00001
00002
00003
00004
00005
00006
00007
#include <linux/config.h>
00008
#include <linux/module.h>
00009
#include <linux/types.h>
00010
#include <linux/kernel.h>
00011
#include <linux/string.h>
00012
#include <linux/fs.h>
00013
#include <rsbac/types.h>
00014
#include <rsbac/reg.h>
00015
#include <rsbac/adf.h>
00016
#include <rsbac/aci.h>
00017
#include <rsbac/getname.h>
00018
#include <rsbac/error.h>
00019
#include <rsbac/proc_fs.h>
00020
00021 static u_long
nr_request_calls = 0;
00022 static u_long
nr_set_attr_calls = 0;
00023 static u_long
nr_need_overwrite_calls = 0;
00024 static u_long
nr_system_calls = 0;
00025 static void *
system_call_arg =
NULL;
00026
00027
MODULE_AUTHOR(
"Amon Ott");
00028
MODULE_DESCRIPTION(
"RSBAC REG sample decision module 1");
00029
MODULE_LICENSE(
"GPL");
00030
00031
MODULE_PARM(name,
"s");
00032 static char *
name =
NULL;
00033 static char dummy_buf[70]=
"To protect against wrong insmod params";
00034
00035
MODULE_PARM(syscall_name,
"s");
00036 static char *
syscall_name =
NULL;
00037 static char dummy_buf2[70]=
"To protect against wrong insmod params";
00038
00039
MODULE_PARM(handle,
"l");
00040 static long handle = 123456;
00041
00042
MODULE_PARM(syscall_registration_handle,
"l");
00043 static long syscall_registration_handle = 654321;
00044
MODULE_PARM(syscall_dispatcher_handle,
"l");
00045 static long syscall_dispatcher_handle = 1;
00046
00047
00048
00049
#if defined(CONFIG_RSBAC_PROC)
00050
#define PROC_NAME "reg_sample1"
00051
static struct proc_dir_entry * proc_reg_sample_p;
00052
00053
static int
00054 adf_sample_proc_info(
char *buffer,
char **start, off_t offset,
int length)
00055 {
00056
int len = 0;
00057 off_t pos = 0;
00058 off_t begin = 0;
00059
00060
union rsbac_target_id_t rsbac_target_id;
00061
union rsbac_attribute_value_t rsbac_attribute_value;
00062
00063
if (!
rsbac_is_initialized())
00064
return (-ENOSYS);
00065
00066 rsbac_target_id.
scd =
ST_rsbac;
00067 rsbac_attribute_value.
dummy = 0;
00068
if (!
rsbac_adf_request(
R_GET_STATUS_DATA,
00069 current->pid,
00070
T_SCD,
00071 rsbac_target_id,
00072
A_none,
00073 rsbac_attribute_value))
00074 {
00075
return -EPERM;
00076 }
00077 len += sprintf(buffer,
"RSBAC REG decision module sample 1\n----------------------------------\n");
00078 pos = begin + len;
00079
if (pos < offset)
00080 {
00081 len = 0;
00082 begin = pos;
00083 }
00084
if (pos > offset+length)
00085
goto out;
00086
00087 len += sprintf(buffer + len,
"%lu calls to request function.\n",
00088
nr_request_calls);
00089 pos = begin + len;
00090
if (pos < offset)
00091 {
00092 len = 0;
00093 begin = pos;
00094 }
00095
if (pos > offset+length)
00096
goto out;
00097
00098 len += sprintf(buffer + len,
"%lu calls to set_attr function.\n",
00099
nr_set_attr_calls);
00100 pos = begin + len;
00101
if (pos < offset)
00102 {
00103 len = 0;
00104 begin = pos;
00105 }
00106
if (pos > offset+length)
00107
goto out;
00108
00109 len += sprintf(buffer + len,
"%lu calls to need_overwrite function.\n",
00110
nr_need_overwrite_calls);
00111 pos = begin + len;
