00001
00002
00003
00004
00005
00006
00007
00008
00009 #ifndef __KERNEL__
00010 #include <stdlib.h>
00011 #endif
00012 #include <rsbac/types.h>
00013 #include <rsbac/getname.h>
00014 #include <rsbac/helpers.h>
00015 #include <rsbac/error.h>
00016 #include <rsbac/pax_getname.h>
00017
00018 #ifdef __KERNEL__
00019 #include <linux/string.h>
00020 #include <linux/module.h>
00021 #include <linux/fs.h>
00022 #include <linux/kernel.h>
00023 #include <linux/netdevice.h>
00024 #include <linux/inetdevice.h>
00025 #include <rsbac/rkmem.h>
00026 #include <rsbac/network.h>
00027 #include <rsbac/net_getname.h>
00028 #else
00029 #include <stdio.h>
00030 #include <string.h>
00031 #include <errno.h>
00032 #endif
00033
00034 static char request_list[R_NONE+1][24] = {
00035 "ADD_TO_KERNEL",
00036 "ALTER",
00037 "APPEND_OPEN",
00038 "CHANGE_GROUP",
00039 "CHANGE_OWNER",
00040 "CHDIR",
00041 "CLONE",
00042 "CLOSE",
00043 "CREATE",
00044 "DELETE",
00045 "EXECUTE",
00046 "GET_PERMISSIONS_DATA",
00047 "GET_STATUS_DATA",
00048 "LINK_HARD",
00049 "MODIFY_ACCESS_DATA",
00050 "MODIFY_ATTRIBUTE",
00051 "MODIFY_PERMISSIONS_DATA",
00052 "MODIFY_SYSTEM_DATA",
00053 "MOUNT",
00054 "READ",
00055 "READ_ATTRIBUTE",
00056 "READ_WRITE_OPEN",
00057 "READ_OPEN",
00058 "REMOVE_FROM_KERNEL",
00059 "RENAME",
00060 "SEARCH",
00061 "SEND_SIGNAL",
00062 "SHUTDOWN",
00063 "SWITCH_LOG",
00064 "SWITCH_MODULE",
00065 "TERMINATE",
00066 "TRACE",
00067 "TRUNCATE",
00068 "UMOUNT",
00069 "WRITE",
00070 "WRITE_OPEN",
00071 "MAP_EXEC",
00072 "BIND",
00073 "LISTEN",
00074 "ACCEPT",
00075 "CONNECT",
00076 "SEND",
00077 "RECEIVE",
00078 "NET_SHUTDOWN",
00079 "CHANGE_DAC_EFF_OWNER",
00080 "CHANGE_DAC_FS_OWNER",
00081 "CHANGE_DAC_EFF_GROUP",
00082 "CHANGE_DAC_FS_GROUP",
00083 "IOCTL",
00084 "LOCK",
00085 "NONE" };
00086
00087 static char result_list[UNDEFINED+1][12] = {
00088 "NOT_GRANTED",
00089 "GRANTED",
00090 "DO_NOT_CARE",
00091 "UNDEFINED" };
00092
00093 static rsbac_switch_target_int_t attr_mod_list[A_none+1] = {
00094 GEN,
00095 MAC,
00096 MAC,
00097 MAC,
00098 MAC,
00099 MAC,
00100 MAC,
00101 MAC,
00102 MAC,
00103 MAC,
00104 MAC,
00105 MAC,
00106 MAC,
00107 MAC,
00108 SW_NONE,
00109 MAC,
00110 DAZ,
00111 FF,
00112 AUTH,
00113 CAP,
00114 JAIL,
00115 PAX,
00116 MAC,
00117 MAC,
00118 MAC,
00119 MAC,
00120 MAC,
00121 MAC,
00122 MAC,
00123 MAC,
00124 MAC,
00125 PM,
00126 PM,
00127 PM,
00128 PM,
00129 PM,
00130 PM,
00131 PM,
00132 PM,
00133 PM,
00134 PM,
00135 PM,
00136 PM,
00137 PM,
00138 PM,
00139 PM,
00140 DAZ,
00141 DAZ,
00142 FF,
00143 RC,
00144 RC,
00145 RC,
00146 RC,
00147 RC,
00148 RC,
00149 RC,
00150 RC,
00151 RC,
00152 AUTH,
00153 AUTH,
00154 AUTH,
00155 CAP,
00156 CAP,
00157 CAP,
00158 CAP,
00159 JAIL,
00160 JAIL,
00161 JAIL,
00162 JAIL,
00163 JAIL,
00164 JAIL,
00165 PAX,
00166 RES,
00167 RES,
00168 RES,
00169 GEN,
00170 GEN,
00171 GEN,
00172 GEN,
00173 GEN,
00174 GEN,
00175 GEN,
00176 GEN,
00177 GEN,
00178 GEN,
00179 GEN,
00180 GEN,
00181 GEN,
00182 CAP,
00183 GEN,
00184 GEN,
00185 GEN,
00186 AUTH,
00187 GEN,
00188 #ifdef __KERNEL__
00189
00190 SW_NONE,
00191 SW_NONE,
00192 SW_NONE,
00193 SW_NONE,
00194 SW_NONE,
00195 SW_NONE,
00196 SW_NONE,
00197 SW_NONE,
00198 SW_NONE,
00199 SW_NONE,
00200 SW_NONE,
00201 SW_NONE,
00202 SW_NONE,
00203 SW_NONE,
00204 SW_NONE,
00205 SW_NONE,
00206 SW_NONE,
00207 SW_NONE,
00208 SW_NONE,
00209 SW_NONE,
00210 SW_NONE,
00211 SW_NONE,
00212 SW_NONE,
00213 SW_NONE,
00214 SW_NONE,
00215 SW_NONE,
00216 SW_NONE,
00217 SW_NONE,
00218 SW_NONE,
00219 SW_NONE,
00220 SW_NONE,
00221 #endif
00222 SW_NONE };
00223
00224 static char attribute_list[A_none+1][23] = {
00225 "pseudo",
00226 "security_level",
00227 "initial_security_level",
00228 "local_sec_level",
00229 "remote_sec_level",
00230 "min_security_level",
00231 "mac_categories",
00232 "mac_initial_categories",
00233 "local_mac_categories",
00234 "remote_mac_categories",
00235 "mac_min_categories",
00236 "mac_user_flags",
00237 "mac_process_flags",
00238 "mac_file_flags",
00239 "system_role",
00240 "mac_role",
00241 "daz_role",
00242 "ff_role",
00243 "auth_role",
00244 "cap_role",
00245 "jail_role",
00246 "pax_role",
00247 "current_sec_level",
00248 "mac_curr_categories",
00249 "min_write_open",
00250 "min_write_categories",
00251 "max_read_open",
00252 "max_read_categories",
00253 "mac_auto",
00254 "mac_check",
00255 "mac_prop_trusted",
00256 "pm_role",
00257 "pm_process_type",
00258 "pm_current_task",
00259 "pm_object_class",
00260 "local_pm_object_class",
00261 "remote_pm_object_class",
00262 "pm_ipc_purpose",
00263 "local_pm_ipc_purpose",
00264 "remote_pm_ipc_purpose",
00265 "pm_object_type",
00266 "local_pm_object_type",
00267 "remote_pm_object_type",
00268 "pm_program_type",
00269 "pm_tp",
