00001
00002
00003
00004
00005
00006
00007
00008
00009 #include <linux/string.h>
00010 #include <linux/types.h>
00011 #include <linux/fs.h>
00012 #include <linux/sched.h>
00013 #include <linux/file.h>
00014 #include <linux/mm.h>
00015 #include <linux/init.h>
00016 #include <asm/uaccess.h>
00017 #include <rsbac/aci_data_structures.h>
00018 #include <rsbac/rc_types.h>
00019 #include <rsbac/rc_data_structures.h>
00020 #include <rsbac/error.h>
00021 #include <rsbac/helpers.h>
00022 #include <rsbac/fs.h>
00023 #include <rsbac/adf.h>
00024 #include <rsbac/acl.h>
00025 #include <rsbac/getname.h>
00026 #include <rsbac/rc_getname.h>
00027 #include <rsbac/proc_fs.h>
00028 #include <rsbac/rkmem.h>
00029 #include <rsbac/request_groups.h>
00030 #include <linux/smp_lock.h>
00031
00032 #ifdef CONFIG_RSBAC_RC_NR_ROLES
00033 #endif
00034
00035
00036
00037
00038
00039
00040
00041 static rsbac_list_handle_t role_handle = NULL;
00042 static rsbac_list_handle_t role_rc_handle = NULL;
00043 static rsbac_list_handle_t role_adr_handle = NULL;
00044 static rsbac_list_handle_t role_asr_handle = NULL;
00045 static rsbac_list_handle_t role_dfdc_handle = NULL;
00046 static rsbac_list_handle_t role_tcfd_handle = NULL;
00047 static rsbac_list_handle_t role_tcdv_handle = NULL;
00048 static rsbac_list_handle_t role_tcus_handle = NULL;
00049 static rsbac_list_handle_t role_tcpr_handle = NULL;
00050 static rsbac_list_handle_t role_tcip_handle = NULL;
00051 static rsbac_list_handle_t role_tcsc_handle = NULL;
00052 static rsbac_list_handle_t role_tcgr_handle = NULL;
00053 static rsbac_list_handle_t role_tcnd_handle = NULL;
00054 static rsbac_list_handle_t role_tcnt_handle = NULL;
00055 static rsbac_list_handle_t role_tcno_handle = NULL;
00056
00057 static rsbac_list_handle_t type_fd_handle = NULL;
00058 static rsbac_list_handle_t type_dev_handle = NULL;
00059 static rsbac_list_handle_t type_ipc_handle = NULL;
00060 static rsbac_list_handle_t type_user_handle = NULL;
00061 static rsbac_list_handle_t type_process_handle = NULL;
00062 static rsbac_list_handle_t type_group_handle = NULL;
00063 static rsbac_list_handle_t type_netdev_handle = NULL;
00064 static rsbac_list_handle_t type_nettemp_handle = NULL;
00065 static rsbac_list_handle_t type_netobj_handle = NULL;
00066
00067
00068
00069
00070
00071
00072
00073
00074
00075
00076
00077
00078
00079
00080
00081 #ifdef CONFIG_RSBAC_INIT_DELAY
00082 static int role_conv(
00083 #else
00084 static int __init role_conv(
00085 #endif
00086 void * old_desc,
00087 void * old_data,
00088 void * new_desc,
00089 void * new_data)
00090 {
00091 struct rsbac_rc_role_entry_t * new = new_data;
00092 struct rsbac_rc_old_role_entry_t * old = old_data;
00093
00094 memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t));
00095 new->admin_type = old->admin_type;
00096 memcpy(new->name, old->name, RSBAC_RC_NAME_LEN);
00097 new->def_fd_create_type = old->def_fd_create_type;
00098 new->def_user_create_type = old->def_user_create_type;
00099 new->def_process_create_type = old->def_process_create_type;
00100 new->def_process_chown_type = old->def_process_chown_type;
00101 new->def_process_execute_type = old->def_process_execute_type;
00102 new->def_ipc_create_type = old->def_ipc_create_type;
00103 new->def_group_create_type = RSBAC_RC_GENERAL_TYPE;
00104 new->boot_role = old->boot_role;
00105 return 0;
00106 }
00107
00108 #ifdef CONFIG_RSBAC_INIT_DELAY
00109 static int old_role_conv(
00110 #else
00111 static int __init old_role_conv(
00112 #endif
00113 void * old_desc,
00114 void * old_data,
00115 void * new_desc,
00116 void * new_data)
00117 {
00118 struct rsbac_rc_role_entry_t * new = new_data;
00119 struct rsbac_rc_old_role_entry_t * old = old_data;
00120
00121 memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t));
00122 new->admin_type = old->admin_type;
00123 memcpy(new->name, old->name, RSBAC_RC_NAME_LEN);
00124 new->def_fd_create_type = old->def_fd_create_type;
00125 new->def_user_create_type = RSBAC_RC_GENERAL_TYPE;
00126 new->def_process_create_type = old->def_process_create_type;
00127 new->def_process_chown_type = old->def_process_chown_type;
00128 new->def_process_execute_type = old->def_process_execute_type;
00129 new->def_ipc_create_type = old->def_ipc_create_type;
00130 new->def_group_create_type = RSBAC_RC_GENERAL_TYPE;
00131 new->boot_role = FALSE;
00132 return 0;
00133 }
00134
00135 #ifdef CONFIG_RSBAC_INIT_DELAY
00136 static rsbac_list_conv_function_t * role_get_conv(rsbac_version_t old_version)
00137 #else
00138 static rsbac_list_conv_function_t * __init role_get_conv(rsbac_version_t old_version)
00139 #endif
00140 {
00141 switch(old_version)
00142 {
00143 case RSBAC_RC_ROLE_OLD_LIST_VERSION:
00144 return role_conv;
00145 case RSBAC_RC_ROLE_OLD_OLD_LIST_VERSION:
00146 return old_role_conv;
00147 default:
00148 return NULL;
00149 }
00150 }
00151
00152 #ifdef CONFIG_RSBAC_INIT_DELAY
00153 static int tc_subconv(
00154 #else
00155 static int __init tc_subconv(
00156 #endif
00157 void * old_desc,
00158 void * old_data,
00159 void * new_desc,
00160 void * new_data)
00161 {
00162 rsbac_rc_rights_vector_t * new = new_data;
00163 rsbac_rc_rights_vector_t * old = old_data;
00164
00165 memcpy(new_desc, old_desc, sizeof(rsbac_rc_type_id_t));
00166 *new = (*old & RSBAC_ALL_REQUEST_VECTOR)
00167 | ( (*old & ~(RSBAC_ALL_REQUEST_VECTOR)) << (RSBAC_RC_SPECIAL_RIGHT_BASE - RSBAC_RC_OLD_SPECIAL_RIGHT_BASE));
00168 return 0;
00169 }
00170
00171 #ifdef CONFIG_RSBAC_INIT_DELAY
00172 static rsbac_list_conv_function_t * tcfd_get_subconv(rsbac_version_t old_version)
00173 #else
00174 static rsbac_list_conv_function_t * __init tcfd_get_subconv(rsbac_version_t old_version)
00175 #endif
00176 {
00177 switch(old_version)
00178 {
00179 case RSBAC_RC_ROLE_TCFD_OLD_LIST_VERSION:
00180 return tc_subconv;
00181 default:
00182 return NULL;
00183 }
00184 }
00185
00186 #ifdef CONFIG_RSBAC_INIT_DELAY
00187 static int tc_conv(
00188 #else
00189 static int __init tc_conv(
00190 #endif
00191 void * old_desc,
00192 void * old_data,
00193 void * new_desc,
00194 void * new_data)
00195 {
00196 memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t));
00197 return 0;
00198 }
00199
00200 #ifdef CONFIG_RSBAC_INIT_DELAY
00201 static rsbac_list_conv_function_t * tcfd_get_conv(rsbac_version_t old_version)
00202 #else
00203 static rsbac_list_conv_function_t * __init tcfd_get_conv(rsbac_version_t old_version)
00204 #endif
00205 {
00206 switch(old_version)
00207 {
00208 case RSBAC_RC_ROLE_TCFD_OLD_LIST_VERSION:
00209 return tc_conv;
00210 default:
00211 return NULL;
00212 }
00213 }
00214
00215 #ifdef CONFIG_RSBAC_INIT_DELAY
00216 static int rsbac_rc_role_compare_data(void * data1, void * data2)
00217 #else
00218 static int __init rsbac_rc_role_compare_data(void * data1, void * data2)
00219 #endif
00220 {
00221 struct rsbac_rc_role_entry_t * role = data1;
00222
00223 if(!data1)
00224 return 1;
00225 if(role->boot_role)
00226 return 0;
00227 else
00228 return 1;
00229 }
00230
00231
00232
00233
00234
00235 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00236 static int
00237 stats_rc_proc_info(char *buffer, char **start, off_t offset, int length)
00238 {
00239 union rsbac_target_id_t rsbac_target_id;
00240 union rsbac_attribute_value_t rsbac_attribute_value;
00241
00242 u_int len = 0;
00243 off_t pos = 0;
00244 off_t begin = 0;
00245
00246 if (!rsbac_is_initialized())
00247 {
00248 rsbac_printk(KERN_WARNING "stats_rc_proc_info(): RSBAC not initialized\n");
00249 return(-RSBAC_ENOTINITIALIZED);
00250 }
00251 #ifdef CONFIG_RSBAC_DEBUG
00252 if (rsbac_debug_aef_rc)
00253 {
00254 rsbac_printk(KERN_DEBUG "stats_rc_proc_info(): calling ADF\n");
00255 }
00256 #endif
00257 rsbac_target_id.scd = ST_rsbac;
00258 rsbac_attribute_value.dummy = 0;
00259 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00260 current->pid,
00261 T_SCD,
00262 rsbac_target_id,
00263 A_none,
00264 rsbac_attribute_value))
00265 {
00266 return -EPERM;
00267 }
00268
00269 len += sprintf(buffer, "RC Status\n---------\n");
00270 pos = begin + len;
00271 if (pos < offset)
00272 {
00273 len = 0;
00274 begin = pos;
00275 }
00276 if (pos > offset+length)
00277 goto out;
00278
00279 len += sprintf(buffer + len, "Role entry size is %Zd, %lu entries used\n",
00280 sizeof(struct rsbac_rc_role_entry_t),
00281 rsbac_list_count(role_handle));
00282 pos = begin + len;
00283 if (pos < offset)
00284 {
00285 len = 0;
00286 begin = pos;
00287 }
00288 if (pos > offset+length)
00289 goto out;
00290
00291 len += sprintf(buffer + len, "Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, group: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
00292 rsbac_list_count(type_fd_handle),
00293 rsbac_list_count(type_dev_handle),
00294 rsbac_list_count(type_ipc_handle),
00295 rsbac_list_count(type_user_handle),
00296 rsbac_list_count(type_process_handle),
00297 rsbac_list_count(type_group_handle),
00298 rsbac_list_count(type_netdev_handle),
00299 rsbac_list_count(type_nettemp_handle),
00300 rsbac_list_count(type_netobj_handle));
00301 pos = begin + len;
00302 if (pos < offset)
00303 {
00304 len = 0;
00305 begin = pos;
00306 }
00307
00308 out:
00309 *start = buffer + (offset - begin);
00310 len -= (offset - begin);
00311
00312 if (len > length)
00313 len = length;
00314 return len;
00315 }
00316
00317 #endif
00318
00319
00320
00321
00322
00323
00324
00325
00326
00327
00328
00329
00330
00331
00332
00333 #ifdef CONFIG_RSBAC_INIT_DELAY
00334 static void registration_error(int err, char * listname)
00335 #else
00336 static void __init registration_error(int err, char * listname)
00337 #endif
00338 {
00339 if(err)
00340 {
00341 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00342
00343 if(tmp)
00344 {
00345 rsbac_printk(KERN_WARNING
00346 "rsbac_init_rc(): Registering RC %s list failed with error %s\n",
00347 listname,
00348 get_error_name(tmp, err));
00349 rsbac_kfree(tmp);
00350 }
00351 }
00352 }
00353
00354 #ifdef CONFIG_RSBAC_INIT_DELAY
00355 int rsbac_init_rc(void)
00356 #else
00357 int __init rsbac_init_rc(void)
00358 #endif
00359 {
00360 int err = 0;
00361 struct proc_dir_entry * tmp_entry_p;
00362 struct rsbac_list_lol_info_t lol_info;
00363 struct rsbac_list_info_t list_info;
00364 rsbac_rc_rights_vector_t def_tc = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
00365
00366 if (rsbac_is_initialized())
00367 {
00368 rsbac_printk(KERN_WARNING "rsbac_init_rc(): RSBAC already initialized\n");
00369 return(-RSBAC_EREINIT);
00370 }
00371
00372
00373 rsbac_printk(KERN_INFO "rsbac_init_rc(): Initializing RSBAC: RC subsystem\n");
00374 #ifdef CONFIG_RSBAC_DEBUG
00375 if(rsbac_debug_stack)
00376 {
00377 unsigned long * n = (unsigned long *) (current+1);
00378
00379 while (!*n)
00380 n++;
00381 rsbac_printk(KERN_DEBUG "rsbac_init_rc: free stack: %lu\n",
00382 (unsigned long) n - (unsigned long)(current+1));
00383 }
00384 #endif
00385
00386 list_info.version = RSBAC_RC_ROLE_LIST_VERSION;
00387 list_info.key = RSBAC_RC_LIST_KEY;
00388 list_info.desc_size = sizeof(rsbac_rc_role_id_t);
00389 list_info.data_size = sizeof(struct rsbac_rc_role_entry_t);
00390 list_info.max_age = 0;
00391 err = rsbac_list_register(RSBAC_LIST_VERSION,
00392 &role_handle,
00393 &list_info,
00394 #if defined(CONFIG_RSBAC_RC_BACKUP)
00395 RSBAC_LIST_BACKUP |
00396 #endif
00397 RSBAC_LIST_PERSIST,
00398 rsbac_list_compare_u32,
00399 role_get_conv,
00400 NULL,
00401 RSBAC_RC_ROLE_FILENAME,
00402 RSBAC_AUTO_DEV);
00403 if(err)
00404 {
00405 registration_error(err, "role");
00406 }
00407
00408 lol_info.version = RSBAC_RC_ROLE_RC_LIST_VERSION;
00409 lol_info.key = RSBAC_RC_LIST_KEY;
00410 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00411 lol_info.data_size = 0;
00412 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t);
00413 lol_info.subdata_size = 0;
00414 lol_info.max_age = 0;
00415 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00416 &role_rc_handle,
00417 &lol_info,
00418 #if defined(CONFIG_RSBAC_RC_BACKUP)
00419 RSBAC_LIST_BACKUP |
00420 #endif
00421 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
00422 rsbac_list_compare_u32,
00423 rsbac_list_compare_u32,
00424 NULL,
00425 NULL,
00426 NULL,
00427 NULL,
00428 RSBAC_RC_ROLE_RC_FILENAME,
00429 RSBAC_AUTO_DEV);
00430 if(err)
00431 {
00432 registration_error(err, "role compatibilities");
00433 }
00434 lol_info.version = RSBAC_RC_ROLE_ADR_LIST_VERSION;
00435 lol_info.key = RSBAC_RC_LIST_KEY;
00436 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00437 lol_info.data_size = 0;
00438 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t);
00439 lol_info.subdata_size = 0;
00440 lol_info.max_age = 0;
00441 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00442 &role_adr_handle,
00443 &lol_info,
00444 #if defined(CONFIG_RSBAC_RC_BACKUP)
00445 RSBAC_LIST_BACKUP |
00446 #endif
00447 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
00448 rsbac_list_compare_u32,
00449 rsbac_list_compare_u32,
00450 NULL,
00451 NULL,
00452 NULL,
00453 NULL,
00454 RSBAC_RC_ROLE_ADR_FILENAME,
00455 RSBAC_AUTO_DEV);
00456 if(err)
00457 {
00458 registration_error(err, "admin roles");
00459 }
00460 lol_info.version = RSBAC_RC_ROLE_ASR_LIST_VERSION;
00461 lol_info.key = RSBAC_RC_LIST_KEY;
00462 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00463 lol_info.data_size = 0;
00464 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t);
00465 lol_info.subdata_size = 0;
00466 lol_info.max_age = 0;
00467 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00468 &role_asr_handle,
00469 &lol_info,
00470 #if defined(CONFIG_RSBAC_RC_BACKUP)
00471 RSBAC_LIST_BACKUP |
00472 #endif
00473 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
00474 rsbac_list_compare_u32,
00475 rsbac_list_compare_u32,
00476 NULL,
00477 NULL,
00478 NULL,
00479 NULL,
00480 RSBAC_RC_ROLE_ASR_FILENAME,
00481 RSBAC_AUTO_DEV);
00482 if(err)
00483 {
00484 registration_error(err, "assign roles");
00485 }
00486 lol_info.version = RSBAC_RC_ROLE_DFDC_LIST_VERSION;
