00001
00002
00003
00004
00005
00006
00007
00008
00009
#include <linux/types.h>
00010
#include <linux/sched.h>
00011
#include <linux/mm.h>
00012
#include <linux/init.h>
00013
#include <linux/ext2_fs.h>
00014
#include <asm/uaccess.h>
00015
#include <rsbac/types.h>
00016
#include <rsbac/aci_data_structures.h>
00017
#include <rsbac/acl_data_structures.h>
00018
#include <rsbac/error.h>
00019
#include <rsbac/helpers.h>
00020
#include <rsbac/adf.h>
00021
#include <rsbac/aci.h>
00022
#include <rsbac/acl.h>
00023
#include <rsbac/lists.h>
00024
#include <rsbac/proc_fs.h>
00025
#include <rsbac/getname.h>
00026
#include <rsbac/acl_getname.h>
00027
#include <rsbac/rkmem.h>
00028
#include <rsbac/network.h>
00029
#include <linux/string.h>
00030
#include <linux/smp_lock.h>
00031
00032
00033
00034
00035
00036
00037
00038 static struct rsbac_acl_device_list_head_t device_list_head;
00039
00040 static rsbac_list_handle_t dev_handle =
NULL;
00041 static rsbac_list_handle_t scd_handle =
NULL;
00042 static rsbac_list_handle_t group_handle =
NULL;
00043 static rsbac_list_handle_t gm_handle =
NULL;
00044
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00045
static rsbac_list_handle_t netdev_handle =
NULL;
00046
#endif
00047
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00048
static rsbac_list_handle_t nettemp_nt_handle =
NULL;
00049
static rsbac_list_handle_t nettemp_handle =
NULL;
00050
static rsbac_list_handle_t netobj_handle =
NULL;
00051
#endif
00052
00053 static rsbac_list_handle_t default_fd_handle =
NULL;
00054 static rsbac_list_handle_t default_dev_handle =
NULL;
00055 static rsbac_list_handle_t default_ipc_handle =
NULL;
00056 static rsbac_list_handle_t default_scd_handle =
NULL;
00057 static rsbac_list_handle_t default_u_handle =
NULL;
00058 static rsbac_list_handle_t default_p_handle =
NULL;
00059
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00060
static rsbac_list_handle_t default_netdev_handle =
NULL;
00061
static rsbac_acl_rights_vector_t default_netdev_rights = 0;
00062
#endif
00063
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00064
static rsbac_list_handle_t default_nettemp_nt_handle =
NULL;
00065
static rsbac_list_handle_t default_netobj_handle =
NULL;
00066
static rsbac_acl_rights_vector_t default_nettemp_nt_rights = 0;
00067
static rsbac_acl_rights_vector_t default_netobj_rights = 0;
00068
#endif
00069
00070 static rsbac_acl_group_id_t group_last_new = 0;
00071
00072 static rsbac_acl_rights_vector_t default_fd_rights = 0;
00073 static rsbac_acl_rights_vector_t default_dev_rights = 0;
00074 static rsbac_acl_rights_vector_t default_ipc_rights = 0;
00075 static rsbac_acl_rights_vector_t default_scd_rights = 0;
00076 static rsbac_acl_rights_vector_t default_u_rights = 0;
00077 static rsbac_acl_rights_vector_t default_p_rights = 0;
00078
00079
00080
00081
00082
00083
boolean writable(
struct super_block * sb_p);
00084
00085
00086
00087
00088
00089
00090
00091
00092
00093 static inline int fd_hash(
rsbac_inode_nr_t inode)
00094 {
00095
return(inode %
RSBAC_ACL_NR_FD_LISTS);
00096 }
00097
00098 static int entry_compare(
void * desc1,
void * desc2)
00099 {
00100
int result;
00101
struct rsbac_acl_entry_desc_t * i_desc1 = desc1;
00102
struct rsbac_acl_entry_desc_t * i_desc2 = desc2;
00103
00104 result = memcmp(&i_desc1->subj_type,
00105 &i_desc2->subj_type,
00106
sizeof(i_desc1->subj_type));
00107
if(result)
00108
return result;
00109
else
00110
return memcmp(&i_desc1->subj_id,
00111 &i_desc2->subj_id,
00112
sizeof(i_desc1->subj_id));
00113 }
00114
00115 static int dev_compare(
void * desc1,
void * desc2)
00116 {
00117
int result;
00118
struct rsbac_dev_desc_t * i_desc1 = desc1;
00119
struct rsbac_dev_desc_t * i_desc2 = desc2;
00120
00121 result = memcmp(&i_desc1->type,
00122 &i_desc2->type,
00123
sizeof(i_desc1->type));
00124
if(result)
00125
return result;
00126 result = memcmp(&i_desc1->major,
00127 &i_desc2->major,
00128
sizeof(i_desc1->major));
00129
if(result)
00130
return result;
00131
return memcmp(&i_desc1->minor,
00132 &i_desc2->minor,
00133
sizeof(i_desc1->minor));
00134 }
00135
00136
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00137
static int netdev_compare(
void * desc1,
void * desc2)
00138 {
00139
return strncmp(desc1,
00140 desc2,
00141 RSBAC_IFNAMSIZ);
00142 }
00143
#endif
00144
00145 static int dev_conv(
00146
void * old_desc,
00147
void * old_data,
00148
void * new_desc,
00149
void * new_data)
00150 {
00151
struct rsbac_dev_desc_t *
new = new_desc;
00152
struct rsbac_dev_t * old = old_desc;
00153
00154 memcpy(new_data, old_data,
sizeof(
rsbac_acl_rights_vector_t));
00155
new->type = old->type;
00156
new->major = RSBAC_MAJOR(old->id);
00157
new->minor = RSBAC_MINOR(old->id);
00158
return 0;
00159 }
00160
00161 rsbac_list_conv_function_t *
dev_get_conv(
rsbac_version_t old_version)
00162 {
00163
switch(old_version)
00164 {
00165
case RSBAC_ACL_DEV_OLD_LIST_VERSION:
00166
return dev_conv;
00167
default:
00168
return NULL;
00169 }
00170 }
00171
00172 static int dev_subconv(
00173
void * old_desc,
00174
void * old_data,
00175
void * new_desc,
00176
void * new_data)
00177 {
00178 memcpy(new_desc, old_desc,
sizeof(
struct rsbac_acl_entry_desc_t));
00179 memcpy(new_data, old_data,
sizeof(
rsbac_acl_rights_vector_t));
00180
return 0;
00181 }
00182
00183 rsbac_list_conv_function_t *
dev_get_subconv(
rsbac_version_t old_version)
00184 {
00185
switch(old_version)
00186 {
00187
case RSBAC_ACL_DEV_OLD_LIST_VERSION:
00188
return dev_subconv;
00189
default:
00190
return NULL;
00191 }
00192 }
00193
00194
00195
00196
00197 static int acl_register_fd_lists(
struct rsbac_acl_device_list_item_t * device_p,
00198 kdev_t kdev)
00199 {
00200
char * name;
00201
int err = 0;
00202
int tmperr;
00203
char number[10];
00204 u_int file_no;
00205
struct rsbac_list_lol_info_t lol_info;
00206
rsbac_acl_rights_vector_t def_mask=
RSBAC_ACL_DEFAULT_FD_MASK;
00207
00208
if(!device_p)
00209
return(-
RSBAC_EINVALIDPOINTER);
00210 name =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00211
if(!name)
00212
return -
RSBAC_ENOMEM;
00213
00214
00215
for (file_no = 0; file_no <
RSBAC_ACL_NR_FD_LISTS; file_no++)
00216 {
00217
00218 strcpy(name,
RSBAC_ACL_FD_FILENAME);
00219 strcat(name,
inttostr(number,file_no) );
00220
00221 lol_info.
version =
RSBAC_ACL_FD_LIST_VERSION;
00222 lol_info.
key =
RSBAC_ACL_LIST_KEY;
00223 lol_info.
desc_size =
sizeof(
rsbac_inode_nr_t);
00224 lol_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
00225 lol_info.
subdesc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
00226 lol_info.
subdata_size =
sizeof(
rsbac_acl_rights_vector_t);
00227 lol_info.
max_age = 0;
00228 tmperr =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00229 &(device_p->
handles[file_no]),
00230 &lol_info,
00231
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
00232
rsbac_list_compare_u32,
00233
entry_compare,
00234
NULL,
00235
NULL,
00236 &def_mask,
00237
NULL,
00238 name,
00239 kdev);
00240
if(tmperr)
00241 {
00242
char * tmp;
00243
00244 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00245
if(tmp)
00246 {
00247
#ifdef CONFIG_RSBAC_RMSG
00248
rsbac_printk(KERN_WARNING
00249
"acl_register_fd_lists(): registering list %u for device %02u:%02u failed with error %s!\n",
00250 file_no,
00251 RSBAC_MAJOR(kdev),
00252 RSBAC_MINOR(kdev),
00253
get_error_name(tmp, tmperr));
00254
#endif
00255
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00256
if (!rsbac_nosyslog)
00257
#endif
00258
printk(KERN_WARNING
00259
"acl_register_fd_lists(): registering list %u for device %02u:%02u failed with error %s!\n",
00260 file_no,
00261 RSBAC_MAJOR(kdev),
00262 RSBAC_MINOR(kdev),
00263
get_error_name(tmp, tmperr));
00264
rsbac_kfree(tmp);
00265 }
00266 err = tmperr;
00267 }
00268 }
00269
return err;
00270 }
00271
00272
00273
00274
00275 static int acl_detach_fd_lists(
struct rsbac_acl_device_list_item_t * device_p)
00276 {
00277
char * name;
00278
int err = 0;
00279
int tmperr;
00280
char number[10];
00281 u_int file_no;
00282
00283
if(!device_p)
00284
return(-
RSBAC_EINVALIDPOINTER);
00285 name =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00286
if(!name)
00287
return -
RSBAC_ENOMEM;
00288
00289
00290
for (file_no = 0; file_no <
RSBAC_ACL_NR_FD_LISTS; file_no++)
00291 {
00292
00293 strcpy(name,
RSBAC_ACL_FD_FILENAME);
00294 strcat(name,
inttostr(number,file_no) );
00295
00296 tmperr =
rsbac_list_lol_detach(&device_p->
handles[file_no],
00297
RSBAC_ACL_LIST_KEY);
00298
if(tmperr)
00299 {
00300
char * tmp;
00301
00302 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00303
if(tmp)
00304 {
00305
#ifdef CONFIG_RSBAC_RMSG
00306
rsbac_printk(KERN_WARNING
00307
"acl_detach_fd_lists(): detaching from list %u for device %02u:%02u failed with error %s!\n",
00308 file_no,
00309 RSBAC_MAJOR(device_p->
id),
00310 RSBAC_MINOR(device_p->
id),
00311
get_error_name(tmp, tmperr));
00312
#endif
00313
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00314
if (!rsbac_nosyslog)
00315
#endif
00316
printk(KERN_WARNING
00317
"acl_detach_fd_lists(): detaching from list %u for device %02u:%02u failed with error %s!\n",
00318 file_no,
00319 RSBAC_MAJOR(device_p->
id),
00320 RSBAC_MINOR(device_p->
id),
00321
get_error_name(tmp, tmperr));
00322
rsbac_kfree(tmp);
00323 }
00324 err = tmperr;
00325 }
00326 }
00327
return err;
00328 }
00329
00330
00331
00332
00333
00334
00335 static struct rsbac_acl_device_list_item_t *
acl_lookup_device(kdev_t kdev)
00336 {
00337
struct rsbac_acl_device_list_item_t * curr =
device_list_head.
curr;
00338
00339
00340
if( !curr
00341 || (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00342 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00343 )
00344 {
00345 curr =
device_list_head.
head;
00346
while( curr
00347 && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00348 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00349 )
00350 )
00351 {
00352 curr = curr->
next;
00353 }
00354
if (curr)
00355
device_list_head.
curr=curr;
00356 }
00357
00358
return (curr);
00359 };
00360
00361
00362
00363
00364
00365
00366
00367
00368
static struct rsbac_acl_device_list_item_t
00369 *
create_device_item(kdev_t kdev)
00370 {
00371
struct rsbac_acl_device_list_item_t * new_item_p;
00372
00373
00374
if ( !(new_item_p = (
struct rsbac_acl_device_list_item_t *)
00375
rsbac_kmalloc(
sizeof(*new_item_p)) ) )
00376
return(
NULL);
00377
00378 memset(new_item_p, 0,
sizeof(*new_item_p));
00379 new_item_p->id = kdev;
00380 new_item_p->mount_count = 1;
00381
return(new_item_p);
00382 };
00383
00384
00385
static struct rsbac_acl_device_list_item_t
00386 *
add_device_item(
struct rsbac_acl_device_list_item_t * device_p)
00387 {
00388
if (!device_p)
00389
return(
NULL);
00390
00391
00392
if (!
device_list_head.
head)
00393 {
00394
device_list_head.
head=device_p;
00395
device_list_head.
tail=device_p;
00396
device_list_head.
curr=device_p;
00397
device_list_head.
count=1;
00398 device_p->
prev=
NULL;
00399 device_p->
next=
NULL;
00400 }
00401
else
00402 {
00403 device_p->
prev=
device_list_head.
tail;
00404 device_p->
next=
NULL;
00405
device_list_head.
tail->
next=device_p;
00406
device_list_head.
tail=device_p;
00407
device_list_head.
curr=device_p;
00408
device_list_head.
count++;
00409 };
00410
return(device_p);
00411 };
00412
00413
00414
00415
00416
00417
00418
00419
00420 static void clear_device_item(
struct rsbac_acl_device_list_item_t * device_p)
00421 {
00422
if(!device_p)
00423
return;
00424
00425
00426
acl_detach_fd_lists(device_p);
00427
00428
rsbac_kfree(device_p);
00429 };
00430
00431 static void remove_device_item(kdev_t kdev)
00432 {
00433
struct rsbac_acl_device_list_item_t * item_p;
00434
00435
00436
if ( (item_p =
acl_lookup_device(kdev)) )
00437 {
00438
if (
device_list_head.
head == item_p)
00439 {
00440
if (
device_list_head.
tail == item_p)
00441 {
00442
device_list_head.
head =
NULL;
00443
device_list_head.
tail =
NULL;
00444 }
00445
else
00446 {
00447 item_p->next->prev =
NULL;
00448
device_list_head.
head = item_p->
next;
00449 };
00450 }
00451
else
00452 {
00453
if (
device_list_head.
tail == item_p)
00454 {
00455 item_p->
prev->
next =
NULL;
00456
device_list_head.
tail = item_p->
prev;
00457 }
00458
else
00459 {
00460 item_p->
prev->
next = item_p->
next;
00461 item_p->
next->
prev = item_p->
prev;
00462 };
00463 };
00464
00465
00466
device_list_head.
curr=
NULL;
00467
00468
device_list_head.
count--;
00469
00470
00471
00472
clear_device_item(item_p);
00473 };
00474
00475 };
00476
00477
00478
00479
00480
00481
#if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00482
static int
00483 acl_devices_proc_info(
char *buffer,
char **start, off_t offset,
int length)
00484 {
00485
int len = 0;
00486 off_t pos = 0;
00487 off_t begin = 0;
00488
struct rsbac_acl_device_list_item_t * device_p;
00489 u_long dflags;
00490
00491
if (!
rsbac_is_initialized())
return (-ENOSYS);
00492
00493 len += sprintf(buffer,
"%u RSBAC ACL Devices\n-------------------\n",
00494
device_list_head.
count);
00495
00496
00497 rsbac_read_lock(&
device_list_head.
lock, &dflags);
00498
00499
for (device_p =
device_list_head.
head; device_p; device_p = device_p->
next)
00500 {
00501 len += sprintf(buffer + len,
"%02u:%02u with mount_count = %u\n",
00502 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
00503 device_p->mount_count);
00504 pos = begin + len;
00505
if (pos < offset)
00506 {
00507 len = 0;
00508 begin = pos;
00509 }
00510
if (pos > offset+length)
00511
break;
00512 }
00513
00514
00515 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
00516
00517 *start = buffer + (offset - begin);
00518 len -= (offset - begin);
00519
00520
if (len > length)
00521 len = length;
00522
return len;
00523 }
00524
00525
static int
00526 stats_acl_proc_info(
char *buffer,
char **start, off_t offset,
int length)
00527 {
00528 u_int len = 0;
00529 off_t pos = 0;
00530 off_t begin = 0;
00531
00532 u_int item_count = 0;
00533 u_int member_count = 0;
00534 u_int tmp_count;
00535 u_int i;
00536 u_long dflags;
00537
struct rsbac_acl_device_list_item_t * device_p;
00538
00539
union rsbac_target_id_t rsbac_target_id;
00540
union rsbac_attribute_value_t rsbac_attribute_value;
00541
00542
if (!
rsbac_is_initialized)
00543 {
00544
#ifdef CONFIG_RSBAC_RMSG
00545
rsbac_printk(KERN_WARNING
"stats_acl_proc_info(): RSBAC not initialized\n");
00546
#endif
00547
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00548
if (!rsbac_nosyslog)
00549
#endif
00550
printk(KERN_WARNING
"stats_acl_proc_info(): RSBAC not initialized\n");
00551
return(-
RSBAC_ENOTINITIALIZED);
00552 }
00553
#ifdef CONFIG_RSBAC_DEBUG
00554
if (rsbac_debug_aef_acl)
00555 {
00556
#ifdef CONFIG_RSBAC_RMSG
00557
rsbac_printk(KERN_DEBUG
"stats_acl_proc_info(): calling ADF\n");
00558
#endif
00559
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00560
if (!rsbac_nosyslog)
00561
#endif
00562
printk(KERN_DEBUG
"stats_acl_proc_info(): calling ADF\n");
00563 }
00564
#endif
00565
rsbac_target_id.
scd =
ST_rsbac;
00566 rsbac_attribute_value.
dummy = 0;
00567
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
00568 current->pid,
00569 T_SCD,
00570 rsbac_target_id,
00571 A_none,
00572 rsbac_attribute_value))
00573 {
00574
return -EPERM;
00575 }
00576
00577 len += sprintf(buffer,
"ACL Status\n-----------\n");
00578
00579
00580 rsbac_read_lock(&
device_list_head.
lock, &dflags);
00581 device_p =
device_list_head.
head;
00582
while(device_p)
00583 {
00584
00585 item_count = 0;
00586 member_count = 0;
00587
for(i=0; i<
RSBAC_ACL_NR_FD_LISTS; i++)
00588 {
00589 tmp_count =
rsbac_list_lol_count(device_p->handles[i]);
00590
if(tmp_count > 0)
00591 item_count+=tmp_count;
00592 tmp_count =
rsbac_list_lol_all_subcount(device_p->handles[i]);
00593
if(tmp_count > 0)
00594 member_count += tmp_count;
00595 }
00596 len += sprintf(buffer + len,
"device %02u:%02u has %i file ACLs, sum of %i members\n",
00597 RSBAC_MAJOR(device_p->id),
00598 RSBAC_MINOR(device_p->id),
00599 item_count,
00600 member_count);
00601 pos = begin + len;
00602
if (pos < offset)
00603 {
00604 len = 0;
00605 begin = pos;
00606 }
00607
if (pos > offset+length)
00608 {
00609 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
00610
goto out;
00611 }
00612 device_p = device_p->next;
00613 }
00614
00615 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
00616
00617
00618 len += sprintf(buffer + len,
"%li device ACL items, sum of %li members\n",
00619
rsbac_list_lol_count(dev_handle),
00620
rsbac_list_lol_all_subcount(dev_handle));
00621 pos = begin + len;
00622
if (pos < offset)
00623 {
00624 len = 0;
00625 begin = pos;
00626 }
00627
if (pos > offset+length)
00628
goto out;
00629
00630
00631 len += sprintf(buffer + len,
"%li scd ACL items, sum of %li members\n",
00632
rsbac_list_lol_count(scd_handle),
00633
rsbac_list_lol_all_subcount(scd_handle));
00634 pos = begin + len;
00635
if (pos < offset)
00636 {
00637 len = 0;
00638 begin = pos;
00639 }
00640
if (pos > offset+length)
00641
goto out;
00642
00643
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00644
00645 len += sprintf(buffer + len,
"%li network device ACL items, sum of %li members\n",
00646
rsbac_list_lol_count(netdev_handle),
00647
rsbac_list_lol_all_subcount(netdev_handle));
00648 pos = begin + len;
00649
if (pos < offset)
00650 {
00651 len = 0;
00652 begin = pos;
00653 }
00654
if (pos > offset+length)
00655
goto out;
00656
#endif
00657
00658
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00659
00660 len += sprintf(buffer + len,
"%li network template NT ACL items, sum of %li members\n",
00661
rsbac_list_lol_count(nettemp_nt_handle),
00662
rsbac_list_lol_all_subcount(nettemp_nt_handle));
00663 pos = begin + len;
00664
if (pos < offset)
00665 {
00666 len = 0;
00667 begin = pos;
00668 }
00669
if (pos > offset+length)
00670
goto out;
00671
00672 len += sprintf(buffer + len,
"%li network template ACL items, sum of %li members\n",
00673
rsbac_list_lol_count(nettemp_handle),
00674
rsbac_list_lol_all_subcount(nettemp_handle));
00675 pos = begin + len;
00676
if (pos < offset)
00677 {
00678 len = 0;
00679 begin = pos;
00680 }
00681
if (pos > offset+length)
00682
goto out;
00683
00684 len += sprintf(buffer + len,
"%li network object ACL items, sum of %li members\n",
00685
rsbac_list_lol_count(netobj_handle),
00686
rsbac_list_lol_all_subcount(netobj_handle));
00687 pos = begin + len;
00688
if (pos < offset)
00689 {
00690 len = 0;
00691 begin = pos;
00692 }
00693
if (pos > offset+length)
00694
goto out;
00695
#endif
00696
00697 len += sprintf(buffer + len,
"%li groups, last new is %u\n",
00698
rsbac_list_count(group_handle),
00699 group_last_new);
00700 pos = begin + len;
00701
if (pos < offset)
00702 {
00703 len = 0;
00704 begin = pos;
00705 }
00706
if (pos > offset+length)
00707
goto out;
00708
00709
00710 len += sprintf(buffer + len,
"%li group member items, sum of %li group memberships\n",
00711
rsbac_list_lol_count(gm_handle),
00712
rsbac_list_lol_all_subcount(gm_handle));
00713 pos = begin + len;
00714
if (pos < offset)
00715 {
00716 len = 0;
00717 begin = pos;
00718 }
00719
if (pos > offset+length)
00720
goto out;
00721
00722 out:
00723 *start = buffer + (offset - begin);
00724 len -= (offset - begin);
00725
00726
if (len > length)
00727 len = length;
00728
return len;
00729 }
00730
00731
static int
00732 acl_acllist_proc_info(
char *buffer,
char **start, off_t offset,
int length)
00733 {
00734 u_int len = 0;
00735 off_t pos = 0;
00736 off_t begin = 0;
00737
00738 u_int i,j,k;
00739
char tmp1[80], tmp2[80];
00740 u_int count = 0;
00741
int tmp_count;
00742
int tmp_sub_count;
00743 u_int member_count = 0;
00744 u_long dflags;
00745
struct rsbac_acl_device_list_item_t * device_p;
00746
rsbac_inode_nr_t * fd_desc_p;
00747
struct rsbac_dev_desc_t * dev_desc_p;
00748 __u8 * scd_desc_p;
00749
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
00750
rsbac_netdev_id_t * netdev_desc_p;
00751
#endif
00752
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
00753
rsbac_net_temp_id_t * nettemp_desc_p;
00754
rsbac_net_obj_id_t * netobj_desc_p;
00755
#endif
00756
struct rsbac_acl_entry_desc_t * sub_desc_p;
00757
rsbac_acl_rights_vector_t rights;
00758
00759
union rsbac_target_id_t rsbac_target_id;
00760
union rsbac_attribute_value_t rsbac_attribute_value;
00761
00762
if (!
rsbac_is_initialized)
00763 {
00764
#ifdef CONFIG_RSBAC_RMSG
00765
rsbac_printk(KERN_WARNING
"acl_acllist_proc_info(): RSBAC not initialized\n");
00766
#endif
00767
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00768
if (!rsbac_nosyslog)
00769
#endif
00770
printk(KERN_WARNING
"acl_acllist_proc_info(): RSBAC not initialized\n");
00771
return(-
RSBAC_ENOTINITIALIZED);
00772 }
00773
#ifdef CONFIG_RSBAC_DEBUG
00774
if (rsbac_debug_aef_acl)
00775 {
00776
#ifdef CONFIG_RSBAC_RMSG
00777
rsbac_printk(KERN_DEBUG
"acl_acllist_proc_info(): calling ADF\n");
00778
#endif
00779
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00780
if (!rsbac_nosyslog)
00781 printk(KERN_DEBUG
"acl_acllist_proc_info(): calling ADF\n");
00782
#endif
00783
}
00784
#endif
00785
rsbac_target_id.
scd =
ST_rsbac;
00786 rsbac_attribute_value.
dummy = 0;
00787
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
00788 current->pid,
00789 T_SCD,
00790 rsbac_target_id,
00791 A_none,
00792 rsbac_attribute_value))
00793 {
00794
return -EPERM;
00795 }
00796
00797 len += sprintf(buffer,
"ACL Lists\n----------\n");
00798
00799 len += sprintf(buffer + len,
00800
"Default FD ACL: %li members:",
00801
rsbac_list_count(default_fd_handle));
00802 pos = begin + len;
00803
if (pos < offset)
00804 {
00805 len = 0;
00806 begin = pos;
00807 }
00808
if (pos > offset+length)
00809
goto out;
00810 tmp_count =
rsbac_list_get_all_desc(default_fd_handle, (
void **) &sub_desc_p);
00811
if(tmp_count > 0)
00812 {
00813
for(i=0; i<tmp_count; i++)
00814 {
00815 len += sprintf(buffer + len,
" %s %u,",
00816
get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
00817 sub_desc_p[i].subj_id);
00818 pos = begin + len;
00819
if (pos < offset)
00820 {
00821 len = 0;
00822 begin = pos;
00823 }
00824
if (pos > offset+length)
00825 {
00826
rsbac_vfree(sub_desc_p);
00827
goto out;
00828 }
00829 }
00830
rsbac_vfree(sub_desc_p);
00831 }
00832
00833
00834 len += sprintf(buffer + len,
"\nDefault Device ACL: %li members:",
00835
rsbac_list_count(default_dev_handle));
00836 pos = begin + len;
00837
if (pos < offset)
00838 {
00839 len = 0;
00840 begin = pos;
00841 }
00842
if (pos > offset+length)
00843
goto out;
00844 tmp_count =
rsbac_list_get_all_desc(default_dev_handle, (
void **) &sub_desc_p);
00845
if(tmp_count > 0)
00846 {
00847
for(i=0; i<tmp_count; i++)
00848 {
00849 len += sprintf(buffer + len,
" %s %u,",
00850
get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
00851 sub_desc_p[i].subj_id);
00852 pos = begin + len;
00853
if (pos < offset)
00854 {
00855 len = 0;
00856 begin = pos;
00857 }
00858
if (pos > offset+length)
00859 {
00860
rsbac_vfree(sub_desc_p);
00861
goto out;
00862 }
00863 }
00864
rsbac_vfree(sub_desc_p);
00865 }
00866
00867
00868 len += sprintf(buffer + len,
"\nDefault IPC ACL: %li members:",
00869
rsbac_list_count(default_ipc_handle));
00870 pos = begin + len;
00871
if (pos < offset)
00872 {
00873 len = 0;
00874 begin = pos;
00875 }
00876
if (pos > offset+length)
00877
goto out;
00878 tmp_count =
rsbac_list_get_all_desc(default_ipc_handle, (
void **) &sub_desc_p);
00879
if(tmp_count > 0)
00880 {
00881
for(i=0; i<tmp_count; i++)
00882 {
00883 len += sprintf(buffer + len,
" %s %u,",
00884
get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
00885 sub_desc_p[i].subj_id);
00886 pos = begin + len;
00887
if (pos < offset)
00888 {
00889 len = 0;
00890 begin = pos;
00891 }
00892
if (pos > offset+length)
00893 {
00894
rsbac_vfree(sub_desc_p);
00895
goto out;
00896 }
00897 }
00898
rsbac_vfree(sub_desc_p);
00899 }
00900
00901
00902 len += sprintf(buffer + len,
"\nDefault SCD ACL: %li members:",
00903
rsbac_list_count(default_scd_handle));
00904 pos = begin + len;
00905
if (pos < offset)
00906 {
00907 len = 0;
00908 begin = pos;
00909 }
00910
if (pos > offset+length)
00911
goto out;
00912 tmp_count =
rsbac_list_get_all_desc(default_scd_handle, (
void **) &sub_desc_p);
00913
if(tmp_count > 0)
00914 {
00915
for(i=0; i<tmp_count; i++)
00916 {
00917 len += sprintf(buffer + len,
" %s %u,",
00918
get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
00919 sub_desc_p[i].subj_id);
00920 pos = begin + len;
00921
if (pos < offset)
00922 {
00923 len = 0;
00924 begin = pos;
00925 }
00926
if (pos > offset+length)
00927 {
00928
rsbac_vfree(sub_desc_p);
00929
goto out;
00930 }
00931 }
00932
rsbac_vfree(sub_desc_p);
00933 }
00934
00935
00936 len += sprintf(buffer + len,
"\nDefault User ACL: %li members:",
00937
rsbac_list_count(default_u_handle));
00938 pos = begin + len;
00939
if (pos < offset)
00940 {
00941 len = 0;
00942 begin = pos;
00943 }
00944
if (pos > offset+length)
00945
goto out;
00946 tmp_count =
rsbac_list_get_all_desc(default_u_handle, (
void **) &sub_desc_p);
00947
if(tmp_count > 0)
00948 {
00949
for(i=0; i<tmp_count; i++)
00950 {
00951 len += sprintf(buffer + len,
" %s %u,",
00952
get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
00953 sub_desc_p[i].subj_id);
00954 pos = begin + len;
00955
if (pos < offset)
00956 {
00957 len = 0;
00958 begin = pos;
00959 }
00960
if (pos > offset+length)
00961 {
00962
rsbac_vfree(sub_desc_p);
00963
goto out;
00964 }
00965 }
00966
rsbac_vfree(sub_desc_p);
00967 }
00968
00969
00970 len += sprintf(buffer + len,
"\nDefault Process ACL: %li members:",
00971
rsbac_list_count(default_p_handle));
00972 pos = begin + len;
00973
if (pos < offset)
00974 {
00975 len = 0;
00976 begin = pos;
00977 }
00978
if (pos > offset+length)
00979
goto out;
00980 tmp_count =
rsbac_list_get_all_desc(default_p_handle, (
void **) &sub_desc_p);
00981
if(tmp_count > 0)
00982 {
00983
for(i=0; i<tmp_count; i++)
00984 {
00985 len += sprintf(buffer + len,
" %s %u,",
00986
get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
00987 sub_desc_p[i].subj_id);
00988 pos = begin + len;
00989
if (pos < offset)
00990 {
00991 len = 0;
00992 begin = pos;
00993 }
00994
if (pos > offset+length)
00995 {
00996
rsbac_vfree(sub_desc_p);
00997
goto out;
00998 }
00999 }
01000
rsbac_vfree(sub_desc_p);
01001 }
01002
01003
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
01004
01005 len += sprintf(buffer + len,
"\nDefault Network Device ACL: %li members:",
01006
rsbac_list_count(default_netdev_handle));
01007 pos = begin + len;
01008
if (pos < offset)
01009 {
01010 len = 0;
01011 begin = pos;
01012 }
01013
if (pos > offset+length)
01014
goto out;
01015 tmp_count =
rsbac_list_get_all_desc(default_netdev_handle, (
void **) &sub_desc_p);
01016
if(tmp_count > 0)
01017 {
01018
for(i=0; i<tmp_count; i++)
01019 {
01020 len += sprintf(buffer + len,
" %s %u,",
01021
get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01022 sub_desc_p[i].subj_id);
01023 pos = begin + len;
01024
if (pos < offset)
01025 {
01026 len = 0;
01027 begin = pos;
01028 }
01029
if (pos > offset+length)
01030 {
01031
rsbac_vfree(sub_desc_p);
01032
goto out;
01033 }
01034 }
01035
rsbac_vfree(sub_desc_p);
01036 }
01037
#endif
01038
01039
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
01040
01041 len += sprintf(buffer + len,
"\nDefault Network Template NT ACL: %li members:",
01042
rsbac_list_count(default_nettemp_nt_handle));
01043 pos = begin + len;
01044
if (pos < offset)
01045 {
01046 len = 0;
01047 begin = pos;
01048 }
01049
if (pos > offset+length)
01050
goto out;
01051 tmp_count =
rsbac_list_get_all_desc(default_nettemp_nt_handle, (
void **) &sub_desc_p);
01052
if(tmp_count > 0)
01053 {
01054
for(i=0; i<tmp_count; i++)
01055 {
01056 len += sprintf(buffer + len,
" %s %u,",
01057
get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01058 sub_desc_p[i].subj_id);
01059 pos = begin + len;
01060
if (pos < offset)
01061 {
01062 len = 0;
01063 begin = pos;
01064 }
01065
if (pos > offset+length)
01066 {
01067
rsbac_vfree(sub_desc_p);
01068
goto out;
01069 }
01070 }
01071
rsbac_vfree(sub_desc_p);
01072 }
01073
01074 len += sprintf(buffer + len,
"\nDefault Network Object ACL: %li members:",
01075
rsbac_list_count(default_netobj_handle));
01076 pos = begin + len;
01077
if (pos < offset)
01078 {
01079 len = 0;
01080 begin = pos;
01081 }
01082
if (pos > offset+length)
01083
goto out;
01084 tmp_count =
rsbac_list_get_all_desc(default_netobj_handle, (
void **) &sub_desc_p);
01085
if(tmp_count > 0)
01086 {
01087
for(i=0; i<tmp_count; i++)
01088 {
01089 len += sprintf(buffer + len,
" %s %u,",
01090
get_acl_subject_type_name(tmp1,sub_desc_p[i].subj_type),
01091 sub_desc_p[i].subj_id);
01092 pos = begin + len;
01093
if (pos < offset)
01094 {
01095 len = 0;
01096 begin = pos;
01097 }
01098
if (pos > offset+length)
01099 {
01100
rsbac_vfree(sub_desc_p);
01101
goto out;
01102 }
01103 }
01104
rsbac_vfree(sub_desc_p);
01105 }
01106
#endif
01107
01108 len += sprintf(buffer + len,
"\n\nFile/Dir/Fifo/Symlink ACLs:\n");
01109 pos = begin + len;
01110
if (pos < offset)
01111 {
01112 len = 0;
01113 begin = pos;
01114 }
01115
if (pos > offset+length)
01116
goto out;
01117
01118
01119 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01120 device_p =
device_list_head.
