#include <linux/init.h>#include <rsbac/types.h>Go to the source code of this file.
|
||||||||||||||||||||||||
|
Definition at line 3074 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, fd_hash(), rsbac_auth_cap_range_t::first, rsbac_auth_device_list_item_t::handles, rsbac_auth_cap_range_t::last, rsbac_auth_device_list_head_t::lock, lookup_device(), NULL, RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl(). Referenced by rsbac_auth_add_f_cap(). 03080 {
03081 int err=0;
03082 u_long dflags;
03083 struct rsbac_auth_device_list_item_t * device_p;
03084
03085 if (!rsbac_is_initialized())
03086 {
03087 rsbac_printk(KERN_WARNING "rsbac_auth_add_to_f_capset(): RSBAC not initialized\n");
03088 return(-RSBAC_ENOTINITIALIZED);
03089 }
03090 if (in_interrupt())
03091 {
03092 rsbac_printk(KERN_WARNING "rsbac_auth_add_to_f_capset(): called from interrupt!\n");
03093 }
03094 if(cap_range.first > cap_range.last)
03095 return(-RSBAC_EINVALIDVALUE);
03096
03097 /* protect device list */
03098 rsbac_read_lock(&device_list_head.lock, &dflags);
03099 device_p = lookup_device(file.device);
03100 if(!device_p)
03101 {
03102 /* trigger rsbac_mount() */
03103 rsbac_read_unlock(&device_list_head.lock, &dflags);
03104 rsbac_get_super_block(file.device);
03105 /* retry */
03106 rsbac_read_lock(&device_list_head.lock, &dflags);
03107 device_p = lookup_device(file.device);
03108 if(!device_p)
03109 {
03110 rsbac_printk(KERN_WARNING "rsbac_auth_add_to_f_capset(): invalid device %02u:%02u!\n",
03111 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
03112 rsbac_read_unlock(&device_list_head.lock, &dflags);
03113 return(-RSBAC_EINVALIDDEV);
03114 }
03115 }
03116
03117 switch(cap_type)
03118 {
03119 case ACT_real:
03120 err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->handles[fd_hash(file.inode)],
03121 ttl, &file.inode, &cap_range, NULL);
03122 break;
03123 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
03124 case ACT_eff:
03125 err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->eff_handles[eff_fd_hash(file.inode)],
03126 ttl, &file.inode, &cap_range, NULL);
03127 break;
03128 case ACT_fs:
03129 err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->fs_handles[fs_fd_hash(file.inode)],
03130 ttl, &file.inode, &cap_range, NULL);
03131 break;
03132 #endif
03133 #ifdef CONFIG_RSBAC_AUTH_GROUP
03134 case ACT_group_real:
03135 err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->group_handles[group_fd_hash(file.inode)],
03136 ttl, &file.inode, &cap_range, NULL);
03137 break;
03138 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
03139 case ACT_group_eff:
03140 err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->group_eff_handles[group_eff_fd_hash(file.inode)],
03141 ttl, &file.inode, &cap_range, NULL);
03142 break;
03143 case ACT_group_fs:
03144 err = rsbac_ta_list_lol_subadd_ttl(ta_number, device_p->group_fs_handles[group_fs_fd_hash(file.inode)],
03145 ttl, &file.inode, &cap_range, NULL);
03146 break;
03147 #endif
03148 #endif /* AUTH_GROUP */
03149
03150 default:
03151 err = -RSBAC_EINVALIDTARGET;
03152 }
03153 rsbac_read_unlock(&device_list_head.lock, &dflags);
03154 return(err);
03155 }
|
|
||||||||||||||||||||||||
|
Definition at line 3030 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, NULL, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl(). Referenced by rsbac_auth_add_p_cap(), and rsbac_replace_auth_cap(). 03036 {
03037 if (!rsbac_is_initialized())
03038 {
03039 rsbac_printk(KERN_WARNING "rsbac_auth_add_to_p_capset(): RSBAC not initialized\n");
03040 return(-RSBAC_ENOTINITIALIZED);
03041 }
03042 if (in_interrupt())
03043 {
03044 rsbac_printk(KERN_WARNING "rsbac_auth_add_to_p_capset(): called from interrupt!\n");
03045 }
03046 if(cap_range.first > cap_range.last)
03047 return(-RSBAC_EINVALIDVALUE);
03048 switch(cap_type)
03049 {
03050 case ACT_real:
03051 return rsbac_ta_list_lol_subadd_ttl(ta_number, process_handle, ttl, &pid, &cap_range, NULL);
03052 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
03053 case ACT_eff:
03054 return rsbac_ta_list_lol_subadd_ttl(ta_number, process_eff_handle, ttl, &pid, &cap_range, NULL);
03055 case ACT_fs:
03056 return rsbac_ta_list_lol_subadd_ttl(ta_number, process_fs_handle, ttl, &pid, &cap_range, NULL);
03057 #endif
03058 #ifdef CONFIG_RSBAC_AUTH_GROUP
03059 case ACT_group_real:
03060 return rsbac_ta_list_lol_subadd_ttl(ta_number, process_group_handle, ttl, &pid, &cap_range, NULL);
03061 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
03062 case ACT_group_eff:
03063 return rsbac_ta_list_lol_subadd_ttl(ta_number, process_group_eff_handle, ttl, &pid, &cap_range, NULL);
03064 case ACT_group_fs:
03065 return rsbac_ta_list_lol_subadd_ttl(ta_number, process_group_fs_handle, ttl, &pid, &cap_range, NULL);
03066 #endif
03067 #endif /* AUTH_GROUP */
03068
03069 default:
03070 return -RSBAC_EINVALIDTARGET;
03071 }
03072 }
|
|
||||||||||||||||
|
Definition at line 3323 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, fd_hash(), rsbac_auth_device_list_item_t::handles, rsbac_auth_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove(). Referenced by rsbac_auth_remove_f_capsets(). 03327 {
03328 int err=0;
03329 u_long dflags;
03330 struct rsbac_auth_device_list_item_t * device_p;
03331
03332 if (!rsbac_is_initialized())
03333 {
03334 rsbac_printk(KERN_WARNING "rsbac_auth_clear_f_capset(): RSBAC not initialized\n");
03335 return(-RSBAC_ENOTINITIALIZED);
03336 }
03337 if (in_interrupt())
03338 {
03339 rsbac_printk(KERN_WARNING "rsbac_auth_clear_f_capset(): called from interrupt!\n");
03340 }
03341 /* protect device list */
03342 rsbac_read_lock(&device_list_head.lock, &dflags);
03343 device_p = lookup_device(file.device);
03344 if(!device_p)
03345 {
03346 /* trigger rsbac_mount() */
03347 rsbac_read_unlock(&device_list_head.lock, &dflags);
03348 rsbac_get_super_block(file.device);
03349 /* retry */
03350 rsbac_read_lock(&device_list_head.lock, &dflags);
03351 device_p = lookup_device(file.device);
03352 if(!device_p)
03353 {
03354 rsbac_printk(KERN_WARNING "rsbac_auth_clear_f_capset(): invalid device %02u:%02u!\n",
03355 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
03356 rsbac_read_unlock(&device_list_head.lock, &dflags);
03357 return(-RSBAC_EINVALIDDEV);
03358 }
03359 }
03360 switch(cap_type)
03361 {
03362 case ACT_real:
03363 err = rsbac_ta_list_lol_remove(ta_number, device_p->handles[fd_hash(file.inode)], &file.inode);
03364 break;
03365 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
03366 case ACT_eff:
03367 err = rsbac_ta_list_lol_remove(ta_number, device_p->eff_handles[eff_fd_hash(file.inode)], &file.inode);
03368 break;
03369 case ACT_fs:
03370 err = rsbac_ta_list_lol_remove(ta_number, device_p->fs_handles[fs_fd_hash(file.inode)], &file.inode);
03371 break;
03372 #endif
03373 #ifdef CONFIG_RSBAC_AUTH_GROUP
03374 case ACT_group_real:
03375 err = rsbac_ta_list_lol_remove(ta_number, device_p->group_handles[group_fd_hash(file.inode)], &file.inode);
03376 break;
03377 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
