#include "dazuko_rsbac.h"#include "dazuko_xp.h"#include "dazukoio.h"#include <linux/init.h>#include <linux/unistd.h>#include <linux/fs.h>#include <linux/slab.h>#include <linux/random.h>#include <linux/string.h>#include <linux/module.h>#include <linux/types.h>#include <linux/version.h>#include <asm/uaccess.h>#include <rsbac/types.h>#include <rsbac/aci.h>#include <rsbac/adf.h>#include <rsbac/adf_main.h>#include <rsbac/debug.h>#include <rsbac/error.h>#include <rsbac/helpers.h>#include <rsbac/getname.h>#include <rsbac/net_getname.h>#include <rsbac/rkmem.h>#include <rsbac/proc_fs.h>Go to the source code of this file.
Functions | |
| ssize_t | linux_dazuko_device_read (struct file *file, char *buffer, size_t length, loff_t *pos) |
| ssize_t | linux_dazuko_device_write (struct file *file, const char *buffer, size_t length, loff_t *pos) |
| int | linux_dazuko_device_ioctl (struct inode *inode, struct file *file, unsigned int cmd, unsigned long param) |
| int | linux_dazuko_device_open (struct inode *inode, struct file *file) |
| int | linux_dazuko_device_release (struct inode *inode, struct file *file) |
| static int | reset_scanned (struct rsbac_fs_file_t file) |
| int | xp_init_mutex (struct xp_mutex *mutex) |
| int | xp_down (struct xp_mutex *mutex) |
| int | xp_up (struct xp_mutex *mutex) |
| int | xp_destroy_mutex (struct xp_mutex *mutex) |
| int | xp_init_rwlock (struct xp_rwlock *rwlock) |
| int | xp_write_lock (struct xp_rwlock *rwlock) |
| int | xp_write_unlock (struct xp_rwlock *rwlock) |
| int | xp_read_lock (struct xp_rwlock *rlock) |
| int | xp_read_unlock (struct xp_rwlock *rlock) |
| int | xp_destroy_rwlock (struct xp_rwlock *rwlock) |
| int | xp_init_queue (struct xp_queue *queue) |
| int | xp_wait_until_condition (struct xp_queue *queue, int(*cfunction)(void *), void *cparam, int allow_interrupt) |
| int | xp_notify (struct xp_queue *queue) |
| int | xp_destroy_queue (struct xp_queue *queue) |
| void * | xp_malloc (size_t size) |
| int | xp_free (void *ptr) |
| int | xp_copyin (const void *user_src, void *kernel_dest, size_t size) |
| int | xp_copyout (const void *kernel_src, void *user_dest, size_t size) |
| int | xp_verify_user_writable (const void *user_ptr, size_t size) |
| int | xp_verify_user_readable (const void *user_ptr, size_t size) |
| int | xp_is_absolute_path (const char *path) |
| int | xp_atomic_set (struct xp_atomic *atomic, int value) |
| int | xp_atomic_inc (struct xp_atomic *atomic) |
| int | xp_atomic_dec (struct xp_atomic *atomic) |
| int | xp_atomic_read (struct xp_atomic *atomic) |
| int | xp_copy_file (struct xp_file *dest, struct xp_file *src) |
| int | xp_compare_file (struct xp_file *file1, struct xp_file *file2) |
| int | xp_fill_file_struct (struct dazuko_file_struct *dfs) |
| static int | dazuko_file_struct_cleanup (struct dazuko_file_struct **dfs) |
| int | xp_id_compare (struct xp_daemon_id *id1, struct xp_daemon_id *id2) |
| int | xp_id_free (struct xp_daemon_id *id) |
| xp_daemon_id * | xp_id_copy (struct xp_daemon_id *id) |
| int | xp_sys_hook () |
| int | xp_sys_unhook () |
| int | xp_print (const char *fmt,...) |
| int __init | rsbac_init_daz (void) |
| enum rsbac_adf_req_ret_t | rsbac_adf_request_daz (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
| int | rsbac_adf_set_attr_daz (enum rsbac_adf_request_t request, rsbac_pid_t caller_pid, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t new_target, union rsbac_target_id_t new_tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t attr_val, rsbac_uid_t owner) |
Variables | |
| xp_atomic | active |
| static int | dev_major = -1 |
| static struct file_operations | fops |
|
|
Definition at line 393 of file dazuko_rsbac.c. References NULL, and xp_free(). 00394 {
00395 if (dfs == NULL)
00396 return 0;
00397
00398 if (*dfs == NULL)
00399 return 0;
00400
00401 if ((*dfs)->extra_data != NULL)