head;
01121
while(device_p)
01122 {
01123
01124 count = 0;
01125 member_count = 0;
01126 len += sprintf(buffer + len,
"\nDevice %02u:%02u\n inode count mask+members",
01127 RSBAC_MAJOR(device_p->id),
01128 RSBAC_MINOR(device_p->id));
01129 pos = begin + len;
01130
if (pos < offset)
01131 {
01132 len = 0;
01133 begin = pos;
01134 }
01135
if (pos > offset+length)
01136 {
01137 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01138
goto out;
01139 }
01140
for(i=0; i<
RSBAC_ACL_NR_FD_LISTS; i++)
01141 {
01142 tmp_count =
rsbac_list_lol_get_all_desc(device_p->handles[i], (
void **) &fd_desc_p);
01143
if(tmp_count > 0)
01144 {
01145
for(j=0; j<tmp_count; j++)
01146 {
01147 len += sprintf(buffer + len,
"\n%6u\t %li\t",
01148 fd_desc_p[j],
01149
rsbac_list_lol_subcount(device_p->handles[i], &fd_desc_p[j]));
01150 pos = begin + len;
01151
if (pos < offset)
01152 {
01153 len = 0;
01154 begin = pos;
01155 }
01156
if (pos > offset+length)
01157 {
01158
rsbac_vfree(fd_desc_p);
01159 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01160
goto out;
01161 }
01162
if(!
rsbac_list_lol_get_data(device_p->handles[i], &fd_desc_p[j], &rights))
01163 {
01164 len += sprintf(buffer + len,
"%s\n\t\t",
01165
u64tostracl(tmp1, rights));
01166 pos = begin + len;
01167
if (pos < offset)
01168 {
01169 len = 0;
01170 begin = pos;
01171 }
01172
if (pos > offset+length)
01173 {
01174
rsbac_vfree(fd_desc_p);
01175 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01176
goto out;
01177 }
01178 }
01179
01180 tmp_sub_count =
rsbac_list_lol_get_all_subdesc(device_p->handles[i], &fd_desc_p[j], (
void **) &sub_desc_p);
01181
if(tmp_sub_count > 0)
01182 {
01183
for(k=0; k<tmp_sub_count; k++)
01184 {
01185 len += sprintf(buffer + len,
"%s %u, ",
01186
get_acl_subject_type_name(tmp1, sub_desc_p[k].subj_type),
01187 sub_desc_p[k].subj_id);
01188 pos = begin + len;
01189
if (pos < offset)
01190 {
01191 len = 0;
01192 begin = pos;
01193 }
01194
if (pos > offset+length)
01195 {
01196
rsbac_vfree(sub_desc_p);
01197
rsbac_vfree(fd_desc_p);
01198 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01199
goto out;
01200 }
01201 }
01202
rsbac_vfree(sub_desc_p);
01203 member_count += tmp_sub_count;
01204 }
01205 }
01206 count += tmp_count;
01207
rsbac_vfree(fd_desc_p);
01208 }
01209 }
01210 len += sprintf(buffer + len,
"\n%u file ACLs, sum of %u members\n",
01211 count,member_count);
01212 pos = begin + len;
01213
if (pos < offset)
01214 {
01215 len = 0;
01216 begin = pos;
01217 }
01218
if (pos > offset+length)
01219 {
01220 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01221
goto out;
01222 }
01223 device_p = device_p->next;
01224 }
01225
01226 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01227
01228
01229 len += sprintf(buffer + len,
"\nDevice ACLs:\ntype+id count mask+members");
01230 pos = begin + len;
01231
if (pos < offset)
01232 {
01233 len = 0;
01234 begin = pos;
01235 }
01236
if (pos > offset+length)
01237
goto out;
01238
01239 member_count = 0;
01240 tmp_count =
rsbac_list_lol_get_all_desc(dev_handle, (
void **) &dev_desc_p);
01241
if(tmp_count > 0)
01242 {
01243
for(i=0; i<tmp_count; i++)
01244 {
01245
if(!
rsbac_list_lol_get_data(dev_handle, &dev_desc_p[i], &rights))
01246 {
01247 len += sprintf(buffer + len,
"\n%c%02u:%02u\t %3li\t%s\n\t\t",
01248
'B' + dev_desc_p[i].type,
01249 dev_desc_p[i].major,
01250 dev_desc_p[i].minor,
01251
rsbac_list_lol_subcount(dev_handle, &dev_desc_p[i]),
01252
u64tostracl(tmp1, rights));
01253 pos = begin + len;
01254
if (pos < offset)
01255 {
01256 len = 0;
01257 begin = pos;
01258 }
01259
if (pos > offset+length)
01260 {
01261
rsbac_vfree(dev_desc_p);
01262
goto out;
01263 }
01264 }
01265 tmp_sub_count =
rsbac_list_lol_get_all_subdesc(dev_handle, &dev_desc_p[i], (
void **) &sub_desc_p);
01266
if(tmp_sub_count > 0)
01267 {
01268
for(j=0; j<tmp_sub_count; j++)
01269 {
01270 len += sprintf(buffer + len,
"%s %u, ",
01271
get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01272 sub_desc_p[j].subj_id);
01273 pos = begin + len;
01274
if (pos < offset)
01275 {
01276 len = 0;
01277 begin = pos;
01278 }
01279
if (pos > offset+length)
01280 {
01281
rsbac_vfree(sub_desc_p);
01282
rsbac_vfree(dev_desc_p);
01283
goto out;
01284 }
01285 }
01286
rsbac_vfree(sub_desc_p);
01287 member_count += tmp_sub_count;
01288 }
01289 }
01290
rsbac_vfree(dev_desc_p);
01291 };
01292 len += sprintf(buffer + len,
"\n\n%i device ACL items, sum of %u members\n",
01293 tmp_count, member_count);
01294 pos = begin + len;
01295
if (pos < offset)
01296 {
01297 len = 0;
01298 begin = pos;
01299 }
01300
if (pos > offset+length)
01301
goto out;
01302
01303
01304 member_count = 0;
01305 len += sprintf(buffer + len,
"\nSCD ACLs:\nname count mask+members");
01306 pos = begin + len;
01307
if (pos < offset)
01308 {
01309 len = 0;
01310 begin = pos;
01311 }
01312
if (pos > offset+length)
01313
goto out;
01314
01315 tmp_count =
rsbac_list_lol_get_all_desc(scd_handle, (
void **) &scd_desc_p);
01316
if(tmp_count > 0)
01317 {
01318
for(i=0; i<tmp_count; i++)
01319 {
01320
if(!
rsbac_list_lol_get_data(scd_handle, &scd_desc_p[i], &rights))
01321 {
01322 len += sprintf(buffer + len,
"\n%-16s %3li\t%s\n\t\t\t",
01323
get_acl_scd_type_name(tmp1, scd_desc_p[i]),
01324
rsbac_list_lol_subcount(scd_handle, &scd_desc_p[i]),
01325
u64tostracl(tmp2, rights));
01326 pos = begin + len;
01327
if (pos < offset)
01328 {
01329 len = 0;
01330 begin = pos;
01331 }
01332
if (pos > offset+length)
01333 {
01334
rsbac_vfree(scd_desc_p);
01335
goto out;
01336 }
01337 }
01338 tmp_sub_count =
rsbac_list_lol_get_all_subdesc(scd_handle, &scd_desc_p[i], (
void **) &sub_desc_p);
01339
if(tmp_sub_count > 0)
01340 {
01341
for(j=0; j<tmp_sub_count; j++)
01342 {
01343 len += sprintf(buffer + len,
"%s %u, ",
01344
get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01345 sub_desc_p[j].subj_id);
01346 pos = begin + len;
01347
if (pos < offset)
01348 {
01349 len = 0;
01350 begin = pos;
01351 }
01352
if (pos > offset+length)
01353 {
01354
rsbac_vfree(sub_desc_p);
01355
rsbac_vfree(scd_desc_p);
01356
goto out;
01357 }
01358 }
01359
rsbac_vfree(sub_desc_p);
01360 member_count += tmp_sub_count;
01361 }
01362 }
01363
rsbac_vfree(scd_desc_p);
01364 };
01365 len += sprintf(buffer + len,
"\n\n%u SCD ACL items, sum of %u members\n",
01366 tmp_count, member_count);
01367 pos = begin + len;
01368
if (pos < offset)
01369 {
01370 len = 0;
01371 begin = pos;
01372 }
01373
if (pos > offset+length)
01374
goto out;
01375
01376
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
01377
01378 len += sprintf(buffer + len,
"\nNetwork Device ACLs:\nname\t\t count mask+members");
01379 pos = begin + len;
01380
if (pos < offset)
01381 {
01382 len = 0;
01383 begin = pos;
01384 }
01385
if (pos > offset+length)
01386
goto out;
01387
01388 member_count = 0;
01389 tmp_count =
rsbac_list_lol_get_all_desc(netdev_handle, (
void **) &netdev_desc_p);
01390
if(tmp_count > 0)
01391 {
01392
for(i=0; i<tmp_count; i++)
01393 {
01394
if(!
rsbac_list_lol_get_data(netdev_handle, &netdev_desc_p[i], &rights))
01395 {
01396 len += sprintf(buffer + len,
"\n%-16s %3li\t %s\n\t\t",
01397 netdev_desc_p[i],
01398
rsbac_list_lol_subcount(netdev_handle, &netdev_desc_p[i]),
01399
u64tostracl(tmp1, rights));
01400 pos = begin + len;
01401
if (pos < offset)
01402 {
01403 len = 0;
01404 begin = pos;
01405 }
01406
if (pos > offset+length)
01407 {
01408
rsbac_vfree(netdev_desc_p);
01409
goto out;
01410 }
01411 }
01412 tmp_sub_count =
rsbac_list_lol_get_all_subdesc(netdev_handle, &netdev_desc_p[i], (
void **) &sub_desc_p);
01413
if(tmp_sub_count > 0)
01414 {
01415
for(j=0; j<tmp_sub_count; j++)
01416 {
01417 len += sprintf(buffer + len,
"%s %u, ",
01418
get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01419 sub_desc_p[j].subj_id);
01420 pos = begin + len;
01421
if (pos < offset)
01422 {
01423 len = 0;
01424 begin = pos;
01425 }
01426
if (pos > offset+length)
01427 {
01428
rsbac_vfree(sub_desc_p);
01429
rsbac_vfree(netdev_desc_p);
01430
goto out;
01431 }
01432 }
01433
rsbac_vfree(sub_desc_p);
01434 member_count += tmp_sub_count;
01435 }
01436 }
01437
rsbac_vfree(netdev_desc_p);
01438 };
01439 len += sprintf(buffer + len,
"\n\n%i network device ACL items, sum of %u members\n",
01440 tmp_count, member_count);
01441 pos = begin + len;
01442
if (pos < offset)
01443 {
01444 len = 0;
01445 begin = pos;
01446 }
01447
if (pos > offset+length)
01448
goto out;
01449
#endif
01450
01451
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
01452
01453 len += sprintf(buffer + len,
"\nNetwork Template NT (template protection) ACLs:\nTemplate count mask+members");
01454 pos = begin + len;
01455
if (pos < offset)
01456 {
01457 len = 0;
01458 begin = pos;
01459 }
01460
if (pos > offset+length)
01461
goto out;
01462
01463 member_count = 0;
01464 tmp_count =
rsbac_list_lol_get_all_desc(nettemp_nt_handle, (
void **) &nettemp_desc_p);
01465
if(tmp_count > 0)
01466 {
01467
for(i=0; i<tmp_count; i++)
01468 {
01469
if(!
rsbac_list_lol_get_data(nettemp_nt_handle, &nettemp_desc_p[i], &rights))
01470 {
01471 len += sprintf(buffer + len,
"\n%10u %3li\t%s\n\t\t",
01472 nettemp_desc_p[i],
01473
rsbac_list_lol_subcount(nettemp_nt_handle, &nettemp_desc_p[i]),
01474
u64tostracl(tmp1, rights));
01475 pos = begin + len;
01476
if (pos < offset)
01477 {
01478 len = 0;
01479 begin = pos;
01480 }
01481
if (pos > offset+length)
01482 {
01483
rsbac_vfree(nettemp_desc_p);
01484
goto out;
01485 }
01486 }
01487 tmp_sub_count =
rsbac_list_lol_get_all_subdesc(nettemp_nt_handle, &nettemp_desc_p[i], (
void **) &sub_desc_p);
01488
if(tmp_sub_count > 0)
01489 {
01490
for(j=0; j<tmp_sub_count; j++)
01491 {
01492 len += sprintf(buffer + len,
"%s %u, ",
01493
get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01494 sub_desc_p[j].subj_id);
01495 pos = begin + len;
01496
if (pos < offset)
01497 {
01498 len = 0;
01499 begin = pos;
01500 }
01501
if (pos > offset+length)
01502 {
01503
rsbac_vfree(sub_desc_p);
01504
rsbac_vfree(nettemp_desc_p);
01505
goto out;
01506 }
01507 }
01508
rsbac_vfree(sub_desc_p);
01509 member_count += tmp_sub_count;
01510 }
01511 }
01512
rsbac_vfree(nettemp_desc_p);
01513 };
01514 len += sprintf(buffer + len,
"\n\n%i network template NT ACL items, sum of %u members\n",
01515 tmp_count, member_count);
01516 pos = begin + len;
01517
if (pos < offset)
01518 {
01519 len = 0;
01520 begin = pos;
01521 }
01522
if (pos > offset+length)
01523
goto out;
01524
01525
01526 len += sprintf(buffer + len,
"\nNetwork Template (netobj protection) ACLs:\nTemplate count mask+members");
01527 pos = begin + len;
01528
if (pos < offset)
01529 {
01530 len = 0;
01531 begin = pos;
01532 }
01533
if (pos > offset+length)
01534
goto out;
01535
01536 member_count = 0;
01537 tmp_count =
rsbac_list_lol_get_all_desc(nettemp_handle, (
void **) &nettemp_desc_p);
01538
if(tmp_count > 0)
01539 {
01540
for(i=0; i<tmp_count; i++)
01541 {
01542
if(!
rsbac_list_lol_get_data(nettemp_handle, &nettemp_desc_p[i], &rights))
01543 {
01544 len += sprintf(buffer + len,
"\n%10u %3li\t%s\n\t\t",
01545 nettemp_desc_p[i],
01546
rsbac_list_lol_subcount(nettemp_handle, &nettemp_desc_p[i]),
01547
u64tostracl(tmp1, rights));
01548 pos = begin + len;
01549
if (pos < offset)
01550 {
01551 len = 0;
01552 begin = pos;
01553 }
01554
if (pos > offset+length)
01555 {
01556
rsbac_vfree(nettemp_desc_p);
01557
goto out;
01558 }
01559 }
01560 tmp_sub_count =
rsbac_list_lol_get_all_subdesc(nettemp_handle, &nettemp_desc_p[i], (
void **) &sub_desc_p);
01561
if(tmp_sub_count > 0)
01562 {
01563
for(j=0; j<tmp_sub_count; j++)
01564 {
01565 len += sprintf(buffer + len,
"%s %u, ",
01566
get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01567 sub_desc_p[j].subj_id);
01568 pos = begin + len;
01569
if (pos < offset)
01570 {
01571 len = 0;
01572 begin = pos;
01573 }
01574
if (pos > offset+length)
01575 {
01576
rsbac_vfree(sub_desc_p);
01577
rsbac_vfree(nettemp_desc_p);
01578
goto out;
01579 }
01580 }
01581
rsbac_vfree(sub_desc_p);
01582 member_count += tmp_sub_count;
01583 }
01584 }
01585
rsbac_vfree(nettemp_desc_p);
01586 };
01587 len += sprintf(buffer + len,
"\n\n%i network template ACL items, sum of %u members\n",
01588 tmp_count, member_count);
01589 pos = begin + len;
01590
if (pos < offset)
01591 {
01592 len = 0;
01593 begin = pos;
01594 }
01595
if (pos > offset+length)
01596
goto out;
01597
01598
01599 len += sprintf(buffer + len,
"\nNetwork Object ACLs:\nObject-ID count mask+members");
01600 pos = begin + len;
01601
if (pos < offset)
01602 {
01603 len = 0;
01604 begin = pos;
01605 }
01606
if (pos > offset+length)
01607
goto out;
01608
01609 member_count = 0;
01610 tmp_count =
rsbac_list_lol_get_all_desc(netobj_handle, (
void **) &netobj_desc_p);
01611
if(tmp_count > 0)
01612 {
01613
for(i=0; i<tmp_count; i++)
01614 {
01615
if(!
rsbac_list_lol_get_data(netobj_handle, &netobj_desc_p[i], &rights))
01616 {
01617 len += sprintf(buffer + len,
"\n%p %3li\t%s\n\t\t",
01618 netobj_desc_p[i],
01619
rsbac_list_lol_subcount(netobj_handle, &netobj_desc_p[i]),
01620
u64tostracl(tmp1, rights));
01621 pos = begin + len;
01622
if (pos < offset)
01623 {
01624 len = 0;
01625 begin = pos;
01626 }
01627
if (pos > offset+length)
01628 {
01629
rsbac_vfree(netobj_desc_p);
01630
goto out;
01631 }
01632 }
01633 tmp_sub_count =
rsbac_list_lol_get_all_subdesc(netobj_handle, &netobj_desc_p[i], (
void **) &sub_desc_p);
01634
if(tmp_sub_count > 0)
01635 {
01636
for(j=0; j<tmp_sub_count; j++)
01637 {
01638 len += sprintf(buffer + len,
"%s %u, ",
01639
get_acl_subject_type_name(tmp1,sub_desc_p[j].subj_type),
01640 sub_desc_p[j].subj_id);
01641 pos = begin + len;
01642
if (pos < offset)
01643 {
01644 len = 0;
01645 begin = pos;
01646 }
01647
if (pos > offset+length)
01648 {
01649
rsbac_vfree(sub_desc_p);
01650
rsbac_vfree(netobj_desc_p);
01651
goto out;
01652 }
01653 }
01654
rsbac_vfree(sub_desc_p);
01655 member_count += tmp_sub_count;
01656 }
01657 }
01658
rsbac_vfree(netobj_desc_p);
01659 };
01660 len += sprintf(buffer + len,
"\n\n%i network object ACL items, sum of %u members\n",
01661 tmp_count, member_count);
01662 pos = begin + len;
01663
if (pos < offset)
01664 {
01665 len = 0;
01666 begin = pos;
01667 }
01668
if (pos > offset+length)
01669
goto out;
01670
#endif
01671
01672 out:
01673 *start = buffer + (offset - begin);
01674 len -= (offset - begin);
01675
01676
if (len > length)
01677 len = length;
01678
return len;
01679 }
01680
01681
static int
01682 acl_grouplist_proc_info(
char *buffer,
char **start, off_t offset,
int length)
01683 {
01684 u_int len = 0;
01685 off_t pos = 0;
01686 off_t begin = 0;
01687
01688
char type;
01689
int count, sub_count;
01690
int i,j;
01691 u_int member_count = 0;
01692
struct rsbac_acl_group_entry_t * entry_p;
01693
rsbac_uid_t * user_p;
01694
rsbac_acl_group_id_t * group_p;
01695
rsbac_time_t * ttl_p;
01696
01697
union rsbac_target_id_t rsbac_target_id;
01698
union rsbac_attribute_value_t rsbac_attribute_value;
01699
01700
if (!
rsbac_is_initialized)
01701 {
01702
#ifdef CONFIG_RSBAC_RMSG
01703
rsbac_printk(KERN_WARNING
"acl_grouplist_proc_info(): RSBAC not initialized\n");
01704
#endif
01705
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01706
if (!rsbac_nosyslog)
01707
#endif
01708
printk(KERN_WARNING
"acl_grouplist_proc_info(): RSBAC not initialized\n");
01709
return(-
RSBAC_ENOTINITIALIZED);
01710 }
01711
#ifdef CONFIG_RSBAC_DEBUG
01712
if (rsbac_debug_aef_acl)
01713 {
01714
#ifdef CONFIG_RSBAC_RMSG
01715
rsbac_printk(KERN_DEBUG
"acl_grouplist_proc_info(): calling ADF\n");
01716
#endif
01717
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01718
if (!rsbac_nosyslog)
01719
#endif
01720
printk(KERN_DEBUG
"acl_grouplist_proc_info(): calling ADF\n");
01721 }
01722
#endif
01723
rsbac_target_id.
scd =
ST_rsbac;
01724 rsbac_attribute_value.
dummy = 0;
01725
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
01726 current->pid,
01727 T_SCD,
01728 rsbac_target_id,
01729 A_none,
01730 rsbac_attribute_value))
01731 {
01732
return -EPERM;
01733 }
01734
01735 len += sprintf(buffer,
"ACL Groups\n----------\n");
01736
01737
01738 len += sprintf(buffer + len,
"Group list: %li groups, last new is %u\nID\ttype name\t\towner\n",
01739
rsbac_list_count(group_handle), group_last_new);
01740 pos = begin + len;
01741
if (pos < offset)
01742 {
01743 len = 0;
01744 begin = pos;
01745 }
01746
if (pos > offset+length)
01747 {
01748
goto out;
01749 }
01750
01751 count =
rsbac_list_get_all_data(group_handle, (
void **) &entry_p);
01752
if(count > 0)
01753 {
01754
for(i=0; i<count; i++)
01755 {
01756
if(entry_p[i].type ==
ACLG_GLOBAL)
01757 type =
'G';
01758
else
01759 type =
'P';
01760 len += sprintf(buffer + len,
"%u\t%c %-18s %u\n",
01761 entry_p[i].
id,
01762 type,
01763 entry_p[i].name,
01764 entry_p[i].owner);
01765 pos = begin + len;
01766
if (pos < offset)
01767 {
01768 len = 0;
01769 begin = pos;
01770 }
01771
if (pos > offset+length)
01772 {
01773
rsbac_vfree(entry_p);
01774
goto out;
01775 }
01776 }
01777
rsbac_vfree(entry_p);
01778 }
01779
01780
01781 member_count = 0;
01782 len += sprintf(buffer + len,
"\nGroup memberships:\nuser count\tgroups");
01783 pos = begin + len;
01784
if (pos < offset)
01785 {
01786 len = 0;
01787 begin = pos;
01788 }
01789
if (pos > offset+length)
01790 {
01791
goto out;
01792 }
01793
01794 count =
rsbac_list_lol_get_all_desc(gm_handle, (
void **) &user_p);
01795
if(count > 0)
01796 {
01797
for(i=0; i<count; i++)
01798 {
01799 sub_count =
rsbac_list_lol_get_all_subdesc_ttl(gm_handle,
01800 &user_p[i],
01801 (
void **) &group_p,
01802 &ttl_p);
01803 len += sprintf(buffer + len,
"\n%u\t%i\t",
01804 user_p[i],
01805 sub_count);
01806 pos = begin + len;
01807
if (pos < offset)
01808 {
01809 len = 0;
01810 begin = pos;
01811 }
01812
if (pos > offset+length)
01813 {
01814
rsbac_vfree(user_p);
01815
goto out;
01816 }
01817
01818
if(sub_count > 0)
01819 {
01820
for(j=0; j<sub_count; j++)
01821 {
01822
if(ttl_p[j])
01823 len += sprintf(buffer + len,
"%u(ttl:%i) ",
01824 group_p[j], ttl_p[j]);
01825
else
01826 len += sprintf(buffer + len,
"%u ",
01827 group_p[j]);
01828 pos = begin + len;
01829
if (pos < offset)
01830 {
01831 len = 0;
01832 begin = pos;
01833 }
01834
if (pos > offset+length)
01835 {
01836
rsbac_vfree(group_p);
01837
rsbac_vfree(user_p);
01838
goto out;
01839 }
01840 }
01841 member_count+=sub_count;
01842
rsbac_vfree(group_p);
01843
rsbac_vfree(ttl_p);
01844 }
01845 }
01846
rsbac_vfree(user_p);
01847 }
01848 len += sprintf(buffer + len,
"\n\n%u user items, sum of %u memberships\n",
01849 count,member_count);
01850 pos = begin + len;
01851
if (pos < offset)
01852 {
01853 len = 0;
01854 begin = pos;
01855 }
01856
if (pos > offset+length)
01857
goto out;
01858
01859 out:
01860 *start = buffer + (offset - begin);
01861 len -= (offset - begin);
01862
01863
if (len > length)
01864 len = length;
01865
return len;
01866 }
01867
01868
#endif
01869
01870
01871
01872
01873
01874
01875
01876
01877
01878
01879
01880
01881
01882
01883
#ifdef CONFIG_RSBAC_INIT_DELAY
01884
static void registration_error(
int err,
char * listname)
01885 #
else
01886 static void __init
registration_error(
int err,
char * listname)
01887 #endif
01888 {
01889
if(err)
01890 {
01891
char * tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
01892
01893
if(tmp)
01894 {
01895
#ifdef CONFIG_RSBAC_RMSG
01896
rsbac_printk(KERN_WARNING
01897
"rsbac_init_acl(): Registering ACL %s list failed with error %s\n",
01898 listname,
01899
get_error_name(tmp, err));
01900
#endif
01901
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01902
if (!rsbac_nosyslog)
01903
#endif
01904
printk(KERN_WARNING
01905
"rsbac_init_acl(): Registering ACL %s list failed with error %s\n",
01906 listname,
01907
get_error_name(tmp, err));
01908
rsbac_kfree(tmp);
01909 }
01910 }
01911 }
01912
01913
01914
01915
01916
#ifdef CONFIG_RSBAC_INIT_DELAY
01917
int rsbac_init_acl(
void)
01918 #
else
01919 int __init
rsbac_init_acl(
void)
01920 #endif
01921 {
01922
int err = 0;
01923
struct rsbac_acl_device_list_item_t * device_p =
NULL;
01924
char tmp[80];
01925 u_long flags;
01926
struct proc_dir_entry * tmp_entry_p;
01927
struct rsbac_list_lol_info_t lol_info;
01928
struct rsbac_list_info_t list_info;
01929
rsbac_acl_rights_vector_t def_mask;
01930
01931
if (
rsbac_is_initialized())
01932 {
01933 printk(KERN_WARNING
"rsbac_init_acl(): RSBAC already initialized\n");
01934
return(-
RSBAC_EREINIT);
01935 }
01936
01937
01938
#ifdef CONFIG_RSBAC_RMSG
01939
rsbac_printk(KERN_INFO
"rsbac_init_acl(): Initializing RSBAC: ACL subsystem\n");
01940
#endif
01941
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01942
if (!rsbac_nosyslog)
01943
#endif
01944
printk(KERN_INFO
"rsbac_init_acl(): Initializing RSBAC: ACL subsystem\n");
01945
01946
01947
device_list_head.
lock = RW_LOCK_UNLOCKED;
01948
device_list_head.
head =
NULL;
01949
device_list_head.
tail =
NULL;
01950
device_list_head.
curr =
NULL;
01951
device_list_head.
count = 0;
01952
01953
01954
#ifdef CONFIG_RSBAC_DEBUG
01955
if (rsbac_debug_ds_acl)
01956 {
01957
#ifdef CONFIG_RSBAC_RMSG
01958
rsbac_printk(KERN_DEBUG
"rsbac_init_acl(): Registering lists\n");
01959
#endif
01960
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01961
if (!rsbac_nosyslog)
01962
#endif
01963
printk(KERN_DEBUG
"rsbac_init_acl(): Registering lists\n");
01964 }
01965
#endif
01966
device_p =
create_device_item(
rsbac_root_dev);
01967
if (!device_p)
01968 {
01969
#ifdef CONFIG_RSBAC_RMSG
01970
rsbac_printk(KERN_CRIT
"rsbac_init_acl(): Could not create device!\n");
01971
#endif
01972
printk(KERN_CRIT
"rsbac_init_acl(): Could not create device!\n");
01973
return(-
RSBAC_ECOULDNOTADDDEVICE);
01974 }
01975
if((err =
acl_register_fd_lists(device_p,
rsbac_root_dev)))
01976 {
01977
#ifdef CONFIG_RSBAC_RMSG
01978
rsbac_printk(KERN_WARNING
01979
"rsbac_init_acl(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
01980 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev),
get_error_name(tmp,err));
01981
#endif
01982
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01983
if (!rsbac_nosyslog)
01984
#endif
01985
printk(KERN_WARNING
01986
"rsbac_init_acl(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
01987 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev),
get_error_name(tmp,err));
01988 }
01989
01990 rsbac_write_lock_irq(&
device_list_head.
lock, &flags);
01991 device_p =
add_device_item(device_p);
01992
01993 rsbac_write_unlock_irq(&
device_list_head.
lock, &flags);
01994
if (!device_p)
01995 {
01996
#ifdef CONFIG_RSBAC_RMSG
01997
rsbac_printk(KERN_CRIT
"rsbac_init_acl(): Could not add device!\n");
01998
#endif
01999
printk(KERN_CRIT
"rsbac_init_acl(): Could not add device!\n");
02000
return(-
RSBAC_ECOULDNOTADDDEVICE);
02001 }
02002
02003 list_info.
version =
RSBAC_ACL_DEF_FD_LIST_VERSION;
02004 list_info.
key =
RSBAC_ACL_LIST_KEY;
02005 list_info.
desc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02006 list_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02007 list_info.
max_age = 0;
02008 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
02009 &
default_fd_handle,
02010 &list_info,
02011 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02012
RSBAC_LIST_BACKUP |
02013 #endif
02014
RSBAC_LIST_PERSIST,
02015
entry_compare,
02016
NULL,
02017
NULL,
02018
RSBAC_ACL_DEF_FD_FILENAME,
02019 RSBAC_AUTO_DEV);
02020
if(err)
02021 {
02022
registration_error(err,
"default fd");
02023 }
02024
if(!
rsbac_no_defaults && !
rsbac_list_count(
default_fd_handle))
02025 {
02026
struct rsbac_acl_entry_desc_t desc;
02027
struct rsbac_acl_entry_t acman_entry =
RSBAC_ACL_ACMAN_FD_ENTRY;
02028
struct rsbac_acl_entry_t sysadm_entry =
RSBAC_ACL_SYSADM_FD_ENTRY;
02029
struct rsbac_acl_entry_t gen_entry =
RSBAC_ACL_GENERAL_FD_ENTRY;
02030
02031
#ifdef CONFIG_RSBAC_RMSG
02032
rsbac_printk(KERN_WARNING
02033
"rsbac_init_acl(): File/Dir default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02034 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02035
#endif
02036
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02037
if (!rsbac_nosyslog)
02038
#endif
02039
printk(KERN_WARNING
02040
"rsbac_init_acl(): File/Dir default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02041 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02042 desc.
subj_type = acman_entry.
subj_type;
02043 desc.
subj_id = acman_entry.
subj_id;
02044
rsbac_list_add(
default_fd_handle, &desc, &acman_entry.
rights);
02045 desc.
subj_type = sysadm_entry.
subj_type;
02046 desc.
subj_id = sysadm_entry.
subj_id;
02047
rsbac_list_add(
default_fd_handle, &desc, &sysadm_entry.
rights);
02048 desc.
subj_type = gen_entry.
subj_type;
02049 desc.
subj_id = gen_entry.
subj_id;
02050
rsbac_list_add(
default_fd_handle, &desc, &gen_entry.
rights);
02051 }
02052
02053 lol_info.
version =
RSBAC_ACL_DEV_LIST_VERSION;
02054 lol_info.
key =
RSBAC_ACL_LIST_KEY;
02055 lol_info.
desc_size =
sizeof(
struct rsbac_dev_desc_t);
02056 lol_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02057 lol_info.
subdesc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02058 lol_info.
subdata_size =
sizeof(
rsbac_acl_rights_vector_t);
02059 lol_info.
max_age = 0;
02060 def_mask=
RSBAC_ACL_DEFAULT_DEV_MASK;
02061 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
02062 &
dev_handle,
02063 &lol_info,
02064 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02065
RSBAC_LIST_BACKUP |
02066 #endif
02067
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
02068
dev_compare,
02069
entry_compare,
02070
dev_get_conv,
02071
dev_get_subconv,
02072 &def_mask,
02073
NULL,
02074
RSBAC_ACL_DEV_FILENAME,
02075 RSBAC_AUTO_DEV);
02076
if(err)
02077 {
02078
registration_error(err,
"dev");
02079 }
02080 list_info.
version =
RSBAC_ACL_DEF_DEV_LIST_VERSION;
02081 list_info.
key =
RSBAC_ACL_LIST_KEY;
02082 list_info.
desc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02083 list_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02084 list_info.
max_age = 0;
02085 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
02086 &
default_dev_handle,
02087 &list_info,
02088 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02089
RSBAC_LIST_BACKUP |
02090 #endif
02091
RSBAC_LIST_PERSIST,
02092
entry_compare,
02093
NULL,
02094
NULL,
02095
RSBAC_ACL_DEF_DEV_FILENAME,
02096 RSBAC_AUTO_DEV);
02097
if(err)
02098 {
02099
registration_error(err,
"default dev");
02100 }
02101
if(!
rsbac_no_defaults && !
rsbac_list_count(
default_dev_handle))
02102 {
02103
struct rsbac_acl_entry_desc_t desc;
02104
struct rsbac_acl_entry_t acman_entry =
RSBAC_ACL_ACMAN_DEV_ENTRY;
02105
struct rsbac_acl_entry_t sysadm_entry =
RSBAC_ACL_SYSADM_DEV_ENTRY;
02106
struct rsbac_acl_entry_t gen_entry =
RSBAC_ACL_GENERAL_DEV_ENTRY;
02107
02108
#ifdef CONFIG_RSBAC_RMSG
02109
rsbac_printk(KERN_WARNING
02110
"rsbac_init_acl(): Device default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02111 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02112
#endif
02113
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02114
if (!rsbac_nosyslog)
02115
#endif
02116
printk(KERN_WARNING
02117
"rsbac_init_acl(): Device default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02118 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02119 desc.
subj_type = acman_entry.
subj_type;
02120 desc.
subj_id = acman_entry.
subj_id;
02121
rsbac_list_add(
default_dev_handle, &desc, &acman_entry.
rights);
02122 desc.
subj_type = sysadm_entry.
subj_type;
02123 desc.
subj_id = sysadm_entry.
subj_id;
02124
rsbac_list_add(
default_dev_handle, &desc, &sysadm_entry.
rights);
02125 desc.
subj_type = gen_entry.
subj_type;
02126 desc.
subj_id = gen_entry.
subj_id;
02127
rsbac_list_add(
default_dev_handle, &desc, &gen_entry.
rights);
02128 }
02129
02130 list_info.
version =
RSBAC_ACL_DEF_IPC_LIST_VERSION;
02131 list_info.
key =
RSBAC_ACL_LIST_KEY;
02132 list_info.
desc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02133 list_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02134 list_info.
