/daten/src/linux-2.4.27-rsbac-v1.2.3/rsbac/data_structures/aci_data_structures.c

Go to the documentation of this file.
00001 /*************************************************** */ 00002 /* Rule Set Based Access Control */ 00003 /* Implementation of ACI data structures */ 00004 /* Author and (c) 1999-2004: Amon Ott <ao@rsbac.org> */ 00005 /* (some smaller parts copied from fs/namei.c */ 00006 /* and others) */ 00007 /* */ 00008 /* Last modified: 16/Jun/2004 */ 00009 /*************************************************** */ 00010 00011 #include <linux/types.h> 00012 #include <linux/version.h> 00013 #include <linux/fs.h> 00014 #include <linux/sched.h> 00015 #include <linux/quotaops.h> 00016 #include <linux/proc_fs.h> 00017 #include <linux/msdos_fs.h> 00018 #include <linux/iso_fs.h> 00019 #include <linux/nfs_fs.h> 00020 #include <linux/ext2_fs.h> 00021 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00022 #include <linux/coda.h> 00023 #include <linux/initrd.h> 00024 #include <linux/security.h> 00025 // #include <rsbac/lsm.h> 00026 #include <linux/syscalls.h> 00027 #endif 00028 #include <linux/coda_psdev.h> 00029 #include <linux/ncp_fs.h> 00030 #include <linux/smb.h> 00031 #include <linux/dnotify.h> 00032 #include <linux/mm.h> 00033 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00034 #include <linux/blkdev.h> 00035 #else 00036 #include <linux/blk.h> 00037 #endif 00038 #include <linux/init.h> 00039 #include <linux/config.h> 00040 #include <linux/module.h> 00041 #include <linux/netdevice.h> 00042 #include <linux/inetdevice.h> 00043 #include <asm/uaccess.h> 00044 #include <asm/atomic.h> 00045 #include <rsbac/types.h> 00046 #include <rsbac/aci.h> 00047 #include <rsbac/aci_data_structures.h> 00048 #include <rsbac/error.h> 00049 #include <rsbac/helpers.h> 00050 #include <rsbac/fs.h> 00051 #include <rsbac/getname.h> 00052 #include <rsbac/net_getname.h> 00053 #include <rsbac/adf.h> 00054 #include <rsbac/adf_main.h> 00055 #include <rsbac/reg.h> 00056 #include <rsbac/rkmem.h> 00057 #include <rsbac/gen_lists.h> 00058 #include <linux/string.h> 00059 #include <linux/kdev_t.h> 00060 #include <linux/smp_lock.h> 00061 00062 #ifdef CONFIG_RSBAC_MAC 00063 #include <rsbac/mac.h> 00064 #endif 00065 00066 #ifdef CONFIG_RSBAC_PM 00067 #include <rsbac/pm.h> 00068 #endif 00069 00070 #if defined(CONFIG_RSBAC_RC) 00071 #include <rsbac/rc.h> 00072 #endif 00073 00074 #if defined(CONFIG_RSBAC_AUTH) 00075 #include <rsbac/auth.h> 00076 #endif 00077 00078 #if defined(CONFIG_RSBAC_ACL) 00079 #include <rsbac/acl.h> 00080 #endif 00081 00082 #if defined(CONFIG_RSBAC_PAX) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)) 00083 #include <rsbac/pax.h> 00084 #endif 00085 00086 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0) 00087 #include <linux/unistd.h> 00088 #include <linux/timer.h> 00089 static u_int auto_interval = CONFIG_RSBAC_AUTO_WRITE * HZ; 00090 #endif /* CONFIG_RSBAC_AUTO_WRITE */ 00091 00092 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \ 00093 || defined(CONFIG_RSBAC_INIT_THREAD) 00094 static DECLARE_WAIT_QUEUE_HEAD(rsbacd_wait); 00095 static struct timer_list rsbac_timer; 00096 #endif 00097 00098 #if defined(CONFIG_RSBAC_NET_OBJ) 00099 #include <rsbac/network.h> 00100 #endif 00101 00102 /************************************************************************** */ 00103 /* Global Variables */ 00104 /************************************************************************** */ 00105 00106 /* The following global variables are needed for access to ACI data. */ 00107 /* For efficiency reasons there is an array of lists for files and dirs, */ 00108 /* using (inode number) modulo (array size) as a hash function. */ 00109 00110 static boolean rsbac_initialized = FALSE; 00111 00112 static char compiled_modules[80]; 00113 00114 kdev_t rsbac_root_dev; 00115 #if defined(CONFIG_RSBAC_REG) 00116 EXPORT_SYMBOL(rsbac_root_dev); 00117 #endif 00118 DECLARE_MUTEX(rsbac_write_sem); 00119 00120 static struct rsbac_device_list_head_t device_list_head; 00121 static struct rsbac_dev_handles_t dev_handles; 00122 static struct rsbac_ipc_handles_t ipc_handles; 00123 static struct rsbac_user_handles_t user_handles; 00124 static struct rsbac_process_handles_t process_handles; 00125 00126 #ifdef CONFIG_RSBAC_NET_DEV 00127 static struct rsbac_netdev_handles_t netdev_handles; 00128 #endif 00129 #ifdef CONFIG_RSBAC_NET_OBJ 00130 static rsbac_list_handle_t net_temp_handle; 00131 static struct rsbac_nettemp_handles_t nettemp_handles; 00132 static struct rsbac_lnetobj_handles_t lnetobj_handles; 00133 static struct rsbac_rnetobj_handles_t rnetobj_handles; 00134 #endif 00135 00136 /* Default ACIs: implemented as variables, might be changeable some time */ 00137 00138 /* rsbac root dir items, end of recursive inherit */ 00139 static struct rsbac_gen_fd_aci_t def_gen_root_dir_aci = DEFAULT_GEN_ROOT_DIR_ACI; 00140 00141 #if defined(CONFIG_RSBAC_MAC) 00142 static struct rsbac_mac_fd_aci_t def_mac_root_dir_aci = DEFAULT_MAC_ROOT_DIR_ACI; 00143 #endif 00144 #if defined(CONFIG_RSBAC_RC) 00145 static struct rsbac_rc_fd_aci_t def_rc_root_dir_aci = DEFAULT_RC_ROOT_DIR_ACI; 00146 #endif 00147 00148 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS) 00149 #include <rsbac/proc_fs.h> 00150 00151 #ifdef CONFIG_RSBAC_XSTATS 00152 static u_long get_attr_count[T_NONE] = {0,0,0,0,0,0,0}; 00153 static u_long set_attr_count[T_NONE] = {0,0,0,0,0,0,0}; 00154 static u_long remove_count[T_NONE] = {0,0,0,0,0,0,0}; 00155 #endif 00156 00157 #if defined(CONFIG_RSBAC_REG) 00158 EXPORT_SYMBOL(proc_rsbac_root_p); 00159 #endif 00160 struct proc_dir_entry * proc_rsbac_root_p = NULL; 00161 00162 #if defined(CONFIG_RSBAC_REG) 00163 EXPORT_SYMBOL(proc_rsbac_backup_p); 00164 #endif 00165 struct proc_dir_entry * proc_rsbac_backup_p = NULL; 00166 00167 #endif /* PROC */ 00168 00169 #ifdef CONFIG_DEVFS_MOUNT 00170 #include <linux/devfs_fs_kernel.h> 00171 static struct dentry * devfs_covered_p = NULL; 00172 static struct super_block * devfs_sb_p = NULL; 00173 #endif 00174 00175 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00176 static struct dentry * sysfs_covered_p = NULL; 00177 static struct super_block * sysfs_sb_p = NULL; 00178 #endif 00179 00180 #ifdef CONFIG_RSBAC_MAC 00181 static struct rsbac_mac_process_aci_t mac_init_p_aci = DEFAULT_MAC_P_INIT_ACI; 00182 #endif 00183 #ifdef CONFIG_RSBAC_RC 00184 static struct rsbac_rc_process_aci_t rc_kernel_p_aci = DEFAULT_RC_P_KERNEL_ACI; 00185 #endif 00186 00187 /**************************************************/ 00188 /* Declarations of internal functions */ 00189 /**************************************************/ 00190 00191 static struct rsbac_device_list_item_t * lookup_device(kdev_t); 00192 00193 /************************************************* */ 00194 /* Internal Help functions */ 00195 /************************************************* */ 00196 00197 static inline int gen_fd_hash(u_long inode) 00198 { 00199 return(inode % RSBAC_GEN_NR_FD_LISTS); 00200 } 00201 #if defined(CONFIG_RSBAC_MAC) 00202 static inline int mac_fd_hash(u_long inode) 00203 { 00204 return(inode % RSBAC_MAC_NR_FD_LISTS); 00205 } 00206 static inline int mac_p_hash(rsbac_pid_t pid) 00207 { 00208 return(pid % CONFIG_RSBAC_MAC_NR_P_LISTS); 00209 } 00210 #endif 00211 #if defined(CONFIG_RSBAC_FC) 00212 static inline int fc_fd_hash(u_long inode) 00213 { 00214 return(inode % RSBAC_FC_NR_FD_LISTS); 00215 } 00216 #endif 00217 #if defined(CONFIG_RSBAC_SIM) 00218 static inline int sim_fd_hash(u_long inode) 00219 { 00220 return(inode % RSBAC_SIM_NR_FD_LISTS); 00221 } 00222 #endif 00223 #if defined(CONFIG_RSBAC_PM) 00224 static inline int pm_fd_hash(u_long inode) 00225 { 00226 return(inode % RSBAC_PM_NR_FD_LISTS); 00227 } 00228 #endif 00229 #if defined(CONFIG_RSBAC_DAZ) 00230 static inline int daz_fd_hash(u_long inode) 00231 { 00232 return(inode % RSBAC_DAZ_NR_FD_LISTS); 00233 } 00234 #if defined(CONFIG_RSBAC_DAZ_CACHE) 00235 static inline int daz_scanned_fd_hash(u_long inode) 00236 { 00237 return(inode % RSBAC_DAZ_SCANNED_NR_FD_LISTS); 00238 } 00239 #endif 00240 #endif 00241 #if defined(CONFIG_RSBAC_FF) 00242 static inline int ff_fd_hash(u_long inode) 00243 { 00244 return(inode % RSBAC_FF_NR_FD_LISTS); 00245 } 00246 #endif 00247 #if defined(CONFIG_RSBAC_RC) 00248 static inline int rc_fd_hash(u_long inode) 00249 { 00250 return(inode % RSBAC_RC_NR_FD_LISTS); 00251 } 00252 static inline int rc_p_hash(rsbac_pid_t pid) 00253 { 00254 return(pid % CONFIG_RSBAC_RC_NR_P_LISTS); 00255 } 00256 #endif 00257 #if defined(CONFIG_RSBAC_AUTH) 00258 static inline int auth_fd_hash(u_long inode) 00259 { 00260 return(inode % RSBAC_AUTH_NR_FD_LISTS); 00261 } 00262 #endif 00263 #if defined(CONFIG_RSBAC_CAP) 00264 static inline int cap_fd_hash(u_long inode) 00265 { 00266 return(inode % RSBAC_CAP_NR_FD_LISTS); 00267 } 00268 #endif 00269 #if defined(CONFIG_RSBAC_JAIL) 00270 static inline int jail_p_hash(rsbac_pid_t pid) 00271 { 00272 return(pid % CONFIG_RSBAC_JAIL_NR_P_LISTS); 00273 } 00274 #endif 00275 #if defined(CONFIG_RSBAC_PAX) 00276 static inline int pax_fd_hash(u_long inode) 00277 { 00278 return(inode % RSBAC_PAX_NR_FD_LISTS); 00279 } 00280 #endif 00281 #if defined(CONFIG_RSBAC_RES) 00282 static inline int res_fd_hash(u_long inode) 00283 { 00284 return(inode % RSBAC_RES_NR_FD_LISTS); 00285 } 00286 #endif 00287 00288 /* These help functions do NOT handle data consistency protection by */ 00289 /* rw-spinlocks! This is done exclusively by non-internal functions! */ 00290 00291 /************************************************************************** */ 00292 /* Read/Write functions */ 00293 00294 /* This help function protects some filesystems from being written to */ 00295 /* and disables writing under some conditions, e.g. in an interrupt */ 00296 00297 boolean writable(struct super_block * sb_p) 00298 { 00299 #ifdef CONFIG_RSBAC_NO_WRITE 00300 return(FALSE); 00301 #else 00302 if (!sb_p || !sb_p->s_dev) 00303 return(FALSE); 00304 if ( 00305 rsbac_debug_no_write || 00306 (sb_p->s_flags & MS_RDONLY) 00307 || in_interrupt()) 00308 return(FALSE); 00309 if ( !MAJOR(sb_p->s_dev) 00310 #ifndef CONFIG_RSBAC_MSDOS_WRITE 00311 || (sb_p->s_magic == MSDOS_SUPER_MAGIC) 00312 #endif 00313 || (sb_p->s_magic == SOCKFS_MAGIC) 00314 || (sb_p->s_magic == PIPEFS_MAGIC) 00315 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00316 || (sb_p->s_magic == SYSFS_MAGIC) 00317 #endif 00318 || (sb_p->s_magic == NFS_SUPER_MAGIC) 00319 || (sb_p->s_magic == CODA_SUPER_MAGIC) 00320 || (sb_p->s_magic == NCP_SUPER_MAGIC) 00321 || (sb_p->s_magic == SMB_SUPER_MAGIC) 00322 || (sb_p->s_magic == ISOFS_SUPER_MAGIC)) 00323 return(FALSE); 00324 else 00325 return(TRUE); 00326 #endif 00327 } 00328 00329 /* This lookup function ensures correct access to the file system. */ 00330 /* It returns a pointer to the dentry of the rsbac directory on the mounted */ 00331 /* device specified by kdev. If the directory */ 00332 /* does not exist, it is created, if create_dir == TRUE and writable. */ 00333 00334 static int lookup_aci_path_dentry(struct super_block * sb_p, 00335 struct dentry ** dir_dentry_pp, 00336 boolean create_dir, 00337 kdev_t kdev) 00338 { 00339 struct dentry * dir_dentry_p = NULL; 00340 struct dentry * root_dentry_p = NULL; 00341 int err=0; 00342 struct rsbac_device_list_item_t * device_p; 00343 u_long dflags; 00344 00345 if(!dir_dentry_pp) 00346 return(-RSBAC_EINVALIDPOINTER); 00347 00348 if(!sb_p) 00349 { 00350 sb_p = rsbac_get_super_block(kdev); 00351 if (!sb_p) 00352 { 00353 #ifdef CONFIG_RSBAC_RMSG 00354 rsbac_printk(KERN_WARNING 00355 "lookup_aci_path_dentry(): invalid device %02u:%02u\n", 00356 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 00357 #endif 00358 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00359 if (!rsbac_nosyslog) 00360 #endif 00361 printk(KERN_WARNING 00362 "lookup_aci_path_dentry(): invalid device %02u:%02u\n", 00363 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 00364 return (-RSBAC_EINVALIDDEV); 00365 } 00366 } 00367 00368 /* pipefs must not be read from */ 00369 if( (sb_p->s_magic == PIPEFS_MAGIC) 00370 || (sb_p->s_magic == SOCKFS_MAGIC) 00371 ) 00372 { 00373 return -RSBAC_ENOTFOUND; 00374 } 00375 00376 rsbac_read_lock(&device_list_head.lock, &dflags); 00377 device_p = lookup_device(kdev); 00378 if(!device_p) 00379 { 00380 #ifdef CONFIG_RSBAC_RMSG 00381 rsbac_printk(KERN_WARNING 00382 "lookup_aci_path_dentry(): No entry for device %02u:%02u\n", 00383 MAJOR(kdev), MINOR(kdev)); 00384 #endif 00385 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00386 if (!rsbac_nosyslog) 00387 #endif 00388 printk(KERN_WARNING 00389 "lookup_aci_path_dentry(): No entry for device %02u:%02u\n", 00390 MAJOR(kdev), MINOR(kdev)); 00391 rsbac_read_unlock(&device_list_head.lock, &dflags); 00392 return(-RSBAC_EINVALIDDEV); 00393 } 00394 /* already looked up earlier? */ 00395 if(device_p->rsbac_dir_dentry_p) 00396 { 00397 *dir_dentry_pp = device_p->rsbac_dir_dentry_p; 00398 #ifdef CONFIG_RSBAC_DEBUG 00399 if(rsbac_debug_ds) 00400 { 00401 #ifdef CONFIG_RSBAC_RMSG 00402 rsbac_printk(KERN_DEBUG 00403 "lookup_aci_path_dentry(): device_p->rsbac_dir_dentry_p->d_count for device %02u:%02u is %i!\n", 00404 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), 00405 atomic_read(&device_p->rsbac_dir_dentry_p->d_count)); 00406 #endif 00407 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00408 if (!rsbac_nosyslog) 00409 #endif 00410 printk(KERN_DEBUG 00411 "lookup_aci_path_dentry(): device_p->rsbac_dir_dentry_p->d_count for device %02u:%02u is %i!\n", 00412 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), 00413 atomic_read(&device_p->rsbac_dir_dentry_p->d_count)); 00414 } 00415 #endif 00416 rsbac_read_unlock(&device_list_head.lock, &dflags); 00417 return(0); 00418 } 00419 /* Must unlock here for the lookup */ 00420 rsbac_read_unlock(&device_list_head.lock, &dflags); 00421 00422 #ifdef CONFIG_RSBAC_DEBUG 00423 if(rsbac_debug_ds) 00424 { 00425 #ifdef CONFIG_RSBAC_RMSG 00426 rsbac_printk(KERN_DEBUG 00427 "lookup_aci_path_dentry(): first time lookup for or non-existing %s on device %02u:%02u!\n", 00428 RSBAC_ACI_PATH, 00429 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 00430 #endif 00431 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00432 if (!rsbac_nosyslog) 00433 #endif 00434 printk(KERN_DEBUG 00435 "lookup_aci_path_dentry(): first time lookup for or non-existing %s on device %02u:%02u!\n", 00436 RSBAC_ACI_PATH, 00437 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 00438 } 00439 #endif 00440 if (!sb_p->s_root) 00441 { 00442 #ifdef CONFIG_RSBAC_RMSG 00443 rsbac_printk(KERN_WARNING 00444 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n", 00445 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 00446 #endif 00447 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00448 if (!rsbac_nosyslog) 00449 #endif 00450 printk(KERN_WARNING 00451 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n", 00452 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 00453 err = -RSBAC_EINVALIDDEV; 00454 goto out; 00455 } 00456 00457 if (!sb_p->s_root->d_inode) 00458 { 00459 #ifdef CONFIG_RSBAC_RMSG 00460 rsbac_printk(KERN_WARNING 00461 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n", 00462 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 00463 #endif 00464 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00465 if (!rsbac_nosyslog) 00466 #endif 00467 printk(KERN_WARNING 00468 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n", 00469 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 00470 err = -RSBAC_EINVALIDDEV; 00471 goto out; 00472 } 00473 00474 /* lookup dentry of ACI_PATH on this device */ 00475 #ifdef CONFIG_RSBAC_DEBUG 00476 if(rsbac_debug_ds) 00477 { 00478 #ifdef CONFIG_RSBAC_RMSG 00479 rsbac_printk(KERN_DEBUG 00480 "lookup_aci_path_dentry(): lookup rsbac path %s for device %02u:%02u, sb_p->s_root->d_count is %i!\n", 00481 RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), 00482 atomic_read(&sb_p->s_root->d_count)); 00483 #endif 00484 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00485 if (!rsbac_nosyslog) 00486 #endif 00487 printk(KERN_DEBUG 00488 "lookup_aci_path_dentry(): lookup rsbac path %s for device %02u:%02u, sb_p->s_root->d_count is %i!\n", 00489 RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), 00490 atomic_read(&sb_p->s_root->d_count)); 00491 } 00492 #endif 00493 dir_dentry_p = rsbac_lookup_one_len(RSBAC_ACI_PATH, sb_p->s_root, strlen(RSBAC_ACI_PATH)); 00494 if(IS_ERR(dir_dentry_p)) 00495 switch(PTR_ERR(dir_dentry_p)) 00496 { 00497 case -ENOENT: 00498 case -ENOTDIR: 00499 err = -RSBAC_ENOTFOUND; 00500 goto out; 00501 case -ENOMEM: 00502 #ifdef CONFIG_RSBAC_RMSG 00503 rsbac_printk(KERN_WARNING 00504 "lookup_aci_path_dentry(): memory allocation error!\n"); 00505 #endif 00506 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00507 if (!rsbac_nosyslog) 00508 #endif 00509 printk(KERN_WARNING 00510 "lookup_aci_path_dentry(): memory allocation error!\n"); 00511 err = -RSBAC_ENOROOTDIR; 00512 goto out; 00513 case -ENAMETOOLONG: 00514 #ifdef CONFIG_RSBAC_RMSG 00515 rsbac_printk(KERN_WARNING 00516 "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n"); 00517 #endif 00518 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00519 if (!rsbac_nosyslog) 00520 #endif 00521 printk(KERN_WARNING 00522 "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n"); 00523 err = -RSBAC_EPATHTOOLONG; 00524 goto out; 00525 case -EACCES: 00526 #ifdef CONFIG_RSBAC_RMSG 00527 rsbac_printk(KERN_WARNING 00528 "lookup_aci_path_dentry(): No access to ACI_PATH!\n"); 00529 #endif 00530 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00531 if (!rsbac_nosyslog) 00532 #endif 00533 printk(KERN_WARNING 00534 "lookup_aci_path_dentry(): No access to ACI_PATH!\n"); 00535 err = -RSBAC_EACCESS; 00536 goto out; 00537 default: 00538 #ifdef CONFIG_RSBAC_RMSG 00539 rsbac_printk(KERN_WARNING 00540 "lookup_aci_path_dentry(): Error on root dir: %li!\n", 00541 PTR_ERR(dir_dentry_p)); 00542 #endif 00543 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00544 if (!rsbac_nosyslog) 00545 #endif 00546 printk(KERN_WARNING 00547 "lookup_aci_path_dentry(): Error on root dir: %li!\n", 00548 PTR_ERR(dir_dentry_p)); 00549 err = -RSBAC_ENOROOTDIR; 00550 goto out; 00551 } 00552 00553 if (!dir_dentry_p) 00554 { 00555 #ifdef CONFIG_RSBAC_RMSG 00556 rsbac_printk(KERN_WARNING 00557 "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n"); 00558 #endif 00559 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00560 if (!rsbac_nosyslog) 00561 #endif 00562 printk(KERN_WARNING 00563 "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n"); 00564 err = -RSBAC_EINVALIDPOINTER; 00565 goto out; 00566 } 00567 if (!dir_dentry_p->d_inode) 00568 { /* dir could not be found -> try to create it */ 00569 /* but only, if allowed... */ 00570 if (!create_dir) 00571 { 00572 err = -RSBAC_ENOTFOUND; 00573 goto out_dir_dput; 00574 } 00575 #ifdef CONFIG_RSBAC_DEBUG 00576 if(rsbac_debug_ds) 00577 { 00578 #ifdef CONFIG_RSBAC_RMSG 00579 rsbac_printk(KERN_DEBUG 00580 "lookup_aci_path_dentry(): try to create dir, first test writable!\n"); 00581 #endif 00582 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00583 if (!rsbac_nosyslog) 00584 #endif 00585 printk(KERN_DEBUG 00586 "lookup_aci_path_dentry(): try to create dir, first test writable!\n"); 00587 } 00588 #endif 00589 /* ... and writable. */ 00590 if (!writable(sb_p)) 00591 { /* mounted read only or special case */ 00592 err = -RSBAC_ENOTWRITABLE; 00593 goto out_dir_dput; 00594 } 00595 root_dentry_p = lock_parent(dir_dentry_p); 00596 err = PTR_ERR(root_dentry_p); 00597 if ( IS_ERR(root_dentry_p)) 00598 { 00599 err = -RSBAC_ECOULDNOTCREATEPATH; 00600 goto out_dir_dput; 00601 } 00602 if ( !root_dentry_p->d_inode 00603 || !root_dentry_p->d_inode->i_op 00604 || !root_dentry_p->d_inode->i_op->mkdir) 00605 { 00606 unlock_dir(root_dentry_p); 00607 err = -RSBAC_ECOULDNOTCREATEPATH; 00608 goto out_dir_dput; 00609 } 00610 DQUOT_INIT(root_dentry_p->d_inode); 00611 err = root_dentry_p->d_inode->i_op->mkdir(root_dentry_p->d_inode, 00612 dir_dentry_p, 00613 RSBAC_ACI_DIR_MODE); 00614 unlock_dir(root_dentry_p); 00615 if (err) 00616 { 00617 err = -RSBAC_ECOULDNOTCREATEPATH; 00618 goto out_dir_dput; 00619 } 00620 } 00621 else /* was found */ 00622 { /* check, whether this is a dir */ 00623 if(!S_ISDIR(dir_dentry_p->d_inode->i_mode)) 00624 { /* no dir! We have a real prob here! */ 00625 #ifdef CONFIG_RSBAC_RMSG 00626 rsbac_printk(KERN_WARNING 00627 "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n", 00628 RSBAC_ACI_PATH, 00629 MAJOR(sb_p->s_dev), 00630 MINOR(sb_p->s_dev)); 00631 #endif 00632 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00633 if (!rsbac_nosyslog) 00634 #endif 00635 printk(KERN_WARNING 00636 "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n", 00637 RSBAC_ACI_PATH, 00638 MAJOR(sb_p->s_dev), 00639 MINOR(sb_p->s_dev)); 00640 err = -RSBAC_EACCESS; 00641 goto out_dir_dput; 00642 } 00643 } 00644 #ifdef CONFIG_RSBAC_DEBUG 00645 if(rsbac_debug_ds) 00646 { 00647 #ifdef CONFIG_RSBAC_RMSG 00648 rsbac_printk(KERN_DEBUG 00649 "lookup_aci_path_dentry(): dir_dentry_p->d_count is %i!\n", 00650 atomic_read(&dir_dentry_p->d_count)); 00651 rsbac_printk(KERN_DEBUG 00652 "lookup_aci_path_dentry(): sb_p->s_root->d_count is now %i!\n", 00653 atomic_read(&sb_p->s_root->d_count)); 00654 #endif 00655 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 00656 if (!rsbac_nosyslog) 00657 #endif 00658 { 00659 printk(KERN_DEBUG 00660 "lookup_aci_path_dentry(): dir_dentry_p->d_count is %i!\n", 00661 atomic_read(&dir_dentry_p->d_count)); 00662 printk(KERN_DEBUG 00663 "lookup_aci_path_dentry(): sb_p->s_root->d_count is now %i!\n", 00664 atomic_read(&sb_p->s_root->d_count)); 00665 } 00666 } 00667 #endif 00668 /* we want to keep dir_dentry_p in device_item */ 00669 /* dput must be done in remove_device_item! */ 00670 *dir_dentry_pp = dir_dentry_p; 00671 00672 /* Must lock and relookup device_p to cache result */ 00673 rsbac_read_lock(&device_list_head.lock, &dflags); 00674 device_p = lookup_device(kdev); 00675 if(device_p && !device_p->rsbac_dir_dentry_p) 00676 { 00677 device_p->rsbac_dir_dentry_p = dir_dentry_p; 00678 device_p->rsbac_dir_inode = dir_dentry_p->d_inode->i_ino; 00679 } 00680 rsbac_read_unlock(&device_list_head.lock, &dflags); 00681 00682 out: 00683 return (err); 00684 00685 out_dir_dput: 00686 dput(dir_dentry_p); 00687 goto out; 00688 } 00689 00690 /************************************************************************** */ 00691 /* The lookup functions return NULL, if the item is not found, and a */ 00692 /* pointer to the item otherwise. */ 00693 00694 /* The do_lookup() function is used as an abstraction from the hash */ 00695 /* management.*/ 00696 00697 /* First, a lookup for the device list item */ 00698 00699 static struct rsbac_device_list_item_t * lookup_device(kdev_t kdev) 00700 { 00701 struct rsbac_device_list_item_t * curr = device_list_head.curr; 00702 00703 /* if there is no current item or it is not the right one, search... */ 00704 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00705 if(! (curr && (MAJOR(curr->id) == MAJOR(kdev)) && (MINOR(curr->id) == MINOR(kdev)) ) ) 00706 #else 00707 if(! (curr && (curr->id == kdev) ) ) 00708 #endif 00709 { 00710 curr = device_list_head.head; 00711 while ( curr 00712 && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev)) 00713 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev)) 00714 ) 00715 ) 00716 { 00717 curr = curr->next; 00718 } 00719 if (curr) 00720 device_list_head.curr=curr; 00721 } 00722 /* it is the current item -> return it */ 00723 return (curr); 00724 }; 00725 00726 static int dev_compare(void * desc1, void * desc2) 00727 { 00728 int result; 00729 struct rsbac_dev_desc_t * i_desc1 = desc1; 00730 struct rsbac_dev_desc_t * i_desc2 = desc2; 00731 00732 result = memcmp(&i_desc1->type, 00733 &i_desc2->type, 00734 sizeof(i_desc1->type)); 00735 if(result) 00736 return result; 00737 result = memcmp(&i_desc1->major, 00738 &i_desc2->major, 00739 sizeof(i_desc1->major)); 00740 if(result) 00741 return result; 00742 return memcmp(&i_desc1->minor, 00743 &i_desc2->minor, 00744 sizeof(i_desc1->minor)); 00745 } 00746 00747 static int ipc_compare(void * desc1, void * desc2) 00748 { 00749 int result; 00750 struct rsbac_ipc_t * i_desc1 = desc1; 00751 struct rsbac_ipc_t * i_desc2 = desc2; 00752 00753 result = memcmp(&i_desc1->type, 00754 &i_desc2->type, 00755 sizeof(i_desc1->type)); 00756 if(result) 00757 return result; 00758 else 00759 return memcmp(&i_desc1->id.id_nr, 00760 &i_desc2->id.id_nr, 00761 sizeof(i_desc1->id.id_nr)); 00762 } 00763 00764 #ifdef CONFIG_RSBAC_NET_DEV 00765 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) || defined(CONFIG_RSBAC_RC) 00766 static int netdev_compare(void * desc1, void * desc2) 00767 { 00768 return strncmp(desc1, 00769 desc2, 00770 RSBAC_IFNAMSIZ); 00771 } 00772 #endif 00773 #endif 00774 00775 /************************************************************************** */ 00776 /* Convert functions */ 00777 00778 static int gen_fd_conv( 00779 void * old_desc, 00780 void * old_data, 00781 void * new_desc, 00782 void * new_data) 00783 { 00784 struct rsbac_gen_fd_aci_t * new_aci = new_data; 00785 struct rsbac_gen_fd_old_aci_t * old_aci = old_data; 00786 00787 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); 00788 new_aci->log_array_low = old_aci->log_array_low; 00789 new_aci->log_array_high = old_aci->log_array_high; 00790 new_aci->log_program_based = old_aci->log_program_based; 00791 new_aci->symlink_add_uid = old_aci->symlink_add_uid; 00792 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level; 00793 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role; 00794 new_aci->linux_dac_disable = old_aci->linux_dac_disable; 00795 new_aci->fake_root_uid = FR_off; 00796 return 0; 00797 } 00798 00799 static int gen_fd_old_conv( 00800 void * old_desc, 00801 void * old_data, 00802 void * new_desc, 00803 void * new_data) 00804 { 00805 struct rsbac_gen_fd_aci_t * new_aci = new_data; 00806 struct rsbac_gen_fd_old_old_aci_t * old_aci = old_data; 00807 00808 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); 00809 new_aci->log_array_low = old_aci->log_array_low; 00810 new_aci->log_array_high = old_aci->log_array_high; 00811 new_aci->log_program_based = old_aci->log_program_based; 00812 new_aci->symlink_add_uid = old_aci->symlink_add_uid; 00813 new_aci->symlink_add_mac_level = FALSE; 00814 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role; 00815 new_aci->linux_dac_disable = old_aci->linux_dac_disable; 00816 new_aci->fake_root_uid = FR_off; 00817 return 0; 00818 } 00819 00820 static int gen_fd_old_old_conv( 00821 void * old_desc, 00822 void * old_data, 00823 void * new_desc, 00824 void * new_data) 00825 { 00826 struct rsbac_gen_fd_aci_t * new_aci = new_data; 00827 struct rsbac_gen_fd_old_old_old_aci_t * old_aci = old_data; 00828 00829 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); 00830 new_aci->log_array_low = old_aci->log_array_low; 00831 new_aci->log_array_high = old_aci->log_array_high; 00832 new_aci->log_program_based = old_aci->log_program_based; 00833 new_aci->symlink_add_uid = old_aci->symlink_add_uid; 00834 new_aci->symlink_add_mac_level = FALSE; 00835 new_aci->symlink_add_rc_role = FALSE; 00836 new_aci->linux_dac_disable = LDD_false; 00837 new_aci->fake_root_uid = FR_off; 00838 return 0; 00839 } 00840 00841 static int gen_fd_old_old_old_conv( 00842 void * old_desc, 00843 void * old_data, 00844 void * new_desc, 00845 void * new_data) 00846 { 00847 struct rsbac_gen_fd_aci_t * new_aci = new_data; 00848 struct rsbac_gen_fd_old_old_old_old_aci_t * old_aci = old_data; 00849 00850 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); 00851 new_aci->log_array_low = old_aci->log_array_low; 00852 new_aci->log_array_high = old_aci->log_array_high; 00853 new_aci->log_program_based = old_aci->log_program_based; 00854 new_aci->symlink_add_uid = FALSE; 00855 new_aci->symlink_add_mac_level = FALSE; 00856 new_aci->symlink_add_rc_role = FALSE; 00857 new_aci->linux_dac_disable = LDD_false; 00858 new_aci->fake_root_uid = FR_off; 00859 return 0; 00860 } 00861 00862 rsbac_list_conv_function_t * gen_fd_get_conv(rsbac_version_t old_version) 00863 { 00864 switch(old_version) 00865 { 00866 case RSBAC_GEN_FD_OLD_ACI_VERSION: 00867 return gen_fd_conv; 00868 case RSBAC_GEN_FD_OLD_OLD_ACI_VERSION: 00869 return gen_fd_old_conv; 00870 case RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION: 00871 return gen_fd_old_old_conv; 00872 case RSBAC_GEN_FD_OLD_OLD_OLD_OLD_ACI_VERSION: 00873 return gen_fd_old_old_old_conv; 00874 default: 00875 return NULL; 00876 } 00877 } 00878 00879 static int gen_dev_conv( 00880 void * old_desc, 00881 void * old_data, 00882 void * new_desc, 00883 void * new_data) 00884 { 00885 struct rsbac_dev_desc_t * new = new_desc; 00886 struct rsbac_dev_t * old = old_desc; 00887 00888 memcpy(new_data, old_data, sizeof(struct rsbac_gen_dev_aci_t)); 00889 new->type = old->type; 00890 new->major = RSBAC_MAJOR(old->id); 00891 new->minor = RSBAC_MINOR(old->id); 00892 return 0; 00893 } 00894 00895 rsbac_list_conv_function_t * gen_dev_get_conv(rsbac_version_t old_version) 00896 { 00897 switch(old_version) 00898 { 00899 case RSBAC_GEN_DEV_OLD_ACI_VERSION: 00900 return gen_dev_conv; 00901 default: 00902 return NULL; 00903 } 00904 } 00905 00906 #ifdef CONFIG_RSBAC_MAC 00907 static int mac_old_fd_conv( 00908 void * old_desc, 00909 void * old_data, 00910 void * new_desc, 00911 void * new_data) 00912 { 00913 struct rsbac_mac_fd_aci_t * new_aci = new_data; 00914 struct rsbac_mac_fd_old_aci_t * old_aci = old_data; 00915 00916 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); 00917 new_aci->sec_level = old_aci->sec_level; 00918 new_aci->mac_categories = old_aci->mac_categories; 00919 new_aci->mac_auto = old_aci->mac_auto; 00920 new_aci->mac_prop_trusted = old_aci->mac_prop_trusted; 00921 new_aci->mac_file_flags = old_aci->mac_file_flags; 00922 return 0; 00923 } 00924 00925 static int mac_old_old_fd_conv( 00926 void * old_desc, 00927 void * old_data, 00928 void * new_desc, 00929 void * new_data) 00930 { 00931 struct rsbac_mac_fd_aci_t * new_aci = new_data; 00932 struct rsbac_mac_fd_old_old_aci_t * old_aci = old_data; 00933 00934 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); 00935 new_aci->sec_level = old_aci->sec_level; 00936 new_aci->mac_categories = old_aci->mac_categories; 00937 new_aci->mac_auto = old_aci->mac_auto; 00938 new_aci->mac_prop_trusted = FALSE; 00939 if(old_aci->mac_shared) 00940 new_aci->mac_file_flags = MAC_write_up; 00941 else 00942 new_aci->mac_file_flags = 0; 00943 return 0; 00944 } 00945 00946 static int mac_old_old_old_fd_conv( 00947 void * old_desc, 00948 void * old_data, 00949 void * new_desc, 00950 void * new_data) 00951 { 00952 struct rsbac_mac_fd_aci_t * new_aci = new_data; 00953 struct rsbac_mac_fd_old_old_old_aci_t * old_aci = old_data; 00954 00955 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); 00956 new_aci->sec_level = old_aci->sec_level; 00957 new_aci->mac_categories = old_aci->mac_categories; 00958 new_aci->mac_auto = old_aci->mac_auto; 00959 new_aci->mac_prop_trusted = FALSE; 00960 new_aci->mac_file_flags = 0; 00961 return 0; 00962 } 00963 00964 rsbac_list_conv_function_t * mac_fd_get_conv(rsbac_version_t old_version) 00965 { 00966 switch(old_version) 00967 { 00968 case RSBAC_MAC_FD_OLD_ACI_VERSION: 00969 return mac_old_fd_conv; 00970 case RSBAC_MAC_FD_OLD_OLD_ACI_VERSION: 00971 return mac_old_old_fd_conv; 00972 case RSBAC_MAC_FD_OLD_OLD_OLD_ACI_VERSION: 00973 return mac_old_old_old_fd_conv; 00974 default: 00975 return NULL; 00976 } 00977 } 00978 00979 static int mac_dev_conv( 00980 void * old_desc, 00981 void * old_data, 00982 void * new_desc, 00983 void * new_data) 00984 { 00985 struct rsbac_dev_desc_t * new = new_desc; 00986 struct rsbac_dev_t * old = old_desc; 00987 00988 memcpy(new_data, old_data, sizeof(struct rsbac_mac_dev_aci_t)); 00989 new->type = old->type; 00990 new->major = RSBAC_MAJOR(old->id); 00991 new->minor = RSBAC_MINOR(old->id); 00992 return 0; 00993 } 00994 00995 rsbac_list_conv_function_t * mac_dev_get_conv(rsbac_version_t old_version) 00996 { 00997 switch(old_version) 00998 { 00999 case RSBAC_MAC_DEV_OLD_ACI_VERSION: 01000 return mac_dev_conv; 01001 default: 01002 return NULL; 01003 } 01004 } 01005 01006 static int mac_old_user_conv( 01007 void * old_desc, 01008 void * old_data, 01009 void * new_desc, 01010 void * new_data) 01011 { 01012 struct rsbac_mac_user_aci_t * new_aci = new_data; 01013 struct rsbac_mac_user_old_aci_t * old_aci = old_data; 01014 01015 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t)); 01016 new_aci->security_level = old_aci->access_appr; 01017 new_aci->initial_security_level = old_aci->access_appr; 01018 new_aci->min_security_level = old_aci->min_access_appr; 01019 new_aci->mac_categories = old_aci->mac_categories; 01020 new_aci->mac_initial_categories = old_aci->mac_categories; 01021 new_aci->mac_min_categories = old_aci->mac_min_categories; 01022 new_aci->system_role = old_aci->system_role; 01023 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS; 01024 if(old_aci->mac_allow_auto) 01025 new_aci->mac_user_flags |= MAC_allow_auto; 01026 return 0; 01027 } 01028 01029 static int mac_old_old_user_conv( 01030 void * old_desc, 01031 void * old_data, 01032 void * new_desc, 01033 void * new_data) 01034 { 01035 struct rsbac_mac_user_aci_t * new_aci = new_data; 01036 struct rsbac_mac_user_old_old_aci_t * old_aci = old_data; 01037 01038 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t)); 01039 new_aci->security_level = old_aci->access_appr; 01040 new_aci->initial_security_level = old_aci->access_appr; 01041 new_aci->min_security_level = old_aci->min_access_appr; 01042 new_aci->mac_categories = old_aci->mac_categories; 01043 new_aci->mac_initial_categories = old_aci->mac_categories; 01044 new_aci->mac_min_categories = old_aci->mac_min_categories; 01045 new_aci->system_role = old_aci->system_role; 01046 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS; 01047 return 0; 01048 } 01049 01050 static int mac_old_old_old_user_conv( 01051 void * old_desc, 01052 void * old_data, 01053 void * new_desc, 01054 void * new_data) 01055 { 01056 struct rsbac_mac_user_aci_t * new_aci = new_data; 01057 struct rsbac_mac_user_old_old_old_aci_t * old_aci = old_data; 01058 01059 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t)); 01060 new_aci->security_level = old_aci->access_appr; 01061 new_aci->initial_security_level = old_aci->access_appr; 01062 new_aci->min_security_level = SL_unclassified; 01063 new_aci->mac_categories = old_aci->mac_categories; 01064 new_aci->mac_initial_categories = old_aci->mac_categories; 01065 new_aci->mac_min_categories = RSBAC_MAC_MIN_CAT_VECTOR; 01066 new_aci->system_role = old_aci->system_role; 01067 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS; 01068 return 0; 01069 } 01070 01071 rsbac_list_conv_function_t * mac_user_get_conv(rsbac_version_t old_version) 01072 { 01073 switch(old_version) 01074 { 01075 case RSBAC_MAC_USER_OLD_ACI_VERSION: 01076 return mac_old_user_conv; 01077 case RSBAC_MAC_USER_OLD_OLD_ACI_VERSION: 01078 return mac_old_old_user_conv; 01079 case RSBAC_MAC_USER_OLD_OLD_OLD_ACI_VERSION: 01080 return mac_old_old_old_user_conv; 01081 default: 01082 return NULL; 01083 } 01084 } 01085 #endif 01086 01087 #ifdef CONFIG_RSBAC_FC 01088 static int fc_dev_conv( 01089 void * old_desc, 01090 void * old_data, 01091 void * new_desc, 01092 void * new_data) 01093 { 01094 struct rsbac_dev_desc_t * new = new_desc; 01095 struct rsbac_dev_t * old = old_desc; 01096 01097 memcpy(new_data, old_data, sizeof(rsbac_fc_oc_t)); 01098 new->type = old->type; 01099 new->major = RSBAC_MAJOR(old->id); 01100 new->minor = RSBAC_MINOR(old->id); 01101 return 0; 01102 } 01103 01104 rsbac_list_conv_function_t * fc_dev_get_conv(rsbac_version_t old_version) 01105 { 01106 switch(old_version) 01107 { 01108 case RSBAC_FC_DEV_OLD_ACI_VERSION: 01109 return fc_dev_conv; 01110 default: 01111 return NULL; 01112 } 01113 } 01114 #endif 01115 01116 #ifdef CONFIG_RSBAC_SIM 01117 static int sim_dev_conv( 01118 void * old_desc, 01119 void * old_data, 01120 void * new_desc, 01121 void * new_data) 01122 { 01123 struct rsbac_dev_desc_t * new = new_desc; 01124 struct rsbac_dev_t * old = old_desc; 01125 01126 memcpy(new_data, old_data, sizeof(rsbac_sim_dt_t)); 01127 new->type = old->type; 01128 new->major = RSBAC_MAJOR(old->id); 01129 new->minor = RSBAC_MINOR(old->id); 01130 return 0; 01131 } 01132 01133 rsbac_list_conv_function_t * sim_dev_get_conv(rsbac_version_t old_version) 01134 { 01135 switch(old_version) 01136 { 01137 case RSBAC_SIM_DEV_OLD_ACI_VERSION: 01138 return sim_dev_conv; 01139 default: 01140 return NULL; 01141 } 01142 } 01143 #endif 01144 01145 #ifdef CONFIG_RSBAC_PM 01146 static int pm_dev_conv( 01147 void * old_desc, 01148 void * old_data, 01149 void * new_desc, 01150 void * new_data) 01151 { 01152 struct rsbac_dev_desc_t * new = new_desc; 01153 struct rsbac_dev_t * old = old_desc; 01154 01155 memcpy(new_data, old_data, sizeof(struct rsbac_pm_dev_aci_t)); 01156 new->type = old->type; 01157 new->major = RSBAC_MAJOR(old->id); 01158 new->minor = RSBAC_MINOR(old->id); 01159 return 0; 01160 } 01161 01162 rsbac_list_conv_function_t * pm_dev_get_conv(rsbac_version_t old_version) 01163 { 01164 switch(old_version) 01165 { 01166 case RSBAC_PM_DEV_OLD_ACI_VERSION: 01167 return pm_dev_conv; 01168 default: 01169 return NULL; 01170 } 01171 } 01172 #endif 01173 01174 #ifdef CONFIG_RSBAC_RC 01175 static int rc_dev_conv( 01176 void * old_desc, 01177 void * old_data, 01178 void * new_desc, 01179 void * new_data) 01180 { 01181 struct rsbac_dev_desc_t * new = new_desc; 01182 struct rsbac_dev_t * old = old_desc; 01183 01184 memcpy(new_data, old_data, sizeof(rsbac_rc_type_id_t)); 01185 new->type = old->type; 01186 new->major = RSBAC_MAJOR(old->id); 01187 new->minor = RSBAC_MINOR(old->id); 01188 return 0; 01189 } 01190 01191 rsbac_list_conv_function_t * rc_dev_get_conv(rsbac_version_t old_version) 01192 { 01193 switch(old_version) 01194 { 01195 case RSBAC_RC_DEV_OLD_ACI_VERSION: 01196 return rc_dev_conv; 01197 default: 01198 return NULL; 01199 } 01200 } 01201 01202 static int rc_user_conv( 01203 void * old_desc, 01204 void * old_data, 01205 void * new_desc, 01206 void * new_data) 01207 { 01208 struct rsbac_rc_user_aci_t * new_aci = new_data; 01209 rsbac_rc_role_id_t * old_aci = old_data; 01210 01211 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t)); 01212 new_aci->rc_role = *old_aci; 01213 new_aci->rc_type = RSBAC_RC_GENERAL_TYPE; 01214 return 0; 01215 } 01216 01217 rsbac_list_conv_function_t * rc_user_get_conv(rsbac_version_t old_version) 01218 { 01219 switch(old_version) 01220 { 01221 case RSBAC_RC_USER_OLD_ACI_VERSION: 01222 return rc_user_conv; 01223 default: 01224 return NULL; 01225 } 01226 } 01227 #endif 01228 01229 #ifdef CONFIG_RSBAC_AUTH 01230 static int auth_old_fd_conv( 01231 void * old_desc, 01232 void * old_data, 01233 void * new_desc, 01234 void * new_data) 01235 { 01236 struct rsbac_auth_fd_aci_t * new_aci = new_data; 01237 struct rsbac_auth_fd_old_aci_t * old_aci = old_data; 01238 01239 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t)); 01240 new_aci->auth_may_setuid = old_aci->auth_may_setuid; 01241 new_aci->auth_may_set_cap = old_aci->auth_may_set_cap; 01242 new_aci->auth_learn = FALSE; 01243 return 0; 01244 } 01245 01246 rsbac_list_conv_function_t * auth_fd_get_conv(rsbac_version_t old_version) 01247 { 01248 switch(old_version) 01249 { 01250 case RSBAC_AUTH_FD_OLD_ACI_VERSION: 01251 return auth_old_fd_conv; 01252 default: 01253 return NULL; 01254 } 01255 } 01256 01257 #endif 01258 01259 /************************************************************************** */ 01260 /* The add_item() functions add an item to the list, set head.curr to it, */ 01261 /* and return a pointer to the item. */ 01262 /* These functions will NOT check, if there is already an item under the */ 01263 /* same ID! If this happens, the lookup functions will return the old item! */ 01264 /* All list manipulation must be protected by rw-spinlocks to prevent */ 01265 /* inconsistency and undefined behaviour in other concurrent functions. */ 01266 01267 /* register_fd_lists() */ 01268 /* register fd lists for device */ 01269 01270 static int register_fd_lists(struct rsbac_device_list_item_t * device_p, 01271 kdev_t kdev) 01272 { 01273 char * name; 01274 int err = 0; 01275 int tmperr; 01276 u_int file_no; 01277 struct rsbac_list_info_t * info_p; 01278 if(!device_p) 01279 return(-RSBAC_EINVALIDPOINTER); 01280 name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01281 if(!name) 01282 return -RSBAC_ENOMEM; 01283 info_p = rsbac_kmalloc(sizeof(*info_p)); 01284 if(!info_p) 01285 { 01286 rsbac_kfree(name); 01287 return -RSBAC_ENOMEM; 01288 } 01289 01290 /* register general lists */ 01291 { 01292 struct rsbac_gen_fd_aci_t def_gen_fd_aci = DEFAULT_GEN_FD_ACI; 01293 01294 for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++) 01295 { 01296 /* construct name from base name + number */ 01297 sprintf(name, "%s%u", RSBAC_GEN_FD_NAME, file_no); 01298 info_p->version = RSBAC_GEN_FD_ACI_VERSION; 01299 info_p->key = RSBAC_GEN_FD_ACI_KEY; 01300 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01301 info_p->data_size = sizeof(struct rsbac_gen_fd_aci_t); 01302 info_p->max_age = 0; 01303 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01304 &(device_p->handles.gen[file_no]), 01305 info_p, 01306 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 01307 rsbac_list_compare_u32, 01308 gen_fd_get_conv, 01309 &def_gen_fd_aci, 01310 name, 01311 kdev); 01312 if(tmperr) 01313 { 01314 char * tmp; 01315 01316 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01317 if(tmp) 01318 { 01319 #ifdef CONFIG_RSBAC_RMSG 01320 rsbac_printk(KERN_WARNING 01321 "register_fd_lists(): registering general list %u for device %02u:%02u failed with error %s!\n", 01322 file_no, 01323 RSBAC_MAJOR(kdev), 01324 RSBAC_MINOR(kdev), 01325 get_error_name(tmp, tmperr)); 01326 #endif 01327 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01328 if (!rsbac_nosyslog) 01329 #endif 01330 printk(KERN_WARNING 01331 "register_fd_lists(): registering general list %u for device %02u:%02u failed with error %s!\n", 01332 file_no, 01333 RSBAC_MAJOR(kdev), 01334 RSBAC_MINOR(kdev), 01335 get_error_name(tmp, tmperr)); 01336 rsbac_kfree(tmp); 01337 } 01338 err = tmperr; 01339 } 01340 } 01341 } 01342 01343 #if defined(CONFIG_RSBAC_MAC) 01344 { 01345 struct rsbac_mac_fd_aci_t def_mac_fd_aci = DEFAULT_MAC_FD_ACI; 01346 01347 /* register MAC lists */ 01348 for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++) 01349 { 01350 /* construct name from base name + number */ 01351 sprintf(name, "%s%u", RSBAC_MAC_FD_NAME, file_no); 01352 info_p->version = RSBAC_MAC_FD_ACI_VERSION; 01353 info_p->key = RSBAC_MAC_FD_ACI_KEY; 01354 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01355 info_p->data_size = sizeof(struct rsbac_mac_fd_aci_t); 01356 info_p->max_age = 0; 01357 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01358 &(device_p->handles.mac[file_no]), 01359 info_p, 01360 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 01361 rsbac_list_compare_u32, 01362 mac_fd_get_conv, 01363 &def_mac_fd_aci, 01364 name, 01365 kdev); 01366 if(tmperr) 01367 { 01368 char * tmp; 01369 01370 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01371 if(tmp) 01372 { 01373 #ifdef CONFIG_RSBAC_RMSG 01374 rsbac_printk(KERN_WARNING 01375 "register_fd_lists(): registering MAC list %u for device %02u:%02u failed with error %s!\n", 01376 file_no, 01377 RSBAC_MAJOR(kdev), 01378 RSBAC_MINOR(kdev), 01379 get_error_name(tmp, tmperr)); 01380 #endif 01381 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01382 if (!rsbac_nosyslog) 01383 #endif 01384 printk(KERN_WARNING 01385 "register_fd_lists(): registering MAC list %u for device %02u:%02u failed with error %s!\n", 01386 file_no, 01387 RSBAC_MAJOR(kdev), 01388 RSBAC_MINOR(kdev), 01389 get_error_name(tmp, tmperr)); 01390 rsbac_kfree(tmp); 01391 } 01392 err = tmperr; 01393 } 01394 } 01395 } 01396 #endif 01397 01398 #if defined(CONFIG_RSBAC_FC) 01399 { 01400 rsbac_fc_oc_t def_fc_fd_aci = RSBAC_FC_OC_DEF; 01401 01402 /* register FC lists */ 01403 for (file_no = 0; file_no < RSBAC_FC_NR_FD_LISTS; file_no++) 01404 { 01405 /* construct name from base name + number */ 01406 sprintf(name, "%s%u", RSBAC_FC_FD_NAME, file_no); 01407 info_p->version = RSBAC_FC_FD_ACI_VERSION; 01408 info_p->key = RSBAC_FC_FD_ACI_KEY; 01409 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01410 info_p->data_size = sizeof(rsbac_fc_oc_t); 01411 info_p->max_age = 0; 01412 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01413 &(device_p->handles.fc[file_no]), 01414 info_p, 01415 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 01416 rsbac_list_compare_u32, 01417 NULL, 01418 &def_fc_fd_aci, 01419 name, 01420 kdev); 01421 if(tmperr) 01422 { 01423 char * tmp; 01424 01425 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01426 if(tmp) 01427 { 01428 #ifdef CONFIG_RSBAC_RMSG 01429 rsbac_printk(KERN_WARNING 01430 "register_fd_lists(): registering FC list %u for device %02u:%02u failed with error %s!\n", 01431 file_no, 01432 RSBAC_MAJOR(kdev), 01433 RSBAC_MINOR(kdev), 01434 get_error_name(tmp, tmperr)); 01435 #endif 01436 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01437 if (!rsbac_nosyslog) 01438 #endif 01439 printk(KERN_WARNING 01440 "register_fd_lists(): registering FC list %u for device %02u:%02u failed with error %s!\n", 01441 file_no, 01442 RSBAC_MAJOR(kdev), 01443 RSBAC_MINOR(kdev), 01444 get_error_name(tmp, tmperr)); 01445 rsbac_kfree(tmp); 01446 } 01447 err = tmperr; 01448 } 01449 } 01450 } 01451 #endif 01452 01453 #if defined(CONFIG_RSBAC_SIM) 01454 { 01455 rsbac_sim_dt_t def_sim_fd_aci = RSBAC_SIM_DT_DEF; 01456 01457 /* register SIM lists */ 01458 for (file_no = 0; file_no < RSBAC_SIM_NR_FD_LISTS; file_no++) 01459 { 01460 /* construct name from base name + number */ 01461 sprintf(name, "%s%u", RSBAC_SIM_FD_NAME, file_no); 01462 info_p->version = RSBAC_SIM_FD_ACI_VERSION; 01463 info_p->key = RSBAC_SIM_FD_ACI_KEY; 01464 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01465 info_p->data_size = sizeof(rsbac_sim_dt_t); 01466 info_p->max_age = 0; 01467 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01468 &(device_p->handles.sim[file_no]), 01469 info_p, 01470 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 01471 rsbac_list_compare_u32, 01472 NULL, 01473 &def_sim_fd_aci, 01474 name, 01475 kdev); 01476 if(tmperr) 01477 { 01478 char * tmp; 01479 01480 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01481 if(tmp) 01482 { 01483 #ifdef CONFIG_RSBAC_RMSG 01484 rsbac_printk(KERN_WARNING 01485 "register_fd_lists(): registering SIM list %u for device %02u:%02u failed with error %s!\n", 01486 file_no, 01487 RSBAC_MAJOR(kdev), 01488 RSBAC_MINOR(kdev), 01489 get_error_name(tmp, tmperr)); 01490 #endif 01491 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01492 if (!rsbac_nosyslog) 01493 #endif 01494 printk(KERN_WARNING 01495 "register_fd_lists(): registering SIM list %u for device %02u:%02u failed with error %s!\n", 01496 file_no, 01497 RSBAC_MAJOR(kdev), 01498 RSBAC_MINOR(kdev), 01499 get_error_name(tmp, tmperr)); 01500 rsbac_kfree(tmp); 01501 } 01502 err = tmperr; 01503 } 01504 } 01505 } 01506 #endif 01507 01508 #if defined(CONFIG_RSBAC_PM) 01509 { 01510 struct rsbac_pm_fd_aci_t def_pm_fd_aci = DEFAULT_PM_FD_ACI; 01511 01512 /* register PM lists */ 01513 for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++) 01514 { 01515 /* construct name from base name + number */ 01516 sprintf(name, "%s%u", RSBAC_PM_FD_NAME, file_no); 01517 info_p->version = RSBAC_PM_FD_ACI_VERSION; 01518 info_p->key = RSBAC_PM_FD_ACI_KEY; 01519 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01520 info_p->data_size = sizeof(struct rsbac_pm_fd_aci_t); 01521 info_p->max_age = 0; 01522 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01523 &(device_p->handles.pm[file_no]), 01524 info_p, 01525 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 01526 rsbac_list_compare_u32, 01527 NULL, 01528 &def_pm_fd_aci, 01529 name, 01530 kdev); 01531 if(tmperr) 01532 { 01533 char * tmp; 01534 01535 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01536 if(tmp) 01537 { 01538 #ifdef CONFIG_RSBAC_RMSG 01539 rsbac_printk(KERN_WARNING 01540 "register_fd_lists(): registering PM list %u for device %02u:%02u failed with error %s!\n", 01541 file_no, 01542 RSBAC_MAJOR(kdev), 01543 RSBAC_MINOR(kdev), 01544 get_error_name(tmp, tmperr)); 01545 #endif 01546 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01547 if (!rsbac_nosyslog) 01548 #endif 01549 printk(KERN_WARNING 01550 "register_fd_lists(): registering PM list %u for device %02u:%02u failed with error %s!\n", 01551 file_no, 01552 RSBAC_MAJOR(kdev), 01553 RSBAC_MINOR(kdev), 01554 get_error_name(tmp, tmperr)); 01555 rsbac_kfree(tmp); 01556 } 01557 err = tmperr; 01558 } 01559 } 01560 } 01561 #endif 01562 01563 #if defined(CONFIG_RSBAC_DAZ) 01564 { 01565 struct rsbac_daz_fd_aci_t def_daz_fd_aci = DEFAULT_DAZ_FD_ACI; 01566 /* register DAZ lists */ 01567 for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++) 01568 { 01569 /* construct name from base name + number */ 01570 sprintf(name, "%s%u", RSBAC_DAZ_FD_NAME, file_no); 01571 info_p->version = RSBAC_DAZ_FD_ACI_VERSION; 01572 info_p->key = RSBAC_DAZ_FD_ACI_KEY; 01573 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01574 info_p->data_size = sizeof(struct rsbac_daz_fd_aci_t); 01575 info_p->max_age = 0; 01576 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01577 &(device_p->handles.daz[file_no]), 01578 info_p, 01579 RSBAC_LIST_PERSIST | 01580 RSBAC_LIST_DEF_DATA, 01581 rsbac_list_compare_u32, 01582 NULL, 01583 &def_daz_fd_aci, 01584 name, 01585 kdev); 01586 if(tmperr) 01587 { 01588 char * tmp; 01589 01590 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01591 if(tmp) 01592 { 01593 #ifdef CONFIG_RSBAC_RMSG 01594 rsbac_printk(KERN_WARNING 01595 "register_fd_lists(): registering DAZ list %u for device %02u:%02u failed with error %s!\n", 01596 file_no, 01597 RSBAC_MAJOR(kdev), 01598 RSBAC_MINOR(kdev), 01599 get_error_name(tmp, tmperr)); 01600 #endif 01601 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01602 if (!rsbac_nosyslog) 01603 #endif 01604 printk(KERN_WARNING 01605 "register_fd_lists(): registering DAZ list %u for device %02u:%02u failed with error %s!\n", 01606 file_no, 01607 RSBAC_MAJOR(kdev), 01608 RSBAC_MINOR(kdev), 01609 get_error_name(tmp, tmperr)); 01610 rsbac_kfree(tmp); 01611 } 01612 err = tmperr; 01613 } 01614 } 01615 } 01616 #if defined(CONFIG_RSBAC_DAZ_CACHE) 01617 { 01618 rsbac_daz_scanned_t def_daz_scanned_fd_aci = DEFAULT_DAZ_FD_SCANNED; 01619 01620 /* register DAZ scanned lists */ 01621 for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++) 01622 { 01623 /* construct name from base name + number */ 01624 sprintf(name, "%s%u", RSBAC_DAZ_SCANNED_FD_NAME, file_no); 01625 info_p->version = RSBAC_DAZ_SCANNED_FD_ACI_VERSION; 01626 info_p->key = RSBAC_DAZ_FD_ACI_KEY; 01627 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01628 info_p->data_size = sizeof(rsbac_daz_scanned_t); 01629 info_p->max_age = 0; 01630 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01631 &(device_p->handles.dazs[file_no]), 01632 info_p, 01633 #ifdef CONFIG_RSBAC_DAZ_PERSIST 01634 RSBAC_LIST_PERSIST | 01635 #endif 01636 RSBAC_LIST_DEF_DATA, 01637 rsbac_list_compare_u32, 01638 NULL, 01639 &def_daz_scanned_fd_aci, 01640 name, 01641 kdev); 01642 if(tmperr) 01643 { 01644 char * tmp; 01645 01646 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01647 if(tmp) 01648 { 01649 #ifdef CONFIG_RSBAC_RMSG 01650 rsbac_printk(KERN_WARNING 01651 "register_fd_lists(): registering DAZ scanned list %u for device %02u:%02u failed with error %s!\n", 01652 file_no, 01653 RSBAC_MAJOR(kdev), 01654 RSBAC_MINOR(kdev), 01655 get_error_name(tmp, tmperr)); 01656 #endif 01657 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01658 if (!rsbac_nosyslog) 01659 #endif 01660 printk(KERN_WARNING 01661 "register_fd_lists(): registering DAZ scanned list %u for device %02u:%02u failed with error %s!\n", 01662 file_no, 01663 RSBAC_MAJOR(kdev), 01664 RSBAC_MINOR(kdev), 01665 get_error_name(tmp, tmperr)); 01666 rsbac_kfree(tmp); 01667 } 01668 err = tmperr; 01669 } 01670 } 01671 } 01672 #endif 01673 #endif 01674 01675 #if defined(CONFIG_RSBAC_FF) 01676 { 01677 rsbac_ff_flags_t def_ff_fd_aci = RSBAC_FF_DEF; 01678 01679 /* register FF lists */ 01680 for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++) 01681 { 01682 /* construct name from base name + number */ 01683 sprintf(name, "%s%u", RSBAC_FF_FD_NAME, file_no); 01684 info_p->version = RSBAC_FF_FD_ACI_VERSION; 01685 info_p->key = RSBAC_FF_FD_ACI_KEY; 01686 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01687 info_p->data_size = sizeof(rsbac_ff_flags_t); 01688 info_p->max_age = 0; 01689 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01690 &(device_p->handles.ff[file_no]), 01691 info_p, 01692 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 01693 rsbac_list_compare_u32, 01694 NULL, 01695 &def_ff_fd_aci, 01696 name, 01697 kdev); 01698 if(tmperr) 01699 { 01700 char * tmp; 01701 01702 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01703 if(tmp) 01704 { 01705 #ifdef CONFIG_RSBAC_RMSG 01706 rsbac_printk(KERN_WARNING 01707 "register_fd_lists(): registering FF list %u for device %02u:%02u failed with error %s!\n", 01708 file_no, 01709 RSBAC_MAJOR(kdev), 01710 RSBAC_MINOR(kdev), 01711 get_error_name(tmp, tmperr)); 01712 #endif 01713 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01714 if (!rsbac_nosyslog) 01715 #endif 01716 printk(KERN_WARNING 01717 "register_fd_lists(): registering FF list %u for device %02u:%02u failed with error %s!\n", 01718 file_no, 01719 RSBAC_MAJOR(kdev), 01720 RSBAC_MINOR(kdev), 01721 get_error_name(tmp, tmperr)); 01722 rsbac_kfree(tmp); 01723 } 01724 err = tmperr; 01725 } 01726 } 01727 } 01728 #endif 01729 01730 #if defined(CONFIG_RSBAC_RC) 01731 { 01732 struct rsbac_rc_fd_aci_t def_rc_fd_aci = DEFAULT_RC_FD_ACI; 01733 01734 /* register RC lists */ 01735 for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++) 01736 { 01737 /* construct name from base name + number */ 01738 sprintf(name, "%s%u", RSBAC_RC_FD_NAME, file_no); 01739 info_p->version = RSBAC_RC_FD_ACI_VERSION; 01740 info_p->key = RSBAC_RC_FD_ACI_KEY; 01741 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01742 info_p->data_size = sizeof(struct rsbac_rc_fd_aci_t); 01743 info_p->max_age = 0; 01744 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01745 &(device_p->handles.rc[file_no]), 01746 info_p, 01747 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 01748 rsbac_list_compare_u32, 01749 NULL, 01750 &def_rc_fd_aci, 01751 name, 01752 kdev); 01753 if(tmperr) 01754 { 01755 char * tmp; 01756 01757 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01758 if(tmp) 01759 { 01760 #ifdef CONFIG_RSBAC_RMSG 01761 rsbac_printk(KERN_WARNING 01762 "register_fd_lists(): registering RC list %u for device %02u:%02u failed with error %s!\n", 01763 file_no, 01764 RSBAC_MAJOR(kdev), 01765 RSBAC_MINOR(kdev), 01766 get_error_name(tmp, tmperr)); 01767 #endif 01768 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01769 if (!rsbac_nosyslog) 01770 #endif 01771 printk(KERN_WARNING 01772 "register_fd_lists(): registering RC list %u for device %02u:%02u failed with error %s!\n", 01773 file_no, 01774 RSBAC_MAJOR(kdev), 01775 RSBAC_MINOR(kdev), 01776 get_error_name(tmp, tmperr)); 01777 rsbac_kfree(tmp); 01778 } 01779 err = tmperr; 01780 } 01781 } 01782 } 01783 #endif 01784 01785 #if defined(CONFIG_RSBAC_AUTH) 01786 { 01787 struct rsbac_auth_fd_aci_t def_auth_fd_aci = DEFAULT_AUTH_FD_ACI; 01788 01789 /* register AUTH lists */ 01790 for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++) 01791 { 01792 /* construct name from base name + number */ 01793 sprintf(name, "%s%u", RSBAC_AUTH_FD_NAME, file_no); 01794 info_p->version = RSBAC_AUTH_FD_ACI_VERSION; 01795 info_p->key = RSBAC_AUTH_FD_ACI_KEY; 01796 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01797 info_p->data_size = sizeof(struct rsbac_auth_fd_aci_t); 01798 info_p->max_age = 0; 01799 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01800 &(device_p->handles.auth[file_no]), 01801 info_p, 01802 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 01803 rsbac_list_compare_u32, 01804 auth_fd_get_conv, 01805 &def_auth_fd_aci, 01806 name, 01807 kdev); 01808 if(tmperr) 01809 { 01810 char * tmp; 01811 01812 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01813 if(tmp) 01814 { 01815 #ifdef CONFIG_RSBAC_RMSG 01816 rsbac_printk(KERN_WARNING 01817 "register_fd_lists(): registering AUTH list %u for device %02u:%02u failed with error %s!\n", 01818 file_no, 01819 RSBAC_MAJOR(kdev), 01820 RSBAC_MINOR(kdev), 01821 get_error_name(tmp, tmperr)); 01822 #endif 01823 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01824 if (!rsbac_nosyslog) 01825 #endif 01826 printk(KERN_WARNING 01827 "register_fd_lists(): registering AUTH list %u for device %02u:%02u failed with error %s!\n", 01828 file_no, 01829 RSBAC_MAJOR(kdev), 01830 RSBAC_MINOR(kdev), 01831 get_error_name(tmp, tmperr)); 01832 rsbac_kfree(tmp); 01833 } 01834 err = tmperr; 01835 } 01836 } 01837 } 01838 #endif 01839 01840 #if defined(CONFIG_RSBAC_CAP) 01841 { 01842 struct rsbac_cap_fd_aci_t def_cap_fd_aci = DEFAULT_CAP_FD_ACI; 01843 01844 /* register CAP lists */ 01845 for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++) 01846 { 01847 /* construct name from base name + number */ 01848 sprintf(name, "%s%u", RSBAC_CAP_FD_NAME, file_no); 01849 info_p->version = RSBAC_CAP_FD_ACI_VERSION; 01850 info_p->key = RSBAC_CAP_FD_ACI_KEY; 01851 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01852 info_p->data_size = sizeof(struct rsbac_cap_fd_aci_t); 01853 info_p->max_age = 0; 01854 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01855 &(device_p->handles.cap[file_no]), 01856 info_p, 01857 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 01858 rsbac_list_compare_u32, 01859 NULL, 01860 &def_cap_fd_aci, 01861 name, 01862 kdev); 01863 if(tmperr) 01864 { 01865 char * tmp; 01866 01867 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01868 if(tmp) 01869 { 01870 #ifdef CONFIG_RSBAC_RMSG 01871 rsbac_printk(KERN_WARNING 01872 "register_fd_lists(): registering CAP list %u for device %02u:%02u failed with error %s!\n", 01873 file_no, 01874 RSBAC_MAJOR(kdev), 01875 RSBAC_MINOR(kdev), 01876 get_error_name(tmp, tmperr)); 01877 #endif 01878 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01879 if (!rsbac_nosyslog) 01880 #endif 01881 printk(KERN_WARNING 01882 "register_fd_lists(): registering CAP list %u for device %02u:%02u failed with error %s!\n", 01883 file_no, 01884 RSBAC_MAJOR(kdev), 01885 RSBAC_MINOR(kdev), 01886 get_error_name(tmp, tmperr)); 01887 rsbac_kfree(tmp); 01888 } 01889 err = tmperr; 01890 } 01891 } 01892 } 01893 #endif 01894 01895 #if defined(CONFIG_RSBAC_PAX) 01896 { 01897 rsbac_pax_flags_t def_pax_fd_aci = RSBAC_PAX_DEF_FLAGS; 01898 01899 /* register PAX lists */ 01900 for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++) 01901 { 01902 /* construct name from base name + number */ 01903 sprintf(name, "%s%u", RSBAC_PAX_FD_NAME, file_no); 01904 info_p->version = RSBAC_PAX_FD_ACI_VERSION; 01905 info_p->key = RSBAC_PAX_FD_ACI_KEY; 01906 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01907 info_p->data_size = sizeof(rsbac_pax_flags_t); 01908 info_p->max_age = 0; 01909 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01910 &(device_p->handles.pax[file_no]), 01911 info_p, 01912 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 01913 rsbac_list_compare_u32, 01914 NULL, 01915 &def_pax_fd_aci, 01916 name, 01917 kdev); 01918 if(tmperr) 01919 { 01920 char * tmp; 01921 01922 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01923 if(tmp) 01924 { 01925 #ifdef CONFIG_RSBAC_RMSG 01926 rsbac_printk(KERN_WARNING 01927 "register_fd_lists(): registering PAX list %u for device %02u:%02u failed with error %s!\n", 01928 file_no, 01929 RSBAC_MAJOR(kdev), 01930 RSBAC_MINOR(kdev), 01931 get_error_name(tmp, tmperr)); 01932 #endif 01933 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01934 if (!rsbac_nosyslog) 01935 #endif 01936 printk(KERN_WARNING 01937 "register_fd_lists(): registering PAX list %u for device %02u:%02u failed with error %s!\n", 01938 file_no, 01939 RSBAC_MAJOR(kdev), 01940 RSBAC_MINOR(kdev), 01941 get_error_name(tmp, tmperr)); 01942 rsbac_kfree(tmp); 01943 } 01944 err = tmperr; 01945 } 01946 } 01947 } 01948 #endif 01949 01950 #if defined(CONFIG_RSBAC_RES) 01951 { 01952 struct rsbac_res_fd_aci_t def_res_fd_aci = DEFAULT_RES_FD_ACI; 01953 01954 /* register RES lists */ 01955 for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++) 01956 { 01957 /* construct name from base name + number */ 01958 sprintf(name, "%s%u", RSBAC_RES_FD_NAME, file_no); 01959 info_p->version = RSBAC_RES_FD_ACI_VERSION; 01960 info_p->key = RSBAC_RES_FD_ACI_KEY; 01961 info_p->desc_size = sizeof(rsbac_inode_nr_t); 01962 info_p->data_size = sizeof(struct rsbac_res_fd_aci_t); 01963 info_p->max_age = 0; 01964 tmperr = rsbac_list_register(RSBAC_LIST_VERSION, 01965 &(device_p->handles.res[file_no]), 01966 info_p, 01967 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 01968 rsbac_list_compare_u32, 01969 NULL, 01970 &def_res_fd_aci, 01971 name, 01972 kdev); 01973 if(tmperr) 01974 { 01975 char * tmp; 01976 01977 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01978 if(tmp) 01979 { 01980 #ifdef CONFIG_RSBAC_RMSG 01981 rsbac_printk(KERN_WARNING 01982 "register_fd_lists(): registering RES list %u for device %02u:%02u failed with error %s!\n", 01983 file_no, 01984 RSBAC_MAJOR(kdev), 01985 RSBAC_MINOR(kdev), 01986 get_error_name(tmp, tmperr)); 01987 #endif 01988 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 01989 if (!rsbac_nosyslog) 01990 #endif 01991 printk(KERN_WARNING 01992 "register_fd_lists(): registering RES list %u for device %02u:%02u failed with error %s!