03378 case ACT_group_eff:
03379 err = rsbac_ta_list_lol_remove(ta_number, device_p->group_eff_handles[group_eff_fd_hash(file.inode)], &file.inode);
03380 break;
03381 case ACT_group_fs:
03382 err = rsbac_ta_list_lol_remove(ta_number, device_p->group_fs_handles[group_fs_fd_hash(file.inode)], &file.inode);
03383 break;
03384 #endif
03385 #endif /* AUTH_GROUP */
03386
03387 default:
03388 err = -RSBAC_EINVALIDTARGET;
03389 }
03390 rsbac_read_unlock(&device_list_head.lock, &dflags);
03391 return(err);
03392 }
|
|
||||||||||||||||
|
Definition at line 3283 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove(). Referenced by rsbac_auth_remove_p_capsets(). 03287 {
03288 if (!rsbac_is_initialized())
03289 {
03290 rsbac_printk(KERN_WARNING "rsbac_auth_clear_p_capset(): RSBAC not initialized\n");
03291 return(-RSBAC_ENOTINITIALIZED);
03292 }
03293 if (in_interrupt())
03294 {
03295 rsbac_printk(KERN_WARNING "rsbac_auth_clear_p_capset(): called from interrupt!\n");
03296 }
03297 switch(cap_type)
03298 {
03299 case ACT_real:
03300 return rsbac_ta_list_lol_remove(ta_number, process_handle, &pid);
03301 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
03302 case ACT_eff:
03303 return rsbac_ta_list_lol_remove(ta_number, process_eff_handle, &pid);
03304 case ACT_fs:
03305 return rsbac_ta_list_lol_remove(ta_number, process_fs_handle, &pid);
03306 #endif
03307 #ifdef CONFIG_RSBAC_AUTH_GROUP
03308 case ACT_group_real:
03309 return rsbac_ta_list_lol_remove(ta_number, process_group_handle, &pid);
03310 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
03311 case ACT_group_eff:
03312 return rsbac_ta_list_lol_remove(ta_number, process_group_eff_handle, &pid);
03313 case ACT_group_fs:
03314 return rsbac_ta_list_lol_remove(ta_number, process_group_fs_handle, &pid);
03315 #endif
03316 #endif /* AUTH_GROUP */
03317
03318 default:
03319 return -RSBAC_EINVALIDTARGET;
03320 }
03321 }
|
|
||||||||||||
|
Definition at line 3956 of file auth_data_structures.c. References copy_fp_cap_set_item(), rsbac_auth_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), and rsbac_printk(). Referenced by rsbac_adf_set_attr_auth(). 03958 {
03959 u_long dflags;
03960 struct rsbac_auth_device_list_item_t * device_p;
03961 int err=0;
03962
03963 if (!rsbac_is_initialized())
03964 {
03965 rsbac_printk(KERN_WARNING "rsbac_auth_copy_fp_capset(): RSBAC not initialized\n");
03966 return(-RSBAC_ENOTINITIALIZED);
03967 }
03968 if (in_interrupt())
03969 {
03970 rsbac_printk(KERN_WARNING "rsbac_auth_copy_fp_capset(): called from interrupt!\n");
03971 }
03972 /*
03973 #ifdef CONFIG_RSBAC_DEBUG
03974 if (rsbac_debug_ds_auth)
03975 rsbac_printk(KERN_DEBUG
03976 "rsbac_auth_copy_fp_capset(): Copying file cap set data to process cap set\n");
03977 #endif
03978 */
03979 /* protect device list */
03980 rsbac_read_lock(&device_list_head.lock, &dflags);
03981 device_p = lookup_device(file.device);
03982 if(!device_p)
03983 {
03984 /* trigger rsbac_mount() */
03985 rsbac_read_unlock(&device_list_head.lock, &dflags);
03986 rsbac_get_super_block(file.device);
03987 /* retry */
03988 rsbac_read_lock(&device_list_head.lock, &dflags);
03989 device_p = lookup_device(file.device);
03990 if(!device_p)
03991 {
03992 rsbac_printk(KERN_WARNING "rsbac_auth_copy_fp_capset(): invalid device %02u:%02u!\n",
03993 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
03994 rsbac_read_unlock(&device_list_head.lock, &dflags);
03995 return(-RSBAC_EINVALIDDEV);
03996 }
03997 }
03998 /* call the copy function */
03999 err = copy_fp_cap_set_item(device_p,file,p_cap_set_id);
04000 rsbac_read_unlock(&device_list_head.lock, &dflags);
04001 return(err);
04002 }
|
|
||||||||||||
|
Definition at line 4004 of file auth_data_structures.c. References copy_pp_cap_set_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), and rsbac_printk(). Referenced by rsbac_adf_set_attr_auth(). 04006 {
04007 if (!rsbac_is_initialized())
04008 {
04009 rsbac_printk(KERN_WARNING "rsbac_auth_copy_pp_capset(): RSBAC not initialized\n");
04010 return(-RSBAC_ENOTINITIALIZED);
04011 }
04012 if (in_interrupt())
04013 {
04014 rsbac_printk(KERN_WARNING "rsbac_auth_copy_pp_capset(): called from interrupt!\n");
04015 }
04016 /*
04017 #ifdef CONFIG_RSBAC_DEBUG
04018 if (rsbac_debug_ds_auth)
04019 rsbac_printk(KERN_DEBUG
04020 "rsbac_auth_copy_pp_capset(): Copying process cap set data to process cap set\n");
04021 #endif
04022 */
04023 /* call the copy function */
04024 return copy_pp_cap_set_item(old_p_set_id,new_p_set_id);
04025 }
|
|
||||||||||||||||||||||||
|
Definition at line 4027 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, fd_hash(), rsbac_auth_device_list_item_t::handles, rsbac_auth_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_get_all_subdesc_ttl(). 04033 {
04034 u_long dflags;
04035 struct rsbac_auth_device_list_item_t * device_p;
04036 long count;
04037
04038 if (!rsbac_is_initialized())
04039 {
04040 rsbac_printk(KERN_WARNING "rsbac_auth_get_f_caplist(): RSBAC not initialized\n");
04041 return(-RSBAC_ENOTINITIALIZED);
04042 }
04043 if (in_interrupt())
04044 {
04045 rsbac_printk(KERN_WARNING "rsbac_auth_get_f_caplist(): called from interrupt!\n");
04046 }
04047 /*
04048 #ifdef CONFIG_RSBAC_DEBUG
04049 if (rsbac_debug_ds_auth)
04050 rsbac_printk(KERN_DEBUG
04051 "rsbac_auth_get_f_caplist(): Getting file/dir cap set list\n");
04052 #endif
04053 */
04054 /* protect device list */
04055 rsbac_read_lock(&device_list_head.lock, &dflags);
04056 device_p = lookup_device(file.device);
04057 if(!device_p)
04058 {
04059 /* trigger rsbac_mount() */
04060 rsbac_read_unlock(&device_list_head.lock, &dflags);
04061 rsbac_get_super_block(file.device);
04062 /* retry */
04063 rsbac_read_lock(&device_list_head.lock, &dflags);
04064 device_p = lookup_device(file.device);
04065 if(!device_p)
04066 {
04067 rsbac_printk(KERN_WARNING "rsbac_auth_get_f_caplist(): invalid device %02u:%02u!\n",
04068 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
04069 rsbac_read_unlock(&device_list_head.lock, &dflags);
04070 return(-RSBAC_EINVALIDDEV);
04071 }
04072 }
04073 switch(cap_type)
04074 {
04075 case ACT_real:
04076 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04077 device_p->handles[fd_hash(file.inode)],
04078 &file.inode,
04079 (void **) caplist_p,
04080 ttllist_p);
04081 break;
04082 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
04083 case ACT_eff:
04084 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04085 device_p->eff_handles[eff_fd_hash(file.inode)],
04086 &file.inode,
04087 (void **) caplist_p,
04088 ttllist_p);
04089 break;
04090 case ACT_fs:
04091 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04092 device_p->fs_handles[fs_fd_hash(file.inode)],
04093 &file.inode,
04094 (void **) caplist_p,
04095 ttllist_p);
04096 break;
04097 #endif
04098 #ifdef CONFIG_RSBAC_AUTH_GROUP
04099 case ACT_group_real:
04100 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04101 device_p->group_handles[group_fd_hash(file.inode)],
04102 &file.inode,
04103 (void **) caplist_p,
04104 ttllist_p);
04105 break;
