/daten/src/linux-2.4.27-rsbac-v1.2.3/rsbac/help/getname.c
Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
#include <rsbac/types.h>
00010
#include <rsbac/getname.h>
00011
#include <rsbac/helpers.h>
00012
#include <rsbac/error.h>
00013
00014
#ifdef __KERNEL__
00015
#include <linux/string.h>
00016
#include <linux/module.h>
00017
#include <linux/fs.h>
00018
#include <linux/kernel.h>
00019
#include <linux/netdevice.h>
00020
#include <linux/inetdevice.h>
00021
#include <rsbac/rkmem.h>
00022
#include <rsbac/network.h>
00023
#include <rsbac/net_getname.h>
00024
#else
00025
#include <string.h>
00026
#include <errno.h>
00027
#endif
00028
00029 static char request_list[
R_NONE+1][24] = {
00030
"ADD_TO_KERNEL",
00031
"ALTER",
00032
"APPEND_OPEN",
00033
"CHANGE_GROUP",
00034
"CHANGE_OWNER",
00035
"CHDIR",
00036
"CLONE",
00037
"CLOSE",
00038
"CREATE",
00039
"DELETE",
00040
"EXECUTE",
00041
"GET_PERMISSIONS_DATA",
00042
"GET_STATUS_DATA",
00043
"LINK_HARD",
00044
"MODIFY_ACCESS_DATA",
00045
"MODIFY_ATTRIBUTE",
00046
"MODIFY_PERMISSIONS_DATA",
00047
"MODIFY_SYSTEM_DATA",
00048
"MOUNT",
00049
"READ",
00050
"READ_ATTRIBUTE",
00051
"READ_WRITE_OPEN",
00052
"READ_OPEN",
00053
"REMOVE_FROM_KERNEL",
00054
"RENAME",
00055
"SEARCH",
00056
"SEND_SIGNAL",
00057
"SHUTDOWN",
00058
"SWITCH_LOG",
00059
"SWITCH_MODULE",
00060
"TERMINATE",
00061
"TRACE",
00062
"TRUNCATE",
00063
"UMOUNT",
00064
"WRITE",
00065
"WRITE_OPEN",
00066
"MAP_EXEC",
00067
"BIND",
00068
"LISTEN",
00069
"ACCEPT",
00070
"CONNECT",
00071
"SEND",
00072
"RECEIVE",
00073
"NET_SHUTDOWN",
00074
"CHANGE_DAC_EFF_OWNER",
00075
"CHANGE_DAC_FS_OWNER",
00076
"NONE" };
00077
00078 static char result_list[
UNDEFINED+1][12] = {
00079
"NOT_GRANTED",
00080
"GRANTED",
00081
"DO_NOT_CARE",
00082
"UNDEFINED" };
00083
00084 static rsbac_switch_target_int_t attr_mod_list[
A_none+1] = {
00085
GEN,
00086
MAC,
00087
MAC,
00088
MAC,
00089
MAC,
00090
MAC,
00091
MAC,
00092
MAC,
00093
MAC,
00094
MAC,
00095
MAC,
00096
MAC,
00097
MAC,
00098
MAC,
00099
FC,
00100
FC,
00101
FC,
00102
SIM,
00103
SIM,
00104
SIM,
00105
SW_NONE,
00106
MAC,
00107
FC,
00108
SIM,
00109
DAZ,
00110
FF,
00111
AUTH,
00112
CAP,
00113
JAIL,
00114
PAX,
00115
MAC,
00116
MAC,
00117
MAC,
00118
MAC,
00119
MAC,
00120
MAC,
00121
MAC,
00122
MAC,
00123
MAC,
00124
PM,
00125
PM,
00126
PM,
00127
PM,
00128
PM,
00129
PM,
00130
PM,
00131
PM,
00132
PM,
00133
PM,
00134
PM,
00135
PM,
00136
PM,
00137
PM,
00138
PM,
00139
DAZ,
00140
DAZ,
00141
FF,
00142
RC,
00143
RC,
00144
RC,
00145
RC,
00146
RC,
00147
RC,
00148
RC,
00149
RC,
00150
RC,
00151
AUTH,
00152
AUTH,
00153
AUTH,
00154
CAP,
00155
CAP,
00156
JAIL,
00157
JAIL,
00158
JAIL,
00159
JAIL,
00160
PAX,
00161
RES,
00162
RES,
00163
RES,
00164
GEN,
00165
GEN,
00166
GEN,
00167
GEN,
00168
GEN,
00169
GEN,
00170
GEN,
00171
GEN,
00172
GEN,
00173
GEN,
00174
GEN,
00175
GEN,
00176
CAP,
00177
GEN,
00178
#ifdef __KERNEL__
00179
00180
SW_NONE,
00181
SW_NONE,
00182
SW_NONE,
00183
SW_NONE,
00184
SW_NONE,
00185
SW_NONE,
00186
SW_NONE,
00187
SW_NONE,
00188
SW_NONE,
00189
SW_NONE,
00190
SW_NONE,
00191
SW_NONE,
00192
SW_NONE,
00193
SW_NONE,
00194
SW_NONE,
00195
SW_NONE,
00196
SW_NONE,
00197
SW_NONE,
00198
SW_NONE,
00199
SW_NONE,
00200
SW_NONE,
00201
SW_NONE,
00202
SW_NONE,
00203
#endif
00204
SW_NONE };
00205
00206 static char attribute_list[
A_none+1][23] = {
00207
"pseudo",
00208
"security_level",
00209
"initial_security_level",
00210
"local_sec_level",
00211
"remote_sec_level",
00212
"min_security_level",
00213
"mac_categories",
00214
"mac_initial_categories",
00215
"local_mac_categories",
00216
"remote_mac_categories",
00217
"mac_min_categories",
00218
"mac_user_flags",
00219
"mac_process_flags",
00220
"mac_file_flags",
00221
"object_category",
00222
"local_object_category",
00223
"remote_object_category",
00224
"data_type",
00225
"local_data_type",
00226
"remote_data_type",
00227
"system_role",
00228
"mac_role",
00229
"fc_role",
00230
"sim_role",
00231
"daz_role",
00232
"ff_role",
00233
"auth_role",
00234
"cap_role",
00235
"jail_role",
00236
"pax_role",
00237
"current_sec_level",
00238
"mac_curr_categories",
00239
"min_write_open",
00240
"min_write_categories",
00241
"max_read_open",
