/daten/src/linux-2.4.27-rsbac-v1.2.3/rsbac/help/getname.c

Go to the documentation of this file.
00001 /************************************* */ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2004: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* Helper functions for all parts */ 00006 /* Last modified: 08/Jun/2004 */ 00007 /************************************* */ 00008 00009 #include <rsbac/types.h> 00010 #include <rsbac/getname.h> 00011 #include <rsbac/helpers.h> 00012 #include <rsbac/error.h> 00013 00014 #ifdef __KERNEL__ 00015 #include <linux/string.h> 00016 #include <linux/module.h> 00017 #include <linux/fs.h> 00018 #include <linux/kernel.h> 00019 #include <linux/netdevice.h> 00020 #include <linux/inetdevice.h> 00021 #include <rsbac/rkmem.h> 00022 #include <rsbac/network.h> 00023 #include <rsbac/net_getname.h> 00024 #else 00025 #include <string.h> 00026 #include <errno.h> 00027 #endif 00028 00029 static char request_list[R_NONE+1][24] = { 00030 "ADD_TO_KERNEL", 00031 "ALTER", 00032 "APPEND_OPEN", 00033 "CHANGE_GROUP", 00034 "CHANGE_OWNER", 00035 "CHDIR", 00036 "CLONE", 00037 "CLOSE", 00038 "CREATE", 00039 "DELETE", 00040 "EXECUTE", 00041 "GET_PERMISSIONS_DATA", 00042 "GET_STATUS_DATA", 00043 "LINK_HARD", 00044 "MODIFY_ACCESS_DATA", 00045 "MODIFY_ATTRIBUTE", 00046 "MODIFY_PERMISSIONS_DATA", 00047 "MODIFY_SYSTEM_DATA", 00048 "MOUNT", 00049 "READ", 00050 "READ_ATTRIBUTE", 00051 "READ_WRITE_OPEN", 00052 "READ_OPEN", 00053 "REMOVE_FROM_KERNEL", 00054 "RENAME", 00055 "SEARCH", 00056 "SEND_SIGNAL", 00057 "SHUTDOWN", 00058 "SWITCH_LOG", 00059 "SWITCH_MODULE", 00060 "TERMINATE", 00061 "TRACE", 00062 "TRUNCATE", 00063 "UMOUNT", 00064 "WRITE", 00065 "WRITE_OPEN", 00066 "MAP_EXEC", 00067 "BIND", 00068 "LISTEN", 00069 "ACCEPT", 00070 "CONNECT", 00071 "SEND", 00072 "RECEIVE", 00073 "NET_SHUTDOWN", 00074 "CHANGE_DAC_EFF_OWNER", 00075 "CHANGE_DAC_FS_OWNER", 00076 "NONE" }; 00077 00078 static char result_list[UNDEFINED+1][12] = { 00079 "NOT_GRANTED", 00080 "GRANTED", 00081 "DO_NOT_CARE", 00082 "UNDEFINED" }; 00083 00084 static rsbac_switch_target_int_t attr_mod_list[A_none+1] = { 00085 GEN, /* pseudo */ 00086 MAC, /* security_level */ 00087 MAC, /* initial_security_level */ 00088 MAC, /* local_sec_level */ 00089 MAC, /* remote_sec_level */ 00090 MAC, /* min_security_level */ 00091 MAC, /* mac_categories */ 00092 MAC, /* mac_initial_categories */ 00093 MAC, /* local_mac_categories */ 00094 MAC, /* remote_mac_categories */ 00095 MAC, /* mac_min_categories */ 00096 MAC, /* mac_user_flags */ 00097 MAC, /* mac_process_flags */ 00098 MAC, /* mac_file_flags */ 00099 FC, /* object_category */ 00100 FC, /* local_object_category */ 00101 FC, /* remote_object_category */ 00102 SIM, /* data_type */ 00103 SIM, /* local_data_type */ 00104 SIM, /* local_data_type */ 00105 SW_NONE, /* system_role */ 00106 MAC, /* mac_role */ 00107 FC, /* fc_role */ 00108 SIM, /* sim_role */ 00109 DAZ, /* daz_role */ 00110 FF, /* ff_role */ 00111 AUTH, /* auth_role */ 00112 CAP, /* cap_role */ 00113 JAIL, /* jail_role */ 00114 PAX, /* pax_role */ 00115 MAC, /* current_sec_level */ 00116 MAC, /* mac_curr_categories */ 00117 MAC, /* min_write_open */ 00118 MAC, /* min_write_categories */ 00119 MAC, /* max_read_open */ 00120 MAC, /* max_read_categories */ 00121 MAC, /* mac_auto */ 00122 MAC, /* mac_check */ 00123 MAC, /* mac_prop_trusted */ 00124 PM, /* pm_role */ 00125 PM, /* pm_process_type */ 00126 PM, /* pm_current_task */ 00127 PM, /* pm_object_class */ 00128 PM, /* local_pm_object_class */ 00129 PM, /* remote_pm_object_class */ 00130 PM, /* pm_ipc_purpose */ 00131 PM, /* local_pm_ipc_purpose */ 00132 PM, /* remote_pm_ipc_purpose */ 00133 PM, /* pm_object_type */ 00134 PM, /* local_pm_object_type */ 00135 PM, /* remote_pm_object_type */ 00136 PM, /* pm_program_type */ 00137 PM, /* pm_tp */ 00138 PM, /* pm_task_set */ 00139 DAZ, /* daz_scanned */ 00140 DAZ, /* daz_scanner */ 00141 FF, /* ff_flags */ 00142 RC, /* rc_type */ 00143 RC, /* local_rc_type */ 00144 RC, /* remote_rc_type */ 00145 RC, /* rc_type_fd */ 00146 RC, /* rc_type_nt */ 00147 RC, /* rc_force_role */ 00148 RC, /* rc_initial_role */ 00149 RC, /* rc_role */ 00150 RC, /* rc_def_role */ 00151 AUTH, /* auth_may_setuid */ 00152 AUTH, /* auth_may_set_cap */ 00153 AUTH, /* auth_learn */ 00154 CAP, /* min_caps */ 00155 CAP, /* max_caps */ 00156 JAIL, /* jail_id */ 00157 JAIL, /* jail_ip */ 00158 JAIL, /* jail_flags */ 00159 JAIL, /* jail_max_caps */ 00160 PAX, /* pax_flags */ 