\n", 01993 file_no, 01994 RSBAC_MAJOR(kdev), 01995 RSBAC_MINOR(kdev), 01996 get_error_name(tmp, tmperr)); 01997 rsbac_kfree(tmp); 01998 } 01999 err = tmperr; 02000 } 02001 } 02002 } 02003 #endif 02004 02005 return err; 02006 } 02007 02008 /* aci_detach_fd_lists() */ 02009 /* detach from fd lists for device */ 02010 02011 static int aci_detach_fd_lists(struct rsbac_device_list_item_t * device_p) 02012 { 02013 int err = 0; 02014 int tmperr; 02015 u_int file_no; 02016 02017 if(!device_p) 02018 return(-RSBAC_EINVALIDPOINTER); 02019 02020 /* detach all general lists */ 02021 for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++) 02022 { 02023 tmperr = rsbac_list_detach(&device_p->handles.gen[file_no], 02024 RSBAC_GEN_FD_ACI_KEY); 02025 if(tmperr) 02026 { 02027 char * tmp; 02028 02029 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02030 if(tmp) 02031 { 02032 #ifdef CONFIG_RSBAC_RMSG 02033 rsbac_printk(KERN_WARNING 02034 "detach_fd_lists(): detaching from general list %u for device %02u:%02u failed with error %s!\n", 02035 file_no, 02036 RSBAC_MAJOR(device_p->id), 02037 RSBAC_MINOR(device_p->id), 02038 get_error_name(tmp, tmperr)); 02039 #endif 02040 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02041 if (!rsbac_nosyslog) 02042 #endif 02043 printk(KERN_WARNING 02044 "detach_fd_lists(): detaching from general list %u for device %02u:%02u failed with error %s!\n", 02045 file_no, 02046 RSBAC_MAJOR(device_p->id), 02047 RSBAC_MINOR(device_p->id), 02048 get_error_name(tmp, tmperr)); 02049 rsbac_kfree(tmp); 02050 } 02051 err = tmperr; 02052 } 02053 } 02054 02055 #if defined(CONFIG_RSBAC_MAC) 02056 /* detach all MAC lists */ 02057 for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++) 02058 { 02059 tmperr = rsbac_list_detach(&device_p->handles.mac[file_no], 02060 RSBAC_MAC_FD_ACI_KEY); 02061 if(tmperr) 02062 { 02063 char * tmp; 02064 02065 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02066 if(tmp) 02067 { 02068 #ifdef CONFIG_RSBAC_RMSG 02069 rsbac_printk(KERN_WARNING 02070 "detach_fd_lists(): detaching from MAC list %u for device %02u:%02u failed with error %s!\n", 02071 file_no, 02072 RSBAC_MAJOR(device_p->id), 02073 RSBAC_MINOR(device_p->id), 02074 get_error_name(tmp, tmperr)); 02075 #endif 02076 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02077 if (!rsbac_nosyslog) 02078 #endif 02079 printk(KERN_WARNING 02080 "detach_fd_lists(): detaching from MAC list %u for device %02u:%02u failed with error %s!\n", 02081 file_no, 02082 RSBAC_MAJOR(device_p->id), 02083 RSBAC_MINOR(device_p->id), 02084 get_error_name(tmp, tmperr)); 02085 rsbac_kfree(tmp); 02086 } 02087 err = tmperr; 02088 } 02089 } 02090 #endif 02091 02092 #if defined(CONFIG_RSBAC_FC) 02093 /* detach all FC lists */ 02094 for (file_no = 0; file_no < RSBAC_FC_NR_FD_LISTS; file_no++) 02095 { 02096 tmperr = rsbac_list_detach(&device_p->handles.fc[file_no], 02097 RSBAC_FC_FD_ACI_KEY); 02098 if(tmperr) 02099 { 02100 char * tmp; 02101 02102 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02103 if(tmp) 02104 { 02105 #ifdef CONFIG_RSBAC_RMSG 02106 rsbac_printk(KERN_WARNING 02107 "detach_fd_lists(): detaching from FC list %u for device %02u:%02u failed with error %s!\n", 02108 file_no, 02109 RSBAC_MAJOR(device_p->id), 02110 RSBAC_MINOR(device_p->id), 02111 get_error_name(tmp, tmperr)); 02112 #endif 02113 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02114 if (!rsbac_nosyslog) 02115 #endif 02116 printk(KERN_WARNING 02117 "detach_fd_lists(): detaching from FC list %u for device %02u:%02u failed with error %s!\n", 02118 file_no, 02119 RSBAC_MAJOR(device_p->id), 02120 RSBAC_MINOR(device_p->id), 02121 get_error_name(tmp, tmperr)); 02122 rsbac_kfree(tmp); 02123 } 02124 err = tmperr; 02125 } 02126 } 02127 #endif 02128 02129 #if defined(CONFIG_RSBAC_SIM) 02130 /* detach all SIM lists */ 02131 for (file_no = 0; file_no < RSBAC_SIM_NR_FD_LISTS; file_no++) 02132 { 02133 tmperr = rsbac_list_detach(&device_p->handles.sim[file_no], 02134 RSBAC_SIM_FD_ACI_KEY); 02135 if(tmperr) 02136 { 02137 char * tmp; 02138 02139 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02140 if(tmp) 02141 { 02142 #ifdef CONFIG_RSBAC_RMSG 02143 rsbac_printk(KERN_WARNING 02144 "detach_fd_lists(): detaching from SIM list %u for device %02u:%02u failed with error %s!\n", 02145 file_no, 02146 RSBAC_MAJOR(device_p->id), 02147 RSBAC_MINOR(device_p->id), 02148 get_error_name(tmp, tmperr)); 02149 #endif 02150 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02151 if (!rsbac_nosyslog) 02152 #endif 02153 printk(KERN_WARNING 02154 "detach_fd_lists(): detaching from SIM list %u for device %02u:%02u failed with error %s!\n", 02155 file_no, 02156 RSBAC_MAJOR(device_p->id), 02157 RSBAC_MINOR(device_p->id), 02158 get_error_name(tmp, tmperr)); 02159 rsbac_kfree(tmp); 02160 } 02161 err = tmperr; 02162 } 02163 } 02164 #endif 02165 02166 #if defined(CONFIG_RSBAC_PM) 02167 /* detach all PM lists */ 02168 for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++) 02169 { 02170 tmperr = rsbac_list_detach(&device_p->handles.pm[file_no], 02171 RSBAC_PM_FD_ACI_KEY); 02172 if(tmperr) 02173 { 02174 char * tmp; 02175 02176 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02177 if(tmp) 02178 { 02179 #ifdef CONFIG_RSBAC_RMSG 02180 rsbac_printk(KERN_WARNING 02181 "detach_fd_lists(): detaching from PM list %u for device %02u:%02u failed with error %s!\n", 02182 file_no, 02183 RSBAC_MAJOR(device_p->id), 02184 RSBAC_MINOR(device_p->id), 02185 get_error_name(tmp, tmperr)); 02186 #endif 02187 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02188 if (!rsbac_nosyslog) 02189 #endif 02190 printk(KERN_WARNING 02191 "detach_fd_lists(): detaching from PM list %u for device %02u:%02u failed with error %s!\n", 02192 file_no, 02193 RSBAC_MAJOR(device_p->id), 02194 RSBAC_MINOR(device_p->id), 02195 get_error_name(tmp, tmperr)); 02196 rsbac_kfree(tmp); 02197 } 02198 err = tmperr; 02199 } 02200 } 02201 #endif 02202 02203 #if defined(CONFIG_RSBAC_DAZ) 02204 /* detach all DAZ lists */ 02205 for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++) 02206 { 02207 tmperr = rsbac_list_detach(&device_p->handles.daz[file_no], 02208 RSBAC_DAZ_FD_ACI_KEY); 02209 if(tmperr) 02210 { 02211 char * tmp; 02212 02213 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02214 if(tmp) 02215 { 02216 #ifdef CONFIG_RSBAC_RMSG 02217 rsbac_printk(KERN_WARNING 02218 "detach_fd_lists(): detaching from DAZ list %u for device %02u:%02u failed with error %s!\n", 02219 file_no, 02220 RSBAC_MAJOR(device_p->id), 02221 RSBAC_MINOR(device_p->id), 02222 get_error_name(tmp, tmperr)); 02223 #endif 02224 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02225 if (!rsbac_nosyslog) 02226 #endif 02227 printk(KERN_WARNING 02228 "detach_fd_lists(): detaching from DAZ list %u for device %02u:%02u failed with error %s!\n", 02229 file_no, 02230 RSBAC_MAJOR(device_p->id), 02231 RSBAC_MINOR(device_p->id), 02232 get_error_name(tmp, tmperr)); 02233 rsbac_kfree(tmp); 02234 } 02235 err = tmperr; 02236 } 02237 } 02238 #if defined(CONFIG_RSBAC_DAZ_CACHE) 02239 /* detach all DAZ scanned lists */ 02240 for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++) 02241 { 02242 tmperr = rsbac_list_detach(&device_p->handles.dazs[file_no], 02243 RSBAC_DAZ_FD_ACI_KEY); 02244 if(tmperr) 02245 { 02246 char * tmp; 02247 02248 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02249 if(tmp) 02250 { 02251 #ifdef CONFIG_RSBAC_RMSG 02252 rsbac_printk(KERN_WARNING 02253 "detach_fd_lists(): detaching from DAZ scanned list %u for device %02u:%02u failed with error %s!\n", 02254 file_no, 02255 RSBAC_MAJOR(device_p->id), 02256 RSBAC_MINOR(device_p->id), 02257 get_error_name(tmp, tmperr)); 02258 #endif 02259 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02260 if (!rsbac_nosyslog) 02261 #endif 02262 printk(KERN_WARNING 02263 "detach_fd_lists(): detaching from DAZ scanned list %u for device %02u:%02u failed with error %s!\n", 02264 file_no, 02265 RSBAC_MAJOR(device_p->id), 02266 RSBAC_MINOR(device_p->id), 02267 get_error_name(tmp, tmperr)); 02268 rsbac_kfree(tmp); 02269 } 02270 err = tmperr; 02271 } 02272 } 02273 #endif 02274 #endif 02275 02276 #if defined(CONFIG_RSBAC_FF) 02277 /* detach all FF lists */ 02278 for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++) 02279 { 02280 tmperr = rsbac_list_detach(&device_p->handles.ff[file_no], 02281 RSBAC_FF_FD_ACI_KEY); 02282 if(tmperr) 02283 { 02284 char * tmp; 02285 02286 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02287 if(tmp) 02288 { 02289 #ifdef CONFIG_RSBAC_RMSG 02290 rsbac_printk(KERN_WARNING 02291 "detach_fd_lists(): detaching from FF list %u for device %02u:%02u failed with error %s!\n", 02292 file_no, 02293 RSBAC_MAJOR(device_p->id), 02294 RSBAC_MINOR(device_p->id), 02295 get_error_name(tmp, tmperr)); 02296 #endif 02297 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02298 if (!rsbac_nosyslog) 02299 #endif 02300 printk(KERN_WARNING 02301 "detach_fd_lists(): detaching from FF list %u for device %02u:%02u failed with error %s!\n", 02302 file_no, 02303 RSBAC_MAJOR(device_p->id), 02304 RSBAC_MINOR(device_p->id), 02305 get_error_name(tmp, tmperr)); 02306 rsbac_kfree(tmp); 02307 } 02308 err = tmperr; 02309 } 02310 } 02311 #endif 02312 02313 #if defined(CONFIG_RSBAC_RC) 02314 /* detach all RC lists */ 02315 for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++) 02316 { 02317 tmperr = rsbac_list_detach(&device_p->handles.rc[file_no], 02318 RSBAC_RC_FD_ACI_KEY); 02319 if(tmperr) 02320 { 02321 char * tmp; 02322 02323 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02324 if(tmp) 02325 { 02326 #ifdef CONFIG_RSBAC_RMSG 02327 rsbac_printk(KERN_WARNING 02328 "detach_fd_lists(): detaching from RC list %u for device %02u:%02u failed with error %s!\n", 02329 file_no, 02330 RSBAC_MAJOR(device_p->id), 02331 RSBAC_MINOR(device_p->id), 02332 get_error_name(tmp, tmperr)); 02333 #endif 02334 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02335 if (!rsbac_nosyslog) 02336 #endif 02337 printk(KERN_WARNING 02338 "detach_fd_lists(): detaching from RC list %u for device %02u:%02u failed with error %s!\n", 02339 file_no, 02340 RSBAC_MAJOR(device_p->id), 02341 RSBAC_MINOR(device_p->id), 02342 get_error_name(tmp, tmperr)); 02343 rsbac_kfree(tmp); 02344 } 02345 err = tmperr; 02346 } 02347 } 02348 #endif 02349 02350 #if defined(CONFIG_RSBAC_AUTH) 02351 /* detach all AUTH lists */ 02352 for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++) 02353 { 02354 tmperr = rsbac_list_detach(&device_p->handles.auth[file_no], 02355 RSBAC_AUTH_FD_ACI_KEY); 02356 if(tmperr) 02357 { 02358 char * tmp; 02359 02360 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02361 if(tmp) 02362 { 02363 #ifdef CONFIG_RSBAC_RMSG 02364 rsbac_printk(KERN_WARNING 02365 "detach_fd_lists(): detaching from AUTH list %u for device %02u:%02u failed with error %s!\n", 02366 file_no, 02367 RSBAC_MAJOR(device_p->id), 02368 RSBAC_MINOR(device_p->id), 02369 get_error_name(tmp, tmperr)); 02370 #endif 02371 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02372 if (!rsbac_nosyslog) 02373 #endif 02374 printk(KERN_WARNING 02375 "detach_fd_lists(): detaching from AUTH list %u for device %02u:%02u failed with error %s!\n", 02376 file_no, 02377 RSBAC_MAJOR(device_p->id), 02378 RSBAC_MINOR(device_p->id), 02379 get_error_name(tmp, tmperr)); 02380 rsbac_kfree(tmp); 02381 } 02382 err = tmperr; 02383 } 02384 } 02385 #endif 02386 02387 #if defined(CONFIG_RSBAC_CAP) 02388 /* detach all CAP lists */ 02389 for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++) 02390 { 02391 tmperr = rsbac_list_detach(&device_p->handles.cap[file_no], 02392 RSBAC_CAP_FD_ACI_KEY); 02393 if(tmperr) 02394 { 02395 char * tmp; 02396 02397 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02398 if(tmp) 02399 { 02400 #ifdef CONFIG_RSBAC_RMSG 02401 rsbac_printk(KERN_WARNING 02402 "detach_fd_lists(): detaching from CAP list %u for device %02u:%02u failed with error %s!\n", 02403 file_no, 02404 RSBAC_MAJOR(device_p->id), 02405 RSBAC_MINOR(device_p->id), 02406 get_error_name(tmp, tmperr)); 02407 #endif 02408 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02409 if (!rsbac_nosyslog) 02410 #endif 02411 printk(KERN_WARNING 02412 "detach_fd_lists(): detaching from CAP list %u for device %02u:%02u failed with error %s!\n", 02413 file_no, 02414 RSBAC_MAJOR(device_p->id), 02415 RSBAC_MINOR(device_p->id), 02416 get_error_name(tmp, tmperr)); 02417 rsbac_kfree(tmp); 02418 } 02419 err = tmperr; 02420 } 02421 } 02422 #endif 02423 02424 #if defined(CONFIG_RSBAC_PAX) 02425 /* detach all PAX lists */ 02426 for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++) 02427 { 02428 tmperr = rsbac_list_detach(&device_p->handles.pax[file_no], 02429 RSBAC_PAX_FD_ACI_KEY); 02430 if(tmperr) 02431 { 02432 char * tmp; 02433 02434 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02435 if(tmp) 02436 { 02437 #ifdef CONFIG_RSBAC_RMSG 02438 rsbac_printk(KERN_WARNING 02439 "detach_fd_lists(): detaching from PAX list %u for device %02u:%02u failed with error %s!\n", 02440 file_no, 02441 RSBAC_MAJOR(device_p->id), 02442 RSBAC_MINOR(device_p->id), 02443 get_error_name(tmp, tmperr)); 02444 #endif 02445 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02446 if (!rsbac_nosyslog) 02447 #endif 02448 printk(KERN_WARNING 02449 "detach_fd_lists(): detaching from PAX list %u for device %02u:%02u failed with error %s!\n", 02450 file_no, 02451 RSBAC_MAJOR(device_p->id), 02452 RSBAC_MINOR(device_p->id), 02453 get_error_name(tmp, tmperr)); 02454 rsbac_kfree(tmp); 02455 } 02456 err = tmperr; 02457 } 02458 } 02459 #endif 02460 02461 #if defined(CONFIG_RSBAC_RES) 02462 /* detach all RES lists */ 02463 for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++) 02464 { 02465 tmperr = rsbac_list_detach(&device_p->handles.res[file_no], 02466 RSBAC_RES_FD_ACI_KEY); 02467 if(tmperr) 02468 { 02469 char * tmp; 02470 02471 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02472 if(tmp) 02473 { 02474 #ifdef CONFIG_RSBAC_RMSG 02475 rsbac_printk(KERN_WARNING 02476 "detach_fd_lists(): detaching from RES list %u for device %02u:%02u failed with error %s!\n", 02477 file_no, 02478 RSBAC_MAJOR(device_p->id), 02479 RSBAC_MINOR(device_p->id), 02480 get_error_name(tmp, tmperr)); 02481 #endif 02482 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02483 if (!rsbac_nosyslog) 02484 #endif 02485 printk(KERN_WARNING 02486 "detach_fd_lists(): detaching from RES list %u for device %02u:%02u failed with error %s!\n", 02487 file_no, 02488 RSBAC_MAJOR(device_p->id), 02489 RSBAC_MINOR(device_p->id), 02490 get_error_name(tmp, tmperr)); 02491 rsbac_kfree(tmp); 02492 } 02493 err = tmperr; 02494 } 02495 } 02496 #endif 02497 02498 return err; 02499 } 02500 02501 02502 /* Create a device item without adding to list. No locking needed. */ 02503 static struct rsbac_device_list_item_t 02504 * create_device_item(struct super_block * sb_p, struct dentry * d_covers) 02505 { 02506 struct rsbac_device_list_item_t * new_item_p; 02507 02508 if(!sb_p) 02509 return NULL; 02510 /* allocate memory for new device, return NULL, if failed */ 02511 if ( !(new_item_p = (struct rsbac_device_list_item_t *) 02512 rsbac_kmalloc(sizeof(*new_item_p)) ) ) 02513 return(NULL); 02514 02515 memset(new_item_p, 0, sizeof(*new_item_p)); 02516 new_item_p->id = sb_p->s_dev; 02517 new_item_p->sb_p = sb_p; 02518 new_item_p->d_covers = d_covers; 02519 new_item_p->mount_count = 1; 02520 /* everything else is 0 by memset -> return */ 02521 return(new_item_p); 02522 }; 02523 02524 /* Add an existing device item to list. Locking needed. */ 02525 static struct rsbac_device_list_item_t 02526 * add_device_item(struct rsbac_device_list_item_t * device_p) 02527 { 02528 if (!device_p) 02529 return(NULL); 02530 02531 /* add new device to device list */ 02532 if (!device_list_head.head) 02533 { /* first device */ 02534 device_list_head.head=device_p; 02535 device_list_head.tail=device_p; 02536 device_list_head.curr=device_p; 02537 device_list_head.count=1; 02538 device_p->prev=NULL; 02539 device_p->next=NULL; 02540 } 02541 else 02542 { /* there is another device -> hang to tail */ 02543 device_p->prev=device_list_head.tail; 02544 device_p->next=NULL; 02545 device_list_head.tail->next=device_p; 02546 device_list_head.tail=device_p; 02547 device_list_head.curr=device_p; 02548 device_list_head.count++; 02549 }; 02550 return(device_p); 02551 }; 02552 02553 /************************************************************************** */ 02554 /* The remove_item() functions remove an item from the list. If this item */ 02555 /* is head, tail or curr, these pointers are set accordingly. */ 02556 /* To speed up removing several subsequent items, curr is set to the next */ 02557 /* item, if possible. */ 02558 /* If the item is not found, nothing is done. */ 02559 02560 static void clear_device_item(struct rsbac_device_list_item_t * item_p) 02561 { 02562 if(!item_p) 02563 return; 02564 02565 /* dput() rsbac_dir_dentry_p, if set */ 02566 if(item_p->rsbac_dir_dentry_p) 02567 dput(item_p->rsbac_dir_dentry_p); 02568 /* OK, lets remove the device item itself */ 02569 rsbac_kfree(item_p); 02570 }; /* end of clear_device_item() */ 02571 02572 static void remove_device_item(kdev_t kdev) 02573 { 02574 struct rsbac_device_list_item_t * item_p; 02575 02576 /* first we must locate the item. */ 02577 if ( (item_p = lookup_device(kdev)) ) 02578 { /* ok, item was found */ 02579 if (device_list_head.head == item_p) 02580 { /* item is head */ 02581 if (device_list_head.tail == item_p) 02582 { /* item is head and tail = only item -> list will be empty*/ 02583 device_list_head.head = NULL; 02584 device_list_head.tail = NULL; 02585 } 02586 else 02587 { /* item is head, but not tail -> next item becomes head */ 02588 item_p->next->prev = NULL; 02589 device_list_head.head = item_p->next; 02590 }; 02591 } 02592 else 02593 { /* item is not head */ 02594 if (device_list_head.tail == item_p) 02595 { /*item is not head, but tail -> previous item becomes tail*/ 02596 item_p->prev->next = NULL; 02597 device_list_head.tail = item_p->prev; 02598 } 02599 else 02600 { /* item is neither head nor tail -> item is cut out */ 02601 item_p->prev->next = item_p->next; 02602 item_p->next->prev = item_p->prev; 02603 }; 02604 }; 02605 02606 /* curr is no longer valid -> reset. */ 02607 device_list_head.curr=NULL; 02608 /* adjust counter */ 02609 device_list_head.count--; 02610 02611 /* clean up */ 02612 aci_detach_fd_lists(item_p); 02613 02614 /* clear item */ 02615 clear_device_item(item_p); 02616 }; /* end of if: item was found */ 02617 02618 }; /* end of remove_device_item() */ 02619 02620 /**************************************************/ 02621 /* Externally visible help functions */ 02622 /**************************************************/ 02623 02624 /* helper, copied from open.d/do_truncate() */ 02625 static int rsbac_clear_file(struct dentry *dentry) 02626 { 02627 struct inode *inode = dentry->d_inode; 02628 int error; 02629 struct iattr newattrs; 02630 02631 down(&inode->i_sem); 02632 newattrs.ia_size = 0; 02633 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME; 02634 error = notify_change(dentry, &newattrs); 02635 up(&inode->i_sem); 02636 return error; 02637 } 02638 02639 static void wakeup_auto(u_long dummy) 02640 { 02641 wake_up((void *) dummy); 02642 } 02643 02644 #if defined(CONFIG_RSBAC_REG) 02645 EXPORT_SYMBOL(rsbac_get_super_block); 02646 #endif 02647 struct super_block * rsbac_get_super_block(kdev_t kdev) 02648 { 02649 struct rsbac_device_list_item_t * device_p; 02650 u_long dflags; 02651 struct super_block * sb_p; 02652 02653 if(RSBAC_IS_AUTO_DEV(kdev)) 02654 return NULL; 02655 02656 /* get super_block-pointer */ 02657 rsbac_read_lock(&device_list_head.lock, &dflags); 02658 device_p = lookup_device(kdev); 02659 if (!device_p) 02660 { 02661 rsbac_read_unlock(&device_list_head.lock, &dflags); 02662 down(&rsbac_write_sem); 02663 up(&rsbac_write_sem); 02664 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02665 sb_p = user_get_super(kdev); 02666 #else 02667 sb_p = get_super(kdev); 02668 #endif 02669 if(!sb_p) 02670 { /* Wait a second and retry */ 02671 DECLARE_WAIT_QUEUE_HEAD(auto_wait); 02672 struct timer_list auto_timer; 02673 02674 #ifdef CONFIG_RSBAC_RMSG 02675 rsbac_printk(KERN_INFO 02676 "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n", 02677 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02678 #endif 02679 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02680 if (!rsbac_nosyslog) 02681 #endif 02682 printk(KERN_INFO 02683 "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n", 02684 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02685 init_timer(&auto_timer); 02686 auto_timer.function = wakeup_auto; 02687 auto_timer.data = (u_long) &auto_wait; 02688 auto_timer.expires = jiffies + HZ; 02689 add_timer(&auto_timer); 02690 interruptible_sleep_on(&auto_wait); 02691 02692 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02693 sb_p = user_get_super(kdev); 02694 #else 02695 sb_p = get_super(kdev); 02696 #endif 02697 } 02698 if(sb_p) 02699 { 02700 device_p = lookup_device(kdev); 02701 if (!device_p) 02702 { 02703 #ifdef CONFIG_RSBAC_RMSG 02704 rsbac_printk(KERN_INFO 02705 "rsbac_get_super_block(): auto-mounting device %02u:%02u\n", 02706 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02707 #endif 02708 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02709 if (!rsbac_nosyslog) 02710 #endif 02711 printk(KERN_INFO 02712 "rsbac_get_super_block(): auto-mounting device %02u:%02u\n", 02713 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02714 rsbac_mount(sb_p, NULL); 02715 } 02716 /* free super_block pointer */ 02717 drop_super(sb_p); 02718 rsbac_read_lock(&device_list_head.lock, &dflags); 02719 device_p = lookup_device(kdev); 02720 if (!device_p) 02721 { 02722 #ifdef CONFIG_RSBAC_RMSG 02723 rsbac_printk(KERN_WARNING 02724 "rsbac_get_super_block(): unknown device %02u:%02u\n", 02725 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02726 #endif 02727 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02728 if (!rsbac_nosyslog) 02729 #endif 02730 printk(KERN_WARNING 02731 "rsbac_get_super_block(): unknown device %02u:%02u\n", 02732 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02733 rsbac_read_unlock(&device_list_head.lock, &dflags); 02734 return NULL; 02735 } 02736 } 02737 else 02738 { 02739 return NULL; 02740 } 02741 } 02742 sb_p = device_p->sb_p; 02743 rsbac_read_unlock(&device_list_head.lock, &dflags); 02744 return sb_p; 02745 } 02746 02747 #if defined(CONFIG_RSBAC_REG) 02748 EXPORT_SYMBOL(rsbac_read_open); 02749 #endif 02750 int rsbac_read_open(char * name, 02751 struct file * file_p, 02752 kdev_t kdev) 02753 { 02754 struct dentry * dir_dentry_p; 02755 struct dentry * file_dentry_p; 02756 int tmperr, err; 02757 02758 if(!name || !file_p) 02759 { 02760 #ifdef CONFIG_RSBAC_DEBUG 02761 if (rsbac_debug_ds) 02762 { 02763 #ifdef CONFIG_RSBAC_RMSG 02764 rsbac_printk(KERN_DEBUG "rsbac_read_open(): called with NULL pointer!"); 02765 #endif 02766 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02767 if (!rsbac_nosyslog) 02768 #endif 02769 printk(KERN_DEBUG "rsbac_read_open(): called with NULL pointer!"); 02770 } 02771 #endif 02772 return(-RSBAC_EINVALIDPOINTER); 02773 } 02774 02775 /* lookup dentry of ACI_PATH on root device, lock is released there */ 02776 if ((err=lookup_aci_path_dentry(NULL, &dir_dentry_p, FALSE, kdev))) 02777 { 02778 return(err); 02779 } 02780 02781 /* open file for reading - this must be done 'by hand', because */ 02782 /* standard system calls are now extended by rsbac decision calls. */ 02783 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name)); 02784 if (!file_dentry_p || IS_ERR (file_dentry_p)) 02785 { /* error in lookup */ 02786 return(-RSBAC_EREADFAILED); 02787 } 02788 if (!file_dentry_p->d_inode) 02789 { /* file not found: trying backup */ 02790 char * bname; 02791 int name_len = strlen(name); 02792 02793 dput(file_dentry_p); 02794 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN); 02795 if(!bname) 02796 { 02797 return -RSBAC_ENOMEM; 02798 } 02799 02800 strcpy(bname,name); 02801 bname[name_len] = 'b'; 02802 name_len++; 02803 bname[name_len] = (char) 0; 02804 #ifdef CONFIG_RSBAC_DEBUG 02805 if (rsbac_debug_ds) 02806 { 02807 #ifdef CONFIG_RSBAC_RMSG 02808 rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup file %s, trying backup %s\n", 02809 name,bname); 02810 #endif 02811 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02812 if (!rsbac_nosyslog) 02813 #endif 02814 printk(KERN_DEBUG "rsbac_read_open(): could not lookup file %s, trying backup %s\n", 02815 name,bname); 02816 } 02817 #endif 02818 file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname)); 02819 rsbac_kfree(bname); 02820 if (!file_dentry_p || IS_ERR (file_dentry_p)) 02821 { /* error in lookup */ 02822 return(-RSBAC_EREADFAILED); 02823 } 02824 if (!file_dentry_p->d_inode) 02825 { /* backup file also not found: return error */ 02826 #ifdef CONFIG_RSBAC_DEBUG 02827 if (rsbac_debug_ds) 02828 { 02829 #ifdef CONFIG_RSBAC_RMSG 02830 rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup backup file %sb\n", 02831 name); 02832 #endif 02833 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02834 if (!rsbac_nosyslog) 02835 #endif 02836 printk(KERN_DEBUG "rsbac_read_open(): could not lookup backup file %sb\n", 02837 name); 02838 } 02839 #endif 02840 dput(file_dentry_p); 02841 return(-RSBAC_ENOTFOUND); 02842 } 02843 } 02844 if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) ) 02845 { /* this is not a file! -> error! */ 02846 #ifdef CONFIG_RSBAC_RMSG 02847 rsbac_printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n"); 02848 #endif 02849 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02850 if (!rsbac_nosyslog) 02851 #endif 02852 printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n"); 02853 dput(file_dentry_p); 02854 return(-RSBAC_EREADFAILED); 02855 } 02856 02857 /* Now we fill the file structure and */ 02858 /* if there is an open func for this file, use it, otherwise ignore */ 02859 if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY))) 02860 { 02861 dput(file_dentry_p); 02862 #ifdef CONFIG_RSBAC_RMSG 02863 rsbac_printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n", name); 02864 #endif 02865 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02866 if (!rsbac_nosyslog) 02867 #endif 02868 printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n", name); 02869 return -RSBAC_EREADFAILED; 02870 } 02871 02872 /* if there is no read func, we get a problem -> error */ 02873 if ((!file_p->f_op) || (!file_p->f_op->read)) 02874 { 02875 if (!file_p->f_op) 02876 { 02877 #ifdef CONFIG_RSBAC_RMSG 02878 rsbac_printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n", name); 02879 #endif 02880 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02881 if (!rsbac_nosyslog) 02882 #endif 02883 printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n", name); 02884 } 02885 else 02886 { 02887 #ifdef CONFIG_RSBAC_RMSG 02888 rsbac_printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n", name); 02889 #endif 02890 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02891 if (!rsbac_nosyslog) 02892 #endif 02893 printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n", name); 02894 if (file_p->f_op->release) 02895 file_p->f_op->release(file_dentry_p->d_inode, file_p); 02896 } 02897 dput(file_dentry_p); 02898 return -RSBAC_EREADFAILED; 02899 } 02900 return 0; 02901 } /* end of rsbac_read_open_device_p */ 02902 02903 02904 #ifndef check_parent 02905 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 02906 #define check_parent(dir, dentry) \ 02907 ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket)) 02908 #else 02909 #define check_parent(dir, dentry) \ 02910 ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_hash)) 02911 #endif 02912 #endif 02913 02914 #if defined(CONFIG_RSBAC_REG) 02915 EXPORT_SYMBOL(rsbac_write_open); 02916 #endif 02917 int rsbac_write_open(char * name, 02918 struct file * file_p, 02919 kdev_t kdev) 02920 { 02921 struct dentry * dir_dentry_p = NULL; 02922 struct dentry * ldir_dentry_p = NULL; 02923 struct dentry * file_dentry_p = NULL; 02924 int err = 0; 02925 int tmperr = 0; 02926 struct super_block * sb_p; 02927 02928 if(!file_p || !name) 02929 { 02930 #ifdef CONFIG_RSBAC_DEBUG 02931 if (rsbac_debug_write) 02932 { 02933 #ifdef CONFIG_RSBAC_RMSG 02934 rsbac_printk(KERN_DEBUG "rsbac_write_open(): called with NULL pointer!\n"); 02935 #endif 02936 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02937 if (!rsbac_nosyslog) 02938 #endif 02939 printk(KERN_DEBUG "rsbac_write_open(): called with NULL pointer!\n"); 02940 } 02941 #endif 02942 return(-RSBAC_EINVALIDPOINTER); 02943 } 02944 02945 /* get super_block-pointer */ 02946 sb_p = rsbac_get_super_block(kdev); 02947 if (!sb_p) 02948 { 02949 #ifdef CONFIG_RSBAC_RMSG 02950 rsbac_printk(KERN_WARNING 02951 "rsbac_write_open(): invalid device %02u:%02u\n", 02952 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02953 #endif 02954 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02955 if (!rsbac_nosyslog) 02956 #endif 02957 printk(KERN_WARNING 02958 "rsbac_write_open(): invalid device %02u:%02u\n", 02959 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 02960 return (-RSBAC_EINVALIDDEV); 02961 } 02962 if(!writable(sb_p)) 02963 { 02964 #ifdef CONFIG_RSBAC_DEBUG 02965 if (rsbac_debug_write) 02966 { 02967 #ifdef CONFIG_RSBAC_RMSG 02968 rsbac_printk(KERN_DEBUG 02969 "rsbac_write_open(): called for non-writable device\n"); 02970 #endif 02971 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 02972 if (!rsbac_nosyslog) 02973 #endif 02974 printk(KERN_DEBUG 02975 "rsbac_write_open(): called for non-writable device\n"); 02976 } 02977 #endif 02978 err = -RSBAC_ENOTWRITABLE; 02979 goto out; 02980 } 02981 02982 /* lookup dentry of ACI_PATH on this device (create, if needed and possible), 02983 * returns errorcode, if failed */ 02984 if ((tmperr = lookup_aci_path_dentry(sb_p, &dir_dentry_p, TRUE, 02985 kdev))) 02986 { 02987 err = tmperr; 02988 goto out; 02989 } 02990 02991 /* open file for reading - this must be done 'by hand', because */ 02992 /* standard system calls are now extended by rsbac decision calls. */ 02993 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name)); 02994 if (!file_dentry_p || IS_ERR(file_dentry_p)) 02995 { 02996 #ifdef CONFIG_RSBAC_DEBUG 02997 if (rsbac_debug_write) 02998 { 02999 #ifdef CONFIG_RSBAC_RMSG 03000 rsbac_printk(KERN_DEBUG 03001 "rsbac_write_open(): lookup of %s returned error %li\n", 03002 name, PTR_ERR(file_dentry_p)); 03003 #endif 03004 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03005 if (!rsbac_nosyslog) 03006 #endif 03007 printk(KERN_DEBUG 03008 "rsbac_write_open(): lookup of %s returned error %li\n", 03009 name, PTR_ERR(file_dentry_p)); 03010 } 03011 #endif 03012 err = -RSBAC_EWRITEFAILED; 03013 goto out; 03014 } 03015 03016 #if 1 03017 if (file_dentry_p->d_inode) 03018 { /* file was found: try to rename it as backup file */ 03019 if ( !dir_dentry_p->d_inode->i_op 03020 || !dir_dentry_p->d_inode->i_op->rename) 03021 { 03022 #ifdef CONFIG_RSBAC_RMSG 03023 rsbac_printk(KERN_WARNING 03024 "rsbac_write_open(): File system supports no rename - no backup of %s made!", 03025 name); 03026 #endif 03027 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03028 if (!rsbac_nosyslog) 03029 #endif 03030 printk(KERN_WARNING 03031 "rsbac_write_open(): File system supports no rename - no backup of %s made!", 03032 name); 03033 } 03034 else 03035 { 03036 char * bname; 03037 int name_len = strlen(name); 03038 struct dentry * new_file_dentry_p = NULL; 03039 struct dentry * old_dir_p, * new_dir_p; 03040 03041 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN); 03042 if(!bname) 03043 { 03044 err = -RSBAC_ENOMEM; 03045 goto out_dput; 03046 } 03047 strcpy(bname,name); 03048 bname[name_len] = 'b'; 03049 bname[name_len+1] = (char) 0; 03050 new_file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname)); 03051 if(new_file_dentry_p && !IS_ERR(new_file_dentry_p)) 03052 { 03053 /* lock parent == rsbac-dir for rest of rename */ 03054 old_dir_p = dget(file_dentry_p->d_parent); 03055 new_dir_p = dget(new_file_dentry_p->d_parent); 03056 double_lock(new_dir_p, old_dir_p); 03057 03058 DQUOT_INIT(old_dir_p->d_inode); 03059 DQUOT_INIT(new_dir_p->d_inode); 03060 /* try to rename file in rsbac dir */ 03061 /* if (rsbac_debug_write) 03062 * printk(KERN_DEBUG "rsbac_write_open(): calling rename function\n"); 03063 */ 03064 err = dir_dentry_p->d_inode->i_op->rename(old_dir_p->d_inode, 03065 file_dentry_p, 03066 new_dir_p->d_inode, 03067 new_file_dentry_p); 03068 /* unlock dir (dputs both dentries) */ 03069 double_unlock(new_dir_p, old_dir_p); 03070 if(err) 03071 { 03072 #ifdef CONFIG_RSBAC_RMSG 03073 rsbac_printk(KERN_WARNING 03074 "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n", 03075 name,bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err); 03076 #endif 03077 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03078 if (!rsbac_nosyslog) 03079 #endif 03080 printk(KERN_WARNING 03081 "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n", 03082 name,bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err); 03083 } 03084 else 03085 { 03086 /* The following d_move() should become unconditional */ 03087 if (!(sb_p->s_type->fs_flags & FS_ODD_RENAME)) 03088 d_move(file_dentry_p, new_file_dentry_p); 03089 inode_dir_notify(old_dir_p->d_inode, DN_RENAME); 03090 } 03091 dput(new_file_dentry_p); 03092 dput(file_dentry_p); 03093 /* re-init dentry structure */ 03094 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name)); 03095 if (!file_dentry_p || IS_ERR (file_dentry_p)) 03096 { 03097 #ifdef CONFIG_RSBAC_DEBUG 03098 if (rsbac_debug_write) 03099 { 03100 #ifdef CONFIG_RSBAC_RMSG 03101 rsbac_printk(KERN_DEBUG 03102 "rsbac_write_open(): relookup of %s returned error %li\n", 03103 name, PTR_ERR(file_dentry_p)); 03104 #endif 03105 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03106 if (!rsbac_nosyslog) 03107 #endif 03108 printk(KERN_DEBUG 03109 "rsbac_write_open(): relookup of %s returned error %li\n", 03110 name, PTR_ERR(file_dentry_p)); 03111 } 03112 #endif 03113 err = -RSBAC_EWRITEFAILED; 03114 goto out; 03115 } 03116 if (file_dentry_p->d_inode) 03117 { 03118 #ifdef CONFIG_RSBAC_RMSG 03119 rsbac_printk(KERN_WARNING 03120 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n", 03121 name, file_dentry_p->d_inode->i_ino); 03122 #endif 03123 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03124 if (!rsbac_nosyslog) 03125 #endif 03126 printk(KERN_WARNING 03127 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n", 03128 name, file_dentry_p->d_inode->i_ino); 03129 /* file was found: try to delete it */ 03130 if ( !dir_dentry_p->d_inode->i_op 03131 || !dir_dentry_p->d_inode->i_op->unlink) 03132 { 03133 #ifdef CONFIG_RSBAC_RMSG 03134 rsbac_printk(KERN_WARNING 03135 "rsbac_write_open(): File system supports no unlink - %s not deleted!", 03136 name); 03137 #endif 03138 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03139 if (!rsbac_nosyslog) 03140 #endif 03141 printk(KERN_WARNING 03142 "rsbac_write_open(): File system supports no unlink - %s not deleted!", 03143 name); 03144 rsbac_kfree(bname); 03145 err = -RSBAC_EWRITEFAILED; 03146 goto out_dput; 03147 } 03148 else 03149 { 03150 old_dir_p = lock_parent(file_dentry_p); 03151 03152 DQUOT_INIT(old_dir_p->d_inode); 03153 err = -ENOENT; 03154 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 03155 if (check_parent(old_dir_p, file_dentry_p)) 03156 { 03157 #endif 03158 err = dir_dentry_p->d_inode->i_op->unlink(old_dir_p->d_inode, 03159 file_dentry_p); 03160 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 03161 } 03162 else 03163 { 03164 #ifdef CONFIG_RSBAC_RMSG 03165 rsbac_printk(KERN_WARNING 03166 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n", 03167 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev)); 03168 #endif 03169 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03170 if (!rsbac_nosyslog) 03171 #endif 03172 printk(KERN_WARNING 03173 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n", 03174 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev)); 03175 } 03176 #endif 03177 /* unlock parent dir */ 03178 unlock_dir(old_dir_p); 03179 /* free file dentry */ 03180 dput(file_dentry_p); 03181 if(err) 03182 { 03183 #ifdef CONFIG_RSBAC_RMSG 03184 rsbac_printk(KERN_WARNING 03185 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n", 03186 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err); 03187 #endif 03188 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03189 if (!rsbac_nosyslog) 03190 #endif 03191 printk(KERN_WARNING 03192 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n", 03193 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err); 03194 } 03195 /* re-init dentry structure */ 03196 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name)); 03197 if (!file_dentry_p || IS_ERR (file_dentry_p)) 03198 { 03199 #ifdef CONFIG_RSBAC_DEBUG 03200 if (rsbac_debug_write) 03201 { 03202 #ifdef CONFIG_RSBAC_RMSG 03203 rsbac_printk(KERN_DEBUG 03204 "rsbac_write_open(): relookup of %s returned error %li\n", 03205 name, PTR_ERR(file_dentry_p)); 03206 #endif 03207 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03208 if (!rsbac_nosyslog) 03209 #endif 03210 printk(KERN_DEBUG 03211 "rsbac_write_open(): relookup of %s returned error %li\n", 03212 name, PTR_ERR(file_dentry_p)); 03213 } 03214 #endif 03215 rsbac_kfree(bname); 03216 err = -RSBAC_EWRITEFAILED; 03217 goto out; 03218 } 03219 if (file_dentry_p->d_inode) 03220 { 03221 #ifdef CONFIG_RSBAC_RMSG 03222 rsbac_printk(KERN_WARNING 03223 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n", 03224 name, file_dentry_p->d_inode->i_ino); 03225 #endif 03226 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03227 if (!rsbac_nosyslog) 03228 #endif 03229 printk(KERN_WARNING 03230 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n", 03231 name, file_dentry_p->d_inode->i_ino); 03232 rsbac_kfree(bname); 03233 err = -RSBAC_EWRITEFAILED; 03234 goto out_dput; 03235 } 03236 } 03237 } 03238 } 03239 else 03240 { 03241 #ifdef CONFIG_RSBAC_RMSG 03242 rsbac_printk(KERN_WARNING 03243 "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n", 03244 bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), PTR_ERR(new_file_dentry_p)); 03245 #endif 03246 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03247 if (!rsbac_nosyslog) 03248 #endif 03249 printk(KERN_WARNING 03250 "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n", 03251 bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), PTR_ERR(new_file_dentry_p)); 03252 } 03253 rsbac_kfree(bname); 03254 } 03255 } 03256 #endif /* backup part */ 03257 03258 if(!file_dentry_p->d_inode) 03259 { 03260 /* file not found or renamed away: try to create a new one */ 03261 if ( !dir_dentry_p->d_inode->i_op 03262 || !dir_dentry_p->d_inode->i_op->create) 03263 { 03264 #ifdef CONFIG_RSBAC_RMSG 03265 rsbac_printk(KERN_WARNING "%s\n", 03266 "rsbac_write_open(): File system supports no create!"); 03267 #endif 03268 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03269 if (!rsbac_nosyslog) 03270 #endif 03271 printk(KERN_WARNING "%s\n", 03272 "rsbac_write_open(): File system supports no create!"); 03273 err = -RSBAC_EWRITEFAILED; 03274 goto out_dput; 03275 } 03276 03277 /* lock parent == rsbac-dir for create */ 03278 ldir_dentry_p = lock_parent(file_dentry_p); 03279 if(IS_ERR(ldir_dentry_p)) 03280 { 03281 #ifdef CONFIG_RSBAC_DEBUG 03282 if (rsbac_debug_write) 03283 { 03284 #ifdef CONFIG_RSBAC_RMSG 03285 rsbac_printk(KERN_DEBUG 03286 "rsbac_write_open(): lock_parent of %s returned error %li\n", 03287 name, PTR_ERR(ldir_dentry_p)); 03288 #endif 03289 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03290 if (!rsbac_nosyslog) 03291 #endif 03292 printk(KERN_DEBUG 03293 "rsbac_write_open(): lock_parent of %s returned error %li\n", 03294 name, PTR_ERR(ldir_dentry_p)); 03295 } 03296 #endif 03297 err = -RSBAC_EWRITEFAILED; 03298 goto out_dput; 03299 } 03300 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 03301 if (!check_parent(ldir_dentry_p, file_dentry_p)) 03302 { 03303 #ifdef CONFIG_RSBAC_DEBUG 03304 if (rsbac_debug_write) 03305 { 03306 #ifdef CONFIG_RSBAC_RMSG 03307 rsbac_printk(KERN_DEBUG 03308 "rsbac_write_open(): check_parent of %s returned error\n", 03309 name); 03310 #endif 03311 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03312 if (!rsbac_nosyslog) 03313 #endif 03314 printk(KERN_DEBUG 03315 "rsbac_write_open(): check_parent of %s returned error\n", 03316 name); 03317 } 03318 #endif 03319 unlock_dir(ldir_dentry_p); 03320 err = -RSBAC_EWRITEFAILED; 03321 goto out_dput; 03322 } 03323 #endif 03324 /* try to create file in rsbac dir */ 03325 /* if (rsbac_debug_write) 03326 * printk(KERN_DEBUG "%s\n", 03327 * "rsbac_write_open(): calling create function"); 03328 */ 03329 DQUOT_INIT(ldir_dentry_p->d_inode); 03330 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03331 err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode, 03332 file_dentry_p, 03333 RSBAC_ACI_FILE_MODE, 03334 NULL); 03335 #else 03336 err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode, 03337 file_dentry_p, 03338 RSBAC_ACI_FILE_MODE); 03339 #endif 03340 unlock_dir(ldir_dentry_p); 03341 03342 if (err) 03343 { 03344 goto out_dput; 03345 } 03346 /* create was successful */ 03347 } 03348 03349 if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) ) 03350 { /* this is not a file! -> error! */ 03351 #ifdef CONFIG_RSBAC_RMSG 03352 rsbac_printk(KERN_WARNING 03353 "rsbac_write_open(): expected file is not a file, mode is %o!\n", 03354 file_dentry_p->d_inode->i_mode); 03355 #endif 03356 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03357 if (!rsbac_nosyslog) 03358 #endif 03359 printk(KERN_WARNING 03360 "rsbac_write_open(): expected file is not a file, mode is %o!\n", 03361 file_dentry_p->d_inode->i_mode); 03362 err = -RSBAC_EWRITEFAILED; 03363 goto out_dput; 03364 } 03365 /* Now we fill the file structure and */ 03366 /* if there is an open func for this file, use it, otherwise ignore */ 03367 if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY))) 03368 { 03369 #ifdef CONFIG_RSBAC_RMSG 03370 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not init file!\n"); 03371 #endif 03372 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03373 if (!rsbac_nosyslog) 03374 #endif 03375 printk(KERN_WARNING "rsbac_write_open(): could not init file!\n"); 03376 err = -RSBAC_EWRITEFAILED; 03377 goto out_dput; 03378 } 03379 03380 /* Without a write function we get into troubles -> error */ 03381 if ((!file_p->f_op) || (!file_p->f_op->write)) 03382 { 03383 #ifdef CONFIG_RSBAC_RMSG 03384 rsbac_printk(KERN_WARNING 03385 "rsbac_write_open(): file write function missing!\n"); 03386 #endif 03387 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03388 if (!rsbac_nosyslog) 03389 #endif 03390 printk(KERN_WARNING 03391 "rsbac_write_open(): file write function missing!\n"); 03392 if(file_p->f_op && file_p->f_op->release) 03393 { 03394 file_p->f_op->release(file_dentry_p->d_inode, file_p); 03395 } 03396 err = -RSBAC_EWRITEFAILED; 03397 goto out_dput; 03398 } 03399 03400 /* trying to get write access */ 03401 /* if (rsbac_debug_write) 03402 * printk(KERN_DEBUG "rsbac_write_open(): trying to get write access!\n"); 03403 */ 03404 if (get_write_access(file_dentry_p->d_inode)) 03405 { 03406 #ifdef CONFIG_RSBAC_RMSG 03407 rsbac_printk(KERN_WARNING 03408 "rsbac_write_open(): could not get write access!\n"); 03409 #endif 03410 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03411 if (!rsbac_nosyslog) 03412 #endif 03413 printk(KERN_WARNING 03414 "rsbac_write_open(): could not get write access!\n"); 03415 if (file_p->f_op->release) 03416 file_p->f_op->release(file_dentry_p->d_inode, file_p); 03417 err = -RSBAC_EWRITEFAILED; 03418 goto out_dput; 03419 } 03420 /* truncating */ 03421 if(rsbac_clear_file(file_dentry_p)) 03422 { 03423 if (file_p->f_op->release) 03424 file_p->f_op->release(file_dentry_p->d_inode, file_p); 03425 put_write_access(file_dentry_p->d_inode); 03426 #ifdef CONFIG_RSBAC_RMSG 03427 rsbac_printk(KERN_WARNING 03428 "rsbac_write_open(): could not truncate!\n"); 03429 #endif 03430 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03431 if (!rsbac_nosyslog) 03432 #endif 03433 printk(KERN_WARNING 03434 "rsbac_write_open(): could not truncate!\n"); 03435 err = -RSBAC_EWRITEFAILED; 03436 goto out_dput; 03437 } 03438 /* set synchronous mode for this file */ 03439 file_p->f_flags |= O_SYNC; 03440 03441 out: 03442 return err; 03443 03444 out_dput: 03445 dput(file_dentry_p); 03446 goto out; 03447 } 03448 03449 03450 #if defined(CONFIG_RSBAC_REG) 03451 EXPORT_SYMBOL(rsbac_read_close); 03452 #endif 03453 void rsbac_read_close(struct file * file_p) 03454 { 03455 /* cleanup copied from __fput */ 03456 struct dentry * dentry = file_p->f_dentry; 03457 struct inode * inode = dentry->d_inode; 03458 03459 if (file_p->f_op && file_p->f_op->release) 03460 file_p->f_op->release(inode, file_p); 03461 file_p->f_dentry = NULL; 03462 if (file_p->f_mode & FMODE_WRITE) 03463 put_write_access(inode); 03464 dput(dentry); 03465 } 03466 03467 #if defined(CONFIG_RSBAC_REG) 03468 EXPORT_SYMBOL(rsbac_write_close); 03469 #endif 03470 void rsbac_write_close(struct file * file_p) 03471 { 03472 rsbac_read_close(file_p); 03473 } 03474 03475 #if defined(CONFIG_RSBAC_REG) 03476 EXPORT_SYMBOL(rsbac_get_full_path); 03477 #endif 03478 int rsbac_get_full_path(struct dentry * dentry_p, char path[], int maxlen) 03479 { 03480 int len=0; 03481 char * i_path; 03482 int tmplen=0; 03483 03484 if(!dentry_p || !path) 03485 return -RSBAC_EINVALIDPOINTER; 03486 if(maxlen <= 0) 03487 return -RSBAC_EINVALIDVALUE; 03488 i_path = rsbac_kmalloc(maxlen + RSBAC_MAXNAMELEN); 03489 if(!i_path) 03490 return -RSBAC_ENOMEM; 03491 03492 path[0] = 0; 03493 03494 while(dentry_p && (len<maxlen) && dentry_p->d_name.len && dentry_p->d_name.name) 03495 { 03496 tmplen = dentry_p->d_name.len; 03497 if((tmplen+1) > (maxlen-len)) 03498 { 03499 rsbac_kfree(i_path); 03500 return(len); 03501 } 03502 strncpy(i_path, dentry_p->d_name.name, tmplen); 03503 if(len && (i_path[tmplen-1] != '/')) 03504 { 03505 i_path[tmplen] = '/'; 03506 tmplen++; 03507 } 03508 i_path[tmplen]=0; 03509 strcat(i_path, path); 03510 strcpy(path, i_path); 03511 len += tmplen; 03512 if( dentry_p->d_parent 03513 && (dentry_p->d_parent != dentry_p) 03514 && (dentry_p->d_sb->s_root != dentry_p) 03515 ) 03516 dentry_p = dentry_p->d_parent; 03517 else 03518 { 03519 struct rsbac_device_list_item_t * device_p; 03520 03521 device_p = lookup_device(dentry_p->d_sb->s_dev); 03522 if( device_p 03523 && device_p->d_covers 03524 ) 03525 dentry_p = device_p->d_covers; 03526 else 03527 break; 03528 } 03529 } 03530 rsbac_kfree(i_path); 03531 return(len); 03532 }; 03533 03534 #if defined(CONFIG_RSBAC_REG) 03535 EXPORT_SYMBOL(rsbac_get_full_path_length); 03536 #endif 03537 int rsbac_get_full_path_length(struct dentry * dentry_p) 03538 { 03539 int len=0; 03540 int tmplen=0; 03541 03542 if(!dentry_p) 03543 return -RSBAC_EINVALIDPOINTER; 03544 03545 while(dentry_p && dentry_p->d_name.len && dentry_p->d_name.name) 03546 { 03547 tmplen = dentry_p->d_name.len; 03548 if(len && (dentry_p->d_name.name[tmplen-1] != '/')) 03549 { 03550 tmplen++; 03551 } 03552 len += tmplen; 03553 if( dentry_p->d_parent 03554 && (dentry_p->d_parent != dentry_p) 03555 && (dentry_p->d_sb->s_root != dentry_p) 03556 ) 03557 dentry_p = dentry_p->d_parent; 03558 else 03559 { 03560 struct rsbac_device_list_item_t * device_p; 03561 03562 device_p = lookup_device(dentry_p->d_sb->s_dev); 03563 if( device_p 03564 && device_p->d_covers 03565 ) 03566 dentry_p = device_p->d_covers; 03567 else 03568 break; 03569 } 03570 } 03571 return(len); 03572 }; 03573 03574 /************************************************* */ 03575 /* proc fs functions */ 03576 /************************************************* */ 03577 03578 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS) 03579 static int 03580 devices_proc_info(char *buffer, char **start, off_t offset, int length) 03581 { 03582 int len = 0; 03583 off_t pos = 0; 03584 off_t begin = 0; 03585 struct rsbac_device_list_item_t * device_p; 03586 u_long dflags; 03587 03588 if (!rsbac_initialized) return (-ENOSYS); 03589 03590 len += sprintf(buffer, "%u RSBAC Devices\n---------------\n", 03591 device_list_head.count); 03592 03593 /* wait for read access to device_list_head */ 03594 rsbac_read_lock(&device_list_head.lock, &dflags); 03595 /* OK, go on */ 03596 for (device_p = device_list_head.head; device_p; device_p = device_p->next) 03597 { 03598 if(device_p->sb_p && device_p->sb_p->s_type && device_p->sb_p->s_type->name) 03599 len += sprintf(buffer + len, "%02u:%02u with mount_count = %u, d_covers = %p, fs_type = %s\n", 03600 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), 03601 device_p->mount_count, 03602 device_p->d_covers, 03603 device_p->sb_p->s_type->name); 03604 else 03605 len += sprintf(buffer + len, "%02u:%02u with mount_count = %u, d_covers = %p\n", 03606 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), 03607 device_p->mount_count, 03608 device_p->d_covers); 03609 pos = begin + len; 03610 if (pos < offset) 03611 { 03612 len = 0; 03613 begin = pos; 03614 } 03615 if (pos > offset+length) break; 03616 } 03617 03618 /* free access to device_list_head */ 03619 rsbac_read_unlock(&device_list_head.lock, &dflags); 03620 03621 *start = buffer + (offset - begin); 03622 len -= (offset - begin); 03623 03624 if (len > length) 03625 len = length; 03626 return len; 03627 } 03628 03629 static int 03630 stats_proc_info(char *buffer, char **start, off_t offset, int length) 03631 { 03632 u_int len = 0; 03633 off_t pos = 0; 03634 off_t begin = 0; 03635 struct rsbac_device_list_item_t * device_p; 03636 int i; 03637 u_long fd_count, fd_dev_count, fd_sum = 0; 03638 u_long sum = 0; 03639 u_long total_sum = 0; 03640 long tmp_count; 03641 u_long dflags; 03642 03643 union rsbac_target_id_t rsbac_target_id; 03644 union rsbac_attribute_value_t rsbac_attribute_value; 03645 03646 if (!rsbac_initialized) return (-ENOSYS); 03647 03648 #ifdef CONFIG_RSBAC_DEBUG 03649 if (rsbac_debug_aef) 03650 { 03651 #ifdef CONFIG_RSBAC_RMSG 03652 rsbac_printk(KERN_DEBUG "stats_proc_info(): calling ADF\n"); 03653 #endif 03654 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 03655 if (!rsbac_nosyslog) 03656 #endif 03657 printk(KERN_DEBUG "stats_proc_info(): calling ADF\n"); 03658 } 03659 #endif 03660 rsbac_target_id.scd = ST_rsbac; 03661 rsbac_attribute_value.dummy = 0; 03662 if (!rsbac_adf_request(R_GET_STATUS_DATA, 03663 current->pid, 03664 T_SCD, 03665 rsbac_target_id, 03666 A_none, 03667 rsbac_attribute_value)) 03668 { 03669 return -EPERM; 03670 } 03671 03672 #ifdef CONFIG_RSBAC_MAINT 03673 len = sprintf(buffer, "RSBAC Status\n------------\nRSBAC Version: %s (Maintenance Mode)\nSupported Modules:%s\n", 03674 RSBAC_VERSION, compiled_modules); 03675 #else 03676 len = sprintf(buffer, "RSBAC Status\n------------\nRSBAC Version: %s\nCompiled Modules:%s\n", 03677 RSBAC_VERSION, compiled_modules); 03678 #endif 03679 pos = begin + len; 03680 if (pos < offset) 03681 { 03682 len = 0; 03683 begin = pos; 03684 } 03685 if (pos > offset+length) 03686 goto out; 03687 03688 #ifdef CONFIG_RSBAC_SWITCH 03689 { 03690 char * active_modules; 03691 03692 active_modules = rsbac_kmalloc(RSBAC_MAXNAMELEN); 03693 if(active_modules) 03694 { 03695 active_modules[0] = (char) 0; 03696 #ifdef CONFIG_RSBAC_REG 03697 strcat(active_modules, " REG"); 03698 #endif 03699 #ifdef CONFIG_RSBAC_MAC 03700 if(rsbac_switch_mac) 03701 #ifdef CONFIG_RSBAC_MAC_LIGHT 03702 strcat(active_modules, " MAC-L"); 03703 #else 03704 strcat(active_modules, " MAC"); 03705 #endif 03706 #endif 03707 #ifdef CONFIG_RSBAC_FC 03708 if(rsbac_switch_fc) 03709 strcat(active_modules, " FC"); 03710 #endif 03711 #ifdef CONFIG_RSBAC_SIM 03712 if(rsbac_switch_sim) 03713 strcat(active_modules, " SIM"); 03714 #endif 03715 #ifdef CONFIG_RSBAC_PM 03716 if(rsbac_switch_pm) 03717 strcat(active_modules, " PM"); 03718 #endif 03719 #ifdef CONFIG_RSBAC_DAZ 03720 if(rsbac_switch_daz) 03721 strcat(active_modules, " DAZ"); 03722 #endif 03723 #ifdef CONFIG_RSBAC_FF 03724 if(rsbac_switch_ff) 03725 strcat(active_modules, " FF"); 03726 #endif 03727 #ifdef CONFIG_RSBAC_RC 03728 if(rsbac_switch_rc) 03729 strcat(active_modules, " RC"); 03730 #endif 03731 #ifdef CONFIG_RSBAC_AUTH 03732 if(rsbac_switch_auth) 03733 strcat(active_modules, " AUTH"); 03734 #endif 03735 #ifdef CONFIG_RSBAC_ACL 03736 if(rsbac_switch_acl) 03737 strcat(active_modules, " ACL"); 03738 #endif 03739 #ifdef CONFIG_RSBAC_CAP 03740 if(rsbac_switch_cap) 03741 strcat(active_modules, " CAP"); 03742 #endif 03743 #ifdef CONFIG_RSBAC_JAIL 03744 if(rsbac_switch_jail) 03745 strcat(active_modules, " JAIL"); 03746 #endif 03747 #ifdef CONFIG_RSBAC_RES 03748 if(rsbac_switch_res) 03749 strcat(active_modules, " RES"); 03750 #endif 03751 #ifdef CONFIG_RSBAC_PAX 03752 if(rsbac_switch_pax) 03753 strcat(active_modules, " PAX"); 03754 #endif 03755 len += sprintf(buffer+len, "Active Modules: %s\n", 03756 active_modules); 03757 rsbac_kfree(active_modules); 03758 pos = begin + len; 03759 if (pos < offset) 03760 { 03761 len = 0; 03762 begin = pos; 03763 } 03764 if (pos > offset+length) 03765 goto out; 03766 } 03767 } 03768 #else 03769 len += sprintf(buffer+len, "All modules active (no switching)\n"); 03770 pos = begin + len; 03771 if (pos < offset) 03772 { 03773 len = 0; 03774 begin = pos; 03775 } 03776 if (pos > offset+length) 03777 goto out; 03778 #endif 03779 03780 #ifdef CONFIG_RSBAC_SOFTMODE 03781 if(rsbac_softmode) 03782 { 03783 #ifdef CONFIG_RSBAC_SOFTMODE_IND 03784 len += sprintf(buffer+len, "Global softmode is enabled\n"); 03785 #else 03786 len += sprintf(buffer+len, "Softmode is enabled\n"); 03787 #endif 03788 pos = begin + len; 03789 if (pos < offset) 03790 { 03791 len = 0; 03792 begin = pos; 03793 } 03794 if (pos > offset+length) 03795 goto out; 03796 } 03797 else 03798 { 03799 #ifdef CONFIG_RSBAC_SOFTMODE_IND 03800 len += sprintf(buffer+len, "Global softmode is disabled\n"); 03801 #else 03802 len += sprintf(buffer+len, "Softmode is disabled\n"); 03803 #endif 03804 pos = begin + len; 03805 if (pos < offset) 03806 { 03807 len = 0; 03808 begin = pos; 03809 } 03810 if (pos > offset+length) 03811 goto out; 03812 } 03813 #ifdef CONFIG_RSBAC_SOFTMODE_IND 03814 { 03815 char * tmp; 03816 03817 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 03818 if(tmp) 03819 { 03820 len += sprintf(buffer+len, "Individual softmode enabled for:"); 03821 for(i=0; i<=RSBAC_MAX_MOD; i++) 03822 if(rsbac_ind_softmode[i]) 03823 len += sprintf(buffer+len, " %s", get_switch_target_name(tmp, i)); 03824 rsbac_kfree(tmp); 03825 len += sprintf(buffer+len, "\n"); 03826 pos = begin + len; 03827 if (pos < offset) 03828 { 03829 len = 0; 03830 begin = pos; 03831 } 03832 if (pos > offset+length) 03833 goto out; 03834 } 03835 } 03836 #endif 03837 #endif 03838 03839 len += sprintf(buffer+len, "\n"); 03840 03841 /* wait for read access to device_list_head */ 03842 rsbac_read_lock(&device_list_head.lock, &dflags); 03843 /* OK, go on */ 03844 device_p = device_list_head.head; 03845 if(device_p) 03846 len += sprintf(buffer + len, "FD items:\n"); 03847 while (device_p) 03848 { 03849 fd_dev_count = 0; 03850 /* for all sublists */ 03851 fd_count = 0; 03852 for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++) 03853 { 03854 tmp_count = rsbac_list_count(device_p->handles.gen[i]); 03855 if(tmp_count > 0) 03856 fd_count+=tmp_count; 03857 }; 03858 len += sprintf(buffer + len, "Dev %02u:%02u: %lu GEN", 03859 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count); 03860 fd_dev_count += fd_count; 03861 03862 #if defined(CONFIG_RSBAC_MAC) 03863 fd_count = 0; 03864 for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++) 03865 { 03866 tmp_count = rsbac_list_count(device_p->handles.mac[i]); 03867 if(tmp_count > 0) 03868 fd_count+=tmp_count; 03869 }; 03870 len += sprintf(buffer + len, ", %lu MAC", 03871 fd_count); 03872 fd_dev_count += fd_count; 03873 #endif 03874 03875 #if defined(CONFIG_RSBAC_FC) 03876 fd_count = 0; 03877 for (i=0; i < RSBAC_FC_NR_FD_LISTS; i++) 03878 { 03879 tmp_count = rsbac_list_count(device_p->handles.fc[i]); 03880 if(tmp_count > 0) 03881 fd_count+=tmp_count; 03882 }; 03883 len += sprintf(buffer + len, ", %lu FC", 03884 fd_count); 03885 fd_dev_count += fd_count; 03886 #endif 03887 03888 #if defined(CONFIG_RSBAC_SIM) 03889 fd_count = 0; 03890 for (i=0; i < RSBAC_SIM_NR_FD_LISTS; i++) 03891 { 03892 tmp_count = rsbac_list_count(device_p->handles.sim[i]); 03893 if(tmp_count > 0) 03894 fd_count+=tmp_count; 03895 }; 03896 len += sprintf(buffer + len, ", %lu SIM", 03897 fd_count); 03898 fd_dev_count += fd_count; 03899 #endif 03900 03901 #if defined(CONFIG_RSBAC_PM) 03902 fd_count = 0; 03903 for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++) 03904 { 03905 tmp_count = rsbac_list_count(device_p->handles.pm[i]); 03906 if(tmp_count > 0) 03907 fd_count+=tmp_count; 03908 }; 03909 len += sprintf(buffer + len, ", %lu PM", 03910 fd_count); 03911 fd_dev_count += fd_count; 03912 #endif 03913 03914 #if defined(CONFIG_RSBAC_DAZ) 03915 fd_count = 0; 03916 for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++) 03917 { 03918 tmp_count = rsbac_list_count(device_p->handles.daz[i]); 03919 if(tmp_count > 0) 03920 fd_count+=tmp_count; 03921 }; 03922 len += sprintf(buffer + len, ", %lu DAZ", 03923 fd_count); 03924 fd_dev_count += fd_count; 03925 #if defined(CONFIG_RSBAC_DAZ_CACHE) 03926 fd_count = 0; 03927 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++) 03928 { 03929 tmp_count = rsbac_list_count(device_p->handles.dazs[i]); 03930 if(tmp_count > 0) 03931 fd_count+=tmp_count; 03932 }; 03933 len += sprintf(buffer + len, ", %lu DAZ_SCANNED", 03934 fd_count); 03935 fd_dev_count += fd_count; 03936 #endif 03937 #endif 03938 03939 #if defined(CONFIG_RSBAC_FF) 03940 fd_count = 0; 03941 for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++) 03942 { 03943 tmp_count = rsbac_list_count(device_p->handles.ff[i]); 03944 if(tmp_count > 0) 03945 fd_count+=tmp_count; 03946 }; 03947 len += sprintf(buffer + len, ", %lu FF", 03948 fd_count); 03949 fd_dev_count += fd_count; 03950 #endif 03951 03952 #if defined(CONFIG_RSBAC_RC) 03953 fd_count = 0; 03954 for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++) 03955 { 03956 tmp_count = rsbac_list_count(device_p->handles.rc[i]); 03957 if(tmp_count > 0) 03958 fd_count+=tmp_count; 03959 }; 03960 len += sprintf(buffer + len, ", %lu RC", 03961 fd_count); 03962 fd_dev_count += fd_count; 03963 #endif 03964 03965 #if defined(CONFIG_RSBAC_AUTH) 03966 fd_count = 0; 03967 for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++) 03968 { 03969 tmp_count = rsbac_list_count(device_p->handles.auth[i]); 03970 if(tmp_count > 0) 03971 fd_count+=tmp_count; 03972 }; 03973 len += sprintf(buffer + len, ", %lu AUTH", 03974 fd_count); 03975 fd_dev_count += fd_count; 03976 #endif 03977 03978 #if defined(CONFIG_RSBAC_CAP) 03979 fd_count = 0; 03980 for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++) 03981 { 03982 tmp_count = rsbac_list_count(device_p->handles.cap[i]); 03983 if(tmp_count > 0) 03984 fd_count+=tmp_count; 03985 }; 03986 len += sprintf(buffer + len, ", %lu CAP", 03987 fd_count); 03988 fd_dev_count += fd_count; 03989 #endif 03990 03991 #if defined(CONFIG_RSBAC_RES) 03992 fd_count = 0; 03993 for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++) 03994 { 03995 tmp_count = rsbac_list_count(device_p->handles.res[i]); 03996 if(tmp_count > 0) 03997 fd_count+=tmp_count; 03998 }; 03999 len += sprintf(buffer + len, ", %lu RES", 04000 fd_count); 04001 fd_dev_count += fd_count; 04002 #endif 04003 04004 #if defined(CONFIG_RSBAC_PAX) 04005 fd_count = 0; 04006 for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++) 04007 { 04008 tmp_count = rsbac_list_count(device_p->handles.pax[i]); 04009 if(tmp_count > 0) 04010 fd_count+=tmp_count; 04011 }; 04012 len += sprintf(buffer + len, ", %lu PAX", 04013 fd_count); 04014 fd_dev_count += fd_count; 04015 #endif 04016 04017 len += sprintf(buffer + len, ", %lu total\n", 04018 fd_dev_count); 04019 pos = begin + len; 04020 if (pos < offset) 04021 { 04022 len = 0; 04023 begin = pos; 04024 } 04025 if (pos > offset+length) 04026 { 04027 /* free access to device_list_head */ 04028 rsbac_read_unlock(&device_list_head.lock, &dflags); 04029 goto out; 04030 } 04031 fd_sum += fd_dev_count; 04032 device_p = device_p->next; 04033 }; 04034 len += sprintf(buffer + len, "Sum of %u Devices with %lu fd-items\n\n", 04035 device_list_head.count, fd_sum); 04036 total_sum += fd_sum; 04037 /* free access to device_list_head */ 04038 rsbac_read_unlock(&device_list_head.lock, &dflags); 04039 pos = begin + len; 04040 if (pos < offset) 04041 { 04042 len = 0; 04043 begin = pos; 04044 } 04045 if (pos > offset+length) 04046 goto out; 04047 04048 /* dev lists */ 04049 sum = 0; 04050 tmp_count = rsbac_list_count(dev_handles.gen); 04051 len += sprintf(buffer + len, "DEV: %lu GEN", 04052 tmp_count); 04053 sum += tmp_count; 04054 #if defined(CONFIG_RSBAC_MAC) 04055 tmp_count = rsbac_list_count(dev_handles.mac); 04056 len += sprintf(buffer + len, ", %lu MAC", 04057 tmp_count); 04058 sum += tmp_count; 04059 #endif 04060 #if defined(CONFIG_RSBAC_FC) 04061 tmp_count = rsbac_list_count(dev_handles.fc); 04062 len += sprintf(buffer + len, ", %lu FC", 04063 tmp_count); 04064 sum += tmp_count; 04065 #endif 04066 #if defined(CONFIG_RSBAC_SIM) 04067 tmp_count = rsbac_list_count(dev_handles.sim); 04068 len += sprintf(buffer + len, ", %lu SIM", 04069 tmp_count); 04070 sum += tmp_count; 04071 #endif 04072 #if defined(CONFIG_RSBAC_PM) 04073 tmp_count = rsbac_list_count(dev_handles.pm); 04074 len += sprintf(buffer + len, ", %lu PM", 04075 tmp_count); 04076 sum += tmp_count; 04077 #endif 04078 #if defined(CONFIG_RSBAC_RC) 04079 tmp_count = rsbac_list_count(dev_handles.rc); 04080 len += sprintf(buffer + len, ", %lu RC", 04081 tmp_count); 04082 sum += tmp_count; 04083 #endif 04084 len += sprintf(buffer + len, ", %lu total\n", 04085 sum); 04086 total_sum += sum; 04087 pos = begin + len; 04088 if (pos < offset) 04089 { 04090 len = 0; 04091 begin = pos; 04092 } 04093 if (pos > offset+length) 04094 goto out; 04095 04096 /* ipc lists */ 04097 sum = 0; 04098 len += sprintf(buffer + len, "IPC: 0 GEN"); 04099 #if defined(CONFIG_RSBAC_MAC) 04100 tmp_count = rsbac_list_count(ipc_handles.mac); 04101 len += sprintf(buffer + len, ", %lu MAC", 04102 tmp_count); 04103 sum += tmp_count; 04104 #endif 04105 #if defined(CONFIG_RSBAC_FC) 04106 tmp_count = rsbac_list_count(ipc_handles.fc); 04107 len += sprintf(buffer + len, ", %lu FC", 04108 tmp_count); 04109 sum += tmp_count; 04110 #endif 04111 #if defined(CONFIG_RSBAC_SIM) 04112 