00001
00002
00003
00004
00005
00006
00007
00008
00009 #include <linux/types.h>
00010 #include <linux/sched.h>
00011 #include <linux/mm.h>
00012 #include <linux/init.h>
00013 #include <linux/ext2_fs.h>
00014 #include <asm/uaccess.h>
00015 #include <rsbac/types.h>
00016 #include <rsbac/aci_data_structures.h>
00017 #include <rsbac/acl_data_structures.h>
00018 #include <rsbac/error.h>
00019 #include <rsbac/helpers.h>
00020 #include <rsbac/adf.h>
00021 #include <rsbac/aci.h>
00022 #include <rsbac/acl.h>
00023 #include <rsbac/lists.h>
00024 #include <rsbac/proc_fs.h>
00025 #include <rsbac/getname.h>
00026 #include <rsbac/acl_getname.h>
00027 #include <rsbac/rkmem.h>
00028 #include <rsbac/network.h>
00029 #include <linux/string.h>
00030 #include <linux/smp_lock.h>
00031
00032
00033
00034
00035
00036
00037
00038 static struct rsbac_acl_device_list_head_t device_list_head;
00039
00040 static rsbac_list_handle_t dev_handle = NULL;
00041 static rsbac_list_handle_t dev_major_handle = NULL;
00042 static rsbac_list_handle_t scd_handle = NULL;
00043 static rsbac_list_handle_t group_handle = NULL;
00044 static rsbac_list_handle_t gm_handle = NULL;
00045 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00046 static rsbac_list_handle_t netdev_handle = NULL;
00047 #endif
00048 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00049 static rsbac_list_handle_t nettemp_nt_handle = NULL;
00050 static rsbac_list_handle_t nettemp_handle = NULL;
00051 static rsbac_list_handle_t netobj_handle = NULL;
00052 #endif
00053
00054 static rsbac_list_handle_t default_fd_handle = NULL;
00055 static rsbac_list_handle_t default_dev_handle = NULL;
00056 static rsbac_list_handle_t default_ipc_handle = NULL;
00057 static rsbac_list_handle_t default_scd_handle = NULL;
00058 static rsbac_list_handle_t u_handle = NULL;
00059 static rsbac_list_handle_t default_u_handle = NULL;
00060 static rsbac_list_handle_t default_p_handle = NULL;
00061 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00062 static rsbac_list_handle_t g_handle = NULL;
00063 static rsbac_list_handle_t default_g_handle = NULL;
00064 #endif
00065 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00066 static rsbac_list_handle_t default_netdev_handle = NULL;
00067 static rsbac_acl_rights_vector_t default_netdev_rights = 0;
00068 #endif
00069 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00070 static rsbac_list_handle_t default_nettemp_nt_handle = NULL;
00071 static rsbac_list_handle_t default_netobj_handle = NULL;
00072 static rsbac_acl_rights_vector_t default_nettemp_nt_rights = 0;
00073 static rsbac_acl_rights_vector_t default_netobj_rights = 0;
00074 #endif
00075
00076 static rsbac_acl_group_id_t group_last_new = 0;
00077
00078 static rsbac_acl_rights_vector_t default_fd_rights = 0;
00079 static rsbac_acl_rights_vector_t default_dev_rights = 0;
00080 static rsbac_acl_rights_vector_t default_ipc_rights = 0;
00081 static rsbac_acl_rights_vector_t default_scd_rights = 0;
00082 static rsbac_acl_rights_vector_t default_u_rights = 0;
00083 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00084 static rsbac_acl_rights_vector_t default_g_rights = 0;
00085 #endif
00086 static rsbac_acl_rights_vector_t default_p_rights = 0;
00087
00088
00089
00090
00091
00092 rsbac_boolean_t writable(struct super_block * sb_p);
00093
00094
00095
00096
00097
00098
00099
00100
00101
00102 static inline int fd_hash(rsbac_inode_nr_t inode)
00103 {
00104 return(inode % RSBAC_ACL_NR_FD_LISTS);
00105 }
00106
00107 static int entry_compare(void * desc1, void * desc2)
00108 {
00109 int result;
00110 struct rsbac_acl_entry_desc_t * i_desc1 = desc1;
00111 struct rsbac_acl_entry_desc_t * i_desc2 = desc2;
00112
00113 result = memcmp(&i_desc1->subj_type,
00114 &i_desc2->subj_type,
00115 sizeof(i_desc1->subj_type));
00116 if(result)
00117 return result;
00118 else
00119 return memcmp(&i_desc1->subj_id,
00120 &i_desc2->subj_id,
00121 sizeof(i_desc1->subj_id));
00122 }
00123
00124 static int dev_compare(void * desc1, void * desc2)
00125 {
00126 int result;
00127 struct rsbac_dev_desc_t * i_desc1 = desc1;
00128 struct rsbac_dev_desc_t * i_desc2 = desc2;
00129
00130 result = memcmp(&i_desc1->type,
00131 &i_desc2->type,
00132 sizeof(i_desc1->type));
00133 if(result)
00134 return result;
00135 result = memcmp(&i_desc1->major,
00136 &i_desc2->major,
00137 sizeof(i_desc1->major));
00138 if(result)
00139 return result;
00140 return memcmp(&i_desc1->minor,
00141 &i_desc2->minor,
00142 sizeof(i_desc1->minor));
00143 }
00144
00145 static int dev_major_compare(void * desc1, void * desc2)
00146 {
00147 int result;
00148 struct rsbac_dev_desc_t * i_desc1 = desc1;
00149 struct rsbac_dev_desc_t * i_desc2 = desc2;
00150
00151 result = memcmp(&i_desc1->type,
00152 &i_desc2->type,
00153 sizeof(i_desc1->type));
00154 if(result)
00155 return result;
00156 return memcmp(&i_desc1->major,
00157 &i_desc2->major,
00158 sizeof(i_desc1->major));
00159 }
00160
00161 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00162 static int netdev_compare(void * desc1, void * desc2)
00163 {
00164 return strncmp(desc1,
00165 desc2,
00166 RSBAC_IFNAMSIZ);
00167 }
00168 #endif
00169
00170 static int fd_conv(
00171 void * old_desc,
00172 void * old_data,
00173 void * new_desc,
00174 void * new_data)
00175 {
00176 rsbac_acl_rights_vector_t * new = new_data;
00177 rsbac_acl_rights_vector_t * old = old_data;
00178
00179 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00180 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00181 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00182 return 0;
00183 }
00184
00185 rsbac_list_conv_function_t * fd_get_conv(rsbac_version_t old_version)
00186 {
00187 switch(old_version)
00188 {
00189 case RSBAC_ACL_FD_OLD_LIST_VERSION:
00190 return fd_conv;
00191 default:
00192 return NULL;
00193 }
00194 }
00195
00196 static int dev_conv(
00197 void * old_desc,
00198 void * old_data,
00199 void * new_desc,
00200 void * new_data)
00201 {
00202 rsbac_acl_rights_vector_t * new = new_data;
00203 rsbac_acl_rights_vector_t * old = old_data;
00204
00205 memcpy(new_desc, old_desc, sizeof(struct rsbac_dev_desc_t));
00206 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00207 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00208 return 0;
00209 }
00210
00211 static int dev_old_conv(
00212 void * old_desc,
00213 void * old_data,
00214 void * new_desc,
00215 void * new_data)
00216 {
00217 struct rsbac_dev_desc_t * new = new_desc;
00218 struct rsbac_dev_t * old = old_desc;
00219 rsbac_acl_rights_vector_t * newd = new_data;
00220 rsbac_acl_rights_vector_t * oldd = old_data;
00221
00222
00223 memcpy(new_data, old_data, sizeof(rsbac_acl_rights_vector_t));
00224 new->type = old->type;
00225 new->major = RSBAC_MAJOR(old->id);
00226 new->minor = RSBAC_MINOR(old->id);
00227 *newd = (*oldd & RSBAC_ALL_REQUEST_VECTOR)
00228 | ( (*oldd & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00229 return 0;
00230 }
00231
00232 rsbac_list_conv_function_t * dev_get_conv(rsbac_version_t old_version)
00233 {
00234 switch(old_version)
00235 {
00236 case RSBAC_ACL_DEV_OLD_LIST_VERSION:
00237 return dev_conv;
00238 case RSBAC_ACL_DEV_OLD_OLD_LIST_VERSION:
00239 return dev_old_conv;
00240 default:
00241 return NULL;
00242 }
00243 }
00244
00245 static int scd_conv(
00246 void * old_desc,
00247 void * old_data,
00248 void * new_desc,
00249 void * new_data)
00250 {
00251 rsbac_acl_rights_vector_t * new = new_data;
00252 rsbac_acl_rights_vector_t * old = old_data;
00253
00254 memcpy(new_desc, old_desc, sizeof(__u8));
00255 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00256 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00257 return 0;
00258 }
00259
00260 rsbac_list_conv_function_t * scd_get_conv(rsbac_version_t old_version)
00261 {
00262 switch(old_version)
00263 {
00264 case RSBAC_ACL_SCD_OLD_LIST_VERSION:
00265 return scd_conv;
00266 default:
00267 return NULL;
00268 }
00269 }
00270
00271 static int netdev_conv(
00272 void * old_desc,
00273 void * old_data,
00274 void * new_desc,
00275 void * new_data)
00276 {
00277 rsbac_acl_rights_vector_t * new = new_data;
00278 rsbac_acl_rights_vector_t * old = old_data;
00279
00280 memcpy(new_desc, old_desc, sizeof(rsbac_netdev_id_t));
00281 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00282 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00283 return 0;
00284 }
00285
00286 rsbac_list_conv_function_t * netdev_get_conv(rsbac_version_t old_version)
00287 {
00288 switch(old_version)
00289 {
00290 case RSBAC_ACL_NETDEV_OLD_LIST_VERSION:
00291 return netdev_conv;
00292 default:
00293 return NULL;
00294 }
00295 }
00296
00297 static int nettemp_nt_conv(
00298 void * old_desc,
00299 void * old_data,
00300 void * new_desc,
00301 void * new_data)
00302 {
00303 rsbac_acl_rights_vector_t * new = new_data;
00304 rsbac_acl_rights_vector_t * old = old_data;
00305
00306 memcpy(new_desc, old_desc, sizeof(rsbac_net_temp_id_t));
00307 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00308 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00309 return 0;
00310 }
00311
00312 rsbac_list_conv_function_t * nettemp_nt_get_conv(rsbac_version_t old_version)
00313 {
00314 switch(old_version)
00315 {
00316 case RSBAC_ACL_NETTEMP_NT_OLD_LIST_VERSION:
00317 return nettemp_nt_conv;
00318 default:
00319 return NULL;
00320 }
00321 }
00322
00323 static int nettemp_conv(
00324 void * old_desc,
00325 void * old_data,
00326 void * new_desc,
00327 void * new_data)
00328 {
00329 rsbac_acl_rights_vector_t * new = new_data;
00330 rsbac_acl_rights_vector_t * old = old_data;
00331
00332 memcpy(new_desc, old_desc, sizeof(rsbac_net_temp_id_t));
00333 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00334 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00335 return 0;
00336 }
00337
00338 rsbac_list_conv_function_t * nettemp_get_conv(rsbac_version_t old_version)
00339 {
00340 switch(old_version)
00341 {
00342 case RSBAC_ACL_NETTEMP_OLD_LIST_VERSION:
00343 return nettemp_conv;
00344 default:
00345 return NULL;
00346 }
00347 }
00348
00349
00350 static int common_subconv(
00351 void * old_desc,
00352 void * old_data,
00353 void * new_desc,
00354 void * new_data)
00355 {
00356 rsbac_acl_rights_vector_t * new = new_data;
00357 rsbac_acl_rights_vector_t * old = old_data;
00358
00359 memcpy(new_desc, old_desc, sizeof(struct rsbac_acl_entry_desc_t));
00360 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00361 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_ACL_SPECIAL_RIGHT_BASE - RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE));
00362 return 0;
00363 }
00364
00365 rsbac_list_conv_function_t * fd_get_subconv(rsbac_version_t old_version)
00366 {
00367 switch(old_version)
00368 {
00369 case RSBAC_ACL_FD_OLD_LIST_VERSION:
00370 return common_subconv;
00371 default:
00372 return NULL;
00373 }
00374 }
00375
00376 rsbac_list_conv_function_t * dev_get_subconv(rsbac_version_t old_version)
00377 {
00378 switch(old_version)
00379 {
00380 case RSBAC_ACL_DEV_OLD_LIST_VERSION:
00381 return common_subconv;
00382 case RSBAC_ACL_DEV_OLD_OLD_LIST_VERSION:
00383 return common_subconv;
00384 default:
00385 return NULL;
00386 }
00387 }
00388
00389 rsbac_list_conv_function_t * scd_get_subconv(rsbac_version_t old_version)
00390 {
00391 switch(old_version)
00392 {
00393 case RSBAC_ACL_SCD_OLD_LIST_VERSION:
00394 return common_subconv;
00395 default:
00396 return NULL;
00397 }
00398 }
00399
00400 rsbac_list_conv_function_t * netdev_get_subconv(rsbac_version_t old_version)
00401 {
00402 switch(old_version)
00403 {
00404 case RSBAC_ACL_NETDEV_OLD_LIST_VERSION:
00405 return common_subconv;
00406 default:
00407 return NULL;
00408 }
00409 }
00410
00411 rsbac_list_conv_function_t * nettemp_nt_get_subconv(rsbac_version_t old_version)
00412 {
00413 switch(old_version)
00414 {
00415 case RSBAC_ACL_NETTEMP_NT_OLD_LIST_VERSION:
00416 return common_subconv;
00417 default:
00418 return NULL;
00419 }
00420 }
00421
00422 rsbac_list_conv_function_t * nettemp_get_subconv(rsbac_version_t old_version)
00423 {
00424 switch(old_version)
00425 {
00426 case RSBAC_ACL_NETTEMP_OLD_LIST_VERSION:
00427 return common_subconv;
00428 default:
00429 return NULL;
00430 }
00431 }
00432
00433 rsbac_list_conv_function_t * def_fd_get_conv(rsbac_version_t old_version)
00434 {
00435 switch(old_version)
00436 {
00437 case RSBAC_ACL_DEF_FD_OLD_LIST_VERSION:
00438 return common_subconv;
00439 default:
00440 return NULL;
00441 }
00442 }
00443
00444 rsbac_list_conv_function_t * def_dev_get_conv(rsbac_version_t old_version)
00445 {
00446 switch(old_version)
00447 {
00448 case RSBAC_ACL_DEF_DEV_OLD_LIST_VERSION:
00449 return common_subconv;
00450 default:
00451 return NULL;
00452 }
00453 }
00454
00455 rsbac_list_conv_function_t * def_ipc_get_conv(rsbac_version_t old_version)
00456 {
00457 switch(old_version)
00458 {
00459 case RSBAC_ACL_DEF_IPC_OLD_LIST_VERSION:
00460 return common_subconv;
00461 default:
00462 return NULL;
00463 }
00464 }
00465
00466 rsbac_list_conv_function_t * def_scd_get_conv(rsbac_version_t old_version)
00467 {
00468 switch(old_version)
00469 {
00470 case RSBAC_ACL_DEF_SCD_OLD_LIST_VERSION:
00471 return common_subconv;
00472 default:
00473 return NULL;
00474 }
00475 }
00476
00477 rsbac_list_conv_function_t * def_u_get_conv(rsbac_version_t old_version)
00478 {
00479 switch(old_version)
00480 {
00481 case RSBAC_ACL_DEF_U_OLD_LIST_VERSION:
00482 return common_subconv;
00483 default:
00484 return NULL;
00485 }
00486 }
00487
00488 rsbac_list_conv_function_t * def_p_get_conv(rsbac_version_t old_version)
00489 {
00490 switch(old_version)
00491 {
00492 case RSBAC_ACL_DEF_P_OLD_LIST_VERSION:
00493 return common_subconv;
00494 default:
00495 return NULL;
00496 }
00497 }
00498
00499 rsbac_list_conv_function_t * def_g_get_conv(rsbac_version_t old_version)
00500 {
00501 switch(old_version)
00502 {
00503 case RSBAC_ACL_DEF_G_OLD_LIST_VERSION:
00504 return common_subconv;
00505 default:
00506 return NULL;
00507 }
00508 }
00509
00510 rsbac_list_conv_function_t * def_netdev_get_conv(rsbac_version_t old_version)
00511 {
00512 switch(old_version)
00513 {
00514 case RSBAC_ACL_DEF_NETDEV_OLD_LIST_VERSION:
00515 return common_subconv;
00516 default:
00517 return NULL;
00518 }
00519 }
00520
00521 rsbac_list_conv_function_t * def_nettemp_nt_get_conv(rsbac_version_t old_version)
00522 {
00523 switch(old_version)
00524 {
00525 case RSBAC_ACL_DEF_NETTEMP_NT_OLD_LIST_VERSION:
00526 return common_subconv;
00527 default:
00528 return NULL;
00529 }
00530 }
00531
00532 rsbac_list_conv_function_t * def_netobj_get_conv(rsbac_version_t old_version)
00533 {
00534 switch(old_version)
00535 {
00536 case RSBAC_ACL_DEF_NETOBJ_OLD_LIST_VERSION:
00537 return common_subconv;
00538 default:
00539 return NULL;
00540 }
00541 }
00542
00543
00544
00545
00546
00547 static int acl_register_fd_lists(struct rsbac_acl_device_list_item_t * device_p,
00548 kdev_t kdev)
00549 {
00550 char * name;
00551 int err = 0;
00552 int tmperr;
00553 char number[10];
00554 u_int file_no;
00555 struct rsbac_list_lol_info_t lol_info;
00556 rsbac_acl_rights_vector_t def_mask=RSBAC_ACL_DEFAULT_FD_MASK;
00557
00558 if(!device_p)
00559 return(-RSBAC_EINVALIDPOINTER);
00560 name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00561 if(!name)
00562 return -RSBAC_ENOMEM;
00563
00564
00565 for (file_no = 0; file_no < RSBAC_ACL_NR_FD_LISTS; file_no++)
00566 {
00567
00568 strcpy(name, RSBAC_ACL_FD_FILENAME);
00569 strcat(name, inttostr(number,file_no) );
00570
00571 lol_info.version = RSBAC_ACL_FD_LIST_VERSION;
00572 lol_info.key = RSBAC_ACL_LIST_KEY;
00573 lol_info.desc_size = sizeof(rsbac_inode_nr_t);
00574 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
00575 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
00576 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
00577 lol_info.max_age = 0;
00578 tmperr = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00579 &(device_p->handles[file_no]),
00580 &lol_info,
00581 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
00582 rsbac_list_compare_u32,
00583 entry_compare,
00584 fd_get_conv,
00585 fd_get_subconv,
00586 &def_mask,
00587 NULL,
00588 name,
00589 kdev);
00590 if(tmperr)
00591 {
00592 char * tmp;
00593
00594 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00595 if(tmp)
00596 {
00597 rsbac_printk(KERN_WARNING
00598 "acl_register_fd_lists(): registering list %u for device %02u:%02u failed with error %s!\n",
00599 file_no,
00600 RSBAC_MAJOR(kdev),
00601 RSBAC_MINOR(kdev),
00602 get_error_name(tmp, tmperr));
00603 rsbac_kfree(tmp);
00604 }
00605 err = tmperr;
00606 }
00607 }
00608 return err;
00609 }
00610
00611
00612
00613
00614 static int acl_detach_fd_lists(struct rsbac_acl_device_list_item_t * device_p)
00615 {
00616 char * name;
00617 int err = 0;
00618 int tmperr;
00619 char number[10];
00620 u_int file_no;
00621
00622 if(!device_p)
00623 return(-RSBAC_EINVALIDPOINTER);
00624 name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00625 if(!name)
00626 return -RSBAC_ENOMEM;
00627
00628
00629 for (file_no = 0; file_no < RSBAC_ACL_NR_FD_LISTS; file_no++)
00630 {
00631
00632 strcpy(name, RSBAC_ACL_FD_FILENAME);
00633 strcat(name, inttostr(number,file_no) );
00634
00635 tmperr = rsbac_list_lol_detach(&device_p->handles[file_no],
00636 RSBAC_ACL_LIST_KEY);
00637 if(tmperr)
00638 {
00639 char * tmp;
00640
00641 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00642 if(tmp)
00643 {
00644 rsbac_printk(KERN_WARNING
00645 "acl_detach_fd_lists(): detaching from list %u for device %02u:%02u failed with error %s!\n",
00646 file_no,
00647 RSBAC_MAJOR(device_p->id),
00648 RSBAC_MINOR(device_p->id),
00649 get_error_name(tmp, tmperr));
00650 rsbac_kfree(tmp);
00651 }
00652 err = tmperr;
00653 }
00654 }
00655 return err;
00656 }
00657
00658
00659
00660
00661
00662
00663 static struct rsbac_acl_device_list_item_t * acl_lookup_device(kdev_t kdev)
00664 {
00665 struct rsbac_acl_device_list_item_t * curr = device_list_head.curr;
00666
00667
00668 if( !curr
00669 || (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00670 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00671 )
00672 {
00673 curr = device_list_head.head;
00674 while( curr
00675 && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00676 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00677 )
00678 )
00679 {
00680 curr = curr->next;
00681 }
00682 if (curr)
00683 device_list_head.curr=curr;
00684 }
00685
00686 return (curr);
00687 };
00688
00689
00690
00691
00692
00693
00694
00695
00696 static struct rsbac_acl_device_list_item_t
00697 * create_device_item(kdev_t kdev)
00698 {
00699 struct rsbac_acl_device_list_item_t * new_item_p;
00700
00701
00702 if ( !(new_item_p = (struct rsbac_acl_device_list_item_t *)
00703 rsbac_kmalloc(sizeof(*new_item_p)) ) )
00704 return(NULL);
00705
00706 memset(new_item_p, 0, sizeof(*new_item_p));
00707 new_item_p->id = kdev;
00708 new_item_p->mount_count = 1;
00709 return(new_item_p);
00710 };
00711
00712
00713 static struct rsbac_acl_device_list_item_t
00714 * add_device_item(struct rsbac_acl_device_list_item_t * device_p)
00715 {
00716 if (!device_p)
00717 return(NULL);
00718
00719
00720 if (!device_list_head.head)
00721 {
00722 device_list_head.head=device_p;
00723 device_list_head.tail=device_p;
00724 device_list_head.curr=device_p;
00725 device_list_head.count=1;
00726 device_p->prev=NULL;
00727 device_p->next=NULL;
00728 }
00729 else
00730 {
00731 device_p->prev=device_list_head.tail;
00732 device_p->next=NULL;
00733 device_list_head.tail->next=device_p;
00734 device_list_head.tail=device_p;
00735 device_list_head.curr=device_p;
00736 device_list_head.count++;
00737 };
00738 return(device_p);
00739 };
00740
00741
00742
00743
00744
00745
00746
00747
00748 static void clear_device_item(struct rsbac_acl_device_list_item_t * device_p)
00749 {
00750 if(!device_p)
00751 return;
00752
00753
00754 acl_detach_fd_lists(device_p);
00755
00756 rsbac_kfree(device_p);
00757 };
00758
00759 static void remove_device_item(kdev_t kdev)
00760 {
00761 struct rsbac_acl_device_list_item_t * item_p;
00762
00763
00764 if ( (item_p = acl_lookup_device(kdev)) )
00765 {
00766 if (device_list_head.head == item_p)
00767 {
00768 if (device_list_head.tail == item_p)
00769 {
00770 device_list_head.head = NULL;
00771 device_list_head.tail = NULL;
00772 }
00773 else
00774 {
00775 item_p->next->prev = NULL;
00776 device_list_head.head = item_p->next;
00777 };
00778 }
00779 else
00780 {
00781 if (device_list_head.tail == item_p)
00782 {
00783 item_p->prev->next = NULL;
00784 device_list_head.tail = item_p->prev;
00785 }
00786 else
00787 {
00788 item_p->prev->next = item_p->next;
00789 item_p->next->prev = item_p->prev;
00790 };
00791 };
00792
00793
00794 device_list_head.curr=NULL;
00795
00796 device_list_head.count--;
00797
00798
00799
00800 clear_device_item(item_p);
00801 };
00802
00803 };
00804
00805
00806
00807
00808
00809 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00810 static int
00811 acl_devices_proc_info(char *buffer, char **start, off_t offset, int length)
00812 {
00813 int len = 0;
00814 off_t pos = 0;
00815 off_t begin = 0;
00816 struct rsbac_acl_device_list_item_t * device_p;
00817 u_long dflags;
00818
00819 if (!rsbac_is_initialized()) return (-ENOSYS);
00820
00821 len += sprintf(buffer, "%u RSBAC ACL Devices\n-------------------\n",
00822 device_list_head.count);
00823
00824
00825 rsbac_read_lock(&device_list_head.lock, &dflags);
00826
00827 for (device_p = device_list_head.head; device_p; device_p = device_p->next)
00828 {
00829 len += sprintf(buffer + len, "%02u:%02u with mount_count = %u\n",
00830 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
00831 device_p->mount_count);
00832 pos = begin + len;
00833 if (pos < offset)
00834 {
00835 len = 0;
00836 begin = pos;
00837 }
00838 if (pos > offset+length)
00839 break;
00840 }
00841
00842
00843 rsbac_read_unlock(&device_list_head.lock, &dflags);
00844
00845 *start = buffer + (offset - begin);
00846 len -= (offset - begin);
00847
00848 if (len > length)
00849 len = length;
00850 return len;
00851 }
00852
00853 static int
00854 stats_acl_proc_info(char *buffer, char **start, off_t offset, int length)
00855 {
00856 u_int len = 0;
00857 off_t pos = 0;
00858 off_t begin = 0;
00859
00860 u_int item_count = 0;
00861 u_int member_count = 0;
00862 u_int tmp_count;
00863 u_int i;
00864 u_long dflags;
00865 struct rsbac_acl_device_list_item_t * device_p;
00866
00867 union rsbac_target_id_t rsbac_target_id;
00868 union rsbac_attribute_value_t rsbac_attribute_value;
00869
00870 if (!rsbac_is_initialized())
00871 {
00872 rsbac_printk(KERN_WARNING "stats_acl_proc_info(): RSBAC not initialized\n");
00873 return(-RSBAC_ENOTINITIALIZED);
00874 }
00875 #ifdef CONFIG_RSBAC_DEBUG
00876 if (rsbac_debug_aef_acl)
00877 {
00878 rsbac_printk(KERN_DEBUG "stats_acl_proc_info(): calling ADF\n");
00879 }
00880 #endif
00881 rsbac_target_id.scd = ST_rsbac;
00882 rsbac_attribute_value.dummy = 0;
00883 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00884 current->pid,
00885 T_SCD,
00886 rsbac_target_id,
00887 A_none,
00888 rsbac_attribute_value))
00889 {
00890 return -EPERM;
00891 }
00892
00893 len += sprintf(buffer, "ACL Status\n-----------\n");
00894
00895
00896 rsbac_read_lock(&device_list_head.lock, &dflags);
00897 device_p = device_list_head.head;
00898 while(device_p)
00899 {
00900
00901 item_count = 0;
00902 member_count = 0;
00903 for(i=0; i<RSBAC_ACL_NR_FD_LISTS; i++)
00904 {
00905 tmp_count = rsbac_list_lol_count(device_p->handles[i]);
00906 if(tmp_count > 0)
00907 item_count+=tmp_count;
00908 tmp_count = rsbac_list_lol_all_subcount(device_p->handles[i]);
00909 if(tmp_count > 0)
00910 member_count += tmp_count;
00911 }
00912 len += sprintf(buffer + len, "device %02u:%02u has %i file ACLs, sum of %i members\n",
00913 RSBAC_MAJOR(device_p->id),
00914 RSBAC_MINOR(device_p->id),
00915 item_count,
00916 member_count);
00917 pos = begin + len;
00918 if (pos < offset)
00919 {
00920 len = 0;
00921 begin = pos;
00922 }
00923 if (pos > offset+length)
00924 {
00925 rsbac_read_unlock(&device_list_head.lock, &dflags);
00926 goto out;
00927 }
00928 device_p = device_p->next;
00929 }
00930
00931 rsbac_read_unlock(&device_list_head.lock, &dflags);
00932
00933
00934 len += sprintf(buffer + len, "%li device ACL items, sum of %li members\n",
00935 rsbac_list_lol_count(dev_handle),
00936 rsbac_list_lol_all_subcount(dev_handle));
00937 pos = begin + len;
00938 if (pos < offset)
00939 {
00940 len = 0;
00941 begin = pos;
00942 }
00943 if (pos > offset+length)
00944 goto out;
00945 len += sprintf(buffer + len, "%li device major ACL items, sum of %li members\n",
00946 rsbac_list_lol_count(dev_major_handle),
00947 rsbac_list_lol_all_subcount(dev_major_handle));
00948 pos = begin + len;
00949 if (pos < offset)
00950 {
00951 len = 0;
00952 begin = pos;
00953 }
00954 if (pos > offset+length)
00955 goto out;
00956
00957
00958 len += sprintf(buffer + len, "%li scd ACL items, sum of %li members\n",
00959 rsbac_list_lol_count(scd_handle),
00960 rsbac_list_lol_all_subcount(scd_handle));
00961 pos = begin + len;
00962 if (pos < offset)
00963 {
00964 len = 0;
00965 begin = pos;
00966 }
00967 if (pos > offset+length)
00968 goto out;
00969
00970
00971 len += sprintf(buffer + len, "%li user ACL items, sum of %li members\n",
00972 rsbac_list_lol_count(u_handle),
00973 rsbac_list_lol_all_subcount(u_handle));
00974 pos = begin + len;
00975 if (pos < offset)
00976 {
00977 len = 0;
00978 begin = pos;
00979 }
00980 if (pos > offset+length)
00981 goto out;
00982
00983 #ifdef CONFIG_RSBAC_ACL_UM_PROT
00984
00985 len += sprintf(buffer + len, "%li Linux group ACL items, sum of %li members\n",
00986 rsbac_list_lol_count(g_handle),
00987 rsbac_list_lol_all_subcount(g_handle));
00988 pos = begin + len;
00989 if (pos < offset)
00990 {
00991 len = 0;
00992 begin = pos;
00993 }
00994 if (pos > offset+length)
00995 goto out;
00996 #endif
00997
00998 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00999
01000 len += sprintf(buffer + len, "%li network device ACL items, sum of %li members\n",
01001 rsbac_list_lol_count(netdev_handle),
01002 rsbac_list_lol_all_subcount(netdev_handle));
01003 pos = begin + len;
01004 if (pos < offset)
01005 {
01006 len = 0;
01007 begin = pos;
01008 }
01009 if (pos > offset+length)
01010 goto out;
01011 #endif
01012
01013 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
01014
01015 len += sprintf(buffer + len, "%li network template NT ACL items, sum of %li members\n",
01016 rsbac_list_lol_count(nettemp_nt_handle),
01017 rsbac_list_lol_all_subcount(nettemp_nt_handle));
01018 pos = begin + len;
01019 if (pos < offset)
01020 {
01021 len = 0;
01022 begin = pos;
01023 }
01024 if (pos > offset+length)
01025 goto out;
01026
01027 len += sprintf(buffer + len, "%li network template ACL items, sum of %li members\n",
01028 rsbac_list_lol_count(nettemp_handle),
01029 rsbac_list_lol_all_subcount(nettemp_handle));
01030 pos = begin + len;
01031 if (pos < offset)
01032 {
01033 len = 0;
01034 begin = pos;
01035 }
01036 if (pos > offset+length)
01037 goto out;
01038
01039 len += sprintf(buffer + len, "%li network object ACL items, sum of %li members\n",
01040 rsbac_list_lol_count(netobj_handle),
01041 rsbac_list_lol_all_subcount(netobj_handle));
01042 pos = begin + len;
01043 if (pos < offset)
01044 {
01045 len = 0;
01046 begin = pos;
01047 }
01048 if (pos > offset+length)
01049 goto out;
01050 #endif
01051
01052 len += sprintf(buffer + len, "%li groups, last new is %u\n",
01053 rsbac_list_count(group_handle),
01054 group_last_new);
01055 pos = begin + len;
01056 if (pos < offset)
01057 {
01058 len = 0;
01059 begin = pos;
01060 }
01061 if (pos > offset+length)
01062 goto out;
01063
01064
01065 len += sprintf(buffer + len, "%li group member items, sum of %li group memberships\n",
01066 rsbac_list_lol_count(gm_handle),
01067 rsbac_list_lol_all_subcount(gm_handle));
01068 pos = begin + len;
01069 if (pos < offset)
01070 {
01071 len = 0;
01072 begin = pos;
01073 }
01074 if (pos > offset+length)
01075 goto out;
01076
01077 out:
01078 *start = buffer + (offset - begin);
01079 len -= (offset - begin);
01080
01081 if (len > length)
01082 len = length;
01083 return len;
01084 }
01085
01086 static int
01087 acl_acllist_proc_info(char *buffer, char **start, off_t offset, int length)
01088 {
01089 u_int len = 0;
01090 off_t pos = 0;
01091 off_t begin = 0;
01092
01093 u_int i,j,k;
01094 char tmp1[80], tmp2[80];
01095 u_int count = 0;
01096 int tmp_count;
01097 int tmp_sub_count;
01098 u_int member_count = 0;
01099 u_long dflags;
01100 struct rsbac_acl_device_list_item_t * device_p;
01101 rsbac_inode_nr_t * fd_desc_p;
01102 struct rsbac_dev_desc_t * dev_desc_p;
01103 __u8 * scd_desc_p;
01104 rsbac_uid_t * u_desc_p;
01105 #ifdef CONFIG_RSBAC_ACL_UM_PROT
01106 rsbac_gid_t * g_desc_p;
01107 #endif
01108 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
01109 rsbac_netdev_id_t * netdev_desc_p;
01110 #endif
01111 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
01112 rsbac_net_temp_id_t * nettemp_desc_p;
01113 rsbac_net_obj_id_t * netobj_desc_p;
01114 #endif
01115 struct rsbac_acl_entry_desc_t * sub_desc_p;
01116 rsbac_acl_rights_vector_t rights;
01117
01118 union rsbac_target_id_t rsbac_target_id;
01119 union rsbac_attribute_value_t rsbac_attribute_value;
01120
01121 if (!rsbac_is_initialized())
01122 {
01123 rsbac_printk(KERN_WARNING "acl_acllist_proc_info(): RSBAC not initialized\n");
01124 return(-RSBAC_ENOTINITIALIZED);
01125 }
01126 #ifdef CONFIG_RSBAC_DEBUG
01127 if (rsbac_debug_aef_acl)
01128 {
01129 rsbac_printk(KERN_DEBUG "acl_acllist_proc_info(): calling ADF\n");
01130 }
01131 #endif
01132 rsbac_target_id.scd = ST_rsbac;
01133 rsbac_attribute_value.dummy = 0;
01134 if (!rsbac_adf_request(R_GET_STATUS_DATA,
01135 current->pid,
01136 T_SCD,
01137 rsbac_target_id,
01138 A_none,
01139 rsbac_attribute_value))
01140 {
01141 return -EPERM;
01142 }
01143
01144 len += sprintf(buffer, "ACL Lists\n----------\n");
01145
01146 len += sprintf(buffer + len,
01147 "Default FD ACL: %li members:",
01148 rsbac_list_count(default_fd_handle));
01149 pos = begin + len;
01150 if (pos < offset)
01151 {
01152 len = 0;
01153 begin = pos;
01154 }
01155 if (pos > offset+length)
01156 goto out;
01157 tmp_count = rsbac_list_get_all_desc(default_fd_handle, (void **) &sub_desc_p);
01158 if(tmp_count > 0)
01159 {
01160 for(i=0; i<tmp_count; i++)
01161 {
01162 len += sprintf(buffer + len, " %s %u,",
01163 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01164 sub_desc_p[i].subj_id);
01165 pos = begin + len;
01166 if (pos < offset)
01167 {
01168 len = 0;
01169 begin = pos;
01170 }
01171 if (pos > offset+length)
01172 {
01173 rsbac_vfree(sub_desc_p);
01174 goto out;
01175 }
01176 }
01177 rsbac_vfree(sub_desc_p);
01178 }
01179
01180
01181 len += sprintf(buffer + len, "\nDefault Device ACL: %li members:",
01182 rsbac_list_count(default_dev_handle));
01183 pos = begin + len;