00402 {
00403 if ((*dfs)->extra_data->free_full_filename)
00404 xp_free((*dfs)->extra_data->full_filename);
00405
00406 xp_free((*dfs)->extra_data);
00407 }
00408
00409 xp_free(*dfs);
00410
00411 *dfs = NULL;
00412
00413 return 0;
00414 }
|
|
||||||||||||||||||||
|
|
|
||||||||||||
|
|
|
||||||||||||||||||||
|
Definition at line 1137 of file dazuko_linux26.c. References dazuko_bzero(), dazuko_snprintf(), dev_major, DPRINT, xp_copyout(), XP_ERROR_FAULT, XP_ERROR_INVALID, XP_ERROR_NODEVICE, and xp_print(). 01138 {
01139 /* Reading from the dazuko device simply
01140 * returns the device number. This is to
01141 * help out the daemon. */
01142
01143 char tmp[20];
01144 size_t dev_major_len;
01145
01146 DPRINT(("dazuko: linux_dazuko_device_read() [%d]\n", current->pid));
01147
01148 if (*pos != 0)
01149 return 0;
01150
01151 if (dev_major < 0)
01152 return XP_ERROR_NODEVICE;
01153
01154 /* print dev_major to a string
01155 * and get length (with terminator) */
01156 dazuko_bzero(tmp, sizeof(tmp));
01157
01158 dev_major_len = dazuko_snprintf(tmp, sizeof(tmp), "%d", dev_major) + 1;
01159
01160 if (tmp[sizeof(tmp)-1] != 0)
01161 {
01162 xp_print("dazuko: failing device_read, device number overflow for dameon %d (dev_major=%d)\n", current->pid, dev_major);
01163 return XP_ERROR_FAULT;
01164 }
01165
01166 if (length < dev_major_len)
01167 return XP_ERROR_INVALID;
01168
01169 /* copy dev_major string to userspace */
01170 if (xp_copyout(tmp, buffer, dev_major_len) != 0)
01171 return XP_ERROR_FAULT;
01172
01173 *pos += dev_major_len;
01174
01175 return dev_major_len;
01176 }
|
|
||||||||||||
|
|
|
||||||||||||||||||||
|
Definition at line 1178 of file dazuko_linux26.c. References dazuko_handle_user_request(), xp_daemon_id::file, xp_daemon_id::pid, xp_copyin(), XP_ERROR_FAULT, and XP_ERROR_INTERRUPT. 01179 {
01180 struct xp_daemon_id xp_id;
01181 char tmpbuffer[32];
01182 int size;
01183
01184 size = length;
01185 if (length >= sizeof(tmpbuffer))
01186 size = sizeof(tmpbuffer) -1;
01187
01188 /* copy request pointer string to kernelspace */
01189 if (xp_copyin(buffer, tmpbuffer, size) != 0)
01190 return XP_ERROR_FAULT;
01191
01192 tmpbuffer[size] = 0;
01193
01194 xp_id.pid = current->pid;
01195 xp_id.file = file;
01196 xp_id.current_p = current;
01197 xp_id.files = current->files;
01198
01199 if (dazuko_handle_user_request(tmpbuffer, &xp_id) == 0)
01200 return size;
01201
01202 return XP_ERROR_INTERRUPT;
01203 }
|
|
|
Definition at line 127 of file dazuko_rsbac.c. 00128 {
00129 return 0;
00130 }
|
|
||||||||||||||||||||||||||||||||
|
Definition at line 701 of file dazuko_rsbac.c. References A_daz_role, A_daz_scanned, A_daz_scanner, A_none, A_system_role, D_char, DAZ, DAZ_clean, DAZ_infected, rsbac_attribute_value_t::daz_scanned, rsbac_attribute_value_t::daz_scanner, dazuko_bzero(), dazuko_file_struct_cleanup(), DAZUKO_ON_CLOSE, DAZUKO_ON_EXEC, DAZUKO_ON_OPEN, DAZUKO_ON_RMDIR, DAZUKO_ON_UNLINK, dazuko_sys_check(), dazuko_sys_pre(), rsbac_target_id_t::dev, DO_NOT_CARE, xp_daemon_id::file, FREEZE, GRANTED, NOT_GRANTED, NULL, xp_daemon_id::pid, rsbac_target_id_t::process, R_APPEND_OPEN, R_CLOSE, R_DELETE, R_EXECUTE, R_MODIFY_ATTRIBUTE, R_READ_ATTRIBUTE, R_READ_OPEN, R_READ_WRITE_OPEN, R_SWITCH_MODULE, R_WRITE_OPEN, RSBAC_EREADFAILED, rsbac_get_attr, rsbac_printk(), rsbac_set_attr, SOFTMODE, SR_security_officer, rsbac_attribute_value_t::system_role, T_DEV, T_DIR, T_FILE, T_NONE, T_PROCESS, T_USER, TRUE, rsbac_dev_desc_t::type, UNDEFINED, rsbac_target_id_t::user, xp_free(), and xp_malloc(). 00708 {
00709 struct dazuko_file_struct *dfs = NULL;
00710 struct xp_daemon_id xp_id;
00711 int error = 0;
00712 int check_error = 0;
00713 struct event_properties event_p;
00714 int event;
00715 int daemon_allowed;
00716
00717 union rsbac_target_id_t i_tid;
00718 union rsbac_attribute_value_t i_attr_val1;
