00001
00002
00003
00004
00005
00006
00007
00008
00009
#include <linux/types.h>
00010
#include <linux/sched.h>
00011
#include <linux/mm.h>
00012
#include <linux/init.h>
00013
#include <linux/ext2_fs.h>
00014
#include <asm/uaccess.h>
00015
#include <rsbac/types.h>
00016
#include <rsbac/aci_data_structures.h>
00017
#include <rsbac/mac_data_structures.h>
00018
#include <rsbac/error.h>
00019
#include <rsbac/helpers.h>
00020
#include <rsbac/adf.h>
00021
#include <rsbac/aci.h>
00022
#include <rsbac/lists.h>
00023
#include <rsbac/proc_fs.h>
00024
#include <rsbac/rkmem.h>
00025
#include <rsbac/getname.h>
00026
#include <linux/string.h>
00027
#include <linux/smp_lock.h>
00028
00029
00030
00031
00032
00033 static struct rsbac_mac_device_list_head_t device_list_head;
00034
00035 static rsbac_list_handle_t process_handle =
NULL;
00036
00037
00038
00039
00040
00041
boolean writable(
struct super_block * sb_p);
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051 static inline int fd_hash(
rsbac_inode_nr_t inode)
00052 {
00053
return(inode %
RSBAC_MAC_NR_TRU_FD_LISTS);
00054 }
00055
00056
00057
00058
00059 static int mac_register_fd_lists(
struct rsbac_mac_device_list_item_t * device_p,
00060 kdev_t kdev)
00061 {
00062
char * name;
00063
int err = 0;
00064
int tmperr;
00065
char number[10];
00066 u_int file_no;
00067
struct rsbac_list_lol_info_t lol_info;
00068
00069
if(!device_p)
00070
return(-
RSBAC_EINVALIDPOINTER);
00071 name =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00072
if(!name)
00073
return -
RSBAC_ENOMEM;
00074
00075
00076
for (file_no = 0; file_no <
RSBAC_MAC_NR_TRU_FD_LISTS; file_no++)
00077 {
00078
00079 strcpy(name,
RSBAC_MAC_FD_FILENAME);
00080 strcat(name,
inttostr(number,file_no) );
00081
00082 lol_info.
version =
RSBAC_MAC_FD_LIST_VERSION;
00083 lol_info.
key =
RSBAC_MAC_LIST_KEY;
00084 lol_info.
desc_size =
sizeof(
rsbac_inode_nr_t);
00085 lol_info.
data_size = 0;
00086 lol_info.
subdesc_size =
sizeof(
rsbac_uid_t);
00087 lol_info.
subdata_size = 0;
00088 lol_info.
max_age = 0;
00089 tmperr =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00090 &(device_p->
handles[file_no]),
00091 &lol_info,
00092
RSBAC_LIST_PERSIST |
RSBAC_LIST_DEF_DATA,
00093
rsbac_list_compare_u32,
00094
rsbac_list_compare_u32,
00095
NULL,
00096
NULL,
00097
NULL,
00098
NULL,
00099 name,
00100 kdev);
00101
if(tmperr)
00102 {
00103
char * tmp;
00104
00105 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00106
if(tmp)
00107 {
00108 printk(KERN_WARNING
00109
"mac_register_fd_lists(): registering list %s for device %02u:%02u failed with error %s!\n",
00110 name,
00111 RSBAC_MAJOR(kdev),
00112 RSBAC_MINOR(kdev),
00113
get_error_name(tmp, tmperr));
00114
rsbac_kfree(tmp);
00115 }
00116 err = tmperr;
00117 }
00118 }
00119
return err;
00120 }
00121
00122
00123
00124
00125 static int mac_detach_fd_lists(
struct rsbac_mac_device_list_item_t * device_p)
00126 {
00127
char * name;
00128
int err = 0;
00129
int tmperr;
00130
char number[10];
00131 u_int file_no;
00132
00133
if(!device_p)
00134
return(-
RSBAC_EINVALIDPOINTER);
00135 name =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00136
if(!name)
00137
return -
RSBAC_ENOMEM;
00138
00139
00140
for (file_no = 0; file_no <
RSBAC_MAC_NR_TRU_FD_LISTS; file_no++)
00141 {
00142
00143 strcpy(name,
RSBAC_MAC_FD_FILENAME);
00144 strcat(name,
inttostr(number,file_no) );
00145
00146 tmperr =
rsbac_list_lol_detach(&device_p->
handles[file_no],
00147
RSBAC_MAC_LIST_KEY);
00148
if(tmperr)
00149 {
00150
char * tmp;
00151
00152 tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00153
if(tmp)
00154 {
00155 printk(KERN_WARNING
00156
"mac_detach_fd_lists(): detaching from list %s for device %02u:%02u failed with error %s!\n",
00157 name,
00158 RSBAC_MAJOR(device_p->
id),
00159 RSBAC_MINOR(device_p->
id),
00160
get_error_name(tmp, tmperr));
00161
rsbac_kfree(tmp);
00162 }
00163 err = tmperr;
00164 }
00165 }
00166
return err;
00167 }
00168
00169
00170
00171
00172
00173
00174 static struct rsbac_mac_device_list_item_t *
lookup_device(kdev_t kdev)
00175 {
00176
struct rsbac_mac_device_list_item_t * curr =
device_list_head.
curr;
00177
00178
00179
if(! ( curr
00180 && (RSBAC_MAJOR(curr->id) == RSBAC_MAJOR(kdev))
00181 && (RSBAC_MINOR(curr->id) == RSBAC_MINOR(kdev))
00182 )
00183 )
00184 {
00185 curr =
device_list_head.
head;
00186
while( curr
00187 && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00188 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00189 )
00190 )
00191 {
00192 curr = curr->
next;
00193 }
00194
if (curr)
00195
device_list_head.
curr=curr;
00196 }
00197
00198
return (curr);
00199 };
00200
00201
00202
00203
00204
00205
00206
00207
00208
00209
00210
static struct rsbac_mac_device_list_item_t
00211 *
create_device_item(kdev_t kdev)
00212 {
00213
struct rsbac_mac_device_list_item_t * new_item_p;
00214
int i;
00215
00216
00217
if ( !(new_item_p = (
struct rsbac_mac_device_list_item_t *)
00218
rsbac_kmalloc(
sizeof(*new_item_p)) ) )
00219
return(
NULL);
00220
00221 new_item_p->
id = kdev;
00222 new_item_p->mount_count = 1;
00223
00224
00225
for(i=0 ; i <
RSBAC_MAC_NR_TRU_FD_LISTS ; i++)
00226 new_item_p->handles[i] =
NULL;
00227
return(new_item_p);
00228 };
00229
00230
00231
static struct rsbac_mac_device_list_item_t
00232 *
add_device_item(
struct rsbac_mac_device_list_item_t * device_p)
00233 {
00234
if (!device_p)
00235
return(
NULL);
00236
00237
00238
if (!
device_list_head.
head)
00239 {
00240
device_list_head.
head=device_p;
00241
device_list_head.
tail=device_p;
00242
device_list_head.
curr=device_p;
00243
device_list_head.
count=1;
00244 device_p->
prev=
NULL;
00245 device_p->
next=
NULL;
00246 }
00247
else
00248 {
00249 device_p->
prev=
device_list_head.
tail;
00250 device_p->
next=
NULL;
00251
device_list_head.
tail->
next=device_p;
00252
device_list_head.
tail=device_p;
00253
device_list_head.
curr=device_p;
00254
device_list_head.
count++;
00255 };
00256
return(device_p);
00257 };
00258
00259
00260
00261
00262
00263
00264
00265
00266 static void clear_device_item(
struct rsbac_mac_device_list_item_t * item_p)
00267 {
00268
if(!item_p)
00269
return;
00270
00271
00272
mac_detach_fd_lists(item_p);
00273
00274
rsbac_kfree(item_p);
00275 };
00276
00277 static void remove_device_item(kdev_t kdev)
00278 {
00279
struct rsbac_mac_device_list_item_t * item_p;
00280
00281
00282
if ( (item_p =
lookup_device(kdev)) )
00283 {
00284
if (
device_list_head.