01184 if (pos < offset)
01185 {
01186 len = 0;
01187 begin = pos;
01188 }
01189 if (pos > offset+length)
01190 goto out;
01191 tmp_count = rsbac_list_get_all_desc(default_dev_handle, (void **) &sub_desc_p);
01192 if(tmp_count > 0)
01193 {
01194 for(i=0; i<tmp_count; i++)
01195 {
01196 len += sprintf(buffer + len, " %s %u,",
01197 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01198 sub_desc_p[i].subj_id);
01199 pos = begin + len;
01200 if (pos < offset)
01201 {
01202 len = 0;
01203 begin = pos;
01204 }
01205 if (pos > offset+length)
01206 {
01207 rsbac_vfree(sub_desc_p);
01208 goto out;
01209 }
01210 }
01211 rsbac_vfree(sub_desc_p);
01212 }
01213
01214
01215 len += sprintf(buffer + len, "\nDefault IPC ACL: %li members:",
01216 rsbac_list_count(default_ipc_handle));
01217 pos = begin + len;
01218 if (pos < offset)
01219 {
01220 len = 0;
01221 begin = pos;
01222 }
01223 if (pos > offset+length)
01224 goto out;
01225 tmp_count = rsbac_list_get_all_desc(default_ipc_handle, (void **) &sub_desc_p);
01226 if(tmp_count > 0)
01227 {
01228 for(i=0; i<tmp_count; i++)
01229 {
01230 len += sprintf(buffer + len, " %s %u,",
01231 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01232 sub_desc_p[i].subj_id);
01233 pos = begin + len;
01234 if (pos < offset)
01235 {
01236 len = 0;
01237 begin = pos;
01238 }
01239 if (pos > offset+length)
01240 {
01241 rsbac_vfree(sub_desc_p);
01242 goto out;
01243 }
01244 }
01245 rsbac_vfree(sub_desc_p);
01246 }
01247
01248
01249 len += sprintf(buffer + len, "\nDefault SCD ACL: %li members:",
01250 rsbac_list_count(default_scd_handle));
01251 pos = begin + len;
01252 if (pos < offset)
01253 {
01254 len = 0;
01255 begin = pos;
01256 }
01257 if (pos > offset+length)
01258 goto out;
01259 tmp_count = rsbac_list_get_all_desc(default_scd_handle, (void **) &sub_desc_p);
01260 if(tmp_count > 0)
01261 {
01262 for(i=0; i<tmp_count; i++)
01263 {
01264 len += sprintf(buffer + len, " %s %u,",
01265 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01266 sub_desc_p[i].subj_id);
01267 pos = begin + len;
01268 if (pos < offset)
01269 {
01270 len = 0;
01271 begin = pos;
01272 }
01273 if (pos > offset+length)
01274 {
01275 rsbac_vfree(sub_desc_p);
01276 goto out;
01277 }
01278 }
01279 rsbac_vfree(sub_desc_p);
01280 }
01281
01282
01283 len += sprintf(buffer + len, "\nDefault User ACL: %li members:",
01284 rsbac_list_count(default_u_handle));
01285 pos = begin + len;
01286 if (pos < offset)
01287 {
01288 len = 0;
01289 begin = pos;
01290 }
01291 if (pos > offset+length)
01292 goto out;
01293 tmp_count = rsbac_list_get_all_desc(default_u_handle, (void **) &sub_desc_p);
01294 if(tmp_count > 0)
01295 {
01296 for(i=0; i<tmp_count; i++)
01297 {
01298 len += sprintf(buffer + len, " %s %u,",
01299 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01300 sub_desc_p[i].subj_id);
01301 pos = begin + len;
01302 if (pos < offset)
01303 {
01304 len = 0;
01305 begin = pos;
01306 }
01307 if (pos > offset+length)
01308 {
01309 rsbac_vfree(sub_desc_p);
01310 goto out;
01311 }
01312 }
01313 rsbac_vfree(sub_desc_p);
01314 }
01315
01316
01317 len += sprintf(buffer + len, "\nDefault Process ACL: %li members:",
01318 rsbac_list_count(default_p_handle));
01319 pos = begin + len;
01320 if (pos < offset)
01321 {
01322 len = 0;
01323 begin = pos;
01324 }
01325 if (pos > offset+length)
01326 goto out;
01327 tmp_count = rsbac_list_get_all_desc(default_p_handle, (void **) &sub_desc_p);
01328 if(tmp_count > 0)
01329 {
01330 for(i=0; i<tmp_count; i++)
01331 {
01332 len += sprintf(buffer + len, " %s %u,",
01333 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01334 sub_desc_p[i].subj_id);
01335 pos = begin + len;
01336 if (pos < offset)
01337 {
01338 len = 0;
01339 begin = pos;
01340 }
01341 if (pos > offset+length)
01342 {
01343 rsbac_vfree(sub_desc_p);
01344 goto out;
01345 }
01346 }
01347 rsbac_vfree(sub_desc_p);
01348 }
01349
01350 #ifdef CONFIG_RSBAC_ACL_UM_PROT
01351
01352 len += sprintf(buffer + len, "\nDefault Linux Group ACL: %li members:",
01353 rsbac_list_count(default_g_handle));
01354 pos = begin + len;
01355 if (pos < offset)
01356 {
01357 len = 0;
01358 begin = pos;
01359 }
01360 if (pos > offset+length)
01361 goto out;
01362 tmp_count = rsbac_list_get_all_desc(default_g_handle, (void **) &sub_desc_p);
01363 if(tmp_count > 0)
01364 {
01365 for(i=0; i<tmp_count; i++)
01366 {
01367 len += sprintf(buffer + len, " %s %u,",
01368 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01369 sub_desc_p[i].subj_id);
01370 pos = begin + len;
01371 if (pos < offset)
01372 {
01373 len = 0;
01374 begin = pos;
01375 }
01376 if (pos > offset+length)
01377 {
01378 rsbac_vfree(sub_desc_p);
01379 goto out;
01380 }
01381 }
01382 rsbac_vfree(sub_desc_p);
01383 }
01384 #endif
01385
01386 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
01387
01388 len += sprintf(buffer + len, "\nDefault Network Device ACL: %li members:",
01389 rsbac_list_count(default_netdev_handle));
01390 pos = begin + len;
01391 if (pos < offset)
01392 {
01393 len = 0;
01394 begin = pos;
01395 }
01396 if (pos > offset+length)
01397 goto out;
01398 tmp_count = rsbac_list_get_all_desc(default_netdev_handle, (void **) &sub_desc_p);
01399 if(tmp_count > 0)
01400 {
01401 for(i=0; i<tmp_count; i++)
01402 {
01403 len += sprintf(buffer + len, " %s %u,",
01404 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01405 sub_desc_p[i].subj_id);
01406 pos = begin + len;
01407 if (pos < offset)
01408 {
01409 len = 0;
01410 begin = pos;
01411 }
01412 if (pos > offset+length)
01413 {
01414 rsbac_vfree(sub_desc_p);
01415 goto out;
01416 }
01417 }
01418 rsbac_vfree(sub_desc_p);
01419 }
01420 #endif
01421
01422 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
01423
01424 len += sprintf(buffer + len, "\nDefault Network Template NT ACL: %li members:",
01425 rsbac_list_count(default_nettemp_nt_handle));
01426 pos = begin + len;
01427 if (pos < offset)
01428 {
01429 len = 0;
01430 begin = pos;
01431 }
01432 if (pos > offset+length)
01433 goto out;
01434 tmp_count = rsbac_list_get_all_desc(default_nettemp_nt_handle, (void **) &sub_desc_p);
01435 if(tmp_count > 0)
01436 {
01437 for(i=0; i<tmp_count; i++)
01438 {
01439 len += sprintf(buffer + len, " %s %u,",
01440 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01441 sub_desc_p[i].subj_id);
01442 pos = begin + len;
01443 if (pos < offset)
01444 {
01445 len = 0;
01446 begin = pos;
01447 }
01448 if (pos > offset+length)
01449 {
01450 rsbac_vfree(sub_desc_p);
01451 goto out;
01452 }
01453 }
01454 rsbac_vfree(sub_desc_p);
01455 }
01456
01457 len += sprintf(buffer + len, "\nDefault Network Object ACL: %li members:",
01458 rsbac_list_count(default_netobj_handle));
01459 pos = begin + len;
01460 if (pos < offset)
01461 {
01462 len = 0;
01463 begin = pos;
01464 }
01465 if (pos > offset+length)
01466 goto out;
01467 tmp_count = rsbac_list_get_all_desc(default_netobj_handle, (void **) &sub_desc_p);
01468 if(tmp_count > 0)
01469 {
01470 for(i=0; i<tmp_count; i++)
01471 {
01472 len += sprintf(buffer + len, " %s %u,",
01473 get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01474 sub_desc_p[i].subj_id);
01475 pos = begin + len;
01476 if (pos < offset)
01477 {
01478 len = 0;
01479 begin = pos;
01480 }
01481 if (pos > offset+length)
01482 {
01483 rsbac_vfree(sub_desc_p);
01484 goto out;
01485 }
01486 }
01487 rsbac_vfree(sub_desc_p);
01488 }
01489 #endif
01490
01491 len += sprintf(buffer + len, "\n\nFile/Dir/Fifo/Symlink ACLs:\n");
01492 pos = begin + len;
01493 if (pos < offset)
01494 {
01495 len = 0;
01496 begin = pos;
01497 }
01498 if (pos > offset+length)
01499 goto out;
01500
01501
01502 rsbac_read_lock(&device_list_head.lock, &dflags);
01503 device_p = device_list_head.head;
01504 while(device_p)
01505 {
01506
01507 count = 0;
01508 member_count = 0;
01509 len += sprintf(buffer + len, "\nDevice %02u:%02u\n inode count mask+members",
01510 RSBAC_MAJOR(device_p->id),
01511 RSBAC_MINOR(device_p->id));
01512 pos = begin + len;
01513 if (pos < offset)
01514 {
01515 len = 0;
01516 begin = pos;
01517 }
01518 if (pos > offset+length)
01519 {
01520 rsbac_read_unlock(&device_list_head.lock, &dflags);
01521 goto out;
01522 }
01523 for(i=0; i<RSBAC_ACL_NR_FD_LISTS; i++)
01524 {
01525 tmp_count = rsbac_list_lol_get_all_desc(device_p->handles[i], (void **) &fd_desc_p);
01526 if(tmp_count > 0)
01527 {
01528 for(j=0; j<tmp_count; j++)
01529 {
01530 len += sprintf(buffer + len, "\n%6u\t %li\t",
01531 fd_desc_p[j],
01532 rsbac_list_lol_subcount(device_p->handles[i], &fd_desc_p[j]));
01533 pos = begin + len;
01534 if (pos < offset)
01535 {
01536 len = 0;
01537 begin = pos;
01538 }
01539 if (pos > offset+length)
01540 {
01541 rsbac_vfree(fd_desc_p);
01542 rsbac_read_unlock(&device_list_head.lock, &dflags);
01543 goto out;
01544 }
01545 if(!rsbac_list_lol_get_data(device_p->handles[i], &fd_desc_p[j], &rights))
01546 {
01547 len += sprintf(buffer + len, "%s\n\t\t",
01548 u64tostracl(tmp1, rights));
01549 pos = begin + len;
01550 if (pos < offset)
01551 {
01552 len = 0;
01553 begin = pos;
01554 }
01555 if (pos > offset+length)
01556 {
01557 rsbac_vfree(fd_desc_p);
01558 rsbac_read_unlock(&device_list_head.lock, &dflags);
01559 goto out;
01560 }
01561 }
01562
01563 tmp_sub_count = rsbac_list_lol_get_all_subdesc(device_p->handles[i], &fd_desc_p[j], (void **) &sub_desc_p);
01564 if(tmp_sub_count > 0)
01565 {
01566 for(k=0; k<tmp_sub_count; k++)
01567 {
01568 len += sprintf(buffer + len, "%s %u, ",
01569 get_acl_subject_type_name(tmp1, sub_desc_p[k].subj_type),
01570 sub_desc_p[k].subj_id);
01571 pos = begin + len;
01572 if (pos < offset)
01573 {
01574 len = 0;
01575 begin = pos;
01576 }
01577 if (pos > offset+length)
01578 {
01579 rsbac_vfree(sub_desc_p);
01580 rsbac_vfree(fd_desc_p);
01581 rsbac_read_unlock(&device_list_head.lock, &dflags);
01582 goto out;
01583 }
01584 }
01585 rsbac_vfree(sub_desc_p);
01586 member_count += tmp_sub_count;
01587 }
01588 }
01589 count += tmp_count;
01590 rsbac_vfree(fd_desc_p);
01591 }
01592 }
01593 len += sprintf(buffer + len, "\n%u file ACLs, sum of %u members\n",
01594 count,member_count);
01595 pos = begin + len;
01596 if (pos < offset)
01597 {
01598 len = 0;
01599 begin = pos;
01600 }
01601 if (pos > offset+length)
01602 {
01603 rsbac_read_unlock(&device_list_head.lock, &dflags);
01604 goto out;
01605 }
01606 device_p = device_p->next;
01607 }
01608
01609 rsbac_read_unlock(&device_list_head.lock, &dflags);
01610
01611
01612 len += sprintf(buffer + len, "\nDevice ACLs:\ntype+id count mask+members");
01613 pos = begin + len;
01614 if (pos < offset)
01615 {
01616 len = 0;
01617 begin = pos;
01618 }
01619 if (pos > offset+length)
01620 goto out;
01621
01622 member_count = 0;
01623 tmp_count = rsbac_list_lol_get_all_desc(dev_handle, (void **) &dev_desc_p);
01624 if(tmp_count > 0)
01625 {
01626 for(i=0; i<tmp_count; i++)
01627 {
01628 if(!rsbac_list_lol_get_data(dev_handle, &dev_desc_p[i], &rights))
01629 {
01630 len += sprintf(buffer + len, "\n%c%02u:%02u\t %3li\t%s\n\t\t",
01631 'B' + dev_desc_p[i].type,
01632 dev_desc_p[i].major,
01633 dev_desc_p[i].minor,
01634 rsbac_list_lol_subcount(dev_handle, &dev_desc_p[i]),
01635 u64tostracl(tmp1, rights));
01636 pos = begin + len;
01637 if (pos < offset)
01638 {
01639 len = 0;
01640 begin = pos;
01641 }
01642 if (pos > offset+length)
01643 {
01644 rsbac_vfree(dev_desc_p);
01645 goto out;
01646 }
01647 }
01648 tmp_sub_count = rsbac_list_lol_get_all_subdesc(dev_handle, &dev_desc_p[i], (void **) &sub_desc_p);
01649 if(tmp_sub_count > 0)
01650 {
01651 for(j=0; j<tmp_sub_count; j++)
01652 {
01653 len += sprintf(buffer + len, "%s %u, ",
01654 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01655 sub_desc_p[j].subj_id);
01656 pos = begin + len;
01657 if (pos < offset)
01658 {
01659 len = 0;
01660 begin = pos;
01661 }
01662 if (pos > offset+length)
01663 {
01664 rsbac_vfree(sub_desc_p);
01665 rsbac_vfree(dev_desc_p);
01666 goto out;
01667 }
01668 }
01669 rsbac_vfree(sub_desc_p);
01670 member_count += tmp_sub_count;
01671 }
01672 }
01673 rsbac_vfree(dev_desc_p);
01674 }
01675 len += sprintf(buffer + len, "\n\n%i device ACL items, sum of %u members\n",
01676 tmp_count, member_count);
01677 pos = begin + len;
01678 if (pos < offset)
01679 {
01680 len = 0;
01681 begin = pos;
01682 }
01683 if (pos > offset+length)
01684 goto out;
01685
01686
01687 len += sprintf(buffer + len, "\nDevice major ACLs:\ntype+id count mask+members");
01688 pos = begin + len;
01689 if (pos < offset)
01690 {
01691 len = 0;
01692 begin = pos;
01693 }
01694 if (pos > offset+length)
01695 goto out;
01696
01697 member_count = 0;
01698 tmp_count = rsbac_list_lol_get_all_desc(dev_major_handle, (void **) &dev_desc_p);
01699 if(tmp_count > 0)
01700 {
01701 for(i=0; i<tmp_count; i++)
01702 {
01703 if(!rsbac_list_lol_get_data(dev_major_handle, &dev_desc_p[i], &rights))
01704 {
01705 len += sprintf(buffer + len, "\n%c%02u\t %3li\t%s\n\t\t",
01706 'B' + dev_desc_p[i].type,
01707 dev_desc_p[i].major,
01708 rsbac_list_lol_subcount(dev_major_handle, &dev_desc_p[i]),
01709 u64tostracl(tmp1, rights));
01710 pos = begin + len;
01711 if (pos < offset)
01712 {
01713 len = 0;
01714 begin = pos;
01715 }
01716 if (pos > offset+length)
01717 {
01718 rsbac_vfree(dev_desc_p);
01719 goto out;
01720 }
01721 }
01722 tmp_sub_count = rsbac_list_lol_get_all_subdesc(dev_major_handle, &dev_desc_p[i], (void **) &sub_desc_p);
01723 if(tmp_sub_count > 0)
01724 {
01725 for(j=0; j<tmp_sub_count; j++)
01726 {
01727 len += sprintf(buffer + len, "%s %u, ",
01728 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01729 sub_desc_p[j].subj_id);
01730 pos = begin + len;
01731 if (pos < offset)
01732 {
01733 len = 0;
01734 begin = pos;
01735 }
01736 if (pos > offset+length)
01737 {
01738 rsbac_vfree(sub_desc_p);
01739 rsbac_vfree(dev_desc_p);
01740 goto out;
01741 }
01742 }
01743 rsbac_vfree(sub_desc_p);
01744 member_count += tmp_sub_count;
01745 }
01746 }
01747 rsbac_vfree(dev_desc_p);
01748 }
01749 len += sprintf(buffer + len, "\n\n%i device major ACL items, sum of %u members\n",
01750 tmp_count, member_count);
01751 pos = begin + len;
01752 if (pos < offset)
01753 {
01754 len = 0;
01755 begin = pos;
01756 }
01757 if (pos > offset+length)
01758 goto out;
01759
01760
01761 member_count = 0;
01762 len += sprintf(buffer + len, "\nSCD ACLs:\nname count mask+members");
01763 pos = begin + len;
01764 if (pos < offset)
01765 {
01766 len = 0;
01767 begin = pos;
01768 }
01769 if (pos > offset+length)
01770 goto out;
01771
01772 tmp_count = rsbac_list_lol_get_all_desc(scd_handle, (void **) &scd_desc_p);
01773 if(tmp_count > 0)
01774 {
01775 for(i=0; i<tmp_count; i++)
01776 {
01777 if(!rsbac_list_lol_get_data(scd_handle, &scd_desc_p[i], &rights))
01778 {
01779 len += sprintf(buffer + len, "\n%-16s %3li\t%s\n\t\t\t",
01780 get_acl_scd_type_name(tmp1, scd_desc_p[i]),
01781 rsbac_list_lol_subcount(scd_handle, &scd_desc_p[i]),
01782 u64tostracl(tmp2, rights));
01783 pos = begin + len;
01784 if (pos < offset)
01785 {
01786 len = 0;
01787 begin = pos;
01788 }
01789 if (pos > offset+length)
01790 {
01791 rsbac_vfree(scd_desc_p);
01792 goto out;
01793 }
01794 }
01795 tmp_sub_count = rsbac_list_lol_get_all_subdesc(scd_handle, &scd_desc_p[i], (void **) &sub_desc_p);
01796 if(tmp_sub_count > 0)
01797 {
01798 for(j=0; j<tmp_sub_count; j++)
01799 {
01800 len += sprintf(buffer + len, "%s %u, ",
01801 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01802 sub_desc_p[j].subj_id);
01803 pos = begin + len;
01804 if (pos < offset)
01805 {
01806 len = 0;
01807 begin = pos;
01808 }
01809 if (pos > offset+length)
01810 {
01811 rsbac_vfree(sub_desc_p);
01812 rsbac_vfree(scd_desc_p);
01813 goto out;
01814 }
01815 }
01816 rsbac_vfree(sub_desc_p);
01817 member_count += tmp_sub_count;
01818 }
01819 }
01820 rsbac_vfree(scd_desc_p);
01821 };
01822 len += sprintf(buffer + len, "\n\n%u SCD ACL items, sum of %u members\n",
01823 tmp_count, member_count);
01824 pos = begin + len;
01825 if (pos < offset)
01826 {
01827 len = 0;
01828 begin = pos;
01829 }
01830 if (pos > offset+length)
01831 goto out;
01832
01833
01834 len += sprintf(buffer + len, "\nUser ACLs:\nuid count mask+members");
01835 pos = begin + len;
01836 if (pos < offset)
01837 {
01838 len = 0;
01839 begin = pos;
01840 }
01841 if (pos > offset+length)
01842 goto out;
01843
01844 member_count = 0;
01845 tmp_count = rsbac_list_lol_get_all_desc(u_handle, (void **) &u_desc_p);
01846 if(tmp_count > 0)
01847 {
01848 for(i=0; i<tmp_count; i++)
01849 {
01850 if(!rsbac_list_lol_get_data(u_handle, &u_desc_p[i], &rights))
01851 {
01852 len += sprintf(buffer + len, "\n%u\t %3li\t%s\n\t\t",
01853 u_desc_p[i],
01854 rsbac_list_lol_subcount(u_handle, &u_desc_p[i]),
01855 u64tostracl(tmp1, rights));
01856 pos = begin + len;
01857 if (pos < offset)
01858 {
01859 len = 0;
01860 begin = pos;
01861 }
01862 if (pos > offset+length)
01863 {
01864 rsbac_vfree(dev_desc_p);
01865 goto out;
01866 }
01867 }
01868 tmp_sub_count = rsbac_list_lol_get_all_subdesc(u_handle, &u_desc_p[i], (void **) &sub_desc_p);
01869 if(tmp_sub_count > 0)
01870 {
01871 for(j=0; j<tmp_sub_count; j++)
01872 {
01873 len += sprintf(buffer + len, "%s %u, ",
01874 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01875 sub_desc_p[j].subj_id);
01876 pos = begin + len;
01877 if (pos < offset)
01878 {
01879 len = 0;
01880 begin = pos;
01881 }
01882 if (pos > offset+length)
01883 {
01884 rsbac_vfree(sub_desc_p);
01885 rsbac_vfree(dev_desc_p);
01886 goto out;
01887 }
01888 }
01889 rsbac_vfree(sub_desc_p);
01890 member_count += tmp_sub_count;
01891 }
01892 }
01893 rsbac_vfree(u_desc_p);
01894 }
01895 len += sprintf(buffer + len, "\n\n%i user ACL items, sum of %u members\n",
01896 tmp_count, member_count);
01897 pos = begin + len;
01898 if (pos < offset)
01899 {
01900 len = 0;
01901 begin = pos;
01902 }
01903 if (pos > offset+length)
01904 goto out;
01905
01906 #ifdef CONFIG_RSBAC_ACL_UM_PROT
01907
01908 len += sprintf(buffer + len, "\nLinux group ACLs:\ngid count mask+members");
01909 pos = begin + len;
01910 if (pos < offset)
01911 {
01912 len = 0;
01913 begin = pos;
01914 }
01915 if (pos > offset+length)
01916 goto out;
01917
01918 member_count = 0;
01919 tmp_count = rsbac_list_lol_get_all_desc(g_handle, (void **) &g_desc_p);
01920 if(tmp_count > 0)
01921 {
01922 for(i=0; i<tmp_count; i++)
01923 {
01924 if(!rsbac_list_lol_get_data(g_handle, &g_desc_p[i], &rights))
01925 {
01926 len += sprintf(buffer + len, "\n%u\t %3li\t%s\n\t\t",
01927 g_desc_p[i],
01928 rsbac_list_lol_subcount(g_handle, &g_desc_p[i]),
01929 u64tostracl(tmp1, rights));
01930 pos = begin + len;
01931 if (pos < offset)
01932 {
01933 len = 0;
01934 begin = pos;
01935 }
01936 if (pos > offset+length)
01937 {
01938 rsbac_vfree(dev_desc_p);
01939 goto out;
01940 }
01941 }
01942 tmp_sub_count = rsbac_list_lol_get_all_subdesc(g_handle, &g_desc_p[i], (void **) &sub_desc_p);
01943 if(tmp_sub_count > 0)
01944 {
01945 for(j=0; j<tmp_sub_count; j++)
01946 {
01947 len += sprintf(buffer + len, "%s %u, ",
01948 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01949 sub_desc_p[j].subj_id);
01950 pos = begin + len;
01951 if (pos < offset)
01952 {
01953 len = 0;
01954 begin = pos;
01955 }
01956 if (pos > offset+length)
01957 {
01958 rsbac_vfree(sub_desc_p);
01959 rsbac_vfree(dev_desc_p);
01960 goto out;
01961 }
01962 }
01963 rsbac_vfree(sub_desc_p);
01964 member_count += tmp_sub_count;
01965 }
01966 }
01967 rsbac_vfree(g_desc_p);
01968 }
01969 len += sprintf(buffer + len, "\n\n%i Linux group ACL items, sum of %u members\n",
01970 tmp_count, member_count);
01971 pos = begin + len;
01972 if (pos < offset)
01973 {
01974 len = 0;
01975 begin = pos;
01976 }
01977 if (pos > offset+length)
01978 goto out;
01979 #endif
01980
01981 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
01982
01983 len += sprintf(buffer + len, "\nNetwork Device ACLs:\nname\t\t count mask+members");
01984 pos = begin + len;
01985 if (pos < offset)
01986 {
01987 len = 0;
01988 begin = pos;
01989 }
01990 if (pos > offset+length)
01991 goto out;
01992
01993 member_count = 0;
01994 tmp_count = rsbac_list_lol_get_all_desc(netdev_handle, (void **) &netdev_desc_p);
01995 if(tmp_count > 0)
01996 {
01997 for(i=0; i<tmp_count; i++)
01998 {
01999 if(!rsbac_list_lol_get_data(netdev_handle, &netdev_desc_p[i], &rights))
02000 {
02001 len += sprintf(buffer + len, "\n%-16s %3li\t %s\n\t\t",
02002 netdev_desc_p[i],
02003 rsbac_list_lol_subcount(netdev_handle, &netdev_desc_p[i]),
02004 u64tostracl(tmp1, rights));
02005 pos = begin + len;
02006 if (pos < offset)
02007 {
02008 len = 0;
02009 begin = pos;
02010 }
02011 if (pos > offset+length)
02012 {
02013 rsbac_vfree(netdev_desc_p);
02014 goto out;
02015 }
02016 }
02017 tmp_sub_count = rsbac_list_lol_get_all_subdesc(netdev_handle, &netdev_desc_p[i], (void **) &sub_desc_p);
02018 if(tmp_sub_count > 0)
02019 {
02020 for(j=0; j<tmp_sub_count; j++)
02021 {
02022 len += sprintf(buffer + len, "%s %u, ",
02023 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
02024 sub_desc_p[j].subj_id);
02025 pos = begin + len;
02026 if (pos < offset)
02027 {
02028 len = 0;
02029 begin = pos;
02030 }
02031 if (pos > offset+length)
02032 {
02033 rsbac_vfree(sub_desc_p);
02034 rsbac_vfree(netdev_desc_p);
02035 goto out;
02036 }
02037 }
02038 rsbac_vfree(sub_desc_p);
02039 member_count += tmp_sub_count;
02040 }
02041 }
02042 rsbac_vfree(netdev_desc_p);
02043 };
02044 len += sprintf(buffer + len, "\n\n%i network device ACL items, sum of %u members\n",
02045 tmp_count, member_count);
02046 pos = begin + len;
02047 if (pos < offset)
02048 {
02049 len = 0;
02050 begin = pos;
02051 }
02052 if (pos > offset+length)
02053 goto out;
02054 #endif
02055
02056 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
02057
02058 len += sprintf(buffer + len, "\nNetwork Template NT (template protection) ACLs:\nTemplate count mask+members");
02059 pos = begin + len;
02060 if (pos < offset)
02061 {
02062 len = 0;
02063 begin = pos;
02064 }
02065 if (pos > offset+length)
02066 goto out;
02067
02068 member_count = 0;
02069 tmp_count = rsbac_list_lol_get_all_desc(nettemp_nt_handle, (void **) &nettemp_desc_p);
02070 if(tmp_count > 0)
02071 {
02072 for(i=0; i<tmp_count; i++)
02073 {
02074 if(!rsbac_list_lol_get_data(nettemp_nt_handle, &nettemp_desc_p[i], &rights))
02075 {
02076 len += sprintf(buffer + len, "\n%10u %3li\t%s\n\t\t",
02077 nettemp_desc_p[i],
02078 rsbac_list_lol_subcount(nettemp_nt_handle, &nettemp_desc_p[i]),
02079 u64tostracl(tmp1, rights));
02080 pos = begin + len;
02081 if (pos < offset)
02082 {
02083 len = 0;
02084 begin = pos;
02085 }
02086 if (pos > offset+length)
02087 {
02088 rsbac_vfree(nettemp_desc_p);
02089 goto out;
02090 }
02091 }
02092 tmp_sub_count = rsbac_list_lol_get_all_subdesc(nettemp_nt_handle, &nettemp_desc_p[i], (void **) &sub_desc_p);
02093 if(tmp_sub_count > 0)
02094 {
02095 for(j=0; j<tmp_sub_count; j++)
02096 {
02097 len += sprintf(buffer + len, "%s %u, ",
02098 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
02099 sub_desc_p[j].subj_id);
02100 pos = begin + len;
02101 if (pos < offset)
02102 {
02103 len = 0;
02104 begin = pos;
02105 }
02106 if (pos > offset+length)
02107 {
02108 rsbac_vfree(sub_desc_p);
02109 rsbac_vfree(nettemp_desc_p);
02110 goto out;
02111 }
02112 }
02113 rsbac_vfree(sub_desc_p);
02114 member_count += tmp_sub_count;
02115 }
02116 }
02117 rsbac_vfree(nettemp_desc_p);
02118 };
02119 len += sprintf(buffer + len, "\n\n%i network template NT ACL items, sum of %u members\n",
02120 tmp_count, member_count);
02121 pos = begin + len;
02122 if (pos < offset)
02123 {
02124 len = 0;
02125 begin = pos;
02126 }
02127 if (pos > offset+length)
02128 goto out;
02129
02130
02131 len += sprintf(buffer + len, "\nNetwork Template (netobj protection) ACLs:\nTemplate count mask+members");
02132 pos = begin + len;
02133 if (pos < offset)
02134 {
02135 len = 0;
02136 begin = pos;
02137 }
02138 if (pos > offset+length)
02139 goto out;
02140
02141 member_count = 0;
02142 tmp_count = rsbac_list_lol_get_all_desc(nettemp_handle, (void **) &nettemp_desc_p);
02143 if(tmp_count > 0)
02144 {
02145 for(i=0; i<tmp_count; i++)
02146 {
02147 if(!rsbac_list_lol_get_data(nettemp_handle, &nettemp_desc_p[i], &rights))
02148 {
02149 len += sprintf(buffer + len, "\n%10u %3li\t%s\n\t\t",
02150 nettemp_desc_p[i],
02151 rsbac_list_lol_subcount(nettemp_handle, &nettemp_desc_p[i]),
02152 u64tostracl(tmp1, rights));
02153 pos = begin + len;
02154 if (pos < offset)
02155 {
02156 len = 0;
02157 begin = pos;
02158 }
02159 if (pos > offset+length)
02160 {
02161 rsbac_vfree(nettemp_desc_p);
02162 goto out;
02163 }
02164 }
02165 tmp_sub_count = rsbac_list_lol_get_all_subdesc(nettemp_handle, &nettemp_desc_p[i], (void **) &sub_desc_p);
02166 if(tmp_sub_count > 0)
02167 {
02168 for(j=0; j<tmp_sub_count; j++)
02169 {
02170 len += sprintf(buffer + len, "%s %u, ",
02171 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
02172 sub_desc_p[j].subj_id);
02173 pos = begin + len;
02174 if (pos < offset)
02175 {
02176 len = 0;
02177 begin = pos;
02178 }
02179 if (pos > offset+length)
02180 {
02181 rsbac_vfree(sub_desc_p);
02182 rsbac_vfree(nettemp_desc_p);
02183 goto out;
02184 }
02185 }
02186 rsbac_vfree(sub_desc_p);
02187 member_count += tmp_sub_count;
02188 }
02189 }
02190 rsbac_vfree(nettemp_desc_p);
02191 };
02192 len += sprintf(buffer + len, "\n\n%i network template ACL items, sum of %u members\n",
02193 tmp_count, member_count);
02194 pos = begin + len;
02195 if (pos < offset)
02196 {
02197 len = 0;
02198 begin = pos;
02199 }
02200 if (pos > offset+length)
02201 goto out;
02202
02203
02204 len += sprintf(buffer + len, "\nNetwork Object ACLs:\nObject-ID count mask+members");
02205 pos = begin + len;
02206 if (pos < offset)
02207 {
02208 len = 0;
02209 begin = pos;
02210 }
02211 if (pos > offset+length)
02212 goto out;
02213
02214 member_count = 0;
02215 tmp_count = rsbac_list_lol_get_all_desc(netobj_handle, (void **) &netobj_desc_p);
02216 if(tmp_count > 0)
02217 {
02218 for(i=0; i<tmp_count; i++)
02219 {
02220 if(!rsbac_list_lol_get_data(netobj_handle, &netobj_desc_p[i], &rights))
02221 {
02222 len += sprintf(buffer + len, "\n%p %3li\t%s\n\t\t",
02223 netobj_desc_p[i],
02224 rsbac_list_lol_subcount(netobj_handle, &netobj_desc_p[i]),
02225 u64tostracl(tmp1, rights));
02226 pos = begin + len;
02227 if (pos < offset)
02228 {
02229 len = 0;
02230 begin = pos;
02231 }
02232 if (pos > offset+length)
02233 {
02234 rsbac_vfree(netobj_desc_p);
02235 goto out;
02236 }
02237 }
02238 tmp_sub_count = rsbac_list_lol_get_all_subdesc(netobj_handle, &netobj_desc_p[i], (void **) &sub_desc_p);
02239 if(tmp_sub_count > 0)
02240 {
02241 for(j=0; j<tmp_sub_count; j++)
02242 {
02243 len += sprintf(buffer + len, "%s %u, ",
02244 get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
02245 sub_desc_p[j].subj_id);
02246 pos = begin + len;
02247 if (pos < offset)
02248 {
02249 len = 0;
02250 begin = pos;
02251 }
02252 if (pos > offset+length)
02253 {
02254 rsbac_vfree(sub_desc_p);
02255 rsbac_vfree(netobj_desc_p);
02256 goto out;
02257 }
02258 }
02259 rsbac_vfree(sub_desc_p);
02260 member_count += tmp_sub_count;
02261 }
02262 }
02263 rsbac_vfree(netobj_desc_p);
02264 };
02265 len += sprintf(buffer + len, "\n\n%i network object ACL items, sum of %u members\n",
02266 tmp_count, member_count);
02267 pos = begin + len;
02268 if (pos < offset)
02269 {
02270 len = 0;
02271 begin = pos;
02272 }
02273 if (pos > offset+length)
02274 goto out;
02275 #endif
02276
02277 out:
02278 *start = buffer + (offset - begin);
02279 len -= (offset - begin);
02280
02281 if (len > length)
02282 len = length;
02283 return len;
02284 }
02285
02286 static int
02287 acl_grouplist_proc_info(char *buffer, char **start, off_t offset, int length)
02288 {
02289 u_int len = 0;
02290 off_t pos = 0;
02291 off_t begin = 0;
02292
02293 char type;
02294 int count, sub_count;
02295 int i,j;
02296 u_int member_count = 0;
02297 struct rsbac_acl_group_entry_t * entry_p;
02298 rsbac_uid_t * user_p;
02299 rsbac_acl_group_id_t * group_p;
02300 rsbac_time_t * ttl_p;
02301
02302 union rsbac_target_id_t rsbac_target_id;
02303 union rsbac_attribute_value_t rsbac_attribute_value;
02304
02305 if (!rsbac_is_initialized())
02306 {
02307 rsbac_printk(KERN_WARNING "acl_grouplist_proc_info(): RSBAC not initialized\n");
02308 return(-RSBAC_ENOTINITIALIZED);
02309 }
02310 #ifdef CONFIG_RSBAC_DEBUG
02311 if (rsbac_debug_aef_acl)
02312 {
02313 rsbac_printk(KERN_DEBUG "acl_grouplist_proc_info(): calling ADF\n");
02314 }
02315 #endif
02316 rsbac_target_id.scd = ST_rsbac;
02317 rsbac_attribute_value.dummy = 0;
02318 if (!rsbac_adf_request(R_GET_STATUS_DATA,
02319 current->pid,
02320 T_SCD,
02321 rsbac_target_id,
02322 A_none,
02323 rsbac_attribute_value))
02324 {
02325 return -EPERM;
02326 }
02327
02328 len += sprintf(buffer, "ACL Groups\n----------\n");
02329
02330
02331 len += sprintf(buffer + len, "Group list: %li groups, last new is %u\nID\ttype name\t\towner\n",
02332 rsbac_list_count(group_handle), group_last_new);
02333 pos = begin + len;
02334 if (pos < offset)
02335 {
02336 len = 0;
02337 begin = pos;
02338 }
02339 if (pos > offset+length)
02340 {
02341 goto out;
02342 }
02343
02344 count = rsbac_list_get_all_data(group_handle, (void **) &entry_p);
02345 if(count > 0)
02346 {
02347 for(i=0; i<count; i++)
02348 {
02349 if(entry_p[i].type == ACLG_GLOBAL)
02350 type = 'G';
02351 else
02352 type = 'P';
02353 len += sprintf(buffer + len, "%u\t%c %-18s %u\n",
02354 entry_p[i].id,
02355 type,
02356 entry_p[i].name,
02357 entry_p[i].owner);
02358 pos = begin + len;
02359 if (pos < offset)
02360 {
02361 len = 0;
02362 begin = pos;
02363 }
02364 if (pos > offset+length)
02365 {
02366 rsbac_vfree(entry_p);
02367 goto out;
02368 }
02369 }
02370 rsbac_vfree(entry_p);
02371 }
02372
02373
02374 member_count = 0;
02375 len += sprintf(buffer + len, "\nGroup memberships:\nuser count\tgroups");
02376 pos = begin + len;
02377 if (pos < offset)
02378 {
02379 len = 0;
02380 begin = pos;
02381 }
02382 if (pos > offset+length)
02383 {
02384 goto out;
02385 }
02386
02387 count = rsbac_list_lol_get_all_desc(gm_handle, (void **) &user_p);
02388 if(count > 0)
02389 {
02390 for(i=0; i<count; i++)
02391 {
02392 sub_count = rsbac_list_lol_get_all_subdesc_ttl(gm_handle,
02393 &user_p[i],
02394 (void **) &group_p,
02395 &ttl_p);
02396 len += sprintf(buffer + len, "\n%u\t%i\t",
02397 user_p[i],
02398 sub_count);
02399 pos = begin + len;
02400 if (pos < offset)
02401 {
02402 len = 0;
02403 begin = pos;
02404 }
02405 if (pos > offset+length)
02406 {
02407 rsbac_vfree(user_p);
02408 goto out;
02409 }
02410
02411 if(sub_count > 0)
02412 {
02413 for(j=0; j<sub_count; j++)
02414 {
02415 if(ttl_p[j])
02416 len += sprintf(buffer + len, "%u(ttl:%i) ",
02417 group_p[j], ttl_p[j]);
02418 else
02419 len += sprintf(buffer + len, "%u ",
02420 group_p[j]);
02421 pos = begin + len;
02422 if (pos < offset)
02423 {
02424 len = 0;
02425 begin = pos;
02426 }
02427 if (pos > offset+length)
02428 {
