#include <linux/init.h>#include <rsbac/types.h>Go to the source code of this file.
|
||||||||||||
|
Referenced by sys_rsbac_check(). |
|
|
Definition at line 795 of file mac_data_structures.c. References add_device_item(), rsbac_mac_device_list_head_t::count, create_device_item(), rsbac_mac_device_list_head_t::curr, rsbac_list_lol_info_t::data_size, rsbac_list_lol_info_t::desc_size, get_error_name(), rsbac_mac_device_list_head_t::head, rsbac_list_lol_info_t::key, rsbac_mac_device_list_head_t::lock, mac_register_fd_lists(), rsbac_list_lol_info_t::max_age, NULL, proc_rsbac_root_p, RSBAC_ECOULDNOTADDDEVICE, RSBAC_EREINIT, rsbac_is_initialized(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_LIST_DEF_DATA, rsbac_list_lol_register(), RSBAC_LIST_VERSION, RSBAC_MAC_LIST_KEY, RSBAC_MAC_P_LIST_NAME, RSBAC_MAC_P_LIST_VERSION, RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_root_dev, rsbac_list_lol_info_t::subdata_size, rsbac_list_lol_info_t::subdesc_size, rsbac_mac_device_list_head_t::tail, and rsbac_list_lol_info_t::version. Referenced by rsbac_do_init(). 00797 {
00798 int err = 0;
00799 struct rsbac_mac_device_list_item_t * device_p = NULL;
00800 u_long dflags;
00801 struct proc_dir_entry * tmp_entry_p;
00802 struct rsbac_list_lol_info_t lol_info;
00803
00804 if (rsbac_is_initialized())
00805 {
00806 rsbac_printk(KERN_WARNING "rsbac_init_mac(): RSBAC already initialized\n");
00807 return(-RSBAC_EREINIT);
00808 }
00809
00810 /* set rw-spinlocks to unlocked status and init data structures */
00811 rsbac_printk(KERN_INFO "rsbac_init_mac(): Initializing RSBAC: MAC subsystem\n");
00812
00813 lol_info.version = RSBAC_MAC_P_LIST_VERSION;
00814 lol_info.key = RSBAC_MAC_LIST_KEY;
00815 lol_info.desc_size = sizeof(rsbac_pid_t);
00816 lol_info.data_size = 0;
00817 lol_info.subdesc_size = sizeof(rsbac_uid_t);
00818 lol_info.subdata_size = 0;
00819 lol_info.max_age = 0;
00820 err = rsbac_list_lol_register(RSBAC_LIST_VERSION,
00821 &process_handle,
00822 &lol_info,
00823 RSBAC_LIST_DEF_DATA,
00824 NULL,
00825 NULL,
00826 NULL,
00827 NULL,
00828 NULL,
00829 NULL,
00830 RSBAC_MAC_P_LIST_NAME,
00831 RSBAC_AUTO_DEV);
00832 if(err)
00833 {
00834 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00835
00836 if(tmp)
00837 {
00838 rsbac_printk(KERN_WARNING
00839 "rsbac_init_mac(): Registering MAC process trusted user list failed with error %s\n",
00840 get_error_name(tmp, err));
00841 rsbac_kfree(tmp);
00842 }
00843 }
00844
00845 /* Init FD lists */
00846 device_list_head.lock = RW_LOCK_UNLOCKED;
00847 device_list_head.head = NULL;
00848 device_list_head.tail = NULL;
00849 device_list_head.curr = NULL;
00850 device_list_head.count = 0;
00851
00852 /* read all data */
00853 #ifdef CONFIG_RSBAC_DEBUG
00854 if (rsbac_debug_ds_mac)
00855 {
00856 rsbac_printk(KERN_INFO "rsbac_init_mac(): Registering FD lists\n");
00857 }
00858 #endif
00859 device_p = create_device_item(rsbac_root_dev);
00860 if (!device_p)
00861 {
00862 rsbac_printk(KERN_CRIT "rsbac_init_mac(): Could not add device!\n");
00863 return(-RSBAC_ECOULDNOTADDDEVICE);
00864 }
00865 if((err = mac_register_fd_lists(device_p,rsbac_root_dev)))
00866 {
00867 char tmp[RSBAC_MAXNAMELEN];
00868
00869 rsbac_printk(KERN_WARNING
00870 "rsbac_init_mac(): File/Dir trusted user set registration failed for dev %02u:%02u, err %s!\n",
00871 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err));
00872 }
00873 /* wait for write access to device_list_head */
00874 rsbac_write_lock_irq(&device_list_head.lock, &dflags);
00875 device_p = add_device_item(device_p);
