auth_data_structures.c File Reference

#include <linux/types.h>
#include <linux/sched.h>
#include <linux/mm.h>
#include <linux/init.h>
#include <linux/ext2_fs.h>
#include <asm/uaccess.h>
#include <rsbac/types.h>
#include <rsbac/aci_data_structures.h>
#include <rsbac/auth_data_structures.h>
#include <rsbac/error.h>
#include <rsbac/helpers.h>
#include <rsbac/adf.h>
#include <rsbac/aci.h>
#include <rsbac/auth.h>
#include <rsbac/lists.h>
#include <rsbac/proc_fs.h>
#include <rsbac/rkmem.h>
#include <rsbac/getname.h>
#include <linux/string.h>
#include <linux/smp_lock.h>

Go to the source code of this file.

Functions
rsbac_boolean_t	writable (struct super_block *sb_p)
static int	fd_hash (rsbac_inode_nr_t inode)
static int	cap_compare (void *desc1, void *desc2)
static int	single_cap_compare (void *desc1, void *desc2)
static int	auth_register_fd_lists (struct rsbac_auth_device_list_item_t *device_p, kdev_t kdev)
static int	auth_detach_fd_lists (struct rsbac_auth_device_list_item_t *device_p)
static struct rsbac_auth_device_list_item_t *	lookup_device (kdev_t kdev)
static struct rsbac_auth_device_list_item_t *	create_device_item (kdev_t kdev)
static struct rsbac_auth_device_list_item_t *	add_device_item (struct rsbac_auth_device_list_item_t *device_p)
static void	clear_device_item (struct rsbac_auth_device_list_item_t *item_p)
static void	remove_device_item (kdev_t kdev)
static int	copy_fp_cap_set_item (struct rsbac_auth_device_list_item_t *device_p, rsbac_auth_file_t file, rsbac_pid_t pid)
static int	copy_pp_cap_set_item_handle (rsbac_list_handle_t handle, rsbac_pid_t old_pid, rsbac_pid_t new_pid)
static int	copy_pp_cap_set_item (rsbac_pid_t old_pid, rsbac_pid_t new_pid)
int __init	rsbac_init_auth (void)
int	rsbac_mount_auth (kdev_t kdev)
int	rsbac_umount_auth (kdev_t kdev)
int	rsbac_stats_auth (void)
int	rsbac_auth_add_to_p_capset (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl)
int	rsbac_auth_add_to_f_capset (rsbac_list_ta_number_t ta_number, rsbac_auth_file_t file, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl)
int	rsbac_auth_remove_from_p_capset (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range)
int	rsbac_auth_remove_from_f_capset (rsbac_list_ta_number_t ta_number, rsbac_auth_file_t file, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range)
int	rsbac_auth_clear_p_capset (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type)
int	rsbac_auth_clear_f_capset (rsbac_list_ta_number_t ta_number, rsbac_auth_file_t file, enum rsbac_auth_cap_type_t cap_type)
rsbac_boolean_t	rsbac_auth_p_capset_member (rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, rsbac_uid_t member)
int	rsbac_auth_remove_p_capsets (rsbac_pid_t pid)
int	rsbac_auth_remove_f_capsets (rsbac_auth_file_t file)
int	rsbac_auth_copy_fp_capset (rsbac_auth_file_t file, rsbac_pid_t p_cap_set_id)
int	rsbac_auth_copy_pp_capset (rsbac_pid_t old_p_set_id, rsbac_pid_t new_p_set_id)
int	rsbac_auth_get_f_caplist (rsbac_list_ta_number_t ta_number, rsbac_auth_file_t file, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t **caplist_p, rsbac_time_t **ttllist_p)
int	rsbac_auth_get_p_caplist (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t **caplist_p, rsbac_time_t **ttllist_p)
Variables
static struct rsbac_auth_device_list_head_t	device_list_head
static rsbac_list_handle_t	process_handle = NULL

---

Function Documentation

static struct rsbac_auth_device_list_item_t* add_device_item (  struct rsbac_auth_device_list_item_t *  device_p  )  [static]

Definition at line 686 of file auth_data_structures.c. References rsbac_auth_device_list_head_t::count, rsbac_auth_device_list_head_t::curr, rsbac_auth_device_list_head_t::head, rsbac_auth_device_list_item_t::next, NULL, and rsbac_auth_device_list_head_t::tail. { if (!device_p) return(NULL); /* add new device to device list */ if (!device_list_head.head) { /* first device */ device_list_head.head=device_p; device_list_head.tail=device_p; device_list_head.curr=device_p; device_list_head.count=1; device_p->prev=NULL; device_p->next=NULL; } else { /* there is another device -> hang to tail */ device_p->prev=device_list_head.tail; device_p->next=NULL; device_list_head.tail->next=device_p; device_list_head.tail=device_p; device_list_head.curr=device_p; device_list_head.count++; }; return(device_p); };

static int auth_detach_fd_lists (  struct rsbac_auth_device_list_item_t *  device_p  )  [static]

Definition at line 424 of file auth_data_structures.c. References get_error_name(), rsbac_auth_device_list_item_t::handles, rsbac_auth_device_list_item_t::id, inttostr(), name, RSBAC_AUTH_FD_EFF_FILENAME, RSBAC_AUTH_FD_FILENAME, RSBAC_AUTH_FD_FS_FILENAME, RSBAC_AUTH_FD_GROUP_EFF_FILENAME, RSBAC_AUTH_FD_GROUP_FILENAME, RSBAC_AUTH_FD_GROUP_FS_FILENAME, RSBAC_AUTH_LIST_KEY, RSBAC_AUTH_NR_CAP_EFF_FD_LISTS, RSBAC_AUTH_NR_CAP_FD_LISTS, RSBAC_AUTH_NR_CAP_FS_FD_LISTS, RSBAC_AUTH_NR_CAP_GROUP_EFF_FD_LISTS, RSBAC_AUTH_NR_CAP_GROUP_FD_LISTS, RSBAC_AUTH_NR_CAP_GROUP_FS_FD_LISTS, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_lol_detach(), RSBAC_MAXNAMELEN, and rsbac_printk(). Referenced by clear_device_item(). { char * name; int err = 0; int tmperr; char number[10]; u_int file_no; if(!device_p) return(-RSBAC_EINVALIDPOINTER); name = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(!name) return -RSBAC_ENOMEM; /* detach all the AUTH lists of lists */ for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_FILENAME); strcat(name, inttostr(number,file_no) ); tmperr = rsbac_list_lol_detach(&device_p->handles[file_no], RSBAC_AUTH_LIST_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_EFF_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_EFF_FILENAME); strcat(name, inttostr(number,file_no) ); tmperr = rsbac_list_lol_detach(&device_p->eff_handles[file_no], RSBAC_AUTH_LIST_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_FS_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_FS_FILENAME); strcat(name, inttostr(number,file_no) ); tmperr = rsbac_list_lol_detach(&device_p->fs_handles[file_no], RSBAC_AUTH_LIST_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #ifdef CONFIG_RSBAC_AUTH_GROUP /* detach all the AUTH lists of lists */ for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_GROUP_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_GROUP_FILENAME); strcat(name, inttostr(number,file_no) ); tmperr = rsbac_list_lol_detach(&device_p->group_handles[file_no], RSBAC_AUTH_LIST_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_GROUP_EFF_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_GROUP_EFF_FILENAME); strcat(name, inttostr(number,file_no) ); tmperr = rsbac_list_lol_detach(&device_p->group_eff_handles[file_no], RSBAC_AUTH_LIST_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_GROUP_FS_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_GROUP_FS_FILENAME); strcat(name, inttostr(number,file_no) ); tmperr = rsbac_list_lol_detach(&device_p->group_fs_handles[file_no], RSBAC_AUTH_LIST_KEY); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #endif /* AUTH_GROUP */ return err; }

static int auth_register_fd_lists (  struct rsbac_auth_device_list_item_t *  device_p, kdev_t  kdev )  [static]