04106 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
04107 case ACT_group_eff:
04108 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04109 device_p->group_eff_handles[group_eff_fd_hash(file.inode)],
04110 &file.inode,
04111 (void **) caplist_p,
04112 ttllist_p);
04113 break;
04114 case ACT_group_fs:
04115 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04116 device_p->group_fs_handles[group_fs_fd_hash(file.inode)],
04117 &file.inode,
04118 (void **) caplist_p,
04119 ttllist_p);
04120 break;
04121 #endif
04122 #endif /* AUTH_GROUP */
04123
04124 default:
04125 count = -RSBAC_EINVALIDTARGET;
04126 }
04127 rsbac_read_unlock(&device_list_head.lock, &dflags);
04128 return(count);
04129 }
|
|
||||||||||||||||||||||||
|
Definition at line 4131 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_get_all_subdesc_ttl(). 04137 {
04138 long count;
04139
04140 if (!rsbac_is_initialized())
04141 {
04142 rsbac_printk(KERN_WARNING "rsbac_auth_get_p_caplist(): RSBAC not initialized\n");
04143 return(-RSBAC_ENOTINITIALIZED);
04144 }
04145 if (in_interrupt())
04146 {
04147 rsbac_printk(KERN_WARNING "rsbac_auth_get_p_caplist(): called from interrupt!\n");
04148 }
04149 /*
04150 #ifdef CONFIG_RSBAC_DEBUG
04151 if (rsbac_debug_ds_auth)
04152 rsbac_printk(KERN_DEBUG
04153 "rsbac_auth_get_p_caplist(): Getting process cap set list\n");
04154 #endif
04155 */
04156 switch(cap_type)
04157 {
04158 case ACT_real:
04159 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04160 process_handle,
04161 &pid,
04162 (void **) caplist_p,
04163 ttllist_p);
04164 break;
04165 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
04166 case ACT_eff:
04167 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04168 process_eff_handle,
04169 &pid,
04170 (void **) caplist_p,
04171 ttllist_p);
04172 break;
04173 case ACT_fs:
04174 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04175 process_fs_handle,
04176 &pid,
04177 (void **) caplist_p,
04178 ttllist_p);
04179 break;
04180 #endif
04181 #ifdef CONFIG_RSBAC_AUTH_GROUP
04182 case ACT_group_real:
04183 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04184 process_group_handle,
04185 &pid,
04186 (void **) caplist_p,
04187 ttllist_p);
04188 break;
04189 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
04190 case ACT_group_eff:
04191 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04192 process_group_eff_handle,
04193 &pid,
04194 (void **) caplist_p,
04195 ttllist_p);
04196 break;
04197 case ACT_group_fs:
04198 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
04199 process_group_fs_handle,
04200 &pid,
04201 (void **) caplist_p,
04202 ttllist_p);
04203 break;
04204 #endif
04205 #endif /* AUTH_GROUP */
04206
04207 default:
04208 count = -RSBAC_EINVALIDTARGET;
04209 }
04210 return(count);
04211 }
|
|
||||||||||||||||
|
Definition at line 3397 of file auth_data_structures.c. References A_auth_learn, ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, AUTH, rsbac_attribute_value_t::auth_learn, FALSE, fd_hash(), rsbac_auth_cap_range_t::first, rsbac_auth_device_list_item_t::handles, rsbac_auth_cap_range_t::last, rsbac_auth_device_list_head_t::lock, lookup_device(), NULL, rsbac_target_id_t::process, RSBAC_AUTH_DAC_GROUP_F_CAP, RSBAC_AUTH_DAC_OWNER_F_CAP, RSBAC_AUTH_GROUP_F_CAP, RSBAC_AUTH_MAX_RANGE_UID, RSBAC_AUTH_OWNER_F_CAP, rsbac_get_attr, rsbac_is_initialized(), rsbac_list_lol_subadd(), rsbac_list_lol_subexist_compare(), rsbac_printk(), single_cap_compare(), T_PROCESS, and TRUE. Referenced by rsbac_adf_request_auth(), and rsbac_replace_auth_cap(). 03400 {
03401 rsbac_boolean_t result;
03402
03403 if (!rsbac_is_initialized())
03404 {
03405 rsbac_printk(KERN_WARNING "rsbac_auth_p_capset_member(): RSBAC not initialized\n");
03406 return FALSE;
03407 }
03408 if (in_interrupt())
03409 {
03410 rsbac_printk(KERN_WARNING "rsbac_auth_p_capset_member(): called from interrupt!\n");
03411 }
03412 switch(cap_type)
03413 {
03414 case ACT_real:
03415 result = rsbac_list_lol_subexist_compare(process_handle, &pid, &member, single_cap_compare);
03416
03417 #if defined(CONFIG_RSBAC_AUTH_LEARN)
03418 if( !result
03419 && (member <= RSBAC_AUTH_MAX_RANGE_UID)
03420 )
03421 {
03422 union rsbac_target_id_t tid;
03423 union rsbac_attribute_value_t attr_val;
03424 rsbac_boolean_t learn;
03425
03426 learn = rsbac_auth_learn;
03427 if(!learn)
03428 {
03429 tid.process = pid;
03430 /* check learn on process */
03431 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE))
03432 learn = attr_val.auth_learn;
03433 }
03434 if(learn)
03435 {
03436 struct rsbac_auth_cap_range_t range;
03437
03438 rsbac_printk(KERN_INFO
03439 "rsbac_auth_p_capset_member(): adding AUTH capability for uid %u to process %u (%.15s)!\n",
03440 member,
03441 pid,
03442 current->comm);
03443 range.first = member;
03444 range.last = member;
03445 rsbac_list_lol_subadd(process_handle, &pid, &range, NULL);
03446
03447 tid.process = pid;
03448 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE))
03449 {
03450 struct rsbac_auth_device_list_item_t * device_p;
03451 union rsbac_attribute_value_t attr_val2;
03452 u_long dflags;
03453
03454 if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_uid, &attr_val2, FALSE)
03455 && (range.first == attr_val2.auth_start_uid)
03456 )
03457 {
03458 range.first = RSBAC_AUTH_OWNER_F_CAP;
03459 range.last = range.first;
03460 }
03461 rsbac_printk(KERN_INFO
03462 "rsbac_auth_p_capset_member(): adding AUTH capability for uid %u to file %u on device %02u:%02u!\n",
03463 range.first,
03464 attr_val.auth_program_file.inode,
03465 MAJOR(attr_val.auth_program_file.device),
03466 MINOR(attr_val.auth_program_file.device));
03467 rsbac_read_lock(&device_list_head.lock, &dflags);
03468 device_p = lookup_device(attr_val.auth_program_file.device);
03469 if(device_p)
03470 {
03471 rsbac_list_lol_subadd(device_p->handles[fd_hash(attr_val.auth_program_file.inode)],
03472 &attr_val.auth_program_file.inode, &range, NULL);
03473 }
03474 else
03475 {
03476 rsbac_printk(KERN_INFO
03477 "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n",
03478 MAJOR(attr_val.auth_program_file.device),
03479 MINOR(attr_val.auth_program_file.device));
03480 }
03481 rsbac_read_unlock(&device_list_head.lock, &dflags);
03482 }
03483 result = TRUE;
03484 }
03485 }
03486 #endif
03487 break;
03488
03489 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
03490 case ACT_eff:
03491 result = rsbac_list_lol_subexist_compare(process_eff_handle, &pid, &member, single_cap_compare);
03492
03493 #if defined(CONFIG_RSBAC_AUTH_LEARN)
03494 if( !result
03495 && (member <= RSBAC_AUTH_MAX_RANGE_UID)
03496 )
03497 {
03498 union rsbac_target_id_t tid;
03499 union rsbac_attribute_value_t attr_val;
03500 rsbac_boolean_t learn;
03501
03502 learn = rsbac_auth_learn;
03503 if(!learn)
03504 {
03505 tid.process = pid;
03506 /* check learn on process */
03507 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE))
03508 learn = attr_val.auth_learn;
03509 }
03510 if(learn)
03511 {
03512 struct rsbac_auth_cap_range_t range;
03513
03514 rsbac_printk(KERN_INFO