00876 /* device was added, allow access */
00877 rsbac_write_unlock_irq(&device_list_head.lock, &dflags);
00878 if (!device_p)
00879 {
00880 rsbac_printk(KERN_CRIT "rsbac_init_mac(): Could not add device!\n");
00881 return(-RSBAC_ECOULDNOTADDDEVICE);
00882 }
00883
00884 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00885 tmp_entry_p = create_proc_entry("mac_devices",
00886 S_IFREG | S_IRUGO | S_IWUGO,
00887 proc_rsbac_root_p);
00888 if(tmp_entry_p)
00889 {
00890 tmp_entry_p->get_info = mac_devices_proc_info;
00891 }
00892 tmp_entry_p = create_proc_entry("stats_mac",
00893 S_IFREG | S_IRUGO,
00894 proc_rsbac_root_p);
00895 if(tmp_entry_p)
00896 {
00897 tmp_entry_p->get_info = stats_mac_proc_info;
00898 }
00899 tmp_entry_p = create_proc_entry("mac_trusted",
00900 S_IFREG | S_IRUGO,
00901 proc_rsbac_root_p);
00902 if(tmp_entry_p)
00903 {
00904 tmp_entry_p->get_info = mac_trulist_proc_info;
00905 }
00906 #endif
00907
00908 #ifdef CONFIG_RSBAC_DEBUG
00909 if (rsbac_debug_ds_mac)
00910 {
00911 rsbac_printk(KERN_DEBUG "rsbac_init_mac(): Ready.\n");
00912 }
00913 #endif
00914 return(err);
00915 };
|
|
||||||||||||||||||||
|
Definition at line 1314 of file mac_data_structures.c. References fd_hash(), rsbac_mac_device_list_item_t::handles, rsbac_mac_device_list_head_t::lock, lookup_device(), NULL, RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl(). Referenced by rsbac_mac_add_f_tru(). 01319 {
01320 int err=0;
01321 u_long dflags;
01322 struct rsbac_mac_device_list_item_t * device_p;
01323
01324 if (!rsbac_is_initialized())
01325 {
01326 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_f_truset(): RSBAC not initialized\n");
01327 return(-RSBAC_ENOTINITIALIZED);
01328 }
01329 if (in_interrupt())
01330 {
01331 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_f_truset(): called from interrupt!\n");
01332 }
01333
01334 /* protect device list */
01335 rsbac_read_lock(&device_list_head.lock, &dflags);
01336 device_p = lookup_device(file.device);
01337 if(!device_p)
01338 {
01339 /* trigger rsbac_mount() */
01340 rsbac_read_unlock(&device_list_head.lock, &dflags);
01341 rsbac_get_super_block(file.device);
01342 /* retry */
01343 rsbac_read_lock(&device_list_head.lock, &dflags);
01344 device_p = lookup_device(file.device);
01345 if(!device_p)
01346 {
01347 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_f_truset(): invalid device %02u:%02u!\n",
01348 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01349 rsbac_read_unlock(&device_list_head.lock, &dflags);
01350 return(-RSBAC_EINVALIDDEV);
01351 }
01352 }
01353
01354 err = rsbac_ta_list_lol_subadd_ttl(ta_number,
01355 device_p->handles[fd_hash(file.inode)],
01356 ttl, &file.inode, &member, NULL);
01357 rsbac_read_unlock(&device_list_head.lock, &dflags);
01358 return(err);
01359 }
|
|
||||||||||||||||||||
|
Definition at line 1296 of file mac_data_structures.c. References NULL, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subadd_ttl(). Referenced by rsbac_mac_add_p_tru(). 01301 {
01302 if (!rsbac_is_initialized())
01303 {
01304 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_p_truset(): RSBAC not initialized\n");
01305 return(-RSBAC_ENOTINITIALIZED);
01306 }
01307 if (in_interrupt())
01308 {
01309 rsbac_printk(KERN_WARNING "rsbac_mac_add_to_p_truset(): called from interrupt!\n");
01310 }
01311 return rsbac_ta_list_lol_subadd_ttl(ta_number, process_handle, ttl, &pid, &member, NULL);
01312 }
|
|
||||||||||||
|
Definition at line 1448 of file mac_data_structures.c. References fd_hash(), rsbac_mac_device_list_item_t::handles, rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove(). Referenced by rsbac_mac_remove_f_trusets(). 01451 {
