/daten/src/linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/rc_data_structures.c

Go to the documentation of this file.
00001 /*************************************************** */ 00002 /* Rule Set Based Access Control */ 00003 /* Implementation of RC data structures */ 00004 /* Author and (C) 1999-2004: Amon Ott <ao@rsbac.org> */ 00005 /* */ 00006 /* Last modified: 16/Jun/2004 */ 00007 /*************************************************** */ 00008 00009 #include <linux/string.h> 00010 #include <linux/types.h> 00011 #include <linux/fs.h> 00012 #include <linux/sched.h> 00013 #include <linux/file.h> 00014 #include <linux/mm.h> 00015 #include <linux/init.h> 00016 #include <asm/uaccess.h> 00017 #include <rsbac/aci_data_structures.h> 00018 #include <rsbac/rc_types.h> 00019 #include <rsbac/rc_data_structures.h> 00020 #include <rsbac/error.h> 00021 #include <rsbac/helpers.h> 00022 #include <rsbac/fs.h> 00023 #include <rsbac/adf.h> 00024 #include <rsbac/acl.h> 00025 #include <rsbac/getname.h> 00026 #include <rsbac/rc_getname.h> 00027 #include <rsbac/proc_fs.h> 00028 #include <rsbac/rkmem.h> 00029 #include <linux/smp_lock.h> 00030 00031 #ifdef CONFIG_RSBAC_RC_NR_ROLES 00032 #endif 00033 00034 /************************************************************************** */ 00035 /* Global Variables */ 00036 /************************************************************************** */ 00037 00038 /* The following global variables are needed for access to RC data. */ 00039 00040 static rsbac_list_handle_t role_handle = NULL; 00041 static rsbac_list_handle_t role_rc_handle = NULL; 00042 static rsbac_list_handle_t role_adr_handle = NULL; 00043 static rsbac_list_handle_t role_asr_handle = NULL; 00044 static rsbac_list_handle_t role_tcfd_handle = NULL; 00045 static rsbac_list_handle_t role_tcdv_handle = NULL; 00046 static rsbac_list_handle_t role_tcus_handle = NULL; 00047 static rsbac_list_handle_t role_tcpr_handle = NULL; 00048 static rsbac_list_handle_t role_tcip_handle = NULL; 00049 static rsbac_list_handle_t role_tcsc_handle = NULL; 00050 static rsbac_list_handle_t role_tcnd_handle = NULL; 00051 static rsbac_list_handle_t role_tcnt_handle = NULL; 00052 static rsbac_list_handle_t role_tcno_handle = NULL; 00053 00054 static rsbac_list_handle_t type_fd_handle = NULL; 00055 static rsbac_list_handle_t type_dev_handle = NULL; 00056 static rsbac_list_handle_t type_ipc_handle = NULL; 00057 static rsbac_list_handle_t type_user_handle = NULL; 00058 static rsbac_list_handle_t type_process_handle = NULL; 00059 static rsbac_list_handle_t type_netdev_handle = NULL; 00060 static rsbac_list_handle_t type_nettemp_handle = NULL; 00061 static rsbac_list_handle_t type_netobj_handle = NULL; 00062 00063 /**************************************************/ 00064 /* Declarations of external functions */ 00065 /**************************************************/ 00066 00067 /**************************************************/ 00068 /* Declarations of internal functions */ 00069 /**************************************************/ 00070 00071 /* As some function use later defined functions, we declare those here. */ 00072 00073 /************************************************* */ 00074 /* Internal Help functions */ 00075 /************************************************* */ 00076 00077 #ifdef CONFIG_RSBAC_INIT_DELAY 00078 static int role_conv( 00079 #else 00080 static int __init role_conv( 00081 #endif 00082 void * old_desc, 00083 void * old_data, 00084 void * new_desc, 00085 void * new_data) 00086 { 00087 struct rsbac_rc_role_entry_t * new = new_data; 00088 struct rsbac_rc_old_role_entry_t * old = old_data; 00089 00090 memcpy(new_desc, old_desc, sizeof(rsbac_rc_role_id_t)); 00091 new->admin_type = old->admin_type; 00092 memcpy(new->name, old->name, RSBAC_RC_NAME_LEN); 00093 new->def_fd_create_type = old->def_fd_create_type; 00094 new->def_user_create_type = RSBAC_RC_GENERAL_TYPE; 00095 new->def_process_create_type = old->def_process_create_type; 00096 new->def_process_chown_type = old->def_process_chown_type; 00097 new->def_process_execute_type = old->def_process_execute_type; 00098 new->def_ipc_create_type = old->def_ipc_create_type; 00099 new->boot_role = FALSE; 00100 return 0; 00101 } 00102 00103 #ifdef CONFIG_RSBAC_INIT_DELAY 00104 static rsbac_list_conv_function_t * role_get_conv(rsbac_version_t old_version) 00105 #else 00106 static rsbac_list_conv_function_t * __init role_get_conv(rsbac_version_t old_version) 00107 #endif 00108 { 00109 switch(old_version) 00110 { 00111 case RSBAC_RC_ROLE_OLD_LIST_VERSION: 00112 return role_conv; 00113 default: 00114 return NULL; 00115 } 00116 } 00117 00118 #ifdef CONFIG_RSBAC_INIT_DELAY 00119 static int rsbac_rc_role_compare_data(void * data1, void * data2) 00120 #else 00121 static int __init rsbac_rc_role_compare_data(void * data1, void * data2) 00122 #endif 00123 { 00124 struct rsbac_rc_role_entry_t * role = data1; 00125 00126 if(!data1) 00127 return 1; 00128 if(role->boot_role) 00129 return 0; 00130 else 00131 return 1; 00132 } 00133 00134 /************************************************* */ 00135 /* proc functions */ 00136 /************************************************* */ 00137 00138 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS) 00139 static int 00140 stats_rc_proc_info(char *buffer, char **start, off_t offset, int length) 00141 { 00142 union rsbac_target_id_t rsbac_target_id; 00143 union rsbac_attribute_value_t rsbac_attribute_value; 00144 00145 u_int len = 0; 00146 off_t pos = 0; 00147 off_t begin = 0; 00148 00149 if (!rsbac_is_initialized) 00150 { 00151 printk(KERN_WARNING "stats_rc_proc_info(): RSBAC not initialized\n"); 00152 return(-RSBAC_ENOTINITIALIZED); 00153 } 00154 #ifdef CONFIG_RSBAC_DEBUG 00155 if (rsbac_debug_aef_rc) 00156 { 00157 #ifdef CONFIG_RSBAC_RMSG 00158 rsbac_printk(KERN_DEBUG "stats_rc_proc_info(): calling ADF\n"); 00159 #endif 00160 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00161 if (!rsbac_nosyslog) 00162 #endif 00163 printk(KERN_DEBUG "stats_rc_proc_info(): calling ADF\n"); 00164 } 00165 #endif 00166 rsbac_target_id.scd = ST_rsbac; 00167 rsbac_attribute_value.dummy = 0; 00168 if (!rsbac_adf_request(R_GET_STATUS_DATA, 00169 current->pid, 00170 T_SCD, 00171 rsbac_target_id, 00172 A_none, 00173 rsbac_attribute_value)) 00174 { 00175 return -EPERM; 00176 } 00177 00178 len += sprintf(buffer, "RC Status\n---------\n"); 00179 pos = begin + len; 00180 if (pos < offset) 00181 { 00182 len = 0; 00183 begin = pos; 00184 } 00185 if (pos > offset+length) 00186 goto out; 00187 00188 len += sprintf(buffer + len, "Role entry size is %u, %lu entries used\n", 00189 sizeof(struct rsbac_rc_role_entry_t), 00190 rsbac_list_count(role_handle)); 00191 pos = begin + len; 00192 if (pos < offset) 00193 { 00194 len = 0; 00195 begin = pos; 00196 } 00197 if (pos > offset+length) 00198 goto out; 00199 00200 len += sprintf(buffer + len, "Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", 00201 rsbac_list_count(type_fd_handle), 00202 rsbac_list_count(type_dev_handle), 00203 rsbac_list_count(type_ipc_handle), 00204 rsbac_list_count(type_user_handle), 00205 rsbac_list_count(type_process_handle), 00206 rsbac_list_count(type_netdev_handle), 00207 rsbac_list_count(type_nettemp_handle), 00208 rsbac_list_count(type_netobj_handle)); 00209 pos = begin + len; 00210 if (pos < offset) 00211 { 00212 len = 0; 00213 begin = pos; 00214 } 00215 00216 out: 00217 *start = buffer + (offset - begin); 00218 len -= (offset - begin); 00219 00220 if (len > length) 00221 len = length; 00222 return len; 00223 } 00224 00225 #endif /* CONFIG_PROC_FS && CONFIG_RSBAC_PROC */ 00226 00227 /************************************************* */ 00228 /* Init functions */ 00229 /************************************************* */ 00230 00231 /* All functions return 0, if no error occurred, and a negative error code */ 00232 /* otherwise. The error codes are defined in rsbac/error.h. */ 00233 00234 /************************************************************************** */ 00235 /* Initialization of all RC data structures. After this call, all RC data */ 00236 /* is kept in memory for performance reasons, but is written to disk on */ 00237 /* every change. */ 00238 00239 /* There can be no access to aci data structures before init. */ 00240 00241 #ifdef CONFIG_RSBAC_INIT_DELAY 00242 static void registration_error(int err, char * listname) 00243 #else 00244 static void __init registration_error(int err, char * listname) 00245 #endif 00246 { 00247 if(err) 00248 { 00249 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00250 00251 if(tmp) 00252 { 00253 #ifdef CONFIG_RSBAC_RMSG 00254 rsbac_printk(KERN_WARNING 00255 "rsbac_init_rc(): Registering RC %s list failed with error %s\n", 00256 listname, 00257 get_error_name(tmp, err)); 00258 #endif 00259 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00260 if (!rsbac_nosyslog) 00261 #endif 00262 printk(KERN_WARNING 00263 "rsbac_init_rc(): Registering RC %s list failed with error %s\n", 00264 listname, 00265 get_error_name(tmp, err)); 00266 rsbac_kfree(tmp); 00267 } 00268 } 00269 } 00270 00271 #ifdef CONFIG_RSBAC_INIT_DELAY 00272 int rsbac_init_rc(void) 00273 #else 00274 int __init rsbac_init_rc(void) 00275 #endif 00276 { 00277 int err = 0; 00278 struct proc_dir_entry * tmp_entry_p; 00279 struct rsbac_list_lol_info_t lol_info; 00280 struct rsbac_list_info_t list_info; 00281 rsbac_rc_rights_vector_t def_tc = RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 00282 00283 if (rsbac_is_initialized()) 00284 { 00285 #ifdef CONFIG_RSBAC_RMSG 00286 rsbac_printk(KERN_WARNING "rsbac_init_rc(): RSBAC already initialized\n"); 00287 #endif 00288 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00289 if (!rsbac_nosyslog) 00290 #endif 00291 printk(KERN_WARNING "rsbac_init_rc(): RSBAC already initialized\n"); 00292 return(-RSBAC_EREINIT); 00293 } 00294 00295 /* init data structures */ 00296 #ifdef CONFIG_RSBAC_RMSG 00297 rsbac_printk(KERN_INFO "rsbac_init_rc(): Initializing RSBAC: RC subsystem\n"); 00298 #endif 00299 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00300 if (!rsbac_nosyslog) 00301 #endif 00302 printk(KERN_INFO "rsbac_init_rc(): Initializing RSBAC: RC subsystem\n"); 00303 #ifdef CONFIG_RSBAC_DEBUG 00304 if(rsbac_debug_stack) 00305 { 00306 unsigned long * n = (unsigned long *) (current+1); 00307 00308 while (!*n) 00309 n++; 00310 #ifdef CONFIG_RSBAC_RMSG 00311 rsbac_printk(KERN_DEBUG "rsbac_init_rc: free stack: %lu\n", 00312 (unsigned long) n - (unsigned long)(current+1)); 00313 #endif 00314 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00315 if (!rsbac_nosyslog) 00316 #endif 00317 printk(KERN_DEBUG "rsbac_init_rc: free stack: %lu\n", 00318 (unsigned long) n - (unsigned long)(current+1)); 00319 } 00320 #endif 00321 00322 list_info.version = RSBAC_RC_ROLE_LIST_VERSION; 00323 list_info.key = RSBAC_RC_LIST_KEY; 00324 list_info.desc_size = sizeof(rsbac_rc_role_id_t); 00325 list_info.data_size = sizeof(struct rsbac_rc_role_entry_t); 00326 list_info.max_age = 0; 00327 err = rsbac_list_register(RSBAC_LIST_VERSION, 00328 &role_handle, 00329 &list_info, 00330 #if defined(CONFIG_RSBAC_RC_BACKUP) 00331 RSBAC_LIST_BACKUP | 00332 #endif 00333 RSBAC_LIST_PERSIST, 00334 rsbac_list_compare_u32, 00335 role_get_conv, 00336 NULL, 00337 RSBAC_RC_ROLE_FILENAME, 00338 RSBAC_AUTO_DEV); 00339 if(err) 00340 { 00341 registration_error(err, "role"); 00342 } 00343 00344 lol_info.version = RSBAC_RC_ROLE_RC_LIST_VERSION; 00345 lol_info.key = RSBAC_RC_LIST_KEY; 00346 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00347 lol_info.data_size = 0; 00348 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t); 00349 lol_info.subdata_size = 0; 00350 lol_info.max_age = 0; 00351 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00352 &role_rc_handle, 00353 &lol_info, 00354 #if defined(CONFIG_RSBAC_RC_BACKUP) 00355 RSBAC_LIST_BACKUP | 00356 #endif 00357 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 00358 rsbac_list_compare_u32, 00359 rsbac_list_compare_u32, 00360 NULL, 00361 NULL, 00362 NULL, 00363 NULL, 00364 RSBAC_RC_ROLE_RC_FILENAME, 00365 RSBAC_AUTO_DEV); 00366 if(err) 00367 { 00368 registration_error(err, "role compatibilities"); 00369 } 00370 lol_info.version = RSBAC_RC_ROLE_ADR_LIST_VERSION; 00371 lol_info.key = RSBAC_RC_LIST_KEY; 00372 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00373 lol_info.data_size = 0; 00374 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t); 00375 lol_info.subdata_size = 0; 00376 