00001
00002
00003
00004
00005
00006
00007
00008
00009
#include <rsbac/types.h>
00010
#include <rsbac/aci.h>
00011
#include <rsbac/mac.h>
00012
#include <rsbac/pm.h>
00013
#include <rsbac/auth.h>
00014
#include <rsbac/acl.h>
00015
#include <rsbac/reg.h>
00016
#include <rsbac/error.h>
00017
#include <rsbac/debug.h>
00018
#include <rsbac/helpers.h>
00019
#include <rsbac/getname.h>
00020
#include <rsbac/network.h>
00021
#include <asm/segment.h>
00022
#include <asm/semaphore.h>
00023
#include <linux/sched.h>
00024
#include <linux/file.h>
00025
#include <rsbac/rkmem.h>
00026
#include <rsbac/gen_lists.h>
00027
#include <linux/smp_lock.h>
00028
#include <asm/uaccess.h>
00029
00030
#include <rsbac/adf.h>
00031
#include <rsbac/adf_main.h>
00032
#include <rsbac/adf_syshelpers.h>
00033
#include <rsbac/rc.h>
00034
#include <rsbac/syscalls.h>
00035
00036
#ifdef CONFIG_RSBAC_NET_OBJ
00037
#include <rsbac/network.h>
00038
#endif
00039
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00040
#include <linux/namei.h>
00041
#endif
00042
00043
00044
00045
00046
00047
extern struct semaphore
rsbac_write_sem;
00048
00049
00050
00051
00052
00053
00054
00055
00056
00057
00058
00059
00060 int sys_rsbac_stats(
void)
00061 {
00062
union rsbac_target_id_t rsbac_target_id;
00063
union rsbac_attribute_value_t rsbac_attribute_value;
00064
00065
#ifdef CONFIG_RSBAC_DEBUG
00066
if (rsbac_debug_aef)
00067 {
00068
#ifdef CONFIG_RSBAC_RMSG
00069
rsbac_printk(KERN_DEBUG
"sys_rsbac_stats(): calling ADF\n");
00070
#endif
00071
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00072
if (!rsbac_nosyslog)
00073
#endif
00074
printk(KERN_DEBUG
"sys_rsbac_stats(): calling ADF\n");
00075 }
00076
#endif
00077
rsbac_target_id.
scd =
ST_rsbac;
00078 rsbac_attribute_value.
dummy = 0;
00079
if (!
rsbac_adf_request(
R_GET_STATUS_DATA,
00080 current->pid,
00081
T_SCD,
00082 rsbac_target_id,
00083
A_none,
00084 rsbac_attribute_value))
00085 {
00086
return -EPERM;
00087 }
00088
00089
return(
rsbac_stats());
00090 };
00091
00092
long sys_sync(
void);
00093
00094 int sys_rsbac_check(
int correct,
int check_inode)
00095 {
00096
union rsbac_target_id_t rsbac_target_id;
00097
union rsbac_attribute_value_t rsbac_attribute_value;
00098
int result;
00099
00100
#ifdef CONFIG_RSBAC_DEBUG
00101
if (rsbac_debug_aef)
00102 {
00103
#ifdef CONFIG_RSBAC_RMSG
00104
rsbac_printk(KERN_DEBUG
"sys_rsbac_check(): calling ADF\n");
00105
#endif
00106
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00107
if (!rsbac_nosyslog)
00108
#endif
00109
printk(KERN_DEBUG
"sys_rsbac_check(): calling ADF\n");
00110 }
00111
#endif
00112
rsbac_target_id.
scd =
ST_rsbac;
00113 rsbac_attribute_value.
dummy = 0;
00114
if (!
rsbac_adf_request(
R_GET_STATUS_DATA,
00115 current->pid,
00116
T_SCD,
00117 rsbac_target_id,
00118
A_none,
00119 rsbac_attribute_value))
00120 {
00121
return -EPERM;
00122 }
00123
00124
#ifdef CONFIG_RSBAC_RMSG
00125
rsbac_printk(KERN_INFO
00126
"sys_rsbac_check(): triggering RSBAC consistency check, correct = %u, check_inode = %u!\n",
00127 correct, check_inode);
00128
#endif
00129
#ifndef CONFIG_RSBAC_RMSG_EXCL
00130
printk(KERN_INFO
00131
"sys_rsbac_check(): triggering RSBAC consistency check, correct = %u, check_inode = %u!\n",
00132 correct, check_inode);
00133
#endif
00134
00135
if(check_inode)
00136 {
00137
#ifdef CONFIG_RSBAC_RMSG
00138
rsbac_printk(KERN_INFO
00139
"sys_rsbac_check(): syncing disks\n");
00140
#endif
00141
#ifndef CONFIG_RSBAC_RMSG_EXCL
00142
printk(KERN_INFO
00143
"sys_rsbac_check(): syncing disks\n");
00144
#endif
00145
sys_sync();
00146 }
00147
00148 lock_kernel();
00149
00150
if(check_inode)
00151 down(&
rsbac_write_sem);
00152
00153 result =
rsbac_check(correct, check_inode);
00154
if(!result)
00155 result=
rsbac_check_lists(correct);
00156
00157
#if defined(CONFIG_RSBAC_MAC)
00158
if(!result)
00159 result=
rsbac_check_mac(correct, check_inode);
00160
#endif
00161
#if defined(CONFIG_RSBAC_AUTH)
00162
if(!result)
00163 result=
rsbac_check_auth(correct, check_inode);
00164
#endif
00165
#if defined(CONFIG_RSBAC_ACL)
00166
if(!result)
00167 result=
rsbac_check_acl(correct, check_inode);
00168
#endif
00169
#if defined(CONFIG_RSBAC_REG)
00170
if(!result)
00171 result=
rsbac_check_reg(correct, check_inode);
00172
#endif
00173
00174
if(check_inode)
00175 up(&
rsbac_write_sem);
00176
00177 unlock_kernel();
00178
return(result);
00179 };
00180
00181 int sys_rsbac_write(
void)
00182 {
00183
#if defined(CONFIG_RSBAC_AUTO_WRITE)
00184
union rsbac_target_id_t rsbac_target_id;
00185
union rsbac_attribute_value_t rsbac_attribute_value;
00186
int result;
00187
00188
#ifdef CONFIG_RSBAC_DEBUG
00189
if (rsbac_debug_aef)
00190 {
00191
#ifdef CONFIG_RSBAC_RMSG
00192
rsbac_printk(KERN_DEBUG
"sys_rsbac_write(): calling ADF\n");
00193
#endif
00194
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00195
if (!rsbac_nosyslog)
00196
#endif
00197
printk(KERN_DEBUG
"sys_rsbac_write(): calling ADF\n");
00198 }
00199
#endif
00200
rsbac_target_id.
scd =
ST_rsbac;
00201 rsbac_attribute_value.
dummy = 0;
00202
if (!
rsbac_adf_request(
R_WRITE,
00203 current->pid,
00204
T_SCD,
00205 rsbac_target_id,
00206
A_none,
00207 rsbac_attribute_value))
00208 {
00209
return -EPERM;
00210 }
00211
00212
00213 result =
rsbac_write(
TRUE);
00214
00215
return result;
00216
#else
00217
return(0);
00218
#endif
00219 };
00220
00221
00222
00223
00224
00225 int sys_rsbac_get_attr(
00226
enum rsbac_switch_target_t module,
00227
enum rsbac_target_t target,
00228
union rsbac_target_id_t * tid,
00229
enum rsbac_attribute_t attr,
00230
union rsbac_attribute_value_t * value,
00231
int inherit)
00232 {
00233
union rsbac_target_id_t k_tid;
00234
union rsbac_attribute_value_t k_value;
00235
int err = 0;
00236
boolean i_inherit;
00237
00238
if(module >
SW_NONE)
00239
return(-
RSBAC_EINVALIDMODULE);
00240
if(!tid || (target >=
T_NONE))
00241
return(-
RSBAC_EINVALIDTARGET);
00242
if(!value)
00243
return(-
RSBAC_EINVALIDVALUE);
00244
if(attr >=
A_none)
00245
return(-
RSBAC_EINVALIDATTR);
00246
00247
if(module ==
SW_NONE)
00248 {
00249 module =
get_attr_module(attr);
00250
if(module ==
SW_NONE)
00251
return(-
RSBAC_EINVALIDMODULE);
00252 }
00253
00254
00255 rsbac_get_user((u_char *) &k_tid, (u_char *) tid,
sizeof(k_tid) );
00256 rsbac_get_user((u_char *) &k_value, (u_char *) value,
sizeof(k_value) );
00257
00258
if(inherit)
00259 i_inherit =
TRUE;
00260
else
00261 i_inherit =
FALSE;
00262
00263
#ifdef CONFIG_RSBAC_NET_OBJ
00264
00265
if( (target ==
T_NETOBJ)
00266 && ( !k_tid.netobj.sock_p
00267 || k_tid.netobj.remote_addr
00268
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00269
|| !k_tid.netobj.sock_p->file
00270 || !k_tid.netobj.sock_p->file->f_dentry
00271 || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00272 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00273
#else
00274
|| !k_tid.netobj.sock_p->inode
00275 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00276
#endif
00277
)
00278 )
00279
return -
RSBAC_EINVALIDTARGET;
00280
#endif
00281
00282
00283
#ifdef CONFIG_RSBAC_DEBUG
00284
if (rsbac_debug_aef)
00285 {
00286
#ifdef CONFIG_RSBAC_RMSG
00287
rsbac_printk(KERN_DEBUG
"sys_rsbac_get_attr(): calling ADF\n");
00288
#endif
00289
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00290
if (!rsbac_nosyslog)
00291
#endif
00292
printk(KERN_DEBUG
"sys_rsbac_get_attr(): calling ADF\n");
00293 }
00294
#endif
00295
if (!
rsbac_adf_request(
R_READ_ATTRIBUTE,
00296 current->pid,
00297 target,
00298 k_tid,
00299 attr,
00300 k_value))
00301 {
00302
return -EPERM;
00303 }
00304
00305 err =
rsbac_get_attr(module, target, k_tid, attr, &k_value, i_inherit);
00306
00307
if(!err)
00308 {
00309 err = rsbac_put_user((u_char *) &k_value, (u_char *) value,
sizeof(k_value) );
00310 }
00311
return (err);
00312 };
00313
00314
00315 int sys_rsbac_get_attr_n(
00316
enum rsbac_switch_target_t module,
00317
enum rsbac_target_t target,
00318
char * t_name,
00319
enum rsbac_attribute_t attr,
00320
union rsbac_attribute_value_t * value,
00321
int inherit)
00322 {
00323
union rsbac_attribute_value_t k_value;
00324
struct dentry * t_dentry;
00325
int err = 0;
00326
union rsbac_target_id_t tid;
00327
00328
boolean i_inherit;
00329
struct nameidata nd;
00330
00331
if(module >
SW_NONE)
00332
return(-
RSBAC_EINVALIDMODULE);
00333
if(!t_name || (target >=
T_NONE))
00334
return(-
RSBAC_EINVALIDTARGET);
00335
if(!value)
00336
return(-
RSBAC_EINVALIDVALUE);
00337
if(attr >=
A_none)
00338
return(-
RSBAC_EINVALIDATTR);
00339
00340
if(module ==
SW_NONE)
00341 {
00342 module =
get_attr_module(attr);
00343
if(module ==
SW_NONE)
00344
return(-
RSBAC_EINVALIDMODULE);
00345 }
00346
00347
if(inherit)
00348 i_inherit =
TRUE;
00349
else
00350 i_inherit =
FALSE;
00351
00352
00353 rsbac_get_user((u_char *) &k_value, (u_char *) value,
sizeof(k_value) );
00354
00355
00356
if ((err = user_path_walk_link(t_name, &nd)))
00357 {
00358
#ifdef CONFIG_RSBAC_DEBUG
00359
if (rsbac_debug_aef)
00360 {
00361
#ifdef CONFIG_RSBAC_RMSG
00362
rsbac_printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): call to user_path_walk_link() returned %i\n", err);
00363
#endif
00364
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00365
if (!rsbac_nosyslog)
00366
#endif
00367
printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): call to user_path_walk_link() returned %i\n", err);
00368 }
00369
#endif
00370
goto out;
00371 }
00372 t_dentry = nd.dentry;
00373
if (!t_dentry->d_inode)
00374 {
00375
#ifdef CONFIG_RSBAC_DEBUG
00376
if (rsbac_debug_aef)
00377 {
00378
#ifdef CONFIG_RSBAC_RMSG
00379
rsbac_printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): file not found\n");
00380
#endif
00381
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00382
if (!rsbac_nosyslog)
00383
#endif
00384
printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): file not found\n");
00385 }
00386
#endif
00387
err = -
RSBAC_EINVALIDTARGET;
00388
goto out_dput;
00389 }
00390
00391
switch (target)
00392 {
00393
00394
case T_FD:
00395
if(S_ISREG(t_dentry->d_inode->i_mode))
00396 {
00397 target =
T_FILE;
00398 }
00399
else
00400
if(S_ISDIR(t_dentry->d_inode->i_mode))
00401 {
00402 target =
T_DIR;
00403 }
00404
else
00405
if(S_ISLNK(t_dentry->d_inode->i_mode))
00406 {
00407 target =
T_SYMLINK;
00408 }
00409
else
00410
if(S_ISFIFO(t_dentry->d_inode->i_mode))
00411 {
00412 target =
T_FIFO;
00413 }
00414
else
00415
if(S_ISBLK(t_dentry->d_inode->i_mode))
00416 {
00417 target =
T_FILE;
00418 }
00419
else
00420
if(S_ISCHR(t_dentry->d_inode->i_mode))
00421 {
00422 target =
T_FILE;
00423 }
00424
else
00425 {
00426
#ifdef CONFIG_RSBAC_DEBUG
00427
if (rsbac_debug_aef)
00428 {
00429
#ifdef CONFIG_RSBAC_RMSG
00430
rsbac_printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no filesystem object\n");
00431
#endif
00432
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00433
if (!rsbac_nosyslog)
00434
#endif
00435
printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no filesystem object\n");
00436 }
00437
#endif
00438
err = -
RSBAC_EINVALIDTARGET;
00439
goto out_dput;
00440 }
00441
break;
00442
00443
case T_FILE:
00444
if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00445 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00446 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00447 {
00448
#ifdef CONFIG_RSBAC_DEBUG
00449
if (rsbac_debug_aef)
00450 {
00451
#ifdef CONFIG_RSBAC_RMSG
00452
rsbac_printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no file\n");
00453
#endif
00454
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00455
if (!rsbac_nosyslog)
00456
#endif
00457
printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no file\n");
00458 }
00459
#endif
00460
err = -
RSBAC_EINVALIDTARGET;
00461
goto out_dput;
00462 }
00463
break;
00464
00465
case T_DIR:
00466
if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00467 {
00468
#ifdef CONFIG_RSBAC_DEBUG
00469
if (rsbac_debug_aef)
00470 {
00471
#ifdef CONFIG_RSBAC_RMSG
00472
rsbac_printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no dir\n");
00473
#endif
00474
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00475
if (!rsbac_nosyslog)
00476
#endif
00477
printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no dir\n");
00478 }
00479
#endif
00480
err = -
RSBAC_EINVALIDTARGET;
00481
goto out_dput;
00482 }
00483
break;
00484
00485
case T_FIFO:
00486
00487
if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00488 {
00489
#ifdef CONFIG_RSBAC_DEBUG
00490
if (rsbac_debug_aef)
00491 {
00492
#ifdef CONFIG_RSBAC_RMSG
00493
rsbac_printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no fifo\n");
00494
#endif
00495
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00496
if (!rsbac_nosyslog)
00497
#endif
00498
printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no fifo\n");
00499 }
00500
#endif
00501
err = -
RSBAC_EINVALIDTARGET;
00502
goto out_dput;
00503 }
00504
break;
00505
00506
case T_SYMLINK:
00507
if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
00508 {
00509
#ifdef CONFIG_RSBAC_DEBUG
00510
if (rsbac_debug_aef)
00511 {
00512
#ifdef CONFIG_RSBAC_RMSG
00513
rsbac_printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no symlink\n");
00514
#endif
00515
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00516
if (!rsbac_nosyslog)
00517
#endif
00518
printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no symlink\n");
00519 }
00520
#endif
00521
err = -
RSBAC_EINVALIDTARGET;
00522
goto out_dput;
00523 }
00524
break;
00525
00526
case T_DEV:
00527
if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
00528 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00529 {
00530
#ifdef CONFIG_RSBAC_DEBUG
00531
if (rsbac_debug_aef)
00532 {
00533
#ifdef CONFIG_RSBAC_RMSG
00534
rsbac_printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no dev\n");
00535
#endif
00536
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00537
if (!rsbac_nosyslog)
00538
#endif
00539
printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): no dev\n");
00540 }
00541
#endif
00542
err = -
RSBAC_EINVALIDTARGET;
00543
goto out_dput;
00544 }
00545
break;
00546
00547
default:
00548 err = -
RSBAC_EINVALIDTARGET;
00549
goto out_dput;
00550 }
00551
00552
if(target ==
T_DEV)
00553 {
00554
if(S_ISBLK(t_dentry->d_inode->i_mode))
00555 tid.dev.type =
D_block;
00556
else
00557 tid.dev.type =
D_char;
00558 tid.dev.id = t_dentry->d_inode->i_rdev;
00559 }
00560
else
00561 {
00562
00563 tid.file.device = t_dentry->d_sb->s_dev;
00564 tid.file.inode = t_dentry->d_inode->i_ino;
00565 tid.file.dentry_p = t_dentry;
00566 }
00567
00568
#ifdef CONFIG_RSBAC_DEBUG
00569
if (rsbac_debug_aef)
00570 {
00571
#ifdef CONFIG_RSBAC_RMSG
00572
rsbac_printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): calling ADF\n");
00573
#endif
00574
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00575
if (!rsbac_nosyslog)
00576
#endif
00577
printk(KERN_DEBUG
"sys_rsbac_get_attr_n(): calling ADF\n");
00578 }
00579
#endif
00580
if (!
