#include <rsbac/types.h>#include <linux/init.h>Go to the source code of this file.
Defines | |
| #define | rsbac_get_attr(module, target, tid, attr, value, inherit) rsbac_ta_get_attr(0, module, target, tid, attr, value, inherit) |
| #define | rsbac_set_attr(module, target, tid, attr, value) rsbac_ta_set_attr(0, module, target, tid, attr, value) |
| #define | rsbac_remove_target(target, tid) rsbac_ta_remove_target(0, target, tid) |
Functions | |
| int | rsbac_init (kdev_t root_dev) __init |
| int | rsbac_kthread_notify (rsbac_pid_t pid) |
| void | rsbac_off (void) |
| rsbac_boolean_t | rsbac_is_initialized (void) |
| int | rsbac_mount (struct super_block *sb_p, struct dentry *d_covers) |
| int | rsbac_umount (struct super_block *sb_p, struct dentry *d_covers) |
| int | rsbac_free_dat_dentries (void) |
| int | rsbac_stats (void) |
| int | rsbac_check (int correct, int check_inode) |
| int | rsbac_get_parent (enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t *parent_target_p, union rsbac_target_id_t *parent_tid_p) |
| int | rsbac_ta_get_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
| int | rsbac_ta_set_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value) |
| int | rsbac_ta_remove_target (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t tid) |
| int | rsbac_ta_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t **id_pp) |
| int | rsbac_ta_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t **id_pp) |
| int | rsbac_ta_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t **id_pp) |
| int | rsbac_mark_kthread (rsbac_pid_t pid) |
| int | rsbac_kthreads_init (void) |
|
|
|
Definition at line 112 of file aci.h. Referenced by rsbac_adf_request_int(), rsbac_adf_set_attr(), and rsbac_aef_shm_free_security(). |
|
|
||||||||||||
|
Referenced by rsbac_do_init(), and sys_rsbac_check(). |
|
|
Definition at line 8686 of file aci_data_structures.c. References device_list_head, NULL, RSBAC_ENOTINITIALIZED, rsbac_initialized, and rsbac_printk(). 08687 {
08688 u_long flags;
08689 struct rsbac_device_list_item_t * device_p;
08690
08691 if (!rsbac_initialized)
08692 {
08693 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n");
08694 return(-RSBAC_ENOTINITIALIZED);
08695 }
08696
08697 rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n");
08698
08699 /* wait for write access to device_list_head */
08700 rsbac_write_lock_irq(&device_list_head.lock, &flags);
08701 /* OK, nobody else is working on it... */
08702 device_p = device_list_head.head;
08703 while(device_p)
08704 {
08705 if(device_p->rsbac_dir_dentry_p)
08706 {
08707 dput(device_p->rsbac_dir_dentry_p);
08708 device_p->rsbac_dir_dentry_p = NULL;
08709 }
08710 device_p = device_p->next;
08711 }
08712 /* allow access */
08713 rsbac_write_unlock_irq(&device_list_head.lock, &flags);
08714
08715 return(0);
08716 }
|
|
||||||||||||||||||||
|
Definition at line 9908 of file aci_data_structures.c. References device_list_head, lookup_device(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTFOUND, rsbac_printk(), T_DIR, T_FIFO, T_FILE, and T_SYMLINK. Referenced by copy_fp_cap_set_item(), copy_fp_tru_set_item(), get_attr_fd(), rsbac_acl_get_rights(), and rsbac_acl_get_single_right(). 09912 {
09913 if(!parent_target_p || !parent_tid_p)
09914 return -RSBAC_EINVALIDPOINTER;
09915 /*
09916 #ifdef CONFIG_RSBAC_DEBUG
09917 if (rsbac_debug_ds)
09918 {
09919 rsbac_printk(KERN_DEBUG
09920 "rsbac_get_parent(): Getting file/dir/fifo/symlink parent for device %02u:%02u, inode %lu, dentry_p %p\n",
09921 RSBAC_MAJOR(tid.file.device),RSBAC_MINOR(tid.file.device), (u_long) tid.file.inode, tid.file.dentry_p);
09922 }
09923 #endif
09924 */
09925 switch(target)
09926 {
09927 case T_FILE:
09928 case T_DIR:
09929 case T_FIFO:
09930 case T_SYMLINK:
09931 break;
09932 default:
09933 return -RSBAC_EINVALIDTARGET;
09934 }
09935
09936 if(!tid.file.dentry_p)
09937 return -RSBAC_ENOTFOUND;
09938
09939 *parent_target_p = T_DIR;
09940 /* Is this dentry root of a mounted device? */
09941 if( tid.file.dentry_p->d_sb
09942 && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p)
09943 )
09944 {
09945 struct rsbac_device_list_item_t * device_p;
09946 u_long dflags;
09947
09948 /* wait for read access to device_list_head */
09949 rsbac_read_lock(&device_list_head.lock, &dflags);
09950
09951 device_p = lookup_device(tid.file.device);
09952 if( !device_p
09953 || !device_p->d_covers
09954 || !device_p->d_covers->d_parent
09955 || !device_p->d_covers->d_parent->d_inode
09956 )
09957 {
09958 /* free access to device_list_head */
09959 rsbac_read_unlock(&device_list_head.lock, &dflags);
09960 return -RSBAC_ENOTFOUND;
09961 }
09962 parent_tid_p->dir.device = device_p->d_covers->d_parent->d_sb->s_dev;
09963 parent_tid_p->dir.inode = device_p->d_covers->d_parent->d_inode->i_ino;
09964 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent;
09965 /* free access to device_list_head */
09966 rsbac_read_unlock(&device_list_head.lock, &dflags);
09967 }
09968 else
09969 { /* no root of filesystem -> use d_parent, dev keeps unchanged */
09970 if(!tid.file.dentry_p->d_parent)
09971 {
09972 rsbac_printk(KERN_WARNING
09973 "rsbac_get_parent(): oops - d_parent is NULL!\n");
09974 return -RSBAC_ENOTFOUND;
09975 }
09976 if(tid.file.dentry_p == tid.file.dentry_p->d_parent)
09977 {
09978 rsbac_printk(KERN_WARNING
09979 "rsbac_get_parent(): oops - d_parent == dentry_p!\n");
09980 return -RSBAC_ENOTFOUND;
09981 }
09982 if(!tid.file.dentry_p->d_parent->d_inode)
09983 {
09984 rsbac_printk(KERN_WARNING
09985 "rsbac_get_parent(): oops - d_parent has no d_inode!\n");
09986 return -RSBAC_ENOTFOUND;
09987 }
09988 parent_tid_p->dir.device = tid.file.device;
09989 parent_tid_p->dir.inode = tid.file.dentry_p->d_parent->d_inode->i_ino;
09990 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent;
09991 }
09992 return 0;
09993 }
|
|
|
Definition at line 8008 of file aci_data_structures.c. References A_rc_def_role, FALSE, GEN, rsbac_kthread_t::list, list_head, NULL, rsbac_kthread_t::pid, rsbac_target_id_t::process, process_handles, rsbac_do_init(), RSBAC_EINVALIDPOINTER, RSBAC_EREINIT, rsbac_get_attr, rsbac_initialized, rsbac_kthread_notify(), rsbac_list_add(), rsbac_list_get_data(), RSBAC_MAC_DEF_INIT_P_FLAGS, RSBAC_MAC_P_FLAGS, rsbac_printk(), RSBAC_RC_GENERAL_ROLE, rsbac_rc_get_boot_role(), rsbac_root_dev, RSBAC_SYSADM_UID, T_PROCESS, user_handles, and wakeup_rsbacd(). 08010 {
08011 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08012 struct rsbac_kthread_t * rsbac_kthread_entry;
08013 struct list_head * p;
08014 #ifdef CONFIG_RSBAC_RC
08015 struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI;
08016 #endif
08017 rsbac_pid_t init_pid;
08018 #endif
08019 int err = 0;
08020 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
08021 || defined(CONFIG_RSBAC_INIT_THREAD)
08022 rsbac_pid_t rsbacd_pid;
08023 #endif
08024
08025 if (rsbac_initialized) {
08026 rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n");
08027 return(-RSBAC_EREINIT);
08028 }
08029 if (!current->fs) {
08030 rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n");
08031 return(-RSBAC_EINVALIDPOINTER);
08032 }
08033
08034 rsbac_root_dev = root_dev;
08035
08036 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
08037 || defined(CONFIG_RSBAC_INIT_THREAD)
08038 /* init the rsbacd wait queue head */
08039 init_waitqueue_head(&rsbacd_wait);
08040 #endif
08041
08042 #ifdef CONFIG_RSBAC_INIT_THREAD
08043 /* trigger dependency */
08044 #ifdef CONFIG_RSBAC_MAX_INIT_TIME
08045 #endif
08046 rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n",
08047 RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ);
08048 init_timer(&rsbac_timer);
08049 rsbac_timer.function = wakeup_rsbacd;
08050 rsbac_timer.data = 0;
08051 rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ);
08052 add_timer(&rsbac_timer);
08053
08054 /* Start rsbac thread for init */
08055 rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0);
08056 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n",
08057 rsbacd_pid);
08058
08059 if(!rsbac_initialized)
08060 interruptible_sleep_on(&rsbacd_wait);
08061 if(!rsbac_initialized)
08062 {
08063 rsbac_printk(KERN_ERR
08064 "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n");
08065 rsbac_printk(KERN_ERR
08066 "rsbac_init(): *** Killing rsbac_initd! ***\n");
08067 sys_kill(rsbacd_pid, SIGKILL);
08068 rsbac_initialized = FALSE;
08069 }
08070 #else
08071 rsbac_do_init();
08072 #endif
08073
08074 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
08075 if(rsbac_initialized) {
08076 /* Start rsbacd thread for auto write */
08077 rsbacd_pid = kernel_thread(rsbacd, NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
08078 if(rsbacd_pid < 0)
08079 {
08080 rsbac_printk(KERN_ERR
08081 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
08082 rsbacd_pid);
08083 }
08084 else
08085 {
08086 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n",
08087 rsbacd_pid);
08088 }
08089 }
08090 #endif
08091
08092 /* Ready. */
08093 /* schedule(); */
08094 #ifdef CONFIG_RSBAC_INIT_THREAD
08095 sys_wait4(-1, NULL, WNOHANG, NULL);
08096 #endif
08097
08098 /* Add all processes to list of processes as init processes */