head == item_p)
00285 {
00286
if (
device_list_head.
tail == item_p)
00287 {
00288
device_list_head.
head =
NULL;
00289
device_list_head.
tail =
NULL;
00290 }
00291
else
00292 {
00293 item_p->next->prev =
NULL;
00294
device_list_head.
head = item_p->
next;
00295 };
00296 }
00297
else
00298 {
00299
if (
device_list_head.
tail == item_p)
00300 {
00301 item_p->
prev->
next =
NULL;
00302
device_list_head.
tail = item_p->
prev;
00303 }
00304
else
00305 {
00306 item_p->
prev->
next = item_p->
next;
00307 item_p->
next->
prev = item_p->
prev;
00308 };
00309 };
00310
00311
00312
device_list_head.
curr=
NULL;
00313
00314
device_list_head.
count--;
00315
00316
00317
00318
clear_device_item(item_p);
00319 };
00320
00321 };
00322
00323
00324
00325
00326
00327 static int copy_fp_tru_set_item(
struct rsbac_mac_device_list_item_t * device_p,
00328
rsbac_mac_file_t file,
00329
rsbac_pid_t pid)
00330 {
00331
rsbac_uid_t * tru_item_p;
00332
rsbac_time_t * ttl_p;
00333
int i;
00334
long count;
00335
enum rsbac_target_t target =
T_FILE;
00336
union rsbac_target_id_t tid;
00337
00338
rsbac_list_lol_remove(
process_handle, &pid);
00339 count =
rsbac_list_lol_get_all_subdesc_ttl(device_p->
handles[
fd_hash(file.inode)],
00340 &file.inode,
00341 (
void **) &tru_item_p,
00342 &ttl_p);
00343
if( !count
00344 || (count == -
RSBAC_ENOTFOUND)
00345 )
00346 {
00347 tid.file = file;
00348
if(!
rsbac_get_parent(target, tid, &target, &tid))
00349 count =
rsbac_list_lol_get_all_subdesc_ttl(device_p->
handles[
fd_hash(tid.file.inode)],
00350 &tid.file.inode,
00351 (
void **) &tru_item_p,
00352 &ttl_p);
00353 }
00354
if(count > 0)
00355 {
00356
for(i=0; i < count ; i++)
00357 {
00358
rsbac_list_lol_subadd_ttl(
process_handle,
00359 ttl_p[i],
00360 &pid,
00361 &tru_item_p[i],
00362
NULL);
00363 }
00364
rsbac_vfree(tru_item_p);
00365
rsbac_vfree(ttl_p);
00366 }
00367
else
00368 {
00369
if( (count < 0)
00370 && (count != -
RSBAC_ENOTFOUND)
00371 )
00372
return count;
00373 }
00374
00375
return 0;
00376 };
00377
00378
00379
00380
00381 static int copy_pp_tru_set_item_handle(
rsbac_list_handle_t handle,
00382
rsbac_pid_t old_pid,
00383
rsbac_pid_t new_pid)
00384 {
00385
rsbac_uid_t * tru_item_p;
00386
rsbac_time_t * ttl_p;
00387
int i;
00388
long count;
00389
00390
rsbac_list_lol_remove(handle, &new_pid);
00391 count =
rsbac_list_lol_get_all_subdesc_ttl(handle,
00392 &old_pid,
00393 (
void **) &tru_item_p,
00394 &ttl_p);
00395
if(count > 0)
00396 {
00397
for(i=0; i < count ; i++)
00398 {
00399
rsbac_list_lol_subadd_ttl(handle,
00400 ttl_p[i],
00401 &new_pid,
00402 &tru_item_p[i],
00403
NULL);
00404 }
00405
rsbac_vfree(tru_item_p);
00406
rsbac_vfree(ttl_p);
00407 }
00408
else
00409 {
00410
if(count < 0)
00411
return count;
00412 }
00413
return 0;
00414 }
00415
00416 static int copy_pp_tru_set_item(
rsbac_pid_t old_pid,
00417
rsbac_pid_t new_pid)
00418 {
00419
return copy_pp_tru_set_item_handle(
process_handle, old_pid, new_pid);
00420 };
00421
00422
00423
00424
00425
00426
#if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00427
static int
00428 mac_devices_proc_info(
char *buffer,
char **start, off_t offset,
int length)
00429 {
00430
int len = 0;
00431 off_t pos = 0;
00432 off_t begin = 0;
00433
struct rsbac_mac_device_list_item_t * device_p;
00434 u_long dflags;
00435
00436
if (!
rsbac_is_initialized())
return (-ENOSYS);
00437
00438 len += sprintf(buffer,
"%u RSBAC MAC Devices\n-------------------\n",
00439
device_list_head.
count);
00440
00441
00442 rsbac_read_lock(&
device_list_head.
lock, &dflags);
00443
00444
for (device_p =
device_list_head.
head; device_p; device_p = device_p->
next)
00445 {
00446 len += sprintf(buffer + len,
"%02u:%02u with mount_count = %u\n",
00447 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
00448 device_p->mount_count);
00449 pos = begin + len;
00450
if (pos < offset)
00451 {
00452 len = 0;
00453 begin = pos;
00454 }
00455
if (pos > offset+length)
00456
break;
00457 }
00458
00459
00460 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
00461
00462 *start = buffer + (offset - begin);
00463 len -= (offset - begin);
00464
00465
if (len > length)
00466 len = length;
00467
return len;
00468 }
00469
00470
static int
00471 stats_mac_proc_info(
char *buffer,
char **start, off_t offset,
int length)
00472 {
00473 u_int len = 0;
00474 off_t pos = 0;
00475 off_t begin = 0;
00476
00477 u_int tru_set_count = 0;
00478 u_int member_count = 0;
00479 u_long dflags;
00480
struct rsbac_mac_device_list_item_t * device_p;
00481
int i;
00482
00483
union rsbac_target_id_t rsbac_target_id;
00484
union rsbac_attribute_value_t rsbac_attribute_value;
00485
00486
if (!
rsbac_is_initialized)
00487 {
00488 printk(KERN_WARNING
"stats_mac_proc_info(): RSBAC not initialized\n");
00489
return(-
RSBAC_ENOTINITIALIZED);
00490 }
00491
#ifdef CONFIG_RSBAC_DEBUG
00492
if (rsbac_debug_aef_mac)
00493 {
00494
#ifdef CONFIG_RSBAC_RMSG
00495
rsbac_printk(KERN_DEBUG
"stats_mac_proc_info(): calling ADF\n");
00496
#endif
00497
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00498
if (!rsbac_nosyslog)
00499
#endif
00500
printk(KERN_DEBUG
"stats_mac_proc_info(): calling ADF\n");
00501 }
00502
#endif
00503
rsbac_target_id.
scd =
ST_rsbac;
00504 rsbac_attribute_value.
dummy = 0;
00505
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
00506 current->pid,
00507 T_SCD,
00508 rsbac_target_id,
00509 A_none,
00510 rsbac_attribute_value))
00511 {
00512
return -EPERM;
00513 }
00514
00515 len += sprintf(buffer,
"MAC Status\n----------\n");
00516
00517 len += sprintf(buffer + len,
"%lu process trusted user set items, sum of %lu members\n",
00518
rsbac_list_lol_count(process_handle),
00519
rsbac_list_lol_all_subcount(process_handle));
00520 pos = begin + len;
00521
if (pos < offset)
00522 {
00523 len = 0;
00524 begin = pos;
00525 }
00526
if (pos > offset+length)
00527
goto out;
00528
00529
00530 rsbac_read_lock(&
device_list_head.
lock, &dflags);
00531 device_p =
device_list_head.