tmp_count = rsbac_list_count(ipc_handles.sim); 04113 len += sprintf(buffer + len, ", %lu SIM", 04114 tmp_count); 04115 sum += tmp_count; 04116 #endif 04117 #if defined(CONFIG_RSBAC_PM) 04118 tmp_count = rsbac_list_count(ipc_handles.pm); 04119 len += sprintf(buffer + len, ", %lu PM", 04120 tmp_count); 04121 sum += tmp_count; 04122 #endif 04123 #if defined(CONFIG_RSBAC_RC) 04124 tmp_count = rsbac_list_count(ipc_handles.rc); 04125 len += sprintf(buffer + len, ", %lu RC", 04126 tmp_count); 04127 sum += tmp_count; 04128 #endif 04129 #if defined(CONFIG_RSBAC_JAIL) 04130 tmp_count = rsbac_list_count(ipc_handles.jail); 04131 len += sprintf(buffer + len, ", %lu JAIL", 04132 tmp_count); 04133 sum += tmp_count; 04134 #endif 04135 len += sprintf(buffer + len, ", %lu total\n", 04136 sum); 04137 total_sum += sum; 04138 pos = begin + len; 04139 if (pos < offset) 04140 { 04141 len = 0; 04142 begin = pos; 04143 } 04144 if (pos > offset+length) 04145 goto out; 04146 04147 /* user lists */ 04148 sum = 0; 04149 tmp_count = rsbac_list_count(user_handles.gen); 04150 len += sprintf(buffer + len, "USER: %lu GEN", 04151 tmp_count); 04152 sum += tmp_count; 04153 #if defined(CONFIG_RSBAC_MAC) 04154 tmp_count = rsbac_list_count(user_handles.mac); 04155 len += sprintf(buffer + len, ", %lu MAC", 04156 tmp_count); 04157 sum += tmp_count; 04158 #endif 04159 #if defined(CONFIG_RSBAC_FC) 04160 tmp_count = rsbac_list_count(user_handles.fc); 04161 len += sprintf(buffer + len, ", %lu FC", 04162 tmp_count); 04163 sum += tmp_count; 04164 #endif 04165 #if defined(CONFIG_RSBAC_SIM) 04166 tmp_count = rsbac_list_count(user_handles.sim); 04167 len += sprintf(buffer + len, ", %lu SIM", 04168 tmp_count); 04169 sum += tmp_count; 04170 #endif 04171 #if defined(CONFIG_RSBAC_PM) 04172 tmp_count = rsbac_list_count(user_handles.pm); 04173 len += sprintf(buffer + len, ", %lu PM", 04174 tmp_count); 04175 sum += tmp_count; 04176 #endif 04177 #if defined(CONFIG_RSBAC_DAZ) 04178 tmp_count = rsbac_list_count(user_handles.daz); 04179 len += sprintf(buffer + len, ", %lu DAZ", 04180 tmp_count); 04181 sum += tmp_count; 04182 #endif 04183 #if defined(CONFIG_RSBAC_FF) 04184 tmp_count = rsbac_list_count(user_handles.ff); 04185 len += sprintf(buffer + len, ", %lu FF", 04186 tmp_count); 04187 sum += tmp_count; 04188 #endif 04189 #if defined(CONFIG_RSBAC_RC) 04190 tmp_count = rsbac_list_count(user_handles.rc); 04191 len += sprintf(buffer + len, ", %lu RC", 04192 tmp_count); 04193 sum += tmp_count; 04194 #endif 04195 #if defined(CONFIG_RSBAC_AUTH) 04196 tmp_count = rsbac_list_count(user_handles.auth); 04197 len += sprintf(buffer + len, ", %lu AUTH", 04198 tmp_count); 04199 sum += tmp_count; 04200 #endif 04201 #if defined(CONFIG_RSBAC_CAP) 04202 tmp_count = rsbac_list_count(user_handles.cap); 04203 len += sprintf(buffer + len, ", %lu CAP", 04204 tmp_count); 04205 sum += tmp_count; 04206 #endif 04207 #if defined(CONFIG_RSBAC_JAIL) 04208 tmp_count = rsbac_list_count(user_handles.jail); 04209 len += sprintf(buffer + len, ", %lu JAIL", 04210 tmp_count); 04211 sum += tmp_count; 04212 #endif 04213 #if defined(CONFIG_RSBAC_RES) 04214 tmp_count = rsbac_list_count(user_handles.res); 04215 len += sprintf(buffer + len, ", %lu RES", 04216 tmp_count); 04217 sum += tmp_count; 04218 #endif 04219 #if defined(CONFIG_RSBAC_PAX) 04220 tmp_count = rsbac_list_count(user_handles.pax); 04221 len += sprintf(buffer + len, ", %lu PAX", 04222 tmp_count); 04223 sum += tmp_count; 04224 #endif 04225 len += sprintf(buffer + len, ", %lu total\n", 04226 sum); 04227 total_sum += sum; 04228 pos = begin + len; 04229 if (pos < offset) 04230 { 04231 len = 0; 04232 begin = pos; 04233 } 04234 if (pos > offset+length) 04235 goto out; 04236 04237 /* process lists */ 04238 sum = 0; 04239 tmp_count = rsbac_list_count(process_handles.gen); 04240 len += sprintf(buffer + len, "PROCESS: %lu GEN", 04241 tmp_count); 04242 sum += tmp_count; 04243 #if defined(CONFIG_RSBAC_MAC) 04244 tmp_count = 0; 04245 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++) 04246 tmp_count += rsbac_list_count(process_handles.mac[i]); 04247 len += sprintf(buffer + len, ", %lu MAC", 04248 tmp_count); 04249 sum += tmp_count; 04250 #endif 04251 #if defined(CONFIG_RSBAC_PM) 04252 tmp_count = rsbac_list_count(process_handles.pm); 04253 len += sprintf(buffer + len, ", %lu PM", 04254 tmp_count); 04255 sum += tmp_count; 04256 #endif 04257 #if defined(CONFIG_RSBAC_DAZ) 04258 tmp_count = rsbac_list_count(process_handles.daz); 04259 len += sprintf(buffer + len, ", %lu DAZ", 04260 tmp_count); 04261 sum += tmp_count; 04262 #endif 04263 #if defined(CONFIG_RSBAC_RC) 04264 tmp_count = 0; 04265 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++) 04266 tmp_count += rsbac_list_count(process_handles.rc[i]); 04267 len += sprintf(buffer + len, ", %lu RC", 04268 tmp_count); 04269 sum += tmp_count; 04270 #endif 04271 #if defined(CONFIG_RSBAC_AUTH) 04272 tmp_count = rsbac_list_count(process_handles.auth); 04273 len += sprintf(buffer + len, ", %lu AUTH", 04274 tmp_count); 04275 sum += tmp_count; 04276 #endif 04277 #if defined(CONFIG_RSBAC_CAP) 04278 tmp_count = rsbac_list_count(process_handles.cap); 04279 len += sprintf(buffer + len, ", %lu CAP", 04280 tmp_count); 04281 sum += tmp_count; 04282 #endif 04283 #if defined(CONFIG_RSBAC_JAIL) 04284 tmp_count = 0; 04285 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++) 04286 tmp_count += rsbac_list_count(process_handles.jail[i]); 04287 len += sprintf(buffer + len, ", %lu JAIL", 04288 tmp_count); 04289 sum += tmp_count; 04290 #endif 04291 len += sprintf(buffer + len, ", %lu total\n", 04292 sum); 04293 total_sum += sum; 04294 pos = begin + len; 04295 if (pos < offset) 04296 { 04297 len = 0; 04298 begin = pos; 04299 } 04300 if (pos > offset+length) 04301 goto out; 04302 04303 #if defined(CONFIG_RSBAC_NET_DEV) 04304 /* netdev lists */ 04305 sum = 0; 04306 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 04307 tmp_count = rsbac_list_count(netdev_handles.gen); 04308 len += sprintf(buffer + len, "NETDEV: %lu GEN, ", 04309 tmp_count); 04310 sum += tmp_count; 04311 #else 04312 len += sprintf(buffer + len, "NETDEV: "); 04313 #endif 04314 #if defined(CONFIG_RSBAC_RC) 04315 tmp_count = rsbac_list_count(netdev_handles.rc); 04316 len += sprintf(buffer + len, "%lu RC, ", 04317 tmp_count); 04318 sum += tmp_count; 04319 #endif 04320 len += sprintf(buffer + len, "%lu total\n", 04321 sum); 04322 total_sum += sum; 04323 pos = begin + len; 04324 if (pos < offset) 04325 { 04326 len = 0; 04327 begin = pos; 04328 } 04329 if (pos > offset+length) 04330 goto out; 04331 04332 #endif 04333 04334 #if defined(CONFIG_RSBAC_NET_OBJ) 04335 /* net template list */ 04336 tmp_count = rsbac_list_count(net_temp_handle); 04337 len += sprintf(buffer + len, "%lu Network Templates\n", 04338 tmp_count); 04339 04340 /* nettemp lists */ 04341 sum = 0; 04342 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG) 04343 tmp_count = rsbac_list_count(nettemp_handles.gen); 04344 len += sprintf(buffer + len, "NETTEMP: %lu GEN, ", 04345 tmp_count); 04346 sum += tmp_count; 04347 #else 04348 len += sprintf(buffer + len, "NETTEMP: "); 04349 #endif 04350 #if defined(CONFIG_RSBAC_MAC) 04351 tmp_count = rsbac_list_count(nettemp_handles.mac); 04352 len += sprintf(buffer + len, "%lu MAC, ", 04353 tmp_count); 04354 sum += tmp_count; 04355 #endif 04356 #if defined(CONFIG_RSBAC_FC) 04357 tmp_count = rsbac_list_count(nettemp_handles.fc); 04358 len += sprintf(buffer + len, "%lu FC, ", 04359 tmp_count); 04360 sum += tmp_count; 04361 #endif 04362 #if defined(CONFIG_RSBAC_SIM) 04363 tmp_count = rsbac_list_count(nettemp_handles.sim); 04364 len += sprintf(buffer + len, "%lu SIM, ", 04365 tmp_count); 04366 sum += tmp_count; 04367 #endif 04368 #if defined(CONFIG_RSBAC_PM) 04369 tmp_count = rsbac_list_count(nettemp_handles.pm); 04370 len += sprintf(buffer + len, "%lu PM, ", 04371 tmp_count); 04372 sum += tmp_count; 04373 #endif 04374 #if defined(CONFIG_RSBAC_RC) 04375 tmp_count = rsbac_list_count(nettemp_handles.rc); 04376 len += sprintf(buffer + len, "%lu RC, ", 04377 tmp_count); 04378 sum += tmp_count; 04379 #endif 04380 len += sprintf(buffer + len, "%lu total\n", 04381 sum); 04382 total_sum += sum; 04383 pos = begin + len; 04384 if (pos < offset) 04385 { 04386 len = 0; 04387 begin = pos; 04388 } 04389 if (pos > offset+length) 04390 goto out; 04391 04392 /* local netobj lists */ 04393 sum = 0; 04394 len += sprintf(buffer + len, "LNETOBJ: "); 04395 #if defined(CONFIG_RSBAC_MAC) 04396 tmp_count = rsbac_list_count(lnetobj_handles.mac); 04397 len += sprintf(buffer + len, "%lu MAC, ", 04398 tmp_count); 04399 sum += tmp_count; 04400 #endif 04401 #if defined(CONFIG_RSBAC_FC) 04402 tmp_count = rsbac_list_count(lnetobj_handles.fc); 04403 len += sprintf(buffer + len, "%lu FC, ", 04404 tmp_count); 04405 sum += tmp_count; 04406 #endif 04407 #if defined(CONFIG_RSBAC_SIM) 04408 tmp_count = rsbac_list_count(lnetobj_handles.sim); 04409 len += sprintf(buffer + len, "%lu SIM, ", 04410 tmp_count); 04411 sum += tmp_count; 04412 #endif 04413 #if defined(CONFIG_RSBAC_PM) 04414 tmp_count = rsbac_list_count(lnetobj_handles.pm); 04415 len += sprintf(buffer + len, "%lu PM, ", 04416 tmp_count); 04417 sum += tmp_count; 04418 #endif 04419 #if defined(CONFIG_RSBAC_RC) 04420 tmp_count = rsbac_list_count(lnetobj_handles.rc); 04421 len += sprintf(buffer + len, "%lu RC, ", 04422 tmp_count); 04423 sum += tmp_count; 04424 #endif 04425 len += sprintf(buffer + len, "%lu total\n", 04426 sum); 04427 total_sum += sum; 04428 pos = begin + len; 04429 if (pos < offset) 04430 { 04431 len = 0; 04432 begin = pos; 04433 } 04434 if (pos > offset+length) 04435 goto out; 04436 04437 /* remote netobj lists */ 04438 sum = 0; 04439 len += sprintf(buffer + len, "RNETOBJ: "); 04440 #if defined(CONFIG_RSBAC_MAC) 04441 tmp_count = rsbac_list_count(rnetobj_handles.mac); 04442 len += sprintf(buffer + len, "%lu MAC, ", 04443 tmp_count); 04444 sum += tmp_count; 04445 #endif 04446 #if defined(CONFIG_RSBAC_FC) 04447 tmp_count = rsbac_list_count(rnetobj_handles.fc); 04448 len += sprintf(buffer + len, "%lu FC, ", 04449 tmp_count); 04450 sum += tmp_count; 04451 #endif 04452 #if defined(CONFIG_RSBAC_SIM) 04453 tmp_count = rsbac_list_count(rnetobj_handles.sim); 04454 len += sprintf(buffer + len, "%lu SIM, ", 04455 tmp_count); 04456 sum += tmp_count; 04457 #endif 04458 #if defined(CONFIG_RSBAC_PM) 04459 tmp_count = rsbac_list_count(rnetobj_handles.pm); 04460 len += sprintf(buffer + len, "%lu PM, ", 04461 tmp_count); 04462 sum += tmp_count; 04463 #endif 04464 #if defined(CONFIG_RSBAC_RC) 04465 tmp_count = rsbac_list_count(rnetobj_handles.rc); 04466 len += sprintf(buffer + len, "%lu RC, ", 04467 tmp_count); 04468 sum += tmp_count; 04469 #endif 04470 len += sprintf(buffer + len, "%lu total\n", 04471 sum); 04472 total_sum += sum; 04473 pos = begin + len; 04474 if (pos < offset) 04475 { 04476 len = 0; 04477 begin = pos; 04478 } 04479 if (pos > offset+length) 04480 goto out; 04481 04482 #endif /* NET_OBJ */ 04483 04484 len += sprintf(buffer + len, 04485 "Total sum of %lu registered rsbac-items\n", 04486 total_sum); 04487 pos = begin + len; 04488 if (pos < offset) 04489 { 04490 len = 0; 04491 begin = pos; 04492 } 04493 if (pos > offset+length) 04494 goto out; 04495 04496 len += sprintf(buffer + len, 04497 "\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", 04498 rsbac_adf_request_count[T_FILE], 04499 rsbac_adf_request_count[T_DIR], 04500 rsbac_adf_request_count[T_FIFO], 04501 rsbac_adf_request_count[T_SYMLINK], 04502 rsbac_adf_request_count[T_DEV], 04503 rsbac_adf_request_count[T_IPC], 04504 rsbac_adf_request_count[T_SCD], 04505 rsbac_adf_request_count[T_USER], 04506 rsbac_adf_request_count[T_PROCESS], 04507 rsbac_adf_request_count[T_NETDEV], 04508 rsbac_adf_request_count[T_NETTEMP], 04509 rsbac_adf_request_count[T_NETOBJ]); 04510 pos = begin + len; 04511 if (pos < offset) 04512 { 04513 len = 0; 04514 begin = pos; 04515 } 04516 if (pos > offset+length) 04517 goto out; 04518 04519 len += sprintf(buffer + len, 04520 "adf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", 04521 rsbac_adf_set_attr_count[T_FILE], 04522 rsbac_adf_set_attr_count[T_DIR], 04523 rsbac_adf_set_attr_count[T_FIFO], 04524 rsbac_adf_set_attr_count[T_SYMLINK], 04525 rsbac_adf_set_attr_count[T_DEV], 04526 rsbac_adf_set_attr_count[T_IPC], 04527 rsbac_adf_set_attr_count[T_SCD], 04528 rsbac_adf_set_attr_count[T_USER], 04529 rsbac_adf_set_attr_count[T_PROCESS], 04530 rsbac_adf_set_attr_count[T_NETDEV], 04531 rsbac_adf_set_attr_count[T_NETTEMP], 04532 rsbac_adf_set_attr_count[T_NETOBJ]); 04533 pos = begin + len; 04534 if (pos < offset) 04535 { 04536 len = 0; 04537 begin = pos; 04538 } 04539 04540 out: 04541 *start = buffer + (offset - begin); 04542 len -= (offset - begin); 04543 04544 if (len > length) 04545 len = length; 04546 return len; 04547 } 04548 04549 static int 04550 active_proc_info(char *buffer, char **start, off_t offset, int length) 04551 { 04552 u_int len = 0; 04553 off_t pos = 0; 04554 off_t begin = 0; 04555 04556 union rsbac_target_id_t rsbac_target_id; 04557 union rsbac_attribute_value_t rsbac_attribute_value; 04558 04559 if (!rsbac_initialized) return (-ENOSYS); 04560 04561 #ifdef CONFIG_RSBAC_DEBUG 04562 if (rsbac_debug_aef) 04563 { 04564 #ifdef CONFIG_RSBAC_RMSG 04565 rsbac_printk(KERN_DEBUG "stats_proc_info(): calling ADF\n"); 04566 #endif 04567 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 04568 if (!rsbac_nosyslog) 04569 #endif 04570 printk(KERN_DEBUG "stats_proc_info(): calling ADF\n"); 04571 } 04572 #endif 04573 rsbac_target_id.scd = ST_rsbac; 04574 rsbac_attribute_value.dummy = 0; 04575 if (!rsbac_adf_request(R_GET_STATUS_DATA, 04576 current->pid, 04577 T_SCD, 04578 rsbac_target_id, 04579 A_none, 04580 rsbac_attribute_value)) 04581 { 04582 return -EPERM; 04583 } 04584 04585 len = sprintf(buffer, "Version: %s\n", 04586 RSBAC_VERSION); 04587 #ifdef CONFIG_RSBAC_MAINT 04588 len += sprintf(buffer+len, "Mode: Maintenance\n"); 04589 len += sprintf(buffer+len, "Softmode: unavailable\n"); 04590 #else 04591 #ifdef CONFIG_RSBAC_SOFTMODE 04592 if(rsbac_softmode) 04593 len += sprintf(buffer+len, "Mode: Softmode\n"); 04594 else 04595 #endif 04596 len += sprintf(buffer+len, "Mode: Secure\n"); 04597 #ifdef CONFIG_RSBAC_SOFTMODE 04598 len += sprintf(buffer+len, "Softmode: available\n"); 04599 #else 04600 len += sprintf(buffer+len, "Softmode: unavailable\n"); 04601 #endif 04602 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04603 len += sprintf(buffer+len, "Ind-Soft: available\n"); 04604 #else 04605 len += sprintf(buffer+len, "Ind-Soft: unavailable\n"); 04606 #endif 04607 #endif 04608 pos = begin + len; 04609 if (pos < offset) 04610 { 04611 len = 0; 04612 begin = pos; 04613 } 04614 if (pos > offset+length) 04615 goto out; 04616 04617 #ifdef CONFIG_RSBAC_REG 04618 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04619 if(rsbac_ind_softmode[REG]) 04620 len += sprintf(buffer+len, "Module: REG softmode\n"); 04621 else 04622 #endif 04623 len += sprintf(buffer+len, "Module: REG on\n"); 04624 #endif 04625 04626 #ifdef CONFIG_RSBAC_MAC 04627 #ifdef CONFIG_RSBAC_SWITCH 04628 if(!rsbac_switch_mac) 04629 len += sprintf(buffer+len, "Module: MAC off\n"); 04630 else 04631 #endif 04632 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04633 if(rsbac_ind_softmode[MAC]) 04634 len += sprintf(buffer+len, "Module: MAC softmode\n"); 04635 else 04636 #endif 04637 len += sprintf(buffer+len, "Module: MAC on\n"); 04638 #endif 04639 04640 #ifdef CONFIG_RSBAC_FC 04641 #ifdef CONFIG_RSBAC_SWITCH 04642 if(!rsbac_switch_fc) 04643 len += sprintf(buffer+len, "Module: FC off\n"); 04644 else 04645 #endif 04646 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04647 if(rsbac_ind_softmode[FC]) 04648 len += sprintf(buffer+len, "Module: FC softmode\n"); 04649 else 04650 #endif 04651 len += sprintf(buffer+len, "Module: FC on\n"); 04652 #endif 04653 04654 #ifdef CONFIG_RSBAC_SIM 04655 #ifdef CONFIG_RSBAC_SWITCH 04656 if(!rsbac_switch_sim) 04657 len += sprintf(buffer+len, "Module: SIM off\n"); 04658 else 04659 #endif 04660 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04661 if(rsbac_ind_softmode[SIM]) 04662 len += sprintf(buffer+len, "Module: SIM softmode\n"); 04663 else 04664 #endif 04665 len += sprintf(buffer+len, "Module: SIM on\n"); 04666 #endif 04667 04668 #ifdef CONFIG_RSBAC_PM 04669 #ifdef CONFIG_RSBAC_SWITCH 04670 if(!rsbac_switch_pm) 04671 len += sprintf(buffer+len, "Module: PM off\n"); 04672 else 04673 #endif 04674 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04675 if(rsbac_ind_softmode[PM]) 04676 len += sprintf(buffer+len, "Module: PM softmode\n"); 04677 else 04678 #endif 04679 len += sprintf(buffer+len, "Module: PM on\n"); 04680 #endif 04681 04682 #ifdef CONFIG_RSBAC_DAZ 04683 #ifdef CONFIG_RSBAC_SWITCH 04684 if(!rsbac_switch_daz) 04685 len += sprintf(buffer+len, "Module: DAZ off\n"); 04686 else 04687 #endif 04688 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04689 if(rsbac_ind_softmode[DAZ]) 04690 len += sprintf(buffer+len, "Module: DAZ softmode\n"); 04691 else 04692 #endif 04693 len += sprintf(buffer+len, "Module: DAZ on\n"); 04694 #endif 04695 04696 #ifdef CONFIG_RSBAC_FF 04697 #ifdef CONFIG_RSBAC_SWITCH 04698 if(!rsbac_switch_ff) 04699 len += sprintf(buffer+len, "Module: FF off\n"); 04700 else 04701 #endif 04702 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04703 if(rsbac_ind_softmode[FF]) 04704 len += sprintf(buffer+len, "Module: FF softmode\n"); 04705 else 04706 #endif 04707 len += sprintf(buffer+len, "Module: FF on\n"); 04708 #endif 04709 04710 #ifdef CONFIG_RSBAC_RC 04711 #ifdef CONFIG_RSBAC_SWITCH 04712 if(!rsbac_switch_rc) 04713 len += sprintf(buffer+len, "Module: RC off\n"); 04714 else 04715 #endif 04716 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04717 if(rsbac_ind_softmode[RC]) 04718 len += sprintf(buffer+len, "Module: RC softmode\n"); 04719 else 04720 #endif 04721 len += sprintf(buffer+len, "Module: RC on\n"); 04722 #endif 04723 04724 #ifdef CONFIG_RSBAC_AUTH 04725 #ifdef CONFIG_RSBAC_SWITCH 04726 if(!rsbac_switch_auth) 04727 len += sprintf(buffer+len, "Module: AUTH off\n"); 04728 else 04729 #endif 04730 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04731 if(rsbac_ind_softmode[AUTH]) 04732 len += sprintf(buffer+len, "Module: AUTH softmode\n"); 04733 else 04734 #endif 04735 len += sprintf(buffer+len, "Module: AUTH on\n"); 04736 #endif 04737 04738 #ifdef CONFIG_RSBAC_ACL 04739 #ifdef CONFIG_RSBAC_SWITCH 04740 if(!rsbac_switch_acl) 04741 len += sprintf(buffer+len, "Module: ACL off\n"); 04742 else 04743 #endif 04744 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04745 if(rsbac_ind_softmode[ACL]) 04746 len += sprintf(buffer+len, "Module: ACL softmode\n"); 04747 else 04748 #endif 04749 len += sprintf(buffer+len, "Module: ACL on\n"); 04750 #endif 04751 04752 #ifdef CONFIG_RSBAC_CAP 04753 #ifdef CONFIG_RSBAC_SWITCH 04754 if(!rsbac_switch_cap) 04755 len += sprintf(buffer+len, "Module: CAP off\n"); 04756 else 04757 #endif 04758 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04759 if(rsbac_ind_softmode[CAP]) 04760 len += sprintf(buffer+len, "Module: CAP softmode\n"); 04761 else 04762 #endif 04763 len += sprintf(buffer+len, "Module: CAP on\n"); 04764 #endif 04765 04766 #ifdef CONFIG_RSBAC_JAIL 04767 #ifdef CONFIG_RSBAC_SWITCH 04768 if(!rsbac_switch_jail) 04769 len += sprintf(buffer+len, "Module: JAIL off\n"); 04770 else 04771 #endif 04772 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04773 if(rsbac_ind_softmode[JAIL]) 04774 len += sprintf(buffer+len, "Module: JAIL softmode\n"); 04775 else 04776 #endif 04777 len += sprintf(buffer+len, "Module: JAIL on\n"); 04778 #endif 04779 04780 #ifdef CONFIG_RSBAC_RES 04781 #ifdef CONFIG_RSBAC_SWITCH 04782 if(!rsbac_switch_res) 04783 len += sprintf(buffer+len, "Module: RES off\n"); 04784 else 04785 #endif 04786 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04787 if(rsbac_ind_softmode[RES]) 04788 len += sprintf(buffer+len, "Module: RES softmode\n"); 04789 else 04790 #endif 04791 len += sprintf(buffer+len, "Module: RES on\n"); 04792 #endif 04793 04794 #ifdef CONFIG_RSBAC_PAX 04795 #ifdef CONFIG_RSBAC_SWITCH 04796 if(!rsbac_switch_pax) 04797 len += sprintf(buffer+len, "Module: PAX off\n"); 04798 else 04799 #endif 04800 #ifdef CONFIG_RSBAC_SOFTMODE_IND 04801 if(rsbac_ind_softmode[PAX]) 04802 len += sprintf(buffer+len, "Module: PAX softmode\n"); 04803 else 04804 #endif 04805 len += sprintf(buffer+len, "Module: PAX on\n"); 04806 #endif 04807 04808 pos = begin + len; 04809 if (pos < offset) 04810 { 04811 len = 0; 04812 begin = pos; 04813 } 04814 04815 out: 04816 *start = buffer + (offset - begin); 04817 len -= (offset - begin); 04818 04819 if (len > length) 04820 len = length; 04821 return len; 04822 } 04823 04824 #ifdef CONFIG_RSBAC_XSTATS 04825 static int 04826 xstats_proc_info(char *buffer, char **start, off_t offset, int length) 04827 { 04828 u_int len = 0; 04829 off_t pos = 0; 04830 off_t begin = 0; 04831 int i,j; 04832 char name[80]; 04833 union rsbac_target_id_t rsbac_target_id; 04834 union rsbac_attribute_value_t rsbac_attribute_value; 04835 04836 if (!rsbac_initialized) return (-ENOSYS); 04837 04838 #ifdef CONFIG_RSBAC_DEBUG 04839 if (rsbac_debug_aef) 04840 { 04841 #ifdef CONFIG_RSBAC_RMSG 04842 rsbac_printk(KERN_DEBUG "xstats_proc_info(): calling ADF\n"); 04843 #endif 04844 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 04845 if (!rsbac_nosyslog) 04846 #endif 04847 printk(KERN_DEBUG "xstats_proc_info(): calling ADF\n"); 04848 } 04849 #endif 04850 rsbac_target_id.scd = ST_rsbac; 04851 rsbac_attribute_value.dummy = 0; 04852 if (!rsbac_adf_request(R_GET_STATUS_DATA, 04853 current->pid, 04854 T_SCD, 04855 rsbac_target_id, 04856 A_none, 04857 rsbac_attribute_value)) 04858 { 04859 return -EPERM; 04860 } 04861 04862 len += sprintf(buffer, 04863 "RSBAC ADF call Statistics\n-------------------------\nadf_request table:\n"); 04864 pos = begin + len; 04865 if (pos < offset) 04866 { 04867 len = 0; 04868 begin = pos; 04869 } 04870 if (pos > offset+length) 04871 goto out; 04872 04873 len += sprintf(buffer + len, "Request /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tNONE"); 04874 pos = begin + len; 04875 if (pos < offset) 04876 { 04877 len = 0; 04878 begin = pos; 04879 } 04880 if (pos > offset+length) 04881 goto out; 04882 04883 for(i=0;i<R_NONE;i++) 04884 { 04885 get_request_name(name, i); 04886 name[15]=0; 04887 len += sprintf(buffer + len, "\n%-14s\t",name); 04888 pos = begin + len; 04889 if (pos < offset) 04890 { 04891 len = 0; 04892 begin = pos; 04893 } 04894 if (pos > offset+length) 04895 goto out; 04896 for(j=0;j<=T_NONE;j++) 04897 { 04898 if( (j == T_NETTEMP_NT) 04899 || (j == T_FD) 04900 ) 04901 continue; 04902 len += sprintf(buffer + len, "%lu\t", 04903 rsbac_adf_request_xcount[j][i]); 04904 pos = begin + len; 04905 if (pos < offset) 04906 { 04907 len = 0; 04908 begin = pos; 04909 } 04910 if (pos > offset+length) 04911 goto out; 04912 } 04913 } 04914 04915 len += sprintf(buffer + len, 04916 "\n\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, none: %lu\n", 04917 rsbac_adf_request_count[T_FILE], 04918 rsbac_adf_request_count[T_DIR], 04919 rsbac_adf_request_count[T_FIFO], 04920 rsbac_adf_request_count[T_SYMLINK], 04921 rsbac_adf_request_count[T_DEV], 04922 rsbac_adf_request_count[T_IPC], 04923 rsbac_adf_request_count[T_SCD], 04924 rsbac_adf_request_count[T_USER], 04925 rsbac_adf_request_count[T_PROCESS], 04926 rsbac_adf_request_count[T_NETDEV], 04927 rsbac_adf_request_count[T_NETTEMP], 04928 rsbac_adf_request_count[T_NETOBJ], 04929 rsbac_adf_request_count[T_NONE]); 04930 pos = begin + len; 04931 if (pos < offset) 04932 { 04933 len = 0; 04934 begin = pos; 04935 } 04936 if (pos > offset+length) 04937 goto out; 04938 04939 len += sprintf(buffer+len, 04940 "\n\nadf_set_attr table:\nRequest /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tNONE"); 04941 pos = begin + len; 04942 if (pos < offset) 04943 { 04944 len = 0; 04945 begin = pos; 04946 } 04947 if (pos > offset+length) 04948 goto out; 04949 04950 for(i=0;i<R_NONE;i++) 04951 { 04952 get_request_name(name, i); 04953 name[15]=0; 04954 len += sprintf(buffer + len, "\n%-14s\t",name); 04955 pos = begin + len; 04956 if (pos < offset) 04957 { 04958 len = 0; 04959 begin = pos; 04960 } 04961 if (pos > offset+length) 04962 goto out; 04963 for(j=0;j<=T_NONE;j++) 04964 { 04965 if( (j == T_NETTEMP_NT) 04966 || (j == T_FD) 04967 ) 04968 continue; 04969 len += sprintf(buffer + len, "%lu\t", 04970 rsbac_adf_set_attr_xcount[j][i]); 04971 pos = begin + len; 04972 if (pos < offset) 04973 { 04974 len = 0; 04975 begin = pos; 04976 } 04977 if (pos > offset+length) 04978 goto out; 04979 } 04980 } 04981 04982 len += sprintf(buffer + len, 04983 "\n\nadf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, none: %lu\n", 04984 rsbac_adf_set_attr_count[T_FILE], 04985 rsbac_adf_set_attr_count[T_DIR], 04986 rsbac_adf_set_attr_count[T_FIFO], 04987 rsbac_adf_set_attr_count[T_SYMLINK], 04988 rsbac_adf_set_attr_count[T_DEV], 04989 rsbac_adf_set_attr_count[T_IPC], 04990 rsbac_adf_set_attr_count[T_SCD], 04991 rsbac_adf_set_attr_count[T_USER], 04992 rsbac_adf_set_attr_count[T_PROCESS], 04993 rsbac_adf_set_attr_count[T_NETDEV], 04994 rsbac_adf_set_attr_count[T_NETTEMP], 04995 rsbac_adf_set_attr_count[T_NETOBJ], 04996 rsbac_adf_set_attr_count[T_NONE]); 04997 pos = begin + len; 04998 if (pos < offset) 04999 { 05000 len = 0; 05001 begin = pos; 05002 } 05003 if (pos > offset+length) 05004 goto out; 05005 05006 len += sprintf(buffer + len, 05007 "\n\nData Structures:\nrsbac_get_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", 05008 get_attr_count[T_FILE], 05009 get_attr_count[T_DIR], 05010 get_attr_count[T_FIFO], 05011 get_attr_count[T_SYMLINK], 05012 get_attr_count[T_DEV], 05013 get_attr_count[T_IPC], 05014 get_attr_count[T_SCD], 05015 get_attr_count[T_USER], 05016 get_attr_count[T_PROCESS], 05017 get_attr_count[T_NETDEV], 05018 get_attr_count[T_NETTEMP], 05019 get_attr_count[T_NETOBJ]); 05020 pos = begin + len; 05021 if (pos < offset) 05022 { 05023 len = 0; 05024 begin = pos; 05025 } 05026 if (pos > offset+length) 05027 goto out; 05028 05029 len += sprintf(buffer + len, 05030 "\nrsbac_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", 05031 set_attr_count[T_FILE], 05032 set_attr_count[T_DIR], 05033 set_attr_count[T_FIFO], 05034 set_attr_count[T_SYMLINK], 05035 set_attr_count[T_DEV], 05036 set_attr_count[T_IPC], 05037 set_attr_count[T_SCD], 05038 set_attr_count[T_USER], 05039 set_attr_count[T_PROCESS], 05040 set_attr_count[T_NETDEV], 05041 set_attr_count[T_NETTEMP], 05042 set_attr_count[T_NETOBJ]); 05043 pos = begin + len; 05044 if (pos < offset) 05045 { 05046 len = 0; 05047 begin = pos; 05048 } 05049 if (pos > offset+length) 05050 goto out; 05051 05052 len += sprintf(buffer + len, 05053 "\nrsbac_remove_target calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", 05054 remove_count[T_FILE], 05055 remove_count[T_DIR], 05056 remove_count[T_FIFO], 05057 remove_count[T_SYMLINK], 05058 remove_count[T_DEV], 05059 remove_count[T_IPC], 05060 remove_count[T_SCD], 05061 remove_count[T_USER], 05062 remove_count[T_PROCESS], 05063 remove_count[T_NETDEV], 05064 remove_count[T_NETTEMP], 05065 remove_count[T_NETOBJ]); 05066 pos = begin + len; 05067 if (pos < offset) 05068 { 05069 len = 0; 05070 begin = pos; 05071 } 05072 05073 out: 05074 *start = buffer + (offset - begin); 05075 len -= (offset - begin); 05076 05077 if (len > length) 05078 len = length; 05079 return len; 05080 } 05081 #endif 05082 05083 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0) 05084 static int 05085 auto_write_proc_info(char *buffer, char **start, off_t offset, int length) 05086 { 05087 int len = 0; 05088 off_t pos = 0; 05089 off_t begin = 0; 05090 05091 union rsbac_target_id_t rsbac_target_id; 05092 union rsbac_attribute_value_t rsbac_attribute_value; 05093 05094 if (!rsbac_initialized) return (-ENOSYS); 05095 05096 #ifdef CONFIG_RSBAC_DEBUG 05097 if (rsbac_debug_aef) 05098 { 05099 #ifdef CONFIG_RSBAC_RMSG 05100 rsbac_printk(KERN_DEBUG "auto_write_proc_info(): calling ADF\n"); 05101 #endif 05102 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 05103 if (!rsbac_nosyslog) 05104 #endif 05105 printk(KERN_DEBUG "auto_write_proc_info(): calling ADF\n"); 05106 } 05107 #endif 05108 rsbac_target_id.scd = ST_rsbac; 05109 rsbac_attribute_value.dummy = 0; 05110 if (!rsbac_adf_request(R_GET_STATUS_DATA, 05111 current->pid, 05112 T_SCD, 05113 rsbac_target_id, 05114 A_none, 05115 rsbac_attribute_value)) 05116 { 05117 return -EPERM; 05118 } 05119 05120 len = sprintf(buffer, "RSBAC auto write settings\n-------------------------\n"); 05121 pos = begin + len; 05122 if (pos < offset) 05123 { 05124 len = 0; 05125 begin = pos; 05126 } 05127 if (pos > offset+length) 05128 goto out; 05129 05130 len += sprintf(buffer + len, "auto interval %u jiffies (%i jiffies = 1 second)\n", 05131 auto_interval, HZ); 05132 pos = begin + len; 05133 if (pos < offset) 05134 { 05135 len = 0; 05136 begin = pos; 05137 } 05138 if (pos > offset+length) 05139 goto out; 05140 05141 #ifdef CONFIG_RSBAC_DEBUG 05142 len += sprintf(buffer + len, "debug level is %i\n", 05143 rsbac_debug_auto); 05144 pos = begin + len; 05145 if (pos < offset) 05146 { 05147 len = 0; 05148 begin = pos; 05149 } 05150 #endif 05151 05152 out: 05153 *start = buffer + (offset - begin); 05154 len -= (offset - begin); 05155 05156 if (len > length) 05157 len = length; 05158 return len; 05159 } 05160 05161 static ssize_t auto_write_proc_write(struct file * file, const char * buf, 05162 u_long count, void *ppos) 05163 { 05164 ssize_t err = -EINVAL; 05165 char * k_buf; 05166 char * p; 05167 05168 union rsbac_target_id_t rsbac_target_id; 05169 union rsbac_attribute_value_t rsbac_attribute_value; 05170 05171 if(count > PROC_BLOCK_SIZE) { 05172 return(-EOVERFLOW); 05173 } 05174 05175 if (!(k_buf = (char *) __get_free_page(GFP_KERNEL))) 05176 return(-ENOMEM); 05177 copy_from_user(k_buf, buf, count); 05178 05179 if(count < 13 || strncmp("auto", k_buf, 4)) 05180 { 05181 goto out; 05182 } 05183 if (!rsbac_initialized) 05184 { 05185 err=-ENOSYS; 05186 goto out; 05187 } 05188 05189 #ifdef CONFIG_RSBAC_DEBUG 05190 if (rsbac_debug_aef) 05191 { 05192 #ifdef CONFIG_RSBAC_RMSG 05193 rsbac_printk(KERN_DEBUG "auto_write_proc_write(): calling ADF\n"); 05194 #endif 05195 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 05196 if (!rsbac_nosyslog) 05197 #endif 05198 printk(KERN_DEBUG "auto_write_proc_write(): calling ADF\n"); 05199 } 05200 #endif 05201 rsbac_target_id.scd = ST_rsbac; 05202 rsbac_attribute_value.dummy = 0; 05203 if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA, 05204 current->pid, 05205 T_SCD, 05206 rsbac_target_id, 05207 A_none, 05208 rsbac_attribute_value)) 05209 { 05210 err = -EPERM; 05211 goto out; 05212 } 05213 05214 /* 05215 * Usage: echo "auto interval #N" > /proc/rsbac_info/auto_write 05216 * to set auto_interval to given value 05217 */ 05218 if(!strncmp("interval", k_buf + 5, 8)) 05219 { 05220 unsigned int interval; 05221 05222 p = k_buf + 5 + 9; 05223 05224 if( *p == '\0' ) 05225 goto out; 05226 05227 interval = simple_strtoul(p, NULL, 0); 05228 /* only accept minimum of 1 second */ 05229 if(interval >= HZ) 05230 { 05231 #ifdef CONFIG_RSBAC_RMSG 05232 rsbac_printk(KERN_INFO 05233 "auto_write_proc_write(): setting auto write interval to %u\n", 05234 interval); 05235 #endif 05236 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 05237 if (!rsbac_nosyslog) 05238 #endif 05239 printk(KERN_INFO 05240 "auto_write_proc_write(): setting auto write interval to %u\n", 05241 interval); 05242 auto_interval = interval; 05243 err = count; 05244 goto out; 05245 } 05246 else 05247 { 05248 #ifdef CONFIG_RSBAC_RMSG 05249 rsbac_printk(KERN_INFO 05250 "auto_write_proc_write(): rejecting too short auto write interval %u (min. %i)\n", 05251 interval, HZ); 05252 #endif 05253 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 05254 if (!rsbac_nosyslog) 05255 #endif 05256 printk(KERN_INFO 05257 "auto_write_proc_write(): rejecting too short auto write interval %u (min. %i)\n", 05258 interval, HZ); 05259 goto out; 05260 } 05261 } 05262 05263 #ifdef CONFIG_RSBAC_DEBUG 05264 /* 05265 * Usage: echo "auto debug #N" > /proc/rsbac_info/auto_write 05266 * to set rsbac_debug_auto to given value 05267 */ 05268 if(!strncmp("debug", k_buf + 5, 5)) 05269 { 05270 unsigned int debug_level; 05271 05272 p = k_buf + 5 + 6; 05273 05274 if( *p == '\0' ) 05275 goto out; 05276 05277 debug_level = simple_strtoul(p, NULL, 0); 05278 /* only accept 0 or 1 */ 05279 if(!debug_level || (debug_level == 1)) 05280 { 05281 #ifdef CONFIG_RSBAC_RMSG 05282 rsbac_printk(KERN_INFO 05283 "auto_write_proc_write(): setting rsbac_debug_auto to %u\n", 05284 debug_level); 05285 #endif 05286 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 05287 if (!rsbac_nosyslog) 05288 #endif 05289 printk(KERN_INFO 05290 "auto_write_proc_write(): setting rsbac_debug_auto to %u\n", 05291 debug_level); 05292 rsbac_debug_auto = debug_level; 05293 err = count; 05294 } 05295 else 05296 { 05297 #ifdef CONFIG_RSBAC_RMSG 05298 rsbac_printk(KERN_INFO 05299 "auto_write_proc_write(): rejecting invalid debug level (should be 0 or 1)\n"); 05300 #endif 05301 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 05302 if (!rsbac_nosyslog) 05303 #endif 05304 printk(KERN_INFO 05305 "auto_write_proc_write(): rejecting invalid debug level (should be 0 or 1)\n"); 05306 } 05307 } 05308 #endif 05309 05310 out: 05311 free_page((ulong) k_buf); 05312 return(err); 05313 } 05314 #endif /* CONFIG_RSBAC_AUTO_WRITE > 0 */ 05315 05316 static int 05317 versions_proc_info(char *buffer, char **start, off_t offset, int length) 05318 { 05319 int len = 0; 05320 off_t pos = 0; 05321 off_t begin = 0; 05322 05323 union rsbac_target_id_t rsbac_target_id; 05324 union rsbac_attribute_value_t rsbac_attribute_value; 05325 05326 if (!rsbac_initialized) return (-ENOSYS); 05327 05328 #ifdef CONFIG_RSBAC_DEBUG 05329 if (rsbac_debug_aef) 05330 { 05331 #ifdef CONFIG_RSBAC_RMSG 05332 rsbac_printk(KERN_DEBUG "versions_proc_info(): calling ADF\n"); 05333 #endif 05334 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 05335 if (!rsbac_nosyslog) 05336 #endif 05337 printk(KERN_DEBUG "versions_proc_info(): calling ADF\n"); 05338 } 05339 #endif 05340 rsbac_target_id.scd = ST_rsbac; 05341 rsbac_attribute_value.dummy = 0; 05342 if (!rsbac_adf_request(R_GET_STATUS_DATA, 05343 current->pid, 05344 T_SCD, 05345 rsbac_target_id, 05346 A_none, 05347 rsbac_attribute_value)) 05348 { 05349 return -EPERM; 05350 } 05351 05352 len = sprintf(buffer, 05353 "RSBAC version settings (%s)\n----------------------\n", 05354 RSBAC_VERSION); 05355 pos = begin + len; 05356 if (pos < offset) 05357 { 05358 len = 0; 05359 begin = pos; 05360 } 05361 if (pos > offset+length) 05362 goto out; 05363 05364 len += sprintf(buffer + len, "FD lists:\nGEN aci version is %i, aci entry size is %i, %i lists per device\n", 05365 RSBAC_GEN_FD_ACI_VERSION, sizeof(struct rsbac_gen_fd_aci_t), RSBAC_GEN_NR_FD_LISTS); 05366 pos = begin + len; 05367 if (pos < offset) 05368 { 05369 len = 0; 05370 begin = pos; 05371 } 05372 if (pos > offset+length) 05373 goto out; 05374 #if defined(CONFIG_RSBAC_MAC) 05375 len += sprintf(buffer + len, "MAC aci version is %i, aci entry size is %i, %i lists per device\n", 05376 RSBAC_MAC_FD_ACI_VERSION, sizeof(struct rsbac_mac_fd_aci_t), RSBAC_MAC_NR_FD_LISTS); 05377 pos = begin + len; 05378 if (pos < offset) 05379 { 05380 len = 0; 05381 begin = pos; 05382 } 05383 if (pos > offset+length) 05384 goto out; 05385 #endif 05386 #if defined(CONFIG_RSBAC_FC) 05387 len += sprintf(buffer + len, "FC aci version is %i, aci entry size is %i, %i lists per device\n", 05388 RSBAC_FC_FD_ACI_VERSION, sizeof(rsbac_fc_oc_t), RSBAC_FC_NR_FD_LISTS); 05389 pos = begin + len; 05390 if (pos < offset) 05391 { 05392 len = 0; 05393 begin = pos; 05394 } 05395 if (pos > offset+length) 05396 goto out; 05397 #endif 05398 #if defined(CONFIG_RSBAC_SIM) 05399 len += sprintf(buffer + len, "SIM aci version is %i, aci entry size is %i, %i lists per device\n", 05400 RSBAC_SIM_FD_ACI_VERSION, sizeof(rsbac_sim_dt_t), RSBAC_SIM_NR_FD_LISTS); 05401 pos = begin + len; 05402 if (pos < offset) 05403 { 05404 len = 0; 05405 begin = pos; 05406 } 05407 if (pos > offset+length) 05408 goto out; 05409 #endif 05410 #if defined(CONFIG_RSBAC_PM) 05411 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i, %i lists per device\n", 05412 RSBAC_PM_FD_ACI_VERSION, sizeof(struct rsbac_pm_fd_aci_t), RSBAC_PM_NR_FD_LISTS); 05413 pos = begin + len; 05414 if (pos < offset) 05415 { 05416 len = 0; 05417 begin = pos; 05418 } 05419 if (pos > offset+length) 05420 goto out; 05421 #endif 05422 #if defined(CONFIG_RSBAC_DAZ) 05423 len += sprintf(buffer + len, "DAZ aci version is %i, aci entry size is %i, %i lists per device\n", 05424 RSBAC_DAZ_FD_ACI_VERSION, sizeof(struct rsbac_daz_fd_aci_t), RSBAC_DAZ_NR_FD_LISTS); 05425 pos = begin + len; 05426 if (pos < offset) 05427 { 05428 len = 0; 05429 begin = pos; 05430 } 05431 if (pos > offset+length) 05432 goto out; 05433 #if defined(CONFIG_RSBAC_DAZ_CACHE) 05434 len += sprintf(buffer + len, "DAZS aci version is %i, aci entry size is %i, %i lists per device\n", 05435 RSBAC_DAZ_SCANNED_FD_ACI_VERSION, 05436 sizeof(rsbac_daz_scanned_t), 05437 RSBAC_DAZ_SCANNED_NR_FD_LISTS); 05438 pos = begin + len; 05439 if (pos < offset) 05440 { 05441 len = 0; 05442 begin = pos; 05443 } 05444 if (pos > offset+length) 05445 goto out; 05446 #endif 05447 #endif 05448 #if defined(CONFIG_RSBAC_FF) 05449 len += sprintf(buffer + len, "FF aci version is %i, aci entry size is %i, %i lists per device\n", 05450 RSBAC_FF_FD_ACI_VERSION, sizeof(rsbac_ff_flags_t), RSBAC_FF_NR_FD_LISTS); 05451 pos = begin + len; 05452 if (pos < offset) 05453 { 05454 len = 0; 05455 begin = pos; 05456 } 05457 if (pos > offset+length) 05458 goto out; 05459 #endif 05460 #if defined(CONFIG_RSBAC_RC) 05461 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i, %i lists per device\n", 05462 RSBAC_RC_FD_ACI_VERSION, sizeof(struct rsbac_rc_fd_aci_t), RSBAC_RC_NR_FD_LISTS); 05463 pos = begin + len; 05464 if (pos < offset) 05465 { 05466 len = 0; 05467 begin = pos; 05468 } 05469 if (pos > offset+length) 05470 goto out; 05471 #endif 05472 #if defined(CONFIG_RSBAC_AUTH) 05473 len += sprintf(buffer + len, "AUTH aci version is %i, aci entry size is %i, %i lists per device\n", 05474 RSBAC_AUTH_FD_ACI_VERSION, sizeof(struct rsbac_auth_fd_aci_t), RSBAC_AUTH_NR_FD_LISTS); 05475 pos = begin + len; 05476 if (pos < offset) 05477 { 05478 len = 0; 05479 begin = pos; 05480 } 05481 if (pos > offset+length) 05482 goto out; 05483 #endif 05484 #if defined(CONFIG_RSBAC_CAP) 05485 len += sprintf(buffer + len, "CAP aci version is %i, aci entry size is %i, %i lists per device\n", 05486 RSBAC_CAP_FD_ACI_VERSION, sizeof(struct rsbac_cap_fd_aci_t), RSBAC_CAP_NR_FD_LISTS); 05487 pos = begin + len; 05488 if (pos < offset) 05489 { 05490 len = 0; 05491 begin = pos; 05492 } 05493 if (pos > offset+length) 05494 goto out; 05495 #endif 05496 #if defined(CONFIG_RSBAC_PAX) 05497 len += sprintf(buffer + len, "PAX aci version is %i, aci entry size is %i, %i lists per device\n", 05498 RSBAC_PAX_FD_ACI_VERSION, sizeof(rsbac_pax_flags_t), RSBAC_PAX_NR_FD_LISTS); 05499 pos = begin + len; 05500 if (pos < offset) 05501 { 05502 len = 0; 05503 begin = pos; 05504 } 05505 if (pos > offset+length) 05506 goto out; 05507 #endif 05508 #if defined(CONFIG_RSBAC_RES) 05509 len += sprintf(buffer + len, "RES aci version is %i, aci entry size is %i, %i lists per device\n", 05510 RSBAC_RES_FD_ACI_VERSION, sizeof(struct rsbac_res_fd_aci_t), RSBAC_RES_NR_FD_LISTS); 05511 pos = begin + len; 05512 if (pos < offset) 05513 { 05514 len = 0; 05515 begin = pos; 05516 } 05517 if (pos > offset+length) 05518 goto out; 05519 #endif 05520 05521 05522 len += sprintf(buffer + len, "\nDEV lists:\nGEN aci version is %i, aci entry size is %i\n", 05523 RSBAC_GEN_DEV_ACI_VERSION, sizeof(struct rsbac_gen_dev_aci_t)); 05524 pos = begin + len; 05525 if (pos < offset) 05526 { 05527 len = 0; 05528 begin = pos; 05529 } 05530 if (pos > offset+length) 05531 goto out; 05532 #if defined(CONFIG_RSBAC_MAC) 05533 len += sprintf(buffer + len, "MAC aci version is %i, aci entry size is %i\n", 05534 RSBAC_MAC_DEV_ACI_VERSION, sizeof(struct rsbac_mac_dev_aci_t)); 05535 pos = begin + len; 05536 if (pos < offset) 05537 { 05538 len = 0; 05539 begin = pos; 05540 } 05541 if (pos > offset+length) 05542 goto out; 05543 #endif 05544 #if defined(CONFIG_RSBAC_FC) 05545 len += sprintf(buffer + len, "FC aci version is %i, aci entry size is %i\n", 05546 RSBAC_FC_DEV_ACI_VERSION, sizeof(rsbac_fc_oc_t)); 05547 pos = begin + len; 05548 if (pos < offset) 05549 { 05550 len = 0; 05551 begin = pos; 05552 } 05553 if (pos > offset+length) 05554 goto out; 05555 #endif 05556 #if defined(CONFIG_RSBAC_SIM) 05557 len += sprintf(buffer + len, "SIM aci version is %i, aci entry size is %i\n", 05558 RSBAC_SIM_DEV_ACI_VERSION, sizeof(rsbac_sim_dt_t)); 05559 pos = begin + len; 05560 if (pos < offset) 05561 { 05562 len = 0; 05563 begin = pos; 05564 } 05565 if (pos > offset+length) 05566 goto out; 05567 #endif 05568 #if defined(CONFIG_RSBAC_PM) 05569 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i\n", 05570 RSBAC_PM_DEV_ACI_VERSION, sizeof(struct rsbac_pm_dev_aci_t)); 05571 pos = begin + len; 05572 if (pos < offset) 05573 { 05574 len = 0; 05575 begin = pos; 05576 } 05577 if (pos > offset+length) 05578 goto out; 05579 #endif 05580 #if defined(CONFIG_RSBAC_RC) 05581 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i\n", 05582 RSBAC_RC_DEV_ACI_VERSION, sizeof(rsbac_rc_type_id_t)); 05583 pos = begin + len; 05584 if (pos < offset) 05585 { 05586 len = 0; 05587 begin = pos; 05588 } 05589 if (pos > offset+length) 05590 goto out; 05591 #endif 05592 05593 05594 len += sprintf(buffer + len, "\nIPC lists:\n"); 05595 pos = begin + len; 05596 if (pos < offset) 05597 { 05598 len = 0; 05599 begin = pos; 05600 } 05601 if (pos > offset+length) 05602 goto out; 05603 #if defined(CONFIG_RSBAC_MAC) 05604 len += sprintf(buffer + len, "MAC aci version is %i, aci entry size is %i\n", 05605 RSBAC_MAC_IPC_ACI_VERSION, sizeof(struct rsbac_mac_ipc_aci_t)); 05606 pos = begin + len; 05607 if (pos < offset) 05608 { 05609 len = 0; 05610 begin = pos; 05611 } 05612 if (pos > offset+length) 05613 goto out; 05614 #endif 05615 #if defined(CONFIG_RSBAC_FC) 05616 len += sprintf(buffer + len, "FC aci version is %i, aci entry size is %i\n", 05617 RSBAC_FC_IPC_ACI_VERSION, sizeof(rsbac_fc_oc_t)); 05618 pos = begin + len; 05619 if (pos < offset) 05620 { 05621 len = 0; 05622 begin = pos; 05623 } 05624 if (pos > offset+length) 05625 goto out; 05626 #endif 05627 #if defined(CONFIG_RSBAC_SIM) 05628 len += sprintf(buffer + len, "SIM aci version is %i, aci entry size is %i\n", 05629 RSBAC_SIM_IPC_ACI_VERSION, sizeof(rsbac_sim_dt_t)); 05630 pos = begin + len; 05631 if (pos < offset) 05632 { 05633 len = 0; 05634 begin = pos; 05635 } 05636 if (pos > offset+length) 05637 goto out; 05638 #endif 05639 #if defined(CONFIG_RSBAC_PM) 05640 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i\n", 05641 RSBAC_PM_IPC_ACI_VERSION, sizeof(struct rsbac_pm_ipc_aci_t)); 05642 pos = begin + len; 05643 if (pos < offset) 05644 { 05645 len = 0; 05646 begin = pos; 05647 } 05648 if (pos > offset+length) 05649 goto out; 05650 #endif 05651 #if defined(CONFIG_RSBAC_RC) 05652 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i\n", 05653 RSBAC_RC_IPC_ACI_VERSION, sizeof(rsbac_rc_type_id_t)); 05654 pos = begin + len; 05655 if (pos < offset) 05656 { 05657 len = 0; 05658 begin = pos; 05659 } 05660 if (pos > offset+length) 05661 goto out; 05662 #endif 05663 #if defined(CONFIG_RSBAC_JAIL) 05664 len += sprintf(buffer + len, "JAIL aci version is %i, aci entry size is %i\n", 05665 RSBAC_JAIL_IPC_ACI_VERSION, sizeof(rsbac_jail_id_t)); 05666 pos = begin + len; 05667 if (pos < offset) 05668 { 05669 len = 0; 05670 begin = pos; 05671 } 05672 if (pos > offset+length) 05673 goto out; 05674 #endif 05675 05676 05677 len += sprintf(buffer + len, "\nUSER lists:\nGEN aci version is %i, aci entry size is %i\n", 05678 RSBAC_GEN_USER_ACI_VERSION, sizeof(struct rsbac_gen_user_aci_t)); 05679 pos = begin + len; 05680 if (pos < offset) 05681 { 05682 len = 0; 05683 begin = pos; 05684 } 05685 if (pos > offset+length) 05686 goto out; 05687 #if defined(CONFIG_RSBAC_MAC) 05688 len += sprintf(buffer + len, "MAC aci version is %i, aci entry size is %i\n", 05689 RSBAC_MAC_USER_ACI_VERSION, sizeof(struct rsbac_mac_user_aci_t)); 05690 pos = begin + len; 05691 if (pos < offset) 05692 { 05693 len = 0; 05694 begin = pos; 05695 } 05696 if (pos > offset+length) 05697 goto out; 05698 #endif 05699 #if defined(CONFIG_RSBAC_FC) 05700 len += sprintf(buffer + len, "FC aci version is %i, aci entry size is %i\n", 05701 RSBAC_FC_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t)); 05702 pos = begin + len; 05703 if (pos < offset) 05704 { 05705 len = 0; 05706 begin = pos; 05707 } 05708 if (pos > offset+length) 05709 goto out; 05710 #endif 05711 #if defined(CONFIG_RSBAC_SIM) 05712 len += sprintf(buffer + len, "SIM aci version is %i, aci entry size is %i\n", 05713 RSBAC_SIM_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t)); 05714 pos = begin + len; 05715 if (pos < offset) 05716 { 05717 len = 0; 05718 begin = pos; 05719 } 05720 if (pos > offset+length) 05721 goto out; 05722 #endif 05723 #if defined(CONFIG_RSBAC_PM) 05724 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i\n", 05725 RSBAC_PM_USER_ACI_VERSION, sizeof(struct rsbac_pm_user_aci_t)); 05726 pos = begin + len; 05727 if (pos < offset) 05728 { 05729 len = 0; 05730 begin = pos; 05731 } 05732 if (pos > offset+length) 05733 goto out; 05734 #endif 05735 #if defined(CONFIG_RSBAC_DAZ) 05736 len += sprintf(buffer + len, "DAZ aci version is %i, aci entry size is %i\n", 05737 RSBAC_DAZ_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t)); 05738 pos = begin + len; 05739 if (pos < offset) 05740 { 05741 len = 0; 05742 begin = pos; 05743 } 05744 if (pos > offset+length) 05745 goto out; 05746 #endif 05747 #if defined(CONFIG_RSBAC_RC) 05748 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i\n", 05749 RSBAC_RC_USER_ACI_VERSION, sizeof(rsbac_rc_role_id_t)); 05750 pos = begin + len; 05751 if (pos < offset) 05752 { 05753 len = 0; 05754 begin = pos; 05755 } 05756 if (pos > offset+length) 05757 goto out; 05758 #endif 05759 #if defined(CONFIG_RSBAC_AUTH) 05760 len += sprintf(buffer + len, "AUTH aci version is %i, aci entry size is %i\n", 05761 RSBAC_AUTH_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t)); 05762 pos = begin + len; 05763 if (pos < offset) 05764 { 05765 len = 0; 05766 begin = pos; 05767 } 05768 if (pos > offset+length) 05769 goto out; 05770 #endif 05771 #if defined(CONFIG_RSBAC_CAP) 05772 len += sprintf(buffer + len, "CAP aci version is %i, aci entry size is %i\n", 05773 RSBAC_CAP_USER_ACI_VERSION, sizeof(struct rsbac_cap_user_aci_t)); 05774 pos = begin + len; 05775 if (pos < offset) 05776 { 05777 len = 0; 05778 begin = pos; 05779 } 05780 if (pos > offset+length) 05781 goto out; 05782 #endif 05783 #if defined(CONFIG_RSBAC_JAIL) 05784 len += sprintf(buffer + len, "JAIL aci version is %i, aci entry size is %i\n", 05785 RSBAC_JAIL_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t)); 05786 pos = begin + len; 05787 if (pos < offset) 05788 { 05789 len = 0; 05790 begin = pos; 05791 } 05792 if (pos > offset+length) 05793 goto out; 05794 #endif 05795 #if defined(CONFIG_RSBAC_PAX) 05796 len += sprintf(buffer + len, "PAX aci version is %i, aci entry size is %i\n", 05797 RSBAC_PAX_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t)); 05798 pos = begin + len; 05799 if (pos < offset) 05800 { 05801 len = 0; 05802 begin = pos; 05803 } 05804 if (pos > offset+length) 05805 goto out; 05806 #endif 05807 #if defined(CONFIG_RSBAC_RES) 05808 len += sprintf(buffer + len, "RES aci version is %i, aci entry size is %i\n", 05809 RSBAC_RES_USER_ACI_VERSION, sizeof(struct rsbac_res_user_aci_t)); 05810 pos = begin + len; 05811 if (pos < offset) 05812 { 05813 len = 0; 05814 begin = pos; 05815 } 05816 if (pos > offset+length) 05817 goto out; 05818 #endif 05819 05820 05821 len += sprintf(buffer + len, "\nPROCESS lists:\nGEN aci version is %i, aci entry size is %i\n", 05822 RSBAC_GEN_PROCESS_ACI_VERSION, sizeof(rsbac_request_vector_t)); 05823 pos = begin + len; 05824 if (pos < offset) 05825 { 05826 len = 0; 05827 begin = pos; 05828 } 05829 if (pos > offset+length) 05830 goto out; 05831 #if defined(CONFIG_RSBAC_MAC) 05832 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %u, number of lists is %u\n", 05833 RSBAC_MAC_PROCESS_ACI_VERSION, 05834 sizeof(struct rsbac_mac_process_aci_t), 05835 CONFIG_RSBAC_MAC_NR_P_LISTS); 05836 pos = begin + len; 05837 if (pos < offset) 05838 { 05839 len = 0; 05840 begin = pos; 05841 } 05842 if (pos > offset+length) 05843 goto out; 05844 #endif 05845 #if defined(CONFIG_RSBAC_PM) 05846 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i\n", 05847 RSBAC_PM_PROCESS_ACI_VERSION, sizeof(struct rsbac_pm_process_aci_t)); 05848 pos = begin + len; 05849 if (pos < offset) 05850 { 05851 len = 0; 05852 begin = pos; 05853 } 05854 if (pos > offset+length) 05855 goto out; 05856 #endif 05857 #if defined(CONFIG_RSBAC_RC) 05858 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %u, number of lists is %u\n", 05859 RSBAC_RC_PROCESS_ACI_VERSION, 05860 sizeof(struct rsbac_rc_process_aci_t), 05861 CONFIG_RSBAC_RC_NR_P_LISTS); 05862 pos = begin + len; 05863 if (pos < offset) 05864 { 05865 len = 0; 05866 begin = pos; 05867 } 05868 if (pos > offset+length) 05869 goto out; 05870 #endif 05871 #if defined(CONFIG_RSBAC_AUTH) 05872 len += sprintf(buffer + len, "AUTH aci version is %i, aci entry size is %i\n", 05873 RSBAC_AUTH_PROCESS_ACI_VERSION, sizeof(struct rsbac_auth_process_aci_t)); 05874 pos = begin + len; 05875 if (pos < offset) 05876 { 05877 len = 0; 05878 begin = pos; 05879 } 05880 if (pos > offset+length) 05881 goto out; 05882 #endif 05883 #if defined(CONFIG_RSBAC_CAP) 05884 len += sprintf(buffer + len, "CAP aci version is %i, aci entry size is %i\n", 05885 RSBAC_CAP_PROCESS_ACI_VERSION, sizeof(struct rsbac_cap_process_aci_t)); 05886 pos = begin + len; 05887 if (pos < offset) 05888 { 05889 len = 0; 05890 begin = pos; 05891 } 05892 if (pos > offset+length) 05893 goto out; 05894 #endif 05895 #if defined(CONFIG_RSBAC_JAIL) 05896 len += sprintf(buffer + len, "JAIL aci version is %u, aci entry size is %u, number of lists is %u\n", 05897 RSBAC_JAIL_PROCESS_ACI_VERSION, 05898 sizeof(struct rsbac_jail_process_aci_t), 05899 CONFIG_RSBAC_JAIL_NR_P_LISTS); 05900 pos = begin + len; 05901 if (pos < offset) 05902 { 05903 len = 0; 05904 begin = pos; 05905 } 05906 if (pos > offset+length) 05907 goto out; 05908 #endif 05909 05910 #if defined(CONFIG_RSBAC_NET_DEV) 05911 len += sprintf(buffer + len, "\nNETDEV lists:\n"); 05912 pos = begin + len; 05913 if (pos < offset) 05914 { 05915 len = 0; 05916 begin = pos; 05917 } 05918 if (pos > offset+length) 05919 goto out; 05920 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 05921 len += sprintf(buffer + len, "GEN aci version is %i, aci entry size is %i\n", 05922 RSBAC_GEN_NETDEV_ACI_VERSION, sizeof(struct rsbac_gen_netdev_aci_t)); 05923 pos = begin + len; 05924 if (pos < offset) 05925 { 05926 len = 0; 05927 begin = pos; 05928 } 05929 if (pos > offset+length) 05930 goto out; 05931 #endif 05932 #if defined(CONFIG_RSBAC_RC) 05933 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i\n", 05934 RSBAC_RC_NETDEV_ACI_VERSION, sizeof(rsbac_rc_type_id_t)); 05935 pos = begin + len; 05936 if (pos < offset) 05937 { 05938 len = 0; 05939 begin = pos; 05940 } 05941 if (pos > offset+length) 05942 goto out; 05943 #endif 05944 #endif 05945 05946 #if defined(CONFIG_RSBAC_NET_OBJ) 05947 len += sprintf(buffer + len, "\nNetwork Template list: version is %i, data size is %i\n", 05948 RSBAC_NET_TEMP_VERSION, sizeof(struct rsbac_net_temp_data_t)); 05949 pos = begin + len; 05950 if (pos < offset) 05951 { 05952 len = 0; 05953 begin = pos; 05954 } 05955 if (pos > offset+length) 05956 goto out; 05957 len += sprintf(buffer + len, "\nNETOBJ lists:\nGEN aci version is %i, aci entry size is %i\n", 05958 RSBAC_GEN_NETOBJ_ACI_VERSION, sizeof(struct rsbac_gen_netobj_aci_t)); 05959 pos = begin + len; 05960 if (pos < offset) 05961 { 05962 len = 0; 05963 begin = pos; 05964 } 05965 if (pos > offset+length) 05966 goto out; 05967 #if defined(CONFIG_RSBAC_MAC) 05968 len += sprintf(buffer + len, "MAC aci version is %i, aci entry size is %i\n", 05969 RSBAC_MAC_NETOBJ_ACI_VERSION, sizeof(struct rsbac_mac_netobj_aci_t)); 05970 pos = begin + len; 05971 if (pos < offset) 05972 { 05973 len = 0; 05974 begin = pos; 05975 } 05976 if (pos > offset+length) 05977 goto out; 05978 #endif 05979 #if defined(CONFIG_RSBAC_FC) 05980 len += sprintf(buffer + len, "FC aci version is %i, aci entry size is %i\n", 05981 RSBAC_FC_NETOBJ_ACI_VERSION, sizeof(rsbac_fc_oc_t)); 05982 pos = begin + len; 05983 if (pos < offset) 05984 { 05985 len = 0; 05986 begin = pos; 05987 } 05988 if (pos > offset+length) 05989 goto out; 05990 #endif 05991 #if defined(CONFIG_RSBAC_SIM) 05992 len += sprintf(buffer + len, "SIM aci version is %i, aci entry size is %i\n", 05993 RSBAC_SIM_NETOBJ_ACI_VERSION, sizeof(rsbac_sim_dt_t)); 05994 pos = begin + len; 05995 if (pos < offset) 05996 { 05997 len = 0; 05998 begin = pos; 05999 } 06000 if (pos > offset+length) 06001 goto out; 06002 #endif 06003 #if defined(CONFIG_RSBAC_PM) 06004 len += sprintf(buffer + len, "PM aci version is %i, aci entry size is %i\n", 06005 RSBAC_PM_NETOBJ_ACI_VERSION, sizeof(struct rsbac_pm_netobj_aci_t)); 06006 pos = begin + len; 06007 if (pos < offset) 06008 { 06009 len = 0; 06010 begin = pos; 06011 } 06012 if (pos > offset+length) 06013 goto out; 06014 #endif 06015 #if defined(CONFIG_RSBAC_RC) 06016 len += sprintf(buffer + len, "RC aci version is %i, aci entry size is %i\n", 06017 RSBAC_RC_NETOBJ_ACI_VERSION, sizeof(rsbac_rc_type_id_t)); 06018 pos = begin + len; 06019 if (pos < offset) 06020 { 06021 len = 0; 06022 begin = pos; 06023 } 06024 if (pos > offset+length) 06025 goto out; 06026 #endif 06027 #endif 06028 06029 len += sprintf(buffer + len, "\nlog_levels array: version is %i, array size is %i\n", 06030 RSBAC_LOG_LEVEL_VERSION, R_NONE * (T_NONE+1) * sizeof(rsbac_enum_t)); 06031 pos = begin + len; 06032 if (pos < offset) 06033 { 06034 len = 0; 06035 begin = pos; 06036 } 06037 06038 out: 06039 *start = buffer + (offset - begin); 06040 len -= (offset - begin); 06041 06042 if (len > length) 06043 len = length; 06044 return len; 06045 } 06046 06047 #ifdef CONFIG_RSBAC_NET_OBJ 06048 static int 06049 net_temp_proc_info(char *buffer, char **start, off_t offset, int length) 06050 { 06051 u_int len = 0; 06052 off_t pos = 0; 06053 off_t begin = 0; 06054 rsbac_net_temp_id_t * temp_array; 06055 long count; 06056 06057 union rsbac_target_id_t rsbac_target_id; 06058 union rsbac_attribute_value_t rsbac_attribute_value; 06059 06060 if (!rsbac_initialized) return (-ENOSYS); 06061 06062 #ifdef CONFIG_RSBAC_DEBUG 06063 if (rsbac_debug_aef) 06064 { 06065 #ifdef CONFIG_RSBAC_RMSG 06066 rsbac_printk(KERN_DEBUG "net_temp_proc_info(): calling ADF\n"); 06067 #endif 06068 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06069 if (!rsbac_nosyslog) 06070 #endif 06071 printk(KERN_DEBUG "net_temp_proc_info(): calling ADF\n"); 06072 } 06073 #endif 06074 rsbac_target_id.scd = ST_rsbac; 06075 rsbac_attribute_value.dummy = 0; 06076 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06077 current->pid, 06078 T_SCD, 06079 rsbac_target_id, 06080 A_none, 06081 rsbac_attribute_value)) 06082 { 06083 return -EPERM; 06084 } 06085 06086 len = sprintf(buffer, "Network Templates\n-----------------\n"); 06087 pos = begin + len; 06088 if (pos < offset) 06089 { 06090 len = 0; 06091 begin = pos; 06092 } 06093 if (pos > offset+length) 06094 goto out; 06095 06096 count = rsbac_list_get_all_desc(net_temp_handle, (void **) &temp_array); 06097 if(count > 0) 06098 { 06099 __u32 i; 06100 struct rsbac_net_temp_data_t data; 06101 06102 for(i=0; i < count; i++) 06103 { 06104 if(!rsbac_list_get_data(net_temp_handle, &temp_array[i], &data)) 06105 { 06106 len += sprintf(buffer + len, "%10u %s\n", 06107 temp_array[i], data.name); 06108 pos = begin + len; 06109 if (pos < offset) 06110 { 06111 len = 0; 06112 begin = pos; 06113 } 06114 if (pos > offset+length) 06115 { 06116 rsbac_vfree(temp_array); 06117 goto out; 06118 } 06119 } 06120 } 06121 rsbac_vfree(temp_array); 06122 } 06123 len += sprintf(buffer + len, "%lu templates\n", 06124 count); 06125 pos = begin + len; 06126 if (pos < offset) 06127 { 06128 len = 0; 06129 begin = pos; 06130 } 06131 06132 out: 06133 *start = buffer + (offset - begin); 06134 len -= (offset - begin); 06135 06136 if (len > length) 06137 len = length; 06138 return len; 06139 } 06140 #endif /* NET_OBJ */ 06141 06142 #ifdef CONFIG_RSBAC_JAIL 06143 static int 06144 jail_proc_info(char *buffer, char **start, off_t offset, int length) 06145 { 06146 u_int len = 0; 06147 off_t pos = 0; 06148 off_t begin = 0; 06149 rsbac_pid_t * pid_array; 06150 struct rsbac_ipc_t * ipc_array; 06151 u_long count = 0; 06152 u_int i; 06153 u_int j; 06154 long subcount; 06155 struct rsbac_jail_process_aci_t data; 06156 union rsbac_target_id_t rsbac_target_id; 06157 union rsbac_attribute_value_t rsbac_attribute_value; 06158 06159 if (!rsbac_initialized) return (-ENOSYS); 06160 06161 #ifdef CONFIG_RSBAC_DEBUG 06162 if (rsbac_debug_aef) 06163 { 06164 #ifdef CONFIG_RSBAC_RMSG 06165 rsbac_printk(KERN_DEBUG "jail_proc_info(): calling ADF\n"); 06166 #endif 06167 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06168 if (!rsbac_nosyslog) 06169 #endif 06170 printk(KERN_DEBUG "jail_proc_info(): calling ADF\n"); 06171 } 06172 #endif 06173 rsbac_target_id.scd = ST_rsbac; 06174 rsbac_attribute_value.dummy = 0; 06175 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06176 current->pid, 06177 T_SCD, 06178 rsbac_target_id, 06179 A_none, 06180 rsbac_attribute_value)) 06181 { 06182 return -EPERM; 06183 } 06184 06185 len = sprintf(buffer, "JAILed Processes\n----------------\nPID Jail-ID Flags Max Caps IP\n"); 06186 pos = begin + len; 06187 if (pos < offset) 06188 { 06189 len = 0; 06190 begin = pos; 06191 } 06192 if (pos > offset+length) 06193 goto out; 06194 06195 for(j=0; j<CONFIG_RSBAC_JAIL_NR_P_LISTS; j++) 06196 { 06197 subcount = rsbac_list_get_all_desc(process_handles.jail[j], (void **) &pid_array); 06198 if(subcount > 0) 06199 { 06200 for(i=0; i < subcount; i++) 06201 { 06202 if(!rsbac_list_get_data(process_handles.jail[j], &pid_array[i], &data)) 06203 { 06204 len += sprintf(buffer + len, "%-5u %-10u %-7u %-10i %u.%u.%u.%u\n", 06205 pid_array[i], 06206 data.id, 06207 data.flags, 06208 data.max_caps, 06209 NIPQUAD(data.ip)); 06210 pos = begin + len; 06211 if (pos < offset) 06212 { 06213 len = 0; 06214 begin = pos; 06215 } 06216 if (pos > offset+length) 06217 { 06218 rsbac_vfree(pid_array); 06219 goto out; 06220 } 06221 } 06222 } 06223 count += subcount; 06224 } 06225 rsbac_vfree(pid_array); 06226 } 06227 len += sprintf(buffer + len, "%lu jailed processes\n", 06228 count); 06229 pos = begin + len; 06230 if (pos < offset) 06231 { 06232 len = 0; 06233 begin = pos; 06234 } 06235 if (pos > offset+length) 06236 goto out; 06237 06238 len += sprintf(buffer + len, "\nJAIL IPCs\n---------\nType IPC-ID Jail-ID\n"); 06239 pos = begin + len; 06240 if (pos < offset) 06241 { 06242 len = 0; 06243 begin = pos; 06244 } 06245 if (pos > offset+length) 06246 goto out; 06247 06248 count = rsbac_list_get_all_desc(ipc_handles.jail, (void **) &ipc_array); 06249 if(count > 0) 06250 { 06251 __u32 i; 06252 rsbac_jail_id_t data; 06253 char tmp[RSBAC_MAXNAMELEN]; 06254 06255 for(i=0; i < count; i++) 06256 { 06257 if(!rsbac_list_get_data(ipc_handles.jail, &ipc_array[i], &data)) 06258 { 06259 len += sprintf(buffer + len, "%-5s %-10lu %-10u\n", 06260 get_ipc_target_name(tmp, ipc_array[i].type), 06261 ipc_array[i].id.id_nr, 06262 data); 06263 pos = begin + len; 06264 if (pos < offset) 06265 { 06266 len = 0; 06267 begin = pos; 06268 } 06269 if (pos > offset+length) 06270 { 06271 rsbac_vfree(ipc_array); 06272 goto out; 06273 } 06274 } 06275 } 06276 rsbac_vfree(ipc_array); 06277 } 06278 len += sprintf(buffer + len, "%lu JAIL IPCs\n", 06279 count); 06280 pos = begin + len; 06281 if (pos < offset) 06282 { 06283 len = 0; 06284 begin = pos; 06285 } 06286 if (pos > offset+length) 06287 goto out; 06288 out: 06289 *start = buffer + (offset - begin); 06290 len -= (offset - begin); 06291 06292 if (len > length) 06293 len = length; 06294 return len; 06295 } 06296 #endif /* JAIL */ 06297 06298 #ifdef CONFIG_RSBAC_PAX 06299 static int 06300 pax_proc_info(char *buffer, char **start, off_t offset, int length) 06301 { 06302 int len = 0; 06303 off_t pos = 0; 06304 off_t begin = 0; 06305 06306 union rsbac_target_id_t rsbac_target_id; 06307 union rsbac_attribute_value_t rsbac_attribute_value; 06308 06309 if (!rsbac_is_initialized()) 06310 return (-ENOSYS); 06311 06312 rsbac_target_id.scd = ST_rsbac; 06313 rsbac_attribute_value.dummy = 0; 06314 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06315 current->pid, 06316 T_SCD, 06317 rsbac_target_id, 06318 A_none, 06319 rsbac_attribute_value)) 06320 { 06321 return -EPERM; 06322 } 06323 len += sprintf(buffer, "RSBAC PaX module\n----------------\n"); 06324 pos = begin + len; 06325 if (pos < offset) 06326 { 06327 len = 0; 06328 begin = pos; 06329 } 06330 if (pos > offset+length) 06331 goto out; 06332 06333 len += sprintf(buffer + len, "%li user list items.