#include <linux/types.h>#include <linux/version.h>#include <linux/fs.h>#include <linux/sched.h>#include <linux/quotaops.h>#include <linux/proc_fs.h>#include <linux/msdos_fs.h>#include <linux/iso_fs.h>#include <linux/nfs_fs.h>#include <linux/ext2_fs.h>#include <linux/coda.h>#include <linux/initrd.h>#include <linux/security.h>#include <linux/syscalls.h>#include <linux/coda_psdev.h>#include <linux/ncp_fs.h>#include <linux/smb.h>#include <linux/dnotify.h>#include <linux/mm.h>#include <linux/blkdev.h>#include <linux/init.h>#include <linux/config.h>#include <linux/module.h>#include <linux/netdevice.h>#include <linux/inetdevice.h>#include <asm/uaccess.h>#include <asm/atomic.h>#include <rsbac/types.h>#include <rsbac/aci.h>#include <rsbac/aci_data_structures.h>#include <rsbac/error.h>#include <rsbac/helpers.h>#include <rsbac/fs.h>#include <rsbac/getname.h>#include <rsbac/net_getname.h>#include <rsbac/adf.h>#include <rsbac/adf_main.h>#include <rsbac/reg.h>#include <rsbac/rkmem.h>#include <rsbac/gen_lists.h>#include <linux/string.h>#include <linux/kdev_t.h>#include <linux/smp_lock.h>Go to the source code of this file.
Defines | |
| #define | check_parent(dir, dentry) ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket)) |
Functions | |
| DECLARE_MUTEX (rsbac_write_sem) | |
| static struct rsbac_device_list_item_t * | lookup_device (kdev_t) |
| static int | gen_fd_hash (u_long inode) |
| static int | gen_p_hash (rsbac_pid_t pid) |
| rsbac_boolean_t | writable (struct super_block *sb_p) |
| static int | lookup_aci_path_dentry (struct super_block *sb_p, struct dentry **dir_dentry_pp, rsbac_boolean_t create_dir, kdev_t kdev) |
| static int | dev_compare (void *desc1, void *desc2) |
| static int | dev_major_compare (void *desc1, void *desc2) |
| static int | ipc_compare (void *desc1, void *desc2) |
| static int | gen_fd_conv (void *old_desc, void *old_data, void *new_desc, void *new_data) |
| static int | gen_fd_old_conv (void *old_desc, void *old_data, void *new_desc, void *new_data) |
| static int | gen_fd_old_old_conv (void *old_desc, void *old_data, void *new_desc, void *new_data) |
| rsbac_list_conv_function_t * | gen_fd_get_conv (rsbac_version_t old_version) |
| static int | gen_dev_conv (void *old_desc, void *old_data, void *new_desc, void *new_data) |
| rsbac_list_conv_function_t * | gen_dev_get_conv (rsbac_version_t old_version) |
| static int | register_fd_lists (struct rsbac_device_list_item_t *device_p, kdev_t kdev) |
| static int | aci_detach_fd_lists (struct rsbac_device_list_item_t *device_p) |
| static struct rsbac_device_list_item_t * | create_device_item (struct super_block *sb_p, struct dentry *d_covers) |
| static struct rsbac_device_list_item_t * | add_device_item (struct rsbac_device_list_item_t *device_p) |
| static void | clear_device_item (struct rsbac_device_list_item_t *item_p) |
| static void | remove_device_item (kdev_t kdev) |
| static int | rsbac_clear_file (struct dentry *dentry) |
| static void | wakeup_auto (u_long dummy) |
| super_block * | rsbac_get_super_block (kdev_t kdev) |
| int | rsbac_read_open (char *name, struct file *file_p, kdev_t kdev) |
| int | rsbac_write_open (char *name, struct file *file_p, kdev_t kdev) |
| void | rsbac_read_close (struct file *file_p) |
| void | rsbac_write_close (struct file *file_p) |
| int | rsbac_get_full_path (struct dentry *dentry_p, char path[], int maxlen) |
| int | rsbac_get_full_path_length (struct dentry *dentry_p) |
| static void __init | registration_error (int err, char *listname) |
| static int __init | register_dev_lists (void) |
| static int __init | register_ipc_lists (void) |
| static int __init | register_user_lists (void) |
| static int __init | register_process_lists (void) |
| static int __init | rsbac_do_init (void) |
| int | rsbac_kthreads_init (void) |
| int | rsbac_mark_kthread (rsbac_pid_t pid) |
| int __init | rsbac_init (kdev_t root_dev) |
| rsbac_boolean_t | rsbac_is_initialized (void) |
| int | rsbac_kthread_notify (rsbac_pid_t pid) |
| int | rsbac_mount (struct super_block *sb_p, struct dentry *d_covers) |
| int | rsbac_umount (struct super_block *sb_p, struct dentry *d_covers) |
| int | rsbac_free_dat_dentries (void) |
| int | rsbac_stats (void) |
| int | rsbac_check_inode (struct super_block *sb_p, rsbac_inode_nr_t inode) |
| int | rsbac_get_parent (enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_target_t *parent_target_p, union rsbac_target_id_t *parent_tid_p) |
| static int | get_attr_fd (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
| static int | get_attr_dev (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, struct rsbac_dev_desc_t dev, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
| static int | get_attr_ipc (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
| static int | get_attr_user (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
| static int | get_attr_process (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
| int | rsbac_ta_get_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, rsbac_boolean_t inherit) |
| static int | set_attr_fd (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p) |
| static int | set_attr_dev (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, struct rsbac_dev_desc_t dev, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p) |
| static int | set_attr_ipc (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p) |
| static int | set_attr_user (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p) |
| static int | set_attr_process (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid_p, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value_p) |
| int | rsbac_ta_set_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value) |
| int | rsbac_ta_remove_target (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t tid) |
| int | rsbac_ta_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t **id_pp) |
| static int | copy_new_uids (rsbac_list_handle_t list, rsbac_list_ta_number_t ta_number, int *count_p, int *i_count_p, rsbac_uid_t *res_id_p) |
| int | rsbac_ta_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t **id_pp) |
| int | rsbac_ta_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t **id_pp) |
Variables | |
| static rsbac_boolean_t | rsbac_initialized = FALSE |
| static char | compiled_modules [80] |
| kdev_t | rsbac_root_dev |
| static struct rsbac_device_list_head_t | device_list_head |
| static struct rsbac_dev_handles_t | dev_handles |
| static struct rsbac_dev_handles_t | dev_major_handles |
| static struct rsbac_ipc_handles_t | ipc_handles |
| static struct rsbac_user_handles_t | user_handles |
| static struct rsbac_process_handles_t | process_handles |
| static struct rsbac_gen_fd_aci_t | def_gen_root_dir_aci = DEFAULT_GEN_ROOT_DIR_ACI |
| static struct rsbac_gen_fd_aci_t | def_gen_fd_aci = DEFAULT_GEN_FD_ACI |
| static struct dentry * | sysfs_covered_p = NULL |
| static struct super_block * | sysfs_sb_p = NULL |
| rsbac_kthread_t * | rsbac_kthread |
| int | rsbac_kthread_size_t |
|
|
Definition at line 2272 of file aci_data_structures.c. Referenced by rsbac_write_open(), and xp_id_compare(). |
|
|
Definition at line 1632 of file aci_data_structures.c. References get_error_name(), RSBAC_EINVALIDPOINTER, RSBAC_GEN_FD_ACI_KEY, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_detach(), RSBAC_MAXNAMELEN, and rsbac_printk(). Referenced by remove_device_item(). 01633 {
01634 int err = 0;
01635 int tmperr;
01636 u_int file_no;
01637
01638 if(!device_p)
01639 return(-RSBAC_EINVALIDPOINTER);
01640
01641 /* detach all general lists */
01642 for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++)
01643 {
01644 tmperr = rsbac_list_detach(&device_p->handles.gen[file_no],
01645 RSBAC_GEN_FD_ACI_KEY);
01646 if(tmperr)
01647 {
01648 char * tmp;
01649
01650 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01651 if(tmp)
01652 {
01653 rsbac_printk(KERN_WARNING
01654 "detach_fd_lists(): detaching from general list %u for device %02u:%02u failed with error %s!\n",
01655 file_no,
01656 RSBAC_MAJOR(device_p->id),
01657 RSBAC_MINOR(device_p->id),
01658 get_error_name(tmp, tmperr));
01659 rsbac_kfree(tmp);
01660 }
01661 err = tmperr;
01662 }
01663 }
01664
01665 #if defined(CONFIG_RSBAC_MAC)
01666 /* detach all MAC lists */
01667 for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++)
01668 {
01669 tmperr = rsbac_list_detach(&device_p->handles.mac[file_no],
01670 RSBAC_MAC_FD_ACI_KEY);
01671 if(tmperr)
01672 {
01673 char * tmp;
01674
01675 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01676 if(tmp)
01677 {
01678 rsbac_printk(KERN_WARNING
01679 "detach_fd_lists(): detaching from MAC list %u for device %02u:%02u failed with error %s!\n",
01680 file_no,
01681 RSBAC_MAJOR(device_p->id),
01682 RSBAC_MINOR(device_p->id),
01683 get_error_name(tmp, tmperr));
01684 rsbac_kfree(tmp);
01685 }
01686 err = tmperr;
01687 }
01688 }
01689 #endif
01690
01691 #if defined(CONFIG_RSBAC_PM)
01692 /* detach all PM lists */
01693 for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++)
01694 {
01695 tmperr = rsbac_list_detach(&device_p->handles.pm[file_no],
01696 RSBAC_PM_FD_ACI_KEY);
01697 if(tmperr)
01698 {
01699 char * tmp;
01700
01701 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01702 if(tmp)
01703 {
01704 rsbac_printk(KERN_WARNING
01705 "detach_fd_lists(): detaching from PM list %u for device %02u:%02u failed with error %s!\n",
01706 file_no,
01707 RSBAC_MAJOR(device_p->id),
01708 RSBAC_MINOR(device_p->id),
01709 get_error_name(tmp, tmperr));
01710 rsbac_kfree(tmp);
01711 }
01712 err = tmperr;
01713 }
01714 }
01715 #endif
01716
01717 #if defined(CONFIG_RSBAC_DAZ)
01718 /* detach all DAZ lists */
01719 for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++)
01720 {
01721 tmperr = rsbac_list_detach(&device_p->handles.daz[file_no],
01722 RSBAC_DAZ_FD_ACI_KEY);
01723 if(tmperr)
01724 {
01725 char * tmp;
01726
01727 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01728 if(tmp)
01729 {
01730 rsbac_printk(KERN_WARNING
01731 "detach_fd_lists(): detaching from DAZ list %u for device %02u:%02u failed with error %s!\n",
01732 file_no,
01733 RSBAC_MAJOR(device_p->id),
01734 RSBAC_MINOR(device_p->id),
01735 get_error_name(tmp, tmperr));
01736 rsbac_kfree(tmp);
01737 }
01738 err = tmperr;
01739 }
01740 }
01741 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01742 /* detach all DAZ scanned lists */
01743 for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++)
01744 {
01745 tmperr = rsbac_list_detach(&device_p->handles.dazs[file_no],
01746 RSBAC_DAZ_FD_ACI_KEY);
01747 if(tmperr)
01748 {
01749 char * tmp;
01750
01751 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01752 if(tmp)
01753 {
01754 rsbac_printk(KERN_WARNING
01755 "detach_fd_lists(): detaching from DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
01756 file_no,
01757 RSBAC_MAJOR(device_p->id),
01758 RSBAC_MINOR(device_p->id),
01759 get_error_name(tmp, tmperr));
01760 rsbac_kfree(tmp);
01761 }
01762 err = tmperr;
01763 }
01764 }
01765 #endif
01766 #endif
01767
01768 #if defined(CONFIG_RSBAC_FF)
01769 /* detach all FF lists */
01770 for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++)
01771 {
01772 tmperr = rsbac_list_detach(&device_p->handles.ff[file_no],
01773 RSBAC_FF_FD_ACI_KEY);
01774 if(tmperr)
01775 {
01776 char * tmp;
01777
01778 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01779 if(tmp)
01780 {
01781 rsbac_printk(KERN_WARNING
01782 "detach_fd_lists(): detaching from FF list %u for device %02u:%02u failed with error %s!\n",
01783 file_no,
01784 RSBAC_MAJOR(device_p->id),
01785 RSBAC_MINOR(device_p->id),
01786 get_error_name(tmp, tmperr));
01787 rsbac_kfree(tmp);
01788 }
01789 err = tmperr;
01790 }
01791 }
01792 #endif
01793
01794 #if defined(CONFIG_RSBAC_RC)
01795 /* detach all RC lists */
01796 for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++)
01797 {
01798 tmperr = rsbac_list_detach(&device_p->handles.rc[file_no],
01799 RSBAC_RC_FD_ACI_KEY);
01800 if(tmperr)
01801 {
01802 char * tmp;
01803
01804 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01805 if(tmp)
01806 {
01807 rsbac_printk(KERN_WARNING
01808 "detach_fd_lists(): detaching from RC list %u for device %02u:%02u failed with error %s!\n",
01809 file_no,
01810 RSBAC_MAJOR(device_p->id),
01811 RSBAC_MINOR(device_p->id),
01812 get_error_name(tmp, tmperr));
01813 rsbac_kfree(tmp);
01814 }
01815 err = tmperr;
01816 }
01817 }
01818 #endif
01819
01820 #if defined(CONFIG_RSBAC_AUTH)
01821 /* detach all AUTH lists */
01822 for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++)
01823 {
01824 tmperr = rsbac_list_detach(&device_p->handles.auth[file_no],
01825 RSBAC_AUTH_FD_ACI_KEY);
01826 if(tmperr)
01827 {
01828 char * tmp;
01829
01830 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01831 if(tmp)
01832 {
01833 rsbac_printk(KERN_WARNING
01834 "detach_fd_lists(): detaching from AUTH list %u for device %02u:%02u failed with error %s!\n",
01835 file_no,
01836 RSBAC_MAJOR(device_p->id),
01837 RSBAC_MINOR(device_p->id),
01838 get_error_name(tmp, tmperr));
01839 rsbac_kfree(tmp);
01840 }
01841 err = tmperr;
01842 }
01843 }
01844 #endif
01845
01846 #if defined(CONFIG_RSBAC_CAP)
01847 /* detach all CAP lists */
01848 for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++)
01849 {
01850 tmperr = rsbac_list_detach(&device_p->handles.cap[file_no],
01851 RSBAC_CAP_FD_ACI_KEY);
01852 if(tmperr)
01853 {
01854 char * tmp;
01855
01856 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01857 if(tmp)
01858 {
01859 rsbac_printk(KERN_WARNING
01860 "detach_fd_lists(): detaching from CAP list %u for device %02u:%02u failed with error %s!\n",
01861 file_no,
01862 RSBAC_MAJOR(device_p->id),
01863 RSBAC_MINOR(device_p->id),
01864 get_error_name(tmp, tmperr));
01865 rsbac_kfree(tmp);
01866 }
01867 err = tmperr;
01868 }
01869 }
01870 #endif
01871
01872 #if defined(CONFIG_RSBAC_PAX)
01873 /* detach all PAX lists */
01874 for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++)
01875 {
01876 tmperr = rsbac_list_detach(&device_p->handles.pax[file_no],
01877 RSBAC_PAX_FD_ACI_KEY);
01878 if(tmperr)
01879 {
01880 char * tmp;
01881
01882 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01883 if(tmp)
01884 {
01885 rsbac_printk(KERN_WARNING
01886 "detach_fd_lists(): detaching from PAX list %u for device %02u:%02u failed with error %s!\n",
01887 file_no,
01888 RSBAC_MAJOR(device_p->id),
01889 RSBAC_MINOR(device_p->id),
01890 get_error_name(tmp, tmperr));
01891 rsbac_kfree(tmp);
01892 }
01893 err = tmperr;
01894 }
01895 }
01896 #endif
01897
01898 #if defined(CONFIG_RSBAC_RES)
01899 /* detach all RES lists */
01900 for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++)
01901 {
01902 tmperr = rsbac_list_detach(&device_p->handles.res[file_no],
01903 RSBAC_RES_FD_ACI_KEY);
01904 if(tmperr)
01905 {
01906 char * tmp;
01907
01908 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01909 if(tmp)
01910 {
01911 rsbac_printk(KERN_WARNING
01912 "detach_fd_lists(): detaching from RES list %u for device %02u:%02u failed with error %s!\n",
01913 file_no,
01914 RSBAC_MAJOR(device_p->id),
01915 RSBAC_MINOR(device_p->id),
01916 get_error_name(tmp, tmperr));
01917 rsbac_kfree(tmp);
01918 }
01919 err = tmperr;
01920 }
01921 }
01922 #endif
01923
01924 return err;
01925 }
|
|
|
Definition at line 1952 of file aci_data_structures.c. References device_list_head, and NULL. Referenced by rsbac_do_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac(). 01953 {
01954 if (!device_p)
01955 return(NULL);
01956
01957 /* add new device to device list */
01958 if (!device_list_head.head)
01959 { /* first device */
01960 device_list_head.head=device_p;
01961 device_list_head.tail=device_p;
01962 device_list_head.curr=device_p;
01963 device_list_head.count=1;
01964 device_p->prev=NULL;
01965 device_p->next=NULL;
01966 }
01967 else
01968 { /* there is another device -> hang to tail */
01969 device_p->prev=device_list_head.tail;
01970 device_p->next=NULL;
01971 device_list_head.tail->next=device_p;
01972 device_list_head.tail=device_p;
01973 device_list_head.curr=device_p;
01974 device_list_head.count++;
01975 }
01976 return(device_p);
01977 }
|
|
|
Definition at line 1986 of file aci_data_structures.c. References rsbac_kfree(). Referenced by remove_device_item(), rsbac_do_init(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac(). 01987 {
01988 if(!item_p)
01989 return;
01990
01991 /* dput() rsbac_dir_dentry_p, if set */
01992 if(item_p->rsbac_dir_dentry_p)
01993 dput(item_p->rsbac_dir_dentry_p);
01994 /* OK, lets remove the device item itself */
01995 rsbac_kfree(item_p);
01996 } /* end of clear_device_item() */
|
|
||||||||||||||||||||||||
|
Definition at line 15026 of file aci_data_structures.c. References FALSE, NULL, RSBAC_EINVALIDPOINTER, rsbac_ta_list_get_all_desc(), rsbac_vfree, and TRUE. Referenced by rsbac_ta_list_all_user(). 15031 {
15032 rsbac_uid_t * i_id_p = NULL;
15033 rsbac_boolean_t found;
15034 int tmp_count;
15035 int i;
15036 int j;
15037
15038 if(!list || !count_p || !i_count_p || !res_id_p)
15039 return -RSBAC_EINVALIDPOINTER;
15040 if(!*i_count_p)
15041 return 0;
15042 // rsbac_printk(KERN_DEBUG "copy_new_uids: list %p, ta_number %u, count %u, i_count %u, res_id_p %p, res_id_p[0] %u\n",
15043 // list, ta_number, *count_p, *i_count_p, res_id_p, res_id_p[0]);
15044 tmp_count = rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p);
15045 if(tmp_count > 0)
15046 {
15047 if(tmp_count > *i_count_p)
15048 tmp_count = *i_count_p;
15049 for(i=0; i < tmp_count; i++)
15050 {
15051 found = FALSE;
15052 for(j=0; j < *count_p; j++)
15053 {
15054 if(res_id_p[j] == i_id_p[i])
15055 {
15056 found = TRUE;
15057 break;
15058 }
15059 }
15060 if(found == FALSE)
15061 {
15062 res_id_p[*count_p] = i_id_p[i];
15063 (*count_p)++;
15064 (*i_count_p)--;
15065 }
15066 }
15067 rsbac_vfree(i_id_p);
15068 }
15069 return 0;
15070 }
|
|
||||||||||||
|
Definition at line 1930 of file aci_data_structures.c. References NULL, and rsbac_kmalloc(). Referenced by rsbac_do_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_mount(), rsbac_mount_acl(), rsbac_mount_auth(), and rsbac_mount_mac(). 01931 {
01932 struct rsbac_device_list_item_t * new_item_p;
01933
01934 if(!sb_p)
01935 return NULL;
01936 /* allocate memory for new device, return NULL, if failed */
01937 if ( !(new_item_p = (struct rsbac_device_list_item_t *)
01938 rsbac_kmalloc(sizeof(*new_item_p)) ) )
01939 return(NULL);
01940
01941 memset(new_item_p, 0, sizeof(*new_item_p));
01942 new_item_p->id = sb_p->s_dev;
01943 new_item_p->sb_p = sb_p;
01944 new_item_p->d_covers = d_covers;
01945 new_item_p->mount_count = 1;
01946 /* everything else is 0 by memset -> return */
01947 return(new_item_p);
01948 }
|
|
|
|
|
||||||||||||
|
Definition at line 620 of file aci_data_structures.c. References rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, and rsbac_dev_desc_t::type. Referenced by register_dev_lists(), and rsbac_init_acl(). 00621 {
00622 int result;
00623 struct rsbac_dev_desc_t * i_desc1 = desc1;
00624 struct rsbac_dev_desc_t * i_desc2 = desc2;
00625
00626 result = memcmp(&i_desc1->type,
00627 &i_desc2->type,
00628 sizeof(i_desc1->type));
00629 if(result)
00630 return result;
00631 result = memcmp(&i_desc1->major,
00632 &i_desc2->major,
00633 sizeof(i_desc1->major));
00634 if(result)
00635 return result;
00636 return memcmp(&i_desc1->minor,
00637 &i_desc2->minor,
00638 sizeof(i_desc1->minor));
00639 }
|
|
||||||||||||
|
Definition at line 641 of file aci_data_structures.c. References rsbac_dev_desc_t::major, and rsbac_dev_desc_t::type. Referenced by register_dev_lists(), and rsbac_init_acl(). 00642 {
00643 int result;
00644 struct rsbac_dev_desc_t * i_desc1 = desc1;
00645 struct rsbac_dev_desc_t * i_desc2 = desc2;
00646
00647 result = memcmp(&i_desc1->type,
00648 &i_desc2->type,
00649 sizeof(i_desc1->type));
00650 if(result)
00651 return result;
00652 return memcmp(&i_desc1->major,
00653 &i_desc2->major,
00654 sizeof(i_desc1->major));
00655 }
|
|
||||||||||||||||||||
|
Definition at line 772 of file aci_data_structures.c. Referenced by gen_dev_get_conv(). 00777 {
00778 struct rsbac_dev_desc_t * new = new_desc;
00779 struct rsbac_dev_t * old = old_desc;
00780
00781 memcpy(new_data, old_data, sizeof(struct rsbac_gen_dev_aci_t));
00782 new->type = old->type;
00783 new->major = RSBAC_MAJOR(old->id);
00784 new->minor = RSBAC_MINOR(old->id);
00785 return 0;
00786 }
|
|
|
Definition at line 788 of file aci_data_structures.c. References gen_dev_conv(), NULL, and RSBAC_GEN_DEV_OLD_ACI_VERSION. Referenced by register_dev_lists(). 00789 {
00790 switch(old_version)
00791 {
00792 case RSBAC_GEN_DEV_OLD_ACI_VERSION:
00793 return gen_dev_conv;
00794 default:
00795 return NULL;
00796 }
00797 }
|
|
||||||||||||||||||||
|
|
Definition at line 757 of file aci_data_structures.c. References gen_fd_conv(), gen_fd_old_conv(), gen_fd_old_old_conv(), NULL, RSBAC_GEN_FD_OLD_ACI_VERSION, RSBAC_GEN_FD_OLD_OLD_ACI_VERSION, and RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION. Referenced by register_fd_lists(). 00758 {
00759 switch(old_version)
00760 {
00761 case RSBAC_GEN_FD_OLD_ACI_VERSION:
00762 return gen_fd_conv;
00763 case RSBAC_GEN_FD_OLD_OLD_ACI_VERSION:
00764 return gen_fd_old_conv;
00765 case RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION:
00766 return gen_fd_old_old_conv;
00767 default:
00768 return NULL;
00769 }
00770 }
|
|
|
Definition at line 224 of file aci_data_structures.c. Referenced by get_attr_fd(), rsbac_ta_remove_target(), and set_attr_fd(). 00225 {
00226 return(inode % RSBAC_GEN_NR_FD_LISTS);
00227 }
|
|
||||||||||||||||||||
|
||||||||||||||||||||
|
|
Definition at line 228 of file aci_data_structures.c. Referenced by get_attr_process(), rsbac_ta_remove_target(), and set_attr_process(). 00229 {
00230 return(pid % CONFIG_RSBAC_GEN_NR_P_LISTS);
00231 }
|
|
||||||||||||||||||||||||||||||||
|
Definition at line 10590 of file aci_data_structures.c. References A_log_array_high, A_log_array_low, A_mac_categories, A_mac_check, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, D_block, D_block_major, D_char, D_char_major, DEFAULT_GEN_DEV_ACI, dev_handles, dev_major_handles, GEN, rsbac_gen_dev_aci_t::log_array_high, rsbac_attribute_value_t::log_array_high, rsbac_gen_dev_aci_t::log_array_low, rsbac_attribute_value_t::log_array_low, MAC, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_check, NULL, PM, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, RC, rsbac_attribute_value_t::rc_type, RC_type_inherit_parent, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_RC_GENERAL_TYPE, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, and rsbac_dev_desc_t::type. Referenced by rsbac_ta_get_attr(). 10598 {
10599 int err = 0;
10600 /*
10601 #ifdef CONFIG_RSBAC_DEBUG
10602 if (rsbac_debug_ds)
10603 rsbac_printk(KERN_DEBUG
10604 "rsbac_get_attr(): Getting dev attribute\n");
10605 #endif
10606 */
10607 switch(module)
10608 {
10609 case GEN:
10610 {
10611 struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI;
10612
10613 rsbac_ta_list_get_data_ttl(ta_number,
10614 dev_handles.gen,
10615 NULL,
10616 &dev,
10617 &aci);
10618 switch (attr)
10619 {
10620 case A_log_array_low:
10621 value->log_array_low = aci.log_array_low;
10622 break;
10623 case A_log_array_high:
10624 value->log_array_high = aci.log_array_high;
10625 break;
10626 default:
10627 err = -RSBAC_EINVALIDATTR;
10628 }
10629 }
10630 break;
10631
10632 #if defined(CONFIG_RSBAC_MAC)
10633 case MAC:
10634 {
10635 struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI;
10636
10637 rsbac_ta_list_get_data_ttl(ta_number,
10638 dev_handles.mac,
10639 NULL,
10640 &dev,
10641 &aci);
10642 switch (attr)
10643 {
10644 case A_security_level:
10645 value->security_level = aci.sec_level;
10646 break;
10647 case A_mac_categories:
10648 value->mac_categories = aci.mac_categories;
10649 break;
10650 case A_mac_check:
10651 value->mac_check = aci.mac_check;
10652 break;
10653
10654 default:
10655 err = -RSBAC_EINVALIDATTR;
10656 }
10657 }
10658 break;
10659 #endif /* MAC */
10660
10661 #if defined(CONFIG_RSBAC_PM)
10662 case PM:
10663 {
10664 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
10665
10666 rsbac_ta_list_get_data_ttl(ta_number,
10667 dev_handles.pm,
10668 NULL,
10669 &dev,
10670 &aci);
10671 switch (attr)
10672 {
10673 case A_pm_object_class:
10674 value->pm_object_class = aci.pm_object_class;
10675 break;
10676 case A_pm_object_type:
10677 value->pm_object_type = aci.pm_object_type;
10678 break;
10679 default:
10680 err = -RSBAC_EINVALIDATTR;
10681 }
10682 }
10683 break;
10684 #endif /* PM */
10685
10686 #if defined(CONFIG_RSBAC_RC)
10687 case RC:
10688 {
10689 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10690
10691 switch(dev.type)
10692 {
10693 case D_char:
10694 case D_block:
10695 if(rsbac_ta_list_get_data_ttl(ta_number,
10696 dev_handles.rc,
10697 NULL,
10698 &dev,
10699 &type)
10700 || ( (type == RC_type_inherit_parent)
10701 && inherit
10702 )
10703 )
10704 rsbac_ta_list_get_data_ttl(ta_number,
10705 dev_major_handles.rc,
10706 NULL,
10707 &dev,
10708 &type);
10709 break;
10710 case D_char_major:
10711 case D_block_major:
10712 dev.type -= (D_block_major - D_block);
10713 rsbac_ta_list_get_data_ttl(ta_number,
10714 dev_major_handles.rc,
10715 NULL,
10716 &dev,
10717 &type);
10718 break;
10719 default:
10720 return -RSBAC_EINVALIDTARGET;
10721 }
10722 switch (attr)
10723 {
10724 case A_rc_type:
10725 value->rc_type = type;
10726 break;
10727
10728 default:
10729 err = -RSBAC_EINVALIDATTR;
10730 }
10731 }
10732 break;
10733 #endif /* RC */
10734
10735 default:
10736 err = -RSBAC_EINVALIDMODULE;
10737 }
10738 /* and return */
10739 return err;
10740 }
|
|
||||||||||||||||||||||||||||||||
|
Definition at line 9995 of file aci_data_structures.c. References A_auid_exempt, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_daz_scanned, A_daz_scanner, A_fake_root_uid, A_ff_flags, A_linux_dac_disable, A_log_array_high, A_log_array_low, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_file_flags, A_mac_prop_trusted, A_max_caps, A_min_caps, A_pax_flags, A_pm_object_class, A_pm_object_type, A_pm_tp, A_rc_force_role, A_rc_initial_role, A_rc_type_fd, A_res_max, A_res_min, A_security_level, A_symlink_add_mac_level, A_symlink_add_rc_role, A_symlink_add_remote_ip, A_symlink_add_uid, rsbac_gen_fd_aci_t::auid_exempt, rsbac_attribute_value_t::auid_exempt, AUTH, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, CAP, DAZ, rsbac_attribute_value_t::daz_scanned, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_FD_ACI, device_list_head, rsbac_gen_fd_aci_t::fake_root_uid, rsbac_attribute_value_t::fake_root_uid, FALSE, FF, FF_add_inherited, rsbac_attribute_value_t::ff_flags, FF_no_delete_or_rename, GEN, gen_fd_hash(), LDD_inherit, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_attribute_value_t::linux_dac_disable, rsbac_gen_fd_aci_t::log_array_high, rsbac_attribute_value_t::log_array_high, rsbac_gen_fd_aci_t::log_array_low, rsbac_attribute_value_t::log_array_low, rsbac_gen_fd_aci_t::log_program_based, rsbac_attribute_value_t::log_program_based, lookup_device(), MA_inherit, MAC, rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_file_flags, rsbac_attribute_value_t::mac_prop_trusted, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, PAX, rsbac_attribute_value_t::pax_flags, PM, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::pm_tp, RC, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_initial_role, RC_role_inherit_parent, rsbac_attribute_value_t::rc_type_fd, RC_type_inherit_parent, RES, rsbac_attribute_value_t::res_array, RSBAC_EINVALIDATTR, RSBAC_EINVALIDDEV, RSBAC_EINVALIDMODULE, RSBAC_FF_DEF, rsbac_get_parent(), RSBAC_MAC_INHERIT_CAT_VECTOR, rsbac_mount(), RSBAC_PAX_DEF_FLAGS, rsbac_printk(), rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SL_inherit, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_attribute_value_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_attribute_value_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_attribute_value_t::symlink_add_remote_ip, rsbac_gen_fd_aci_t::symlink_add_uid, rsbac_attribute_value_t::symlink_add_uid, and TRUE. Referenced by rsbac_ta_get_attr(). 10003 {
10004 int err = 0;
10005 struct rsbac_device_list_item_t * device_p;
10006 u_long dflags;
10007 #if defined(CONFIG_RSBAC_FF)
10008 rsbac_ff_flags_t ff_flags = 0;
10009 rsbac_ff_flags_t ff_tmp_flags;
10010 rsbac_ff_flags_t ff_mask = -1;
10011 #endif
10012
10013 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
10014 if( !RSBAC_MAJOR(tid_p->file.device)
10015 && !RSBAC_MINOR(tid_p->file.device)
10016 )
10017 return -RSBAC_EINVALIDDEV;
10018 #endif
10019 /* use loop for inheritance - used to be recursive calls */
10020 for(;;)
10021 {
10022 /*
10023 #ifdef CONFIG_RSBAC_DEBUG
10024 if (rsbac_debug_ds)
10025 rsbac_printk(KERN_DEBUG "rsbac_get_attr(): Getting file/dir/fifo/symlink attribute %u for device %02u:%02u, inode %lu, dentry_p %p\n",
10026 attr, RSBAC_MAJOR(tid_p->file.device),RSBAC_MINOR(tid_p->file.device), (u_long) tid_p->file.inode, tid_p->file.dentry_p);
10027 #endif
10028 */
10029 /* wait for read access to device_list_head */
10030 rsbac_read_lock(&device_list_head.lock, &dflags);
10031 /* OK, go on */
10032 /*
10033 #ifdef CONFIG_RSBAC_DEBUG
10034 if (rsbac_debug_ds)
10035 rsbac_printk(KERN_DEBUG
10036 "rsbac_get_attr(): passed device read lock\n");
10037 #endif
10038 */
10039
10040 /* lookup device */
10041 device_p = lookup_device(tid_p->file.device);
10042 if (!device_p)
10043 {
10044 struct super_block * sb_p;
10045
10046 rsbac_read_unlock(&device_list_head.lock, &dflags);
10047 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
10048 sb_p = user_get_super(tid_p->file.device);
10049 #else
10050 sb_p = get_super(tid_p->file.device);
10051 #endif
10052 if(sb_p)
10053 {
10054 rsbac_printk(KERN_INFO
10055 "rsbac_get_attr(): auto-mounting device %02u:%02u\n",
10056 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
10057 rsbac_mount(sb_p, NULL);
10058 /* free super_block pointer */
10059 drop_super(sb_p);
10060 rsbac_read_lock(&device_list_head.lock, &dflags);
10061 device_p = lookup_device(tid_p->file.device);
10062 if (!device_p)
10063 {
10064 rsbac_printk(KERN_WARNING
10065 "rsbac_get_attr(): unknown device %02u:%02u\n",
10066 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
10067 rsbac_read_unlock(&device_list_head.lock, &dflags);
10068 return -RSBAC_EINVALIDDEV;
10069 }
10070 }
10071 else
10072 return -RSBAC_EINVALIDDEV;
10073 }
10074 switch(module)
10075 {
10076 case GEN:
10077 {
10078 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI;
10079
10080 if(attr == A_internal)
10081 {
10082 if(!device_p->rsbac_dir_inode || !tid_p->file.inode)
10083 value->internal = FALSE;
10084 else
10085 if(device_p->rsbac_dir_inode == tid_p->file.inode)
10086 value->internal = TRUE;
10087 else
10088 if(inherit)
10089 {
10090 enum rsbac_target_t parent_target;
10091 union rsbac_target_id_t parent_tid;
10092
10093 /* inheritance possible? */
10094 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10095 { /* yes: inherit this single level */
10096 if(device_p->rsbac_dir_inode == parent_tid.file.inode)
10097 value->internal = TRUE;
10098 else
10099 value->internal = FALSE;
10100 }
10101 else
10102 {
10103 value->internal = FALSE;
10104 }
10105 }
10106 else
10107 {
10108 value->internal = FALSE;
10109 }
10110
10111 /* free access to device_list_head */
10112 rsbac_read_unlock(&device_list_head.lock, &dflags);
10113 return 0;
10114 }
10115 rsbac_ta_list_get_data_ttl(ta_number,
10116 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
10117 NULL,
10118 &tid_p->file.inode,
10119 &aci);
10120 switch (attr)
10121 {
10122 case A_log_array_low:
10123 value->log_array_low = aci.log_array_low;
10124 break;
10125 case A_log_array_high:
10126 value->log_array_high = aci.log_array_high;
10127 break;
10128 case A_log_program_based:
10129 value->log_program_based = aci.log_program_based;
10130 break;
10131 case A_symlink_add_remote_ip:
10132 value->symlink_add_remote_ip = aci.symlink_add_remote_ip;
10133 break;
10134 case A_symlink_add_uid:
10135 value->symlink_add_uid = aci.symlink_add_uid;
10136 break;
10137 case A_symlink_add_mac_level:
10138 value->symlink_add_mac_level = aci.symlink_add_mac_level;
10139 break;
10140 case A_symlink_add_rc_role:
10141 value->symlink_add_rc_role = aci.symlink_add_rc_role;
10142 break;
10143 case A_linux_dac_disable:
10144 value->linux_dac_disable = aci.linux_dac_disable;
10145 if((value->linux_dac_disable == LDD_inherit) && inherit)
10146 {
10147 enum rsbac_target_t parent_target;
10148 union rsbac_target_id_t parent_tid;
10149
10150 /* free access to device_list_head - see above */
10151 rsbac_read_unlock(&device_list_head.lock, &dflags);
10152
10153 /* inheritance possible? */
10154 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10155 {
10156 target = parent_target;
10157 *tid_p = parent_tid;
10158 continue;
10159 }
10160 else
10161 {
10162 value->linux_dac_disable
10163 = def_gen_root_dir_aci.linux_dac_disable;
10164 return 0;
10165 }
10166 }
10167 break;
10168 case A_fake_root_uid:
10169 value->fake_root_uid = aci.fake_root_uid;
10170 break;
10171 case A_auid_exempt:
10172 value->auid_exempt = aci.auid_exempt;
10173 break;
10174 default:
10175 err = -RSBAC_EINVALIDATTR;
10176 }
10177 }
10178 break;
10179
10180 #if defined(CONFIG_RSBAC_MAC)
10181 case MAC:
10182 {
10183 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
10184
10185 rsbac_ta_list_get_data_ttl(ta_number,
10186 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
10187 NULL,
10188 &tid_p->file.inode,
10189 &aci);
10190 switch (attr)
10191 {
10192 case A_security_level:
10193 value->security_level = aci.sec_level;
10194 if((value->security_level == SL_inherit) && inherit)
10195 {
10196 enum rsbac_target_t parent_target;
10197 union rsbac_target_id_t parent_tid;
10198
10199 /* free access to device_list_head - see above */
10200 rsbac_read_unlock(&device_list_head.lock, &dflags);
10201
10202 /* inheritance possible? */
10203 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10204 {
10205 target = parent_target;
10206 *tid_p = parent_tid;
10207 continue;
10208 }
10209 else
10210 {
10211 value->security_level
10212 = def_mac_root_dir_aci.sec_level;
10213 return 0;
10214 }
10215 }
10216 break;
10217 case A_mac_categories:
10218 value->mac_categories = aci.mac_categories;
10219 if( (value->mac_categories == RSBAC_MAC_INHERIT_CAT_VECTOR)
10220 && inherit
10221 )
10222 {
10223 enum rsbac_target_t parent_target;
10224 union rsbac_target_id_t parent_tid;
10225
10226 /* free access to device_list_head - see above */
10227 rsbac_read_unlock(&device_list_head.lock, &dflags);
10228
10229 /* inheritance possible? */
10230 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10231 {
10232 target = parent_target;
10233 *tid_p = parent_tid;
10234 continue;
10235 }
10236 else
10237 {
10238 value->mac_categories
10239 = def_mac_root_dir_aci.mac_categories;
10240 return 0;
10241 }
10242 }
10243 break;
10244 case A_mac_auto:
10245 value->mac_auto = aci.mac_auto;
10246 if( (value->mac_auto == MA_inherit)
10247 && inherit
10248 )
10249 {
10250 enum rsbac_target_t parent_target;
10251 union rsbac_target_id_t parent_tid;
10252
10253 /* free access to device_list_head - see above */
10254 rsbac_read_unlock(&device_list_head.lock, &dflags);
10255
10256 /* inheritance possible? */
10257 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10258 {
10259 target = parent_target;
10260 *tid_p = parent_tid;
10261 continue;
10262 }
10263 else
10264 {
10265 value->mac_auto
10266 = def_mac_root_dir_aci.mac_auto;
10267 return 0;
10268 }
10269 }
10270 break;
10271 case A_mac_prop_trusted:
10272 value->mac_prop_trusted = aci.mac_prop_trusted;
10273 break;
10274 case A_mac_file_flags:
10275 value->mac_file_flags = aci.mac_file_flags;
10276 break;
10277
10278 default:
10279 err = -RSBAC_EINVALIDATTR;
10280 }
10281 }
10282 break;
10283 #endif /* MAC */
10284
10285 #if defined(CONFIG_RSBAC_PM)
10286 case PM:
10287 {
10288 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
10289
10290 rsbac_ta_list_get_data_ttl(ta_number,
10291 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
10292 NULL,
10293 &tid_p->file.inode,
10294 &aci);
10295 switch (attr)
10296 {
10297 case A_pm_object_class:
10298 value->pm_object_class = aci.pm_object_class;
10299 break;
10300 case A_pm_tp:
10301 value->pm_tp = aci.pm_tp;
10302 break;
10303 case A_pm_object_type:
10304 value->pm_object_type = aci.pm_object_type;
10305 break;
10306 default:
10307 err = -RSBAC_EINVALIDATTR;
10308 }
10309 }
10310 break;
10311 #endif /* PM */
10312
10313 #if defined(CONFIG_RSBAC_DAZ)
10314 case DAZ:
10315 {
10316 #if defined(CONFIG_RSBAC_DAZ_CACHE)
10317 if(attr == A_daz_scanned)
10318 {
10319 err = rsbac_ta_list_get_data_ttl(ta_number,
10320 device_p->handles.dazs[daz_scanned_fd_hash(tid_p->file.inode)],
10321 NULL,
10322 &tid_p->file.inode,
10323 &value->daz_scanned);
10324 }
10325 else
10326 #endif
10327 {
10328 struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI;
10329
10330 rsbac_ta_list_get_data_ttl(ta_number,
10331 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
10332 NULL,
10333 &tid_p->file.inode,
10334 &aci);
10335 switch (attr)
10336 {
10337 case A_daz_scanner:
10338 value->daz_scanner = aci.daz_scanner;
10339 break;
10340 default:
10341 err = -RSBAC_EINVALIDATTR;
10342 }
10343 }
10344 }
10345 break;
10346 #endif /* DAZ */
10347
10348 #if defined(CONFIG_RSBAC_FF)
10349 case FF:
10350 {
10351 switch (attr)
10352 {
10353 case A_ff_flags:
10354 ff_tmp_flags = RSBAC_FF_DEF;
10355 rsbac_ta_list_get_data_ttl(ta_number,
10356 device_p->handles.ff[ff_fd_hash(tid_p->file.inode)],
10357 NULL,
10358 &tid_p->file.inode,
10359 &ff_tmp_flags);
10360 ff_flags |= ff_tmp_flags & ff_mask;
10361 value->ff_flags = ff_flags;
10362 if((ff_tmp_flags & FF_add_inherited) && inherit)
10363 {
10364 /* inheritance possible? */
10365 if(!rsbac_get_parent(target, *tid_p, &target, tid_p))
10366 {
10367 /* free access to device_list_head - see above */
10368 rsbac_read_unlock(&device_list_head.lock, &dflags);
10369
10370 ff_mask &= ~(FF_no_delete_or_rename | FF_add_inherited);
10371 ff_flags &= ~(FF_add_inherited);
10372 continue;
10373 }
10374 else
10375 value->ff_flags &= ~(FF_add_inherited);
