00001
00002
00003
00004
00005
00006
00007
00008
00009
#include <linux/string.h>
00010
#include <linux/types.h>
00011
#include <linux/fs.h>
00012
#include <linux/sched.h>
00013
#include <linux/file.h>
00014
#include <linux/mm.h>
00015
#include <linux/init.h>
00016
#include <asm/uaccess.h>
00017
#include <rsbac/aci_data_structures.h>
00018
#include <rsbac/rc_types.h>
00019
#include <rsbac/rc_data_structures.h>
00020
#include <rsbac/error.h>
00021
#include <rsbac/helpers.h>
00022
#include <rsbac/fs.h>
00023
#include <rsbac/adf.h>
00024
#include <rsbac/acl.h>
00025
#include <rsbac/getname.h>
00026
#include <rsbac/rc_getname.h>
00027
#include <rsbac/proc_fs.h>
00028
#include <rsbac/rkmem.h>
00029
#include <linux/smp_lock.h>
00030
00031
#ifdef CONFIG_RSBAC_RC_NR_ROLES
00032
#endif
00033
00034
00035
00036
00037
00038
00039
00040 static rsbac_list_handle_t role_handle =
NULL;
00041 static rsbac_list_handle_t role_rc_handle =
NULL;
00042 static rsbac_list_handle_t role_adr_handle =
NULL;
00043 static rsbac_list_handle_t role_asr_handle =
NULL;
00044 static rsbac_list_handle_t role_tcfd_handle =
NULL;
00045 static rsbac_list_handle_t role_tcdv_handle =
NULL;
00046 static rsbac_list_handle_t role_tcus_handle =
NULL;
00047 static rsbac_list_handle_t role_tcpr_handle =
NULL;
00048 static rsbac_list_handle_t role_tcip_handle =
NULL;
00049 static rsbac_list_handle_t role_tcsc_handle =
NULL;
00050 static rsbac_list_handle_t role_tcnd_handle =
NULL;
00051 static rsbac_list_handle_t role_tcnt_handle =
NULL;
00052 static rsbac_list_handle_t role_tcno_handle =
NULL;
00053
00054 static rsbac_list_handle_t type_fd_handle =
NULL;
00055 static rsbac_list_handle_t type_dev_handle =
NULL;
00056 static rsbac_list_handle_t type_ipc_handle =
NULL;
00057 static rsbac_list_handle_t type_user_handle =
NULL;
00058 static rsbac_list_handle_t type_process_handle =
NULL;
00059 static rsbac_list_handle_t type_netdev_handle =
NULL;
00060 static rsbac_list_handle_t type_nettemp_handle =
NULL;
00061 static rsbac_list_handle_t type_netobj_handle =
NULL;
00062
00063
00064
00065
00066
00067
00068
00069
00070
00071
00072
00073
00074
00075
00076
00077
#ifdef CONFIG_RSBAC_INIT_DELAY
00078
static int role_conv(
00079 #
else
00080 static int __init
role_conv(
00081 #endif
00082
void * old_desc,
00083
void * old_data,
00084
void * new_desc,
00085
void * new_data)
00086 {
00087
struct rsbac_rc_role_entry_t *
new = new_data;
00088
struct rsbac_rc_old_role_entry_t * old = old_data;
00089
00090 memcpy(new_desc, old_desc,
sizeof(
rsbac_rc_role_id_t));
00091 new->admin_type = old->admin_type;
00092 memcpy(new->name, old->name, RSBAC_RC_NAME_LEN);
00093 new->def_fd_create_type = old->def_fd_create_type;
00094 new->def_user_create_type = RSBAC_RC_GENERAL_TYPE;
00095 new->def_process_create_type = old->def_process_create_type;
00096 new->def_process_chown_type = old->def_process_chown_type;
00097 new->def_process_execute_type = old->def_process_execute_type;
00098 new->def_ipc_create_type = old->def_ipc_create_type;
00099 new->boot_role = FALSE;
00100
return 0;
00101 }
00102
00103
#ifdef CONFIG_RSBAC_INIT_DELAY
00104
static rsbac_list_conv_function_t *
role_get_conv(
rsbac_version_t old_version)
00105 #
else
00106 static rsbac_list_conv_function_t * __init
role_get_conv(
rsbac_version_t old_version)
00107 #endif
00108 {
00109
switch(old_version)
00110 {
00111
case RSBAC_RC_ROLE_OLD_LIST_VERSION:
00112
return role_conv;
00113
default:
00114
return NULL;
00115 }
00116 }
00117
00118
#ifdef CONFIG_RSBAC_INIT_DELAY
00119
static int rsbac_rc_role_compare_data(
void * data1,
void * data2)
00120 #
else
00121 static int __init
rsbac_rc_role_compare_data(
void * data1,
void * data2)
00122 #endif
00123 {
00124
struct rsbac_rc_role_entry_t * role = data1;
00125
00126
if(!data1)
00127
return 1;
00128
if(role->boot_role)
00129
return 0;
00130
else
00131
return 1;
00132 }
00133
00134
00135
00136
00137
00138
#if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00139
static int
00140 stats_rc_proc_info(
char *buffer,
char **start, off_t offset,
int length)
00141 {
00142
union rsbac_target_id_t rsbac_target_id;
00143
union rsbac_attribute_value_t rsbac_attribute_value;
00144
00145 u_int len = 0;
00146 off_t pos = 0;
00147 off_t begin = 0;
00148
00149
if (!
rsbac_is_initialized)
00150 {
00151 printk(KERN_WARNING
"stats_rc_proc_info(): RSBAC not initialized\n");
00152
return(-
RSBAC_ENOTINITIALIZED);
00153 }
00154
#ifdef CONFIG_RSBAC_DEBUG
00155
if (rsbac_debug_aef_rc)
00156 {
00157
#ifdef CONFIG_RSBAC_RMSG
00158
rsbac_printk(KERN_DEBUG
"stats_rc_proc_info(): calling ADF\n");
00159
#endif
00160
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00161
if (!rsbac_nosyslog)
00162
#endif
00163
printk(KERN_DEBUG
"stats_rc_proc_info(): calling ADF\n");
00164 }
00165
#endif
00166
rsbac_target_id.
scd =
ST_rsbac;
00167 rsbac_attribute_value.
dummy = 0;
00168
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
00169 current->pid,
00170 T_SCD,
00171 rsbac_target_id,
00172 A_none,
00173 rsbac_attribute_value))
00174 {
00175
return -EPERM;
00176 }
00177
00178 len += sprintf(buffer,
"RC Status\n---------\n");
00179 pos = begin + len;
00180
if (pos < offset)
00181 {
00182 len = 0;
00183 begin = pos;
00184 }
00185
if (pos > offset+length)
00186
goto out;
00187
00188 len += sprintf(buffer + len,
"Role entry size is %u, %lu entries used\n",
00189
sizeof(
struct rsbac_rc_role_entry_t),
00190
rsbac_list_count(role_handle));
00191 pos = begin + len;
00192
if (pos < offset)
00193 {
00194 len = 0;
00195 begin = pos;
00196 }
00197
if (pos > offset+length)
00198
goto out;
00199
00200 len += sprintf(buffer + len,
"Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
00201
rsbac_list_count(type_fd_handle),
00202
rsbac_list_count(type_dev_handle),
00203
rsbac_list_count(type_ipc_handle),
00204
rsbac_list_count(type_user_handle),
00205
rsbac_list_count(type_process_handle),
00206
rsbac_list_count(type_netdev_handle),
00207
rsbac_list_count(type_nettemp_handle),
00208
rsbac_list_count(type_netobj_handle));
00209 pos = begin + len;
00210
if (pos < offset)
00211 {
00212 len = 0;
00213 begin = pos;
00214 }
00215
00216 out:
00217 *start = buffer + (offset - begin);
00218 len -= (offset - begin);
00219
00220
if (len > length)
00221 len = length;
00222
return len;
00223 }
00224
00225
#endif
00226
00227
00228
00229
00230
00231
00232
00233
00234
00235
00236
00237
00238
00239
00240
00241
#ifdef CONFIG_RSBAC_INIT_DELAY
00242
static void registration_error(
int err,
char * listname)
00243 #
else
00244 static void __init
registration_error(
int err,
char * listname)
00245 #endif
00246 {
00247
if(err)
00248 {
00249
char * tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00250
00251
if(tmp)
00252 {
00253
#ifdef CONFIG_RSBAC_RMSG
00254
rsbac_printk(KERN_WARNING
00255
"rsbac_init_rc(): Registering RC %s list failed with error %s\n",
00256 listname,
00257
get_error_name(tmp, err));
00258
#endif
00259
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00260
if (!rsbac_nosyslog)
00261
#endif
00262
printk(KERN_WARNING
00263
"rsbac_init_rc(): Registering RC %s list failed with error %s\n",
00264 listname,
00265
get_error_name(tmp, err));
00266
rsbac_kfree(tmp);
00267 }
00268 }
00269 }
00270
00271
#ifdef CONFIG_RSBAC_INIT_DELAY
00272
int rsbac_init_rc(
void)
00273 #
else
00274 int __init
rsbac_init_rc(
void)
00275 #endif
00276 {
00277
int err = 0;
00278
struct proc_dir_entry * tmp_entry_p;
00279
struct rsbac_list_lol_info_t lol_info;
00280
struct rsbac_list_info_t list_info;
00281
rsbac_rc_rights_vector_t def_tc =
RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
00282
00283
if (
rsbac_is_initialized())
00284 {
00285
#ifdef CONFIG_RSBAC_RMSG
00286
rsbac_printk(KERN_WARNING
"rsbac_init_rc(): RSBAC already initialized\n");
00287
#endif
00288
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00289
if (!rsbac_nosyslog)
00290
#endif
00291
printk(KERN_WARNING
"rsbac_init_rc(): RSBAC already initialized\n");
00292
return(-
RSBAC_EREINIT);
00293 }
00294
00295
00296
#ifdef CONFIG_RSBAC_RMSG
00297
rsbac_printk(KERN_INFO
"rsbac_init_rc(): Initializing RSBAC: RC subsystem\n");
00298
#endif
00299
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00300
if (!rsbac_nosyslog)
00301
#endif
00302
printk(KERN_INFO
"rsbac_init_rc(): Initializing RSBAC: RC subsystem\n");
00303
#ifdef CONFIG_RSBAC_DEBUG
00304
if(rsbac_debug_stack)
00305 {
00306
unsigned long * n = (
unsigned long *) (current+1);
00307
00308
while (!*n)
00309 n++;
00310
#ifdef CONFIG_RSBAC_RMSG
00311
rsbac_printk(KERN_DEBUG
"rsbac_init_rc: free stack: %lu\n",
00312 (
unsigned long) n - (
unsigned long)(current+1));
00313
#endif
00314
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00315
if (!rsbac_nosyslog)
00316
#endif
00317
printk(KERN_DEBUG
"rsbac_init_rc: free stack: %lu\n",
00318 (
unsigned long) n - (
unsigned long)(current+1));
00319 }
00320
#endif
00321
00322 list_info.
version = RSBAC_RC_ROLE_LIST_VERSION;
00323 list_info.
key = RSBAC_RC_LIST_KEY;
00324 list_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00325 list_info.
data_size =
sizeof(
struct rsbac_rc_role_entry_t);
00326 list_info.
max_age = 0;
00327 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
00328 &
role_handle,
00329 &list_info,
00330 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00331
RSBAC_LIST_BACKUP |
00332 #endif
00333
RSBAC_LIST_PERSIST,
00334
rsbac_list_compare_u32,
00335
role_get_conv,
00336
NULL,
00337 RSBAC_RC_ROLE_FILENAME,
00338 RSBAC_AUTO_DEV);
00339
if(err)
00340 {
00341
registration_error(err,
"role");
00342 }
00343
00344 lol_info.
version = RSBAC_RC_ROLE_RC_LIST_VERSION;
00345 lol_info.
key = RSBAC_RC_LIST_KEY;
00346 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00347 lol_info.
data_size = 0;
00348 lol_info.
subdesc_size =
sizeof(
rsbac_rc_role_id_t);
00349 lol_info.
subdata_size = 0;
00350 lol_info.
max_age = 0;
00351 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00352 &
role_rc_handle,
00353 &lol_info,
00354 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00355
RSBAC_LIST_BACKUP |
00356 #endif
00357
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
00358
rsbac_list_compare_u32,
00359
rsbac_list_compare_u32,
00360
NULL,
00361
NULL,
00362
NULL,
00363
NULL,
00364 RSBAC_RC_ROLE_RC_FILENAME,
00365 RSBAC_AUTO_DEV);
00366
if(err)
00367 {
00368
registration_error(err,
"role compatibilities");
00369 }
00370 lol_info.
version = RSBAC_RC_ROLE_ADR_LIST_VERSION;
00371 lol_info.
key = RSBAC_RC_LIST_KEY;
00372 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00373 lol_info.
data_size = 0;
00374 lol_info.
subdesc_size =
sizeof(
rsbac_rc_role_id_t);
00375 lol_info.
subdata_size = 0;
00376 lol_info.
max_age = 0;
00377 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00378 &
role_adr_handle,
00379 &lol_info,
00380 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00381
RSBAC_LIST_BACKUP |
00382 #endif
00383
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
00384
rsbac_list_compare_u32,
00385
rsbac_list_compare_u32,
00386
NULL,
00387
NULL,
00388
NULL,
00389
NULL,
00390 RSBAC_RC_ROLE_ADR_FILENAME,
00391 RSBAC_AUTO_DEV);
00392
if(err)
00393 {
00394
registration_error(err,
"admin roles");
00395 }
00396 lol_info.
version = RSBAC_RC_ROLE_ASR_LIST_VERSION;
00397 lol_info.
key = RSBAC_RC_LIST_KEY;
00398 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00399 lol_info.
data_size = 0;
00400 lol_info.
subdesc_size =
sizeof(
rsbac_rc_role_id_t);
00401 lol_info.
subdata_size = 0;
00402 lol_info.
max_age = 0;
00403 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00404 &
role_asr_handle,
00405 &lol_info,
00406 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00407
RSBAC_LIST_BACKUP |
00408 #endif
00409
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
00410
rsbac_list_compare_u32,
00411
rsbac_list_compare_u32,
00412
NULL,
00413
NULL,
00414
NULL,
00415
NULL,
00416 RSBAC_RC_ROLE_ASR_FILENAME,
00417 RSBAC_AUTO_DEV);
00418
if(err)
00419 {
00420
registration_error(err,
"assign roles");
00421 }
00422 lol_info.
version = RSBAC_RC_ROLE_TCFD_LIST_VERSION;
00423 lol_info.
key = RSBAC_RC_LIST_KEY;
00424 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00425 lol_info.
data_size = 0;
00426 lol_info.
subdesc_size =
sizeof(
rsbac_rc_type_id_t);
00427 lol_info.
subdata_size =
sizeof(
rsbac_rc_rights_vector_t);
00428 lol_info.
max_age = 0;
00429 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00430 &
role_tcfd_handle,
00431 &lol_info,
00432 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00433
RSBAC_LIST_BACKUP |
00434 #endif
00435
RSBAC_LIST_PERSIST |
00436
RSBAC_LIST_DEF_DATA |
RSBAC_LIST_DEF_SUBDATA,
00437
rsbac_list_compare_u32,
00438
rsbac_list_compare_u32,
00439
NULL,
00440
NULL,
00441
NULL,
00442 &def_tc,
00443 RSBAC_RC_ROLE_TCFD_FILENAME,
00444 RSBAC_AUTO_DEV);
00445
if(err)
00446 {
00447
registration_error(err,
"Role FD type compatibilities");
00448 }
00449 lol_info.