rsbac_adf_request(
R_READ_ATTRIBUTE,
00581 current->pid,
00582 target,
00583 tid,
00584 attr,
00585 k_value))
00586 {
00587 err = -EPERM;
00588 }
00589
else
00590 {
00591 err =
rsbac_get_attr(module, target, tid, attr, &k_value, i_inherit);
00592
00593
if(!err)
00594 rsbac_put_user((u_char *) &k_value, (u_char *) value,
sizeof(k_value) );
00595 }
00596
00597 out_dput:
00598 path_release(&nd);
00599
00600 out:
00601
return(err);
00602 };
00603
00604
00605
00606 int sys_rsbac_set_attr(
00607
enum rsbac_switch_target_t module,
00608
enum rsbac_target_t target,
00609
union rsbac_target_id_t * tid,
00610
enum rsbac_attribute_t attr,
00611
union rsbac_attribute_value_t * value)
00612
00613 {
00614
union rsbac_target_id_t k_tid;
00615
union rsbac_attribute_value_t k_value;
00616
int err = 0;
00617
struct task_struct * task_p;
00618
00619
if(module >
SW_NONE)
00620
return(-
RSBAC_EINVALIDMODULE);
00621
if(!tid || (target >=
T_NONE))
00622
return(-
RSBAC_EINVALIDTARGET);
00623
if(!value)
00624
return(-
RSBAC_EINVALIDVALUE);
00625
if(attr >=
A_none)
00626
return(-
RSBAC_EINVALIDATTR);
00627
00628
if(module ==
SW_NONE)
00629 {
00630 module =
get_attr_module(attr);
00631
if(module ==
SW_NONE)
00632
return(-
RSBAC_EINVALIDMODULE);
00633 }
00634
00635
00636 rsbac_get_user((u_char *) &k_tid, (u_char *) tid,
sizeof(k_tid) );
00637 rsbac_get_user((u_char *) &k_value, (u_char *) value,
sizeof(k_value) );
00638
00639
00640
switch(target)
00641 {
00642
case T_PROCESS:
00643 read_lock(&tasklist_lock);
00644 task_p = find_task_by_pid(k_tid.process);
00645 read_unlock(&tasklist_lock);
00646
if(!task_p)
00647
return(-
RSBAC_EINVALIDTARGET);
00648
break;
00649
00650
#ifdef CONFIG_RSBAC_NET_OBJ
00651
00652
case T_NETOBJ:
00653
if( !k_tid.netobj.sock_p
00654 || k_tid.netobj.remote_addr
00655
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00656
|| !k_tid.netobj.sock_p->file
00657 || !k_tid.netobj.sock_p->file->f_dentry
00658 || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00659 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00660
#else
00661
|| !k_tid.netobj.sock_p->inode
00662 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00663
#endif
00664
)
00665
return -
RSBAC_EINVALIDTARGET;
00666
#endif
00667
00668
00669
default:
00670
break;
00671 }
00672
00673
00674
#ifdef CONFIG_RSBAC_DEBUG
00675
if (rsbac_debug_aef)
00676 printk(KERN_DEBUG
00677
"sys_rsbac_set_attr(): calling ADF\n");
00678
#endif
00679
if (!
rsbac_adf_request(
R_MODIFY_ATTRIBUTE,
00680 current->pid,
00681 target,
00682 k_tid,
00683 attr,
00684 k_value))
00685 {
00686
return -EPERM;
00687 }
00688 err =
rsbac_set_attr(module, target, k_tid, attr, k_value);
00689
return (err);
00690 };
00691
00692 int sys_rsbac_set_attr_n(
00693
enum rsbac_switch_target_t module,
00694
enum rsbac_target_t target,
00695
char * t_name,
00696
enum rsbac_attribute_t attr,
00697
union rsbac_attribute_value_t * value)
00698
00699 {
00700
struct dentry * t_dentry;
00701
int err = 0;
00702
union rsbac_attribute_value_t k_value;
00703
union rsbac_target_id_t tid;
00704
struct nameidata nd;
00705
00706
if(module >
SW_NONE)
00707
return(-
RSBAC_EINVALIDMODULE);
00708
if(!t_name || (target >=
T_NONE))
00709
return(-
RSBAC_EINVALIDTARGET);
00710
if(!value)
00711
return(-
RSBAC_EINVALIDVALUE);
00712
if(attr >=
A_none)
00713
return(-
RSBAC_EINVALIDATTR);
00714
00715
if(module ==
SW_NONE)
00716 {
00717 module =
get_attr_module(attr);
00718
if(module ==
SW_NONE)
00719
return(-
RSBAC_EINVALIDMODULE);
00720 }
00721
00722
00723 rsbac_get_user((u_char *) &k_value, (u_char *) value,
sizeof(k_value) );
00724
00725
00726
if ((err = user_path_walk_link(t_name, &nd)))
00727 {
00728
#ifdef CONFIG_RSBAC_DEBUG
00729
if (rsbac_debug_aef)
00730 printk(KERN_DEBUG
"sys_rsbac_set_attr_n(): call to user_path_walk_link() returned %i\n", err);
00731
#endif
00732
goto out;
00733 }
00734 t_dentry = nd.dentry;
00735
if (!t_dentry->d_inode)
00736 {
00737
#ifdef CONFIG_RSBAC_DEBUG
00738
if (rsbac_debug_aef)
00739 printk(KERN_DEBUG
"sys_rsbac_set_attr_n(): file not found\n");
00740
#endif
00741
err = -
RSBAC_EINVALIDTARGET;
00742
goto out_dput;
00743 }
00744
00745
switch (target)
00746 {
00747
00748
case T_FD:
00749
if(S_ISREG(t_dentry->d_inode->i_mode))
00750 {
00751 target =
T_FILE;
00752 }
00753
else
00754
if(S_ISDIR(t_dentry->d_inode->i_mode))
00755 {
00756 target =
T_DIR;
00757 }
00758
else
00759
if(S_ISLNK(t_dentry->d_inode->i_mode))
00760 {
00761 target =
T_SYMLINK;
00762 }
00763
else
00764
if(S_ISFIFO(t_dentry->d_inode->i_mode))
00765 {
00766 target =
T_FIFO;
00767 }
00768
else
00769
if(S_ISBLK(t_dentry->d_inode->i_mode))
00770 {
00771 target =
T_FILE;
00772 }
00773
else
00774
if(S_ISCHR(t_dentry->d_inode->i_mode))
00775 {
00776 target =
T_FILE;
00777 }
00778
else
00779 {
00780
#ifdef CONFIG_RSBAC_DEBUG
00781
if (rsbac_debug_aef)
00782 printk(KERN_DEBUG
"sys_rsbac_set_attr_n(): no filesystem object\n");
00783
#endif
00784
err = -
RSBAC_EINVALIDTARGET;
00785
goto out_dput;
00786 }
00787
break;
00788
00789
case T_FILE:
00790
if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00791 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00792 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00793 {
00794
#ifdef CONFIG_RSBAC_DEBUG
00795
if (rsbac_debug_aef)
00796 printk(KERN_DEBUG
"sys_rsbac_set_attr_n(): no file\n");
00797
#endif
00798
err = -
RSBAC_EINVALIDTARGET;
00799
goto out_dput;
00800 }
00801
break;
00802
00803
case T_DIR:
00804
if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00805 {
00806
#ifdef CONFIG_RSBAC_DEBUG
00807
if (rsbac_debug_aef) printk(KERN_DEBUG
"sys_rsbac_get_attr(): no dir\n");
00808
#endif
00809
err = -
RSBAC_EINVALIDTARGET;
00810
goto out_dput;
00811 }
00812
break;
00813
00814
case T_FIFO:
00815
00816
if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00817 {
00818
#ifdef CONFIG_RSBAC_DEBUG
00819
if (rsbac_debug_aef)
00820 printk(KERN_DEBUG
"sys_rsbac_set_attr_n(): no fifo\n");
00821
#endif
00822
err = -
RSBAC_EINVALIDTARGET;
00823
goto out_dput;
00824 }
00825
break;
00826
00827
case T_SYMLINK:
00828
if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
00829 {
00830
#ifdef CONFIG_RSBAC_DEBUG
00831
if (rsbac_debug_aef)
00832 printk(KERN_DEBUG
"sys_rsbac_set_attr_n(): no symlink\n");
00833
#endif
00834
err = -
RSBAC_EINVALIDTARGET;
00835
goto out_dput;
00836 }
00837
break;
00838
00839
case T_DEV:
00840
if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
00841 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00842 {
00843
#ifdef CONFIG_RSBAC_DEBUG
00844
if (rsbac_debug_aef) printk(KERN_DEBUG
"sys_rsbac_set_attr_n(): no dev\n");
00845
#endif
00846
err = -
RSBAC_EINVALIDTARGET;
00847
goto out_dput;
00848 }
00849
break;
00850
00851
default:
00852 err = -
RSBAC_EINVALIDTARGET;
00853
goto out_dput;
00854 }
00855
00856
if(target ==
T_DEV)
00857 {
00858
if(S_ISBLK(t_dentry->d_inode->i_mode))
00859 tid.dev.type =
D_block;
00860
else
00861 tid.dev.type =
D_char;
00862 tid.dev.id = t_dentry->d_inode->i_rdev;
00863 }
00864
else
00865 {
00866
00867 tid.file.device = t_dentry->d_sb->s_dev;
00868 tid.file.inode = t_dentry->d_inode->i_ino;
00869 tid.file.dentry_p = t_dentry;
00870 }
00871
00872
#ifdef CONFIG_RSBAC_DEBUG
00873
if (rsbac_debug_aef) printk(KERN_DEBUG
"sys_rsbac_set_attr_n(): calling ADF\n");
00874
#endif
00875
if (!
rsbac_adf_request(
R_MODIFY_ATTRIBUTE,
00876 current->pid,
00877 target,
00878 tid,
00879 attr,
00880 k_value))
00881 {
00882 err = -EPERM;
00883 }
00884
else
00885 {
00886 err =
rsbac_set_attr(module, target, tid, attr, k_value);
00887 }
00888
00889 out_dput:
00890 path_release(&nd);
00891
00892 out:
00893
return(err);
00894 };
00895
00896
00897
00898 int sys_rsbac_remove_target(
00899
enum rsbac_target_t target,
00900
union rsbac_target_id_t * tid)
00901 {
00902
union rsbac_target_id_t k_tid;
00903
int err = 0;
00904
00905
00906
union rsbac_attribute_value_t rsbac_attribute_value;
00907
00908
if(!tid || (target >=
T_NONE))
00909
return(-
RSBAC_EINVALIDTARGET);
00910
00911
00912 rsbac_get_user((u_char *) &k_tid, (u_char *) tid,
sizeof(k_tid) );
00913
00914
00915
#ifdef CONFIG_RSBAC_DEBUG
00916
if (rsbac_debug_aef) printk(KERN_DEBUG
"sys_rsbac_remove_target(): calling ADF\n");
00917
#endif
00918
rsbac_attribute_value.
dummy = 0;
00919
if (!
rsbac_adf_request(
R_MODIFY_ATTRIBUTE,
00920 current->pid,
00921 target,
00922 k_tid,
00923
A_none,
00924 rsbac_attribute_value))
00925 {
00926
return -EPERM;
00927 }
00928 err =
rsbac_remove_target(target, k_tid);
00929
return (err);
00930 };
00931
00932 int sys_rsbac_remove_target_n(
enum rsbac_target_t target,
00933
char * t_name)
00934 {
00935
struct dentry * t_dentry;
00936
int err = 0;
00937
union rsbac_target_id_t tid;
00938
00939
00940
union rsbac_attribute_value_t rsbac_attribute_value;
00941
00942
00943
00944
struct nameidata nd;
00945
00946
if(!t_name || (target >=
T_NONE))
00947
return(-
RSBAC_EINVALIDTARGET);
00948
00949
00950
if ((err = user_path_walk_link(t_name, &nd)))
00951 {
00952
#ifdef CONFIG_RSBAC_DEBUG
00953
if (rsbac_debug_aef)
00954 printk(KERN_DEBUG
"sys_rsbac_remove_target_n(): call to user_path_walk_link() returned %i\n", err);
00955
#endif
00956
goto out;
00957 }
00958 t_dentry = nd.dentry;
00959
if (!t_dentry->d_inode)
00960 {
00961
#ifdef CONFIG_RSBAC_DEBUG
00962
if (rsbac_debug_aef)
00963 printk(KERN_DEBUG
"sys_rsbac_remove_target_n(): file not found\n");
00964
#endif
00965
err = -
RSBAC_EINVALIDTARGET;
00966
goto out_dput;
00967 }
00968
00969
switch (target)
00970 {
00971
00972
case T_FD:
00973
if(S_ISREG(t_dentry->d_inode->i_mode))
00974 {
00975 target =
T_FILE;
00976 }
00977
else
00978
if(S_ISDIR(t_dentry->d_inode->i_mode))
00979 {
00980 target =
T_DIR;
00981 }
00982
else
00983
if(S_ISLNK(t_dentry->d_inode->i_mode))
00984 {
00985 target =
T_SYMLINK;
00986 }
00987
else
00988
if(S_ISFIFO(t_dentry->d_inode->i_mode))
00989 {
00990 target =
T_FIFO;
00991 }
00992
else
00993
if(S_ISBLK(t_dentry->d_inode->i_mode))
00994 {
00995 target =
T_FILE;
00996 }
00997
else
00998
if(S_ISCHR(t_dentry->d_inode->i_mode))
00999 {
01000 target =
T_FILE;
01001 }
01002
else
01003 {
01004
#ifdef CONFIG_RSBAC_DEBUG
01005
if (rsbac_debug_aef)
01006 printk(KERN_DEBUG
"sys_rsbac_remove_target_n(): no filesystem object\n");
01007
#endif
01008
err = -
RSBAC_EINVALIDTARGET;
01009
goto out_dput;
01010 }
01011
break;
01012
01013
case T_FILE:
01014
if ( !(S_ISREG(t_dentry->d_inode->i_mode))
01015 && !(S_ISBLK(t_dentry->d_inode->i_mode))
01016 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
01017 {
01018
#ifdef CONFIG_RSBAC_DEBUG
01019
if (rsbac_debug_aef)
01020 printk(KERN_DEBUG
"sys_rsbac_remove_target_n(): no file\n");
01021
#endif
01022
err = -
RSBAC_EINVALIDTARGET;
01023
goto out_dput;
01024 }
01025
break;
01026
01027
case T_DIR:
01028
if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
01029 {
01030
#ifdef CONFIG_RSBAC_DEBUG
01031
if (rsbac_debug_aef) printk(KERN_DEBUG
"sys_rsbac_get_attr(): no dir\n");
01032
#endif
01033
err = -
RSBAC_EINVALIDTARGET;
01034
goto out_dput;
01035 }
01036
break;
01037
01038
case T_FIFO:
01039
01040
if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
01041 {
01042
#ifdef CONFIG_RSBAC_DEBUG
01043
if (rsbac_debug_aef)
01044 printk(KERN_DEBUG
"sys_rsbac_remove_target_n(): no fifo\n");
01045
#endif
01046
err = -
RSBAC_EINVALIDTARGET;
01047
goto out_dput;
01048 }
01049
break;
01050
01051
case T_SYMLINK:
01052
if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
01053 {
01054
#ifdef CONFIG_RSBAC_DEBUG
01055
if (rsbac_debug_aef)
01056 printk(KERN_DEBUG
"sys_rsbac_remove_target_n(): no symlink\n");
01057
#endif
01058
err = -
RSBAC_EINVALIDTARGET;
01059
goto out_dput;
01060 }
01061
break;
01062
01063
case T_DEV:
01064
if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
01065 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
01066 {
01067
#ifdef CONFIG_RSBAC_DEBUG
01068
if (rsbac_debug_aef) printk(KERN_DEBUG
"sys_rsbac_remove_target_n(): no dev\n");
01069
#endif
01070
err = -
RSBAC_EINVALIDTARGET;
01071
goto out_dput;
01072 }
01073
break;
01074
01075
default:
01076 err = -
RSBAC_EINVALIDTARGET;
01077
goto out_dput;
01078 }
01079
01080
if(target ==
T_DEV)
01081 {
01082
if(S_ISBLK(t_dentry->d_inode->i_mode))
01083 tid.dev.type =
D_block;
01084
else
01085 tid.dev.type =
D_char;
01086 tid.dev.id = t_dentry->d_inode->i_rdev;
01087 }
01088
else
01089 {
01090
01091 tid.file.device = t_dentry->d_sb->s_dev;
01092 tid.file.inode = t_dentry->d_inode->i_ino;
01093 tid.file.dentry_p = t_dentry;
01094 }
01095
01096
#ifdef CONFIG_RSBAC_DEBUG
01097
if (rsbac_debug_aef) printk(KERN_DEBUG
"sys_rsbac_remove_target_n(): calling ADF\n");
01098
#endif
01099
rsbac_attribute_value.
dummy = 0;
01100
if (!
rsbac_adf_request(
R_MODIFY_ATTRIBUTE,
01101 current->pid,
01102 target,
01103 tid,
01104
A_none,
01105 rsbac_attribute_value))
01106 {
01107 err = -EPERM;
01108 }
01109
else
01110 {
01111 err =
rsbac_remove_target(target, tid);
01112 }
01113
01114 out_dput:
01115 path_release(&nd);
01116
01117 out:
01118
return(err);
01119 };
01120
01121 int sys_rsbac_net_list_all_netdev(
rsbac_netdev_id_t * id_p, u_long maxnum)
01122 {
01123
#ifdef CONFIG_RSBAC_NET_DEV
01124
int err=0;
01125
long count;
01126
01127
if(id_p && maxnum)
01128 {
01129
rsbac_netdev_id_t * k_id_p =
NULL;
01130
01131 count =
rsbac_net_list_all_netdev(&k_id_p);
01132
if(count <= 0)
01133
return count;
01134
if(count > maxnum)
01135 count = maxnum;
01136
01137 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count *
sizeof(*k_id_p) );
01138
01139
rsbac_vfree(k_id_p);
01140
01141
if(err)
01142
return err;
01143
else
01144
return count;
01145 }
01146
else
01147
return rsbac_net_list_all_netdev(
NULL);
01148
01149
#else
01150
return -
RSBAC_EINVALIDREQUEST;
01151
#endif
01152 }
01153
01154 int sys_rsbac_net_template(
enum rsbac_net_temp_syscall_t call,
01155
rsbac_net_temp_id_t id,
01156
union rsbac_net_temp_syscall_data_t * data_p)
01157 {
01158
#ifdef CONFIG_RSBAC_NET_OBJ
01159
union rsbac_net_temp_syscall_data_t k_data;
01160
int err = 0;
01161
01162
#ifndef CONFIG_RSBAC_MAINT
01163
union rsbac_target_id_t i_tid;
01164
union rsbac_attribute_value_t i_attr_val;
01165
#endif
01166
01167
if(!
id)
01168
return -
RSBAC_EINVALIDVALUE;
01169
if(!data_p)
01170
return -
RSBAC_EINVALIDPOINTER;
01171
01172
01173
switch(call)
01174 {
01175
case NTS_set_address:
01176
case NTS_set_address_family:
01177
case NTS_set_valid_len:
01178
case NTS_set_type:
01179
case NTS_set_protocol:
01180
case NTS_set_netdev:
01181
case NTS_set_min_port:
01182
case NTS_set_max_port:
01183
case NTS_set_name:
01184
case NTS_new_template:
01185
case NTS_copy_template:
01186 err = rsbac_get_user((u_char *) &k_data, (u_char *) data_p,
sizeof(k_data) );
01187
if(err)
01188
return err;
01189
break;
01190
case NTS_delete_template:
01191
case NTS_check_id:
01192
case NTS_get_address:
01193
case NTS_get_address_family:
01194
case NTS_get_valid_len:
01195
case NTS_get_type:
01196
case NTS_get_protocol:
01197
case NTS_get_netdev:
01198
case NTS_get_min_port:
01199
case NTS_get_max_port:
01200
case NTS_get_name:
01201
break;
01202
01203
default:
01204
return -
RSBAC_EINVALIDREQUEST;
01205 }
01206
01207
#ifndef CONFIG_RSBAC_MAINT
01208
#ifdef CONFIG_RSBAC_DEBUG
01209
if (rsbac_debug_aef)
01210 printk(KERN_DEBUG
"sys_rsbac_net_temp(): calling ADF\n");
01211
#endif
01212
i_tid.
nettemp =
id;
01213 i_attr_val.
dummy = 0;
01214
switch(call)
01215 {
01216
case NTS_new_template:
01217
if (!
rsbac_adf_request(
R_CREATE,
01218 current->pid,
01219
T_NETTEMP,
01220 i_tid,
01221
A_none,
01222 i_attr_val))
01223
#ifdef CONFIG_RSBAC_SOFTMODE
01224
if(!rsbac_softmode)
01225
#endif
01226
return -EPERM;
01227
break;
01228
01229
case NTS_copy_template:
01230
if(!