08099 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08100 {
08101 #ifdef CONFIG_RSBAC_MAC
08102 struct rsbac_mac_user_aci_t mac_u_aci;
08103 #endif
08104 #ifdef CONFIG_RSBAC_RC
08105 struct rsbac_rc_user_aci_t rc_u_aci;
08106 #endif
08107 rsbac_uid_t user = RSBAC_SYSADM_UID;
08108 rsbac_pid_t pid = 1;
08109 struct task_struct * p;
08110
08111 union rsbac_target_id_t k_tid;
08112 union rsbac_attribute_value_t k_attr_val;
08113
08114 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n");
08115 /* Prepare entries: change standard values to root's values */
08116 #ifdef CONFIG_RSBAC_MAC
08117 if(!rsbac_list_get_data(user_handles.mac, &user, &mac_u_aci)) {
08118 mac_init_p_aci.owner_sec_level = mac_u_aci.security_level;
08119 mac_init_p_aci.owner_initial_sec_level = mac_u_aci.initial_security_level;
08120 mac_init_p_aci.current_sec_level = mac_u_aci.initial_security_level;
08121 mac_init_p_aci.owner_min_sec_level = mac_u_aci.min_security_level;
08122 mac_init_p_aci.mac_owner_categories = mac_u_aci.mac_categories;
08123 mac_init_p_aci.mac_owner_initial_categories = mac_u_aci.mac_initial_categories;
08124 mac_init_p_aci.mac_curr_categories = mac_u_aci.mac_initial_categories;
08125 mac_init_p_aci.mac_owner_min_categories = mac_u_aci.mac_min_categories;
08126 mac_init_p_aci.min_write_open = mac_u_aci.security_level;
08127 mac_init_p_aci.max_read_open = mac_u_aci.min_security_level;
08128 mac_init_p_aci.min_write_categories = mac_u_aci.mac_categories;
08129 mac_init_p_aci.max_read_categories = mac_u_aci.mac_min_categories;
08130 mac_init_p_aci.mac_process_flags
08131 = (mac_u_aci.mac_user_flags & RSBAC_MAC_P_FLAGS) | RSBAC_MAC_DEF_INIT_P_FLAGS;
08132 }
08133 #endif
08134
08135 /* Set process aci - first init */
08136 #ifdef CONFIG_RSBAC_MAC
08137 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08138 rsbac_printk(KERN_WARNING
08139 "rsbac_do_init(): MAC ACI for Init process 1 could not be added!\n");
08140 #endif
08141 #ifdef CONFIG_RSBAC_RC
08142 /* Get boot role */
08143 if(rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role)) {
08144 /* none: use root's role */
08145 if(!rsbac_list_get_data(user_handles.rc, &user, &rc_u_aci)) {
08146 rc_init_p_aci.rc_role = rc_u_aci.rc_role;
08147 } else {
08148 /* last resort: general role */
08149 rsbac_ds_get_error("rsbac_do_init", A_rc_def_role);
08150 rc_init_p_aci.rc_role = RSBAC_RC_GENERAL_ROLE;
08151 }
08152 }
08153 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role;
08154 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_init_p_aci))
08155 rsbac_printk(KERN_WARNING
08156 "rsbac_do_init(): RC ACI for Init process 1 could not be added!\n");
08157 #endif
08158 read_lock(&tasklist_lock);
08159 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08160 for_each_task(p)
08161 #else
08162 for_each_process(p)
08163 #endif
08164 {
08165 /* not for kernel and init though... */
08166 if(!p->pid || (p->pid == 1))
08167 continue;
08168 pid = p->pid;
08169 #ifdef CONFIG_RSBAC_DEBUG
08170 if (rsbac_debug_ds) {
08171 rsbac_printk(KERN_DEBUG "rsbac_do_init(): setting aci for process %u\n",
08172 pid);
08173 }
08174 #endif
08175 #ifdef CONFIG_RSBAC_MAC
08176 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08177 rsbac_printk(KERN_WARNING
08178 "rsbac_do_init(): MAC ACI for Init process %u could not be added!\n",
08179 pid);
08180 #endif
08181 #ifdef CONFIG_RSBAC_RC
08182 k_tid.process = p->pid;
08183 if (rsbac_get_attr(GEN, T_PROCESS,
08184 k_tid,
08185 A_kernel_thread,
08186 &k_attr_val,
08187 FALSE)) {
08188 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n", pid);
08189 }
08190 if (k_attr_val.kernel_thread) {
08191 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
08192 rsbac_printk(KERN_WARNING
08193 "rsbac_do_init(): RC ACI for Kernel process %u could not be added!\n",
08194 pid);
08195 }
08196 #endif
08197 }
08198 read_unlock(&tasklist_lock);
08199 }
08200 list_for_each(p, &rsbac_kthread->list) {
08201 rsbac_kthread_entry = list_entry(p,
08202 struct rsbac_kthread_t, list);
08203 if (rsbac_kthread_entry->pid != 1
08204 || rsbac_kthread_entry->pid != rsbacd_pid); {
08205 rsbac_kthread_notify(rsbac_kthread_entry->pid);
08206 /* kernel list implementation is for exclusive
08207 * wizards use, let's not free it now till
08208 * i know why it oops. doesnt consume much memory
08209 * anyway. michal. */
08210 /*list_del(&rsbac_kthread_entry->list);
08211 * kfree(rsbac_kthread_entry);*/
08212 }
08213 } /* explicitly mark init and rsbacd */
08214 init_pid = 1;
08215 #ifdef CONFIG_RSBAC_MAC
08216 if (rsbac_list_add(process_handles.mac[mac_p_hash(init_pid)], &init_pid, &mac_init_p_aci))
08217 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"init\" process could not be added!\n");
08218 if (rsbac_list_add(process_handles.mac[mac_p_hash(rsbacd_pid)], &rsbacd_pid, &mac_init_p_aci))
08219 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"rsbacd\" process could not be added!\n");
08220 #endif
08221 #ifdef CONFIG_RSBAC_RC
08222 if (rsbac_list_add(process_handles.rc[rc_p_hash(init_pid)], &init_pid, &rc_init_p_aci))
08223 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"init\" process could not be added!\n");
08224 if (rsbac_list_add(process_handles.rc[rc_p_hash(rsbacd_pid)], &rsbacd_pid, &rc_kernel_p_aci))
08225 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"rsbacd\" process could not be added!\n");
08226 #endif
08227
08228 /*kfree(rsbac_kthread);*/
08229
08230 #endif /* MAC or RC */
08231
08232 rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n");
08233 return(err);
08234 }
|
|
|
|
Definition at line 8246 of file aci_data_structures.c. References process_handles, rsbac_initialized, rsbac_list_add(), and rsbac_printk(). Referenced by rsbac_init(). 08247 {
08248 if (!rsbac_initialized)
08249 return 0;
08250 /* Set process aci */
08251 #ifdef CONFIG_RSBAC_MAC
08252 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08253 rsbac_printk(KERN_WARNING
08254 "rsbac_do_init(): MAC ACI for kernel process %u could not be added!",
08255 pid);
08256 #endif
08257 #ifdef CONFIG_RSBAC_RC
08258 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
08259 rsbac_printk(KERN_WARNING
08260 "rsbac_do_init(): RC ACI for kernel process %u could not be added!",
08261 pid);
08262 #endif
08263 return 0;
08264 }
|
|
|
Definition at line 7984 of file aci_data_structures.c. References rsbac_kthread_t::list. 07985 {
07986 rsbac_kthread_size_t = sizeof(struct rsbac_kthread_t);
07987 rsbac_kthread = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07988 INIT_LIST_HEAD(&rsbac_kthread->list);
07989 return 0;
07990 }
|
|
|
Definition at line 7992 of file aci_data_structures.c. References rsbac_kthread_t::list, rsbac_kthread_t::pid, and rsbac_initialized. 07993 {
07994 struct rsbac_kthread_t * rsbac_kthread_new;
07995
07996 if (rsbac_initialized)
07997 return 0;
07998 rsbac_kthread_new = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07999 rsbac_kthread_new->pid = pid;
08000 list_add(&rsbac_kthread_new->list, &rsbac_kthread->list);
08001 return 0;
08002 }
|
|
||||||||||||
|
Definition at line 8268 of file aci_data_structures.c. References add_device_item(), clear_device_item(), create_device_item(), device_list_head, get_error_name(), lookup_device(), NULL, register_fd_lists(), rsbac_debug_no_write, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_init(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_mount(), RSBAC_MAXNAMELEN, rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_mount_reg(), rsbac_printk(), rsbac_root_dev, rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE. Referenced by get_attr_fd(), rsbac_aef_sb_post_addmount(), rsbac_aef_sb_umount_busy(), rsbac_do_init(), rsbac_get_super_block(), rsbac_ta_remove_target(), and set_attr_fd(). 08269 {
08270 int err = 0;
08271 struct rsbac_device_list_item_t * device_p;
08272 struct rsbac_device_list_item_t * new_device_p;
08273 u_long flags;
08274 rsbac_boolean_t old_no_write;
08275
08276 if(!sb_p)
08277 {
08278 rsbac_printk(KERN_WARNING
08279 "rsbac_mount(): called with NULL pointer\n");
08280 return -RSBAC_EINVALIDPOINTER;
08281 }
08282 if (!rsbac_initialized)
08283 {
08284 #ifdef CONFIG_RSBAC_INIT_DELAY
08285 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08286 if( !RSBAC_MAJOR(rsbac_delayed_root)
08287 && !RSBAC_MINOR(rsbac_delayed_root)
08288 && rsbac_delayed_root_str[0]
08289 )
08290 { /* translate string to kdev_t */
08291 char * p = rsbac_delayed_root_str;
08292 u_int major = 0;
08293 u_int minor = 0;
08294
08295 major = simple_strtoul(p, NULL, 0);
08296 while((*p != ':') && (*p != '\0'))
08297 p++;
08298 if(*p)
08299 {
08300 p++;
08301 minor = simple_strtoul(p, NULL, 0);
08302 }
08303 rsbac_delayed_root = RSBAC_MKDEV(major,minor);
08304 }
08305 #endif
08306 if( !rsbac_no_delay_init
08307 && ( ( !RSBAC_MAJOR(rsbac_delayed_root)
08308 && !RSBAC_MINOR(rsbac_delayed_root)
08309 && (MAJOR(sb_p->s_dev) > 1)
08310 )
08311 || ( ( RSBAC_MAJOR(rsbac_delayed_root)
08312 || RSBAC_MINOR(rsbac_delayed_root)
08313 )
08314 && ( (MAJOR(sb_p->s_dev) == RSBAC_MAJOR(rsbac_delayed_root))
08315 && ( !RSBAC_MINOR(rsbac_delayed_root)
08316 || (MINOR(sb_p->s_dev) == RSBAC_MINOR(rsbac_delayed_root))