lol_info.max_age = 0; 00377 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00378 &role_adr_handle, 00379 &lol_info, 00380 #if defined(CONFIG_RSBAC_RC_BACKUP) 00381 RSBAC_LIST_BACKUP | 00382 #endif 00383 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 00384 rsbac_list_compare_u32, 00385 rsbac_list_compare_u32, 00386 NULL, 00387 NULL, 00388 NULL, 00389 NULL, 00390 RSBAC_RC_ROLE_ADR_FILENAME, 00391 RSBAC_AUTO_DEV); 00392 if(err) 00393 { 00394 registration_error(err, "admin roles"); 00395 } 00396 lol_info.version = RSBAC_RC_ROLE_ASR_LIST_VERSION; 00397 lol_info.key = RSBAC_RC_LIST_KEY; 00398 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00399 lol_info.data_size = 0; 00400 lol_info.subdesc_size = sizeof(rsbac_rc_role_id_t); 00401 lol_info.subdata_size = 0; 00402 lol_info.max_age = 0; 00403 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00404 &role_asr_handle, 00405 &lol_info, 00406 #if defined(CONFIG_RSBAC_RC_BACKUP) 00407 RSBAC_LIST_BACKUP | 00408 #endif 00409 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 00410 rsbac_list_compare_u32, 00411 rsbac_list_compare_u32, 00412 NULL, 00413 NULL, 00414 NULL, 00415 NULL, 00416 RSBAC_RC_ROLE_ASR_FILENAME, 00417 RSBAC_AUTO_DEV); 00418 if(err) 00419 { 00420 registration_error(err, "assign roles"); 00421 } 00422 lol_info.version = RSBAC_RC_ROLE_TCFD_LIST_VERSION; 00423 lol_info.key = RSBAC_RC_LIST_KEY; 00424 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00425 lol_info.data_size = 0; 00426 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 00427 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 00428 lol_info.max_age = 0; 00429 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00430 &role_tcfd_handle, 00431 &lol_info, 00432 #if defined(CONFIG_RSBAC_RC_BACKUP) 00433 RSBAC_LIST_BACKUP | 00434 #endif 00435 RSBAC_LIST_PERSIST | 00436 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA, 00437 rsbac_list_compare_u32, 00438 rsbac_list_compare_u32, 00439 NULL, 00440 NULL, 00441 NULL, 00442 &def_tc, 00443 RSBAC_RC_ROLE_TCFD_FILENAME, 00444 RSBAC_AUTO_DEV); 00445 if(err) 00446 { 00447 registration_error(err, "Role FD type compatibilities"); 00448 } 00449 lol_info.version = RSBAC_RC_ROLE_TCDV_LIST_VERSION; 00450 lol_info.key = RSBAC_RC_LIST_KEY; 00451 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00452 lol_info.data_size = 0; 00453 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 00454 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 00455 lol_info.max_age = 0; 00456 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00457 &role_tcdv_handle, 00458 &lol_info, 00459 #if defined(CONFIG_RSBAC_RC_BACKUP) 00460 RSBAC_LIST_BACKUP | 00461 #endif 00462 RSBAC_LIST_PERSIST | 00463 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA, 00464 rsbac_list_compare_u32, 00465 rsbac_list_compare_u32, 00466 NULL, 00467 NULL, 00468 NULL, 00469 &def_tc, 00470 RSBAC_RC_ROLE_TCDV_FILENAME, 00471 RSBAC_AUTO_DEV); 00472 if(err) 00473 { 00474 registration_error(err, "Role DEV type compatibilities"); 00475 } 00476 lol_info.version = RSBAC_RC_ROLE_TCUS_LIST_VERSION; 00477 lol_info.key = RSBAC_RC_LIST_KEY; 00478 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00479 lol_info.data_size = 0; 00480 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 00481 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 00482 lol_info.max_age = 0; 00483 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00484 &role_tcus_handle, 00485 &lol_info, 00486 #if defined(CONFIG_RSBAC_RC_BACKUP) 00487 RSBAC_LIST_BACKUP | 00488 #endif 00489 RSBAC_LIST_PERSIST | 00490 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA, 00491 rsbac_list_compare_u32, 00492 rsbac_list_compare_u32, 00493 NULL, 00494 NULL, 00495 NULL, 00496 &def_tc, 00497 RSBAC_RC_ROLE_TCUS_FILENAME, 00498 RSBAC_AUTO_DEV); 00499 if(err) 00500 { 00501 registration_error(err, "Role User type compatibilities"); 00502 } 00503 lol_info.version = RSBAC_RC_ROLE_TCPR_LIST_VERSION; 00504 lol_info.key = RSBAC_RC_LIST_KEY; 00505 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00506 lol_info.data_size = 0; 00507 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 00508 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 00509 lol_info.max_age = 0; 00510 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00511 &role_tcpr_handle, 00512 &lol_info, 00513 #if defined(CONFIG_RSBAC_RC_BACKUP) 00514 RSBAC_LIST_BACKUP | 00515 #endif 00516 RSBAC_LIST_PERSIST | 00517 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA, 00518 rsbac_list_compare_u32, 00519 rsbac_list_compare_u32, 00520 NULL, 00521 NULL, 00522 NULL, 00523 &def_tc, 00524 RSBAC_RC_ROLE_TCPR_FILENAME, 00525 RSBAC_AUTO_DEV); 00526 if(err) 00527 { 00528 registration_error(err, "Role Process type compatibilities"); 00529 } 00530 lol_info.version = RSBAC_RC_ROLE_TCIP_LIST_VERSION; 00531 lol_info.key = RSBAC_RC_LIST_KEY; 00532 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00533 lol_info.data_size = 0; 00534 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 00535 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 00536 lol_info.max_age = 0; 00537 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00538 &role_tcip_handle, 00539 &lol_info, 00540 #if defined(CONFIG_RSBAC_RC_BACKUP) 00541 RSBAC_LIST_BACKUP | 00542 #endif 00543 RSBAC_LIST_PERSIST | 00544 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA, 00545 rsbac_list_compare_u32, 00546 rsbac_list_compare_u32, 00547 NULL, 00548 NULL, 00549 NULL, 00550 &def_tc, 00551 RSBAC_RC_ROLE_TCIP_FILENAME, 00552 RSBAC_AUTO_DEV); 00553 if(err) 00554 { 00555 registration_error(err, "Role IPC type compatibilities"); 00556 } 00557 lol_info.version = RSBAC_RC_ROLE_TCSC_LIST_VERSION; 00558 lol_info.key = RSBAC_RC_LIST_KEY; 00559 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00560 lol_info.data_size = 0; 00561 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 00562 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 00563 lol_info.max_age = 0; 00564 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00565 &role_tcsc_handle, 00566 &lol_info, 00567 #if defined(CONFIG_RSBAC_RC_BACKUP) 00568 RSBAC_LIST_BACKUP | 00569 #endif 00570 RSBAC_LIST_PERSIST | 00571 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA, 00572 rsbac_list_compare_u32, 00573 rsbac_list_compare_u32, 00574 NULL, 00575 NULL, 00576 NULL, 00577 &def_tc, 00578 RSBAC_RC_ROLE_TCSC_FILENAME, 00579 RSBAC_AUTO_DEV); 00580 if(err) 00581 { 00582 registration_error(err, "Role SCD type compatibilities"); 00583 } 00584 lol_info.version = RSBAC_RC_ROLE_TCND_LIST_VERSION; 00585 lol_info.key = RSBAC_RC_LIST_KEY; 00586 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00587 lol_info.data_size = 0; 00588 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 00589 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 00590 lol_info.max_age = 0; 00591 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00592 &role_tcnd_handle, 00593 &lol_info, 00594 #if defined(CONFIG_RSBAC_RC_BACKUP) 00595 RSBAC_LIST_BACKUP | 00596 #endif 00597 RSBAC_LIST_PERSIST | 00598 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA, 00599 rsbac_list_compare_u32, 00600 rsbac_list_compare_u32, 00601 NULL, 00602 NULL, 00603 NULL, 00604 &def_tc, 00605 RSBAC_RC_ROLE_TCND_FILENAME, 00606 RSBAC_AUTO_DEV); 00607 if(err) 00608 { 00609 registration_error(err, "Role NETDEV type compatibilities"); 00610 } 00611 lol_info.version = RSBAC_RC_ROLE_TCNT_LIST_VERSION; 00612 lol_info.key = RSBAC_RC_LIST_KEY; 00613 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00614 lol_info.data_size = 0; 00615 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 00616 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 00617 lol_info.max_age = 0; 00618 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00619 &role_tcnt_handle, 00620 &lol_info, 00621 #if defined(CONFIG_RSBAC_RC_BACKUP) 00622 RSBAC_LIST_BACKUP | 00623 #endif 00624 RSBAC_LIST_PERSIST | 00625 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA, 00626 rsbac_list_compare_u32, 00627 rsbac_list_compare_u32, 00628 NULL, 00629 NULL, 00630 NULL, 00631 &def_tc, 00632 RSBAC_RC_ROLE_TCNT_FILENAME, 00633 RSBAC_AUTO_DEV); 00634 if(err) 00635 { 00636 registration_error(err, "Role NETTEMP type compatibilities"); 00637 } 00638 lol_info.version = RSBAC_RC_ROLE_TCNO_LIST_VERSION; 00639 lol_info.key = RSBAC_RC_LIST_KEY; 00640 lol_info.desc_size = sizeof(rsbac_rc_role_id_t); 00641 lol_info.data_size = 0; 00642 lol_info.subdesc_size = sizeof(rsbac_rc_type_id_t); 00643 lol_info.subdata_size = sizeof(rsbac_rc_rights_vector_t); 00644 lol_info.max_age = 0; 00645 err = rsbac_list_lol_register(RSBAC_LIST_VERSION, 00646 &role_tcno_handle, 00647 &lol_info, 00648 #if defined(CONFIG_RSBAC_RC_BACKUP) 00649 RSBAC_LIST_BACKUP | 00650 #endif 00651 RSBAC_LIST_PERSIST | 00652 RSBAC_LIST_DEF_DATA | RSBAC_LIST_DEF_SUBDATA, 00653 rsbac_list_compare_u32, 00654 rsbac_list_compare_u32, 00655 NULL, 00656 NULL, 00657 NULL, 00658 &def_tc, 00659 RSBAC_RC_ROLE_TCNO_FILENAME, 00660 RSBAC_AUTO_DEV); 00661 if(err) 00662 { 00663 registration_error(err, "Role NETOBJ type compatibilities"); 00664 } 00665 00666 /* Create default role settings, if none there */ 00667 if(!rsbac_no_defaults && !rsbac_list_count(role_handle)) 00668 { 00669 rsbac_rc_role_id_t role; 00670 rsbac_rc_type_id_t type; 00671 rsbac_rc_rights_vector_t rights; 00672 struct rsbac_rc_role_entry_t gen_entry = RSBAC_RC_GENERAL_ROLE_ENTRY; 00673 struct rsbac_rc_role_entry_t ra_entry = RSBAC_RC_ROLE_ADMIN_ROLE_ENTRY; 00674 struct rsbac_rc_role_entry_t sa_entry = RSBAC_RC_SYSTEM_ADMIN_ROLE_ENTRY; 00675 struct rsbac_rc_role_entry_t au_entry = RSBAC_RC_AUDITOR_ROLE_ENTRY; 00676 struct rsbac_rc_role_entry_t bo_entry = RSBAC_RC_BOOT_ROLE_ENTRY; 00677 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 00678 00679 if(tmp) 00680 { 00681 #ifdef CONFIG_RSBAC_RMSG 00682 rsbac_printk(KERN_WARNING 00683 "rsbac_init_rc(): no RC roles read, generating default role entries!\n"); 00684 #endif 00685 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00686 if (!rsbac_nosyslog) 00687 #endif 00688 printk(KERN_WARNING 00689 "rsbac_init_rc(): no RC roles read, generating default role entries!\n"); 00690 rsbac_kfree(tmp); 00691 } 00692 00693 role = RSBAC_RC_GENERAL_ROLE; 00694 if(!rsbac_list_add(role_handle, &role, &gen_entry)) 00695 { 00696 if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL)) 00697 { 00698 type = RSBAC_RC_GENERAL_TYPE; 00699 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_EXECUTE_REQUEST_VECTOR) 00700 & RSBAC_FD_REQUEST_VECTOR; 00701 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights); 00702 } 00703 if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL)) 00704 { 00705 type = RSBAC_RC_GENERAL_TYPE; 00706 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_DEV_REQUEST_VECTOR; 00707 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights); 00708 } 00709 if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL)) 00710 { 00711 type = RSBAC_RC_GENERAL_TYPE; 00712 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_PROCESS_REQUEST_VECTOR; 00713 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 00714 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE; 00715 rights = RSBAC_READ_REQUEST_VECTOR & RSBAC_PROCESS_REQUEST_VECTOR; 00716 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 00717 } 00718 if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL)) 00719 { 00720 type = RSBAC_RC_GENERAL_TYPE; 00721 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_IPC_REQUEST_VECTOR; 00722 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights); 00723 } 00724 if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL)) 00725 { 00726 type = RSBAC_RC_GENERAL_TYPE; 00727 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETDEV_REQUEST_VECTOR; 00728 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights); 00729 } 00730 if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL)) 00731 { 00732 type = RSBAC_RC_GENERAL_TYPE; 00733 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETOBJ_REQUEST_VECTOR; 00734 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights); 00735 } 00736 if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL)) 00737 { 00738 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM 00739 type = ST_ioports; 00740 rights = RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA); 00741 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00742 #endif 00743 type = ST_rlimit; 00744 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA) 