_id_t *  tid_p, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t *  value, rsbac_boolean_t  inherit )  [static]

Definition at line 11098 of file aci_data_structures.c. References A_audit_uid, A_auid_exempt, A_auth_last_auth, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_process_hiding, A_current_sec_level, A_daz_scanner, A_fake_root_uid, A_initial_security_level, A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_scd_get, A_jail_scd_modify, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_curr_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_process_flags, A_max_caps_program, A_max_caps_user, A_max_read_categories, A_max_read_open, A_min_security_level, A_min_write_categories, A_min_write_open, A_pax_flags, A_pm_current_task, A_pm_process_type, A_pm_tp, A_rc_force_role, A_rc_role, A_rc_type, A_remote_ip, A_security_level, rsbac_gen_process_aci_t::audit_uid, rsbac_attribute_value_t::audit_uid, rsbac_gen_process_aci_t::auid_exempt, rsbac_attribute_value_t::auid_exempt, AUTH, rsbac_attribute_value_t::auth_last_auth, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, CAP, rsbac_attribute_value_t::cap_process_hiding, rsbac_attribute_value_t::current_sec_level, DAZ, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_P_ACI, rsbac_gen_process_aci_t::fake_root_uid, rsbac_attribute_value_t::fake_root_uid, FALSE, GEN, gen_p_hash(), JAIL, rsbac_attribute_value_t::jail_flags, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::jail_ip, rsbac_attribute_value_t::jail_max_caps, rsbac_attribute_value_t::jail_scd_get, rsbac_attribute_value_t::jail_scd_modify, rsbac_gen_process_aci_t::log_program_based, rsbac_attribute_value_t::log_program_based, MAC, rsbac_attribute_value_t::mac_auto, MAC_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_process_flags, rsbac_attribute_value_t::max_caps_program, rsbac_attribute_value_t::max_caps_user, rsbac_attribute_value_t::max_read_open, rsbac_attribute_value_t::min_write_open, NULL, PAX, rsbac_attribute_value_t::pax_flags, PM, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_process_type, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, process_handles, RC, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_role, rsbac_attribute_value_t::rc_type, rsbac_gen_process_aci_t::remote_ip, rsbac_attribute_value_t::remote_ip, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_PAX_ALL_FLAGS, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, and TRUE. Referenced by rsbac_ta_get_attr(). { int err = 0; /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n", "rsbac_get_attr(): Getting process attribute"); #endif */ switch(module) { case GEN: { struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.gen[gen_p_hash(tid_p->process)], NULL, &tid_p->process, &aci); switch (attr) { case A_log_program_based: value->log_program_based = aci.log_program_based; break; case A_fake_root_uid: value->fake_root_uid = aci.fake_root_uid; break; case A_audit_uid: value->audit_uid = aci.audit_uid; break; case A_auid_exempt: value->auid_exempt = aci.auid_exempt; break; case A_remote_ip: value->remote_ip = aci.remote_ip; break; default: err = -RSBAC_EINVALIDATTR; } } break; #if defined(CONFIG_RSBAC_MAC) case MAC: { struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.mac[mac_p_hash(tid_p->process)], NULL, &tid_p->process, &aci); switch (attr) { case A_security_level: value->security_level = aci.owner_sec_level; break; case A_initial_security_level: value->security_level = aci.owner_initial_sec_level; break; case A_min_security_level: value->security_level = aci.owner_min_sec_level; break; case A_mac_categories: value->mac_categories = aci.mac_owner_categories; break; case A_mac_initial_categories: value->mac_categories = aci.mac_owner_initial_categories; break; case A_mac_min_categories: value->mac_categories = aci.mac_owner_min_categories; break; case A_current_sec_level: value->current_sec_level = aci.current_sec_level; break; case A_mac_curr_categories: value->mac_categories = aci.mac_curr_categories; break; case A_min_write_open: value->min_write_open = aci.min_write_open; break; case A_min_write_categories: value->mac_categories = aci.min_write_categories; break; case A_max_read_open: value->max_read_open = aci.max_read_open; break; case A_max_read_categories: value->mac_categories = aci.max_read_categories; break; case A_mac_process_flags: value->mac_process_flags = aci.mac_process_flags; break; case A_mac_auto: if(aci.mac_process_flags & MAC_auto) value->mac_auto = TRUE; else value->mac_auto = FALSE; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* MAC */ #if defined(CONFIG_RSBAC_PM) case PM: { struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.pm, NULL, &tid_p->process, &aci); switch (attr) { case A_pm_tp: value->pm_tp = aci.pm_tp; break; case A_pm_current_task: value->pm_current_task = aci.pm_current_task; break; case A_pm_process_type: value->pm_process_type = aci.pm_process_type; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* PM */ #if defined(CONFIG_RSBAC_DAZ) case DAZ: { struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.daz, NULL, &tid_p->process, &aci); switch (attr) { case A_daz_scanner: value->daz_scanner = aci.daz_scanner; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* DAZ */ #if defined(CONFIG_RSBAC_RC) case RC: { struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.rc[rc_p_hash(tid_p->process)], NULL, &tid_p->process, &aci); switch (attr) { case A_rc_role: value->rc_role = aci.rc_role; break; case A_rc_type: value->rc_type = aci.rc_type; break; case A_rc_force_role: value->rc_force_role = aci.rc_force_role; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* RC */ #if defined(CONFIG_RSBAC_AUTH) case AUTH: { struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.auth, NULL, &tid_p->process, &aci); switch (attr) { case A_auth_may_setuid: value->auth_may_setuid = aci.auth_may_setuid; break; case A_auth_may_set_cap: value->auth_may_set_cap = aci.auth_may_set_cap; break; #if defined(CONFIG_RSBAC_AUTH_LEARN) case A_auth_program_file: value->auth_program_file = aci.auth_program_file; break; case A_auth_start_uid: value->auth_start_uid = aci.auth_start_uid; break; #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER case A_auth_start_euid: value->auth_start_euid = aci.auth_start_euid; break; #endif #ifdef CONFIG_RSBAC_AUTH_GROUP case A_auth_start_gid: value->auth_start_gid = aci.auth_start_gid; break; #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP case A_auth_start_egid: value->auth_start_egid = aci.auth_start_egid; break; #endif #endif case A_auth_learn: value->auth_learn = aci.auth_learn; break; #else case A_auth_learn: value->auth_learn = FALSE; break; #endif case A_auth_last_auth: value->auth_last_auth = aci.auth_last_auth; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* AUTH */ #if defined(CONFIG_RSBAC_CAP) case CAP: { struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.cap, NULL, &tid_p->process, &aci); switch (attr) { case A_cap_process_hiding: value->cap_process_hiding = aci.cap_process_hiding; break; #ifdef CONFIG_RSBAC_CAP_LOG_MISSING case A_max_caps_user: value->max_caps_user = aci.max_caps_user; break; case A_max_caps_program: value->max_caps_program = aci.max_caps_program; break; #endif default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* CAP */ #if defined(CONFIG_RSBAC_JAIL) case JAIL: { struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.jail[jail_p_hash(tid_p->process)], NULL, &tid_p->process, &aci); switch (attr) { case A_jail_id: value->jail_id = aci.id; break; case A_jail_ip: value->jail_ip = aci.ip; break; case A_jail_flags: value->jail_flags = aci.flags; break; case A_jail_max_caps: value->jail_max_caps = aci.max_caps; break; case A_jail_scd_get: value->jail_scd_get = aci.scd_get; break; case A_jail_scd_modify: value->jail_scd_modify = aci.scd_modify; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* JAIL */ #if defined(CONFIG_RSBAC_PAX) case PAX: { struct task_struct * task_p; switch (attr) { case A_pax_flags: read_lock(&tasklist_lock); task_p = find_task_by_pid(tid_p->process); if(task_p) { #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10) #if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) if(task_p->mm) value->pax_flags = task_p->mm->flags & RSBAC_PAX_ALL_FLAGS; else #endif value->pax_flags = 0; #else value->pax_flags = task_p->flags & RSBAC_PAX_ALL_FLAGS; #endif } else err = -RSBAC_EINVALIDTARGET; read_unlock(&tasklist_lock); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* PAX */ default: err = -RSBAC_EINVALIDMODULE; } return err; }

static int get_attr_user (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, union rsbac_target_id_t *  tid_p, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t *  value, rsbac_boolean_t  inherit )  [static]

Definition at line 10766 of file aci_data_structures.c. References A_auth_role, A_cap_role, A_daz_role, A_ff_role, A_initial_security_level, A_jail_role, A_log_user_based, A_mac_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_role, A_mac_user_flags, A_max_caps, A_min_caps, A_min_security_level, A_pax_role, A_pm_role, A_pm_task_set, A_pseudo, A_rc_def_role, A_rc_type, A_res_max, A_res_min, A_res_role, A_security_level, A_system_role, AUTH, CAP, DAZ, DEFAULT_GEN_U_ACI, FF, GEN, JAIL, rsbac_gen_user_aci_t::log_user_based, rsbac_attribute_value_t::log_user_based, MAC, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_user_flags, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, PAX, PM, rsbac_attribute_value_t::pm_role, rsbac_attribute_value_t::pm_task_set, rsbac_gen_user_aci_t::pseudo, rsbac_attribute_value_t::pseudo, RC, rsbac_attribute_value_t::rc_def_role, rsbac_attribute_value_t::rc_type, RES, rsbac_attribute_value_t::res_array, RSBAC_ALL_USERS, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SR_user, rsbac_attribute_value_t::system_role, rsbac_target_id_t::user, and user_handles. Referenced by rsbac_ta_get_attr(). { int err = 0; /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_get_attr(): Getting user attribute\n"); #endif */ switch(module) { case GEN: { struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI; rsbac_ta_list_get_data_ttl(ta_number, user_handles.gen, NULL, &tid_p->user, &aci); switch (attr) { case A_pseudo: value->pseudo = aci.pseudo; break; case A_log_user_based: value->log_user_based = aci.log_user_based; break; default: err = -RSBAC_EINVALIDATTR; } } break; #if defined(CONFIG_RSBAC_MAC) case MAC: { struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI; rsbac_ta_list_get_data_ttl(ta_number, user_handles.mac, NULL, &tid_p->user, &aci); switch (attr) { case A_security_level: value->security_level = aci.security_level; break; case A_initial_security_level: value->security_level = aci.initial_security_level; break; case A_min_security_level: value->security_level = aci.min_security_level; break; case A_mac_categories: value->mac_categories = aci.mac_categories; break; case A_mac_initial_categories: value->mac_categories = aci.mac_initial_categories; break; case A_mac_min_categories: value->mac_categories = aci.mac_min_categories; break; case A_system_role: case A_mac_role: value->system_role = aci.system_role; break; case A_mac_user_flags: value->mac_user_flags = aci.mac_user_flags; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* MAC */ #if defined(CONFIG_RSBAC_PM) case PM: { struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI; rsbac_ta_list_get_data_ttl(ta_number, user_handles.pm, NULL, &tid_p->user, &aci); switch (attr) { case A_pm_task_set: value->pm_task_set = aci.pm_task_set; break; case A_pm_role: value->pm_role = aci.pm_role; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* PM */ #if defined(CONFIG_RSBAC_DAZ) case DAZ: { rsbac_system_role_int_t role = SR_user; rsbac_ta_list_get_data_ttl(ta_number, user_handles.daz, NULL, &tid_p->user, &role); switch (attr) { case A_system_role: case A_daz_role: value->system_role = role; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* DAZ */ #if defined(CONFIG_RSBAC_FF) case FF: { rsbac_system_role_int_t role = SR_user; rsbac_ta_list_get_data_ttl(ta_number, user_handles.ff, NULL, &tid_p->user, &role); switch (attr) { case A_system_role: case A_ff_role: value->system_role = role; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* FF */ #if defined(CONFIG_RSBAC_RC) case RC: { struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI; rsbac_ta_list_get_data_ttl(ta_number, user_handles.rc, NULL, &tid_p->user, &aci); switch (attr) { case A_rc_def_role: value->rc_def_role = aci.rc_role; break; case A_rc_type: value->rc_type = aci.rc_type; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* RC */ #if defined(CONFIG_RSBAC_AUTH) case AUTH: { rsbac_system_role_int_t role = SR_user; rsbac_ta_list_get_data_ttl(ta_number, user_handles.auth, NULL, &tid_p->user, &role); switch (attr) { case A_system_role: case A_auth_role: value->system_role = role; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* AUTH */ #if defined(CONFIG_RSBAC_CAP) case CAP: { struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI; rsbac_ta_list_get_data_ttl(ta_number, user_handles.cap, NULL, &tid_p->user, &aci); switch (attr) { case A_system_role: case A_cap_role: value->system_role = aci.cap_role; break; case A_min_caps: value->min_caps = aci.min_caps; break; case A_max_caps: value->max_caps = aci.max_caps; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* CAP */ #if defined(CONFIG_RSBAC_JAIL) case JAIL: { rsbac_system_role_int_t role = SR_user; rsbac_ta_list_get_data_ttl(ta_number, user_handles.jail, NULL, &tid_p->user, &role); switch (attr) { case A_system_role: case A_jail_role: value->system_role = role; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* JAIL */ #if defined(CONFIG_RSBAC_RES) case RES: { struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI; if( rsbac_ta_list_get_data_ttl(ta_number, user_handles.res, NULL, &tid_p->user, &aci) && (tid_p->user != RSBAC_ALL_USERS) ) { tid_p->user = RSBAC_ALL_USERS; rsbac_ta_list_get_data_ttl(ta_number, user_handles.res, NULL, &tid_p->user, &aci); } switch (attr) { case A_system_role: case A_res_role: value->system_role = aci.res_role; break; case A_res_min: memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min)); break; case A_res_max: memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max)); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* RES */ #if defined(CONFIG_RSBAC_PAX) case PAX: { rsbac_system_role_int_t role = SR_user; rsbac_ta_list_get_data_ttl(ta_number, user_handles.pax, NULL, &tid_p->user, &role); switch (attr) { case A_system_role: case A_pax_role: value->system_role = role; break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* PAX */ default: err = -RSBAC_EINVALIDMODULE; } /* and return */ return err; }

static int ipc_compare (  void *  desc1, void *  desc2 )  [static]

Definition at line 657 of file aci_data_structures.c. References rsbac_ipc_t::id, rsbac_ipc_id_t::id_nr, and rsbac_ipc_t::type. Referenced by register_ipc_lists(). { int result; struct rsbac_ipc_t * i_desc1 = desc1; struct rsbac_ipc_t * i_desc2 = desc2; result = memcmp(&i_desc1->type, &i_desc2->type, sizeof(i_desc1->type)); if(result) return result; else return memcmp(&i_desc1->id.id_nr, &i_desc2->id.id_nr, sizeof(i_desc1->id.id_nr)); }

static int lookup_aci_path_dentry (  struct super_block *  sb_p, struct dentry **  dir_dentry_pp, rsbac_boolean_t  create_dir, kdev_t  kdev )  [static]

Definition at line 353 of file aci_data_structures.c. References device_list_head, lookup_device(), NULL, RSBAC_EACCESS, RSBAC_ECOULDNOTCREATEPATH, RSBAC_EINVALIDDEV, RSBAC_EINVALIDPOINTER, RSBAC_ENOROOTDIR, RSBAC_ENOTFOUND, RSBAC_ENOTWRITABLE, RSBAC_EPATHTOOLONG, rsbac_get_super_block(), rsbac_lookup_one_len(), rsbac_printk(), SOCKFS_MAGIC, and writable(). Referenced by rsbac_read_open(), and rsbac_write_open(). { struct dentry * dir_dentry_p = NULL; struct dentry * root_dentry_p = NULL; int err=0; struct rsbac_device_list_item_t * device_p; u_long dflags; if(!dir_dentry_pp) return(-RSBAC_EINVALIDPOINTER); if(!sb_p) { sb_p = rsbac_get_super_block(kdev); if (!sb_p) { rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): invalid device %02u:%02u\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); return (-RSBAC_EINVALIDDEV); } } /* pipefs must not be read from */ if( (sb_p->s_magic == PIPEFS_MAGIC) || (sb_p->s_magic == SOCKFS_MAGIC) ) { return -RSBAC_ENOTFOUND; } rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(kdev); if(!device_p) { rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): No entry for device %02u:%02u\n", MAJOR(kdev), MINOR(kdev)); rsbac_read_unlock(&device_list_head.lock, &dflags); return(-RSBAC_EINVALIDDEV); } /* already looked up earlier? */ if(device_p->rsbac_dir_dentry_p) { *dir_dentry_pp = device_p->rsbac_dir_dentry_p; #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "lookup_aci_path_dentry(): device_p->rsbac_dir_dentry_p->d_count for device %02u:%02u is %i!\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), atomic_read(&device_p->rsbac_dir_dentry_p->d_count)); } #endif rsbac_read_unlock(&device_list_head.lock, &dflags); return(0); } /* Must unlock here for the lookup */ rsbac_read_unlock(&device_list_head.lock, &dflags); #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "lookup_aci_path_dentry(): first time lookup for or non-existing %s on device %02u:%02u!\n", RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); } #endif if (!sb_p->s_root) { rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); err = -RSBAC_EINVALIDDEV; goto out; } if (!sb_p->s_root->d_inode) { rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); err = -RSBAC_EINVALIDDEV; goto out; } /* lookup dentry of ACI_PATH on this device */ #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "lookup_aci_path_dentry(): lookup rsbac path %s for device %02u:%02u, sb_p->s_root->d_count is %i!\n", RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), atomic_read(&sb_p->s_root->d_count)); } #endif dir_dentry_p = rsbac_lookup_one_len(RSBAC_ACI_PATH, sb_p->s_root, strlen(RSBAC_ACI_PATH)); if(IS_ERR(dir_dentry_p)) switch(PTR_ERR(dir_dentry_p)) { case -ENOENT: case -ENOTDIR: err = -RSBAC_ENOTFOUND; goto out; case -ENOMEM: rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): memory allocation error!\n"); err = -RSBAC_ENOROOTDIR; goto out; case -ENAMETOOLONG: rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n"); err = -RSBAC_EPATHTOOLONG; goto out; case -EACCES: rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): No access to ACI_PATH!\n"); err = -RSBAC_EACCESS; goto out; default: rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): Error on root dir: %li!\n", PTR_ERR(dir_dentry_p)); err = -RSBAC_ENOROOTDIR; goto out; } if (!dir_dentry_p) { rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n"); err = -RSBAC_EINVALIDPOINTER; goto out; } if (!dir_dentry_p->d_inode) { /* dir could not be found -> try to create it */ /* but only, if allowed... */ if (!create_dir) { err = -RSBAC_ENOTFOUND; goto out_dir_dput; } #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "lookup_aci_path_dentry(): try to create dir, first test writable!\n"); } #endif /* ... and writable. */ if (!writable(sb_p)) { /* mounted read only or special case */ err = -RSBAC_ENOTWRITABLE; goto out_dir_dput; } root_dentry_p = lock_parent(dir_dentry_p); err = PTR_ERR(root_dentry_p); if ( IS_ERR(root_dentry_p)) { err = -RSBAC_ECOULDNOTCREATEPATH; goto out_dir_dput; } if ( !root_dentry_p->d_inode || !root_dentry_p->d_inode->i_op || !root_dentry_p->d_inode->i_op->mkdir) { unlock_dir(root_dentry_p); err = -RSBAC_ECOULDNOTCREATEPATH; goto out_dir_dput; } DQUOT_INIT(root_dentry_p->d_inode); err = root_dentry_p->d_inode->i_op->mkdir(root_dentry_p->d_inode, dir_dentry_p, RSBAC_ACI_DIR_MODE); unlock_dir(root_dentry_p); if (err) { err = -RSBAC_ECOULDNOTCREATEPATH; goto out_dir_dput; } } else /* was found */ { /* check, whether this is a dir */ if(!S_ISDIR(dir_dentry_p->d_inode->i_mode)) { /* no dir! We have a real prob here! */ rsbac_printk(KERN_WARNING "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n", RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); err = -RSBAC_EACCESS; goto out_dir_dput; } } #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "lookup_aci_path_dentry(): dir_dentry_p->d_count is %i!\n", atomic_read(&dir_dentry_p->d_count)); rsbac_printk(KERN_DEBUG "lookup_aci_path_dentry(): sb_p->s_root->d_count is now %i!\n", atomic_read(&sb_p->s_root->d_count)); } #endif /* we want to keep dir_dentry_p in device_item */ /* dput must be done in remove_device_item! */ *dir_dentry_pp = dir_dentry_p; /* Must lock and relookup device_p to cache result */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(kdev); if(device_p && !device_p->rsbac_dir_dentry_p) { device_p->rsbac_dir_dentry_p = dir_dentry_p; device_p->rsbac_dir_inode = dir_dentry_p->d_inode->i_ino; } rsbac_read_unlock(&device_list_head.lock, &dflags); out: return (err); out_dir_dput: dput(dir_dentry_p); goto out; }

static struct rsbac_device_list_item_t * lookup_device (  kdev_t   )  [static]

Definition at line 593 of file aci_data_structures.c. References device_list_head. Referenced by get_attr_fd(), lookup_aci_path_dentry(), remove_device_item(), rsbac_auth_add_to_f_capset(), rsbac_auth_clear_f_capset(), rsbac_auth_copy_fp_capset(), rsbac_auth_get_f_caplist(), rsbac_auth_p_capset_member(), rsbac_auth_remove_from_f_capset(), rsbac_get_full_path(), rsbac_get_full_path_length(), rsbac_get_parent(), rsbac_get_super_block(), rsbac_mac_add_to_f_truset(), rsbac_mac_clear_f_truset(), rsbac_mac_copy_fp_truset(), rsbac_mac_get_f_trulist(), rsbac_mac_remove_from_f_truset(), rsbac_mount(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_ta_remove_target(), rsbac_umount(), rsbac_umount_auth(), rsbac_umount_mac(), and set_attr_fd(). { struct rsbac_device_list_item_t * curr = device_list_head.curr; /* if there is no current item or it is not the right one, search... */ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) if(! (curr && (MAJOR(curr->id) == MAJOR(kdev)) && (MINOR(curr->id) == MINOR(kdev)) ) ) #else if(! (curr && (curr->id == kdev) ) ) #endif { curr = device_list_head.head; while ( curr && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev)) || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev)) ) ) { curr = curr->next; } if (curr) device_list_head.curr=curr; } /* it is the current item -> return it */ return (curr); }

static int __init register_dev_lists (  void   )  [static]