03515 "rsbac_auth_p_capset_member(): adding AUTH eff capability for uid %u to process %u (%.15s)!\n",
03516 member,
03517 pid,
03518 current->comm);
03519 range.first = member;
03520 range.last = member;
03521 rsbac_list_lol_subadd(process_eff_handle, &pid, &range, NULL);
03522
03523 tid.process = pid;
03524 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE))
03525 {
03526 struct rsbac_auth_device_list_item_t * device_p;
03527 union rsbac_attribute_value_t attr_val2;
03528 u_long dflags;
03529
03530 if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_uid, &attr_val2, FALSE)
03531 && (range.first == attr_val2.auth_start_uid)
03532 )
03533 {
03534 range.first = RSBAC_AUTH_OWNER_F_CAP;
03535 range.last = range.first;
03536 }
03537 else
03538 if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_euid, &attr_val2, FALSE)
03539 && (range.first == attr_val2.auth_start_euid)
03540 )
03541 {
03542 range.first = RSBAC_AUTH_DAC_OWNER_F_CAP;
03543 range.last = range.first;
03544 }
03545 rsbac_printk(KERN_INFO
03546 "rsbac_auth_p_capset_member(): adding AUTH eff capability for uid %u to file %u on device %02u:%02u!\n",
03547 range.first,
03548 attr_val.auth_program_file.inode,
03549 MAJOR(attr_val.auth_program_file.device),
03550 MINOR(attr_val.auth_program_file.device));
03551 rsbac_read_lock(&device_list_head.lock, &dflags);
03552 device_p = lookup_device(attr_val.auth_program_file.device);
03553 if(device_p)
03554 {
03555 rsbac_list_lol_subadd(device_p->eff_handles[eff_fd_hash(attr_val.auth_program_file.inode)],
03556 &attr_val.auth_program_file.inode, &range, NULL);
03557 }
03558 else
03559 {
03560 rsbac_printk(KERN_INFO
03561 "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n",
03562 MAJOR(attr_val.auth_program_file.device),
03563 MINOR(attr_val.auth_program_file.device));
03564 }
03565 rsbac_read_unlock(&device_list_head.lock, &dflags);
03566 }
03567 result = TRUE;
03568 }
03569 }
03570 #endif
03571 break;
03572
03573 case ACT_fs:
03574 result = rsbac_list_lol_subexist_compare(process_fs_handle, &pid, &member, single_cap_compare);
03575
03576 #if defined(CONFIG_RSBAC_AUTH_LEARN)
03577 if( !result
03578 && (member <= RSBAC_AUTH_MAX_RANGE_UID)
03579 )
03580 {
03581 union rsbac_target_id_t tid;
03582 union rsbac_attribute_value_t attr_val;
03583 rsbac_boolean_t learn;
03584
03585 learn = rsbac_auth_learn;
03586 if(!learn)
03587 {
03588 tid.process = pid;
03589 /* check learn on process */
03590 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE))
03591 learn = attr_val.auth_learn;
03592 }
03593 if(learn)
03594 {
03595 struct rsbac_auth_cap_range_t range;
03596
03597 rsbac_printk(KERN_INFO
03598 "rsbac_auth_p_capset_member(): adding AUTH fs capability for uid %u to process %u (%.15s)!\n",
03599 member,
03600 pid,
03601 current->comm);
03602 range.first = member;
03603 range.last = member;
03604 rsbac_list_lol_subadd(process_fs_handle, &pid, &range, NULL);
03605
03606 tid.process = pid;
03607 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE))
03608 {
03609 struct rsbac_auth_device_list_item_t * device_p;
03610 union rsbac_attribute_value_t attr_val2;
03611 u_long dflags;
03612
03613 if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_uid, &attr_val2, FALSE)
03614 && (range.first == attr_val2.auth_start_uid)
03615 )
03616 {
03617 range.first = RSBAC_AUTH_OWNER_F_CAP;
03618 range.last = range.first;
03619 }
03620 else
03621 if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_euid, &attr_val2, FALSE)
03622 && (range.first == attr_val2.auth_start_euid)
03623 )
03624 {
03625 range.first = RSBAC_AUTH_DAC_OWNER_F_CAP;
03626 range.last = range.first;
03627 }
03628 rsbac_printk(KERN_INFO
03629 "rsbac_auth_p_capset_member(): adding AUTH fs capability for uid %u to file %u on device %02u:%02u!\n",
03630 range.first,
03631 attr_val.auth_program_file.inode,
03632 MAJOR(attr_val.auth_program_file.device),
03633 MINOR(attr_val.auth_program_file.device));
03634 rsbac_read_lock(&device_list_head.lock, &dflags);
03635 device_p = lookup_device(attr_val.auth_program_file.device);
03636 if(device_p)
03637 {
03638 rsbac_list_lol_subadd(device_p->fs_handles[fs_fd_hash(attr_val.auth_program_file.inode)],
03639 &attr_val.auth_program_file.inode, &range, NULL);
03640 }
03641 else
03642 {
03643 rsbac_printk(KERN_INFO
03644 "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n",
03645 MAJOR(attr_val.auth_program_file.device),
03646 MINOR(attr_val.auth_program_file.device));
03647 }
03648 rsbac_read_unlock(&device_list_head.lock, &dflags);
03649 }
03650 result = TRUE;
03651 }
03652 }
03653 #endif
03654 break;
03655 #endif /* AUTH_DAC_OWNER */
03656
03657 #ifdef CONFIG_RSBAC_AUTH_GROUP
03658 case ACT_group_real:
03659 result = rsbac_list_lol_subexist_compare(process_group_handle, &pid, &member, single_cap_compare);
03660
03661 #if defined(CONFIG_RSBAC_AUTH_LEARN)
03662 if( !result
03663 && (member <= RSBAC_AUTH_MAX_RANGE_UID)
03664 )
03665 {
03666 union rsbac_target_id_t tid;
03667 union rsbac_attribute_value_t attr_val;
03668 rsbac_boolean_t learn;
03669
03670 learn = rsbac_auth_learn;
03671 if(!learn)
03672 {
03673 tid.process = pid;
03674 /* check learn on process */
03675 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE))
03676 learn = attr_val.auth_learn;
03677 }
03678 if(learn)
03679 {
03680 struct rsbac_auth_cap_range_t range;
03681
03682 rsbac_printk(KERN_INFO
03683 "rsbac_auth_p_capset_member(): adding AUTH group capability for gid %u to process %u (%.15s)!\n",
03684 member,
03685 pid,
03686 current->comm);
03687 range.first = member;
03688 range.last = member;
03689 rsbac_list_lol_subadd(process_group_handle, &pid, &range, NULL);
03690
03691 tid.process = pid;
03692 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE))
03693 {
03694 struct rsbac_auth_device_list_item_t * device_p;
03695 union rsbac_attribute_value_t attr_val2;
03696 u_long dflags;
03697
03698 if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_gid, &attr_val2, FALSE)
03699 && (range.first == attr_val2.auth_start_gid)
03700 )
03701 {
03702 range.first = RSBAC_AUTH_GROUP_F_CAP;
03703 range.last = range.first;
03704 }
03705 rsbac_printk(KERN_INFO
03706 "rsbac_auth_p_capset_member(): adding AUTH group capability for gid %u to file %u on device %02u:%02u!\n",
03707 range.first,
03708 attr_val.auth_program_file.inode,
03709 MAJOR(attr_val.auth_program_file.device),
03710 MINOR(attr_val.auth_program_file.device));
03711 rsbac_read_lock(&device_list_head.lock, &dflags);
03712 device_p = lookup_device(attr_val.auth_program_file.device);
03713 if(device_p)
03714 {
03715 rsbac_list_lol_subadd(device_p->group_handles[group_fd_hash(attr_val.auth_program_file.inode)],
03716 &attr_val.auth_program_file.inode, &range, NULL);
03717 }
03718 else
03719 {
03720 rsbac_printk(KERN_INFO
03721 "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n",
03722 MAJOR(attr_val.auth_program_file.device),
03723 MINOR(attr_val.auth_program_file.device));
03724 }
03725 rsbac_read_unlock(&device_list_head.lock, &dflags);
03726 }
03727 result = TRUE;
03728 }
03729 }
03730 #endif
03731 break;
03732