00745 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA); 00746 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00747 type = ST_other; 00748 rights = RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC); 00749 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00750 type = ST_network; 00751 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA); 00752 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00753 } 00754 } 00755 role = RSBAC_RC_ROLE_ADMIN_ROLE; 00756 if(!rsbac_list_add(role_handle, &role, &ra_entry)) 00757 { 00758 if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL)) 00759 { 00760 type = RSBAC_RC_GENERAL_TYPE; 00761 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR 00762 | RSBAC_EXECUTE_REQUEST_VECTOR 00763 | RSBAC_SECURITY_REQUEST_VECTOR) 00764 & RSBAC_FD_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00765 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights); 00766 type = RSBAC_RC_SEC_TYPE; 00767 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights); 00768 type = RSBAC_RC_SYS_TYPE; 00769 rights = (RSBAC_READ_REQUEST_VECTOR & RSBAC_FD_REQUEST_VECTOR) 00770 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00771 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights); 00772 } 00773 if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL)) 00774 { 00775 type = RSBAC_RC_GENERAL_TYPE; 00776 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00777 & RSBAC_DEV_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00778 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights); 00779 type = RSBAC_RC_SEC_TYPE; 00780 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00781 & RSBAC_DEV_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00782 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights); 00783 } 00784 if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL)) 00785 { 00786 type = RSBAC_RC_GENERAL_TYPE; 00787 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00788 & RSBAC_USER_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00789 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights); 00790 type = RSBAC_RC_SYS_TYPE; 00791 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00792 & RSBAC_USER_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00793 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights); 00794 type = RSBAC_RC_SEC_TYPE; 00795 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00796 & RSBAC_USER_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00797 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights); 00798 } 00799 if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL)) 00800 { 00801 type = RSBAC_RC_GENERAL_TYPE; 00802 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00803 & RSBAC_PROCESS_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00804 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 00805 type = RSBAC_RC_SEC_TYPE; 00806 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00807 & RSBAC_PROCESS_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00808 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 00809 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE; 00810 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00811 & RSBAC_PROCESS_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00812 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 00813 } 00814 if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL)) 00815 { 00816 type = RSBAC_RC_GENERAL_TYPE; 00817 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00818 & RSBAC_IPC_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00819 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights); 00820 type = RSBAC_RC_SEC_TYPE; 00821 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00822 & RSBAC_IPC_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00823 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights); 00824 } 00825 if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL)) 00826 { 00827 type = RSBAC_RC_GENERAL_TYPE; 00828 rights = ((RSBAC_REQUEST_VECTOR(R_GET_STATUS_DATA) | RSBAC_SECURITY_REQUEST_VECTOR) 00829 & RSBAC_NETDEV_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00830 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights); 00831 type = RSBAC_RC_SEC_TYPE; 00832 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights); 00833 type = RSBAC_RC_SYS_TYPE; 00834 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights); 00835 } 00836 if(!rsbac_list_lol_add(role_tcnt_handle, &role, NULL)) 00837 { 00838 type = RSBAC_RC_GENERAL_TYPE; 00839 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00840 & RSBAC_NETTEMP_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00841 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights); 00842 type = RSBAC_RC_SEC_TYPE; 00843 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00844 & RSBAC_NETTEMP_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00845 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights); 00846 } 00847 if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL)) 00848 { 00849 type = RSBAC_RC_GENERAL_TYPE; 00850 rights = ((RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SECURITY_REQUEST_VECTOR) 00851 & RSBAC_NETOBJ_REQUEST_VECTOR) | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00852 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights); 00853 } 00854 if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL)) 00855 { 00856 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM 00857 type = ST_ioports; 00858 rights = RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA) 00859 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00860 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00861 #endif 00862 type = ST_rlimit; 00863 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00864 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00865 type = ST_rsbac; 00866 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00867 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00868 type = ST_rsbaclog; 00869 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00870 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00871 type = ST_other; 00872 rights = RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC) 00873 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA) 00874 | RSBAC_RC_RIGHTS_VECTOR(R_SWITCH_LOG) 00875 | RSBAC_RC_RIGHTS_VECTOR(R_SWITCH_MODULE) 00876 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00877 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00878 type = ST_network; 00879 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA) 00880 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00881 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00882 type = ST_firewall; 00883 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA) 00884 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00885 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00886 type = RST_auth_administration; 00887 rights = RSBAC_SCD_REQUEST_VECTOR | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00888 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00889 type = ST_sysfs; 00890 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA) 00891 | RSBAC_RC_SPECIAL_RIGHTS_VECTOR; 00892 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00893 } 00894 } 00895 role = RSBAC_RC_SYSTEM_ADMIN_ROLE; 00896 if(!rsbac_list_add(role_handle, &role, &sa_entry)) 00897 { 00898 if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL)) 00899 { 00900 type = RSBAC_RC_GENERAL_TYPE; 00901 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR 00902 | RSBAC_EXECUTE_REQUEST_VECTOR 00903 | RSBAC_SYSTEM_REQUEST_VECTOR) 00904 & RSBAC_FD_REQUEST_VECTOR; 00905 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights); 00906 type = RSBAC_RC_SYS_TYPE; 00907 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights); 00908 } 00909 if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL)) 00910 { 00911 type = RSBAC_RC_GENERAL_TYPE; 00912 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR; 00913 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights); 00914 type = RSBAC_RC_SYS_TYPE; 00915 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR; 00916 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights); 00917 } 00918 if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL)) 00919 { 00920 type = RSBAC_RC_GENERAL_TYPE; 00921 rights = (RSBAC_READ_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_USER_REQUEST_VECTOR; 00922 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights); 00923 type = RSBAC_RC_SYS_TYPE; 00924 rights = (RSBAC_READ_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_USER_REQUEST_VECTOR; 00925 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights); 00926 } 00927 if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL)) 00928 { 00929 type = RSBAC_RC_GENERAL_TYPE; 00930 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR; 00931 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 00932 type = RSBAC_RC_SYS_TYPE; 00933 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR; 00934 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 00935 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE; 00936 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR; 00937 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 00938 } 00939 if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL)) 00940 { 00941 type = RSBAC_RC_GENERAL_TYPE; 00942 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR; 00943 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights); 00944 type = RSBAC_RC_SYS_TYPE; 00945 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR; 00946 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights); 00947 } 00948 if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL)) 00949 { 00950 type = RSBAC_RC_GENERAL_TYPE; 00951 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETDEV_REQUEST_VECTOR; 00952 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights); 00953 } 00954 if(!rsbac_list_lol_add(role_tcnt_handle, &role, NULL)) 00955 { 00956 type = RSBAC_RC_GENERAL_TYPE; 00957 rights = (RSBAC_READ_REQUEST_VECTOR) & RSBAC_NETTEMP_REQUEST_VECTOR; 00958 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights); 00959 } 00960 if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL)) 00961 { 00962 type = RSBAC_RC_GENERAL_TYPE; 00963 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETOBJ_REQUEST_VECTOR; 00964 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights); 00965 } 00966 if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL)) 00967 { 00968 rights = RSBAC_SCD_REQUEST_VECTOR 00969 & (RSBAC_SYSTEM_REQUEST_VECTOR | RSBAC_READ_WRITE_REQUEST_VECTOR ); 00970 for(type = ST_time_strucs; type <= ST_rsbac; type++) 00971 { 00972 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00973 } 00974 for(type = ST_network; type < ST_none; type++) 00975 { 00976 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00977 } 00978 type = ST_other; 00979 rights = RSBAC_RC_RIGHTS_VECTOR(R_ADD_TO_KERNEL) 00980 | RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC) 00981 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA) 00982 | RSBAC_RC_RIGHTS_VECTOR(R_MOUNT) 00983 | RSBAC_RC_RIGHTS_VECTOR(R_REMOVE_FROM_KERNEL) 00984 | RSBAC_RC_RIGHTS_VECTOR(R_UMOUNT) 00985 | RSBAC_RC_RIGHTS_VECTOR(R_SHUTDOWN); 00986 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 00987 } 00988 } 00989 role = RSBAC_RC_AUDITOR_ROLE; 00990 if(!rsbac_list_add(role_handle, &role, &au_entry)) 00991 { 00992 if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL)) 00993 { 00994 type = RSBAC_RC_GENERAL_TYPE; 00995 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_EXECUTE_REQUEST_VECTOR) 00996 & RSBAC_FD_REQUEST_VECTOR; 00997 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights); 00998 } 00999 if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL)) 01000 { 01001 type = RSBAC_RC_GENERAL_TYPE; 01002 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_DEV_REQUEST_VECTOR; 01003 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights); 01004 } 01005 if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL)) 01006 { 01007 type = RSBAC_RC_GENERAL_TYPE; 01008 rights = RSBAC_READ_REQUEST_VECTOR & RSBAC_USER_REQUEST_VECTOR; 01009 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights); 01010 } 01011 if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL)) 01012 { 01013 type = RSBAC_RC_GENERAL_TYPE; 01014 