Definition at line 5503 of file aci_data_structures.c. References DEFAULT_GEN_DEV_ACI, dev_compare(), dev_handles, dev_major_compare(), dev_major_handles, gen_dev_get_conv(), RC_type_inherit_parent, registration_error(), RSBAC_GEN_ACI_DEV_NAME, RSBAC_GEN_DEV_ACI_KEY, RSBAC_GEN_DEV_ACI_VERSION, RSBAC_LIST_BACKUP, RSBAC_LIST_DEF_DATA, RSBAC_LIST_PERSIST, rsbac_list_register(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_DEV_NAME, RSBAC_PM_ACI_DEV_NAME, rsbac_printk(), RSBAC_RC_ACI_DEV_MAJOR_NAME, RSBAC_RC_ACI_DEV_NAME, and RSBAC_RC_GENERAL_TYPE. Referenced by rsbac_do_init(). { int err = 0; struct rsbac_list_info_t * list_info_p; list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); if(!list_info_p) { return -ENOMEM; } #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering DEV lists\n"); } #endif { struct rsbac_gen_dev_aci_t def_aci = DEFAULT_GEN_DEV_ACI; list_info_p->version = RSBAC_GEN_DEV_ACI_VERSION; list_info_p->key = RSBAC_GEN_DEV_ACI_KEY; list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); list_info_p->data_size = sizeof(struct rsbac_gen_dev_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &dev_handles.gen, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, dev_compare, gen_dev_get_conv, &def_aci, RSBAC_GEN_ACI_DEV_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "DEV General"); } } #if defined(CONFIG_RSBAC_MAC) { struct rsbac_mac_dev_aci_t def_aci = DEFAULT_MAC_DEV_ACI; list_info_p->version = RSBAC_MAC_DEV_ACI_VERSION; list_info_p->key = RSBAC_MAC_DEV_ACI_KEY; list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); list_info_p->data_size = sizeof(struct rsbac_mac_dev_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &dev_handles.mac, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, dev_compare, mac_dev_get_conv, &def_aci, RSBAC_MAC_ACI_DEV_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "DEV MAC"); } } #endif #if defined(CONFIG_RSBAC_PM) { struct rsbac_pm_dev_aci_t def_aci = DEFAULT_PM_DEV_ACI; list_info_p->version = RSBAC_PM_DEV_ACI_VERSION; list_info_p->key = RSBAC_PM_DEV_ACI_KEY; list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); list_info_p->data_size = sizeof(struct rsbac_pm_dev_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &dev_handles.pm, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, dev_compare, pm_dev_get_conv, &def_aci, RSBAC_PM_ACI_DEV_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "DEV PM"); } } #endif #if defined(CONFIG_RSBAC_RC) { rsbac_rc_type_id_t def_major_aci = RSBAC_RC_GENERAL_TYPE; rsbac_rc_type_id_t def_aci = RC_type_inherit_parent; list_info_p->version = RSBAC_RC_DEV_ACI_VERSION; list_info_p->key = RSBAC_RC_DEV_ACI_KEY; list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); list_info_p->data_size = sizeof(rsbac_rc_type_id_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &dev_major_handles.rc, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, dev_major_compare, rc_dev_get_conv, &def_major_aci, RSBAC_RC_ACI_DEV_MAJOR_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "DEV major RC"); } list_info_p->version = RSBAC_RC_DEV_ACI_VERSION; list_info_p->key = RSBAC_RC_DEV_ACI_KEY; list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); list_info_p->data_size = sizeof(rsbac_rc_type_id_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &dev_handles.rc, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, dev_compare, rc_dev_get_conv, &def_aci, RSBAC_RC_ACI_DEV_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "DEV RC"); } } #endif return err; }

static int register_fd_lists (  struct rsbac_device_list_item_t *  device_p, kdev_t  kdev )  [static]

Definition at line 1105 of file aci_data_structures.c. References DEFAULT_DAZ_FD_SCANNED, gen_fd_get_conv(), get_error_name(), name, NULL, PF_PAX_EMUTRAMP, PF_PAX_MPROTECT, PF_PAX_PAGEEXEC, PF_PAX_RANDEXEC, PF_PAX_RANDMMAP, PF_PAX_SEGMEXEC, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_FF_DEF, RSBAC_GEN_FD_ACI_KEY, RSBAC_GEN_FD_ACI_VERSION, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_compare_u32(), RSBAC_LIST_DEF_DATA, RSBAC_LIST_PERSIST, rsbac_list_register(), RSBAC_LIST_VERSION, RSBAC_MAXNAMELEN, RSBAC_PAX_DEF_FLAGS, and rsbac_printk(). Referenced by rsbac_do_init(), and rsbac_mount(). { char * name; int err = 0; int tmperr; u_int file_no; struct rsbac_list_info_t * info_p; if(!device_p) return(-RSBAC_EINVALIDPOINTER); name = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(!name) return -RSBAC_ENOMEM; info_p = rsbac_kmalloc(sizeof(*info_p)); if(!info_p) { rsbac_kfree(name); return -RSBAC_ENOMEM; } /* register general lists */ { for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++) { /* construct name from base name + number */ sprintf(name, "%s%u", RSBAC_GEN_FD_NAME, file_no); info_p->version = RSBAC_GEN_FD_ACI_VERSION; info_p->key = RSBAC_GEN_FD_ACI_KEY; info_p->desc_size = sizeof(rsbac_inode_nr_t); info_p->data_size = sizeof(struct rsbac_gen_fd_aci_t); info_p->max_age = 0; tmperr = rsbac_list_register(RSBAC_LIST_VERSION, &(device_p->handles.gen[file_no]), info_p, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, gen_fd_get_conv, &def_gen_fd_aci, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "register_fd_lists(): registering general list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } } #if defined(CONFIG_RSBAC_MAC) { /* register MAC lists */ for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++) { /* construct name from base name + number */ sprintf(name, "%s%u", RSBAC_MAC_FD_NAME, file_no); info_p->version = RSBAC_MAC_FD_ACI_VERSION; info_p->key = RSBAC_MAC_FD_ACI_KEY; info_p->desc_size = sizeof(rsbac_inode_nr_t); info_p->data_size = sizeof(struct rsbac_mac_fd_aci_t); info_p->max_age = 0; tmperr = rsbac_list_register(RSBAC_LIST_VERSION, &(device_p->handles.mac[file_no]), info_p, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, mac_fd_get_conv, &def_mac_fd_aci, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "register_fd_lists(): registering MAC list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } } #endif #if defined(CONFIG_RSBAC_PM) { /* register PM lists */ for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++) { /* construct name from base name + number */ sprintf(name, "%s%u", RSBAC_PM_FD_NAME, file_no); info_p->version = RSBAC_PM_FD_ACI_VERSION; info_p->key = RSBAC_PM_FD_ACI_KEY; info_p->desc_size = sizeof(rsbac_inode_nr_t); info_p->data_size = sizeof(struct rsbac_pm_fd_aci_t); info_p->max_age = 0; tmperr = rsbac_list_register(RSBAC_LIST_VERSION, &(device_p->handles.pm[file_no]), info_p, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_pm_fd_aci, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "register_fd_lists(): registering PM list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } } #endif #if defined(CONFIG_RSBAC_DAZ) { struct rsbac_daz_fd_aci_t def_daz_fd_aci = DEFAULT_DAZ_FD_ACI; /* register DAZ lists */ for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++) { /* construct name from base name + number */ sprintf(name, "%s%u", RSBAC_DAZ_FD_NAME, file_no); info_p->version = RSBAC_DAZ_FD_ACI_VERSION; info_p->key = RSBAC_DAZ_FD_ACI_KEY; info_p->desc_size = sizeof(rsbac_inode_nr_t); info_p->data_size = sizeof(struct rsbac_daz_fd_aci_t); info_p->max_age = 0; tmperr = rsbac_list_register(RSBAC_LIST_VERSION, &(device_p->handles.daz[file_no]), info_p, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_daz_fd_aci, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "register_fd_lists(): registering DAZ list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } } #if defined(CONFIG_RSBAC_DAZ_CACHE) { rsbac_daz_scanned_t def_daz_scanned_fd_aci = DEFAULT_DAZ_FD_SCANNED; /* register DAZ scanned lists */ for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++) { /* construct name from base name + number */ sprintf(name, "%s%u", RSBAC_DAZ_SCANNED_FD_NAME, file_no); info_p->version = RSBAC_DAZ_SCANNED_FD_ACI_VERSION; info_p->key = RSBAC_DAZ_FD_ACI_KEY; info_p->desc_size = sizeof(rsbac_inode_nr_t); info_p->data_size = sizeof(rsbac_daz_scanned_t); info_p->max_age = 0; tmperr = rsbac_list_register(RSBAC_LIST_VERSION, &(device_p->handles.dazs[file_no]), info_p, #ifdef CONFIG_RSBAC_DAZ_PERSIST RSBAC_LIST_PERSIST | #endif RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_daz_scanned_fd_aci, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "register_fd_lists(): registering DAZ scanned list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } } #endif #endif #if defined(CONFIG_RSBAC_FF) { rsbac_ff_flags_t def_ff_fd_aci = RSBAC_FF_DEF; /* register FF lists */ for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++) { /* construct name from base name + number */ sprintf(name, "%s%u", RSBAC_FF_FD_NAME, file_no); info_p->version = RSBAC_FF_FD_ACI_VERSION; info_p->key = RSBAC_FF_FD_ACI_KEY; info_p->desc_size = sizeof(rsbac_inode_nr_t); info_p->data_size = sizeof(rsbac_ff_flags_t); info_p->max_age = 0; tmperr = rsbac_list_register(RSBAC_LIST_VERSION, &(device_p->handles.ff[file_no]), info_p, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_ff_fd_aci, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "register_fd_lists(): registering FF list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } } #endif #if defined(CONFIG_RSBAC_RC) { /* register RC lists */ for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++) { /* construct name from base name + number */ sprintf(name, "%s%u", RSBAC_RC_FD_NAME, file_no); info_p->version = RSBAC_RC_FD_ACI_VERSION; info_p->key = RSBAC_RC_FD_ACI_KEY; info_p->desc_size = sizeof(rsbac_inode_nr_t); info_p->data_size = sizeof(struct rsbac_rc_fd_aci_t); info_p->max_age = 0; tmperr = rsbac_list_register(RSBAC_LIST_VERSION, &(device_p->handles.rc[file_no]), info_p, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_rc_fd_aci, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "register_fd_lists(): registering RC list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } } #endif #if defined(CONFIG_RSBAC_AUTH) { struct rsbac_auth_fd_aci_t def_auth_fd_aci = DEFAULT_AUTH_FD_ACI; /* register AUTH lists */ for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++) { /* construct name from base name + number */ sprintf(name, "%s%u", RSBAC_AUTH_FD_NAME, file_no); info_p->version = RSBAC_AUTH_FD_ACI_VERSION; info_p->key = RSBAC_AUTH_FD_ACI_KEY; info_p->desc_size = sizeof(rsbac_inode_nr_t); info_p->data_size = sizeof(struct rsbac_auth_fd_aci_t); info_p->max_age = 0; tmperr = rsbac_list_register(RSBAC_LIST_VERSION, &(device_p->handles.auth[file_no]), info_p, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, auth_fd_get_conv, &def_auth_fd_aci, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "register_fd_lists(): registering AUTH list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } } #endif #if defined(CONFIG_RSBAC_CAP) { struct rsbac_cap_fd_aci_t def_cap_fd_aci = DEFAULT_CAP_FD_ACI; /* register CAP lists */ for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++) { /* construct name from base name + number */ sprintf(name, "%s%u", RSBAC_CAP_FD_NAME, file_no); info_p->version = RSBAC_CAP_FD_ACI_VERSION; info_p->key = RSBAC_CAP_FD_ACI_KEY; info_p->desc_size = sizeof(rsbac_inode_nr_t); info_p->data_size = sizeof(struct rsbac_cap_fd_aci_t); info_p->max_age = 0; tmperr = rsbac_list_register(RSBAC_LIST_VERSION, &(device_p->handles.cap[file_no]), info_p, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_cap_fd_aci, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "register_fd_lists(): registering CAP list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } } #endif #if defined(CONFIG_RSBAC_PAX) { rsbac_pax_flags_t def_pax_fd_aci; #ifdef CONFIG_RSBAC_PAX_DEFAULT def_pax_fd_aci = 0; #ifdef CONFIG_RSBAC_PAX_PAGEEXEC def_pax_fd_aci |= PF_PAX_PAGEEXEC; #endif #ifdef CONFIG_RSBAC_PAX_EMUTRAMP def_pax_fd_aci |= PF_PAX_EMUTRAMP; #endif #ifdef CONFIG_RSBAC_PAX_MPROTECT def_pax_fd_aci |= PF_PAX_MPROTECT; #endif #ifdef CONFIG_RSBAC_PAX_RANDMMAP def_pax_fd_aci |= PF_PAX_RANDMMAP; #endif #ifdef CONFIG_RSBAC_PAX_RANDEXEC def_pax_fd_aci |= PF_PAX_RANDEXEC; #endif #ifdef CONFIG_RSBAC_PAX_SEGMEXEC def_pax_fd_aci |= PF_PAX_SEGMEXEC; #endif #else def_pax_fd_aci = RSBAC_PAX_DEF_FLAGS; #endif info_p->version = RSBAC_PAX_FD_ACI_VERSION; info_p->key = RSBAC_PAX_FD_ACI_KEY; info_p->desc_size = sizeof(rsbac_inode_nr_t); info_p->data_size = sizeof(rsbac_pax_flags_t); info_p->max_age = 0; /* register PAX lists */ for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++) { /* construct name from base name + number */ sprintf(name, "%s%u", RSBAC_PAX_FD_NAME, file_no); tmperr = rsbac_list_register(RSBAC_LIST_VERSION, &(device_p->handles.pax[file_no]), info_p, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_pax_fd_aci, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "register_fd_lists(): registering PAX list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } } #endif #if defined(CONFIG_RSBAC_RES) { /* register RES lists */ for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++) { /* construct name from base name + number */ sprintf(name, "%s%u", RSBAC_RES_FD_NAME, file_no); info_p->version = RSBAC_RES_FD_ACI_VERSION; info_p->key = RSBAC_RES_FD_ACI_KEY; info_p->desc_size = sizeof(rsbac_inode_nr_t); info_p->data_size = sizeof(struct rsbac_res_fd_aci_t); info_p->max_age = 0; tmperr = rsbac_list_register(RSBAC_LIST_VERSION, &(device_p->handles.res[file_no]), info_p, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_res_fd_aci, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "register_fd_lists(): registering RES list %u for device %02u:%02u failed with error %s!\n", file_no, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } } #endif return err; }

static int __init register_ipc_lists (  void   )  [static]

Definition at line 5656 of file aci_data_structures.c. References ipc_compare(), ipc_handles, NULL, registration_error(), RSBAC_JAIL_ACI_IPC_NAME, RSBAC_JAIL_DEF_ID, RSBAC_LIST_DEF_DATA, rsbac_list_register(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_IPC_NAME, RSBAC_PM_ACI_IPC_NAME, rsbac_printk(), RSBAC_RC_ACI_IPC_NAME, and RSBAC_RC_GENERAL_TYPE. Referenced by rsbac_do_init(). { int err = 0; struct rsbac_list_info_t * list_info_p; list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); if(!list_info_p) { return -ENOMEM; } #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering IPC lists\n"); } #endif #if defined(CONFIG_RSBAC_MAC) { struct rsbac_mac_ipc_aci_t def_aci = DEFAULT_MAC_IPC_ACI; list_info_p->version = RSBAC_MAC_IPC_ACI_VERSION; list_info_p->key = RSBAC_MAC_IPC_ACI_KEY; list_info_p->desc_size = sizeof(struct rsbac_ipc_t); list_info_p->data_size = sizeof(struct rsbac_mac_ipc_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &ipc_handles.mac, list_info_p, RSBAC_LIST_DEF_DATA, ipc_compare, NULL, &def_aci, RSBAC_MAC_ACI_IPC_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "IPC MAC"); } } #endif #if defined(CONFIG_RSBAC_PM) { struct rsbac_pm_ipc_aci_t def_aci = DEFAULT_PM_IPC_ACI; list_info_p->version = RSBAC_PM_IPC_ACI_VERSION; list_info_p->key = RSBAC_PM_IPC_ACI_KEY; list_info_p->desc_size = sizeof(struct rsbac_ipc_t); list_info_p->data_size = sizeof(struct rsbac_pm_ipc_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &ipc_handles.pm, list_info_p, RSBAC_LIST_DEF_DATA, ipc_compare, NULL, &def_aci, RSBAC_PM_ACI_IPC_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "IPC PM"); } } #endif #if defined(CONFIG_RSBAC_RC) { rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE; list_info_p->version = RSBAC_RC_IPC_ACI_VERSION; list_info_p->key = RSBAC_RC_IPC_ACI_KEY; list_info_p->desc_size = sizeof(struct rsbac_ipc_t); list_info_p->data_size = sizeof(rsbac_rc_type_id_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &ipc_handles.rc, list_info_p, RSBAC_LIST_DEF_DATA, ipc_compare, NULL, &def_aci, RSBAC_RC_ACI_IPC_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "IPC RC"); } } #endif #if defined(CONFIG_RSBAC_JAIL) { rsbac_jail_id_t def_aci = RSBAC_JAIL_DEF_ID; list_info_p->version = RSBAC_JAIL_IPC_ACI_VERSION; list_info_p->key = RSBAC_JAIL_IPC_ACI_KEY; list_info_p->desc_size = sizeof(struct rsbac_ipc_t); list_info_p->data_size = sizeof(rsbac_jail_id_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &ipc_handles.jail, list_info_p, RSBAC_LIST_DEF_DATA, ipc_compare, NULL, &def_aci, RSBAC_JAIL_ACI_IPC_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "IPC JAIL"); } } #endif return err; }

static int __init register_process_lists (  void   )  [static]

Definition at line 6320 of file aci_data_structures.c. References DEFAULT_GEN_P_ACI, NULL, PH_from_other_users, process_handles, registration_error(), RSBAC_AUTH_ACI_PROCESS_NAME, RSBAC_CAP_ACI_PROCESS_NAME, RSBAC_DAZ_ACI_PROCESS_NAME, RSBAC_GEN_ACI_PROCESS_NAME, RSBAC_GEN_PROCESS_ACI_KEY, RSBAC_GEN_PROCESS_ACI_VERSION, RSBAC_JAIL_ACI_PROCESS_NAME, rsbac_list_compare_u32(), RSBAC_LIST_DEF_DATA, rsbac_list_register(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_PROCESS_NAME, RSBAC_MAXNAMELEN, RSBAC_PM_ACI_PROCESS_NAME, rsbac_printk(), and RSBAC_RC_ACI_PROCESS_NAME. Referenced by rsbac_do_init(). { int err = 0; struct rsbac_list_info_t * list_info_p; list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); if(!list_info_p) { return -ENOMEM; } #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering PROCESS lists\n"); } #endif { struct rsbac_gen_process_aci_t def_aci = DEFAULT_GEN_P_ACI; char name[RSBAC_MAXNAMELEN]; int i; list_info_p->version = RSBAC_GEN_PROCESS_ACI_VERSION; list_info_p->key = RSBAC_GEN_PROCESS_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_pid_t); list_info_p->data_size = sizeof(struct rsbac_gen_process_aci_t); list_info_p->max_age = 0; for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++) { sprintf(name, "%s%u", RSBAC_GEN_ACI_PROCESS_NAME, i); err = rsbac_list_register(RSBAC_LIST_VERSION, &process_handles.gen[i], list_info_p, RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, name, RSBAC_AUTO_DEV); if(err) { registration_error(err, "PROCESS GEN"); } } } #if defined(CONFIG_RSBAC_MAC) { struct rsbac_mac_process_aci_t def_aci = DEFAULT_MAC_P_ACI; char name[RSBAC_MAXNAMELEN]; int i; list_info_p->version = RSBAC_MAC_PROCESS_ACI_VERSION; list_info_p->key = RSBAC_MAC_PROCESS_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_pid_t); list_info_p->data_size = sizeof(struct rsbac_mac_process_aci_t); list_info_p->max_age = 0; for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++) { sprintf(name, "%s%u", RSBAC_MAC_ACI_PROCESS_NAME, i); err = rsbac_list_register(RSBAC_LIST_VERSION, &process_handles.mac[i], list_info_p, RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, name, RSBAC_AUTO_DEV); if(err) { registration_error(err, "PROCESS MAC"); } } } #endif #if defined(CONFIG_RSBAC_PM) { struct rsbac_pm_process_aci_t def_aci = DEFAULT_PM_P_ACI; list_info_p->version = RSBAC_PM_PROCESS_ACI_VERSION; list_info_p->key = RSBAC_PM_PROCESS_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_pid_t); list_info_p->data_size = sizeof(struct rsbac_pm_process_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &process_handles.pm, list_info_p, RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_PM_ACI_PROCESS_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "PROCESS PM"); } } #endif #if defined(CONFIG_RSBAC_DAZ) { struct rsbac_daz_process_aci_t def_aci = DEFAULT_DAZ_P_ACI; list_info_p->version = RSBAC_DAZ_PROCESS_ACI_VERSION; list_info_p->key = RSBAC_DAZ_PROCESS_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_pid_t); list_info_p->data_size = sizeof(struct rsbac_daz_process_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &process_handles.daz, list_info_p, RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_DAZ_ACI_PROCESS_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "PROCESS DAZ"); } } #endif #if defined(CONFIG_RSBAC_RC) { struct rsbac_rc_process_aci_t def_aci = DEFAULT_RC_P_ACI; char name[RSBAC_MAXNAMELEN]; int i; list_info_p->version = RSBAC_RC_PROCESS_ACI_VERSION; list_info_p->key = RSBAC_RC_PROCESS_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_pid_t); list_info_p->data_size = sizeof(struct rsbac_rc_process_aci_t); list_info_p->max_age = 0; for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++) { sprintf(name, "%s%u", RSBAC_RC_ACI_PROCESS_NAME, i); err = rsbac_list_register(RSBAC_LIST_VERSION, &process_handles.rc[i], list_info_p, RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, name, RSBAC_AUTO_DEV); if(err) { registration_error(err, "PROCESS RC"); } } } #endif #if defined(CONFIG_RSBAC_AUTH) { struct rsbac_auth_process_aci_t def_aci = DEFAULT_AUTH_P_ACI; list_info_p->version = RSBAC_AUTH_PROCESS_ACI_VERSION; list_info_p->key = RSBAC_AUTH_PROCESS_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_pid_t); list_info_p->data_size = sizeof(struct rsbac_auth_process_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &process_handles.auth, list_info_p, RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_AUTH_ACI_PROCESS_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "PROCESS AUTH"); } } #endif #if defined(CONFIG_RSBAC_CAP) { struct rsbac_cap_process_aci_t def_aci = DEFAULT_CAP_P_ACI; #if defined(CONFIG_RSBAC_CAP_PROC_HIDE) if(rsbac_cap_process_hiding) def_aci.cap_process_hiding = PH_from_other_users; #endif list_info_p->version = RSBAC_CAP_PROCESS_ACI_VERSION; list_info_p->key = RSBAC_CAP_PROCESS_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_pid_t); list_info_p->data_size = sizeof(struct rsbac_cap_process_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &process_handles.cap, list_info_p, RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_CAP_ACI_PROCESS_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "PROCESS CAP"); } } #endif #if defined(CONFIG_RSBAC_JAIL) { struct rsbac_jail_process_aci_t def_aci = DEFAULT_JAIL_P_ACI; char name[RSBAC_MAXNAMELEN]; int i; list_info_p->version = RSBAC_JAIL_PROCESS_ACI_VERSION; list_info_p->key = RSBAC_JAIL_PROCESS_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_pid_t); list_info_p->data_size = sizeof(struct rsbac_jail_process_aci_t); list_info_p->max_age = 0; for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++) { sprintf(name, "%s%u", RSBAC_JAIL_ACI_PROCESS_NAME, i); err = rsbac_list_register(RSBAC_LIST_VERSION, &process_handles.jail[i], list_info_p, RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, name, RSBAC_AUTO_DEV); if(err) { registration_error(err, "PROCESS JAIL"); } } } #endif return err; }

static int __init register_user_lists (  void   )  [static]