00112
if (pos < offset)
00113 {
00114 len = 0;
00115 begin = pos;
00116 }
00117
if (pos > offset+length)
00118
goto out;
00119
00120 len += sprintf(buffer + len,
"%lu calls to system_call function %lu, last arg was %p.\n",
00121
nr_system_calls,
00122
syscall_dispatcher_handle,
00123
system_call_arg);
00124 pos = begin + len;
00125
if (pos < offset)
00126 {
00127 len = 0;
00128 begin = pos;
00129 }
00130
if (pos > offset+length)
00131
goto out;
00132
00133 out:
00134 *start = buffer + (offset - begin);
00135 len -= (offset - begin);
00136
00137
if (len > length)
00138 len = length;
00139
return len;
00140 }
00141
#endif
00142
00143
00144
00145 static int request_func (
enum rsbac_adf_request_t request,
00146
rsbac_pid_t owner_pid,
00147
enum rsbac_target_t target,
00148
union rsbac_target_id_t tid,
00149
enum rsbac_attribute_t attr,
00150
union rsbac_attribute_value_t attr_val,
00151
rsbac_uid_t owner)
00152 {
00153
00154
if(request !=
R_SEARCH)
00155
nr_request_calls++;
00156
return GRANTED;
00157 }
00158
00159 static int set_attr_func (
enum rsbac_adf_request_t request,
00160
rsbac_pid_t owner_pid,
00161
enum rsbac_target_t target,
00162
union rsbac_target_id_t tid,
00163
enum rsbac_target_t new_target,
00164
union rsbac_target_id_t new_tid,
00165
enum rsbac_attribute_t attr,
00166
union rsbac_attribute_value_t attr_val,
00167
rsbac_uid_t owner)
00168 {
00169
00170
if(request !=
R_SEARCH)
00171
nr_set_attr_calls++;
00172
return 0;
00173 }
00174
00175 static boolean need_overwrite_func (
struct dentry * dentry_p)
00176 {
00177
nr_need_overwrite_calls++;
00178
return FALSE;
00179 }
00180
00181 static int syscall_func (
void * arg)
00182 {
00183
nr_system_calls++;
00184
system_call_arg = arg;
00185
return nr_system_calls;
00186 }
00187
00188
00189
00190 int init_module(
void)
00191 {
00192
struct rsbac_reg_entry_t entry;
00193
struct rsbac_reg_syscall_entry_t syscall_entry;
00194
00195
if(!
handle)
00196
handle = 123456;
00197
if(!
syscall_registration_handle)
00198
syscall_registration_handle = 654321;
00199
if(!
syscall_dispatcher_handle)
00200
syscall_dispatcher_handle = 1;
00201
00202 printk(KERN_INFO
"RSBAC REG decision module sample 1: Initializing.\n");
00203
00204
00205 memset(&entry, 0,
sizeof(entry));
00206 memset(&syscall_entry, 0,
sizeof(syscall_entry));
00207
00208
if((
dummy_buf[0] !=
'T') || (
dummy_buf2[0] !=
'T'))
00209 {
00210 printk(KERN_WARNING
"RSBAC REG decision module sample 1: Not loaded due to invalid param string.\n");
00211
return -ENOEXEC;
00212 }
00213
if(
name)
00214 {
00215 strncpy(entry.name,
name,
RSBAC_REG_NAME_LEN);
00216 entry.name[
RSBAC_REG_NAME_LEN] = 0;
00217 }
00218
else
00219 strcpy(entry.name,
"RSBAC REG sample 1 ADF module");
00220 printk(KERN_INFO
"RSBAC REG decision module sample 1: REG Version: %u, Name: %s, Handle: %li\n",
00221
RSBAC_REG_VERSION, entry.name,
handle);
00222
00223 entry.handle =
handle;
00224 entry.request_func =
request_func;
00225 entry.set_attr_func =
set_attr_func;
00226 entry.need_overwrite_func =
need_overwrite_func;
00227 entry.switch_on =