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_PROCESS_REQUEST_VECTOR; 01015 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 01016 } 01017 if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL)) 01018 { 01019 type = RSBAC_RC_GENERAL_TYPE; 01020 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_IPC_REQUEST_VECTOR; 01021 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights); 01022 } 01023 if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL)) 01024 { 01025 type = RSBAC_RC_GENERAL_TYPE; 01026 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETDEV_REQUEST_VECTOR; 01027 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights); 01028 } 01029 if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL)) 01030 { 01031 type = RSBAC_RC_GENERAL_TYPE; 01032 rights = RSBAC_READ_WRITE_REQUEST_VECTOR & RSBAC_NETOBJ_REQUEST_VECTOR; 01033 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights); 01034 } 01035 if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL)) 01036 { 01037 #ifdef CONFIG_RSBAC_USER_MOD_IOPERM 01038 type = ST_ioports; 01039 rights = RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_PERMISSIONS_DATA); 01040 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 01041 #endif 01042 type = ST_rlimit; 01043 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA) 01044 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA); 01045 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 01046 type = ST_rsbaclog; 01047 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA) 01048 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA); 01049 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 01050 type = ST_other; 01051 rights = RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC); 01052 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 01053 type = ST_network; 01054 rights = RSBAC_RC_RIGHTS_VECTOR(R_GET_STATUS_DATA); 01055 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 01056 } 01057 } 01058 role = RSBAC_RC_BOOT_ROLE; 01059 if(!rsbac_list_add(role_handle, &role, &bo_entry)) 01060 { 01061 if(!rsbac_list_lol_add(role_tcfd_handle, &role, NULL)) 01062 { 01063 type = RSBAC_RC_GENERAL_TYPE; 01064 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR 01065 | RSBAC_EXECUTE_REQUEST_VECTOR 01066 | RSBAC_SYSTEM_REQUEST_VECTOR) 01067 & RSBAC_FD_REQUEST_VECTOR; 01068 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights); 01069 type = RSBAC_RC_SYS_TYPE; 01070 rsbac_list_lol_subadd(role_tcfd_handle, &role, &type, &rights); 01071 } 01072 if(!rsbac_list_lol_add(role_tcdv_handle, &role, NULL)) 01073 { 01074 type = RSBAC_RC_GENERAL_TYPE; 01075 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR; 01076 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights); 01077 type = RSBAC_RC_SYS_TYPE; 01078 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_DEV_REQUEST_VECTOR; 01079 rsbac_list_lol_subadd(role_tcdv_handle, &role, &type, &rights); 01080 } 01081 if(!rsbac_list_lol_add(role_tcus_handle, &role, NULL)) 01082 { 01083 type = RSBAC_RC_GENERAL_TYPE; 01084 rights = (RSBAC_READ_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_USER_REQUEST_VECTOR; 01085 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights); 01086 type = RSBAC_RC_SYS_TYPE; 01087 rights = (RSBAC_READ_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_USER_REQUEST_VECTOR; 01088 rsbac_list_lol_subadd(role_tcus_handle, &role, &type, &rights); 01089 } 01090 if(!rsbac_list_lol_add(role_tcpr_handle, &role, NULL)) 01091 { 01092 type = RSBAC_RC_GENERAL_TYPE; 01093 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR; 01094 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 01095 type = RSBAC_RC_SYS_TYPE; 01096 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR; 01097 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 01098 type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE; 01099 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_PROCESS_REQUEST_VECTOR; 01100 rsbac_list_lol_subadd(role_tcpr_handle, &role, &type, &rights); 01101 } 01102 if(!rsbac_list_lol_add(role_tcip_handle, &role, NULL)) 01103 { 01104 type = RSBAC_RC_GENERAL_TYPE; 01105 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR; 01106 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights); 01107 type = RSBAC_RC_SYS_TYPE; 01108 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_IPC_REQUEST_VECTOR; 01109 rsbac_list_lol_subadd(role_tcip_handle, &role, &type, &rights); 01110 } 01111 if(!rsbac_list_lol_add(role_tcnd_handle, &role, NULL)) 01112 { 01113 type = RSBAC_RC_GENERAL_TYPE; 01114 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETDEV_REQUEST_VECTOR; 01115 rsbac_list_lol_subadd(role_tcnd_handle, &role, &type, &rights); 01116 } 01117 if(!rsbac_list_lol_add(role_tcnt_handle, &role, NULL)) 01118 { 01119 type = RSBAC_RC_GENERAL_TYPE; 01120 rights = (RSBAC_READ_REQUEST_VECTOR) & RSBAC_NETTEMP_REQUEST_VECTOR; 01121 rsbac_list_lol_subadd(role_tcnt_handle, &role, &type, &rights); 01122 } 01123 if(!rsbac_list_lol_add(role_tcno_handle, &role, NULL)) 01124 { 01125 type = RSBAC_RC_GENERAL_TYPE; 01126 rights = (RSBAC_READ_WRITE_REQUEST_VECTOR | RSBAC_SYSTEM_REQUEST_VECTOR) & RSBAC_NETOBJ_REQUEST_VECTOR; 01127 rsbac_list_lol_subadd(role_tcno_handle, &role, &type, &rights); 01128 } 01129 if(!rsbac_list_lol_add(role_tcsc_handle, &role, NULL)) 01130 { 01131 rights = RSBAC_SCD_REQUEST_VECTOR 01132 & (RSBAC_SYSTEM_REQUEST_VECTOR | RSBAC_READ_WRITE_REQUEST_VECTOR ); 01133 for(type = ST_time_strucs; type <= ST_rsbac; type++) 01134 { 01135 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 01136 } 01137 for(type = ST_network; type < ST_none; type++) 01138 { 01139 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 01140 } 01141 type = ST_other; 01142 rights = RSBAC_RC_RIGHTS_VECTOR(R_ADD_TO_KERNEL) 01143 | RSBAC_RC_RIGHTS_VECTOR(R_MAP_EXEC) 01144 | RSBAC_RC_RIGHTS_VECTOR(R_MODIFY_SYSTEM_DATA) 01145 | RSBAC_RC_RIGHTS_VECTOR(R_MOUNT) 01146 | RSBAC_RC_RIGHTS_VECTOR(R_REMOVE_FROM_KERNEL) 01147 | RSBAC_RC_RIGHTS_VECTOR(R_UMOUNT) 01148 | RSBAC_RC_RIGHTS_VECTOR(R_SHUTDOWN); 01149 rsbac_list_lol_subadd(role_tcsc_handle, &role, &type, &rights); 01150 } 01151 } 01152 } 01153 01154 list_info.version = RSBAC_RC_TYPE_FD_LIST_VERSION; 01155 list_info.key = RSBAC_RC_LIST_KEY; 01156 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01157 list_info.data_size = sizeof(struct rsbac_rc_type_fd_entry_t); 01158 list_info.max_age = 0; 01159 err = rsbac_list_register(RSBAC_LIST_VERSION, 01160 &type_fd_handle, 01161 &list_info, 01162 #if defined(CONFIG_RSBAC_RC_BACKUP) 01163 RSBAC_LIST_BACKUP | 01164 #endif 01165 RSBAC_LIST_PERSIST, 01166 rsbac_list_compare_u32, 01167 NULL, 01168 NULL, 01169 RSBAC_RC_TYPE_FD_FILENAME, 01170 RSBAC_AUTO_DEV); 01171 if(err) 01172 { 01173 registration_error(err, "type FD"); 01174 } 01175 if(!rsbac_no_defaults && !rsbac_list_count(type_fd_handle)) 01176 { 01177 rsbac_rc_type_id_t type; 01178 struct rsbac_rc_type_fd_entry_t entry; 01179 01180 type = RSBAC_RC_GENERAL_TYPE; 01181 strcpy(entry.name, "General FD"); 01182 entry.need_secdel = 0; 01183 rsbac_list_add(type_fd_handle, &type, &entry); 01184 type = RSBAC_RC_SEC_TYPE; 01185 strcpy(entry.name, "Security FD"); 01186 entry.need_secdel = 0; 01187 rsbac_list_add(type_fd_handle, &type, &entry); 01188 type = RSBAC_RC_SYS_TYPE; 01189 strcpy(entry.name, "System FD"); 01190 entry.need_secdel = 0; 01191 rsbac_list_add(type_fd_handle, &type, &entry); 01192 } 01193 list_info.version = RSBAC_RC_TYPE_DEV_LIST_VERSION; 01194 list_info.key = RSBAC_RC_LIST_KEY; 01195 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01196 list_info.data_size = RSBAC_RC_NAME_LEN; 01197 list_info.max_age = 0; 01198 err = rsbac_list_register(RSBAC_LIST_VERSION, 01199 &type_dev_handle, 01200 &list_info, 01201 #if defined(CONFIG_RSBAC_RC_BACKUP) 01202 RSBAC_LIST_BACKUP | 01203 #endif 01204 RSBAC_LIST_PERSIST, 01205 rsbac_list_compare_u32, 01206 NULL, 01207 NULL, 01208 RSBAC_RC_TYPE_DEV_FILENAME, 01209 RSBAC_AUTO_DEV); 01210 if(err) 01211 { 01212 registration_error(err, "type DEV"); 01213 } 01214 if(!rsbac_no_defaults && !rsbac_list_count(type_dev_handle)) 01215 { 01216 rsbac_rc_type_id_t type; 01217 char name[RSBAC_RC_NAME_LEN]; 01218 01219 type = RSBAC_RC_GENERAL_TYPE; 01220 strcpy(name, "General Device"); 01221 rsbac_list_add(type_dev_handle, &type, name); 01222 type = RSBAC_RC_SEC_TYPE; 01223 strcpy(name, "Security Device"); 01224 rsbac_list_add(type_dev_handle, &type, name); 01225 type = RSBAC_RC_SYS_TYPE; 01226 strcpy(name, "System Device"); 01227 rsbac_list_add(type_dev_handle, &type, &name); 01228 } 01229 list_info.version = RSBAC_RC_TYPE_IPC_LIST_VERSION; 01230 list_info.key = RSBAC_RC_LIST_KEY; 01231 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01232 list_info.data_size = RSBAC_RC_NAME_LEN; 01233 list_info.max_age = 0; 01234 err = rsbac_list_register(RSBAC_LIST_VERSION, 01235 &type_ipc_handle, 01236 &list_info, 01237 #if defined(CONFIG_RSBAC_RC_BACKUP) 01238 RSBAC_LIST_BACKUP | 01239 #endif 01240 RSBAC_LIST_PERSIST, 01241 rsbac_list_compare_u32, 01242 NULL, 01243 NULL, 01244 RSBAC_RC_TYPE_IPC_FILENAME, 01245 RSBAC_AUTO_DEV); 01246 if(err) 01247 { 01248 registration_error(err, "type IPC"); 01249 } 01250 if(!rsbac_no_defaults && !rsbac_list_count(type_ipc_handle)) 01251 { 01252 rsbac_rc_type_id_t type; 01253 char name[RSBAC_RC_NAME_LEN]; 01254 01255 type = RSBAC_RC_GENERAL_TYPE; 01256 strcpy(name, "General IPC"); 01257 rsbac_list_add(type_ipc_handle, &type, name); 01258 type = RSBAC_RC_SEC_TYPE; 01259 strcpy(name, "Security IPC"); 01260 rsbac_list_add(type_ipc_handle, &type, name); 01261 type = RSBAC_RC_SYS_TYPE; 01262 strcpy(name, "System IPC"); 01263 rsbac_list_add(type_ipc_handle, &type, &name); 01264 } 01265 list_info.version = RSBAC_RC_TYPE_USER_LIST_VERSION; 01266 list_info.key = RSBAC_RC_LIST_KEY; 01267 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01268 list_info.data_size = RSBAC_RC_NAME_LEN; 01269 list_info.max_age = 0; 01270 err = rsbac_list_register(RSBAC_LIST_VERSION, 01271 &type_user_handle, 01272 &list_info, 01273 #if defined(CONFIG_RSBAC_RC_BACKUP) 01274 RSBAC_LIST_BACKUP | 01275 #endif 01276 RSBAC_LIST_PERSIST, 01277 rsbac_list_compare_u32, 01278 NULL, 01279 NULL, 01280 RSBAC_RC_TYPE_USER_FILENAME, 01281 RSBAC_AUTO_DEV); 01282 if(err) 01283 { 01284 registration_error(err, "type USER"); 01285 } 01286 if(!rsbac_no_defaults && !rsbac_list_count(type_user_handle)) 01287 { 01288 rsbac_rc_type_id_t type; 01289 char name[RSBAC_RC_NAME_LEN]; 01290 01291 type = RSBAC_RC_GENERAL_TYPE; 01292 strcpy(name, "General User"); 01293 rsbac_list_add(type_user_handle, &type, name); 01294 type = RSBAC_RC_SEC_TYPE; 01295 strcpy(name, "Security User"); 01296 rsbac_list_add(type_user_handle, &type, name); 01297 type = RSBAC_RC_SYS_TYPE; 01298 strcpy(name, "System User"); 01299 rsbac_list_add(type_user_handle, &type, &name); 01300 } 01301 list_info.version = RSBAC_RC_TYPE_PROCESS_LIST_VERSION; 01302 list_info.key = RSBAC_RC_LIST_KEY; 01303 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01304 list_info.data_size = RSBAC_RC_NAME_LEN; 01305 list_info.max_age = 0; 01306 err = rsbac_list_register(RSBAC_LIST_VERSION, 01307 &type_process_handle, 01308 &list_info, 01309 #if defined(CONFIG_RSBAC_RC_BACKUP) 01310 RSBAC_LIST_BACKUP | 01311 #endif 01312 RSBAC_LIST_PERSIST, 01313 rsbac_list_compare_u32, 01314 NULL, 01315 NULL, 01316 RSBAC_RC_TYPE_PROCESS_FILENAME, 01317 RSBAC_AUTO_DEV); 01318 if(err) 01319 { 01320 registration_error(err, "type PROCESS"); 01321 } 01322 if(!rsbac_no_defaults && !rsbac_list_count(type_process_handle)) 01323 { 01324 rsbac_rc_type_id_t type; 01325 char name[RSBAC_RC_NAME_LEN]; 01326 01327 type = RSBAC_RC_GENERAL_TYPE; 01328 strcpy(name, "General Process"); 01329 rsbac_list_add(type_process_handle, &type, name); 01330 type = RSBAC_RC_SEC_TYPE; 01331 strcpy(name, "Security Proc"); 01332 rsbac_list_add(type_process_handle, &type, name); 01333 type = RSBAC_RC_SYS_TYPE; 01334 strcpy(name, "System Process"); 01335 rsbac_list_add(type_process_handle, &type, &name); 01336 } 01337 if(!rsbac_no_defaults) 01338 { 01339 rsbac_rc_type_id_t type = CONFIG_RSBAC_RC_KERNEL_PROCESS_TYPE; 01340 01341 if(!rsbac_list_exist(type_process_handle, &type)) 01342 { 01343 char name[RSBAC_RC_NAME_LEN]; 01344 rsbac_rc_role_id_t * role_array; 01345 u_long count; 01346 rsbac_rc_rights_vector_t rights; 01347 01348 strcpy(name, "Kernel Process"); 01349 rsbac_list_add(type_process_handle, &type, &name); 01350 01351 /* Set type compatibilities for the