08317 )
08318 )
08319 )
08320 )
08321 )
08322 {
08323 if(RSBAC_MAJOR(rsbac_delayed_root) || RSBAC_MINOR(rsbac_delayed_root))
08324 {
08325 rsbac_printk(KERN_INFO
08326 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
08327 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
08328 RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root));
08329 }
08330 else
08331 {
08332 rsbac_printk(KERN_INFO
08333 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
08334 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08335 }
08336 rsbac_init(sb_p->s_dev);
08337 return 0;
08338 }
08339 #endif
08340
08341 rsbac_printk(KERN_WARNING
08342 "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
08343 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08344
08345 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08346 if( (sb_p->s_magic == SYSFS_MAGIC)
08347 && !RSBAC_MAJOR(sb_p->s_dev)
08348 )
08349 {
08350 rsbac_printk(KERN_WARNING
08351 "rsbac_mount(): sysfs mount detected, keeping values for later use\n");
08352 sysfs_sb_p = sb_p;
08353 sysfs_covered_p = d_covers;
08354 }
08355 #endif
08356 #ifdef CONFIG_DEVFS_MOUNT
08357 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
08358 && !RSBAC_MAJOR(sb_p->s_dev)
08359 )
08360 {
08361 rsbac_printk(KERN_WARNING
08362 "rsbac_mount(): devfs mount detected, keeping values for later use\n");
08363 devfs_sb_p = sb_p;
08364 devfs_covered_p = d_covers;
08365 }
08366 #endif
08367 return(-RSBAC_ENOTINITIALIZED);
08368 }
08369 #ifdef CONFIG_RSBAC_DEBUG
08370 if (rsbac_debug_ds)
08371 {
08372 rsbac_printk(KERN_DEBUG "rsbac_mount(): mounting device %02u:%02u\n",
08373 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08374 }
08375 if(rsbac_debug_stack)
08376 {
08377 unsigned long * n = (unsigned long *) (current+1);
08378
08379 while (!*n)
08380 n++;
08381 rsbac_printk(KERN_DEBUG "rsbac_mount: free stack: %lu\n",
08382 (unsigned long) n - (unsigned long)(current+1));
08383 }
08384 #endif
08385 down(&rsbac_write_sem);
08386 old_no_write = rsbac_debug_no_write;
08387 rsbac_debug_no_write = TRUE;
08388 up(&rsbac_write_sem);
08389 /* wait for read access to device_list_head */
08390 rsbac_read_lock(&device_list_head.lock, &flags);
08391 device_p = lookup_device(sb_p->s_dev);
08392 /* repeated mount? */
08393 if(device_p)
08394 {
08395 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n",
08396 device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08397 device_p->mount_count++;
08398 if( d_covers
08399 && !device_p->d_covers
08400 && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev))
08401 && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev))
08402 )
08403 {
08404 rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
08405 d_covers);
08406 device_p->d_covers = d_covers;
08407 }
08408 rsbac_read_unlock(&device_list_head.lock, &flags);
08409 }
08410 else
08411 {
08412 rsbac_read_unlock(&device_list_head.lock, &flags);
08413 /* OK, go on */
08414 new_device_p = create_device_item(sb_p, d_covers);
08415 #ifdef CONFIG_RSBAC_DEBUG
08416 if(rsbac_debug_stack)
08417 {
08418 unsigned long * n = (unsigned long *) (current+1);
08419
08420 while (!*n)
08421 n++;
08422 rsbac_printk(KERN_DEBUG "rsbac_mount: after creating device item: free stack: %lu\n",
08423 (unsigned long) n - (unsigned long)(current+1));
08424 }
08425 #endif
08426 if(!new_device_p)
08427 {
08428 rsbac_debug_no_write = old_no_write;
08429 return -RSBAC_ECOULDNOTADDDEVICE;
08430 }
08431
08432 rsbac_read_lock(&device_list_head.lock, &flags);
08433 /* make sure to only add, if this device item has not been added in the meantime */
08434 device_p = lookup_device(sb_p->s_dev);
08435 if(device_p)
08436 {
08437 rsbac_printk(KERN_WARNING
08438 "rsbac_mount(): mount race for device %02u:%02u detected!\n",
08439 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08440 device_p->mount_count++;
08441 rsbac_read_unlock(&device_list_head.lock, &flags);
08442 clear_device_item(new_device_p);
08443 }
08444 else
08445 {
08446 rsbac_read_unlock(&device_list_head.lock, &flags);
08447 rsbac_write_lock(&device_list_head.lock, &flags);
08448 device_p = add_device_item(new_device_p);
08449 rsbac_write_unlock(&device_list_head.lock, &flags);
08450 if(!device_p)
08451 {
08452 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n",
08453 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08454 clear_device_item(new_device_p);
08455 rsbac_debug_no_write = old_no_write;
08456 return -RSBAC_ECOULDNOTADDDEVICE;
08457 }
08458 }
08459
08460 /* Generic lists */
08461 rsbac_list_mount(sb_p->s_dev);
08462 /* we do not lock device head - we know the device_p and hope for the best... */
08463 /* also, we are within kernel mount sem */
08464 if((err = register_fd_lists(new_device_p, sb_p->s_dev)))
08465 {
08466 char * tmp;
08467
08468 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
08469 if(tmp)
08470 {
08471 rsbac_printk(KERN_WARNING
08472 "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
08473 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), get_error_name(tmp,err));
08474 rsbac_kfree(tmp);
08475 }
08476 }
08477 #ifdef CONFIG_RSBAC_DEBUG
08478 if(rsbac_debug_stack)
08479 {
08480 unsigned long * n = (unsigned long *) (current+1);
08481
08482 while (!*n)
08483 n++;
08484 rsbac_printk(KERN_DEBUG "rsbac_mount: after registering fd lists: free stack: %lu\n",
08485 (unsigned long) n - (unsigned long)(current+1));
08486 }
08487 #endif
08488 }
08489
08490 /* call other mount functions */
08491 /****** MAC *******/
08492 #if defined(CONFIG_RSBAC_MAC)
08493 rsbac_mount_mac(sb_p->s_dev);
08494 #ifdef CONFIG_RSBAC_DEBUG
08495 if(rsbac_debug_stack)
08496 {
08497 unsigned long * n = (unsigned long *) (current+1);
08498
08499 while (!*n)
08500 n++;
08501 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_mac: free stack: %lu\n",
08502 (unsigned long) n - (unsigned long)(current+1));
08503 }
08504 #endif
08505 #endif
08506 /****** AUTH *******/
08507 #if defined(CONFIG_RSBAC_AUTH)
08508 rsbac_mount_auth(sb_p->s_dev);
08509 #ifdef CONFIG_RSBAC_DEBUG
08510 if(rsbac_debug_stack)
08511 {
08512 unsigned long * n = (unsigned long *) (current+1);
08513
08514 while (!*n)
08515 n++;
08516 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_auth: free stack: %lu\n",
08517 (unsigned long) n - (unsigned long)(current+1));
08518 }
08519 #endif
08520 #endif
08521 /****** ACL *******/
08522 #if defined(CONFIG_RSBAC_ACL)
08523 rsbac_mount_acl(sb_p->s_dev);
08524 #ifdef CONFIG_RSBAC_DEBUG
08525 if(rsbac_debug_stack)
08526 {
08527 unsigned long * n = (unsigned long *) (current+1);
08528
08529 while (!*n)
08530 n++;
08531 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_acl: free stack: %lu\n",
08532 (unsigned long) n - (unsigned long)(current+1));
08533 }
08534 #endif
08535 #endif
08536 /****** REG *******/
08537 #if defined(CONFIG_RSBAC_REG)
08538 rsbac_mount_reg(sb_p->s_dev);
08539 #ifdef CONFIG_RSBAC_DEBUG
08540 if(rsbac_debug_stack)
08541 {
08542 unsigned long * n = (unsigned long *) (current+1);
08543
08544 while (!*n)
08545 n++;
08546 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_reg: free stack: %lu\n",
08547 (unsigned long) n - (unsigned long)(current+1));
08548 }
08549 #endif
08550 #endif /* REG */
08551
08552 rsbac_debug_no_write = old_no_write;
08553 return(err);
08554 }
|
|
|
|
|
|
Definition at line 8721 of file aci_data_structures.c. 08722 {
08723 struct rsbac_device_list_item_t * device_p;
08724 int i;
08725 u_long fd_count = 0, fd_sum = 0;
08726 u_long dev_sum = 0;
08727 u_long ipc_sum = 0;
08728 u_long user_sum = 0;
08729 u_long process_sum = 0;
08730 #if defined(CONFIG_RSBAC_UM)
08731 u_long group_sum = 0;
08732 #endif
08733 #if defined(CONFIG_RSBAC_NET_OBJ)
08734 u_long nettemp_sum = 0;
08735 u_long lnetobj_sum = 0;
08736 u_long rnetobj_sum = 0;
08737 #endif
08738 u_long total_sum = 0;
08739 long tmp_count;
08740 u_long dflags;
08741
08742 if (!rsbac_initialized)
08743 {
08744 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n");
08745 return(-RSBAC_ENOTINITIALIZED);
08746 }
08747 /* wait for read access to device_list_head */
08748 rsbac_read_lock(&device_list_head.lock, &dflags);
08749 /* OK, go on */
08750 /* rsbac_printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n",
08751 device_list_head.lock.lock); */
08752 device_p = device_list_head.head;
08753 while (device_p)
08754 { /* for all sublists */
08755 fd_count = 0;
08756 for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++)
08757 {
08758 tmp_count = rsbac_list_count(device_p->handles.gen[i]);
08759 if(tmp_count > 0)
08760 fd_count+=tmp_count;
08761 }
08762 rsbac_printk(KERN_INFO "Device %02u:%02u fd_items: %lu GEN",
08763 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count);
08764 fd_sum += fd_count;
08765
08766 #if defined(CONFIG_RSBAC_MAC)
08767 fd_count = 0;
08768 for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++)
08769 {
08770 tmp_count = rsbac_list_count(device_p->handles.mac[i]);
08771 if(tmp_count > 0)
08772 fd_count+=tmp_count;
08773 }
08774 rsbac_printk(", %lu MAC",
08775 fd_count);
08776 fd_sum += fd_count;
08777 #endif
08778
08779 #if defined(CONFIG_RSBAC_PM)