03733 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
03734 case ACT_group_eff:
03735 result = rsbac_list_lol_subexist_compare(process_group_eff_handle, &pid, &member, single_cap_compare);
03736
03737 #if defined(CONFIG_RSBAC_AUTH_LEARN)
03738 if( !result
03739 && (member <= RSBAC_AUTH_MAX_RANGE_UID)
03740 )
03741 {
03742 union rsbac_target_id_t tid;
03743 union rsbac_attribute_value_t attr_val;
03744 rsbac_boolean_t learn;
03745
03746 learn = rsbac_auth_learn;
03747 if(!learn)
03748 {
03749 tid.process = pid;
03750 /* check learn on process */
03751 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE))
03752 learn = attr_val.auth_learn;
03753 }
03754 if(learn)
03755 {
03756 struct rsbac_auth_cap_range_t range;
03757
03758 rsbac_printk(KERN_INFO
03759 "rsbac_auth_p_capset_member(): adding AUTH group eff capability for gid %u to process %u (%.15s)!\n",
03760 member,
03761 pid,
03762 current->comm);
03763 range.first = member;
03764 range.last = member;
03765 rsbac_list_lol_subadd(process_group_eff_handle, &pid, &range, NULL);
03766
03767 tid.process = pid;
03768 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE))
03769 {
03770 struct rsbac_auth_device_list_item_t * device_p;
03771 union rsbac_attribute_value_t attr_val2;
03772 u_long dflags;
03773
03774 if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_gid, &attr_val2, FALSE)
03775 && (range.first == attr_val2.auth_start_gid)
03776 )
03777 {
03778 range.first = RSBAC_AUTH_GROUP_F_CAP;
03779 range.last = range.first;
03780 }
03781 else
03782 if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_egid, &attr_val2, FALSE)
03783 && (range.first == attr_val2.auth_start_egid)
03784 )
03785 {
03786 range.first = RSBAC_AUTH_DAC_GROUP_F_CAP;
03787 range.last = range.first;
03788 }
03789 rsbac_printk(KERN_INFO
03790 "rsbac_auth_p_capset_member(): adding AUTH group eff capability for gid %u to file %u on device %02u:%02u!\n",
03791 range.first,
03792 attr_val.auth_program_file.inode,
03793 MAJOR(attr_val.auth_program_file.device),
03794 MINOR(attr_val.auth_program_file.device));
03795 rsbac_read_lock(&device_list_head.lock, &dflags);
03796 device_p = lookup_device(attr_val.auth_program_file.device);
03797 if(device_p)
03798 {
03799 rsbac_list_lol_subadd(device_p->group_eff_handles[group_eff_fd_hash(attr_val.auth_program_file.inode)],
03800 &attr_val.auth_program_file.inode, &range, NULL);
03801 }
03802 else
03803 {
03804 rsbac_printk(KERN_INFO
03805 "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n",
03806 MAJOR(attr_val.auth_program_file.device),
03807 MINOR(attr_val.auth_program_file.device));
03808 }
03809 rsbac_read_unlock(&device_list_head.lock, &dflags);
03810 }
03811 result = TRUE;
03812 }
03813 }
03814 #endif
03815 break;
03816
03817 case ACT_group_fs:
03818 result = rsbac_list_lol_subexist_compare(process_group_fs_handle, &pid, &member, single_cap_compare);
03819
03820 #if defined(CONFIG_RSBAC_AUTH_LEARN)
03821 if( !result
03822 && (member <= RSBAC_AUTH_MAX_RANGE_UID)
03823 )
03824 {
03825 union rsbac_target_id_t tid;
03826 union rsbac_attribute_value_t attr_val;
03827 rsbac_boolean_t learn;
03828
03829 learn = rsbac_auth_learn;
03830 if(!learn)
03831 {
03832 tid.process = pid;
03833 /* check learn on process */
03834 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_learn, &attr_val, FALSE))
03835 learn = attr_val.auth_learn;
03836 }
03837 if(learn)
03838 {
03839 struct rsbac_auth_cap_range_t range;
03840
03841 rsbac_printk(KERN_INFO
03842 "rsbac_auth_p_capset_member(): adding AUTH group fs capability for gid %u to process %u (%.15s)!\n",
03843 member,
03844 pid,
03845 current->comm);
03846 range.first = member;
03847 range.last = member;
03848 rsbac_list_lol_subadd(process_group_fs_handle, &pid, &range, NULL);
03849
03850 tid.process = pid;
03851 if(!rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_program_file, &attr_val, FALSE))
03852 {
03853 struct rsbac_auth_device_list_item_t * device_p;
03854 union rsbac_attribute_value_t attr_val2;
03855 u_long dflags;
03856
03857 if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_gid, &attr_val2, FALSE)
03858 && (range.first == attr_val2.auth_start_gid)
03859 )
03860 {
03861 range.first = RSBAC_AUTH_GROUP_F_CAP;
03862 range.last = range.first;
03863 }
03864 else
03865 if( !rsbac_get_attr(AUTH, T_PROCESS, tid, A_auth_start_egid, &attr_val2, FALSE)
03866 && (range.first == attr_val2.auth_start_egid)
03867 )
03868 {
03869 range.first = RSBAC_AUTH_DAC_GROUP_F_CAP;
03870 range.last = range.first;
03871 }
03872 rsbac_printk(KERN_INFO
03873 "rsbac_auth_p_capset_member(): adding AUTH group fs capability for gid %u to file %u on device %02u:%02u!\n",
03874 range.first,
03875 attr_val.auth_program_file.inode,
03876 MAJOR(attr_val.auth_program_file.device),
03877 MINOR(attr_val.auth_program_file.device));
03878 rsbac_read_lock(&device_list_head.lock, &dflags);
03879 device_p = lookup_device(attr_val.auth_program_file.device);
03880 if(device_p)
03881 {
03882 rsbac_list_lol_subadd(device_p->group_fs_handles[group_fs_fd_hash(attr_val.auth_program_file.inode)],
03883 &attr_val.auth_program_file.inode, &range, NULL);
03884 }
03885 else
03886 {
03887 rsbac_printk(KERN_INFO
03888 "rsbac_auth_p_capset_member(): unknown device %02u:%02u!\n",
03889 MAJOR(attr_val.auth_program_file.device),
03890 MINOR(attr_val.auth_program_file.device));
03891 }
03892 rsbac_read_unlock(&device_list_head.lock, &dflags);
03893 }
03894 result = TRUE;
03895 }
03896 }
03897 #endif
03898 break;
03899 #endif /* AUTH_DAC_GROUP */
03900 #endif /* AUTH_GROUP */
03901
03902 default:
03903 return FALSE;
03904 }
03905 return result;
03906 }
|
|
|
Definition at line 3932 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, and rsbac_auth_clear_f_capset(). Referenced by rsbac_adf_set_attr_auth(), and rsbac_ta_remove_target(). 03933 {
03934 int err;
03935
03936 err = rsbac_auth_clear_f_capset(0, file, ACT_real);
03937 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
03938 if(!err)
03939 err = rsbac_auth_clear_f_capset(0, file, ACT_eff);
03940 if(!err)
03941 err = rsbac_auth_clear_f_capset(0, file, ACT_fs);
03942 #endif
03943 #ifdef CONFIG_RSBAC_AUTH_GROUP
03944 err = rsbac_auth_clear_f_capset(0, file, ACT_group_real);
03945 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
03946 if(!err)
03947 err = rsbac_auth_clear_f_capset(0, file, ACT_group_eff);
03948 if(!err)
03949 err = rsbac_auth_clear_f_capset(0, file, ACT_group_fs);
03950 #endif
03951 #endif /* AUTH_GROUP */
03952
03953 return err;
03954 }
|
|
||||||||||||||||||||
|
Definition at line 3204 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, fd_hash(), rsbac_auth_cap_range_t::first, rsbac_auth_device_list_item_t::handles, rsbac_auth_cap_range_t::last, rsbac_auth_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove(). Referenced by rsbac_auth_remove_f_cap(). 03209 {
03210 int err=0;
03211 u_long dflags;
03212 struct rsbac_auth_device_list_item_t * device_p;
03213
03214 if (!rsbac_is_initialized())
03215 {
03216 rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_f_capset(): RSBAC not initialized\n");