10376 }
10377 break;
10378
10379 default:
10380 err = -RSBAC_EINVALIDATTR;
10381 }
10382 }
10383 break;
10384 #endif /* FF */
10385
10386 #if defined(CONFIG_RSBAC_RC)
10387 case RC:
10388 {
10389 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
10390
10391 rsbac_ta_list_get_data_ttl(ta_number,
10392 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
10393 NULL,
10394 &tid_p->file.inode,
10395 &aci);
10396 switch (attr)
10397 {
10398 case A_rc_type_fd:
10399 value->rc_type_fd = aci.rc_type_fd;
10400 if(value->rc_type_fd == RC_type_inherit_parent && inherit)
10401 {
10402 enum rsbac_target_t parent_target;
10403 union rsbac_target_id_t parent_tid;
10404
10405 /* free access to device_list_head - see above */
10406 rsbac_read_unlock(&device_list_head.lock, &dflags);
10407
10408 /* inheritance possible? */
10409 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10410 {
10411 target = parent_target;
10412 *tid_p = parent_tid;
10413 continue;
10414 }
10415 else
10416 {
10417 value->rc_type_fd
10418 = def_rc_root_dir_aci.rc_type_fd;
10419 return 0;
10420 }
10421 }
10422 break;
10423 case A_rc_force_role:
10424 value->rc_force_role = aci.rc_force_role;
10425 if(value->rc_force_role == RC_role_inherit_parent && inherit)
10426 {
10427 enum rsbac_target_t parent_target;
10428 union rsbac_target_id_t parent_tid;
10429
10430 /* free access to device_list_head - see above */
10431 rsbac_read_unlock(&device_list_head.lock, &dflags);
10432
10433 /* inheritance possible? */
10434 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10435 {
10436 target = parent_target;
10437 *tid_p = parent_tid;
10438 continue;
10439 }
10440 else
10441 {
10442 value->rc_force_role
10443 = def_rc_root_dir_aci.rc_force_role;
10444 return 0;
10445 }
10446 }
10447 break;
10448 case A_rc_initial_role:
10449 value->rc_initial_role = aci.rc_initial_role;
10450 if(value->rc_initial_role == RC_role_inherit_parent && inherit)
10451 {
10452 enum rsbac_target_t parent_target;
10453 union rsbac_target_id_t parent_tid;
10454
10455 /* free access to device_list_head - see above */
10456 rsbac_read_unlock(&device_list_head.lock, &dflags);
10457
10458 /* inheritance possible? */
10459 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10460 {
10461 target = parent_target;
10462 *tid_p = parent_tid;
10463 continue;
10464 }
10465 else
10466 {
10467 value->rc_initial_role
10468 = def_rc_root_dir_aci.rc_initial_role;
10469 return 0;
10470 }
10471 }
10472 break;
10473
10474 default:
10475 err = -RSBAC_EINVALIDATTR;
10476 }
10477 }
10478 break;
10479 #endif /* RC */
10480
10481 #if defined(CONFIG_RSBAC_AUTH)
10482 case AUTH:
10483 {
10484 struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI;
10485
10486 rsbac_ta_list_get_data_ttl(ta_number,
10487 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
10488 NULL,
10489 &tid_p->file.inode,
10490 &aci);
10491 switch (attr)
10492 {
10493 case A_auth_may_setuid:
10494 value->auth_may_setuid = aci.auth_may_setuid;
10495 break;
10496 case A_auth_may_set_cap:
10497 value->auth_may_set_cap = aci.auth_may_set_cap;
10498 break;
10499 case A_auth_learn:
10500 value->auth_learn = aci.auth_learn;
10501 break;
10502 default:
10503 err = -RSBAC_EINVALIDATTR;
10504 }
10505 }
10506 break;
10507 #endif /* AUTH */
10508
10509 #if defined(CONFIG_RSBAC_CAP)
10510 case CAP:
10511 {
10512 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
10513
10514 rsbac_ta_list_get_data_ttl(ta_number,
10515 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
10516 NULL,
10517 &tid_p->file.inode,
10518 &aci);
10519 switch (attr)
10520 {
10521 case A_min_caps:
10522 value->min_caps = aci.min_caps;
10523 break;
10524 case A_max_caps:
10525 value->max_caps = aci.max_caps;
10526 break;
10527 default:
10528 err = -RSBAC_EINVALIDATTR;
10529 }
10530 }
10531 break;
10532 #endif /* CAP */
10533
10534 #if defined(CONFIG_RSBAC_RES)
10535 case RES:
10536 {
10537 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
10538
10539 rsbac_ta_list_get_data_ttl(ta_number,
10540 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
10541 NULL,
10542 &tid_p->file.inode,
10543 &aci);
10544 switch (attr)
10545 {
10546 case A_res_min:
10547 memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min));
10548 break;
10549 case A_res_max:
10550 memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max));
10551 break;
10552 default:
10553 err = -RSBAC_EINVALIDATTR;
10554 }
10555 }
10556 break;
10557 #endif /* RES */
10558
10559 #if defined(CONFIG_RSBAC_PAX)
10560 case PAX:
10561 {
10562 switch (attr)
10563 {
10564 case A_pax_flags:
10565 value->pax_flags = RSBAC_PAX_DEF_FLAGS;
10566 rsbac_ta_list_get_data_ttl(ta_number,
10567 device_p->handles.pax[pax_fd_hash(tid_p->file.inode)],
10568 NULL,
10569 &tid_p->file.inode,
10570 &value->pax_flags);
10571 break;
10572
10573 default:
10574 err = -RSBAC_EINVALIDATTR;
10575 }
10576 }
10577 break;
10578 #endif /* PAX */
10579
10580 default:
10581 err = -RSBAC_EINVALIDMODULE;
10582 }
10583 /* free access to device_list_head */
10584 rsbac_read_unlock(&device_list_head.lock, &dflags);
10585 /* and return */
10586 return err;
10587 } /* end of for(;;) loop for inheritance */
10588 }
|
|
||||||||||||||||||||||||||||||||
|
Definition at line 10742 of file aci_data_structures.c. References A_jail_id, A_mac_categories, A_pm_ipc_purpose, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, rsbac_target_id_t::ipc, ipc_handles, JAIL, rsbac_attribute_value_t::jail_id, MAC, rsbac_attribute_value_t::mac_categories, NULL, PM, rsbac_attribute_value_t::pm_ipc_purpose, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, RC, rsbac_attribute_value_t::rc_type, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_JAIL_DEF_ID, RSBAC_RC_GENERAL_TYPE, rsbac_ta_list_get_data_ttl(), and rsbac_attribute_value_t::security_level. Referenced by rsbac_ta_get_attr(). 10750 {
10751 int err = 0;
10752
10753 /*
10754 #ifdef CONFIG_RSBAC_DEBUG
10755 if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG
10756 "rsbac_get_attr(): Getting ipc attribute\n");
10757 #endif
10758 */
10759 /* lookup only, if not sock or (sock-id != NULL), OK with NULL fifo */
10760 switch(module)
10761 {
10762 #if defined(CONFIG_RSBAC_MAC)
10763 case MAC:
10764 {
10765 struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI;
10766
10767 rsbac_ta_list_get_data_ttl(ta_number,
10768 ipc_handles.mac,
10769 NULL,
10770 &tid_p->ipc,
10771 &aci);
10772 switch (attr)
10773 {
10774 case A_security_level:
10775 value->security_level = aci.sec_level;
10776 break;
10777 case A_mac_categories:
10778 value->mac_categories = aci.mac_categories;
10779 break;
10780
10781 default:
10782 err = -RSBAC_EINVALIDATTR;
10783 }
10784 }
10785 break;
10786 #endif /* MAC */
10787
10788 #if defined(CONFIG_RSBAC_PM)
10789 case PM:
10790 {
10791 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
10792
10793 rsbac_ta_list_get_data_ttl(ta_number,
10794 ipc_handles.pm,
10795 NULL,
10796 &tid_p->ipc,
10797 &aci);
10798 switch (attr)
10799 {
10800 case A_pm_object_class:
10801 value->pm_object_class = aci.pm_object_class;
10802 break;
10803 case A_pm_ipc_purpose:
10804 value->pm_ipc_purpose = aci.pm_ipc_purpose;
10805 break;
10806 case A_pm_object_type:
10807 value->pm_object_type = aci.pm_object_type;
10808 break;
10809 default:
10810 err = -RSBAC_EINVALIDATTR;
10811 }
10812 }
10813 break;
10814 #endif /* PM */
10815
10816 #if defined(CONFIG_RSBAC_RC)
10817 case RC:
10818 {
10819 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10820
10821 rsbac_ta_list_get_data_ttl(ta_number,
10822 ipc_handles.rc,
10823 NULL,
10824 &tid_p->ipc,
10825 &type);
10826 switch (attr)
10827 {
10828 case A_rc_type:
10829 value->rc_type = type;
10830 break;
10831
10832 default:
10833 err = -RSBAC_EINVALIDATTR;
10834 }
10835 }
10836 break;
10837 #endif /* RC */
10838
10839 #if defined(CONFIG_RSBAC_JAIL)
10840 case JAIL:
10841 {
10842 rsbac_jail_id_t id = RSBAC_JAIL_DEF_ID;
10843
10844 rsbac_ta_list_get_data_ttl(ta_number,
10845 ipc_handles.jail,
10846 NULL,
10847 &tid_p->ipc,
10848 &id);
10849 switch (attr)
10850 {
10851 case A_jail_id:
10852 value->jail_id = id;
10853 break;
10854
10855 default:
10856 err = -RSBAC_EINVALIDATTR;
10857 }
10858 }
10859 break;
10860 #endif /* JAIL */
10861
10862 default:
10863 err = -RSBAC_EINVALIDMODULE;
10864 }
10865 /* and return */
10866 return err;
10867 }
|
|
||||||||||||||||||||||||||||||||
|
Definition at line 11201 of file aci_data_structures.c. References A_audit_uid, A_auid_exempt, A_auth_last_auth, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_process_hiding, A_current_sec_level, A_daz_scanner, A_fake_root_uid, A_initial_security_level, A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_scd_get, A_jail_scd_modify, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_curr_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_process_flags, A_max_caps_program, A_max_caps_user, A_max_read_categories, A_max_read_open, A_min_security_level, A_min_write_categories, A_min_write_open, A_pax_flags, A_pm_current_task, A_pm_process_type, A_pm_tp, A_rc_force_role, A_rc_role, A_rc_type, A_remote_ip, A_security_level, rsbac_gen_process_aci_t::audit_uid, rsbac_attribute_value_t::audit_uid, rsbac_gen_process_aci_t::auid_exempt, rsbac_attribute_value_t::auid_exempt, AUTH, rsbac_attribute_value_t::auth_last_auth, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, CAP, rsbac_attribute_value_t::cap_process_hiding, rsbac_attribute_value_t::current_sec_level, DAZ, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_P_ACI, rsbac_gen_process_aci_t::fake_root_uid, rsbac_attribute_value_t::fake_root_uid, FALSE, GEN, gen_p_hash(), JAIL, rsbac_attribute_value_t::jail_flags, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::jail_ip, rsbac_attribute_value_t::jail_max_caps, rsbac_attribute_value_t::jail_scd_get, rsbac_attribute_value_t::jail_scd_modify, rsbac_gen_process_aci_t::kernel_thread, rsbac_gen_process_aci_t::log_program_based, rsbac_attribute_value_t::log_program_based, MAC, rsbac_attribute_value_t::mac_auto, MAC_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_process_flags, rsbac_attribute_value_t::max_caps_program, rsbac_attribute_value_t::max_caps_user, rsbac_attribute_value_t::max_read_open, rsbac_attribute_value_t::min_write_open, NULL, PAX, rsbac_attribute_value_t::pax_flags, PM, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_process_type, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, process_handles, RC, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_role, rsbac_attribute_value_t::rc_type, rsbac_gen_process_aci_t::remote_ip, rsbac_attribute_value_t::remote_ip, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_PAX_ALL_FLAGS, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, and TRUE. Referenced by rsbac_ta_get_attr(). 11209 {
11210 int err = 0;
11211
11212 /*
11213 #ifdef CONFIG_RSBAC_DEBUG
11214 if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n",
11215 "rsbac_get_attr(): Getting process attribute");
11216 #endif
11217 */
11218 switch(module)
11219 {
11220 case GEN:
11221 {
11222 struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI;
11223
11224 rsbac_ta_list_get_data_ttl(ta_number,
11225 process_handles.gen[gen_p_hash(tid_p->process)],
11226 NULL,
11227 &tid_p->process,
11228 &aci);
11229 switch (attr)
11230 {
11231 case A_log_program_based:
11232 value->log_program_based = aci.log_program_based;
11233 break;
11234 case A_fake_root_uid:
11235 value->fake_root_uid = aci.fake_root_uid;
11236 break;
11237 case A_audit_uid:
11238 value->audit_uid = aci.audit_uid;
11239 break;
11240 case A_auid_exempt:
11241 value->auid_exempt = aci.auid_exempt;
11242 break;
11243 case A_remote_ip:
11244 value->remote_ip = aci.remote_ip;
11245 break;
11246 case A_kernel_thread:
11247 value->kernel_thread = aci.kernel_thread;
11248 break;
11249 default:
11250 err = -RSBAC_EINVALIDATTR;
11251 }
11252 }
11253 break;
11254
11255 #if defined(CONFIG_RSBAC_MAC)
11256 case MAC:
11257 {
11258 struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI;
11259
11260 rsbac_ta_list_get_data_ttl(ta_number,
11261 process_handles.mac[mac_p_hash(tid_p->process)],
11262 NULL,
11263 &tid_p->process,
11264 &aci);
11265 switch (attr)
11266 {
11267 case A_security_level:
11268 value->security_level = aci.owner_sec_level;
11269 break;
11270 case A_initial_security_level:
11271 value->security_level = aci.owner_initial_sec_level;
11272 break;
11273 case A_min_security_level:
11274 value->security_level = aci.owner_min_sec_level;
11275 break;
11276 case A_mac_categories:
11277 value->mac_categories = aci.mac_owner_categories;
11278 break;
11279 case A_mac_initial_categories:
11280 value->mac_categories = aci.mac_owner_initial_categories;
11281 break;
11282 case A_mac_min_categories:
11283 value->mac_categories = aci.mac_owner_min_categories;
11284 break;
11285 case A_current_sec_level:
11286 value->current_sec_level = aci.current_sec_level;
11287 break;
11288 case A_mac_curr_categories:
11289 value->mac_categories = aci.mac_curr_categories;
11290 break;
11291 case A_min_write_open:
11292 value->min_write_open = aci.min_write_open;
11293 break;
11294 case A_min_write_categories:
11295 value->mac_categories = aci.min_write_categories;
11296 break;
11297 case A_max_read_open:
11298 value->max_read_open = aci.max_read_open;
11299 break;
11300 case A_max_read_categories:
11301 value->mac_categories = aci.max_read_categories;
11302 break;
11303 case A_mac_process_flags:
11304 value->mac_process_flags = aci.mac_process_flags;
11305 break;
11306 case A_mac_auto:
11307 if(aci.mac_process_flags & MAC_auto)
11308 value->mac_auto = TRUE;
11309 else
11310 value->mac_auto = FALSE;
11311 break;
11312
11313 default:
11314 err = -RSBAC_EINVALIDATTR;
11315 }
11316 }
11317 break;
11318 #endif /* MAC */
11319
11320 #if defined(CONFIG_RSBAC_PM)
11321 case PM:
11322 {
11323 struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI;
11324
11325 rsbac_ta_list_get_data_ttl(ta_number,
11326 process_handles.pm,
11327 NULL,
11328 &tid_p->process,
11329 &aci);
11330 switch (attr)
11331 {
11332 case A_pm_tp:
11333 value->pm_tp = aci.pm_tp;
11334 break;
11335 case A_pm_current_task:
11336 value->pm_current_task = aci.pm_current_task;
11337 break;
11338 case A_pm_process_type:
11339 value->pm_process_type = aci.pm_process_type;
11340 break;
11341 default:
11342 err = -RSBAC_EINVALIDATTR;
11343 }
11344 }
11345 break;
11346 #endif /* PM */
11347
11348 #if defined(CONFIG_RSBAC_DAZ)
11349 case DAZ:
11350 {
11351 struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI;
11352
11353 rsbac_ta_list_get_data_ttl(ta_number,
11354 process_handles.daz,
11355 NULL,
11356 &tid_p->process,
11357 &aci);
11358 switch (attr)
11359 {
11360 case A_daz_scanner:
11361 value->daz_scanner = aci.daz_scanner;
11362 break;
11363 default:
11364 err = -RSBAC_EINVALIDATTR;
11365 }
11366 }
11367 break;
11368 #endif /* DAZ */
11369
11370 #if defined(CONFIG_RSBAC_RC)
11371 case RC:
11372 {
11373 struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI;
11374
11375 rsbac_ta_list_get_data_ttl(ta_number,
11376 process_handles.rc[rc_p_hash(tid_p->process)],
11377 NULL,
11378 &tid_p->process,
11379 &aci);
11380 switch (attr)
11381 {
11382 case A_rc_role:
11383 value->rc_role = aci.rc_role;
11384 break;
11385 case A_rc_type:
11386 value->rc_type = aci.rc_type;
11387 break;
11388 case A_rc_force_role:
11389 value->rc_force_role = aci.rc_force_role;
11390 break;
11391 default:
11392 err = -RSBAC_EINVALIDATTR;
11393 }
11394 }
11395 break;
11396 #endif /* RC */
11397
11398 #if defined(CONFIG_RSBAC_AUTH)
11399 case AUTH:
11400 {
11401 struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI;
11402
11403 rsbac_ta_list_get_data_ttl(ta_number,
11404 process_handles.auth,
11405 NULL,
11406 &tid_p->process,
11407 &aci);
11408 switch (attr)
11409 {
11410 case A_auth_may_setuid:
11411 value->auth_may_setuid = aci.auth_may_setuid;
11412 break;
11413 case A_auth_may_set_cap:
11414 value->auth_may_set_cap = aci.auth_may_set_cap;
11415 break;
11416 #if defined(CONFIG_RSBAC_AUTH_LEARN)
11417 case A_auth_program_file:
11418 value->auth_program_file = aci.auth_program_file;
11419 break;
11420 case A_auth_start_uid:
11421 value->auth_start_uid = aci.auth_start_uid;
11422 break;
11423 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
11424 case A_auth_start_euid:
11425 value->auth_start_euid = aci.auth_start_euid;
11426 break;
11427 #endif
11428 #ifdef CONFIG_RSBAC_AUTH_GROUP
11429 case A_auth_start_gid:
11430 value->auth_start_gid = aci.auth_start_gid;
11431 break;
11432 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
11433 case A_auth_start_egid:
11434 value->auth_start_egid = aci.auth_start_egid;
11435 break;
11436 #endif
11437 #endif
11438 case A_auth_learn:
11439 value->auth_learn = aci.auth_learn;
11440 break;
11441 #else
11442 case A_auth_learn:
11443 value->auth_learn = FALSE;
11444 break;
11445 #endif
11446 case A_auth_last_auth:
11447 value->auth_last_auth = aci.auth_last_auth;
11448 break;
11449 default:
11450 err = -RSBAC_EINVALIDATTR;
11451 }
11452 }
11453 break;
11454 #endif /* AUTH */
11455
11456 #if defined(CONFIG_RSBAC_CAP)
11457 case CAP:
11458 {
11459 struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI;
11460
11461 rsbac_ta_list_get_data_ttl(ta_number,
11462 process_handles.cap,
11463 NULL,
11464 &tid_p->process,
11465 &aci);
11466 switch (attr)
11467 {
11468 case A_cap_process_hiding:
11469 value->cap_process_hiding = aci.cap_process_hiding;
11470 break;
11471 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
11472 case A_max_caps_user:
11473 value->max_caps_user = aci.max_caps_user;
11474 break;
11475 case A_max_caps_program:
11476 value->max_caps_program = aci.max_caps_program;
11477 break;
11478 #endif
11479 default:
11480 err = -RSBAC_EINVALIDATTR;
11481 }
11482 }
11483 break;
11484 #endif /* CAP */
11485
11486 #if defined(CONFIG_RSBAC_JAIL)
11487 case JAIL:
11488 {
11489 struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI;
11490
11491 rsbac_ta_list_get_data_ttl(ta_number,
11492 process_handles.jail[jail_p_hash(tid_p->process)],
11493 NULL,
11494 &tid_p->process,
11495 &aci);
11496 switch (attr)
11497 {
11498 case A_jail_id:
11499 value->jail_id = aci.id;
11500 break;
11501 case A_jail_ip:
11502 value->jail_ip = aci.ip;
11503 break;
11504 case A_jail_flags:
11505 value->jail_flags = aci.flags;
11506 break;
11507 case A_jail_max_caps:
11508 value->jail_max_caps = aci.max_caps;
11509 break;
11510 case A_jail_scd_get:
11511 value->jail_scd_get = aci.scd_get;
11512 break;
11513 case A_jail_scd_modify:
11514 value->jail_scd_modify = aci.scd_modify;
11515 break;
11516 default:
11517 err = -RSBAC_EINVALIDATTR;
11518 }
11519 }
11520 break;
11521 #endif /* JAIL */
11522
11523 #if defined(CONFIG_RSBAC_PAX)
11524 case PAX:
11525 {
11526 struct task_struct * task_p;
11527
11528 switch (attr)
11529 {
11530 case A_pax_flags:
11531 read_lock(&tasklist_lock);
11532 task_p = find_task_by_pid(tid_p->process);
11533 if(task_p)
11534 {
11535 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
11536 #if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
11537 if(task_p->mm)
11538 value->pax_flags = task_p->mm->pax_flags & RSBAC_PAX_ALL_FLAGS;
11539 else
11540 #endif
11541 value->pax_flags = 0;
11542 #else
11543 value->pax_flags = task_p->flags & RSBAC_PAX_ALL_FLAGS;
11544 #endif
11545 }
11546 else
11547 err = -RSBAC_EINVALIDTARGET;
11548 read_unlock(&tasklist_lock);
11549 break;
11550 default:
11551 err = -RSBAC_EINVALIDATTR;
11552 }
11553 }
11554 break;
11555 #endif /* PAX */
11556
11557 default:
11558 err = -RSBAC_EINVALIDMODULE;
11559 }
11560 return err;
11561 }
|
|
||||||||||||||||||||||||||||||||
|
Definition at line 10869 of file aci_data_structures.c. References A_auth_role, A_cap_role, A_daz_role, A_ff_role, A_initial_security_level, A_jail_role, A_log_user_based, A_mac_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_role, A_mac_user_flags, A_max_caps, A_min_caps, A_min_security_level, A_pax_role, A_pm_role, A_pm_task_set, A_pseudo, A_rc_def_role, A_rc_type, A_res_max, A_res_min, A_res_role, A_security_level, A_system_role, AUTH, CAP, DAZ, DEFAULT_GEN_U_ACI, FF, GEN, JAIL, rsbac_gen_user_aci_t::log_user_based, rsbac_attribute_value_t::log_user_based, MAC, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_user_flags, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, PAX, PM, rsbac_attribute_value_t::pm_role, rsbac_attribute_value_t::pm_task_set, rsbac_gen_user_aci_t::pseudo, rsbac_attribute_value_t::pseudo, RC, rsbac_attribute_value_t::rc_def_role, rsbac_attribute_value_t::rc_type, RES, rsbac_attribute_value_t::res_array, RSBAC_ALL_USERS, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, SR_user, rsbac_attribute_value_t::system_role, rsbac_target_id_t::user, and user_handles. Referenced by rsbac_ta_get_attr(). 10877 {
10878 int err = 0;
10879
10880 /*
10881 #ifdef CONFIG_RSBAC_DEBUG
10882 if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG
10883 "rsbac_get_attr(): Getting user attribute\n");
10884 #endif
10885 */
10886 switch(module)
10887 {
10888 case GEN:
10889 {
10890 struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI;
10891
10892 rsbac_ta_list_get_data_ttl(ta_number,
10893 user_handles.gen,
10894 NULL,
10895 &tid_p->user,
10896 &aci);
10897 switch (attr)
10898 {
10899 case A_pseudo:
10900 value->pseudo = aci.pseudo;
10901 break;
10902 case A_log_user_based:
10903 value->log_user_based = aci.log_user_based;
10904 break;
10905 default:
10906 err = -RSBAC_EINVALIDATTR;
10907 }
10908 }
10909 break;
10910
10911 #if defined(CONFIG_RSBAC_MAC)
10912 case MAC:
10913 {
10914 struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI;
10915
10916 rsbac_ta_list_get_data_ttl(ta_number,
10917 user_handles.mac,
10918 NULL,
10919 &tid_p->user,
10920 &aci);
10921 switch (attr)
10922 {
10923 case A_security_level:
10924 value->security_level = aci.security_level;
10925 break;
10926 case A_initial_security_level:
10927 value->security_level = aci.initial_security_level;
10928 break;
10929 case A_min_security_level:
10930 value->security_level = aci.min_security_level;
10931 break;
10932 case A_mac_categories:
10933 value->mac_categories = aci.mac_categories;
10934 break;
10935 case A_mac_initial_categories:
10936 value->mac_categories = aci.mac_initial_categories;
10937 break;
10938 case A_mac_min_categories:
10939 value->mac_categories = aci.mac_min_categories;
10940 break;
10941 case A_system_role:
10942 case A_mac_role:
10943 value->system_role = aci.system_role;
10944 break;
10945 case A_mac_user_flags:
10946 value->mac_user_flags = aci.mac_user_flags;
10947 break;
10948
10949 default:
10950 err = -RSBAC_EINVALIDATTR;
10951 }
10952 }
10953 break;
10954 #endif /* MAC */
10955
10956 #if defined(CONFIG_RSBAC_PM)
10957 case PM:
10958 {
10959 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
10960
10961 rsbac_ta_list_get_data_ttl(ta_number,
10962 user_handles.pm,
10963 NULL,
10964 &tid_p->user,
10965 &aci);
10966 switch (attr)
10967 {
10968 case A_pm_task_set:
10969 value->pm_task_set = aci.pm_task_set;
10970 break;
10971 case A_pm_role:
10972 value->pm_role = aci.pm_role;
10973 break;
10974 default:
10975 err = -RSBAC_EINVALIDATTR;
10976 }
10977 }
10978 break;
10979 #endif /* PM */
10980
10981 #if defined(CONFIG_RSBAC_DAZ)
10982 case DAZ:
10983 {
10984 rsbac_system_role_int_t role = SR_user;
10985
10986 rsbac_ta_list_get_data_ttl(ta_number,
10987 user_handles.daz,
10988 NULL,
10989 &tid_p->user,
10990 &role);
10991 switch (attr)
10992 {
10993 case A_system_role:
10994 case A_daz_role:
10995 value->system_role = role;
10996 break;
10997
10998 default:
10999 err = -RSBAC_EINVALIDATTR;
11000 }
11001 }
11002 break;
11003 #endif /* DAZ */
11004
11005 #if defined(CONFIG_RSBAC_FF)
11006 case FF:
11007 {
11008 rsbac_system_role_int_t role = SR_user;
11009
11010 rsbac_ta_list_get_data_ttl(ta_number,
11011 user_handles.ff,
11012 NULL,
11013 &tid_p->user,
11014 &role);
11015 switch (attr)
11016 {
11017 case A_system_role:
11018 case A_ff_role:
11019 value->system_role = role;
11020 break;
11021
11022 default:
11023 err = -RSBAC_EINVALIDATTR;
11024 }
11025 }
11026 break;
11027 #endif /* FF */
11028
11029 #if defined(CONFIG_RSBAC_RC)
11030 case RC:
11031 {
11032 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
11033
11034 rsbac_ta_list_get_data_ttl(ta_number,
11035 user_handles.rc,
11036 NULL,
11037 &tid_p->user,
11038 &aci);
11039 switch (attr)
11040 {
11041 case A_rc_def_role:
11042 value->rc_def_role = aci.rc_role;
11043 break;
11044 case A_rc_type:
11045 value->rc_type = aci.rc_type;
11046 break;
11047 default:
11048 err = -RSBAC_EINVALIDATTR;
11049 }
11050 }
11051 break;
11052 #endif /* RC */
11053
11054 #if defined(CONFIG_RSBAC_AUTH)
11055 case AUTH:
11056 {
11057 rsbac_system_role_int_t role = SR_user;
11058
11059 rsbac_ta_list_get_data_ttl(ta_number,
11060 user_handles.auth,
11061 NULL,
11062 &tid_p->user,
11063 &role);
11064 switch (attr)
11065 {
11066 case A_system_role:
11067 case A_auth_role:
11068 value->system_role = role;
11069 break;
11070
11071 default:
11072 err = -RSBAC_EINVALIDATTR;
11073 }
11074 }
11075 break;
11076 #endif /* AUTH */
11077
11078 #if defined(CONFIG_RSBAC_CAP)
11079 case CAP:
11080 {
11081 struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI;
11082
11083 rsbac_ta_list_get_data_ttl(ta_number,
11084 user_handles.cap,
11085 NULL,
11086 &tid_p->user,
11087 &aci);
11088 switch (attr)
11089 {
11090 case A_system_role:
11091 case A_cap_role:
11092 value->system_role = aci.cap_role;
11093 break;
11094 case A_min_caps:
11095 value->min_caps = aci.min_caps;
11096 break;
11097 case A_max_caps:
11098 value->max_caps = aci.max_caps;
11099 break;
11100 default:
11101 err = -RSBAC_EINVALIDATTR;
11102 }
11103 }
11104 break;
11105 #endif /* CAP */
11106
11107 #if defined(CONFIG_RSBAC_JAIL)
11108 case JAIL:
11109 {
11110 rsbac_system_role_int_t role = SR_user;
11111
11112 rsbac_ta_list_get_data_ttl(ta_number,
11113 user_handles.jail,
11114 NULL,
11115 &tid_p->user,
11116 &role);
11117 switch (attr)
11118 {
11119 case A_system_role:
11120 case A_jail_role:
11121 value->system_role = role;
11122 break;
11123
11124 default:
11125 err = -RSBAC_EINVALIDATTR;
11126 }
11127 }
11128 break;
11129 #endif /* JAIL */
11130
11131 #if defined(CONFIG_RSBAC_RES)
11132 case RES:
11133 {
11134 struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI;
11135
11136 if( rsbac_ta_list_get_data_ttl(ta_number,
11137 user_handles.res,
11138 NULL,
11139 &tid_p->user,
11140 &aci)
11141 && (tid_p->user != RSBAC_ALL_USERS)
11142 )
11143 {
11144 tid_p->user = RSBAC_ALL_USERS;
11145 rsbac_ta_list_get_data_ttl(ta_number,
11146 user_handles.res,
11147 NULL,
11148 &tid_p->user,
11149 &aci);
11150 }
11151 switch (attr)
11152 {
11153 case A_system_role:
11154 case A_res_role:
11155 value->system_role = aci.res_role;
11156 break;
11157 case A_res_min:
11158 memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min));
11159 break;
11160 case A_res_max:
11161 memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max));
11162 break;
11163 default:
11164 err = -RSBAC_EINVALIDATTR;
11165 }
11166 }
11167 break;
11168 #endif /* RES */
11169
11170 #if defined(CONFIG_RSBAC_PAX)
11171 case PAX:
11172 {
11173 rsbac_system_role_int_t role = SR_user;
11174
11175 rsbac_ta_list_get_data_ttl(ta_number,
11176 user_handles.pax,
11177 NULL,
11178 &tid_p->user,
11179 &role);
11180 switch (attr)
11181 {
11182 case A_system_role:
11183 case A_pax_role:
11184 value->system_role = role;
11185 break;
11186
11187 default:
11188 err = -RSBAC_EINVALIDATTR;
11189 }
11190 }
11191 break;
11192 #endif /* PAX */
11193
11194 default:
11195 err = -RSBAC_EINVALIDMODULE;
11196 }
11197 /* and return */
11198 return err;
11199 }
|
|
||||||||||||
|
Definition at line 657 of file aci_data_structures.c. References rsbac_ipc_t::id, rsbac_ipc_id_t::id_nr, and rsbac_ipc_t::type. Referenced by register_ipc_lists(). 00658 {
00659 int result;
00660 struct rsbac_ipc_t * i_desc1 = desc1;
00661 struct rsbac_ipc_t * i_desc2 = desc2;
00662
00663 result = memcmp(&i_desc1->type,
00664 &i_desc2->type,
00665 sizeof(i_desc1->type));
00666 if(result)
00667 return result;
00668 else
00669 return memcmp(&i_desc1->id.id_nr,
00670 &i_desc2->id.id_nr,
00671 sizeof(i_desc1->id.id_nr));
00672 }
|
|
||||||||||||||||||||
|
Definition at line 353 of file aci_data_structures.c. References device_list_head, lookup_device(), NULL, RSBAC_EACCESS, RSBAC_ECOULDNOTCREATEPATH, RSBAC_EINVALIDDEV, RSBAC_EINVALIDPOINTER, RSBAC_ENOROOTDIR, RSBAC_ENOTFOUND, RSBAC_ENOTWRITABLE, RSBAC_EPATHTOOLONG, rsbac_get_super_block(), rsbac_lookup_one_len(), rsbac_printk(), SOCKFS_MAGIC, and writable(). Referenced by rsbac_read_open(), and rsbac_write_open(). 00357 {
00358 struct dentry * dir_dentry_p = NULL;
00359 struct dentry * root_dentry_p = NULL;
00360 int err=0;
00361 struct rsbac_device_list_item_t * device_p;
00362 u_long dflags;
00363
00364 if(!dir_dentry_pp)
00365 return(-RSBAC_EINVALIDPOINTER);
00366
00367 if(!sb_p)
00368 {
00369 sb_p = rsbac_get_super_block(kdev);
00370 if (!sb_p)
00371 {
00372 rsbac_printk(KERN_WARNING
00373 "lookup_aci_path_dentry(): invalid device %02u:%02u\n",
00374 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00375 return (-RSBAC_EINVALIDDEV);
00376 }
00377 }
00378
00379 /* pipefs must not be read from */
00380 if( (sb_p->s_magic == PIPEFS_MAGIC)
00381 || (sb_p->s_magic == SOCKFS_MAGIC)
00382 )
00383 {
00384 return -RSBAC_ENOTFOUND;
00385 }
00386
00387 rsbac_read_lock(&device_list_head.lock, &dflags);
00388 device_p = lookup_device(kdev);
00389 if(!device_p)
00390 {
00391 rsbac_printk(KERN_WARNING
00392 "lookup_aci_path_dentry(): No entry for device %02u:%02u\n",
00393 MAJOR(kdev), MINOR(kdev));
00394 rsbac_read_unlock(&device_list_head.lock, &dflags);
00395 return(-RSBAC_EINVALIDDEV);
00396 }
00397 /* already looked up earlier? */
00398 if(device_p->rsbac_dir_dentry_p)
00399 {
00400 *dir_dentry_pp = device_p->rsbac_dir_dentry_p;
00401 #ifdef CONFIG_RSBAC_DEBUG
00402 if(rsbac_debug_ds)
00403 {
00404 rsbac_printk(KERN_DEBUG
00405 "lookup_aci_path_dentry(): device_p->rsbac_dir_dentry_p->d_count for device %02u:%02u is %i!\n",
00406 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00407 atomic_read(&device_p->rsbac_dir_dentry_p->d_count));
00408 }
00409 #endif
00410 rsbac_read_unlock(&device_list_head.lock, &dflags);
00411 return(0);
00412 }
00413 /* Must unlock here for the lookup */
00414 rsbac_read_unlock(&device_list_head.lock, &dflags);
00415
00416 #ifdef CONFIG_RSBAC_DEBUG
00417 if(rsbac_debug_ds)
00418 {
00419 rsbac_printk(KERN_DEBUG
00420 "lookup_aci_path_dentry(): first time lookup for or non-existing %s on device %02u:%02u!\n",
00421 RSBAC_ACI_PATH,
00422 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00423 }
00424 #endif
00425 if (!sb_p->s_root)
00426 {
00427 rsbac_printk(KERN_WARNING
00428 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n",
00429 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00430 err = -RSBAC_EINVALIDDEV;
00431 goto out;
00432 }
00433
00434 if (!sb_p->s_root->d_inode)
00435 {
00436 rsbac_printk(KERN_WARNING
00437 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n",
00438 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00439 err = -RSBAC_EINVALIDDEV;
00440 goto out;
00441 }
00442
00443 /* lookup dentry of ACI_PATH on this device */
00444 #ifdef CONFIG_RSBAC_DEBUG
00445 if(rsbac_debug_ds)
00446 {
00447 rsbac_printk(KERN_DEBUG
00448 "lookup_aci_path_dentry(): lookup rsbac path %s for device %02u:%02u, sb_p->s_root->d_count is %i!\n",
00449 RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00450 atomic_read(&sb_p->s_root->d_count));
00451 }
00452 #endif
00453 dir_dentry_p = rsbac_lookup_one_len(RSBAC_ACI_PATH, sb_p->s_root, strlen(RSBAC_ACI_PATH));
00454 if(IS_ERR(dir_dentry_p))
00455 switch(PTR_ERR(dir_dentry_p))
00456 {
00457 case -ENOENT:
00458 case -ENOTDIR:
00459 err = -RSBAC_ENOTFOUND;
00460 goto out;
00461 case -ENOMEM:
00462 rsbac_printk(KERN_WARNING
00463 "lookup_aci_path_dentry(): memory allocation error!\n");
00464 err = -RSBAC_ENOROOTDIR;
00465 goto out;
00466 case -ENAMETOOLONG:
00467 rsbac_printk(KERN_WARNING
00468 "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n");
00469 err = -RSBAC_EPATHTOOLONG;
00470 goto out;
00471 case -EACCES:
00472 rsbac_printk(KERN_WARNING
00473 "lookup_aci_path_dentry(): No access to ACI_PATH!\n");
00474 err = -RSBAC_EACCESS;
00475 goto out;
00476 default:
00477 rsbac_printk(KERN_WARNING
00478 "lookup_aci_path_dentry(): Error on root dir: %li!\n",
00479 PTR_ERR(dir_dentry_p));
00480 err = -RSBAC_ENOROOTDIR;
00481 goto out;
00482 }
00483
00484 if (!dir_dentry_p)
00485 {
00486 rsbac_printk(KERN_WARNING
00487 "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n");
00488 err = -RSBAC_EINVALIDPOINTER;
00489 goto out;
00490 }
00491 if (!dir_dentry_p->d_inode)
00492 { /* dir could not be found -> try to create it */
00493 /* but only, if allowed... */
00494 if (!create_dir)
00495 {
00496 err = -RSBAC_ENOTFOUND;
00497 goto out_dir_dput;
00498 }
00499 #ifdef CONFIG_RSBAC_DEBUG
00500 if(rsbac_debug_ds)
00501 {
00502 rsbac_printk(KERN_DEBUG
00503 "lookup_aci_path_dentry(): try to create dir, first test writable!\n");
00504 }
00505 #endif
00506 /* ... and writable. */
00507 if (!writable(sb_p))
00508 { /* mounted read only or special case */
00509 err = -RSBAC_ENOTWRITABLE;
00510 goto out_dir_dput;
00511 }
00512 root_dentry_p = lock_parent(dir_dentry_p);
00513 err = PTR_ERR(root_dentry_p);
00514 if ( IS_ERR(root_dentry_p))
00515 {
00516 err = -RSBAC_ECOULDNOTCREATEPATH;
00517 goto out_dir_dput;
00518 }
00519 if ( !root_dentry_p->d_inode
00520 || !root_dentry_p->d_inode->i_op
00521 || !root_dentry_p->d_inode->i_op->mkdir)
00522 {
00523 unlock_dir(root_dentry_p);
00524 err = -RSBAC_ECOULDNOTCREATEPATH;
00525 goto out_dir_dput;
00526 }
00527 DQUOT_INIT(root_dentry_p->d_inode);
00528 err = root_dentry_p->d_inode->i_op->mkdir(root_dentry_p->d_inode,
00529 dir_dentry_p,
00530 RSBAC_ACI_DIR_MODE);
00531 unlock_dir(root_dentry_p);
00532 if (err)
00533 {
00534 err = -RSBAC_ECOULDNOTCREATEPATH;
00535 goto out_dir_dput;
00536 }
00537 }
00538 else /* was found */
00539 { /* check, whether this is a dir */
00540 if(!S_ISDIR(dir_dentry_p->d_inode->i_mode))
00541 { /* no dir! We have a real prob here! */
00542 rsbac_printk(KERN_WARNING
00543 "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n",
00544 RSBAC_ACI_PATH,
00545 MAJOR(sb_p->s_dev),
00546 MINOR(sb_p->s_dev));
00547 err = -RSBAC_EACCESS;
00548 goto out_dir_dput;
00549 }
00550 }
00551 #ifdef CONFIG_RSBAC_DEBUG
00552 if(rsbac_debug_ds)
00553 {
00554 rsbac_printk(KERN_DEBUG
00555 "lookup_aci_path_dentry(): dir_dentry_p->d_count is %i!\n",
00556 atomic_read(&dir_dentry_p->d_count));
00557 rsbac_printk(KERN_DEBUG
00558 "lookup_aci_path_dentry(): sb_p->s_root->d_count is now %i!\n",
00559 atomic_read(&sb_p->s_root->d_count));
00560 }
00561 #endif
00562 /* we want to keep dir_dentry_p in device_item */
00563 /* dput must be done in remove_device_item! */
00564 *dir_dentry_pp = dir_dentry_p;
00565
00566 /* Must lock and relookup device_p to cache result */
00567 rsbac_read_lock(&device_list_head.lock, &dflags);
00568 device_p = lookup_device(kdev);
00569 if(device_p && !device_p->rsbac_dir_dentry_p)
00570 {
00571 device_p->rsbac_dir_dentry_p = dir_dentry_p;
00572 device_p->rsbac_dir_inode = dir_dentry_p->d_inode->i_ino;
00573 }
00574 rsbac_read_unlock(&device_list_head.lock, &dflags);
00575
00576 out:
00577 return (err);
00578
00579 out_dir_dput:
00580 dput(dir_dentry_p);
00581 goto out;
00582 }
|
|
|
Definition at line 593 of file aci_data_structures.c. References device_list_head. Referenced by get_attr_fd(), lookup_aci_path_dentry(), remove_device_item(), rsbac_auth_add_to_f_capset(), rsbac_auth_clear_f_capset(), rsbac_auth_copy_fp_capset(), rsbac_auth_get_f_caplist(), rsbac_auth_p_capset_member(), rsbac_auth_remove_from_f_capset(), rsbac_get_full_path(), rsbac_get_full_path_length(), rsbac_get_parent(), rsbac_get_super_block(), rsbac_mac_add_to_f_truset(), rsbac_mac_clear_f_truset(), rsbac_mac_copy_fp_truset(), rsbac_mac_get_f_trulist(), rsbac_mac_remove_from_f_truset(), rsbac_mount(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_ta_remove_target(), rsbac_umount(), rsbac_umount_auth(), rsbac_umount_mac(), and set_attr_fd(). 00594 {
00595 struct rsbac_device_list_item_t * curr = device_list_head.curr;
00596
00597 /* if there is no current item or it is not the right one, search... */
00598 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00599 if(! (curr && (MAJOR(curr->id) == MAJOR(kdev)) && (MINOR(curr->id) == MINOR(kdev)) ) )
00600 #else
00601 if(! (curr && (curr->id == kdev) ) )
00602 #endif
00603 {
00604 curr = device_list_head.head;
00605 while ( curr
00606 && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00607 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00608 )
00609 )
00610 {
00611 curr = curr->next;
00612 }
00613 if (curr)
00614 device_list_head.curr=curr;
00615 }
00616 /* it is the current item -> return it */
00617 return (curr);
00618 }
|
|
|
Definition at line 5527 of file aci_data_structures.c. References DEFAULT_GEN_DEV_ACI, dev_compare(), dev_handles, dev_major_compare(), dev_major_handles, gen_dev_get_conv(), RC_type_inherit_parent, registration_error(), RSBAC_GEN_ACI_DEV_NAME, RSBAC_GEN_DEV_ACI_KEY, RSBAC_GEN_DEV_ACI_VERSION, rsbac_kfree(), RSBAC_LIST_BACKUP, RSBAC_LIST_DEF_DATA, RSBAC_LIST_PERSIST, rsbac_list_register(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_DEV_NAME, RSBAC_PM_ACI_DEV_NAME, rsbac_printk(), RSBAC_RC_ACI_DEV_MAJOR_NAME, RSBAC_RC_ACI_DEV_NAME, and RSBAC_RC_GENERAL_TYPE. Referenced by rsbac_do_init(). 05529 {
05530 int err = 0;
05531 struct rsbac_list_info_t * list_info_p;
05532
05533 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05534 if(!list_info_p)
05535 {
05536 return -ENOMEM;
05537 }
05538
05539 #ifdef CONFIG_RSBAC_DEBUG
05540 if (rsbac_debug_ds)
05541 {
05542 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering DEV lists\n");
05543 }
05544 #endif
05545 {
05546 struct rsbac_gen_dev_aci_t def_aci = DEFAULT_GEN_DEV_ACI;
05547
05548 list_info_p->version = RSBAC_GEN_DEV_ACI_VERSION;
05549 list_info_p->key = RSBAC_GEN_DEV_ACI_KEY;
05550 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05551 list_info_p->data_size = sizeof(struct rsbac_gen_dev_aci_t);