08780 fd_count = 0;
08781 for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++)
08782 {
08783 tmp_count = rsbac_list_count(device_p->handles.pm[i]);
08784 if(tmp_count > 0)
08785 fd_count+=tmp_count;
08786 }
08787 rsbac_printk(", %lu PM",
08788 fd_count);
08789 fd_sum += fd_count;
08790 #endif
08791
08792 #if defined(CONFIG_RSBAC_DAZ)
08793 fd_count = 0;
08794 for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++)
08795 {
08796 tmp_count = rsbac_list_count(device_p->handles.daz[i]);
08797 if(tmp_count > 0)
08798 fd_count+=tmp_count;
08799 }
08800 rsbac_printk(", %lu DAZ",
08801 fd_count);
08802 fd_sum += fd_count;
08803 #if defined(CONFIG_RSBAC_DAZ_CACHE)
08804 fd_count = 0;
08805 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
08806 {
08807 tmp_count = rsbac_list_count(device_p->handles.dazs[i]);
08808 if(tmp_count > 0)
08809 fd_count+=tmp_count;
08810 }
08811 rsbac_printk(", %lu DAZ_SCANNED",
08812 fd_count);
08813 fd_sum += fd_count;
08814 #endif
08815 #endif
08816
08817 #if defined(CONFIG_RSBAC_FF)
08818 fd_count = 0;
08819 for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++)
08820 {
08821 tmp_count = rsbac_list_count(device_p->handles.ff[i]);
08822 if(tmp_count > 0)
08823 fd_count+=tmp_count;
08824 }
08825 rsbac_printk(", %lu FF",
08826 fd_count);
08827 fd_sum += fd_count;
08828 #endif
08829
08830 #if defined(CONFIG_RSBAC_RC)
08831 fd_count = 0;
08832 for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++)
08833 {
08834 tmp_count = rsbac_list_count(device_p->handles.rc[i]);
08835 if(tmp_count > 0)
08836 fd_count+=tmp_count;
08837 }
08838 rsbac_printk(", %lu RC",
08839 fd_count);
08840 fd_sum += fd_count;
08841 #endif
08842
08843 #if defined(CONFIG_RSBAC_AUTH)
08844 fd_count = 0;
08845 for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++)
08846 {
08847 tmp_count = rsbac_list_count(device_p->handles.auth[i]);
08848 if(tmp_count > 0)
08849 fd_count+=tmp_count;
08850 }
08851 rsbac_printk(", %lu AUTH",
08852 fd_count);
08853 fd_sum += fd_count;
08854 #endif
08855
08856 #if defined(CONFIG_RSBAC_CAP)
08857 fd_count = 0;
08858 for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++)
08859 {
08860 tmp_count = rsbac_list_count(device_p->handles.cap[i]);
08861 if(tmp_count > 0)
08862 fd_count+=tmp_count;
08863 }
08864 rsbac_printk(", %lu CAP",
08865 fd_count);
08866 fd_sum += fd_count;
08867 #endif
08868 #if defined(CONFIG_RSBAC_RES)
08869 fd_count = 0;
08870 for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++)
08871 {
08872 tmp_count = rsbac_list_count(device_p->handles.res[i]);
08873 if(tmp_count > 0)
08874 fd_count+=tmp_count;
08875 }
08876 rsbac_printk(", %lu RES",
08877 fd_count);
08878 fd_sum += fd_count;
08879 #endif
08880 #if defined(CONFIG_RSBAC_PAX)
08881 fd_count = 0;
08882 for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++)
08883 {
08884 tmp_count = rsbac_list_count(device_p->handles.pax[i]);
08885 if(tmp_count > 0)
08886 fd_count+=tmp_count;
08887 }
08888 rsbac_printk(", %lu PAX",
08889 fd_count);
08890 fd_sum += fd_count;
08891 #endif
08892
08893 rsbac_printk("\n");
08894 device_p = device_p->next;
08895 }
08896 rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
08897 device_list_head.count, fd_sum);
08898 /* free access to device_list_head */
08899 rsbac_read_unlock(&device_list_head.lock, &dflags);
08900 total_sum += fd_sum;
08901
08902 /* dev lists */
08903 tmp_count = rsbac_list_count(dev_handles.gen);
08904 rsbac_printk(KERN_INFO "DEV items: %lu GEN",
08905 tmp_count);
08906 dev_sum += tmp_count;
08907 #if defined(CONFIG_RSBAC_MAC)
08908 tmp_count = rsbac_list_count(dev_handles.mac);
08909 rsbac_printk(", %lu MAC",
08910 tmp_count);
08911 dev_sum += tmp_count;
08912 #endif
08913 #if defined(CONFIG_RSBAC_PM)
08914 tmp_count = rsbac_list_count(dev_handles.pm);
08915 rsbac_printk(", %lu PM",
08916 tmp_count);
08917 dev_sum += tmp_count;
08918 #endif
08919 #if defined(CONFIG_RSBAC_RC)
08920 tmp_count = rsbac_list_count(dev_major_handles.rc);
08921 rsbac_printk(", %lu major RC",
08922 tmp_count);
08923 dev_sum += tmp_count;
08924 tmp_count = rsbac_list_count(dev_handles.rc);
08925 rsbac_printk(", %lu RC",
08926 tmp_count);
08927 dev_sum += tmp_count;
08928 #endif
08929 rsbac_printk("\n");
08930 rsbac_printk(KERN_INFO "Sum of %lu DEV items\n",
08931 dev_sum);
08932 total_sum += dev_sum;
08933
08934 /* ipc lists */
08935 rsbac_printk(KERN_INFO "IPC items: no GEN");
08936 #if defined(CONFIG_RSBAC_MAC)
08937 tmp_count = rsbac_list_count(ipc_handles.mac);
08938 rsbac_printk(", %lu MAC",
08939 tmp_count);
08940 ipc_sum += tmp_count;
08941 #endif
08942 #if defined(CONFIG_RSBAC_PM)
08943 tmp_count = rsbac_list_count(ipc_handles.pm);
08944 rsbac_printk(", %lu PM",
08945 tmp_count);
08946 ipc_sum += tmp_count;
08947 #endif
08948 #if defined(CONFIG_RSBAC_RC)
08949 tmp_count = rsbac_list_count(ipc_handles.rc);
08950 rsbac_printk(", %lu RC",
08951 tmp_count);
08952 ipc_sum += tmp_count;
08953 #endif
08954 #if defined(CONFIG_RSBAC_JAIL)
08955 tmp_count = rsbac_list_count(ipc_handles.jail);
08956 rsbac_printk(", %lu JAIL",
08957 tmp_count);
08958 ipc_sum += tmp_count;
08959 #endif
08960 rsbac_printk("\n");
08961 rsbac_printk(KERN_INFO "Sum of %lu IPC items\n",
08962 ipc_sum);
08963 total_sum += ipc_sum;
08964
08965 /* user lists */
08966 tmp_count = rsbac_list_count(user_handles.gen);
08967 rsbac_printk(KERN_INFO "USER items: %lu GEN",
08968 tmp_count);
08969 user_sum += tmp_count;
08970 #if defined(CONFIG_RSBAC_MAC)
08971 tmp_count = rsbac_list_count(user_handles.mac);
08972 rsbac_printk(", %lu MAC",
08973 tmp_count);
08974 user_sum += tmp_count;
08975 #endif
08976 #if defined(CONFIG_RSBAC_PM)
08977 tmp_count = rsbac_list_count(user_handles.pm);
08978 rsbac_printk(", %lu PM",
08979 tmp_count);
08980 user_sum += tmp_count;
08981 #endif
08982 #if defined(CONFIG_RSBAC_DAZ)
08983 tmp_count = rsbac_list_count(user_handles.daz);
08984 rsbac_printk(", %lu DAZ",
08985 tmp_count);
08986 user_sum += tmp_count;
08987 #endif
08988 #if defined(CONFIG_RSBAC_RC)
08989 tmp_count = rsbac_list_count(user_handles.rc);
08990 rsbac_printk(", %lu RC",
08991 tmp_count);
08992 user_sum += tmp_count;
08993 #endif
08994 #if defined(CONFIG_RSBAC_AUTH)
08995 tmp_count = rsbac_list_count(user_handles.auth);
08996 rsbac_printk(", %lu AUTH",
08997 tmp_count);
08998 user_sum += tmp_count;
08999 #endif
09000 #if defined(CONFIG_RSBAC_CAP)
09001 tmp_count = rsbac_list_count(user_handles.cap);
09002 rsbac_printk(", %lu CAP",
09003 tmp_count);
09004 user_sum += tmp_count;
09005 #endif
09006 #if defined(CONFIG_RSBAC_JAIL)
09007 tmp_count = rsbac_list_count(user_handles.jail);
09008 rsbac_printk(", %lu JAIL",
09009 tmp_count);
09010 user_sum += tmp_count;
09011 #endif
09012 #if defined(CONFIG_RSBAC_RES)
09013 tmp_count = rsbac_list_count(user_handles.res);
09014 rsbac_printk(", %lu RES",
09015 tmp_count);
09016 user_sum += tmp_count;
09017 #endif
09018 #if defined(CONFIG_RSBAC_PAX)
09019 tmp_count = rsbac_list_count(user_handles.pax);
09020 rsbac_printk(", %lu PAX",
09021 tmp_count);
09022 user_sum += tmp_count;
09023 #endif
09024 rsbac_printk("\n");
09025 rsbac_printk(KERN_INFO "Sum of %lu USER items\n",
09026 user_sum);
09027 total_sum += user_sum;
09028
09029 /* process lists */
09030 tmp_count = 0;
09031 for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++)
09032 tmp_count += rsbac_list_count(process_handles.gen[i]);
09033 rsbac_printk(KERN_INFO "PROCESS items: %lu GEN",
09034 tmp_count);
09035 process_sum += tmp_count;
09036 #if defined(CONFIG_RSBAC_MAC)
09037 tmp_count = 0;
09038 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
09039 tmp_count += rsbac_list_count(process_handles.mac[i]);
09040 rsbac_printk(", %lu MAC",
09041 tmp_count);
09042 process_sum += tmp_count;
09043 #endif
09044 #if defined(CONFIG_RSBAC_PM)
09045 tmp_count = rsbac_list_count(process_handles.pm);
09046 rsbac_printk(", %lu PM",
09047 tmp_count);
09048 process_sum += tmp_count;
09049 #endif
09050 #if defined(CONFIG_RSBAC_DAZ)
09051 tmp_count = rsbac_list_count(process_handles.daz);
09052 rsbac_printk(", %lu DAZ",
09053 tmp_count);
09054 process_sum += tmp_count;
09055 #endif
09056 #if defined(CONFIG_RSBAC_RC)
09057 tmp_count = 0;
09058 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
09059 tmp_count += rsbac_list_count(process_handles.rc[i]);
09060 rsbac_printk(", %lu RC",
09061 tmp_count);
09062 process_sum += tmp_count;
09063 #endif
09064 #if defined(CONFIG_RSBAC_AUTH)
09065 tmp_count = rsbac_list_count(process_handles.auth);
09066 rsbac_printk(", %lu AUTH",
09067 tmp_count);
09068 process_sum += tmp_count;
09069 #endif
09070 #if defined(CONFIG_RSBAC_CAP)
09071 tmp_count = rsbac_list_count(process_handles.cap);
09072 rsbac_printk(", %lu CAP",
09073 tmp_count);
09074 process_sum += tmp_count;
09075 #endif
09076 #if defined(CONFIG_RSBAC_JAIL)
09077 tmp_count = 0;
09078 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
09079 tmp_count += rsbac_list_count(process_handles.jail[i]);
09080 rsbac_printk(", %lu JAIL",
09081 tmp_count);
09082 process_sum += tmp_count;
09083 #endif
09084 rsbac_printk("\n");
09085 rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n",
09086 process_sum);