00270 "pm_task_set",
00271 "daz_scanned",
00272 "daz_scanner",
00273 "ff_flags",
00274 "rc_type",
00275 "local_rc_type",
00276 "remote_rc_type",
00277 "rc_type_fd",
00278 "rc_type_nt",
00279 "rc_force_role",
00280 "rc_initial_role",
00281 "rc_role",
00282 "rc_def_role",
00283 "auth_may_setuid",
00284 "auth_may_set_cap",
00285 "auth_learn",
00286 "min_caps",
00287 "max_caps",
00288 "max_caps_user",
00289 "max_caps_program",
00290 "jail_id",
00291 "jail_ip",
00292 "jail_flags",
00293 "jail_max_caps",
00294 "jail_scd_get",
00295 "jail_scd_modify",
00296 "pax_flags",
00297 "res_role",
00298 "res_min",
00299 "res_max",
00300 "log_array_low",
00301 "local_log_array_low",
00302 "remote_log_array_low",
00303 "log_array_high",
00304 "local_log_array_high",
00305 "remote_log_array_high",
00306 "log_program_based",
00307 "log_user_based",
00308 "symlink_add_remote_ip",
00309 "symlink_add_uid",
00310 "symlink_add_mac_level",
00311 "symlink_add_rc_role",
00312 "linux_dac_disable",
00313 "cap_process_hiding",
00314 "fake_root_uid",
00315 "audit_uid",
00316 "auid_exempt",
00317 "auth_last_auth",
00318 "remote_ip",
00319 #ifdef __KERNEL__
00320
00321 "owner",
00322 "group",
00323 "signal",
00324 "mode",
00325 "nlink",
00326 "switch_target",
00327 "mod_name",
00328 "request",
00329 "trace_request",
00330 "auth_add_f_cap",
00331 "auth_remove_f_cap",
00332 "auth_get_caplist",
00333 "prot_bits",
00334 "internal",
00335 "create_data",
00336 "new_object",
00337 "rlimit",
00338 "new_dir_dentry_p",
00339 "auth_program_file",
00340 "auth_start_uid",
00341 "auth_start_euid",
00342 "auth_start_gid",
00343 "auth_start_egid",
00344 "acl_learn",
00345 "priority",
00346 "pgid",
00347 "kernel_thread",
00348 "open_flag",
00349 "reboot_cmd",
00350 "setsockopt_level",
00351 "ioctl_cmd",
00352 "f_mode",
00353 #endif
00354 "none" };
00355
00356 static char target_list[T_NONE+1][11] = {
00357 "FILE",
00358 "DIR",
00359 "FIFO",
00360 "SYMLINK",
00361 "DEV",
00362 "IPC",
00363 "SCD",
00364 "USER",
00365 "PROCESS",
00366 "NETDEV",
00367 "NETTEMP",
00368 "NETOBJ",
00369 "NETTEMP_NT",
00370 "GROUP",
00371 "FD",
00372 "NONE" };
00373
00374 static char ipc_target_list[I_none+1][9] = {
00375 "sem",
00376 "msg",
00377 "shm",
00378 "anonpipe",
00379 "mqueue",
00380 "none" };
00381
00382 static char switch_target_list[SW_NONE+1][12] = {
00383 "GEN",
00384 "MAC",
00385 "PM",
00386 "DAZ",
00387 "FF",
00388 "RC",
00389 "AUTH",
00390 "REG",
00391 "ACL",
00392 "CAP",
00393 "JAIL",
00394 "RES",
00395 "PAX",
00396 "SOFTMODE",
00397 "DAC_DISABLE",
00398 "UM",
00399 "FREEZE",
00400 "NONE" };
00401
00402 static char error_list[RSBAC_EMAX][25] = {
00403 "RSBAC_EPERM",
00404 "RSBAC_EACCESS",
00405 "RSBAC_EREADFAILED",
00406 "RSBAC_EWRITEFAILED",
00407 "RSBAC_EINVALIDPOINTER",
00408 "RSBAC_ENOROOTDIR",
00409 "RSBAC_EPATHTOOLONG",
00410 "RSBAC_ENOROOTDEV",
00411 "RSBAC_ENOTFOUND",
00412 "RSBAC_ENOTINITIALIZED",
00413 "RSBAC_EREINIT",
00414 "RSBAC_ECOULDNOTADDDEVICE",
00415 "RSBAC_ECOULDNOTADDITEM",
00416 "RSBAC_ECOULDNOTCREATEPATH",
00417 "RSBAC_EINVALIDATTR",
00418 "RSBAC_EINVALIDDEV",
00419 "RSBAC_EINVALIDTARGET",
00420 "RSBAC_EINVALIDVALUE",
00421 "RSBAC_EEXISTS",
00422 "RSBAC_EINTERNONLY",
00423 "RSBAC_EINVALIDREQUEST",
00424 "RSBAC_ENOTWRITABLE",
00425 "RSBAC_EMALWAREDETECTED",
00426 "RSBAC_ENOMEM",
00427 "RSBAC_EDECISIONMISMATCH",
00428 "RSBAC_EINVALIDVERSION",
00429 "RSBAC_EINVALIDMODULE",
00430 "RSBAC_EEXPIRED",
00431 "RSBAC_EMUSTCHANGE",
00432 "RSBAC_EBUSY",
00433 "RSBAC_EINVALIDTRANSACTION",
00434 "RSBAC_EWEAKPASSWORD"
00435 };
00436
00437 static char scd_type_list[ST_none+1][17] = {
00438 "time_strucs",
00439 "clock",
00440 "host_id",
00441 "net_id",
00442 "ioports",
00443 "rlimit",
00444 "swap",
00445 "syslog",
00446 "rsbac",
00447 "rsbac_log",
00448 "other",
00449 "kmem",
00450 "network",
00451 "firewall",
00452 "priority",
00453 "sysfs",
00454 "rsbac_remote_log",
00455 "quota",
00456 "sysctl",
00457 "nfsd",
00458 "ksyms",
00459 "mlock",
00460 "capability",
00461 "none" };
00462
00463
00464
00465 #ifndef __KERNEL__
00466 static char attribute_param_list[A_none+1][193] = {
00467 "user-pseudo (positive long integer)",
00468 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00469 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00470 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00471 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00472 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00473 "Bit Set String of length 64 for all categories",
00474 "Bit Set String of length 64 for all categories",
00475 "Bit Set String of length 64 for all categories",
00476 "Bit Set String of length 64 for all categories",
00477 "Bit Set String of length 64 for all categories",