00161 RES, /* res_role */ 00162 RES, /* res_min */ 00163 RES, /* res_max */ 00164 GEN, /* log_array_low */ 00165 GEN, /* local_log_array_low */ 00166 GEN, /* remote_log_array_low */ 00167 GEN, /* log_array_high */ 00168 GEN, /* local_log_array_high */ 00169 GEN, /* remote_log_array_high */ 00170 GEN, /* log_program_based */ 00171 GEN, /* log_user_based */ 00172 GEN, /* symlink_add_uid */ 00173 GEN, /* symlink_add_mac_level */ 00174 GEN, /* symlink_add_rc_role */ 00175 GEN, /* linux_dac_disable */ 00176 CAP, /* cap_process_hiding */ 00177 GEN, /* fake_root_uid */ 00178 #ifdef __KERNEL__ 00179 /* adf-request helpers */ 00180 SW_NONE, /* group */ 00181 SW_NONE, /* signal */ 00182 SW_NONE, /* mode */ 00183 SW_NONE, /* nlink */ 00184 SW_NONE, /* switch_target */ 00185 SW_NONE, /* mod_name */ 00186 SW_NONE, /* request */ 00187 SW_NONE, /* trace_request */ 00188 SW_NONE, /* auth_add_f_cap */ 00189 SW_NONE, /* auth_remove_f_cap */ 00190 SW_NONE, /* auth_get_caplist */ 00191 SW_NONE, /* prot_bits */ 00192 SW_NONE, /* internal */ 00193 SW_NONE, /* create_data */ 00194 SW_NONE, /* new_object */ 00195 SW_NONE, /* rlimit */ 00196 SW_NONE, /* new_dir_dentry_p */ 00197 SW_NONE, /* auth_program_file */ 00198 SW_NONE, /* auth_start_uid */ 00199 SW_NONE, /* acl_learn */ 00200 SW_NONE, /* priority */ 00201 SW_NONE, /* pgid */ 00202 SW_NONE, /* kernel_thread */ 00203 #endif 00204 SW_NONE /* none */ }; 00205 00206 static char attribute_list[A_none+1][23] = { 00207 "pseudo", 00208 "security_level", 00209 "initial_security_level", 00210 "local_sec_level", 00211 "remote_sec_level", 00212 "min_security_level", 00213 "mac_categories", 00214 "mac_initial_categories", 00215 "local_mac_categories", 00216 "remote_mac_categories", 00217 "mac_min_categories", 00218 "mac_user_flags", 00219 "mac_process_flags", 00220 "mac_file_flags", 00221 "object_category", 00222 "local_object_category", 00223 "remote_object_category", 00224 "data_type", 00225 "local_data_type", 00226 "remote_data_type", 00227 "system_role", 00228 "mac_role", 00229 "fc_role", 00230 "sim_role", 00231 "daz_role", 00232 "ff_role", 00233 "auth_role", 00234 "cap_role", 00235 "jail_role", 00236 "pax_role", 00237 "current_sec_level", 00238 "mac_curr_categories", 00239 "min_write_open", 00240 "min_write_categories", 00241 "max_read_open", 00242 "max_read_categories", 00243 "mac_auto", 00244 "mac_check", 00245 "mac_prop_trusted", 00246 "pm_role", 00247 "pm_process_type", 00248 "pm_current_task", 00249 "pm_object_class", 00250 "local_pm_object_class", 00251 "remote_pm_object_class", 00252 "pm_ipc_purpose", 00253 "local_pm_ipc_purpose", 00254 "remote_pm_ipc_purpose", 00255 "pm_object_type", 00256 "local_pm_object_type", 00257 "remote_pm_object_type", 00258 "pm_program_type", 00259 "pm_tp", 00260 "pm_task_set", 00261 "daz_scanned", 00262 "daz_scanner", 00263 "ff_flags", 00264 "rc_type", 00265 "local_rc_type", 00266 "remote_rc_type", 00267 "rc_type_fd", 00268 "rc_type_nt", 00269 "rc_force_role", 00270 "rc_initial_role", 00271 "rc_role", 00272 "rc_def_role", 00273 "auth_may_setuid", 00274 "auth_may_set_cap", 00275 "auth_learn", 00276 "min_caps", 00277 "max_caps", 00278 "jail_id", 00279 "jail_ip", 00280 "jail_flags", 00281 "jail_max_caps", 00282 "pax_flags", 00283 "res_role", 00284 "res_min", 00285 "res_max", 00286 "log_array_low", 00287 "local_log_array_low", 00288 "remote_log_array_low", 00289 "log_array_high", 00290 "local_log_array_high", 00291 "remote_log_array_high", 00292 "log_program_based", 00293 "log_user_based", 00294 "symlink_add_uid", 00295 "symlink_add_mac_level", 00296 "symlink_add_rc_role", 00297 "linux_dac_disable", 00298 "cap_process_hiding", 00299 "fake_root_uid", 00300 #ifdef __KERNEL__ 00301 /* adf-request helpers */ 00302 "owner", 00303 "group", 00304 "signal", 00305 "mode", 00306 "nlink", 00307 "switch_target", 00308 "mod_name", 00309 "request", 00310 "trace_request", 00311 "auth_add_f_cap", 00312 "auth_remove_f_cap", 00313 "auth_get_caplist", 00314 "prot_bits", 00315 "internal", 00316 "create_data", 00317 "new_object", 00318 "rlimit", 00319 "new_dir_dentry_p", 00320 "auth_program_file", 00321 "auth_start_uid", 00322 "acl_learn", 00323 "priority", 00324 "pgid", 00325 "kernel_thread", 00326 #endif 00327 "none" }; 00328 00329 static char target_list[T_NONE+1][11] = { 00330 "FILE", 00331 "DIR", 00332 "FIFO", 00333 "SYMLINK", 00334 "DEV", 00335 "IPC", 00336 "SCD", 00337 "USER", 00338 "PROCESS", 00339 "NETDEV", 00340 "NETTEMP", 00341 "NETOBJ", 00342 "NETTEMP_NT", 