00487 lol_info.key = RSBAC_RC_LIST_KEY;
00488 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00489 lol_info.data_size = 0;
00490 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00491 lol_info.subdata_size = sizeof(rsbac_rc_type_id_t);
00492 lol_info.max_age = 0;
00493 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00494 &role_dfdc_handle,
00495 &lol_info,
00496 #if defined(CONFIG_RSBAC_RC_BACKUP)
00497 RSBAC_LIST_BACKUP |
00498 #endif
00499 RSBAC_LIST_PERSIST |
00500 RSBAC_LIST_DEF_DATA,
00501 rsbac_list_compare_u32,
00502 rsbac_list_compare_u32,
00503 NULL,
00504 NULL,
00505 NULL,
00506 NULL,
00507 RSBAC_RC_ROLE_DFDC_FILENAME,
00508 RSBAC_AUTO_DEV);
00509 if(err)
00510 {
00511 registration_error(err, "Role default FD create types");
00512 }
00513 lol_info.version = RSBAC_RC_ROLE_TCFD_LIST_VERSION;
00514 lol_info.key = RSBAC_RC_LIST_KEY;
00515 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00516 lol_info.data_size = 0;
00517 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00518 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00519 lol_info.max_age = 0;
00520 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00521 &role_tcfd_handle,
00522 &lol_info,
00523 #if defined(CONFIG_RSBAC_RC_BACKUP)
00524 RSBAC_LIST_BACKUP |
00525 #endif
00526 RSBAC_LIST_PERSIST |
00527 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00528 rsbac_list_compare_u32,
00529 rsbac_list_compare_u32,
00530 tcfd_get_conv,
00531 tcfd_get_subconv,
00532 NULL,
00533 &def_tc,
00534 RSBAC_RC_ROLE_TCFD_FILENAME,
00535 RSBAC_AUTO_DEV);
00536 if(err)
00537 {
00538 registration_error(err, "Role FD type compatibilities");
00539 }
00540 lol_info.version = RSBAC_RC_ROLE_TCDV_LIST_VERSION;
00541 lol_info.key = RSBAC_RC_LIST_KEY;
00542 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00543 lol_info.data_size = 0;
00544 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00545 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00546 lol_info.max_age = 0;
00547 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00548 &role_tcdv_handle,
00549 &lol_info,
00550 #if defined(CONFIG_RSBAC_RC_BACKUP)
00551 RSBAC_LIST_BACKUP |
00552 #endif
00553 RSBAC_LIST_PERSIST |
00554 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00555 rsbac_list_compare_u32,
00556 rsbac_list_compare_u32,
00557 tcfd_get_conv,
00558 tcfd_get_subconv,
00559 NULL,
00560 &def_tc,
00561 RSBAC_RC_ROLE_TCDV_FILENAME,
00562 RSBAC_AUTO_DEV);
00563 if(err)
00564 {
00565 registration_error(err, "Role DEV type compatibilities");
00566 }
00567 lol_info.version = RSBAC_RC_ROLE_TCUS_LIST_VERSION;
00568 lol_info.key = RSBAC_RC_LIST_KEY;
00569 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00570 lol_info.data_size = 0;
00571 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00572 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00573 lol_info.max_age = 0;
00574 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00575 &role_tcus_handle,
00576 &lol_info,
00577 #if defined(CONFIG_RSBAC_RC_BACKUP)
00578 RSBAC_LIST_BACKUP |
00579 #endif
00580 RSBAC_LIST_PERSIST |
00581 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00582 rsbac_list_compare_u32,
00583 rsbac_list_compare_u32,
00584 tcfd_get_conv,
00585 tcfd_get_subconv,
00586 NULL,
00587 &def_tc,
00588 RSBAC_RC_ROLE_TCUS_FILENAME,
00589 RSBAC_AUTO_DEV);
00590 if(err)
00591 {
00592 registration_error(err, "Role User type compatibilities");
00593 }
00594 lol_info.version = RSBAC_RC_ROLE_TCPR_LIST_VERSION;
00595 lol_info.key = RSBAC_RC_LIST_KEY;
00596 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00597 lol_info.data_size = 0;
00598 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00599 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00600 lol_info.max_age = 0;
00601 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00602 &role_tcpr_handle,
00603 &lol_info,
00604 #if defined(CONFIG_RSBAC_RC_BACKUP)
00605 RSBAC_LIST_BACKUP |
00606 #endif
00607 RSBAC_LIST_PERSIST |
00608 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00609 rsbac_list_compare_u32,
00610 rsbac_list_compare_u32,
00611 tcfd_get_conv,
00612 tcfd_get_subconv,
00613 NULL,
00614 &def_tc,
00615 RSBAC_RC_ROLE_TCPR_FILENAME,
00616 RSBAC_AUTO_DEV);
00617 if(err)
00618 {
00619 registration_error(err, "Role Process type compatibilities");
00620 }
00621 lol_info.version = RSBAC_RC_ROLE_TCIP_LIST_VERSION;
00622 lol_info.key = RSBAC_RC_LIST_KEY;
00623 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00624 lol_info.data_size = 0;
00625 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00626 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00627 lol_info.max_age = 0;
00628 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00629 &role_tcip_handle,
00630 &lol_info,
00631 #if defined(CONFIG_RSBAC_RC_BACKUP)
00632 RSBAC_LIST_BACKUP |
00633 #endif
00634 RSBAC_LIST_PERSIST |
00635 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00636 rsbac_list_compare_u32,
00637 rsbac_list_compare_u32,
00638 tcfd_get_conv,
00639 tcfd_get_subconv,
00640 NULL,
00641 &def_tc,
00642 RSBAC_RC_ROLE_TCIP_FILENAME,
00643 RSBAC_AUTO_DEV);
00644 if(err)
00645 {
00646 registration_error(err, "Role IPC type compatibilities");
00647 }
00648 lol_info.version = RSBAC_RC_ROLE_TCSC_LIST_VERSION;
00649 lol_info.key = RSBAC_RC_LIST_KEY;
00650 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00651 lol_info.data_size = 0;
00652 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00653 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00654 lol_info.max_age = 0;
00655 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00656 &role_tcsc_handle,
00657 &lol_info,
00658 #if defined(CONFIG_RSBAC_RC_BACKUP)
00659 RSBAC_LIST_BACKUP |
00660 #endif
00661 RSBAC_LIST_PERSIST |
00662 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00663 rsbac_list_compare_u32,
00664 rsbac_list_compare_u32,
00665 tcfd_get_conv,
00666 tcfd_get_subconv,
00667 NULL,
00668 &def_tc,
00669 RSBAC_RC_ROLE_TCSC_FILENAME,
00670 RSBAC_AUTO_DEV);
00671 if(err)
00672 {
00673 registration_error(err, "Role SCD type compatibilities");
00674 }
00675 lol_info.version = RSBAC_RC_ROLE_TCGR_LIST_VERSION;
00676 lol_info.key = RSBAC_RC_LIST_KEY;
00677 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00678 lol_info.data_size = 0;
00679 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00680 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00681 lol_info.max_age = 0;
00682 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00683 &role_tcgr_handle,
00684 &lol_info,
00685 #if defined(CONFIG_RSBAC_RC_BACKUP)
00686 RSBAC_LIST_BACKUP |
00687 #endif
00688 RSBAC_LIST_PERSIST |
00689 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00690 rsbac_list_compare_u32,
00691 rsbac_list_compare_u32,
00692 tcfd_get_conv,
00693 tcfd_get_subconv,
00694 NULL,
00695 &def_tc,
00696 RSBAC_RC_ROLE_TCGR_FILENAME,
00697 RSBAC_AUTO_DEV);
00698 if(err)
00699 {
00700 registration_error(err, "Role Group type compatibilities");
00701 }
00702 lol_info.version = RSBAC_RC_ROLE_TCND_LIST_VERSION;
00703 lol_info.key = RSBAC_RC_LIST_KEY;
00704 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00705 lol_info.data_size = 0;
00706 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00707 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00708 lol_info.max_age = 0;
00709 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00710 &role_tcnd_handle,
00711 &lol_info,
00712 #if defined(CONFIG_RSBAC_RC_BACKUP)
00713 RSBAC_LIST_BACKUP |
00714 #endif
00715 RSBAC_LIST_PERSIST |
00716 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00717 rsbac_list_compare_u32,
00718 rsbac_list_compare_u32,
00719 tcfd_get_conv,
00720 tcfd_get_subconv,
00721 NULL,
00722 &def_tc,
00723 RSBAC_RC_ROLE_TCND_FILENAME,
00724 RSBAC_AUTO_DEV);
00725 if(err)
00726 {
00727 registration_error(err, "Role NETDEV type compatibilities");
00728 }
00729 lol_info.version = RSBAC_RC_ROLE_TCNT_LIST_VERSION;
00730 lol_info.key = RSBAC_RC_LIST_KEY;
00731 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00732 lol_info.data_size = 0;
00733 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00734 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00735 lol_info.max_age = 0;
00736 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00737 &role_tcnt_handle,
00738 &lol_info,
00739 #if defined(CONFIG_RSBAC_RC_BACKUP)
00740 RSBAC_LIST_BACKUP |
00741 #endif
00742 RSBAC_LIST_PERSIST |
00743 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00744 rsbac_list_compare_u32,
00745 rsbac_list_compare_u32,
00746 tcfd_get_conv,
00747 tcfd_get_subconv,
00748 NULL,
00749 &def_tc,
00750 RSBAC_RC_ROLE_TCNT_FILENAME,
00751 RSBAC_AUTO_DEV);
00752 if(err)
00753 {
00754 registration_error(err, "Role NETTEMP type compatibilities");
00755 }
00756 lol_info.version = RSBAC_RC_ROLE_TCNO_LIST_VERSION;
00757 lol_info.key = RSBAC_RC_LIST_KEY;
00758 lol_info.desc_size = sizeof(rsbac_rc_role_id_t);
00759 lol_info.data_size = 0;
00760 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t);
00761 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t);
00762 lol_info.max_age = 0;
00763 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00764 &role_tcno_handle,
00765 &lol_info,
00766 #if defined(CONFIG_RSBAC_RC_BACKUP)
00767 RSBAC_LIST_BACKUP |
00768 #endif
00769 RSBAC_LIST_PERSIST |
00770 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA,
00771 rsbac_list_compare_u32,
00772 rsbac_list_compare_u32,
00773 tcfd_get_conv,
00774 tcfd_get_subconv,
00775 NULL,
00776 &def_tc,
00777 RSBAC_RC_ROLE_TCNO_FILENAME,
00778 RSBAC_AUTO_DEV);
00779 if(err)
00780 {
00781 registration_error(err, "Role NETOBJ type compatibilities");
00782 }
00783
00784
00785 if(!rsbac_no_defaults && !rsbac_list_count(role_handle))
00786 {
00787 rsbac_rc_role_id_t role;
00788 rsbac_rc_type_id_t type;
00789 rsbac_rc_rights_vector_t rights;
00790 struct rsbac_rc_role_entry_t gen_entry = RSBAC_RC_GENERAL_ROLE_ENTRY;
00791 struct rsbac_rc_role_entry_t ra_entry = RSBAC_RC_ROLE_ADMIN_ROLE_ENTRY;
00792 struct rsbac_rc_role_entry_t sa_entry = RSBAC_RC_SYSTEM_ADMIN_ROLE_ENTRY;
00793 struct rsbac_rc_role_entry_t au_entry = RSBAC_RC_AUDITOR_ROLE_ENTRY;
00794 struct rsbac_rc_role_entry_t bo_entry = RSBAC_RC_BOOT_ROLE_ENTRY;
00795 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00796
00797 if(tmp)
00798 {
00799 rsbac_printk(KERN_WARNING
00800 "rsbac_init_rc(): no RC roles read, generating default role entries!\n");
00801 rsbac_kfree(tmp);
00802 }
00803
00804 role = RSBAC_RC_GENERAL_ROLE;
00805 if(!rsbac_list_add(role_handle, &role, &gen_entry))
00806 {
00807 if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL))
00808 {
00809 type = RSBAC_RC_GENERAL_TYPE;
00810 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_EXECUTE_REQUEST_VECTOR)
00811 & RSBAC_FD_REQUEST_VECTOR;
00812 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
00813 }
00814 if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL))
00815 {
00816 type = RSBAC_RC_GENERAL_TYPE;
00817 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_DEV_REQUEST_VECTOR;
00818 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
00819 }
00820 if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL))
00821 {
00822 type = RSBAC_RC_GENERAL_TYPE;
00823 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
00824 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
00825 }
00826 if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL))
00827 {
00828 type = RSBAC_RC_GENERAL_TYPE;
00829 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_PROCESS_REQUEST_VECTOR;
00830 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
00831 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
00832 rights = RSBAC_READ_REQUEST_VECTOR & RSBAC_PROCESS_REQUEST_VECTOR;
00833 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
00834 }
00835 if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL))
00836 {
00837 type = RSBAC_RC_GENERAL_TYPE;
00838 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_IPC_REQUEST_VECTOR;
00839 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
00840 }
00841 if(!rsbac_list_lol_add(role_tcgr_handle, &role, NULL))
00842 {
00843 type = RSBAC_RC_GENERAL_TYPE;
00844 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
00845 rsbac_list_lol_subadd(role_tcgr_handle, &role, &type, &rights);
00846 }
00847 if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL))
00848 {
00849 type = RSBAC_RC_GENERAL_TYPE;
00850 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETDEV_REQUEST_VECTOR;
00851 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
00852 }
00853 if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL))
00854 {
00855 type = RSBAC_RC_GENERAL_TYPE;
00856 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETOBJ_REQUEST_VECTOR;
00857 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights);
00858 }
00859 if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL))
00860 {
00861 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00862 type = ST_ioports;
00863 rights = RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA);
00864 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
00865 #endif
00866 type = ST_rlimit;
00867 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
00868 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA);
00869 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
00870 type = ST_other;
00871 rights = RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC);
00872 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
00873 type = ST_network;
00874 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA);
00875 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
00876 }
00877 }
00878 role = RSBAC_RC_ROLE_ADMIN_ROLE;
00879 if(!rsbac_list_add(role_handle, &role, &ra_entry))
00880 {
00881 if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL))
00882 {
00883 type = RSBAC_RC_GENERAL_TYPE;
00884 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR
00885 | RSBAC_EXECUTE_REQUEST_VECTOR
00886 | RSBAC_SECURITY_REQUEST_VECTOR)
00887 & RSBAC_FD_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00888 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
00889 type = RSBAC_RC_SEC_TYPE;
00890 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
00891 type = RSBAC_RC_SYS_TYPE;
00892 rights = (RSBAC_READ_REQUEST_VECTOR & RSBAC_FD_REQUEST_VECTOR)
00893 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00894 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
00895 }
00896 if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL))
00897 {
00898 type = RSBAC_RC_GENERAL_TYPE;
00899 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00900 & RSBAC_DEV_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00901 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
00902 type = RSBAC_RC_SEC_TYPE;
00903 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00904 & RSBAC_DEV_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00905 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
00906 }
00907 if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL))
00908 {
00909 type = RSBAC_RC_GENERAL_TYPE;
00910 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00911 & RSBAC_USER_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00912 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
00913 type = RSBAC_RC_SYS_TYPE;
00914 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00915 & RSBAC_USER_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00916 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
00917 type = RSBAC_RC_SEC_TYPE;
00918 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00919 & RSBAC_USER_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00920 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
00921 }
00922 if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL))
00923 {
00924 type = RSBAC_RC_GENERAL_TYPE;
00925 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00926 & RSBAC_PROCESS_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00927 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
00928 type = RSBAC_RC_SEC_TYPE;
00929 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00930 & RSBAC_PROCESS_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00931 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
00932 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
00933 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00934 & RSBAC_PROCESS_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00935 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
00936 }
00937 if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL))
00938 {
00939 type = RSBAC_RC_GENERAL_TYPE;
00940 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00941 & RSBAC_IPC_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00942 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
00943 type = RSBAC_RC_SEC_TYPE;
00944 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00945 & RSBAC_IPC_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00946 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
00947 }
00948 if(!rsbac_list_lol_add(role_tcgr_handle, &role, NULL))
00949 {
00950 type = RSBAC_RC_GENERAL_TYPE;
00951 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00952 & RSBAC_GROUP_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00953 rsbac_list_lol_subadd(role_tcgr_handle, &role, &type, &rights);
00954 }
00955 if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL))
00956 {
00957 type = RSBAC_RC_GENERAL_TYPE;
00958 rights = ((RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA) | RSBAC_SECURITY_REQUEST_VECTOR)
00959 & RSBAC_NETDEV_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00960 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
00961 type = RSBAC_RC_SEC_TYPE;
00962 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
00963 type = RSBAC_RC_SYS_TYPE;
00964 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
00965 }
00966 if(!rsbac_list_lol_add(role_tcnt_handle, &role, NULL))
00967 {
00968 type = RSBAC_RC_GENERAL_TYPE;
00969 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00970 & RSBAC_NETTEMP_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00971 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights);
00972 type = RSBAC_RC_SEC_TYPE;
00973 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00974 & RSBAC_NETTEMP_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00975 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights);
00976 }
00977 if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL))
00978 {
00979 type = RSBAC_RC_GENERAL_TYPE;
00980 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR)
00981 & RSBAC_NETOBJ_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00982 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights);
00983 }
00984 if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL))
00985 {
00986 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00987 type = ST_ioports;
00988 rights = RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA)
00989 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00990 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
00991 #endif
00992 type = ST_rlimit;
00993 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00994 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
00995 type = ST_rsbac;
00996 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00997 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
00998 type = ST_rsbaclog;
00999 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01000 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01001 type = ST_other;
01002 rights = RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC)
01003 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA)
01004 | RSBAC_RC_RIGHTS_VECTOR(R_SWITCH_LOG)
01005 | RSBAC_RC_RIGHTS_VECTOR(R_SWITCH_MODULE)
01006 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01007 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01008 type = ST_network;
01009 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
01010 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01011 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01012 type = ST_firewall;
01013 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
01014 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01015 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01016 type = RST_auth_administration;
01017 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01018 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01019 type = ST_sysfs;
01020 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
01021 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
01022 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01023 }
01024 }
01025 role = RSBAC_RC_SYSTEM_ADMIN_ROLE;
01026 if(!rsbac_list_add(role_handle, &role, &sa_entry))
01027 {
01028 if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL))
01029 {
01030 type = RSBAC_RC_GENERAL_TYPE;
01031 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR
01032 | RSBAC_EXECUTE_REQUEST_VECTOR
01033 | RSBAC_SYSTEM_REQUEST_VECTOR)
01034 & RSBAC_FD_REQUEST_VECTOR;
01035 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
01036 type = RSBAC_RC_SYS_TYPE;
01037 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
01038 }
01039 if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL))
01040 {
01041 type = RSBAC_RC_GENERAL_TYPE;
01042 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR;
01043 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
01044 type = RSBAC_RC_SYS_TYPE;
01045 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR;
01046 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
01047 }
01048 if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL))
01049 {
01050 type = RSBAC_RC_GENERAL_TYPE;
01051 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
01052 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
01053 type = RSBAC_RC_SYS_TYPE;
01054 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
01055 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
01056 }
01057 if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL))
01058 {
01059 type = RSBAC_RC_GENERAL_TYPE;
01060 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01061 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01062 type = RSBAC_RC_SYS_TYPE;
01063 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01064 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01065 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
01066 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01067 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01068 }
01069 if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL))
01070 {
01071 type = RSBAC_RC_GENERAL_TYPE;
01072 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR;
01073 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
01074 type = RSBAC_RC_SYS_TYPE;
01075 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR;
01076 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
01077 }
01078 if(!rsbac_list_lol_add(role_tcgr_handle, &role, NULL))
01079 {
01080 type = RSBAC_RC_GENERAL_TYPE;
01081 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
01082 rsbac_list_lol_subadd(role_tcgr_handle, &role, &type, &rights);
01083 }
01084 if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL))
01085 {
01086 type = RSBAC_RC_GENERAL_TYPE;
01087 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETDEV_REQUEST_VECTOR;
01088 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
01089 }
01090 if(!rsbac_list_lol_add(role_tcnt_handle, &role, NULL))
01091 {
01092 type = RSBAC_RC_GENERAL_TYPE;
01093 rights = (RSBAC_READ_REQUEST_VECTOR) & RSBAC_NETTEMP_REQUEST_VECTOR;
01094 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights);
01095 }
01096 if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL))
01097 {
01098 type = RSBAC_RC_GENERAL_TYPE;
01099 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETOBJ_REQUEST_VECTOR;
01100 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights);
01101 }
01102 if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL))
01103 {
01104 rights = RSBAC_SCD_REQUEST_VECTOR
01105 & (RSBAC_SYSTEM_REQUEST_VECTOR | RSBAC_READ_WRITE_REQUEST_VECTOR );
01106 for(type = ST_time_strucs; type <= ST_rsbac; type++)
01107 {
01108 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01109 }
01110 for(type = ST_network; type < ST_none; type++)
01111 {
01112 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01113 }
01114 type = ST_other;
01115 rights = RSBAC_RC_RIGHTS_VECTOR(R_ADD_TO_KERNEL)
01116 | RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC)
01117 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA)
01118 | RSBAC_RC_RIGHTS_VECTOR(R_MOUNT)
01119 | RSBAC_RC_RIGHTS_VECTOR(R_REMOVE_FROM_KERNEL)
01120 | RSBAC_RC_RIGHTS_VECTOR(R_UMOUNT)
01121 | RSBAC_RC_RIGHTS_VECTOR(R_SHUTDOWN);
01122 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01123 }
01124 }
01125 role = RSBAC_RC_AUDITOR_ROLE;
01126 if(!rsbac_list_add(role_handle, &role, &au_entry))
01127 {
01128 if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL))
01129 {
01130 type = RSBAC_RC_GENERAL_TYPE;
01131 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_EXECUTE_REQUEST_VECTOR)
01132 & RSBAC_FD_REQUEST_VECTOR;
01133 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
01134 }
01135 if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL))
01136 {
01137 type = RSBAC_RC_GENERAL_TYPE;
01138 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_DEV_REQUEST_VECTOR;
01139 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
01140 }
01141 if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL))
01142 {
01143 type = RSBAC_RC_GENERAL_TYPE;
01144 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
01145 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
01146 }
01147 if(!rsbac_list_lol_add(role_tcgr_handle, &role, NULL))
01148 {
01149 type = RSBAC_RC_GENERAL_TYPE;
01150 rights = RSBAC_REQUEST_VECTOR(R_SEARCH) | RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA);
01151 rsbac_list_lol_subadd(role_tcgr_handle, &role, &type, &rights);
01152 }
01153 if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL))
01154 {
01155 type = RSBAC_RC_GENERAL_TYPE;
01156 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_PROCESS_REQUEST_VECTOR;
01157 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01158 }
01159 if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL))
01160 {
01161 type = RSBAC_RC_GENERAL_TYPE;
01162 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_IPC_REQUEST_VECTOR;
01163 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
01164 }
01165 if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL))
01166 {
01167 type = RSBAC_RC_GENERAL_TYPE;
01168 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETDEV_REQUEST_VECTOR;
01169 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
01170 }
01171 if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL))
01172 {
01173 type = RSBAC_RC_GENERAL_TYPE;
01174 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETOBJ_REQUEST_VECTOR;
01175 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights);
01176 }
01177 if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL))
01178 {
01179 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
01180 type = ST_ioports;
01181 rights = RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA);
01182 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01183 #endif
01184 type = ST_rlimit;
01185 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
01186 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA);
01187 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01188 type = ST_rsbaclog;
01189 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA)
01190 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA);
01191 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01192 type = ST_other;