Definition at line 5777 of file aci_data_structures.c. References DEFAULT_GEN_U_ACI, NULL, registration_error(), RSBAC_AUDITOR_UID, RSBAC_AUTH_ACI_USER_NAME, RSBAC_CAP_ACI_USER_NAME, RSBAC_DATAPROT_UID, RSBAC_DAZ_ACI_USER_NAME, RSBAC_FF_ACI_USER_NAME, RSBAC_GEN_ACI_USER_NAME, RSBAC_GEN_USER_ACI_KEY, RSBAC_GEN_USER_ACI_VERSION, RSBAC_JAIL_ACI_USER_NAME, rsbac_list_add(), RSBAC_LIST_BACKUP, rsbac_list_compare_u32(), rsbac_list_count(), RSBAC_LIST_DEF_DATA, RSBAC_LIST_PERSIST, rsbac_list_register(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_USER_NAME, rsbac_no_defaults, RSBAC_PAX_ACI_USER_NAME, RSBAC_PM_ACI_USER_NAME, rsbac_printk(), RSBAC_RC_ACI_USER_NAME, RSBAC_RES_ACI_USER_NAME, RSBAC_SECOFF_UID, RSBAC_SYSADM_UID, RSBAC_TPMAN_UID, SR_administrator, SR_auditor, SR_security_officer, SR_user, and user_handles. Referenced by rsbac_do_init(). { int err = 0; struct rsbac_list_info_t * list_info_p; list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); if(!list_info_p) { return -ENOMEM; } #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering USER lists\n"); } #endif { struct rsbac_gen_user_aci_t def_aci = DEFAULT_GEN_U_ACI; list_info_p->version = RSBAC_GEN_USER_ACI_VERSION; list_info_p->key = RSBAC_GEN_USER_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_uid_t); list_info_p->data_size = sizeof(struct rsbac_gen_user_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &user_handles.gen, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_GEN_ACI_USER_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "USER General"); } } #if defined(CONFIG_RSBAC_MAC) { struct rsbac_mac_user_aci_t def_aci = DEFAULT_MAC_U_ACI; list_info_p->version = RSBAC_MAC_USER_ACI_VERSION; list_info_p->key = RSBAC_MAC_USER_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_uid_t); list_info_p->data_size = sizeof(struct rsbac_mac_user_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &user_handles.mac, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, mac_user_get_conv, &def_aci, RSBAC_MAC_ACI_USER_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "USER MAC"); } else if(!rsbac_no_defaults && !rsbac_list_count(user_handles.mac)) { struct rsbac_mac_user_aci_t sysadm_aci = DEFAULT_MAC_U_SYSADM_ACI; struct rsbac_mac_user_aci_t secoff_aci = DEFAULT_MAC_U_SECOFF_ACI; struct rsbac_mac_user_aci_t auditor_aci = DEFAULT_MAC_U_AUDITOR_ACI; rsbac_uid_t user; rsbac_printk(KERN_WARNING "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n"); user = RSBAC_SYSADM_UID; if(rsbac_list_add(user_handles.mac, &user, &sysadm_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER MAC entry could not be added!\n"); user = RSBAC_SECOFF_UID; if(rsbac_list_add(user_handles.mac, &user, &secoff_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER MAC entry could not be added!\n"); user = RSBAC_AUDITOR_UID; if(rsbac_list_add(user_handles.mac, &user, &auditor_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER MAC entry could not be added!\n"); } } #endif #if defined(CONFIG_RSBAC_PM) { struct rsbac_pm_user_aci_t def_aci = DEFAULT_PM_U_ACI; list_info_p->version = RSBAC_PM_USER_ACI_VERSION; list_info_p->key = RSBAC_PM_USER_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_uid_t); list_info_p->data_size = sizeof(struct rsbac_pm_user_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &user_handles.pm, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_PM_ACI_USER_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "USER PM"); } else if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pm)) { struct rsbac_pm_user_aci_t sysadm_aci = DEFAULT_PM_U_SYSADM_ACI; struct rsbac_pm_user_aci_t secoff_aci = DEFAULT_PM_U_SECOFF_ACI; struct rsbac_pm_user_aci_t dataprot_aci = DEFAULT_PM_U_DATAPROT_ACI; struct rsbac_pm_user_aci_t tpman_aci = DEFAULT_PM_U_TPMAN_ACI; rsbac_uid_t user; rsbac_printk(KERN_WARNING "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n"); user = RSBAC_SYSADM_UID; if(rsbac_list_add(user_handles.pm, &user, &sysadm_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER PM entry could not be added!\n"); user = RSBAC_SECOFF_UID; if(rsbac_list_add(user_handles.pm, &user, &secoff_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER PM entry could not be added!\n"); user = RSBAC_DATAPROT_UID; if(rsbac_list_add(user_handles.pm, &user, &dataprot_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): DATAPROT USER PM entry could not be added!\n"); user = RSBAC_TPMAN_UID; if(rsbac_list_add(user_handles.pm, &user, &tpman_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): TPMAN USER PM entry could not be added!\n"); } } #endif #if defined(CONFIG_RSBAC_DAZ) { rsbac_system_role_int_t def_aci = SR_user; list_info_p->version = RSBAC_DAZ_USER_ACI_VERSION; list_info_p->key = RSBAC_DAZ_USER_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_uid_t); list_info_p->data_size = sizeof(rsbac_system_role_int_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &user_handles.daz, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_DAZ_ACI_USER_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "USER DAZ"); } else if(!rsbac_no_defaults && !rsbac_list_count(user_handles.daz)) { rsbac_uid_t user; rsbac_system_role_int_t role; rsbac_printk(KERN_WARNING "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n"); user = RSBAC_SYSADM_UID; role = SR_administrator; if(rsbac_list_add(user_handles.daz, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER DAZ entry could not be added!\n"); user = RSBAC_SECOFF_UID; role = SR_security_officer; if(rsbac_list_add(user_handles.daz, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER DAZ entry could not be added!\n"); } } #endif #if defined(CONFIG_RSBAC_FF) { rsbac_system_role_int_t def_aci = SR_user; list_info_p->version = RSBAC_FF_USER_ACI_VERSION; list_info_p->key = RSBAC_FF_USER_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_uid_t); list_info_p->data_size = sizeof(rsbac_system_role_int_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &user_handles.ff, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_FF_ACI_USER_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "USER FF"); } else if(!rsbac_no_defaults && !rsbac_list_count(user_handles.ff)) { rsbac_uid_t user; rsbac_system_role_int_t role; rsbac_printk(KERN_WARNING "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n"); user = RSBAC_SYSADM_UID; role = SR_administrator; if(rsbac_list_add(user_handles.ff, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER FF entry could not be added!\n"); user = RSBAC_SECOFF_UID; role = SR_security_officer; if(rsbac_list_add(user_handles.ff, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER FF entry could not be added!\n"); user = RSBAC_AUDITOR_UID; role = SR_auditor; if(rsbac_list_add(user_handles.ff, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER FF entry could not be added!\n"); } } #endif #if defined(CONFIG_RSBAC_RC) { struct rsbac_rc_user_aci_t def_aci = DEFAULT_RC_U_ACI; list_info_p->version = RSBAC_RC_USER_ACI_VERSION; list_info_p->key = RSBAC_RC_USER_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_uid_t); list_info_p->data_size = sizeof(struct rsbac_rc_user_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &user_handles.rc, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, rc_user_get_conv, &def_aci, RSBAC_RC_ACI_USER_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "USER RC"); } else if(!rsbac_no_defaults && !rsbac_list_count(user_handles.rc)) { rsbac_uid_t user; struct rsbac_rc_user_aci_t sysadm_aci = DEFAULT_RC_U_SYSADM_ACI; struct rsbac_rc_user_aci_t secoff_aci = DEFAULT_RC_U_SECOFF_ACI; struct rsbac_rc_user_aci_t auditor_aci = DEFAULT_RC_U_AUDITOR_ACI; rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n"); user = RSBAC_SYSADM_UID; if(rsbac_list_add(user_handles.rc, &user, &sysadm_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER RC entry could not be added!\n"); user = RSBAC_SECOFF_UID; if(rsbac_list_add(user_handles.rc, &user, &secoff_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER RC entry could not be added!\n"); user = RSBAC_AUDITOR_UID; if(rsbac_list_add(user_handles.rc, &user, &auditor_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER RC entry could not be added!\n"); } } #endif #if defined(CONFIG_RSBAC_AUTH) { rsbac_system_role_int_t def_aci = SR_user; list_info_p->version = RSBAC_AUTH_USER_ACI_VERSION; list_info_p->key = RSBAC_AUTH_USER_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_uid_t); list_info_p->data_size = sizeof(rsbac_system_role_int_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &user_handles.auth, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_AUTH_ACI_USER_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "USER AUTH"); } else if(!rsbac_no_defaults && !rsbac_list_count(user_handles.auth)) { rsbac_uid_t user; rsbac_system_role_int_t role; rsbac_printk(KERN_WARNING "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n"); user = RSBAC_SYSADM_UID; role = SR_administrator; if(rsbac_list_add(user_handles.auth, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER AUTH entry could not be added!\n"); user = RSBAC_SECOFF_UID; role = SR_security_officer; if(rsbac_list_add(user_handles.auth, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER AUTH entry could not be added!\n"); user = RSBAC_AUDITOR_UID; role = SR_auditor; if(rsbac_list_add(user_handles.auth, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER AUTH entry could not be added!\n"); } } #endif /* AUTH */ #if defined(CONFIG_RSBAC_CAP) { struct rsbac_cap_user_aci_t def_aci = DEFAULT_CAP_U_ACI; list_info_p->version = RSBAC_CAP_USER_ACI_VERSION; list_info_p->key = RSBAC_CAP_USER_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_uid_t); list_info_p->data_size = sizeof(struct rsbac_cap_user_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &user_handles.cap, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_CAP_ACI_USER_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "USER CAP"); } else if(!rsbac_no_defaults && !rsbac_list_count(user_handles.cap)) { struct rsbac_cap_user_aci_t sysadm_aci = DEFAULT_CAP_U_SYSADM_ACI; struct rsbac_cap_user_aci_t secoff_aci = DEFAULT_CAP_U_SECOFF_ACI; struct rsbac_cap_user_aci_t auditor_aci = DEFAULT_CAP_U_AUDITOR_ACI; rsbac_uid_t user; rsbac_printk(KERN_WARNING "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n"); rsbac_printk(KERN_WARNING "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n"); user = RSBAC_SYSADM_UID; if(rsbac_list_add(user_handles.cap, &user, &sysadm_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER CAP entry could not be added!\n"); user = RSBAC_SECOFF_UID; if(rsbac_list_add(user_handles.cap, &user, &secoff_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER CAP entry could not be added!\n"); user = RSBAC_AUDITOR_UID; if(rsbac_list_add(user_handles.cap, &user, &auditor_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): AUDITOR USER CAP entry could not be added!\n"); } } #endif #if defined(CONFIG_RSBAC_JAIL) { rsbac_system_role_int_t def_aci = SR_user; list_info_p->version = RSBAC_JAIL_USER_ACI_VERSION; list_info_p->key = RSBAC_JAIL_USER_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_uid_t); list_info_p->data_size = sizeof(rsbac_system_role_int_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &user_handles.jail, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_JAIL_ACI_USER_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "USER JAIL"); } else if(!rsbac_no_defaults && !rsbac_list_count(user_handles.jail)) { rsbac_uid_t user; rsbac_system_role_int_t role; rsbac_printk(KERN_WARNING "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n"); user = RSBAC_SYSADM_UID; role = SR_administrator; if(rsbac_list_add(user_handles.jail, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER JAIL entry could not be added!\n"); user = RSBAC_SECOFF_UID; role = SR_security_officer; if(rsbac_list_add(user_handles.jail, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER JAIL entry could not be added!\n"); } } #endif #if defined(CONFIG_RSBAC_RES) { list_info_p->version = RSBAC_RES_USER_ACI_VERSION; list_info_p->key = RSBAC_RES_USER_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_uid_t); list_info_p->data_size = sizeof(struct rsbac_res_user_aci_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &user_handles.res, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST, rsbac_list_compare_u32, NULL, NULL, RSBAC_RES_ACI_USER_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "USER RES"); } else if(!rsbac_no_defaults && !rsbac_list_count(user_handles.res)) { struct rsbac_res_user_aci_t sysadm_aci = DEFAULT_RES_U_SYSADM_ACI; struct rsbac_res_user_aci_t secoff_aci = DEFAULT_RES_U_SECOFF_ACI; rsbac_uid_t user; rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n"); rsbac_printk(KERN_WARNING "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n"); user = RSBAC_SYSADM_UID; if(rsbac_list_add(user_handles.res, &user, &sysadm_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER RES entry could not be added!\n"); user = RSBAC_SECOFF_UID; if(rsbac_list_add(user_handles.res, &user, &secoff_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER RES entry could not be added!\n"); } } #endif #if defined(CONFIG_RSBAC_PAX) { rsbac_system_role_int_t def_aci = SR_user; list_info_p->version = RSBAC_PAX_USER_ACI_VERSION; list_info_p->key = RSBAC_PAX_USER_ACI_KEY; list_info_p->desc_size = sizeof(rsbac_uid_t); list_info_p->data_size = sizeof(rsbac_system_role_int_t); list_info_p->max_age = 0; err = rsbac_list_register(RSBAC_LIST_VERSION, &user_handles.pax, list_info_p, #ifdef CONFIG_RSBAC_DEV_USER_BACKUP RSBAC_LIST_BACKUP | #endif RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, NULL, &def_aci, RSBAC_PAX_ACI_USER_NAME, RSBAC_AUTO_DEV); if(err) { registration_error(err, "USER PAX"); } else if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pax)) { rsbac_uid_t user; rsbac_system_role_int_t role; rsbac_printk(KERN_WARNING "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n"); user = RSBAC_SYSADM_UID; role = SR_administrator; if(rsbac_list_add(user_handles.pax, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SYSADM USER PAX entry could not be added!\n"); user = RSBAC_SECOFF_UID; role = SR_security_officer; if(rsbac_list_add(user_handles.pax, &user, &role)) rsbac_printk(KERN_WARNING "rsbac_do_init(): SECOFF USER PAX entry could not be added!\n"); } } #endif return err; }

static void __init registration_error (  int  err, char *  listname )  [static]

Definition at line 5482 of file aci_data_structures.c. References get_error_name(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, and rsbac_printk(). Referenced by register_dev_lists(), register_ipc_lists(), register_process_lists(), register_user_lists(), rsbac_init_acl(), rsbac_init_pm(), and rsbac_init_rc(). { if(err < 0) { char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "rsbac_do_init(): Registering %s list failed with error %s\n", listname, get_error_name(tmp, err)); rsbac_kfree(tmp); } } }

static void remove_device_item (  kdev_t  kdev  )  [static]

Definition at line 1996 of file aci_data_structures.c. References aci_detach_fd_lists(), clear_device_item(), device_list_head, lookup_device(), and NULL. Referenced by rsbac_umount(), rsbac_umount_acl(), rsbac_umount_auth(), and rsbac_umount_mac(). { struct rsbac_device_list_item_t * item_p; /* first we must locate the item. */ if ( (item_p = lookup_device(kdev)) ) { /* ok, item was found */ if (device_list_head.head == item_p) { /* item is head */ if (device_list_head.tail == item_p) { /* item is head and tail = only item -> list will be empty*/ device_list_head.head = NULL; device_list_head.tail = NULL; } else { /* item is head, but not tail -> next item becomes head */ item_p->next->prev = NULL; device_list_head.head = item_p->next; } } else { /* item is not head */ if (device_list_head.tail == item_p) { /*item is not head, but tail -> previous item becomes tail*/ item_p->prev->next = NULL; device_list_head.tail = item_p->prev; } else { /* item is neither head nor tail -> item is cut out */ item_p->prev->next = item_p->next; item_p->next->prev = item_p->prev; } } /* curr is no longer valid -> reset. */ device_list_head.curr=NULL; /* adjust counter */ device_list_head.count--; /* clean up */ aci_detach_fd_lists(item_p); /* clear item */ clear_device_item(item_p); } /* end of if: item was found */ } /* end of remove_device_item() */

int rsbac_check_inode (  struct super_block *  sb_p, rsbac_inode_nr_t  inode )

Definition at line 9128 of file aci_data_structures.c. References RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOTFOUND, and rsbac_printk(). { struct inode * inode_p; int err = 0; if(!sb_p) return -RSBAC_EINVALIDPOINTER; if(!inode) return -RSBAC_EINVALIDVALUE; if(!MAJOR(sb_p->s_dev)) return 0; if(sb_p->s_magic != EXT2_SUPER_MAGIC) return 0; #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) if(sb_p->s_op && sb_p->s_op->read_inode2) return 0; #endif inode_p = iget(sb_p, inode); if(is_bad_inode(inode_p)) { return -RSBAC_ENOTFOUND; } #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) /* currently only deletion checking of ext2 inodes is possible */ if(sb_p->s_magic == EXT2_SUPER_MAGIC) { if(inode_p->u.ext2_i.i_dtime) { /* inode has been deleted */ err = -RSBAC_ENOTFOUND; } else { if(inode_p->i_nlink <= 0) { /* inode has been unlinked, but no dtime is set -> warn */ rsbac_printk(KERN_WARNING "rsbac_check_inode(): inode %u with nlink <= 0 on device %02u:%02u detected!\n", inode, RSBAC_MAJOR(sb_p->s_dev), RSBAC_MINOR(sb_p->s_dev)); err = -RSBAC_ENOTFOUND; } } } #endif iput(inode_p); return err; }

static int rsbac_clear_file (  struct dentry *  dentry  )  [static]

Definition at line 2049 of file aci_data_structures.c. Referenced by rsbac_write_open(). { struct inode *inode = dentry->d_inode; int error; struct iattr newattrs; down(&inode->i_sem); newattrs.ia_size = 0; newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME; error = notify_change(dentry, &newattrs); up(&inode->i_sem); return error; }

static int __init rsbac_do_init (  void   )  [static]

Definition at line 7084 of file aci_data_structures.c. References add_device_item(), clear_device_item(), compiled_modules, create_device_item(), device_list_head, get_error_name(), NULL, register_dev_lists(), register_fd_lists(), register_ipc_lists(), register_process_lists(), register_user_lists(), RSBAC_AUTH_LOGIN_PATH, RSBAC_AUTH_LOGIN_PATH_DIR, RSBAC_AUTH_LOGIN_PATH_FILE, rsbac_check(), rsbac_check_acl(), rsbac_check_auth(), rsbac_check_lists(), RSBAC_ECOULDNOTADDDEVICE, RSBAC_ECOULDNOTADDITEM, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOROOTDEV, RSBAC_ENOTFOUND, rsbac_init_acl(), rsbac_init_adf(), rsbac_init_auth(), rsbac_init_daz(), rsbac_init_debug(), rsbac_init_mac(), rsbac_init_pm(), rsbac_init_rc(), rsbac_init_um(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_kmem_cache_sizes_init(), rsbac_list_add(), rsbac_list_get_data(), rsbac_list_init(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, rsbac_mount(), rsbac_pax_set_flags_func(), rsbac_printk(), rsbac_root_dev, RSBAC_VERSION, sysfs_covered_p, sysfs_sb_p, and TRUE. Referenced by rsbac_init(). { int err = 0; struct rsbac_device_list_item_t * device_p; struct rsbac_device_list_item_t * new_device_p; u_long flags; struct rsbac_list_info_t * list_info_p; struct super_block * sb_p; #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n; n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); if(!list_info_p) { return -ENOMEM; } compiled_modules[0] = (char) 0; #ifdef CONFIG_RSBAC_REG strcat(compiled_modules, " REG"); #endif #ifdef CONFIG_RSBAC_MAC #ifdef CONFIG_RSBAC_MAC_LIGHT strcat(compiled_modules, " MAC-L"); #else strcat(compiled_modules, " MAC"); #endif #endif #ifdef CONFIG_RSBAC_PM strcat(compiled_modules, " PM"); #endif #ifdef CONFIG_RSBAC_DAZ strcat(compiled_modules, " DAZ"); #endif #ifdef CONFIG_RSBAC_FF strcat(compiled_modules, " FF"); #endif #ifdef CONFIG_RSBAC_RC strcat(compiled_modules, " RC"); #endif #ifdef CONFIG_RSBAC_AUTH strcat(compiled_modules, " AUTH"); #endif #ifdef CONFIG_RSBAC_ACL strcat(compiled_modules, " ACL"); #endif #ifdef CONFIG_RSBAC_CAP strcat(compiled_modules, " CAP"); #endif #ifdef CONFIG_RSBAC_JAIL strcat(compiled_modules, " JAIL"); #endif #ifdef CONFIG_RSBAC_RES strcat(compiled_modules, " RES"); #endif #ifdef CONFIG_RSBAC_PAX strcat(compiled_modules, " PAX"); #endif #ifdef CONFIG_RSBAC_MAINT rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n", RSBAC_VERSION); /* Print banner we are initializing */ printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n", RSBAC_VERSION); rsbac_printk(KERN_INFO "rsbac_do_init(): Supported module data structures:%s\n", compiled_modules); #else rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s\n", RSBAC_VERSION); /* Print banner we are initializing */ #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG if (rsbac_nosyslog) #endif printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s\n", RSBAC_VERSION); rsbac_printk(KERN_INFO "rsbac_do_init(): compiled modules:%s\n", compiled_modules); #endif /* init memory */ rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing memory slabs\n"); rsbac_kmem_cache_sizes_init(); /* set rw-spinlocks to unlocked status and init data structures */ device_list_head.lock = RW_LOCK_UNLOCKED; device_list_head.head = NULL; device_list_head.tail = NULL; device_list_head.curr = NULL; device_list_head.count = 0; #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS) #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering proc dir: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif rsbac_printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n"); register_all_rsbac_proc(); #endif #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before get_super: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) sb_p = user_get_super(rsbac_root_dev); #else sb_p = get_super(rsbac_root_dev); #endif if(!sb_p) { kfree(list_info_p); return -RSBAC_ENOROOTDEV; } /* read fd aci from root device */ #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_do_init(): reading aci from device number %02u:%02u\n", RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev)); } #endif /* create a private device item */ new_device_p = create_device_item(sb_p, NULL); if (!new_device_p) { rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not alloc device item!\n"); err = -RSBAC_ECOULDNOTADDDEVICE; goto out_free; } /* Add new_device_p to device list */ /* wait for write access to device_list_head */ rsbac_write_lock(&device_list_head.lock, &flags); /* OK, go on */ device_p = add_device_item(new_device_p); /* device was added, allow access */ rsbac_write_unlock(&device_list_head.lock, &flags); if (!device_p) { rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not add device!\n"); clear_device_item(new_device_p); err = -RSBAC_ECOULDNOTADDDEVICE; goto out_free; } /* init lists - we need the root device_p to be initialized, but no generic list registered */ rsbac_printk(KERN_INFO "rsbac_do_init(): Initializing generic lists\n"); rsbac_list_init(); #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_debug: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif rsbac_init_debug(); rsbac_printk(KERN_INFO "rsbac_do_init(): reading FD attributes from root dev\n"); #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before reading FD lists: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif /* no locking needed, device_p is known and there can be no parallel init! */ if((err = register_fd_lists(device_p,rsbac_root_dev))) { char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n", RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err)); rsbac_kfree(tmp); } } #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before DEV lists registration: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif register_dev_lists(); #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering IPC lists: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif register_ipc_lists(); #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering USER lists: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif register_user_lists(); #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering PROCESS aci: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif register_process_lists(); #ifdef CONFIG_RSBAC_UM #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before GROUP lists registration: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif register_group_lists(); #endif /* CONFIG_RSBAC_UM */ #ifdef CONFIG_RSBAC_NET_DEV register_netdev_lists(); #endif #ifdef CONFIG_RSBAC_NET_OBJ register_nettemp_list(); register_nettemp_aci_lists(); register_netobj_lists(); #endif /* NET_OBJ */ /* Call other init functions */ #if defined(CONFIG_RSBAC_MAC) #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_mac: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif rsbac_init_mac(); #endif #ifdef CONFIG_RSBAC_PM #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_pm: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif rsbac_init_pm(); #endif #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT) #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_daz: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif rsbac_init_daz(); #endif #if defined(CONFIG_RSBAC_RC) #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_rc: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif rsbac_init_rc(); #endif #if defined(CONFIG_RSBAC_AUTH) #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_auth: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif rsbac_init_auth(); if (rsbac_auth_enable_login) { struct dentry * t_dentry; struct dentry * dir_dentry = NULL; struct rsbac_auth_fd_aci_t auth_fd_aci = DEFAULT_AUTH_FD_ACI; int list_no; rsbac_printk(KERN_WARNING "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n", RSBAC_AUTH_LOGIN_PATH); /* lookup filename */ if(sb_p) { dir_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_DIR, sb_p->s_root, strlen(RSBAC_AUTH_LOGIN_PATH_DIR)); } if (!dir_dentry) { err = -RSBAC_ENOTFOUND; rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n", RSBAC_AUTH_LOGIN_PATH_DIR); goto auth_out; } if (IS_ERR(dir_dentry)) { err = PTR_ERR(dir_dentry); rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n", RSBAC_AUTH_LOGIN_PATH_DIR, err); goto auth_out; } if (!dir_dentry->d_inode) { err = -RSBAC_ENOTFOUND; rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n", RSBAC_AUTH_LOGIN_PATH_DIR); dput(dir_dentry); goto auth_out; } t_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_FILE, dir_dentry, strlen(RSBAC_AUTH_LOGIN_PATH_FILE)); if (!t_dentry) { err = -RSBAC_ENOTFOUND; rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n", RSBAC_AUTH_LOGIN_PATH_DIR, RSBAC_AUTH_LOGIN_PATH_FILE); goto auth_out; } if (IS_ERR(t_dentry)) { err = PTR_ERR(t_dentry); rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n", RSBAC_AUTH_LOGIN_PATH_DIR, RSBAC_AUTH_LOGIN_PATH_FILE, err); goto auth_out; } if (!t_dentry->d_inode) { err = -RSBAC_ENOTFOUND; rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n", RSBAC_AUTH_LOGIN_PATH_DIR, RSBAC_AUTH_LOGIN_PATH_FILE); dput(t_dentry); goto auth_out; } if (!t_dentry->d_inode) { rsbac_printk(KERN_WARNING "rsbac_do_init(): file %s not found\n", RSBAC_AUTH_LOGIN_PATH); err = -RSBAC_EINVALIDTARGET; goto auth_out_dput; } /* is inode of type file? */ if (!S_ISREG(t_dentry->d_inode->i_mode)) { rsbac_printk(KERN_WARNING "rsbac_do_init(): %s is no file\n", RSBAC_AUTH_LOGIN_PATH); err = -RSBAC_EINVALIDTARGET; goto auth_out_dput; } list_no = auth_fd_hash(t_dentry->d_inode->i_ino); rsbac_list_get_data(device_p->handles.auth[list_no], &t_dentry->d_inode->i_ino, &auth_fd_aci); auth_fd_aci.auth_may_setuid = TRUE; if(rsbac_list_add(device_p->handles.auth[list_no], &t_dentry->d_inode->i_ino, &auth_fd_aci)) { /* Adding failed! */ rsbac_printk(KERN_WARNING "rsbac_do_init(): Could not add AUTH file/dir item!\n"); err = -RSBAC_ECOULDNOTADDITEM; } auth_out_dput: auth_out: { } } #endif #if defined(CONFIG_RSBAC_ACL) #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_acl: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif rsbac_init_acl(); #endif #if defined(CONFIG_RSBAC_UM) #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_um: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif rsbac_init_um(); #endif #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_adf: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif rsbac_init_adf(); /* free super_block pointer */ drop_super(sb_p); #if defined(CONFIG_RSBAC_PAX) && defined(CONFIG_PAX_HOOK_ACL_FLAGS) #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10) pax_set_initial_flags_func = rsbac_pax_set_flags_func; #else pax_set_flags_func = rsbac_pax_set_flags_func; #endif #endif /* Tell that rsbac is initialized */ rsbac_initialized = TRUE; /* Add initrd mount */ #ifdef CONFIG_BLK_DEV_INITRD if(initrd_start) { #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,0)); #else sb_p = get_super(MKDEV(RAMDISK_MAJOR,0)); #endif if(sb_p) { rsbac_mount(sb_p, NULL); drop_super(sb_p); } #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR)); #else sb_p = get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR)); #endif if(sb_p) { rsbac_mount(sb_p, NULL); drop_super(sb_p); } } #endif #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) /* Add sysfs mount */ if( sysfs_covered_p && sysfs_sb_p ) { rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n", MAJOR(sysfs_sb_p->s_dev), MINOR(sysfs_sb_p->s_dev)); rsbac_mount(sysfs_sb_p, sysfs_covered_p); } #endif /* Add devfs mount */ #ifdef CONFIG_DEVFS_MOUNT if( devfs_covered_p && devfs_sb_p ) { rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n", MAJOR(devfs_sb_p->s_dev), MINOR(devfs_sb_p->s_dev)); rsbac_mount(devfs_sb_p, devfs_covered_p); } #endif /* Force a check, if configured */ #ifdef CONFIG_RSBAC_INIT_CHECK #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before rsbac_check: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif rsbac_printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n"); rsbac_check_lists(1); #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) rsbac_check(1,0); /* call other checks */ #if defined(CONFIG_RSBAC_AUTH) rsbac_check_auth(1,0); #endif #endif #if defined(CONFIG_RSBAC_ACL) rsbac_check_acl(1,0); #endif #endif if (!current->fs) { rsbac_printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n"); err = -RSBAC_EINVALIDPOINTER; } out: /* Ready. */ rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n"); /* We are up and running */ rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n"); kfree(list_info_p); return err; out_free: /* free super_block pointer */ drop_super(sb_p); goto out; }