02429 rsbac_vfree(group_p);
02430 rsbac_vfree(user_p);
02431 goto out;
02432 }
02433 }
02434 member_count+=sub_count;
02435 rsbac_vfree(group_p);
02436 rsbac_vfree(ttl_p);
02437 }
02438 }
02439 rsbac_vfree(user_p);
02440 }
02441 len += sprintf(buffer + len, "\n\n%u user items, sum of %u memberships\n",
02442 count,member_count);
02443 pos = begin + len;
02444 if (pos < offset)
02445 {
02446 len = 0;
02447 begin = pos;
02448 }
02449 if (pos > offset+length)
02450 goto out;
02451
02452 out:
02453 *start = buffer + (offset - begin);
02454 len -= (offset - begin);
02455
02456 if (len > length)
02457 len = length;
02458 return len;
02459 }
02460
02461 #endif
02462
02463
02464
02465
02466
02467
02468
02469
02470
02471
02472
02473
02474
02475
02476 #ifdef CONFIG_RSBAC_INIT_DELAY
02477 static void registration_error(int err, char * listname)
02478 #else
02479 static void __init registration_error(int err, char * listname)
02480 #endif
02481 {
02482 if(err)
02483 {
02484 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02485
02486 if(tmp)
02487 {
02488 rsbac_printk(KERN_WARNING
02489 "rsbac_init_acl(): Registering ACL %s list failed with error %s\n",
02490 listname,
02491 get_error_name(tmp, err));
02492 rsbac_kfree(tmp);
02493 }
02494 }
02495 }
02496
02497
02498
02499
02500 #ifdef CONFIG_RSBAC_INIT_DELAY
02501 int rsbac_init_acl(void)
02502 #else
02503 int __init rsbac_init_acl(void)
02504 #endif
02505 {
02506 int err = 0;
02507 struct rsbac_acl_device_list_item_t * device_p = NULL;
02508 char tmp[80];
02509 u_long flags;
02510 struct proc_dir_entry * tmp_entry_p;
02511 struct rsbac_list_lol_info_t lol_info;
02512 struct rsbac_list_info_t list_info;
02513 rsbac_acl_rights_vector_t def_mask;
02514
02515 if (rsbac_is_initialized())
02516 {
02517 rsbac_printk(KERN_WARNING "rsbac_init_acl(): RSBAC already initialized\n");
02518 return(-RSBAC_EREINIT);
02519 }
02520
02521
02522 rsbac_printk(KERN_INFO "rsbac_init_acl(): Initializing RSBAC: ACL subsystem\n");
02523
02524
02525 device_list_head.lock = RW_LOCK_UNLOCKED;
02526 device_list_head.head = NULL;
02527 device_list_head.tail = NULL;
02528 device_list_head.curr = NULL;
02529 device_list_head.count = 0;
02530
02531
02532 #ifdef CONFIG_RSBAC_DEBUG
02533 if (rsbac_debug_ds_acl)
02534 {
02535 rsbac_printk(KERN_DEBUG "rsbac_init_acl(): Registering lists\n");
02536 }
02537 #endif
02538 device_p = create_device_item(rsbac_root_dev);
02539 if (!device_p)
02540 {
02541 rsbac_printk(KERN_CRIT "rsbac_init_acl(): Could not create device!\n");
02542 return(-RSBAC_ECOULDNOTADDDEVICE);
02543 }
02544 if((err = acl_register_fd_lists(device_p,rsbac_root_dev)))
02545 {
02546 rsbac_printk(KERN_WARNING
02547 "rsbac_init_acl(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
02548 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err));
02549 }
02550
02551 rsbac_write_lock_irq(&device_list_head.lock, &flags);
02552 device_p = add_device_item(device_p);
02553
02554 rsbac_write_unlock_irq(&device_list_head.lock, &flags);
02555 if (!device_p)
02556 {
02557 rsbac_printk(KERN_CRIT "rsbac_init_acl(): Could not add device!\n");
02558 return(-RSBAC_ECOULDNOTADDDEVICE);
02559 }
02560
02561 list_info.version = RSBAC_ACL_DEF_FD_LIST_VERSION;
02562 list_info.key = RSBAC_ACL_LIST_KEY;
02563 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02564 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02565 list_info.max_age = 0;
02566 err = rsbac_list_register(RSBAC_LIST_VERSION,
02567 &default_fd_handle,
02568 &list_info,
02569 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02570 RSBAC_LIST_BACKUP |
02571 #endif
02572 RSBAC_LIST_PERSIST,
02573 entry_compare,
02574 def_fd_get_conv,
02575 NULL,
02576 RSBAC_ACL_DEF_FD_FILENAME,
02577 RSBAC_AUTO_DEV);
02578 if(err)
02579 {
02580 registration_error(err, "default fd");
02581 }
02582 if(!rsbac_no_defaults && !rsbac_list_count(default_fd_handle))
02583 {
02584 struct rsbac_acl_entry_desc_t desc;
02585 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_FD_ENTRY;
02586 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_FD_ENTRY;
02587 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_FD_ENTRY;
02588
02589 rsbac_printk(KERN_WARNING
02590 "rsbac_init_acl(): File/Dir default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02591 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02592 desc.subj_type = acman_entry.subj_type;
02593 desc.subj_id = acman_entry.subj_id;
02594 rsbac_list_add(default_fd_handle, &desc, &acman_entry.rights);
02595 desc.subj_type = sysadm_entry.subj_type;
02596 desc.subj_id = sysadm_entry.subj_id;
02597 rsbac_list_add(default_fd_handle, &desc, &sysadm_entry.rights);
02598 desc.subj_type = gen_entry.subj_type;
02599 desc.subj_id = gen_entry.subj_id;
02600 rsbac_list_add(default_fd_handle, &desc, &gen_entry.rights);
02601 }
02602
02603 lol_info.version = RSBAC_ACL_DEV_LIST_VERSION;
02604 lol_info.key = RSBAC_ACL_LIST_KEY;
02605 lol_info.desc_size = sizeof(struct rsbac_dev_desc_t);
02606 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02607 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
02608 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
02609 lol_info.max_age = 0;
02610 def_mask=RSBAC_ACL_DEFAULT_DEV_MASK;
02611 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02612 &dev_handle,
02613 &lol_info,
02614 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02615 RSBAC_LIST_BACKUP |
02616 #endif
02617 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
02618 dev_compare,
02619 entry_compare,
02620 dev_get_conv,
02621 dev_get_subconv,
02622 &def_mask,
02623 NULL,
02624 RSBAC_ACL_DEV_FILENAME,
02625 RSBAC_AUTO_DEV);
02626 if(err)
02627 {
02628 registration_error(err, "dev");
02629 }
02630 lol_info.version = RSBAC_ACL_DEV_LIST_VERSION;
02631 lol_info.key = RSBAC_ACL_LIST_KEY;
02632 lol_info.desc_size = sizeof(struct rsbac_dev_desc_t);
02633 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02634 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
02635 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
02636 lol_info.max_age = 0;
02637 def_mask=RSBAC_ACL_DEFAULT_DEV_MASK;
02638 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02639 &dev_major_handle,
02640 &lol_info,
02641 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02642 RSBAC_LIST_BACKUP |
02643 #endif
02644 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
02645 dev_major_compare,
02646 entry_compare,
02647 dev_get_conv,
02648 dev_get_subconv,
02649 &def_mask,
02650 NULL,
02651 RSBAC_ACL_DEV_MAJOR_FILENAME,
02652 RSBAC_AUTO_DEV);
02653 if(err)
02654 {
02655 registration_error(err, "dev major");
02656 }
02657 list_info.version = RSBAC_ACL_DEF_DEV_LIST_VERSION;
02658 list_info.key = RSBAC_ACL_LIST_KEY;
02659 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02660 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02661 list_info.max_age = 0;
02662 err = rsbac_list_register(RSBAC_LIST_VERSION,
02663 &default_dev_handle,
02664 &list_info,
02665 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02666 RSBAC_LIST_BACKUP |
02667 #endif
02668 RSBAC_LIST_PERSIST,
02669 entry_compare,
02670 def_dev_get_conv,
02671 NULL,
02672 RSBAC_ACL_DEF_DEV_FILENAME,
02673 RSBAC_AUTO_DEV);
02674 if(err)
02675 {
02676 registration_error(err, "default dev");
02677 }
02678 if(!rsbac_no_defaults && !rsbac_list_count(default_dev_handle))
02679 {
02680 struct rsbac_acl_entry_desc_t desc;
02681 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_DEV_ENTRY;
02682 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_DEV_ENTRY;
02683 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_DEV_ENTRY;
02684
02685 rsbac_printk(KERN_WARNING
02686 "rsbac_init_acl(): Device default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02687 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02688 desc.subj_type = acman_entry.subj_type;
02689 desc.subj_id = acman_entry.subj_id;
02690 rsbac_list_add(default_dev_handle, &desc, &acman_entry.rights);
02691 desc.subj_type = sysadm_entry.subj_type;
02692 desc.subj_id = sysadm_entry.subj_id;
02693 rsbac_list_add(default_dev_handle, &desc, &sysadm_entry.rights);
02694 desc.subj_type = gen_entry.subj_type;
02695 desc.subj_id = gen_entry.subj_id;
02696 rsbac_list_add(default_dev_handle, &desc, &gen_entry.rights);
02697 }
02698
02699 list_info.version = RSBAC_ACL_DEF_IPC_LIST_VERSION;
02700 list_info.key = RSBAC_ACL_LIST_KEY;
02701 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02702 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02703 list_info.max_age = 0;
02704 err = rsbac_list_register(RSBAC_LIST_VERSION,
02705 &default_ipc_handle,
02706 &list_info,
02707 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02708 RSBAC_LIST_BACKUP |
02709 #endif
02710 RSBAC_LIST_PERSIST,
02711 entry_compare,
02712 def_ipc_get_conv,
02713 NULL,
02714 RSBAC_ACL_DEF_IPC_FILENAME,
02715 RSBAC_AUTO_DEV);
02716 if(err)
02717 {
02718 registration_error(err, "default ipc");
02719 }
02720 if(!rsbac_no_defaults && !rsbac_list_count(default_ipc_handle))
02721 {
02722 struct rsbac_acl_entry_desc_t desc;
02723 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_IPC_ENTRY;
02724 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_IPC_ENTRY;
02725 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_IPC_ENTRY;
02726
02727 rsbac_printk(KERN_WARNING
02728 "rsbac_init_acl(): IPC default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02729 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02730 desc.subj_type = acman_entry.subj_type;
02731 desc.subj_id = acman_entry.subj_id;
02732 rsbac_list_add(default_ipc_handle, &desc, &acman_entry.rights);
02733 desc.subj_type = sysadm_entry.subj_type;
02734 desc.subj_id = sysadm_entry.subj_id;
02735 rsbac_list_add(default_ipc_handle, &desc, &sysadm_entry.rights);
02736 desc.subj_type = gen_entry.subj_type;
02737 desc.subj_id = gen_entry.subj_id;
02738 rsbac_list_add(default_ipc_handle, &desc, &gen_entry.rights);
02739 }
02740
02741 lol_info.version = RSBAC_ACL_SCD_LIST_VERSION;
02742 lol_info.key = RSBAC_ACL_LIST_KEY;
02743 lol_info.desc_size = sizeof(__u8);
02744 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02745 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
02746 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
02747 lol_info.max_age = 0;
02748 def_mask=RSBAC_ACL_DEFAULT_SCD_MASK;
02749 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02750 &scd_handle,
02751 &lol_info,
02752 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02753 RSBAC_LIST_BACKUP |
02754 #endif
02755 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
02756 NULL,
02757 entry_compare,
02758 scd_get_conv,
02759 scd_get_subconv,
02760 &def_mask,
02761 NULL,
02762 RSBAC_ACL_SCD_FILENAME,
02763 RSBAC_AUTO_DEV);
02764 if(err)
02765 {
02766 registration_error(err, "scd");
02767 }
02768 if(!rsbac_no_defaults && !rsbac_list_lol_count(scd_handle))
02769 {
02770 struct rsbac_acl_entry_desc_t desc;
02771 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_SCD_MASK;
02772 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_SCD_ENTRY;
02773 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
02774 struct rsbac_acl_entry_t gen_ioports_entry = RSBAC_ACL_GENERAL_SCD_IOPORTS_ENTRY;
02775 #endif
02776 struct rsbac_acl_entry_t gen_other_entry = RSBAC_ACL_GENERAL_SCD_OTHER_ENTRY;
02777 struct rsbac_acl_entry_t gen_network_entry = RSBAC_ACL_GENERAL_SCD_NETWORK_ENTRY;
02778 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_SCD_ENTRY;
02779 struct rsbac_acl_entry_t sysadm_other_entry = RSBAC_ACL_SYSADM_SCD_OTHER_ENTRY;
02780 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
02781 struct rsbac_acl_entry_t sysadm_kmem_entry = RSBAC_ACL_SYSADM_SCD_KMEM_ENTRY;
02782 #endif
02783 struct rsbac_acl_entry_t acman_other_entry = RSBAC_ACL_ACMAN_SCD_OTHER_ENTRY;
02784 struct rsbac_acl_entry_t auditor_rsbaclog_entry = RSBAC_ACL_AUDITOR_SCD_RSBACLOG_ENTRY;
02785 __u8 scd;
02786
02787 rsbac_printk(KERN_WARNING
02788 "rsbac_init_acl(): SCD ACLs empty on dev %02u:%02u, generating standard entries!\n",
02789 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02790 scd = ST_rlimit;
02791 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02792 {
02793 desc.subj_type = gen_entry.subj_type;
02794 desc.subj_id = gen_entry.subj_id;
02795 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &gen_entry.rights);
02796 }
02797 for(scd=ST_time_strucs; scd<=ST_rsbac; scd++)
02798 {
02799 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02800 {
02801 desc.subj_type = sysadm_entry.subj_type;
02802 desc.subj_id = sysadm_entry.subj_id;
02803 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_entry.rights);
02804 }
02805 }
02806 scd = ST_rsbaclog;
02807 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02808 {
02809 desc.subj_type = auditor_rsbaclog_entry.subj_type;
02810 desc.subj_id = auditor_rsbaclog_entry.subj_id;
02811 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &auditor_rsbaclog_entry.rights);
02812 }
02813 scd=ST_network;
02814 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02815 {
02816 desc.subj_type = sysadm_entry.subj_type;
02817 desc.subj_id = sysadm_entry.subj_id;
02818 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_entry.rights);
02819 desc.subj_type = gen_network_entry.subj_type;
02820 desc.subj_id = gen_network_entry.subj_id;
02821 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &gen_network_entry.rights);
02822 }
02823 scd=ST_firewall;
02824 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02825 {
02826 desc.subj_type = sysadm_entry.subj_type;
02827 desc.subj_id = sysadm_entry.subj_id;
02828 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_entry.rights);
02829 desc.subj_type = gen_network_entry.subj_type;
02830 desc.subj_id = gen_network_entry.subj_id;
02831 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &gen_network_entry.rights);
02832 }
02833 scd=ST_priority;
02834 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02835 {
02836 desc.subj_type = sysadm_entry.subj_type;
02837 desc.subj_id = sysadm_entry.subj_id;
02838 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_entry.rights);
02839 }
02840 scd=ST_sysfs;
02841 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02842 {
02843 desc.subj_type = sysadm_entry.subj_type;
02844 desc.subj_id = sysadm_entry.subj_id;
02845 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_entry.rights);
02846 }
02847 for(scd = ST_quota; scd < ST_none; scd++)
02848 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02849 {
02850 desc.subj_type = sysadm_entry.subj_type;
02851 desc.subj_id = sysadm_entry.subj_id;
02852 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_entry.rights);
02853 }
02854 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
02855 scd = ST_ioports;
02856 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02857 {
02858 desc.subj_type = gen_ioports_entry.subj_type;
02859 desc.subj_id = gen_ioports_entry.subj_id;
02860 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &gen_ioports_entry.rights);
02861 }
02862 scd = ST_kmem;
02863 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02864 {
02865 desc.subj_type = sysadm_kmem_entry.subj_type;
02866 desc.subj_id = sysadm_kmem_entry.subj_id;
02867 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_kmem_entry.rights);
02868 }
02869 #endif
02870
02871 scd = ST_other;
02872 if(!rsbac_list_lol_add(scd_handle, &scd, &mask))
02873 {
02874 desc.subj_type = sysadm_other_entry.subj_type;
02875 desc.subj_id = sysadm_other_entry.subj_id;
02876 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &sysadm_other_entry.rights);
02877 desc.subj_type = acman_other_entry.subj_type;
02878 desc.subj_id = acman_other_entry.subj_id;
02879 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &acman_other_entry.rights);
02880 desc.subj_type = gen_other_entry.subj_type;
02881 desc.subj_id = gen_other_entry.subj_id;
02882 rsbac_list_lol_subadd(scd_handle, &scd, &desc, &gen_other_entry.rights);
02883 }
02884 }
02885
02886 list_info.version = RSBAC_ACL_DEF_SCD_LIST_VERSION;
02887 list_info.key = RSBAC_ACL_LIST_KEY;
02888 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02889 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02890 list_info.max_age = 0;
02891 err = rsbac_list_register(RSBAC_LIST_VERSION,
02892 &default_scd_handle,
02893 &list_info,
02894 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02895 RSBAC_LIST_BACKUP |
02896 #endif
02897 RSBAC_LIST_PERSIST,
02898 entry_compare,
02899 def_scd_get_conv,
02900 NULL,
02901 RSBAC_ACL_DEF_SCD_FILENAME,
02902 RSBAC_AUTO_DEV);
02903 if(err)
02904 {
02905 registration_error(err, "default scd");
02906 }
02907 if(!rsbac_no_defaults && !rsbac_list_count(default_scd_handle))
02908 {
02909 struct rsbac_acl_entry_desc_t desc;
02910 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_SCD_ENTRY;
02911
02912 rsbac_printk(KERN_WARNING
02913 "rsbac_init_acl(): SCD default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02914 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02915 desc.subj_type = acman_entry.subj_type;
02916 desc.subj_id = acman_entry.subj_id;
02917 rsbac_list_add(default_scd_handle, &desc, &acman_entry.rights);
02918 }
02919
02920 lol_info.version = RSBAC_ACL_U_LIST_VERSION;
02921 lol_info.key = RSBAC_ACL_LIST_KEY;
02922 lol_info.desc_size = sizeof(rsbac_uid_t);
02923 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02924 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
02925 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
02926 lol_info.max_age = 0;
02927 def_mask=RSBAC_ACL_DEFAULT_U_MASK;
02928 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02929 &u_handle,
02930 &lol_info,
02931 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02932 RSBAC_LIST_BACKUP |
02933 #endif
02934 RSBAC_LIST_PERSIST,
02935 rsbac_list_compare_u32,
02936 entry_compare,
02937 NULL,
02938 NULL,
02939 &def_mask,
02940 NULL,
02941 RSBAC_ACL_U_FILENAME,
02942 RSBAC_AUTO_DEV);
02943 if(err)
02944 {
02945 registration_error(err, "user");
02946 }
02947 list_info.version = RSBAC_ACL_DEF_U_LIST_VERSION;
02948 list_info.key = RSBAC_ACL_LIST_KEY;
02949 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02950 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02951 list_info.max_age = 0;
02952 err = rsbac_list_register(RSBAC_LIST_VERSION,
02953 &default_u_handle,
02954 &list_info,
02955 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02956 RSBAC_LIST_BACKUP |
02957 #endif
02958 RSBAC_LIST_PERSIST,
02959 entry_compare,
02960 def_u_get_conv,
02961 NULL,
02962 RSBAC_ACL_DEF_U_FILENAME,
02963 RSBAC_AUTO_DEV);
02964 if(err)
02965 {
02966 registration_error(err, "default user");
02967 }
02968 if(!rsbac_no_defaults && !rsbac_list_count(default_u_handle))
02969 {
02970 struct rsbac_acl_entry_desc_t desc;
02971 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_U_ENTRY;
02972 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_U_ENTRY;
02973 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_U_ENTRY;
02974
02975 rsbac_printk(KERN_WARNING
02976 "rsbac_init_acl(): User default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02977 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
02978 desc.subj_type = sysadm_entry.subj_type;
02979 desc.subj_id = sysadm_entry.subj_id;
02980 rsbac_list_add(default_u_handle, &desc, &sysadm_entry.rights);
02981 desc.subj_type = acman_entry.subj_type;
02982 desc.subj_id = acman_entry.subj_id;
02983 rsbac_list_add(default_u_handle, &desc, &acman_entry.rights);
02984 desc.subj_type = gen_entry.subj_type;
02985 desc.subj_id = gen_entry.subj_id;
02986 rsbac_list_add(default_u_handle, &desc, &gen_entry.rights);
02987 }
02988
02989 list_info.version = RSBAC_ACL_DEF_P_LIST_VERSION;
02990 list_info.key = RSBAC_ACL_LIST_KEY;
02991 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
02992 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
02993 list_info.max_age = 0;
02994 err = rsbac_list_register(RSBAC_LIST_VERSION,
02995 &default_p_handle,
02996 &list_info,
02997 #if defined(CONFIG_RSBAC_ACL_BACKUP)
02998 RSBAC_LIST_BACKUP |
02999 #endif
03000 RSBAC_LIST_PERSIST,
03001 entry_compare,
03002 def_p_get_conv,
03003 NULL,
03004 RSBAC_ACL_DEF_P_FILENAME,
03005 RSBAC_AUTO_DEV);
03006 if(err)
03007 {
03008 registration_error(err, "default process");
03009 }
03010 if(!rsbac_no_defaults && !rsbac_list_count(default_p_handle))
03011 {
03012 struct rsbac_acl_entry_desc_t desc;
03013 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_P_ENTRY;
03014 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_P_ENTRY;
03015 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_P_ENTRY;
03016
03017 rsbac_printk(KERN_WARNING
03018 "rsbac_init_acl(): Process default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03019 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03020 desc.subj_type = sysadm_entry.subj_type;
03021 desc.subj_id = sysadm_entry.subj_id;
03022 rsbac_list_add(default_p_handle, &desc, &sysadm_entry.rights);
03023 desc.subj_type = acman_entry.subj_type;
03024 desc.subj_id = acman_entry.subj_id;
03025 rsbac_list_add(default_p_handle, &desc, &acman_entry.rights);
03026 desc.subj_type = gen_entry.subj_type;
03027 desc.subj_id = gen_entry.subj_id;
03028 rsbac_list_add(default_p_handle, &desc, &gen_entry.rights);
03029 }
03030
03031 #ifdef CONFIG_RSBAC_ACL_UM_PROT
03032 lol_info.version = RSBAC_ACL_G_LIST_VERSION;
03033 lol_info.key = RSBAC_ACL_LIST_KEY;
03034 lol_info.desc_size = sizeof(rsbac_gid_t);
03035 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03036 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
03037 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
03038 lol_info.max_age = 0;
03039 def_mask=RSBAC_ACL_DEFAULT_G_MASK;
03040 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03041 &g_handle,
03042 &lol_info,
03043 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03044 RSBAC_LIST_BACKUP |
03045 #endif
03046 RSBAC_LIST_PERSIST,
03047 rsbac_list_compare_u32,
03048 entry_compare,
03049 NULL,
03050 NULL,
03051 &def_mask,
03052 NULL,
03053 RSBAC_ACL_G_FILENAME,
03054 RSBAC_AUTO_DEV);
03055 if(err)
03056 {
03057 registration_error(err, "Linux group");
03058 }
03059 list_info.version = RSBAC_ACL_DEF_G_LIST_VERSION;
03060 list_info.key = RSBAC_ACL_LIST_KEY;
03061 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
03062 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03063 list_info.max_age = 0;
03064 err = rsbac_list_register(RSBAC_LIST_VERSION,
03065 &default_g_handle,
03066 &list_info,
03067 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03068 RSBAC_LIST_BACKUP |
03069 #endif
03070 RSBAC_LIST_PERSIST,
03071 entry_compare,
03072 def_g_get_conv,
03073 NULL,
03074 RSBAC_ACL_DEF_G_FILENAME,
03075 RSBAC_AUTO_DEV);
03076 if(err)
03077 {
03078 registration_error(err, "default Linux group");
03079 }
03080 if(!rsbac_no_defaults && !rsbac_list_count(default_g_handle))
03081 {
03082 struct rsbac_acl_entry_desc_t desc;
03083 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_G_ENTRY;
03084 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_G_ENTRY;
03085 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_G_ENTRY;
03086
03087 rsbac_printk(KERN_WARNING
03088 "rsbac_init_acl(): Linux group default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03089 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03090 desc.subj_type = sysadm_entry.subj_type;
03091 desc.subj_id = sysadm_entry.subj_id;
03092 rsbac_list_add(default_g_handle, &desc, &sysadm_entry.rights);
03093 desc.subj_type = acman_entry.subj_type;
03094 desc.subj_id = acman_entry.subj_id;
03095 rsbac_list_add(default_g_handle, &desc, &acman_entry.rights);
03096 desc.subj_type = gen_entry.subj_type;
03097 desc.subj_id = gen_entry.subj_id;
03098 rsbac_list_add(default_g_handle, &desc, &gen_entry.rights);
03099 }
03100 #endif
03101
03102 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
03103 lol_info.version = RSBAC_ACL_NETDEV_LIST_VERSION;
03104 lol_info.key = RSBAC_ACL_LIST_KEY;
03105 lol_info.desc_size = sizeof(rsbac_netdev_id_t);
03106 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03107 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
03108 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
03109 lol_info.max_age = 0;
03110 def_mask=RSBAC_ACL_DEFAULT_NETDEV_MASK;
03111 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03112 &netdev_handle,
03113 &lol_info,
03114 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03115 RSBAC_LIST_BACKUP |
03116 #endif
03117 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
03118 netdev_compare,
03119 entry_compare,
03120 netdev_get_conv,
03121 netdev_get_subconv,
03122 &def_mask,
03123 NULL,
03124 RSBAC_ACL_NETDEV_FILENAME,
03125 RSBAC_AUTO_DEV);
03126 if(err)
03127 {
03128 registration_error(err, "netdev");
03129 }
03130 list_info.version = RSBAC_ACL_DEF_NETDEV_LIST_VERSION;
03131 list_info.key = RSBAC_ACL_LIST_KEY;
03132 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
03133 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03134 list_info.max_age = 0;
03135 err = rsbac_list_register(RSBAC_LIST_VERSION,
03136 &default_netdev_handle,
03137 &list_info,
03138 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03139 RSBAC_LIST_BACKUP |
03140 #endif
03141 RSBAC_LIST_PERSIST,
03142 entry_compare,
03143 def_netdev_get_conv,
03144 NULL,
03145 RSBAC_ACL_DEF_NETDEV_FILENAME,
03146 RSBAC_AUTO_DEV);
03147 if(err)
03148 {
03149 registration_error(err, "default netdev");
03150 }
03151 if(!rsbac_no_defaults && !rsbac_list_count(default_netdev_handle))
03152 {
03153 struct rsbac_acl_entry_desc_t desc;
03154 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_NETDEV_ENTRY;
03155 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_NETDEV_ENTRY;
03156 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_NETDEV_ENTRY;
03157
03158 rsbac_printk(KERN_WARNING
03159 "rsbac_init_acl(): Network Device default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03160 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03161 desc.subj_type = acman_entry.subj_type;
03162 desc.subj_id = acman_entry.subj_id;
03163 rsbac_list_add(default_netdev_handle, &desc, &acman_entry.rights);
03164 desc.subj_type = sysadm_entry.subj_type;
03165 desc.subj_id = sysadm_entry.subj_id;
03166 rsbac_list_add(default_netdev_handle, &desc, &sysadm_entry.rights);
03167 desc.subj_type = gen_entry.subj_type;
03168 desc.subj_id = gen_entry.subj_id;
03169 rsbac_list_add(default_netdev_handle, &desc, &gen_entry.rights);
03170 }
03171 #endif
03172
03173 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
03174 lol_info.version = RSBAC_ACL_NETTEMP_NT_LIST_VERSION;
03175 lol_info.key = RSBAC_ACL_LIST_KEY;
03176 lol_info.desc_size = sizeof(rsbac_net_temp_id_t);
03177 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03178 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
03179 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
03180 lol_info.max_age = 0;
03181 def_mask=RSBAC_ACL_DEFAULT_NETTEMP_MASK;
03182 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03183 &nettemp_nt_handle,
03184 &lol_info,
03185 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03186 RSBAC_LIST_BACKUP |
03187 #endif
03188 RSBAC_LIST_PERSIST,
03189 rsbac_list_compare_u32,
03190 entry_compare,
03191 nettemp_nt_get_conv,
03192 nettemp_nt_get_subconv,
03193 &def_mask,
03194 NULL,
03195 RSBAC_ACL_NETTEMP_NT_FILENAME,
03196 RSBAC_AUTO_DEV);
03197 if(err)
03198 {
03199 registration_error(err, "nettemp_nt");
03200 }
03201 list_info.version = RSBAC_ACL_DEF_NETTEMP_NT_LIST_VERSION;
03202 list_info.key = RSBAC_ACL_LIST_KEY;
03203 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
03204 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03205 list_info.max_age = 0;
03206 err = rsbac_list_register(RSBAC_LIST_VERSION,
03207 &default_nettemp_nt_handle,
03208 &list_info,
03209 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03210 RSBAC_LIST_BACKUP |
03211 #endif
03212 RSBAC_LIST_PERSIST,
03213 entry_compare,
03214 def_nettemp_nt_get_conv,
03215 NULL,
03216 RSBAC_ACL_DEF_NETTEMP_NT_FILENAME,
03217 RSBAC_AUTO_DEV);
03218 if(err)
03219 {
03220 registration_error(err, "default nettemp_nt");
03221 }
03222 if(!rsbac_no_defaults && !rsbac_list_count(default_nettemp_nt_handle))
03223 {
03224 struct rsbac_acl_entry_desc_t desc;
03225 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_NETTEMP_NT_ENTRY;
03226 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_NETTEMP_NT_ENTRY;
03227 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_NETTEMP_NT_ENTRY;
03228
03229 rsbac_printk(KERN_WARNING
03230 "rsbac_init_acl(): Network Template NT (template protection) default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03231 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03232 desc.subj_type = acman_entry.subj_type;
03233 desc.subj_id = acman_entry.subj_id;
03234 rsbac_list_add(default_nettemp_nt_handle, &desc, &acman_entry.rights);
03235 desc.subj_type = sysadm_entry.subj_type;
03236 desc.subj_id = sysadm_entry.subj_id;
03237 rsbac_list_add(default_nettemp_nt_handle, &desc, &sysadm_entry.rights);
03238 desc.subj_type = gen_entry.subj_type;
03239 desc.subj_id = gen_entry.subj_id;
03240 rsbac_list_add(default_nettemp_nt_handle, &desc, &gen_entry.rights);
03241 }
03242 lol_info.version = RSBAC_ACL_NETTEMP_LIST_VERSION;
03243 lol_info.key = RSBAC_ACL_LIST_KEY;
03244 lol_info.desc_size = sizeof(rsbac_net_temp_id_t);
03245 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03246 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
03247 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
03248 lol_info.max_age = 0;
03249 def_mask=RSBAC_ACL_DEFAULT_NETOBJ_MASK;
03250 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03251 &nettemp_handle,
03252 &lol_info,
03253 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03254 RSBAC_LIST_BACKUP |
03255 #endif
03256 RSBAC_LIST_PERSIST,
03257 rsbac_list_compare_u32,
03258 entry_compare,
03259 nettemp_get_conv,
03260 nettemp_get_subconv,
03261 &def_mask,
03262 NULL,
03263 RSBAC_ACL_NETTEMP_FILENAME,
03264 RSBAC_AUTO_DEV);
03265 if(err)
03266 {
03267 registration_error(err, "nettemp");
03268 }
03269 lol_info.version = RSBAC_ACL_NETOBJ_LIST_VERSION;
03270 lol_info.key = RSBAC_ACL_LIST_KEY;
03271 lol_info.desc_size = sizeof(rsbac_net_obj_id_t);
03272 lol_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03273 lol_info.subdesc_size = sizeof(struct rsbac_acl_entry_desc_t);
03274 lol_info.subdata_size = sizeof(rsbac_acl_rights_vector_t);
03275 lol_info.max_age = 0;
03276 def_mask=RSBAC_ACL_DEFAULT_NETOBJ_MASK;
03277 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03278 &netobj_handle,
03279 &lol_info,
03280 0,
03281 rsbac_list_compare_u32,
03282 entry_compare,
03283 NULL,
03284 NULL,
03285 &def_mask,
03286 NULL,
03287 RSBAC_ACL_NETOBJ_FILENAME,
03288 RSBAC_AUTO_DEV);
03289 if(err)
03290 {
03291 registration_error(err, "netobj");
03292 }