new type for all roles */ 01352 rights = RSBAC_READ_WRITE_REQUEST_VECTOR 01353 & RSBAC_PROCESS_REQUEST_VECTOR; 01354 01355 count = rsbac_list_lol_get_all_desc(role_tcpr_handle, (void **) &role_array); 01356 if(count > 0) 01357 { 01358 u_int i; 01359 01360 for(i=0; i < count; i++) 01361 { 01362 if(!rsbac_list_lol_subexist(role_tcpr_handle, &role_array[i], &type)) 01363 rsbac_list_lol_subadd(role_tcpr_handle, &role_array[i], &type, &rights); 01364 } 01365 rsbac_vfree(role_array); 01366 } 01367 } 01368 } 01369 list_info.version = RSBAC_RC_TYPE_NETDEV_LIST_VERSION; 01370 list_info.key = RSBAC_RC_LIST_KEY; 01371 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01372 list_info.data_size = RSBAC_RC_NAME_LEN; 01373 list_info.max_age = 0; 01374 err = rsbac_list_register(RSBAC_LIST_VERSION, 01375 &type_netdev_handle, 01376 &list_info, 01377 #if defined(CONFIG_RSBAC_RC_BACKUP) 01378 RSBAC_LIST_BACKUP | 01379 #endif 01380 RSBAC_LIST_PERSIST, 01381 rsbac_list_compare_u32, 01382 NULL, 01383 NULL, 01384 RSBAC_RC_TYPE_NETDEV_FILENAME, 01385 RSBAC_AUTO_DEV); 01386 if(err) 01387 { 01388 registration_error(err, "type NETDEV"); 01389 } 01390 if(!rsbac_no_defaults && !rsbac_list_count(type_netdev_handle)) 01391 { 01392 rsbac_rc_type_id_t type; 01393 char name[RSBAC_RC_NAME_LEN]; 01394 01395 type = RSBAC_RC_GENERAL_TYPE; 01396 strcpy(name, "General NETDEV"); 01397 rsbac_list_add(type_netdev_handle, &type, name); 01398 type = RSBAC_RC_SEC_TYPE; 01399 strcpy(name, "Security NETDEV"); 01400 rsbac_list_add(type_netdev_handle, &type, name); 01401 type = RSBAC_RC_SYS_TYPE; 01402 strcpy(name, "System NETDEV"); 01403 rsbac_list_add(type_netdev_handle, &type, &name); 01404 } 01405 list_info.version = RSBAC_RC_TYPE_NETTEMP_LIST_VERSION; 01406 list_info.key = RSBAC_RC_LIST_KEY; 01407 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01408 list_info.data_size = RSBAC_RC_NAME_LEN; 01409 list_info.max_age = 0; 01410 err = rsbac_list_register(RSBAC_LIST_VERSION, 01411 &type_nettemp_handle, 01412 &list_info, 01413 #if defined(CONFIG_RSBAC_RC_BACKUP) 01414 RSBAC_LIST_BACKUP | 01415 #endif 01416 RSBAC_LIST_PERSIST, 01417 rsbac_list_compare_u32, 01418 NULL, 01419 NULL, 01420 RSBAC_RC_TYPE_NETTEMP_FILENAME, 01421 RSBAC_AUTO_DEV); 01422 if(err) 01423 { 01424 registration_error(err, "type NETTEMP"); 01425 } 01426 if(!rsbac_no_defaults && !rsbac_list_count(type_nettemp_handle)) 01427 { 01428 rsbac_rc_type_id_t type; 01429 char name[RSBAC_RC_NAME_LEN]; 01430 01431 type = RSBAC_RC_GENERAL_TYPE; 01432 strcpy(name, "General NETTEMP"); 01433 rsbac_list_add(type_nettemp_handle, &type, name); 01434 type = RSBAC_RC_SEC_TYPE; 01435 strcpy(name, "Securit NETTEMP"); 01436 rsbac_list_add(type_nettemp_handle, &type, name); 01437 type = RSBAC_RC_SYS_TYPE; 01438 strcpy(name, "System NETTEMP"); 01439 rsbac_list_add(type_nettemp_handle, &type, &name); 01440 } 01441 list_info.version = RSBAC_RC_TYPE_NETOBJ_LIST_VERSION; 01442 list_info.key = RSBAC_RC_LIST_KEY; 01443 list_info.desc_size = sizeof(rsbac_rc_type_id_t); 01444 list_info.data_size = RSBAC_RC_NAME_LEN; 01445 list_info.max_age = 0; 01446 err = rsbac_list_register(RSBAC_LIST_VERSION, 01447 &type_netobj_handle, 01448 &list_info, 01449 #if defined(CONFIG_RSBAC_RC_BACKUP) 01450 RSBAC_LIST_BACKUP | 01451 #endif 01452 RSBAC_LIST_PERSIST, 01453 rsbac_list_compare_u32, 01454 NULL, 01455 NULL, 01456 RSBAC_RC_TYPE_NETOBJ_FILENAME, 01457 RSBAC_AUTO_DEV); 01458 if(err) 01459 { 01460 registration_error(err, "type NETOBJ"); 01461 } 01462 if(!rsbac_no_defaults && !rsbac_list_count(type_netobj_handle)) 01463 { 01464 rsbac_rc_type_id_t type; 01465 char name[RSBAC_RC_NAME_LEN]; 01466 01467 type = RSBAC_RC_GENERAL_TYPE; 01468 strcpy(name, "General NETOBJ"); 01469 rsbac_list_add(type_netobj_handle, &type, name); 01470 type = RSBAC_RC_SEC_TYPE; 01471 strcpy(name, "Security NETOBJ"); 01472 rsbac_list_add(type_netobj_handle, &type, name); 01473 type = RSBAC_RC_SYS_TYPE; 01474 strcpy(name, "System NETOBJ"); 01475 rsbac_list_add(type_netobj_handle, &type, &name); 01476 } 01477 01478 #ifdef CONFIG_RSBAC_DEBUG 01479 if(rsbac_debug_stack) 01480 { 01481 unsigned long * n = (unsigned long *) (current+1); 01482 01483 while (!*n) 01484 n++; 01485 #ifdef CONFIG_RSBAC_RMSG 01486 rsbac_printk(KERN_DEBUG "rsbac_init_rc: free stack before adding proc entry: %lu\n", 01487 (unsigned long) n - (unsigned long)(current+1)); 01488 #endif 01489 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01490 if (!rsbac_nosyslog) 01491 #endif 01492 printk(KERN_DEBUG "rsbac_init_rc: free stack before adding proc entry: %lu\n", 01493 (unsigned long) n - (unsigned long)(current+1)); 01494 } 01495 #endif 01496 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS) 01497 tmp_entry_p = create_proc_entry("stats_rc", 01498 S_IFREG | S_IRUGO, 01499 proc_rsbac_root_p); 01500 if(tmp_entry_p) 01501 { 01502 tmp_entry_p->get_info = stats_rc_proc_info; 01503 } 01504 01505 #endif 01506 01507 #ifdef CONFIG_RSBAC_DEBUG 01508 if(rsbac_debug_stack) 01509 { 01510 unsigned long * n = (unsigned long *) (current+1); 01511 01512 while (!*n) 01513 n++; 01514 #ifdef CONFIG_RSBAC_RMSG 01515 rsbac_printk(KERN_DEBUG "rsbac_init_rc: final free stack: %lu\n", 01516 (unsigned long) n - (unsigned long)(current+1)); 01517 #endif 01518 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01519 if (!rsbac_nosyslog) 01520 #endif 01521 printk(KERN_DEBUG "rsbac_init_rc: final free stack: %lu\n", 01522 (unsigned long) n - (unsigned long)(current+1)); 01523 } 01524 if (rsbac_debug_ds_rc) 01525 { 01526 #ifdef CONFIG_RSBAC_RMSG 01527 rsbac_printk(KERN_DEBUG "rsbac_init_rc(): Ready.\n"); 01528 #endif 01529 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01530 if (!rsbac_nosyslog) 01531 #endif 01532 printk(KERN_DEBUG "rsbac_init_rc(): Ready.\n"); 01533 } 01534 #endif 01535 return(err); 01536 }; 01537 01538 /***************************************************/ 01539 /* We also need some status information... */ 01540 01541 int rsbac_stats_rc(void) 01542 { 01543 if (!rsbac_is_initialized) 01544 { 01545 printk(KERN_WARNING "rsbac_stats_rc(): RSBAC not initialized\n"); 01546 return(-RSBAC_ENOTINITIALIZED); 01547 } 01548 01549 #ifdef CONFIG_RSBAC_RMSG 01550 rsbac_printk(KERN_INFO "Role entry size is %u, %lu entries used\n", 01551 sizeof(struct rsbac_rc_role_entry_t), 01552 rsbac_list_count(role_handle)); 01553 01554 rsbac_printk(KERN_INFO "Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", 01555 rsbac_list_count(type_fd_handle), 01556 rsbac_list_count(type_dev_handle), 01557 rsbac_list_count(type_ipc_handle), 01558 rsbac_list_count(type_user_handle), 01559 rsbac_list_count(type_process_handle), 01560 rsbac_list_count(type_netdev_handle), 01561 rsbac_list_count(type_nettemp_handle), 01562 rsbac_list_count(type_netobj_handle)); 01563 #endif 01564 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01565 if (!rsbac_nosyslog) 01566 #endif 01567 { 01568 printk(KERN_INFO "Role entry size is %u, %lu entries used\n", 01569 sizeof(struct rsbac_rc_role_entry_t), 01570 rsbac_list_count(role_handle)); 01571 01572 printk(KERN_INFO "Used type entries: fd: %lu, dev: %lu, ipc: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", 01573 rsbac_list_count(type_fd_handle), 01574 rsbac_list_count(type_dev_handle), 01575 rsbac_list_count(type_ipc_handle), 01576 rsbac_list_count(type_user_handle), 01577 rsbac_list_count(type_process_handle), 01578 rsbac_list_count(type_netdev_handle), 01579 rsbac_list_count(type_nettemp_handle), 01580 rsbac_list_count(type_netobj_handle)); 01581 } 01582 return(0); 01583 }; 01584 01585 /************************************************* */ 01586 /* Access functions */ 01587 /************************************************* */ 01588 01589 /* Find the boot role */ 01590 #ifdef CONFIG_RSBAC_INIT_DELAY 01591 int rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p) 01592 #else 01593 int __init rsbac_rc_get_boot_role(rsbac_rc_role_id_t * role_p) 01594 #endif 01595 { 01596 /* Try to find role marked as boot role */ 01597 if(rsbac_list_get_desc(role_handle, 01598 role_p, 01599 role_p, 01600 rsbac_rc_role_compare_data) 01601 ) 01602 { /* none found */ 01603 return -RSBAC_ENOTFOUND; 01604 } 01605 return 0; 01606 } 01607 01608 01609 /* Invalid parameter combinations return an error. */ 01610 01611 int rsbac_rc_copy_role (rsbac_rc_role_id_t from_role, 01612 rsbac_rc_role_id_t to_role) 01613 { 01614 struct rsbac_rc_role_entry_t entry; 01615 rsbac_rc_role_id_t * role_array; 01616 char * item_array; 01617 long count; 01618 u_long i; 01619 int err; 01620 01621 if (!rsbac_is_initialized()) 01622 { 01623 printk(KERN_WARNING "rsbac_rc_copy_role(): RSBAC not initialized\n"); 01624 return(-RSBAC_ENOTINITIALIZED); 01625 } 01626 if( (from_role > RC_role_max_value) 01627 || (to_role > RC_role_max_value) 01628 || (to_role == from_role) 01629 ) 01630 return(-RSBAC_EINVALIDTARGET); 01631 01632 /* copy */ 01633 err = rsbac_list_get_data(role_handle, &from_role, &entry); 01634 if(err) 01635 return err; 01636 err = rsbac_list_add(role_handle, &to_role, &entry); 01637 if(err) 01638 return err; 01639 01640 rsbac_list_lol_remove(role_rc_handle, &to_role); 01641 count = rsbac_list_lol_get_all_subdesc(role_rc_handle, &from_role, (void **) &role_array); 01642 if(count > 0) 01643 { 01644 for(i=0; i<count ; i++) 01645 rsbac_list_lol_subadd(role_rc_handle, &to_role, &role_array[i], NULL); 01646 rsbac_vfree(role_array); 01647 } 01648 rsbac_list_lol_remove(role_adr_handle, &to_role); 01649 count = rsbac_list_lol_get_all_subdesc(role_adr_handle, &from_role, (void **) &role_array); 01650 if(count > 0) 01651 { 01652 for(i=0; i<count ; i++) 01653 rsbac_list_lol_subadd(role_adr_handle, &to_role, &role_array[i], NULL); 01654 rsbac_vfree(role_array); 01655 } 01656 rsbac_list_lol_remove(role_asr_handle, &to_role); 01657 count = rsbac_list_lol_get_all_subdesc(role_asr_handle, &from_role, (void **) &role_array); 01658 if(count > 0) 01659 { 01660 for(i=0; i<count ; i++) 01661 rsbac_list_lol_subadd(role_asr_handle, &to_role, &role_array[i], NULL); 01662 rsbac_vfree(role_array); 01663 } 01664 rsbac_list_lol_remove(role_tcfd_handle, &to_role); 01665 count = rsbac_list_lol_get_all_subitems(role_tcfd_handle, &from_role, (void **) &item_array); 01666 if(count > 0) 01667 { 01668 char * tmp = item_array; 01669 int size = rsbac_list_lol_get_subitem_size(role_tcfd_handle); 01670 01671 for(i=0; i<count ; i++) 01672 { 01673 rsbac_list_lol_subadd(role_tcfd_handle, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t)); 01674 tmp += size; 01675 } 01676 rsbac_vfree(item_array); 01677 } 01678 rsbac_list_lol_remove(role_tcdv_handle, &to_role); 01679 count = rsbac_list_lol_get_all_subitems(role_tcdv_handle, &from_role, (void **) &item_array); 01680 if(count > 0) 01681 { 01682 char * tmp = item_array; 01683 int size = rsbac_list_lol_get_subitem_size(role_tcdv_handle); 01684 01685 for(i=0; i<count ; i++) 01686 { 01687 rsbac_list_lol_subadd(role_tcdv_handle, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t)); 01688 tmp += size; 01689 } 01690 rsbac_vfree(item_array); 01691 } 01692 rsbac_list_lol_remove(role_tcus_handle, &to_role); 01693 count = rsbac_list_lol_get_all_subitems(role_tcus_handle, &from_role, (void **) &item_array); 01694 if(count > 0) 01695 { 01696 char * tmp = item_array; 01697 int size = rsbac_list_lol_get_subitem_size(role_tcus_handle); 01698 01699 for(i=0; i<count ; i++) 01700 { 01701 rsbac_list_lol_subadd(role_tcus_handle, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t)); 01702 tmp += size; 01703 } 01704 rsbac_vfree(item_array); 01705 } 01706 rsbac_list_lol_remove(role_tcpr_handle, &to_role); 01707 count = rsbac_list_lol_get_all_subitems(role_tcpr_handle, &from_role, (void **) &item_array); 01708 if(count > 0) 01709 { 01710 char * tmp = item_array; 01711 int size = rsbac_list_lol_get_subitem_size(role_tcpr_handle); 01712 01713 for(i=0; i<count ; i++) 01714 { 01715 rsbac_list_lol_subadd(role_tcpr_handle, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t)); 01716 tmp += size; 01717 } 01718 rsbac_vfree(item_array); 01719 } 01720 rsbac_list_lol_remove(role_tcip_handle, &to_role); 01721 count = rsbac_list_lol_get_all_subitems(role_tcip_handle, &from_role, (void **) &item_array); 01722 if(count > 0) 01723 { 01724 char * tmp = item_array; 01725 int size = rsbac_list_lol_get_subitem_size(role_tcip_handle); 01726 01727 for(i=0; i<count ; i++) 01728 { 01729 rsbac_list_lol_subadd(role_tcip_handle, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t)); 01730 tmp += size; 01731 } 01732 