Definition at line 134 of file auth_data_structures.c. References cap_compare(), rsbac_list_lol_info_t::data_size, rsbac_list_lol_info_t::desc_size, get_error_name(), rsbac_auth_device_list_item_t::handles, inttostr(), rsbac_list_lol_info_t::key, rsbac_list_lol_info_t::max_age, name, NULL, RSBAC_AUTH_FD_EFF_FILENAME, RSBAC_AUTH_FD_EFF_LIST_VERSION, RSBAC_AUTH_FD_FILENAME, RSBAC_AUTH_FD_FS_FILENAME, RSBAC_AUTH_FD_FS_LIST_VERSION, RSBAC_AUTH_FD_GROUP_EFF_FILENAME, RSBAC_AUTH_FD_GROUP_EFF_LIST_VERSION, RSBAC_AUTH_FD_GROUP_FILENAME, RSBAC_AUTH_FD_GROUP_FS_FILENAME, RSBAC_AUTH_FD_GROUP_FS_LIST_VERSION, RSBAC_AUTH_FD_GROUP_LIST_VERSION, RSBAC_AUTH_FD_LIST_VERSION, RSBAC_AUTH_LIST_KEY, RSBAC_AUTH_NR_CAP_EFF_FD_LISTS, RSBAC_AUTH_NR_CAP_FD_LISTS, RSBAC_AUTH_NR_CAP_FS_FD_LISTS, RSBAC_AUTH_NR_CAP_GROUP_EFF_FD_LISTS, RSBAC_AUTH_NR_CAP_GROUP_FD_LISTS, RSBAC_AUTH_NR_CAP_GROUP_FS_FD_LISTS, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_compare_u32(), RSBAC_LIST_DEF_DATA, rsbac_list_lol_register(), RSBAC_LIST_PERSIST, RSBAC_LIST_VERSION, RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_list_lol_info_t::subdata_size, rsbac_list_lol_info_t::subdesc_size, and rsbac_list_lol_info_t::version. Referenced by rsbac_init_auth(), and rsbac_mount_auth(). { char * name; int err = 0; int tmperr; char number[10]; u_int file_no; struct rsbac_list_lol_info_t lol_info; if(!device_p) return(-RSBAC_EINVALIDPOINTER); name = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(!name) return -RSBAC_ENOMEM; /* register all the AUTH lists of lists */ for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_FILENAME); strcat(name, inttostr(number,file_no) ); lol_info.version = RSBAC_AUTH_FD_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_inode_nr_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; /* rights */ lol_info.max_age = 0; tmperr = rsbac_list_lol_register(RSBAC_LIST_VERSION, &(device_p->handles[file_no]), &lol_info, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, cap_compare, NULL, NULL, NULL, NULL, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER /* register all the AUTH DAC lists of lists */ for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_EFF_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_EFF_FILENAME); strcat(name, inttostr(number,file_no) ); lol_info.version = RSBAC_AUTH_FD_EFF_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_inode_nr_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; /* rights */ lol_info.max_age = 0; tmperr = rsbac_list_lol_register(RSBAC_LIST_VERSION, &(device_p->eff_handles[file_no]), &lol_info, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, cap_compare, NULL, NULL, NULL, NULL, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_FS_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_FS_FILENAME); strcat(name, inttostr(number,file_no) ); lol_info.version = RSBAC_AUTH_FD_FS_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_inode_nr_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; /* rights */ lol_info.max_age = 0; tmperr = rsbac_list_lol_register(RSBAC_LIST_VERSION, &(device_p->fs_handles[file_no]), &lol_info, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, cap_compare, NULL, NULL, NULL, NULL, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #ifdef CONFIG_RSBAC_AUTH_GROUP for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_GROUP_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_GROUP_FILENAME); strcat(name, inttostr(number,file_no) ); lol_info.version = RSBAC_AUTH_FD_GROUP_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_inode_nr_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; /* rights */ lol_info.max_age = 0; tmperr = rsbac_list_lol_register(RSBAC_LIST_VERSION, &(device_p->group_handles[file_no]), &lol_info, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, cap_compare, NULL, NULL, NULL, NULL, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_GROUP_EFF_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_GROUP_EFF_FILENAME); strcat(name, inttostr(number,file_no) ); lol_info.version = RSBAC_AUTH_FD_GROUP_EFF_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_inode_nr_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; /* rights */ lol_info.max_age = 0; tmperr = rsbac_list_lol_register(RSBAC_LIST_VERSION, &(device_p->group_eff_handles[file_no]), &lol_info, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, cap_compare, NULL, NULL, NULL, NULL, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } for (file_no = 0; file_no < RSBAC_AUTH_NR_CAP_GROUP_FS_FD_LISTS; file_no++) { /* construct name from base name + number */ strcpy(name, RSBAC_AUTH_FD_GROUP_FS_FILENAME); strcat(name, inttostr(number,file_no) ); lol_info.version = RSBAC_AUTH_FD_GROUP_FS_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_inode_nr_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; /* rights */ lol_info.max_age = 0; tmperr = rsbac_list_lol_register(RSBAC_LIST_VERSION, &(device_p->group_fs_handles[file_no]), &lol_info, RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, rsbac_list_compare_u32, cap_compare, NULL, NULL, NULL, NULL, name, kdev); if(tmperr) { char * tmp; tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "auth_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n", name, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp, tmperr)); rsbac_kfree(tmp); } err = tmperr; } } #endif #endif /* AUTH_GROUP */ return err; }

static int cap_compare (  void *  desc1, void *  desc2 )  [static]

Definition at line 98 of file auth_data_structures.c. References rsbac_auth_cap_range_t::first, and rsbac_auth_cap_range_t::last. Referenced by auth_register_fd_lists(), and rsbac_init_auth(). { struct rsbac_auth_cap_range_t * range1 = desc1; struct rsbac_auth_cap_range_t * range2 = desc2; if(!desc1 || !desc2) return 0; if(range1->first < range2->first) return -1; if(range1->first > range2->first) return 1; if(range1->last < range2->last) return -1; if(range1->last > range2->last) return 1; return 0; };

static void clear_device_item (  struct rsbac_auth_device_list_item_t *  item_p  )  [static]

Definition at line 720 of file auth_data_structures.c. References auth_detach_fd_lists(), and rsbac_kfree(). { if(!item_p) return; /* First deregister lists... */ auth_detach_fd_lists(item_p); /* OK, lets remove the device item itself */ rsbac_kfree(item_p); }; /* end of clear_device_item() */

static int copy_fp_cap_set_item (  struct rsbac_auth_device_list_item_t *  device_p, rsbac_auth_file_t  file, rsbac_pid_t  pid )  [static]

Definition at line 781 of file auth_data_structures.c. References fd_hash(), rsbac_auth_device_list_item_t::handles, NULL, process_handle, RSBAC_ENOTFOUND, rsbac_get_parent(), rsbac_list_lol_get_all_subdesc_ttl(), rsbac_list_lol_remove(), rsbac_list_lol_subadd_ttl(), rsbac_vfree, and T_FILE. Referenced by rsbac_auth_copy_fp_capset(). { struct rsbac_auth_cap_range_t * cap_item_p; rsbac_time_t * ttl_p; int i; long count; enum rsbac_target_t target = T_FILE; union rsbac_target_id_t tid; rsbac_list_lol_remove(process_handle, &pid); count = rsbac_list_lol_get_all_subdesc_ttl(device_p->handles[fd_hash(file.inode)], &file.inode, (void **) &cap_item_p, &ttl_p); if( !count || (count == -RSBAC_ENOTFOUND) ) { tid.file = file; if(!rsbac_get_parent(target, tid, &target, &tid)) count = rsbac_list_lol_get_all_subdesc_ttl(device_p->handles[fd_hash(tid.file.inode)], &tid.file.inode, (void **) &cap_item_p, &ttl_p); } if(count > 0) { for(i=0; i < count ; i++) { rsbac_list_lol_subadd_ttl(process_handle, ttl_p[i], &pid, &cap_item_p[i], NULL); } rsbac_vfree(cap_item_p); rsbac_vfree(ttl_p); } else { if( (count < 0) && (count != -RSBAC_ENOTFOUND) ) return count; } #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER rsbac_list_lol_remove(process_eff_handle, &pid); count = rsbac_list_lol_get_all_subdesc_ttl(device_p->eff_handles[eff_fd_hash(file.inode)], &file.inode, (void **) &cap_item_p, &ttl_p); if( !count || (count == -RSBAC_ENOTFOUND) ) { tid.file = file; if(!rsbac_get_parent(target, tid, &target, &tid)) count = rsbac_list_lol_get_all_subdesc_ttl(device_p->eff_handles[eff_fd_hash(tid.file.inode)], &tid.file.inode, (void **) &cap_item_p, &ttl_p); } if(count > 0) { for(i=0; i < count ; i++) { rsbac_list_lol_subadd_ttl(process_eff_handle, ttl_p[i], &pid, &cap_item_p[i], NULL); } rsbac_vfree(cap_item_p); rsbac_vfree(ttl_p); } else { if( (count < 0) && (count != -RSBAC_ENOTFOUND) ) return count; } rsbac_list_lol_remove(process_fs_handle, &pid); count = rsbac_list_lol_get_all_subdesc_ttl(device_p->fs_handles[fs_fd_hash(file.inode)], &file.inode, (void **) &cap_item_p, &ttl_p); if( !count || (count == -RSBAC_ENOTFOUND) ) { tid.file = file; if(!rsbac_get_parent(target, tid, &target, &tid)) count = rsbac_list_lol_get_all_subdesc_ttl(device_p->fs_handles[fs_fd_hash(tid.file.inode)], &tid.file.inode, (void **) &cap_item_p, &ttl_p); } if(count > 0) { for(i=0; i < count ; i++) { rsbac_list_lol_subadd_ttl(process_fs_handle, ttl_p[i], &pid, &cap_item_p[i], NULL); } rsbac_vfree(cap_item_p); rsbac_vfree(ttl_p); } else { if( (count < 0) && (count != -RSBAC_ENOTFOUND) ) return count; } #endif #ifdef CONFIG_RSBAC_AUTH_GROUP rsbac_list_lol_remove(process_group_handle, &pid); count = rsbac_list_lol_get_all_subdesc_ttl(device_p->group_handles[group_fd_hash(file.inode)], &file.inode, (void **) &cap_item_p, &ttl_p); if( !count || (count == -RSBAC_ENOTFOUND) ) { tid.file = file; if(!rsbac_get_parent(target, tid, &target, &tid)) count = rsbac_list_lol_get_all_subdesc_ttl(device_p->group_handles[group_fd_hash(tid.file.inode)], &tid.file.inode, (void **) &cap_item_p, &ttl_p); } if(count > 0) { for(i=0; i < count ; i++) { rsbac_list_lol_subadd_ttl(process_group_handle, ttl_p[i], &pid, &cap_item_p[i], NULL); } rsbac_vfree(cap_item_p); rsbac_vfree(ttl_p); } else { if( (count < 0) && (count != -RSBAC_ENOTFOUND) ) return count; } #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP rsbac_list_lol_remove(process_group_eff_handle, &pid); count = rsbac_list_lol_get_all_subdesc_ttl(device_p->group_eff_handles[group_eff_fd_hash(file.inode)], &file.inode, (void **) &cap_item_p, &ttl_p); if( !count || (count == -RSBAC_ENOTFOUND) ) { tid.file = file; if(!rsbac_get_parent(target, tid, &target, &tid)) count = rsbac_list_lol_get_all_subdesc_ttl(device_p->group_eff_handles[group_eff_fd_hash(tid.file.inode)], &tid.file.inode, (void **) &cap_item_p, &ttl_p); } if(count > 0) { for(i=0; i < count ; i++) { rsbac_list_lol_subadd_ttl(process_group_eff_handle, ttl_p[i], &pid, &cap_item_p[i], NULL); } rsbac_vfree(cap_item_p); rsbac_vfree(ttl_p); } else { if( (count < 0) && (count != -RSBAC_ENOTFOUND) ) return count; } rsbac_list_lol_remove(process_group_fs_handle, &pid); count = rsbac_list_lol_get_all_subdesc_ttl(device_p->group_fs_handles[group_fs_fd_hash(file.inode)], &file.inode, (void **) &cap_item_p, &ttl_p); if( !count || (count == -RSBAC_ENOTFOUND) ) { tid.file = file; if(!rsbac_get_parent(target, tid, &target, &tid)) count = rsbac_list_lol_get_all_subdesc_ttl(device_p->group_fs_handles[group_fs_fd_hash(tid.file.inode)], &tid.file.inode, (void **) &cap_item_p, &ttl_p); } if(count > 0) { for(i=0; i < count ; i++) { rsbac_list_lol_subadd_ttl(process_group_fs_handle, ttl_p[i], &pid, &cap_item_p[i], NULL); } rsbac_vfree(cap_item_p); rsbac_vfree(ttl_p); } else { if( (count < 0) && (count != -RSBAC_ENOTFOUND) ) return count; } #endif #endif /* AUTH_GROUP */ return 0; }; /* end of copy_fp_cap_set_item() */