max_age = 0;
02135 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
02136 &
default_ipc_handle,
02137 &list_info,
02138 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02139
RSBAC_LIST_BACKUP |
02140 #endif
02141
RSBAC_LIST_PERSIST,
02142
entry_compare,
02143
NULL,
02144
NULL,
02145
RSBAC_ACL_DEF_IPC_FILENAME,
02146 RSBAC_AUTO_DEV);
02147
if(err)
02148 {
02149
registration_error(err,
"default ipc");
02150 }
02151
if(!
rsbac_no_defaults && !
rsbac_list_count(
default_ipc_handle))
02152 {
02153
struct rsbac_acl_entry_desc_t desc;
02154
struct rsbac_acl_entry_t acman_entry =
RSBAC_ACL_ACMAN_IPC_ENTRY;
02155
struct rsbac_acl_entry_t sysadm_entry =
RSBAC_ACL_SYSADM_IPC_ENTRY;
02156
struct rsbac_acl_entry_t gen_entry =
RSBAC_ACL_GENERAL_IPC_ENTRY;
02157
02158
#ifdef CONFIG_RSBAC_RMSG
02159
rsbac_printk(KERN_WARNING
02160
"rsbac_init_acl(): IPC default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02161 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02162
#endif
02163
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02164
if (!rsbac_nosyslog)
02165
#endif
02166
printk(KERN_WARNING
02167
"rsbac_init_acl(): IPC default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02168 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02169 desc.
subj_type = acman_entry.
subj_type;
02170 desc.
subj_id = acman_entry.
subj_id;
02171
rsbac_list_add(
default_ipc_handle, &desc, &acman_entry.
rights);
02172 desc.
subj_type = sysadm_entry.
subj_type;
02173 desc.
subj_id = sysadm_entry.
subj_id;
02174
rsbac_list_add(
default_ipc_handle, &desc, &sysadm_entry.
rights);
02175 desc.
subj_type = gen_entry.
subj_type;
02176 desc.
subj_id = gen_entry.
subj_id;
02177
rsbac_list_add(
default_ipc_handle, &desc, &gen_entry.
rights);
02178 }
02179
02180 lol_info.
version =
RSBAC_ACL_SCD_LIST_VERSION;
02181 lol_info.
key =
RSBAC_ACL_LIST_KEY;
02182 lol_info.
desc_size =
sizeof(__u8);
02183 lol_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02184 lol_info.
subdesc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02185 lol_info.
subdata_size =
sizeof(
rsbac_acl_rights_vector_t);
02186 lol_info.
max_age = 0;
02187 def_mask=
RSBAC_ACL_DEFAULT_SCD_MASK;
02188 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
02189 &
scd_handle,
02190 &lol_info,
02191 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02192
RSBAC_LIST_BACKUP |
02193 #endif
02194
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
02195
NULL,
02196
entry_compare,
02197
NULL,
02198
NULL,
02199 &def_mask,
02200
NULL,
02201
RSBAC_ACL_SCD_FILENAME,
02202 RSBAC_AUTO_DEV);
02203
if(err)
02204 {
02205
registration_error(err,
"scd");
02206 }
02207
if(!
rsbac_no_defaults && !
rsbac_list_lol_count(
scd_handle))
02208 {
02209
struct rsbac_acl_entry_desc_t desc;
02210
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_SCD_MASK;
02211
struct rsbac_acl_entry_t gen_entry =
RSBAC_ACL_GENERAL_SCD_ENTRY;
02212
#ifdef CONFIG_RSBAC_USER_MOD_IOPERM
02213
struct rsbac_acl_entry_t gen_ioports_entry = RSBAC_ACL_GENERAL_SCD_IOPORTS_ENTRY;
02214
#endif
02215
struct rsbac_acl_entry_t gen_other_entry =
RSBAC_ACL_GENERAL_SCD_OTHER_ENTRY;
02216
struct rsbac_acl_entry_t gen_network_entry =
RSBAC_ACL_GENERAL_SCD_NETWORK_ENTRY;
02217
struct rsbac_acl_entry_t sysadm_entry =
RSBAC_ACL_SYSADM_SCD_ENTRY;
02218
struct rsbac_acl_entry_t sysadm_other_entry =
RSBAC_ACL_SYSADM_SCD_OTHER_ENTRY;
02219
#ifdef CONFIG_RSBAC_USER_MOD_IOPERM
02220
struct rsbac_acl_entry_t sysadm_kmem_entry = RSBAC_ACL_SYSADM_SCD_KMEM_ENTRY;
02221
#endif
02222
struct rsbac_acl_entry_t acman_other_entry =
RSBAC_ACL_ACMAN_SCD_OTHER_ENTRY;
02223
struct rsbac_acl_entry_t auditor_rsbaclog_entry =
RSBAC_ACL_AUDITOR_SCD_RSBACLOG_ENTRY;
02224 __u8 scd;
02225
02226
#ifdef CONFIG_RSBAC_RMSG
02227
rsbac_printk(KERN_WARNING
02228
"rsbac_init_acl(): SCD ACLs empty on dev %02u:%02u, generating standard entries!\n",
02229 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02230
#endif
02231
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02232
if (!rsbac_nosyslog)
02233
#endif
02234
printk(KERN_WARNING
02235
"rsbac_init_acl(): SCD ACLs empty on dev %02u:%02u, generating standard entries!\n",
02236 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02237 scd =
ST_rlimit;
02238
if(!
rsbac_list_lol_add(
scd_handle, &scd, &mask))
02239 {
02240 desc.
subj_type = gen_entry.
subj_type;
02241 desc.
subj_id = gen_entry.
subj_id;
02242
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &gen_entry.
rights);
02243 }
02244
for(scd=
ST_time_strucs; scd<=
ST_rsbac; scd++)
02245 {
02246
if(!
rsbac_list_lol_add(
scd_handle, &scd, &mask))
02247 {
02248 desc.
subj_type = sysadm_entry.
subj_type;
02249 desc.
subj_id = sysadm_entry.
subj_id;
02250
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &sysadm_entry.
rights);
02251 }
02252 }
02253 scd =
ST_rsbaclog;
02254
if(!
rsbac_list_lol_add(
scd_handle, &scd, &mask))
02255 {
02256 desc.
subj_type = auditor_rsbaclog_entry.
subj_type;
02257 desc.
subj_id = auditor_rsbaclog_entry.
subj_id;
02258
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &auditor_rsbaclog_entry.
rights);
02259 }
02260 scd=
ST_network;
02261
if(!
rsbac_list_lol_add(
scd_handle, &scd, &mask))
02262 {
02263 desc.
subj_type = sysadm_entry.
subj_type;
02264 desc.
subj_id = sysadm_entry.
subj_id;
02265
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &sysadm_entry.
rights);
02266 desc.
subj_type = gen_network_entry.
subj_type;
02267 desc.
subj_id = gen_network_entry.
subj_id;
02268
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &gen_network_entry.
rights);
02269 }
02270 scd=
ST_firewall;
02271
if(!
rsbac_list_lol_add(
scd_handle, &scd, &mask))
02272 {
02273 desc.
subj_type = sysadm_entry.
subj_type;
02274 desc.
subj_id = sysadm_entry.
subj_id;
02275
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &sysadm_entry.
rights);
02276 desc.
subj_type = gen_network_entry.
subj_type;
02277 desc.
subj_id = gen_network_entry.
subj_id;
02278
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &gen_network_entry.
rights);
02279 }
02280 scd=
ST_priority;
02281
if(!
rsbac_list_lol_add(
scd_handle, &scd, &mask))
02282 {
02283 desc.
subj_type = sysadm_entry.
subj_type;
02284 desc.
subj_id = sysadm_entry.
subj_id;
02285
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &sysadm_entry.
rights);
02286 }
02287 scd=
ST_sysfs;
02288
if(!
rsbac_list_lol_add(
scd_handle, &scd, &mask))
02289 {
02290 desc.
subj_type = sysadm_entry.
subj_type;
02291 desc.
subj_id = sysadm_entry.
subj_id;
02292
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &sysadm_entry.
rights);
02293 }
02294
#ifdef CONFIG_RSBAC_USER_MOD_IOPERM
02295
scd =
ST_ioports;
02296
if(!
rsbac_list_lol_add(
scd_handle, &scd, &mask))
02297 {
02298 desc.
subj_type = gen_ioports_entry.
subj_type;
02299 desc.
subj_id = gen_ioports_entry.
subj_id;
02300
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &gen_ioports_entry.
rights);
02301 }
02302 scd =
ST_kmem;
02303
if(!
rsbac_list_lol_add(
scd_handle, &scd, &mask))
02304 {
02305 desc.
subj_type = sysadm_kmem_entry.
subj_type;
02306 desc.
subj_id = sysadm_kmem_entry.
subj_id;
02307
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &sysadm_kmem_entry.
rights);
02308 }
02309
#endif
02310
02311 scd =
ST_other;
02312
if(!
rsbac_list_lol_add(
scd_handle, &scd, &mask))
02313 {
02314 desc.
subj_type = sysadm_other_entry.
subj_type;
02315 desc.
subj_id = sysadm_other_entry.
subj_id;
02316
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &sysadm_other_entry.
rights);
02317 desc.
subj_type = acman_other_entry.
subj_type;
02318 desc.
subj_id = acman_other_entry.
subj_id;
02319
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &acman_other_entry.
rights);
02320 desc.
subj_type = gen_other_entry.
subj_type;
02321 desc.
subj_id = gen_other_entry.
subj_id;
02322
rsbac_list_lol_subadd(
scd_handle, &scd, &desc, &gen_other_entry.
rights);
02323 }
02324 }
02325
02326 list_info.
version =
RSBAC_ACL_DEF_SCD_LIST_VERSION;
02327 list_info.
key =
RSBAC_ACL_LIST_KEY;
02328 list_info.
desc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02329 list_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02330 list_info.
max_age = 0;
02331 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
02332 &
default_scd_handle,
02333 &list_info,
02334 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02335
RSBAC_LIST_BACKUP |
02336 #endif
02337
RSBAC_LIST_PERSIST,
02338
entry_compare,
02339
NULL,
02340
NULL,
02341
RSBAC_ACL_DEF_SCD_FILENAME,
02342 RSBAC_AUTO_DEV);
02343
if(err)
02344 {
02345
registration_error(err,
"default scd");
02346 }
02347
if(!
rsbac_no_defaults && !
rsbac_list_count(
default_scd_handle))
02348 {
02349
struct rsbac_acl_entry_desc_t desc;
02350
struct rsbac_acl_entry_t acman_entry =
RSBAC_ACL_ACMAN_SCD_ENTRY;
02351
02352
#ifdef CONFIG_RSBAC_RMSG
02353
rsbac_printk(KERN_WARNING
02354
"rsbac_init_acl(): SCD default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02355 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02356
#endif
02357
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02358
if (!rsbac_nosyslog)
02359
#endif
02360
printk(KERN_WARNING
02361
"rsbac_init_acl(): SCD default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02362 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02363 desc.
subj_type = acman_entry.
subj_type;
02364 desc.
subj_id = acman_entry.
subj_id;
02365
rsbac_list_add(
default_scd_handle, &desc, &acman_entry.
rights);
02366 }
02367
02368 list_info.
version =
RSBAC_ACL_DEF_U_LIST_VERSION;
02369 list_info.
key =
RSBAC_ACL_LIST_KEY;
02370 list_info.
desc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02371 list_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02372 list_info.
max_age = 0;
02373 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
02374 &
default_u_handle,
02375 &list_info,
02376 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02377
RSBAC_LIST_BACKUP |
02378 #endif
02379
RSBAC_LIST_PERSIST,
02380
entry_compare,
02381
NULL,
02382
NULL,
02383
RSBAC_ACL_DEF_U_FILENAME,
02384 RSBAC_AUTO_DEV);
02385
if(err)
02386 {
02387
registration_error(err,
"default user");
02388 }
02389
if(!
rsbac_no_defaults && !
rsbac_list_count(
default_u_handle))
02390 {
02391
struct rsbac_acl_entry_desc_t desc;
02392
struct rsbac_acl_entry_t acman_entry =
RSBAC_ACL_ACMAN_U_ENTRY;
02393
struct rsbac_acl_entry_t sysadm_entry =
RSBAC_ACL_SYSADM_U_ENTRY;
02394
02395
#ifdef CONFIG_RSBAC_RMSG
02396
rsbac_printk(KERN_WARNING
02397
"rsbac_init_acl(): User default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02398 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02399
#endif
02400
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02401
if (!rsbac_nosyslog)
02402
#endif
02403
printk(KERN_WARNING
02404
"rsbac_init_acl(): User default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02405 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02406 desc.
subj_type = sysadm_entry.
subj_type;
02407 desc.
subj_id = sysadm_entry.
subj_id;
02408
rsbac_list_add(
default_u_handle, &desc, &sysadm_entry.
rights);
02409 desc.
subj_type = acman_entry.
subj_type;
02410 desc.
subj_id = acman_entry.
subj_id;
02411
rsbac_list_add(
default_u_handle, &desc, &acman_entry.
rights);
02412 }
02413
02414 list_info.
version =
RSBAC_ACL_DEF_P_LIST_VERSION;
02415 list_info.
key =
RSBAC_ACL_LIST_KEY;
02416 list_info.
desc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02417 list_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02418 list_info.
max_age = 0;
02419 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
02420 &
default_p_handle,
02421 &list_info,
02422 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02423
RSBAC_LIST_BACKUP |
02424 #endif
02425
RSBAC_LIST_PERSIST,
02426
entry_compare,
02427
NULL,
02428
NULL,
02429
RSBAC_ACL_DEF_P_FILENAME,
02430 RSBAC_AUTO_DEV);
02431
if(err)
02432 {
02433
registration_error(err,
"default process");
02434 }
02435
if(!
rsbac_no_defaults && !
rsbac_list_count(
default_p_handle))
02436 {
02437
struct rsbac_acl_entry_desc_t desc;
02438
struct rsbac_acl_entry_t acman_entry =
RSBAC_ACL_ACMAN_P_ENTRY;
02439
struct rsbac_acl_entry_t sysadm_entry =
RSBAC_ACL_SYSADM_P_ENTRY;
02440
struct rsbac_acl_entry_t gen_entry =
RSBAC_ACL_GENERAL_P_ENTRY;
02441
02442
#ifdef CONFIG_RSBAC_RMSG
02443
rsbac_printk(KERN_WARNING
02444
"rsbac_init_acl(): Process default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02445 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02446
#endif
02447
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02448
if (!rsbac_nosyslog)
02449
#endif
02450
printk(KERN_WARNING
02451
"rsbac_init_acl(): Process default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02452 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02453 desc.
subj_type = sysadm_entry.
subj_type;
02454 desc.
subj_id = sysadm_entry.
subj_id;
02455
rsbac_list_add(
default_p_handle, &desc, &sysadm_entry.
rights);
02456 desc.
subj_type = acman_entry.
subj_type;
02457 desc.
subj_id = acman_entry.
subj_id;
02458
rsbac_list_add(
default_p_handle, &desc, &acman_entry.
rights);
02459 desc.
subj_type = gen_entry.
subj_type;
02460 desc.
subj_id = gen_entry.
subj_id;
02461
rsbac_list_add(
default_p_handle, &desc, &gen_entry.
rights);
02462 }
02463
02464
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
02465
lol_info.
version =
RSBAC_ACL_NETDEV_LIST_VERSION;
02466 lol_info.
key =
RSBAC_ACL_LIST_KEY;
02467 lol_info.
desc_size =
sizeof(
rsbac_netdev_id_t);
02468 lol_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02469 lol_info.
subdesc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02470 lol_info.
subdata_size =
sizeof(
rsbac_acl_rights_vector_t);
02471 lol_info.
max_age = 0;
02472 def_mask=
RSBAC_ACL_DEFAULT_NETDEV_MASK;
02473 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
02474 &netdev_handle,
02475 &lol_info,
02476 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02477
RSBAC_LIST_BACKUP |
02478 #endif
02479
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
02480 netdev_compare,
02481
entry_compare,
02482
NULL,
02483
NULL,
02484 &def_mask,
02485
NULL,
02486
RSBAC_ACL_NETDEV_FILENAME,
02487 RSBAC_AUTO_DEV);
02488
if(err)
02489 {
02490
registration_error(err,
"netdev");
02491 }
02492 list_info.
version =
RSBAC_ACL_DEF_NETDEV_LIST_VERSION;
02493 list_info.
key =
RSBAC_ACL_LIST_KEY;
02494 list_info.
desc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02495 list_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02496 list_info.
max_age = 0;
02497 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
02498 &default_netdev_handle,
02499 &list_info,
02500 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02501
RSBAC_LIST_BACKUP |
02502 #endif
02503
RSBAC_LIST_PERSIST,
02504
entry_compare,
02505
NULL,
02506
NULL,
02507
RSBAC_ACL_DEF_NETDEV_FILENAME,
02508 RSBAC_AUTO_DEV);
02509
if(err)
02510 {
02511
registration_error(err,
"default netdev");
02512 }
02513
if(!
rsbac_no_defaults && !
rsbac_list_count(default_netdev_handle))
02514 {
02515
struct rsbac_acl_entry_desc_t desc;
02516
struct rsbac_acl_entry_t acman_entry =
RSBAC_ACL_ACMAN_NETDEV_ENTRY;
02517
struct rsbac_acl_entry_t sysadm_entry =
RSBAC_ACL_SYSADM_NETDEV_ENTRY;
02518
struct rsbac_acl_entry_t gen_entry =
RSBAC_ACL_GENERAL_NETDEV_ENTRY;
02519
02520
#ifdef CONFIG_RSBAC_RMSG
02521
rsbac_printk(KERN_WARNING
02522
"rsbac_init_acl(): Network Device default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02523 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02524
#endif
02525
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02526
if (!rsbac_nosyslog)
02527
#endif
02528
printk(KERN_WARNING
02529
"rsbac_init_acl(): Network Device default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02530 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02531 desc.
subj_type = acman_entry.
subj_type;
02532 desc.
subj_id = acman_entry.
subj_id;
02533
rsbac_list_add(default_netdev_handle, &desc, &acman_entry.
rights);
02534 desc.
subj_type = sysadm_entry.
subj_type;
02535 desc.
subj_id = sysadm_entry.
subj_id;
02536
rsbac_list_add(default_netdev_handle, &desc, &sysadm_entry.
rights);
02537 desc.
subj_type = gen_entry.
subj_type;
02538 desc.
subj_id = gen_entry.
subj_id;
02539
rsbac_list_add(default_netdev_handle, &desc, &gen_entry.
rights);
02540 }
02541
#endif
02542
02543
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
02544
lol_info.
version =
RSBAC_ACL_NETTEMP_NT_LIST_VERSION;
02545 lol_info.
key =
RSBAC_ACL_LIST_KEY;
02546 lol_info.
desc_size =
sizeof(
rsbac_net_temp_id_t);
02547 lol_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02548 lol_info.
subdesc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02549 lol_info.
subdata_size =
sizeof(
rsbac_acl_rights_vector_t);
02550 lol_info.
max_age = 0;
02551 def_mask=
RSBAC_ACL_DEFAULT_NETTEMP_MASK;
02552 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
02553 &nettemp_nt_handle,
02554 &lol_info,
02555 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02556
RSBAC_LIST_BACKUP |
02557 #endif
02558
RSBAC_LIST_PERSIST,
02559
rsbac_list_compare_u32,
02560
entry_compare,
02561
NULL,
02562
NULL,
02563 &def_mask,
02564
NULL,
02565
RSBAC_ACL_NETTEMP_NT_FILENAME,
02566 RSBAC_AUTO_DEV);
02567
if(err)
02568 {
02569
registration_error(err,
"nettemp_nt");
02570 }
02571 list_info.
version =
RSBAC_ACL_DEF_NETTEMP_NT_LIST_VERSION;
02572 list_info.
key =
RSBAC_ACL_LIST_KEY;
02573 list_info.
desc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02574 list_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02575 list_info.
max_age = 0;
02576 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
02577 &default_nettemp_nt_handle,
02578 &list_info,
02579 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02580
RSBAC_LIST_BACKUP |
02581 #endif
02582
RSBAC_LIST_PERSIST,
02583
entry_compare,
02584
NULL,
02585
NULL,
02586
RSBAC_ACL_DEF_NETTEMP_NT_FILENAME,
02587 RSBAC_AUTO_DEV);
02588
if(err)
02589 {
02590
registration_error(err,
"default nettemp_nt");
02591 }
02592
if(!
rsbac_no_defaults && !
rsbac_list_count(default_nettemp_nt_handle))
02593 {
02594
struct rsbac_acl_entry_desc_t desc;
02595
struct rsbac_acl_entry_t acman_entry =
RSBAC_ACL_ACMAN_NETTEMP_NT_ENTRY;
02596
struct rsbac_acl_entry_t sysadm_entry =
RSBAC_ACL_SYSADM_NETTEMP_NT_ENTRY;
02597
struct rsbac_acl_entry_t gen_entry =
RSBAC_ACL_GENERAL_NETTEMP_NT_ENTRY;
02598
02599
#ifdef CONFIG_RSBAC_RMSG
02600
rsbac_printk(KERN_WARNING
02601
"rsbac_init_acl(): Network Template NT (template protection) default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02602 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02603
#endif
02604
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02605
if (!rsbac_nosyslog)
02606
#endif
02607
printk(KERN_WARNING
02608
"rsbac_init_acl(): Network Template NT (template protection) default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02609 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02610 desc.
subj_type = acman_entry.
subj_type;
02611 desc.
subj_id = acman_entry.
subj_id;
02612
rsbac_list_add(default_nettemp_nt_handle, &desc, &acman_entry.
rights);
02613 desc.
subj_type = sysadm_entry.
subj_type;
02614 desc.
subj_id = sysadm_entry.
subj_id;
02615
rsbac_list_add(default_nettemp_nt_handle, &desc, &sysadm_entry.
rights);
02616 desc.
subj_type = gen_entry.
subj_type;
02617 desc.
subj_id = gen_entry.
subj_id;
02618
rsbac_list_add(default_nettemp_nt_handle, &desc, &gen_entry.
rights);
02619 }
02620 lol_info.
version =
RSBAC_ACL_NETTEMP_LIST_VERSION;
02621 lol_info.
key =
RSBAC_ACL_LIST_KEY;
02622 lol_info.
desc_size =
sizeof(
rsbac_net_temp_id_t);
02623 lol_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02624 lol_info.
subdesc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02625 lol_info.
subdata_size =
sizeof(
rsbac_acl_rights_vector_t);
02626 lol_info.
max_age = 0;
02627 def_mask=
RSBAC_ACL_DEFAULT_NETOBJ_MASK;
02628 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
02629 &nettemp_handle,
02630 &lol_info,
02631 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02632
RSBAC_LIST_BACKUP |
02633 #endif
02634
RSBAC_LIST_PERSIST,
02635
rsbac_list_compare_u32,
02636
entry_compare,
02637
NULL,
02638
NULL,
02639 &def_mask,
02640
NULL,
02641
RSBAC_ACL_NETTEMP_FILENAME,
02642 RSBAC_AUTO_DEV);
02643
if(err)
02644 {
02645
registration_error(err,
"nettemp");
02646 }
02647 lol_info.
version =
RSBAC_ACL_NETOBJ_LIST_VERSION;
02648 lol_info.
key =
RSBAC_ACL_LIST_KEY;
02649 lol_info.
desc_size =
sizeof(
rsbac_net_obj_id_t);
02650 lol_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02651 lol_info.
subdesc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02652 lol_info.
subdata_size =
sizeof(
rsbac_acl_rights_vector_t);
02653 lol_info.
max_age = 0;
02654 def_mask=
RSBAC_ACL_DEFAULT_NETOBJ_MASK;
02655 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
02656 &netobj_handle,
02657 &lol_info,
02658 0,
02659
rsbac_list_compare_u32,
02660
entry_compare,
02661
NULL,
02662
NULL,
02663 &def_mask,
02664
NULL,
02665
RSBAC_ACL_NETOBJ_FILENAME,
02666 RSBAC_AUTO_DEV);
02667
if(err)
02668 {
02669
registration_error(err,
"netobj");
02670 }
02671 list_info.
version =
RSBAC_ACL_DEF_NETOBJ_LIST_VERSION;
02672 list_info.
key =
RSBAC_ACL_LIST_KEY;
02673 list_info.
desc_size =
sizeof(
struct rsbac_acl_entry_desc_t);
02674 list_info.
data_size =
sizeof(
rsbac_acl_rights_vector_t);
02675 list_info.
max_age = 0;
02676 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
02677 &default_netobj_handle,
02678 &list_info,
02679 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02680
RSBAC_LIST_BACKUP |
02681 #endif
02682
RSBAC_LIST_PERSIST,
02683
entry_compare,
02684
NULL,
02685
NULL,
02686
RSBAC_ACL_DEF_NETOBJ_FILENAME,
02687 RSBAC_AUTO_DEV);
02688
if(err)
02689 {
02690
registration_error(err,
"default netobj");
02691 }
02692
if(!
rsbac_no_defaults && !
rsbac_list_count(default_netobj_handle))
02693 {
02694
struct rsbac_acl_entry_desc_t desc;
02695
struct rsbac_acl_entry_t acman_entry =
RSBAC_ACL_ACMAN_NETOBJ_ENTRY;
02696
struct rsbac_acl_entry_t sysadm_entry =
RSBAC_ACL_SYSADM_NETOBJ_ENTRY;
02697
struct rsbac_acl_entry_t gen_entry =
RSBAC_ACL_GENERAL_NETOBJ_ENTRY;
02698
02699
#ifdef CONFIG_RSBAC_RMSG
02700
rsbac_printk(KERN_WARNING
02701
"rsbac_init_acl(): Network Object default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02702 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02703
#endif
02704
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02705
if (!rsbac_nosyslog)
02706
#endif
02707
printk(KERN_WARNING
02708
"rsbac_init_acl(): Network Object default ACL empty on dev %02u:%02u, generating standard ACL!\n",
02709 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02710 desc.
subj_type = acman_entry.
subj_type;
02711 desc.
subj_id = acman_entry.
subj_id;
02712
rsbac_list_add(default_netobj_handle, &desc, &acman_entry.
rights);
02713 desc.
subj_type = sysadm_entry.
subj_type;
02714 desc.
subj_id = sysadm_entry.
subj_id;
02715
rsbac_list_add(default_netobj_handle, &desc, &sysadm_entry.
rights);
02716 desc.
subj_type = gen_entry.
subj_type;
02717 desc.
subj_id = gen_entry.
subj_id;
02718
rsbac_list_add(default_netobj_handle, &desc, &gen_entry.
rights);
02719 }
02720
#endif
02721
02722
02723 list_info.
version =
RSBAC_ACL_GROUP_VERSION;
02724 list_info.
key =
RSBAC_ACL_LIST_KEY;
02725 list_info.
desc_size =
sizeof(
rsbac_acl_group_id_t);
02726 list_info.
data_size =
sizeof(
struct rsbac_acl_group_entry_t);
02727 list_info.
max_age = 0;
02728 err =
rsbac_list_register(
RSBAC_LIST_VERSION,
02729 &
group_handle,
02730 &list_info,
02731 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02732
RSBAC_LIST_BACKUP |
02733 #endif
02734
RSBAC_LIST_PERSIST,
02735
rsbac_list_compare_u32,
02736
NULL,
02737
NULL,
02738
RSBAC_ACL_GROUP_FILENAME,
02739 RSBAC_AUTO_DEV);
02740
if(err)
02741 {
02742
registration_error(err,
"group");
02743 }
02744
if(!
rsbac_no_defaults && !
rsbac_list_count(
group_handle))
02745 {
02746
#ifdef CONFIG_RSBAC_RMSG
02747
rsbac_printk(KERN_WARNING
02748
"rsbac_init_acl(): Group list empty on dev %02u:%02u!\n",
02749 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02750
#endif
02751
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02752
if (!rsbac_nosyslog)
02753
#endif
02754
printk(KERN_WARNING
02755
"rsbac_init_acl(): Group list empty on dev %02u:%02u!\n",
02756 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02757 }
02758
else
02759 {
02760
rsbac_list_get_max_desc(
group_handle, &
group_last_new);
02761 }
02762
02763
02764 lol_info.
version =
RSBAC_ACL_GM_VERSION;
02765 lol_info.
key =
RSBAC_ACL_LIST_KEY;
02766 lol_info.
desc_size =
sizeof(
rsbac_uid_t);
02767 lol_info.
data_size = 0;
02768 lol_info.
subdesc_size =
sizeof(
rsbac_acl_group_id_t);
02769 lol_info.
subdata_size = 0;
02770 lol_info.
max_age = 0;
02771 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
02772 &
gm_handle,
02773 &lol_info,
02774 #
if defined(CONFIG_RSBAC_ACL_BACKUP)
02775
RSBAC_LIST_BACKUP |
02776 #endif
02777
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
02778
rsbac_list_compare_u32,
02779
rsbac_list_compare_u32,
02780
NULL,
02781
NULL,
02782
NULL,
02783
NULL,
02784
RSBAC_ACL_GM_FILENAME,
02785 RSBAC_AUTO_DEV);
02786
if(err)
02787 {
02788
registration_error(err,
"gm");
02789 }
02790
if(!
rsbac_no_defaults && !
rsbac_list_lol_count(
gm_handle))
02791 {
02792
#ifdef CONFIG_RSBAC_RMSG
02793
rsbac_printk(KERN_WARNING
02794
"rsbac_init_acl(): Group membership list empty on dev %02u:%02u!\n",
02795 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02796
#endif
02797
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02798
if (!rsbac_nosyslog)
02799
#endif
02800
printk(KERN_WARNING
02801
"rsbac_init_acl(): Group membership list empty on dev %02u:%02u!\n",
02802 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev));
02803 }
02804
02805
#if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
02806
tmp_entry_p = create_proc_entry(
"acl_devices",
02807 S_IFREG | S_IRUGO,
02808
proc_rsbac_root_p);
02809
if(tmp_entry_p)
02810 {
02811 tmp_entry_p->get_info = acl_devices_proc_info;
02812 }
02813 tmp_entry_p = create_proc_entry(
"stats_acl",
02814 S_IFREG | S_IRUGO,
02815
proc_rsbac_root_p);
02816
if(tmp_entry_p)
02817 {
02818 tmp_entry_p->get_info = stats_acl_proc_info;
02819 }
02820 tmp_entry_p = create_proc_entry(
"acl_acllist",
02821 S_IFREG | S_IRUGO,
02822
proc_rsbac_root_p);
02823
if(tmp_entry_p)
02824 {
02825 tmp_entry_p->get_info = acl_acllist_proc_info;
02826 }
02827 tmp_entry_p = create_proc_entry(
"acl_grouplist",
02828 S_IFREG | S_IRUGO,
02829
proc_rsbac_root_p);
02830
if(tmp_entry_p)
02831 {
02832 tmp_entry_p->get_info = acl_grouplist_proc_info;
02833 }
02834
#endif
02835
02836
#ifdef CONFIG_RSBAC_DEBUG
02837
if (rsbac_debug_ds_acl)
02838 {
02839
#ifdef CONFIG_RSBAC_RMSG
02840
rsbac_printk(KERN_DEBUG
"rsbac_init_acl(): Ready.\n");
02841
#endif
02842
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02843
if (!rsbac_nosyslog)
02844
#endif
02845
printk(KERN_DEBUG
"rsbac_init_acl(): Ready.\n");
02846 }
02847
#endif
02848
return(err);
02849 };
02850
02851 int rsbac_mount_acl(kdev_t kdev)
02852 {
02853
int err = 0;
02854
struct rsbac_acl_device_list_item_t * device_p;
02855
struct rsbac_acl_device_list_item_t * new_device_p;
02856 u_long flags;
02857
02858
if (!
rsbac_is_initialized())
02859 {
02860
#ifdef CONFIG_RSBAC_RMSG
02861
rsbac_printk(KERN_WARNING
"rsbac_mount_acl(): RSBAC not initialized\n");
02862
#endif
02863
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02864
if (!rsbac_nosyslog)
02865
#endif
02866
printk(KERN_WARNING
"rsbac_mount_acl(): RSBAC not initialized\n");
02867
return(-
RSBAC_ENOTINITIALIZED);
02868 }
02869
#ifdef CONFIG_RSBAC_DEBUG
02870
if (rsbac_debug_ds_acl)
02871 {
02872
#ifdef CONFIG_RSBAC_RMSG
02873
rsbac_printk(KERN_DEBUG
"rsbac_mount_acl(): mounting device %02u:%02u\n",
02874 RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
02875
#endif
02876
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02877
if (!rsbac_nosyslog)
02878
#endif
02879
printk(KERN_DEBUG
"rsbac_mount_acl(): mounting device %02u:%02u\n",
02880 RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
02881 }
02882
#endif
02883
02884 rsbac_read_lock(&
device_list_head.
lock, &flags);
02885 device_p =
acl_lookup_device(kdev);
02886
02887
if(device_p)
02888 {
02889
#ifdef CONFIG_RSBAC_RMSG
02890
rsbac_printk(KERN_INFO
"rsbac_mount_acl: repeated mount %u of device %02u:%02u\n",
02891 device_p->mount_count, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02892
#endif
02893
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02894
if (!rsbac_nosyslog)
02895
#endif
02896
printk(KERN_INFO
"rsbac_mount_acl: repeated mount %u of device %02u:%02u\n",
02897 device_p->mount_count, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02898 device_p->mount_count++;
02899 rsbac_read_unlock(&
device_list_head.
lock, &flags);
02900
return 0;
02901 }
02902 rsbac_read_unlock(&
device_list_head.
lock, &flags);
02903
02904 new_device_p =
create_device_item(kdev);
02905
if(!new_device_p)
02906
return -
RSBAC_ECOULDNOTADDDEVICE;
02907
02908
if((err =
acl_register_fd_lists(new_device_p, kdev)))
02909 {
02910
char * tmp;
02911
02912 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
02913
if(tmp)
02914 {
02915
#ifdef CONFIG_RSBAC_RMSG
02916
rsbac_printk(KERN_WARNING
02917
"rsbac_mount_acl(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
02918 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev),
get_error_name(tmp,err));
02919
#endif
02920
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02921
if (!rsbac_nosyslog)
02922
#endif
02923
printk(KERN_WARNING
02924
"rsbac_mount_acl(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
02925 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev),
get_error_name(tmp,err));
02926
rsbac_kfree(tmp);
02927 }
02928 }
02929
02930
02931 rsbac_read_lock(&
device_list_head.
lock, &flags);
02932
02933 device_p =
acl_lookup_device(kdev);
02934
if(device_p)
02935 {
02936
#ifdef CONFIG_RSBAC_RMSG
02937
rsbac_printk(KERN_WARNING
02938
"rsbac_mount_acl(): mount race for device %02u:%02u detected!\n",
02939 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02940
#endif
02941
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02942
if (!rsbac_nosyslog)
02943
#endif
02944
printk(KERN_WARNING
02945
"rsbac_mount_acl(): mount race for device %02u:%02u detected!\n",
02946 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02947 device_p->mount_count++;
02948
02949
clear_device_item(new_device_p);
02950 rsbac_read_unlock(&
device_list_head.