00478 "1 = override, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down, 64 = allow_mac_auto",
00479 "1 = override, 2 = auto, 4 = trusted, 8 = write_up,\n\t16 = read_up, 32 = write_down, 128 = prop_trusted",
00480 "2 = auto, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down",
00481 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00482 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00483 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00484 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00485 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00486 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00487 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00488 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00489 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00490 "Bit Set String of length 64 for all categories",
00491 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00492 "Bit Set String of length 64 for all categories",
00493 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00494 "Bit Set String of length 64 for all categories",
00495 "0 = no, 1 = yes, 2 = inherit (default value)",
00496 "0 = false, 1 = true",
00497 "0 = false, 1 = true",
00498 "0 = user, 1 = security officer, 2 = data protection officer,\n\t3 = TP-manager, 4 = system-admin",
00499 "0 = none, 1 = TP",
00500 "Task-ID (positive integer)",
00501 "Class-ID (positive integer)",
00502 "Class-ID (positive integer)",
00503 "Class-ID (positive integer)",
00504 "Purpose-ID (positive integer)",
00505 "Purpose-ID (positive integer)",
00506 "Purpose-ID (positive integer)",
00507 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00508 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00509 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00510 "0 = none, 1 = TP",
00511 "TP-ID (positive integer)",
00512 "pm-task-list-ID (positive integer)",
00513 "0 = unscanned, 1 = infected, 2 = clean",
00514 "0 = FALSE, 1 = TRUE",
00515 "1 = read_only, 2 = execute_only, 4 = search_only, 8 = write_only,\n\t16 = secure_delete, 32 = no_execute, 64 = no_delete_or_rename,\n\t128 = add_inherited (or'd), 256 = append_only, 512 = no_mount",
00516 "RC-type-id",
00517 "RC-type-id",
00518 "RC-type-id",
00519 "RC-type-id (-2 = inherit from parent)",
00520 "RC-type-id",
00521 "RC-role-id (-1 = inherit_user, -2 = inherit_process (keep),\n\t-3 = inherit_parent (def.),\n\t-4 = inherit_user_on_chown_only (root default)",
00522 "RC-role-id (-3 = inherit_parent (default),\n\t-5 = use_force_role (root default)",
00523 "RC-role-id",
00524 "RC-role-id",
00525 "0 = off, 1 = full, 2 = last_auth_only, 3 = last_auth_and_gid",
00526 "0 = false, 1 = true",
00527 "0 = false, 1 = true",
00528 "Bit-Vector value or name list of desired caps",
00529 "Bit-Vector value or name list of desired caps",
00530 "Bit-Vector value or name list of desired caps",
00531 "Bit-Vector value or name list of desired caps",
00532 "JAIL ID (0 = off)",
00533 "JAIL IP address a.b.c.d",
00534 "JAIL flags (or'd, 1 = allow external IPC, 2 = allow all net families,\n\t4 = allow_rlimit, 8 = allow raw IP, 16 = auto adjust IP,\n\t32 = allow localhost, 64 = allow scd clock)",
00535 "Bit-Vector value or name list of desired caps",
00536 "PAX flags with capital=on, non-capital=off, e.g. PeMRxS",
00537 "0 = user, 1 = security officer, 2 = administrator",
00538 "array of non-negative integer values, all 0 for unset",
00539 "array of non-negative integer values, all 0 for unset",
00540 "Bit-String for all Requests, low bit",
00541 "Bit-String for all Requests, low bit",
00542 "Bit-String for all Requests, low bit",
00543 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00544 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00545 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00546 "Bit-String for all Requests",
00547 "Bit-String for all Requests",
00548 "Number of bytes to add, 0 to turn off",
00549 "0 = false, 1 = true",
00550 "0 = false, 1 = true",
00551 "0 = false, 1 = true",
00552 "0 = false, 1 = true, 2 = inherit (default)",
00553 "0 = off (default), 1 = from other users, 2 = full",
00554 "0 = off (default), 1 = uid_only, 2 = euid_only, 3 = both",
00555 "-3 = unset, uid otherwise",
00556 "-3 = unset, uid otherwise",
00557 "-3 = unset, uid otherwise",
00558 "32 Bit value in network byte order",
00559 "INVALID!" };
00560 #endif
00561
00562 static char log_level_list[LL_invalid+1][9] = {
00563 "none",
00564 "denied",
00565 "full",
00566 "request",
00567 "invalid!" };
00568
00569 static char cap_list[RSBAC_CAP_MAX+1][17] = {
00570 "CHOWN",
00571 "DAC_OVERRIDE",
00572 "DAC_READ_SEARCH",
00573 "FOWNER",
00574 "FSETID",
00575 "KILL",
00576 "SETGID",