rsbac_net_template_exist(
id))
01231 {
01232
if(!
rsbac_adf_request(
R_CREATE,
01233 current->pid,
01234
T_NETTEMP,
01235 i_tid,
01236
A_none,
01237 i_attr_val))
01238
#ifdef CONFIG_RSBAC_SOFTMODE
01239
if(!rsbac_softmode)
01240
#endif
01241
return -EPERM;
01242 }
01243
else
01244 {
01245
if(!
rsbac_adf_request(
R_WRITE,
01246 current->pid,
01247
T_NETTEMP,
01248 i_tid,
01249
A_none,
01250 i_attr_val))
01251
#ifdef CONFIG_RSBAC_SOFTMODE
01252
if(!rsbac_softmode)
01253
#endif
01254
return -EPERM;
01255 }
01256 i_tid.
nettemp = k_data.
id;
01257
if (!
rsbac_adf_request(
R_READ,
01258 current->pid,
01259
T_NETTEMP,
01260 i_tid,
01261
A_none,
01262 i_attr_val))
01263
#ifdef CONFIG_RSBAC_SOFTMODE
01264
if(!rsbac_softmode)
01265
#endif
01266
return -EPERM;
01267
break;
01268
01269
case NTS_delete_template:
01270
if (!
rsbac_adf_request(
R_DELETE,
01271 current->pid,
01272
T_NETTEMP,
01273 i_tid,
01274
A_none,
01275 i_attr_val))
01276
#ifdef CONFIG_RSBAC_SOFTMODE
01277
if(!rsbac_softmode)
01278
#endif
01279
return -EPERM;
01280
break;
01281
01282
case NTS_get_address:
01283
case NTS_get_address_family:
01284
case NTS_get_valid_len:
01285
case NTS_get_type:
01286
case NTS_get_protocol:
01287
case NTS_get_netdev:
01288
case NTS_get_min_port:
01289
case NTS_get_max_port:
01290
if (!
rsbac_adf_request(
R_READ,
01291 current->pid,
01292
T_NETTEMP,
01293 i_tid,
01294
A_none,
01295 i_attr_val))
01296
#ifdef CONFIG_RSBAC_SOFTMODE
01297
if(!rsbac_softmode)
01298
#endif
01299
return -EPERM;
01300
break;
01301
01302
case NTS_set_address:
01303
case NTS_set_address_family:
01304
case NTS_set_valid_len:
01305
case NTS_set_type:
01306
case NTS_set_protocol:
01307
case NTS_set_netdev:
01308
case NTS_set_min_port:
01309
case NTS_set_max_port:
01310
case NTS_set_name:
01311
if (!
rsbac_adf_request(
R_WRITE,
01312 current->pid,
01313
T_NETTEMP,
01314 i_tid,
01315
A_none,
01316 i_attr_val))
01317
#ifdef CONFIG_RSBAC_SOFTMODE
01318
if(!rsbac_softmode)
01319
#endif
01320
return -EPERM;
01321
break;
01322
01323
default:
01324
break;
01325 }
01326
#endif
01327
01328 err =
rsbac_net_template(call,
id, &k_data);
01329
if(!err)
01330 {
01331
01332
switch(call)
01333 {
01334
case NTS_check_id:
01335
case NTS_get_address:
01336
case NTS_get_address_family:
01337
case NTS_get_valid_len:
01338
case NTS_get_type:
01339
case NTS_get_protocol:
01340
case NTS_get_netdev:
01341
case NTS_get_min_port:
01342
case NTS_get_max_port:
01343
case NTS_get_name:
01344 err = rsbac_put_user((u_char *) &k_data, (u_char *) data_p,
sizeof(k_data) );
01345
break;
01346
default:
01347
break;
01348 }
01349 }
01350
return err;
01351
01352
#else
01353
return -
RSBAC_EINVALIDREQUEST;
01354
#endif
01355 }
01356
01357 int sys_rsbac_net_list_all_template(
rsbac_net_temp_id_t * id_p, u_long maxnum)
01358 {
01359
#ifdef CONFIG_RSBAC_NET_OBJ
01360
int err=0;
01361
int count;
01362
union rsbac_target_id_t i_tid;
01363
union rsbac_attribute_value_t i_attr_val;
01364
01365 i_tid.
nettemp = 0;
01366 i_attr_val.
dummy = 0;
01367
if (!
rsbac_adf_request(
R_READ,
01368 current->pid,
01369
T_NETTEMP,
01370 i_tid,
01371
A_none,
01372 i_attr_val))
01373
return -EPERM;
01374
if(id_p && maxnum)
01375 {
01376
rsbac_net_temp_id_t * k_id_p =
NULL;
01377
01378 count =
rsbac_net_list_all_template(&k_id_p);
01379
if(count <= 0)
01380
return count;
01381
if(count > maxnum)
01382 count = maxnum;
01383
01384 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count *
sizeof(*k_id_p) );
01385
01386
rsbac_vfree(k_id_p);
01387
01388
if(err)
01389
return err;
01390
else
01391
return count;
01392 }
01393
else
01394
return rsbac_net_list_all_template(
NULL);
01395
01396
#else
01397
return -
RSBAC_EINVALIDREQUEST;
01398
#endif
01399 }
01400
01401
01402
01403
01404
01405
01406 int sys_rsbac_switch(
enum rsbac_switch_target_t target,
int value)
01407 {
01408
#ifdef CONFIG_RSBAC_SWITCH
01409
union rsbac_target_id_t rsbac_target_id;
01410
union rsbac_attribute_value_t rsbac_attribute_value;
01411
char * switch_name;
01412
01413
01414
if(target >=
SW_NONE)
01415
return(-
RSBAC_EINVALIDTARGET);
01416
if ( (value < 0)
01417
#ifdef CONFIG_RSBAC_SOFTMODE_IND
01418
|| (value > 3)
01419
#else
01420
|| (value > 1)
01421
#endif
01422
)
01423
return (-
RSBAC_EINVALIDVALUE);
01424
#ifdef CONFIG_RSBAC_DEBUG
01425
if (rsbac_debug_aef)
01426 printk(KERN_DEBUG
"sys_rsbac_switch(): calling ADF\n");
01427
#endif
01428
rsbac_target_id.
dummy = 0;
01429
#ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
01430
if(target ==
DAC_DISABLE)
01431 {
01432
#ifdef CONFIG_RSBAC_SOFTMODE_IND
01433
if(value > 1)
01434
return -
RSBAC_EINVALIDVALUE;
01435
#endif
01436
rsbac_attribute_value.
dummy = 0;
01437
if (!
rsbac_adf_request(
R_MODIFY_PERMISSIONS_DATA,
01438 current->pid,
01439
T_NONE,
01440 rsbac_target_id,
01441
A_none,
01442 rsbac_attribute_value))
01443 {
01444
return -EPERM;
01445 }
01446 }
01447
else
01448
#endif
01449
{
01450 rsbac_attribute_value.switch_target = target;
01451
if (!
rsbac_adf_request(
R_SWITCH_MODULE,
01452 current->pid,
01453
T_NONE,
01454 rsbac_target_id,
01455 A_switch_target,
01456 rsbac_attribute_value))
01457 {
01458
return -EPERM;
01459 }
01460 }
01461 switch_name =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01462
if(switch_name)
01463 {
01464
int show_value = value;
01465
01466
get_switch_target_name(switch_name,target);
01467
#ifdef CONFIG_RSBAC_SOFTMODE_IND
01468
switch(value)
01469 {
01470
case 2:
01471
case 3:
01472 strcat(switch_name,
" softmode");
01473 show_value -= 2;
01474
break;
01475
default:
01476
break;
01477 }
01478
#endif
01479
#ifdef CONFIG_RSBAC_RMSG
01480
rsbac_printk(KERN_WARNING
01481
"sys_rsbac_switch(): switching RSBAC module %s to %i!\n",
01482 switch_name, show_value);
01483
#endif
01484
#ifndef CONFIG_RSBAC_RMSG_EXCL
01485
printk(KERN_WARNING
01486
"sys_rsbac_switch(): switching RSBAC module %s to %i!\n",
01487 switch_name, show_value);
01488
#endif
01489
rsbac_kfree(switch_name);
01490 }
01491
01492
switch(value)
01493 {
01494
#ifdef CONFIG_RSBAC_SOFTMODE_IND
01495
case 2:
01496
case 3:
01497 rsbac_ind_softmode[target] = value - 2;
01498
break;
01499
#endif
01500
01501
default:
01502
switch (target)
01503 {
01504
#ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
01505
case DAC_DISABLE: rsbac_dac_disable = value;
01506
break;
01507
#endif
01508
#ifdef CONFIG_RSBAC_SOFTMODE
01509
case SOFTMODE: rsbac_softmode = value;
01510
break;
01511
#endif
01512
#ifdef CONFIG_RSBAC_MAC
01513
case MAC: rsbac_switch_mac = value;
01514
break;
01515
#endif
01516
#ifdef CONFIG_RSBAC_FC
01517
case FC: rsbac_switch_fc = value;
01518
break;
01519
#endif
01520
#ifdef CONFIG_RSBAC_SIM
01521
case SIM: rsbac_switch_sim = value;
01522
break;
01523
#endif
01524
#ifdef CONFIG_RSBAC_PM
01525
case PM: rsbac_switch_pm = value;
01526
break;
01527
#endif
01528
#ifdef CONFIG_RSBAC_DAZ
01529
case DAZ: rsbac_switch_daz = value;
01530
break;
01531
#endif
01532
#ifdef CONFIG_RSBAC_FF
01533
case FF: rsbac_switch_ff = value;
01534
break;
01535
#endif
01536
#if defined(CONFIG_RSBAC_RC)
01537
case RC: rsbac_switch_rc = value;
01538
break;
01539
#endif
01540
#if defined(CONFIG_RSBAC_AUTH)
01541
case AUTH: rsbac_switch_auth = value;
01542
break;
01543
#endif
01544
#if defined(CONFIG_RSBAC_ACL)
01545
case ACL: rsbac_switch_acl = value;
01546
break;
01547
#endif
01548
#if defined(CONFIG_RSBAC_CAP)
01549
case CAP: rsbac_switch_cap = value;
01550
break;
01551
#endif
01552
#if defined(CONFIG_RSBAC_JAIL)
01553
case JAIL: rsbac_switch_jail = value;
01554
break;
01555
#endif
01556
#if defined(CONFIG_RSBAC_RES)
01557
case RES: rsbac_switch_res = value;
01558
break;
01559
#endif
01560
default:
01561
return (-
RSBAC_EINVALIDMODULE);
01562 }
01563 }
01564
#endif
01565
return(0);
01566 }
01567
01568
01569
01570 int sys_rsbac_mac_set_curr_level(
rsbac_security_level_t level,
01571
rsbac_mac_category_vector_t * categories_p)
01572 {
01573
#ifdef CONFIG_RSBAC_MAC
01574
rsbac_mac_category_vector_t k_categories;
01575
int err;
01576
01577
if(!categories_p)
01578
return -
RSBAC_EINVALIDPOINTER;
01579 err = rsbac_get_user((
char *) &k_categories, (
char *) categories_p,
sizeof(k_categories));
01580
if(err)
01581
return err;
01582
return (
rsbac_mac_set_curr_level(level, k_categories));
01583
#else
01584
return (-
RSBAC_EINVALIDMODULE);
01585
#endif
01586
}
01587
01588 int sys_rsbac_mac_get_curr_level(
rsbac_security_level_t * level_p,
01589
rsbac_mac_category_vector_t * categories_p)
01590 {
01591
#ifdef CONFIG_RSBAC_MAC
01592
int err = 0;
01593
rsbac_security_level_t k_level;
01594
rsbac_mac_category_vector_t k_categories;
01595
01596 err =
rsbac_mac_get_curr_level(&k_level, &k_categories);
01597
if(err)
01598
return err;
01599
if(level_p)
01600 {
01601 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p,
sizeof(k_level));
01602
if(err)
01603
return err;
01604 }
01605
if(categories_p)
01606 {
01607 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p,
sizeof(k_categories));
01608 }
01609
return err;
01610
#else
01611
return (-
RSBAC_EINVALIDMODULE);
01612
#endif
01613
}
01614
01615 int sys_rsbac_mac_get_max_level(
rsbac_security_level_t * level_p,
01616
rsbac_mac_category_vector_t * categories_p)
01617 {
01618
#ifdef CONFIG_RSBAC_MAC
01619
int err = 0;
01620
rsbac_security_level_t k_level;
01621
rsbac_mac_category_vector_t k_categories;
01622
01623 err =
rsbac_mac_get_max_level(&k_level, &k_categories);
01624
if(err)
01625
return err;
01626
if(level_p)
01627 {
01628 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p,
sizeof(k_level));
01629
if(err)
01630
return err;
01631 }
01632
if(categories_p)
01633 {
01634 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p,
sizeof(k_categories));
01635 }
01636
return err;
01637
#else
01638
return (-
RSBAC_EINVALIDMODULE);
01639
#endif
01640
}
01641
01642 int sys_rsbac_mac_get_min_level(
rsbac_security_level_t * level_p,
01643
rsbac_mac_category_vector_t * categories_p)
01644 {
01645
#ifdef CONFIG_RSBAC_MAC
01646
int err = 0;
01647
rsbac_security_level_t k_level;
01648
rsbac_mac_category_vector_t k_categories;
01649
01650 err =
rsbac_mac_get_min_level(&k_level, &k_categories);
01651
if(err)
01652
return err;
01653
if(level_p)
01654 {
01655 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p,
sizeof(k_level));
01656
if(err)
01657
return err;
01658 }
01659
if(categories_p)
01660 {
01661 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p,
sizeof(k_categories));
01662 }
01663
return err;
01664
#else
01665
return (-
RSBAC_EINVALIDMODULE);
01666
#endif
01667
}
01668
01669
01670 int sys_rsbac_mac_add_p_tru(
rsbac_pid_t pid,
01671
rsbac_uid_t uid,
01672
rsbac_time_t ttl)
01673 {
01674
#if defined(CONFIG_RSBAC_MAC)
01675
struct task_struct * task_p;
01676
01677 read_lock(&tasklist_lock);
01678 task_p = find_task_by_pid(pid);
01679 read_unlock(&tasklist_lock);
01680
if(!task_p)
01681
return(-
RSBAC_EINVALIDTARGET);
01682
01683
return(
rsbac_mac_add_p_tru(pid, uid, ttl));
01684
#else
01685
return (-
RSBAC_EINVALIDMODULE);
01686
#endif
01687
};
01688
01689 int sys_rsbac_mac_remove_p_tru(
rsbac_pid_t pid,
01690
rsbac_uid_t uid)
01691 {
01692
#if defined(CONFIG_RSBAC_MAC)
01693
struct task_struct * task_p;
01694
01695 read_lock(&tasklist_lock);
01696 task_p = find_task_by_pid(pid);
01697 read_unlock(&tasklist_lock);
01698
if(!task_p)
01699
return(-
RSBAC_EINVALIDTARGET);
01700
return(
rsbac_mac_remove_p_tru(pid, uid));
01701
#else
01702
return (-
RSBAC_EINVALIDMODULE);
01703
#endif
01704
};
01705
01706 int sys_rsbac_mac_add_f_tru(
char * filename,
01707
rsbac_uid_t uid,
01708
rsbac_time_t ttl)
01709 {
01710
#if defined(CONFIG_RSBAC_MAC)
01711
struct dentry * t_dentry;
01712
int err = 0;
01713
enum rsbac_target_t target;
01714
union rsbac_target_id_t tid;
01715
01716
struct nameidata nd;
01717
01718
if(!filename)
01719
return(-
RSBAC_EINVALIDTARGET);
01720
01721
if ((err = user_path_walk_link(filename, &nd)))
01722 {
01723
#ifdef CONFIG_RSBAC_DEBUG
01724
if (rsbac_debug_aef_auth)
01725 printk(KERN_DEBUG
"sys_rsbac_mac_add_f_tru(): call to user_path_walk_link() returned %i\n", err);
01726
#endif
01727
goto out;
01728 }
01729 t_dentry = nd.dentry;
01730
if (!t_dentry->d_inode)
01731 {
01732 err = -
RSBAC_EINVALIDTARGET;
01733
goto out_dput;
01734 }
01735
01736
if(S_ISREG(t_dentry->d_inode->i_mode))
01737 target =
T_FILE;
01738
else
01739
if(S_ISDIR(t_dentry->d_inode->i_mode))
01740 target =
T_DIR;
01741
else
01742 {
01743 err = -
RSBAC_EINVALIDTARGET;
01744
goto out_dput;
01745 }
01746 tid.file.device = t_dentry->d_sb->s_dev;
01747 tid.file.inode = t_dentry->d_inode->i_ino;
01748 tid.file.dentry_p = t_dentry;
01749
01750 err =
rsbac_mac_add_f_tru(tid.file, uid, ttl);
01751
01752 out_dput:
01753 path_release(&nd);
01754 out:
01755
return(err);
01756
01757
#else
01758
return (-
RSBAC_EINVALIDMODULE);
01759
#endif
01760
};
01761
01762 int sys_rsbac_mac_remove_f_tru(
char * filename,
01763
rsbac_uid_t uid)
01764 {
01765
#if defined(CONFIG_RSBAC_MAC)
01766
struct dentry * t_dentry;
01767
int err = 0;
01768
enum rsbac_target_t target;
01769
union rsbac_target_id_t tid;
01770
01771
struct nameidata nd;
01772
01773
if(!filename)
01774
return(-
RSBAC_EINVALIDTARGET);
01775
01776
if ((err = user_path_walk_link(filename, &nd)))
01777 {
01778
#ifdef CONFIG_RSBAC_DEBUG
01779
if (rsbac_debug_aef_auth)
01780 printk(KERN_DEBUG
"sys_rsbac_mac_remove_f_tru(): call to user_path_walk_link() returned %i\n", err);
01781
#endif
01782
goto out;
01783 }
01784 t_dentry = nd.dentry;
01785
if (!t_dentry->d_inode)
01786 {
01787 err = -
RSBAC_EINVALIDTARGET;
01788
goto out_dput;
01789 }
01790
01791
if(S_ISREG(t_dentry->d_inode->i_mode))
01792 target =
T_FILE;
01793
else
01794
if(S_ISDIR(t_dentry->d_inode->i_mode))
01795 target =
T_DIR;
01796
else
01797 {
01798 err = -
RSBAC_EINVALIDTARGET;
01799
goto out_dput;
01800 }
01801 tid.file.device = t_dentry->d_sb->s_dev;
01802 tid.file.inode = t_dentry->d_inode->i_ino;
01803 tid.file.dentry_p = t_dentry;
01804
01805 err =
rsbac_mac_remove_f_tru(tid.file, uid);
01806
01807 out_dput:
01808 path_release(&nd);
01809 out:
01810
return(err);
01811
01812
#else
01813
return (-
RSBAC_EINVALIDMODULE);
01814
#endif
01815
};
01816
01817
01818 int sys_rsbac_mac_get_f_trulist(
char * filename,
01819
rsbac_uid_t trulist[],
01820
rsbac_time_t ttllist[],
01821 u_int maxnum)
01822 {
01823
#if defined(CONFIG_RSBAC_MAC)
01824
struct dentry * t_dentry;
01825
int err = 0, tmperr = 0;
01826
enum rsbac_target_t target;
01827
union rsbac_target_id_t tid;
01828
rsbac_uid_t * k_trulist;
01829
rsbac_time_t * k_ttllist;
01830
01831
struct nameidata nd;
01832
01833
if(!filename)
01834
return(-
RSBAC_EINVALIDTARGET);
01835
if(!trulist)
01836
return(-
RSBAC_EINVALIDPOINTER);
01837
if(maxnum <= 0)
01838
return(-
RSBAC_EINVALIDVALUE);
01839
if(maxnum >
RSBAC_MAC_MAX_MAXNUM)
01840 maxnum =
RSBAC_MAC_MAX_MAXNUM;
01841
01842
if ((err = user_path_walk_link(filename, &nd)))
01843 {
01844
#ifdef CONFIG_RSBAC_DEBUG
01845
if (rsbac_debug_aef_auth)
01846 printk(KERN_DEBUG
"sys_rsbac_mac_get_f_trulist(): call to user_path_walk_link() returned %i\n", err);
01847
#endif
01848
goto out;
01849 }
01850 t_dentry = nd.dentry;
01851
if (!t_dentry->d_inode)
01852 {
01853 err = -
RSBAC_EINVALIDTARGET;
01854
goto out_dput;
01855 }
01856
01857
if(S_ISREG(t_dentry->d_inode->i_mode))
01858 target =
T_FILE;
01859
else
01860
if(S_ISDIR(t_dentry->d_inode->i_mode))
01861 target =
T_DIR;
01862
else
01863 {
01864 err = -
RSBAC_EINVALIDTARGET;
01865
goto out_dput;
01866 }
01867 tid.file.device = t_dentry->d_sb->s_dev;
01868 tid.file.inode = t_dentry->d_inode->i_ino;
01869 tid.file.dentry_p = t_dentry;
01870
01871 err =
rsbac_mac_get_f_trulist(tid.file, &k_trulist, &k_ttllist);
01872
if(err>0)
01873 {
01874
if(err > maxnum)
01875 err = maxnum;
01876 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
01877
sizeof(
rsbac_uid_t) * err);
01878
if(tmperr < 0)
01879 err = tmperr;
01880
else
01881 {
01882
if(ttllist)
01883 {
01884 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
01885
sizeof(
rsbac_time_t) * err);
01886
if(tmperr < 0)
01887 err = tmperr;
01888 }
01889 }
01890
rsbac_vfree(k_trulist);
01891
rsbac_vfree(k_ttllist);
01892 }
01893
01894 out_dput:
01895 path_release(&nd);
01896 out:
01897
return(err);
01898
01899
#else
01900
return (-
RSBAC_EINVALIDMODULE);
01901
#endif
01902
};
01903
01904 int sys_rsbac_mac_get_p_trulist(
rsbac_pid_t pid,
01905
rsbac_uid_t trulist[],
01906
rsbac_time_t ttllist[],
01907 u_int maxnum)
01908 {
01909
#if defined(CONFIG_RSBAC_MAC)
01910
int err = 0, tmperr = 0;
01911
union rsbac_target_id_t tid;
01912
rsbac_uid_t * k_trulist;
01913
rsbac_time_t * k_ttllist;
01914
01915
if(!pid)
01916
return(-
RSBAC_EINVALIDTARGET);
01917
if(!trulist)
01918
return(-
RSBAC_EINVALIDPOINTER);
01919
if(maxnum <= 0)
01920
return(-
RSBAC_EINVALIDVALUE);
01921
if(maxnum >
RSBAC_MAC_MAX_MAXNUM)
01922 maxnum =
RSBAC_MAC_MAX_MAXNUM;
01923
01924 tid.