01452 int err=0;
01453 u_long dflags;
01454 struct rsbac_mac_device_list_item_t * device_p;
01455
01456 if (!rsbac_is_initialized())
01457 {
01458 rsbac_printk(KERN_WARNING "rsbac_mac_clear_f_truset(): RSBAC not initialized\n");
01459 return(-RSBAC_ENOTINITIALIZED);
01460 }
01461 if (in_interrupt())
01462 {
01463 rsbac_printk(KERN_WARNING "rsbac_mac_clear_f_truset(): called from interrupt!\n");
01464 }
01465 /* protect device list */
01466 rsbac_read_lock(&device_list_head.lock, &dflags);
01467 device_p = lookup_device(file.device);
01468 if(!device_p)
01469 {
01470 /* trigger rsbac_mount() */
01471 rsbac_read_unlock(&device_list_head.lock, &dflags);
01472 rsbac_get_super_block(file.device);
01473 /* retry */
01474 rsbac_read_lock(&device_list_head.lock, &dflags);
01475 device_p = lookup_device(file.device);
01476 if(!device_p)
01477 {
01478 rsbac_printk(KERN_WARNING "rsbac_mac_clear_f_truset(): invalid device %02u:%02u!\n",
01479 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01480 rsbac_read_unlock(&device_list_head.lock, &dflags);
01481 return(-RSBAC_EINVALIDDEV);
01482 }
01483 }
01484 err = rsbac_ta_list_lol_remove(ta_number, device_p->handles[fd_hash(file.inode)], &file.inode);
01485 rsbac_read_unlock(&device_list_head.lock, &dflags);
01486 return(err);
01487 }
|
|
||||||||||||
|
Definition at line 1432 of file mac_data_structures.c. References RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_remove(). Referenced by rsbac_mac_remove_p_trusets(). 01435 {
01436 if (!rsbac_is_initialized())
01437 {
01438 rsbac_printk(KERN_WARNING "rsbac_mac_clear_p_truset(): RSBAC not initialized\n");
01439 return(-RSBAC_ENOTINITIALIZED);
01440 }
01441 if (in_interrupt())
01442 {
01443 rsbac_printk(KERN_WARNING "rsbac_mac_clear_p_truset(): called from interrupt!\n");
01444 }
01445 return rsbac_ta_list_lol_remove(ta_number, process_handle, &pid);
01446 }
|
|
||||||||||||
|
Definition at line 1525 of file mac_data_structures.c. References copy_fp_tru_set_item(), rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), and rsbac_printk(). Referenced by rsbac_adf_set_attr_mac(). 01527 {
01528 u_long dflags;
01529 struct rsbac_mac_device_list_item_t * device_p;
01530 int err=0;
01531
01532 if (!rsbac_is_initialized())
01533 {
01534 rsbac_printk(KERN_WARNING "rsbac_mac_copy_fp_truset(): RSBAC not initialized\n");
01535 return(-RSBAC_ENOTINITIALIZED);
01536 }
01537 if (in_interrupt())
01538 {
01539 rsbac_printk(KERN_WARNING "rsbac_mac_copy_fp_truset(): called from interrupt!\n");
01540 }
01541 /*
01542 #ifdef CONFIG_RSBAC_DEBUG
01543 if (rsbac_debug_ds_mac)
01544 rsbac_printk(KERN_DEBUG
01545 "rsbac_mac_copy_fp_truset(): Copying file cap set data to process cap set\n");
01546 #endif
01547 */
01548 /* protect device list */
01549 rsbac_read_lock(&device_list_head.lock, &dflags);
01550 device_p = lookup_device(file.device);
01551 if(!device_p)
01552 {
01553 /* trigger rsbac_mount() */
01554 rsbac_read_unlock(&device_list_head.lock, &dflags);
01555 rsbac_get_super_block(file.device);
01556 /* retry */
01557 rsbac_read_lock(&device_list_head.lock, &dflags);
01558 device_p = lookup_device(file.device);
01559 if(!device_p)
01560 {
01561 rsbac_printk(KERN_WARNING "rsbac_mac_copy_fp_truset(): invalid device %02u:%02u!\n",
01562 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01563 rsbac_read_unlock(&device_list_head.lock, &dflags);
01564 return(-RSBAC_EINVALIDDEV);
01565 }
01566 }
01567 /* call the copy function */