\n", 06334 rsbac_list_count(user_handles.pax)); 06335 pos = begin + len; 06336 if (pos < offset) 06337 { 06338 len = 0; 06339 begin = pos; 06340 } 06341 if (pos > offset+length) 06342 goto out; 06343 06344 out: 06345 *start = buffer + (offset - begin); 06346 len -= (offset - begin); 06347 06348 if (len > length) 06349 len = length; 06350 return len; 06351 } 06352 #endif 06353 06354 static int register_all_rsbac_proc(void) 06355 { 06356 struct proc_dir_entry * tmp_entry_p; 06357 06358 proc_rsbac_root_p = create_proc_entry("rsbac-info", 06359 S_IFDIR | S_IRUGO | S_IXUGO, 06360 &proc_root); 06361 if(!proc_rsbac_root_p) 06362 return -RSBAC_ECOULDNOTADDITEM; 06363 06364 proc_rsbac_backup_p = create_proc_entry("backup", 06365 S_IFDIR | S_IRUGO | S_IXUGO, 06366 proc_rsbac_root_p); 06367 if(!proc_rsbac_root_p) 06368 return -RSBAC_ECOULDNOTADDITEM; 06369 06370 tmp_entry_p = create_proc_entry("devices", 06371 S_IFREG | S_IRUGO, 06372 proc_rsbac_root_p); 06373 if(!tmp_entry_p) 06374 return -RSBAC_ECOULDNOTADDITEM; 06375 tmp_entry_p->get_info = devices_proc_info; 06376 06377 tmp_entry_p = create_proc_entry("stats", 06378 S_IFREG | S_IRUGO, 06379 proc_rsbac_root_p); 06380 if(!tmp_entry_p) 06381 return -RSBAC_ECOULDNOTADDITEM; 06382 tmp_entry_p->get_info = stats_proc_info; 06383 06384 tmp_entry_p = create_proc_entry("active", 06385 S_IFREG | S_IRUGO, 06386 proc_rsbac_root_p); 06387 if(!tmp_entry_p) 06388 return -RSBAC_ECOULDNOTADDITEM; 06389 tmp_entry_p->get_info = active_proc_info; 06390 06391 #ifdef CONFIG_RSBAC_XSTATS 06392 tmp_entry_p = create_proc_entry("xstats", 06393 S_IFREG | S_IRUGO, 06394 proc_rsbac_root_p); 06395 if(!tmp_entry_p) 06396 return -RSBAC_ECOULDNOTADDITEM; 06397 tmp_entry_p->get_info = xstats_proc_info; 06398 #endif 06399 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0) 06400 tmp_entry_p = create_proc_entry("auto_write", 06401 S_IFREG | S_IRUGO | S_IWUGO, 06402 proc_rsbac_root_p); 06403 if(!tmp_entry_p) 06404 return -RSBAC_ECOULDNOTADDITEM; 06405 tmp_entry_p->get_info = auto_write_proc_info; 06406 tmp_entry_p->write_proc = auto_write_proc_write; 06407 #endif 06408 tmp_entry_p = create_proc_entry("versions", 06409 S_IFREG | S_IRUGO, 06410 proc_rsbac_root_p); 06411 if(!tmp_entry_p) 06412 return -RSBAC_ECOULDNOTADDITEM; 06413 tmp_entry_p->get_info = versions_proc_info; 06414 06415 #ifdef CONFIG_RSBAC_NET_OBJ 06416 tmp_entry_p = create_proc_entry("net_temp", 06417 S_IFREG | S_IRUGO, 06418 proc_rsbac_root_p); 06419 if(!tmp_entry_p) 06420 return -RSBAC_ECOULDNOTADDITEM; 06421 tmp_entry_p->get_info = net_temp_proc_info; 06422 #endif 06423 #ifdef CONFIG_RSBAC_JAIL 06424 tmp_entry_p = create_proc_entry("jails", 06425 S_IFREG | S_IRUGO, 06426 proc_rsbac_root_p); 06427 if(!tmp_entry_p) 06428 return -RSBAC_ECOULDNOTADDITEM; 06429 tmp_entry_p->get_info = jail_proc_info; 06430 #endif 06431 #ifdef CONFIG_RSBAC_PAX 06432 tmp_entry_p = create_proc_entry("pax", 06433 S_IFREG | S_IRUGO, 06434 proc_rsbac_root_p); 06435 if(!tmp_entry_p) 06436 return -RSBAC_ECOULDNOTADDITEM; 06437 tmp_entry_p->get_info = pax_proc_info; 06438 #endif 06439 06440 return(0); 06441 } 06442 06443 /* 06444 static int unregister_all_rsbac_proc(void) 06445 { 06446 #ifdef CONFIG_RSBAC_PAX 06447 remove_proc_entry("pax", proc_rsbac_root_p); 06448 #endif 06449 #ifdef CONFIG_RSBAC_JAIL 06450 remove_proc_entry("jails", proc_rsbac_root_p); 06451 #endif 06452 #ifdef CONFIG_RSBAC_NET_OBJ 06453 remove_proc_entry("net_temp", proc_rsbac_root_p); 06454 #endif 06455 remove_proc_entry("versions", proc_rsbac_root_p); 06456 remove_proc_entry("devices", proc_rsbac_root_p); 06457 remove_proc_entry("stats", proc_rsbac_root_p); 06458 remove_proc_entry("active", proc_rsbac_root_p); 06459 remove_proc_entry("auto-write", proc_rsbac_root_p); 06460 remove_proc_entry("backup", proc_rsbac_root_p); 06461 remove_proc_entry("rsbac-info", &proc_root); 06462 return(0); 06463 } 06464 */ 06465 #endif /* CONFIG_PROC_FS && CONFIG_RSBAC_PROC */ 06466 06467 06468 /************************************************* */ 06469 /* RSBAC daemon */ 06470 /************************************************* */ 06471 06472 /************************************************************************** */ 06473 /* Initialization, including ACI restoration for root device from disk. */ 06474 /* After this call, all ACI is kept in memory for performance reasons, */ 06475 /* but user and file/dir object ACI are written to disk on every change. */ 06476 06477 /* Since there can be no access to aci data structures before init, */ 06478 /* rsbac_do_init() will initialize all rw-spinlocks to unlocked. */ 06479 06480 /* DAZ init prototype */ 06481 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT) 06482 #ifdef CONFIG_RSBAC_INIT_DELAY 06483 int rsbac_init_daz(void); 06484 #else 06485 int __init rsbac_init_daz(void); 06486 #endif 06487 #endif 06488 06489 #ifdef CONFIG_RSBAC_INIT_DELAY 06490 static void registration_error(int err, char * listname) 06491 #else 06492 static void __init registration_error(int err, char * listname) 06493 #endif 06494 { 06495 if(err < 0) 06496 { 06497 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06498 06499 if(tmp) 06500 { 06501 #ifdef CONFIG_RSBAC_RMSG 06502 rsbac_printk(KERN_WARNING 06503 "rsbac_do_init(): Registering %s list failed with error %s\n", 06504 listname, 06505 get_error_name(tmp, err)); 06506 #endif 06507 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06508 if (!rsbac_nosyslog) 06509 #endif 06510 printk(KERN_WARNING 06511 "rsbac_do_init(): Registering %s list failed with error %s\n", 06512 listname, 06513 get_error_name(tmp, err)); 06514 rsbac_kfree(tmp); 06515 } 06516 } 06517 } 06518 06519 #ifdef CONFIG_RSBAC_INIT_DELAY 06520 static int rsbac_do_init(void) 06521 #else 06522 static int __init rsbac_do_init(void) 06523 #endif 06524 { 06525 int err = 0; 06526 struct rsbac_device_list_item_t * device_p; 06527 struct rsbac_device_list_item_t * new_device_p; 06528 u_long flags; 06529 struct rsbac_list_info_t * list_info_p; 06530 struct super_block * sb_p; 06531 06532 #ifdef CONFIG_RSBAC_DEBUG 06533 if(rsbac_debug_stack) 06534 { 06535 unsigned long * n; 06536 06537 n = (unsigned long *) (current+1); 06538 while (!*n) 06539 n++; 06540 #ifdef CONFIG_RSBAC_RMSG 06541 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack: %lu\n", 06542 (unsigned long) n - (unsigned long)(current+1)); 06543 #endif 06544 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06545 if (!rsbac_nosyslog) 06546 #endif 06547 printk(KERN_DEBUG "rsbac_do_init: free stack: %lu\n", 06548 (unsigned long) n - (unsigned long)(current+1)); 06549 } 06550 #endif 06551 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL); 06552 if(!list_info_p) 06553 { 06554 return -ENOMEM; 06555 } 06556 compiled_modules[0] = (char) 0; 06557 #ifdef CONFIG_RSBAC_REG 06558 strcat(compiled_modules, " REG"); 06559 #endif 06560 #ifdef CONFIG_RSBAC_MAC 06561 #ifdef CONFIG_RSBAC_MAC_LIGHT 06562 strcat(compiled_modules, " MAC-L"); 06563 #else 06564 strcat(compiled_modules, " MAC"); 06565 #endif 06566 #endif 06567 #ifdef CONFIG_RSBAC_FC 06568 strcat(compiled_modules, " FC"); 06569 #endif 06570 #ifdef CONFIG_RSBAC_SIM 06571 strcat(compiled_modules, " SIM"); 06572 #endif 06573 #ifdef CONFIG_RSBAC_PM 06574 strcat(compiled_modules, " PM"); 06575 #endif 06576 #ifdef CONFIG_RSBAC_DAZ 06577 strcat(compiled_modules, " DAZ"); 06578 #endif 06579 #ifdef CONFIG_RSBAC_FF 06580 strcat(compiled_modules, " FF"); 06581 #endif 06582 #ifdef CONFIG_RSBAC_RC 06583 strcat(compiled_modules, " RC"); 06584 #endif 06585 #ifdef CONFIG_RSBAC_AUTH 06586 strcat(compiled_modules, " AUTH"); 06587 #endif 06588 #ifdef CONFIG_RSBAC_ACL 06589 strcat(compiled_modules, " ACL"); 06590 #endif 06591 #ifdef CONFIG_RSBAC_CAP 06592 strcat(compiled_modules, " CAP"); 06593 #endif 06594 #ifdef CONFIG_RSBAC_JAIL 06595 strcat(compiled_modules, " JAIL"); 06596 #endif 06597 #ifdef CONFIG_RSBAC_RES 06598 strcat(compiled_modules, " RES"); 06599 #endif 06600 #ifdef CONFIG_RSBAC_PAX 06601 strcat(compiled_modules, " PAX"); 06602 #endif 06603 #ifdef CONFIG_RSBAC_MAINT 06604 #ifdef CONFIG_RSBAC_RMSG 06605 rsbac_printk(KERN_INFO 06606 "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n", 06607 RSBAC_VERSION); 06608 rsbac_printk(KERN_INFO 06609 "rsbac_do_init(): Supported module data structures:%s\n", 06610 compiled_modules); 06611 #endif 06612 printk(KERN_INFO 06613 "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n", 06614 RSBAC_VERSION); 06615 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06616 if (!rsbac_nosyslog) 06617 #endif 06618 printk(KERN_INFO 06619 "rsbac_do_init(): Supported module data structures:%s\n", 06620 compiled_modules); 06621 #else 06622 #ifdef CONFIG_RSBAC_RMSG 06623 rsbac_printk(KERN_INFO 06624 "rsbac_do_init(): Initializing RSBAC %s\n", 06625 RSBAC_VERSION); 06626 rsbac_printk(KERN_INFO 06627 "rsbac_do_init(): compiled modules:%s\n", 06628 compiled_modules); 06629 #endif 06630 printk(KERN_INFO 06631 "rsbac_do_init(): Initializing RSBAC %s\n", 06632 RSBAC_VERSION); 06633 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06634 if (!rsbac_nosyslog) 06635 #endif 06636 printk(KERN_INFO 06637 "rsbac_do_init(): compiled modules:%s\n", 06638 compiled_modules); 06639 #endif 06640 06641 /* init memory */ 06642 #ifdef CONFIG_RSBAC_RMSG 06643 rsbac_printk(KERN_INFO 06644 "rsbac_do_init(): Initializing memory slabs\n"); 06645 #endif 06646 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06647 if (!rsbac_nosyslog) 06648 #endif 06649 printk(KERN_INFO 06650 "rsbac_do_init(): Initializing memory slabs\n"); 06651 rsbac_kmem_cache_sizes_init(); 06652 06653 /* set rw-spinlocks to unlocked status and init data structures */ 06654 device_list_head.lock = RW_LOCK_UNLOCKED; 06655 device_list_head.head = NULL; 06656 device_list_head.tail = NULL; 06657 device_list_head.curr = NULL; 06658 device_list_head.count = 0; 06659 06660 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS) 06661 #ifdef CONFIG_RSBAC_DEBUG 06662 if(rsbac_debug_stack) 06663 { 06664 unsigned long * n = (unsigned long *) (current+1); 06665 06666 while (!*n) 06667 n++; 06668 #ifdef CONFIG_RSBAC_RMSG 06669 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering proc dir: %lu\n", 06670 (unsigned long) n - (unsigned long)(current+1)); 06671 #endif 06672 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06673 if (!rsbac_nosyslog) 06674 #endif 06675 printk(KERN_DEBUG "rsbac_do_init: free stack before registering proc dir: %lu\n", 06676 (unsigned long) n - (unsigned long)(current+1)); 06677 } 06678 #endif 06679 #ifdef CONFIG_RSBAC_RMSG 06680 rsbac_printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n"); 06681 #endif 06682 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06683 if (!rsbac_nosyslog) 06684 #endif 06685 printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n"); 06686 register_all_rsbac_proc(); 06687 #endif 06688 06689 #ifdef CONFIG_RSBAC_DEBUG 06690 if(rsbac_debug_stack) 06691 { 06692 unsigned long * n = (unsigned long *) (current+1); 06693 06694 while (!*n) 06695 n++; 06696 #ifdef CONFIG_RSBAC_RMSG 06697 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before get_super: %lu\n", 06698 (unsigned long) n - (unsigned long)(current+1)); 06699 #endif 06700 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06701 if (!rsbac_nosyslog) 06702 #endif 06703 printk(KERN_DEBUG "rsbac_do_init: free stack before get_super: %lu\n", 06704 (unsigned long) n - (unsigned long)(current+1)); 06705 } 06706 #endif 06707 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 06708 sb_p = user_get_super(rsbac_root_dev); 06709 #else 06710 sb_p = get_super(rsbac_root_dev); 06711 #endif 06712 if(!sb_p) 06713 { 06714 kfree(list_info_p); 06715 return -RSBAC_ENOROOTDEV; 06716 } 06717 /* read fd aci from root device */ 06718 #ifdef CONFIG_RSBAC_DEBUG 06719 if (rsbac_debug_ds) 06720 { 06721 #ifdef CONFIG_RSBAC_RMSG 06722 rsbac_printk(KERN_DEBUG 06723 "rsbac_do_init(): reading aci from device number %02u:%02u\n", 06724 RSBAC_MAJOR(rsbac_root_dev), 06725 RSBAC_MINOR(rsbac_root_dev)); 06726 #endif 06727 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06728 if (!rsbac_nosyslog) 06729 #endif 06730 printk(KERN_DEBUG 06731 "rsbac_do_init(): reading aci from device number %02u:%02u\n", 06732 RSBAC_MAJOR(rsbac_root_dev), 06733 RSBAC_MINOR(rsbac_root_dev)); 06734 } 06735 #endif 06736 /* create a private device item */ 06737 new_device_p = create_device_item(sb_p, NULL); 06738 if (!new_device_p) 06739 { 06740 #ifdef CONFIG_RSBAC_RMSG 06741 rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not alloc device item!\n"); 06742 #endif 06743 printk(KERN_CRIT "rsbac_do_init(): Could not alloc device item!\n"); 06744 err = -RSBAC_ECOULDNOTADDDEVICE; 06745 goto out_free; 06746 } 06747 #ifdef CONFIG_RSBAC_DEBUG 06748 if(rsbac_debug_stack) 06749 { 06750 unsigned long * n = (unsigned long *) (current+1); 06751 06752 while (!*n) 06753 n++; 06754 #ifdef CONFIG_RSBAC_RMSG 06755 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before register_fd_lists: %lu\n", 06756 (unsigned long) n - (unsigned long)(current+1)); 06757 #endif 06758 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06759 if (!rsbac_nosyslog) 06760 #endif 06761 printk(KERN_DEBUG "rsbac_do_init: free stack before register_fd_lists: %lu\n", 06762 (unsigned long) n - (unsigned long)(current+1)); 06763 } 06764 #endif 06765 /* Add new_device_p to device list */ 06766 /* wait for write access to device_list_head */ 06767 rsbac_write_lock(&device_list_head.lock, &flags); 06768 /* OK, go on */ 06769 device_p = add_device_item(new_device_p); 06770 /* device was added, allow access */ 06771 rsbac_write_unlock(&device_list_head.lock, &flags); 06772 if (!device_p) 06773 { 06774 #ifdef CONFIG_RSBAC_RMSG 06775 rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not add device!\n"); 06776 #endif 06777 printk(KERN_CRIT "rsbac_do_init(): Could not add device!\n"); 06778 clear_device_item(new_device_p); 06779 err = -RSBAC_ECOULDNOTADDDEVICE; 06780 goto out_free; 06781 } 06782 06783 /* init lists - we need the root device_p to be initialized, but no generic list registered */ 06784 #ifdef CONFIG_RSBAC_RMSG 06785 rsbac_printk(KERN_INFO 06786 "rsbac_do_init(): Initializing generic lists\n"); 06787 #endif 06788 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06789 if (!rsbac_nosyslog) 06790 #endif 06791 printk(KERN_INFO 06792 "rsbac_do_init(): Initializing generic lists\n"); 06793 rsbac_list_init(); 06794 06795 #ifdef CONFIG_RSBAC_DEBUG 06796 if(rsbac_debug_stack) 06797 { 06798 unsigned long * n = (unsigned long *) (current+1); 06799 06800 while (!*n) 06801 n++; 06802 #ifdef CONFIG_RSBAC_RMSG 06803 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_debug: %lu\n", 06804 (unsigned long) n - (unsigned long)(current+1)); 06805 #endif 06806 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06807 if (!rsbac_nosyslog) 06808 #endif 06809 printk(KERN_DEBUG "rsbac_do_init: free stack before init_debug: %lu\n", 06810 (unsigned long) n - (unsigned long)(current+1)); 06811 } 06812 #endif 06813 rsbac_init_debug(); 06814 06815 #ifdef CONFIG_RSBAC_RMSG 06816 rsbac_printk(KERN_INFO 06817 "rsbac_do_init(): reading FD attributes from root dev\n"); 06818 #endif 06819 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06820 if (!rsbac_nosyslog) 06821 #endif 06822 printk(KERN_INFO 06823 "rsbac_do_init(): reading FD attributes from root dev\n"); 06824 06825 /* no locking needed, device_p is known and there can be no parallel init! */ 06826 if((err = register_fd_lists(device_p,rsbac_root_dev))) 06827 { 06828 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06829 06830 if(tmp) 06831 { 06832 #ifdef CONFIG_RSBAC_RMSG 06833 rsbac_printk(KERN_WARNING 06834 "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n", 06835 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err)); 06836 #endif 06837 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06838 if (!rsbac_nosyslog) 06839 #endif 06840 printk(KERN_WARNING 06841 "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n", 06842 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err)); 06843 rsbac_kfree(tmp); 06844 } 06845 } 06846 06847 #ifdef CONFIG_RSBAC_DEBUG 06848 if(rsbac_debug_stack) 06849 { 06850 unsigned long * n = (unsigned long *) (current+1); 06851 06852 while (!*n) 06853 n++; 06854 #ifdef CONFIG_RSBAC_RMSG 06855 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before DEV lists registration: %lu\n", 06856 (unsigned long) n - (unsigned long)(current+1)); 06857 #endif 06858 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06859 if (!rsbac_nosyslog) 06860 #endif 06861 printk(KERN_DEBUG "rsbac_do_init: free stack before DEV lists registration: %lu\n", 06862 (unsigned long) n - (unsigned long)(current+1)); 06863 } 06864 #endif 06865 #ifdef CONFIG_RSBAC_DEBUG 06866 if (rsbac_debug_ds) 06867 { 06868 #ifdef CONFIG_RSBAC_RMSG 06869 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering DEV lists\n"); 06870 #endif 06871 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 06872 if (!rsbac_nosyslog) 06873 #endif 06874 printk(KERN_DEBUG "rsbac_do_init(): registering DEV lists\n"); 06875 } 06876 #endif 06877 { 06878 struct rsbac_gen_dev_aci_t def_aci = DEFAULT_GEN_DEV_ACI; 06879 06880 list_info_p->version = RSBAC_GEN_DEV_ACI_VERSION; 06881 list_info_p->key = RSBAC_GEN_DEV_ACI_KEY; 06882 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); 06883 list_info_p->data_size = sizeof(struct rsbac_gen_dev_aci_t); 06884 list_info_p->max_age = 0; 06885 err = rsbac_list_register(RSBAC_LIST_VERSION, 06886 &dev_handles.gen, 06887 list_info_p, 06888 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06889 RSBAC_LIST_BACKUP | 06890 #endif 06891 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 06892 dev_compare, 06893 gen_dev_get_conv, 06894 &def_aci, 06895 RSBAC_GEN_ACI_DEV_NAME, 06896 RSBAC_AUTO_DEV); 06897 if(err) 06898 { 06899 registration_error(err, "DEV General"); 06900 } 06901 } 06902 #if defined(CONFIG_RSBAC_MAC) 06903 { 06904 struct rsbac_mac_dev_aci_t def_aci = DEFAULT_MAC_DEV_ACI; 06905 06906 list_info_p->version = RSBAC_MAC_DEV_ACI_VERSION; 06907 list_info_p->key = RSBAC_MAC_DEV_ACI_KEY; 06908 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); 06909 list_info_p->data_size = sizeof(struct rsbac_mac_dev_aci_t); 06910 list_info_p->max_age = 0; 06911 err = rsbac_list_register(RSBAC_LIST_VERSION, 06912 &dev_handles.mac, 06913 list_info_p, 06914 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06915 RSBAC_LIST_BACKUP | 06916 #endif 06917 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 06918 dev_compare, 06919 mac_dev_get_conv, 06920 &def_aci, 06921 RSBAC_MAC_ACI_DEV_NAME, 06922 RSBAC_AUTO_DEV); 06923 if(err) 06924 { 06925 registration_error(err, "DEV MAC"); 06926 } 06927 } 06928 #endif 06929 #if defined(CONFIG_RSBAC_FC) 06930 { 06931 rsbac_fc_oc_t def_aci = RSBAC_FC_OC_ROOT_DEF; 06932 06933 list_info_p->version = RSBAC_FC_DEV_ACI_VERSION; 06934 list_info_p->key = RSBAC_FC_DEV_ACI_KEY; 06935 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); 06936 list_info_p->data_size = sizeof(rsbac_fc_oc_t); 06937 list_info_p->max_age = 0; 06938 err = rsbac_list_register(RSBAC_LIST_VERSION, 06939 &dev_handles.fc, 06940 list_info_p, 06941 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06942 RSBAC_LIST_BACKUP | 06943 #endif 06944 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 06945 dev_compare, 06946 fc_dev_get_conv, 06947 &def_aci, 06948 RSBAC_FC_ACI_DEV_NAME, 06949 RSBAC_AUTO_DEV); 06950 if(err) 06951 { 06952 registration_error(err, "DEV FC"); 06953 } 06954 } 06955 #endif 06956 #if defined(CONFIG_RSBAC_SIM) 06957 { 06958 rsbac_sim_dt_t def_aci = RSBAC_SIM_DT_ROOT_DEF; 06959 06960 list_info_p->version = RSBAC_SIM_DEV_ACI_VERSION; 06961 list_info_p->key = RSBAC_SIM_DEV_ACI_KEY; 06962 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); 06963 list_info_p->data_size = sizeof(rsbac_sim_dt_t); 06964 list_info_p->max_age = 0; 06965 err = rsbac_list_register(RSBAC_LIST_VERSION, 06966 &dev_handles.sim, 06967 list_info_p, 06968 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06969 RSBAC_LIST_BACKUP | 06970 #endif 06971 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 06972 dev_compare, 06973 sim_dev_get_conv, 06974 &def_aci, 06975 RSBAC_SIM_ACI_DEV_NAME, 06976 RSBAC_AUTO_DEV); 06977 if(err) 06978 { 06979 registration_error(err, "DEV SIM"); 06980 } 06981 } 06982 #endif 06983 #if defined(CONFIG_RSBAC_PM) 06984 { 06985 struct rsbac_pm_dev_aci_t def_aci = DEFAULT_PM_DEV_ACI; 06986 06987 list_info_p->version = RSBAC_PM_DEV_ACI_VERSION; 06988 list_info_p->key = RSBAC_PM_DEV_ACI_KEY; 06989 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); 06990 list_info_p->data_size = sizeof(struct rsbac_pm_dev_aci_t); 06991 list_info_p->max_age = 0; 06992 err = rsbac_list_register(RSBAC_LIST_VERSION, 06993 &dev_handles.pm, 06994 list_info_p, 06995 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 06996 RSBAC_LIST_BACKUP | 06997 #endif 06998 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 06999 dev_compare, 07000 pm_dev_get_conv, 07001 &def_aci, 07002 RSBAC_PM_ACI_DEV_NAME, 07003 RSBAC_AUTO_DEV); 07004 if(err) 07005 { 07006 registration_error(err, "DEV PM"); 07007 } 07008 } 07009 #endif 07010 #if defined(CONFIG_RSBAC_RC) 07011 { 07012 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE; 07013 07014 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION; 07015 list_info_p->key = RSBAC_RC_DEV_ACI_KEY; 07016 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t); 07017 list_info_p->data_size = sizeof(rsbac_rc_type_id_t); 07018 list_info_p->max_age = 0; 07019 err = rsbac_list_register(RSBAC_LIST_VERSION, 07020 &dev_handles.rc, 07021 list_info_p, 07022 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07023 RSBAC_LIST_BACKUP | 07024 #endif 07025 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07026 dev_compare, 07027 rc_dev_get_conv, 07028 &def_aci, 07029 RSBAC_RC_ACI_DEV_NAME, 07030 RSBAC_AUTO_DEV); 07031 if(err) 07032 { 07033 registration_error(err, "DEV RC"); 07034 } 07035 } 07036 #endif 07037 07038 #ifdef CONFIG_RSBAC_DEBUG 07039 if(rsbac_debug_stack) 07040 { 07041 unsigned long * n = (unsigned long *) (current+1); 07042 07043 while (!*n) 07044 n++; 07045 #ifdef CONFIG_RSBAC_RMSG 07046 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering IPC lists: %lu\n", 07047 (unsigned long) n - (unsigned long)(current+1)); 07048 #endif 07049 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07050 if (!rsbac_nosyslog) 07051 #endif 07052 printk(KERN_DEBUG "rsbac_do_init: free stack before registering IPC lists: %lu\n", 07053 (unsigned long) n - (unsigned long)(current+1)); 07054 } 07055 #endif 07056 07057 #ifdef CONFIG_RSBAC_DEBUG 07058 if (rsbac_debug_ds) 07059 { 07060 #ifdef CONFIG_RSBAC_RMSG 07061 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering IPC lists\n"); 07062 #endif 07063 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07064 if (!rsbac_nosyslog) 07065 #endif 07066 printk(KERN_DEBUG "rsbac_do_init(): registering IPC lists\n"); 07067 } 07068 #endif 07069 #if defined(CONFIG_RSBAC_MAC) 07070 { 07071 struct rsbac_mac_ipc_aci_t def_aci = DEFAULT_MAC_IPC_ACI; 07072 07073 list_info_p->version = RSBAC_MAC_IPC_ACI_VERSION; 07074 list_info_p->key = RSBAC_MAC_IPC_ACI_KEY; 07075 list_info_p->desc_size = sizeof(struct rsbac_ipc_t); 07076 list_info_p->data_size = sizeof(struct rsbac_mac_ipc_aci_t); 07077 list_info_p->max_age = 0; 07078 err = rsbac_list_register(RSBAC_LIST_VERSION, 07079 &ipc_handles.mac, 07080 list_info_p, 07081 RSBAC_LIST_DEF_DATA, 07082 ipc_compare, 07083 NULL, 07084 &def_aci, 07085 RSBAC_MAC_ACI_IPC_NAME, 07086 RSBAC_AUTO_DEV); 07087 if(err) 07088 { 07089 registration_error(err, "IPC MAC"); 07090 } 07091 } 07092 #endif 07093 #if defined(CONFIG_RSBAC_FC) 07094 { 07095 rsbac_fc_oc_t def_aci = RSBAC_FC_OC_ROOT_DEF; 07096 07097 list_info_p->version = RSBAC_FC_IPC_ACI_VERSION; 07098 list_info_p->key = RSBAC_FC_IPC_ACI_KEY; 07099 list_info_p->desc_size = sizeof(struct rsbac_ipc_t); 07100 list_info_p->data_size = sizeof(rsbac_fc_oc_t); 07101 list_info_p->max_age = 0; 07102 err = rsbac_list_register(RSBAC_LIST_VERSION, 07103 &ipc_handles.fc, 07104 list_info_p, 07105 RSBAC_LIST_DEF_DATA, 07106 ipc_compare, 07107 NULL, 07108 &def_aci, 07109 RSBAC_FC_ACI_IPC_NAME, 07110 RSBAC_AUTO_DEV); 07111 if(err) 07112 { 07113 registration_error(err, "IPC FC"); 07114 } 07115 } 07116 #endif 07117 #if defined(CONFIG_RSBAC_SIM) 07118 { 07119 rsbac_sim_dt_t def_aci = RSBAC_SIM_DT_ROOT_DEF; 07120 07121 list_info_p->version = RSBAC_SIM_IPC_ACI_VERSION; 07122 list_info_p->key = RSBAC_SIM_IPC_ACI_KEY; 07123 list_info_p->desc_size = sizeof(struct rsbac_ipc_t); 07124 list_info_p->data_size = sizeof(rsbac_sim_dt_t); 07125 list_info_p->max_age = 0; 07126 err = rsbac_list_register(RSBAC_LIST_VERSION, 07127 &ipc_handles.sim, 07128 list_info_p, 07129 RSBAC_LIST_DEF_DATA, 07130 ipc_compare, 07131 NULL, 07132 &def_aci, 07133 RSBAC_SIM_ACI_IPC_NAME, 07134 RSBAC_AUTO_DEV); 07135 if(err) 07136 { 07137 registration_error(err, "IPC SIM"); 07138 } 07139 } 07140 #endif 07141 #if defined(CONFIG_RSBAC_PM) 07142 { 07143 struct rsbac_pm_ipc_aci_t def_aci = DEFAULT_PM_IPC_ACI; 07144 07145 list_info_p->version = RSBAC_PM_IPC_ACI_VERSION; 07146 list_info_p->key = RSBAC_PM_IPC_ACI_KEY; 07147 list_info_p->desc_size = sizeof(struct rsbac_ipc_t); 07148 list_info_p->data_size = sizeof(struct rsbac_pm_ipc_aci_t); 07149 list_info_p->max_age = 0; 07150 err = rsbac_list_register(RSBAC_LIST_VERSION, 07151 &ipc_handles.pm, 07152 list_info_p, 07153 RSBAC_LIST_DEF_DATA, 07154 ipc_compare, 07155 NULL, 07156 &def_aci, 07157 RSBAC_PM_ACI_IPC_NAME, 07158 RSBAC_AUTO_DEV); 07159 if(err) 07160 { 07161 registration_error(err, "IPC PM"); 07162 } 07163 } 07164 #endif 07165 #if defined(CONFIG_RSBAC_RC) 07166 { 07167 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE; 07168 07169 list_info_p->version = RSBAC_RC_IPC_ACI_VERSION; 07170 list_info_p->key = RSBAC_RC_IPC_ACI_KEY; 07171 list_info_p->desc_size = sizeof(struct rsbac_ipc_t); 07172 list_info_p->data_size = sizeof(rsbac_rc_type_id_t); 07173 list_info_p->max_age = 0; 07174 err = rsbac_list_register(RSBAC_LIST_VERSION, 07175 &ipc_handles.rc, 07176 list_info_p, 07177 RSBAC_LIST_DEF_DATA, 07178 ipc_compare, 07179 NULL, 07180 &def_aci, 07181 RSBAC_RC_ACI_IPC_NAME, 07182 RSBAC_AUTO_DEV); 07183 if(err) 07184 { 07185 registration_error(err, "IPC RC"); 07186 } 07187 } 07188 #endif 07189 #if defined(CONFIG_RSBAC_JAIL) 07190 { 07191 rsbac_jail_id_t def_aci = RSBAC_JAIL_DEF_ID; 07192 07193 list_info_p->version = RSBAC_JAIL_IPC_ACI_VERSION; 07194 list_info_p->key = RSBAC_JAIL_IPC_ACI_KEY; 07195 list_info_p->desc_size = sizeof(struct rsbac_ipc_t); 07196 list_info_p->data_size = sizeof(rsbac_jail_id_t); 07197 list_info_p->max_age = 0; 07198 err = rsbac_list_register(RSBAC_LIST_VERSION, 07199 &ipc_handles.jail, 07200 list_info_p, 07201 RSBAC_LIST_DEF_DATA, 07202 ipc_compare, 07203 NULL, 07204 &def_aci, 07205 RSBAC_JAIL_ACI_IPC_NAME, 07206 RSBAC_AUTO_DEV); 07207 if(err) 07208 { 07209 registration_error(err, "IPC JAIL"); 07210 } 07211 } 07212 #endif 07213 07214 07215 #ifdef CONFIG_RSBAC_DEBUG 07216 if(rsbac_debug_stack) 07217 { 07218 unsigned long * n = (unsigned long *) (current+1); 07219 07220 while (!*n) 07221 n++; 07222 #ifdef CONFIG_RSBAC_RMSG 07223 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering USER lists: %lu\n", 07224 (unsigned long) n - (unsigned long)(current+1)); 07225 #endif 07226 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07227 if (!rsbac_nosyslog) 07228 #endif 07229 printk(KERN_DEBUG "rsbac_do_init: free stack before registering USER lists: %lu\n", 07230 (unsigned long) n - (unsigned long)(current+1)); 07231 } 07232 #endif 07233 07234 #ifdef CONFIG_RSBAC_DEBUG 07235 if (rsbac_debug_ds) 07236 { 07237 #ifdef CONFIG_RSBAC_RMSG 07238 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering USER lists\n"); 07239 #endif 07240 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07241 if (!rsbac_nosyslog) 07242 #endif 07243 printk(KERN_DEBUG "rsbac_do_init(): registering USER lists\n"); 07244 } 07245 #endif 07246 07247 { 07248 struct rsbac_gen_user_aci_t def_aci = DEFAULT_GEN_U_ACI; 07249 07250 list_info_p->version = RSBAC_GEN_USER_ACI_VERSION; 07251 list_info_p->key = RSBAC_GEN_USER_ACI_KEY; 07252 list_info_p->desc_size = sizeof(rsbac_uid_t); 07253 list_info_p->data_size = sizeof(struct rsbac_gen_user_aci_t); 07254 list_info_p->max_age = 0; 07255 err = rsbac_list_register(RSBAC_LIST_VERSION, 07256 &user_handles.gen, 07257 list_info_p, 07258 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07259 RSBAC_LIST_BACKUP | 07260 #endif 07261 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07262 rsbac_list_compare_u32, 07263 NULL, 07264 &def_aci, 07265 RSBAC_GEN_ACI_USER_NAME, 07266 RSBAC_AUTO_DEV); 07267 if(err) 07268 { 07269 registration_error(err, "USER General"); 07270 } 07271 } 07272 #if defined(CONFIG_RSBAC_MAC) 07273 { 07274 struct rsbac_mac_user_aci_t def_aci = DEFAULT_MAC_U_ACI; 07275 07276 list_info_p->version = RSBAC_MAC_USER_ACI_VERSION; 07277 list_info_p->key = RSBAC_MAC_USER_ACI_KEY; 07278 list_info_p->desc_size = sizeof(rsbac_uid_t); 07279 list_info_p->data_size = sizeof(struct rsbac_mac_user_aci_t); 07280 list_info_p->max_age = 0; 07281 err = rsbac_list_register(RSBAC_LIST_VERSION, 07282 &user_handles.mac, 07283 list_info_p, 07284 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07285 RSBAC_LIST_BACKUP | 07286 #endif 07287 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07288 rsbac_list_compare_u32, 07289 mac_user_get_conv, 07290 &def_aci, 07291 RSBAC_MAC_ACI_USER_NAME, 07292 RSBAC_AUTO_DEV); 07293 if(err) 07294 { 07295 registration_error(err, "USER MAC"); 07296 } 07297 else 07298 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.mac)) 07299 { 07300 struct rsbac_mac_user_aci_t sysadm_aci = DEFAULT_MAC_U_SYSADM_ACI; 07301 struct rsbac_mac_user_aci_t secoff_aci = DEFAULT_MAC_U_SECOFF_ACI; 07302 struct rsbac_mac_user_aci_t auditor_aci = DEFAULT_MAC_U_AUDITOR_ACI; 07303 rsbac_uid_t user; 07304 07305 #ifdef CONFIG_RSBAC_RMSG 07306 rsbac_printk(KERN_WARNING 07307 "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n"); 07308 #endif 07309 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07310 if (!rsbac_nosyslog) 07311 #endif 07312 printk(KERN_WARNING 07313 "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n"); 07314 user = RSBAC_SYSADM_UID; 07315 if(rsbac_list_add(user_handles.mac, &user, &sysadm_aci)) 07316 printk(KERN_WARNING 07317 "rsbac_do_init(): SYSADM USER MAC entry could not be added!\n"); 07318 user = RSBAC_SECOFF_UID; 07319 if(rsbac_list_add(user_handles.mac, &user, &secoff_aci)) 07320 printk(KERN_WARNING 07321 "rsbac_do_init(): SECOFF USER MAC entry could not be added!\n"); 07322 user = RSBAC_AUDITOR_UID; 07323 if(rsbac_list_add(user_handles.mac, &user, &auditor_aci)) 07324 printk(KERN_WARNING 07325 "rsbac_do_init(): AUDITOR USER MAC entry could not be added!\n"); 07326 } 07327 } 07328 #endif 07329 #if defined(CONFIG_RSBAC_FC) 07330 { 07331 rsbac_system_role_int_t def_aci = SR_user; 07332 07333 list_info_p->version = RSBAC_FC_USER_ACI_VERSION; 07334 list_info_p->key = RSBAC_FC_USER_ACI_KEY; 07335 list_info_p->desc_size = sizeof(rsbac_uid_t); 07336 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 07337 list_info_p->max_age = 0; 07338 err = rsbac_list_register(RSBAC_LIST_VERSION, 07339 &user_handles.fc, 07340 list_info_p, 07341 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07342 RSBAC_LIST_BACKUP | 07343 #endif 07344 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07345 rsbac_list_compare_u32, 07346 NULL, 07347 &def_aci, 07348 RSBAC_FC_ACI_USER_NAME, 07349 RSBAC_AUTO_DEV); 07350 if(err) 07351 { 07352 registration_error(err, "USER FC"); 07353 } 07354 else 07355 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.fc)) 07356 { 07357 rsbac_uid_t user; 07358 rsbac_system_role_int_t role; 07359 07360 #ifdef CONFIG_RSBAC_RMSG 07361 rsbac_printk(KERN_WARNING 07362 "rsbac_do_init(): USER FC ACI could not be read - generating standard entries!\n"); 07363 #endif 07364 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07365 if (!rsbac_nosyslog) 07366 #endif 07367 printk(KERN_WARNING 07368 "rsbac_do_init(): USER FC ACI could not be read - generating standard entries!\n"); 07369 user = RSBAC_SYSADM_UID; 07370 role = SR_administrator; 07371 if(rsbac_list_add(user_handles.fc, &user, &role)) 07372 printk(KERN_WARNING 07373 "rsbac_do_init(): SYSADM USER FC entry could not be added!\n"); 07374 user = RSBAC_BIN_UID; 07375 role = SR_administrator; 07376 if(rsbac_list_add(user_handles.fc, &user, &role)) 07377 printk(KERN_WARNING 07378 "rsbac_do_init(): BIN USER FC entry could not be added!\n"); 07379 user = RSBAC_SECOFF_UID; 07380 role = SR_security_officer; 07381 if(rsbac_list_add(user_handles.fc, &user, &role)) 07382 printk(KERN_WARNING 07383 "rsbac_do_init(): SECOFF USER FC entry could not be added!\n"); 07384 user = RSBAC_AUDITOR_UID; 07385 role = SR_auditor; 07386 if(rsbac_list_add(user_handles.fc, &user, &role)) 07387 printk(KERN_WARNING 07388 "rsbac_do_init(): AUDITOR USER FC entry could not be added!\n"); 07389 } 07390 } 07391 #endif 07392 #if defined(CONFIG_RSBAC_SIM) 07393 { 07394 rsbac_system_role_int_t def_aci = SR_user; 07395 07396 list_info_p->version = RSBAC_SIM_USER_ACI_VERSION; 07397 list_info_p->key = RSBAC_SIM_USER_ACI_KEY; 07398 list_info_p->desc_size = sizeof(rsbac_uid_t); 07399 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 07400 list_info_p->max_age = 0; 07401 err = rsbac_list_register(RSBAC_LIST_VERSION, 07402 &user_handles.sim, 07403 list_info_p, 07404 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07405 RSBAC_LIST_BACKUP | 07406 #endif 07407 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07408 rsbac_list_compare_u32, 07409 NULL, 07410 &def_aci, 07411 RSBAC_SIM_ACI_USER_NAME, 07412 RSBAC_AUTO_DEV); 07413 if(err) 07414 { 07415 registration_error(err, "USER SIM"); 07416 } 07417 else 07418 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.sim)) 07419 { 07420 rsbac_uid_t user; 07421 rsbac_system_role_int_t role; 07422 07423 #ifdef CONFIG_RSBAC_RMSG 07424 rsbac_printk(KERN_WARNING 07425 "rsbac_do_init(): USER SIM ACI could not be read - generating standard entries!\n"); 07426 #endif 07427 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07428 if (!rsbac_nosyslog) 07429 #endif 07430 printk(KERN_WARNING 07431 "rsbac_do_init(): USER SIM ACI could not be read - generating standard entries!\n"); 07432 user = RSBAC_SYSADM_UID; 07433 role = SR_administrator; 07434 if(rsbac_list_add(user_handles.sim, &user, &role)) 07435 printk(KERN_WARNING 07436 "rsbac_do_init(): SYSADM USER SIM entry could not be added!\n"); 07437 user = RSBAC_SECOFF_UID; 07438 role = SR_security_officer; 07439 if(rsbac_list_add(user_handles.sim, &user, &role)) 07440 printk(KERN_WARNING 07441 "rsbac_do_init(): SECOFF USER SIM entry could not be added!\n"); 07442 user = RSBAC_AUDITOR_UID; 07443 role = SR_auditor; 07444 if(rsbac_list_add(user_handles.sim, &user, &role)) 07445 printk(KERN_WARNING 07446 "rsbac_do_init(): AUDITOR USER SIM entry could not be added!\n"); 07447 } 07448 } 07449 #endif 07450 #if defined(CONFIG_RSBAC_PM) 07451 { 07452 struct rsbac_pm_user_aci_t def_aci = DEFAULT_PM_U_ACI; 07453 07454 list_info_p->version = RSBAC_PM_USER_ACI_VERSION; 07455 list_info_p->key = RSBAC_PM_USER_ACI_KEY; 07456 list_info_p->desc_size = sizeof(rsbac_uid_t); 07457 list_info_p->data_size = sizeof(struct rsbac_pm_user_aci_t); 07458 list_info_p->max_age = 0; 07459 err = rsbac_list_register(RSBAC_LIST_VERSION, 07460 &user_handles.pm, 07461 list_info_p, 07462 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07463 RSBAC_LIST_BACKUP | 07464 #endif 07465 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07466 rsbac_list_compare_u32, 07467 NULL, 07468 &def_aci, 07469 RSBAC_PM_ACI_USER_NAME, 07470 RSBAC_AUTO_DEV); 07471 if(err) 07472 { 07473 registration_error(err, "USER PM"); 07474 } 07475 else 07476 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pm)) 07477 { 07478 struct rsbac_pm_user_aci_t sysadm_aci = DEFAULT_PM_U_SYSADM_ACI; 07479 struct rsbac_pm_user_aci_t secoff_aci = DEFAULT_PM_U_SECOFF_ACI; 07480 struct rsbac_pm_user_aci_t dataprot_aci = DEFAULT_PM_U_DATAPROT_ACI; 07481 struct rsbac_pm_user_aci_t tpman_aci = DEFAULT_PM_U_TPMAN_ACI; 07482 rsbac_uid_t user; 07483 07484 #ifdef CONFIG_RSBAC_RMSG 07485 rsbac_printk(KERN_WARNING 07486 "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n"); 07487 #endif 07488 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07489 if (!rsbac_nosyslog) 07490 #endif 07491 printk(KERN_WARNING 07492 "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n"); 07493 user = RSBAC_SYSADM_UID; 07494 if(rsbac_list_add(user_handles.pm, &user, &sysadm_aci)) 07495 printk(KERN_WARNING 07496 "rsbac_do_init(): SYSADM USER PM entry could not be added!\n"); 07497 user = RSBAC_SECOFF_UID; 07498 if(rsbac_list_add(user_handles.pm, &user, &secoff_aci)) 07499 printk(KERN_WARNING 07500 "rsbac_do_init(): SECOFF USER PM entry could not be added!\n"); 07501 user = RSBAC_DATAPROT_UID; 07502 if(rsbac_list_add(user_handles.pm, &user, &dataprot_aci)) 07503 printk(KERN_WARNING 07504 "rsbac_do_init(): DATAPROT USER PM entry could not be added!\n"); 07505 user = RSBAC_TPMAN_UID; 07506 if(rsbac_list_add(user_handles.pm, &user, &tpman_aci)) 07507 printk(KERN_WARNING 07508 "rsbac_do_init(): TPMAN USER PM entry could not be added!\n"); 07509 } 07510 } 07511 #endif 07512 #if defined(CONFIG_RSBAC_DAZ) 07513 { 07514 rsbac_system_role_int_t def_aci = SR_user; 07515 07516 list_info_p->version = RSBAC_DAZ_USER_ACI_VERSION; 07517 list_info_p->key = RSBAC_DAZ_USER_ACI_KEY; 07518 list_info_p->desc_size = sizeof(rsbac_uid_t); 07519 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 07520 list_info_p->max_age = 0; 07521 err = rsbac_list_register(RSBAC_LIST_VERSION, 07522 &user_handles.daz, 07523 list_info_p, 07524 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07525 RSBAC_LIST_BACKUP | 07526 #endif 07527 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07528 rsbac_list_compare_u32, 07529 NULL, 07530 &def_aci, 07531 RSBAC_DAZ_ACI_USER_NAME, 07532 RSBAC_AUTO_DEV); 07533 if(err) 07534 { 07535 registration_error(err, "USER DAZ"); 07536 } 07537 else 07538 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.daz)) 07539 { 07540 rsbac_uid_t user; 07541 rsbac_system_role_int_t role; 07542 07543 #ifdef CONFIG_RSBAC_RMSG 07544 rsbac_printk(KERN_WARNING 07545 "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n"); 07546 #endif 07547 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07548 if (!rsbac_nosyslog) 07549 #endif 07550 printk(KERN_WARNING 07551 "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n"); 07552 user = RSBAC_SYSADM_UID; 07553 role = SR_administrator; 07554 if(rsbac_list_add(user_handles.daz, &user, &role)) 07555 printk(KERN_WARNING 07556 "rsbac_do_init(): SYSADM USER DAZ entry could not be added!\n"); 07557 user = RSBAC_SECOFF_UID; 07558 role = SR_security_officer; 07559 if(rsbac_list_add(user_handles.daz, &user, &role)) 07560 printk(KERN_WARNING 07561 "rsbac_do_init(): SECOFF USER DAZ entry could not be added!\n"); 07562 } 07563 } 07564 #endif 07565 #if defined(CONFIG_RSBAC_FF) 07566 { 07567 rsbac_system_role_int_t def_aci = SR_user; 07568 07569 list_info_p->version = RSBAC_FF_USER_ACI_VERSION; 07570 list_info_p->key = RSBAC_FF_USER_ACI_KEY; 07571 list_info_p->desc_size = sizeof(rsbac_uid_t); 07572 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 07573 list_info_p->max_age = 0; 07574 err = rsbac_list_register(RSBAC_LIST_VERSION, 07575 &user_handles.ff, 07576 list_info_p, 07577 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07578 RSBAC_LIST_BACKUP | 07579 #endif 07580 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07581 rsbac_list_compare_u32, 07582 NULL, 07583 &def_aci, 07584 RSBAC_FF_ACI_USER_NAME, 07585 RSBAC_AUTO_DEV); 07586 if(err) 07587 { 07588 registration_error(err, "USER FF"); 07589 } 07590 else 07591 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.ff)) 07592 { 07593 rsbac_uid_t user; 07594 rsbac_system_role_int_t role; 07595 07596 #ifdef CONFIG_RSBAC_RMSG 07597 rsbac_printk(KERN_WARNING 07598 "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n"); 07599 #endif 07600 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07601 if (!rsbac_nosyslog) 07602 #endif 07603 printk(KERN_WARNING 07604 "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n"); 07605 user = RSBAC_SYSADM_UID; 07606 role = SR_administrator; 07607 if(rsbac_list_add(user_handles.ff, &user, &role)) 07608 printk(KERN_WARNING 07609 "rsbac_do_init(): SYSADM USER FF entry could not be added!\n"); 07610 user = RSBAC_SECOFF_UID; 07611 role = SR_security_officer; 07612 if(rsbac_list_add(user_handles.ff, &user, &role)) 07613 printk(KERN_WARNING 07614 "rsbac_do_init(): SECOFF USER FF entry could not be added!\n"); 07615 user = RSBAC_AUDITOR_UID; 07616 role = SR_auditor; 07617 if(rsbac_list_add(user_handles.ff, &user, &role)) 07618 printk(KERN_WARNING 07619 "rsbac_do_init(): AUDITOR USER FF entry could not be added!\n"); 07620 } 07621 } 07622 #endif 07623 #if defined(CONFIG_RSBAC_RC) 07624 { 07625 struct rsbac_rc_user_aci_t def_aci = DEFAULT_RC_U_ACI; 07626 07627 list_info_p->version = RSBAC_RC_USER_ACI_VERSION; 07628 list_info_p->key = RSBAC_RC_USER_ACI_KEY; 07629 list_info_p->desc_size = sizeof(rsbac_uid_t); 07630 list_info_p->data_size = sizeof(struct rsbac_rc_user_aci_t); 07631 list_info_p->max_age = 0; 07632 err = rsbac_list_register(RSBAC_LIST_VERSION, 07633 &user_handles.rc, 07634 list_info_p, 07635 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07636 RSBAC_LIST_BACKUP | 07637 #endif 07638 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07639 rsbac_list_compare_u32, 07640 rc_user_get_conv, 07641 &def_aci, 07642 RSBAC_RC_ACI_USER_NAME, 07643 RSBAC_AUTO_DEV); 07644 if(err) 07645 { 07646 registration_error(err, "USER RC"); 07647 } 07648 else 07649 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.rc)) 07650 { 07651 rsbac_uid_t user; 07652 struct rsbac_rc_user_aci_t sysadm_aci = DEFAULT_RC_U_SYSADM_ACI; 07653 struct rsbac_rc_user_aci_t secoff_aci = DEFAULT_RC_U_SECOFF_ACI; 07654 struct rsbac_rc_user_aci_t auditor_aci = DEFAULT_RC_U_AUDITOR_ACI; 07655 07656 #ifdef CONFIG_RSBAC_RMSG 07657 rsbac_printk(KERN_WARNING 07658 "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n"); 07659 #endif 07660 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07661 if (!rsbac_nosyslog) 07662 #endif 07663 printk(KERN_WARNING 07664 "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n"); 07665 user = RSBAC_SYSADM_UID; 07666 if(rsbac_list_add(user_handles.rc, &user, &sysadm_aci)) 07667 printk(KERN_WARNING 07668 "rsbac_do_init(): SYSADM USER RC entry could not be added!\n"); 07669 user = RSBAC_SECOFF_UID; 07670 if(rsbac_list_add(user_handles.rc, &user, &secoff_aci)) 07671 printk(KERN_WARNING 07672 "rsbac_do_init(): SECOFF USER RC entry could not be added!\n"); 07673 user = RSBAC_AUDITOR_UID; 07674 if(rsbac_list_add(user_handles.rc, &user, &auditor_aci)) 07675 printk(KERN_WARNING 07676 "rsbac_do_init(): AUDITOR USER RC entry could not be added!\n"); 07677 } 07678 } 07679 #endif 07680 #if defined(CONFIG_RSBAC_AUTH) 07681 { 07682 rsbac_system_role_int_t def_aci = SR_user; 07683 07684 list_info_p->version = RSBAC_AUTH_USER_ACI_VERSION; 07685 list_info_p->key = RSBAC_AUTH_USER_ACI_KEY; 07686 list_info_p->desc_size = sizeof(rsbac_uid_t); 07687 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 07688 list_info_p->max_age = 0; 07689 err = rsbac_list_register(RSBAC_LIST_VERSION, 07690 &user_handles.auth, 07691 list_info_p, 07692 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07693 RSBAC_LIST_BACKUP | 07694 #endif 07695 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07696 rsbac_list_compare_u32, 07697 NULL, 07698 &def_aci, 07699 RSBAC_AUTH_ACI_USER_NAME, 07700 RSBAC_AUTO_DEV); 07701 if(err) 07702 { 07703 registration_error(err, "USER AUTH"); 07704 } 07705 else 07706 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.auth)) 07707 { 07708 rsbac_uid_t user; 07709 rsbac_system_role_int_t role; 07710 07711 #ifdef CONFIG_RSBAC_RMSG 07712 rsbac_printk(KERN_WARNING 07713 "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n"); 07714 #endif 07715 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07716 if (!rsbac_nosyslog) 07717 #endif 07718 printk(KERN_WARNING 07719 "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n"); 07720 user = RSBAC_SYSADM_UID; 07721 role = SR_administrator; 07722 if(rsbac_list_add(user_handles.auth, &user, &role)) 07723 printk(KERN_WARNING 07724 "rsbac_do_init(): SYSADM USER AUTH entry could not be added!\n"); 07725 user = RSBAC_SECOFF_UID; 07726 role = SR_security_officer; 07727 if(rsbac_list_add(user_handles.auth, &user, &role)) 07728 printk(KERN_WARNING 07729 "rsbac_do_init(): SECOFF USER AUTH entry could not be added!\n"); 07730 user = RSBAC_AUDITOR_UID; 07731 role = SR_auditor; 07732 if(rsbac_list_add(user_handles.auth, &user, &role)) 07733 printk(KERN_WARNING 07734 "rsbac_do_init(): AUDITOR USER AUTH entry could not be added!\n"); 07735 } 07736 } 07737 #endif 07738 #if defined(CONFIG_RSBAC_CAP) 07739 { 07740 struct rsbac_cap_user_aci_t def_aci = DEFAULT_CAP_U_ACI; 07741 07742 list_info_p->version = RSBAC_CAP_USER_ACI_VERSION; 07743 list_info_p->key = RSBAC_CAP_USER_ACI_KEY; 07744 list_info_p->desc_size = sizeof(rsbac_uid_t); 07745 list_info_p->data_size = sizeof(struct rsbac_cap_user_aci_t); 07746 list_info_p->max_age = 0; 07747 err = rsbac_list_register(RSBAC_LIST_VERSION, 07748 &user_handles.cap, 07749 list_info_p, 07750 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07751 RSBAC_LIST_BACKUP | 07752 #endif 07753 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07754 rsbac_list_compare_u32, 07755 NULL, 07756 &def_aci, 07757 RSBAC_CAP_ACI_USER_NAME, 07758 RSBAC_AUTO_DEV); 07759 if(err) 07760 { 07761 registration_error(err, "USER CAP"); 07762 } 07763 else 07764 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.cap)) 07765 { 07766 struct rsbac_cap_user_aci_t sysadm_aci = DEFAULT_CAP_U_SYSADM_ACI; 07767 struct rsbac_cap_user_aci_t secoff_aci = DEFAULT_CAP_U_SECOFF_ACI; 07768 struct rsbac_cap_user_aci_t auditor_aci = DEFAULT_CAP_U_AUDITOR_ACI; 07769 rsbac_uid_t user; 07770 07771 #ifdef CONFIG_RSBAC_RMSG 07772 rsbac_printk(KERN_WARNING 07773 "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n"); 07774 #endif 07775 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07776 if (!rsbac_nosyslog) 07777 #endif 07778 printk(KERN_WARNING 07779 "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n"); 07780 user = RSBAC_SYSADM_UID; 07781 if(rsbac_list_add(user_handles.cap, &user, &sysadm_aci)) 07782 printk(KERN_WARNING 07783 "rsbac_do_init(): SYSADM USER CAP entry could not be added!\n"); 07784 user = RSBAC_SECOFF_UID; 07785 if(rsbac_list_add(user_handles.cap, &user, &secoff_aci)) 07786 printk(KERN_WARNING 07787 "rsbac_do_init(): SECOFF USER CAP entry could not be added!\n"); 07788 user = RSBAC_AUDITOR_UID; 07789 if(rsbac_list_add(user_handles.cap, &user, &auditor_aci)) 07790 printk(KERN_WARNING 07791 "rsbac_do_init(): AUDITOR USER CAP entry could not be added!\n"); 07792 } 07793 } 07794 #endif 07795 #if defined(CONFIG_RSBAC_JAIL) 07796 { 07797 rsbac_system_role_int_t def_aci = SR_user; 07798 07799 list_info_p->version = RSBAC_JAIL_USER_ACI_VERSION; 07800 list_info_p->key = RSBAC_JAIL_USER_ACI_KEY; 07801 list_info_p->desc_size = sizeof(rsbac_uid_t); 07802 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 07803 list_info_p->max_age = 0; 07804 err = rsbac_list_register(RSBAC_LIST_VERSION, 07805 &user_handles.jail, 07806 list_info_p, 07807 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07808 RSBAC_LIST_BACKUP | 07809 #endif 07810 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07811 rsbac_list_compare_u32, 07812 NULL, 07813 &def_aci, 07814 RSBAC_JAIL_ACI_USER_NAME, 07815 RSBAC_AUTO_DEV); 07816 if(err) 07817 { 07818 registration_error(err, "USER JAIL"); 07819 } 07820 else 07821 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.jail)) 07822 { 07823 rsbac_uid_t user; 07824 rsbac_system_role_int_t role; 07825 07826 #ifdef CONFIG_RSBAC_RMSG 07827 rsbac_printk(KERN_WARNING 07828 "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n"); 07829 #endif 07830 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07831 if (!rsbac_nosyslog) 07832 #endif 07833 printk(KERN_WARNING 07834 "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n"); 07835 user = RSBAC_SYSADM_UID; 07836 role = SR_administrator; 07837 if(rsbac_list_add(user_handles.jail, &user, &role)) 07838 printk(KERN_WARNING 07839 "rsbac_do_init(): SYSADM USER JAIL entry could not be added!\n"); 07840 user = RSBAC_SECOFF_UID; 07841 role = SR_security_officer; 07842 if(rsbac_list_add(user_handles.jail, &user, &role)) 07843 printk(KERN_WARNING 07844 "rsbac_do_init(): SECOFF USER JAIL entry could not be added!\n"); 07845 } 07846 } 07847 #endif 07848 #if defined(CONFIG_RSBAC_RES) 07849 { 07850 list_info_p->version = RSBAC_RES_USER_ACI_VERSION; 07851 list_info_p->key = RSBAC_RES_USER_ACI_KEY; 07852 list_info_p->desc_size = sizeof(rsbac_uid_t); 07853 list_info_p->data_size = sizeof(struct rsbac_res_user_aci_t); 07854 list_info_p->max_age = 0; 07855 err = rsbac_list_register(RSBAC_LIST_VERSION, 07856 &user_handles.res, 07857 list_info_p, 07858 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07859 RSBAC_LIST_BACKUP | 07860 #endif 07861 RSBAC_LIST_PERSIST, 07862 rsbac_list_compare_u32, 07863 NULL, 07864 NULL, 07865 RSBAC_RES_ACI_USER_NAME, 07866 RSBAC_AUTO_DEV); 07867 if(err) 07868 { 07869 registration_error(err, "USER RES"); 07870 } 07871 else 07872 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.res)) 07873 { 07874 struct rsbac_res_user_aci_t sysadm_aci = DEFAULT_RES_U_SYSADM_ACI; 07875 struct rsbac_res_user_aci_t secoff_aci = DEFAULT_RES_U_SECOFF_ACI; 07876 rsbac_uid_t user; 07877 07878 #ifdef CONFIG_RSBAC_RMSG 07879 rsbac_printk(KERN_WARNING 07880 "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n"); 07881 #endif 07882 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07883 if (!rsbac_nosyslog) 07884 #endif 07885 printk(KERN_WARNING 07886 "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n"); 07887 user = RSBAC_SYSADM_UID; 07888 if(rsbac_list_add(user_handles.res, &user, &sysadm_aci)) 07889 printk(KERN_WARNING 07890 "rsbac_do_init(): SYSADM USER RES entry could not be added!\n"); 07891 user = RSBAC_SECOFF_UID; 07892 if(rsbac_list_add(user_handles.res, &user, &secoff_aci)) 07893 printk(KERN_WARNING 07894 "rsbac_do_init(): SECOFF USER RES entry could not be added!\n"); 07895 } 07896 } 07897 #endif 07898 #if defined(CONFIG_RSBAC_PAX) 07899 { 07900 rsbac_system_role_int_t def_aci = SR_user; 07901 07902 list_info_p->version = RSBAC_PAX_USER_ACI_VERSION; 07903 list_info_p->key = RSBAC_PAX_USER_ACI_KEY; 07904 list_info_p->desc_size = sizeof(rsbac_uid_t); 07905 list_info_p->data_size = sizeof(rsbac_system_role_int_t); 07906 list_info_p->max_age = 0; 07907 err = rsbac_list_register(RSBAC_LIST_VERSION, 07908 &user_handles.pax, 07909 list_info_p, 07910 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP 07911 RSBAC_LIST_BACKUP | 07912 #endif 07913 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 07914 rsbac_list_compare_u32, 07915 NULL, 07916 &def_aci, 07917 RSBAC_PAX_ACI_USER_NAME, 07918 RSBAC_AUTO_DEV); 07919 if(err) 07920 { 07921 registration_error(err, "USER PAX"); 07922 } 07923 else 07924 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pax)) 07925 { 07926 rsbac_uid_t user; 07927 rsbac_system_role_int_t role; 07928 07929 #ifdef CONFIG_RSBAC_RMSG 07930 rsbac_printk(KERN_WARNING 07931 "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n"); 07932 #endif 07933 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07934 if (!rsbac_nosyslog) 07935 #endif 07936 printk(KERN_WARNING 07937 "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n"); 07938 user = RSBAC_SYSADM_UID; 07939 role = SR_administrator; 07940 if(rsbac_list_add(user_handles.pax, &user, &role)) 07941 printk(KERN_WARNING 07942 "rsbac_do_init(): SYSADM USER PAX entry could not be added!\n"); 07943 user = RSBAC_SECOFF_UID; 07944 role = SR_security_officer; 07945 if(rsbac_list_add(user_handles.pax, &user, &role)) 07946 printk(KERN_WARNING 07947 "rsbac_do_init(): SECOFF USER PAX entry could not be added!\n"); 07948 } 07949 } 07950 #endif 07951 07952 #ifdef CONFIG_RSBAC_DEBUG 07953 if(rsbac_debug_stack) 07954 { 07955 unsigned long * n = (unsigned long *) (current+1); 07956 07957 while (!*n) 07958 n++; 07959 #ifdef CONFIG_RSBAC_RMSG 07960 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering PROCESS aci: %lu\n", 07961 (unsigned long) n - (unsigned long)(current+1)); 07962 #endif 07963 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07964 if (!rsbac_nosyslog) 07965 #endif 07966 printk(KERN_DEBUG "rsbac_do_init: free stack before registering PROCESS aci: %lu\n", 07967 (unsigned long) n - (unsigned long)(current+1)); 07968 } 07969 #endif 07970 07971 #ifdef CONFIG_RSBAC_DEBUG 07972 if (rsbac_debug_ds) 07973 { 07974 #ifdef CONFIG_RSBAC_RMSG 07975 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering PROCESS lists\n"); 07976 #endif 07977 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 07978 if (!rsbac_nosyslog) 07979 #endif 07980 printk(KERN_DEBUG "rsbac_do_init(): registering PROCESS lists\n"); 07981 } 07982 #endif 07983 { 07984 struct rsbac_gen_process_aci_t def_aci = DEFAULT_GEN_P_ACI; 07985 07986 list_info_p->version = RSBAC_GEN_PROCESS_ACI_VERSION; 07987 list_info_p->key = RSBAC_GEN_PROCESS_ACI_KEY; 07988 list_info_p->desc_size = sizeof(rsbac_pid_t); 07989 list_info_p->data_size = sizeof(struct rsbac_gen_process_aci_t); 07990 list_info_p->max_age = 0; 07991 err = rsbac_list_register(RSBAC_LIST_VERSION, 07992 &process_handles.gen, 07993 list_info_p, 07994 RSBAC_LIST_DEF_DATA, 07995 rsbac_list_compare_u32, 07996 NULL, 07997 &def_aci, 07998 RSBAC_GEN_ACI_PROCESS_NAME, 07999 RSBAC_AUTO_DEV); 08000 if(err) 08001 { 08002 registration_error(err, "PROCESS General"); 08003 } 08004 } 08005 #if defined(CONFIG_RSBAC_MAC) 08006 { 08007 struct rsbac_mac_process_aci_t def_aci = DEFAULT_MAC_P_ACI; 08008 char name[RSBAC_MAXNAMELEN]; 08009 int i; 08010 08011 list_info_p->version = RSBAC_MAC_PROCESS_ACI_VERSION; 08012 list_info_p->key = RSBAC_MAC_PROCESS_ACI_KEY; 08013 list_info_p->desc_size = sizeof(rsbac_pid_t); 08014 list_info_p->data_size = sizeof(struct rsbac_mac_process_aci_t); 08015 list_info_p->max_age = 0; 08016 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++) 08017 { 08018 sprintf(name, "%s%u", RSBAC_MAC_ACI_PROCESS_NAME, i); 08019 08020 err = rsbac_list_register(RSBAC_LIST_VERSION, 08021 &process_handles.mac[i], 08022 list_info_p, 08023 RSBAC_LIST_DEF_DATA, 08024 rsbac_list_compare_u32, 08025 NULL, 08026 &def_aci, 08027 name, 08028 RSBAC_AUTO_DEV); 08029 if(err) 08030 { 08031 registration_error(err, "PROCESS MAC"); 08032 } 08033 } 08034 } 08035 #endif 08036 #if defined(CONFIG_RSBAC_PM) 08037 { 08038 struct rsbac_pm_process_aci_t def_aci = DEFAULT_PM_P_ACI; 08039 08040 list_info_p->version = RSBAC_PM_PROCESS_ACI_VERSION; 08041 list_info_p->key = RSBAC_PM_PROCESS_ACI_KEY; 08042 list_info_p->desc_size = sizeof(rsbac_pid_t); 08043 list_info_p->data_size = sizeof(struct rsbac_pm_process_aci_t); 08044 list_info_p->max_age = 0; 08045 err = rsbac_list_register(RSBAC_LIST_VERSION, 08046 &process_handles.pm, 08047 list_info_p, 08048 RSBAC_LIST_DEF_DATA, 08049 rsbac_list_compare_u32, 08050 NULL, 08051 &def_aci, 08052 RSBAC_PM_ACI_PROCESS_NAME, 08053 RSBAC_AUTO_DEV); 08054 if(err) 08055 { 08056 registration_error(err, "PROCESS PM"); 08057 } 08058 } 08059 #endif 08060 #if defined(CONFIG_RSBAC_DAZ) 08061 { 08062 struct rsbac_daz_process_aci_t def_aci = DEFAULT_DAZ_P_ACI; 08063 08064 list_info_p->version = RSBAC_DAZ_PROCESS_ACI_VERSION; 08065 list_info_p->key = RSBAC_DAZ_PROCESS_ACI_KEY; 08066 list_info_p->desc_size = sizeof(rsbac_pid_t); 08067 list_info_p->data_size = sizeof(struct rsbac_daz_process_aci_t); 08068 list_info_p->max_age = 0; 08069 err = rsbac_list_register(RSBAC_LIST_VERSION, 08070 &process_handles.daz, 08071 list_info_p, 08072 RSBAC_LIST_DEF_DATA, 08073 rsbac_list_compare_u32, 08074 NULL, 08075 &def_aci, 08076 RSBAC_DAZ_ACI_PROCESS_NAME, 08077 RSBAC_AUTO_DEV); 08078 if(err) 08079 { 08080 registration_error(err, "PROCESS DAZ"); 08081 } 08082 } 08083 #endif 08084 #if defined(CONFIG_RSBAC_RC) 08085 { 08086 struct rsbac_rc_process_aci_t def_aci = DEFAULT_RC_P_ACI; 08087 char name[RSBAC_MAXNAMELEN]; 08088 int i; 08089 08090 list_info_p->version = RSBAC_RC_PROCESS_ACI_VERSION; 08091 list_info_p->key = RSBAC_RC_PROCESS_ACI_KEY; 08092 list_info_p->desc_size = sizeof(rsbac_pid_t); 08093 list_info_p->data_size = sizeof(struct rsbac_rc_process_aci_t); 08094 list_info_p->max_age = 0; 08095 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++) 08096 { 08097 sprintf(name, "%s%u", RSBAC_RC_ACI_PROCESS_NAME, i); 08098 err = rsbac_list_register(RSBAC_LIST_VERSION, 08099 &process_handles.rc[i], 08100 list_info_p, 08101 RSBAC_LIST_DEF_DATA, 08102 rsbac_list_compare_u32, 08103 NULL, 08104 &def_aci, 08105 name, 08106 RSBAC_AUTO_DEV); 08107 if(err) 08108 { 08109 registration_error(err, "PROCESS RC"); 08110 } 08111 } 08112 } 08113 #endif 08114 #if defined(CONFIG_RSBAC_AUTH) 08115 { 08116 struct rsbac_auth_process_aci_t def_aci = DEFAULT_AUTH_P_ACI; 08117 08118 list_info_p->version = RSBAC_AUTH_PROCESS_ACI_VERSION; 08119 list_info_p->key = RSBAC_AUTH_PROCESS_ACI_KEY; 08120 list_info_p->desc_size = sizeof(rsbac_pid_t); 08121 list_info_p->data_size = sizeof(struct rsbac_auth_process_aci_t); 08122 list_info_p->max_age = 0; 08123 err = rsbac_list_register(RSBAC_LIST_VERSION, 08124 &process_handles.auth, 08125 list_info_p, 08126 RSBAC_LIST_DEF_DATA, 08127 rsbac_list_compare_u32, 08128 NULL, 08129 &def_aci, 08130 RSBAC_AUTH_ACI_PROCESS_NAME, 08131 RSBAC_AUTO_DEV); 08132 if(err) 08133 { 08134 registration_error(err, "PROCESS AUTH"); 08135 } 08136 } 08137 #endif 08138 #if defined(CONFIG_RSBAC_CAP) 08139 { 08140 struct rsbac_cap_process_aci_t def_aci = DEFAULT_CAP_P_ACI; 08141 08142 #if defined(CONFIG_RSBAC_CAP_PROC_HIDE) 08143 if(rsbac_cap_process_hiding) 08144 def_aci.cap_process_hiding = PH_from_other_users; 08145 #endif 08146 list_info_p->version = RSBAC_CAP_PROCESS_ACI_VERSION; 08147 list_info_p->key = RSBAC_CAP_PROCESS_ACI_KEY; 08148 list_info_p->desc_size = sizeof(rsbac_pid_t); 08149 list_info_p->data_size = sizeof(struct rsbac_cap_process_aci_t); 08150 list_info_p->max_age = 0; 08151 err = rsbac_list_register(RSBAC_LIST_VERSION, 08152 &process_handles.cap, 08153 list_info_p, 08154 RSBAC_LIST_DEF_DATA, 08155 rsbac_list_compare_u32, 08156 NULL, 08157 &def_aci, 08158 RSBAC_CAP_ACI_PROCESS_NAME, 08159 RSBAC_AUTO_DEV); 08160 if(err) 08161 { 08162 registration_error(err, "PROCESS CAP"); 08163 } 08164 } 08165 #endif 08166 #if defined(CONFIG_RSBAC_JAIL) 08167 { 08168 struct rsbac_jail_process_aci_t def_aci = DEFAULT_JAIL_P_ACI; 08169 char name[RSBAC_MAXNAMELEN]; 08170 int i; 08171 08172 list_info_p->version = RSBAC_JAIL_PROCESS_ACI_VERSION; 08173 list_info_p->key = RSBAC_JAIL_PROCESS_ACI_KEY; 08174 list_info_p->desc_size = sizeof(rsbac_pid_t); 08175 list_info_p->data_size = sizeof(struct rsbac_jail_process_aci_t); 08176 list_info_p->max_age = 0; 08177 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++) 08178 { 08179 sprintf(name, "%s%u", RSBAC_JAIL_ACI_PROCESS_NAME, i); 08180 err = rsbac_list_register(RSBAC_LIST_VERSION, 08181 &process_handles.jail[i], 08182 list_info_p, 08183 RSBAC_LIST_DEF_DATA, 08184 rsbac_list_compare_u32, 08185 NULL, 08186 &def_aci, 08187 name, 08188 RSBAC_AUTO_DEV); 08189 if(err) 08190 { 08191 registration_error(err, "PROCESS JAIL"); 08192 } 08193 } 08194 } 08195 #endif 08196 08197 08198 #ifdef CONFIG_RSBAC_NET_DEV 08199 #ifdef CONFIG_RSBAC_DEBUG 08200 if (rsbac_debug_ds) 08201 { 08202 #ifdef CONFIG_RSBAC_RMSG 08203 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering NETDEV lists\n"); 08204 #endif 08205 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08206 if (!rsbac_nosyslog) 08207 #endif 08208 printk(KERN_DEBUG "rsbac_do_init(): registering NETDEV lists\n"); 08209 } 08210 #endif 08211 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 08212 { 08213 struct rsbac_gen_netdev_aci_t def_aci = DEFAULT_GEN_NETDEV_ACI; 08214 08215 list_info_p->version = RSBAC_GEN_NETDEV_ACI_VERSION; 08216 list_info_p->key = RSBAC_GEN_NETDEV_ACI_KEY; 08217 list_info_p->desc_size = sizeof(rsbac_netdev_id_t); 08218 list_info_p->data_size = sizeof(struct rsbac_gen_netdev_aci_t); 08219 list_info_p->max_age = 0; 08220 err = rsbac_list_register(RSBAC_LIST_VERSION, 08221 &netdev_handles.gen, 08222 list_info_p, 08223 RSBAC_LIST_BACKUP | 08224 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 08225 netdev_compare, 08226 NULL, 08227 &def_aci, 08228 RSBAC_GEN_ACI_NETDEV_NAME, 08229 RSBAC_AUTO_DEV); 08230 if(err) 08231 { 08232 registration_error(err, "NETDEV General"); 08233 } 08234 } 08235 #endif 08236 #if defined(CONFIG_RSBAC_RC) 08237 { 08238 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE; 08239 08240 list_info_p->version = RSBAC_RC_NETDEV_ACI_VERSION; 08241 list_info_p->key = RSBAC_RC_NETDEV_ACI_KEY; 08242 list_info_p->desc_size = sizeof(rsbac_netdev_id_t); 08243 list_info_p->data_size = sizeof(rsbac_rc_type_id_t); 08244 list_info_p->max_age = 0; 08245 err = rsbac_list_register(RSBAC_LIST_VERSION, 08246 &netdev_handles.rc, 08247 list_info_p, 08248 RSBAC_LIST_BACKUP | 08249 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 08250 netdev_compare, 08251 NULL, 08252 &def_aci, 08253 RSBAC_RC_ACI_NETDEV_NAME, 08254 RSBAC_AUTO_DEV); 08255 if(err) 08256 { 08257 registration_error(err, "NETDEV RC"); 08258 } 08259 } 08260 #endif 08261 #endif 08262 08263 #ifdef CONFIG_RSBAC_NET_OBJ 08264 #ifdef CONFIG_RSBAC_DEBUG 08265 if (rsbac_debug_ds) 08266 { 08267 #ifdef CONFIG_RSBAC_RMSG 08268 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering network template list\n"); 08269 #endif 08270 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08271 if (!rsbac_nosyslog) 08272 #endif 08273 printk(KERN_DEBUG "rsbac_do_init(): registering network template list\n"); 08274 } 08275 #endif 08276 list_info_p->version = RSBAC_NET_TEMP_VERSION; 08277 list_info_p->key = RSBAC_NET_TEMP_KEY; 08278 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t); 08279 list_info_p->data_size = sizeof(struct rsbac_net_temp_data_t); 08280 list_info_p->max_age = 0; 08281 err = rsbac_list_register(RSBAC_LIST_VERSION, 08282 &net_temp_handle, 08283 list_info_p, 08284 RSBAC_LIST_BACKUP | 08285 RSBAC_LIST_PERSIST, 08286 rsbac_list_compare_u32, 08287 NULL, 08288 NULL, 08289 RSBAC_NET_TEMP_NAME, 08290 RSBAC_AUTO_DEV); 08291 if(err) 08292 { 08293 registration_error(err, "Network Template"); 08294 } 08295 else 08296 if(!rsbac_no_defaults && !rsbac_list_count(net_temp_handle)) 08297 { 08298 rsbac_net_temp_id_t id; 08299 struct rsbac_net_temp_data_t unix_data = RSBAC_NET_TEMP_UNIX_DATA; 08300 struct rsbac_net_temp_data_t lnet_data = RSBAC_NET_TEMP_LNET_DATA; 08301 struct rsbac_net_temp_data_t lan_data = RSBAC_NET_TEMP_LAN_DATA; 08302 struct rsbac_net_temp_data_t auto_data = RSBAC_NET_TEMP_AUTO_DATA; 08303 struct rsbac_net_temp_data_t inet_data = RSBAC_NET_TEMP_INET_DATA; 08304 struct rsbac_net_temp_data_t all_data = RSBAC_NET_TEMP_ALL_DATA; 08305 08306 #ifdef CONFIG_RSBAC_RMSG 08307 rsbac_printk(KERN_WARNING 08308 "rsbac_do_init(): Network Templates could not be read - generating standard entries!