process = pid;
01925
01926 err =
rsbac_mac_get_p_trulist(tid.
process, &k_trulist, &k_ttllist);
01927
if(err>0)
01928 {
01929
if(err > maxnum)
01930 err = maxnum;
01931 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
01932
sizeof(
rsbac_uid_t) * err);
01933
if(tmperr < 0)
01934 err = tmperr;
01935
else
01936 {
01937
if(ttllist)
01938 {
01939 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
01940
sizeof(
rsbac_time_t) * err);
01941
if(tmperr < 0)
01942 err = tmperr;
01943 }
01944 }
01945
rsbac_vfree(k_trulist);
01946
rsbac_vfree(k_ttllist);
01947 }
01948
01949
return(err);
01950
01951
#else
01952
return (-
RSBAC_EINVALIDMODULE);
01953
#endif
01954
};
01955
01956
01957
01958 int sys_rsbac_stats_pm(
void)
01959 {
01960
#ifndef CONFIG_RSBAC_PM
01961
return (0);
01962
#else
01963
union rsbac_target_id_t rsbac_target_id;
01964
union rsbac_attribute_value_t rsbac_attribute_value;
01965
01966
#ifdef CONFIG_RSBAC_DEBUG
01967
if (rsbac_debug_aef) printk(KERN_DEBUG
"sys_rsbac_stats_pm(): calling ADF\n");
01968
#endif
01969
rsbac_target_id.
scd =
ST_rsbac;
01970 rsbac_attribute_value.
dummy = 0;
01971
if (!
rsbac_adf_request(
R_GET_STATUS_DATA,
01972 current->pid,
01973
T_SCD,
01974 rsbac_target_id,
01975
A_none,
01976 rsbac_attribute_value))
01977 {
01978
return -EPERM;
01979 }
01980
01981
#ifdef CONFIG_RSBAC_DEBUG
01982
if (rsbac_debug_aef_pm)
01983 printk(KERN_DEBUG
"sys_rsbac_stats_pm(): getting RSBAC status!\n");
01984
#endif
01985
return(
rsbac_stats_pm());
01986
#endif
01987
};
01988
01989 int sys_rsbac_pm(
enum rsbac_pm_function_type_t function,
01990
union rsbac_pm_function_param_t * param_p,
01991
rsbac_pm_tkt_id_t ticket)
01992 {
01993
#ifndef CONFIG_RSBAC_PM
01994
return (-
RSBAC_EINVALIDMODULE);
01995
#else
01996
union rsbac_pm_function_param_t k_param;
01997
int result;
01998
01999
if(function >=
PF_none)
02000
return(-
RSBAC_EINVALIDREQUEST);
02001
if(!param_p)
02002
return(-
RSBAC_EINVALIDPOINTER);
02003
#ifdef CONFIG_RSBAC_DEBUG
02004
if (rsbac_debug_aef_pm)
02005 printk(KERN_DEBUG
"sys_rsbac_pm(): called for function %i!\n",
02006 function);
02007
#endif
02008
02009 rsbac_get_user((u_char *) &k_param, (u_char *) param_p,
sizeof(k_param) );
02010
02011 lock_kernel();
02012 result =
rsbac_pm(function, k_param, ticket);
02013 unlock_kernel();
02014
return result;
02015
#endif
02016
}
02017
02018 int sys_rsbac_pm_change_current_task(
rsbac_pm_task_id_t task)
02019 {
02020
#ifndef CONFIG_RSBAC_PM
02021
return (0);
02022
#else
02023
#ifdef CONFIG_RSBAC_DEBUG
02024
if (rsbac_debug_aef_pm)
02025 printk(KERN_DEBUG
02026
"sys_rsbac_pm_change_current_task(): called for task %i!\n",
02027 task);
02028
#endif
02029
02030
return(
rsbac_pm_change_current_task(task));
02031
#endif
02032
}
02033
02034 int sys_rsbac_pm_create_file(
const char * filename,
02035
int mode,
02036
rsbac_pm_object_class_id_t class)
02037 {
02038
#ifndef CONFIG_RSBAC_PM
02039
return (-
RSBAC_EINVALIDMODULE);
02040
#else
02041
if(!filename)
02042
return(-
RSBAC_EINVALIDPOINTER);
02043
#ifdef CONFIG_RSBAC_DEBUG
02044
if (rsbac_debug_aef_pm)
02045 printk(KERN_DEBUG
02046
"sys_rsbac_pm_create_file(): called with class %i!\n",
02047
class);
02048
#endif
02049
02050
return(
rsbac_pm_create_file(filename, mode,
class));
02051
#endif
02052
}
02053
02054
02055
02056 int sys_rsbac_daz_flush_cache(
void)
02057 {
02058
#ifndef CONFIG_RSBAC_DAZ_CACHE
02059
return (0);
02060
#else
02061
#ifndef CONFIG_RSBAC_MAINT
02062
union rsbac_target_id_t i_tid;
02063
union rsbac_attribute_value_t i_attr_val1;
02064
02065
02066 i_tid.
user = current->uid;
02067
if (
rsbac_get_attr(
DAZ,
02068
T_USER,
02069 i_tid,
02070
A_daz_role,
02071 &i_attr_val1,
02072
TRUE))
02073 {
02074
#ifdef CONFIG_RSBAC_RMSG
02075
rsbac_printk(KERN_WARNING
02076
"rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
02077
#endif
02078
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02079
if (!rsbac_nosyslog)
02080
#endif
02081
printk(KERN_WARNING
02082
"rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
02083
return -EPERM;
02084 }
02085
02086
if ( (i_attr_val1.
system_role !=
SR_security_officer)
02087 && (i_attr_val1.
system_role !=
SR_administrator)
02088 )
02089
#ifdef CONFIG_RSBAC_SOFTMODE
02090
if( !rsbac_softmode
02091
#ifdef CONFIG_RSBAC_SOFTMODE_IND
02092
&& !rsbac_ind_softmode[
DAZ]
02093
#endif
02094
)
02095
#endif
02096
return -EPERM;
02097
#endif
02098
02099 printk(KERN_INFO
02100
"sys_rsbac_daz_flush_cache(): flushing DAZuko result cache!\n");
02101
02102
return(
rsbac_daz_flush_cache());
02103
#endif
02104
};
02105
02106
02107
02108
02109 int sys_rsbac_rc_copy_role (
rsbac_rc_role_id_t from_role,
02110
rsbac_rc_role_id_t to_role)
02111 {
02112
#if defined(CONFIG_RSBAC_RC)
02113
if( (from_role >
RC_role_max_value)
02114 || (from_role >
RC_role_max_value))
02115
return(-
RSBAC_EINVALIDVALUE);
02116
#ifdef CONFIG_RSBAC_DEBUG
02117
if (rsbac_debug_aef_rc)
02118 printk(KERN_DEBUG
02119
"sys_rsbac_rc_copy_role(): from %i, to %i!\n",
02120 from_role, to_role);
02121
#endif
02122
02123
return(
rsbac_rc_sys_copy_role(from_role, to_role));
02124
#else
02125
return (-
RSBAC_EINVALIDMODULE);
02126
#endif
02127
};
02128
02129
02130 int sys_rsbac_rc_get_item (
enum rsbac_rc_target_t target,
02131
union rsbac_rc_target_id_t * tid_p,
02132
union rsbac_rc_target_id_t * subtid_p,
02133
enum rsbac_rc_item_t item,
02134
union rsbac_rc_item_value_t * value_p,
02135
rsbac_time_t * ttl_p)
02136 {
02137
#if defined(CONFIG_RSBAC_RC)
02138
union rsbac_rc_target_id_t k_tid;
02139
union rsbac_rc_target_id_t k_subtid;
02140
union rsbac_rc_item_value_t k_value;
02141
rsbac_time_t k_ttl;
02142
int err = 0;
02143
02144
if( (target >=
RT_NONE)
02145 || (item >=
RI_none))
02146
return(-
RSBAC_EINVALIDVALUE);
02147
02148 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p,
sizeof(k_tid) );
02149 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p,
sizeof(k_subtid) );
02150 rsbac_get_user((u_char *) &k_value, (u_char *) value_p,
sizeof(k_value) );
02151
#ifdef CONFIG_RSBAC_DEBUG
02152
if (rsbac_debug_aef_rc)
02153 printk(KERN_DEBUG
02154
"sys_rsbac_rc_get_item(): target %i, item %i!\n",
02155 target, item);
02156
#endif
02157
02158 err =
rsbac_rc_sys_get_item(target, k_tid, k_subtid, item, &k_value, &k_ttl);
02159
02160
if(!err)
02161 {
02162 err = rsbac_put_user((u_char *) &k_value, (u_char *) value_p,
sizeof(k_value) );
02163
if(!err && ttl_p)
02164 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p,
sizeof(k_ttl) );
02165 }
02166
return (err);
02167
#else
02168
return (-
RSBAC_EINVALIDMODULE);
02169
#endif
02170
};
02171
02172
02173 int sys_rsbac_rc_set_item (
enum rsbac_rc_target_t target,
02174
union rsbac_rc_target_id_t * tid_p,
02175
union rsbac_rc_target_id_t * subtid_p,
02176
enum rsbac_rc_item_t item,
02177
union rsbac_rc_item_value_t * value_p,
02178
rsbac_time_t ttl)
02179 {
02180
#if defined(CONFIG_RSBAC_RC)
02181
union rsbac_rc_target_id_t k_tid;
02182
union rsbac_rc_target_id_t k_subtid;
02183
union rsbac_rc_item_value_t k_value;
02184
02185
if( (target >=
RT_NONE)
02186 || (item >=
RI_none))
02187
return(-
RSBAC_EINVALIDVALUE);
02188
02189 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p,
sizeof(k_tid) );
02190 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p,
sizeof(k_subtid) );
02191 rsbac_get_user((u_char *) &k_value, (u_char *) value_p,
sizeof(k_value) );
02192
#ifdef CONFIG_RSBAC_DEBUG
02193
if (rsbac_debug_aef_rc)
02194 printk(KERN_DEBUG
02195
"sys_rsbac_rc_set_item(): target %i, item %i!\n",
02196 target, item);
02197
#endif
02198
02199
return rsbac_rc_sys_set_item(target, k_tid, k_subtid, item, k_value, ttl);
02200
#else
02201
return (-
RSBAC_EINVALIDMODULE);
02202
#endif
02203
};
02204
02205 int sys_rsbac_rc_get_list(
enum rsbac_rc_target_t target,
02206
union rsbac_rc_target_id_t * tid_p,
02207
enum rsbac_rc_item_t item,
02208 u_int maxnum,
02209 __u32 * array_p,
02210
rsbac_time_t * ttl_array_p)
02211
02212 {
02213
#if defined(CONFIG_RSBAC_RC)
02214
union rsbac_rc_target_id_t k_tid;
02215
int err;
02216
02217 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p,
sizeof(k_tid) );
02218
if(array_p)
02219 {
02220 __u32 * k_array_p;
02221
rsbac_time_t * k_ttl_array_p;
02222
02223
if(!maxnum)
02224
return -
RSBAC_EINVALIDVALUE;
02225
02226 err =
rsbac_rc_get_list(target, k_tid, item, &k_array_p, &k_ttl_array_p);
02227
02228
if(err > 0)
02229 {
02230
int tmperr;
02231
02232
if(err > maxnum)
02233 err = maxnum;
02234 tmperr = rsbac_put_user((u_char *) k_array_p, (u_char *) array_p, err *
sizeof(*k_array_p) );
02235
if(tmperr)
02236 err=tmperr;
02237
rsbac_vfree(k_array_p);
02238
if(k_ttl_array_p && ttl_array_p)
02239 {
02240 tmperr = rsbac_put_user((u_char *) k_ttl_array_p, (u_char *) ttl_array_p, err *
sizeof(*k_ttl_array_p) );
02241
if(tmperr)
02242 err=tmperr;
02243 }
02244
rsbac_vfree(k_ttl_array_p);
02245 }
02246
return (err);
02247 }
02248
else
02249
return rsbac_rc_get_list(target, k_tid, item,
NULL,
NULL);
02250
#else
02251
return (-
RSBAC_EINVALIDMODULE);
02252
#endif
02253
};
02254
02255
02256 int sys_rsbac_rc_change_role (
rsbac_rc_role_id_t role)
02257 {
02258
#if defined(CONFIG_RSBAC_RC)
02259
if(role >
RC_role_max_value)
02260
return(-
RSBAC_EINVALIDVALUE);
02261
#ifdef CONFIG_RSBAC_DEBUG
02262
if (rsbac_debug_aef_rc)
02263 printk(KERN_DEBUG
02264
"sys_rsbac_rc_change_role(): role %i!\n",
02265 role);
02266
#endif
02267
02268
return rsbac_rc_sys_change_role(role);
02269
#else
02270
return (-
RSBAC_EINVALIDMODULE);
02271
#endif
02272
};
02273
02274
02275 int sys_rsbac_rc_get_eff_rights_n(
enum rsbac_target_t target,
02276
char * t_name,
02277
rsbac_rc_request_vector_t * request_vector_p,
02278
rsbac_time_t * ttl_p)
02279 {
02280
#if defined(CONFIG_RSBAC_RC)
02281
struct dentry * t_dentry;
02282
int err = 0;
02283
rsbac_rc_request_vector_t k_req_vec;
02284
rsbac_time_t k_ttl;
02285
union rsbac_target_id_t tid;
02286
02287
struct nameidata nd;
02288
02289
if(!t_name || (target >=
T_NONE))
02290
return(-
RSBAC_EINVALIDTARGET);
02291
02292
if ((err = user_path_walk_link(t_name, &nd)))
02293 {
02294
#ifdef CONFIG_RSBAC_DEBUG
02295
if (rsbac_debug_aef_rc)
02296 printk(KERN_DEBUG
"sys_rsbac_rc_get_eff_rights_n(): call to user_path_walk_link() returned %i\n", err);
02297
#endif
02298
goto out;
02299 }
02300 t_dentry = nd.dentry;
02301
if (!t_dentry->d_inode)
02302 {
02303 err = -
RSBAC_EINVALIDTARGET;
02304
goto out_dput;
02305 }
02306
02307
switch (target)
02308 {
02309
case T_FD:
02310
if(S_ISREG(t_dentry->d_inode->i_mode))
02311 {
02312 target =
T_FILE;
02313 }
02314
else
02315
if(S_ISDIR(t_dentry->d_inode->i_mode))
02316 {
02317 target =
T_DIR;
02318 }
02319
else
02320
if(S_ISLNK(t_dentry->d_inode->i_mode))
02321 {
02322 target =
T_SYMLINK;
02323 }
02324
else
02325
if(S_ISFIFO(t_dentry->d_inode->i_mode))
02326 {
02327 target =
T_FIFO;
02328 }
02329
else
02330
if(S_ISBLK(t_dentry->d_inode->i_mode))
02331 {
02332 target =
T_FILE;
02333 }
02334
else
02335
if(S_ISCHR(t_dentry->d_inode->i_mode))
02336 {
02337 target =
T_FILE;
02338 }
02339
else
02340 {
02341
#ifdef CONFIG_RSBAC_DEBUG
02342
if (rsbac_debug_aef)
02343 printk(KERN_DEBUG
"sys_rsbac_rc_get_eff_rights_n(): no filesystem object\n");
02344
#endif
02345
err = -
RSBAC_EINVALIDTARGET;
02346
goto out_dput;
02347 }
02348
break;
02349
02350
case T_FILE:
02351
02352
if ( !(S_ISREG(t_dentry->d_inode->i_mode))
02353 && !(S_ISBLK(t_dentry->d_inode->i_mode))
02354 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02355 {
02356 err = -
RSBAC_EINVALIDTARGET;
02357
goto out_dput;
02358 }
02359
break;
02360
02361
case T_DIR:
02362
if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
02363 {
02364 err = -
RSBAC_EINVALIDTARGET;
02365
goto out_dput;
02366 }
02367
break;
02368
02369
case T_FIFO:
02370
02371
if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
02372 {
02373 err = -
RSBAC_EINVALIDTARGET;
02374
goto out_dput;
02375 }
02376
break;
02377
02378
case T_SYMLINK:
02379
02380
if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
02381 {
02382 err = -
RSBAC_EINVALIDTARGET;
02383
goto out_dput;
02384 }
02385
break;
02386
02387
case T_DEV:
02388
02389
if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
02390 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02391 {
02392 err = -
RSBAC_EINVALIDTARGET;
02393
goto out_dput;
02394 }
02395
break;
02396
02397
default:
02398 err = -
RSBAC_EINVALIDTARGET;
02399
goto out_dput;
02400 }
02401
02402
if(target ==
T_DEV)
02403 {
02404
if(S_ISBLK(t_dentry->d_inode->i_mode))
02405 tid.dev.type =
D_block;
02406
else
02407 tid.dev.type =
D_char;
02408 tid.dev.id = t_dentry->d_inode->i_rdev;
02409 }
02410
else
02411 {
02412
02413 tid.file.device = t_dentry->d_sb->s_dev;
02414 tid.file.inode = t_dentry->d_inode->i_ino;
02415 tid.file.dentry_p = t_dentry;
02416 }
02417 err =
rsbac_rc_sys_get_eff_rights(target, tid, &k_req_vec, &k_ttl);
02418
02419
if(!err)
02420 {
02421 err = rsbac_put_user((u_char *) &k_req_vec, (u_char *) request_vector_p,
sizeof(k_req_vec) );
02422
if(!err && ttl_p)
02423 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p,
sizeof(k_ttl) );
02424 }
02425
02426 out_dput:
02427 path_release(&nd);
02428
02429 out:
02430
return(err);
02431
#else
02432
return (-
RSBAC_EINVALIDMODULE);
02433
#endif
02434
};
02435
02436
02437 int sys_rsbac_rc_get_current_role (
rsbac_rc_role_id_t * role_p)
02438 {
02439
#if defined(CONFIG_RSBAC_RC)
02440
rsbac_rc_role_id_t k_role;
02441
int err;
02442
02443
if(!role_p)
02444
return(-
RSBAC_EINVALIDPOINTER);
02445
02446 err =
rsbac_rc_sys_get_current_role(&k_role);
02447
if(!err)
02448 {
02449 err = rsbac_put_user((u_char *) &k_role, (u_char *) role_p,
sizeof(k_role) );
02450 }
02451
return err;
02452
#else
02453
return (-
RSBAC_EINVALIDMODULE);
02454
#endif
02455
};
02456
02457
02458
02459
02460
02461 int sys_rsbac_auth_add_p_cap(
rsbac_pid_t pid,
02462
enum rsbac_auth_cap_type_t cap_type,
02463
struct rsbac_auth_cap_range_t cap_range,
02464
rsbac_time_t ttl)
02465 {
02466
#if defined(CONFIG_RSBAC_AUTH)
02467
struct task_struct * task_p;
02468
02469
if(cap_type >=
ACT_none)
02470
return(-
RSBAC_EINVALIDTARGET);
02471
if(cap_range.