03293 list_info.version = RSBAC_ACL_DEF_NETOBJ_LIST_VERSION;
03294 list_info.key = RSBAC_ACL_LIST_KEY;
03295 list_info.desc_size = sizeof(struct rsbac_acl_entry_desc_t);
03296 list_info.data_size = sizeof(rsbac_acl_rights_vector_t);
03297 list_info.max_age = 0;
03298 err = rsbac_list_register(RSBAC_LIST_VERSION,
03299 &default_netobj_handle,
03300 &list_info,
03301 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03302 RSBAC_LIST_BACKUP |
03303 #endif
03304 RSBAC_LIST_PERSIST,
03305 entry_compare,
03306 def_netobj_get_conv,
03307 NULL,
03308 RSBAC_ACL_DEF_NETOBJ_FILENAME,
03309 RSBAC_AUTO_DEV);
03310 if(err)
03311 {
03312 registration_error(err, "default netobj");
03313 }
03314 if(!rsbac_no_defaults && !rsbac_list_count(default_netobj_handle))
03315 {
03316 struct rsbac_acl_entry_desc_t desc;
03317 struct rsbac_acl_entry_t acman_entry = RSBAC_ACL_ACMAN_NETOBJ_ENTRY;
03318 struct rsbac_acl_entry_t sysadm_entry = RSBAC_ACL_SYSADM_NETOBJ_ENTRY;
03319 struct rsbac_acl_entry_t gen_entry = RSBAC_ACL_GENERAL_NETOBJ_ENTRY;
03320
03321 rsbac_printk(KERN_WARNING
03322 "rsbac_init_acl(): Network Object default ACL empty on dev %02u:%02u, generating standard ACL!\n",
03323 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03324 desc.subj_type = acman_entry.subj_type;
03325 desc.subj_id = acman_entry.subj_id;
03326 rsbac_list_add(default_netobj_handle, &desc, &acman_entry.rights);
03327 desc.subj_type = sysadm_entry.subj_type;
03328 desc.subj_id = sysadm_entry.subj_id;
03329 rsbac_list_add(default_netobj_handle, &desc, &sysadm_entry.rights);
03330 desc.subj_type = gen_entry.subj_type;
03331 desc.subj_id = gen_entry.subj_id;
03332 rsbac_list_add(default_netobj_handle, &desc, &gen_entry.rights);
03333 }
03334 #endif
03335
03336
03337 list_info.version = RSBAC_ACL_GROUP_VERSION;
03338 list_info.key = RSBAC_ACL_LIST_KEY;
03339 list_info.desc_size = sizeof(rsbac_acl_group_id_t);
03340 list_info.data_size = sizeof(struct rsbac_acl_group_entry_t);
03341 list_info.max_age = 0;
03342 err = rsbac_list_register(RSBAC_LIST_VERSION,
03343 &group_handle,
03344 &list_info,
03345 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03346 RSBAC_LIST_BACKUP |
03347 #endif
03348 RSBAC_LIST_PERSIST,
03349 rsbac_list_compare_u32,
03350 NULL,
03351 NULL,
03352 RSBAC_ACL_GROUP_FILENAME,
03353 RSBAC_AUTO_DEV);
03354 if(err)
03355 {
03356 registration_error(err, "group");
03357 }
03358 if(!rsbac_no_defaults && !rsbac_list_count(group_handle))
03359 {
03360 rsbac_printk(KERN_WARNING
03361 "rsbac_init_acl(): Group list empty on dev %02u:%02u!\n",
03362 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03363 }
03364 else
03365 {
03366 rsbac_list_get_max_desc(group_handle, &group_last_new);
03367 }
03368
03369
03370 lol_info.version = RSBAC_ACL_GM_VERSION;
03371 lol_info.key = RSBAC_ACL_LIST_KEY;
03372 lol_info.desc_size = sizeof(rsbac_uid_t);
03373 lol_info.data_size = 0;
03374 lol_info.subdesc_size = sizeof(rsbac_acl_group_id_t);
03375 lol_info.subdata_size = 0;
03376 lol_info.max_age = 0;
03377 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
03378 &gm_handle,
03379 &lol_info,
03380 #if defined(CONFIG_RSBAC_ACL_BACKUP)
03381 RSBAC_LIST_BACKUP |
03382 #endif
03383 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
03384 rsbac_list_compare_u32,
03385 rsbac_list_compare_u32,
03386 NULL,
03387 NULL,
03388 NULL,
03389 NULL,
03390 RSBAC_ACL_GM_FILENAME,
03391 RSBAC_AUTO_DEV);
03392 if(err)
03393 {
03394 registration_error(err, "gm");
03395 }
03396 if(!rsbac_no_defaults && !rsbac_list_lol_count(gm_handle))
03397 {
03398 rsbac_printk(KERN_WARNING
03399 "rsbac_init_acl(): Group membership list empty on dev %02u:%02u!\n",
03400 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev));
03401 }
03402
03403 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
03404 tmp_entry_p = create_proc_entry("acl_devices",
03405 S_IFREG | S_IRUGO,
03406 proc_rsbac_root_p);
03407 if(tmp_entry_p)
03408 {
03409 tmp_entry_p->get_info = acl_devices_proc_info;
03410 }
03411 tmp_entry_p = create_proc_entry("stats_acl",
03412 S_IFREG | S_IRUGO,
03413 proc_rsbac_root_p);
03414 if(tmp_entry_p)
03415 {
03416 tmp_entry_p->get_info = stats_acl_proc_info;
03417 }
03418 tmp_entry_p = create_proc_entry("acl_acllist",
03419 S_IFREG | S_IRUGO,
03420 proc_rsbac_root_p);
03421 if(tmp_entry_p)
03422 {
03423 tmp_entry_p->get_info = acl_acllist_proc_info;
03424 }
03425 tmp_entry_p = create_proc_entry("acl_grouplist",
03426 S_IFREG | S_IRUGO,
03427 proc_rsbac_root_p);
03428 if(tmp_entry_p)
03429 {
03430 tmp_entry_p->get_info = acl_grouplist_proc_info;
03431 }
03432 #endif
03433
03434 #ifdef CONFIG_RSBAC_DEBUG
03435 if (rsbac_debug_ds_acl)
03436 {
03437 rsbac_printk(KERN_DEBUG "rsbac_init_acl(): Ready.\n");
03438 }
03439 #endif
03440 return(err);
03441 };
03442
03443 int rsbac_mount_acl(kdev_t kdev)
03444 {
03445 int err = 0;
03446 struct rsbac_acl_device_list_item_t * device_p;
03447 struct rsbac_acl_device_list_item_t * new_device_p;
03448 u_long flags;
03449
03450 if (!rsbac_is_initialized())
03451 {
03452 rsbac_printk(KERN_WARNING "rsbac_mount_acl(): RSBAC not initialized\n");
03453 return(-RSBAC_ENOTINITIALIZED);
03454 }
03455 #ifdef CONFIG_RSBAC_DEBUG
03456 if (rsbac_debug_ds_acl)
03457 {
03458 rsbac_printk(KERN_DEBUG "rsbac_mount_acl(): mounting device %02u:%02u\n",
03459 RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
03460 }
03461 #endif
03462
03463 rsbac_read_lock(&device_list_head.lock, &flags);
03464 device_p = acl_lookup_device(kdev);
03465
03466 if(device_p)
03467 {
03468 rsbac_printk(KERN_INFO "rsbac_mount_acl: repeated mount %u of device %02u:%02u\n",
03469 device_p->mount_count, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03470 device_p->mount_count++;
03471 rsbac_read_unlock(&device_list_head.lock, &flags);
03472 return 0;
03473 }
03474 rsbac_read_unlock(&device_list_head.lock, &flags);
03475
03476 new_device_p = create_device_item(kdev);
03477 if(!new_device_p)
03478 return -RSBAC_ECOULDNOTADDDEVICE;
03479
03480 if((err = acl_register_fd_lists(new_device_p, kdev)))
03481 {
03482 char * tmp;
03483
03484 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
03485 if(tmp)
03486 {
03487 rsbac_printk(KERN_WARNING
03488 "rsbac_mount_acl(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
03489 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp,err));
03490 rsbac_kfree(tmp);
03491 }
03492 }
03493
03494
03495 rsbac_read_lock(&device_list_head.lock, &flags);
03496
03497 device_p = acl_lookup_device(kdev);
03498 if(device_p)
03499 {
03500 rsbac_printk(KERN_WARNING
03501 "rsbac_mount_acl(): mount race for device %02u:%02u detected!\n",
03502 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03503 device_p->mount_count++;
03504
03505 clear_device_item(new_device_p);
03506 rsbac_read_unlock(&device_list_head.lock, &flags);
03507 }
03508 else
03509 {
03510 rsbac_read_unlock(&device_list_head.lock, &flags);
03511 rsbac_write_lock_irq(&device_list_head.lock, &flags);
03512 device_p = add_device_item(new_device_p);
03513 rsbac_write_unlock_irq(&device_list_head.lock, &flags);
03514 if(!device_p)
03515 {
03516 rsbac_printk(KERN_WARNING "rsbac_mount_acl: adding device %02u:%02u failed!\n",
03517 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03518
03519 clear_device_item(new_device_p);
03520 err = -RSBAC_ECOULDNOTADDDEVICE;
03521 }
03522 }
03523
03524 return(err);
03525 };
03526
03527
03528
03529 int rsbac_umount_acl(kdev_t kdev)
03530 {
03531 u_long flags;
03532 struct rsbac_acl_device_list_item_t * device_p;
03533
03534 if (!rsbac_is_initialized())
03535 {
03536 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
03537 return(-RSBAC_ENOTINITIALIZED);
03538 }
03539
03540 #ifdef CONFIG_RSBAC_DEBUG
03541 if (rsbac_debug_ds)
03542 {
03543 rsbac_printk(KERN_DEBUG "rsbac_umount_acl(): umounting device %02u:%02u\n",
03544 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03545 }
03546 #endif
03547
03548
03549 rsbac_write_lock(&device_list_head.lock, &flags);
03550
03551 device_p = acl_lookup_device(kdev);
03552 if(device_p)
03553 {
03554 if(device_p->mount_count == 1)
03555 remove_device_item(kdev);
03556 else
03557 {
03558 if(device_p->mount_count > 1)
03559 {
03560 device_p->mount_count--;
03561 }
03562 else
03563 {
03564 rsbac_printk(KERN_WARNING "rsbac_umount_acl: device %02u:%02u has mount_count < 1!\n",
03565 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03566 }
03567 }
03568 }
03569
03570 rsbac_write_unlock(&device_list_head.lock, &flags);
03571 return(0);
03572 };
03573
03574
03575
03576
03577 int rsbac_stats_acl(void)
03578 {
03579 u_int item_count = 0;
03580 u_int member_count = 0;
03581 int tmp_count;
03582 u_int i;
03583 u_long dflags;
03584 struct rsbac_acl_device_list_item_t * device_p;
03585
03586 union rsbac_target_id_t rsbac_target_id;
03587 union rsbac_attribute_value_t rsbac_attribute_value;
03588
03589 if (!rsbac_is_initialized())
03590 {
03591 rsbac_printk(KERN_WARNING "rsbac_stats_acl(): RSBAC not initialized\n");
03592 return(-RSBAC_ENOTINITIALIZED);
03593 }
03594 #ifdef CONFIG_RSBAC_DEBUG
03595 if (rsbac_debug_aef_acl)
03596 {
03597 rsbac_printk(KERN_DEBUG "rsbac_stats_acl(): calling ADF\n");
03598 }
03599 #endif
03600 rsbac_target_id.scd = ST_rsbac;
03601 rsbac_attribute_value.dummy = 0;
03602 if (!rsbac_adf_request(R_GET_STATUS_DATA,
03603 current->pid,
03604 T_SCD,
03605 rsbac_target_id,
03606 A_none,
03607 rsbac_attribute_value))
03608 {
03609 return -EPERM;
03610 }
03611
03612 rsbac_printk(KERN_INFO "ACL Status\n-----------\n");
03613
03614
03615 rsbac_read_lock(&device_list_head.lock, &dflags);
03616 device_p = device_list_head.head;
03617 while(device_p)
03618 {
03619
03620 item_count = 0;
03621 member_count = 0;
03622 for(i=0; i<RSBAC_ACL_NR_FD_LISTS; i++)
03623 {
03624 tmp_count = rsbac_list_lol_count(device_p->handles[i]);
03625 if(tmp_count > 0)
03626 item_count+=tmp_count;
03627 tmp_count = rsbac_list_lol_all_subcount(device_p->handles[i]);
03628 if(tmp_count > 0)
03629 member_count += tmp_count;
03630 }
03631 rsbac_printk(KERN_INFO
03632 "device %02u:%02u has %u file ACLs, sum of %u members\n",
03633 RSBAC_MAJOR(device_p->id),
03634 RSBAC_MINOR(device_p->id),
03635 item_count,
03636 member_count);
03637 device_p = device_p->next;
03638 }
03639
03640 rsbac_read_unlock(&device_list_head.lock, &dflags);
03641
03642
03643 rsbac_printk(KERN_INFO
03644 "%li device major ACL items, sum of %li members\n",
03645 rsbac_list_lol_count(dev_major_handle),
03646 rsbac_list_lol_all_subcount(dev_major_handle));
03647 rsbac_printk(KERN_INFO
03648 "%li device ACL items, sum of %li members\n",
03649 rsbac_list_lol_count(dev_handle),
03650 rsbac_list_lol_all_subcount(dev_handle));
03651
03652
03653 rsbac_printk(KERN_INFO
03654 "%li scd ACL items, sum of %li members\n",
03655 rsbac_list_lol_count(scd_handle),
03656 rsbac_list_lol_all_subcount(scd_handle));
03657
03658
03659 rsbac_printk(KERN_INFO
03660 "%li user ACL items, sum of %li members\n",
03661 rsbac_list_lol_count(u_handle),
03662 rsbac_list_lol_all_subcount(u_handle));
03663
03664 #ifdef CONFIG_RSBAC_ACL_UM_PROT
03665
03666 rsbac_printk(KERN_INFO
03667 "%li Linux group ACL items, sum of %li members\n",
03668 rsbac_list_lol_count(g_handle),
03669 rsbac_list_lol_all_subcount(g_handle));
03670 #endif
03671
03672 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
03673
03674 rsbac_printk(KERN_INFO
03675 "%li network device ACL items, sum of %li members\n",
03676 rsbac_list_lol_count(netdev_handle),
03677 rsbac_list_lol_all_subcount(netdev_handle));
03678 #endif
03679
03680 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
03681
03682 rsbac_printk(KERN_INFO
03683 "%li network template NT ACL items, sum of %li members\n",
03684 rsbac_list_lol_count(nettemp_nt_handle),
03685 rsbac_list_lol_all_subcount(nettemp_nt_handle));
03686
03687 rsbac_printk(KERN_INFO
03688 "%li network template ACL items, sum of %li members\n",
03689 rsbac_list_lol_count(nettemp_handle),
03690 rsbac_list_lol_all_subcount(nettemp_handle));
03691
03692 rsbac_printk(KERN_INFO
03693 "%li network object ACL items, sum of %li members\n",
03694 rsbac_list_lol_count(netobj_handle),
03695 rsbac_list_lol_all_subcount(netobj_handle));
03696 #endif
03697
03698 rsbac_printk(KERN_INFO
03699 "%li groups, last new is %u\n",
03700 rsbac_list_count(group_handle),
03701 group_last_new);
03702
03703
03704 rsbac_printk(KERN_INFO
03705 "%li group member items, sum of %li group memberships\n",
03706 rsbac_list_lol_count(gm_handle),
03707 rsbac_list_lol_all_subcount(gm_handle));
03708
03709 return(0);
03710 };
03711
03712
03713
03714
03715 int rsbac_check_acl(int correct, int check_inode)
03716 {
03717 struct rsbac_acl_device_list_item_t * device_p;
03718 u_long f_count = 0, f_sum = 0, tmp_count,
03719 r_count, u_count, b_count, no_member_count;
03720 int list_no;
03721 u_long dflags;
03722 long desc_count;
03723 long sub_desc_count;
03724 rsbac_inode_nr_t * fd_desc_p;
03725 struct rsbac_dev_desc_t * dev_desc_p;
03726 __u8 * scd_desc_p;
03727 rsbac_uid_t * u_desc_p;
03728 #ifdef CONFIG_RSBAC_ACL_UM_PROT
03729 rsbac_gid_t * g_desc_p;
03730 #endif
03731 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
03732 rsbac_netdev_id_t * netdev_desc_p;
03733 #endif
03734 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
03735 rsbac_net_temp_id_t * nettemp_desc_p;
03736 rsbac_net_obj_id_t * netobj_desc_p;
03737 #endif
03738 struct rsbac_acl_entry_desc_t * sub_desc_p;
03739 struct super_block * sb_p;
03740 struct inode * inode_p;
03741 rsbac_uid_t * user_p;
03742 rsbac_acl_group_id_t * group_p;
03743 u_int i,j;
03744
03745 if (!rsbac_is_initialized())
03746 {
03747 rsbac_printk(KERN_WARNING "rsbac_check_acl(): RSBAC not initialized\n");
03748 return(-RSBAC_ENOTINITIALIZED);
03749 }
03750
03751
03752 tmp_count = 0;
03753 desc_count = rsbac_list_lol_get_all_desc(gm_handle, (void **) &user_p);
03754 if(desc_count > 0)
03755 {
03756 for(i=0; i<desc_count; i++)
03757 {
03758 sub_desc_count = rsbac_list_lol_get_all_subdesc(gm_handle, &user_p[i], (void **) &group_p);
03759 if(sub_desc_count > 0)
03760 {
03761 for(j=0; j<sub_desc_count; j++)
03762 {
03763 if(!rsbac_list_exist(group_handle, &group_p[j]))
03764 {
03765 rsbac_printk(KERN_WARNING
03766 "rsbac_check_acl(): removing user %u membership in non-existent group %u!\n",
03767 user_p[i], group_p[j]);
03768 rsbac_list_lol_subremove(gm_handle, &user_p[i], &group_p[j]);
03769 }
03770 }
03771 rsbac_vfree(group_p);
03772 }
03773 else
03774 {
03775
03776 if(!sub_desc_count)
03777 rsbac_list_lol_remove(gm_handle, &user_p[i]);
03778 }
03779 }
03780 rsbac_vfree(user_p);
03781 }
03782
03783 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li group membership items\n",
03784 rsbac_list_lol_count(gm_handle));
03785
03786
03787 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li group items\n",
03788 rsbac_list_count(group_handle));
03789
03790
03791 rsbac_read_lock(&device_list_head.lock, &dflags);
03792
03793
03794
03795 device_p = device_list_head.head;
03796 while (device_p)
03797 {
03798 f_count = 0;
03799 r_count = 0;
03800 u_count = 0;
03801 b_count = 0;
03802 no_member_count = 0;
03803 if(check_inode)
03804 {
03805 sb_p = rsbac_get_super_block(device_p->id);
03806 if(!sb_p)
03807 {
03808 rsbac_printk(KERN_WARNING "rsbac_check_acl(): no super block for device %02u:%02u!\n",
03809 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
03810 }
03811 }
03812 else
03813 sb_p = NULL;
03814
03815
03816 for(list_no = 0; list_no < RSBAC_ACL_NR_FD_LISTS; list_no++)
03817 {
03818
03819
03820 tmp_count = 0;
03821 desc_count = rsbac_list_lol_get_all_desc(device_p->handles[list_no], (void **) &fd_desc_p);
03822 if(desc_count > 0)
03823 {
03824 for(i=0; i<desc_count; i++)
03825 {
03826
03827 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03828 if(sb_p)
03829 #else
03830 if(sb_p && !sb_p->s_op->read_inode2)
03831 #endif
03832 {
03833 inode_p = iget(sb_p, fd_desc_p[i]);
03834 if(is_bad_inode(inode_p))
03835 {
03836 b_count++;
03837 if(correct)
03838 {
03839 rsbac_printk(KERN_INFO
03840 "rsbac_check_acl(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
03841 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03842 rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
03843 continue;
03844 }
03845 else
03846 {
03847 rsbac_printk(KERN_INFO
03848 "rsbac_check_acl(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
03849 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03850 }
03851 }
03852 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
03853 else
03854 {
03855
03856 if(sb_p->s_magic == EXT2_SUPER_MAGIC)
03857 {
03858 if(inode_p->u.ext2_i.i_dtime)
03859 {
03860 r_count++;
03861 if(correct)
03862 {
03863 rsbac_printk(KERN_INFO
03864 "rsbac_check_acl(): fd_item for deleted inode %u on device %02u:%02u, list %u, removing!\n",
03865 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03866 rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
03867 continue;
03868 }
03869 else
03870 {
03871 rsbac_printk(KERN_INFO
03872 "rsbac_check_acl(): fd_item for deleted inode %u on device %02u:%02u, list %u!\n",
03873 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03874 }
03875 }
03876 else
03877 {
03878 if(inode_p->i_nlink <= 0)
03879 {
03880 u_count++;
03881 if(correct >= 2)
03882 {
03883 rsbac_printk(KERN_INFO
03884 "rsbac_check_acl(): fd_item for inode %u with nlink <= 0 on device %02u:%02u, list %u, removing!\n",
03885 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03886 rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
03887 continue;
03888 }
03889 else
03890 {
03891 rsbac_printk(KERN_INFO
03892 "rsbac_check_acl(): deleted inode %u on device %02u:%02u, list %u, has no dtime!\n",
03893 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03894 }
03895 }
03896 }
03897 }
03898 }
03899 #endif
03900 iput(inode_p);
03901 }
03902
03903
03904 sub_desc_count = rsbac_list_lol_get_all_subdesc(device_p->handles[list_no],
03905 &fd_desc_p[i],
03906 (void **) &sub_desc_p);
03907 if(sub_desc_count > 0)
03908 {
03909 for(j=0; j<sub_desc_count; j++)
03910 {
03911 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
03912 && sub_desc_p[j].subj_id
03913 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
03914 {
03915 if(correct)
03916 {
03917
03918 #ifdef CONFIG_RSBAC_DEBUG
03919 if(rsbac_debug_ds)
03920 {
03921 rsbac_printk(KERN_DEBUG
03922 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid group %u in ACL -> removing entry!\n",
03923 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03924 }
03925 #endif
03926 rsbac_list_lol_subremove(device_p->handles[list_no],
03927 &fd_desc_p[i], &sub_desc_p[j]);
03928 }
03929 else
03930 {
03931
03932 #ifdef CONFIG_RSBAC_DEBUG
03933 if(rsbac_debug_ds)
03934 {
03935 rsbac_printk(KERN_DEBUG
03936 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid group %u in ACL!\n",
03937 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03938 }
03939 #endif
03940 }
03941 }
03942 #if defined(CONFIG_RSBAC_RC)
03943 else
03944 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
03945 && (sub_desc_p[j].subj_id > RC_role_max_value)
03946 )
03947 {
03948 if(correct)
03949 {
03950
03951 #ifdef CONFIG_RSBAC_DEBUG
03952 if(rsbac_debug_ds)
03953 {
03954 rsbac_printk(KERN_DEBUG
03955 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid RC role %u in ACL -> removing entry!\n",
03956 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03957 }
03958 #endif
03959 rsbac_list_lol_subremove(device_p->handles[list_no],
03960 &fd_desc_p[i], &sub_desc_p[j]);
03961 }
03962 else
03963 {
03964
03965 #ifdef CONFIG_RSBAC_DEBUG
03966 if(rsbac_debug_ds)
03967 {
03968 rsbac_printk(KERN_DEBUG
03969 "rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid role %u in ACL!\n",
03970 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03971 }
03972 #endif
03973 }
03974 }
03975 #endif
03976 }
03977 rsbac_vfree(sub_desc_p);
03978 }
03979 }
03980 tmp_count++;
03981 rsbac_vfree(fd_desc_p);
03982 f_count += desc_count;
03983 }
03984 }
03985
03986 switch(correct)
03987 {
03988 case 2:
03989 rsbac_printk(KERN_INFO
03990 "rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu unlinked inodes, %lu had no members and default mask))\n",
03991 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + u_count + no_member_count,
03992 b_count, r_count, u_count, no_member_count);
03993 break;
03994 case 1:
03995 rsbac_printk(KERN_INFO
03996 "rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu had no members and default mask), %lu unlinked inodes)\n",
03997 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + no_member_count,
03998 b_count, r_count, no_member_count, u_count);
03999 break;
04000 default:
04001 rsbac_printk(KERN_INFO
04002 "rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu with bad inodes, %lu with dtimed inodes, %lu unlinked inodes, %lu without members and with default mask)\n",
04003 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count,
04004 b_count, r_count, u_count, no_member_count);
04005 }
04006 f_sum += f_count;
04007
04008 device_p = device_p->next;
04009 }
04010 rsbac_printk(KERN_INFO "rsbac_check_acl(): Sum of %u Devices with %lu file/dir ACLs\n",
04011 device_list_head.count, f_sum);
04012
04013 rsbac_read_unlock(&device_list_head.lock, &dflags);
04014
04015
04016 tmp_count = 0;
04017 desc_count = rsbac_list_lol_get_all_desc(dev_handle, (void **) &dev_desc_p);
04018 if(desc_count > 0)
04019 {
04020 for(i=0; i<desc_count; i++)
04021 {
04022
04023 sub_desc_count = rsbac_list_lol_get_all_subdesc(dev_handle,
04024 &dev_desc_p[i],
04025 (void **) &sub_desc_p);
04026 if(sub_desc_count > 0)
04027 {
04028 for(j=0; j<sub_desc_count; j++)
04029 {
04030 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04031 && sub_desc_p[j].subj_id
04032 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04033 {
04034 if(correct)
04035 {
04036
04037 #ifdef CONFIG_RSBAC_DEBUG
04038 if(rsbac_debug_ds)
04039 {
04040 rsbac_printk(KERN_DEBUG
04041 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL -> removing entry!\n",
04042 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04043 }
04044 #endif
04045 rsbac_list_lol_subremove(dev_handle, &dev_desc_p[i], &sub_desc_p[j]);
04046 }
04047 else
04048 {
04049 #ifdef CONFIG_RSBAC_DEBUG
04050
04051 if(rsbac_debug_ds)
04052 {
04053 rsbac_printk(KERN_DEBUG
04054 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL!\n",
04055 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04056 }
04057 #endif
04058 }
04059 }
04060 #if defined(CONFIG_RSBAC_RC)
04061 else
04062 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04063 && (sub_desc_p[j].subj_id > RC_role_max_value)
04064 )
04065 {
04066 if(correct)
04067 {
04068
04069 #ifdef CONFIG_RSBAC_DEBUG
04070 if(rsbac_debug_ds)
04071 {
04072 rsbac_printk(KERN_DEBUG
04073 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL -> removing entry!\n",
04074 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04075 }
04076 #endif
04077 rsbac_list_lol_subremove(dev_handle, &dev_desc_p[i], &sub_desc_p[j]);
04078 }
04079 else
04080 {
04081 #ifdef CONFIG_RSBAC_DEBUG
04082
04083 if(rsbac_debug_ds)
04084 {
04085 rsbac_printk(KERN_DEBUG
04086 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL!\n",
04087 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04088 }
04089 #endif
04090 }
04091 }
04092 #endif
04093 }
04094 rsbac_vfree(sub_desc_p);
04095 }
04096 }
04097 rsbac_vfree(dev_desc_p);
04098 f_sum += desc_count;
04099 }
04100 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li device items\n",
04101 desc_count);
04102 tmp_count = 0;
04103 desc_count = rsbac_list_lol_get_all_desc(dev_major_handle, (void **) &dev_desc_p);
04104 if(desc_count > 0)
04105 {
04106 for(i=0; i<desc_count; i++)
04107 {
04108
04109 sub_desc_count = rsbac_list_lol_get_all_subdesc(dev_major_handle,
04110 &dev_desc_p[i],
04111 (void **) &sub_desc_p);
04112 if(sub_desc_count > 0)
04113 {
04114 for(j=0; j<sub_desc_count; j++)
04115 {
04116 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04117 && sub_desc_p[j].subj_id
04118 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04119 {
04120 if(correct)
04121 {
04122
04123 #ifdef CONFIG_RSBAC_DEBUG
04124 if(rsbac_debug_ds)
04125 {
04126 rsbac_printk(KERN_DEBUG
04127 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL -> removing entry!\n",
04128 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04129 }
04130 #endif
04131 rsbac_list_lol_subremove(dev_major_handle, &dev_desc_p[i], &sub_desc_p[j]);
04132 }
04133 else
04134 {
04135 #ifdef CONFIG_RSBAC_DEBUG
04136
04137 if(rsbac_debug_ds)
04138 {
04139 rsbac_printk(KERN_DEBUG
04140 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL!\n",
04141 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04142 }
04143 #endif
04144 }
04145 }
04146 #if defined(CONFIG_RSBAC_RC)
04147 else
04148 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04149 && (sub_desc_p[j].subj_id > RC_role_max_value)
04150 )
04151 {
04152 if(correct)
04153 {
04154
04155 #ifdef CONFIG_RSBAC_DEBUG
04156 if(rsbac_debug_ds)
04157 {
04158 rsbac_printk(KERN_DEBUG
04159 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL -> removing entry!\n",
04160 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04161 }
04162 #endif
04163 rsbac_list_lol_subremove(dev_major_handle, &dev_desc_p[i], &sub_desc_p[j]);
04164 }
04165 else
04166 {
04167 #ifdef CONFIG_RSBAC_DEBUG
04168
04169 if(rsbac_debug_ds)
04170 {
04171 rsbac_printk(KERN_DEBUG
04172 "rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL!\n",
04173 'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
04174 }
04175 #endif
04176 }
04177 }
04178 #endif
04179 }
04180 rsbac_vfree(sub_desc_p);
04181 }
04182 }
04183 rsbac_vfree(dev_desc_p);
04184 f_sum += desc_count;
04185 }
04186 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li device items\n",
04187 desc_count);
04188
04189
04190 tmp_count = 0;
04191 desc_count = rsbac_list_lol_get_all_desc(scd_handle, (void **) &scd_desc_p);
04192 if(desc_count > 0)
04193 {
04194 for(i=0; i<desc_count; i++)
04195 {
04196
04197 sub_desc_count = rsbac_list_lol_get_all_subdesc(scd_handle,
04198 &scd_desc_p[i],
04199 (void **) &sub_desc_p);
04200 if(sub_desc_count > 0)
04201 {
04202 for(j=0; j<sub_desc_count; j++)
04203 {
04204 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04205 && sub_desc_p[j].subj_id
04206 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04207 {
04208 if(correct)
04209 {
04210
04211 #ifdef CONFIG_RSBAC_DEBUG
04212 if(rsbac_debug_ds)
04213 {
04214 rsbac_printk(KERN_DEBUG
04215 "rsbac_check_acl(): scd_item %u has invalid group %u in ACL -> removing entry!\n",
04216 scd_desc_p[i], sub_desc_p[j].subj_id);
04217 }
04218 #endif
04219 rsbac_list_lol_subremove(scd_handle, &scd_desc_p[i], &sub_desc_p[j]);
04220 }
04221 else
04222 {
04223 #ifdef CONFIG_RSBAC_DEBUG
04224
04225 if(rsbac_debug_ds)
04226 {
04227 rsbac_printk(KERN_DEBUG
04228 "rsbac_check_acl(): scd_item %u has invalid group %u in ACL!\n",
04229 scd_desc_p[i], sub_desc_p[j].subj_id);
04230 }
04231 #endif
04232 }
04233 }
04234 #if defined(CONFIG_RSBAC_RC)
04235 else
04236 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04237 && (sub_desc_p[j].subj_id > RC_role_max_value)
04238 )
04239 {
04240 if(correct)
04241 {
04242
04243 #ifdef CONFIG_RSBAC_DEBUG
04244 if(rsbac_debug_ds)
04245 {
04246 rsbac_printk(KERN_DEBUG
04247 "rsbac_check_acl(): scd_item %u has invalid role %u in ACL -> removing entry!\n",
04248 scd_desc_p[i], sub_desc_p[j].subj_id);
04249 }
04250 #endif
04251 rsbac_list_lol_subremove(scd_handle, &scd_desc_p[i], &sub_desc_p[j]);
04252 }
04253 else
04254 {
04255 #ifdef CONFIG_RSBAC_DEBUG
04256
04257 if(rsbac_debug_ds)
04258 {
04259 rsbac_printk(KERN_DEBUG
04260 "rsbac_check_acl(): scd_item %u has invalid role %u in ACL!\n",
04261 scd_desc_p[i], sub_desc_p[j].subj_id);
04262 }
04263 #endif
04264 }
04265 }
04266 #endif
04267 }
04268 rsbac_vfree(sub_desc_p);
04269 }
04270 }
04271 rsbac_vfree(scd_desc_p);
04272 f_sum += desc_count;
04273 }
04274 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li SCD items\n",
04275 desc_count);
04276
04277
04278 tmp_count = 0;
04279 desc_count = rsbac_list_lol_get_all_desc(u_handle, (void **) &u_desc_p);
04280 if(desc_count > 0)
04281 {
04282 for(i=0; i<desc_count; i++)
04283 {
04284
04285 sub_desc_count = rsbac_list_lol_get_all_subdesc(u_handle,
04286 &u_desc_p[i],
04287 (void **) &sub_desc_p);
04288 if(sub_desc_count > 0)
04289 {
04290 for(j=0; j<sub_desc_count; j++)
04291 {
04292 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04293 && sub_desc_p[j].subj_id
04294 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04295 {
04296 if(correct)
04297 {
04298
04299 #ifdef CONFIG_RSBAC_DEBUG
04300 if(rsbac_debug_ds)
04301 {
04302 rsbac_printk(KERN_DEBUG
04303 "rsbac_check_acl(): u_item %u has invalid group %u in ACL -> removing entry!\n",
04304 u_desc_p[i], sub_desc_p[j].subj_id);
04305 }
04306 #endif
04307 rsbac_list_lol_subremove(u_handle, &u_desc_p[i], &sub_desc_p[j]);
04308 }
04309 else
04310 {
04311 #ifdef CONFIG_RSBAC_DEBUG
04312
04313 if(rsbac_debug_ds)
04314 {
04315 rsbac_printk(KERN_DEBUG
04316 "rsbac_check_acl(): u_item %u has invalid group %u in ACL!\n",
04317 u_desc_p[i], sub_desc_p[j].subj_id);
04318 }
04319 #endif
04320 }
04321 }
04322 #if defined(CONFIG_RSBAC_RC)
04323 else
04324 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04325 && (sub_desc_p[j].subj_id > RC_role_max_value)
04326 )
04327 {
04328 if(correct)
04329 {
04330
04331 #ifdef CONFIG_RSBAC_DEBUG
04332 if(rsbac_debug_ds)
04333 {
04334 rsbac_printk(KERN_DEBUG
04335 "rsbac_check_acl(): u_item %u has invalid role %u in ACL -> removing entry!\n",
04336 u_desc_p[i], sub_desc_p[j].subj_id);
04337 }
04338 #endif
04339 rsbac_list_lol_subremove(u_handle, &u_desc_p[i], &sub_desc_p[j]);
04340 }
04341 else
04342 {
04343 #ifdef CONFIG_RSBAC_DEBUG
04344
04345 if(rsbac_debug_ds)
04346 {
04347 rsbac_printk(KERN_DEBUG
04348 "rsbac_check_acl(): u_item %u has invalid role %u in ACL!\n",
04349 u_desc_p[i], sub_desc_p[j].subj_id);
04350 }
04351 #endif
04352 }
04353 }
04354 #endif
04355 }
04356 rsbac_vfree(sub_desc_p);
04357 }
04358 }
04359 rsbac_vfree(u_desc_p);
04360 f_sum += desc_count;
04361 }
04362 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li user items\n",
04363 desc_count);
04364
04365 #ifdef CONFIG_RSBAC_ACL_UM_PROT
04366
04367 tmp_count = 0;
04368 desc_count = rsbac_list_lol_get_all_desc(g_handle, (void **) &g_desc_p);
04369 if(desc_count > 0)
04370 {
04371 for(i=0; i<desc_count; i++)
04372 {
04373
04374 sub_desc_count = rsbac_list_lol_get_all_subdesc(g_handle,
04375 &g_desc_p[i],
04376 (void **) &sub_desc_p);
04377 if(sub_desc_count > 0)
04378 {
04379 for(j=0; j<sub_desc_count; j++)
04380 {
04381 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04382 && sub_desc_p[j].subj_id
04383 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04384 {
04385 if(correct)
04386 {
04387
04388 #ifdef CONFIG_RSBAC_DEBUG
04389 if(rsbac_debug_ds)
04390 {