int rsbac_free_dat_dentries (  void   )

Definition at line 8583 of file aci_data_structures.c. References device_list_head, NULL, RSBAC_ENOTINITIALIZED, rsbac_initialized, and rsbac_printk(). { u_long flags; struct rsbac_device_list_item_t * device_p; if (!rsbac_initialized) { rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n"); /* wait for write access to device_list_head */ rsbac_write_lock_irq(&device_list_head.lock, &flags); /* OK, nobody else is working on it... */ device_p = device_list_head.head; while(device_p) { if(device_p->rsbac_dir_dentry_p) { dput(device_p->rsbac_dir_dentry_p); device_p->rsbac_dir_dentry_p = NULL; } device_p = device_p->next; } /* allow access */ rsbac_write_unlock_irq(&device_list_head.lock, &flags); return(0); }

int rsbac_get_full_path (  struct dentry *  dentry_p, char  path[], int  maxlen )

Definition at line 2667 of file aci_data_structures.c. References A_pseudo, FALSE, GEN, lookup_device(), rsbac_attribute_value_t::pseudo, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOMEM, rsbac_get_attr, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, T_USER, and rsbac_target_id_t::user. Referenced by get_target_name(), rsbac_adf_request_int(), rsbac_jail_sys_jail(), and xp_fill_file_struct(). { int len=0; char * i_path; int tmplen=0; #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS union rsbac_target_id_t i_tid; union rsbac_attribute_value_t i_attr_val; #endif if(!dentry_p || !path) return -RSBAC_EINVALIDPOINTER; if(maxlen <= 0) return -RSBAC_EINVALIDVALUE; i_path = rsbac_kmalloc(maxlen + RSBAC_MAXNAMELEN); if(!i_path) return -RSBAC_ENOMEM; path[0] = 0; while(dentry_p && (len<maxlen) && dentry_p->d_name.len && dentry_p->d_name.name) { #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS if( dentry_p->d_inode && dentry_p->d_parent && dentry_p->d_parent->d_inode && (i_tid.user = dentry_p->d_inode->i_uid) && (dentry_p->d_inode->i_uid != dentry_p->d_parent->d_inode->i_uid) && !rsbac_get_attr(GEN,T_USER,i_tid,A_pseudo,&i_attr_val,FALSE) && i_attr_val.pseudo ) { /* Max len of 32 Bit value in decimal print is 11 */ if((maxlen-len) < 12) { rsbac_kfree(i_path); return(len); } tmplen = snprintf(i_path, 11, "%u", i_attr_val.pseudo); } else #endif { tmplen = dentry_p->d_name.len; if((tmplen+1) > (maxlen-len)) { rsbac_kfree(i_path); return(len); } strncpy(i_path, dentry_p->d_name.name, tmplen); } if(len && (i_path[tmplen-1] != '/')) { i_path[tmplen] = '/'; tmplen++; } i_path[tmplen]=0; strcat(i_path, path); strcpy(path, i_path); len += tmplen; if( dentry_p->d_parent && (dentry_p->d_parent != dentry_p) && (dentry_p->d_sb->s_root != dentry_p) ) dentry_p = dentry_p->d_parent; else { struct rsbac_device_list_item_t * device_p; device_p = lookup_device(dentry_p->d_sb->s_dev); if( device_p && device_p->d_covers ) dentry_p = device_p->d_covers; else break; } } rsbac_kfree(i_path); return(len); }

int rsbac_get_full_path_length (  struct dentry *  dentry_p  )

Definition at line 2751 of file aci_data_structures.c. References lookup_device(), and RSBAC_EINVALIDPOINTER. Referenced by xp_fill_file_struct(). { int len=0; int tmplen=0; if(!dentry_p) return -RSBAC_EINVALIDPOINTER; while(dentry_p && dentry_p->d_name.len && dentry_p->d_name.name) { tmplen = dentry_p->d_name.len; if(len && (dentry_p->d_name.name[tmplen-1] != '/')) { tmplen++; } len += tmplen; if( dentry_p->d_parent && (dentry_p->d_parent != dentry_p) && (dentry_p->d_sb->s_root != dentry_p) ) dentry_p = dentry_p->d_parent; else { struct rsbac_device_list_item_t * device_p; device_p = lookup_device(dentry_p->d_sb->s_dev); if( device_p && device_p->d_covers ) dentry_p = device_p->d_covers; else break; } } return(len); }

int rsbac_get_parent (  enum rsbac_target_t  target, union rsbac_target_id_t  tid, enum rsbac_target_t *  parent_target_p, union rsbac_target_id_t *  parent_tid_p )

Definition at line 9805 of file aci_data_structures.c. References device_list_head, lookup_device(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTFOUND, rsbac_printk(), T_DIR, T_FIFO, T_FILE, and T_SYMLINK. Referenced by copy_fp_cap_set_item(), copy_fp_tru_set_item(), get_attr_fd(), rsbac_acl_get_rights(), and rsbac_acl_get_single_right(). { if(!parent_target_p || !parent_tid_p) return -RSBAC_EINVALIDPOINTER; /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_get_parent(): Getting file/dir/fifo/symlink parent for device %02u:%02u, inode %lu, dentry_p %p\n", RSBAC_MAJOR(tid.file.device),RSBAC_MINOR(tid.file.device), (u_long) tid.file.inode, tid.file.dentry_p); } #endif */ switch(target) { case T_FILE: case T_DIR: case T_FIFO: case T_SYMLINK: break; default: return -RSBAC_EINVALIDTARGET; } if(!tid.file.dentry_p) return -RSBAC_ENOTFOUND; *parent_target_p = T_DIR; /* Is this dentry root of a mounted device? */ if( tid.file.dentry_p->d_sb && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p) ) { struct rsbac_device_list_item_t * device_p; u_long dflags; /* wait for read access to device_list_head */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(tid.file.device); if( !device_p || !device_p->d_covers || !device_p->d_covers->d_parent || !device_p->d_covers->d_parent->d_inode ) { /* free access to device_list_head */ rsbac_read_unlock(&device_list_head.lock, &dflags); return -RSBAC_ENOTFOUND; } parent_tid_p->dir.device = device_p->d_covers->d_parent->d_sb->s_dev; parent_tid_p->dir.inode = device_p->d_covers->d_parent->d_inode->i_ino; parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent; /* free access to device_list_head */ rsbac_read_unlock(&device_list_head.lock, &dflags); } else { /* no root of filesystem -> use d_parent, dev keeps unchanged */ if(!tid.file.dentry_p->d_parent) { rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent is NULL!\n"); return -RSBAC_ENOTFOUND; } if(tid.file.dentry_p == tid.file.dentry_p->d_parent) { rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent == dentry_p!\n"); return -RSBAC_ENOTFOUND; } if(!tid.file.dentry_p->d_parent->d_inode) { rsbac_printk(KERN_WARNING "rsbac_get_parent(): oops - d_parent has no d_inode!\n"); return -RSBAC_ENOTFOUND; } parent_tid_p->dir.device = tid.file.device; parent_tid_p->dir.inode = tid.file.dentry_p->d_parent->d_inode->i_ino; parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent; } return 0; }

struct super_block* rsbac_get_super_block (  kdev_t  kdev  )

Definition at line 2071 of file aci_data_structures.c. References device_list_head, lookup_device(), NULL, rsbac_mount(), rsbac_printk(), rsbac_write_sem, and wakeup_auto(). Referenced by lookup_aci_path_dentry(), rsbac_acl_add_to_acl_entry(), rsbac_acl_get_mask(), rsbac_acl_get_rights(), rsbac_acl_get_single_right(), rsbac_acl_get_tlist(), rsbac_acl_remove_acl(), rsbac_acl_remove_acl_entry(), rsbac_acl_remove_from_acl_entry(), rsbac_acl_set_acl_entry(), rsbac_acl_set_mask(), rsbac_adf_request_int(), rsbac_adf_set_attr(), rsbac_auth_add_to_f_capset(), rsbac_auth_clear_f_capset(), rsbac_auth_copy_fp_capset(), rsbac_auth_get_f_caplist(), rsbac_auth_remove_from_f_capset(), rsbac_check_acl(), rsbac_mac_add_to_f_truset(), rsbac_mac_clear_f_truset(), rsbac_mac_copy_fp_truset(), rsbac_mac_get_f_trulist(), rsbac_mac_remove_from_f_truset(), and rsbac_write_open(). { struct rsbac_device_list_item_t * device_p; u_long dflags; struct super_block * sb_p; if(RSBAC_IS_AUTO_DEV(kdev)) return NULL; /* get super_block-pointer */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(kdev); if (!device_p) { rsbac_read_unlock(&device_list_head.lock, &dflags); down(&rsbac_write_sem); up(&rsbac_write_sem); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) sb_p = user_get_super(kdev); #else sb_p = get_super(kdev); #endif if(!sb_p) { /* Wait a second and retry */ DECLARE_WAIT_QUEUE_HEAD(auto_wait); struct timer_list auto_timer; rsbac_printk(KERN_INFO "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); init_timer(&auto_timer); auto_timer.function = wakeup_auto; auto_timer.data = (u_long) &auto_wait; auto_timer.expires = jiffies + HZ; add_timer(&auto_timer); interruptible_sleep_on(&auto_wait); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) sb_p = user_get_super(kdev); #else sb_p = get_super(kdev); #endif } if(sb_p) { device_p = lookup_device(kdev); if (!device_p) { rsbac_printk(KERN_INFO "rsbac_get_super_block(): auto-mounting device %02u:%02u\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); rsbac_mount(sb_p, NULL); } /* free super_block pointer */ drop_super(sb_p); rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(kdev); if (!device_p) { rsbac_printk(KERN_WARNING "rsbac_get_super_block(): unknown device %02u:%02u\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); rsbac_read_unlock(&device_list_head.lock, &dflags); return NULL; } } else { return NULL; } } sb_p = device_p->sb_p; rsbac_read_unlock(&device_list_head.lock, &dflags); return sb_p; }

int __init rsbac_init (  kdev_t  root_dev  )

Definition at line 7945 of file aci_data_structures.c. Referenced by rsbac_mount(). { int err = 0; #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \ || defined(CONFIG_RSBAC_INIT_THREAD) rsbac_pid_t rsbacd_pid; #endif if (rsbac_initialized) { rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n"); return(-RSBAC_EREINIT); } if (!current->fs) { rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n"); return(-RSBAC_EINVALIDPOINTER); } rsbac_root_dev = root_dev; #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \ || defined(CONFIG_RSBAC_INIT_THREAD) /* init the rsbacd wait queue head */ init_waitqueue_head(&rsbacd_wait); #endif #ifdef CONFIG_RSBAC_INIT_THREAD /* trigger dependency */ #ifdef CONFIG_RSBAC_MAX_INIT_TIME #endif rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n", RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ); init_timer(&rsbac_timer); rsbac_timer.function = wakeup_rsbacd; rsbac_timer.data = 0; rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ); add_timer(&rsbac_timer); /* Start rsbac thread for init */ rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0); rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n", rsbacd_pid); if(!rsbac_initialized) interruptible_sleep_on(&rsbacd_wait); if(!rsbac_initialized) { rsbac_printk(KERN_ERR "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n"); rsbac_printk(KERN_ERR "rsbac_init(): *** Killing rsbac_initd! ***\n"); sys_kill(rsbacd_pid, SIGKILL); rsbac_initialized = FALSE; } #else rsbac_do_init(); #endif #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0) if(rsbac_initialized) { /* Start rsbacd thread for auto write */ rsbacd_pid = kernel_thread(rsbacd, NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND); if(rsbacd_pid < 0) { rsbac_printk(KERN_ERR "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n", rsbacd_pid); } else { rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n", rsbacd_pid); } } #endif /* Ready. */ /* schedule(); */ #ifdef CONFIG_RSBAC_INIT_THREAD sys_wait4(-1, NULL, WNOHANG, NULL); #endif /* Add all processes to list of processes as init processes */ #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC) { #ifdef CONFIG_RSBAC_MAC struct rsbac_mac_user_aci_t mac_u_aci; #endif #ifdef CONFIG_RSBAC_RC struct rsbac_rc_user_aci_t rc_u_aci; struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI; #endif rsbac_uid_t user = RSBAC_SYSADM_UID; rsbac_pid_t pid = 1; struct task_struct * p; rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n"); /* Prepare entries: change standard values to root's values */ #ifdef CONFIG_RSBAC_MAC if(!rsbac_list_get_data(user_handles.mac, &user, &mac_u_aci)) { mac_init_p_aci.owner_sec_level = mac_u_aci.security_level; mac_init_p_aci.owner_initial_sec_level = mac_u_aci.initial_security_level; mac_init_p_aci.current_sec_level = mac_u_aci.initial_security_level; mac_init_p_aci.owner_min_sec_level = mac_u_aci.min_security_level; mac_init_p_aci.mac_owner_categories = mac_u_aci.mac_categories; mac_init_p_aci.mac_owner_initial_categories = mac_u_aci.mac_initial_categories; mac_init_p_aci.mac_curr_categories = mac_u_aci.mac_initial_categories; mac_init_p_aci.mac_owner_min_categories = mac_u_aci.mac_min_categories; mac_init_p_aci.min_write_open = mac_u_aci.security_level; mac_init_p_aci.max_read_open = mac_u_aci.min_security_level; mac_init_p_aci.min_write_categories = mac_u_aci.mac_categories; mac_init_p_aci.max_read_categories = mac_u_aci.mac_min_categories; mac_init_p_aci.mac_process_flags = (mac_u_aci.mac_user_flags & RSBAC_MAC_P_FLAGS) | RSBAC_MAC_DEF_INIT_P_FLAGS; } #endif /* Set process aci - first init */ #ifdef CONFIG_RSBAC_MAC if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process 1 could not be added!"); #endif #ifdef CONFIG_RSBAC_RC /* Get boot role */ if(rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role)) { /* none: use root's role */ if(!rsbac_list_get_data(user_handles.rc, &user, &rc_u_aci)) { rc_init_p_aci.rc_role = rc_u_aci.rc_role; } else { /* last resort: general role */ rsbac_ds_get_error("rsbac_do_init", A_rc_def_role); rc_init_p_aci.rc_role = RSBAC_RC_GENERAL_ROLE; } } rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role; if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_init_p_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Init process 1 could not be added!"); #endif read_lock(&tasklist_lock); #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) for_each_task(p) #else for_each_process(p) #endif { /* not for kernel and init though... */ if(!p->pid || (p->pid == 1)) continue; pid = p->pid; #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_do_init(): setting aci for process %u\n", pid); } #endif #ifdef CONFIG_RSBAC_MAC if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for Init process %u could not be added!", pid); #endif #ifdef CONFIG_RSBAC_RC if(!p->mm) { if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel process %u could not be added!", pid); } #endif } read_unlock(&tasklist_lock); } #endif /* MAC or RC */ rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n"); return(err); }

rsbac_boolean_t rsbac_is_initialized (  void   )

Definition at line 8138 of file aci_data_structures.c. References rsbac_initialized. Referenced by rsbac_acl_add_to_acl_entry(), rsbac_acl_get_mask(), rsbac_acl_get_rights(), rsbac_acl_get_single_right(), rsbac_acl_get_tlist(), rsbac_acl_remove_acl(), rsbac_acl_remove_acl_entry(), rsbac_acl_remove_from_acl_entry(), rsbac_acl_set_acl_entry(), rsbac_acl_set_mask(), rsbac_adf_request_int(), rsbac_adf_set_attr(), rsbac_auth_add_to_f_capset(), rsbac_auth_add_to_p_capset(), rsbac_auth_clear_f_capset(), rsbac_auth_clear_p_capset(), rsbac_auth_copy_fp_capset(), rsbac_auth_copy_pp_capset(), rsbac_auth_get_f_caplist(), rsbac_auth_get_p_caplist(), rsbac_auth_p_capset_member(), rsbac_auth_remove_from_f_capset(), rsbac_auth_remove_from_p_capset(), rsbac_check_acl(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_daz(), rsbac_init_mac(), rsbac_init_pm(), rsbac_init_rc(), rsbac_init_um(), rsbac_mac_add_to_f_truset(), rsbac_mac_add_to_p_truset(), rsbac_mac_clear_f_truset(), rsbac_mac_clear_p_truset(), rsbac_mac_copy_fp_truset(), rsbac_mac_copy_pp_truset(), rsbac_mac_get_f_trulist(), rsbac_mac_get_p_trulist(), rsbac_mac_p_truset_member(), rsbac_mac_remove_from_f_truset(), rsbac_mac_remove_from_p_truset(), rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_pm(), rsbac_pm_change_current_task(), rsbac_rc_check_comp(), rsbac_rc_copy_role(), rsbac_rc_copy_type(), rsbac_rc_get_item(), rsbac_rc_get_list(), rsbac_rc_set_item(), rsbac_reg_init(), rsbac_stats_acl(), rsbac_stats_auth(), rsbac_stats_mac(), rsbac_stats_pm(), rsbac_stats_rc(), rsbac_stats_um(), rsbac_um_add_gm(), rsbac_um_add_group(), rsbac_um_add_user(), rsbac_um_get_group_item(), rsbac_um_get_user_item(), rsbac_um_mod_group(), rsbac_um_mod_user(), rsbac_um_remove_gm(), rsbac_umount_acl(), rsbac_umount_auth(), and rsbac_umount_mac(). { return rsbac_initialized; }

int rsbac_kthread_notify (  rsbac_pid_t  pid  )

Definition at line 8143 of file aci_data_structures.c. References process_handles, rsbac_initialized, rsbac_list_add(), and rsbac_printk(). { if (!rsbac_initialized) return 0; /* Set process aci */ #ifdef CONFIG_RSBAC_MAC if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for kernel process %u could not be added!", pid); #endif #ifdef CONFIG_RSBAC_RC if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci)) rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for kernel process %u could not be added!", pid); #endif return 0; }

int rsbac_mount (  struct super_block *  sb_p, struct dentry *  d_covers )