00577 "SETUID",
00578 "SETPCAP",
00579 "LINUX_IMMUTABLE",
00580 "NET_BIND_SERVICE",
00581 "NET_BROADCAST",
00582 "NET_ADMIN",
00583 "NET_RAW",
00584 "IPC_LOCK",
00585 "IPC_OWNER",
00586 "SYS_MODULE",
00587 "SYS_RAWIO",
00588 "SYS_CHROOT",
00589 "SYS_PTRACE",
00590 "SYS_PACCT",
00591 "SYS_ADMIN",
00592 "SYS_BOOT",
00593 "SYS_NICE",
00594 "SYS_RESOURCE",
00595 "SYS_TIME",
00596 "SYS_TTY_CONFIG",
00597 "MKNOD",
00598 "LEASE",
00599 "NONE" };
00600
00601
00602
00603 #ifdef __KERNEL__
00604 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00605 EXPORT_SYMBOL(get_request_name);
00606 #endif
00607 #endif
00608
00609 char * get_request_name(char * request_name,
00610 enum rsbac_adf_request_t request)
00611 {
00612 if(!request_name)
00613 return(NULL);
00614 if(request >= R_NONE)
00615 strcpy(request_name, "ERROR!");
00616 else
00617 strcpy(request_name, request_list[request]);
00618 return(request_name);
00619 }
00620
00621 enum rsbac_adf_request_t get_request_nr(const char * request_name)
00622 {
00623 enum rsbac_adf_request_t i;
00624
00625 if(!request_name)
00626 return(R_NONE);
00627 for (i = 0; i < R_NONE; i++)
00628 {
00629 if (!strcmp(request_name,request_list[i]))
00630 {
00631 return(i);
00632 }
00633 }
00634 return(R_NONE);
00635 }
00636
00637
00638 char * get_result_name(char * res_name,
00639 enum rsbac_adf_req_ret_t res)
00640 {
00641 if(!res_name)
00642 return(NULL);
00643 if(res > UNDEFINED)
00644 strcpy(res_name, "ERROR!");
00645 else
00646 strcpy(res_name, result_list[res]);
00647 return(res_name);
00648 }
00649
00650 enum rsbac_adf_req_ret_t get_result_nr(const char * res_name)
00651 {
00652 enum rsbac_adf_req_ret_t i;
00653
00654 if(!res_name)
00655 return(UNDEFINED);
00656 for (i = 0; i < UNDEFINED; i++)
00657 {
00658 if (!strcmp(res_name,result_list[i]))
00659 {
00660 return(i);
00661 }
00662 }
00663 return(UNDEFINED);
00664 }
00665
00666
00667 enum rsbac_switch_target_t get_attr_module(enum rsbac_attribute_t attr)
00668 {
00669 if(attr > A_none)
00670 return SW_NONE;
00671 else
00672 return attr_mod_list[attr];
00673 }
00674
00675 #ifdef __KERNEL__
00676 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00677 EXPORT_SYMBOL(get_attribute_name);
00678 #endif
00679 #endif
00680
00681 char * get_attribute_name( char * attr_name,
00682 enum rsbac_attribute_t attr)
00683 {
00684 if(!attr_name)
00685 return(NULL);
00686 if(attr > A_none)
00687 strcpy(attr_name, "ERROR!");
00688 else
00689 strcpy(attr_name, attribute_list[attr]);
00690 return(attr_name);
00691 }
00692
00693 enum rsbac_attribute_t get_attribute_nr(const char * attr_name)
00694 {
00695 enum rsbac_attribute_t i;
00696
00697 if(!attr_name)
00698 return(A_none);
00699 for (i = 0; i < A_none; i++)
00700 {
00701 if (!strcmp(attr_name,attribute_list[i]))
00702 {
00703 return(i);
00704 }
00705 }
00706 return(A_none);
00707 }
00708
00709 #ifdef __KERNEL__
00710 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00711 EXPORT_SYMBOL(get_attribute_value_name);
00712 #endif
00713 #endif
00714
00715 char * get_attribute_value_name( char * attr_val_name,
00716 enum rsbac_attribute_t attr,
00717 union rsbac_attribute_value_t * attr_val_p)
00718 {
00719 if(!attr_val_name)
00720 return(NULL);
00721 if(attr > A_none)
00722 strcpy(attr_val_name, "ERROR!");
00723 else
00724 switch(attr)
00725 {
00726 case A_none:
00727 strcpy(attr_val_name, "none");
00728 break;
00729 #ifdef __KERNEL__
00730 case A_create_data:
00731 {
00732 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00733
00734 if(tmp)
00735 {
00736 if(attr_val_p->create_data.dentry_p)
00737 snprintf(attr_val_name, RSBAC_MAXNAMELEN - 1,
00738 "%s %s, mode %o",
00739 get_target_name_only(tmp, attr_val_p->create_data.target),
00740 attr_val_p->create_data.dentry_p->d_name.name,
00741 attr_val_p->create_data.mode & S_IALLUGO);
00742 else
00743 snprintf(attr_val_name, RSBAC_MAXNAMELEN - 1,
00744 "%s, mode %o",
00745 get_target_name_only(tmp, attr_val_p->create_data.target),
00746 attr_val_p->create_data.mode & S_IALLUGO);
00747 rsbac_kfree(tmp);
00748 }
00749 }
00750 break;
00751 case A_mode:
00752 sprintf(attr_val_name, "%o", attr_val_p->mode);
00753 break;
00754 case A_priority:
00755 sprintf(attr_val_name, "%i", attr_val_p->priority);
00756 break;
00757 case A_mod_name:
00758 if(attr_val_p->mod_name)
00759 strncpy(attr_val_name, attr_val_p->mod_name, RSBAC_MAXNAMELEN - 1);
00760 else
00761 strcpy(attr_val_name, "unknown");
00762 attr_val_name[RSBAC_MAXNAMELEN - 1] = 0;
00763 break;
00764 case A_auth_add_f_cap:
00765 case A_auth_remove_f_cap:
00766 sprintf(attr_val_name, "%u:%u",
00767 attr_val_p->auth_cap_range.first,
00768 attr_val_p->auth_cap_range.last);
00769 break;
00770 case A_switch_target:
00771 get_switch_target_name(attr_val_name, attr_val_p->switch_target);
00772 break;
00773 case A_request:
00774 get_request_name(attr_val_name, attr_val_p->request);
00775 break;
00776 #endif
00777 #if defined(CONFIG_RSBAC_PAX) || !defined(__KERNEL__)
00778 case A_pax_flags:
00779 pax_print_flags(attr_val_name, attr_val_p->pax_flags);
00780 break;
00781 #endif
00782 default:
00783 snprintf(attr_val_name, RSBAC_MAXNAMELEN - 1, "%u", attr_val_p->u_dummy);
00784 }
00785 return(attr_val_name);
00786 }
00787
00788
00789 #ifdef __KERNEL__
00790 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00791 EXPORT_SYMBOL(get_scd_type_name);
00792 #endif
00793 #endif
00794
00795 char * get_scd_type_name(char * res_name,
00796 enum rsbac_scd_type_t res)
00797 {
00798 if(!res_name)
00799 return(NULL);
00800 if(res > ST_none)
00801 strcpy(res_name, "ERROR!");
00802 else
00803 strcpy(res_name, scd_type_list[res]);
00804 return(res_name);
00805 }
00806
00807 enum rsbac_scd_type_t get_scd_type_nr(const char * res_name)
00808 {
00809 enum rsbac_scd_type_t i;
00810
00811 if(!res_name)
00812 return(ST_none);
00813 for (i = 0; i < ST_none; i++)
00814 {
00815 if (!strcmp(res_name, scd_type_list[i]))
00816 {
00817 return(i);
00818 }
00819 }
00820 return(ST_none);
00821 }
00822
00823
00824 #ifdef __KERNEL__
00825 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00826 EXPORT_SYMBOL(get_target_name);
00827 #endif
00828 #endif
00829
00830 char * get_target_name(char * target_type_name,
00831 enum rsbac_target_t target,
00832 char * target_id_name,
00833 union rsbac_target_id_t tid)
00834 {
00835 #ifdef __KERNEL__
00836 char * help_name;
00837 #else
00838 char help_name[RSBAC_MAXNAMELEN+4];
00839 #endif
00840
00841 if(!target_type_name)
00842 return(NULL);
00843
00844 #ifdef __KERNEL__
00845 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00846 help_name = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + 4);
00847 #else
00848 help_name = rsbac_kmalloc(RSBAC_MAXNAMELEN + 4);
00849 #endif
00850 if(!help_name)
00851 return NULL;
00852 #endif
00853
00854 switch(target)
00855 {
00856 #ifdef __KERNEL__
00857 case T_FD: strcpy (target_type_name, "FD");
00858 if(!target_id_name)
00859 break;
00860 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00861 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00862 tid.file.inode);
00863 if( tid.file.dentry_p
00864 && tid.file.dentry_p->d_name.name
00865 && tid.file.dentry_p->d_name.len
00866 )
00867 {
00868 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00869 if(rsbac_get_full_path(tid.file.dentry_p, help_name,
00870 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00871 {
00872 strcat(target_id_name, " Path ");
00873 strcat(target_id_name, help_name);
00874 }
00875 #else
00876 int namelen = rsbac_min(tid.file.dentry_p->d_name.len, RSBAC_MAXNAMELEN);
00877
00878 strcat(target_id_name, " Name ");
00879 strncpy(help_name, tid.file.dentry_p->d_name.name, namelen);
00880 help_name[namelen]=0;
00881 strcat(target_id_name, help_name);
00882 #endif
00883 }
00884 break;
00885 case T_FILE: strcpy (target_type_name, "FILE");
00886 if(!target_id_name)
00887 break;
00888 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00889 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00890 tid.file.inode);
00891 if( tid.file.dentry_p
00892 && tid.file.dentry_p->d_name.name
00893 && tid.file.dentry_p->d_name.len
00894 )
00895 {
00896 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00897 if(rsbac_get_full_path(tid.file.dentry_p, help_name,
00898 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00899 {
00900 strcat(target_id_name, " Path ");
00901 strcat(target_id_name, help_name);
00902 }
00903 #else
00904 int namelen = rsbac_min(tid.file.dentry_p->d_name.len, RSBAC_MAXNAMELEN);
00905
00906 strcat(target_id_name, " Name ");
00907 strncpy(help_name, tid.file.dentry_p->d_name.name, namelen);
00908 help_name[namelen]=0;
00909 strcat(target_id_name, help_name);
00910 #endif
00911 }
00912 break;
00913 case T_DIR: strcpy (target_type_name, "DIR");
00914 if(!target_id_name)
00915 break;
00916 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00917 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00918 tid.dir.inode);
00919 if( tid.dir.dentry_p
00920 && tid.dir.dentry_p->d_name.name
00921 && tid.dir.dentry_p->d_name.len
00922 )
00923 {
00924 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00925 if(rsbac_get_full_path(tid.dir.dentry_p, help_name,
00926 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00927 {
00928 strcat(target_id_name, " Path ");
00929 strcat(target_id_name, help_name);
00930 }
00931 #else
00932 int namelen = rsbac_min(tid.dir.dentry_p->d_name.len, RSBAC_MAXNAMELEN);