version = RSBAC_RC_ROLE_TCDV_LIST_VERSION;
00450 lol_info.
key = RSBAC_RC_LIST_KEY;
00451 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00452 lol_info.
data_size = 0;
00453 lol_info.
subdesc_size =
sizeof(
rsbac_rc_type_id_t);
00454 lol_info.
subdata_size =
sizeof(
rsbac_rc_rights_vector_t);
00455 lol_info.
max_age = 0;
00456 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00457 &
role_tcdv_handle,
00458 &lol_info,
00459 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00460
RSBAC_LIST_BACKUP |
00461 #endif
00462
RSBAC_LIST_PERSIST |
00463
RSBAC_LIST_DEF_DATA |
RSBAC_LIST_DEF_SUBDATA,
00464
rsbac_list_compare_u32,
00465
rsbac_list_compare_u32,
00466
NULL,
00467
NULL,
00468
NULL,
00469 &def_tc,
00470 RSBAC_RC_ROLE_TCDV_FILENAME,
00471 RSBAC_AUTO_DEV);
00472
if(err)
00473 {
00474
registration_error(err,
"Role DEV type compatibilities");
00475 }
00476 lol_info.
version = RSBAC_RC_ROLE_TCUS_LIST_VERSION;
00477 lol_info.
key = RSBAC_RC_LIST_KEY;
00478 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00479 lol_info.
data_size = 0;
00480 lol_info.
subdesc_size =
sizeof(
rsbac_rc_type_id_t);
00481 lol_info.
subdata_size =
sizeof(
rsbac_rc_rights_vector_t);
00482 lol_info.
max_age = 0;
00483 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00484 &
role_tcus_handle,
00485 &lol_info,
00486 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00487
RSBAC_LIST_BACKUP |
00488 #endif
00489
RSBAC_LIST_PERSIST |
00490
RSBAC_LIST_DEF_DATA |
RSBAC_LIST_DEF_SUBDATA,
00491
rsbac_list_compare_u32,
00492
rsbac_list_compare_u32,
00493
NULL,
00494
NULL,
00495
NULL,
00496 &def_tc,
00497 RSBAC_RC_ROLE_TCUS_FILENAME,
00498 RSBAC_AUTO_DEV);
00499
if(err)
00500 {
00501
registration_error(err,
"Role User type compatibilities");
00502 }
00503 lol_info.
version = RSBAC_RC_ROLE_TCPR_LIST_VERSION;
00504 lol_info.
key = RSBAC_RC_LIST_KEY;
00505 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00506 lol_info.
data_size = 0;
00507 lol_info.
subdesc_size =
sizeof(
rsbac_rc_type_id_t);
00508 lol_info.
subdata_size =
sizeof(
rsbac_rc_rights_vector_t);
00509 lol_info.
max_age = 0;
00510 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00511 &
role_tcpr_handle,
00512 &lol_info,
00513 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00514
RSBAC_LIST_BACKUP |
00515 #endif
00516
RSBAC_LIST_PERSIST |
00517
RSBAC_LIST_DEF_DATA |
RSBAC_LIST_DEF_SUBDATA,
00518
rsbac_list_compare_u32,
00519
rsbac_list_compare_u32,
00520
NULL,
00521
NULL,
00522
NULL,
00523 &def_tc,
00524 RSBAC_RC_ROLE_TCPR_FILENAME,
00525 RSBAC_AUTO_DEV);
00526
if(err)
00527 {
00528
registration_error(err,
"Role Process type compatibilities");
00529 }
00530 lol_info.
version = RSBAC_RC_ROLE_TCIP_LIST_VERSION;
00531 lol_info.
key = RSBAC_RC_LIST_KEY;
00532 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00533 lol_info.
data_size = 0;
00534 lol_info.
subdesc_size =
sizeof(
rsbac_rc_type_id_t);
00535 lol_info.
subdata_size =
sizeof(
rsbac_rc_rights_vector_t);
00536 lol_info.
max_age = 0;
00537 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00538 &
role_tcip_handle,
00539 &lol_info,
00540 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00541
RSBAC_LIST_BACKUP |
00542 #endif
00543
RSBAC_LIST_PERSIST |
00544
RSBAC_LIST_DEF_DATA |
RSBAC_LIST_DEF_SUBDATA,
00545
rsbac_list_compare_u32,
00546
rsbac_list_compare_u32,
00547
NULL,
00548
NULL,
00549
NULL,
00550 &def_tc,
00551 RSBAC_RC_ROLE_TCIP_FILENAME,
00552 RSBAC_AUTO_DEV);
00553
if(err)
00554 {
00555
registration_error(err,
"Role IPC type compatibilities");
00556 }
00557 lol_info.
version = RSBAC_RC_ROLE_TCSC_LIST_VERSION;
00558 lol_info.
key = RSBAC_RC_LIST_KEY;
00559 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00560 lol_info.
data_size = 0;
00561 lol_info.
subdesc_size =
sizeof(
rsbac_rc_type_id_t);
00562 lol_info.
subdata_size =
sizeof(
rsbac_rc_rights_vector_t);
00563 lol_info.
max_age = 0;
00564 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00565 &
role_tcsc_handle,
00566 &lol_info,
00567 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00568
RSBAC_LIST_BACKUP |
00569 #endif
00570
RSBAC_LIST_PERSIST |
00571
RSBAC_LIST_DEF_DATA |
RSBAC_LIST_DEF_SUBDATA,
00572
rsbac_list_compare_u32,
00573
rsbac_list_compare_u32,
00574
NULL,
00575
NULL,
00576
NULL,
00577 &def_tc,
00578 RSBAC_RC_ROLE_TCSC_FILENAME,
00579 RSBAC_AUTO_DEV);
00580
if(err)
00581 {
00582
registration_error(err,
"Role SCD type compatibilities");
00583 }
00584 lol_info.
version = RSBAC_RC_ROLE_TCND_LIST_VERSION;
00585 lol_info.
key = RSBAC_RC_LIST_KEY;
00586 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00587 lol_info.
data_size = 0;
00588 lol_info.
subdesc_size =
sizeof(
rsbac_rc_type_id_t);
00589 lol_info.
subdata_size =
sizeof(
rsbac_rc_rights_vector_t);
00590 lol_info.
max_age = 0;
00591 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00592 &
role_tcnd_handle,
00593 &lol_info,
00594 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00595
RSBAC_LIST_BACKUP |
00596 #endif
00597
RSBAC_LIST_PERSIST |
00598
RSBAC_LIST_DEF_DATA |
RSBAC_LIST_DEF_SUBDATA,
00599
rsbac_list_compare_u32,
00600
rsbac_list_compare_u32,
00601
NULL,
00602
NULL,
00603
NULL,
00604 &def_tc,
00605 RSBAC_RC_ROLE_TCND_FILENAME,
00606 RSBAC_AUTO_DEV);
00607
if(err)
00608 {
00609
registration_error(err,
"Role NETDEV type compatibilities");
00610 }
00611 lol_info.
version = RSBAC_RC_ROLE_TCNT_LIST_VERSION;
00612 lol_info.
key = RSBAC_RC_LIST_KEY;
00613 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00614 lol_info.
data_size = 0;
00615 lol_info.
subdesc_size =
sizeof(
rsbac_rc_type_id_t);
00616 lol_info.
subdata_size =
sizeof(
rsbac_rc_rights_vector_t);
00617 lol_info.
max_age = 0;
00618 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00619 &
role_tcnt_handle,
00620 &lol_info,
00621 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00622
RSBAC_LIST_BACKUP |
00623 #endif
00624
RSBAC_LIST_PERSIST |
00625
RSBAC_LIST_DEF_DATA |
RSBAC_LIST_DEF_SUBDATA,
00626
rsbac_list_compare_u32,
00627
rsbac_list_compare_u32,
00628
NULL,
00629
NULL,
00630
NULL,
00631 &def_tc,
00632 RSBAC_RC_ROLE_TCNT_FILENAME,
00633 RSBAC_AUTO_DEV);
00634
if(err)
00635 {
00636
registration_error(err,
"Role NETTEMP type compatibilities");
00637 }
00638 lol_info.
version = RSBAC_RC_ROLE_TCNO_LIST_VERSION;
00639 lol_info.
key = RSBAC_RC_LIST_KEY;
00640 lol_info.
desc_size =
sizeof(
rsbac_rc_role_id_t);
00641 lol_info.
data_size = 0;
00642 lol_info.
subdesc_size =
sizeof(
rsbac_rc_type_id_t);
00643 lol_info.
subdata_size =
sizeof(
rsbac_rc_rights_vector_t);
00644 lol_info.
max_age = 0;
00645 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00646 &
role_tcno_handle,
00647 &lol_info,
00648 #
if defined(CONFIG_RSBAC_RC_BACKUP)
00649
RSBAC_LIST_BACKUP |
00650 #endif
00651
RSBAC_LIST_PERSIST |
00652
RSBAC_LIST_DEF_DATA |
RSBAC_LIST_DEF_SUBDATA,
00653
rsbac_list_compare_u32,
00654
rsbac_list_compare_u32,
00655
NULL,
00656
NULL,
00657
NULL,
00658 &def_tc,
00659 RSBAC_RC_ROLE_TCNO_FILENAME,
00660 RSBAC_AUTO_DEV);
00661
if(err)
00662 {
00663
registration_error(err,
"Role NETOBJ type compatibilities");
00664 }
00665
00666
00667
if(!
rsbac_no_defaults && !
rsbac_list_count(
role_handle))
00668 {
00669
rsbac_rc_role_id_t role;
00670
rsbac_rc_type_id_t type;
00671
rsbac_rc_rights_vector_t rights;
00672
struct rsbac_rc_role_entry_t gen_entry =
RSBAC_RC_GENERAL_ROLE_ENTRY;
00673
struct rsbac_rc_role_entry_t ra_entry =
RSBAC_RC_ROLE_ADMIN_ROLE_ENTRY;
00674
struct rsbac_rc_role_entry_t sa_entry =
RSBAC_RC_SYSTEM_ADMIN_ROLE_ENTRY;
00675
struct rsbac_rc_role_entry_t au_entry =
RSBAC_RC_AUDITOR_ROLE_ENTRY;
00676
struct rsbac_rc_role_entry_t bo_entry =
RSBAC_RC_BOOT_ROLE_ENTRY;
00677
char * tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00678
00679
if(tmp)
00680 {
00681
#ifdef CONFIG_RSBAC_RMSG
00682
rsbac_printk(KERN_WARNING
00683
"rsbac_init_rc(): no RC roles read, generating default role entries!\n");
00684
#endif
00685
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00686
if (!rsbac_nosyslog)
00687
#endif
00688
printk(KERN_WARNING
00689
"rsbac_init_rc(): no RC roles read, generating default role entries!\n");
00690
rsbac_kfree(tmp);
00691 }
00692
00693 role =
RSBAC_RC_GENERAL_ROLE;
00694
if(!
rsbac_list_add(
role_handle, &role, &gen_entry))
00695 {
00696
if(!
rsbac_list_lol_add(
role_tcfd_handle, &role,
NULL))
00697 {
00698 type =
RSBAC_RC_GENERAL_TYPE;
00699 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_EXECUTE_REQUEST_VECTOR)
00700 &
RSBAC_FD_REQUEST_VECTOR;
00701
rsbac_list_lol_subadd(
role_tcfd_handle, &role, &type, &rights);
00702 }
00703
if(!
rsbac_list_lol_add(
role_tcdv_handle, &role,
NULL))
00704 {
00705 type =
RSBAC_RC_GENERAL_TYPE;
00706 rights =
RSBAC_READ_WRITE_REQUEST_VECTOR &
RSBAC_DEV_REQUEST_VECTOR;
00707
rsbac_list_lol_subadd(
role_tcdv_handle, &role, &type, &rights);
00708 }
00709
if(!
rsbac_list_lol_add(
role_tcpr_handle, &role,
NULL))
00710 {
00711 type =
RSBAC_RC_GENERAL_TYPE;
00712 rights =
RSBAC_READ_WRITE_REQUEST_VECTOR &
RSBAC_PROCESS_REQUEST_VECTOR;
00713
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
00714 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
00715 rights =
RSBAC_READ_REQUEST_VECTOR &
RSBAC_PROCESS_REQUEST_VECTOR;
00716
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
00717 }
00718
if(!
rsbac_list_lol_add(
role_tcip_handle, &role,
NULL))
00719 {
00720 type =
RSBAC_RC_GENERAL_TYPE;
00721 rights =
RSBAC_READ_WRITE_REQUEST_VECTOR &
RSBAC_IPC_REQUEST_VECTOR;
00722
rsbac_list_lol_subadd(
role_tcip_handle, &role, &type, &rights);
00723 }
00724
if(!
rsbac_list_lol_add(
role_tcnd_handle, &role,
NULL))
00725 {
00726 type =
RSBAC_RC_GENERAL_TYPE;
00727 rights =
RSBAC_READ_WRITE_REQUEST_VECTOR &
RSBAC_NETDEV_REQUEST_VECTOR;
00728
rsbac_list_lol_subadd(
role_tcnd_handle, &role, &type, &rights);
00729 }
00730
if(!
rsbac_list_lol_add(
role_tcno_handle, &role,
NULL))
00731 {
00732 type =
RSBAC_RC_GENERAL_TYPE;
00733 rights =
RSBAC_READ_WRITE_REQUEST_VECTOR &
RSBAC_NETOBJ_REQUEST_VECTOR;
00734
rsbac_list_lol_subadd(
role_tcno_handle, &role, &type, &rights);
00735 }
00736
if(!
rsbac_list_lol_add(
role_tcsc_handle, &role,
NULL))
00737 {
00738
#ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00739
type =
ST_ioports;
00740 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_MODIFY_PERMISSIONS_DATA);
00741
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00742
#endif
00743
type =
ST_rlimit;
00744 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_GET_STATUS_DATA)
00745 |
RSBAC_RC_RIGHTS_VECTOR(
R_MODIFY_SYSTEM_DATA);
00746
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00747 type =
ST_other;
00748 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_MAP_EXEC);
00749
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00750 type =
ST_network;
00751 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_GET_STATUS_DATA);
00752
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00753 }
00754 }
00755 role =
RSBAC_RC_ROLE_ADMIN_ROLE;
00756
if(!
rsbac_list_add(
role_handle, &role, &ra_entry))
00757 {
00758
if(!
rsbac_list_lol_add(
role_tcfd_handle, &role,
NULL))
00759 {
00760 type =
RSBAC_RC_GENERAL_TYPE;
00761 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR
00762 |
RSBAC_EXECUTE_REQUEST_VECTOR
00763 |
RSBAC_SECURITY_REQUEST_VECTOR)
00764 &
RSBAC_FD_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00765
rsbac_list_lol_subadd(
role_tcfd_handle, &role, &type, &rights);
00766 type =
RSBAC_RC_SEC_TYPE;
00767
rsbac_list_lol_subadd(
role_tcfd_handle, &role, &type, &rights);
00768 type =
RSBAC_RC_SYS_TYPE;
00769 rights = (
RSBAC_READ_REQUEST_VECTOR &
RSBAC_FD_REQUEST_VECTOR)
00770 |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00771
rsbac_list_lol_subadd(
role_tcfd_handle, &role, &type, &rights);
00772 }
00773
if(!
rsbac_list_lol_add(
role_tcdv_handle, &role,
NULL))
00774 {
00775 type =
RSBAC_RC_GENERAL_TYPE;
00776 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00777 &
RSBAC_DEV_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00778
rsbac_list_lol_subadd(
role_tcdv_handle, &role, &type, &rights);
00779 type =
RSBAC_RC_SEC_TYPE;
00780 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00781 &
RSBAC_DEV_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00782
rsbac_list_lol_subadd(
role_tcdv_handle, &role, &type, &rights);
00783 }
00784
if(!