TRUE;
00228 printk(KERN_INFO
"RSBAC REG decision module sample 1: Registering to ADF.\n");
00229
if(
rsbac_reg_register(
RSBAC_REG_VERSION, entry) < 0)
00230 {
00231 printk(KERN_WARNING
"RSBAC REG decision module sample 1: Registering failed. Unloading.\n");
00232
return -ENOEXEC;
00233 }
00234
00235
if(
syscall_name)
00236 {
00237 strncpy(syscall_entry.name,
syscall_name,
RSBAC_REG_NAME_LEN);
00238 syscall_entry.name[
RSBAC_REG_NAME_LEN] = 0;
00239 }
00240
else
00241 strcpy(syscall_entry.name,
"RSBAC REG sample 1 syscall");
00242 printk(KERN_INFO
"RSBAC REG decision module sample 1: REG Version: %u, Name: %s, Dispatcher Handle: %li\n",
00243
RSBAC_REG_VERSION, syscall_entry.name,
syscall_dispatcher_handle);
00244
00245 syscall_entry.registration_handle =
syscall_registration_handle;
00246 syscall_entry.dispatcher_handle =
syscall_dispatcher_handle;
00247 syscall_entry.syscall_func =
syscall_func;
00248 printk(KERN_INFO
"RSBAC REG decision module sample 1: Registering syscall.\n");
00249
syscall_registration_handle =
rsbac_reg_register_syscall(
RSBAC_REG_VERSION, syscall_entry);
00250
if(
syscall_registration_handle < 0)
00251 {
00252 printk(KERN_WARNING
"RSBAC REG decision module sample 1: Registering syscall failed. Unloading.\n");
00253
if(
rsbac_reg_unregister(
handle))
00254 {
00255 printk(KERN_ERR
"RSBAC REG decision module sample 1: Unregistering failed - beware of possible system failure!\n");
00256 }
00257
return -ENOEXEC;
00258 }
00259
00260
#if defined(CONFIG_RSBAC_PROC)
00261
proc_reg_sample_p = create_proc_entry(PROC_NAME,
00262 S_IFREG | S_IRUGO,
00263
proc_rsbac_root_p);
00264
if(!proc_reg_sample_p)
00265 {
00266 printk(KERN_WARNING
"%s: Not loaded due to failed proc entry registering.\n",
name);
00267
if(
rsbac_reg_unregister(
handle))
00268 {
00269 printk(KERN_ERR
"RSBAC REG decision module sample 1: Unregistering failed - beware of possible system failure!\n");
00270 }
00271
if(
rsbac_reg_unregister_syscall(
syscall_registration_handle))
00272 {
00273 printk(KERN_ERR
"RSBAC REG decision module sample 1: Unregistering syscall failed - beware of possible system failure!\n");
00274 }
00275
return -ENOEXEC;
00276 }
00277 proc_reg_sample_p->get_info = adf_sample_proc_info;
00278
#endif
00279
00280 printk(KERN_INFO
"RSBAC REG decision module sample 1: Loaded.\n");
00281
00282
return 0;
00283 }
00284
00285 void cleanup_module(
void)
00286 {
00287 printk(KERN_INFO
"RSBAC REG decision module sample 1: Unregistering.\n");
00288
#if defined(CONFIG_RSBAC_PROC)
00289
remove_proc_entry(PROC_NAME,
proc_rsbac_root_p);
00290
#endif
00291
if(
rsbac_reg_unregister_syscall(
syscall_registration_handle))
00292 {
00293 printk(KERN_ERR
"RSBAC REG decision module sample 1: Unregistering syscall failed - beware of possible system failure!\n");
00294 }
00295
if(
rsbac_reg_unregister(
handle))
00296 {
00297 printk(KERN_ERR
"RSBAC REG decision module sample 1: Unregistering failed - beware of possible system failure!\n");
00298 }
00299 printk(KERN_INFO
"RSBAC REG decision module sample 1: Unloaded.\n");
00300 }