rsbac_vfree(item_array); 01733 } 01734 rsbac_list_lol_remove(role_tcsc_handle, &to_role); 01735 count = rsbac_list_lol_get_all_subitems(role_tcsc_handle, &from_role, (void **) &item_array); 01736 if(count > 0) 01737 { 01738 char * tmp = item_array; 01739 int size = rsbac_list_lol_get_subitem_size(role_tcsc_handle); 01740 01741 for(i=0; i<count ; i++) 01742 { 01743 rsbac_list_lol_subadd(role_tcsc_handle, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t)); 01744 tmp += size; 01745 } 01746 rsbac_vfree(item_array); 01747 } 01748 rsbac_list_lol_remove(role_tcnd_handle, &to_role); 01749 count = rsbac_list_lol_get_all_subitems(role_tcnd_handle, &from_role, (void **) &item_array); 01750 if(count > 0) 01751 { 01752 char * tmp = item_array; 01753 int size = rsbac_list_lol_get_subitem_size(role_tcnd_handle); 01754 01755 for(i=0; i<count ; i++) 01756 { 01757 rsbac_list_lol_subadd(role_tcnd_handle, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t)); 01758 tmp += size; 01759 } 01760 rsbac_vfree(item_array); 01761 } 01762 rsbac_list_lol_remove(role_tcnt_handle, &to_role); 01763 count = rsbac_list_lol_get_all_subitems(role_tcnt_handle, &from_role, (void **) &item_array); 01764 if(count > 0) 01765 { 01766 char * tmp = item_array; 01767 int size = rsbac_list_lol_get_subitem_size(role_tcnt_handle); 01768 01769 for(i=0; i<count ; i++) 01770 { 01771 rsbac_list_lol_subadd(role_tcnt_handle, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t)); 01772 tmp += size; 01773 } 01774 rsbac_vfree(item_array); 01775 } 01776 rsbac_list_lol_remove(role_tcno_handle, &to_role); 01777 count = rsbac_list_lol_get_all_subitems(role_tcno_handle, &from_role, (void **) &item_array); 01778 if(count > 0) 01779 { 01780 char * tmp = item_array; 01781 int size = rsbac_list_lol_get_subitem_size(role_tcno_handle); 01782 01783 for(i=0; i<count ; i++) 01784 { 01785 rsbac_list_lol_subadd(role_tcno_handle, &to_role, tmp, tmp + sizeof(rsbac_rc_role_id_t)); 01786 tmp += size; 01787 } 01788 rsbac_vfree(item_array); 01789 } 01790 return(0); 01791 }; 01792 01793 01794 /* Getting values */ 01795 int rsbac_rc_get_item (enum rsbac_rc_target_t target, 01796 union rsbac_rc_target_id_t tid, 01797 union rsbac_rc_target_id_t subtid, 01798 enum rsbac_rc_item_t item, 01799 union rsbac_rc_item_value_t * value_p, 01800 rsbac_time_t * ttl_p) 01801 { 01802 int err=0; 01803 struct rsbac_rc_role_entry_t role_entry; 01804 struct rsbac_rc_type_fd_entry_t type_fd_entry; 01805 01806 if (!rsbac_is_initialized()) 01807 { 01808 printk(KERN_WARNING "rsbac_rc_get_item(): RSBAC not initialized\n"); 01809 return(-RSBAC_ENOTINITIALIZED); 01810 } 01811 if (in_interrupt()) 01812 { 01813 #ifdef CONFIG_RSBAC_RMSG 01814 rsbac_printk(KERN_WARNING "rsbac_rc_get_item(): called from interrupt!\n"); 01815 #endif 01816 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01817 if (!rsbac_nosyslog) 01818 #endif 01819 printk(KERN_WARNING "rsbac_rc_get_item(): called from interrupt!\n"); 01820 } 01821 if(ttl_p) 01822 *ttl_p = 0; 01823 switch (target) 01824 { 01825 case RT_ROLE: 01826 if(tid.role > RC_role_max_value) 01827 return(-RSBAC_EINVALIDTARGET); 01828 /* 01829 #ifdef CONFIG_RSBAC_DEBUG 01830 if (rsbac_debug_ds_rc) 01831 { 01832 #ifdef CONFIG_RSBAC_RMSG 01833 rsbac_printk(KERN_DEBUG 01834 "rsbac_rc_get_item(): getting role item value\n"); 01835 #endif 01836 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01837 if (!rsbac_nosyslog) 01838 #endif 01839 printk(KERN_DEBUG 01840 "rsbac_rc_get_item(): getting role item value\n"); 01841 } 01842 #endif 01843 */ 01844 switch (item) 01845 { 01846 case RI_role_comp: 01847 if(!rsbac_list_lol_get_subdata_ttl(role_rc_handle, 01848 ttl_p, 01849 &tid.role, 01850 &subtid.role, 01851 NULL)) 01852 value_p->comp = TRUE; 01853 else 01854 value_p->comp = FALSE; 01855 return 0; 01856 case RI_admin_roles: 01857 if(!rsbac_list_lol_get_subdata_ttl(role_adr_handle, 01858 ttl_p, 01859 &tid.role, 01860 &subtid.role, 01861 NULL)) 01862 value_p->comp = TRUE; 01863 else 01864 value_p->comp = FALSE; 01865 return 0; 01866 case RI_assign_roles: 01867 if(!rsbac_list_lol_get_subdata_ttl(role_asr_handle, 01868 ttl_p, 01869 &tid.role, 01870 &subtid.role, 01871 NULL)) 01872 value_p->comp = TRUE; 01873 else 01874 value_p->comp = FALSE; 01875 return 0; 01876 case RI_type_comp_fd: 01877 if(rsbac_list_lol_get_subdata_ttl(role_tcfd_handle, 01878 ttl_p, 01879 &tid.role, 01880 &subtid.type, 01881 &value_p->rights)) 01882 { 01883 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 01884 if(ttl_p) 01885 *ttl_p = 0; 01886 } 01887 return 0; 01888 case RI_type_comp_dev: 01889 if(rsbac_list_lol_get_subdata_ttl(role_tcdv_handle, 01890 ttl_p, 01891 &tid.role, 01892 &subtid.type, 01893 &value_p->rights)) 01894 { 01895 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 01896 if(ttl_p) 01897 *ttl_p = 0; 01898 } 01899 return 0; 01900 case RI_type_comp_user: 01901 if(rsbac_list_lol_get_subdata_ttl(role_tcus_handle, 01902 ttl_p, 01903 &tid.role, 01904 &subtid.type, 01905 &value_p->rights)) 01906 { 01907 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 01908 if(ttl_p) 01909 *ttl_p = 0; 01910 } 01911 return 0; 01912 case RI_type_comp_process: 01913 if(rsbac_list_lol_get_subdata_ttl(role_tcpr_handle, 01914 ttl_p, 01915 &tid.role, 01916 &subtid.type, 01917 &value_p->rights)) 01918 { 01919 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 01920 if(ttl_p) 01921 *ttl_p = 0; 01922 } 01923 return 0; 01924 case RI_type_comp_ipc: 01925 if(rsbac_list_lol_get_subdata_ttl(role_tcip_handle, 01926 ttl_p, 01927 &tid.role, 01928 &subtid.type, 01929 &value_p->rights)) 01930 { 01931 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 01932 if(ttl_p) 01933 *ttl_p = 0; 01934 } 01935 return 0; 01936 case RI_type_comp_scd: 01937 if(rsbac_list_lol_get_subdata_ttl(role_tcsc_handle, 01938 ttl_p, 01939 &tid.role, 01940 &subtid.type, 01941 &value_p->rights)) 01942 { 01943 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 01944 if(ttl_p) 01945 *ttl_p = 0; 01946 } 01947 return 0; 01948 case RI_type_comp_netdev: 01949 if(rsbac_list_lol_get_subdata_ttl(role_tcnd_handle, 01950 ttl_p, 01951 &tid.role, 01952 &subtid.type, 01953 &value_p->rights)) 01954 { 01955 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 01956 if(ttl_p) 01957 *ttl_p = 0; 01958 } 01959 return 0; 01960 case RI_type_comp_nettemp: 01961 if(rsbac_list_lol_get_subdata_ttl(role_tcnt_handle, 01962 ttl_p, 01963 &tid.role, 01964 &subtid.type, 01965 &value_p->rights)) 01966 { 01967 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 01968 if(ttl_p) 01969 *ttl_p = 0; 01970 } 01971 return 0; 01972 case RI_type_comp_netobj: 01973 if(rsbac_list_lol_get_subdata_ttl(role_tcno_handle, 01974 ttl_p, 01975 &tid.role, 01976 &subtid.type, 01977 &value_p->rights)) 01978 { 01979 value_p->rights = RSBAC_RC_DEFAULT_RIGHTS_VECTOR; 01980 if(ttl_p) 01981 *ttl_p = 0; 01982 } 01983 return 0; 01984 case RI_admin_type: 01985 if(!(err = rsbac_list_get_data(role_handle, &tid.role, &role_entry))) 01986 value_p->admin_type = role_entry.admin_type; 01987 return err; 01988 case RI_name: 01989 if(!(err = rsbac_list_get_data(role_handle, &tid.role, &role_entry))) 01990 { 01991 strncpy(value_p->name, role_entry.name, RSBAC_RC_NAME_LEN - 1); 01992 value_p->name[RSBAC_RC_NAME_LEN - 1] = (char) 0; 01993 } 01994 return err; 01995 case RI_def_fd_create_type: 01996 if(!(err = rsbac_list_get_data(role_handle, &tid.role, &role_entry))) 01997 value_p->type_id = role_entry.def_fd_create_type; 01998 return err; 01999 case RI_def_user_create_type: 02000 if(!(err = rsbac_list_get_data(role_handle, &tid.role, &role_entry))) 02001 value_p->type_id = role_entry.def_user_create_type; 02002 return err; 02003 case RI_def_process_create_type: 02004 if(!(err = rsbac_list_get_data(role_handle, &tid.role, &role_entry))) 02005 value_p->type_id = role_entry.def_process_create_type; 02006 return err; 02007 case RI_def_process_chown_type: 02008 if(!(err = rsbac_list_get_data(role_handle, &tid.role, &role_entry))) 02009 value_p->type_id = role_entry.def_process_chown_type; 02010 return err; 02011 case RI_def_process_execute_type: 02012 if(!(err = rsbac_list_get_data(role_handle, &tid.role, &role_entry))) 02013 value_p->type_id = role_entry.def_process_execute_type; 02014 return err; 02015 case RI_def_ipc_create_type: 02016 if(!(err = rsbac_list_get_data(role_handle, &tid.role, &role_entry))) 02017 value_p->type_id = role_entry.def_ipc_create_type; 02018 return err; 02019 case RI_boot_role: 02020 if(!(err = rsbac_list_get_data(role_handle, &tid.role, &role_entry))) 02021 value_p->boot_role = role_entry.boot_role; 02022 return err; 02023 default: 02024 return -RSBAC_EINVALIDATTR; 02025 } 02026 /* return */ 02027 return(err); 02028 break; 02029 02030 case RT_TYPE: 02031 if(tid.type > RC_type_max_value) 02032 return(-RSBAC_EINVALIDTARGET); 02033 /* 02034 #ifdef CONFIG_RSBAC_DEBUG 02035 if (rsbac_debug_ds_rc) 02036 printk(KERN_DEBUG 02037 "rsbac_rc_get_item(): getting type item value\n"); 02038 #endif 02039 */ 02040 switch (item) 02041 { 02042 case RI_type_fd_name: 02043 if(!(err = rsbac_list_get_data(type_fd_handle, &tid.type, &type_fd_entry))) 02044 { 02045 strncpy(value_p->name, type_fd_entry.name, RSBAC_RC_NAME_LEN - 1); 02046 value_p->name[RSBAC_RC_NAME_LEN - 1] = (char) 0; 02047 } 02048 return err; 02049 case RI_type_fd_need_secdel: 02050 if(!(err = rsbac_list_get_data(type_fd_handle, &tid.type, &type_fd_entry))) 02051 { 02052 value_p->need_secdel = type_fd_entry.need_secdel; 02053 } 02054 return err; 02055 case RI_type_dev_name: 02056 return rsbac_list_get_data(type_dev_handle, &tid.type, value_p->name); 02057 case RI_type_ipc_name: 02058 return rsbac_list_get_data(type_ipc_handle, &tid.type, value_p->name); 02059 case RI_type_user_name: 02060 return rsbac_list_get_data(type_user_handle, &tid.type, value_p->name); 02061 case RI_type_process_name: 02062 return rsbac_list_get_data(type_process_handle, &tid.type, value_p->name); 02063 case RI_type_netdev_name: 02064 return rsbac_list_get_data(type_netdev_handle, &tid.type, value_p->name); 02065 case RI_type_nettemp_name: 02066 return rsbac_list_get_data(type_nettemp_handle, &tid.type, value_p->name); 02067 case RI_type_netobj_name: 02068 return rsbac_list_get_data(type_netobj_handle, &tid.type, value_p->name); 02069 case RI_type_scd_name: 02070 { 02071 char * tmp; 02072 02073 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02074 if(!tmp) 02075 err = -RSBAC_ENOMEM; 02076 else 02077 { 02078 get_rc_scd_type_name(tmp,tid.type); 02079 strncpy(value_p->name, tmp, RSBAC_RC_NAME_LEN - 1); 02080 value_p->name[RSBAC_RC_NAME_LEN - 1] = (char) 0; 02081 rsbac_kfree(tmp); 02082 } 02083 break; 02084 } 02085 default: 02086 err = -RSBAC_EINVALIDATTR; 02087 } 02088 /* and return */ 02089 return(err); 02090 break; 02091 02092 /* switch target: no valid target */ 02093 default: 02094 err = -RSBAC_EINVALIDTARGET; 02095 } 02096 return err; 02097 }; /* end of rsbac_rc_get_item() */ 02098 02099 /* Checking role's compatibility */ 02100 boolean rsbac_rc_check_comp (rsbac_rc_role_id_t role, 02101 union rsbac_rc_target_id_t subtid, 02102 enum rsbac_rc_item_t item, 02103 enum rsbac_rc_special_rights_t right) 02104 { 02105 rsbac_rc_rights_vector_t rights_vector; 02106 02107 if (!rsbac_is_initialized()) 02108 { 02109 printk(KERN_WARNING "rsbac_rc_check_comp(): RSBAC not initialized\n"); 02110 return(-RSBAC_ENOTINITIALIZED); 02111 } 02112 if (in_interrupt()) 02113 { 02114 #ifdef CONFIG_RSBAC_RMSG 02115 rsbac_printk(KERN_WARNING "rsbac_rc_check_comp(): called from interrupt!\n"); 02116 #endif 02117 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02118 if (!rsbac_nosyslog) 02119 #endif 02120 printk(KERN_WARNING "rsbac_rc_check_comp(): called from interrupt!