rsbac_list_lol_add(
role_tcus_handle, &role,
NULL))
00785 {
00786 type =
RSBAC_RC_GENERAL_TYPE;
00787 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00788 &
RSBAC_USER_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00789
rsbac_list_lol_subadd(
role_tcus_handle, &role, &type, &rights);
00790 type =
RSBAC_RC_SYS_TYPE;
00791 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00792 &
RSBAC_USER_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00793
rsbac_list_lol_subadd(
role_tcus_handle, &role, &type, &rights);
00794 type =
RSBAC_RC_SEC_TYPE;
00795 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00796 &
RSBAC_USER_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00797
rsbac_list_lol_subadd(
role_tcus_handle, &role, &type, &rights);
00798 }
00799
if(!
rsbac_list_lol_add(
role_tcpr_handle, &role,
NULL))
00800 {
00801 type =
RSBAC_RC_GENERAL_TYPE;
00802 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00803 &
RSBAC_PROCESS_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00804
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
00805 type =
RSBAC_RC_SEC_TYPE;
00806 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00807 &
RSBAC_PROCESS_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00808
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
00809 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
00810 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00811 &
RSBAC_PROCESS_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00812
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
00813 }
00814
if(!
rsbac_list_lol_add(
role_tcip_handle, &role,
NULL))
00815 {
00816 type =
RSBAC_RC_GENERAL_TYPE;
00817 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00818 &
RSBAC_IPC_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00819
rsbac_list_lol_subadd(
role_tcip_handle, &role, &type, &rights);
00820 type =
RSBAC_RC_SEC_TYPE;
00821 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00822 &
RSBAC_IPC_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00823
rsbac_list_lol_subadd(
role_tcip_handle, &role, &type, &rights);
00824 }
00825
if(!
rsbac_list_lol_add(
role_tcnd_handle, &role,
NULL))
00826 {
00827 type =
RSBAC_RC_GENERAL_TYPE;
00828 rights = ((
RSBAC_REQUEST_VECTOR(
R_GET_STATUS_DATA) |
RSBAC_SECURITY_REQUEST_VECTOR)
00829 &
RSBAC_NETDEV_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00830
rsbac_list_lol_subadd(
role_tcnd_handle, &role, &type, &rights);
00831 type =
RSBAC_RC_SEC_TYPE;
00832
rsbac_list_lol_subadd(
role_tcnd_handle, &role, &type, &rights);
00833 type =
RSBAC_RC_SYS_TYPE;
00834
rsbac_list_lol_subadd(
role_tcnd_handle, &role, &type, &rights);
00835 }
00836
if(!
rsbac_list_lol_add(
role_tcnt_handle, &role,
NULL))
00837 {
00838 type =
RSBAC_RC_GENERAL_TYPE;
00839 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00840 &
RSBAC_NETTEMP_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00841
rsbac_list_lol_subadd(
role_tcnt_handle, &role, &type, &rights);
00842 type =
RSBAC_RC_SEC_TYPE;
00843 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00844 &
RSBAC_NETTEMP_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00845
rsbac_list_lol_subadd(
role_tcnt_handle, &role, &type, &rights);
00846 }
00847
if(!
rsbac_list_lol_add(
role_tcno_handle, &role,
NULL))
00848 {
00849 type =
RSBAC_RC_GENERAL_TYPE;
00850 rights = ((
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SECURITY_REQUEST_VECTOR)
00851 &
RSBAC_NETOBJ_REQUEST_VECTOR) |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00852
rsbac_list_lol_subadd(
role_tcno_handle, &role, &type, &rights);
00853 }
00854
if(!
rsbac_list_lol_add(
role_tcsc_handle, &role,
NULL))
00855 {
00856
#ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00857
type =
ST_ioports;
00858 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_MODIFY_PERMISSIONS_DATA)
00859 |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00860
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00861
#endif
00862
type =
ST_rlimit;
00863 rights =
RSBAC_SCD_REQUEST_VECTOR |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00864
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00865 type =
ST_rsbac;
00866 rights =
RSBAC_SCD_REQUEST_VECTOR |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00867
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00868 type =
ST_rsbaclog;
00869 rights =
RSBAC_SCD_REQUEST_VECTOR |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00870
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00871 type =
ST_other;
00872 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_MAP_EXEC)
00873 |
RSBAC_RC_RIGHTS_VECTOR(
R_MODIFY_PERMISSIONS_DATA)
00874 |
RSBAC_RC_RIGHTS_VECTOR(
R_SWITCH_LOG)
00875 |
RSBAC_RC_RIGHTS_VECTOR(
R_SWITCH_MODULE)
00876 |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00877
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00878 type =
ST_network;
00879 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_GET_STATUS_DATA)
00880 |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00881
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00882 type =
ST_firewall;
00883 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_GET_STATUS_DATA)
00884 |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00885
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00886 type =
RST_auth_administration;
00887 rights =
RSBAC_SCD_REQUEST_VECTOR |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00888
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00889 type =
ST_sysfs;
00890 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_GET_STATUS_DATA)
00891 |
RSBAC_RC_SPECIAL_RIGHTS_VECTOR;
00892
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00893 }
00894 }
00895 role =
RSBAC_RC_SYSTEM_ADMIN_ROLE;
00896
if(!
rsbac_list_add(
role_handle, &role, &sa_entry))
00897 {
00898
if(!
rsbac_list_lol_add(
role_tcfd_handle, &role,
NULL))
00899 {
00900 type =
RSBAC_RC_GENERAL_TYPE;
00901 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR
00902 |
RSBAC_EXECUTE_REQUEST_VECTOR
00903 |
RSBAC_SYSTEM_REQUEST_VECTOR)
00904 &
RSBAC_FD_REQUEST_VECTOR;
00905
rsbac_list_lol_subadd(
role_tcfd_handle, &role, &type, &rights);
00906 type =
RSBAC_RC_SYS_TYPE;
00907
rsbac_list_lol_subadd(
role_tcfd_handle, &role, &type, &rights);
00908 }
00909
if(!
rsbac_list_lol_add(
role_tcdv_handle, &role,
NULL))
00910 {
00911 type =
RSBAC_RC_GENERAL_TYPE;
00912 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_DEV_REQUEST_VECTOR;
00913
rsbac_list_lol_subadd(
role_tcdv_handle, &role, &type, &rights);
00914 type =
RSBAC_RC_SYS_TYPE;
00915 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_DEV_REQUEST_VECTOR;
00916
rsbac_list_lol_subadd(
role_tcdv_handle, &role, &type, &rights);
00917 }
00918
if(!
rsbac_list_lol_add(
role_tcus_handle, &role,
NULL))
00919 {
00920 type =
RSBAC_RC_GENERAL_TYPE;
00921 rights = (
RSBAC_READ_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_USER_REQUEST_VECTOR;
00922
rsbac_list_lol_subadd(
role_tcus_handle, &role, &type, &rights);
00923 type =
RSBAC_RC_SYS_TYPE;
00924 rights = (
RSBAC_READ_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_USER_REQUEST_VECTOR;
00925
rsbac_list_lol_subadd(
role_tcus_handle, &role, &type, &rights);
00926 }
00927
if(!
rsbac_list_lol_add(
role_tcpr_handle, &role,
NULL))
00928 {
00929 type =
RSBAC_RC_GENERAL_TYPE;
00930 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_PROCESS_REQUEST_VECTOR;
00931
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
00932 type =
RSBAC_RC_SYS_TYPE;
00933 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_PROCESS_REQUEST_VECTOR;
00934
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
00935 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
00936 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_PROCESS_REQUEST_VECTOR;
00937
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
00938 }
00939
if(!
rsbac_list_lol_add(
role_tcip_handle, &role,
NULL))
00940 {
00941 type =
RSBAC_RC_GENERAL_TYPE;
00942 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_IPC_REQUEST_VECTOR;
00943
rsbac_list_lol_subadd(
role_tcip_handle, &role, &type, &rights);
00944 type =
RSBAC_RC_SYS_TYPE;
00945 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_IPC_REQUEST_VECTOR;
00946
rsbac_list_lol_subadd(
role_tcip_handle, &role, &type, &rights);
00947 }
00948
if(!
rsbac_list_lol_add(
role_tcnd_handle, &role,
NULL))
00949 {
00950 type =
RSBAC_RC_GENERAL_TYPE;
00951 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_NETDEV_REQUEST_VECTOR;
00952
rsbac_list_lol_subadd(
role_tcnd_handle, &role, &type, &rights);
00953 }
00954
if(!
rsbac_list_lol_add(
role_tcnt_handle, &role,
NULL))
00955 {
00956 type =
RSBAC_RC_GENERAL_TYPE;
00957 rights = (
RSBAC_READ_REQUEST_VECTOR) &
RSBAC_NETTEMP_REQUEST_VECTOR;
00958
rsbac_list_lol_subadd(
role_tcnt_handle, &role, &type, &rights);
00959 }
00960
if(!
rsbac_list_lol_add(
role_tcno_handle, &role,
NULL))
00961 {
00962 type =
RSBAC_RC_GENERAL_TYPE;
00963 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_NETOBJ_REQUEST_VECTOR;
00964
rsbac_list_lol_subadd(
role_tcno_handle, &role, &type, &rights);
00965 }
00966
if(!
rsbac_list_lol_add(
role_tcsc_handle, &role,
NULL))
00967 {
00968 rights =
RSBAC_SCD_REQUEST_VECTOR
00969 & (
RSBAC_SYSTEM_REQUEST_VECTOR |
RSBAC_READ_WRITE_REQUEST_VECTOR );
00970
for(type =
ST_time_strucs; type <=
ST_rsbac; type++)
00971 {
00972
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00973 }
00974
for(type =
ST_network; type <
ST_none; type++)
00975 {
00976
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00977 }
00978 type =
ST_other;
00979 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_ADD_TO_KERNEL)
00980 |
RSBAC_RC_RIGHTS_VECTOR(
R_MAP_EXEC)
00981 |
RSBAC_RC_RIGHTS_VECTOR(
R_MODIFY_SYSTEM_DATA)
00982 |
RSBAC_RC_RIGHTS_VECTOR(
R_MOUNT)
00983 |
RSBAC_RC_RIGHTS_VECTOR(
R_REMOVE_FROM_KERNEL)
00984 |
RSBAC_RC_RIGHTS_VECTOR(
R_UMOUNT)
00985 |
RSBAC_RC_RIGHTS_VECTOR(
R_SHUTDOWN);
00986
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
00987 }
00988 }
00989 role =
RSBAC_RC_AUDITOR_ROLE;
00990
if(!
rsbac_list_add(
role_handle, &role, &au_entry))
00991 {
00992
if(!
rsbac_list_lol_add(
role_tcfd_handle, &role,
NULL))
00993 {
00994 type =
RSBAC_RC_GENERAL_TYPE;
00995 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_EXECUTE_REQUEST_VECTOR)
00996 &
RSBAC_FD_REQUEST_VECTOR;
00997
rsbac_list_lol_subadd(
role_tcfd_handle, &role, &type, &rights);
00998 }
00999
if(!
rsbac_list_lol_add(
role_tcdv_handle, &role,
NULL))
01000 {
01001 type =
RSBAC_RC_GENERAL_TYPE;
01002 rights =
RSBAC_READ_WRITE_REQUEST_VECTOR &
RSBAC_DEV_REQUEST_VECTOR;
01003
rsbac_list_lol_subadd(
role_tcdv_handle, &role, &type, &rights);
01004 }
01005
if(!
rsbac_list_lol_add(
role_tcus_handle, &role,
NULL))
01006 {
01007 type =
RSBAC_RC_GENERAL_TYPE;
01008 rights =
RSBAC_READ_REQUEST_VECTOR &
RSBAC_USER_REQUEST_VECTOR;
01009
rsbac_list_lol_subadd(
role_tcus_handle, &role, &type, &rights);
01010 }
01011
if(!
rsbac_list_lol_add(
role_tcpr_handle, &role,
NULL))
01012 {
01013 type =
RSBAC_RC_GENERAL_TYPE;
01014 rights =
RSBAC_READ_WRITE_REQUEST_VECTOR &
RSBAC_PROCESS_REQUEST_VECTOR;
01015
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
01016 }
01017
if(!
rsbac_list_lol_add(
role_tcip_handle, &role,
NULL))
01018 {
01019 type =
RSBAC_RC_GENERAL_TYPE;
01020 rights =
RSBAC_READ_WRITE_REQUEST_VECTOR &
RSBAC_IPC_REQUEST_VECTOR;
01021
rsbac_list_lol_subadd(
role_tcip_handle, &role, &type, &rights);
01022 }
01023
if(!
rsbac_list_lol_add(
role_tcnd_handle, &role,
NULL))
01024 {
01025 type =
RSBAC_RC_GENERAL_TYPE;
01026 rights =
RSBAC_READ_WRITE_REQUEST_VECTOR &
RSBAC_NETDEV_REQUEST_VECTOR;
01027
rsbac_list_lol_subadd(
role_tcnd_handle, &role, &type, &rights);
01028 }
01029
if(!
rsbac_list_lol_add(
role_tcno_handle, &role,
NULL))
01030 {
01031 type =
RSBAC_RC_GENERAL_TYPE;
01032 rights =
RSBAC_READ_WRITE_REQUEST_VECTOR &
RSBAC_NETOBJ_REQUEST_VECTOR;
01033
rsbac_list_lol_subadd(
role_tcno_handle, &role, &type, &rights);
01034 }
01035
if(!
rsbac_list_lol_add(
role_tcsc_handle, &role,
NULL))
01036 {
01037
#ifdef CONFIG_RSBAC_USER_MOD_IOPERM
01038
type =
ST_ioports;
01039 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_MODIFY_PERMISSIONS_DATA);
01040
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
01041
#endif
01042
type =
ST_rlimit;
01043 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_GET_STATUS_DATA)
01044 |
RSBAC_RC_RIGHTS_VECTOR(
R_MODIFY_SYSTEM_DATA);
01045
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
01046 type =
ST_rsbaclog;
01047 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_GET_STATUS_DATA)
01048 |
RSBAC_RC_RIGHTS_VECTOR(
R_MODIFY_SYSTEM_DATA);
01049
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
01050 type =
ST_other;
01051 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_MAP_EXEC);
01052
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
01053 type =
ST_network;
01054 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_GET_STATUS_DATA);
01055
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
01056 }
01057 }
01058 role =
RSBAC_RC_BOOT_ROLE;
01059
if(!
rsbac_list_add(
role_handle, &role, &bo_entry))
01060 {
01061
if(!
rsbac_list_lol_add(
role_tcfd_handle, &role,
NULL))
01062 {
01063 type =
RSBAC_RC_GENERAL_TYPE;
01064 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR
01065 |
RSBAC_EXECUTE_REQUEST_VECTOR
01066 |
RSBAC_SYSTEM_REQUEST_VECTOR)
01067 &
RSBAC_FD_REQUEST_VECTOR;
01068
rsbac_list_lol_subadd(
role_tcfd_handle, &role, &type, &rights);
01069 type =
RSBAC_RC_SYS_TYPE;
01070
rsbac_list_lol_subadd(
role_tcfd_handle, &role, &type, &rights);
01071 }
01072
if(!