05552 list_info_p->max_age = 0;
05553 err = rsbac_list_register(RSBAC_LIST_VERSION,
05554 &dev_handles.gen,
05555 list_info_p,
05556 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05557 RSBAC_LIST_BACKUP |
05558 #endif
05559 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05560 dev_compare,
05561 gen_dev_get_conv,
05562 &def_aci,
05563 RSBAC_GEN_ACI_DEV_NAME,
05564 RSBAC_AUTO_DEV);
05565 if(err)
05566 {
05567 registration_error(err, "DEV General");
05568 }
05569 }
05570 #if defined(CONFIG_RSBAC_MAC)
05571 {
05572 struct rsbac_mac_dev_aci_t def_aci = DEFAULT_MAC_DEV_ACI;
05573
05574 list_info_p->version = RSBAC_MAC_DEV_ACI_VERSION;
05575 list_info_p->key = RSBAC_MAC_DEV_ACI_KEY;
05576 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05577 list_info_p->data_size = sizeof(struct rsbac_mac_dev_aci_t);
05578 list_info_p->max_age = 0;
05579 err = rsbac_list_register(RSBAC_LIST_VERSION,
05580 &dev_handles.mac,
05581 list_info_p,
05582 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05583 RSBAC_LIST_BACKUP |
05584 #endif
05585 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05586 dev_compare,
05587 mac_dev_get_conv,
05588 &def_aci,
05589 RSBAC_MAC_ACI_DEV_NAME,
05590 RSBAC_AUTO_DEV);
05591 if(err)
05592 {
05593 registration_error(err, "DEV MAC");
05594 }
05595 }
05596 #endif
05597 #if defined(CONFIG_RSBAC_PM)
05598 {
05599 struct rsbac_pm_dev_aci_t def_aci = DEFAULT_PM_DEV_ACI;
05600
05601 list_info_p->version = RSBAC_PM_DEV_ACI_VERSION;
05602 list_info_p->key = RSBAC_PM_DEV_ACI_KEY;
05603 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05604 list_info_p->data_size = sizeof(struct rsbac_pm_dev_aci_t);
05605 list_info_p->max_age = 0;
05606 err = rsbac_list_register(RSBAC_LIST_VERSION,
05607 &dev_handles.pm,
05608 list_info_p,
05609 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05610 RSBAC_LIST_BACKUP |
05611 #endif
05612 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05613 dev_compare,
05614 pm_dev_get_conv,
05615 &def_aci,
05616 RSBAC_PM_ACI_DEV_NAME,
05617 RSBAC_AUTO_DEV);
05618 if(err)
05619 {
05620 registration_error(err, "DEV PM");
05621 }
05622 }
05623 #endif
05624 #if defined(CONFIG_RSBAC_RC)
05625 {
05626 rsbac_rc_type_id_t def_major_aci = RSBAC_RC_GENERAL_TYPE;
05627 rsbac_rc_type_id_t def_aci = RC_type_inherit_parent;
05628
05629 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05630 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05631 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05632 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05633 list_info_p->max_age = 0;
05634 err = rsbac_list_register(RSBAC_LIST_VERSION,
05635 &dev_major_handles.rc,
05636 list_info_p,
05637 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05638 RSBAC_LIST_BACKUP |
05639 #endif
05640 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05641 dev_major_compare,
05642 rc_dev_get_conv,
05643 &def_major_aci,
05644 RSBAC_RC_ACI_DEV_MAJOR_NAME,
05645 RSBAC_AUTO_DEV);
05646 if(err)
05647 {
05648 registration_error(err, "DEV major RC");
05649 }
05650 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05651 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05652 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05653 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05654 list_info_p->max_age = 0;
05655 err = rsbac_list_register(RSBAC_LIST_VERSION,
05656 &dev_handles.rc,
05657 list_info_p,
05658 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05659 RSBAC_LIST_BACKUP |
05660 #endif
05661 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05662 dev_compare,
05663 rc_dev_get_conv,
05664 &def_aci,
05665 RSBAC_RC_ACI_DEV_NAME,
05666 RSBAC_AUTO_DEV);
05667 if(err)
05668 {
05669 registration_error(err, "DEV RC");
05670 }
05671 }
05672 #endif
05673
05674 rsbac_kfree(list_info_p);
05675 return err;
05676 }
|
|
||||||||||||
|
Definition at line 1105 of file aci_data_structures.c. References DEFAULT_DAZ_FD_SCANNED, gen_fd_get_conv(), get_error_name(), name, NULL, PF_PAX_EMUTRAMP, PF_PAX_MPROTECT, PF_PAX_PAGEEXEC, PF_PAX_RANDEXEC, PF_PAX_RANDMMAP, PF_PAX_SEGMEXEC, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_FF_DEF, RSBAC_GEN_FD_ACI_KEY, RSBAC_GEN_FD_ACI_VERSION, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_compare_u32(), RSBAC_LIST_DEF_DATA, RSBAC_LIST_PERSIST, rsbac_list_register(), RSBAC_LIST_VERSION, RSBAC_MAXNAMELEN, RSBAC_PAX_DEF_FLAGS, and rsbac_printk(). Referenced by rsbac_do_init(), and rsbac_mount(). 01107 {
01108 char * name;
01109 int err = 0;
01110 int tmperr;
01111 u_int file_no;
01112 struct rsbac_list_info_t * info_p;
01113 if(!device_p)
01114 return(-RSBAC_EINVALIDPOINTER);
01115 name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01116 if(!name)
01117 return -RSBAC_ENOMEM;
01118 info_p = rsbac_kmalloc(sizeof(*info_p));
01119 if(!info_p)
01120 {
01121 rsbac_kfree(name);
01122 return -RSBAC_ENOMEM;
01123 }
01124
01125 /* register general lists */
01126 {
01127 for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++)
01128 {
01129 /* construct name from base name + number */
01130 sprintf(name, "%s%u", RSBAC_GEN_FD_NAME, file_no);
01131 info_p->version = RSBAC_GEN_FD_ACI_VERSION;
01132 info_p->key = RSBAC_GEN_FD_ACI_KEY;
01133 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01134 info_p->data_size = sizeof(struct rsbac_gen_fd_aci_t);
01135 info_p->max_age = 0;
01136 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01137 &(device_p->handles.gen[file_no]),
01138 info_p,
01139 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01140 rsbac_list_compare_u32,
01141 gen_fd_get_conv,
01142 &def_gen_fd_aci,
01143 name,
01144 kdev);
01145 if(tmperr)
01146 {
01147 char * tmp;
01148
01149 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01150 if(tmp)
01151 {
01152 rsbac_printk(KERN_WARNING
01153 "register_fd_lists(): registering general list %u for device %02u:%02u failed with error %s!\n",
01154 file_no,
01155 RSBAC_MAJOR(kdev),
01156 RSBAC_MINOR(kdev),
01157 get_error_name(tmp, tmperr));
01158 rsbac_kfree(tmp);
01159 }
01160 err = tmperr;
01161 }
01162 }
01163 }
01164
01165 #if defined(CONFIG_RSBAC_MAC)
01166 {
01167 /* register MAC lists */
01168 for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++)
01169 {
01170 /* construct name from base name + number */
01171 sprintf(name, "%s%u", RSBAC_MAC_FD_NAME, file_no);
01172 info_p->version = RSBAC_MAC_FD_ACI_VERSION;
01173 info_p->key = RSBAC_MAC_FD_ACI_KEY;
01174 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01175 info_p->data_size = sizeof(struct rsbac_mac_fd_aci_t);
01176 info_p->max_age = 0;
01177 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01178 &(device_p->handles.mac[file_no]),
01179 info_p,
01180 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01181 rsbac_list_compare_u32,
01182 mac_fd_get_conv,
01183 &def_mac_fd_aci,
01184 name,
01185 kdev);
01186 if(tmperr)
01187 {
01188 char * tmp;
01189
01190 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01191 if(tmp)
01192 {
01193 rsbac_printk(KERN_WARNING
01194 "register_fd_lists(): registering MAC list %u for device %02u:%02u failed with error %s!\n",
01195 file_no,
01196 RSBAC_MAJOR(kdev),
01197 RSBAC_MINOR(kdev),
01198 get_error_name(tmp, tmperr));
01199 rsbac_kfree(tmp);
01200 }
01201 err = tmperr;
01202 }
01203 }
01204 }
01205 #endif
01206
01207 #if defined(CONFIG_RSBAC_PM)
01208 {
01209 /* register PM lists */
01210 for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++)
01211 {
01212 /* construct name from base name + number */
01213 sprintf(name, "%s%u", RSBAC_PM_FD_NAME, file_no);
01214 info_p->version = RSBAC_PM_FD_ACI_VERSION;
01215 info_p->key = RSBAC_PM_FD_ACI_KEY;
01216 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01217 info_p->data_size = sizeof(struct rsbac_pm_fd_aci_t);
01218 info_p->max_age = 0;
01219 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01220 &(device_p->handles.pm[file_no]),
01221 info_p,
01222 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01223 rsbac_list_compare_u32,
01224 NULL,
01225 &def_pm_fd_aci,
01226 name,
01227 kdev);
01228 if(tmperr)
01229 {
01230 char * tmp;
01231
01232 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01233 if(tmp)
01234 {
01235 rsbac_printk(KERN_WARNING
01236 "register_fd_lists(): registering PM list %u for device %02u:%02u failed with error %s!\n",
01237 file_no,
01238 RSBAC_MAJOR(kdev),
01239 RSBAC_MINOR(kdev),
01240 get_error_name(tmp, tmperr));
01241 rsbac_kfree(tmp);
01242 }
01243 err = tmperr;
01244 }
01245 }
01246 }
01247 #endif
01248
01249 #if defined(CONFIG_RSBAC_DAZ)
01250 {
01251 struct rsbac_daz_fd_aci_t def_daz_fd_aci = DEFAULT_DAZ_FD_ACI;
01252 /* register DAZ lists */
01253 for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++)
01254 {
01255 /* construct name from base name + number */
01256 sprintf(name, "%s%u", RSBAC_DAZ_FD_NAME, file_no);
01257 info_p->version = RSBAC_DAZ_FD_ACI_VERSION;
01258 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01259 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01260 info_p->data_size = sizeof(struct rsbac_daz_fd_aci_t);
01261 info_p->max_age = 0;
01262 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01263 &(device_p->handles.daz[file_no]),
01264 info_p,
01265 RSBAC_LIST_PERSIST |
01266 RSBAC_LIST_DEF_DATA,
01267 rsbac_list_compare_u32,
01268 NULL,
01269 &def_daz_fd_aci,
01270 name,
01271 kdev);
01272 if(tmperr)
01273 {
01274 char * tmp;
01275
01276 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01277 if(tmp)
01278 {
01279 rsbac_printk(KERN_WARNING
01280 "register_fd_lists(): registering DAZ list %u for device %02u:%02u failed with error %s!\n",
01281 file_no,
01282 RSBAC_MAJOR(kdev),
01283 RSBAC_MINOR(kdev),
01284 get_error_name(tmp, tmperr));
01285 rsbac_kfree(tmp);
01286 }
01287 err = tmperr;
01288 }
01289 }
01290 }
01291 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01292 {
01293 rsbac_daz_scanned_t def_daz_scanned_fd_aci = DEFAULT_DAZ_FD_SCANNED;
01294
01295 /* register DAZ scanned lists */
01296 for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++)
01297 {
01298 /* construct name from base name + number */
01299 sprintf(name, "%s%u", RSBAC_DAZ_SCANNED_FD_NAME, file_no);
01300 info_p->version = RSBAC_DAZ_SCANNED_FD_ACI_VERSION;
01301 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01302 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01303 info_p->data_size = sizeof(rsbac_daz_scanned_t);
01304 info_p->max_age = 0;
01305 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01306 &(device_p->handles.dazs[file_no]),
01307 info_p,
01308 #ifdef CONFIG_RSBAC_DAZ_PERSIST
01309 RSBAC_LIST_PERSIST |
01310 #endif
01311 RSBAC_LIST_DEF_DATA,
01312 rsbac_list_compare_u32,
01313 NULL,
01314 &def_daz_scanned_fd_aci,
01315 name,
01316 kdev);
01317 if(tmperr)
01318 {
01319 char * tmp;
01320
01321 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01322 if(tmp)
01323 {
01324 rsbac_printk(KERN_WARNING
01325 "register_fd_lists(): registering DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
01326 file_no,
01327 RSBAC_MAJOR(kdev),
01328 RSBAC_MINOR(kdev),
01329 get_error_name(tmp, tmperr));
01330 rsbac_kfree(tmp);
01331 }
01332 err = tmperr;
01333 }
01334 }
01335 }
01336 #endif
01337 #endif
01338
01339 #if defined(CONFIG_RSBAC_FF)
01340 {
01341 rsbac_ff_flags_t def_ff_fd_aci = RSBAC_FF_DEF;
01342
01343 /* register FF lists */
01344 for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++)
01345 {
01346 /* construct name from base name + number */
01347 sprintf(name, "%s%u", RSBAC_FF_FD_NAME, file_no);
01348 info_p->version = RSBAC_FF_FD_ACI_VERSION;
01349 info_p->key = RSBAC_FF_FD_ACI_KEY;
01350 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01351 info_p->data_size = sizeof(rsbac_ff_flags_t);
01352 info_p->max_age = 0;
01353 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01354 &(device_p->handles.ff[file_no]),
01355 info_p,
01356 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01357 rsbac_list_compare_u32,
01358 NULL,
01359 &def_ff_fd_aci,
01360 name,
01361 kdev);
01362 if(tmperr)
01363 {
01364 char * tmp;
01365
01366 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01367 if(tmp)
01368 {
01369 rsbac_printk(KERN_WARNING
01370 "register_fd_lists(): registering FF list %u for device %02u:%02u failed with error %s!\n",
01371 file_no,
01372 RSBAC_MAJOR(kdev),
01373 RSBAC_MINOR(kdev),
01374 get_error_name(tmp, tmperr));
01375 rsbac_kfree(tmp);
01376 }
01377 err = tmperr;
01378 }
01379 }
01380 }
01381 #endif
01382
01383 #if defined(CONFIG_RSBAC_RC)
01384 {
01385 /* register RC lists */
01386 for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++)
01387 {
01388 /* construct name from base name + number */
01389 sprintf(name, "%s%u", RSBAC_RC_FD_NAME, file_no);
01390 info_p->version = RSBAC_RC_FD_ACI_VERSION;
01391 info_p->key = RSBAC_RC_FD_ACI_KEY;
01392 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01393 info_p->data_size = sizeof(struct rsbac_rc_fd_aci_t);
01394 info_p->max_age = 0;
01395 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01396 &(device_p->handles.rc[file_no]),
01397 info_p,
01398 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01399 rsbac_list_compare_u32,
01400 NULL,
01401 &def_rc_fd_aci,
01402 name,
01403 kdev);
01404 if(tmperr)
01405 {
01406 char * tmp;
01407
01408 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01409 if(tmp)
01410 {
01411 rsbac_printk(KERN_WARNING
01412 "register_fd_lists(): registering RC list %u for device %02u:%02u failed with error %s!\n",
01413 file_no,
01414 RSBAC_MAJOR(kdev),
01415 RSBAC_MINOR(kdev),
01416 get_error_name(tmp, tmperr));
01417 rsbac_kfree(tmp);
01418 }
01419 err = tmperr;
01420 }
01421 }
01422 }
01423 #endif
01424
01425 #if defined(CONFIG_RSBAC_AUTH)
01426 {
01427 struct rsbac_auth_fd_aci_t def_auth_fd_aci = DEFAULT_AUTH_FD_ACI;
01428
01429 /* register AUTH lists */
01430 for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++)
01431 {
01432 /* construct name from base name + number */
01433 sprintf(name, "%s%u", RSBAC_AUTH_FD_NAME, file_no);
01434 info_p->version = RSBAC_AUTH_FD_ACI_VERSION;
01435 info_p->key = RSBAC_AUTH_FD_ACI_KEY;
01436 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01437 info_p->data_size = sizeof(struct rsbac_auth_fd_aci_t);
01438 info_p->max_age = 0;
01439 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01440 &(device_p->handles.auth[file_no]),
01441 info_p,
01442 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01443 rsbac_list_compare_u32,
01444 auth_fd_get_conv,
01445 &def_auth_fd_aci,
01446 name,
01447 kdev);
01448 if(tmperr)
01449 {
01450 char * tmp;
01451
01452 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01453 if(tmp)
01454 {
01455 rsbac_printk(KERN_WARNING
01456 "register_fd_lists(): registering AUTH list %u for device %02u:%02u failed with error %s!\n",
01457 file_no,
01458 RSBAC_MAJOR(kdev),
01459 RSBAC_MINOR(kdev),
01460 get_error_name(tmp, tmperr));
01461 rsbac_kfree(tmp);
01462 }
01463 err = tmperr;
01464 }
01465 }
01466 }
01467 #endif
01468
01469 #if defined(CONFIG_RSBAC_CAP)
01470 {
01471 struct rsbac_cap_fd_aci_t def_cap_fd_aci = DEFAULT_CAP_FD_ACI;
01472
01473 /* register CAP lists */
01474 for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++)
01475 {
01476 /* construct name from base name + number */
01477 sprintf(name, "%s%u", RSBAC_CAP_FD_NAME, file_no);
01478 info_p->version = RSBAC_CAP_FD_ACI_VERSION;
01479 info_p->key = RSBAC_CAP_FD_ACI_KEY;
01480 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01481 info_p->data_size = sizeof(struct rsbac_cap_fd_aci_t);
01482 info_p->max_age = 0;
01483 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01484 &(device_p->handles.cap[file_no]),
01485 info_p,
01486 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01487 rsbac_list_compare_u32,
01488 NULL,
01489 &def_cap_fd_aci,
01490 name,
01491 kdev);
01492 if(tmperr)
01493 {
01494 char * tmp;
01495
01496 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01497 if(tmp)
01498 {
01499 rsbac_printk(KERN_WARNING
01500 "register_fd_lists(): registering CAP list %u for device %02u:%02u failed with error %s!\n",
01501 file_no,
01502 RSBAC_MAJOR(kdev),
01503 RSBAC_MINOR(kdev),
01504 get_error_name(tmp, tmperr));
01505 rsbac_kfree(tmp);
01506 }
01507 err = tmperr;
01508 }
01509 }
01510 }
01511 #endif
01512
01513 #if defined(CONFIG_RSBAC_PAX)
01514 {
01515 rsbac_pax_flags_t def_pax_fd_aci;
01516
01517 #ifdef CONFIG_RSBAC_PAX_DEFAULT
01518 def_pax_fd_aci = 0;
01519 #ifdef CONFIG_RSBAC_PAX_PAGEEXEC
01520 def_pax_fd_aci |= PF_PAX_PAGEEXEC;
01521 #endif
01522 #ifdef CONFIG_RSBAC_PAX_EMUTRAMP
01523 def_pax_fd_aci |= PF_PAX_EMUTRAMP;
01524 #endif
01525 #ifdef CONFIG_RSBAC_PAX_MPROTECT
01526 def_pax_fd_aci |= PF_PAX_MPROTECT;
01527 #endif
01528 #ifdef CONFIG_RSBAC_PAX_RANDMMAP
01529 def_pax_fd_aci |= PF_PAX_RANDMMAP;
01530 #endif
01531 #ifdef CONFIG_RSBAC_PAX_RANDEXEC
01532 def_pax_fd_aci |= PF_PAX_RANDEXEC;
01533 #endif
01534 #ifdef CONFIG_RSBAC_PAX_SEGMEXEC
01535 def_pax_fd_aci |= PF_PAX_SEGMEXEC;
01536 #endif
01537
01538 #else
01539 def_pax_fd_aci = RSBAC_PAX_DEF_FLAGS;
01540 #endif
01541
01542 info_p->version = RSBAC_PAX_FD_ACI_VERSION;
01543 info_p->key = RSBAC_PAX_FD_ACI_KEY;
01544 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01545 info_p->data_size = sizeof(rsbac_pax_flags_t);
01546 info_p->max_age = 0;
01547 /* register PAX lists */
01548 for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++)
01549 {
01550 /* construct name from base name + number */
01551 sprintf(name, "%s%u", RSBAC_PAX_FD_NAME, file_no);
01552 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01553 &(device_p->handles.pax[file_no]),
01554 info_p,
01555 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01556 rsbac_list_compare_u32,
01557 NULL,
01558 &def_pax_fd_aci,
01559 name,
01560 kdev);
01561 if(tmperr)
01562 {
01563 char * tmp;
01564
01565 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01566 if(tmp)
01567 {
01568 rsbac_printk(KERN_WARNING
01569 "register_fd_lists(): registering PAX list %u for device %02u:%02u failed with error %s!\n",
01570 file_no,
01571 RSBAC_MAJOR(kdev),
01572 RSBAC_MINOR(kdev),
01573 get_error_name(tmp, tmperr));
01574 rsbac_kfree(tmp);
01575 }
01576 err = tmperr;
01577 }
01578 }
01579 }
01580 #endif
01581
01582 #if defined(CONFIG_RSBAC_RES)
01583 {
01584 /* register RES lists */
01585 for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++)
01586 {
01587 /* construct name from base name + number */
01588 sprintf(name, "%s%u", RSBAC_RES_FD_NAME, file_no);
01589 info_p->version = RSBAC_RES_FD_ACI_VERSION;
01590 info_p->key = RSBAC_RES_FD_ACI_KEY;
01591 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01592 info_p->data_size = sizeof(struct rsbac_res_fd_aci_t);
01593 info_p->max_age = 0;
01594 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01595 &(device_p->handles.res[file_no]),
01596 info_p,
01597 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01598 rsbac_list_compare_u32,
01599 NULL,
01600 &def_res_fd_aci,
01601 name,
01602 kdev);
01603 if(tmperr)
01604 {
01605 char * tmp;
01606
01607 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01608 if(tmp)
01609 {
01610 rsbac_printk(KERN_WARNING
01611 "register_fd_lists(): registering RES list %u for device %02u:%02u failed with error %s!\n",
01612 file_no,
01613 RSBAC_MAJOR(kdev),
01614 RSBAC_MINOR(kdev),
01615 get_error_name(tmp, tmperr));
01616 rsbac_kfree(tmp);
01617 }
01618 err = tmperr;
01619 }
01620 }
01621 }
01622 #endif
01623
01624 rsbac_kfree(name);
01625 rsbac_kfree(info_p);
01626 return err;
01627 }
|
|
|
Definition at line 5681 of file aci_data_structures.c. References ipc_compare(), ipc_handles, NULL, registration_error(), RSBAC_JAIL_ACI_IPC_NAME, RSBAC_JAIL_DEF_ID, rsbac_kfree(), RSBAC_LIST_DEF_DATA, rsbac_list_register(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_IPC_NAME, RSBAC_PM_ACI_IPC_NAME, rsbac_printk(), RSBAC_RC_ACI_IPC_NAME, and RSBAC_RC_GENERAL_TYPE. Referenced by rsbac_do_init(). 05683 {
05684 int err = 0;
05685 struct rsbac_list_info_t * list_info_p;
05686
05687 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05688 if(!list_info_p)
05689 {
05690 return -ENOMEM;
05691 }
05692
05693 #ifdef CONFIG_RSBAC_DEBUG
05694 if (rsbac_debug_ds)
05695 {
05696 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering IPC lists\n");
05697 }
05698 #endif
05699 #if defined(CONFIG_RSBAC_MAC)
05700 {
05701 struct rsbac_mac_ipc_aci_t def_aci = DEFAULT_MAC_IPC_ACI;
05702
05703 list_info_p->version = RSBAC_MAC_IPC_ACI_VERSION;
05704 list_info_p->key = RSBAC_MAC_IPC_ACI_KEY;
05705 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05706 list_info_p->data_size = sizeof(struct rsbac_mac_ipc_aci_t);
05707 list_info_p->max_age = 0;
05708 err = rsbac_list_register(RSBAC_LIST_VERSION,
05709 &ipc_handles.mac,
05710 list_info_p,
05711 RSBAC_LIST_DEF_DATA,
05712 ipc_compare,
05713 NULL,
05714 &def_aci,
05715 RSBAC_MAC_ACI_IPC_NAME,
05716 RSBAC_AUTO_DEV);
05717 if(err)
05718 {
05719 registration_error(err, "IPC MAC");
05720 }
05721 }
05722 #endif
05723 #if defined(CONFIG_RSBAC_PM)
05724 {
05725 struct rsbac_pm_ipc_aci_t def_aci = DEFAULT_PM_IPC_ACI;
05726
05727 list_info_p->version = RSBAC_PM_IPC_ACI_VERSION;
05728 list_info_p->key = RSBAC_PM_IPC_ACI_KEY;
05729 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05730 list_info_p->data_size = sizeof(struct rsbac_pm_ipc_aci_t);
05731 list_info_p->max_age = 0;
05732 err = rsbac_list_register(RSBAC_LIST_VERSION,
05733 &ipc_handles.pm,
05734 list_info_p,
05735 RSBAC_LIST_DEF_DATA,
05736 ipc_compare,
05737 NULL,
05738 &def_aci,
05739 RSBAC_PM_ACI_IPC_NAME,
05740 RSBAC_AUTO_DEV);
05741 if(err)
05742 {
05743 registration_error(err, "IPC PM");
05744 }
05745 }
05746 #endif
05747 #if defined(CONFIG_RSBAC_RC)
05748 {
05749 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
05750
05751 list_info_p->version = RSBAC_RC_IPC_ACI_VERSION;
05752 list_info_p->key = RSBAC_RC_IPC_ACI_KEY;
05753 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05754 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05755 list_info_p->max_age = 0;
05756 err = rsbac_list_register(RSBAC_LIST_VERSION,
05757 &ipc_handles.rc,
05758 list_info_p,
05759 RSBAC_LIST_DEF_DATA,
05760 ipc_compare,
05761 NULL,
05762 &def_aci,
05763 RSBAC_RC_ACI_IPC_NAME,
05764 RSBAC_AUTO_DEV);
05765 if(err)
05766 {
05767 registration_error(err, "IPC RC");
05768 }
05769 }
05770 #endif
05771 #if defined(CONFIG_RSBAC_JAIL)
05772 {
05773 rsbac_jail_id_t def_aci = RSBAC_JAIL_DEF_ID;
05774
05775 list_info_p->version = RSBAC_JAIL_IPC_ACI_VERSION;
05776 list_info_p->key = RSBAC_JAIL_IPC_ACI_KEY;
05777 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05778 list_info_p->data_size = sizeof(rsbac_jail_id_t);
05779 list_info_p->max_age = 0;
05780 err = rsbac_list_register(RSBAC_LIST_VERSION,
05781 &ipc_handles.jail,
05782 list_info_p,
05783 RSBAC_LIST_DEF_DATA,
05784 ipc_compare,
05785 NULL,
05786 &def_aci,
05787 RSBAC_JAIL_ACI_IPC_NAME,
05788 RSBAC_AUTO_DEV);
05789 if(err)
05790 {
05791 registration_error(err, "IPC JAIL");
05792 }
05793 }
05794 #endif
05795
05796 rsbac_kfree(list_info_p);
05797 return err;
05798 }
|
|
|
Definition at line 6347 of file aci_data_structures.c. References DEFAULT_GEN_P_ACI, NULL, PH_from_other_users, process_handles, registration_error(), RSBAC_AUTH_ACI_PROCESS_NAME, RSBAC_CAP_ACI_PROCESS_NAME, RSBAC_DAZ_ACI_PROCESS_NAME, RSBAC_GEN_ACI_PROCESS_NAME, RSBAC_GEN_PROCESS_ACI_KEY, RSBAC_GEN_PROCESS_ACI_VERSION, RSBAC_JAIL_ACI_PROCESS_NAME, rsbac_kfree(), rsbac_list_compare_u32(), RSBAC_LIST_DEF_DATA, rsbac_list_register(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_PROCESS_NAME, RSBAC_MAXNAMELEN, RSBAC_PM_ACI_PROCESS_NAME, rsbac_printk(), and RSBAC_RC_ACI_PROCESS_NAME. Referenced by rsbac_do_init(). 06349 {
06350 int err = 0;
06351 struct rsbac_list_info_t * list_info_p;
06352
06353 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06354 if(!list_info_p)
06355 {
06356 return -ENOMEM;
06357 }
06358
06359 #ifdef CONFIG_RSBAC_DEBUG
06360 if (rsbac_debug_ds)
06361 {
06362 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering PROCESS lists\n");
06363 }
06364 #endif
06365 {
06366 struct rsbac_gen_process_aci_t def_aci = DEFAULT_GEN_P_ACI;
06367 char name[RSBAC_MAXNAMELEN];
06368 int i;
06369
06370 list_info_p->version = RSBAC_GEN_PROCESS_ACI_VERSION;
06371 list_info_p->key = RSBAC_GEN_PROCESS_ACI_KEY;
06372 list_info_p->desc_size = sizeof(rsbac_pid_t);
06373 list_info_p->data_size = sizeof(struct rsbac_gen_process_aci_t);
06374 list_info_p->max_age = 0;
06375 for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++)
06376 {
06377 sprintf(name, "%s%u", RSBAC_GEN_ACI_PROCESS_NAME, i);
06378 err = rsbac_list_register(RSBAC_LIST_VERSION,
06379 &process_handles.gen[i],
06380 list_info_p,
06381 RSBAC_LIST_DEF_DATA,
06382 rsbac_list_compare_u32,
06383 NULL,
06384 &def_aci,
06385 name,
06386 RSBAC_AUTO_DEV);
06387 if(err)
06388 {
06389 registration_error(err, "PROCESS GEN");
06390 }
06391 }
06392 }
06393 #if defined(CONFIG_RSBAC_MAC)
06394 {
06395 struct rsbac_mac_process_aci_t def_aci = DEFAULT_MAC_P_ACI;
06396 char name[RSBAC_MAXNAMELEN];
06397 int i;
06398
06399 list_info_p->version = RSBAC_MAC_PROCESS_ACI_VERSION;
06400 list_info_p->key = RSBAC_MAC_PROCESS_ACI_KEY;
06401 list_info_p->desc_size = sizeof(rsbac_pid_t);
06402 list_info_p->data_size = sizeof(struct rsbac_mac_process_aci_t);
06403 list_info_p->max_age = 0;
06404 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
06405 {
06406 sprintf(name, "%s%u", RSBAC_MAC_ACI_PROCESS_NAME, i);
06407
06408 err = rsbac_list_register(RSBAC_LIST_VERSION,
06409 &process_handles.mac[i],
06410 list_info_p,
06411 RSBAC_LIST_DEF_DATA,
06412 rsbac_list_compare_u32,
06413 NULL,
06414 &def_aci,
06415 name,
06416 RSBAC_AUTO_DEV);
06417 if(err)
06418 {
06419 registration_error(err, "PROCESS MAC");
06420 }
06421 }
06422 }
06423 #endif
06424 #if defined(CONFIG_RSBAC_PM)
06425 {
06426 struct rsbac_pm_process_aci_t def_aci = DEFAULT_PM_P_ACI;
06427
06428 list_info_p->version = RSBAC_PM_PROCESS_ACI_VERSION;
06429 list_info_p->key = RSBAC_PM_PROCESS_ACI_KEY;
06430 list_info_p->desc_size = sizeof(rsbac_pid_t);
06431 list_info_p->data_size = sizeof(struct rsbac_pm_process_aci_t);
06432 list_info_p->max_age = 0;
06433 err = rsbac_list_register(RSBAC_LIST_VERSION,
06434 &process_handles.pm,
06435 list_info_p,
06436 RSBAC_LIST_DEF_DATA,
06437 rsbac_list_compare_u32,
06438 NULL,
06439 &def_aci,
06440 RSBAC_PM_ACI_PROCESS_NAME,
06441 RSBAC_AUTO_DEV);
06442 if(err)
06443 {
06444 registration_error(err, "PROCESS PM");
06445 }
06446 }
06447 #endif
06448 #if defined(CONFIG_RSBAC_DAZ)
06449 {
06450 struct rsbac_daz_process_aci_t def_aci = DEFAULT_DAZ_P_ACI;
06451
06452 list_info_p->version = RSBAC_DAZ_PROCESS_ACI_VERSION;
06453 list_info_p->key = RSBAC_DAZ_PROCESS_ACI_KEY;
06454 list_info_p->desc_size = sizeof(rsbac_pid_t);
06455 list_info_p->data_size = sizeof(struct rsbac_daz_process_aci_t);
06456 list_info_p->max_age = 0;
06457 err = rsbac_list_register(RSBAC_LIST_VERSION,
06458 &process_handles.daz,
06459 list_info_p,
06460 RSBAC_LIST_DEF_DATA,
06461 rsbac_list_compare_u32,
06462 NULL,
06463 &def_aci,
06464 RSBAC_DAZ_ACI_PROCESS_NAME,
06465 RSBAC_AUTO_DEV);
06466 if(err)
06467 {
06468 registration_error(err, "PROCESS DAZ");
06469 }
06470 }
06471 #endif
06472 #if defined(CONFIG_RSBAC_RC)
06473 {
06474 struct rsbac_rc_process_aci_t def_aci = DEFAULT_RC_P_ACI;
06475 char name[RSBAC_MAXNAMELEN];
06476 int i;
06477
06478 list_info_p->version = RSBAC_RC_PROCESS_ACI_VERSION;
06479 list_info_p->key = RSBAC_RC_PROCESS_ACI_KEY;
06480 list_info_p->desc_size = sizeof(rsbac_pid_t);
06481 list_info_p->data_size = sizeof(struct rsbac_rc_process_aci_t);
06482 list_info_p->max_age = 0;
06483 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
06484 {
06485 sprintf(name, "%s%u", RSBAC_RC_ACI_PROCESS_NAME, i);
06486 err = rsbac_list_register(RSBAC_LIST_VERSION,
06487 &process_handles.rc[i],
06488 list_info_p,
06489 RSBAC_LIST_DEF_DATA,
06490 rsbac_list_compare_u32,
06491 NULL,
06492 &def_aci,
06493 name,
06494 RSBAC_AUTO_DEV);
06495 if(err)
06496 {
06497 registration_error(err, "PROCESS RC");
06498 }
06499 }
06500 }
06501 #endif
06502 #if defined(CONFIG_RSBAC_AUTH)
06503 {
06504 struct rsbac_auth_process_aci_t def_aci = DEFAULT_AUTH_P_ACI;
06505
06506 list_info_p->version = RSBAC_AUTH_PROCESS_ACI_VERSION;
06507 list_info_p->key = RSBAC_AUTH_PROCESS_ACI_KEY;
06508 list_info_p->desc_size = sizeof(rsbac_pid_t);
06509 list_info_p->data_size = sizeof(struct rsbac_auth_process_aci_t);
06510 list_info_p->max_age = 0;
06511 err = rsbac_list_register(RSBAC_LIST_VERSION,
06512 &process_handles.auth,
06513 list_info_p,
06514 RSBAC_LIST_DEF_DATA,
06515 rsbac_list_compare_u32,
06516 NULL,
06517 &def_aci,
06518 RSBAC_AUTH_ACI_PROCESS_NAME,
06519 RSBAC_AUTO_DEV);
06520 if(err)
06521 {
06522 registration_error(err, "PROCESS AUTH");
06523 }
06524 }
06525 #endif
06526 #if defined(CONFIG_RSBAC_CAP)
06527 {
06528 struct rsbac_cap_process_aci_t def_aci = DEFAULT_CAP_P_ACI;
06529
06530 #if defined(CONFIG_RSBAC_CAP_PROC_HIDE)
06531 if(rsbac_cap_process_hiding)
06532 def_aci.cap_process_hiding = PH_from_other_users;
06533 #endif
06534 list_info_p->version = RSBAC_CAP_PROCESS_ACI_VERSION;
06535 list_info_p->key = RSBAC_CAP_PROCESS_ACI_KEY;
06536 list_info_p->desc_size = sizeof(rsbac_pid_t);
06537 list_info_p->data_size = sizeof(struct rsbac_cap_process_aci_t);
06538 list_info_p->max_age = 0;
06539 err = rsbac_list_register(RSBAC_LIST_VERSION,
06540 &process_handles.cap,
06541 list_info_p,
06542 RSBAC_LIST_DEF_DATA,
06543 rsbac_list_compare_u32,
06544 NULL,
06545 &def_aci,
06546 RSBAC_CAP_ACI_PROCESS_NAME,
06547 RSBAC_AUTO_DEV);
06548 if(err)
06549 {
06550 registration_error(err, "PROCESS CAP");
06551 }
06552 }
06553 #endif
06554 #if defined(CONFIG_RSBAC_JAIL)
06555 {
06556 struct rsbac_jail_process_aci_t def_aci = DEFAULT_JAIL_P_ACI;
06557 char name[RSBAC_MAXNAMELEN];
06558 int i;
06559
06560 list_info_p->version = RSBAC_JAIL_PROCESS_ACI_VERSION;
06561 list_info_p->key = RSBAC_JAIL_PROCESS_ACI_KEY;
06562 list_info_p->desc_size = sizeof(rsbac_pid_t);
06563 list_info_p->data_size = sizeof(struct rsbac_jail_process_aci_t);
06564 list_info_p->max_age = 0;
06565 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
06566 {
06567 sprintf(name, "%s%u", RSBAC_JAIL_ACI_PROCESS_NAME, i);
06568 err = rsbac_list_register(RSBAC_LIST_VERSION,
06569 &process_handles.jail[i],
06570 list_info_p,
06571 RSBAC_LIST_DEF_DATA,
06572 rsbac_list_compare_u32,
06573 NULL,
06574 &def_aci,
06575 name,
06576 RSBAC_AUTO_DEV);
06577 if(err)
06578 {
06579 registration_error(err, "PROCESS JAIL");
06580 }
06581 }
06582 }
06583 #endif
06584
06585 rsbac_kfree(list_info_p);
06586 return err;
06587 }
|
|
|
Definition at line 5803 of file aci_data_structures.c. References DEFAULT_GEN_U_ACI, NULL, registration_error(), RSBAC_AUDITOR_UID, RSBAC_AUTH_ACI_USER_NAME, RSBAC_CAP_ACI_USER_NAME, RSBAC_DATAPROT_UID, RSBAC_DAZ_ACI_USER_NAME, RSBAC_FF_ACI_USER_NAME, RSBAC_GEN_ACI_USER_NAME, RSBAC_GEN_USER_ACI_KEY, RSBAC_GEN_USER_ACI_VERSION, RSBAC_JAIL_ACI_USER_NAME, rsbac_kfree(), rsbac_list_add(), RSBAC_LIST_BACKUP, rsbac_list_compare_u32(), rsbac_list_count(), RSBAC_LIST_DEF_DATA, RSBAC_LIST_PERSIST, rsbac_list_register(), RSBAC_LIST_VERSION, RSBAC_MAC_ACI_USER_NAME, rsbac_no_defaults, RSBAC_PAX_ACI_USER_NAME, RSBAC_PM_ACI_USER_NAME, rsbac_printk(), RSBAC_RC_ACI_USER_NAME, RSBAC_RES_ACI_USER_NAME, RSBAC_SECOFF_UID, RSBAC_SYSADM_UID, RSBAC_TPMAN_UID, SR_administrator, SR_auditor, SR_security_officer, SR_user, and user_handles. Referenced by rsbac_do_init(). 05805 {
05806 int err = 0;
05807 struct rsbac_list_info_t * list_info_p;
05808
05809 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05810 if(!list_info_p)
05811 {
05812 return -ENOMEM;
05813 }
05814
05815 #ifdef CONFIG_RSBAC_DEBUG
05816 if (rsbac_debug_ds)
05817 {
05818 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering USER lists\n");
05819 }
05820 #endif
05821
05822 {
05823 struct rsbac_gen_user_aci_t def_aci = DEFAULT_GEN_U_ACI;
05824
05825 list_info_p->version = RSBAC_GEN_USER_ACI_VERSION;
05826 list_info_p->key = RSBAC_GEN_USER_ACI_KEY;
05827 list_info_p->desc_size = sizeof(rsbac_uid_t);
05828 list_info_p->data_size = sizeof(struct rsbac_gen_user_aci_t);
05829 list_info_p->max_age = 0;
05830 err = rsbac_list_register(RSBAC_LIST_VERSION,
05831 &user_handles.gen,
05832 list_info_p,
05833 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05834 RSBAC_LIST_BACKUP |
05835 #endif
05836 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05837 rsbac_list_compare_u32,
05838 NULL,
05839 &def_aci,
05840 RSBAC_GEN_ACI_USER_NAME,
05841 RSBAC_AUTO_DEV);
05842 if(err)
05843 {
05844 registration_error(err, "USER General");
05845 }
05846 }
05847 #if defined(CONFIG_RSBAC_MAC)
05848 {
05849 struct rsbac_mac_user_aci_t def_aci = DEFAULT_MAC_U_ACI;
05850
05851 list_info_p->version = RSBAC_MAC_USER_ACI_VERSION;
05852 list_info_p->key = RSBAC_MAC_USER_ACI_KEY;
05853 list_info_p->desc_size = sizeof(rsbac_uid_t);
05854 list_info_p->data_size = sizeof(struct rsbac_mac_user_aci_t);
05855 list_info_p->max_age = 0;
05856 err = rsbac_list_register(RSBAC_LIST_VERSION,
05857 &user_handles.mac,
05858 list_info_p,
05859 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05860 RSBAC_LIST_BACKUP |
05861 #endif
05862 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05863 rsbac_list_compare_u32,
05864 mac_user_get_conv,
05865 &def_aci,
05866 RSBAC_MAC_ACI_USER_NAME,
05867 RSBAC_AUTO_DEV);
05868 if(err)
05869 {
05870 registration_error(err, "USER MAC");
05871 }
05872 else
05873 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.mac))
05874 {
05875 struct rsbac_mac_user_aci_t sysadm_aci = DEFAULT_MAC_U_SYSADM_ACI;
05876 struct rsbac_mac_user_aci_t secoff_aci = DEFAULT_MAC_U_SECOFF_ACI;
05877 struct rsbac_mac_user_aci_t auditor_aci = DEFAULT_MAC_U_AUDITOR_ACI;
05878 rsbac_uid_t user;
05879
05880 rsbac_printk(KERN_WARNING
05881 "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n");
05882 user = RSBAC_SYSADM_UID;
05883 if(rsbac_list_add(user_handles.mac, &user, &sysadm_aci))
05884 rsbac_printk(KERN_WARNING
05885 "rsbac_do_init(): SYSADM USER MAC entry could not be added!\n");
05886 user = RSBAC_SECOFF_UID;
05887 if(rsbac_list_add(user_handles.mac, &user, &secoff_aci))
05888 rsbac_printk(KERN_WARNING
05889 "rsbac_do_init(): SECOFF USER MAC entry could not be added!\n");
05890 user = RSBAC_AUDITOR_UID;
05891 if(rsbac_list_add(user_handles.mac, &user, &auditor_aci))
05892 rsbac_printk(KERN_WARNING
05893 "rsbac_do_init(): AUDITOR USER MAC entry could not be added!\n");
05894 }
05895 }
05896 #endif
05897 #if defined(CONFIG_RSBAC_PM)
05898 {
05899 struct rsbac_pm_user_aci_t def_aci = DEFAULT_PM_U_ACI;
05900
05901 list_info_p->version = RSBAC_PM_USER_ACI_VERSION;
05902 list_info_p->key = RSBAC_PM_USER_ACI_KEY;
05903 list_info_p->desc_size = sizeof(rsbac_uid_t);
05904 list_info_p->data_size = sizeof(struct rsbac_pm_user_aci_t);
05905 list_info_p->max_age = 0;
05906 err = rsbac_list_register(RSBAC_LIST_VERSION,
05907 &user_handles.pm,
05908 list_info_p,
05909 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05910 RSBAC_LIST_BACKUP |
05911 #endif
05912 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05913 rsbac_list_compare_u32,
05914 NULL,
05915 &def_aci,
05916 RSBAC_PM_ACI_USER_NAME,
05917 RSBAC_AUTO_DEV);
05918 if(err)
05919 {
05920 registration_error(err, "USER PM");
05921 }
05922 else
05923 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pm))
05924 {
05925 struct rsbac_pm_user_aci_t sysadm_aci = DEFAULT_PM_U_SYSADM_ACI;
05926 struct rsbac_pm_user_aci_t secoff_aci = DEFAULT_PM_U_SECOFF_ACI;
05927 struct rsbac_pm_user_aci_t dataprot_aci = DEFAULT_PM_U_DATAPROT_ACI;
05928 struct rsbac_pm_user_aci_t tpman_aci = DEFAULT_PM_U_TPMAN_ACI;
05929 rsbac_uid_t user;
05930
05931 rsbac_printk(KERN_WARNING
05932 "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n");
05933 user = RSBAC_SYSADM_UID;
05934 if(rsbac_list_add(user_handles.pm, &user, &sysadm_aci))
05935 rsbac_printk(KERN_WARNING
05936 "rsbac_do_init(): SYSADM USER PM entry could not be added!\n");
05937 user = RSBAC_SECOFF_UID;
05938 if(rsbac_list_add(user_handles.pm, &user, &secoff_aci))
05939 rsbac_printk(KERN_WARNING
05940 "rsbac_do_init(): SECOFF USER PM entry could not be added!\n");
05941 user = RSBAC_DATAPROT_UID;
05942 if(rsbac_list_add(user_handles.pm, &user, &dataprot_aci))
05943 rsbac_printk(KERN_WARNING
05944 "rsbac_do_init(): DATAPROT USER PM entry could not be added!\n");
05945 user = RSBAC_TPMAN_UID;
05946 if(rsbac_list_add(user_handles.pm, &user, &tpman_aci))
05947 rsbac_printk(KERN_WARNING
05948 "rsbac_do_init(): TPMAN USER PM entry could not be added!\n");
05949 }
05950 }
05951 #endif
05952 #if defined(CONFIG_RSBAC_DAZ)
05953 {
05954 rsbac_system_role_int_t def_aci = SR_user;
05955
05956 list_info_p->version = RSBAC_DAZ_USER_ACI_VERSION;
05957 list_info_p->key = RSBAC_DAZ_USER_ACI_KEY;
05958 list_info_p->desc_size = sizeof(rsbac_uid_t);
05959 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
05960 list_info_p->max_age = 0;
05961 err = rsbac_list_register(RSBAC_LIST_VERSION,
05962 &user_handles.daz,
05963 list_info_p,
05964 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05965 RSBAC_LIST_BACKUP |
05966 #endif
05967 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05968 rsbac_list_compare_u32,
05969 NULL,
05970 &def_aci,
05971 RSBAC_DAZ_ACI_USER_NAME,
05972 RSBAC_AUTO_DEV);
05973 if(err)
05974 {
05975 registration_error(err, "USER DAZ");
05976 }
05977 else
05978 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.daz))
05979 {
05980 rsbac_uid_t user;
05981 rsbac_system_role_int_t role;
05982
05983 rsbac_printk(KERN_WARNING
05984 "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n");
05985 user = RSBAC_SYSADM_UID;
05986 role = SR_administrator;
05987 if(rsbac_list_add(user_handles.daz, &user, &role))
05988 rsbac_printk(KERN_WARNING
05989 "rsbac_do_init(): SYSADM USER DAZ entry could not be added!\n");
05990 user = RSBAC_SECOFF_UID;
05991 role = SR_security_officer;
05992 if(rsbac_list_add(user_handles.daz, &user, &role))
05993 rsbac_printk(KERN_WARNING
05994 "rsbac_do_init(): SECOFF USER DAZ entry could not be added!\n");
05995 }
05996 }
05997 #endif
05998 #if defined(CONFIG_RSBAC_FF)
05999 {