01193 rights = RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC);
01194 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01195 type = ST_network;
01196 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA);
01197 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01198 }
01199 }
01200 role = RSBAC_RC_BOOT_ROLE;
01201 if(!rsbac_list_add(role_handle, &role, &bo_entry))
01202 {
01203 if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL))
01204 {
01205 type = RSBAC_RC_GENERAL_TYPE;
01206 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR
01207 | RSBAC_EXECUTE_REQUEST_VECTOR
01208 | RSBAC_SYSTEM_REQUEST_VECTOR)
01209 & RSBAC_FD_REQUEST_VECTOR;
01210 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
01211 type = RSBAC_RC_SYS_TYPE;
01212 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights);
01213 }
01214 if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL))
01215 {
01216 type = RSBAC_RC_GENERAL_TYPE;
01217 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR;
01218 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
01219 type = RSBAC_RC_SYS_TYPE;
01220 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR;
01221 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights);
01222 }
01223 if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL))
01224 {
01225 type = RSBAC_RC_GENERAL_TYPE;
01226 rights = (RSBAC_READ_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_USER_REQUEST_VECTOR;
01227 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
01228 type = RSBAC_RC_SYS_TYPE;
01229 rights = (RSBAC_READ_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_USER_REQUEST_VECTOR;
01230 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights);
01231 }
01232 if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL))
01233 {
01234 type = RSBAC_RC_GENERAL_TYPE;
01235 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01236 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01237 type = RSBAC_RC_SYS_TYPE;
01238 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01239 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01240 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
01241 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR;
01242 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights);
01243 }
01244 if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL))
01245 {
01246 type = RSBAC_RC_GENERAL_TYPE;
01247 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR;
01248 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
01249 type = RSBAC_RC_SYS_TYPE;
01250 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR;
01251 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights);
01252 }
01253 if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL))
01254 {
01255 type = RSBAC_RC_GENERAL_TYPE;
01256 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETDEV_REQUEST_VECTOR;
01257 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights);
01258 }
01259 if(!rsbac_list_lol_add(role_tcnt_handle, &role, NULL))
01260 {
01261 type = RSBAC_RC_GENERAL_TYPE;
01262 rights = (RSBAC_READ_REQUEST_VECTOR) & RSBAC_NETTEMP_REQUEST_VECTOR;
01263 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights);
01264 }
01265 if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL))
01266 {
01267 type = RSBAC_RC_GENERAL_TYPE;
01268 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETOBJ_REQUEST_VECTOR;
01269 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights);
01270 }
01271 if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL))
01272 {
01273 rights = RSBAC_SCD_REQUEST_VECTOR
01274 & (RSBAC_SYSTEM_REQUEST_VECTOR | RSBAC_READ_WRITE_REQUEST_VECTOR );
01275 for(type = ST_time_strucs; type <= ST_rsbac; type++)
01276 {
01277 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01278 }
01279 for(type = ST_network; type < ST_none; type++)
01280 {
01281 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01282 }
01283 type = ST_other;
01284 rights = RSBAC_RC_RIGHTS_VECTOR(R_ADD_TO_KERNEL)
01285 | RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC)
01286 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA)
01287 | RSBAC_RC_RIGHTS_VECTOR(R_MOUNT)
01288 | RSBAC_RC_RIGHTS_VECTOR(R_REMOVE_FROM_KERNEL)
01289 | RSBAC_RC_RIGHTS_VECTOR(R_UMOUNT)
01290 | RSBAC_RC_RIGHTS_VECTOR(R_SHUTDOWN);
01291 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights);
01292 }
01293 }
01294 }
01295
01296 list_info.version = RSBAC_RC_TYPE_FD_LIST_VERSION;
01297 list_info.key = RSBAC_RC_LIST_KEY;
01298 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01299 list_info.data_size = sizeof(struct rsbac_rc_type_fd_entry_t);
01300 list_info.max_age = 0;
01301 err = rsbac_list_register(RSBAC_LIST_VERSION,
01302 &type_fd_handle,
01303 &list_info,
01304 #if defined(CONFIG_RSBAC_RC_BACKUP)
01305 RSBAC_LIST_BACKUP |
01306 #endif
01307 RSBAC_LIST_PERSIST,
01308 rsbac_list_compare_u32,
01309 NULL,
01310 NULL,
01311 RSBAC_RC_TYPE_FD_FILENAME,
01312 RSBAC_AUTO_DEV);
01313 if(err)
01314 {
01315 registration_error(err, "type FD");
01316 }
01317 if(!rsbac_no_defaults && !rsbac_list_count(type_fd_handle))
01318 {
01319 rsbac_rc_type_id_t type;
01320 struct rsbac_rc_type_fd_entry_t entry;
01321
01322 type = RSBAC_RC_GENERAL_TYPE;
01323 strcpy(entry.name, "General FD");
01324 entry.need_secdel = 0;
01325 rsbac_list_add(type_fd_handle, &type, &entry);
01326 type = RSBAC_RC_SEC_TYPE;
01327 strcpy(entry.name, "Security FD");
01328 entry.need_secdel = 0;
01329 rsbac_list_add(type_fd_handle, &type, &entry);
01330 type = RSBAC_RC_SYS_TYPE;
01331 strcpy(entry.name, "System FD");
01332 entry.need_secdel = 0;
01333 rsbac_list_add(type_fd_handle, &type, &entry);
01334 }
01335 list_info.version = RSBAC_RC_TYPE_DEV_LIST_VERSION;
01336 list_info.key = RSBAC_RC_LIST_KEY;
01337 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01338 list_info.data_size = RSBAC_RC_NAME_LEN;
01339 list_info.max_age = 0;
01340 err = rsbac_list_register(RSBAC_LIST_VERSION,
01341 &type_dev_handle,
01342 &list_info,
01343 #if defined(CONFIG_RSBAC_RC_BACKUP)
01344 RSBAC_LIST_BACKUP |
01345 #endif
01346 RSBAC_LIST_PERSIST,
01347 rsbac_list_compare_u32,
01348 NULL,
01349 NULL,
01350 RSBAC_RC_TYPE_DEV_FILENAME,
01351 RSBAC_AUTO_DEV);
01352 if(err)
01353 {
01354 registration_error(err, "type DEV");
01355 }
01356 if(!rsbac_no_defaults && !rsbac_list_count(type_dev_handle))
01357 {
01358 rsbac_rc_type_id_t type;
01359 char name[RSBAC_RC_NAME_LEN];
01360
01361 type = RSBAC_RC_GENERAL_TYPE;
01362 strcpy(name, "General Device");
01363 rsbac_list_add(type_dev_handle, &type, name);
01364 type = RSBAC_RC_SEC_TYPE;
01365 strcpy(name, "Security Device");
01366 rsbac_list_add(type_dev_handle, &type, name);
01367 type = RSBAC_RC_SYS_TYPE;
01368 strcpy(name, "System Device");
01369 rsbac_list_add(type_dev_handle, &type, &name);
01370 }
01371 list_info.version = RSBAC_RC_TYPE_IPC_LIST_VERSION;
01372 list_info.key = RSBAC_RC_LIST_KEY;
01373 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01374 list_info.data_size = RSBAC_RC_NAME_LEN;
01375 list_info.max_age = 0;
01376 err = rsbac_list_register(RSBAC_LIST_VERSION,
01377 &type_ipc_handle,
01378 &list_info,
01379 #if defined(CONFIG_RSBAC_RC_BACKUP)
01380 RSBAC_LIST_BACKUP |
01381 #endif
01382 RSBAC_LIST_PERSIST,
01383 rsbac_list_compare_u32,
01384 NULL,
01385 NULL,
01386 RSBAC_RC_TYPE_IPC_FILENAME,
01387 RSBAC_AUTO_DEV);
01388 if(err)
01389 {
01390 registration_error(err, "type IPC");
01391 }
01392 if(!rsbac_no_defaults && !rsbac_list_count(type_ipc_handle))
01393 {
01394 rsbac_rc_type_id_t type;
01395 char name[RSBAC_RC_NAME_LEN];
01396
01397 type = RSBAC_RC_GENERAL_TYPE;
01398 strcpy(name, "General IPC");
01399 rsbac_list_add(type_ipc_handle, &type, name);
01400 type = RSBAC_RC_SEC_TYPE;
01401 strcpy(name, "Security IPC");
01402 rsbac_list_add(type_ipc_handle, &type, name);
01403 type = RSBAC_RC_SYS_TYPE;
01404 strcpy(name, "System IPC");
01405 rsbac_list_add(type_ipc_handle, &type, &name);
01406 }
01407 list_info.version = RSBAC_RC_TYPE_USER_LIST_VERSION;
01408 list_info.key = RSBAC_RC_LIST_KEY;
01409 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01410 list_info.data_size = RSBAC_RC_NAME_LEN;
01411 list_info.max_age = 0;
01412 err = rsbac_list_register(RSBAC_LIST_VERSION,
01413 &type_user_handle,
01414 &list_info,
01415 #if defined(CONFIG_RSBAC_RC_BACKUP)
01416 RSBAC_LIST_BACKUP |
01417 #endif
01418 RSBAC_LIST_PERSIST,
01419 rsbac_list_compare_u32,
01420 NULL,
01421 NULL,
01422 RSBAC_RC_TYPE_USER_FILENAME,
01423 RSBAC_AUTO_DEV);
01424 if(err)
01425 {
01426 registration_error(err, "type USER");
01427 }
01428 if(!rsbac_no_defaults && !rsbac_list_count(type_user_handle))
01429 {
01430 rsbac_rc_type_id_t type;
01431 char name[RSBAC_RC_NAME_LEN];
01432
01433 type = RSBAC_RC_GENERAL_TYPE;
01434 strcpy(name, "General User");
01435 rsbac_list_add(type_user_handle, &type, name);
01436 type = RSBAC_RC_SEC_TYPE;
01437 strcpy(name, "Security User");
01438 rsbac_list_add(type_user_handle, &type, name);
01439 type = RSBAC_RC_SYS_TYPE;
01440 strcpy(name, "System User");
01441 rsbac_list_add(type_user_handle, &type, &name);
01442 }
01443 list_info.version = RSBAC_RC_TYPE_PROCESS_LIST_VERSION;
01444 list_info.key = RSBAC_RC_LIST_KEY;
01445 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01446 list_info.data_size = RSBAC_RC_NAME_LEN;
01447 list_info.max_age = 0;
01448 err = rsbac_list_register(RSBAC_LIST_VERSION,
01449 &type_process_handle,
01450 &list_info,
01451 #if defined(CONFIG_RSBAC_RC_BACKUP)
01452 RSBAC_LIST_BACKUP |
01453 #endif
01454 RSBAC_LIST_PERSIST,
01455 rsbac_list_compare_u32,
01456 NULL,
01457 NULL,
01458 RSBAC_RC_TYPE_PROCESS_FILENAME,
01459 RSBAC_AUTO_DEV);
01460 if(err)
01461 {
01462 registration_error(err, "type PROCESS");
01463 }
01464 if(!rsbac_no_defaults && !rsbac_list_count(type_process_handle))
01465 {
01466 rsbac_rc_type_id_t type;
01467 char name[RSBAC_RC_NAME_LEN];
01468
01469 type = RSBAC_RC_GENERAL_TYPE;
01470 strcpy(name, "General Process");
01471 rsbac_list_add(type_process_handle, &type, name);
01472 type = RSBAC_RC_SEC_TYPE;
01473 strcpy(name, "Security Proc");
01474 rsbac_list_add(type_process_handle, &type, name);
01475 type = RSBAC_RC_SYS_TYPE;
01476 strcpy(name, "System Process");
01477 rsbac_list_add(type_process_handle, &type, &name);
01478 }
01479 if(!rsbac_no_defaults)
01480 {
01481 rsbac_rc_type_id_t type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
01482
01483 if(!rsbac_list_exist(type_process_handle, &type))
01484 {
01485 char name[RSBAC_RC_NAME_LEN];
01486 rsbac_rc_role_id_t * role_array;
01487 u_long count;
01488 rsbac_rc_rights_vector_t rights;
01489
01490 strcpy(name, "Kernel Process");
01491 rsbac_list_add(type_process_handle, &type, &name);
01492
01493
01494 rights = RSBAC_READ_WRITE_REQUEST_VECTOR
01495 & RSBAC_PROCESS_REQUEST_VECTOR;
01496
01497 count = rsbac_list_lol_get_all_desc(role_tcpr_handle, (void **) &role_array);
01498 if(count > 0)
01499 {
01500 u_int i;
01501
01502 for(i=0; i < count; i++)
01503 {
01504 if(!rsbac_list_lol_subexist(role_tcpr_handle, &role_array[i], &type))
01505 rsbac_list_lol_subadd(role_tcpr_handle, &role_array[i], &type, &rights);
01506 }
01507 rsbac_vfree(role_array);
01508 }
01509 }
01510 }
01511 list_info.version = RSBAC_RC_TYPE_GROUP_LIST_VERSION;
01512 list_info.key = RSBAC_RC_LIST_KEY;
01513 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01514 list_info.data_size = RSBAC_RC_NAME_LEN;
01515 list_info.max_age = 0;
01516 err = rsbac_list_register(RSBAC_LIST_VERSION,
01517 &type_group_handle,
01518 &list_info,
01519 #if defined(CONFIG_RSBAC_RC_BACKUP)
01520 RSBAC_LIST_BACKUP |
01521 #endif
01522 RSBAC_LIST_PERSIST,
01523 rsbac_list_compare_u32,
01524 NULL,
01525 NULL,
01526 RSBAC_RC_TYPE_GROUP_FILENAME,
01527 RSBAC_AUTO_DEV);
01528 if(err)
01529 {
01530 registration_error(err, "type GROUP");
01531 }
01532 if(!rsbac_no_defaults && !rsbac_list_count(type_group_handle))
01533 {
01534 rsbac_rc_type_id_t type;
01535 char name[RSBAC_RC_NAME_LEN];
01536
01537 type = RSBAC_RC_GENERAL_TYPE;
01538 strcpy(name, "General Group");
01539 rsbac_list_add(type_group_handle, &type, name);
01540 }
01541 list_info.version = RSBAC_RC_TYPE_NETDEV_LIST_VERSION;
01542 list_info.key = RSBAC_RC_LIST_KEY;
01543 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01544 list_info.data_size = RSBAC_RC_NAME_LEN;
01545 list_info.max_age = 0;
01546 err = rsbac_list_register(RSBAC_LIST_VERSION,
01547 &type_netdev_handle,
01548 &list_info,
01549 #if defined(CONFIG_RSBAC_RC_BACKUP)
01550 RSBAC_LIST_BACKUP |
01551 #endif
01552 RSBAC_LIST_PERSIST,
01553 rsbac_list_compare_u32,
01554 NULL,
01555 NULL,
01556 RSBAC_RC_TYPE_NETDEV_FILENAME,
01557 RSBAC_AUTO_DEV);
01558 if(err)
01559 {
01560 registration_error(err, "type NETDEV");
01561 }
01562 if(!rsbac_no_defaults && !rsbac_list_count(type_netdev_handle))
01563 {
01564 rsbac_rc_type_id_t type;
01565 char name[RSBAC_RC_NAME_LEN];
01566
01567 type = RSBAC_RC_GENERAL_TYPE;
01568 strcpy(name, "General NETDEV");
01569 rsbac_list_add(type_netdev_handle, &type, name);
01570 type = RSBAC_RC_SEC_TYPE;
01571 strcpy(name, "Security NETDEV");
01572 rsbac_list_add(type_netdev_handle, &type, name);
01573 type = RSBAC_RC_SYS_TYPE;
01574 strcpy(name, "System NETDEV");
01575 rsbac_list_add(type_netdev_handle, &type, &name);
01576 }
01577 list_info.version = RSBAC_RC_TYPE_NETTEMP_LIST_VERSION;
01578 list_info.key = RSBAC_RC_LIST_KEY;
01579 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01580 list_info.data_size = RSBAC_RC_NAME_LEN;
01581 list_info.max_age = 0;
01582 err = rsbac_list_register(RSBAC_LIST_VERSION,
01583 &type_nettemp_handle,
01584 &list_info,
01585 #if defined(CONFIG_RSBAC_RC_BACKUP)
01586 RSBAC_LIST_BACKUP |
01587 #endif
01588 RSBAC_LIST_PERSIST,
01589 rsbac_list_compare_u32,
01590 NULL,
01591 NULL,
01592 RSBAC_RC_TYPE_NETTEMP_FILENAME,
01593 RSBAC_AUTO_DEV);
01594 if(err)
01595 {