rsbac_list_lol_add(
role_tcdv_handle, &role,
NULL))
01073 {
01074 type =
RSBAC_RC_GENERAL_TYPE;
01075 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_DEV_REQUEST_VECTOR;
01076
rsbac_list_lol_subadd(
role_tcdv_handle, &role, &type, &rights);
01077 type =
RSBAC_RC_SYS_TYPE;
01078 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_DEV_REQUEST_VECTOR;
01079
rsbac_list_lol_subadd(
role_tcdv_handle, &role, &type, &rights);
01080 }
01081
if(!
rsbac_list_lol_add(
role_tcus_handle, &role,
NULL))
01082 {
01083 type =
RSBAC_RC_GENERAL_TYPE;
01084 rights = (
RSBAC_READ_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_USER_REQUEST_VECTOR;
01085
rsbac_list_lol_subadd(
role_tcus_handle, &role, &type, &rights);
01086 type =
RSBAC_RC_SYS_TYPE;
01087 rights = (
RSBAC_READ_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_USER_REQUEST_VECTOR;
01088
rsbac_list_lol_subadd(
role_tcus_handle, &role, &type, &rights);
01089 }
01090
if(!
rsbac_list_lol_add(
role_tcpr_handle, &role,
NULL))
01091 {
01092 type =
RSBAC_RC_GENERAL_TYPE;
01093 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_PROCESS_REQUEST_VECTOR;
01094
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
01095 type =
RSBAC_RC_SYS_TYPE;
01096 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_PROCESS_REQUEST_VECTOR;
01097
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
01098 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
01099 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_PROCESS_REQUEST_VECTOR;
01100
rsbac_list_lol_subadd(
role_tcpr_handle, &role, &type, &rights);
01101 }
01102
if(!
rsbac_list_lol_add(
role_tcip_handle, &role,
NULL))
01103 {
01104 type =
RSBAC_RC_GENERAL_TYPE;
01105 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_IPC_REQUEST_VECTOR;
01106
rsbac_list_lol_subadd(
role_tcip_handle, &role, &type, &rights);
01107 type =
RSBAC_RC_SYS_TYPE;
01108 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_IPC_REQUEST_VECTOR;
01109
rsbac_list_lol_subadd(
role_tcip_handle, &role, &type, &rights);
01110 }
01111
if(!
rsbac_list_lol_add(
role_tcnd_handle, &role,
NULL))
01112 {
01113 type =
RSBAC_RC_GENERAL_TYPE;
01114 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_NETDEV_REQUEST_VECTOR;
01115
rsbac_list_lol_subadd(
role_tcnd_handle, &role, &type, &rights);
01116 }
01117
if(!
rsbac_list_lol_add(
role_tcnt_handle, &role,
NULL))
01118 {
01119 type =
RSBAC_RC_GENERAL_TYPE;
01120 rights = (
RSBAC_READ_REQUEST_VECTOR) &
RSBAC_NETTEMP_REQUEST_VECTOR;
01121
rsbac_list_lol_subadd(
role_tcnt_handle, &role, &type, &rights);
01122 }
01123
if(!
rsbac_list_lol_add(
role_tcno_handle, &role,
NULL))
01124 {
01125 type =
RSBAC_RC_GENERAL_TYPE;
01126 rights = (
RSBAC_READ_WRITE_REQUEST_VECTOR |
RSBAC_SYSTEM_REQUEST_VECTOR) &
RSBAC_NETOBJ_REQUEST_VECTOR;
01127
rsbac_list_lol_subadd(
role_tcno_handle, &role, &type, &rights);
01128 }
01129
if(!
rsbac_list_lol_add(
role_tcsc_handle, &role,
NULL))
01130 {
01131 rights =
RSBAC_SCD_REQUEST_VECTOR
01132 & (
RSBAC_SYSTEM_REQUEST_VECTOR |
RSBAC_READ_WRITE_REQUEST_VECTOR );
01133
for(type =
ST_time_strucs; type <=
ST_rsbac; type++)
01134 {
01135
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
01136 }
01137
for(type =
ST_network; type <
ST_none; type++)
01138 {
01139
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
01140 }
01141 type =
ST_other;
01142 rights =
RSBAC_RC_RIGHTS_VECTOR(
R_ADD_TO_KERNEL)
01143 |
RSBAC_RC_RIGHTS_VECTOR(
R_MAP_EXEC)
01144 |
RSBAC_RC_RIGHTS_VECTOR(
R_MODIFY_SYSTEM_DATA)
01145 |
RSBAC_RC_RIGHTS_VECTOR(
R_MOUNT)
01146 |
RSBAC_RC_RIGHTS_VECTOR(
R_REMOVE_FROM_KERNEL)
01147 |
RSBAC_RC_RIGHTS_VECTOR(
R_UMOUNT)
01148 |
RSBAC_RC_RIGHTS_VECTOR(
R_SHUTDOWN);
01149
rsbac_list_lol_subadd(
role_tcsc_handle, &role, &type, &rights);
01150 }
01151 }
01152 }
01153
01154 list_info.
version = RSBAC_RC_TYPE_FD_LIST_VERSION;
01155 list_info.
key = RSBAC_RC_LIST_KEY;
01156 list_info.
desc_size =
sizeof(
rsbac_rc_type_id_t);
01157 list_info.
data_size =
sizeof(
struct rsbac_rc_type_fd_entry_t);
01158 list_info.
max_age = 0;
01159 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
01160 &
type_fd_handle,
01161 &list_info,
01162 #
if defined(CONFIG_RSBAC_RC_BACKUP)
01163
RSBAC_LIST_BACKUP |
01164 #endif
01165
RSBAC_LIST_PERSIST,
01166
rsbac_list_compare_u32,
01167
NULL,
01168
NULL,
01169 RSBAC_RC_TYPE_FD_FILENAME,
01170 RSBAC_AUTO_DEV);
01171
if(err)
01172 {
01173
registration_error(err,
"type FD");
01174 }
01175
if(!
rsbac_no_defaults && !
rsbac_list_count(
type_fd_handle))
01176 {
01177
rsbac_rc_type_id_t type;
01178
struct rsbac_rc_type_fd_entry_t entry;
01179
01180 type =
RSBAC_RC_GENERAL_TYPE;
01181 strcpy(entry.
name,
"General FD");
01182 entry.
need_secdel = 0;
01183
rsbac_list_add(
type_fd_handle, &type, &entry);
01184 type =
RSBAC_RC_SEC_TYPE;
01185 strcpy(entry.
name,
"Security FD");
01186 entry.
need_secdel = 0;
01187
rsbac_list_add(
type_fd_handle, &type, &entry);
01188 type =
RSBAC_RC_SYS_TYPE;
01189 strcpy(entry.
name,
"System FD");
01190 entry.
need_secdel = 0;
01191
rsbac_list_add(
type_fd_handle, &type, &entry);
01192 }
01193 list_info.
version = RSBAC_RC_TYPE_DEV_LIST_VERSION;
01194 list_info.
key = RSBAC_RC_LIST_KEY;
01195 list_info.
desc_size =
sizeof(
rsbac_rc_type_id_t);
01196 list_info.
data_size =
RSBAC_RC_NAME_LEN;
01197 list_info.
max_age = 0;
01198 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
01199 &
type_dev_handle,
01200 &list_info,
01201 #
if defined(CONFIG_RSBAC_RC_BACKUP)
01202
RSBAC_LIST_BACKUP |
01203 #endif
01204
RSBAC_LIST_PERSIST,
01205
rsbac_list_compare_u32,
01206
NULL,
01207
NULL,
01208 RSBAC_RC_TYPE_DEV_FILENAME,
01209 RSBAC_AUTO_DEV);
01210
if(err)
01211 {
01212
registration_error(err,
"type DEV");
01213 }
01214
if(!
rsbac_no_defaults && !
rsbac_list_count(
type_dev_handle))
01215 {
01216
rsbac_rc_type_id_t type;
01217
char name[
RSBAC_RC_NAME_LEN];
01218
01219 type =
RSBAC_RC_GENERAL_TYPE;
01220 strcpy(name,
"General Device");
01221
rsbac_list_add(
type_dev_handle, &type, name);
01222 type =
RSBAC_RC_SEC_TYPE;
01223 strcpy(name,
"Security Device");
01224
rsbac_list_add(
type_dev_handle, &type, name);
01225 type =
RSBAC_RC_SYS_TYPE;
01226 strcpy(name,
"System Device");
01227
rsbac_list_add(
type_dev_handle, &type, &name);
01228 }
01229 list_info.
version = RSBAC_RC_TYPE_IPC_LIST_VERSION;
01230 list_info.
key = RSBAC_RC_LIST_KEY;
01231 list_info.
desc_size =
sizeof(
rsbac_rc_type_id_t);
01232 list_info.
data_size =
RSBAC_RC_NAME_LEN;
01233 list_info.
max_age = 0;
01234 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
01235 &
type_ipc_handle,
01236 &list_info,
01237 #
if defined(CONFIG_RSBAC_RC_BACKUP)
01238
RSBAC_LIST_BACKUP |
01239 #endif
01240
RSBAC_LIST_PERSIST,
01241
rsbac_list_compare_u32,
01242
NULL,
01243
NULL,
01244 RSBAC_RC_TYPE_IPC_FILENAME,
01245 RSBAC_AUTO_DEV);
01246
if(err)
01247 {
01248
registration_error(err,
"type IPC");
01249 }
01250
if(!
rsbac_no_defaults && !
rsbac_list_count(
type_ipc_handle))
01251 {
01252
rsbac_rc_type_id_t type;
01253
char name[
RSBAC_RC_NAME_LEN];
01254
01255 type =
RSBAC_RC_GENERAL_TYPE;
01256 strcpy(name,
"General IPC");
01257
rsbac_list_add(
type_ipc_handle, &type, name);
01258 type =
RSBAC_RC_SEC_TYPE;
01259 strcpy(name,
"Security IPC");
01260
rsbac_list_add(
type_ipc_handle, &type, name);
01261 type =
RSBAC_RC_SYS_TYPE;
01262 strcpy(name,
"System IPC");
01263
rsbac_list_add(
type_ipc_handle, &type, &name);
01264 }
01265 list_info.
version = RSBAC_RC_TYPE_USER_LIST_VERSION;
01266 list_info.
key = RSBAC_RC_LIST_KEY;
01267 list_info.
desc_size =
sizeof(
rsbac_rc_type_id_t);
01268 list_info.
data_size =
RSBAC_RC_NAME_LEN;
01269 list_info.
max_age = 0;
01270 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
01271 &
type_user_handle,
01272 &list_info,
01273 #
if defined(CONFIG_RSBAC_RC_BACKUP)
01274
RSBAC_LIST_BACKUP |
01275 #endif
01276
RSBAC_LIST_PERSIST,
01277
rsbac_list_compare_u32,
01278
NULL,
01279
NULL,
01280 RSBAC_RC_TYPE_USER_FILENAME,
01281 RSBAC_AUTO_DEV);
01282
if(err)
01283 {
01284
registration_error(err,
"type USER");
01285 }
01286
if(!
rsbac_no_defaults && !
rsbac_list_count(
type_user_handle))
01287 {
01288
rsbac_rc_type_id_t type;
01289
char name[
RSBAC_RC_NAME_LEN];
01290
01291 type =
RSBAC_RC_GENERAL_TYPE;
01292 strcpy(name,
"General User");
01293
rsbac_list_add(
type_user_handle, &type, name);
01294 type =
RSBAC_RC_SEC_TYPE;
01295 strcpy(name,
"Security User");
01296
rsbac_list_add(
type_user_handle, &type, name);
01297 type =
RSBAC_RC_SYS_TYPE;
01298 strcpy(name,
"System User");
01299
rsbac_list_add(
type_user_handle, &type, &name);
01300 }
01301 list_info.
version = RSBAC_RC_TYPE_PROCESS_LIST_VERSION;
01302 list_info.
key = RSBAC_RC_LIST_KEY;
01303 list_info.
desc_size =
sizeof(
rsbac_rc_type_id_t);
01304 list_info.
data_size =
RSBAC_RC_NAME_LEN;
01305 list_info.
max_age = 0;
01306 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
01307 &
type_process_handle,
01308 &list_info,
01309 #
if defined(CONFIG_RSBAC_RC_BACKUP)
01310
RSBAC_LIST_BACKUP |
01311 #endif
01312
RSBAC_LIST_PERSIST,
01313
rsbac_list_compare_u32,
01314
NULL,
01315
NULL,
01316 RSBAC_RC_TYPE_PROCESS_FILENAME,
01317 RSBAC_AUTO_DEV);
01318
if(err)
01319 {
01320
registration_error(err,
"type PROCESS");
01321 }
01322
if(!
rsbac_no_defaults && !
rsbac_list_count(
type_process_handle))
01323 {
01324
rsbac_rc_type_id_t type;
01325
char name[
RSBAC_RC_NAME_LEN];
01326
01327 type =
RSBAC_RC_GENERAL_TYPE;
01328 strcpy(name,
"General Process");
01329
rsbac_list_add(
type_process_handle, &type, name);
01330 type =
RSBAC_RC_SEC_TYPE;
01331 strcpy(name,
"Security Proc");
01332
rsbac_list_add(
type_process_handle, &type, name);
01333 type =
RSBAC_RC_SYS_TYPE;
01334 strcpy(name,
"System Process");
01335
rsbac_list_add(
type_process_handle, &type, &name);
01336 }
01337
if(!
rsbac_no_defaults)
01338 {
01339
rsbac_rc_type_id_t type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE;
01340
01341
if(!
rsbac_list_exist(
type_process_handle, &type))
01342 {
01343
char name[
RSBAC_RC_NAME_LEN];
01344
rsbac_rc_role_id_t * role_array;
01345 u_long count;
01346
rsbac_rc_rights_vector_t rights;
01347
01348 strcpy(name,
"Kernel Process");
01349
rsbac_list_add(
type_process_handle, &type, &name);
01350
01351
01352 rights =
RSBAC_READ_WRITE_REQUEST_VECTOR
01353 &
RSBAC_PROCESS_REQUEST_VECTOR;
01354
01355 count =
rsbac_list_lol_get_all_desc(
role_tcpr_handle, (
void **) &role_array);
01356
if(count > 0)
01357 {
01358 u_int i;
01359
01360
for(i=0; i < count; i++)
01361 {
01362
if(!
rsbac_list_lol_subexist(
role_tcpr_handle, &role_array[i], &type))
01363
rsbac_list_lol_subadd(
role_tcpr_handle, &role_array[i], &type, &rights);
01364 }
01365
rsbac_vfree(role_array);
01366 }
01367 }
01368 }
01369 list_info.
version = RSBAC_RC_TYPE_NETDEV_LIST_VERSION;
01370 list_info.
key = RSBAC_RC_LIST_KEY;
01371 list_info.
desc_size =
sizeof(
rsbac_rc_type_id_t);
01372 list_info.
data_size =
RSBAC_RC_NAME_LEN;
01373 list_info.
max_age = 0;
01374 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
01375 &
type_netdev_handle,
01376 &list_info,
01377 #
if defined(CONFIG_RSBAC_RC_BACKUP)
01378
RSBAC_LIST_BACKUP |
01379 #endif
01380
RSBAC_LIST_PERSIST,
01381
rsbac_list_compare_u32,
01382
NULL,
01383
NULL,
01384 RSBAC_RC_TYPE_NETDEV_FILENAME,
01385 RSBAC_AUTO_DEV);
01386
if(err)
01387 {
01388
registration_error(err,
"type NETDEV");
01389 }
01390
if(!
rsbac_no_defaults && !