00719
00720 switch (request)
00721 {
00722 case R_DELETE:
00723 if (target == T_FILE)
00724 {
00725 event = DAZUKO_ON_UNLINK;
00726 daemon_allowed = 1;
00727 }
00728 else if (target == T_DIR)
00729 {
00730 event = DAZUKO_ON_RMDIR;
00731 daemon_allowed = 1;
00732 }
00733 else
00734 {
00735 return DO_NOT_CARE;
00736 }
00737 break;
00738 case R_CLOSE:
00739 if (target == T_FILE)
00740 {
00741 event = DAZUKO_ON_CLOSE;
00742 daemon_allowed = 1;
00743 }
00744 else
00745 {
00746 return DO_NOT_CARE;
00747 }
00748 break;
00749
00750 case R_EXECUTE:
00751 if (target == T_FILE)
00752 {
00753 event = DAZUKO_ON_EXEC;
00754 daemon_allowed = 0;
00755 }
00756 else
00757 {
00758 return DO_NOT_CARE;
00759 }
00760 break;
00761
00762 case R_APPEND_OPEN:
00763 case R_READ_WRITE_OPEN:
00764 case R_READ_OPEN:
00765 case R_WRITE_OPEN:
00766 if (target == T_FILE)
00767 {
00768 event = DAZUKO_ON_OPEN;
00769 daemon_allowed = 1;
00770 }
00771 else
00772 if (target == T_DEV)
00773 {
00774 if( (tid.dev.type == D_char)
00775 && (MAJOR(tid.dev.id) == CONFIG_RSBAC_DAZ_DEV_MAJOR)
00776 )
00777 {
00778 i_tid.process = caller_pid;
00779 if (rsbac_get_attr(DAZ,
00780 T_PROCESS,
00781 i_tid,
00782 A_daz_scanner,
00783 &i_attr_val1,
00784 TRUE))
00785 {
00786 rsbac_printk(KERN_WARNING
00787 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
00788 return(NOT_GRANTED);
00789 }
00790 /* if scanner, then grant */
00791 if (i_attr_val1.daz_scanner)
00792 return(GRANTED);
00793 else
00794 return(NOT_GRANTED);
00795 }
00796 else
00797 return DO_NOT_CARE;
00798 }
00799 else
00800 {
00801 return DO_NOT_CARE;
00802 }
00803 break;
00804
00805 case R_MODIFY_ATTRIBUTE:
00806 switch(attr)
00807 {
00808 case A_daz_scanned:
00809 case A_daz_scanner:
00810 case A_system_role:
00811 case A_daz_role:
00812 /* All attributes (remove target!) */
00813 case A_none:
00814 /* Security Officer? */
00815 i_tid.user = owner;
00816 if (rsbac_get_attr(DAZ,
00817 T_USER,
00818 i_tid,
00819 A_daz_role,
00820 &i_attr_val1,
00821 TRUE))
00822 {
00823 rsbac_printk(KERN_WARNING
00824 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
00825 return(NOT_GRANTED);
00826 }
00827 /* if sec_officer, then grant */
00828 if (i_attr_val1.system_role == SR_security_officer)
00829 return(GRANTED);
00830 else
00831 return(NOT_GRANTED);
00832
00833 default:
00834 return(DO_NOT_CARE);
00835 }
00836
00837 case R_READ_ATTRIBUTE:
00838 switch(attr)
00839 {
00840 /* every user may see scan status of files */
00841 case A_daz_scanned:
00842 return(GRANTED);
00843 /* ...but only security officers may see other attributes */
00844 case A_system_role:
00845 case A_daz_role:
00846 case A_daz_scanner:
00847 /* Security Officer? */
00848 i_tid.user = owner;
00849 if (rsbac_get_attr(DAZ,
00850 T_USER,
00851 i_tid,
00852 A_daz_role,
00853 &i_attr_val1,
00854 TRUE))
00855 {
00856 rsbac_printk(KERN_WARNING
00857 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
00858 return(NOT_GRANTED);
00859 }
00860 /* if sec_officer, then grant */
00861 if (i_attr_val1.system_role == SR_security_officer)
00862 return(GRANTED);
00863 else
00864 return(NOT_GRANTED);
00865
00866 default:
00867 return(DO_NOT_CARE);
00868 }
00869
00870 case R_SWITCH_MODULE:
00871 switch(target)
00872 {
00873 case T_NONE:
00874 /* we need the switch_target */
00875 if(attr != A_switch_target)
00876 return(UNDEFINED);
00877 /* do not care for other modules */
00878 if( (attr_val.switch_target != DAZ)
00879 #ifdef CONFIG_RSBAC_SOFTMODE
00880 && (attr_val.switch_target != SOFTMODE)
00881 #endif
00882 #ifdef CONFIG_RSBAC_FREEZE
00883 && (attr_val.switch_target != FREEZE)
00884 #endif
00885 )
00886 return(DO_NOT_CARE);
00887 /* test owner's daz_role */
00888 i_tid.user = owner;
00889 if (rsbac_get_attr(DAZ,
00890 T_USER,
00891 i_tid,
00892 A_daz_role,
00893 &i_attr_val1,
00894 TRUE))
00895 {