00343 #ifndef __KERNEL__ 00344 "FD", 00345 #endif 00346 "NONE" }; 00347 00348 static char ipc_target_list[I_none+1][7] = { 00349 "sem", 00350 "msg", 00351 "shm", 00352 "none" }; 00353 00354 static char switch_target_list[SW_NONE+1][12] = { 00355 "GEN", 00356 "MAC", 00357 "FC", 00358 "SIM", 00359 "PM", 00360 "DAZ", 00361 "FF", 00362 "RC", 00363 "AUTH", 00364 "REG", 00365 "ACL", 00366 "CAP", 00367 "JAIL", 00368 "RES", 00369 "PAX", 00370 "SOFTMODE", 00371 "DAC_DISABLE", 00372 "NONE" }; 00373 00374 static char error_list[RSBAC_EMAX][25] = { 00375 "RSBAC_EPERM", 00376 "RSBAC_EACCESS", 00377 "RSBAC_EREADFAILED", 00378 "RSBAC_EWRITEFAILED", 00379 "RSBAC_EINVALIDPOINTER", 00380 "RSBAC_ENOROOTDIR", 00381 "RSBAC_EPATHTOOLONG", 00382 "RSBAC_ENOROOTDEV", 00383 "RSBAC_ENOTFOUND", 00384 "RSBAC_ENOTINITIALIZED", 00385 "RSBAC_EREINIT", 00386 "RSBAC_ECOULDNOTADDDEVICE", 00387 "RSBAC_ECOULDNOTADDITEM", 00388 "RSBAC_ECOULDNOTCREATEPATH", 00389 "RSBAC_EINVALIDATTR", 00390 "RSBAC_EINVALIDDEV", 00391 "RSBAC_EINVALIDTARGET", 00392 "RSBAC_EINVALIDVALUE", 00393 "RSBAC_EEXISTS", 00394 "RSBAC_EINTERNONLY", 00395 "RSBAC_EINVALIDREQUEST", 00396 "RSBAC_ENOTWRITABLE", 00397 "RSBAC_EMALWAREDETECTED", 00398 "RSBAC_ENOMEM", 00399 "RSBAC_EDECISIONMISMATCH", 00400 "RSBAC_EINVALIDVERSION", 00401 "RSBAC_EINVALIDMODULE" 00402 }; 00403 00404 static char scd_type_list[ST_none+1][14] = { 00405 "time_strucs", 00406 "clock", 00407 "host_id", 00408 "net_id", 00409 "ioports", 00410 "rlimit", 00411 "swap", 00412 "syslog", 00413 "rsbac", 00414 "rsbac_log", 00415 "other", 00416 "kmem", 00417 "network", 00418 "firewall", 00419 "priority", 00420 "sysfs", 00421 "none" }; 00422 00423 /* Attribute types */ 00424 00425 #ifndef __KERNEL__ 00426 static char attribute_param_list[A_none+1][193] = { 00427 "user-pseudo (positive long integer)", 00428 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252", 00429 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252", 00430 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252", 00431 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252", 00432 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, 254 = inherit, max. level 252", 00433 "Bit Set String of length 64 for all categories", 00434 "Bit Set String of length 64 for all categories", 00435 "Bit Set String of length 64 for all categories", 00436 "Bit Set String of length 64 for all categories", 00437 "Bit Set String of length 64 for all categories", 00438 "1 = override, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down, 64 = allow_mac_auto", 00439 "1 = override, 2 = auto, 4 = trusted, 8 = write_up,\n\t16 = read_up, 32 = write_down, 128 = prop_trusted", 00440 "2 = auto, 4 = trusted, 8 = write_up, 16 = read_up,\n\t32 = write_down", 00441 "0 = general, 1 = security, 2 = system, 3 = inherit", 00442 "0 = general, 1 = security, 2 = system, 3 = inherit", 00443 "0 = general, 1 = security, 2 = system, 3 = inherit", 00444 "0 = none, 1 = SI, 2 = inherit", 00445 "0 = none, 1 = SI, 2 = inherit", 00446 "0 = none, 1 = SI, 2 = inherit", 00447 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", 00448 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", 00449 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", 00450 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", 00451 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", 00452 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", 00453 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", 00454 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", 00455 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", 00456 "0 = user, 1 = security officer, 2 = administrator,\n\t3 = auditor", 00457 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252", 00458 "Bit Set String of length 64 for all categories", 00459 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252", 00460 "Bit Set String of length 64 for all categories", 00461 "0 = unclassified, 1 = confidential, 2 = secret,\n\t3 = top secret, max. level 252", 00462 "Bit Set String of length 64 for all categories", 00463 "0 = no, 1 = yes, 2 = inherit (default value)", 00464 "0 = false, 1 = true", 00465 "0 = false, 1 = true", 00466 "0 = user, 1 = security officer, 2 = data protection officer,\n\t3 = TP-manager, 4 = system-admin", 00467 "0 = none, 1 = TP", 00468 "Task-ID (positive integer)", 00469 "Class-ID (positive integer)", 00470 "Class-ID (positive integer)", 00471 "Class-ID (positive integer)", 00472 "Purpose-ID (positive