head;
00532
while(device_p)
00533 {
00534
00535 tru_set_count = 0;
00536 member_count = 0;
00537
for(i=0 ; i <
RSBAC_MAC_NR_TRU_FD_LISTS; i++)
00538 {
00539 tru_set_count +=
rsbac_list_lol_count(device_p->handles[i]);
00540 member_count +=
rsbac_list_lol_all_subcount(device_p->handles[i]);
00541 }
00542 len += sprintf(buffer + len,
"device %02u:%02u has %u file trusted user set items, sum of %u members\n",
00543 RSBAC_MAJOR(device_p->id),
00544 RSBAC_MINOR(device_p->id),
00545 tru_set_count,member_count);
00546 pos = begin + len;
00547
if (pos < offset)
00548 {
00549 len = 0;
00550 begin = pos;
00551 }
00552
if (pos > offset+length)
00553
goto out_unlock;
00554
00555 device_p = device_p->next;
00556 }
00557 out_unlock:
00558
00559 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
00560
00561 out:
00562 *start = buffer + (offset - begin);
00563 len -= (offset - begin);
00564
00565
if (len > length)
00566 len = length;
00567
return len;
00568 }
00569
00570
static int
00571 mac_trulist_proc_info(
char *buffer,
char **start, off_t offset,
int length)
00572 {
00573 u_int len = 0;
00574 off_t pos = 0;
00575 off_t begin = 0;
00576
00577 u_int count = 0;
00578 u_int member_count = 0;
00579 u_long all_member_count;
00580 u_long dflags;
00581
int i,j,list;
00582
struct rsbac_mac_device_list_item_t * device_p;
00583
rsbac_pid_t * p_list;
00584
rsbac_inode_nr_t * f_list;
00585
rsbac_uid_t * tru_list;
00586
00587
union rsbac_target_id_t rsbac_target_id;
00588
union rsbac_attribute_value_t rsbac_attribute_value;
00589
00590
if (!
rsbac_is_initialized)
00591 {
00592 printk(KERN_WARNING
"mac_trulist_proc_info(): RSBAC not initialized\n");
00593
return(-
RSBAC_ENOTINITIALIZED);
00594 }
00595
#ifdef CONFIG_RSBAC_DEBUG
00596
if (rsbac_debug_aef_mac)
00597 {
00598
#ifdef CONFIG_RSBAC_RMSG
00599
rsbac_printk(KERN_DEBUG
"mac_trulist_proc_info(): calling ADF\n");
00600
#endif
00601
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00602
if (!rsbac_nosyslog)
00603
#endif
00604
printk(KERN_DEBUG
"mac_trulist_proc_info(): calling ADF\n");
00605 }
00606
#endif
00607
rsbac_target_id.
scd =
ST_rsbac;
00608 rsbac_attribute_value.
dummy = 0;
00609
if (!
rsbac_adf_request(R_GET_STATUS_DATA,
00610 current->pid,
00611 T_SCD,
00612 rsbac_target_id,
00613 A_none,
00614 rsbac_attribute_value))
00615 {
00616
return -EPERM;
00617 }
00618
00619 len += sprintf(buffer,
"MAC Trusted User Lists\n---------------------\n");
00620
00621
00622 len += sprintf(buffer + len,
"Process trusted user sets:\nset-id count members");
00623 pos = begin + len;
00624
if (pos < offset)
00625 {
00626 len = 0;
00627 begin = pos;
00628 }
00629
if (pos > offset+length)
00630
goto out;
00631
00632 all_member_count = 0;
00633 count =
rsbac_list_lol_get_all_desc(process_handle,
00634 (
void **) &p_list);
00635
if(count > 0)
00636 {
00637
for(i=0; i<count; i++)
00638 {
00639 member_count =
rsbac_list_lol_get_all_subdesc(process_handle,
00640 &p_list[i],
00641 (
void **) &tru_list);
00642 len += sprintf(buffer + len,
"\n %u\t%u\t",
00643 p_list[i],
00644 member_count);
00645
if(member_count > 0)
00646 {
00647
for(j=0; j<member_count; j++)
00648 {
00649 len += sprintf(buffer + len,
"%u ",
00650 tru_list[j]);
00651 pos = begin + len;
00652
if (pos < offset)
00653 {
00654 len = 0;
00655 begin = pos;
00656 }
00657
if (pos > offset+length)
00658 {
00659
rsbac_vfree(tru_list);
00660
rsbac_vfree(p_list);
00661
goto out;
00662 }
00663 }
00664
rsbac_vfree(tru_list);
00665 all_member_count += member_count;
00666 }
00667 pos = begin + len;
00668
if (pos < offset)
00669 {
00670 len = 0;
00671 begin = pos;
00672 }
00673
if (pos > offset+length)
00674 {
00675
rsbac_vfree(p_list);
00676
goto out;
00677 }
00678 }
00679
rsbac_vfree(p_list);
00680 }
00681 len += sprintf(buffer + len,
"\n%u process trusted user set items, sum of %lu members\n",
00682 count,all_member_count);
00683 pos = begin + len;
00684
if (pos < offset)
00685 {
00686 len = 0;
00687 begin = pos;
00688 }
00689
if (pos > offset+length)
00690
goto out;
00691
00692 len += sprintf(buffer + len,
"\nFile trusted user sets:\nset-id count members");
00693 pos = begin + len;
00694
if (pos < offset)
00695 {
00696 len = 0;
00697 begin = pos;
00698 }
00699
if (pos > offset+length)
00700
goto out;
00701
00702
00703 rsbac_read_lock(&
device_list_head.
lock, &dflags);
00704 device_p =
device_list_head.
head;
00705
while(device_p)
00706 {
00707
00708 all_member_count = 0;
00709
for(list=0 ; list <
RSBAC_MAC_NR_TRU_FD_LISTS; list++)
00710 {
00711 count =
rsbac_list_lol_get_all_desc(device_p->handles[list],
00712 (
void **) &f_list);
00713
if(count > 0)
00714 {
00715
for(i=0; i<count; i++)
00716 {
00717 member_count =
rsbac_list_lol_get_all_subdesc(device_p->handles[list],
00718 &f_list[i],
00719 (
void **) &tru_list);
00720 len += sprintf(buffer + len,
"\n %u\t%u\t",
00721 f_list[i],
00722 member_count);
00723
if(member_count > 0)
00724 {
00725
for(j=0; j<member_count; j++)
00726 {
00727 len += sprintf(buffer + len,
"%u ",
00728 tru_list[j]);
00729 pos = begin + len;
00730
if (pos < offset)
00731 {
00732 len = 0;
00733 begin = pos;
00734 }
00735
if (pos > offset+length)
00736 {
00737
rsbac_vfree(tru_list);
00738
rsbac_vfree(f_list);
00739
goto out_unlock;
00740 }
00741 }
00742
rsbac_vfree(tru_list);
00743 all_member_count += member_count;
00744 }
00745 pos = begin + len;
00746
if (pos < offset)
00747 {
00748 len = 0;
00749 begin = pos;
00750 }
00751
if (pos > offset+length)
00752 {
00753
rsbac_vfree(f_list);
00754
goto out_unlock;
00755 }
00756 }
00757
rsbac_vfree(f_list);
00758 }
00759 }
00760 len += sprintf(buffer + len,
"\ndevice %02u:%02u has %u file trusted user set items, sum of %lu members\n",
00761 RSBAC_MAJOR(device_p->id),
00762 RSBAC_MINOR(device_p->id),
00763 count, all_member_count);
00764 pos = begin + len;
00765
if (pos < offset)
00766 {
00767 len = 0;
00768 begin = pos;
00769 }
00770
if (pos > offset+length)
00771
goto out_unlock;
00772
00773 device_p = device_p->next;
00774 }
00775 out_unlock:
00776
00777 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
00778
00779 out:
00780 *start = buffer + (offset - begin);
00781 len -= (offset - begin);
00782
00783
if (len > length)
00784 len = length;
00785
return len;
00786 }
00787
#endif
00788
00789
00790
00791
00792
00793
00794
00795
00796
00797
00798
00799
00800
00801
00802
00803
00804
#ifdef CONFIG_RSBAC_INIT_DELAY
00805
int rsbac_init_mac(
void)
00806 #
else
00807 int __init
rsbac_init_mac(
void)
00808 #endif
00809 {
00810
int err = 0;
00811
struct rsbac_mac_device_list_item_t * device_p =
NULL;
00812 u_long dflags;
00813
struct proc_dir_entry * tmp_entry_p;
00814
struct rsbac_list_lol_info_t lol_info;
00815
00816
if (
rsbac_is_initialized())
00817 {
00818
#ifdef CONFIG_RSBAC_RMSG
00819
rsbac_printk(KERN_WARNING
"rsbac_init_mac(): RSBAC already initialized\n");
00820
#endif
00821
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00822
if (!rsbac_nosyslog)
00823
#endif
00824
printk(KERN_WARNING
"rsbac_init_mac(): RSBAC already initialized\n");
00825
return(-
RSBAC_EREINIT);
00826 }
00827
00828
00829
#ifdef CONFIG_RSBAC_RMSG
00830
rsbac_printk(KERN_INFO
"rsbac_init_mac(): Initializing RSBAC: MAC subsystem\n");
00831
#endif
00832
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00833
if (!rsbac_nosyslog)
00834
#endif
00835
printk(KERN_INFO
"rsbac_init_mac(): Initializing RSBAC: MAC subsystem\n");
00836
00837 lol_info.