09087 total_sum += process_sum;
09088
09089 #if defined(CONFIG_RSBAC_UM)
09090 /* group lists */
09091 rsbac_printk(KERN_INFO "GROUP items: ");
09092 #if defined(CONFIG_RSBAC_RC_UM_PROT)
09093 tmp_count = rsbac_list_count(group_handles.rc);
09094 rsbac_printk("%lu RC",
09095 tmp_count);
09096 user_sum += tmp_count;
09097 #endif
09098 rsbac_printk("\n");
09099 rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n",
09100 group_sum);
09101 total_sum += group_sum;
09102 #endif
09103
09104 #if defined(CONFIG_RSBAC_NET_OBJ)
09105 /* nettemp lists */
09106 rsbac_printk(KERN_INFO "NETTEMP items: ");
09107 #if defined(CONFIG_RSBAC_MAC)
09108 tmp_count = rsbac_list_count(nettemp_handles.mac);
09109 rsbac_printk("%lu MAC, ",
09110 tmp_count);
09111 nettemp_sum += tmp_count;
09112 #endif
09113 #if defined(CONFIG_RSBAC_PM)
09114 tmp_count = rsbac_list_count(nettemp_handles.pm);
09115 rsbac_printk("%lu PM, ",
09116 tmp_count);
09117 nettemp_sum += tmp_count;
09118 #endif
09119 #if defined(CONFIG_RSBAC_RC)
09120 tmp_count = rsbac_list_count(nettemp_handles.rc);
09121 rsbac_printk("%lu RC, ",
09122 tmp_count);
09123 nettemp_sum += tmp_count;
09124 #endif
09125 rsbac_printk("\n");
09126 rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n",
09127 nettemp_sum);
09128 total_sum += nettemp_sum;
09129
09130 /* local netobj lists */
09131 rsbac_printk(KERN_INFO "Local NETOBJ items:");
09132 #if defined(CONFIG_RSBAC_MAC)
09133 tmp_count = rsbac_list_count(lnetobj_handles.mac);
09134 rsbac_printk(" %lu MAC,",
09135 tmp_count);
09136 lnetobj_sum += tmp_count;
09137 #endif
09138 #if defined(CONFIG_RSBAC_PM)
09139 tmp_count = rsbac_list_count(lnetobj_handles.pm);
09140 rsbac_printk(" %lu PM,",
09141 tmp_count);
09142 lnetobj_sum += tmp_count;
09143 #endif
09144 #if defined(CONFIG_RSBAC_RC)
09145 tmp_count = rsbac_list_count(lnetobj_handles.rc);
09146 rsbac_printk(" %lu RC",
09147 tmp_count);
09148 lnetobj_sum += tmp_count;
09149 #endif
09150 rsbac_printk("\n");
09151 rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n",
09152 lnetobj_sum);
09153 total_sum += lnetobj_sum;
09154
09155 /* remote netobj lists */
09156 rsbac_printk(KERN_INFO "Remote NETOBJ items:");
09157 #if defined(CONFIG_RSBAC_MAC)
09158 tmp_count = rsbac_list_count(rnetobj_handles.mac);
09159 rsbac_printk(" %lu MAC,",
09160 tmp_count);
09161 rnetobj_sum += tmp_count;
09162 #endif
09163 #if defined(CONFIG_RSBAC_PM)
09164 tmp_count = rsbac_list_count(rnetobj_handles.pm);
09165 rsbac_printk(" %lu PM,",
09166 tmp_count);
09167 rnetobj_sum += tmp_count;
09168 #endif
09169 #if defined(CONFIG_RSBAC_RC)
09170 tmp_count = rsbac_list_count(rnetobj_handles.rc);
09171 rsbac_printk(" %lu RC",
09172 tmp_count);
09173 rnetobj_sum += tmp_count;
09174 #endif
09175 rsbac_printk("\n");
09176 rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n",
09177 rnetobj_sum);
09178 total_sum += rnetobj_sum;
09179 #endif /* NET_OBJ */
09180
09181 rsbac_printk(KERN_INFO
09182 "Total of %lu registered rsbac-items\n",
09183 total_sum);
09184
09185 rsbac_printk(KERN_INFO
09186 "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
09187 rsbac_adf_request_count[T_FILE],
09188 rsbac_adf_request_count[T_DIR],
09189 rsbac_adf_request_count[T_FIFO],
09190 rsbac_adf_request_count[T_SYMLINK],
09191 rsbac_adf_request_count[T_DEV],
09192 rsbac_adf_request_count[T_IPC],
09193 rsbac_adf_request_count[T_SCD],
09194 rsbac_adf_request_count[T_USER],
09195 rsbac_adf_request_count[T_PROCESS],
09196 rsbac_adf_request_count[T_NETDEV],
09197 rsbac_adf_request_count[T_NETTEMP],
09198 rsbac_adf_request_count[T_NETOBJ]);
09199 rsbac_printk(KERN_INFO
09200 "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
09201 rsbac_adf_set_attr_count[T_FILE],
09202 rsbac_adf_set_attr_count[T_DIR],
09203 rsbac_adf_set_attr_count[T_FIFO],
09204 rsbac_adf_set_attr_count[T_SYMLINK],
09205 rsbac_adf_set_attr_count[T_DEV],
09206 rsbac_adf_set_attr_count[T_IPC],
09207 rsbac_adf_set_attr_count[T_SCD],
09208 rsbac_adf_set_attr_count[T_USER],
09209 rsbac_adf_set_attr_count[T_PROCESS],
09210 rsbac_adf_set_attr_count[T_NETDEV],
09211 rsbac_adf_set_attr_count[T_NETTEMP],
09212 rsbac_adf_set_attr_count[T_NETOBJ]);
09213
09214 #if defined(CONFIG_RSBAC_PM)
09215 rsbac_stats_pm();
09216 #endif
09217 #if defined(CONFIG_RSBAC_RC)
09218 rsbac_stats_rc();
09219 #endif
09220 #if defined(CONFIG_RSBAC_AUTH)
09221 rsbac_stats_auth();
09222 #endif
09223 #if defined(CONFIG_RSBAC_ACL)
09224 rsbac_stats_acl();
09225 #endif
09226 return(0);
09227 }
|
|
||||||||||||||||||||||||||||||||
|
Definition at line 12133 of file aci_data_structures.c. References rsbac_target_id_t::dev, get_attr_dev(), get_attr_fd(), get_attr_ipc(), get_attr_process(), get_attr_user(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, and T_USER. Referenced by rsbac_pm(), sys_rsbac_get_attr(), and sys_rsbac_get_attr_n(). 12141 {
12142 int err = 0;
12143
12144 if (!rsbac_initialized)
12145 {
12146 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n");
12147 return(-RSBAC_ENOTINITIALIZED);
12148 }
12149 if (!value)
12150 return(-RSBAC_EINVALIDPOINTER);
12151 if (in_interrupt())
12152 {
12153 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n");
12154 }
12155 #ifdef CONFIG_RSBAC_XSTATS
12156 get_attr_count[target]++;
12157 #endif
12158 switch (target)
12159 {
12160 case T_FILE:
12161 case T_DIR:
12162 case T_FIFO:
12163 case T_SYMLINK:
12164 return get_attr_fd(ta_number, module, target, &tid,
12165 attr, value, inherit);
12166
12167 case T_DEV:
12168 return get_attr_dev(ta_number, module, target, tid.dev,
12169 attr, value, inherit);
12170
12171 case T_IPC:
12172 return get_attr_ipc(ta_number, module, target, &tid,
12173 attr, value, inherit);
12174
12175 case T_USER:
12176 return get_attr_user(ta_number, module, target, &tid,
12177 attr, value, inherit);
12178
12179 case T_PROCESS:
12180 return get_attr_process(ta_number, module, target, &tid,
12181 attr, value, inherit);
12182
12183 #ifdef CONFIG_RSBAC_UM
12184 case T_GROUP:
12185 return get_attr_group(ta_number, module, target, &tid,
12186 attr, value, inherit);
12187 #endif /* CONFIG_RSBAC_UM */
12188
12189 #ifdef CONFIG_RSBAC_NET_DEV
12190 case T_NETDEV:
12191 return get_attr_netdev(ta_number, module, target, &tid,
12192 attr, value, inherit);
12193 #endif
12194
12195 #ifdef CONFIG_RSBAC_NET_OBJ
12196 case T_NETTEMP:
12197 return get_attr_nettemp(ta_number, module, target, &tid,
12198 attr, value, inherit);
12199
12200 case T_NETOBJ:
12201 return get_attr_netobj(ta_number, module, target, &tid,
12202 attr, value, inherit);
12203 #endif /* NET_OBJ */
12204
12205 /* switch target: no valid target */
12206 default:
12207 return -RSBAC_EINVALIDTARGET;
12208 }
12209
12210 return err;
12211 } /* end of rsbac_get_attr() */
|
|
||||||||||||
|
Definition at line 14867 of file aci_data_structures.c. References D_block, D_block_major, dev_handles, dev_major_handles, NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_exist(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc. Referenced by sys_rsbac_list_all_dev(). 14868 {
14869 int count=0;
14870 int tmp_count;
14871
14872 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen);
14873 if(tmp_count > 0)
14874 count += tmp_count;
14875 #if defined(CONFIG_RSBAC_MAC)
14876 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac);
14877 if(tmp_count > 0)
14878 count += tmp_count;
14879 #endif
14880 #if defined(CONFIG_RSBAC_PM)
14881 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm);
14882 if(tmp_count > 0)
14883 count += tmp_count;
14884 #endif
14885 #if defined(CONFIG_RSBAC_RC)
14886 tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc);
14887 if(tmp_count > 0)
14888 count += tmp_count;
14889 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc);
14890 if(tmp_count > 0)
14891 count += tmp_count;
14892 #endif
14893 if(id_pp)
14894 {
14895 struct rsbac_dev_desc_t * i_id_p = NULL;
14896 char * pos = NULL;
14897 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC)
14898 u_int i;
14899 #endif
14900
14901 if(count > 0)
14902 {
14903 int i_count = 0;
14904
14905 i_count = count + 20; /* max value to expect */
14906 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14907 if(!*id_pp)
14908 return -RSBAC_ENOMEM;
14909 pos = (char *) *id_pp;
14910 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14911 dev_handles.gen,
14912 (void **) &i_id_p);
14913 if(tmp_count > 0)
14914 {
14915 if(tmp_count > i_count)
14916 tmp_count = i_count;
14917 memcpy(pos, i_id_p, tmp_count * sizeof(*i_id_p));
14918 rsbac_vfree(i_id_p);
14919 count = tmp_count;
14920 i_count -= tmp_count;
14921 pos += tmp_count * sizeof(*i_id_p);
14922 }
14923 else
14924 count = 0;
14925 #if defined(CONFIG_RSBAC_MAC)
14926 if(i_count)
14927 {
14928 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.mac, (void **) &i_id_p);
14929 if(tmp_count > 0)
14930 {
14931 if(tmp_count > i_count)
14932 tmp_count = i_count;
14933 for(i=0; i< tmp_count; i++)
14934 {
14935 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14936 {
14937 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14938 pos += sizeof(*i_id_p);
14939 count++;
14940 i_count--;
14941 }
14942 }
14943 rsbac_vfree(i_id_p);
14944 }