00242
"max_read_categories",
00243
"mac_auto",
00244
"mac_check",
00245
"mac_prop_trusted",
00246
"pm_role",
00247
"pm_process_type",
00248
"pm_current_task",
00249
"pm_object_class",
00250
"local_pm_object_class",
00251
"remote_pm_object_class",
00252
"pm_ipc_purpose",
00253
"local_pm_ipc_purpose",
00254
"remote_pm_ipc_purpose",
00255
"pm_object_type",
00256
"local_pm_object_type",
00257
"remote_pm_object_type",
00258
"pm_program_type",
00259
"pm_tp",
00260
"pm_task_set",
00261
"daz_scanned",
00262
"daz_scanner",
00263
"ff_flags",
00264
"rc_type",
00265
"local_rc_type",
00266
"remote_rc_type",
00267
"rc_type_fd",
00268
"rc_type_nt",
00269
"rc_force_role",
00270
"rc_initial_role",
00271
"rc_role",
00272
"rc_def_role",
00273
"auth_may_setuid",
00274
"auth_may_set_cap",
00275
"auth_learn",
00276
"min_caps",
00277
"max_caps",
00278
"jail_id",
00279
"jail_ip",
00280
"jail_flags",
00281
"jail_max_caps",
00282
"pax_flags",
00283
"res_role",
00284
"res_min",
00285
"res_max",
00286
"log_array_low",
00287
"local_log_array_low",
00288
"remote_log_array_low",
00289
"log_array_high",
00290
"local_log_array_high",
00291
"remote_log_array_high",
00292
"log_program_based",
00293
"log_user_based",
00294
"symlink_add_uid",
00295
"symlink_add_mac_level",
00296
"symlink_add_rc_role",
00297
"linux_dac_disable",
00298
"cap_process_hiding",
00299
"fake_root_uid",
00300
#ifdef __KERNEL__
00301
00302
"owner",
00303
"group",
00304
"signal",
00305
"mode",
00306
"nlink",
00307
"switch_target",
00308
"mod_name",
00309
"request",
00310
"trace_request",
00311
"auth_add_f_cap",
00312
"auth_remove_f_cap",
00313
"auth_get_caplist",
00314
"prot_bits",
00315
"internal",
00316
"create_data",
00317
"new_object",
00318
"rlimit",
00319
"new_dir_dentry_p",
00320
"auth_program_file",
00321
"auth_start_uid",
00322
"acl_learn",
00323
"priority",
00324
"pgid",
00325
"kernel_thread",
00326
#endif
00327
"none" };
00328
00329 static char target_list[
T_NONE+1][11] = {
00330
"FILE",
00331
"DIR",
00332
"FIFO",
00333
"SYMLINK",
00334
"DEV",
00335
"IPC",
00336
"SCD",
00337
"USER",
00338
"PROCESS",
00339
"NETDEV",
00340
"NETTEMP",
00341
"NETOBJ",
00342
"NETTEMP_NT",
00343
#ifndef __KERNEL__
00344
"FD",
00345
#endif
00346
"NONE" };
00347
00348 static char ipc_target_list[
I_none+1][7] = {
00349
"sem",
00350
"msg",
00351
"shm",
00352
"none" };
00353
00354 static char switch_target_list[
SW_NONE+1][12] = {
00355
"GEN",
00356
"MAC",
00357
"FC",
00358
"SIM",
00359
"PM",
00360
"DAZ",
00361
"FF",
00362
"RC",
00363
"AUTH",
00364
"REG",
00365
"ACL",
00366
"CAP",
00367
"JAIL",
00368
"RES",
00369
"PAX",
00370
"SOFTMODE",
00371
"DAC_DISABLE",
00372
"NONE" };
00373
00374 static char error_list[
RSBAC_EMAX][25] = {
00375
"RSBAC_EPERM",
00376
"RSBAC_EACCESS",
00377
"RSBAC_EREADFAILED",
00378
"RSBAC_EWRITEFAILED",
00379
"RSBAC_EINVALIDPOINTER",
00380
"RSBAC_ENOROOTDIR",
00381
"RSBAC_EPATHTOOLONG",
00382
"RSBAC_ENOROOTDEV",
00383
"RSBAC_ENOTFOUND",
00384
"RSBAC_ENOTINITIALIZED",
00385
"RSBAC_EREINIT",
00386
"RSBAC_ECOULDNOTADDDEVICE",
00387
"RSBAC_ECOULDNOTADDITEM",
00388
"RSBAC_ECOULDNOTCREATEPATH",
00389
"RSBAC_EINVALIDATTR",
00390
"RSBAC_EINVALIDDEV",
00391
"RSBAC_EINVALIDTARGET",
00392
"RSBAC_EINVALIDVALUE",
00393
"RSBAC_EEXISTS",
00394
"RSBAC_EINTERNONLY",
00395
"RSBAC_EINVALIDREQUEST",
00396
"RSBAC_ENOTWRITABLE",
00397
"RSBAC_EMALWAREDETECTED",
00398
"RSBAC_ENOMEM",
00399
"RSBAC_EDECISIONMISMATCH",
00400
"RSBAC_EINVALIDVERSION",
00401
"RSBAC_EINVALIDMODULE"
00402 };
00403
00404 static char scd_type_list[
ST_none+1][14] = {
00405
"time_strucs",
00406
"clock",
00407
"host_id",
00408
"net_id",
00409
"ioports",
00410
"rlimit",
00411
"swap",
00412
"syslog",
00413
"rsbac",
00414
"rsbac_log",
00415
"other",
00416
"kmem",
00417
"network",
00418
"firewall",
00419
"priority",
00420
"sysfs",
00421
"none" };
00422
00423
00424
00425
#ifndef __KERNEL__
00426 static char attribute_param_list[
A_none+1][193] = {
00427
"user-pseudo (positive long integer)",
00428
"0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00429
"0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00430
"0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00431