\n"); 08309 #endif 08310 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08311 if (!rsbac_nosyslog) 08312 #endif 08313 printk(KERN_WARNING 08314 "rsbac_do_init(): Network Templates could not be read - generating standard entries!\n"); 08315 id = RSBAC_NET_TEMP_UNIX_ID; 08316 rsbac_list_add(net_temp_handle, &id, &unix_data); 08317 id = RSBAC_NET_TEMP_LNET_ID; 08318 rsbac_net_str_to_inet(RSBAC_NET_TEMP_LNET_ADDRESS, (__u32 *) lnet_data.address); 08319 rsbac_list_add(net_temp_handle, &id, &lnet_data); 08320 id = RSBAC_NET_TEMP_LAN_ID; 08321 rsbac_net_str_to_inet(RSBAC_NET_TEMP_LAN_ADDRESS, (__u32 *) lan_data.address); 08322 rsbac_list_add(net_temp_handle, &id, &lan_data); 08323 id = RSBAC_NET_TEMP_AUTO_ID; 08324 rsbac_net_str_to_inet(RSBAC_NET_TEMP_AUTO_ADDRESS, (__u32 *) auto_data.address); 08325 rsbac_list_add(net_temp_handle, &id, &auto_data); 08326 id = RSBAC_NET_TEMP_INET_ID; 08327 rsbac_list_add(net_temp_handle, &id, &inet_data); 08328 id = RSBAC_NET_TEMP_ALL_ID; 08329 rsbac_list_add(net_temp_handle, &id, &all_data); 08330 } 08331 08332 #ifdef CONFIG_RSBAC_DEBUG 08333 if (rsbac_debug_ds) 08334 { 08335 #ifdef CONFIG_RSBAC_RMSG 08336 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering NETTEMP lists\n"); 08337 #endif 08338 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08339 if (!rsbac_nosyslog) 08340 #endif 08341 printk(KERN_DEBUG "rsbac_do_init(): registering NETTEMP lists\n"); 08342 } 08343 #endif 08344 08345 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG) 08346 { 08347 struct rsbac_gen_netobj_aci_t def_aci = DEFAULT_GEN_NETOBJ_ACI; 08348 08349 list_info_p->version = RSBAC_GEN_NETOBJ_ACI_VERSION; 08350 list_info_p->key = RSBAC_GEN_NETOBJ_ACI_KEY; 08351 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t); 08352 list_info_p->data_size = sizeof(struct rsbac_gen_netobj_aci_t); 08353 list_info_p->max_age = 0; 08354 err = rsbac_list_register(RSBAC_LIST_VERSION, 08355 &nettemp_handles.gen, 08356 list_info_p, 08357 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 08358 rsbac_list_compare_u32, 08359 NULL, 08360 &def_aci, 08361 RSBAC_GEN_ACI_NETTEMP_NAME, 08362 RSBAC_AUTO_DEV); 08363 if(err) 08364 { 08365 registration_error(err, "NETTEMP GEN"); 08366 } 08367 } 08368 #endif 08369 #if defined(CONFIG_RSBAC_MAC) 08370 { 08371 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI; 08372 08373 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION; 08374 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY; 08375 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t); 08376 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t); 08377 list_info_p->max_age = 0; 08378 err = rsbac_list_register(RSBAC_LIST_VERSION, 08379 &nettemp_handles.mac, 08380 list_info_p, 08381 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 08382 rsbac_list_compare_u32, 08383 NULL, 08384 &def_aci, 08385 RSBAC_MAC_ACI_NETTEMP_NAME, 08386 RSBAC_AUTO_DEV); 08387 if(err) 08388 { 08389 registration_error(err, "NETTEMP MAC"); 08390 } 08391 } 08392 #endif 08393 #if defined(CONFIG_RSBAC_FC) 08394 { 08395 rsbac_fc_oc_t def_aci = RSBAC_FC_OC_ROOT_DEF; 08396 08397 list_info_p->version = RSBAC_FC_NETOBJ_ACI_VERSION; 08398 list_info_p->key = RSBAC_FC_NETOBJ_ACI_KEY; 08399 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t); 08400 list_info_p->data_size = sizeof(rsbac_fc_oc_t); 08401 list_info_p->max_age = 0; 08402 err = rsbac_list_register(RSBAC_LIST_VERSION, 08403 &nettemp_handles.fc, 08404 list_info_p, 08405 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 08406 rsbac_list_compare_u32, 08407 NULL, 08408 &def_aci, 08409 RSBAC_FC_ACI_NETTEMP_NAME, 08410 RSBAC_AUTO_DEV); 08411 if(err) 08412 { 08413 registration_error(err, "NETTEMP FC"); 08414 } 08415 } 08416 #endif 08417 #if defined(CONFIG_RSBAC_SIM) 08418 { 08419 rsbac_sim_dt_t def_aci = RSBAC_SIM_DT_ROOT_DEF; 08420 08421 list_info_p->version = RSBAC_SIM_NETOBJ_ACI_VERSION; 08422 list_info_p->key = RSBAC_SIM_NETOBJ_ACI_KEY; 08423 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t); 08424 list_info_p->data_size = sizeof(rsbac_sim_dt_t); 08425 list_info_p->max_age = 0; 08426 err = rsbac_list_register(RSBAC_LIST_VERSION, 08427 &nettemp_handles.sim, 08428 list_info_p, 08429 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 08430 rsbac_list_compare_u32, 08431 NULL, 08432 &def_aci, 08433 RSBAC_SIM_ACI_NETTEMP_NAME, 08434 RSBAC_AUTO_DEV); 08435 if(err) 08436 { 08437 registration_error(err, "NETTEMP SIM"); 08438 } 08439 } 08440 #endif 08441 #if defined(CONFIG_RSBAC_PM) 08442 { 08443 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI; 08444 08445 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION; 08446 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY; 08447 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t); 08448 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t); 08449 list_info_p->max_age = 0; 08450 err = rsbac_list_register(RSBAC_LIST_VERSION, 08451 &nettemp_handles.pm, 08452 list_info_p, 08453 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 08454 rsbac_list_compare_u32, 08455 NULL, 08456 &def_aci, 08457 RSBAC_PM_ACI_NETTEMP_NAME, 08458 RSBAC_AUTO_DEV); 08459 if(err) 08460 { 08461 registration_error(err, "NETTEMP PM"); 08462 } 08463 } 08464 #endif 08465 #if defined(CONFIG_RSBAC_RC) 08466 { 08467 struct rsbac_rc_nettemp_aci_t def_aci = DEFAULT_RC_NETTEMP_ACI; 08468 08469 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION; 08470 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY; 08471 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t); 08472 list_info_p->data_size = sizeof(struct rsbac_rc_nettemp_aci_t); 08473 list_info_p->max_age = 0; 08474 err = rsbac_list_register(RSBAC_LIST_VERSION, 08475 &nettemp_handles.rc, 08476 list_info_p, 08477 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA, 08478 rsbac_list_compare_u32, 08479 NULL, 08480 &def_aci, 08481 RSBAC_RC_ACI_NETTEMP_NAME, 08482 RSBAC_AUTO_DEV); 08483 if(err) 08484 { 08485 registration_error(err, "NETTEMP RC"); 08486 } 08487 } 08488 #endif 08489 08490 #ifdef CONFIG_RSBAC_DEBUG 08491 if (rsbac_debug_ds) 08492 { 08493 #ifdef CONFIG_RSBAC_RMSG 08494 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering local NETOBJ lists\n"); 08495 #endif 08496 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08497 if (!rsbac_nosyslog) 08498 #endif 08499 printk(KERN_DEBUG "rsbac_do_init(): registering local NETOBJ lists\n"); 08500 } 08501 #endif 08502 #if defined(CONFIG_RSBAC_MAC) 08503 { 08504 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI; 08505 08506 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION; 08507 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY; 08508 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t); 08509 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t); 08510 list_info_p->max_age = 0; 08511 err = rsbac_list_register(RSBAC_LIST_VERSION, 08512 &lnetobj_handles.mac, 08513 list_info_p, 08514 0, 08515 rsbac_list_compare_u32, 08516 NULL, 08517 &def_aci, 08518 RSBAC_MAC_ACI_LNETOBJ_NAME, 08519 RSBAC_AUTO_DEV); 08520 if(err) 08521 { 08522 registration_error(err, "LNETOBJ MAC"); 08523 } 08524 } 08525 #endif 08526 #if defined(CONFIG_RSBAC_FC) 08527 { 08528 rsbac_fc_oc_t def_aci = RSBAC_FC_OC_ROOT_DEF; 08529 08530 list_info_p->version = RSBAC_FC_NETOBJ_ACI_VERSION; 08531 list_info_p->key = RSBAC_FC_NETOBJ_ACI_KEY; 08532 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t); 08533 list_info_p->data_size = sizeof(rsbac_fc_oc_t); 08534 list_info_p->max_age = 0; 08535 err = rsbac_list_register(RSBAC_LIST_VERSION, 08536 &lnetobj_handles.fc, 08537 list_info_p, 08538 0, 08539 rsbac_list_compare_u32, 08540 NULL, 08541 &def_aci, 08542 RSBAC_FC_ACI_LNETOBJ_NAME, 08543 RSBAC_AUTO_DEV); 08544 if(err) 08545 { 08546 registration_error(err, "LNETOBJ FC"); 08547 } 08548 } 08549 #endif 08550 #if defined(CONFIG_RSBAC_SIM) 08551 { 08552 rsbac_sim_dt_t def_aci = RSBAC_SIM_DT_ROOT_DEF; 08553 08554 list_info_p->version = RSBAC_SIM_NETOBJ_ACI_VERSION; 08555 list_info_p->key = RSBAC_SIM_NETOBJ_ACI_KEY; 08556 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t); 08557 list_info_p->data_size = sizeof(rsbac_sim_dt_t); 08558 list_info_p->max_age = 0; 08559 err = rsbac_list_register(RSBAC_LIST_VERSION, 08560 &lnetobj_handles.sim, 08561 list_info_p, 08562 0, 08563 rsbac_list_compare_u32, 08564 NULL, 08565 &def_aci, 08566 RSBAC_SIM_ACI_LNETOBJ_NAME, 08567 RSBAC_AUTO_DEV); 08568 if(err) 08569 { 08570 registration_error(err, "LNETOBJ SIM"); 08571 } 08572 } 08573 #endif 08574 #if defined(CONFIG_RSBAC_PM) 08575 { 08576 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI; 08577 08578 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION; 08579 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY; 08580 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t); 08581 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t); 08582 list_info_p->max_age = 0; 08583 err = rsbac_list_register(RSBAC_LIST_VERSION, 08584 &lnetobj_handles.pm, 08585 list_info_p, 08586 0, 08587 rsbac_list_compare_u32, 08588 NULL, 08589 &def_aci, 08590 RSBAC_PM_ACI_LNETOBJ_NAME, 08591 RSBAC_AUTO_DEV); 08592 if(err) 08593 { 08594 registration_error(err, "LNETOBJ PM"); 08595 } 08596 } 08597 #endif 08598 #if defined(CONFIG_RSBAC_RC) 08599 { 08600 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE; 08601 08602 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION; 08603 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY; 08604 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t); 08605 list_info_p->data_size = sizeof(rsbac_rc_type_id_t); 08606 list_info_p->max_age = 0; 08607 err = rsbac_list_register(RSBAC_LIST_VERSION, 08608 &lnetobj_handles.rc, 08609 list_info_p, 08610 0, 08611 rsbac_list_compare_u32, 08612 NULL, 08613 &def_aci, 08614 RSBAC_RC_ACI_LNETOBJ_NAME, 08615 RSBAC_AUTO_DEV); 08616 if(err) 08617 { 08618 registration_error(err, "LNETOBJ RC"); 08619 } 08620 } 08621 #endif 08622 08623 #ifdef CONFIG_RSBAC_DEBUG 08624 if (rsbac_debug_ds) 08625 { 08626 #ifdef CONFIG_RSBAC_RMSG 08627 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering remote NETOBJ lists\n"); 08628 #endif 08629 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08630 if (!rsbac_nosyslog) 08631 #endif 08632 printk(KERN_DEBUG "rsbac_do_init(): registering remote NETOBJ lists\n"); 08633 } 08634 #endif 08635 #if defined(CONFIG_RSBAC_MAC) 08636 { 08637 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI; 08638 08639 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION; 08640 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY; 08641 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t); 08642 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t); 08643 list_info_p->max_age = 0; 08644 err = rsbac_list_register(RSBAC_LIST_VERSION, 08645 &rnetobj_handles.mac, 08646 list_info_p, 08647 0, 08648 rsbac_list_compare_u32, 08649 NULL, 08650 &def_aci, 08651 RSBAC_MAC_ACI_RNETOBJ_NAME, 08652 RSBAC_AUTO_DEV); 08653 if(err) 08654 { 08655 registration_error(err, "RNETOBJ MAC"); 08656 } 08657 } 08658 #endif 08659 #if defined(CONFIG_RSBAC_FC) 08660 { 08661 rsbac_fc_oc_t def_aci = RSBAC_FC_OC_ROOT_DEF; 08662 08663 list_info_p->version = RSBAC_FC_NETOBJ_ACI_VERSION; 08664 list_info_p->key = RSBAC_FC_NETOBJ_ACI_KEY; 08665 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t); 08666 list_info_p->data_size = sizeof(rsbac_fc_oc_t); 08667 list_info_p->max_age = 0; 08668 err = rsbac_list_register(RSBAC_LIST_VERSION, 08669 &rnetobj_handles.fc, 08670 list_info_p, 08671 0, 08672 rsbac_list_compare_u32, 08673 NULL, 08674 &def_aci, 08675 RSBAC_FC_ACI_RNETOBJ_NAME, 08676 RSBAC_AUTO_DEV); 08677 if(err) 08678 { 08679 registration_error(err, "RNETOBJ FC"); 08680 } 08681 } 08682 #endif 08683 #if defined(CONFIG_RSBAC_SIM) 08684 { 08685 rsbac_sim_dt_t def_aci = RSBAC_SIM_DT_ROOT_DEF; 08686 08687 list_info_p->version = RSBAC_SIM_NETOBJ_ACI_VERSION; 08688 list_info_p->key = RSBAC_SIM_NETOBJ_ACI_KEY; 08689 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t); 08690 list_info_p->data_size = sizeof(rsbac_sim_dt_t); 08691 list_info_p->max_age = 0; 08692 err = rsbac_list_register(RSBAC_LIST_VERSION, 08693 &rnetobj_handles.sim, 08694 list_info_p, 08695 0, 08696 rsbac_list_compare_u32, 08697 NULL, 08698 &def_aci, 08699 RSBAC_SIM_ACI_RNETOBJ_NAME, 08700 RSBAC_AUTO_DEV); 08701 if(err) 08702 { 08703 registration_error(err, "RNETOBJ SIM"); 08704 } 08705 } 08706 #endif 08707 #if defined(CONFIG_RSBAC_PM) 08708 { 08709 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI; 08710 08711 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION; 08712 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY; 08713 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t); 08714 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t); 08715 list_info_p->max_age = 0; 08716 err = rsbac_list_register(RSBAC_LIST_VERSION, 08717 &rnetobj_handles.pm, 08718 list_info_p, 08719 0, 08720 rsbac_list_compare_u32, 08721 NULL, 08722 &def_aci, 08723 RSBAC_PM_ACI_RNETOBJ_NAME, 08724 RSBAC_AUTO_DEV); 08725 if(err) 08726 { 08727 registration_error(err, "RNETOBJ PM"); 08728 } 08729 } 08730 #endif 08731 #if defined(CONFIG_RSBAC_RC) 08732 { 08733 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE; 08734 08735 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION; 08736 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY; 08737 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t); 08738 list_info_p->data_size = sizeof(rsbac_rc_type_id_t); 08739 list_info_p->max_age = 0; 08740 err = rsbac_list_register(RSBAC_LIST_VERSION, 08741 &rnetobj_handles.rc, 08742 list_info_p, 08743 0, 08744 rsbac_list_compare_u32, 08745 NULL, 08746 &def_aci, 08747 RSBAC_RC_ACI_RNETOBJ_NAME, 08748 RSBAC_AUTO_DEV); 08749 if(err) 08750 { 08751 registration_error(err, "RNETOBJ RC"); 08752 } 08753 } 08754 #endif 08755 #endif /* NET_OBJ */ 08756 08757 /* Call other init functions */ 08758 #if defined(CONFIG_RSBAC_MAC) 08759 #ifdef CONFIG_RSBAC_DEBUG 08760 if(rsbac_debug_stack) 08761 { 08762 unsigned long * n = (unsigned long *) (current+1); 08763 08764 while (!*n) 08765 n++; 08766 #ifdef CONFIG_RSBAC_RMSG 08767 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_mac: %lu\n", 08768 (unsigned long) n - (unsigned long)(current+1)); 08769 #endif 08770 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08771 if (!rsbac_nosyslog) 08772 #endif 08773 printk(KERN_DEBUG "rsbac_do_init: free stack before init_mac: %lu\n", 08774 (unsigned long) n - (unsigned long)(current+1)); 08775 } 08776 #endif 08777 rsbac_init_mac(); 08778 #endif 08779 08780 #ifdef CONFIG_RSBAC_PM 08781 #ifdef CONFIG_RSBAC_DEBUG 08782 if(rsbac_debug_stack) 08783 { 08784 unsigned long * n = (unsigned long *) (current+1); 08785 08786 while (!*n) 08787 n++; 08788 #ifdef CONFIG_RSBAC_RMSG 08789 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_pm: %lu\n", 08790 (unsigned long) n - (unsigned long)(current+1)); 08791 #endif 08792 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08793 if (!rsbac_nosyslog) 08794 #endif 08795 printk(KERN_DEBUG "rsbac_do_init: free stack before init_pm: %lu\n", 08796 (unsigned long) n - (unsigned long)(current+1)); 08797 } 08798 #endif 08799 rsbac_init_pm(); 08800 #endif 08801 08802 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT) 08803 #ifdef CONFIG_RSBAC_DEBUG 08804 if(rsbac_debug_stack) 08805 { 08806 unsigned long * n = (unsigned long *) (current+1); 08807 08808 while (!*n) 08809 n++; 08810 #ifdef CONFIG_RSBAC_RMSG 08811 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_daz: %lu\n", 08812 (unsigned long) n - (unsigned long)(current+1)); 08813 #endif 08814 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08815 if (!rsbac_nosyslog) 08816 #endif 08817 printk(KERN_DEBUG "rsbac_do_init: free stack before init_daz: %lu\n", 08818 (unsigned long) n - (unsigned long)(current+1)); 08819 } 08820 #endif 08821 rsbac_init_daz(); 08822 #endif 08823 08824 #if defined(CONFIG_RSBAC_RC) 08825 #ifdef CONFIG_RSBAC_DEBUG 08826 if(rsbac_debug_stack) 08827 { 08828 unsigned long * n = (unsigned long *) (current+1); 08829 08830 while (!*n) 08831 n++; 08832 #ifdef CONFIG_RSBAC_RMSG 08833 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_rc: %lu\n", 08834 (unsigned long) n - (unsigned long)(current+1)); 08835 #endif 08836 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08837 if (!rsbac_nosyslog) 08838 #endif 08839 printk(KERN_DEBUG "rsbac_do_init: free stack before init_rc: %lu\n", 08840 (unsigned long) n - (unsigned long)(current+1)); 08841 } 08842 #endif 08843 rsbac_init_rc(); 08844 #endif 08845 08846 #if defined(CONFIG_RSBAC_AUTH) 08847 #ifdef CONFIG_RSBAC_DEBUG 08848 if(rsbac_debug_stack) 08849 { 08850 unsigned long * n = (unsigned long *) (current+1); 08851 08852 while (!*n) 08853 n++; 08854 #ifdef CONFIG_RSBAC_RMSG 08855 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_auth: %lu\n", 08856 (unsigned long) n - (unsigned long)(current+1)); 08857 #endif 08858 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08859 if (!rsbac_nosyslog) 08860 #endif 08861 printk(KERN_DEBUG "rsbac_do_init: free stack before init_auth: %lu\n", 08862 (unsigned long) n - (unsigned long)(current+1)); 08863 } 08864 #endif 08865 rsbac_init_auth(); 08866 if (rsbac_auth_enable_login) 08867 { 08868 struct dentry * t_dentry; 08869 struct dentry * dir_dentry = NULL; 08870 struct rsbac_auth_fd_aci_t auth_fd_aci = DEFAULT_AUTH_FD_ACI; 08871 int list_no; 08872 08873 #ifdef CONFIG_RSBAC_RMSG 08874 rsbac_printk(KERN_WARNING 08875 "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n", 08876 RSBAC_AUTH_LOGIN_PATH); 08877 #endif 08878 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08879 if (!rsbac_nosyslog) 08880 #endif 08881 printk(KERN_WARNING 08882 "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n", 08883 RSBAC_AUTH_LOGIN_PATH); 08884 08885 /* lookup filename */ 08886 if(sb_p) 08887 { 08888 dir_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_DIR, 08889 sb_p->s_root, 08890 strlen(RSBAC_AUTH_LOGIN_PATH_DIR)); 08891 } 08892 if (!dir_dentry) 08893 { 08894 err = -RSBAC_ENOTFOUND; 08895 #ifdef CONFIG_RSBAC_RMSG 08896 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n", 08897 RSBAC_AUTH_LOGIN_PATH_DIR); 08898 #endif 08899 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08900 if (!rsbac_nosyslog) 08901 #endif 08902 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n", 08903 RSBAC_AUTH_LOGIN_PATH_DIR); 08904 goto auth_out; 08905 } 08906 if (IS_ERR(dir_dentry)) 08907 { 08908 err = PTR_ERR(dir_dentry); 08909 #ifdef CONFIG_RSBAC_RMSG 08910 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n", 08911 RSBAC_AUTH_LOGIN_PATH_DIR, 08912 err); 08913 #endif 08914 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08915 if (!rsbac_nosyslog) 08916 #endif 08917 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n", 08918 RSBAC_AUTH_LOGIN_PATH_DIR, 08919 err); 08920 goto auth_out; 08921 } 08922 if (!dir_dentry->d_inode) 08923 { 08924 err = -RSBAC_ENOTFOUND; 08925 #ifdef CONFIG_RSBAC_RMSG 08926 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n", 08927 RSBAC_AUTH_LOGIN_PATH_DIR); 08928 #endif 08929 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08930 if (!rsbac_nosyslog) 08931 #endif 08932 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n", 08933 RSBAC_AUTH_LOGIN_PATH_DIR); 08934 dput(dir_dentry); 08935 goto auth_out; 08936 } 08937 t_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_FILE, 08938 dir_dentry, 08939 strlen(RSBAC_AUTH_LOGIN_PATH_FILE)); 08940 if (!t_dentry) 08941 { 08942 err = -RSBAC_ENOTFOUND; 08943 #ifdef CONFIG_RSBAC_RMSG 08944 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n", 08945 RSBAC_AUTH_LOGIN_PATH_DIR, 08946 RSBAC_AUTH_LOGIN_PATH_FILE); 08947 #endif 08948 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08949 if (!rsbac_nosyslog) 08950 #endif 08951 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n", 08952 RSBAC_AUTH_LOGIN_PATH_DIR, 08953 RSBAC_AUTH_LOGIN_PATH_FILE); 08954 goto auth_out; 08955 } 08956 if (IS_ERR(t_dentry)) 08957 { 08958 err = PTR_ERR(t_dentry); 08959 #ifdef CONFIG_RSBAC_RMSG 08960 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n", 08961 RSBAC_AUTH_LOGIN_PATH_DIR, 08962 RSBAC_AUTH_LOGIN_PATH_FILE, 08963 err); 08964 #endif 08965 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08966 if (!rsbac_nosyslog) 08967 #endif 08968 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n", 08969 RSBAC_AUTH_LOGIN_PATH_DIR, 08970 RSBAC_AUTH_LOGIN_PATH_FILE, 08971 err); 08972 goto auth_out; 08973 } 08974 if (!t_dentry->d_inode) 08975 { 08976 err = -RSBAC_ENOTFOUND; 08977 #ifdef CONFIG_RSBAC_RMSG 08978 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n", 08979 RSBAC_AUTH_LOGIN_PATH_DIR, 08980 RSBAC_AUTH_LOGIN_PATH_FILE); 08981 #endif 08982 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08983 if (!rsbac_nosyslog) 08984 #endif 08985 printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n", 08986 RSBAC_AUTH_LOGIN_PATH_DIR, 08987 RSBAC_AUTH_LOGIN_PATH_FILE); 08988 dput(t_dentry); 08989 goto auth_out; 08990 } 08991 08992 if (!t_dentry->d_inode) 08993 { 08994 #ifdef CONFIG_RSBAC_RMSG 08995 rsbac_printk(KERN_WARNING "rsbac_do_init(): file %s not found\n", 08996 RSBAC_AUTH_LOGIN_PATH); 08997 #endif 08998 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 08999 if (!rsbac_nosyslog) 09000 #endif 09001 printk(KERN_WARNING "rsbac_do_init(): file %s not found\n", 09002 RSBAC_AUTH_LOGIN_PATH); 09003 err = -RSBAC_EINVALIDTARGET; 09004 goto auth_out_dput; 09005 } 09006 /* is inode of type file? */ 09007 if (!S_ISREG(t_dentry->d_inode->i_mode)) 09008 { 09009 #ifdef CONFIG_RSBAC_RMSG 09010 rsbac_printk(KERN_WARNING "rsbac_do_init(): %s is no file\n", RSBAC_AUTH_LOGIN_PATH); 09011 #endif 09012 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09013 if (!rsbac_nosyslog) 09014 #endif 09015 printk(KERN_WARNING "rsbac_do_init(): %s is no file\n", RSBAC_AUTH_LOGIN_PATH); 09016 err = -RSBAC_EINVALIDTARGET; 09017 goto auth_out_dput; 09018 } 09019 list_no = auth_fd_hash(t_dentry->d_inode->i_ino); 09020 rsbac_list_get_data(device_p->handles.auth[list_no], 09021 &t_dentry->d_inode->i_ino, 09022 &auth_fd_aci); 09023 auth_fd_aci.auth_may_setuid = TRUE; 09024 if(rsbac_list_add(device_p->handles.auth[list_no], 09025 &t_dentry->d_inode->i_ino, 09026 &auth_fd_aci)) 09027 { /* Adding failed! */ 09028 #ifdef CONFIG_RSBAC_RMSG 09029 rsbac_printk(KERN_WARNING 09030 "rsbac_do_init(): Could not add AUTH file/dir item!\n"); 09031 #endif 09032 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09033 if (!rsbac_nosyslog) 09034 #endif 09035 printk(KERN_WARNING 09036 "rsbac_do_init(): Could not add AUTH file/dir item!\n"); 09037 err = -RSBAC_ECOULDNOTADDITEM; 09038 } 09039 09040 auth_out_dput: 09041 auth_out: 09042 { } 09043 } 09044 #endif 09045 09046 #if defined(CONFIG_RSBAC_ACL) 09047 #ifdef CONFIG_RSBAC_DEBUG 09048 if(rsbac_debug_stack) 09049 { 09050 unsigned long * n = (unsigned long *) (current+1); 09051 09052 while (!*n) 09053 n++; 09054 #ifdef CONFIG_RSBAC_RMSG 09055 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_acl: %lu\n", 09056 (unsigned long) n - (unsigned long)(current+1)); 09057 #endif 09058 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09059 if (!rsbac_nosyslog) 09060 #endif 09061 printk(KERN_DEBUG "rsbac_do_init: free stack before init_acl: %lu\n", 09062 (unsigned long) n - (unsigned long)(current+1)); 09063 } 09064 #endif 09065 rsbac_init_acl(); 09066 #endif 09067 09068 09069 #ifdef CONFIG_RSBAC_DEBUG 09070 if(rsbac_debug_stack) 09071 { 09072 unsigned long * n = (unsigned long *) (current+1); 09073 09074 while (!*n) 09075 n++; 09076 #ifdef CONFIG_RSBAC_RMSG 09077 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_adf: %lu\n", 09078 (unsigned long) n - (unsigned long)(current+1)); 09079 #endif 09080 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09081 if (!rsbac_nosyslog) 09082 #endif 09083 printk(KERN_DEBUG "rsbac_do_init: free stack before init_adf: %lu\n", 09084 (unsigned long) n - (unsigned long)(current+1)); 09085 } 09086 #endif 09087 rsbac_init_adf(); 09088 09089 /* free super_block pointer */ 09090 drop_super(sb_p); 09091 09092 #if defined(CONFIG_RSBAC_PAX) && defined(CONFIG_PAX_HOOK_ACL_FLAGS) 09093 pax_set_flags_func = rsbac_pax_set_flags_func; 09094 #endif 09095 09096 /* Tell that rsbac is initialized */ 09097 rsbac_initialized = TRUE; 09098 09099 /* Add initrd mount */ 09100 #ifdef CONFIG_BLK_DEV_INITRD 09101 if(initrd_start) 09102 { 09103 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09104 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,0)); 09105 #else 09106 sb_p = get_super(MKDEV(RAMDISK_MAJOR,0)); 09107 #endif 09108 if(sb_p) 09109 { 09110 rsbac_mount(sb_p, NULL); 09111 drop_super(sb_p); 09112 } 09113 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09114 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR)); 09115 #else 09116 sb_p = get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR)); 09117 #endif 09118 if(sb_p) 09119 { 09120 rsbac_mount(sb_p, NULL); 09121 drop_super(sb_p); 09122 } 09123 } 09124 #endif 09125 09126 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09127 /* Add sysfs mount */ 09128 if( sysfs_covered_p 09129 && sysfs_sb_p 09130 ) 09131 { 09132 #ifdef CONFIG_RSBAC_RMSG 09133 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n", 09134 MAJOR(sysfs_sb_p->s_dev), MINOR(sysfs_sb_p->s_dev)); 09135 #endif 09136 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09137 if (!rsbac_nosyslog) 09138 #endif 09139 printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n", 09140 MAJOR(sysfs_sb_p->s_dev), MINOR(sysfs_sb_p->s_dev)); 09141 rsbac_mount(sysfs_sb_p, sysfs_covered_p); 09142 } 09143 #endif 09144 09145 /* Add devfs mount */ 09146 #ifdef CONFIG_DEVFS_MOUNT 09147 if( devfs_covered_p 09148 && devfs_sb_p 09149 ) 09150 { 09151 #ifdef CONFIG_RSBAC_RMSG 09152 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n", 09153 MAJOR(devfs_sb_p->s_dev), MINOR(devfs_sb_p->s_dev)); 09154 #endif 09155 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09156 if (!rsbac_nosyslog) 09157 #endif 09158 printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n", 09159 MAJOR(devfs_sb_p->s_dev), MINOR(devfs_sb_p->s_dev)); 09160 rsbac_mount(devfs_sb_p, devfs_covered_p); 09161 } 09162 #endif 09163 09164 /* Force a check, if configured */ 09165 #ifdef CONFIG_RSBAC_INIT_CHECK 09166 #ifdef CONFIG_RSBAC_DEBUG 09167 if(rsbac_debug_stack) 09168 { 09169 unsigned long * n = (unsigned long *) (current+1); 09170 09171 while (!*n) 09172 n++; 09173 #ifdef CONFIG_RSBAC_RMSG 09174 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before rsbac_check: %lu\n", 09175 (unsigned long) n - (unsigned long)(current+1)); 09176 #endif 09177 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09178 if (!rsbac_nosyslog) 09179 #endif 09180 printk(KERN_DEBUG "rsbac_do_init: free stack before rsbac_check: %lu\n", 09181 (unsigned long) n - (unsigned long)(current+1)); 09182 } 09183 #endif 09184 #ifdef CONFIG_RSBAC_RMSG 09185 rsbac_printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n"); 09186 #endif 09187 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09188 if (!rsbac_nosyslog) 09189 #endif 09190 printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n"); 09191 rsbac_check_lists(1); 09192 rsbac_check(1,0); 09193 /* call other checks */ 09194 #if defined(CONFIG_RSBAC_AUTH) 09195 rsbac_check_auth(1,0); 09196 #endif 09197 #if defined(CONFIG_RSBAC_ACL) 09198 rsbac_check_acl(1,0); 09199 #endif 09200 #endif 09201 09202 if (!current->fs) 09203 { 09204 #ifdef CONFIG_RSBAC_RMSG 09205 rsbac_printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n"); 09206 #endif 09207 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09208 if (!rsbac_nosyslog) 09209 #endif 09210 printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n"); 09211 err = -RSBAC_EINVALIDPOINTER; 09212 } 09213 out: 09214 /* Ready. */ 09215 #ifdef CONFIG_RSBAC_RMSG 09216 rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n"); 09217 #endif 09218 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09219 if (!rsbac_nosyslog) 09220 #endif 09221 printk(KERN_INFO "rsbac_do_init(): Ready.\n"); 09222 09223 kfree(list_info_p); 09224 return(err); 09225 09226 out_free: 09227 /* free super_block pointer */ 09228 drop_super(sb_p); 09229 goto out; 09230 }; 09231 09232 09233 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \ 09234 || defined(CONFIG_RSBAC_INIT_THREAD) 09235 /* rsbac kernel timer for auto-write */ 09236 void wakeup_rsbacd(u_long dummy) 09237 { 09238 wake_up(&rsbacd_wait); 09239 } 09240 #endif 09241 09242 #ifdef CONFIG_RSBAC_INIT_THREAD 09243 /* rsbac kernel daemon for init */ 09244 static int rsbac_initd(void * dummy) 09245 { 09246 printk(KERN_INFO "rsbac_initd(): Initializing.\n"); 09247 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09248 daemonize("rsbac_initd"); 09249 #else 09250 current->session = 1; 09251 current->pgrp = 1; 09252 strcpy(current->comm, "rsbac_initd"); 09253 #endif 09254 09255 /* Dead loop for timeout testing */ 09256 /* while(1) { } */ 09257 09258 #ifdef CONFIG_RSBAC_DEBUG 09259 if(rsbac_debug_stack) 09260 { 09261 unsigned long * n = (unsigned long *) (current+1); 09262 09263 while (!*n) 09264 n++; 09265 printk(KERN_DEBUG "rsbac_initd: free stack before rsbac_do_init(): %lu\n", 09266 (unsigned long) n - (unsigned long)(current+1)); 09267 } 09268 #endif 09269 /* init RSBAC */ 09270 rsbac_do_init(); 09271 09272 #ifdef CONFIG_RSBAC_DEBUG 09273 if(rsbac_debug_stack) 09274 { 09275 unsigned long * n = (unsigned long *) (current+1); 09276 09277 while (!*n) 09278 n++; 09279 printk(KERN_DEBUG "rsbac_initd: free stack after rsbac_do_init(): %lu\n", 09280 (unsigned long) n - (unsigned long)(current+1)); 09281 } 09282 #endif 09283 /* wake up init process */ 09284 wake_up(&rsbacd_wait); 09285 /* ready */ 09286 printk(KERN_INFO "rsbac_initd(): Exiting.\n"); 09287 do_exit(0); 09288 return 0; 09289 } 09290 #endif 09291 09292 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0) 09293 /* rsbac kernel daemon for auto-write */ 09294 static int rsbacd(void * dummy) 09295 { 09296 struct task_struct *tsk = current; 09297 char * name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 09298 #if 0 09299 #if defined(CONFIG_RSBAC_DAZ_CACHE) 09300 rsbac_time_t daz_cleanup_time 09301 = jiffies + HZ * RSBAC_DAZ_CACHE_CLEANUP_INTERVAL; 09302 int i; 09303 struct rsbac_device_list_item_t * device_p; 09304 u_long dflags; 09305 #endif 09306 #endif 09307 09308 #ifdef CONFIG_RSBAC_RMSG 09309 rsbac_printk(KERN_INFO "rsbacd(): Initializing.\n"); 09310 #endif 09311 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09312 if (!rsbac_nosyslog) 09313 #endif 09314 printk(KERN_INFO "rsbacd(): Initializing.\n"); 09315 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09316 daemonize("rsbacd"); 09317 #else 09318 tsk->session = 1; 09319 tsk->pgrp = 1; 09320 strcpy(tsk->comm, "rsbacd"); 09321 #endif 09322 09323 /* lock_kernel(); */ 09324 09325 sys_close(0); 09326 sys_close(1); 09327 sys_close(2); 09328 #ifdef CONFIG_RSBAC_INIT_DELAY 09329 reparent_to_init(); 09330 #endif 09331 09332 #ifdef CONFIG_RSBAC_DEBUG 09333 if(rsbac_debug_auto) 09334 { 09335 #ifdef CONFIG_RSBAC_RMSG 09336 rsbac_printk(KERN_DEBUG "rsbacd(): Setting auto timer.\n"); 09337 #endif 09338 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09339 if (!rsbac_nosyslog) 09340 #endif 09341 printk(KERN_DEBUG "rsbacd(): Setting auto timer.\n"); 09342 } 09343 #endif 09344 /* This might already have been done for rsbac_initd thread */ 09345 #ifndef CONFIG_RSBAC_INIT_THREAD 09346 init_timer(&rsbac_timer); 09347 rsbac_timer.function = wakeup_rsbacd; 09348 rsbac_timer.data = 0; 09349 rsbac_timer.expires = jiffies + auto_interval; 09350 add_timer(&rsbac_timer); 09351 #endif 09352 09353 #ifdef CONFIG_RSBAC_DEBUG 09354 if(rsbac_debug_stack) 09355 { 09356 unsigned long * n = (unsigned long *) (current+1); 09357 09358 while (!*n) 09359 n++; 09360 #ifdef CONFIG_RSBAC_RMSG 09361 rsbac_printk(KERN_DEBUG "rsbacd: free stack: %lu\n", 09362 (unsigned long) n - (unsigned long)(current+1)); 09363 #endif 09364 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09365 if (!rsbac_nosyslog) 09366 #endif 09367 printk(KERN_DEBUG "rsbacd: free stack: %lu\n", 09368 (unsigned long) n - (unsigned long)(current+1)); 09369 } 09370 #endif 09371 for(;;) 09372 { 09373 /* wait */ 09374 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09375 /* Unblock all signals. */ 09376 flush_signals(tsk); 09377 spin_lock_irq(&tsk->sighand->siglock); 09378 flush_signal_handlers(tsk, 1); 09379 sigemptyset(&tsk->blocked); 09380 recalc_sigpending(); 09381 spin_unlock_irq(&tsk->sighand->siglock); 09382 #else 09383 spin_lock_irq(&tsk->sigmask_lock); 09384 flush_signals(tsk); 09385 sigfillset(&tsk->blocked); 09386 recalc_sigpending(tsk); 09387 spin_unlock_irq(&tsk->sigmask_lock); 09388 #endif 09389 /* set new timer */ 09390 mod_timer(&rsbac_timer, jiffies + auto_interval); 09391 interruptible_sleep_on(&rsbacd_wait); 09392 /* sleep */ 09393 /* schedule_timeout(auto_interval); */ 09394 09395 #if 0 09396 /* Clean the DAZ cache regularly */ 09397 #if defined(CONFIG_RSBAC_DAZ_CACHE) 09398 if(jiffies >= daz_cleanup_time) 09399 { 09400 daz_cleanup_time = jiffies + HZ * RSBAC_DAZ_CACHE_CLEANUP_INTERVAL; 09401 #ifdef CONFIG_RSBAC_DEBUG 09402 if (rsbac_debug_auto) 09403 { 09404 #ifdef CONFIG_RSBAC_RMSG 09405 rsbac_printk(KERN_DEBUG 09406 "rsbacd(): cleaning up DAZ scanned lists\n"); 09407 #endif 09408 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09409 if (!rsbac_nosyslog) 09410 #endif 09411 printk(KERN_DEBUG 09412 "rsbacd(): cleaning up DAZ scanned lists\n"); 09413 } 09414 #endif 09415 /* wait for read access to device_list_head */ 09416 rsbac_read_lock(&device_list_head.lock, &dflags); 09417 /* OK, go on */ 09418 device_p = device_list_head.head; 09419 while (device_p) 09420 { 09421 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++) 09422 { 09423 rsbac_list_check(device_p->handles.dazs[i], TRUE); 09424 } 09425 device_p = device_p->next; 09426 } 09427 rsbac_read_unlock(&device_list_head.lock, &dflags); 09428 } 09429 #endif /* DAZ_CACHE */ 09430 #endif 09431 09432 /* Write lists */ 09433 if(rsbac_initialized && !rsbac_debug_no_write) 09434 { 09435 int err=0; 09436 /* 09437 #ifdef CONFIG_RSBAC_DEBUG 09438 if (rsbac_debug_auto) 09439 printk(KERN_DEBUG 09440 "rsbacd(): calling rsbac_write()\n"); 09441 #endif 09442 */ 09443 /* call rsbac_write with lock_kernel() */ 09444 down(&rsbac_write_sem); 09445 if(!rsbac_debug_no_write) 09446 { 09447 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09448 err = rsbac_write(FALSE); 09449 #else 09450 err = rsbac_write(TRUE); 09451 #endif 09452 } 09453 up(&rsbac_write_sem); 09454 if(err < 0) 09455 { 09456 #ifdef CONFIG_RSBAC_RMSG 09457 if(name) 09458 rsbac_printk(KERN_WARNING 09459 "rsbacd(): rsbac_write returned error %s!\n", 09460 get_error_name(name,err)); 09461 else 09462 rsbac_printk(KERN_WARNING 09463 "rsbacd(): rsbac_write returned error %i!\n", 09464 err); 09465 #endif 09466 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09467 if (!rsbac_nosyslog) 09468 #endif 09469 { 09470 if(name) 09471 printk(KERN_WARNING 09472 "rsbacd(): rsbac_write returned error %s!\n", 09473 get_error_name(name,err)); 09474 else 09475 printk(KERN_WARNING 09476 "rsbacd(): rsbac_write returned error %i!\n", 09477 err); 09478 } 09479 } 09480 #ifdef CONFIG_RSBAC_DEBUG 09481 else 09482 if (rsbac_debug_auto && (err > 0)) 09483 { 09484 #ifdef CONFIG_RSBAC_RMSG 09485 rsbac_printk(KERN_DEBUG 09486 "rsbacd(): rsbac_write() wrote %i lists\n", err); 09487 #endif 09488 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09489 if (!rsbac_nosyslog) 09490 #endif 09491 printk(KERN_DEBUG 09492 "rsbacd(): rsbac_write() wrote %i lists\n", err); 09493 } 09494 #endif 09495 } 09496 } 09497 } 09498 #endif /* CONFIG_RSBAC_AUTO_WRITE > 0 */ 09499 09500 /************************************************* */ 09501 /* Init function */ 09502 /************************************************* */ 09503 09504 /* All functions return 0, if no error occurred, and a negative error code */ 09505 /* otherwise. The error codes are defined in rsbac_error.h. */ 09506 09507 /* declare sys_kill */ 09508 extern long sys_kill(int pid, int sig); 09509 09510 09511 #ifdef CONFIG_RSBAC_INIT_DELAY 09512 int rsbac_init(kdev_t root_dev) 09513 #else 09514 int __init rsbac_init(kdev_t root_dev) 09515 #endif 09516 { 09517 int err = 0; 09518 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \ 09519 || defined(CONFIG_RSBAC_INIT_THREAD) 09520 rsbac_pid_t rsbacd_pid; 09521 #endif 09522 09523 if (rsbac_initialized) 09524 { 09525 printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n"); 09526 return(-RSBAC_EREINIT); 09527 } 09528 if (!current->fs) 09529 { 09530 printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n"); 09531 return(-RSBAC_EINVALIDPOINTER); 09532 } 09533 09534 rsbac_root_dev = root_dev; 09535 09536 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \ 09537 || defined(CONFIG_RSBAC_INIT_THREAD) 09538 /* init the rsbacd wait queue head */ 09539 init_waitqueue_head(&rsbacd_wait); 09540 #endif 09541 09542 #ifdef CONFIG_RSBAC_INIT_THREAD 09543 /* trigger dependency */ 09544 #ifdef CONFIG_RSBAC_MAX_INIT_TIME 09545 #endif 09546 printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n", 09547 RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ); 09548 init_timer(&rsbac_timer); 09549 rsbac_timer.function = wakeup_rsbacd; 09550 rsbac_timer.data = 0; 09551 rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ); 09552 add_timer(&rsbac_timer); 09553 09554 /* Start rsbac thread for init */ 09555 rsbacd_pid = kernel_thread(rsbac_initd, NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND); 09556 printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n", 09557 rsbacd_pid); 09558 09559 if(!rsbac_initialized) 09560 interruptible_sleep_on(&rsbacd_wait); 09561 if(!rsbac_initialized) 09562 { 09563 printk(KERN_ERR 09564 "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n"); 09565 printk(KERN_ERR 09566 "rsbac_init(): *** Killing rsbac_initd! ***\n"); 09567 sys_kill(rsbacd_pid, SIGKILL); 09568 rsbac_initialized = FALSE; 09569 } 09570 #else 09571 rsbac_do_init(); 09572 #endif 09573 09574 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0) 09575 if(rsbac_initialized) 09576 { 09577 /* Start rsbacd thread for auto write */ 09578 rsbacd_pid = kernel_thread(rsbacd, NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND); 09579 if(rsbacd_pid < 0) 09580 { 09581 #ifdef CONFIG_RSBAC_RMSG 09582 rsbac_printk(KERN_ERR 09583 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n", 09584 rsbacd_pid); 09585 #endif 09586 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09587 if (!rsbac_nosyslog) 09588 #endif 09589 printk(KERN_ERR 09590 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n", 09591 rsbacd_pid); 09592 } 09593 else 09594 { 09595 #ifdef CONFIG_RSBAC_RMSG 09596 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n", 09597 rsbacd_pid); 09598 #endif 09599 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09600 if (!rsbac_nosyslog) 09601 #endif 09602 printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n", 09603 rsbacd_pid); 09604 } 09605 } 09606 #endif 09607 09608 /* Ready. */ 09609 /* schedule(); */ 09610 #ifdef CONFIG_RSBAC_INIT_THREAD 09611 sys_wait4(-1, NULL, WNOHANG, NULL); 09612 #endif 09613 09614 /* Add all processes to list of processes as init processes */ 09615 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC) 09616 { 09617 #ifdef CONFIG_RSBAC_MAC 09618 struct rsbac_mac_user_aci_t mac_u_aci; 09619 #endif 09620 #ifdef CONFIG_RSBAC_RC 09621 struct rsbac_rc_user_aci_t rc_u_aci; 09622 struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI; 09623 #endif 09624 rsbac_uid_t user = RSBAC_SYSADM_UID; 09625 rsbac_pid_t pid = 1; 09626 struct task_struct * p; 09627 09628 #ifdef CONFIG_RSBAC_RMSG 09629 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n"); 09630 #endif 09631 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09632 if (!rsbac_nosyslog) 09633 #endif 09634 printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n"); 09635 /* Prepare entries: change standard values to root's values */ 09636 #ifdef CONFIG_RSBAC_MAC 09637 if(!rsbac_list_get_data(user_handles.mac, &user, &mac_u_aci)) 09638 { 09639 mac_init_p_aci.owner_sec_level = mac_u_aci.security_level; 09640 mac_init_p_aci.owner_initial_sec_level = mac_u_aci.initial_security_level; 09641 mac_init_p_aci.current_sec_level = mac_u_aci.initial_security_level; 09642 mac_init_p_aci.owner_min_sec_level = mac_u_aci.min_security_level; 09643 mac_init_p_aci.mac_owner_categories = mac_u_aci.mac_categories; 09644 mac_init_p_aci.mac_owner_initial_categories = mac_u_aci.mac_initial_categories; 09645 mac_init_p_aci.mac_curr_categories = mac_u_aci.mac_initial_categories; 09646 mac_init_p_aci.mac_owner_min_categories = mac_u_aci.mac_min_categories; 09647 mac_init_p_aci.min_write_open = mac_u_aci.security_level; 09648 mac_init_p_aci.max_read_open = mac_u_aci.min_security_level; 09649 mac_init_p_aci.min_write_categories = mac_u_aci.mac_categories; 09650 mac_init_p_aci.max_read_categories = mac_u_aci.mac_min_categories; 09651 mac_init_p_aci.mac_process_flags 09652 = (mac_u_aci.mac_user_flags & RSBAC_MAC_P_FLAGS) | RSBAC_MAC_DEF_INIT_P_FLAGS; 09653 } 09654 #endif 09655 09656 /* Set process aci - first init */ 09657 #ifdef CONFIG_RSBAC_MAC 09658 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci)) 09659 printk(KERN_WARNING 09660 "rsbac_do_init(): MAC ACI for Init process 1 could not be added!"); 09661 #endif 09662 #ifdef CONFIG_RSBAC_RC 09663 /* Get boot role */ 09664 if(rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role)) 09665 { /* none: use root's role */ 09666 if(!rsbac_list_get_data(user_handles.rc, &user, &rc_u_aci)) 09667 { 09668 rc_init_p_aci.rc_role = rc_u_aci.rc_role; 09669 } 09670 else 09671 { /* last resort: general role */ 09672 rsbac_ds_get_error("rsbac_do_init", A_rc_def_role); 09673 rc_init_p_aci.rc_role = RSBAC_RC_GENERAL_ROLE; 09674 } 09675 } 09676 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role; 09677 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_init_p_aci)) 09678 printk(KERN_WARNING 09679 "rsbac_do_init(): RC ACI for Init process 1 could not be added!"); 09680 #endif 09681 read_lock(&tasklist_lock); 09682 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 09683 for_each_task(p) 09684 #else 09685 for_each_process(p) 09686 #endif 09687 { 09688 /* not for kernel and init though... */ 09689 if(!p->pid || (p->pid == 1)) 09690 continue; 09691 pid = p->pid; 09692 #ifdef CONFIG_RSBAC_DEBUG 09693 if (rsbac_debug_ds) 09694 { 09695 #ifdef CONFIG_RSBAC_RMSG 09696 rsbac_printk(KERN_DEBUG "rsbac_do_init(): setting aci for process %u\n", 09697 pid); 09698 #endif 09699 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09700 if (!rsbac_nosyslog) 09701 #endif 09702 printk(KERN_DEBUG "rsbac_do_init(): setting aci for process %u\n", 09703 pid); 09704 } 09705 #endif 09706 #ifdef CONFIG_RSBAC_MAC 09707 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci)) 09708 printk(KERN_WARNING 09709 "rsbac_do_init(): MAC ACI for Init process %u could not be added!", 09710 pid); 09711 #endif 09712 #ifdef CONFIG_RSBAC_RC 09713 if(!p->mm) 09714 { 09715 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci)) 09716 printk(KERN_WARNING 09717 "rsbac_do_init(): RC ACI for Kernel process %u could not be added!", 09718 pid); 09719 } 09720 #endif 09721 } 09722 read_unlock(&tasklist_lock); 09723 } 09724 #endif /* MAC or RC */ 09725 09726 printk(KERN_INFO "rsbac_init(): Ready.\n"); 09727 return(err); 09728 }; 09729 09730 /* To check, whether RSBAC is already initialized: */ 09731 09732 #if defined(CONFIG_RSBAC_REG) 09733 EXPORT_SYMBOL(rsbac_is_initialized); 09734 #endif 09735 inline boolean rsbac_is_initialized(void) 09736 { 09737 return rsbac_initialized; 09738 }; 09739 09740 int rsbac_kthread_notify(rsbac_pid_t pid) 09741 { 09742 if (!rsbac_initialized) 09743 return 0; 09744 /* Set process aci */ 09745 #ifdef CONFIG_RSBAC_MAC 09746 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci)) 09747 printk(KERN_WARNING 09748 "rsbac_do_init(): MAC ACI for kernel process %u could not be added!", 09749 pid); 09750 #endif 09751 #ifdef CONFIG_RSBAC_RC 09752 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci)) 09753 printk(KERN_WARNING 09754 "rsbac_do_init(): RC ACI for kernel process %u could not be added!", 09755 pid); 09756 #endif 09757 return 0; 09758 } 09759 09760 /* When mounting a device, its ACI must be read and added to the ACI lists. */ 09761 09762 int rsbac_mount(struct super_block * sb_p, struct dentry * d_covers) 09763 { 09764 int err = 0; 09765 struct rsbac_device_list_item_t * device_p; 09766 struct rsbac_device_list_item_t * new_device_p; 09767 u_long flags; 09768 boolean old_no_write; 09769 09770 if(!sb_p) 09771 { 09772 #ifdef CONFIG_RSBAC_RMSG 09773 rsbac_printk(KERN_WARNING 09774 "rsbac_mount(): called with NULL pointer\n"); 09775 #endif 09776 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09777 if (!rsbac_nosyslog) 09778 #endif 09779 printk(KERN_WARNING 09780 "rsbac_mount(): called with NULL pointer\n"); 09781 return -RSBAC_EINVALIDPOINTER; 09782 } 09783 if (!rsbac_initialized) 09784 { 09785 #ifdef CONFIG_RSBAC_INIT_DELAY 09786 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09787 if( !RSBAC_MAJOR(rsbac_delayed_root) 09788 && !RSBAC_MINOR(rsbac_delayed_root) 09789 && rsbac_delayed_root_str[0] 09790 ) 09791 { /* translate string to kdev_t */ 09792 char * p = rsbac_delayed_root_str; 09793 u_int major = 0; 09794 u_int minor = 0; 09795 09796 major = simple_strtoul(p, NULL, 0); 09797 while((*p != ':') && (*p != '\0')) 09798 p++; 09799 if(*p) 09800 { 09801 p++; 09802 minor = simple_strtoul(p, NULL, 0); 09803 } 09804 rsbac_delayed_root = RSBAC_MKDEV(major,minor); 09805 } 09806 #endif 09807 if( !rsbac_no_delay_init 09808 && ( ( !RSBAC_MAJOR(rsbac_delayed_root) 09809 && !RSBAC_MINOR(rsbac_delayed_root) 09810 && (MAJOR(sb_p->s_dev) > 1) 09811 ) 09812 || ( ( RSBAC_MAJOR(rsbac_delayed_root) 09813 || RSBAC_MINOR(rsbac_delayed_root) 09814 ) 09815 && ( (MAJOR(sb_p->s_dev) == RSBAC_MAJOR(rsbac_delayed_root)) 09816 && ( !RSBAC_MINOR(rsbac_delayed_root) 09817 || (MINOR(sb_p->s_dev) == RSBAC_MINOR(rsbac_delayed_root)) 09818 ) 09819 ) 09820 ) 09821 ) 09822 ) 09823 { 09824 if(RSBAC_MAJOR(rsbac_delayed_root) || RSBAC_MINOR(rsbac_delayed_root)) 09825 { 09826 #ifdef CONFIG_RSBAC_RMSG 09827 rsbac_printk(KERN_INFO 09828 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n", 09829 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), 09830 RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root)); 09831 #endif 09832 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09833 if (!rsbac_nosyslog) 09834 #endif 09835 printk(KERN_INFO 09836 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n", 09837 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), 09838 RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root)); 09839 } 09840 else 09841 { 09842 #ifdef CONFIG_RSBAC_RMSG 09843 rsbac_printk(KERN_INFO 09844 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n", 09845 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 09846 #endif 09847 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09848 if (!rsbac_nosyslog) 09849 #endif 09850 printk(KERN_INFO 09851 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n", 09852 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 09853 } 09854 rsbac_init(sb_p->s_dev); 09855 return 0; 09856 } 09857 #endif 09858 09859 #ifdef CONFIG_RSBAC_RMSG 09860 rsbac_printk(KERN_WARNING 09861 "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n", 09862 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 09863 #endif 09864 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09865 if (!rsbac_nosyslog) 09866 #endif 09867 printk(KERN_WARNING 09868 "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n", 09869 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 09870 09871 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 09872 if( (sb_p->s_magic == SYSFS_MAGIC) 09873 && !RSBAC_MAJOR(sb_p->s_dev) 09874 ) 09875 { 09876 #ifdef CONFIG_RSBAC_RMSG 09877 rsbac_printk(KERN_WARNING 09878 "rsbac_mount(): sysfs mount detected, keeping values for later use\n"); 09879 #endif 09880 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09881 if (!rsbac_nosyslog) 09882 #endif 09883 printk(KERN_WARNING 09884 "rsbac_mount(): sysfs mount detected, keeping values for later use\n"); 09885 sysfs_sb_p = sb_p; 09886 sysfs_covered_p = d_covers; 09887 } 09888 #endif 09889 #ifdef CONFIG_DEVFS_MOUNT 09890 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC) 09891 && !RSBAC_MAJOR(sb_p->s_dev) 09892 ) 09893 { 09894 #ifdef CONFIG_RSBAC_RMSG 09895 rsbac_printk(KERN_WARNING 09896 "rsbac_mount(): devfs mount detected, keeping values for later use\n"); 09897 #endif 09898 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09899 if (!rsbac_nosyslog) 09900 #endif 09901 printk(KERN_WARNING 09902 "rsbac_mount(): devfs mount detected, keeping values for later use\n"); 09903 devfs_sb_p = sb_p; 09904 devfs_covered_p = d_covers; 09905 } 09906 #endif 09907 return(-RSBAC_ENOTINITIALIZED); 09908 } 09909 #ifdef CONFIG_RSBAC_DEBUG 09910 if (rsbac_debug_ds) 09911 { 09912 #ifdef CONFIG_RSBAC_RMSG 09913 rsbac_printk(KERN_DEBUG "rsbac_mount(): mounting device %02u:%02u\n", 09914 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 09915 #endif 09916 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09917 if (!rsbac_nosyslog) 09918 #endif 09919 printk(KERN_DEBUG "rsbac_mount(): mounting device %02u:%02u\n", 09920 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 09921 } 09922 if(rsbac_debug_stack) 09923 { 09924 unsigned long * n = (unsigned long *) (current+1); 09925 09926 while (!*n) 09927 n++; 09928 #ifdef CONFIG_RSBAC_RMSG 09929 rsbac_printk(KERN_DEBUG "rsbac_mount: free stack: %lu\n", 09930 (unsigned long) n - (unsigned long)(current+1)); 09931 #endif 09932 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09933 if (!rsbac_nosyslog) 09934 #endif 09935 printk(KERN_DEBUG "rsbac_mount: free stack: %lu\n", 09936 (unsigned long) n - (unsigned long)(current+1)); 09937 } 09938 #endif 09939 down(&rsbac_write_sem); 09940 old_no_write = rsbac_debug_no_write; 09941 rsbac_debug_no_write = TRUE; 09942 up(&rsbac_write_sem); 09943 /* wait for read access to device_list_head */ 09944 rsbac_read_lock(&device_list_head.lock, &flags); 09945 device_p = lookup_device(sb_p->s_dev); 09946 /* repeated mount? */ 09947 if(device_p) 09948 { 09949 #ifdef CONFIG_RSBAC_RMSG 09950 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n", 09951 device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 09952 #endif 09953 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09954 if (!rsbac_nosyslog) 09955 #endif 09956 printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n", 09957 device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 09958 device_p->mount_count++; 09959 if( d_covers 09960 && !device_p->d_covers 09961 && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev)) 09962 && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev)) 09963 ) 09964 { 09965 #ifdef CONFIG_RSBAC_RMSG 09966 rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n", 09967 d_covers); 09968 #endif 09969 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09970 if (!rsbac_nosyslog) 09971 #endif 09972 printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n", 09973 d_covers); 09974 device_p->d_covers = d_covers; 09975 } 09976 rsbac_read_unlock(&device_list_head.lock, &flags); 09977 } 09978 else 09979 { 09980 rsbac_read_unlock(&device_list_head.lock, &flags); 09981 /* OK, go on */ 09982 new_device_p = create_device_item(sb_p, d_covers); 09983 #ifdef CONFIG_RSBAC_DEBUG 09984 if(rsbac_debug_stack) 09985 { 09986 unsigned long * n = (unsigned long *) (current+1); 09987 09988 while (!*n) 09989 n++; 09990 #ifdef CONFIG_RSBAC_RMSG 09991 rsbac_printk(KERN_DEBUG "rsbac_mount: after creating device item: free stack: %lu\n", 09992 (unsigned long) n - (unsigned long)(current+1)); 09993 #endif 09994 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 09995 if (!rsbac_nosyslog) 09996 #endif 09997 printk(KERN_DEBUG "rsbac_mount: after creating device item: free stack: %lu\n", 09998 (unsigned long) n - (unsigned long)(current+1)); 09999 } 10000 #endif 10001 if(!new_device_p) 10002 { 10003 rsbac_debug_no_write = old_no_write; 10004 return -RSBAC_ECOULDNOTADDDEVICE; 10005 } 10006 10007 rsbac_read_lock(&device_list_head.lock, &flags); 10008 /* make sure to only add, if this device item has not been added in the meantime */ 10009 device_p = lookup_device(sb_p->s_dev); 10010 if(device_p) 10011 { 10012 #ifdef CONFIG_RSBAC_RMSG 10013 rsbac_printk(KERN_WARNING 10014 "rsbac_mount(): mount race for device %02u:%02u detected!\n", 10015 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 10016 #endif 10017 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10018 if (!rsbac_nosyslog) 10019 #endif 10020 printk(KERN_WARNING 10021 "rsbac_mount(): mount race for device %02u:%02u detected!\n", 10022 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 10023 device_p->mount_count++; 10024 rsbac_read_unlock(&device_list_head.lock, &flags); 10025 clear_device_item(new_device_p); 10026 } 10027 else 10028 { 10029 rsbac_read_unlock(&device_list_head.lock, &flags); 10030 rsbac_write_lock(&device_list_head.lock, &flags); 10031 device_p = add_device_item(new_device_p); 10032 rsbac_write_unlock(&device_list_head.lock, &flags); 10033 if(!device_p) 10034 { 10035 #ifdef CONFIG_RSBAC_RMSG 10036 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n", 10037 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 10038 #endif 10039 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10040 if (!rsbac_nosyslog) 10041 #endif 10042 printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n", 10043 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 10044 clear_device_item(new_device_p); 10045 rsbac_debug_no_write = old_no_write; 10046 return -RSBAC_ECOULDNOTADDDEVICE; 10047 } 10048 } 10049 10050 /* Generic lists */ 10051 rsbac_list_mount(sb_p->s_dev); 10052 /* we do not lock device head - we know the device_p and hope for the best... */ 10053 /* also, we are within kernel mount sem */ 10054 if((err = register_fd_lists(new_device_p, sb_p->s_dev))) 10055 { 10056 char * tmp; 10057 10058 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 10059 if(tmp) 10060 { 10061 #ifdef CONFIG_RSBAC_RMSG 10062 rsbac_printk(KERN_WARNING 10063 "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n", 10064 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), get_error_name(tmp,err)); 10065 #endif 10066 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10067 if (!rsbac_nosyslog) 10068 #endif 10069 printk(KERN_WARNING 10070 "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n", 10071 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), get_error_name(tmp,err)); 10072 rsbac_kfree(tmp); 10073 } 10074 } 10075 #ifdef CONFIG_RSBAC_DEBUG 10076 if(rsbac_debug_stack) 10077 { 10078 unsigned long * n = (unsigned long *) (current+1); 10079 10080 while (!*n) 10081 n++; 10082 #ifdef CONFIG_RSBAC_RMSG 10083 rsbac_printk(KERN_DEBUG "rsbac_mount: after registering fd lists: free stack: %lu\n", 10084 (unsigned long) n - (unsigned long)(current+1)); 10085 #endif 10086 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10087 if (!rsbac_nosyslog) 10088 #endif 10089 printk(KERN_DEBUG "rsbac_mount: after registering fd lists: free stack: %lu\n", 10090 (unsigned long) n - (unsigned long)(current+1)); 10091 } 10092 #endif 10093 } 10094 10095 /* call other mount functions */ 10096 /****** MAC *******/ 10097 #if defined(CONFIG_RSBAC_MAC) 10098 rsbac_mount_mac(sb_p->s_dev); 10099 #ifdef CONFIG_RSBAC_DEBUG 10100 if(rsbac_debug_stack) 10101 { 10102 unsigned long * n = (unsigned long *) (current+1); 10103 10104 while (!*n) 10105 n++; 10106 #ifdef CONFIG_RSBAC_RMSG 10107 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_mac: free stack: %lu\n", 10108 (unsigned long) n - (unsigned long)(current+1)); 10109 #endif 10110 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10111 if (!rsbac_nosyslog) 10112 #endif 10113 printk(KERN_DEBUG "rsbac_mount: after mount_mac: free stack: %lu\n", 10114 (unsigned long) n - (unsigned long)(current+1)); 10115 } 10116 #endif 10117 #endif 10118 /****** AUTH *******/ 10119 #if defined(CONFIG_RSBAC_AUTH) 10120 rsbac_mount_auth(sb_p->s_dev); 10121 #ifdef CONFIG_RSBAC_DEBUG 10122 if(rsbac_debug_stack) 10123 { 10124 unsigned long * n = (unsigned long *) (current+1); 10125 10126 while (!*n) 10127 n++; 10128 #ifdef CONFIG_RSBAC_RMSG 10129 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_auth: free stack: %lu\n", 10130 (unsigned long) n - (unsigned long)(current+1)); 10131 #endif 10132 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10133 if (!rsbac_nosyslog) 10134 #endif 10135 printk(KERN_DEBUG "rsbac_mount: after mount_auth: free stack: %lu\n", 10136 (unsigned long) n - (unsigned long)(current+1)); 10137 } 10138 #endif 10139 #endif 10140 /****** ACL *******/ 10141 #if defined(CONFIG_RSBAC_ACL) 10142 rsbac_mount_acl(sb_p->s_dev); 10143 #ifdef CONFIG_RSBAC_DEBUG 10144 if(rsbac_debug_stack) 10145 { 10146 unsigned long * n = (unsigned long *) (current+1); 10147 10148 while (!*n) 10149 n++; 10150 #ifdef CONFIG_RSBAC_RMSG 10151 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_acl: free stack: %lu\n", 10152 (unsigned long) n - (unsigned long)(current+1)); 10153 #endif 10154 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10155 if (!rsbac_nosyslog) 10156 #endif 10157 printk(KERN_DEBUG "rsbac_mount: after mount_acl: free stack: %lu\n", 10158 (unsigned long) n - (unsigned long)(current+1)); 10159 } 10160 #endif 10161 #endif 10162 /****** REG *******/ 10163 #if defined(CONFIG_RSBAC_REG) 10164 rsbac_mount_reg(sb_p->s_dev); 10165 #ifdef CONFIG_RSBAC_DEBUG 10166 if(rsbac_debug_stack) 10167 { 10168 unsigned long * n = (unsigned long *) (current+1); 10169 10170 while (!