static int copy_pp_cap_set_item (  rsbac_pid_t  old_pid, rsbac_pid_t  new_pid )  [static]

Definition at line 1059 of file auth_data_structures.c. References copy_pp_cap_set_item_handle(), and process_handle. Referenced by rsbac_auth_copy_pp_capset(). { int res; res = copy_pp_cap_set_item_handle(process_handle, old_pid, new_pid); #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER if(res) return res; res = copy_pp_cap_set_item_handle(process_eff_handle, old_pid, new_pid); if(res) return res; res = copy_pp_cap_set_item_handle(process_fs_handle, old_pid, new_pid); #endif #ifdef CONFIG_RSBAC_AUTH_GROUP res = copy_pp_cap_set_item_handle(process_group_handle, old_pid, new_pid); #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP if(res) return res; res = copy_pp_cap_set_item_handle(process_group_eff_handle, old_pid, new_pid); if(res) return res; res = copy_pp_cap_set_item_handle(process_group_fs_handle, old_pid, new_pid); #endif #endif return(res); }; /* end of copy_pp_cap_set_item() */

static int copy_pp_cap_set_item_handle (  rsbac_list_handle_t  handle, rsbac_pid_t  old_pid, rsbac_pid_t  new_pid )  [static]

Definition at line 1024 of file auth_data_structures.c. References NULL, rsbac_list_lol_get_all_subdesc_ttl(), rsbac_list_lol_remove(), rsbac_list_lol_subadd_ttl(), and rsbac_vfree. Referenced by copy_pp_cap_set_item(). { struct rsbac_auth_cap_range_t * cap_item_p; rsbac_time_t * ttl_p; int i; long count; rsbac_list_lol_remove(handle, &new_pid); count = rsbac_list_lol_get_all_subdesc_ttl(handle, &old_pid, (void **) &cap_item_p, &ttl_p); if(count > 0) { for(i=0; i < count ; i++) { rsbac_list_lol_subadd_ttl(handle, ttl_p[i], &new_pid, &cap_item_p[i], NULL); } rsbac_vfree(cap_item_p); rsbac_vfree(ttl_p); } else { if(count < 0) return count; } return 0; }

static struct rsbac_auth_device_list_item_t* create_device_item (  kdev_t  kdev  )  [static]

Definition at line 649 of file auth_data_structures.c. References NULL, RSBAC_AUTH_NR_CAP_EFF_FD_LISTS, RSBAC_AUTH_NR_CAP_FD_LISTS, RSBAC_AUTH_NR_CAP_FS_FD_LISTS, RSBAC_AUTH_NR_CAP_GROUP_EFF_FD_LISTS, RSBAC_AUTH_NR_CAP_GROUP_FD_LISTS, RSBAC_AUTH_NR_CAP_GROUP_FS_FD_LISTS, and rsbac_kmalloc(). { struct rsbac_auth_device_list_item_t * new_item_p; int i; /* allocate memory for new device, return NULL, if failed */ if ( !(new_item_p = (struct rsbac_auth_device_list_item_t *) rsbac_kmalloc(sizeof(*new_item_p)) ) ) return(NULL); new_item_p->id = kdev; new_item_p->mount_count = 1; /* init file/dir sublists */ for(i=0 ; i < RSBAC_AUTH_NR_CAP_FD_LISTS ; i++) new_item_p->handles[i] = NULL; #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER for(i=0 ; i < RSBAC_AUTH_NR_CAP_EFF_FD_LISTS ; i++) new_item_p->eff_handles[i] = NULL; for(i=0 ; i < RSBAC_AUTH_NR_CAP_FS_FD_LISTS ; i++) new_item_p->fs_handles[i] = NULL; #endif #ifdef CONFIG_RSBAC_AUTH_GROUP for(i=0 ; i < RSBAC_AUTH_NR_CAP_GROUP_FD_LISTS ; i++) new_item_p->group_handles[i] = NULL; #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP for(i=0 ; i < RSBAC_AUTH_NR_CAP_GROUP_EFF_FD_LISTS ; i++) new_item_p->group_eff_handles[i] = NULL; for(i=0 ; i < RSBAC_AUTH_NR_CAP_GROUP_FS_FD_LISTS ; i++) new_item_p->group_fs_handles[i] = NULL; #endif #endif return(new_item_p); };

static int fd_hash (  rsbac_inode_nr_t  inode  )  [inline, static]

Definition at line 66 of file auth_data_structures.c. References RSBAC_AUTH_NR_CAP_FD_LISTS. { return(inode % RSBAC_AUTH_NR_CAP_FD_LISTS); }

static struct rsbac_auth_device_list_item_t* lookup_device (  kdev_t  kdev  )  [static]

Definition at line 612 of file auth_data_structures.c. References rsbac_auth_device_list_head_t::curr, rsbac_auth_device_list_head_t::head, rsbac_auth_device_list_item_t::id, and rsbac_auth_device_list_item_t::next. { struct rsbac_auth_device_list_item_t * curr = device_list_head.curr; /* if there is no current item or it is not the right one, search... */ if(! ( curr && (RSBAC_MAJOR(curr->id) == RSBAC_MAJOR(kdev)) && (RSBAC_MINOR(curr->id) == RSBAC_MINOR(kdev)) ) ) { curr = device_list_head.head; while( curr && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev)) || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev)) ) ) { curr = curr->next; } if (curr) device_list_head.curr=curr; } /* it is the current item -> return it */ return (curr); };

static void remove_device_item (  kdev_t  kdev  )  [static]

Definition at line 731 of file auth_data_structures.c. References clear_device_item(), rsbac_auth_device_list_head_t::count, rsbac_auth_device_list_head_t::curr, rsbac_auth_device_list_head_t::head, lookup_device(), rsbac_auth_device_list_item_t::next, NULL, rsbac_auth_device_list_item_t::prev, and rsbac_auth_device_list_head_t::tail. { struct rsbac_auth_device_list_item_t * item_p; /* first we must locate the item. */ if ( (item_p = lookup_device(kdev)) ) { /* ok, item was found */ if (device_list_head.head == item_p) { /* item is head */ if (device_list_head.tail == item_p) { /* item is head and tail = only item -> list will be empty*/ device_list_head.head = NULL; device_list_head.tail = NULL; } else { /* item is head, but not tail -> next item becomes head */ item_p->next->prev = NULL; device_list_head.head = item_p->next; }; } else { /* item is not head */ if (device_list_head.tail == item_p) { /*item is not head, but tail -> previous item becomes tail*/ item_p->prev->next = NULL; device_list_head.tail = item_p->prev; } else { /* item is neither head nor tail -> item is cut out */ item_p->prev->next = item_p->next; item_p->next->prev = item_p->prev; }; }; /* curr is no longer valid -> reset. */ device_list_head.curr=NULL; /* adjust counter */ device_list_head.count--; /* now we can remove the item from memory. This means cleaning up */ /* everything below. */ clear_device_item(item_p); }; /* end of if: item was found */ }; /* end of remove_device_item() */

int rsbac_auth_add_to_f_capset (  rsbac_list_ta_number_t  ta_number, rsbac_auth_file_t  file, enum rsbac_auth_cap_type_t  cap_type, struct rsbac_auth_cap_range_t  cap_range, rsbac_time_t  ttl )