"0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00432
"0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252",
00433
"Bit Set String of length 64 for all categories",
00434
"Bit Set String of length 64 for all categories",
00435
"Bit Set String of length 64 for all categories",
00436
"Bit Set String of length 64 for all categories",
00437
"Bit Set String of length 64 for all categories",
00438
"1 = override, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down, 64 = allow_mac_auto",
00439
"1 = override, 2 = auto, 4 = trusted, 8 = write_up,\n\t16 = read_up, 32 = write_down, 128 = prop_trusted",
00440
"2 = auto, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down",
00441
"0 = general, 1 = security, 2 = system, 3 = inherit",
00442
"0 = general, 1 = security, 2 = system, 3 = inherit",
00443
"0 = general, 1 = security, 2 = system, 3 = inherit",
00444
"0 = none, 1 = SI, 2 = inherit",
00445
"0 = none, 1 = SI, 2 = inherit",
00446
"0 = none, 1 = SI, 2 = inherit",
00447
"0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00448
"0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00449
"0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00450
"0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00451
"0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00452
"0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00453
"0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00454
"0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00455
"0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00456
"0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor",
00457
"0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00458
"Bit Set String of length 64 for all categories",
00459
"0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00460
"Bit Set String of length 64 for all categories",
00461
"0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252",
00462
"Bit Set String of length 64 for all categories",
00463
"0 = no, 1 = yes, 2 = inherit (default value)",
00464
"0 = false, 1 = true",
00465
"0 = false, 1 = true",
00466
"0 = user, 1 = security officer, 2 = data protection officer,\n\t3 = TP-manager, 4 = system-admin",
00467
"0 = none, 1 = TP",
00468
"Task-ID (positive integer)",
00469
"Class-ID (positive integer)",
00470
"Class-ID (positive integer)",
00471
"Class-ID (positive integer)",
00472
"Purpose-ID (positive integer)",
00473
"Purpose-ID (positive integer)",
00474
"Purpose-ID (positive integer)",
00475
"0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00476
"0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00477
"0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir",
00478
"0 = none, 1 = TP",
00479
"TP-ID (positive integer)",
00480
"pm-task-list-ID (positive integer)",
00481
"0 = unscanned, 1 = infected, 2 = clean",
00482
"0 = FALSE, 1 = TRUE",
00483
"1 = read_only, 2 = execute_only, 4 = search_only, 8 = write_only,\n\t16 = secure_delete, 32 = no_execute, 64 = no_delete_or_rename,\n\t128 = add_inherited (or'd), 256 = append_only, 512 = no_mount",
00484
"RC-type-id",
00485
"RC-type-id",
00486
"RC-type-id",
00487
"RC-type-id (-2 = inherit from parent)",
00488
"RC-type-id",
00489
"RC-role-id (-1 = inherit_user, -2 = inherit_process (keep),\n\t-3 = inherit_parent (def.),\n\t-4 = inherit_user_on_chown_only (root default)",
00490
"RC-role-id (-3 = inherit_parent (default),\n\t-5 = use_force_role (root default)",
00491
"RC-role-id",
00492
"RC-role-id",
00493
"0 = false, 1 = true",
00494
"0 = false, 1 = true",
00495
"0 = false, 1 = true",
00496
"Bit-Vector value or name list of desired caps",
00497
"Bit-Vector value or name list of desired caps",
00498
"JAIL ID (0 = off)",
00499
"JAIL IP address a.b.c.d",
00500
"JAIL flags (or'd, 1 = allow external IPC, 2 = allow all net families,\n\t4 = allow_rlimit, 8 = allow raw IP, 16 = auto adjust IP,\n\t32 = allow localhost, 64 = allow scd clock)",
00501
"Bit-Vector value or name list of desired caps",
00502
"PAX flags with capital=on, non-capital=off, e.g. peMRxS",
00503
"0 = user, 1 = security officer, 2 = administrator",
00504
"array of non-negative integer values, all 0 for unset",
00505