*n) 10171 n++; 10172 #ifdef CONFIG_RSBAC_RMSG 10173 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_reg: free stack: %lu\n", 10174 (unsigned long) n - (unsigned long)(current+1)); 10175 #endif 10176 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10177 if (!rsbac_nosyslog) 10178 #endif 10179 printk(KERN_DEBUG "rsbac_mount: after mount_reg: free stack: %lu\n", 10180 (unsigned long) n - (unsigned long)(current+1)); 10181 } 10182 #endif 10183 #endif /* REG */ 10184 10185 rsbac_debug_no_write = old_no_write; 10186 return(err); 10187 }; 10188 10189 /* When umounting a device, its ACI must be removed from the ACI lists. */ 10190 /* Removing the device ACI should be no problem. */ 10191 10192 int rsbac_umount(struct super_block * sb_p, struct dentry * d_covers) 10193 { 10194 u_long flags; 10195 struct rsbac_device_list_item_t * device_p; 10196 kdev_t kdev; 10197 10198 if(!sb_p) 10199 { 10200 #ifdef CONFIG_RSBAC_RMSG 10201 rsbac_printk(KERN_WARNING 10202 "rsbac_umount(): called with NULL pointer\n"); 10203 #endif 10204 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10205 if (!rsbac_nosyslog) 10206 #endif 10207 printk(KERN_WARNING 10208 "rsbac_umount(): called with NULL pointer\n"); 10209 return -RSBAC_EINVALIDPOINTER; 10210 } 10211 if (!rsbac_initialized) 10212 { 10213 #ifdef CONFIG_RSBAC_RMSG 10214 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n"); 10215 #endif 10216 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10217 if (!rsbac_nosyslog) 10218 #endif 10219 printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n"); 10220 10221 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 10222 if( (sb_p->s_magic == SYSFS_MAGIC) 10223 && !RSBAC_MAJOR(sb_p->s_dev) 10224 && sysfs_sb_p 10225 && sysfs_covered_p 10226 ) 10227 { 10228 #ifdef CONFIG_RSBAC_RMSG 10229 rsbac_printk(KERN_WARNING 10230 "rsbac_umount(): sysfs umount detected, removing auto-mount values\n"); 10231 #endif 10232 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10233 if (!rsbac_nosyslog) 10234 #endif 10235 printk(KERN_WARNING 10236 "rsbac_umount(): sysfs umount detected, removing auto-mount values\n"); 10237 sysfs_sb_p = NULL; 10238 sysfs_covered_p = NULL; 10239 } 10240 #endif 10241 #ifdef CONFIG_DEVFS_MOUNT 10242 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC) 10243 && !RSBAC_MAJOR(sb_p->s_dev) 10244 && devfs_sb_p 10245 && devfs_covered_p 10246 ) 10247 { 10248 #ifdef CONFIG_RSBAC_RMSG 10249 rsbac_printk(KERN_WARNING 10250 "rsbac_umount(): devfs umount detected, removing auto-mount values\n"); 10251 #endif 10252 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10253 if (!rsbac_nosyslog) 10254 #endif 10255 printk(KERN_WARNING 10256 "rsbac_umount(): devfs umount detected, removing auto-mount values\n"); 10257 devfs_sb_p = NULL; 10258 devfs_covered_p = NULL; 10259 } 10260 #endif 10261 10262 return(-RSBAC_ENOTINITIALIZED); 10263 } 10264 10265 #ifdef CONFIG_RSBAC_DEBUG 10266 if (rsbac_debug_ds) 10267 { 10268 #ifdef CONFIG_RSBAC_RMSG 10269 rsbac_printk(KERN_DEBUG "rsbac_umount(): umounting device %02u:%02u\n", 10270 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 10271 #endif 10272 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10273 if (!rsbac_nosyslog) 10274 #endif 10275 printk(KERN_DEBUG "rsbac_umount(): umounting device %02u:%02u\n", 10276 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev)); 10277 } 10278 #endif 10279 10280 kdev = sb_p->s_dev; 10281 10282 /* sync attribute lists */ 10283 #if defined(CONFIG_RSBAC_AUTO_WRITE) 10284 if(!rsbac_debug_no_write) 10285 { 10286 down(&rsbac_write_sem); 10287 /* recheck no_write with lock - might have been set in between */ 10288 if(!rsbac_debug_no_write) 10289 { 10290 rsbac_write(TRUE); 10291 } 10292 up(&rsbac_write_sem); 10293 } 10294 #endif /* CONFIG_RSBAC_AUTO_WRITE */ 10295 /* call other umount functions */ 10296 /****** MAC *******/ 10297 #if defined(CONFIG_RSBAC_MAC) 10298 rsbac_umount_mac(kdev); 10299 #endif 10300 /****** AUTH *******/ 10301 #if defined(CONFIG_RSBAC_AUTH) 10302 rsbac_umount_auth(kdev); 10303 #endif 10304 /****** ACL *******/ 10305 #if defined(CONFIG_RSBAC_ACL) 10306 rsbac_umount_acl(kdev); 10307 #endif 10308 /****** REG *******/ 10309 #if defined(CONFIG_RSBAC_REG) 10310 rsbac_umount_reg(kdev); 10311 #endif /* REG */ 10312 10313 /* wait for write access to device_list_head */ 10314 rsbac_write_lock(&device_list_head.lock, &flags); 10315 /* OK, nobody else is working on it... */ 10316 device_p = lookup_device(kdev); 10317 if(device_p) 10318 { 10319 if(device_p->mount_count == 1) 10320 { 10321 /* Generic lists */ 10322 rsbac_list_umount(kdev); 10323 remove_device_item(kdev); 10324 } 10325 else 10326 { 10327 if(device_p->mount_count > 1) 10328 { 10329 device_p->mount_count--; 10330 if(device_p->d_covers == d_covers) 10331 { 10332 #ifdef CONFIG_RSBAC_RMSG 10333 rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n", 10334 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 10335 #endif 10336 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10337 if (!rsbac_nosyslog) 10338 #endif 10339 printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n", 10340 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 10341 device_p->d_covers = NULL; 10342 } 10343 } 10344 else 10345 { 10346 #ifdef CONFIG_RSBAC_RMSG 10347 printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n", 10348 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 10349 #endif 10350 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10351 if (!rsbac_nosyslog) 10352 #endif 10353 printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n", 10354 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev)); 10355 } 10356 } 10357 } 10358 /* allow access */ 10359 rsbac_write_unlock(&device_list_head.lock, &flags); 10360 10361 return(0); 10362 } 10363 10364 /* On pivot_root, we must unblock the dentry tree of the old root */ 10365 /* by putting all cached rsbac.dat dentries */ 10366 10367 int rsbac_free_dat_dentries(void) 10368 { 10369 u_long flags; 10370 struct rsbac_device_list_item_t * device_p; 10371 10372 if (!rsbac_initialized) 10373 { 10374 #ifdef CONFIG_RSBAC_RMSG 10375 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n"); 10376 #endif 10377 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10378 if (!rsbac_nosyslog) 10379 #endif 10380 printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n"); 10381 return(-RSBAC_ENOTINITIALIZED); 10382 } 10383 10384 #ifdef CONFIG_RSBAC_RMSG 10385 rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n"); 10386 #endif 10387 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 10388 if (!rsbac_nosyslog) 10389 #endif 10390 printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n"); 10391 10392 /* wait for write access to device_list_head */ 10393 rsbac_write_lock_irq(&device_list_head.lock, &flags); 10394 /* OK, nobody else is working on it... */ 10395 device_p = device_list_head.head; 10396 while(device_p) 10397 { 10398 if(device_p->rsbac_dir_dentry_p) 10399 { 10400 dput(device_p->rsbac_dir_dentry_p); 10401 device_p->rsbac_dir_dentry_p = NULL; 10402 } 10403 device_p = device_p->next; 10404 } 10405 /* allow access */ 10406 rsbac_write_unlock_irq(&device_list_head.lock, &flags); 10407 10408 return(0); 10409 } 10410 10411 /***************************************************/ 10412 /* We also need some status information... */ 10413 10414 int rsbac_stats(void) 10415 { 10416 struct rsbac_device_list_item_t * device_p; 10417 int i; 10418 u_long fd_count = 0, fd_sum = 0; 10419 u_long dev_sum = 0; 10420 u_long ipc_sum = 0; 10421 u_long user_sum = 0; 10422 u_long process_sum = 0; 10423 #if defined(CONFIG_RSBAC_NET_OBJ) 10424 u_long nettemp_sum = 0; 10425 u_long lnetobj_sum = 0; 10426 u_long rnetobj_sum = 0; 10427 #endif 10428 u_long total_sum = 0; 10429 long tmp_count; 10430 u_long dflags; 10431 10432 if (!rsbac_initialized) 10433 { 10434 printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n"); 10435 return(-RSBAC_ENOTINITIALIZED); 10436 } 10437 /* wait for read access to device_list_head */ 10438 rsbac_read_lock(&device_list_head.lock, &dflags); 10439 /* OK, go on */ 10440 /* printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n", 10441 device_list_head.lock.lock); */ 10442 device_p = device_list_head.head; 10443 while (device_p) 10444 { /* for all sublists */ 10445 fd_count = 0; 10446 for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++) 10447 { 10448 tmp_count = rsbac_list_count(device_p->handles.gen[i]); 10449 if(tmp_count > 0) 10450 fd_count+=tmp_count; 10451 }; 10452 printk(KERN_INFO "Device %02u:%02u fd_items: %lu GEN", 10453 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count); 10454 fd_sum += fd_count; 10455 10456 #if defined(CONFIG_RSBAC_MAC) 10457 fd_count = 0; 10458 for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++) 10459 { 10460 tmp_count = rsbac_list_count(device_p->handles.mac[i]); 10461 if(tmp_count > 0) 10462 fd_count+=tmp_count; 10463 }; 10464 printk(", %lu MAC", 10465 fd_count); 10466 fd_sum += fd_count; 10467 #endif 10468 10469 #if defined(CONFIG_RSBAC_FC) 10470 fd_count = 0; 10471 for (i=0; i < RSBAC_FC_NR_FD_LISTS; i++) 10472 { 10473 tmp_count = rsbac_list_count(device_p->handles.fc[i]); 10474 if(tmp_count > 0) 10475 fd_count+=tmp_count; 10476 }; 10477 printk(", %lu FC", 10478 fd_count); 10479 fd_sum += fd_count; 10480 #endif 10481 10482 #if defined(CONFIG_RSBAC_SIM) 10483 fd_count = 0; 10484 for (i=0; i < RSBAC_SIM_NR_FD_LISTS; i++) 10485 { 10486 tmp_count = rsbac_list_count(device_p->handles.sim[i]); 10487 if(tmp_count > 0) 10488 fd_count+=tmp_count; 10489 }; 10490 printk(", %lu SIM", 10491 fd_count); 10492 fd_sum += fd_count; 10493 #endif 10494 10495 #if defined(CONFIG_RSBAC_PM) 10496 fd_count = 0; 10497 for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++) 10498 { 10499 tmp_count = rsbac_list_count(device_p->handles.pm[i]); 10500 if(tmp_count > 0) 10501 fd_count+=tmp_count; 10502 }; 10503 printk(", %lu PM", 10504 fd_count); 10505 fd_sum += fd_count; 10506 #endif 10507 10508 #if defined(CONFIG_RSBAC_DAZ) 10509 fd_count = 0; 10510 for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++) 10511 { 10512 tmp_count = rsbac_list_count(device_p->handles.daz[i]); 10513 if(tmp_count > 0) 10514 fd_count+=tmp_count; 10515 }; 10516 printk(", %lu DAZ", 10517 fd_count); 10518 fd_sum += fd_count; 10519 #if defined(CONFIG_RSBAC_DAZ_CACHE) 10520 fd_count = 0; 10521 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++) 10522 { 10523 tmp_count = rsbac_list_count(device_p->handles.dazs[i]); 10524 if(tmp_count > 0) 10525 fd_count+=tmp_count; 10526 }; 10527 printk(", %lu DAZ_SCANNED", 10528 fd_count); 10529 fd_sum += fd_count; 10530 #endif 10531 #endif 10532 10533 #if defined(CONFIG_RSBAC_FF) 10534 fd_count = 0; 10535 for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++) 10536 { 10537 tmp_count = rsbac_list_count(device_p->handles.ff[i]); 10538 if(tmp_count > 0) 10539 fd_count+=tmp_count; 10540 }; 10541 printk(", %lu FF", 10542 fd_count); 10543 fd_sum += fd_count; 10544 #endif 10545 10546 #if defined(CONFIG_RSBAC_RC) 10547 fd_count = 0; 10548 for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++) 10549 { 10550 tmp_count = rsbac_list_count(device_p->handles.rc[i]); 10551 if(tmp_count > 0) 10552 fd_count+=tmp_count; 10553 }; 10554 printk(", %lu RC", 10555 fd_count); 10556 fd_sum += fd_count; 10557 #endif 10558 10559 #if defined(CONFIG_RSBAC_AUTH) 10560 fd_count = 0; 10561 for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++) 10562 { 10563 tmp_count = rsbac_list_count(device_p->handles.auth[i]); 10564 if(tmp_count > 0) 10565 fd_count+=tmp_count; 10566 }; 10567 printk(", %lu AUTH", 10568 fd_count); 10569 fd_sum += fd_count; 10570 #endif 10571 10572 #if defined(CONFIG_RSBAC_CAP) 10573 fd_count = 0; 10574 for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++) 10575 { 10576 tmp_count = rsbac_list_count(device_p->handles.cap[i]); 10577 if(tmp_count > 0) 10578 fd_count+=tmp_count; 10579 }; 10580 printk(", %lu CAP", 10581 fd_count); 10582 fd_sum += fd_count; 10583 #endif 10584 #if defined(CONFIG_RSBAC_RES) 10585 fd_count = 0; 10586 for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++) 10587 { 10588 tmp_count = rsbac_list_count(device_p->handles.res[i]); 10589 if(tmp_count > 0) 10590 fd_count+=tmp_count; 10591 }; 10592 printk(", %lu RES", 10593 fd_count); 10594 fd_sum += fd_count; 10595 #endif 10596 #if defined(CONFIG_RSBAC_PAX) 10597 fd_count = 0; 10598 for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++) 10599 { 10600 tmp_count = rsbac_list_count(device_p->handles.pax[i]); 10601 if(tmp_count > 0) 10602 fd_count+=tmp_count; 10603 }; 10604 printk(", %lu PAX", 10605 fd_count); 10606 fd_sum += fd_count; 10607 #endif 10608 10609 printk("\n"); 10610 device_p = device_p->next; 10611 }; 10612 printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n", 10613 device_list_head.count, fd_sum); 10614 /* free access to device_list_head */ 10615 rsbac_read_unlock(&device_list_head.lock, &dflags); 10616 total_sum += fd_sum; 10617 10618 /* dev lists */ 10619 tmp_count = rsbac_list_count(dev_handles.gen); 10620 printk(KERN_INFO "DEV items: %lu GEN", 10621 tmp_count); 10622 dev_sum += tmp_count; 10623 #if defined(CONFIG_RSBAC_MAC) 10624 tmp_count = rsbac_list_count(dev_handles.mac); 10625 printk(", %lu MAC", 10626 tmp_count); 10627 dev_sum += tmp_count; 10628 #endif 10629 #if defined(CONFIG_RSBAC_FC) 10630 tmp_count = rsbac_list_count(dev_handles.fc); 10631 printk(", %lu FC", 10632 tmp_count); 10633 dev_sum += tmp_count; 10634 #endif 10635 #if defined(CONFIG_RSBAC_SIM) 10636 tmp_count = rsbac_list_count(dev_handles.sim); 10637 printk(", %lu SIM", 10638 tmp_count); 10639 dev_sum += tmp_count; 10640 #endif 10641 #if defined(CONFIG_RSBAC_PM) 10642 tmp_count = rsbac_list_count(dev_handles.pm); 10643 printk(", %lu PM", 10644 tmp_count); 10645 dev_sum += tmp_count; 10646 #endif 10647 #if defined(CONFIG_RSBAC_RC) 10648 tmp_count = rsbac_list_count(dev_handles.rc); 10649 printk(", %lu RC", 10650 tmp_count); 10651 dev_sum += tmp_count; 10652 #endif 10653 printk("\n"); 10654 printk(KERN_INFO "Sum of %lu DEV items\n", 10655 dev_sum); 10656 total_sum += dev_sum; 10657 10658 /* ipc lists */ 10659 printk(KERN_INFO "IPC items:\nno GEN"); 10660 #if defined(CONFIG_RSBAC_MAC) 10661 tmp_count = rsbac_list_count(ipc_handles.mac); 10662 printk(", %lu MAC", 10663 tmp_count); 10664 ipc_sum += tmp_count; 10665 #endif 10666 #if defined(CONFIG_RSBAC_FC) 10667 tmp_count = rsbac_list_count(ipc_handles.fc); 10668 printk(", %lu FC", 10669 tmp_count); 10670 ipc_sum += tmp_count; 10671 #endif 10672 #if defined(CONFIG_RSBAC_SIM) 10673 tmp_count = rsbac_list_count(ipc_handles.sim); 10674 printk(", %lu SIM", 10675 tmp_count); 10676 ipc_sum += tmp_count; 10677 #endif 10678 #if defined(CONFIG_RSBAC_PM) 10679 tmp_count = rsbac_list_count(ipc_handles.pm); 10680 printk(", %lu PM", 10681 tmp_count); 10682 ipc_sum += tmp_count; 10683 #endif 10684 #if defined(CONFIG_RSBAC_RC) 10685 tmp_count = rsbac_list_count(ipc_handles.rc); 10686 printk(", %lu RC", 10687 tmp_count); 10688 ipc_sum += tmp_count; 10689 #endif 10690 #if defined(CONFIG_RSBAC_JAIL) 10691 tmp_count = rsbac_list_count(ipc_handles.jail); 10692 printk(", %lu JAIL", 10693 tmp_count); 10694 ipc_sum += tmp_count; 10695 #endif 10696 printk("\n"); 10697 printk(KERN_INFO "Sum of %lu IPC items\n", 10698 ipc_sum); 10699 total_sum += ipc_sum; 10700 10701 /* user lists */ 10702 tmp_count = rsbac_list_count(user_handles.gen); 10703 printk(KERN_INFO "USER items:\n%lu GEN", 10704 tmp_count); 10705 user_sum += tmp_count; 10706 #if defined(CONFIG_RSBAC_MAC) 10707 tmp_count = rsbac_list_count(user_handles.mac); 10708 printk(", %lu MAC", 10709 tmp_count); 10710 user_sum += tmp_count; 10711 #endif 10712 #if defined(CONFIG_RSBAC_FC) 10713 tmp_count = rsbac_list_count(user_handles.fc); 10714 printk(", %lu FC", 10715 tmp_count); 10716 user_sum += tmp_count; 10717 #endif 10718 #if defined(CONFIG_RSBAC_SIM) 10719 tmp_count = rsbac_list_count(user_handles.sim); 10720 printk(", %lu SIM", 10721 tmp_count); 10722 user_sum += tmp_count; 10723 #endif 10724 #if defined(CONFIG_RSBAC_PM) 10725 tmp_count = rsbac_list_count(user_handles.pm); 10726 printk(", %lu PM", 10727 tmp_count); 10728 user_sum += tmp_count; 10729 #endif 10730 #if defined(CONFIG_RSBAC_DAZ) 10731 tmp_count = rsbac_list_count(user_handles.daz); 10732 printk(", %lu DAZ", 10733 tmp_count); 10734 user_sum += tmp_count; 10735 #endif 10736 #if defined(CONFIG_RSBAC_RC) 10737 tmp_count = rsbac_list_count(user_handles.rc); 10738 printk(", %lu RC", 10739 tmp_count); 10740 user_sum += tmp_count; 10741 #endif 10742 #if defined(CONFIG_RSBAC_AUTH) 10743 tmp_count = rsbac_list_count(user_handles.auth); 10744 printk(", %lu AUTH", 10745 tmp_count); 10746 user_sum += tmp_count; 10747 #endif 10748 #if defined(CONFIG_RSBAC_CAP) 10749 tmp_count = rsbac_list_count(user_handles.cap); 10750 printk(", %lu CAP", 10751 tmp_count); 10752 user_sum += tmp_count; 10753 #endif 10754 #if defined(CONFIG_RSBAC_JAIL) 10755 tmp_count = rsbac_list_count(user_handles.jail); 10756 printk(", %lu JAIL", 10757 tmp_count); 10758 user_sum += tmp_count; 10759 #endif 10760 #if defined(CONFIG_RSBAC_RES) 10761 tmp_count = rsbac_list_count(user_handles.res); 10762 printk(", %lu RES", 10763 tmp_count); 10764 user_sum += tmp_count; 10765 #endif 10766 #if defined(CONFIG_RSBAC_PAX) 10767 tmp_count = rsbac_list_count(user_handles.pax); 10768 printk(", %lu PAX", 10769 tmp_count); 10770 user_sum += tmp_count; 10771 #endif 10772 printk("\n"); 10773 printk(KERN_INFO "Sum of %lu USER items\n", 10774 user_sum); 10775 total_sum += user_sum; 10776 10777 /* process lists */ 10778 tmp_count = rsbac_list_count(process_handles.gen); 10779 printk(KERN_INFO "PROCESS items:\n%lu GEN", 10780 tmp_count); 10781 process_sum += tmp_count; 10782 #if defined(CONFIG_RSBAC_MAC) 10783 tmp_count = 0; 10784 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++) 10785 tmp_count += rsbac_list_count(process_handles.mac[i]); 10786 printk(", %lu MAC", 10787 tmp_count); 10788 process_sum += tmp_count; 10789 #endif 10790 #if defined(CONFIG_RSBAC_PM) 10791 tmp_count = rsbac_list_count(process_handles.pm); 10792 printk(", %lu PM", 10793 tmp_count); 10794 process_sum += tmp_count; 10795 #endif 10796 #if defined(CONFIG_RSBAC_DAZ) 10797 tmp_count = rsbac_list_count(process_handles.daz); 10798 printk(", %lu DAZ", 10799 tmp_count); 10800 process_sum += tmp_count; 10801 #endif 10802 #if defined(CONFIG_RSBAC_RC) 10803 tmp_count = 0; 10804 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++) 10805 tmp_count += rsbac_list_count(process_handles.rc[i]); 10806 printk(", %lu RC", 10807 tmp_count); 10808 process_sum += tmp_count; 10809 #endif 10810 #if defined(CONFIG_RSBAC_AUTH) 10811 tmp_count = rsbac_list_count(process_handles.auth); 10812 printk(", %lu AUTH", 10813 tmp_count); 10814 process_sum += tmp_count; 10815 #endif 10816 #if defined(CONFIG_RSBAC_CAP) 10817 tmp_count = rsbac_list_count(process_handles.cap); 10818 printk(", %lu CAP", 10819 tmp_count); 10820 process_sum += tmp_count; 10821 #endif 10822 #if defined(CONFIG_RSBAC_JAIL) 10823 tmp_count = 0; 10824 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++) 10825 tmp_count += rsbac_list_count(process_handles.jail[i]); 10826 printk(", %lu JAIL", 10827 tmp_count); 10828 process_sum += tmp_count; 10829 #endif 10830 printk("\n"); 10831 printk(KERN_INFO "Sum of %lu PROCESS items\n", 10832 process_sum); 10833 total_sum += process_sum; 10834 10835 #if defined(CONFIG_RSBAC_NET_OBJ) 10836 /* nettemp lists */ 10837 printk(KERN_INFO "NETTEMP items:\n"); 10838 #if defined(CONFIG_RSBAC_MAC) 10839 tmp_count = rsbac_list_count(nettemp_handles.mac); 10840 printk(", %lu MAC", 10841 tmp_count); 10842 nettemp_sum += tmp_count; 10843 #endif 10844 #if defined(CONFIG_RSBAC_FC) 10845 tmp_count = rsbac_list_count(nettemp_handles.fc); 10846 printk(", %lu FC", 10847 tmp_count); 10848 nettemp_sum += tmp_count; 10849 #endif 10850 #if defined(CONFIG_RSBAC_SIM) 10851 tmp_count = rsbac_list_count(nettemp_handles.sim); 10852 printk(", %lu SIM", 10853 tmp_count); 10854 nettemp_sum += tmp_count; 10855 #endif 10856 #if defined(CONFIG_RSBAC_PM) 10857 tmp_count = rsbac_list_count(nettemp_handles.pm); 10858 printk(", %lu PM", 10859 tmp_count); 10860 nettemp_sum += tmp_count; 10861 #endif 10862 #if defined(CONFIG_RSBAC_RC) 10863 tmp_count = rsbac_list_count(nettemp_handles.rc); 10864 printk(", %lu RC", 10865 tmp_count); 10866 nettemp_sum += tmp_count; 10867 #endif 10868 printk("\n"); 10869 printk(KERN_INFO "Sum of %lu NETTEMP items\n", 10870 nettemp_sum); 10871 total_sum += nettemp_sum; 10872 10873 /* local netobj lists */ 10874 printk(KERN_INFO "Local NETOBJ items:\n"); 10875 #if defined(CONFIG_RSBAC_MAC) 10876 tmp_count = rsbac_list_count(lnetobj_handles.mac); 10877 printk(", %lu MAC", 10878 tmp_count); 10879 lnetobj_sum += tmp_count; 10880 #endif 10881 #if defined(CONFIG_RSBAC_FC) 10882 tmp_count = rsbac_list_count(lnetobj_handles.fc); 10883 printk(", %lu FC", 10884 tmp_count); 10885 lnetobj_sum += tmp_count; 10886 #endif 10887 #if defined(CONFIG_RSBAC_SIM) 10888 tmp_count = rsbac_list_count(lnetobj_handles.sim); 10889 printk(", %lu SIM", 10890 tmp_count); 10891 lnetobj_sum += tmp_count; 10892 #endif 10893 #if defined(CONFIG_RSBAC_PM) 10894 tmp_count = rsbac_list_count(lnetobj_handles.pm); 10895 printk(", %lu PM", 10896 tmp_count); 10897 lnetobj_sum += tmp_count; 10898 #endif 10899 #if defined(CONFIG_RSBAC_RC) 10900 tmp_count = rsbac_list_count(lnetobj_handles.rc); 10901 printk(", %lu RC", 10902 tmp_count); 10903 lnetobj_sum += tmp_count; 10904 #endif 10905 printk("\n"); 10906 printk(KERN_INFO "Sum of %lu Local NETOBJ items\n", 10907 lnetobj_sum); 10908 total_sum += lnetobj_sum; 10909 10910 /* remote netobj lists */ 10911 printk(KERN_INFO "Remote NETOBJ items:\n"); 10912 #if defined(CONFIG_RSBAC_MAC) 10913 tmp_count = rsbac_list_count(rnetobj_handles.mac); 10914 printk(", %lu MAC", 10915 tmp_count); 10916 rnetobj_sum += tmp_count; 10917 #endif 10918 #if defined(CONFIG_RSBAC_FC) 10919 tmp_count = rsbac_list_count(rnetobj_handles.fc); 10920 printk(", %lu FC", 10921 tmp_count); 10922 rnetobj_sum += tmp_count; 10923 #endif 10924 #if defined(CONFIG_RSBAC_SIM) 10925 tmp_count = rsbac_list_count(rnetobj_handles.sim); 10926 printk(", %lu SIM", 10927 tmp_count); 10928 rnetobj_sum += tmp_count; 10929 #endif 10930 #if defined(CONFIG_RSBAC_PM) 10931 tmp_count = rsbac_list_count(rnetobj_handles.pm); 10932 printk(", %lu PM", 10933 tmp_count); 10934 rnetobj_sum += tmp_count; 10935 #endif 10936 #if defined(CONFIG_RSBAC_RC) 10937 tmp_count = rsbac_list_count(rnetobj_handles.rc); 10938 printk(", %lu RC", 10939 tmp_count); 10940 rnetobj_sum += tmp_count; 10941 #endif 10942 printk("\n"); 10943 printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n", 10944 rnetobj_sum); 10945 total_sum += rnetobj_sum; 10946 #endif /* NET_OBJ */ 10947 10948 printk(KERN_INFO 10949 "Total of %lu registered rsbac-items\n", 10950 total_sum); 10951 10952 printk(KERN_INFO 10953 "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", 10954 rsbac_adf_request_count[T_FILE], 10955 rsbac_adf_request_count[T_DIR], 10956 rsbac_adf_request_count[T_FIFO], 10957 rsbac_adf_request_count[T_SYMLINK], 10958 rsbac_adf_request_count[T_DEV], 10959 rsbac_adf_request_count[T_IPC], 10960 rsbac_adf_request_count[T_SCD], 10961 rsbac_adf_request_count[T_USER], 10962 rsbac_adf_request_count[T_PROCESS], 10963 rsbac_adf_request_count[T_NETDEV], 10964 rsbac_adf_request_count[T_NETTEMP], 10965 rsbac_adf_request_count[T_NETOBJ]); 10966 printk(KERN_INFO 10967 "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n", 10968 rsbac_adf_set_attr_count[T_FILE], 10969 rsbac_adf_set_attr_count[T_DIR], 10970 rsbac_adf_set_attr_count[T_FIFO], 10971 rsbac_adf_set_attr_count[T_SYMLINK], 10972 rsbac_adf_set_attr_count[T_DEV], 10973 rsbac_adf_set_attr_count[T_IPC], 10974 rsbac_adf_set_attr_count[T_SCD], 10975 rsbac_adf_set_attr_count[T_USER], 10976 rsbac_adf_set_attr_count[T_PROCESS], 10977 rsbac_adf_set_attr_count[T_NETDEV], 10978 rsbac_adf_set_attr_count[T_NETTEMP], 10979 rsbac_adf_set_attr_count[T_NETOBJ]); 10980 10981 #if defined(CONFIG_RSBAC_PM) 10982 rsbac_stats_pm(); 10983 #endif 10984 #if defined(CONFIG_RSBAC_RC) 10985 rsbac_stats_rc(); 10986 #endif 10987 #if defined(CONFIG_RSBAC_AUTH) 10988 rsbac_stats_auth(); 10989 #endif 10990 #if defined(CONFIG_RSBAC_ACL) 10991 rsbac_stats_acl(); 10992 #endif 10993 return(0); 10994 }; 10995 10996 /* check for inode on disk (but not for reiserfs, because of broken 64bit inode numbers, 10997 * or for non-devices) */ 10998 int rsbac_check_inode(struct super_block * sb_p, rsbac_inode_nr_t inode) 10999 { 11000 struct inode * inode_p; 11001 int err = 0; 11002 11003 if(!sb_p) 11004 return -RSBAC_EINVALIDPOINTER; 11005 if(!inode) 11006 return -RSBAC_EINVALIDVALUE; 11007 if(!MAJOR(sb_p->s_dev)) 11008 return 0; 11009 11010 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 11011 if(sb_p->s_op && sb_p->s_op->read_inode2) 11012 return 0; 11013 #endif 11014 inode_p = iget(sb_p, inode); 11015 if(is_bad_inode(inode_p)) 11016 { 11017 return -RSBAC_ENOTFOUND; 11018 } 11019 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 11020 /* currently only deletion checking of ext2 inodes is possible */ 11021 if(sb_p->s_magic == EXT2_SUPER_MAGIC) 11022 { 11023 if(inode_p->u.ext2_i.i_dtime) 11024 { /* inode has been deleted */ 11025 err = -RSBAC_ENOTFOUND; 11026 } 11027 else 11028 { 11029 if(inode_p->i_nlink <= 0) 11030 { /* inode has been unlinked, but no dtime is set -> warn */ 11031 #ifdef CONFIG_RSBAC_RMSG 11032 rsbac_printk(KERN_WARNING 11033 "rsbac_check_inode(): inode %u with nlink <= 0 on device %02u:%02u detected!\n", 11034 inode, RSBAC_MAJOR(sb_p->s_dev), RSBAC_MINOR(sb_p->s_dev)); 11035 #endif 11036 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11037 if (!rsbac_nosyslog) 11038 #endif 11039 printk(KERN_WARNING 11040 "rsbac_check_inode(): inode %u with nlink <= 0 on device %02u:%02u detected!\n", 11041 inode, RSBAC_MAJOR(sb_p->s_dev), RSBAC_MINOR(sb_p->s_dev)); 11042 err = -RSBAC_ENOTFOUND; 11043 } 11044 } 11045 } 11046 #endif 11047 iput(inode_p); 11048 return err; 11049 } 11050 11051 11052 /***************************************************/ 11053 /* consistency checking (as far as possible) */ 11054 11055 int rsbac_check(int correct, int check_inode) 11056 { 11057 struct rsbac_device_list_item_t * device_p; 11058 int i; 11059 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN); 11060 int list_no; 11061 long desc_count; 11062 u_long fd_count = 0, fd_sum = 0, tmp_count, 11063 b_count, def_count; 11064 u_long dflags; 11065 rsbac_inode_nr_t * fd_desc_p; 11066 11067 if (!rsbac_initialized) 11068 { 11069 #ifdef CONFIG_RSBAC_RMSG 11070 rsbac_printk(KERN_WARNING "rsbac_check(): RSBAC not initialized\n"); 11071 #endif 11072 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11073 if (!rsbac_nosyslog) 11074 #endif 11075 printk(KERN_WARNING "rsbac_check(): RSBAC not initialized\n"); 11076 return(-RSBAC_ENOTINITIALIZED); 11077 } 11078 if (!tmp) 11079 { 11080 return(-RSBAC_ENOMEM); 11081 } 11082 { 11083 /* wait for read access to device_list_head */ 11084 rsbac_read_lock(&device_list_head.lock, &dflags); 11085 /* OK, go on */ 11086 device_p = device_list_head.head; 11087 while (device_p) 11088 { 11089 fd_count = 0; 11090 b_count = 0; 11091 def_count = 0; 11092 if(check_inode) 11093 { 11094 if(!device_p->sb_p) 11095 { 11096 #ifdef CONFIG_RSBAC_RMSG 11097 rsbac_printk(KERN_WARNING "rsbac_check(): no super block for device %02u:%02u!\n", 11098 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id)); 11099 #endif 11100 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11101 if (!rsbac_nosyslog) 11102 #endif 11103 printk(KERN_WARNING "rsbac_check(): no super block for device %02u:%02u!\n", 11104 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id)); 11105 } 11106 } 11107 11108 /* General lists */ 11109 for(list_no = 0; list_no < RSBAC_GEN_NR_FD_LISTS; list_no++) 11110 { 11111 /* printk(KERN_INFO "rsbac_check(): list %u\n", 11112 list_no); */ 11113 tmp_count = 0; 11114 desc_count = rsbac_list_get_all_desc(device_p->handles.gen[list_no], (void **) &fd_desc_p); 11115 if(desc_count > 0) 11116 { 11117 for(i=0; i<desc_count; i++) 11118 { 11119 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11120 if(check_inode && device_p->sb_p) 11121 { 11122 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11123 { /* inode is bad -> remove */ 11124 b_count++; 11125 if(correct) 11126 { 11127 #ifdef CONFIG_RSBAC_RMSG 11128 rsbac_printk(KERN_INFO 11129 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11130 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11131 #endif 11132 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11133 if (!rsbac_nosyslog) 11134 #endif 11135 printk(KERN_INFO 11136 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11137 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11138 rsbac_list_remove(device_p->handles.gen[list_no], &fd_desc_p[i]); 11139 continue; 11140 } 11141 else 11142 { 11143 #ifdef CONFIG_RSBAC_RMSG 11144 rsbac_printk(KERN_INFO 11145 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11146 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11147 #endif 11148 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11149 if (!rsbac_nosyslog) 11150 #endif 11151 printk(KERN_INFO 11152 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11153 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11154 } 11155 } /* end of bad_inode */ 11156 } 11157 } 11158 11159 tmp_count++; 11160 rsbac_vfree(fd_desc_p); 11161 fd_count += desc_count; 11162 } 11163 } /* end of for-fd-list-array */ 11164 11165 #if defined(CONFIG_RSBAC_MAC) 11166 /* MAC lists */ 11167 for(list_no = 0; list_no < RSBAC_MAC_NR_FD_LISTS; list_no++) 11168 { 11169 /* printk(KERN_INFO "rsbac_check(): MAC list %u\n", 11170 list_no); */ 11171 tmp_count = 0; 11172 desc_count = rsbac_list_get_all_desc(device_p->handles.mac[list_no], (void **) &fd_desc_p); 11173 if(desc_count > 0) 11174 { 11175 for(i=0; i<desc_count; i++) 11176 { 11177 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11178 if(check_inode && device_p->sb_p) 11179 { 11180 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11181 { /* inode is bad -> remove */ 11182 b_count++; 11183 if(correct) 11184 { 11185 #ifdef CONFIG_RSBAC_RMSG 11186 rsbac_printk(KERN_INFO 11187 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11188 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11189 #endif 11190 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11191 if (!rsbac_nosyslog) 11192 #endif 11193 printk(KERN_INFO 11194 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11195 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11196 rsbac_list_remove(device_p->handles.mac[list_no], &fd_desc_p[i]); 11197 continue; 11198 } 11199 else 11200 { 11201 #ifdef CONFIG_RSBAC_RMSG 11202 rsbac_printk(KERN_INFO 11203 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11204 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11205 #endif 11206 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11207 if (!rsbac_nosyslog) 11208 #endif 11209 printk(KERN_INFO 11210 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11211 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11212 } 11213 } /* end of bad_inode */ 11214 } 11215 } 11216 tmp_count++; 11217 rsbac_vfree(fd_desc_p); 11218 fd_count += desc_count; 11219 } 11220 } /* end of for-fd-list-array */ 11221 #endif /* MAC */ 11222 11223 #if defined(CONFIG_RSBAC_FC) 11224 /* FC lists */ 11225 for(list_no = 0; list_no < RSBAC_FC_NR_FD_LISTS; list_no++) 11226 { 11227 /* printk(KERN_INFO "rsbac_check(): FC list %u\n", 11228 list_no); */ 11229 tmp_count = 0; 11230 desc_count = rsbac_list_get_all_desc(device_p->handles.fc[list_no], (void **) &fd_desc_p); 11231 if(desc_count > 0) 11232 { 11233 for(i=0; i<desc_count; i++) 11234 { 11235 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11236 if(check_inode && device_p->sb_p) 11237 { 11238 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11239 { /* inode is bad -> remove */ 11240 b_count++; 11241 if(correct) 11242 { 11243 #ifdef CONFIG_RSBAC_RMSG 11244 rsbac_printk(KERN_INFO 11245 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11246 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11247 #endif 11248 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11249 if (!rsbac_nosyslog) 11250 #endif 11251 printk(KERN_INFO 11252 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11253 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11254 rsbac_list_remove(device_p->handles.fc[list_no], &fd_desc_p[i]); 11255 continue; 11256 } 11257 else 11258 { 11259 #ifdef CONFIG_RSBAC_RMSG 11260 rsbac_printk(KERN_INFO 11261 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11262 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11263 #endif 11264 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11265 if (!rsbac_nosyslog) 11266 #endif 11267 printk(KERN_INFO 11268 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11269 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11270 } 11271 } /* end of bad_inode */ 11272 } 11273 } 11274 tmp_count++; 11275 rsbac_vfree(fd_desc_p); 11276 fd_count += desc_count; 11277 } 11278 } /* end of for-fd-list-array */ 11279 #endif /* FC */ 11280 11281 #if defined(CONFIG_RSBAC_SIM) 11282 /* SIM lists */ 11283 for(list_no = 0; list_no < RSBAC_SIM_NR_FD_LISTS; list_no++) 11284 { 11285 /* printk(KERN_INFO "rsbac_check(): SIM list %u\n", 11286 list_no); */ 11287 tmp_count = 0; 11288 desc_count = rsbac_list_get_all_desc(device_p->handles.sim[list_no], (void **) &fd_desc_p); 11289 if(desc_count > 0) 11290 { 11291 for(i=0; i<desc_count; i++) 11292 { 11293 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11294 if(check_inode && device_p->sb_p) 11295 { 11296 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11297 { /* inode is bad -> remove */ 11298 b_count++; 11299 if(correct) 11300 { 11301 #ifdef CONFIG_RSBAC_RMSG 11302 rsbac_printk(KERN_INFO 11303 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11304 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11305 #endif 11306 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11307 if (!rsbac_nosyslog) 11308 #endif 11309 printk(KERN_INFO 11310 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11311 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11312 rsbac_list_remove(device_p->handles.sim[list_no], &fd_desc_p[i]); 11313 continue; 11314 } 11315 else 11316 { 11317 #ifdef CONFIG_RSBAC_RMSG 11318 rsbac_printk(KERN_INFO 11319 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11320 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11321 #endif 11322 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11323 if (!rsbac_nosyslog) 11324 #endif 11325 printk(KERN_INFO 11326 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11327 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11328 } 11329 } /* end of bad_inode */ 11330 } 11331 } 11332 tmp_count++; 11333 rsbac_vfree(fd_desc_p); 11334 fd_count += desc_count; 11335 } 11336 } /* end of for-fd-list-array */ 11337 #endif /* SIM */ 11338 11339 #if defined(CONFIG_RSBAC_PM) 11340 /* PM lists */ 11341 for(list_no = 0; list_no < RSBAC_PM_NR_FD_LISTS; list_no++) 11342 { 11343 /* printk(KERN_INFO "rsbac_check(): PM list %u\n", 11344 list_no); */ 11345 tmp_count = 0; 11346 desc_count = rsbac_list_get_all_desc(device_p->handles.pm[list_no], (void **) &fd_desc_p); 11347 if(desc_count > 0) 11348 { 11349 for(i=0; i<desc_count; i++) 11350 { 11351 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11352 if(check_inode && device_p->sb_p) 11353 { 11354 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11355 { /* inode is bad -> remove */ 11356 b_count++; 11357 if(correct) 11358 { 11359 #ifdef CONFIG_RSBAC_RMSG 11360 rsbac_printk(KERN_INFO 11361 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11362 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11363 #endif 11364 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11365 if (!rsbac_nosyslog) 11366 #endif 11367 printk(KERN_INFO 11368 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11369 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11370 rsbac_list_remove(device_p->handles.pm[list_no], &fd_desc_p[i]); 11371 continue; 11372 } 11373 else 11374 { 11375 #ifdef CONFIG_RSBAC_RMSG 11376 rsbac_printk(KERN_INFO 11377 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11378 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11379 #endif 11380 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11381 if (!rsbac_nosyslog) 11382 #endif 11383 printk(KERN_INFO 11384 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11385 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11386 } 11387 } /* end of bad_inode */ 11388 } 11389 } 11390 tmp_count++; 11391 rsbac_vfree(fd_desc_p); 11392 fd_count += desc_count; 11393 } 11394 } /* end of for-fd-list-array */ 11395 #endif /* PM */ 11396 11397 #if defined(CONFIG_RSBAC_DAZ) 11398 /* DAZ lists */ 11399 for(list_no = 0; list_no < RSBAC_DAZ_NR_FD_LISTS; list_no++) 11400 { 11401 /* printk(KERN_INFO "rsbac_check(): DAZ list %u\n", 11402 list_no); */ 11403 tmp_count = 0; 11404 desc_count = rsbac_list_get_all_desc(device_p->handles.daz[list_no], (void **) &fd_desc_p); 11405 if(desc_count > 0) 11406 { 11407 for(i=0; i<desc_count; i++) 11408 { 11409 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11410 if(check_inode && device_p->sb_p) 11411 { 11412 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11413 { /* inode is bad -> remove */ 11414 b_count++; 11415 if(correct) 11416 { 11417 #ifdef CONFIG_RSBAC_RMSG 11418 rsbac_printk(KERN_INFO 11419 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11420 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11421 #endif 11422 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11423 if (!rsbac_nosyslog) 11424 #endif 11425 printk(KERN_INFO 11426 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11427 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11428 rsbac_list_remove(device_p->handles.daz[list_no], &fd_desc_p[i]); 11429 continue; 11430 } 11431 else 11432 { 11433 #ifdef CONFIG_RSBAC_RMSG 11434 rsbac_printk(KERN_INFO 11435 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11436 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11437 #endif 11438 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11439 if (!rsbac_nosyslog) 11440 #endif 11441 printk(KERN_INFO 11442 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11443 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11444 } 11445 } /* end of bad_inode */ 11446 } 11447 } 11448 tmp_count++; 11449 rsbac_vfree(fd_desc_p); 11450 fd_count += desc_count; 11451 } 11452 } /* end of for-fd-list-array */ 11453 #if defined(CONFIG_RSBAC_DAZ_CACHE) 11454 /* DAZ scanned lists */ 11455 for(list_no = 0; list_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; list_no++) 11456 { 11457 /* printk(KERN_INFO "rsbac_check(): DAZ_SCANNED list %u\n", 11458 list_no); */ 11459 tmp_count = 0; 11460 desc_count = rsbac_list_get_all_desc(device_p->handles.dazs[list_no], (void **) &fd_desc_p); 11461 if(desc_count > 0) 11462 { 11463 for(i=0; i<desc_count; i++) 11464 { 11465 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11466 if(check_inode && device_p->sb_p) 11467 { 11468 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11469 { /* inode is bad -> remove */ 11470 b_count++; 11471 if(correct) 11472 { 11473 #ifdef CONFIG_RSBAC_RMSG 11474 rsbac_printk(KERN_INFO 11475 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11476 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11477 #endif 11478 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11479 if (!rsbac_nosyslog) 11480 #endif 11481 printk(KERN_INFO 11482 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11483 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11484 rsbac_list_remove(device_p->handles.daz[list_no], &fd_desc_p[i]); 11485 continue; 11486 } 11487 else 11488 { 11489 #ifdef CONFIG_RSBAC_RMSG 11490 rsbac_printk(KERN_INFO 11491 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11492 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11493 #endif 11494 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11495 if (!rsbac_nosyslog) 11496 #endif 11497 printk(KERN_INFO 11498 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11499 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11500 } 11501 } /* end of bad_inode */ 11502 } 11503 } 11504 tmp_count++; 11505 rsbac_vfree(fd_desc_p); 11506 fd_count += desc_count; 11507 } 11508 } /* end of for-fd-list-array */ 11509 #endif 11510 #endif /* DAZ */ 11511 11512 #if defined(CONFIG_RSBAC_FF) 11513 /* FF lists */ 11514 for(list_no = 0; list_no < RSBAC_FF_NR_FD_LISTS; list_no++) 11515 { 11516 /* printk(KERN_INFO "rsbac_check(): FF list %u\n", 11517 list_no); */ 11518 tmp_count = 0; 11519 desc_count = rsbac_list_get_all_desc(device_p->handles.ff[list_no], (void **) &fd_desc_p); 11520 if(desc_count > 0) 11521 { 11522 for(i=0; i<desc_count; i++) 11523 { 11524 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11525 if(check_inode && device_p->sb_p) 11526 { 11527 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11528 { /* inode is bad -> remove */ 11529 b_count++; 11530 if(correct) 11531 { 11532 #ifdef CONFIG_RSBAC_RMSG 11533 rsbac_printk(KERN_INFO 11534 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11535 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11536 #endif 11537 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11538 if (!rsbac_nosyslog) 11539 #endif 11540 printk(KERN_INFO 11541 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11542 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11543 rsbac_list_remove(device_p->handles.ff[list_no], &fd_desc_p[i]); 11544 continue; 11545 } 11546 else 11547 { 11548 #ifdef CONFIG_RSBAC_RMSG 11549 rsbac_printk(KERN_INFO 11550 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11551 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11552 #endif 11553 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11554 if (!rsbac_nosyslog) 11555 #endif 11556 printk(KERN_INFO 11557 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11558 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11559 } 11560 } /* end of bad_inode */ 11561 } 11562 } 11563 tmp_count++; 11564 rsbac_vfree(fd_desc_p); 11565 fd_count += desc_count; 11566 } 11567 } /* end of for-fd-list-array */ 11568 #endif /* FF */ 11569 11570 #if defined(CONFIG_RSBAC_RC) 11571 /* RC lists */ 11572 for(list_no = 0; list_no < RSBAC_RC_NR_FD_LISTS; list_no++) 11573 { 11574 /* printk(KERN_INFO "rsbac_check(): RC list %u\n", 11575 list_no); */ 11576 tmp_count = 0; 11577 desc_count = rsbac_list_get_all_desc(device_p->handles.rc[list_no], (void **) &fd_desc_p); 11578 if(desc_count > 0) 11579 { 11580 for(i=0; i<desc_count; i++) 11581 { 11582 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11583 if(check_inode && device_p->sb_p) 11584 { 11585 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11586 { /* inode is bad -> remove */ 11587 b_count++; 11588 if(correct) 11589 { 11590 #ifdef CONFIG_RSBAC_RMSG 11591 rsbac_printk(KERN_INFO 11592 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11593 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11594 #endif 11595 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11596 if (!rsbac_nosyslog) 11597 #endif 11598 printk(KERN_INFO 11599 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11600 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11601 rsbac_list_remove(device_p->handles.rc[list_no], &fd_desc_p[i]); 11602 continue; 11603 } 11604 else 11605 { 11606 #ifdef CONFIG_RSBAC_RMSG 11607 rsbac_printk(KERN_INFO 11608 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11609 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11610 #endif 11611 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11612 if (!rsbac_nosyslog) 11613 #endif 11614 printk(KERN_INFO 11615 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11616 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11617 } 11618 } /* end of bad_inode */ 11619 } 11620 } 11621 tmp_count++; 11622 rsbac_vfree(fd_desc_p); 11623 fd_count += desc_count; 11624 } 11625 } /* end of for-fd-list-array */ 11626 #endif /* RC */ 11627 11628 #if defined(CONFIG_RSBAC_AUTH) 11629 /* AUTH lists */ 11630 for(list_no = 0; list_no < RSBAC_AUTH_NR_FD_LISTS; list_no++) 11631 { 11632 /* printk(KERN_INFO "rsbac_check(): AUTH list %u\n", 11633 list_no); */ 11634 tmp_count = 0; 11635 desc_count = rsbac_list_get_all_desc(device_p->handles.auth[list_no], (void **) &fd_desc_p); 11636 if(desc_count > 0) 11637 { 11638 for(i=0; i<desc_count; i++) 11639 { 11640 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11641 if(check_inode && device_p->sb_p) 11642 { 11643 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11644 { /* inode is bad -> remove */ 11645 b_count++; 11646 if(correct) 11647 { 11648 #ifdef CONFIG_RSBAC_RMSG 11649 rsbac_printk(KERN_INFO 11650 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11651 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11652 #endif 11653 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11654 if (!rsbac_nosyslog) 11655 #endif 11656 printk(KERN_INFO 11657 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11658 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11659 rsbac_list_remove(device_p->handles.auth[list_no], &fd_desc_p[i]); 11660 continue; 11661 } 11662 else 11663 { 11664 #ifdef CONFIG_RSBAC_RMSG 11665 rsbac_printk(KERN_INFO 11666 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11667 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11668 #endif 11669 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11670 if (!rsbac_nosyslog) 11671 #endif 11672 printk(KERN_INFO 11673 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11674 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11675 } 11676 } /* end of bad_inode */ 11677 } 11678 } 11679 tmp_count++; 11680 rsbac_vfree(fd_desc_p); 11681 fd_count += desc_count; 11682 } 11683 } /* end of for-fd-list-array */ 11684 #endif /* AUTH */ 11685 11686 #if defined(CONFIG_RSBAC_CAP) 11687 /* CAP lists */ 11688 for(list_no = 0; list_no < RSBAC_CAP_NR_FD_LISTS; list_no++) 11689 { 11690 /* printk(KERN_INFO "rsbac_check(): CAP list %u\n", 11691 list_no); */ 11692 tmp_count = 0; 11693 desc_count = rsbac_list_get_all_desc(device_p->handles.cap[list_no], (void **) &fd_desc_p); 11694 if(desc_count > 0) 11695 { 11696 for(i=0; i<desc_count; i++) 11697 { 11698 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11699 if(check_inode && device_p->sb_p) 11700 { 11701 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11702 { /* inode is bad -> remove */ 11703 b_count++; 11704 if(correct) 11705 { 11706 #ifdef CONFIG_RSBAC_RMSG 11707 rsbac_printk(KERN_INFO 11708 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11709 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11710 #endif 11711 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11712 if (!rsbac_nosyslog) 11713 #endif 11714 printk(KERN_INFO 11715 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11716 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11717 rsbac_list_remove(device_p->handles.cap[list_no], &fd_desc_p[i]); 11718 continue; 11719 } 11720 else 11721 { 11722 #ifdef CONFIG_RSBAC_RMSG 11723 rsbac_printk(KERN_INFO 11724 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11725 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11726 #endif 11727 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11728 if (!rsbac_nosyslog) 11729 #endif 11730 printk(KERN_INFO 11731 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11732 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11733 } 11734 } /* end of bad_inode */ 11735 } 11736 } 11737 tmp_count++; 11738 rsbac_vfree(fd_desc_p); 11739 fd_count += desc_count; 11740 } 11741 } /* end of for-fd-list-array */ 11742 #endif /* CAP */ 11743 #if defined(CONFIG_RSBAC_RES) 11744 /* RES lists */ 11745 for(list_no = 0; list_no < RSBAC_RES_NR_FD_LISTS; list_no++) 11746 { 11747 /* printk(KERN_INFO "rsbac_check(): RES list %u\n", 11748 list_no); */ 11749 tmp_count = 0; 11750 desc_count = rsbac_list_get_all_desc(device_p->handles.res[list_no], (void **) &fd_desc_p); 11751 if(desc_count > 0) 11752 { 11753 for(i=0; i<desc_count; i++) 11754 { 11755 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11756 if(check_inode && device_p->sb_p) 11757 { 11758 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11759 { /* inode is bad -> remove */ 11760 b_count++; 11761 if(correct) 11762 { 11763 #ifdef CONFIG_RSBAC_RMSG 11764 rsbac_printk(KERN_INFO 11765 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11766 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11767 #endif 11768 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11769 if (!rsbac_nosyslog) 11770 #endif 11771 printk(KERN_INFO 11772 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11773 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11774 rsbac_list_remove(device_p->handles.res[list_no], &fd_desc_p[i]); 11775 continue; 11776 } 11777 else 11778 { 11779 #ifdef CONFIG_RSBAC_RMSG 11780 rsbac_printk(KERN_INFO 11781 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11782 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11783 #endif 11784 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11785 if (!rsbac_nosyslog) 11786 #endif 11787 printk(KERN_INFO 11788 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11789 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11790 } 11791 } /* end of bad_inode */ 11792 } 11793 } 11794 tmp_count++; 11795 rsbac_vfree(fd_desc_p); 11796 fd_count += desc_count; 11797 } 11798 } /* end of for-fd-list-array */ 11799 #endif /* RES */ 11800 #if defined(CONFIG_RSBAC_PAX) 11801 /* PAX lists */ 11802 for(list_no = 0; list_no < RSBAC_PAX_NR_FD_LISTS; list_no++) 11803 { 11804 /* printk(KERN_INFO "rsbac_check(): PAX list %u\n", 11805 list_no); */ 11806 tmp_count = 0; 11807 desc_count = rsbac_list_get_all_desc(device_p->handles.pax[list_no], (void **) &fd_desc_p); 11808 if(desc_count > 0) 11809 { 11810 for(i=0; i<desc_count; i++) 11811 { 11812 /* check for inode on disk (but not for reiserfs, because of 64bit inode numbers) */ 11813 if(check_inode && device_p->sb_p) 11814 { 11815 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i])) 11816 { /* inode is bad -> remove */ 11817 b_count++; 11818 if(correct) 11819 { 11820 #ifdef CONFIG_RSBAC_RMSG 11821 rsbac_printk(KERN_INFO 11822 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11823 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11824 #endif 11825 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11826 if (!rsbac_nosyslog) 11827 #endif 11828 printk(KERN_INFO 11829 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n", 11830 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11831 rsbac_list_remove(device_p->handles.pax[list_no], &fd_desc_p[i]); 11832 continue; 11833 } 11834 else 11835 { 11836 #ifdef CONFIG_RSBAC_RMSG 11837 rsbac_printk(KERN_INFO 11838 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11839 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11840 #endif 11841 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11842 if (!rsbac_nosyslog) 11843 #endif 11844 printk(KERN_INFO 11845 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n", 11846 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no); 11847 } 11848 } /* end of bad_inode */ 11849 } 11850 } 11851 tmp_count++; 11852 rsbac_vfree(fd_desc_p); 11853 fd_count += desc_count; 11854 } 11855 } /* end of for-fd-list-array */ 11856 #endif /* PAX */ 11857 11858 switch(correct) 11859 { 11860 case 2: 11861 #ifdef CONFIG_RSBAC_RMSG 11862 rsbac_printk(KERN_INFO 11863 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n", 11864 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count, 11865 b_count); 11866 #endif 11867 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11868 if (!rsbac_nosyslog) 11869 #endif 11870 printk(KERN_INFO 11871 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n", 11872 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count, 11873 b_count); 11874 break; 11875 case 1: 11876 #ifdef CONFIG_RSBAC_RMSG 11877 rsbac_printk(KERN_INFO 11878 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n", 11879 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count, 11880 b_count); 11881 #endif 11882 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11883 if (!rsbac_nosyslog) 11884 #endif 11885 printk(KERN_INFO 11886 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n", 11887 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count, 11888 b_count); 11889 break; 11890 default: 11891 #ifdef CONFIG_RSBAC_RMSG 11892 rsbac_printk(KERN_INFO 11893 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu with bad inodes)\n", 11894 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count, 11895 b_count); 11896 #endif 11897 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11898 if (!rsbac_nosyslog) 11899 #endif 11900 printk(KERN_INFO 11901 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu with bad inodes)\n", 11902 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count, 11903 b_count); 11904 } 11905 fd_sum += fd_count; 11906 /* go on */ 11907 device_p = device_p->next; 11908 }; 11909 #ifdef CONFIG_RSBAC_RMSG 11910 rsbac_printk(KERN_INFO "rsbac_check(): Sum of %u Devices with %lu fd-items\n", 11911 device_list_head.count, fd_sum); 11912 #endif 11913 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11914 if (!rsbac_nosyslog) 11915 #endif 11916 printk(KERN_INFO "rsbac_check(): Sum of %u Devices with %lu fd-items\n", 11917 device_list_head.count, fd_sum); 11918 /* free access to device_list_head */ 11919 rsbac_read_unlock(&device_list_head.lock, &dflags); 11920 } 11921 rsbac_kfree(tmp); 11922 return(0); 11923 }; 11924 11925 11926 /***************************************************/ 11927 /* rsbac_write() to write all dirty lists to disk */ 11928 /* returns no. of lists written */ 11929 11930 #if defined(CONFIG_RSBAC_AUTO_WRITE) 11931 int rsbac_write(boolean need_lock) 11932 { 11933 int err=0; 11934 u_int count = 0; 11935 int subcount; 11936 11937 if (!rsbac_initialized) 11938 { 11939 #ifdef CONFIG_RSBAC_RMSG 11940 rsbac_printk(KERN_WARNING "rsbac_write(): RSBAC not initialized\n"); 11941 #endif 11942 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11943 if (!rsbac_nosyslog) 11944 #endif 11945 printk(KERN_WARNING "rsbac_write(): RSBAC not initialized\n"); 11946 return(-RSBAC_ENOTINITIALIZED); 11947 } 11948 if(rsbac_debug_no_write) 11949 return 0; 11950 11951 subcount = rsbac_write_lists(need_lock); 11952 if(subcount > 0) 11953 { 11954 count += subcount; 11955 } 11956 else 11957 if(subcount < 0) 11958 { 11959 err = subcount; 11960 if(err != -RSBAC_ENOTWRITABLE) 11961 { 11962 #ifdef CONFIG_RSBAC_RMSG 11963 rsbac_printk(KERN_WARNING 11964 "rsbac_write(): rsbac_write_lists() returned error %i\n", 11965 err); 11966 #endif 11967 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11968 if (!rsbac_nosyslog) 11969 #endif 11970 printk(KERN_WARNING 11971 "rsbac_write(): rsbac_write_lists() returned error %i\n", 11972 err); 11973 } 11974 } 11975 11976 /****** REG *******/ 11977 #if defined(CONFIG_RSBAC_REG) 11978 subcount = rsbac_write_reg(need_lock); 11979 if(subcount > 0) 11980 { 11981 count += subcount; 11982 } 11983 else 11984 if(subcount < 0) 11985 { 11986 err = subcount; 11987 if(err != -RSBAC_ENOTWRITABLE) 11988 { 11989 #ifdef CONFIG_RSBAC_RMSG 11990 rsbac_printk(KERN_WARNING 11991 "rsbac_write(): rsbac_write_reg() returned error %i\n", 11992 err); 11993 #endif 11994 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 11995 if (!rsbac_nosyslog) 11996 #endif 11997 printk(KERN_WARNING 11998 "rsbac_write(): rsbac_write_reg() returned error %i\n", 11999 err); 12000 } 12001 } 12002 #endif /* REG */ 12003 12004 #ifdef CONFIG_RSBAC_DEBUG 12005 if(rsbac_debug_write) 12006 { 12007 #ifdef CONFIG_RSBAC_RMSG 12008 rsbac_printk(KERN_DEBUG "rsbac_write(): total of %u lists written\n", 12009 count); 12010 #endif 12011 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 12012 if (!rsbac_nosyslog) 12013 #endif 12014 printk(KERN_DEBUG "rsbac_write(): total of %u lists written\n", 12015 count); 12016 } 12017 #endif 12018 return(count); 12019 }; 12020 #endif /* CONFIG_RSBAC_AUTO_WRITE */ 12021 12022 /************************************************* */ 12023 /* Attribute functions */ 12024 /************************************************* */ 12025 12026 /* A rsbac_set_attr() call for a non-existing object, user */ 12027 /* or process entry will first add the target and then set the attribute. */ 12028 /* Invalid combinations and trying to set security_level to or from */ 12029 /* SL_rsbac_internal return an error. */ 12030 /* A rsbac_get_attr() call for a non-existing target will return the */ 12031 /* default value stored in def_aci, which should be the first enum item.*/ 12032 12033 /* All these procedures handle the rw-spinlocks to protect the targets during */ 12034 /* access. */ 12035 12036 /* get the parent of a target 12037 * returns -RSBAC_EINVALIDTARGET for non-fs targets 12038 * and -RSBAC_ENOTFOUND, if no parent available 12039 * In kernels >= 2.4.0, device_p->d_covers is used and the device_p item is 12040 * properly locked for reading, so never call with a write lock held on 12041 * device_p! 12042 */ 12043 #if defined(CONFIG_RSBAC_REG) 12044 EXPORT_SYMBOL(rsbac_get_parent); 12045 #endif 12046 int rsbac_get_parent(enum rsbac_target_t target, 12047 union rsbac_target_id_t tid, 12048 enum rsbac_target_t * parent_target_p, 12049 union rsbac_target_id_t * parent_tid_p) 12050 { 12051 if(!parent_target_p || !parent_tid_p) 12052 return -RSBAC_EINVALIDPOINTER; 12053 /* 12054 #ifdef CONFIG_RSBAC_DEBUG 12055 if (rsbac_debug_ds) 12056 { 12057 #ifdef CONFIG_RSBAC_RMSG 12058 rsbac_printk(KERN_DEBUG 12059 "rsbac_get_parent(): Getting file/dir/fifo/symlink parent for device %02u:%02u, inode %lu, dentry_p %p\n", 12060 RSBAC_MAJOR(tid.file.device),RSBAC_MINOR(tid.file.device), (u_long) tid.file.inode, tid.file.dentry_p); 12061 #endif 12062 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 12063 if (!rsbac_nosyslog) 12064 #endif 12065 printk(KERN_DEBUG 12066 "rsbac_get_parent(): Getting file/dir/fifo/symlink parent for device %02u:%02u, inode %lu, dentry_p %p\n", 12067 RSBAC_MAJOR(tid.file.device),RSBAC_MINOR(tid.file.device), (u_long) tid.file.inode, tid.file.dentry_p); 12068 } 12069 #endif 12070 */ 12071 switch(target) 12072 { 12073 case T_FILE: 12074 case T_DIR: 12075 case T_FIFO: 12076 case T_SYMLINK: 12077 break; 12078 default: 12079 return -RSBAC_EINVALIDTARGET; 12080 } 12081 12082 if(!tid.file.dentry_p) 12083 return -RSBAC_ENOTFOUND; 12084 12085 *parent_target_p = T_DIR; 12086 /* Is this dentry root of a mounted device? */ 12087 if( tid.file.dentry_p->d_sb 12088 && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p) 12089 ) 12090 { 12091 struct rsbac_device_list_item_t * device_p; 12092 u_long dflags; 12093 12094 /* wait for read access to device_list_head */ 12095 rsbac_read_lock(&device_list_head.lock, &dflags); 12096 12097 device_p = lookup_device(tid.file.device); 12098 if( !device_p 12099 || !device_p->d_covers 12100 || !device_p->d_covers->d_parent 12101 || !device_p->d_covers->d_parent->d_inode 12102 ) 12103 { 12104 /* free access to device_list_head */ 12105 rsbac_read_unlock(&device_list_head.lock, &dflags); 12106 return -RSBAC_ENOTFOUND; 12107 } 12108 parent_tid_p->dir.device = device_p->d_covers->d_parent->d_sb->s_dev; 12109 parent_tid_p->dir.inode = device_p->d_covers->d_parent->d_inode->i_ino; 12110 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent; 12111 /* free access to device_list_head */ 12112 rsbac_read_unlock(&device_list_head.lock, &dflags); 12113 } 12114 else 12115 { /* no root of filesystem -> use d_parent, dev keeps unchanged */ 12116 if(!tid.file.dentry_p->d_parent) 12117 { 12118 #ifdef CONFIG_RSBAC_RMSG 12119 rsbac_printk(KERN_WARNING 12120 "rsbac_get_parent(): oops - d_parent is NULL!\n"); 12121 #endif 12122 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 12123 if (!rsbac_nosyslog) 12124 #endif 12125 printk(KERN_WARNING 12126 "rsbac_get_parent(): oops - d_parent is NULL!\n"); 12127 return -RSBAC_ENOTFOUND; 12128 } 12129 if(tid.file.dentry_p == tid.file.dentry_p->d_parent) 12130 { 12131 #ifdef CONFIG_RSBAC_RMSG 12132 rsbac_printk(KERN_WARNING 12133 "rsbac_get_parent(): oops - d_parent == dentry_p!\n"); 12134 #endif 12135 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 12136 if (!rsbac_nosyslog) 12137 #endif 12138 printk(KERN_WARNING 12139 "rsbac_get_parent(): oops - d_parent == dentry_p!\n"); 12140 return -RSBAC_ENOTFOUND; 12141 } 12142 if(!tid.file.dentry_p->d_parent->d_inode) 12143 { 12144 #ifdef CONFIG_RSBAC_RMSG 12145 rsbac_printk(KERN_WARNING 12146 "rsbac_get_parent(): oops - d_parent has no d_inode!\n"); 12147 #endif 12148 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 12149 if (!rsbac_nosyslog) 12150 #endif 12151 printk(KERN_WARNING 12152 "rsbac_get_parent(): oops - d_parent has no d_inode!