Definition at line 3074 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, fd_hash(), rsbac_auth_cap_range_t::first, rsbac_auth_device_list_item_t::handles, rsbac_auth_cap_range_t::last, rsbac_auth_device_list_head_t::lock, lookup_device(), NULL, RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl(). Referenced by rsbac_auth_add_f_cap(). { int err=0; u_long dflags; struct rsbac_auth_device_list_item_t * device_p; if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_auth_add_to_f_capset(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_auth_add_to_f_capset(): called from interrupt!\n"); } if(cap_range.first > cap_range.last) return(-RSBAC_EINVALIDVALUE); /* protect device list */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(file.device); if(!device_p) { /* trigger rsbac_mount() */ rsbac_read_unlock(&device_list_head.lock, &dflags); rsbac_get_super_block(file.device); /* retry */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(file.device); if(!device_p) { rsbac_printk(KERN_WARNING "rsbac_auth_add_to_f_capset(): invalid device %02u:%02u!\n", RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device)); rsbac_read_unlock(&device_list_head.lock, &dflags); return(-RSBAC_EINVALIDDEV); } } switch(cap_type) { case ACT_real: err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->handles[fd_hash(file.inode)], ttl, &file.inode, &cap_range, NULL); break; #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER case ACT_eff: err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->eff_handles[eff_fd_hash(file.inode)], ttl, &file.inode, &cap_range, NULL); break; case ACT_fs: err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->fs_handles[fs_fd_hash(file.inode)], ttl, &file.inode, &cap_range, NULL); break; #endif #ifdef CONFIG_RSBAC_AUTH_GROUP case ACT_group_real: err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->group_handles[group_fd_hash(file.inode)], ttl, &file.inode, &cap_range, NULL); break; #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP case ACT_group_eff: err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->group_eff_handles[group_eff_fd_hash(file.inode)], ttl, &file.inode, &cap_range, NULL); break; case ACT_group_fs: err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->group_fs_handles[group_fs_fd_hash(file.inode)], ttl, &file.inode, &cap_range, NULL); break; #endif #endif /* AUTH_GROUP */ default: err = -RSBAC_EINVALIDTARGET; } rsbac_read_unlock(&device_list_head.lock, &dflags); return(err); }

int rsbac_auth_add_to_p_capset (  rsbac_list_ta_number_t  ta_number, rsbac_pid_t  pid, enum rsbac_auth_cap_type_t  cap_type, struct rsbac_auth_cap_range_t  cap_range, rsbac_time_t  ttl )

Definition at line 3030 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, NULL, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl(). Referenced by rsbac_auth_add_p_cap(), and rsbac_replace_auth_cap(). { if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_auth_add_to_p_capset(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_auth_add_to_p_capset(): called from interrupt!\n"); } if(cap_range.first > cap_range.last) return(-RSBAC_EINVALIDVALUE); switch(cap_type) { case ACT_real: return rsbac_ta_list_lol_subadd_ttl(ta_number, process_handle, ttl, &pid, &cap_range, NULL); #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER case ACT_eff: return rsbac_ta_list_lol_subadd_ttl(ta_number, process_eff_handle, ttl, &pid, &cap_range, NULL); case ACT_fs: return rsbac_ta_list_lol_subadd_ttl(ta_number, process_fs_handle, ttl, &pid, &cap_range, NULL); #endif #ifdef CONFIG_RSBAC_AUTH_GROUP case ACT_group_real: return rsbac_ta_list_lol_subadd_ttl(ta_number, process_group_handle, ttl, &pid, &cap_range, NULL); #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP case ACT_group_eff: return rsbac_ta_list_lol_subadd_ttl(ta_number, process_group_eff_handle, ttl, &pid, &cap_range, NULL); case ACT_group_fs: return rsbac_ta_list_lol_subadd_ttl(ta_number, process_group_fs_handle, ttl, &pid, &cap_range, NULL); #endif #endif /* AUTH_GROUP */ default: return -RSBAC_EINVALIDTARGET; } }

int rsbac_auth_clear_f_capset (  rsbac_list_ta_number_t  ta_number, rsbac_auth_file_t  file, enum rsbac_auth_cap_type_t  cap_type )

Definition at line 3323 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, fd_hash(), rsbac_auth_device_list_item_t::handles, rsbac_auth_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove(). Referenced by rsbac_auth_remove_f_capsets(). { int err=0; u_long dflags; struct rsbac_auth_device_list_item_t * device_p; if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_auth_clear_f_capset(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_auth_clear_f_capset(): called from interrupt!\n"); } /* protect device list */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(file.device); if(!device_p) { /* trigger rsbac_mount() */ rsbac_read_unlock(&device_list_head.lock, &dflags); rsbac_get_super_block(file.device); /* retry */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(file.device); if(!device_p) { rsbac_printk(KERN_WARNING "rsbac_auth_clear_f_capset(): invalid device %02u:%02u!\n", RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device)); rsbac_read_unlock(&device_list_head.lock, &dflags); return(-RSBAC_EINVALIDDEV); } } switch(cap_type) { case ACT_real: err = rsbac_ta_list_lol_remove(ta_number, device_p->handles[fd_hash(file.inode)], &file.inode); break; #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER case ACT_eff: err = rsbac_ta_list_lol_remove(ta_number, device_p->eff_handles[eff_fd_hash(file.inode)], &file.inode); break; case ACT_fs: err = rsbac_ta_list_lol_remove(ta_number, device_p->fs_handles[fs_fd_hash(file.inode)], &file.inode); break; #endif #ifdef CONFIG_RSBAC_AUTH_GROUP case ACT_group_real: err = rsbac_ta_list_lol_remove(ta_number, device_p->group_handles[group_fd_hash(file.inode)], &file.inode); break; #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP case ACT_group_eff: err = rsbac_ta_list_lol_remove(ta_number, device_p->group_eff_handles[group_eff_fd_hash(file.inode)], &file.inode); break; case ACT_group_fs: err = rsbac_ta_list_lol_remove(ta_number, device_p->group_fs_handles[group_fs_fd_hash(file.inode)], &file.inode); break; #endif #endif /* AUTH_GROUP */ default: err = -RSBAC_EINVALIDTARGET; } rsbac_read_unlock(&device_list_head.lock, &dflags); return(err); }

int rsbac_auth_clear_p_capset (  rsbac_list_ta_number_t  ta_number, rsbac_pid_t  pid, enum rsbac_auth_cap_type_t  cap_type )

Definition at line 3283 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove(). Referenced by rsbac_auth_remove_p_capsets(). { if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_auth_clear_p_capset(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_auth_clear_p_capset(): called from interrupt!\n"); } switch(cap_type) { case ACT_real: return rsbac_ta_list_lol_remove(ta_number, process_handle, &pid); #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER case ACT_eff: return rsbac_ta_list_lol_remove(ta_number, process_eff_handle, &pid); case ACT_fs: return rsbac_ta_list_lol_remove(ta_number, process_fs_handle, &pid); #endif #ifdef CONFIG_RSBAC_AUTH_GROUP case ACT_group_real: return rsbac_ta_list_lol_remove(ta_number, process_group_handle, &pid); #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP case ACT_group_eff: return rsbac_ta_list_lol_remove(ta_number, process_group_eff_handle, &pid); case ACT_group_fs: return rsbac_ta_list_lol_remove(ta_number, process_group_fs_handle, &pid); #endif #endif /* AUTH_GROUP */ default: return -RSBAC_EINVALIDTARGET; } }

int rsbac_auth_copy_fp_capset (  rsbac_auth_file_t  file, rsbac_pid_t  p_cap_set_id )

Definition at line 3956 of file auth_data_structures.c. References copy_fp_cap_set_item(), rsbac_auth_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), and rsbac_printk(). Referenced by rsbac_adf_set_attr_auth(). { u_long dflags; struct rsbac_auth_device_list_item_t * device_p; int err=0; if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_auth_copy_fp_capset(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_auth_copy_fp_capset(): called from interrupt!\n"); } /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds_auth) rsbac_printk(KERN_DEBUG "rsbac_auth_copy_fp_capset(): Copying file cap set data to process cap set\n"); #endif */ /* protect device list */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(file.device); if(!device_p) { /* trigger rsbac_mount() */ rsbac_read_unlock(&device_list_head.lock, &dflags); rsbac_get_super_block(file.device); /* retry */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(file.device); if(!device_p) { rsbac_printk(KERN_WARNING "rsbac_auth_copy_fp_capset(): invalid device %02u:%02u!\n", RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device)); rsbac_read_unlock(&device_list_head.lock, &dflags); return(-RSBAC_EINVALIDDEV); } } /* call the copy function */ err = copy_fp_cap_set_item(device_p,file,p_cap_set_id); rsbac_read_unlock(&device_list_head.lock, &dflags); return(err); }

int rsbac_auth_copy_pp_capset (  rsbac_pid_t  old_p_set_id, rsbac_pid_t  new_p_set_id )

Definition at line 4004 of file auth_data_structures.c. References copy_pp_cap_set_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), and rsbac_printk(). Referenced by rsbac_adf_set_attr_auth(). { if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_auth_copy_pp_capset(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_auth_copy_pp_capset(): called from interrupt!\n"); } /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds_auth) rsbac_printk(KERN_DEBUG "rsbac_auth_copy_pp_capset(): Copying process cap set data to process cap set\n"); #endif */ /* call the copy function */ return copy_pp_cap_set_item(old_p_set_id,new_p_set_id); }

int rsbac_auth_get_f_caplist (  rsbac_list_ta_number_t  ta_number, rsbac_auth_file_t  file, enum rsbac_auth_cap_type_t  cap_type, struct rsbac_auth_cap_range_t **  caplist_p, rsbac_time_t **  ttllist_p )