01568 err = copy_fp_tru_set_item(device_p,file,p_tru_set_id);
01569 rsbac_read_unlock(&device_list_head.lock, &dflags);
01570 return(err);
01571 }
|
|
||||||||||||
|
Definition at line 1573 of file mac_data_structures.c. References copy_pp_tru_set_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), and rsbac_printk(). Referenced by rsbac_adf_set_attr_mac(). 01575 {
01576 if (!rsbac_is_initialized())
01577 {
01578 rsbac_printk(KERN_WARNING "rsbac_mac_copy_pp_truset(): RSBAC not initialized\n");
01579 return(-RSBAC_ENOTINITIALIZED);
01580 }
01581 if (in_interrupt())
01582 {
01583 rsbac_printk(KERN_WARNING "rsbac_mac_copy_pp_truset(): called from interrupt!\n");
01584 }
01585 /*
01586 #ifdef CONFIG_RSBAC_DEBUG
01587 if (rsbac_debug_ds_mac)
01588 rsbac_printk(KERN_DEBUG
01589 "rsbac_mac_copy_pp_truset(): Copying process cap set data to process cap set\n");
01590 #endif
01591 */
01592 /* call the copy function */
01593 return copy_pp_tru_set_item(old_p_set_id,new_p_set_id);
01594 }
|
|
||||||||||||||||||||
|
Definition at line 1596 of file mac_data_structures.c. References fd_hash(), rsbac_mac_device_list_item_t::handles, rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_get_all_subdesc_ttl(). 01601 {
01602 u_long dflags;
01603 struct rsbac_mac_device_list_item_t * device_p;
01604 long count;
01605
01606 if (!rsbac_is_initialized())
01607 {
01608 rsbac_printk(KERN_WARNING "rsbac_mac_get_f_trulist(): RSBAC not initialized\n");
01609 return(-RSBAC_ENOTINITIALIZED);
01610 }
01611 if (in_interrupt())
01612 {
01613 rsbac_printk(KERN_WARNING "rsbac_mac_get_f_trulist(): called from interrupt!\n");
01614 }
01615 /*
01616 #ifdef CONFIG_RSBAC_DEBUG
01617 if (rsbac_debug_ds_mac)
01618 rsbac_printk(KERN_DEBUG
01619 "rsbac_mac_get_f_trulist(): Getting file/dir trusted user set list\n");
01620 #endif
01621 */
01622 /* protect device list */
01623 rsbac_read_lock(&device_list_head.lock, &dflags);
01624 device_p = lookup_device(file.device);
01625 if(!device_p)
01626 {
01627 /* trigger rsbac_mount() */
01628 rsbac_read_unlock(&device_list_head.lock, &dflags);
01629 rsbac_get_super_block(file.device);
01630 /* retry */
01631 rsbac_read_lock(&device_list_head.lock, &dflags);
01632 device_p = lookup_device(file.device);
01633 if(!device_p)
01634 {
01635 rsbac_printk(KERN_WARNING "rsbac_mac_get_f_trulist(): invalid device %02u:%02u!\n",
01636 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01637 rsbac_read_unlock(&device_list_head.lock, &dflags);
01638 return(-RSBAC_EINVALIDDEV);
01639 }
01640 }
01641 count = rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
01642 device_p->handles[fd_hash(file.inode)],
01643 &file.inode,
01644 (void **) trulist_p,
01645 ttllist_p);
01646 rsbac_read_unlock(&device_list_head.lock, &dflags);
01647 return(count);
01648 }
|
|
||||||||||||||||||||
|
Definition at line 1650 of file mac_data_structures.c. References RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_get_all_subdesc_ttl(). 01655 {
01656 if (!rsbac_is_initialized())
01657 {
01658 rsbac_printk(KERN_WARNING "rsbac_mac_get_p_trulist(): RSBAC not initialized\n");
01659 return(-RSBAC_ENOTINITIALIZED);
01660 }
01661 if (in_interrupt())
01662 {
01663 rsbac_printk(KERN_WARNING "rsbac_mac_get_p_trulist(): called from interrupt!\n");
01664 }
01665 /*
01666 #ifdef CONFIG_RSBAC_DEBUG
01667 if (rsbac_debug_ds_mac)
01668 rsbac_printk(KERN_DEBUG
01669 "rsbac_mac_get_p_trulist(): Getting process trusted user set list\n");
01670 #endif
01671 */
01672 return rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