Definition at line 8165 of file aci_data_structures.c. References add_device_item(), clear_device_item(), create_device_item(), device_list_head, get_error_name(), lookup_device(), NULL, register_fd_lists(), rsbac_debug_no_write, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_init(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_mount(), RSBAC_MAXNAMELEN, rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_mount_reg(), rsbac_printk(), rsbac_root_dev, rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE. Referenced by get_attr_fd(), rsbac_aef_sb_post_addmount(), rsbac_aef_sb_umount_busy(), rsbac_do_init(), rsbac_get_super_block(), rsbac_ta_remove_target(), and set_attr_fd(). { int err = 0; struct rsbac_device_list_item_t * device_p; struct rsbac_device_list_item_t * new_device_p; u_long flags; rsbac_boolean_t old_no_write; if(!sb_p) { rsbac_printk(KERN_WARNING "rsbac_mount(): called with NULL pointer\n"); return -RSBAC_EINVALIDPOINTER; } if (!rsbac_initialized) { #ifdef CONFIG_RSBAC_INIT_DELAY #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) if( !RSBAC_MAJOR(rsbac_delayed_root) && !RSBAC_MINOR(rsbac_delayed_root) && rsbac_delayed_root_str[0] ) { /* translate string to kdev_t */ char * p = rsbac_delayed_root_str; u_int major = 0; u_int minor = 0; major = simple_strtoul(p, NULL, 0); while((*p != ':') && (*p != '\0')) p++; if(*p) { p++; minor = simple_strtoul(p, NULL, 0); } rsbac_delayed_root = RSBAC_MKDEV(major,minor); } #endif if( !rsbac_no_delay_init && ( ( !RSBAC_MAJOR(rsbac_delayed_root) && !RSBAC_MINOR(rsbac_delayed_root) && (MAJOR(sb_p->s_dev) > 1) ) || ( ( RSBAC_MAJOR(rsbac_delayed_root) || RSBAC_MINOR(rsbac_delayed_root) ) && ( (MAJOR(sb_p->s_dev) == RSBAC_MAJOR(rsbac_delayed_root)) && ( !RSBAC_MINOR(rsbac_delayed_root) || (MINOR(sb_p->s_dev) == RSBAC_MINOR(rsbac_delayed_root)) ) ) ) ) ) { if(RSBAC_MAJOR(rsbac_delayed_root) || RSBAC_MINOR(rsbac_delayed_root)) { rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root)); } else { rsbac_printk(KERN_INFO "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); } rsbac_init(sb_p->s_dev); return 0; } #endif rsbac_printk(KERN_WARNING "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) if( (sb_p->s_magic == SYSFS_MAGIC) && !RSBAC_MAJOR(sb_p->s_dev) ) { rsbac_printk(KERN_WARNING "rsbac_mount(): sysfs mount detected, keeping values for later use\n"); sysfs_sb_p = sb_p; sysfs_covered_p = d_covers; } #endif #ifdef CONFIG_DEVFS_MOUNT if( (sb_p->s_magic == DEVFS_SUPER_MAGIC) && !RSBAC_MAJOR(sb_p->s_dev) ) { rsbac_printk(KERN_WARNING "rsbac_mount(): devfs mount detected, keeping values for later use\n"); devfs_sb_p = sb_p; devfs_covered_p = d_covers; } #endif return(-RSBAC_ENOTINITIALIZED); } #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_mount(): mounting device %02u:%02u\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); } if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_mount: free stack: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif down(&rsbac_write_sem); old_no_write = rsbac_debug_no_write; rsbac_debug_no_write = TRUE; up(&rsbac_write_sem); /* wait for read access to device_list_head */ rsbac_read_lock(&device_list_head.lock, &flags); device_p = lookup_device(sb_p->s_dev); /* repeated mount? */ if(device_p) { rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n", device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); device_p->mount_count++; if( d_covers && !device_p->d_covers && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev)) && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev)) ) { rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n", d_covers); device_p->d_covers = d_covers; } rsbac_read_unlock(&device_list_head.lock, &flags); } else { rsbac_read_unlock(&device_list_head.lock, &flags); /* OK, go on */ new_device_p = create_device_item(sb_p, d_covers); #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_mount: after creating device item: free stack: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif if(!new_device_p) { rsbac_debug_no_write = old_no_write; return -RSBAC_ECOULDNOTADDDEVICE; } rsbac_read_lock(&device_list_head.lock, &flags); /* make sure to only add, if this device item has not been added in the meantime */ device_p = lookup_device(sb_p->s_dev); if(device_p) { rsbac_printk(KERN_WARNING "rsbac_mount(): mount race for device %02u:%02u detected!\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); device_p->mount_count++; rsbac_read_unlock(&device_list_head.lock, &flags); clear_device_item(new_device_p); } else { rsbac_read_unlock(&device_list_head.lock, &flags); rsbac_write_lock(&device_list_head.lock, &flags); device_p = add_device_item(new_device_p); rsbac_write_unlock(&device_list_head.lock, &flags); if(!device_p) { rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); clear_device_item(new_device_p); rsbac_debug_no_write = old_no_write; return -RSBAC_ECOULDNOTADDDEVICE; } } /* Generic lists */ rsbac_list_mount(sb_p->s_dev); /* we do not lock device head - we know the device_p and hope for the best... */ /* also, we are within kernel mount sem */ if((err = register_fd_lists(new_device_p, sb_p->s_dev))) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), get_error_name(tmp,err)); rsbac_kfree(tmp); } } #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_mount: after registering fd lists: free stack: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif } /* call other mount functions */ /****** MAC *******/ #if defined(CONFIG_RSBAC_MAC) rsbac_mount_mac(sb_p->s_dev); #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_mac: free stack: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif #endif /****** AUTH *******/ #if defined(CONFIG_RSBAC_AUTH) rsbac_mount_auth(sb_p->s_dev); #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_auth: free stack: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif #endif /****** ACL *******/ #if defined(CONFIG_RSBAC_ACL) rsbac_mount_acl(sb_p->s_dev); #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_acl: free stack: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif #endif /****** REG *******/ #if defined(CONFIG_RSBAC_REG) rsbac_mount_reg(sb_p->s_dev); #ifdef CONFIG_RSBAC_DEBUG if(rsbac_debug_stack) { unsigned long * n = (unsigned long *) (current+1); while (!*n) n++; rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_reg: free stack: %lu\n", (unsigned long) n - (unsigned long)(current+1)); } #endif #endif /* REG */ rsbac_debug_no_write = old_no_write; return(err); }

void rsbac_read_close (  struct file *  file_p  )

Definition at line 2642 of file aci_data_structures.c. References NULL. Referenced by read_info(), read_list(), read_lol_list(), and rsbac_write_close(). { /* cleanup copied from __fput */ struct dentry * dentry = file_p->f_dentry; struct inode * inode = dentry->d_inode; if (file_p->f_op && file_p->f_op->release) file_p->f_op->release(inode, file_p); file_p->f_dentry = NULL; if (file_p->f_mode & FMODE_WRITE) put_write_access(inode); dput(dentry); }

int rsbac_read_open (  char *  name, struct file *  file_p, kdev_t  kdev )

Definition at line 2150 of file aci_data_structures.c. References FALSE, init_private_file(), lookup_aci_path_dentry(), NULL, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_ENOTFOUND, RSBAC_EREADFAILED, rsbac_kfree(), rsbac_kmalloc(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, and rsbac_printk(). Referenced by read_info(), read_list(), and read_lol_list(). { struct dentry * dir_dentry_p; struct dentry * file_dentry_p; int tmperr, err; if(!name || !file_p) { #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_read_open(): called with NULL pointer!"); } #endif return(-RSBAC_EINVALIDPOINTER); } /* lookup dentry of ACI_PATH on root device, lock is released there */ if ((err=lookup_aci_path_dentry(NULL, &dir_dentry_p, FALSE, kdev))) { return(err); } /* open file for reading - this must be done 'by hand', because */ /* standard system calls are now extended by rsbac decision calls. */ file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name)); if (!file_dentry_p || IS_ERR (file_dentry_p)) { /* error in lookup */ return(-RSBAC_EREADFAILED); } if (!file_dentry_p->d_inode) { /* file not found: trying backup */ char * bname; int name_len = strlen(name); dput(file_dentry_p); bname = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(!bname) { return -RSBAC_ENOMEM; } strcpy(bname,name); bname[name_len] = 'b'; name_len++; bname[name_len] = (char) 0; #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup file %s, trying backup %s\n", name,bname); } #endif file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname)); rsbac_kfree(bname); if (!file_dentry_p || IS_ERR (file_dentry_p)) { /* error in lookup */ return(-RSBAC_EREADFAILED); } if (!file_dentry_p->d_inode) { /* backup file also not found: return error */ #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup backup file %sb\n", name); } #endif dput(file_dentry_p); return(-RSBAC_ENOTFOUND); } } if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) ) { /* this is not a file! -> error! */ rsbac_printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n"); dput(file_dentry_p); return(-RSBAC_EREADFAILED); } /* Now we fill the file structure and */ /* if there is an open func for this file, use it, otherwise ignore */ if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY))) { dput(file_dentry_p); rsbac_printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n", name); return -RSBAC_EREADFAILED; } /* if there is no read func, we get a problem -> error */ if ((!file_p->f_op) || (!file_p->f_op->read)) { if (!file_p->f_op) { rsbac_printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n", name); } else { rsbac_printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n", name); if (file_p->f_op->release) file_p->f_op->release(file_dentry_p->d_inode, file_p); } dput(file_dentry_p); return -RSBAC_EREADFAILED; } return 0; } /* end of rsbac_read_open_device_p */

int rsbac_stats (  void   )

Definition at line 8618 of file aci_data_structures.c. References dev_handles, dev_major_handles, device_list_head, ipc_handles, process_handles, rsbac_adf_request_count, rsbac_adf_set_attr_count, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_count(), rsbac_printk(), rsbac_stats_acl(), rsbac_stats_auth(), rsbac_stats_pm(), rsbac_stats_rc(), T_DEV, T_DIR, T_FIFO, T_FILE, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SCD, T_SYMLINK, T_USER, and user_handles. Referenced by sys_rsbac_stats(). { struct rsbac_device_list_item_t * device_p; int i; u_long fd_count = 0, fd_sum = 0; u_long dev_sum = 0; u_long ipc_sum = 0; u_long user_sum = 0; u_long process_sum = 0; #if defined(CONFIG_RSBAC_UM) u_long group_sum = 0; #endif #if defined(CONFIG_RSBAC_NET_OBJ) u_long nettemp_sum = 0; u_long lnetobj_sum = 0; u_long rnetobj_sum = 0; #endif u_long total_sum = 0; long tmp_count; u_long dflags; if (!rsbac_initialized) { rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } /* wait for read access to device_list_head */ rsbac_read_lock(&device_list_head.lock, &dflags); /* OK, go on */ /* rsbac_printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n", device_list_head.lock.lock); */ device_p = device_list_head.head; while (device_p) { /* for all sublists */ fd_count = 0; for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++) { tmp_count = rsbac_list_count(device_p->handles.gen[i]); if(tmp_count > 0) fd_count+=tmp_count; } rsbac_printk(KERN_INFO "Device %02u:%02u fd_items: %lu GEN", RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count); fd_sum += fd_count; #if defined(CONFIG_RSBAC_MAC) fd_count = 0; for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++) { tmp_count = rsbac_list_count(device_p->handles.mac[i]); if(tmp_count > 0) fd_count+=tmp_count; } rsbac_printk(", %lu MAC", fd_count); fd_sum += fd_count; #endif #if defined(CONFIG_RSBAC_PM) fd_count = 0; for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++) { tmp_count = rsbac_list_count(device_p->handles.pm[i]); if(tmp_count > 0) fd_count+=tmp_count; } rsbac_printk(", %lu PM", fd_count); fd_sum += fd_count; #endif #if defined(CONFIG_RSBAC_DAZ) fd_count = 0; for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++) { tmp_count = rsbac_list_count(device_p->handles.daz[i]); if(tmp_count > 0) fd_count+=tmp_count; } rsbac_printk(", %lu DAZ", fd_count); fd_sum += fd_count; #if defined(CONFIG_RSBAC_DAZ_CACHE) fd_count = 0; for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++) { tmp_count = rsbac_list_count(device_p->handles.dazs[i]); if(tmp_count > 0) fd_count+=tmp_count; } rsbac_printk(", %lu DAZ_SCANNED", fd_count); fd_sum += fd_count; #endif #endif #if defined(CONFIG_RSBAC_FF) fd_count = 0; for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++) { tmp_count = rsbac_list_count(device_p->handles.ff[i]); if(tmp_count > 0) fd_count+=tmp_count; } rsbac_printk(", %lu FF", fd_count); fd_sum += fd_count; #endif #if defined(CONFIG_RSBAC_RC) fd_count = 0; for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++) { tmp_count = rsbac_list_count(device_p->handles.rc[i]); if(tmp_count > 0) fd_count+=tmp_count; } rsbac_printk(", %lu RC", fd_count); fd_sum += fd_count; #endif #if defined(CONFIG_RSBAC_AUTH) fd_count = 0; for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++) { tmp_count = rsbac_list_count(device_p->handles.auth[i]); if(tmp_count > 0) fd_count+=tmp_count; } rsbac_printk(", %lu AUTH", fd_count); fd_sum += fd_count; #endif #if defined(CONFIG_RSBAC_CAP) fd_count = 0; for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++) { tmp_count = rsbac_list_count(device_p->handles.cap[i]); if(tmp_count > 0) fd_count+=tmp_count; } rsbac_printk(", %lu CAP", fd_count); fd_sum += fd_count; #endif #if defined(CONFIG_RSBAC_RES) fd_count = 0; for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++) { tmp_count = rsbac_list_count(device_p->handles.res[i]); if(tmp_count > 0) fd_count+=tmp_count; } rsbac_printk(", %lu RES", fd_count); fd_sum += fd_count; #endif #if defined(CONFIG_RSBAC_PAX) fd_count = 0; for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++) { tmp_count = rsbac_list_count(device_p->handles.pax[i]); if(tmp_count > 0) fd_count+=tmp_count; } rsbac_printk(", %lu PAX", fd_count); fd_sum += fd_count; #endif rsbac_printk("\n"); device_p = device_p->next; } rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n", device_list_head.count, fd_sum); /* free access to device_list_head */ rsbac_read_unlock(&device_list_head.lock, &dflags); total_sum += fd_sum; /* dev lists */ tmp_count = rsbac_list_count(dev_handles.gen); rsbac_printk(KERN_INFO "DEV items: %lu GEN", tmp_count); dev_sum += tmp_count; #if defined(CONFIG_RSBAC_MAC) tmp_count = rsbac_list_count(dev_handles.mac); rsbac_printk(", %lu MAC", tmp_count); dev_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_PM) tmp_count = rsbac_list_count(dev_handles.pm); rsbac_printk(", %lu PM", tmp_count); dev_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_RC) tmp_count = rsbac_list_count(dev_major_handles.rc); rsbac_printk(", %lu major RC", tmp_count); dev_sum += tmp_count; tmp_count = rsbac_list_count(dev_handles.rc); rsbac_printk(", %lu RC", tmp_count); dev_sum += tmp_count; #endif rsbac_printk("\n"); rsbac_printk(KERN_INFO "Sum of %lu DEV items\n", dev_sum); total_sum += dev_sum; /* ipc lists */ rsbac_printk(KERN_INFO "IPC items: no GEN"); #if defined(CONFIG_RSBAC_MAC) tmp_count = rsbac_list_count(ipc_handles.mac); rsbac_printk(", %lu MAC", tmp_count); ipc_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_PM) tmp_count = rsbac_list_count(ipc_handles.pm); rsbac_printk(", %lu PM", tmp_count); ipc_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_RC) tmp_count = rsbac_list_count(ipc_handles.rc); rsbac_printk(", %lu RC", tmp_count); ipc_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_JAIL) tmp_count = rsbac_list_count(ipc_handles.jail); rsbac_printk(", %lu JAIL", tmp_count); ipc_sum += tmp_count; #endif rsbac_printk("\n"); rsbac_printk(KERN_INFO "Sum of %lu IPC items\n", ipc_sum); total_sum += ipc_sum; /* user lists */ tmp_count = rsbac_list_count(user_handles.gen); rsbac_printk(KERN_INFO "USER items: %lu GEN", tmp_count); user_sum += tmp_count; #if defined(CONFIG_RSBAC_MAC) tmp_count = rsbac_list_count(user_handles.mac); rsbac_printk(", %lu MAC", tmp_count); user_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_PM) tmp_count = rsbac_list_count(user_handles.pm); rsbac_printk(", %lu PM", tmp_count); user_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_DAZ) tmp_count = rsbac_list_count(user_handles.daz); rsbac_printk(", %lu DAZ", tmp_count); user_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_RC) tmp_count = rsbac_list_count(user_handles.rc); rsbac_printk(", %lu RC", tmp_count); user_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_AUTH) tmp_count = rsbac_list_count(user_handles.auth); rsbac_printk(", %lu AUTH", tmp_count); user_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_CAP) tmp_count = rsbac_list_count(user_handles.cap); rsbac_printk(", %lu CAP", tmp_count); user_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_JAIL) tmp_count = rsbac_list_count(user_handles.jail); rsbac_printk(", %lu JAIL", tmp_count); user_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_RES) tmp_count = rsbac_list_count(user_handles.res); rsbac_printk(", %lu RES", tmp_count); user_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_PAX) tmp_count = rsbac_list_count(user_handles.pax); rsbac_printk(", %lu PAX", tmp_count); user_sum += tmp_count; #endif rsbac_printk("\n"); rsbac_printk(KERN_INFO "Sum of %lu USER items\n", user_sum); total_sum += user_sum; /* process lists */ tmp_count = 0; for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++) tmp_count += rsbac_list_count(process_handles.gen[i]); rsbac_printk(KERN_INFO "PROCESS items: %lu GEN", tmp_count); process_sum += tmp_count; #if defined(CONFIG_RSBAC_MAC) tmp_count = 0; for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++) tmp_count += rsbac_list_count(process_handles.mac[i]); rsbac_printk(", %lu MAC", tmp_count); process_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_PM) tmp_count = rsbac_list_count(process_handles.pm); rsbac_printk(", %lu PM", tmp_count); process_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_DAZ) tmp_count = rsbac_list_count(process_handles.daz); rsbac_printk(", %lu DAZ", tmp_count); process_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_RC) tmp_count = 0; for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++) tmp_count += rsbac_list_count(process_handles.rc[i]); rsbac_printk(", %lu RC", tmp_count); process_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_AUTH) tmp_count = rsbac_list_count(process_handles.auth); rsbac_printk(", %lu AUTH", tmp_count); process_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_CAP) tmp_count = rsbac_list_count(process_handles.cap); rsbac_printk(", %lu CAP", tmp_count); process_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_JAIL) tmp_count = 0; for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++) tmp_count += rsbac_list_count(process_handles.jail[i]); rsbac_printk(", %lu JAIL", tmp_count); process_sum += tmp_count; #endif rsbac_printk("\n"); rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n", process_sum); total_sum += process_sum; #if defined(CONFIG_RSBAC_UM) /* group lists */ rsbac_printk(KERN_INFO "GROUP items: "); #if defined(CONFIG_RSBAC_RC_UM_PROT) tmp_count = rsbac_list_count(group_handles.rc); rsbac_printk("%lu RC", tmp_count); user_sum += tmp_count; #endif rsbac_printk("\n"); rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n", group_sum); total_sum += group_sum; #endif #if defined(CONFIG_RSBAC_NET_OBJ) /* nettemp lists */ rsbac_printk(KERN_INFO "NETTEMP items: "); #if defined(CONFIG_RSBAC_MAC) tmp_count = rsbac_list_count(nettemp_handles.mac); rsbac_printk("%lu MAC, ", tmp_count); nettemp_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_PM) tmp_count = rsbac_list_count(nettemp_handles.pm); rsbac_printk("%lu PM, ", tmp_count); nettemp_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_RC) tmp_count = rsbac_list_count(nettemp_handles.rc); rsbac_printk("%lu RC, ", tmp_count); nettemp_sum += tmp_count; #endif rsbac_printk("\n"); rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n", nettemp_sum); total_sum += nettemp_sum; /* local netobj lists */ rsbac_printk(KERN_INFO "Local NETOBJ items:"); #if defined(CONFIG_RSBAC_MAC) tmp_count = rsbac_list_count(lnetobj_handles.mac); rsbac_printk(" %lu MAC,", tmp_count); lnetobj_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_PM) tmp_count = rsbac_list_count(lnetobj_handles.pm); rsbac_printk(" %lu PM,", tmp_count); lnetobj_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_RC) tmp_count = rsbac_list_count(lnetobj_handles.rc); rsbac_printk(" %lu RC", tmp_count); lnetobj_sum += tmp_count; #endif rsbac_printk("\n"); rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n", lnetobj_sum); total_sum += lnetobj_sum; /* remote netobj lists */ rsbac_printk(KERN_INFO "Remote NETOBJ items:"); #if defined(CONFIG_RSBAC_MAC) tmp_count = rsbac_list_count(rnetobj_handles.mac); rsbac_printk(" %lu MAC,", tmp_count); rnetobj_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_PM) tmp_count = rsbac_list_count(rnetobj_handles.pm); rsbac_printk(" %lu PM,", tmp_count); rnetobj_sum += tmp_count; #endif #if defined(CONFIG_RSBAC_RC) tmp_count = rsbac_list_count(rnetobj_handles.rc); rsbac_printk(" %lu RC", tmp_count); rnetobj_sum += tmp_count; #endif rsbac_printk("\n"); rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n", rnetobj_sum); total_sum += rnetobj_sum; #endif /* NET_OBJ */ rsbac_printk(KERN_INFO "Total of %lu registered rsbac-items\n", total_sum); rsbac_printk(KERN_INFO "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", rsbac_adf_request_count[T_FILE], rsbac_adf_request_count[T_DIR], rsbac_adf_request_count[T_FIFO], rsbac_adf_request_count[T_SYMLINK], rsbac_adf_request_count[T_DEV], rsbac_adf_request_count[T_IPC], rsbac_adf_request_count[T_SCD], rsbac_adf_request_count[T_USER], rsbac_adf_request_count[T_PROCESS], rsbac_adf_request_count[T_NETDEV], rsbac_adf_request_count[T_NETTEMP], rsbac_adf_request_count[T_NETOBJ]); rsbac_printk(KERN_INFO "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", rsbac_adf_set_attr_count[T_FILE], rsbac_adf_set_attr_count[T_DIR], rsbac_adf_set_attr_count[T_FIFO], rsbac_adf_set_attr_count[T_SYMLINK], rsbac_adf_set_attr_count[T_DEV], rsbac_adf_set_attr_count[T_IPC], rsbac_adf_set_attr_count[T_SCD], rsbac_adf_set_attr_count[T_USER], rsbac_adf_set_attr_count[T_PROCESS], rsbac_adf_set_attr_count[T_NETDEV], rsbac_adf_set_attr_count[T_NETTEMP], rsbac_adf_set_attr_count[T_NETOBJ]); #if defined(CONFIG_RSBAC_PM) rsbac_stats_pm(); #endif #if defined(CONFIG_RSBAC_RC) rsbac_stats_rc(); #endif #if defined(CONFIG_RSBAC_AUTH) rsbac_stats_auth(); #endif #if defined(CONFIG_RSBAC_ACL) rsbac_stats_acl(); #endif return(0); }

int rsbac_ta_get_attr (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, union rsbac_target_id_t  tid, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t *  value, rsbac_boolean_t  inherit )

Definition at line 12027 of file aci_data_structures.c. References rsbac_target_id_t::dev, get_attr_dev(), get_attr_fd(), get_attr_ipc(), get_attr_process(), get_attr_user(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, and T_USER. Referenced by rsbac_pm(), sys_rsbac_get_attr(), and sys_rsbac_get_attr_n(). { int err = 0; if (!rsbac_initialized) { rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (!value) return(-RSBAC_EINVALIDPOINTER); if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n"); } #ifdef CONFIG_RSBAC_XSTATS get_attr_count[target]++; #endif switch (target) { case T_FILE: case T_DIR: case T_FIFO: case T_SYMLINK: return get_attr_fd(ta_number, module, target, &tid, attr, value, inherit); case T_DEV: return get_attr_dev(ta_number, module, target, tid.dev, attr, value, inherit); case T_IPC: return get_attr_ipc(ta_number, module, target, &tid, attr, value, inherit); case T_USER: return get_attr_user(ta_number, module, target, &tid, attr, value, inherit); case T_PROCESS: return get_attr_process(ta_number, module, target, &tid, attr, value, inherit); #ifdef CONFIG_RSBAC_UM case T_GROUP: return get_attr_group(ta_number, module, target, &tid, attr, value, inherit); #endif /* CONFIG_RSBAC_UM */ #ifdef CONFIG_RSBAC_NET_DEV case T_NETDEV: return get_attr_netdev(ta_number, module, target, &tid, attr, value, inherit); #endif #ifdef CONFIG_RSBAC_NET_OBJ case T_NETTEMP: return get_attr_nettemp(ta_number, module, target, &tid, attr, value, inherit); case T_NETOBJ: return get_attr_netobj(ta_number, module, target, &tid, attr, value, inherit); #endif /* NET_OBJ */ /* switch target: no valid target */ default: return -RSBAC_EINVALIDTARGET; } return err; } /* end of rsbac_get_attr() */

int rsbac_ta_list_all_dev (  rsbac_list_ta_number_t  ta_number, struct rsbac_dev_desc_t **  id_pp )