04391 rsbac_printk(KERN_DEBUG
04392 "rsbac_check_acl(): g_item %u has invalid group %u in ACL -> removing entry!\n",
04393 g_desc_p[i], sub_desc_p[j].subj_id);
04394 }
04395 #endif
04396 rsbac_list_lol_subremove(g_handle, &g_desc_p[i], &sub_desc_p[j]);
04397 }
04398 else
04399 {
04400 #ifdef CONFIG_RSBAC_DEBUG
04401
04402 if(rsbac_debug_ds)
04403 {
04404 rsbac_printk(KERN_DEBUG
04405 "rsbac_check_acl(): g_item %u has invalid group %u in ACL!\n",
04406 g_desc_p[i], sub_desc_p[j].subj_id);
04407 }
04408 #endif
04409 }
04410 }
04411 #if defined(CONFIG_RSBAC_RC)
04412 else
04413 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04414 && (sub_desc_p[j].subj_id > RC_role_max_value)
04415 )
04416 {
04417 if(correct)
04418 {
04419
04420 #ifdef CONFIG_RSBAC_DEBUG
04421 if(rsbac_debug_ds)
04422 {
04423 rsbac_printk(KERN_DEBUG
04424 "rsbac_check_acl(): g_item %u has invalid role %u in ACL -> removing entry!\n",
04425 g_desc_p[i], sub_desc_p[j].subj_id);
04426 }
04427 #endif
04428 rsbac_list_lol_subremove(g_handle, &g_desc_p[i], &sub_desc_p[j]);
04429 }
04430 else
04431 {
04432 #ifdef CONFIG_RSBAC_DEBUG
04433
04434 if(rsbac_debug_ds)
04435 {
04436 rsbac_printk(KERN_DEBUG
04437 "rsbac_check_acl(): g_item %u has invalid role %u in ACL!\n",
04438 g_desc_p[i], sub_desc_p[j].subj_id);
04439 }
04440 #endif
04441 }
04442 }
04443 #endif
04444 }
04445 rsbac_vfree(sub_desc_p);
04446 }
04447 }
04448 rsbac_vfree(g_desc_p);
04449 f_sum += desc_count;
04450 }
04451 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li Linux group items\n",
04452 desc_count);
04453 #endif
04454
04455 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
04456
04457 tmp_count = 0;
04458 desc_count = rsbac_list_lol_get_all_desc(netdev_handle, (void **) &netdev_desc_p);
04459 if(desc_count > 0)
04460 {
04461 for(i=0; i<desc_count; i++)
04462 {
04463
04464 sub_desc_count = rsbac_list_lol_get_all_subdesc(netdev_handle,
04465 &netdev_desc_p[i],
04466 (void **) &sub_desc_p);
04467 if(sub_desc_count > 0)
04468 {
04469 for(j=0; j<sub_desc_count; j++)
04470 {
04471 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04472 && sub_desc_p[j].subj_id
04473 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04474 {
04475 if(correct)
04476 {
04477
04478 #ifdef CONFIG_RSBAC_DEBUG
04479 if(rsbac_debug_ds)
04480 {
04481 rsbac_printk(KERN_DEBUG
04482 "rsbac_check_acl(): netdev_item %s has invalid group %u in ACL -> removing entry!\n",
04483 netdev_desc_p[i], sub_desc_p[j].subj_id);
04484 }
04485 #endif
04486 rsbac_list_lol_subremove(netdev_handle, &netdev_desc_p[i], &sub_desc_p[j]);
04487 }
04488 else
04489 {
04490 #ifdef CONFIG_RSBAC_DEBUG
04491
04492 if(rsbac_debug_ds)
04493 {
04494 rsbac_printk(KERN_DEBUG
04495 "rsbac_check_acl(): netdev_item %s has invalid group %u in ACL!\n",
04496 netdev_desc_p[i], sub_desc_p[j].subj_id);
04497 }
04498 #endif
04499 }
04500 }
04501 #if defined(CONFIG_RSBAC_RC)
04502 else
04503 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04504 && (sub_desc_p[j].subj_id > RC_role_max_value)
04505 )
04506 {
04507 if(correct)
04508 {
04509
04510 #ifdef CONFIG_RSBAC_DEBUG
04511 if(rsbac_debug_ds)
04512 {
04513 rsbac_printk(KERN_DEBUG
04514 "rsbac_check_acl(): netdev_item %s has invalid role %u in ACL -> removing entry!\n",
04515 netdev_desc_p[i], sub_desc_p[j].subj_id);
04516 }
04517 #endif
04518 rsbac_list_lol_subremove(netdev_handle, &netdev_desc_p[i], &sub_desc_p[j]);
04519 }
04520 else
04521 {
04522 #ifdef CONFIG_RSBAC_DEBUG
04523
04524 if(rsbac_debug_ds)
04525 {
04526 rsbac_printk(KERN_DEBUG
04527 "rsbac_check_acl(): netdev_item %s has invalid role %u in ACL!\n",
04528 netdev_desc_p[i], sub_desc_p[j].subj_id);
04529 }
04530 #endif
04531 }
04532 }
04533 #endif
04534 }
04535 rsbac_vfree(sub_desc_p);
04536 }
04537 }
04538 rsbac_vfree(netdev_desc_p);
04539 f_sum += desc_count;
04540 }
04541 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li network device items\n",
04542 desc_count);
04543 #endif
04544
04545 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
04546
04547 tmp_count = 0;
04548 desc_count = rsbac_list_lol_get_all_desc(nettemp_nt_handle, (void **) &nettemp_desc_p);
04549 if(desc_count > 0)
04550 {
04551 for(i=0; i<desc_count; i++)
04552 {
04553
04554 sub_desc_count = rsbac_list_lol_get_all_subdesc(nettemp_nt_handle,
04555 &nettemp_desc_p[i],
04556 (void **) &sub_desc_p);
04557 if(sub_desc_count > 0)
04558 {
04559 for(j=0; j<sub_desc_count; j++)
04560 {
04561 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04562 && sub_desc_p[j].subj_id
04563 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04564 {
04565 if(correct)
04566 {
04567
04568 #ifdef CONFIG_RSBAC_DEBUG
04569 if(rsbac_debug_ds)
04570 {
04571 rsbac_printk(KERN_DEBUG
04572 "rsbac_check_acl(): nettemp_nt_item %u has invalid group %u in ACL -> removing entry!\n",
04573 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04574 }
04575 #endif
04576 rsbac_list_lol_subremove(nettemp_nt_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
04577 }
04578 else
04579 {
04580 #ifdef CONFIG_RSBAC_DEBUG
04581
04582 if(rsbac_debug_ds)
04583 {
04584 rsbac_printk(KERN_DEBUG
04585 "rsbac_check_acl(): nettemp_nt_item %u has invalid group %u in ACL!\n",
04586 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04587 }
04588 #endif
04589 }
04590 }
04591 #if defined(CONFIG_RSBAC_RC)
04592 else
04593 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04594 && (sub_desc_p[j].subj_id > RC_role_max_value)
04595 )
04596 {
04597 if(correct)
04598 {
04599
04600 #ifdef CONFIG_RSBAC_DEBUG
04601 if(rsbac_debug_ds)
04602 {
04603 rsbac_printk(KERN_DEBUG
04604 "rsbac_check_acl(): nettemp_nt_item %u has invalid role %u in ACL -> removing entry!\n",
04605 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04606 }
04607 #endif
04608 rsbac_list_lol_subremove(nettemp_nt_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
04609 }
04610 else
04611 {
04612 #ifdef CONFIG_RSBAC_DEBUG
04613
04614 if(rsbac_debug_ds)
04615 {
04616 rsbac_printk(KERN_DEBUG
04617 "rsbac_check_acl(): nettemp_nt_item %u has invalid role %u in ACL!\n",
04618 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04619 }
04620 #endif
04621 }
04622 }
04623 #endif
04624 }
04625 rsbac_vfree(sub_desc_p);
04626 }
04627 }
04628 rsbac_vfree(nettemp_desc_p);
04629 f_sum += desc_count;
04630 }
04631 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li network template NT items\n",
04632 desc_count);
04633
04634
04635 tmp_count = 0;
04636 desc_count = rsbac_list_lol_get_all_desc(nettemp_handle, (void **) &nettemp_desc_p);
04637 if(desc_count > 0)
04638 {
04639 for(i=0; i<desc_count; i++)
04640 {
04641
04642 sub_desc_count = rsbac_list_lol_get_all_subdesc(nettemp_handle,
04643 &nettemp_desc_p[i],
04644 (void **) &sub_desc_p);
04645 if(sub_desc_count > 0)
04646 {
04647 for(j=0; j<sub_desc_count; j++)
04648 {
04649 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04650 && sub_desc_p[j].subj_id
04651 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04652 {
04653 if(correct)
04654 {
04655
04656 #ifdef CONFIG_RSBAC_DEBUG
04657 if(rsbac_debug_ds)
04658 {
04659 rsbac_printk(KERN_DEBUG
04660 "rsbac_check_acl(): nettemp_item %u has invalid group %u in ACL -> removing entry!\n",
04661 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04662 }
04663 #endif
04664 rsbac_list_lol_subremove(nettemp_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
04665 }
04666 else
04667 {
04668 #ifdef CONFIG_RSBAC_DEBUG
04669
04670 if(rsbac_debug_ds)
04671 {
04672 rsbac_printk(KERN_DEBUG
04673 "rsbac_check_acl(): nettemp_item %u has invalid group %u in ACL!\n",
04674 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04675 }
04676 #endif
04677 }
04678 }
04679 #if defined(CONFIG_RSBAC_RC)
04680 else
04681 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04682 && (sub_desc_p[j].subj_id > RC_role_max_value)
04683 )
04684 {
04685 if(correct)
04686 {
04687
04688 #ifdef CONFIG_RSBAC_DEBUG
04689 if(rsbac_debug_ds)
04690 {
04691 rsbac_printk(KERN_DEBUG
04692 "rsbac_check_acl(): nettemp_item %u has invalid role %u in ACL -> removing entry!\n",
04693 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04694 }
04695 #endif
04696 rsbac_list_lol_subremove(nettemp_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
04697 }
04698 else
04699 {
04700 #ifdef CONFIG_RSBAC_DEBUG
04701
04702 if(rsbac_debug_ds)
04703 {
04704 rsbac_printk(KERN_DEBUG
04705 "rsbac_check_acl(): nettemp_item %u has invalid role %u in ACL!\n",
04706 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04707 }
04708 #endif
04709 }
04710 }
04711 #endif
04712 }
04713 rsbac_vfree(sub_desc_p);
04714 }
04715 }
04716 rsbac_vfree(nettemp_desc_p);
04717 f_sum += desc_count;
04718 }
04719 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li network template items\n",
04720 desc_count);
04721
04722
04723 tmp_count = 0;
04724 desc_count = rsbac_list_lol_get_all_desc(netobj_handle, (void **) &netobj_desc_p);
04725 if(desc_count > 0)
04726 {
04727 for(i=0; i<desc_count; i++)
04728 {
04729
04730 sub_desc_count = rsbac_list_lol_get_all_subdesc(netobj_handle,
04731 &netobj_desc_p[i],
04732 (void **) &sub_desc_p);
04733 if(sub_desc_count > 0)
04734 {
04735 for(j=0; j<sub_desc_count; j++)
04736 {
04737 if( (sub_desc_p[j].subj_type == ACLS_GROUP)
04738 && sub_desc_p[j].subj_id
04739 && !rsbac_list_exist(group_handle, &sub_desc_p[j].subj_id))
04740 {
04741 if(correct)
04742 {
04743
04744 #ifdef CONFIG_RSBAC_DEBUG
04745 if(rsbac_debug_ds)
04746 {
04747 rsbac_printk(KERN_DEBUG
04748 "rsbac_check_acl(): netobj_item %p has invalid group %u in ACL -> removing entry!\n",
04749 netobj_desc_p[i], sub_desc_p[j].subj_id);
04750 }
04751 #endif
04752 rsbac_list_lol_subremove(netobj_handle, &netobj_desc_p[i], &sub_desc_p[j]);
04753 }
04754 else
04755 {
04756 #ifdef CONFIG_RSBAC_DEBUG
04757
04758 if(rsbac_debug_ds)
04759 {
04760 rsbac_printk(KERN_DEBUG
04761 "rsbac_check_acl(): netobj_item %p has invalid group %u in ACL!\n",
04762 netobj_desc_p[i], sub_desc_p[j].subj_id);
04763 }
04764 #endif
04765 }
04766 }
04767 #if defined(CONFIG_RSBAC_RC)
04768 else
04769 if( (sub_desc_p[j].subj_type == ACLS_ROLE)
04770 && (sub_desc_p[j].subj_id > RC_role_max_value)
04771 )
04772 {
04773 if(correct)
04774 {
04775
04776 #ifdef CONFIG_RSBAC_DEBUG
04777 if(rsbac_debug_ds)
04778 {
04779 rsbac_printk(KERN_DEBUG
04780 "rsbac_check_acl(): netobj_item %p has invalid role %u in ACL -> removing entry!\n",
04781 netobj_desc_p[i], sub_desc_p[j].subj_id);
04782 }
04783 #endif
04784 rsbac_list_lol_subremove(netobj_handle, &netobj_desc_p[i], &sub_desc_p[j]);
04785 }
04786 else
04787 {
04788 #ifdef CONFIG_RSBAC_DEBUG
04789
04790 if(rsbac_debug_ds)
04791 {
04792 rsbac_printk(KERN_DEBUG
04793 "rsbac_check_acl(): netobj_item %p has invalid role %u in ACL!\n",
04794 netobj_desc_p[i], sub_desc_p[j].subj_id);
04795 }
04796 #endif
04797 }
04798 }
04799 #endif
04800 }
04801 rsbac_vfree(sub_desc_p);
04802 }
04803 }
04804 rsbac_vfree(netobj_desc_p);
04805 f_sum += desc_count;
04806 }
04807 rsbac_printk(KERN_INFO "rsbac_check_acl(): %li network object items\n",
04808 desc_count);
04809 #endif
04810
04811 rsbac_printk(KERN_INFO
04812 "rsbac_check_acl(): Total of %lu registered ACLs\n",
04813 f_sum);
04814
04815 return(0);
04816 };
04817
04818
04819
04820
04821
04822
04823
04824
04825
04826
04827
04828
04829
04830 int rsbac_acl_set_acl_entry(
04831 rsbac_list_ta_number_t ta_number,
04832 enum rsbac_target_t target,
04833 union rsbac_target_id_t tid,
04834 enum rsbac_acl_subject_type_t subj_type,
04835 rsbac_acl_subject_id_t subj_id,
04836 rsbac_acl_rights_vector_t rights,
04837 rsbac_time_t ttl)
04838 {
04839 int err = 0;
04840 int list_no;
04841 struct rsbac_acl_device_list_item_t * device_p;
04842 struct rsbac_acl_entry_desc_t desc;
04843 u_long dflags;
04844
04845 if (!rsbac_is_initialized())
04846 {
04847 rsbac_printk(KERN_WARNING "rsbac_acl_set_acl_entry(): RSBAC not initialized\n");
04848 return(-RSBAC_ENOTINITIALIZED);
04849 }
04850 if (subj_type >= ACLS_NONE)
04851 return(-RSBAC_EINVALIDVALUE);
04852 #ifdef CONFIG_RSBAC_DEBUG
04853 if (in_interrupt())
04854 {
04855 rsbac_printk(KERN_WARNING "rsbac_acl_set_acl_entry(): called from interrupt!\n");
04856 }
04857 #endif
04858 desc.subj_type = subj_type;
04859 desc.subj_id = subj_id;
04860
04861 switch (target)
04862 {
04863 case T_FILE:
04864 case T_DIR:
04865 case T_FIFO:
04866 case T_SYMLINK:
04867 #ifdef CONFIG_RSBAC_DEBUG
04868 if (rsbac_debug_ds_acl)
04869 {
04870 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting file/dir/fifo/symlink ACL for device %02u:%02u, inode %u\n",
04871 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
04872 }
04873 #endif
04874
04875 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
04876 return rsbac_ta_list_add_ttl(ta_number, default_fd_handle, ttl, &desc, &rights);
04877
04878 rsbac_read_lock(&device_list_head.lock, &dflags);
04879
04880
04881 device_p = acl_lookup_device(tid.file.device);
04882 if (!device_p)
04883 {
04884
04885 rsbac_read_unlock(&device_list_head.lock, &dflags);
04886 rsbac_get_super_block(tid.file.device);
04887
04888 rsbac_read_lock(&device_list_head.lock, &dflags);
04889 device_p = acl_lookup_device(tid.file.device);
04890 if(!device_p)
04891 {
04892 rsbac_printk(KERN_WARNING
04893 "rsbac_acl_set_acl_entry(): Could not lookup device!\n");
04894
04895 rsbac_read_unlock(&device_list_head.lock, &dflags);
04896 return(-RSBAC_EINVALIDDEV);
04897 }
04898 }
04899 list_no = fd_hash(tid.file.inode);
04900 if(!rsbac_ta_list_lol_exist(ta_number, device_p->handles[list_no], &tid.file.inode))
04901 {
04902 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_FD_MASK;
04903
04904 err = rsbac_ta_list_lol_add_ttl(ta_number,
04905 device_p->handles[list_no],
04906 0,
04907 &tid.file.inode,
04908 &mask);
04909 if(err)
04910 {
04911 rsbac_read_unlock(&device_list_head.lock, &dflags);
04912 return err;
04913 }
04914 }
04915 err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->handles[list_no], ttl, &tid.file.inode, &desc, &rights);
04916 rsbac_read_unlock(&device_list_head.lock, &dflags);
04917
04918 return err;
04919
04920 case T_DEV:
04921 #ifdef CONFIG_RSBAC_DEBUG
04922 if (rsbac_debug_ds_acl)
04923 {
04924 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting device ACL for dev %c %02u:%02u\n",
04925 'B'+tid.dev.type,
04926 tid.dev.major,
04927 tid.dev.minor);
04928 }
04929 #endif
04930
04931 if(RSBAC_IS_ZERO_DEV_DESC(tid.dev))
04932 return rsbac_ta_list_add_ttl(ta_number, default_dev_handle, ttl, &desc, &rights);
04933
04934 {
04935 switch(tid.dev.type)
04936 {
04937 case D_char:
04938 case D_block:
04939 if(!rsbac_ta_list_lol_exist(ta_number, dev_handle, &tid.dev))
04940 {
04941 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_DEV_MASK;
04942
04943 err = rsbac_ta_list_lol_add_ttl(ta_number, dev_handle,
04944 0, &tid.dev, &mask);
04945 if(err)
04946 return err;
04947 }
04948 return rsbac_ta_list_lol_subadd_ttl(ta_number, dev_handle, ttl, &tid.dev, &desc, &rights);
04949
04950 case D_char_major:
04951 case D_block_major:
04952 tid.dev.type -= (D_block_major - D_block);
04953 if(!rsbac_ta_list_lol_exist(ta_number, dev_major_handle, &tid.dev))
04954 {
04955 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_DEV_MASK;
04956
04957 err = rsbac_ta_list_lol_add_ttl(ta_number, dev_major_handle,
04958 0, &tid.dev, &mask);
04959 if(err)
04960 return err;
04961 }
04962 return rsbac_ta_list_lol_subadd_ttl(ta_number, dev_major_handle, ttl, &tid.dev, &desc, &rights);
04963
04964 default:
04965 return -RSBAC_EINVALIDTARGET;
04966 }
04967 }
04968
04969 case T_IPC:
04970
04971
04972
04973
04974
04975
04976
04977
04978
04979
04980 if(tid.ipc.type == I_none)
04981 return rsbac_ta_list_add_ttl(ta_number, default_ipc_handle, ttl, &desc, &rights);
04982 else
04983 return -RSBAC_EINVALIDTARGET;
04984
04985 case T_SCD:
04986
04987
04988
04989
04990
04991
04992
04993
04994
04995
04996
04997 if(tid.scd == AST_none)
04998 return rsbac_ta_list_add_ttl(ta_number, default_scd_handle, ttl, &desc, &rights);
04999
05000 if(!rsbac_ta_list_lol_exist(ta_number, scd_handle, &tid.scd))
05001 {
05002 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_SCD_MASK;
05003
05004 err = rsbac_ta_list_lol_add_ttl(ta_number,
05005 scd_handle,
05006 0,
05007 &tid.scd,
05008 &mask);
05009 if(err)
05010 return err;
05011 }
05012 return rsbac_ta_list_lol_subadd_ttl(ta_number, scd_handle, ttl, &tid.scd, &desc, &rights);
05013
05014 case T_USER:
05015
05016
05017
05018
05019
05020
05021
05022
05023 if(tid.user == RSBAC_NO_USER)
05024 return rsbac_ta_list_add_ttl(ta_number, default_u_handle, ttl, &desc, &rights);
05025 if(!rsbac_ta_list_lol_exist(ta_number, u_handle, &tid.user))
05026 {
05027 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_U_MASK;
05028
05029 err = rsbac_ta_list_lol_add_ttl(ta_number,
05030 u_handle,
05031 0,
05032 &tid.user,
05033 &mask);
05034 if(err)
05035 return err;
05036 }
05037 return rsbac_ta_list_lol_subadd_ttl(ta_number, u_handle, ttl, &tid.user, &desc, &rights);
05038
05039
05040 case T_PROCESS:
05041
05042
05043
05044
05045
05046
05047
05048
05049 if(!tid.process)
05050 return rsbac_ta_list_add_ttl(ta_number, default_p_handle, ttl, &desc, &rights);
05051 else
05052 return -RSBAC_EINVALIDTARGET;
05053
05054 #ifdef CONFIG_RSBAC_ACL_UM_PROT
05055 case T_GROUP:
05056
05057
05058
05059
05060
05061
05062
05063
05064 if(tid.group == RSBAC_NO_GROUP)
05065 return rsbac_ta_list_add_ttl(ta_number, default_g_handle, ttl, &desc, &rights);
05066 if(!rsbac_ta_list_lol_exist(ta_number, g_handle, &tid.group))
05067 {
05068 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_G_MASK;
05069
05070 err = rsbac_ta_list_lol_add_ttl(ta_number,
05071 g_handle,
05072 0,
05073 &tid.group,
05074 &mask);
05075 if(err)
05076 return err;
05077 }
05078 return rsbac_ta_list_lol_subadd_ttl(ta_number, g_handle, ttl, &tid.group, &desc, &rights);
05079 #endif
05080
05081 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
05082 case T_NETDEV:
05083 #ifdef CONFIG_RSBAC_DEBUG
05084 if (rsbac_debug_ds_acl)
05085 {
05086 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network device ACL for netdev %s\n",
05087 tid.netdev);
05088 }
05089 #endif
05090
05091 if(!tid.netdev[0])
05092 return rsbac_ta_list_add_ttl(ta_number, default_netdev_handle, ttl, &desc, &rights);
05093
05094 if(!rsbac_ta_list_lol_exist(ta_number, netdev_handle, &tid.netdev))
05095 {
05096 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETDEV_MASK;
05097
05098 err = rsbac_ta_list_lol_add_ttl(ta_number,
05099 netdev_handle,
05100 0,
05101 &tid.netdev,
05102 &mask);
05103 if(err)
05104 return err;
05105 }
05106 return rsbac_ta_list_lol_subadd_ttl(ta_number, netdev_handle, ttl, &tid.netdev, &desc, &rights);
05107 #endif
05108
05109 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
05110 case T_NETTEMP_NT:
05111 #ifdef CONFIG_RSBAC_DEBUG
05112 if (rsbac_debug_ds_acl)
05113 {
05114 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network template NT ACL for nettemp_nt %u\n",
05115 tid.nettemp);
05116 }
05117 #endif
05118
05119 if(!tid.nettemp)
05120 return rsbac_ta_list_add_ttl(ta_number, default_nettemp_nt_handle, ttl, &desc, &rights);
05121
05122 if(!rsbac_ta_list_lol_exist(ta_number, nettemp_nt_handle, &tid.nettemp))
05123 {
05124 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETTEMP_MASK;
05125
05126 err = rsbac_ta_list_lol_add_ttl(ta_number,
05127 nettemp_nt_handle,
05128 0,
05129 &tid.nettemp,
05130 &mask);
05131 if(err)
05132 return err;
05133 }
05134 return rsbac_ta_list_lol_subadd_ttl(ta_number, nettemp_nt_handle, ttl, &tid.nettemp, &desc, &rights);
05135
05136 case T_NETTEMP:
05137 #ifdef CONFIG_RSBAC_DEBUG
05138 if (rsbac_debug_ds_acl)
05139 {
05140 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network template ACL for nettemp %u\n",
05141 tid.nettemp);
05142 }
05143 #endif
05144
05145 if(!tid.nettemp)
05146 return -RSBAC_EINVALIDTARGET;
05147 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
05148 return -RSBAC_EINVALIDTARGET;
05149
05150 if(!rsbac_ta_list_lol_exist(ta_number, nettemp_handle, &tid.nettemp))
05151 {
05152 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
05153
05154 err = rsbac_ta_list_lol_add_ttl(ta_number,
05155 nettemp_handle,
05156 0,
05157 &tid.nettemp,
05158 &mask);
05159 if(err)
05160 return err;
05161 }
05162 return rsbac_ta_list_lol_subadd_ttl(ta_number, nettemp_handle, ttl, &tid.nettemp, &desc, &rights);
05163
05164 case T_NETOBJ:
05165 #ifdef CONFIG_RSBAC_DEBUG
05166 if (rsbac_debug_ds_acl)
05167 {
05168 rsbac_printk(KERN_DEBUG "rsbac_acl_set_acl_entry(): Setting network object ACL for netobj %p\n",
05169 tid.netobj.sock_p);
05170 }
05171 #endif
05172
05173 if(!tid.netobj.sock_p)
05174 return rsbac_ta_list_add_ttl(ta_number, default_netobj_handle, ttl, &desc, &rights);
05175
05176 if(!rsbac_ta_list_lol_exist(ta_number, netobj_handle, &tid.netobj.sock_p))
05177 {
05178 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
05179
05180 err = rsbac_ta_list_lol_add_ttl(ta_number,
05181 netobj_handle,
05182 0,
05183 &tid.netobj.sock_p,
05184 &mask);
05185 if(err)
05186 return err;
05187 }
05188 return rsbac_ta_list_lol_subadd_ttl(ta_number, netobj_handle, ttl, &tid.netobj.sock_p, &desc, &rights);
05189 #endif
05190
05191
05192 default:
05193 err = -RSBAC_EINVALIDTARGET;
05194 }
05195 return(err);
05196 }
05197
05198
05199
05200
05201
05202
05203 int rsbac_acl_remove_acl_entry(
05204 rsbac_list_ta_number_t ta_number,
05205 enum rsbac_target_t target,
05206 union rsbac_target_id_t tid,
05207 enum rsbac_acl_subject_type_t subj_type,
05208 rsbac_acl_subject_id_t subj_id)
05209 {
05210 int err = 0;
05211 int list_no;
05212 struct rsbac_acl_device_list_item_t * device_p;
05213 struct rsbac_acl_entry_desc_t desc;
05214 u_long dflags;
05215 rsbac_acl_rights_vector_t mask;
05216
05217 if (!rsbac_is_initialized())
05218 {
05219 rsbac_printk(KERN_WARNING "rsbac_acl_remove_acl_entry(): RSBAC not initialized\n");
05220 return(-RSBAC_ENOTINITIALIZED);
05221 }
05222 if (subj_type >= ACLS_NONE)
05223 return(-RSBAC_EINVALIDVALUE);
05224 #ifdef CONFIG_RSBAC_DEBUG
05225 if (in_interrupt())
05226 {
05227 rsbac_printk(KERN_WARNING "rsbac_acl_remove_acl_entry(): called from interrupt!\n");
05228 }
05229 #endif
05230 desc.subj_type = subj_type;
05231 desc.subj_id = subj_id;
05232
05233 switch (target)
05234 {
05235 case T_FILE:
05236 case T_DIR:
05237 case T_FIFO:
05238 case T_SYMLINK:
05239 #ifdef CONFIG_RSBAC_DEBUG
05240 if (rsbac_debug_ds_acl)
05241 {
05242 char tmp[RSBAC_MAXNAMELEN];
05243
05244 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing file/dir/fifo/symlink ACL entry %s %u for device %02u:%02u, inode %u\n",
05245 get_acl_subject_type_name(tmp,desc.subj_type), desc.subj_id,
05246 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
05247 }
05248 #endif
05249
05250 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
05251 return rsbac_ta_list_remove(ta_number, default_fd_handle, &desc);
05252
05253
05254 rsbac_read_lock(&device_list_head.lock, &dflags);
05255
05256
05257 device_p = acl_lookup_device(tid.file.device);
05258 if (!device_p)
05259 {
05260
05261 rsbac_read_unlock(&device_list_head.lock, &dflags);
05262 rsbac_get_super_block(tid.file.device);
05263
05264 rsbac_read_lock(&device_list_head.lock, &dflags);
05265 device_p = acl_lookup_device(tid.file.device);
05266 if(!device_p)
05267 {
05268 rsbac_printk(KERN_WARNING
05269 "rsbac_acl_remove_acl_entry(): Could not lookup device!\n");
05270
05271 rsbac_read_unlock(&device_list_head.lock, &dflags);
05272 return(-RSBAC_EINVALIDDEV);
05273 }
05274 }
05275 list_no = fd_hash(tid.file.inode);
05276 err = rsbac_ta_list_lol_subremove(ta_number, device_p->handles[list_no], &tid.file.inode, &desc);
05277
05278 if( !err
05279 && !rsbac_ta_list_lol_subcount(ta_number, device_p->handles[list_no], &tid.file.inode)
05280 && !rsbac_ta_list_lol_get_data_ttl(ta_number, device_p->handles[list_no],
05281 NULL,
05282 &tid.file.inode,
05283 &mask)
05284 && (mask == RSBAC_ACL_DEFAULT_FD_MASK)
05285 )
05286 {
05287 err = rsbac_ta_list_lol_remove(ta_number, device_p->handles[list_no], &tid.file.inode);
05288 }
05289 rsbac_read_unlock(&device_list_head.lock, &dflags);
05290
05291 return err;
05292
05293 case T_DEV:
05294 #ifdef CONFIG_RSBAC_DEBUG
05295 if (rsbac_debug_ds_acl)
05296 {
05297 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing device ACL entry for dev %c %02u:%02u\n",
05298 'B'+tid.dev.type,
05299 tid.dev.major,
05300 tid.dev.minor);
05301 }
05302 #endif
05303
05304 if(RSBAC_IS_ZERO_DEV_DESC(tid.dev))
05305 return rsbac_ta_list_remove(ta_number, default_dev_handle, &desc);
05306
05307 {
05308 switch(tid.dev.type)
05309 {
05310 case D_char:
05311 case D_block:
05312 err = rsbac_ta_list_lol_subremove(ta_number, dev_handle, &tid.dev, &desc);
05313
05314 if( !err
05315 && !rsbac_ta_list_lol_subcount(ta_number, dev_handle, &tid.dev)
05316 && !rsbac_ta_list_lol_get_data_ttl(ta_number, dev_handle,
05317 NULL,
05318 &tid.dev,
05319 &mask)
05320 && (mask == RSBAC_ACL_DEFAULT_DEV_MASK)
05321 )
05322 {
05323 err = rsbac_ta_list_lol_remove(ta_number, dev_handle, &tid.dev);
05324 }
05325 return err;
05326
05327 case D_char_major:
05328 case D_block_major:
05329 tid.dev.type -= (D_block_major - D_block);
05330 err = rsbac_ta_list_lol_subremove(ta_number, dev_major_handle, &tid.dev, &desc);
05331
05332 if( !err
05333 && !rsbac_ta_list_lol_subcount(ta_number, dev_major_handle, &tid.dev)
05334 && !rsbac_ta_list_lol_get_data_ttl(ta_number, dev_major_handle,
05335 NULL,
05336 &tid.dev,
05337 &mask)
05338 && (mask == RSBAC_ACL_DEFAULT_DEV_MASK)
05339 )
05340 {
05341 err = rsbac_ta_list_lol_remove(ta_number, dev_major_handle, &tid.dev);
05342 }
05343 return err;
05344
05345 default:
05346 return -RSBAC_EINVALIDTARGET;
05347 }
05348 }
05349
05350 case T_IPC:
05351 #ifdef CONFIG_RSBAC_DEBUG
05352 if (rsbac_debug_ds_acl)
05353 {
05354 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing IPC ACL for type %u\n",
05355 tid.ipc.type);
05356 }
05357 #endif
05358
05359 if(tid.ipc.type == I_none)
05360 return rsbac_ta_list_remove(ta_number, default_ipc_handle, &desc);
05361 else
05362 return -RSBAC_EINVALIDTARGET;
05363
05364 case T_SCD:
05365 #ifdef CONFIG_RSBAC_DEBUG
05366 if (rsbac_debug_ds_acl)
05367 {
05368 char tmp[80];
05369
05370 get_acl_scd_type_name(tmp, tid.scd);
05371 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing SCD ACL entry for %s\n",
05372 tmp);
05373 }
05374 #endif
05375
05376 if(tid.scd == AST_none)
05377 return rsbac_ta_list_remove(ta_number, default_scd_handle, &desc);
05378 err = rsbac_ta_list_lol_subremove(ta_number, scd_handle, &tid.scd, &desc);
05379
05380 if( !err
05381 && !rsbac_ta_list_lol_subcount(ta_number, scd_handle, &tid.scd)
05382 && !rsbac_ta_list_lol_get_data_ttl(ta_number, scd_handle,
05383 NULL,
05384 &tid.scd,
05385 &mask)
05386 && (mask == RSBAC_ACL_DEFAULT_SCD_MASK)
05387 )
05388 {
05389 err = rsbac_ta_list_lol_remove(ta_number, scd_handle, &tid.scd);
05390 }
05391 return err;
05392
05393 case T_USER:
05394 #ifdef CONFIG_RSBAC_DEBUG
05395 if (rsbac_debug_ds_acl)
05396 {
05397 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing user ACL for user %u\n",
05398 tid.user);
05399 }
05400 #endif
05401
05402 if(tid.user == RSBAC_NO_USER)
05403 return rsbac_ta_list_remove(ta_number, default_u_handle, &desc);
05404 err = rsbac_ta_list_lol_subremove(ta_number, u_handle, &tid.user, &desc);
05405
05406 if( !err
05407 && !rsbac_ta_list_lol_subcount(ta_number, u_handle, &tid.user)
05408 && !rsbac_ta_list_lol_get_data_ttl(ta_number, u_handle,
05409 NULL,
05410 &tid.user,
05411 &mask)
05412 && (mask == RSBAC_ACL_DEFAULT_U_MASK)
05413 )
05414 {
05415 err = rsbac_ta_list_lol_remove(ta_number, u_handle, &tid.user);
05416 }
05417 return err;
05418
05419 case T_PROCESS:
05420 #ifdef CONFIG_RSBAC_DEBUG
05421 if (rsbac_debug_ds_acl)
05422 {
05423 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing process ACL for pid %u\n",
05424 tid.process);
05425 }
05426 #endif
05427
05428 if(!tid.process)
05429 return rsbac_ta_list_remove(ta_number, default_p_handle, &desc);
05430 else
05431 return -RSBAC_EINVALIDTARGET;
05432
05433 #ifdef CONFIG_RSBAC_ACL_UM_PROT
05434 case T_GROUP:
05435 #ifdef CONFIG_RSBAC_DEBUG
05436 if (rsbac_debug_ds_acl)
05437 {
05438 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing Linux group ACL for group %u\n",
05439 tid.group);
05440 }
05441 #endif
05442
05443 if(tid.group == RSBAC_NO_GROUP)
05444 return rsbac_ta_list_remove(ta_number, default_g_handle, &desc);
05445 err = rsbac_ta_list_lol_subremove(ta_number, g_handle, &tid.group, &desc);
05446
05447 if( !err
05448 && !rsbac_ta_list_lol_subcount(ta_number, g_handle, &tid.group)
05449 && !rsbac_ta_list_lol_get_data_ttl(ta_number, g_handle,
05450 NULL,
05451 &tid.group,
05452 &mask)
05453 && (mask == RSBAC_ACL_DEFAULT_G_MASK)
05454 )
05455 {
05456 err = rsbac_ta_list_lol_remove(ta_number, g_handle, &tid.group);
05457 }
05458 return err;
05459 #endif
05460
05461 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
05462 case T_NETDEV:
05463 #ifdef CONFIG_RSBAC_DEBUG
05464 if (rsbac_debug_ds_acl)
05465 {
05466 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network device ACL entry for netdev %s\n",
05467 tid.netdev);
05468 }
05469 #endif
05470
05471 if(!tid.netdev[0])
05472 return rsbac_ta_list_remove(ta_number, default_netdev_handle, &desc);
05473
05474 err = rsbac_ta_list_lol_subremove(ta_number, netdev_handle, &tid.netdev, &desc);
05475
05476 if( !err
05477 && !rsbac_ta_list_lol_subcount(ta_number, netdev_handle, &tid.netdev)
05478 && !rsbac_ta_list_lol_get_data_ttl(ta_number, netdev_handle,
05479 NULL,
05480 &tid.netdev,
05481 &mask)
05482 && (mask == RSBAC_ACL_DEFAULT_NETDEV_MASK)
05483 )
05484 {
05485 err = rsbac_ta_list_lol_remove(ta_number, netdev_handle, &tid.netdev);
05486 }
05487 return err;
05488 #endif
05489
05490 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
05491 case T_NETTEMP_NT:
05492 #ifdef CONFIG_RSBAC_DEBUG
05493 if (rsbac_debug_ds_acl)
05494 {
05495 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network template NT ACL entry for nettemp_nt %u\n",
05496 tid.nettemp);
05497 }
05498 #endif
05499
05500 if(!tid.nettemp)
05501 return rsbac_ta_list_remove(ta_number, default_nettemp_nt_handle, &desc);
05502 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
05503 return -RSBAC_EINVALIDTARGET;
05504
05505 err = rsbac_ta_list_lol_subremove(ta_number, nettemp_nt_handle, &tid.nettemp, &desc);
05506
05507 if( !err
05508 && !rsbac_ta_list_lol_subcount(ta_number, nettemp_nt_handle, &tid.nettemp)
05509 && !rsbac_ta_list_lol_get_data_ttl(ta_number, nettemp_nt_handle,
05510 NULL,
05511 &tid.nettemp,
05512 &mask)
05513 && (mask == RSBAC_ACL_DEFAULT_NETTEMP_MASK)
05514 )
05515 {
05516 err = rsbac_ta_list_lol_remove(ta_number, nettemp_nt_handle, &tid.nettemp);
05517 }
05518 return err;
05519
05520 case T_NETTEMP:
05521 #ifdef CONFIG_RSBAC_DEBUG
05522 if (rsbac_debug_ds_acl)
05523 {