version =
RSBAC_MAC_P_LIST_VERSION;
00838 lol_info.
key =
RSBAC_MAC_LIST_KEY;
00839 lol_info.
desc_size =
sizeof(
rsbac_pid_t);
00840 lol_info.
data_size = 0;
00841 lol_info.
subdesc_size =
sizeof(
rsbac_uid_t);
00842 lol_info.
subdata_size = 0;
00843 lol_info.
max_age = 0;
00844 err =
rsbac_list_lol_register(
RSBAC_LIST_VERSION,
00845 &
process_handle,
00846 &lol_info,
00847
RSBAC_LIST_DEF_DATA,
00848
NULL,
00849
NULL,
00850
NULL,
00851
NULL,
00852
NULL,
00853
NULL,
00854
RSBAC_MAC_P_LIST_NAME,
00855 RSBAC_AUTO_DEV);
00856
if(err)
00857 {
00858
char * tmp =
rsbac_kmalloc(
RSBAC_MAXNAMELEN);
00859
00860
if(tmp)
00861 {
00862
#ifdef CONFIG_RSBAC_RMSG
00863
rsbac_printk(KERN_WARNING
00864
"rsbac_init_mac(): Registering MAC process trusted user list failed with error %s\n",
00865
get_error_name(tmp, err));
00866
#endif
00867
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00868
if (!rsbac_nosyslog)
00869
#endif
00870
printk(KERN_WARNING
00871
"rsbac_init_mac(): Registering MAC process trusted user list failed with error %s\n",
00872
get_error_name(tmp, err));
00873
rsbac_kfree(tmp);
00874 }
00875 }
00876
00877
00878
device_list_head.
lock = RW_LOCK_UNLOCKED;
00879
device_list_head.
head =
NULL;
00880
device_list_head.
tail =
NULL;
00881
device_list_head.
curr =
NULL;
00882
device_list_head.
count = 0;
00883
00884
00885
#ifdef CONFIG_RSBAC_DEBUG
00886
if (rsbac_debug_ds_mac)
00887 {
00888
#ifdef CONFIG_RSBAC_RMSG
00889
rsbac_printk(KERN_INFO
"rsbac_init_mac(): Registering FD lists\n");
00890
#endif
00891
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00892
if (!rsbac_nosyslog)
00893
#endif
00894
printk(KERN_INFO
"rsbac_init_mac(): Registering FD lists\n");
00895 }
00896
#endif
00897
device_p =
create_device_item(
rsbac_root_dev);
00898
if (!device_p)
00899 {
00900
#ifdef CONFIG_RSBAC_RMSG
00901
rsbac_printk(KERN_CRIT
"rsbac_init_mac(): Could not add device!\n");
00902
#endif
00903
printk(KERN_CRIT
"rsbac_init_mac(): Could not add device!\n");
00904
return(-
RSBAC_ECOULDNOTADDDEVICE);
00905 }
00906
if((err =
mac_register_fd_lists(device_p,
rsbac_root_dev)))
00907 {
00908
char tmp[
RSBAC_MAXNAMELEN];
00909
00910
#ifdef CONFIG_RSBAC_RMSG
00911
rsbac_printk(KERN_WARNING
00912
"rsbac_init_mac(): File/Dir trusted user set registration failed for dev %02u:%02u, err %s!\n",
00913 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev),
get_error_name(tmp,err));
00914
#endif
00915
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00916
if (!rsbac_nosyslog)
00917
#endif
00918
printk(KERN_WARNING
00919
"rsbac_init_mac(): File/Dir trusted user set registration failed for dev %02u:%02u, err %s!\n",
00920 RSBAC_MAJOR(
rsbac_root_dev), RSBAC_MINOR(
rsbac_root_dev),
get_error_name(tmp,err));
00921 }
00922
00923 rsbac_write_lock_irq(&
device_list_head.
lock, &dflags);
00924 device_p =
add_device_item(device_p);
00925
00926 rsbac_write_unlock_irq(&
device_list_head.
lock, &dflags);
00927
if (!device_p)
00928 {
00929
#ifdef CONFIG_RSBAC_RMSG
00930
rsbac_printk(KERN_CRIT
"rsbac_init_mac(): Could not add device!\n");
00931
#endif
00932
printk(KERN_CRIT
"rsbac_init_mac(): Could not add device!\n");
00933
return(-
RSBAC_ECOULDNOTADDDEVICE);
00934 }
00935
00936
#if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00937
tmp_entry_p = create_proc_entry(
"mac_devices",
00938 S_IFREG | S_IRUGO | S_IWUGO,
00939
proc_rsbac_root_p);
00940
if(tmp_entry_p)
00941 {
00942 tmp_entry_p->get_info = mac_devices_proc_info;
00943 }
00944 tmp_entry_p = create_proc_entry(
"stats_mac",
00945 S_IFREG | S_IRUGO,
00946
proc_rsbac_root_p);
00947
if(tmp_entry_p)
00948 {
00949 tmp_entry_p->get_info = stats_mac_proc_info;
00950 }
00951 tmp_entry_p = create_proc_entry(
"mac_trusted",
00952 S_IFREG | S_IRUGO,
00953
proc_rsbac_root_p);
00954
if(tmp_entry_p)
00955 {
00956 tmp_entry_p->get_info = mac_trulist_proc_info;
00957 }
00958
#endif
00959
00960
#ifdef CONFIG_RSBAC_DEBUG
00961
if (rsbac_debug_ds_mac)
00962 {
00963
#ifdef CONFIG_RSBAC_RMSG
00964
rsbac_printk(KERN_DEBUG
"rsbac_init_mac(): Ready.\n");
00965
#endif
00966
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00967
if (!rsbac_nosyslog)
00968
#endif
00969
printk(KERN_DEBUG
"rsbac_init_mac(): Ready.\n");
00970 }
00971
#endif
00972
return(err);
00973 };
00974
00975 int rsbac_mount_mac(kdev_t kdev)
00976 {
00977
int err = 0;
00978
struct rsbac_mac_device_list_item_t * device_p;
00979
struct rsbac_mac_device_list_item_t * new_device_p;
00980 u_long dflags;
00981
00982
if (!