\n"); 12153 return -RSBAC_ENOTFOUND; 12154 } 12155 parent_tid_p->dir.device = tid.file.device; 12156 parent_tid_p->dir.inode = tid.file.dentry_p->d_parent->d_inode->i_ino; 12157 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent; 12158 } 12159 return 0; 12160 } 12161 12162 /* The value parameter to rsbac_get_attr() and rsbac_set_attr() is a pointer */ 12163 /* to the appropiate data structure holding the attribute value. */ 12164 12165 #if defined(CONFIG_RSBAC_REG) 12166 EXPORT_SYMBOL(rsbac_get_attr); 12167 #endif 12168 int rsbac_get_attr(enum rsbac_switch_target_t module, 12169 enum rsbac_target_t target, 12170 union rsbac_target_id_t tid, 12171 enum rsbac_attribute_t attr, 12172 union rsbac_attribute_value_t * value, 12173 boolean inherit) 12174 { 12175 int err = 0; 12176 struct rsbac_device_list_item_t * device_p; 12177 u_long dflags; 12178 #if defined(CONFIG_RSBAC_FF) 12179 rsbac_ff_flags_t ff_flags = 0; 12180 rsbac_ff_flags_t ff_tmp_flags; 12181 rsbac_ff_flags_t ff_mask = -1; 12182 #endif 12183 12184 if (!rsbac_initialized) 12185 { 12186 #ifdef CONFIG_RSBAC_RMSG 12187 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n"); 12188 #endif 12189 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 12190 if (!rsbac_nosyslog) 12191 #endif 12192 printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n"); 12193 return(-RSBAC_ENOTINITIALIZED); 12194 } 12195 if (!value) 12196 return(-RSBAC_EINVALIDPOINTER); 12197 if (in_interrupt()) 12198 { 12199 #ifdef CONFIG_RSBAC_RMSG 12200 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n"); 12201 #endif 12202 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 12203 if (!rsbac_nosyslog) 12204 #endif 12205 printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n"); 12206 } 12207 #ifdef CONFIG_RSBAC_XSTATS 12208 get_attr_count[target]++; 12209 #endif 12210 switch (target) 12211 { 12212 case T_FILE: 12213 case T_DIR: 12214 case T_FIFO: 12215 case T_SYMLINK: 12216 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 12217 if( !RSBAC_MAJOR(tid.file.device) 12218 && !RSBAC_MINOR(tid.file.device) 12219 ) 12220 return -RSBAC_EINVALIDDEV; 12221 #endif 12222 /* use loop for inheritance - used to be recursive calls */ 12223 for(;;) 12224 { 12225 /* 12226 #ifdef CONFIG_RSBAC_DEBUG 12227 if (rsbac_debug_ds) 12228 printk(KERN_DEBUG "rsbac_get_attr(): Getting file/dir/fifo/symlink attribute %u for device %02u:%02u, inode %lu, dentry_p %p\n", 12229 attr, RSBAC_MAJOR(tid.file.device),RSBAC_MINOR(tid.file.device), (u_long) tid.file.inode, tid.file.dentry_p); 12230 #endif 12231 */ 12232 /* wait for read access to device_list_head */ 12233 rsbac_read_lock(&device_list_head.lock, &dflags); 12234 /* OK, go on */ 12235 /* 12236 #ifdef CONFIG_RSBAC_DEBUG 12237 if (rsbac_debug_ds) 12238 printk(KERN_DEBUG 12239 "rsbac_get_attr(): passed device read lock\n"); 12240 #endif 12241 */ 12242 12243 /* lookup device */ 12244 device_p = lookup_device(tid.file.device); 12245 if (!device_p) 12246 { 12247 struct super_block * sb_p; 12248 12249 rsbac_read_unlock(&device_list_head.lock, &dflags); 12250 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 12251 sb_p = user_get_super(tid.file.device); 12252 #else 12253 sb_p = get_super(tid.file.device); 12254 #endif 12255 if(sb_p) 12256 { 12257 #ifdef CONFIG_RSBAC_RMSG 12258 rsbac_printk(KERN_INFO 12259 "rsbac_get_attr(): auto-mounting device %02u:%02u\n", 12260 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 12261 #endif 12262 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 12263 if (!rsbac_nosyslog) 12264 #endif 12265 printk(KERN_INFO 12266 "rsbac_get_attr(): auto-mounting device %02u:%02u\n", 12267 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 12268 rsbac_mount(sb_p, NULL); 12269 /* free super_block pointer */ 12270 drop_super(sb_p); 12271 rsbac_read_lock(&device_list_head.lock, &dflags); 12272 device_p = lookup_device(tid.file.device); 12273 if (!device_p) 12274 { 12275 #ifdef CONFIG_RSBAC_RMSG 12276 rsbac_printk(KERN_WARNING 12277 "rsbac_get_attr(): unknown device %02u:%02u\n", 12278 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 12279 #endif 12280 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 12281 if (!rsbac_nosyslog) 12282 #endif 12283 printk(KERN_WARNING 12284 "rsbac_get_attr(): unknown device %02u:%02u\n", 12285 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 12286 rsbac_read_unlock(&device_list_head.lock, &dflags); 12287 return -RSBAC_EINVALIDDEV; 12288 } 12289 } 12290 else 12291 return -RSBAC_EINVALIDDEV; 12292 } 12293 switch(module) 12294 { 12295 case GEN: 12296 { 12297 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI; 12298 12299 if(attr == A_internal) 12300 { 12301 if(!device_p->rsbac_dir_inode || !tid.file.inode) 12302 value->internal = FALSE; 12303 else 12304 if(device_p->rsbac_dir_inode == tid.file.inode) 12305 value->internal = TRUE; 12306 else 12307 if(inherit) 12308 { 12309 enum rsbac_target_t parent_target; 12310 union rsbac_target_id_t parent_tid; 12311 12312 /* inheritance possible? */ 12313 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid)) 12314 { /* yes: inherit this single level */ 12315 if(device_p->rsbac_dir_inode == parent_tid.file.inode) 12316 value->internal = TRUE; 12317 else 12318 value->internal = FALSE; 12319 } 12320 else 12321 { 12322 value->internal = FALSE; 12323 } 12324 } 12325 else 12326 { 12327 value->internal = FALSE; 12328 } 12329 12330 /* free access to device_list_head */ 12331 rsbac_read_unlock(&device_list_head.lock, &dflags); 12332 return 0; 12333 } 12334 rsbac_list_get_data(device_p->handles.gen[gen_fd_hash(tid.file.inode)], 12335 &tid.file.inode, 12336 &aci); 12337 switch (attr) 12338 { 12339 case A_log_array_low: 12340 value->log_array_low = aci.log_array_low; 12341 break; 12342 case A_log_array_high: 12343 value->log_array_high = aci.log_array_high; 12344 break; 12345 case A_log_program_based: 12346 value->log_program_based = aci.log_program_based; 12347 break; 12348 case A_symlink_add_uid: 12349 value->symlink_add_uid = aci.symlink_add_uid; 12350 break; 12351 case A_symlink_add_mac_level: 12352 value->symlink_add_mac_level = aci.symlink_add_mac_level; 12353 break; 12354 case A_symlink_add_rc_role: 12355 value->symlink_add_rc_role = aci.symlink_add_rc_role; 12356 break; 12357 case A_linux_dac_disable: 12358 value->linux_dac_disable = aci.linux_dac_disable; 12359 if((value->linux_dac_disable == LDD_inherit) && inherit) 12360 { 12361 enum rsbac_target_t parent_target; 12362 union rsbac_target_id_t parent_tid; 12363 12364 /* free access to device_list_head - see above */ 12365 rsbac_read_unlock(&device_list_head.lock, &dflags); 12366 12367 /* inheritance possible? */ 12368 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid)) 12369 { 12370 target = parent_target; 12371 tid = parent_tid; 12372 continue; 12373 } 12374 else 12375 { 12376 value->linux_dac_disable 12377 = def_gen_root_dir_aci.linux_dac_disable; 12378 return 0; 12379 } 12380 } 12381 break; 12382 case A_fake_root_uid: 12383 value->fake_root_uid = aci.fake_root_uid; 12384 break; 12385 default: 12386 err = -RSBAC_EINVALIDATTR; 12387 } 12388 } 12389 break; 12390 12391 #if defined(CONFIG_RSBAC_MAC) 12392 case MAC: 12393 { 12394 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI; 12395 12396 rsbac_list_get_data(device_p->handles.mac[mac_fd_hash(tid.file.inode)], 12397 &tid.file.inode, 12398 &aci); 12399 switch (attr) 12400 { 12401 case A_security_level: 12402 value->security_level = aci.sec_level; 12403 if((value->security_level == SL_inherit) && inherit) 12404 { 12405 enum rsbac_target_t parent_target; 12406 union rsbac_target_id_t parent_tid; 12407 12408 /* free access to device_list_head - see above */ 12409 rsbac_read_unlock(&device_list_head.lock, &dflags); 12410 12411 /* inheritance possible? */ 12412 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid)) 12413 { 12414 target = parent_target; 12415 tid = parent_tid; 12416 continue; 12417 } 12418 else 12419 { 12420 value->security_level 12421 = def_mac_root_dir_aci.sec_level; 12422 return 0; 12423 } 12424 } 12425 break; 12426 case A_mac_categories: 12427 value->mac_categories = aci.mac_categories; 12428 if( (value->mac_categories == RSBAC_MAC_INHERIT_CAT_VECTOR) 12429 && inherit 12430 ) 12431 { 12432 enum rsbac_target_t parent_target; 12433 union rsbac_target_id_t parent_tid; 12434 12435 /* free access to device_list_head - see above */ 12436 rsbac_read_unlock(&device_list_head.lock, &dflags); 12437 12438 /* inheritance possible? */ 12439 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid)) 12440 { 12441 target = parent_target; 12442 tid = parent_tid; 12443 continue; 12444 } 12445 else 12446 { 12447 value->mac_categories 12448 = def_mac_root_dir_aci.mac_categories; 12449 return 0; 12450 } 12451 } 12452 break; 12453 case A_mac_auto: 12454 value->mac_auto = aci.mac_auto; 12455 if( (value->mac_auto == MA_inherit) 12456 && inherit 12457 ) 12458 { 12459 enum rsbac_target_t parent_target; 12460 union rsbac_target_id_t parent_tid; 12461 12462 /* free access to device_list_head - see above */ 12463 rsbac_read_unlock(&device_list_head.lock, &dflags); 12464 12465 /* inheritance possible? */ 12466 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid)) 12467 { 12468 target = parent_target; 12469 tid = parent_tid; 12470 continue; 12471 } 12472 else 12473 { 12474 value->mac_auto 12475 = def_mac_root_dir_aci.mac_auto; 12476 return 0; 12477 } 12478 } 12479 break; 12480 case A_mac_prop_trusted: 12481 value->mac_prop_trusted = aci.mac_prop_trusted; 12482 break; 12483 case A_mac_file_flags: 12484 value->mac_file_flags = aci.mac_file_flags; 12485 break; 12486 12487 default: 12488 err = -RSBAC_EINVALIDATTR; 12489 } 12490 } 12491 break; 12492 #endif /* MAC */ 12493 12494 #if defined(CONFIG_RSBAC_FC) 12495 case FC: 12496 { 12497 switch (attr) 12498 { 12499 case A_object_category: 12500 value->object_category = RSBAC_FC_OC_DEF; 12501 rsbac_list_get_data(device_p->handles.fc[fc_fd_hash(tid.file.inode)], 12502 &tid.file.inode, 12503 &value->object_category); 12504 if((value->object_category == OC_inherit) && inherit) 12505 { 12506 enum rsbac_target_t parent_target; 12507 union rsbac_target_id_t parent_tid; 12508 12509 /* free access to device_list_head - see above */ 12510 rsbac_read_unlock(&device_list_head.lock, &dflags); 12511 12512 /* inheritance possible? */ 12513 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid)) 12514 { 12515 target = parent_target; 12516 tid = parent_tid; 12517 continue; 12518 } 12519 else 12520 { 12521 value->object_category 12522 = RSBAC_FC_OC_ROOT_DEF; 12523 return 0; 12524 } 12525 } 12526 break; 12527 12528 default: 12529 err = -RSBAC_EINVALIDATTR; 12530 } 12531 } 12532 break; 12533 #endif /* FC */ 12534 12535 #if defined(CONFIG_RSBAC_SIM) 12536 case SIM: 12537 { 12538 switch (attr) 12539 { 12540 case A_data_type: 12541 value->data_type = RSBAC_SIM_DT_DEF; 12542 rsbac_list_get_data(device_p->handles.sim[sim_fd_hash(tid.file.inode)], 12543 &tid.file.inode, 12544 &value->data_type); 12545 if(value->data_type == DT_inherit && inherit) 12546 { 12547 enum rsbac_target_t parent_target; 12548 union rsbac_target_id_t parent_tid; 12549 12550 /* free access to device_list_head - see above */ 12551 rsbac_read_unlock(&device_list_head.lock, &dflags); 12552 12553 /* inheritance possible? */ 12554 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid)) 12555 { 12556 target = parent_target; 12557 tid = parent_tid; 12558 continue; 12559 } 12560 else 12561 { 12562 value->data_type 12563 = RSBAC_SIM_DT_ROOT_DEF; 12564 return 0; 12565 } 12566 } 12567 break; 12568 12569 default: 12570 err = -RSBAC_EINVALIDATTR; 12571 } 12572 } 12573 break; 12574 #endif /* SIM */ 12575 12576 #if defined(CONFIG_RSBAC_PM) 12577 case PM: 12578 { 12579 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI; 12580 12581 rsbac_list_get_data(device_p->handles.pm[pm_fd_hash(tid.file.inode)], 12582 &tid.file.inode, 12583 &aci); 12584 switch (attr) 12585 { 12586 case A_pm_object_class: 12587 value->pm_object_class = aci.pm_object_class; 12588 break; 12589 case A_pm_tp: 12590 value->pm_tp = aci.pm_tp; 12591 break; 12592 case A_pm_object_type: 12593 value->pm_object_type = aci.pm_object_type; 12594 break; 12595 default: 12596 err = -RSBAC_EINVALIDATTR; 12597 } 12598 } 12599 break; 12600 #endif /* PM */ 12601 12602 #if defined(CONFIG_RSBAC_DAZ) 12603 case DAZ: 12604 { 12605 #if defined(CONFIG_RSBAC_DAZ_CACHE) 12606 if(attr == A_daz_scanned) 12607 { 12608 err = rsbac_list_get_data(device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)], 12609 &tid.file.inode, 12610 &value->daz_scanned); 12611 } 12612 else 12613 #endif 12614 { 12615 struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI; 12616 12617 rsbac_list_get_data(device_p->handles.daz[daz_fd_hash(tid.file.inode)], 12618 &tid.file.inode, 12619 &aci); 12620 switch (attr) 12621 { 12622 case A_daz_scanner: 12623 value->daz_scanner = aci.daz_scanner; 12624 break; 12625 default: 12626 err = -RSBAC_EINVALIDATTR; 12627 } 12628 } 12629 } 12630 break; 12631 #endif /* DAZ */ 12632 12633 #if defined(CONFIG_RSBAC_FF) 12634 case FF: 12635 { 12636 switch (attr) 12637 { 12638 case A_ff_flags: 12639 ff_tmp_flags = RSBAC_FF_DEF; 12640 rsbac_list_get_data(device_p->handles.ff[ff_fd_hash(tid.file.inode)], 12641 &tid.file.inode, 12642 &ff_tmp_flags); 12643 ff_flags |= ff_tmp_flags & ff_mask; 12644 value->ff_flags = ff_flags; 12645 if((ff_tmp_flags & FF_add_inherited) && inherit) 12646 { 12647 /* inheritance possible? */ 12648 if(!rsbac_get_parent(target, tid, &target, &tid)) 12649 { 12650 /* free access to device_list_head - see above */ 12651 rsbac_read_unlock(&device_list_head.lock, &dflags); 12652 12653 ff_mask &= ~(FF_no_delete_or_rename | FF_add_inherited); 12654 ff_flags &= ~(FF_add_inherited); 12655 continue; 12656 } 12657 else 12658 value->ff_flags &= ~(FF_add_inherited); 12659 } 12660 break; 12661 12662 default: 12663 err = -RSBAC_EINVALIDATTR; 12664 } 12665 } 12666 break; 12667 #endif /* FF */ 12668 12669 #if defined(CONFIG_RSBAC_RC) 12670 case RC: 12671 { 12672 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI; 12673 12674 rsbac_list_get_data(device_p->handles.rc[rc_fd_hash(tid.file.inode)], 12675 &tid.file.inode, 12676 &aci); 12677 switch (attr) 12678 { 12679 case A_rc_type_fd: 12680 value->rc_type_fd = aci.rc_type_fd; 12681 if(value->rc_type_fd == RC_type_inherit_parent && inherit) 12682 { 12683 enum rsbac_target_t parent_target; 12684 union rsbac_target_id_t parent_tid; 12685 12686 /* free access to device_list_head - see above */ 12687 rsbac_read_unlock(&device_list_head.lock, &dflags); 12688 12689 /* inheritance possible? */ 12690 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid)) 12691 { 12692 target = parent_target; 12693 tid = parent_tid; 12694 continue; 12695 } 12696 else 12697 { 12698 value->rc_type_fd 12699 = def_rc_root_dir_aci.rc_type_fd; 12700 return 0; 12701 } 12702 } 12703 break; 12704 case A_rc_force_role: 12705 value->rc_force_role = aci.rc_force_role; 12706 if(value->rc_force_role == RC_role_inherit_parent && inherit) 12707 { 12708 enum rsbac_target_t parent_target; 12709 union rsbac_target_id_t parent_tid; 12710 12711 /* free access to device_list_head - see above */ 12712 rsbac_read_unlock(&device_list_head.lock, &dflags); 12713 12714 /* inheritance possible? */ 12715 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid)) 12716 { 12717 target = parent_target; 12718 tid = parent_tid; 12719 continue; 12720 } 12721 else 12722 { 12723 value->rc_force_role 12724 = def_rc_root_dir_aci.rc_force_role; 12725 return 0; 12726 } 12727 } 12728 break; 12729 case A_rc_initial_role: 12730 value->rc_initial_role = aci.rc_initial_role; 12731 if(value->rc_initial_role == RC_role_inherit_parent && inherit) 12732 { 12733 enum rsbac_target_t parent_target; 12734 union rsbac_target_id_t parent_tid; 12735 12736 /* free access to device_list_head - see above */ 12737 rsbac_read_unlock(&device_list_head.lock, &dflags); 12738 12739 /* inheritance possible? */ 12740 if(!rsbac_get_parent(target, tid, &parent_target, &parent_tid)) 12741 { 12742 target = parent_target; 12743 tid = parent_tid; 12744 continue; 12745 } 12746 else 12747 { 12748 value->rc_initial_role 12749 = def_rc_root_dir_aci.rc_initial_role; 12750 return 0; 12751 } 12752 } 12753 break; 12754 12755 default: 12756 err = -RSBAC_EINVALIDATTR; 12757 } 12758 } 12759 break; 12760 #endif /* RC */ 12761 12762 #if defined(CONFIG_RSBAC_AUTH) 12763 case AUTH: 12764 { 12765 struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI; 12766 12767 rsbac_list_get_data(device_p->handles.auth[auth_fd_hash(tid.file.inode)], 12768 &tid.file.inode, 12769 &aci); 12770 switch (attr) 12771 { 12772 case A_auth_may_setuid: 12773 value->auth_may_setuid = aci.auth_may_setuid; 12774 break; 12775 case A_auth_may_set_cap: 12776 value->auth_may_set_cap = aci.auth_may_set_cap; 12777 break; 12778 case A_auth_learn: 12779 value->auth_learn = aci.auth_learn; 12780 break; 12781 default: 12782 err = -RSBAC_EINVALIDATTR; 12783 } 12784 } 12785 break; 12786 #endif /* AUTH */ 12787 12788 #if defined(CONFIG_RSBAC_CAP) 12789 case CAP: 12790 { 12791 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI; 12792 12793 rsbac_list_get_data(device_p->handles.cap[cap_fd_hash(tid.file.inode)], 12794 &tid.file.inode, 12795 &aci); 12796 switch (attr) 12797 { 12798 case A_min_caps: 12799 value->min_caps = aci.min_caps; 12800 break; 12801 case A_max_caps: 12802 value->max_caps = aci.max_caps; 12803 break; 12804 default: 12805 err = -RSBAC_EINVALIDATTR; 12806 } 12807 } 12808 break; 12809 #endif /* CAP */ 12810 12811 #if defined(CONFIG_RSBAC_RES) 12812 case RES: 12813 { 12814 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI; 12815 12816 rsbac_list_get_data(device_p->handles.res[res_fd_hash(tid.file.inode)], 12817 &tid.file.inode, 12818 &aci); 12819 switch (attr) 12820 { 12821 case A_res_min: 12822 memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min)); 12823 break; 12824 case A_res_max: 12825 memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max)); 12826 break; 12827 default: 12828 err = -RSBAC_EINVALIDATTR; 12829 } 12830 } 12831 break; 12832 #endif /* RES */ 12833 12834 #if defined(CONFIG_RSBAC_PAX) 12835 case PAX: 12836 { 12837 switch (attr) 12838 { 12839 case A_pax_flags: 12840 value->pax_flags = RSBAC_PAX_DEF_FLAGS; 12841 rsbac_list_get_data(device_p->handles.pax[pax_fd_hash(tid.file.inode)], 12842 &tid.file.inode, 12843 &value->pax_flags); 12844 break; 12845 12846 default: 12847 err = -RSBAC_EINVALIDATTR; 12848 } 12849 } 12850 break; 12851 #endif /* PAX */ 12852 12853 default: 12854 err = -RSBAC_EINVALIDMODULE; 12855 } 12856 /* free access to device_list_head */ 12857 rsbac_read_unlock(&device_list_head.lock, &dflags); 12858 /* and return */ 12859 return err; 12860 } /* end of for(;;) loop for inheritance */ 12861 12862 case T_DEV: 12863 /* 12864 #ifdef CONFIG_RSBAC_DEBUG 12865 if (rsbac_debug_ds) 12866 printk(KERN_DEBUG 12867 "rsbac_get_attr(): Getting dev attribute\n"); 12868 #endif 12869 */ 12870 switch(module) 12871 { 12872 case GEN: 12873 { 12874 struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI; 12875 struct rsbac_dev_desc_t dev_desc; 12876 12877 dev_desc.type = tid.dev.type; 12878 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 12879 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 12880 rsbac_list_get_data(dev_handles.gen, 12881 &dev_desc, 12882 &aci); 12883 switch (attr) 12884 { 12885 case A_log_array_low: 12886 value->log_array_low = aci.log_array_low; 12887 break; 12888 case A_log_array_high: 12889 value->log_array_high = aci.log_array_high; 12890 break; 12891 default: 12892 err = -RSBAC_EINVALIDATTR; 12893 } 12894 } 12895 break; 12896 12897 #if defined(CONFIG_RSBAC_MAC) 12898 case MAC: 12899 { 12900 struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI; 12901 struct rsbac_dev_desc_t dev_desc; 12902 12903 dev_desc.type = tid.dev.type; 12904 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 12905 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 12906 rsbac_list_get_data(dev_handles.mac, 12907 &dev_desc, 12908 &aci); 12909 switch (attr) 12910 { 12911 case A_security_level: 12912 value->security_level = aci.sec_level; 12913 break; 12914 case A_mac_categories: 12915 value->mac_categories = aci.mac_categories; 12916 break; 12917 case A_mac_check: 12918 value->mac_check = aci.mac_check; 12919 break; 12920 12921 default: 12922 err = -RSBAC_EINVALIDATTR; 12923 } 12924 } 12925 break; 12926 #endif /* MAC */ 12927 12928 #if defined(CONFIG_RSBAC_FC) 12929 case FC: 12930 { 12931 rsbac_fc_oc_t fc_oc = RSBAC_FC_OC_ROOT_DEF; 12932 struct rsbac_dev_desc_t dev_desc; 12933 12934 dev_desc.type = tid.dev.type; 12935 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 12936 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 12937 rsbac_list_get_data(dev_handles.fc, 12938 &dev_desc, 12939 &fc_oc); 12940 switch (attr) 12941 { 12942 case A_object_category: 12943 value->object_category = fc_oc; 12944 break; 12945 12946 default: 12947 err = -RSBAC_EINVALIDATTR; 12948 } 12949 } 12950 break; 12951 #endif /* FC */ 12952 12953 #if defined(CONFIG_RSBAC_SIM) 12954 case SIM: 12955 { 12956 rsbac_sim_dt_t sim_dt = RSBAC_SIM_DT_ROOT_DEF; 12957 struct rsbac_dev_desc_t dev_desc; 12958 12959 dev_desc.type = tid.dev.type; 12960 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 12961 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 12962 rsbac_list_get_data(dev_handles.sim, 12963 &dev_desc, 12964 &sim_dt); 12965 switch (attr) 12966 { 12967 case A_data_type: 12968 value->data_type = sim_dt; 12969 break; 12970 12971 default: 12972 err = -RSBAC_EINVALIDATTR; 12973 } 12974 } 12975 break; 12976 #endif /* SIM */ 12977 12978 #if defined(CONFIG_RSBAC_PM) 12979 case PM: 12980 { 12981 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI; 12982 struct rsbac_dev_desc_t dev_desc; 12983 12984 dev_desc.type = tid.dev.type; 12985 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 12986 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 12987 rsbac_list_get_data(dev_handles.pm, 12988 &dev_desc, 12989 &aci); 12990 switch (attr) 12991 { 12992 case A_pm_object_class: 12993 value->pm_object_class = aci.pm_object_class; 12994 break; 12995 case A_pm_object_type: 12996 value->pm_object_type = aci.pm_object_type; 12997 break; 12998 default: 12999 err = -RSBAC_EINVALIDATTR; 13000 } 13001 } 13002 break; 13003 #endif /* PM */ 13004 13005 #if defined(CONFIG_RSBAC_RC) 13006 case RC: 13007 { 13008 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE; 13009 struct rsbac_dev_desc_t dev_desc; 13010 13011 dev_desc.type = tid.dev.type; 13012 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 13013 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 13014 rsbac_list_get_data(dev_handles.rc, 13015 &dev_desc, 13016 &type); 13017 switch (attr) 13018 { 13019 case A_rc_type: 13020 value->rc_type = type; 13021 break; 13022 13023 default: 13024 err = -RSBAC_EINVALIDATTR; 13025 } 13026 } 13027 break; 13028 #endif /* RC */ 13029 13030 default: 13031 err = -RSBAC_EINVALIDMODULE; 13032 } 13033 /* and return */ 13034 return err; 13035 13036 case T_IPC: 13037 /* 13038 #ifdef CONFIG_RSBAC_DEBUG 13039 if (rsbac_debug_ds) printk(KERN_DEBUG 13040 "rsbac_get_attr(): Getting ipc attribute\n"); 13041 #endif 13042 */ 13043 /* lookup only, if not sock or (sock-id != NULL), OK with NULL fifo */ 13044 switch(module) 13045 { 13046 #if defined(CONFIG_RSBAC_MAC) 13047 case MAC: 13048 { 13049 struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI; 13050 13051 rsbac_list_get_data(ipc_handles.mac, 13052 &tid.ipc, 13053 &aci); 13054 switch (attr) 13055 { 13056 case A_security_level: 13057 value->security_level = aci.sec_level; 13058 break; 13059 case A_mac_categories: 13060 value->mac_categories = aci.mac_categories; 13061 break; 13062 13063 default: 13064 err = -RSBAC_EINVALIDATTR; 13065 } 13066 } 13067 break; 13068 #endif /* MAC */ 13069 13070 #if defined(CONFIG_RSBAC_FC) 13071 case FC: 13072 { 13073 rsbac_fc_oc_t fc_oc = RSBAC_FC_OC_ROOT_DEF; 13074 13075 rsbac_list_get_data(ipc_handles.fc, 13076 &tid.ipc, 13077 &fc_oc); 13078 switch (attr) 13079 { 13080 case A_object_category: 13081 value->object_category = fc_oc; 13082 break; 13083 13084 default: 13085 err = -RSBAC_EINVALIDATTR; 13086 } 13087 } 13088 break; 13089 #endif /* FC */ 13090 13091 #if defined(CONFIG_RSBAC_SIM) 13092 case SIM: 13093 { 13094 rsbac_sim_dt_t sim_dt = RSBAC_SIM_DT_ROOT_DEF; 13095 13096 rsbac_list_get_data(ipc_handles.sim, 13097 &tid.ipc, 13098 &sim_dt); 13099 switch (attr) 13100 { 13101 case A_data_type: 13102 value->data_type = sim_dt; 13103 break; 13104 13105 default: 13106 err = -RSBAC_EINVALIDATTR; 13107 } 13108 } 13109 break; 13110 #endif /* SIM */ 13111 13112 #if defined(CONFIG_RSBAC_PM) 13113 case PM: 13114 { 13115 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI; 13116 13117 rsbac_list_get_data(ipc_handles.pm, 13118 &tid.ipc, 13119 &aci); 13120 switch (attr) 13121 { 13122 case A_pm_object_class: 13123 value->pm_object_class = aci.pm_object_class; 13124 break; 13125 case A_pm_ipc_purpose: 13126 value->pm_ipc_purpose = aci.pm_ipc_purpose; 13127 break; 13128 case A_pm_object_type: 13129 value->pm_object_type = aci.pm_object_type; 13130 break; 13131 default: 13132 err = -RSBAC_EINVALIDATTR; 13133 } 13134 } 13135 break; 13136 #endif /* PM */ 13137 13138 #if defined(CONFIG_RSBAC_RC) 13139 case RC: 13140 { 13141 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE; 13142 13143 rsbac_list_get_data(ipc_handles.rc, 13144 &tid.ipc, 13145 &type); 13146 switch (attr) 13147 { 13148 case A_rc_type: 13149 value->rc_type = type; 13150 break; 13151 13152 default: 13153 err = -RSBAC_EINVALIDATTR; 13154 } 13155 } 13156 break; 13157 #endif /* RC */ 13158 13159 #if defined(CONFIG_RSBAC_JAIL) 13160 case JAIL: 13161 { 13162 rsbac_jail_id_t id = RSBAC_JAIL_DEF_ID; 13163 13164 rsbac_list_get_data(ipc_handles.jail, 13165 &tid.ipc, 13166 &id); 13167 switch (attr) 13168 { 13169 case A_jail_id: 13170 value->jail_id = id; 13171 break; 13172 13173 default: 13174 err = -RSBAC_EINVALIDATTR; 13175 } 13176 } 13177 break; 13178 #endif /* JAIL */ 13179 13180 default: 13181 err = -RSBAC_EINVALIDMODULE; 13182 } 13183 /* and return */ 13184 return err; 13185 13186 case T_USER: 13187 /* 13188 #ifdef CONFIG_RSBAC_DEBUG 13189 if (rsbac_debug_ds) printk(KERN_DEBUG 13190 "rsbac_get_attr(): Getting user attribute\n"); 13191 #endif 13192 */ 13193 switch(module) 13194 { 13195 case GEN: 13196 { 13197 struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI; 13198 13199 rsbac_list_get_data(user_handles.gen, 13200 &tid.user, 13201 &aci); 13202 switch (attr) 13203 { 13204 case A_pseudo: 13205 value->pseudo = aci.pseudo; 13206 break; 13207 case A_log_user_based: 13208 value->log_user_based = aci.log_user_based; 13209 break; 13210 default: 13211 err = -RSBAC_EINVALIDATTR; 13212 } 13213 } 13214 break; 13215 13216 #if defined(CONFIG_RSBAC_MAC) 13217 case MAC: 13218 { 13219 struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI; 13220 13221 rsbac_list_get_data(user_handles.mac, 13222 &tid.user, 13223 &aci); 13224 switch (attr) 13225 { 13226 case A_security_level: 13227 value->security_level = aci.security_level; 13228 break; 13229 case A_initial_security_level: 13230 value->security_level = aci.initial_security_level; 13231 break; 13232 case A_min_security_level: 13233 value->security_level = aci.min_security_level; 13234 break; 13235 case A_mac_categories: 13236 value->mac_categories = aci.mac_categories; 13237 break; 13238 case A_mac_initial_categories: 13239 value->mac_categories = aci.mac_initial_categories; 13240 break; 13241 case A_mac_min_categories: 13242 value->mac_categories = aci.mac_min_categories; 13243 break; 13244 case A_system_role: 13245 case A_mac_role: 13246 value->system_role = aci.system_role; 13247 break; 13248 case A_mac_user_flags: 13249 value->mac_user_flags = aci.mac_user_flags; 13250 break; 13251 13252 default: 13253 err = -RSBAC_EINVALIDATTR; 13254 } 13255 } 13256 break; 13257 #endif /* MAC */ 13258 13259 #if defined(CONFIG_RSBAC_FC) 13260 case FC: 13261 { 13262 rsbac_system_role_int_t role = SR_user; 13263 13264 rsbac_list_get_data(user_handles.fc, 13265 &tid.user, 13266 &role); 13267 switch (attr) 13268 { 13269 case A_system_role: 13270 case A_fc_role: 13271 value->system_role = role; 13272 break; 13273 13274 default: 13275 err = -RSBAC_EINVALIDATTR; 13276 } 13277 } 13278 break; 13279 #endif /* FC */ 13280 13281 #if defined(CONFIG_RSBAC_SIM) 13282 case SIM: 13283 { 13284 rsbac_system_role_int_t role = SR_user; 13285 13286 rsbac_list_get_data(user_handles.sim, 13287 &tid.user, 13288 &role); 13289 switch (attr) 13290 { 13291 case A_system_role: 13292 case A_sim_role: 13293 value->system_role = role; 13294 break; 13295 13296 default: 13297 err = -RSBAC_EINVALIDATTR; 13298 } 13299 } 13300 break; 13301 #endif /* SIM */ 13302 13303 #if defined(CONFIG_RSBAC_PM) 13304 case PM: 13305 { 13306 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI; 13307 13308 rsbac_list_get_data(user_handles.pm, 13309 &tid.user, 13310 &aci); 13311 switch (attr) 13312 { 13313 case A_pm_task_set: 13314 value->pm_task_set = aci.pm_task_set; 13315 break; 13316 case A_pm_role: 13317 value->pm_role = aci.pm_role; 13318 break; 13319 default: 13320 err = -RSBAC_EINVALIDATTR; 13321 } 13322 } 13323 break; 13324 #endif /* PM */ 13325 13326 #if defined(CONFIG_RSBAC_DAZ) 13327 case DAZ: 13328 { 13329 rsbac_system_role_int_t role = SR_user; 13330 13331 rsbac_list_get_data(user_handles.daz, 13332 &tid.user, 13333 &role); 13334 switch (attr) 13335 { 13336 case A_system_role: 13337 case A_daz_role: 13338 value->system_role = role; 13339 break; 13340 13341 default: 13342 err = -RSBAC_EINVALIDATTR; 13343 } 13344 } 13345 break; 13346 #endif /* DAZ */ 13347 13348 #if defined(CONFIG_RSBAC_FF) 13349 case FF: 13350 { 13351 rsbac_system_role_int_t role = SR_user; 13352 13353 rsbac_list_get_data(user_handles.ff, 13354 &tid.user, 13355 &role); 13356 switch (attr) 13357 { 13358 case A_system_role: 13359 case A_ff_role: 13360 value->system_role = role; 13361 break; 13362 13363 default: 13364 err = -RSBAC_EINVALIDATTR; 13365 } 13366 } 13367 break; 13368 #endif /* FF */ 13369 13370 #if defined(CONFIG_RSBAC_RC) 13371 case RC: 13372 { 13373 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI; 13374 13375 rsbac_list_get_data(user_handles.rc, 13376 &tid.user, 13377 &aci); 13378 switch (attr) 13379 { 13380 case A_rc_def_role: 13381 value->rc_def_role = aci.rc_role; 13382 break; 13383 case A_rc_type: 13384 value->rc_type = aci.rc_type; 13385 break; 13386 default: 13387 err = -RSBAC_EINVALIDATTR; 13388 } 13389 } 13390 break; 13391 #endif /* RC */ 13392 13393 #if defined(CONFIG_RSBAC_AUTH) 13394 case AUTH: 13395 { 13396 rsbac_system_role_int_t role = SR_user; 13397 13398 rsbac_list_get_data(user_handles.auth, 13399 &tid.user, 13400 &role); 13401 switch (attr) 13402 { 13403 case A_system_role: 13404 case A_auth_role: 13405 value->system_role = role; 13406 break; 13407 13408 default: 13409 err = -RSBAC_EINVALIDATTR; 13410 } 13411 } 13412 break; 13413 #endif /* AUTH */ 13414 13415 #if defined(CONFIG_RSBAC_CAP) 13416 case CAP: 13417 { 13418 struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI; 13419 13420 rsbac_list_get_data(user_handles.cap, 13421 &tid.user, 13422 &aci); 13423 switch (attr) 13424 { 13425 case A_system_role: 13426 case A_cap_role: 13427 value->system_role = aci.cap_role; 13428 break; 13429 case A_min_caps: 13430 value->min_caps = aci.min_caps; 13431 break; 13432 case A_max_caps: 13433 value->max_caps = aci.max_caps; 13434 break; 13435 default: 13436 err = -RSBAC_EINVALIDATTR; 13437 } 13438 } 13439 break; 13440 #endif /* CAP */ 13441 13442 #if defined(CONFIG_RSBAC_JAIL) 13443 case JAIL: 13444 { 13445 rsbac_system_role_int_t role = SR_user; 13446 13447 rsbac_list_get_data(user_handles.jail, 13448 &tid.user, 13449 &role); 13450 switch (attr) 13451 { 13452 case A_system_role: 13453 case A_jail_role: 13454 value->system_role = role; 13455 break; 13456 13457 default: 13458 err = -RSBAC_EINVALIDATTR; 13459 } 13460 } 13461 break; 13462 #endif /* JAIL */ 13463 13464 #if defined(CONFIG_RSBAC_RES) 13465 case RES: 13466 { 13467 struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI; 13468 13469 if( rsbac_list_get_data(user_handles.res, 13470 &tid.user, 13471 &aci) 13472 && (tid.user != RSBAC_ALL_USERS) 13473 ) 13474 { 13475 tid.user = RSBAC_ALL_USERS; 13476 rsbac_list_get_data(user_handles.res, 13477 &tid.user, 13478 &aci); 13479 } 13480 switch (attr) 13481 { 13482 case A_system_role: 13483 case A_res_role: 13484 value->system_role = aci.res_role; 13485 break; 13486 case A_res_min: 13487 memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min)); 13488 break; 13489 case A_res_max: 13490 memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max)); 13491 break; 13492 default: 13493 err = -RSBAC_EINVALIDATTR; 13494 } 13495 } 13496 break; 13497 #endif /* RES */ 13498 13499 #if defined(CONFIG_RSBAC_PAX) 13500 case PAX: 13501 { 13502 rsbac_system_role_int_t role = SR_user; 13503 13504 rsbac_list_get_data(user_handles.pax, 13505 &tid.user, 13506 &role); 13507 switch (attr) 13508 { 13509 case A_system_role: 13510 case A_pax_role: 13511 value->system_role = role; 13512 break; 13513 13514 default: 13515 err = -RSBAC_EINVALIDATTR; 13516 } 13517 } 13518 break; 13519 #endif /* PAX */ 13520 13521 default: 13522 err = -RSBAC_EINVALIDMODULE; 13523 } 13524 /* and return */ 13525 return err; 13526 13527 case T_PROCESS: 13528 /* 13529 #ifdef CONFIG_RSBAC_DEBUG 13530 if (rsbac_debug_ds) printk(KERN_DEBUG "%s\n", 13531 "rsbac_get_attr(): Getting process attribute"); 13532 #endif 13533 */ 13534 switch(module) 13535 { 13536 case GEN: 13537 { 13538 struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI; 13539 13540 rsbac_list_get_data(process_handles.gen, 13541 &tid.process, 13542 &aci); 13543 switch (attr) 13544 { 13545 case A_log_program_based: 13546 value->log_program_based = aci.log_program_based; 13547 break; 13548 case A_fake_root_uid: 13549 value->fake_root_uid = aci.fake_root_uid; 13550 break; 13551 default: 13552 err = -RSBAC_EINVALIDATTR; 13553 } 13554 } 13555 break; 13556 13557 #if defined(CONFIG_RSBAC_MAC) 13558 case MAC: 13559 { 13560 struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI; 13561 13562 rsbac_list_get_data(process_handles.mac[mac_p_hash(tid.process)], 13563 &tid.process, 13564 &aci); 13565 switch (attr) 13566 { 13567 case A_security_level: 13568 value->security_level = aci.owner_sec_level; 13569 break; 13570 case A_initial_security_level: 13571 value->security_level = aci.owner_initial_sec_level; 13572 break; 13573 case A_min_security_level: 13574 value->security_level = aci.owner_min_sec_level; 13575 break; 13576 case A_mac_categories: 13577 value->mac_categories = aci.mac_owner_categories; 13578 break; 13579 case A_mac_initial_categories: 13580 value->mac_categories = aci.mac_owner_initial_categories; 13581 break; 13582 case A_mac_min_categories: 13583 value->mac_categories = aci.mac_owner_min_categories; 13584 break; 13585 case A_current_sec_level: 13586 value->current_sec_level = aci.current_sec_level; 13587 break; 13588 case A_mac_curr_categories: 13589 value->mac_categories = aci.mac_curr_categories; 13590 break; 13591 case A_min_write_open: 13592 value->min_write_open = aci.min_write_open; 13593 break; 13594 case A_min_write_categories: 13595 value->mac_categories = aci.min_write_categories; 13596 break; 13597 case A_max_read_open: 13598 value->max_read_open = aci.max_read_open; 13599 break; 13600 case A_max_read_categories: 13601 value->mac_categories = aci.max_read_categories; 13602 break; 13603 case A_mac_process_flags: 13604 value->mac_process_flags = aci.mac_process_flags; 13605 break; 13606 case A_mac_auto: 13607 if(aci.mac_process_flags & MAC_auto) 13608 value->mac_auto = TRUE; 13609 else 13610 value->mac_auto = FALSE; 13611 break; 13612 13613 default: 13614 err = -RSBAC_EINVALIDATTR; 13615 } 13616 } 13617 break; 13618 #endif /* MAC */ 13619 13620 #if defined(CONFIG_RSBAC_PM) 13621 case PM: 13622 { 13623 struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI; 13624 13625 rsbac_list_get_data(process_handles.pm, 13626 &tid.process, 13627 &aci); 13628 switch (attr) 13629 { 13630 case A_pm_tp: 13631 value->pm_tp = aci.pm_tp; 13632 break; 13633 case A_pm_current_task: 13634 value->pm_current_task = aci.pm_current_task; 13635 break; 13636 case A_pm_process_type: 13637 value->pm_process_type = aci.pm_process_type; 13638 break; 13639 default: 13640 err = -RSBAC_EINVALIDATTR; 13641 } 13642 } 13643 break; 13644 #endif /* PM */ 13645 13646 #if defined(CONFIG_RSBAC_DAZ) 13647 case DAZ: 13648 { 13649 struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI; 13650 13651 rsbac_list_get_data(process_handles.daz, 13652 &tid.process, 13653 &aci); 13654 switch (attr) 13655 { 13656 case A_daz_scanner: 13657 value->daz_scanner = aci.daz_scanner; 13658 break; 13659 default: 13660 err = -RSBAC_EINVALIDATTR; 13661 } 13662 } 13663 break; 13664 #endif /* DAZ */ 13665 13666 #if defined(CONFIG_RSBAC_RC) 13667 case RC: 13668 { 13669 struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI; 13670 13671 rsbac_list_get_data(process_handles.rc[rc_p_hash(tid.process)], 13672 &tid.process, 13673 &aci); 13674 switch (attr) 13675 { 13676 case A_rc_role: 13677 value->rc_role = aci.rc_role; 13678 break; 13679 case A_rc_type: 13680 value->rc_type = aci.rc_type; 13681 break; 13682 case A_rc_force_role: 13683 value->rc_force_role = aci.rc_force_role; 13684 break; 13685 default: 13686 err = -RSBAC_EINVALIDATTR; 13687 } 13688 } 13689 break; 13690 #endif /* RC */ 13691 13692 #if defined(CONFIG_RSBAC_AUTH) 13693 case AUTH: 13694 { 13695 struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI; 13696 13697 rsbac_list_get_data(process_handles.auth, 13698 &tid.process, 13699 &aci); 13700 switch (attr) 13701 { 13702 case A_auth_may_setuid: 13703 value->auth_may_setuid = aci.auth_may_setuid; 13704 break; 13705 case A_auth_may_set_cap: 13706 value->auth_may_set_cap = aci.auth_may_set_cap; 13707 break; 13708 #if defined(CONFIG_RSBAC_AUTH_LEARN) 13709 case A_auth_program_file: 13710 value->auth_program_file = aci.auth_program_file; 13711 break; 13712 case A_auth_start_uid: 13713 value->auth_start_uid = aci.auth_start_uid; 13714 break; 13715 case A_auth_learn: 13716 value->auth_learn = aci.auth_learn; 13717 break; 13718 #else 13719 case A_auth_learn: 13720 value->auth_learn = FALSE; 13721 break; 13722 #endif 13723 default: 13724 err = -RSBAC_EINVALIDATTR; 13725 } 13726 } 13727 break; 13728 #endif /* AUTH */ 13729 13730 #if defined(CONFIG_RSBAC_CAP) 13731 case CAP: 13732 { 13733 struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI; 13734 13735 rsbac_list_get_data(process_handles.cap, 13736 &tid.process, 13737 &aci); 13738 switch (attr) 13739 { 13740 case A_cap_process_hiding: 13741 value->cap_process_hiding = aci.cap_process_hiding; 13742 break; 13743 default: 13744 err = -RSBAC_EINVALIDATTR; 13745 } 13746 } 13747 break; 13748 #endif /* CAP */ 13749 13750 #if defined(CONFIG_RSBAC_JAIL) 13751 case JAIL: 13752 { 13753 struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI; 13754 13755 rsbac_list_get_data(process_handles.jail[jail_p_hash(tid.process)], 13756 &tid.process, 13757 &aci); 13758 switch (attr) 13759 { 13760 case A_jail_id: 13761 value->jail_id = aci.id; 13762 break; 13763 case A_jail_ip: 13764 value->jail_ip = aci.ip; 13765 break; 13766 case A_jail_flags: 13767 value->jail_flags = aci.flags; 13768 break; 13769 case A_jail_max_caps: 13770 value->jail_max_caps = aci.max_caps; 13771 break; 13772 default: 13773 err = -RSBAC_EINVALIDATTR; 13774 } 13775 } 13776 break; 13777 #endif /* JAIL */ 13778 13779 #if defined(CONFIG_RSBAC_PAX) 13780 case PAX: 13781 { 13782 struct task_struct * task_p; 13783 13784 switch (attr) 13785 { 13786 case A_pax_flags: 13787 read_lock(&tasklist_lock); 13788 task_p = find_task_by_pid(tid.process); 13789 if(task_p) 13790 value->pax_flags = task_p->flags & RSBAC_PAX_ALL_FLAGS; 13791 else 13792 err = -RSBAC_EINVALIDTARGET; 13793 read_unlock(&tasklist_lock); 13794 break; 13795 default: 13796 err = -RSBAC_EINVALIDATTR; 13797 } 13798 } 13799 break; 13800 #endif /* PAX */ 13801 13802 default: 13803 err = -RSBAC_EINVALIDMODULE; 13804 } 13805 return err; 13806 13807 #ifdef CONFIG_RSBAC_NET_DEV 13808 case T_NETDEV: 13809 /* 13810 #ifdef CONFIG_RSBAC_DEBUG 13811 if (rsbac_debug_ds) 13812 printk(KERN_DEBUG 13813 "rsbac_get_attr(): Getting netdev attribute\n"); 13814 #endif 13815 */ 13816 switch(module) 13817 { 13818 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 13819 case GEN: 13820 { 13821 struct rsbac_gen_netdev_aci_t aci = DEFAULT_GEN_NETDEV_ACI; 13822 13823 rsbac_list_get_data(netdev_handles.gen, 13824 &tid.netdev, 13825 &aci); 13826 switch (attr) 13827 { 13828 case A_log_array_low: 13829 value->log_array_low = aci.log_array_low; 13830 break; 13831 case A_log_array_high: 13832 value->log_array_high = aci.log_array_high; 13833 break; 13834 default: 13835 err = -RSBAC_EINVALIDATTR; 13836 } 13837 } 13838 break; 13839 #endif 13840 #if defined(CONFIG_RSBAC_RC) 13841 case RC: 13842 { 13843 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE; 13844 13845 rsbac_list_get_data(netdev_handles.rc, 13846 &tid.netdev, 13847 &type); 13848 switch (attr) 13849 { 13850 case A_rc_type: 13851 value->rc_type = type; 13852 break; 13853 13854 default: 13855 err = -RSBAC_EINVALIDATTR; 13856 } 13857 } 13858 break; 13859 #endif /* RC */ 13860 13861 default: 13862 err = -RSBAC_EINVALIDMODULE; 13863 } 13864 /* and return */ 13865 return err; 13866 #endif 13867 13868 #ifdef CONFIG_RSBAC_NET_OBJ 13869 case T_NETTEMP: 13870 /* 13871 #ifdef CONFIG_RSBAC_DEBUG 13872 if (rsbac_debug_ds) printk(KERN_DEBUG "%s\n", 13873 "rsbac_get_attr(): Getting nettemp attribute"); 13874 #endif 13875 */ 13876 if( tid.nettemp 13877 && !rsbac_list_exist(net_temp_handle, &tid.nettemp) 13878 ) 13879 return -RSBAC_EINVALIDTARGET; 13880 switch(module) 13881 { 13882 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG) 13883 case GEN: 13884 { 13885 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_NETOBJ_ACI; 13886 13887 if(tid.nettemp) 13888 rsbac_list_get_data(nettemp_handles.gen, 13889 &tid.nettemp, 13890 &aci); 13891 switch (attr) 13892 { 13893 case A_log_array_low: 13894 value->log_array_low = aci.log_array_low; 13895 break; 13896 case A_log_array_high: 13897 value->log_array_high = aci.log_array_high; 13898 break; 13899 default: 13900 err = -RSBAC_EINVALIDATTR; 13901 } 13902 } 13903 break; 13904 #endif 13905 #if defined(CONFIG_RSBAC_MAC) 13906 case MAC: 13907 { 13908 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI; 13909 13910 rsbac_list_get_data(nettemp_handles.mac, 13911 &tid.nettemp, 13912 &aci); 13913 switch (attr) 13914 { 13915 case A_security_level: 13916 value->security_level = aci.sec_level; 13917 break; 13918 case A_mac_categories: 13919 value->mac_categories = aci.mac_categories; 13920 break; 13921 13922 default: 13923 err = -RSBAC_EINVALIDATTR; 13924 } 13925 } 13926 break; 13927 #endif /* MAC */ 13928 13929 #if defined(CONFIG_RSBAC_FC) 13930 case FC: 13931 { 13932 rsbac_fc_oc_t fc_oc = RSBAC_FC_OC_ROOT_DEF; 13933 13934 rsbac_list_get_data(nettemp_handles.fc, 13935 &tid.nettemp, 13936 &fc_oc); 13937 switch (attr) 13938 { 13939 case A_object_category: 13940 value->object_category = fc_oc; 13941 break; 13942 13943 default: 13944 err = -RSBAC_EINVALIDATTR; 13945 } 13946 } 13947 break; 13948 #endif /* FC */ 13949 13950 #if defined(CONFIG_RSBAC_SIM) 13951 case SIM: 13952 { 13953 rsbac_sim_dt_t sim_dt = RSBAC_SIM_DT_ROOT_DEF; 13954 13955 rsbac_list_get_data(nettemp_handles.sim, 13956 &tid.nettemp, 13957 &sim_dt); 13958 switch (attr) 13959 { 13960 case A_data_type: 13961 value->data_type = sim_dt; 13962 break; 13963 13964 default: 13965 err = -RSBAC_EINVALIDATTR; 13966 } 13967 } 13968 break; 13969 #endif /* SIM */ 13970 13971 #if defined(CONFIG_RSBAC_PM) 13972 case PM: 13973 { 13974 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI; 13975 13976 rsbac_list_get_data(nettemp_handles.pm, 13977 &tid.nettemp, 13978 &aci); 13979 switch (attr) 13980 { 13981 case A_pm_object_class: 13982 value->pm_object_class = aci.pm_object_class; 13983 break; 13984 case A_pm_ipc_purpose: 13985 value->pm_ipc_purpose = aci.pm_ipc_purpose; 13986 break; 13987 case A_pm_object_type: 13988 value->pm_object_type = aci.pm_object_type; 13989 break; 13990 default: 13991 err = -RSBAC_EINVALIDATTR; 13992 } 13993 } 13994 break; 13995 #endif /* PM */ 13996 13997 #if defined(CONFIG_RSBAC_RC) 13998 case RC: 13999 { 14000 struct rsbac_rc_nettemp_aci_t aci = DEFAULT_RC_NETTEMP_ACI; 14001 14002 rsbac_list_get_data(nettemp_handles.rc, 14003 &tid.nettemp, 14004 &aci); 14005 switch (attr) 14006 { 14007 case A_rc_type: 14008 value->rc_type = aci.netobj_type; 14009 break; 14010 14011 case A_rc_type_nt: 14012 value->rc_type = aci.nettemp_type; 14013 break; 14014 14015 default: 14016 err = -RSBAC_EINVALIDATTR; 14017 } 14018 } 14019 break; 14020 #endif /* RC */ 14021 14022 default: 14023 err = -RSBAC_EINVALIDMODULE; 14024 } 14025 return err; 14026 14027 case T_NETOBJ: 14028 /* 14029 #ifdef CONFIG_RSBAC_DEBUG 14030 if (rsbac_debug_ds) printk(KERN_DEBUG "%s\n", 14031 "rsbac_get_attr(): Getting netobj attribute"); 14032 #endif 14033 */ 14034 switch(module) 14035 { 14036 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG) 14037 case GEN: 14038 { 14039 struct rsbac_gen_netobj_aci_t aci = DEFAULT_GEN_NETOBJ_ACI; 14040 rsbac_net_temp_id_t temp = 0; 14041 14042 switch (attr) 14043 { 14044 case A_local_log_array_low: 14045 case A_local_log_array_high: 14046 rsbac_net_lookup_templates(tid.netobj, 14047 &temp, 14048 NULL); 14049 break; 14050 case A_remote_log_array_low: 14051 case A_remote_log_array_high: 14052 rsbac_net_lookup_templates(tid.netobj, 14053 NULL, 14054 &temp); 14055 break; 14056 14057 default: 14058 err = -RSBAC_EINVALIDATTR; 14059 } 14060 if(temp) 14061 rsbac_list_get_data(nettemp_handles.gen, 14062 &temp, 14063 &aci); 14064 switch (attr) 14065 { 14066 case A_local_log_array_low: 14067 case A_remote_log_array_low: 14068 value->log_array_low = aci.log_array_low; 14069 break; 14070 case A_local_log_array_high: 14071 case A_remote_log_array_high: 14072 value->log_array_high = aci.log_array_high; 14073 break; 14074 14075 default: 14076 err = -RSBAC_EINVALIDATTR; 14077 } 14078 } 14079 break; 14080 #endif 14081 #if defined(CONFIG_RSBAC_MAC) 14082 case MAC: 14083 { 14084 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI; 14085 14086 switch(attr) 14087 { 14088 case A_local_sec_level: 14089 case A_local_mac_categories: 14090 if(rsbac_list_get_data(lnetobj_handles.mac, 14091 &tid.netobj.sock_p, 14092 &aci)) 14093 { /* not found -> fallback to template */ 14094 rsbac_net_temp_id_t temp = 0; 14095 14096 rsbac_net_lookup_templates(tid.netobj, 14097 &temp, 14098 NULL); 14099 if(temp) 14100 rsbac_list_get_data(nettemp_handles.mac, 14101 &temp, 14102 &aci); 14103 } 14104 break; 14105 14106 case A_remote_sec_level: 14107 case A_remote_mac_categories: 14108 if(rsbac_list_get_data(rnetobj_handles.mac, 14109 &tid.netobj.sock_p, 14110 &aci)) 14111 { /* not found -> fallback to template */ 14112 rsbac_net_temp_id_t temp = 0; 14113 14114 rsbac_net_lookup_templates(tid.netobj, 14115 NULL, 14116 &temp); 14117 if(temp) 14118 rsbac_list_get_data(nettemp_handles.mac, 14119 &temp, 14120 &aci); 14121 } 14122 break; 14123 14124 default: 14125 err = -RSBAC_EINVALIDATTR; 14126 } 14127 if(err) 14128 break; 14129 switch (attr) 14130 { 14131 case A_local_sec_level: 14132 case A_remote_sec_level: 14133 value->security_level = aci.sec_level; 14134 break; 14135 case A_local_mac_categories: 14136 case A_remote_mac_categories: 14137 value->mac_categories = aci.mac_categories; 14138 break; 14139 14140 default: 14141 err = -RSBAC_EINVALIDATTR; 14142 } 14143 } 14144 break; 14145 #endif /* MAC */ 14146 14147 #if defined(CONFIG_RSBAC_FC) 14148 case FC: 14149 { 14150 rsbac_fc_oc_t fc_oc = RSBAC_FC_OC_ROOT_DEF; 14151 14152 switch(attr) 14153 { 14154 case A_local_object_category: 14155 if(rsbac_list_get_data(lnetobj_handles.fc, 14156 &tid.netobj.sock_p, 14157 &fc_oc)) 14158 { /* not found -> fallback to template */ 14159 rsbac_net_temp_id_t temp = 0; 14160 14161 rsbac_net_lookup_templates(tid.netobj, 14162 &temp, 14163 NULL); 14164 if(temp) 14165 rsbac_list_get_data(nettemp_handles.fc, 14166 &temp, 14167 &fc_oc); 14168 } 14169 break; 14170 14171 case A_remote_object_category: 14172 if(rsbac_list_get_data(rnetobj_handles.fc, 14173 &tid.netobj.sock_p, 14174 &fc_oc)) 14175 { /* not found -> fallback to template */ 14176 rsbac_net_temp_id_t temp = 0; 14177 14178 rsbac_net_lookup_templates(tid.netobj, 14179 NULL, 14180 &temp); 14181 if(temp) 14182 rsbac_list_get_data(nettemp_handles.fc, 14183 &temp, 14184 &fc_oc); 14185 } 14186 break; 14187 14188 default: 14189 err = -RSBAC_EINVALIDATTR; 14190 } 14191 if(!err) 14192 value->object_category = fc_oc; 14193 } 14194 break; 14195 #endif /* FC */ 14196 14197 #if defined(CONFIG_RSBAC_SIM) 14198 case SIM: 14199 { 14200 rsbac_sim_dt_t sim_dt = RSBAC_SIM_DT_ROOT_DEF; 14201 14202 switch(attr) 14203 { 14204 case A_local_data_type: 14205 if(rsbac_list_get_data(lnetobj_handles.sim, 14206 &tid.netobj.sock_p, 14207 &sim_dt)) 14208 { /* not found -> fallback to template */ 14209 rsbac_net_temp_id_t temp = 0; 14210 14211 rsbac_net_lookup_templates(tid.netobj, 14212 &temp, 14213 NULL); 14214 if(temp) 14215 rsbac_list_get_data(nettemp_handles.sim, 14216 &temp, 14217 &sim_dt); 14218 } 14219 break; 14220 14221 case A_remote_data_type: 14222 if(rsbac_list_get_data(rnetobj_handles.sim, 14223 &tid.netobj.sock_p, 14224 &sim_dt)) 14225 { /* not found -> fallback to template */ 14226 rsbac_net_temp_id_t temp = 0; 14227 14228 rsbac_net_lookup_templates(tid.netobj, 14229 NULL, 14230 &temp); 14231 if(temp) 14232 rsbac_list_get_data(nettemp_handles.sim, 14233 &temp, 14234 &sim_dt); 14235 } 14236 break; 14237 14238 default: 14239 err = -RSBAC_EINVALIDATTR; 14240 } 14241 if(!err) 14242 value->data_type = sim_dt; 14243 } 14244 break; 14245 #endif /* SIM */ 14246 14247 #if defined(CONFIG_RSBAC_PM) 14248 case PM: 14249 { 14250 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI; 14251 14252 switch(attr) 14253 { 14254 case A_local_pm_object_class: 14255 case A_local_pm_ipc_purpose: 14256 case A_local_pm_object_type: 14257 if(rsbac_list_get_data(lnetobj_handles.pm, 14258 &tid.netobj.sock_p, 14259 &aci)) 14260 { /* not found -> fallback to template */ 14261 rsbac_net_temp_id_t temp = 0; 14262 14263 rsbac_net_lookup_templates(tid.netobj, 14264 &temp, 14265 NULL); 14266 if(temp) 14267 rsbac_list_get_data(nettemp_handles.pm, 14268 &temp, 14269 &aci); 14270 } 14271 break; 14272 14273 case A_remote_pm_object_class: 14274 case A_remote_pm_ipc_purpose: 14275 case A_remote_pm_object_type: 14276 if(rsbac_list_get_data(rnetobj_handles.pm, 14277 &tid.netobj.sock_p, 14278 &aci)) 14279 { /* not found -> fallback to template */ 14280 rsbac_net_temp_id_t temp = 0; 14281 14282 rsbac_net_lookup_templates(tid.netobj, 14283 NULL, 14284 &temp); 14285 if(temp) 14286 rsbac_list_get_data(nettemp_handles.pm, 14287 &temp, 14288 &aci); 14289 } 14290 break; 14291 14292 default: 14293 err = -RSBAC_EINVALIDATTR; 14294 } 14295 if(err) 14296 break; 14297 switch (attr) 14298 { 14299 case A_local_pm_object_class: 14300 case A_remote_pm_object_class: 14301 value->pm_object_class = aci.pm_object_class; 14302 break; 14303 case A_local_pm_ipc_purpose: 14304 case A_remote_pm_ipc_purpose: 14305 value->pm_ipc_purpose = aci.pm_ipc_purpose; 14306 break; 14307 case A_local_pm_object_type: 14308 case A_remote_pm_object_type: 14309 value->pm_object_type = aci.pm_object_type; 14310 break; 14311 14312 default: 14313 err = -RSBAC_EINVALIDATTR; 14314 } 14315 } 14316 break; 14317 #endif /* PM */ 14318 14319 #if defined(CONFIG_RSBAC_RC) 14320 case RC: 14321 { 14322 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE; 14323 14324 switch(attr) 14325 { 14326 case A_local_rc_type: 14327 if(rsbac_list_get_data(lnetobj_handles.rc, 14328 &tid.netobj.sock_p, 14329 &type)) 14330 { /* not found -> fallback to template */ 14331 rsbac_net_temp_id_t temp = 0; 14332 struct rsbac_rc_nettemp_aci_t aci; 14333 14334 rsbac_net_lookup_templates(tid.netobj, 14335 &temp, 14336 NULL); 14337 if(temp) 14338 { 14339 if(!rsbac_list_get_data(nettemp_handles.rc, 14340 &temp, 14341 &aci)) 14342 type = aci.netobj_type; 14343 } 14344 } 14345 break; 14346 14347 case A_remote_rc_type: 14348 if(rsbac_list_get_data(rnetobj_handles.rc, 14349 &tid.netobj.sock_p, 14350 &type)) 14351 { /* not found -> fallback to template */ 14352 rsbac_net_temp_id_t temp = 0; 14353 struct rsbac_rc_nettemp_aci_t aci; 14354 14355 rsbac_net_lookup_templates(tid.netobj, 14356 NULL, 14357 &temp); 14358 if(temp) 14359 { 14360 if(!rsbac_list_get_data(nettemp_handles.rc, 14361 &temp, 14362 &aci)) 14363 type = aci.netobj_type; 14364 } 14365 } 14366 break; 14367 14368 default: 14369 err = -RSBAC_EINVALIDATTR; 14370 } 14371 if(!err) 14372 value->rc_type = type; 14373 } 14374 break; 14375 #endif /* RC */ 14376 14377 default: 14378 err = -RSBAC_EINVALIDMODULE; 14379 } 14380 return err; 14381 14382 #endif /* NET_OBJ */ 14383 14384 /* switch target: no valid target */ 14385 default: 14386 return(-RSBAC_EINVALIDTARGET); 14387 } 14388 14389 return(err); 14390 }; /* end of rsbac_get_attr() */ 14391 14392 /************************************************************************** */ 14393 14394 #if defined(CONFIG_RSBAC_REG) 14395 EXPORT_SYMBOL(rsbac_set_attr); 14396 #endif 14397 int rsbac_set_attr(enum rsbac_switch_target_t module, 14398 enum rsbac_target_t target, 14399 union rsbac_target_id_t tid, 14400 enum rsbac_attribute_t attr, 14401 union rsbac_attribute_value_t value) 14402 14403 { 14404 int err = 0; 14405 struct rsbac_device_list_item_t * device_p; 14406 u_long dflags; 14407 /* 14408 #ifdef CONFIG_RSBAC_DEBUG 14409 char tmp[RSBAC_MAXNAMELEN]; 14410 #endif 14411 */ 14412 if (!rsbac_initialized) 14413 { 14414 #ifdef CONFIG_RSBAC_RMSG 14415 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n"); 14416 #endif 14417 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 14418 if (!rsbac_nosyslog) 14419 #endif 14420 printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n"); 14421 return(-RSBAC_ENOTINITIALIZED); 14422 } 14423 if (in_interrupt()) 14424 { 14425 printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n"); 14426 } 14427 switch (target) 14428 { 14429 case T_FILE: 14430 case T_DIR: 14431 case T_FIFO: 14432 case T_SYMLINK: 14433 /* 14434 #ifdef CONFIG_RSBAC_DEBUG 14435 if (rsbac_debug_ds) 14436 printk(KERN_DEBUG "rsbac_set_attr(): Setting file/dir/fifo/symlink attribute %u for device %02u:%02u, inode %lu, dentry_p %p\n", 14437 attr, RSBAC_MAJOR(tid.file.device),RSBAC_MINOR(tid.file.device), (u_long) tid.file.inode, tid.file.dentry_p); 14438 #endif 14439 */ 14440 /* wait for read access to device_list_head */ 14441 rsbac_read_lock(&device_list_head.lock, &dflags); 14442 /* OK, go on */ 14443 /* 14444 #ifdef CONFIG_RSBAC_DEBUG 14445 if (rsbac_debug_ds) 14446 printk(KERN_DEBUG 14447 "rsbac_set_attr(): passed device read lock\n"); 14448 #endif 14449 */ 14450 14451 /* lookup device */ 14452 device_p = lookup_device(tid.file.device); 14453 if (!device_p) 14454 { 14455 struct super_block * sb_p; 14456 14457 rsbac_read_unlock(&device_list_head.lock, &dflags); 14458 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 14459 sb_p = user_get_super(tid.file.device); 14460 #else 14461 sb_p = get_super(tid.file.device); 14462 #endif 14463 if(sb_p) 14464 { 14465 #ifdef CONFIG_RSBAC_RMSG 14466 rsbac_printk(KERN_INFO 14467 "rsbac_set_attr(): auto-mounting device %02u:%02u\n", 14468 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 14469 #endif 14470 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 14471 if (!rsbac_nosyslog) 14472 #endif 14473 printk(KERN_INFO 14474 "rsbac_set_attr(): auto-mounting device %02u:%02u\n", 14475 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 14476 rsbac_mount(sb_p, NULL); 14477 /* free super_block pointer */ 14478 drop_super(sb_p); 14479 rsbac_read_lock(&device_list_head.lock, &dflags); 14480 device_p = lookup_device(tid.file.device); 14481 if (!device_p) 14482 { 14483 #ifdef CONFIG_RSBAC_RMSG 14484 rsbac_printk(KERN_WARNING 14485 "rsbac_set_attr(): unknown device %02u:%02u\n", 14486 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 14487 #endif 14488 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 14489 if (!rsbac_nosyslog) 14490 #endif 14491 printk(KERN_WARNING 14492 "rsbac_set_attr(): unknown device %02u:%02u\n", 14493 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 14494 rsbac_read_unlock(&device_list_head.lock, &dflags); 14495 return -RSBAC_EINVALIDDEV; 14496 } 14497 } 14498 else 14499 return -RSBAC_EINVALIDDEV; 14500 } 14501 switch(module) 14502 { 14503 case GEN: 14504 { 14505 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI; 14506 14507 rsbac_list_get_data(device_p->handles.gen[gen_fd_hash(tid.file.inode)], 14508 &tid.file.inode, 14509 &aci); 14510 switch (attr) 14511 { 14512 case A_log_array_low: 14513 aci.log_array_low = value.log_array_low; 14514 break; 14515 case A_log_array_high: 14516 aci.log_array_high = value.log_array_high; 14517 break; 14518 case A_log_program_based: 14519 aci.log_program_based = value.log_program_based; 14520 break; 14521 case A_symlink_add_uid: 14522 aci.symlink_add_uid = value.symlink_add_uid; 14523 break; 14524 case A_symlink_add_mac_level: 14525 aci.symlink_add_mac_level = value.symlink_add_mac_level; 14526 break; 14527 case A_symlink_add_rc_role: 14528 aci.symlink_add_rc_role = value.symlink_add_rc_role; 14529 break; 14530 case A_linux_dac_disable: 14531 aci.linux_dac_disable = value.linux_dac_disable; 14532 break; 14533 case A_fake_root_uid: 14534 aci.fake_root_uid = value.fake_root_uid; 14535 break; 14536 default: 14537 err = -RSBAC_EINVALIDATTR; 14538 } 14539 if(!err) 14540 { 14541 err = rsbac_list_add(device_p->handles.gen[gen_fd_hash(tid.file.inode)], 14542 &tid.file.inode, 14543 &aci); 14544 } 14545 } 14546 break; 14547 14548 #if defined(CONFIG_RSBAC_MAC) 14549 case MAC: 14550 { 14551 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI; 14552 14553 rsbac_list_get_data(device_p->handles.mac[mac_fd_hash(tid.file.inode)], 14554 &tid.file.inode, 14555 &aci); 14556 switch (attr) 14557 { 14558 case A_security_level: 14559 aci.sec_level = value.security_level; 14560 break; 14561 case A_mac_categories: 14562 aci.mac_categories = value.mac_categories; 14563 break; 14564 case A_mac_auto: 14565 aci.mac_auto = value.mac_auto; 14566 break; 14567 case A_mac_prop_trusted: 14568 aci.mac_prop_trusted = value.mac_prop_trusted; 14569 break; 14570 case A_mac_file_flags: 14571 aci.mac_file_flags = value.mac_file_flags & RSBAC_MAC_F_FLAGS; 14572 break; 14573 14574 default: 14575 err = -RSBAC_EINVALIDATTR; 14576 } 14577 if(!err) 14578 { 14579 err = rsbac_list_add(device_p->handles.mac[mac_fd_hash(tid.file.inode)], 14580 &tid.file.inode, 14581 &aci); 14582 } 14583 } 14584 break; 14585 #endif /* MAC */ 14586 14587 #if defined(CONFIG_RSBAC_FC) 14588 case FC: 14589 { 14590 switch (attr) 14591 { 14592 case A_object_category: 14593 err = rsbac_list_add(device_p->handles.fc[fc_fd_hash(tid.file.inode)], 14594 &tid.file.inode, 14595 &value.object_category); 14596 break; 14597 14598 default: 14599 err = -RSBAC_EINVALIDATTR; 14600 } 14601 } 14602 break; 14603 #endif /* FC */ 14604 14605 #if defined(CONFIG_RSBAC_SIM) 14606 case SIM: 14607 { 14608 switch (attr) 14609 { 14610 case A_data_type: 14611 err = rsbac_list_add(device_p->handles.sim[sim_fd_hash(tid.file.inode)], 14612 &tid.file.inode, 14613 &value.data_type); 14614 break; 14615 14616 default: 14617 err = -RSBAC_EINVALIDATTR; 14618 } 14619 } 14620 break; 14621 #endif /* SIM */ 14622 14623 #if defined(CONFIG_RSBAC_PM) 14624 case PM: 14625 { 14626 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI; 14627 14628 rsbac_list_get_data(device_p->handles.pm[pm_fd_hash(tid.file.inode)], 14629 &tid.file.inode, 14630 &aci); 14631 switch (attr) 14632 { 14633 case A_pm_object_class: 14634 aci.pm_object_class = value.pm_object_class; 14635 break; 14636 case A_pm_tp: 14637 aci.pm_tp = value.pm_tp; 14638 break; 14639 case A_pm_object_type: 14640 aci.pm_object_type = value.pm_object_type; 14641 break; 14642 default: 14643 err = -RSBAC_EINVALIDATTR; 14644 } 14645 if(!err) 14646 { 14647 err = rsbac_list_add(device_p->handles.pm[pm_fd_hash(tid.file.inode)], 14648 &tid.file.inode, 14649 &aci); 14650 } 14651 } 14652 break; 14653 #endif /* PM */ 14654 14655 #if defined(CONFIG_RSBAC_DAZ) 14656 case DAZ: 14657 { 14658 #if defined(CONFIG_RSBAC_DAZ_CACHE) 14659 if(attr == A_daz_scanned) 14660 { 14661 err = rsbac_list_add_ttl(device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)], 14662 CONFIG_RSBAC_DAZ_TTL, 14663 &tid.file.inode, 14664 &value.daz_scanned); 14665 } 14666 else 14667 #endif 14668 { 14669 struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI; 14670 14671 rsbac_list_get_data(device_p->handles.daz[daz_fd_hash(tid.file.inode)], 14672 &tid.file.inode, 14673 &aci); 14674 switch (attr) 14675 { 14676 case A_daz_scanner: 14677 aci.daz_scanner = value.daz_scanner; 14678 break; 14679 default: 14680 err = -RSBAC_EINVALIDATTR; 14681 } 14682 if(!err) 14683 { 14684 err = rsbac_list_add(device_p->handles.daz[daz_fd_hash(tid.file.inode)], 14685 &tid.file.inode, 14686 &aci); 14687 } 14688 } 14689 } 14690 break; 14691 #endif /* DAZ */ 14692 14693 #if defined(CONFIG_RSBAC_FF) 14694 case FF: 14695 { 14696 switch (attr) 14697 { 14698 case A_ff_flags: 14699 err = rsbac_list_add(device_p->handles.ff[ff_fd_hash(tid.file.inode)], 14700 &tid.file.inode, 14701 &value.ff_flags); 14702 break; 14703 14704 default: 14705 err = -RSBAC_EINVALIDATTR; 14706 } 14707 } 14708 break; 14709 #endif /* FF */ 14710 14711 #if defined(CONFIG_RSBAC_RC) 14712 case RC: 14713 { 14714 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI; 14715 14716 rsbac_list_get_data(device_p->handles.rc[rc_fd_hash(tid.file.inode)], 14717 &tid.file.inode, 14718 &aci); 14719 switch (attr) 14720 { 14721 case A_rc_type_fd: 14722 aci.rc_type_fd = value.rc_type_fd; 14723 break; 14724 case A_rc_force_role: 14725 aci.rc_force_role = value.rc_force_role; 14726 break; 14727 case A_rc_initial_role: 14728 aci.rc_initial_role = value.rc_initial_role; 14729 break; 14730 14731 default: 14732 err = -RSBAC_EINVALIDATTR; 14733 } 14734 if(!err) 14735 { 14736 err = rsbac_list_add(device_p->handles.rc[rc_fd_hash(tid.file.inode)], 14737 &tid.file.inode, 14738 &aci); 14739 } 14740 } 14741 break; 14742 #endif /* RC */ 14743 14744 #if defined(CONFIG_RSBAC_AUTH) 14745 case AUTH: 14746 { 14747 struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI; 14748 14749 rsbac_list_get_data(device_p->handles.auth[auth_fd_hash(tid.file.inode)], 14750 &tid.file.inode, 14751 &aci); 14752 switch (attr) 14753 { 14754 case A_auth_may_setuid: 14755 aci.auth_may_setuid = value.auth_may_setuid; 14756 break; 14757 case A_auth_may_set_cap: 14758 aci.auth_may_set_cap = value.auth_may_set_cap; 14759 break; 14760 case A_auth_learn: 14761 aci.auth_learn = value.auth_learn; 14762 break; 14763 default: 14764 err = -RSBAC_EINVALIDATTR; 14765 } 14766 if(!err) 14767 { 14768 err = rsbac_list_add(device_p->handles.auth[auth_fd_hash(tid.file.inode)], 14769 &tid.file.inode, 14770 &aci); 14771 } 14772 } 14773 break; 14774 #endif /* AUTH */ 14775 14776 #if defined(CONFIG_RSBAC_CAP) 14777 case CAP: 14778 { 14779 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI; 14780 14781 rsbac_list_get_data(device_p->handles.cap[cap_fd_hash(tid.file.inode)], 14782 &tid.file.inode, 14783 &aci); 14784 switch (attr) 14785 { 14786 case A_min_caps: 14787 aci.min_caps = value.min_caps; 14788 break; 14789 case A_max_caps: 14790 aci.max_caps = value.max_caps; 14791 break; 14792 default: 14793 err = -RSBAC_EINVALIDATTR; 14794 } 14795 if(!err) 14796 { 14797 err = rsbac_list_add(device_p->handles.cap[cap_fd_hash(tid.file.inode)], 14798 &tid.file.inode, 14799 &aci); 14800 } 14801 } 14802 break; 14803 #endif 14804 14805 #if defined(CONFIG_RSBAC_RES) 14806 case RES: 14807 { 14808 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI; 14809 14810 rsbac_list_get_data(device_p->handles.res[res_fd_hash(tid.file.inode)], 14811 &tid.file.inode, 14812 &aci); 14813 switch (attr) 14814 { 14815 case A_res_min: 14816 memcpy(&aci.res_min, &value.res_array, sizeof(aci.res_min)); 14817 break; 14818 case A_res_max: 14819 memcpy(&aci.res_max, &value.res_array, sizeof(aci.res_max)); 14820 break; 14821 default: 14822 err = -RSBAC_EINVALIDATTR; 14823 } 14824 if(!err) 14825 { 14826 struct rsbac_res_fd_aci_t def_aci = DEFAULT_RES_FD_ACI; 14827 14828 if(memcmp(&aci, &def_aci, sizeof(aci))) 14829 err = rsbac_list_add(device_p->handles.res[res_fd_hash(tid.file.inode)], 14830 &tid.file.inode, 14831 &aci); 14832 } 14833 } 14834 break; 14835 #endif 14836 14837 #if defined(CONFIG_RSBAC_PAX) 14838 case PAX: 14839 { 14840 switch (attr) 14841 { 14842 case A_pax_flags: 14843 value.pax_flags &= RSBAC_PAX_ALL_FLAGS; 14844 err = rsbac_list_add(device_p->handles.pax[pax_fd_hash(tid.file.inode)], 14845 &tid.file.inode, 14846 &value.data_type); 14847 break; 14848 14849 default: 14850 err = -RSBAC_EINVALIDATTR; 14851 } 14852 } 14853 break; 14854 #endif /* PAX */ 14855 14856 default: 14857 err = -RSBAC_EINVALIDMODULE; 14858 } 14859 /* free access to device_list_head */ 14860 rsbac_read_unlock(&device_list_head.lock, &dflags); 14861 /* and return */ 14862 break; 14863 14864 case T_DEV: 14865 /* 14866 #ifdef CONFIG_RSBAC_DEBUG 14867 if (rsbac_debug_ds) 14868 printk(KERN_DEBUG 14869 "rsbac_set_attr(): Setting dev attribute\n"); 14870 #endif 14871 */ 14872 switch(module) 14873 { 14874 case GEN: 14875 { 14876 struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI; 14877 struct rsbac_dev_desc_t dev_desc; 14878 14879 dev_desc.type = tid.dev.type; 14880 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 14881 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 14882 14883 rsbac_list_get_data(dev_handles.gen, 14884 &dev_desc, 14885 &aci); 14886 switch (attr) 14887 { 14888 case A_log_array_low: 14889 aci.log_array_low = value.log_array_low; 14890 break; 14891 case A_log_array_high: 14892 aci.log_array_high = value.log_array_high; 14893 break; 14894 default: 14895 err = -RSBAC_EINVALIDATTR; 14896 } 14897 if(!err) 14898 { 14899 err = rsbac_list_add(dev_handles.gen, 14900 &dev_desc, 14901 &aci); 14902 } 14903 } 14904 break; 14905 14906 #if defined(CONFIG_RSBAC_MAC) 14907 case MAC: 14908 { 14909 struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI; 14910 struct rsbac_dev_desc_t dev_desc; 14911 14912 dev_desc.type = tid.dev.type; 14913 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 14914 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 14915 14916 rsbac_list_get_data(dev_handles.mac, 14917 &dev_desc, 14918 &aci); 14919 switch (attr) 14920 { 14921 case A_security_level: 14922 aci.sec_level = value.security_level; 14923 break; 14924 case A_mac_categories: 14925 aci.mac_categories = value.mac_categories; 14926 break; 14927 case A_mac_check: 14928 aci.mac_check = value.mac_check; 14929 break; 14930 default: 14931 err = -RSBAC_EINVALIDATTR; 14932 } 14933 if(!err) 14934 { 14935 err = rsbac_list_add(dev_handles.mac, 14936 &dev_desc, 14937 &aci); 14938 } 14939 } 14940 break; 14941 #endif 14942 14943 #if defined(CONFIG_RSBAC_FC) 14944 case FC: 14945 { 14946 rsbac_fc_oc_t fc_oc = value.object_category; 14947 struct rsbac_dev_desc_t dev_desc; 14948 14949 dev_desc.type = tid.dev.type; 14950 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 14951 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 14952 14953 switch (attr) 14954 { 14955 case A_object_category: 14956 err = rsbac_list_add(dev_handles.fc, 14957 &dev_desc, 14958 &fc_oc); 14959 break; 14960 default: 14961 err = -RSBAC_EINVALIDATTR; 14962 } 14963 } 14964 break; 14965 #endif 14966 14967 #if defined(CONFIG_RSBAC_SIM) 14968 case SIM: 14969 { 14970 rsbac_sim_dt_t sim_dt = value.data_type; 14971 struct rsbac_dev_desc_t dev_desc; 14972 14973 dev_desc.type = tid.dev.type; 14974 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 14975 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 14976 14977 switch (attr) 14978 { 14979 case A_data_type: 