01673 process_handle,
01674 &pid,
01675 (void **) trulist_p,
01676 ttllist_p);
01677 }
|
|
||||||||||||
|
Definition at line 1492 of file mac_data_structures.c. References FALSE, RSBAC_ALL_USERS, rsbac_is_initialized(), rsbac_list_lol_subexist(), rsbac_printk(), and TRUE. Referenced by rsbac_adf_set_attr_mac(). 01495 {
01496 if (!rsbac_is_initialized())
01497 {
01498 rsbac_printk(KERN_WARNING "rsbac_mac_p_truset_member(): RSBAC not initialized\n");
01499 return FALSE;
01500 }
01501 if (in_interrupt())
01502 {
01503 rsbac_printk(KERN_WARNING "rsbac_mac_p_truset_member(): called from interrupt!\n");
01504 }
01505 if(rsbac_list_lol_subexist(process_handle, &pid, &member))
01506 return TRUE;
01507 member = RSBAC_ALL_USERS;
01508 return rsbac_list_lol_subexist(process_handle, &pid, &member);
01509 }
|
|
|
Definition at line 1520 of file mac_data_structures.c. References FALSE, and rsbac_mac_clear_f_truset(). Referenced by rsbac_ta_remove_target(). 01521 {
01522 return rsbac_mac_clear_f_truset(FALSE, file);
01523 }
|
|
||||||||||||||||
|
Definition at line 1382 of file mac_data_structures.c. References fd_hash(), rsbac_mac_device_list_item_t::handles, rsbac_mac_device_list_head_t::lock, lookup_device(), RSBAC_EINVALIDDEV, RSBAC_ENOTINITIALIZED, rsbac_get_super_block(), rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove(). Referenced by rsbac_mac_remove_f_tru(). 01386 {
01387 int err=0;
01388 u_long dflags;
01389 struct rsbac_mac_device_list_item_t * device_p;
01390
01391 if (!rsbac_is_initialized())
01392 {
01393 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_f_truset(): RSBAC not initialized\n");
01394 return(-RSBAC_ENOTINITIALIZED);
01395 }
01396 if (in_interrupt())
01397 {
01398 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_f_truset(): called from interrupt!\n");
01399 }
01400
01401 /* protect device list */
01402 rsbac_read_lock(&device_list_head.lock, &dflags);
01403 device_p = lookup_device(file.device);
01404 if(!device_p)
01405 {
01406 /* trigger rsbac_mount() */
01407 rsbac_read_unlock(&device_list_head.lock, &dflags);
01408 rsbac_get_super_block(file.device);
01409 /* retry */
01410 rsbac_read_lock(&device_list_head.lock, &dflags);
01411 device_p = lookup_device(file.device);
01412 if(!device_p)
01413 {
01414 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_f_truset(): invalid device %02u:%02u!\n",
01415 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01416 rsbac_read_unlock(&device_list_head.lock, &dflags);
01417 return(-RSBAC_EINVALIDDEV);
01418 }
01419 }
01420 err = rsbac_ta_list_lol_subremove(ta_number,
01421 device_p->handles[fd_hash(file.inode)],
01422 &file.inode,
01423 &member);
01424 rsbac_read_unlock(&device_list_head.lock, &dflags);
01425 return(err);
01426 }
|
|
||||||||||||||||
|
Definition at line 1365 of file mac_data_structures.c. References RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_printk(), and rsbac_ta_list_lol_subremove(). Referenced by rsbac_mac_remove_p_tru(). 01369 {
01370 if (!rsbac_is_initialized())
01371 {
01372 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_p_truset(): RSBAC not initialized\n");
01373 return(-RSBAC_ENOTINITIALIZED);
01374 }
01375 if (in_interrupt())
01376 {
01377 rsbac_printk(KERN_WARNING "rsbac_mac_remove_from_p_truset(): called from interrupt!\n");
01378 }
01379 return rsbac_ta_list_lol_subremove(ta_number, process_handle, &pid, &member);
01380 }
|
|
|
Definition at line 1515 of file mac_data_structures.c. References FALSE, and rsbac_mac_clear_p_truset(). Referenced by rsbac_ta_remove_target(). 01516 {