01596 registration_error(err, "type NETTEMP");
01597 }
01598 if(!rsbac_no_defaults && !rsbac_list_count(type_nettemp_handle))
01599 {
01600 rsbac_rc_type_id_t type;
01601 char name[RSBAC_RC_NAME_LEN];
01602
01603 type = RSBAC_RC_GENERAL_TYPE;
01604 strcpy(name, "General NETTEMP");
01605 rsbac_list_add(type_nettemp_handle, &type, name);
01606 type = RSBAC_RC_SEC_TYPE;
01607 strcpy(name, "Securit NETTEMP");
01608 rsbac_list_add(type_nettemp_handle, &type, name);
01609 type = RSBAC_RC_SYS_TYPE;
01610 strcpy(name, "System NETTEMP");
01611 rsbac_list_add(type_nettemp_handle, &type, &name);
01612 }
01613 list_info.version = RSBAC_RC_TYPE_NETOBJ_LIST_VERSION;
01614 list_info.key = RSBAC_RC_LIST_KEY;
01615 list_info.desc_size = sizeof(rsbac_rc_type_id_t);
01616 list_info.data_size = RSBAC_RC_NAME_LEN;
01617 list_info.max_age = 0;
01618 err = rsbac_list_register(RSBAC_LIST_VERSION,
01619 &type_netobj_handle,
01620 &list_info,
01621 #if defined(CONFIG_RSBAC_RC_BACKUP)
01622 RSBAC_LIST_BACKUP |
01623 #endif
01624 RSBAC_LIST_PERSIST,
01625 rsbac_list_compare_u32,
01626 NULL,
01627 NULL,
01628 RSBAC_RC_TYPE_NETOBJ_FILENAME,
01629 RSBAC_AUTO_DEV);
01630 if(err)
01631 {
01632 registration_error(err, "type NETOBJ");
01633 }
01634 if(!rsbac_no_defaults && !rsbac_list_count(type_netobj_handle))
01635 {
01636 rsbac_rc_type_id_t type;
01637 char name[RSBAC_RC_NAME_LEN];
01638
01639 type = RSBAC_RC_GENERAL_TYPE;
01640 strcpy(name, "General NETOBJ");
01641 rsbac_list_add(type_netobj_handle, &type, name);
01642 type = RSBAC_RC_SEC_TYPE;
01643 strcpy(name, "Security NETOBJ");
01644 rsbac_list_add(type_netobj_handle, &type, name);
01645 type = RSBAC_RC_SYS_TYPE;
01646 strcpy(name, "System NETOBJ");
01647 rsbac_list_add(type_netobj_handle, &type, &name);
01648 }
01649
01650 #ifdef CONFIG_RSBAC_DEBUG
01651 if(rsbac_debug_stack)
01652 {
01653 unsigned long * n = (unsigned long *) (current+1);
01654
01655 while (!*n)
01656 n++;
01657 rsbac_printk(KERN_DEBUG "rsbac_init_rc: free stack before adding proc entry: %lu\n",
01658 (unsigned long) n - (unsigned long)(current+1));
01659 }
01660 #endif
01661 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
01662 tmp_entry_p = create_proc_entry("stats_rc",
01663 S_IFREG | S_IRUGO,
01664 proc_rsbac_root_p);
01665 if(tmp_entry_p)
01666 {
01667 tmp_entry_p->get_info = stats_rc_proc_info;
01668 }
01669
01670 #endif
01671
01672 #ifdef CONFIG_RSBAC_DEBUG
01673 if(rsbac_debug_stack)
01674 {
01675 unsigned long * n = (unsigned long *) (current+1);
01676
01677 while (!*n)
01678 n++;
01679 rsbac_printk(KERN_DEBUG "rsbac_init_rc: final free stack: %lu\n",
01680 (unsigned long) n - (unsigned long)(current+1));
01681 }
01682 if (rsbac_debug_ds_rc)
01683 {
01684 rsbac_printk(KERN_DEBUG "rsbac_init_rc(): Ready.\n");
01685 }
01686 #endif
01687 return(err);
01688 };
01689
01690
01691
01692
01693 int rsbac_stats_rc(void)
01694 {
01695 if (!rsbac_is_initialized())
01696 {
01697 rsbac_printk(KERN_WARNING "rsbac_stats_rc(): RSBAC not initialized\n");
01698 return(-RSBAC_ENOTINITIALIZED);
01699 }
01700
01701 rsbac_printk(KERN_INFO "Role entry size is %u, %lu entries used\n",
01702 sizeof(struct rsbac_rc_role_entry_t),
01703 rsbac_list_count(role_handle));
01704
01705 rsbac_printk(KERN_INFO "Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, group: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
01706 rsbac_list_count(type_fd_handle),
01707 rsbac_list_count(type_dev_handle),
01708 rsbac_list_count(type_ipc_handle),
01709 rsbac_list_count(type_user_handle),
01710 rsbac_list_count(type_process_handle),
01711 rsbac_list_count(type_group_handle),
01712 rsbac_list_count(type_netdev_handle),
01713 rsbac_list_count(type_nettemp_handle),
01714 rsbac_list_count(type_netobj_handle));
01715 return(0);
01716 };
01717
01718
01719
01720
01721
01722
01723 #ifdef CONFIG_RSBAC_INIT_DELAY
01724 int rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p)
01725 #else
01726 int __init rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p)
01727 #endif
01728 {
01729
01730 if(rsbac_list_get_desc(role_handle,
01731 role_p,
01732 role_p,
01733 rsbac_rc_role_compare_data)
01734 )
01735 {
01736 return -RSBAC_ENOTFOUND;
01737 }
01738 return 0;
01739 }
01740
01741
01742 rsbac_boolean_t rsbac_rc_role_exists(
01743 rsbac_list_ta_number_t ta_number,
01744 rsbac_rc_role_id_t role)
01745 {
01746 return rsbac_ta_list_exist(ta_number, role_handle, &role);
01747 }
01748
01749 rsbac_boolean_t rsbac_rc_type_exists(
01750 rsbac_list_ta_number_t ta_number,
01751 enum rsbac_target_t target,
01752 rsbac_rc_type_id_t type)
01753 {
01754 switch(target)
01755 {
01756 case T_FILE:
01757 case T_DIR:
01758 case T_FIFO:
01759 case T_SYMLINK:
01760 case T_FD:
01761 return rsbac_ta_list_exist(ta_number, type_fd_handle, &type);
01762 case T_DEV:
01763 return rsbac_ta_list_exist(ta_number, type_dev_handle, &type);
01764 case T_IPC:
01765 return rsbac_ta_list_exist(ta_number, type_ipc_handle, &type);
01766 case T_USER:
01767 return rsbac_ta_list_exist(ta_number, type_user_handle, &type);
01768 case T_PROCESS:
01769 return rsbac_ta_list_exist(ta_number, type_process_handle, &type);
01770 case T_NETDEV:
01771 return rsbac_ta_list_exist(ta_number, type_netdev_handle, &type);
01772 case T_NETTEMP:
01773 return rsbac_ta_list_exist(ta_number, type_nettemp_handle, &type);
01774 case T_NETOBJ:
01775 return rsbac_ta_list_exist(ta_number, type_netobj_handle, &type);
01776 case T_SCD:
01777 if(type < ST_none)
01778 return TRUE;
01779 else
01780 return FALSE;
01781 default:
01782 return FALSE;
01783 }
01784 }
01785
01786
01787
01788 int rsbac_rc_copy_role(
01789 rsbac_list_ta_number_t ta_number,
01790 rsbac_rc_role_id_t from_role,
01791 rsbac_rc_role_id_t to_role)
01792 {
01793 struct rsbac_rc_role_entry_t entry;
01794 rsbac_rc_role_id_t * role_array;
01795 char * item_array;
01796 long count;
01797 u_long i;
01798 int err;
01799
01800 if (!rsbac_is_initialized())
01801 {
01802 rsbac_printk(KERN_WARNING "rsbac_rc_copy_role(): RSBAC not initialized\n");
01803 return(-RSBAC_ENOTINITIALIZED);
01804 }
01805 if( (from_role > RC_role_max_value)
01806 || (to_role > RC_role_max_value)
01807 || (to_role == from_role)
01808 )
01809 return(-RSBAC_EINVALIDTARGET);
01810
01811
01812 err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &from_role, &entry);
01813 if(err)
01814 return err;
01815 err = rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &to_role, &entry);
01816 if(err)
01817 return err;
01818
01819 rsbac_ta_list_lol_remove(ta_number, role_rc_handle, &to_role);
01820 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, role_rc_handle,
01821 &from_role, (void **) &role_array, NULL);
01822 if(count > 0)
01823 {
01824 for(i=0; i<count ; i++)
01825 rsbac_ta_list_lol_subadd_ttl(ta_number, role_rc_handle, 0, &to_role, &role_array[i], 0);
01826 rsbac_vfree(role_array);
01827 }
01828 rsbac_ta_list_lol_remove(ta_number, role_adr_handle, &to_role);
01829 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, role_adr_handle, &from_role, (void **) &role_array, NULL);
01830 if(count > 0)
01831 {
01832 for(i=0; i<count ; i++)
01833 rsbac_ta_list_lol_subadd_ttl(ta_number, role_adr_handle, 0, &to_role, &role_array[i], 0);
01834 rsbac_vfree(role_array);
01835 }
01836 rsbac_ta_list_lol_remove(ta_number, role_asr_handle, &to_role);
01837 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, role_asr_handle, &from_role, (void **) &role_array, NULL);
01838 if(count > 0)
01839 {
01840 for(i=0; i<count ; i++)
01841 rsbac_ta_list_lol_subadd_ttl(ta_number, role_asr_handle, 0, &to_role, &role_array[i], 0);
01842 rsbac_vfree(role_array);
01843 }
01844 rsbac_ta_list_lol_remove(ta_number, role_dfdc_handle, &to_role);
01845 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_dfdc_handle, &from_role, (void **) &item_array, NULL);
01846 if(count > 0)
01847 {
01848 char * tmp = item_array;
01849 int size = rsbac_list_lol_get_subitem_size(role_dfdc_handle);
01850
01851 for(i=0; i<count ; i++)
01852 {
01853 rsbac_ta_list_lol_subadd_ttl(ta_number, role_dfdc_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01854 tmp += size;
01855 }
01856 rsbac_vfree(item_array);
01857 }
01858 rsbac_ta_list_lol_remove(ta_number, role_tcfd_handle, &to_role);
01859 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcfd_handle, &from_role, (void **) &item_array, NULL);
01860 if(count > 0)
01861 {
01862 char * tmp = item_array;
01863 int size = rsbac_list_lol_get_subitem_size(role_tcfd_handle);
01864
01865 for(i=0; i<count ; i++)
01866 {
01867 rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcfd_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01868 tmp += size;
01869 }
01870 rsbac_vfree(item_array);
01871 }
01872 rsbac_ta_list_lol_remove(ta_number, role_tcdv_handle, &to_role);
01873 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcdv_handle, &from_role, (void **) &item_array, NULL);
01874 if(count > 0)
01875 {
01876 char * tmp = item_array;
01877 int size = rsbac_list_lol_get_subitem_size(role_tcdv_handle);
01878
01879 for(i=0; i<count ; i++)
01880 {
01881 rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcdv_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01882 tmp += size;
01883 }
01884 rsbac_vfree(item_array);
01885 }
01886 rsbac_ta_list_lol_remove(ta_number, role_tcus_handle, &to_role);
01887 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcus_handle, &from_role, (void **) &item_array, NULL);
01888 if(count > 0)
01889 {
01890 char * tmp = item_array;
01891 int size = rsbac_list_lol_get_subitem_size(role_tcus_handle);
01892
01893 for(i=0; i<count ; i++)
01894 {
01895 rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcus_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01896 tmp += size;
01897 }
01898 rsbac_vfree(item_array);
01899 }
01900 rsbac_ta_list_lol_remove(ta_number,role_tcpr_handle, &to_role);
01901 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcpr_handle, &from_role, (void **) &item_array, NULL);
01902 if(count > 0)
01903 {
01904 char * tmp = item_array;
01905 int size = rsbac_list_lol_get_subitem_size(role_tcpr_handle);
01906
01907 for(i=0; i<count ; i++)
01908 {
01909 rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcpr_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01910 tmp += size;
01911 }
01912 rsbac_vfree(item_array);
01913 }
01914 rsbac_ta_list_lol_remove(ta_number, role_tcip_handle, &to_role);
01915 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcip_handle, &from_role, (void **) &item_array, NULL);
01916 if(count > 0)
01917 {
01918 char * tmp = item_array;
01919 int size = rsbac_list_lol_get_subitem_size(role_tcip_handle);
01920
01921 for(i=0; i<count ; i++)
01922 {
01923 rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcip_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01924 tmp += size;
01925 }
01926 rsbac_vfree(item_array);
01927 }
01928 rsbac_ta_list_lol_remove(ta_number, role_tcsc_handle, &to_role);
01929 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcsc_handle, &from_role, (void **) &item_array, NULL);
01930 if(count > 0)
01931 {
01932 char * tmp = item_array;
01933 int size = rsbac_list_lol_get_subitem_size(role_tcsc_handle);
01934
01935 for(i=0; i<count ; i++)
01936 {
01937 rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcsc_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01938 tmp += size;
01939 }
01940 rsbac_vfree(item_array);
01941 }
01942 rsbac_ta_list_lol_remove(ta_number, role_tcgr_handle, &to_role);
01943 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcgr_handle, &from_role, (void **) &item_array, NULL);
01944 if(count > 0)
01945 {
01946 char * tmp = item_array;
01947 int size = rsbac_list_lol_get_subitem_size(role_tcgr_handle);
01948
01949 for(i=0; i<count ; i++)
01950 {
01951 rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcgr_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01952 tmp += size;
01953 }
01954 rsbac_vfree(item_array);
01955 }
01956 rsbac_ta_list_lol_remove(ta_number, role_tcnd_handle, &to_role);
01957 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcnd_handle, &from_role, (void **) &item_array, NULL);
01958 if(count > 0)
01959 {
01960 char * tmp = item_array;
01961 int size = rsbac_list_lol_get_subitem_size(role_tcnd_handle);
01962
01963 for(i=0; i<count ; i++)
01964 {
01965 rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcnd_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01966 tmp += size;
01967 }
01968 rsbac_vfree(item_array);
01969 }
01970 rsbac_ta_list_lol_remove(ta_number, role_tcnt_handle, &to_role);
01971 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcnt_handle, &from_role, (void **) &item_array, NULL);
01972 if(count > 0)
01973 {
01974 char * tmp = item_array;
01975 int size = rsbac_list_lol_get_subitem_size(role_tcnt_handle);
01976
01977 for(i=0; i<count ; i++)
01978 {
01979 rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcnt_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01980 tmp += size;
01981 }
01982 rsbac_vfree(item_array);
01983 }
01984 rsbac_ta_list_lol_remove(ta_number, role_tcno_handle, &to_role);
01985 count = rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, role_tcno_handle, &from_role, (void **) &item_array, NULL);
01986 if(count > 0)
01987 {
01988 char * tmp = item_array;
01989 int size = rsbac_list_lol_get_subitem_size(role_tcno_handle);
01990
01991 for(i=0; i<count ; i++)
01992 {
01993 rsbac_ta_list_lol_subadd_ttl(ta_number, role_tcno_handle, 0, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t));
01994 tmp += size;
01995 }
01996 rsbac_vfree(item_array);
01997 }
01998 return(0);
01999 }
02000
02001 int rsbac_rc_copy_type(
02002 rsbac_list_ta_number_t ta_number,
02003 enum rsbac_rc_target_t target,
02004 rsbac_rc_type_id_t from_type,
02005 rsbac_rc_type_id_t to_type)
02006 {
02007 rsbac_rc_role_id_t * role_array;
02008 rsbac_list_handle_t i_type_handle = NULL;
02009 rsbac_list_handle_t i_comp_handle = NULL;
02010 struct rsbac_rc_type_fd_entry_t type_fd_entry;