lock, &flags);
02951 }
02952
else
02953 {
02954 rsbac_read_unlock(&
device_list_head.
lock, &flags);
02955 rsbac_write_lock_irq(&
device_list_head.
lock, &flags);
02956 device_p =
add_device_item(new_device_p);
02957 rsbac_write_unlock_irq(&
device_list_head.
lock, &flags);
02958
if(!device_p)
02959 {
02960
#ifdef CONFIG_RSBAC_RMSG
02961
rsbac_printk(KERN_WARNING
"rsbac_mount_acl: adding device %02u:%02u failed!\n",
02962 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02963
#endif
02964
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02965
if (!rsbac_nosyslog)
02966
#endif
02967
printk(KERN_WARNING
"rsbac_mount_acl: adding device %02u:%02u failed!\n",
02968 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02969
02970
clear_device_item(new_device_p);
02971 err = -
RSBAC_ECOULDNOTADDDEVICE;
02972 }
02973 }
02974
02975
return(err);
02976 };
02977
02978
02979
02980 int rsbac_umount_acl(kdev_t kdev)
02981 {
02982 u_long flags;
02983
struct rsbac_acl_device_list_item_t * device_p;
02984
02985
if (!
rsbac_is_initialized())
02986 {
02987
#ifdef CONFIG_RSBAC_RMSG
02988
rsbac_printk(KERN_WARNING
"rsbac_umount(): RSBAC not initialized\n");
02989
#endif
02990
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02991
if (!rsbac_nosyslog)
02992
#endif
02993
printk(KERN_WARNING
"rsbac_umount(): RSBAC not initialized\n");
02994
return(-
RSBAC_ENOTINITIALIZED);
02995 }
02996
02997
#ifdef CONFIG_RSBAC_DEBUG
02998
if (rsbac_debug_ds)
02999 {
03000
#ifdef CONFIG_RSBAC_RMSG
03001
rsbac_printk(KERN_DEBUG
"rsbac_umount_acl(): umounting device %02u:%02u\n",
03002 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03003
#endif
03004
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03005
if (!rsbac_nosyslog)
03006
#endif
03007
printk(KERN_DEBUG
"rsbac_umount_acl(): umounting device %02u:%02u\n",
03008 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03009 }
03010
#endif
03011
03012
03013 rsbac_write_lock(&
device_list_head.
lock, &flags);
03014
03015 device_p =
acl_lookup_device(kdev);
03016
if(device_p)
03017 {
03018
if(device_p->mount_count == 1)
03019
remove_device_item(kdev);
03020
else
03021 {
03022
if(device_p->mount_count > 1)
03023 {
03024 device_p->mount_count--;
03025 }
03026
else
03027 {
03028
#ifdef CONFIG_RSBAC_RMSG
03029
rsbac_printk(KERN_WARNING
"rsbac_umount_acl: device %02u:%02u has mount_count < 1!\n",
03030 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03031
#endif
03032
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03033
if (!rsbac_nosyslog)
03034
#endif
03035
printk(KERN_WARNING
"rsbac_umount_acl: device %02u:%02u has mount_count < 1!\n",
03036 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
03037 }
03038 }
03039 }
03040
03041 rsbac_write_unlock(&
device_list_head.
lock, &flags);
03042
return(0);
03043 };
03044
03045
03046
03047
03048 int rsbac_stats_acl(
void)
03049 {
03050 u_int item_count = 0;
03051 u_int member_count = 0;
03052
int tmp_count;
03053 u_int i;
03054 u_long dflags;
03055
struct rsbac_acl_device_list_item_t * device_p;
03056
03057
union rsbac_target_id_t rsbac_target_id;
03058
union rsbac_attribute_value_t rsbac_attribute_value;
03059
03060
if (!
rsbac_is_initialized)
03061 {
03062 printk(KERN_WARNING
"rsbac_stats_acl(): RSBAC not initialized\n");
03063
return(-
RSBAC_ENOTINITIALIZED);
03064 }
03065
#ifdef CONFIG_RSBAC_DEBUG
03066
if (rsbac_debug_aef_acl)
03067 {
03068
#ifdef CONFIG_RSBAC_RMSG
03069
rsbac_printk(KERN_DEBUG
"rsbac_stats_acl(): calling ADF\n");
03070
#endif
03071
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03072
if (!rsbac_nosyslog)
03073
#endif
03074
printk(KERN_DEBUG
"rsbac_stats_acl(): calling ADF\n");
03075 }
03076
#endif
03077
rsbac_target_id.
scd =
ST_rsbac;
03078 rsbac_attribute_value.
dummy = 0;
03079
if (!
rsbac_adf_request(
R_GET_STATUS_DATA,
03080 current->pid,
03081
T_SCD,
03082 rsbac_target_id,
03083
A_none,
03084 rsbac_attribute_value))
03085 {
03086
return -EPERM;
03087 }
03088
03089 printk(KERN_INFO
"ACL Status\n-----------\n");
03090
03091
03092 rsbac_read_lock(&
device_list_head.
lock, &dflags);
03093 device_p =
device_list_head.
head;
03094
while(device_p)
03095 {
03096
03097 item_count = 0;
03098 member_count = 0;
03099
for(i=0; i<
RSBAC_ACL_NR_FD_LISTS; i++)
03100 {
03101 tmp_count =
rsbac_list_lol_count(device_p->handles[i]);
03102
if(tmp_count > 0)
03103 item_count+=tmp_count;
03104 tmp_count =
rsbac_list_lol_all_subcount(device_p->handles[i]);
03105
if(tmp_count > 0)
03106 member_count += tmp_count;
03107 }
03108 printk(KERN_INFO
03109
"device %02u:%02u has %u file ACLs, sum of %u members\n",
03110 RSBAC_MAJOR(device_p->id),
03111 RSBAC_MINOR(device_p->id),
03112 item_count,
03113 member_count);
03114 device_p = device_p->next;
03115 }
03116
03117 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
03118
03119
03120 printk(KERN_INFO
03121
"%li device ACL items, sum of %li members\n",
03122
rsbac_list_lol_count(
dev_handle),
03123
rsbac_list_lol_all_subcount(
dev_handle));
03124
03125
03126 printk(KERN_INFO
03127
"%li scd ACL items, sum of %li members\n",
03128
rsbac_list_lol_count(
scd_handle),
03129
rsbac_list_lol_all_subcount(
scd_handle));
03130
03131
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
03132
03133 printk(KERN_INFO
03134
"%li network device ACL items, sum of %li members\n",
03135
rsbac_list_lol_count(netdev_handle),
03136
rsbac_list_lol_all_subcount(netdev_handle));
03137
#endif
03138
03139
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
03140
03141 printk(KERN_INFO
03142
"%li network template NT ACL items, sum of %li members\n",
03143
rsbac_list_lol_count(nettemp_nt_handle),
03144
rsbac_list_lol_all_subcount(nettemp_nt_handle));
03145
03146 printk(KERN_INFO
03147
"%li network template ACL items, sum of %li members\n",
03148
rsbac_list_lol_count(nettemp_handle),
03149
rsbac_list_lol_all_subcount(nettemp_handle));
03150
03151 printk(KERN_INFO
03152
"%li network object ACL items, sum of %li members\n",
03153
rsbac_list_lol_count(netobj_handle),
03154
rsbac_list_lol_all_subcount(netobj_handle));
03155
#endif
03156
03157 printk(KERN_INFO
03158
"%li groups, last new is %u\n",
03159
rsbac_list_count(
group_handle),
03160
group_last_new);
03161
03162
03163 printk(KERN_INFO
03164
"%li group member items, sum of %li group memberships\n",
03165
rsbac_list_lol_count(
gm_handle),
03166
rsbac_list_lol_all_subcount(
gm_handle));
03167
03168
return(0);
03169 };
03170
03171
03172
03173
03174 int rsbac_check_acl(
int correct,
int check_inode)
03175 {
03176
struct rsbac_acl_device_list_item_t * device_p;
03177 u_long f_count = 0, f_sum = 0, tmp_count,
03178 r_count, u_count, b_count, no_member_count;
03179
int list_no;
03180 u_long dflags;
03181
long desc_count;
03182
long sub_desc_count;
03183
rsbac_inode_nr_t * fd_desc_p;
03184
struct rsbac_dev_desc_t * dev_desc_p;
03185 __u8 * scd_desc_p;
03186
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
03187
rsbac_netdev_id_t * netdev_desc_p;
03188
#endif
03189
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
03190
rsbac_net_temp_id_t * nettemp_desc_p;
03191
rsbac_net_obj_id_t * netobj_desc_p;
03192
#endif
03193
struct rsbac_acl_entry_desc_t * sub_desc_p;
03194
struct super_block * sb_p;
03195
struct inode * inode_p;
03196
rsbac_uid_t * user_p;
03197
rsbac_acl_group_id_t * group_p;
03198 u_int i,j;
03199
03200
if (!
rsbac_is_initialized())
03201 {
03202
#ifdef CONFIG_RSBAC_RMSG
03203
rsbac_printk(KERN_WARNING
"rsbac_check_acl(): RSBAC not initialized\n");
03204
#endif
03205
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03206
if (!rsbac_nosyslog)
03207
#endif
03208
printk(KERN_WARNING
"rsbac_check_acl(): RSBAC not initialized\n");
03209
return(-
RSBAC_ENOTINITIALIZED);
03210 }
03211
03212
03213 tmp_count = 0;
03214 desc_count =
rsbac_list_lol_get_all_desc(
gm_handle, (
void **) &user_p);
03215
if(desc_count > 0)
03216 {
03217
for(i=0; i<desc_count; i++)
03218 {
03219 sub_desc_count =
rsbac_list_lol_get_all_subdesc(
gm_handle, &user_p[i], (
void **) &group_p);
03220
if(sub_desc_count > 0)
03221 {
03222
for(j=0; j<sub_desc_count; j++)
03223 {
03224
if(!
rsbac_list_exist(
group_handle, &group_p[j]))
03225 {
03226
#ifdef CONFIG_RSBAC_RMSG
03227
rsbac_printk(KERN_WARNING
03228
"rsbac_check_acl(): removing user %u membership in non-existent group %u!\n",
03229 user_p[i], group_p[j]);
03230
#endif
03231
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03232
if (!rsbac_nosyslog)
03233
#endif
03234
printk(KERN_WARNING
03235
"rsbac_check_acl(): removing user %u membership in non-existent group %u!\n",
03236 user_p[i], group_p[j]);
03237
rsbac_list_lol_subremove(
gm_handle, &user_p[i], &group_p[j]);
03238 }
03239 }
03240
rsbac_vfree(group_p);
03241 }
03242
else
03243 {
03244
03245
if(!sub_desc_count)
03246
rsbac_list_lol_remove(
gm_handle, &user_p[i]);
03247 }
03248 }
03249
rsbac_vfree(user_p);
03250 }
03251
03252
#ifdef CONFIG_RSBAC_RMSG
03253
rsbac_printk(KERN_INFO
"rsbac_check_acl(): %li group membership items\n",
03254
rsbac_list_lol_count(
gm_handle));
03255
#endif
03256
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03257
if (!rsbac_nosyslog)
03258
#endif
03259
printk(KERN_INFO
"rsbac_check_acl(): %li group membership items\n",
03260
rsbac_list_lol_count(
gm_handle));
03261
03262
03263
#ifdef CONFIG_RSBAC_RMSG
03264
rsbac_printk(KERN_INFO
"rsbac_check_acl(): %li group items\n",
03265
rsbac_list_count(
group_handle));
03266
#endif
03267
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03268
if (!rsbac_nosyslog)
03269
#endif
03270
printk(KERN_INFO
"rsbac_check_acl(): %li group items\n",
03271
rsbac_list_count(
group_handle));
03272
03273
03274
03275 rsbac_read_lock(&
device_list_head.
lock, &dflags);
03276
03277
03278
03279 device_p =
device_list_head.
head;
03280
while (device_p)
03281 {
03282 f_count = 0;
03283 r_count = 0;
03284 u_count = 0;
03285 b_count = 0;
03286 no_member_count = 0;
03287
if(check_inode)
03288 {
03289 sb_p =
rsbac_get_super_block(device_p->id);
03290
if(!sb_p)
03291 {
03292
#ifdef CONFIG_RSBAC_RMSG
03293
rsbac_printk(KERN_WARNING
"rsbac_check_acl(): no super block for device %02u:%02u!\n",
03294 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
03295
#endif
03296
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03297
if (!rsbac_nosyslog)
03298
#endif
03299
printk(KERN_WARNING
"rsbac_check_acl(): no super block for device %02u:%02u!\n",
03300 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
03301 }
03302 }
03303
else
03304 sb_p =
NULL;
03305
03306
03307
for(list_no = 0; list_no <
RSBAC_ACL_NR_FD_LISTS; list_no++)
03308 {
03309
03310
03311 tmp_count = 0;
03312 desc_count =
rsbac_list_lol_get_all_desc(device_p->handles[list_no], (
void **) &fd_desc_p);
03313
if(desc_count > 0)
03314 {
03315
for(i=0; i<desc_count; i++)
03316 {
03317
03318
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03319
if(sb_p)
03320
#else
03321
if(sb_p && !sb_p->s_op->read_inode2)
03322
#endif
03323
{
03324 inode_p = iget(sb_p, fd_desc_p[i]);
03325
if(is_bad_inode(inode_p))
03326 {
03327 b_count++;
03328
if(correct)
03329 {
03330
#ifdef CONFIG_RSBAC_RMSG
03331
rsbac_printk(KERN_INFO
03332
"rsbac_check_acl(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
03333 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03334
#endif
03335
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03336
if (!rsbac_nosyslog)
03337
#endif
03338
printk(KERN_INFO
03339
"rsbac_check_acl(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
03340 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03341
rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
03342
continue;
03343 }
03344
else
03345 {
03346
#ifdef CONFIG_RSBAC_RMSG
03347
rsbac_printk(KERN_INFO
03348
"rsbac_check_acl(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
03349 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03350
#endif
03351
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03352
if (!rsbac_nosyslog)
03353
#endif
03354
printk(KERN_INFO
03355
"rsbac_check_acl(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
03356 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03357 }
03358 }
03359
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
03360
else
03361 {
03362
03363
if(sb_p->s_magic == EXT2_SUPER_MAGIC)
03364 {
03365
if(inode_p->u.ext2_i.i_dtime)
03366 {
03367 r_count++;
03368
if(correct)
03369 {
03370
#ifdef CONFIG_RSBAC_RMSG
03371
rsbac_printk(KERN_INFO
03372
"rsbac_check_acl(): fd_item for deleted inode %u on device %02u:%02u, list %u, removing!\n",
03373 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03374
#endif
03375
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03376
if (!rsbac_nosyslog)
03377
#endif
03378
printk(KERN_INFO
03379
"rsbac_check_acl(): fd_item for deleted inode %u on device %02u:%02u, list %u, removing!\n",
03380 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03381
rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
03382
continue;
03383 }
03384
else
03385 {
03386
#ifdef CONFIG_RSBAC_RMSG
03387
rsbac_printk(KERN_INFO
03388
"rsbac_check_acl(): fd_item for deleted inode %u on device %02u:%02u, list %u!\n",
03389 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03390
#endif
03391
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03392
if (!rsbac_nosyslog)
03393
#endif
03394
printk(KERN_INFO
03395
"rsbac_check_acl(): fd_item for deleted inode %u on device %02u:%02u, list %u!\n",
03396 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03397 }
03398 }
03399
else
03400 {
03401
if(inode_p->i_nlink <= 0)
03402 {
03403 u_count++;
03404
if(correct >= 2)
03405 {
03406
#ifdef CONFIG_RSBAC_RMSG
03407
rsbac_printk(KERN_INFO
03408
"rsbac_check_acl(): fd_item for inode %u with nlink <= 0 on device %02u:%02u, list %u, removing!\n",
03409 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03410
#endif
03411
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03412
if (!rsbac_nosyslog)
03413
#endif
03414
printk(KERN_INFO
03415
"rsbac_check_acl(): fd_item for inode %u with nlink <= 0 on device %02u:%02u, list %u, removing!\n",
03416 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03417
rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
03418
continue;
03419 }
03420
else
03421 {
03422
#ifdef CONFIG_RSBAC_RMSG
03423
rsbac_printk(KERN_INFO
03424
"rsbac_check_acl(): deleted inode %u on device %02u:%02u, list %u, has no dtime!\n",
03425 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03426
#endif
03427
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03428
if (!rsbac_nosyslog)
03429
#endif
03430
printk(KERN_INFO
03431
"rsbac_check_acl(): deleted inode %u on device %02u:%02u, list %u, has no dtime!\n",
03432 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
03433 }
03434 }
03435 }
03436 }
03437 }
03438
#endif
03439 iput(inode_p);
03440 }
03441
03442
03443 sub_desc_count =
rsbac_list_lol_get_all_subdesc(device_p->handles[list_no],
03444 &fd_desc_p[i],
03445 (
void **) &sub_desc_p);
03446
if(sub_desc_count > 0)
03447 {
03448
for(j=0; j<sub_desc_count; j++)
03449 {
03450
if( (sub_desc_p[j].subj_type ==
ACLS_GROUP)
03451 && sub_desc_p[j].subj_id
03452 && !
rsbac_list_exist(
group_handle, &sub_desc_p[j].subj_id))
03453 {
03454
if(correct)
03455 {
03456
03457
#ifdef CONFIG_RSBAC_DEBUG
03458
if(rsbac_debug_ds)
03459 {
03460
#ifdef CONFIG_RSBAC_RMSG
03461
rsbac_printk(KERN_DEBUG
03462
"rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid group %u in ACL -> removing entry!\n",
03463 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03464
#endif
03465
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03466
if (!rsbac_nosyslog)
03467
#endif
03468
printk(KERN_DEBUG
03469
"rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid group %u in ACL -> removing entry!\n",
03470 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03471 }
03472
#endif
03473
rsbac_list_lol_subremove(device_p->handles[list_no],
03474 &fd_desc_p[i], &sub_desc_p[j]);
03475 }
03476
else
03477 {
03478
03479
#ifdef CONFIG_RSBAC_DEBUG
03480
if(rsbac_debug_ds)
03481 {
03482
#ifdef CONFIG_RSBAC_RMSG
03483
rsbac_printk(KERN_DEBUG
03484
"rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid group %u in ACL!\n",
03485 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03486
#endif
03487
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03488
if (!rsbac_nosyslog)
03489
#endif
03490
printk(KERN_DEBUG
03491
"rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid group %u in ACL!\n",
03492 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03493 }
03494
#endif
03495
}
03496 }
03497
#if defined(CONFIG_RSBAC_RC)
03498
else
03499
if( (sub_desc_p[j].subj_type ==
ACLS_ROLE)
03500 && (sub_desc_p[j].subj_id >
RC_role_max_value)
03501 )
03502 {
03503
if(correct)
03504 {
03505
03506
#ifdef CONFIG_RSBAC_DEBUG
03507
if(rsbac_debug_ds)
03508 {
03509
#ifdef CONFIG_RSBAC_RMSG
03510
rsbac_printk(KERN_DEBUG
03511
"rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid RC role %u in ACL -> removing entry!\n",
03512 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03513
#endif
03514
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03515
if (!rsbac_nosyslog)
03516
#endif
03517
printk(KERN_DEBUG
03518
"rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid RC role %u in ACL -> removing entry!\n",
03519 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03520 }
03521
#endif
03522
rsbac_list_lol_subremove(device_p->handles[list_no],
03523 &fd_desc_p[i], &sub_desc_p[j]);
03524 }
03525
else
03526 {
03527
03528
#ifdef CONFIG_RSBAC_DEBUG
03529
if(rsbac_debug_ds)
03530 {
03531
#ifdef CONFIG_RSBAC_RMSG
03532
rsbac_printk(KERN_DEBUG
03533
"rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid role %u in ACL!\n",
03534 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03535
#endif
03536
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03537
if (!rsbac_nosyslog)
03538
#endif
03539
printk(KERN_DEBUG
03540
"rsbac_check_acl(): fd_item for inode %u on device %02u:%02u, list %u, has invalid role %u in ACL!\n",
03541 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no, sub_desc_p[j].subj_id);
03542 }
03543
#endif
03544
}
03545 }
03546
#endif
03547
}
03548
rsbac_vfree(sub_desc_p);
03549 }
03550 }
03551 tmp_count++;
03552
rsbac_vfree(fd_desc_p);
03553 f_count += desc_count;
03554 }
03555 }
03556
03557
switch(correct)
03558 {
03559
case 2:
03560
#ifdef CONFIG_RSBAC_RMSG
03561
rsbac_printk(KERN_INFO
03562
"rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu unlinked inodes, %lu had no members and default mask))\n",
03563 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + u_count + no_member_count,
03564 b_count, r_count, u_count, no_member_count);
03565
#endif
03566
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03567
if (!rsbac_nosyslog)
03568
#endif
03569
printk(KERN_INFO
03570
"rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu unlinked inodes, %lu had no members and default mask))\n",
03571 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + u_count + no_member_count,
03572 b_count, r_count, u_count, no_member_count);
03573
break;
03574
case 1:
03575
#ifdef CONFIG_RSBAC_RMSG
03576
rsbac_printk(KERN_INFO
03577
"rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu had no members and default mask), %lu unlinked inodes)\n",
03578 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + no_member_count,
03579 b_count, r_count, no_member_count, u_count);
03580
#endif
03581
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03582
if (!rsbac_nosyslog)
03583
#endif
03584
printk(KERN_INFO
03585
"rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu had no members and default mask), %lu unlinked inodes)\n",
03586 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + no_member_count,
03587 b_count, r_count, no_member_count, u_count);
03588
break;
03589
default:
03590
#ifdef CONFIG_RSBAC_RMSG
03591
rsbac_printk(KERN_INFO
03592
"rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu with bad inodes, %lu with dtimed inodes, %lu unlinked inodes, %lu without members and with default mask)\n",
03593 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count,
03594 b_count, r_count, u_count, no_member_count);
03595
#endif
03596
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03597
if (!rsbac_nosyslog)
03598
#endif
03599
printk(KERN_INFO
03600
"rsbac_check_acl(): Device %02u:%02u has %lu file/dir ACLs (%lu with bad inodes, %lu with dtimed inodes, %lu unlinked inodes, %lu without members and with default mask)\n",
03601 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count,
03602 b_count, r_count, u_count, no_member_count);
03603 }
03604 f_sum += f_count;
03605
03606 device_p = device_p->next;
03607 }
03608
#ifdef CONFIG_RSBAC_RMSG
03609
rsbac_printk(KERN_INFO
"rsbac_check_acl(): Sum of %u Devices with %lu file/dir ACLs\n",
03610
device_list_head.
count, f_sum);
03611
#endif
03612
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03613
if (!rsbac_nosyslog)
03614
#endif
03615
printk(KERN_INFO
"rsbac_check_acl(): Sum of %u Devices with %lu file/dir ACLs\n",
03616
device_list_head.
count, f_sum);
03617
03618 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
03619
03620
03621 tmp_count = 0;
03622 desc_count =
rsbac_list_lol_get_all_desc(
dev_handle, (
void **) &dev_desc_p);
03623
if(desc_count > 0)
03624 {
03625
for(i=0; i<desc_count; i++)
03626 {
03627
03628 sub_desc_count =
rsbac_list_lol_get_all_subdesc(
dev_handle,
03629 &dev_desc_p[i],
03630 (
void **) &sub_desc_p);
03631
if(sub_desc_count > 0)
03632 {
03633
for(j=0; j<sub_desc_count; j++)
03634 {
03635
if( (sub_desc_p[j].subj_type ==
ACLS_GROUP)
03636 && sub_desc_p[j].subj_id
03637 && !
rsbac_list_exist(
group_handle, &sub_desc_p[j].subj_id))
03638 {
03639
if(correct)
03640 {
03641
03642
#ifdef CONFIG_RSBAC_DEBUG
03643
if(rsbac_debug_ds)
03644 {
03645
#ifdef CONFIG_RSBAC_RMSG
03646
rsbac_printk(KERN_DEBUG
03647
"rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL -> removing entry!\n",
03648
'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
03649
#endif
03650
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03651
if (!rsbac_nosyslog)
03652
#endif
03653
printk(KERN_DEBUG
03654
"rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL -> removing entry!\n",
03655
'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
03656 }
03657
#endif
03658
rsbac_list_lol_subremove(
dev_handle, &dev_desc_p[i], &sub_desc_p[j]);
03659 }
03660
else
03661 {
03662
#ifdef CONFIG_RSBAC_DEBUG
03663
03664
if(rsbac_debug_ds)
03665 {
03666
#ifdef CONFIG_RSBAC_RMSG
03667
rsbac_printk(KERN_DEBUG
03668
"rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL!\n",
03669
'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
03670
#endif
03671
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03672
if (!rsbac_nosyslog)
03673
#endif
03674
printk(KERN_DEBUG
03675
"rsbac_check_acl(): dev_item %c%02u:%02u, has invalid group %u in ACL!\n",
03676
'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
03677 }
03678
#endif
03679
}
03680 }
03681
#if defined(CONFIG_RSBAC_RC)
03682
else
03683
if( (sub_desc_p[j].subj_type ==
ACLS_ROLE)
03684 && (sub_desc_p[j].subj_id >
RC_role_max_value)
03685 )
03686 {
03687
if(correct)
03688 {
03689
03690
#ifdef CONFIG_RSBAC_DEBUG
03691
if(rsbac_debug_ds)
03692 {
03693
#ifdef CONFIG_RSBAC_RMSG
03694
rsbac_printk(KERN_DEBUG
03695
"rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL -> removing entry!\n",
03696
'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
03697
#endif
03698
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03699
if (!rsbac_nosyslog)
03700
#endif
03701
printk(KERN_DEBUG
03702
"rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL -> removing entry!\n",
03703
'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
03704 }
03705
#endif
03706
rsbac_list_lol_subremove(
dev_handle, &dev_desc_p[i], &sub_desc_p[j]);
03707 }
03708
else
03709 {
03710
#ifdef CONFIG_RSBAC_DEBUG
03711
03712
if(rsbac_debug_ds)
03713 {
03714
#ifdef CONFIG_RSBAC_RMSG
03715
rsbac_printk(KERN_DEBUG
03716
"rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL!\n",
03717
'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
03718
#endif
03719
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03720
if (!rsbac_nosyslog)
03721
#endif
03722
printk(KERN_DEBUG
03723
"rsbac_check_acl(): dev_item %c%02u:%02u, has invalid role %u in ACL!\n",
03724
'B'+dev_desc_p[i].type, dev_desc_p[i].major, dev_desc_p[i].minor, sub_desc_p[j].subj_id);
03725 }
03726
#endif
03727
}
03728 }
03729
#endif
03730
}
03731
rsbac_vfree(sub_desc_p);
03732 }
03733 }
03734
rsbac_vfree(dev_desc_p);
03735 f_sum += desc_count;
03736 }
03737
#ifdef CONFIG_RSBAC_RMSG
03738
rsbac_printk(KERN_INFO
"rsbac_check_acl(): %li device items\n",
03739 desc_count);
03740
#endif
03741
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03742
if (!rsbac_nosyslog)
03743
#endif
03744
printk(KERN_INFO
"rsbac_check_acl(): %li device items\n",
03745 desc_count);
03746
03747
03748 tmp_count = 0;
03749 desc_count =
rsbac_list_lol_get_all_desc(
scd_handle, (
void **) &scd_desc_p);
03750
if(desc_count > 0)
03751 {
03752
for(i=0; i<desc_count; i++)
03753 {
03754
03755 sub_desc_count =
rsbac_list_lol_get_all_subdesc(
scd_handle,
03756 &scd_desc_p[i],
03757 (
void **) &sub_desc_p);
03758
if(sub_desc_count > 0)
03759 {
03760
for(j=0; j<sub_desc_count; j++)
03761 {
03762
if( (sub_desc_p[j].subj_type ==
ACLS_GROUP)
03763 && sub_desc_p[j].subj_id
03764 && !
rsbac_list_exist(
group_handle, &sub_desc_p[j].subj_id))
03765 {
03766
if(correct)
03767 {
03768
03769
#ifdef CONFIG_RSBAC_DEBUG
03770
if(rsbac_debug_ds)
03771 {
03772
#ifdef CONFIG_RSBAC_RMSG
03773
rsbac_printk(KERN_DEBUG
03774
"rsbac_check_acl(): scd_item %u has invalid group %u in ACL -> removing entry!\n",
03775 scd_desc_p[i], sub_desc_p[j].subj_id);
03776
#endif
03777
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03778
if (!rsbac_nosyslog)
03779
#endif
03780
printk(KERN_DEBUG
03781
"rsbac_check_acl(): scd_item %u has invalid group %u in ACL -> removing entry!\n",
03782 scd_desc_p[i], sub_desc_p[j].subj_id);
03783 }
03784
#endif
03785
rsbac_list_lol_subremove(
scd_handle, &scd_desc_p[i], &sub_desc_p[j]);
03786 }
03787
else
03788 {
03789
#ifdef CONFIG_RSBAC_DEBUG
03790
03791
if(rsbac_debug_ds)
03792 {
03793
#ifdef CONFIG_RSBAC_RMSG
03794
rsbac_printk(KERN_DEBUG
03795
"rsbac_check_acl(): scd_item %u has invalid group %u in ACL!\n",
03796 scd_desc_p[i], sub_desc_p[j].subj_id);
03797
#endif
03798
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03799
if (!rsbac_nosyslog)
03800
#endif
03801
printk(KERN_DEBUG
03802
"rsbac_check_acl(): scd_item %u has invalid group %u in ACL!\n",
03803 scd_desc_p[i], sub_desc_p[j].subj_id);
03804 }
03805
#endif
03806
}
03807 }
03808
#if defined(CONFIG_RSBAC_RC)
03809
else
03810
if( (sub_desc_p[j].subj_type ==
ACLS_ROLE)
03811 && (sub_desc_p[j].subj_id >
RC_role_max_value)
03812 )
03813 {
03814
if(correct)
03815 {
03816
03817
#ifdef CONFIG_RSBAC_DEBUG
03818
if(rsbac_debug_ds)
03819 {
03820
#ifdef CONFIG_RSBAC_RMSG
03821
rsbac_printk(KERN_DEBUG
03822
"rsbac_check_acl(): scd_item %u has invalid role %u in ACL -> removing entry!\n",
03823 scd_desc_p[i], sub_desc_p[j].subj_id);
03824
#endif
03825
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03826
if (!rsbac_nosyslog)
03827
#endif
03828
printk(KERN_DEBUG
03829
"rsbac_check_acl(): scd_item %u has invalid role %u in ACL -> removing entry!\n",
03830 scd_desc_p[i], sub_desc_p[j].subj_id);
03831 }
03832
#endif
03833
rsbac_list_lol_subremove(
scd_handle, &scd_desc_p[i], &sub_desc_p[j]);
03834 }
03835
else
03836 {
03837
#ifdef CONFIG_RSBAC_DEBUG
03838
03839
if(rsbac_debug_ds)
03840 {
03841
#ifdef CONFIG_RSBAC_RMSG
03842
rsbac_printk(KERN_DEBUG
03843
"rsbac_check_acl(): scd_item %u has invalid role %u in ACL!\n",
03844 scd_desc_p[i], sub_desc_p[j].subj_id);
03845
#endif
03846
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03847
if (!rsbac_nosyslog)
03848
#endif
03849
printk(KERN_DEBUG
03850
"rsbac_check_acl(): scd_item %u has invalid role %u in ACL!\n",
03851 scd_desc_p[i], sub_desc_p[j].subj_id);
03852 }
03853
#endif
03854
}
03855 }
03856
#endif
03857
}
03858
rsbac_vfree(sub_desc_p);
03859 }
03860 }
03861
rsbac_vfree(scd_desc_p);
03862 f_sum += desc_count;
03863 }
03864
#ifdef CONFIG_RSBAC_RMSG
03865
rsbac_printk(KERN_INFO
"rsbac_check_acl(): %li SCD items\n",
03866 desc_count);
03867
#endif
03868
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03869
if (!rsbac_nosyslog)
03870
#endif
03871
printk(KERN_INFO
"rsbac_check_acl(): %li SCD items\n",
03872 desc_count);
03873
03874
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
03875
03876 tmp_count = 0;
03877 desc_count =
rsbac_list_lol_get_all_desc(netdev_handle, (
void **) &netdev_desc_p);
03878
if(desc_count > 0)
03879 {
03880
for(i=0; i<desc_count; i++)
03881 {
03882
03883 sub_desc_count =
rsbac_list_lol_get_all_subdesc(netdev_handle,
03884 &netdev_desc_p[i],
03885 (
void **) &sub_desc_p);
03886
if(sub_desc_count > 0)
03887 {
03888
for(j=0; j<sub_desc_count; j++)
03889 {
03890
if( (sub_desc_p[j].subj_type ==
ACLS_GROUP)
03891 && sub_desc_p[j].subj_id
03892 && !