Definition at line 14758 of file aci_data_structures.c. References D_block, D_block_major, dev_handles, dev_major_handles, NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_exist(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc. Referenced by sys_rsbac_list_all_dev(). { int count=0; int tmp_count; tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen); if(tmp_count > 0) count += tmp_count; #if defined(CONFIG_RSBAC_MAC) tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac); if(tmp_count > 0) count += tmp_count; #endif #if defined(CONFIG_RSBAC_PM) tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm); if(tmp_count > 0) count += tmp_count; #endif #if defined(CONFIG_RSBAC_RC) tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc); if(tmp_count > 0) count += tmp_count; tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc); if(tmp_count > 0) count += tmp_count; #endif if(id_pp) { struct rsbac_dev_desc_t * i_id_p = NULL; char * pos = NULL; #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC) u_int i; #endif if(count > 0) { int i_count = 0; i_count = count + 20; /* max value to expect */ *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); if(!*id_pp) return -RSBAC_ENOMEM; pos = (char *) *id_pp; tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.gen, (void **) &i_id_p); if(tmp_count > 0) { if(tmp_count > i_count) tmp_count = i_count; memcpy(pos, i_id_p, tmp_count * sizeof(*i_id_p)); rsbac_vfree(i_id_p); count = tmp_count; i_count -= tmp_count; pos += tmp_count * sizeof(*i_id_p); } else count = 0; #if defined(CONFIG_RSBAC_MAC) if(i_count) { tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.mac, (void **) &i_id_p); if(tmp_count > 0) { if(tmp_count > i_count) tmp_count = i_count; for(i=0; i< tmp_count; i++) { if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i])) { memcpy(pos, &i_id_p[i], sizeof(*i_id_p)); pos += sizeof(*i_id_p); count++; i_count--; } } rsbac_vfree(i_id_p); } } #endif #if defined(CONFIG_RSBAC_PM) if(i_count) { tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.mac, (void **) &i_id_p); if(tmp_count > 0) { if(tmp_count > i_count) tmp_count = i_count; for(i=0; i< tmp_count; i++) { if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i])) #if defined(CONFIG_RSBAC_MAC) if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i])) #endif { memcpy(pos, &i_id_p[i], sizeof(*i_id_p)); pos += sizeof(*i_id_p); count++; i_count--; } } rsbac_vfree(i_id_p); } } #endif #if defined(CONFIG_RSBAC_RC) if(i_count) { tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_major_handles.rc, (void **) &i_id_p); if(tmp_count > 0) { if(tmp_count > i_count) tmp_count = i_count; for(i=0; i< tmp_count; i++) { i_id_p[i].type += (D_block_major - D_block); memcpy(pos, &i_id_p[i], sizeof(*i_id_p)); pos += sizeof(*i_id_p); count++; i_count--; } rsbac_vfree(i_id_p); } } if(i_count) { tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.rc, (void **) &i_id_p); if(tmp_count > 0) { if(tmp_count > i_count) tmp_count = i_count; for(i=0; i< tmp_count; i++) { if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i])) #if defined(CONFIG_RSBAC_MAC) if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i])) #endif #if defined(CONFIG_RSBAC_PM) if(!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i])) #endif { memcpy(pos, &i_id_p[i], sizeof(*i_id_p)); pos += sizeof(*i_id_p); count++; i_count--; } } rsbac_vfree(i_id_p); } } #endif if(!count) rsbac_vfree(*id_pp); } } return count; }

int rsbac_ta_list_all_group (  rsbac_list_ta_number_t  ta_number, rsbac_gid_t **  id_pp )

Definition at line 15083 of file aci_data_structures.c. References NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc. Referenced by sys_rsbac_list_all_group(). { #if defined(CONFIG_RSBAC_RC_UM_PROT) int count=0; int tmp_count; tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc); if(tmp_count > 0) count += tmp_count; if(id_pp) { if(count > 0) { int i_count; rsbac_gid_t * i_id_p = NULL; i_count = count + 20; /* max value to expect */ *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); if(!*id_pp) return -RSBAC_ENOMEM; tmp_count = rsbac_ta_list_get_all_desc(ta_number, group_handles.rc, (void **) &i_id_p); if(tmp_count > 0) { if(tmp_count > i_count) tmp_count = i_count; memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p)); rsbac_vfree(i_id_p); count = tmp_count; i_count -= tmp_count; } else count = 0; if(!count) rsbac_vfree(*id_pp); } } return count; #else return 0; #endif }

int rsbac_ta_list_all_user (  rsbac_list_ta_number_t  ta_number, rsbac_uid_t **  id_pp )

Definition at line 14963 of file aci_data_structures.c. References copy_new_uids(), NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, rsbac_vmalloc, and user_handles. Referenced by sys_rsbac_list_all_user(). { int count=0; int tmp_count; tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen); if(tmp_count > 0) count += tmp_count; #if defined(CONFIG_RSBAC_MAC) tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac); if(tmp_count > 0) count += tmp_count; #endif #if defined(CONFIG_RSBAC_PM) tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm); if(tmp_count > 0) count += tmp_count; #endif #if defined(CONFIG_RSBAC_DAZ) tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz); if(tmp_count > 0) count += tmp_count; #endif #if defined(CONFIG_RSBAC_FF) tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff); if(tmp_count > 0) count += tmp_count; #endif #if defined(CONFIG_RSBAC_RC) tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc); if(tmp_count > 0) count += tmp_count; #endif #if defined(CONFIG_RSBAC_AUTH) tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth); if(tmp_count > 0) count += tmp_count; #endif #if defined(CONFIG_RSBAC_CAP) tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap); if(tmp_count > 0) count += tmp_count; #endif #if defined(CONFIG_RSBAC_JAIL) tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail); if(tmp_count > 0) count += tmp_count; #endif #if defined(CONFIG_RSBAC_PAX) tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax); if(tmp_count > 0) count += tmp_count; #endif #if defined(CONFIG_RSBAC_RES) tmp_count = rsbac_ta_list_count(ta_number, user_handles.res); if(tmp_count > 0) count += tmp_count; #endif if(id_pp) { if(count > 0) { int i_count; rsbac_uid_t * i_id_p = NULL; i_count = count + 20; /* max value to expect */ *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); if(!*id_pp) return -RSBAC_ENOMEM; tmp_count = rsbac_ta_list_get_all_desc(ta_number, user_handles.gen, (void **) &i_id_p); if(tmp_count > 0) { if(tmp_count > i_count) tmp_count = i_count; memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p)); rsbac_vfree(i_id_p); count = tmp_count; i_count -= tmp_count; } else count = 0; #if defined(CONFIG_RSBAC_MAC) copy_new_uids(user_handles.mac, ta_number, &count, &i_count, *id_pp); #endif #if defined(CONFIG_RSBAC_PM) copy_new_uids(user_handles.pm, ta_number, &count, &i_count, *id_pp); #endif #if defined(CONFIG_RSBAC_DAZ) copy_new_uids(user_handles.daz, ta_number, &count, &i_count, *id_pp); #endif #if defined(CONFIG_RSBAC_FF) copy_new_uids(user_handles.ff, ta_number, &count, &i_count, *id_pp); #endif #if defined(CONFIG_RSBAC_RC) copy_new_uids(user_handles.rc, ta_number, &count, &i_count, *id_pp); #endif #if defined(CONFIG_RSBAC_AUTH) copy_new_uids(user_handles.auth, ta_number, &count, &i_count, *id_pp); #endif #if defined(CONFIG_RSBAC_CAP) copy_new_uids(user_handles.cap, ta_number, &count, &i_count, *id_pp); #endif #if defined(CONFIG_RSBAC_JAIL) copy_new_uids(user_handles.jail, ta_number, &count, &i_count, *id_pp); #endif #if defined(CONFIG_RSBAC_PAX) copy_new_uids(user_handles.pax, ta_number, &count, &i_count, *id_pp); #endif #if defined(CONFIG_RSBAC_RES) copy_new_uids(user_handles.res, ta_number, &count, &i_count, *id_pp); #endif if(!count) rsbac_vfree(*id_pp); } } return count; }

int rsbac_ta_remove_target (  rsbac_list_ta_number_t  ta_number, enum rsbac_target_t  target, union rsbac_target_id_t  tid )

Definition at line 14322 of file aci_data_structures.c. References D_char, rsbac_target_id_t::dev, dev_handles, device_list_head, gen_fd_hash(), gen_p_hash(), rsbac_target_id_t::group, rsbac_target_id_t::ipc, ipc_handles, lookup_device(), rsbac_target_id_t::netdev, rsbac_target_id_t::netobj, rsbac_target_id_t::nettemp, NULL, rsbac_target_id_t::process, process_handles, rsbac_acl_remove_acl(), rsbac_auth_remove_f_capsets(), rsbac_auth_remove_p_capsets(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_mac_remove_f_trusets(), rsbac_mac_remove_p_trusets(), rsbac_mount(), rsbac_printk(), rsbac_ta_list_remove(), rsbac_net_obj_desc_t::sock_p, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SYMLINK, T_USER, rsbac_dev_desc_t::type, rsbac_target_id_t::user, and user_handles. Referenced by rsbac_pm(), sys_rsbac_remove_target(), and sys_rsbac_remove_target_n(). { int error=0; struct rsbac_device_list_item_t * device_p; u_long dflags; if (!rsbac_initialized) { rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n"); } switch (target) { case T_FILE: case T_DIR: case T_FIFO: case T_SYMLINK: /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n", "rsbac_remove_target(): Removing file/dir/fifo/symlink ACI"); #endif */ #if defined(CONFIG_RSBAC_MAC) /* file and dir items can also have mac_f_trusets -> remove first */ if( (target == T_FILE) || (target == T_DIR) ) error = rsbac_mac_remove_f_trusets(tid.file); #endif #if defined(CONFIG_RSBAC_AUTH) /* file and dir items can also have auth_f_capsets -> remove first */ if( (target == T_FILE) || (target == T_DIR) ) error = rsbac_auth_remove_f_capsets(tid.file); #endif #if defined(CONFIG_RSBAC_ACL) /* items can also have an acl_fd_item -> remove first */ error = rsbac_acl_remove_acl(ta_number, target, tid); #endif /* wait for read access to device_list_head */ rsbac_read_lock(&device_list_head.lock, &dflags); /* OK, go on */ /* lookup device */ device_p = lookup_device(tid.file.device); if (!device_p) { struct super_block * sb_p; rsbac_read_unlock(&device_list_head.lock, &dflags); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) sb_p = user_get_super(tid.file.device); #else sb_p = get_super(tid.file.device); #endif if(sb_p) { rsbac_printk(KERN_INFO "rsbac_remove_target(): auto-mounting device %02u:%02u\n", RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); rsbac_mount(sb_p, NULL); /* free super_block pointer */ drop_super(sb_p); rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(tid.file.device); if (!device_p) { rsbac_printk(KERN_WARNING "rsbac_remove_target(): unknown device %02u:%02u\n", RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); rsbac_read_unlock(&device_list_head.lock, &dflags); return -RSBAC_EINVALIDDEV; } } else return -RSBAC_EINVALIDDEV; } rsbac_ta_list_remove(ta_number, device_p->handles.gen[gen_fd_hash(tid.file.inode)], &tid.file.inode); #if defined(CONFIG_RSBAC_MAC) rsbac_ta_list_remove(ta_number, device_p->handles.mac[mac_fd_hash(tid.file.inode)], &tid.file.inode); #endif #if defined(CONFIG_RSBAC_PM) rsbac_ta_list_remove(ta_number, device_p->handles.pm[pm_fd_hash(tid.file.inode)], &tid.file.inode); #endif #if defined(CONFIG_RSBAC_DAZ) rsbac_ta_list_remove(ta_number, device_p->handles.daz[daz_fd_hash(tid.file.inode)], &tid.file.inode); #if defined(CONFIG_RSBAC_DAZ_CACHE) rsbac_ta_list_remove(ta_number, device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)], &tid.file.inode); #endif #endif #if defined(CONFIG_RSBAC_FF) rsbac_ta_list_remove(ta_number, device_p->handles.ff[ff_fd_hash(tid.file.inode)], &tid.file.inode); #endif #if defined(CONFIG_RSBAC_RC) rsbac_ta_list_remove(ta_number, device_p->handles.rc[rc_fd_hash(tid.file.inode)], &tid.file.inode); #endif #if defined(CONFIG_RSBAC_AUTH) rsbac_ta_list_remove(ta_number, device_p->handles.auth[auth_fd_hash(tid.file.inode)], &tid.file.inode); #endif #if defined(CONFIG_RSBAC_CAP) rsbac_ta_list_remove(ta_number, device_p->handles.cap[cap_fd_hash(tid.file.inode)], &tid.file.inode); #endif #if defined(CONFIG_RSBAC_PAX) rsbac_ta_list_remove(ta_number, device_p->handles.pax[pax_fd_hash(tid.file.inode)], &tid.file.inode); #endif #if defined(CONFIG_RSBAC_RES) rsbac_ta_list_remove(ta_number, device_p->handles.res[res_fd_hash(tid.file.inode)], &tid.file.inode); #endif /* free access to device_list_head */ rsbac_read_unlock(&device_list_head.lock, &dflags); break; case T_DEV: { if(tid.dev.type > D_char) return -RSBAC_EINVALIDTARGET; /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n", "rsbac_remove_target(): Removing dev ACI"); #endif */ rsbac_ta_list_remove(ta_number, dev_handles.gen, &tid.dev); #if defined(CONFIG_RSBAC_MAC) rsbac_ta_list_remove(ta_number, dev_handles.mac, &tid.dev); #endif #if defined(CONFIG_RSBAC_PM) rsbac_ta_list_remove(ta_number, dev_handles.pm, &tid.dev); #endif #if defined(CONFIG_RSBAC_RC) rsbac_ta_list_remove(ta_number, dev_handles.rc, &tid.dev); #endif } break; case T_IPC: /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_remove_target(): Removing ipc ACI\n"); #endif */ #if defined(CONFIG_RSBAC_MAC) rsbac_ta_list_remove(ta_number, ipc_handles.mac, &tid.ipc); #endif #if defined(CONFIG_RSBAC_PM) rsbac_ta_list_remove(ta_number, ipc_handles.pm, &tid.ipc); #endif #if defined(CONFIG_RSBAC_RC) rsbac_ta_list_remove(ta_number, ipc_handles.rc, &tid.ipc); #endif #if defined(CONFIG_RSBAC_JAIL) rsbac_ta_list_remove(ta_number, ipc_handles.jail, &tid.ipc); #endif break; case T_USER: /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n", "rsbac_remove_target(): Removing user ACI"); #endif */ rsbac_ta_list_remove(ta_number, user_handles.gen, &tid.user); #if defined(CONFIG_RSBAC_MAC) rsbac_ta_list_remove(ta_number, user_handles.mac, &tid.user); #endif #if defined(CONFIG_RSBAC_PM) rsbac_ta_list_remove(ta_number, user_handles.pm, &tid.user); #endif #if defined(CONFIG_RSBAC_DAZ) rsbac_ta_list_remove(ta_number, user_handles.daz, &tid.user); #endif #if defined(CONFIG_RSBAC_FF) rsbac_ta_list_remove(ta_number, user_handles.ff, &tid.user); #endif #if defined(CONFIG_RSBAC_RC) rsbac_ta_list_remove(ta_number, user_handles.rc, &tid.user); #endif #if defined(CONFIG_RSBAC_AUTH) rsbac_ta_list_remove(ta_number, user_handles.auth, &tid.user); #endif #if defined(CONFIG_RSBAC_CAP) rsbac_ta_list_remove(ta_number, user_handles.cap, &tid.user); #endif #if defined(CONFIG_RSBAC_JAIL) rsbac_ta_list_remove(ta_number, user_handles.jail, &tid.user); #endif #if defined(CONFIG_RSBAC_PAX) rsbac_ta_list_remove(ta_number, user_handles.pax, &tid.user); #endif #if defined(CONFIG_RSBAC_RES) rsbac_ta_list_remove(ta_number, user_handles.res, &tid.user); #endif break; case T_PROCESS: /* too noisy... kicked out. #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_remove_target(): Removing process ACI\n"); #endif */ #if defined(CONFIG_RSBAC_ACL) /* process items can also have an acl_p_item -> remove first */ error = rsbac_acl_remove_acl(ta_number, target, tid); #endif rsbac_ta_list_remove(ta_number, process_handles.gen[gen_p_hash(tid.process)], &tid.process); #if defined(CONFIG_RSBAC_MAC) /* process items can also have mac_p_trusets -> remove first */ error = rsbac_mac_remove_p_trusets(tid.process); rsbac_ta_list_remove(ta_number, process_handles.mac[mac_p_hash(tid.process)], &tid.process); #endif #if defined(CONFIG_RSBAC_PM) rsbac_ta_list_remove(ta_number, process_handles.pm, &tid.process); #endif #if defined(CONFIG_RSBAC_DAZ) rsbac_ta_list_remove(ta_number, process_handles.daz, &tid.process); #endif #if defined(CONFIG_RSBAC_RC) rsbac_ta_list_remove(ta_number, process_handles.rc[rc_p_hash(tid.process)], &tid.process); #endif #if defined(CONFIG_RSBAC_AUTH) /* process items can also have auth_p_capsets -> remove first */ error = rsbac_auth_remove_p_capsets(tid.process); rsbac_ta_list_remove(ta_number, process_handles.auth, &tid.process); #endif #if defined(CONFIG_RSBAC_CAP) rsbac_ta_list_remove(ta_number, process_handles.cap, &tid.process); #endif #if defined(CONFIG_RSBAC_JAIL) rsbac_ta_list_remove(ta_number, process_handles.jail[jail_p_hash(tid.process)], &tid.process); #endif break; #ifdef CONFIG_RSBAC_UM case T_GROUP: /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_remove_target(): Removing group ACI\n"); #endif */ #if defined(CONFIG_RSBAC_RC_UM_PROT) rsbac_ta_list_remove(ta_number, group_handles.rc, &tid.group); #endif break; #endif /* CONFIG_RSBAC_UM */ #ifdef CONFIG_RSBAC_NET_DEV case T_NETDEV: #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) rsbac_ta_list_remove(ta_number, netdev_handles.gen, &tid.netdev); #endif #if defined(CONFIG_RSBAC_RC) rsbac_ta_list_remove(ta_number, netdev_handles.rc, &tid.netdev); #endif break; #endif #ifdef CONFIG_RSBAC_NET_OBJ case T_NETTEMP: /* too noisy... kicked out. #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_remove_target(): Removing nettemp ACI\n"); #endif */ #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG) rsbac_ta_list_remove(ta_number, nettemp_handles.gen, &tid.nettemp); #endif #if defined(CONFIG_RSBAC_MAC) rsbac_ta_list_remove(ta_number, nettemp_handles.mac, &tid.nettemp); #endif #if defined(CONFIG_RSBAC_PM) rsbac_ta_list_remove(ta_number, nettemp_handles.pm, &tid.nettemp); #endif #if defined(CONFIG_RSBAC_RC) rsbac_ta_list_remove(ta_number, nettemp_handles.rc, &tid.nettemp); #endif #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT) rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid); rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid); #endif break; case T_NETOBJ: /* too noisy... kicked out. #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_remove_target(): Removing netobj ACI\n"); #endif */ #if defined(CONFIG_RSBAC_MAC) rsbac_ta_list_remove(ta_number, lnetobj_handles.mac, &tid.netobj.sock_p); rsbac_ta_list_remove(ta_number, rnetobj_handles.mac, &tid.netobj.sock_p); #endif #if defined(CONFIG_RSBAC_PM) rsbac_ta_list_remove(ta_number, lnetobj_handles.pm, &tid.netobj.sock_p); rsbac_ta_list_remove(ta_number, rnetobj_handles.pm, &tid.netobj.sock_p); #endif #if defined(CONFIG_RSBAC_RC) rsbac_ta_list_remove(ta_number, lnetobj_handles.rc, &tid.netobj.sock_p); rsbac_ta_list_remove(ta_number, rnetobj_handles.rc, &tid.netobj.sock_p); #endif break; #endif /* NET_OBJ */ default: return(-RSBAC_EINVALIDTARGET); } #ifdef CONFIG_RSBAC_XSTATS remove_count[target]++; #endif return(error); } /* end of rsbac_remove_target() */

int rsbac_ta_set_attr (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, union rsbac_target_id_t  tid, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t  value )

Definition at line 14239 of file aci_data_structures.c. References rsbac_target_id_t::dev, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), set_attr_dev(), set_attr_fd(), set_attr_ipc(), set_attr_process(), set_attr_user(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, and T_USER. Referenced by rsbac_pm(), sys_rsbac_set_attr(), and sys_rsbac_set_attr_n(). { int err = 0; /* #ifdef CONFIG_RSBAC_DEBUG char tmp[RSBAC_MAXNAMELEN]; #endif */ if (!rsbac_initialized) { rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n"); } switch (target) { case T_FILE: case T_DIR: case T_FIFO: case T_SYMLINK: err = set_attr_fd(ta_number, module, target, &tid, attr, &value); break; case T_DEV: err = set_attr_dev(ta_number, module, target, tid.dev, attr, &value); break; case T_IPC: err = set_attr_ipc(ta_number, module, target, &tid, attr, &value); break; case T_USER: err = set_attr_user(ta_number, module, target, &tid, attr, &value); break; case T_PROCESS: err = set_attr_process(ta_number, module, target, &tid, attr, &value); break; #ifdef CONFIG_RSBAC_UM case T_GROUP: err = set_attr_group(ta_number, module, target, &tid, attr, &value); break; #endif /* CONFIG_RSBAC_UM */ #ifdef CONFIG_RSBAC_NET_DEV case T_NETDEV: err = set_attr_netdev(ta_number, module, target, &tid, attr, &value); break; #endif #ifdef CONFIG_RSBAC_NET_OBJ case T_NETTEMP: err = set_attr_nettemp(ta_number, module, target, &tid, attr, &value); break; case T_NETOBJ: err = set_attr_netobj(ta_number, module, target, &tid, attr, &value); break; #endif /* NET_OBJ */ /* switch(target): no valid target */ default: return(-RSBAC_EINVALIDTARGET); } #ifdef CONFIG_RSBAC_XSTATS if(!err) set_attr_count[target]++; #endif return(err); } /* end of rsbac_set_attr() */

int rsbac_umount (  struct super_block *  sb_p, struct dentry *  d_covers )

Definition at line 8456 of file aci_data_structures.c. References device_list_head, lookup_device(), NULL, remove_device_item(), rsbac_debug_no_write, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_umount(), rsbac_printk(), rsbac_umount_acl(), rsbac_umount_auth(), rsbac_umount_mac(), rsbac_umount_reg(), rsbac_write(), rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE. Referenced by rsbac_aef_sb_umount(). { u_long flags; struct rsbac_device_list_item_t * device_p; kdev_t kdev; if(!sb_p) { rsbac_printk(KERN_WARNING "rsbac_umount(): called with NULL pointer\n"); return -RSBAC_EINVALIDPOINTER; } if (!rsbac_initialized) { rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n"); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) if( (sb_p->s_magic == SYSFS_MAGIC) && !RSBAC_MAJOR(sb_p->s_dev) && sysfs_sb_p && sysfs_covered_p ) { rsbac_printk(KERN_WARNING "rsbac_umount(): sysfs umount detected, removing auto-mount values\n"); sysfs_sb_p = NULL; sysfs_covered_p = NULL; } #endif #ifdef CONFIG_DEVFS_MOUNT if( (sb_p->s_magic == DEVFS_SUPER_MAGIC) && !RSBAC_MAJOR(sb_p->s_dev) && devfs_sb_p && devfs_covered_p ) { rsbac_printk(KERN_WARNING "rsbac_umount(): devfs umount detected, removing auto-mount values\n"); devfs_sb_p = NULL; devfs_covered_p = NULL; } #endif return(-RSBAC_ENOTINITIALIZED); } #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) { rsbac_printk(KERN_DEBUG "rsbac_umount(): umounting device %02u:%02u\n", MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); } #endif kdev = sb_p->s_dev; /* sync attribute lists */ #if defined(CONFIG_RSBAC_AUTO_WRITE) if(!rsbac_debug_no_write) { down(&rsbac_write_sem); /* recheck no_write with lock - might have been set in between */ if(!rsbac_debug_no_write) { rsbac_write(TRUE); } up(&rsbac_write_sem); } #endif /* CONFIG_RSBAC_AUTO_WRITE */ /* call other umount functions */ /****** MAC *******/ #if defined(CONFIG_RSBAC_MAC) rsbac_umount_mac(kdev); #endif /****** AUTH *******/ #if defined(CONFIG_RSBAC_AUTH) rsbac_umount_auth(kdev); #endif /****** ACL *******/ #if defined(CONFIG_RSBAC_ACL) rsbac_umount_acl(kdev); #endif /****** REG *******/ #if defined(CONFIG_RSBAC_REG) rsbac_umount_reg(kdev); #endif /* REG */ /* wait for write access to device_list_head */ rsbac_write_lock(&device_list_head.lock, &flags); /* OK, nobody else is working on it... */ device_p = lookup_device(kdev); if(device_p) { if(device_p->mount_count == 1) { /* Generic lists */ rsbac_list_umount(kdev); remove_device_item(kdev); } else { if(device_p->mount_count > 1) { device_p->mount_count--; if(device_p->d_covers == d_covers) { rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); device_p->d_covers = NULL; } } else { rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); } } } /* allow access */ rsbac_write_unlock(&device_list_head.lock, &flags); return(0); }

void rsbac_write_close (  struct file *  file_p  )