rsbac_is_initialized())
00983 {
00984
#ifdef CONFIG_RSBAC_RMSG
00985
rsbac_printk(KERN_WARNING
"rsbac_mount_mac(): RSBAC not initialized\n");
00986
#endif
00987
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00988
if (!rsbac_nosyslog)
00989
#endif
00990
printk(KERN_WARNING
"rsbac_mount_mac(): RSBAC not initialized\n");
00991
return(-
RSBAC_ENOTINITIALIZED);
00992 }
00993
#ifdef CONFIG_RSBAC_DEBUG
00994
if (rsbac_debug_ds_mac)
00995 {
00996
#ifdef CONFIG_RSBAC_RMSG
00997
rsbac_printk(KERN_DEBUG
"rsbac_mount_mac(): mounting device %02u:%02u\n",
00998 RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
00999
#endif
01000
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01001
if (!rsbac_nosyslog)
01002
#endif
01003
printk(KERN_DEBUG
"rsbac_mount_mac(): mounting device %02u:%02u\n",
01004 RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
01005 }
01006
#endif
01007
01008 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01009 device_p =
lookup_device(kdev);
01010
01011
if(device_p)
01012 {
01013
#ifdef CONFIG_RSBAC_RMSG
01014
rsbac_printk(KERN_WARNING
"rsbac_mount_mac: repeated mount %u of device %02u:%02u\n",
01015 device_p->mount_count, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01016
#endif
01017
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01018
if (!rsbac_nosyslog)
01019
#endif
01020
printk(KERN_WARNING
"rsbac_mount_mac: repeated mount %u of device %02u:%02u\n",
01021 device_p->mount_count, RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01022 device_p->mount_count++;
01023 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01024
return 0;
01025 }
01026 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01027
01028 new_device_p =
create_device_item(kdev);
01029
if(!new_device_p)
01030
return -
RSBAC_ECOULDNOTADDDEVICE;
01031
01032
01033
if((err =
mac_register_fd_lists(new_device_p, kdev)))
01034 {
01035
char tmp[
RSBAC_MAXNAMELEN];
01036
01037
#ifdef CONFIG_RSBAC_RMSG
01038
rsbac_printk(KERN_WARNING
01039
"rsbac_mount_mac(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
01040 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev),
get_error_name(tmp,err));
01041
#endif
01042
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01043
if (!rsbac_nosyslog)
01044
#endif
01045
printk(KERN_WARNING
01046
"rsbac_mount_mac(): File/Dir ACL registration failed for dev %02u:%02u, err %s!\n",
01047 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev),
get_error_name(tmp,err));
01048 }
01049
01050
01051 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01052
01053 device_p =
lookup_device(kdev);
01054
if(device_p)
01055 {
01056
#ifdef CONFIG_RSBAC_RMSG
01057
rsbac_printk(KERN_WARNING
01058
"rsbac_mount_mac(): mount race for device %02u:%02u detected!\n",
01059 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01060
#endif
01061
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01062
if (!rsbac_nosyslog)
01063
#endif
01064
printk(KERN_WARNING
01065
"rsbac_mount_mac(): mount race for device %02u:%02u detected!\n",
01066 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01067 device_p->mount_count++;
01068 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01069
clear_device_item(new_device_p);
01070 }
01071
else
01072 {
01073 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01074 rsbac_write_lock_irq(&
device_list_head.
lock, &dflags);
01075 device_p =
add_device_item(new_device_p);
01076 rsbac_write_unlock_irq(&
device_list_head.
lock, &dflags);
01077
if(!device_p)
01078 {
01079
#ifdef CONFIG_RSBAC_RMSG
01080
rsbac_printk(KERN_WARNING
"rsbac_mount_mac: adding device %02u:%02u failed!\n",
01081 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01082
#endif
01083
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01084
if (!rsbac_nosyslog)
01085
#endif
01086
printk(KERN_WARNING
"rsbac_mount_mac: adding device %02u:%02u failed!\n",
01087 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01088
clear_device_item(new_device_p);
01089 err = -
RSBAC_ECOULDNOTADDDEVICE;
01090 }
01091 }
01092
return(err);
01093 };
01094
01095
01096
01097 int rsbac_umount_mac(kdev_t kdev)
01098 {
01099 u_long flags;
01100
struct rsbac_mac_device_list_item_t * device_p;
01101
01102
if (!
rsbac_is_initialized())
01103 {
01104
#ifdef CONFIG_RSBAC_RMSG
01105
rsbac_printk(KERN_WARNING
"rsbac_umount(): RSBAC not initialized\n");
01106
#endif
01107
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01108
if (!rsbac_nosyslog)
01109
#endif
01110
printk(KERN_WARNING
"rsbac_umount(): RSBAC not initialized\n");
01111
return(-
RSBAC_ENOTINITIALIZED);
01112 }
01113
01114
#ifdef CONFIG_RSBAC_DEBUG
01115
if (rsbac_debug_ds_mac)
01116 {
01117
#ifdef CONFIG_RSBAC_RMSG
01118
rsbac_printk(KERN_DEBUG
"rsbac_umount_mac(): umounting device %02u:%02u\n",
01119 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01120
#endif
01121
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01122
if (!rsbac_nosyslog)
01123
#endif
01124
printk(KERN_DEBUG
"rsbac_umount_mac(): umounting device %02u:%02u\n",
01125 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01126 }
01127
#endif
01128
01129
01130 rsbac_write_lock(&
device_list_head.
lock, &flags);
01131
01132 device_p =
lookup_device(kdev);
01133
if(device_p)
01134 {
01135
if(device_p->mount_count == 1)
01136
remove_device_item(kdev);
01137
else
01138 {
01139
if(device_p->mount_count > 1)
01140 {
01141 device_p->mount_count--;
01142 }
01143
else
01144 {
01145
#ifdef CONFIG_RSBAC_RMSG
01146
rsbac_printk(KERN_WARNING
"rsbac_mount_mac: device %02u:%02u has mount_count < 1!\n",
01147 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01148
#endif
01149
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01150
if (!rsbac_nosyslog)
01151
#endif
01152
printk(KERN_WARNING
"rsbac_mount_mac: device %02u:%02u has mount_count < 1!\n",
01153 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
01154 }
01155 }
01156 }
01157
01158
01159 rsbac_write_unlock(&
device_list_head.
lock, &flags);
01160
return(0);
01161 };
01162
01163
01164
01165
01166 int rsbac_stats_mac(
void)
01167 {
01168 u_int tru_set_count = 0;
01169 u_int member_count = 0;
01170 u_long dflags;
01171
struct rsbac_mac_device_list_item_t * device_p;
01172
int i;
01173
01174
union rsbac_target_id_t rsbac_target_id;
01175
union rsbac_attribute_value_t rsbac_attribute_value;
01176
01177
if (!
rsbac_is_initialized)
01178 {
01179
#ifdef CONFIG_RSBAC_RMSG
01180
rsbac_printk(KERN_WARNING
"rsbac_stats_mac(): RSBAC not initialized\n");
01181
#endif
01182
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01183
if (!rsbac_nosyslog)
01184
#endif
01185
printk(KERN_WARNING
"rsbac_stats_mac(): RSBAC not initialized\n");
01186
return(-
RSBAC_ENOTINITIALIZED);
01187 }
01188
#ifdef CONFIG_RSBAC_DEBUG
01189
if (rsbac_debug_aef_mac)
01190 {
01191
#ifdef CONFIG_RSBAC_RMSG
01192
rsbac_printk(KERN_DEBUG
"rsbac_stats_mac(): calling ADF\n");
01193
#endif
01194
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01195
if (!rsbac_nosyslog)
01196
#endif
01197
printk(KERN_DEBUG
"rsbac_stats_mac(): calling ADF\n");
01198 }
01199
#endif
01200
rsbac_target_id.
scd =
ST_rsbac;
01201 rsbac_attribute_value.
dummy = 0;
01202
if (!
rsbac_adf_request(
R_GET_STATUS_DATA,
01203 current->pid,
01204
T_SCD,
01205 rsbac_target_id,
01206
A_none,
01207 rsbac_attribute_value))
01208 {
01209
return -EPERM;
01210 }
01211
01212 printk(KERN_INFO
"MAC Status\n----------\n");
01213
01214 printk(KERN_INFO
"%lu process trusted user set items, sum of %lu members\n",
01215
rsbac_list_lol_count(
process_handle),
01216
rsbac_list_lol_all_subcount(
process_handle));
01217
01218
01219 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01220 device_p =
device_list_head.