rsbac_list_exist(
group_handle, &sub_desc_p[j].subj_id))
03893 {
03894
if(correct)
03895 {
03896
03897
#ifdef CONFIG_RSBAC_DEBUG
03898
if(rsbac_debug_ds)
03899 {
03900
#ifdef CONFIG_RSBAC_RMSG
03901
rsbac_printk(KERN_DEBUG
03902
"rsbac_check_acl(): netdev_item %s has invalid group %u in ACL -> removing entry!\n",
03903 netdev_desc_p[i], sub_desc_p[j].subj_id);
03904
#endif
03905
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03906
if (!rsbac_nosyslog)
03907
#endif
03908
printk(KERN_DEBUG
03909
"rsbac_check_acl(): netdev_item %s has invalid group %u in ACL -> removing entry!\n",
03910 netdev_desc_p[i], sub_desc_p[j].subj_id);
03911 }
03912
#endif
03913
rsbac_list_lol_subremove(netdev_handle, &netdev_desc_p[i], &sub_desc_p[j]);
03914 }
03915
else
03916 {
03917
#ifdef CONFIG_RSBAC_DEBUG
03918
03919
if(rsbac_debug_ds)
03920 {
03921
#ifdef CONFIG_RSBAC_RMSG
03922
rsbac_printk(KERN_DEBUG
03923
"rsbac_check_acl(): netdev_item %s has invalid group %u in ACL!\n",
03924 netdev_desc_p[i], sub_desc_p[j].subj_id);
03925
#endif
03926
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03927
if (!rsbac_nosyslog)
03928
#endif
03929
printk(KERN_DEBUG
03930
"rsbac_check_acl(): netdev_item %s has invalid group %u in ACL!\n",
03931 netdev_desc_p[i], sub_desc_p[j].subj_id);
03932 }
03933
#endif
03934
}
03935 }
03936
#if defined(CONFIG_RSBAC_RC)
03937
else
03938
if( (sub_desc_p[j].subj_type ==
ACLS_ROLE)
03939 && (sub_desc_p[j].subj_id >
RC_role_max_value)
03940 )
03941 {
03942
if(correct)
03943 {
03944
03945
#ifdef CONFIG_RSBAC_DEBUG
03946
if(rsbac_debug_ds)
03947 {
03948
#ifdef CONFIG_RSBAC_RMSG
03949
rsbac_printk(KERN_DEBUG
03950
"rsbac_check_acl(): netdev_item %s has invalid role %u in ACL -> removing entry!\n",
03951 netdev_desc_p[i], sub_desc_p[j].subj_id);
03952
#endif
03953
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03954
if (!rsbac_nosyslog)
03955
#endif
03956
printk(KERN_DEBUG
03957
"rsbac_check_acl(): netdev_item %s has invalid role %u in ACL -> removing entry!\n",
03958 netdev_desc_p[i], sub_desc_p[j].subj_id);
03959 }
03960
#endif
03961
rsbac_list_lol_subremove(netdev_handle, &netdev_desc_p[i], &sub_desc_p[j]);
03962 }
03963
else
03964 {
03965
#ifdef CONFIG_RSBAC_DEBUG
03966
03967
if(rsbac_debug_ds)
03968 {
03969
#ifdef CONFIG_RSBAC_RMSG
03970
rsbac_printk(KERN_DEBUG
03971
"rsbac_check_acl(): netdev_item %s has invalid role %u in ACL!\n",
03972 netdev_desc_p[i], sub_desc_p[j].subj_id);
03973
#endif
03974
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03975
if (!rsbac_nosyslog)
03976
#endif
03977
printk(KERN_DEBUG
03978
"rsbac_check_acl(): netdev_item %s has invalid role %u in ACL!\n",
03979 netdev_desc_p[i], sub_desc_p[j].subj_id);
03980 }
03981
#endif
03982
}
03983 }
03984
#endif
03985
}
03986
rsbac_vfree(sub_desc_p);
03987 }
03988 }
03989
rsbac_vfree(netdev_desc_p);
03990 f_sum += desc_count;
03991 }
03992
#ifdef CONFIG_RSBAC_RMSG
03993
rsbac_printk(KERN_INFO
"rsbac_check_acl(): %li network device items\n",
03994 desc_count);
03995
#endif
03996
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03997
if (!rsbac_nosyslog)
03998
#endif
03999
printk(KERN_INFO
"rsbac_check_acl(): %li network device items\n",
04000 desc_count);
04001
#endif
04002
04003
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
04004
04005 tmp_count = 0;
04006 desc_count =
rsbac_list_lol_get_all_desc(nettemp_nt_handle, (
void **) &nettemp_desc_p);
04007
if(desc_count > 0)
04008 {
04009
for(i=0; i<desc_count; i++)
04010 {
04011
04012 sub_desc_count =
rsbac_list_lol_get_all_subdesc(nettemp_nt_handle,
04013 &nettemp_desc_p[i],
04014 (
void **) &sub_desc_p);
04015
if(sub_desc_count > 0)
04016 {
04017
for(j=0; j<sub_desc_count; j++)
04018 {
04019
if( (sub_desc_p[j].subj_type ==
ACLS_GROUP)
04020 && sub_desc_p[j].subj_id
04021 && !
rsbac_list_exist(
group_handle, &sub_desc_p[j].subj_id))
04022 {
04023
if(correct)
04024 {
04025
04026
#ifdef CONFIG_RSBAC_DEBUG
04027
if(rsbac_debug_ds)
04028 {
04029
#ifdef CONFIG_RSBAC_RMSG
04030
rsbac_printk(KERN_DEBUG
04031
"rsbac_check_acl(): nettemp_nt_item %u has invalid group %u in ACL -> removing entry!\n",
04032 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04033
#endif
04034
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04035
if (!rsbac_nosyslog)
04036
#endif
04037
printk(KERN_DEBUG
04038
"rsbac_check_acl(): nettemp_nt_item %u has invalid group %u in ACL -> removing entry!\n",
04039 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04040 }
04041
#endif
04042
rsbac_list_lol_subremove(nettemp_nt_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
04043 }
04044
else
04045 {
04046
#ifdef CONFIG_RSBAC_DEBUG
04047
04048
if(rsbac_debug_ds)
04049 {
04050
#ifdef CONFIG_RSBAC_RMSG
04051
rsbac_printk(KERN_DEBUG
04052
"rsbac_check_acl(): nettemp_nt_item %u has invalid group %u in ACL!\n",
04053 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04054
#endif
04055
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04056
if (!rsbac_nosyslog)
04057
#endif
04058
printk(KERN_DEBUG
04059
"rsbac_check_acl(): nettemp_nt_item %u has invalid group %u in ACL!\n",
04060 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04061 }
04062
#endif
04063
}
04064 }
04065
#if defined(CONFIG_RSBAC_RC)
04066
else
04067
if( (sub_desc_p[j].subj_type ==
ACLS_ROLE)
04068 && (sub_desc_p[j].subj_id >
RC_role_max_value)
04069 )
04070 {
04071
if(correct)
04072 {
04073
04074
#ifdef CONFIG_RSBAC_DEBUG
04075
if(rsbac_debug_ds)
04076 {
04077
#ifdef CONFIG_RSBAC_RMSG
04078
rsbac_printk(KERN_DEBUG
04079
"rsbac_check_acl(): nettemp_nt_item %u has invalid role %u in ACL -> removing entry!\n",
04080 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04081
#endif
04082
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04083
if (!rsbac_nosyslog)
04084
#endif
04085
printk(KERN_DEBUG
04086
"rsbac_check_acl(): nettemp_nt_item %u has invalid role %u in ACL -> removing entry!\n",
04087 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04088 }
04089
#endif
04090
rsbac_list_lol_subremove(nettemp_nt_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
04091 }
04092
else
04093 {
04094
#ifdef CONFIG_RSBAC_DEBUG
04095
04096
if(rsbac_debug_ds)
04097 {
04098
#ifdef CONFIG_RSBAC_RMSG
04099
rsbac_printk(KERN_DEBUG
04100
"rsbac_check_acl(): nettemp_nt_item %u has invalid role %u in ACL!\n",
04101 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04102
#endif
04103
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04104
if (!rsbac_nosyslog)
04105
#endif
04106
printk(KERN_DEBUG
04107
"rsbac_check_acl(): nettemp_nt_item %u has invalid role %u in ACL!\n",
04108 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04109 }
04110
#endif
04111
}
04112 }
04113
#endif
04114
}
04115
rsbac_vfree(sub_desc_p);
04116 }
04117 }
04118
rsbac_vfree(nettemp_desc_p);
04119 f_sum += desc_count;
04120 }
04121
#ifdef CONFIG_RSBAC_RMSG
04122
rsbac_printk(KERN_INFO
"rsbac_check_acl(): %li network template NT items\n",
04123 desc_count);
04124
#endif
04125
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04126
if (!rsbac_nosyslog)
04127
#endif
04128
printk(KERN_INFO
"rsbac_check_acl(): %li network template NT items\n",
04129 desc_count);
04130
04131
04132 tmp_count = 0;
04133 desc_count =
rsbac_list_lol_get_all_desc(nettemp_handle, (
void **) &nettemp_desc_p);
04134
if(desc_count > 0)
04135 {
04136
for(i=0; i<desc_count; i++)
04137 {
04138
04139 sub_desc_count =
rsbac_list_lol_get_all_subdesc(nettemp_handle,
04140 &nettemp_desc_p[i],
04141 (
void **) &sub_desc_p);
04142
if(sub_desc_count > 0)
04143 {
04144
for(j=0; j<sub_desc_count; j++)
04145 {
04146
if( (sub_desc_p[j].subj_type ==
ACLS_GROUP)
04147 && sub_desc_p[j].subj_id
04148 && !
rsbac_list_exist(
group_handle, &sub_desc_p[j].subj_id))
04149 {
04150
if(correct)
04151 {
04152
04153
#ifdef CONFIG_RSBAC_DEBUG
04154
if(rsbac_debug_ds)
04155 {
04156
#ifdef CONFIG_RSBAC_RMSG
04157
rsbac_printk(KERN_DEBUG
04158
"rsbac_check_acl(): nettemp_item %u has invalid group %u in ACL -> removing entry!\n",
04159 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04160
#endif
04161
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04162
if (!rsbac_nosyslog)
04163
#endif
04164
printk(KERN_DEBUG
04165
"rsbac_check_acl(): nettemp_item %u has invalid group %u in ACL -> removing entry!\n",
04166 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04167 }
04168
#endif
04169
rsbac_list_lol_subremove(nettemp_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
04170 }
04171
else
04172 {
04173
#ifdef CONFIG_RSBAC_DEBUG
04174
04175
if(rsbac_debug_ds)
04176 {
04177
#ifdef CONFIG_RSBAC_RMSG
04178
rsbac_printk(KERN_DEBUG
04179
"rsbac_check_acl(): nettemp_item %u has invalid group %u in ACL!\n",
04180 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04181
#endif
04182
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04183
if (!rsbac_nosyslog)
04184
#endif
04185
printk(KERN_DEBUG
04186
"rsbac_check_acl(): nettemp_item %u has invalid group %u in ACL!\n",
04187 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04188 }
04189
#endif
04190
}
04191 }
04192
#if defined(CONFIG_RSBAC_RC)
04193
else
04194
if( (sub_desc_p[j].subj_type ==
ACLS_ROLE)
04195 && (sub_desc_p[j].subj_id >
RC_role_max_value)
04196 )
04197 {
04198
if(correct)
04199 {
04200
04201
#ifdef CONFIG_RSBAC_DEBUG
04202
if(rsbac_debug_ds)
04203 {
04204
#ifdef CONFIG_RSBAC_RMSG
04205
rsbac_printk(KERN_DEBUG
04206
"rsbac_check_acl(): nettemp_item %u has invalid role %u in ACL -> removing entry!\n",
04207 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04208
#endif
04209
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04210
if (!rsbac_nosyslog)
04211
#endif
04212
printk(KERN_DEBUG
04213
"rsbac_check_acl(): nettemp_item %u has invalid role %u in ACL -> removing entry!\n",
04214 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04215 }
04216
#endif
04217
rsbac_list_lol_subremove(nettemp_handle, &nettemp_desc_p[i], &sub_desc_p[j]);
04218 }
04219
else
04220 {
04221
#ifdef CONFIG_RSBAC_DEBUG
04222
04223
if(rsbac_debug_ds)
04224 {
04225
#ifdef CONFIG_RSBAC_RMSG
04226
rsbac_printk(KERN_DEBUG
04227
"rsbac_check_acl(): nettemp_item %u has invalid role %u in ACL!\n",
04228 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04229
#endif
04230
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04231
if (!rsbac_nosyslog)
04232
#endif
04233
printk(KERN_DEBUG
04234
"rsbac_check_acl(): nettemp_item %u has invalid role %u in ACL!\n",
04235 nettemp_desc_p[i], sub_desc_p[j].subj_id);
04236 }
04237
#endif
04238
}
04239 }
04240
#endif
04241
}
04242
rsbac_vfree(sub_desc_p);
04243 }
04244 }
04245
rsbac_vfree(nettemp_desc_p);
04246 f_sum += desc_count;
04247 }
04248
#ifdef CONFIG_RSBAC_RMSG
04249
rsbac_printk(KERN_INFO
"rsbac_check_acl(): %li network template items\n",
04250 desc_count);
04251
#endif
04252
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04253
if (!rsbac_nosyslog)
04254
#endif
04255
printk(KERN_INFO
"rsbac_check_acl(): %li network template items\n",
04256 desc_count);
04257
04258
04259 tmp_count = 0;
04260 desc_count =
rsbac_list_lol_get_all_desc(netobj_handle, (
void **) &netobj_desc_p);
04261
if(desc_count > 0)
04262 {
04263
for(i=0; i<desc_count; i++)
04264 {
04265
04266 sub_desc_count =
rsbac_list_lol_get_all_subdesc(netobj_handle,
04267 &netobj_desc_p[i],
04268 (
void **) &sub_desc_p);
04269
if(sub_desc_count > 0)
04270 {
04271
for(j=0; j<sub_desc_count; j++)
04272 {
04273
if( (sub_desc_p[j].subj_type ==
ACLS_GROUP)
04274 && sub_desc_p[j].subj_id
04275 && !
rsbac_list_exist(
group_handle, &sub_desc_p[j].subj_id))
04276 {
04277
if(correct)
04278 {
04279
04280
#ifdef CONFIG_RSBAC_DEBUG
04281
if(rsbac_debug_ds)
04282 {
04283
#ifdef CONFIG_RSBAC_RMSG
04284
rsbac_printk(KERN_DEBUG
04285
"rsbac_check_acl(): netobj_item %p has invalid group %u in ACL -> removing entry!\n",
04286 netobj_desc_p[i], sub_desc_p[j].subj_id);
04287
#endif
04288
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04289
if (!rsbac_nosyslog)
04290
#endif
04291
printk(KERN_DEBUG
04292
"rsbac_check_acl(): netobj_item %p has invalid group %u in ACL -> removing entry!\n",
04293 netobj_desc_p[i], sub_desc_p[j].subj_id);
04294 }
04295
#endif
04296
rsbac_list_lol_subremove(netobj_handle, &netobj_desc_p[i], &sub_desc_p[j]);
04297 }
04298
else
04299 {
04300
#ifdef CONFIG_RSBAC_DEBUG
04301
04302
if(rsbac_debug_ds)
04303 {
04304
#ifdef CONFIG_RSBAC_RMSG
04305
rsbac_printk(KERN_DEBUG
04306
"rsbac_check_acl(): netobj_item %p has invalid group %u in ACL!\n",
04307 netobj_desc_p[i], sub_desc_p[j].subj_id);
04308
#endif
04309
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04310
if (!rsbac_nosyslog)
04311
#endif
04312
printk(KERN_DEBUG
04313
"rsbac_check_acl(): netobj_item %p has invalid group %u in ACL!\n",
04314 netobj_desc_p[i], sub_desc_p[j].subj_id);
04315 }
04316
#endif
04317
}
04318 }
04319
#if defined(CONFIG_RSBAC_RC)
04320
else
04321
if( (sub_desc_p[j].subj_type ==
ACLS_ROLE)
04322 && (sub_desc_p[j].subj_id >
RC_role_max_value)
04323 )
04324 {
04325
if(correct)
04326 {
04327
04328
#ifdef CONFIG_RSBAC_DEBUG
04329
if(rsbac_debug_ds)
04330 {
04331
#ifdef CONFIG_RSBAC_RMSG
04332
rsbac_printk(KERN_DEBUG
04333
"rsbac_check_acl(): netobj_item %p has invalid role %u in ACL -> removing entry!\n",
04334 netobj_desc_p[i], sub_desc_p[j].subj_id);
04335
#endif
04336
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04337
if (!rsbac_nosyslog)
04338
#endif
04339
printk(KERN_DEBUG
04340
"rsbac_check_acl(): netobj_item %p has invalid role %u in ACL -> removing entry!\n",
04341 netobj_desc_p[i], sub_desc_p[j].subj_id);
04342 }
04343
#endif
04344
rsbac_list_lol_subremove(netobj_handle, &netobj_desc_p[i], &sub_desc_p[j]);
04345 }
04346
else
04347 {
04348
#ifdef CONFIG_RSBAC_DEBUG
04349
04350
if(rsbac_debug_ds)
04351 {
04352
#ifdef CONFIG_RSBAC_RMSG
04353
rsbac_printk(KERN_DEBUG
04354
"rsbac_check_acl(): netobj_item %p has invalid role %u in ACL!\n",
04355 netobj_desc_p[i], sub_desc_p[j].subj_id);
04356
#endif
04357
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04358
if (!rsbac_nosyslog)
04359
#endif
04360
printk(KERN_DEBUG
04361
"rsbac_check_acl(): netobj_item %p has invalid role %u in ACL!\n",
04362 netobj_desc_p[i], sub_desc_p[j].subj_id);
04363 }
04364
#endif
04365
}
04366 }
04367
#endif
04368
}
04369
rsbac_vfree(sub_desc_p);
04370 }
04371 }
04372
rsbac_vfree(netobj_desc_p);
04373 f_sum += desc_count;
04374 }
04375
#ifdef CONFIG_RSBAC_RMSG
04376
rsbac_printk(KERN_INFO
"rsbac_check_acl(): %li network object items\n",
04377 desc_count);
04378
#endif
04379
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04380
if (!rsbac_nosyslog)
04381
#endif
04382
printk(KERN_INFO
"rsbac_check_acl(): %li network object items\n",
04383 desc_count);
04384
#endif
04385
04386
#ifdef CONFIG_RSBAC_RMSG
04387
rsbac_printk(KERN_INFO
04388
"rsbac_check_acl(): Total of %lu registered ACLs\n",
04389 f_sum);
04390
#endif
04391
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04392
if (!rsbac_nosyslog)
04393
#endif
04394
printk(KERN_INFO
04395
"rsbac_check_acl(): Total of %lu registered ACLs\n",
04396 f_sum);
04397
04398
return(0);
04399 };
04400
04401
04402
04403
04404
04405
04406
04407
04408
04409
04410
04411
04412
04413 int rsbac_acl_set_acl_entry (
enum rsbac_target_t target,
04414
union rsbac_target_id_t tid,
04415
enum rsbac_acl_subject_type_t subj_type,
04416
rsbac_acl_subject_id_t subj_id,
04417
rsbac_acl_rights_vector_t rights,
04418
rsbac_time_t ttl)
04419 {
04420
int err = 0;
04421
int list_no;
04422
struct rsbac_acl_device_list_item_t * device_p;
04423
struct rsbac_acl_entry_desc_t desc;
04424 u_long dflags;
04425
04426
if (!
rsbac_is_initialized())
04427 {
04428 printk(KERN_WARNING
"rsbac_acl_set_acl_entry(): RSBAC not initialized\n");
04429
return(-
RSBAC_ENOTINITIALIZED);
04430 }
04431
if (subj_type >=
ACLS_NONE)
04432
return(-
RSBAC_EINVALIDVALUE);
04433
#ifdef CONFIG_RSBAC_DEBUG
04434
if (in_interrupt())
04435 {
04436
#ifdef CONFIG_RSBAC_RMSG
04437
rsbac_printk(KERN_WARNING
"rsbac_acl_set_acl_entry(): called from interrupt!\n");
04438
#endif
04439
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04440
if (!rsbac_nosyslog)
04441
#endif
04442
printk(KERN_WARNING
"rsbac_acl_set_acl_entry(): called from interrupt!\n");
04443 }
04444
#endif
04445
desc.
subj_type = subj_type;
04446 desc.
subj_id = subj_id;
04447
04448
switch (target)
04449 {
04450
case T_FILE:
04451
case T_DIR:
04452
case T_FIFO:
04453
case T_SYMLINK:
04454
#ifdef CONFIG_RSBAC_DEBUG
04455
if (rsbac_debug_ds_acl)
04456 {
04457
#ifdef CONFIG_RSBAC_RMSG
04458
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting file/dir/fifo/symlink ACL for device %02u:%02u, inode %u\n",
04459 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
04460
#endif
04461
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04462
if (!rsbac_nosyslog)
04463
#endif
04464
printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting file/dir/fifo/symlink ACL for device %02u:%02u, inode %u\n",
04465 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
04466 }
04467
#endif
04468
04469
if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
04470
return rsbac_list_add_ttl(
default_fd_handle, ttl, &desc, &rights);
04471
04472 rsbac_read_lock(&
device_list_head.
lock, &dflags);
04473
04474
04475 device_p =
acl_lookup_device(tid.file.device);
04476
if (!device_p)
04477 {
04478
04479 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
04480
rsbac_get_super_block(tid.file.device);
04481
04482 rsbac_read_lock(&
device_list_head.
lock, &dflags);
04483 device_p =
acl_lookup_device(tid.file.device);
04484
if(!device_p)
04485 {
04486
#ifdef CONFIG_RSBAC_RMSG
04487
rsbac_printk(KERN_WARNING
04488
"rsbac_acl_set_acl_entry(): Could not lookup device!\n");
04489
#endif
04490
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04491
if (!rsbac_nosyslog)
04492
#endif
04493
printk(KERN_WARNING
04494
"rsbac_acl_set_acl_entry(): Could not lookup device!\n");
04495
04496 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
04497
return(-
RSBAC_EINVALIDDEV);
04498 }
04499 }
04500 list_no =
fd_hash(tid.file.inode);
04501
if(!
rsbac_list_lol_exist(device_p->handles[list_no], &tid.file.inode))
04502 {
04503
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_FD_MASK;
04504
04505 err =
rsbac_list_lol_add(device_p->handles[list_no], &tid.file.inode, &mask);
04506
if(err)
04507 {
04508 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
04509
return err;
04510 }
04511 }
04512 err =
rsbac_list_lol_subadd_ttl(device_p->handles[list_no], ttl, &tid.file.inode, &desc, &rights);
04513 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
04514
04515
return err;
04516
04517
case T_DEV:
04518
#ifdef CONFIG_RSBAC_DEBUG
04519
if (rsbac_debug_ds_acl)
04520 {
04521
#ifdef CONFIG_RSBAC_RMSG
04522
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting device ACL for dev %c %02u:%02u\n",
04523
'B'+tid.dev.type,
04524 RSBAC_MAJOR(tid.dev.id),
04525 RSBAC_MINOR(tid.dev.id));
04526
#endif
04527
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04528
if (!rsbac_nosyslog)
04529
#endif
04530
printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting device ACL for dev %c %02u:%02u\n",
04531
'B'+tid.dev.type,
04532 RSBAC_MAJOR(tid.dev.id),
04533 RSBAC_MINOR(tid.dev.id));
04534 }
04535
#endif
04536
04537
if((tid.dev.type ==
D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
04538
return rsbac_list_add_ttl(
default_dev_handle, ttl, &desc, &rights);
04539
04540 {
04541
struct rsbac_dev_desc_t dev_desc;
04542
04543 dev_desc.type = tid.dev.type;
04544 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
04545 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
04546
if(!
rsbac_list_lol_exist(
dev_handle, &dev_desc))
04547 {
04548
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_DEV_MASK;
04549
04550 err =
rsbac_list_lol_add(
dev_handle, &dev_desc, &mask);
04551
if(err)
04552
return err;
04553 }
04554
return rsbac_list_lol_subadd_ttl(
dev_handle, ttl, &dev_desc, &desc, &rights);
04555 }
04556
04557
case T_IPC:
04558
04559
04560
04561
04562
04563
04564
04565
04566
04567
04568
04569
04570
04571
04572
04573
04574
04575
if(tid.
ipc.
type ==
I_none)
04576
return rsbac_list_add_ttl(
default_ipc_handle, ttl, &desc, &rights);
04577
else
04578
return -
RSBAC_EINVALIDTARGET;
04579
04580
case T_SCD:
04581
04582
04583
04584
04585
04586
04587
04588
04589
04590
04591
04592
if(tid.
scd ==
AST_none)
04593
return rsbac_list_add_ttl(
default_scd_handle, ttl, &desc, &rights);
04594
04595
if(!
rsbac_list_lol_exist(
scd_handle, &tid.
scd))
04596 {
04597
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_SCD_MASK;
04598
04599 err =
rsbac_list_lol_add(
scd_handle, &tid.
scd, &mask);
04600
if(err)
04601
return err;
04602 }
04603
return rsbac_list_lol_subadd_ttl(
scd_handle, ttl, &tid.
scd, &desc, &rights);
04604
04605
case T_USER:
04606
04607
04608
04609
04610
04611
04612
04613
04614
if(tid.
user ==
RSBAC_NO_USER)
04615
return rsbac_list_add_ttl(
default_u_handle, ttl, &desc, &rights);
04616
else
04617
return -
RSBAC_EINVALIDTARGET;
04618
04619
case T_PROCESS:
04620
04621
04622
04623
04624
04625
04626
04627
04628
if(!tid.
process)
04629
return rsbac_list_add_ttl(
default_p_handle, ttl, &desc, &rights);
04630
else
04631
return -
RSBAC_EINVALIDTARGET;
04632
04633
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
04634
case T_NETDEV:
04635
#ifdef CONFIG_RSBAC_DEBUG
04636
if (rsbac_debug_ds_acl)
04637 {
04638
#ifdef CONFIG_RSBAC_RMSG
04639
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting network device ACL for netdev %s\n",
04640 tid.
netdev);
04641
#endif
04642
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04643
if (!rsbac_nosyslog)
04644
#endif
04645
printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting network device ACL for netdev %s\n",
04646 tid.
netdev);
04647 }
04648
#endif
04649
04650
if(!tid.
netdev[0])
04651
return rsbac_list_add_ttl(default_netdev_handle, ttl, &desc, &rights);
04652
04653
if(!
rsbac_list_lol_exist(netdev_handle, &tid.
netdev))
04654 {
04655
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_NETDEV_MASK;
04656
04657 err =
rsbac_list_lol_add(netdev_handle, &tid.
netdev, &mask);
04658
if(err)
04659
return err;
04660 }
04661
return rsbac_list_lol_subadd_ttl(netdev_handle, ttl, &tid.
netdev, &desc, &rights);
04662
#endif
04663
04664
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
04665
case T_NETTEMP_NT:
04666
#ifdef CONFIG_RSBAC_DEBUG
04667
if (rsbac_debug_ds_acl)
04668 {
04669
#ifdef CONFIG_RSBAC_RMSG
04670
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting network template NT ACL for nettemp_nt %u\n",
04671 tid.
nettemp);
04672
#endif
04673
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04674
if (!rsbac_nosyslog)
04675
#endif
04676
printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting network template NT ACL for nettemp_nt %u\n",
04677 tid.
nettemp);
04678 }
04679
#endif
04680
04681
if(!tid.
nettemp)
04682
return rsbac_list_add_ttl(default_nettemp_nt_handle, ttl, &desc, &rights);
04683
04684
if(!
rsbac_list_lol_exist(nettemp_nt_handle, &tid.
nettemp))
04685 {
04686
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_NETTEMP_MASK;
04687
04688 err =
rsbac_list_lol_add(nettemp_nt_handle, &tid.
nettemp, &mask);
04689
if(err)
04690
return err;
04691 }
04692
return rsbac_list_lol_subadd_ttl(nettemp_nt_handle, ttl, &tid.
nettemp, &desc, &rights);
04693
04694
case T_NETTEMP:
04695
#ifdef CONFIG_RSBAC_DEBUG
04696
if (rsbac_debug_ds_acl)
04697 {
04698
#ifdef CONFIG_RSBAC_RMSG
04699
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting network template ACL for nettemp %u\n",
04700 tid.
nettemp);
04701
#endif
04702
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04703
if (!rsbac_nosyslog)
04704
#endif
04705
printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting network template ACL for nettemp %u\n",
04706 tid.
nettemp);
04707 }
04708
#endif
04709
04710
if(!tid.
nettemp)
04711
return -
RSBAC_EINVALIDTARGET;
04712
if(!
rsbac_net_template_exist(tid.
nettemp))
04713
return -
RSBAC_EINVALIDTARGET;
04714
04715
if(!
rsbac_list_lol_exist(nettemp_handle, &tid.
nettemp))
04716 {
04717
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_NETOBJ_MASK;
04718
04719 err =
rsbac_list_lol_add(nettemp_handle, &tid.
nettemp, &mask);
04720
if(err)
04721
return err;
04722 }
04723
return rsbac_list_lol_subadd_ttl(nettemp_handle, ttl, &tid.
nettemp, &desc, &rights);
04724
04725
case T_NETOBJ:
04726
#ifdef CONFIG_RSBAC_DEBUG
04727
if (rsbac_debug_ds_acl)
04728 {
04729
#ifdef CONFIG_RSBAC_RMSG
04730
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting network object ACL for netobj %p\n",
04731 tid.
netobj.
sock_p);
04732
#endif
04733
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04734
if (!rsbac_nosyslog)
04735
#endif
04736
printk(KERN_DEBUG
"rsbac_acl_set_acl_entry(): Setting network object ACL for netobj %p\n",
04737 tid.
netobj.
sock_p);
04738 }
04739
#endif
04740
04741
if(!tid.
netobj.
sock_p)
04742
return rsbac_list_add_ttl(default_netobj_handle, ttl, &desc, &rights);
04743
04744
if(!
rsbac_list_lol_exist(netobj_handle, &tid.
netobj.
sock_p))
04745 {
04746
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_NETOBJ_MASK;
04747
04748 err =
rsbac_list_lol_add(netobj_handle, &tid.
netobj.
sock_p, &mask);
04749
if(err)
04750
return err;
04751 }
04752
return rsbac_list_lol_subadd_ttl(netobj_handle, ttl, &tid.
netobj.
sock_p, &desc, &rights);
04753
#endif
04754
04755
04756
default:
04757 err = -
RSBAC_EINVALIDTARGET;
04758 }
04759
return(err);
04760 }
04761
04762
04763
04764
04765
04766
04767 int rsbac_acl_remove_acl_entry (
enum rsbac_target_t target,
04768
union rsbac_target_id_t tid,
04769
enum rsbac_acl_subject_type_t subj_type,
04770
rsbac_acl_subject_id_t subj_id)
04771 {
04772
int err = 0;
04773
int list_no;
04774
struct rsbac_acl_device_list_item_t * device_p;
04775
struct rsbac_acl_entry_desc_t desc;
04776 u_long dflags;
04777
rsbac_acl_rights_vector_t mask;
04778
04779
if (!
rsbac_is_initialized())
04780 {
04781 printk(KERN_WARNING
"rsbac_acl_remove_acl_entry(): RSBAC not initialized\n");
04782
return(-
RSBAC_ENOTINITIALIZED);
04783 }
04784
if (subj_type >=
ACLS_NONE)
04785
return(-
RSBAC_EINVALIDVALUE);
04786
#ifdef CONFIG_RSBAC_DEBUG
04787
if (in_interrupt())
04788 {
04789 printk(KERN_WARNING
"rsbac_acl_remove_acl_entry(): called from interrupt!\n");
04790 }
04791
#endif
04792
desc.
subj_type = subj_type;
04793 desc.
subj_id = subj_id;
04794
04795
switch (target)
04796 {
04797
case T_FILE:
04798
case T_DIR:
04799
case T_FIFO:
04800
case T_SYMLINK:
04801
#ifdef CONFIG_RSBAC_DEBUG
04802
if (rsbac_debug_ds_acl)
04803 {
04804
char tmp[
RSBAC_MAXNAMELEN];
04805
04806
#ifdef CONFIG_RSBAC_RMSG
04807
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing file/dir/fifo/symlink ACL entry %s %u for device %02u:%02u, inode %u\n",
04808
get_acl_subject_type_name(tmp,desc.
subj_type), desc.
subj_id,
04809 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
04810
#endif
04811
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04812
if (!rsbac_nosyslog)
04813
#endif
04814
printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing file/dir/fifo/symlink ACL entry %s %u for device %02u:%02u, inode %u\n",
04815
get_acl_subject_type_name(tmp,desc.
subj_type), desc.
subj_id,
04816 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
04817 }
04818
#endif
04819
04820
if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
04821
return rsbac_list_remove(
default_fd_handle, &desc);
04822
04823
04824 rsbac_read_lock(&
device_list_head.
lock, &dflags);
04825
04826
04827 device_p =
acl_lookup_device(tid.file.device);
04828
if (!device_p)
04829 {
04830
04831 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
04832
rsbac_get_super_block(tid.file.device);
04833
04834 rsbac_read_lock(&
device_list_head.
lock, &dflags);
04835 device_p =
acl_lookup_device(tid.file.device);
04836
if(!device_p)
04837 {
04838 printk(KERN_WARNING
04839
"rsbac_acl_remove_acl_entry(): Could not lookup device!\n");
04840
04841 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
04842
return(-
RSBAC_EINVALIDDEV);
04843 }
04844 }
04845 list_no =
fd_hash(tid.file.inode);
04846 err =
rsbac_list_lol_subremove(device_p->handles[list_no], &tid.file.inode, &desc);
04847
04848
if( !err
04849 && !
rsbac_list_lol_subcount(device_p->handles[list_no], &tid.file.inode)
04850 && !
rsbac_list_lol_get_data(device_p->handles[list_no],
04851 &tid.file.inode,
04852 &mask)
04853 && (mask ==
RSBAC_ACL_DEFAULT_FD_MASK)
04854 )
04855 {
04856 err =
rsbac_list_lol_remove(device_p->handles[list_no], &tid.file.inode);
04857 }
04858 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
04859
04860
return err;
04861
04862
case T_DEV:
04863
#ifdef CONFIG_RSBAC_DEBUG
04864
if (rsbac_debug_ds_acl)
04865 {
04866
#ifdef CONFIG_RSBAC_RMSG
04867
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing device ACL entry for dev %c %02u:%02u\n",
04868
'B'+tid.dev.type,
04869 RSBAC_MAJOR(tid.dev.id),
04870 RSBAC_MINOR(tid.dev.id));
04871
#endif
04872
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04873
if (!rsbac_nosyslog)
04874
#endif
04875
printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing device ACL entry for dev %c %02u:%02u\n",
04876
'B'+tid.dev.type,
04877 RSBAC_MAJOR(tid.dev.id),
04878 RSBAC_MINOR(tid.dev.id));
04879 }
04880
#endif
04881
04882
if((tid.dev.type ==
D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
04883
return rsbac_list_remove(
default_dev_handle, &desc);
04884
04885 {
04886
struct rsbac_dev_desc_t dev_desc;
04887
04888 dev_desc.type = tid.dev.type;
04889 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
04890 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
04891 err =
rsbac_list_lol_subremove(
dev_handle, &dev_desc, &desc);
04892
04893
if( !err
04894 && !
rsbac_list_lol_subcount(
dev_handle, &dev_desc)
04895 && !
rsbac_list_lol_get_data(
dev_handle,
04896 &dev_desc,
04897 &mask)
04898 && (mask ==
RSBAC_ACL_DEFAULT_DEV_MASK)
04899 )
04900 {
04901 err =
rsbac_list_lol_remove(
dev_handle, &dev_desc);
04902 }
04903
return err;
04904 }
04905
04906
case T_IPC:
04907
#ifdef CONFIG_RSBAC_DEBUG
04908
if (rsbac_debug_ds_acl)
04909 {
04910
#ifdef CONFIG_RSBAC_RMSG
04911
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing IPC ACL for type %u\n",
04912 tid.
ipc.
type);
04913
#endif
04914
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04915
if (!rsbac_nosyslog)
04916
#endif
04917
printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing IPC ACL for type %u\n",
04918 tid.
ipc.
type);
04919 }
04920
#endif
04921
04922
if(tid.
ipc.
type ==
I_none)
04923
return rsbac_list_remove(
default_ipc_handle, &desc);
04924
else
04925
return -
RSBAC_EINVALIDTARGET;
04926
04927
case T_SCD:
04928
#ifdef CONFIG_RSBAC_DEBUG
04929
if (rsbac_debug_ds_acl)
04930 {
04931
char tmp[80];
04932
04933
get_acl_scd_type_name(tmp, tid.