03217 return(-RSBAC_ENOTINITIALIZED);
03218 }
03219 if (in_interrupt())
03220 {
03221 rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_f_capset(): called from interrupt!\n");
03222 }
03223 if(cap_range.first > cap_range.last)
03224 return(-RSBAC_EINVALIDVALUE);
03225
03226 /* protect device list */
03227 rsbac_read_lock(&device_list_head.lock, &dflags);
03228 device_p = lookup_device(file.device);
03229 if(!device_p)
03230 {
03231 /* trigger rsbac_mount() */
03232 rsbac_read_unlock(&device_list_head.lock, &dflags);
03233 rsbac_get_super_block(file.device);
03234 /* retry */
03235 rsbac_read_lock(&device_list_head.lock, &dflags);
03236 device_p = lookup_device(file.device);
03237 if(!device_p)
03238 {
03239 rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_f_capset(): invalid device %02u:%02u!\n",
03240 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
03241 rsbac_read_unlock(&device_list_head.lock, &dflags);
03242 return(-RSBAC_EINVALIDDEV);
03243 }
03244 }
03245 switch(cap_type)
03246 {
03247 case ACT_real:
03248 err = rsbac_ta_list_lol_subremove(ta_number, device_p->handles[fd_hash(file.inode)], &file.inode, &cap_range);
03249 break;
03250 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
03251 case ACT_eff:
03252 err = rsbac_ta_list_lol_subremove(ta_number, device_p->eff_handles[eff_fd_hash(file.inode)], &file.inode, &cap_range);
03253 break;
03254 case ACT_fs:
03255 err = rsbac_ta_list_lol_subremove(ta_number, device_p->fs_handles[fs_fd_hash(file.inode)], &file.inode, &cap_range);
03256 break;
03257 #endif
03258 #ifdef CONFIG_RSBAC_AUTH_GROUP
03259 case ACT_group_real:
03260 err = rsbac_ta_list_lol_subremove(ta_number, device_p->group_handles[group_fd_hash(file.inode)], &file.inode, &cap_range);
03261 break;
03262 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
03263 case ACT_group_eff:
03264 err = rsbac_ta_list_lol_subremove(ta_number, device_p->group_eff_handles[group_eff_fd_hash(file.inode)], &file.inode, &cap_range);
03265 break;
03266 case ACT_group_fs:
03267 err = rsbac_ta_list_lol_subremove(ta_number, device_p->group_fs_handles[group_fs_fd_hash(file.inode)], &file.inode, &cap_range);
03268 break;
03269 #endif
03270 #endif /* AUTH_GROUP */
03271
03272 default:
03273 err = -RSBAC_EINVALIDTARGET;
03274 }
03275 rsbac_read_unlock(&device_list_head.lock, &dflags);
03276 return(err);
03277 }
|
|
||||||||||||||||||||
|
Definition at line 3161 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove(). Referenced by rsbac_auth_remove_p_cap(), and rsbac_replace_auth_cap(). 03166 {
03167 if (!rsbac_is_initialized())
03168 {
03169 rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_p_capset(): RSBAC not initialized\n");
03170 return(-RSBAC_ENOTINITIALIZED);
03171 }
03172 if (in_interrupt())
03173 {
03174 rsbac_printk(KERN_WARNING "rsbac_auth_remove_from_p_capset(): called from interrupt!\n");
03175 }
03176 if(cap_range.first > cap_range.last)
03177 return(-RSBAC_EINVALIDVALUE);
03178 switch(cap_type)
03179 {
03180 case ACT_real:
03181 return rsbac_ta_list_lol_subremove(ta_number, process_handle, &pid, &cap_range);
03182 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
03183 case ACT_eff:
03184 return rsbac_ta_list_lol_subremove(ta_number, process_eff_handle, &pid, &cap_range);
03185 case ACT_fs:
03186 return rsbac_ta_list_lol_subremove(ta_number, process_fs_handle, &pid, &cap_range);
03187 #endif
03188 #ifdef CONFIG_RSBAC_AUTH_GROUP
03189 case ACT_group_real:
03190 return rsbac_ta_list_lol_subremove(ta_number, process_group_handle, &pid, &cap_range);
03191 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
03192 case ACT_group_eff:
03193 return rsbac_ta_list_lol_subremove(ta_number, process_group_eff_handle, &pid, &cap_range);
03194 case ACT_group_fs:
03195 return rsbac_ta_list_lol_subremove(ta_number, process_group_fs_handle, &pid, &cap_range);
03196 #endif
03197 #endif /* AUTH_GROUP */
03198
03199 default:
03200 return -RSBAC_EINVALIDTARGET;
03201 }
03202 }
|
|
|
Definition at line 3912 of file auth_data_structures.c. References ACT_eff, ACT_fs, ACT_group_eff, ACT_group_fs, ACT_group_real, ACT_real, and rsbac_auth_clear_p_capset(). Referenced by rsbac_ta_remove_target(). 03913 {
03914 int err;
03915
03916 err = rsbac_auth_clear_p_capset(0, pid, ACT_real);
03917 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
03918 err = rsbac_auth_clear_p_capset(0, pid, ACT_eff);
03919 err = rsbac_auth_clear_p_capset(0, pid, ACT_fs);
03920 #endif
03921 #ifdef CONFIG_RSBAC_AUTH_GROUP
03922 err = rsbac_auth_clear_p_capset(0, pid, ACT_group_real);
03923 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
03924 err = rsbac_auth_clear_p_capset(0, pid, ACT_group_eff);
03925 err = rsbac_auth_clear_p_capset(0, pid, ACT_group_fs);
03926 #endif
03927 #endif /* AUTH_GROUP */
03928
03929 return err;
03930 }
|
|
||||||||||||
|
Referenced by rsbac_do_init(), and sys_rsbac_check(). |
|
|
Definition at line 2383 of file auth_data_structures.c. References add_device_item(), auth_register_fd_lists(), cap_compare(), rsbac_auth_device_list_head_t::count, create_device_item(), rsbac_auth_device_list_head_t::curr, rsbac_list_lol_info_t::data_size, rsbac_list_lol_info_t::desc_size, get_error_name(), rsbac_auth_device_list_head_t::head, rsbac_list_lol_info_t::key, rsbac_auth_device_list_head_t::lock, rsbac_list_lol_info_t::max_age, NULL, proc_rsbac_root_p, RSBAC_AUTH_LIST_KEY, RSBAC_AUTH_P_EFF_LIST_NAME, RSBAC_AUTH_P_FS_LIST_NAME, RSBAC_AUTH_P_GROUP_EFF_LIST_NAME, RSBAC_AUTH_P_GROUP_FS_LIST_NAME, RSBAC_AUTH_P_GROUP_LIST_NAME, RSBAC_AUTH_P_LIST_NAME, RSBAC_AUTH_P_LIST_VERSION, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EREINIT, rsbac_is_initialized(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_LIST_DEF_DATA, rsbac_list_lol_register(), RSBAC_LIST_VERSION, RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_root_dev, rsbac_list_lol_info_t::subdata_size, rsbac_list_lol_info_t::subdesc_size, rsbac_auth_device_list_head_t::tail, and rsbac_list_lol_info_t::version. Referenced by rsbac_do_init(). 02385 {
02386 int err = 0;
02387 struct rsbac_auth_device_list_item_t * device_p = NULL;
02388 u_long dflags;
02389 struct proc_dir_entry * tmp_entry_p;
02390 struct rsbac_list_lol_info_t lol_info;
02391
02392 if (rsbac_is_initialized())
02393 {
02394 rsbac_printk(KERN_WARNING "rsbac_init_auth(): RSBAC already initialized\n");
02395 return(-RSBAC_EREINIT);
02396 }
02397
02398 /* set rw-spinlocks to unlocked status and init data structures */
02399 rsbac_printk(KERN_INFO "rsbac_init_auth(): Initializing RSBAC: AUTH subsystem\n");
02400
02401 lol_info.version = RSBAC_AUTH_P_LIST_VERSION;
02402 lol_info.key = RSBAC_AUTH_LIST_KEY;
02403 lol_info.desc_size = sizeof(rsbac_pid_t);
02404 lol_info.data_size = 0;
02405 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t);
02406 lol_info.subdata_size = 0;
02407 lol_info.max_age = 0;
02408 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02409 &process_handle,
02410 &lol_info,
02411 RSBAC_LIST_DEF_DATA,
02412 NULL,
02413 cap_compare,
02414 NULL,
02415 NULL,