05524 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network template ACL entry for nettemp_nt %u\n",
05525 tid.nettemp);
05526 }
05527 #endif
05528
05529 if(!tid.nettemp)
05530 return -RSBAC_EINVALIDTARGET;
05531 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
05532 return -RSBAC_EINVALIDTARGET;
05533
05534 err = rsbac_ta_list_lol_subremove(ta_number, nettemp_handle, &tid.nettemp, &desc);
05535
05536 if( !err
05537 && !rsbac_ta_list_lol_subcount(ta_number, nettemp_handle, &tid.nettemp)
05538 && !rsbac_ta_list_lol_get_data_ttl(ta_number, nettemp_handle,
05539 NULL,
05540 &tid.nettemp,
05541 &mask)
05542 && (mask == RSBAC_ACL_DEFAULT_NETOBJ_MASK)
05543 )
05544 {
05545 err = rsbac_ta_list_lol_remove(ta_number, nettemp_handle, &tid.nettemp);
05546 }
05547 return err;
05548
05549 case T_NETOBJ:
05550 #ifdef CONFIG_RSBAC_DEBUG
05551 if (rsbac_debug_ds_acl)
05552 {
05553 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl_entry(): Removing network object ACL entry for netobj %p\n",
05554 tid.netobj.sock_p);
05555 }
05556 #endif
05557
05558 if(!tid.netobj.sock_p)
05559 return rsbac_ta_list_remove(ta_number, default_netobj_handle, &desc);
05560
05561 err = rsbac_ta_list_lol_subremove(ta_number, netobj_handle, &tid.netobj.sock_p, &desc);
05562
05563 if( !err
05564 && !rsbac_ta_list_lol_subcount(ta_number, netobj_handle, &tid.netobj.sock_p)
05565 && !rsbac_ta_list_lol_get_data_ttl(ta_number, netobj_handle,
05566 NULL,
05567 &tid.netobj,
05568 &mask)
05569 && (mask == RSBAC_ACL_DEFAULT_NETOBJ_MASK)
05570 )
05571 {
05572 err = rsbac_ta_list_lol_remove(ta_number, netobj_handle, &tid.netobj.sock_p);
05573 }
05574 return err;
05575 #endif
05576
05577 default:
05578 return -RSBAC_EINVALIDTARGET;
05579 }
05580 }
05581
05582
05583
05584
05585
05586 int rsbac_acl_remove_acl(
05587 rsbac_list_ta_number_t ta_number,
05588 enum rsbac_target_t target,
05589 union rsbac_target_id_t tid)
05590 {
05591 int err = 0;
05592 int list_no;
05593 struct rsbac_acl_device_list_item_t * device_p;
05594 u_long dflags;
05595
05596 if (!rsbac_is_initialized())
05597 {
05598 rsbac_printk(KERN_WARNING "rsbac_acl_remove_acl(): RSBAC not initialized\n");
05599 return(-RSBAC_ENOTINITIALIZED);
05600 }
05601 #ifdef CONFIG_RSBAC_DEBUG
05602 if (in_interrupt())
05603 {
05604 rsbac_printk(KERN_WARNING "rsbac_acl_remove_acl(): called from interrupt!\n");
05605 }
05606 #endif
05607 switch (target)
05608 {
05609 case T_FILE:
05610 case T_DIR:
05611 case T_FIFO:
05612 case T_SYMLINK:
05613 #ifdef CONFIG_RSBAC_DEBUG
05614 if (rsbac_debug_ds_acl)
05615 {
05616 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing file/dir/fifo/symlink ACL for device %02u:%02u, inode %u\n",
05617 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
05618 }
05619 #endif
05620
05621 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
05622 return -RSBAC_EINVALIDTARGET;
05623
05624
05625 rsbac_read_lock(&device_list_head.lock, &dflags);
05626
05627
05628 device_p = acl_lookup_device(tid.file.device);
05629 if (!device_p)
05630 {
05631
05632 rsbac_read_unlock(&device_list_head.lock, &dflags);
05633 rsbac_get_super_block(tid.file.device);
05634
05635 rsbac_read_lock(&device_list_head.lock, &dflags);
05636 device_p = acl_lookup_device(tid.file.device);
05637 if(!device_p)
05638 {
05639 rsbac_printk(KERN_WARNING
05640 "rsbac_acl_remove_acl(): Could not lookup device!\n");
05641 rsbac_read_unlock(&device_list_head.lock, &dflags);
05642 return -RSBAC_EINVALIDDEV;
05643 }
05644 }
05645 list_no = fd_hash(tid.file.inode);
05646 err = rsbac_ta_list_lol_remove(ta_number, device_p->handles[list_no], &tid.file.inode);
05647 rsbac_read_unlock(&device_list_head.lock, &dflags);
05648 return err;
05649
05650 case T_DEV:
05651 #ifdef CONFIG_RSBAC_DEBUG
05652 if (rsbac_debug_ds_acl)
05653 {
05654 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing device ACL for dev %c %02u:%02u\n",
05655 'B'+tid.dev.type,
05656 tid.dev.major,
05657 tid.dev.minor);
05658 }
05659 #endif
05660
05661 if(RSBAC_IS_ZERO_DEV_DESC(tid.dev))
05662 return -RSBAC_EINVALIDTARGET;
05663 switch(tid.dev.type)
05664 {
05665 case D_char:
05666 case D_block:
05667 return rsbac_ta_list_lol_remove(ta_number, dev_handle, &tid.dev);
05668
05669 case D_char_major:
05670 case D_block_major:
05671 tid.dev.type -= (D_block_major - D_block);
05672 return rsbac_ta_list_lol_remove(ta_number, dev_major_handle, &tid.dev);
05673
05674 default:
05675 return -RSBAC_EINVALIDTARGET;
05676 }
05677
05678 case T_SCD:
05679 #ifdef CONFIG_RSBAC_DEBUG
05680 if (rsbac_debug_ds_acl)
05681 {
05682 char tmp[80];
05683
05684 get_acl_scd_type_name(tmp, tid.scd);
05685 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing SCD ACL for %s\n",
05686 tmp);
05687 }
05688 #endif
05689
05690 if(tid.scd == AST_none)
05691 return -RSBAC_EINVALIDTARGET;
05692 else
05693 return rsbac_ta_list_lol_remove(ta_number, scd_handle, &tid.scd);
05694
05695 case T_USER:
05696 #ifdef CONFIG_RSBAC_DEBUG
05697 if (rsbac_debug_ds_acl)
05698 {
05699 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing user ACL for user %u\n",
05700 tid.user);
05701 }
05702 #endif
05703
05704 if(tid.user == RSBAC_NO_USER)
05705 return -RSBAC_EINVALIDTARGET;
05706 else
05707 return rsbac_ta_list_lol_remove(ta_number, u_handle, &tid.user);
05708
05709 #ifdef CONFIG_RSBAC_ACL_UM_PROT
05710 case T_GROUP:
05711 #ifdef CONFIG_RSBAC_DEBUG
05712 if (rsbac_debug_ds_acl)
05713 {
05714 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing Linux group ACL for group %u\n",
05715 tid.group);
05716 }
05717 #endif
05718
05719 if(tid.group == RSBAC_NO_GROUP)
05720 return -RSBAC_EINVALIDTARGET;
05721 else
05722 return rsbac_ta_list_lol_remove(ta_number, g_handle, &tid.group);
05723 #endif
05724
05725 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
05726 case T_NETDEV:
05727 #ifdef CONFIG_RSBAC_DEBUG
05728 if (rsbac_debug_ds_acl)
05729 {
05730 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network device ACL for netdev %s\n",
05731 tid.netdev);
05732 }
05733 #endif
05734
05735 if(!tid.netdev[0])
05736 return -RSBAC_EINVALIDTARGET;
05737 else
05738 return rsbac_ta_list_lol_remove(ta_number, netdev_handle, &tid.netdev);
05739 #endif
05740
05741 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
05742 case T_NETTEMP_NT:
05743 #ifdef CONFIG_RSBAC_DEBUG
05744 if (rsbac_debug_ds_acl)
05745 {
05746 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network template NT ACL for nettemp_nt %u\n",
05747 tid.nettemp);
05748 }
05749 #endif
05750
05751 if(!tid.nettemp)
05752 return -RSBAC_EINVALIDTARGET;
05753 else
05754 return rsbac_ta_list_lol_remove(ta_number, nettemp_nt_handle, &tid.nettemp);
05755 case T_NETTEMP:
05756 #ifdef CONFIG_RSBAC_DEBUG
05757 if (rsbac_debug_ds_acl)
05758 {
05759 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network template ACL for nettemp %u\n",
05760 tid.nettemp);
05761 }
05762 #endif
05763
05764 if(!tid.nettemp)
05765 return -RSBAC_EINVALIDTARGET;
05766 else
05767 return rsbac_ta_list_lol_remove(ta_number, nettemp_handle, &tid.nettemp);
05768 case T_NETOBJ:
05769 #ifdef CONFIG_RSBAC_DEBUG
05770 if (rsbac_debug_ds_acl)
05771 {
05772 rsbac_printk(KERN_DEBUG "rsbac_acl_remove_acl(): Removing network object ACL for netobj %p\n",
05773 tid.netobj.sock_p);
05774 }
05775 #endif
05776
05777 if(!tid.netobj.sock_p)
05778 return -RSBAC_EINVALIDTARGET;
05779 else
05780 return rsbac_ta_list_lol_remove(ta_number, netobj_handle, &tid.netobj.sock_p);
05781 #endif
05782
05783 default:
05784 err = -RSBAC_EINVALIDTARGET;
05785 }
05786 return(err);
05787 }
05788
05789
05790
05791
05792
05793
05794 int rsbac_acl_add_to_acl_entry(
05795 rsbac_list_ta_number_t ta_number,
05796 enum rsbac_target_t target,
05797 union rsbac_target_id_t tid,
05798 enum rsbac_acl_subject_type_t subj_type,
05799 rsbac_acl_subject_id_t subj_id,
05800 rsbac_acl_rights_vector_t rights,
05801 rsbac_time_t ttl)
05802 {
05803 int err = 0;
05804 int list_no;
05805 struct rsbac_acl_device_list_item_t * device_p;
05806 rsbac_acl_rights_vector_t old_rights;
05807 struct rsbac_acl_entry_desc_t desc;
05808 u_long dflags;
05809
05810 if (!rsbac_is_initialized())
05811 {
05812 rsbac_printk(KERN_WARNING "rsbac_acl_add_to_acl_entry(): RSBAC not initialized\n");
05813 return(-RSBAC_ENOTINITIALIZED);
05814 }
05815 if (subj_type >= ACLS_NONE)
05816 return(-RSBAC_EINVALIDVALUE);
05817 #ifdef CONFIG_RSBAC_DEBUG
05818 if (in_interrupt())
05819 {
05820 rsbac_printk(KERN_WARNING "rsbac_acl_add_to_acl_entry(): called from interrupt!\n");
05821 }
05822 #endif
05823 desc.subj_type = subj_type;
05824 desc.subj_id = subj_id;
05825
05826 switch (target)
05827 {
05828 case T_FILE:
05829 case T_DIR:
05830 case T_FIFO:
05831 case T_SYMLINK:
05832
05833
05834
05835
05836
05837
05838
05839
05840
05841
05842 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
05843 {
05844 if(!rsbac_ta_list_get_data_ttl(ta_number, default_fd_handle, NULL, &desc, &old_rights))
05845 rights |= old_rights;
05846 return rsbac_ta_list_add_ttl(ta_number, default_fd_handle, ttl, &desc, &rights);
05847 }
05848
05849 rsbac_read_lock(&device_list_head.lock, &dflags);
05850
05851
05852 device_p = acl_lookup_device(tid.file.device);
05853 if (!device_p)
05854 {
05855
05856 rsbac_read_unlock(&device_list_head.lock, &dflags);
05857 rsbac_get_super_block(tid.file.device);
05858
05859 rsbac_read_lock(&device_list_head.lock, &dflags);
05860 device_p = acl_lookup_device(tid.file.device);
05861 if(!device_p)
05862 {
05863 rsbac_printk(KERN_WARNING
05864 "rsbac_acl_set_acl_entry(): Could not lookup device!\n");
05865
05866 rsbac_read_unlock(&device_list_head.lock, &dflags);
05867 return(-RSBAC_EINVALIDDEV);
05868 }
05869 }
05870
05871 list_no = fd_hash(tid.file.inode);
05872 if(!rsbac_ta_list_lol_exist(ta_number, device_p->handles[list_no], &tid.file.inode))
05873 {
05874 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_FD_MASK;
05875
05876 err = rsbac_ta_list_lol_add_ttl(ta_number, device_p->handles[list_no],
05877 0, &tid.file.inode, &mask);
05878 if(err)
05879 {
05880 rsbac_read_unlock(&device_list_head.lock, &dflags);
05881 return err;
05882 }
05883 }
05884 else
05885 {
05886 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
05887 device_p->handles[list_no],
05888 NULL,
05889 &tid.file.inode,
05890 &desc,
05891 &old_rights))
05892 rights |= old_rights;
05893 }
05894 err = rsbac_ta_list_lol_subadd_ttl(ta_number,
05895 device_p->handles[list_no],
05896 ttl,
05897 &tid.file.inode,
05898 &desc,
05899 &rights);
05900 rsbac_read_unlock(&device_list_head.lock, &dflags);
05901
05902 return err;
05903
05904 case T_DEV:
05905
05906
05907
05908
05909
05910
05911
05912
05913
05914
05915 if(RSBAC_IS_ZERO_DEV_DESC(tid.dev))
05916 {
05917 if(!rsbac_ta_list_get_data_ttl(ta_number, default_dev_handle,
05918 NULL, &desc, &old_rights))
05919 rights |= old_rights;
05920 return rsbac_ta_list_add_ttl(ta_number, default_dev_handle, ttl, &desc, &rights);
05921 }
05922 switch(tid.dev.type)
05923 {
05924 case D_char:
05925 case D_block:
05926 if(!rsbac_ta_list_lol_exist(ta_number, dev_handle, &tid.dev))
05927 {
05928 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_DEV_MASK;
05929
05930 err = rsbac_ta_list_lol_add_ttl(ta_number, dev_handle,
05931 0, &tid.dev, &mask);
05932 if(err)
05933 return err;
05934 }
05935 else
05936 {
05937 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number, dev_handle,
05938 NULL,
05939 &tid.dev,
05940 &desc,
05941 &old_rights))
05942 rights |= old_rights;
05943 }
05944 return rsbac_ta_list_lol_subadd_ttl(ta_number, dev_handle,
05945 ttl,
05946 &tid.dev,
05947 &desc,
05948 &rights);
05949
05950 case D_char_major:
05951 case D_block_major:
05952 tid.dev.type -= (D_block_major - D_block);
05953 if(!rsbac_ta_list_lol_exist(ta_number, dev_major_handle, &tid.dev))
05954 {
05955 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_DEV_MASK;
05956
05957 err = rsbac_ta_list_lol_add_ttl(ta_number, dev_major_handle,
05958 0, &tid.dev, &mask);
05959 if(err)
05960 return err;
05961 }
05962 else
05963 {
05964 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number, dev_major_handle,
05965 NULL,
05966 &tid.dev,
05967 &desc,
05968 &old_rights))
05969 rights |= old_rights;
05970 }
05971 return rsbac_ta_list_lol_subadd_ttl(ta_number, dev_major_handle,
05972 ttl,
05973 &tid.dev,
05974 &desc,
05975 &rights);
05976
05977 default:
05978 return -RSBAC_EINVALIDTARGET;
05979 }
05980
05981 case T_IPC:
05982
05983
05984
05985
05986
05987
05988
05989
05990 if(tid.ipc.type == I_none)
05991 {
05992 if(!rsbac_ta_list_get_data_ttl(ta_number, default_ipc_handle,
05993 NULL, &desc, &old_rights))
05994 rights |= old_rights;
05995 return rsbac_ta_list_add_ttl(ta_number, default_ipc_handle, ttl, &desc, &rights);
05996 }
05997 else
05998 return -RSBAC_EINVALIDTARGET;
05999
06000 case T_SCD:
06001
06002
06003
06004
06005
06006
06007
06008
06009
06010
06011
06012
06013 if(tid.scd == AST_none)
06014 {
06015 if(!rsbac_ta_list_get_data_ttl(ta_number, default_scd_handle,
06016 NULL, &desc, &old_rights))
06017 rights |= old_rights;
06018 return rsbac_ta_list_add_ttl(ta_number, default_scd_handle, ttl, &desc, &rights);
06019 }
06020 if(!rsbac_ta_list_lol_exist(ta_number, scd_handle, &tid.scd))
06021 {
06022 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_SCD_MASK;
06023
06024 err = rsbac_ta_list_lol_add_ttl(ta_number, scd_handle, 0, &tid.scd, &mask);
06025 if(err)
06026 return err;
06027 }
06028 else
06029 {
06030 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06031 scd_handle,
06032 NULL,
06033 &tid.scd,
06034 &desc,
06035 &old_rights))
06036 rights |= old_rights;
06037 }
06038 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06039 scd_handle,
06040 ttl,
06041 &tid.scd,
06042 &desc,
06043 &rights);
06044
06045 case T_USER:
06046
06047
06048
06049
06050
06051
06052
06053
06054 if(tid.user == RSBAC_NO_USER)
06055 {
06056 if(!rsbac_ta_list_get_data_ttl(ta_number, default_u_handle, NULL, &desc, &old_rights))
06057 rights |= old_rights;
06058 return rsbac_ta_list_add_ttl(ta_number, default_u_handle, ttl, &desc, &rights);
06059 }
06060 if(!rsbac_ta_list_lol_exist(ta_number, u_handle, &tid.user))
06061 {
06062 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_U_MASK;
06063
06064 err = rsbac_ta_list_lol_add_ttl(ta_number, u_handle, 0, &tid.user, &mask);
06065 if(err)
06066 return err;
06067 }
06068 else
06069 {
06070 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06071 u_handle,
06072 NULL,
06073 &tid.user,
06074 &desc,
06075 &old_rights))
06076 rights |= old_rights;
06077 }
06078 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06079 u_handle,
06080 ttl,
06081 &tid.user,
06082 &desc,
06083 &rights);
06084
06085 case T_PROCESS:
06086
06087
06088
06089
06090
06091
06092
06093
06094 if(!tid.process)
06095 {
06096 if(!rsbac_ta_list_get_data_ttl(ta_number, default_p_handle, NULL, &desc, &old_rights))
06097 rights |= old_rights;
06098 return rsbac_ta_list_add_ttl(ta_number, default_p_handle, ttl, &desc, &rights);
06099 }
06100 else
06101 return -RSBAC_EINVALIDTARGET;
06102
06103 #ifdef CONFIG_RSBAC_ACL_UM_PROT
06104 case T_GROUP:
06105
06106
06107
06108
06109
06110
06111
06112
06113 if(tid.group == RSBAC_NO_GROUP)
06114 {
06115 if(!rsbac_ta_list_get_data_ttl(ta_number, default_g_handle, NULL, &desc, &old_rights))
06116 rights |= old_rights;
06117 return rsbac_ta_list_add_ttl(ta_number, default_g_handle, ttl, &desc, &rights);
06118 }
06119 if(!rsbac_ta_list_lol_exist(ta_number, g_handle, &tid.group))
06120 {
06121 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_G_MASK;
06122
06123 err = rsbac_ta_list_lol_add_ttl(ta_number, g_handle, 0, &tid.group, &mask);
06124 if(err)
06125 return err;
06126 }
06127 else
06128 {
06129 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06130 g_handle,
06131 NULL,
06132 &tid.group,
06133 &desc,
06134 &old_rights))
06135 rights |= old_rights;
06136 }
06137 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06138 g_handle,
06139 ttl,
06140 &tid.group,
06141 &desc,
06142 &rights);
06143 #endif
06144
06145 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
06146 case T_NETDEV:
06147
06148
06149
06150
06151
06152
06153
06154
06155 if(!tid.netdev[0])
06156 {
06157 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netdev_handle, NULL, &desc, &old_rights))
06158 rights |= old_rights;
06159 return rsbac_ta_list_add_ttl(ta_number, default_netdev_handle, ttl, &desc, &rights);
06160 }
06161 if(!rsbac_ta_list_lol_exist(ta_number, netdev_handle, &tid.netdev))
06162 {
06163 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETDEV_MASK;
06164
06165 err = rsbac_ta_list_lol_add_ttl(ta_number, netdev_handle, 0, &tid.netdev, &mask);
06166 if(err)
06167 return err;
06168 }
06169 else
06170 {
06171 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06172 netdev_handle,
06173 NULL,
06174 &tid.netdev,
06175 &desc,
06176 &old_rights))
06177 rights |= old_rights;
06178 }
06179 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06180 netdev_handle,
06181 ttl,
06182 &tid.netdev,
06183 &desc,
06184 &rights);
06185 #endif
06186
06187 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
06188 case T_NETTEMP_NT:
06189
06190
06191
06192
06193
06194
06195
06196
06197 if(!tid.nettemp)
06198 {
06199 if(!rsbac_ta_list_get_data_ttl(ta_number, default_nettemp_nt_handle, NULL, &desc, &old_rights))
06200 rights |= old_rights;
06201 return rsbac_ta_list_add_ttl(ta_number, default_nettemp_nt_handle, ttl, &desc, &rights);
06202 }
06203 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
06204 return -RSBAC_EINVALIDTARGET;
06205 if(!rsbac_ta_list_lol_exist(ta_number, nettemp_nt_handle, &tid.nettemp))
06206 {
06207 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETTEMP_MASK;
06208
06209 err = rsbac_ta_list_lol_add_ttl(ta_number, nettemp_nt_handle, 0, &tid.nettemp, &mask);
06210 if(err)
06211 return err;
06212 }
06213 else
06214 {
06215 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06216 nettemp_nt_handle,
06217 NULL,
06218 &tid.nettemp,
06219 &desc,
06220 &old_rights))
06221 rights |= old_rights;
06222 }
06223 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06224 nettemp_nt_handle,
06225 ttl,
06226 &tid.nettemp,
06227 &desc,
06228 &rights);
06229 case T_NETTEMP:
06230
06231
06232
06233
06234
06235
06236
06237
06238 if(!tid.nettemp)
06239 {
06240 return -RSBAC_EINVALIDTARGET;
06241 }
06242 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
06243 return -RSBAC_EINVALIDTARGET;
06244 if(!rsbac_ta_list_lol_exist(ta_number, nettemp_handle, &tid.nettemp))
06245 {
06246 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
06247
06248 err = rsbac_ta_list_lol_add_ttl(ta_number, nettemp_handle, 0, &tid.nettemp, &mask);
06249 if(err)
06250 return err;
06251 }
06252 else
06253 {
06254 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number, nettemp_handle,
06255 NULL, &tid.nettemp,
06256 &desc,
06257 &old_rights))
06258 rights |= old_rights;
06259 }
06260 return rsbac_ta_list_lol_subadd_ttl(ta_number, nettemp_handle,
06261 ttl,
06262 &tid.nettemp,
06263 &desc,
06264 &rights);
06265 case T_NETOBJ:
06266
06267
06268
06269
06270
06271
06272
06273
06274 if(!tid.netobj.sock_p)
06275 {
06276 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle, NULL, &desc, &old_rights))
06277 rights |= old_rights;
06278 return rsbac_ta_list_add_ttl(ta_number, default_netobj_handle, ttl,&desc, &rights);
06279 }
06280 if(!rsbac_ta_list_lol_exist(ta_number, netobj_handle, &tid.netobj.sock_p))
06281 {
06282 rsbac_acl_rights_vector_t mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
06283
06284 err = rsbac_ta_list_lol_add_ttl(ta_number, netobj_handle, 0, &tid.netobj.sock_p, &mask);
06285 if(err)
06286 return err;
06287 }
06288 else
06289 {
06290 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06291 netobj_handle,
06292 NULL,
06293 &tid.netobj.sock_p,
06294 &desc,
06295 &old_rights))
06296 rights |= old_rights;
06297 }
06298 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06299 netobj_handle,
06300 ttl,
06301 &tid.netobj.sock_p,
06302 &desc,
06303 &rights);
06304 #endif
06305
06306 default:
06307 return -RSBAC_EINVALIDTARGET;
06308 }
06309 }
06310
06311
06312
06313
06314
06315
06316
06317
06318 int rsbac_acl_remove_from_acl_entry(
06319 rsbac_list_ta_number_t ta_number,
06320 enum rsbac_target_t target,
06321 union rsbac_target_id_t tid,
06322 enum rsbac_acl_subject_type_t subj_type,
06323 rsbac_acl_subject_id_t subj_id,
06324 rsbac_acl_rights_vector_t rights)
06325 {
06326 int err = 0;
06327 int list_no;
06328 struct rsbac_acl_device_list_item_t * device_p;
06329 rsbac_acl_rights_vector_t old_rights;
06330 struct rsbac_acl_entry_desc_t desc;
06331 u_long dflags;
06332 rsbac_time_t ttl;
06333
06334 if (!rsbac_is_initialized())
06335 {
06336 rsbac_printk(KERN_WARNING "rsbac_acl_remove_from_acl_entry(): RSBAC not initialized\n");
06337 return(-RSBAC_ENOTINITIALIZED);
06338 }
06339 if (subj_type >= ACLS_NONE)
06340 return(-RSBAC_EINVALIDVALUE);
06341 #ifdef CONFIG_RSBAC_DEBUG
06342 if (in_interrupt())
06343 {
06344 rsbac_printk(KERN_WARNING "rsbac_acl_remove_from_acl_entry(): called from interrupt!\n");
06345 }
06346 #endif
06347 desc.subj_type = subj_type;
06348 desc.subj_id = subj_id;
06349
06350 switch (target)
06351 {
06352 case T_FILE:
06353 case T_DIR:
06354 case T_FIFO:
06355 case T_SYMLINK:
06356
06357
06358
06359
06360
06361
06362
06363
06364 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
06365 {
06366 if(!rsbac_ta_list_get_data_ttl(ta_number, default_fd_handle,
06367 &ttl, &desc, &old_rights))
06368 {
06369 old_rights &= ~rights;
06370 return rsbac_ta_list_add_ttl(ta_number, default_fd_handle,
06371 ttl, &desc, &old_rights);
06372 }
06373 else
06374 return 0;
06375 }
06376
06377 rsbac_read_lock(&device_list_head.lock, &dflags);
06378
06379
06380 device_p = acl_lookup_device(tid.file.device);
06381 if (!device_p)
06382 {
06383
06384 rsbac_read_unlock(&device_list_head.lock, &dflags);
06385 rsbac_get_super_block(tid.file.device);
06386
06387 rsbac_read_lock(&device_list_head.lock, &dflags);
06388 device_p = acl_lookup_device(tid.file.device);
06389 if(!device_p)
06390 {
06391 rsbac_printk(KERN_WARNING
06392 "rsbac_acl_remove_from_acl_entry(): Could not lookup device!\n");
06393
06394 rsbac_read_unlock(&device_list_head.lock, &dflags);
06395 return(-RSBAC_EINVALIDDEV);
06396 }
06397 }
06398 list_no = fd_hash(tid.file.inode);
06399 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06400 device_p->handles[list_no],
06401 &ttl,
06402 &tid.file.inode,
06403 &desc,
06404 &old_rights))
06405 {
06406 old_rights &= ~rights;
06407 err = rsbac_ta_list_lol_subadd_ttl(ta_number,
06408 device_p->handles[list_no],
06409 ttl,
06410 &tid.file.inode,
06411 &desc,
06412 &old_rights);
06413 }
06414 else
06415 err = 0;
06416 rsbac_read_unlock(&device_list_head.lock, &dflags);
06417 return err;
06418
06419 case T_DEV:
06420
06421
06422
06423
06424
06425
06426
06427
06428
06429
06430 if(RSBAC_IS_ZERO_DEV_DESC(tid.dev))
06431 {
06432 if(!rsbac_ta_list_get_data_ttl(ta_number, default_dev_handle,
06433 &ttl, &desc, &old_rights))
06434 {
06435 old_rights &= ~rights;
06436 return rsbac_ta_list_add_ttl(ta_number, default_dev_handle,
06437 ttl, &desc, &old_rights);
06438 }
06439 else
06440 return 0;
06441 }
06442 switch(tid.dev.type)
06443 {
06444 case D_char:
06445 case D_block:
06446 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number, dev_handle,
06447 &ttl,
06448 &tid.dev,
06449 &desc,
06450 &old_rights))
06451 {
06452 old_rights &= ~rights;
06453 return rsbac_ta_list_lol_subadd_ttl(ta_number, dev_handle,
06454 ttl,
06455 &tid.dev,
06456 &desc,
06457 &old_rights);
06458 }
06459 else
06460 return 0;
06461
06462 case D_char_major:
06463 case D_block_major:
06464 tid.dev.type -= (D_block_major - D_block);
06465 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06466 dev_major_handle,
06467 &ttl,
06468 &tid.dev,
06469 &desc,
06470 &old_rights))
06471 {
06472 old_rights &= ~rights;
06473 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06474 dev_major_handle,
06475 ttl,
06476 &tid.dev,
06477 &desc,
06478 &old_rights);
06479 }
06480 else
06481 return 0;
06482
06483 default:
06484 return -RSBAC_EINVALIDTARGET;
06485 }
06486
06487 case T_IPC:
06488
06489
06490
06491
06492
06493
06494
06495
06496 if(tid.ipc.type == I_none)
06497 {
06498 if(!rsbac_ta_list_get_data_ttl(ta_number, default_ipc_handle,
06499 &ttl, &desc, &old_rights))
06500 {
06501 old_rights &= ~rights;
06502 return rsbac_ta_list_add_ttl(ta_number, default_ipc_handle,
06503 ttl, &desc, &old_rights);
06504 }
06505 else
06506 return 0;
06507 }
06508 else
06509 return -RSBAC_EINVALIDTARGET;
06510
06511 case T_SCD:
06512
06513
06514
06515
06516
06517
06518
06519
06520
06521
06522
06523
06524 if(tid.scd == AST_none)
06525 {
06526 if(!rsbac_ta_list_get_data_ttl(ta_number, default_scd_handle,
06527 &ttl, &desc, &old_rights))
06528 {
06529 old_rights &= ~rights;
06530 return rsbac_ta_list_add_ttl(ta_number, default_scd_handle,
06531 ttl, &desc, &old_rights);
06532 }
06533 else
06534 return 0;
06535 }
06536 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06537 scd_handle,
06538 &ttl,
06539 &tid.scd,
06540 &desc,
06541 &old_rights))
06542 {
06543 old_rights &= ~rights;
06544 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06545 scd_handle,
06546 ttl,
06547 &tid.scd,
06548 &desc,
06549 &old_rights);
06550 }
06551 else
06552 return 0;
06553
06554 case T_USER:
06555
06556
06557
06558
06559
06560
06561
06562
06563 if(tid.user == RSBAC_NO_USER)
06564 {
06565 if(!rsbac_ta_list_get_data_ttl(ta_number, default_u_handle,
06566 &ttl, &desc, &old_rights))
06567 {
06568 old_rights &= ~rights;
06569 return rsbac_ta_list_add_ttl(ta_number, default_u_handle,
06570 ttl, &desc, &old_rights);
06571 }
06572 else
06573 return 0;
06574 }
06575 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06576 u_handle,
06577 &ttl,
06578 &tid.user,
06579 &desc,
06580 &old_rights))
06581 {
06582 old_rights &= ~rights;
06583 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06584 u_handle,
06585 ttl,
06586 &tid.user,
06587 &desc,
06588 &old_rights);
06589 }
06590 else
06591 return 0;
06592
06593 case T_PROCESS:
06594
06595
06596
06597
06598
06599
06600
06601
06602 if(!tid.process)
06603 {
06604 if(!rsbac_ta_list_get_data_ttl(ta_number, default_p_handle,
06605 &ttl, &desc, &old_rights))
06606 {
06607 old_rights &= ~rights;
06608 return rsbac_ta_list_add_ttl(ta_number, default_p_handle,
06609 ttl, &desc, &old_rights);
06610 }
06611 else
06612 return 0;
06613 }
06614 else
06615 return -RSBAC_EINVALIDTARGET;
06616
06617 #ifdef CONFIG_RSBAC_ACL_UM_PROT
06618 case T_GROUP:
06619
06620
06621
06622
06623
06624
06625
06626
06627 if(tid.group == RSBAC_NO_GROUP)
06628 {
06629 if(!rsbac_ta_list_get_data_ttl(ta_number, default_g_handle,
06630 &ttl, &desc, &old_rights))
06631 {
06632 old_rights &= ~rights;
06633 return rsbac_ta_list_add_ttl(ta_number, default_g_handle,
06634 ttl, &desc, &old_rights);
06635 }
06636 else
06637 return 0;
06638 }
06639 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06640 g_handle,
06641 &ttl,
06642 &tid.group,
06643 &desc,
06644 &old_rights))
06645 {
06646 old_rights &= ~rights;
06647 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06648 g_handle,
06649 ttl,
06650 &tid.group,
06651 &desc,
06652 &old_rights);
06653 }
06654 else
06655 return 0;
06656 #endif
06657
06658 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
06659 case T_NETDEV:
06660
06661
06662
06663
06664
06665
06666
06667
06668 if(!tid.netdev[0])
06669 {
06670 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netdev_handle,
06671 &ttl, &desc, &old_rights))
06672 {
06673 old_rights &= ~rights;
06674 return rsbac_ta_list_add_ttl(ta_number, default_netdev_handle,
06675 ttl, &desc, &old_rights);
06676 }
06677 else
06678 return 0;
06679 }
06680 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06681 netdev_handle,
06682 &ttl,
06683 &tid.netdev,
06684 &desc,
06685 &old_rights))
06686 {
06687 old_rights &= ~rights;
06688 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06689 netdev_handle,
06690 ttl,
06691 &tid.netdev,
06692 &desc,
06693 &old_rights);
06694 }
06695 else
06696 return 0;
06697 #endif
06698
06699 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
06700 case T_NETTEMP_NT:
06701
06702
06703
06704
06705
06706
06707
06708
06709 if(!tid.nettemp)
06710 {
06711 if(!rsbac_ta_list_get_data_ttl(ta_number, default_nettemp_nt_handle,
06712 &ttl, &desc, &old_rights))
06713 {
06714 old_rights &= ~rights;
06715 return rsbac_ta_list_add_ttl(ta_number, default_nettemp_nt_handle,
06716 ttl, &desc, &old_rights);
06717 }
06718 else
06719 return 0;
06720 }
06721 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
06722 return -RSBAC_EINVALIDTARGET;
06723 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06724 nettemp_nt_handle,
06725 &ttl,
06726 &tid.nettemp,
06727 &desc,
06728 &old_rights))
06729 {
06730 old_rights &= ~rights;
06731 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06732 nettemp_nt_handle,
06733 ttl,
06734 &tid.nettemp,
06735 &desc,
06736 &old_rights);
06737 }
06738 else
06739 return 0;
06740 case T_NETTEMP:
06741
06742
06743
06744
06745
06746
06747
06748
06749 if(!tid.nettemp)
06750 {
06751 return -RSBAC_EINVALIDTARGET;
06752 }
06753 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
06754 return -RSBAC_EINVALIDTARGET;
06755 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06756 nettemp_handle,
06757 &ttl,
06758 &tid.nettemp,
06759 &desc,
06760 &old_rights))
06761 {
06762 old_rights &= ~rights;
06763 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06764 nettemp_handle,
06765 ttl,
06766 &tid.nettemp,
06767 &desc,
06768 &old_rights);
06769 }
06770 else
06771 return 0;
06772 case T_NETOBJ:
06773
06774
06775
06776
06777
06778
06779
06780
06781 if(!tid.netobj.sock_p)
06782 {
06783 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle,
06784 &ttl, &desc, &old_rights))
06785 {
06786 old_rights &= ~rights;
06787 return rsbac_ta_list_add_ttl(ta_number, default_netobj_handle,
06788 ttl, &desc, &old_rights);
06789 }
06790 else
06791 return 0;
06792 }
06793 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
06794 netobj_handle,
06795 &ttl,
06796 &tid.netobj.sock_p,
06797 &desc,
06798 &old_rights))
06799 {
06800 old_rights &= ~rights;
06801 return rsbac_ta_list_lol_subadd_ttl(ta_number,
06802 netobj_handle,
06803 ttl,
06804 &tid.netobj.sock_p,
06805 &desc,
06806 &old_rights);
06807 }
06808 else
06809 return 0;
06810 #endif
06811
06812 default:
06813 return -RSBAC_EINVALIDTARGET;
06814 }
06815 }
06816
06817
06818
06819
06820
06821
06822 int rsbac_acl_set_mask(
06823 rsbac_list_ta_number_t ta_number,
06824 enum rsbac_target_t target,
06825 union rsbac_target_id_t tid,
06826 rsbac_acl_rights_vector_t mask)
06827 {
06828 int err = 0;
06829 int list_no;
06830 struct rsbac_acl_device_list_item_t * device_p;
06831 u_long dflags;
06832
06833 if (!rsbac_is_initialized())
06834 {
06835 rsbac_printk(KERN_WARNING "rsbac_acl_set_mask(): RSBAC not initialized\n");