Definition at line 2659 of file aci_data_structures.c. References rsbac_read_close(). Referenced by rsbac_list_write_buffers(), rsbac_list_write_lol_buffers(), and write_info(). { rsbac_read_close(file_p); }

int rsbac_write_open (  char *  name, struct file *  file_p, kdev_t  kdev )

Definition at line 2273 of file aci_data_structures.c. References check_parent, init_private_file(), lookup_aci_path_dentry(), NULL, rsbac_clear_file(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_ENOTWRITABLE, RSBAC_EWRITEFAILED, rsbac_get_super_block(), rsbac_kfree(), rsbac_kmalloc(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, rsbac_printk(), TRUE, and writable(). Referenced by rsbac_list_write_buffers(), rsbac_list_write_lol_buffers(), and write_info(). { struct dentry * dir_dentry_p = NULL; struct dentry * ldir_dentry_p = NULL; struct dentry * file_dentry_p = NULL; int err = 0; int tmperr = 0; struct super_block * sb_p; if(!file_p || !name) { #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_write) { rsbac_printk(KERN_DEBUG "rsbac_write_open(): called with NULL pointer!\n"); } #endif return(-RSBAC_EINVALIDPOINTER); } /* get super_block-pointer */ sb_p = rsbac_get_super_block(kdev); if (!sb_p) { rsbac_printk(KERN_WARNING "rsbac_write_open(): invalid device %02u:%02u\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); return (-RSBAC_EINVALIDDEV); } if(!writable(sb_p)) { #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_write) { rsbac_printk(KERN_DEBUG "rsbac_write_open(): called for non-writable device\n"); } #endif err = -RSBAC_ENOTWRITABLE; goto out; } /* lookup dentry of ACI_PATH on this device (create, if needed and possible), * returns errorcode, if failed */ if ((tmperr = lookup_aci_path_dentry(sb_p, &dir_dentry_p, TRUE, kdev))) { err = tmperr; goto out; } /* open file for reading - this must be done 'by hand', because */ /* standard system calls are now extended by rsbac decision calls. */ file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name)); if (!file_dentry_p || IS_ERR(file_dentry_p)) { #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_write) { rsbac_printk(KERN_DEBUG "rsbac_write_open(): lookup of %s returned error %li\n", name, PTR_ERR(file_dentry_p)); } #endif err = -RSBAC_EWRITEFAILED; goto out; } #if 1 if (file_dentry_p->d_inode) { /* file was found: try to rename it as backup file */ if ( !dir_dentry_p->d_inode->i_op || !dir_dentry_p->d_inode->i_op->rename) { rsbac_printk(KERN_WARNING "rsbac_write_open(): File system supports no rename - no backup of %s made!", name); } else { char * bname; int name_len = strlen(name); struct dentry * new_file_dentry_p = NULL; struct dentry * old_dir_p, * new_dir_p; bname = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(!bname) { err = -RSBAC_ENOMEM; goto out_dput; } strcpy(bname,name); bname[name_len] = 'b'; bname[name_len+1] = (char) 0; new_file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname)); if(new_file_dentry_p && !IS_ERR(new_file_dentry_p)) { /* lock parent == rsbac-dir for rest of rename */ old_dir_p = dget(file_dentry_p->d_parent); new_dir_p = dget(new_file_dentry_p->d_parent); double_lock(new_dir_p, old_dir_p); DQUOT_INIT(old_dir_p->d_inode); DQUOT_INIT(new_dir_p->d_inode); /* try to rename file in rsbac dir */ /* if (rsbac_debug_write) * rsbac_printk(KERN_DEBUG "rsbac_write_open(): calling rename function\n"); */ err = dir_dentry_p->d_inode->i_op->rename(old_dir_p->d_inode, file_dentry_p, new_dir_p->d_inode, new_file_dentry_p); /* unlock dir (dputs both dentries) */ double_unlock(new_dir_p, old_dir_p); if(err) { rsbac_printk(KERN_WARNING "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n", name,bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err); } else { /* The following d_move() should become unconditional */ if (!(sb_p->s_type->fs_flags & FS_ODD_RENAME)) d_move(file_dentry_p, new_file_dentry_p); inode_dir_notify(old_dir_p->d_inode, DN_RENAME); } dput(new_file_dentry_p); dput(file_dentry_p); /* re-init dentry structure */ file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name)); if (!file_dentry_p || IS_ERR (file_dentry_p)) { #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_write) { rsbac_printk(KERN_DEBUG "rsbac_write_open(): relookup of %s returned error %li\n", name, PTR_ERR(file_dentry_p)); } #endif err = -RSBAC_EWRITEFAILED; goto out; } if (file_dentry_p->d_inode) { rsbac_printk(KERN_WARNING "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n", name, file_dentry_p->d_inode->i_ino); /* file was found: try to delete it */ if ( !dir_dentry_p->d_inode->i_op || !dir_dentry_p->d_inode->i_op->unlink) { rsbac_printk(KERN_WARNING "rsbac_write_open(): File system supports no unlink - %s not deleted!", name); rsbac_kfree(bname); err = -RSBAC_EWRITEFAILED; goto out_dput; } else { old_dir_p = lock_parent(file_dentry_p); DQUOT_INIT(old_dir_p->d_inode); err = -ENOENT; #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) if (check_parent(old_dir_p, file_dentry_p)) { #endif err = dir_dentry_p->d_inode->i_op->unlink(old_dir_p->d_inode, file_dentry_p); #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) } else { rsbac_printk(KERN_WARNING "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n", name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev)); } #endif /* unlock parent dir */ unlock_dir(old_dir_p); /* free file dentry */ dput(file_dentry_p); if(err) { rsbac_printk(KERN_WARNING "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n", name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err); } /* re-init dentry structure */ file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name)); if (!file_dentry_p || IS_ERR (file_dentry_p)) { #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_write) { rsbac_printk(KERN_DEBUG "rsbac_write_open(): relookup of %s returned error %li\n", name, PTR_ERR(file_dentry_p)); } #endif rsbac_kfree(bname); err = -RSBAC_EWRITEFAILED; goto out; } if (file_dentry_p->d_inode) { rsbac_printk(KERN_WARNING "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n", name, file_dentry_p->d_inode->i_ino); rsbac_kfree(bname); err = -RSBAC_EWRITEFAILED; goto out_dput; } } } } else { rsbac_printk(KERN_WARNING "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n", bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), PTR_ERR(new_file_dentry_p)); } rsbac_kfree(bname); } } #endif /* backup part */ if(!file_dentry_p->d_inode) { /* file not found or renamed away: try to create a new one */ if ( !dir_dentry_p->d_inode->i_op || !dir_dentry_p->d_inode->i_op->create) { rsbac_printk(KERN_WARNING "%s\n", "rsbac_write_open(): File system supports no create!"); err = -RSBAC_EWRITEFAILED; goto out_dput; } /* lock parent == rsbac-dir for create */ ldir_dentry_p = lock_parent(file_dentry_p); if(IS_ERR(ldir_dentry_p)) { #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_write) { rsbac_printk(KERN_DEBUG "rsbac_write_open(): lock_parent of %s returned error %li\n", name, PTR_ERR(ldir_dentry_p)); } #endif err = -RSBAC_EWRITEFAILED; goto out_dput; } #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) if (!check_parent(ldir_dentry_p, file_dentry_p)) { #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_write) { rsbac_printk(KERN_DEBUG "rsbac_write_open(): check_parent of %s returned error\n", name); } #endif unlock_dir(ldir_dentry_p); err = -RSBAC_EWRITEFAILED; goto out_dput; } #endif /* try to create file in rsbac dir */ /* if (rsbac_debug_write) * rsbac_printk(KERN_DEBUG "%s\n", * "rsbac_write_open(): calling create function"); */ DQUOT_INIT(ldir_dentry_p->d_inode); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode, file_dentry_p, RSBAC_ACI_FILE_MODE, NULL); #else err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode, file_dentry_p, RSBAC_ACI_FILE_MODE); #endif unlock_dir(ldir_dentry_p); if (err) { goto out_dput; } /* create was successful */ } if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) ) { /* this is not a file! -> error! */ rsbac_printk(KERN_WARNING "rsbac_write_open(): expected file is not a file, mode is %o!\n", file_dentry_p->d_inode->i_mode); err = -RSBAC_EWRITEFAILED; goto out_dput; } /* Now we fill the file structure and */ /* if there is an open func for this file, use it, otherwise ignore */ if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY))) { rsbac_printk(KERN_WARNING "rsbac_write_open(): could not init file!\n"); err = -RSBAC_EWRITEFAILED; goto out_dput; } /* Without a write function we get into troubles -> error */ if ((!file_p->f_op) || (!file_p->f_op->write)) { rsbac_printk(KERN_WARNING "rsbac_write_open(): file write function missing!\n"); if(file_p->f_op && file_p->f_op->release) { file_p->f_op->release(file_dentry_p->d_inode, file_p); } err = -RSBAC_EWRITEFAILED; goto out_dput; } /* trying to get write access */ /* if (rsbac_debug_write) * rsbac_printk(KERN_DEBUG "rsbac_write_open(): trying to get write access!\n"); */ if (get_write_access(file_dentry_p->d_inode)) { rsbac_printk(KERN_WARNING "rsbac_write_open(): could not get write access!\n"); if (file_p->f_op->release) file_p->f_op->release(file_dentry_p->d_inode, file_p); err = -RSBAC_EWRITEFAILED; goto out_dput; } /* truncating */ if(rsbac_clear_file(file_dentry_p)) { if (file_p->f_op->release) file_p->f_op->release(file_dentry_p->d_inode, file_p); put_write_access(file_dentry_p->d_inode); rsbac_printk(KERN_WARNING "rsbac_write_open(): could not truncate!\n"); err = -RSBAC_EWRITEFAILED; goto out_dput; } /* set synchronous mode for this file */ file_p->f_flags |= O_SYNC; out: return err; out_dput: dput(file_dentry_p); goto out; }

static int set_attr_dev (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, struct rsbac_dev_desc_t  dev, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t *  value_p )  [static]

Definition at line 12547 of file aci_data_structures.c. References A_log_array_high, A_log_array_low, A_mac_categories, A_mac_check, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, D_block, D_block_major, D_char, D_char_major, DEFAULT_GEN_DEV_ACI, dev_handles, dev_major_handles, GEN, handle, rsbac_attribute_value_t::log_array_high, rsbac_gen_dev_aci_t::log_array_high, rsbac_attribute_value_t::log_array_low, rsbac_gen_dev_aci_t::log_array_low, MAC, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_check, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, PM, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, RC, rsbac_attribute_value_t::rc_type, RC_type_max_value, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, and rsbac_dev_desc_t::type. Referenced by rsbac_ta_set_attr(). { int err = 0; /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_set_attr(): Setting dev attribute\n"); #endif */ switch(module) { case GEN: { struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI; if(dev.type > D_char) return -RSBAC_EINVALIDTARGET; rsbac_ta_list_get_data_ttl(ta_number, dev_handles.gen, NULL, &dev, &aci); switch (attr) { case A_log_array_low: aci.log_array_low = value_p->log_array_low; break; case A_log_array_high: aci.log_array_high = value_p->log_array_high; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, dev_handles.gen, 0, &dev, &aci); } } break; #if defined(CONFIG_RSBAC_MAC) case MAC: { struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI; if(dev.type > D_char) return -RSBAC_EINVALIDTARGET; rsbac_ta_list_get_data_ttl(ta_number, dev_handles.mac, NULL, &dev, &aci); switch (attr) { case A_security_level: aci.sec_level = value_p->security_level; break; case A_mac_categories: aci.mac_categories = value_p->mac_categories; break; case A_mac_check: aci.mac_check = value_p->mac_check; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, dev_handles.mac, 0, &dev, &aci); } } break; #endif #if defined(CONFIG_RSBAC_PM) case PM: { struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI; if(dev.type > D_char) return -RSBAC_EINVALIDTARGET; rsbac_ta_list_get_data_ttl(ta_number, dev_handles.pm, NULL, &dev, &aci); switch (attr) { case A_pm_object_type: aci.pm_object_type = value_p->pm_object_type; break; case A_pm_object_class: aci.pm_object_class = value_p->pm_object_class; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, dev_handles.pm, 0, &dev, &aci); } } break; #endif #if defined(CONFIG_RSBAC_RC) case RC: { rsbac_rc_type_id_t type = value_p->rc_type; struct rsbac_dev_desc_t dev_desc; rsbac_list_handle_t handle; switch(dev.type) { case D_char: dev_desc.type = D_char; handle = dev_handles.rc; break; case D_block: dev_desc.type = D_block; handle = dev_handles.rc; break; case D_char_major: if(type > RC_type_max_value) return -RSBAC_EINVALIDVALUE; dev_desc.type = D_char; handle = dev_major_handles.rc; break; case D_block_major: if(type > RC_type_max_value) return -RSBAC_EINVALIDVALUE; dev_desc.type = D_block; handle = dev_major_handles.rc; break; default: return -RSBAC_EINVALIDTARGET; } dev_desc.major = dev.major; dev_desc.minor = dev.minor; switch (attr) { case A_rc_type: err = rsbac_ta_list_add_ttl(ta_number, handle, 0, &dev_desc, &type); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif default: err = -RSBAC_EINVALIDMODULE; } return err; }

static int set_attr_fd (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, union rsbac_target_id_t *  tid_p, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t *  value_p )  [static]

Definition at line 12109 of file aci_data_structures.c. References A_auid_exempt, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_daz_scanned, A_daz_scanner, A_fake_root_uid, A_ff_flags, A_linux_dac_disable, A_log_array_high, A_log_array_low, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_file_flags, A_mac_prop_trusted, A_max_caps, A_min_caps, A_pax_flags, A_pm_object_class, A_pm_object_type, A_pm_tp, A_rc_force_role, A_rc_initial_role, A_rc_type_fd, A_res_max, A_res_min, A_security_level, A_symlink_add_mac_level, A_symlink_add_rc_role, A_symlink_add_remote_ip, A_symlink_add_uid, rsbac_attribute_value_t::auid_exempt, rsbac_gen_fd_aci_t::auid_exempt, AUTH, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, CAP, DAZ, rsbac_attribute_value_t::daz_scanned, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_FD_ACI, device_list_head, rsbac_attribute_value_t::fake_root_uid, rsbac_gen_fd_aci_t::fake_root_uid, FF, rsbac_attribute_value_t::ff_flags, GEN, gen_fd_hash(), rsbac_attribute_value_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_attribute_value_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_attribute_value_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_attribute_value_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, lookup_device(), MAC, rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_file_flags, rsbac_attribute_value_t::mac_prop_trusted, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, PAX, rsbac_attribute_value_t::pax_flags, PM, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::pm_tp, RC, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_initial_role, rsbac_attribute_value_t::rc_type_fd, RES, rsbac_attribute_value_t::res_array, RSBAC_EINVALIDATTR, RSBAC_EINVALIDDEV, RSBAC_EINVALIDMODULE, rsbac_list_add_ttl(), RSBAC_MAC_F_FLAGS, rsbac_mount(), RSBAC_PAX_ALL_FLAGS, rsbac_printk(), rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_remove(), rsbac_attribute_value_t::security_level, rsbac_attribute_value_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_attribute_value_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_attribute_value_t::symlink_add_remote_ip, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_attribute_value_t::symlink_add_uid, and rsbac_gen_fd_aci_t::symlink_add_uid. Referenced by rsbac_ta_set_attr(). { int err = 0; struct rsbac_device_list_item_t * device_p; u_long dflags; /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_set_attr(): Setting file/dir/fifo/symlink attribute %u for device %02u:%02u, inode %lu, dentry_p %p\n", attr, RSBAC_MAJOR(tid_p->file.device),RSBAC_MINOR(tid_p->file.device), (u_long) tid_p->file.inode, tid_p->file.dentry_p); #endif */ /* wait for read access to device_list_head */ rsbac_read_lock(&device_list_head.lock, &dflags); /* OK, go on */ /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_set_attr(): passed device read lock\n"); #endif */ /* lookup device */ device_p = lookup_device(tid_p->file.device); if (!device_p) { struct super_block * sb_p; rsbac_read_unlock(&device_list_head.lock, &dflags); #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) sb_p = user_get_super(tid_p->file.device); #else sb_p = get_super(tid_p->file.device); #endif if(sb_p) { rsbac_printk(KERN_INFO "rsbac_set_attr(): auto-mounting device %02u:%02u\n", RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device)); rsbac_mount(sb_p, NULL); /* free super_block pointer */ drop_super(sb_p); rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(tid_p->file.device); if (!device_p) { rsbac_printk(KERN_WARNING "rsbac_set_attr(): unknown device %02u:%02u\n", RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device)); rsbac_read_unlock(&device_list_head.lock, &dflags); return -RSBAC_EINVALIDDEV; } } else return -RSBAC_EINVALIDDEV; } switch(module) { case GEN: { struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.gen[gen_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_log_array_low: aci.log_array_low = value_p->log_array_low; break; case A_log_array_high: aci.log_array_high = value_p->log_array_high; break; case A_log_program_based: aci.log_program_based = value_p->log_program_based; break; case A_symlink_add_remote_ip: aci.symlink_add_remote_ip = value_p->symlink_add_remote_ip; break; case A_symlink_add_uid: aci.symlink_add_uid = value_p->symlink_add_uid; break; case A_symlink_add_mac_level: aci.symlink_add_mac_level = value_p->symlink_add_mac_level; break; case A_symlink_add_rc_role: aci.symlink_add_rc_role = value_p->symlink_add_rc_role; break; case A_linux_dac_disable: aci.linux_dac_disable = value_p->linux_dac_disable; break; case A_fake_root_uid: aci.fake_root_uid = value_p->fake_root_uid; break; case A_auid_exempt: aci.auid_exempt = value_p->auid_exempt; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, device_p->handles.gen[gen_fd_hash(tid_p->file.inode)], 0, &tid_p->file.inode, &aci); } } break; #if defined(CONFIG_RSBAC_MAC) case MAC: { struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.mac[mac_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_security_level: aci.sec_level = value_p->security_level; break; case A_mac_categories: aci.mac_categories = value_p->mac_categories; break; case A_mac_auto: aci.mac_auto = value_p->mac_auto; break; case A_mac_prop_trusted: aci.mac_prop_trusted = value_p->mac_prop_trusted; break; case A_mac_file_flags: aci.mac_file_flags = value_p->mac_file_flags & RSBAC_MAC_F_FLAGS; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, device_p->handles.mac[mac_fd_hash(tid_p->file.inode)], 0, &tid_p->file.inode, &aci); } } break; #endif /* MAC */ #if defined(CONFIG_RSBAC_PM) case PM: { struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.pm[pm_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_pm_object_class: aci.pm_object_class = value_p->pm_object_class; break; case A_pm_tp: aci.pm_tp = value_p->pm_tp; break; case A_pm_object_type: aci.pm_object_type = value_p->pm_object_type; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, device_p->handles.pm[pm_fd_hash(tid_p->file.inode)], 0, &tid_p->file.inode, &aci); } } break; #endif /* PM */ #if defined(CONFIG_RSBAC_DAZ) case DAZ: { #if defined(CONFIG_RSBAC_DAZ_CACHE) if(attr == A_daz_scanned) { err = rsbac_list_add_ttl(device_p->handles.dazs[daz_scanned_fd_hash(tid_p->file.inode)], rsbac_daz_ttl, &tid_p->file.inode, &value_p->daz_scanned); } else #endif { struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.daz[daz_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_daz_scanner: aci.daz_scanner = value_p->daz_scanner; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, device_p->handles.daz[daz_fd_hash(tid_p->file.inode)], 0, &tid_p->file.inode, &aci); } } } break; #endif /* DAZ */ #if defined(CONFIG_RSBAC_FF) case FF: { switch (attr) { case A_ff_flags: err = rsbac_ta_list_add_ttl(ta_number, device_p->handles.ff[ff_fd_hash(tid_p->file.inode)], 0, &tid_p->file.inode, &value_p->ff_flags); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* FF */ #if defined(CONFIG_RSBAC_RC) case RC: { struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.rc[rc_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_rc_type_fd: aci.rc_type_fd = value_p->rc_type_fd; break; case A_rc_force_role: aci.rc_force_role = value_p->rc_force_role; break; case A_rc_initial_role: aci.rc_initial_role = value_p->rc_initial_role; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, device_p->handles.rc[rc_fd_hash(tid_p->file.inode)], 0, &tid_p->file.inode, &aci); } } break; #endif /* RC */ #if defined(CONFIG_RSBAC_AUTH) case AUTH: { struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.auth[auth_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_auth_may_setuid: aci.auth_may_setuid = value_p->auth_may_setuid; break; case A_auth_may_set_cap: aci.auth_may_set_cap = value_p->auth_may_set_cap; break; case A_auth_learn: aci.auth_learn = value_p->auth_learn; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, device_p->handles.auth[auth_fd_hash(tid_p->file.inode)], 0, &tid_p->file.inode, &aci); } } break; #endif /* AUTH */ #if defined(CONFIG_RSBAC_CAP) case CAP: { struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.cap[cap_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_min_caps: aci.min_caps = value_p->min_caps; break; case A_max_caps: aci.max_caps = value_p->max_caps; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, device_p->handles.cap[cap_fd_hash(tid_p->file.inode)], 0, &tid_p->file.inode, &aci); } } break; #endif #if defined(CONFIG_RSBAC_RES) case RES: { struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI; rsbac_ta_list_get_data_ttl(ta_number, device_p->handles.res[res_fd_hash(tid_p->file.inode)], NULL, &tid_p->file.inode, &aci); switch (attr) { case A_res_min: memcpy(&aci.res_min, &value_p->res_array, sizeof(aci.res_min)); break; case A_res_max: memcpy(&aci.res_max, &value_p->res_array, sizeof(aci.res_max)); break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { struct rsbac_res_fd_aci_t def_aci = DEFAULT_RES_FD_ACI; if(memcmp(&aci, &def_aci, sizeof(aci))) err = rsbac_ta_list_add_ttl(ta_number, device_p->handles.res[res_fd_hash(tid_p->file.inode)], 0, &tid_p->file.inode, &aci); else err = rsbac_ta_list_remove(ta_number, device_p->handles.res[res_fd_hash(tid_p->file.inode)], &tid_p->file.inode); } } break; #endif #if defined(CONFIG_RSBAC_PAX) case PAX: { switch (attr) { case A_pax_flags: value_p->pax_flags &= RSBAC_PAX_ALL_FLAGS; err = rsbac_ta_list_add_ttl(ta_number, device_p->handles.pax[pax_fd_hash(tid_p->file.inode)], 0, &tid_p->file.inode, &value_p->pax_flags); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif /* PAX */ default: err = -RSBAC_EINVALIDMODULE; } /* free access to device_list_head */ rsbac_read_unlock(&device_list_head.lock, &dflags); return err; }

static int set_attr_ipc (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, union rsbac_target_id_t *  tid_p, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t *  value_p )  [static]