"array of non-negative integer values, all 0 for unset",
00506
"Bit-String for all Requests, low bit",
00507
"Bit-String for all Requests, low bit",
00508
"Bit-String for all Requests, low bit",
00509
"Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00510
"Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00511
"Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)",
00512
"Bit-String for all Requests",
00513
"Bit-String for all Requests",
00514
"0 = false, 1 = true",
00515
"0 = false, 1 = true",
00516
"0 = false, 1 = true",
00517
"0 = false, 1 = true, 2 = inherit (default)",
00518
"0 = off (default), 1 = from other users, 2 = full",
00519
"0 = off (default), 1 = uid_only, 2 = euid_only, 3 = both",
00520
"INVALID!" };
00521
#endif
00522
00523 static char log_level_list[
LL_invalid+1][9] = {
00524
"none",
00525
"denied",
00526
"full",
00527
"request",
00528
"invalid!" };
00529
00530
00531
00532
#ifdef __KERNEL__
00533
#if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00534
EXPORT_SYMBOL(get_request_name);
00535
#endif
00536
#endif
00537
00538 char *
get_request_name(
char * request_name,
00539
enum rsbac_adf_request_t request)
00540 {
00541
if(!request_name)
00542
return(
NULL);
00543
if(request >=
R_NONE)
00544 strcpy(request_name,
"ERROR!");
00545
else
00546 strcpy(request_name,
request_list[request]);
00547
return(request_name);
00548 };
00549
00550 enum rsbac_adf_request_t get_request_nr(
const char * request_name)
00551 {
00552
enum rsbac_adf_request_t i;
00553
00554
if(!request_name)
00555
return(
R_NONE);
00556
for (i = 0; i <
R_NONE; i++)
00557 {
00558
if (!strcmp(request_name,
request_list[i]))
00559 {
00560
return(i);
00561 }
00562 }
00563
return(
R_NONE);
00564 };
00565
00566
00567 char *
get_result_name(
char * res_name,
00568
enum rsbac_adf_req_ret_t res)
00569 {
00570
if(!res_name)
00571
return(
NULL);
00572
if(res >
UNDEFINED)
00573 strcpy(res_name,
"ERROR!");
00574
else
00575 strcpy(res_name,
result_list[res]);
00576
return(res_name);
00577 };
00578
00579 enum rsbac_adf_req_ret_t get_result_nr(
const char * res_name)
00580 {
00581
enum rsbac_adf_req_ret_t i;
00582
00583
if(!res_name)
00584
return(
UNDEFINED);
00585
for (i = 0; i <
UNDEFINED; i++)
00586 {
00587
if (!strcmp(res_name,
result_list[i]))
00588 {
00589
return(i);
00590 }
00591 }
00592
return(
UNDEFINED);
00593 };
00594
00595
00596
#ifdef __KERNEL__
00597
#if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00598
EXPORT_SYMBOL(get_attribute_name);
00599
#endif
00600
#endif
00601
00602 enum rsbac_switch_target_t get_attr_module(
enum rsbac_attribute_t attr)
00603 {
00604
if(attr >
A_none)
00605
return SW_NONE;
00606
else
00607
return attr_mod_list[attr];
00608 };
00609
00610 char *
get_attribute_name(
char * attr_name,
00611
enum rsbac_attribute_t attr)
00612 {
00613
if(!attr_name)
00614
return(
NULL);
00615
if(attr >
A_none)
00616 strcpy(attr_name,
"ERROR!");
00617
else
00618 strcpy(attr_name,
attribute_list[attr]);
00619
return(attr_name);
00620 };
00621
00622 enum rsbac_attribute_t get_attribute_nr(
const char * attr_name)
00623 {
00624
enum rsbac_attribute_t i;
00625
00626
if(!attr_name)
00627
return(
A_none);
00628
for (i = 0; i <
A_none; i++)
00629 {
00630
if (!strcmp(attr_name,
attribute_list[i]))
00631 {
00632
return(i);
00633 }
00634 }
00635
return(
A_none);
00636 };
00637
00638
00639
#ifdef __KERNEL__
00640
#if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00641
EXPORT_SYMBOL(get_scd_type_name);
00642
#endif
00643
#endif
00644
00645 char *
get_scd_type_name(
char * res_name,
00646
enum rsbac_scd_type_t res)
00647 {
00648
if(!res_name)
00649
return(
NULL);
00650
if(res >
ST_none)
00651 strcpy(res_name,
"ERROR!");
00652
else
00653 strcpy(res_name,
scd_type_list[res]);
00654
return(res_name);
00655 };
00656
00657 enum rsbac_scd_type_t get_scd_type_nr(
const char * res_name)
00658 {
00659
enum rsbac_scd_type_t i;
00660
00661
if(!res_name)
00662
return(
ST_none);
00663
for (i = 0; i <
ST_none; i++)
00664 {
00665
if (!strcmp(res_name,
scd_type_list[i]))
00666 {
00667
return(i);
00668 }
00669 }
00670
return(
ST_none);
00671 };
00672
00673
00674
#ifdef __KERNEL__
00675
#if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00676