14945 }
14946 #endif
14947 #if defined(CONFIG_RSBAC_PM)
14948 if(i_count)
14949 {
14950 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.pm, (void **) &i_id_p);
14951 if(tmp_count > 0)
14952 {
14953 if(tmp_count > i_count)
14954 tmp_count = i_count;
14955 for(i=0; i< tmp_count; i++)
14956 {
14957 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14958 #if defined(CONFIG_RSBAC_MAC)
14959 if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14960 #endif
14961 {
14962 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14963 pos += sizeof(*i_id_p);
14964 count++;
14965 i_count--;
14966 }
14967 }
14968 rsbac_vfree(i_id_p);
14969 }
14970 }
14971 #endif
14972 #if defined(CONFIG_RSBAC_RC)
14973 if(i_count)
14974 {
14975 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_major_handles.rc, (void **) &i_id_p);
14976 if(tmp_count > 0)
14977 {
14978 if(tmp_count > i_count)
14979 tmp_count = i_count;
14980 for(i=0; i< tmp_count; i++)
14981 {
14982 i_id_p[i].type += (D_block_major - D_block);
14983 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14984 pos += sizeof(*i_id_p);
14985 count++;
14986 i_count--;
14987 }
14988 rsbac_vfree(i_id_p);
14989 }
14990 }
14991 if(i_count)
14992 {
14993 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.rc, (void **) &i_id_p);
14994 if(tmp_count > 0)
14995 {
14996 if(tmp_count > i_count)
14997 tmp_count = i_count;
14998 for(i=0; i< tmp_count; i++)
14999 {
15000 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
15001 #if defined(CONFIG_RSBAC_MAC)
15002 if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
15003 #endif
15004 #if defined(CONFIG_RSBAC_PM)
15005 if(!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i]))
15006 #endif
15007 {
15008 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
15009 pos += sizeof(*i_id_p);
15010 count++;
15011 i_count--;
15012 }
15013 }
15014 rsbac_vfree(i_id_p);
15015 }
15016 }
15017 #endif
15018 if(!count)
15019 rsbac_vfree(*id_pp);
15020 }
15021 }
15022 return count;
15023 }
|
|
||||||||||||
|
Definition at line 15192 of file aci_data_structures.c. References NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc. Referenced by sys_rsbac_list_all_group(). 15193 {
15194 #if defined(CONFIG_RSBAC_RC_UM_PROT)
15195 int count=0;
15196 int tmp_count;
15197
15198 tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc);
15199 if(tmp_count > 0)
15200 count += tmp_count;
15201 if(id_pp)
15202 {
15203 if(count > 0)
15204 {
15205 int i_count;
15206 rsbac_gid_t * i_id_p = NULL;
15207
15208 i_count = count + 20; /* max value to expect */
15209 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15210 if(!*id_pp)
15211 return -RSBAC_ENOMEM;
15212 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15213 group_handles.rc,
15214 (void **) &i_id_p);
15215 if(tmp_count > 0)
15216 {
15217 if(tmp_count > i_count)
15218 tmp_count = i_count;
15219 memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p));
15220 rsbac_vfree(i_id_p);
15221 count = tmp_count;
15222 i_count -= tmp_count;
15223 }
15224 else
15225 count = 0;
15226 if(!count)
15227 rsbac_vfree(*id_pp);
15228 }
15229 }
15230 return count;
15231 #else
15232 return 0;
15233 #endif
15234 }
|
|
||||||||||||
|
Definition at line 15072 of file aci_data_structures.c. References copy_new_uids(), NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, rsbac_vmalloc, and user_handles. Referenced by sys_rsbac_list_all_user(). 15073 {
15074 int count=0;
15075 int tmp_count;
15076
15077 tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen);
15078 if(tmp_count > 0)
15079 count += tmp_count;
15080 #if defined(CONFIG_RSBAC_MAC)
15081 tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac);
15082 if(tmp_count > 0)
15083 count += tmp_count;
15084 #endif
15085 #if defined(CONFIG_RSBAC_PM)
15086 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm);
15087 if(tmp_count > 0)
15088 count += tmp_count;
15089 #endif
15090 #if defined(CONFIG_RSBAC_DAZ)
15091 tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz);
15092 if(tmp_count > 0)
15093 count += tmp_count;
15094 #endif
15095 #if defined(CONFIG_RSBAC_FF)
15096 tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff);
15097 if(tmp_count > 0)
15098 count += tmp_count;
15099 #endif
15100 #if defined(CONFIG_RSBAC_RC)
15101 tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc);
15102 if(tmp_count > 0)
15103 count += tmp_count;
15104 #endif
15105 #if defined(CONFIG_RSBAC_AUTH)
15106 tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth);
15107 if(tmp_count > 0)
15108 count += tmp_count;
15109 #endif
15110 #if defined(CONFIG_RSBAC_CAP)
15111 tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap);
15112 if(tmp_count > 0)
15113 count += tmp_count;
15114 #endif
15115 #if defined(CONFIG_RSBAC_JAIL)
15116 tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail);
15117 if(tmp_count > 0)
15118 count += tmp_count;
15119 #endif
15120 #if defined(CONFIG_RSBAC_PAX)
15121 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax);
15122 if(tmp_count > 0)
15123 count += tmp_count;
15124 #endif
15125 #if defined(CONFIG_RSBAC_RES)
15126 tmp_count = rsbac_ta_list_count(ta_number, user_handles.res);
15127 if(tmp_count > 0)
15128 count += tmp_count;
15129 #endif
15130 if(id_pp)
15131 {
15132 if(count > 0)
15133 {
15134 int i_count;
15135 rsbac_uid_t * i_id_p = NULL;
15136
15137 i_count = count + 20; /* max value to expect */
15138 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15139 if(!*id_pp)
15140 return -RSBAC_ENOMEM;
15141 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15142 user_handles.gen,
15143 (void **) &i_id_p);
15144 if(tmp_count > 0)
15145 {
15146 if(tmp_count > i_count)
15147 tmp_count = i_count;
15148 memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p));
15149 rsbac_vfree(i_id_p);
15150 count = tmp_count;
15151 i_count -= tmp_count;
15152 }
15153 else
15154 count = 0;
15155 #if defined(CONFIG_RSBAC_MAC)
15156 copy_new_uids(user_handles.mac, ta_number, &count, &i_count, *id_pp);
15157 #endif
15158 #if defined(CONFIG_RSBAC_PM)
15159 copy_new_uids(user_handles.pm, ta_number, &count, &i_count, *id_pp);
15160 #endif
15161 #if defined(CONFIG_RSBAC_DAZ)
15162 copy_new_uids(user_handles.daz, ta_number, &count, &i_count, *id_pp);
15163 #endif
15164 #if defined(CONFIG_RSBAC_FF)
15165 copy_new_uids(user_handles.ff, ta_number, &count, &i_count, *id_pp);
15166 #endif
15167 #if defined(CONFIG_RSBAC_RC)
15168 copy_new_uids(user_handles.rc, ta_number, &count, &i_count, *id_pp);
15169 #endif
15170 #if defined(CONFIG_RSBAC_AUTH)
15171 copy_new_uids(user_handles.auth, ta_number, &count, &i_count, *id_pp);
15172 #endif
15173 #if defined(CONFIG_RSBAC_CAP)
15174 copy_new_uids(user_handles.cap, ta_number, &count, &i_count, *id_pp);
15175 #endif
15176 #if defined(CONFIG_RSBAC_JAIL)
15177 copy_new_uids(user_handles.jail, ta_number, &count, &i_count, *id_pp);
15178 #endif
15179 #if defined(CONFIG_RSBAC_PAX)
15180 copy_new_uids(user_handles.pax, ta_number, &count, &i_count, *id_pp);
15181 #endif
15182 #if defined(CONFIG_RSBAC_RES)
15183 copy_new_uids(user_handles.res, ta_number, &count, &i_count, *id_pp);
15184 #endif
15185 if(!count)
15186 rsbac_vfree(*id_pp);
15187 }
15188 }
15189 return count;
15190 }
|
|
||||||||||||||||
|
Definition at line 14431 of file aci_data_structures.c. References D_char, rsbac_target_id_t::dev, dev_handles, device_list_head, gen_fd_hash(), gen_p_hash(), rsbac_target_id_t::group, rsbac_target_id_t::ipc, ipc_handles, lookup_device(), rsbac_target_id_t::netdev, rsbac_target_id_t::netobj, rsbac_target_id_t::nettemp, NULL, rsbac_target_id_t::process, process_handles, rsbac_acl_remove_acl(), rsbac_auth_remove_f_capsets(), rsbac_auth_remove_p_capsets(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_mac_remove_f_trusets(), rsbac_mac_remove_p_trusets(), rsbac_mount(), rsbac_printk(), rsbac_ta_list_remove(), rsbac_net_obj_desc_t::sock_p, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SYMLINK, T_USER, rsbac_dev_desc_t::type, rsbac_target_id_t::user, and user_handles. Referenced by rsbac_pm(), sys_rsbac_remove_target(), and sys_rsbac_remove_target_n(). 14435 {
14436 int error=0;
14437 struct rsbac_device_list_item_t * device_p;
14438 u_long dflags;
14439
14440 if (!rsbac_initialized)
14441 {
14442 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n");
14443 return(-RSBAC_ENOTINITIALIZED);
14444 }
14445 if (in_interrupt())
14446 {
14447 rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n");
14448 }
14449 switch (target)
14450 {
14451 case T_FILE:
14452 case T_DIR:
14453 case T_FIFO:
14454 case T_SYMLINK:
14455 /*
14456 #ifdef CONFIG_RSBAC_DEBUG
14457 if (rsbac_debug_ds)
14458 rsbac_printk(KERN_DEBUG "%s\n",
14459 "rsbac_remove_target(): Removing file/dir/fifo/symlink ACI");
14460 #endif
14461 */
14462 #if defined(CONFIG_RSBAC_MAC)
14463 /* file and dir items can also have mac_f_trusets -> remove first */
14464 if( (target == T_FILE)
14465 || (target == T_DIR)
14466 )
14467 error = rsbac_mac_remove_f_trusets(tid.file);
14468 #endif
14469 #if defined(CONFIG_RSBAC_AUTH)
14470 /* file and dir items can also have auth_f_capsets -> remove first */
14471 if( (target == T_FILE)
14472 || (target == T_DIR)