\n"); 02121 } 02122 if(role > RC_role_max_value) 02123 return FALSE; 02124 /* 02125 #ifdef CONFIG_RSBAC_DEBUG 02126 if (rsbac_debug_ds_rc) 02127 printk(KERN_DEBUG 02128 "rsbac_rc_check_comp(): checking role compatibility\n"); 02129 #endif 02130 */ 02131 switch (item) 02132 { 02133 case RI_role_comp: 02134 return rsbac_list_lol_subexist(role_rc_handle, &role, &subtid.role); 02135 case RI_admin_roles: 02136 return rsbac_list_lol_subexist(role_adr_handle, &role, &subtid.role); 02137 case RI_assign_roles: 02138 return rsbac_list_lol_subexist(role_asr_handle, &role, &subtid.role); 02139 case RI_type_comp_fd: 02140 if( !rsbac_list_lol_get_subdata(role_tcfd_handle, &role, &subtid.type, &rights_vector) 02141 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 02142 ) 02143 return TRUE; 02144 else 02145 return FALSE; 02146 case RI_type_comp_dev: 02147 if( !rsbac_list_lol_get_subdata(role_tcdv_handle, &role, &subtid.type, &rights_vector) 02148 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 02149 ) 02150 return TRUE; 02151 else 02152 return FALSE; 02153 case RI_type_comp_user: 02154 if( !rsbac_list_lol_get_subdata(role_tcus_handle, &role, &subtid.type, &rights_vector) 02155 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 02156 ) 02157 return TRUE; 02158 else 02159 return FALSE; 02160 case RI_type_comp_process: 02161 if( !rsbac_list_lol_get_subdata(role_tcpr_handle, &role, &subtid.type, &rights_vector) 02162 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 02163 ) 02164 return TRUE; 02165 else 02166 return FALSE; 02167 case RI_type_comp_ipc: 02168 if( !rsbac_list_lol_get_subdata(role_tcip_handle, &role, &subtid.type, &rights_vector) 02169 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 02170 ) 02171 return TRUE; 02172 else 02173 return FALSE; 02174 case RI_type_comp_scd: 02175 if( !rsbac_list_lol_get_subdata(role_tcsc_handle, &role, &subtid.type, &rights_vector) 02176 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 02177 ) 02178 return TRUE; 02179 else 02180 return FALSE; 02181 case RI_type_comp_netdev: 02182 if( !rsbac_list_lol_get_subdata(role_tcnd_handle, &role, &subtid.type, &rights_vector) 02183 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 02184 ) 02185 return TRUE; 02186 else 02187 return FALSE; 02188 case RI_type_comp_nettemp: 02189 if( !rsbac_list_lol_get_subdata(role_tcnt_handle, &role, &subtid.type, &rights_vector) 02190 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 02191 ) 02192 return TRUE; 02193 else 02194 return FALSE; 02195 case RI_type_comp_netobj: 02196 if( !rsbac_list_lol_get_subdata(role_tcno_handle, &role, &subtid.type, &rights_vector) 02197 && (rights_vector & RSBAC_RC_RIGHTS_VECTOR(right)) 02198 ) 02199 return TRUE; 02200 else 02201 return FALSE; 02202 02203 default: 02204 #ifdef CONFIG_RSBAC_RMSG 02205 rsbac_printk(KERN_WARNING 02206 "rsbac_rc_check_comp(): called for invalid item %u\n", 02207 item); 02208 #endif 02209 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02210 if (!rsbac_nosyslog) 02211 #endif 02212 printk(KERN_WARNING 02213 "rsbac_rc_check_comp(): called for invalid item %u\n", 02214 item); 02215 return FALSE; 02216 } 02217 }; /* end of rsbac_rc_check_comp() */ 02218 02219 /* Get list of defined items. Returns number or negative error. 02220 * item is to distinguish type targets, use RI_type_xx_name */ 02221 int rsbac_rc_get_list(enum rsbac_rc_target_t target, 02222 union rsbac_rc_target_id_t tid, 02223 enum rsbac_rc_item_t item, 02224 __u32 ** array_pp, 02225 rsbac_time_t ** ttl_array_pp) 02226 { 02227 int res; 02228 02229 if (!rsbac_is_initialized()) 02230 { 02231 printk(KERN_WARNING "rsbac_rc_get_list(): RSBAC not initialized\n"); 02232 return(-RSBAC_ENOTINITIALIZED); 02233 } 02234 if (in_interrupt()) 02235 { 02236 #ifdef CONFIG_RSBAC_RMSG 02237 rsbac_printk(KERN_WARNING "rsbac_rc_get_list(): called from interrupt!\n"); 02238 #endif 02239 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02240 if (!rsbac_nosyslog) 02241 #endif 02242 printk(KERN_WARNING "rsbac_rc_get_list(): called from interrupt!\n"); 02243 } 02244 if(ttl_array_pp) 02245 *ttl_array_pp = NULL; 02246 switch (target) 02247 { 02248 case RT_ROLE: 02249 /* 02250 #ifdef CONFIG_RSBAC_DEBUG 02251 if (rsbac_debug_ds_rc) 02252 printk(KERN_DEBUG 02253 "rsbac_rc_get_list(): getting role list\n"); 02254 #endif 02255 */ 02256 switch (item) 02257 { 02258 case RI_name: 02259 if(array_pp) 02260 return rsbac_list_get_all_desc(role_handle, (void **) array_pp); 02261 else 02262 return rsbac_list_count(role_handle); 02263 case RI_role_comp: 02264 if(array_pp) 02265 res = rsbac_list_lol_get_all_subdesc_ttl(role_rc_handle, 02266 &tid.role, 02267 (void **) array_pp, 02268 ttl_array_pp); 02269 else 02270 res = rsbac_list_lol_subcount(role_rc_handle, &tid.role); 02271 if(res == -RSBAC_ENOTFOUND) 02272 return 0; 02273 else 02274 return res; 02275 case RI_admin_roles: 02276 if(array_pp) 02277 res = rsbac_list_lol_get_all_subdesc_ttl(role_adr_handle, 02278 &tid.role, 02279 (void **) array_pp, 02280 ttl_array_pp); 02281 else 02282 res = rsbac_list_lol_subcount(role_adr_handle, &tid.role); 02283 if(res == -RSBAC_ENOTFOUND) 02284 return 0; 02285 else 02286 return res; 02287 case RI_assign_roles: 02288 if(array_pp) 02289 res = rsbac_list_lol_get_all_subdesc_ttl(role_asr_handle, 02290 &tid.role, 02291 (void **) array_pp, 02292 ttl_array_pp); 02293 else 02294 res = rsbac_list_lol_subcount(role_asr_handle, &tid.role); 02295 if(res == -RSBAC_ENOTFOUND) 02296 return 0; 02297 else 02298 return res; 02299 case RI_type_comp_fd: 02300 if(array_pp) 02301 return rsbac_list_lol_get_all_subdesc_ttl(role_tcfd_handle, 02302 &tid.role, 02303 (void **) array_pp, 02304 ttl_array_pp); 02305 else 02306 return rsbac_list_lol_subcount(role_tcfd_handle, &tid.role); 02307 case RI_type_comp_dev: 02308 if(array_pp) 02309 return rsbac_list_lol_get_all_subdesc_ttl(role_tcdv_handle, 02310 &tid.role, 02311 (void **) array_pp, 02312 ttl_array_pp); 02313 else 02314 return rsbac_list_lol_subcount(role_tcdv_handle, &tid.role); 02315 case RI_type_comp_user: 02316 if(array_pp) 02317 return rsbac_list_lol_get_all_subdesc_ttl(role_tcus_handle, 02318 &tid.role, 02319 (void **) array_pp, 02320 ttl_array_pp); 02321 else 02322 return rsbac_list_lol_subcount(role_tcus_handle, &tid.role); 02323 case RI_type_comp_process: 02324 if(array_pp) 02325 return rsbac_list_lol_get_all_subdesc_ttl(role_tcpr_handle, 02326 &tid.role, 02327 (void **) array_pp, 02328 ttl_array_pp); 02329 else 02330 return rsbac_list_lol_subcount(role_tcpr_handle, &tid.role); 02331 case RI_type_comp_ipc: 02332 if(array_pp) 02333 return rsbac_list_lol_get_all_subdesc_ttl(role_tcip_handle, 02334 &tid.role, 02335 (void **) array_pp, 02336 ttl_array_pp); 02337 else 02338 return rsbac_list_lol_subcount(role_tcip_handle, &tid.role); 02339 case RI_type_comp_scd: 02340 if(array_pp) 02341 return rsbac_list_lol_get_all_subdesc_ttl(role_tcsc_handle, 02342 &tid.role, 02343 (void **) array_pp, 02344 ttl_array_pp); 02345 else 02346 return rsbac_list_lol_subcount(role_tcsc_handle, &tid.role); 02347 case RI_type_comp_netdev: 02348 if(array_pp) 02349 return rsbac_list_lol_get_all_subdesc_ttl(role_tcnd_handle, 02350 &tid.role, 02351 (void **) array_pp, 02352 ttl_array_pp); 02353 else 02354 return rsbac_list_lol_subcount(role_tcnd_handle, &tid.role); 02355 case RI_type_comp_nettemp: 02356 if(array_pp) 02357 return rsbac_list_lol_get_all_subdesc_ttl(role_tcnt_handle, 02358 &tid.role, 02359 (void **) array_pp, 02360 ttl_array_pp); 02361 else 02362 return rsbac_list_lol_subcount(role_tcnt_handle, &tid.role); 02363 case RI_type_comp_netobj: 02364 if(array_pp) 02365 return rsbac_list_lol_get_all_subdesc_ttl(role_tcno_handle, 02366 &tid.role, 02367 (void **) array_pp, 02368 ttl_array_pp); 02369 else 02370 return rsbac_list_lol_subcount(role_tcno_handle, &tid.role); 02371 02372 default: 02373 return -RSBAC_EINVALIDATTR; 02374 } 02375 02376 case RT_TYPE: 02377 /* 02378 #ifdef CONFIG_RSBAC_DEBUG 02379 if (rsbac_debug_ds_rc) 02380 printk(KERN_DEBUG 02381 "rsbac_rc_get_item(): getting type item value\n"); 02382 #endif 02383 */ 02384 switch (item) 02385 { 02386 case RI_type_fd_name: 02387 case RI_type_fd_need_secdel: 02388 if(array_pp) 02389 return rsbac_list_get_all_desc(type_fd_handle, (void **) array_pp); 02390 else 02391 return rsbac_list_count(type_fd_handle); 02392 case RI_type_dev_name: 02393 if(array_pp) 02394 return rsbac_list_get_all_desc(type_dev_handle, (void **) array_pp); 02395 else 02396 return rsbac_list_count(type_dev_handle); 02397 case RI_type_ipc_name: 02398 if(array_pp) 02399 return rsbac_list_get_all_desc(type_ipc_handle, (void **) array_pp); 02400 else 02401 return rsbac_list_count(type_ipc_handle); 02402 case RI_type_user_name: 02403 if(array_pp) 02404 return rsbac_list_get_all_desc(type_user_handle, (void **) array_pp); 02405 else 02406 return rsbac_list_count(type_user_handle); 02407 case RI_type_process_name: 02408 if(array_pp) 02409 return rsbac_list_get_all_desc(type_process_handle, (void **) array_pp); 02410 else 02411 return rsbac_list_count(type_process_handle); 02412 case RI_type_netdev_name: 02413 if(array_pp) 02414 return rsbac_list_get_all_desc(type_netdev_handle, (void **) array_pp); 02415 else 02416 return rsbac_list_count(type_netdev_handle); 02417 case RI_type_nettemp_name: 02418 if(array_pp) 02419 return rsbac_list_get_all_desc(type_nettemp_handle, (void **) array_pp); 02420 else 02421 return rsbac_list_count(type_nettemp_handle); 02422 case RI_type_netobj_name: 02423 if(array_pp) 02424 return rsbac_list_get_all_desc(type_netobj_handle, (void **) array_pp); 02425 else 02426 return rsbac_list_count(type_netobj_handle); 02427 02428 default: 02429 return -RSBAC_EINVALIDATTR; 02430 } 02431 02432 default: 02433 return -RSBAC_EINVALIDTARGET; 02434 } 02435 }; /* end of rsbac_rc_get_list() */ 02436 02437 02438 /* Setting values */ 02439 int rsbac_rc_set_item(enum rsbac_rc_target_t target, 02440 union rsbac_rc_target_id_t tid, 02441 union rsbac_rc_target_id_t subtid, 02442 enum rsbac_rc_item_t item, 02443 union rsbac_rc_item_value_t value, 02444 rsbac_time_t ttl) 02445 { 02446 int err=0; 02447 02448 if (!rsbac_is_initialized()) 02449 { 02450 printk(KERN_WARNING "rsbac_rc_set_item(): RSBAC not initialized\n"); 02451 return(-RSBAC_ENOTINITIALIZED); 02452 } 02453 if (in_interrupt()) 02454 { 02455 #ifdef CONFIG_RSBAC_RMSG 02456 rsbac_printk(KERN_WARNING "rsbac_rc_set_item(): called from interrupt!\n"); 02457 #endif 02458 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02459 if (!rsbac_nosyslog) 02460 #endif 02461 printk(KERN_WARNING "rsbac_rc_set_item(): called from interrupt!\n"); 02462 } 02463 switch (target) 02464 { 02465 case RT_ROLE: 02466 if(tid.role > RC_role_max_value) 02467 return(-RSBAC_EINVALIDTARGET); 02468 if( (item != RI_name) 02469 && !rsbac_list_exist(role_handle, &tid.role) 02470 ) 02471 return(-RSBAC_EINVALIDTARGET); 02472 #ifdef CONFIG_RSBAC_DEBUG 02473 if (rsbac_debug_ds_rc) 02474 { 02475 #ifdef CONFIG_RSBAC_RMSG 02476 rsbac_printk(KERN_DEBUG 02477 "rsbac_rc_set_item(): Setting role item value\n"); 02478 #endif 02479 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02480 if (!rsbac_nosyslog) 02481 #endif 02482 printk(KERN_DEBUG 02483 "rsbac_rc_set_item(): Setting role item value\n"); 02484 } 02485 #endif 02486 switch (item) 02487 { 02488 case RI_role_comp: 02489 if(value.comp) 02490 { 02491 return rsbac_list_lol_subadd_ttl(role_rc_handle, 02492 ttl, 02493 &tid.role, 02494 &subtid.role, 02495 NULL); 02496 } 02497 else 02498 { 02499 rsbac_list_lol_subremove(role_rc_handle, &tid.role, &subtid.role); 02500 return 0; 02501 } 02502 case RI_admin_roles: 02503 if(value.comp) 02504 { 02505 return rsbac_list_lol_subadd_ttl(role_adr_handle, 02506 ttl, 02507 &tid.role, 02508 &subtid.role, 02509 NULL); 02510 } 02511 else 02512 { 02513 rsbac_list_lol_subremove(role_adr_handle, &tid.role, &subtid.role); 02514 return 0; 02515 } 02516 case RI_assign_roles: 02517 if(value.comp) 02518 { 02519 return rsbac_list_lol_subadd_ttl(role_asr_handle, 02520 ttl, 02521 &tid.role, 02522 &subtid.role, 02523 NULL); 02524 } 02525 else 02526 { 02527 rsbac_list_lol_subremove(role_asr_handle, &tid.role, &subtid.role); 02528 return 0; 02529 } 02530 case RI_type_comp_fd: 02531 if(!rsbac_list_exist(type_fd_handle, &subtid.type)) 02532 return -RSBAC_EINVALIDVALUE; 02533 return rsbac_list_lol_subadd_ttl(role_tcfd_handle, 02534 ttl, 02535 &tid.role, 02536 &subtid.type, 02537 &value.rights); 02538 case RI_type_comp_dev: 02539 if(!rsbac_list_exist(type_dev_handle, &subtid.type)) 02540 return -RSBAC_EINVALIDVALUE; 02541 return rsbac_list_lol_subadd_ttl(role_tcdv_handle, 02542 ttl, 02543 &tid.role, 02544 &subtid.type, 02545 &value.rights); 02546 case RI_type_comp_user: 02547 if(!rsbac_list_exist(type_user_handle, &subtid.type)) 02548 return -RSBAC_EINVALIDVALUE; 02549 return rsbac_list_lol_subadd_ttl(role_tcus_handle, 02550 ttl, 02551 &tid.role, 02552 &subtid.type, 02553 &value.rights); 02554 case RI_type_comp_process: 02555 if(!rsbac_list_exist(type_process_handle, &subtid.type)) 02556 return -RSBAC_EINVALIDVALUE; 02557 return rsbac_list_lol_subadd_ttl(role_tcpr_handle, 02558 ttl, 02559 &tid.role, 02560 &subtid.type, 02561 &value.rights); 02562 case RI_type_comp_ipc: 02563 if(!rsbac_list_exist(type_ipc_handle, &subtid.type)) 02564 return -RSBAC_EINVALIDVALUE; 02565 return rsbac_list_lol_subadd_ttl(role_tcip_handle, 02566 ttl, 02567 &tid.role, 02568 &subtid.type, 02569 &value.rights); 02570 case RI_type_comp_scd: 02571 if( (subtid.type >= ST_none) 02572 && (subtid.type < RST_min) 02573 ) 02574 return -RSBAC_EINVALIDVALUE; 02575 if(subtid.type >= RST_none) 02576 return -RSBAC_EINVALIDVALUE; 02577 return rsbac_list_lol_subadd_ttl(role_tcsc_handle, 02578 ttl, 02579 &tid.role, 02580 &subtid.type, 02581 &value.rights); 02582 case RI_type_comp_netdev: 02583 if(!rsbac_list_exist(type_netdev_handle, &subtid.type)) 02584 return -RSBAC_EINVALIDVALUE; 02585 return rsbac_list_lol_subadd_ttl(role_tcnd_handle, 02586 ttl, 02587 &tid.role, 02588 &subtid.type, 02589 &value.rights); 02590 case RI_type_comp_nettemp: 02591 if(!rsbac_list_exist(type_nettemp_handle, &subtid.type)) 02592 return -RSBAC_EINVALIDVALUE; 02593 return rsbac_list_lol_subadd_ttl(role_tcnt_handle, 02594 ttl, 02595 &tid.role, 02596 &subtid.type, 02597 &value.rights); 02598 case RI_type_comp_netobj: 02599 if(!rsbac_list_exist(type_netobj_handle, &subtid.type)) 02600 return -RSBAC_EINVALIDVALUE; 02601 return rsbac_list_lol_subadd_ttl(role_tcno_handle, 02602 ttl, 02603 &tid.role, 02604 &subtid.type, 02605 &value.rights); 02606 case RI_admin_type: 02607 { 02608 struct rsbac_rc_role_entry_t entry; 02609 02610 err = rsbac_list_get_data(role_handle, &tid.role, &entry); 02611 if(err) 02612 return err; 02613 entry.admin_type = value.admin_type; 02614 return rsbac_list_add(role_handle, &tid.role, &entry); 02615 } 02616 case RI_name: 02617 { 02618 struct rsbac_rc_role_entry_t entry; 02619 02620 /* no empty names */ 02621 if(!value.name[0]) 02622 return -RSBAC_EINVALIDVALUE; 02623 /* create, if necessary, and set name */ 02624 memset(&entry, 0, sizeof(struct rsbac_rc_role_entry_t)); 02625 rsbac_list_get_data(role_handle, &tid.role, &entry); 02626 strncpy(entry.name, value.name, RSBAC_RC_NAME_LEN - 1); 02627 entry.name[RSBAC_RC_NAME_LEN-1] = 0; 02628 return rsbac_list_add(role_handle, &tid.role, &entry); 02629 } 02630 case RI_remove_role: 02631 /* remove role compat. */ 02632 rsbac_list_lol_remove(role_rc_handle, &tid.role); 02633 /* remove from other roles' role compat */ 02634 rsbac_list_lol_subremove_from_all(role_rc_handle, &tid.role); 02635 02636 /* remove admin roles */ 02637 rsbac_list_lol_remove(role_adr_handle, &tid.role); 02638 /* remove from other roles' admin roles */ 02639 rsbac_list_lol_subremove_from_all(role_adr_handle, &tid.role); 02640 02641 /* remove assign roles */ 02642 rsbac_list_lol_remove(role_asr_handle, &tid.role); 02643 /* remove from other roles' assign roles */ 02644 rsbac_list_lol_subremove_from_all(role_asr_handle, &tid.role); 02645 02646 /* remove type compatibilities */ 02647 rsbac_list_lol_remove(role_tcfd_handle, &tid.role); 02648 rsbac_list_lol_remove(role_tcdv_handle, &tid.role); 02649 rsbac_list_lol_remove(role_tcus_handle, &tid.role); 02650 rsbac_list_lol_remove(role_tcpr_handle, &tid.role); 02651 rsbac_list_lol_remove(role_tcip_handle, &tid.role); 02652 rsbac_list_lol_remove(role_tcsc_handle, &tid.role); 02653 rsbac_list_lol_remove(role_tcnd_handle, &tid.role); 02654 rsbac_list_lol_remove(role_tcnt_handle, &tid.role); 02655 rsbac_list_lol_remove(role_tcno_handle, &tid.role); 02656 02657 #ifdef CONFIG_RSBAC_ACL 02658 /* remove ACL entries */ 02659 { 02660 struct rsbac_acl_entry_desc_t desc; 02661 02662 desc.subj_type = ACLS_ROLE; 02663 desc.subj_id = tid.role; 02664 rsbac_acl_remove_subject(desc); 02665 } 02666 #endif 02667 02668 return rsbac_list_remove(role_handle, &tid.role); 02669 02670 case RI_def_fd_create_type: 02671 { 02672 struct rsbac_rc_role_entry_t entry; 02673 02674 if( (value.type_id <= RC_type_max_value) 02675 && !rsbac_list_exist(type_fd_handle, &value.type_id) 02676 ) 02677 return -RSBAC_EINVALIDVALUE; 02678 if( (value.type_id > RC_type_max_value) 02679 && (value.type_id < RC_type_min_special) 02680 ) 02681 return -RSBAC_EINVALIDVALUE; 02682 err = rsbac_list_get_data(role_handle, &tid.role, &entry); 02683 if(err) 02684 return err; 02685 entry.def_fd_create_type = value.type_id; 02686 return rsbac_list_add(role_handle, &tid.role, &entry); 02687 } 02688 case RI_def_user_create_type: 02689 { 02690 struct rsbac_rc_role_entry_t entry; 02691 02692 if( (value.type_id <= RC_type_max_value) 02693 && !rsbac_list_exist(type_user_handle, &value.type_id) 02694 ) 02695 return -RSBAC_EINVALIDVALUE; 02696 if( (value.type_id > RC_type_max_value) 02697 && (value.type_id < RC_type_min_special) 02698 ) 02699 return -RSBAC_EINVALIDVALUE; 02700 err = rsbac_list_get_data(role_handle, &tid.role, &entry); 02701 if(err) 02702 return err; 02703 entry.def_user_create_type = value.type_id; 02704 return rsbac_list_add(role_handle, &tid.role, &entry); 02705 } 02706 case RI_def_process_create_type: 02707 { 02708 struct rsbac_rc_role_entry_t entry; 02709 02710 if( (value.type_id <= RC_type_max_value) 02711 && !rsbac_list_exist(type_process_handle, &value.type_id) 02712 ) 02713 return -RSBAC_EINVALIDVALUE; 02714 if( (value.type_id > RC_type_max_value) 02715 && (value.type_id < RC_type_min_special) 02716 ) 02717 return -RSBAC_EINVALIDVALUE; 02718 err = rsbac_list_get_data(role_handle, &tid.role, &entry); 02719 if(err) 02720 return err; 02721 entry.def_process_create_type = value.type_id; 02722 return rsbac_list_add(role_handle, &tid.role, &entry); 02723 } 02724 case RI_def_process_chown_type: 02725 { 02726 struct rsbac_rc_role_entry_t entry; 02727 02728 if( (value.type_id <= RC_type_max_value) 02729 && !rsbac_list_exist(type_process_handle, &value.type_id) 02730 ) 02731 return -RSBAC_EINVALIDVALUE; 02732 if( (value.type_id > RC_type_max_value) 02733 && (value.type_id < RC_type_min_special) 02734 ) 02735 return -RSBAC_EINVALIDVALUE; 02736 err = rsbac_list_get_data(role_handle, &tid.role, &entry); 02737 if(err) 02738 return err; 02739 entry.def_process_chown_type = value.type_id; 02740 return rsbac_list_add(role_handle, &tid.role, &entry); 02741 } 02742 case RI_def_process_execute_type: 02743 { 02744 struct rsbac_rc_role_entry_t entry; 02745 02746 if( (value.type_id <= RC_type_max_value) 02747 && !rsbac_list_exist(type_process_handle, &value.type_id) 02748 ) 02749 return -RSBAC_EINVALIDVALUE; 02750 if( (value.type_id > RC_type_max_value) 02751 && (value.type_id < RC_type_min_special) 02752 ) 02753 return -RSBAC_EINVALIDVALUE; 02754 err = rsbac_list_get_data(role_handle, &tid.role, &entry); 02755 if(err) 02756 return err; 02757 entry.def_process_execute_type = value.type_id; 02758 return rsbac_list_add(role_handle, &tid.role, &entry); 02759 } 02760 case RI_def_ipc_create_type: 02761 { 02762 struct rsbac_rc_role_entry_t entry; 02763 02764 if( (value.type_id <= RC_type_max_value) 02765 && !rsbac_list_exist(type_ipc_handle, &value.type_id) 02766 ) 02767 return -RSBAC_EINVALIDVALUE; 02768 if( (value.type_id > RC_type_max_value) 02769 && (value.type_id < RC_type_min_special) 02770 ) 02771 return -RSBAC_EINVALIDVALUE; 02772 err = rsbac_list_get_data(role_handle, &tid.role, &entry); 02773 if(err) 02774 return err; 02775 entry.def_ipc_create_type = value.type_id; 02776 return rsbac_list_add(role_handle, &tid.role, &entry); 02777 } 02778 case RI_boot_role: 02779 { 02780 struct rsbac_rc_role_entry_t entry; 02781 02782 err = rsbac_list_get_data(role_handle, &tid.role, &entry); 02783 if(err) 02784 return err; 02785 entry.boot_role = value.boot_role; 02786 return rsbac_list_add(role_handle, &tid.role, &entry); 02787 } 02788 02789 default: 02790 return -RSBAC_EINVALIDATTR; 02791 } 02792 02793 case RT_TYPE: 02794 if(tid.type > RC_type_max_value) 02795 return(-RSBAC_EINVALIDTARGET); 02796 #ifdef CONFIG_RSBAC_DEBUG 02797 if (rsbac_debug_ds_rc) 02798 { 02799 #ifdef CONFIG_RSBAC_RMSG 02800 rsbac_printk(KERN_DEBUG 02801 "rsbac_rc_set_item(): Setting type item value\n"); 02802 #endif 02803 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02804 if (!rsbac_nosyslog) 02805 #endif 02806 printk(KERN_DEBUG 02807 "rsbac_rc_set_item(): Setting type item value\n"); 02808 } 02809 #endif 02810 switch (item) 02811 { 02812 case RI_type_fd_name: 02813 { 02814 struct rsbac_rc_type_fd_entry_t entry; 02815 02816 /* no empty names */ 02817 if(!value.name[0]) 02818 return -RSBAC_EINVALIDVALUE; 02819 /* create, if necessary, and set name */ 02820 memset(&entry, 0, sizeof(struct rsbac_rc_type_fd_entry_t)); 02821 rsbac_list_get_data(type_fd_handle, &tid.type, &entry); 02822 strncpy(entry.name, value.name, RSBAC_RC_NAME_LEN - 1); 02823 entry.name[RSBAC_RC_NAME_LEN-1] = 0; 02824 return rsbac_list_add(type_fd_handle, &tid.type, &entry); 02825 } 02826 case RI_type_fd_need_secdel: 02827 { 02828 struct rsbac_rc_type_fd_entry_t entry; 02829 02830 err = rsbac_list_get_data(type_fd_handle, &tid.type, &entry); 02831 if(err) 02832 return err; 02833 entry.need_secdel = value.need_secdel; 02834 return rsbac_list_add(type_fd_handle, &tid.type, &entry); 02835 } 02836 case RI_type_dev_name: 02837 /* no empty names */ 02838 if(!value.name[0]) 02839 return -RSBAC_EINVALIDVALUE; 02840 /* create, if necessary, and set name */ 02841 value.name[RSBAC_RC_NAME_LEN-1] = 0; 02842 return rsbac_list_add(type_dev_handle, &tid.type, &value.name); 02843 case RI_type_ipc_name: 02844 /* no empty names */ 02845 if(!value.name[0]) 02846 return -RSBAC_EINVALIDVALUE; 02847 /* create, if necessary, and set name */ 02848 value.name[RSBAC_RC_NAME_LEN-1] = 0; 02849 return rsbac_list_add(type_ipc_handle, &tid.type, &value.name); 02850 case RI_type_user_name: 02851 /* no empty names */ 02852 if(!value.name[0]) 02853 return -RSBAC_EINVALIDVALUE; 02854 /* create, if necessary, and set name */ 02855 value.name[RSBAC_RC_NAME_LEN-1] = 0; 02856 return rsbac_list_add(type_user_handle, &tid.type, &value.name); 02857 case RI_type_process_name: 02858 /* no empty names */ 02859 if(!value.name[0]) 02860 return -RSBAC_EINVALIDVALUE; 02861 /* create, if necessary, and set name */ 02862 value.name[RSBAC_RC_NAME_LEN-1] = 0; 02863 return rsbac_list_add(type_process_handle, &tid.type, &value.name); 02864 case RI_type_netdev_name: 02865 /* no empty names */ 02866 if(!value.name[0]) 02867 return -RSBAC_EINVALIDVALUE; 02868 /* create, if necessary, and set name */ 02869 value.name[RSBAC_RC_NAME_LEN-1] = 0; 02870 return rsbac_list_add(type_netdev_handle, &tid.type, &value.name); 02871 case RI_type_nettemp_name: 02872 /* no empty names */ 02873 if(!value.name[0]) 02874 return -RSBAC_EINVALIDVALUE; 02875 /* create, if necessary, and set name */ 02876 value.name[RSBAC_RC_NAME_LEN-1] = 0; 02877 return rsbac_list_add(type_nettemp_handle, &tid.type, &value.name); 02878 case RI_type_netobj_name: 02879 /* no empty names */ 02880 if(!value.name[0]) 02881 return -RSBAC_EINVALIDVALUE; 02882 /* create, if necessary, and set name */ 02883 value.name[RSBAC_RC_NAME_LEN-1] = 0; 02884 return rsbac_list_add(type_netobj_handle, &tid.type, &value.name); 02885 02886 case RI_type_fd_remove: 02887 rsbac_list_lol_subremove_from_all(role_tcfd_handle, &tid.type); 02888 return rsbac_list_remove(type_fd_handle, &tid.type); 02889 case RI_type_dev_remove: 02890 rsbac_list_lol_subremove_from_all(role_tcdv_handle, &tid.type); 02891 return rsbac_list_remove(type_dev_handle, &tid.type); 02892 case RI_type_user_remove: 02893 rsbac_list_lol_subremove_from_all(role_tcus_handle, &tid.type); 02894 return rsbac_list_remove(type_user_handle, &tid.type); 02895 case RI_type_process_remove: 02896 rsbac_list_lol_subremove_from_all(role_tcpr_handle, &tid.type); 02897 return rsbac_list_remove(type_process_handle, &tid.type); 02898 case RI_type_ipc_remove: 02899 rsbac_list_lol_subremove_from_all(role_tcip_handle, &tid.type); 02900 return rsbac_list_remove(type_ipc_handle, &tid.type); 02901 case RI_type_netdev_remove: 02902 rsbac_list_lol_subremove_from_all(role_tcnd_handle, &tid.type); 02903 return rsbac_list_remove(type_netdev_handle, &tid.type); 02904 case RI_type_nettemp_remove: 02905 rsbac_list_lol_subremove_from_all(role_tcnt_handle, &tid.type); 02906 return rsbac_list_remove(type_nettemp_handle, &tid.type); 02907 case RI_type_netobj_remove: 02908 rsbac_list_lol_subremove_from_all(role_tcno_handle, &tid.type); 02909 return rsbac_list_remove(type_netobj_handle, &tid.type); 02910 02911 default: 02912 return -RSBAC_EINVALIDATTR; 02913 } 02914 02915 /* switch target: no valid target */ 02916 default: 02917 return -RSBAC_EINVALIDTARGET; 02918 } 02919 }; /* end of rsbac_rc_set_item() */ 02920 02921 /* end of rc_data_structures.c */

Generated on Tue Aug 31 10:05:26 2004 for RSBAC by doxygen 1.3.8