head;
01221
while(device_p)
01222 {
01223
01224 tru_set_count = 0;
01225 member_count = 0;
01226
for(i=0 ; i <
RSBAC_MAC_NR_TRU_FD_LISTS; i++)
01227 {
01228 tru_set_count +=
rsbac_list_lol_count(device_p->handles[i]);
01229 member_count +=
rsbac_list_lol_all_subcount(device_p->handles[i]);
01230 }
01231 printk(KERN_INFO
"device %02u:%02u has %u file trusted user set items, sum of %u members\n",
01232 RSBAC_MAJOR(device_p->id),
01233 RSBAC_MINOR(device_p->id),
01234 tru_set_count,member_count);
01235 device_p = device_p->next;
01236 }
01237
01238 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01239
return(0);
01240 };
01241
01242
01243
01244
01245 int rsbac_check_mac(
int correct,
int check_inode)
01246 {
01247
struct rsbac_mac_device_list_item_t * device_p;
01248 u_long f_count = 0, f_sum = 0, tmp_count,
01249 r_count, u_count, b_count, no_member_count;
01250
long desc_count;
01251 u_int i,list_no;
01252 u_long dflags;
01253
struct super_block * sb_p;
01254
struct inode * inode_p;
01255
rsbac_inode_nr_t * fd_desc_p;
01256
01257
if (!
rsbac_is_initialized())
01258 {
01259
#ifdef CONFIG_RSBAC_RMSG
01260
rsbac_printk(KERN_WARNING
"rsbac_check_mac(): RSBAC not initialized\n");
01261
#endif
01262
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01263
if (!rsbac_nosyslog)
01264
#endif
01265
printk(KERN_WARNING
"rsbac_check_mac(): RSBAC not initialized\n");
01266
return(-
RSBAC_ENOTINITIALIZED);
01267 }
01268
01269
01270 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01271
01272
01273
01274 device_p =
device_list_head.
head;
01275
while (device_p)
01276 {
01277 f_count = 0;
01278 r_count = 0;
01279 u_count = 0;
01280 b_count = 0;
01281 no_member_count = 0;
01282
if(check_inode)
01283 {
01284 sb_p =
rsbac_get_super_block(device_p->id);
01285
if(!sb_p)
01286 {
01287
#ifdef CONFIG_RSBAC_RMSG
01288
rsbac_printk(KERN_WARNING
"rsbac_check_mac(): no super block for device %02u:%02u!\n",
01289 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
01290
#endif
01291
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01292
if (!rsbac_nosyslog)
01293
#endif
01294
printk(KERN_WARNING
"rsbac_check_mac(): no super block for device %02u:%02u!\n",
01295 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
01296 }
01297 }
01298
else
01299 sb_p =
NULL;
01300
01301
01302
for(list_no = 0; list_no <
RSBAC_MAC_NR_TRU_FD_LISTS; list_no++)
01303 {
01304
01305
01306 tmp_count = 0;
01307 desc_count =
rsbac_list_lol_get_all_desc(device_p->handles[list_no], (
void **) &fd_desc_p);
01308
if(desc_count > 0)
01309 {
01310
for(i=0; i<desc_count; i++)
01311 {
01312
01313
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
01314
if(sb_p)
01315
#else
01316
if(sb_p && !sb_p->s_op->read_inode2)
01317
#endif
01318
{
01319 inode_p = iget(sb_p, fd_desc_p[i]);
01320
if(is_bad_inode(inode_p))
01321 {
01322 b_count++;
01323
if(correct)
01324 {
01325
#ifdef CONFIG_RSBAC_RMSG
01326
rsbac_printk(KERN_INFO
01327
"rsbac_check_mac(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
01328 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01329
#endif
01330
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01331
if (!rsbac_nosyslog)
01332
#endif
01333
printk(KERN_INFO
01334
"rsbac_check_mac(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
01335 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01336
rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
01337
continue;
01338 }
01339
else
01340 {
01341
#ifdef CONFIG_RSBAC_RMSG
01342
rsbac_printk(KERN_INFO
01343
"rsbac_check_mac(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
01344 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01345
#endif
01346
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01347
if (!rsbac_nosyslog)
01348
#endif
01349
printk(KERN_INFO
01350
"rsbac_check_mac(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
01351 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01352 }
01353 }
01354
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
01355
else
01356 {
01357
01358
if(sb_p->s_magic == EXT2_SUPER_MAGIC)
01359 {
01360
if(inode_p->u.ext2_i.i_dtime)
01361 {
01362 r_count++;
01363
if(correct)
01364 {
01365
#ifdef CONFIG_RSBAC_RMSG
01366
rsbac_printk(KERN_INFO
01367
"rsbac_check_mac(): fd_item for deleted inode %u on device %02u:%02u, list %u, removing!\n",
01368 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01369
#endif
01370
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01371
if (!rsbac_nosyslog)
01372
#endif
01373
printk(KERN_INFO
01374
"rsbac_check_mac(): fd_item for deleted inode %u on device %02u:%02u, list %u, removing!\n",
01375 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01376
rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
01377
continue;
01378 }
01379
else
01380 {
01381
#ifdef CONFIG_RSBAC_RMSG
01382
rsbac_printk(KERN_INFO
01383
"rsbac_check_mac(): fd_item for deleted inode %u on device %02u:%02u, list %u!\n",
01384 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01385
#endif
01386
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01387
if (!rsbac_nosyslog)
01388
#endif
01389
printk(KERN_INFO
01390
"rsbac_check_mac(): fd_item for deleted inode %u on device %02u:%02u, list %u!\n",
01391 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01392 }
01393 }
01394
else
01395 {
01396
if(inode_p->i_nlink <= 0)
01397 {
01398 u_count++;
01399
if(correct >= 2)
01400 {
01401
#ifdef CONFIG_RSBAC_RMSG
01402
rsbac_printk(KERN_INFO
01403
"rsbac_check_mac(): fd_item for inode %u with nlink <= 0 on device %02u:%02u, list %u, removing!\n",
01404 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01405
#endif
01406
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01407
if (!rsbac_nosyslog)
01408
#endif
01409
printk(KERN_INFO
01410
"rsbac_check_mac(): fd_item for inode %u with nlink <= 0 on device %02u:%02u, list %u, removing!\n",
01411 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01412
rsbac_list_lol_remove(device_p->handles[list_no], &fd_desc_p[i]);
01413
continue;
01414 }
01415
else
01416 {
01417
#ifdef CONFIG_RSBAC_RMSG
01418
rsbac_printk(KERN_INFO
01419
"rsbac_check_mac(): deleted inode %u on device %02u:%02u, list %u, has no dtime!\n",
01420 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01421
#endif
01422
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01423
if (!rsbac_nosyslog)
01424
#endif
01425
printk(KERN_INFO
01426
"rsbac_check_mac(): deleted inode %u on device %02u:%02u, list %u, has no dtime!\n",
01427 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
01428 }
01429 }
01430 }
01431 }
01432 }
01433
#endif
01434 iput(inode_p);
01435 }
01436 }
01437 tmp_count++;
01438
rsbac_vfree(fd_desc_p);
01439 f_count += desc_count;
01440 }
01441 }
01442
01443
switch(correct)
01444 {
01445
case 2:
01446
#ifdef CONFIG_RSBAC_RMSG
01447
rsbac_printk(KERN_INFO
01448
"rsbac_check_mac(): Device %02u:%02u has %lu file/dir trusted user sets (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu unlinked inodes, %lu had no members and default mask))\n",
01449 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + u_count + no_member_count,
01450 b_count, r_count, u_count, no_member_count);
01451
#endif
01452
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01453
if (!rsbac_nosyslog)
01454
#endif
01455
printk(KERN_INFO
01456
"rsbac_check_mac(): Device %02u:%02u has %lu file/dir trusted user sets (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu unlinked inodes, %lu had no members and default mask))\n",
01457 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + u_count + no_member_count,
01458 b_count, r_count, u_count, no_member_count);
01459
break;
01460
case 1:
01461
#ifdef CONFIG_RSBAC_RMSG
01462
rsbac_printk(KERN_INFO
01463
"rsbac_check_mac(): Device %02u:%02u has %lu file/dir trusted user sets (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu had no members and default mask), %lu unlinked inodes)\n",
01464 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + no_member_count,
01465 b_count, r_count, no_member_count, u_count);
01466
#endif
01467
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01468
if (!rsbac_nosyslog)
01469
#endif
01470
printk(KERN_INFO
01471
"rsbac_check_mac(): Device %02u:%02u has %lu file/dir trusted user sets (%lu removed (%lu bad inodes, %lu dtimed inodes, %lu had no members and default mask), %lu unlinked inodes)\n",
01472 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count, b_count + r_count + no_member_count,
01473 b_count, r_count, no_member_count, u_count);
01474
break;
01475
default:
01476
#ifdef CONFIG_RSBAC_RMSG
01477
rsbac_printk(KERN_INFO
01478
"rsbac_check_mac(): Device %02u:%02u has %lu file/dir trusted user sets (%lu with bad inodes, %lu with dtimed inodes, %lu unlinked inodes, %lu without members and with default mask)\n",
01479 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count,
01480 b_count, r_count, u_count, no_member_count);
01481
#endif
01482
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01483
if (!rsbac_nosyslog)
01484
#endif
01485
printk(KERN_INFO
01486
"rsbac_check_mac(): Device %02u:%02u has %lu file/dir trusted user sets (%lu with bad inodes, %lu with dtimed inodes, %lu unlinked inodes, %lu without members and with default mask)\n",
01487 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), f_count,
01488 b_count, r_count, u_count, no_member_count);
01489 }
01490 f_sum += f_count;
01491
01492 device_p = device_p->next;
01493 }
01494
#ifdef CONFIG_RSBAC_RMSG
01495
rsbac_printk(KERN_INFO
"rsbac_check_mac(): Sum of %u Devices with %lu file/dir trusted user sets\n",
01496
device_list_head.