06000 rsbac_system_role_int_t def_aci = SR_user;
06001
06002 list_info_p->version = RSBAC_FF_USER_ACI_VERSION;
06003 list_info_p->key = RSBAC_FF_USER_ACI_KEY;
06004 list_info_p->desc_size = sizeof(rsbac_uid_t);
06005 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06006 list_info_p->max_age = 0;
06007 err = rsbac_list_register(RSBAC_LIST_VERSION,
06008 &user_handles.ff,
06009 list_info_p,
06010 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06011 RSBAC_LIST_BACKUP |
06012 #endif
06013 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06014 rsbac_list_compare_u32,
06015 NULL,
06016 &def_aci,
06017 RSBAC_FF_ACI_USER_NAME,
06018 RSBAC_AUTO_DEV);
06019 if(err)
06020 {
06021 registration_error(err, "USER FF");
06022 }
06023 else
06024 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.ff))
06025 {
06026 rsbac_uid_t user;
06027 rsbac_system_role_int_t role;
06028
06029 rsbac_printk(KERN_WARNING
06030 "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n");
06031 user = RSBAC_SYSADM_UID;
06032 role = SR_administrator;
06033 if(rsbac_list_add(user_handles.ff, &user, &role))
06034 rsbac_printk(KERN_WARNING
06035 "rsbac_do_init(): SYSADM USER FF entry could not be added!\n");
06036 user = RSBAC_SECOFF_UID;
06037 role = SR_security_officer;
06038 if(rsbac_list_add(user_handles.ff, &user, &role))
06039 rsbac_printk(KERN_WARNING
06040 "rsbac_do_init(): SECOFF USER FF entry could not be added!\n");
06041 user = RSBAC_AUDITOR_UID;
06042 role = SR_auditor;
06043 if(rsbac_list_add(user_handles.ff, &user, &role))
06044 rsbac_printk(KERN_WARNING
06045 "rsbac_do_init(): AUDITOR USER FF entry could not be added!\n");
06046 }
06047 }
06048 #endif
06049 #if defined(CONFIG_RSBAC_RC)
06050 {
06051 struct rsbac_rc_user_aci_t def_aci = DEFAULT_RC_U_ACI;
06052
06053 list_info_p->version = RSBAC_RC_USER_ACI_VERSION;
06054 list_info_p->key = RSBAC_RC_USER_ACI_KEY;
06055 list_info_p->desc_size = sizeof(rsbac_uid_t);
06056 list_info_p->data_size = sizeof(struct rsbac_rc_user_aci_t);
06057 list_info_p->max_age = 0;
06058 err = rsbac_list_register(RSBAC_LIST_VERSION,
06059 &user_handles.rc,
06060 list_info_p,
06061 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06062 RSBAC_LIST_BACKUP |
06063 #endif
06064 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06065 rsbac_list_compare_u32,
06066 rc_user_get_conv,
06067 &def_aci,
06068 RSBAC_RC_ACI_USER_NAME,
06069 RSBAC_AUTO_DEV);
06070 if(err)
06071 {
06072 registration_error(err, "USER RC");
06073 }
06074 else
06075 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.rc))
06076 {
06077 rsbac_uid_t user;
06078 struct rsbac_rc_user_aci_t sysadm_aci = DEFAULT_RC_U_SYSADM_ACI;
06079 struct rsbac_rc_user_aci_t secoff_aci = DEFAULT_RC_U_SECOFF_ACI;
06080 struct rsbac_rc_user_aci_t auditor_aci = DEFAULT_RC_U_AUDITOR_ACI;
06081
06082 rsbac_printk(KERN_WARNING
06083 "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n");
06084 user = RSBAC_SYSADM_UID;
06085 if(rsbac_list_add(user_handles.rc, &user, &sysadm_aci))
06086 rsbac_printk(KERN_WARNING
06087 "rsbac_do_init(): SYSADM USER RC entry could not be added!\n");
06088 user = RSBAC_SECOFF_UID;
06089 if(rsbac_list_add(user_handles.rc, &user, &secoff_aci))
06090 rsbac_printk(KERN_WARNING
06091 "rsbac_do_init(): SECOFF USER RC entry could not be added!\n");
06092 user = RSBAC_AUDITOR_UID;
06093 if(rsbac_list_add(user_handles.rc, &user, &auditor_aci))
06094 rsbac_printk(KERN_WARNING
06095 "rsbac_do_init(): AUDITOR USER RC entry could not be added!\n");
06096 }
06097 }
06098 #endif
06099 #if defined(CONFIG_RSBAC_AUTH)
06100 {
06101 rsbac_system_role_int_t def_aci = SR_user;
06102
06103 list_info_p->version = RSBAC_AUTH_USER_ACI_VERSION;
06104 list_info_p->key = RSBAC_AUTH_USER_ACI_KEY;
06105 list_info_p->desc_size = sizeof(rsbac_uid_t);
06106 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06107 list_info_p->max_age = 0;
06108 err = rsbac_list_register(RSBAC_LIST_VERSION,
06109 &user_handles.auth,
06110 list_info_p,
06111 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06112 RSBAC_LIST_BACKUP |
06113 #endif
06114 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06115 rsbac_list_compare_u32,
06116 NULL,
06117 &def_aci,
06118 RSBAC_AUTH_ACI_USER_NAME,
06119 RSBAC_AUTO_DEV);
06120 if(err)
06121 {
06122 registration_error(err, "USER AUTH");
06123 }
06124 else
06125 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.auth))
06126 {
06127 rsbac_uid_t user;
06128 rsbac_system_role_int_t role;
06129
06130 rsbac_printk(KERN_WARNING
06131 "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n");
06132 user = RSBAC_SYSADM_UID;
06133 role = SR_administrator;
06134 if(rsbac_list_add(user_handles.auth, &user, &role))
06135 rsbac_printk(KERN_WARNING
06136 "rsbac_do_init(): SYSADM USER AUTH entry could not be added!\n");
06137 user = RSBAC_SECOFF_UID;
06138 role = SR_security_officer;
06139 if(rsbac_list_add(user_handles.auth, &user, &role))
06140 rsbac_printk(KERN_WARNING
06141 "rsbac_do_init(): SECOFF USER AUTH entry could not be added!\n");
06142 user = RSBAC_AUDITOR_UID;
06143 role = SR_auditor;
06144 if(rsbac_list_add(user_handles.auth, &user, &role))
06145 rsbac_printk(KERN_WARNING
06146 "rsbac_do_init(): AUDITOR USER AUTH entry could not be added!\n");
06147 }
06148 }
06149 #endif /* AUTH */
06150 #if defined(CONFIG_RSBAC_CAP)
06151 {
06152 struct rsbac_cap_user_aci_t def_aci = DEFAULT_CAP_U_ACI;
06153
06154 list_info_p->version = RSBAC_CAP_USER_ACI_VERSION;
06155 list_info_p->key = RSBAC_CAP_USER_ACI_KEY;
06156 list_info_p->desc_size = sizeof(rsbac_uid_t);
06157 list_info_p->data_size = sizeof(struct rsbac_cap_user_aci_t);
06158 list_info_p->max_age = 0;
06159 err = rsbac_list_register(RSBAC_LIST_VERSION,
06160 &user_handles.cap,
06161 list_info_p,
06162 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06163 RSBAC_LIST_BACKUP |
06164 #endif
06165 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06166 rsbac_list_compare_u32,
06167 NULL,
06168 &def_aci,
06169 RSBAC_CAP_ACI_USER_NAME,
06170 RSBAC_AUTO_DEV);
06171 if(err)
06172 {
06173 registration_error(err, "USER CAP");
06174 }
06175 else
06176 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.cap))
06177 {
06178 struct rsbac_cap_user_aci_t sysadm_aci = DEFAULT_CAP_U_SYSADM_ACI;
06179 struct rsbac_cap_user_aci_t secoff_aci = DEFAULT_CAP_U_SECOFF_ACI;
06180 struct rsbac_cap_user_aci_t auditor_aci = DEFAULT_CAP_U_AUDITOR_ACI;
06181 rsbac_uid_t user;
06182
06183 rsbac_printk(KERN_WARNING
06184 "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06185 rsbac_printk(KERN_WARNING
06186 "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06187 user = RSBAC_SYSADM_UID;
06188 if(rsbac_list_add(user_handles.cap, &user, &sysadm_aci))
06189 rsbac_printk(KERN_WARNING
06190 "rsbac_do_init(): SYSADM USER CAP entry could not be added!\n");
06191 user = RSBAC_SECOFF_UID;
06192 if(rsbac_list_add(user_handles.cap, &user, &secoff_aci))
06193 rsbac_printk(KERN_WARNING
06194 "rsbac_do_init(): SECOFF USER CAP entry could not be added!\n");
06195 user = RSBAC_AUDITOR_UID;
06196 if(rsbac_list_add(user_handles.cap, &user, &auditor_aci))
06197 rsbac_printk(KERN_WARNING
06198 "rsbac_do_init(): AUDITOR USER CAP entry could not be added!\n");
06199 }
06200 }
06201 #endif
06202 #if defined(CONFIG_RSBAC_JAIL)
06203 {
06204 rsbac_system_role_int_t def_aci = SR_user;
06205
06206 list_info_p->version = RSBAC_JAIL_USER_ACI_VERSION;
06207 list_info_p->key = RSBAC_JAIL_USER_ACI_KEY;
06208 list_info_p->desc_size = sizeof(rsbac_uid_t);
06209 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06210 list_info_p->max_age = 0;
06211 err = rsbac_list_register(RSBAC_LIST_VERSION,
06212 &user_handles.jail,
06213 list_info_p,
06214 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06215 RSBAC_LIST_BACKUP |
06216 #endif
06217 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06218 rsbac_list_compare_u32,
06219 NULL,
06220 &def_aci,
06221 RSBAC_JAIL_ACI_USER_NAME,
06222 RSBAC_AUTO_DEV);
06223 if(err)
06224 {
06225 registration_error(err, "USER JAIL");
06226 }
06227 else
06228 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.jail))
06229 {
06230 rsbac_uid_t user;
06231 rsbac_system_role_int_t role;
06232
06233 rsbac_printk(KERN_WARNING
06234 "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n");
06235 user = RSBAC_SYSADM_UID;
06236 role = SR_administrator;
06237 if(rsbac_list_add(user_handles.jail, &user, &role))
06238 rsbac_printk(KERN_WARNING
06239 "rsbac_do_init(): SYSADM USER JAIL entry could not be added!\n");
06240 user = RSBAC_SECOFF_UID;
06241 role = SR_security_officer;
06242 if(rsbac_list_add(user_handles.jail, &user, &role))
06243 rsbac_printk(KERN_WARNING
06244 "rsbac_do_init(): SECOFF USER JAIL entry could not be added!\n");
06245 }
06246 }
06247 #endif
06248 #if defined(CONFIG_RSBAC_RES)
06249 {
06250 list_info_p->version = RSBAC_RES_USER_ACI_VERSION;
06251 list_info_p->key = RSBAC_RES_USER_ACI_KEY;
06252 list_info_p->desc_size = sizeof(rsbac_uid_t);
06253 list_info_p->data_size = sizeof(struct rsbac_res_user_aci_t);
06254 list_info_p->max_age = 0;
06255 err = rsbac_list_register(RSBAC_LIST_VERSION,
06256 &user_handles.res,
06257 list_info_p,
06258 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06259 RSBAC_LIST_BACKUP |
06260 #endif
06261 RSBAC_LIST_PERSIST,
06262 rsbac_list_compare_u32,
06263 NULL,
06264 NULL,
06265 RSBAC_RES_ACI_USER_NAME,
06266 RSBAC_AUTO_DEV);
06267 if(err)
06268 {
06269 registration_error(err, "USER RES");
06270 }
06271 else
06272 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.res))
06273 {
06274 struct rsbac_res_user_aci_t sysadm_aci = DEFAULT_RES_U_SYSADM_ACI;
06275 struct rsbac_res_user_aci_t secoff_aci = DEFAULT_RES_U_SECOFF_ACI;
06276 rsbac_uid_t user;
06277
06278 rsbac_printk(KERN_WARNING
06279 "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06280 rsbac_printk(KERN_WARNING
06281 "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06282 user = RSBAC_SYSADM_UID;
06283 if(rsbac_list_add(user_handles.res, &user, &sysadm_aci))
06284 rsbac_printk(KERN_WARNING
06285 "rsbac_do_init(): SYSADM USER RES entry could not be added!\n");
06286 user = RSBAC_SECOFF_UID;
06287 if(rsbac_list_add(user_handles.res, &user, &secoff_aci))
06288 rsbac_printk(KERN_WARNING
06289 "rsbac_do_init(): SECOFF USER RES entry could not be added!\n");
06290 }
06291 }
06292 #endif
06293 #if defined(CONFIG_RSBAC_PAX)
06294 {
06295 rsbac_system_role_int_t def_aci = SR_user;
06296
06297 list_info_p->version = RSBAC_PAX_USER_ACI_VERSION;
06298 list_info_p->key = RSBAC_PAX_USER_ACI_KEY;
06299 list_info_p->desc_size = sizeof(rsbac_uid_t);
06300 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06301 list_info_p->max_age = 0;
06302 err = rsbac_list_register(RSBAC_LIST_VERSION,
06303 &user_handles.pax,
06304 list_info_p,
06305 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06306 RSBAC_LIST_BACKUP |
06307 #endif
06308 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06309 rsbac_list_compare_u32,
06310 NULL,
06311 &def_aci,
06312 RSBAC_PAX_ACI_USER_NAME,
06313 RSBAC_AUTO_DEV);
06314 if(err)
06315 {
06316 registration_error(err, "USER PAX");
06317 }
06318 else
06319 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pax))
06320 {
06321 rsbac_uid_t user;
06322 rsbac_system_role_int_t role;
06323
06324 rsbac_printk(KERN_WARNING
06325 "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n");
06326 user = RSBAC_SYSADM_UID;
06327 role = SR_administrator;
06328 if(rsbac_list_add(user_handles.pax, &user, &role))
06329 rsbac_printk(KERN_WARNING
06330 "rsbac_do_init(): SYSADM USER PAX entry could not be added!\n");
06331 user = RSBAC_SECOFF_UID;
06332 role = SR_security_officer;
06333 if(rsbac_list_add(user_handles.pax, &user, &role))
06334 rsbac_printk(KERN_WARNING
06335 "rsbac_do_init(): SECOFF USER PAX entry could not be added!\n");
06336 }
06337 }
06338 #endif
06339
06340 rsbac_kfree(list_info_p);
06341 return err;
06342 }
|
|
||||||||||||
|
Definition at line 5506 of file aci_data_structures.c. References get_error_name(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, and rsbac_printk(). Referenced by register_dev_lists(), register_ipc_lists(), register_process_lists(), register_user_lists(), rsbac_init_acl(), rsbac_init_pm(), and rsbac_init_rc(). 05508 {
05509 if(err < 0)
05510 {
05511 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05512
05513 if(tmp)
05514 {
05515 rsbac_printk(KERN_WARNING
05516 "rsbac_do_init(): Registering %s list failed with error %s\n",
05517 listname,
05518 get_error_name(tmp, err));
05519 rsbac_kfree(tmp);
05520 }
05521 }
05522 }
|
|
|
Definition at line 1998 of file aci_data_structures.c. References aci_detach_fd_lists(), clear_device_item(), device_list_head, lookup_device(), and NULL. Referenced by rsbac_umount(), rsbac_umount_acl(), rsbac_umount_auth(), and rsbac_umount_mac(). 01999 {
02000 struct rsbac_device_list_item_t * item_p;
02001
02002 /* first we must locate the item. */
02003 if ( (item_p = lookup_device(kdev)) )
02004 { /* ok, item was found */
02005 if (device_list_head.head == item_p)
02006 { /* item is head */
02007 if (device_list_head.tail == item_p)
02008 { /* item is head and tail = only item -> list will be empty*/
02009 device_list_head.head = NULL;
02010 device_list_head.tail = NULL;
02011 }
02012 else
02013 { /* item is head, but not tail -> next item becomes head */
02014 item_p->next->prev = NULL;
02015 device_list_head.head = item_p->next;
02016 }
02017 }
02018 else
02019 { /* item is not head */
02020 if (device_list_head.tail == item_p)
02021 { /*item is not head, but tail -> previous item becomes tail*/
02022 item_p->prev->next = NULL;
02023 device_list_head.tail = item_p->prev;
02024 }
02025 else
02026 { /* item is neither head nor tail -> item is cut out */
02027 item_p->prev->next = item_p->next;
02028 item_p->next->prev = item_p->prev;
02029 }
02030 }
02031
02032 /* curr is no longer valid -> reset. */
02033 device_list_head.curr=NULL;
02034 /* adjust counter */
02035 device_list_head.count--;
02036
02037 /* clean up */
02038 aci_detach_fd_lists(item_p);
02039
02040 /* clear item */
02041 clear_device_item(item_p);
02042 } /* end of if: item was found */
02043
02044 } /* end of remove_device_item() */
|
|
||||||||||||
|
Definition at line 9231 of file aci_data_structures.c. References RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOTFOUND, and rsbac_printk(). 09232 {
09233 struct inode * inode_p;
09234 int err = 0;
09235
09236 if(!sb_p)
09237 return -RSBAC_EINVALIDPOINTER;
09238 if(!inode)
09239 return -RSBAC_EINVALIDVALUE;
09240 if(!MAJOR(sb_p->s_dev))
09241 return 0;
09242
09243 if(sb_p->s_magic != EXT2_SUPER_MAGIC)
09244 return 0;
09245
09246 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09247 if(sb_p->s_op && sb_p->s_op->read_inode2)
09248 return 0;
09249 #endif
09250 inode_p = iget(sb_p, inode);
09251 if(is_bad_inode(inode_p))
09252 {
09253 return -RSBAC_ENOTFOUND;
09254 }
09255 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09256 /* currently only deletion checking of ext2 inodes is possible */
09257 if(sb_p->s_magic == EXT2_SUPER_MAGIC)
09258 {
09259 if(inode_p->u.ext2_i.i_dtime)
09260 { /* inode has been deleted */
09261 err = -RSBAC_ENOTFOUND;
09262 }
09263 else
09264 {
09265 if(inode_p->i_nlink <= 0)
09266 { /* inode has been unlinked, but no dtime is set -> warn */
09267 rsbac_printk(KERN_WARNING
09268 "rsbac_check_inode(): inode %u with nlink <= 0 on device %02u:%02u detected!\n",
09269 inode, RSBAC_MAJOR(sb_p->s_dev), RSBAC_MINOR(sb_p->s_dev));
09270 err = -RSBAC_ENOTFOUND;
09271 }
09272 }
09273 }
09274 #endif
09275 iput(inode_p);
09276 return err;
09277 }
|
|
|
Definition at line 2051 of file aci_data_structures.c. Referenced by rsbac_write_open(). 02052 {
02053 struct inode *inode = dentry->d_inode;
02054 int error;
02055 struct iattr newattrs;
02056
02057 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02058 mutex_lock(&inode->i_mutex);
02059 #else
02060 down(&inode->i_sem);
02061 #endif
02062 newattrs.ia_size = 0;
02063 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
02064 error = notify_change(dentry, &newattrs);
02065 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02066 mutex_unlock(&inode->i_mutex);
02067 #else
02068 up(&inode->i_sem);
02069 #endif
02070 return error;
02071 }
|
|
|
Definition at line 7117 of file aci_data_structures.c. References add_device_item(), clear_device_item(), compiled_modules, create_device_item(), device_list_head, get_error_name(), NULL, register_dev_lists(), register_fd_lists(), register_ipc_lists(), register_process_lists(), register_user_lists(), RSBAC_AUTH_LOGIN_PATH, RSBAC_AUTH_LOGIN_PATH_DIR, RSBAC_AUTH_LOGIN_PATH_FILE, rsbac_check(), rsbac_check_acl(), rsbac_check_auth(), rsbac_check_lists(), RSBAC_ECOULDNOTADDDEVICE, RSBAC_ECOULDNOTADDITEM, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOROOTDEV, RSBAC_ENOTFOUND, rsbac_init_acl(), rsbac_init_adf(), rsbac_init_auth(), rsbac_init_daz(), rsbac_init_debug(), rsbac_init_mac(), rsbac_init_pm(), rsbac_init_rc(), rsbac_init_um(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_kmem_cache_sizes_init(), rsbac_list_add(), rsbac_list_get_data(), rsbac_list_init(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, rsbac_mount(), rsbac_pax_set_flags_func(), rsbac_printk(), rsbac_root_dev, RSBAC_VERSION, sysfs_covered_p, sysfs_sb_p, and TRUE. Referenced by rsbac_init(). 07119 {
07120 int err = 0;
07121 struct rsbac_device_list_item_t * device_p;
07122 struct rsbac_device_list_item_t * new_device_p;
07123 u_long flags;
07124 struct rsbac_list_info_t * list_info_p;
07125 struct super_block * sb_p;
07126
07127 #ifdef CONFIG_RSBAC_DEBUG
07128 if(rsbac_debug_stack)
07129 {
07130 unsigned long * n;
07131
07132 n = (unsigned long *) (current+1);
07133 while (!*n)
07134 n++;
07135 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack: %lu\n",
07136 (unsigned long) n - (unsigned long)(current+1));
07137 }
07138 #endif
07139 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
07140 if(!list_info_p)
07141 {
07142 return -ENOMEM;
07143 }
07144 compiled_modules[0] = (char) 0;
07145 #ifdef CONFIG_RSBAC_REG
07146 strcat(compiled_modules, " REG");
07147 #endif
07148 #ifdef CONFIG_RSBAC_MAC
07149 #ifdef CONFIG_RSBAC_MAC_LIGHT
07150 strcat(compiled_modules, " MAC-L");
07151 #else
07152 strcat(compiled_modules, " MAC");
07153 #endif
07154 #endif
07155 #ifdef CONFIG_RSBAC_PM
07156 strcat(compiled_modules, " PM");
07157 #endif
07158 #ifdef CONFIG_RSBAC_DAZ
07159 strcat(compiled_modules, " DAZ");
07160 #endif
07161 #ifdef CONFIG_RSBAC_FF
07162 strcat(compiled_modules, " FF");
07163 #endif
07164 #ifdef CONFIG_RSBAC_RC
07165 strcat(compiled_modules, " RC");
07166 #endif
07167 #ifdef CONFIG_RSBAC_AUTH
07168 strcat(compiled_modules, " AUTH");
07169 #endif
07170 #ifdef CONFIG_RSBAC_ACL
07171 strcat(compiled_modules, " ACL");
07172 #endif
07173 #ifdef CONFIG_RSBAC_CAP
07174 strcat(compiled_modules, " CAP");
07175 #endif
07176 #ifdef CONFIG_RSBAC_JAIL
07177 strcat(compiled_modules, " JAIL");
07178 #endif
07179 #ifdef CONFIG_RSBAC_RES
07180 strcat(compiled_modules, " RES");
07181 #endif
07182 #ifdef CONFIG_RSBAC_PAX
07183 strcat(compiled_modules, " PAX");
07184 #endif
07185 #ifdef CONFIG_RSBAC_MAINT
07186 rsbac_printk(KERN_INFO
07187 "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
07188 RSBAC_VERSION);
07189 /* Print banner we are initializing */
07190 printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n", RSBAC_VERSION);
07191
07192 rsbac_printk(KERN_INFO
07193 "rsbac_do_init(): Supported module data structures:%s\n",
07194 compiled_modules);
07195 #else
07196 rsbac_printk(KERN_INFO
07197 "rsbac_do_init(): Initializing RSBAC %s\n",
07198 RSBAC_VERSION);
07199 /* Print banner we are initializing */
07200 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07201 if (rsbac_nosyslog)
07202 #endif
07203 printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s\n", RSBAC_VERSION);
07204
07205 rsbac_printk(KERN_INFO
07206 "rsbac_do_init(): compiled modules:%s\n",
07207 compiled_modules);
07208 #endif
07209
07210 /* init memory */
07211 rsbac_printk(KERN_INFO
07212 "rsbac_do_init(): Initializing memory slabs\n");
07213 rsbac_kmem_cache_sizes_init();
07214
07215 /* set rw-spinlocks to unlocked status and init data structures */
07216 device_list_head.lock = RW_LOCK_UNLOCKED;
07217 device_list_head.head = NULL;
07218 device_list_head.tail = NULL;
07219 device_list_head.curr = NULL;
07220 device_list_head.count = 0;
07221
07222 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
07223 #ifdef CONFIG_RSBAC_DEBUG
07224 if(rsbac_debug_stack)
07225 {
07226 unsigned long * n = (unsigned long *) (current+1);
07227
07228 while (!*n)
07229 n++;
07230 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering proc dir: %lu\n",
07231 (unsigned long) n - (unsigned long)(current+1));
07232 }
07233 #endif
07234 rsbac_printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n");
07235 register_all_rsbac_proc();
07236 #endif
07237
07238 #ifdef CONFIG_RSBAC_DEBUG
07239 if(rsbac_debug_stack)
07240 {
07241 unsigned long * n = (unsigned long *) (current+1);
07242
07243 while (!*n)
07244 n++;
07245 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before get_super: %lu\n",
07246 (unsigned long) n - (unsigned long)(current+1));
07247 }
07248 #endif
07249 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07250 sb_p = user_get_super(rsbac_root_dev);
07251 #else
07252 sb_p = get_super(rsbac_root_dev);
07253 #endif
07254 if(!sb_p)
07255 {
07256 kfree(list_info_p);
07257 return -RSBAC_ENOROOTDEV;
07258 }
07259 /* read fd aci from root device */
07260 #ifdef CONFIG_RSBAC_DEBUG
07261 if (rsbac_debug_ds)
07262 {
07263 rsbac_printk(KERN_DEBUG
07264 "rsbac_do_init(): reading aci from device number %02u:%02u\n",
07265 RSBAC_MAJOR(rsbac_root_dev),
07266 RSBAC_MINOR(rsbac_root_dev));
07267 }
07268 #endif
07269 /* create a private device item */
07270 new_device_p = create_device_item(sb_p, NULL);
07271 if (!new_device_p)
07272 {
07273 rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not alloc device item!\n");
07274 err = -RSBAC_ECOULDNOTADDDEVICE;
07275 goto out_free;
07276 }
07277 /* Add new_device_p to device list */
07278 /* wait for write access to device_list_head */
07279 rsbac_write_lock(&device_list_head.lock, &flags);
07280 /* OK, go on */
07281 device_p = add_device_item(new_device_p);
07282 /* device was added, allow access */
07283 rsbac_write_unlock(&device_list_head.lock, &flags);
07284 if (!device_p)
07285 {
07286 rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not add device!\n");
07287 clear_device_item(new_device_p);
07288 err = -RSBAC_ECOULDNOTADDDEVICE;
07289 goto out_free;
07290 }
07291
07292 /* init lists - we need the root device_p to be initialized, but no generic list registered */
07293 rsbac_printk(KERN_INFO
07294 "rsbac_do_init(): Initializing generic lists\n");
07295 rsbac_list_init();
07296
07297 #ifdef CONFIG_RSBAC_DEBUG
07298 if(rsbac_debug_stack)
07299 {
07300 unsigned long * n = (unsigned long *) (current+1);
07301
07302 while (!*n)
07303 n++;
07304 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_debug: %lu\n",
07305 (unsigned long) n - (unsigned long)(current+1));
07306 }
07307 #endif
07308 rsbac_init_debug();
07309
07310 rsbac_printk(KERN_INFO
07311 "rsbac_do_init(): reading FD attributes from root dev\n");
07312
07313 #ifdef CONFIG_RSBAC_DEBUG
07314 if(rsbac_debug_stack)
07315 {
07316 unsigned long * n = (unsigned long *) (current+1);
07317
07318 while (!*n)
07319 n++;
07320 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before reading FD lists: %lu\n",
07321 (unsigned long) n - (unsigned long)(current+1));
07322 }
07323 #endif
07324 /* no locking needed, device_p is known and there can be no parallel init! */
07325 if((err = register_fd_lists(device_p,rsbac_root_dev)))
07326 {
07327 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
07328
07329 if(tmp)
07330 {
07331 rsbac_printk(KERN_WARNING
07332 "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n",
07333 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err));
07334 rsbac_kfree(tmp);
07335 }
07336 }
07337
07338 #ifdef CONFIG_RSBAC_DEBUG
07339 if(rsbac_debug_stack)
07340 {
07341 unsigned long * n = (unsigned long *) (current+1);
07342
07343 while (!*n)
07344 n++;
07345 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before DEV lists registration: %lu\n",
07346 (unsigned long) n - (unsigned long)(current+1));
07347 }
07348 #endif
07349 register_dev_lists();
07350
07351 #ifdef CONFIG_RSBAC_DEBUG
07352 if(rsbac_debug_stack)
07353 {
07354 unsigned long * n = (unsigned long *) (current+1);
07355
07356 while (!*n)
07357 n++;
07358 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering IPC lists: %lu\n",
07359 (unsigned long) n - (unsigned long)(current+1));
07360 }
07361 #endif
07362
07363 register_ipc_lists();
07364
07365 #ifdef CONFIG_RSBAC_DEBUG
07366 if(rsbac_debug_stack)
07367 {
07368 unsigned long * n = (unsigned long *) (current+1);
07369
07370 while (!*n)
07371 n++;
07372 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering USER lists: %lu\n",
07373 (unsigned long) n - (unsigned long)(current+1));
07374 }
07375 #endif
07376 register_user_lists();
07377
07378 #ifdef CONFIG_RSBAC_DEBUG
07379 if(rsbac_debug_stack)
07380 {
07381 unsigned long * n = (unsigned long *) (current+1);
07382
07383 while (!*n)
07384 n++;
07385 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering PROCESS aci: %lu\n",
07386 (unsigned long) n - (unsigned long)(current+1));
07387 }
07388 #endif
07389 register_process_lists();
07390
07391
07392 #ifdef CONFIG_RSBAC_UM
07393 #ifdef CONFIG_RSBAC_DEBUG
07394 if(rsbac_debug_stack)
07395 {
07396 unsigned long * n = (unsigned long *) (current+1);
07397
07398 while (!*n)
07399 n++;
07400 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before GROUP lists registration: %lu\n",
07401 (unsigned long) n - (unsigned long)(current+1));
07402 }
07403 #endif
07404 register_group_lists();
07405 #endif /* CONFIG_RSBAC_UM */
07406
07407 #ifdef CONFIG_RSBAC_NET_DEV
07408 register_netdev_lists();
07409 #endif
07410
07411 #ifdef CONFIG_RSBAC_NET_OBJ
07412 register_nettemp_list();
07413 register_nettemp_aci_lists();
07414 register_netobj_lists();
07415 #endif /* NET_OBJ */
07416
07417 /* Call other init functions */
07418 #if defined(CONFIG_RSBAC_MAC)
07419 #ifdef CONFIG_RSBAC_DEBUG
07420 if(rsbac_debug_stack)
07421 {
07422 unsigned long * n = (unsigned long *) (current+1);
07423
07424 while (!*n)
07425 n++;
07426 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_mac: %lu\n",
07427 (unsigned long) n - (unsigned long)(current+1));
07428 }
07429 #endif
07430 rsbac_init_mac();
07431 #endif
07432
07433 #ifdef CONFIG_RSBAC_PM
07434 #ifdef CONFIG_RSBAC_DEBUG
07435 if(rsbac_debug_stack)
07436 {
07437 unsigned long * n = (unsigned long *) (current+1);
07438
07439 while (!*n)
07440 n++;
07441 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_pm: %lu\n",
07442 (unsigned long) n - (unsigned long)(current+1));
07443 }
07444 #endif
07445 rsbac_init_pm();
07446 #endif
07447
07448 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
07449 #ifdef CONFIG_RSBAC_DEBUG
07450 if(rsbac_debug_stack)
07451 {
07452 unsigned long * n = (unsigned long *) (current+1);
07453
07454 while (!*n)
07455 n++;
07456 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_daz: %lu\n",
07457 (unsigned long) n - (unsigned long)(current+1));
07458 }
07459 #endif
07460 rsbac_init_daz();
07461 #endif
07462
07463 #if defined(CONFIG_RSBAC_RC)
07464 #ifdef CONFIG_RSBAC_DEBUG
07465 if(rsbac_debug_stack)
07466 {
07467 unsigned long * n = (unsigned long *) (current+1);
07468
07469 while (!*n)
07470 n++;
07471 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_rc: %lu\n",
07472 (unsigned long) n - (unsigned long)(current+1));
07473 }
07474 #endif
07475 rsbac_init_rc();
07476 #endif
07477
07478 #if defined(CONFIG_RSBAC_AUTH)
07479 #ifdef CONFIG_RSBAC_DEBUG
07480 if(rsbac_debug_stack)
07481 {
07482 unsigned long * n = (unsigned long *) (current+1);
07483
07484 while (!*n)
07485 n++;
07486 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_auth: %lu\n",
07487 (unsigned long) n - (unsigned long)(current+1));
07488 }
07489 #endif
07490 rsbac_init_auth();
07491 if (rsbac_auth_enable_login)
07492 {
07493 struct dentry * t_dentry;
07494 struct dentry * dir_dentry = NULL;
07495 struct rsbac_auth_fd_aci_t auth_fd_aci = DEFAULT_AUTH_FD_ACI;
07496 int list_no;
07497
07498 rsbac_printk(KERN_WARNING
07499 "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n",
07500 RSBAC_AUTH_LOGIN_PATH);
07501
07502 /* lookup filename */
07503 if(sb_p)
07504 {
07505 dir_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_DIR,
07506 sb_p->s_root,
07507 strlen(RSBAC_AUTH_LOGIN_PATH_DIR));
07508 }
07509 if (!dir_dentry)
07510 {
07511 err = -RSBAC_ENOTFOUND;
07512 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07513 RSBAC_AUTH_LOGIN_PATH_DIR);
07514 goto auth_out;
07515 }
07516 if (IS_ERR(dir_dentry))
07517 {
07518 err = PTR_ERR(dir_dentry);
07519 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n",
07520 RSBAC_AUTH_LOGIN_PATH_DIR,
07521 err);
07522 goto auth_out;
07523 }
07524 if (!dir_dentry->d_inode)
07525 {
07526 err = -RSBAC_ENOTFOUND;
07527 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07528 RSBAC_AUTH_LOGIN_PATH_DIR);
07529 dput(dir_dentry);
07530 goto auth_out;
07531 }
07532 t_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_FILE,
07533 dir_dentry,
07534 strlen(RSBAC_AUTH_LOGIN_PATH_FILE));
07535 if (!t_dentry)
07536 {
07537 err = -RSBAC_ENOTFOUND;
07538 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07539 RSBAC_AUTH_LOGIN_PATH_DIR,
07540 RSBAC_AUTH_LOGIN_PATH_FILE);
07541 goto auth_out;
07542 }
07543 if (IS_ERR(t_dentry))
07544 {
07545 err = PTR_ERR(t_dentry);
07546 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n",
07547 RSBAC_AUTH_LOGIN_PATH_DIR,
07548 RSBAC_AUTH_LOGIN_PATH_FILE,
07549 err);
07550 goto auth_out;
07551 }
07552 if (!t_dentry->d_inode)
07553 {
07554 err = -RSBAC_ENOTFOUND;
07555 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07556 RSBAC_AUTH_LOGIN_PATH_DIR,
07557 RSBAC_AUTH_LOGIN_PATH_FILE);
07558 dput(t_dentry);
07559 goto auth_out;
07560 }
07561
07562 if (!t_dentry->d_inode)
07563 {
07564 rsbac_printk(KERN_WARNING "rsbac_do_init(): file %s not found\n",
07565 RSBAC_AUTH_LOGIN_PATH);
07566 err = -RSBAC_EINVALIDTARGET;
07567 goto auth_out_dput;
07568 }
07569 /* is inode of type file? */
07570 if (!S_ISREG(t_dentry->d_inode->i_mode))
07571 {
07572 rsbac_printk(KERN_WARNING "rsbac_do_init(): %s is no file\n", RSBAC_AUTH_LOGIN_PATH);
07573 err = -RSBAC_EINVALIDTARGET;
07574 goto auth_out_dput;
07575 }
07576 list_no = auth_fd_hash(t_dentry->d_inode->i_ino);
07577 rsbac_list_get_data(device_p->handles.auth[list_no],
07578 &t_dentry->d_inode->i_ino,
07579 &auth_fd_aci);
07580 auth_fd_aci.auth_may_setuid = TRUE;
07581 if(rsbac_list_add(device_p->handles.auth[list_no],
07582 &t_dentry->d_inode->i_ino,
07583 &auth_fd_aci))
07584 { /* Adding failed! */
07585 rsbac_printk(KERN_WARNING
07586 "rsbac_do_init(): Could not add AUTH file/dir item!\n");
07587 err = -RSBAC_ECOULDNOTADDITEM;
07588 }
07589
07590 auth_out_dput:
07591 auth_out:
07592 { }
07593 }
07594 #endif
07595
07596 #if defined(CONFIG_RSBAC_ACL)
07597 #ifdef CONFIG_RSBAC_DEBUG
07598 if(rsbac_debug_stack)
07599 {
07600 unsigned long * n = (unsigned long *) (current+1);
07601
07602 while (!*n)
07603 n++;
07604 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_acl: %lu\n",
07605 (unsigned long) n - (unsigned long)(current+1));
07606 }
07607 #endif
07608 rsbac_init_acl();
07609 #endif
07610
07611 #if defined(CONFIG_RSBAC_UM)
07612 #ifdef CONFIG_RSBAC_DEBUG
07613 if(rsbac_debug_stack)
07614 {
07615 unsigned long * n = (unsigned long *) (current+1);
07616
07617 while (!*n)
07618 n++;
07619 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_um: %lu\n",
07620 (unsigned long) n - (unsigned long)(current+1));
07621 }
07622 #endif
07623 rsbac_init_um();
07624 #endif
07625
07626
07627 #ifdef CONFIG_RSBAC_DEBUG
07628 if(rsbac_debug_stack)
07629 {
07630 unsigned long * n = (unsigned long *) (current+1);
07631
07632 while (!*n)
07633 n++;
07634 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_adf: %lu\n",
07635 (unsigned long) n - (unsigned long)(current+1));
07636 }
07637 #endif
07638 rsbac_init_adf();
07639
07640 /* free super_block pointer */
07641 drop_super(sb_p);
07642
07643 #if defined(CONFIG_RSBAC_PAX) && defined(CONFIG_PAX_HOOK_ACL_FLAGS)
07644 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
07645 pax_set_initial_flags_func = rsbac_pax_set_flags_func;
07646 #else
07647 pax_set_flags_func = rsbac_pax_set_flags_func;
07648 #endif
07649 #endif
07650
07651 /* Tell that rsbac is initialized */
07652 rsbac_initialized = TRUE;
07653
07654 /* Add initrd mount */
07655 #ifdef CONFIG_BLK_DEV_INITRD
07656 if(initrd_start)
07657 {
07658 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07659 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,0));
07660 #else
07661 sb_p = get_super(MKDEV(RAMDISK_MAJOR,0));
07662 #endif
07663 if(sb_p)
07664 {
07665 rsbac_mount(sb_p, NULL);
07666 drop_super(sb_p);
07667 }
07668 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07669 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR));
07670 #else
07671 sb_p = get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR));
07672 #endif
07673 if(sb_p)
07674 {
07675 rsbac_mount(sb_p, NULL);
07676 drop_super(sb_p);
07677 }
07678 }
07679 #endif
07680
07681 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07682 /* Add sysfs mount */
07683 if( sysfs_covered_p
07684 && sysfs_sb_p
07685 )
07686 {
07687 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n",
07688 MAJOR(sysfs_sb_p->s_dev), MINOR(sysfs_sb_p->s_dev));
07689 rsbac_mount(sysfs_sb_p, sysfs_covered_p);
07690 }
07691 #endif
07692
07693 /* Add devfs mount */
07694 #ifdef CONFIG_DEVFS_MOUNT
07695 if( devfs_covered_p
07696 && devfs_sb_p
07697 )
07698 {
07699 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n",
07700 MAJOR(devfs_sb_p->s_dev), MINOR(devfs_sb_p->s_dev));
07701 rsbac_mount(devfs_sb_p, devfs_covered_p);
07702 }
07703 #endif
07704
07705 /* Force a check, if configured */
07706 #ifdef CONFIG_RSBAC_INIT_CHECK
07707 #ifdef CONFIG_RSBAC_DEBUG
07708 if(rsbac_debug_stack)
07709 {
07710 unsigned long * n = (unsigned long *) (current+1);
07711
07712 while (!*n)
07713 n++;
07714 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before rsbac_check: %lu\n",
07715 (unsigned long) n - (unsigned long)(current+1));
07716 }
07717 #endif
07718 rsbac_printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n");
07719 rsbac_check_lists(1);
07720 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07721 rsbac_check(1,0);
07722 /* call other checks */
07723 #if defined(CONFIG_RSBAC_AUTH)
07724 rsbac_check_auth(1,0);
07725 #endif
07726 #endif
07727 #if defined(CONFIG_RSBAC_ACL)
07728 rsbac_check_acl(1,0);
07729 #endif
07730 #endif
07731
07732 if (!current->fs)
07733 {
07734 rsbac_printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n");
07735 err = -RSBAC_EINVALIDPOINTER;
07736 }
07737 out:
07738 /* Ready. */
07739 rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n");
07740 /* We are up and running */
07741 rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n");
07742
07743 kfree(list_info_p);
07744 return err;
07745
07746 out_free:
07747 /* free super_block pointer */
07748 drop_super(sb_p);
07749 goto out;
07750 }
|
|
|
Definition at line 8686 of file aci_data_structures.c. References device_list_head, NULL, RSBAC_ENOTINITIALIZED, rsbac_initialized, and rsbac_printk(). 08687 {
08688 u_long flags;
08689 struct rsbac_device_list_item_t * device_p;
08690
08691 if (!rsbac_initialized)
08692 {
08693 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n");
08694 return(-RSBAC_ENOTINITIALIZED);
08695 }
08696
08697 rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n");
08698
08699 /* wait for write access to device_list_head */
08700 rsbac_write_lock_irq(&device_list_head.lock, &flags);
08701 /* OK, nobody else is working on it... */
08702 device_p = device_list_head.head;
08703 while(device_p)
08704 {
08705 if(device_p->rsbac_dir_dentry_p)
08706 {
08707 dput(device_p->rsbac_dir_dentry_p);
08708 device_p->rsbac_dir_dentry_p = NULL;
08709 }
08710 device_p = device_p->next;
08711 }
08712 /* allow access */
08713 rsbac_write_unlock_irq(&device_list_head.lock, &flags);
08714
08715 return(0);
08716 }
|
|
||||||||||||||||
|
Definition at line 2677 of file aci_data_structures.c. References A_pseudo, FALSE, GEN, lookup_device(), rsbac_attribute_value_t::pseudo, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOMEM, rsbac_get_attr, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, T_USER, and rsbac_target_id_t::user. Referenced by get_target_name(), rsbac_adf_request_int(), rsbac_jail_sys_jail(), and xp_fill_file_struct(). 02678 {
02679 int len=0;
02680 char * i_path;
02681 int tmplen=0;
02682 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02683 union rsbac_target_id_t i_tid;
02684 union rsbac_attribute_value_t i_attr_val;
02685 #endif
02686
02687 if(!dentry_p || !path)
02688 return -RSBAC_EINVALIDPOINTER;
02689 if(maxlen <= 0)
02690 return -RSBAC_EINVALIDVALUE;
02691 i_path = rsbac_kmalloc(maxlen + RSBAC_MAXNAMELEN);
02692 if(!i_path)
02693 return -RSBAC_ENOMEM;
02694
02695 path[0] = 0;
02696
02697 while(dentry_p && (len<maxlen) && dentry_p->d_name.len && dentry_p->d_name.name)
02698 {
02699 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02700 if( dentry_p->d_inode
02701 && dentry_p->d_parent
02702 && dentry_p->d_parent->d_inode
02703 && (i_tid.user = dentry_p->d_inode->i_uid)
02704 && (dentry_p->d_inode->i_uid != dentry_p->d_parent->d_inode->i_uid)
02705 && !rsbac_get_attr(GEN,T_USER,i_tid,A_pseudo,&i_attr_val,FALSE)
02706 && i_attr_val.pseudo
02707 )
02708 { /* Max len of 32 Bit value in decimal print is 11 */
02709 if((maxlen-len) < 12)
02710 {
02711 rsbac_kfree(i_path);
02712 return(len);
02713 }
02714 tmplen = snprintf(i_path, 11, "%u", i_attr_val.pseudo);
02715 }
02716 else
02717 #endif
02718 {
02719 tmplen = dentry_p->d_name.len;
02720 if((tmplen+1) > (maxlen-len))
02721 {
02722 rsbac_kfree(i_path);
02723 return(len);
02724 }
02725 strncpy(i_path, dentry_p->d_name.name, tmplen);
02726 }
02727 /* Skip double / on multi mounts.