Definition at line 4027 of file auth_data_structures.c. Referenced by sys_rsbac_auth_get_f_caplist(). { u_long dflags; struct rsbac_auth_device_list_item_t * device_p; long count; if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_auth_get_f_caplist(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_auth_get_f_caplist(): called from interrupt!\n"); } /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds_auth) rsbac_printk(KERN_DEBUG "rsbac_auth_get_f_caplist(): Getting file/dir cap set list\n"); #endif */ /* protect device list */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(file.device); if(!device_p) { /* trigger rsbac_mount() */ rsbac_read_unlock(&device_list_head.lock, &dflags); rsbac_get_super_block(file.device); /* retry */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(file.device); if(!device_p) { rsbac_printk(KERN_WARNING "rsbac_auth_get_f_caplist(): invalid device %02u:%02u!\n", RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device)); rsbac_read_unlock(&device_list_head.lock, &dflags); return(-RSBAC_EINVALIDDEV); } } switch(cap_type) { case ACT_real: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, device_p->handles[fd_hash(file.inode)], &file.inode, (void **) caplist_p, ttllist_p); break; #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER case ACT_eff: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, device_p->eff_handles[eff_fd_hash(file.inode)], &file.inode, (void **) caplist_p, ttllist_p); break; case ACT_fs: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, device_p->fs_handles[fs_fd_hash(file.inode)], &file.inode, (void **) caplist_p, ttllist_p); break; #endif #ifdef CONFIG_RSBAC_AUTH_GROUP case ACT_group_real: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, device_p->group_handles[group_fd_hash(file.inode)], &file.inode, (void **) caplist_p, ttllist_p); break; #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP case ACT_group_eff: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, device_p->group_eff_handles[group_eff_fd_hash(file.inode)], &file.inode, (void **) caplist_p, ttllist_p); break; case ACT_group_fs: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, device_p->group_fs_handles[group_fs_fd_hash(file.inode)], &file.inode, (void **) caplist_p, ttllist_p); break; #endif #endif /* AUTH_GROUP */ default: count = -RSBAC_EINVALIDTARGET; } rsbac_read_unlock(&device_list_head.lock, &dflags); return(count); }

int rsbac_auth_get_p_caplist (  rsbac_list_ta_number_t  ta_number, rsbac_pid_t  pid, enum rsbac_auth_cap_type_t  cap_type, struct rsbac_auth_cap_range_t **  caplist_p, rsbac_time_t **  ttllist_p )

Definition at line 4131 of file auth_data_structures.c. Referenced by sys_rsbac_auth_get_p_caplist(). { long count; if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_auth_get_p_caplist(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_auth_get_p_caplist(): called from interrupt!\n"); } /* #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds_auth) rsbac_printk(KERN_DEBUG "rsbac_auth_get_p_caplist(): Getting process cap set list\n"); #endif */ switch(cap_type) { case ACT_real: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, process_handle, &pid, (void **) caplist_p, ttllist_p); break; #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER case ACT_eff: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, process_eff_handle, &pid, (void **) caplist_p, ttllist_p); break; case ACT_fs: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, process_fs_handle, &pid, (void **) caplist_p, ttllist_p); break; #endif #ifdef CONFIG_RSBAC_AUTH_GROUP case ACT_group_real: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, process_group_handle, &pid, (void **) caplist_p, ttllist_p); break; #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP case ACT_group_eff: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, process_group_eff_handle, &pid, (void **) caplist_p, ttllist_p); break; case ACT_group_fs: count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, process_group_fs_handle, &pid, (void **) caplist_p, ttllist_p); break; #endif #endif /* AUTH_GROUP */ default: count = -RSBAC_EINVALIDTARGET; } return(count); }

rsbac_boolean_t rsbac_auth_p_capset_member (  rsbac_pid_t  pid, enum rsbac_auth_cap_type_t  cap_type, rsbac_uid_t  member )