EXPORT_SYMBOL(get_target_name);
00677
#endif
00678
#endif
00679
00680 char *
get_target_name(
char * target_type_name,
00681
enum rsbac_target_t target,
00682
char * target_id_name,
00683
union rsbac_target_id_t tid)
00684 {
00685
#ifdef __KERNEL__
00686
char * help_name;
00687
#else
00688
char help_name[
RSBAC_MAXNAMELEN+4];
00689
#endif
00690
00691
if(!target_type_name)
00692
return(
NULL);
00693
00694
#ifdef __KERNEL__
00695
#ifdef CONFIG_RSBAC_LOG_FULL_PATH
00696
help_name =
rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + 4);
00697
#else
00698
help_name =
rsbac_kmalloc(
RSBAC_MAXNAMELEN + 4);
00699
#endif
00700
if(!help_name)
00701
return NULL;
00702
#endif
00703
00704
switch(target)
00705 {
00706
#ifdef __KERNEL__
00707
case T_FD: strcpy (target_type_name,
"FD");
00708
if(!target_id_name)
00709
break;
00710 sprintf(target_id_name,
"Device %02u:%02u Inode %u",
00711 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00712 tid.file.inode);
00713
if( tid.file.dentry_p
00714 && tid.file.dentry_p->d_name.name
00715 && tid.file.dentry_p->d_name.len
00716 )
00717 {
00718
#ifdef CONFIG_RSBAC_LOG_FULL_PATH
00719
if(
rsbac_get_full_path(tid.file.dentry_p, help_name,
00720 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00721 {
00722 strcat(target_id_name,
" Path ");
00723 strcat(target_id_name, help_name);
00724 }
00725
#else
00726
int namelen =
rsbac_min(tid.file.dentry_p->d_name.len,
RSBAC_MAXNAMELEN);
00727
00728 strcat(target_id_name,
" Name ");
00729 strncpy(help_name, tid.file.dentry_p->d_name.name, namelen);
00730 help_name[namelen]=0;
00731 strcat(target_id_name, help_name);
00732
#endif
00733
}
00734
break;
00735
case T_FILE: strcpy (target_type_name,
"FILE");
00736
if(!target_id_name)
00737
break;
00738 sprintf(target_id_name,
"Device %02u:%02u Inode %u",
00739 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00740 tid.file.inode);
00741
if( tid.file.dentry_p
00742 && tid.file.dentry_p->d_name.name
00743 && tid.file.dentry_p->d_name.len
00744 )
00745 {
00746
#ifdef CONFIG_RSBAC_LOG_FULL_PATH
00747
if(
rsbac_get_full_path(tid.file.dentry_p, help_name,
00748 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00749 {
00750 strcat(target_id_name,
" Path ");
00751 strcat(target_id_name, help_name);
00752 }
00753
#else
00754
int namelen =
rsbac_min(tid.file.dentry_p->d_name.len,
RSBAC_MAXNAMELEN);
00755
00756 strcat(target_id_name,
" Name ");
00757 strncpy(help_name, tid.file.dentry_p->d_name.name, namelen);
00758 help_name[namelen]=0;
00759 strcat(target_id_name, help_name);
00760
#endif
00761
}
00762
break;
00763
case T_DIR: strcpy (target_type_name,
"DIR");
00764
if(!target_id_name)
00765
break;
00766 sprintf(target_id_name,
"Device %02u:%02u Inode %u",
00767 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00768 tid.dir.inode);
00769
if( tid.dir.dentry_p
00770 && tid.dir.dentry_p->d_name.name
00771 && tid.dir.dentry_p->d_name.len
00772 )
00773 {
00774
#ifdef CONFIG_RSBAC_LOG_FULL_PATH
00775
if(
rsbac_get_full_path(tid.dir.dentry_p, help_name,
00776 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00777 {
00778 strcat(target_id_name,
" Path ");
00779 strcat(target_id_name, help_name);
00780 }
00781
#else
00782
int namelen =
rsbac_min(tid.dir.dentry_p->d_name.len,
RSBAC_MAXNAMELEN);
00783
00784 strcat(target_id_name,
" Name ");
00785 strncpy(help_name, tid.dir.dentry_p->d_name.name, namelen);
00786 help_name[namelen]=0;
00787 strcat(target_id_name, help_name);
00788
#endif
00789
}
00790
break;
00791
case T_FIFO: strcpy (target_type_name,
"FIFO");
00792
if(!target_id_name)
00793
break;
00794 sprintf(target_id_name,
"Device %02u:%02u Inode %u",
00795 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00796 tid.fifo.inode);
00797
if( tid.fifo.dentry_p
00798 && tid.fifo.dentry_p->d_name.name
00799 && tid.fifo.dentry_p->d_name.len
00800 )
00801 {
00802
#ifdef CONFIG_RSBAC_LOG_FULL_PATH
00803
if(
rsbac_get_full_path(tid.fifo.dentry_p, help_name,
00804 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00805 {
00806 strcat(target_id_name,
" Path ");
00807 strcat(target_id_name, help_name);
00808 }
00809
#else
00810
int namelen =