00933
00934 strcat(target_id_name, " Name ");
00935 strncpy(help_name, tid.dir.dentry_p->d_name.name, namelen);
00936 help_name[namelen]=0;
00937 strcat(target_id_name, help_name);
00938 #endif
00939 }
00940 break;
00941 case T_FIFO: strcpy (target_type_name, "FIFO");
00942 if(!target_id_name)
00943 break;
00944 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00945 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00946 tid.fifo.inode);
00947 if( tid.fifo.dentry_p
00948 && tid.fifo.dentry_p->d_name.name
00949 && tid.fifo.dentry_p->d_name.len
00950 )
00951 {
00952 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00953 if(rsbac_get_full_path(tid.fifo.dentry_p, help_name,
00954 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00955 {
00956 strcat(target_id_name, " Path ");
00957 strcat(target_id_name, help_name);
00958 }
00959 #else
00960 int namelen = rsbac_min(tid.fifo.dentry_p->d_name.len, RSBAC_MAXNAMELEN);
00961
00962 strcat(target_id_name, " Name ");
00963 strncpy(help_name, tid.fifo.dentry_p->d_name.name, namelen);
00964 help_name[namelen]=0;
00965 strcat(target_id_name, help_name);
00966 #endif
00967 }
00968 break;
00969 case T_SYMLINK: strcpy (target_type_name, "SYMLINK");
00970 if(!target_id_name)
00971 break;
00972 sprintf(target_id_name, "Device %02u:%02u Inode %u",
00973 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00974 tid.symlink.inode);
00975 if( tid.symlink.dentry_p
00976 && tid.symlink.dentry_p->d_name.name
00977 && tid.symlink.dentry_p->d_name.len
00978 )
00979 {
00980 #ifdef CONFIG_RSBAC_LOG_FULL_PATH
00981 if(rsbac_get_full_path(tid.symlink.dentry_p, help_name,
00982 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00983 {
00984 strcat(target_id_name, " Path ");
00985 strcat(target_id_name, help_name);
00986 }
00987 #else
00988 int namelen = rsbac_min(tid.symlink.dentry_p->d_name.len, RSBAC_MAXNAMELEN);
00989
00990 strcat(target_id_name, " Name ");
00991 strncpy(help_name, tid.symlink.dentry_p->d_name.name, namelen);
00992 help_name[namelen]=0;
00993 strcat(target_id_name, help_name);
00994 #endif
00995 }
00996 break;
00997 case T_DEV: strcpy (target_type_name, "DEV");
00998 if(!target_id_name)
00999 break;
01000 switch(tid.dev.type)
01001 {
01002 case D_block:
01003 sprintf(target_id_name, "block %02u:%02u",
01004 tid.dev.major, tid.dev.minor);
01005 break;
01006 case D_char:
01007 sprintf(target_id_name, "char %02u:%02u",
01008 tid.dev.major, tid.dev.minor);
01009 break;
01010 case D_block_major:
01011 sprintf(target_id_name, "block major %02u",
01012 tid.dev.major);
01013 break;
01014 case D_char_major:
01015 sprintf(target_id_name, "char major %02u",
01016 tid.dev.major);
01017 break;
01018 default:
01019 sprintf(target_id_name, "*unknown* %02u:%02u",
01020 tid.dev.major, tid.dev.minor);
01021 }
01022 break;
01023 case T_NETOBJ: strcpy (target_type_name, "NETOBJ");
01024 if(!target_id_name)
01025 break;
01026 #ifdef CONFIG_NET
01027 if( tid.netobj.sock_p
01028 && tid.netobj.sock_p->ops
01029 && tid.netobj.sock_p->sk
01030 )
01031 {
01032 char type_name[RSBAC_MAXNAMELEN];
01033
01034 switch(tid.netobj.sock_p->ops->family)
01035 {
01036 case AF_INET:
01037 {
01038 __u32 saddr;
01039 __u16 sport;
01040 __u32 daddr;
01041 __u16 dport;
01042 struct net_device *dev;
01043 char ldevname[RSBAC_IFNAMSIZ+10];
01044 char rdevname[RSBAC_IFNAMSIZ+10];
01045
01046 if(tid.netobj.local_addr)
01047 {
01048 struct sockaddr_in * addr = tid.netobj.local_addr;
01049
01050 saddr = addr->sin_addr.s_addr;
01051 sport = ntohs(addr->sin_port);
01052 }
01053 else
01054 {
01055 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01056 saddr = inet_sk(tid.netobj.sock_p->sk)->saddr;
01057 sport = inet_sk(tid.netobj.sock_p->sk)->num;
01058 #else
01059 saddr = tid.netobj.sock_p->sk->saddr;
01060 sport = tid.netobj.sock_p->sk->num;
01061 #endif
01062 }
01063 if(tid.netobj.remote_addr)
01064 {
01065 struct sockaddr_in * addr = tid.netobj.remote_addr;
01066
01067 daddr = addr->sin_addr.s_addr;
01068 dport = ntohs(addr->sin_port);
01069 }
01070 else
01071 {
01072 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01073 daddr = inet_sk(tid.netobj.sock_p->sk)->daddr;
01074 dport = ntohs(inet_sk(tid.netobj.sock_p->sk)->dport);
01075 #else
01076 daddr = tid.netobj.sock_p->sk->daddr;
01077 dport = ntohs(tid.netobj.sock_p->sk->dport);
01078 #endif
01079 }
01080 dev = ip_dev_find(saddr);
01081 if(dev)
01082 {
01083 sprintf(ldevname, "%s:", dev->name);
01084 dev_put(dev);
01085 }
01086 else
01087 ldevname[0] = 0;
01088 dev = ip_dev_find(daddr);
01089 if(dev)
01090 {
01091 sprintf(rdevname, "%s:", dev->name);
01092 dev_put(dev);
01093 }
01094 else
01095 rdevname[0] = 0;