Definition at line 3397 of file auth_data_structures.c. References A_auth_learn, ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, AUTH, rsbac_attribute_value_t::auth_learn, FALSE, fd_hash(), rsbac_auth_cap_range_t::first, rsbac_auth_device_list_item_t::handles, rsbac_auth_cap_range_t::last, rsbac_auth_device_list_head_t::lock, lookup_device(), NULL, rsbac_target_id_t::process, RSBAC_AUTH_DAC_GROUP_F_CAP, RSBAC_AUTH_DAC_OWNER_F_CAP, RSBAC_AUTH_GROUP_F_CAP, RSBAC_AUTH_MAX_RANGE_UID, RSBAC_AUTH_OWNER_F_CAP, rsbac_get_attr, rsbac_is_initialized(), rsbac_list_lol_subadd(), rsbac_list_lol_subexist_compare(), rsbac_printk(), single_cap_compare(), T_PROCESS, and TRUE. Referenced by rsbac_adf_request_auth(), and rsbac_replace_auth_cap(). { rsbac_boolean_t result; if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_auth_p_capset_member(): RSBAC not initialized\n"); return FALSE; } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_auth_p_capset_member(): called from interrupt!\n"); } switch(cap_type) { case ACT_real: result = rsbac_list_lol_subexist_compare(process_handle, &pid, &member, single_cap_compare); #if defined(CONFIG_RSBAC_AUTH_LEARN) if( !result && (member <= RSBAC_AUTH_MAX_RANGE_UID) ) { union rsbac_target_id_t tid; union rsbac_attribute_value_t attr_val; rsbac_boolean_t learn; learn = rsbac_auth_learn; if(!learn) { tid.process = pid; /* check learn on process */ if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE)) learn = attr_val.auth_learn; } if(learn) { struct rsbac_auth_cap_range_t range; rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH capability for uid %u to process %u (%.15s)!\n", member, pid, current->comm); range.first = member; range.last = member; rsbac_list_lol_subadd(process_handle, &pid, &range, NULL); tid.process = pid; if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE)) { struct rsbac_auth_device_list_item_t * device_p; union rsbac_attribute_value_t attr_val2; u_long dflags; if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_uid, &attr_val2, FALSE) && (range.first == attr_val2.auth_start_uid) ) { range.first = RSBAC_AUTH_OWNER_F_CAP; range.last = range.first; } rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH capability for uid %u to file %u on device %02u:%02u!\n", range.first, attr_val.auth_program_file.inode, MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(attr_val.auth_program_file.device); if(device_p) { rsbac_list_lol_subadd(device_p->handles[fd_hash(attr_val.auth_program_file.inode)], &attr_val.auth_program_file.inode, &range, NULL); } else { rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); } rsbac_read_unlock(&device_list_head.lock, &dflags); } result = TRUE; } } #endif break; #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER case ACT_eff: result = rsbac_list_lol_subexist_compare(process_eff_handle, &pid, &member, single_cap_compare); #if defined(CONFIG_RSBAC_AUTH_LEARN) if( !result && (member <= RSBAC_AUTH_MAX_RANGE_UID) ) { union rsbac_target_id_t tid; union rsbac_attribute_value_t attr_val; rsbac_boolean_t learn; learn = rsbac_auth_learn; if(!learn) { tid.process = pid; /* check learn on process */ if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE)) learn = attr_val.auth_learn; } if(learn) { struct rsbac_auth_cap_range_t range; rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH eff capability for uid %u to process %u (%.15s)!\n", member, pid, current->comm); range.first = member; range.last = member; rsbac_list_lol_subadd(process_eff_handle, &pid, &range, NULL); tid.process = pid; if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE)) { struct rsbac_auth_device_list_item_t * device_p; union rsbac_attribute_value_t attr_val2; u_long dflags; if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_uid, &attr_val2, FALSE) && (range.first == attr_val2.auth_start_uid) ) { range.first = RSBAC_AUTH_OWNER_F_CAP; range.last = range.first; } else if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_euid, &attr_val2, FALSE) && (range.first == attr_val2.auth_start_euid) ) { range.first = RSBAC_AUTH_DAC_OWNER_F_CAP; range.last = range.first; } rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH eff capability for uid %u to file %u on device %02u:%02u!\n", range.first, attr_val.auth_program_file.inode, MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(attr_val.auth_program_file.device); if(device_p) { rsbac_list_lol_subadd(device_p->eff_handles[eff_fd_hash(attr_val.auth_program_file.inode)], &attr_val.auth_program_file.inode, &range, NULL); } else { rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); } rsbac_read_unlock(&device_list_head.lock, &dflags); } result = TRUE; } } #endif break; case ACT_fs: result = rsbac_list_lol_subexist_compare(process_fs_handle, &pid, &member, single_cap_compare); #if defined(CONFIG_RSBAC_AUTH_LEARN) if( !result && (member <= RSBAC_AUTH_MAX_RANGE_UID) ) { union rsbac_target_id_t tid; union rsbac_attribute_value_t attr_val; rsbac_boolean_t learn; learn = rsbac_auth_learn; if(!learn) { tid.process = pid; /* check learn on process */ if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE)) learn = attr_val.auth_learn; } if(learn) { struct rsbac_auth_cap_range_t range; rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH fs capability for uid %u to process %u (%.15s)!\n", member, pid, current->comm); range.first = member; range.last = member; rsbac_list_lol_subadd(process_fs_handle, &pid, &range, NULL); tid.process = pid; if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE)) { struct rsbac_auth_device_list_item_t * device_p; union rsbac_attribute_value_t attr_val2; u_long dflags; if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_uid, &attr_val2, FALSE) && (range.first == attr_val2.auth_start_uid) ) { range.first = RSBAC_AUTH_OWNER_F_CAP; range.last = range.first; } else if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_euid, &attr_val2, FALSE) && (range.first == attr_val2.auth_start_euid) ) { range.first = RSBAC_AUTH_DAC_OWNER_F_CAP; range.last = range.first; } rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH fs capability for uid %u to file %u on device %02u:%02u!\n", range.first, attr_val.auth_program_file.inode, MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(attr_val.auth_program_file.device); if(device_p) { rsbac_list_lol_subadd(device_p->fs_handles[fs_fd_hash(attr_val.auth_program_file.inode)], &attr_val.auth_program_file.inode, &range, NULL); } else { rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); } rsbac_read_unlock(&device_list_head.lock, &dflags); } result = TRUE; } } #endif break; #endif /* AUTH_DAC_OWNER */ #ifdef CONFIG_RSBAC_AUTH_GROUP case ACT_group_real: result = rsbac_list_lol_subexist_compare(process_group_handle, &pid, &member, single_cap_compare); #if defined(CONFIG_RSBAC_AUTH_LEARN) if( !result && (member <= RSBAC_AUTH_MAX_RANGE_UID) ) { union rsbac_target_id_t tid; union rsbac_attribute_value_t attr_val; rsbac_boolean_t learn; learn = rsbac_auth_learn; if(!learn) { tid.process = pid; /* check learn on process */ if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE)) learn = attr_val.auth_learn; } if(learn) { struct rsbac_auth_cap_range_t range; rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group capability for gid %u to process %u (%.15s)!\n", member, pid, current->comm); range.first = member; range.last = member; rsbac_list_lol_subadd(process_group_handle, &pid, &range, NULL); tid.process = pid; if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE)) { struct rsbac_auth_device_list_item_t * device_p; union rsbac_attribute_value_t attr_val2; u_long dflags; if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_gid, &attr_val2, FALSE) && (range.first == attr_val2.auth_start_gid) ) { range.first = RSBAC_AUTH_GROUP_F_CAP; range.last = range.first; } rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group capability for gid %u to file %u on device %02u:%02u!\n", range.first, attr_val.auth_program_file.inode, MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(attr_val.auth_program_file.device); if(device_p) { rsbac_list_lol_subadd(device_p->group_handles[group_fd_hash(attr_val.auth_program_file.inode)], &attr_val.auth_program_file.inode, &range, NULL); } else { rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); } rsbac_read_unlock(&device_list_head.lock, &dflags); } result = TRUE; } } #endif break; #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP case ACT_group_eff: result = rsbac_list_lol_subexist_compare(process_group_eff_handle, &pid, &member, single_cap_compare); #if defined(CONFIG_RSBAC_AUTH_LEARN) if( !result && (member <= RSBAC_AUTH_MAX_RANGE_UID) ) { union rsbac_target_id_t tid; union rsbac_attribute_value_t attr_val; rsbac_boolean_t learn; learn = rsbac_auth_learn; if(!learn) { tid.process = pid; /* check learn on process */ if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE)) learn = attr_val.auth_learn; } if(learn) { struct rsbac_auth_cap_range_t range; rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group eff capability for gid %u to process %u (%.15s)!\n", member, pid, current->comm); range.first = member; range.last = member; rsbac_list_lol_subadd(process_group_eff_handle, &pid, &range, NULL); tid.process = pid; if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE)) { struct rsbac_auth_device_list_item_t * device_p; union rsbac_attribute_value_t attr_val2; u_long dflags; if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_gid, &attr_val2, FALSE) && (range.first == attr_val2.auth_start_gid) ) { range.first = RSBAC_AUTH_GROUP_F_CAP; range.last = range.first; } else if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_egid, &attr_val2, FALSE) && (range.first == attr_val2.auth_start_egid) ) { range.first = RSBAC_AUTH_DAC_GROUP_F_CAP; range.last = range.first; } rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group eff capability for gid %u to file %u on device %02u:%02u!\n", range.first, attr_val.auth_program_file.inode, MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(attr_val.auth_program_file.device); if(device_p) { rsbac_list_lol_subadd(device_p->group_eff_handles[group_eff_fd_hash(attr_val.auth_program_file.inode)], &attr_val.auth_program_file.inode, &range, NULL); } else { rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); } rsbac_read_unlock(&device_list_head.lock, &dflags); } result = TRUE; } } #endif break; case ACT_group_fs: result = rsbac_list_lol_subexist_compare(process_group_fs_handle, &pid, &member, single_cap_compare); #if defined(CONFIG_RSBAC_AUTH_LEARN) if( !result && (member <= RSBAC_AUTH_MAX_RANGE_UID) ) { union rsbac_target_id_t tid; union rsbac_attribute_value_t attr_val; rsbac_boolean_t learn; learn = rsbac_auth_learn; if(!learn) { tid.process = pid; /* check learn on process */ if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE)) learn = attr_val.auth_learn; } if(learn) { struct rsbac_auth_cap_range_t range; rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group fs capability for gid %u to process %u (%.15s)!\n", member, pid, current->comm); range.first = member; range.last = member; rsbac_list_lol_subadd(process_group_fs_handle, &pid, &range, NULL); tid.process = pid; if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE)) { struct rsbac_auth_device_list_item_t * device_p; union rsbac_attribute_value_t attr_val2; u_long dflags; if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_gid, &attr_val2, FALSE) && (range.first == attr_val2.auth_start_gid) ) { range.first = RSBAC_AUTH_GROUP_F_CAP; range.last = range.first; } else if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_egid, &attr_val2, FALSE) && (range.first == attr_val2.auth_start_egid) ) { range.first = RSBAC_AUTH_DAC_GROUP_F_CAP; range.last = range.first; } rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): adding AUTH group fs capability for gid %u to file %u on device %02u:%02u!\n", range.first, attr_val.auth_program_file.inode, MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(attr_val.auth_program_file.device); if(device_p) { rsbac_list_lol_subadd(device_p->group_fs_handles[group_fs_fd_hash(attr_val.auth_program_file.inode)], &attr_val.auth_program_file.inode, &range, NULL); } else { rsbac_printk(KERN_INFO "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n", MAJOR(attr_val.auth_program_file.device), MINOR(attr_val.auth_program_file.device)); } rsbac_read_unlock(&device_list_head.lock, &dflags); } result = TRUE; } } #endif break; #endif /* AUTH_DAC_GROUP */ #endif /* AUTH_GROUP */ default: return FALSE; } return result; }

int rsbac_auth_remove_f_capsets (  rsbac_auth_file_t  file  )

Definition at line 3932 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, and rsbac_auth_clear_f_capset(). Referenced by rsbac_adf_set_attr_auth(), and rsbac_ta_remove_target(). { int err; err = rsbac_auth_clear_f_capset(0, file, ACT_real); #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER if(!err) err = rsbac_auth_clear_f_capset(0, file, ACT_eff); if(!err) err = rsbac_auth_clear_f_capset(0, file, ACT_fs); #endif #ifdef CONFIG_RSBAC_AUTH_GROUP err = rsbac_auth_clear_f_capset(0, file, ACT_group_real); #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP if(!err) err = rsbac_auth_clear_f_capset(0, file, ACT_group_eff); if(!err) err = rsbac_auth_clear_f_capset(0, file, ACT_group_fs); #endif #endif /* AUTH_GROUP */ return err; }

int rsbac_auth_remove_from_f_capset (  rsbac_list_ta_number_t  ta_number, rsbac_auth_file_t  file, enum rsbac_auth_cap_type_t  cap_type, struct rsbac_auth_cap_range_t  cap_range )

Definition at line 3204 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, fd_hash(), rsbac_auth_cap_range_t::first, rsbac_auth_device_list_item_t::handles, rsbac_auth_cap_range_t::last, rsbac_auth_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove(). Referenced by rsbac_auth_remove_f_cap(). { int err=0; u_long dflags; struct rsbac_auth_device_list_item_t * device_p; if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_f_capset(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_f_capset(): called from interrupt!\n"); } if(cap_range.first > cap_range.last) return(-RSBAC_EINVALIDVALUE); /* protect device list */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(file.device); if(!device_p) { /* trigger rsbac_mount() */ rsbac_read_unlock(&device_list_head.lock, &dflags); rsbac_get_super_block(file.device); /* retry */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(file.device); if(!device_p) { rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_f_capset(): invalid device %02u:%02u!\n", RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device)); rsbac_read_unlock(&device_list_head.lock, &dflags); return(-RSBAC_EINVALIDDEV); } } switch(cap_type) { case ACT_real: err = rsbac_ta_list_lol_subremove(ta_number, device_p->handles[fd_hash(file.inode)], &file.inode, &cap_range); break; #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER case ACT_eff: err = rsbac_ta_list_lol_subremove(ta_number, device_p->eff_handles[eff_fd_hash(file.inode)], &file.inode, &cap_range); break; case ACT_fs: err = rsbac_ta_list_lol_subremove(ta_number, device_p->fs_handles[fs_fd_hash(file.inode)], &file.inode, &cap_range); break; #endif #ifdef CONFIG_RSBAC_AUTH_GROUP case ACT_group_real: err = rsbac_ta_list_lol_subremove(ta_number, device_p->group_handles[group_fd_hash(file.inode)], &file.inode, &cap_range); break; #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP case ACT_group_eff: err = rsbac_ta_list_lol_subremove(ta_number, device_p->group_eff_handles[group_eff_fd_hash(file.inode)], &file.inode, &cap_range); break; case ACT_group_fs: err = rsbac_ta_list_lol_subremove(ta_number, device_p->group_fs_handles[group_fs_fd_hash(file.inode)], &file.inode, &cap_range); break; #endif #endif /* AUTH_GROUP */ default: err = -RSBAC_EINVALIDTARGET; } rsbac_read_unlock(&device_list_head.lock, &dflags); return(err); }

int rsbac_auth_remove_from_p_capset (  rsbac_list_ta_number_t  ta_number, rsbac_pid_t  pid, enum rsbac_auth_cap_type_t  cap_type, struct rsbac_auth_cap_range_t  cap_range )