Definition at line 12730 of file aci_data_structures.c. References A_jail_id, A_mac_categories, A_pm_ipc_purpose, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, rsbac_target_id_t::ipc, ipc_handles, JAIL, rsbac_attribute_value_t::jail_id, MAC, rsbac_attribute_value_t::mac_categories, NULL, PM, rsbac_attribute_value_t::pm_ipc_purpose, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, RC, rsbac_attribute_value_t::rc_type, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), and rsbac_attribute_value_t::security_level. Referenced by rsbac_ta_set_attr(). { int err = 0; /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n", "rsbac_set_attr(): Setting ipc attribute"); #endif */ switch(module) { #if defined(CONFIG_RSBAC_MAC) case MAC: { struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI; rsbac_ta_list_get_data_ttl(ta_number, ipc_handles.mac, NULL, &tid_p->ipc, &aci); switch (attr) { case A_security_level: aci.sec_level = value_p->security_level; break; case A_mac_categories: aci.mac_categories = value_p->mac_categories; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, ipc_handles.mac, 0, &tid_p->ipc, &aci); } } break; #endif #if defined(CONFIG_RSBAC_PM) case PM: { struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI; rsbac_ta_list_get_data_ttl(ta_number, ipc_handles.pm, NULL, &tid_p->ipc, &aci); switch (attr) { case A_pm_object_type: aci.pm_object_type = value_p->pm_object_type; break; case A_pm_ipc_purpose: aci.pm_ipc_purpose = value_p->pm_ipc_purpose; break; case A_pm_object_class: aci.pm_object_class = value_p->pm_object_class; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, ipc_handles.pm, 0, &tid_p->ipc, &aci); } } break; #endif #if defined(CONFIG_RSBAC_RC) case RC: { rsbac_rc_type_id_t type = value_p->rc_type; switch (attr) { case A_rc_type: err = rsbac_ta_list_add_ttl(ta_number, ipc_handles.rc, 0, &tid_p->ipc, &type); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif #if defined(CONFIG_RSBAC_JAIL) case JAIL: { rsbac_jail_id_t id = value_p->jail_id; switch (attr) { case A_jail_id: /* #ifdef CONFIG_RSBAC_DEBUG if(id) rsbac_printk(KERN_DEBUG "rsbac_set_attr(): Setting jail_id for IPC %s %lu to %u\n", get_ipc_target_name(tmp, tid_p->ipc.type), tid_p->ipc.id.id_nr, id); #endif */ err = rsbac_ta_list_add_ttl(ta_number, ipc_handles.jail, 0, &tid_p->ipc, &id); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif default: err = -RSBAC_EINVALIDMODULE; } return err; }

static int set_attr_process (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, union rsbac_target_id_t *  tid_p, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t *  value_p )  [static]

Definition at line 13273 of file aci_data_structures.c. References A_audit_uid, A_auid_exempt, A_auth_last_auth, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_process_hiding, A_current_sec_level, A_daz_scanner, A_fake_root_uid, A_initial_security_level, A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_scd_get, A_jail_scd_modify, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_curr_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_process_flags, A_max_caps_program, A_max_caps_user, A_max_read_categories, A_max_read_open, A_min_security_level, A_min_write_categories, A_min_write_open, A_pm_current_task, A_pm_process_type, A_pm_tp, A_rc_force_role, A_rc_role, A_rc_type, A_remote_ip, A_security_level, rsbac_attribute_value_t::audit_uid, rsbac_gen_process_aci_t::audit_uid, rsbac_attribute_value_t::auid_exempt, rsbac_gen_process_aci_t::auid_exempt, AUTH, rsbac_attribute_value_t::auth_last_auth, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, CAP, rsbac_attribute_value_t::cap_process_hiding, rsbac_attribute_value_t::current_sec_level, DAZ, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_P_ACI, rsbac_attribute_value_t::fake_root_uid, rsbac_gen_process_aci_t::fake_root_uid, GEN, gen_p_hash(), JAIL, rsbac_attribute_value_t::jail_flags, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::jail_ip, rsbac_attribute_value_t::jail_max_caps, rsbac_attribute_value_t::jail_scd_get, rsbac_attribute_value_t::jail_scd_modify, rsbac_attribute_value_t::log_program_based, rsbac_gen_process_aci_t::log_program_based, MAC, MAC_auto, rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_process_flags, rsbac_attribute_value_t::max_caps_program, rsbac_attribute_value_t::max_caps_user, rsbac_attribute_value_t::max_read_open, rsbac_attribute_value_t::min_write_open, NULL, PM, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_process_type, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, process_handles, RC, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_role, rsbac_attribute_value_t::rc_type, rsbac_attribute_value_t::remote_ip, rsbac_gen_process_aci_t::remote_ip, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_MAC_P_FLAGS, rsbac_printk(), rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), and rsbac_attribute_value_t::security_level. Referenced by rsbac_ta_set_attr(). { int err = 0; /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_set_attr(): Setting process attribute\n"); #endif */ if (!tid_p->process) { rsbac_printk(KERN_WARNING "rsbac_set_attr(): Trying to set attribute for process 0!\n"); return -RSBAC_EINVALIDTARGET; } switch(module) { case GEN: { struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.gen[gen_p_hash(tid_p->process)], NULL, &tid_p->process, &aci); switch (attr) { case A_log_program_based: aci.log_program_based = value_p->log_program_based; break; case A_fake_root_uid: aci.fake_root_uid = value_p->fake_root_uid; break; case A_audit_uid: aci.audit_uid = value_p->audit_uid; break; case A_auid_exempt: aci.auid_exempt = value_p->auid_exempt; break; case A_remote_ip: aci.remote_ip = value_p->remote_ip; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, process_handles.gen[gen_p_hash(tid_p->process)], 0, &tid_p->process, &aci); } } break; #if defined(CONFIG_RSBAC_MAC) case MAC: { struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.mac[mac_p_hash(tid_p->process)], NULL, &tid_p->process, &aci); switch (attr) { case A_security_level: aci.owner_sec_level = value_p->security_level; break; case A_initial_security_level: aci.owner_initial_sec_level = value_p->security_level; break; case A_min_security_level: aci.owner_min_sec_level = value_p->security_level; break; case A_mac_categories: aci.mac_owner_categories = value_p->mac_categories; break; case A_mac_initial_categories: aci.mac_owner_initial_categories = value_p->mac_categories; break; case A_mac_min_categories: aci.mac_owner_min_categories = value_p->mac_categories; break; case A_current_sec_level: aci.current_sec_level = value_p->current_sec_level; break; case A_mac_curr_categories: aci.mac_curr_categories = value_p->mac_categories; break; case A_min_write_open: aci.min_write_open = value_p->min_write_open; break; case A_min_write_categories: aci.min_write_categories = value_p->mac_categories; break; case A_max_read_open: aci.max_read_open = value_p->max_read_open; break; case A_max_read_categories: aci.max_read_categories = value_p->mac_categories; break; case A_mac_process_flags: aci.mac_process_flags = value_p->mac_process_flags & RSBAC_MAC_P_FLAGS; break; case A_mac_auto: if(value_p->mac_auto) aci.mac_process_flags |= MAC_auto; else aci.mac_process_flags &= ~MAC_auto; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, process_handles.mac[mac_p_hash(tid_p->process)], 0, &tid_p->process, &aci); } } break; #endif #if defined(CONFIG_RSBAC_PM) case PM: { struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.pm, NULL, &tid_p->process, &aci); switch (attr) { case A_pm_tp: aci.pm_tp = value_p->pm_tp; break; case A_pm_current_task: aci.pm_current_task = value_p->pm_current_task; break; case A_pm_process_type: aci.pm_process_type = value_p->pm_process_type; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, process_handles.pm, 0, &tid_p->process, &aci); } } break; #endif #if defined(CONFIG_RSBAC_DAZ) case DAZ: { struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.daz, NULL, &tid_p->process, &aci); switch (attr) { case A_daz_scanner: aci.daz_scanner = value_p->daz_scanner; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, process_handles.daz, 0, &tid_p->process, &aci); } } break; #endif #if defined(CONFIG_RSBAC_RC) case RC: { struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.rc[rc_p_hash(tid_p->process)], NULL, &tid_p->process, &aci); switch (attr) { case A_rc_role: aci.rc_role = value_p->rc_role; break; case A_rc_type: aci.rc_type = value_p->rc_type; break; case A_rc_force_role: aci.rc_force_role = value_p->rc_force_role; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, process_handles.rc[rc_p_hash(tid_p->process)], 0, &tid_p->process, &aci); } } break; #endif #if defined(CONFIG_RSBAC_AUTH) case AUTH: { struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.auth, NULL, &tid_p->process, &aci); switch (attr) { case A_auth_may_setuid: aci.auth_may_setuid = value_p->auth_may_setuid; break; case A_auth_may_set_cap: aci.auth_may_set_cap = value_p->auth_may_set_cap; break; #if defined(CONFIG_RSBAC_AUTH_LEARN) case A_auth_program_file: aci.auth_program_file = value_p->auth_program_file; break; case A_auth_start_uid: aci.auth_start_uid = value_p->auth_start_uid; break; #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER case A_auth_start_euid: aci.auth_start_euid = value_p->auth_start_euid; break; #endif #ifdef CONFIG_RSBAC_AUTH_GROUP case A_auth_start_gid: aci.auth_start_gid = value_p->auth_start_gid; break; #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP case A_auth_start_egid: aci.auth_start_egid = value_p->auth_start_egid; break; #endif #endif case A_auth_learn: aci.auth_learn = value_p->auth_learn; break; #endif case A_auth_last_auth: aci.auth_last_auth = value_p->auth_last_auth; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, process_handles.auth, 0, &tid_p->process, &aci); } } break; #endif #if defined(CONFIG_RSBAC_CAP) case CAP: { struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.cap, NULL, &tid_p->process, &aci); switch (attr) { case A_cap_process_hiding: aci.cap_process_hiding = value_p->cap_process_hiding; break; #ifdef CONFIG_RSBAC_CAP_LOG_MISSING case A_max_caps_user: aci.max_caps_user = value_p->max_caps_user; break; case A_max_caps_program: aci.max_caps_program = value_p->max_caps_program; break; #endif default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, process_handles.cap, 0, &tid_p->process, &aci); } } break; #endif #if defined(CONFIG_RSBAC_JAIL) case JAIL: { struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI; rsbac_ta_list_get_data_ttl(ta_number, process_handles.jail[jail_p_hash(tid_p->process)], NULL, &tid_p->process, &aci); switch (attr) { case A_jail_id: aci.id = value_p->jail_id; break; case A_jail_ip: aci.ip = value_p->jail_ip; break; case A_jail_flags: aci.flags = value_p->jail_flags; break; case A_jail_max_caps: aci.max_caps = value_p->jail_max_caps; break; case A_jail_scd_get: aci.scd_get = value_p->jail_scd_get; break; case A_jail_scd_modify: aci.scd_modify = value_p->jail_scd_modify; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, process_handles.jail[jail_p_hash(tid_p->process)], 0, &tid_p->process, &aci); } } break; #endif default: err = -RSBAC_EINVALIDMODULE; } return err; }

static int set_attr_user (  rsbac_list_ta_number_t  ta_number, enum rsbac_switch_target_t  module, enum rsbac_target_t  target, union rsbac_target_id_t *  tid_p, enum rsbac_attribute_t  attr, union rsbac_attribute_value_t *  value_p )  [static]

Definition at line 12874 of file aci_data_structures.c. References A_auth_role, A_cap_role, A_daz_role, A_ff_role, A_initial_security_level, A_jail_role, A_log_user_based, A_mac_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_role, A_mac_user_flags, A_max_caps, A_min_caps, A_min_security_level, A_pax_role, A_pm_role, A_pm_task_set, A_pseudo, A_rc_def_role, A_rc_type, A_res_max, A_res_min, A_res_role, A_security_level, A_system_role, AUTH, CAP, DAZ, DEFAULT_GEN_U_ACI, FF, GEN, JAIL, rsbac_attribute_value_t::log_user_based, rsbac_gen_user_aci_t::log_user_based, MAC, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_user_flags, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, PAX, PM, rsbac_attribute_value_t::pm_role, rsbac_attribute_value_t::pm_task_set, rsbac_attribute_value_t::pseudo, rsbac_gen_user_aci_t::pseudo, RC, rsbac_attribute_value_t::rc_def_role, rsbac_attribute_value_t::rc_type, RES, rsbac_attribute_value_t::res_array, RSBAC_ALL_USERS, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, RSBAC_MAC_U_FLAGS, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_remove(), rsbac_attribute_value_t::security_level, rsbac_attribute_value_t::system_role, rsbac_target_id_t::user, and user_handles. Referenced by rsbac_ta_set_attr(). { int err = 0; #ifdef CONFIG_RSBAC_DEBUG /* if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "rsbac_set_attr(): Setting %s user attribute %i for %u to %i\n", get_switch_target_name(tmp, module), attr, tid_p->user, value_p->dummy); */ #endif switch(module) { case GEN: { struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI; rsbac_ta_list_get_data_ttl(ta_number, user_handles.gen, NULL, &tid_p->user, &aci); switch (attr) { case A_pseudo: aci.pseudo = value_p->pseudo; break; case A_log_user_based: aci.log_user_based = value_p->log_user_based; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, user_handles.gen, 0, &tid_p->user, &aci); } } break; #if defined(CONFIG_RSBAC_MAC) case MAC: { struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI; rsbac_ta_list_get_data_ttl(ta_number, user_handles.mac, NULL, &tid_p->user, &aci); switch (attr) { case A_security_level: if(value_p->security_level < aci.min_security_level) err = -RSBAC_EINVALIDVALUE; else aci.security_level = value_p->security_level; break; case A_initial_security_level: if( (value_p->security_level < aci.min_security_level) || (value_p->security_level > aci.security_level) ) err = -RSBAC_EINVALIDVALUE; else aci.initial_security_level = value_p->security_level; break; case A_min_security_level: if(value_p->security_level > aci.security_level) err = -RSBAC_EINVALIDVALUE; else aci.min_security_level = value_p->security_level; break; case A_mac_categories: if((value_p->mac_categories & aci.mac_min_categories) != aci.mac_min_categories) err = -RSBAC_EINVALIDVALUE; else aci.mac_categories = value_p->mac_categories; break; case A_mac_initial_categories: if( ((value_p->mac_categories & aci.mac_min_categories) != aci.mac_min_categories) || ((value_p->mac_categories & aci.mac_categories) != value_p->mac_categories) ) err = -RSBAC_EINVALIDVALUE; else aci.mac_initial_categories = value_p->mac_categories; break; case A_mac_min_categories: if((value_p->mac_categories & aci.mac_categories) != value_p->mac_categories) err = -RSBAC_EINVALIDVALUE; else aci.mac_min_categories = value_p->mac_categories; break; case A_system_role: case A_mac_role: aci.system_role = value_p->system_role; break; case A_mac_user_flags: aci.mac_user_flags = value_p->mac_user_flags & RSBAC_MAC_U_FLAGS; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, user_handles.mac, 0, &tid_p->user, &aci); } } break; #endif #if defined(CONFIG_RSBAC_PM) case PM: { struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI; rsbac_ta_list_get_data_ttl(ta_number, user_handles.pm, NULL, &tid_p->user, &aci); switch (attr) { case A_pm_task_set: aci.pm_task_set = value_p->pm_task_set; break; case A_pm_role: aci.pm_role = value_p->pm_role; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, user_handles.pm, 0, &tid_p->user, &aci); } } break; #endif #if defined(CONFIG_RSBAC_DAZ) case DAZ: { rsbac_system_role_int_t role = value_p->system_role; switch (attr) { case A_system_role: case A_daz_role: err = rsbac_ta_list_add_ttl(ta_number, user_handles.daz, 0, &tid_p->user, &role); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif #if defined(CONFIG_RSBAC_FF) case FF: { rsbac_system_role_int_t role = value_p->system_role; switch (attr) { case A_system_role: case A_ff_role: err = rsbac_ta_list_add_ttl(ta_number, user_handles.ff, 0, &tid_p->user, &role); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif #if defined(CONFIG_RSBAC_RC) case RC: { struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI; rsbac_ta_list_get_data_ttl(ta_number, user_handles.rc, NULL, &tid_p->user, &aci); switch (attr) { case A_rc_def_role: aci.rc_role = value_p->rc_def_role; break; case A_rc_type: aci.rc_type = value_p->rc_type; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, user_handles.rc, 0, &tid_p->user, &aci); } } break; #endif #if defined(CONFIG_RSBAC_AUTH) case AUTH: { rsbac_system_role_int_t role = value_p->system_role; switch (attr) { case A_system_role: case A_auth_role: err = rsbac_ta_list_add_ttl(ta_number, user_handles.auth, 0, &tid_p->user, &role); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif #if defined(CONFIG_RSBAC_CAP) case CAP: { struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI; rsbac_ta_list_get_data_ttl(ta_number, user_handles.cap, NULL, &tid_p->user, &aci); switch (attr) { case A_system_role: case A_cap_role: aci.cap_role = value_p->system_role; break; case A_min_caps: aci.min_caps = value_p->min_caps; break; case A_max_caps: aci.max_caps = value_p->max_caps; break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { err = rsbac_ta_list_add_ttl(ta_number, user_handles.cap, 0, &tid_p->user, &aci); } } break; #endif #if defined(CONFIG_RSBAC_JAIL) case JAIL: { rsbac_system_role_int_t role = value_p->system_role; switch (attr) { case A_system_role: case A_jail_role: err = rsbac_ta_list_add_ttl(ta_number, user_handles.jail, 0, &tid_p->user, &role); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif #if defined(CONFIG_RSBAC_RES) case RES: { struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI; rsbac_ta_list_get_data_ttl(ta_number, user_handles.res, NULL, &tid_p->user, &aci); switch (attr) { case A_system_role: case A_res_role: aci.res_role = value_p->system_role; break; case A_res_min: memcpy(&aci.res_min, &value_p->res_array, sizeof(aci.res_min)); break; case A_res_max: memcpy(&aci.res_max, &value_p->res_array, sizeof(aci.res_max)); break; default: err = -RSBAC_EINVALIDATTR; } if(!err) { struct rsbac_res_user_aci_t def_aci = DEFAULT_RES_U_ACI; if(tid_p->user != RSBAC_ALL_USERS) { rsbac_uid_t all_users = RSBAC_ALL_USERS; rsbac_ta_list_get_data_ttl(ta_number, user_handles.res, NULL, &all_users, &def_aci); } if(memcmp(&aci, &def_aci, sizeof(aci))) err = rsbac_ta_list_add_ttl(ta_number, user_handles.res, 0, &tid_p->user, &aci); else err = rsbac_ta_list_remove(ta_number, user_handles.res, &tid_p->user); } } break; #endif #if defined(CONFIG_RSBAC_PAX) case PAX: { rsbac_system_role_int_t role = value_p->system_role; switch (attr) { case A_system_role: case A_pax_role: err = rsbac_ta_list_add_ttl(ta_number, user_handles.pax, 0, &tid_p->user, &role); break; default: err = -RSBAC_EINVALIDATTR; } } break; #endif default: err = -RSBAC_EINVALIDMODULE; } return err; }

static void wakeup_auto (  u_long  dummy  )  [static]

Definition at line 2063 of file aci_data_structures.c. Referenced by rsbac_get_super_block(). { wake_up((void *) dummy); }

rsbac_boolean_t writable (  struct super_block *  sb_p  )

Definition at line 316 of file aci_data_structures.c. References FALSE, KERNEL_VERSION, rsbac_debug_no_write, SOCKFS_MAGIC, SYSFS_MAGIC, and TRUE. Referenced by lookup_aci_path_dentry(), and rsbac_write_open(). { #ifdef CONFIG_RSBAC_NO_WRITE return(FALSE); #else if (!sb_p || !sb_p->s_dev) return(FALSE); if ( rsbac_debug_no_write || (sb_p->s_flags & MS_RDONLY) || in_interrupt()) return(FALSE); if ( !MAJOR(sb_p->s_dev) #ifndef CONFIG_RSBAC_MSDOS_WRITE || (sb_p->s_magic == MSDOS_SUPER_MAGIC) #endif || (sb_p->s_magic == SOCKFS_MAGIC) || (sb_p->s_magic == PIPEFS_MAGIC) #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) || (sb_p->s_magic == SYSFS_MAGIC) #endif || (sb_p->s_magic == NFS_SUPER_MAGIC) || (sb_p->s_magic == CODA_SUPER_MAGIC) || (sb_p->s_magic == NCP_SUPER_MAGIC) || (sb_p->s_magic == SMB_SUPER_MAGIC) || (sb_p->s_magic == ISOFS_SUPER_MAGIC)) return(FALSE); else return(TRUE); #endif }

---

Variable Documentation

char compiled_modules[80] [static]

Definition at line 120 of file aci_data_structures.c. Referenced by rsbac_do_init().

struct rsbac_gen_fd_aci_t def_gen_fd_aci = DEFAULT_GEN_FD_ACI [static]

Definition at line 155 of file aci_data_structures.c.

struct rsbac_gen_fd_aci_t def_gen_root_dir_aci = DEFAULT_GEN_ROOT_DIR_ACI [static]

Definition at line 154 of file aci_data_structures.c.

struct rsbac_dev_handles_t dev_handles [static]

Definition at line 129 of file aci_data_structures.c. Referenced by get_attr_dev(), register_dev_lists(), rsbac_stats(), rsbac_ta_list_all_dev(), rsbac_ta_remove_target(), and set_attr_dev().

struct rsbac_dev_handles_t dev_major_handles [static]

Definition at line 130 of file aci_data_structures.c. Referenced by get_attr_dev(), register_dev_lists(), rsbac_stats(), rsbac_ta_list_all_dev(), and set_attr_dev().

struct rsbac_device_list_head_t device_list_head [static]

Definition at line 128 of file aci_data_structures.c. Referenced by add_device_item(), get_attr_fd(), lookup_aci_path_dentry(), lookup_device(), remove_device_item(), rsbac_do_init(), rsbac_free_dat_dentries(), rsbac_get_parent(), rsbac_get_super_block(), rsbac_mount(), rsbac_stats(), rsbac_ta_remove_target(), rsbac_umount(), and set_attr_fd().

struct rsbac_ipc_handles_t ipc_handles [static]

Definition at line 131 of file aci_data_structures.c. Referenced by get_attr_ipc(), register_ipc_lists(), rsbac_stats(), rsbac_ta_remove_target(), and set_attr_ipc().

struct rsbac_process_handles_t process_handles [static]

Definition at line 136 of file aci_data_structures.c. Referenced by get_attr_process(), register_process_lists(), rsbac_init(), rsbac_kthread_notify(), rsbac_stats(), rsbac_ta_remove_target(), and set_attr_process().

rsbac_boolean_t rsbac_initialized = FALSE [static]

Definition at line 118 of file aci_data_structures.c. Referenced by rsbac_do_init(), rsbac_free_dat_dentries(), rsbac_init(), rsbac_is_initialized(), rsbac_kthread_notify(), rsbac_mount(), rsbac_stats(), rsbac_ta_get_attr(), rsbac_ta_remove_target(), rsbac_ta_set_attr(), and rsbac_umount().

kdev_t rsbac_root_dev

Definition at line 122 of file aci_data_structures.c. Referenced by read_info(), rsbac_do_init(), rsbac_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_list_lol_register(), rsbac_list_register(), rsbac_mount(), and write_info().

struct dentry* sysfs_covered_p = NULL [static]

Definition at line 203 of file aci_data_structures.c. Referenced by rsbac_do_init(), rsbac_mount(), and rsbac_umount().

struct super_block* sysfs_sb_p = NULL [static]

Definition at line 204 of file aci_data_structures.c. Referenced by rsbac_do_init(), rsbac_mount(), and rsbac_umount().

struct rsbac_user_handles_t user_handles [static]

Definition at line 132 of file aci_data_structures.c. Referenced by get_attr_user(), register_user_lists(), rsbac_init(), rsbac_stats(), rsbac_ta_list_all_user(), rsbac_ta_remove_target(), and set_attr_user().

---