01096 sprintf(target_id_name, "%p INET %s proto %s local %s%u.%u.%u.%u:%u remote %s%u.%u.%u.%u:%u",
01097 tid.netobj.sock_p,
01098 rsbac_get_net_type_name(type_name,
01099 tid.netobj.sock_p->type),
01100 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01101 rsbac_get_net_protocol_name(help_name,
01102 tid.netobj.sock_p->sk->sk_protocol),
01103 #else
01104 rsbac_get_net_protocol_name(help_name,
01105 tid.netobj.sock_p->sk->protocol),
01106 #endif
01107 ldevname,
01108 NIPQUAD(saddr),
01109 sport,
01110 rdevname,
01111 NIPQUAD(daddr),
01112 dport);
01113 }
01114 break;
01115 case AF_UNIX:
01116 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01117 if(unix_sk(tid.netobj.sock_p->sk)->addr)
01118 sprintf(target_id_name, "%p UNIX %s %s",
01119 tid.netobj.sock_p,
01120 rsbac_get_net_type_name(type_name,
01121 tid.netobj.sock_p->type),
01122 unix_sk(tid.netobj.sock_p->sk)->addr->name[0].sun_path);
01123 #else
01124 if(tid.netobj.sock_p->sk->protinfo.af_unix.addr)
01125 sprintf(target_id_name, "%p UNIX %s %s",
01126 tid.netobj.sock_p,
01127 rsbac_get_net_type_name(type_name,
01128 tid.netobj.sock_p->type),
01129 tid.netobj.sock_p->sk->protinfo.af_unix.addr->name[0].sun_path);
01130 #endif
01131 else
01132 if(tid.netobj.local_addr)
01133 {
01134 struct sockaddr_un * addr = tid.netobj.local_addr;
01135
01136 sprintf(target_id_name, "%p UNIX %s %s",
01137 tid.netobj.sock_p,
01138 rsbac_get_net_type_name(type_name,
01139 tid.netobj.sock_p->type),
01140 addr->sun_path);
01141 }
01142 else
01143 sprintf(target_id_name, "%p UNIX %s",
01144 tid.netobj.sock_p,
01145 rsbac_get_net_type_name(type_name,
01146 tid.netobj.sock_p->type));
01147 break;
01148 default:
01149 sprintf(target_id_name, "%p %s %s",
01150 tid.netobj.sock_p,
01151 rsbac_get_net_family_name(help_name,
01152 tid.netobj.sock_p->ops->family),
01153 rsbac_get_net_type_name(type_name,
01154 tid.netobj.sock_p->type));
01155 }
01156 }
01157 else
01158 #endif
01159 {
01160 sprintf(target_id_name, "%p", tid.netobj.sock_p);
01161 }
01162 break;
01163 #endif
01164 case T_IPC: strcpy (target_type_name, "IPC");
01165 if(!target_id_name)
01166 break;
01167 switch (tid.ipc.type)
01168 {
01169 case I_sem: strcpy(target_id_name, "Sem-ID ");
01170 break;
01171 case I_msg: strcpy(target_id_name, "Msg-ID ");
01172 break;
01173 case I_shm: strcpy(target_id_name, "Shm-ID ");
01174 break;
01175 case I_anonpipe: strcpy(target_id_name, "AnonPipe-ID ");
01176 break;
01177 case I_mqueue: strcpy(target_id_name, "Mqueue-ID ");
01178 break;
01179 default: strcpy(target_id_name, "??\?-ID ");
01180 break;
01181 };
01182 sprintf(help_name, "%lu", tid.ipc.id.id_nr);
01183 strcat(target_id_name, help_name);
01184 break;
01185 case T_SCD: strcpy (target_type_name, "SCD");
01186 if(target_id_name)
01187 get_scd_type_name(target_id_name, tid.scd);
01188 break;
01189 case T_USER: strcpy (target_type_name, "USER");
01190 if(target_id_name)
01191 sprintf(target_id_name, "%u", tid.user);
01192 break;
01193 case T_PROCESS: strcpy (target_type_name, "PROCESS");
01194 if(target_id_name)
01195 sprintf(target_id_name, "%u", tid.process);
01196 break;
01197 case T_GROUP: strcpy (target_type_name, "GROUP");
01198 if(target_id_name)
01199 sprintf(target_id_name, "%u", tid.group);
01200 break;
01201 case T_NETDEV: strcpy (target_type_name, "NETDEV");
01202 if(!target_id_name)
01203 break;
01204 strncpy(target_id_name, tid.netdev, RSBAC_IFNAMSIZ);
01205 target_id_name[RSBAC_IFNAMSIZ] = 0;
01206 break;
01207 case T_NETTEMP: strcpy (target_type_name, "NETTEMP");
01208 if(target_id_name)
01209 sprintf(target_id_name, "%u", tid.nettemp);
01210 break;
01211 case T_NETTEMP_NT: strcpy (target_type_name, "NETTEMP_NT");
01212 if(target_id_name)
01213 sprintf(target_id_name, "%u", tid.nettemp);
01214 break;
01215 case T_NONE: strcpy (target_type_name, "NONE");
01216 if(target_id_name)
01217 strcpy (target_id_name, "NONE");
01218 break;
01219 default: strcpy (target_type_name, "ERROR!!!");
01220 if(target_id_name)
01221 sprintf(target_id_name, "%u", target);
01222 }
01223 #ifdef __KERNEL__
01224 rsbac_kfree(help_name);
01225 #endif
01226 return(target_type_name);
01227 }
01228
01229 char * get_target_name_only(char * target_type_name,
01230 enum rsbac_target_t target)
01231 {
01232 if(!target_type_name)
01233 return(NULL);
01234
01235 switch(target)
01236 {
01237 case T_FILE: strcpy (target_type_name, "FILE");
01238 break;
01239 case T_DIR: strcpy (target_type_name, "DIR");
01240 break;
01241 case T_FIFO: strcpy (target_type_name, "FIFO");
01242 break;
01243 case T_SYMLINK: strcpy (target_type_name, "SYMLINK");
01244 break;
01245 case T_FD: strcpy (target_type_name, "FD");
01246 break;
01247 case T_DEV: strcpy (target_type_name, "DEV");
01248 break;