06836 return(-RSBAC_ENOTINITIALIZED);
06837 }
06838 if (target >= T_NONE)
06839 return(-RSBAC_EINVALIDTARGET);
06840 #ifdef CONFIG_RSBAC_DEBUG
06841 if (in_interrupt())
06842 {
06843 rsbac_printk(KERN_WARNING "rsbac_acl_set_mask(): called from interrupt!\n");
06844 }
06845 #endif
06846 switch (target)
06847 {
06848 case T_FILE:
06849 case T_DIR:
06850 case T_FIFO:
06851 case T_SYMLINK:
06852
06853 if(RSBAC_IS_ZERO_DEV_DESC(tid.dev))
06854 {
06855 return -RSBAC_EINVALIDTARGET;
06856 }
06857 #ifdef CONFIG_RSBAC_DEBUG
06858 if (rsbac_debug_ds_acl)
06859 {
06860 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting file/dir/fifo/symlink inheritance mask for device %02u:%02u, inode %u\n",
06861 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
06862 }
06863 #endif
06864
06865 rsbac_read_lock(&device_list_head.lock, &dflags);
06866
06867
06868 device_p = acl_lookup_device(tid.file.device);
06869 if (!device_p)
06870 {
06871
06872 rsbac_read_unlock(&device_list_head.lock, &dflags);
06873 rsbac_get_super_block(tid.file.device);
06874
06875 rsbac_read_lock(&device_list_head.lock, &dflags);
06876 device_p = acl_lookup_device(tid.file.device);
06877 if(!device_p)
06878 {
06879 rsbac_printk(KERN_WARNING
06880 "rsbac_acl_set_mask(): Could not lookup device!\n");
06881
06882 rsbac_read_unlock(&device_list_head.lock, &dflags);
06883 return(-RSBAC_EINVALIDDEV);
06884 }
06885 }
06886 list_no = fd_hash(tid.file.inode);
06887 err = rsbac_ta_list_lol_add_ttl(ta_number, device_p->handles[list_no],
06888 0, &tid.file.inode, &mask);
06889 rsbac_read_unlock(&device_list_head.lock, &dflags);
06890
06891 return err;
06892
06893 case T_DEV:
06894
06895 if(tid.dev.type == D_none)
06896 {
06897 return -RSBAC_EINVALIDTARGET;
06898 }
06899 #ifdef CONFIG_RSBAC_DEBUG
06900 if (rsbac_debug_ds_acl)
06901 {
06902 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting device inheritance mask for dev %c %02u:%02u\n",
06903 'B'+tid.dev.type,
06904 tid.dev.major,
06905 tid.dev.minor);
06906 }
06907 #endif
06908 switch(tid.dev.type)
06909 {
06910 case D_char:
06911 case D_block:
06912 return rsbac_ta_list_lol_add_ttl(ta_number, dev_handle, 0, &tid.dev, &mask);
06913
06914 case D_char_major:
06915 case D_block_major:
06916 tid.dev.type -= (D_block_major - D_block);
06917 return rsbac_ta_list_lol_add_ttl(ta_number, dev_major_handle, 0, &tid.dev, &mask);
06918
06919 default:
06920 return -RSBAC_EINVALIDTARGET;
06921 }
06922
06923 case T_SCD:
06924
06925 if(tid.scd == AST_none)
06926 {
06927 return -RSBAC_EINVALIDTARGET;
06928 }
06929 #ifdef CONFIG_RSBAC_DEBUG
06930 if (rsbac_debug_ds_acl)
06931 {
06932 char tmp[80];
06933
06934 get_acl_scd_type_name(tmp, tid.scd);
06935 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting SCD inheritance mask for %s\n",
06936 tmp);
06937 }
06938 #endif
06939 return rsbac_ta_list_lol_add_ttl(ta_number, scd_handle, 0, &tid.scd, &mask);
06940
06941 case T_USER:
06942
06943 if(tid.user == RSBAC_NO_USER)
06944 {
06945 return -RSBAC_EINVALIDTARGET;
06946 }
06947 #ifdef CONFIG_RSBAC_DEBUG
06948 if (rsbac_debug_ds_acl)
06949 {
06950 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting user inheritance mask for user %u\n",
06951 tid.user);
06952 }
06953 #endif
06954 return rsbac_ta_list_lol_add_ttl(ta_number, u_handle, 0, &tid.user, &mask);
06955
06956 #ifdef CONFIG_RSBAC_ACL_UM_PROT
06957 case T_GROUP:
06958
06959 if(tid.group == RSBAC_NO_GROUP)
06960 {
06961 return -RSBAC_EINVALIDTARGET;
06962 }
06963 #ifdef CONFIG_RSBAC_DEBUG
06964 if (rsbac_debug_ds_acl)
06965 {
06966 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting Linux group inheritance mask for group %u\n",
06967 tid.group);
06968 }
06969 #endif
06970 return rsbac_ta_list_lol_add_ttl(ta_number, g_handle, 0, &tid.group, &mask);
06971 #endif
06972
06973 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
06974 case T_NETDEV:
06975
06976 if(!tid.netdev[0])
06977 {
06978 return -RSBAC_EINVALIDTARGET;
06979 }
06980 #ifdef CONFIG_RSBAC_DEBUG
06981 if (rsbac_debug_ds_acl)
06982 {
06983 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network device inheritance mask for netdev %s\n",
06984 tid.netdev);
06985 }
06986 #endif
06987 return rsbac_ta_list_lol_add_ttl(ta_number, netdev_handle, 0, &tid.netdev, &mask);
06988 #endif
06989
06990 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
06991 case T_NETTEMP_NT:
06992
06993 if(!tid.nettemp)
06994 {
06995 return -RSBAC_EINVALIDTARGET;
06996 }
06997 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
06998 return -RSBAC_EINVALIDTARGET;
06999 #ifdef CONFIG_RSBAC_DEBUG
07000 if (rsbac_debug_ds_acl)
07001 {
07002 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network template NT inheritance mask for nettemp %u\n",
07003 tid.nettemp);
07004 }
07005 #endif
07006 return rsbac_ta_list_lol_add_ttl(ta_number, nettemp_nt_handle, 0, &tid.nettemp, &mask);
07007
07008 case T_NETTEMP:
07009
07010 if(!tid.nettemp)
07011 {
07012 return -RSBAC_EINVALIDTARGET;
07013 }
07014 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
07015 return -RSBAC_EINVALIDTARGET;
07016 #ifdef CONFIG_RSBAC_DEBUG
07017 if (rsbac_debug_ds_acl)
07018 {
07019 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network template inheritance mask for nettemp %u\n",
07020 tid.nettemp);
07021 }
07022 #endif
07023 return rsbac_ta_list_lol_add_ttl(ta_number, nettemp_handle, 0, &tid.nettemp, &mask);
07024
07025 case T_NETOBJ:
07026
07027 if(!tid.netobj.sock_p)
07028 {
07029 return -RSBAC_EINVALIDTARGET;
07030 }
07031 #ifdef CONFIG_RSBAC_DEBUG
07032 if (rsbac_debug_ds_acl)
07033 {
07034 rsbac_printk(KERN_DEBUG "rsbac_acl_set_mask(): Setting network object inheritance mask for netobj %p\n",
07035 tid.netobj.sock_p);
07036 }
07037 #endif
07038 return rsbac_ta_list_lol_add_ttl(ta_number, netobj_handle, 0, &tid.netobj.sock_p, &mask);
07039 #endif
07040
07041 default:
07042 err = -RSBAC_EINVALIDTARGET;
07043 }
07044 return(err);
07045 }
07046
07047
07048
07049
07050
07051
07052 int rsbac_acl_get_mask(
07053 rsbac_list_ta_number_t ta_number,
07054 enum rsbac_target_t target,
07055 union rsbac_target_id_t tid,
07056 rsbac_acl_rights_vector_t * mask_p)
07057 {
07058 int err = 0;
07059 int list_no;
07060 struct rsbac_acl_device_list_item_t * device_p;
07061 u_long dflags;
07062
07063 if (!rsbac_is_initialized())
07064 {
07065 rsbac_printk(KERN_WARNING "rsbac_acl_get_mask(): RSBAC not initialized\n");
07066 return(-RSBAC_ENOTINITIALIZED);
07067 }
07068 if (target >= T_NONE)
07069 return(-RSBAC_EINVALIDTARGET);
07070 #ifdef CONFIG_RSBAC_DEBUG
07071 if (in_interrupt())
07072 {
07073 rsbac_printk(KERN_WARNING "rsbac_acl_get_mask(): called from interrupt!\n");
07074 }
07075 #endif
07076 switch (target)
07077 {
07078 case T_FILE:
07079 case T_DIR:
07080 case T_FIFO:
07081 case T_SYMLINK:
07082
07083 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
07084 {
07085 return -RSBAC_EINVALIDTARGET;
07086 }
07087
07088
07089
07090
07091
07092
07093
07094
07095 rsbac_read_lock(&device_list_head.lock, &dflags);
07096
07097
07098 device_p = acl_lookup_device(tid.file.device);
07099 if (!device_p)
07100 {
07101
07102 rsbac_read_unlock(&device_list_head.lock, &dflags);
07103 rsbac_get_super_block(tid.file.device);
07104
07105 rsbac_read_lock(&device_list_head.lock, &dflags);
07106 device_p = acl_lookup_device(tid.file.device);
07107 if(!device_p)
07108 {
07109 rsbac_printk(KERN_WARNING
07110 "rsbac_acl_get_mask(): Could not lookup device!\n");
07111
07112 rsbac_read_unlock(&device_list_head.lock, &dflags);
07113 return(-RSBAC_EINVALIDDEV);
07114 }
07115 }
07116 list_no = fd_hash(tid.file.inode);
07117 err = rsbac_ta_list_lol_get_data_ttl(ta_number, device_p->handles[list_no],
07118 NULL, &tid.file.inode, mask_p);
07119
07120 rsbac_read_unlock(&device_list_head.lock, &dflags);
07121 if(err == -RSBAC_ENOTFOUND)
07122 {
07123 *mask_p = RSBAC_ACL_DEFAULT_FD_MASK;
07124 err = 0;
07125 }
07126
07127 return err;
07128
07129 case T_DEV:
07130
07131 if(tid.dev.type == D_none)
07132 {
07133 return -RSBAC_EINVALIDTARGET;
07134 }
07135
07136
07137
07138
07139
07140
07141
07142
07143
07144 switch(tid.dev.type)
07145 {
07146 case D_char:
07147 case D_block:
07148 err = rsbac_ta_list_lol_get_data_ttl(ta_number, dev_handle,
07149 NULL, &tid.dev, mask_p);
07150 break;
07151
07152 case D_char_major:
07153 case D_block_major:
07154 tid.dev.type -= (D_block_major - D_block);
07155 err = rsbac_ta_list_lol_get_data_ttl(ta_number, dev_major_handle,
07156 NULL, &tid.dev, mask_p);
07157 break;
07158
07159 default:
07160 return -RSBAC_EINVALIDTARGET;
07161 }
07162 if(err == -RSBAC_ENOTFOUND)
07163 {
07164 *mask_p = RSBAC_ACL_DEFAULT_DEV_MASK;
07165 err = 0;
07166 }
07167
07168 return err;
07169
07170 case T_SCD:
07171
07172 if(tid.scd == AST_none)
07173 {
07174 return -RSBAC_EINVALIDTARGET;
07175 }
07176 err = rsbac_ta_list_lol_get_data_ttl(ta_number, scd_handle, NULL,
07177 &tid.scd, mask_p);
07178 if(err == -RSBAC_ENOTFOUND)
07179 {
07180 *mask_p = RSBAC_ACL_DEFAULT_SCD_MASK;
07181 err = 0;
07182 }
07183
07184 return err;
07185
07186 case T_USER:
07187
07188 if(tid.user == RSBAC_NO_USER)
07189 {
07190 return -RSBAC_EINVALIDTARGET;
07191 }
07192 err = rsbac_ta_list_lol_get_data_ttl(ta_number, u_handle, NULL,
07193 &tid.user, mask_p);
07194 if(err == -RSBAC_ENOTFOUND)
07195 {
07196 *mask_p = RSBAC_ACL_DEFAULT_U_MASK;
07197 err = 0;
07198 }
07199
07200 return err;
07201
07202 #ifdef CONFIG_RSBAC_ACL_UM_PROT
07203 case T_GROUP:
07204
07205 if(tid.group == RSBAC_NO_GROUP)
07206 {
07207 return -RSBAC_EINVALIDTARGET;
07208 }
07209 err = rsbac_ta_list_lol_get_data_ttl(ta_number, g_handle, NULL,
07210 &tid.group, mask_p);
07211 if(err == -RSBAC_ENOTFOUND)
07212 {
07213 *mask_p = RSBAC_ACL_DEFAULT_G_MASK;
07214 err = 0;
07215 }
07216
07217 return err;
07218 #endif
07219
07220 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
07221 case T_NETDEV:
07222
07223 if(!tid.netdev[0])
07224 {
07225 return -RSBAC_EINVALIDTARGET;
07226 }
07227
07228
07229
07230
07231
07232
07233
07234
07235 err = rsbac_ta_list_lol_get_data_ttl(ta_number, netdev_handle,
07236 NULL, &tid.netdev, mask_p);
07237 if(err == -RSBAC_ENOTFOUND)
07238 {
07239 *mask_p = RSBAC_ACL_DEFAULT_NETDEV_MASK;
07240 err = 0;
07241 }
07242
07243 return err;
07244 #endif
07245
07246 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
07247 case T_NETTEMP_NT:
07248
07249 if(!tid.nettemp)
07250 {
07251 return -RSBAC_EINVALIDTARGET;
07252 }
07253 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
07254 return -RSBAC_EINVALIDTARGET;
07255
07256
07257
07258
07259
07260
07261
07262
07263 err = rsbac_ta_list_lol_get_data_ttl(ta_number, nettemp_nt_handle,
07264 NULL, &tid.nettemp, mask_p);
07265 if(err == -RSBAC_ENOTFOUND)
07266 {
07267 *mask_p = RSBAC_ACL_DEFAULT_NETTEMP_MASK;
07268 err = 0;
07269 }
07270
07271 return err;
07272 case T_NETTEMP:
07273
07274 if(!tid.nettemp)
07275 {
07276 return -RSBAC_EINVALIDTARGET;
07277 }
07278 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
07279 return -RSBAC_EINVALIDTARGET;
07280
07281
07282
07283
07284
07285
07286
07287
07288 err = rsbac_ta_list_lol_get_data_ttl(ta_number, nettemp_handle,
07289 NULL, &tid.nettemp, mask_p);
07290 if(err == -RSBAC_ENOTFOUND)
07291 {
07292 *mask_p = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
07293 err = 0;
07294 }
07295
07296 return err;
07297 case T_NETOBJ:
07298
07299 if(!tid.netobj.sock_p)
07300 {
07301 return -RSBAC_EINVALIDTARGET;
07302 }
07303
07304
07305
07306
07307
07308
07309
07310
07311 err = rsbac_ta_list_lol_get_data_ttl(ta_number, netobj_handle,
07312 NULL, &tid.netobj.sock_p, mask_p);
07313 if(err == -RSBAC_ENOTFOUND)
07314 {
07315 *mask_p = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
07316 err = 0;
07317 }
07318
07319 return err;
07320 #endif
07321
07322 default:
07323 err = -RSBAC_EINVALIDTARGET;
07324 }
07325 return(err);
07326 }
07327
07328
07329
07330
07331
07332
07333
07334
07335 int rsbac_acl_get_rights(
07336 rsbac_list_ta_number_t ta_number,
07337 enum rsbac_target_t target,
07338 union rsbac_target_id_t tid,
07339 enum rsbac_acl_subject_type_t subj_type,
07340 rsbac_acl_subject_id_t subj_id,
07341 rsbac_acl_rights_vector_t * rights_p,
07342 rsbac_boolean_t inherit)
07343 {
07344 int err = 0;
07345 int list_no;
07346 struct rsbac_acl_device_list_item_t * device_p;
07347 u_long dflags;
07348 struct rsbac_acl_entry_desc_t desc;
07349 rsbac_acl_rights_vector_t i_rights = 0;
07350 rsbac_acl_rights_vector_t mask = -1;
07351
07352 if (!rsbac_is_initialized())
07353 {
07354 rsbac_printk(KERN_WARNING "rsbac_acl_get_rights(): RSBAC not initialized\n");
07355 return(-RSBAC_ENOTINITIALIZED);
07356 }
07357 if (!rights_p)
07358 return(-RSBAC_EINVALIDPOINTER);
07359 if (subj_type >= ACLS_NONE)
07360 return(-RSBAC_EINVALIDVALUE);
07361 #ifdef CONFIG_RSBAC_DEBUG
07362 if (in_interrupt())
07363 {
07364 rsbac_printk(KERN_WARNING "rsbac_acl_get_rights(): called from interrupt!\n");
07365 }
07366 #endif
07367 desc.subj_type = subj_type;
07368 desc.subj_id = subj_id;
07369
07370 switch (target)
07371 {
07372 case T_FILE:
07373 case T_DIR:
07374 case T_FIFO:
07375 case T_SYMLINK:
07376
07377
07378
07379
07380
07381
07382
07383
07384
07385
07386
07387 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
07388 {
07389 if(rsbac_ta_list_get_data_ttl(ta_number, default_fd_handle,
07390 NULL, &desc, rights_p))
07391 {
07392
07393 *rights_p = default_fd_rights;
07394 }
07395 return 0;
07396 }
07397 *rights_p = 0;
07398
07399 rsbac_read_lock(&device_list_head.lock, &dflags);
07400
07401
07402 for (;;)
07403 {
07404
07405 device_p = acl_lookup_device(tid.file.device);
07406 if (!device_p)
07407 {
07408
07409 rsbac_read_unlock(&device_list_head.lock, &dflags);
07410 rsbac_get_super_block(tid.file.device);
07411
07412 rsbac_read_lock(&device_list_head.lock, &dflags);
07413 device_p = acl_lookup_device(tid.file.device);
07414 if(!device_p)
07415 {
07416 rsbac_printk(KERN_WARNING
07417 "rsbac_acl_get_rights(): Could not lookup device %02u:%02u!\n",
07418 RSBAC_MAJOR(tid.file.device),RSBAC_MINOR(tid.file.device));
07419
07420 rsbac_read_unlock(&device_list_head.lock, &dflags);
07421 return(-RSBAC_EINVALIDDEV);
07422 }
07423 }
07424 list_no = fd_hash(tid.file.inode);
07425 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07426 device_p->handles[list_no],
07427 NULL,
07428 &tid.file.inode,
07429 &desc,
07430 &i_rights))
07431 {
07432 *rights_p |= (i_rights & mask);
07433
07434 break;
07435 }
07436 else
07437 if(inherit)
07438 {
07439 enum rsbac_target_t parent_target;
07440 union rsbac_target_id_t parent_tid;
07441 rsbac_acl_rights_vector_t i_mask;
07442
07443
07444 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
07445 device_p->handles[list_no],
07446 NULL,
07447 &tid.file.inode,
07448 &i_mask))
07449 {
07450
07451 i_mask = RSBAC_ACL_DEFAULT_FD_MASK;
07452 }
07453
07454 mask &= i_mask;
07455
07456
07457 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid))
07458 {
07459 target = parent_target;
07460 tid = parent_tid;
07461
07462 continue;
07463 }
07464 else
07465 {
07466
07467 if(!rsbac_ta_list_get_data_ttl(ta_number,
07468 default_fd_handle,
07469 NULL,
07470 &desc,
07471 &i_rights))
07472 {
07473
07474 *rights_p |= (i_rights & mask);
07475 }
07476 else
07477 {
07478
07479 *rights_p |= (default_fd_rights & mask);
07480 }
07481 }
07482
07483 break;
07484 }
07485 else
07486 {
07487
07488 *rights_p |= default_fd_rights;
07489
07490 break;
07491 }
07492 }
07493
07494 rsbac_read_unlock(&device_list_head.lock, &dflags);
07495 return err;
07496
07497 case T_DEV:
07498
07499
07500
07501
07502
07503
07504
07505
07506
07507
07508 if(RSBAC_IS_ZERO_DEV_DESC(tid.dev))
07509 {
07510 if(rsbac_ta_list_get_data_ttl(ta_number, default_dev_handle,
07511 NULL, &desc, rights_p))
07512 {
07513
07514 *rights_p = default_dev_rights;
07515 }
07516 return 0;
07517 }
07518 if( (tid.dev.type >= D_char_major)
07519 || (tid.dev.type == D_block_major)
07520 )
07521 {
07522 tid.dev.type -= (D_block_major - D_block);
07523 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07524 dev_major_handle,
07525 NULL,
07526 &tid.dev,
07527 &desc,
07528 &i_rights))
07529 {
07530 *rights_p |= i_rights;
07531 }
07532 else
07533 {
07534 rsbac_acl_rights_vector_t mask2;
07535
07536
07537 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
07538 dev_major_handle,
07539 NULL,
07540 &tid.dev,
07541 &mask2))
07542 {
07543
07544 mask2 = RSBAC_ACL_DEFAULT_DEV_MASK;
07545 }
07546
07547 if(!rsbac_ta_list_get_data_ttl(ta_number, default_dev_handle,
07548 NULL, &desc, rights_p))
07549 {
07550 *rights_p &= mask2;
07551 }
07552 else
07553 {
07554
07555 *rights_p = default_dev_rights & mask2;
07556 }
07557 }
07558 return 0;
07559 }
07560 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07561 dev_handle,
07562 NULL,
07563 &tid.dev,
07564 &desc,
07565 &i_rights))
07566 {
07567 *rights_p |= i_rights;
07568 }
07569 else
07570 {
07571 rsbac_acl_rights_vector_t mask;
07572
07573
07574 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
07575 dev_handle,
07576 NULL,
07577 &tid.dev,
07578 &mask))
07579 {
07580
07581 mask = RSBAC_ACL_DEFAULT_DEV_MASK;
07582 }
07583 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07584 dev_major_handle,
07585 NULL,
07586 &tid.dev,
07587 &desc,
07588 &i_rights))
07589 {
07590 i_rights &= mask;
07591 *rights_p |= i_rights;
07592 }
07593 else
07594 {
07595 rsbac_acl_rights_vector_t mask2;
07596
07597
07598 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
07599 dev_major_handle,
07600 NULL,
07601 &tid.dev,
07602 &mask2))
07603 {
07604
07605 mask2 = RSBAC_ACL_DEFAULT_DEV_MASK;
07606 }
07607
07608 if(!rsbac_ta_list_get_data_ttl(ta_number, default_dev_handle,
07609 NULL, &desc, rights_p))
07610 {
07611 *rights_p &= mask;
07612 *rights_p &= mask2;
07613 }
07614 else
07615 {
07616
07617 *rights_p = default_dev_rights & mask & mask2;
07618 }
07619 }
07620 }
07621 return 0;
07622
07623 case T_IPC:
07624
07625
07626
07627
07628
07629
07630
07631
07632 if(rsbac_ta_list_get_data_ttl(ta_number, default_ipc_handle,
07633 NULL, &desc, rights_p))
07634 {
07635
07636 *rights_p = default_ipc_rights;
07637 }
07638 return 0;
07639
07640 case T_SCD:
07641
07642 if( (tid.scd == AST_none)
07643 || (tid.scd == ST_none)
07644 )
07645 {
07646 if(rsbac_ta_list_get_data_ttl(ta_number, default_scd_handle,
07647 NULL, &desc, rights_p))
07648 {
07649
07650 *rights_p = default_scd_rights;
07651 }
07652 return 0;
07653 }
07654 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07655 scd_handle,
07656 NULL,
07657 &tid.scd,
07658 &desc,
07659 &i_rights))
07660 {
07661 *rights_p |= i_rights;
07662 }
07663 else
07664 {
07665 rsbac_acl_rights_vector_t mask;
07666
07667
07668 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
07669 scd_handle,
07670 NULL,
07671 &tid.scd,
07672 &mask))
07673 {
07674
07675 mask = RSBAC_ACL_DEFAULT_SCD_MASK;
07676 }
07677
07678 if(!rsbac_ta_list_get_data_ttl(ta_number, default_scd_handle,
07679 NULL, &desc, rights_p))
07680 {
07681 *rights_p &= mask;
07682 }
07683 else
07684 {
07685
07686 *rights_p = default_scd_rights & mask;
07687 }
07688 }
07689 return 0;
07690
07691 case T_USER:
07692
07693 if(tid.user == RSBAC_NO_USER)
07694 {
07695 if(rsbac_ta_list_get_data_ttl(ta_number, default_u_handle,
07696 NULL, &desc, rights_p))
07697 {
07698
07699 *rights_p = default_u_rights;
07700 }
07701 return 0;
07702 }
07703 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07704 u_handle,
07705 NULL,
07706 &tid.user,
07707 &desc,
07708 &i_rights))
07709 {
07710 *rights_p |= i_rights;
07711 }
07712 else
07713 {
07714 rsbac_acl_rights_vector_t mask;
07715
07716
07717 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
07718 u_handle,
07719 NULL,
07720 &tid.user,
07721 &mask))
07722 {
07723
07724 mask = RSBAC_ACL_DEFAULT_U_MASK;
07725 }
07726
07727 if(!rsbac_ta_list_get_data_ttl(ta_number, default_u_handle,
07728 NULL, &desc, rights_p))
07729 {
07730 *rights_p &= mask;
07731 }
07732 else
07733 {
07734
07735 *rights_p = default_u_rights & mask;
07736 }
07737 }
07738 return 0;
07739
07740 case T_PROCESS:
07741
07742
07743
07744
07745
07746
07747
07748
07749 if(rsbac_ta_list_get_data_ttl(ta_number, default_p_handle,
07750 NULL, &desc, rights_p))
07751 {
07752
07753 *rights_p = default_p_rights;
07754 }
07755 return 0;
07756
07757 #ifdef CONFIG_RSBAC_ACL_UM_PROT
07758 case T_GROUP:
07759
07760 if(tid.group == RSBAC_NO_GROUP)
07761 {
07762 if(rsbac_ta_list_get_data_ttl(ta_number, default_g_handle,
07763 NULL, &desc, rights_p))
07764 {
07765
07766 *rights_p = default_g_rights;
07767 }
07768 return 0;
07769 }
07770 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07771 g_handle,
07772 NULL,
07773 &tid.group,
07774 &desc,
07775 &i_rights))
07776 {
07777 *rights_p |= i_rights;
07778 }
07779 else
07780 {
07781 rsbac_acl_rights_vector_t mask;
07782
07783
07784 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
07785 g_handle,
07786 NULL,
07787 &tid.group,
07788 &mask))
07789 {
07790
07791 mask = RSBAC_ACL_DEFAULT_G_MASK;
07792 }
07793
07794 if(!rsbac_ta_list_get_data_ttl(ta_number, default_g_handle,
07795 NULL, &desc, rights_p))
07796 {
07797 *rights_p &= mask;
07798 }
07799 else
07800 {
07801
07802 *rights_p = default_g_rights & mask;
07803 }
07804 }
07805 return 0;
07806 #endif
07807
07808 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
07809 case T_NETDEV:
07810
07811
07812
07813
07814
07815
07816
07817
07818 if(!tid.netdev[0])
07819 {
07820 if(rsbac_ta_list_get_data_ttl(ta_number, default_netdev_handle,
07821 NULL, &desc, rights_p))
07822 {
07823
07824 *rights_p = default_netdev_rights;
07825 }
07826 return 0;
07827 }
07828 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07829 netdev_handle,
07830 NULL,
07831 &tid.netdev,
07832 &desc,
07833 &i_rights))
07834 {
07835 *rights_p |= i_rights;
07836 }
07837 else
07838 {
07839 rsbac_acl_rights_vector_t mask;
07840
07841
07842 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
07843 netdev_handle,
07844 NULL,
07845 &tid.netdev,
07846 &mask))
07847 {
07848
07849 mask = RSBAC_ACL_DEFAULT_NETDEV_MASK;
07850 }
07851
07852 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netdev_handle,
07853 NULL, &desc, rights_p))
07854 {
07855 *rights_p &= mask;
07856 }
07857 else
07858 {
07859
07860 *rights_p = default_netdev_rights & mask;
07861 }
07862 }
07863 return 0;
07864 #endif
07865
07866 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
07867
07868 case T_NETTEMP_NT:
07869
07870
07871
07872
07873
07874
07875
07876
07877 if(!tid.nettemp)
07878 {
07879 if(rsbac_ta_list_get_data_ttl(ta_number, default_nettemp_nt_handle,
07880 NULL, &desc, rights_p))
07881 {
07882
07883 *rights_p = default_nettemp_nt_rights;
07884 }
07885 return 0;
07886 }
07887 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
07888 return -RSBAC_EINVALIDTARGET;
07889 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07890 nettemp_nt_handle,
07891 NULL,
07892 &tid.nettemp,
07893 &desc,
07894 &i_rights))
07895 {
07896 *rights_p |= i_rights;
07897 }
07898 else
07899 {
07900 rsbac_acl_rights_vector_t mask;
07901
07902
07903 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
07904 nettemp_nt_handle,
07905 NULL,
07906 &tid.nettemp,
07907 &mask))
07908 {
07909
07910 mask = RSBAC_ACL_DEFAULT_NETTEMP_MASK;
07911 }
07912
07913 if(!rsbac_ta_list_get_data_ttl(ta_number, default_nettemp_nt_handle,
07914 NULL, &desc, rights_p))
07915 {
07916 *rights_p &= mask;
07917 }
07918 else
07919 {
07920
07921 *rights_p = default_nettemp_nt_rights & mask;
07922 }
07923 }
07924 return 0;
07925
07926
07927 case T_NETTEMP:
07928
07929
07930
07931
07932
07933
07934
07935
07936 if(!tid.nettemp)
07937 {
07938 if(rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle,
07939 NULL, &desc, rights_p))
07940 {
07941
07942 *rights_p = default_netobj_rights;
07943 }
07944 return 0;
07945 }
07946 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
07947 return -RSBAC_EINVALIDTARGET;
07948 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
07949 nettemp_handle,
07950 NULL,
07951 &tid.nettemp,
07952 &desc,
07953 &i_rights))
07954 {
07955 *rights_p |= i_rights;
07956 }
07957 else
07958 {
07959 rsbac_acl_rights_vector_t mask;
07960
07961
07962 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
07963 nettemp_handle,
07964 NULL,
07965 &tid.nettemp,
07966 &mask))
07967 {
07968
07969 mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
07970 }
07971
07972 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle,
07973 NULL, &desc, rights_p))
07974 {
07975 *rights_p &= mask;
07976 }
07977 else
07978 {
07979
07980 *rights_p = default_netobj_rights & mask;
07981 }
07982 }
07983 return 0;
07984
07985 case T_NETOBJ:
07986
07987
07988
07989
07990
07991
07992
07993
07994 if(!tid.nettemp)
07995 {
07996 if(rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle,
07997 NULL, &desc, rights_p))
07998 {
07999
08000 *rights_p = default_netobj_rights;
08001 }
08002 return 0;
08003 }
08004 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08005 netobj_handle,
08006 NULL,
08007 &tid.netobj.sock_p,
08008 &desc,
08009 &i_rights))
08010 {
08011 *rights_p |= i_rights;
08012 }
08013 else
08014 {
08015 rsbac_acl_rights_vector_t mask;
08016 rsbac_net_temp_id_t temp = 0;
08017
08018
08019 if(rsbac_ta_list_lol_get_data_ttl(ta_number,
08020 nettemp_handle,
08021 NULL,
08022 &temp,
08023 &mask))
08024 {
08025
08026 mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
08027 }
08028
08029 rsbac_ta_net_lookup_templates(ta_number,
08030 &tid.netobj,
08031 &temp,
08032 NULL);
08033
08034 if( temp
08035 && !rsbac_ta_list_lol_get_subdata_ttl(ta_number,
08036 nettemp_handle,
08037 NULL,
08038 &temp,
08039 &desc,
08040 &i_rights))
08041 {
08042 *rights_p |= i_rights;
08043 }
08044 else
08045 {
08046
08047 if( temp
08048 && rsbac_ta_list_lol_get_data_ttl(ta_number,
08049 nettemp_handle,
08050 NULL,
08051 &temp,
08052 &mask))
08053 {
08054
08055 mask = RSBAC_ACL_DEFAULT_NETOBJ_MASK;
08056 }
08057
08058 if(!rsbac_ta_list_get_data_ttl(ta_number, default_netobj_handle,
08059 NULL, &desc, rights_p))
08060 {
08061 *rights_p &= mask;
08062 }
08063 else
08064 {
08065
08066 *rights_p = default_netobj_rights & mask;
08067 }
08068 }
08069 }
08070 return 0;
08071 #endif
08072
08073 default:
08074 return -RSBAC_EINVALIDTARGET;
08075 }
08076 }
08077
08078
08079
08080
08081
08082
08083
08084
08085 int rsbac_acl_get_single_right (enum rsbac_target_t target,
08086 union rsbac_target_id_t tid,
08087 enum rsbac_acl_subject_type_t subj_type,
08088 rsbac_acl_subject_id_t subj_id,
08089 enum rsbac_adf_request_t right,
08090 rsbac_boolean_t * result)
08091 {
08092 int list_no;
08093 struct rsbac_acl_device_list_item_t * device_p;
08094 u_long dflags;
08095 rsbac_acl_rights_vector_t i_rvec;
08096 rsbac_acl_rights_vector_t i_rights;
08097 struct rsbac_acl_entry_desc_t desc;
08098
08099 if (!rsbac_is_initialized())
08100 {
08101 rsbac_printk(KERN_WARNING "rsbac_acl_get_single_right(): RSBAC not initialized\n");
08102 return(-RSBAC_ENOTINITIALIZED);
08103 }
08104 if (!result)
08105 return(-RSBAC_EINVALIDPOINTER);
08106 if ( (subj_type >= ACLS_NONE)
08107 || (right >= ACLR_NONE)
08108 )
08109 return(-RSBAC_EINVALIDVALUE);
08110 #ifdef CONFIG_RSBAC_DEBUG
08111 if (in_interrupt())
08112 {
08113 rsbac_printk(KERN_WARNING "rsbac_acl_get_single_right(): called from interrupt!\n");
08114 }
08115 #endif
08116 i_rvec = (rsbac_acl_rights_vector_t) 1 << right;
08117
08118 desc.subj_type = subj_type;
08119 desc.subj_id = subj_id;
08120
08121 switch (target)
08122 {
08123 case T_FILE:
08124 case T_DIR:
08125 case T_FIFO:
08126 case T_SYMLINK:
08127
08128
08129
08130
08131
08132
08133
08134
08135 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
08136 {
08137 if(!rsbac_ta_list_get_data_ttl(0, default_fd_handle,
08138 NULL, &desc, &i_rights))
08139 {
08140 if(i_rights & i_rvec)
08141 *result = TRUE;
08142 else
08143 *result = FALSE;
08144 }
08145 else
08146 {
08147 if(default_fd_rights & i_rvec)
08148 *result = TRUE;
08149 else
08150 *result = FALSE;
08151 }
08152 return 0;
08153 }
08154
08155 rsbac_read_lock(&device_list_head.lock, &dflags);
08156
08157
08158 for (;;)
08159 {
08160
08161 device_p = acl_lookup_device(tid.file.device);
08162 if (!device_p)
08163 {
08164
08165 rsbac_read_unlock(&device_list_head.lock, &dflags);
08166 rsbac_get_super_block(tid.file.device);
08167
08168 rsbac_read_lock(&device_list_head.lock, &dflags);
08169 device_p = acl_lookup_device(tid.file.device);
08170 if(!device_p)
08171 {
08172 rsbac_printk(KERN_WARNING
08173 "rsbac_acl_get_single_right(): Could not lookup device, blindly granting access!\n");
08174
08175 rsbac_read_unlock(&device_list_head.lock, &dflags);
08176 *result = TRUE;
08177 return 0;
08178 }
08179 }
08180 list_no = fd_hash(tid.file.inode);
08181 if( !rsbac_ta_list_lol_get_subdata_ttl(0,
08182 device_p->handles[list_no],
08183 NULL,
08184 &tid.file.inode,
08185 &desc,
08186 &i_rights)
08187 )
08188 {
08189 if(i_rights & i_rvec)
08190 *result = TRUE;
08191 else
08192 *result = FALSE;
08193 rsbac_read_unlock(&device_list_head.lock, &dflags);
08194 return 0;
08195 }
08196
08197 {
08198 enum rsbac_target_t parent_target;
08199 union rsbac_target_id_t parent_tid;
08200
08201 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08202 if(right != ACLR_SUPERVISOR)
08203 #endif
08204 {
08205 rsbac_acl_rights_vector_t mask;
08206
08207
08208 if( !rsbac_ta_list_lol_get_data_ttl(0,
08209 device_p->handles[list_no],
08210 NULL,
08211 &tid.file.inode,
08212 &mask)
08213 && !(mask & i_rvec)
08214 )
08215 {
08216 rsbac_read_unlock(&device_list_head.lock, &dflags);
08217 *result = FALSE;
08218 return 0;
08219 }
08220 }
08221
08222
08223 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid))
08224 {
08225 target = parent_target;
08226 tid = parent_tid;
08227 continue;
08228 }
08229 else
08230 {
08231
08232 if( !rsbac_ta_list_get_data_ttl(0, default_fd_handle,
08233 NULL,
08234 &desc,
08235 &i_rights)
08236 )
08237 {
08238 if(i_rights & i_rvec)
08239 *result = TRUE;
08240 else
08241 *result = FALSE;
08242 }
08243 else
08244 {
08245 if(default_fd_rights & i_rvec)
08246 *result = TRUE;
08247 else
08248 *result = FALSE;
08249 }
08250
08251 rsbac_read_unlock(&device_list_head.lock, &dflags);
08252 return 0;
08253 }
08254 }
08255 }
08256
08257 case T_DEV:
08258
08259
08260
08261
08262
08263
08264
08265
08266
08267 if(RSBAC_IS_ZERO_DEV_DESC(tid.dev))
08268 {
08269 if(!rsbac_ta_list_get_data_ttl(0, default_dev_handle,
08270 NULL, &desc, &i_rights))
08271 {
08272 if(i_rights & i_rvec)
08273 *result = TRUE;
08274 else
08275 *result = FALSE;
08276 }
08277 else
08278 {
08279 if(default_dev_rights & i_rvec)
08280 *result = TRUE;
08281 else
08282 *result = FALSE;
08283 }
08284 return 0;
08285 }
08286
08287 if(tid.dev.type >= D_block_major)
08288 {
08289 tid.dev.type -= (D_block_major - D_block);
08290 if(!rsbac_ta_list_lol_get_subdata_ttl(0, dev_major_handle,
08291 NULL,
08292 &tid.dev,
08293 &desc,
08294 &i_rights)