14473 )
14474 error = rsbac_auth_remove_f_capsets(tid.file);
14475 #endif
14476 #if defined(CONFIG_RSBAC_ACL)
14477 /* items can also have an acl_fd_item -> remove first */
14478 error = rsbac_acl_remove_acl(ta_number, target, tid);
14479 #endif
14480 /* wait for read access to device_list_head */
14481 rsbac_read_lock(&device_list_head.lock, &dflags);
14482 /* OK, go on */
14483
14484 /* lookup device */
14485 device_p = lookup_device(tid.file.device);
14486 if (!device_p)
14487 {
14488 struct super_block * sb_p;
14489
14490 rsbac_read_unlock(&device_list_head.lock, &dflags);
14491 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14492 sb_p = user_get_super(tid.file.device);
14493 #else
14494 sb_p = get_super(tid.file.device);
14495 #endif
14496 if(sb_p)
14497 {
14498 rsbac_printk(KERN_INFO
14499 "rsbac_remove_target(): auto-mounting device %02u:%02u\n",
14500 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14501 rsbac_mount(sb_p, NULL);
14502 /* free super_block pointer */
14503 drop_super(sb_p);
14504 rsbac_read_lock(&device_list_head.lock, &dflags);
14505 device_p = lookup_device(tid.file.device);
14506 if (!device_p)
14507 {
14508 rsbac_printk(KERN_WARNING
14509 "rsbac_remove_target(): unknown device %02u:%02u\n",
14510 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14511 rsbac_read_unlock(&device_list_head.lock, &dflags);
14512 return -RSBAC_EINVALIDDEV;
14513 }
14514 }
14515 else
14516 return -RSBAC_EINVALIDDEV;
14517 }
14518 rsbac_ta_list_remove(ta_number,
14519 device_p->handles.gen[gen_fd_hash(tid.file.inode)],
14520 &tid.file.inode);
14521 #if defined(CONFIG_RSBAC_MAC)
14522 rsbac_ta_list_remove(ta_number,
14523 device_p->handles.mac[mac_fd_hash(tid.file.inode)],
14524 &tid.file.inode);
14525 #endif
14526 #if defined(CONFIG_RSBAC_PM)
14527 rsbac_ta_list_remove(ta_number,
14528 device_p->handles.pm[pm_fd_hash(tid.file.inode)],
14529 &tid.file.inode);
14530 #endif
14531 #if defined(CONFIG_RSBAC_DAZ)
14532 rsbac_ta_list_remove(ta_number,
14533 device_p->handles.daz[daz_fd_hash(tid.file.inode)],
14534 &tid.file.inode);
14535 #if defined(CONFIG_RSBAC_DAZ_CACHE)
14536 rsbac_ta_list_remove(ta_number,
14537 device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)],
14538 &tid.file.inode);
14539 #endif
14540 #endif
14541 #if defined(CONFIG_RSBAC_FF)
14542 rsbac_ta_list_remove(ta_number,
14543 device_p->handles.ff[ff_fd_hash(tid.file.inode)],
14544 &tid.file.inode);
14545 #endif
14546 #if defined(CONFIG_RSBAC_RC)
14547 rsbac_ta_list_remove(ta_number,
14548 device_p->handles.rc[rc_fd_hash(tid.file.inode)],
14549 &tid.file.inode);
14550 #endif
14551 #if defined(CONFIG_RSBAC_AUTH)
14552 rsbac_ta_list_remove(ta_number,
14553 device_p->handles.auth[auth_fd_hash(tid.file.inode)],
14554 &tid.file.inode);
14555 #endif
14556 #if defined(CONFIG_RSBAC_CAP)
14557 rsbac_ta_list_remove(ta_number,
14558 device_p->handles.cap[cap_fd_hash(tid.file.inode)],
14559 &tid.file.inode);
14560 #endif
14561 #if defined(CONFIG_RSBAC_PAX)
14562 rsbac_ta_list_remove(ta_number,
14563 device_p->handles.pax[pax_fd_hash(tid.file.inode)],
14564 &tid.file.inode);
14565 #endif
14566 #if defined(CONFIG_RSBAC_RES)
14567 rsbac_ta_list_remove(ta_number,
14568 device_p->handles.res[res_fd_hash(tid.file.inode)],
14569 &tid.file.inode);
14570 #endif
14571
14572 /* free access to device_list_head */
14573 rsbac_read_unlock(&device_list_head.lock, &dflags);
14574 break;
14575
14576 case T_DEV:
14577 {
14578 if(tid.dev.type > D_char)
14579 return -RSBAC_EINVALIDTARGET;
14580 /*
14581 #ifdef CONFIG_RSBAC_DEBUG
14582 if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n",
14583 "rsbac_remove_target(): Removing dev ACI");
14584 #endif
14585 */
14586 rsbac_ta_list_remove(ta_number,
14587 dev_handles.gen,
14588 &tid.dev);
14589 #if defined(CONFIG_RSBAC_MAC)
14590 rsbac_ta_list_remove(ta_number,
14591 dev_handles.mac,
14592 &tid.dev);
14593 #endif
14594 #if defined(CONFIG_RSBAC_PM)
14595 rsbac_ta_list_remove(ta_number,
14596 dev_handles.pm,
14597 &tid.dev);
14598 #endif
14599 #if defined(CONFIG_RSBAC_RC)
14600 rsbac_ta_list_remove(ta_number,
14601 dev_handles.rc,
14602 &tid.dev);
14603 #endif
14604 }
14605 break;
14606
14607 case T_IPC:
14608 /*
14609 #ifdef CONFIG_RSBAC_DEBUG
14610 if (rsbac_debug_ds)
14611 rsbac_printk(KERN_DEBUG
14612 "rsbac_remove_target(): Removing ipc ACI\n");
14613 #endif
14614 */
14615 #if defined(CONFIG_RSBAC_MAC)
14616 rsbac_ta_list_remove(ta_number,
14617 ipc_handles.mac,
14618 &tid.ipc);
14619 #endif
14620 #if defined(CONFIG_RSBAC_PM)
14621 rsbac_ta_list_remove(ta_number,
14622 ipc_handles.pm,
14623 &tid.ipc);
14624 #endif
14625 #if defined(CONFIG_RSBAC_RC)
14626 rsbac_ta_list_remove(ta_number,
14627 ipc_handles.rc,
14628 &tid.ipc);
14629 #endif
14630 #if defined(CONFIG_RSBAC_JAIL)
14631 rsbac_ta_list_remove(ta_number,
14632 ipc_handles.jail,
14633 &tid.ipc);
14634 #endif
14635 break;
14636
14637 case T_USER:
14638 /*
14639 #ifdef CONFIG_RSBAC_DEBUG
14640 if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n",
14641 "rsbac_remove_target(): Removing user ACI");
14642 #endif
14643 */
14644 rsbac_ta_list_remove(ta_number,
14645 user_handles.gen,
14646 &tid.user);
14647 #if defined(CONFIG_RSBAC_MAC)
14648 rsbac_ta_list_remove(ta_number,
14649 user_handles.mac,
14650 &tid.user);
14651 #endif
14652 #if defined(CONFIG_RSBAC_PM)
14653 rsbac_ta_list_remove(ta_number,
14654 user_handles.pm,
14655 &tid.user);
14656 #endif
14657 #if defined(CONFIG_RSBAC_DAZ)
14658 rsbac_ta_list_remove(ta_number,
14659 user_handles.daz,
14660 &tid.user);
14661 #endif
14662 #if defined(CONFIG_RSBAC_FF)
14663 rsbac_ta_list_remove(ta_number,
14664 user_handles.ff,
14665 &tid.user);
14666 #endif
14667 #if defined(CONFIG_RSBAC_RC)
14668 rsbac_ta_list_remove(ta_number,
14669 user_handles.rc,
14670 &tid.user);
14671 #endif
14672 #if defined(CONFIG_RSBAC_AUTH)
14673 rsbac_ta_list_remove(ta_number,
14674 user_handles.auth,
14675 &tid.user);
14676 #endif
14677 #if defined(CONFIG_RSBAC_CAP)
14678 rsbac_ta_list_remove(ta_number,
14679 user_handles.cap,
14680 &tid.user);
14681 #endif
14682 #if defined(CONFIG_RSBAC_JAIL)
14683 rsbac_ta_list_remove(ta_number,
14684 user_handles.jail,
14685 &tid.user);
14686 #endif
14687 #if defined(CONFIG_RSBAC_PAX)
14688 rsbac_ta_list_remove(ta_number,
14689 user_handles.pax,
14690 &tid.user);
14691 #endif
14692 #if defined(CONFIG_RSBAC_RES)
14693 rsbac_ta_list_remove(ta_number,
14694 user_handles.res,
14695 &tid.user);
14696 #endif
14697 break;
14698
14699 case T_PROCESS:
14700 /* too noisy... kicked out.
14701 #ifdef CONFIG_RSBAC_DEBUG
14702 if (rsbac_debug_ds)
14703 rsbac_printk(KERN_DEBUG
14704 "rsbac_remove_target(): Removing process ACI\n");
14705 #endif
14706 */
14707 #if defined(CONFIG_RSBAC_ACL)
14708 /* process items can also have an acl_p_item -> remove first */
14709 error = rsbac_acl_remove_acl(ta_number, target, tid);
14710 #endif
14711 rsbac_ta_list_remove(ta_number,
14712 process_handles.gen[gen_p_hash(tid.process)],
14713 &tid.process);
14714 #if defined(CONFIG_RSBAC_MAC)
14715 /* process items can also have mac_p_trusets -> remove first */
14716 error = rsbac_mac_remove_p_trusets(tid.process);
14717 rsbac_ta_list_remove(ta_number,
14718 process_handles.mac[mac_p_hash(tid.process)],
14719 &tid.process);
14720 #endif
14721 #if defined(CONFIG_RSBAC_PM)
14722 rsbac_ta_list_remove(ta_number,
14723 process_handles.pm,
14724 &tid.process);
14725 #endif
14726 #if defined(CONFIG_RSBAC_DAZ)
14727 rsbac_ta_list_remove(ta_number,
14728 process_handles.daz,
14729 &tid.process);
14730 #endif
14731 #if defined(CONFIG_RSBAC_RC)
14732 rsbac_ta_list_remove(ta_number,
14733 process_handles.rc[rc_p_hash(tid.process)],
14734 &tid.process);
14735 #endif
14736 #if defined(CONFIG_RSBAC_AUTH)
14737 /* process items can also have auth_p_capsets -> remove first */
14738 error = rsbac_auth_remove_p_capsets(tid.process);
14739 rsbac_ta_list_remove(ta_number,
14740 process_handles.auth,
14741 &tid.process);
14742 #endif
14743 #if defined(CONFIG_RSBAC_CAP)
14744 rsbac_ta_list_remove(ta_number,
14745 process_handles.cap,
14746 &tid.process);
14747 #endif
14748 #if defined(CONFIG_RSBAC_JAIL)
14749 rsbac_ta_list_remove(ta_number,
14750 process_handles.jail[jail_p_hash(tid.process)],
14751 &tid.process);
14752 #endif
14753 break;
14754
14755 #ifdef CONFIG_RSBAC_UM
14756 case T_GROUP:
14757 /*
14758 #ifdef CONFIG_RSBAC_DEBUG
14759 if (rsbac_debug_ds)
14760 rsbac_printk(KERN_DEBUG
14761 "rsbac_remove_target(): Removing group ACI\n");
14762 #endif
14763 */
14764 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14765 rsbac_ta_list_remove(ta_number,
14766 group_handles.rc,
14767 &tid.group);
14768 #endif
14769 break;
14770 #endif /* CONFIG_RSBAC_UM */
14771
14772 #ifdef CONFIG_RSBAC_NET_DEV
14773 case T_NETDEV:
14774 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14775 rsbac_ta_list_remove(ta_number,
14776 netdev_handles.gen,
14777 &tid.netdev);
14778 #endif
14779 #if defined(CONFIG_RSBAC_RC)
14780 rsbac_ta_list_remove(ta_number,
14781 netdev_handles.rc,
14782 &tid.netdev);
14783 #endif
14784 break;
14785 #endif
14786
14787 #ifdef CONFIG_RSBAC_NET_OBJ
14788 case T_NETTEMP:
14789 /* too noisy... kicked out.