first > cap_range.
last)
02472
return(-
RSBAC_EINVALIDVALUE);
02473 read_lock(&tasklist_lock);
02474 task_p = find_task_by_pid(pid);
02475 read_unlock(&tasklist_lock);
02476
if(!task_p)
02477
return(-
RSBAC_EINVALIDTARGET);
02478
02479
02480
02481
return(
rsbac_auth_add_p_cap(pid, cap_type, cap_range, ttl));
02482
#else
02483
return (-
RSBAC_EINVALIDMODULE);
02484
#endif
02485
};
02486
02487 int sys_rsbac_auth_remove_p_cap(
rsbac_pid_t pid,
02488
enum rsbac_auth_cap_type_t cap_type,
02489
struct rsbac_auth_cap_range_t cap_range)
02490 {
02491
#if defined(CONFIG_RSBAC_AUTH)
02492
struct task_struct * task_p;
02493
02494
if(cap_type >=
ACT_none)
02495
return(-
RSBAC_EINVALIDTARGET);
02496
if(cap_range.
first > cap_range.
last)
02497
return(-
RSBAC_EINVALIDVALUE);
02498 read_lock(&tasklist_lock);
02499 task_p = find_task_by_pid(pid);
02500 read_unlock(&tasklist_lock);
02501
if(!task_p)
02502
return(-
RSBAC_EINVALIDTARGET);
02503
02504
02505
return(
rsbac_auth_remove_p_cap(pid, cap_type, cap_range));
02506
#else
02507
return (-
RSBAC_EINVALIDMODULE);
02508
#endif
02509
};
02510
02511 int sys_rsbac_auth_add_f_cap(
char * filename,
02512
enum rsbac_auth_cap_type_t cap_type,
02513
struct rsbac_auth_cap_range_t cap_range,
02514
rsbac_time_t ttl)
02515 {
02516
#if defined(CONFIG_RSBAC_AUTH)
02517
struct dentry * t_dentry;
02518
int err = 0;
02519
enum rsbac_target_t target;
02520
union rsbac_target_id_t tid;
02521
02522
02523
#if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02524
union rsbac_attribute_value_t rsbac_attribute_value;
02525
#endif
02526
02527
struct nameidata nd;
02528
02529
if(!filename)
02530
return(-
RSBAC_EINVALIDTARGET);
02531
if(cap_type >=
ACT_none)
02532
return(-
RSBAC_EINVALIDTARGET);
02533
if(cap_range.
first > cap_range.
last)
02534
return(-
RSBAC_EINVALIDVALUE);
02535
02536
if ((err = user_path_walk_link(filename, &nd)))
02537 {
02538
#ifdef CONFIG_RSBAC_DEBUG
02539
if (rsbac_debug_aef_auth)
02540 printk(KERN_DEBUG
"sys_rsbac_auth_add_f_cap(): call to user_path_walk_link() returned %i\n", err);
02541
#endif
02542
goto out;
02543 }
02544 t_dentry = nd.dentry;
02545
if (!t_dentry->d_inode)
02546 {
02547 err = -
RSBAC_EINVALIDTARGET;
02548
goto out_dput;
02549 }
02550
02551
if(S_ISREG(t_dentry->d_inode->i_mode))
02552 target =
T_FILE;
02553
else
02554
if(S_ISDIR(t_dentry->d_inode->i_mode))
02555 target =
T_DIR;
02556
else
02557 {
02558 err = -
RSBAC_EINVALIDTARGET;
02559
goto out_dput;
02560 }
02561 tid.file.device = t_dentry->d_sb->s_dev;
02562 tid.file.inode = t_dentry->d_inode->i_ino;
02563 tid.file.dentry_p = t_dentry;
02564
#if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02565
02566
#ifdef CONFIG_RSBAC_DEBUG
02567
if (rsbac_debug_aef)
02568 printk(KERN_DEBUG
"sys_rsbac_auth_add_f_cap(): calling ADF\n");
02569
#endif
02570
rsbac_attribute_value.auth_cap_range = cap_range;
02571
if (!
rsbac_adf_request(
R_MODIFY_ATTRIBUTE,
02572 current->pid,
02573 target,
02574 tid,
02575 A_auth_add_f_cap,
02576 rsbac_attribute_value))
02577 {
02578 err = -EPERM;
02579 }
02580
else
02581
#endif
02582
err =
rsbac_auth_add_f_cap(tid.file, cap_type, cap_range, ttl);
02583
02584 out_dput:
02585 path_release(&nd);
02586 out:
02587
return(err);
02588
02589
#else
02590
return (-
RSBAC_EINVALIDMODULE);
02591
#endif
02592
};
02593
02594 int sys_rsbac_auth_remove_f_cap(
char * filename,
02595
enum rsbac_auth_cap_type_t cap_type,
02596
struct rsbac_auth_cap_range_t cap_range)
02597 {
02598
#if defined(CONFIG_RSBAC_AUTH)
02599
struct dentry * t_dentry;
02600
int err = 0;
02601
enum rsbac_target_t target;
02602
union rsbac_target_id_t tid;
02603
02604
02605
#if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02606
union rsbac_attribute_value_t rsbac_attribute_value;
02607
#endif
02608
02609
struct nameidata nd;
02610
02611
if(!filename)
02612
return(-
RSBAC_EINVALIDTARGET);
02613
if(cap_type >=
ACT_none)
02614
return(-
RSBAC_EINVALIDTARGET);
02615
if(cap_range.
first > cap_range.
last)
02616
return(-
RSBAC_EINVALIDVALUE);
02617
02618
if ((err = user_path_walk_link(filename, &nd)))
02619 {
02620
#ifdef CONFIG_RSBAC_DEBUG
02621
if (rsbac_debug_aef_auth)
02622 printk(KERN_DEBUG
"sys_rsbac_auth_remove_f_cap(): call to user_path_walk_link() returned %i\n", err);
02623
#endif
02624
goto out;
02625 }
02626 t_dentry = nd.dentry;
02627
if (!t_dentry->d_inode)
02628 {
02629 err = -
RSBAC_EINVALIDTARGET;
02630
goto out_dput;
02631 }
02632
02633
if(S_ISREG(t_dentry->d_inode->i_mode))
02634 target =
T_FILE;
02635
else
02636
if(S_ISDIR(t_dentry->d_inode->i_mode))
02637 target =
T_DIR;
02638
else
02639 {
02640 err = -
RSBAC_EINVALIDTARGET;
02641
goto out_dput;
02642 }
02643 tid.file.device = t_dentry->d_sb->s_dev;
02644 tid.file.inode = t_dentry->d_inode->i_ino;
02645 tid.file.dentry_p = t_dentry;
02646
#if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02647
02648
#ifdef CONFIG_RSBAC_DEBUG
02649
if (rsbac_debug_aef) printk(KERN_DEBUG
"sys_rsbac_auth_add_f_cap(): calling ADF\n");
02650
#endif
02651
rsbac_attribute_value.auth_cap_range = cap_range;
02652
if (!
rsbac_adf_request(
R_MODIFY_ATTRIBUTE,
02653 current->pid,
02654 target,
02655 tid,
02656 A_auth_remove_f_cap,
02657 rsbac_attribute_value))
02658 {
02659 err = -EPERM;
02660 }
02661
else
02662
#endif
02663
err =
rsbac_auth_remove_f_cap(tid.file, cap_type, cap_range);
02664
02665 out_dput:
02666 path_release(&nd);
02667 out:
02668
return(err);
02669
02670
#else
02671
return (-
RSBAC_EINVALIDMODULE);
02672
#endif
02673
};
02674
02675
02676 int sys_rsbac_auth_get_f_caplist(
char * filename,
02677
enum rsbac_auth_cap_type_t cap_type,
02678
struct rsbac_auth_cap_range_t caplist[],
02679
rsbac_time_t ttllist[],
02680 u_int maxnum)
02681 {
02682
#if defined(CONFIG_RSBAC_AUTH)
02683
struct dentry * t_dentry;
02684
int err = 0, tmperr = 0;
02685
enum rsbac_target_t target;
02686
union rsbac_target_id_t tid;
02687
struct rsbac_auth_cap_range_t * k_caplist;
02688
rsbac_time_t * k_ttllist;
02689
02690
02691
#if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02692
union rsbac_attribute_value_t rsbac_attribute_value;
02693
#endif
02694
02695
struct nameidata nd;
02696
02697
if(!filename)
02698
return(-
RSBAC_EINVALIDTARGET);
02699
if(cap_type >=
ACT_none)
02700
return(-
RSBAC_EINVALIDTARGET);
02701
if(!caplist)
02702
return(-
RSBAC_EINVALIDPOINTER);
02703
if(maxnum <= 0)
02704
return(-
RSBAC_EINVALIDVALUE);
02705
if(maxnum >
RSBAC_AUTH_MAX_MAXNUM)
02706 maxnum =
RSBAC_AUTH_MAX_MAXNUM;
02707
02708
if ((err = user_path_walk_link(filename, &nd)))
02709 {
02710
#ifdef CONFIG_RSBAC_DEBUG
02711
if (rsbac_debug_aef_auth)
02712 printk(KERN_DEBUG
"sys_rsbac_auth_get_f_caplist(): call to user_path_walk_link() returned %i\n", err);
02713
#endif
02714
goto out;
02715 }
02716 t_dentry = nd.dentry;
02717
if (!t_dentry->d_inode)
02718 {
02719 err = -
RSBAC_EINVALIDTARGET;
02720
goto out_dput;
02721 }
02722
02723
if(S_ISREG(t_dentry->d_inode->i_mode))
02724 target =
T_FILE;
02725
else
02726
if(S_ISDIR(t_dentry->d_inode->i_mode))
02727 target =
T_DIR;
02728
else
02729 {
02730 err = -
RSBAC_EINVALIDTARGET;
02731
goto out_dput;
02732 }
02733 tid.file.device = t_dentry->d_sb->s_dev;
02734 tid.file.inode = t_dentry->d_inode->i_ino;
02735 tid.file.dentry_p = t_dentry;
02736
#if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02737
02738
#ifdef CONFIG_RSBAC_DEBUG
02739
if (rsbac_debug_aef) printk(KERN_DEBUG
"sys_rsbac_auth_get_f_caplist(): calling ADF\n");
02740
#endif
02741
rsbac_attribute_value.
dummy = 0;
02742
if (!
rsbac_adf_request(
R_READ_ATTRIBUTE,
02743 current->pid,
02744 target,
02745 tid,
02746 A_auth_get_caplist,
02747 rsbac_attribute_value))
02748 {
02749 err = -EPERM;
02750
goto out_dput;
02751 }
02752
#endif
02753
err =
rsbac_auth_get_f_caplist(tid.file, cap_type, &k_caplist, &k_ttllist);
02754
if(err>0)
02755 {
02756
if(err > maxnum)
02757 err = maxnum;
02758 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
02759
sizeof(
struct rsbac_auth_cap_range_t) * err);
02760
if(tmperr < 0)
02761 err = tmperr;
02762
else
02763 {
02764
if(ttllist)
02765 {
02766 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02767
sizeof(
rsbac_time_t) * err);
02768
if(tmperr < 0)
02769 err = tmperr;
02770 }
02771 }
02772
rsbac_vfree(k_caplist);
02773
rsbac_vfree(k_ttllist);
02774 }
02775
02776 out_dput:
02777 path_release(&nd);
02778 out:
02779
return(err);
02780
02781
#else
02782
return (-
RSBAC_EINVALIDMODULE);
02783
#endif
02784
};
02785
02786 int sys_rsbac_auth_get_p_caplist(
rsbac_pid_t pid,
02787
enum rsbac_auth_cap_type_t cap_type,
02788
struct rsbac_auth_cap_range_t caplist[],
02789
rsbac_time_t ttllist[],
02790 u_int maxnum)
02791 {
02792
#if defined(CONFIG_RSBAC_AUTH)
02793
int err = 0, tmperr = 0;
02794
union rsbac_target_id_t tid;
02795
struct rsbac_auth_cap_range_t * k_caplist;
02796
rsbac_time_t * k_ttllist;
02797
02798
02799
#if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02800
union rsbac_attribute_value_t rsbac_attribute_value;
02801
#endif
02802
02803
if(!pid)
02804
return(-
RSBAC_EINVALIDTARGET);
02805
if(cap_type >=
ACT_none)
02806
return(-
RSBAC_EINVALIDTARGET);
02807
if(!caplist)
02808
return(-
RSBAC_EINVALIDPOINTER);
02809
if(maxnum <= 0)
02810
return(-
RSBAC_EINVALIDVALUE);
02811
if(maxnum >
RSBAC_AUTH_MAX_MAXNUM)
02812 maxnum =
RSBAC_AUTH_MAX_MAXNUM;
02813
02814 tid.
process = pid;
02815
#if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02816
02817
#ifdef CONFIG_RSBAC_DEBUG
02818
if (rsbac_debug_aef) printk(KERN_DEBUG
"sys_rsbac_auth_get_p_caplist(): calling ADF\n");
02819
#endif
02820
rsbac_attribute_value.
dummy = 0;
02821
if (!
rsbac_adf_request(
R_READ_ATTRIBUTE,
02822 current->pid,
02823
T_PROCESS,
02824 tid,
02825 A_auth_get_caplist,
02826 rsbac_attribute_value))
02827 {
02828
return -EPERM;
02829 }
02830
#endif
02831
err =
rsbac_auth_get_p_caplist(tid.
process, cap_type, &k_caplist, &k_ttllist);
02832
if(err>0)
02833 {
02834
if(err > maxnum)
02835 err = maxnum;
02836 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
02837
sizeof(
struct rsbac_auth_cap_range_t) * err);
02838
if(tmperr < 0)
02839 err = tmperr;
02840
else
02841 {
02842
if(ttllist)
02843 {
02844 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02845
sizeof(
rsbac_time_t) * err);
02846
if(tmperr < 0)
02847 err = tmperr;
02848 }
02849 }
02850
rsbac_vfree(k_caplist);
02851
rsbac_vfree(k_ttllist);
02852 }
02853
02854
return(err);
02855
02856
#else
02857
return (-
RSBAC_EINVALIDMODULE);
02858
#endif
02859
};
02860
02861
02862
02863
02864 int sys_rsbac_reg(
rsbac_reg_handle_t handle,
02865
void * arg)
02866 {
02867
#if defined(CONFIG_RSBAC_REG)
02868
return rsbac_reg_syscall(handle, arg);
02869
#else
02870
return (-
RSBAC_EINVALIDMODULE);
02871
#endif
02872
}
02873
02874
02875
02876
02877
02878 int sys_rsbac_acl(
enum rsbac_acl_syscall_type_t call,
02879
struct rsbac_acl_syscall_arg_t * arg)
02880 {
02881
#if defined(CONFIG_RSBAC_ACL)
02882
struct rsbac_acl_syscall_arg_t k_arg;
02883
02884
int err = 0;
02885
02886
if(call >=
ACLC_none)
02887
return(-
RSBAC_EINVALIDREQUEST);
02888
if(!arg)
02889
return(-
RSBAC_EINVALIDPOINTER);
02890
02891
02892 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg,
sizeof(k_arg) );
02893
if(err < 0)
02894
return err;
02895
02896
if(k_arg.target >=
T_NONE)
02897
return(-
RSBAC_EINVALIDTARGET);
02898
02899
02900
if(call !=
ACLC_set_mask)
02901 {
02902
switch(k_arg.subj_type)
02903 {
02904
case ACLS_USER:
02905
break;
02906
case ACLS_GROUP:
02907
if(k_arg.subj_id !=
RSBAC_ACL_GROUP_EVERYONE)
02908 {
02909
struct rsbac_acl_group_entry_t entry;
02910
rsbac_uid_t caller;
02911
02912
if(
rsbac_acl_get_group_entry(k_arg.subj_id, &entry)
02913 || rsbac_get_owner(&caller)
02914 || ( (entry.
owner != caller)
02915 && (entry.