02011 char type_name[RSBAC_RC_NAME_LEN];
02012 long count;
02013 rsbac_time_t ttl;
02014 u_long i;
02015 int err;
02016
02017 if (!rsbac_is_initialized())
02018 {
02019 rsbac_printk(KERN_WARNING "rsbac_rc_copy_type(): RSBAC not initialized\n");
02020 return(-RSBAC_ENOTINITIALIZED);
02021 }
02022 if( (from_type > RC_type_max_value)
02023 || (to_type > RC_type_max_value)
02024 || (to_type == from_type)
02025 )
02026 return(-RSBAC_EINVALIDTARGET);
02027
02028 switch(target)
02029 {
02030 case T_FILE:
02031 case T_DIR:
02032 case T_FIFO:
02033 case T_SYMLINK:
02034 case T_FD:
02035 i_type_handle = type_fd_handle;
02036 i_comp_handle = role_tcfd_handle;
02037 break;
02038 case T_DEV:
02039 i_type_handle = type_dev_handle;
02040 i_comp_handle = role_tcdv_handle;
02041 break;
02042 case T_USER:
02043 i_type_handle = type_user_handle;
02044 i_comp_handle = role_tcus_handle;
02045 break;
02046 case T_PROCESS:
02047 i_type_handle = type_process_handle;
02048 i_comp_handle = role_tcpr_handle;
02049 break;
02050 case T_IPC:
02051 i_type_handle = type_ipc_handle;
02052 i_comp_handle = role_tcip_handle;
02053 break;
02054 case T_GROUP:
02055 i_type_handle = type_group_handle;
02056 i_comp_handle = role_tcgr_handle;
02057 break;
02058 case T_NETDEV:
02059 i_type_handle = type_netdev_handle;
02060 i_comp_handle = role_tcnd_handle;
02061 break;
02062 case T_NETTEMP:
02063 i_type_handle = type_nettemp_handle;
02064 i_comp_handle = role_tcnt_handle;
02065 break;
02066 case T_NETOBJ:
02067 i_type_handle = type_netobj_handle;
02068 i_comp_handle = role_tcno_handle;
02069 break;
02070
02071 default:
02072 return -RSBAC_EINVALIDTARGET;
02073 }
02074
02075
02076 if(i_type_handle == type_fd_handle)
02077 {
02078 err = rsbac_ta_list_get_data_ttl(ta_number, i_type_handle, &ttl, &from_type, &type_fd_entry);
02079 if(err)
02080 return err;
02081 err = rsbac_ta_list_add_ttl(ta_number, i_type_handle, ttl, &to_type, &type_fd_entry);
02082 if(err)
02083 return err;
02084 }
02085 else
02086 {
02087 err = rsbac_ta_list_get_data_ttl(ta_number, i_type_handle, NULL, &from_type, &type_name);
02088 if(err)
02089 return err;
02090 err = rsbac_ta_list_add_ttl(ta_number, i_type_handle, 0, &to_type, &type_name);
02091 if(err)
02092 return err;
02093 }
02094
02095 err = rsbac_ta_list_lol_subremove_from_all(ta_number, i_comp_handle, &to_type);
02096 if(err)
02097 return err;
02098
02099 count = rsbac_ta_list_get_all_desc(ta_number, role_handle,
02100 (void **) &role_array);
02101 if(count > 0)
02102 {
02103 rsbac_rc_rights_vector_t rights;
02104
02105 for(i=0; i<count ; i++)
02106 {
02107 err = rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02108 i_comp_handle,
02109 &ttl,
02110 &role_array[i],
02111 &from_type,
02112 &rights);
02113 if(!err)
02114 err = rsbac_ta_list_lol_subadd_ttl(ta_number,
02115 i_comp_handle,
02116 ttl,
02117 &role_array[i],
02118 &to_type,
02119 &rights);
02120 }
02121 rsbac_vfree(role_array);
02122 }
02123 return(0);
02124 }
02125
02126
02127
02128 int rsbac_rc_get_item(
02129 rsbac_list_ta_number_t ta_number,
02130 enum rsbac_rc_target_t target,
02131 union rsbac_rc_target_id_t tid,
02132 union rsbac_rc_target_id_t subtid,
02133 enum rsbac_rc_item_t item,
02134 union rsbac_rc_item_value_t * value_p,
02135 rsbac_time_t * ttl_p)
02136 {
02137 int err=0;
02138 struct rsbac_rc_role_entry_t role_entry;
02139 struct rsbac_rc_type_fd_entry_t type_fd_entry;
02140
02141 if (!rsbac_is_initialized())
02142 {
02143 rsbac_printk(KERN_WARNING "rsbac_rc_get_item(): RSBAC not initialized\n");
02144 return(-RSBAC_ENOTINITIALIZED);
02145 }
02146 if (in_interrupt())
02147 {
02148 rsbac_printk(KERN_WARNING "rsbac_rc_get_item(): called from interrupt!\n");
02149 }
02150 if(ttl_p)
02151 *ttl_p = 0;
02152 switch(target)
02153 {
02154 case RT_ROLE:
02155 if(tid.role > RC_role_max_value)
02156 return(-RSBAC_EINVALIDTARGET);
02157
02158
02159
02160
02161
02162
02163
02164
02165
02166 switch (item)
02167 {
02168 case RI_role_comp:
02169 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02170 role_rc_handle,
02171 ttl_p,
02172 &tid.role,
02173 &subtid.role,
02174 NULL))
02175 value_p->comp = TRUE;
02176 else
02177 value_p->comp = FALSE;
02178 return 0;
02179 case RI_admin_roles:
02180 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02181 role_adr_handle,
02182 ttl_p,
02183 &tid.role,
02184 &subtid.role,
02185 NULL))
02186 value_p->comp = TRUE;
02187 else
02188 value_p->comp = FALSE;
02189 return 0;
02190 case RI_assign_roles:
02191 if(!rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02192 role_asr_handle,
02193 ttl_p,
02194 &tid.role,
02195 &subtid.role,
02196 NULL))
02197 value_p->comp = TRUE;
02198 else
02199 value_p->comp = FALSE;
02200 return 0;
02201 case RI_type_comp_fd:
02202 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02203 role_tcfd_handle,
02204 ttl_p,
02205 &tid.role,
02206 &subtid.type,
02207 &value_p->rights))
02208 {
02209 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02210 if(ttl_p)
02211 *ttl_p = 0;
02212 }
02213 return 0;
02214 case RI_type_comp_dev:
02215 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02216 role_tcdv_handle,
02217 ttl_p,
02218 &tid.role,
02219 &subtid.type,
02220 &value_p->rights))
02221 {
02222 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02223 if(ttl_p)
02224 *ttl_p = 0;
02225 }
02226 return 0;
02227 case RI_type_comp_user:
02228 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02229 role_tcus_handle,
02230 ttl_p,
02231 &tid.role,
02232 &subtid.type,
02233 &value_p->rights))
02234 {
02235 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02236 if(ttl_p)
02237 *ttl_p = 0;
02238 }
02239 return 0;
02240 case RI_type_comp_process:
02241 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02242 role_tcpr_handle,
02243 ttl_p,
02244 &tid.role,
02245 &subtid.type,
02246 &value_p->rights))
02247 {
02248 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02249 if(ttl_p)
02250 *ttl_p = 0;
02251 }
02252 return 0;
02253 case RI_type_comp_ipc:
02254 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02255 role_tcip_handle,
02256 ttl_p,
02257 &tid.role,
02258 &subtid.type,
02259 &value_p->rights))
02260 {
02261 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02262 if(ttl_p)
02263 *ttl_p = 0;
02264 }
02265 return 0;
02266 case RI_type_comp_scd:
02267 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02268 role_tcsc_handle,
02269 ttl_p,
02270 &tid.role,
02271 &subtid.type,
02272 &value_p->rights))
02273 {
02274 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02275 if(ttl_p)
02276 *ttl_p = 0;
02277 }
02278 return 0;
02279 case RI_type_comp_group:
02280 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02281 role_tcgr_handle,
02282 ttl_p,
02283 &tid.role,
02284 &subtid.type,
02285 &value_p->rights))
02286 {
02287 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02288 if(ttl_p)
02289 *ttl_p = 0;
02290 }
02291 return 0;
02292 case RI_type_comp_netdev:
02293 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02294 role_tcnd_handle,
02295 ttl_p,
02296 &tid.role,
02297 &subtid.type,
02298 &value_p->rights))
02299 {
02300 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02301 if(ttl_p)
02302 *ttl_p = 0;
02303 }
02304 return 0;
02305 case RI_type_comp_nettemp:
02306 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02307 role_tcnt_handle,
02308 ttl_p,
02309 &tid.role,
02310 &subtid.type,
02311 &value_p->rights))
02312 {
02313 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02314 if(ttl_p)
02315 *ttl_p = 0;
02316 }
02317 return 0;
02318 case RI_type_comp_netobj:
02319 if(rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02320 role_tcno_handle,
02321 ttl_p,
02322 &tid.role,
02323 &subtid.type,
02324 &value_p->rights))
02325 {
02326 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
02327 if(ttl_p)
02328 *ttl_p = 0;
02329 }
02330 return 0;
02331 case RI_admin_type:
02332 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02333 value_p->admin_type = role_entry.admin_type;
02334 return err;
02335 case RI_name:
02336 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02337 {
02338 strncpy(value_p->name, role_entry.name, RSBAC_RC_NAME_LEN - 1);
02339 value_p->name[RSBAC_RC_NAME_LEN - 1] = (char) 0;
02340 }
02341 return err;
02342 case RI_def_fd_create_type:
02343 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02344 value_p->type_id = role_entry.def_fd_create_type;
02345 return err;
02346 case RI_def_fd_ind_create_type:
02347 return rsbac_ta_list_lol_get_subdata_ttl(ta_number,
02348 role_dfdc_handle,
02349 ttl_p,
02350 &tid.role,
02351 &subtid.type,
02352 &value_p->type_id);
02353 case RI_def_user_create_type:
02354 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02355 value_p->type_id = role_entry.def_user_create_type;
02356 return err;
02357 case RI_def_process_create_type:
02358 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02359 value_p->type_id = role_entry.def_process_create_type;
02360 return err;
02361 case RI_def_process_chown_type:
02362 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02363 value_p->type_id = role_entry.def_process_chown_type;
02364 return err;
02365 case RI_def_process_execute_type:
02366 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02367 value_p->type_id = role_entry.def_process_execute_type;
02368 return err;
02369 case RI_def_ipc_create_type:
02370 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02371 value_p->type_id = role_entry.def_ipc_create_type;
02372 return err;
02373 case RI_def_group_create_type:
02374 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02375 value_p->type_id = role_entry.def_group_create_type;
02376 return err;
02377 case RI_boot_role:
02378 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &role_entry)))
02379 value_p->boot_role = role_entry.boot_role;
02380 return err;
02381 default:
02382 return -RSBAC_EINVALIDATTR;
02383 }
02384
02385 return(err);
02386 break;
02387
02388 case RT_TYPE:
02389 if(tid.type > RC_type_max_value)
02390 return(-RSBAC_EINVALIDTARGET);
02391
02392
02393
02394
02395
02396
02397
02398 switch (item)
02399 {
02400 case RI_type_fd_name:
02401 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, type_fd_handle, NULL, &tid.type, &type_fd_entry)))
02402 {
02403 strncpy(value_p->name, type_fd_entry.name, RSBAC_RC_NAME_LEN - 1);
02404 value_p->name[RSBAC_RC_NAME_LEN - 1] = (char) 0;
02405 }
02406 return err;
02407 case RI_type_fd_need_secdel:
02408 if(!(err = rsbac_ta_list_get_data_ttl(ta_number, type_fd_handle, NULL, &tid.type, &type_fd_entry)))
02409 {
02410 value_p->need_secdel = type_fd_entry.need_secdel;
02411 }
02412 return err;
02413 case RI_type_dev_name:
02414 return rsbac_ta_list_get_data_ttl(ta_number, type_dev_handle, NULL, &tid.type, value_p->name);
02415 case RI_type_ipc_name:
02416 return rsbac_ta_list_get_data_ttl(ta_number, type_ipc_handle, NULL, &tid.type, value_p->name);
02417 case RI_type_user_name:
02418 return rsbac_ta_list_get_data_ttl(ta_number, type_user_handle, NULL, &tid.type, value_p->name);
02419 case RI_type_process_name:
02420 return rsbac_ta_list_get_data_ttl(ta_number, type_process_handle, NULL, &tid.type, value_p->name);
02421 case RI_type_group_name:
02422 return rsbac_ta_list_get_data_ttl(ta_number, type_group_handle, NULL, &tid.type, value_p->name);
02423 case RI_type_netdev_name:
02424 return rsbac_ta_list_get_data_ttl(ta_number, type_netdev_handle, NULL, &tid.type, value_p->name);
02425 case RI_type_nettemp_name:
02426 return rsbac_ta_list_get_data_ttl(ta_number, type_nettemp_handle, NULL, &tid.type, value_p->name);
02427 case RI_type_netobj_name:
02428 return rsbac_ta_list_get_data_ttl(ta_number, type_netobj_handle, NULL, &tid.type, value_p->name);
02429 case RI_type_scd_name:
02430 {
02431 char * tmp;
02432
02433 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02434 if(!tmp)
02435 err = -RSBAC_ENOMEM;
02436 else
02437 {
02438 get_rc_scd_type_name(tmp,tid.type);
02439 strncpy(value_p->name, tmp, RSBAC_RC_NAME_LEN - 1);
02440 value_p->name[RSBAC_RC_NAME_LEN - 1] = (char) 0;
02441 rsbac_kfree(tmp);
02442 }
02443 break;
02444 }
02445 default:
02446 err = -RSBAC_EINVALIDATTR;
02447 }
02448
02449 return(err);
02450 break;
02451
02452
02453 default:
02454 err = -RSBAC_EINVALIDTARGET;
02455 }
02456 return err;
02457 }
02458
02459
02460 rsbac_boolean_t rsbac_rc_check_comp (rsbac_rc_role_id_t role,
02461 union rsbac_rc_target_id_t subtid,
02462 enum rsbac_rc_item_t item,
02463 enum rsbac_rc_special_rights_t right)
02464 {
02465 rsbac_rc_rights_vector_t rights_vector;
02466
02467 if (!rsbac_is_initialized())
02468 {
02469 rsbac_printk(KERN_WARNING "rsbac_rc_check_comp(): RSBAC not initialized\n");
02470 return(-RSBAC_ENOTINITIALIZED);
02471 }
02472 if (in_interrupt())
02473 {
02474 rsbac_printk(KERN_WARNING "rsbac_rc_check_comp(): called from interrupt!\n");
02475 }
02476 if(role > RC_role_max_value)
02477 return FALSE;
02478
02479
02480
02481
02482
02483
02484
02485 switch (item)
02486 {
02487 case RI_role_comp:
02488 return rsbac_list_lol_subexist(role_rc_handle, &role, &subtid.role);
02489 case RI_admin_roles:
02490 return rsbac_list_lol_subexist(role_adr_handle, &role, &subtid.role);
02491 case RI_assign_roles:
02492 return rsbac_list_lol_subexist(role_asr_handle, &role, &subtid.role);
02493 case RI_type_comp_fd:
02494 if( !rsbac_list_lol_get_subdata(role_tcfd_handle, &role, &subtid.type, &rights_vector)
02495 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02496 )
02497 return TRUE;
02498 else
02499 return FALSE;
02500 case RI_type_comp_dev:
02501 if( !rsbac_list_lol_get_subdata(role_tcdv_handle, &role, &subtid.type, &rights_vector)
02502 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02503 )
02504 return TRUE;
02505 else
02506 return FALSE;
02507 case RI_type_comp_user:
02508 if( !rsbac_list_lol_get_subdata(role_tcus_handle, &role, &subtid.type, &rights_vector)
02509 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02510 )