00896 rsbac_printk(KERN_WARNING "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
00897 return(NOT_GRANTED);
00898 }
00899 /* security officer? -> grant */
00900 if (i_attr_val1.system_role == SR_security_officer)
00901 return(GRANTED);
00902 else
00903 return(NOT_GRANTED);
00904
00905 /* all other cases are undefined */
00906 default: return(DO_NOT_CARE);
00907 }
00908
00909 /*********************/
00910 default: return DO_NOT_CARE;
00911 }
00912
00913 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00914 /* get daz_scanned for file */
00915 if (rsbac_get_attr(DAZ,
00916 T_FILE,
00917 tid,
00918 A_daz_scanned,
00919 &i_attr_val1,
00920 TRUE))
00921 {
00922 rsbac_printk(KERN_WARNING
00923 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
00924 return(-RSBAC_EREADFAILED);
00925 }
00926 if(i_attr_val1.daz_scanned == DAZ_clean)
00927 return GRANTED;
00928 #endif
00929
00930 xp_id.pid = current->pid;
00931 xp_id.file = NULL;
00932
00933 check_error = dazuko_sys_check(event, daemon_allowed, &xp_id);
00934
00935 if (!check_error)
00936 {
00937 dazuko_bzero(&event_p, sizeof(event_p));
00938 /*
00939 event_p.flags = flags;
00940 event_p.set_flags = 1;
00941 event_p.mode = mode;
00942 event_p.set_mode = 1;
00943 */
00944 event_p.pid = current->pid;
00945 event_p.set_pid = 1;
00946 event_p.uid = current->uid;
00947 event_p.set_uid = 1;
00948
00949 dfs = (struct dazuko_file_struct *)xp_malloc(sizeof(struct dazuko_file_struct));
00950 if (dfs != NULL)
00951 {
00952 dazuko_bzero(dfs, sizeof(struct dazuko_file_struct));
00953
00954 dfs->extra_data = (struct xp_file_struct *)xp_malloc(sizeof(struct xp_file_struct));
00955 if (dfs->extra_data != NULL)
00956 {
00957 dazuko_bzero(dfs->extra_data, sizeof(struct xp_file_struct));
00958
00959 dfs->extra_data->dentry = tid.file.dentry_p;
00960
00961 error = dazuko_sys_pre(event, dfs, NULL, &event_p);
00962
00963 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00964 if(!error)
00965 i_attr_val1.daz_scanned = DAZ_clean;
00966 else
00967 i_attr_val1.daz_scanned = DAZ_infected;
00968
00969 if (rsbac_set_attr(DAZ,
00970 target,
00971 tid,
00972 A_daz_scanned,
00973 i_attr_val1))
00974 {
00975 rsbac_printk(KERN_WARNING "rsbac_adf_request_daz(): rsbac_set_attr() returned error!\n");
00976 return NOT_GRANTED;
00977 }
00978 #endif
00979 }
00980 else
00981 {
00982 xp_free(dfs);
00983 dfs = NULL;
00984 }
00985
00986 dazuko_file_struct_cleanup(&dfs);
00987 }
00988 }
00989
00990 if(!error)
00991 return GRANTED;
00992 else
00993 return NOT_GRANTED;
00994 }; /* end of rsbac_adf_request_daz() */
|
|
||||||||||||||||||||||||||||||||||||||||
|
Definition at line 1008 of file dazuko_rsbac.c. References A_daz_scanned, A_daz_scanner, DAZ, DAZ_clean, rsbac_attribute_value_t::daz_scanned, rsbac_attribute_value_t::daz_scanner, dazuko_bzero(), dazuko_file_struct_cleanup(), DAZUKO_ON_CLOSE, DAZUKO_ON_EXEC, DAZUKO_ON_OPEN, DAZUKO_ON_RMDIR, DAZUKO_ON_UNLINK, dazuko_sys_check(), dazuko_sys_post(), FALSE, xp_daemon_id::file, NULL, xp_daemon_id::pid, rsbac_target_id_t::process, R_APPEND_OPEN, R_CLONE, R_CLOSE, R_DELETE, R_EXECUTE, R_READ_OPEN, R_READ_WRITE_OPEN, R_WRITE_OPEN, reset_scanned(), RSBAC_EREADFAILED, RSBAC_EWRITEFAILED, rsbac_get_attr, rsbac_printk(), rsbac_set_attr, T_DIR, T_FILE, T_PROCESS, TRUE, xp_free(), and xp_malloc(). 01018 {
01019 struct dazuko_file_struct *dfs = NULL;
01020 struct xp_daemon_id xp_id;
01021 int check_error = 0;
01022 struct event_properties event_p;
01023 int event;
01024 int daemon_allowed;
01025 union rsbac_target_id_t i_tid;
01026 union rsbac_attribute_value_t i_attr_val1;
01027 union rsbac_attribute_value_t i_attr_val2;
01028
01029 switch (request)
01030 {
01031 case R_DELETE:
01032 if (target == T_FILE)
01033 {
01034 reset_scanned(tid.file);
01035 event = DAZUKO_ON_UNLINK;
01036 daemon_allowed = 1;
01037 }
01038 else if (target == T_DIR)