rsbac_min(tid.fifo.dentry_p->d_name.len,
RSBAC_MAXNAMELEN);
00811
00812 strcat(target_id_name,
" Name ");
00813 strncpy(help_name, tid.fifo.dentry_p->d_name.name, namelen);
00814 help_name[namelen]=0;
00815 strcat(target_id_name, help_name);
00816
#endif
00817
}
00818
break;
00819
case T_SYMLINK: strcpy (target_type_name,
"SYMLINK");
00820
if(!target_id_name)
00821
break;
00822 sprintf(target_id_name,
"Device %02u:%02u Inode %u",
00823 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device),
00824 tid.symlink.inode);
00825
if( tid.symlink.dentry_p
00826 && tid.symlink.dentry_p->d_name.name
00827 && tid.symlink.dentry_p->d_name.len
00828 )
00829 {
00830
#ifdef CONFIG_RSBAC_LOG_FULL_PATH
00831
if(
rsbac_get_full_path(tid.symlink.dentry_p, help_name,
00832 CONFIG_RSBAC_MAX_PATH_LEN) > 0)
00833 {
00834 strcat(target_id_name,
" Path ");
00835 strcat(target_id_name, help_name);
00836 }
00837
#else
00838
int namelen =
rsbac_min(tid.symlink.dentry_p->d_name.len,
RSBAC_MAXNAMELEN);
00839
00840 strcat(target_id_name,
" Name ");
00841 strncpy(help_name, tid.symlink.dentry_p->d_name.name, namelen);
00842 help_name[namelen]=0;
00843 strcat(target_id_name, help_name);
00844
#endif
00845
}
00846
break;
00847
case T_DEV: strcpy (target_type_name,
"DEV");
00848
if(!target_id_name)
00849
break;
00850
if(tid.dev.type ==
D_block)
00851 sprintf(target_id_name,
"block %02u:%02u",
00852 RSBAC_MAJOR(tid.dev.id), RSBAC_MINOR(tid.dev.id));
00853
else
00854 sprintf(target_id_name,
"char %02u:%02u",
00855 RSBAC_MAJOR(tid.dev.id), RSBAC_MINOR(tid.dev.id));
00856
break;
00857
case T_NETOBJ: strcpy (target_type_name,
"NETOBJ");
00858
if(!target_id_name)
00859
break;
00860
#ifdef CONFIG_NET
00861
if( tid.
netobj.
sock_p
00862 && tid.
netobj.
sock_p->ops
00863 && tid.
netobj.
sock_p->sk
00864 )
00865 {
00866
char type_name[
RSBAC_MAXNAMELEN];
00867
00868
switch(tid.
netobj.
sock_p->ops->family)
00869 {
00870
case AF_INET:
00871 {
00872 __u32 saddr;
00873 __u16 sport;
00874 __u32 daddr;
00875 __u16 dport;
00876
struct net_device *dev;
00877
char ldevname[
RSBAC_IFNAMSIZ+10];
00878
char rdevname[
RSBAC_IFNAMSIZ+10];
00879
00880
if(tid.
netobj.
local_addr)
00881 {
00882
struct sockaddr_in * addr = tid.
netobj.
local_addr;
00883
00884 saddr = addr->sin_addr.s_addr;
00885 sport = ntohs(addr->sin_port);
00886 }
00887
else
00888 {
00889
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00890
saddr = inet_sk(tid.
netobj.
sock_p->sk)->saddr;
00891 sport = inet_sk(tid.
netobj.
sock_p->sk)->num;
00892
#else
00893
saddr = tid.
netobj.
sock_p->sk->saddr;
00894 sport = tid.
netobj.
sock_p->sk->num;
00895
#endif
00896
}
00897
if(tid.
netobj.
remote_addr)
00898 {
00899
struct sockaddr_in * addr = tid.
netobj.
remote_addr;
00900
00901 daddr = addr->sin_addr.s_addr;
00902 dport = ntohs(addr->sin_port);
00903 }
00904
else
00905 {
00906
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00907
daddr = inet_sk(tid.
netobj.
sock_p->sk)->daddr;
00908 dport = ntohs(inet_sk(tid.
netobj.
sock_p->sk)->dport);
00909
#else
00910
daddr = tid.
netobj.
sock_p->sk->daddr;
00911 dport = ntohs(tid.
netobj.
sock_p->sk->dport);
00912
#endif
00913
}
00914 dev = ip_dev_find(saddr);
00915
if(dev)
00916 {
00917 sprintf(ldevname,
"%s:", dev->name);
00918 dev_put(dev);
00919 }
00920
else
00921 ldevname[0] = 0;
00922 dev = ip_dev_find(daddr);
00923
if(dev)
00924 {
00925 sprintf(rdevname,
"%s:", dev->name);
00926 dev_put(dev);
00927 }
00928
else
00929 rdevname[0] = 0;
00930 sprintf(target_id_name,
"%p INET %s proto %s local %s%u.%u.%u.%u:%u remote %s%u.%u.%u.%u:%u",
00931 tid.
netobj.
sock_p,
00932
rsbac_get_net_type_name(type_name,
00933 tid.
netobj.
sock_p->type),
00934 #
if LINUX_VERSION_CODE >=
KERNEL_VERSION(2,6,0)
00935
rsbac_get_net_protocol_name(help_name,
00936 tid.
netobj.
sock_p->sk->sk_protocol),
00937 #
else
00938
rsbac_get_net_protocol_name(help_name,
00939 tid.
netobj.
sock_p->sk->protocol),
00940 #endif
00941 ldevname,
00942
NIPQUAD(saddr),
00943 sport,
00944 rdevname,
00945
NIPQUAD(daddr),
00946 dport);
00947 }
00948
break;
00949
case AF_UNIX:
00950
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00951
if(unix_sk(tid.
netobj.