Definition at line 3161 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove(). Referenced by rsbac_auth_remove_p_cap(), and rsbac_replace_auth_cap(). { if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_p_capset(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } if (in_interrupt()) { rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_p_capset(): called from interrupt!\n"); } if(cap_range.first > cap_range.last) return(-RSBAC_EINVALIDVALUE); switch(cap_type) { case ACT_real: return rsbac_ta_list_lol_subremove(ta_number, process_handle, &pid, &cap_range); #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER case ACT_eff: return rsbac_ta_list_lol_subremove(ta_number, process_eff_handle, &pid, &cap_range); case ACT_fs: return rsbac_ta_list_lol_subremove(ta_number, process_fs_handle, &pid, &cap_range); #endif #ifdef CONFIG_RSBAC_AUTH_GROUP case ACT_group_real: return rsbac_ta_list_lol_subremove(ta_number, process_group_handle, &pid, &cap_range); #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP case ACT_group_eff: return rsbac_ta_list_lol_subremove(ta_number, process_group_eff_handle, &pid, &cap_range); case ACT_group_fs: return rsbac_ta_list_lol_subremove(ta_number, process_group_fs_handle, &pid, &cap_range); #endif #endif /* AUTH_GROUP */ default: return -RSBAC_EINVALIDTARGET; } }

int rsbac_auth_remove_p_capsets (  rsbac_pid_t  pid  )

Definition at line 3912 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, and rsbac_auth_clear_p_capset(). Referenced by rsbac_ta_remove_target(). { int err; err = rsbac_auth_clear_p_capset(0, pid, ACT_real); #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER err = rsbac_auth_clear_p_capset(0, pid, ACT_eff); err = rsbac_auth_clear_p_capset(0, pid, ACT_fs); #endif #ifdef CONFIG_RSBAC_AUTH_GROUP err = rsbac_auth_clear_p_capset(0, pid, ACT_group_real); #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP err = rsbac_auth_clear_p_capset(0, pid, ACT_group_eff); err = rsbac_auth_clear_p_capset(0, pid, ACT_group_fs); #endif #endif /* AUTH_GROUP */ return err; }

int __init rsbac_init_auth (  void   )

Definition at line 2383 of file auth_data_structures.c. References add_device_item(), auth_register_fd_lists(), cap_compare(), rsbac_auth_device_list_head_t::count, create_device_item(), rsbac_auth_device_list_head_t::curr, rsbac_list_lol_info_t::data_size, rsbac_list_lol_info_t::desc_size, get_error_name(), rsbac_auth_device_list_head_t::head, rsbac_list_lol_info_t::key, rsbac_auth_device_list_head_t::lock, rsbac_list_lol_info_t::max_age, NULL, proc_rsbac_root_p, RSBAC_AUTH_LIST_KEY, RSBAC_AUTH_P_EFF_LIST_NAME, RSBAC_AUTH_P_FS_LIST_NAME, RSBAC_AUTH_P_GROUP_EFF_LIST_NAME, RSBAC_AUTH_P_GROUP_FS_LIST_NAME, RSBAC_AUTH_P_GROUP_LIST_NAME, RSBAC_AUTH_P_LIST_NAME, RSBAC_AUTH_P_LIST_VERSION, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EREINIT, rsbac_is_initialized(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_LIST_DEF_DATA, rsbac_list_lol_register(), RSBAC_LIST_VERSION, RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_root_dev, rsbac_list_lol_info_t::subdata_size, rsbac_list_lol_info_t::subdesc_size, rsbac_auth_device_list_head_t::tail, and rsbac_list_lol_info_t::version. Referenced by rsbac_do_init(). { int err = 0; struct rsbac_auth_device_list_item_t * device_p = NULL; u_long dflags; struct proc_dir_entry * tmp_entry_p; struct rsbac_list_lol_info_t lol_info; if (rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_init_auth(): RSBAC already initialized\n"); return(-RSBAC_EREINIT); } /* set rw-spinlocks to unlocked status and init data structures */ rsbac_printk(KERN_INFO "rsbac_init_auth(): Initializing RSBAC: AUTH subsystem\n"); lol_info.version = RSBAC_AUTH_P_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_pid_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; lol_info.max_age = 0; err = rsbac_list_lol_register(RSBAC_LIST_VERSION, &process_handle, &lol_info, RSBAC_LIST_DEF_DATA, NULL, cap_compare, NULL, NULL, NULL, NULL, RSBAC_AUTH_P_LIST_NAME, RSBAC_AUTO_DEV); if(err) { char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process cap list failed with error %s\n", get_error_name(tmp, err)); rsbac_kfree(tmp); } } #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER lol_info.version = RSBAC_AUTH_P_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_pid_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; lol_info.max_age = 0; err = rsbac_list_lol_register(RSBAC_LIST_VERSION, &process_eff_handle, &lol_info, RSBAC_LIST_DEF_DATA, NULL, cap_compare, NULL, NULL, NULL, NULL, RSBAC_AUTH_P_EFF_LIST_NAME, RSBAC_AUTO_DEV); if(err) { char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process eff cap list failed with error %s\n", get_error_name(tmp, err)); rsbac_kfree(tmp); } } lol_info.version = RSBAC_AUTH_P_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_pid_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; lol_info.max_age = 0; err = rsbac_list_lol_register(RSBAC_LIST_VERSION, &process_fs_handle, &lol_info, RSBAC_LIST_DEF_DATA, NULL, cap_compare, NULL, NULL, NULL, NULL, RSBAC_AUTH_P_FS_LIST_NAME, RSBAC_AUTO_DEV); if(err) { char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process fs cap list failed with error %s\n", get_error_name(tmp, err)); rsbac_kfree(tmp); } } #endif #ifdef CONFIG_RSBAC_AUTH_GROUP lol_info.version = RSBAC_AUTH_P_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_pid_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; lol_info.max_age = 0; err = rsbac_list_lol_register(RSBAC_LIST_VERSION, &process_group_handle, &lol_info, RSBAC_LIST_DEF_DATA, NULL, cap_compare, NULL, NULL, NULL, NULL, RSBAC_AUTH_P_GROUP_LIST_NAME, RSBAC_AUTO_DEV); if(err) { char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process group cap list failed with error %s\n", get_error_name(tmp, err)); rsbac_kfree(tmp); } } #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP lol_info.version = RSBAC_AUTH_P_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_pid_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; lol_info.max_age = 0; err = rsbac_list_lol_register(RSBAC_LIST_VERSION, &process_group_eff_handle, &lol_info, RSBAC_LIST_DEF_DATA, NULL, cap_compare, NULL, NULL, NULL, NULL, RSBAC_AUTH_P_GROUP_EFF_LIST_NAME, RSBAC_AUTO_DEV); if(err) { char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process group eff cap list failed with error %s\n", get_error_name(tmp, err)); rsbac_kfree(tmp); } } lol_info.version = RSBAC_AUTH_P_LIST_VERSION; lol_info.key = RSBAC_AUTH_LIST_KEY; lol_info.desc_size = sizeof(rsbac_pid_t); lol_info.data_size = 0; lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t); lol_info.subdata_size = 0; lol_info.max_age = 0; err = rsbac_list_lol_register(RSBAC_LIST_VERSION, &process_group_fs_handle, &lol_info, RSBAC_LIST_DEF_DATA, NULL, cap_compare, NULL, NULL, NULL, NULL, RSBAC_AUTH_P_GROUP_FS_LIST_NAME, RSBAC_AUTO_DEV); if(err) { char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); if(tmp) { rsbac_printk(KERN_WARNING "rsbac_init_auth(): Registering AUTH process group fs cap list failed with error %s\n", get_error_name(tmp, err)); rsbac_kfree(tmp); } } #endif #endif /* AUTH_GROUP */ /* Init FD lists */ device_list_head.lock = RW_LOCK_UNLOCKED; device_list_head.head = NULL; device_list_head.tail = NULL; device_list_head.curr = NULL; device_list_head.count = 0; /* read all data */ #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds_auth) rsbac_printk(KERN_INFO "rsbac_init_auth(): Registering FD lists\n"); #endif device_p = create_device_item(rsbac_root_dev); if (!device_p) { rsbac_printk(KERN_CRIT "rsbac_init_auth(): Could not add device!\n"); return(-RSBAC_ECOULDNOTADDDEVICE); } if((err = auth_register_fd_lists(device_p,rsbac_root_dev))) { char tmp[RSBAC_MAXNAMELEN]; rsbac_printk(KERN_WARNING "rsbac_init_auth(): File/Dir cap set registration failed for dev %02u:%02u, err %s!\n", RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err)); } /* wait for write access to device_list_head */ rsbac_write_lock_irq(&device_list_head.lock, &dflags); device_p = add_device_item(device_p); /* device was added, allow access */ rsbac_write_unlock_irq(&device_list_head.lock, &dflags); if (!device_p) { rsbac_printk(KERN_CRIT "rsbac_init_auth(): Could not add device!\n"); return(-RSBAC_ECOULDNOTADDDEVICE); } #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS) tmp_entry_p = create_proc_entry("auth_devices", S_IFREG | S_IRUGO, proc_rsbac_root_p); if(tmp_entry_p) { tmp_entry_p->get_info = auth_devices_proc_info; } tmp_entry_p = create_proc_entry("stats_auth", S_IFREG | S_IRUGO, proc_rsbac_root_p); if(tmp_entry_p) { tmp_entry_p->get_info = stats_auth_proc_info; } tmp_entry_p = create_proc_entry("auth_caplist", S_IFREG | S_IRUGO, proc_rsbac_root_p); if(tmp_entry_p) { tmp_entry_p->get_info = auth_caplist_proc_info; } #endif #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds_auth) rsbac_printk(KERN_DEBUG "rsbac_init_auth(): Ready.\n"); #endif return(err); };