01249 case T_NETOBJ: strcpy (target_type_name, "NETOBJ");
01250 break;
01251 case T_IPC: strcpy (target_type_name, "IPC");
01252 break;
01253 case T_SCD: strcpy (target_type_name, "SCD");
01254 break;
01255 case T_USER: strcpy (target_type_name, "USER");
01256 break;
01257 case T_PROCESS: strcpy (target_type_name, "PROCESS");
01258 break;
01259 case T_GROUP: strcpy (target_type_name, "GROUP");
01260 break;
01261 case T_NETDEV: strcpy (target_type_name, "NETDEV");
01262 break;
01263 case T_NETTEMP: strcpy (target_type_name, "NETTEMP");
01264 break;
01265 case T_NETTEMP_NT: strcpy (target_type_name, "NETTEMP_NT");
01266 break;
01267 case T_NONE: strcpy (target_type_name, "NONE");
01268 break;
01269 default: strcpy (target_type_name, "ERROR!!!");
01270 };
01271 return(target_type_name);
01272 }
01273
01274 enum rsbac_target_t get_target_nr(const char * target_name)
01275 {
01276 enum rsbac_target_t i;
01277
01278 if(!target_name)
01279 return(T_NONE);
01280 for (i = 0; i < T_NONE; i++)
01281 {
01282 if (!strcmp(target_name,target_list[i]))
01283 {
01284 return(i);
01285 }
01286 }
01287 return(T_NONE);
01288 }
01289
01290 char * get_ipc_target_name(char * ipc_name,
01291 enum rsbac_ipc_type_t target)
01292 {
01293 if(!ipc_name)
01294 return(NULL);
01295 if(target > I_none)
01296 strcpy(ipc_name, "ERROR!");
01297 else
01298 strcpy(ipc_name, ipc_target_list[target]);
01299 return(ipc_name);
01300 }
01301
01302 enum rsbac_ipc_type_t get_ipc_target_nr(const char * ipc_name)
01303 {
01304 enum rsbac_ipc_type_t i;
01305
01306 if(!ipc_name)
01307 return(I_none);
01308 for (i = 0; i < I_none; i++)
01309 {
01310 if (!strcmp(ipc_name,ipc_target_list[i]))
01311 {
01312 return(i);
01313 }
01314 }
01315 return(I_none);
01316 }
01317
01318
01319 #ifdef __KERNEL__
01320 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
01321 EXPORT_SYMBOL(get_switch_target_name);
01322 #endif
01323 #endif
01324
01325 char * get_switch_target_name(char * switch_name,
01326 enum rsbac_switch_target_t target)
01327 {
01328 if(!switch_name)
01329 return(NULL);
01330 if(target > SW_NONE)
01331 strcpy(switch_name, "ERROR!");
01332 else
01333 strcpy(switch_name, switch_target_list[target]);
01334 return(switch_name);
01335 }
01336
01337 enum rsbac_switch_target_t get_switch_target_nr(const char * switch_name)
01338 {
01339 enum rsbac_switch_target_t i;
01340
01341 if(!switch_name)
01342 return(SW_NONE);
01343 for (i = 0; i < SW_NONE; i++)
01344 {
01345 #ifdef __KERNEL__
01346 if (!strncmp(switch_name,switch_target_list[i],strlen(switch_target_list[i])))
01347 #else
01348 if (!strcmp(switch_name,switch_target_list[i]))
01349 #endif
01350 {
01351 return(i);
01352 }
01353 }
01354 return(SW_NONE);
01355 }
01356
01357
01358 #ifdef __KERNEL__
01359 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
01360 EXPORT_SYMBOL(get_error_name);
01361 #endif
01362 #endif
01363
01364 char * get_error_name(char * error_name,
01365 int error)
01366 {
01367 if(!error_name)
01368 return(NULL);
01369 if(RSBAC_ERROR(error))
01370 strcpy(error_name, error_list[(-error)-RSBAC_EPERM]);
01371 else
01372 #ifdef __KERNEL__
01373 inttostr(error_name, error);
01374 #else
01375 strcpy(error_name, strerror(errno));
01376 #endif
01377 return(error_name);
01378 }
01379
01380 #ifndef __KERNEL__
01381 char * get_attribute_param( char * attr_name,
01382 enum rsbac_attribute_t attr)
01383 {
01384 if(!attr_name)
01385 return(NULL);
01386 if(attr > A_none)
01387 strcpy(attr_name, "ERROR!");
01388 else
01389 strcpy(attr_name, attribute_param_list[attr]);
01390 return(attr_name);
01391 }
01392 #endif
01393
01394 char * get_log_level_name(char * ll_name,
01395 enum rsbac_log_level_t target)
01396 {
01397 if(!ll_name)
01398 return(NULL);
01399 if(target > LL_invalid)
01400 strcpy(ll_name, "ERROR!");
01401 else
01402 strcpy(ll_name, log_level_list[target]);
01403 return(ll_name);
01404 }
01405
01406 enum rsbac_log_level_t get_log_level_nr(const char * ll_name)
01407 {
01408 enum rsbac_log_level_t i;
01409
01410 if(!ll_name)
01411 return(LL_invalid);
01412 for (i = 0; i < LL_invalid; i++)
01413 {
01414 if (!strcmp(ll_name,log_level_list[i]))
01415 {
01416 return(i);
01417 }
01418 }
01419 return(LL_invalid);
01420 }
01421
01422 char * get_cap_name(char * name,
01423 u_int value)
01424 {
01425 if(!name)
01426 return(NULL);
01427 if(value > CAP_NONE)
01428 strcpy(name, "ERROR!");
01429 else
01430 strcpy(name, cap_list[value]);
01431 return(name);
01432 }
01433
01434 int get_cap_nr(const char * name)
01435 {
01436 int i;
01437
01438 if(!name)
01439 return(RT_NONE);
01440 for (i = 0; i < CAP_NONE; i++)
01441 {
01442 if (!strcmp(name, cap_list[i]))
01443 {
01444 return(i);
01445 }
01446 }
01447 return(CAP_NONE);
01448 }