integer)", 00473 "Purpose-ID (positive integer)", 00474 "Purpose-ID (positive integer)", 00475 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir", 00476 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir", 00477 "0 = none, 1 = TP, 2 = personal data, 3 = non-personal data,\n\t4 = ipc, 5 = dir", 00478 "0 = none, 1 = TP", 00479 "TP-ID (positive integer)", 00480 "pm-task-list-ID (positive integer)", 00481 "0 = unscanned, 1 = infected, 2 = clean", 00482 "0 = FALSE, 1 = TRUE", 00483 "1 = read_only, 2 = execute_only, 4 = search_only, 8 = write_only,\n\t16 = secure_delete, 32 = no_execute, 64 = no_delete_or_rename,\n\t128 = add_inherited (or'd), 256 = append_only, 512 = no_mount", 00484 "RC-type-id", 00485 "RC-type-id", 00486 "RC-type-id", 00487 "RC-type-id (-2 = inherit from parent)", 00488 "RC-type-id", 00489 "RC-role-id (-1 = inherit_user, -2 = inherit_process (keep),\n\t-3 = inherit_parent (def.),\n\t-4 = inherit_user_on_chown_only (root default)", 00490 "RC-role-id (-3 = inherit_parent (default),\n\t-5 = use_force_role (root default)", 00491 "RC-role-id", 00492 "RC-role-id", 00493 "0 = false, 1 = true", 00494 "0 = false, 1 = true", 00495 "0 = false, 1 = true", 00496 "Bit-Vector value or name list of desired caps", 00497 "Bit-Vector value or name list of desired caps", 00498 "JAIL ID (0 = off)", 00499 "JAIL IP address a.b.c.d", 00500 "JAIL flags (or'd, 1 = allow external IPC, 2 = allow all net families,\n\t4 = allow_rlimit, 8 = allow raw IP, 16 = auto adjust IP,\n\t32 = allow localhost, 64 = allow scd clock)", 00501 "Bit-Vector value or name list of desired caps", 00502 "PAX flags with capital=on, non-capital=off, e.g. peMRxS", 00503 "0 = user, 1 = security officer, 2 = administrator", /* res_role */ 00504 "array of non-negative integer values, all 0 for unset", /* res_min */ 00505 "array of non-negative integer values, all 0 for unset", /* res_max */ 00506 "Bit-String for all Requests, low bit", 00507 "Bit-String for all Requests, low bit", 00508 "Bit-String for all Requests, low bit", 00509 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)", 00510 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)", 00511 "Bit-String for all Requests, high bit (l=0,h=0 = none, l=1,h=0 = denied,\n\tl=0,h=1 = full, l=1,h=1 = request based)", 00512 "Bit-String for all Requests", 00513 "Bit-String for all Requests", 00514 "0 = false, 1 = true", 00515 "0 = false, 1 = true", 00516 "0 = false, 1 = true", 00517 "0 = false, 1 = true, 2 = inherit (default)", 00518 "0 = off (default), 1 = from other users, 2 = full", 00519 "0 = off (default), 1 = uid_only, 2 = euid_only, 3 = both", 00520 "INVALID!" }; 00521 #endif 00522 00523 static char log_level_list[LL_invalid+1][9] = { 00524 "none", 00525 "denied", 00526 "full", 00527 "request", 00528 "invalid!" }; 00529 00530 /*****************************************/ 00531 00532 #ifdef __KERNEL__ 00533 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT) 00534 EXPORT_SYMBOL(get_request_name); 00535 #endif 00536 #endif 00537 00538 char * get_request_name(char * request_name, 00539 enum rsbac_adf_request_t request) 00540 { 00541 if(!request_name) 00542 return(NULL); 00543 if(request >= R_NONE) 00544 strcpy(request_name, "ERROR!"); 00545 else 00546 strcpy(request_name, request_list[request]); 00547 return(request_name); 00548 }; 00549 00550 enum rsbac_adf_request_t get_request_nr(const char * request_name) 00551 { 00552 enum rsbac_adf_request_t i; 00553 00554 if(!request_name) 00555 return(R_NONE); 00556 for (i = 0; i < R_NONE; i++) 00557 { 00558 if (!strcmp(request_name,request_list[i])) 00559 { 00560 return(i); 00561 } 00562 } 00563 return(R_NONE); 00564 }; 00565 00566 00567 char * get_result_name(char * res_name, 00568 enum rsbac_adf_req_ret_t res) 00569 { 00570 if(!res_name) 00571 return(NULL); 00572 if(res > UNDEFINED) 00573 strcpy(res_name, "ERROR!"); 00574 else 00575 strcpy(res_name, result_list[res]); 00576 return(res_name); 00577 }; 00578 00579 enum rsbac_adf_req_ret_t get_result_nr(const char * res_name) 00580 { 00581 enum rsbac_adf_req_ret_t i; 00582 00583 if(!res_name) 00584 return(UNDEFINED); 00585 for (i = 0; i < UNDEFINED; i++) 00586 { 00587 if (!strcmp(res_name,result_list[i])) 00588 { 00589 return(i); 00590 } 00591 } 00592 return(UNDEFINED); 00593 }; 00594 00595 00596 #ifdef __KERNEL__ 00597 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT) 00598 EXPORT_SYMBOL(get_attribute_name); 00599 #endif 00600 #endif 00601 00602 enum rsbac_switch_target_t