01039 {
01040 event = DAZUKO_ON_RMDIR;
01041 daemon_allowed = 1;
01042 }
01043 else
01044 {
01045 return(0);
01046 }
01047 break;
01048 case R_CLOSE:
01049 if (target == T_FILE)
01050 {
01051 event = DAZUKO_ON_CLOSE;
01052 daemon_allowed = 1;
01053 }
01054 else
01055 {
01056 return(0);
01057 }
01058 break;
01059
01060 case R_EXECUTE:
01061 if (target == T_FILE)
01062 {
01063 /* get daz_scanner for file */
01064 if (rsbac_get_attr(DAZ,
01065 T_FILE,
01066 tid,
01067 A_daz_scanner,
01068 &i_attr_val1,
01069 TRUE))
01070 {
01071 rsbac_printk(KERN_WARNING
01072 "rsbac_adf_set_attr_daz(): rsbac_get_attr() returned error!\n");
01073 return(-RSBAC_EREADFAILED);
01074 }
01075 /* get for process */
01076 i_tid.process = caller_pid;
01077 if (rsbac_get_attr(DAZ,
01078 T_PROCESS,
01079 i_tid,
01080 A_daz_scanner,
01081 &i_attr_val2,
01082 FALSE))
01083 {
01084 rsbac_printk(KERN_WARNING
01085 "rsbac_adf_set_attr_daz(): rsbac_get_attr() returned error!\n");
01086 return(-RSBAC_EREADFAILED);
01087 }
01088 /* and set for process, if different */
01089 if(i_attr_val1.daz_scanner != i_attr_val2.daz_scanner)
01090 if (rsbac_set_attr(DAZ,
01091 T_PROCESS,
01092 i_tid,
01093 A_daz_scanner,
01094 i_attr_val1))
01095 {
01096 rsbac_printk(KERN_WARNING "rsbac_adf_set_attr_daz(): rsbac_set_attr() returned error!\n");
01097 return(-RSBAC_EWRITEFAILED);
01098 }
01099 event = DAZUKO_ON_EXEC;
01100 daemon_allowed = 0;
01101 }
01102 else
01103 {
01104 return(0);
01105 }
01106 break;
01107
01108 case R_APPEND_OPEN:
01109 case R_READ_WRITE_OPEN:
01110 case R_WRITE_OPEN:
01111 if (target == T_FILE)
01112 {
01113 reset_scanned(tid.file);
01114 event = DAZUKO_ON_OPEN;
01115 daemon_allowed = 1;
01116 }
01117 else
01118 {
01119 return(0);
01120 }
01121 break;
01122
01123 case R_READ_OPEN:
01124 if (target == T_FILE)
01125 {
01126 event = DAZUKO_ON_OPEN;
01127 daemon_allowed = 1;
01128 }
01129 else
01130 {
01131 return(0);
01132 }
01133 break;
01134
01135 case R_CLONE:
01136 if (target == T_PROCESS)
01137 {
01138 /* Get daz_scanner from first process */
01139 if (rsbac_get_attr(DAZ,
01140 T_PROCESS,
01141 tid,
01142 A_daz_scanner,
01143 &i_attr_val1,
01144 FALSE))
01145 {
01146 rsbac_printk(KERN_WARNING
01147 "rsbac_adf_set_attr_daz(): rsbac_get_attr() returned error!\n");
01148 return(-RSBAC_EREADFAILED);
01149 }
01150 /* Set daz_scanner for new process, if set for first */
01151 if ( i_attr_val1.daz_scanner
01152 && (rsbac_set_attr(DAZ,
01153 T_PROCESS,
01154 new_tid,
01155 A_daz_scanner,
01156 i_attr_val1)) )
01157 {
01158 rsbac_printk(KERN_WARNING "rsbac_adf_set_attr_daz(): rsbac_set_attr() returned error!\n");
01159 return(-RSBAC_EWRITEFAILED);
01160 }
01161 return(0);
01162 }
01163 else
01164 return(0);
01165
01166 /*********************/
01167 default: return(0);
01168 }
01169
01170 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01171 /* get daz_scanned for file */
01172 if (rsbac_get_attr(DAZ,
01173 T_FILE,
01174 tid,
01175 A_daz_scanned,
01176 &i_attr_val1,
01177 TRUE))
01178 {
01179 rsbac_printk(KERN_WARNING
01180 "rsbac_adf_set_attr_daz(): rsbac_get_attr() returned error!\n");
01181 return(-RSBAC_EREADFAILED);
01182 }
01183 if(i_attr_val1.daz_scanned == DAZ_clean)
01184 return 0;
01185 #endif
01186
01187 xp_id.pid = current->pid;
01188 xp_id.file = NULL;
01189
01190 check_error = dazuko_sys_check(event, daemon_allowed, &xp_id);
01191
01192 if (!check_error)
01193 {
01194 dazuko_bzero(&event_p, sizeof(event_p));
01195 /*
01196 event_p.flags = flags;
01197 event_p.set_flags = 1;
01198 event_p.mode = mode;
01199 event_p.set_mode = 1;
01200 */
01201 event_p.pid = current->pid;
01202 event_p.set_pid = 1;
01203 event_p.uid = current->uid;
01204 event_p.set_uid = 1;
01205
01206 dfs = (struct dazuko_file_struct *)xp_malloc(sizeof(struct dazuko_file_struct));
01207 if (dfs != NULL)
01208 {