rsbac_list_count(
type_netdev_handle))
01391 {
01392
rsbac_rc_type_id_t type;
01393
char name[
RSBAC_RC_NAME_LEN];
01394
01395 type =
RSBAC_RC_GENERAL_TYPE;
01396 strcpy(name,
"General NETDEV");
01397
rsbac_list_add(
type_netdev_handle, &type, name);
01398 type =
RSBAC_RC_SEC_TYPE;
01399 strcpy(name,
"Security NETDEV");
01400
rsbac_list_add(
type_netdev_handle, &type, name);
01401 type =
RSBAC_RC_SYS_TYPE;
01402 strcpy(name,
"System NETDEV");
01403
rsbac_list_add(
type_netdev_handle, &type, &name);
01404 }
01405 list_info.
version = RSBAC_RC_TYPE_NETTEMP_LIST_VERSION;
01406 list_info.
key = RSBAC_RC_LIST_KEY;
01407 list_info.
desc_size =
sizeof(
rsbac_rc_type_id_t);
01408 list_info.
data_size =
RSBAC_RC_NAME_LEN;
01409 list_info.
max_age = 0;
01410 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
01411 &
type_nettemp_handle,
01412 &list_info,
01413 #
if defined(CONFIG_RSBAC_RC_BACKUP)
01414
RSBAC_LIST_BACKUP |
01415 #endif
01416
RSBAC_LIST_PERSIST,
01417
rsbac_list_compare_u32,
01418
NULL,
01419
NULL,
01420 RSBAC_RC_TYPE_NETTEMP_FILENAME,
01421 RSBAC_AUTO_DEV);
01422
if(err)
01423 {
01424
registration_error(err,
"type NETTEMP");
01425 }
01426
if(!
rsbac_no_defaults && !
rsbac_list_count(
type_nettemp_handle))
01427 {
01428
rsbac_rc_type_id_t type;
01429
char name[
RSBAC_RC_NAME_LEN];
01430
01431 type =
RSBAC_RC_GENERAL_TYPE;
01432 strcpy(name,
"General NETTEMP");
01433
rsbac_list_add(
type_nettemp_handle, &type, name);
01434 type =
RSBAC_RC_SEC_TYPE;
01435 strcpy(name,
"Securit NETTEMP");
01436
rsbac_list_add(
type_nettemp_handle, &type, name);
01437 type =
RSBAC_RC_SYS_TYPE;
01438 strcpy(name,
"System NETTEMP");
01439
rsbac_list_add(
type_nettemp_handle, &type, &name);
01440 }
01441 list_info.
version = RSBAC_RC_TYPE_NETOBJ_LIST_VERSION;
01442 list_info.
key = RSBAC_RC_LIST_KEY;
01443 list_info.
desc_size =
sizeof(
rsbac_rc_type_id_t);
01444 list_info.
data_size =
RSBAC_RC_NAME_LEN;
01445 list_info.
max_age = 0;
01446 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
01447 &
type_netobj_handle,
01448 &list_info,
01449 #
if defined(CONFIG_RSBAC_RC_BACKUP)
01450
RSBAC_LIST_BACKUP |
01451 #endif
01452
RSBAC_LIST_PERSIST,
01453
rsbac_list_compare_u32,
01454
NULL,
01455
NULL,
01456 RSBAC_RC_TYPE_NETOBJ_FILENAME,
01457 RSBAC_AUTO_DEV);
01458
if(err)
01459 {
01460
registration_error(err,
"type NETOBJ");
01461 }
01462
if(!
rsbac_no_defaults && !
rsbac_list_count(
type_netobj_handle))
01463 {
01464
rsbac_rc_type_id_t type;
01465
char name[
RSBAC_RC_NAME_LEN];
01466
01467 type =
RSBAC_RC_GENERAL_TYPE;
01468 strcpy(name,
"General NETOBJ");
01469
rsbac_list_add(
type_netobj_handle, &type, name);
01470 type =
RSBAC_RC_SEC_TYPE;
01471 strcpy(name,
"Security NETOBJ");
01472
rsbac_list_add(
type_netobj_handle, &type, name);
01473 type =
RSBAC_RC_SYS_TYPE;
01474 strcpy(name,
"System NETOBJ");
01475
rsbac_list_add(
type_netobj_handle, &type, &name);
01476 }
01477
01478
#ifdef CONFIG_RSBAC_DEBUG
01479
if(rsbac_debug_stack)
01480 {
01481
unsigned long * n = (
unsigned long *) (current+1);
01482
01483
while (!*n)
01484 n++;
01485
#ifdef CONFIG_RSBAC_RMSG
01486
rsbac_printk(KERN_DEBUG
"rsbac_init_rc: free stack before adding proc entry: %lu\n",
01487 (
unsigned long) n - (
unsigned long)(current+1));
01488
#endif
01489
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01490
if (!rsbac_nosyslog)
01491
#endif
01492
printk(KERN_DEBUG
"rsbac_init_rc: free stack before adding proc entry: %lu\n",
01493 (
unsigned long) n - (
unsigned long)(current+1));
01494 }
01495
#endif
01496
#if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
01497
tmp_entry_p = create_proc_entry(
"stats_rc",
01498 S_IFREG | S_IRUGO,
01499
proc_rsbac_root_p);
01500
if(tmp_entry_p)
01501 {
01502 tmp_entry_p->get_info = stats_rc_proc_info;
01503 }
01504
01505
#endif
01506
01507
#ifdef CONFIG_RSBAC_DEBUG
01508
if(rsbac_debug_stack)
01509 {
01510
unsigned long * n = (
unsigned long *) (current+1);
01511
01512
while (!*n)
01513 n++;
01514
#ifdef CONFIG_RSBAC_RMSG
01515
rsbac_printk(KERN_DEBUG
"rsbac_init_rc: final free stack: %lu\n",
01516 (
unsigned long) n - (
unsigned long)(current+1));
01517
#endif
01518
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01519
if (!rsbac_nosyslog)
01520
#endif
01521
printk(KERN_DEBUG
"rsbac_init_rc: final free stack: %lu\n",
01522 (
unsigned long) n - (
unsigned long)(current+1));
01523 }
01524
if (rsbac_debug_ds_rc)
01525 {
01526
#ifdef CONFIG_RSBAC_RMSG
01527
rsbac_printk(KERN_DEBUG
"rsbac_init_rc(): Ready.\n");
01528
#endif
01529
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01530
if (!rsbac_nosyslog)
01531
#endif
01532
printk(KERN_DEBUG
"rsbac_init_rc(): Ready.\n");
01533 }
01534
#endif
01535
return(err);
01536 };
01537
01538
01539
01540
01541 int rsbac_stats_rc(
void)
01542 {
01543
if (!
rsbac_is_initialized)
01544 {
01545 printk(KERN_WARNING
"rsbac_stats_rc(): RSBAC not initialized\n");
01546
return(-
RSBAC_ENOTINITIALIZED);
01547 }
01548
01549
#ifdef CONFIG_RSBAC_RMSG
01550
rsbac_printk(KERN_INFO
"Role entry size is %u, %lu entries used\n",
01551
sizeof(
struct rsbac_rc_role_entry_t),
01552
rsbac_list_count(
role_handle));
01553
01554 rsbac_printk(KERN_INFO
"Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
01555
rsbac_list_count(
type_fd_handle),
01556
rsbac_list_count(
type_dev_handle),
01557
rsbac_list_count(
type_ipc_handle),
01558
rsbac_list_count(
type_user_handle),
01559
rsbac_list_count(
type_process_handle),
01560
rsbac_list_count(
type_netdev_handle),
01561
rsbac_list_count(
type_nettemp_handle),
01562
rsbac_list_count(
type_netobj_handle));
01563
#endif
01564
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01565
if (!rsbac_nosyslog)
01566
#endif
01567
{
01568 printk(KERN_INFO
"Role entry size is %u, %lu entries used\n",
01569
sizeof(
struct rsbac_rc_role_entry_t),
01570
rsbac_list_count(
role_handle));
01571
01572 printk(KERN_INFO
"Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
01573
rsbac_list_count(
type_fd_handle),
01574
rsbac_list_count(
type_dev_handle),
01575
rsbac_list_count(
type_ipc_handle),
01576
rsbac_list_count(
type_user_handle),
01577
rsbac_list_count(
type_process_handle),
01578
rsbac_list_count(
type_netdev_handle),
01579
rsbac_list_count(
type_nettemp_handle),
01580
rsbac_list_count(
type_netobj_handle));
01581 }
01582
return(0);
01583 };
01584
01585
01586
01587
01588
01589
01590
#ifdef CONFIG_RSBAC_INIT_DELAY
01591
int rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p)
01592 #
else
01593 int __init
rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p)
01594 #endif
01595 {
01596
01597
if(
rsbac_list_get_desc(
role_handle,
01598 role_p,
01599 role_p,
01600
rsbac_rc_role_compare_data)
01601 )
01602 {
01603
return -
RSBAC_ENOTFOUND;
01604 }
01605
return 0;
01606 }
01607
01608
01609
01610
01611 int rsbac_rc_copy_role (rsbac_rc_role_id_t from_role,
01612 rsbac_rc_role_id_t to_role)
01613 {
01614
struct rsbac_rc_role_entry_t entry;
01615
rsbac_rc_role_id_t * role_array;
01616
char * item_array;
01617
long count;
01618 u_long i;
01619
int err;
01620
01621
if (!
rsbac_is_initialized())
01622 {
01623 printk(KERN_WARNING
"rsbac_rc_copy_role(): RSBAC not initialized\n");
01624
return(-
RSBAC_ENOTINITIALIZED);
01625 }
01626
if( (from_role >
RC_role_max_value)
01627 || (to_role >
RC_role_max_value)
01628 || (to_role == from_role)
01629 )
01630
return(-
RSBAC_EINVALIDTARGET);
01631
01632
01633 err =
rsbac_list_get_data(
role_handle, &from_role, &entry);
01634
if(err)
01635
return err;
01636 err =
rsbac_list_add(
role_handle, &to_role, &entry);
01637
if(err)
01638
return err;
01639
01640
rsbac_list_lol_remove(
role_rc_handle, &to_role);
01641 count =
rsbac_list_lol_get_all_subdesc(
role_rc_handle, &from_role, (
void **) &role_array);
01642
if(count > 0)
01643 {
01644
for(i=0; i<count ; i++)
01645
rsbac_list_lol_subadd(
role_rc_handle, &to_role, &role_array[i],
NULL);
01646
rsbac_vfree(role_array);
01647 }
01648
rsbac_list_lol_remove(
role_adr_handle, &to_role);
01649 count =
rsbac_list_lol_get_all_subdesc(
role_adr_handle, &from_role, (
void **) &role_array);
01650
if(count > 0)
01651 {
01652
for(i=0; i<count ; i++)
01653
rsbac_list_lol_subadd(
role_adr_handle, &to_role, &role_array[i],
NULL);
01654
rsbac_vfree(role_array);
01655 }
01656
rsbac_list_lol_remove(
role_asr_handle, &to_role);
01657 count =
rsbac_list_lol_get_all_subdesc(
role_asr_handle, &from_role, (
void **) &role_array);
01658
if(count > 0)
01659 {
01660
for(i=0; i<count ; i++)
01661
rsbac_list_lol_subadd(
role_asr_handle, &to_role, &role_array[i],
NULL);
01662
rsbac_vfree(role_array);
01663 }
01664
rsbac_list_lol_remove(
role_tcfd_handle, &to_role);
01665 count =
rsbac_list_lol_get_all_subitems(
role_tcfd_handle, &from_role, (
void **) &item_array);
01666
if(count > 0)
01667 {
01668
char * tmp = item_array;
01669
int size =
rsbac_list_lol_get_subitem_size(
role_tcfd_handle);
01670
01671
for(i=0; i<count ; i++)
01672 {
01673
rsbac_list_lol_subadd(
role_tcfd_handle, &to_role, tmp, tmp +
sizeof(
rsbac_rc_role_id_t));
01674 tmp += size;
01675 }
01676
rsbac_vfree(item_array);
01677 }
01678
rsbac_list_lol_remove(
role_tcdv_handle, &to_role);
01679 count =
rsbac_list_lol_get_all_subitems(
role_tcdv_handle, &from_role, (
void **) &item_array);
01680
if(count > 0)
01681 {
01682
char * tmp = item_array;
01683
int size =
rsbac_list_lol_get_subitem_size(
role_tcdv_handle);
01684
01685
for(i=0; i<count ; i++)
01686 {
01687
rsbac_list_lol_subadd(
role_tcdv_handle, &to_role, tmp, tmp +
sizeof(
rsbac_rc_role_id_t));
01688 tmp += size;
01689 }
01690
rsbac_vfree(item_array);
01691 }
01692
rsbac_list_lol_remove(
role_tcus_handle, &to_role);
01693 count =
rsbac_list_lol_get_all_subitems(
role_tcus_handle, &from_role, (
void **) &item_array);
01694
if(count > 0)
01695 {
01696
char * tmp = item_array;
01697
int size =
rsbac_list_lol_get_subitem_size(
role_tcus_handle);
01698
01699
for(i=0; i<count ; i++)
01700 {
01701
rsbac_list_lol_subadd(
role_tcus_handle, &to_role, tmp, tmp +
sizeof(
rsbac_rc_role_id_t));
01702 tmp += size;
01703 }
01704
rsbac_vfree(item_array);
01705 }
01706
rsbac_list_lol_remove(
role_tcpr_handle, &to_role);
01707 count =
rsbac_list_lol_get_all_subitems(
role_tcpr_handle, &from_role, (
void **) &item_array);
01708
if(count > 0)
01709 {
01710
char * tmp = item_array;
01711
int size =
rsbac_list_lol_get_subitem_size(
role_tcpr_handle);
01712
01713
for(i=0; i<count ; i++)
01714 {
01715
rsbac_list_lol_subadd(
role_tcpr_handle, &to_role, tmp, tmp +
sizeof(
rsbac_rc_role_id_t));
01716 tmp += size;
01717 }
01718
rsbac_vfree(item_array);
01719 }
01720
rsbac_list_lol_remove(
role_tcip_handle, &to_role);
01721 count =
rsbac_list_lol_get_all_subitems(
role_tcip_handle, &from_role, (
void **) &item_array);
01722
if(count > 0)
01723 {
01724
char * tmp = item_array;
01725
int size =
rsbac_list_lol_get_subitem_size(
role_tcip_handle);
01726
01727
for(i=0; i<count ; i++)
01728 {
01729
rsbac_list_lol_subadd(
role_tcip_handle, &to_role, tmp, tmp +
sizeof(
rsbac_rc_role_id_t));
01730 tmp += size;
01731 }
01732
rsbac_vfree(item_array);
01733 }
01734
rsbac_list_lol_remove(
role_tcsc_handle, &to_role);
01735 count =
rsbac_list_lol_get_all_subitems(
role_tcsc_handle, &from_role, (
void **) &item_array);
01736
if(count > 0)
01737 {
01738
char * tmp = item_array;
01739
int size =
rsbac_list_lol_get_subitem_size(
role_tcsc_handle);
01740
01741
for(i=0; i<count ; i++)
01742 {
01743
rsbac_list_lol_subadd(
role_tcsc_handle, &to_role, tmp, tmp +
sizeof(
rsbac_rc_role_id_t));
01744 tmp += size;
01745 }
01746
rsbac_vfree(item_array);
01747 }
01748
rsbac_list_lol_remove(
role_tcnd_handle, &to_role);
01749 count =
rsbac_list_lol_get_all_subitems(
role_tcnd_handle, &from_role, (
void **) &item_array);
01750
if(count > 0)
01751 {
01752
char * tmp = item_array;
01753
int size =
rsbac_list_lol_get_subitem_size(
role_tcnd_handle);
01754
01755
for(i=0; i<count ; i++)
01756 {
01757
rsbac_list_lol_subadd(
role_tcnd_handle, &to_role, tmp, tmp +
sizeof(
rsbac_rc_role_id_t));
01758 tmp += size;
01759 }
01760
rsbac_vfree(item_array);
01761 }
01762
rsbac_list_lol_remove(
role_tcnt_handle, &to_role);
01763 count =
rsbac_list_lol_get_all_subitems(
role_tcnt_handle, &from_role, (
void **) &item_array);
01764
if(count > 0)
01765 {
01766
char * tmp = item_array;
01767
int size =
rsbac_list_lol_get_subitem_size(
role_tcnt_handle);
01768
01769
for(i=0; i<count ; i++)
01770 {
01771
rsbac_list_lol_subadd(
role_tcnt_handle, &to_role, tmp, tmp +
sizeof(
rsbac_rc_role_id_t));
01772 tmp += size;
01773 }
01774
rsbac_vfree(item_array);
01775 }
01776
rsbac_list_lol_remove(
role_tcno_handle, &to_role);
01777 count =
rsbac_list_lol_get_all_subitems(
role_tcno_handle, &from_role, (
void **) &item_array);
01778
if(count > 0)
01779 {
01780
char * tmp = item_array;
01781
int size =
rsbac_list_lol_get_subitem_size(
role_tcno_handle);
01782
01783
for(i=0; i<count ; i++)
01784 {
01785
rsbac_list_lol_subadd(
role_tcno_handle, &to_role, tmp, tmp +
sizeof(
rsbac_rc_role_id_t));
01786 tmp += size;
01787 }
01788
rsbac_vfree(item_array);
01789 }
01790
return(0);
01791 };
01792
01793
01794
01795 int rsbac_rc_get_item (
enum rsbac_rc_target_t target,
01796
union rsbac_rc_target_id_t tid,
01797
union rsbac_rc_target_id_t subtid,
01798
enum rsbac_rc_item_t item,
01799
union rsbac_rc_item_value_t * value_p,
01800
rsbac_time_t * ttl_p)
01801 {
01802
int err=0;
01803
struct rsbac_rc_role_entry_t role_entry;
01804
struct rsbac_rc_type_fd_entry_t type_fd_entry;
01805
01806
if (!