type !=
ACLG_GLOBAL)
02916 )
02917 )
02918
return(-
RSBAC_EINVALIDVALUE);
02919 }
02920
break;
02921
#if defined(CONFIG_RSBAC_RC)
02922
case ACLS_ROLE:
02923
if(k_arg.subj_id >
RC_role_max_value)
02924 {
02925
#ifdef CONFIG_RSBAC_RMSG
02926
rsbac_printk(KERN_DEBUG
"sys_rsbac_acl(): Invalid role %u!\n", k_arg.subj_id);
02927
#endif
02928
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02929
if (!rsbac_nosyslog)
02930
#endif
02931
printk(KERN_DEBUG
"sys_rsbac_acl(): Invalid role %u!\n", k_arg.subj_id);
02932
return(-
RSBAC_EINVALIDVALUE);
02933 }
02934
break;
02935
#endif
02936
default:
02937
#ifdef CONFIG_RSBAC_RMSG
02938
rsbac_printk(KERN_DEBUG
"sys_rsbac_acl(): Invalid subject type %u!\n", k_arg.subj_type);
02939
#endif
02940
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02941
if (!rsbac_nosyslog)
02942
#endif
02943
printk(KERN_DEBUG
"sys_rsbac_acl(): Invalid subject type %u!\n", k_arg.subj_type);
02944
return(-
RSBAC_EINVALIDVALUE);
02945 }
02946
if( (call ==
ACLC_remove_user)
02947 && (k_arg.target !=
T_USER)
02948 )
02949
return -
RSBAC_EINVALIDTARGET;
02950
02951 }
02952
02953
02954
switch(call)
02955 {
02956
case ACLC_set_acl_entry:
02957 err =
rsbac_acl_sys_set_acl_entry(k_arg.target,
02958 k_arg.tid,
02959 k_arg.subj_type,
02960 k_arg.subj_id,
02961 k_arg.rights,
02962 k_arg.ttl);
02963
break;
02964
case ACLC_remove_acl_entry:
02965 err =
rsbac_acl_sys_remove_acl_entry(k_arg.target,
02966 k_arg.tid,
02967 k_arg.subj_type,
02968 k_arg.subj_id);
02969
break;
02970
case ACLC_remove_acl:
02971 err =
rsbac_acl_sys_remove_acl(k_arg.target,
02972 k_arg.tid);
02973
break;
02974
case ACLC_add_to_acl_entry:
02975 err =
rsbac_acl_sys_add_to_acl_entry(k_arg.target,
02976 k_arg.tid,
02977 k_arg.subj_type,
02978 k_arg.subj_id,
02979 k_arg.rights,
02980 k_arg.ttl);
02981
break;
02982
case ACLC_remove_from_acl_entry:
02983 err =
rsbac_acl_sys_remove_from_acl_entry(k_arg.target,
02984 k_arg.tid,
02985 k_arg.subj_type,
02986 k_arg.subj_id,
02987 k_arg.rights);
02988
break;
02989
case ACLC_set_mask:
02990 err =
rsbac_acl_sys_set_mask(k_arg.target,
02991 k_arg.tid,
02992 k_arg.rights);
02993
break;
02994
case ACLC_remove_user:
02995 err =
rsbac_acl_sys_remove_user(k_arg.tid.user);
02996
break;
02997
02998
default:
02999 err=-
RSBAC_EINVALIDREQUEST;
03000 }
03001
return (err);
03002
#else
03003
return (-
RSBAC_EINVALIDMODULE);
03004
#endif
03005
};
03006
03007
03008 int sys_rsbac_acl_n(
enum rsbac_acl_syscall_type_t call,
03009
struct rsbac_acl_syscall_n_arg_t * arg)
03010 {
03011
#if defined(CONFIG_RSBAC_ACL)
03012
struct dentry * t_dentry =
NULL;
03013
int err = 0;
03014
union rsbac_target_id_t tid;
03015
struct rsbac_acl_syscall_n_arg_t k_arg;
03016
03017
struct nameidata nd;
03018
03019
if(call >=
ACLC_none)
03020
return(-
RSBAC_EINVALIDREQUEST);
03021
if(!arg)
03022
return(-
RSBAC_EINVALIDPOINTER);
03023
03024
03025 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg,
sizeof(k_arg) );
03026
if(err < 0)
03027
return err;
03028
03029
if(k_arg.target >=
T_NONE)
03030
return(-
RSBAC_EINVALIDTARGET);
03031
if(call !=
ACLC_set_mask)
03032 {
03033
switch(k_arg.subj_type)
03034 {
03035
case ACLS_USER:
03036
break;
03037
case ACLS_GROUP:
03038
if(k_arg.subj_id !=
RSBAC_ACL_GROUP_EVERYONE)
03039 {
03040
struct rsbac_acl_group_entry_t entry;
03041
rsbac_uid_t caller;
03042
03043
if(
rsbac_acl_get_group_entry(k_arg.subj_id, &entry)
03044 || rsbac_get_owner(&caller)
03045 || ( (entry.
owner != caller)
03046 && (entry.
type !=
ACLG_GLOBAL)
03047 )
03048 )
03049
return(-
RSBAC_EINVALIDVALUE);
03050 }
03051
break;
03052
#if defined(CONFIG_RSBAC_RC)
03053
case ACLS_ROLE:
03054
if(k_arg.subj_id >
RC_role_max_value)
03055
return(-
RSBAC_EINVALIDVALUE);
03056
break;
03057
#endif
03058
default:
03059
return(-
RSBAC_EINVALIDVALUE);
03060 }
03061 }
03062
03063
if(k_arg.name)
03064 {
03065
03066
if ((err = user_path_walk_link(k_arg.name, &nd)))
03067 {
03068
#ifdef CONFIG_RSBAC_DEBUG
03069
if (rsbac_debug_aef)
03070 printk(KERN_DEBUG
"sys_rsbac_acl_n(): call to user_path_walk_link() returned %i\n", err);
03071
#endif
03072
goto out;
03073 }
03074 t_dentry = nd.dentry;
03075
if (!t_dentry->d_inode)
03076 {
03077
#ifdef CONFIG_RSBAC_DEBUG
03078
if (rsbac_debug_aef)
03079 printk(KERN_DEBUG
"sys_rsbac_acl_n(): file not found\n");
03080
#endif
03081
err = -
RSBAC_EINVALIDTARGET;
03082
goto out_dput;
03083 }
03084 tid.file.device = t_dentry->d_sb->s_dev;
03085 tid.file.inode = t_dentry->d_inode->i_ino;
03086 tid.file.dentry_p = t_dentry;
03087 }
03088
else
03089 {
03090 tid.file.device = RSBAC_ZERO_DEV;
03091 tid.file.inode = 0;
03092 tid.file.dentry_p =
NULL;
03093 }
03094
03095
switch (k_arg.target)
03096 {
03097
case T_FD:
03098
if(k_arg.name)
03099 {
03100
if(S_ISREG(t_dentry->d_inode->i_mode))
03101 {
03102 k_arg.target =
T_FILE;
03103 }
03104
else
03105
if(S_ISDIR(t_dentry->d_inode->i_mode))
03106 {
03107 k_arg.target =
T_DIR;
03108 }
03109
else
03110
if(S_ISLNK(t_dentry->d_inode->i_mode))
03111 {
03112 k_arg.target =
T_SYMLINK;
03113 }
03114
else
03115
if(S_ISFIFO(t_dentry->d_inode->i_mode))
03116 {
03117 k_arg.target =
T_FIFO;
03118 }
03119
else
03120
if(S_ISBLK(t_dentry->d_inode->i_mode))
03121 {
03122 k_arg.target =
T_FILE;
03123 }
03124
else
03125
if(S_ISCHR(t_dentry->d_inode->i_mode))
03126 {
03127 k_arg.target =
T_FILE;
03128 }
03129
else
03130 {
03131
#ifdef CONFIG_RSBAC_DEBUG
03132
if (rsbac_debug_aef)
03133 printk(KERN_DEBUG
"sys_rsbac_acl_n(): no filesystem object\n");
03134
#endif
03135
err = -
RSBAC_EINVALIDTARGET;
03136
goto out_dput;
03137 }
03138 }
03139
else
03140 k_arg.target =
T_FILE;
03141
break;
03142
03143
case T_FILE:
03144
if(k_arg.name)
03145 {
03146
03147
if ( !(S_ISREG(t_dentry->d_inode->i_mode))
03148 && !(S_ISBLK(t_dentry->d_inode->i_mode))
03149 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03150 {
03151 err = -
RSBAC_EINVALIDTARGET;
03152
goto out_dput;
03153 }
03154 }
03155
break;
03156
03157
case T_DIR:
03158
if(k_arg.name)
03159 {
03160
if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03161 {
03162 err = -
RSBAC_EINVALIDTARGET;
03163
goto out_dput;
03164 }
03165 }
03166
break;
03167
03168
case T_FIFO:
03169
if(k_arg.name)
03170 {
03171
03172
if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03173 {
03174 err = -
RSBAC_EINVALIDTARGET;
03175
goto out_dput;
03176 }
03177 }
03178
break;
03179
03180
case T_SYMLINK:
03181
if(k_arg.name)
03182 {
03183
03184
if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
03185 {
03186 err = -
RSBAC_EINVALIDTARGET;
03187
goto out_dput;
03188 }
03189 }
03190
break;
03191
03192
case T_DEV:
03193
if(k_arg.name)
03194 {
03195
03196
if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
03197 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03198 {
03199 err = -
RSBAC_EINVALIDTARGET;
03200
goto out_dput;
03201 }
03202
03203
if(S_ISBLK(t_dentry->d_inode->i_mode))
03204 tid.dev.type =
D_block;
03205
else
03206 tid.dev.type =
D_char;
03207 tid.dev.id = t_dentry->d_inode->i_rdev;
03208 }
03209
else
03210 {
03211 tid.dev.type =
D_none;
03212 tid.dev.id = RSBAC_ZERO_DEV;
03213 }
03214
break;
03215
03216
default:
03217 err = -
RSBAC_EINVALIDTARGET;
03218
goto out_dput;
03219 }
03220
03221
switch(call)
03222 {
03223
case ACLC_set_acl_entry:
03224 err =
rsbac_acl_sys_set_acl_entry(k_arg.target,
03225 tid,
03226 k_arg.subj_type,
03227 k_arg.subj_id,
03228 k_arg.rights,
03229 k_arg.ttl);
03230
break;
03231
case ACLC_remove_acl_entry:
03232 err =
rsbac_acl_sys_remove_acl_entry(k_arg.target,
03233 tid,
03234 k_arg.subj_type,
03235 k_arg.subj_id);
03236
break;
03237
case ACLC_remove_acl:
03238 err =
rsbac_acl_sys_remove_acl(k_arg.target,
03239 tid);
03240
break;
03241
case ACLC_add_to_acl_entry:
03242 err =
rsbac_acl_sys_add_to_acl_entry(k_arg.target,
03243 tid,
03244 k_arg.subj_type,
03245 k_arg.subj_id,
03246 k_arg.rights,
03247 k_arg.ttl);
03248
break;
03249
case ACLC_remove_from_acl_entry:
03250 err =
rsbac_acl_sys_remove_from_acl_entry(k_arg.target,
03251 tid,
03252 k_arg.subj_type,
03253 k_arg.subj_id,
03254 k_arg.rights);
03255
break;
03256
case ACLC_set_mask:
03257 err =
rsbac_acl_sys_set_mask(k_arg.target,
03258 tid,
03259 k_arg.rights);
03260
break;
03261
03262
default:
03263 err=-
RSBAC_EINVALIDREQUEST;
03264 }
03265
03266 out_dput:
03267
if(k_arg.name)
03268 {
03269 path_release(&nd);
03270 }
03271
03272 out:
03273
return(err);
03274
#else
03275
return (-
RSBAC_EINVALIDMODULE);
03276
#endif
03277
};
03278
03279
03280
03281 int sys_rsbac_acl_get_rights (
struct rsbac_acl_syscall_arg_t * arg,
03282
rsbac_acl_rights_vector_t * rights_p,
03283 u_int effective)
03284 {
03285
#if defined(CONFIG_RSBAC_ACL)
03286
struct rsbac_acl_syscall_arg_t k_arg;
03287
rsbac_acl_rights_vector_t k_rights = 0;
03288
int err = 0;
03289
03290
if(!arg || !rights_p)
03291
return(-
RSBAC_EINVALIDPOINTER);
03292
03293 rsbac_get_user((u_char *) &k_arg, (u_char *) arg,
sizeof(k_arg) );
03294
03295
if(k_arg.target >=
T_NONE)
03296
return(-
RSBAC_EINVALIDTARGET);
03297
03298
03299
switch(k_arg.subj_type)
03300 {
03301
case ACLS_USER:
03302
break;
03303
case ACLS_GROUP:
03304
if(k_arg.subj_id !=
RSBAC_ACL_GROUP_EVERYONE)
03305 {
03306
struct rsbac_acl_group_entry_t entry;
03307
rsbac_uid_t caller;
03308
03309
if(
rsbac_acl_get_group_entry(k_arg.subj_id, &entry)
03310 || rsbac_get_owner(&caller)
03311 || ( (entry.
owner != caller)
03312 && (entry.
type !=
ACLG_GLOBAL)
03313 )
03314 )
03315
return(-
RSBAC_EINVALIDVALUE);
03316 }
03317
break;
03318
case ACLS_ROLE:
03319
#if defined(CONFIG_RSBAC_RC)
03320
if(k_arg.subj_id >
RC_role_max_value)
03321
return(-
RSBAC_EINVALIDVALUE);
03322
#endif
03323
break;
03324
default:
03325
#ifdef CONFIG_RSBAC_RMSG
03326
rsbac_printk(KERN_DEBUG
"sys_rsbac_acl_get_rights(): Invalid subject type %u!\n", k_arg.subj_type);
03327
#endif
03328
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03329
if (!rsbac_nosyslog)
03330
#endif
03331
printk(KERN_DEBUG
"sys_rsbac_acl_get_rights(): Invalid subject type %u!\n", k_arg.subj_type);
03332
return(-
RSBAC_EINVALIDVALUE);
03333 }
03334
03335
03336 err =
rsbac_acl_sys_get_rights(k_arg.target,
03337 k_arg.tid,
03338 k_arg.subj_type,
03339 k_arg.subj_id,
03340 &k_rights,
03341 effective);
03342
if(!err)
03343 {
03344 err = rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p,
sizeof(k_rights) );
03345 }
03346
return (err);
03347
#else
03348
return (-
RSBAC_EINVALIDMODULE);
03349
#endif
03350
};
03351
03352
03353 int sys_rsbac_acl_get_rights_n(
struct rsbac_acl_syscall_n_arg_t * arg,
03354
rsbac_acl_rights_vector_t * rights_p,
03355 u_int effective)
03356 {
03357
#if defined(CONFIG_RSBAC_ACL)
03358
struct dentry * t_dentry =
NULL;
03359
boolean need_put =
FALSE;
03360
int err = 0;
03361
union rsbac_target_id_t tid;
03362
struct rsbac_acl_syscall_n_arg_t k_arg;
03363
rsbac_acl_rights_vector_t k_rights = 0;
03364
03365
struct nameidata nd;
03366
03367
if(!arg || !rights_p)
03368
return(-
RSBAC_EINVALIDPOINTER);
03369
03370 rsbac_get_user((u_char *) &k_arg, (u_char *) arg,
sizeof(k_arg) );
03371
03372
if(k_arg.target >=
T_NONE)
03373
return(-
RSBAC_EINVALIDTARGET);
03374
switch(k_arg.subj_type)
03375 {
03376
case ACLS_USER:
03377
break;
03378
case ACLS_GROUP:
03379
if(k_arg.subj_id !=
RSBAC_ACL_GROUP_EVERYONE)
03380 {
03381
struct rsbac_acl_group_entry_t entry;
03382
rsbac_uid_t caller;
03383
03384
if(
rsbac_acl_get_group_entry(k_arg.subj_id, &entry)
03385 || rsbac_get_owner(&caller)
03386 || ( (entry.
owner != caller)
03387 && (entry.