01209 dazuko_bzero(dfs, sizeof(struct dazuko_file_struct));
01210
01211 dfs->extra_data = (struct xp_file_struct *)xp_malloc(sizeof(struct xp_file_struct));
01212 if (dfs->extra_data != NULL)
01213 {
01214 dazuko_bzero(dfs->extra_data, sizeof(struct xp_file_struct));
01215
01216 dfs->extra_data->dentry = tid.file.dentry_p;
01217
01218 dazuko_sys_post(event, dfs, NULL, &event_p);
01219 }
01220 else
01221 {
01222 xp_free(dfs);
01223 dfs = NULL;
01224 }
01225
01226 dazuko_file_struct_cleanup(&dfs);
01227 }
01228 }
01229
01230 return(0);
01231 }; /* end of rsbac_adf_set_attr_daz() */
|
|
|
Definition at line 684 of file dazuko_rsbac.c. References dazuko_init(), RSBAC_EREINIT, rsbac_is_initialized(), and rsbac_printk(). 00686 {
00687 if (rsbac_is_initialized())
00688 {
00689 rsbac_printk(KERN_WARNING "rsbac_init_daz(): RSBAC already initialized\n");
00690 return(-RSBAC_EREINIT);
00691 }
00692
00693 /* init data structures */
00694 rsbac_printk(KERN_INFO "rsbac_init_daz(): Initializing RSBAC: DAZuko subsystem\n");
00695
00696 return dazuko_init();
00697 }
|
|
|
Definition at line 302 of file dazuko_rsbac.c. References xp_atomic::atomic. 00303 {
00304 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00305 #ifdef MODULE
00306 if (atomic == &active)
00307 MOD_DEC_USE_COUNT;
00308 #endif
00309 #endif
00310
00311 atomic_dec(&(atomic->atomic));
00312 return 0;
00313 }
|
|
|
Definition at line 289 of file dazuko_rsbac.c. References xp_atomic::atomic. 00290 {
00291 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00292 #ifdef MODULE
00293 if (atomic == &active)
00294 MOD_INC_USE_COUNT;
00295 #endif
00296 #endif
00297
00298 atomic_inc(&(atomic->atomic));
00299 return 0;
00300 }
|
|
|
Definition at line 315 of file dazuko_rsbac.c. References xp_atomic::atomic. 00316 {
00317 return atomic_read(&(atomic->atomic));
00318 }
|
|
||||||||||||
|
Definition at line 283 of file dazuko_rsbac.c. References xp_atomic::atomic. 00284 {
00285 atomic_set(&(atomic->atomic), value);
00286 return 0;
00287 }
|
|
||||||||||||
|
Definition at line 328 of file dazuko_rsbac.c. 00329 {
00330 return 0;
00331 }
|
|
||||||||||||
|
Definition at line 323 of file dazuko_rsbac.c. 00324 {
00325 return 0;
00326 }
|
|
||||||||||||||||
|
Definition at line 252 of file dazuko_rsbac.c. 00253 {
00254 return copy_from_user(kernel_dest, user_src, size);
00255 }
|
|
||||||||||||||||
|
Definition at line 257 of file dazuko_rsbac.c. 00258 {
00259 return copy_to_user(user_dest, kernel_src, size);
00260 }
|
|
|
Definition at line 159 of file dazuko_rsbac.c. 00160 {
00161 return 0;
00162 }
|
|
|
Definition at line 233 of file dazuko_rsbac.c. 00234 {
00235 return 0;
00236 }
|
|
|
Definition at line 197 of file dazuko_rsbac.c. 00198 {
00199 return 0;
00200 }
|
|
|
Definition at line 147 of file dazuko_rsbac.c. References xp_mutex::mutex. 00148 {
00149 down(&(mutex->mutex));
00150 return 0;
00151 }
|
|
|
Definition at line 333 of file dazuko_rsbac.c. References dazuko_get_filename_length(), xp_file_struct::dentry, file_properties::device_type, dazuko_file_struct::extra_data, dazuko_file_struct::file_p, dazuko_file_struct::filename, dazuko_file_struct::filename_length, xp_file_struct::free_full_filename, xp_file_struct::full_filename, xp_file_struct::full_filename_length, file_properties::gid, file_properties::mode, NULL, rsbac_get_full_path(), rsbac_get_full_path_length(), file_properties::set_device_type, file_properties::set_gid, file_properties::set_mode, file_properties::set_size, file_properties::set_uid, file_properties::size, file_properties::uid, and xp_malloc(). 00334 {
00335 int length;
00336
00337 /* make sure we have access to everything */
00338
00339 if (dfs == NULL)
00340 return -1;
00341
00342 if (dfs->extra_data == NULL)
00343 return -1;
00344
00345 if (dfs->extra_data->dentry == NULL)
00346 return -1;
00347
00348 if (dfs->extra_data->dentry->d_inode == NULL)