scd);
04934
#ifdef CONFIG_RSBAC_RMSG
04935
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing SCD ACL entry for %s\n",
04936 tmp);
04937
#endif
04938
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04939
if (!rsbac_nosyslog)
04940
#endif
04941
printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing SCD ACL entry for %s\n",
04942 tmp);
04943 }
04944
#endif
04945
04946
if(tid.
scd ==
AST_none)
04947
return rsbac_list_remove(
default_scd_handle, &desc);
04948 err =
rsbac_list_lol_subremove(
scd_handle, &tid.
scd, &desc);
04949
04950
if( !err
04951 && !
rsbac_list_lol_subcount(
scd_handle, &tid.
scd)
04952 && !
rsbac_list_lol_get_data(
scd_handle,
04953 &tid.
scd,
04954 &mask)
04955 && (mask ==
RSBAC_ACL_DEFAULT_SCD_MASK)
04956 )
04957 {
04958 err =
rsbac_list_lol_remove(
scd_handle, &tid.
scd);
04959 }
04960
return err;
04961
04962
case T_USER:
04963
#ifdef CONFIG_RSBAC_DEBUG
04964
if (rsbac_debug_ds_acl)
04965 {
04966
#ifdef CONFIG_RSBAC_RMSG
04967
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing user ACL for user %u\n",
04968 tid.
user);
04969
#endif
04970
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04971
if (!rsbac_nosyslog)
04972
#endif
04973
printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing user ACL for user %u\n",
04974 tid.
user);
04975 }
04976
#endif
04977
04978
if(tid.
user ==
RSBAC_NO_USER)
04979
return rsbac_list_remove(
default_u_handle, &desc);
04980
else
04981
return -
RSBAC_EINVALIDTARGET;
04982
04983
case T_PROCESS:
04984
#ifdef CONFIG_RSBAC_DEBUG
04985
if (rsbac_debug_ds_acl)
04986 {
04987
#ifdef CONFIG_RSBAC_RMSG
04988
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing process ACL for pid %u\n",
04989 tid.
process);
04990
#endif
04991
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04992
if (!rsbac_nosyslog)
04993
#endif
04994
printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing process ACL for pid %u\n",
04995 tid.
process);
04996 }
04997
#endif
04998
04999
if(!tid.
process)
05000
return rsbac_list_remove(
default_p_handle, &desc);
05001
else
05002
return -
RSBAC_EINVALIDTARGET;
05003
05004
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
05005
case T_NETDEV:
05006
#ifdef CONFIG_RSBAC_DEBUG
05007
if (rsbac_debug_ds_acl)
05008 {
05009
#ifdef CONFIG_RSBAC_RMSG
05010
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing network device ACL entry for netdev %s\n",
05011 tid.
netdev);
05012
#endif
05013
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05014
if (!rsbac_nosyslog)
05015
#endif
05016
printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing network device ACL entry for netdev %s\n",
05017 tid.
netdev);
05018 }
05019
#endif
05020
05021
if(!tid.
netdev[0])
05022
return rsbac_list_remove(default_netdev_handle, &desc);
05023
05024 err =
rsbac_list_lol_subremove(netdev_handle, &tid.
netdev, &desc);
05025
05026
if( !err
05027 && !
rsbac_list_lol_subcount(netdev_handle, &tid.
netdev)
05028 && !
rsbac_list_lol_get_data(netdev_handle,
05029 &tid.
netdev,
05030 &mask)
05031 && (mask ==
RSBAC_ACL_DEFAULT_NETDEV_MASK)
05032 )
05033 {
05034 err =
rsbac_list_lol_remove(netdev_handle, &tid.
netdev);
05035 }
05036
return err;
05037
#endif
05038
05039
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
05040
case T_NETTEMP_NT:
05041
#ifdef CONFIG_RSBAC_DEBUG
05042
if (rsbac_debug_ds_acl)
05043 {
05044
#ifdef CONFIG_RSBAC_RMSG
05045
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing network template NT ACL entry for nettemp_nt %u\n",
05046 tid.
nettemp);
05047
#endif
05048
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05049
if (!rsbac_nosyslog)
05050
#endif
05051
printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing network template NT ACL entry for nettemp_nt %u\n",
05052 tid.
nettemp);
05053 }
05054
#endif
05055
05056
if(!tid.
nettemp)
05057
return rsbac_list_remove(default_nettemp_nt_handle, &desc);
05058
if(!
rsbac_net_template_exist(tid.
nettemp))
05059
return -
RSBAC_EINVALIDTARGET;
05060
05061 err =
rsbac_list_lol_subremove(nettemp_nt_handle, &tid.
nettemp, &desc);
05062
05063
if( !err
05064 && !
rsbac_list_lol_subcount(nettemp_nt_handle, &tid.
nettemp)
05065 && !
rsbac_list_lol_get_data(nettemp_nt_handle,
05066 &tid.
nettemp,
05067 &mask)
05068 && (mask ==
RSBAC_ACL_DEFAULT_NETTEMP_MASK)
05069 )
05070 {
05071 err =
rsbac_list_lol_remove(nettemp_nt_handle, &tid.
nettemp);
05072 }
05073
return err;
05074
05075
case T_NETTEMP:
05076
#ifdef CONFIG_RSBAC_DEBUG
05077
if (rsbac_debug_ds_acl)
05078 {
05079
#ifdef CONFIG_RSBAC_RMSG
05080
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing network template ACL entry for nettemp_nt %u\n",
05081 tid.
nettemp);
05082
#endif
05083
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05084
if (!rsbac_nosyslog)
05085
#endif
05086
printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing network template ACL entry for nettemp_nt %u\n",
05087 tid.
nettemp);
05088 }
05089
#endif
05090
05091
if(!tid.
nettemp)
05092
return -
RSBAC_EINVALIDTARGET;
05093
if(!
rsbac_net_template_exist(tid.
nettemp))
05094
return -
RSBAC_EINVALIDTARGET;
05095
05096 err =
rsbac_list_lol_subremove(nettemp_handle, &tid.
nettemp, &desc);
05097
05098
if( !err
05099 && !
rsbac_list_lol_subcount(nettemp_handle, &tid.
nettemp)
05100 && !
rsbac_list_lol_get_data(nettemp_handle,
05101 &tid.
nettemp,
05102 &mask)
05103 && (mask ==
RSBAC_ACL_DEFAULT_NETOBJ_MASK)
05104 )
05105 {
05106 err =
rsbac_list_lol_remove(nettemp_handle, &tid.
nettemp);
05107 }
05108
return err;
05109
05110
case T_NETOBJ:
05111
#ifdef CONFIG_RSBAC_DEBUG
05112
if (rsbac_debug_ds_acl)
05113 {
05114
#ifdef CONFIG_RSBAC_RMSG
05115
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing network object ACL entry for netobj %p\n",
05116 tid.
netobj.
sock_p);
05117
#endif
05118
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05119
if (!rsbac_nosyslog)
05120
#endif
05121
printk(KERN_DEBUG
"rsbac_acl_remove_acl_entry(): Removing network object ACL entry for netobj %p\n",
05122 tid.
netobj.
sock_p);
05123 }
05124
#endif
05125
05126
if(!tid.
netobj.
sock_p)
05127
return rsbac_list_remove(default_netobj_handle, &desc);
05128
05129 err =
rsbac_list_lol_subremove(netobj_handle, &tid.
netobj.
sock_p, &desc);
05130
05131
if( !err
05132 && !
rsbac_list_lol_subcount(netobj_handle, &tid.
netobj.
sock_p)
05133 && !
rsbac_list_lol_get_data(netobj_handle,
05134 &tid.
netobj,
05135 &mask)
05136 && (mask ==
RSBAC_ACL_DEFAULT_NETOBJ_MASK)
05137 )
05138 {
05139 err =
rsbac_list_lol_remove(netobj_handle, &tid.
netobj.
sock_p);
05140 }
05141
return err;
05142
#endif
05143
05144
default:
05145
return -
RSBAC_EINVALIDTARGET;
05146 }
05147 }
05148
05149
05150
05151
05152
05153 int rsbac_acl_remove_acl (
enum rsbac_target_t target,
05154
union rsbac_target_id_t tid)
05155 {
05156
int err = 0;
05157
int list_no;
05158
struct rsbac_acl_device_list_item_t * device_p;
05159 u_long dflags;
05160
05161
if (!
rsbac_is_initialized())
05162 {
05163 printk(KERN_WARNING
"rsbac_acl_remove_acl(): RSBAC not initialized\n");
05164
return(-
RSBAC_ENOTINITIALIZED);
05165 }
05166
#ifdef CONFIG_RSBAC_DEBUG
05167
if (in_interrupt())
05168 {
05169
#ifdef CONFIG_RSBAC_RMSG
05170
rsbac_printk(KERN_WARNING
"rsbac_acl_remove_acl(): called from interrupt!\n");
05171
#endif
05172
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05173
if (!rsbac_nosyslog)
05174
#endif
05175
printk(KERN_WARNING
"rsbac_acl_remove_acl(): called from interrupt!\n");
05176 }
05177
#endif
05178
switch (target)
05179 {
05180
case T_FILE:
05181
case T_DIR:
05182
case T_FIFO:
05183
case T_SYMLINK:
05184
#ifdef CONFIG_RSBAC_DEBUG
05185
if (rsbac_debug_ds_acl)
05186 {
05187
#ifdef CONFIG_RSBAC_RMSG
05188
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing file/dir/fifo/symlink ACL for device %02u:%02u, inode %u\n",
05189 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
05190
#endif
05191
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05192
if (!rsbac_nosyslog)
05193
#endif
05194
printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing file/dir/fifo/symlink ACL for device %02u:%02u, inode %u\n",
05195 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
05196 }
05197
#endif
05198
05199
if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
05200
return -
RSBAC_EINVALIDTARGET;
05201
05202
05203 rsbac_read_lock(&
device_list_head.
lock, &dflags);
05204
05205
05206 device_p =
acl_lookup_device(tid.file.device);
05207
if (!device_p)
05208 {
05209
05210 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
05211
rsbac_get_super_block(tid.file.device);
05212
05213 rsbac_read_lock(&
device_list_head.
lock, &dflags);
05214 device_p =
acl_lookup_device(tid.file.device);
05215
if(!device_p)
05216 {
05217 printk(KERN_WARNING
05218
"rsbac_acl_remove_acl(): Could not lookup device!\n");
05219 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
05220
return -
RSBAC_EINVALIDDEV;
05221 }
05222 }
05223 list_no =
fd_hash(tid.file.inode);
05224 err =
rsbac_list_lol_remove(device_p->handles[list_no], &tid.file.inode);
05225 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
05226
return err;
05227
05228
case T_DEV:
05229
#ifdef CONFIG_RSBAC_DEBUG
05230
if (rsbac_debug_ds_acl)
05231 {
05232
#ifdef CONFIG_RSBAC_RMSG
05233
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing device ACL for dev %c %02u:%02u\n",
05234
'B'+tid.dev.type,
05235 RSBAC_MAJOR(tid.dev.id),
05236 RSBAC_MINOR(tid.dev.id));
05237
#endif
05238
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05239
if (!rsbac_nosyslog)
05240
#endif
05241
printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing device ACL for dev %c %02u:%02u\n",
05242
'B'+tid.dev.type,
05243 RSBAC_MAJOR(tid.dev.id),
05244 RSBAC_MINOR(tid.dev.id));
05245 }
05246
#endif
05247
05248
if((tid.dev.type ==
D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
05249
return -
RSBAC_EINVALIDTARGET;
05250
else
05251 {
05252
struct rsbac_dev_desc_t dev_desc;
05253
05254 dev_desc.type = tid.dev.type;
05255 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
05256 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
05257
return rsbac_list_lol_remove(
dev_handle, &dev_desc);
05258 }
05259
05260
case T_SCD:
05261
#ifdef CONFIG_RSBAC_DEBUG
05262
if (rsbac_debug_ds_acl)
05263 {
05264
char tmp[80];
05265
05266
get_acl_scd_type_name(tmp, tid.
scd);
05267
#ifdef CONFIG_RSBAC_RMSG
05268
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing SCD ACL for %s\n",
05269 tmp);
05270
#endif
05271
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05272
if (!rsbac_nosyslog)
05273
#endif
05274
printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing SCD ACL for %s\n",
05275 tmp);
05276 }
05277
#endif
05278
05279
if(tid.
scd ==
AST_none)
05280
return -
RSBAC_EINVALIDTARGET;
05281
else
05282
return rsbac_list_lol_remove(
scd_handle, &tid.
scd);
05283
05284
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
05285
case T_NETDEV:
05286
#ifdef CONFIG_RSBAC_DEBUG
05287
if (rsbac_debug_ds_acl)
05288 {
05289
#ifdef CONFIG_RSBAC_RMSG
05290
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing network device ACL for netdev %s\n",
05291 tid.
netdev);
05292
#endif
05293
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05294
if (!rsbac_nosyslog)
05295
#endif
05296
printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing network device ACL for netdev %s\n",
05297 tid.
netdev);
05298 }
05299
#endif
05300
05301
if(!tid.
netdev[0])
05302
return -
RSBAC_EINVALIDTARGET;
05303
else
05304
return rsbac_list_lol_remove(netdev_handle, &tid.
netdev);
05305
#endif
05306
05307
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
05308
case T_NETTEMP_NT:
05309
#ifdef CONFIG_RSBAC_DEBUG
05310
if (rsbac_debug_ds_acl)
05311 {
05312
#ifdef CONFIG_RSBAC_RMSG
05313
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing network template NT ACL for nettemp_nt %u\n",
05314 tid.
nettemp);
05315
#endif
05316
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05317
if (!rsbac_nosyslog)
05318
#endif
05319
printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing network template NT ACL for nettemp_nt %u\n",
05320 tid.
nettemp);
05321 }
05322
#endif
05323
05324
if(!tid.
nettemp)
05325
return -
RSBAC_EINVALIDTARGET;
05326
else
05327
return rsbac_list_lol_remove(nettemp_nt_handle, &tid.
nettemp);
05328
case T_NETTEMP:
05329
#ifdef CONFIG_RSBAC_DEBUG
05330
if (rsbac_debug_ds_acl)
05331 {
05332
#ifdef CONFIG_RSBAC_RMSG
05333
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing network template ACL for nettemp %u\n",
05334 tid.
nettemp);
05335
#endif
05336
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05337
if (!rsbac_nosyslog)
05338
#endif
05339
printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing network template ACL for nettemp %u\n",
05340 tid.
nettemp);
05341 }
05342
#endif
05343
05344
if(!tid.
nettemp)
05345
return -
RSBAC_EINVALIDTARGET;
05346
else
05347
return rsbac_list_lol_remove(nettemp_handle, &tid.
nettemp);
05348
case T_NETOBJ:
05349
#ifdef CONFIG_RSBAC_DEBUG
05350
if (rsbac_debug_ds_acl)
05351 {
05352
#ifdef CONFIG_RSBAC_RMSG
05353
rsbac_printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing network object ACL for netobj %p\n",
05354 tid.
netobj.
sock_p);
05355
#endif
05356
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05357
if (!rsbac_nosyslog)
05358
#endif
05359
printk(KERN_DEBUG
"rsbac_acl_remove_acl(): Removing network object ACL for netobj %p\n",
05360 tid.
netobj.
sock_p);
05361 }
05362
#endif
05363
05364
if(!tid.
netobj.
sock_p)
05365
return -
RSBAC_EINVALIDTARGET;
05366
else
05367
return rsbac_list_lol_remove(netobj_handle, &tid.
netobj.
sock_p);
05368
#endif
05369
05370
default:
05371 err = -
RSBAC_EINVALIDTARGET;
05372 }
05373
return(err);
05374 }
05375
05376
05377
05378
05379
05380
05381 int rsbac_acl_add_to_acl_entry (
enum rsbac_target_t target,
05382
union rsbac_target_id_t tid,
05383
enum rsbac_acl_subject_type_t subj_type,
05384
rsbac_acl_subject_id_t subj_id,
05385
rsbac_acl_rights_vector_t rights,
05386
rsbac_time_t ttl)
05387 {
05388
int err = 0;
05389
int list_no;
05390
struct rsbac_acl_device_list_item_t * device_p;
05391
rsbac_acl_rights_vector_t old_rights;
05392
struct rsbac_acl_entry_desc_t desc;
05393 u_long dflags;
05394
05395
if (!
rsbac_is_initialized())
05396 {
05397 printk(KERN_WARNING
"rsbac_acl_add_to_acl_entry(): RSBAC not initialized\n");
05398
return(-
RSBAC_ENOTINITIALIZED);
05399 }
05400
if (subj_type >=
ACLS_NONE)
05401
return(-
RSBAC_EINVALIDVALUE);
05402
#ifdef CONFIG_RSBAC_DEBUG
05403
if (in_interrupt())
05404 {
05405
#ifdef CONFIG_RSBAC_RMSG
05406
rsbac_printk(KERN_WARNING
"rsbac_acl_add_to_acl_entry(): called from interrupt!\n");
05407
#endif
05408
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05409
if (!rsbac_nosyslog)
05410
#endif
05411
printk(KERN_WARNING
"rsbac_acl_add_to_acl_entry(): called from interrupt!\n");
05412 }
05413
#endif
05414
desc.
subj_type = subj_type;
05415 desc.
subj_id = subj_id;
05416
05417
switch (target)
05418 {
05419
case T_FILE:
05420
case T_DIR:
05421
case T_FIFO:
05422
case T_SYMLINK:
05423
05424
05425
05426
05427
05428
05429
05430
05431
05432
05433
if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
05434 {
05435
if(!
rsbac_list_get_data(
default_fd_handle, &desc, &old_rights))
05436 rights |= old_rights;
05437
return rsbac_list_add_ttl(
default_fd_handle, ttl, &desc, &rights);
05438 }
05439
05440 rsbac_read_lock(&
device_list_head.
lock, &dflags);
05441
05442
05443 device_p =
acl_lookup_device(tid.file.device);
05444
if (!device_p)
05445 {
05446
05447 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
05448
rsbac_get_super_block(tid.file.device);
05449
05450 rsbac_read_lock(&
device_list_head.
lock, &dflags);
05451 device_p =
acl_lookup_device(tid.file.device);
05452
if(!device_p)
05453 {
05454 printk(KERN_WARNING
05455
"rsbac_acl_set_acl_entry(): Could not lookup device!\n");
05456
05457 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
05458
return(-
RSBAC_EINVALIDDEV);
05459 }
05460 }
05461
05462 list_no =
fd_hash(tid.file.inode);
05463
if(!
rsbac_list_lol_exist(device_p->handles[list_no], &tid.file.inode))
05464 {
05465
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_FD_MASK;
05466
05467 err =
rsbac_list_lol_add(device_p->handles[list_no], &tid.file.inode, &mask);
05468
if(err)
05469 {
05470 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
05471
return err;
05472 }
05473 }
05474
else
05475 {
05476
if(!
rsbac_list_lol_get_subdata(device_p->handles[list_no],
05477 &tid.file.inode,
05478 &desc,
05479 &old_rights))
05480 rights |= old_rights;
05481 }
05482 err =
rsbac_list_lol_subadd_ttl(device_p->handles[list_no],
05483 ttl,
05484 &tid.file.inode,
05485 &desc,
05486 &rights);
05487 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
05488
05489
return err;
05490
05491
case T_DEV:
05492
05493
05494
05495
05496
05497
05498
05499
05500
05501
05502
if((tid.dev.type ==
D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
05503 {
05504
if(!
rsbac_list_get_data(
default_dev_handle, &desc, &old_rights))
05505 rights |= old_rights;
05506
return rsbac_list_add_ttl(
default_dev_handle, ttl, &desc, &rights);
05507 }
05508 {
05509
struct rsbac_dev_desc_t dev_desc;
05510
05511 dev_desc.type = tid.dev.type;
05512 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
05513 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
05514
if(!
rsbac_list_lol_exist(
dev_handle, &dev_desc))
05515 {
05516
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_DEV_MASK;
05517
05518 err =
rsbac_list_lol_add(
dev_handle, &dev_desc, &mask);
05519
if(err)
05520
return err;
05521 }
05522
else
05523 {
05524
if(!
rsbac_list_lol_get_subdata(
dev_handle,
05525 &dev_desc,
05526 &desc,
05527 &old_rights))
05528 rights |= old_rights;
05529 }
05530
return rsbac_list_lol_subadd_ttl(
dev_handle,
05531 ttl,
05532 &dev_desc,
05533 &desc,
05534 &rights);
05535 }
05536
05537
case T_IPC:
05538
05539
05540
05541
05542
05543
05544
05545
05546
if(tid.
ipc.
type ==
I_none)
05547 {
05548
if(!
rsbac_list_get_data(
default_ipc_handle, &desc, &old_rights))
05549 rights |= old_rights;
05550
return rsbac_list_add_ttl(
default_ipc_handle, ttl, &desc, &rights);
05551 }
05552
else
05553
return -
RSBAC_EINVALIDTARGET;
05554
05555
case T_SCD:
05556
05557
05558
05559
05560
05561
05562
05563
05564
05565
05566
05567
05568
if(tid.
scd ==
AST_none)
05569 {
05570
if(!
rsbac_list_get_data(
default_scd_handle, &desc, &old_rights))
05571 rights |= old_rights;
05572
return rsbac_list_add_ttl(
default_scd_handle, ttl, &desc, &rights);
05573 }
05574
if(!
rsbac_list_lol_exist(
scd_handle, &tid.
scd))
05575 {
05576
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_SCD_MASK;
05577
05578 err =
rsbac_list_lol_add(
scd_handle, &tid.
scd, &mask);
05579
if(err)
05580
return err;
05581 }
05582
else
05583 {
05584
if(!
rsbac_list_lol_get_subdata(
scd_handle,
05585 &tid.
scd,
05586 &desc,
05587 &old_rights))
05588 rights |= old_rights;
05589 }
05590
return rsbac_list_lol_subadd_ttl(
scd_handle,
05591 ttl,
05592 &tid.
scd,
05593 &desc,
05594 &rights);
05595
05596
case T_USER:
05597
05598
05599
05600
05601
05602
05603
05604
05605
if(tid.
user ==
RSBAC_NO_USER)
05606 {
05607
if(!
rsbac_list_get_data(
default_u_handle, &desc, &old_rights))
05608 rights |= old_rights;
05609
return rsbac_list_add_ttl(
default_u_handle, ttl, &desc, &rights);
05610 }
05611
else
05612
return -
RSBAC_EINVALIDTARGET;
05613
05614
case T_PROCESS:
05615
05616
05617
05618
05619
05620
05621
05622
05623
if(!tid.
process)
05624 {
05625
if(!
rsbac_list_get_data(
default_p_handle, &desc, &old_rights))
05626 rights |= old_rights;
05627
return rsbac_list_add_ttl(
default_p_handle, ttl, &desc, &rights);
05628 }
05629
else
05630
return -
RSBAC_EINVALIDTARGET;
05631
05632
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
05633
case T_NETDEV:
05634
05635
05636
05637
05638
05639
05640
05641
05642
if(!tid.
netdev[0])
05643 {
05644
if(!
rsbac_list_get_data(default_netdev_handle, &desc, &old_rights))
05645 rights |= old_rights;
05646
return rsbac_list_add_ttl(default_netdev_handle, ttl, &desc, &rights);
05647 }
05648
if(!
rsbac_list_lol_exist(netdev_handle, &tid.
netdev))
05649 {
05650
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_NETDEV_MASK;
05651
05652 err =
rsbac_list_lol_add(netdev_handle, &tid.
netdev, &mask);
05653
if(err)
05654
return err;
05655 }
05656
else
05657 {
05658
if(!
rsbac_list_lol_get_subdata(netdev_handle,
05659 &tid.
netdev,
05660 &desc,
05661 &old_rights))
05662 rights |= old_rights;
05663 }
05664
return rsbac_list_lol_subadd_ttl(netdev_handle,
05665 ttl,
05666 &tid.
netdev,
05667 &desc,
05668 &rights);
05669
#endif
05670
05671
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
05672
case T_NETTEMP_NT:
05673
05674
05675
05676
05677
05678
05679
05680
05681
if(!tid.
nettemp)
05682 {
05683
if(!
rsbac_list_get_data(default_nettemp_nt_handle, &desc, &old_rights))
05684 rights |= old_rights;
05685
return rsbac_list_add_ttl(default_nettemp_nt_handle, ttl, &desc, &rights);
05686 }
05687
if(!
rsbac_net_template_exist(tid.
nettemp))
05688
return -
RSBAC_EINVALIDTARGET;
05689
if(!
rsbac_list_lol_exist(nettemp_nt_handle, &tid.
nettemp))
05690 {
05691
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_NETTEMP_MASK;
05692
05693 err =
rsbac_list_lol_add(nettemp_nt_handle, &tid.
nettemp, &mask);
05694
if(err)
05695
return err;
05696 }
05697
else
05698 {
05699
if(!
rsbac_list_lol_get_subdata(nettemp_nt_handle,
05700 &tid.
nettemp,
05701 &desc,
05702 &old_rights))
05703 rights |= old_rights;
05704 }
05705
return rsbac_list_lol_subadd_ttl(nettemp_nt_handle,
05706 ttl,
05707 &tid.
nettemp,
05708 &desc,
05709 &rights);
05710
case T_NETTEMP:
05711
05712
05713
05714
05715
05716
05717
05718
05719
if(!tid.
nettemp)
05720 {
05721
return -
RSBAC_EINVALIDTARGET;
05722 }
05723
if(!
rsbac_net_template_exist(tid.
nettemp))
05724
return -
RSBAC_EINVALIDTARGET;
05725
if(!
rsbac_list_lol_exist(nettemp_handle, &tid.
nettemp))
05726 {
05727
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_NETOBJ_MASK;
05728
05729 err =
rsbac_list_lol_add(nettemp_handle, &tid.
nettemp, &mask);
05730
if(err)
05731
return err;
05732 }
05733
else
05734 {
05735
if(!
rsbac_list_lol_get_subdata(nettemp_handle,
05736 &tid.
nettemp,
05737 &desc,
05738 &old_rights))
05739 rights |= old_rights;
05740 }
05741
return rsbac_list_lol_subadd_ttl(nettemp_handle,
05742 ttl,
05743 &tid.
nettemp,
05744 &desc,
05745 &rights);
05746
case T_NETOBJ:
05747
05748
05749
05750
05751
05752
05753
05754
05755
if(!tid.
netobj.
sock_p)
05756 {
05757
if(!
rsbac_list_get_data(default_netobj_handle, &desc, &old_rights))
05758 rights |= old_rights;
05759
return rsbac_list_add_ttl(default_netobj_handle, ttl,&desc, &rights);
05760 }
05761
if(!
rsbac_list_lol_exist(netobj_handle, &tid.
netobj.
sock_p))
05762 {
05763
rsbac_acl_rights_vector_t mask =
RSBAC_ACL_DEFAULT_NETOBJ_MASK;
05764
05765 err =
rsbac_list_lol_add(netobj_handle, &tid.
netobj.
sock_p, &mask);
05766
if(err)
05767
return err;
05768 }
05769
else
05770 {
05771
if(!
rsbac_list_lol_get_subdata(netobj_handle,
05772 &tid.
netobj.
sock_p,
05773 &desc,
05774 &old_rights))
05775 rights |= old_rights;
05776 }
05777
return rsbac_list_lol_subadd_ttl(netobj_handle,
05778 ttl,
05779 &tid.
netobj.
sock_p,
05780 &desc,
05781 &rights);
05782
#endif
05783
05784
default:
05785
return -
RSBAC_EINVALIDTARGET;
05786 }
05787 }
05788
05789
05790
05791
05792
05793
05794
05795
05796 int rsbac_acl_remove_from_acl_entry(
enum rsbac_target_t target,
05797
union rsbac_target_id_t tid,
05798
enum rsbac_acl_subject_type_t subj_type,
05799
rsbac_acl_subject_id_t subj_id,
05800
rsbac_acl_rights_vector_t rights)
05801 {
05802
int err = 0;
05803
int list_no;
05804
struct rsbac_acl_device_list_item_t * device_p;
05805
rsbac_acl_rights_vector_t old_rights;
05806
struct rsbac_acl_entry_desc_t desc;
05807 u_long dflags;
05808
05809
if (!
rsbac_is_initialized())
05810 {
05811 printk(KERN_WARNING
"rsbac_acl_remove_from_acl_entry(): RSBAC not initialized\n");
05812
return(-
RSBAC_ENOTINITIALIZED);
05813 }
05814
if (subj_type >=
ACLS_NONE)
05815
return(-
RSBAC_EINVALIDVALUE);
05816
#ifdef CONFIG_RSBAC_DEBUG
05817
if (in_interrupt())
05818 {
05819
#ifdef CONFIG_RSBAC_RMSG
05820
rsbac_printk(KERN_WARNING
"rsbac_acl_remove_from_acl_entry(): called from interrupt!\n");
05821
#endif
05822
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05823
if (!rsbac_nosyslog)
05824
#endif
05825
printk(KERN_WARNING
"rsbac_acl_remove_from_acl_entry(): called from interrupt!\n");
05826 }
05827
#endif
05828
desc.
subj_type = subj_type;
05829 desc.
subj_id = subj_id;
05830
05831
switch (target)
05832 {
05833
case T_FILE:
05834
case T_DIR:
05835
case T_FIFO:
05836
case T_SYMLINK:
05837
05838
05839
05840
05841
05842
05843
05844
05845
if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
05846 {
05847
if(!
rsbac_list_get_data(
default_fd_handle, &desc, &old_rights))
05848 {
05849 old_rights &= ~rights;
05850
return rsbac_list_add(
default_fd_handle, &desc, &old_rights);
05851 }
05852
else
05853
return 0;
05854 }
05855
05856 rsbac_read_lock(&
device_list_head.
lock, &dflags);
05857
05858
05859 device_p =
acl_lookup_device(tid.file.device);
05860
if (!device_p)
05861 {
05862
05863 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
05864
rsbac_get_super_block(tid.file.device);
05865
05866 rsbac_read_lock(&
device_list_head.
lock, &dflags);
05867 device_p =
acl_lookup_device(tid.file.device);
05868
if(!device_p)
05869 {
05870 printk(KERN_WARNING
05871
"rsbac_acl_remove_from_acl_entry(): Could not lookup device!\n");
05872
05873 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
05874
return(-
RSBAC_EINVALIDDEV);
05875 }
05876 }
05877 list_no =
fd_hash(tid.file.inode);
05878
if(!
rsbac_list_lol_get_subdata(device_p->handles[list_no],
05879 &tid.file.inode,
05880 &desc,
05881 &old_rights))
05882 {
05883 old_rights &= ~rights;
05884 err =
rsbac_list_lol_subadd(device_p->handles[list_no],
05885 &tid.file.inode,
05886 &desc,
05887 &old_rights);
05888 }
05889
else
05890 err = 0;
05891 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
05892
return err;
05893
05894
case T_DEV:
05895
05896
05897
05898
05899
05900
05901
05902
05903
05904
05905
if((tid.dev.type ==
D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
05906 {
05907
if(!
rsbac_list_get_data(
default_dev_handle, &desc, &old_rights))
05908 {
05909 old_rights &= ~rights;
05910
return rsbac_list_add(
default_dev_handle, &desc, &old_rights);
05911 }
05912
else
05913
return 0;
05914 }
05915 {
05916
struct rsbac_dev_desc_t dev_desc;
05917
05918 dev_desc.type = tid.dev.type;
05919 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
05920 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
05921
if(!
rsbac_list_lol_get_subdata(
dev_handle,
05922 &dev_desc,
05923 &desc,
05924 &old_rights))
05925 {
05926 old_rights &= ~rights;
05927
return rsbac_list_lol_subadd(
dev_handle,
05928 &dev_desc,
05929 &desc,
05930 &old_rights);
05931 }
05932
else
05933
return 0;
05934 }
05935
05936
case T_IPC:
05937
05938
05939
05940
05941
05942
05943
05944
05945
if(tid.
ipc.
type ==
I_none)
05946 {
05947
if(!
rsbac_list_get_data(
default_ipc_handle, &desc, &old_rights))
05948 {
05949 old_rights &= ~rights;
05950
return rsbac_list_add(
default_ipc_handle, &desc, &old_rights);
05951 }
05952
else
05953
return 0;
05954 }
05955
else
05956
return -
RSBAC_EINVALIDTARGET;
05957
05958
case T_SCD:
05959
05960
05961
05962
05963
05964
05965
05966
05967
05968
05969
05970
05971
if(tid.
scd ==
AST_none)
05972 {
05973
if(!
rsbac_list_get_data(
default_scd_handle, &desc, &old_rights))
05974 {
05975 old_rights &= ~rights;
05976
return rsbac_list_add(
default_scd_handle, &desc, &old_rights);
05977 }
05978
else
05979
return 0;
05980 }
05981
if(!
rsbac_list_lol_get_subdata(
scd_handle,
05982 &tid.
scd,
05983 &desc,
05984 &old_rights))
05985 {
05986 old_rights &= ~rights;
05987
return rsbac_list_lol_subadd(
scd_handle,
05988 &tid.
scd,
05989 &desc,
05990 &old_rights);
05991 }
05992
else
05993
return 0;
05994
05995
case T_USER:
05996
05997
05998
05999
06000
06001
06002
06003
06004
if(tid.
user ==
RSBAC_NO_USER)
06005 {
06006
if(!
rsbac_list_get_data(
default_u_handle, &desc, &old_rights))
06007 {
06008 old_rights &= ~rights;
06009
return rsbac_list_add(
default_u_handle, &desc, &old_rights);
06010 }
06011
else
06012
return 0;
06013 }
06014
else
06015
return -
RSBAC_EINVALIDTARGET;
06016
06017
case T_PROCESS:
06018
06019
06020
06021
06022
06023
06024
06025
06026
if(!tid.
process)
06027 {
06028
if(!
rsbac_list_get_data(
default_p_handle, &desc, &old_rights))
06029 {
06030 old_rights &= ~rights;
06031
return rsbac_list_add(
default_p_handle, &desc, &old_rights);
06032 }
06033
else
06034
return 0;
06035 }
06036
else
06037
return -
RSBAC_EINVALIDTARGET;
06038
06039
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
06040
case T_NETDEV:
06041
06042
06043
06044
06045
06046
06047
06048
06049
if(!tid.
netdev[0])
06050 {
06051
if(!
rsbac_list_get_data(default_netdev_handle, &desc, &old_rights))
06052 {
06053 old_rights &= ~rights;
06054
return rsbac_list_add(default_netdev_handle, &desc, &old_rights);
06055 }
06056
else
06057
return 0;
06058 }
06059
if(!
rsbac_list_lol_get_subdata(netdev_handle,
06060 &tid.