02511 return TRUE;
02512 else
02513 return FALSE;
02514 case RI_type_comp_process:
02515 if( !rsbac_list_lol_get_subdata(role_tcpr_handle, &role, &subtid.type, &rights_vector)
02516 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02517 )
02518 return TRUE;
02519 else
02520 return FALSE;
02521 case RI_type_comp_ipc:
02522 if( !rsbac_list_lol_get_subdata(role_tcip_handle, &role, &subtid.type, &rights_vector)
02523 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02524 )
02525 return TRUE;
02526 else
02527 return FALSE;
02528 case RI_type_comp_scd:
02529 if( !rsbac_list_lol_get_subdata(role_tcsc_handle, &role, &subtid.type, &rights_vector)
02530 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02531 )
02532 return TRUE;
02533 else
02534 return FALSE;
02535 case RI_type_comp_group:
02536 if( !rsbac_list_lol_get_subdata(role_tcgr_handle, &role, &subtid.type, &rights_vector)
02537 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02538 )
02539 return TRUE;
02540 else
02541 return FALSE;
02542 case RI_type_comp_netdev:
02543 if( !rsbac_list_lol_get_subdata(role_tcnd_handle, &role, &subtid.type, &rights_vector)
02544 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02545 )
02546 return TRUE;
02547 else
02548 return FALSE;
02549 case RI_type_comp_nettemp:
02550 if( !rsbac_list_lol_get_subdata(role_tcnt_handle, &role, &subtid.type, &rights_vector)
02551 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02552 )
02553 return TRUE;
02554 else
02555 return FALSE;
02556 case RI_type_comp_netobj:
02557 if( !rsbac_list_lol_get_subdata(role_tcno_handle, &role, &subtid.type, &rights_vector)
02558 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right))
02559 )
02560 return TRUE;
02561 else
02562 return FALSE;
02563
02564 default:
02565 rsbac_printk(KERN_WARNING
02566 "rsbac_rc_check_comp(): called for invalid item %u\n",
02567 item);
02568 return FALSE;
02569 }
02570 }
02571
02572
02573
02574 int rsbac_rc_get_list(
02575 rsbac_list_ta_number_t ta_number,
02576 enum rsbac_rc_target_t target,
02577 union rsbac_rc_target_id_t tid,
02578 enum rsbac_rc_item_t item,
02579 __u32 ** array_pp,
02580 rsbac_time_t ** ttl_array_pp)
02581 {
02582 int res;
02583
02584 if (!rsbac_is_initialized())
02585 {
02586 rsbac_printk(KERN_WARNING "rsbac_rc_get_list(): RSBAC not initialized\n");
02587 return(-RSBAC_ENOTINITIALIZED);
02588 }
02589 if (in_interrupt())
02590 {
02591 rsbac_printk(KERN_WARNING "rsbac_rc_get_list(): called from interrupt!\n");
02592 }
02593 if(ttl_array_pp)
02594 *ttl_array_pp = NULL;
02595 switch (target)
02596 {
02597 case RT_ROLE:
02598
02599
02600
02601
02602
02603
02604 switch (item)
02605 {
02606 case RI_name:
02607 if(array_pp)
02608 return rsbac_ta_list_get_all_desc(ta_number, role_handle, (void **) array_pp);
02609 else
02610 return rsbac_ta_list_count(ta_number, role_handle);
02611 case RI_role_comp:
02612 if(array_pp)
02613 res = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02614 role_rc_handle,
02615 &tid.role,
02616 (void **) array_pp,
02617 ttl_array_pp);
02618 else
02619 res = rsbac_ta_list_lol_subcount(ta_number, role_rc_handle, &tid.role);
02620 if(res == -RSBAC_ENOTFOUND)
02621 return 0;
02622 else
02623 return res;
02624 case RI_admin_roles:
02625 if(array_pp)
02626 res = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02627 role_adr_handle,
02628 &tid.role,
02629 (void **) array_pp,
02630 ttl_array_pp);
02631 else
02632 res = rsbac_ta_list_lol_subcount(ta_number, role_adr_handle, &tid.role);
02633 if(res == -RSBAC_ENOTFOUND)
02634 return 0;
02635 else
02636 return res;
02637 case RI_assign_roles:
02638 if(array_pp)
02639 res = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02640 role_asr_handle,
02641 &tid.role,
02642 (void **) array_pp,
02643 ttl_array_pp);
02644 else
02645 res = rsbac_ta_list_lol_subcount(ta_number, role_asr_handle, &tid.role);
02646 if(res == -RSBAC_ENOTFOUND)
02647 return 0;
02648 else
02649 return res;
02650 case RI_def_fd_ind_create_type:
02651 if(array_pp)
02652 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02653 role_dfdc_handle,
02654 &tid.role,
02655 (void **) array_pp,
02656 ttl_array_pp);
02657 else
02658 return rsbac_ta_list_lol_subcount(ta_number, role_dfdc_handle, &tid.role);
02659 case RI_type_comp_fd:
02660 if(array_pp)
02661 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02662 role_tcfd_handle,
02663 &tid.role,
02664 (void **) array_pp,
02665 ttl_array_pp);
02666 else
02667 return rsbac_ta_list_lol_subcount(ta_number, role_tcfd_handle, &tid.role);
02668 case RI_type_comp_dev:
02669 if(array_pp)
02670 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02671 role_tcdv_handle,
02672 &tid.role,
02673 (void **) array_pp,
02674 ttl_array_pp);
02675 else
02676 return rsbac_ta_list_lol_subcount(ta_number, role_tcdv_handle, &tid.role);
02677 case RI_type_comp_user:
02678 if(array_pp)
02679 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02680 role_tcus_handle,
02681 &tid.role,
02682 (void **) array_pp,
02683 ttl_array_pp);
02684 else
02685 return rsbac_ta_list_lol_subcount(ta_number, role_tcus_handle, &tid.role);
02686 case RI_type_comp_process:
02687 if(array_pp)
02688 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02689 role_tcpr_handle,
02690 &tid.role,
02691 (void **) array_pp,
02692 ttl_array_pp);
02693 else
02694 return rsbac_ta_list_lol_subcount(ta_number, role_tcpr_handle, &tid.role);
02695 case RI_type_comp_ipc:
02696 if(array_pp)
02697 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02698 role_tcip_handle,
02699 &tid.role,
02700 (void **) array_pp,
02701 ttl_array_pp);
02702 else
02703 return rsbac_ta_list_lol_subcount(ta_number, role_tcip_handle, &tid.role);
02704 case RI_type_comp_scd:
02705 if(array_pp)
02706 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02707 role_tcsc_handle,
02708 &tid.role,
02709 (void **) array_pp,
02710 ttl_array_pp);
02711 else
02712 return rsbac_ta_list_lol_subcount(ta_number, role_tcsc_handle, &tid.role);
02713 case RI_type_comp_group:
02714 if(array_pp)
02715 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02716 role_tcgr_handle,
02717 &tid.role,
02718 (void **) array_pp,
02719 ttl_array_pp);
02720 else
02721 return rsbac_ta_list_lol_subcount(ta_number, role_tcgr_handle, &tid.role);
02722 case RI_type_comp_netdev:
02723 if(array_pp)
02724 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02725 role_tcnd_handle,
02726 &tid.role,
02727 (void **) array_pp,
02728 ttl_array_pp);
02729 else
02730 return rsbac_ta_list_lol_subcount(ta_number, role_tcnd_handle, &tid.role);
02731 case RI_type_comp_nettemp:
02732 if(array_pp)
02733 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02734 role_tcnt_handle,
02735 &tid.role,
02736 (void **) array_pp,
02737 ttl_array_pp);
02738 else
02739 return rsbac_ta_list_lol_subcount(ta_number, role_tcnt_handle, &tid.role);
02740 case RI_type_comp_netobj:
02741 if(array_pp)
02742 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02743 role_tcno_handle,
02744 &tid.role,
02745 (void **) array_pp,
02746 ttl_array_pp);
02747 else
02748 return rsbac_ta_list_lol_subcount(ta_number, role_tcno_handle, &tid.role);
02749
02750 default:
02751 return -RSBAC_EINVALIDATTR;
02752 }
02753
02754 case RT_TYPE:
02755
02756
02757
02758
02759
02760
02761
02762 switch (item)
02763 {
02764 case RI_type_fd_name:
02765 case RI_type_fd_need_secdel:
02766 if(array_pp)
02767 return rsbac_ta_list_get_all_desc(ta_number, type_fd_handle, (void **) array_pp);
02768 else
02769 return rsbac_ta_list_count(ta_number, type_fd_handle);
02770 case RI_type_dev_name:
02771 if(array_pp)
02772 return rsbac_ta_list_get_all_desc(ta_number, type_dev_handle, (void **) array_pp);
02773 else
02774 return rsbac_ta_list_count(ta_number, type_dev_handle);
02775 case RI_type_ipc_name:
02776 if(array_pp)
02777 return rsbac_ta_list_get_all_desc(ta_number, type_ipc_handle, (void **) array_pp);
02778 else
02779 return rsbac_ta_list_count(ta_number, type_ipc_handle);
02780 case RI_type_user_name:
02781 if(array_pp)
02782 return rsbac_ta_list_get_all_desc(ta_number, type_user_handle, (void **) array_pp);
02783 else
02784 return rsbac_ta_list_count(ta_number, type_user_handle);
02785 case RI_type_process_name:
02786 if(array_pp)
02787 return rsbac_ta_list_get_all_desc(ta_number, type_process_handle, (void **) array_pp);
02788 else
02789 return rsbac_ta_list_count(ta_number, type_process_handle);
02790 case RI_type_group_name:
02791 if(array_pp)
02792 return rsbac_ta_list_get_all_desc(ta_number, type_group_handle, (void **) array_pp);
02793 else
02794 return rsbac_ta_list_count(ta_number, type_group_handle);
02795 case RI_type_netdev_name:
02796 if(array_pp)
02797 return rsbac_ta_list_get_all_desc(ta_number, type_netdev_handle, (void **) array_pp);
02798 else
02799 return rsbac_ta_list_count(ta_number, type_netdev_handle);
02800 case RI_type_nettemp_name:
02801 if(array_pp)
02802 return rsbac_ta_list_get_all_desc(ta_number, type_nettemp_handle, (void **) array_pp);
02803 else
02804 return rsbac_ta_list_count(ta_number, type_nettemp_handle);
02805 case RI_type_netobj_name:
02806 if(array_pp)
02807 return rsbac_ta_list_get_all_desc(ta_number, type_netobj_handle, (void **) array_pp);
02808 else
02809 return rsbac_ta_list_count(ta_number, type_netobj_handle);
02810
02811 default:
02812 return -RSBAC_EINVALIDATTR;
02813 }
02814
02815 default:
02816 return -RSBAC_EINVALIDTARGET;
02817 }
02818 }
02819
02820
02821
02822 int rsbac_rc_set_item(
02823 rsbac_list_ta_number_t ta_number,
02824 enum rsbac_rc_target_t target,
02825 union rsbac_rc_target_id_t tid,
02826 union rsbac_rc_target_id_t subtid,
02827 enum rsbac_rc_item_t item,
02828 union rsbac_rc_item_value_t value,
02829 rsbac_time_t ttl)
02830 {
02831 int err=0;
02832
02833 if (!rsbac_is_initialized())
02834 {
02835 rsbac_printk(KERN_WARNING "rsbac_rc_set_item(): RSBAC not initialized\n");
02836 return(-RSBAC_ENOTINITIALIZED);
02837 }
02838 if (in_interrupt())
02839 {
02840 rsbac_printk(KERN_WARNING "rsbac_rc_set_item(): called from interrupt!\n");
02841 }
02842 switch (target)
02843 {
02844 case RT_ROLE:
02845 if(tid.role > RC_role_max_value)
02846 return(-RSBAC_EINVALIDTARGET);
02847 if( (item != RI_name)
02848 && !rsbac_ta_list_exist(ta_number, role_handle, &tid.role)
02849 )
02850 return(-RSBAC_EINVALIDTARGET);
02851 #ifdef CONFIG_RSBAC_DEBUG
02852 if (rsbac_debug_ds_rc)
02853 {
02854 rsbac_printk(KERN_DEBUG
02855 "rsbac_rc_set_item(): Setting role item value\n");
02856 }
02857 #endif
02858 switch (item)
02859 {
02860 case RI_role_comp:
02861 if(value.comp)
02862 {
02863 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02864 role_rc_handle,
02865 ttl,
02866 &tid.role,
02867 &subtid.role,
02868 NULL);
02869 }
02870 else
02871 {
02872 rsbac_ta_list_lol_subremove(ta_number, role_rc_handle, &tid.role, &subtid.role);
02873 return 0;
02874 }
02875 case RI_admin_roles:
02876 if(value.comp)
02877 {
02878 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02879 role_adr_handle,
02880 ttl,
02881 &tid.role,
02882 &subtid.role,
02883 NULL);
02884 }
02885 else
02886 {
02887 rsbac_ta_list_lol_subremove(ta_number, role_adr_handle, &tid.role, &subtid.role);
02888 return 0;
02889 }
02890 case RI_assign_roles:
02891 if(value.comp)
02892 {
02893 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02894 role_asr_handle,
02895 ttl,
02896 &tid.role,
02897 &subtid.role,
02898 NULL);
02899 }
02900 else
02901 {
02902 rsbac_ta_list_lol_subremove(ta_number, role_asr_handle, &tid.role, &subtid.role);
02903 return 0;
02904 }
02905 case RI_type_comp_fd:
02906 if(!rsbac_ta_list_exist(ta_number, type_fd_handle, &subtid.type))
02907 return -RSBAC_EINVALIDVALUE;
02908 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02909 role_tcfd_handle,
02910 ttl,
02911 &tid.role,
02912 &subtid.type,
02913 &value.rights);
02914 case RI_type_comp_dev:
02915 if(!rsbac_ta_list_exist(ta_number, type_dev_handle, &subtid.type))
02916 return -RSBAC_EINVALIDVALUE;
02917 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02918 role_tcdv_handle,
02919 ttl,
02920 &tid.role,
02921 &subtid.type,
02922 &value.rights);
02923 case RI_type_comp_user:
02924 if(!rsbac_ta_list_exist(ta_number, type_user_handle, &subtid.type))
02925 return -RSBAC_EINVALIDVALUE;
02926 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02927 role_tcus_handle,
02928 ttl,
02929 &tid.role,
02930 &subtid.type,
02931 &value.rights);
02932 case RI_type_comp_process:
02933 if(!rsbac_ta_list_exist(ta_number, type_process_handle, &subtid.type))
02934 return -RSBAC_EINVALIDVALUE;
02935 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02936 role_tcpr_handle,
02937 ttl,
02938 &tid.role,
02939 &subtid.type,
02940 &value.rights);
02941 case RI_type_comp_ipc:
02942 if(!rsbac_ta_list_exist(ta_number, type_ipc_handle, &subtid.type))
02943 return -RSBAC_EINVALIDVALUE;
02944 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02945 role_tcip_handle,
02946 ttl,
02947 &tid.role,
02948 &subtid.type,
02949 &value.rights);
02950 case RI_type_comp_scd:
02951 if( (subtid.type >= ST_none)
02952 && (subtid.type < RST_min)
02953 )
02954 return -RSBAC_EINVALIDVALUE;
02955 if(subtid.type >= RST_none)
02956 return -RSBAC_EINVALIDVALUE;
02957 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02958 role_tcsc_handle,
02959 ttl,
02960 &tid.role,
02961 &subtid.type,
02962 &value.rights);
02963 case RI_type_comp_group:
02964 if(!rsbac_ta_list_exist(ta_number, type_group_handle, &subtid.type))
02965 return -RSBAC_EINVALIDVALUE;
02966 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02967 role_tcgr_handle,
02968 ttl,
02969 &tid.role,
02970 &subtid.type,
02971 &value.rights);
02972 case RI_type_comp_netdev:
02973 if(!rsbac_ta_list_exist(ta_number, type_netdev_handle, &subtid.type))
02974 return -RSBAC_EINVALIDVALUE;
02975 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02976 role_tcnd_handle,
02977 ttl,
02978 &tid.role,
02979 &subtid.type,
02980 &value.rights);