01517 return rsbac_mac_clear_p_truset(FALSE, pid);
01518 }
|
|
|
Definition at line 917 of file mac_data_structures.c. References add_device_item(), clear_device_item(), create_device_item(), get_error_name(), rsbac_mac_device_list_head_t::lock, lookup_device(), mac_register_fd_lists(), rsbac_mac_device_list_item_t::mount_count, RSBAC_ECOULDNOTADDDEVICE, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), RSBAC_MAXNAMELEN, and rsbac_printk(). Referenced by rsbac_mount(). 00918 {
00919 int err = 0;
00920 struct rsbac_mac_device_list_item_t * device_p;
00921 struct rsbac_mac_device_list_item_t * new_device_p;
00922 u_long dflags;
00923
00924 if (!rsbac_is_initialized())
00925 {
00926 rsbac_printk(KERN_WARNING "rsbac_mount_mac(): RSBAC not initialized\n");
00927 return(-RSBAC_ENOTINITIALIZED);
00928 }
00929 #ifdef CONFIG_RSBAC_DEBUG
00930 if (rsbac_debug_ds_mac)
00931 {
00932 rsbac_printk(KERN_DEBUG "rsbac_mount_mac(): mounting device %02u:%02u\n",
00933 RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
00934 }
00935 #endif
00936 /* wait for write access to device_list_head */
00937 rsbac_read_lock(&device_list_head.lock, &dflags);
00938 device_p = lookup_device(kdev);
00939 /* repeated mount? */
00940 if(device_p)
00941 {
00942 rsbac_printk(KERN_WARNING "rsbac_mount_mac: repeated mount %u of device %02u:%02u\n",
00943 device_p->mount_count, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00944 device_p->mount_count++;
00945 rsbac_read_unlock(&device_list_head.lock, &dflags);
00946 return 0;
00947 }
00948 rsbac_read_unlock(&device_list_head.lock, &dflags);
00949
00950 new_device_p = create_device_item(kdev);
00951 if(!new_device_p)
00952 return -RSBAC_ECOULDNOTADDDEVICE;
00953
00954 /* register lists */
00955 if((err = mac_register_fd_lists(new_device_p, kdev)))
00956 {
00957 char tmp[RSBAC_MAXNAMELEN];
00958
00959 rsbac_printk(KERN_WARNING
00960 "rsbac_mount_mac(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
00961 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev), get_error_name(tmp,err));
00962 }
00963
00964 /* wait for read access to device_list_head */
00965 rsbac_read_lock(&device_list_head.lock, &dflags);
00966 /* make sure to only add, if this device item has not been added in the meantime */
00967 device_p = lookup_device(kdev);
00968 if(device_p)
00969 {
00970 rsbac_printk(KERN_WARNING
00971 "rsbac_mount_mac(): mount race for device %02u:%02u detected!\n",
00972 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00973 device_p->mount_count++;
00974 rsbac_read_unlock(&device_list_head.lock, &dflags);
00975 clear_device_item(new_device_p);
00976 }
00977 else
00978 {
00979 rsbac_read_unlock(&device_list_head.lock, &dflags);
00980 rsbac_write_lock_irq(&device_list_head.lock, &dflags);
00981 device_p = add_device_item(new_device_p);
00982 rsbac_write_unlock_irq(&device_list_head.lock, &dflags);
00983 if(!device_p)
00984 {
00985 rsbac_printk(KERN_WARNING "rsbac_mount_mac: adding device %02u:%02u failed!\n",
00986 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00987 clear_device_item(new_device_p);
00988 err = -RSBAC_ECOULDNOTADDDEVICE;
00989 }
00990 }
00991 return(err);
00992 };
|
|
|
Definition at line 1045 of file mac_data_structures.c. References A_none, rsbac_attribute_value_t::dummy, rsbac_mac_device_list_item_t::handles, rsbac_mac_device_list_head_t::head, rsbac_mac_device_list_item_t::id, rsbac_mac_device_list_head_t::lock, rsbac_mac_device_list_item_t::next, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_lol_all_subcount(), rsbac_list_lol_count(), rsbac_printk(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD. 01046 {