get_attr_module(enum rsbac_attribute_t attr) 00603 { 00604 if(attr > A_none) 00605 return SW_NONE; 00606 else 00607 return attr_mod_list[attr]; 00608 }; 00609 00610 char * get_attribute_name( char * attr_name, 00611 enum rsbac_attribute_t attr) 00612 { 00613 if(!attr_name) 00614 return(NULL); 00615 if(attr > A_none) 00616 strcpy(attr_name, "ERROR!"); 00617 else 00618 strcpy(attr_name, attribute_list[attr]); 00619 return(attr_name); 00620 }; 00621 00622 enum rsbac_attribute_t get_attribute_nr(const char * attr_name) 00623 { 00624 enum rsbac_attribute_t i; 00625 00626 if(!attr_name) 00627 return(A_none); 00628 for (i = 0; i < A_none; i++) 00629 { 00630 if (!strcmp(attr_name,attribute_list[i])) 00631 { 00632 return(i); 00633 } 00634 } 00635 return(A_none); 00636 }; 00637 00638 00639 #ifdef __KERNEL__ 00640 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT) 00641 EXPORT_SYMBOL(get_scd_type_name); 00642 #endif 00643 #endif 00644 00645 char * get_scd_type_name(char * res_name, 00646 enum rsbac_scd_type_t res) 00647 { 00648 if(!res_name) 00649 return(NULL); 00650 if(res > ST_none) 00651 strcpy(res_name, "ERROR!"); 00652 else 00653 strcpy(res_name, scd_type_list[res]); 00654 return(res_name); 00655 }; 00656 00657 enum rsbac_scd_type_t get_scd_type_nr(const char * res_name) 00658 { 00659 enum rsbac_scd_type_t i; 00660 00661 if(!res_name) 00662 return(ST_none); 00663 for (i = 0; i < ST_none; i++) 00664 { 00665 if (!strcmp(res_name, scd_type_list[i])) 00666 { 00667 return(i); 00668 } 00669 } 00670 return(ST_none); 00671 }; 00672 00673 00674 #ifdef __KERNEL__ 00675 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT) 00676 EXPORT_SYMBOL(get_target_name); 00677 #endif 00678 #endif 00679 00680 char * get_target_name(char * target_type_name, 00681 enum rsbac_target_t target, 00682 char * target_id_name, 00683 union rsbac_target_id_t tid) 00684 { 00685 #ifdef __KERNEL__ 00686 char * help_name; 00687 #else 00688 char help_name[RSBAC_MAXNAMELEN+4]; 00689 #endif 00690 00691 if(!target_type_name) 00692 return(NULL); 00693 00694 #ifdef __KERNEL__ 00695 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 00696 help_name = rsbac_kmalloc(CONFIG_RSBAC_MAX_PATH_LEN + 4); 00697 #else 00698 help_name = rsbac_kmalloc(RSBAC_MAXNAMELEN + 4); 00699 #endif 00700 if(!help_name) 00701 return NULL; 00702 #endif 00703 00704 switch(target) 00705 { 00706 #ifdef __KERNEL__ 00707 case T_FD: strcpy (target_type_name, "FD"); 00708 if(!target_id_name) 00709 break; 00710 sprintf(target_id_name, "Device %02u:%02u Inode %u", 00711 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), 00712 tid.file.inode); 00713 if( tid.file.dentry_p 00714 && tid.file.dentry_p->d_name.name 00715 && tid.file.dentry_p->d_name.len 00716 ) 00717 { 00718 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 00719 if(rsbac_get_full_path(tid.file.dentry_p, help_name, 00720 CONFIG_RSBAC_MAX_PATH_LEN) > 0) 00721 { 00722 strcat(target_id_name, " Path "); 00723 strcat(target_id_name, help_name); 00724 } 00725 #else 00726 int namelen = rsbac_min(tid.file.dentry_p->d_name.len, RSBAC_MAXNAMELEN); 00727 00728 strcat(target_id_name, " Name "); 00729 strncpy(help_name, tid.file.dentry_p->d_name.name, namelen); 00730 help_name[namelen]=0; 00731 strcat(target_id_name, help_name); 00732 #endif 00733 } 00734 break; 00735 case T_FILE: strcpy (target_type_name, "FILE"); 00736 if(!target_id_name) 00737 break; 00738 sprintf(target_id_name, "Device %02u:%02u Inode %u", 00739 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), 00740 tid.file.inode); 00741 if( tid.file.dentry_p 00742 && tid.file.dentry_p->d_name.name 00743 && tid.file.dentry_p->d_name.len 00744 ) 00745 { 00746 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 00747 if(rsbac_get_full_path(tid.file.dentry_p, help_name, 00748 CONFIG_RSBAC_MAX_PATH_LEN) > 0) 00749 { 00750 strcat(target_id_name, " Path "); 00751 strcat(target_id_name, help_name); 00752 } 00753 #else 00754 int namelen = rsbac_min(tid.file.dentry_p->d_name.len, RSBAC_MAXNAMELEN); 00755 00756 strcat(target_id_name, " Name "); 00757 strncpy(help_name, tid.file.dentry_p->d_name.name, namelen); 00758 help_name[namelen]=0; 00759 strcat(target_id_name, help_name); 00760 #endif 00761 } 00762 break; 00763 case T_DIR: strcpy (target_type_name, "DIR"); 00764 if(!target_id_name) 00765 break; 00766 sprintf(target_id_name, "Device %02u:%02u Inode %u", 00767 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), 00768 tid.dir.inode); 00769 if( tid.dir.dentry_p 