type !=
ACLG_GLOBAL)
03388 )
03389 )
03390
return(-
RSBAC_EINVALIDVALUE);
03391 }
03392
break;
03393
case ACLS_ROLE:
03394
#if defined(CONFIG_RSBAC_RC)
03395
if(k_arg.subj_id >
RC_role_max_value)
03396
return(-
RSBAC_EINVALIDVALUE);
03397
#endif
03398
break;
03399
default:
03400
return(-
RSBAC_EINVALIDVALUE);
03401 }
03402
03403
switch (k_arg.target)
03404 {
03405
case T_FD:
03406
case T_FILE:
03407
case T_DIR:
03408
case T_FIFO:
03409
case T_SYMLINK:
03410
if(k_arg.name)
03411 {
03412
if ((err = user_path_walk_link(k_arg.name, &nd)))
03413 {
03414
#ifdef CONFIG_RSBAC_DEBUG
03415
if (rsbac_debug_aef_acl)
03416 printk(KERN_DEBUG
"sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
03417
#endif
03418
goto out;
03419 }
03420 t_dentry = nd.dentry;
03421 need_put =
TRUE;
03422
if (!t_dentry->d_inode)
03423 {
03424 err = -
RSBAC_EINVALIDTARGET;
03425
goto out_dput;
03426 }
03427
03428
switch(k_arg.target)
03429 {
03430
case T_FD:
03431
if(S_ISREG(t_dentry->d_inode->i_mode))
03432 {
03433 k_arg.target =
T_FILE;
03434 }
03435
else
03436
if(S_ISDIR(t_dentry->d_inode->i_mode))
03437 {
03438 k_arg.target =
T_DIR;
03439 }
03440
else
03441
if(S_ISLNK(t_dentry->d_inode->i_mode))
03442 {
03443 k_arg.target =
T_SYMLINK;
03444 }
03445
else
03446
if(S_ISFIFO(t_dentry->d_inode->i_mode))
03447 {
03448 k_arg.target =
T_FIFO;
03449 }
03450
else
03451
if(S_ISBLK(t_dentry->d_inode->i_mode))
03452 {
03453 k_arg.target =
T_FILE;
03454 }
03455
else
03456
if(S_ISCHR(t_dentry->d_inode->i_mode))
03457 {
03458 k_arg.target =
T_FILE;
03459 }
03460
else
03461 {
03462 err = -
RSBAC_EINVALIDTARGET;
03463
goto out_dput;
03464 }
03465
break;
03466
case T_FILE:
03467
if ( !(S_ISREG(t_dentry->d_inode->i_mode))
03468 && !(S_ISBLK(t_dentry->d_inode->i_mode))
03469 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03470 {
03471 err = -
RSBAC_EINVALIDTARGET;
03472
goto out_dput;
03473 }
03474
break;
03475
case T_DIR:
03476
if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03477 {
03478 err = -
RSBAC_EINVALIDTARGET;
03479
goto out_dput;
03480 }
03481
break;
03482
case T_FIFO:
03483
03484
if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03485 {
03486 err = -
RSBAC_EINVALIDTARGET;
03487
goto out_dput;
03488 }
03489
break;
03490
case T_SYMLINK:
03491
03492
if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
03493 {
03494 err = -
RSBAC_EINVALIDTARGET;
03495
goto out_dput;
03496 }
03497
break;
03498
default:
03499 err = -
RSBAC_EINVALIDTARGET;
03500
goto out_dput;
03501 }
03502 tid.file.device = t_dentry->d_sb->s_dev;
03503 tid.file.inode = t_dentry->d_inode->i_ino;
03504 tid.file.dentry_p = t_dentry;
03505 }
03506
else
03507 {
03508
if(k_arg.target ==
T_FD)
03509 k_arg.target =
T_FILE;
03510 tid.file.device = RSBAC_ZERO_DEV;
03511 tid.file.inode = 0;
03512 tid.file.dentry_p =
NULL;
03513 }
03514
break;
03515
03516
case T_DEV:
03517
if(k_arg.name)
03518 {
03519
if ((err = user_path_walk_link(k_arg.name, &nd)))
03520 {
03521
#ifdef CONFIG_RSBAC_DEBUG
03522
if (rsbac_debug_aef_acl)
03523 printk(KERN_DEBUG
"sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
03524
#endif
03525
goto out;
03526 }
03527 t_dentry = nd.dentry;
03528 need_put =
TRUE;
03529
if (!t_dentry->d_inode)
03530 {
03531 err = -
RSBAC_EINVALIDTARGET;
03532
goto out_dput;
03533 }
03534
03535
if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
03536 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03537 {
03538 err = -
RSBAC_EINVALIDTARGET;
03539
goto out_dput;
03540 }
03541
03542
if(S_ISBLK(t_dentry->d_inode->i_mode))
03543 tid.dev.type =
D_block;
03544
else
03545 tid.dev.type =
D_char;
03546 tid.dev.id = t_dentry->d_inode->i_rdev;
03547 }
03548
else
03549 {
03550 tid.dev.type =
D_none;
03551 tid.dev.id = RSBAC_ZERO_DEV;
03552 }
03553
break;
03554
03555
default:
03556
return -
RSBAC_EINVALIDTARGET;
03557 }
03558
03559
03560 err =
rsbac_acl_sys_get_rights(k_arg.target,
03561 tid,
03562 k_arg.subj_type,
03563 k_arg.subj_id,
03564 &k_rights,
03565 effective);
03566
03567 out_dput:
03568
if(need_put)
03569 path_release(&nd);
03570 out:
03571
if(!err)
03572 {
03573 rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p,
sizeof(k_rights) );
03574 }
03575
return(err);
03576
#else
03577
return (-
RSBAC_EINVALIDMODULE);
03578
#endif
03579
};
03580
03581
03582
03583 int sys_rsbac_acl_get_tlist (
enum rsbac_target_t target,
03584
union rsbac_target_id_t * tid,
03585
struct rsbac_acl_entry_t entry_array[],
03586
rsbac_time_t ttl_array[],
03587 u_int maxnum)
03588 {
03589
#if defined(CONFIG_RSBAC_ACL)
03590
union rsbac_target_id_t k_tid;
03591
struct rsbac_acl_entry_t * k_entry_p;
03592
rsbac_time_t * k_ttl_p;
03593
int err = 0;
03594
03595
if(!tid || (target >=
T_NONE))
03596
return(-
RSBAC_EINVALIDTARGET);
03597
if(!entry_array)
03598
return(-
RSBAC_EINVALIDPOINTER);
03599
if(!maxnum)
03600
return(-
RSBAC_EINVALIDVALUE);
03601
if(maxnum >
RSBAC_ACL_MAX_MAXNUM)
03602 maxnum =
RSBAC_ACL_MAX_MAXNUM;
03603
03604
03605 err = rsbac_get_user((u_char *) &k_tid, (u_char *) tid,
sizeof(k_tid) );
03606
if(err)
03607
return err;
03608
03609
03610 err =
rsbac_acl_sys_get_tlist(target, k_tid, &k_entry_p, &k_ttl_p);
03611
if(err>0)
03612 {
03613
if(err > maxnum)
03614 err = maxnum;
03615 rsbac_put_user((u_char *) k_entry_p,
03616 (u_char *) entry_array,
03617 err *
sizeof(*k_entry_p) );
03618
if(ttl_array)
03619 {
03620 rsbac_put_user((u_char *) k_ttl_p,
03621 (u_char *) ttl_array,
03622 err *
sizeof(*k_ttl_p) );
03623 }
03624
rsbac_vfree(k_entry_p);
03625
rsbac_vfree(k_ttl_p);
03626 }
03627
return (err);
03628
#else
03629
return (-
RSBAC_EINVALIDMODULE);
03630
#endif
03631
};
03632
03633 int sys_rsbac_acl_get_tlist_n(
enum rsbac_target_t target,
03634
char * t_name,
03635
struct rsbac_acl_entry_t entry_array[],
03636
rsbac_time_t ttl_array[],
03637 u_int maxnum)
03638 {
03639
#if defined(CONFIG_RSBAC_ACL)
03640
struct dentry * t_dentry =
NULL;
03641
struct rsbac_acl_entry_t * k_entry_p;
03642
rsbac_time_t * k_ttl_p;
03643
boolean need_put =
FALSE;
03644
int err = 0;
03645
union rsbac_target_id_t tid;
03646
03647
struct nameidata nd;
03648
03649
if(target >=
T_NONE)
03650
return(-
RSBAC_EINVALIDTARGET);
03651
if(!entry_array)
03652
return(-
RSBAC_EINVALIDPOINTER);
03653
03654
switch (target)
03655 {
03656
case T_FD:
03657
case T_FILE:
03658
case T_DIR:
03659
case T_FIFO:
03660
case T_SYMLINK:
03661
if(t_name)
03662 {
03663
if ((err = user_path_walk_link(t_name, &nd)))
03664 {
03665
#ifdef CONFIG_RSBAC_DEBUG
03666
if (rsbac_debug_aef_acl)
03667 printk(KERN_DEBUG
"sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
03668
#endif
03669
goto out;
03670 }
03671 t_dentry = nd.dentry;
03672 need_put =
TRUE;
03673
if (!t_dentry->d_inode)
03674 {
03675 err = -
RSBAC_EINVALIDTARGET;
03676
goto out_dput;
03677 }
03678
03679
switch(target)
03680 {
03681
case T_FD:
03682
if(S_ISREG(t_dentry->d_inode->i_mode))
03683 {
03684 target =
T_FILE;
03685 }
03686
else
03687
if(S_ISDIR(t_dentry->d_inode->i_mode))
03688 {
03689 target =
T_DIR;
03690 }
03691
else
03692
if(S_ISLNK(t_dentry->d_inode->i_mode))
03693 {
03694 target =
T_SYMLINK;
03695 }
03696
else
03697
if(S_ISFIFO(t_dentry->d_inode->i_mode))
03698 {
03699 target =
T_FIFO;
03700 }
03701
else
03702
if(S_ISBLK(t_dentry->d_inode->i_mode))
03703 {
03704 target =
T_FILE;
03705 }
03706
else
03707
if(S_ISCHR(t_dentry->d_inode->i_mode))
03708 {
03709 target =
T_FILE;
03710 }
03711
else
03712 {
03713 err = -
RSBAC_EINVALIDTARGET;
03714
goto out_dput;
03715 }
03716
break;
03717
case T_FILE:
03718
if ( !(S_ISREG(t_dentry->d_inode->i_mode))
03719 && !(S_ISBLK(t_dentry->d_inode->i_mode))
03720 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03721 {
03722 err = -
RSBAC_EINVALIDTARGET;
03723
goto out_dput;
03724 }
03725
break;
03726
case T_DIR:
03727
if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03728 {
03729 err = -
RSBAC_EINVALIDTARGET;
03730
goto out_dput;
03731 }
03732
break;
03733
case T_FIFO:
03734
03735
if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03736 {
03737 err = -
RSBAC_EINVALIDTARGET;
03738
goto out_dput;
03739 }
03740
break;
03741
case T_SYMLINK:
03742
03743
if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
03744 {
03745 err = -
RSBAC_EINVALIDTARGET;
03746
goto out_dput;
03747 }
03748
break;
03749
default:
03750 err = -
RSBAC_EINVALIDTARGET;
03751
goto out_dput;
03752 }
03753 tid.file.device = t_dentry->d_sb->s_dev;
03754 tid.file.inode = t_dentry->d_inode->i_ino;
03755 tid.file.dentry_p = t_dentry;
03756 }
03757
else
03758 {
03759
if(target ==
T_FD)
03760 target =
T_FILE;
03761 tid.file.device = RSBAC_ZERO_DEV;
03762 tid.file.inode = 0;
03763 tid.file.dentry_p =
NULL;
03764 }
03765
break;
03766
03767
case T_DEV:
03768
if(t_name)
03769 {
03770
if ((err = user_path_walk_link(t_name, &nd)))
03771 {
03772
#ifdef CONFIG_RSBAC_DEBUG
03773
if (rsbac_debug_aef_acl)
03774 printk(KERN_DEBUG
"sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
03775
#endif
03776
goto out;
03777 }
03778 t_dentry = nd.dentry;
03779 need_put =
TRUE;
03780
if (!t_dentry->d_inode)
03781 {
03782 err = -
RSBAC_EINVALIDTARGET;
03783
goto out_dput;
03784 }
03785
03786
if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
03787 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03788 {
03789 err = -
RSBAC_EINVALIDTARGET;
03790
goto out_dput;
03791 }
03792
03793
if(S_ISBLK(t_dentry->d_inode->i_mode))
03794 tid.dev.type =
D_block;
03795
else
03796 tid.dev.type =
D_char;
03797 tid.dev.id = t_dentry->d_inode->i_rdev;
03798 }
03799
else
03800 {
03801 tid.dev.type =
D_none;
03802 tid.dev.id = RSBAC_ZERO_DEV;
03803 }
03804
break;
03805
03806
default:
03807
return -
RSBAC_EINVALIDTARGET;
03808 }
03809
03810 err =
rsbac_acl_sys_get_tlist(target, tid, &k_entry_p, &k_ttl_p);
03811
03812 out_dput:
03813
if(need_put)
03814 path_release(&nd);
03815 out:
03816
if(err>0)
03817 {
03818
if(err > maxnum)
03819 err = maxnum;
03820 rsbac_put_user((u_char *) k_entry_p,
03821 (u_char *) entry_array,
03822 err *
sizeof(*k_entry_p) );
03823
if(ttl_array)
03824 {
03825 rsbac_put_user((u_char *) k_ttl_p,
03826 (u_char *) ttl_array,
03827 err *
sizeof(*k_ttl_p) );
03828 }
03829
rsbac_vfree(k_entry_p);
03830
rsbac_vfree(k_ttl_p);
03831 }
03832
return(err);
03833
03834
#else
03835
return (-
RSBAC_EINVALIDMODULE);
03836
#endif
03837
};
03838
03839
03840
03841 int sys_rsbac_acl_get_mask (
enum rsbac_target_t target,
03842
union rsbac_target_id_t * tid,
03843
rsbac_acl_rights_vector_t * mask_p)
03844 {
03845
#if defined(CONFIG_RSBAC_ACL)
03846
union rsbac_target_id_t k_tid;
03847
rsbac_acl_rights_vector_t k_mask;
03848
int err = 0;
03849
03850
if(!tid || (target >=
T_NONE))
03851
return(-
RSBAC_EINVALIDTARGET);
03852
if(!mask_p)
03853
return(-
RSBAC_EINVALIDPOINTER);
03854
03855
03856 rsbac_get_user((u_char *) &k_tid, (u_char *) tid,
sizeof(k_tid) );
03857
03858
03859 err =
rsbac_acl_sys_get_mask(target, k_tid, &k_mask);
03860
if(!err)
03861 {
03862 rsbac_put_user((u_char *) &k_mask,
03863 (u_char *) mask_p,
03864
sizeof(k_mask) );
03865 }
03866
return (err);
03867
#else
03868
return (-
RSBAC_EINVALIDMODULE);
03869
#endif
03870
};
03871
03872 int sys_rsbac_acl_get_mask_n(
enum rsbac_target_t target,
03873
char * t_name,
03874
rsbac_acl_rights_vector_t * mask_p)
03875 {
03876
#if defined(CONFIG_RSBAC_ACL)
03877
struct dentry * t_dentry =
NULL;
03878
rsbac_acl_rights_vector_t k_mask;
03879
boolean need_put =
FALSE;
03880
int err = 0;
03881
union rsbac_target_id_t tid;
03882
03883
struct nameidata nd;
03884
03885
if(target >=
T_NONE)
03886
return(-
RSBAC_EINVALIDTARGET);
03887
if(!mask_p)
03888
return(-
RSBAC_EINVALIDPOINTER);
03889
03890
switch (target)
03891 {
03892
case T_FD:
03893
case T_FILE:
03894
case T_DIR:
03895
case T_FIFO:
03896
case T_SYMLINK:
03897
if(t_name)
03898 {
03899
if ((err = user_path_walk_link(t_name, &nd)))
03900 {
03901
#ifdef CONFIG_RSBAC_DEBUG
03902
if (rsbac_debug_aef_acl)
03903 printk(KERN_DEBUG
"sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
03904
#endif
03905
goto out;
03906 }
03907 t_dentry = nd.dentry;
03908 need_put =
TRUE;
03909
if (!t_dentry->d_inode)
03910 {
03911 err = -
RSBAC_EINVALIDTARGET;
03912
goto out_dput;
03913 }
03914
03915
switch(target)
03916 {
03917
case T_FD:
03918
if(S_ISREG(t_dentry->d_inode->i_mode))
03919 {
03920 target =
T_FILE;
03921 }
03922
else
03923
if(S_ISDIR(t_dentry->d_inode->i_mode))
03924 {
03925 target =
T_DIR;
03926 }
03927
else
03928
if(S_ISLNK(t_dentry->d_inode->i_mode))
03929 {
03930 target =
T_SYMLINK;
03931 }
03932
else
03933
if(S_ISFIFO(t_dentry->d_inode->i_mode))
03934 {
03935 target =
T_FIFO;
03936 }
03937
else
03938
if(S_ISBLK(t_dentry->d_inode->i_mode))
03939 {
03940 target =
T_FILE;
03941 }
03942
else
03943
if(S_ISCHR(t_dentry->d_inode->i_mode))
03944 {
03945 target =
T_FILE;
03946 }
03947
else
03948 {
03949 err = -
RSBAC_EINVALIDTARGET;
03950
goto out_dput;
03951 }
03952
break;
03953
case T_FILE:
03954
if ( !(S_ISREG(t_dentry->d_inode->i_mode))
03955 && !(S_ISBLK(t_dentry->d_inode->i_mode))
03956 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03957 {
03958 err = -
RSBAC_EINVALIDTARGET;
03959
goto out_dput;
03960 }
03961
break;
03962
case T_DIR:
03963
if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03964 {
03965 err = -
RSBAC_EINVALIDTARGET;
03966
goto out_dput;
03967 }
03968
break;
03969
case T_FIFO:
03970
03971
if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03972 {
03973 err = -
RSBAC_EINVALIDTARGET;
03974
goto out_dput;
03975 }
03976
break;
03977
case T_SYMLINK:
03978
03979
if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
03980 {
03981 err = -
RSBAC_EINVALIDTARGET;
03982
goto out_dput;
03983 }
03984
break;
03985
default:
03986 err = -
RSBAC_EINVALIDTARGET;
03987
goto out_dput;
03988 }
03989 tid.file.device = t_dentry->d_sb->s_dev;
03990 tid.file.inode = t_dentry->d_inode->i_ino;
03991 tid.file.dentry_p = t_dentry;
03992 }
03993
else
03994 {
03995
if(target ==
T_FD)
03996 target =
T_FILE;
03997 tid.file.device = RSBAC_ZERO_DEV;
03998 tid.file.inode = 0;
03999 tid.file.dentry_p =
NULL;
04000 }
04001
break;
04002
04003
case T_DEV:
04004
if(t_name)
04005 {
04006
if ((err = user_path_walk_link(t_name, &nd)))
04007 {
04008
#ifdef CONFIG_RSBAC_DEBUG
04009
if (rsbac_debug_aef_acl)
04010 printk(KERN_DEBUG
"sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
04011
#endif
04012
goto out;
04013 }
04014 t_dentry = nd.dentry;
04015 need_put =
TRUE;
04016
if (!t_dentry->d_inode)
04017 {
04018 err = -
RSBAC_EINVALIDTARGET;
04019
goto out_dput;
04020 }
04021
04022
if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
04023 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04024 {
04025 err = -
RSBAC_EINVALIDTARGET;
04026
goto out_dput;
04027 }
04028
04029
if(S_ISBLK(t_dentry->d_inode->i_mode))
04030 tid.dev.type =
D_block;
04031
else
04032 tid.dev.type =
D_char;
04033 tid.dev.id = t_dentry->d_inode->i_rdev;
04034 }
04035
else
04036 {
04037 tid.dev.type =
D_none;
04038 tid.dev.id = RSBAC_ZERO_DEV;
04039 }
04040
break;
04041
04042
default:
04043
return -
RSBAC_EINVALIDTARGET;
04044 }
04045
04046 err =
rsbac_acl_sys_get_mask(target, tid, &k_mask);
04047
04048 out_dput:
04049
if(need_put)
04050 path_release(&nd);
04051 out:
04052
if(!err)
04053 {
04054 rsbac_put_user((u_char *) &k_mask,
04055 (u_char *) mask_p,
04056
sizeof(k_mask) );
04057 }
04058
return(err);
04059
04060
#else
04061
return (-
RSBAC_EINVALIDMODULE);
04062
#endif
04063
};
04064
04065
04066
04067 int sys_rsbac_acl_group(
enum rsbac_acl_group_syscall_type_t call,
04068
union rsbac_acl_group_syscall_arg_t * arg_p)
04069 {
04070
#if defined(CONFIG_RSBAC_ACL)
04071
union rsbac_acl_group_syscall_arg_t k_arg;
04072
int err = 0;
04073
04074
if(call >=
ACLGS_none)
04075
return(-
RSBAC_EINVALIDREQUEST);
04076
if(!arg_p)
04077
return(-
RSBAC_EINVALIDPOINTER);
04078
04079
04080 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p,
sizeof(k_arg) );
04081
04082
04083
if(err >= 0)
04084 err =
rsbac_acl_sys_group(call, k_arg);
04085
return (err);
04086
#else
04087
return (-
RSBAC_EINVALIDMODULE);
04088
#endif
04089
};
04090
04091
04092
04093 int sys_rsbac_jail(
rsbac_version_t version,
04094
char *
path,
04095
rsbac_jail_ip_t ip,
04096
rsbac_jail_flags_t flags,
04097
rsbac_cap_vector_t max_caps)
04098 {
04099
#if defined(CONFIG_RSBAC_JAIL)
04100
return rsbac_jail_sys_jail(version, path, ip, flags, max_caps);
04101
#else
04102
return (-
RSBAC_EINVALIDMODULE);
04103
#endif
04104
}
04105
04106
04107
04108
04109
04110
04111 int sys_rsbac_adf_log_switch(
enum rsbac_adf_request_t request,
04112
enum rsbac_target_t target,
04113 u_int value)
04114 {
04115
union rsbac_target_id_t rsbac_target_id;
04116
union rsbac_attribute_value_t rsbac_attribute_value;
04117
04118
if ((value !=
LL_none) && (value !=
LL_denied) && (value !=
LL_full))
04119
return (-
RSBAC_EINVALIDVALUE);
04120
if(request >=
R_NONE)
04121
return(-
RSBAC_EINVALIDREQUEST);
04122
if( (target ==
T_FD)
04123 || (target >
T_NONE)
04124 )
04125
return(-
RSBAC_EINVALIDTARGET);
04126
04127
#ifdef CONFIG_RSBAC_DEBUG
04128
if (rsbac_debug_aef)
04129 printk(KERN_DEBUG
"sys_rsbac_adf_log_switch(): calling ADF\n");
04130
#endif
04131
rsbac_target_id.
dummy = 0;
04132 rsbac_attribute_value.request = target;
04133
if (!