count, f_sum);
01497
#endif
01498
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01499
if (!rsbac_nosyslog)
01500
#endif
01501
printk(KERN_INFO
"rsbac_check_mac(): Sum of %u Devices with %lu file/dir trusted user sets\n",
01502
device_list_head.
count, f_sum);
01503
01504 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01505
01506
#ifdef CONFIG_RSBAC_RMSG
01507
rsbac_printk(KERN_INFO
01508
"rsbac_check_mac(): Total of %lu registered mac items\n",
01509 f_sum);
01510
#endif
01511
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01512
if (!rsbac_nosyslog)
01513
#endif
01514
printk(KERN_INFO
01515
"rsbac_check_mac(): Total of %lu registered mac items\n",
01516 f_sum);
01517
return(0);
01518 };
01519
01520
01521
01522
01523
01524
01525
01526
01527
01528
01529
01530
01531
01532 int rsbac_mac_add_to_p_truset(
rsbac_pid_t pid,
01533
rsbac_uid_t member,
01534
rsbac_time_t ttl)
01535 {
01536
if (!
rsbac_is_initialized())
01537 {
01538 printk(KERN_WARNING
"rsbac_mac_add_to_p_truset(): RSBAC not initialized\n");
01539
return(-
RSBAC_ENOTINITIALIZED);
01540 }
01541
if (in_interrupt())
01542 {
01543 printk(KERN_WARNING
"rsbac_mac_add_to_p_truset(): called from interrupt!\n");
01544 }
01545
return rsbac_list_lol_subadd_ttl(
process_handle, ttl, &pid, &member,
NULL);
01546 }
01547
01548 int rsbac_mac_add_to_f_truset(
rsbac_mac_file_t file,
01549
rsbac_uid_t member,
01550
rsbac_time_t ttl)
01551 {
01552
int err=0;
01553 u_long dflags;
01554
struct rsbac_mac_device_list_item_t * device_p;
01555
01556
if (!
rsbac_is_initialized())
01557 {
01558 printk(KERN_WARNING
"rsbac_mac_add_to_f_truset(): RSBAC not initialized\n");
01559
return(-
RSBAC_ENOTINITIALIZED);
01560 }
01561
if (in_interrupt())
01562 {
01563 printk(KERN_WARNING
"rsbac_mac_add_to_f_truset(): called from interrupt!\n");
01564 }
01565
01566
01567 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01568 device_p =
lookup_device(file.device);
01569
if(!device_p)
01570 {
01571
01572 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01573
rsbac_get_super_block(file.device);
01574
01575 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01576 device_p =
lookup_device(file.device);
01577
if(!device_p)
01578 {
01579
#ifdef CONFIG_RSBAC_RMSG
01580
rsbac_printk(KERN_WARNING
"rsbac_mac_add_to_f_truset(): invalid device %02u:%02u!\n",
01581 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01582
#endif
01583
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01584
if (!rsbac_nosyslog)
01585
#endif
01586
printk(KERN_WARNING
"rsbac_mac_add_to_f_truset(): invalid device %02u:%02u!\n",
01587 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01588 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01589
return(-
RSBAC_EINVALIDDEV);
01590 }
01591 }
01592
01593 err =
rsbac_list_lol_subadd_ttl(device_p->handles[
fd_hash(file.inode)],
01594 ttl, &file.inode, &member,
NULL);
01595 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01596
return(err);
01597 }
01598
01599
01600
01601
01602
01603 int rsbac_mac_remove_from_p_truset(
rsbac_pid_t pid,
01604
rsbac_uid_t member)
01605 {
01606
if (!
rsbac_is_initialized())
01607 {
01608 printk(KERN_WARNING
"rsbac_mac_remove_from_p_truset(): RSBAC not initialized\n");
01609
return(-
RSBAC_ENOTINITIALIZED);
01610 }
01611
if (in_interrupt())
01612 {
01613 printk(KERN_WARNING
"rsbac_mac_remove_from_p_truset(): called from interrupt!\n");
01614 }
01615
return rsbac_list_lol_subremove(
process_handle, &pid, &member);
01616 }
01617
01618 int rsbac_mac_remove_from_f_truset(
rsbac_mac_file_t file,
01619
rsbac_uid_t member)
01620 {
01621
int err=0;
01622 u_long dflags;
01623
struct rsbac_mac_device_list_item_t * device_p;
01624
01625
if (!
rsbac_is_initialized())
01626 {
01627 printk(KERN_WARNING
"rsbac_mac_remove_from_f_truset(): RSBAC not initialized\n");
01628
return(-
RSBAC_ENOTINITIALIZED);
01629 }
01630
if (in_interrupt())
01631 {
01632 printk(KERN_WARNING
"rsbac_mac_remove_from_f_truset(): called from interrupt!\n");
01633 }
01634
01635
01636 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01637 device_p =
lookup_device(file.device);
01638
if(!device_p)
01639 {
01640
01641 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01642
rsbac_get_super_block(file.device);
01643
01644 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01645 device_p =
lookup_device(file.device);
01646
if(!device_p)
01647 {
01648
#ifdef CONFIG_RSBAC_RMSG
01649
rsbac_printk(KERN_WARNING
"rsbac_mac_remove_from_f_truset(): invalid device %02u:%02u!\n",
01650 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01651
#endif
01652
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01653
if (!rsbac_nosyslog)
01654
#endif
01655
printk(KERN_WARNING
"rsbac_mac_remove_from_f_truset(): invalid device %02u:%02u!\n",
01656 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01657 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01658
return(-
RSBAC_EINVALIDDEV);
01659 }
01660 }
01661 err =
rsbac_list_lol_subremove(device_p->handles[
fd_hash(file.inode)],
01662 &file.inode,
01663 &member);
01664 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01665
return(err);
01666 }
01667
01668
01669
01670
01671
01672 int rsbac_mac_clear_p_truset(
rsbac_pid_t pid)
01673 {
01674
if (!
rsbac_is_initialized())
01675 {
01676 printk(KERN_WARNING
"rsbac_mac_clear_p_truset(): RSBAC not initialized\n");
01677
return(-
RSBAC_ENOTINITIALIZED);
01678 }
01679
if (in_interrupt())
01680 {
01681 printk(KERN_WARNING
"rsbac_mac_clear_p_truset(): called from interrupt!\n");
01682 }
01683
return rsbac_list_lol_remove(
process_handle, &pid);
01684 }
01685
01686 int rsbac_mac_clear_f_truset(
rsbac_mac_file_t file)
01687 {
01688
int err=0;
01689 u_long dflags;
01690
struct rsbac_mac_device_list_item_t * device_p;
01691
01692
if (!