00770 && tid.dir.dentry_p->d_name.name 00771 && tid.dir.dentry_p->d_name.len 00772 ) 00773 { 00774 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 00775 if(rsbac_get_full_path(tid.dir.dentry_p, help_name, 00776 CONFIG_RSBAC_MAX_PATH_LEN) > 0) 00777 { 00778 strcat(target_id_name, " Path "); 00779 strcat(target_id_name, help_name); 00780 } 00781 #else 00782 int namelen = rsbac_min(tid.dir.dentry_p->d_name.len, RSBAC_MAXNAMELEN); 00783 00784 strcat(target_id_name, " Name "); 00785 strncpy(help_name, tid.dir.dentry_p->d_name.name, namelen); 00786 help_name[namelen]=0; 00787 strcat(target_id_name, help_name); 00788 #endif 00789 } 00790 break; 00791 case T_FIFO: strcpy (target_type_name, "FIFO"); 00792 if(!target_id_name) 00793 break; 00794 sprintf(target_id_name, "Device %02u:%02u Inode %u", 00795 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), 00796 tid.fifo.inode); 00797 if( tid.fifo.dentry_p 00798 && tid.fifo.dentry_p->d_name.name 00799 && tid.fifo.dentry_p->d_name.len 00800 ) 00801 { 00802 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 00803 if(rsbac_get_full_path(tid.fifo.dentry_p, help_name, 00804 CONFIG_RSBAC_MAX_PATH_LEN) > 0) 00805 { 00806 strcat(target_id_name, " Path "); 00807 strcat(target_id_name, help_name); 00808 } 00809 #else 00810 int namelen = rsbac_min(tid.fifo.dentry_p->d_name.len, RSBAC_MAXNAMELEN); 00811 00812 strcat(target_id_name, " Name "); 00813 strncpy(help_name, tid.fifo.dentry_p->d_name.name, namelen); 00814 help_name[namelen]=0; 00815 strcat(target_id_name, help_name); 00816 #endif 00817 } 00818 break; 00819 case T_SYMLINK: strcpy (target_type_name, "SYMLINK"); 00820 if(!target_id_name) 00821 break; 00822 sprintf(target_id_name, "Device %02u:%02u Inode %u", 00823 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), 00824 tid.symlink.inode); 00825 if( tid.symlink.dentry_p 00826 && tid.symlink.dentry_p->d_name.name 00827 && tid.symlink.dentry_p->d_name.len 00828 ) 00829 { 00830 #ifdef CONFIG_RSBAC_LOG_FULL_PATH 00831 if(rsbac_get_full_path(tid.symlink.dentry_p, help_name, 00832 CONFIG_RSBAC_MAX_PATH_LEN) > 0) 00833 { 00834 strcat(target_id_name, " Path "); 00835 strcat(target_id_name, help_name); 00836 } 00837 #else 00838 int namelen = rsbac_min(tid.symlink.dentry_p->d_name.len, RSBAC_MAXNAMELEN); 00839 00840 strcat(target_id_name, " Name "); 00841 strncpy(help_name, tid.symlink.dentry_p->d_name.name, namelen); 00842 help_name[namelen]=0; 00843 strcat(target_id_name, help_name); 00844 #endif 00845 } 00846 break; 00847 case T_DEV: strcpy (target_type_name, "DEV"); 00848 if(!target_id_name) 00849 break; 00850 if(tid.dev.type == D_block) 00851 sprintf(target_id_name, "block %02u:%02u", 00852 RSBAC_MAJOR(tid.dev.id), RSBAC_MINOR(tid.dev.id)); 00853 else 00854 sprintf(target_id_name, "char %02u:%02u", 00855 RSBAC_MAJOR(tid.dev.id), RSBAC_MINOR(tid.dev.id)); 00856 break; 00857 case T_NETOBJ: strcpy (target_type_name, "NETOBJ"); 00858 if(!target_id_name) 00859 break; 00860 #ifdef CONFIG_NET 00861 if( tid.netobj.sock_p 00862 && tid.netobj.sock_p->ops 00863 && tid.netobj.sock_p->sk 00864 ) 00865 { 00866 char type_name[RSBAC_MAXNAMELEN]; 00867 00868 switch(tid.netobj.sock_p->ops->family) 00869 { 00870 case AF_INET: 00871 { 00872 __u32 saddr; 00873 __u16 sport; 00874 __u32 daddr; 00875 __u16 dport; 00876 struct net_device *dev; 00877 char ldevname[RSBAC_IFNAMSIZ+10]; 00878 char rdevname[RSBAC_IFNAMSIZ+10]; 00879 00880 if(tid.netobj.local_addr) 00881 { 00882 struct sockaddr_in * addr = tid.netobj.local_addr; 00883 00884 saddr = addr->sin_addr.s_addr; 00885 sport = ntohs(addr->sin_port); 00886 } 00887 else 00888 { 00889 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00890 saddr = inet_sk(tid.netobj.sock_p->sk)->saddr; 00891 sport = inet_sk(tid.netobj.sock_p->sk)->num; 00892 #else 00893 saddr = tid.netobj.sock_p->sk->saddr; 00894 sport = tid.netobj.sock_p->sk->num; 00895 #endif 00896 } 00897 if(tid.netobj.remote_addr) 00898 { 00899 struct sockaddr_in * addr = tid.netobj.remote_addr; 00900 00901 daddr = addr->sin_addr.s_addr; 00902 dport = ntohs(addr->sin_port); 00903 } 00904 else 00905 { 00906 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00907 daddr = inet_sk(tid.netobj.sock_p->sk)->daddr; 00908 dport = ntohs(inet_sk(tid.netobj.sock_p->sk)->dport); 00909 #else 00910 daddr = tid.netobj.sock_p->sk->daddr; 00911 dport = ntohs(tid.netobj.sock_p->sk->dport); 00912 #endif 00913 } 00914 dev = ip_dev_find(saddr); 00915 if(dev) 00916 { 00917 sprintf(ldevname, "%s:", dev->name); 00918 dev_put(dev); 00919 } 00920 else 00921 ldevname[0] = 0; 00922 dev = ip_dev_find(daddr); 00923 if(dev) 00924 { 00925 sprintf(rdevname, "%s:", dev->name); 00926 dev_put(dev); 00927 } 00928 else 00929 rdevname[0] = 0; 00930 sprintf(target_id_name, "%p INET %s proto %s local %s%u.