rsbac_is_initialized())
01807 {
01808 printk(KERN_WARNING
"rsbac_rc_get_item(): RSBAC not initialized\n");
01809
return(-
RSBAC_ENOTINITIALIZED);
01810 }
01811
if (in_interrupt())
01812 {
01813
#ifdef CONFIG_RSBAC_RMSG
01814
rsbac_printk(KERN_WARNING
"rsbac_rc_get_item(): called from interrupt!\n");
01815
#endif
01816
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01817
if (!rsbac_nosyslog)
01818
#endif
01819
printk(KERN_WARNING
"rsbac_rc_get_item(): called from interrupt!\n");
01820 }
01821
if(ttl_p)
01822 *ttl_p = 0;
01823
switch (target)
01824 {
01825
case RT_ROLE:
01826
if(tid.
role >
RC_role_max_value)
01827
return(-
RSBAC_EINVALIDTARGET);
01828
01829
01830
01831
01832
01833
01834
01835
01836
01837
01838
01839
01840
01841
01842
01843
01844
switch (item)
01845 {
01846
case RI_role_comp:
01847
if(!
rsbac_list_lol_get_subdata_ttl(
role_rc_handle,
01848 ttl_p,
01849 &tid.
role,
01850 &subtid.
role,
01851
NULL))
01852 value_p->
comp =
TRUE;
01853
else
01854 value_p->
comp =
FALSE;
01855
return 0;
01856
case RI_admin_roles:
01857
if(!
rsbac_list_lol_get_subdata_ttl(
role_adr_handle,
01858 ttl_p,
01859 &tid.
role,
01860 &subtid.
role,
01861
NULL))
01862 value_p->
comp =
TRUE;
01863
else
01864 value_p->
comp =
FALSE;
01865
return 0;
01866
case RI_assign_roles:
01867
if(!
rsbac_list_lol_get_subdata_ttl(
role_asr_handle,
01868 ttl_p,
01869 &tid.
role,
01870 &subtid.
role,
01871
NULL))
01872 value_p->
comp =
TRUE;
01873
else
01874 value_p->
comp =
FALSE;
01875
return 0;
01876
case RI_type_comp_fd:
01877
if(
rsbac_list_lol_get_subdata_ttl(
role_tcfd_handle,
01878 ttl_p,
01879 &tid.
role,
01880 &subtid.
type,
01881 &value_p->
rights))
01882 {
01883 value_p->
rights =
RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
01884
if(ttl_p)
01885 *ttl_p = 0;
01886 }
01887
return 0;
01888
case RI_type_comp_dev:
01889
if(
rsbac_list_lol_get_subdata_ttl(
role_tcdv_handle,
01890 ttl_p,
01891 &tid.
role,
01892 &subtid.
type,
01893 &value_p->
rights))
01894 {
01895 value_p->
rights =
RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
01896
if(ttl_p)
01897 *ttl_p = 0;
01898 }
01899
return 0;
01900
case RI_type_comp_user:
01901
if(
rsbac_list_lol_get_subdata_ttl(
role_tcus_handle,
01902 ttl_p,
01903 &tid.
role,
01904 &subtid.
type,
01905 &value_p->
rights))
01906 {
01907 value_p->
rights =
RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
01908
if(ttl_p)
01909 *ttl_p = 0;
01910 }
01911
return 0;
01912
case RI_type_comp_process:
01913
if(
rsbac_list_lol_get_subdata_ttl(
role_tcpr_handle,
01914 ttl_p,
01915 &tid.
role,
01916 &subtid.
type,
01917 &value_p->
rights))
01918 {
01919 value_p->
rights =
RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
01920
if(ttl_p)
01921 *ttl_p = 0;
01922 }
01923
return 0;
01924
case RI_type_comp_ipc:
01925
if(
rsbac_list_lol_get_subdata_ttl(
role_tcip_handle,
01926 ttl_p,
01927 &tid.
role,
01928 &subtid.
type,
01929 &value_p->
rights))
01930 {
01931 value_p->
rights =
RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
01932
if(ttl_p)
01933 *ttl_p = 0;
01934 }
01935
return 0;
01936
case RI_type_comp_scd:
01937
if(
rsbac_list_lol_get_subdata_ttl(
role_tcsc_handle,
01938 ttl_p,
01939 &tid.
role,
01940 &subtid.
type,
01941 &value_p->
rights))
01942 {
01943 value_p->
rights =
RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
01944
if(ttl_p)
01945 *ttl_p = 0;
01946 }
01947
return 0;
01948
case RI_type_comp_netdev:
01949
if(
rsbac_list_lol_get_subdata_ttl(
role_tcnd_handle,
01950 ttl_p,
01951 &tid.
role,
01952 &subtid.
type,
01953 &value_p->
rights))
01954 {
01955 value_p->
rights =
RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
01956
if(ttl_p)
01957 *ttl_p = 0;
01958 }
01959
return 0;
01960
case RI_type_comp_nettemp:
01961
if(
rsbac_list_lol_get_subdata_ttl(
role_tcnt_handle,
01962 ttl_p,
01963 &tid.
role,
01964 &subtid.
type,
01965 &value_p->
rights))
01966 {
01967 value_p->
rights =
RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
01968
if(ttl_p)
01969 *ttl_p = 0;
01970 }
01971
return 0;
01972
case RI_type_comp_netobj:
01973
if(
rsbac_list_lol_get_subdata_ttl(
role_tcno_handle,
01974 ttl_p,
01975 &tid.
role,
01976 &subtid.
type,
01977 &value_p->
rights))
01978 {
01979 value_p->
rights =
RSBAC_RC_DEFAULT_RIGHTS_VECTOR;
01980
if(ttl_p)
01981 *ttl_p = 0;
01982 }
01983
return 0;
01984
case RI_admin_type:
01985
if(!(err =
rsbac_list_get_data(
role_handle, &tid.
role, &role_entry)))
01986 value_p->
admin_type = role_entry.
admin_type;
01987
return err;
01988
case RI_name:
01989
if(!(err =
rsbac_list_get_data(
role_handle, &tid.
role, &role_entry)))
01990 {
01991 strncpy(value_p->
name, role_entry.
name,
RSBAC_RC_NAME_LEN - 1);
01992 value_p->
name[
RSBAC_RC_NAME_LEN - 1] = (
char) 0;
01993 }
01994
return err;
01995
case RI_def_fd_create_type:
01996
if(!(err =
rsbac_list_get_data(
role_handle, &tid.
role, &role_entry)))
01997 value_p->
type_id = role_entry.
def_fd_create_type;
01998
return err;
01999
case RI_def_user_create_type:
02000
if(!(err =
rsbac_list_get_data(
role_handle, &tid.
role, &role_entry)))
02001 value_p->
type_id = role_entry.
def_user_create_type;
02002
return err;
02003
case RI_def_process_create_type:
02004
if(!(err =
rsbac_list_get_data(
role_handle, &tid.
role, &role_entry)))
02005 value_p->
type_id = role_entry.
def_process_create_type;
02006
return err;
02007
case RI_def_process_chown_type:
02008
if(!(err =
rsbac_list_get_data(
role_handle, &tid.
role, &role_entry)))
02009 value_p->
type_id = role_entry.
def_process_chown_type;
02010
return err;
02011
case RI_def_process_execute_type:
02012
if(!(err =
rsbac_list_get_data(
role_handle, &tid.
role, &role_entry)))
02013 value_p->
type_id = role_entry.
def_process_execute_type;
02014
return err;
02015
case RI_def_ipc_create_type:
02016
if(!(err =
rsbac_list_get_data(
role_handle, &tid.
role, &role_entry)))
02017 value_p->
type_id = role_entry.
def_ipc_create_type;
02018
return err;
02019
case RI_boot_role:
02020
if(!(err =
rsbac_list_get_data(
role_handle, &tid.
role, &role_entry)))
02021 value_p->
boot_role = role_entry.
boot_role;
02022
return err;
02023
default:
02024
return -
RSBAC_EINVALIDATTR;
02025 }
02026
02027
return(err);
02028
break;
02029
02030
case RT_TYPE:
02031
if(tid.
type >
RC_type_max_value)
02032
return(-
RSBAC_EINVALIDTARGET);
02033
02034
02035
02036
02037
02038
02039
02040
switch (item)
02041 {
02042
case RI_type_fd_name:
02043
if(!(err =
rsbac_list_get_data(
type_fd_handle, &tid.
type, &type_fd_entry)))
02044 {
02045 strncpy(value_p->
name, type_fd_entry.
name,
RSBAC_RC_NAME_LEN - 1);
02046 value_p->
name[
RSBAC_RC_NAME_LEN - 1] = (
char) 0;
02047 }
02048
return err;
02049
case RI_type_fd_need_secdel:
02050
if(!(err =
rsbac_list_get_data(
type_fd_handle, &tid.
type, &type_fd_entry)))
02051 {
02052 value_p->
need_secdel = type_fd_entry.
need_secdel;
02053 }
02054
return err;
02055
case RI_type_dev_name:
02056
return rsbac_list_get_data(
type_dev_handle, &tid.
type, value_p->
name);
02057
case RI_type_ipc_name:
02058
return rsbac_list_get_data(
type_ipc_handle, &tid.
type, value_p->
name);
02059
case RI_type_user_name:
02060
return rsbac_list_get_data(
type_user_handle, &tid.
type, value_p->
name);
02061
case RI_type_process_name:
02062
return rsbac_list_get_data(
type_process_handle, &tid.
type, value_p->
name);
02063
case RI_type_netdev_name:
02064
return rsbac_list_get_data(
type_netdev_handle, &tid.
type, value_p->
name);
02065
case RI_type_nettemp_name:
02066
return rsbac_list_get_data(
type_nettemp_handle, &tid.
type, value_p->
name);
02067
case RI_type_netobj_name:
02068
return rsbac_list_get_data(
type_netobj_handle, &tid.
type, value_p->
name);
02069
case RI_type_scd_name:
02070 {
02071
char * tmp;
02072
02073 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02074
if(!tmp)
02075 err = -
RSBAC_ENOMEM;
02076
else
02077 {
02078
get_rc_scd_type_name(tmp,tid.
type);
02079 strncpy(value_p->
name, tmp,
RSBAC_RC_NAME_LEN - 1);
02080 value_p->
name[
RSBAC_RC_NAME_LEN - 1] = (
char) 0;
02081
rsbac_kfree(tmp);
02082 }
02083
break;
02084 }
02085
default:
02086 err = -
RSBAC_EINVALIDATTR;
02087 }
02088
02089
return(err);
02090
break;
02091
02092
02093
default:
02094 err = -
RSBAC_EINVALIDTARGET;
02095 }
02096
return err;
02097 };
02098
02099
02100 boolean rsbac_rc_check_comp (rsbac_rc_role_id_t role,
02101
union rsbac_rc_target_id_t subtid,
02102
enum rsbac_rc_item_t item,
02103
enum rsbac_rc_special_rights_t right)
02104 {
02105
rsbac_rc_rights_vector_t rights_vector;
02106
02107
if (!
rsbac_is_initialized())
02108 {
02109 printk(KERN_WARNING
"rsbac_rc_check_comp(): RSBAC not initialized\n");
02110
return(-
RSBAC_ENOTINITIALIZED);
02111 }
02112
if (in_interrupt())
02113 {
02114
#ifdef CONFIG_RSBAC_RMSG
02115
rsbac_printk(KERN_WARNING
"rsbac_rc_check_comp(): called from interrupt!\n");
02116
#endif
02117
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02118
if (!rsbac_nosyslog)
02119
#endif
02120
printk(KERN_WARNING
"rsbac_rc_check_comp(): called from interrupt!\n");
02121 }
02122
if(role >
RC_role_max_value)
02123
return FALSE;
02124
02125
02126
02127
02128
02129
02130
02131
switch (item)
02132 {
02133
case RI_role_comp:
02134
return rsbac_list_lol_subexist(
role_rc_handle, &role, &subtid.
role);
02135
case RI_admin_roles:
02136
return rsbac_list_lol_subexist(
role_adr_handle, &role, &subtid.
role);
02137
case RI_assign_roles:
02138
return rsbac_list_lol_subexist(
role_asr_handle, &role, &subtid.
role);
02139
case RI_type_comp_fd:
02140
if( !
rsbac_list_lol_get_subdata(
role_tcfd_handle, &role, &subtid.
type, &rights_vector)
02141 && (rights_vector &
RSBAC_RC_RIGHTS_VECTOR(right))
02142 )
02143
return TRUE;
02144
else
02145
return FALSE;
02146
case RI_type_comp_dev:
02147
if( !
rsbac_list_lol_get_subdata(
role_tcdv_handle, &role, &subtid.
type, &rights_vector)
02148 && (rights_vector &
RSBAC_RC_RIGHTS_VECTOR(right))
02149 )
02150
return TRUE;
02151
else
02152
return FALSE;
02153
case RI_type_comp_user:
02154
if( !
rsbac_list_lol_get_subdata(
role_tcus_handle, &role, &subtid.
type, &rights_vector)
02155 && (rights_vector &
RSBAC_RC_RIGHTS_VECTOR(right))
02156 )
02157
return TRUE;
02158
else
02159
return FALSE;
02160
case RI_type_comp_process:
02161
if( !
rsbac_list_lol_get_subdata(
role_tcpr_handle, &role, &subtid.