02728 * Last / is appended at the end of the function */
02729 if((i_path[tmplen-1] != '/') && (tmplen != 1)) {
02730 if(len && (i_path[tmplen-1] != '/')) {
02731 i_path[tmplen] = '/';
02732 tmplen++;
02733 }
02734 i_path[tmplen]=0;
02735
02736 strcat(i_path, path);
02737 strcpy(path, i_path);
02738 len += tmplen;
02739 }
02740 if( dentry_p->d_parent
02741 && (dentry_p->d_parent != dentry_p)
02742 && (dentry_p->d_sb->s_root != dentry_p)
02743 )
02744 dentry_p = dentry_p->d_parent;
02745 else
02746 {
02747 struct rsbac_device_list_item_t * device_p;
02748
02749 device_p = lookup_device(dentry_p->d_sb->s_dev);
02750 if( device_p
02751 && device_p->d_covers
02752 )
02753 dentry_p = device_p->d_covers;
02754 else
02755 break;
02756 }
02757 }
02758
02759 i_path[tmplen]=0;
02760 strcat(i_path, path);
02761 strcpy(path, i_path);
02762
02763 rsbac_kfree(i_path);
02764 return(len);
02765 }
|
|
|
Definition at line 2770 of file aci_data_structures.c. References lookup_device(), and RSBAC_EINVALIDPOINTER. Referenced by xp_fill_file_struct(). 02771 {
02772 int len=0;
02773 int tmplen=0;
02774
02775 if(!dentry_p)
02776 return -RSBAC_EINVALIDPOINTER;
02777
02778 while(dentry_p && dentry_p->d_name.len && dentry_p->d_name.name)
02779 {
02780 tmplen = dentry_p->d_name.len;
02781 if(len && (dentry_p->d_name.name[tmplen-1] != '/'))
02782 {
02783 tmplen++;
02784 }
02785 len += tmplen;
02786 if( dentry_p->d_parent
02787 && (dentry_p->d_parent != dentry_p)
02788 && (dentry_p->d_sb->s_root != dentry_p)
02789 )
02790 dentry_p = dentry_p->d_parent;
02791 else
02792 {
02793 struct rsbac_device_list_item_t * device_p;
02794
02795 device_p = lookup_device(dentry_p->d_sb->s_dev);
02796 if( device_p
02797 && device_p->d_covers
02798 )
02799 dentry_p = device_p->d_covers;
02800 else
02801 break;
02802 }
02803 }
02804 return(len);
02805 }
|
|
||||||||||||||||||||
|
Definition at line 9908 of file aci_data_structures.c. References device_list_head, lookup_device(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTFOUND, rsbac_printk(), T_DIR, T_FIFO, T_FILE, and T_SYMLINK. Referenced by copy_fp_cap_set_item(), copy_fp_tru_set_item(), get_attr_fd(), rsbac_acl_get_rights(), and rsbac_acl_get_single_right(). 09912 {
09913 if(!parent_target_p || !parent_tid_p)
09914 return -RSBAC_EINVALIDPOINTER;
09915 /*
09916 #ifdef CONFIG_RSBAC_DEBUG
09917 if (rsbac_debug_ds)
09918 {
09919 rsbac_printk(KERN_DEBUG
09920 "rsbac_get_parent(): Getting file/dir/fifo/symlink parent for device %02u:%02u, inode %lu, dentry_p %p\n",
09921 RSBAC_MAJOR(tid.file.device),RSBAC_MINOR(tid.file.device), (u_long) tid.file.inode, tid.file.dentry_p);
09922 }
09923 #endif
09924 */
09925 switch(target)
09926 {
09927 case T_FILE:
09928 case T_DIR:
09929 case T_FIFO:
09930 case T_SYMLINK:
09931 break;
09932 default:
09933 return -RSBAC_EINVALIDTARGET;
09934 }
09935
09936 if(!tid.file.dentry_p)
09937 return -RSBAC_ENOTFOUND;
09938
09939 *parent_target_p = T_DIR;
09940 /* Is this dentry root of a mounted device? */
09941 if( tid.file.dentry_p->d_sb
09942 && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p)
09943 )
09944 {
09945 struct rsbac_device_list_item_t * device_p;
09946 u_long dflags;
09947
09948 /* wait for read access to device_list_head */
09949 rsbac_read_lock(&device_list_head.lock, &dflags);
09950
09951 device_p = lookup_device(tid.file.device);
09952 if( !device_p
09953 || !device_p->d_covers
09954 || !device_p->d_covers->d_parent
09955 || !device_p->d_covers->d_parent->d_inode
09956 )
09957 {
09958 /* free access to device_list_head */
09959 rsbac_read_unlock(&device_list_head.lock, &dflags);
09960 return -RSBAC_ENOTFOUND;
09961 }
09962 parent_tid_p->dir.device = device_p->d_covers->d_parent->d_sb->s_dev;
09963 parent_tid_p->dir.inode = device_p->d_covers->d_parent->d_inode->i_ino;
09964 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent;
09965 /* free access to device_list_head */
09966 rsbac_read_unlock(&device_list_head.lock, &dflags);
09967 }
09968 else
09969 { /* no root of filesystem -> use d_parent, dev keeps unchanged */
09970 if(!tid.file.dentry_p->d_parent)
09971 {
09972 rsbac_printk(KERN_WARNING
09973 "rsbac_get_parent(): oops - d_parent is NULL!\n");
09974 return -RSBAC_ENOTFOUND;
09975 }
09976 if(tid.file.dentry_p == tid.file.dentry_p->d_parent)
09977 {
09978 rsbac_printk(KERN_WARNING
09979 "rsbac_get_parent(): oops - d_parent == dentry_p!\n");
09980 return -RSBAC_ENOTFOUND;
09981 }
09982 if(!tid.file.dentry_p->d_parent->d_inode)
09983 {
09984 rsbac_printk(KERN_WARNING
09985 "rsbac_get_parent(): oops - d_parent has no d_inode!\n");
09986 return -RSBAC_ENOTFOUND;
09987 }
09988 parent_tid_p->dir.device = tid.file.device;
09989 parent_tid_p->dir.inode = tid.file.dentry_p->d_parent->d_inode->i_ino;
09990 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent;
09991 }
09992 return 0;
09993 }
|
|
|
Definition at line 2081 of file aci_data_structures.c. References device_list_head, lookup_device(), NULL, rsbac_mount(), rsbac_printk(), rsbac_write_sem, and wakeup_auto(). Referenced by lookup_aci_path_dentry(), rsbac_acl_add_to_acl_entry(), rsbac_acl_get_mask(), rsbac_acl_get_rights(), rsbac_acl_get_single_right(), rsbac_acl_get_tlist(), rsbac_acl_remove_acl(), rsbac_acl_remove_acl_entry(), rsbac_acl_remove_from_acl_entry(), rsbac_acl_set_acl_entry(), rsbac_acl_set_mask(), rsbac_adf_request_int(), rsbac_adf_set_attr(), rsbac_auth_add_to_f_capset(), rsbac_auth_clear_f_capset(), rsbac_auth_copy_fp_capset(), rsbac_auth_get_f_caplist(), rsbac_auth_remove_from_f_capset(), rsbac_check_acl(), rsbac_mac_add_to_f_truset(), rsbac_mac_clear_f_truset(), rsbac_mac_copy_fp_truset(), rsbac_mac_get_f_trulist(), rsbac_mac_remove_from_f_truset(), and rsbac_write_open(). 02082 {
02083 struct rsbac_device_list_item_t * device_p;
02084 u_long dflags;
02085 struct super_block * sb_p;
02086
02087 if(RSBAC_IS_AUTO_DEV(kdev))
02088 return NULL;
02089
02090 /* get super_block-pointer */
02091 rsbac_read_lock(&device_list_head.lock, &dflags);
02092 device_p = lookup_device(kdev);
02093 if (!device_p)
02094 {
02095 rsbac_read_unlock(&device_list_head.lock, &dflags);
02096 down(&rsbac_write_sem);
02097 up(&rsbac_write_sem);
02098 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02099 sb_p = user_get_super(kdev);
02100 #else
02101 sb_p = get_super(kdev);
02102 #endif
02103 if(!sb_p)
02104 { /* Wait a second and retry */
02105 DECLARE_WAIT_QUEUE_HEAD(auto_wait);
02106 struct timer_list auto_timer;
02107
02108 rsbac_printk(KERN_INFO
02109 "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n",
02110 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02111 init_timer(&auto_timer);
02112 auto_timer.function = wakeup_auto;
02113 auto_timer.data = (u_long) &auto_wait;
02114 auto_timer.expires = jiffies + HZ;
02115 add_timer(&auto_timer);
02116 interruptible_sleep_on(&auto_wait);
02117
02118 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02119 sb_p = user_get_super(kdev);
02120 #else
02121 sb_p = get_super(kdev);
02122 #endif
02123 }
02124 if(sb_p)
02125 {
02126 device_p = lookup_device(kdev);
02127 if (!device_p)
02128 {
02129 rsbac_printk(KERN_INFO
02130 "rsbac_get_super_block(): auto-mounting device %02u:%02u\n",
02131 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02132 rsbac_mount(sb_p, NULL);
02133 }
02134 /* free super_block pointer */
02135 drop_super(sb_p);
02136 rsbac_read_lock(&device_list_head.lock, &dflags);
02137 device_p = lookup_device(kdev);
02138 if (!device_p)
02139 {
02140 rsbac_printk(KERN_WARNING
02141 "rsbac_get_super_block(): unknown device %02u:%02u\n",
02142 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02143 rsbac_read_unlock(&device_list_head.lock, &dflags);
02144 return NULL;
02145 }
02146 }
02147 else
02148 {
02149 return NULL;
02150 }
02151 }
02152 sb_p = device_p->sb_p;
02153 rsbac_read_unlock(&device_list_head.lock, &dflags);
02154 return sb_p;
02155 }
|
|
|
Definition at line 8008 of file aci_data_structures.c. Referenced by rsbac_mount(). 08010 {
08011 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08012 struct rsbac_kthread_t * rsbac_kthread_entry;
08013 struct list_head * p;
08014 #ifdef CONFIG_RSBAC_RC
08015 struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI;
08016 #endif
08017 rsbac_pid_t init_pid;
08018 #endif
08019 int err = 0;
08020 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
08021 || defined(CONFIG_RSBAC_INIT_THREAD)
08022 rsbac_pid_t rsbacd_pid;
08023 #endif
08024
08025 if (rsbac_initialized) {
08026 rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n");
08027 return(-RSBAC_EREINIT);
08028 }
08029 if (!current->fs) {
08030 rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n");
08031 return(-RSBAC_EINVALIDPOINTER);
08032 }
08033
08034 rsbac_root_dev = root_dev;
08035
08036 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
08037 || defined(CONFIG_RSBAC_INIT_THREAD)
08038 /* init the rsbacd wait queue head */
08039 init_waitqueue_head(&rsbacd_wait);
08040 #endif
08041
08042 #ifdef CONFIG_RSBAC_INIT_THREAD
08043 /* trigger dependency */
08044 #ifdef CONFIG_RSBAC_MAX_INIT_TIME
08045 #endif
08046 rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n",
08047 RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ);
08048 init_timer(&rsbac_timer);
08049 rsbac_timer.function = wakeup_rsbacd;
08050 rsbac_timer.data = 0;
08051 rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ);
08052 add_timer(&rsbac_timer);
08053
08054 /* Start rsbac thread for init */
08055 rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0);
08056 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n",
08057 rsbacd_pid);
08058
08059 if(!rsbac_initialized)
08060 interruptible_sleep_on(&rsbacd_wait);
08061 if(!rsbac_initialized)
08062 {
08063 rsbac_printk(KERN_ERR
08064 "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n");
08065 rsbac_printk(KERN_ERR
08066 "rsbac_init(): *** Killing rsbac_initd! ***\n");
08067 sys_kill(rsbacd_pid, SIGKILL);
08068 rsbac_initialized = FALSE;
08069 }
08070 #else
08071 rsbac_do_init();
08072 #endif
08073
08074 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
08075 if(rsbac_initialized) {
08076 /* Start rsbacd thread for auto write */
08077 rsbacd_pid = kernel_thread(rsbacd, NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
08078 if(rsbacd_pid < 0)
08079 {
08080 rsbac_printk(KERN_ERR
08081 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
08082 rsbacd_pid);
08083 }
08084 else
08085 {
08086 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n",
08087 rsbacd_pid);
08088 }
08089 }
08090 #endif
08091
08092 /* Ready. */
08093 /* schedule(); */
08094 #ifdef CONFIG_RSBAC_INIT_THREAD
08095 sys_wait4(-1, NULL, WNOHANG, NULL);
08096 #endif
08097
08098 /* Add all processes to list of processes as init processes */
08099 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08100 {
08101 #ifdef CONFIG_RSBAC_MAC
08102 struct rsbac_mac_user_aci_t mac_u_aci;
08103 #endif
08104 #ifdef CONFIG_RSBAC_RC
08105 struct rsbac_rc_user_aci_t rc_u_aci;
08106 #endif
08107 rsbac_uid_t user = RSBAC_SYSADM_UID;
08108 rsbac_pid_t pid = 1;
08109 struct task_struct * p;
08110
08111 union rsbac_target_id_t k_tid;
08112 union rsbac_attribute_value_t k_attr_val;
08113
08114 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n");
08115 /* Prepare entries: change standard values to root's values */
08116 #ifdef CONFIG_RSBAC_MAC
08117 if(!rsbac_list_get_data(user_handles.mac, &user, &mac_u_aci)) {
08118 mac_init_p_aci.owner_sec_level = mac_u_aci.security_level;
08119 mac_init_p_aci.owner_initial_sec_level = mac_u_aci.initial_security_level;
08120 mac_init_p_aci.current_sec_level = mac_u_aci.initial_security_level;
08121 mac_init_p_aci.owner_min_sec_level = mac_u_aci.min_security_level;
08122 mac_init_p_aci.mac_owner_categories = mac_u_aci.mac_categories;
08123 mac_init_p_aci.mac_owner_initial_categories = mac_u_aci.mac_initial_categories;
08124 mac_init_p_aci.mac_curr_categories = mac_u_aci.mac_initial_categories;
08125 mac_init_p_aci.mac_owner_min_categories = mac_u_aci.mac_min_categories;
08126 mac_init_p_aci.min_write_open = mac_u_aci.security_level;
08127 mac_init_p_aci.max_read_open = mac_u_aci.min_security_level;
08128 mac_init_p_aci.min_write_categories = mac_u_aci.mac_categories;
08129 mac_init_p_aci.max_read_categories = mac_u_aci.mac_min_categories;
08130 mac_init_p_aci.mac_process_flags
08131 = (mac_u_aci.mac_user_flags & RSBAC_MAC_P_FLAGS) | RSBAC_MAC_DEF_INIT_P_FLAGS;
08132 }
08133 #endif
08134
08135 /* Set process aci - first init */
08136 #ifdef CONFIG_RSBAC_MAC
08137 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08138 rsbac_printk(KERN_WARNING
08139 "rsbac_do_init(): MAC ACI for Init process 1 could not be added!\n");
08140 #endif
08141 #ifdef CONFIG_RSBAC_RC
08142 /* Get boot role */
08143 if(rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role)) {
08144 /* none: use root's role */
08145 if(!rsbac_list_get_data(user_handles.rc, &user, &rc_u_aci)) {
08146 rc_init_p_aci.rc_role = rc_u_aci.rc_role;
08147 } else {
08148 /* last resort: general role */
08149 rsbac_ds_get_error("rsbac_do_init", A_rc_def_role);
08150 rc_init_p_aci.rc_role = RSBAC_RC_GENERAL_ROLE;
08151 }
08152 }
08153 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role;
08154 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_init_p_aci))
08155 rsbac_printk(KERN_WARNING
08156 "rsbac_do_init(): RC ACI for Init process 1 could not be added!\n");
08157 #endif
08158 read_lock(&tasklist_lock);
08159 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08160 for_each_task(p)
08161 #else
08162 for_each_process(p)
08163 #endif
08164 {
08165 /* not for kernel and init though... */
08166 if(!p->pid || (p->pid == 1))
08167 continue;
08168 pid = p->pid;
08169 #ifdef CONFIG_RSBAC_DEBUG
08170 if (rsbac_debug_ds) {
08171 rsbac_printk(KERN_DEBUG "rsbac_do_init(): setting aci for process %u\n",
08172 pid);
08173 }
08174 #endif
08175 #ifdef CONFIG_RSBAC_MAC
08176 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08177 rsbac_printk(KERN_WARNING
08178 "rsbac_do_init(): MAC ACI for Init process %u could not be added!\n",
08179 pid);
08180 #endif
08181 #ifdef CONFIG_RSBAC_RC
08182 k_tid.process = p->pid;
08183 if (rsbac_get_attr(GEN, T_PROCESS,
08184 k_tid,
08185 A_kernel_thread,
08186 &k_attr_val,
08187 FALSE)) {
08188 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n", pid);
08189 }
08190 if (k_attr_val.kernel_thread) {
08191 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
08192 rsbac_printk(KERN_WARNING
08193 "rsbac_do_init(): RC ACI for Kernel process %u could not be added!\n",
08194 pid);
08195 }
08196 #endif
08197 }
08198 read_unlock(&tasklist_lock);
08199 }
08200 list_for_each(p, &rsbac_kthread->list) {
08201 rsbac_kthread_entry = list_entry(p,
08202 struct rsbac_kthread_t, list);
08203 if (rsbac_kthread_entry->pid != 1
08204 || rsbac_kthread_entry->pid != rsbacd_pid); {
08205 rsbac_kthread_notify(rsbac_kthread_entry->pid);
08206 /* kernel list implementation is for exclusive
08207 * wizards use, let's not free it now till
08208 * i know why it oops. doesnt consume much memory
08209 * anyway. michal. */
08210 /*list_del(&rsbac_kthread_entry->list);
08211 * kfree(rsbac_kthread_entry);*/
08212 }
08213 } /* explicitly mark init and rsbacd */
08214 init_pid = 1;
08215 #ifdef CONFIG_RSBAC_MAC
08216 if (rsbac_list_add(process_handles.mac[mac_p_hash(init_pid)], &init_pid, &mac_init_p_aci))
08217 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"init\" process could not be added!\n");
08218 if (rsbac_list_add(process_handles.mac[mac_p_hash(rsbacd_pid)], &rsbacd_pid, &mac_init_p_aci))
08219 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"rsbacd\" process could not be added!\n");
08220 #endif
08221 #ifdef CONFIG_RSBAC_RC
08222 if (rsbac_list_add(process_handles.rc[rc_p_hash(init_pid)], &init_pid, &rc_init_p_aci))
08223 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"init\" process could not be added!\n");
08224 if (rsbac_list_add(process_handles.rc[rc_p_hash(rsbacd_pid)], &rsbacd_pid, &rc_kernel_p_aci))
08225 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"rsbacd\" process could not be added!\n");
08226 #endif
08227
08228 /*kfree(rsbac_kthread);*/
08229
08230 #endif /* MAC or RC */
08231
08232 rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n");
08233 return(err);
08234 }
|
|
|
|
Definition at line 8246 of file aci_data_structures.c. References process_handles, rsbac_initialized, rsbac_list_add(), and rsbac_printk(). Referenced by rsbac_init(). 08247 {
08248 if (!rsbac_initialized)
08249 return 0;
08250 /* Set process aci */
08251 #ifdef CONFIG_RSBAC_MAC
08252 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08253 rsbac_printk(KERN_WARNING
08254 "rsbac_do_init(): MAC ACI for kernel process %u could not be added!",
08255 pid);
08256 #endif
08257 #ifdef CONFIG_RSBAC_RC
08258 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
08259 rsbac_printk(KERN_WARNING
08260 "rsbac_do_init(): RC ACI for kernel process %u could not be added!",
08261 pid);
08262 #endif
08263 return 0;
08264 }
|
|
|
Definition at line 7984 of file aci_data_structures.c. References rsbac_kthread_t::list. 07985 {
07986 rsbac_kthread_size_t = sizeof(struct rsbac_kthread_t);
07987 rsbac_kthread = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07988 INIT_LIST_HEAD(&rsbac_kthread->list);
07989 return 0;
07990 }
|
|
|
Definition at line 7992 of file aci_data_structures.c. References rsbac_kthread_t::list, rsbac_kthread_t::pid, and rsbac_initialized. 07993 {
07994 struct rsbac_kthread_t * rsbac_kthread_new;
07995
07996 if (rsbac_initialized)
07997 return 0;
07998 rsbac_kthread_new = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07999 rsbac_kthread_new->pid = pid;
08000 list_add(&rsbac_kthread_new->list, &rsbac_kthread->list);
08001 return 0;
08002 }
|
|
||||||||||||
|
Definition at line 8268 of file aci_data_structures.c. References add_device_item(), clear_device_item(), create_device_item(), device_list_head, get_error_name(), lookup_device(), NULL, register_fd_lists(), rsbac_debug_no_write, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_init(), rsbac_initialized, rsbac_kfree(), rsbac_kmalloc(), rsbac_list_mount(), RSBAC_MAXNAMELEN, rsbac_mount_acl(), rsbac_mount_auth(), rsbac_mount_mac(), rsbac_mount_reg(), rsbac_printk(), rsbac_root_dev, rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE. Referenced by get_attr_fd(), rsbac_aef_sb_post_addmount(), rsbac_aef_sb_umount_busy(), rsbac_do_init(), rsbac_get_super_block(), rsbac_ta_remove_target(), and set_attr_fd(). 08269 {
08270 int err = 0;
08271 struct rsbac_device_list_item_t * device_p;
08272 struct rsbac_device_list_item_t * new_device_p;
08273 u_long flags;
08274 rsbac_boolean_t old_no_write;
08275
08276 if(!sb_p)
08277 {
08278 rsbac_printk(KERN_WARNING
08279 "rsbac_mount(): called with NULL pointer\n");
08280 return -RSBAC_EINVALIDPOINTER;
08281 }
08282 if (!rsbac_initialized)
08283 {
08284 #ifdef CONFIG_RSBAC_INIT_DELAY
08285 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08286 if( !RSBAC_MAJOR(rsbac_delayed_root)
08287 && !RSBAC_MINOR(rsbac_delayed_root)
08288 && rsbac_delayed_root_str[0]
08289 )
08290 { /* translate string to kdev_t */
08291 char * p = rsbac_delayed_root_str;
08292 u_int major = 0;
08293 u_int minor = 0;
08294
08295 major = simple_strtoul(p, NULL, 0);
08296 while((*p != ':') && (*p != '\0'))
08297 p++;
08298 if(*p)
08299 {
08300 p++;
08301 minor = simple_strtoul(p, NULL, 0);
08302 }
08303 rsbac_delayed_root = RSBAC_MKDEV(major,minor);
08304 }
08305 #endif
08306 if( !rsbac_no_delay_init
08307 && ( ( !RSBAC_MAJOR(rsbac_delayed_root)
08308 && !RSBAC_MINOR(rsbac_delayed_root)
08309 && (MAJOR(sb_p->s_dev) > 1)
08310 )
08311 || ( ( RSBAC_MAJOR(rsbac_delayed_root)
08312 || RSBAC_MINOR(rsbac_delayed_root)
08313 )
08314 && ( (MAJOR(sb_p->s_dev) == RSBAC_MAJOR(rsbac_delayed_root))
08315 && ( !RSBAC_MINOR(rsbac_delayed_root)
08316 || (MINOR(sb_p->s_dev) == RSBAC_MINOR(rsbac_delayed_root))
08317 )
08318 )
08319 )
08320 )
08321 )
08322 {
08323 if(RSBAC_MAJOR(rsbac_delayed_root) || RSBAC_MINOR(rsbac_delayed_root))
08324 {
08325 rsbac_printk(KERN_INFO
08326 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
08327 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
08328 RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root));
08329 }
08330 else
08331 {
08332 rsbac_printk(KERN_INFO
08333 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
08334 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08335 }
08336 rsbac_init(sb_p->s_dev);
08337 return 0;
08338 }
08339 #endif
08340
08341 rsbac_printk(KERN_WARNING
08342 "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
08343 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08344
08345 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08346 if( (sb_p->s_magic == SYSFS_MAGIC)
08347 && !RSBAC_MAJOR(sb_p->s_dev)
08348 )
08349 {
08350 rsbac_printk(KERN_WARNING
08351 "rsbac_mount(): sysfs mount detected, keeping values for later use\n");
08352 sysfs_sb_p = sb_p;
08353 sysfs_covered_p = d_covers;
08354 }
08355 #endif
08356 #ifdef CONFIG_DEVFS_MOUNT
08357 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
08358 && !RSBAC_MAJOR(sb_p->s_dev)
08359 )
08360 {
08361 rsbac_printk(KERN_WARNING
08362 "rsbac_mount(): devfs mount detected, keeping values for later use\n");
08363 devfs_sb_p = sb_p;
08364 devfs_covered_p = d_covers;
08365 }
08366 #endif
08367 return(-RSBAC_ENOTINITIALIZED);
08368 }
08369 #ifdef CONFIG_RSBAC_DEBUG
08370 if (rsbac_debug_ds)
08371 {
08372 rsbac_printk(KERN_DEBUG "rsbac_mount(): mounting device %02u:%02u\n",
08373 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08374 }
08375 if(rsbac_debug_stack)
08376 {
08377 unsigned long * n = (unsigned long *) (current+1);
08378
08379 while (!*n)
08380 n++;
08381 rsbac_printk(KERN_DEBUG "rsbac_mount: free stack: %lu\n",
08382 (unsigned long) n - (unsigned long)(current+1));
08383 }
08384 #endif
08385 down(&rsbac_write_sem);
08386 old_no_write = rsbac_debug_no_write;
08387 rsbac_debug_no_write = TRUE;
08388 up(&rsbac_write_sem);
08389 /* wait for read access to device_list_head */
08390 rsbac_read_lock(&device_list_head.lock, &flags);
08391 device_p = lookup_device(sb_p->s_dev);
08392 /* repeated mount? */
08393 if(device_p)
08394 {
08395 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n",
08396 device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08397 device_p->mount_count++;
08398 if( d_covers
08399 && !device_p->d_covers
08400 && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev))
08401 && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev))
08402 )
08403 {
08404 rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
08405 d_covers);
08406 device_p->d_covers = d_covers;
08407 }
08408 rsbac_read_unlock(&device_list_head.lock, &flags);
08409 }
08410 else
08411 {
08412 rsbac_read_unlock(&device_list_head.lock, &flags);
08413 /* OK, go on */
08414 new_device_p = create_device_item(sb_p, d_covers);
08415 #ifdef CONFIG_RSBAC_DEBUG
08416 if(rsbac_debug_stack)
08417 {
08418 unsigned long * n = (unsigned long *) (current+1);
08419
08420 while (!*n)
08421 n++;
08422 rsbac_printk(KERN_DEBUG "rsbac_mount: after creating device item: free stack: %lu\n",
08423 (unsigned long) n - (unsigned long)(current+1));
08424 }
08425 #endif
08426 if(!new_device_p)
08427 {
08428 rsbac_debug_no_write = old_no_write;
08429 return -RSBAC_ECOULDNOTADDDEVICE;
08430 }
08431
08432 rsbac_read_lock(&device_list_head.lock, &flags);
08433 /* make sure to only add, if this device item has not been added in the meantime */
08434 device_p = lookup_device(sb_p->s_dev);
08435 if(device_p)
08436 {
08437 rsbac_printk(KERN_WARNING
08438 "rsbac_mount(): mount race for device %02u:%02u detected!\n",
08439 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08440 device_p->mount_count++;
08441 rsbac_read_unlock(&device_list_head.lock, &flags);
08442 clear_device_item(new_device_p);
08443 }
08444 else
08445 {
08446 rsbac_read_unlock(&device_list_head.lock, &flags);
08447 rsbac_write_lock(&device_list_head.lock, &flags);
08448 device_p = add_device_item(new_device_p);
08449 rsbac_write_unlock(&device_list_head.lock, &flags);
08450 if(!device_p)
08451 {
08452 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n",
08453 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08454 clear_device_item(new_device_p);
08455 rsbac_debug_no_write = old_no_write;
08456 return -RSBAC_ECOULDNOTADDDEVICE;
08457 }
08458 }
08459
08460 /* Generic lists */
08461 rsbac_list_mount(sb_p->s_dev);
08462 /* we do not lock device head - we know the device_p and hope for the best... */
08463 /* also, we are within kernel mount sem */
08464 if((err = register_fd_lists(new_device_p, sb_p->s_dev)))
08465 {
08466 char * tmp;
08467
08468 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
08469 if(tmp)
08470 {
08471 rsbac_printk(KERN_WARNING
08472 "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
08473 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), get_error_name(tmp,err));
08474 rsbac_kfree(tmp);
08475 }
08476 }
08477 #ifdef CONFIG_RSBAC_DEBUG
08478 if(rsbac_debug_stack)
08479 {
08480 unsigned long * n = (unsigned long *) (current+1);
08481
08482 while (!*n)
08483 n++;
08484 rsbac_printk(KERN_DEBUG "rsbac_mount: after registering fd lists: free stack: %lu\n",
08485 (unsigned long) n - (unsigned long)(current+1));
08486 }
08487 #endif
08488 }
08489
08490 /* call other mount functions */
08491 /****** MAC *******/
08492 #if defined(CONFIG_RSBAC_MAC)
08493 rsbac_mount_mac(sb_p->s_dev);
08494 #ifdef CONFIG_RSBAC_DEBUG
08495 if(rsbac_debug_stack)
08496 {
08497 unsigned long * n = (unsigned long *) (current+1);
08498
08499 while (!*n)
08500 n++;
08501 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_mac: free stack: %lu\n",
08502 (unsigned long) n - (unsigned long)(current+1));
08503 }
08504 #endif
08505 #endif
08506 /****** AUTH *******/
08507 #if defined(CONFIG_RSBAC_AUTH)
08508 rsbac_mount_auth(sb_p->s_dev);
08509 #ifdef CONFIG_RSBAC_DEBUG
08510 if(rsbac_debug_stack)
08511 {
08512 unsigned long * n = (unsigned long *) (current+1);
08513
08514 while (!*n)
08515 n++;
08516 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_auth: free stack: %lu\n",
08517 (unsigned long) n - (unsigned long)(current+1));
08518 }
08519 #endif
08520 #endif
08521 /****** ACL *******/
08522 #if defined(CONFIG_RSBAC_ACL)
08523 rsbac_mount_acl(sb_p->s_dev);
08524 #ifdef CONFIG_RSBAC_DEBUG
08525 if(rsbac_debug_stack)
08526 {
08527 unsigned long * n = (unsigned long *) (current+1);
08528
08529 while (!*n)
08530 n++;
08531 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_acl: free stack: %lu\n",
08532 (unsigned long) n - (unsigned long)(current+1));
08533 }
08534 #endif
08535 #endif
08536 /****** REG *******/
08537 #if defined(CONFIG_RSBAC_REG)
08538 rsbac_mount_reg(sb_p->s_dev);
08539 #ifdef CONFIG_RSBAC_DEBUG
08540 if(rsbac_debug_stack)
08541 {
08542 unsigned long * n = (unsigned long *) (current+1);
08543
08544 while (!*n)
08545 n++;
08546 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_reg: free stack: %lu\n",
08547 (unsigned long) n - (unsigned long)(current+1));
08548 }
08549 #endif
08550 #endif /* REG */
08551
08552 rsbac_debug_no_write = old_no_write;
08553 return(err);
08554 }
|
|
|
Definition at line 2652 of file aci_data_structures.c. References NULL. Referenced by read_info(), read_list(), read_lol_list(), and rsbac_write_close(). 02653 {
02654 /* cleanup copied from __fput */
02655 struct dentry * dentry = file_p->f_dentry;
02656 struct inode * inode = dentry->d_inode;
02657
02658 if (file_p->f_op && file_p->f_op->release)
02659 file_p->f_op->release(inode, file_p);
02660 file_p->f_dentry = NULL;
02661 if (file_p->f_mode & FMODE_WRITE)
02662 put_write_access(inode);
02663 dput(dentry);
02664 }
|
|
||||||||||||||||
|
Definition at line 2160 of file aci_data_structures.c. References FALSE, init_private_file(), lookup_aci_path_dentry(), NULL, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_ENOTFOUND, RSBAC_EREADFAILED, rsbac_kfree(), rsbac_kmalloc(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, and rsbac_printk(). Referenced by read_info(), read_list(), and read_lol_list(). 02163 {
02164 struct dentry * dir_dentry_p;
02165 struct dentry * file_dentry_p;
02166 int tmperr, err;
02167
02168 if(!name || !file_p)
02169 {
02170 #ifdef CONFIG_RSBAC_DEBUG
02171 if (rsbac_debug_ds)
02172 {
02173 rsbac_printk(KERN_DEBUG "rsbac_read_open(): called with NULL pointer!");
02174 }
02175 #endif
02176 return(-RSBAC_EINVALIDPOINTER);
02177 }
02178
02179 /* lookup dentry of ACI_PATH on root device, lock is released there */
02180 if ((err=lookup_aci_path_dentry(NULL, &dir_dentry_p, FALSE, kdev)))
02181 {
02182 return(err);
02183 }
02184
02185 /* open file for reading - this must be done 'by hand', because */
02186 /* standard system calls are now extended by rsbac decision calls. */
02187 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02188 if (!file_dentry_p || IS_ERR (file_dentry_p))
02189 { /* error in lookup */
02190 return(-RSBAC_EREADFAILED);
02191 }
02192 if (!file_dentry_p->d_inode)
02193 { /* file not found: trying backup */
02194 char * bname;
02195 int name_len = strlen(name);
02196
02197 dput(file_dentry_p);
02198 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02199 if(!bname)
02200 {
02201 return -RSBAC_ENOMEM;
02202 }
02203
02204 strcpy(bname,name);
02205 bname[name_len] = 'b';
02206 name_len++;
02207 bname[name_len] = (char) 0;
02208 #ifdef CONFIG_RSBAC_DEBUG
02209 if (rsbac_debug_ds)
02210 {
02211 rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup file %s, trying backup %s\n",
02212 name,bname);
02213 }
02214 #endif
02215 file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname));
02216 rsbac_kfree(bname);
02217 if (!file_dentry_p || IS_ERR (file_dentry_p))
02218 { /* error in lookup */
02219 return(-RSBAC_EREADFAILED);
02220 }
02221 if (!file_dentry_p->d_inode)
02222 { /* backup file also not found: return error */
02223 #ifdef CONFIG_RSBAC_DEBUG
02224 if (rsbac_debug_ds)
02225 {
02226 rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup backup file %sb\n",
02227 name);
02228 }
02229 #endif
02230 dput(file_dentry_p);
02231 return(-RSBAC_ENOTFOUND);
02232 }
02233 }
02234 if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) )
02235 { /* this is not a file! -> error! */
02236 rsbac_printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n");
02237 dput(file_dentry_p);
02238 return(-RSBAC_EREADFAILED);
02239 }
02240
02241 /* Now we fill the file structure and */
02242 /* if there is an open func for this file, use it, otherwise ignore */
02243 if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY)))
02244 {
02245 dput(file_dentry_p);
02246 rsbac_printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n", name);
02247 return -RSBAC_EREADFAILED;
02248 }
02249
02250 /* if there is no read func, we get a problem -> error */
02251 if ((!file_p->f_op) || (!file_p->f_op->read))
02252 {
02253 if (!file_p->f_op)
02254 {
02255 rsbac_printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n", name);
02256 }
02257 else
02258 {
02259 rsbac_printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n", name);
02260 if (file_p->f_op->release)
02261 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02262 }
02263 dput(file_dentry_p);
02264 return -RSBAC_EREADFAILED;
02265 }
02266 return 0;
02267 } /* end of rsbac_read_open_device_p */
|
|
|
Definition at line 8721 of file aci_data_structures.c. References dev_handles, dev_major_handles, device_list_head, ipc_handles, process_handles, rsbac_adf_request_count, rsbac_adf_set_attr_count, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_count(), rsbac_printk(), rsbac_stats_acl(), rsbac_stats_auth(), rsbac_stats_pm(), rsbac_stats_rc(), T_DEV, T_DIR, T_FIFO, T_FILE, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SCD, T_SYMLINK, T_USER, and user_handles. Referenced by sys_rsbac_stats(). 08722 {
08723 struct rsbac_device_list_item_t * device_p;
08724 int i;
08725 u_long fd_count = 0, fd_sum = 0;
08726 u_long dev_sum = 0;
08727 u_long ipc_sum = 0;
08728 u_long user_sum = 0;
08729 u_long process_sum = 0;
08730 #if defined(CONFIG_RSBAC_UM)
08731 u_long group_sum = 0;
08732 #endif
08733 #if defined(CONFIG_RSBAC_NET_OBJ)
08734 u_long nettemp_sum = 0;
08735 u_long lnetobj_sum = 0;
08736 u_long rnetobj_sum = 0;
08737 #endif
08738 u_long total_sum = 0;
08739 long tmp_count;
08740 u_long dflags;
08741
08742 if (!rsbac_initialized)
08743 {
08744 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n");
08745 return(-RSBAC_ENOTINITIALIZED);
08746 }
08747 /* wait for read access to device_list_head */
08748 rsbac_read_lock(&device_list_head.lock, &dflags);
08749 /* OK, go on */
08750 /* rsbac_printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n",
08751 device_list_head.lock.lock); */
08752 device_p = device_list_head.head;
08753 while (device_p)
08754 { /* for all sublists */
08755 fd_count = 0;
08756 for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++)
08757 {
08758 tmp_count = rsbac_list_count(device_p->handles.gen[i]);
08759 if(tmp_count > 0)
08760 fd_count+=tmp_count;
08761 }
08762 rsbac_printk(KERN_INFO "Device %02u:%02u fd_items: %lu GEN",
08763 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count);
08764 fd_sum += fd_count;
08765
08766 #if defined(CONFIG_RSBAC_MAC)
08767 fd_count = 0;
08768 for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++)
08769 {
08770 tmp_count = rsbac_list_count(device_p->handles.mac[i]);
08771 if(tmp_count > 0)
08772 fd_count+=tmp_count;
08773 }
08774 rsbac_printk(", %lu MAC",
08775 fd_count);
08776 fd_sum += fd_count;
08777 #endif
08778
08779 #if defined(CONFIG_RSBAC_PM)
08780 fd_count = 0;
08781 for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++)
08782 {
08783 tmp_count = rsbac_list_count(device_p->handles.pm[i]);
08784 if(tmp_count > 0)
08785 fd_count+=tmp_count;