00349 return -1;
00350
00351 /* ok, we have everything we need */
00352
00353 length = rsbac_get_full_path_length(dfs->extra_data->dentry);
00354 if (length < 1)
00355 return -1;
00356
00357 dfs->extra_data->full_filename = xp_malloc(length + 1);
00358 if (dfs->extra_data->full_filename == NULL)
00359 return -1;
00360
00361 /* the full_filename will need to be deleted later */
00362 dfs->extra_data->free_full_filename = 1;
00363
00364 if (rsbac_get_full_path(dfs->extra_data->dentry, dfs->extra_data->full_filename, length + 1) < 1)
00365 return -1;
00366
00367 /* find the actual value of the length */
00368 dfs->extra_data->full_filename_length = dazuko_get_filename_length(dfs->extra_data->full_filename);
00369
00370 /* reference copy of full path */
00371 dfs->filename = dfs->extra_data->full_filename;
00372
00373 dfs->filename_length = dfs->extra_data->full_filename_length;
00374
00375 dfs->file_p.size = dfs->extra_data->dentry->d_inode->i_size;
00376 dfs->file_p.set_size = 1;
00377 dfs->file_p.uid = dfs->extra_data->dentry->d_inode->i_uid;
00378 dfs->file_p.set_uid = 1;
00379 dfs->file_p.gid = dfs->extra_data->dentry->d_inode->i_gid;
00380 dfs->file_p.set_gid = 1;
00381 dfs->file_p.mode = dfs->extra_data->dentry->d_inode->i_mode;
00382 dfs->file_p.set_mode = 1;
00383 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00384 dfs->file_p.device_type = dfs->extra_data->dentry->d_inode->i_dev;
00385 #else
00386 dfs->file_p.device_type = dfs->extra_data->dentry->d_inode->i_rdev;
00387 #endif
00388 dfs->file_p.set_device_type = 1;
00389
00390 return 0;
00391 }
|
|
|
Definition at line 246 of file dazuko_rsbac.c. 00247 {
00248 kfree(ptr);
00249 return 0;
00250 }
|
|
||||||||||||
|
Definition at line 419 of file dazuko_rsbac.c. References xp_daemon_id::file, NULL, and xp_daemon_id::pid. 00420 {
00421 if (id1 == NULL || id2 == NULL)
00422 return -1;
00423
00424 /* if file's are available and they match,
00425 * then we say that the id's match */
00426 if (id1->file != NULL && id1->file == id2->file)
00427 return 0;
00428
00429 if (id1->pid == id2->pid)
00430 return 0;
00431
00432 return 1;
00433 }
|
|
|
Definition at line 442 of file dazuko_rsbac.c. References xp_daemon_id::file, NULL, xp_daemon_id::pid, and xp_malloc(). 00443 {
00444 struct xp_daemon_id *ptr;
00445
00446 if (id == NULL)
00447 return NULL;
00448
00449 ptr = (struct xp_daemon_id *)xp_malloc(sizeof(struct xp_daemon_id));
00450
00451 if (ptr != NULL)
00452 {
00453 ptr->pid = id->pid;
00454 ptr->file = id->file;
00455 }
00456
00457 return ptr;
00458 }
|
|
|
Definition at line 435 of file dazuko_rsbac.c. References xp_free(). 00436 {
00437 xp_free(id);
00438
00439 return 0;
00440 }
|
|
|
Definition at line 136 of file dazuko_rsbac.c. References xp_mutex::mutex. 00137 {
00138 #ifdef init_MUTEX
00139 init_MUTEX(&(mutex->mutex));
00140 #else
00141 sema_init(&(mutex->mutex), 1);
00142 #endif
00143
00144 return 0;
00145 }
|
|
|
Definition at line 205 of file dazuko_rsbac.c. References xp_queue::queue. 00206 {
00207 init_waitqueue_head(&(queue->queue));
00208 return 0;
00209 }
|
|
|
Definition at line 167 of file dazuko_rsbac.c. References xp_rwlock::rwlock. 00168 {
00169 rwlock_init(&(rwlock->rwlock));
00170 return 0;
00171 }
|
|
|
Definition at line 275 of file dazuko_rsbac.c. 00276 {
00277 return (path[0] == '/');
00278 }
|
|
|
Definition at line 241 of file dazuko_rsbac.c. References rsbac_kmalloc(). 00242 {
00243 return rsbac_kmalloc(size);
00244 }
|
|
|
Definition at line 227 of file dazuko_rsbac.c. References xp_queue::queue. 00228 {
00229 wake_up(&(queue->queue));
00230 return 0;
00231 }
|
|
||||||||||||
|
Definition at line 522 of file dazuko_rsbac.c. References dazuko_vsnprintf(), rsbac_printk(), xp_free(), and xp_malloc(). 00523 {
00524 va_list args;
00525 char *p;
00526 size_t size = 1024;
00527