02981 case RI_type_comp_nettemp:
02982 if(!rsbac_ta_list_exist(ta_number, type_nettemp_handle, &subtid.type))
02983 return -RSBAC_EINVALIDVALUE;
02984 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02985 role_tcnt_handle,
02986 ttl,
02987 &tid.role,
02988 &subtid.type,
02989 &value.rights);
02990 case RI_type_comp_netobj:
02991 if(!rsbac_ta_list_exist(ta_number, type_netobj_handle, &subtid.type))
02992 return -RSBAC_EINVALIDVALUE;
02993 return rsbac_ta_list_lol_subadd_ttl(ta_number,
02994 role_tcno_handle,
02995 ttl,
02996 &tid.role,
02997 &subtid.type,
02998 &value.rights);
02999 case RI_admin_type:
03000 {
03001 struct rsbac_rc_role_entry_t entry;
03002
03003 err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03004 if(err)
03005 return err;
03006 entry.admin_type = value.admin_type;
03007 return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03008 }
03009 case RI_name:
03010 {
03011 struct rsbac_rc_role_entry_t entry;
03012
03013
03014 if(!value.name[0])
03015 return -RSBAC_EINVALIDVALUE;
03016
03017 memset(&entry, 0, sizeof(struct rsbac_rc_role_entry_t));
03018 rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03019 strncpy(entry.name, value.name, RSBAC_RC_NAME_LEN - 1);
03020 entry.name[RSBAC_RC_NAME_LEN-1] = 0;
03021 return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03022 }
03023 case RI_remove_role:
03024 if(!tid.role)
03025 return -RSBAC_EINVALIDVALUE;
03026
03027 rsbac_ta_list_lol_remove(ta_number, role_rc_handle, &tid.role);
03028
03029 rsbac_ta_list_lol_subremove_from_all(ta_number, role_rc_handle, &tid.role);
03030
03031
03032 rsbac_ta_list_lol_remove(ta_number, role_adr_handle, &tid.role);
03033
03034 rsbac_ta_list_lol_subremove_from_all(ta_number, role_adr_handle, &tid.role);
03035
03036
03037 rsbac_ta_list_lol_remove(ta_number, role_asr_handle, &tid.role);
03038
03039 rsbac_ta_list_lol_subremove_from_all(ta_number, role_asr_handle, &tid.role);
03040
03041
03042 rsbac_ta_list_lol_remove(ta_number, role_dfdc_handle, &tid.role);
03043
03044
03045 rsbac_ta_list_lol_remove(ta_number, role_tcfd_handle, &tid.role);
03046 rsbac_ta_list_lol_remove(ta_number, role_tcdv_handle, &tid.role);
03047 rsbac_ta_list_lol_remove(ta_number, role_tcus_handle, &tid.role);
03048 rsbac_ta_list_lol_remove(ta_number, role_tcpr_handle, &tid.role);
03049 rsbac_ta_list_lol_remove(ta_number, role_tcip_handle, &tid.role);
03050 rsbac_ta_list_lol_remove(ta_number, role_tcsc_handle, &tid.role);
03051 rsbac_ta_list_lol_remove(ta_number, role_tcgr_handle, &tid.role);
03052 rsbac_ta_list_lol_remove(ta_number, role_tcnd_handle, &tid.role);
03053 rsbac_ta_list_lol_remove(ta_number, role_tcnt_handle, &tid.role);
03054 rsbac_ta_list_lol_remove(ta_number, role_tcno_handle, &tid.role);
03055
03056 #ifdef CONFIG_RSBAC_ACL
03057
03058 {
03059 struct rsbac_acl_entry_desc_t desc;
03060
03061 desc.subj_type = ACLS_ROLE;
03062 desc.subj_id = tid.role;
03063 rsbac_acl_remove_subject(ta_number, desc);
03064 }
03065 #endif
03066
03067 return rsbac_ta_list_remove(ta_number, role_handle, &tid.role);
03068
03069 case RI_def_fd_create_type:
03070 {
03071 struct rsbac_rc_role_entry_t entry;
03072
03073 if( (value.type_id <= RC_type_max_value)
03074 && !rsbac_ta_list_exist(ta_number, type_fd_handle, &value.type_id)
03075 )
03076 return -RSBAC_EINVALIDVALUE;
03077 if( (value.type_id > RC_type_max_value)
03078 && (value.type_id < RC_type_min_special)
03079 )
03080 return -RSBAC_EINVALIDVALUE;
03081 err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03082 if(err)
03083 return err;
03084 entry.def_fd_create_type = value.type_id;
03085 return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03086 }
03087 case RI_def_fd_ind_create_type:
03088 if( (value.type_id <= RC_type_max_value)
03089 && !rsbac_ta_list_exist(ta_number, type_fd_handle, &value.type_id)
03090 )
03091 return -RSBAC_EINVALIDVALUE;
03092 if( (value.type_id > RC_type_max_value)
03093 && (value.type_id < RC_type_min_special)
03094 )
03095 return -RSBAC_EINVALIDVALUE;
03096 return rsbac_ta_list_lol_subadd_ttl(ta_number,
03097 role_dfdc_handle,
03098 ttl,
03099 &tid.role,
03100 &subtid.type,
03101 &value.type_id);
03102 case RI_def_fd_ind_create_type_remove:
03103 return rsbac_ta_list_lol_subremove(ta_number, role_dfdc_handle, &tid.role, &subtid.type);
03104
03105 case RI_def_user_create_type:
03106 {
03107 struct rsbac_rc_role_entry_t entry;
03108
03109 if( (value.type_id <= RC_type_max_value)
03110 && !rsbac_ta_list_exist(ta_number, type_user_handle, &value.type_id)
03111 )
03112 return -RSBAC_EINVALIDVALUE;
03113 if( (value.type_id > RC_type_max_value)
03114 && (value.type_id < RC_type_min_special)
03115 )
03116 return -RSBAC_EINVALIDVALUE;
03117 err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03118 if(err)
03119 return err;
03120 entry.def_user_create_type = value.type_id;
03121 return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03122 }
03123 case RI_def_process_create_type:
03124 {
03125 struct rsbac_rc_role_entry_t entry;
03126
03127 if( (value.type_id <= RC_type_max_value)
03128 && !rsbac_ta_list_exist(ta_number, type_process_handle, &value.type_id)
03129 )
03130 return -RSBAC_EINVALIDVALUE;
03131 if( (value.type_id > RC_type_max_value)
03132 && (value.type_id < RC_type_min_special)
03133 )
03134 return -RSBAC_EINVALIDVALUE;
03135 err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03136 if(err)
03137 return err;
03138 entry.def_process_create_type = value.type_id;
03139 return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03140 }
03141 case RI_def_process_chown_type:
03142 {
03143 struct rsbac_rc_role_entry_t entry;
03144
03145 if( (value.type_id <= RC_type_max_value)
03146 && !rsbac_ta_list_exist(ta_number, type_process_handle, &value.type_id)
03147 )
03148 return -RSBAC_EINVALIDVALUE;
03149 if( (value.type_id > RC_type_max_value)
03150 && (value.type_id < RC_type_min_special)
03151 )
03152 return -RSBAC_EINVALIDVALUE;
03153 err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03154 if(err)
03155 return err;
03156 entry.def_process_chown_type = value.type_id;
03157 return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03158 }
03159 case RI_def_process_execute_type:
03160 {
03161 struct rsbac_rc_role_entry_t entry;
03162
03163 if( (value.type_id <= RC_type_max_value)
03164 && !rsbac_ta_list_exist(ta_number, type_process_handle, &value.type_id)
03165 )
03166 return -RSBAC_EINVALIDVALUE;
03167 if( (value.type_id > RC_type_max_value)
03168 && (value.type_id < RC_type_min_special)
03169 )
03170 return -RSBAC_EINVALIDVALUE;
03171 err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03172 if(err)
03173 return err;
03174 entry.def_process_execute_type = value.type_id;
03175 return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03176 }
03177 case RI_def_ipc_create_type:
03178 {
03179 struct rsbac_rc_role_entry_t entry;
03180
03181 if( (value.type_id <= RC_type_max_value)
03182 && !rsbac_ta_list_exist(ta_number, type_ipc_handle, &value.type_id)
03183 )
03184 return -RSBAC_EINVALIDVALUE;
03185 if( (value.type_id > RC_type_max_value)
03186 && (value.type_id < RC_type_min_special)
03187 )
03188 return -RSBAC_EINVALIDVALUE;
03189 err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03190 if(err)
03191 return err;
03192 entry.def_ipc_create_type = value.type_id;
03193 return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03194 }
03195 case RI_def_group_create_type:
03196 {
03197 struct rsbac_rc_role_entry_t entry;
03198
03199 if( (value.type_id <= RC_type_max_value)
03200 && !rsbac_ta_list_exist(ta_number, type_group_handle, &value.type_id)
03201 )
03202 return -RSBAC_EINVALIDVALUE;
03203 if( (value.type_id > RC_type_max_value)
03204 && (value.type_id < RC_type_min_special)
03205 )
03206 return -RSBAC_EINVALIDVALUE;
03207 err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03208 if(err)
03209 return err;
03210 entry.def_group_create_type = value.type_id;
03211 return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03212 }
03213 case RI_boot_role:
03214 {
03215 struct rsbac_rc_role_entry_t entry;
03216
03217 err = rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, &tid.role, &entry);
03218 if(err)
03219 return err;
03220 entry.boot_role = value.boot_role;
03221 return rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &tid.role, &entry);
03222 }
03223
03224 default:
03225 return -RSBAC_EINVALIDATTR;
03226 }
03227
03228 case RT_TYPE:
03229 if(tid.type > RC_type_max_value)
03230 return(-RSBAC_EINVALIDTARGET);
03231 #ifdef CONFIG_RSBAC_DEBUG
03232 if (rsbac_debug_ds_rc)
03233 {
03234 rsbac_printk(KERN_DEBUG
03235 "rsbac_rc_set_item(): Setting type item value\n");
03236 }
03237 #endif
03238 switch (item)
03239 {
03240 case RI_type_fd_name:
03241 {
03242 struct rsbac_rc_type_fd_entry_t entry;
03243
03244
03245 if(!value.name[0])
03246 return -RSBAC_EINVALIDVALUE;
03247
03248 memset(&entry, 0, sizeof(struct rsbac_rc_type_fd_entry_t));
03249 rsbac_ta_list_get_data_ttl(ta_number, type_fd_handle, NULL, &tid.type, &entry);
03250 strncpy(entry.name, value.name, RSBAC_RC_NAME_LEN - 1);
03251 entry.name[RSBAC_RC_NAME_LEN-1] = 0;
03252 return rsbac_ta_list_add_ttl(ta_number, type_fd_handle, 0, &tid.type, &entry);
03253 }
03254 case RI_type_fd_need_secdel:
03255 {
03256 struct rsbac_rc_type_fd_entry_t entry;
03257
03258 err = rsbac_ta_list_get_data_ttl(ta_number, type_fd_handle, NULL, &tid.type, &entry);
03259 if(err)
03260 return err;
03261 entry.need_secdel = value.need_secdel;
03262 return rsbac_ta_list_add_ttl(ta_number, type_fd_handle, 0, &tid.type, &entry);
03263 }
03264 case RI_type_dev_name:
03265
03266 if(!value.name[0])
03267 return -RSBAC_EINVALIDVALUE;
03268
03269 value.name[RSBAC_RC_NAME_LEN-1] = 0;
03270 return rsbac_ta_list_add_ttl(ta_number, type_dev_handle, 0, &tid.type, &value.name);
03271 case RI_type_ipc_name:
03272
03273 if(!value.name[0])
03274 return -RSBAC_EINVALIDVALUE;
03275
03276 value.name[RSBAC_RC_NAME_LEN-1] = 0;
03277 return rsbac_ta_list_add_ttl(ta_number, type_ipc_handle, 0, &tid.type, &value.name);
03278 case RI_type_user_name:
03279
03280 if(!value.name[0])
03281 return -RSBAC_EINVALIDVALUE;
03282
03283 value.name[RSBAC_RC_NAME_LEN-1] = 0;
03284 return rsbac_ta_list_add_ttl(ta_number, type_user_handle, 0, &tid.type, &value.name);
03285 case RI_type_process_name:
03286
03287 if(!value.name[0])
03288 return -RSBAC_EINVALIDVALUE;
03289
03290 value.name[RSBAC_RC_NAME_LEN-1] = 0;
03291 return rsbac_ta_list_add_ttl(ta_number, type_process_handle, 0, &tid.type, &value.name);
03292 case RI_type_group_name:
03293
03294 if(!value.name[0])
03295 return -RSBAC_EINVALIDVALUE;
03296
03297 value.name[RSBAC_RC_NAME_LEN-1] = 0;
03298 return rsbac_ta_list_add_ttl(ta_number, type_group_handle, 0, &tid.type, &value.name);
03299 case RI_type_netdev_name:
03300
03301 if(!value.name[0])
03302 return -RSBAC_EINVALIDVALUE;
03303
03304 value.name[RSBAC_RC_NAME_LEN-1] = 0;
03305 return rsbac_ta_list_add_ttl(ta_number, type_netdev_handle, 0, &tid.type, &value.name);
03306 case RI_type_nettemp_name:
03307
03308 if(!value.name[0])
03309 return -RSBAC_EINVALIDVALUE;
03310
03311 value.name[RSBAC_RC_NAME_LEN-1] = 0;
03312 return rsbac_ta_list_add_ttl(ta_number, type_nettemp_handle, 0, &tid.type, &value.name);
03313 case RI_type_netobj_name:
03314
03315 if(!value.name[0])
03316 return -RSBAC_EINVALIDVALUE;
03317
03318 value.name[RSBAC_RC_NAME_LEN-1] = 0;
03319 return rsbac_ta_list_add_ttl(ta_number, type_netobj_handle, 0, &tid.type, &value.name);
03320
03321 case RI_type_fd_remove:
03322 if(!tid.type)
03323 return -RSBAC_EINVALIDVALUE;
03324 rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcfd_handle, &tid.type);
03325 rsbac_ta_list_lol_subremove_from_all(ta_number, role_dfdc_handle, &tid.type);
03326 return rsbac_ta_list_remove(ta_number, type_fd_handle, &tid.type);
03327 case RI_type_dev_remove:
03328 if(!tid.type)
03329 return -RSBAC_EINVALIDVALUE;
03330 rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcdv_handle, &tid.type);
03331 return rsbac_ta_list_remove(ta_number, type_dev_handle, &tid.type);
03332 case RI_type_user_remove:
03333 if(!tid.type)
03334 return -RSBAC_EINVALIDVALUE;
03335 rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcus_handle, &tid.type);
03336 return rsbac_ta_list_remove(ta_number, type_user_handle, &tid.type);
03337 case RI_type_process_remove:
03338 if(!tid.type)
03339 return -RSBAC_EINVALIDVALUE;
03340 rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcpr_handle, &tid.type);
03341 return rsbac_ta_list_remove(ta_number, type_process_handle, &tid.type);
03342 case RI_type_ipc_remove:
03343 if(!tid.type)
03344 return -RSBAC_EINVALIDVALUE;
03345 rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcip_handle, &tid.type);
03346 return rsbac_ta_list_remove(ta_number, type_ipc_handle, &tid.type);
03347 case RI_type_group_remove:
03348 if(!tid.type)
03349 return -RSBAC_EINVALIDVALUE;
03350 rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcgr_handle, &tid.type);
03351 return rsbac_ta_list_remove(ta_number, type_group_handle, &tid.type);
03352 case RI_type_netdev_remove:
03353 if(!tid.type)
03354 return -RSBAC_EINVALIDVALUE;
03355 rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcnd_handle, &tid.type);
03356 return rsbac_ta_list_remove(ta_number, type_netdev_handle, &tid.type);
03357 case RI_type_nettemp_remove:
03358 if(!tid.type)
03359 return -RSBAC_EINVALIDVALUE;
03360 rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcnt_handle, &tid.type);
03361 return rsbac_ta_list_remove(ta_number, type_nettemp_handle, &tid.type);
03362 case RI_type_netobj_remove:
03363 if(!tid.type)
03364 return -RSBAC_EINVALIDVALUE;
03365 rsbac_ta_list_lol_subremove_from_all(ta_number, role_tcno_handle, &tid.type);
03366 return rsbac_ta_list_remove(ta_number,type_netobj_handle, &tid.type);
03367
03368 default:
03369 return -RSBAC_EINVALIDATTR;
03370 }
03371
03372
03373 default:
03374 return -RSBAC_EINVALIDTARGET;
03375 }
03376 }
03377
03378