type, &rights_vector)
02162 && (rights_vector &
RSBAC_RC_RIGHTS_VECTOR(right))
02163 )
02164
return TRUE;
02165
else
02166
return FALSE;
02167
case RI_type_comp_ipc:
02168
if( !
rsbac_list_lol_get_subdata(
role_tcip_handle, &role, &subtid.
type, &rights_vector)
02169 && (rights_vector &
RSBAC_RC_RIGHTS_VECTOR(right))
02170 )
02171
return TRUE;
02172
else
02173
return FALSE;
02174
case RI_type_comp_scd:
02175
if( !
rsbac_list_lol_get_subdata(
role_tcsc_handle, &role, &subtid.
type, &rights_vector)
02176 && (rights_vector &
RSBAC_RC_RIGHTS_VECTOR(right))
02177 )
02178
return TRUE;
02179
else
02180
return FALSE;
02181
case RI_type_comp_netdev:
02182
if( !
rsbac_list_lol_get_subdata(
role_tcnd_handle, &role, &subtid.
type, &rights_vector)
02183 && (rights_vector &
RSBAC_RC_RIGHTS_VECTOR(right))
02184 )
02185
return TRUE;
02186
else
02187
return FALSE;
02188
case RI_type_comp_nettemp:
02189
if( !
rsbac_list_lol_get_subdata(
role_tcnt_handle, &role, &subtid.
type, &rights_vector)
02190 && (rights_vector &
RSBAC_RC_RIGHTS_VECTOR(right))
02191 )
02192
return TRUE;
02193
else
02194
return FALSE;
02195
case RI_type_comp_netobj:
02196
if( !
rsbac_list_lol_get_subdata(
role_tcno_handle, &role, &subtid.
type, &rights_vector)
02197 && (rights_vector &
RSBAC_RC_RIGHTS_VECTOR(right))
02198 )
02199
return TRUE;
02200
else
02201
return FALSE;
02202
02203
default:
02204
#ifdef CONFIG_RSBAC_RMSG
02205
rsbac_printk(KERN_WARNING
02206
"rsbac_rc_check_comp(): called for invalid item %u\n",
02207 item);
02208
#endif
02209
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02210
if (!rsbac_nosyslog)
02211
#endif
02212
printk(KERN_WARNING
02213
"rsbac_rc_check_comp(): called for invalid item %u\n",
02214 item);
02215
return FALSE;
02216 }
02217 };
02218
02219
02220
02221 int rsbac_rc_get_list(
enum rsbac_rc_target_t target,
02222
union rsbac_rc_target_id_t tid,
02223
enum rsbac_rc_item_t item,
02224 __u32 ** array_pp,
02225
rsbac_time_t ** ttl_array_pp)
02226 {
02227
int res;
02228
02229
if (!
rsbac_is_initialized())
02230 {
02231 printk(KERN_WARNING
"rsbac_rc_get_list(): RSBAC not initialized\n");
02232
return(-
RSBAC_ENOTINITIALIZED);
02233 }
02234
if (in_interrupt())
02235 {
02236
#ifdef CONFIG_RSBAC_RMSG
02237
rsbac_printk(KERN_WARNING
"rsbac_rc_get_list(): called from interrupt!\n");
02238
#endif
02239
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02240
if (!rsbac_nosyslog)
02241
#endif
02242
printk(KERN_WARNING
"rsbac_rc_get_list(): called from interrupt!\n");
02243 }
02244
if(ttl_array_pp)
02245 *ttl_array_pp =
NULL;
02246
switch (target)
02247 {
02248
case RT_ROLE:
02249
02250
02251
02252
02253
02254
02255
02256
switch (item)
02257 {
02258
case RI_name:
02259
if(array_pp)
02260
return rsbac_list_get_all_desc(
role_handle, (
void **) array_pp);
02261
else
02262
return rsbac_list_count(
role_handle);
02263
case RI_role_comp:
02264
if(array_pp)
02265 res =
rsbac_list_lol_get_all_subdesc_ttl(
role_rc_handle,
02266 &tid.
role,
02267 (
void **) array_pp,
02268 ttl_array_pp);
02269
else
02270 res =
rsbac_list_lol_subcount(
role_rc_handle, &tid.
role);
02271
if(res == -
RSBAC_ENOTFOUND)
02272
return 0;
02273
else
02274
return res;
02275
case RI_admin_roles:
02276
if(array_pp)
02277 res =
rsbac_list_lol_get_all_subdesc_ttl(
role_adr_handle,
02278 &tid.
role,
02279 (
void **) array_pp,
02280 ttl_array_pp);
02281
else
02282 res =
rsbac_list_lol_subcount(
role_adr_handle, &tid.
role);
02283
if(res == -
RSBAC_ENOTFOUND)
02284
return 0;
02285
else
02286
return res;
02287
case RI_assign_roles:
02288
if(array_pp)
02289 res =
rsbac_list_lol_get_all_subdesc_ttl(
role_asr_handle,
02290 &tid.
role,
02291 (
void **) array_pp,
02292 ttl_array_pp);
02293
else
02294 res =
rsbac_list_lol_subcount(
role_asr_handle, &tid.
role);
02295
if(res == -
RSBAC_ENOTFOUND)
02296
return 0;
02297
else
02298
return res;
02299
case RI_type_comp_fd:
02300
if(array_pp)
02301
return rsbac_list_lol_get_all_subdesc_ttl(
role_tcfd_handle,
02302 &tid.
role,
02303 (
void **) array_pp,
02304 ttl_array_pp);
02305
else
02306
return rsbac_list_lol_subcount(
role_tcfd_handle, &tid.
role);
02307
case RI_type_comp_dev:
02308
if(array_pp)
02309
return rsbac_list_lol_get_all_subdesc_ttl(
role_tcdv_handle,
02310 &tid.
role,
02311 (
void **) array_pp,
02312 ttl_array_pp);
02313
else
02314
return rsbac_list_lol_subcount(
role_tcdv_handle, &tid.
role);
02315
case RI_type_comp_user:
02316
if(array_pp)
02317
return rsbac_list_lol_get_all_subdesc_ttl(
role_tcus_handle,
02318 &tid.
role,
02319 (
void **) array_pp,
02320 ttl_array_pp);
02321
else
02322
return rsbac_list_lol_subcount(
role_tcus_handle, &tid.
role);
02323
case RI_type_comp_process:
02324
if(array_pp)
02325
return rsbac_list_lol_get_all_subdesc_ttl(
role_tcpr_handle,
02326 &tid.
role,
02327 (
void **) array_pp,
02328 ttl_array_pp);
02329
else
02330
return rsbac_list_lol_subcount(
role_tcpr_handle, &tid.
role);
02331
case RI_type_comp_ipc:
02332
if(array_pp)
02333
return rsbac_list_lol_get_all_subdesc_ttl(
role_tcip_handle,
02334 &tid.
role,
02335 (
void **) array_pp,
02336 ttl_array_pp);
02337
else
02338
return rsbac_list_lol_subcount(
role_tcip_handle, &tid.
role);
02339
case RI_type_comp_scd:
02340
if(array_pp)
02341
return rsbac_list_lol_get_all_subdesc_ttl(
role_tcsc_handle,
02342 &tid.
role,
02343 (
void **) array_pp,
02344 ttl_array_pp);
02345
else
02346
return rsbac_list_lol_subcount(
role_tcsc_handle, &tid.
role);
02347
case RI_type_comp_netdev:
02348
if(array_pp)
02349
return rsbac_list_lol_get_all_subdesc_ttl(
role_tcnd_handle,
02350 &tid.
role,
02351 (
void **) array_pp,
02352 ttl_array_pp);
02353
else
02354
return rsbac_list_lol_subcount(
role_tcnd_handle, &tid.
role);
02355
case RI_type_comp_nettemp:
02356
if(array_pp)
02357
return rsbac_list_lol_get_all_subdesc_ttl(
role_tcnt_handle,
02358 &tid.
role,
02359 (
void **) array_pp,
02360 ttl_array_pp);
02361
else
02362
return rsbac_list_lol_subcount(
role_tcnt_handle, &tid.
role);
02363
case RI_type_comp_netobj:
02364
if(array_pp)
02365
return rsbac_list_lol_get_all_subdesc_ttl(
role_tcno_handle,
02366 &tid.
role,
02367 (
void **) array_pp,
02368 ttl_array_pp);
02369
else
02370
return rsbac_list_lol_subcount(
role_tcno_handle, &tid.
role);
02371
02372
default:
02373
return -
RSBAC_EINVALIDATTR;
02374 }
02375
02376
case RT_TYPE:
02377
02378
02379
02380
02381
02382
02383
02384
switch (item)
02385 {
02386
case RI_type_fd_name:
02387
case RI_type_fd_need_secdel:
02388
if(array_pp)
02389
return rsbac_list_get_all_desc(
type_fd_handle, (
void **) array_pp);
02390
else
02391
return rsbac_list_count(
type_fd_handle);
02392
case RI_type_dev_name:
02393
if(array_pp)
02394
return rsbac_list_get_all_desc(
type_dev_handle, (
void **) array_pp);
02395
else
02396
return rsbac_list_count(
type_dev_handle);
02397
case RI_type_ipc_name:
02398
if(array_pp)
02399
return rsbac_list_get_all_desc(
type_ipc_handle, (
void **) array_pp);
02400
else
02401
return rsbac_list_count(
type_ipc_handle);
02402
case RI_type_user_name:
02403
if(array_pp)
02404
return rsbac_list_get_all_desc(
type_user_handle, (
void **) array_pp);
02405
else
02406
return rsbac_list_count(
type_user_handle);
02407
case RI_type_process_name:
02408
if(array_pp)
02409
return rsbac_list_get_all_desc(
type_process_handle, (
void **) array_pp);
02410
else
02411
return rsbac_list_count(
type_process_handle);
02412
case RI_type_netdev_name:
02413
if(array_pp)
02414
return rsbac_list_get_all_desc(
type_netdev_handle, (
void **) array_pp);
02415
else
02416
return rsbac_list_count(
type_netdev_handle);
02417
case RI_type_nettemp_name:
02418
if(array_pp)
02419
return rsbac_list_get_all_desc(
type_nettemp_handle, (
void **) array_pp);
02420
else
02421
return rsbac_list_count(
type_nettemp_handle);
02422
case RI_type_netobj_name:
02423
if(array_pp)
02424
return rsbac_list_get_all_desc(
type_netobj_handle, (
void **) array_pp);
02425
else
02426
return rsbac_list_count(
type_netobj_handle);
02427
02428
default:
02429
return -
RSBAC_EINVALIDATTR;
02430 }
02431
02432
default:
02433
return -
RSBAC_EINVALIDTARGET;
02434 }
02435 };
02436
02437
02438
02439 int rsbac_rc_set_item(
enum rsbac_rc_target_t target,
02440
union rsbac_rc_target_id_t tid,
02441
union rsbac_rc_target_id_t subtid,
02442
enum rsbac_rc_item_t item,
02443
union rsbac_rc_item_value_t value,
02444
rsbac_time_t ttl)
02445 {
02446
int err=0;
02447
02448
if (!
rsbac_is_initialized())
02449 {
02450 printk(KERN_WARNING
"rsbac_rc_set_item(): RSBAC not initialized\n");
02451
return(-
RSBAC_ENOTINITIALIZED);
02452 }
02453
if (in_interrupt())
02454 {
02455
#ifdef CONFIG_RSBAC_RMSG
02456
rsbac_printk(KERN_WARNING
"rsbac_rc_set_item(): called from interrupt!\n");
02457
#endif
02458
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02459
if (!rsbac_nosyslog)
02460
#endif
02461
printk(KERN_WARNING
"rsbac_rc_set_item(): called from interrupt!\n");
02462 }
02463
switch (target)
02464 {
02465
case RT_ROLE:
02466
if(tid.
role >
RC_role_max_value)
02467
return(-
RSBAC_EINVALIDTARGET);
02468
if( (item !=
RI_name)
02469 && !
rsbac_list_exist(
role_handle, &tid.
role)
02470 )
02471
return(-
RSBAC_EINVALIDTARGET);
02472
#ifdef CONFIG_RSBAC_DEBUG
02473
if (rsbac_debug_ds_rc)
02474 {
02475
#ifdef CONFIG_RSBAC_RMSG
02476
rsbac_printk(KERN_DEBUG
02477
"rsbac_rc_set_item(): Setting role item value\n");
02478
#endif
02479
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02480
if (!rsbac_nosyslog)
02481
#endif
02482
printk(KERN_DEBUG
02483
"rsbac_rc_set_item(): Setting role item value\n");
02484 }
02485
#endif
02486
switch (item)
02487 {
02488
case RI_role_comp:
02489
if(value.
comp)
02490 {
02491
return rsbac_list_lol_subadd_ttl(
role_rc_handle,
02492 ttl,
02493 &tid.
role,
02494 &subtid.
role,
02495
NULL);
02496 }
02497
else
02498 {
02499
rsbac_list_lol_subremove(
role_rc_handle, &tid.
role, &subtid.
role);
02500
return 0;
02501 }
02502
case RI_admin_roles:
02503
if(value.
comp)
02504 {
02505
return rsbac_list_lol_subadd_ttl(
role_adr_handle,
02506 ttl,
02507 &tid.
role,
02508 &subtid.
role,
02509
NULL);
02510 }
02511
else
02512 {
02513
rsbac_list_lol_subremove(
role_adr_handle, &tid.
role, &subtid.
role);
02514
return 0;
02515 }
02516
case RI_assign_roles:
02517
if(value.
comp)
02518 {
02519
return rsbac_list_lol_subadd_ttl(
role_asr_handle,
02520 ttl,
02521 &tid.
role,
02522 &subtid.
role,
02523
NULL);
02524 }
02525
else
02526 {
02527
rsbac_list_lol_subremove(
role_asr_handle, &tid.
role, &subtid.
role);
02528
return 0;
02529 }
02530
case RI_type_comp_fd:
02531
if(!
rsbac_list_exist(
type_fd_handle, &subtid.
type))
02532
return -
RSBAC_EINVALIDVALUE;
02533
return rsbac_list_lol_subadd_ttl(
role_tcfd_handle,
02534 ttl,
02535 &tid.
role,
02536 &subtid.
type,
02537 &value.
rights);
02538
case RI_type_comp_dev:
02539
if(!
rsbac_list_exist(
type_dev_handle, &subtid.
type))
02540
return -
RSBAC_EINVALIDVALUE;
02541
return rsbac_list_lol_subadd_ttl(
role_tcdv_handle,
02542 ttl,
02543 &tid.
role,
02544 &subtid.
type,
02545 &value.
rights);
02546
case RI_type_comp_user:
02547
if(!
rsbac_list_exist(
type_user_handle, &subtid.
type))
02548
return -
RSBAC_EINVALIDVALUE;
02549
return rsbac_list_lol_subadd_ttl(
role_tcus_handle,
02550 ttl,
02551 &tid.
role,
02552 &subtid.
type,
02553 &value.
rights);
02554
case RI_type_comp_process:
02555
if(!
rsbac_list_exist(
type_process_handle, &subtid.
type))
02556
return -
RSBAC_EINVALIDVALUE;
02557
return rsbac_list_lol_subadd_ttl(
role_tcpr_handle,
02558 ttl,
02559 &tid.
role,
02560 &subtid.
type,
02561 &value.
rights);
02562
case RI_type_comp_ipc:
02563
if(!
rsbac_list_exist(
type_ipc_handle, &subtid.
type))
02564
return -
RSBAC_EINVALIDVALUE;
02565
return rsbac_list_lol_subadd_ttl(
role_tcip_handle,
02566 ttl,
02567 &tid.
role,
02568 &subtid.
type,
02569 &value.