rsbac_adf_request(
R_SWITCH_LOG,
04134 current->pid,
04135
T_NONE,
04136 rsbac_target_id,
04137 A_request,
04138 rsbac_attribute_value))
04139 {
04140
return -EPERM;
04141 }
04142
#ifdef CONFIG_RSBAC_DEBUG
04143
if (rsbac_debug_aef)
04144 {
04145
char * request_name =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
04146
if(request_name)
04147 {
04148
get_request_name(request_name,target);
04149
#ifdef CONFIG_RSBAC_RMSG
04150
rsbac_printk(KERN_INFO
"sys_rsbac_adf_log_switch(): switching RSBAC module logging for request %s (No. %i) to %i!\n",
04151 request_name, target, value);
04152
#endif
04153
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04154
if (!rsbac_nosyslog)
04155
#endif
04156
printk(KERN_INFO
"sys_rsbac_adf_log_switch(): switching RSBAC module logging for request %s (No. %i) to %i!\n",
04157 request_name, target, value);
04158
rsbac_kfree(request_name);
04159 }
04160 }
04161
#endif
04162
rsbac_adf_log_switch(request,target,value);
04163
return(0);
04164 }
04165
04166 int sys_rsbac_get_adf_log(
enum rsbac_adf_request_t request,
04167
enum rsbac_target_t target,
04168 u_int * value_p)
04169 {
04170
union rsbac_target_id_t rsbac_target_id;
04171
union rsbac_attribute_value_t rsbac_attribute_value;
04172 u_int k_value;
04173
int err;
04174
04175
if(request >=
R_NONE)
04176
return(-
RSBAC_EINVALIDREQUEST);
04177
if( (target ==
T_FD)
04178 || (target >
T_NONE)
04179 )
04180
return(-
RSBAC_EINVALIDTARGET);
04181
if(!value_p)
04182
return(-
RSBAC_EINVALIDPOINTER);
04183
04184
#ifdef CONFIG_RSBAC_DEBUG
04185
if (rsbac_debug_aef)
04186 printk(KERN_DEBUG
"sys_rsbac_get_adf_log(): calling ADF\n");
04187
#endif
04188
rsbac_target_id.
scd =
ST_rsbac;
04189 rsbac_attribute_value.request = request;
04190
if (!
rsbac_adf_request(
R_GET_STATUS_DATA,
04191 current->pid,
04192
T_SCD,
04193 rsbac_target_id,
04194 A_request,
04195 rsbac_attribute_value))
04196 {
04197
return -EPERM;
04198 }
04199
#ifdef CONFIG_RSBAC_DEBUG
04200
if (rsbac_debug_aef)
04201 {
04202
char * request_name =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
04203
if(request_name)
04204 {
04205
get_request_name(request_name,target);
04206 printk(KERN_DEBUG
"sys_rsbac_get_adf_log(): getting RSBAC module logging for request %s (No. %i)!\n",
04207 request_name, target);
04208
rsbac_kfree(request_name);
04209 }
04210 }
04211
#endif
04212
err =
rsbac_get_adf_log(request, target, &k_value);
04213
if(!err)
04214 {
04215 rsbac_put_user((u_char *) &k_value,
04216 (u_char *) value_p,
04217
sizeof(k_value) );
04218 }
04219
return(err);
04220 }
04221
04222
04223
04224
04225
04226
04227
04228
04229
04230
04231
04232 int sys_rsbac_log(
int type,
04233
char * buf,
04234
int len)
04235 {
04236
#if defined(CONFIG_RSBAC_RMSG)
04237
04238
return(
rsbac_log(type,buf,len));
04239
#else
04240
return(0);
04241
#endif
04242 }
04243
04244
#if defined(CONFIG_RSBAC_INIT_DELAY)
04245
int sys_rsbac_init(
char *
path)
04246 {
04247
struct dentry * t_dentry =
NULL;
04248
boolean need_put =
FALSE;
04249
int err = 0;
04250
04251
struct nameidata nd;
04252
04253
if(!path)
04254
return rsbac_init(ROOT_DEV);
04255
04256
if ((err = user_path_walk_link(path, &nd)))
04257 {
04258
goto out;
04259 }
04260 t_dentry = nd.dentry;
04261 need_put =
TRUE;
04262
if (!t_dentry->d_inode)
04263 {
04264 err = -
RSBAC_EINVALIDTARGET;
04265
goto out_dput;
04266 }
04267
04268
if(!S_ISBLK(t_dentry->d_inode->i_mode))
04269 {
04270 err = -
RSBAC_EINVALIDTARGET;
04271
goto out_dput;
04272 }
04273 err =
rsbac_init(t_dentry->d_sb->s_dev);
04274
04275 out_dput:
04276
if(need_put)
04277 path_release(&nd);
04278 out:
04279
return(err);
04280 }
04281
#endif
04282
04283
04284
#ifdef rsbac_syscall4
04285
asmlinkage
int sys_rsbac(
int dummy,
04286
rsbac_version_t version,
04287
enum rsbac_syscall_t call,
04288
union rsbac_syscall_arg_t * arg_p)
04289 #
else
04290 asmlinkage
int sys_rsbac(
rsbac_version_t version,
04291
enum rsbac_syscall_t call,
04292
union rsbac_syscall_arg_t * arg_p)
04293 #endif
04294 {
04295
union rsbac_syscall_arg_t k_arg;
04296
int err;
04297
04298
if(version !=
RSBAC_VERSION_NR)
04299
return -
RSBAC_EINVALIDVERSION;
04300
04301
if(call >=
RSYS_none)
04302
return -
RSBAC_EINVALIDREQUEST;
04303
04304
04305
if(arg_p)
04306 {
04307 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p,
sizeof(k_arg) );
04308
if(err)
04309
return err;
04310 }
04311
else
04312 {
04313 memset(&k_arg, 0,
sizeof(k_arg));
04314 }
04315
04316
switch(call)
04317 {
04318
case RSYS_stats:
04319
return sys_rsbac_stats();
04320
case RSYS_check:
04321
return sys_rsbac_check(k_arg.
check.
correct, k_arg.
check.
check_inode);
04322
case RSYS_get_attr:
04323
return sys_rsbac_get_attr(k_arg.
get_attr.
module,
04324 k_arg.
get_attr.
target,
04325 k_arg.
get_attr.
tid,
04326 k_arg.
get_attr.
attr,
04327 k_arg.
get_attr.
value,
04328 k_arg.
get_attr.
inherit);
04329
case RSYS_get_attr_n:
04330
return sys_rsbac_get_attr_n(k_arg.
get_attr_n.
module,
04331 k_arg.
get_attr_n.
target,
04332 k_arg.
get_attr_n.
t_name,
04333 k_arg.
get_attr_n.
attr,
04334 k_arg.
get_attr_n.
value,
04335 k_arg.
get_attr_n.
inherit);
04336
case RSYS_set_attr:
04337
return sys_rsbac_set_attr(k_arg.
set_attr.
module,
04338 k_arg.
set_attr.
target,
04339 k_arg.
set_attr.
tid,
04340 k_arg.
set_attr.
attr,
04341 k_arg.
set_attr.
value);
04342
case RSYS_set_attr_n:
04343
return sys_rsbac_set_attr_n(k_arg.
set_attr_n.
module,
04344 k_arg.
set_attr_n.
target,
04345 k_arg.
set_attr_n.
t_name,
04346 k_arg.
set_attr_n.
attr,
04347 k_arg.
set_attr_n.
value);
04348
case RSYS_remove_target:
04349
return sys_rsbac_remove_target(k_arg.
remove_target.
target,
04350 k_arg.
remove_target.
tid);
04351
case RSYS_remove_target_n:
04352
return sys_rsbac_remove_target_n(k_arg.
remove_target_n.
target,
04353 k_arg.
remove_target_n.
t_name);
04354
case RSYS_net_list_all_netdev:
04355
return sys_rsbac_net_list_all_netdev(k_arg.
net_list_all_netdev.
id_p,
04356 k_arg.
net_list_all_netdev.
maxnum);
04357
case RSYS_net_template:
04358
return sys_rsbac_net_template(k_arg.
net_template.
call,
04359 k_arg.
net_template.
id,
04360 k_arg.
net_template.
data_p);
04361
case RSYS_net_list_all_template:
04362
return sys_rsbac_net_list_all_template(k_arg.
net_list_all_template.
id_p,
04363 k_arg.
net_list_all_template.
maxnum);
04364
case RSYS_switch:
04365
return sys_rsbac_switch(k_arg.
switch_module.
target,
04366 k_arg.
switch_module.
value);
04367
case RSYS_adf_log_switch:
04368
return sys_rsbac_adf_log_switch(k_arg.
adf_log_switch.
request,
04369 k_arg.
adf_log_switch.
target,
04370 k_arg.
adf_log_switch.
value);
04371
case RSYS_get_adf_log:
04372
return sys_rsbac_get_adf_log(k_arg.
get_adf_log.
request,
04373 k_arg.
get_adf_log.
target,
04374 k_arg.
get_adf_log.
value_p);
04375
case RSYS_write:
04376
return sys_rsbac_write();
04377
case RSYS_log:
04378
return sys_rsbac_log(k_arg.
log.
type,
04379 k_arg.
log.
buf,
04380 k_arg.
log.
len);
04381
case RSYS_mac_set_curr_level:
04382
return sys_rsbac_mac_set_curr_level(k_arg.
mac_set_curr_level.
level,
04383 k_arg.
mac_set_curr_level.
categories_p);
04384
case RSYS_mac_get_curr_level:
04385
return sys_rsbac_mac_get_curr_level(k_arg.
mac_get_curr_level.
level_p,
04386 k_arg.
mac_get_curr_level.
categories_p);
04387
case RSYS_mac_get_max_level:
04388
return sys_rsbac_mac_get_max_level(k_arg.
mac_get_max_level.
level_p,
04389 k_arg.
mac_get_max_level.
categories_p);
04390
case RSYS_mac_get_min_level:
04391
return sys_rsbac_mac_get_min_level(k_arg.
mac_get_min_level.
level_p,
04392 k_arg.
mac_get_min_level.
categories_p);
04393
case RSYS_mac_add_p_tru:
04394
return sys_rsbac_mac_add_p_tru(k_arg.
mac_add_p_tru.
pid,
04395 k_arg.
mac_add_p_tru.
uid,
04396 k_arg.
mac_add_p_tru.
ttl);
04397
case RSYS_mac_remove_p_tru:
04398
return sys_rsbac_mac_remove_p_tru(k_arg.
mac_remove_p_tru.
pid,
04399 k_arg.
mac_add_p_tru.
uid);
04400
case RSYS_mac_add_f_tru:
04401
return sys_rsbac_mac_add_f_tru(k_arg.
mac_add_f_tru.
filename,
04402 k_arg.
mac_add_p_tru.
uid,
04403 k_arg.
mac_add_f_tru.
ttl);
04404
case RSYS_mac_remove_f_tru:
04405
return sys_rsbac_mac_remove_f_tru(k_arg.
mac_remove_f_tru.
filename,
04406 k_arg.
mac_add_p_tru.
uid);
04407
case RSYS_mac_get_f_trulist:
04408
return sys_rsbac_mac_get_f_trulist(k_arg.
mac_get_f_trulist.
filename,
04409 k_arg.
mac_get_f_trulist.
trulist,
04410 k_arg.
mac_get_f_trulist.
ttllist,
04411 k_arg.
mac_get_f_trulist.
maxnum);
04412
case RSYS_mac_get_p_trulist:
04413
return sys_rsbac_mac_get_p_trulist(k_arg.
mac_get_p_trulist.
pid,
04414 k_arg.
mac_get_p_trulist.
trulist,
04415 k_arg.
mac_get_p_trulist.
ttllist,
04416 k_arg.
mac_get_p_trulist.
maxnum);
04417
case RSYS_stats_pm:
04418
return sys_rsbac_stats_pm();
04419
case RSYS_pm:
04420
return sys_rsbac_pm(k_arg.
pm.
function,
04421 k_arg.
pm.
param_p,
04422 k_arg.
pm.
ticket);
04423
case RSYS_pm_change_current_task:
04424
return sys_rsbac_pm_change_current_task(k_arg.
pm_change_current_task.
task);
04425
case RSYS_pm_create_file:
04426
return sys_rsbac_pm_create_file(k_arg.
pm_create_file.
filename,
04427 k_arg.
pm_create_file.
mode,
04428 k_arg.
pm_create_file.
object_class);
04429
case RSYS_daz_flush_cache:
04430
return sys_rsbac_daz_flush_cache();
04431
case RSYS_rc_copy_role:
04432
return sys_rsbac_rc_copy_role(k_arg.
rc_copy_role.
from_role,
04433 k_arg.
rc_copy_role.
to_role);
04434
case RSYS_rc_get_item:
04435
return sys_rsbac_rc_get_item(k_arg.
rc_get_item.
target,
04436 k_arg.
rc_get_item.
tid_p,
04437 k_arg.
rc_get_item.
subtid_p,
04438 k_arg.
rc_get_item.
item,
04439 k_arg.
rc_get_item.
value_p,
04440 k_arg.
rc_get_item.
ttl_p);
04441
case RSYS_rc_set_item:
04442
return sys_rsbac_rc_set_item(k_arg.
rc_set_item.
target,
04443 k_arg.
rc_set_item.
tid_p,
04444 k_arg.
rc_set_item.
subtid_p,
04445 k_arg.
rc_set_item.
item,
04446 k_arg.
rc_set_item.
value_p,
04447 k_arg.
rc_set_item.
ttl);
04448
case RSYS_rc_change_role:
04449
return sys_rsbac_rc_change_role(k_arg.
rc_change_role.
role);
04450
case RSYS_rc_get_eff_rights_n:
04451
return sys_rsbac_rc_get_eff_rights_n(k_arg.
rc_get_eff_rights_n.
target,
04452 k_arg.
rc_get_eff_rights_n.
t_name,
04453 k_arg.
rc_get_eff_rights_n.
request_vector_p,
04454 k_arg.
rc_get_eff_rights_n.
ttl_p);
04455
case RSYS_rc_get_list:
04456
return sys_rsbac_rc_get_list(k_arg.
rc_get_list.
target,
04457 k_arg.
rc_get_list.
tid_p,
04458 k_arg.
rc_get_list.
item,
04459 k_arg.
rc_get_list.
maxnum,
04460 k_arg.
rc_get_list.
array_p,
04461 k_arg.
rc_get_list.
ttl_array_p);
04462
case RSYS_rc_get_current_role:
04463
return sys_rsbac_rc_get_current_role(k_arg.
rc_get_current_role.
role_p);
04464
case RSYS_auth_add_p_cap:
04465
return sys_rsbac_auth_add_p_cap(k_arg.
auth_add_p_cap.
pid,
04466 k_arg.
auth_add_p_cap.
cap_type,
04467 k_arg.
auth_add_p_cap.
cap_range,
04468 k_arg.
auth_add_p_cap.
ttl);
04469
case RSYS_auth_remove_p_cap:
04470
return sys_rsbac_auth_remove_p_cap(k_arg.
auth_remove_p_cap.
pid,
04471 k_arg.
auth_remove_p_cap.
cap_type,
04472 k_arg.
auth_remove_p_cap.
cap_range);
04473
case RSYS_auth_add_f_cap:
04474
return sys_rsbac_auth_add_f_cap(k_arg.
auth_add_f_cap.
filename,
04475 k_arg.
auth_add_f_cap.
cap_type,
04476 k_arg.
auth_add_f_cap.
cap_range,
04477 k_arg.
auth_add_f_cap.
ttl);
04478
case RSYS_auth_remove_f_cap:
04479
return sys_rsbac_auth_remove_f_cap(k_arg.
auth_remove_f_cap.
filename,
04480 k_arg.
auth_remove_f_cap.
cap_type,
04481 k_arg.
auth_remove_f_cap.
cap_range);
04482
case RSYS_auth_get_f_caplist:
04483
return sys_rsbac_auth_get_f_caplist(k_arg.
auth_get_f_caplist.
filename,
04484 k_arg.
auth_get_f_caplist.
cap_type,
04485 k_arg.
auth_get_f_caplist.
caplist,
04486 k_arg.
auth_get_f_caplist.
ttllist,
04487 k_arg.
auth_get_f_caplist.
maxnum);
04488
case RSYS_auth_get_p_caplist:
04489
return sys_rsbac_auth_get_p_caplist(k_arg.
auth_get_p_caplist.
pid,
04490 k_arg.
auth_get_p_caplist.
cap_type,
04491 k_arg.
auth_get_p_caplist.
caplist,
04492 k_arg.
auth_get_p_caplist.
ttllist,
04493 k_arg.
auth_get_p_caplist.
maxnum);
04494
case RSYS_acl:
04495
return sys_rsbac_acl(k_arg.
acl.
call,
04496 k_arg.
acl.
arg);
04497
case RSYS_acl_n:
04498
return sys_rsbac_acl_n(k_arg.
acl_n.
call,
04499 k_arg.
acl_n.
arg);
04500
case RSYS_acl_get_rights:
04501
return sys_rsbac_acl_get_rights(k_arg.
acl_get_rights.
arg,
04502 k_arg.
acl_get_rights.
rights_p,
04503 k_arg.
acl_get_rights.
effective);
04504
case RSYS_acl_get_rights_n:
04505
return sys_rsbac_acl_get_rights_n(k_arg.
acl_get_rights_n.
arg,
04506 k_arg.
acl_get_rights_n.
rights_p,
04507 k_arg.
acl_get_rights_n.
effective);
04508
case RSYS_acl_get_tlist:
04509
return sys_rsbac_acl_get_tlist(k_arg.
acl_get_tlist.
target,
04510 k_arg.
acl_get_tlist.
tid,
04511 k_arg.
acl_get_tlist.
entry_array,
04512 k_arg.
acl_get_tlist.
ttl_array,
04513 k_arg.
acl_get_tlist.
maxnum);
04514
case RSYS_acl_get_tlist_n:
04515
return sys_rsbac_acl_get_tlist_n(k_arg.
acl_get_tlist_n.
target,
04516 k_arg.
acl_get_tlist_n.
t_name,
04517 k_arg.
acl_get_tlist_n.
entry_array,
04518 k_arg.
acl_get_tlist_n.
ttl_array,
04519 k_arg.
acl_get_tlist_n.
maxnum);
04520
case RSYS_acl_get_mask:
04521
return sys_rsbac_acl_get_mask(k_arg.
acl_get_mask.
target,
04522 k_arg.
acl_get_mask.
tid,
04523 k_arg.
acl_get_mask.
mask_p);
04524
case RSYS_acl_get_mask_n:
04525
return sys_rsbac_acl_get_mask_n(k_arg.
acl_get_mask_n.
target,
04526 k_arg.
acl_get_mask_n.
t_name,
04527 k_arg.
acl_get_mask_n.
mask_p);
04528
case RSYS_acl_group:
04529
return sys_rsbac_acl_group(k_arg.
acl_group.
call,
04530 k_arg.
acl_group.
arg_p);
04531
case RSYS_reg:
04532
return sys_rsbac_reg(k_arg.
reg.
handle,
04533 k_arg.
reg.
arg);
04534
case RSYS_jail:
04535
#ifdef CONFIG_RSBAC_JAIL
04536
return rsbac_jail_sys_jail(k_arg.
jail.
version,
04537 k_arg.
jail.
path,
04538 k_arg.
jail.
ip,
04539 k_arg.
jail.
flags,
04540 k_arg.
jail.
max_caps);
04541
#else
04542
return -
RSBAC_EINVALIDMODULE;
04543
#endif
04544
04545
#if defined(CONFIG_RSBAC_INIT_DELAY)
04546
case RSYS_init:
04547
return sys_rsbac_init(k_arg.
init.
root_dev);
04548
#endif
04549
04550
default:
04551
return -
RSBAC_EINVALIDREQUEST;
04552 }
04553 };
04554
04555
04556