00528 p = (char *)xp_malloc(size);
00529 if (!p)
00530 return -1;
00531
00532 va_start(args, fmt);
00533 dazuko_vsnprintf(p, size-1, fmt, args);
00534 va_end(args);
00535
00536 p[size-1] = 0;
00537
00538 rsbac_printk(p);
00539
00540 xp_free(p);
00541
00542 return 0;
00543 }
|
|
|
Definition at line 185 of file dazuko_rsbac.c. References xp_rwlock::rwlock. 00186 {
00187 read_lock(&(rlock->rwlock));
00188 return 0;
00189 }
|
|
|
Definition at line 191 of file dazuko_rsbac.c. References xp_rwlock::rwlock. 00192 {
00193 read_unlock(&(rlock->rwlock));
00194 return 0;
00195 }
|
|
|
Definition at line 463 of file dazuko_rsbac.c. References dev_major, DEVICE_NAME, fops, NULL, and xp_print(). 00464 {
00465 /* Called insmod when inserting the module. */
00466
00467 /* register the dazuko device */
00468 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00469 dev_major = register_chrdev(CONFIG_RSBAC_DAZ_DEV_MAJOR, DEVICE_NAME, &fops);
00470
00471 devfs_mk_cdev(MKDEV(dev_major, CONFIG_RSBAC_DAZ_DEV_MAJOR), S_IFCHR | S_IRUSR | S_IWUSR, DEVICE_NAME);
00472 #else
00473 #ifdef CONFIG_DEVFS_FS
00474 dev_major = devfs_register_chrdev(CONFIG_RSBAC_DAZ_DEV_MAJOR, DEVICE_NAME, &fops);
00475 devfs_register(NULL, DEVICE_NAME, DEVFS_FL_DEFAULT,
00476 dev_major, 0, S_IFCHR | S_IRUSR | S_IWUSR,
00477 &fops, NULL);
00478 #else
00479 dev_major = register_chrdev(CONFIG_RSBAC_DAZ_DEV_MAJOR, DEVICE_NAME, &fops);
00480 #endif
00481 #endif
00482 if (dev_major < 0)
00483 {
00484 xp_print("dazuko: unable to register device chrdev, err=%d\n", dev_major);
00485 return dev_major;
00486 }
00487
00488 /* initialization complete */
00489
00490 return 0;
00491 }
|
|
|
Definition at line 493 of file dazuko_rsbac.c. References dev_major, DEVICE_NAME, NULL, and xp_print(). 00494 {
00495 /* Called by rmmod when removing the module. */
00496
00497 int error;
00498
00499 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00500 error = unregister_chrdev(dev_major, DEVICE_NAME);
00501
00502 devfs_remove(DEVICE_NAME);
00503 #else
00504 #ifdef CONFIG_DEVFS_FS
00505 error = devfs_unregister_chrdev(dev_major, DEVICE_NAME);
00506 devfs_unregister(devfs_find_handle(NULL, DEVICE_NAME, dev_major, 0, DEVFS_SPECIAL_CHR, 0));
00507 #else
00508 error = unregister_chrdev(dev_major, DEVICE_NAME);
00509 #endif
00510 #endif
00511 if (error < 0)
00512 {
00513 xp_print("dazuko: error unregistering chrdev, err=%d\n", error);
00514 }
00515
00516 return 0;
00517 }
|
|
|
Definition at line 153 of file dazuko_rsbac.c. References xp_mutex::mutex. 00154 {
00155 up(&(mutex->mutex));
00156 return 0;
00157 }
|
|
||||||||||||
|
Definition at line 267 of file dazuko_rsbac.c. 00268 {
00269 return 0;
00270 }
|
|
||||||||||||
|
Definition at line 262 of file dazuko_rsbac.c. 00263 {
00264 return 0;
00265 }
|
|
||||||||||||||||||||
|
Definition at line 211 of file dazuko_rsbac.c. References xp_queue::queue, wait_event, and wait_event_interruptible. 00212 {
00213 /* wait until cfunction(cparam) != 0 (condition is true) */
00214
00215 if (allow_interrupt)
00216 {
00217 return wait_event_interruptible(queue->queue, cfunction(cparam) != 0);
00218 }
00219 else
00220 {
00221 wait_event(queue->queue, cfunction(cparam) != 0);
00222 }
00223
00224 return 0;
00225 }
|
|
|
Definition at line 173 of file dazuko_rsbac.c. References xp_rwlock::rwlock. 00174 {
00175 write_lock(&(rwlock->rwlock));
00176 return 0;
00177 }
|
|
|
Definition at line 179 of file dazuko_rsbac.c. References xp_rwlock::rwlock. 00180 {
00181 write_unlock(&(rwlock->rwlock));
00182 return 0;
00183 }
|
|
|
|
|
|
Definition at line 81 of file dazuko_rsbac.c. |
|
|
Initial value: {
read: linux_dazuko_device_read,
write: linux_dazuko_device_write,
ioctl: linux_dazuko_device_ioctl,
open: linux_dazuko_device_open,
release: linux_dazuko_device_release,
}
Definition at line 83 of file dazuko_rsbac.c. |
1.4.2