%u.%u.%u:%u remote %s%u.%u.%u.%u:%u", 00931 tid.netobj.sock_p, 00932 rsbac_get_net_type_name(type_name, 00933 tid.netobj.sock_p->type), 00934 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00935 rsbac_get_net_protocol_name(help_name, 00936 tid.netobj.sock_p->sk->sk_protocol), 00937 #else 00938 rsbac_get_net_protocol_name(help_name, 00939 tid.netobj.sock_p->sk->protocol), 00940 #endif 00941 ldevname, 00942 NIPQUAD(saddr), 00943 sport, 00944 rdevname, 00945 NIPQUAD(daddr), 00946 dport); 00947 } 00948 break; 00949 case AF_UNIX: 00950 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00951 if(unix_sk(tid.netobj.sock_p->sk)->addr) 00952 sprintf(target_id_name, "%p UNIX %s %s", 00953 tid.netobj.sock_p, 00954 rsbac_get_net_type_name(type_name, 00955 tid.netobj.sock_p->type), 00956 unix_sk(tid.netobj.sock_p->sk)->addr->name[0].sun_path); 00957 #else 00958 if(tid.netobj.sock_p->sk->protinfo.af_unix.addr) 00959 sprintf(target_id_name, "%p UNIX %s %s", 00960 tid.netobj.sock_p, 00961 rsbac_get_net_type_name(type_name, 00962 tid.netobj.sock_p->type), 00963 tid.netobj.sock_p->sk->protinfo.af_unix.addr->name[0].sun_path); 00964 #endif 00965 else 00966 if(tid.netobj.local_addr) 00967 { 00968 struct sockaddr_un * addr = tid.netobj.local_addr; 00969 00970 sprintf(target_id_name, "%p UNIX %s %s", 00971 tid.netobj.sock_p, 00972 rsbac_get_net_type_name(type_name, 00973 tid.netobj.sock_p->type), 00974 addr->sun_path); 00975 } 00976 else 00977 sprintf(target_id_name, "%p UNIX %s", 00978 tid.netobj.sock_p, 00979 rsbac_get_net_type_name(type_name, 00980 tid.netobj.sock_p->type)); 00981 break; 00982 default: 00983 sprintf(target_id_name, "%p %s %s", 00984 tid.netobj.sock_p, 00985 rsbac_get_net_family_name(help_name, 00986 tid.netobj.sock_p->ops->family), 00987 rsbac_get_net_type_name(type_name, 00988 tid.netobj.sock_p->type)); 00989 } 00990 } 00991 else 00992 #endif /* CONFIG_NET */ 00993 { 00994 sprintf(target_id_name, "%p", tid.netobj.sock_p); 00995 } 00996 break; 00997 #endif /* __KERNEL__ */ 00998 case T_IPC: strcpy (target_type_name, "IPC"); 00999 if(!target_id_name) 01000 break; 01001 switch (tid.ipc.type) 01002 { 01003 case I_sem: strcpy(target_id_name, "Sem-ID "); 01004 break; 01005 case I_msg: strcpy(target_id_name, "Msg-ID "); 01006 break; 01007 case I_shm: strcpy(target_id_name, "Shm-ID "); 01008 break; 01009 default: strcpy(target_id_name, "???-ID "); 01010 break; 01011 }; 01012 ulongtostr(help_name, tid.ipc.id.id_nr); 01013 strcat(target_id_name, help_name); 01014 break; 01015 case T_SCD: strcpy (target_type_name, "SCD"); 01016 if(!target_id_name) 01017 break; 01018 get_scd_type_name(target_id_name, tid.scd); 01019 break; 01020 case T_USER: strcpy (target_type_name, "USER"); 01021 if(!target_id_name) 01022 break; 01023 inttostr(target_id_name, tid.user); 01024 break; 01025 case T_PROCESS: strcpy (target_type_name, "PROCESS"); 01026 if(!target_id_name) 01027 break; 01028 ulongtostr(target_id_name, tid.process); 01029 break; 01030 case T_NETDEV: strcpy (target_type_name, "NETDEV"); 01031 if(!target_id_name) 01032 break; 01033 strncpy(target_id_name, tid.netdev, RSBAC_IFNAMSIZ); 01034 target_id_name[RSBAC_IFNAMSIZ] = 0; 01035 break; 01036 case T_NETTEMP: strcpy (target_type_name, "NETTEMP"); 01037 if(!target_id_name) 01038 break; 01039 sprintf(target_id_name, "%u", tid.nettemp); 01040 break; 01041 case T_NETTEMP_NT: strcpy (target_type_name, "NETTEMP_NT"); 01042 if(!target_id_name) 01043 break; 01044 sprintf(target_id_name, "%u", tid.nettemp); 01045 break; 01046 case T_NONE: strcpy (target_type_name, "NONE"); 01047 if(!target_id_name) 01048 break; 01049 strcpy (target_id_name, "NONE"); 01050 break; 01051 default: strcpy (target_type_name, "ERROR!!!"); 01052 if(!target_id_name) 01053 break; 01054 sprintf(target_id_name, "%u", target); 01055 }; 01056 #ifdef __KERNEL__ 01057 rsbac_kfree(help_name); 01058 #endif 01059 return(target_type_name); 01060 }; 01061 01062 char * get_target_name_only(char * target_type_name, 01063 enum rsbac_target_t target) 01064 { 01065 if(!target_type_name) 01066 return(NULL); 01067 01068 switch(target) 01069 { 01070 case T_FILE: strcpy (target_type_name, "FILE"); 01071 break; 01072 case