netdev,
06061 &desc,
06062 &old_rights))
06063 {
06064 old_rights &= ~rights;
06065
return rsbac_list_lol_subadd(netdev_handle,
06066 &tid.
netdev,
06067 &desc,
06068 &old_rights);
06069 }
06070
else
06071
return 0;
06072
#endif
06073
06074
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
06075
case T_NETTEMP_NT:
06076
06077
06078
06079
06080
06081
06082
06083
06084
if(!tid.
nettemp)
06085 {
06086
if(!
rsbac_list_get_data(default_nettemp_nt_handle, &desc, &old_rights))
06087 {
06088 old_rights &= ~rights;
06089
return rsbac_list_add(default_nettemp_nt_handle, &desc, &old_rights);
06090 }
06091
else
06092
return 0;
06093 }
06094
if(!
rsbac_net_template_exist(tid.
nettemp))
06095
return -
RSBAC_EINVALIDTARGET;
06096
if(!
rsbac_list_lol_get_subdata(nettemp_nt_handle,
06097 &tid.
nettemp,
06098 &desc,
06099 &old_rights))
06100 {
06101 old_rights &= ~rights;
06102
return rsbac_list_lol_subadd(nettemp_nt_handle,
06103 &tid.
nettemp,
06104 &desc,
06105 &old_rights);
06106 }
06107
else
06108
return 0;
06109
case T_NETTEMP:
06110
06111
06112
06113
06114
06115
06116
06117
06118
if(!tid.
nettemp)
06119 {
06120
return -
RSBAC_EINVALIDTARGET;
06121 }
06122
if(!
rsbac_net_template_exist(tid.
nettemp))
06123
return -
RSBAC_EINVALIDTARGET;
06124
if(!
rsbac_list_lol_get_subdata(nettemp_handle,
06125 &tid.
nettemp,
06126 &desc,
06127 &old_rights))
06128 {
06129 old_rights &= ~rights;
06130
return rsbac_list_lol_subadd(nettemp_handle,
06131 &tid.
nettemp,
06132 &desc,
06133 &old_rights);
06134 }
06135
else
06136
return 0;
06137
case T_NETOBJ:
06138
06139
06140
06141
06142
06143
06144
06145
06146
if(!tid.
netobj.
sock_p)
06147 {
06148
if(!
rsbac_list_get_data(default_netobj_handle, &desc, &old_rights))
06149 {
06150 old_rights &= ~rights;
06151
return rsbac_list_add(default_netobj_handle, &desc, &old_rights);
06152 }
06153
else
06154
return 0;
06155 }
06156
if(!
rsbac_list_lol_get_subdata(netobj_handle,
06157 &tid.
netobj.
sock_p,
06158 &desc,
06159 &old_rights))
06160 {
06161 old_rights &= ~rights;
06162
return rsbac_list_lol_subadd(netobj_handle,
06163 &tid.
netobj.
sock_p,
06164 &desc,
06165 &old_rights);
06166 }
06167
else
06168
return 0;
06169
#endif
06170
06171
default:
06172
return -
RSBAC_EINVALIDTARGET;
06173 }
06174 }
06175
06176
06177
06178
06179
06180
06181 int rsbac_acl_set_mask (
enum rsbac_target_t target,
06182
union rsbac_target_id_t tid,
06183
rsbac_acl_rights_vector_t mask)
06184 {
06185
int err = 0;
06186
int list_no;
06187
struct rsbac_acl_device_list_item_t * device_p;
06188 u_long dflags;
06189
06190
if (!
rsbac_is_initialized())
06191 {
06192 printk(KERN_WARNING
"rsbac_acl_set_mask(): RSBAC not initialized\n");
06193
return(-
RSBAC_ENOTINITIALIZED);
06194 }
06195
if (target >=
T_NONE)
06196
return(-
RSBAC_EINVALIDTARGET);
06197
#ifdef CONFIG_RSBAC_DEBUG
06198
if (in_interrupt())
06199 {
06200
#ifdef CONFIG_RSBAC_RMSG
06201
rsbac_printk(KERN_WARNING
"rsbac_acl_set_mask(): called from interrupt!\n");
06202
#endif
06203
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06204
if (!rsbac_nosyslog)
06205
#endif
06206
printk(KERN_WARNING
"rsbac_acl_set_mask(): called from interrupt!\n");
06207 }
06208
#endif
06209
switch (target)
06210 {
06211
case T_FILE:
06212
case T_DIR:
06213
case T_FIFO:
06214
case T_SYMLINK:
06215
06216
if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
06217 {
06218
return -
RSBAC_EINVALIDTARGET;
06219 }
06220
#ifdef CONFIG_RSBAC_DEBUG
06221
if (rsbac_debug_ds_acl)
06222 {
06223
#ifdef CONFIG_RSBAC_RMSG
06224
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting file/dir/fifo/symlink inheritance mask for device %02u:%02u, inode %u\n",
06225 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
06226
#endif
06227
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06228
if (!rsbac_nosyslog)
06229
#endif
06230
printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting file/dir/fifo/symlink inheritance mask for device %02u:%02u, inode %u\n",
06231 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device), tid.file.inode);
06232 }
06233
#endif
06234
06235 rsbac_read_lock(&
device_list_head.
lock, &dflags);
06236
06237
06238 device_p =
acl_lookup_device(tid.file.device);
06239
if (!device_p)
06240 {
06241
06242 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
06243
rsbac_get_super_block(tid.file.device);
06244
06245 rsbac_read_lock(&
device_list_head.
lock, &dflags);
06246 device_p =
acl_lookup_device(tid.file.device);
06247
if(!device_p)
06248 {
06249 printk(KERN_WARNING
06250
"rsbac_acl_set_mask(): Could not lookup device!\n");
06251
06252 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
06253
return(-
RSBAC_EINVALIDDEV);
06254 }
06255 }
06256 list_no =
fd_hash(tid.file.inode);
06257 err =
rsbac_list_lol_add(device_p->handles[list_no], &tid.file.inode, &mask);
06258 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
06259
06260
return err;
06261
06262
case T_DEV:
06263
06264
if(tid.dev.type ==
D_none)
06265 {
06266
return -
RSBAC_EINVALIDTARGET;
06267 }
06268
#ifdef CONFIG_RSBAC_DEBUG
06269
if (rsbac_debug_ds_acl)
06270 {
06271
#ifdef CONFIG_RSBAC_RMSG
06272
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting device inheritance mask for dev %c %02u:%02u\n",
06273
'B'+tid.dev.type,
06274 RSBAC_MAJOR(tid.dev.id),
06275 RSBAC_MINOR(tid.dev.id));
06276
#endif
06277
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06278
if (!rsbac_nosyslog)
06279
#endif
06280
printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting device inheritance mask for dev %c %02u:%02u\n",
06281
'B'+tid.dev.type,
06282 RSBAC_MAJOR(tid.dev.id),
06283 RSBAC_MINOR(tid.dev.id));
06284 }
06285
#endif
06286
{
06287
struct rsbac_dev_desc_t dev_desc;
06288
06289 dev_desc.type = tid.dev.type;
06290 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
06291 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
06292
return rsbac_list_lol_add(
dev_handle, &dev_desc, &mask);
06293 }
06294
06295
case T_SCD:
06296
06297
if(tid.
scd ==
AST_none)
06298 {
06299
return -
RSBAC_EINVALIDTARGET;
06300 }
06301
#ifdef CONFIG_RSBAC_DEBUG
06302
if (rsbac_debug_ds_acl)
06303 {
06304
char tmp[80];
06305
06306
get_acl_scd_type_name(tmp, tid.
scd);
06307
#ifdef CONFIG_RSBAC_RMSG
06308
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting SCD inheritance mask for %s\n",
06309 tmp);
06310
#endif
06311
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06312
if (!rsbac_nosyslog)
06313
#endif
06314
printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting SCD inheritance mask for %s\n",
06315 tmp);
06316 }
06317
#endif
06318
return rsbac_list_lol_add(
scd_handle, &tid.
scd, &mask);
06319
06320
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
06321
case T_NETDEV:
06322
06323
if(!tid.
netdev[0])
06324 {
06325
return -
RSBAC_EINVALIDTARGET;
06326 }
06327
#ifdef CONFIG_RSBAC_DEBUG
06328
if (rsbac_debug_ds_acl)
06329 {
06330
#ifdef CONFIG_RSBAC_RMSG
06331
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting network device inheritance mask for netdev %s\n",
06332 tid.
netdev);
06333
#endif
06334
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06335
if (!rsbac_nosyslog)
06336
#endif
06337
printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting network device inheritance mask for netdev %s\n",
06338 tid.
netdev);
06339 }
06340
#endif
06341
return rsbac_list_lol_add(netdev_handle, &tid.
netdev, &mask);
06342
#endif
06343
06344
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
06345
case T_NETTEMP_NT:
06346
06347
if(!tid.
nettemp)
06348 {
06349
return -
RSBAC_EINVALIDTARGET;
06350 }
06351
if(!
rsbac_net_template_exist(tid.
nettemp))
06352
return -
RSBAC_EINVALIDTARGET;
06353
#ifdef CONFIG_RSBAC_DEBUG
06354
if (rsbac_debug_ds_acl)
06355 {
06356
#ifdef CONFIG_RSBAC_RMSG
06357
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting network template NT inheritance mask for nettemp %u\n",
06358 tid.
nettemp);
06359
#endif
06360
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06361
if (!rsbac_nosyslog)
06362
#endif
06363
printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting network template NT inheritance mask for nettemp %u\n",
06364 tid.
nettemp);
06365 }
06366
#endif
06367
return rsbac_list_lol_add(nettemp_nt_handle, &tid.
nettemp, &mask);
06368
06369
case T_NETTEMP:
06370
06371
if(!tid.
nettemp)
06372 {
06373
return -
RSBAC_EINVALIDTARGET;
06374 }
06375
if(!
rsbac_net_template_exist(tid.
nettemp))
06376
return -
RSBAC_EINVALIDTARGET;
06377
#ifdef CONFIG_RSBAC_DEBUG
06378
if (rsbac_debug_ds_acl)
06379 {
06380
#ifdef CONFIG_RSBAC_RMSG
06381
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting network template inheritance mask for nettemp %u\n",
06382 tid.
nettemp);
06383
#endif
06384
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06385
if (!rsbac_nosyslog)
06386
#endif
06387
printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting network template inheritance mask for nettemp %u\n",
06388 tid.
nettemp);
06389 }
06390
#endif
06391
return rsbac_list_lol_add(nettemp_handle, &tid.
nettemp, &mask);
06392
06393
case T_NETOBJ:
06394
06395
if(!tid.
netobj.
sock_p)
06396 {
06397
return -
RSBAC_EINVALIDTARGET;
06398 }
06399
#ifdef CONFIG_RSBAC_DEBUG
06400
if (rsbac_debug_ds_acl)
06401 {
06402
#ifdef CONFIG_RSBAC_RMSG
06403
rsbac_printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting network object inheritance mask for netobj %p\n",
06404 tid.
netobj.
sock_p);
06405
#endif
06406
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06407
if (!rsbac_nosyslog)
06408
#endif
06409
printk(KERN_DEBUG
"rsbac_acl_set_mask(): Setting network object inheritance mask for netobj %p\n",
06410 tid.
netobj.
sock_p);
06411 }
06412
#endif
06413
return rsbac_list_lol_add(netobj_handle, &tid.
netobj.
sock_p, &mask);
06414
#endif
06415
06416
default:
06417 err = -
RSBAC_EINVALIDTARGET;
06418 }
06419
return(err);
06420 }
06421
06422
06423
06424
06425
06426
06427 int rsbac_acl_get_mask (
enum rsbac_target_t target,
06428
union rsbac_target_id_t tid,
06429
rsbac_acl_rights_vector_t * mask_p)
06430 {
06431
int err = 0;
06432
int list_no;
06433
struct rsbac_acl_device_list_item_t * device_p;
06434 u_long dflags;
06435
06436
if (!
rsbac_is_initialized())
06437 {
06438 printk(KERN_WARNING
"rsbac_acl_get_mask(): RSBAC not initialized\n");
06439
return(-
RSBAC_ENOTINITIALIZED);
06440 }
06441
if (target >=
T_NONE)
06442
return(-
RSBAC_EINVALIDTARGET);
06443
#ifdef CONFIG_RSBAC_DEBUG
06444
if (in_interrupt())
06445 {
06446
#ifdef CONFIG_RSBAC_RMSG
06447
rsbac_printk(KERN_WARNING
"rsbac_acl_get_mask(): called from interrupt!\n");
06448
#endif
06449
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06450
if (!rsbac_nosyslog)
06451
#endif
06452
printk(KERN_WARNING
"rsbac_acl_get_mask(): called from interrupt!\n");
06453 }
06454
#endif
06455
switch (target)
06456 {
06457
case T_FILE:
06458
case T_DIR:
06459
case T_FIFO:
06460
case T_SYMLINK:
06461
06462
if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
06463 {
06464
return -
RSBAC_EINVALIDTARGET;
06465 }
06466
06467
06468
06469
06470
06471
06472
06473
06474 rsbac_read_lock(&
device_list_head.
lock, &dflags);
06475
06476
06477 device_p =
acl_lookup_device(tid.file.device);
06478
if (!device_p)
06479 {
06480
06481 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
06482
rsbac_get_super_block(tid.file.device);
06483
06484 rsbac_read_lock(&
device_list_head.
lock, &dflags);
06485 device_p =
acl_lookup_device(tid.file.device);
06486
if(!device_p)
06487 {
06488 printk(KERN_WARNING
06489
"rsbac_acl_get_mask(): Could not lookup device!\n");
06490
06491 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
06492
return(-
RSBAC_EINVALIDDEV);
06493 }
06494 }
06495 list_no =
fd_hash(tid.file.inode);
06496 err =
rsbac_list_lol_get_data(device_p->handles[list_no], &tid.file.inode, mask_p);
06497
06498 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
06499
if(err == -
RSBAC_ENOTFOUND)
06500 {
06501 *mask_p =
RSBAC_ACL_DEFAULT_FD_MASK;
06502 err = 0;
06503 }
06504
06505
return err;
06506
06507
case T_DEV:
06508
06509
if(tid.dev.type ==
D_none)
06510 {
06511
return -
RSBAC_EINVALIDTARGET;
06512 }
06513
06514
06515
06516
06517
06518
06519
06520
06521
06522 {
06523
struct rsbac_dev_desc_t dev_desc;
06524
06525 dev_desc.type = tid.dev.type;
06526 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
06527 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
06528 err =
rsbac_list_lol_get_data(
dev_handle, &dev_desc, mask_p);
06529 }
06530
if(err == -
RSBAC_ENOTFOUND)
06531 {
06532 *mask_p =
RSBAC_ACL_DEFAULT_DEV_MASK;
06533 err = 0;
06534 }
06535
06536
return err;
06537
06538
case T_SCD:
06539
06540
if(tid.
scd ==
AST_none)
06541 {
06542
return -
RSBAC_EINVALIDTARGET;
06543 }
06544
06545
06546
06547
06548
06549
06550
06551
06552
06553
06554
06555
06556 err =
rsbac_list_lol_get_data(
scd_handle, &tid.
scd, mask_p);
06557
if(err == -
RSBAC_ENOTFOUND)
06558 {
06559 *mask_p =
RSBAC_ACL_DEFAULT_SCD_MASK;
06560 err = 0;
06561 }
06562
06563
return err;
06564
06565
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
06566
case T_NETDEV:
06567
06568
if(!tid.
netdev[0])
06569 {
06570
return -
RSBAC_EINVALIDTARGET;
06571 }
06572
06573
06574
06575
06576
06577
06578
06579
06580 err =
rsbac_list_lol_get_data(netdev_handle, &tid.
netdev, mask_p);
06581
if(err == -
RSBAC_ENOTFOUND)
06582 {
06583 *mask_p =
RSBAC_ACL_DEFAULT_NETDEV_MASK;
06584 err = 0;
06585 }
06586
06587
return err;
06588
#endif
06589
06590
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
06591
case T_NETTEMP_NT:
06592
06593
if(!tid.
nettemp)
06594 {
06595
return -
RSBAC_EINVALIDTARGET;
06596 }
06597
if(!
rsbac_net_template_exist(tid.
nettemp))
06598
return -
RSBAC_EINVALIDTARGET;
06599
06600
06601
06602
06603
06604
06605
06606
06607 err =
rsbac_list_lol_get_data(nettemp_nt_handle, &tid.
nettemp, mask_p);
06608
if(err == -
RSBAC_ENOTFOUND)
06609 {
06610 *mask_p =
RSBAC_ACL_DEFAULT_NETTEMP_MASK;
06611 err = 0;
06612 }
06613
06614
return err;
06615
case T_NETTEMP:
06616
06617
if(!tid.
nettemp)
06618 {
06619
return -
RSBAC_EINVALIDTARGET;
06620 }
06621
if(!
rsbac_net_template_exist(tid.
nettemp))
06622
return -
RSBAC_EINVALIDTARGET;
06623
06624
06625
06626
06627
06628
06629
06630
06631 err =
rsbac_list_lol_get_data(nettemp_handle, &tid.
nettemp, mask_p);
06632
if(err == -
RSBAC_ENOTFOUND)
06633 {
06634 *mask_p =
RSBAC_ACL_DEFAULT_NETOBJ_MASK;
06635 err = 0;
06636 }
06637
06638
return err;
06639
case T_NETOBJ:
06640
06641
if(!tid.
netobj.
sock_p)
06642 {
06643
return -
RSBAC_EINVALIDTARGET;
06644 }
06645
06646
06647
06648
06649
06650
06651
06652
06653 err =
rsbac_list_lol_get_data(netobj_handle, &tid.
netobj.
sock_p, mask_p);
06654
if(err == -
RSBAC_ENOTFOUND)
06655 {
06656 *mask_p =
RSBAC_ACL_DEFAULT_NETOBJ_MASK;
06657 err = 0;
06658 }
06659
06660
return err;
06661
#endif
06662
06663
default:
06664 err = -
RSBAC_EINVALIDTARGET;
06665 }
06666
return(err);
06667 }
06668
06669
06670
06671
06672
06673
06674
06675
06676 int rsbac_acl_get_rights (
enum rsbac_target_t target,
06677
union rsbac_target_id_t tid,
06678
enum rsbac_acl_subject_type_t subj_type,
06679
rsbac_acl_subject_id_t subj_id,
06680
rsbac_acl_rights_vector_t * rights_p,
06681
boolean inherit)
06682 {
06683
int err = 0;
06684
int list_no;
06685
struct rsbac_acl_device_list_item_t * device_p;
06686 u_long dflags;
06687
struct rsbac_acl_entry_desc_t desc;
06688
rsbac_acl_rights_vector_t i_rights = 0;
06689
rsbac_acl_rights_vector_t mask = -1;
06690
06691
if (!
rsbac_is_initialized())
06692 {
06693 printk(KERN_WARNING
"rsbac_acl_get_rights(): RSBAC not initialized\n");
06694
return(-
RSBAC_ENOTINITIALIZED);
06695 }
06696
if (!rights_p)
06697
return(-
RSBAC_EINVALIDPOINTER);
06698
if (subj_type >=
ACLS_NONE)
06699
return(-
RSBAC_EINVALIDVALUE);
06700
#ifdef CONFIG_RSBAC_DEBUG
06701
if (in_interrupt())
06702 {
06703
#ifdef CONFIG_RSBAC_RMSG
06704
rsbac_printk(KERN_WARNING
"rsbac_acl_get_rights(): called from interrupt!\n");
06705
#endif
06706
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06707
if (!rsbac_nosyslog)
06708
#endif
06709
printk(KERN_WARNING
"rsbac_acl_get_rights(): called from interrupt!\n");
06710 }
06711
#endif
06712
desc.
subj_type = subj_type;
06713 desc.
subj_id = subj_id;
06714
06715
switch (target)
06716 {
06717
case T_FILE:
06718
case T_DIR:
06719
case T_FIFO:
06720
case T_SYMLINK:
06721
06722
06723
06724
06725
06726
06727
06728
06729
06730
06731
06732
if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
06733 {
06734
if(
rsbac_list_get_data(
default_fd_handle, &desc, rights_p))
06735 {
06736
06737 *rights_p =
default_fd_rights;
06738 }
06739
return 0;
06740 }
06741 *rights_p = 0;
06742
06743 rsbac_read_lock(&
device_list_head.
lock, &dflags);
06744
06745
06746
for (;;)
06747 {
06748
06749 device_p =
acl_lookup_device(tid.file.device);
06750
if (!device_p)
06751 {
06752
06753 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
06754
rsbac_get_super_block(tid.file.device);
06755
06756 rsbac_read_lock(&
device_list_head.
lock, &dflags);
06757 device_p =
acl_lookup_device(tid.file.device);
06758
if(!device_p)
06759 {
06760 printk(KERN_WARNING
06761
"rsbac_acl_get_rights(): Could not lookup device %02u:%02u!\n",
06762 RSBAC_MAJOR(tid.file.device),RSBAC_MINOR(tid.file.device));
06763
06764 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
06765
return(-
RSBAC_EINVALIDDEV);
06766 }
06767 }
06768 list_no =
fd_hash(tid.file.inode);
06769
if(!
rsbac_list_lol_get_subdata(device_p->handles[list_no],
06770 &tid.file.inode,
06771 &desc,
06772 &i_rights))
06773 {
06774 *rights_p |= (i_rights & mask);
06775
06776
break;
06777 }
06778
else
06779
if(inherit)
06780 {
06781
enum rsbac_target_t parent_target;
06782
union rsbac_target_id_t parent_tid;
06783
rsbac_acl_rights_vector_t i_mask;
06784
06785
06786
if(
rsbac_list_lol_get_data(device_p->handles[list_no],
06787 &tid.file.inode,
06788 &i_mask))
06789 {
06790
06791 i_mask =
RSBAC_ACL_DEFAULT_FD_MASK;
06792 }
06793
06794 mask &= i_mask;
06795
06796
06797
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
06798 {
06799 target = parent_target;
06800 tid = parent_tid;
06801
06802
continue;
06803 }
06804
else
06805 {
06806
06807
if(!
rsbac_list_get_data(
default_fd_handle,
06808 &desc,
06809 &i_rights))
06810 {
06811
06812 *rights_p |= (i_rights & mask);
06813 }
06814
else
06815 {
06816
06817 *rights_p |= (
default_fd_rights & mask);
06818 }
06819 }
06820
06821
break;
06822 }
06823
else
06824 {
06825
06826 *rights_p |=
default_fd_rights;
06827
06828
break;
06829 }
06830 }
06831
06832 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
06833
return err;
06834
06835
case T_DEV:
06836
06837
06838
06839
06840
06841
06842
06843
06844
06845
06846
if((tid.dev.type ==
D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
06847 {
06848
if(
rsbac_list_get_data(
default_dev_handle, &desc, rights_p))
06849 {
06850
06851 *rights_p =
default_dev_rights;
06852 }
06853
return 0;
06854 }
06855 {
06856
struct rsbac_dev_desc_t dev_desc;
06857
06858 dev_desc.type = tid.dev.type;
06859 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
06860 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
06861
if(!
rsbac_list_lol_get_subdata(
dev_handle,
06862 &dev_desc,
06863 &desc,
06864 &i_rights))
06865 {
06866 *rights_p |= i_rights;
06867 }
06868
else
06869 {
06870
rsbac_acl_rights_vector_t mask;
06871
06872
06873
if(
rsbac_list_lol_get_data(
dev_handle,
06874 &dev_desc,
06875 &mask))
06876 {
06877
06878 mask =
RSBAC_ACL_DEFAULT_DEV_MASK;
06879 }
06880
06881
if(!
rsbac_list_get_data(
default_dev_handle, &desc, rights_p))
06882 {
06883 *rights_p &= mask;
06884 }
06885
else
06886 {
06887
06888 *rights_p =
default_dev_rights & mask;
06889 }
06890 }
06891 }
06892
return 0;
06893
06894
case T_IPC:
06895
06896
06897
06898
06899
06900
06901
06902
06903
if(
rsbac_list_get_data(
default_ipc_handle, &desc, rights_p))
06904 {
06905
06906 *rights_p =
default_ipc_rights;
06907 }
06908
return 0;
06909
06910
case T_SCD:
06911
06912
06913
06914
06915
06916
06917
06918
06919
06920
06921
06922
06923
if( (tid.
scd ==
AST_none)
06924 || (tid.
scd ==
ST_none)
06925 )
06926 {
06927
if(
rsbac_list_get_data(
default_scd_handle, &desc, rights_p))
06928 {
06929
06930 *rights_p =
default_scd_rights;
06931 }
06932
return 0;
06933 }
06934
if(!
rsbac_list_lol_get_subdata(
scd_handle,
06935 &tid.
scd,
06936 &desc,
06937 &i_rights))
06938 {
06939 *rights_p |= i_rights;
06940 }
06941
else
06942 {
06943
rsbac_acl_rights_vector_t mask;
06944
06945
06946
if(
rsbac_list_lol_get_data(
scd_handle,
06947 &tid.
scd,
06948 &mask))
06949 {
06950
06951 mask =
RSBAC_ACL_DEFAULT_SCD_MASK;
06952 }
06953
06954
if(!
rsbac_list_get_data(
default_scd_handle, &desc, rights_p))
06955 {
06956 *rights_p &= mask;
06957 }
06958
else
06959 {
06960
06961 *rights_p =
default_scd_rights & mask;
06962 }
06963 }
06964
return 0;
06965
06966
case T_USER:
06967
06968
06969
06970
06971
06972
06973
06974
06975
if(
rsbac_list_get_data(
default_u_handle, &desc, rights_p))
06976 {
06977
06978 *rights_p =
default_u_rights;
06979 }
06980
return 0;
06981
06982
case T_PROCESS:
06983
06984
06985
06986
06987
06988
06989
06990
06991
if(
rsbac_list_get_data(
default_p_handle, &desc, rights_p))
06992 {
06993
06994 *rights_p =
default_p_rights;
06995 }
06996
return 0;
06997
06998
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
06999
case T_NETDEV:
07000
07001
07002
07003
07004
07005
07006
07007
07008
if(!tid.
netdev[0])
07009 {
07010
if(
rsbac_list_get_data(default_netdev_handle, &desc, rights_p))
07011 {
07012
07013 *rights_p = default_netdev_rights;
07014 }
07015
return 0;
07016 }
07017
if(!
rsbac_list_lol_get_subdata(netdev_handle,
07018 &tid.
netdev,
07019 &desc,
07020 &i_rights))
07021 {
07022 *rights_p |= i_rights;
07023 }
07024
else
07025 {
07026
rsbac_acl_rights_vector_t mask;
07027
07028
07029
if(
rsbac_list_lol_get_data(netdev_handle,
07030 &tid.
netdev,
07031 &mask))
07032 {
07033
07034 mask =
RSBAC_ACL_DEFAULT_NETDEV_MASK;
07035 }
07036
07037
if(!
rsbac_list_get_data(default_netdev_handle, &desc, rights_p))
07038 {
07039 *rights_p &= mask;
07040 }
07041
else
07042 {
07043
07044 *rights_p = default_netdev_rights & mask;
07045 }
07046 }
07047
return 0;
07048
#endif
07049
07050
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
07051
07052
case T_NETTEMP_NT:
07053
07054
07055
07056
07057
07058
07059
07060
07061
if(!tid.
nettemp)
07062 {
07063
if(
rsbac_list_get_data(default_nettemp_nt_handle, &desc, rights_p))
07064 {
07065
07066 *rights_p = default_nettemp_nt_rights;
07067 }
07068
return 0;
07069 }
07070
if(!
rsbac_net_template_exist(tid.
nettemp))
07071
return -
RSBAC_EINVALIDTARGET;
07072
if(!
rsbac_list_lol_get_subdata(nettemp_nt_handle,
07073 &tid.
nettemp,
07074 &desc,
07075 &i_rights))
07076 {
07077 *rights_p |= i_rights;
07078 }
07079
else
07080 {
07081
rsbac_acl_rights_vector_t mask;
07082
07083
07084
if(
rsbac_list_lol_get_data(nettemp_nt_handle,
07085 &tid.
nettemp,
07086 &mask))
07087 {
07088
07089 mask =
RSBAC_ACL_DEFAULT_NETTEMP_MASK;
07090 }
07091
07092
if(!
rsbac_list_get_data(default_nettemp_nt_handle, &desc, rights_p))
07093 {
07094 *rights_p &= mask;
07095 }
07096
else
07097 {
07098
07099 *rights_p = default_nettemp_nt_rights & mask;
07100 }
07101 }
07102
return 0;
07103
07104
07105
case T_NETTEMP:
07106
07107
07108
07109
07110
07111
07112
07113
07114
if(!tid.
nettemp)
07115 {
07116
if(
rsbac_list_get_data(default_netobj_handle, &desc, rights_p))
07117 {
07118
07119 *rights_p = default_netobj_rights;
07120 }
07121
return 0;
07122 }
07123
if(!
rsbac_net_template_exist(tid.
nettemp))
07124
return -
RSBAC_EINVALIDTARGET;
07125
if(!
rsbac_list_lol_get_subdata(nettemp_handle,
07126 &tid.
nettemp,
07127 &desc,
07128 &i_rights))
07129 {
07130 *rights_p |= i_rights;
07131 }
07132
else
07133 {
07134
rsbac_acl_rights_vector_t mask;
07135
07136
07137
if(
rsbac_list_lol_get_data(nettemp_handle,
07138 &tid.
nettemp,
07139 &mask))
07140 {
07141
07142 mask =
RSBAC_ACL_DEFAULT_NETOBJ_MASK;
07143 }
07144
07145
if(!
rsbac_list_get_data(default_netobj_handle, &desc, rights_p))
07146 {
07147 *rights_p &= mask;
07148 }
07149
else
07150 {
07151
07152 *rights_p = default_netobj_rights & mask;
07153 }
07154 }
07155
return 0;
07156
07157
case T_NETOBJ:
07158
07159
07160
07161
07162
07163
07164
07165
07166
if(!tid.
nettemp)
07167 {
07168
if(
rsbac_list_get_data(default_netobj_handle, &desc, rights_p))
07169 {
07170
07171 *rights_p = default_netobj_rights;
07172 }
07173
return 0;
07174 }
07175
if(!
rsbac_list_lol_get_subdata(netobj_handle,
07176 &tid.
netobj.
sock_p,
07177 &desc,
07178 &i_rights))
07179 {
07180 *rights_p |= i_rights;
07181 }
07182
else
07183 {
07184
rsbac_acl_rights_vector_t mask;
07185
rsbac_net_temp_id_t temp = 0;
07186
07187
07188
if(
rsbac_list_lol_get_data(nettemp_handle,
07189 &temp,
07190 &mask))
07191 {
07192
07193 mask =
RSBAC_ACL_DEFAULT_NETOBJ_MASK;
07194 }
07195
07196
rsbac_net_lookup_templates(tid.
netobj,
07197 &temp,
07198
NULL);
07199
07200
if( temp
07201 && !
rsbac_list_lol_get_subdata(nettemp_handle,
07202 &temp,
07203 &desc,
07204 &i_rights))
07205 {
07206 *rights_p |= i_rights;
07207 }
07208
else
07209 {
07210
07211
if( temp
07212 &&
rsbac_list_lol_get_data(nettemp_handle,
07213 &temp,
07214 &mask))
07215 {
07216
07217 mask =
RSBAC_ACL_DEFAULT_NETOBJ_MASK;
07218 }
07219
07220
if(!
rsbac_list_get_data(default_netobj_handle, &desc, rights_p))
07221 {
07222 *rights_p &= mask;
07223 }
07224
else
07225 {
07226
07227 *rights_p = default_netobj_rights & mask;
07228 }
07229 }
07230 }
07231
return 0;
07232
#endif
07233
07234
default:
07235
return -
RSBAC_EINVALIDTARGET;
07236 }
07237 }
07238
07239
07240
07241
07242
07243
07244
07245
07246 int rsbac_acl_get_single_right (
enum rsbac_target_t target,
07247
union rsbac_target_id_t tid,
07248
enum rsbac_acl_subject_type_t subj_type,
07249
rsbac_acl_subject_id_t subj_id,
07250
enum rsbac_adf_request_t right,
07251
boolean * result)
07252 {
07253
int list_no;
07254
struct rsbac_acl_device_list_item_t * device_p;
07255 u_long dflags;
07256
rsbac_acl_rights_vector_t i_rvec;
07257
rsbac_acl_rights_vector_t i_rights;
07258
struct rsbac_acl_entry_desc_t desc;
07259
07260
if (!
rsbac_is_initialized())
07261 {
07262 printk(KERN_WARNING
"rsbac_acl_get_single_right(): RSBAC not initialized\n");
07263
return(-
RSBAC_ENOTINITIALIZED);
07264 }
07265
if (!result)
07266
return(-
RSBAC_EINVALIDPOINTER);
07267
if ( (subj_type >=
ACLS_NONE)
07268 || (right >=
ACLR_NONE)
07269 )
07270
return(-
RSBAC_EINVALIDVALUE);
07271
#ifdef CONFIG_RSBAC_DEBUG
07272
if (in_interrupt())
07273 {
07274
#ifdef CONFIG_RSBAC_RMSG
07275
rsbac_printk(KERN_WARNING
"rsbac_acl_get_single_right(): called from interrupt!\n");
07276
#endif
07277
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07278
if (!rsbac_nosyslog)
07279
#endif
07280
printk(KERN_WARNING
"rsbac_acl_get_single_right(): called from interrupt!\n");
07281 }
07282
#endif
07283
i_rvec = (
rsbac_acl_rights_vector_t) 1 << right;
07284
07285 desc.
subj_type = subj_type;
07286 desc.
subj_id = subj_id;
07287
07288
switch (target)
07289 {
07290
case T_FILE:
07291
case T_DIR:
07292
case T_FIFO:
07293
case T_SYMLINK:
07294
07295
07296
07297
07298
07299
07300
07301
07302
if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
07303 {
07304
if(!
rsbac_list_get_data(
default_fd_handle, &desc, &i_rights))
07305 {
07306
if(i_rights & i_rvec)
07307 {
07308 *result =
TRUE;
07309
return 0;
07310 }
07311
else
07312 {
07313 *result =
FALSE;
07314
return 0;
07315 }
07316 }
07317
else
07318 {
07319
if(
default_fd_rights & i_rvec)
07320 {
07321 *result =
TRUE;
07322
return 0;
07323 }
07324
else
07325 {
07326 *result =
FALSE;
07327
return 0;
07328 }
07329 }
07330 }
07331
07332 rsbac_read_lock(&
device_list_head.
lock, &dflags);
07333
07334
07335
for (;;)
07336 {
07337
07338 device_p =
acl_lookup_device(tid.file.device);
07339
if (!device_p)
07340 {
07341
07342 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
07343
rsbac_get_super_block(tid.file.device);
07344
07345 rsbac_read_lock(&
device_list_head.