01047 u_int tru_set_count = 0;
01048 u_int member_count = 0;
01049 u_long dflags;
01050 struct rsbac_mac_device_list_item_t * device_p;
01051 int i;
01052
01053 union rsbac_target_id_t rsbac_target_id;
01054 union rsbac_attribute_value_t rsbac_attribute_value;
01055
01056 if (!rsbac_is_initialized())
01057 {
01058 rsbac_printk(KERN_WARNING "rsbac_stats_mac(): RSBAC not initialized\n");
01059 return(-RSBAC_ENOTINITIALIZED);
01060 }
01061 #ifdef CONFIG_RSBAC_DEBUG
01062 if (rsbac_debug_aef_mac)
01063 {
01064 rsbac_printk(KERN_DEBUG "rsbac_stats_mac(): calling ADF\n");
01065 }
01066 #endif
01067 rsbac_target_id.scd = ST_rsbac;
01068 rsbac_attribute_value.dummy = 0;
01069 if (!rsbac_adf_request(R_GET_STATUS_DATA,
01070 current->pid,
01071 T_SCD,
01072 rsbac_target_id,
01073 A_none,
01074 rsbac_attribute_value))
01075 {
01076 return -EPERM;
01077 }
01078
01079 rsbac_printk(KERN_INFO "MAC Status\n----------\n");
01080
01081 rsbac_printk(KERN_INFO "%lu process trusted user set items, sum of %lu members\n",
01082 rsbac_list_lol_count(process_handle),
01083 rsbac_list_lol_all_subcount(process_handle));
01084
01085 /* protect device list */
01086 rsbac_read_lock(&device_list_head.lock, &dflags);
01087 device_p = device_list_head.head;
01088 while(device_p)
01089 {
01090 /* reset counters */
01091 tru_set_count = 0;
01092 member_count = 0;
01093 for(i=0 ; i < RSBAC_MAC_NR_TRU_FD_LISTS; i++)
01094 {
01095 tru_set_count += rsbac_list_lol_count(device_p->handles[i]);
01096 member_count += rsbac_list_lol_all_subcount(device_p->handles[i]);
01097 }
01098 rsbac_printk(KERN_INFO "device %02u:%02u has %u file trusted user set items, sum of %u members\n",
01099 RSBAC_MAJOR(device_p->id),
01100 RSBAC_MINOR(device_p->id),
01101 tru_set_count,member_count);
01102 device_p = device_p->next;
01103 }
01104 /* unprotect device list */
01105 rsbac_read_unlock(&device_list_head.lock, &dflags);
01106 return(0);
01107 };
|
|
|
Definition at line 996 of file mac_data_structures.c. References rsbac_mac_device_list_head_t::lock, lookup_device(), rsbac_mac_device_list_item_t::mount_count, remove_device_item(), RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), and rsbac_printk(). Referenced by rsbac_umount(). 00997 {
00998 u_long flags;
00999 struct rsbac_mac_device_list_item_t * device_p;
01000
01001 if (!rsbac_is_initialized())
01002 {
01003 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
01004 return(-RSBAC_ENOTINITIALIZED);
01005 }
01006
01007 #ifdef CONFIG_RSBAC_DEBUG
01008 if (rsbac_debug_ds_mac)
01009 {
01010 rsbac_printk(KERN_DEBUG "rsbac_umount_mac(): umounting device %02u:%02u\n",
01011 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01012 }
01013 #endif
01014 /* sync of attribute lists was done in rsbac_umount */
01015 /* wait for write access to device_list_head */
01016 rsbac_write_lock(&device_list_head.lock, &flags);
01017 /* OK, nobody else is working on it... */
01018 device_p = lookup_device(kdev);
01019 if(device_p)
01020 {
01021 if(device_p->mount_count == 1)
01022 remove_device_item(kdev);
01023 else
01024 {
01025 if(device_p->mount_count > 1)
01026 {
01027 device_p->mount_count--;
01028 }
01029 else
01030 {
01031 rsbac_printk(KERN_WARNING "rsbac_mount_mac: device %02u:%02u has mount_count < 1!\n",
01032 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01033 }
01034 }
01035 }
01036
01037 /* allow access */
01038 rsbac_write_unlock(&device_list_head.lock, &flags);
01039 return(0);
01040 };
|
1.4.2