T_DIR: strcpy (target_type_name, "DIR"); 01073 break; 01074 case T_FIFO: strcpy (target_type_name, "FIFO"); 01075 break; 01076 case T_SYMLINK: strcpy (target_type_name, "SYMLINK"); 01077 break; 01078 case T_DEV: strcpy (target_type_name, "DEV"); 01079 break; 01080 case T_NETOBJ: strcpy (target_type_name, "NETOBJ"); 01081 break; 01082 case T_IPC: strcpy (target_type_name, "IPC"); 01083 break; 01084 case T_SCD: strcpy (target_type_name, "SCD"); 01085 break; 01086 case T_USER: strcpy (target_type_name, "USER"); 01087 break; 01088 case T_PROCESS: strcpy (target_type_name, "PROCESS"); 01089 break; 01090 case T_NETDEV: strcpy (target_type_name, "NETDEV"); 01091 break; 01092 case T_NETTEMP: strcpy (target_type_name, "NETTEMP"); 01093 break; 01094 case T_NETTEMP_NT: strcpy (target_type_name, "NETTEMP_NT"); 01095 break; 01096 case T_NONE: strcpy (target_type_name, "NONE"); 01097 break; 01098 default: strcpy (target_type_name, "ERROR!!!"); 01099 }; 01100 return(target_type_name); 01101 }; 01102 01103 enum rsbac_target_t get_target_nr(const char * target_name) 01104 { 01105 enum rsbac_target_t i; 01106 01107 if(!target_name) 01108 return(T_NONE); 01109 for (i = 0; i < T_NONE; i++) 01110 { 01111 if (!strcmp(target_name,target_list[i])) 01112 { 01113 return(i); 01114 } 01115 } 01116 return(T_NONE); 01117 }; 01118 01119 char * get_ipc_target_name(char * ipc_name, 01120 enum rsbac_ipc_type_t target) 01121 { 01122 if(!ipc_name) 01123 return(NULL); 01124 if(target > I_none) 01125 strcpy(ipc_name, "ERROR!"); 01126 else 01127 strcpy(ipc_name, ipc_target_list[target]); 01128 return(ipc_name); 01129 }; 01130 01131 enum rsbac_ipc_type_t get_ipc_target_nr(const char * ipc_name) 01132 { 01133 enum rsbac_ipc_type_t i; 01134 01135 if(!ipc_name) 01136 return(I_none); 01137 for (i = 0; i < I_none; i++) 01138 { 01139 if (!strcmp(ipc_name,ipc_target_list[i])) 01140 { 01141 return(i); 01142 } 01143 } 01144 return(I_none); 01145 }; 01146 01147 01148 #ifdef __KERNEL__ 01149 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT) 01150 EXPORT_SYMBOL(get_switch_target_name); 01151 #endif 01152 #endif 01153 01154 char * get_switch_target_name(char * switch_name, 01155 enum rsbac_switch_target_t target) 01156 { 01157 if(!switch_name) 01158 return(NULL); 01159 if(target > SW_NONE) 01160 strcpy(switch_name, "ERROR!"); 01161 else 01162 strcpy(switch_name, switch_target_list[target]); 01163 return(switch_name); 01164 }; 01165 01166 enum rsbac_switch_target_t get_switch_target_nr(const char * switch_name) 01167 { 01168 enum rsbac_switch_target_t i; 01169 01170 if(!switch_name) 01171 return(SW_NONE); 01172 for (i = 0; i < SW_NONE; i++) 01173 { 01174 #ifdef __KERNEL__ 01175 if (!strncmp(switch_name,switch_target_list[i],strlen(switch_target_list[i]))) 01176 #else 01177 if (!strcmp(switch_name,switch_target_list[i])) 01178 #endif 01179 { 01180 return(i); 01181 } 01182 } 01183 return(SW_NONE); 01184 }; 01185 01186 01187 #ifdef __KERNEL__ 01188 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT) 01189 EXPORT_SYMBOL(get_error_name); 01190 #endif 01191 #endif 01192 01193 char * get_error_name(char * error_name, 01194 int error) 01195 { 01196 if(!error_name) 01197 return(NULL); 01198 if(RSBAC_ERROR(error)) 01199 strcpy(error_name, error_list[(-error)-RSBAC_EPERM]); 01200 else 01201 #ifdef __KERNEL__ 01202 inttostr(error_name, error); 01203 #else 01204 strcpy(error_name, strerror(errno)); 01205 #endif 01206 return(error_name); 01207 }; 01208 01209 #ifndef __KERNEL__ 01210 char * get_attribute_param( char * attr_name, 01211 enum rsbac_attribute_t attr) 01212 { 01213 if(!attr_name) 01214 return(NULL); 01215 if(attr > A_none) 01216 strcpy(attr_name, "ERROR!"); 01217 else 01218 strcpy(attr_name, attribute_param_list[attr]); 01219 return(attr_name); 01220 }; 01221 #endif 01222 01223 char * get_log_level_name(char * ll_name, 01224 enum rsbac_log_level_t target) 01225 { 01226 if(!ll_name) 01227 return(NULL); 01228 if(target > LL_invalid) 01229 strcpy(ll_name, "ERROR!"); 01230 else 01231 strcpy(ll_name, log_level_list[target]); 01232 return(ll_name); 01233 }; 01234 01235 enum rsbac_log_level_t get_log_level_nr(const char * ll_name) 01236 { 01237 enum rsbac_log_level_t i; 01238 01239 if(!ll_name) 01240 return(LL_invalid); 01241 for (i = 0; i < LL_invalid; i++) 01242 { 01243 if (!strcmp(ll_name,log_level_list[i])) 01244 { 01245 return(i); 01246 } 01247 } 01248 return(LL_invalid); 01249 }; 01250

Generated on Tue Aug 31 10:05:26 2004 for RSBAC by doxygen 1.3.8