lock, &dflags);
07346 device_p =
acl_lookup_device(tid.file.device);
07347
if(!device_p)
07348 {
07349
#ifdef CONFIG_RSBAC_RMSG
07350
rsbac_printk(KERN_WARNING
07351
"rsbac_acl_get_single_right(): Could not lookup device, blindly granting access!\n");
07352
#endif
07353
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07354
if (!rsbac_nosyslog)
07355
#endif
07356
printk(KERN_WARNING
07357
"rsbac_acl_get_single_right(): Could not lookup device, blindly granting access!\n");
07358
07359 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
07360 *result =
TRUE;
07361
return 0;
07362 }
07363 }
07364 list_no =
fd_hash(tid.file.inode);
07365
if( !
rsbac_list_lol_get_subdata(device_p->handles[list_no],
07366 &tid.file.inode,
07367 &desc,
07368 &i_rights)
07369 && (i_rights & i_rvec)
07370 )
07371 {
07372 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
07373 *result =
TRUE;
07374
return 0;
07375 }
07376
07377 {
07378
enum rsbac_target_t parent_target;
07379
union rsbac_target_id_t parent_tid;
07380
07381
#ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
07382
if(right !=
ACLR_SUPERVISOR)
07383
#endif
07384
{
07385
rsbac_acl_rights_vector_t mask;
07386
07387
07388
if( !
rsbac_list_lol_get_data(device_p->handles[list_no],
07389 &tid.file.inode,
07390 &mask)
07391 && !(mask & i_rvec)
07392 )
07393 {
07394 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
07395 *result =
FALSE;
07396
return 0;
07397 }
07398 }
07399
07400
07401
if(!
rsbac_get_parent(target, tid, &parent_target, &parent_tid))
07402 {
07403 target = parent_target;
07404 tid = parent_tid;
07405
continue;
07406 }
07407
else
07408 {
07409
07410
if( !
rsbac_list_get_data(
default_fd_handle,
07411 &desc,
07412 &i_rights)
07413 && (i_rights & i_rvec)
07414 )
07415 {
07416 *result =
TRUE;
07417 }
07418
else
07419 {
07420
if(
default_fd_rights & i_rvec)
07421 *result =
TRUE;
07422
else
07423 *result =
FALSE;
07424 }
07425
07426 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
07427
return 0;
07428 }
07429 }
07430 }
07431
07432
case T_DEV:
07433
07434
07435
07436
07437
07438
07439
07440
07441
07442
if((tid.dev.type ==
D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
07443 {
07444
if(!
rsbac_list_get_data(
default_dev_handle, &desc, &i_rights))
07445 {
07446
if(i_rights & i_rvec)
07447 {
07448 *result =
TRUE;
07449
return 0;
07450 }
07451
else
07452 {
07453 *result =
FALSE;
07454
return 0;
07455 }
07456 }
07457
else
07458 {
07459
if(
default_dev_rights & i_rvec)
07460 {
07461 *result =
TRUE;
07462
return 0;
07463 }
07464
else
07465 {
07466 *result =
FALSE;
07467
return 0;
07468 }
07469 }
07470 }
07471
07472 {
07473
struct rsbac_dev_desc_t dev_desc;
07474
07475 dev_desc.type = tid.dev.type;
07476 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
07477 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
07478
if( !
rsbac_list_lol_get_subdata(
dev_handle,
07479 &dev_desc,
07480 &desc,
07481 &i_rights)
07482 && (i_rights & i_rvec)
07483 )
07484 {
07485 *result =
TRUE;
07486
return 0;
07487 }
07488
#ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
07489
if(right !=
ACLR_SUPERVISOR)
07490
#endif
07491
{
07492
rsbac_acl_rights_vector_t mask;
07493
07494
07495
if( !
rsbac_list_lol_get_data(
dev_handle,
07496 &dev_desc,
07497 &mask)
07498 && !(mask & i_rvec)
07499 )
07500 {
07501 *result =
FALSE;
07502
return 0;
07503 }
07504 }
07505 }
07506
07507
if( !
rsbac_list_get_data(
default_dev_handle,
07508 &desc,
07509 &i_rights)
07510 && (i_rights & i_rvec)
07511 )
07512 {
07513 *result =
TRUE;
07514 }
07515
else
07516 {
07517
if(
default_dev_rights & i_rvec)
07518 *result =
TRUE;
07519
else
07520 *result =
FALSE;
07521 }
07522
return 0;
07523
07524
case T_IPC:
07525
07526
07527
07528
07529
07530
07531
07532
07533
if(!
rsbac_list_get_data(
default_ipc_handle, &desc, &i_rights))
07534 {
07535
if(i_rights & i_rvec)
07536 {
07537 *result =
TRUE;
07538
return 0;
07539 }
07540
else
07541 {
07542 *result =
FALSE;
07543
return 0;
07544 }
07545 }
07546
else
07547 {
07548
if(
default_ipc_rights & i_rvec)
07549 {
07550 *result =
TRUE;
07551
return 0;
07552 }
07553
else
07554 {
07555 *result =
FALSE;
07556
return 0;
07557 }
07558 }
07559
07560
case T_SCD:
07561
07562
07563
07564
07565
07566
07567
07568
07569
07570
07571
07572
07573
if(tid.
scd ==
AST_none)
07574 {
07575
if(!
rsbac_list_get_data(
default_scd_handle, &desc, &i_rights))
07576 {
07577
if(i_rights & i_rvec)
07578 {
07579 *result =
TRUE;
07580
return 0;
07581 }
07582
else
07583 {
07584 *result =
FALSE;
07585
return 0;
07586 }
07587 }
07588
else
07589 {
07590
if(
default_scd_rights & i_rvec)
07591 {
07592 *result =
TRUE;
07593
return 0;
07594 }
07595
else
07596 {
07597 *result =
FALSE;
07598
return 0;
07599 }
07600 }
07601 }
07602
07603
if( !
rsbac_list_lol_get_subdata(
scd_handle,
07604 &tid.
scd,
07605 &desc,
07606 &i_rights)
07607 && (i_rights & i_rvec)
07608 )
07609 {
07610 *result =
TRUE;
07611
return 0;
07612 }
07613
#ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
07614
if(right !=
ACLR_SUPERVISOR)
07615
#endif
07616
{
07617
rsbac_acl_rights_vector_t mask;
07618
07619
07620
if( !
rsbac_list_lol_get_data(
scd_handle,
07621 &tid.
scd,
07622 &mask)
07623 && !(mask & i_rvec)
07624 )
07625 {
07626 *result =
FALSE;
07627
return 0;
07628 }
07629 }
07630
07631
07632
if( !
rsbac_list_get_data(
default_scd_handle,
07633 &desc,
07634 &i_rights)
07635 && (i_rights & i_rvec)
07636 )
07637 {
07638 *result =
TRUE;
07639 }
07640
else
07641 {
07642
if(
default_scd_rights & i_rvec)
07643 *result =
TRUE;
07644
else
07645 *result =
FALSE;
07646 }
07647
return 0;
07648
07649
case T_USER:
07650
07651
07652
07653
07654
07655
07656
07657
07658
if(!
rsbac_list_get_data(
default_u_handle, &desc, &i_rights))
07659 {
07660
if(i_rights & i_rvec)
07661 {
07662 *result =
TRUE;
07663
return 0;
07664 }
07665
else
07666 {
07667 *result =
FALSE;
07668
return 0;
07669 }
07670 }
07671
else
07672 {
07673
if(
default_u_rights & i_rvec)
07674 {
07675 *result =
TRUE;
07676
return 0;
07677 }
07678
else
07679 {
07680 *result =
FALSE;
07681
return 0;
07682 }
07683 }
07684
07685
case T_PROCESS:
07686
07687
07688
07689
07690
07691
07692
07693
07694
if(!
rsbac_list_get_data(
default_p_handle, &desc, &i_rights))
07695 {
07696
if(i_rights & i_rvec)
07697 {
07698 *result =
TRUE;
07699
return 0;
07700 }
07701
else
07702 {
07703 *result =
FALSE;
07704
return 0;
07705 }
07706 }
07707
else
07708 {
07709
if(
default_p_rights & i_rvec)
07710 {
07711 *result =
TRUE;
07712
return 0;
07713 }
07714
else
07715 {
07716 *result =
FALSE;
07717
return 0;
07718 }
07719 }
07720
07721
#if defined(CONFIG_RSBAC_ACL_NET_DEV_PROT)
07722
case T_NETDEV:
07723
07724
07725
07726
07727
07728
07729
07730
if(!tid.
netdev[0])
07731 {
07732
if(!
rsbac_list_get_data(default_netdev_handle, &desc, &i_rights))
07733 {
07734
if(i_rights & i_rvec)
07735 {
07736 *result =
TRUE;
07737
return 0;
07738 }
07739
else
07740 {
07741 *result =
FALSE;
07742
return 0;
07743 }
07744 }
07745
else
07746 {
07747
if(default_netdev_rights & i_rvec)
07748 {
07749 *result =
TRUE;
07750
return 0;
07751 }
07752
else
07753 {
07754 *result =
FALSE;
07755
return 0;
07756 }
07757 }
07758 }
07759
07760
if( !
rsbac_list_lol_get_subdata(netdev_handle,
07761 &tid.
netdev,
07762 &desc,
07763 &i_rights)
07764 && (i_rights & i_rvec)
07765 )
07766 {
07767 *result =
TRUE;
07768
return 0;
07769 }
07770
#ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
07771
if(right !=
ACLR_SUPERVISOR)
07772
#endif
07773
{
07774
rsbac_acl_rights_vector_t mask;
07775
07776
07777
if( !
rsbac_list_lol_get_data(netdev_handle,
07778 &tid.
netdev,
07779 &mask)
07780 && !(mask & i_rvec)
07781 )
07782 {
07783 *result =
FALSE;
07784
return 0;
07785 }
07786 }
07787
07788
07789
if( !
rsbac_list_get_data(default_netdev_handle,
07790 &desc,
07791 &i_rights)
07792 && (i_rights & i_rvec)
07793 )
07794 {
07795 *result =
TRUE;
07796 }
07797
else
07798 {
07799
if(default_netdev_rights & i_rvec)
07800 *result =
TRUE;
07801
else
07802 *result =
FALSE;
07803 }
07804
return 0;
07805
#endif
07806
07807
#if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
07808
case T_NETTEMP_NT:
07809
case T_NETTEMP:
07810
07811
07812
07813
07814
07815
07816
07817
if(!tid.
nettemp)
07818 {
07819
if(!
rsbac_list_get_data(default_nettemp_nt_handle, &desc, &i_rights))
07820 {
07821
if(i_rights & i_rvec)
07822 {
07823 *result =
TRUE;
07824
return 0;
07825 }
07826
else
07827 {
07828 *result =
FALSE;
07829
return 0;
07830 }
07831 }
07832
else
07833 {
07834
if(default_nettemp_nt_rights & i_rvec)
07835 {
07836 *result =
TRUE;
07837
return 0;
07838 }
07839
else
07840 {
07841 *result =
FALSE;
07842
return 0;
07843 }
07844 }
07845 }
07846
07847
07848
if(right !=
R_CREATE)
07849 {
07850
if(!
rsbac_net_template_exist(tid.
nettemp))
07851
return FALSE;
07852
if( !
rsbac_list_lol_get_subdata(nettemp_nt_handle,
07853 &tid.
nettemp,
07854 &desc,
07855 &i_rights)
07856 && (i_rights & i_rvec)
07857 )
07858 {
07859 *result =
TRUE;
07860
return 0;
07861 }
07862
#ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
07863
if(right !=
ACLR_SUPERVISOR)
07864
#endif
07865
{
07866
rsbac_acl_rights_vector_t mask;
07867
07868
07869
if( !
rsbac_list_lol_get_data(nettemp_nt_handle,
07870 &tid.
nettemp,
07871 &mask)
07872 && !(mask & i_rvec)
07873 )
07874 {
07875 *result =
FALSE;
07876
return 0;
07877 }
07878 }
07879 }
07880
07881
07882
if( !
rsbac_list_get_data(default_nettemp_nt_handle,
07883 &desc,
07884 &i_rights)
07885 && (i_rights & i_rvec)
07886 )
07887 {
07888 *result =
TRUE;
07889 }
07890
else
07891 {
07892
if(default_nettemp_nt_rights & i_rvec)
07893 *result =
TRUE;
07894
else
07895 *result =
FALSE;
07896 }
07897
return 0;
07898
07899
case T_NETOBJ:
07900
07901
07902
07903
07904
07905
07906
07907
if(!tid.
netobj.
sock_p)
07908 {
07909
if(!
rsbac_list_get_data(default_netobj_handle, &desc, &i_rights))
07910 {
07911
if(i_rights & i_rvec)
07912 {
07913 *result =
TRUE;
07914
return 0;
07915 }
07916
else
07917 {
07918 *result =
FALSE;
07919
return 0;
07920 }
07921 }
07922
else
07923 {
07924
if(default_netobj_rights & i_rvec)
07925 {
07926 *result =
TRUE;
07927
return 0;
07928 }
07929
else
07930 {
07931 *result =
FALSE;
07932
return 0;
07933 }
07934 }
07935 }
07936
07937
if( !
rsbac_list_lol_get_subdata(netobj_handle,
07938 &tid.
netobj.
sock_p,
07939 &desc,
07940 &i_rights)
07941 && (i_rights & i_rvec)
07942 )
07943 {
07944 *result =
TRUE;
07945
return 0;
07946 }
07947
#ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
07948
if(right !=
ACLR_SUPERVISOR)
07949
#endif
07950
{
07951
rsbac_acl_rights_vector_t mask;
07952
07953
07954
if( !
rsbac_list_lol_get_data(netobj_handle,
07955 &tid.
netobj.
sock_p,
07956 &mask)
07957 && !(mask & i_rvec)
07958 )
07959 {
07960 *result =
FALSE;
07961
return 0;
07962 }
07963 }
07964
07965 {
07966
rsbac_net_temp_id_t temp = 0;
07967
07968
if(
rsbac_net_remote_request(right))
07969
rsbac_net_lookup_templates(tid.
netobj,
07970
NULL,
07971 &temp);
07972
else
07973
rsbac_net_lookup_templates(tid.
netobj,
07974 &temp,
07975
NULL);
07976
if( temp
07977 && !
rsbac_list_lol_get_subdata(nettemp_handle,
07978 &temp,
07979 &desc,
07980 &i_rights)
07981 && (i_rights & i_rvec)
07982 )
07983 {
07984 *result =
TRUE;
07985
return 0;
07986 }
07987
#ifndef CONFIG_RSBAC_ACL_SUPER_FILTER
07988
if(right !=
ACLR_SUPERVISOR)
07989
#endif
07990
{
07991
rsbac_acl_rights_vector_t mask;
07992
07993
07994
if( !
rsbac_list_lol_get_data(nettemp_handle,
07995 &temp,
07996 &mask)
07997 && !(mask & i_rvec)
07998 )
07999 {
08000 *result =
FALSE;
08001
return 0;
08002 }
08003 }
08004 }
08005
08006
08007
if( !
rsbac_list_get_data(default_netobj_handle,
08008 &desc,
08009 &i_rights)
08010 && (i_rights & i_rvec)
08011 )
08012 {
08013 *result =
TRUE;
08014 }
08015
else
08016 {
08017
if(default_netobj_rights & i_rvec)
08018 *result =
TRUE;
08019
else
08020 *result =
FALSE;
08021 }
08022
return 0;
08023
#endif
08024
08025
default:
08026
return -
RSBAC_EINVALIDTARGET;
08027 }
08028 }
08029
08030
08031
08032
08033
08034
08035 int rsbac_acl_get_tlist (
enum rsbac_target_t target,
08036
union rsbac_target_id_t tid,
08037
struct rsbac_acl_entry_t ** entry_pp,
08038
rsbac_time_t ** ttl_pp)
08039 {
08040
int count = 0;
08041
int list_no;
08042
struct rsbac_acl_device_list_item_t * device_p;
08043 u_long dflags;
08044
08045
if (!
rsbac_is_initialized())
08046 {
08047 printk(KERN_WARNING
"rsbac_acl_get_tlist(): RSBAC not initialized\n");
08048
return(-
RSBAC_ENOTINITIALIZED);
08049 }
08050
if (!entry_pp)
08051
return(-
RSBAC_EINVALIDPOINTER);
08052
#ifdef CONFIG_RSBAC_DEBUG
08053
if (in_interrupt())
08054 {
08055
#ifdef CONFIG_RSBAC_RMSG
08056
rsbac_printk(KERN_WARNING
"rsbac_acl_get_tlist(): called from interrupt!\n");
08057
#endif
08058
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08059
if (!rsbac_nosyslog)
08060
#endif
08061
printk(KERN_WARNING
"rsbac_acl_get_tlist(): called from interrupt!\n");
08062 }
08063
#endif
08064
switch (target)
08065 {
08066
case T_FD:
08067
case T_FILE:
08068
case T_DIR:
08069
case T_FIFO:
08070
case T_SYMLINK:
08071
08072
08073
08074
08075
08076
08077
08078
08079
if(RSBAC_IS_ZERO_DEV(tid.file.device) && !tid.file.inode && !tid.file.dentry_p)
08080
return rsbac_list_get_all_items_ttl(
default_fd_handle,
08081 (
void **) entry_pp,
08082 ttl_pp);
08083
08084 rsbac_read_lock(&
device_list_head.
lock, &dflags);
08085
08086
08087 device_p =
acl_lookup_device(tid.file.device);
08088
if (!device_p)
08089 {
08090
08091 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
08092
rsbac_get_super_block(tid.file.device);
08093
08094 rsbac_read_lock(&
device_list_head.
lock, &dflags);
08095 device_p =
acl_lookup_device(tid.file.device);
08096
if(!device_p)
08097 {
08098
#ifdef CONFIG_RSBAC_RMSG
08099
rsbac_printk(KERN_WARNING
08100
"rsbac_acl_get_tlist(): Could not lookup device!\n");
08101
#endif
08102
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
08103
if (!rsbac_nosyslog)
08104
#endif
08105
printk(KERN_WARNING
08106
"rsbac_acl_get_tlist(): Could not lookup device!\n");
08107
08108 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
08109
return(-
RSBAC_EINVALIDDEV);
08110 }
08111 }
08112
08113 list_no =
fd_hash(tid.file.inode);
08114 count =
rsbac_list_lol_get_all_subitems_ttl(device_p->handles[list_no],
08115 &tid.file.inode,
08116 (
void **) entry_pp,
08117 ttl_pp);
08118 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
08119
08120
return count;
08121
08122
case T_DEV:
08123
08124
08125
08126
08127
08128
08129
08130
08131
08132
if((tid.dev.type ==
D_none) && RSBAC_IS_ZERO_DEV(tid.dev.id))
08133
return rsbac_list_get_all_items_ttl(
default_dev_handle,
08134 (
void **) entry_pp,
08135 ttl_pp);
08136
else
08137 {
08138
struct rsbac_dev_desc_t dev_desc;
08139
08140 dev_desc.type = tid.dev.type;
08141 dev_desc.major = RSBAC_MAJOR(tid.dev.id);
08142 dev_desc.minor = RSBAC_MINOR(tid.dev.id);
08143
return rsbac_list_lol_get_all_subitems_ttl(
dev_handle,
08144 &dev_desc,
08145 (
void **) entry_pp,
08146 ttl_pp);
08147 }
08148
08149
case T_IPC:
08150
08151
08152
08153
08154
08155
08156
08157
08158
return rsbac_list_get_all_items_ttl(
default_ipc_handle,
08159 (
void **) entry_pp,
08160 ttl_pp);
08161
08162
case T_SCD:
08163
08164
08165
08166
08167
08168
08169
08170
08171
08172
08173
08174
if( (tid.
scd ==
AST_none)
08175 || (tid.
scd ==
ST_none)
08176 )
08177
return rsbac_list_get_all_items_ttl(
default_scd_handle,
08178 (
void **) entry_pp,
08179 ttl_pp);
08180
else
08181
return rsbac_list_lol_get_all_subitems_ttl(
scd_handle,
08182 &tid.
scd,
08183 (
void **) entry_pp,
08184 ttl_pp);
08185
08186
case T_USER:
08187
08188
08189
08190
08191
08192
08193
08194
08195
return rsbac_list_get_all_items_ttl(
default_u_handle,
08196 (
void **) entry_pp,
08197 ttl_pp);
08198
08199
case T_PROCESS:
08200
08201
08202
08203
08204
08205
08206
08207
08208
return rsbac_list_get_all_items_ttl(
default_p_handle,
08209 (
void **) entry_pp,
08210 ttl_pp);
08211
08212
#if defined(CONFIG_RSBAC_ACL_NET_DEV_PROT)
08213
case T_NETDEV:
08214
08215
08216
08217
08218
08219
08220
08221
if(!tid.
netdev[0])
08222
return rsbac_list_get_all_items_ttl(default_netdev_handle,
08223 (
void **) entry_pp,
08224 ttl_pp);
08225
else
08226
return rsbac_list_lol_get_all_subitems_ttl(netdev_handle,
08227 &tid.
netdev,
08228 (
void **) entry_pp,
08229 ttl_pp);
08230
#endif
08231
08232
#if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
08233
case T_NETTEMP_NT:
08234
08235
08236
08237
08238
08239
08240
08241
if(!tid.
nettemp)
08242
return rsbac_list_get_all_items_ttl(default_nettemp_nt_handle,
08243 (
void **) entry_pp,
08244 ttl_pp);
08245
if(!
rsbac_net_template_exist(tid.
nettemp))
08246
return -
RSBAC_EINVALIDTARGET;
08247
return rsbac_list_lol_get_all_subitems_ttl(nettemp_nt_handle,
08248 &tid.
nettemp,
08249 (
void **) entry_pp,
08250 ttl_pp);
08251
08252
case T_NETTEMP:
08253
08254
08255
08256
08257
08258
08259
08260
if(!tid.
nettemp)
08261
return -
RSBAC_EINVALIDTARGET;
08262
if(!
rsbac_net_template_exist(tid.
nettemp))
08263
return -
RSBAC_EINVALIDTARGET;
08264
return rsbac_list_lol_get_all_subitems_ttl(nettemp_handle,
08265 &tid.
nettemp,
08266 (
void **) entry_pp,
08267 ttl_pp);
08268
08269
case T_NETOBJ:
08270
08271
08272
08273
08274
08275
08276
08277
if(!tid.
nettemp)
08278
return rsbac_list_get_all_items_ttl(default_netobj_handle,
08279 (
void **) entry_pp,
08280 ttl_pp);
08281
else
08282
return rsbac_list_lol_get_all_subitems_ttl(netobj_handle,
08283 &tid.
netobj.
sock_p,
08284 (
void **) entry_pp,
08285 ttl_pp);
08286
#endif
08287
08288
default:
08289
return -
RSBAC_EINVALIDTARGET;
08290 }
08291 }
08292
08293
08294 int rsbac_acl_remove_subject(
struct rsbac_acl_entry_desc_t desc)
08295 {
08296
struct rsbac_acl_device_list_item_t * device_p;
08297 u_long dflags;
08298 u_int i;
08299
08300
if(desc.
subj_type >=
ACLS_NONE)
08301
return -
RSBAC_EINVALIDVALUE;
08302
08303
08304
rsbac_list_remove(
default_fd_handle, &desc);
08305
rsbac_list_remove(
default_dev_handle, &desc);
08306
rsbac_list_remove(
default_ipc_handle, &desc);
08307
rsbac_list_remove(
default_scd_handle, &desc);
08308
rsbac_list_remove(
default_u_handle, &desc);
08309
rsbac_list_remove(
default_p_handle, &desc);
08310
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
08311
rsbac_list_remove(default_netdev_handle, &desc);
08312
#endif
08313
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
08314
rsbac_list_remove(default_nettemp_nt_handle, &desc);
08315
rsbac_list_remove(default_netobj_handle, &desc);
08316
#endif
08317
08318
08319 rsbac_read_lock(&
device_list_head.
lock, &dflags);
08320 device_p =
device_list_head.
head;
08321
while(device_p)
08322 {
08323
for(i=0; i<
RSBAC_ACL_NR_FD_LISTS; i++)
08324 {
08325
rsbac_list_lol_subremove_from_all(device_p->handles[i],
08326 &desc);
08327 }
08328 device_p = device_p->next;
08329 }
08330
08331 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
08332
08333
08334
rsbac_list_lol_subremove_from_all(
dev_handle,
08335 &desc);
08336
08337
08338
rsbac_list_lol_subremove_from_all(
scd_handle,
08339 &desc);
08340
08341
#ifdef CONFIG_RSBAC_ACL_NET_DEV_PROT
08342
08343
rsbac_list_lol_subremove_from_all(netdev_handle,
08344 &desc);
08345
#endif
08346
#ifdef CONFIG_RSBAC_ACL_NET_OBJ_PROT
08347
rsbac_list_lol_subremove_from_all(nettemp_nt_handle,
08348 &desc);
08349
rsbac_list_lol_subremove_from_all(nettemp_handle,
08350 &desc);
08351
rsbac_list_lol_subremove_from_all(netobj_handle,
08352 &desc);
08353
#endif
08354
08355
return 0;
08356 }
08357
08358
08359
08360 int rsbac_acl_add_group(
rsbac_uid_t owner,
enum rsbac_acl_group_type_t type,
char * name,
08361
rsbac_acl_group_id_t * group_id_p)
08362 {
08363
struct rsbac_acl_group_entry_t entry;
08364
int err=0;
08365
08366
if(type >=
ACLG_NONE)
08367
return -
RSBAC_EINVALIDVALUE;
08368
if(!name || !group_id_p)
08369
return -
RSBAC_EINVALIDPOINTER;
08370
if(!name[0])
08371
return -
RSBAC_EINVALIDVALUE;
08372 entry.
owner = owner;
08373 entry.
type = type;
08374 strncpy(entry.
name, name,
RSBAC_ACL_GROUP_NAMELEN-1);
08375 entry.
name[
RSBAC_ACL_GROUP_NAMELEN-1] = 0;
08376
if(!*group_id_p)
08377 {
08378
08379
group_last_new++;
08380
08381
while(!
group_last_new ||
rsbac_list_exist(
group_handle, &
group_last_new))
08382
group_last_new++;
08383
08384 entry.
id =
group_last_new;
08385 }
08386
else
08387 {
08388
if(
rsbac_list_exist(
group_handle, group_id_p))
08389 {
08390
return(-
RSBAC_EEXISTS);
08391 }
08392
else
08393 entry.
id = *group_id_p;
08394 }
08395
if(
rsbac_list_add(
group_handle, &entry.
id, &entry))
08396 err = -
RSBAC_ECOULDNOTADDITEM;
08397
else
08398 {
08399 *group_id_p = entry.
id;
08400 }
08401
return(err);
08402 }
08403
08404 int rsbac_acl_change_group(
rsbac_acl_group_id_t id,
08405
rsbac_uid_t owner,
08406
enum rsbac_acl_group_type_t type,
08407
char * name)
08408 {
08409
struct rsbac_acl_group_entry_t entry;
08410
08411
if(!
id)
08412
return -
RSBAC_EINVALIDVALUE;
08413
if(!
rsbac_list_exist(
group_handle, &
id))
08414
return(-
RSBAC_ENOTFOUND);
08415
if(!name)
08416
return -
RSBAC_EINVALIDPOINTER;
08417
if(!name[0])
08418
return -
RSBAC_EINVALIDVALUE;
08419 entry.
id =
id;
08420 entry.
owner = owner;
08421 entry.
type = type;
08422 strncpy(entry.
name, name,
RSBAC_ACL_GROUP_NAMELEN);
08423 entry.
name[
RSBAC_ACL_GROUP_NAMELEN-1] = 0;
08424
return rsbac_list_add(
group_handle, &entry.
id, &entry);
08425 }
08426
08427 int rsbac_acl_remove_group(
rsbac_acl_group_id_t id)
08428 {
08429
int err=0;
08430
08431
if(!
id)
08432
return -
RSBAC_EINVALIDVALUE;
08433
08434 err =
rsbac_list_remove(
group_handle, &
id);
08435
if(!err)
08436 {
08437
struct rsbac_acl_entry_desc_t desc;
08438
08439
08440
rsbac_list_lol_subremove_from_all(
gm_handle,
08441 &
id);
08442 desc.
subj_type =
ACLS_GROUP;
08443 desc.
subj_id =
id;
08444 err =
rsbac_acl_remove_subject(desc);
08445 }
08446
return(err);
08447 }
08448
08449 int rsbac_acl_get_group_entry(
rsbac_acl_group_id_t group,
struct rsbac_acl_group_entry_t * entry_p)
08450 {
08451
if(!group)
08452
return -
RSBAC_EINVALIDVALUE;
08453
if(!entry_p)
08454
return -
RSBAC_EINVALIDPOINTER;
08455
return rsbac_list_get_data(
group_handle, &group, entry_p);
08456 }
08457
08458 int rsbac_acl_list_groups(
rsbac_uid_t owner,
08459
boolean include_global,
08460
struct rsbac_acl_group_entry_t ** entry_pp)
08461 {
08462
long count;
08463
struct rsbac_acl_group_entry_t * local_entry_p;
08464
08465
if(!entry_pp)
08466
return -
RSBAC_EINVALIDPOINTER;
08467 count =
rsbac_list_get_all_data(
group_handle, (
void **) &local_entry_p);
08468
if(count > 0)
08469 {
08470
long i;
08471
long rescount = 0;
08472
08473 *entry_pp =
rsbac_vmalloc(count *
sizeof(**entry_pp));
08474
if(!*entry_pp)
08475 {
08476
rsbac_vfree(local_entry_p);
08477
return -
RSBAC_ENOMEM;
08478 }
08479
for(i=0; i<count; i++)
08480 {
08481
if( (local_entry_p[i].owner == owner)
08482 || ( include_global
08483 && (local_entry_p[i].type ==
ACLG_GLOBAL)
08484 )
08485 )
08486 {
08487 memcpy(&(*entry_pp)[rescount], &local_entry_p[i],
sizeof(local_entry_p[i]));
08488 rescount++;
08489 }
08490 }
08491
rsbac_vfree(local_entry_p);
08492 count = rescount;
08493 }
08494
return count;
08495 }
08496
08497
08498 boolean rsbac_acl_group_exist(
rsbac_acl_group_id_t group)
08499 {
08500
if(!group)
08501
return TRUE;
08502
return rsbac_list_exist(
group_handle, &group);
08503 }
08504
08505 int rsbac_acl_add_group_member(
rsbac_acl_group_id_t group,
rsbac_uid_t user,
rsbac_time_t ttl)
08506 {
08507
int err=0;
08508
08509
if(!group)
08510
return -
RSBAC_EINVALIDVALUE;
08511
if(!
rsbac_list_exist(
group_handle, &group))
08512
return -
RSBAC_EINVALIDVALUE;
08513
08514
if(!
rsbac_list_lol_exist(
gm_handle, &user))
08515 {
08516 err =
rsbac_list_lol_add(
gm_handle, &user,
NULL);
08517
if(err)
08518
return err;
08519 }
08520
return rsbac_list_lol_subadd_ttl(
gm_handle, ttl, &user, &group,
NULL);
08521 }
08522
08523 int rsbac_acl_remove_group_member(
rsbac_acl_group_id_t group,
rsbac_uid_t user)
08524 {
08525
int err;
08526
08527
if(!group)
08528
return -
RSBAC_EINVALIDVALUE;
08529
if(!
rsbac_list_exist(
group_handle, &group))
08530
return -
RSBAC_EINVALIDVALUE;
08531
08532 err =
rsbac_list_lol_subremove(
gm_handle, &user, &group);
08533
08534
if( !err
08535 && !
rsbac_list_lol_subcount(
gm_handle, &user)
08536 )
08537 err =
rsbac_list_lol_remove(
gm_handle, &user);
08538
08539
return err;
08540 }
08541
08542
08543 boolean rsbac_acl_group_member(
rsbac_acl_group_id_t group,
rsbac_uid_t user)
08544 {
08545
return rsbac_list_lol_subexist(
gm_handle, &user, &group);
08546 }
08547
08548
08549
08550
08551 int rsbac_acl_get_user_groups(
rsbac_uid_t user,
08552
rsbac_acl_group_id_t ** group_pp,
08553
rsbac_time_t ** ttl_pp)
08554 {
08555
return rsbac_list_lol_get_all_subdesc_ttl(
gm_handle,
08556 &user,
08557 (
void **) group_pp,
08558 ttl_pp);
08559 }
08560
08561
08562 int rsbac_acl_get_group_members(
rsbac_acl_group_id_t group,
08563
rsbac_uid_t user_array[],
08564
rsbac_time_t ttl_array[],
08565
int maxnum)
08566 {
08567
long desc_count;
08568
long i;
08569
rsbac_uid_t * user_p;
08570
int err = 0;
08571
08572
if(!group || (maxnum <= 0))
08573
return -
RSBAC_EINVALIDVALUE;
08574
if(!
rsbac_list_exist(
group_handle, &group))
08575
return -
RSBAC_EINVALIDVALUE;
08576
if(!user_array)
08577
return -
RSBAC_EINVALIDPOINTER;
08578
08579
08580 desc_count =
rsbac_list_lol_get_all_desc(
gm_handle, (
void **) &user_p);
08581
if(desc_count > 0)
08582 {
08583
rsbac_time_t ttl;
08584
08585
for(i=0; i<desc_count; i++)
08586 {
08587
if(!
rsbac_list_lol_get_subdata_ttl(
gm_handle, &ttl, &user_p[i], &group,
NULL))
08588 {
08589 user_array[err] = user_p[i];
08590
if(ttl_array)
08591 ttl_array[err] = ttl;
08592 err++;
08593
if(err >= maxnum)
08594
break;
08595 }
08596 }
08597
rsbac_vfree(user_p);
08598 }
08599
return(err);
08600 }
08601
08602
08603
08604 int rsbac_acl_remove_user(
rsbac_uid_t user)
08605 {
08606 u_long i;
08607
struct rsbac_acl_group_entry_t * entry_p;
08608
long desc_count;
08609
struct rsbac_acl_entry_desc_t desc;
08610
08611
rsbac_list_lol_remove(
gm_handle, &user);
08612
08613 desc_count =
rsbac_list_get_all_data(
group_handle, (
void **) &entry_p);
08614
if(desc_count > 0)
08615 {
08616
for(i=0; i<desc_count; i++)
08617 {
08618
if(entry_p[i].owner == user)
08619 {
08620
rsbac_list_remove(
group_handle, &entry_p[i].
id);
08621
08622
rsbac_list_lol_subremove_from_all(
gm_handle,
08623 &entry_p[i].
id);
08624 }
08625 }
08626
rsbac_vfree(entry_p);
08627 }
08628
08629 desc.
subj_type =
ACLS_USER;
08630 desc.
subj_id = user;
08631
08632
return rsbac_acl_remove_subject(desc);
08633 }
08634
08635