int rsbac_mount_auth (  kdev_t  kdev  )

Definition at line 2663 of file auth_data_structures.c. References add_device_item(), auth_register_fd_lists(), clear_device_item(), create_device_item(), get_error_name(), rsbac_auth_device_list_head_t::lock, lookup_device(), rsbac_auth_device_list_item_t::mount_count, RSBAC_ECOULDNOTADDDEVICE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), RSBAC_MAXNAMELEN, and rsbac_printk(). Referenced by rsbac_mount(). { int err = 0; struct rsbac_auth_device_list_item_t * device_p; struct rsbac_auth_device_list_item_t * new_device_p; u_long dflags; if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_mount_auth(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds_auth) rsbac_printk(KERN_DEBUG "rsbac_mount_auth(): mounting device %02u:%02u\n", RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev)); #endif /* wait for write access to device_list_head */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = lookup_device(kdev); /* repeated mount? */ if(device_p) { rsbac_printk(KERN_WARNING "rsbac_mount_auth: repeated mount %u of device %02u:%02u\n", device_p->mount_count, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); device_p->mount_count++; rsbac_read_unlock(&device_list_head.lock, &dflags); return 0; } rsbac_read_unlock(&device_list_head.lock, &dflags); new_device_p = create_device_item(kdev); if(!new_device_p) return -RSBAC_ECOULDNOTADDDEVICE; /* register lists */ if((err = auth_register_fd_lists(new_device_p, kdev))) { char tmp[RSBAC_MAXNAMELEN]; rsbac_printk(KERN_WARNING "rsbac_mount_auth(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp,err)); } /* wait for read access to device_list_head */ rsbac_read_lock(&device_list_head.lock, &dflags); /* make sure to only add, if this device item has not been added in the meantime */ device_p = lookup_device(kdev); if(device_p) { rsbac_printk(KERN_WARNING "rsbac_mount_auth(): mount race for device %02u:%02u detected!\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); device_p->mount_count++; rsbac_read_unlock(&device_list_head.lock, &dflags); clear_device_item(new_device_p); } else { rsbac_read_unlock(&device_list_head.lock, &dflags); rsbac_write_lock_irq(&device_list_head.lock, &dflags); device_p = add_device_item(new_device_p); rsbac_write_unlock_irq(&device_list_head.lock, &dflags); if(!device_p) { rsbac_printk(KERN_WARNING "rsbac_mount_auth: adding device %02u:%02u failed!\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); clear_device_item(new_device_p); err = -RSBAC_ECOULDNOTADDDEVICE; } } return(err); };

int rsbac_stats_auth (  void   )

Definition at line 2783 of file auth_data_structures.c. References A_none, rsbac_attribute_value_t::dummy, rsbac_auth_device_list_item_t::handles, rsbac_auth_device_list_head_t::head, rsbac_auth_device_list_item_t::id, rsbac_auth_device_list_head_t::lock, rsbac_auth_device_list_item_t::next, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_lol_all_subcount(), rsbac_list_lol_count(), rsbac_printk(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD. Referenced by rsbac_stats(). { u_int cap_set_count = 0; u_int member_count = 0; u_long dflags; struct rsbac_auth_device_list_item_t * device_p; int i; union rsbac_target_id_t rsbac_target_id; union rsbac_attribute_value_t rsbac_attribute_value; if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_stats_auth(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_aef_auth) rsbac_printk(KERN_DEBUG "rsbac_stats_auth(): calling ADF\n"); #endif rsbac_target_id.scd = ST_rsbac; rsbac_attribute_value.dummy = 0; if (!rsbac_adf_request(R_GET_STATUS_DATA, current->pid, T_SCD, rsbac_target_id, A_none, rsbac_attribute_value)) { return -EPERM; } rsbac_printk(KERN_INFO "AUTH Status\n-----------\n"); rsbac_printk(KERN_INFO "%lu process cap set items, sum of %lu members\n", rsbac_list_lol_count(process_handle), rsbac_list_lol_all_subcount(process_handle)); /* protect device list */ rsbac_read_lock(&device_list_head.lock, &dflags); device_p = device_list_head.head; while(device_p) { /* reset counters */ cap_set_count = 0; member_count = 0; for(i=0 ; i < RSBAC_AUTH_NR_CAP_FD_LISTS; i++) { cap_set_count += rsbac_list_lol_count(device_p->handles[i]); member_count += rsbac_list_lol_all_subcount(device_p->handles[i]); } rsbac_printk(KERN_INFO "device %02u:%02u has %u file cap set items, sum of %u members\n", RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), cap_set_count,member_count); device_p = device_p->next; } /* unprotect device list */ rsbac_read_unlock(&device_list_head.lock, &dflags); return(0); };

int rsbac_umount_auth (  kdev_t  kdev  )

Definition at line 2740 of file auth_data_structures.c. References rsbac_auth_device_list_head_t::lock, lookup_device(), rsbac_auth_device_list_item_t::mount_count, remove_device_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), and rsbac_printk(). Referenced by rsbac_umount(). { u_long flags; struct rsbac_auth_device_list_item_t * device_p; if (!rsbac_is_initialized()) { rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n"); return(-RSBAC_ENOTINITIALIZED); } #ifdef CONFIG_RSBAC_DEBUG if (rsbac_debug_ds_auth) rsbac_printk(KERN_DEBUG "rsbac_umount_auth(): umounting device %02u:%02u\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); #endif /* sync of attribute lists was done in rsbac_umount */ /* wait for write access to device_list_head */ rsbac_write_lock(&device_list_head.lock, &flags); /* OK, nobody else is working on it... */ device_p = lookup_device(kdev); if(device_p) { if(device_p->mount_count == 1) remove_device_item(kdev); else { if(device_p->mount_count > 1) device_p->mount_count--; else rsbac_printk(KERN_WARNING "rsbac_mount_auth: device %02u:%02u has mount_count < 1!\n", RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); } } /* allow access */ rsbac_write_unlock(&device_list_head.lock, &flags); return(0); }

static int single_cap_compare (  void *  desc1, void *  desc2 )  [static]

Definition at line 116 of file auth_data_structures.c. References rsbac_auth_cap_range_t::first, and rsbac_auth_cap_range_t::last. Referenced by rsbac_auth_p_capset_member(). { struct rsbac_auth_cap_range_t * range = desc1; rsbac_uid_t * uid = desc2; if(!desc1 || !desc2) return 0; if( (*uid < range->first) || (*uid > range->last) ) return 1; else return 0; };

rsbac_boolean_t writable (  struct super_block *  sb_p  )

Definition at line 316 of file aci_data_structures.c. { #ifdef CONFIG_RSBAC_NO_WRITE return(FALSE); #else if (!sb_p || !sb_p->s_dev) return(FALSE); if ( rsbac_debug_no_write || (sb_p->s_flags & MS_RDONLY) || in_interrupt()) return(FALSE); if ( !MAJOR(sb_p->s_dev) #ifndef CONFIG_RSBAC_MSDOS_WRITE || (sb_p->s_magic == MSDOS_SUPER_MAGIC) #endif || (sb_p->s_magic == SOCKFS_MAGIC) || (sb_p->s_magic == PIPEFS_MAGIC) #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) || (sb_p->s_magic == SYSFS_MAGIC) #endif || (sb_p->s_magic == NFS_SUPER_MAGIC) || (sb_p->s_magic == CODA_SUPER_MAGIC) || (sb_p->s_magic == NCP_SUPER_MAGIC) || (sb_p->s_magic == SMB_SUPER_MAGIC) || (sb_p->s_magic == ISOFS_SUPER_MAGIC)) return(FALSE); else return(TRUE); #endif }

---

Variable Documentation

struct rsbac_auth_device_list_head_t device_list_head [static]

Definition at line 36 of file auth_data_structures.c.

rsbac_list_handle_t process_handle = NULL [static]

Definition at line 38 of file auth_data_structures.c. Referenced by copy_fp_cap_set_item(), copy_fp_tru_set_item(), copy_pp_cap_set_item(), and copy_pp_tru_set_item().

---