sock_p->sk)->addr)
00952 sprintf(target_id_name,
"%p UNIX %s %s",
00953 tid.
netobj.
sock_p,
00954
rsbac_get_net_type_name(type_name,
00955 tid.
netobj.
sock_p->type),
00956 unix_sk(tid.
netobj.
sock_p->sk)->addr->name[0].sun_path);
00957
#else
00958
if(tid.
netobj.
sock_p->sk->protinfo.af_unix.addr)
00959 sprintf(target_id_name,
"%p UNIX %s %s",
00960 tid.
netobj.
sock_p,
00961
rsbac_get_net_type_name(type_name,
00962 tid.
netobj.
sock_p->type),
00963 tid.
netobj.
sock_p->sk->protinfo.af_unix.addr->name[0].sun_path);
00964
#endif
00965
else
00966
if(tid.
netobj.
local_addr)
00967 {
00968
struct sockaddr_un * addr = tid.
netobj.
local_addr;
00969
00970 sprintf(target_id_name,
"%p UNIX %s %s",
00971 tid.
netobj.
sock_p,
00972
rsbac_get_net_type_name(type_name,
00973 tid.
netobj.
sock_p->type),
00974 addr->sun_path);
00975 }
00976
else
00977 sprintf(target_id_name,
"%p UNIX %s",
00978 tid.
netobj.
sock_p,
00979
rsbac_get_net_type_name(type_name,
00980 tid.
netobj.
sock_p->type));
00981
break;
00982
default:
00983 sprintf(target_id_name,
"%p %s %s",
00984 tid.
netobj.
sock_p,
00985
rsbac_get_net_family_name(help_name,
00986 tid.
netobj.
sock_p->ops->family),
00987
rsbac_get_net_type_name(type_name,
00988 tid.
netobj.
sock_p->type));
00989 }
00990 }
00991
else
00992
#endif
00993 {
00994 sprintf(target_id_name,
"%p", tid.
netobj.
sock_p);
00995 }
00996
break;
00997
#endif
00998
case T_IPC: strcpy (target_type_name,
"IPC");
00999
if(!target_id_name)
01000
break;
01001
switch (tid.
ipc.
type)
01002 {
01003
case I_sem: strcpy(target_id_name,
"Sem-ID ");
01004
break;
01005
case I_msg: strcpy(target_id_name,
"Msg-ID ");
01006
break;
01007
case I_shm: strcpy(target_id_name,
"Shm-ID ");
01008
break;
01009
default: strcpy(target_id_name,
"???-ID ");
01010
break;
01011 };
01012
ulongtostr(help_name, tid.
ipc.
id.
id_nr);
01013 strcat(target_id_name, help_name);
01014
break;
01015
case T_SCD: strcpy (target_type_name,
"SCD");
01016
if(!target_id_name)
01017
break;
01018
get_scd_type_name(target_id_name, tid.
scd);
01019
break;
01020
case T_USER: strcpy (target_type_name,
"USER");
01021
if(!target_id_name)
01022
break;
01023
inttostr(target_id_name, tid.
user);
01024
break;
01025
case T_PROCESS: strcpy (target_type_name,
"PROCESS");
01026
if(!target_id_name)
01027
break;
01028
ulongtostr(target_id_name, tid.
process);
01029
break;
01030
case T_NETDEV: strcpy (target_type_name,
"NETDEV");
01031
if(!target_id_name)
01032
break;
01033 strncpy(target_id_name, tid.
netdev,
RSBAC_IFNAMSIZ);
01034 target_id_name[
RSBAC_IFNAMSIZ] = 0;
01035
break;
01036
case T_NETTEMP: strcpy (target_type_name,
"NETTEMP");
01037
if(!target_id_name)
01038
break;
01039 sprintf(target_id_name,
"%u", tid.
nettemp);
01040
break;
01041
case T_NETTEMP_NT: strcpy (target_type_name,
"NETTEMP_NT");
01042
if(!target_id_name)
01043
break;
01044 sprintf(target_id_name,
"%u", tid.