rsbac_is_initialized())
01693 {
01694 printk(KERN_WARNING
"rsbac_mac_clear_f_truset(): RSBAC not initialized\n");
01695
return(-
RSBAC_ENOTINITIALIZED);
01696 }
01697
if (in_interrupt())
01698 {
01699 printk(KERN_WARNING
"rsbac_mac_clear_f_truset(): called from interrupt!\n");
01700 }
01701
01702 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01703 device_p =
lookup_device(file.device);
01704
if(!device_p)
01705 {
01706
01707 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01708
rsbac_get_super_block(file.device);
01709
01710 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01711 device_p =
lookup_device(file.device);
01712
if(!device_p)
01713 {
01714
#ifdef CONFIG_RSBAC_RMSG
01715
rsbac_printk(KERN_WARNING
"rsbac_mac_clear_f_truset(): invalid device %02u:%02u!\n",
01716 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01717
#endif
01718
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01719
if (!rsbac_nosyslog)
01720
#endif
01721
printk(KERN_WARNING
"rsbac_mac_clear_f_truset(): invalid device %02u:%02u!\n",
01722 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01723 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01724
return(-
RSBAC_EINVALIDDEV);
01725 }
01726 }
01727 err =
rsbac_list_lol_remove(device_p->handles[
fd_hash(file.inode)], &file.inode);
01728 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01729
return(err);
01730 }
01731
01732
01733
01734
01735 boolean rsbac_mac_p_truset_member(
rsbac_pid_t pid,
01736
rsbac_uid_t member)
01737 {
01738
if (!
rsbac_is_initialized())
01739 {
01740 printk(KERN_WARNING
"rsbac_mac_p_truset_member(): RSBAC not initialized\n");
01741
return FALSE;
01742 }
01743
if (in_interrupt())
01744 {
01745 printk(KERN_WARNING
"rsbac_mac_p_truset_member(): called from interrupt!\n");
01746 }
01747
if(
rsbac_list_lol_subexist(
process_handle, &pid, &member))
01748
return TRUE;
01749 member =
RSBAC_ALL_USERS;
01750
return rsbac_list_lol_subexist(
process_handle, &pid, &member);
01751 }
01752
01753
01754
01755
01756
01757 int rsbac_mac_remove_p_trusets(
rsbac_pid_t pid)
01758 {
01759
return rsbac_mac_clear_p_truset(pid);
01760 }
01761
01762 int rsbac_mac_remove_f_trusets(
rsbac_mac_file_t file)
01763 {
01764
return rsbac_mac_clear_f_truset(file);
01765 }
01766
01767 int rsbac_mac_copy_fp_truset(
rsbac_mac_file_t file,
01768
rsbac_pid_t p_tru_set_id)
01769 {
01770 u_long dflags;
01771
struct rsbac_mac_device_list_item_t * device_p;
01772
int err=0;
01773
01774
if (!
rsbac_is_initialized)
01775 {
01776 printk(KERN_WARNING
"rsbac_mac_copy_fp_truset(): RSBAC not initialized\n");
01777
return(-
RSBAC_ENOTINITIALIZED);
01778 }
01779
if (in_interrupt())
01780 {
01781 printk(KERN_WARNING
"rsbac_mac_copy_fp_truset(): called from interrupt!\n");
01782 }
01783
01784
01785
01786
01787
01788
01789
01790
01791 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01792 device_p =
lookup_device(file.device);
01793
if(!device_p)
01794 {
01795
01796 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01797
rsbac_get_super_block(file.device);
01798
01799 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01800 device_p =
lookup_device(file.device);
01801
if(!device_p)
01802 {
01803
#ifdef CONFIG_RSBAC_RMSG
01804
rsbac_printk(KERN_WARNING
"rsbac_mac_copy_fp_truset(): invalid device %02u:%02u!\n",
01805 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01806
#endif
01807
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01808
if (!rsbac_nosyslog)
01809
#endif
01810
printk(KERN_WARNING
"rsbac_mac_copy_fp_truset(): invalid device %02u:%02u!\n",
01811 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01812 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01813
return(-
RSBAC_EINVALIDDEV);
01814 }
01815 }
01816
01817 err =
copy_fp_tru_set_item(device_p,file,p_tru_set_id);
01818 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01819
return(err);
01820 }
01821
01822 int rsbac_mac_copy_pp_truset(
rsbac_pid_t old_p_set_id,
01823
rsbac_pid_t new_p_set_id)
01824 {
01825
if (!
rsbac_is_initialized)
01826 {
01827 printk(KERN_WARNING
"rsbac_mac_copy_pp_truset(): RSBAC not initialized\n");
01828
return(-
RSBAC_ENOTINITIALIZED);
01829 }
01830
if (in_interrupt())
01831 {
01832 printk(KERN_WARNING
"rsbac_mac_copy_pp_truset(): called from interrupt!\n");
01833 }
01834
01835
01836
01837
01838
01839
01840
01841
01842
return copy_pp_tru_set_item(old_p_set_id,new_p_set_id);
01843 }
01844
01845 int rsbac_mac_get_f_trulist(
rsbac_mac_file_t file,
01846
rsbac_uid_t **trulist_p,
01847
rsbac_time_t **ttllist_p)
01848 {
01849 u_long dflags;
01850
struct rsbac_mac_device_list_item_t * device_p;
01851
long count;
01852
01853
if (!
rsbac_is_initialized)
01854 {
01855 printk(KERN_WARNING
"rsbac_mac_get_f_trulist(): RSBAC not initialized\n");
01856
return(-
RSBAC_ENOTINITIALIZED);
01857 }
01858
if (in_interrupt())
01859 {
01860 printk(KERN_WARNING
"rsbac_mac_get_f_trulist(): called from interrupt!\n");
01861 }
01862
01863
01864
01865
01866
01867
01868
01869
01870 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01871 device_p =
lookup_device(file.device);
01872
if(!device_p)
01873 {
01874
01875 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01876
rsbac_get_super_block(file.device);
01877
01878 rsbac_read_lock(&
device_list_head.
lock, &dflags);
01879 device_p =
lookup_device(file.device);
01880
if(!device_p)
01881 {
01882
#ifdef CONFIG_RSBAC_RMSG
01883
rsbac_printk(KERN_WARNING
"rsbac_mac_get_f_trulist(): invalid device %02u:%02u!\n",
01884 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01885
#endif
01886
#ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01887
if (!rsbac_nosyslog)
01888
#endif
01889
printk(KERN_WARNING
"rsbac_mac_get_f_trulist(): invalid device %02u:%02u!\n",
01890 RSBAC_MAJOR(file.device),RSBAC_MINOR(file.device));
01891 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01892
return(-
RSBAC_EINVALIDDEV);
01893 }
01894 }
01895 count =
rsbac_list_lol_get_all_subdesc_ttl(device_p->handles[
fd_hash(file.inode)],
01896 &file.inode,
01897 (
void **) trulist_p,
01898 ttllist_p);
01899 rsbac_read_unlock(&
device_list_head.
lock, &dflags);
01900
return(count);
01901 }
01902
01903 int rsbac_mac_get_p_trulist(
rsbac_pid_t pid,
01904
rsbac_uid_t **trulist_p,
01905
rsbac_time_t **ttllist_p)
01906 {
01907
if (!
rsbac_is_initialized)
01908 {
01909 printk(KERN_WARNING
"rsbac_mac_get_p_trulist(): RSBAC not initialized\n");
01910
return(-
RSBAC_ENOTINITIALIZED);
01911 }
01912
if (in_interrupt())
01913 {
01914 printk(KERN_WARNING
"rsbac_mac_get_p_trulist(): called from interrupt!\n");
01915 }
01916
01917
01918
01919
01920
01921
01922
01923
return rsbac_list_lol_get_all_subdesc_ttl(
process_handle,
01924 &pid,
01925 (
void **) trulist_p,
01926 ttllist_p);
01927 }
01928
01929