08786 }
08787 rsbac_printk(", %lu PM",
08788 fd_count);
08789 fd_sum += fd_count;
08790 #endif
08791
08792 #if defined(CONFIG_RSBAC_DAZ)
08793 fd_count = 0;
08794 for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++)
08795 {
08796 tmp_count = rsbac_list_count(device_p->handles.daz[i]);
08797 if(tmp_count > 0)
08798 fd_count+=tmp_count;
08799 }
08800 rsbac_printk(", %lu DAZ",
08801 fd_count);
08802 fd_sum += fd_count;
08803 #if defined(CONFIG_RSBAC_DAZ_CACHE)
08804 fd_count = 0;
08805 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
08806 {
08807 tmp_count = rsbac_list_count(device_p->handles.dazs[i]);
08808 if(tmp_count > 0)
08809 fd_count+=tmp_count;
08810 }
08811 rsbac_printk(", %lu DAZ_SCANNED",
08812 fd_count);
08813 fd_sum += fd_count;
08814 #endif
08815 #endif
08816
08817 #if defined(CONFIG_RSBAC_FF)
08818 fd_count = 0;
08819 for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++)
08820 {
08821 tmp_count = rsbac_list_count(device_p->handles.ff[i]);
08822 if(tmp_count > 0)
08823 fd_count+=tmp_count;
08824 }
08825 rsbac_printk(", %lu FF",
08826 fd_count);
08827 fd_sum += fd_count;
08828 #endif
08829
08830 #if defined(CONFIG_RSBAC_RC)
08831 fd_count = 0;
08832 for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++)
08833 {
08834 tmp_count = rsbac_list_count(device_p->handles.rc[i]);
08835 if(tmp_count > 0)
08836 fd_count+=tmp_count;
08837 }
08838 rsbac_printk(", %lu RC",
08839 fd_count);
08840 fd_sum += fd_count;
08841 #endif
08842
08843 #if defined(CONFIG_RSBAC_AUTH)
08844 fd_count = 0;
08845 for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++)
08846 {
08847 tmp_count = rsbac_list_count(device_p->handles.auth[i]);
08848 if(tmp_count > 0)
08849 fd_count+=tmp_count;
08850 }
08851 rsbac_printk(", %lu AUTH",
08852 fd_count);
08853 fd_sum += fd_count;
08854 #endif
08855
08856 #if defined(CONFIG_RSBAC_CAP)
08857 fd_count = 0;
08858 for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++)
08859 {
08860 tmp_count = rsbac_list_count(device_p->handles.cap[i]);
08861 if(tmp_count > 0)
08862 fd_count+=tmp_count;
08863 }
08864 rsbac_printk(", %lu CAP",
08865 fd_count);
08866 fd_sum += fd_count;
08867 #endif
08868 #if defined(CONFIG_RSBAC_RES)
08869 fd_count = 0;
08870 for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++)
08871 {
08872 tmp_count = rsbac_list_count(device_p->handles.res[i]);
08873 if(tmp_count > 0)
08874 fd_count+=tmp_count;
08875 }
08876 rsbac_printk(", %lu RES",
08877 fd_count);
08878 fd_sum += fd_count;
08879 #endif
08880 #if defined(CONFIG_RSBAC_PAX)
08881 fd_count = 0;
08882 for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++)
08883 {
08884 tmp_count = rsbac_list_count(device_p->handles.pax[i]);
08885 if(tmp_count > 0)
08886 fd_count+=tmp_count;
08887 }
08888 rsbac_printk(", %lu PAX",
08889 fd_count);
08890 fd_sum += fd_count;
08891 #endif
08892
08893 rsbac_printk("\n");
08894 device_p = device_p->next;
08895 }
08896 rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
08897 device_list_head.count, fd_sum);
08898 /* free access to device_list_head */
08899 rsbac_read_unlock(&device_list_head.lock, &dflags);
08900 total_sum += fd_sum;
08901
08902 /* dev lists */
08903 tmp_count = rsbac_list_count(dev_handles.gen);
08904 rsbac_printk(KERN_INFO "DEV items: %lu GEN",
08905 tmp_count);
08906 dev_sum += tmp_count;
08907 #if defined(CONFIG_RSBAC_MAC)
08908 tmp_count = rsbac_list_count(dev_handles.mac);
08909 rsbac_printk(", %lu MAC",
08910 tmp_count);
08911 dev_sum += tmp_count;
08912 #endif
08913 #if defined(CONFIG_RSBAC_PM)
08914 tmp_count = rsbac_list_count(dev_handles.pm);
08915 rsbac_printk(", %lu PM",
08916 tmp_count);
08917 dev_sum += tmp_count;
08918 #endif
08919 #if defined(CONFIG_RSBAC_RC)
08920 tmp_count = rsbac_list_count(dev_major_handles.rc);
08921 rsbac_printk(", %lu major RC",
08922 tmp_count);
08923 dev_sum += tmp_count;
08924 tmp_count = rsbac_list_count(dev_handles.rc);
08925 rsbac_printk(", %lu RC",
08926 tmp_count);
08927 dev_sum += tmp_count;
08928 #endif
08929 rsbac_printk("\n");
08930 rsbac_printk(KERN_INFO "Sum of %lu DEV items\n",
08931 dev_sum);
08932 total_sum += dev_sum;
08933
08934 /* ipc lists */
08935 rsbac_printk(KERN_INFO "IPC items: no GEN");
08936 #if defined(CONFIG_RSBAC_MAC)
08937 tmp_count = rsbac_list_count(ipc_handles.mac);
08938 rsbac_printk(", %lu MAC",
08939 tmp_count);
08940 ipc_sum += tmp_count;
08941 #endif
08942 #if defined(CONFIG_RSBAC_PM)
08943 tmp_count = rsbac_list_count(ipc_handles.pm);
08944 rsbac_printk(", %lu PM",
08945 tmp_count);
08946 ipc_sum += tmp_count;
08947 #endif
08948 #if defined(CONFIG_RSBAC_RC)
08949 tmp_count = rsbac_list_count(ipc_handles.rc);
08950 rsbac_printk(", %lu RC",
08951 tmp_count);
08952 ipc_sum += tmp_count;
08953 #endif
08954 #if defined(CONFIG_RSBAC_JAIL)
08955 tmp_count = rsbac_list_count(ipc_handles.jail);
08956 rsbac_printk(", %lu JAIL",
08957 tmp_count);
08958 ipc_sum += tmp_count;
08959 #endif
08960 rsbac_printk("\n");
08961 rsbac_printk(KERN_INFO "Sum of %lu IPC items\n",
08962 ipc_sum);
08963 total_sum += ipc_sum;
08964
08965 /* user lists */
08966 tmp_count = rsbac_list_count(user_handles.gen);
08967 rsbac_printk(KERN_INFO "USER items: %lu GEN",
08968 tmp_count);
08969 user_sum += tmp_count;
08970 #if defined(CONFIG_RSBAC_MAC)
08971 tmp_count = rsbac_list_count(user_handles.mac);
08972 rsbac_printk(", %lu MAC",
08973 tmp_count);
08974 user_sum += tmp_count;
08975 #endif
08976 #if defined(CONFIG_RSBAC_PM)
08977 tmp_count = rsbac_list_count(user_handles.pm);
08978 rsbac_printk(", %lu PM",
08979 tmp_count);
08980 user_sum += tmp_count;
08981 #endif
08982 #if defined(CONFIG_RSBAC_DAZ)
08983 tmp_count = rsbac_list_count(user_handles.daz);
08984 rsbac_printk(", %lu DAZ",
08985 tmp_count);
08986 user_sum += tmp_count;
08987 #endif
08988 #if defined(CONFIG_RSBAC_RC)
08989 tmp_count = rsbac_list_count(user_handles.rc);
08990 rsbac_printk(", %lu RC",
08991 tmp_count);
08992 user_sum += tmp_count;
08993 #endif
08994 #if defined(CONFIG_RSBAC_AUTH)
08995 tmp_count = rsbac_list_count(user_handles.auth);
08996 rsbac_printk(", %lu AUTH",
08997 tmp_count);
08998 user_sum += tmp_count;
08999 #endif
09000 #if defined(CONFIG_RSBAC_CAP)
09001 tmp_count = rsbac_list_count(user_handles.cap);
09002 rsbac_printk(", %lu CAP",
09003 tmp_count);
09004 user_sum += tmp_count;
09005 #endif
09006 #if defined(CONFIG_RSBAC_JAIL)
09007 tmp_count = rsbac_list_count(user_handles.jail);
09008 rsbac_printk(", %lu JAIL",
09009 tmp_count);
09010 user_sum += tmp_count;
09011 #endif
09012 #if defined(CONFIG_RSBAC_RES)
09013 tmp_count = rsbac_list_count(user_handles.res);
09014 rsbac_printk(", %lu RES",
09015 tmp_count);
09016 user_sum += tmp_count;
09017 #endif
09018 #if defined(CONFIG_RSBAC_PAX)
09019 tmp_count = rsbac_list_count(user_handles.pax);
09020 rsbac_printk(", %lu PAX",
09021 tmp_count);
09022 user_sum += tmp_count;
09023 #endif
09024 rsbac_printk("\n");
09025 rsbac_printk(KERN_INFO "Sum of %lu USER items\n",
09026 user_sum);
09027 total_sum += user_sum;
09028
09029 /* process lists */
09030 tmp_count = 0;
09031 for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++)
09032 tmp_count += rsbac_list_count(process_handles.gen[i]);
09033 rsbac_printk(KERN_INFO "PROCESS items: %lu GEN",
09034 tmp_count);
09035 process_sum += tmp_count;
09036 #if defined(CONFIG_RSBAC_MAC)
09037 tmp_count = 0;
09038 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
09039 tmp_count += rsbac_list_count(process_handles.mac[i]);
09040 rsbac_printk(", %lu MAC",
09041 tmp_count);
09042 process_sum += tmp_count;
09043 #endif
09044 #if defined(CONFIG_RSBAC_PM)
09045 tmp_count = rsbac_list_count(process_handles.pm);
09046 rsbac_printk(", %lu PM",
09047 tmp_count);
09048 process_sum += tmp_count;
09049 #endif
09050 #if defined(CONFIG_RSBAC_DAZ)
09051 tmp_count = rsbac_list_count(process_handles.daz);
09052 rsbac_printk(", %lu DAZ",
09053 tmp_count);
09054 process_sum += tmp_count;
09055 #endif
09056 #if defined(CONFIG_RSBAC_RC)
09057 tmp_count = 0;
09058 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
09059 tmp_count += rsbac_list_count(process_handles.rc[i]);
09060 rsbac_printk(", %lu RC",
09061 tmp_count);
09062 process_sum += tmp_count;
09063 #endif
09064 #if defined(CONFIG_RSBAC_AUTH)
09065 tmp_count = rsbac_list_count(process_handles.auth);
09066 rsbac_printk(", %lu AUTH",
09067 tmp_count);
09068 process_sum += tmp_count;
09069 #endif
09070 #if defined(CONFIG_RSBAC_CAP)
09071 tmp_count = rsbac_list_count(process_handles.cap);
09072 rsbac_printk(", %lu CAP",
09073 tmp_count);
09074 process_sum += tmp_count;
09075 #endif
09076 #if defined(CONFIG_RSBAC_JAIL)
09077 tmp_count = 0;
09078 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
09079 tmp_count += rsbac_list_count(process_handles.jail[i]);
09080 rsbac_printk(", %lu JAIL",
09081 tmp_count);
09082 process_sum += tmp_count;
09083 #endif
09084 rsbac_printk("\n");
09085 rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n",
09086 process_sum);
09087 total_sum += process_sum;
09088
09089 #if defined(CONFIG_RSBAC_UM)
09090 /* group lists */
09091 rsbac_printk(KERN_INFO "GROUP items: ");
09092 #if defined(CONFIG_RSBAC_RC_UM_PROT)
09093 tmp_count = rsbac_list_count(group_handles.rc);
09094 rsbac_printk("%lu RC",
09095 tmp_count);
09096 user_sum += tmp_count;
09097 #endif
09098 rsbac_printk("\n");
09099 rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n",
09100 group_sum);
09101 total_sum += group_sum;
09102 #endif
09103
09104 #if defined(CONFIG_RSBAC_NET_OBJ)
09105 /* nettemp lists */
09106 rsbac_printk(KERN_INFO "NETTEMP items: ");
09107 #if defined(CONFIG_RSBAC_MAC)
09108 tmp_count = rsbac_list_count(nettemp_handles.mac);
09109 rsbac_printk("%lu MAC, ",
09110 tmp_count);
09111 nettemp_sum += tmp_count;
09112 #endif
09113 #if defined(CONFIG_RSBAC_PM)
09114 tmp_count = rsbac_list_count(nettemp_handles.pm);
09115 rsbac_printk("%lu PM, ",
09116 tmp_count);
09117 nettemp_sum += tmp_count;
09118 #endif
09119 #if defined(CONFIG_RSBAC_RC)
09120 tmp_count = rsbac_list_count(nettemp_handles.rc);
09121 rsbac_printk("%lu RC, ",
09122 tmp_count);
09123 nettemp_sum += tmp_count;
09124 #endif
09125 rsbac_printk("\n");
09126 rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n",
09127 nettemp_sum);
09128 total_sum += nettemp_sum;
09129
09130 /* local netobj lists */
09131 rsbac_printk(KERN_INFO "Local NETOBJ items:");
09132 #if defined(CONFIG_RSBAC_MAC)
09133 tmp_count = rsbac_list_count(lnetobj_handles.mac);
09134 rsbac_printk(" %lu MAC,",
09135 tmp_count);
09136 lnetobj_sum += tmp_count;
09137 #endif
09138 #if defined(CONFIG_RSBAC_PM)
09139 tmp_count = rsbac_list_count(lnetobj_handles.pm);
09140 rsbac_printk(" %lu PM,",
09141 tmp_count);
09142 lnetobj_sum += tmp_count;
09143 #endif
09144 #if defined(CONFIG_RSBAC_RC)
09145 tmp_count = rsbac_list_count(lnetobj_handles.rc);
09146 rsbac_printk(" %lu RC",
09147 tmp_count);
09148 lnetobj_sum += tmp_count;
09149 #endif
09150 rsbac_printk("\n");
09151 rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n",
09152 lnetobj_sum);
09153 total_sum += lnetobj_sum;
09154
09155 /* remote netobj lists */
09156 rsbac_printk(KERN_INFO "Remote NETOBJ items:");
09157 #if defined(CONFIG_RSBAC_MAC)
09158 tmp_count = rsbac_list_count(rnetobj_handles.mac);
09159 rsbac_printk(" %lu MAC,",
09160 tmp_count);
09161 rnetobj_sum += tmp_count;
09162 #endif
09163 #if defined(CONFIG_RSBAC_PM)
09164 tmp_count = rsbac_list_count(rnetobj_handles.pm);
09165 rsbac_printk(" %lu PM,",
09166 tmp_count);
09167 rnetobj_sum += tmp_count;
09168 #endif
09169 #if defined(CONFIG_RSBAC_RC)
09170 tmp_count = rsbac_list_count(rnetobj_handles.rc);
09171 rsbac_printk(" %lu RC",
09172 tmp_count);
09173 rnetobj_sum += tmp_count;
09174 #endif
09175 rsbac_printk("\n");
09176 rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n",
09177 rnetobj_sum);
09178 total_sum += rnetobj_sum;
09179 #endif /* NET_OBJ */
09180
09181 rsbac_printk(KERN_INFO
09182 "Total of %lu registered rsbac-items\n",
09183 total_sum);
09184
09185 rsbac_printk(KERN_INFO
09186 "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
09187 rsbac_adf_request_count[T_FILE],
09188 rsbac_adf_request_count[T_DIR],
09189 rsbac_adf_request_count[T_FIFO],
09190 rsbac_adf_request_count[T_SYMLINK],
09191 rsbac_adf_request_count[T_DEV],
09192 rsbac_adf_request_count[T_IPC],
09193 rsbac_adf_request_count[T_SCD],
09194 rsbac_adf_request_count[T_USER],
09195 rsbac_adf_request_count[T_PROCESS],
09196 rsbac_adf_request_count[T_NETDEV],
09197 rsbac_adf_request_count[T_NETTEMP],
09198 rsbac_adf_request_count[T_NETOBJ]);
09199 rsbac_printk(KERN_INFO
09200 "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
09201 rsbac_adf_set_attr_count[T_FILE],
09202 rsbac_adf_set_attr_count[T_DIR],
09203 rsbac_adf_set_attr_count[T_FIFO],
09204 rsbac_adf_set_attr_count[T_SYMLINK],
09205 rsbac_adf_set_attr_count[T_DEV],
09206 rsbac_adf_set_attr_count[T_IPC],
09207 rsbac_adf_set_attr_count[T_SCD],
09208 rsbac_adf_set_attr_count[T_USER],
09209 rsbac_adf_set_attr_count[T_PROCESS],
09210 rsbac_adf_set_attr_count[T_NETDEV],
09211 rsbac_adf_set_attr_count[T_NETTEMP],
09212 rsbac_adf_set_attr_count[T_NETOBJ]);
09213
09214 #if defined(CONFIG_RSBAC_PM)
09215 rsbac_stats_pm();
09216 #endif
09217 #if defined(CONFIG_RSBAC_RC)
09218 rsbac_stats_rc();
09219 #endif
09220 #if defined(CONFIG_RSBAC_AUTH)
09221 rsbac_stats_auth();
09222 #endif
09223 #if defined(CONFIG_RSBAC_ACL)
09224 rsbac_stats_acl();
09225 #endif
09226 return(0);
09227 }
|
|
||||||||||||||||||||||||||||||||
|
Definition at line 12133 of file aci_data_structures.c. References rsbac_target_id_t::dev, get_attr_dev(), get_attr_fd(), get_attr_ipc(), get_attr_process(), get_attr_user(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, and T_USER. Referenced by rsbac_pm(), sys_rsbac_get_attr(), and sys_rsbac_get_attr_n(). 12141 {
12142 int err = 0;
12143
12144 if (!rsbac_initialized)
12145 {
12146 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n");
12147 return(-RSBAC_ENOTINITIALIZED);
12148 }
12149 if (!value)
12150 return(-RSBAC_EINVALIDPOINTER);
12151 if (in_interrupt())
12152 {
12153 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n");
12154 }
12155 #ifdef CONFIG_RSBAC_XSTATS
12156 get_attr_count[target]++;
12157 #endif
12158 switch (target)
12159 {
12160 case T_FILE:
12161 case T_DIR:
12162 case T_FIFO:
12163 case T_SYMLINK:
12164 return get_attr_fd(ta_number, module, target, &tid,
12165 attr, value, inherit);
12166
12167 case T_DEV:
12168 return get_attr_dev(ta_number, module, target, tid.dev,
12169 attr, value, inherit);
12170
12171 case T_IPC:
12172 return get_attr_ipc(ta_number, module, target, &tid,
12173 attr, value, inherit);
12174
12175 case T_USER:
12176 return get_attr_user(ta_number, module, target, &tid,
12177 attr, value, inherit);
12178
12179 case T_PROCESS:
12180 return get_attr_process(ta_number, module, target, &tid,
12181 attr, value, inherit);
12182
12183 #ifdef CONFIG_RSBAC_UM
12184 case T_GROUP:
12185 return get_attr_group(ta_number, module, target, &tid,
12186 attr, value, inherit);
12187 #endif /* CONFIG_RSBAC_UM */
12188
12189 #ifdef CONFIG_RSBAC_NET_DEV
12190 case T_NETDEV:
12191 return get_attr_netdev(ta_number, module, target, &tid,
12192 attr, value, inherit);
12193 #endif
12194
12195 #ifdef CONFIG_RSBAC_NET_OBJ
12196 case T_NETTEMP:
12197 return get_attr_nettemp(ta_number, module, target, &tid,
12198 attr, value, inherit);
12199
12200 case T_NETOBJ:
12201 return get_attr_netobj(ta_number, module, target, &tid,
12202 attr, value, inherit);
12203 #endif /* NET_OBJ */
12204
12205 /* switch target: no valid target */
12206 default:
12207 return -RSBAC_EINVALIDTARGET;
12208 }
12209
12210 return err;
12211 } /* end of rsbac_get_attr() */
|
|
||||||||||||
|
Definition at line 14867 of file aci_data_structures.c. References D_block, D_block_major, dev_handles, dev_major_handles, NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_exist(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc. Referenced by sys_rsbac_list_all_dev(). 14868 {
14869 int count=0;
14870 int tmp_count;
14871
14872 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen);
14873 if(tmp_count > 0)
14874 count += tmp_count;
14875 #if defined(CONFIG_RSBAC_MAC)
14876 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac);
14877 if(tmp_count > 0)
14878 count += tmp_count;
14879 #endif
14880 #if defined(CONFIG_RSBAC_PM)
14881 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm);
14882 if(tmp_count > 0)
14883 count += tmp_count;
14884 #endif
14885 #if defined(CONFIG_RSBAC_RC)
14886 tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc);
14887 if(tmp_count > 0)
14888 count += tmp_count;
14889 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc);
14890 if(tmp_count > 0)
14891 count += tmp_count;
14892 #endif
14893 if(id_pp)
14894 {
14895 struct rsbac_dev_desc_t * i_id_p = NULL;
14896 char * pos = NULL;
14897 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC)
14898 u_int i;
14899 #endif
14900
14901 if(count > 0)
14902 {
14903 int i_count = 0;
14904
14905 i_count = count + 20; /* max value to expect */
14906 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14907 if(!*id_pp)
14908 return -RSBAC_ENOMEM;
14909 pos = (char *) *id_pp;
14910 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14911 dev_handles.gen,
14912 (void **) &i_id_p);
14913 if(tmp_count > 0)
14914 {
14915 if(tmp_count > i_count)
14916 tmp_count = i_count;
14917 memcpy(pos, i_id_p, tmp_count * sizeof(*i_id_p));
14918 rsbac_vfree(i_id_p);
14919 count = tmp_count;
14920 i_count -= tmp_count;
14921 pos += tmp_count * sizeof(*i_id_p);
14922 }
14923 else
14924 count = 0;
14925 #if defined(CONFIG_RSBAC_MAC)
14926 if(i_count)
14927 {
14928 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.mac, (void **) &i_id_p);
14929 if(tmp_count > 0)
14930 {
14931 if(tmp_count > i_count)
14932 tmp_count = i_count;
14933 for(i=0; i< tmp_count; i++)
14934 {
14935 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14936 {
14937 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14938 pos += sizeof(*i_id_p);
14939 count++;
14940 i_count--;
14941 }
14942 }
14943 rsbac_vfree(i_id_p);
14944 }
14945 }
14946 #endif
14947 #if defined(CONFIG_RSBAC_PM)
14948 if(i_count)
14949 {
14950 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.pm, (void **) &i_id_p);
14951 if(tmp_count > 0)
14952 {
14953 if(tmp_count > i_count)
14954 tmp_count = i_count;
14955 for(i=0; i< tmp_count; i++)
14956 {
14957 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14958 #if defined(CONFIG_RSBAC_MAC)
14959 if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14960 #endif
14961 {
14962 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14963 pos += sizeof(*i_id_p);
14964 count++;
14965 i_count--;
14966 }
14967 }
14968 rsbac_vfree(i_id_p);
14969 }
14970 }
14971 #endif
14972 #if defined(CONFIG_RSBAC_RC)
14973 if(i_count)
14974 {
14975 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_major_handles.rc, (void **) &i_id_p);
14976 if(tmp_count > 0)
14977 {
14978 if(tmp_count > i_count)
14979 tmp_count = i_count;
14980 for(i=0; i< tmp_count; i++)
14981 {
14982 i_id_p[i].type += (D_block_major - D_block);
14983 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14984 pos += sizeof(*i_id_p);
14985 count++;
14986 i_count--;
14987 }
14988 rsbac_vfree(i_id_p);
14989 }
14990 }
14991 if(i_count)
14992 {
14993 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.rc, (void **) &i_id_p);
14994 if(tmp_count > 0)
14995 {
14996 if(tmp_count > i_count)
14997 tmp_count = i_count;
14998 for(i=0; i< tmp_count; i++)
14999 {
15000 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
15001 #if defined(CONFIG_RSBAC_MAC)
15002 if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
15003 #endif
15004 #if defined(CONFIG_RSBAC_PM)
15005 if(!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i]))
15006 #endif
15007 {
15008 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
15009 pos += sizeof(*i_id_p);
15010 count++;
15011 i_count--;
15012 }
15013 }
15014 rsbac_vfree(i_id_p);
15015 }
15016 }
15017 #endif
15018 if(!count)
15019 rsbac_vfree(*id_pp);
15020 }
15021 }
15022 return count;
15023 }
|
|
||||||||||||
|
Definition at line 15192 of file aci_data_structures.c. References NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, and rsbac_vmalloc. Referenced by sys_rsbac_list_all_group(). 15193 {
15194 #if defined(CONFIG_RSBAC_RC_UM_PROT)
15195 int count=0;
15196 int tmp_count;
15197
15198 tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc);
15199 if(tmp_count > 0)
15200 count += tmp_count;
15201 if(id_pp)
15202 {
15203 if(count > 0)
15204 {
15205 int i_count;
15206 rsbac_gid_t * i_id_p = NULL;
15207
15208 i_count = count + 20; /* max value to expect */
15209 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15210 if(!*id_pp)
15211 return -RSBAC_ENOMEM;
15212 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15213 group_handles.rc,
15214 (void **) &i_id_p);
15215 if(tmp_count > 0)
15216 {
15217 if(tmp_count > i_count)
15218 tmp_count = i_count;
15219 memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p));
15220 rsbac_vfree(i_id_p);
15221 count = tmp_count;
15222 i_count -= tmp_count;
15223 }
15224 else
15225 count = 0;
15226 if(!count)
15227 rsbac_vfree(*id_pp);
15228 }
15229 }
15230 return count;
15231 #else
15232 return 0;
15233 #endif
15234 }
|
|
||||||||||||
|
Definition at line 15072 of file aci_data_structures.c. References copy_new_uids(), NULL, RSBAC_ENOMEM, rsbac_ta_list_count(), rsbac_ta_list_get_all_desc(), rsbac_vfree, rsbac_vmalloc, and user_handles. Referenced by sys_rsbac_list_all_user(). 15073 {
15074 int count=0;
15075 int tmp_count;
15076
15077 tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen);
15078 if(tmp_count > 0)
15079 count += tmp_count;
15080 #if defined(CONFIG_RSBAC_MAC)
15081 tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac);
15082 if(tmp_count > 0)
15083 count += tmp_count;
15084 #endif
15085 #if defined(CONFIG_RSBAC_PM)
15086 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm);
15087 if(tmp_count > 0)
15088 count += tmp_count;
15089 #endif
15090 #if defined(CONFIG_RSBAC_DAZ)
15091 tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz);
15092 if(tmp_count > 0)
15093 count += tmp_count;
15094 #endif
15095 #if defined(CONFIG_RSBAC_FF)
15096 tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff);
15097 if(tmp_count > 0)
15098 count += tmp_count;
15099 #endif
15100 #if defined(CONFIG_RSBAC_RC)
15101 tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc);
15102 if(tmp_count > 0)
15103 count += tmp_count;
15104 #endif
15105 #if defined(CONFIG_RSBAC_AUTH)
15106 tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth);
15107 if(tmp_count > 0)
15108 count += tmp_count;
15109 #endif
15110 #if defined(CONFIG_RSBAC_CAP)
15111 tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap);
15112 if(tmp_count > 0)
15113 count += tmp_count;
15114 #endif
15115 #if defined(CONFIG_RSBAC_JAIL)
15116 tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail);
15117 if(tmp_count > 0)
15118 count += tmp_count;
15119 #endif
15120 #if defined(CONFIG_RSBAC_PAX)
15121 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax);
15122 if(tmp_count > 0)
15123 count += tmp_count;
15124 #endif
15125 #if defined(CONFIG_RSBAC_RES)
15126 tmp_count = rsbac_ta_list_count(ta_number, user_handles.res);
15127 if(tmp_count > 0)
15128 count += tmp_count;
15129 #endif
15130 if(id_pp)
15131 {
15132 if(count > 0)
15133 {
15134 int i_count;
15135 rsbac_uid_t * i_id_p = NULL;
15136
15137 i_count = count + 20; /* max value to expect */
15138 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15139 if(!*id_pp)
15140 return -RSBAC_ENOMEM;
15141 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15142 user_handles.gen,
15143 (void **) &i_id_p);
15144 if(tmp_count > 0)
15145 {
15146 if(tmp_count > i_count)
15147 tmp_count = i_count;
15148 memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p));
15149 rsbac_vfree(i_id_p);
15150 count = tmp_count;
15151 i_count -= tmp_count;
15152 }
15153 else
15154 count = 0;
15155 #if defined(CONFIG_RSBAC_MAC)
15156 copy_new_uids(user_handles.mac, ta_number, &count, &i_count, *id_pp);
15157 #endif
15158 #if defined(CONFIG_RSBAC_PM)
15159 copy_new_uids(user_handles.pm, ta_number, &count, &i_count, *id_pp);
15160 #endif
15161 #if defined(CONFIG_RSBAC_DAZ)
15162 copy_new_uids(user_handles.daz, ta_number, &count, &i_count, *id_pp);
15163 #endif
15164 #if defined(CONFIG_RSBAC_FF)
15165 copy_new_uids(user_handles.ff, ta_number, &count, &i_count, *id_pp);
15166 #endif
15167 #if defined(CONFIG_RSBAC_RC)
15168 copy_new_uids(user_handles.rc, ta_number, &count, &i_count, *id_pp);
15169 #endif
15170 #if defined(CONFIG_RSBAC_AUTH)
15171 copy_new_uids(user_handles.auth, ta_number, &count, &i_count, *id_pp);
15172 #endif
15173 #if defined(CONFIG_RSBAC_CAP)
15174 copy_new_uids(user_handles.cap, ta_number, &count, &i_count, *id_pp);
15175 #endif
15176 #if defined(CONFIG_RSBAC_JAIL)
15177 copy_new_uids(user_handles.jail, ta_number, &count, &i_count, *id_pp);
15178 #endif
15179 #if defined(CONFIG_RSBAC_PAX)
15180 copy_new_uids(user_handles.pax, ta_number, &count, &i_count, *id_pp);
15181 #endif
15182 #if defined(CONFIG_RSBAC_RES)
15183 copy_new_uids(user_handles.res, ta_number, &count, &i_count, *id_pp);
15184 #endif
15185 if(!count)
15186 rsbac_vfree(*id_pp);
15187 }
15188 }
15189 return count;
15190 }
|
|
||||||||||||||||
|
Definition at line 14431 of file aci_data_structures.c. References D_char, rsbac_target_id_t::dev, dev_handles, device_list_head, gen_fd_hash(), gen_p_hash(), rsbac_target_id_t::group, rsbac_target_id_t::ipc, ipc_handles, lookup_device(), rsbac_target_id_t::netdev, rsbac_target_id_t::netobj, rsbac_target_id_t::nettemp, NULL, rsbac_target_id_t::process, process_handles, rsbac_acl_remove_acl(), rsbac_auth_remove_f_capsets(), rsbac_auth_remove_p_capsets(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_mac_remove_f_trusets(), rsbac_mac_remove_p_trusets(), rsbac_mount(), rsbac_printk(), rsbac_ta_list_remove(), rsbac_net_obj_desc_t::sock_p, T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_NETTEMP_NT, T_PROCESS, T_SYMLINK, T_USER, rsbac_dev_desc_t::type, rsbac_target_id_t::user, and user_handles. Referenced by rsbac_pm(), sys_rsbac_remove_target(), and sys_rsbac_remove_target_n(). 14435 {
14436 int error=0;
14437 struct rsbac_device_list_item_t * device_p;
14438 u_long dflags;
14439
14440 if (!rsbac_initialized)
14441 {
14442 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n");
14443 return(-RSBAC_ENOTINITIALIZED);
14444 }
14445 if (in_interrupt())
14446 {
14447 rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n");
14448 }
14449 switch (target)
14450 {
14451 case T_FILE:
14452 case T_DIR:
14453 case T_FIFO:
14454 case T_SYMLINK:
14455 /*
14456 #ifdef CONFIG_RSBAC_DEBUG
14457 if (rsbac_debug_ds)
14458 rsbac_printk(KERN_DEBUG "%s\n",
14459 "rsbac_remove_target(): Removing file/dir/fifo/symlink ACI");
14460 #endif
14461 */
14462 #if defined(CONFIG_RSBAC_MAC)
14463 /* file and dir items can also have mac_f_trusets -> remove first */
14464 if( (target == T_FILE)
14465 || (target == T_DIR)
14466 )
14467 error = rsbac_mac_remove_f_trusets(tid.file);
14468 #endif
14469 #if defined(CONFIG_RSBAC_AUTH)
14470 /* file and dir items can also have auth_f_capsets -> remove first */
14471 if( (target == T_FILE)
14472 || (target == T_DIR)
14473 )
14474 error = rsbac_auth_remove_f_capsets(tid.file);
14475 #endif
14476 #if defined(CONFIG_RSBAC_ACL)
14477 /* items can also have an acl_fd_item -> remove first */
14478 error = rsbac_acl_remove_acl(ta_number, target, tid);
14479 #endif
14480 /* wait for read access to device_list_head */
14481 rsbac_read_lock(&device_list_head.lock, &dflags);
14482 /* OK, go on */
14483
14484 /* lookup device */
14485 device_p = lookup_device(tid.file.device);
14486 if (!device_p)
14487 {
14488 struct super_block * sb_p;
14489
14490 rsbac_read_unlock(&device_list_head.lock, &dflags);
14491 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14492 sb_p = user_get_super(tid.file.device);
14493 #else
14494 sb_p = get_super(tid.file.device);
14495 #endif
14496 if(sb_p)
14497 {
14498 rsbac_printk(KERN_INFO
14499 "rsbac_remove_target(): auto-mounting device %02u:%02u\n",
14500 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14501 rsbac_mount(sb_p, NULL);
14502 /* free super_block pointer */
14503 drop_super(sb_p);
14504 rsbac_read_lock(&device_list_head.lock, &dflags);
14505 device_p = lookup_device(tid.file.device);
14506 if (!device_p)
14507 {
14508 rsbac_printk(KERN_WARNING
14509 "rsbac_remove_target(): unknown device %02u:%02u\n",
14510 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14511 rsbac_read_unlock(&device_list_head.lock, &dflags);
14512 return -RSBAC_EINVALIDDEV;
14513 }
14514 }
14515 else
14516 return -RSBAC_EINVALIDDEV;
14517 }
14518 rsbac_ta_list_remove(ta_number,
14519 device_p->handles.gen[gen_fd_hash(tid.file.inode)],
14520 &tid.file.inode);
14521 #if defined(CONFIG_RSBAC_MAC)
14522 rsbac_ta_list_remove(ta_number,
14523 device_p->handles.mac[mac_fd_hash(tid.file.inode)],
14524 &tid.file.inode);
14525 #endif
14526 #if defined(CONFIG_RSBAC_PM)
14527 rsbac_ta_list_remove(ta_number,
14528 device_p->handles.pm[pm_fd_hash(tid.file.inode)],
14529 &tid.file.inode);
14530 #endif
14531 #if defined(CONFIG_RSBAC_DAZ)
14532 rsbac_ta_list_remove(ta_number,
14533 device_p->handles.daz[daz_fd_hash(tid.file.inode)],
14534 &tid.file.inode);
14535 #if defined(CONFIG_RSBAC_DAZ_CACHE)
14536 rsbac_ta_list_remove(ta_number,
14537 device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)],
14538 &tid.file.inode);
14539 #endif
14540 #endif
14541 #if defined(CONFIG_RSBAC_FF)
14542 rsbac_ta_list_remove(ta_number,
14543 device_p->handles.ff[ff_fd_hash(tid.file.inode)],
14544 &tid.file.inode);
14545 #endif
14546 #if defined(CONFIG_RSBAC_RC)
14547 rsbac_ta_list_remove(ta_number,
14548 device_p->handles.rc[rc_fd_hash(tid.file.inode)],
14549 &tid.file.inode);
14550 #endif
14551 #if defined(CONFIG_RSBAC_AUTH)
14552 rsbac_ta_list_remove(ta_number,
14553 device_p->handles.auth[auth_fd_hash(tid.file.inode)],
14554 &tid.file.inode);
14555 #endif
14556 #if defined(CONFIG_RSBAC_CAP)
14557 rsbac_ta_list_remove(ta_number,
14558 device_p->handles.cap[cap_fd_hash(tid.file.inode)],
14559 &tid.file.inode);
14560 #endif
14561 #if defined(CONFIG_RSBAC_PAX)
14562 rsbac_ta_list_remove(ta_number,
14563 device_p->handles.pax[pax_fd_hash(tid.file.inode)],
14564 &tid.file.inode);
14565 #endif
14566 #if defined(CONFIG_RSBAC_RES)
14567 rsbac_ta_list_remove(ta_number,
14568 device_p->handles.res[res_fd_hash(tid.file.inode)],
14569 &tid.file.inode);
14570 #endif
14571
14572 /* free access to device_list_head */
14573 rsbac_read_unlock(&device_list_head.lock, &dflags);
14574 break;
14575
14576 case T_DEV:
14577 {
14578 if(tid.dev.type > D_char)
14579 return -RSBAC_EINVALIDTARGET;
14580 /*
14581 #ifdef CONFIG_RSBAC_DEBUG
14582 if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n",
14583 "rsbac_remove_target(): Removing dev ACI");
14584 #endif
14585 */
14586 rsbac_ta_list_remove(ta_number,
14587 dev_handles.gen,
14588 &tid.dev);
14589 #if defined(CONFIG_RSBAC_MAC)
14590 rsbac_ta_list_remove(ta_number,
14591 dev_handles.mac,
14592 &tid.dev);
14593 #endif
14594 #if defined(CONFIG_RSBAC_PM)
14595 rsbac_ta_list_remove(ta_number,
14596 dev_handles.pm,
14597 &tid.dev);
14598 #endif
14599 #if defined(CONFIG_RSBAC_RC)
14600 rsbac_ta_list_remove(ta_number,
14601 dev_handles.rc,
14602 &tid.dev);
14603 #endif
14604 }
14605 break;
14606
14607 case T_IPC:
14608 /*
14609 #ifdef CONFIG_RSBAC_DEBUG
14610 if (rsbac_debug_ds)
14611 rsbac_printk(KERN_DEBUG
14612 "rsbac_remove_target(): Removing ipc ACI\n");
14613 #endif
14614 */
14615 #if defined(CONFIG_RSBAC_MAC)
14616 rsbac_ta_list_remove(ta_number,
14617 ipc_handles.mac,
14618 &tid.ipc);
14619 #endif
14620 #if defined(CONFIG_RSBAC_PM)
14621 rsbac_ta_list_remove(ta_number,
14622 ipc_handles.pm,
14623 &tid.ipc);
14624 #endif
14625 #if defined(CONFIG_RSBAC_RC)
14626 rsbac_ta_list_remove(ta_number,
14627 ipc_handles.rc,
14628 &tid.ipc);
14629 #endif
14630 #if defined(CONFIG_RSBAC_JAIL)
14631 rsbac_ta_list_remove(ta_number,
14632 ipc_handles.jail,
14633 &tid.ipc);
14634 #endif
14635 break;
14636
14637 case T_USER:
14638 /*
14639 #ifdef CONFIG_RSBAC_DEBUG
14640 if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n",
14641 "rsbac_remove_target(): Removing user ACI");
14642 #endif
14643 */
14644 rsbac_ta_list_remove(ta_number,
14645 user_handles.gen,
14646 &tid.user);
14647 #if defined(CONFIG_RSBAC_MAC)
14648 rsbac_ta_list_remove(ta_number,
14649 user_handles.mac,
14650 &tid.user);
14651 #endif
14652 #if defined(CONFIG_RSBAC_PM)
14653 rsbac_ta_list_remove(ta_number,
14654 user_handles.pm,
14655 &tid.user);
14656 #endif
14657 #if defined(CONFIG_RSBAC_DAZ)
14658 rsbac_ta_list_remove(ta_number,
14659 user_handles.daz,
14660 &tid.user);
14661 #endif
14662 #if defined(CONFIG_RSBAC_FF)
14663 rsbac_ta_list_remove(ta_number,
14664 user_handles.ff,
14665 &tid.user);
14666 #endif
14667 #if defined(CONFIG_RSBAC_RC)
14668 rsbac_ta_list_remove(ta_number,
14669 user_handles.rc,
14670 &tid.user);
14671 #endif
14672 #if defined(CONFIG_RSBAC_AUTH)
14673 rsbac_ta_list_remove(ta_number,
14674 user_handles.auth,
14675 &tid.user);
14676 #endif
14677 #if defined(CONFIG_RSBAC_CAP)
14678 rsbac_ta_list_remove(ta_number,
14679 user_handles.cap,
14680 &tid.user);
14681 #endif
14682 #if defined(CONFIG_RSBAC_JAIL)
14683 rsbac_ta_list_remove(ta_number,
14684 user_handles.jail,
14685 &tid.user);
14686 #endif
14687 #if defined(CONFIG_RSBAC_PAX)
14688 rsbac_ta_list_remove(ta_number,
14689 user_handles.pax,
14690 &tid.user);
14691 #endif
14692 #if defined(CONFIG_RSBAC_RES)
14693 rsbac_ta_list_remove(ta_number,
14694 user_handles.res,
14695 &tid.user);
14696 #endif
14697 break;
14698
14699 case T_PROCESS:
14700 /* too noisy... kicked out.