14790 #ifdef CONFIG_RSBAC_DEBUG
14791 if (rsbac_debug_ds)
14792 rsbac_printk(KERN_DEBUG
14793 "rsbac_remove_target(): Removing nettemp ACI\n");
14794 #endif
14795 */
14796 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14797 rsbac_ta_list_remove(ta_number,
14798 nettemp_handles.gen,
14799 &tid.nettemp);
14800 #endif
14801 #if defined(CONFIG_RSBAC_MAC)
14802 rsbac_ta_list_remove(ta_number,
14803 nettemp_handles.mac,
14804 &tid.nettemp);
14805 #endif
14806 #if defined(CONFIG_RSBAC_PM)
14807 rsbac_ta_list_remove(ta_number,
14808 nettemp_handles.pm,
14809 &tid.nettemp);
14810 #endif
14811 #if defined(CONFIG_RSBAC_RC)
14812 rsbac_ta_list_remove(ta_number,
14813 nettemp_handles.rc,
14814 &tid.nettemp);
14815 #endif
14816 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
14817 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid);
14818 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid);
14819 #endif
14820 break;
14821
14822 case T_NETOBJ:
14823 /* too noisy... kicked out.
14824 #ifdef CONFIG_RSBAC_DEBUG
14825 if (rsbac_debug_ds)
14826 rsbac_printk(KERN_DEBUG
14827 "rsbac_remove_target(): Removing netobj ACI\n");
14828 #endif
14829 */
14830 #if defined(CONFIG_RSBAC_MAC)
14831 rsbac_ta_list_remove(ta_number,
14832 lnetobj_handles.mac,
14833 &tid.netobj.sock_p);
14834 rsbac_ta_list_remove(ta_number,
14835 rnetobj_handles.mac,
14836 &tid.netobj.sock_p);
14837 #endif
14838 #if defined(CONFIG_RSBAC_PM)
14839 rsbac_ta_list_remove(ta_number,
14840 lnetobj_handles.pm,
14841 &tid.netobj.sock_p);
14842 rsbac_ta_list_remove(ta_number,
14843 rnetobj_handles.pm,
14844 &tid.netobj.sock_p);
14845 #endif
14846 #if defined(CONFIG_RSBAC_RC)
14847 rsbac_ta_list_remove(ta_number,
14848 lnetobj_handles.rc,
14849 &tid.netobj.sock_p);
14850 rsbac_ta_list_remove(ta_number,
14851 rnetobj_handles.rc,
14852 &tid.netobj.sock_p);
14853 #endif
14854 break;
14855
14856 #endif /* NET_OBJ */
14857
14858 default:
14859 return(-RSBAC_EINVALIDTARGET);
14860 }
14861 #ifdef CONFIG_RSBAC_XSTATS
14862 remove_count[target]++;
14863 #endif
14864 return(error);
14865 } /* end of rsbac_remove_target() */
|
|
||||||||||||||||||||||||||||
|
Definition at line 14348 of file aci_data_structures.c. References rsbac_target_id_t::dev, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), set_attr_dev(), set_attr_fd(), set_attr_ipc(), set_attr_process(), set_attr_user(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, and T_USER. Referenced by rsbac_pm(), sys_rsbac_set_attr(), and sys_rsbac_set_attr_n(). 14355 {
14356 int err = 0;
14357 /*
14358 #ifdef CONFIG_RSBAC_DEBUG
14359 char tmp[RSBAC_MAXNAMELEN];
14360 #endif
14361 */
14362 if (!rsbac_initialized)
14363 {
14364 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n");
14365 return(-RSBAC_ENOTINITIALIZED);
14366 }
14367 if (in_interrupt())
14368 {
14369 rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n");
14370 }
14371 switch (target)
14372 {
14373 case T_FILE:
14374 case T_DIR:
14375 case T_FIFO:
14376 case T_SYMLINK:
14377 err = set_attr_fd(ta_number, module, target, &tid, attr, &value);
14378 break;
14379
14380 case T_DEV:
14381 err = set_attr_dev(ta_number, module, target, tid.dev, attr, &value);
14382 break;
14383
14384 case T_IPC:
14385 err = set_attr_ipc(ta_number, module, target, &tid, attr, &value);
14386 break;
14387
14388 case T_USER:
14389 err = set_attr_user(ta_number, module, target, &tid, attr, &value);
14390 break;
14391
14392 case T_PROCESS:
14393 err = set_attr_process(ta_number, module, target, &tid, attr, &value);
14394 break;
14395
14396 #ifdef CONFIG_RSBAC_UM
14397 case T_GROUP:
14398 err = set_attr_group(ta_number, module, target, &tid, attr, &value);
14399 break;
14400 #endif /* CONFIG_RSBAC_UM */
14401
14402 #ifdef CONFIG_RSBAC_NET_DEV
14403 case T_NETDEV:
14404 err = set_attr_netdev(ta_number, module, target, &tid, attr, &value);
14405 break;
14406 #endif
14407
14408 #ifdef CONFIG_RSBAC_NET_OBJ
14409 case T_NETTEMP:
14410 err = set_attr_nettemp(ta_number, module, target, &tid, attr, &value);
14411 break;
14412
14413 case T_NETOBJ:
14414 err = set_attr_netobj(ta_number, module, target, &tid, attr, &value);
14415 break;
14416 #endif /* NET_OBJ */
14417
14418 /* switch(target): no valid target */
14419 default:
14420 return(-RSBAC_EINVALIDTARGET);
14421 }
14422 #ifdef CONFIG_RSBAC_XSTATS
14423 if(!err)
14424 set_attr_count[target]++;
14425 #endif
14426 return(err);
14427 } /* end of rsbac_set_attr() */
|
|
||||||||||||
|
Definition at line 8559 of file aci_data_structures.c. References device_list_head, lookup_device(), NULL, remove_device_item(), rsbac_debug_no_write, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_umount(), rsbac_printk(), rsbac_umount_acl(), rsbac_umount_auth(), rsbac_umount_mac(), rsbac_umount_reg(), rsbac_write(), rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE. Referenced by rsbac_aef_sb_umount(). 08560 {
08561 u_long flags;
08562 struct rsbac_device_list_item_t * device_p;
08563 kdev_t kdev;
08564
08565 if(!sb_p)
08566 {
08567 rsbac_printk(KERN_WARNING
08568 "rsbac_umount(): called with NULL pointer\n");
08569 return -RSBAC_EINVALIDPOINTER;
08570 }
08571 if (!rsbac_initialized)
08572 {
08573 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
08574
08575 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08576 if( (sb_p->s_magic == SYSFS_MAGIC)
08577 && !RSBAC_MAJOR(sb_p->s_dev)
08578 && sysfs_sb_p
08579 && sysfs_covered_p
08580 )
08581 {
08582 rsbac_printk(KERN_WARNING
08583 "rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
08584 sysfs_sb_p = NULL;
08585 sysfs_covered_p = NULL;
08586 }
08587 #endif
08588 #ifdef CONFIG_DEVFS_MOUNT
08589 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
08590 && !RSBAC_MAJOR(sb_p->s_dev)
08591 && devfs_sb_p
08592 && devfs_covered_p
08593 )
08594 {
08595 rsbac_printk(KERN_WARNING
08596 "rsbac_umount(): devfs umount detected, removing auto-mount values\n");
08597 devfs_sb_p = NULL;
08598 devfs_covered_p = NULL;
08599 }
08600 #endif
08601
08602 return(-RSBAC_ENOTINITIALIZED);
08603 }
08604
08605 #ifdef CONFIG_RSBAC_DEBUG
08606 if (rsbac_debug_ds)
08607 {
08608 rsbac_printk(KERN_DEBUG "rsbac_umount(): umounting device %02u:%02u\n",
08609 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08610 }
08611 #endif
08612
08613 kdev = sb_p->s_dev;
08614
08615 /* sync attribute lists */
08616 #if defined(CONFIG_RSBAC_AUTO_WRITE)
08617 if(!rsbac_debug_no_write)
08618 {
08619 down(&rsbac_write_sem);
08620 /* recheck no_write with lock - might have been set in between */
08621 if(!rsbac_debug_no_write)
08622 {
08623 rsbac_write(TRUE);
08624 }
08625 up(&rsbac_write_sem);
08626 }
08627 #endif /* CONFIG_RSBAC_AUTO_WRITE */
08628 /* call other umount functions */
08629 /****** MAC *******/
08630 #if defined(CONFIG_RSBAC_MAC)
08631 rsbac_umount_mac(kdev);
08632 #endif
08633 /****** AUTH *******/
08634 #if defined(CONFIG_RSBAC_AUTH)
08635 rsbac_umount_auth(kdev);
08636 #endif
08637 /****** ACL *******/
08638 #if defined(CONFIG_RSBAC_ACL)
08639 rsbac_umount_acl(kdev);
08640 #endif
08641 /****** REG *******/
08642 #if defined(CONFIG_RSBAC_REG)
08643 rsbac_umount_reg(kdev);
08644 #endif /* REG */
08645
08646 /* wait for write access to device_list_head */
08647 rsbac_write_lock(&device_list_head.lock, &flags);
08648 /* OK, nobody else is working on it... */
08649 device_p = lookup_device(kdev);
08650 if(device_p)
08651 {
08652 if(device_p->mount_count == 1)
08653 {
08654 /* Generic lists */
08655 rsbac_list_umount(kdev);
08656 remove_device_item(kdev);
08657 }
08658 else
08659 {
08660 if(device_p->mount_count > 1)
08661 {
08662 device_p->mount_count--;
08663 if(device_p->d_covers == d_covers)
08664 {
08665 rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
08666 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
08667 device_p->d_covers = NULL;
08668 }
08669 }
08670 else
08671 {
08672 rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n",
08673 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
08674 }
08675 }
08676 }
08677 /* allow access */
08678 rsbac_write_unlock(&device_list_head.lock, &flags);
08679
08680 return(0);
08681 }
|
1.4.2