rights);
02570
case RI_type_comp_scd:
02571
if( (subtid.
type >=
ST_none)
02572 && (subtid.
type <
RST_min)
02573 )
02574
return -
RSBAC_EINVALIDVALUE;
02575
if(subtid.
type >=
RST_none)
02576
return -
RSBAC_EINVALIDVALUE;
02577
return rsbac_list_lol_subadd_ttl(
role_tcsc_handle,
02578 ttl,
02579 &tid.
role,
02580 &subtid.
type,
02581 &value.
rights);
02582
case RI_type_comp_netdev:
02583
if(!
rsbac_list_exist(
type_netdev_handle, &subtid.
type))
02584
return -
RSBAC_EINVALIDVALUE;
02585
return rsbac_list_lol_subadd_ttl(
role_tcnd_handle,
02586 ttl,
02587 &tid.
role,
02588 &subtid.
type,
02589 &value.
rights);
02590
case RI_type_comp_nettemp:
02591
if(!
rsbac_list_exist(
type_nettemp_handle, &subtid.
type))
02592
return -
RSBAC_EINVALIDVALUE;
02593
return rsbac_list_lol_subadd_ttl(
role_tcnt_handle,
02594 ttl,
02595 &tid.
role,
02596 &subtid.
type,
02597 &value.
rights);
02598
case RI_type_comp_netobj:
02599
if(!
rsbac_list_exist(
type_netobj_handle, &subtid.
type))
02600
return -
RSBAC_EINVALIDVALUE;
02601
return rsbac_list_lol_subadd_ttl(
role_tcno_handle,
02602 ttl,
02603 &tid.
role,
02604 &subtid.
type,
02605 &value.
rights);
02606
case RI_admin_type:
02607 {
02608
struct rsbac_rc_role_entry_t entry;
02609
02610 err =
rsbac_list_get_data(
role_handle, &tid.
role, &entry);
02611
if(err)
02612
return err;
02613 entry.
admin_type = value.
admin_type;
02614
return rsbac_list_add(
role_handle, &tid.
role, &entry);
02615 }
02616
case RI_name:
02617 {
02618
struct rsbac_rc_role_entry_t entry;
02619
02620
02621
if(!value.
name[0])
02622
return -
RSBAC_EINVALIDVALUE;
02623
02624 memset(&entry, 0,
sizeof(
struct rsbac_rc_role_entry_t));
02625
rsbac_list_get_data(
role_handle, &tid.
role, &entry);
02626 strncpy(entry.
name, value.
name,
RSBAC_RC_NAME_LEN - 1);
02627 entry.
name[
RSBAC_RC_NAME_LEN-1] = 0;
02628
return rsbac_list_add(
role_handle, &tid.
role, &entry);
02629 }
02630
case RI_remove_role:
02631
02632
rsbac_list_lol_remove(
role_rc_handle, &tid.
role);
02633
02634
rsbac_list_lol_subremove_from_all(
role_rc_handle, &tid.
role);
02635
02636
02637
rsbac_list_lol_remove(
role_adr_handle, &tid.
role);
02638
02639
rsbac_list_lol_subremove_from_all(
role_adr_handle, &tid.
role);
02640
02641
02642
rsbac_list_lol_remove(
role_asr_handle, &tid.
role);
02643
02644
rsbac_list_lol_subremove_from_all(
role_asr_handle, &tid.
role);
02645
02646
02647
rsbac_list_lol_remove(
role_tcfd_handle, &tid.
role);
02648
rsbac_list_lol_remove(
role_tcdv_handle, &tid.
role);
02649
rsbac_list_lol_remove(
role_tcus_handle, &tid.
role);
02650
rsbac_list_lol_remove(
role_tcpr_handle, &tid.
role);
02651
rsbac_list_lol_remove(
role_tcip_handle, &tid.
role);
02652
rsbac_list_lol_remove(
role_tcsc_handle, &tid.
role);
02653
rsbac_list_lol_remove(
role_tcnd_handle, &tid.
role);
02654
rsbac_list_lol_remove(
role_tcnt_handle, &tid.
role);
02655
rsbac_list_lol_remove(
role_tcno_handle, &tid.
role);
02656
02657
#ifdef CONFIG_RSBAC_ACL
02658
02659 {
02660
struct rsbac_acl_entry_desc_t desc;
02661
02662 desc.
subj_type =
ACLS_ROLE;
02663 desc.
subj_id = tid.
role;
02664
rsbac_acl_remove_subject(desc);
02665 }
02666
#endif
02667
02668
return rsbac_list_remove(
role_handle, &tid.
role);
02669
02670
case RI_def_fd_create_type:
02671 {
02672
struct rsbac_rc_role_entry_t entry;
02673
02674
if( (value.
type_id <=
RC_type_max_value)
02675 && !
rsbac_list_exist(
type_fd_handle, &value.
type_id)
02676 )
02677
return -
RSBAC_EINVALIDVALUE;
02678
if( (value.
type_id >
RC_type_max_value)
02679 && (value.
type_id <
RC_type_min_special)
02680 )
02681
return -
RSBAC_EINVALIDVALUE;
02682 err =
rsbac_list_get_data(
role_handle, &tid.
role, &entry);
02683
if(err)
02684
return err;
02685 entry.
def_fd_create_type = value.
type_id;
02686
return rsbac_list_add(
role_handle, &tid.
role, &entry);
02687 }
02688
case RI_def_user_create_type:
02689 {
02690
struct rsbac_rc_role_entry_t entry;
02691
02692
if( (value.
type_id <=
RC_type_max_value)
02693 && !
rsbac_list_exist(
type_user_handle, &value.
type_id)
02694 )
02695
return -
RSBAC_EINVALIDVALUE;
02696
if( (value.
type_id >
RC_type_max_value)
02697 && (value.
type_id <
RC_type_min_special)
02698 )
02699
return -
RSBAC_EINVALIDVALUE;
02700 err =
rsbac_list_get_data(
role_handle, &tid.
role, &entry);
02701
if(err)
02702
return err;
02703 entry.
def_user_create_type = value.
type_id;
02704
return rsbac_list_add(
role_handle, &tid.
role, &entry);
02705 }
02706
case RI_def_process_create_type:
02707 {
02708
struct rsbac_rc_role_entry_t entry;
02709
02710
if( (value.
type_id <=
RC_type_max_value)
02711 && !
rsbac_list_exist(
type_process_handle, &value.
type_id)
02712 )
02713
return -
RSBAC_EINVALIDVALUE;
02714
if( (value.
type_id >
RC_type_max_value)
02715 && (value.
type_id <
RC_type_min_special)
02716 )
02717
return -
RSBAC_EINVALIDVALUE;
02718 err =
rsbac_list_get_data(
role_handle, &tid.
role, &entry);
02719
if(err)
02720
return err;
02721 entry.
def_process_create_type = value.
type_id;
02722
return rsbac_list_add(
role_handle, &tid.
role, &entry);
02723 }
02724
case RI_def_process_chown_type:
02725 {
02726
struct rsbac_rc_role_entry_t entry;
02727
02728
if( (value.
type_id <=
RC_type_max_value)
02729 && !
rsbac_list_exist(
type_process_handle, &value.
type_id)
02730 )
02731
return -
RSBAC_EINVALIDVALUE;
02732
if( (value.
type_id >
RC_type_max_value)
02733 && (value.
type_id <
RC_type_min_special)
02734 )
02735
return -
RSBAC_EINVALIDVALUE;
02736 err =
rsbac_list_get_data(
role_handle, &tid.
role, &entry);
02737
if(err)
02738
return err;
02739 entry.
def_process_chown_type = value.
type_id;
02740
return rsbac_list_add(
role_handle, &tid.
role, &entry);
02741 }
02742
case RI_def_process_execute_type:
02743 {
02744
struct rsbac_rc_role_entry_t entry;
02745
02746
if( (value.
type_id <=
RC_type_max_value)
02747 && !
rsbac_list_exist(
type_process_handle, &value.
type_id)
02748 )
02749
return -
RSBAC_EINVALIDVALUE;
02750
if( (value.
type_id >
RC_type_max_value)
02751 && (value.
type_id <
RC_type_min_special)
02752 )
02753
return -
RSBAC_EINVALIDVALUE;
02754 err =
rsbac_list_get_data(
role_handle, &tid.
role, &entry);
02755
if(err)
02756
return err;
02757 entry.
def_process_execute_type = value.
type_id;
02758
return rsbac_list_add(
role_handle, &tid.
role, &entry);
02759 }
02760
case RI_def_ipc_create_type:
02761 {
02762
struct rsbac_rc_role_entry_t entry;
02763
02764
if( (value.
type_id <=
RC_type_max_value)
02765 && !
rsbac_list_exist(
type_ipc_handle, &value.
type_id)
02766 )
02767
return -
RSBAC_EINVALIDVALUE;
02768
if( (value.
type_id >
RC_type_max_value)
02769 && (value.
type_id <
RC_type_min_special)
02770 )
02771
return -
RSBAC_EINVALIDVALUE;
02772 err =
rsbac_list_get_data(
role_handle, &tid.
role, &entry);
02773
if(err)
02774
return err;
02775 entry.
def_ipc_create_type = value.
type_id;
02776
return rsbac_list_add(
role_handle, &tid.
role, &entry);
02777 }
02778
case RI_boot_role:
02779 {
02780
struct rsbac_rc_role_entry_t entry;
02781
02782 err =
rsbac_list_get_data(
role_handle, &tid.
role, &entry);
02783
if(err)
02784
return err;
02785 entry.
boot_role = value.
boot_role;
02786
return rsbac_list_add(
role_handle, &tid.
role, &entry);
02787 }
02788
02789
default:
02790
return -
RSBAC_EINVALIDATTR;
02791 }
02792
02793
case RT_TYPE:
02794
if(tid.
type >
RC_type_max_value)
02795
return(-
RSBAC_EINVALIDTARGET);
02796
#ifdef CONFIG_RSBAC_DEBUG
02797
if (rsbac_debug_ds_rc)
02798 {
02799
#ifdef CONFIG_RSBAC_RMSG
02800
rsbac_printk(KERN_DEBUG
02801
"rsbac_rc_set_item(): Setting type item value\n");
02802
#endif
02803
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02804
if (!rsbac_nosyslog)
02805
#endif
02806
printk(KERN_DEBUG
02807
"rsbac_rc_set_item(): Setting type item value\n");
02808 }
02809
#endif
02810
switch (item)
02811 {
02812
case RI_type_fd_name:
02813 {
02814
struct rsbac_rc_type_fd_entry_t entry;
02815
02816
02817
if(!value.
name[0])
02818
return -
RSBAC_EINVALIDVALUE;
02819
02820 memset(&entry, 0,
sizeof(
struct rsbac_rc_type_fd_entry_t));
02821
rsbac_list_get_data(
type_fd_handle, &tid.
type, &entry);
02822 strncpy(entry.
name, value.
name,
RSBAC_RC_NAME_LEN - 1);
02823 entry.
name[
RSBAC_RC_NAME_LEN-1] = 0;
02824
return rsbac_list_add(
type_fd_handle, &tid.
type, &entry);
02825 }
02826
case RI_type_fd_need_secdel:
02827 {
02828
struct rsbac_rc_type_fd_entry_t entry;
02829
02830 err =
rsbac_list_get_data(
type_fd_handle, &tid.
type, &entry);
02831
if(err)
02832
return err;
02833 entry.
need_secdel = value.
need_secdel;
02834
return rsbac_list_add(
type_fd_handle, &tid.
type, &entry);
02835 }
02836
case RI_type_dev_name:
02837
02838
if(!value.
name[0])
02839
return -
RSBAC_EINVALIDVALUE;
02840
02841 value.
name[
RSBAC_RC_NAME_LEN-1] = 0;
02842
return rsbac_list_add(
type_dev_handle, &tid.
type, &value.
name);
02843
case RI_type_ipc_name:
02844
02845
if(!value.
name[0])
02846
return -
RSBAC_EINVALIDVALUE;
02847
02848 value.
name[
RSBAC_RC_NAME_LEN-1] = 0;
02849
return rsbac_list_add(
type_ipc_handle, &tid.
type, &value.
name);
02850
case RI_type_user_name:
02851
02852
if(!value.
name[0])
02853
return -
RSBAC_EINVALIDVALUE;
02854
02855 value.
name[
RSBAC_RC_NAME_LEN-1] = 0;
02856
return rsbac_list_add(
type_user_handle, &tid.
type, &value.
name);
02857
case RI_type_process_name:
02858
02859
if(!value.
name[0])
02860
return -
RSBAC_EINVALIDVALUE;
02861
02862 value.
name[
RSBAC_RC_NAME_LEN-1] = 0;
02863
return rsbac_list_add(
type_process_handle, &tid.
type, &value.
name);
02864
case RI_type_netdev_name:
02865
02866
if(!value.
name[0])
02867
return -
RSBAC_EINVALIDVALUE;
02868
02869 value.
name[
RSBAC_RC_NAME_LEN-1] = 0;
02870
return rsbac_list_add(
type_netdev_handle, &tid.
type, &value.
name);
02871
case RI_type_nettemp_name:
02872
02873
if(!value.
name[0])
02874
return -
RSBAC_EINVALIDVALUE;
02875
02876 value.
name[
RSBAC_RC_NAME_LEN-1] = 0;
02877
return rsbac_list_add(
type_nettemp_handle, &tid.
type, &value.
name);
02878
case RI_type_netobj_name:
02879
02880
if(!value.
name[0])
02881
return -
RSBAC_EINVALIDVALUE;
02882
02883 value.
name[
RSBAC_RC_NAME_LEN-1] = 0;
02884
return rsbac_list_add(
type_netobj_handle, &tid.
type, &value.
name);
02885
02886
case RI_type_fd_remove:
02887
rsbac_list_lol_subremove_from_all(
role_tcfd_handle, &tid.
type);
02888
return rsbac_list_remove(
type_fd_handle, &tid.
type);
02889
case RI_type_dev_remove:
02890
rsbac_list_lol_subremove_from_all(
role_tcdv_handle, &tid.
type);
02891
return rsbac_list_remove(
type_dev_handle, &tid.
type);
02892
case RI_type_user_remove:
02893
rsbac_list_lol_subremove_from_all(
role_tcus_handle, &tid.
type);
02894
return rsbac_list_remove(
type_user_handle, &tid.
type);
02895
case RI_type_process_remove:
02896
rsbac_list_lol_subremove_from_all(
role_tcpr_handle, &tid.
type);
02897
return rsbac_list_remove(
type_process_handle, &tid.
type);
02898
case RI_type_ipc_remove:
02899
rsbac_list_lol_subremove_from_all(
role_tcip_handle, &tid.
type);
02900
return rsbac_list_remove(
type_ipc_handle, &tid.
type);
02901
case RI_type_netdev_remove:
02902
rsbac_list_lol_subremove_from_all(
role_tcnd_handle, &tid.
type);
02903
return rsbac_list_remove(
type_netdev_handle, &tid.
type);
02904
case RI_type_nettemp_remove:
02905
rsbac_list_lol_subremove_from_all(
role_tcnt_handle, &tid.
type);
02906
return rsbac_list_remove(
type_nettemp_handle, &tid.
type);
02907
case RI_type_netobj_remove:
02908
rsbac_list_lol_subremove_from_all(
role_tcno_handle, &tid.
type);
02909
return rsbac_list_remove(
type_netobj_handle, &tid.
type);
02910
02911
default:
02912
return -
RSBAC_EINVALIDATTR;
02913 }
02914
02915
02916
default:
02917
return -
RSBAC_EINVALIDTARGET;
02918 }
02919 };
02920
02921