08295 )
08296 {
08297 if(i_rights & i_rvec)
08298 *result = TRUE;
08299 else
08300 *result = FALSE;
08301 return 0;
08302 }
08303 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08304 if(right != ACLR_SUPERVISOR)
08305 #endif
08306 {
08307 rsbac_acl_rights_vector_t mask;
08308
08309
08310 if( !rsbac_ta_list_lol_get_data_ttl(0, dev_major_handle,
08311 NULL,
08312 &tid.dev,
08313 &mask)
08314 && !(mask & i_rvec)
08315 )
08316 {
08317 *result = FALSE;
08318 return 0;
08319 }
08320 }
08321
08322 if(!rsbac_ta_list_get_data_ttl(0, default_dev_handle,
08323 NULL,
08324 &desc,
08325 &i_rights)
08326 )
08327 {
08328 if(i_rights & i_rvec)
08329 *result = TRUE;
08330 else
08331 *result = FALSE;
08332 }
08333 else
08334 {
08335 if(default_dev_rights & i_rvec)
08336 *result = TRUE;
08337 else
08338 *result = FALSE;
08339 }
08340 return 0;
08341 }
08342 if(!rsbac_ta_list_lol_get_subdata_ttl(0, dev_handle,
08343 NULL,
08344 &tid.dev,
08345 &desc,
08346 &i_rights)
08347 )
08348 {
08349 if(i_rights & i_rvec)
08350 *result = TRUE;
08351 else
08352 *result = FALSE;
08353 return 0;
08354 }
08355 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08356 if(right != ACLR_SUPERVISOR)
08357 #endif
08358 {
08359 rsbac_acl_rights_vector_t mask;
08360
08361
08362 if( !rsbac_ta_list_lol_get_data_ttl(0, dev_handle,
08363 NULL,
08364 &tid.dev,
08365 &mask)
08366 && !(mask & i_rvec)
08367 )
08368 {
08369 *result = FALSE;
08370 return 0;
08371 }
08372 }
08373 if(!rsbac_ta_list_lol_get_subdata_ttl(0, dev_major_handle,
08374 NULL,
08375 &tid.dev,
08376 &desc,
08377 &i_rights)
08378 )
08379 {
08380 if(i_rights & i_rvec)
08381 *result = TRUE;
08382 else
08383 *result = FALSE;
08384 return 0;
08385 }
08386 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08387 if(right != ACLR_SUPERVISOR)
08388 #endif
08389 {
08390 rsbac_acl_rights_vector_t mask;
08391
08392
08393 if( !rsbac_ta_list_lol_get_data_ttl(0, dev_major_handle,
08394 NULL,
08395 &tid.dev,
08396 &mask)
08397 && !(mask & i_rvec)
08398 )
08399 {
08400 *result = FALSE;
08401 return 0;
08402 }
08403 }
08404
08405 if(!rsbac_ta_list_get_data_ttl(0, default_dev_handle,
08406 NULL,
08407 &desc,
08408 &i_rights)
08409 )
08410 {
08411 if(i_rights & i_rvec)
08412 *result = TRUE;
08413 else
08414 *result = FALSE;
08415 }
08416 else
08417 {
08418 if(default_dev_rights & i_rvec)
08419 *result = TRUE;
08420 else
08421 *result = FALSE;
08422 }
08423 return 0;
08424
08425 case T_IPC:
08426
08427
08428
08429
08430
08431
08432
08433
08434 if(!rsbac_ta_list_get_data_ttl(0, default_ipc_handle,
08435 NULL, &desc, &i_rights))
08436 {
08437 if(i_rights & i_rvec)
08438 *result = TRUE;
08439 else
08440 *result = FALSE;
08441 }
08442 else
08443 {
08444 if(default_ipc_rights & i_rvec)
08445 *result = TRUE;
08446 else
08447 *result = FALSE;
08448 }
08449 return 0;
08450
08451 case T_SCD:
08452 if(tid.scd == AST_none)
08453 {
08454 if(!rsbac_ta_list_get_data_ttl(0, default_scd_handle,
08455 NULL, &desc, &i_rights))
08456 {
08457 if(i_rights & i_rvec)
08458 *result = TRUE;
08459 else
08460 *result = FALSE;
08461 }
08462 else
08463 {
08464 if(default_scd_rights & i_rvec)
08465 *result = TRUE;
08466 else
08467 *result = FALSE;
08468 }
08469 return 0;
08470 }
08471
08472 if( !rsbac_ta_list_lol_get_subdata_ttl(0, scd_handle,
08473 NULL,
08474 &tid.scd,
08475 &desc,
08476 &i_rights)
08477 )
08478 {
08479 if(i_rights & i_rvec)
08480 *result = TRUE;
08481 else
08482 *result = FALSE;
08483 return 0;
08484 }
08485 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08486 if(right != ACLR_SUPERVISOR)
08487 #endif
08488 {
08489 rsbac_acl_rights_vector_t mask;
08490
08491
08492 if( !rsbac_ta_list_lol_get_data_ttl(0, scd_handle,
08493 NULL,
08494 &tid.scd,
08495 &mask)
08496 && !(mask & i_rvec)
08497 )
08498 {
08499 *result = FALSE;
08500 return 0;
08501 }
08502 }
08503
08504
08505 if( !rsbac_ta_list_get_data_ttl(0, default_scd_handle,
08506 NULL,
08507 &desc,
08508 &i_rights)
08509 )
08510 {
08511 if(i_rights & i_rvec)
08512 *result = TRUE;
08513 else
08514 *result = FALSE;
08515 }
08516 else
08517 {
08518 if(default_scd_rights & i_rvec)
08519 *result = TRUE;
08520 else
08521 *result = FALSE;
08522 }
08523 return 0;
08524
08525 case T_USER:
08526 if(tid.user == RSBAC_NO_USER)
08527 {
08528 if(!rsbac_ta_list_get_data_ttl(0, default_u_handle,
08529 NULL, &desc, &i_rights))
08530 {
08531 if(i_rights & i_rvec)
08532 *result = TRUE;
08533 else
08534 *result = FALSE;
08535 }
08536 else
08537 {
08538 if(default_u_rights & i_rvec)
08539 *result = TRUE;
08540 else
08541 *result = FALSE;
08542 }
08543 return 0;
08544 }
08545
08546 if( !rsbac_ta_list_lol_get_subdata_ttl(0, u_handle,
08547 NULL,
08548 &tid.user,
08549 &desc,
08550 &i_rights)
08551 )
08552 {
08553 if(i_rights & i_rvec)
08554 *result = TRUE;
08555 else
08556 *result = FALSE;
08557 return 0;
08558 }
08559 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08560 if(right != ACLR_SUPERVISOR)
08561 #endif
08562 {
08563 rsbac_acl_rights_vector_t mask;
08564
08565
08566 if( !rsbac_ta_list_lol_get_data_ttl(0, u_handle,
08567 NULL,
08568 &tid.user,
08569 &mask)
08570 && !(mask & i_rvec)
08571 )
08572 {
08573 *result = FALSE;
08574 return 0;
08575 }
08576 }
08577
08578
08579 if( !rsbac_ta_list_get_data_ttl(0, default_u_handle,
08580 NULL,
08581 &desc,
08582 &i_rights)
08583 )
08584 {
08585 if(i_rights & i_rvec)
08586 *result = TRUE;
08587 else
08588 *result = FALSE;
08589 }
08590 else
08591 {
08592 if(default_u_rights & i_rvec)
08593 *result = TRUE;
08594 else
08595 *result = FALSE;
08596 }
08597 return 0;
08598
08599 case T_PROCESS:
08600
08601 if(!rsbac_ta_list_get_data_ttl(0, default_p_handle,
08602 NULL, &desc, &i_rights))
08603 {
08604 if(i_rights & i_rvec)
08605 *result = TRUE;
08606 else
08607 *result = FALSE;
08608 }
08609 else
08610 {
08611 if(default_p_rights & i_rvec)
08612 *result = TRUE;
08613 else
08614 *result = FALSE;
08615 }
08616 return 0;
08617
08618 #ifdef CONFIG_RSBAC_ACL_UM_PROT
08619 case T_GROUP:
08620 if(tid.group == RSBAC_NO_GROUP)
08621 {
08622 if(!rsbac_ta_list_get_data_ttl(0, default_g_handle,
08623 NULL, &desc, &i_rights))
08624 {
08625 if(i_rights & i_rvec)
08626 *result = TRUE;
08627 else
08628 *result = FALSE;
08629 }
08630 else
08631 {
08632 if(default_g_rights & i_rvec)
08633 *result = TRUE;
08634 else
08635 *result = FALSE;
08636 }
08637 return 0;
08638 }
08639
08640 if( !rsbac_ta_list_lol_get_subdata_ttl(0, g_handle,
08641 NULL,
08642 &tid.group,
08643 &desc,
08644 &i_rights)
08645 )
08646 {
08647 if(i_rights & i_rvec)
08648 *result = TRUE;
08649 else
08650 *result = FALSE;
08651 return 0;
08652 }
08653 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08654 if(right != ACLR_SUPERVISOR)
08655 #endif
08656 {
08657 rsbac_acl_rights_vector_t mask;
08658
08659
08660 if( !rsbac_ta_list_lol_get_data_ttl(0, g_handle,
08661 NULL,
08662 &tid.group,
08663 &mask)
08664 && !(mask & i_rvec)
08665 )
08666 {
08667 *result = FALSE;
08668 return 0;
08669 }
08670 }
08671
08672
08673 if( !rsbac_ta_list_get_data_ttl(0, default_g_handle,
08674 NULL,
08675 &desc,
08676 &i_rights)
08677 )
08678 {
08679 if(i_rights & i_rvec)
08680 *result = TRUE;
08681 else
08682 *result = FALSE;
08683 }
08684 else
08685 {
08686 if(default_g_rights & i_rvec)
08687 *result = TRUE;
08688 else
08689 *result = FALSE;
08690 }
08691 return 0;
08692 #endif
08693
08694 #if defined(CONFIG_RSBAC_ACL_NET_DEV_PROT)
08695 case T_NETDEV:
08696
08697
08698
08699
08700
08701
08702
08703 if(!tid.netdev[0])
08704 {
08705 if(!rsbac_ta_list_get_data_ttl(0, default_netdev_handle,
08706 NULL, &desc, &i_rights))
08707 {
08708 if(i_rights & i_rvec)
08709 *result = TRUE;
08710 else
08711 *result = FALSE;
08712 }
08713 else
08714 {
08715 if(default_netdev_rights & i_rvec)
08716 *result = TRUE;
08717 else
08718 *result = FALSE;
08719 }
08720 return 0;
08721 }
08722
08723 if( !rsbac_ta_list_lol_get_subdata_ttl(0, netdev_handle,
08724 NULL,
08725 &tid.netdev,
08726 &desc,
08727 &i_rights)
08728 )
08729 {
08730 if(i_rights & i_rvec)
08731 *result = TRUE;
08732 else
08733 *result = FALSE;
08734 return 0;
08735 }
08736 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08737 if(right != ACLR_SUPERVISOR)
08738 #endif
08739 {
08740 rsbac_acl_rights_vector_t mask;
08741
08742
08743 if( !rsbac_ta_list_lol_get_data_ttl(0, netdev_handle,
08744 NULL,
08745 &tid.netdev,
08746 &mask)
08747 && !(mask & i_rvec)
08748 )
08749 {
08750 *result = FALSE;
08751 return 0;
08752 }
08753 }
08754
08755
08756 if( !rsbac_ta_list_get_data_ttl(0, default_netdev_handle,
08757 NULL,
08758 &desc,
08759 &i_rights)
08760 )
08761 {
08762 if(i_rights & i_rvec)
08763 *result = TRUE;
08764 else
08765 *result = FALSE;
08766 }
08767 else
08768 {
08769 if(default_netdev_rights & i_rvec)
08770 *result = TRUE;
08771 else
08772 *result = FALSE;
08773 }
08774 return 0;
08775 #endif
08776
08777 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
08778 case T_NETTEMP_NT:
08779 case T_NETTEMP:
08780
08781
08782
08783
08784
08785
08786
08787 if(!tid.nettemp)
08788 {
08789 if(!rsbac_ta_list_get_data_ttl(0, default_nettemp_nt_handle,
08790 NULL, &desc, &i_rights))
08791 {
08792 if(i_rights & i_rvec)
08793 *result = TRUE;
08794 else
08795 *result = FALSE;
08796 }
08797 else
08798 {
08799 if(default_nettemp_nt_rights & i_rvec)
08800 *result = TRUE;
08801 else
08802 *result = FALSE;
08803 }
08804 return 0;
08805 }
08806
08807
08808 if(right != R_CREATE)
08809 {
08810 if(!rsbac_net_template_exist(tid.nettemp))
08811 return FALSE;
08812 if( !rsbac_ta_list_lol_get_subdata_ttl(0, nettemp_nt_handle,
08813 NULL,
08814 &tid.nettemp,
08815 &desc,
08816 &i_rights)
08817 && (i_rights & i_rvec)
08818 )
08819 {
08820 *result = TRUE;
08821 return 0;
08822 }
08823 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08824 if(right != ACLR_SUPERVISOR)
08825 #endif
08826 {
08827 rsbac_acl_rights_vector_t mask;
08828
08829
08830 if( !rsbac_ta_list_lol_get_data_ttl(0, nettemp_nt_handle,
08831 NULL,
08832 &tid.nettemp,
08833 &mask)
08834 && !(mask & i_rvec)
08835 )
08836 {
08837 *result = FALSE;
08838 return 0;
08839 }
08840 }
08841 }
08842
08843
08844 if( !rsbac_ta_list_get_data_ttl(0, default_nettemp_nt_handle,
08845 NULL,
08846 &desc,
08847 &i_rights)
08848 )
08849 {
08850 if(i_rights & i_rvec)
08851 *result = TRUE;
08852 else
08853 *result = FALSE;
08854 }
08855 else
08856 {
08857 if(default_nettemp_nt_rights & i_rvec)
08858 *result = TRUE;
08859 else
08860 *result = FALSE;
08861 }
08862 return 0;
08863
08864 case T_NETOBJ:
08865
08866
08867
08868
08869
08870
08871
08872 if(!tid.netobj.sock_p)
08873 {
08874 if(!rsbac_ta_list_get_data_ttl(0, default_netobj_handle,
08875 NULL, &desc, &i_rights))
08876 {
08877 if(i_rights & i_rvec)
08878 *result = TRUE;
08879 else
08880 *result = FALSE;
08881 }
08882 else
08883 {
08884 if(default_netobj_rights & i_rvec)
08885 *result = TRUE;
08886 else
08887 *result = FALSE;
08888 }
08889 return 0;
08890 }
08891
08892 if( !rsbac_ta_list_lol_get_subdata_ttl(0, netobj_handle,
08893 NULL,
08894 &tid.netobj.sock_p,
08895 &desc,
08896 &i_rights)
08897 )
08898 {
08899 if(i_rights & i_rvec)
08900 *result = TRUE;
08901 else
08902 *result = FALSE;
08903 return 0;
08904 }
08905 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08906 if(right != ACLR_SUPERVISOR)
08907 #endif
08908 {
08909 rsbac_acl_rights_vector_t mask;
08910
08911
08912 if( !rsbac_ta_list_lol_get_data_ttl(0, netobj_handle,
08913 NULL,
08914 &tid.netobj.sock_p,
08915 &mask)
08916 && !(mask & i_rvec)
08917 )
08918 {
08919 *result = FALSE;
08920 return 0;
08921 }
08922 }
08923
08924 {
08925 rsbac_net_temp_id_t temp = 0;
08926
08927 if(rsbac_net_remote_request(right))
08928 rsbac_ta_net_lookup_templates(0,
08929 &tid.netobj,
08930 NULL,
08931 &temp);
08932 else
08933 rsbac_ta_net_lookup_templates(0,
08934 &tid.netobj,
08935 &temp,
08936 NULL);
08937 if( temp
08938 && !rsbac_ta_list_lol_get_subdata_ttl(0, nettemp_handle,
08939 NULL,
08940 &temp,
08941 &desc,
08942 &i_rights)
08943 )
08944 {
08945 if(i_rights & i_rvec)
08946 *result = TRUE;
08947 else
08948 *result = FALSE;
08949 return 0;
08950 }
08951 #ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
08952 if(right != ACLR_SUPERVISOR)
08953 #endif
08954 {
08955 rsbac_acl_rights_vector_t mask;
08956
08957
08958 if( !rsbac_ta_list_lol_get_data_ttl(0, nettemp_handle,
08959 NULL,
08960 &temp,
08961 &mask)
08962 && !(mask & i_rvec)
08963 )
08964 {
08965 *result = FALSE;
08966 return 0;
08967 }
08968 }
08969 }
08970
08971
08972 if( !rsbac_ta_list_get_data_ttl(0, default_netobj_handle,
08973 NULL,
08974 &desc,
08975 &i_rights)
08976 )
08977 {
08978 if(i_rights & i_rvec)
08979 *result = TRUE;
08980 else
08981 *result = FALSE;
08982 }
08983 else
08984 {
08985 if(default_netobj_rights & i_rvec)
08986 *result = TRUE;
08987 else
08988 *result = FALSE;
08989 }
08990 return 0;
08991 #endif
08992
08993 default:
08994 return -RSBAC_EINVALIDTARGET;
08995 }
08996 }
08997
08998
08999
09000
09001
09002
09003 int rsbac_acl_get_tlist(
09004 rsbac_list_ta_number_t ta_number,
09005 enum rsbac_target_t target,
09006 union rsbac_target_id_t tid,
09007 struct rsbac_acl_entry_t ** entry_pp,
09008 rsbac_time_t ** ttl_pp)
09009 {
09010 int count = 0;
09011 int list_no;
09012 struct rsbac_acl_device_list_item_t * device_p;
09013 u_long dflags;
09014
09015 if (!rsbac_is_initialized())
09016 {
09017 rsbac_printk(KERN_WARNING "rsbac_acl_get_tlist(): RSBAC not initialized\n");
09018 return(-RSBAC_ENOTINITIALIZED);
09019 }
09020 if (!entry_pp)
09021 return(-RSBAC_EINVALIDPOINTER);
09022 #ifdef CONFIG_RSBAC_DEBUG
09023 if (in_interrupt())
09024 {
09025 rsbac_printk(KERN_WARNING "rsbac_acl_get_tlist(): called from interrupt!\n");
09026 }
09027 #endif
09028 switch (target)
09029 {
09030 case T_FD:
09031 case T_FILE:
09032 case T_DIR:
09033 case T_FIFO:
09034 case T_SYMLINK:
09035
09036
09037
09038
09039
09040
09041
09042
09043 if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
09044 return rsbac_ta_list_get_all_items_ttl(ta_number,
09045 default_fd_handle,
09046 (void **) entry_pp,
09047 ttl_pp);
09048
09049 rsbac_read_lock(&device_list_head.lock, &dflags);
09050
09051
09052 device_p = acl_lookup_device(tid.file.device);
09053 if (!device_p)
09054 {
09055
09056 rsbac_read_unlock(&device_list_head.lock, &dflags);
09057 rsbac_get_super_block(tid.file.device);
09058
09059 rsbac_read_lock(&device_list_head.lock, &dflags);
09060 device_p = acl_lookup_device(tid.file.device);
09061 if(!device_p)
09062 {
09063 rsbac_printk(KERN_WARNING
09064 "rsbac_acl_get_tlist(): Could not lookup device!\n");
09065
09066 rsbac_read_unlock(&device_list_head.lock, &dflags);
09067 return(-RSBAC_EINVALIDDEV);
09068 }
09069 }
09070
09071 list_no = fd_hash(tid.file.inode);
09072 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09073 device_p->handles[list_no],
09074 &tid.file.inode,
09075 (void **) entry_pp,
09076 ttl_pp);
09077 rsbac_read_unlock(&device_list_head.lock, &dflags);
09078
09079 return count;
09080
09081 case T_DEV:
09082
09083
09084
09085
09086
09087
09088
09089
09090
09091 if(RSBAC_IS_ZERO_DEV_DESC(tid.dev))
09092 return rsbac_ta_list_get_all_items_ttl(ta_number,
09093 default_dev_handle,
09094 (void **) entry_pp,
09095 ttl_pp);
09096 else
09097 switch(tid.dev.type)
09098 {
09099 case D_char:
09100 case D_block:
09101 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09102 dev_handle,
09103 &tid.dev,
09104 (void **) entry_pp,
09105 ttl_pp);
09106
09107 case D_char_major:
09108 case D_block_major:
09109 tid.dev.type -= (D_block_major - D_block);
09110 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09111 dev_major_handle,
09112 &tid.dev,
09113 (void **) entry_pp,
09114 ttl_pp);
09115
09116 default:
09117 return -RSBAC_EINVALIDTARGET;
09118 }
09119
09120 case T_IPC:
09121
09122 return rsbac_ta_list_get_all_items_ttl(ta_number,
09123 default_ipc_handle,
09124 (void **) entry_pp,
09125 ttl_pp);
09126
09127 case T_SCD:
09128 if( (tid.scd == AST_none)
09129 || (tid.scd == ST_none)
09130 )
09131 return rsbac_ta_list_get_all_items_ttl(ta_number,
09132 default_scd_handle,
09133 (void **) entry_pp,
09134 ttl_pp);
09135 else
09136 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09137 scd_handle,
09138 &tid.scd,
09139 (void **) entry_pp,
09140 ttl_pp);
09141
09142 case T_USER:
09143 if(tid.user == RSBAC_NO_USER)
09144 return rsbac_ta_list_get_all_items_ttl(ta_number,
09145 default_u_handle,
09146 (void **) entry_pp,
09147 ttl_pp);
09148 else
09149 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09150 u_handle,
09151 &tid.user,
09152 (void **) entry_pp,
09153 ttl_pp);
09154
09155 case T_PROCESS:
09156 return rsbac_ta_list_get_all_items_ttl(ta_number,
09157 default_p_handle,
09158 (void **) entry_pp,
09159 ttl_pp);
09160
09161 #ifdef CONFIG_RSBAC_ACL_UM_PROT
09162 case T_GROUP:
09163 if(tid.group == RSBAC_NO_GROUP)
09164 return rsbac_ta_list_get_all_items_ttl(ta_number,
09165 default_g_handle,
09166 (void **) entry_pp,
09167 ttl_pp);
09168 else
09169 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09170 g_handle,
09171 &tid.group,
09172 (void **) entry_pp,
09173 ttl_pp);
09174 #endif
09175
09176 #if defined(CONFIG_RSBAC_ACL_NET_DEV_PROT)
09177 case T_NETDEV:
09178
09179
09180
09181
09182
09183
09184
09185 if(!tid.netdev[0])
09186 return rsbac_ta_list_get_all_items_ttl(ta_number,
09187 default_netdev_handle,
09188 (void **) entry_pp,
09189 ttl_pp);
09190 else
09191 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09192 netdev_handle,
09193 &tid.netdev,
09194 (void **) entry_pp,
09195 ttl_pp);
09196 #endif
09197
09198 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
09199 case T_NETTEMP_NT:
09200
09201
09202
09203
09204
09205
09206
09207 if(!tid.nettemp)
09208 return rsbac_ta_list_get_all_items_ttl(ta_number,
09209 default_nettemp_nt_handle,
09210 (void **) entry_pp,
09211 ttl_pp);
09212 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
09213 return -RSBAC_EINVALIDTARGET;
09214 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09215 nettemp_nt_handle,
09216 &tid.nettemp,
09217 (void **) entry_pp,
09218 ttl_pp);
09219
09220 case T_NETTEMP:
09221
09222
09223
09224
09225
09226
09227
09228 if(!tid.nettemp)
09229 return -RSBAC_EINVALIDTARGET;
09230 if(!rsbac_ta_net_template_exist(ta_number, tid.nettemp))
09231 return -RSBAC_EINVALIDTARGET;
09232 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09233 nettemp_handle,
09234 &tid.nettemp,
09235 (void **) entry_pp,
09236 ttl_pp);
09237
09238 case T_NETOBJ:
09239
09240
09241
09242
09243
09244
09245
09246 if(!tid.nettemp)
09247 return rsbac_ta_list_get_all_items_ttl(ta_number,
09248 default_netobj_handle,
09249 (void **) entry_pp,
09250 ttl_pp);
09251 else
09252 return rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
09253 netobj_handle,
09254 &tid.netobj.sock_p,
09255 (void **) entry_pp,
09256 ttl_pp);
09257 #endif
09258
09259 default:
09260 return -RSBAC_EINVALIDTARGET;
09261 }
09262 }
09263
09264
09265 int rsbac_acl_remove_subject(
09266 rsbac_list_ta_number_t ta_number,
09267 struct rsbac_acl_entry_desc_t desc)
09268 {
09269 struct rsbac_acl_device_list_item_t * device_p;
09270 u_long dflags;
09271 u_int i;
09272
09273 if(desc.subj_type >= ACLS_NONE)
09274 return -RSBAC_EINVALIDVALUE;
09275
09276
09277 rsbac_ta_list_remove(ta_number, default_fd_handle, &desc);
09278 rsbac_ta_list_remove(ta_number, default_dev_handle, &desc);
09279 rsbac_ta_list_remove(ta_number, default_ipc_handle, &desc);
09280 rsbac_ta_list_remove(ta_number, default_scd_handle, &desc);
09281 rsbac_ta_list_remove(ta_number, default_u_handle, &desc);
09282 rsbac_ta_list_remove(ta_number, default_p_handle, &desc);
09283 #ifdef CONFIG_RSBAC_ACL_UM_PROT
09284 rsbac_ta_list_remove(ta_number, default_g_handle, &desc);
09285 #endif
09286 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
09287 rsbac_ta_list_remove(ta_number, default_netdev_handle, &desc);
09288 #endif
09289 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
09290 rsbac_ta_list_remove(ta_number, default_nettemp_nt_handle, &desc);
09291 rsbac_ta_list_remove(ta_number, default_netobj_handle, &desc);
09292 #endif
09293
09294
09295 rsbac_read_lock(&device_list_head.lock, &dflags);
09296 device_p = device_list_head.head;
09297 while(device_p)
09298 {
09299 for(i=0; i<RSBAC_ACL_NR_FD_LISTS; i++)
09300 {
09301 rsbac_ta_list_lol_subremove_from_all(ta_number,
09302 device_p->handles[i],
09303 &desc);
09304 }
09305 device_p = device_p->next;
09306 }
09307
09308 rsbac_read_unlock(&device_list_head.lock, &dflags);
09309
09310
09311 rsbac_ta_list_lol_subremove_from_all(ta_number, dev_major_handle, &desc);
09312 rsbac_ta_list_lol_subremove_from_all(ta_number, dev_handle, &desc);
09313
09314
09315 rsbac_ta_list_lol_subremove_from_all(ta_number, scd_handle, &desc);
09316
09317
09318 rsbac_ta_list_lol_subremove_from_all(ta_number, u_handle, &desc);
09319
09320 #ifdef CONFIG_RSBAC_ACL_UM_PROT
09321
09322 rsbac_ta_list_lol_subremove_from_all(ta_number, g_handle, &desc);
09323 #endif
09324
09325 #ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
09326
09327 rsbac_ta_list_lol_subremove_from_all(ta_number, netdev_handle, &desc);
09328 #endif
09329 #ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
09330 rsbac_ta_list_lol_subremove_from_all(ta_number, nettemp_nt_handle, &desc);
09331 rsbac_ta_list_lol_subremove_from_all(ta_number, nettemp_handle, &desc);
09332 rsbac_ta_list_lol_subremove_from_all(ta_number, netobj_handle, &desc);
09333 #endif
09334
09335 return 0;
09336 }
09337
09338
09339
09340 int rsbac_acl_add_group(
09341 rsbac_list_ta_number_t ta_number,
09342 rsbac_uid_t owner,
09343 enum rsbac_acl_group_type_t type,
09344 char * name,
09345 rsbac_acl_group_id_t * group_id_p)
09346 {
09347 struct rsbac_acl_group_entry_t entry;
09348 int err=0;
09349
09350 if(type >= ACLG_NONE)
09351 return -RSBAC_EINVALIDVALUE;
09352 if(!name || !group_id_p)
09353 return -RSBAC_EINVALIDPOINTER;
09354 if(!name[0])
09355 return -RSBAC_EINVALIDVALUE;
09356 entry.owner = owner;
09357 entry.type = type;
09358 strncpy(entry.name, name, RSBAC_ACL_GROUP_NAMELEN-1);
09359 entry.name[RSBAC_ACL_GROUP_NAMELEN-1] = 0;
09360 if(!*group_id_p)
09361 {
09362
09363 group_last_new++;
09364
09365 while(!group_last_new || rsbac_ta_list_exist(ta_number, group_handle, &group_last_new))
09366 group_last_new++;
09367
09368 entry.id = group_last_new;
09369 }
09370 else
09371 {
09372 if(rsbac_ta_list_exist(ta_number, group_handle, group_id_p))
09373 {
09374 return(-RSBAC_EEXISTS);
09375 }
09376 else
09377 entry.id = *group_id_p;
09378 }
09379 if(rsbac_ta_list_add_ttl(ta_number, group_handle, 0, &entry.id, &entry))
09380 err = -RSBAC_ECOULDNOTADDITEM;
09381 else
09382 {
09383 *group_id_p = entry.id;
09384 }
09385 return(err);
09386 }
09387
09388 int rsbac_acl_change_group(
09389 rsbac_list_ta_number_t ta_number,
09390 rsbac_acl_group_id_t id,
09391 rsbac_uid_t owner,
09392 enum rsbac_acl_group_type_t type,
09393 char * name)
09394 {
09395 struct rsbac_acl_group_entry_t entry;
09396
09397 if(!id)
09398 return -RSBAC_EINVALIDVALUE;
09399 if(!rsbac_ta_list_exist(ta_number, group_handle, &id))
09400 return(-RSBAC_ENOTFOUND);
09401 if(!name)
09402 return -RSBAC_EINVALIDPOINTER;
09403 if(!name[0])
09404 return -RSBAC_EINVALIDVALUE;
09405 entry.id = id;
09406 entry.owner = owner;
09407 entry.type = type;
09408 strncpy(entry.name, name, RSBAC_ACL_GROUP_NAMELEN);
09409 entry.name[RSBAC_ACL_GROUP_NAMELEN-1] = 0;
09410 return rsbac_ta_list_add_ttl(ta_number, group_handle, 0, &entry.id, &entry);
09411 }
09412
09413 int rsbac_acl_remove_group(
09414 rsbac_list_ta_number_t ta_number,
09415 rsbac_acl_group_id_t id)
09416 {
09417 int err=0;
09418
09419 if(!id)
09420 return -RSBAC_EINVALIDVALUE;
09421
09422 err = rsbac_ta_list_remove(ta_number, group_handle, &id);
09423 if(!err)
09424 {
09425 struct rsbac_acl_entry_desc_t desc;
09426
09427
09428 rsbac_ta_list_lol_subremove_from_all(ta_number, gm_handle, &id);
09429 desc.subj_type = ACLS_GROUP;
09430 desc.subj_id = id;
09431 err = rsbac_acl_remove_subject(ta_number, desc);
09432 }
09433 return(err);
09434 }
09435
09436 int rsbac_acl_get_group_entry(
09437 rsbac_list_ta_number_t ta_number,
09438 rsbac_acl_group_id_t group,
09439 struct rsbac_acl_group_entry_t * entry_p)
09440 {
09441 if(!group)
09442 return -RSBAC_EINVALIDVALUE;
09443 if(!entry_p)
09444 return -RSBAC_EINVALIDPOINTER;
09445 return rsbac_ta_list_get_data_ttl(ta_number, group_handle, NULL, &group, entry_p);
09446 }
09447
09448 int rsbac_acl_list_groups(
09449 rsbac_list_ta_number_t ta_number,
09450 rsbac_uid_t owner,
09451 rsbac_boolean_t include_global,
09452 struct rsbac_acl_group_entry_t ** entry_pp)
09453 {
09454 long count;
09455 struct rsbac_acl_group_entry_t * local_entry_p;
09456
09457 if(!entry_pp)
09458 return -RSBAC_EINVALIDPOINTER;
09459 count = rsbac_ta_list_get_all_data(ta_number, group_handle, (void **) &local_entry_p);
09460 if(count > 0)
09461 {
09462 long i;
09463 long rescount = 0;
09464
09465 *entry_pp = rsbac_vmalloc(count * sizeof(**entry_pp));
09466 if(!*entry_pp)
09467 {
09468 rsbac_vfree(local_entry_p);
09469 return -RSBAC_ENOMEM;
09470 }
09471 for(i=0; i<count; i++)
09472 {
09473 if( (local_entry_p[i].owner == owner)
09474 || ( include_global
09475 && (local_entry_p[i].type == ACLG_GLOBAL)
09476 )
09477 )
09478 {
09479 memcpy(&(*entry_pp)[rescount], &local_entry_p[i], sizeof(local_entry_p[i]));
09480 rescount++;
09481 }
09482 }
09483 rsbac_vfree(local_entry_p);
09484 count = rescount;
09485 }
09486 return count;
09487 }
09488
09489
09490 rsbac_boolean_t rsbac_acl_group_exist(rsbac_acl_group_id_t group)
09491 {
09492 if(!group)
09493 return TRUE;
09494 return rsbac_ta_list_exist(0, group_handle, &group);
09495 }
09496
09497 int rsbac_acl_add_group_member(
09498 rsbac_list_ta_number_t ta_number,
09499 rsbac_acl_group_id_t group,
09500 rsbac_uid_t user,
09501 rsbac_time_t ttl)
09502 {
09503 int err = 0;
09504
09505 if(!group)
09506 return -RSBAC_EINVALIDVALUE;
09507 if(!rsbac_ta_list_exist(ta_number, group_handle, &group))
09508 return -RSBAC_EINVALIDVALUE;
09509
09510 if(!rsbac_ta_list_lol_exist(ta_number, gm_handle, &user))
09511 {
09512 err = rsbac_ta_list_lol_add_ttl(ta_number, gm_handle, 0, &user, NULL);
09513 if(err)
09514 return err;
09515 }
09516 return rsbac_ta_list_lol_subadd_ttl(ta_number, gm_handle, ttl, &user, &group, NULL);
09517 }
09518
09519 int rsbac_acl_remove_group_member(
09520 rsbac_list_ta_number_t ta_number,
09521 rsbac_acl_group_id_t group,
09522 rsbac_uid_t user)
09523 {
09524 int err;
09525
09526 if(!group)
09527 return -RSBAC_EINVALIDVALUE;
09528 if(!rsbac_ta_list_exist(ta_number, group_handle, &group))
09529 return -RSBAC_EINVALIDVALUE;
09530
09531 err = rsbac_ta_list_lol_subremove(ta_number, gm_handle, &user, &group);
09532
09533 if( !err
09534 && !rsbac_ta_list_lol_subcount(ta_number, gm_handle, &user)
09535 )
09536 err = rsbac_ta_list_lol_remove(ta_number, gm_handle, &user);
09537
09538 return err;
09539 }
09540
09541
09542 rsbac_boolean_t rsbac_acl_group_member(rsbac_acl_group_id_t group, rsbac_uid_t user)
09543 {
09544 return rsbac_ta_list_lol_subexist(0, gm_handle, &user, &group);
09545 }
09546
09547
09548
09549
09550 int rsbac_acl_get_user_groups(
09551 rsbac_list_ta_number_t ta_number,
09552 rsbac_uid_t user,
09553 rsbac_acl_group_id_t ** group_pp,
09554 rsbac_time_t ** ttl_pp)
09555 {
09556 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
09557 gm_handle,
09558 &user,
09559 (void **) group_pp,
09560 ttl_pp);
09561 }
09562
09563
09564 int rsbac_acl_get_group_members(
09565 rsbac_list_ta_number_t ta_number,
09566 rsbac_acl_group_id_t group,
09567 rsbac_uid_t user_array[],
09568 rsbac_time_t ttl_array[],
09569 int maxnum)
09570 {
09571 long desc_count;
09572 long i;
09573 rsbac_uid_t * user_p;
09574 int err = 0;
09575
09576 if(!group || (maxnum <= 0))
09577 return -RSBAC_EINVALIDVALUE;
09578 if(!rsbac_ta_list_exist(ta_number, group_handle, &group))
09579 return -RSBAC_EINVALIDVALUE;
09580 if(!user_array)
09581 return -RSBAC_EINVALIDPOINTER;
09582
09583
09584 desc_count = rsbac_ta_list_lol_get_all_desc(ta_number, gm_handle, (void **) &user_p);
09585 if(desc_count > 0)
09586 {
09587 rsbac_time_t ttl;
09588
09589 for(i=0; i<desc_count; i++)
09590 {
09591 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number, gm_handle, &ttl, &user_p[i], &group, NULL))
09592 {
09593 user_array[err] = user_p[i];
09594 if(ttl_array)
09595 ttl_array[err] = ttl;
09596 err++;
09597 if(err >= maxnum)
09598 break;
09599 }
09600 }
09601 rsbac_vfree(user_p);
09602 }
09603 return(err);
09604 }
09605
09606 int rsbac_acl_list_all_dev(
09607 rsbac_list_ta_number_t ta_number,
09608 struct rsbac_dev_desc_t ** id_pp)
09609 {
09610 if(id_pp)
09611 return rsbac_ta_list_lol_get_all_desc(ta_number, dev_handle, (void **) id_pp);
09612 else
09613 return rsbac_ta_list_lol_count(ta_number, dev_handle);
09614 }
09615
09616 int rsbac_acl_list_all_major_dev(
09617 rsbac_list_ta_number_t ta_number,
09618 struct rsbac_dev_desc_t ** id_pp)
09619 {
09620 if(id_pp)
09621 {
09622 int count;
09623
09624 count = rsbac_ta_list_lol_get_all_desc(ta_number, dev_major_handle, (void **) id_pp);
09625 if(count > 0)
09626 {
09627 u_int i;
09628 struct rsbac_dev_desc_t * tmp_p;
09629
09630 tmp_p = *id_pp;
09631 for(i=0; i<count; i++)
09632 tmp_p[i].type += (D_block_major - D_block);
09633 }
09634 return count;
09635 }
09636 else
09637 return rsbac_ta_list_lol_count(ta_number, dev_major_handle);
09638 }
09639
09640 int rsbac_acl_list_all_user(
09641 rsbac_list_ta_number_t ta_number,
09642 rsbac_uid_t ** id_pp)
09643 {
09644 if(id_pp)
09645 return rsbac_ta_list_lol_get_all_desc(ta_number, u_handle, (void **) id_pp);
09646 else
09647 return rsbac_ta_list_lol_count(ta_number, u_handle);
09648 }
09649
09650 #ifdef CONFIG_RSBAC_ACL_UM_PROT
09651 int rsbac_acl_list_all_group(
09652 rsbac_list_ta_number_t ta_number,
09653 rsbac_gid_t ** id_pp)
09654 {
09655 if(id_pp)
09656 return rsbac_ta_list_lol_get_all_desc(ta_number, g_handle, (void **) id_pp);
09657 else
09658 return rsbac_ta_list_lol_count(ta_number, g_handle);
09659 }
09660 #endif
09661
09662
09663
09664 int rsbac_acl_remove_user(
09665 rsbac_list_ta_number_t ta_number,
09666 rsbac_uid_t user)
09667 {
09668 u_long i;
09669 struct rsbac_acl_group_entry_t * entry_p;
09670 long desc_count;
09671 struct rsbac_acl_entry_desc_t desc;
09672
09673 rsbac_ta_list_lol_remove(ta_number, gm_handle, &user);
09674
09675 desc_count = rsbac_ta_list_get_all_data(ta_number, group_handle, (void **) &entry_p);
09676 if(desc_count > 0)
09677 {
09678 for(i=0; i<desc_count; i++)
09679 {
09680 if(entry_p[i].owner == user)
09681 {
09682 rsbac_ta_list_remove(ta_number, group_handle, &entry_p[i].id);
09683
09684 rsbac_ta_list_lol_subremove_from_all(ta_number,
09685 gm_handle,
09686 &entry_p[i].id);
09687 }
09688 }
09689 rsbac_vfree(entry_p);
09690 }
09691
09692 desc.subj_type = ACLS_USER;
09693 desc.subj_id = user;
09694
09695 return rsbac_acl_remove_subject(ta_number, desc);
09696 }
09697
09698