nettemp);
01045
break;
01046
case T_NONE: strcpy (target_type_name,
"NONE");
01047
if(!target_id_name)
01048
break;
01049 strcpy (target_id_name,
"NONE");
01050
break;
01051
default: strcpy (target_type_name,
"ERROR!!!");
01052
if(!target_id_name)
01053
break;
01054 sprintf(target_id_name,
"%u", target);
01055 };
01056
#ifdef __KERNEL__
01057
rsbac_kfree(help_name);
01058
#endif
01059
return(target_type_name);
01060 };
01061
01062 char *
get_target_name_only(
char * target_type_name,
01063
enum rsbac_target_t target)
01064 {
01065
if(!target_type_name)
01066
return(
NULL);
01067
01068
switch(target)
01069 {
01070
case T_FILE: strcpy (target_type_name,
"FILE");
01071
break;
01072
case T_DIR: strcpy (target_type_name,
"DIR");
01073
break;
01074
case T_FIFO: strcpy (target_type_name,
"FIFO");
01075
break;
01076
case T_SYMLINK: strcpy (target_type_name,
"SYMLINK");
01077
break;
01078
case T_DEV: strcpy (target_type_name,
"DEV");
01079
break;
01080
case T_NETOBJ: strcpy (target_type_name,
"NETOBJ");
01081
break;
01082
case T_IPC: strcpy (target_type_name,
"IPC");
01083
break;
01084
case T_SCD: strcpy (target_type_name,
"SCD");
01085
break;
01086
case T_USER: strcpy (target_type_name,
"USER");
01087
break;
01088
case T_PROCESS: strcpy (target_type_name,
"PROCESS");
01089
break;
01090
case T_NETDEV: strcpy (target_type_name,
"NETDEV");
01091
break;
01092
case T_NETTEMP: strcpy (target_type_name,
"NETTEMP");
01093
break;
01094
case T_NETTEMP_NT: strcpy (target_type_name,
"NETTEMP_NT");
01095
break;
01096
case T_NONE: strcpy (target_type_name,
"NONE");
01097
break;
01098
default: strcpy (target_type_name,
"ERROR!!!");
01099 };
01100
return(target_type_name);
01101 };
01102
01103 enum rsbac_target_t get_target_nr(
const char * target_name)
01104 {
01105
enum rsbac_target_t i;
01106
01107
if(!target_name)
01108
return(
T_NONE);
01109
for (i = 0; i <
T_NONE; i++)
01110 {
01111
if (!strcmp(target_name,
target_list[i]))
01112 {
01113
return(i);
01114 }
01115 }
01116
return(
T_NONE);
01117 };
01118
01119 char *
get_ipc_target_name(
char * ipc_name,
01120
enum rsbac_ipc_type_t target)
01121 {
01122
if(!ipc_name)
01123
return(
NULL);
01124
if(target >
I_none)
01125 strcpy(ipc_name,
"ERROR!");
01126
else
01127 strcpy(ipc_name,
ipc_target_list[target]);
01128
return(ipc_name);
01129 };
01130
01131 enum rsbac_ipc_type_t get_ipc_target_nr(
const char * ipc_name)
01132 {
01133
enum rsbac_ipc_type_t i;
01134
01135
if(!ipc_name)
01136
return(
I_none);
01137
for (i = 0; i <
I_none; i++)
01138 {
01139
if (!strcmp(ipc_name,
ipc_target_list[i]))
01140 {
01141
return(i);
01142 }
01143 }
01144
return(
I_none);
01145 };
01146
01147
01148
#ifdef __KERNEL__
01149
#if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
01150
EXPORT_SYMBOL(get_switch_target_name);
01151
#endif
01152
#endif
01153
01154 char *
get_switch_target_name(
char * switch_name,
01155
enum rsbac_switch_target_t target)
01156 {
01157
if(!switch_name)
01158
return(
NULL);
01159
if(target >
SW_NONE)
01160 strcpy(switch_name,
"ERROR!");
01161
else
01162 strcpy(switch_name,
switch_target_list[target]);
01163
return(switch_name);
01164 };
01165
01166 enum rsbac_switch_target_t get_switch_target_nr(
const char * switch_name)
01167 {
01168
enum rsbac_switch_target_t i;
01169
01170
if(!switch_name)
01171
return(
SW_NONE);
01172
for (i = 0; i <
SW_NONE; i++)
01173 {
01174
#ifdef __KERNEL__
01175
if (!strncmp(switch_name,
switch_target_list[i],strlen(
switch_target_list[i])))
01176
#else
01177
if (!strcmp(switch_name,
switch_target_list[i]))
01178
#endif
01179
{
01180
return(i);
01181 }
01182 }
01183
return(
SW_NONE);
01184 };
01185
01186
01187
#ifdef __KERNEL__
01188
#if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
01189
EXPORT_SYMBOL(get_error_name);
01190
#endif
01191
#endif
01192
01193 char *
get_error_name(
char * error_name,
01194
int error)
01195 {
01196
if(!error_name)
01197
return(
NULL);
01198
if(
RSBAC_ERROR(error))
01199 strcpy(error_name,
error_list[(-error)-
RSBAC_EPERM]);
01200
else
01201
#ifdef __KERNEL__
01202
inttostr(error_name, error);
01203
#else
01204
strcpy(error_name, strerror(errno));
01205
#endif
01206
return(error_name);
01207 };
01208
01209
#ifndef __KERNEL__
01210 char *
get_attribute_param(
char * attr_name,
01211
enum rsbac_attribute_t attr)
01212 {
01213
if(!attr_name)
01214
return(
NULL);
01215
if(attr >
A_none)
01216 strcpy(attr_name,
"ERROR!");
01217
else
01218 strcpy(attr_name,
attribute_param_list[attr]);
01219
return(attr_name);
01220 };
01221
#endif
01222
01223 char *
get_log_level_name(
char * ll_name,
01224
enum rsbac_log_level_t target)
01225 {
01226
if(!ll_name)
01227
return(
NULL);
01228
if(target >
LL_invalid)
01229 strcpy(ll_name,
"ERROR!");
01230
else
01231 strcpy(ll_name,
log_level_list[target]);
01232
return(ll_name);
01233 };
01234
01235 enum rsbac_log_level_t get_log_level_nr(
const char * ll_name)
01236 {
01237
enum rsbac_log_level_t i;
01238
01239
if(!ll_name)
01240
return(
LL_invalid);
01241
for (i = 0; i <
LL_invalid; i++)
01242 {
01243
if (!strcmp(ll_name,
log_level_list[i]))
01244 {
01245
return(i);
01246 }
01247 }
01248
return(
LL_invalid);
01249 };
01250
Generated on Tue Aug 31 10:05:26 2004 for RSBAC by
1.3.8