02416 NULL,
02417 NULL,
02418 RSBAC_AUTH_P_LIST_NAME,
02419 RSBAC_AUTO_DEV);
02420 if(err)
02421 {
02422 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02423
02424 if(tmp)
02425 {
02426 rsbac_printk(KERN_WARNING
02427 "rsbac_init_auth(): Registering AUTH process cap list failed with error %s\n",
02428 get_error_name(tmp, err));
02429 rsbac_kfree(tmp);
02430 }
02431 }
02432 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
02433 lol_info.version = RSBAC_AUTH_P_LIST_VERSION;
02434 lol_info.key = RSBAC_AUTH_LIST_KEY;
02435 lol_info.desc_size = sizeof(rsbac_pid_t);
02436 lol_info.data_size = 0;
02437 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t);
02438 lol_info.subdata_size = 0;
02439 lol_info.max_age = 0;
02440 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02441 &process_eff_handle,
02442 &lol_info,
02443 RSBAC_LIST_DEF_DATA,
02444 NULL,
02445 cap_compare,
02446 NULL,
02447 NULL,
02448 NULL,
02449 NULL,
02450 RSBAC_AUTH_P_EFF_LIST_NAME,
02451 RSBAC_AUTO_DEV);
02452 if(err)
02453 {
02454 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02455
02456 if(tmp)
02457 {
02458 rsbac_printk(KERN_WARNING
02459 "rsbac_init_auth(): Registering AUTH process eff cap list failed with error %s\n",
02460 get_error_name(tmp, err));
02461 rsbac_kfree(tmp);
02462 }
02463 }
02464 lol_info.version = RSBAC_AUTH_P_LIST_VERSION;
02465 lol_info.key = RSBAC_AUTH_LIST_KEY;
02466 lol_info.desc_size = sizeof(rsbac_pid_t);
02467 lol_info.data_size = 0;
02468 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t);
02469 lol_info.subdata_size = 0;
02470 lol_info.max_age = 0;
02471 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02472 &process_fs_handle,
02473 &lol_info,
02474 RSBAC_LIST_DEF_DATA,
02475 NULL,
02476 cap_compare,
02477 NULL,
02478 NULL,
02479 NULL,
02480 NULL,
02481 RSBAC_AUTH_P_FS_LIST_NAME,
02482 RSBAC_AUTO_DEV);
02483 if(err)
02484 {
02485 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02486
02487 if(tmp)
02488 {
02489 rsbac_printk(KERN_WARNING
02490 "rsbac_init_auth(): Registering AUTH process fs cap list failed with error %s\n",
02491 get_error_name(tmp, err));
02492 rsbac_kfree(tmp);
02493 }
02494 }
02495 #endif
02496
02497 #ifdef CONFIG_RSBAC_AUTH_GROUP
02498 lol_info.version = RSBAC_AUTH_P_LIST_VERSION;
02499 lol_info.key = RSBAC_AUTH_LIST_KEY;
02500 lol_info.desc_size = sizeof(rsbac_pid_t);
02501 lol_info.data_size = 0;
02502 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t);
02503 lol_info.subdata_size = 0;
02504 lol_info.max_age = 0;
02505 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02506 &process_group_handle,
02507 &lol_info,
02508 RSBAC_LIST_DEF_DATA,
02509 NULL,
02510 cap_compare,
02511 NULL,
02512 NULL,
02513 NULL,
02514 NULL,
02515 RSBAC_AUTH_P_GROUP_LIST_NAME,
02516 RSBAC_AUTO_DEV);
02517 if(err)
02518 {
02519 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02520
02521 if(tmp)
02522 {
02523 rsbac_printk(KERN_WARNING
02524 "rsbac_init_auth(): Registering AUTH process group cap list failed with error %s\n",
02525 get_error_name(tmp, err));
02526 rsbac_kfree(tmp);
02527 }
02528 }
02529 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
02530 lol_info.version = RSBAC_AUTH_P_LIST_VERSION;
02531 lol_info.key = RSBAC_AUTH_LIST_KEY;
02532 lol_info.desc_size = sizeof(rsbac_pid_t);
02533 lol_info.data_size = 0;
02534 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t);
02535 lol_info.subdata_size = 0;
02536 lol_info.max_age = 0;
02537 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02538 &process_group_eff_handle,
02539 &lol_info,
02540 RSBAC_LIST_DEF_DATA,
02541 NULL,
02542 cap_compare,
02543 NULL,
02544 NULL,
02545 NULL,
02546 NULL,
02547 RSBAC_AUTH_P_GROUP_EFF_LIST_NAME,
02548 RSBAC_AUTO_DEV);
02549 if(err)
02550 {
02551 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02552
02553 if(tmp)
02554 {
02555 rsbac_printk(KERN_WARNING
02556 "rsbac_init_auth(): Registering AUTH process group eff cap list failed with error %s\n",
02557 get_error_name(tmp, err));
02558 rsbac_kfree(tmp);
02559 }
02560 }
02561 lol_info.version = RSBAC_AUTH_P_LIST_VERSION;
02562 lol_info.key = RSBAC_AUTH_LIST_KEY;
02563 lol_info.desc_size = sizeof(rsbac_pid_t);
02564 lol_info.data_size = 0;
02565 lol_info.subdesc_size = sizeof(struct rsbac_auth_cap_range_t);
02566 lol_info.subdata_size = 0;
02567 lol_info.max_age = 0;
02568 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
02569 &process_group_fs_handle,
02570 &lol_info,
02571 RSBAC_LIST_DEF_DATA,
02572 NULL,
02573 cap_compare,
02574 NULL,
02575 NULL,
02576 NULL,
02577 NULL,
02578 RSBAC_AUTH_P_GROUP_FS_LIST_NAME,
02579 RSBAC_AUTO_DEV);
02580 if(err)
02581 {
02582 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02583
02584 if(tmp)
02585 {
02586 rsbac_printk(KERN_WARNING
02587 "rsbac_init_auth(): Registering AUTH process group fs cap list failed with error %s\n",
02588 get_error_name(tmp, err));
02589 rsbac_kfree(tmp);
02590 }
02591 }
02592 #endif
02593 #endif /* AUTH_GROUP */
02594
02595 /* Init FD lists */
02596 device_list_head.lock = RW_LOCK_UNLOCKED;
02597 device_list_head.head = NULL;
02598 device_list_head.tail = NULL;
02599 device_list_head.curr = NULL;
02600 device_list_head.count = 0;
02601
02602 /* read all data */
02603 #ifdef CONFIG_RSBAC_DEBUG
02604 if (rsbac_debug_ds_auth)
02605 rsbac_printk(KERN_INFO "rsbac_init_auth(): Registering FD lists\n");
02606 #endif
02607 device_p = create_device_item(rsbac_root_dev);
02608 if (!device_p)
02609 {
02610 rsbac_printk(KERN_CRIT "rsbac_init_auth(): Could not add device!\n");
02611 return(-RSBAC_ECOULDNOTADDDEVICE);
02612 }
02613 if((err = auth_register_fd_lists(device_p,rsbac_root_dev)))
02614 {
02615 char tmp[RSBAC_MAXNAMELEN];
02616
02617 rsbac_printk(KERN_WARNING
02618 "rsbac_init_auth(): File/Dir cap set registration failed for dev %02u:%02u, err %s!\n",
02619 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err));
02620 }
02621 /* wait for write access to device_list_head */
02622 rsbac_write_lock_irq(&device_list_head.lock, &dflags);
02623 device_p = add_device_item(device_p);
02624 /* device was added, allow access */
02625 rsbac_write_unlock_irq(&device_list_head.lock, &dflags);
02626 if (!device_p)
02627 {
02628 rsbac_printk(KERN_CRIT "rsbac_init_auth(): Could not add device!\n");
02629 return(-RSBAC_ECOULDNOTADDDEVICE);
02630 }
02631
02632 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
02633 tmp_entry_p = create_proc_entry("auth_devices",
02634 S_IFREG | S_IRUGO,
02635 proc_rsbac_root_p);
02636 if(tmp_entry_p)
02637 {
02638 tmp_entry_p->get_info = auth_devices_proc_info;
02639 }
02640 tmp_entry_p = create_proc_entry("stats_auth",
02641 S_IFREG | S_IRUGO,
02642 proc_rsbac_root_p);
02643 if(tmp_entry_p)
02644 {
02645 tmp_entry_p->get_info = stats_auth_proc_info;
02646 }
02647 tmp_entry_p = create_proc_entry("auth_caplist",
02648 S_IFREG | S_IRUGO,
02649 proc_rsbac_root_p);
02650 if(tmp_entry_p)
02651 {
02652 tmp_entry_p->get_info = auth_caplist_proc_info;
02653 }
02654 #endif
02655
02656 #ifdef CONFIG_RSBAC_DEBUG
02657 if (rsbac_debug_ds_auth)