14701 #ifdef CONFIG_RSBAC_DEBUG
14702 if (rsbac_debug_ds)
14703 rsbac_printk(KERN_DEBUG
14704 "rsbac_remove_target(): Removing process ACI\n");
14705 #endif
14706 */
14707 #if defined(CONFIG_RSBAC_ACL)
14708 /* process items can also have an acl_p_item -> remove first */
14709 error = rsbac_acl_remove_acl(ta_number, target, tid);
14710 #endif
14711 rsbac_ta_list_remove(ta_number,
14712 process_handles.gen[gen_p_hash(tid.process)],
14713 &tid.process);
14714 #if defined(CONFIG_RSBAC_MAC)
14715 /* process items can also have mac_p_trusets -> remove first */
14716 error = rsbac_mac_remove_p_trusets(tid.process);
14717 rsbac_ta_list_remove(ta_number,
14718 process_handles.mac[mac_p_hash(tid.process)],
14719 &tid.process);
14720 #endif
14721 #if defined(CONFIG_RSBAC_PM)
14722 rsbac_ta_list_remove(ta_number,
14723 process_handles.pm,
14724 &tid.process);
14725 #endif
14726 #if defined(CONFIG_RSBAC_DAZ)
14727 rsbac_ta_list_remove(ta_number,
14728 process_handles.daz,
14729 &tid.process);
14730 #endif
14731 #if defined(CONFIG_RSBAC_RC)
14732 rsbac_ta_list_remove(ta_number,
14733 process_handles.rc[rc_p_hash(tid.process)],
14734 &tid.process);
14735 #endif
14736 #if defined(CONFIG_RSBAC_AUTH)
14737 /* process items can also have auth_p_capsets -> remove first */
14738 error = rsbac_auth_remove_p_capsets(tid.process);
14739 rsbac_ta_list_remove(ta_number,
14740 process_handles.auth,
14741 &tid.process);
14742 #endif
14743 #if defined(CONFIG_RSBAC_CAP)
14744 rsbac_ta_list_remove(ta_number,
14745 process_handles.cap,
14746 &tid.process);
14747 #endif
14748 #if defined(CONFIG_RSBAC_JAIL)
14749 rsbac_ta_list_remove(ta_number,
14750 process_handles.jail[jail_p_hash(tid.process)],
14751 &tid.process);
14752 #endif
14753 break;
14754
14755 #ifdef CONFIG_RSBAC_UM
14756 case T_GROUP:
14757 /*
14758 #ifdef CONFIG_RSBAC_DEBUG
14759 if (rsbac_debug_ds)
14760 rsbac_printk(KERN_DEBUG
14761 "rsbac_remove_target(): Removing group ACI\n");
14762 #endif
14763 */
14764 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14765 rsbac_ta_list_remove(ta_number,
14766 group_handles.rc,
14767 &tid.group);
14768 #endif
14769 break;
14770 #endif /* CONFIG_RSBAC_UM */
14771
14772 #ifdef CONFIG_RSBAC_NET_DEV
14773 case T_NETDEV:
14774 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14775 rsbac_ta_list_remove(ta_number,
14776 netdev_handles.gen,
14777 &tid.netdev);
14778 #endif
14779 #if defined(CONFIG_RSBAC_RC)
14780 rsbac_ta_list_remove(ta_number,
14781 netdev_handles.rc,
14782 &tid.netdev);
14783 #endif
14784 break;
14785 #endif
14786
14787 #ifdef CONFIG_RSBAC_NET_OBJ
14788 case T_NETTEMP:
14789 /* too noisy... kicked out.
14790 #ifdef CONFIG_RSBAC_DEBUG
14791 if (rsbac_debug_ds)
14792 rsbac_printk(KERN_DEBUG
14793 "rsbac_remove_target(): Removing nettemp ACI\n");
14794 #endif
14795 */
14796 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14797 rsbac_ta_list_remove(ta_number,
14798 nettemp_handles.gen,
14799 &tid.nettemp);
14800 #endif
14801 #if defined(CONFIG_RSBAC_MAC)
14802 rsbac_ta_list_remove(ta_number,
14803 nettemp_handles.mac,
14804 &tid.nettemp);
14805 #endif
14806 #if defined(CONFIG_RSBAC_PM)
14807 rsbac_ta_list_remove(ta_number,
14808 nettemp_handles.pm,
14809 &tid.nettemp);
14810 #endif
14811 #if defined(CONFIG_RSBAC_RC)
14812 rsbac_ta_list_remove(ta_number,
14813 nettemp_handles.rc,
14814 &tid.nettemp);
14815 #endif
14816 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
14817 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid);
14818 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid);
14819 #endif
14820 break;
14821
14822 case T_NETOBJ:
14823 /* too noisy... kicked out.
14824 #ifdef CONFIG_RSBAC_DEBUG
14825 if (rsbac_debug_ds)
14826 rsbac_printk(KERN_DEBUG
14827 "rsbac_remove_target(): Removing netobj ACI\n");
14828 #endif
14829 */
14830 #if defined(CONFIG_RSBAC_MAC)
14831 rsbac_ta_list_remove(ta_number,
14832 lnetobj_handles.mac,
14833 &tid.netobj.sock_p);
14834 rsbac_ta_list_remove(ta_number,
14835 rnetobj_handles.mac,
14836 &tid.netobj.sock_p);
14837 #endif
14838 #if defined(CONFIG_RSBAC_PM)
14839 rsbac_ta_list_remove(ta_number,
14840 lnetobj_handles.pm,
14841 &tid.netobj.sock_p);
14842 rsbac_ta_list_remove(ta_number,
14843 rnetobj_handles.pm,
14844 &tid.netobj.sock_p);
14845 #endif
14846 #if defined(CONFIG_RSBAC_RC)
14847 rsbac_ta_list_remove(ta_number,
14848 lnetobj_handles.rc,
14849 &tid.netobj.sock_p);
14850 rsbac_ta_list_remove(ta_number,
14851 rnetobj_handles.rc,
14852 &tid.netobj.sock_p);
14853 #endif
14854 break;
14855
14856 #endif /* NET_OBJ */
14857
14858 default:
14859 return(-RSBAC_EINVALIDTARGET);
14860 }
14861 #ifdef CONFIG_RSBAC_XSTATS
14862 remove_count[target]++;
14863 #endif
14864 return(error);
14865 } /* end of rsbac_remove_target() */
|
|
||||||||||||||||||||||||||||
|
Definition at line 14348 of file aci_data_structures.c. References rsbac_target_id_t::dev, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_printk(), set_attr_dev(), set_attr_fd(), set_attr_ipc(), set_attr_process(), set_attr_user(), T_DEV, T_DIR, T_FIFO, T_FILE, T_GROUP, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SYMLINK, and T_USER. Referenced by rsbac_pm(), sys_rsbac_set_attr(), and sys_rsbac_set_attr_n(). 14355 {
14356 int err = 0;
14357 /*
14358 #ifdef CONFIG_RSBAC_DEBUG
14359 char tmp[RSBAC_MAXNAMELEN];
14360 #endif
14361 */
14362 if (!rsbac_initialized)
14363 {
14364 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n");
14365 return(-RSBAC_ENOTINITIALIZED);
14366 }
14367 if (in_interrupt())
14368 {
14369 rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n");
14370 }
14371 switch (target)
14372 {
14373 case T_FILE:
14374 case T_DIR:
14375 case T_FIFO:
14376 case T_SYMLINK:
14377 err = set_attr_fd(ta_number, module, target, &tid, attr, &value);
14378 break;
14379
14380 case T_DEV:
14381 err = set_attr_dev(ta_number, module, target, tid.dev, attr, &value);
14382 break;
14383
14384 case T_IPC:
14385 err = set_attr_ipc(ta_number, module, target, &tid, attr, &value);
14386 break;
14387
14388 case T_USER:
14389 err = set_attr_user(ta_number, module, target, &tid, attr, &value);
14390 break;
14391
14392 case T_PROCESS:
14393 err = set_attr_process(ta_number, module, target, &tid, attr, &value);
14394 break;
14395
14396 #ifdef CONFIG_RSBAC_UM
14397 case T_GROUP:
14398 err = set_attr_group(ta_number, module, target, &tid, attr, &value);
14399 break;
14400 #endif /* CONFIG_RSBAC_UM */
14401
14402 #ifdef CONFIG_RSBAC_NET_DEV
14403 case T_NETDEV:
14404 err = set_attr_netdev(ta_number, module, target, &tid, attr, &value);
14405 break;
14406 #endif
14407
14408 #ifdef CONFIG_RSBAC_NET_OBJ
14409 case T_NETTEMP:
14410 err = set_attr_nettemp(ta_number, module, target, &tid, attr, &value);
14411 break;
14412
14413 case T_NETOBJ:
14414 err = set_attr_netobj(ta_number, module, target, &tid, attr, &value);
14415 break;
14416 #endif /* NET_OBJ */
14417
14418 /* switch(target): no valid target */
14419 default:
14420 return(-RSBAC_EINVALIDTARGET);
14421 }
14422 #ifdef CONFIG_RSBAC_XSTATS
14423 if(!err)
14424 set_attr_count[target]++;
14425 #endif
14426 return(err);
14427 } /* end of rsbac_set_attr() */
|
|
||||||||||||
|
Definition at line 8559 of file aci_data_structures.c. References device_list_head, lookup_device(), NULL, remove_device_item(), rsbac_debug_no_write, RSBAC_EINVALIDPOINTER, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_umount(), rsbac_printk(), rsbac_umount_acl(), rsbac_umount_auth(), rsbac_umount_mac(), rsbac_umount_reg(), rsbac_write(), rsbac_write_sem, sysfs_covered_p, SYSFS_MAGIC, sysfs_sb_p, and TRUE. Referenced by rsbac_aef_sb_umount(). 08560 {
08561 u_long flags;
08562 struct rsbac_device_list_item_t * device_p;
08563 kdev_t kdev;
08564
08565 if(!sb_p)
08566 {
08567 rsbac_printk(KERN_WARNING
08568 "rsbac_umount(): called with NULL pointer\n");
08569 return -RSBAC_EINVALIDPOINTER;
08570 }
08571 if (!rsbac_initialized)
08572 {
08573 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
08574
08575 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08576 if( (sb_p->s_magic == SYSFS_MAGIC)
08577 && !RSBAC_MAJOR(sb_p->s_dev)
08578 && sysfs_sb_p
08579 && sysfs_covered_p
08580 )
08581 {
08582 rsbac_printk(KERN_WARNING
08583 "rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
08584 sysfs_sb_p = NULL;
08585 sysfs_covered_p = NULL;
08586 }
08587 #endif
08588 #ifdef CONFIG_DEVFS_MOUNT
08589 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
08590 && !RSBAC_MAJOR(sb_p->s_dev)
08591 && devfs_sb_p
08592 && devfs_covered_p
08593 )
08594 {
08595 rsbac_printk(KERN_WARNING
08596 "rsbac_umount(): devfs umount detected, removing auto-mount values\n");
08597 devfs_sb_p = NULL;
08598 devfs_covered_p = NULL;
08599 }
08600 #endif
08601
08602 return(-RSBAC_ENOTINITIALIZED);
08603 }
08604
08605 #ifdef CONFIG_RSBAC_DEBUG
08606 if (rsbac_debug_ds)
08607 {
08608 rsbac_printk(KERN_DEBUG "rsbac_umount(): umounting device %02u:%02u\n",
08609 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08610 }
08611 #endif
08612
08613 kdev = sb_p->s_dev;
08614
08615 /* sync attribute lists */
08616 #if defined(CONFIG_RSBAC_AUTO_WRITE)
08617 if(!rsbac_debug_no_write)
08618 {
08619 down(&rsbac_write_sem);
08620 /* recheck no_write with lock - might have been set in between */
08621 if(!rsbac_debug_no_write)
08622 {
08623 rsbac_write(TRUE);
08624 }
08625 up(&rsbac_write_sem);
08626 }
08627 #endif /* CONFIG_RSBAC_AUTO_WRITE */
08628 /* call other umount functions */
08629 /****** MAC *******/
08630 #if defined(CONFIG_RSBAC_MAC)
08631 rsbac_umount_mac(kdev);
08632 #endif
08633 /****** AUTH *******/
08634 #if defined(CONFIG_RSBAC_AUTH)
08635 rsbac_umount_auth(kdev);
08636 #endif
08637 /****** ACL *******/
08638 #if defined(CONFIG_RSBAC_ACL)
08639 rsbac_umount_acl(kdev);
08640 #endif
08641 /****** REG *******/
08642 #if defined(CONFIG_RSBAC_REG)
08643 rsbac_umount_reg(kdev);
08644 #endif /* REG */
08645
08646 /* wait for write access to device_list_head */
08647 rsbac_write_lock(&device_list_head.lock, &flags);
08648 /* OK, nobody else is working on it... */
08649 device_p = lookup_device(kdev);
08650 if(device_p)
08651 {
08652 if(device_p->mount_count == 1)
08653 {
08654 /* Generic lists */
08655 rsbac_list_umount(kdev);
08656 remove_device_item(kdev);
08657 }
08658 else
08659 {
08660 if(device_p->mount_count > 1)
08661 {
08662 device_p->mount_count--;
08663 if(device_p->d_covers == d_covers)
08664 {
08665 rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
08666 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
08667 device_p->d_covers = NULL;
08668 }
08669 }
08670 else
08671 {
08672 rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n",
08673 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
08674 }
08675 }
08676 }
08677 /* allow access */
08678 rsbac_write_unlock(&device_list_head.lock, &flags);
08679
08680 return(0);
08681 }
|
|
|
Definition at line 2669 of file aci_data_structures.c. References rsbac_read_close(). Referenced by rsbac_list_write_buffers(), rsbac_list_write_lol_buffers(), and write_info(). 02670 {
02671 rsbac_read_close(file_p);
02672 }
|
|
||||||||||||||||
|
Definition at line 2283 of file aci_data_structures.c. References check_parent, init_private_file(), lookup_aci_path_dentry(), NULL, rsbac_clear_file(), RSBAC_EINVALIDDEV, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_ENOTWRITABLE, RSBAC_EWRITEFAILED, rsbac_get_super_block(), rsbac_kfree(), rsbac_kmalloc(), rsbac_lookup_one_len(), RSBAC_MAXNAMELEN, rsbac_printk(), TRUE, and writable(). Referenced by rsbac_list_write_buffers(), rsbac_list_write_lol_buffers(), and write_info(). 02286 {
02287 struct dentry * dir_dentry_p = NULL;
02288 struct dentry * ldir_dentry_p = NULL;
02289 struct dentry * file_dentry_p = NULL;
02290 int err = 0;
02291 int tmperr = 0;
02292 struct super_block * sb_p;
02293
02294 if(!file_p || !name)
02295 {
02296 #ifdef CONFIG_RSBAC_DEBUG
02297 if (rsbac_debug_write)
02298 {
02299 rsbac_printk(KERN_DEBUG "rsbac_write_open(): called with NULL pointer!\n");
02300 }
02301 #endif
02302 return(-RSBAC_EINVALIDPOINTER);
02303 }
02304
02305 /* get super_block-pointer */
02306 sb_p = rsbac_get_super_block(kdev);
02307 if (!sb_p)
02308 {
02309 rsbac_printk(KERN_WARNING
02310 "rsbac_write_open(): invalid device %02u:%02u\n",
02311 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02312 return (-RSBAC_EINVALIDDEV);
02313 }
02314 if(!writable(sb_p))
02315 {
02316 #ifdef CONFIG_RSBAC_DEBUG
02317 if (rsbac_debug_write)
02318 {
02319 rsbac_printk(KERN_DEBUG
02320 "rsbac_write_open(): called for non-writable device\n");
02321 }
02322 #endif
02323 err = -RSBAC_ENOTWRITABLE;
02324 goto out;
02325 }
02326
02327 /* lookup dentry of ACI_PATH on this device (create, if needed and possible),
02328 * returns errorcode, if failed */
02329 if ((tmperr = lookup_aci_path_dentry(sb_p, &dir_dentry_p, TRUE,
02330 kdev)))
02331 {
02332 err = tmperr;
02333 goto out;
02334 }
02335
02336 /* open file for reading - this must be done 'by hand', because */
02337 /* standard system calls are now extended by rsbac decision calls. */
02338 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02339 if (!file_dentry_p || IS_ERR(file_dentry_p))
02340 {
02341 #ifdef CONFIG_RSBAC_DEBUG
02342 if (rsbac_debug_write)
02343 {
02344 rsbac_printk(KERN_DEBUG
02345 "rsbac_write_open(): lookup of %s returned error %li\n",
02346 name, PTR_ERR(file_dentry_p));
02347 }
02348 #endif
02349 err = -RSBAC_EWRITEFAILED;
02350 goto out;
02351 }
02352
02353 #if 1
02354 if (file_dentry_p->d_inode)
02355 { /* file was found: try to rename it as backup file */
02356 if ( !dir_dentry_p->d_inode->i_op
02357 || !dir_dentry_p->d_inode->i_op->rename)
02358 {
02359 rsbac_printk(KERN_WARNING
02360 "rsbac_write_open(): File system supports no rename - no backup of %s made!",
02361 name);
02362 }
02363 else
02364 {
02365 char * bname;
02366 int name_len = strlen(name);
02367 struct dentry * new_file_dentry_p = NULL;
02368 struct dentry * old_dir_p, * new_dir_p;
02369
02370 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02371 if(!bname)
02372 {
02373 err = -RSBAC_ENOMEM;
02374 goto out_dput;
02375 }
02376 strcpy(bname,name);
02377 bname[name_len] = 'b';
02378 bname[name_len+1] = (char) 0;
02379 new_file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname));
02380 if(new_file_dentry_p && !IS_ERR(new_file_dentry_p))
02381 {
02382 /* lock parent == rsbac-dir for rest of rename */
02383 old_dir_p = dget(file_dentry_p->d_parent);
02384 new_dir_p = dget(new_file_dentry_p->d_parent);
02385 double_lock(new_dir_p, old_dir_p);
02386
02387 DQUOT_INIT(old_dir_p->d_inode);
02388 DQUOT_INIT(new_dir_p->d_inode);
02389 /* try to rename file in rsbac dir */
02390 /* if (rsbac_debug_write)
02391 * rsbac_printk(KERN_DEBUG "rsbac_write_open(): calling rename function\n");
02392 */
02393 err = dir_dentry_p->d_inode->i_op->rename(old_dir_p->d_inode,
02394 file_dentry_p,
02395 new_dir_p->d_inode,
02396 new_file_dentry_p);
02397 /* unlock dir (dputs both dentries) */
02398 double_unlock(new_dir_p, old_dir_p);
02399 if(err)
02400 {
02401 rsbac_printk(KERN_WARNING
02402 "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n",
02403 name,bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
02404 }
02405 else
02406 {
02407 /* The following d_move() should become unconditional */
02408 if (!(sb_p->s_type->fs_flags & FS_ODD_RENAME))
02409 d_move(file_dentry_p, new_file_dentry_p);
02410 inode_dir_notify(old_dir_p->d_inode, DN_RENAME);
02411 }
02412 dput(new_file_dentry_p);
02413 dput(file_dentry_p);
02414 /* re-init dentry structure */
02415 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02416 if (!file_dentry_p || IS_ERR (file_dentry_p))
02417 {
02418 #ifdef CONFIG_RSBAC_DEBUG
02419 if (rsbac_debug_write)
02420 {
02421 rsbac_printk(KERN_DEBUG
02422 "rsbac_write_open(): relookup of %s returned error %li\n",
02423 name, PTR_ERR(file_dentry_p));
02424 }
02425 #endif
02426 err = -RSBAC_EWRITEFAILED;
02427 goto out;
02428 }
02429 if (file_dentry_p->d_inode)
02430 {
02431 rsbac_printk(KERN_WARNING
02432 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n",
02433 name, file_dentry_p->d_inode->i_ino);
02434 /* file was found: try to delete it */
02435 if ( !dir_dentry_p->d_inode->i_op
02436 || !dir_dentry_p->d_inode->i_op->unlink)
02437 {
02438 rsbac_printk(KERN_WARNING
02439 "rsbac_write_open(): File system supports no unlink - %s not deleted!",
02440 name);
02441 rsbac_kfree(bname);
02442 err = -RSBAC_EWRITEFAILED;
02443 goto out_dput;
02444 }
02445 else
02446 {
02447 old_dir_p = lock_parent(file_dentry_p);
02448
02449 DQUOT_INIT(old_dir_p->d_inode);
02450 err = -ENOENT;
02451 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02452 if (check_parent(old_dir_p, file_dentry_p))
02453 {
02454 #endif
02455 err = dir_dentry_p->d_inode->i_op->unlink(old_dir_p->d_inode,
02456 file_dentry_p);
02457 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02458 }
02459 else
02460 {
02461 rsbac_printk(KERN_WARNING
02462 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n",
02463 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
02464 }
02465 #endif
02466 /* unlock parent dir */
02467 unlock_dir(old_dir_p);
02468 /* free file dentry */
02469 dput(file_dentry_p);
02470 if(err)
02471 {
02472 rsbac_printk(KERN_WARNING
02473 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n",
02474 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
02475 }
02476 /* re-init dentry structure */
02477 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02478 if (!file_dentry_p || IS_ERR (file_dentry_p))
02479 {
02480 #ifdef CONFIG_RSBAC_DEBUG
02481 if (rsbac_debug_write)
02482 {
02483 rsbac_printk(KERN_DEBUG
02484 "rsbac_write_open(): relookup of %s returned error %li\n",
02485 name, PTR_ERR(file_dentry_p));
02486 }
02487 #endif
02488 rsbac_kfree(bname);
02489 err = -RSBAC_EWRITEFAILED;
02490 goto out;
02491 }
02492 if (file_dentry_p->d_inode)
02493 {
02494 rsbac_printk(KERN_WARNING
02495 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n",
02496 name, file_dentry_p->d_inode->i_ino);
02497 rsbac_kfree(bname);
02498 err = -RSBAC_EWRITEFAILED;
02499 goto out_dput;
02500 }
02501 }
02502 }
02503 }
02504 else
02505 {
02506 rsbac_printk(KERN_WARNING
02507 "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n",
02508 bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), PTR_ERR(new_file_dentry_p));
02509 }
02510 rsbac_kfree(bname);
02511 }
02512 }
02513 #endif /* backup part */
02514
02515 if(!file_dentry_p->d_inode)
02516 {
02517 /* file not found or renamed away: try to create a new one */
02518 if ( !dir_dentry_p->d_inode->i_op
02519 || !dir_dentry_p->d_inode->i_op->create)
02520 {
02521 rsbac_printk(KERN_WARNING "%s\n",
02522 "rsbac_write_open(): File system supports no create!");
02523 err = -RSBAC_EWRITEFAILED;
02524 goto out_dput;
02525 }
02526
02527 /* lock parent == rsbac-dir for create */
02528 ldir_dentry_p = lock_parent(file_dentry_p);
02529 if(IS_ERR(ldir_dentry_p))
02530 {
02531 #ifdef CONFIG_RSBAC_DEBUG
02532 if (rsbac_debug_write)
02533 {
02534 rsbac_printk(KERN_DEBUG
02535 "rsbac_write_open(): lock_parent of %s returned error %li\n",
02536 name, PTR_ERR(ldir_dentry_p));
02537 }
02538 #endif
02539 err = -RSBAC_EWRITEFAILED;
02540 goto out_dput;
02541 }
02542 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02543 if (!check_parent(ldir_dentry_p, file_dentry_p))
02544 {
02545 #ifdef CONFIG_RSBAC_DEBUG
02546 if (rsbac_debug_write)
02547 {
02548 rsbac_printk(KERN_DEBUG
02549 "rsbac_write_open(): check_parent of %s returned error\n",
02550 name);
02551 }
02552 #endif
02553 unlock_dir(ldir_dentry_p);
02554 err = -RSBAC_EWRITEFAILED;
02555 goto out_dput;
02556 }
02557 #endif
02558 /* try to create file in rsbac dir */
02559 /* if (rsbac_debug_write)
02560 * rsbac_printk(KERN_DEBUG "%s\n",
02561 * "rsbac_write_open(): calling create function");
02562 */
02563 DQUOT_INIT(ldir_dentry_p->d_inode);
02564 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02565 err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode,
02566 file_dentry_p,
02567 RSBAC_ACI_FILE_MODE,
02568 NULL);
02569 #else
02570 err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode,
02571 file_dentry_p,
02572 RSBAC_ACI_FILE_MODE);
02573 #endif
02574 unlock_dir(ldir_dentry_p);
02575
02576 if (err)
02577 {
02578 goto out_dput;
02579 }
02580 /* create was successful */
02581 }
02582
02583 if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) )
02584 { /* this is not a file! -> error! */
02585 rsbac_printk(KERN_WARNING
02586 "rsbac_write_open(): expected file is not a file, mode is %o!\n",
02587 file_dentry_p->d_inode->i_mode);
02588 err = -RSBAC_EWRITEFAILED;
02589 goto out_dput;
02590 }
02591 /* Now we fill the file structure and */
02592 /* if there is an open func for this file, use it, otherwise ignore */
02593 if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY)))
02594 {
02595 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not init file!\n");
02596 err = -RSBAC_EWRITEFAILED;
02597 goto out_dput;
02598 }
02599
02600 /* Without a write function we get into troubles -> error */
02601 if ((!file_p->f_op) || (!file_p->f_op->write))
02602 {
02603 rsbac_printk(KERN_WARNING
02604 "rsbac_write_open(): file write function missing!\n");
02605 if(file_p->f_op && file_p->f_op->release)
02606 {
02607 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02608 }
02609 err = -RSBAC_EWRITEFAILED;
02610 goto out_dput;
02611 }
02612
02613 /* trying to get write access */
02614 /* if (rsbac_debug_write)
02615 * rsbac_printk(KERN_DEBUG "rsbac_write_open(): trying to get write access!\n");
02616 */
02617 if (get_write_access(file_dentry_p->d_inode))
02618 {
02619 rsbac_printk(KERN_WARNING
02620 "rsbac_write_open(): could not get write access!\n");
02621 if (file_p->f_op->release)
02622 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02623 err = -RSBAC_EWRITEFAILED;
02624 goto out_dput;
02625 }
02626 /* truncating */
02627 if(rsbac_clear_file(file_dentry_p))
02628 {
02629 if (file_p->f_op->release)
02630 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02631 put_write_access(file_dentry_p->d_inode);
02632 rsbac_printk(KERN_WARNING
02633 "rsbac_write_open(): could not truncate!\n");
02634 err = -RSBAC_EWRITEFAILED;
02635 goto out_dput;
02636 }
02637 /* set synchronous mode for this file */
02638 file_p->f_flags |= O_SYNC;
02639
02640 out:
02641 return err;
02642
02643 out_dput:
02644 dput(file_dentry_p);
02645 goto out;
02646 }
|
|
||||||||||||||||||||||||||||
|
Definition at line 12653 of file aci_data_structures.c. References A_log_array_high, A_log_array_low, A_mac_categories, A_mac_check, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, D_block, D_block_major, D_char, D_char_major, DEFAULT_GEN_DEV_ACI, dev_handles, dev_major_handles, GEN, handle, rsbac_attribute_value_t::log_array_high, rsbac_gen_dev_aci_t::log_array_high, rsbac_attribute_value_t::log_array_low, rsbac_gen_dev_aci_t::log_array_low, MAC, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_check, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, PM, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, RC, rsbac_attribute_value_t::rc_type, RC_type_max_value, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_attribute_value_t::security_level, and rsbac_dev_desc_t::type. Referenced by rsbac_ta_set_attr(). 12660 {
12661 int err = 0;
12662
12663 /*
12664 #ifdef CONFIG_RSBAC_DEBUG
12665 if (rsbac_debug_ds)
12666 rsbac_printk(KERN_DEBUG
12667 "rsbac_set_attr(): Setting dev attribute\n");
12668 #endif
12669 */
12670 switch(module)
12671 {
12672 case GEN:
12673 {
12674 struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI;
12675
12676 if(dev.type > D_char)
12677 return -RSBAC_EINVALIDTARGET;
12678 rsbac_ta_list_get_data_ttl(ta_number,
12679 dev_handles.gen,
12680 NULL,
12681 &dev,
12682 &aci);
12683 switch (attr)
12684 {
12685 case A_log_array_low:
12686 aci.log_array_low = value_p->log_array_low;
12687 break;
12688 case A_log_array_high:
12689 aci.log_array_high = value_p->log_array_high;
12690 break;
12691 default:
12692 err = -RSBAC_EINVALIDATTR;
12693 }
12694 if(!err)
12695 {
12696 err = rsbac_ta_list_add_ttl(ta_number,
12697 dev_handles.gen,
12698 0,
12699 &dev,
12700 &aci);
12701 }
12702 }
12703 break;
12704
12705 #if defined(CONFIG_RSBAC_MAC)
12706 case MAC:
12707 {
12708 struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI;
12709
12710 if(dev.type > D_char)
12711 return -RSBAC_EINVALIDTARGET;
12712 rsbac_ta_list_get_data_ttl(ta_number,
12713 dev_handles.mac,
12714 NULL,
12715 &dev,
12716 &aci);
12717 switch (attr)
12718 {
12719 case A_security_level:
12720 aci.sec_level = value_p->security_level;
12721 break;
12722 case A_mac_categories:
12723 aci.mac_categories = value_p->mac_categories;
12724 break;
12725 case A_mac_check:
12726 aci.mac_check = value_p->mac_check;
12727 break;
12728 default:
12729 err = -RSBAC_EINVALIDATTR;
12730 }
12731 if(!err)
12732 {
12733 err = rsbac_ta_list_add_ttl(ta_number,
12734 dev_handles.mac,
12735 0,
12736 &dev,
12737 &aci);
12738 }
12739 }
12740 break;
12741 #endif
12742
12743 #if defined(CONFIG_RSBAC_PM)
12744 case PM:
12745 {
12746 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
12747
12748 if(dev.type > D_char)
12749 return -RSBAC_EINVALIDTARGET;
12750 rsbac_ta_list_get_data_ttl(ta_number,
12751 dev_handles.pm,
12752 NULL,
12753 &dev,
12754 &aci);
12755 switch (attr)
12756 {
12757 case A_pm_object_type:
12758 aci.pm_object_type = value_p->pm_object_type;
12759 break;
12760 case A_pm_object_class:
12761 aci.pm_object_class = value_p->pm_object_class;
12762 break;
12763 default:
12764 err = -RSBAC_EINVALIDATTR;
12765 }
12766 if(!err)
12767 {
12768 err = rsbac_ta_list_add_ttl(ta_number,
12769 dev_handles.pm,
12770 0,
12771 &dev,
12772 &aci);
12773 }
12774 }
12775 break;
12776 #endif
12777
12778 #if defined(CONFIG_RSBAC_RC)
12779 case RC:
12780 {
12781 rsbac_rc_type_id_t type = value_p->rc_type;
12782 struct rsbac_dev_desc_t dev_desc;
12783 rsbac_list_handle_t handle;
12784
12785 switch(dev.type)
12786 {
12787 case D_char:
12788 dev_desc.type = D_char;
12789 handle = dev_handles.rc;
12790 break;
12791 case D_block:
12792 dev_desc.type = D_block;
12793 handle = dev_handles.rc;
12794 break;
12795 case D_char_major:
12796 if(type > RC_type_max_value)
12797 return -RSBAC_EINVALIDVALUE;
12798 dev_desc.type = D_char;
12799 handle = dev_major_handles.rc;
12800 break;
12801 case D_block_major:
12802 if(type > RC_type_max_value)
12803 return -RSBAC_EINVALIDVALUE;
12804 dev_desc.type = D_block;
12805 handle = dev_major_handles.rc;
12806 break;
12807 default:
12808 return -RSBAC_EINVALIDTARGET;
12809 }
12810 dev_desc.major = dev.major;
12811 dev_desc.minor = dev.minor;
12812
12813 switch (attr)
12814 {
12815 case A_rc_type:
12816 err = rsbac_ta_list_add_ttl(ta_number,
12817 handle,
12818 0,
12819 &dev_desc,
12820 &type);
12821 break;
12822 default:
12823 err = -RSBAC_EINVALIDATTR;
12824 }
12825 }
12826 break;
12827 #endif
12828
12829 default:
12830 err = -RSBAC_EINVALIDMODULE;
12831 }
12832
12833 return err;
12834 }
|
|
||||||||||||||||||||||||||||
|
Definition at line 12215 of file aci_data_structures.c. References A_auid_exempt, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_daz_scanned, A_daz_scanner, A_fake_root_uid, A_ff_flags, A_linux_dac_disable, A_log_array_high, A_log_array_low, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_file_flags, A_mac_prop_trusted, A_max_caps, A_min_caps, A_pax_flags, A_pm_object_class, A_pm_object_type, A_pm_tp, A_rc_force_role, A_rc_initial_role, A_rc_type_fd, A_res_max, A_res_min, A_security_level, A_symlink_add_mac_level, A_symlink_add_rc_role, A_symlink_add_remote_ip, A_symlink_add_uid, rsbac_attribute_value_t::auid_exempt, rsbac_gen_fd_aci_t::auid_exempt, AUTH, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, CAP, DAZ, rsbac_attribute_value_t::daz_scanned, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_FD_ACI, device_list_head, rsbac_attribute_value_t::fake_root_uid, rsbac_gen_fd_aci_t::fake_root_uid, FF, rsbac_attribute_value_t::ff_flags, GEN, gen_fd_hash(), rsbac_attribute_value_t::linux_dac_disable, rsbac_gen_fd_aci_t::linux_dac_disable, rsbac_attribute_value_t::log_array_high, rsbac_gen_fd_aci_t::log_array_high, rsbac_attribute_value_t::log_array_low, rsbac_gen_fd_aci_t::log_array_low, rsbac_attribute_value_t::log_program_based, rsbac_gen_fd_aci_t::log_program_based, lookup_device(), MAC, rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_file_flags, rsbac_attribute_value_t::mac_prop_trusted, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, PAX, rsbac_attribute_value_t::pax_flags, PM, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, rsbac_attribute_value_t::pm_tp, RC, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_initial_role, rsbac_attribute_value_t::rc_type_fd, RES, rsbac_attribute_value_t::res_array, RSBAC_EINVALIDATTR, RSBAC_EINVALIDDEV, RSBAC_EINVALIDMODULE, rsbac_list_add_ttl(), RSBAC_MAC_F_FLAGS, rsbac_mount(), RSBAC_PAX_ALL_FLAGS, rsbac_printk(), rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_remove(), rsbac_attribute_value_t::security_level, rsbac_attribute_value_t::symlink_add_mac_level, rsbac_gen_fd_aci_t::symlink_add_mac_level, rsbac_attribute_value_t::symlink_add_rc_role, rsbac_gen_fd_aci_t::symlink_add_rc_role, rsbac_attribute_value_t::symlink_add_remote_ip, rsbac_gen_fd_aci_t::symlink_add_remote_ip, rsbac_attribute_value_t::symlink_add_uid, and rsbac_gen_fd_aci_t::symlink_add_uid. Referenced by rsbac_ta_set_attr(). 12222 {
12223 int err = 0;
12224 struct rsbac_device_list_item_t * device_p;
12225 u_long dflags;
12226
12227 /*
12228 #ifdef CONFIG_RSBAC_DEBUG
12229 if (rsbac_debug_ds)
12230 rsbac_printk(KERN_DEBUG "rsbac_set_attr(): Setting file/dir/fifo/symlink attribute %u for device %02u:%02u, inode %lu, dentry_p %p\n",
12231 attr, RSBAC_MAJOR(tid_p->file.device),RSBAC_MINOR(tid_p->file.device), (u_long) tid_p->file.inode, tid_p->file.dentry_p);
12232 #endif
12233 */
12234 /* wait for read access to device_list_head */
12235 rsbac_read_lock(&device_list_head.lock, &dflags);
12236 /* OK, go on */
12237 /*
12238 #ifdef CONFIG_RSBAC_DEBUG
12239 if (rsbac_debug_ds)
12240 rsbac_printk(KERN_DEBUG
12241 "rsbac_set_attr(): passed device read lock\n");
12242 #endif
12243 */
12244
12245 /* lookup device */
12246 device_p = lookup_device(tid_p->file.device);
12247 if (!device_p)
12248 {
12249 struct super_block * sb_p;
12250
12251 rsbac_read_unlock(&device_list_head.lock, &dflags);
12252 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
12253 sb_p = user_get_super(tid_p->file.device);
12254 #else
12255 sb_p = get_super(tid_p->file.device);
12256 #endif
12257 if(sb_p)
12258 {
12259 rsbac_printk(KERN_INFO
12260 "rsbac_set_attr(): auto-mounting device %02u:%02u\n",
12261 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
12262 rsbac_mount(sb_p, NULL);
12263 /* free super_block pointer */
12264 drop_super(sb_p);
12265 rsbac_read_lock(&device_list_head.lock, &dflags);
12266 device_p = lookup_device(tid_p->file.device);
12267 if (!device_p)
12268 {
12269 rsbac_printk(KERN_WARNING
12270 "rsbac_set_attr(): unknown device %02u:%02u\n",
12271 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
12272 rsbac_read_unlock(&device_list_head.lock, &dflags);
12273 return -RSBAC_EINVALIDDEV;
12274 }
12275 }
12276 else
12277 return -RSBAC_EINVALIDDEV;
12278 }
12279 switch(module)
12280 {
12281 case GEN:
12282 {
12283 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI;
12284
12285 rsbac_ta_list_get_data_ttl(ta_number,
12286 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
12287 NULL,
12288 &tid_p->file.inode,
12289 &aci);
12290 switch (attr)
12291 {
12292 case A_log_array_low:
12293 aci.log_array_low = value_p->log_array_low;
12294 break;
12295 case A_log_array_high:
12296 aci.log_array_high = value_p->log_array_high;
12297 break;
12298 case A_log_program_based:
12299 aci.log_program_based = value_p->log_program_based;
12300 break;
12301 case A_symlink_add_remote_ip:
12302 aci.symlink_add_remote_ip = value_p->symlink_add_remote_ip;
12303 break;
12304 case A_symlink_add_uid:
12305 aci.symlink_add_uid = value_p->symlink_add_uid;
12306 break;
12307 case A_symlink_add_mac_level:
12308 aci.symlink_add_mac_level = value_p->symlink_add_mac_level;
12309 break;
12310 case A_symlink_add_rc_role:
12311 aci.symlink_add_rc_role = value_p->symlink_add_rc_role;
12312 break;
12313 case A_linux_dac_disable:
12314 aci.linux_dac_disable = value_p->linux_dac_disable;
12315 break;
12316 case A_fake_root_uid:
12317 aci.fake_root_uid = value_p->fake_root_uid;
12318 break;
12319 case A_auid_exempt:
12320 aci.auid_exempt = value_p->auid_exempt;
12321 break;
12322 default:
12323 err = -RSBAC_EINVALIDATTR;
12324 }
12325 if(!err)
12326 {
12327 err = rsbac_ta_list_add_ttl(ta_number,
12328 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
12329 0,
12330 &tid_p->file.inode,
12331 &aci);
12332 }
12333 }
12334 break;
12335
12336 #if defined(CONFIG_RSBAC_MAC)
12337 case MAC:
12338 {
12339 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
12340
12341 rsbac_ta_list_get_data_ttl(ta_number,
12342 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
12343 NULL,
12344 &tid_p->file.inode,
12345 &aci);
12346 switch (attr)
12347 {
12348 case A_security_level:
12349 aci.sec_level = value_p->security_level;
12350 break;
12351 case A_mac_categories:
12352 aci.mac_categories = value_p->mac_categories;
12353 break;
12354 case A_mac_auto:
12355 aci.mac_auto = value_p->mac_auto;
12356 break;
12357 case A_mac_prop_trusted:
12358 aci.mac_prop_trusted = value_p->mac_prop_trusted;
12359 break;
12360 case A_mac_file_flags:
12361 aci.mac_file_flags = value_p->mac_file_flags & RSBAC_MAC_F_FLAGS;
12362 break;
12363
12364 default:
12365 err = -RSBAC_EINVALIDATTR;
12366 }
12367 if(!err)
12368 {
12369 err = rsbac_ta_list_add_ttl(ta_number,
12370 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
12371 0,
12372 &tid_p->file.inode,
12373 &aci);
12374 }
12375 }
12376 break;
12377 #endif /* MAC */
12378
12379 #if defined(CONFIG_RSBAC_PM)
12380 case PM:
12381 {
12382 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
12383
12384 rsbac_ta_list_get_data_ttl(ta_number,
12385 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
12386 NULL,
12387 &tid_p->file.inode,
12388 &aci);
12389 switch (attr)
12390 {
12391 case A_pm_object_class:
12392 aci.pm_object_class = value_p->pm_object_class;
12393 break;
12394 case A_pm_tp:
12395 aci.pm_tp = value_p->pm_tp;
12396 break;
12397 case A_pm_object_type:
12398 aci.pm_object_type = value_p->pm_object_type;
12399 break;
12400 default:
12401 err = -RSBAC_EINVALIDATTR;
12402 }
12403 if(!err)
12404 {
12405 err = rsbac_ta_list_add_ttl(ta_number,
12406 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
12407 0,
12408 &tid_p->file.inode,
12409 &aci);
12410 }
12411 }
12412 break;
12413 #endif /* PM */