14980 err = rsbac_list_add(dev_handles.sim, 14981 &dev_desc, 14982 &sim_dt); 14983 break; 14984 default: 14985 err = -RSBAC_EINVALIDATTR; 14986 } 14987 } 14988 break; 14989 #endif 14990 14991 #if defined(CONFIG_RSBAC_PM) 14992 case PM: 14993 { 14994 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI; 14995 struct rsbac_dev_desc_t dev_desc; 14996 14997 dev_desc.type = tid.dev.type; 14998 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 14999 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 15000 15001 rsbac_list_get_data(dev_handles.pm, 15002 &dev_desc, 15003 &aci); 15004 switch (attr) 15005 { 15006 case A_pm_object_type: 15007 aci.pm_object_type = value.pm_object_type; 15008 break; 15009 case A_pm_object_class: 15010 aci.pm_object_class = value.pm_object_class; 15011 break; 15012 default: 15013 err = -RSBAC_EINVALIDATTR; 15014 } 15015 if(!err) 15016 { 15017 err = rsbac_list_add(dev_handles.pm, 15018 &dev_desc, 15019 &aci); 15020 } 15021 } 15022 break; 15023 #endif 15024 15025 #if defined(CONFIG_RSBAC_RC) 15026 case RC: 15027 { 15028 rsbac_rc_type_id_t type = value.rc_type; 15029 struct rsbac_dev_desc_t dev_desc; 15030 15031 dev_desc.type = tid.dev.type; 15032 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 15033 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 15034 15035 switch (attr) 15036 { 15037 case A_rc_type: 15038 err = rsbac_list_add(dev_handles.rc, 15039 &dev_desc, 15040 &type); 15041 break; 15042 default: 15043 err = -RSBAC_EINVALIDATTR; 15044 } 15045 } 15046 break; 15047 #endif 15048 15049 default: 15050 err = -RSBAC_EINVALIDMODULE; 15051 } 15052 /* and return */ 15053 break; 15054 15055 case T_IPC: 15056 /* 15057 #ifdef CONFIG_RSBAC_DEBUG 15058 if (rsbac_debug_ds) printk(KERN_DEBUG "%s\n", 15059 "rsbac_set_attr(): Setting ipc attribute"); 15060 #endif 15061 */ 15062 switch(module) 15063 { 15064 #if defined(CONFIG_RSBAC_MAC) 15065 case MAC: 15066 { 15067 struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI; 15068 15069 rsbac_list_get_data(ipc_handles.mac, 15070 &tid.ipc, 15071 &aci); 15072 switch (attr) 15073 { 15074 case A_security_level: 15075 aci.sec_level = value.security_level; 15076 break; 15077 case A_mac_categories: 15078 aci.mac_categories = value.mac_categories; 15079 break; 15080 default: 15081 err = -RSBAC_EINVALIDATTR; 15082 } 15083 if(!err) 15084 { 15085 err = rsbac_list_add(ipc_handles.mac, 15086 &tid.ipc, 15087 &aci); 15088 } 15089 } 15090 break; 15091 #endif 15092 15093 #if defined(CONFIG_RSBAC_FC) 15094 case FC: 15095 { 15096 rsbac_fc_oc_t fc_oc = value.object_category; 15097 15098 switch (attr) 15099 { 15100 case A_object_category: 15101 err = rsbac_list_add(ipc_handles.fc, 15102 &tid.ipc, 15103 &fc_oc); 15104 break; 15105 default: 15106 err = -RSBAC_EINVALIDATTR; 15107 } 15108 } 15109 break; 15110 #endif 15111 15112 #if defined(CONFIG_RSBAC_SIM) 15113 case SIM: 15114 { 15115 rsbac_sim_dt_t sim_dt = value.data_type; 15116 15117 switch (attr) 15118 { 15119 case A_data_type: 15120 err = rsbac_list_add(ipc_handles.sim, 15121 &tid.ipc, 15122 &sim_dt); 15123 break; 15124 default: 15125 err = -RSBAC_EINVALIDATTR; 15126 } 15127 } 15128 break; 15129 #endif 15130 15131 #if defined(CONFIG_RSBAC_PM) 15132 case PM: 15133 { 15134 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI; 15135 15136 rsbac_list_get_data(ipc_handles.pm, 15137 &tid.ipc, 15138 &aci); 15139 switch (attr) 15140 { 15141 case A_pm_object_type: 15142 aci.pm_object_type = value.pm_object_type; 15143 break; 15144 case A_pm_ipc_purpose: 15145 aci.pm_ipc_purpose = value.pm_ipc_purpose; 15146 break; 15147 case A_pm_object_class: 15148 aci.pm_object_class = value.pm_object_class; 15149 break; 15150 default: 15151 err = -RSBAC_EINVALIDATTR; 15152 } 15153 if(!err) 15154 { 15155 err = rsbac_list_add(ipc_handles.pm, 15156 &tid.ipc, 15157 &aci); 15158 } 15159 } 15160 break; 15161 #endif 15162 15163 #if defined(CONFIG_RSBAC_RC) 15164 case RC: 15165 { 15166 rsbac_rc_type_id_t type = value.rc_type; 15167 15168 switch (attr) 15169 { 15170 case A_rc_type: 15171 err = rsbac_list_add(ipc_handles.rc, 15172 &tid.ipc, 15173 &type); 15174 break; 15175 default: 15176 err = -RSBAC_EINVALIDATTR; 15177 } 15178 } 15179 break; 15180 #endif 15181 15182 #if defined(CONFIG_RSBAC_JAIL) 15183 case JAIL: 15184 { 15185 rsbac_jail_id_t id = value.jail_id; 15186 15187 switch (attr) 15188 { 15189 case A_jail_id: 15190 /* 15191 #ifdef CONFIG_RSBAC_DEBUG 15192 if(id) 15193 printk(KERN_DEBUG 15194 "rsbac_set_attr(): Setting jail_id for IPC %s %lu to %u\n", 15195 get_ipc_target_name(tmp, tid.ipc.type), tid.ipc.id.id_nr, id); 15196 #endif 15197 */ 15198 err = rsbac_list_add(ipc_handles.jail, 15199 &tid.ipc, 15200 &id); 15201 break; 15202 default: 15203 err = -RSBAC_EINVALIDATTR; 15204 } 15205 } 15206 break; 15207 #endif 15208 15209 default: 15210 err = -RSBAC_EINVALIDMODULE; 15211 } 15212 /* and return */ 15213 break; 15214 15215 case T_USER: 15216 #ifdef CONFIG_RSBAC_DEBUG 15217 /* 15218 if (rsbac_debug_ds) 15219 printk(KERN_DEBUG 15220 "rsbac_set_attr(): Setting %s user attribute %i for %u to %i\n", 15221 get_switch_target_name(tmp, module), attr, tid.user, value.dummy); 15222 */ 15223 #endif 15224 switch(module) 15225 { 15226 case GEN: 15227 { 15228 struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI; 15229 15230 rsbac_list_get_data(user_handles.gen, 15231 &tid.user, 15232 &aci); 15233 switch (attr) 15234 { 15235 case A_pseudo: 15236 aci.pseudo = value.pseudo; 15237 break; 15238 case A_log_user_based: 15239 aci.log_user_based = value.log_user_based; 15240 break; 15241 default: 15242 err = -RSBAC_EINVALIDATTR; 15243 } 15244 if(!err) 15245 { 15246 err = rsbac_list_add(user_handles.gen, 15247 &tid.user, 15248 &aci); 15249 } 15250 } 15251 break; 15252 15253 #if defined(CONFIG_RSBAC_MAC) 15254 case MAC: 15255 { 15256 struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI; 15257 15258 rsbac_list_get_data(user_handles.mac, 15259 &tid.user, 15260 &aci); 15261 switch (attr) 15262 { 15263 case A_security_level: 15264 if(value.security_level < aci.min_security_level) 15265 err = -RSBAC_EINVALIDVALUE; 15266 else 15267 aci.security_level = value.security_level; 15268 break; 15269 case A_initial_security_level: 15270 if( (value.security_level < aci.min_security_level) 15271 || (value.security_level > aci.security_level) 15272 ) 15273 err = -RSBAC_EINVALIDVALUE; 15274 else 15275 aci.initial_security_level = value.security_level; 15276 break; 15277 case A_min_security_level: 15278 if(value.security_level > aci.security_level) 15279 err = -RSBAC_EINVALIDVALUE; 15280 else 15281 aci.min_security_level = value.security_level; 15282 break; 15283 case A_mac_categories: 15284 if((value.mac_categories & aci.mac_min_categories) != aci.mac_min_categories) 15285 err = -RSBAC_EINVALIDVALUE; 15286 else 15287 aci.mac_categories = value.mac_categories; 15288 break; 15289 case A_mac_initial_categories: 15290 if( ((value.mac_categories & aci.mac_min_categories) != aci.mac_min_categories) 15291 || ((value.mac_categories & aci.mac_categories) != value.mac_categories) 15292 ) 15293 err = -RSBAC_EINVALIDVALUE; 15294 else 15295 aci.mac_initial_categories = value.mac_categories; 15296 break; 15297 case A_mac_min_categories: 15298 if((value.mac_categories & aci.mac_categories) != value.mac_categories) 15299 err = -RSBAC_EINVALIDVALUE; 15300 else 15301 aci.mac_min_categories = value.mac_categories; 15302 break; 15303 case A_system_role: 15304 case A_mac_role: 15305 aci.system_role = value.system_role; 15306 break; 15307 case A_mac_user_flags: 15308 aci.mac_user_flags = value.mac_user_flags & RSBAC_MAC_U_FLAGS; 15309 break; 15310 default: 15311 err = -RSBAC_EINVALIDATTR; 15312 } 15313 if(!err) 15314 { 15315 err = rsbac_list_add(user_handles.mac, 15316 &tid.user, 15317 &aci); 15318 } 15319 } 15320 break; 15321 #endif 15322 15323 #if defined(CONFIG_RSBAC_FC) 15324 case FC: 15325 { 15326 rsbac_system_role_int_t role = value.system_role; 15327 15328 switch (attr) 15329 { 15330 case A_system_role: 15331 case A_fc_role: 15332 err = rsbac_list_add(user_handles.fc, 15333 &tid.user, 15334 &role); 15335 break; 15336 default: 15337 err = -RSBAC_EINVALIDATTR; 15338 } 15339 } 15340 break; 15341 #endif 15342 15343 #if defined(CONFIG_RSBAC_SIM) 15344 case SIM: 15345 { 15346 rsbac_system_role_int_t role = value.system_role; 15347 15348 switch (attr) 15349 { 15350 case A_system_role: 15351 case A_sim_role: 15352 err = rsbac_list_add(user_handles.sim, 15353 &tid.user, 15354 &role); 15355 break; 15356 default: 15357 err = -RSBAC_EINVALIDATTR; 15358 } 15359 } 15360 break; 15361 #endif 15362 15363 #if defined(CONFIG_RSBAC_PM) 15364 case PM: 15365 { 15366 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI; 15367 15368 rsbac_list_get_data(user_handles.pm, 15369 &tid.user, 15370 &aci); 15371 switch (attr) 15372 { 15373 case A_pm_task_set: 15374 aci.pm_task_set = value.pm_task_set; 15375 break; 15376 case A_pm_role: 15377 aci.pm_role = value.pm_role; 15378 break; 15379 default: 15380 err = -RSBAC_EINVALIDATTR; 15381 } 15382 if(!err) 15383 { 15384 err = rsbac_list_add(user_handles.pm, 15385 &tid.user, 15386 &aci); 15387 } 15388 } 15389 break; 15390 #endif 15391 15392 #if defined(CONFIG_RSBAC_DAZ) 15393 case DAZ: 15394 { 15395 rsbac_system_role_int_t role = value.system_role; 15396 15397 switch (attr) 15398 { 15399 case A_system_role: 15400 case A_daz_role: 15401 err = rsbac_list_add(user_handles.daz, 15402 &tid.user, 15403 &role); 15404 break; 15405 default: 15406 err = -RSBAC_EINVALIDATTR; 15407 } 15408 } 15409 break; 15410 #endif 15411 15412 #if defined(CONFIG_RSBAC_FF) 15413 case FF: 15414 { 15415 rsbac_system_role_int_t role = value.system_role; 15416 15417 switch (attr) 15418 { 15419 case A_system_role: 15420 case A_ff_role: 15421 err = rsbac_list_add(user_handles.ff, 15422 &tid.user, 15423 &role); 15424 break; 15425 default: 15426 err = -RSBAC_EINVALIDATTR; 15427 } 15428 } 15429 break; 15430 #endif 15431 15432 #if defined(CONFIG_RSBAC_RC) 15433 case RC: 15434 { 15435 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI; 15436 15437 rsbac_list_get_data(user_handles.rc, 15438 &tid.user, 15439 &aci); 15440 switch (attr) 15441 { 15442 case A_rc_def_role: 15443 aci.rc_role = value.rc_def_role; 15444 break; 15445 case A_rc_type: 15446 aci.rc_type = value.rc_type; 15447 break; 15448 default: 15449 err = -RSBAC_EINVALIDATTR; 15450 } 15451 if(!err) 15452 { 15453 err = rsbac_list_add(user_handles.rc, 15454 &tid.user, 15455 &aci); 15456 } 15457 } 15458 break; 15459 #endif 15460 15461 #if defined(CONFIG_RSBAC_AUTH) 15462 case AUTH: 15463 { 15464 rsbac_system_role_int_t role = value.system_role; 15465 15466 switch (attr) 15467 { 15468 case A_system_role: 15469 case A_auth_role: 15470 err = rsbac_list_add(user_handles.auth, 15471 &tid.user, 15472 &role); 15473 break; 15474 default: 15475 err = -RSBAC_EINVALIDATTR; 15476 } 15477 } 15478 break; 15479 #endif 15480 15481 #if defined(CONFIG_RSBAC_CAP) 15482 case CAP: 15483 { 15484 struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI; 15485 15486 rsbac_list_get_data(user_handles.cap, 15487 &tid.user, 15488 &aci); 15489 switch (attr) 15490 { 15491 case A_system_role: 15492 case A_cap_role: 15493 aci.cap_role = value.system_role; 15494 break; 15495 case A_min_caps: 15496 aci.min_caps = value.min_caps; 15497 break; 15498 case A_max_caps: 15499 aci.max_caps = value.max_caps; 15500 break; 15501 default: 15502 err = -RSBAC_EINVALIDATTR; 15503 } 15504 if(!err) 15505 { 15506 err = rsbac_list_add(user_handles.cap, 15507 &tid.user, 15508 &aci); 15509 } 15510 } 15511 break; 15512 #endif 15513 15514 #if defined(CONFIG_RSBAC_JAIL) 15515 case JAIL: 15516 { 15517 rsbac_system_role_int_t role = value.system_role; 15518 15519 switch (attr) 15520 { 15521 case A_system_role: 15522 case A_jail_role: 15523 err = rsbac_list_add(user_handles.jail, 15524 &tid.user, 15525 &role); 15526 break; 15527 default: 15528 err = -RSBAC_EINVALIDATTR; 15529 } 15530 } 15531 break; 15532 #endif 15533 15534 #if defined(CONFIG_RSBAC_RES) 15535 case RES: 15536 { 15537 struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI; 15538 15539 rsbac_list_get_data(user_handles.res, 15540 &tid.user, 15541 &aci); 15542 switch (attr) 15543 { 15544 case A_system_role: 15545 case A_res_role: 15546 aci.res_role = value.system_role; 15547 break; 15548 case A_res_min: 15549 memcpy(&aci.res_min, &value.res_array, sizeof(aci.res_min)); 15550 break; 15551 case A_res_max: 15552 memcpy(&aci.res_max, &value.res_array, sizeof(aci.res_max)); 15553 break; 15554 default: 15555 err = -RSBAC_EINVALIDATTR; 15556 } 15557 if(!err) 15558 { 15559 struct rsbac_res_user_aci_t def_aci = DEFAULT_RES_U_ACI; 15560 15561 if(tid.user != RSBAC_ALL_USERS) 15562 { 15563 rsbac_uid_t all_users = RSBAC_ALL_USERS; 15564 15565 rsbac_list_get_data(user_handles.res, 15566 &all_users, 15567 &def_aci); 15568 } 15569 if(memcmp(&aci, &def_aci, sizeof(aci))) 15570 err = rsbac_list_add(user_handles.res, 15571 &tid.user, 15572 &aci); 15573 else 15574 err = rsbac_list_remove(user_handles.res, 15575 &tid.user); 15576 } 15577 } 15578 break; 15579 #endif 15580 15581 #if defined(CONFIG_RSBAC_PAX) 15582 case PAX: 15583 { 15584 rsbac_system_role_int_t role = value.system_role; 15585 15586 switch (attr) 15587 { 15588 case A_system_role: 15589 case A_pax_role: 15590 err = rsbac_list_add(user_handles.pax, 15591 &tid.user, 15592 &role); 15593 break; 15594 default: 15595 err = -RSBAC_EINVALIDATTR; 15596 } 15597 } 15598 break; 15599 #endif 15600 15601 default: 15602 err = -RSBAC_EINVALIDMODULE; 15603 } 15604 /* and return */ 15605 break; 15606 15607 case T_PROCESS: 15608 /* 15609 #ifdef CONFIG_RSBAC_DEBUG 15610 if (rsbac_debug_ds) 15611 printk(KERN_DEBUG 15612 "rsbac_set_attr(): Setting process attribute\n"); 15613 #endif 15614 */ 15615 if (!tid.process) 15616 { 15617 #ifdef CONFIG_RSBAC_RMSG 15618 rsbac_printk(KERN_WARNING 15619 "rsbac_set_attr(): Trying to set attribute for process 0!\n"); 15620 #endif 15621 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 15622 if (!rsbac_nosyslog) 15623 #endif 15624 printk(KERN_WARNING 15625 "rsbac_set_attr(): Trying to set attribute for process 0!\n"); 15626 return -RSBAC_EINVALIDTARGET; 15627 } 15628 switch(module) 15629 { 15630 case GEN: 15631 { 15632 struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI; 15633 15634 rsbac_list_get_data(process_handles.gen, 15635 &tid.process, 15636 &aci); 15637 switch (attr) 15638 { 15639 case A_log_program_based: 15640 aci.log_program_based = value.log_program_based; 15641 break; 15642 case A_fake_root_uid: 15643 aci.fake_root_uid = value.fake_root_uid; 15644 break; 15645 default: 15646 err = -RSBAC_EINVALIDATTR; 15647 } 15648 if(!err) 15649 { 15650 err = rsbac_list_add(process_handles.gen, 15651 &tid.process, 15652 &aci); 15653 } 15654 } 15655 break; 15656 15657 #if defined(CONFIG_RSBAC_MAC) 15658 case MAC: 15659 { 15660 struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI; 15661 15662 rsbac_list_get_data(process_handles.mac[mac_p_hash(tid.process)], 15663 &tid.process, 15664 &aci); 15665 switch (attr) 15666 { 15667 case A_security_level: 15668 aci.owner_sec_level = value.security_level; 15669 break; 15670 case A_initial_security_level: 15671 aci.owner_initial_sec_level = value.security_level; 15672 break; 15673 case A_min_security_level: 15674 aci.owner_min_sec_level = value.security_level; 15675 break; 15676 case A_mac_categories: 15677 aci.mac_owner_categories = value.mac_categories; 15678 break; 15679 case A_mac_initial_categories: 15680 aci.mac_owner_initial_categories = value.mac_categories; 15681 break; 15682 case A_mac_min_categories: 15683 aci.mac_owner_min_categories = value.mac_categories; 15684 break; 15685 case A_current_sec_level: 15686 aci.current_sec_level = value.current_sec_level; 15687 break; 15688 case A_mac_curr_categories: 15689 aci.mac_curr_categories = value.mac_categories; 15690 break; 15691 case A_min_write_open: 15692 aci.min_write_open = value.min_write_open; 15693 break; 15694 case A_min_write_categories: 15695 aci.min_write_categories = value.mac_categories; 15696 break; 15697 case A_max_read_open: 15698 aci.max_read_open = value.max_read_open; 15699 break; 15700 case A_max_read_categories: 15701 aci.max_read_categories = value.mac_categories; 15702 break; 15703 case A_mac_process_flags: 15704 aci.mac_process_flags = value.mac_process_flags & RSBAC_MAC_P_FLAGS; 15705 break; 15706 case A_mac_auto: 15707 if(value.mac_auto) 15708 aci.mac_process_flags |= MAC_auto; 15709 else 15710 aci.mac_process_flags &= ~MAC_auto; 15711 break; 15712 default: 15713 err = -RSBAC_EINVALIDATTR; 15714 } 15715 if(!err) 15716 { 15717 err = rsbac_list_add(process_handles.mac[mac_p_hash(tid.process)], 15718 &tid.process, 15719 &aci); 15720 } 15721 } 15722 break; 15723 #endif 15724 15725 #if defined(CONFIG_RSBAC_PM) 15726 case PM: 15727 { 15728 struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI; 15729 15730 rsbac_list_get_data(process_handles.pm, 15731 &tid.process, 15732 &aci); 15733 switch (attr) 15734 { 15735 case A_pm_tp: 15736 aci.pm_tp = value.pm_tp; 15737 break; 15738 case A_pm_current_task: 15739 aci.pm_current_task = value.pm_current_task; 15740 break; 15741 case A_pm_process_type: 15742 aci.pm_process_type = value.pm_process_type; 15743 break; 15744 default: 15745 err = -RSBAC_EINVALIDATTR; 15746 } 15747 if(!err) 15748 { 15749 err = rsbac_list_add(process_handles.pm, 15750 &tid.process, 15751 &aci); 15752 } 15753 } 15754 break; 15755 #endif 15756 15757 #if defined(CONFIG_RSBAC_DAZ) 15758 case DAZ: 15759 { 15760 struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI; 15761 15762 rsbac_list_get_data(process_handles.daz, 15763 &tid.process, 15764 &aci); 15765 switch (attr) 15766 { 15767 case A_daz_scanner: 15768 aci.daz_scanner = value.daz_scanner; 15769 break; 15770 default: 15771 err = -RSBAC_EINVALIDATTR; 15772 } 15773 if(!err) 15774 { 15775 err = rsbac_list_add(process_handles.daz, 15776 &tid.process, 15777 &aci); 15778 } 15779 } 15780 break; 15781 #endif 15782 15783 #if defined(CONFIG_RSBAC_RC) 15784 case RC: 15785 { 15786 struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI; 15787 15788 rsbac_list_get_data(process_handles.rc[rc_p_hash(tid.process)], 15789 &tid.process, 15790 &aci); 15791 switch (attr) 15792 { 15793 case A_rc_role: 15794 aci.rc_role = value.rc_role; 15795 break; 15796 case A_rc_type: 15797 aci.rc_type = value.rc_type; 15798 break; 15799 case A_rc_force_role: 15800 aci.rc_force_role = value.rc_force_role; 15801 break; 15802 default: 15803 err = -RSBAC_EINVALIDATTR; 15804 } 15805 if(!err) 15806 { 15807 err = rsbac_list_add(process_handles.rc[rc_p_hash(tid.process)], 15808 &tid.process, 15809 &aci); 15810 } 15811 } 15812 break; 15813 #endif 15814 15815 #if defined(CONFIG_RSBAC_AUTH) 15816 case AUTH: 15817 { 15818 struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI; 15819 15820 rsbac_list_get_data(process_handles.auth, 15821 &tid.process, 15822 &aci); 15823 switch (attr) 15824 { 15825 case A_auth_may_setuid: 15826 aci.auth_may_setuid = value.auth_may_setuid; 15827 break; 15828 case A_auth_may_set_cap: 15829 aci.auth_may_set_cap = value.auth_may_set_cap; 15830 break; 15831 #if defined(CONFIG_RSBAC_AUTH_LEARN) 15832 case A_auth_program_file: 15833 aci.auth_program_file = value.auth_program_file; 15834 break; 15835 case A_auth_start_uid: 15836 aci.auth_start_uid = value.auth_start_uid; 15837 break; 15838 case A_auth_learn: 15839 aci.auth_learn = value.auth_learn; 15840 break; 15841 #endif 15842 default: 15843 err = -RSBAC_EINVALIDATTR; 15844 } 15845 if(!err) 15846 { 15847 err = rsbac_list_add(process_handles.auth, 15848 &tid.process, 15849 &aci); 15850 } 15851 } 15852 break; 15853 #endif 15854 15855 #if defined(CONFIG_RSBAC_CAP) 15856 case CAP: 15857 { 15858 struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI; 15859 15860 rsbac_list_get_data(process_handles.cap, 15861 &tid.process, 15862 &aci); 15863 switch (attr) 15864 { 15865 case A_cap_process_hiding: 15866 aci.cap_process_hiding = value.cap_process_hiding; 15867 break; 15868 default: 15869 err = -RSBAC_EINVALIDATTR; 15870 } 15871 if(!err) 15872 { 15873 err = rsbac_list_add(process_handles.cap, 15874 &tid.process, 15875 &aci); 15876 } 15877 } 15878 break; 15879 #endif 15880 15881 #if defined(CONFIG_RSBAC_JAIL) 15882 case JAIL: 15883 { 15884 struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI; 15885 15886 rsbac_list_get_data(process_handles.jail[jail_p_hash(tid.process)], 15887 &tid.process, 15888 &aci); 15889 switch (attr) 15890 { 15891 case A_jail_id: 15892 aci.id = value.jail_id; 15893 break; 15894 case A_jail_ip: 15895 aci.ip = value.jail_ip; 15896 break; 15897 case A_jail_flags: 15898 aci.flags = value.jail_flags; 15899 break; 15900 case A_jail_max_caps: 15901 aci.max_caps = value.jail_max_caps; 15902 break; 15903 default: 15904 err = -RSBAC_EINVALIDATTR; 15905 } 15906 if(!err) 15907 { 15908 err = rsbac_list_add(process_handles.jail[jail_p_hash(tid.process)], 15909 &tid.process, 15910 &aci); 15911 } 15912 } 15913 break; 15914 #endif 15915 15916 default: 15917 err = -RSBAC_EINVALIDMODULE; 15918 } 15919 /* and return */ 15920 break; 15921 15922 #ifdef CONFIG_RSBAC_NET_DEV 15923 case T_NETDEV: 15924 /* 15925 #ifdef CONFIG_RSBAC_DEBUG 15926 if (rsbac_debug_ds) 15927 printk(KERN_DEBUG 15928 "rsbac_set_attr(): Setting netdev attribute\n"); 15929 #endif 15930 */ 15931 switch(module) 15932 { 15933 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 15934 case GEN: 15935 { 15936 struct rsbac_gen_netdev_aci_t aci = DEFAULT_GEN_NETDEV_ACI; 15937 15938 rsbac_list_get_data(netdev_handles.gen, 15939 &tid.netdev, 15940 &aci); 15941 switch (attr) 15942 { 15943 case A_log_array_low: 15944 aci.log_array_low = value.log_array_low; 15945 break; 15946 case A_log_array_high: 15947 aci.log_array_high = value.log_array_high; 15948 break; 15949 default: 15950 err = -RSBAC_EINVALIDATTR; 15951 } 15952 if(!err) 15953 { 15954 err = rsbac_list_add(netdev_handles.gen, 15955 &tid.netdev, 15956 &aci); 15957 } 15958 } 15959 break; 15960 #endif 15961 #if defined(CONFIG_RSBAC_RC) 15962 case RC: 15963 { 15964 rsbac_rc_type_id_t type = value.rc_type; 15965 15966 switch (attr) 15967 { 15968 case A_rc_type: 15969 err = rsbac_list_add(netdev_handles.rc, 15970 &tid.netdev, 15971 &type); 15972 break; 15973 default: 15974 err = -RSBAC_EINVALIDATTR; 15975 } 15976 } 15977 break; 15978 #endif 15979 15980 default: 15981 err = -RSBAC_EINVALIDMODULE; 15982 } 15983 /* and return */ 15984 break; 15985 #endif 15986 15987 #ifdef CONFIG_RSBAC_NET_OBJ 15988 case T_NETTEMP: 15989 /* 15990 #ifdef CONFIG_RSBAC_DEBUG 15991 if (rsbac_debug_ds) printk(KERN_DEBUG "%s\n", 15992 "rsbac_set_attr(): Setting nettemp attribute"); 15993 #endif 15994 */ 15995 if(!rsbac_list_exist(net_temp_handle, &tid.nettemp)) 15996 return -RSBAC_EINVALIDTARGET; 15997 switch(module) 15998 { 15999 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG) 16000 case GEN: 16001 { 16002 struct rsbac_gen_netobj_aci_t aci = DEFAULT_GEN_NETOBJ_ACI; 16003 16004 rsbac_list_get_data(nettemp_handles.gen, 16005 &tid.nettemp, 16006 &aci); 16007 switch (attr) 16008 { 16009 case A_log_array_low: 16010 aci.log_array_low = value.log_array_low; 16011 break; 16012 case A_log_array_high: 16013 aci.log_array_high = value.log_array_high; 16014 break; 16015 16016 default: 16017 err = -RSBAC_EINVALIDATTR; 16018 } 16019 if(!err) 16020 { 16021 err = rsbac_list_add(nettemp_handles.gen, 16022 &tid.nettemp, 16023 &aci); 16024 } 16025 } 16026 break; 16027 #endif /* IND_NETOBJ_LOG */ 16028 #if defined(CONFIG_RSBAC_MAC) 16029 case MAC: 16030 { 16031 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI; 16032 16033 rsbac_list_get_data(nettemp_handles.mac, 16034 &tid.nettemp, 16035 &aci); 16036 switch (attr) 16037 { 16038 case A_security_level: 16039 aci.sec_level = value.security_level; 16040 break; 16041 case A_mac_categories: 16042 aci.mac_categories = value.mac_categories; 16043 break; 16044 16045 default: 16046 err = -RSBAC_EINVALIDATTR; 16047 } 16048 if(!err) 16049 { 16050 err = rsbac_list_add(nettemp_handles.mac, 16051 &tid.nettemp, 16052 &aci); 16053 } 16054 } 16055 break; 16056 #endif /* MAC */ 16057 16058 #if defined(CONFIG_RSBAC_FC) 16059 case FC: 16060 { 16061 rsbac_fc_oc_t fc_oc = value.object_category; 16062 16063 err = rsbac_list_add(nettemp_handles.fc, 16064 &tid.nettemp, 16065 &fc_oc); 16066 } 16067 break; 16068 #endif /* FC */ 16069 16070 #if defined(CONFIG_RSBAC_SIM) 16071 case SIM: 16072 { 16073 rsbac_sim_dt_t sim_dt = value.data_type; 16074 16075 err = rsbac_list_add(nettemp_handles.sim, 16076 &tid.nettemp, 16077 &sim_dt); 16078 } 16079 break; 16080 #endif /* SIM */ 16081 16082 #if defined(CONFIG_RSBAC_PM) 16083 case PM: 16084 { 16085 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI; 16086 16087 rsbac_list_get_data(nettemp_handles.pm, 16088 &tid.nettemp, 16089 &aci); 16090 switch (attr) 16091 { 16092 case A_pm_object_class: 16093 aci.pm_object_class = value.pm_object_class; 16094 break; 16095 case A_pm_ipc_purpose: 16096 aci.pm_ipc_purpose = value.pm_ipc_purpose; 16097 break; 16098 case A_pm_object_type: 16099 aci.pm_object_type = value.pm_object_type; 16100 break; 16101 default: 16102 err = -RSBAC_EINVALIDATTR; 16103 } 16104 if(!err) 16105 { 16106 err = rsbac_list_add(nettemp_handles.pm, 16107 &tid.nettemp, 16108 &aci); 16109 } 16110 } 16111 break; 16112 #endif /* PM */ 16113 16114 #if defined(CONFIG_RSBAC_RC) 16115 case RC: 16116 { 16117 struct rsbac_rc_nettemp_aci_t aci = DEFAULT_RC_NETTEMP_ACI; 16118 16119 rsbac_list_get_data(nettemp_handles.rc, 16120 &tid.nettemp, 16121 &aci); 16122 switch (attr) 16123 { 16124 case A_rc_type: 16125 aci.netobj_type = value.rc_type; 16126 break; 16127 case A_rc_type_nt: 16128 aci.nettemp_type = value.rc_type; 16129 break; 16130 16131 default: 16132 err = -RSBAC_EINVALIDATTR; 16133 } 16134 if(!err) 16135 { 16136 err = rsbac_list_add(nettemp_handles.rc, 16137 &tid.nettemp, 16138 &aci); 16139 } 16140 } 16141 break; 16142 #endif /* RC */ 16143 16144 default: 16145 err = -RSBAC_EINVALIDMODULE; 16146 } 16147 break; 16148 16149 case T_NETOBJ: 16150 /* 16151 #ifdef CONFIG_RSBAC_DEBUG 16152 if (rsbac_debug_ds) printk(KERN_DEBUG "%s\n", 16153 "rsbac_set_attr(): Setting netobj attribute"); 16154 #endif 16155 */ 16156 switch(module) 16157 { 16158 #if defined(CONFIG_RSBAC_MAC) 16159 case MAC: 16160 { 16161 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI; 16162 16163 switch(attr) 16164 { 16165 case A_local_sec_level: 16166 case A_local_mac_categories: 16167 if(rsbac_list_get_data(lnetobj_handles.mac, 16168 &tid.netobj.sock_p, 16169 &aci)) 16170 { /* not found -> fallback to template */ 16171 rsbac_net_temp_id_t temp = 0; 16172 16173 rsbac_net_lookup_templates(tid.netobj, 16174 &temp, 16175 NULL); 16176 if(temp) 16177 rsbac_list_get_data(nettemp_handles.mac, 16178 &temp, 16179 &aci); 16180 } 16181 break; 16182 16183 case A_remote_sec_level: 16184 case A_remote_mac_categories: 16185 if(rsbac_list_get_data(rnetobj_handles.mac, 16186 &tid.netobj.sock_p, 16187 &aci)) 16188 { /* not found -> fallback to template */ 16189 rsbac_net_temp_id_t temp = 0; 16190 16191 rsbac_net_lookup_templates(tid.netobj, 16192 NULL, 16193 &temp); 16194 if(temp) 16195 rsbac_list_get_data(nettemp_handles.mac, 16196 &temp, 16197 &aci); 16198 } 16199 break; 16200 16201 default: 16202 err = -RSBAC_EINVALIDATTR; 16203 } 16204 if(err) 16205 break; 16206 { 16207 switch (attr) 16208 { 16209 case A_local_sec_level: 16210 aci.sec_level = value.security_level; 16211 err = rsbac_list_add(lnetobj_handles.mac, 16212 &tid.netobj.sock_p, 16213 &aci); 16214 break; 16215 case A_remote_sec_level: 16216 aci.sec_level = value.security_level; 16217 err = rsbac_list_add(rnetobj_handles.mac, 16218 &tid.netobj.sock_p, 16219 &aci); 16220 break; 16221 case A_local_mac_categories: 16222 aci.mac_categories = value.mac_categories; 16223 err = rsbac_list_add(lnetobj_handles.mac, 16224 &tid.netobj.sock_p, 16225 &aci); 16226 break; 16227 case A_remote_mac_categories: 16228 aci.mac_categories = value.mac_categories; 16229 err = rsbac_list_add(rnetobj_handles.mac, 16230 &tid.netobj.sock_p, 16231 &aci); 16232 break; 16233 16234 default: 16235 err = -RSBAC_EINVALIDATTR; 16236 } 16237 } 16238 } 16239 break; 16240 #endif /* MAC */ 16241 16242 #if defined(CONFIG_RSBAC_FC) 16243 case FC: 16244 { 16245 rsbac_fc_oc_t fc_oc = value.object_category; 16246 16247 switch(attr) 16248 { 16249 case A_local_object_category: 16250 err = rsbac_list_add(lnetobj_handles.fc, 16251 &tid.netobj.sock_p, 16252 &fc_oc); 16253 break; 16254 16255 case A_remote_object_category: 16256 err = rsbac_list_add(rnetobj_handles.fc, 16257 &tid.netobj.sock_p, 16258 &fc_oc); 16259 break; 16260 16261 default: 16262 err = -RSBAC_EINVALIDATTR; 16263 } 16264 } 16265 break; 16266 #endif /* FC */ 16267 16268 #if defined(CONFIG_RSBAC_SIM) 16269 case SIM: 16270 { 16271 rsbac_sim_dt_t sim_dt = value.data_type; 16272 16273 switch(attr) 16274 { 16275 case A_local_data_type: 16276 err = rsbac_list_add(lnetobj_handles.sim, 16277 &tid.netobj.sock_p, 16278 &sim_dt); 16279 break; 16280 16281 case A_remote_data_type: 16282 err = rsbac_list_add(rnetobj_handles.sim, 16283 &tid.netobj.sock_p, 16284 &sim_dt); 16285 break; 16286 16287 default: 16288 err = -RSBAC_EINVALIDATTR; 16289 } 16290 } 16291 break; 16292 #endif /* SIM */ 16293 16294 #if defined(CONFIG_RSBAC_PM) 16295 case PM: 16296 { 16297 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI; 16298 16299 switch(attr) 16300 { 16301 case A_local_pm_object_class: 16302 case A_local_pm_ipc_purpose: 16303 case A_local_pm_object_type: 16304 if(rsbac_list_get_data(lnetobj_handles.pm, 16305 &tid.netobj.sock_p, 16306 &aci)) 16307 { /* not found -> fallback to template */ 16308 rsbac_net_temp_id_t temp = 0; 16309 16310 rsbac_net_lookup_templates(tid.netobj, 16311 &temp, 16312 NULL); 16313 if(temp) 16314 rsbac_list_get_data(nettemp_handles.pm, 16315 &temp, 16316 &aci); 16317 } 16318 break; 16319 16320 case A_remote_pm_object_class: 16321 case A_remote_pm_ipc_purpose: 16322 case A_remote_pm_object_type: 16323 if(rsbac_list_get_data(rnetobj_handles.pm, 16324 &tid.netobj.sock_p, 16325 &aci)) 16326 { /* not found -> fallback to template */ 16327 rsbac_net_temp_id_t temp = 0; 16328 16329 rsbac_net_lookup_templates(tid.netobj, 16330 NULL, 16331 &temp); 16332 if(temp) 16333 rsbac_list_get_data(nettemp_handles.pm, 16334 &temp, 16335 &aci); 16336 } 16337 break; 16338 16339 default: 16340 err = -RSBAC_EINVALIDATTR; 16341 } 16342 if(err) 16343 break; 16344 { 16345 switch (attr) 16346 { 16347 case A_local_pm_object_class: 16348 aci.pm_object_class = value.pm_object_class; 16349 err = rsbac_list_add(lnetobj_handles.pm, 16350 &tid.netobj.sock_p, 16351 &aci); 16352 break; 16353 case A_remote_pm_object_class: 16354 aci.pm_object_class = value.pm_object_class; 16355 err = rsbac_list_add(rnetobj_handles.pm, 16356 &tid.netobj.sock_p, 16357 &aci); 16358 break; 16359 case A_local_pm_ipc_purpose: 16360 aci.pm_ipc_purpose = value.pm_ipc_purpose; 16361 err = rsbac_list_add(lnetobj_handles.pm, 16362 &tid.netobj.sock_p, 16363 &aci); 16364 break; 16365 case A_remote_pm_ipc_purpose: 16366 aci.pm_ipc_purpose = value.pm_ipc_purpose; 16367 err = rsbac_list_add(rnetobj_handles.pm, 16368 &tid.netobj.sock_p, 16369 &aci); 16370 break; 16371 case A_local_pm_object_type: 16372 aci.pm_object_type = value.pm_object_type; 16373 err = rsbac_list_add(lnetobj_handles.pm, 16374 &tid.netobj.sock_p, 16375 &aci); 16376 break; 16377 case A_remote_pm_object_type: 16378 aci.pm_object_type = value.pm_object_type; 16379 err = rsbac_list_add(rnetobj_handles.pm, 16380 &tid.netobj.sock_p, 16381 &aci); 16382 break; 16383 16384 default: 16385 err = -RSBAC_EINVALIDATTR; 16386 } 16387 } 16388 } 16389 break; 16390 #endif /* PM */ 16391 16392 #if defined(CONFIG_RSBAC_RC) 16393 case RC: 16394 { 16395 rsbac_rc_type_id_t type = value.rc_type; 16396 16397 switch(attr) 16398 { 16399 case A_local_rc_type: 16400 err = rsbac_list_add(lnetobj_handles.rc, 16401 &tid.netobj.sock_p, 16402 &type); 16403 break; 16404 16405 case A_remote_rc_type: 16406 err = rsbac_list_add(rnetobj_handles.rc, 16407 &tid.netobj.sock_p, 16408 &type); 16409 break; 16410 16411 default: 16412 err = -RSBAC_EINVALIDATTR; 16413 } 16414 } 16415 break; 16416 #endif /* RC */ 16417 16418 default: 16419 err = -RSBAC_EINVALIDMODULE; 16420 } 16421 break; 16422 #endif /* NET_OBJ */ 16423 16424 /* switch(target): no valid target */ 16425 default: 16426 return(-RSBAC_EINVALIDTARGET); 16427 } 16428 #ifdef CONFIG_RSBAC_XSTATS 16429 if(!err) 16430 set_attr_count[target]++; 16431 #endif 16432 return(err); 16433 }; /* end of rsbac_set_attr() */ 16434 16435 /************************************************************************** */ 16436 16437 #if defined(CONFIG_RSBAC_REG) 16438 EXPORT_SYMBOL(rsbac_remove_target); 16439 #endif 16440 int rsbac_remove_target(enum rsbac_target_t target, 16441 union rsbac_target_id_t tid) 16442 { 16443 int error=0; 16444 struct rsbac_device_list_item_t * device_p; 16445 u_long dflags; 16446 16447 if (!rsbac_initialized) 16448 { 16449 #ifdef CONFIG_RSBAC_RMSG 16450 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n"); 16451 #endif 16452 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 16453 if (!rsbac_nosyslog) 16454 #endif 16455 printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n"); 16456 return(-RSBAC_ENOTINITIALIZED); 16457 } 16458 if (in_interrupt()) 16459 { 16460 printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n"); 16461 } 16462 switch (target) 16463 { 16464 case T_FILE: 16465 case T_DIR: 16466 case T_FIFO: 16467 case T_SYMLINK: 16468 /* 16469 #ifdef CONFIG_RSBAC_DEBUG 16470 if (rsbac_debug_ds) 16471 printk(KERN_DEBUG "%s\n", 16472 "rsbac_remove_target(): Removing file/dir/fifo/symlink ACI"); 16473 #endif 16474 */ 16475 #if defined(CONFIG_RSBAC_MAC) 16476 /* file and dir items can also have mac_f_trusets -> remove first */ 16477 if( (target == T_FILE) 16478 || (target == T_DIR) 16479 ) 16480 error = rsbac_mac_remove_f_trusets(tid.file); 16481 #endif 16482 #if defined(CONFIG_RSBAC_AUTH) 16483 /* file and dir items can also have auth_f_capsets -> remove first */ 16484 if( (target == T_FILE) 16485 || (target == T_DIR) 16486 ) 16487 error = rsbac_auth_remove_f_capsets(tid.file); 16488 #endif 16489 #if defined(CONFIG_RSBAC_ACL) 16490 /* items can also have an acl_fd_item -> remove first */ 16491 error = rsbac_acl_remove_acl(target, tid); 16492 #endif 16493 /* wait for read access to device_list_head */ 16494 rsbac_read_lock(&device_list_head.lock, &dflags); 16495 /* OK, go on */ 16496 16497 /* lookup device */ 16498 device_p = lookup_device(tid.file.device); 16499 if (!device_p) 16500 { 16501 struct super_block * sb_p; 16502 16503 rsbac_read_unlock(&device_list_head.lock, &dflags); 16504 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 16505 sb_p = user_get_super(tid.file.device); 16506 #else 16507 sb_p = get_super(tid.file.device); 16508 #endif 16509 if(sb_p) 16510 { 16511 #ifdef CONFIG_RSBAC_RMSG 16512 rsbac_printk(KERN_INFO 16513 "rsbac_remove_target(): auto-mounting device %02u:%02u\n", 16514 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 16515 #endif 16516 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 16517 if (!rsbac_nosyslog) 16518 #endif 16519 printk(KERN_INFO 16520 "rsbac_remove_target(): auto-mounting device %02u:%02u\n", 16521 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 16522 rsbac_mount(sb_p, NULL); 16523 /* free super_block pointer */ 16524 drop_super(sb_p); 16525 rsbac_read_lock(&device_list_head.lock, &dflags); 16526 device_p = lookup_device(tid.file.device); 16527 if (!device_p) 16528 { 16529 #ifdef CONFIG_RSBAC_RMSG 16530 rsbac_printk(KERN_WARNING 16531 "rsbac_remove_target(): unknown device %02u:%02u\n", 16532 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 16533 #endif 16534 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 16535 if (!rsbac_nosyslog) 16536 #endif 16537 printk(KERN_WARNING 16538 "rsbac_remove_target(): unknown device %02u:%02u\n", 16539 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device)); 16540 rsbac_read_unlock(&device_list_head.lock, &dflags); 16541 return -RSBAC_EINVALIDDEV; 16542 } 16543 } 16544 else 16545 return -RSBAC_EINVALIDDEV; 16546 } 16547 rsbac_list_remove(device_p->handles.gen[gen_fd_hash(tid.file.inode)], 16548 &tid.file.inode); 16549 #if defined(CONFIG_RSBAC_MAC) 16550 rsbac_list_remove(device_p->handles.mac[mac_fd_hash(tid.file.inode)], 16551 &tid.file.inode); 16552 #endif 16553 #if defined(CONFIG_RSBAC_FC) 16554 rsbac_list_remove(device_p->handles.fc[fc_fd_hash(tid.file.inode)], 16555 &tid.file.inode); 16556 #endif 16557 #if defined(CONFIG_RSBAC_SIM) 16558 rsbac_list_remove(device_p->handles.sim[sim_fd_hash(tid.file.inode)], 16559 &tid.file.inode); 16560 #endif 16561 #if defined(CONFIG_RSBAC_PM) 16562 rsbac_list_remove(device_p->handles.pm[pm_fd_hash(tid.file.inode)], 16563 &tid.file.inode); 16564 #endif 16565 #if defined(CONFIG_RSBAC_DAZ) 16566 rsbac_list_remove(device_p->handles.daz[daz_fd_hash(tid.file.inode)], 16567 &tid.file.inode); 16568 #if defined(CONFIG_RSBAC_DAZ_CACHE) 16569 rsbac_list_remove(device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)], 16570 &tid.file.inode); 16571 #endif 16572 #endif 16573 #if defined(CONFIG_RSBAC_FF) 16574 rsbac_list_remove(device_p->handles.ff[ff_fd_hash(tid.file.inode)], 16575 &tid.file.inode); 16576 #endif 16577 #if defined(CONFIG_RSBAC_RC) 16578 rsbac_list_remove(device_p->handles.rc[rc_fd_hash(tid.file.inode)], 16579 &tid.file.inode); 16580 #endif 16581 #if defined(CONFIG_RSBAC_AUTH) 16582 rsbac_list_remove(device_p->handles.auth[auth_fd_hash(tid.file.inode)], 16583 &tid.file.inode); 16584 #endif 16585 #if defined(CONFIG_RSBAC_CAP) 16586 rsbac_list_remove(device_p->handles.cap[cap_fd_hash(tid.file.inode)], 16587 &tid.file.inode); 16588 #endif 16589 #if defined(CONFIG_RSBAC_PAX) 16590 rsbac_list_remove(device_p->handles.pax[pax_fd_hash(tid.file.inode)], 16591 &tid.file.inode); 16592 #endif 16593 #if defined(CONFIG_RSBAC_RES) 16594 rsbac_list_remove(device_p->handles.res[res_fd_hash(tid.file.inode)], 16595 &tid.file.inode); 16596 #endif 16597 16598 /* free access to device_list_head */ 16599 rsbac_read_unlock(&device_list_head.lock, &dflags); 16600 break; 16601 16602 case T_DEV: 16603 { 16604 struct rsbac_dev_desc_t dev_desc; 16605 16606 dev_desc.type = tid.dev.type; 16607 dev_desc.major = RSBAC_MAJOR(tid.dev.id); 16608 dev_desc.minor = RSBAC_MINOR(tid.dev.id); 16609 /* 16610 #ifdef CONFIG_RSBAC_DEBUG 16611 if (rsbac_debug_ds) printk(KERN_DEBUG "%s\n", 16612 "rsbac_remove_target(): Removing dev ACI"); 16613 #endif 16614 */ 16615 rsbac_list_remove(dev_handles.gen, 16616 &dev_desc); 16617 #if defined(CONFIG_RSBAC_MAC) 16618 rsbac_list_remove(dev_handles.mac, 16619 &dev_desc); 16620 #endif 16621 #if defined(CONFIG_RSBAC_FC) 16622 rsbac_list_remove(dev_handles.fc, 16623 &dev_desc); 16624 #endif 16625 #if defined(CONFIG_RSBAC_SIM) 16626 rsbac_list_remove(dev_handles.sim, 16627 &dev_desc); 16628 #endif 16629 #if defined(CONFIG_RSBAC_PM) 16630 rsbac_list_remove(dev_handles.pm, 16631 &dev_desc); 16632 #endif 16633 #if defined(CONFIG_RSBAC_RC) 16634 rsbac_list_remove(dev_handles.rc, 16635 &dev_desc); 16636 #endif 16637 } 16638 break; 16639 16640 case T_IPC: 16641 /* 16642 #ifdef CONFIG_RSBAC_DEBUG 16643 if (rsbac_debug_ds) 16644 printk(KERN_DEBUG 16645 "rsbac_remove_target(): Removing ipc ACI\n"); 16646 #endif 16647 */ 16648 #if defined(CONFIG_RSBAC_MAC) 16649 rsbac_list_remove(ipc_handles.mac, 16650 &tid.ipc); 16651 #endif 16652 #if defined(CONFIG_RSBAC_FC) 16653 rsbac_list_remove(ipc_handles.fc, 16654 &tid.ipc); 16655 #endif 16656 #if defined(CONFIG_RSBAC_SIM) 16657 rsbac_list_remove(ipc_handles.sim, 16658 &tid.ipc); 16659 #endif 16660 #if defined(CONFIG_RSBAC_PM) 16661 rsbac_list_remove(ipc_handles.pm, 16662 &tid.ipc); 16663 #endif 16664 #if defined(CONFIG_RSBAC_RC) 16665 rsbac_list_remove(ipc_handles.rc, 16666 &tid.ipc); 16667 #endif 16668 #if defined(CONFIG_RSBAC_JAIL) 16669 rsbac_list_remove(ipc_handles.jail, 16670 &tid.ipc); 16671 #endif 16672 break; 16673 16674 case T_USER: 16675 /* 16676 #ifdef CONFIG_RSBAC_DEBUG 16677 if (rsbac_debug_ds) printk(KERN_DEBUG "%s\n", 16678 "rsbac_remove_target(): Removing user ACI"); 16679 #endif 16680 */ 16681 rsbac_list_remove(user_handles.gen, 16682 &tid.user); 16683 #if defined(CONFIG_RSBAC_MAC) 16684 rsbac_list_remove(user_handles.mac, 16685 &tid.user); 16686 #endif 16687 #if defined(CONFIG_RSBAC_FC) 16688 rsbac_list_remove(user_handles.fc, 16689 &tid.user); 16690 #endif 16691 #if defined(CONFIG_RSBAC_SIM) 16692 rsbac_list_remove(user_handles.sim, 16693 &tid.user); 16694 #endif 16695 #if defined(CONFIG_RSBAC_PM) 16696 rsbac_list_remove(user_handles.pm, 16697 &tid.user); 16698 #endif 16699 #if defined(CONFIG_RSBAC_DAZ) 16700 rsbac_list_remove(user_handles.daz, 16701 &tid.user); 16702 #endif 16703 #if defined(CONFIG_RSBAC_FF) 16704 rsbac_list_remove(user_handles.ff, 16705 &tid.user); 16706 #endif 16707 #if defined(CONFIG_RSBAC_RC) 16708 rsbac_list_remove(user_handles.rc, 16709 &tid.user); 16710 #endif 16711 #if defined(CONFIG_RSBAC_AUTH) 16712 rsbac_list_remove(user_handles.auth, 16713 &tid.user); 16714 #endif 16715 #if defined(CONFIG_RSBAC_CAP) 16716 rsbac_list_remove(user_handles.cap, 16717 &tid.user); 16718 #endif 16719 #if defined(CONFIG_RSBAC_JAIL) 16720 rsbac_list_remove(user_handles.jail, 16721 &tid.user); 16722 #endif 16723 #if defined(CONFIG_RSBAC_PAX) 16724 rsbac_list_remove(user_handles.pax, 16725 &tid.user); 16726 #endif 16727 #if defined(CONFIG_RSBAC_RES) 16728 rsbac_list_remove(user_handles.res, 16729 &tid.user); 16730 #endif 16731 break; 16732 16733 case T_PROCESS: 16734 /* too noisy... kicked out. 16735 #ifdef CONFIG_RSBAC_DEBUG 16736 if (rsbac_debug_ds) 16737 printk(KERN_DEBUG 16738 "rsbac_remove_target(): Removing process ACI\n"); 16739 #endif 16740 */ 16741 #if defined(CONFIG_RSBAC_ACL) 16742 /* process items can also have an acl_p_item -> remove first */ 16743 error = rsbac_acl_remove_acl(target, tid); 16744 #endif 16745 rsbac_list_remove(process_handles.gen, 16746 &tid.process); 16747 #if defined(CONFIG_RSBAC_MAC) 16748 /* process items can also have mac_p_trusets -> remove first */ 16749 error = rsbac_mac_remove_p_trusets(tid.process); 16750 rsbac_list_remove(process_handles.mac[mac_p_hash(tid.process)], 16751 &tid.process); 16752 #endif 16753 #if defined(CONFIG_RSBAC_PM) 16754 rsbac_list_remove(process_handles.pm, 16755 &tid.process); 16756 #endif 16757 #if defined(CONFIG_RSBAC_DAZ) 16758 rsbac_list_remove(process_handles.daz, 16759 &tid.process); 16760 #endif 16761 #if defined(CONFIG_RSBAC_RC) 16762 rsbac_list_remove(process_handles.rc[rc_p_hash(tid.process)], 16763 &tid.process); 16764 #endif 16765 #if defined(CONFIG_RSBAC_AUTH) 16766 /* process items can also have auth_p_capsets -> remove first */ 16767 error = rsbac_auth_remove_p_capsets(tid.process); 16768 rsbac_list_remove(process_handles.auth, 16769 &tid.process); 16770 #endif 16771 #if defined(CONFIG_RSBAC_CAP) 16772 rsbac_list_remove(process_handles.cap, 16773 &tid.process); 16774 #endif 16775 #if defined(CONFIG_RSBAC_JAIL) 16776 rsbac_list_remove(process_handles.jail[jail_p_hash(tid.process)], 16777 &tid.process); 16778 #endif 16779 break; 16780 16781 #ifdef CONFIG_RSBAC_NET_DEV 16782 case T_NETDEV: 16783 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 16784 rsbac_list_remove(netdev_handles.gen, 16785 &tid.netdev); 16786 #endif 16787 #if defined(CONFIG_RSBAC_RC) 16788 rsbac_list_remove(netdev_handles.rc, 16789 &tid.netdev); 16790 #endif 16791 break; 16792 #endif 16793 16794 #ifdef CONFIG_RSBAC_NET_OBJ 16795 case T_NETTEMP: 16796 /* too noisy... kicked out. 16797 #ifdef CONFIG_RSBAC_DEBUG 16798 if (rsbac_debug_ds) 16799 printk(KERN_DEBUG 16800 "rsbac_remove_target(): Removing nettemp ACI\n"); 16801 #endif 16802 */ 16803 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG) 16804 rsbac_list_remove(nettemp_handles.gen, 16805 &tid.nettemp); 16806 #endif 16807 #if defined(CONFIG_RSBAC_MAC) 16808 rsbac_list_remove(nettemp_handles.mac, 16809 &tid.nettemp); 16810 #endif 16811 #if defined(CONFIG_RSBAC_FC) 16812 rsbac_list_remove(nettemp_handles.fc, 16813 &tid.nettemp); 16814 #endif 16815 #if defined(CONFIG_RSBAC_SIM) 16816 rsbac_list_remove(nettemp_handles.sim, 16817 &tid.nettemp); 16818 #endif 16819 #if defined(CONFIG_RSBAC_PM) 16820 rsbac_list_remove(nettemp_handles.pm, 16821 &tid.nettemp); 16822 #endif 16823 #if defined(CONFIG_RSBAC_RC) 16824 rsbac_list_remove(nettemp_handles.rc, 16825 &tid.nettemp); 16826 #endif 16827 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT) 16828 rsbac_acl_remove_acl(T_NETTEMP_NT, 16829 tid); 16830 rsbac_acl_remove_acl(T_NETTEMP, 16831 tid); 16832 #endif 16833 break; 16834 16835 case T_NETOBJ: 16836 /* too noisy... kicked out. 16837 #ifdef CONFIG_RSBAC_DEBUG 16838 if (rsbac_debug_ds) 16839 printk(KERN_DEBUG 16840 "rsbac_remove_target(): Removing netobj ACI\n"); 16841 #endif 16842 */ 16843 #if defined(CONFIG_RSBAC_MAC) 16844 rsbac_list_remove(lnetobj_handles.mac, 16845 &tid.netobj.sock_p); 16846 rsbac_list_remove(rnetobj_handles.mac, 16847 &tid.netobj.sock_p); 16848 #endif 16849 #if defined(CONFIG_RSBAC_FC) 16850 rsbac_list_remove(lnetobj_handles.fc, 16851 &tid.netobj.sock_p); 16852 rsbac_list_remove(rnetobj_handles.fc, 16853 &tid.netobj.sock_p); 16854 #endif 16855 #if defined(CONFIG_RSBAC_SIM) 16856 rsbac_list_remove(lnetobj_handles.sim, 16857 &tid.netobj.sock_p); 16858 rsbac_list_remove(rnetobj_handles.sim, 16859 &tid.netobj.sock_p); 16860 #endif 16861 #if defined(CONFIG_RSBAC_PM) 16862 rsbac_list_remove(lnetobj_handles.pm, 16863 &tid.netobj.sock_p); 16864 rsbac_list_remove(rnetobj_handles.pm, 16865 &tid.netobj.sock_p); 16866 #endif 16867 #if defined(CONFIG_RSBAC_RC) 16868 rsbac_list_remove(lnetobj_handles.rc, 16869 &tid.netobj.sock_p); 16870 rsbac_list_remove(rnetobj_handles.rc, 16871 &tid.netobj.sock_p); 16872 #endif 16873 break; 16874 16875 #endif /* NET_OBJ */ 16876 16877 default: 16878 return(-RSBAC_EINVALIDTARGET); 16879 } 16880 #ifdef CONFIG_RSBAC_XSTATS 16881 remove_count[target]++; 16882 #endif 16883 return(error); 16884 }; /* end of rsbac_remove_target() */ 16885 16886 16887 #ifdef CONFIG_RSBAC_NET_DEV 16888 int rsbac_net_list_all_netdev(rsbac_netdev_id_t ** id_pp) 16889 { 16890 int count=0; 16891 int tmp_count; 16892 16893 if(id_pp) 16894 { 16895 rsbac_netdev_id_t * i_id_p = NULL; 16896 char * pos = NULL; 16897 int i_count = 0; 16898 #if defined(CONFIG_RSBAC_RC) 16899 u_int i; 16900 #endif 16901 16902 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 16903 tmp_count = rsbac_list_count(netdev_handles.gen); 16904 if(tmp_count > 0) 16905 i_count += tmp_count; 16906 #endif 16907 #if defined(CONFIG_RSBAC_RC) 16908 tmp_count = rsbac_list_count(netdev_handles.rc); 16909 if(tmp_count > 0) 16910 i_count += tmp_count; 16911 #endif 16912 if(i_count > 0) 16913 { 16914 i_count += 20; /* max value to expect */ 16915 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp)); 16916 if(!*id_pp) 16917 return -RSBAC_ENOMEM; 16918 pos = (char *) *id_pp; 16919 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 16920 tmp_count = rsbac_list_get_all_desc(netdev_handles.gen, (void **) &i_id_p); 16921 if(tmp_count > 0) 16922 { 16923 if(tmp_count > i_count) 16924 tmp_count = i_count; 16925 memcpy(pos, i_id_p, tmp_count * sizeof(*i_id_p)); 16926 rsbac_vfree(i_id_p); 16927 count = tmp_count; 16928 i_count -= tmp_count; 16929 pos += tmp_count * sizeof(*i_id_p); 16930 } 16931 #endif 16932 #if defined(CONFIG_RSBAC_RC) 16933 if(i_count) 16934 { 16935 tmp_count = rsbac_list_get_all_desc(netdev_handles.rc, (void **) &i_id_p); 16936 if(tmp_count > 0) 16937 { 16938 if(tmp_count > i_count) 16939 tmp_count = i_count; 16940 for(i=0; i< tmp_count; i++) 16941 { 16942 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 16943 if(!rsbac_list_exist(netdev_handles.gen, &i_id_p[i])) 16944 #endif 16945 { 16946 memcpy(pos, &i_id_p[i], sizeof(*i_id_p)); 16947 pos += sizeof(*i_id_p); 16948 count++; 16949 } 16950 } 16951 rsbac_vfree(i_id_p); 16952 } 16953 } 16954 #endif 16955 if(!count) 16956 rsbac_vfree(*id_pp); 16957 } 16958 } 16959 else 16960 { 16961 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) 16962 tmp_count = rsbac_list_count(netdev_handles.gen); 16963 if(tmp_count > 0) 16964 count += tmp_count; 16965 #endif 16966 #if defined(CONFIG_RSBAC_RC) 16967 tmp_count = rsbac_list_count(netdev_handles.rc); 16968 if(tmp_count > 0) 16969 count += tmp_count; 16970 #endif 16971 } 16972 return count; 16973 } 16974 #endif 16975 16976 #ifdef CONFIG_RSBAC_NET_OBJ 16977 /* Get a template id from a net description */ 16978 int rsbac_net_get_id (struct rsbac_net_description_t desc, 16979 rsbac_net_temp_id_t * id_p) 16980 { 16981 if(!rsbac_initialized) 16982 return -RSBAC_ENOTINITIALIZED; 16983 if(!id_p) 16984 return -RSBAC_EINVALIDPOINTER; 16985 if(rsbac_list_get_desc(net_temp_handle, 16986 id_p, 16987 &desc, 16988 rsbac_net_compare_data) 16989 ) 16990 *id_p = RSBAC_NET_UNKNOWN; 16991 return 0; 16992 } 16993 16994 /* get the template ids for a netobj */ 16995 /* set *_temp_p to NULL, if you do not need it */ 16996 int rsbac_net_lookup_templates(struct rsbac_net_obj_desc_t netobj, 16997 rsbac_net_temp_id_t * local_temp_p, 16998 rsbac_net_temp_id_t * remote_temp_p) 16999 { 17000 struct rsbac_net_description_t rsbac_net_desc; 17001 int err=0; 17002 struct net_device *dev; 17003 17004 if(!netobj.sock_p || !netobj.sock_p->sk || !netobj.sock_p->ops) 17005 return -RSBAC_EINVALIDPOINTER; 17006 if(!local_temp_p && !remote_temp_p) 17007 return -RSBAC_EINVALIDVALUE; 17008 17009 rsbac_net_desc.address_family = netobj.sock_p->ops->family; 17010 rsbac_net_desc.type = netobj.sock_p->type; 17011 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 17012 rsbac_net_desc.protocol = netobj.sock_p->sk->sk_protocol; 17013 if(netobj.sock_p->sk->sk_bound_dev_if) 17014 { 17015 dev = dev_get_by_index(netobj.sock_p->sk->sk_bound_dev_if); 17016 #else 17017 rsbac_net_desc.protocol = netobj.sock_p->sk->protocol; 17018 if(netobj.sock_p->sk->bound_dev_if) 17019 { 17020 dev = dev_get_by_index(netobj.sock_p->sk->bound_dev_if); 17021 #endif 17022 if(dev) 17023 { 17024 strcpy(rsbac_net_desc.netdev, dev->name); 17025 dev_put(dev); 17026 } 17027 else 17028 rsbac_net_desc.netdev[0] = RSBAC_NET_UNKNOWN; 17029 } 17030 else 17031 rsbac_net_desc.netdev[0] = RSBAC_NET_UNKNOWN; 17032 if(local_temp_p) 17033 { 17034 switch(rsbac_net_desc.address_family) 17035 { 17036 case AF_INET: 17037 if(netobj.local_addr) 17038 { 17039 struct sockaddr_in * addr = netobj.local_addr; 17040 17041 rsbac_net_desc.address = &addr->sin_addr.s_addr; 17042 rsbac_net_desc.address_len = sizeof(__u32); 17043 rsbac_net_desc.port = ntohs(addr->sin_port); 17044 } 17045 else 17046 { 17047 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 17048 rsbac_net_desc.address = &inet_sk(netobj.sock_p->sk)->rcv_saddr; 17049 rsbac_net_desc.address_len = sizeof(__u32); 17050 rsbac_net_desc.port = inet_sk(netobj.sock_p->sk)->num; 17051 #else 17052 rsbac_net_desc.address = &netobj.sock_p->sk->rcv_saddr; 17053 rsbac_net_desc.address_len = sizeof(__u32); 17054 rsbac_net_desc.port = netobj.sock_p->sk->num; 17055 #endif 17056 } 17057 dev = ip_dev_find(*(__u32 *)rsbac_net_desc.address); 17058 if(dev) 17059 { 17060 strcpy(rsbac_net_desc.netdev, dev->name); 17061 dev_put(dev); 17062 } 17063 break; 17064 case AF_UNIX: 17065 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 17066 if(unix_sk(netobj.sock_p->sk)->addr) 17067 { 17068 rsbac_net_desc.address = unix_sk(netobj.sock_p->sk)->addr->name[0].sun_path; 17069 rsbac_net_desc.address_len = unix_sk(netobj.sock_p->sk)->addr->len; 17070 } 17071 #else 17072 if(netobj.sock_p->sk->protinfo.af_unix.addr) 17073 { 17074 rsbac_net_desc.address = netobj.sock_p->sk->protinfo.af_unix.addr->name[0].sun_path; 17075 rsbac_net_desc.address_len = netobj.sock_p->sk->protinfo.af_unix.addr->len; 17076 } 17077 #endif 17078 else 17079 if(netobj.local_addr) 17080 { 17081 struct sockaddr_un * addr = netobj.local_addr; 17082 17083 if(addr->sun_path) 17084 { 17085 rsbac_net_desc.address = addr->sun_path; 17086 rsbac_net_desc.address_len = strlen(addr->sun_path); 17087 } 17088 else 17089 { 17090 rsbac_net_desc.address = NULL; 17091 rsbac_net_desc.address_len = 0; 17092 } 17093 } 17094 else 17095 { 17096 rsbac_net_desc.address = NULL; 17097 rsbac_net_desc.address_len = 0; 17098 } 17099 break; 17100 17101 default: 17102 rsbac_net_desc.address = NULL; 17103 rsbac_net_desc.port = RSBAC_NET_UNKNOWN; 17104 } 17105 if((err = rsbac_net_get_id(rsbac_net_desc, local_temp_p))) 17106 { 17107 *local_temp_p = 0; 17108 #ifdef CONFIG_RSBAC_RMSG 17109 rsbac_printk(KERN_WARNING 17110 "rsbac_net_lookup_templates(): rsbac_net_get_id for local returned error %u\n", 17111 err); 17112 #endif 17113 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 17114 if (!rsbac_nosyslog) 17115 #endif 17116 printk(KERN_WARNING 17117 "rsbac_net_lookup_templates(): rsbac_net_get_id for local returned error %u\n", 17118 err); 17119 } 17120 #ifdef CONFIG_RSBAC_DEBUG 17121 if( rsbac_debug_ds_net 17122 && (rsbac_net_desc.address_family == AF_INET) 17123 ) 17124 { 17125 #ifdef CONFIG_RSBAC_RMSG 17126 rsbac_printk(KERN_DEBUG 17127 "rsbac_net_lookup_templates(): user %u temp id for local is %u\n", 17128 current->uid, *local_temp_p); 17129 #endif 17130 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 17131 if (!rsbac_nosyslog) 17132 #endif 17133 printk(KERN_DEBUG 17134 "rsbac_net_lookup_templates(): user %u temp id for local is %u\n", 17135 current->uid, *local_temp_p); 17136 } 17137 #endif 17138 } 17139 if(remote_temp_p) 17140 { 17141 switch(rsbac_net_desc.address_family) 17142 { 17143 case AF_INET: 17144 if(netobj.remote_addr) 17145 { 17146 struct sockaddr_in * addr = netobj.remote_addr; 17147 17148 rsbac_net_desc.address = &addr->sin_addr.s_addr; 17149 rsbac_net_desc.address_len = sizeof(__u32); 17150 rsbac_net_desc.port = ntohs(addr->sin_port); 17151 } 17152 else 17153 { 17154 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 17155 rsbac_net_desc.address = &inet_sk(netobj.sock_p->sk)->daddr; 17156 rsbac_net_desc.address_len = sizeof(__u32); 17157 rsbac_net_desc.port = ntohs(inet_sk(netobj.sock_p->sk)->dport); 17158 #else 17159 rsbac_net_desc.address = &netobj.sock_p->sk->daddr; 17160 rsbac_net_desc.address_len = sizeof(__u32); 17161 rsbac_net_desc.port = ntohs(netobj.sock_p->sk->dport); 17162 #endif 17163 } 17164 dev = ip_dev_find(*(__u32 *)rsbac_net_desc.address); 17165 if(dev) 17166 { 17167 strcpy(rsbac_net_desc.netdev, dev->name); 17168 dev_put(dev); 17169 } 17170 break; 17171 case AF_UNIX: 17172 rsbac_net_desc.port = RSBAC_NET_UNKNOWN; 17173 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 17174 if( (unix_sk(netobj.sock_p->sk)->other) 17175 && (unix_sk(unix_sk(netobj.sock_p->sk)->other)->addr) 17176 ) 17177 { 17178 rsbac_net_desc.address 17179 = unix_sk(unix_sk(netobj.sock_p->sk)->other)->addr->name; 17180 rsbac_net_desc.address_len 17181 = unix_sk(unix_sk(netobj.sock_p->sk)->other)->addr->len; 17182 } 17183 #else 17184 if( (netobj.sock_p->sk->protinfo.af_unix.other) 17185 && (netobj.sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr) 17186 ) 17187 { 17188 rsbac_net_desc.address 17189 = netobj.sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr->name; 17190 rsbac_net_desc.address_len 17191 = netobj.sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr->len; 17192 } 17193 #endif 17194 else 17195 if(netobj.remote_addr) 17196 { 17197 struct sockaddr_un * addr = netobj.remote_addr; 17198 17199 if(addr->sun_path) 17200 { 17201 rsbac_net_desc.address = addr->sun_path; 17202 rsbac_net_desc.address_len = strlen(addr->sun_path); 17203 } 17204 else 17205 { 17206 rsbac_net_desc.address = NULL; 17207 rsbac_net_desc.address_len = 0; 17208 } 17209 } 17210 else 17211 { 17212 rsbac_net_desc.address = NULL; 17213 rsbac_net_desc.address_len = 0; 17214 } 17215 break; 17216 17217 default: 17218 rsbac_net_desc.address = NULL; 17219 rsbac_net_desc.address_len = 0; 17220 rsbac_net_desc.port = RSBAC_NET_UNKNOWN; 17221 } 17222 if((err = rsbac_net_get_id(rsbac_net_desc, remote_temp_p))) 17223 { 17224 *remote_temp_p = 0; 17225 #ifdef CONFIG_RSBAC_RMSG 17226 rsbac_printk(KERN_WARNING 17227 "rsbac_net_lookup_templates(): rsbac_net_get_id for remote returned error %u\n", 17228 err); 17229 #endif 17230 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 17231 if (!rsbac_nosyslog) 17232 #endif 17233 printk(KERN_WARNING 17234 "rsbac_net_lookup_templates(): rsbac_net_get_id for remote returned error %u\n", 17235 err); 17236 } 17237 #ifdef CONFIG_RSBAC_DEBUG 17238 if( rsbac_debug_ds_net 17239 && (rsbac_net_desc.address_family == AF_INET) 17240 ) 17241 { 17242 #ifdef CONFIG_RSBAC_RMSG 17243 rsbac_printk(KERN_DEBUG 17244 "rsbac_net_lookup_templates(): user %u temp id for remote is %u\n", 17245 current->uid, *remote_temp_p); 17246 #endif 17247 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG 17248 if (!rsbac_nosyslog) 17249 #endif 17250 printk(KERN_DEBUG 17251 "rsbac_net_lookup_templates(): user %u temp id for remote is %u\n", 17252 current->uid, *remote_temp_p); 17253 } 17254 #endif 17255 } 17256 return 0; 17257 } 17258 17259 void rsbac_net_obj_cleanup(rsbac_net_obj_id_t netobj) 17260 { 17261 union rsbac_target_id_t tid; 17262 17263 tid.netobj.sock_p = netobj; 17264 rsbac_remove_target(T_NETOBJ, tid); 17265 } 17266 17267 int rsbac_net_template(enum rsbac_net_temp_syscall_t call, 17268 rsbac_net_temp_id_t id, 17269 union rsbac_net_temp_syscall_data_t * data_p) 17270 { 17271 struct rsbac_net_temp_data_t int_data = RSBAC_NET_TEMP_DEFAULT_DATA; 17272 int err; 17273 17274 switch(call) 17275 { 17276 case NTS_new_template: 17277 case NTS_check_id: 17278 break; 17279 case NTS_copy_template: 17280 err = rsbac_list_get_data(net_temp_handle, &data_p->id, &int_data); 17281 if(err) 17282 return err; 17283 break; 17284 default: 17285 err = rsbac_list_get_data(net_temp_handle, &id, &int_data); 17286 if(err) 17287 return err; 17288 } 17289 /* get data values from user space */ 17290 switch(call) 17291 { 17292 case NTS_set_address: 17293 memcpy(&int_data.address, &data_p->address, sizeof(int_data.address)); 17294 return rsbac_list_add(net_temp_handle, &id, &int_data); 17295 case NTS_set_address_family: 17296 int_data.address_family = data_p->address_family; 17297 return rsbac_list_add(net_temp_handle, &id, &int_data); 17298 case NTS_set_valid_len: 17299 int_data.valid_len = data_p->valid_len; 17300 return rsbac_list_add(net_temp_handle, &id, &int_data); 17301 case NTS_set_type: 17302 int_data.type = data_p->type; 17303 return rsbac_list_add(net_temp_handle, &id, &int_data); 17304 case NTS_set_protocol: 17305 int_data.protocol = data_p->protocol; 17306 return rsbac_list_add(net_temp_handle, &id, &int_data); 17307 case NTS_set_netdev: 17308 strncpy(int_data.netdev, data_p->netdev, RSBAC_IFNAMSIZ); 17309 int_data.netdev[RSBAC_IFNAMSIZ] = 0; 17310 return rsbac_list_add(net_temp_handle, &id, &int_data); 17311 case NTS_set_min_port: 17312 int_data.min_port = data_p->min_port; 17313 return rsbac_list_add(net_temp_handle, &id, &int_data); 17314 case NTS_set_max_port: 17315 int_data.max_port = data_p->max_port; 17316 return rsbac_list_add(net_temp_handle, &id, &int_data); 17317 case NTS_set_name: 17318 strncpy(int_data.name, data_p->name, RSBAC_NET_TEMP_NAMELEN - 1); 17319 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0; 17320 return rsbac_list_add(net_temp_handle, &id, &int_data); 17321 case NTS_new_template: 17322 if(rsbac_list_exist(net_temp_handle, &id)) 17323 return -RSBAC_EEXISTS; 17324 strncpy(int_data.name, data_p->name, RSBAC_NET_TEMP_NAMELEN - 1); 17325 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0; 17326 return rsbac_list_add(net_temp_handle, &id, &int_data); 17327 case NTS_copy_template: 17328 if(rsbac_list_exist(net_temp_handle, &id)) 17329 return -RSBAC_EEXISTS; 17330 return rsbac_list_add(net_temp_handle, &id, &int_data); 17331 case NTS_delete_template: 17332 return rsbac_list_remove(net_temp_handle, &id); 17333 case NTS_check_id: 17334 if(rsbac_list_exist(net_temp_handle, &id)) 17335 { 17336 data_p->id = id; 17337 return 0; 17338 } 17339 else 17340 return -RSBAC_ENOTFOUND; 17341 case NTS_get_address: 17342 memcpy(&data_p->address, &int_data.address, sizeof(int_data.address)); 17343 return 0; 17344 case NTS_get_address_family: 17345 data_p->address_family = int_data.address_family; 17346 return 0; 17347 case NTS_get_valid_len: 17348 data_p->valid_len = int_data.valid_len; 17349 return 0; 17350 case NTS_get_type: 17351 data_p->type = int_data.type; 17352 return 0; 17353 case NTS_get_protocol: 17354 data_p->protocol = int_data.protocol; 17355 return 0; 17356 case NTS_get_netdev: 17357 strncpy(data_p->netdev, int_data.netdev, RSBAC_IFNAMSIZ); 17358 return 0; 17359 case NTS_get_min_port: 17360 data_p->min_port = int_data.min_port; 17361 return 0; 17362 case NTS_get_max_port: 17363 data_p->max_port = int_data.max_port; 17364 return 0; 17365 case NTS_get_name: 17366 strcpy(data_p->name, int_data.name); 17367 return 0; 17368 17369 default: 17370 return -RSBAC_EINVALIDREQUEST; 17371 } 17372 } 17373 17374 int rsbac_net_list_all_template(rsbac_net_temp_id_t ** id_pp) 17375 { 17376 if(id_pp) 17377 return rsbac_list_get_all_desc(net_temp_handle, (void **) id_pp); 17378 else 17379 return rsbac_list_count(net_temp_handle); 17380 } 17381 17382 int rsbac_net_template_exist(rsbac_net_temp_id_t temp) 17383 { 17384 return rsbac_list_exist(net_temp_handle, &temp); 17385 } 17386 17387 int rsbac_net_remote_request(enum rsbac_adf_request_t request) 17388 { 17389 switch(request) 17390 { 17391 case R_ACCEPT: 17392 case R_CONNECT: 17393 case R_SEND: 17394 case R_RECEIVE: 17395 case R_READ: 17396 case R_WRITE: 17397 return TRUE; 17398 17399 default: 17400 return FALSE; 17401 } 17402 } 17403 17404 #endif /* NET_OBJ */ 17405 17406 #if defined(CONFIG_RSBAC_DAZ_CACHE) 17407 int rsbac_daz_flush_cache(void) 17408 { 17409 struct rsbac_device_list_item_t * device_p; 17410 long dflags; 17411 u_int i; 17412 17413 /* wait for read access to device_list_head */ 17414 rsbac_read_lock(&device_list_head.lock, &dflags); 17415 device_p = device_list_head.head; 17416 while(device_p) 17417 { 17418 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++) 17419 rsbac_list_remove_all(device_p->handles.dazs[i]); 17420 device_p = device_p->next; 17421 } 17422 rsbac_read_unlock(&device_list_head.lock, &dflags); 17423 return 0; 17424 } 17425 #endif 17426 17427 /* end of rsbac_aci_data_structures.c */

Generated on Tue Aug 31 10:05:25 2004 for RSBAC by doxygen 1.3.8