02658 rsbac_printk(KERN_DEBUG "rsbac_init_auth(): Ready.\n");
02659 #endif
02660 return(err);
02661 };
|
|
|
Definition at line 2663 of file auth_data_structures.c. References add_device_item(), auth_register_fd_lists(), clear_device_item(), create_device_item(), get_error_name(), rsbac_auth_device_list_head_t::lock, lookup_device(), rsbac_auth_device_list_item_t::mount_count, RSBAC_ECOULDNOTADDDEVICE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), RSBAC_MAXNAMELEN, and rsbac_printk(). Referenced by rsbac_mount(). 02664 {
02665 int err = 0;
02666 struct rsbac_auth_device_list_item_t * device_p;
02667 struct rsbac_auth_device_list_item_t * new_device_p;
02668 u_long dflags;
02669
02670 if (!rsbac_is_initialized())
02671 {
02672 rsbac_printk(KERN_WARNING "rsbac_mount_auth(): RSBAC not initialized\n");
02673 return(-RSBAC_ENOTINITIALIZED);
02674 }
02675 #ifdef CONFIG_RSBAC_DEBUG
02676 if (rsbac_debug_ds_auth)
02677 rsbac_printk(KERN_DEBUG "rsbac_mount_auth(): mounting device %02u:%02u\n",
02678 RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
02679 #endif
02680 /* wait for write access to device_list_head */
02681 rsbac_read_lock(&device_list_head.lock, &dflags);
02682 device_p = lookup_device(kdev);
02683 /* repeated mount? */
02684 if(device_p)
02685 {
02686 rsbac_printk(KERN_WARNING "rsbac_mount_auth: repeated mount %u of device %02u:%02u\n",
02687 device_p->mount_count, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02688 device_p->mount_count++;
02689 rsbac_read_unlock(&device_list_head.lock, &dflags);
02690 return 0;
02691 }
02692 rsbac_read_unlock(&device_list_head.lock, &dflags);
02693
02694 new_device_p = create_device_item(kdev);
02695 if(!new_device_p)
02696 return -RSBAC_ECOULDNOTADDDEVICE;
02697
02698 /* register lists */
02699 if((err = auth_register_fd_lists(new_device_p, kdev)))
02700 {
02701 char tmp[RSBAC_MAXNAMELEN];
02702
02703 rsbac_printk(KERN_WARNING
02704 "rsbac_mount_auth(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
02705 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp,err));
02706 }
02707
02708 /* wait for read access to device_list_head */
02709 rsbac_read_lock(&device_list_head.lock, &dflags);
02710 /* make sure to only add, if this device item has not been added in the meantime */
02711 device_p = lookup_device(kdev);
02712 if(device_p)
02713 {
02714 rsbac_printk(KERN_WARNING
02715 "rsbac_mount_auth(): mount race for device %02u:%02u detected!\n",
02716 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02717 device_p->mount_count++;
02718 rsbac_read_unlock(&device_list_head.lock, &dflags);
02719 clear_device_item(new_device_p);
02720 }
02721 else
02722 {
02723 rsbac_read_unlock(&device_list_head.lock, &dflags);
02724 rsbac_write_lock_irq(&device_list_head.lock, &dflags);
02725 device_p = add_device_item(new_device_p);
02726 rsbac_write_unlock_irq(&device_list_head.lock, &dflags);
02727 if(!device_p)
02728 {
02729 rsbac_printk(KERN_WARNING "rsbac_mount_auth: adding device %02u:%02u failed!\n",
02730 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02731 clear_device_item(new_device_p);
02732 err = -RSBAC_ECOULDNOTADDDEVICE;
02733 }
02734 }
02735 return(err);
02736 };
|
|
|
Definition at line 2783 of file auth_data_structures.c. References A_none, rsbac_attribute_value_t::dummy, rsbac_auth_device_list_item_t::handles, rsbac_auth_device_list_head_t::head, rsbac_auth_device_list_item_t::id, rsbac_auth_device_list_head_t::lock, rsbac_auth_device_list_item_t::next, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_lol_all_subcount(), rsbac_list_lol_count(), rsbac_printk(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD. Referenced by rsbac_stats(). 02784 {
02785 u_int cap_set_count = 0;
02786 u_int member_count = 0;
02787 u_long dflags;
02788 struct rsbac_auth_device_list_item_t * device_p;
02789 int i;
02790
02791 union rsbac_target_id_t rsbac_target_id;
02792 union rsbac_attribute_value_t rsbac_attribute_value;
02793
02794 if (!rsbac_is_initialized())
02795 {
02796 rsbac_printk(KERN_WARNING "rsbac_stats_auth(): RSBAC not initialized\n");
02797 return(-RSBAC_ENOTINITIALIZED);
02798 }
02799 #ifdef CONFIG_RSBAC_DEBUG
02800 if (rsbac_debug_aef_auth)
02801 rsbac_printk(KERN_DEBUG "rsbac_stats_auth(): calling ADF\n");
02802 #endif
02803 rsbac_target_id.scd = ST_rsbac;
02804 rsbac_attribute_value.dummy = 0;
02805 if (!rsbac_adf_request(R_GET_STATUS_DATA,
02806 current->pid,
02807 T_SCD,
02808 rsbac_target_id,
02809 A_none,
02810 rsbac_attribute_value))
02811 {
02812 return -EPERM;
02813 }
02814
02815 rsbac_printk(KERN_INFO "AUTH Status\n-----------\n");
02816
02817 rsbac_printk(KERN_INFO "%lu process cap set items, sum of %lu members\n",
02818 rsbac_list_lol_count(process_handle),
02819 rsbac_list_lol_all_subcount(process_handle));
02820
02821 /* protect device list */
02822 rsbac_read_lock(&device_list_head.lock, &dflags);
02823 device_p = device_list_head.head;
02824 while(device_p)
02825 {
02826 /* reset counters */
02827 cap_set_count = 0;
02828 member_count = 0;
02829 for(i=0 ; i < RSBAC_AUTH_NR_CAP_FD_LISTS; i++)
02830 {
02831 cap_set_count += rsbac_list_lol_count(device_p->handles[i]);
02832 member_count += rsbac_list_lol_all_subcount(device_p->handles[i]);
02833 }
02834 rsbac_printk(KERN_INFO "device %02u:%02u has %u file cap set items, sum of %u members\n",
02835 RSBAC_MAJOR(device_p->id),
02836 RSBAC_MINOR(device_p->id),
02837 cap_set_count,member_count);
02838 device_p = device_p->next;
02839 }
02840 /* unprotect device list */
02841 rsbac_read_unlock(&device_list_head.lock, &dflags);
02842 return(0);
02843 };
|
|
|
Definition at line 2740 of file auth_data_structures.c. References rsbac_auth_device_list_head_t::lock, lookup_device(), rsbac_auth_device_list_item_t::mount_count, remove_device_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), and rsbac_printk(). Referenced by rsbac_umount(). 02741 {
02742 u_long flags;
02743 struct rsbac_auth_device_list_item_t * device_p;
02744
02745 if (!rsbac_is_initialized())
02746 {
02747 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
02748 return(-RSBAC_ENOTINITIALIZED);
02749 }
02750
02751 #ifdef CONFIG_RSBAC_DEBUG
02752 if (rsbac_debug_ds_auth)
02753 rsbac_printk(KERN_DEBUG "rsbac_umount_auth(): umounting device %02u:%02u\n",
02754 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02755 #endif
02756 /* sync of attribute lists was done in rsbac_umount */
02757 /* wait for write access to device_list_head */
02758 rsbac_write_lock(&device_list_head.lock, &flags);
02759 /* OK, nobody else is working on it... */
02760 device_p = lookup_device(kdev);
02761 if(device_p)
02762 {
02763 if(device_p->mount_count == 1)
02764 remove_device_item(kdev);
02765 else
02766 {
02767 if(device_p->mount_count > 1)
02768 device_p->mount_count--;
02769 else
02770 rsbac_printk(KERN_WARNING "rsbac_mount_auth: device %02u:%02u has mount_count < 1!\n",
02771 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02772 }
02773 }
02774
02775 /* allow access */
02776 rsbac_write_unlock(&device_list_head.lock, &flags);
02777 return(0);
02778 }
|
1.4.2