12414
12415 #if defined(CONFIG_RSBAC_DAZ)
12416 case DAZ:
12417 {
12418 #if defined(CONFIG_RSBAC_DAZ_CACHE)
12419 if(attr == A_daz_scanned)
12420 {
12421 err = rsbac_list_add_ttl(device_p->handles.dazs[daz_scanned_fd_hash(tid_p->file.inode)],
12422 rsbac_daz_ttl,
12423 &tid_p->file.inode,
12424 &value_p->daz_scanned);
12425 }
12426 else
12427 #endif
12428 {
12429 struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI;
12430
12431 rsbac_ta_list_get_data_ttl(ta_number,
12432 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
12433 NULL,
12434 &tid_p->file.inode,
12435 &aci);
12436 switch (attr)
12437 {
12438 case A_daz_scanner:
12439 aci.daz_scanner = value_p->daz_scanner;
12440 break;
12441 default:
12442 err = -RSBAC_EINVALIDATTR;
12443 }
12444 if(!err)
12445 {
12446 err = rsbac_ta_list_add_ttl(ta_number,
12447 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
12448 0,
12449 &tid_p->file.inode,
12450 &aci);
12451 }
12452 }
12453 }
12454 break;
12455 #endif /* DAZ */
12456
12457 #if defined(CONFIG_RSBAC_FF)
12458 case FF:
12459 {
12460 switch (attr)
12461 {
12462 case A_ff_flags:
12463 err = rsbac_ta_list_add_ttl(ta_number,
12464 device_p->handles.ff[ff_fd_hash(tid_p->file.inode)],
12465 0,
12466 &tid_p->file.inode,
12467 &value_p->ff_flags);
12468 break;
12469
12470 default:
12471 err = -RSBAC_EINVALIDATTR;
12472 }
12473 }
12474 break;
12475 #endif /* FF */
12476
12477 #if defined(CONFIG_RSBAC_RC)
12478 case RC:
12479 {
12480 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
12481
12482 rsbac_ta_list_get_data_ttl(ta_number,
12483 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
12484 NULL,
12485 &tid_p->file.inode,
12486 &aci);
12487 switch (attr)
12488 {
12489 case A_rc_type_fd:
12490 aci.rc_type_fd = value_p->rc_type_fd;
12491 break;
12492 case A_rc_force_role:
12493 aci.rc_force_role = value_p->rc_force_role;
12494 break;
12495 case A_rc_initial_role:
12496 aci.rc_initial_role = value_p->rc_initial_role;
12497 break;
12498
12499 default:
12500 err = -RSBAC_EINVALIDATTR;
12501 }
12502 if(!err)
12503 {
12504 err = rsbac_ta_list_add_ttl(ta_number,
12505 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
12506 0,
12507 &tid_p->file.inode,
12508 &aci);
12509 }
12510 }
12511 break;
12512 #endif /* RC */
12513
12514 #if defined(CONFIG_RSBAC_AUTH)
12515 case AUTH:
12516 {
12517 struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI;
12518
12519 rsbac_ta_list_get_data_ttl(ta_number,
12520 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
12521 NULL,
12522 &tid_p->file.inode,
12523 &aci);
12524 switch (attr)
12525 {
12526 case A_auth_may_setuid:
12527 aci.auth_may_setuid = value_p->auth_may_setuid;
12528 break;
12529 case A_auth_may_set_cap:
12530 aci.auth_may_set_cap = value_p->auth_may_set_cap;
12531 break;
12532 case A_auth_learn:
12533 aci.auth_learn = value_p->auth_learn;
12534 break;
12535 default:
12536 err = -RSBAC_EINVALIDATTR;
12537 }
12538 if(!err)
12539 {
12540 err = rsbac_ta_list_add_ttl(ta_number,
12541 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
12542 0,
12543 &tid_p->file.inode,
12544 &aci);
12545 }
12546 }
12547 break;
12548 #endif /* AUTH */
12549
12550 #if defined(CONFIG_RSBAC_CAP)
12551 case CAP:
12552 {
12553 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
12554
12555 rsbac_ta_list_get_data_ttl(ta_number,
12556 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
12557 NULL,
12558 &tid_p->file.inode,
12559 &aci);
12560 switch (attr)
12561 {
12562 case A_min_caps:
12563 aci.min_caps = value_p->min_caps;
12564 break;
12565 case A_max_caps:
12566 aci.max_caps = value_p->max_caps;
12567 break;
12568 default:
12569 err = -RSBAC_EINVALIDATTR;
12570 }
12571 if(!err)
12572 {
12573 err = rsbac_ta_list_add_ttl(ta_number,
12574 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
12575 0,
12576 &tid_p->file.inode,
12577 &aci);
12578 }
12579 }
12580 break;
12581 #endif
12582
12583 #if defined(CONFIG_RSBAC_RES)
12584 case RES:
12585 {
12586 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
12587
12588 rsbac_ta_list_get_data_ttl(ta_number,
12589 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
12590 NULL,
12591 &tid_p->file.inode,
12592 &aci);
12593 switch (attr)
12594 {
12595 case A_res_min:
12596 memcpy(&aci.res_min, &value_p->res_array, sizeof(aci.res_min));
12597 break;
12598 case A_res_max:
12599 memcpy(&aci.res_max, &value_p->res_array, sizeof(aci.res_max));
12600 break;
12601 default:
12602 err = -RSBAC_EINVALIDATTR;
12603 }
12604 if(!err)
12605 {
12606 struct rsbac_res_fd_aci_t def_aci = DEFAULT_RES_FD_ACI;
12607
12608 if(memcmp(&aci, &def_aci, sizeof(aci)))
12609 err = rsbac_ta_list_add_ttl(ta_number,
12610 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
12611 0,
12612 &tid_p->file.inode,
12613 &aci);
12614 else
12615 err = rsbac_ta_list_remove(ta_number,
12616 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
12617 &tid_p->file.inode);
12618 }
12619 }
12620 break;
12621 #endif
12622
12623 #if defined(CONFIG_RSBAC_PAX)
12624 case PAX:
12625 {
12626 switch (attr)
12627 {
12628 case A_pax_flags:
12629 value_p->pax_flags &= RSBAC_PAX_ALL_FLAGS;
12630 err = rsbac_ta_list_add_ttl(ta_number,
12631 device_p->handles.pax[pax_fd_hash(tid_p->file.inode)],
12632 0,
12633 &tid_p->file.inode,
12634 &value_p->pax_flags);
12635 break;
12636
12637 default:
12638 err = -RSBAC_EINVALIDATTR;
12639 }
12640 }
12641 break;
12642 #endif /* PAX */
12643
12644 default:
12645 err = -RSBAC_EINVALIDMODULE;
12646 }
12647 /* free access to device_list_head */
12648 rsbac_read_unlock(&device_list_head.lock, &dflags);
12649
12650 return err;
12651 }
|
|
||||||||||||||||||||||||||||
|
Definition at line 12836 of file aci_data_structures.c. References A_jail_id, A_mac_categories, A_pm_ipc_purpose, A_pm_object_class, A_pm_object_type, A_rc_type, A_security_level, rsbac_target_id_t::ipc, ipc_handles, JAIL, rsbac_attribute_value_t::jail_id, MAC, rsbac_attribute_value_t::mac_categories, NULL, PM, rsbac_attribute_value_t::pm_ipc_purpose, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_object_type, RC, rsbac_attribute_value_t::rc_type, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), and rsbac_attribute_value_t::security_level. Referenced by rsbac_ta_set_attr(). 12843 {
12844 int err = 0;
12845
12846 /*
12847 #ifdef CONFIG_RSBAC_DEBUG
12848 if (rsbac_debug_ds) rsbac_printk(KERN_DEBUG "%s\n",
12849 "rsbac_set_attr(): Setting ipc attribute");
12850 #endif
12851 */
12852 switch(module)
12853 {
12854 #if defined(CONFIG_RSBAC_MAC)
12855 case MAC:
12856 {
12857 struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI;
12858
12859 rsbac_ta_list_get_data_ttl(ta_number,
12860 ipc_handles.mac,
12861 NULL,
12862 &tid_p->ipc,
12863 &aci);
12864 switch (attr)
12865 {
12866 case A_security_level:
12867 aci.sec_level = value_p->security_level;
12868 break;
12869 case A_mac_categories:
12870 aci.mac_categories = value_p->mac_categories;
12871 break;
12872 default:
12873 err = -RSBAC_EINVALIDATTR;
12874 }
12875 if(!err)
12876 {
12877 err = rsbac_ta_list_add_ttl(ta_number,
12878 ipc_handles.mac,
12879 0,
12880 &tid_p->ipc,
12881 &aci);
12882 }
12883 }
12884 break;
12885 #endif
12886
12887 #if defined(CONFIG_RSBAC_PM)
12888 case PM:
12889 {
12890 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
12891
12892 rsbac_ta_list_get_data_ttl(ta_number,
12893 ipc_handles.pm,
12894 NULL,
12895 &tid_p->ipc,
12896 &aci);
12897 switch (attr)
12898 {
12899 case A_pm_object_type:
12900 aci.pm_object_type = value_p->pm_object_type;
12901 break;
12902 case A_pm_ipc_purpose:
12903 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
12904 break;
12905 case A_pm_object_class:
12906 aci.pm_object_class = value_p->pm_object_class;
12907 break;
12908 default:
12909 err = -RSBAC_EINVALIDATTR;
12910 }
12911 if(!err)
12912 {
12913 err = rsbac_ta_list_add_ttl(ta_number,
12914 ipc_handles.pm,
12915 0,
12916 &tid_p->ipc,
12917 &aci);
12918 }
12919 }
12920 break;
12921 #endif
12922
12923 #if defined(CONFIG_RSBAC_RC)
12924 case RC:
12925 {
12926 rsbac_rc_type_id_t type = value_p->rc_type;
12927
12928 switch (attr)
12929 {
12930 case A_rc_type:
12931 err = rsbac_ta_list_add_ttl(ta_number,
12932 ipc_handles.rc,
12933 0,
12934 &tid_p->ipc,
12935 &type);
12936 break;
12937 default:
12938 err = -RSBAC_EINVALIDATTR;
12939 }
12940 }
12941 break;
12942 #endif
12943
12944 #if defined(CONFIG_RSBAC_JAIL)
12945 case JAIL:
12946 {
12947 rsbac_jail_id_t id = value_p->jail_id;
12948
12949 switch (attr)
12950 {
12951 case A_jail_id:
12952 /*
12953 #ifdef CONFIG_RSBAC_DEBUG
12954 if(id)
12955 rsbac_printk(KERN_DEBUG
12956 "rsbac_set_attr(): Setting jail_id for IPC %s %lu to %u\n",
12957 get_ipc_target_name(tmp, tid_p->ipc.type), tid_p->ipc.id.id_nr, id);
12958 #endif
12959 */
12960 err = rsbac_ta_list_add_ttl(ta_number,
12961 ipc_handles.jail,
12962 0,
12963 &tid_p->ipc,
12964 &id);
12965 break;
12966 default:
12967 err = -RSBAC_EINVALIDATTR;
12968 }
12969 }
12970 break;
12971 #endif
12972
12973 default:
12974 err = -RSBAC_EINVALIDMODULE;
12975 }
12976
12977 return err;
12978 }
|
|
||||||||||||||||||||||||||||
|
Definition at line 13379 of file aci_data_structures.c. References A_audit_uid, A_auid_exempt, A_auth_last_auth, A_auth_learn, A_auth_may_set_cap, A_auth_may_setuid, A_cap_process_hiding, A_current_sec_level, A_daz_scanner, A_fake_root_uid, A_initial_security_level, A_jail_flags, A_jail_id, A_jail_ip, A_jail_max_caps, A_jail_scd_get, A_jail_scd_modify, A_log_program_based, A_mac_auto, A_mac_categories, A_mac_curr_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_process_flags, A_max_caps_program, A_max_caps_user, A_max_read_categories, A_max_read_open, A_min_security_level, A_min_write_categories, A_min_write_open, A_pm_current_task, A_pm_process_type, A_pm_tp, A_rc_force_role, A_rc_role, A_rc_type, A_remote_ip, A_security_level, rsbac_attribute_value_t::audit_uid, rsbac_gen_process_aci_t::audit_uid, rsbac_attribute_value_t::auid_exempt, rsbac_gen_process_aci_t::auid_exempt, AUTH, rsbac_attribute_value_t::auth_last_auth, rsbac_attribute_value_t::auth_learn, rsbac_attribute_value_t::auth_may_set_cap, rsbac_attribute_value_t::auth_may_setuid, CAP, rsbac_attribute_value_t::cap_process_hiding, rsbac_attribute_value_t::current_sec_level, DAZ, rsbac_attribute_value_t::daz_scanner, DEFAULT_GEN_P_ACI, rsbac_attribute_value_t::fake_root_uid, rsbac_gen_process_aci_t::fake_root_uid, GEN, gen_p_hash(), JAIL, rsbac_attribute_value_t::jail_flags, rsbac_attribute_value_t::jail_id, rsbac_attribute_value_t::jail_ip, rsbac_attribute_value_t::jail_max_caps, rsbac_attribute_value_t::jail_scd_get, rsbac_attribute_value_t::jail_scd_modify, rsbac_gen_process_aci_t::kernel_thread, rsbac_attribute_value_t::log_program_based, rsbac_gen_process_aci_t::log_program_based, MAC, MAC_auto, rsbac_attribute_value_t::mac_auto, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_process_flags, rsbac_attribute_value_t::max_caps_program, rsbac_attribute_value_t::max_caps_user, rsbac_attribute_value_t::max_read_open, rsbac_attribute_value_t::min_write_open, NULL, PM, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_process_type, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, process_handles, RC, rsbac_attribute_value_t::rc_force_role, rsbac_attribute_value_t::rc_role, rsbac_attribute_value_t::rc_type, rsbac_attribute_value_t::remote_ip, rsbac_gen_process_aci_t::remote_ip, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_MAC_P_FLAGS, rsbac_printk(), rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), and rsbac_attribute_value_t::security_level. Referenced by rsbac_ta_set_attr(). 13386 {
13387 int err = 0;
13388
13389 /*
13390 #ifdef CONFIG_RSBAC_DEBUG
13391 if (rsbac_debug_ds)
13392 rsbac_printk(KERN_DEBUG
13393 "rsbac_set_attr(): Setting process attribute\n");
13394 #endif
13395 */
13396 if (!tid_p->process)
13397 {
13398 rsbac_printk(KERN_WARNING
13399 "rsbac_set_attr(): Trying to set attribute for process 0!\n");
13400 return -RSBAC_EINVALIDTARGET;
13401 }
13402 switch(module)
13403 {
13404 case GEN:
13405 {
13406 struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI;
13407
13408 rsbac_ta_list_get_data_ttl(ta_number,
13409 process_handles.gen[gen_p_hash(tid_p->process)],
13410 NULL,
13411 &tid_p->process,
13412 &aci);
13413 switch (attr)
13414 {
13415 case A_log_program_based:
13416 aci.log_program_based = value_p->log_program_based;
13417 break;
13418 case A_fake_root_uid:
13419 aci.fake_root_uid = value_p->fake_root_uid;
13420 break;
13421 case A_audit_uid:
13422 aci.audit_uid = value_p->audit_uid;
13423 break;
13424 case A_auid_exempt:
13425 aci.auid_exempt = value_p->auid_exempt;
13426 break;
13427 case A_remote_ip:
13428 aci.remote_ip = value_p->remote_ip;
13429 break;
13430 case A_kernel_thread:
13431 aci.kernel_thread = value_p->kernel_thread;
13432 break;
13433 default:
13434 err = -RSBAC_EINVALIDATTR;
13435 }
13436 if(!err)
13437 {
13438 err = rsbac_ta_list_add_ttl(ta_number,
13439 process_handles.gen[gen_p_hash(tid_p->process)],
13440 0,
13441 &tid_p->process,
13442 &aci);
13443 }
13444 }
13445 break;
13446
13447 #if defined(CONFIG_RSBAC_MAC)
13448 case MAC:
13449 {
13450 struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI;
13451
13452 rsbac_ta_list_get_data_ttl(ta_number,
13453 process_handles.mac[mac_p_hash(tid_p->process)],
13454 NULL,
13455 &tid_p->process,
13456 &aci);
13457 switch (attr)
13458 {
13459 case A_security_level:
13460 aci.owner_sec_level = value_p->security_level;
13461 break;
13462 case A_initial_security_level:
13463 aci.owner_initial_sec_level = value_p->security_level;
13464 break;
13465 case A_min_security_level:
13466 aci.owner_min_sec_level = value_p->security_level;
13467 break;
13468 case A_mac_categories:
13469 aci.mac_owner_categories = value_p->mac_categories;
13470 break;
13471 case A_mac_initial_categories:
13472 aci.mac_owner_initial_categories = value_p->mac_categories;
13473 break;
13474 case A_mac_min_categories:
13475 aci.mac_owner_min_categories = value_p->mac_categories;
13476 break;
13477 case A_current_sec_level:
13478 aci.current_sec_level = value_p->current_sec_level;
13479 break;
13480 case A_mac_curr_categories:
13481 aci.mac_curr_categories = value_p->mac_categories;
13482 break;
13483 case A_min_write_open:
13484 aci.min_write_open = value_p->min_write_open;
13485 break;
13486 case A_min_write_categories:
13487 aci.min_write_categories = value_p->mac_categories;
13488 break;
13489 case A_max_read_open:
13490 aci.max_read_open = value_p->max_read_open;
13491 break;
13492 case A_max_read_categories:
13493 aci.max_read_categories = value_p->mac_categories;
13494 break;
13495 case A_mac_process_flags:
13496 aci.mac_process_flags = value_p->mac_process_flags & RSBAC_MAC_P_FLAGS;
13497 break;
13498 case A_mac_auto:
13499 if(value_p->mac_auto)
13500 aci.mac_process_flags |= MAC_auto;
13501 else
13502 aci.mac_process_flags &= ~MAC_auto;
13503 break;
13504 default:
13505 err = -RSBAC_EINVALIDATTR;
13506 }
13507 if(!err)
13508 {
13509 err = rsbac_ta_list_add_ttl(ta_number,
13510 process_handles.mac[mac_p_hash(tid_p->process)],
13511 0,
13512 &tid_p->process,
13513 &aci);
13514 }
13515 }
13516 break;
13517 #endif
13518
13519 #if defined(CONFIG_RSBAC_PM)
13520 case PM:
13521 {
13522 struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI;
13523
13524 rsbac_ta_list_get_data_ttl(ta_number,
13525 process_handles.pm,
13526 NULL,
13527 &tid_p->process,
13528 &aci);
13529 switch (attr)
13530 {
13531 case A_pm_tp:
13532 aci.pm_tp = value_p->pm_tp;
13533 break;
13534 case A_pm_current_task:
13535 aci.pm_current_task = value_p->pm_current_task;
13536 break;
13537 case A_pm_process_type:
13538 aci.pm_process_type = value_p->pm_process_type;
13539 break;
13540 default:
13541 err = -RSBAC_EINVALIDATTR;
13542 }
13543 if(!err)
13544 {
13545 err = rsbac_ta_list_add_ttl(ta_number,
13546 process_handles.pm,
13547 0,
13548 &tid_p->process,
13549 &aci);
13550 }
13551 }
13552 break;
13553 #endif
13554
13555 #if defined(CONFIG_RSBAC_DAZ)
13556 case DAZ:
13557 {
13558 struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI;
13559
13560 rsbac_ta_list_get_data_ttl(ta_number,
13561 process_handles.daz,
13562 NULL,
13563 &tid_p->process,
13564 &aci);
13565 switch (attr)
13566 {
13567 case A_daz_scanner:
13568 aci.daz_scanner = value_p->daz_scanner;
13569 break;
13570 default:
13571 err = -RSBAC_EINVALIDATTR;
13572 }
13573 if(!err)
13574 {
13575 err = rsbac_ta_list_add_ttl(ta_number,
13576 process_handles.daz,
13577 0,
13578 &tid_p->process,
13579 &aci);
13580 }
13581 }
13582 break;
13583 #endif
13584
13585 #if defined(CONFIG_RSBAC_RC)
13586 case RC:
13587 {
13588 struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI;
13589
13590 rsbac_ta_list_get_data_ttl(ta_number,
13591 process_handles.rc[rc_p_hash(tid_p->process)],
13592 NULL,
13593 &tid_p->process,
13594 &aci);
13595 switch (attr)
13596 {
13597 case A_rc_role:
13598 aci.rc_role = value_p->rc_role;
13599 break;
13600 case A_rc_type:
13601 aci.rc_type = value_p->rc_type;
13602 break;
13603 case A_rc_force_role:
13604 aci.rc_force_role = value_p->rc_force_role;
13605 break;
13606 default:
13607 err = -RSBAC_EINVALIDATTR;
13608 }
13609 if(!err)
13610 {
13611 err = rsbac_ta_list_add_ttl(ta_number,
13612 process_handles.rc[rc_p_hash(tid_p->process)],
13613 0,
13614 &tid_p->process,
13615 &aci);
13616 }
13617 }
13618 break;
13619 #endif
13620
13621 #if defined(CONFIG_RSBAC_AUTH)
13622 case AUTH:
13623 {
13624 struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI;
13625
13626 rsbac_ta_list_get_data_ttl(ta_number,
13627 process_handles.auth,
13628 NULL,
13629 &tid_p->process,
13630 &aci);
13631 switch (attr)
13632 {
13633 case A_auth_may_setuid:
13634 aci.auth_may_setuid = value_p->auth_may_setuid;
13635 break;
13636 case A_auth_may_set_cap:
13637 aci.auth_may_set_cap = value_p->auth_may_set_cap;
13638 break;
13639 #if defined(CONFIG_RSBAC_AUTH_LEARN)
13640 case A_auth_program_file:
13641 aci.auth_program_file = value_p->auth_program_file;
13642 break;
13643 case A_auth_start_uid:
13644 aci.auth_start_uid = value_p->auth_start_uid;
13645 break;
13646 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
13647 case A_auth_start_euid:
13648 aci.auth_start_euid = value_p->auth_start_euid;
13649 break;
13650 #endif
13651 #ifdef CONFIG_RSBAC_AUTH_GROUP
13652 case A_auth_start_gid:
13653 aci.auth_start_gid = value_p->auth_start_gid;
13654 break;
13655 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
13656 case A_auth_start_egid:
13657 aci.auth_start_egid = value_p->auth_start_egid;
13658 break;
13659 #endif
13660 #endif
13661 case A_auth_learn:
13662 aci.auth_learn = value_p->auth_learn;
13663 break;
13664 #endif
13665 case A_auth_last_auth:
13666 aci.auth_last_auth = value_p->auth_last_auth;
13667 break;
13668 default:
13669 err = -RSBAC_EINVALIDATTR;
13670 }
13671 if(!err)
13672 {
13673 err = rsbac_ta_list_add_ttl(ta_number,
13674 process_handles.auth,
13675 0,
13676 &tid_p->process,
13677 &aci);
13678 }
13679 }
13680 break;
13681 #endif
13682
13683 #if defined(CONFIG_RSBAC_CAP)
13684 case CAP:
13685 {
13686 struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI;
13687
13688 rsbac_ta_list_get_data_ttl(ta_number,
13689 process_handles.cap,
13690 NULL,
13691 &tid_p->process,
13692 &aci);
13693 switch (attr)
13694 {
13695 case A_cap_process_hiding:
13696 aci.cap_process_hiding = value_p->cap_process_hiding;
13697 break;
13698 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
13699 case A_max_caps_user:
13700 aci.max_caps_user = value_p->max_caps_user;
13701 break;
13702 case A_max_caps_program:
13703 aci.max_caps_program = value_p->max_caps_program;
13704 break;
13705 #endif
13706 default:
13707 err = -RSBAC_EINVALIDATTR;
13708 }
13709 if(!err)
13710 {
13711 err = rsbac_ta_list_add_ttl(ta_number,
13712 process_handles.cap,
13713 0,
13714 &tid_p->process,
13715 &aci);
13716 }
13717 }
13718 break;
13719 #endif
13720
13721 #if defined(CONFIG_RSBAC_JAIL)
13722 case JAIL:
13723 {
13724 struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI;
13725
13726 rsbac_ta_list_get_data_ttl(ta_number,
13727 process_handles.jail[jail_p_hash(tid_p->process)],
13728 NULL,
13729 &tid_p->process,
13730 &aci);
13731 switch (attr)
13732 {
13733 case A_jail_id:
13734 aci.id = value_p->jail_id;
13735 break;
13736 case A_jail_ip:
13737 aci.ip = value_p->jail_ip;
13738 break;
13739 case A_jail_flags:
13740 aci.flags = value_p->jail_flags;
13741 break;
13742 case A_jail_max_caps:
13743 aci.max_caps = value_p->jail_max_caps;
13744 break;
13745 case A_jail_scd_get:
13746 aci.scd_get = value_p->jail_scd_get;
13747 break;
13748 case A_jail_scd_modify:
13749 aci.scd_modify = value_p->jail_scd_modify;
13750 break;
13751 default:
13752 err = -RSBAC_EINVALIDATTR;
13753 }
13754 if(!err)
13755 {
13756 err = rsbac_ta_list_add_ttl(ta_number,
13757 process_handles.jail[jail_p_hash(tid_p->process)],
13758 0,
13759 &tid_p->process,
13760 &aci);
13761 }
13762 }
13763 break;
13764 #endif
13765
13766 default:
13767 err = -RSBAC_EINVALIDMODULE;
13768 }
13769
13770 return err;
13771 }
|
|
||||||||||||||||||||||||||||
|
Definition at line 12980 of file aci_data_structures.c. References A_auth_role, A_cap_role, A_daz_role, A_ff_role, A_initial_security_level, A_jail_role, A_log_user_based, A_mac_categories, A_mac_initial_categories, A_mac_min_categories, A_mac_role, A_mac_user_flags, A_max_caps, A_min_caps, A_min_security_level, A_pax_role, A_pm_role, A_pm_task_set, A_pseudo, A_rc_def_role, A_rc_type, A_res_max, A_res_min, A_res_role, A_security_level, A_system_role, AUTH, CAP, DAZ, DEFAULT_GEN_U_ACI, FF, GEN, JAIL, rsbac_attribute_value_t::log_user_based, rsbac_gen_user_aci_t::log_user_based, MAC, rsbac_attribute_value_t::mac_categories, rsbac_attribute_value_t::mac_user_flags, rsbac_attribute_value_t::max_caps, rsbac_attribute_value_t::min_caps, NULL, PAX, PM, rsbac_attribute_value_t::pm_role, rsbac_attribute_value_t::pm_task_set, rsbac_attribute_value_t::pseudo, rsbac_gen_user_aci_t::pseudo, RC, rsbac_attribute_value_t::rc_def_role, rsbac_attribute_value_t::rc_type, RES, rsbac_attribute_value_t::res_array, RSBAC_ALL_USERS, RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, RSBAC_MAC_U_FLAGS, rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_remove(), rsbac_attribute_value_t::security_level, rsbac_attribute_value_t::system_role, rsbac_target_id_t::user, and user_handles. Referenced by rsbac_ta_set_attr(). 12987 {
12988 int err = 0;
12989
12990 #ifdef CONFIG_RSBAC_DEBUG
12991 /*
12992 if (rsbac_debug_ds)
12993 rsbac_printk(KERN_DEBUG
12994 "rsbac_set_attr(): Setting %s user attribute %i for %u to %i\n",
12995 get_switch_target_name(tmp, module), attr, tid_p->user, value_p->dummy);
12996 */
12997 #endif
12998 switch(module)
12999 {
13000 case GEN:
13001 {
13002 struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI;
13003
13004 rsbac_ta_list_get_data_ttl(ta_number,
13005 user_handles.gen,
13006 NULL,
13007 &tid_p->user,
13008 &aci);
13009 switch (attr)
13010 {
13011 case A_pseudo:
13012 aci.pseudo = value_p->pseudo;
13013 break;
13014 case A_log_user_based:
13015 aci.log_user_based = value_p->log_user_based;
13016 break;
13017 default:
13018 err = -RSBAC_EINVALIDATTR;
13019 }
13020 if(!err)
13021 {
13022 err = rsbac_ta_list_add_ttl(ta_number,
13023 user_handles.gen,
13024 0,
13025 &tid_p->user,
13026 &aci);
13027 }
13028 }
13029 break;
13030
13031 #if defined(CONFIG_RSBAC_MAC)
13032 case MAC:
13033 {
13034 struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI;
13035
13036 rsbac_ta_list_get_data_ttl(ta_number,
13037 user_handles.mac,
13038 NULL,
13039 &tid_p->user,
13040 &aci);
13041 switch (attr)
13042 {
13043 case A_security_level:
13044 if(value_p->security_level < aci.min_security_level)
13045 err = -RSBAC_EINVALIDVALUE;
13046 else
13047 aci.security_level = value_p->security_level;
13048 break;
13049 case A_initial_security_level:
13050 if( (value_p->security_level < aci.min_security_level)
13051 || (value_p->security_level > aci.security_level)
13052 )
13053 err = -RSBAC_EINVALIDVALUE;
13054 else
13055 aci.initial_security_level = value_p->security_level;
13056 break;
13057 case A_min_security_level:
13058 if(value_p->security_level > aci.security_level)
13059 err = -RSBAC_EINVALIDVALUE;
13060 else
13061 aci.min_security_level = value_p->security_level;
13062 break;
13063 case A_mac_categories:
13064 if((value_p->mac_categories & aci.mac_min_categories) != aci.mac_min_categories)
13065 err = -RSBAC_EINVALIDVALUE;
13066 else
13067 aci.mac_categories = value_p->mac_categories;
13068 break;
13069 case A_mac_initial_categories:
13070 if( ((value_p->mac_categories & aci.mac_min_categories) != aci.mac_min_categories)
13071 || ((value_p->mac_categories & aci.mac_categories) != value_p->mac_categories)
13072 )
13073 err = -RSBAC_EINVALIDVALUE;
13074 else
13075 aci.mac_initial_categories = value_p->mac_categories;
13076 break;
13077 case A_mac_min_categories:
13078 if((value_p->mac_categories & aci.mac_categories) != value_p->mac_categories)
13079 err = -RSBAC_EINVALIDVALUE;
13080 else
13081 aci.mac_min_categories = value_p->mac_categories;
13082 break;
13083 case A_system_role:
13084 case A_mac_role:
13085 aci.system_role = value_p->system_role;
13086 break;
13087 case A_mac_user_flags:
13088 aci.mac_user_flags = value_p->mac_user_flags & RSBAC_MAC_U_FLAGS;
13089 break;
13090 default:
13091 err = -RSBAC_EINVALIDATTR;
13092 }
13093 if(!err)
13094 {
13095 err = rsbac_ta_list_add_ttl(ta_number,
13096 user_handles.mac,
13097 0,
13098 &tid_p->user,
13099 &aci);
13100 }
13101 }
13102 break;
13103 #endif
13104
13105 #if defined(CONFIG_RSBAC_PM)
13106 case PM:
13107 {
13108 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
13109
13110 rsbac_ta_list_get_data_ttl(ta_number,
13111 user_handles.pm,
13112 NULL,
13113 &tid_p->user,
13114 &aci);
13115 switch (attr)
13116 {
13117 case A_pm_task_set:
13118 aci.pm_task_set = value_p->pm_task_set;
13119 break;
13120 case A_pm_role:
13121 aci.pm_role = value_p->pm_role;
13122 break;
13123 default:
13124 err = -RSBAC_EINVALIDATTR;
13125 }
13126 if(!err)
13127 {
13128 err = rsbac_ta_list_add_ttl(ta_number,
13129 user_handles.pm,
13130 0,
13131 &tid_p->user,
13132 &aci);
13133 }
13134 }
13135 break;
13136 #endif
13137
13138 #if defined(CONFIG_RSBAC_DAZ)
13139 case DAZ:
13140 {
13141 rsbac_system_role_int_t role = value_p->system_role;
13142
13143 switch (attr)
13144 {
13145 case A_system_role:
13146 case A_daz_role:
13147 err = rsbac_ta_list_add_ttl(ta_number,
13148 user_handles.daz,
13149 0,
13150 &tid_p->user,
13151 &role);
13152 break;
13153 default:
13154 err = -RSBAC_EINVALIDATTR;
13155 }
13156 }
13157 break;
13158 #endif
13159
13160 #if defined(CONFIG_RSBAC_FF)
13161 case FF:
13162 {
13163 rsbac_system_role_int_t role = value_p->system_role;
13164
13165 switch (attr)
13166 {
13167 case A_system_role:
13168 case A_ff_role:
13169 err = rsbac_ta_list_add_ttl(ta_number,
13170 user_handles.ff,
13171 0,
13172 &tid_p->user,
13173 &role);
13174 break;
13175 default:
13176 err = -RSBAC_EINVALIDATTR;
13177 }
13178 }
13179 break;
13180 #endif
13181
13182 #if defined(CONFIG_RSBAC_RC)
13183 case RC:
13184 {
13185 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
13186
13187 rsbac_ta_list_get_data_ttl(ta_number,
13188 user_handles.rc,
13189 NULL,
13190 &tid_p->user,
13191 &aci);
13192 switch (attr)
13193 {
13194 case A_rc_def_role:
13195 aci.rc_role = value_p->rc_def_role;
13196 break;
13197 case A_rc_type:
13198 aci.rc_type = value_p->rc_type;
13199 break;
13200 default:
13201 err = -RSBAC_EINVALIDATTR;
13202 }
13203 if(!err)
13204 {
13205 err = rsbac_ta_list_add_ttl(ta_number,
13206 user_handles.rc,
13207 0,
13208 &tid_p->user,
13209 &aci);
13210 }
13211 }
13212 break;
13213 #endif
13214
13215 #if defined(CONFIG_RSBAC_AUTH)
13216 case AUTH:
13217 {
13218 rsbac_system_role_int_t role = value_p->system_role;
13219
13220 switch (attr)
13221 {
13222 case A_system_role:
13223 case A_auth_role:
13224 err = rsbac_ta_list_add_ttl(ta_number,
13225 user_handles.auth,
13226 0,
13227 &tid_p->user,
13228 &role);
13229 break;
13230 default:
13231 err = -RSBAC_EINVALIDATTR;
13232 }
13233 }
13234 break;
13235 #endif
13236
13237 #if defined(CONFIG_RSBAC_CAP)
13238 case CAP:
13239 {
13240 struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI;
13241
13242 rsbac_ta_list_get_data_ttl(ta_number,
13243 user_handles.cap,
13244 NULL,
13245 &tid_p->user,
13246 &aci);
13247 switch (attr)
13248 {
13249 case A_system_role:
13250 case A_cap_role:
13251 aci.cap_role = value_p->system_role;
13252 break;
13253 case A_min_caps:
13254 aci.min_caps = value_p->min_caps;
13255 break;
13256 case A_max_caps:
13257 aci.max_caps = value_p->max_caps;
13258 break;
13259 default:
13260 err = -RSBAC_EINVALIDATTR;
13261 }
13262 if(!err)
13263 {
13264 err = rsbac_ta_list_add_ttl(ta_number,
13265 user_handles.cap,
13266 0,
13267 &tid_p->user,
13268 &aci);
13269 }
13270 }
13271 break;
13272 #endif
13273
13274 #if defined(CONFIG_RSBAC_JAIL)
13275 case JAIL:
13276 {
13277 rsbac_system_role_int_t role = value_p->system_role;
13278
13279 switch (attr)
13280 {
13281 case A_system_role:
13282 case A_jail_role:
13283 err = rsbac_ta_list_add_ttl(ta_number,
13284 user_handles.jail,
13285 0,
13286 &tid_p->user,
13287 &role);
13288 break;
13289 default:
13290 err = -RSBAC_EINVALIDATTR;
13291 }
13292 }
13293 break;
13294 #endif
13295
13296 #if defined(CONFIG_RSBAC_RES)
13297 case RES:
13298 {
13299 struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI;
13300
13301 rsbac_ta_list_get_data_ttl(ta_number,
13302 user_handles.res,
13303 NULL,
13304 &tid_p->user,
13305 &aci);
13306 switch (attr)
13307 {
13308 case A_system_role:
13309 case A_res_role:
13310 aci.res_role = value_p->system_role;
13311 break;
13312 case A_res_min:
13313 memcpy(&aci.res_min, &value_p->res_array, sizeof(aci.res_min));
13314 break;
13315 case A_res_max:
13316 memcpy(&aci.res_max, &value_p->res_array, sizeof(aci.res_max));
13317 break;
13318 default:
13319 err = -RSBAC_EINVALIDATTR;
13320 }
13321 if(!err)
13322 {
13323 struct rsbac_res_user_aci_t def_aci = DEFAULT_RES_U_ACI;
13324
13325 if(tid_p->user != RSBAC_ALL_USERS)
13326 {
13327 rsbac_uid_t all_users = RSBAC_ALL_USERS;
13328
13329 rsbac_ta_list_get_data_ttl(ta_number,
13330 user_handles.res,
13331 NULL,
13332 &all_users,
13333 &def_aci);
13334 }
13335 if(memcmp(&aci, &def_aci, sizeof(aci)))
13336 err = rsbac_ta_list_add_ttl(ta_number,
13337 user_handles.res,
13338 0,
13339 &tid_p->user,
13340 &aci);
13341 else
13342 err = rsbac_ta_list_remove(ta_number,
13343 user_handles.res,
13344 &tid_p->user);
13345 }
13346 }
13347 break;
13348 #endif
13349
13350 #if defined(CONFIG_RSBAC_PAX)
13351 case PAX:
13352 {
13353 rsbac_system_role_int_t role = value_p->system_role;
13354
13355 switch (attr)
13356 {
13357 case A_system_role:
13358 case A_pax_role:
13359 err = rsbac_ta_list_add_ttl(ta_number,
13360 user_handles.pax,
13361 0,
13362 &tid_p->user,
13363 &role);
13364 break;
13365 default:
13366 err = -RSBAC_EINVALIDATTR;
13367 }
13368 }
13369 break;
13370 #endif
13371
13372 default:
13373 err = -RSBAC_EINVALIDMODULE;
13374 }
13375
13376 return err;
13377 }
|
|
|
Definition at line 2073 of file aci_data_structures.c. Referenced by rsbac_get_super_block(). 02074 {
02075 wake_up((void *) dummy);
02076 }
|
|
|
Definition at line 316 of file aci_data_structures.c. References FALSE, KERNEL_VERSION, rsbac_debug_no_write, SOCKFS_MAGIC, SYSFS_MAGIC, and TRUE. Referenced by lookup_aci_path_dentry(), and rsbac_write_open(). 00317 {
00318 #ifdef CONFIG_RSBAC_NO_WRITE
00319 return(FALSE);
00320 #else
00321 if (!sb_p || !sb_p->s_dev)
00322 return(FALSE);
00323 if (
00324 rsbac_debug_no_write ||
00325 (sb_p->s_flags & MS_RDONLY)
00326 || in_interrupt())
00327 return(FALSE);
00328 if ( !MAJOR(sb_p->s_dev)
00329 #ifndef CONFIG_RSBAC_MSDOS_WRITE
00330 || (sb_p->s_magic == MSDOS_SUPER_MAGIC)
00331 #endif
00332 || (sb_p->s_magic == SOCKFS_MAGIC)
00333 || (sb_p->s_magic == PIPEFS_MAGIC)
00334 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00335 || (sb_p->s_magic == SYSFS_MAGIC)
00336 #endif
00337 || (sb_p->s_magic == NFS_SUPER_MAGIC)
00338 || (sb_p->s_magic == CODA_SUPER_MAGIC)
00339 || (sb_p->s_magic == NCP_SUPER_MAGIC)
00340 || (sb_p->s_magic == SMB_SUPER_MAGIC)
00341 || (sb_p->s_magic == ISOFS_SUPER_MAGIC))
00342 return(FALSE);
00343 else
00344 return(TRUE);
00345 #endif
00346 }
|
|
|
Definition at line 120 of file aci_data_structures.c. Referenced by rsbac_do_init(). |
|
|
Definition at line 155 of file aci_data_structures.c. |
|
|
Definition at line 154 of file aci_data_structures.c. |
|
|
Definition at line 129 of file aci_data_structures.c. Referenced by get_attr_dev(), register_dev_lists(), rsbac_stats(), rsbac_ta_list_all_dev(), rsbac_ta_remove_target(), and set_attr_dev(). |
|
|
Definition at line 130 of file aci_data_structures.c. Referenced by get_attr_dev(), register_dev_lists(), rsbac_stats(), rsbac_ta_list_all_dev(), and set_attr_dev(). |
|
|
Definition at line 128 of file aci_data_structures.c. Referenced by add_device_item(), get_attr_fd(), lookup_aci_path_dentry(), lookup_device(), remove_device_item(), rsbac_do_init(), rsbac_free_dat_dentries(), rsbac_get_parent(), rsbac_get_super_block(), rsbac_mount(), rsbac_stats(), rsbac_ta_remove_target(), rsbac_umount(), and set_attr_fd(). |
|
|
Definition at line 131 of file aci_data_structures.c. Referenced by get_attr_ipc(), register_ipc_lists(), rsbac_stats(), rsbac_ta_remove_target(), and set_attr_ipc(). |
|
|
Definition at line 136 of file aci_data_structures.c. Referenced by get_attr_process(), register_process_lists(), rsbac_init(), rsbac_kthread_notify(), rsbac_stats(), rsbac_ta_remove_target(), and set_attr_process(). |
|
|
Definition at line 118 of file aci_data_structures.c. Referenced by rsbac_do_init(), rsbac_free_dat_dentries(), rsbac_init(), rsbac_is_initialized(), rsbac_kthread_notify(), rsbac_mark_kthread(), rsbac_mount(), rsbac_stats(), rsbac_ta_get_attr(), rsbac_ta_remove_target(), rsbac_ta_set_attr(), and rsbac_umount(). |
|
|
Definition at line 7981 of file aci_data_structures.c. |
|
|
Definition at line 7982 of file aci_data_structures.c. |
|
|
Definition at line 122 of file aci_data_structures.c. Referenced by read_info(), rsbac_do_init(), rsbac_init(), rsbac_init_acl(), rsbac_init_auth(), rsbac_init_mac(), rsbac_list_lol_register(), rsbac_list_register(), rsbac_mount(), and write_info(). |
|
|
Definition at line 203 of file aci_data_structures.c. Referenced by rsbac_do_init(), rsbac_mount(), and rsbac_umount(). |
|
|
Definition at line 204 of file aci_data_structures.c. Referenced by rsbac_do_init(), rsbac_mount(), and rsbac_umount(). |
|
|
Definition at line 132 of file aci_data_structures.c. Referenced by get_attr_user(), register_user_lists(), rsbac_init(), rsbac_stats(), rsbac_ta_list_all_user(), rsbac_ta_remove_target(), and set_attr_user(). |
1.4.2